1965 files changed, 289708 insertions, 146516 deletions

diff --git a/.cvsignore b/.cvsignore
new file mode 100644
index 0000000000..a01eb86196
--- /dev/null
+++ b/.cvsignore
@@ -0,0 +1,16 @@
+openssl.pc
+Makefile.ssl
+MINFO
+makefile.one
+tmp
+out
+outinc
+rehash.time
+testlog
+make.log
+maketest.log
+cctest
+cctest.c
+cctest.a
+libcrypto.so.*
+libssl.so.*
diff --git a/CHANGES b/CHANGES
new file mode 100644
index 0000000000..8d47c0e171
--- /dev/null
+++ b/CHANGES
@@ -0,0 +1,6547 @@
+
+ OpenSSL CHANGES
+ _______________
+
+ Changes between 0.9.7 and 0.9.8  [xx XXX 2002]
+
+  *) Add the ASN.1 structures and functions for CertificatePair, which
+     is defined as follows (according to X.509_4thEditionDraftV6.pdf):
+
+     CertificatePair ::= SEQUENCE {
+	forward		[0]	Certificate OPTIONAL,
+	reverse		[1]	Certificate OPTIONAL,
+	-- at least one of the pair shall be present -- }
+
+     Also implement the PEM functions to read and write certificate
+     pairs, and defined the PEM tag as "CERTIFICATE PAIR".
+
+     This needed to be defined, mostly for the sake of the LDAP
+     attribute crossCertificatePair, but may prove useful elsewhere as
+     well.
+     [Richard Levitte]
+
+  *) Make it possible to inhibit symlinking of shared libraries in
+     Makefile.shared, for Cygwin's sake.
+     [Richard Levitte]
+
+  *) Extend the BIGNUM API by creating new macros that behave like
+     functions
+
+          void BN_set_sign(BIGNUM *a, int neg);
+          int BN_get_sign(const BIGNUM *a);
+
+     and avoid the need to access 'a->neg' directly in applications.
+     [Nils Larsch  <nla@trustcenter.de>]
+
+  *) Implement fast modular reduction for pseudo-Mersenne primes
+     used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c).
+     EC_GROUP_new_curve_GFp() will now automatically use this
+     if applicable.
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Add new lock type (CRYPTO_LOCK_BN).
+     [Bodo Moeller]
+
+  *) Change the ENGINE framework to automatically load engines
+     dynamically from specific directories unless they could be
+     found to already be built in or loaded.  Move all the
+     current engines except for the cryptodev one to a new
+     directory engines/.
+     The engines in engines/ are built as shared libraries if
+     the "shared" options was given to ./Configure or ./config.
+     Otherwise, they are inserted in libcrypto.a.
+     /usr/local/ssl/engines is the default directory for dynamic
+     engines, but that can be overriden at configure time through
+     the usual use of --prefix and/or --openssldir, and at run
+     time with the environment variable OPENSSL_ENGINES.
+     [Geoff Thorpe and Richard Levitte]
+
+  *) Add Makefile.shared, a helper makefile to build shared
+     libraries.  Addapt Makefile.org.
+     [Richard Levitte]
+
+  *) Add version info to Win32 DLLs.
+     [Peter 'Luna' Runestig" <peter@runestig.com>]
+
+  *) Add new 'medium level' PKCS#12 API. Certificates and keys
+     can be added using this API to created arbitrary PKCS#12
+     files while avoiding the low level API.
+
+     New options to PKCS12_create(), key or cert can be NULL and
+     will then be omitted from the output file. The encryption
+     algorithm NIDs can be set to -1 for no encryption, the mac
+     iteration count can be set to 0 to omit the mac.
+
+     Enhance pkcs12 utility by making the -nokeys and -nocerts
+     options work when creating a PKCS#12 file. New option -nomac
+     to omit the mac, NONE can be set for an encryption algorithm.
+     New code is modified to use the enhanced PKCS12_create()
+     instead of the low level API.
+     [Steve Henson]
+
+  *) Extend ASN1 encoder to support indefinite length constructed
+     encoding. This can output sequences tags and octet strings in
+     this form. Modify pk7_asn1.c to support indefinite length
+     encoding. This is experimental and needs additional code to
+     be useful, such as an ASN1 bio and some enhanced streaming
+     PKCS#7 code.
+
+     Extend template encode functionality so that tagging is passed
+     down to the template encoder.
+     [Steve Henson]
+
+  *) Let 'openssl req' fail if an argument to '-newkey' is not
+     recognized instead of using RSA as a default.
+     [Bodo Moeller]
+
+  *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
+     As these are not official, they are not included in "ALL";
+     the "ECCdraft" ciphersuite group alias can be used to select them.
+     [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]
+
+  *) Add ECDH engine support.
+     [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]
+
+  *) Add ECDH in new directory crypto/ecdh/.
+TODO: more general interface (return  x  coordinate, not its hash)
+TODO: bug: pad  x  with leading zeros if necessary
+     [Douglas Stebila (Sun Microsystems Laboratories)]
+
+  *) Let BN_rand_range() abort with an error after 100 iterations
+     without success (which indicates a broken PRNG).
+     [Bodo Moeller]
+
+  *) Change BN_mod_sqrt() so that it verifies that the input value
+     is really the square of the return value.  (Previously,
+     BN_mod_sqrt would show GIGO behaviour.)
+     [Bodo Moeller]
+
+  *) Add named elliptic curves over binary fields from X9.62, SECG,
+     and WAP/WTLS; add OIDs that were still missing.
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) Extend the EC library for elliptic curves over binary fields
+     (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
+     New EC_METHOD:
+
+          EC_GF2m_simple_method
+
+     New API functions:
+
+          EC_GROUP_new_curve_GF2m
+          EC_GROUP_set_curve_GF2m
+          EC_GROUP_get_curve_GF2m
+          EC_POINT_set_affine_coordinates_GF2m
+          EC_POINT_get_affine_coordinates_GF2m
+          EC_POINT_set_compressed_coordinates_GF2m
+
+     Point compression for binary fields is disabled by default for
+     patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
+     enable it).
+
+     As binary polynomials are represented as BIGNUMs, various members
+     of the EC_GROUP and EC_POINT data structures can be shared
+     between the implementations for prime fields and binary fields;
+     the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
+     are essentially identical to their ..._GFp counterparts.
+     (For simplicity, the '..._GFp' prefix has been dropped from
+     various internal method names.)
+
+     An internal 'field_div' method (similar to 'field_mul' and
+     'field_sqr') has been added; this is used only for binary fields.
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
+     through methods ('mul', 'precompute_mult').
+
+     The generic implementations (now internally called 'ec_wNAF_mul'
+     and 'ec_wNAF_precomputed_mult') remain the default if these
+     methods are undefined.
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) New function EC_GROUP_get_degree, which is defined through
+     EC_METHOD.  For curves over prime fields, this returns the bit
+     length of the modulus.
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) New functions EC_GROUP_dup, EC_POINT_dup.
+     (These simply call ..._new  and ..._copy).
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
+     Polynomials are represented as BIGNUMs (where the sign bit is not
+     used) in the following functions [macros]:  
+
+          BN_GF2m_add
+          BN_GF2m_sub             [= BN_GF2m_add]
+          BN_GF2m_mod             [wrapper for BN_GF2m_mod_arr]
+          BN_GF2m_mod_mul         [wrapper for BN_GF2m_mod_mul_arr]
+          BN_GF2m_mod_sqr         [wrapper for BN_GF2m_mod_sqr_arr]
+          BN_GF2m_mod_inv
+          BN_GF2m_mod_exp         [wrapper for BN_GF2m_mod_exp_arr]
+          BN_GF2m_mod_sqrt        [wrapper for BN_GF2m_mod_sqrt_arr]
+          BN_GF2m_mod_solve_quad  [wrapper for BN_GF2m_mod_solve_quad_arr]
+          BN_GF2m_cmp             [= BN_ucmp]
+
+     (Note that only the 'mod' functions are actually for fields GF(2^m).
+     BN_GF2m_add() is misnomer, but this is for the sake of consistency.)
+
+     For some functions, an the irreducible polynomial defining a
+     field can be given as an 'unsigned int[]' with strictly
+     decreasing elements giving the indices of those bits that are set;
+     i.e., p[] represents the polynomial
+          f(t) = t^p[0] + t^p[1] + ... + t^p[k]
+     where
+          p[0] > p[1] > ... > p[k] = 0.
+     This applies to the following functions:
+
+          BN_GF2m_mod_arr
+          BN_GF2m_mod_mul_arr
+          BN_GF2m_mod_sqr_arr
+          BN_GF2m_mod_inv_arr        [wrapper for BN_GF2m_mod_inv]
+          BN_GF2m_mod_div_arr        [wrapper for BN_GF2m_mod_div]
+          BN_GF2m_mod_exp_arr
+          BN_GF2m_mod_sqrt_arr
+          BN_GF2m_mod_solve_quad_arr
+          BN_GF2m_poly2arr
+          BN_GF2m_arr2poly
+
+     Conversion can be performed by the following functions:
+
+          BN_GF2m_poly2arr
+          BN_GF2m_arr2poly
+
+     bntest.c has additional tests for binary polynomial arithmetic.
+
+     Two implementations for BN_GF2m_mod_div() are available.
+     The default algorithm simply uses BN_GF2m_mod_inv() and
+     BN_GF2m_mod_mul().  The alternative algorithm is compiled in only
+     if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
+     copyright notice in crypto/bn/bn_gf2m.c before enabling it).
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) Add new error code 'ERR_R_DISABLED' that can be used when some
+     functionality is disabled at compile-time.
+     [Douglas Stebila <douglas.stebila@sun.com>]
+
+  *) Change default behaviour of 'openssl asn1parse' so that more
+     information is visible when viewing, e.g., a certificate:
+
+     Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
+     mode the content of non-printable OCTET STRINGs is output in a
+     style similar to INTEGERs, but with '[HEX DUMP]' prepended to
+     avoid the appearance of a printable string.
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
+     functions
+          EC_GROUP_set_asn1_flag()
+          EC_GROUP_get_asn1_flag()
+          EC_GROUP_set_point_conversion_form()
+          EC_GROUP_get_point_conversion_form()
+     These control ASN1 encoding details:
+     - Curves (i.e., groups) are encoded explicitly unless asn1_flag
+       has been set to OPENSSL_EC_NAMED_CURVE.
+     - Points are encoded in uncompressed form by default; options for
+       asn1_for are as for point2oct, namely
+          POINT_CONVERSION_COMPRESSED
+          POINT_CONVERSION_UNCOMPRESSED
+          POINT_CONVERSION_HYBRID
+
+     Also add 'seed' and 'seed_len' members to EC_GROUP with access
+     functions
+          EC_GROUP_set_seed()
+          EC_GROUP_get0_seed()
+          EC_GROUP_get_seed_len()
+     This is used only for ASN1 purposes (so far).
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Add 'field_type' member to EC_METHOD, which holds the NID
+     of the appropriate field type OID.  The new function
+     EC_METHOD_get_field_type() returns this value.
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Add functions 
+          EC_POINT_point2bn()
+          EC_POINT_bn2point()
+          EC_POINT_point2hex()
+          EC_POINT_hex2point()
+     providing useful interfaces to EC_POINT_point2oct() and
+     EC_POINT_oct2point().
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Change internals of the EC library so that the functions
+          EC_GROUP_set_generator()
+          EC_GROUP_get_generator()
+          EC_GROUP_get_order()
+          EC_GROUP_get_cofactor()
+     are implemented directly in crypto/ec/ec_lib.c and not dispatched
+     to methods, which would lead to unnecessary code duplication when
+     adding different types of curves.
+     [Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller]
+
+  *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
+     arithmetic, and such that modified wNAFs are generated
+     (which avoid length expansion in many cases).
+     [Bodo Moeller]
+
+  *) Add a function EC_GROUP_check_discriminant() (defined via
+     EC_METHOD) that verifies that the curve discriminant is non-zero.
+
+     Add a function EC_GROUP_check() that makes some sanity tests
+     on a EC_GROUP, its generator and order.  This includes
+     EC_GROUP_check_discriminant().
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Add ECDSA in new directory crypto/ecdsa/.
+
+     Add applications 'openssl ecparam' and 'openssl ecdsa'
+     (these are based on 'openssl dsaparam' and 'openssl dsa').
+
+     ECDSA support is also included in various other files across the
+     library.  Most notably,
+     - 'openssl req' now has a '-newkey ecdsa:file' option;
+     - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
+     - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
+       d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
+       them suitable for ECDSA where domain parameters must be
+       extracted before the specific public key;
+     - ECDSA engine support has been added.
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Include some named elliptic curves, and add OIDs from X9.62,
+     SECG, and WAP/WTLS.  Each curve can be obtained from the new
+     function
+          EC_GROUP_new_by_nid(),
+     and the list of available named curves can be obtained with
+          EC_get_builtin_curves().
+     Also add a 'curve_name' member to EC_GROUP objects, which can be
+     accessed via
+         EC_GROUP_set_nid()
+         EC_GROUP_get_nid()
+     [Nils Larsch <nla@trustcenter.de, Bodo Moeller]
+ 
+ Changes between 0.9.6h and 0.9.7  [XX xxx 2002]
+
+  *) In asn1_d2i_read_bio() repeatedly call BIO_read() until all content
+     octets have been read, EOF or an error occurs. Without this change
+     some truncated ASN1 structures will not produce an error.
+     [Steve Henson]
+
+  *) Disable Heimdal support, since it hasn't been fully implemented.
+     Still give the possibility to force the use of Heimdal, but with
+     warnings and a request that patches get sent to openssl-dev.
+     [Richard Levitte]
+
+  *) Add the VC-CE target, introduce the WINCE sysname, and add
+     INSTALL.WCE and appropriate conditionals to make it build.
+     [Steven Reddie <smr@essemer.com.au> via Richard Levitte]
+
+  *) Change the DLL names for Cygwin to cygcrypto-x.y.z.dll and
+     cygssl-x.y.z.dll, where x, y and z are the major, minor and
+     edit numbers of the version.
+     [Corinna Vinschen <vinschen@redhat.com> and Richard Levitte]
+
+  *) Introduce safe string copy and catenation functions
+     (BUF_strlcpy() and BUF_strlcat()).
+     [Ben Laurie (CHATS) and Richard Levitte]
+
+  *) Avoid using fixed-size buffers for one-line DNs.
+     [Ben Laurie (CHATS)]
+
+  *) Add BUF_MEM_grow_clean() to avoid information leakage when
+     resizing buffers containing secrets, and use where appropriate.
+     [Ben Laurie (CHATS)]
+
+  *) Avoid using fixed size buffers for configuration file location.
+     [Ben Laurie (CHATS)]
+
+  *) Avoid filename truncation for various CA files.
+     [Ben Laurie (CHATS)]
+
+  *) Use sizeof in preference to magic numbers.
+     [Ben Laurie (CHATS)]
+
+  *) Avoid filename truncation in cert requests.
+     [Ben Laurie (CHATS)]
+
+  *) Add assertions to check for (supposedly impossible) buffer
+     overflows.
+     [Ben Laurie (CHATS)]
+
+  *) Don't cache truncated DNS entries in the local cache (this could
+     potentially lead to a spoofing attack).
+     [Ben Laurie (CHATS)]
+
+  *) Fix various buffers to be large enough for hex/decimal
+     representations in a platform independent manner.
+     [Ben Laurie (CHATS)]
+
+  *) Add CRYPTO_realloc_clean() to avoid information leakage when
+     resizing buffers containing secrets, and use where appropriate.
+     [Ben Laurie (CHATS)]
+
+  *) Add BIO_indent() to avoid much slightly worrying code to do
+     indents.
+     [Ben Laurie (CHATS)]
+
+  *) Convert sprintf()/BIO_puts() to BIO_printf().
+     [Ben Laurie (CHATS)]
+
+  *) buffer_gets() could terminate with the buffer only half
+     full. Fixed.
+     [Ben Laurie (CHATS)]
+
+  *) Add assertions to prevent user-supplied crypto functions from
+     overflowing internal buffers by having large block sizes, etc.
+     [Ben Laurie (CHATS)]
+
+  *) New OPENSSL_assert() macro (similar to assert(), but enabled
+     unconditionally).
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused copy of key in RC4.
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and incorrectly sized buffers for IV in pem.h.
+     [Ben Laurie (CHATS)]
+
+  *) Fix off-by-one error in EGD path.
+     [Ben Laurie (CHATS)]
+
+  *) If RANDFILE path is too long, ignore instead of truncating.
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and incorrectly sized X.509 structure
+     CBCParameter.
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and dangerous function knumber().
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and dangerous structure, KSSL_ERR.
+     [Ben Laurie (CHATS)]
+
+  *) Protect against overlong session ID context length in an encoded
+     session object. Since these are local, this does not appear to be
+     exploitable.
+     [Ben Laurie (CHATS)]
+
+  *) Change from security patch (see 0.9.6e below) that did not affect
+     the 0.9.6 release series:
+
+     Remote buffer overflow in SSL3 protocol - an attacker could
+     supply an oversized master key in Kerberos-enabled versions.
+     (CAN-2002-0657)
+     [Ben Laurie (CHATS)]
+
+  *) Change the SSL kerb5 codes to match RFC 2712.
+     [Richard Levitte]
+
+  *) Make -nameopt work fully for req and add -reqopt switch.
+     [Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson]
+
+  *) The "block size" for block ciphers in CFB and OFB mode should be 1.
+     [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve@opera.com>]
+
+  *) Make sure tests can be performed even if the corresponding algorithms
+     have been removed entirely.  This was also the last step to make
+     OpenSSL compilable with DJGPP under all reasonable conditions.
+     [Richard Levitte, Doug Kaufman <dkaufman@rahul.net>]
+
+  *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
+     to allow version independent disabling of normally unselected ciphers,
+     which may be activated as a side-effect of selecting a single cipher.
+
+     (E.g., cipher list string "RSA" enables ciphersuites that are left
+     out of "ALL" because they do not provide symmetric encryption.
+     "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
+     [Lutz Jaenicke, Bodo Moeller]
+
+  *) Add appropriate support for separate platform-dependent build
+     directories.  The recommended way to make a platform-dependent
+     build directory is the following (tested on Linux), maybe with
+     some local tweaks:
+
+	# Place yourself outside of the OpenSSL source tree.  In
+	# this example, the environment variable OPENSSL_SOURCE
+	# is assumed to contain the absolute OpenSSL source directory.
+	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
+	cd objtree/"`uname -s`-`uname -r`-`uname -m`"
+	(cd $OPENSSL_SOURCE; find . -type f -o -type l) | while read F; do
+		mkdir -p `dirname $F`
+		ln -s $OPENSSL_SOURCE/$F $F
+	done
+
+     To be absolutely sure not to disturb the source tree, a "make clean"
+     is a good thing.  If it isn't successfull, don't worry about it,
+     it probably means the source directory is very clean.
+     [Richard Levitte]
+
+  *) Make sure any ENGINE control commands make local copies of string
+     pointers passed to them whenever necessary. Otherwise it is possible
+     the caller may have overwritten (or deallocated) the original string
+     data when a later ENGINE operation tries to use the stored values.
+     [Götz Babin-Ebell <babinebell@trustcenter.de>]
+
+  *) Improve diagnostics in file reading and command-line digests.
+     [Ben Laurie aided and abetted by Solar Designer <solar@openwall.com>]
+
+  *) Add AES modes CFB and OFB to the object database.  Correct an
+     error in AES-CFB decryption.
+     [Richard Levitte]
+
+  *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this 
+     allows existing EVP_CIPHER_CTX structures to be reused after
+     calling EVP_*Final(). This behaviour is used by encryption
+     BIOs and some applications. This has the side effect that
+     applications must explicitly clean up cipher contexts with
+     EVP_CIPHER_CTX_cleanup() or they will leak memory.
+     [Steve Henson]
+
+  *) Check the values of dna and dnb in bn_mul_recursive before calling
+     bn_mul_comba (a non zero value means the a or b arrays do not contain
+     n2 elements) and fallback to bn_mul_normal if either is not zero.
+     [Steve Henson]
+
+  *) Fix escaping of non-ASCII characters when using the -subj option
+     of the "openssl req" command line tool. (Robert Joop <joop@fokus.gmd.de>)
+     [Lutz Jaenicke]
+
+  *) Make object definitions compliant to LDAP (RFC2256): SN is the short
+     form for "surname", serialNumber has no short form.
+     Use "mail" as the short name for "rfc822Mailbox" according to RFC2798;
+     therefore remove "mail" short name for "internet 7".
+     The OID for unique identifiers in X509 certificates is
+     x500UniqueIdentifier, not uniqueIdentifier.
+     Some more OID additions. (Michael Bell <michael.bell@rz.hu-berlin.de>)
+     [Lutz Jaenicke]
+
+  *) Add an "init" command to the ENGINE config module and auto initialize
+     ENGINEs. Without any "init" command the ENGINE will be initialized 
+     after all ctrl commands have been executed on it. If init=1 the 
+     ENGINE is initailized at that point (ctrls before that point are run
+     on the uninitialized ENGINE and after on the initialized one). If
+     init=0 then the ENGINE will not be iniatialized at all.
+     [Steve Henson]
+
+  *) Fix the 'app_verify_callback' interface so that the user-defined
+     argument is actually passed to the callback: In the
+     SSL_CTX_set_cert_verify_callback() prototype, the callback
+     declaration has been changed from
+          int (*cb)()
+     into
+          int (*cb)(X509_STORE_CTX *,void *);
+     in ssl_verify_cert_chain (ssl/ssl_cert.c), the call
+          i=s->ctx->app_verify_callback(&ctx)
+     has been changed into
+          i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg).
+
+     To update applications using SSL_CTX_set_cert_verify_callback(),
+     a dummy argument can be added to their callback functions.
+     [D. K. Smetters <smetters@parc.xerox.com>]
+
+  *) Added the '4758cca' ENGINE to support IBM 4758 cards.
+     [Maurice Gittens <maurice@gittens.nl>, touchups by Geoff Thorpe]
+
+  *) Add and OPENSSL_LOAD_CONF define which will cause
+     OpenSSL_add_all_algorithms() to load the openssl.cnf config file.
+     This allows older applications to transparently support certain
+     OpenSSL features: such as crypto acceleration and dynamic ENGINE loading.
+     Two new functions OPENSSL_add_all_algorithms_noconf() which will never
+     load the config file and OPENSSL_add_all_algorithms_conf() which will
+     always load it have also been added.
+     [Steve Henson]
+
+  *) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES.
+     Adjust NIDs and EVP layer.
+     [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte]
+
+  *) Config modules support in openssl utility.
+
+     Most commands now load modules from the config file,
+     though in a few (such as version) this isn't done 
+     because it couldn't be used for anything.
+
+     In the case of ca and req the config file used is
+     the same as the utility itself: that is the -config
+     command line option can be used to specify an
+     alternative file.
+     [Steve Henson]
+
+  *) Move default behaviour from OPENSSL_config(). If appname is NULL
+     use "openssl_conf" if filename is NULL use default openssl config file.
+     [Steve Henson]
+
+  *) Add an argument to OPENSSL_config() to allow the use of an alternative
+     config section name. Add a new flag to tolerate a missing config file
+     and move code to CONF_modules_load_file().
+     [Steve Henson]
+
+  *) Support for crypto accelerator cards from Accelerated Encryption
+     Processing, www.aep.ie.  (Use engine 'aep')
+     The support was copied from 0.9.6c [engine] and adapted/corrected
+     to work with the new engine framework.
+     [AEP Inc. and Richard Levitte]
+
+  *) Support for SureWare crypto accelerator cards from Baltimore
+     Technologies.  (Use engine 'sureware')
+     The support was copied from 0.9.6c [engine] and adapted
+     to work with the new engine framework.
+     [Richard Levitte]
+
+  *) Have the CHIL engine fork-safe (as defined by nCipher) and actually
+     make the newer ENGINE framework commands for the CHIL engine work.
+     [Toomas Kiisk <vix@cyber.ee> and Richard Levitte]
+
+  *) Make it possible to produce shared libraries on ReliantUNIX.
+     [Robert Dahlem <Robert.Dahlem@ffm2.siemens.de> via Richard Levitte]
+
+  *) Add the configuration target debug-linux-ppro.
+     Make 'openssl rsa' use the general key loading routines
+     implemented in apps.c, and make those routines able to
+     handle the key format FORMAT_NETSCAPE and the variant
+     FORMAT_IISSGC.
+     [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+
+ *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
+     [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+
+  *) Add -keyform to rsautl, and document -engine.
+     [Richard Levitte, inspired by Toomas Kiisk <vix@cyber.ee>]
+
+  *) Change BIO_new_file (crypto/bio/bss_file.c) to use new
+     BIO_R_NO_SUCH_FILE error code rather than the generic
+     ERR_R_SYS_LIB error code if fopen() fails with ENOENT.
+     [Ben Laurie]
+
+  *) Add new functions
+          ERR_peek_last_error
+          ERR_peek_last_error_line
+          ERR_peek_last_error_line_data.
+     These are similar to
+          ERR_peek_error
+          ERR_peek_error_line
+          ERR_peek_error_line_data,
+     but report on the latest error recorded rather than the first one
+     still in the error queue.
+     [Ben Laurie, Bodo Moeller]
+        
+  *) default_algorithms option in ENGINE config module. This allows things
+     like:
+     default_algorithms = ALL
+     default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS
+     [Steve Henson]
+
+  *) Prelminary ENGINE config module.
+     [Steve Henson]
+
+  *) New experimental application configuration code.
+     [Steve Henson]
+
+  *) Change the AES code to follow the same name structure as all other
+     symmetric ciphers, and behave the same way.  Move everything to
+     the directory crypto/aes, thereby obsoleting crypto/rijndael.
+     [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte]
+
+  *) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c.
+     [Ben Laurie and Theo de Raadt]
+
+  *) Add option to output public keys in req command.
+     [Massimiliano Pala madwolf@openca.org]
+
+  *) Use wNAFs in EC_POINTs_mul() for improved efficiency
+     (up to about 10% better than before for P-192 and P-224).
+     [Bodo Moeller]
+
+  *) New functions/macros
+
+          SSL_CTX_set_msg_callback(ctx, cb)
+          SSL_CTX_set_msg_callback_arg(ctx, arg)
+          SSL_set_msg_callback(ssl, cb)
+          SSL_set_msg_callback_arg(ssl, arg)
+
+     to request calling a callback function
+
+          void cb(int write_p, int version, int content_type,
+                  const void *buf, size_t len, SSL *ssl, void *arg)
+
+     whenever a protocol message has been completely received
+     (write_p == 0) or sent (write_p == 1).  Here 'version' is the
+     protocol version  according to which the SSL library interprets
+     the current protocol message (SSL2_VERSION, SSL3_VERSION, or
+     TLS1_VERSION).  'content_type' is 0 in the case of SSL 2.0, or
+     the content type as defined in the SSL 3.0/TLS 1.0 protocol
+     specification (change_cipher_spec(20), alert(21), handshake(22)).
+     'buf' and 'len' point to the actual message, 'ssl' to the
+     SSL object, and 'arg' is the application-defined value set by
+     SSL[_CTX]_set_msg_callback_arg().
+
+     'openssl s_client' and 'openssl s_server' have new '-msg' options
+     to enable a callback that displays all protocol messages.
+     [Bodo Moeller]
+
+  *) Change the shared library support so shared libraries are built as
+     soon as the corresponding static library is finished, and thereby get
+     openssl and the test programs linked against the shared library.
+     This still only happens when the keyword "shard" has been given to
+     the configuration scripts.
+
+     NOTE: shared library support is still an experimental thing, and
+     backward binary compatibility is still not guaranteed.
+     ["Maciej W. Rozycki" <macro@ds2.pg.gda.pl> and Richard Levitte]
+
+  *) Add support for Subject Information Access extension.
+     [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
+
+  *) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero
+     additional bytes when new memory had to be allocated, not just
+     when reusing an existing buffer.
+     [Bodo Moeller]
+
+  *) New command line and configuration option 'utf8' for the req command.
+     This allows field values to be specified as UTF8 strings.
+     [Steve Henson]
+
+  *) Add -multi and -mr options to "openssl speed" - giving multiple parallel
+     runs for the former and machine-readable output for the latter.
+     [Ben Laurie]
+
+  *) Add '-noemailDN' option to 'openssl ca'.  This prevents inclusion
+     of the e-mail address in the DN (i.e., it will go into a certificate
+     extension only).  The new configuration file option 'email_in_dn = no'
+     has the same effect.
+     [Massimiliano Pala madwolf@openca.org]
+
+  *) Change all functions with names starting with des_ to be starting
+     with DES_ instead.  Add wrappers that are compatible with libdes,
+     but are named _ossl_old_des_*.  Finally, add macros that map the
+     des_* symbols to the corresponding _ossl_old_des_* if libdes
+     compatibility is desired.  If OpenSSL 0.9.6c compatibility is
+     desired, the des_* symbols will be mapped to DES_*, with one
+     exception.
+
+     Since we provide two compatibility mappings, the user needs to
+     define the macro OPENSSL_DES_LIBDES_COMPATIBILITY if libdes
+     compatibility is desired.  The default (i.e., when that macro
+     isn't defined) is OpenSSL 0.9.6c compatibility.
+
+     There are also macros that enable and disable the support of old
+     des functions altogether.  Those are OPENSSL_ENABLE_OLD_DES_SUPPORT
+     and OPENSSL_DISABLE_OLD_DES_SUPPORT.  If none or both of those
+     are defined, the default will apply: to support the old des routines.
+
+     In either case, one must include openssl/des.h to get the correct
+     definitions.  Do not try to just include openssl/des_old.h, that
+     won't work.
+
+     NOTE: This is a major break of an old API into a new one.  Software
+     authors are encouraged to switch to the DES_ style functions.  Some
+     time in the future, des_old.h and the libdes compatibility functions
+     will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the
+     default), and then completely removed.
+     [Richard Levitte]
+
+  *) Test for certificates which contain unsupported critical extensions.
+     If such a certificate is found during a verify operation it is 
+     rejected by default: this behaviour can be overridden by either
+     handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or
+     by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function
+     X509_supported_extension() has also been added which returns 1 if a
+     particular extension is supported.
+     [Steve Henson]
+
+  *) Modify the behaviour of EVP cipher functions in similar way to digests
+     to retain compatibility with existing code.
+     [Steve Henson]
+
+  *) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain
+     compatibility with existing code. In particular the 'ctx' parameter does
+     not have to be to be initialized before the call to EVP_DigestInit() and
+     it is tidied up after a call to EVP_DigestFinal(). New function
+     EVP_DigestFinal_ex() which does not tidy up the ctx. Similarly function
+     EVP_MD_CTX_copy() changed to not require the destination to be
+     initialized valid and new function EVP_MD_CTX_copy_ex() added which
+     requires the destination to be valid.
+
+     Modify all the OpenSSL digest calls to use EVP_DigestInit_ex(),
+     EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex().
+     [Steve Henson]
+
+  *) Change ssl3_get_message (ssl/s3_both.c) and the functions using it
+     so that complete 'Handshake' protocol structures are kept in memory
+     instead of overwriting 'msg_type' and 'length' with 'body' data.
+     [Bodo Moeller]
+
+  *) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32.
+     [Massimo Santin via Richard Levitte]
+
+  *) Major restructuring to the underlying ENGINE code. This includes
+     reduction of linker bloat, separation of pure "ENGINE" manipulation
+     (initialisation, etc) from functionality dealing with implementations
+     of specific crypto iterfaces. This change also introduces integrated
+     support for symmetric ciphers and digest implementations - so ENGINEs
+     can now accelerate these by providing EVP_CIPHER and EVP_MD
+     implementations of their own. This is detailed in crypto/engine/README
+     as it couldn't be adequately described here. However, there are a few
+     API changes worth noting - some RSA, DSA, DH, and RAND functions that
+     were changed in the original introduction of ENGINE code have now
+     reverted back - the hooking from this code to ENGINE is now a good
+     deal more passive and at run-time, operations deal directly with
+     RSA_METHODs, DSA_METHODs (etc) as they did before, rather than
+     dereferencing through an ENGINE pointer any more. Also, the ENGINE
+     functions dealing with BN_MOD_EXP[_CRT] handlers have been removed -
+     they were not being used by the framework as there is no concept of a
+     BIGNUM_METHOD and they could not be generalised to the new
+     'ENGINE_TABLE' mechanism that underlies the new code. Similarly,
+     ENGINE_cpy() has been removed as it cannot be consistently defined in
+     the new code.
+     [Geoff Thorpe]
+
+  *) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds.
+     [Steve Henson]
+
+  *) Change mkdef.pl to sort symbols that get the same entry number,
+     and make sure the automatically generated functions ERR_load_*
+     become part of libeay.num as well.
+     [Richard Levitte]
+
+  *) New function SSL_renegotiate_pending().  This returns true once
+     renegotiation has been requested (either SSL_renegotiate() call
+     or HelloRequest/ClientHello receveived from the peer) and becomes
+     false once a handshake has been completed.
+     (For servers, SSL_renegotiate() followed by SSL_do_handshake()
+     sends a HelloRequest, but does not ensure that a handshake takes
+     place.  SSL_renegotiate_pending() is useful for checking if the
+     client has followed the request.)
+     [Bodo Moeller]
+
+  *) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
+     By default, clients may request session resumption even during
+     renegotiation (if session ID contexts permit); with this option,
+     session resumption is possible only in the first handshake.
+
+     SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL.  This makes
+     more bits available for options that should not be part of
+     SSL_OP_ALL (such as SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION).
+     [Bodo Moeller]
+
+  *) Add some demos for certificate and certificate request creation.
+     [Steve Henson]
+
+  *) Make maximum certificate chain size accepted from the peer application
+     settable (SSL*_get/set_max_cert_list()), as proposed by
+     "Douglas E. Engert" <deengert@anl.gov>.
+     [Lutz Jaenicke]
+
+  *) Add support for shared libraries for Unixware-7
+     (Boyd Lynn Gerber <gerberb@zenez.com>).
+     [Lutz Jaenicke]
+
+  *) Add a "destroy" handler to ENGINEs that allows structural cleanup to
+     be done prior to destruction. Use this to unload error strings from
+     ENGINEs that load their own error strings. NB: This adds two new API
+     functions to "get" and "set" this destroy handler in an ENGINE.
+     [Geoff Thorpe]
+
+  *) Alter all existing ENGINE implementations (except "openssl" and
+     "openbsd") to dynamically instantiate their own error strings. This
+     makes them more flexible to be built both as statically-linked ENGINEs
+     and self-contained shared-libraries loadable via the "dynamic" ENGINE.
+     Also, add stub code to each that makes building them as self-contained
+     shared-libraries easier (see README.ENGINE).
+     [Geoff Thorpe]
+
+  *) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE
+     implementations into applications that are completely implemented in
+     self-contained shared-libraries. The "dynamic" ENGINE exposes control
+     commands that can be used to configure what shared-library to load and
+     to control aspects of the way it is handled. Also, made an update to
+     the README.ENGINE file that brings its information up-to-date and
+     provides some information and instructions on the "dynamic" ENGINE
+     (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc).
+     [Geoff Thorpe]
+
+  *) Make it possible to unload ranges of ERR strings with a new
+     "ERR_unload_strings" function.
+     [Geoff Thorpe]
+
+  *) Add a copy() function to EVP_MD.
+     [Ben Laurie]
+
+  *) Make EVP_MD routines take a context pointer instead of just the
+     md_data void pointer.
+     [Ben Laurie]
+
+  *) Add flags to EVP_MD and EVP_MD_CTX. EVP_MD_FLAG_ONESHOT indicates
+     that the digest can only process a single chunk of data
+     (typically because it is provided by a piece of
+     hardware). EVP_MD_CTX_FLAG_ONESHOT indicates that the application
+     is only going to provide a single chunk of data, and hence the
+     framework needn't accumulate the data for oneshot drivers.
+     [Ben Laurie]
+
+  *) As with "ERR", make it possible to replace the underlying "ex_data"
+     functions. This change also alters the storage and management of global
+     ex_data state - it's now all inside ex_data.c and all "class" code (eg.
+     RSA, BIO, SSL_CTX, etc) no longer stores its own STACKS and per-class
+     index counters. The API functions that use this state have been changed
+     to take a "class_index" rather than pointers to the class's local STACK
+     and counter, and there is now an API function to dynamically create new
+     classes. This centralisation allows us to (a) plug a lot of the
+     thread-safety problems that existed, and (b) makes it possible to clean
+     up all allocated state using "CRYPTO_cleanup_all_ex_data()". W.r.t. (b)
+     such data would previously have always leaked in application code and
+     workarounds were in place to make the memory debugging turn a blind eye
+     to it. Application code that doesn't use this new function will still
+     leak as before, but their memory debugging output will announce it now
+     rather than letting it slide.
+
+     Besides the addition of CRYPTO_cleanup_all_ex_data(), another API change
+     induced by the "ex_data" overhaul is that X509_STORE_CTX_init() now
+     has a return value to indicate success or failure.
+     [Geoff Thorpe]
+
+  *) Make it possible to replace the underlying "ERR" functions such that the
+     global state (2 LHASH tables and 2 locks) is only used by the "default"
+     implementation. This change also adds two functions to "get" and "set"
+     the implementation prior to it being automatically set the first time
+     any other ERR function takes place. Ie. an application can call "get",
+     pass the return value to a module it has just loaded, and that module
+     can call its own "set" function using that value. This means the
+     module's "ERR" operations will use (and modify) the error state in the
+     application and not in its own statically linked copy of OpenSSL code.
+     [Geoff Thorpe]
+
+  *) Give DH, DSA, and RSA types their own "**_up_ref()" function to increment
+     reference counts. This performs normal REF_PRINT/REF_CHECK macros on
+     the operation, and provides a more encapsulated way for external code
+     (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code
+     to use these functions rather than manually incrementing the counts.
+
+     Also rename "DSO_up()" function to more descriptive "DSO_up_ref()".
+     [Geoff Thorpe]
+
+  *) Add EVP test program.
+     [Ben Laurie]
+
+  *) Add symmetric cipher support to ENGINE. Expect the API to change!
+     [Ben Laurie]
+
+  *) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name()
+     X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(),
+     X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate().
+     These allow a CRL to be built without having to access X509_CRL fields
+     directly. Modify 'ca' application to use new functions.
+     [Steve Henson]
+
+  *) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended
+     bug workarounds. Rollback attack detection is a security feature.
+     The problem will only arise on OpenSSL servers when TLSv1 is not
+     available (sslv3_server_method() or SSL_OP_NO_TLSv1).
+     Software authors not wanting to support TLSv1 will have special reasons
+     for their choice and can explicitly enable this option.
+     [Bodo Moeller, Lutz Jaenicke]
+
+  *) Rationalise EVP so it can be extended: don't include a union of
+     cipher/digest structures, add init/cleanup functions for EVP_MD_CTX
+     (similar to those existing for EVP_CIPHER_CTX).
+     Usage example:
+
+         EVP_MD_CTX md;
+
+         EVP_MD_CTX_init(&md);             /* new function call */
+         EVP_DigestInit(&md, EVP_sha1());
+         EVP_DigestUpdate(&md, in, len);
+         EVP_DigestFinal(&md, out, NULL);
+         EVP_MD_CTX_cleanup(&md);          /* new function call */
+
+     [Ben Laurie]
+
+  *) Make DES key schedule conform to the usual scheme, as well as
+     correcting its structure. This means that calls to DES functions
+     now have to pass a pointer to a des_key_schedule instead of a
+     plain des_key_schedule (which was actually always a pointer
+     anyway): E.g.,
+
+         des_key_schedule ks;
+
+	 des_set_key_checked(..., &ks);
+	 des_ncbc_encrypt(..., &ks, ...);
+
+     (Note that a later change renames 'des_...' into 'DES_...'.)
+     [Ben Laurie]
+
+  *) Initial reduction of linker bloat: the use of some functions, such as
+     PEM causes large amounts of unused functions to be linked in due to
+     poor organisation. For example pem_all.c contains every PEM function
+     which has a knock on effect of linking in large amounts of (unused)
+     ASN1 code. Grouping together similar functions and splitting unrelated
+     functions prevents this.
+     [Steve Henson]
+
+  *) Cleanup of EVP macros.
+     [Ben Laurie]
+
+  *) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the
+     correct _ecb suffix.
+     [Ben Laurie]
+
+  *) Add initial OCSP responder support to ocsp application. The
+     revocation information is handled using the text based index
+     use by the ca application. The responder can either handle
+     requests generated internally, supplied in files (for example
+     via a CGI script) or using an internal minimal server.
+     [Steve Henson]
+
+  *) Add configuration choices to get zlib compression for TLS.
+     [Richard Levitte]
+
+  *) Changes to Kerberos SSL for RFC 2712 compliance:
+     1.  Implemented real KerberosWrapper, instead of just using
+         KRB5 AP_REQ message.  [Thanks to Simon Wilkinson <sxw@sxw.org.uk>]
+     2.  Implemented optional authenticator field of KerberosWrapper.
+
+     Added openssl-style ASN.1 macros for Kerberos ticket, ap_req,
+     and authenticator structs; see crypto/krb5/.
+
+     Generalized Kerberos calls to support multiple Kerberos libraries.
+     [Vern Staats <staatsvr@asc.hpc.mil>,
+      Jeffrey Altman <jaltman@columbia.edu>
+      via Richard Levitte]
+
+  *) Cause 'openssl speed' to use fully hard-coded DSA keys as it
+     already does with RSA. testdsa.h now has 'priv_key/pub_key'
+     values for each of the key sizes rather than having just
+     parameters (and 'speed' generating keys each time).
+     [Geoff Thorpe]
+
+  *) Speed up EVP routines.
+     Before:
+encrypt
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+des-cbc           4408.85k     5560.51k     5778.46k     5862.20k     5825.16k
+des-cbc           4389.55k     5571.17k     5792.23k     5846.91k     5832.11k
+des-cbc           4394.32k     5575.92k     5807.44k     5848.37k     5841.30k
+decrypt
+des-cbc           3482.66k     5069.49k     5496.39k     5614.16k     5639.28k
+des-cbc           3480.74k     5068.76k     5510.34k     5609.87k     5635.52k
+des-cbc           3483.72k     5067.62k     5504.60k     5708.01k     5724.80k
+     After:
+encrypt
+des-cbc           4660.16k     5650.19k     5807.19k     5827.13k     5783.32k
+decrypt
+des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
+     [Ben Laurie]
+
+  *) Added the OS2-EMX target.
+     ["Brian Havard" <brianh@kheldar.apana.org.au> and Richard Levitte]
+
+  *) Rewrite apps to use NCONF routines instead of the old CONF. New functions
+     to support NCONF routines in extension code. New function CONF_set_nconf()
+     to allow functions which take an NCONF to also handle the old LHASH
+     structure: this means that the old CONF compatible routines can be
+     retained (in particular wrt extensions) without having to duplicate the
+     code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.
+     [Steve Henson]
+
+  *) Enhance the general user interface with mechanisms for inner control
+     and with possibilities to have yes/no kind of prompts.
+     [Richard Levitte]
+
+  *) Change all calls to low level digest routines in the library and
+     applications to use EVP. Add missing calls to HMAC_cleanup() and
+     don't assume HMAC_CTX can be copied using memcpy().
+     [Verdon Walker <VWalker@novell.com>, Steve Henson]
+
+  *) Add the possibility to control engines through control names but with
+     arbitrary arguments instead of just a string.
+     Change the key loaders to take a UI_METHOD instead of a callback
+     function pointer.  NOTE: this breaks binary compatibility with earlier
+     versions of OpenSSL [engine].
+     Adapt the nCipher code for these new conditions and add a card insertion
+     callback.
+     [Richard Levitte]
+
+  *) Enhance the general user interface with mechanisms to better support
+     dialog box interfaces, application-defined prompts, the possibility
+     to use defaults (for example default passwords from somewhere else)
+     and interrupts/cancellations.
+     [Richard Levitte]
+
+  *) Tidy up PKCS#12 attribute handling. Add support for the CSP name
+     attribute in PKCS#12 files, add new -CSP option to pkcs12 utility.
+     [Steve Henson]
+
+  *) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also
+     tidy up some unnecessarily weird code in 'sk_new()').
+     [Geoff, reported by Diego Tartara <dtartara@novamens.com>]
+
+  *) Change the key loading routines for ENGINEs to use the same kind
+     callback (pem_password_cb) as all other routines that need this
+     kind of callback.
+     [Richard Levitte]
+
+  *) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with
+     256 bit (=32 byte) keys. Of course seeding with more entropy bytes
+     than this minimum value is recommended.
+     [Lutz Jaenicke]
+
+  *) New random seeder for OpenVMS, using the system process statistics
+     that are easily reachable.
+     [Richard Levitte]
+
+  *) Windows apparently can't transparently handle global
+     variables defined in DLLs. Initialisations such as:
+
+        const ASN1_ITEM *it = &ASN1_INTEGER_it;
+
+     wont compile. This is used by the any applications that need to
+     declare their own ASN1 modules. This was fixed by adding the option
+     EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly
+     needed for static libraries under Win32.
+     [Steve Henson]
+
+  *) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle
+     setting of purpose and trust fields. New X509_STORE trust and
+     purpose functions and tidy up setting in other SSL functions.
+     [Steve Henson]
+
+  *) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE
+     structure. These are inherited by X509_STORE_CTX when it is 
+     initialised. This allows various defaults to be set in the
+     X509_STORE structure (such as flags for CRL checking and custom
+     purpose or trust settings) for functions which only use X509_STORE_CTX
+     internally such as S/MIME.
+
+     Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and
+     trust settings if they are not set in X509_STORE. This allows X509_STORE
+     purposes and trust (in S/MIME for example) to override any set by default.
+
+     Add command line options for CRL checking to smime, s_client and s_server
+     applications.
+     [Steve Henson]
+
+  *) Initial CRL based revocation checking. If the CRL checking flag(s)
+     are set then the CRL is looked up in the X509_STORE structure and
+     its validity and signature checked, then if the certificate is found
+     in the CRL the verify fails with a revoked error.
+
+     Various new CRL related callbacks added to X509_STORE_CTX structure.
+
+     Command line options added to 'verify' application to support this.
+
+     This needs some additional work, such as being able to handle multiple
+     CRLs with different times, extension based lookup (rather than just
+     by subject name) and ultimately more complete V2 CRL extension
+     handling.
+     [Steve Henson]
+
+  *) Add a general user interface API (crypto/ui/).  This is designed
+     to replace things like des_read_password and friends (backward
+     compatibility functions using this new API are provided).
+     The purpose is to remove prompting functions from the DES code
+     section as well as provide for prompting through dialog boxes in
+     a window system and the like.
+     [Richard Levitte]
+
+  *) Add "ex_data" support to ENGINE so implementations can add state at a
+     per-structure level rather than having to store it globally.
+     [Geoff]
+
+  *) Make it possible for ENGINE structures to be copied when retrieved by
+     ENGINE_by_id() if the ENGINE specifies a new flag: ENGINE_FLAGS_BY_ID_COPY.
+     This causes the "original" ENGINE structure to act like a template,
+     analogous to the RSA vs. RSA_METHOD type of separation. Because of this
+     operational state can be localised to each ENGINE structure, despite the
+     fact they all share the same "methods". New ENGINE structures returned in
+     this case have no functional references and the return value is the single
+     structural reference. This matches the single structural reference returned
+     by ENGINE_by_id() normally, when it is incremented on the pre-existing
+     ENGINE structure.
+     [Geoff]
+
+  *) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this
+     needs to match any other type at all we need to manually clear the
+     tag cache.
+     [Steve Henson]
+
+  *) Changes to the "openssl engine" utility to include;
+     - verbosity levels ('-v', '-vv', and '-vvv') that provide information
+       about an ENGINE's available control commands.
+     - executing control commands from command line arguments using the
+       '-pre' and '-post' switches. '-post' is only used if '-t' is
+       specified and the ENGINE is successfully initialised. The syntax for
+       the individual commands are colon-separated, for example;
+	 openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so
+     [Geoff]
+
+  *) New dynamic control command support for ENGINEs. ENGINEs can now
+     declare their own commands (numbers), names (strings), descriptions,
+     and input types for run-time discovery by calling applications. A
+     subset of these commands are implicitly classed as "executable"
+     depending on their input type, and only these can be invoked through
+     the new string-based API function ENGINE_ctrl_cmd_string(). (Eg. this
+     can be based on user input, config files, etc). The distinction is
+     that "executable" commands cannot return anything other than a boolean
+     result and can only support numeric or string input, whereas some
+     discoverable commands may only be for direct use through
+     ENGINE_ctrl(), eg. supporting the exchange of binary data, function
+     pointers, or other custom uses. The "executable" commands are to
+     support parameterisations of ENGINE behaviour that can be
+     unambiguously defined by ENGINEs and used consistently across any
+     OpenSSL-based application. Commands have been added to all the
+     existing hardware-supporting ENGINEs, noticeably "SO_PATH" to allow
+     control over shared-library paths without source code alterations.
+     [Geoff]
+
+  *) Changed all ENGINE implementations to dynamically allocate their
+     ENGINEs rather than declaring them statically. Apart from this being
+     necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction,
+     this also allows the implementations to compile without using the
+     internal engine_int.h header.
+     [Geoff]
+
+  *) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a
+     'const' value. Any code that should be able to modify a RAND_METHOD
+     should already have non-const pointers to it (ie. they should only
+     modify their own ones).
+     [Geoff]
+
+  *) Made a variety of little tweaks to the ENGINE code.
+     - "atalla" and "ubsec" string definitions were moved from header files
+       to C code. "nuron" string definitions were placed in variables
+       rather than hard-coded - allowing parameterisation of these values
+       later on via ctrl() commands.
+     - Removed unused "#if 0"'d code.
+     - Fixed engine list iteration code so it uses ENGINE_free() to release
+       structural references.
+     - Constified the RAND_METHOD element of ENGINE structures.
+     - Constified various get/set functions as appropriate and added
+       missing functions (including a catch-all ENGINE_cpy that duplicates
+       all ENGINE values onto a new ENGINE except reference counts/state).
+     - Removed NULL parameter checks in get/set functions. Setting a method
+       or function to NULL is a way of cancelling out a previously set
+       value.  Passing a NULL ENGINE parameter is just plain stupid anyway
+       and doesn't justify the extra error symbols and code.
+     - Deprecate the ENGINE_FLAGS_MALLOCED define and move the area for
+       flags from engine_int.h to engine.h.
+     - Changed prototypes for ENGINE handler functions (init(), finish(),
+       ctrl(), key-load functions, etc) to take an (ENGINE*) parameter.
+     [Geoff]
+
+  *) Implement binary inversion algorithm for BN_mod_inverse in addition
+     to the algorithm using long division.  The binary algorithm can be
+     used only if the modulus is odd.  On 32-bit systems, it is faster
+     only for relatively small moduli (roughly 20-30% for 128-bit moduli,
+     roughly 5-15% for 256-bit moduli), so we use it only for moduli
+     up to 450 bits.  In 64-bit environments, the binary algorithm
+     appears to be advantageous for much longer moduli; here we use it
+     for moduli up to 2048 bits.
+     [Bodo Moeller]
+
+  *) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code
+     could not support the combine flag in choice fields.
+     [Steve Henson]
+
+  *) Add a 'copy_extensions' option to the 'ca' utility. This copies
+     extensions from a certificate request to the certificate.
+     [Steve Henson]
+
+  *) Allow multiple 'certopt' and 'nameopt' options to be separated
+     by commas. Add 'namopt' and 'certopt' options to the 'ca' config
+     file: this allows the display of the certificate about to be
+     signed to be customised, to allow certain fields to be included
+     or excluded and extension details. The old system didn't display
+     multicharacter strings properly, omitted fields not in the policy
+     and couldn't display additional details such as extensions.
+     [Steve Henson]
+
+  *) Function EC_POINTs_mul for multiple scalar multiplication
+     of an arbitrary number of elliptic curve points
+          \sum scalars[i]*points[i],
+     optionally including the generator defined for the EC_GROUP:
+          scalar*generator +  \sum scalars[i]*points[i].
+
+     EC_POINT_mul is a simple wrapper function for the typical case
+     that the point list has just one item (besides the optional
+     generator).
+     [Bodo Moeller]
+
+  *) First EC_METHODs for curves over GF(p):
+
+     EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr
+     operations and provides various method functions that can also
+     operate with faster implementations of modular arithmetic.     
+
+     EC_GFp_mont_method() reuses most functions that are part of
+     EC_GFp_simple_method, but uses Montgomery arithmetic.
+
+     [Bodo Moeller; point addition and point doubling
+     implementation directly derived from source code provided by
+     Lenka Fibikova <fibikova@exp-math.uni-essen.de>]
+
+  *) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h,
+     crypto/ec/ec_lib.c):
+
+     Curves are EC_GROUP objects (with an optional group generator)
+     based on EC_METHODs that are built into the library.
+
+     Points are EC_POINT objects based on EC_GROUP objects.
+
+     Most of the framework would be able to handle curves over arbitrary
+     finite fields, but as there are no obvious types for fields other
+     than GF(p), some functions are limited to that for now.
+     [Bodo Moeller]
+
+  *) Add the -HTTP option to s_server.  It is similar to -WWW, but requires
+     that the file contains a complete HTTP response.
+     [Richard Levitte]
+
+  *) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl
+     change the def and num file printf format specifier from "%-40sXXX"
+     to "%-39s XXX". The latter will always guarantee a space after the
+     field while the former will cause them to run together if the field
+     is 40 of more characters long.
+     [Steve Henson]
+
+  *) Constify the cipher and digest 'method' functions and structures
+     and modify related functions to take constant EVP_MD and EVP_CIPHER
+     pointers.
+     [Steve Henson]
+
+  *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them
+     in <openssl/bn.h>.  Also further increase BN_CTX_NUM to 32.
+     [Bodo Moeller]
+
+  *) Modify EVP_Digest*() routines so they now return values. Although the
+     internal software routines can never fail additional hardware versions
+     might.
+     [Steve Henson]
+
+  *) Clean up crypto/err/err.h and change some error codes to avoid conflicts:
+
+     Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7
+     (= ERR_R_PKCS7_LIB); it is now 64 instead of 32.
+
+     ASN1 error codes
+          ERR_R_NESTED_ASN1_ERROR
+          ...
+          ERR_R_MISSING_ASN1_EOS
+     were 4 .. 9, conflicting with
+          ERR_LIB_RSA (= ERR_R_RSA_LIB)
+          ...
+          ERR_LIB_PEM (= ERR_R_PEM_LIB).
+     They are now 58 .. 63 (i.e., just below ERR_R_FATAL).
+
+     Add new error code 'ERR_R_INTERNAL_ERROR'.
+     [Bodo Moeller]
+
+  *) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock
+     suffices.
+     [Bodo Moeller]
+
+  *) New option '-subj arg' for 'openssl req' and 'openssl ca'.  This
+     sets the subject name for a new request or supersedes the
+     subject name in a given request. Formats that can be parsed are
+          'CN=Some Name, OU=myOU, C=IT'
+     and
+          'CN=Some Name/OU=myOU/C=IT'.
+
+     Add options '-batch' and '-verbose' to 'openssl req'.
+     [Massimiliano Pala <madwolf@hackmasters.net>]
+
+  *) Introduce the possibility to access global variables through
+     functions on platform were that's the best way to handle exporting
+     global variables in shared libraries.  To enable this functionality,
+     one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
+     "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
+     is normally done by Configure or something similar).
+
+     To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
+     in the source file (foo.c) like this:
+
+	OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
+	OPENSSL_IMPLEMENT_GLOBAL(double,bar);
+
+     To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
+     and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:
+
+	OPENSSL_DECLARE_GLOBAL(int,foo);
+	#define foo OPENSSL_GLOBAL_REF(foo)
+	OPENSSL_DECLARE_GLOBAL(double,bar);
+	#define bar OPENSSL_GLOBAL_REF(bar)
+
+     The #defines are very important, and therefore so is including the
+     header file everywhere where the defined globals are used.
+
+     The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
+     of ASN.1 items, but that structure is a bit different.
+
+     The largest change is in util/mkdef.pl which has been enhanced with
+     better and easier to understand logic to choose which symbols should
+     go into the Windows .def files as well as a number of fixes and code
+     cleanup (among others, algorithm keywords are now sorted
+     lexicographically to avoid constant rewrites).
+     [Richard Levitte]
+
+  *) In BN_div() keep a copy of the sign of 'num' before writing the
+     result to 'rm' because if rm==num the value will be overwritten
+     and produce the wrong result if 'num' is negative: this caused
+     problems with BN_mod() and BN_nnmod().
+     [Steve Henson]
+
+  *) Function OCSP_request_verify(). This checks the signature on an
+     OCSP request and verifies the signer certificate. The signer
+     certificate is just checked for a generic purpose and OCSP request
+     trust settings.
+     [Steve Henson]
+
+  *) Add OCSP_check_validity() function to check the validity of OCSP
+     responses. OCSP responses are prepared in real time and may only
+     be a few seconds old. Simply checking that the current time lies
+     between thisUpdate and nextUpdate max reject otherwise valid responses
+     caused by either OCSP responder or client clock inaccuracy. Instead
+     we allow thisUpdate and nextUpdate to fall within a certain period of
+     the current time. The age of the response can also optionally be
+     checked. Two new options -validity_period and -status_age added to
+     ocsp utility.
+     [Steve Henson]
+
+  *) If signature or public key algorithm is unrecognized print out its
+     OID rather that just UNKNOWN.
+     [Steve Henson]
+
+  *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and
+     OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate
+     ID to be generated from the issuer certificate alone which can then be
+     passed to OCSP_id_issuer_cmp().
+     [Steve Henson]
+
+  *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new
+     ASN1 modules to export functions returning ASN1_ITEM pointers
+     instead of the ASN1_ITEM structures themselves. This adds several
+     new macros which allow the underlying ASN1 function/structure to
+     be accessed transparently. As a result code should not use ASN1_ITEM
+     references directly (such as &X509_it) but instead use the relevant
+     macros (such as ASN1_ITEM_rptr(X509)). This option is to allow
+     use of the new ASN1 code on platforms where exporting structures
+     is problematical (for example in shared libraries) but exporting
+     functions returning pointers to structures is not.
+     [Steve Henson]
+
+  *) Add support for overriding the generation of SSL/TLS session IDs.
+     These callbacks can be registered either in an SSL_CTX or per SSL.
+     The purpose of this is to allow applications to control, if they wish,
+     the arbitrary values chosen for use as session IDs, particularly as it
+     can be useful for session caching in multiple-server environments. A
+     command-line switch for testing this (and any client code that wishes
+     to use such a feature) has been added to "s_server".
+     [Geoff Thorpe, Lutz Jaenicke]
+
+  *) Modify mkdef.pl to recognise and parse preprocessor conditionals
+     of the form '#if defined(...) || defined(...) || ...' and
+     '#if !defined(...) && !defined(...) && ...'.  This also avoids
+     the growing number of special cases it was previously handling.
+     [Richard Levitte]
+
+  *) Make all configuration macros available for application by making
+     sure they are available in opensslconf.h, by giving them names starting
+     with "OPENSSL_" to avoid conflicts with other packages and by making
+     sure e_os2.h will cover all platform-specific cases together with
+     opensslconf.h.
+     Additionally, it is now possible to define configuration/platform-
+     specific names (called "system identities").  In the C code, these
+     are prefixed with "OPENSSL_SYSNAME_".  e_os2.h will create another
+     macro with the name beginning with "OPENSSL_SYS_", which is determined
+     from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on
+     what is available.
+     [Richard Levitte]
+
+  *) New option -set_serial to 'req' and 'x509' this allows the serial
+     number to use to be specified on the command line. Previously self
+     signed certificates were hard coded with serial number 0 and the 
+     CA options of 'x509' had to use a serial number in a file which was
+     auto incremented.
+     [Steve Henson]
+
+  *) New options to 'ca' utility to support V2 CRL entry extensions.
+     Currently CRL reason, invalidity date and hold instruction are
+     supported. Add new CRL extensions to V3 code and some new objects.
+     [Steve Henson]
+
+  *) New function EVP_CIPHER_CTX_set_padding() this is used to
+     disable standard block padding (aka PKCS#5 padding) in the EVP
+     API, which was previously mandatory. This means that the data is
+     not padded in any way and so the total length much be a multiple
+     of the block size, otherwise an error occurs.
+     [Steve Henson]
+
+  *) Initial (incomplete) OCSP SSL support.
+     [Steve Henson]
+
+  *) New function OCSP_parse_url(). This splits up a URL into its host,
+     port and path components: primarily to parse OCSP URLs. New -url
+     option to ocsp utility.
+     [Steve Henson]
+
+  *) New nonce behavior. The return value of OCSP_check_nonce() now 
+     reflects the various checks performed. Applications can decide
+     whether to tolerate certain situations such as an absent nonce
+     in a response when one was present in a request: the ocsp application
+     just prints out a warning. New function OCSP_add1_basic_nonce()
+     this is to allow responders to include a nonce in a response even if
+     the request is nonce-less.
+     [Steve Henson]
+
+  *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are
+     skipped when using openssl x509 multiple times on a single input file,
+     e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs".
+     [Bodo Moeller]
+
+  *) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string()
+     set string type: to handle setting ASN1_TIME structures. Fix ca
+     utility to correctly initialize revocation date of CRLs.
+     [Steve Henson]
+
+  *) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override
+     the clients preferred ciphersuites and rather use its own preferences.
+     Should help to work around M$ SGC (Server Gated Cryptography) bug in
+     Internet Explorer by ensuring unchanged hash method during stepup.
+     (Also replaces the broken/deactivated SSL_OP_NON_EXPORT_FIRST option.)
+     [Lutz Jaenicke]
+
+  *) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael
+     to aes and add a new 'exist' option to print out symbols that don't
+     appear to exist.
+     [Steve Henson]
+
+  *) Additional options to ocsp utility to allow flags to be set and
+     additional certificates supplied.
+     [Steve Henson]
+
+  *) Add the option -VAfile to 'openssl ocsp', so the user can give the
+     OCSP client a number of certificate to only verify the response
+     signature against.
+     [Richard Levitte]
+
+  *) Update Rijndael code to version 3.0 and change EVP AES ciphers to
+     handle the new API. Currently only ECB, CBC modes supported. Add new
+     AES OIDs.
+
+     Add TLS AES ciphersuites as described in RFC3268, "Advanced
+     Encryption Standard (AES) Ciphersuites for Transport Layer
+     Security (TLS)".  (In beta versions of OpenSSL 0.9.7, these were
+     not enabled by default and were not part of the "ALL" ciphersuite
+     alias because they were not yet official; they could be
+     explicitly requested by specifying the "AESdraft" ciphersuite
+     group alias.  In the final release of OpenSSL 0.9.7, the group
+     alias is called "AES" and is part of "ALL".)
+     [Ben Laurie, Steve  Henson, Bodo Moeller]
+
+  *) New function OCSP_copy_nonce() to copy nonce value (if present) from
+     request to response.
+     [Steve Henson]
+
+  *) Functions for OCSP responders. OCSP_request_onereq_count(),
+     OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info()
+     extract information from a certificate request. OCSP_response_create()
+     creates a response and optionally adds a basic response structure.
+     OCSP_basic_add1_status() adds a complete single response to a basic
+     response and returns the OCSP_SINGLERESP structure just added (to allow
+     extensions to be included for example). OCSP_basic_add1_cert() adds a
+     certificate to a basic response and OCSP_basic_sign() signs a basic
+     response with various flags. New helper functions ASN1_TIME_check()
+     (checks validity of ASN1_TIME structure) and ASN1_TIME_to_generalizedtime()
+     (converts ASN1_TIME to GeneralizedTime).
+     [Steve Henson]
+
+  *) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}()
+     in a single operation. X509_get0_pubkey_bitstr() extracts the public_key
+     structure from a certificate. X509_pubkey_digest() digests the public_key
+     contents: this is used in various key identifiers. 
+     [Steve Henson]
+
+  *) Make sk_sort() tolerate a NULL argument.
+     [Steve Henson reported by Massimiliano Pala <madwolf@comune.modena.it>]
+
+  *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates
+     passed by the function are trusted implicitly. If any of them signed the
+     response then it is assumed to be valid and is not verified.
+     [Steve Henson]
+
+  *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
+     to data. This was previously part of the PKCS7 ASN1 code. This
+     was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
+     [Steve Henson, reported by Kenneth R. Robinette
+				<support@securenetterm.com>]
+
+  *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1
+     routines: without these tracing memory leaks is very painful.
+     Fix leaks in PKCS12 and PKCS7 routines.
+     [Steve Henson]
+
+  *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new().
+     Previously it initialised the 'type' argument to V_ASN1_UTCTIME which
+     effectively meant GeneralizedTime would never be used. Now it
+     is initialised to -1 but X509_time_adj() now has to check the value
+     and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or
+     V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime.
+     [Steve Henson, reported by Kenneth R. Robinette
+				<support@securenetterm.com>]
+
+  *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously
+     result in a zero length in the ASN1_INTEGER structure which was
+     not consistent with the structure when d2i_ASN1_INTEGER() was used
+     and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER()
+     to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER()
+     where it did not print out a minus for negative ASN1_INTEGER.
+     [Steve Henson]
+
+  *) Add summary printout to ocsp utility. The various functions which
+     convert status values to strings have been renamed to:
+     OCSP_response_status_str(), OCSP_cert_status_str() and
+     OCSP_crl_reason_str() and are no longer static. New options
+     to verify nonce values and to disable verification. OCSP response
+     printout format cleaned up.
+     [Steve Henson]
+
+  *) Add additional OCSP certificate checks. These are those specified
+     in RFC2560. This consists of two separate checks: the CA of the
+     certificate being checked must either be the OCSP signer certificate
+     or the issuer of the OCSP signer certificate. In the latter case the
+     OCSP signer certificate must contain the OCSP signing extended key
+     usage. This check is performed by attempting to match the OCSP
+     signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash
+     in the OCSP_CERTID structures of the response.
+     [Steve Henson]
+
+  *) Initial OCSP certificate verification added to OCSP_basic_verify()
+     and related routines. This uses the standard OpenSSL certificate
+     verify routines to perform initial checks (just CA validity) and
+     to obtain the certificate chain. Then additional checks will be
+     performed on the chain. Currently the root CA is checked to see
+     if it is explicitly trusted for OCSP signing. This is used to set
+     a root CA as a global signing root: that is any certificate that
+     chains to that CA is an acceptable OCSP signing certificate.
+     [Steve Henson]
+
+  *) New '-extfile ...' option to 'openssl ca' for reading X.509v3
+     extensions from a separate configuration file.
+     As when reading extensions from the main configuration file,
+     the '-extensions ...' option may be used for specifying the
+     section to use.
+     [Massimiliano Pala <madwolf@comune.modena.it>]
+
+  *) New OCSP utility. Allows OCSP requests to be generated or
+     read. The request can be sent to a responder and the output
+     parsed, outputed or printed in text form. Not complete yet:
+     still needs to check the OCSP response validity.
+     [Steve Henson]
+
+  *) New subcommands for 'openssl ca':
+     'openssl ca -status <serial>' prints the status of the cert with
+     the given serial number (according to the index file).
+     'openssl ca -updatedb' updates the expiry status of certificates
+     in the index file.
+     [Massimiliano Pala <madwolf@comune.modena.it>]
+
+  *) New '-newreq-nodes' command option to CA.pl.  This is like
+     '-newreq', but calls 'openssl req' with the '-nodes' option
+     so that the resulting key is not encrypted.
+     [Damien Miller <djm@mindrot.org>]
+
+  *) New configuration for the GNU Hurd.
+     [Jonathan Bartlett <johnnyb@wolfram.com> via Richard Levitte]
+
+  *) Initial code to implement OCSP basic response verify. This
+     is currently incomplete. Currently just finds the signer's
+     certificate and verifies the signature on the response.
+     [Steve Henson]
+
+  *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in
+     value of OPENSSLDIR.  This is available via the new '-d' option
+     to 'openssl version', and is also included in 'openssl version -a'.
+     [Bodo Moeller]
+
+  *) Allowing defining memory allocation callbacks that will be given
+     file name and line number information in additional arguments
+     (a const char* and an int).  The basic functionality remains, as
+     well as the original possibility to just replace malloc(),
+     realloc() and free() by functions that do not know about these
+     additional arguments.  To register and find out the current
+     settings for extended allocation functions, the following
+     functions are provided:
+
+	CRYPTO_set_mem_ex_functions
+	CRYPTO_set_locked_mem_ex_functions
+	CRYPTO_get_mem_ex_functions
+	CRYPTO_get_locked_mem_ex_functions
+
+     These work the same way as CRYPTO_set_mem_functions and friends.
+     CRYPTO_get_[locked_]mem_functions now writes 0 where such an
+     extended allocation function is enabled.
+     Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where
+     a conventional allocation function is enabled.
+     [Richard Levitte, Bodo Moeller]
+
+  *) Finish off removing the remaining LHASH function pointer casts.
+     There should no longer be any prototype-casting required when using
+     the LHASH abstraction, and any casts that remain are "bugs". See
+     the callback types and macros at the head of lhash.h for details
+     (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example).
+     [Geoff Thorpe]
+
+  *) Add automatic query of EGD sockets in RAND_poll() for the unix variant.
+     If /dev/[u]random devices are not available or do not return enough
+     entropy, EGD style sockets (served by EGD or PRNGD) will automatically
+     be queried.
+     The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and
+     /etc/entropy will be queried once each in this sequence, quering stops
+     when enough entropy was collected without querying more sockets.
+     [Lutz Jaenicke]
+
+  *) Change the Unix RAND_poll() variant to be able to poll several
+     random devices, as specified by DEVRANDOM, until a sufficient amount
+     of data has been collected.   We spend at most 10 ms on each file
+     (select timeout) and read in non-blocking mode.  DEVRANDOM now
+     defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom"
+     (previously it was just the string "/dev/urandom"), so on typical
+     platforms the 10 ms delay will never occur.
+     Also separate out the Unix variant to its own file, rand_unix.c.
+     For VMS, there's a currently-empty rand_vms.c.
+     [Richard Levitte]
+
+  *) Move OCSP client related routines to ocsp_cl.c. These
+     provide utility functions which an application needing
+     to issue a request to an OCSP responder and analyse the
+     response will typically need: as opposed to those which an
+     OCSP responder itself would need which will be added later.
+
+     OCSP_request_sign() signs an OCSP request with an API similar
+     to PKCS7_sign(). OCSP_response_status() returns status of OCSP
+     response. OCSP_response_get1_basic() extracts basic response
+     from response. OCSP_resp_find_status(): finds and extracts status
+     information from an OCSP_CERTID structure (which will be created
+     when the request structure is built). These are built from lower
+     level functions which work on OCSP_SINGLERESP structures but
+     wont normally be used unless the application wishes to examine
+     extensions in the OCSP response for example.
+
+     Replace nonce routines with a pair of functions.
+     OCSP_request_add1_nonce() adds a nonce value and optionally
+     generates a random value. OCSP_check_nonce() checks the
+     validity of the nonce in an OCSP response.
+     [Steve Henson]
+
+  *) Change function OCSP_request_add() to OCSP_request_add0_id().
+     This doesn't copy the supplied OCSP_CERTID and avoids the
+     need to free up the newly created id. Change return type
+     to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure.
+     This can then be used to add extensions to the request.
+     Deleted OCSP_request_new(), since most of its functionality
+     is now in OCSP_REQUEST_new() (and the case insensitive name
+     clash) apart from the ability to set the request name which
+     will be added elsewhere.
+     [Steve Henson]
+
+  *) Update OCSP API. Remove obsolete extensions argument from
+     various functions. Extensions are now handled using the new
+     OCSP extension code. New simple OCSP HTTP function which 
+     can be used to send requests and parse the response.
+     [Steve Henson]
+
+  *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new
+     ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN
+     uses the special reorder version of SET OF to sort the attributes
+     and reorder them to match the encoded order. This resolves a long
+     standing problem: a verify on a PKCS7 structure just after signing
+     it used to fail because the attribute order did not match the
+     encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes:
+     it uses the received order. This is necessary to tolerate some broken
+     software that does not order SET OF. This is handled by encoding
+     as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class)
+     to produce the required SET OF.
+     [Steve Henson]
+
+  *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and
+     OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header
+     files to get correct declarations of the ASN.1 item variables.
+     [Richard Levitte]
+
+  *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many
+     PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs:
+     asn1_check_tlen() would sometimes attempt to use 'ctx' when it was
+     NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i().
+     New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant
+     ASN1_ITEM and no wrapper functions.
+     [Steve Henson]
+
+  *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These
+     replace the old function pointer based I/O routines. Change most of
+     the *_d2i_bio() and *_d2i_fp() functions to use these.
+     [Steve Henson]
+
+  *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor
+     lines, recognice more "algorithms" that can be deselected, and make
+     it complain about algorithm deselection that isn't recognised.
+     [Richard Levitte]
+
+  *) New ASN1 functions to handle dup, sign, verify, digest, pack and
+     unpack operations in terms of ASN1_ITEM. Modify existing wrappers
+     to use new functions. Add NO_ASN1_OLD which can be set to remove
+     some old style ASN1 functions: this can be used to determine if old
+     code will still work when these eventually go away.
+     [Steve Henson]
+
+  *) New extension functions for OCSP structures, these follow the
+     same conventions as certificates and CRLs.
+     [Steve Henson]
+
+  *) New function X509V3_add1_i2d(). This automatically encodes and
+     adds an extension. Its behaviour can be customised with various
+     flags to append, replace or delete. Various wrappers added for
+     certifcates and CRLs.
+     [Steve Henson]
+
+  *) Fix to avoid calling the underlying ASN1 print routine when
+     an extension cannot be parsed. Correct a typo in the
+     OCSP_SERVICELOC extension. Tidy up print OCSP format.
+     [Steve Henson]
+
+  *) Make mkdef.pl parse some of the ASN1 macros and add apropriate
+     entries for variables.
+     [Steve Henson]
+
+  *) Add functionality to apps/openssl.c for detecting locking
+     problems: As the program is single-threaded, all we have
+     to do is register a locking callback using an array for
+     storing which locks are currently held by the program.
+     [Bodo Moeller]
+
+  *) Use a lock around the call to CRYPTO_get_ex_new_index() in
+     SSL_get_ex_data_X509_STORE_idx(), which is used in
+     ssl_verify_cert_chain() and thus can be called at any time
+     during TLS/SSL handshakes so that thread-safety is essential.
+     Unfortunately, the ex_data design is not at all suited
+     for multi-threaded use, so it probably should be abolished.
+     [Bodo Moeller]
+
+  *) Added Broadcom "ubsec" ENGINE to OpenSSL.
+     [Broadcom, tweaked and integrated by Geoff Thorpe]
+
+  *) Move common extension printing code to new function
+     X509V3_print_extensions(). Reorganise OCSP print routines and
+     implement some needed OCSP ASN1 functions. Add OCSP extensions.
+     [Steve Henson]
+
+  *) New function X509_signature_print() to remove duplication in some
+     print routines.
+     [Steve Henson]
+
+  *) Add a special meaning when SET OF and SEQUENCE OF flags are both
+     set (this was treated exactly the same as SET OF previously). This
+     is used to reorder the STACK representing the structure to match the
+     encoding. This will be used to get round a problem where a PKCS7
+     structure which was signed could not be verified because the STACK
+     order did not reflect the encoded order.
+     [Steve Henson]
+
+  *) Reimplement the OCSP ASN1 module using the new code.
+     [Steve Henson]
+
+  *) Update the X509V3 code to permit the use of an ASN1_ITEM structure
+     for its ASN1 operations. The old style function pointers still exist
+     for now but they will eventually go away.
+     [Steve Henson]
+
+  *) Merge in replacement ASN1 code from the ASN1 branch. This almost
+     completely replaces the old ASN1 functionality with a table driven
+     encoder and decoder which interprets an ASN1_ITEM structure describing
+     the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is
+     largely maintained. Almost all of the old asn1_mac.h macro based ASN1
+     has also been converted to the new form.
+     [Steve Henson]
+
+  *) Change BN_mod_exp_recp so that negative moduli are tolerated
+     (the sign is ignored).  Similarly, ignore the sign in BN_MONT_CTX_set
+     so that BN_mod_exp_mont and BN_mod_exp_mont_word work
+     for negative moduli.
+     [Bodo Moeller]
+
+  *) Fix BN_uadd and BN_usub: Always return non-negative results instead
+     of not touching the result's sign bit.
+     [Bodo Moeller]
+
+  *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be
+     set.
+     [Bodo Moeller]
+
+  *) Changed the LHASH code to use prototypes for callbacks, and created
+     macros to declare and implement thin (optionally static) functions
+     that provide type-safety and avoid function pointer casting for the
+     type-specific callbacks.
+     [Geoff Thorpe]
+
+  *) Added Kerberos Cipher Suites to be used with TLS, as written in
+     RFC 2712.
+     [Veers Staats <staatsvr@asc.hpc.mil>,
+      Jeffrey Altman <jaltman@columbia.edu>, via Richard Levitte]
+
+  *) Reformat the FAQ so the different questions and answers can be divided
+     in sections depending on the subject.
+     [Richard Levitte]
+
+  *) Have the zlib compression code load ZLIB.DLL dynamically under
+     Windows.
+     [Richard Levitte]
+
+  *) New function BN_mod_sqrt for computing square roots modulo a prime
+     (using the probabilistic Tonelli-Shanks algorithm unless
+     p == 3 (mod 4)  or  p == 5 (mod 8),  which are cases that can
+     be handled deterministically).
+     [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
+
+  *) Make BN_mod_inverse faster by explicitly handling small quotients
+     in the Euclid loop. (Speed gain about 20% for small moduli [256 or
+     512 bits], about 30% for larger ones [1024 or 2048 bits].)
+     [Bodo Moeller]
+
+  *) New function BN_kronecker.
+     [Bodo Moeller]
+
+  *) Fix BN_gcd so that it works on negative inputs; the result is
+     positive unless both parameters are zero.
+     Previously something reasonably close to an infinite loop was
+     possible because numbers could be growing instead of shrinking
+     in the implementation of Euclid's algorithm.
+     [Bodo Moeller]
+
+  *) Fix BN_is_word() and BN_is_one() macros to take into account the
+     sign of the number in question.
+
+     Fix BN_is_word(a,w) to work correctly for w == 0.
+
+     The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w)
+     because its test if the absolute value of 'a' equals 'w'.
+     Note that BN_abs_is_word does *not* handle w == 0 reliably;
+     it exists mostly for use in the implementations of BN_is_zero(),
+     BN_is_one(), and BN_is_word().
+     [Bodo Moeller]
+
+  *) New function BN_swap.
+     [Bodo Moeller]
+
+  *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that
+     the exponentiation functions are more likely to produce reasonable
+     results on negative inputs.
+     [Bodo Moeller]
+
+  *) Change BN_mod_mul so that the result is always non-negative.
+     Previously, it could be negative if one of the factors was negative;
+     I don't think anyone really wanted that behaviour.
+     [Bodo Moeller]
+
+  *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c
+     (except for exponentiation, which stays in crypto/bn/bn_exp.c,
+     and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c)
+     and add new functions:
+
+          BN_nnmod
+          BN_mod_sqr
+          BN_mod_add
+          BN_mod_add_quick
+          BN_mod_sub
+          BN_mod_sub_quick
+          BN_mod_lshift1
+          BN_mod_lshift1_quick
+          BN_mod_lshift
+          BN_mod_lshift_quick
+
+     These functions always generate non-negative results.
+
+     BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder  r
+     such that  |m| < r < 0,  BN_nnmod will output  rem + |m|  instead).
+
+     BN_mod_XXX_quick(r, a, [b,] m) generates the same result as
+     BN_mod_XXX(r, a, [b,] m, ctx), but requires that  a  [and  b]
+     be reduced modulo  m.
+     [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
+
+  *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
+     was actually never needed) and in BN_mul().  The removal in BN_mul()
+     required a small change in bn_mul_part_recursive() and the addition
+     of the functions bn_cmp_part_words(), bn_sub_part_words() and
+     bn_add_part_words(), which do the same thing as bn_cmp_words(),
+     bn_sub_words() and bn_add_words() except they take arrays with
+     differing sizes.
+     [Richard Levitte]
+
+  *) In 'openssl passwd', verify passwords read from the terminal
+     unless the '-salt' option is used (which usually means that
+     verification would just waste user's time since the resulting
+     hash is going to be compared with some given password hash)
+     or the new '-noverify' option is used.
+
+     This is an incompatible change, but it does not affect
+     non-interactive use of 'openssl passwd' (passwords on the command
+     line, '-stdin' option, '-in ...' option) and thus should not
+     cause any problems.
+     [Bodo Moeller]
+
+  *) Remove all references to RSAref, since there's no more need for it.
+     [Richard Levitte]
+
+  *) Make DSO load along a path given through an environment variable
+     (SHLIB_PATH) with shl_load().
+     [Richard Levitte]
+
+  *) Constify the ENGINE code as a result of BIGNUM constification.
+     Also constify the RSA code and most things related to it.  In a
+     few places, most notable in the depth of the ASN.1 code, ugly
+     casts back to non-const were required (to be solved at a later
+     time)
+     [Richard Levitte]
+
+  *) Make it so the openssl application has all engines loaded by default.
+     [Richard Levitte]
+
+  *) Constify the BIGNUM routines a little more.
+     [Richard Levitte]
+
+  *) Add the following functions:
+
+	ENGINE_load_cswift()
+	ENGINE_load_chil()
+	ENGINE_load_atalla()
+	ENGINE_load_nuron()
+	ENGINE_load_builtin_engines()
+
+     That way, an application can itself choose if external engines that
+     are built-in in OpenSSL shall ever be used or not.  The benefit is
+     that applications won't have to be linked with libdl or other dso
+     libraries unless it's really needed.
+
+     Changed 'openssl engine' to load all engines on demand.
+     Changed the engine header files to avoid the duplication of some
+     declarations (they differed!).
+     [Richard Levitte]
+
+  *) 'openssl engine' can now list capabilities.
+     [Richard Levitte]
+
+  *) Better error reporting in 'openssl engine'.
+     [Richard Levitte]
+
+  *) Never call load_dh_param(NULL) in s_server.
+     [Bodo Moeller]
+
+  *) Add engine application.  It can currently list engines by name and
+     identity, and test if they are actually available.
+     [Richard Levitte]
+
+  *) Improve RPM specification file by forcing symbolic linking and making
+     sure the installed documentation is also owned by root.root.
+     [Damien Miller <djm@mindrot.org>]
+
+  *) Give the OpenSSL applications more possibilities to make use of
+     keys (public as well as private) handled by engines.
+     [Richard Levitte]
+
+  *) Add OCSP code that comes from CertCo.
+     [Richard Levitte]
+
+  *) Add VMS support for the Rijndael code.
+     [Richard Levitte]
+
+  *) Added untested support for Nuron crypto accelerator.
+     [Ben Laurie]
+
+  *) Add support for external cryptographic devices.  This code was
+     previously distributed separately as the "engine" branch.
+     [Geoff Thorpe, Richard Levitte]
+
+  *) Rework the filename-translation in the DSO code. It is now possible to
+     have far greater control over how a "name" is turned into a filename
+     depending on the operating environment and any oddities about the
+     different shared library filenames on each system.
+     [Geoff Thorpe]
+
+  *) Support threads on FreeBSD-elf in Configure.
+     [Richard Levitte]
+
+  *) Fix for SHA1 assembly problem with MASM: it produces
+     warnings about corrupt line number information when assembling
+     with debugging information. This is caused by the overlapping
+     of two sections.
+     [Bernd Matthes <mainbug@celocom.de>, Steve Henson]
+
+  *) NCONF changes.
+     NCONF_get_number() has no error checking at all.  As a replacement,
+     NCONF_get_number_e() is defined (_e for "error checking") and is
+     promoted strongly.  The old NCONF_get_number is kept around for
+     binary backward compatibility.
+     Make it possible for methods to load from something other than a BIO,
+     by providing a function pointer that is given a name instead of a BIO.
+     For example, this could be used to load configuration data from an
+     LDAP server.
+     [Richard Levitte]
+
+  *) Fix for non blocking accept BIOs. Added new I/O special reason
+     BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs
+     with non blocking I/O was not possible because no retry code was
+     implemented. Also added new SSL code SSL_WANT_ACCEPT to cover
+     this case.
+     [Steve Henson]
+
+  *) Added the beginnings of Rijndael support.
+     [Ben Laurie]
+
+  *) Fix for bug in DirectoryString mask setting. Add support for
+     X509_NAME_print_ex() in 'req' and X509_print_ex() function
+     to allow certificate printing to more controllable, additional
+     'certopt' option to 'x509' to allow new printing options to be
+     set.
+     [Steve Henson]
+
+  *) Clean old EAY MD5 hack from e_os.h.
+     [Richard Levitte]
+
+ Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
+
+  *) New function OPENSSL_cleanse(), which is used to cleanse a section of
+     memory from it's contents.  This is done with a counter that will
+     place alternating values in each byte.  This can be used to solve
+     two issues: 1) the removal of calls to memset() by highly optimizing
+     compilers, and 2) cleansing with other values than 0, since those can
+     be read through on certain media, for example a swap space on disk.
+     [Geoff Thorpe]
+
+  *) Bugfix: client side session caching did not work with external caching,
+     because the session->cipher setting was not restored when reloading
+     from the external cache. This problem was masked, when
+     SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
+     (Found by Steve Haslam <steve@araqnid.ddts.net>.)
+     [Lutz Jaenicke]
+
+  *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
+     length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
+     [Zeev Lieber <zeev-l@yahoo.com>]
+
+  *) Undo an undocumented change introduced in 0.9.6e which caused
+     repeated calls to OpenSSL_add_all_ciphers() and 
+     OpenSSL_add_all_digests() to be ignored, even after calling
+     EVP_cleanup().
+     [Richard Levitte]
+
+  *) Change the default configuration reader to deal with last line not
+     being properly terminated.
+     [Richard Levitte]
+
+  *) Change X509_NAME_cmp() so it applies the special rules on handling
+     DN values that are of type PrintableString, as well as RDNs of type
+     emailAddress where the value has the type ia5String.
+     [stefank@valicert.com via Richard Levitte]
+
+  *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half
+     the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently
+     doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be
+     the bitwise-OR of the two for use by the majority of applications
+     wanting this behaviour, and update the docs. The documented
+     behaviour and actual behaviour were inconsistent and had been
+     changing anyway, so this is more a bug-fix than a behavioural
+     change.
+     [Geoff Thorpe, diagnosed by Nadav Har'El]
+
+  *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
+     (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
+     [Bodo Moeller]
+
+  *) Fix initialization code race conditions in
+        SSLv23_method(),  SSLv23_client_method(),   SSLv23_server_method(),
+        SSLv2_method(),   SSLv2_client_method(),    SSLv2_server_method(),
+        SSLv3_method(),   SSLv3_client_method(),    SSLv3_server_method(),
+        TLSv1_method(),   TLSv1_client_method(),    TLSv1_server_method(),
+        ssl2_get_cipher_by_char(),
+        ssl3_get_cipher_by_char().
+     [Patrick McCormick <patrick@tellme.com>, Bodo Moeller]
+
+  *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
+     the cached sessions are flushed, as the remove_cb() might use ex_data
+     contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>
+     (see [openssl.org #212]).
+     [Geoff Thorpe, Lutz Jaenicke]
+
+  *) Fix typo in OBJ_txt2obj which incorrectly passed the content
+     length, instead of the encoding length to d2i_ASN1_OBJECT.
+     [Steve Henson]
+
+ Changes between 0.9.6f and 0.9.6g  [9 Aug 2002]
+
+  *) [In 0.9.6g-engine release:]
+     Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall').
+     [Lynn Gazis <lgazis@rainbow.com>]
+
+ Changes between 0.9.6e and 0.9.6f  [8 Aug 2002]
+
+  *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
+     and get fix the header length calculation.
+     [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
+	Alon Kantor <alonk@checkpoint.com> (and others),
+	Steve Henson]
+
+  *) Use proper error handling instead of 'assertions' in buffer
+     overflow checks added in 0.9.6e.  This prevents DoS (the
+     assertions could call abort()).
+     [Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
+
+ Changes between 0.9.6d and 0.9.6e  [30 Jul 2002]
+
+  *) Add various sanity checks to asn1_get_length() to reject
+     the ASN1 length bytes if they exceed sizeof(long), will appear
+     negative or the content length exceeds the length of the
+     supplied buffer.
+     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
+  *) Fix cipher selection routines: ciphers without encryption had no flags
+     for the cipher strength set and where therefore not handled correctly
+     by the selection routines (PR #130).
+     [Lutz Jaenicke]
+
+  *) Fix EVP_dsa_sha macro.
+     [Nils Larsch]
+
+  *) New option
+          SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+     for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
+     that was added in OpenSSL 0.9.6d.
+
+     As the countermeasure turned out to be incompatible with some
+     broken SSL implementations, the new option is part of SSL_OP_ALL.
+     SSL_OP_ALL is usually employed when compatibility with weird SSL
+     implementations is desired (e.g. '-bugs' option to 's_client' and
+     's_server'), so the new option is automatically set in many
+     applications.
+     [Bodo Moeller]
+
+  *) Changes in security patch:
+
+     Changes marked "(CHATS)" were sponsored by the Defense Advanced
+     Research Projects Agency (DARPA) and Air Force Research Laboratory,
+     Air Force Materiel Command, USAF, under agreement number
+     F30602-01-2-0537.
+
+  *) Add various sanity checks to asn1_get_length() to reject
+     the ASN1 length bytes if they exceed sizeof(long), will appear
+     negative or the content length exceeds the length of the
+     supplied buffer. (CAN-2002-0659)
+     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
+  *) Assertions for various potential buffer overflows, not known to
+     happen in practice.
+     [Ben Laurie (CHATS)]
+
+  *) Various temporary buffers to hold ASCII versions of integers were
+     too small for 64 bit platforms. (CAN-2002-0655)
+     [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
+
+  *) Remote buffer overflow in SSL3 protocol - an attacker could
+     supply an oversized session ID to a client. (CAN-2002-0656)
+     [Ben Laurie (CHATS)]
+
+  *) Remote buffer overflow in SSL2 protocol - an attacker could
+     supply an oversized client master key. (CAN-2002-0656)
+     [Ben Laurie (CHATS)]
+
+ Changes between 0.9.6c and 0.9.6d  [9 May 2002]
+
+  *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
+     encoded as NULL) with id-dsa-with-sha1.
+     [Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller]
+
+  *) Check various X509_...() return values in apps/req.c.
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines:
+     an end-of-file condition would erronously be flagged, when the CRLF
+     was just at the end of a processed block. The bug was discovered when
+     processing data through a buffering memory BIO handing the data to a
+     BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov
+     <ptsekov@syntrex.com> and Nedelcho Stanev.
+     [Lutz Jaenicke]
+
+  *) Implement a countermeasure against a vulnerability recently found
+     in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
+     before application data chunks to avoid the use of known IVs
+     with data potentially chosen by the attacker.
+     [Bodo Moeller]
+
+  *) Fix length checks in ssl3_get_client_hello().
+     [Bodo Moeller]
+
+  *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently
+     to prevent ssl3_read_internal() from incorrectly assuming that
+     ssl3_read_bytes() found application data while handshake
+     processing was enabled when in fact s->s3->in_read_app_data was
+     merely automatically cleared during the initial handshake.
+     [Bodo Moeller; problem pointed out by Arne Ansper <arne@ats.cyber.ee>]
+
+  *) Fix object definitions for Private and Enterprise: they were not
+     recognized in their shortname (=lowercase) representation. Extend
+     obj_dat.pl to issue an error when using undefined keywords instead
+     of silently ignoring the problem (Svenning Sorensen
+     <sss@sss.dnsalias.net>).
+     [Lutz Jaenicke]
+
+  *) Fix DH_generate_parameters() so that it works for 'non-standard'
+     generators, i.e. generators other than 2 and 5.  (Previously, the
+     code did not properly initialise the 'add' and 'rem' values to
+     BN_generate_prime().)
+
+     In the new general case, we do not insist that 'generator' is
+     actually a primitive root: This requirement is rather pointless;
+     a generator of the order-q subgroup is just as good, if not
+     better.
+     [Bodo Moeller]
+ 
+  *) Map new X509 verification errors to alerts. Discovered and submitted by
+     Tom Wu <tom@arcot.com>.
+     [Lutz Jaenicke]
+
+  *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from
+     returning non-zero before the data has been completely received
+     when using non-blocking I/O.
+     [Bodo Moeller; problem pointed out by John Hughes]
+
+  *) Some of the ciphers missed the strength entry (SSL_LOW etc).
+     [Ben Laurie, Lutz Jaenicke]
+
+  *) Fix bug in SSL_clear(): bad sessions were not removed (found by
+     Yoram Zahavi <YoramZ@gilian.com>).
+     [Lutz Jaenicke]
+
+  *) Add information about CygWin 1.3 and on, and preserve proper
+     configuration for the versions before that.
+     [Corinna Vinschen <vinschen@redhat.com> and Richard Levitte]
+
+  *) Make removal from session cache (SSL_CTX_remove_session()) more robust:
+     check whether we deal with a copy of a session and do not delete from
+     the cache in this case. Problem reported by "Izhar Shoshani Levi"
+     <izhar@checkpoint.com>.
+     [Lutz Jaenicke]
+
+  *) Do not store session data into the internal session cache, if it
+     is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
+     flag is set). Proposed by Aslam <aslam@funk.com>.
+     [Lutz Jaenicke]
+
+  *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested
+     value is 0.
+     [Richard Levitte]
+
+  *) [In 0.9.6d-engine release:]
+     Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
+     [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+
+  *) Add the configuration target linux-s390x.
+     [Neale Ferguson <Neale.Ferguson@SoftwareAG-USA.com> via Richard Levitte]
+
+  *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of
+     ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag
+     variable as an indication that a ClientHello message has been
+     received.  As the flag value will be lost between multiple
+     invocations of ssl3_accept when using non-blocking I/O, the
+     function may not be aware that a handshake has actually taken
+     place, thus preventing a new session from being added to the
+     session cache.
+
+     To avoid this problem, we now set s->new_session to 2 instead of
+     using a local variable.
+     [Lutz Jaenicke, Bodo Moeller]
+
+  *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c)
+     if the SSL_R_LENGTH_MISMATCH error is detected.
+     [Geoff Thorpe, Bodo Moeller]
+
+  *) New 'shared_ldflag' column in Configure platform table.
+     [Richard Levitte]
+
+  *) Fix EVP_CIPHER_mode macro.
+     ["Dan S. Camper" <dan@bti.net>]
+
+  *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown
+     type, we must throw them away by setting rr->length to 0.
+     [D P Chang <dpc@qualys.com>]
+
+ Changes between 0.9.6b and 0.9.6c  [21 dec 2001]
+
+  *) Fix BN_rand_range bug pointed out by Dominikus Scherkl
+     <Dominikus.Scherkl@biodata.com>.  (The previous implementation
+     worked incorrectly for those cases where  range = 10..._2  and
+     3*range  is two bits longer than  range.)
+     [Bodo Moeller]
+
+  *) Only add signing time to PKCS7 structures if it is not already
+     present.
+     [Steve Henson]
+
+  *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce",
+     OBJ_ld_ce should be OBJ_id_ce.
+     Also some ip-pda OIDs in crypto/objects/objects.txt were
+     incorrect (cf. RFC 3039).
+     [Matt Cooper, Frederic Giudicelli, Bodo Moeller]
+
+  *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid()
+     returns early because it has nothing to do.
+     [Andy Schneider <andy.schneider@bjss.co.uk>]
+
+  *) [In 0.9.6c-engine release:]
+     Fix mutex callback return values in crypto/engine/hw_ncipher.c.
+     [Andy Schneider <andy.schneider@bjss.co.uk>]
+
+  *) [In 0.9.6c-engine release:]
+     Add support for Cryptographic Appliance's keyserver technology.
+     (Use engine 'keyclient')
+     [Cryptographic Appliances and Geoff Thorpe]
+
+  *) Add a configuration entry for OS/390 Unix.  The C compiler 'c89'
+     is called via tools/c89.sh because arguments have to be
+     rearranged (all '-L' options must appear before the first object
+     modules).
+     [Richard Shapiro <rshapiro@abinitio.com>]
+
+  *) [In 0.9.6c-engine release:]
+     Add support for Broadcom crypto accelerator cards, backported
+     from 0.9.7.
+     [Broadcom, Nalin Dahyabhai <nalin@redhat.com>, Mark Cox]
+
+  *) [In 0.9.6c-engine release:]
+     Add support for SureWare crypto accelerator cards from 
+     Baltimore Technologies.  (Use engine 'sureware')
+     [Baltimore Technologies and Mark Cox]
+
+  *) [In 0.9.6c-engine release:]
+     Add support for crypto accelerator cards from Accelerated
+     Encryption Processing, www.aep.ie.  (Use engine 'aep')
+     [AEP Inc. and Mark Cox]
+
+  *) Add a configuration entry for gcc on UnixWare.
+     [Gary Benson <gbenson@redhat.com>]
+
+  *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake
+     messages are stored in a single piece (fixed-length part and
+     variable-length part combined) and fix various bugs found on the way.
+     [Bodo Moeller]
+
+  *) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
+     instead.  BIO_gethostbyname() does not know what timeouts are
+     appropriate, so entries would stay in cache even when they have
+     become invalid.
+     [Bodo Moeller; problem pointed out by Rich Salz <rsalz@zolera.com>
+
+  *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
+     faced with a pathologically small ClientHello fragment that does
+     not contain client_version: Instead of aborting with an error,
+     simply choose the highest available protocol version (i.e.,
+     TLS 1.0 unless it is disabled).  In practice, ClientHello
+     messages are never sent like this, but this change gives us
+     strictly correct behaviour at least for TLS.
+     [Bodo Moeller]
+
+  *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
+     never resets s->method to s->ctx->method when called from within
+     one of the SSL handshake functions.
+     [Bodo Moeller; problem pointed out by Niko Baric]
+
+  *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
+     (sent using the client's version number) if client_version is
+     smaller than the protocol version in use.  Also change
+     ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if
+     the client demanded SSL 3.0 but only TLS 1.0 is enabled; then
+     the client will at least see that alert.
+     [Bodo Moeller]
+
+  *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
+     correctly.
+     [Bodo Moeller]
+
+  *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
+     client receives HelloRequest while in a handshake.
+     [Bodo Moeller; bug noticed by Andy Schneider <andy.schneider@bjss.co.uk>]
+
+  *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
+     should end in 'break', not 'goto end' which circuments various
+     cleanups done in state SSL_ST_OK.   But session related stuff
+     must be disabled for SSL_ST_OK in the case that we just sent a
+     HelloRequest.
+
+     Also avoid some overhead by not calling ssl_init_wbio_buffer()
+     before just sending a HelloRequest.
+     [Bodo Moeller, Eric Rescorla <ekr@rtfm.com>]
+
+  *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
+     reveal whether illegal block cipher padding was found or a MAC
+     verification error occured.  (Neither SSLerr() codes nor alerts
+     are directly visible to potential attackers, but the information
+     may leak via logfiles.)
+
+     Similar changes are not required for the SSL 2.0 implementation
+     because the number of padding bytes is sent in clear for SSL 2.0,
+     and the extra bytes are just ignored.  However ssl/s2_pkt.c
+     failed to verify that the purported number of padding bytes is in
+     the legal range.
+     [Bodo Moeller]
+
+  *) Add OpenUNIX-8 support including shared libraries
+     (Boyd Lynn Gerber <gerberb@zenez.com>).
+     [Lutz Jaenicke]
+
+  *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
+     'wristwatch attack' using huge encoding parameters (cf.
+     James H. Manger's CRYPTO 2001 paper).  Note that the
+     RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
+     encoding parameters and hence was not vulnerable.
+     [Bodo Moeller]
+
+  *) BN_sqr() bug fix.
+     [Ulf Möller, reported by Jim Ellis <jim.ellis@cavium.com>]
+
+  *) Rabin-Miller test analyses assume uniformly distributed witnesses,
+     so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
+     followed by modular reduction.
+     [Bodo Moeller; pointed out by Adam Young <AYoung1@NCSUS.JNJ.COM>]
+
+  *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range()
+     equivalent based on BN_pseudo_rand() instead of BN_rand().
+     [Bodo Moeller]
+
+  *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
+     This function was broken, as the check for a new client hello message
+     to handle SGC did not allow these large messages.
+     (Tracked down by "Douglas E. Engert" <deengert@anl.gov>.)
+     [Lutz Jaenicke]
+
+  *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
+     [Lutz Jaenicke]
+
+  *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
+     for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>).
+     [Lutz Jaenicke]
+
+  *) Rework the configuration and shared library support for Tru64 Unix.
+     The configuration part makes use of modern compiler features and
+     still retains old compiler behavior for those that run older versions
+     of the OS.  The shared library support part includes a variant that
+     uses the RPATH feature, and is available through the special
+     configuration target "alpha-cc-rpath", which will never be selected
+     automatically.
+     [Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu> via Richard Levitte]
+
+  *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
+     with the same message size as in ssl3_get_certificate_request().
+     Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
+     messages might inadvertently be reject as too long.
+     [Petr Lampa <lampa@fee.vutbr.cz>]
+
+  *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX).
+     [Andy Polyakov]
+
+  *) Modified SSL library such that the verify_callback that has been set
+     specificly for an SSL object with SSL_set_verify() is actually being
+     used. Before the change, a verify_callback set with this function was
+     ignored and the verify_callback() set in the SSL_CTX at the time of
+     the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
+     to allow the necessary settings.
+     [Lutz Jaenicke]
+
+  *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c
+     explicitly to NULL, as at least on Solaris 8 this seems not always to be
+     done automatically (in contradiction to the requirements of the C
+     standard). This made problems when used from OpenSSH.
+     [Lutz Jaenicke]
+
+  *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
+     dh->length and always used
+
+          BN_rand_range(priv_key, dh->p).
+
+     BN_rand_range() is not necessary for Diffie-Hellman, and this
+     specific range makes Diffie-Hellman unnecessarily inefficient if
+     dh->length (recommended exponent length) is much smaller than the
+     length of dh->p.  We could use BN_rand_range() if the order of
+     the subgroup was stored in the DH structure, but we only have
+     dh->length.
+
+     So switch back to
+
+          BN_rand(priv_key, l, ...)
+
+     where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
+     otherwise.
+     [Bodo Moeller]
+
+  *) In
+
+          RSA_eay_public_encrypt
+          RSA_eay_private_decrypt
+          RSA_eay_private_encrypt (signing)
+          RSA_eay_public_decrypt (signature verification)
+
+     (default implementations for RSA_public_encrypt,
+     RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt),
+     always reject numbers >= n.
+     [Bodo Moeller]
+
+  *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2
+     to synchronize access to 'locking_thread'.  This is necessary on
+     systems where access to 'locking_thread' (an 'unsigned long'
+     variable) is not atomic.
+     [Bodo Moeller]
+
+  *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID
+     *before* setting the 'crypto_lock_rand' flag.  The previous code had
+     a race condition if 0 is a valid thread ID.
+     [Travis Vitek <vitek@roguewave.com>]
+
+  *) Add support for shared libraries under Irix.
+     [Albert Chin-A-Young <china@thewrittenword.com>]
+
+  *) Add configuration option to build on Linux on both big-endian and
+     little-endian MIPS.
+     [Ralf Baechle <ralf@uni-koblenz.de>]
+
+  *) Add the possibility to create shared libraries on HP-UX.
+     [Richard Levitte]
+
+ Changes between 0.9.6a and 0.9.6b  [9 Jul 2001]
+
+  *) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
+     to avoid a SSLeay/OpenSSL PRNG weakness pointed out by
+     Markku-Juhani O. Saarinen <markku-juhani.saarinen@nokia.com>:
+     PRNG state recovery was possible based on the output of
+     one PRNG request appropriately sized to gain knowledge on
+     'md' followed by enough consecutive 1-byte PRNG requests
+     to traverse all of 'state'.
+
+     1. When updating 'md_local' (the current thread's copy of 'md')
+        during PRNG output generation, hash all of the previous
+        'md_local' value, not just the half used for PRNG output.
+
+     2. Make the number of bytes from 'state' included into the hash
+        independent from the number of PRNG bytes requested.
+
+     The first measure alone would be sufficient to avoid
+     Markku-Juhani's attack.  (Actually it had never occurred
+     to me that the half of 'md_local' used for chaining was the
+     half from which PRNG output bytes were taken -- I had always
+     assumed that the secret half would be used.)  The second
+     measure makes sure that additional data from 'state' is never
+     mixed into 'md_local' in small portions; this heuristically
+     further strengthens the PRNG.
+     [Bodo Moeller]
+
+  *) Fix crypto/bn/asm/mips3.s.
+     [Andy Polyakov]
+
+  *) When only the key is given to "enc", the IV is undefined. Print out
+     an error message in this case.
+     [Lutz Jaenicke]
+
+  *) Handle special case when X509_NAME is empty in X509 printing routines.
+     [Steve Henson]
+
+  *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are
+     positive and less than q.
+     [Bodo Moeller]
+
+  *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is
+     used: it isn't thread safe and the add_lock_callback should handle
+     that itself.
+     [Paul Rose <Paul.Rose@bridge.com>]
+
+  *) Verify that incoming data obeys the block size in
+     ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c).
+     [Bodo Moeller]
+
+  *) Fix OAEP check.
+     [Ulf Möller, Bodo Möller]
+
+  *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
+     RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5
+     when fixing the server behaviour for backwards-compatible 'client
+     hello' messages.  (Note that the attack is impractical against
+     SSL 3.0 and TLS 1.0 anyway because length and version checking
+     means that the probability of guessing a valid ciphertext is
+     around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98
+     paper.)
+
+     Before 0.9.5, the countermeasure (hide the error by generating a
+     random 'decryption result') did not work properly because
+     ERR_clear_error() was missing, meaning that SSL_get_error() would
+     detect the supposedly ignored error.
+
+     Both problems are now fixed.
+     [Bodo Moeller]
+
+  *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096
+     (previously it was 1024).
+     [Bodo Moeller]
+
+  *) Fix for compatibility mode trust settings: ignore trust settings
+     unless some valid trust or reject settings are present.
+     [Steve Henson]
+
+  *) Fix for blowfish EVP: its a variable length cipher.
+     [Steve Henson]
+
+  *) Fix various bugs related to DSA S/MIME verification. Handle missing
+     parameters in DSA public key structures and return an error in the
+     DSA routines if parameters are absent.
+     [Steve Henson]
+
+  *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd"
+     in the current directory if neither $RANDFILE nor $HOME was set.
+     RAND_file_name() in 0.9.6a returned NULL in this case.  This has
+     caused some confusion to Windows users who haven't defined $HOME.
+     Thus RAND_file_name() is changed again: e_os.h can define a
+     DEFAULT_HOME, which will be used if $HOME is not set.
+     For Windows, we use "C:"; on other platforms, we still require
+     environment variables.
+
+  *) Move 'if (!initialized) RAND_poll()' into regions protected by
+     CRYPTO_LOCK_RAND.  This is not strictly necessary, but avoids
+     having multiple threads call RAND_poll() concurrently.
+     [Bodo Moeller]
+
+  *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a
+     combination of a flag and a thread ID variable.
+     Otherwise while one thread is in ssleay_rand_bytes (which sets the
+     flag), *other* threads can enter ssleay_add_bytes without obeying
+     the CRYPTO_LOCK_RAND lock (and may even illegally release the lock
+     that they do not hold after the first thread unsets add_do_not_lock).
+     [Bodo Moeller]
+
+  *) Change bctest again: '-x' expressions are not available in all
+     versions of 'test'.
+     [Bodo Moeller]
+
+ Changes between 0.9.6 and 0.9.6a  [5 Apr 2001]
+
+  *) Fix a couple of memory leaks in PKCS7_dataDecode()
+     [Steve Henson, reported by Heyun Zheng <hzheng@atdsprint.com>]
+
+  *) Change Configure and Makefiles to provide EXE_EXT, which will contain
+     the default extension for executables, if any.  Also, make the perl
+     scripts that use symlink() to test if it really exists and use "cp"
+     if it doesn't.  All this made OpenSSL compilable and installable in
+     CygWin.
+     [Richard Levitte]
+
+  *) Fix for asn1_GetSequence() for indefinite length constructed data.
+     If SEQUENCE is length is indefinite just set c->slen to the total
+     amount of data available.
+     [Steve Henson, reported by shige@FreeBSD.org]
+     [This change does not apply to 0.9.7.]
+
+  *) Change bctest to avoid here-documents inside command substitution
+     (workaround for FreeBSD /bin/sh bug).
+     For compatibility with Ultrix, avoid shell functions (introduced
+     in the bctest version that searches along $PATH).
+     [Bodo Moeller]
+
+  *) Rename 'des_encrypt' to 'des_encrypt1'.  This avoids the clashes
+     with des_encrypt() defined on some operating systems, like Solaris
+     and UnixWare.
+     [Richard Levitte]
+
+  *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton:
+     On the Importance of Eliminating Errors in Cryptographic
+     Computations, J. Cryptology 14 (2001) 2, 101-119,
+     http://theory.stanford.edu/~dabo/papers/faults.ps.gz).
+     [Ulf Moeller]
+  
+  *) MIPS assembler BIGNUM division bug fix. 
+     [Andy Polyakov]
+
+  *) Disabled incorrect Alpha assembler code.
+     [Richard Levitte]
+
+  *) Fix PKCS#7 decode routines so they correctly update the length
+     after reading an EOC for the EXPLICIT tag.
+     [Steve Henson]
+     [This change does not apply to 0.9.7.]
+
+  *) Fix bug in PKCS#12 key generation routines. This was triggered
+     if a 3DES key was generated with a 0 initial byte. Include
+     PKCS12_BROKEN_KEYGEN compilation option to retain the old
+     (but broken) behaviour.
+     [Steve Henson]
+
+  *) Enhance bctest to search for a working bc along $PATH and print
+     it when found.
+     [Tim Rice <tim@multitalents.net> via Richard Levitte]
+
+  *) Fix memory leaks in err.c: free err_data string if necessary;
+     don't write to the wrong index in ERR_set_error_data.
+     [Bodo Moeller]
+
+  *) Implement ssl23_peek (analogous to ssl23_read), which previously
+     did not exist.
+     [Bodo Moeller]
+
+  *) Replace rdtsc with _emit statements for VC++ version 5.
+     [Jeremy Cooper <jeremy@baymoo.org>]
+
+  *) Make it possible to reuse SSLv2 sessions.
+     [Richard Levitte]
+
+  *) In copy_email() check for >= 0 as a return value for
+     X509_NAME_get_index_by_NID() since 0 is a valid index.
+     [Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>]
+
+  *) Avoid coredump with unsupported or invalid public keys by checking if
+     X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
+     PKCS7_verify() fails with non detached data.
+     [Steve Henson]
+
+  *) Don't use getenv in library functions when run as setuid/setgid.
+     New function OPENSSL_issetugid().
+     [Ulf Moeller]
+
+  *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)
+     due to incorrect handling of multi-threading:
+
+     1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl().
+
+     2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on().
+
+     3. Count how many times MemCheck_off() has been called so that
+        nested use can be treated correctly.  This also avoids 
+        inband-signalling in the previous code (which relied on the
+        assumption that thread ID 0 is impossible).
+     [Bodo Moeller]
+
+  *) Add "-rand" option also to s_client and s_server.
+     [Lutz Jaenicke]
+
+  *) Fix CPU detection on Irix 6.x.
+     [Kurt Hockenbury <khockenb@stevens-tech.edu> and
+      "Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
+
+  *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
+     was empty.
+     [Steve Henson]
+     [This change does not apply to 0.9.7.]
+
+  *) Use the cached encoding of an X509_NAME structure rather than
+     copying it. This is apparently the reason for the libsafe "errors"
+     but the code is actually correct.
+     [Steve Henson]
+
+  *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
+     Bleichenbacher's DSA attack.
+     Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
+     to be set and top=0 forces the highest bit to be set; top=-1 is new
+     and leaves the highest bit random.
+     [Ulf Moeller, Bodo Moeller]
+
+  *) In the NCONF_...-based implementations for CONF_... queries
+     (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
+     a temporary CONF structure with the data component set to NULL
+     (which gives segmentation faults in lh_retrieve).
+     Instead, use NULL for the CONF pointer in CONF_get_string and
+     CONF_get_number (which may use environment variables) and directly
+     return NULL from CONF_get_section.
+     [Bodo Moeller]
+
+  *) Fix potential buffer overrun for EBCDIC.
+     [Ulf Moeller]
+
+  *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
+     keyUsage if basicConstraints absent for a CA.
+     [Steve Henson]
+
+  *) Make SMIME_write_PKCS7() write mail header values with a format that
+     is more generally accepted (no spaces before the semicolon), since
+     some programs can't parse those values properly otherwise.  Also make
+     sure BIO's that break lines after each write do not create invalid
+     headers.
+     [Richard Levitte]
+
+  *) Make the CRL encoding routines work with empty SEQUENCE OF. The
+     macros previously used would not encode an empty SEQUENCE OF
+     and break the signature.
+     [Steve Henson]
+     [This change does not apply to 0.9.7.]
+
+  *) Zero the premaster secret after deriving the master secret in
+     DH ciphersuites.
+     [Steve Henson]
+
+  *) Add some EVP_add_digest_alias registrations (as found in
+     OpenSSL_add_all_digests()) to SSL_library_init()
+     aka OpenSSL_add_ssl_algorithms().  This provides improved
+     compatibility with peers using X.509 certificates
+     with unconventional AlgorithmIdentifier OIDs.
+     [Bodo Moeller]
+
+  *) Fix for Irix with NO_ASM.
+     ["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
+
+  *) ./config script fixes.
+     [Ulf Moeller, Richard Levitte]
+
+  *) Fix 'openssl passwd -1'.
+     [Bodo Moeller]
+
+  *) Change PKCS12_key_gen_asc() so it can cope with non null
+     terminated strings whose length is passed in the passlen
+     parameter, for example from PEM callbacks. This was done
+     by adding an extra length parameter to asc2uni().
+     [Steve Henson, reported by <oddissey@samsung.co.kr>]
+
+  *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
+     call failed, free the DSA structure.
+     [Bodo Moeller]
+
+  *) Fix to uni2asc() to cope with zero length Unicode strings.
+     These are present in some PKCS#12 files.
+     [Steve Henson]
+
+  *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
+     Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
+     when writing a 32767 byte record.
+     [Bodo Moeller; problem reported by Eric Day <eday@concentric.net>]
+
+  *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
+     obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
+
+     (RSA objects have a reference count access to which is protected
+     by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
+     so they are meant to be shared between threads.)
+     [Bodo Moeller, Geoff Thorpe; original patch submitted by
+     "Reddie, Steven" <Steven.Reddie@ca.com>]
+
+  *) Fix a deadlock in CRYPTO_mem_leaks().
+     [Bodo Moeller]
+
+  *) Use better test patterns in bntest.
+     [Ulf Möller]
+
+  *) rand_win.c fix for Borland C.
+     [Ulf Möller]
+ 
+  *) BN_rshift bugfix for n == 0.
+     [Bodo Moeller]
+
+  *) Add a 'bctest' script that checks for some known 'bc' bugs
+     so that 'make test' does not abort just because 'bc' is broken.
+     [Bodo Moeller]
+
+  *) Store verify_result within SSL_SESSION also for client side to
+     avoid potential security hole. (Re-used sessions on the client side
+     always resulted in verify_result==X509_V_OK, not using the original
+     result of the server certificate verification.)
+     [Lutz Jaenicke]
+
+  *) Fix ssl3_pending: If the record in s->s3->rrec is not of type
+     SSL3_RT_APPLICATION_DATA, return 0.
+     Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true.
+     [Bodo Moeller]
+
+  *) Fix SSL_peek:
+     Both ssl2_peek and ssl3_peek, which were totally broken in earlier
+     releases, have been re-implemented by renaming the previous
+     implementations of ssl2_read and ssl3_read to ssl2_read_internal
+     and ssl3_read_internal, respectively, and adding 'peek' parameters
+     to them.  The new ssl[23]_{read,peek} functions are calls to
+     ssl[23]_read_internal with the 'peek' flag set appropriately.
+     A 'peek' parameter has also been added to ssl3_read_bytes, which
+     does the actual work for ssl3_read_internal.
+     [Bodo Moeller]
+
+  *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
+     the method-specific "init()" handler. Also clean up ex_data after
+     calling the method-specific "finish()" handler. Previously, this was
+     happening the other way round.
+     [Geoff Thorpe]
+
+  *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
+     The previous value, 12, was not always sufficient for BN_mod_exp().
+     [Bodo Moeller]
+
+  *) Make sure that shared libraries get the internal name engine with
+     the full version number and not just 0.  This should mark the
+     shared libraries as not backward compatible.  Of course, this should
+     be changed again when we can guarantee backward binary compatibility.
+     [Richard Levitte]
+
+  *) Fix typo in get_cert_by_subject() in by_dir.c
+     [Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>]
+
+  *) Rework the system to generate shared libraries:
+
+     - Make note of the expected extension for the shared libraries and
+       if there is a need for symbolic links from for example libcrypto.so.0
+       to libcrypto.so.0.9.7.  There is extended info in Configure for
+       that.
+
+     - Make as few rebuilds of the shared libraries as possible.
+
+     - Still avoid linking the OpenSSL programs with the shared libraries.
+
+     - When installing, install the shared libraries separately from the
+       static ones.
+     [Richard Levitte]
+
+  *) Fix SSL_CTX_set_read_ahead macro to actually use its argument.
+
+     Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
+     and not in SSL_clear because the latter is also used by the
+     accept/connect functions; previously, the settings made by
+     SSL_set_read_ahead would be lost during the handshake.
+     [Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>]     
+
+  *) Correct util/mkdef.pl to be selective about disabled algorithms.
+     Previously, it would create entries for disableed algorithms no
+     matter what.
+     [Richard Levitte]
+
+  *) Added several new manual pages for SSL_* function.
+     [Lutz Jaenicke]
+
+ Changes between 0.9.5a and 0.9.6  [24 Sep 2000]
+
+  *) In ssl23_get_client_hello, generate an error message when faced
+     with an initial SSL 3.0/TLS record that is too small to contain the
+     first two bytes of the ClientHello message, i.e. client_version.
+     (Note that this is a pathologic case that probably has never happened
+     in real life.)  The previous approach was to use the version number
+     from the record header as a substitute; but our protocol choice
+     should not depend on that one because it is not authenticated
+     by the Finished messages.
+     [Bodo Moeller]
+
+  *) More robust randomness gathering functions for Windows.
+     [Jeffrey Altman <jaltman@columbia.edu>]
+
+  *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
+     not set then we don't setup the error code for issuer check errors
+     to avoid possibly overwriting other errors which the callback does
+     handle. If an application does set the flag then we assume it knows
+     what it is doing and can handle the new informational codes
+     appropriately.
+     [Steve Henson]
+
+  *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
+     a general "ANY" type, as such it should be able to decode anything
+     including tagged types. However it didn't check the class so it would
+     wrongly interpret tagged types in the same way as their universal
+     counterpart and unknown types were just rejected. Changed so that the
+     tagged and unknown types are handled in the same way as a SEQUENCE:
+     that is the encoding is stored intact. There is also a new type
+     "V_ASN1_OTHER" which is used when the class is not universal, in this
+     case we have no idea what the actual type is so we just lump them all
+     together.
+     [Steve Henson]
+
+  *) On VMS, stdout may very well lead to a file that is written to
+     in a record-oriented fashion.  That means that every write() will
+     write a separate record, which will be read separately by the
+     programs trying to read from it.  This can be very confusing.
+
+     The solution is to put a BIO filter in the way that will buffer
+     text until a linefeed is reached, and then write everything a
+     line at a time, so every record written will be an actual line,
+     not chunks of lines and not (usually doesn't happen, but I've
+     seen it once) several lines in one record.  BIO_f_linebuffer() is
+     the answer.
+
+     Currently, it's a VMS-only method, because that's where it has
+     been tested well enough.
+     [Richard Levitte]
+
+  *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery,
+     it can return incorrect results.
+     (Note: The buggy variant was not enabled in OpenSSL 0.9.5a,
+     but it was in 0.9.6-beta[12].)
+     [Bodo Moeller]
+
+  *) Disable the check for content being present when verifying detached
+     signatures in pk7_smime.c. Some versions of Netscape (wrongly)
+     include zero length content when signing messages.
+     [Steve Henson]
+
+  *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
+     BIO_ctrl (for BIO pairs).
+     [Bodo Möller]
+
+  *) Add DSO method for VMS.
+     [Richard Levitte]
+
+  *) Bug fix: Montgomery multiplication could produce results with the
+     wrong sign.
+     [Ulf Möller]
+
+  *) Add RPM specification openssl.spec and modify it to build three
+     packages.  The default package contains applications, application
+     documentation and run-time libraries.  The devel package contains
+     include files, static libraries and function documentation.  The
+     doc package contains the contents of the doc directory.  The original
+     openssl.spec was provided by Damien Miller <djm@mindrot.org>.
+     [Richard Levitte]
+     
+  *) Add a large number of documentation files for many SSL routines.
+     [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>]
+
+  *) Add a configuration entry for Sony News 4.
+     [NAKAJI Hiroyuki <nakaji@tutrp.tut.ac.jp>]
+
+  *) Don't set the two most significant bits to one when generating a
+     random number < q in the DSA library.
+     [Ulf Möller]
+
+  *) New SSL API mode 'SSL_MODE_AUTO_RETRY'.  This disables the default
+     behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if
+     the underlying transport is blocking) if a handshake took place.
+     (The default behaviour is needed by applications such as s_client
+     and s_server that use select() to determine when to use SSL_read;
+     but for applications that know in advance when to expect data, it
+     just makes things more complicated.)
+     [Bodo Moeller]
+
+  *) Add RAND_egd_bytes(), which gives control over the number of bytes read
+     from EGD.
+     [Ben Laurie]
+
+  *) Add a few more EBCDIC conditionals that make `req' and `x509'
+     work better on such systems.
+     [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
+
+  *) Add two demo programs for PKCS12_parse() and PKCS12_create().
+     Update PKCS12_parse() so it copies the friendlyName and the
+     keyid to the certificates aux info.
+     [Steve Henson]
+
+  *) Fix bug in PKCS7_verify() which caused an infinite loop
+     if there was more than one signature.
+     [Sven Uszpelkat <su@celocom.de>]
+
+  *) Major change in util/mkdef.pl to include extra information
+     about each symbol, as well as presentig variables as well
+     as functions.  This change means that there's n more need
+     to rebuild the .num files when some algorithms are excluded.
+     [Richard Levitte]
+
+  *) Allow the verify time to be set by an application,
+     rather than always using the current time.
+     [Steve Henson]
+  
+  *) Phase 2 verify code reorganisation. The certificate
+     verify code now looks up an issuer certificate by a
+     number of criteria: subject name, authority key id
+     and key usage. It also verifies self signed certificates
+     by the same criteria. The main comparison function is
+     X509_check_issued() which performs these checks.
+ 
+     Lot of changes were necessary in order to support this
+     without completely rewriting the lookup code.
+ 
+     Authority and subject key identifier are now cached.
+ 
+     The LHASH 'certs' is X509_STORE has now been replaced
+     by a STACK_OF(X509_OBJECT). This is mainly because an
+     LHASH can't store or retrieve multiple objects with
+     the same hash value.
+
+     As a result various functions (which were all internal
+     use only) have changed to handle the new X509_STORE
+     structure. This will break anything that messed round
+     with X509_STORE internally.
+ 
+     The functions X509_STORE_add_cert() now checks for an
+     exact match, rather than just subject name.
+ 
+     The X509_STORE API doesn't directly support the retrieval
+     of multiple certificates matching a given criteria, however
+     this can be worked round by performing a lookup first
+     (which will fill the cache with candidate certificates)
+     and then examining the cache for matches. This is probably
+     the best we can do without throwing out X509_LOOKUP
+     entirely (maybe later...).
+ 
+     The X509_VERIFY_CTX structure has been enhanced considerably.
+ 
+     All certificate lookup operations now go via a get_issuer()
+     callback. Although this currently uses an X509_STORE it
+     can be replaced by custom lookups. This is a simple way
+     to bypass the X509_STORE hackery necessary to make this
+     work and makes it possible to use more efficient techniques
+     in future. A very simple version which uses a simple
+     STACK for its trusted certificate store is also provided
+     using X509_STORE_CTX_trusted_stack().
+ 
+     The verify_cb() and verify() callbacks now have equivalents
+     in the X509_STORE_CTX structure.
+ 
+     X509_STORE_CTX also has a 'flags' field which can be used
+     to customise the verify behaviour.
+     [Steve Henson]
+ 
+  *) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which 
+     excludes S/MIME capabilities.
+     [Steve Henson]
+
+  *) When a certificate request is read in keep a copy of the
+     original encoding of the signed data and use it when outputing
+     again. Signatures then use the original encoding rather than
+     a decoded, encoded version which may cause problems if the
+     request is improperly encoded.
+     [Steve Henson]
+
+  *) For consistency with other BIO_puts implementations, call
+     buffer_write(b, ...) directly in buffer_puts instead of calling
+     BIO_write(b, ...).
+
+     In BIO_puts, increment b->num_write as in BIO_write.
+     [Peter.Sylvester@EdelWeb.fr]
+
+  *) Fix BN_mul_word for the case where the word is 0. (We have to use
+     BN_zero, we may not return a BIGNUM with an array consisting of
+     words set to zero.)
+     [Bodo Moeller]
+
+  *) Avoid calling abort() from within the library when problems are
+     detected, except if preprocessor symbols have been defined
+     (such as REF_CHECK, BN_DEBUG etc.).
+     [Bodo Moeller]
+
+  *) New openssl application 'rsautl'. This utility can be
+     used for low level RSA operations. DER public key
+     BIO/fp routines also added.
+     [Steve Henson]
+
+  *) New Configure entry and patches for compiling on QNX 4.
+     [Andreas Schneider <andreas@ds3.etech.fh-hamburg.de>]
+
+  *) A demo state-machine implementation was sponsored by
+     Nuron (http://www.nuron.com/) and is now available in
+     demos/state_machine.
+     [Ben Laurie]
+
+  *) New options added to the 'dgst' utility for signature
+     generation and verification.
+     [Steve Henson]
+
+  *) Unrecognized PKCS#7 content types are now handled via a
+     catch all ASN1_TYPE structure. This allows unsupported
+     types to be stored as a "blob" and an application can
+     encode and decode it manually.
+     [Steve Henson]
+
+  *) Fix various signed/unsigned issues to make a_strex.c
+     compile under VC++.
+     [Oscar Jacobsson <oscar.jacobsson@celocom.com>]
+
+  *) ASN1 fixes. i2d_ASN1_OBJECT was not returning the correct
+     length if passed a buffer. ASN1_INTEGER_to_BN failed
+     if passed a NULL BN and its argument was negative.
+     [Steve Henson, pointed out by Sven Heiberg <sven@tartu.cyber.ee>]
+
+  *) Modification to PKCS#7 encoding routines to output definite
+     length encoding. Since currently the whole structures are in
+     memory there's not real point in using indefinite length 
+     constructed encoding. However if OpenSSL is compiled with
+     the flag PKCS7_INDEFINITE_ENCODING the old form is used.
+     [Steve Henson]
+
+  *) Added BIO_vprintf() and BIO_vsnprintf().
+     [Richard Levitte]
+
+  *) Added more prefixes to parse for in the the strings written
+     through a logging bio, to cover all the levels that are available
+     through syslog.  The prefixes are now:
+
+	PANIC, EMERG, EMR	=>	LOG_EMERG
+	ALERT, ALR		=>	LOG_ALERT
+	CRIT, CRI		=>	LOG_CRIT
+	ERROR, ERR		=>	LOG_ERR
+	WARNING, WARN, WAR	=>	LOG_WARNING
+	NOTICE, NOTE, NOT	=>	LOG_NOTICE
+	INFO, INF		=>	LOG_INFO
+	DEBUG, DBG		=>	LOG_DEBUG
+
+     and as before, if none of those prefixes are present at the
+     beginning of the string, LOG_ERR is chosen.
+
+     On Win32, the LOG_* levels are mapped according to this:
+
+	LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR	=> EVENTLOG_ERROR_TYPE
+	LOG_WARNING				=> EVENTLOG_WARNING_TYPE
+	LOG_NOTICE, LOG_INFO, LOG_DEBUG		=> EVENTLOG_INFORMATION_TYPE
+
+     [Richard Levitte]
+
+  *) Made it possible to reconfigure with just the configuration
+     argument "reconf" or "reconfigure".  The command line arguments
+     are stored in Makefile.ssl in the variable CONFIGURE_ARGS,
+     and are retrieved from there when reconfiguring.
+     [Richard Levitte]
+
+  *) MD4 implemented.
+     [Assar Westerlund <assar@sics.se>, Richard Levitte]
+
+  *) Add the arguments -CAfile and -CApath to the pkcs12 utility.
+     [Richard Levitte]
+
+  *) The obj_dat.pl script was messing up the sorting of object
+     names. The reason was that it compared the quoted version
+     of strings as a result "OCSP" > "OCSP Signing" because
+     " > SPACE. Changed script to store unquoted versions of
+     names and add quotes on output. It was also omitting some
+     names from the lookup table if they were given a default
+     value (that is if SN is missing it is given the same
+     value as LN and vice versa), these are now added on the
+     grounds that if an object has a name we should be able to
+     look it up. Finally added warning output when duplicate
+     short or long names are found.
+     [Steve Henson]
+
+  *) Changes needed for Tandem NSK.
+     [Scott Uroff <scott@xypro.com>]
+
+  *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
+     RSA_padding_check_SSLv23(), special padding was never detected
+     and thus the SSL 3.0/TLS 1.0 countermeasure against protocol
+     version rollback attacks was not effective.
+
+     In s23_clnt.c, don't use special rollback-attack detection padding
+     (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
+     client; similarly, in s23_srvr.c, don't do the rollback check if
+     SSL 2.0 is the only protocol enabled in the server.
+     [Bodo Moeller]
+
+  *) Make it possible to get hexdumps of unprintable data with 'openssl
+     asn1parse'.  By implication, the functions ASN1_parse_dump() and
+     BIO_dump_indent() are added.
+     [Richard Levitte]
+
+  *) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex()
+     these print out strings and name structures based on various
+     flags including RFC2253 support and proper handling of
+     multibyte characters. Added options to the 'x509' utility 
+     to allow the various flags to be set.
+     [Steve Henson]
+
+  *) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME.
+     Also change the functions X509_cmp_current_time() and
+     X509_gmtime_adj() work with an ASN1_TIME structure,
+     this will enable certificates using GeneralizedTime in validity
+     dates to be checked.
+     [Steve Henson]
+
+  *) Make the NEG_PUBKEY_BUG code (which tolerates invalid
+     negative public key encodings) on by default,
+     NO_NEG_PUBKEY_BUG can be set to disable it.
+     [Steve Henson]
+
+  *) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT
+     content octets. An i2c_ASN1_OBJECT is unnecessary because
+     the encoding can be trivially obtained from the structure.
+     [Steve Henson]
+
+  *) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),
+     not read locks (CRYPTO_r_[un]lock).
+     [Bodo Moeller]
+
+  *) A first attempt at creating official support for shared
+     libraries through configuration.  I've kept it so the
+     default is static libraries only, and the OpenSSL programs
+     are always statically linked for now, but there are
+     preparations for dynamic linking in place.
+     This has been tested on Linux and Tru64.
+     [Richard Levitte]
+
+  *) Randomness polling function for Win9x, as described in:
+     Peter Gutmann, Software Generation of Practically Strong
+     Random Numbers.
+     [Ulf Möller]
+
+  *) Fix so PRNG is seeded in req if using an already existing
+     DSA key.
+     [Steve Henson]
+
+  *) New options to smime application. -inform and -outform
+     allow alternative formats for the S/MIME message including
+     PEM and DER. The -content option allows the content to be
+     specified separately. This should allow things like Netscape
+     form signing output easier to verify.
+     [Steve Henson]
+
+  *) Fix the ASN1 encoding of tags using the 'long form'.
+     [Steve Henson]
+
+  *) New ASN1 functions, i2c_* and c2i_* for INTEGER and BIT
+     STRING types. These convert content octets to and from the
+     underlying type. The actual tag and length octets are
+     already assumed to have been read in and checked. These
+     are needed because all other string types have virtually
+     identical handling apart from the tag. By having versions
+     of the ASN1 functions that just operate on content octets
+     IMPLICIT tagging can be handled properly. It also allows
+     the ASN1_ENUMERATED code to be cut down because ASN1_ENUMERATED
+     and ASN1_INTEGER are identical apart from the tag.
+     [Steve Henson]
+
+  *) Change the handling of OID objects as follows:
+
+     - New object identifiers are inserted in objects.txt, following
+       the syntax given in objects.README.
+     - objects.pl is used to process obj_mac.num and create a new
+       obj_mac.h.
+     - obj_dat.pl is used to create a new obj_dat.h, using the data in
+       obj_mac.h.
+
+     This is currently kind of a hack, and the perl code in objects.pl
+     isn't very elegant, but it works as I intended.  The simplest way
+     to check that it worked correctly is to look in obj_dat.h and
+     check the array nid_objs and make sure the objects haven't moved
+     around (this is important!).  Additions are OK, as well as
+     consistent name changes. 
+     [Richard Levitte]
+
+  *) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1').
+     [Bodo Moeller]
+
+  *) Addition of the command line parameter '-rand file' to 'openssl req'.
+     The given file adds to whatever has already been seeded into the
+     random pool through the RANDFILE configuration file option or
+     environment variable, or the default random state file.
+     [Richard Levitte]
+
+  *) mkstack.pl now sorts each macro group into lexical order.
+     Previously the output order depended on the order the files
+     appeared in the directory, resulting in needless rewriting
+     of safestack.h .
+     [Steve Henson]
+
+  *) Patches to make OpenSSL compile under Win32 again. Mostly
+     work arounds for the VC++ problem that it treats func() as
+     func(void). Also stripped out the parts of mkdef.pl that
+     added extra typesafe functions: these no longer exist.
+     [Steve Henson]
+
+  *) Reorganisation of the stack code. The macros are now all 
+     collected in safestack.h . Each macro is defined in terms of
+     a "stack macro" of the form SKM_<name>(type, a, b). The 
+     DEBUG_SAFESTACK is now handled in terms of function casts,
+     this has the advantage of retaining type safety without the
+     use of additional functions. If DEBUG_SAFESTACK is not defined
+     then the non typesafe macros are used instead. Also modified the
+     mkstack.pl script to handle the new form. Needs testing to see
+     if which (if any) compilers it chokes and maybe make DEBUG_SAFESTACK
+     the default if no major problems. Similar behaviour for ASN1_SET_OF
+     and PKCS12_STACK_OF.
+     [Steve Henson]
+
+  *) When some versions of IIS use the 'NET' form of private key the
+     key derivation algorithm is different. Normally MD5(password) is
+     used as a 128 bit RC4 key. In the modified case
+     MD5(MD5(password) + "SGCKEYSALT")  is used insted. Added some
+     new functions i2d_RSA_NET(), d2i_RSA_NET() etc which are the same
+     as the old Netscape_RSA functions except they have an additional
+     'sgckey' parameter which uses the modified algorithm. Also added
+     an -sgckey command line option to the rsa utility. Thanks to 
+     Adrian Peck <bertie@ncipher.com> for posting details of the modified
+     algorithm to openssl-dev.
+     [Steve Henson]
+
+  *) The evp_local.h macros were using 'c.##kname' which resulted in
+     invalid expansion on some systems (SCO 5.0.5 for example).
+     Corrected to 'c.kname'.
+     [Phillip Porch <root@theporch.com>]
+
+  *) New X509_get1_email() and X509_REQ_get1_email() functions that return
+     a STACK of email addresses from a certificate or request, these look
+     in the subject name and the subject alternative name extensions and 
+     omit any duplicate addresses.
+     [Steve Henson]
+
+  *) Re-implement BN_mod_exp2_mont using independent (and larger) windows.
+     This makes DSA verification about 2 % faster.
+     [Bodo Moeller]
+
+  *) Increase maximum window size in BN_mod_exp_... to 6 bits instead of 5
+     (meaning that now 2^5 values will be precomputed, which is only 4 KB
+     plus overhead for 1024 bit moduli).
+     This makes exponentiations about 0.5 % faster for 1024 bit
+     exponents (as measured by "openssl speed rsa2048").
+     [Bodo Moeller]
+
+  *) Rename memory handling macros to avoid conflicts with other
+     software:
+          Malloc         =>  OPENSSL_malloc
+          Malloc_locked  =>  OPENSSL_malloc_locked
+          Realloc        =>  OPENSSL_realloc
+          Free           =>  OPENSSL_free
+     [Richard Levitte]
+
+  *) New function BN_mod_exp_mont_word for small bases (roughly 15%
+     faster than BN_mod_exp_mont, i.e. 7% for a full DH exchange).
+     [Bodo Moeller]
+
+  *) CygWin32 support.
+     [John Jarvie <jjarvie@newsguy.com>]
+
+  *) The type-safe stack code has been rejigged. It is now only compiled
+     in when OpenSSL is configured with the DEBUG_SAFESTACK option and
+     by default all type-specific stack functions are "#define"d back to
+     standard stack functions. This results in more streamlined output
+     but retains the type-safety checking possibilities of the original
+     approach.
+     [Geoff Thorpe]
+
+  *) The STACK code has been cleaned up, and certain type declarations
+     that didn't make a lot of sense have been brought in line. This has
+     also involved a cleanup of sorts in safestack.h to more correctly
+     map type-safe stack functions onto their plain stack counterparts.
+     This work has also resulted in a variety of "const"ifications of
+     lots of the code, especially "_cmp" operations which should normally
+     be prototyped with "const" parameters anyway.
+     [Geoff Thorpe]
+
+  *) When generating bytes for the first time in md_rand.c, 'stir the pool'
+     by seeding with STATE_SIZE dummy bytes (with zero entropy count).
+     (The PRNG state consists of two parts, the large pool 'state' and 'md',
+     where all of 'md' is used each time the PRNG is used, but 'state'
+     is used only indexed by a cyclic counter. As entropy may not be
+     well distributed from the beginning, 'md' is important as a
+     chaining variable. However, the output function chains only half
+     of 'md', i.e. 80 bits.  ssleay_rand_add, on the other hand, chains
+     all of 'md', and seeding with STATE_SIZE dummy bytes will result
+     in all of 'state' being rewritten, with the new values depending
+     on virtually all of 'md'.  This overcomes the 80 bit limitation.)
+     [Bodo Moeller]
+
+  *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when
+     the handshake is continued after ssl_verify_cert_chain();
+     otherwise, if SSL_VERIFY_NONE is set, remaining error codes
+     can lead to 'unexplainable' connection aborts later.
+     [Bodo Moeller; problem tracked down by Lutz Jaenicke]
+
+  *) Major EVP API cipher revision.
+     Add hooks for extra EVP features. This allows various cipher
+     parameters to be set in the EVP interface. Support added for variable
+     key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and
+     setting of RC2 and RC5 parameters.
+
+     Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length
+     ciphers.
+
+     Remove lots of duplicated code from the EVP library. For example *every*
+     cipher init() function handles the 'iv' in the same way according to the
+     cipher mode. They also all do nothing if the 'key' parameter is NULL and
+     for CFB and OFB modes they zero ctx->num.
+
+     New functionality allows removal of S/MIME code RC2 hack.
+
+     Most of the routines have the same form and so can be declared in terms
+     of macros.
+
+     By shifting this to the top level EVP_CipherInit() it can be removed from
+     all individual ciphers. If the cipher wants to handle IVs or keys
+     differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT
+     flags.
+
+     Change lots of functions like EVP_EncryptUpdate() to now return a
+     value: although software versions of the algorithms cannot fail
+     any installed hardware versions can.
+     [Steve Henson]
+
+  *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if
+     this option is set, tolerate broken clients that send the negotiated
+     protocol version number instead of the requested protocol version
+     number.
+     [Bodo Moeller]
+
+  *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag;
+     i.e. non-zero for export ciphersuites, zero otherwise.
+     Previous versions had this flag inverted, inconsistent with
+     rsa_tmp_cb (..._TMP_RSA_CB).
+     [Bodo Moeller; problem reported by Amit Chopra]
+
+  *) Add missing DSA library text string. Work around for some IIS
+     key files with invalid SEQUENCE encoding.
+     [Steve Henson]
+
+  *) Add a document (doc/standards.txt) that list all kinds of standards
+     and so on that are implemented in OpenSSL.
+     [Richard Levitte]
+
+  *) Enhance c_rehash script. Old version would mishandle certificates
+     with the same subject name hash and wouldn't handle CRLs at all.
+     Added -fingerprint option to crl utility, to support new c_rehash
+     features.
+     [Steve Henson]
+
+  *) Eliminate non-ANSI declarations in crypto.h and stack.h.
+     [Ulf Möller]
+
+  *) Fix for SSL server purpose checking. Server checking was
+     rejecting certificates which had extended key usage present
+     but no ssl client purpose.
+     [Steve Henson, reported by Rene Grosser <grosser@hisolutions.com>]
+
+  *) Make PKCS#12 code work with no password. The PKCS#12 spec
+     is a little unclear about how a blank password is handled.
+     Since the password in encoded as a BMPString with terminating
+     double NULL a zero length password would end up as just the
+     double NULL. However no password at all is different and is
+     handled differently in the PKCS#12 key generation code. NS
+     treats a blank password as zero length. MSIE treats it as no
+     password on export: but it will try both on import. We now do
+     the same: PKCS12_parse() tries zero length and no password if
+     the password is set to "" or NULL (NULL is now a valid password:
+     it wasn't before) as does the pkcs12 application.
+     [Steve Henson]
+
+  *) Bugfixes in apps/x509.c: Avoid a memory leak; and don't use
+     perror when PEM_read_bio_X509_REQ fails, the error message must
+     be obtained from the error queue.
+     [Bodo Moeller]
+
+  *) Avoid 'thread_hash' memory leak in crypto/err/err.c by freeing
+     it in ERR_remove_state if appropriate, and change ERR_get_state
+     accordingly to avoid race conditions (this is necessary because
+     thread_hash is no longer constant once set).
+     [Bodo Moeller]
+
+  *) Bugfix for linux-elf makefile.one.
+     [Ulf Möller]
+
+  *) RSA_get_default_method() will now cause a default
+     RSA_METHOD to be chosen if one doesn't exist already.
+     Previously this was only set during a call to RSA_new()
+     or RSA_new_method(NULL) meaning it was possible for
+     RSA_get_default_method() to return NULL.
+     [Geoff Thorpe]
+
+  *) Added native name translation to the existing DSO code
+     that will convert (if the flag to do so is set) filenames
+     that are sufficiently small and have no path information
+     into a canonical native form. Eg. "blah" converted to
+     "libblah.so" or "blah.dll" etc.
+     [Geoff Thorpe]
+
+  *) New function ERR_error_string_n(e, buf, len) which is like
+     ERR_error_string(e, buf), but writes at most 'len' bytes
+     including the 0 terminator.  For ERR_error_string_n, 'buf'
+     may not be NULL.
+     [Damien Miller <djm@mindrot.org>, Bodo Moeller]
+
+  *) CONF library reworked to become more general.  A new CONF
+     configuration file reader "class" is implemented as well as a
+     new functions (NCONF_*, for "New CONF") to handle it.  The now
+     old CONF_* functions are still there, but are reimplemented to
+     work in terms of the new functions.  Also, a set of functions
+     to handle the internal storage of the configuration data is
+     provided to make it easier to write new configuration file
+     reader "classes" (I can definitely see something reading a
+     configuration file in XML format, for example), called _CONF_*,
+     or "the configuration storage API"...
+
+     The new configuration file reading functions are:
+
+        NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio,
+        NCONF_get_section, NCONF_get_string, NCONF_get_numbre
+
+        NCONF_default, NCONF_WIN32
+
+        NCONF_dump_fp, NCONF_dump_bio
+
+     NCONF_default and NCONF_WIN32 are method (or "class") choosers,
+     NCONF_new creates a new CONF object.  This works in the same way
+     as other interfaces in OpenSSL, like the BIO interface.
+     NCONF_dump_* dump the internal storage of the configuration file,
+     which is useful for debugging.  All other functions take the same
+     arguments as the old CONF_* functions wth the exception of the
+     first that must be a `CONF *' instead of a `LHASH *'.
+
+     To make it easer to use the new classes with the old CONF_* functions,
+     the function CONF_set_default_method is provided.
+     [Richard Levitte]
+
+  *) Add '-tls1' option to 'openssl ciphers', which was already
+     mentioned in the documentation but had not been implemented.
+     (This option is not yet really useful because even the additional
+     experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.)
+     [Bodo Moeller]
+
+  *) Initial DSO code added into libcrypto for letting OpenSSL (and
+     OpenSSL-based applications) load shared libraries and bind to
+     them in a portable way.
+     [Geoff Thorpe, with contributions from Richard Levitte]
+
+ Changes between 0.9.5 and 0.9.5a  [1 Apr 2000]
+
+  *) Make sure _lrotl and _lrotr are only used with MSVC.
+
+  *) Use lock CRYPTO_LOCK_RAND correctly in ssleay_rand_status
+     (the default implementation of RAND_status).
+
+  *) Rename openssl x509 option '-crlext', which was added in 0.9.5,
+     to '-clrext' (= clear extensions), as intended and documented.
+     [Bodo Moeller; inconsistency pointed out by Michael Attili
+     <attili@amaxo.com>]
+
+  *) Fix for HMAC. It wasn't zeroing the rest of the block if the key length
+     was larger than the MD block size.      
+     [Steve Henson, pointed out by Yost William <YostW@tce.com>]
+
+  *) Modernise PKCS12_parse() so it uses STACK_OF(X509) for its ca argument
+     fix a leak when the ca argument was passed as NULL. Stop X509_PUBKEY_set()
+     using the passed key: if the passed key was a private key the result
+     of X509_print(), for example, would be to print out all the private key
+     components.
+     [Steve Henson]
+
+  *) des_quad_cksum() byte order bug fix.
+     [Ulf Möller, using the problem description in krb4-0.9.7, where
+      the solution is attributed to Derrick J Brashear <shadow@DEMENTIA.ORG>]
+
+  *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly
+     discouraged.
+     [Steve Henson, pointed out by Brian Korver <briank@cs.stanford.edu>]
+
+  *) For easily testing in shell scripts whether some command
+     'openssl XXX' exists, the new pseudo-command 'openssl no-XXX'
+     returns with exit code 0 iff no command of the given name is available.
+     'no-XXX' is printed in this case, 'XXX' otherwise.  In both cases,
+     the output goes to stdout and nothing is printed to stderr.
+     Additional arguments are always ignored.
+
+     Since for each cipher there is a command of the same name,
+     the 'no-cipher' compilation switches can be tested this way.
+
+     ('openssl no-XXX' is not able to detect pseudo-commands such
+     as 'quit', 'list-XXX-commands', or 'no-XXX' itself.)
+     [Bodo Moeller]
+
+  *) Update test suite so that 'make test' succeeds in 'no-rsa' configuration.
+     [Bodo Moeller]
+
+  *) For SSL_[CTX_]set_tmp_dh, don't create a DH key if SSL_OP_SINGLE_DH_USE
+     is set; it will be thrown away anyway because each handshake creates
+     its own key.
+     ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition
+     to parameters -- in previous versions (since OpenSSL 0.9.3) the
+     'default key' from SSL_CTX_set_tmp_dh would always be lost, meanining
+     you effectivly got SSL_OP_SINGLE_DH_USE when using this macro.
+     [Bodo Moeller]
+
+  *) New s_client option -ign_eof: EOF at stdin is ignored, and
+     'Q' and 'R' lose their special meanings (quit/renegotiate).
+     This is part of what -quiet does; unlike -quiet, -ign_eof
+     does not suppress any output.
+     [Richard Levitte]
+
+  *) Add compatibility options to the purpose and trust code. The
+     purpose X509_PURPOSE_ANY is "any purpose" which automatically
+     accepts a certificate or CA, this was the previous behaviour,
+     with all the associated security issues.
+
+     X509_TRUST_COMPAT is the old trust behaviour: only and
+     automatically trust self signed roots in certificate store. A
+     new trust setting X509_TRUST_DEFAULT is used to specify that
+     a purpose has no associated trust setting and it should instead
+     use the value in the default purpose.
+     [Steve Henson]
+
+  *) Fix the PKCS#8 DSA private key code so it decodes keys again
+     and fix a memory leak.
+     [Steve Henson]
+
+  *) In util/mkerr.pl (which implements 'make errors'), preserve
+     reason strings from the previous version of the .c file, as
+     the default to have only downcase letters (and digits) in
+     automatically generated reasons codes is not always appropriate.
+     [Bodo Moeller]
+
+  *) In ERR_load_ERR_strings(), build an ERR_LIB_SYS error reason table
+     using strerror.  Previously, ERR_reason_error_string() returned
+     library names as reason strings for SYSerr; but SYSerr is a special
+     case where small numbers are errno values, not library numbers.
+     [Bodo Moeller]
+
+  *) Add '-dsaparam' option to 'openssl dhparam' application.  This
+     converts DSA parameters into DH parameters. (When creating parameters,
+     DSA_generate_parameters is used.)
+     [Bodo Moeller]
+
+  *) Include 'length' (recommended exponent length) in C code generated
+     by 'openssl dhparam -C'.
+     [Bodo Moeller]
+
+  *) The second argument to set_label in perlasm was already being used
+     so couldn't be used as a "file scope" flag. Moved to third argument
+     which was free.
+     [Steve Henson]
+
+  *) In PEM_ASN1_write_bio and some other functions, use RAND_pseudo_bytes
+     instead of RAND_bytes for encryption IVs and salts.
+     [Bodo Moeller]
+
+  *) Include RAND_status() into RAND_METHOD instead of implementing
+     it only for md_rand.c  Otherwise replacing the PRNG by calling
+     RAND_set_rand_method would be impossible.
+     [Bodo Moeller]
+
+  *) Don't let DSA_generate_key() enter an infinite loop if the random
+     number generation fails.
+     [Bodo Moeller]
+
+  *) New 'rand' application for creating pseudo-random output.
+     [Bodo Moeller]
+
+  *) Added configuration support for Linux/IA64
+     [Rolf Haberrecker <rolf@suse.de>]
+
+  *) Assembler module support for Mingw32.
+     [Ulf Möller]
+
+  *) Shared library support for HPUX (in shlib/).
+     [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Anonymous]
+
+  *) Shared library support for Solaris gcc.
+     [Lutz Behnke <behnke@trustcenter.de>]
+
+ Changes between 0.9.4 and 0.9.5  [28 Feb 2000]
+
+  *) PKCS7_encrypt() was adding text MIME headers twice because they
+     were added manually and by SMIME_crlf_copy().
+     [Steve Henson]
+
+  *) In bntest.c don't call BN_rand with zero bits argument.
+     [Steve Henson, pointed out by Andrew W. Gray <agray@iconsinc.com>]
+
+  *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n]
+     case was implemented. This caused BN_div_recp() to fail occasionally.
+     [Ulf Möller]
+
+  *) Add an optional second argument to the set_label() in the perl
+     assembly language builder. If this argument exists and is set
+     to 1 it signals that the assembler should use a symbol whose 
+     scope is the entire file, not just the current function. This
+     is needed with MASM which uses the format label:: for this scope.
+     [Steve Henson, pointed out by Peter Runestig <peter@runestig.com>]
+
+  *) Change the ASN1 types so they are typedefs by default. Before
+     almost all types were #define'd to ASN1_STRING which was causing
+     STACK_OF() problems: you couldn't declare STACK_OF(ASN1_UTF8STRING)
+     for example.
+     [Steve Henson]
+
+  *) Change names of new functions to the new get1/get0 naming
+     convention: After 'get1', the caller owns a reference count
+     and has to call ..._free; 'get0' returns a pointer to some
+     data structure without incrementing reference counters.
+     (Some of the existing 'get' functions increment a reference
+     counter, some don't.)
+     Similarly, 'set1' and 'add1' functions increase reference
+     counters or duplicate objects.
+     [Steve Henson]
+
+  *) Allow for the possibility of temp RSA key generation failure:
+     the code used to assume it always worked and crashed on failure.
+     [Steve Henson]
+
+  *) Fix potential buffer overrun problem in BIO_printf().
+     [Ulf Möller, using public domain code by Patrick Powell; problem
+      pointed out by David Sacerdote <das33@cornell.edu>]
+
+  *) Support EGD <http://www.lothar.com/tech/crypto/>.  New functions
+     RAND_egd() and RAND_status().  In the command line application,
+     the EGD socket can be specified like a seed file using RANDFILE
+     or -rand.
+     [Ulf Möller]
+
+  *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures.
+     Some CAs (e.g. Verisign) distribute certificates in this form.
+     [Steve Henson]
+
+  *) Remove the SSL_ALLOW_ADH compile option and set the default cipher
+     list to exclude them. This means that no special compilation option
+     is needed to use anonymous DH: it just needs to be included in the
+     cipher list.
+     [Steve Henson]
+
+  *) Change the EVP_MD_CTX_type macro so its meaning consistent with
+     EVP_MD_type. The old functionality is available in a new macro called
+     EVP_MD_md(). Change code that uses it and update docs.
+     [Steve Henson]
+
+  *) ..._ctrl functions now have corresponding ..._callback_ctrl functions
+     where the 'void *' argument is replaced by a function pointer argument.
+     Previously 'void *' was abused to point to functions, which works on
+     many platforms, but is not correct.  As these functions are usually
+     called by macros defined in OpenSSL header files, most source code
+     should work without changes.
+     [Richard Levitte]
+
+  *) <openssl/opensslconf.h> (which is created by Configure) now contains
+     sections with information on -D... compiler switches used for
+     compiling the library so that applications can see them.  To enable
+     one of these sections, a pre-processor symbol OPENSSL_..._DEFINES
+     must be defined.  E.g.,
+        #define OPENSSL_ALGORITHM_DEFINES
+        #include <openssl/opensslconf.h>
+     defines all pertinent NO_<algo> symbols, such as NO_IDEA, NO_RSA, etc.
+     [Richard Levitte, Ulf and Bodo Möller]
+
+  *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS
+     record layer.
+     [Bodo Moeller]
+
+  *) Change the 'other' type in certificate aux info to a STACK_OF
+     X509_ALGOR. Although not an AlgorithmIdentifier as such it has
+     the required ASN1 format: arbitrary types determined by an OID.
+     [Steve Henson]
+
+  *) Add some PEM_write_X509_REQ_NEW() functions and a command line
+     argument to 'req'. This is not because the function is newer or
+     better than others it just uses the work 'NEW' in the certificate
+     request header lines. Some software needs this.
+     [Steve Henson]
+
+  *) Reorganise password command line arguments: now passwords can be
+     obtained from various sources. Delete the PEM_cb function and make
+     it the default behaviour: i.e. if the callback is NULL and the
+     usrdata argument is not NULL interpret it as a null terminated pass
+     phrase. If usrdata and the callback are NULL then the pass phrase
+     is prompted for as usual.
+     [Steve Henson]
+
+  *) Add support for the Compaq Atalla crypto accelerator. If it is installed,
+     the support is automatically enabled. The resulting binaries will
+     autodetect the card and use it if present.
+     [Ben Laurie and Compaq Inc.]
+
+  *) Work around for Netscape hang bug. This sends certificate request
+     and server done in one record. Since this is perfectly legal in the
+     SSL/TLS protocol it isn't a "bug" option and is on by default. See
+     the bugs/SSLv3 entry for more info.
+     [Steve Henson]
+
+  *) HP-UX tune-up: new unified configs, HP C compiler bug workaround.
+     [Andy Polyakov]
+
+  *) Add -rand argument to smime and pkcs12 applications and read/write
+     of seed file.
+     [Steve Henson]
+
+  *) New 'passwd' tool for crypt(3) and apr1 password hashes.
+     [Bodo Moeller]
+
+  *) Add command line password options to the remaining applications.
+     [Steve Henson]
+
+  *) Bug fix for BN_div_recp() for numerators with an even number of
+     bits.
+     [Ulf Möller]
+
+  *) More tests in bntest.c, and changed test_bn output.
+     [Ulf Möller]
+
+  *) ./config recognizes MacOS X now.
+     [Andy Polyakov]
+
+  *) Bug fix for BN_div() when the first words of num and divsor are
+     equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0).
+     [Ulf Möller]
+
+  *) Add support for various broken PKCS#8 formats, and command line
+     options to produce them.
+     [Steve Henson]
+
+  *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to
+     get temporary BIGNUMs from a BN_CTX.
+     [Ulf Möller]
+
+  *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont()
+     for p == 0.
+     [Ulf Möller]
+
+  *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and
+     include a #define from the old name to the new. The original intent
+     was that statically linked binaries could for example just call
+     SSLeay_add_all_ciphers() to just add ciphers to the table and not
+     link with digests. This never worked becayse SSLeay_add_all_digests()
+     and SSLeay_add_all_ciphers() were in the same source file so calling
+     one would link with the other. They are now in separate source files.
+     [Steve Henson]
+
+  *) Add a new -notext option to 'ca' and a -pubkey option to 'spkac'.
+     [Steve Henson]
+
+  *) Use a less unusual form of the Miller-Rabin primality test (it used
+     a binary algorithm for exponentiation integrated into the Miller-Rabin
+     loop, our standard modexp algorithms are faster).
+     [Bodo Moeller]
+
+  *) Support for the EBCDIC character set completed.
+     [Martin Kraemer <Martin.Kraemer@Mch.SNI.De>]
+
+  *) Source code cleanups: use const where appropriate, eliminate casts,
+     use void * instead of char * in lhash.
+     [Ulf Möller] 
+
+  *) Bugfix: ssl3_send_server_key_exchange was not restartable
+     (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of
+     this the server could overwrite ephemeral keys that the client
+     has already seen).
+     [Bodo Moeller]
+
+  *) Turn DSA_is_prime into a macro that calls BN_is_prime,
+     using 50 iterations of the Rabin-Miller test.
+
+     DSA_generate_parameters now uses BN_is_prime_fasttest (with 50
+     iterations of the Rabin-Miller test as required by the appendix
+     to FIPS PUB 186[-1]) instead of DSA_is_prime.
+     As BN_is_prime_fasttest includes trial division, DSA parameter
+     generation becomes much faster.
+
+     This implies a change for the callback functions in DSA_is_prime
+     and DSA_generate_parameters: The callback function is called once
+     for each positive witness in the Rabin-Miller test, not just
+     occasionally in the inner loop; and the parameters to the
+     callback function now provide an iteration count for the outer
+     loop rather than for the current invocation of the inner loop.
+     DSA_generate_parameters additionally can call the callback
+     function with an 'iteration count' of -1, meaning that a
+     candidate has passed the trial division test (when q is generated 
+     from an application-provided seed, trial division is skipped).
+     [Bodo Moeller]
+
+  *) New function BN_is_prime_fasttest that optionally does trial
+     division before starting the Rabin-Miller test and has
+     an additional BN_CTX * argument (whereas BN_is_prime always
+     has to allocate at least one BN_CTX).
+     'callback(1, -1, cb_arg)' is called when a number has passed the
+     trial division stage.
+     [Bodo Moeller]
+
+  *) Fix for bug in CRL encoding. The validity dates weren't being handled
+     as ASN1_TIME.
+     [Steve Henson]
+
+  *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file.
+     [Steve Henson]
+
+  *) New function BN_pseudo_rand().
+     [Ulf Möller]
+
+  *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable)
+     bignum version of BN_from_montgomery() with the working code from
+     SSLeay 0.9.0 (the word based version is faster anyway), and clean up
+     the comments.
+     [Ulf Möller]
+
+  *) Avoid a race condition in s2_clnt.c (function get_server_hello) that
+     made it impossible to use the same SSL_SESSION data structure in
+     SSL2 clients in multiple threads.
+     [Bodo Moeller]
+
+  *) The return value of RAND_load_file() no longer counts bytes obtained
+     by stat().  RAND_load_file(..., -1) is new and uses the complete file
+     to seed the PRNG (previously an explicit byte count was required).
+     [Ulf Möller, Bodo Möller]
+
+  *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes
+     used (char *) instead of (void *) and had casts all over the place.
+     [Steve Henson]
+
+  *) Make BN_generate_prime() return NULL on error if ret!=NULL.
+     [Ulf Möller]
+
+  *) Retain source code compatibility for BN_prime_checks macro:
+     BN_is_prime(..., BN_prime_checks, ...) now uses
+     BN_prime_checks_for_size to determine the appropriate number of
+     Rabin-Miller iterations.
+     [Ulf Möller]
+
+  *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to
+     DH_CHECK_P_NOT_SAFE_PRIME.
+     (Check if this is true? OpenPGP calls them "strong".)
+     [Ulf Möller]
+
+  *) Merge the functionality of "dh" and "gendh" programs into a new program
+     "dhparam". The old programs are retained for now but will handle DH keys
+     (instead of parameters) in future.
+     [Steve Henson]
+
+  *) Make the ciphers, s_server and s_client programs check the return values
+     when a new cipher list is set.
+     [Steve Henson]
+
+  *) Enhance the SSL/TLS cipher mechanism to correctly handle the TLS 56bit
+     ciphers. Before when the 56bit ciphers were enabled the sorting was
+     wrong.
+
+     The syntax for the cipher sorting has been extended to support sorting by
+     cipher-strength (using the strength_bits hard coded in the tables).
+     The new command is "@STRENGTH" (see also doc/apps/ciphers.pod).
+
+     Fix a bug in the cipher-command parser: when supplying a cipher command
+     string with an "undefined" symbol (neither command nor alphanumeric
+     [A-Za-z0-9], ssl_set_cipher_list used to hang in an endless loop. Now
+     an error is flagged.
+
+     Due to the strength-sorting extension, the code of the
+     ssl_create_cipher_list() function was completely rearranged. I hope that
+     the readability was also increased :-)
+     [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>]
+
+  *) Minor change to 'x509' utility. The -CAcreateserial option now uses 1
+     for the first serial number and places 2 in the serial number file. This
+     avoids problems when the root CA is created with serial number zero and
+     the first user certificate has the same issuer name and serial number
+     as the root CA.
+     [Steve Henson]
+
+  *) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses
+     the new code. Add documentation for this stuff.
+     [Steve Henson]
+
+  *) Changes to X509_ATTRIBUTE utilities. These have been renamed from
+     X509_*() to X509at_*() on the grounds that they don't handle X509
+     structures and behave in an analagous way to the X509v3 functions:
+     they shouldn't be called directly but wrapper functions should be used
+     instead.
+
+     So we also now have some wrapper functions that call the X509at functions
+     when passed certificate requests. (TO DO: similar things can be done with
+     PKCS#7 signed and unsigned attributes, PKCS#12 attributes and a few other
+     things. Some of these need some d2i or i2d and print functionality
+     because they handle more complex structures.)
+     [Steve Henson]
+
+  *) Add missing #ifndefs that caused missing symbols when building libssl
+     as a shared library without RSA.  Use #ifndef NO_SSL2 instead of
+     NO_RSA in ssl/s2*.c. 
+     [Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf Möller]
+
+  *) Precautions against using the PRNG uninitialized: RAND_bytes() now
+     has a return value which indicates the quality of the random data
+     (1 = ok, 0 = not seeded).  Also an error is recorded on the thread's
+     error queue. New function RAND_pseudo_bytes() generates output that is
+     guaranteed to be unique but not unpredictable. RAND_add is like
+     RAND_seed, but takes an extra argument for an entropy estimate
+     (RAND_seed always assumes full entropy).
+     [Ulf Möller]
+
+  *) Do more iterations of Rabin-Miller probable prime test (specifically,
+     3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes
+     instead of only 2 for all lengths; see BN_prime_checks_for_size definition
+     in crypto/bn/bn_prime.c for the complete table).  This guarantees a
+     false-positive rate of at most 2^-80 for random input.
+     [Bodo Moeller]
+
+  *) Rewrite ssl3_read_n (ssl/s3_pkt.c) avoiding a couple of bugs.
+     [Bodo Moeller]
+
+  *) New function X509_CTX_rget_chain() (renamed to X509_CTX_get1_chain
+     in the 0.9.5 release), this returns the chain
+     from an X509_CTX structure with a dup of the stack and all
+     the X509 reference counts upped: so the stack will exist
+     after X509_CTX_cleanup() has been called. Modify pkcs12.c
+     to use this.
+
+     Also make SSL_SESSION_print() print out the verify return
+     code.
+     [Steve Henson]
+
+  *) Add manpage for the pkcs12 command. Also change the default
+     behaviour so MAC iteration counts are used unless the new
+     -nomaciter option is used. This improves file security and
+     only older versions of MSIE (4.0 for example) need it.
+     [Steve Henson]
+
+  *) Honor the no-xxx Configure options when creating .DEF files.
+     [Ulf Möller]
+
+  *) Add PKCS#10 attributes to field table: challengePassword, 
+     unstructuredName and unstructuredAddress. These are taken from
+     draft PKCS#9 v2.0 but are compatible with v1.2 provided no 
+     international characters are used.
+
+     More changes to X509_ATTRIBUTE code: allow the setting of types
+     based on strings. Remove the 'loc' parameter when adding
+     attributes because these will be a SET OF encoding which is sorted
+     in ASN1 order.
+     [Steve Henson]
+
+  *) Initial changes to the 'req' utility to allow request generation
+     automation. This will allow an application to just generate a template
+     file containing all the field values and have req construct the
+     request.
+
+     Initial support for X509_ATTRIBUTE handling. Stacks of these are
+     used all over the place including certificate requests and PKCS#7
+     structures. They are currently handled manually where necessary with
+     some primitive wrappers for PKCS#7. The new functions behave in a
+     manner analogous to the X509 extension functions: they allow
+     attributes to be looked up by NID and added.
+
+     Later something similar to the X509V3 code would be desirable to
+     automatically handle the encoding, decoding and printing of the
+     more complex types. The string types like challengePassword can
+     be handled by the string table functions.
+
+     Also modified the multi byte string table handling. Now there is
+     a 'global mask' which masks out certain types. The table itself
+     can use the flag STABLE_NO_MASK to ignore the mask setting: this
+     is useful when for example there is only one permissible type
+     (as in countryName) and using the mask might result in no valid
+     types at all.
+     [Steve Henson]
+
+  *) Clean up 'Finished' handling, and add functions SSL_get_finished and
+     SSL_get_peer_finished to allow applications to obtain the latest
+     Finished messages sent to the peer or expected from the peer,
+     respectively.  (SSL_get_peer_finished is usually the Finished message
+     actually received from the peer, otherwise the protocol will be aborted.)
+
+     As the Finished message are message digests of the complete handshake
+     (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can
+     be used for external authentication procedures when the authentication
+     provided by SSL/TLS is not desired or is not enough.
+     [Bodo Moeller]
+
+  *) Enhanced support for Alpha Linux is added. Now ./config checks if
+     the host supports BWX extension and if Compaq C is present on the
+     $PATH. Just exploiting of the BWX extension results in 20-30%
+     performance kick for some algorithms, e.g. DES and RC4 to mention
+     a couple. Compaq C in turn generates ~20% faster code for MD5 and
+     SHA1.
+     [Andy Polyakov]
+
+  *) Add support for MS "fast SGC". This is arguably a violation of the
+     SSL3/TLS protocol. Netscape SGC does two handshakes: the first with
+     weak crypto and after checking the certificate is SGC a second one
+     with strong crypto. MS SGC stops the first handshake after receiving
+     the server certificate message and sends a second client hello. Since
+     a server will typically do all the time consuming operations before
+     expecting any further messages from the client (server key exchange
+     is the most expensive) there is little difference between the two.
+
+     To get OpenSSL to support MS SGC we have to permit a second client
+     hello message after we have sent server done. In addition we have to
+     reset the MAC if we do get this second client hello.
+     [Steve Henson]
+
+  *) Add a function 'd2i_AutoPrivateKey()' this will automatically decide
+     if a DER encoded private key is RSA or DSA traditional format. Changed
+     d2i_PrivateKey_bio() to use it. This is only needed for the "traditional"
+     format DER encoded private key. Newer code should use PKCS#8 format which
+     has the key type encoded in the ASN1 structure. Added DER private key
+     support to pkcs8 application.
+     [Steve Henson]
+
+  *) SSL 3/TLS 1 servers now don't request certificates when an anonymous
+     ciphersuites has been selected (as required by the SSL 3/TLS 1
+     specifications).  Exception: When SSL_VERIFY_FAIL_IF_NO_PEER_CERT
+     is set, we interpret this as a request to violate the specification
+     (the worst that can happen is a handshake failure, and 'correct'
+     behaviour would result in a handshake failure anyway).
+     [Bodo Moeller]
+
+  *) In SSL_CTX_add_session, take into account that there might be multiple
+     SSL_SESSION structures with the same session ID (e.g. when two threads
+     concurrently obtain them from an external cache).
+     The internal cache can handle only one SSL_SESSION with a given ID,
+     so if there's a conflict, we now throw out the old one to achieve
+     consistency.
+     [Bodo Moeller]
+
+  *) Add OIDs for idea and blowfish in CBC mode. This will allow both
+     to be used in PKCS#5 v2.0 and S/MIME.  Also add checking to
+     some routines that use cipher OIDs: some ciphers do not have OIDs
+     defined and so they cannot be used for S/MIME and PKCS#5 v2.0 for
+     example.
+     [Steve Henson]
+
+  *) Simplify the trust setting structure and code. Now we just have
+     two sequences of OIDs for trusted and rejected settings. These will
+     typically have values the same as the extended key usage extension
+     and any application specific purposes.
+
+     The trust checking code now has a default behaviour: it will just
+     check for an object with the same NID as the passed id. Functions can
+     be provided to override either the default behaviour or the behaviour
+     for a given id. SSL client, server and email already have functions
+     in place for compatibility: they check the NID and also return "trusted"
+     if the certificate is self signed.
+     [Steve Henson]
+
+  *) Add d2i,i2d bio/fp functions for PrivateKey: these convert the
+     traditional format into an EVP_PKEY structure.
+     [Steve Henson]
+
+  *) Add a password callback function PEM_cb() which either prompts for
+     a password if usr_data is NULL or otherwise assumes it is a null
+     terminated password. Allow passwords to be passed on command line
+     environment or config files in a few more utilities.
+     [Steve Henson]
+
+  *) Add a bunch of DER and PEM functions to handle PKCS#8 format private
+     keys. Add some short names for PKCS#8 PBE algorithms and allow them
+     to be specified on the command line for the pkcs8 and pkcs12 utilities.
+     Update documentation.
+     [Steve Henson]
+
+  *) Support for ASN1 "NULL" type. This could be handled before by using
+     ASN1_TYPE but there wasn't any function that would try to read a NULL
+     and produce an error if it couldn't. For compatibility we also have
+     ASN1_NULL_new() and ASN1_NULL_free() functions but these are faked and
+     don't allocate anything because they don't need to.
+     [Steve Henson]
+
+  *) Initial support for MacOS is now provided. Examine INSTALL.MacOS
+     for details.
+     [Andy Polyakov, Roy Woods <roy@centicsystems.ca>]
+
+  *) Rebuild of the memory allocation routines used by OpenSSL code and
+     possibly others as well.  The purpose is to make an interface that
+     provide hooks so anyone can build a separate set of allocation and
+     deallocation routines to be used by OpenSSL, for example memory
+     pool implementations, or something else, which was previously hard
+     since Malloc(), Realloc() and Free() were defined as macros having
+     the values malloc, realloc and free, respectively (except for Win32
+     compilations).  The same is provided for memory debugging code.
+     OpenSSL already comes with functionality to find memory leaks, but
+     this gives people a chance to debug other memory problems.
+
+     With these changes, a new set of functions and macros have appeared:
+
+       CRYPTO_set_mem_debug_functions()	        [F]
+       CRYPTO_get_mem_debug_functions()         [F]
+       CRYPTO_dbg_set_options()	                [F]
+       CRYPTO_dbg_get_options()                 [F]
+       CRYPTO_malloc_debug_init()               [M]
+
+     The memory debug functions are NULL by default, unless the library
+     is compiled with CRYPTO_MDEBUG or friends is defined.  If someone
+     wants to debug memory anyway, CRYPTO_malloc_debug_init() (which
+     gives the standard debugging functions that come with OpenSSL) or
+     CRYPTO_set_mem_debug_functions() (tells OpenSSL to use functions
+     provided by the library user) must be used.  When the standard
+     debugging functions are used, CRYPTO_dbg_set_options can be used to
+     request additional information:
+     CRYPTO_dbg_set_options(V_CYRPTO_MDEBUG_xxx) corresponds to setting
+     the CRYPTO_MDEBUG_xxx macro when compiling the library.   
+
+     Also, things like CRYPTO_set_mem_functions will always give the
+     expected result (the new set of functions is used for allocation
+     and deallocation) at all times, regardless of platform and compiler
+     options.
+
+     To finish it up, some functions that were never use in any other
+     way than through macros have a new API and new semantic:
+
+       CRYPTO_dbg_malloc()
+       CRYPTO_dbg_realloc()
+       CRYPTO_dbg_free()
+
+     All macros of value have retained their old syntax.
+     [Richard Levitte and Bodo Moeller]
+
+  *) Some S/MIME fixes. The OID for SMIMECapabilities was wrong, the
+     ordering of SMIMECapabilities wasn't in "strength order" and there
+     was a missing NULL in the AlgorithmIdentifier for the SHA1 signature
+     algorithm.
+     [Steve Henson]
+
+  *) Some ASN1 types with illegal zero length encoding (INTEGER,
+     ENUMERATED and OBJECT IDENTIFIER) choked the ASN1 routines.
+     [Frans Heymans <fheymans@isaserver.be>, modified by Steve Henson]
+
+  *) Merge in my S/MIME library for OpenSSL. This provides a simple
+     S/MIME API on top of the PKCS#7 code, a MIME parser (with enough
+     functionality to handle multipart/signed properly) and a utility
+     called 'smime' to call all this stuff. This is based on code I
+     originally wrote for Celo who have kindly allowed it to be
+     included in OpenSSL.
+     [Steve Henson]
+
+  *) Add variants des_set_key_checked and des_set_key_unchecked of
+     des_set_key (aka des_key_sched).  Global variable des_check_key
+     decides which of these is called by des_set_key; this way
+     des_check_key behaves as it always did, but applications and
+     the library itself, which was buggy for des_check_key == 1,
+     have a cleaner way to pick the version they need.
+     [Bodo Moeller]
+
+  *) New function PKCS12_newpass() which changes the password of a
+     PKCS12 structure.
+     [Steve Henson]
+
+  *) Modify X509_TRUST and X509_PURPOSE so it also uses a static and
+     dynamic mix. In both cases the ids can be used as an index into the
+     table. Also modified the X509_TRUST_add() and X509_PURPOSE_add()
+     functions so they accept a list of the field values and the
+     application doesn't need to directly manipulate the X509_TRUST
+     structure.
+     [Steve Henson]
+
+  *) Modify the ASN1_STRING_TABLE stuff so it also uses bsearch and doesn't
+     need initialising.
+     [Steve Henson]
+
+  *) Modify the way the V3 extension code looks up extensions. This now
+     works in a similar way to the object code: we have some "standard"
+     extensions in a static table which is searched with OBJ_bsearch()
+     and the application can add dynamic ones if needed. The file
+     crypto/x509v3/ext_dat.h now has the info: this file needs to be
+     updated whenever a new extension is added to the core code and kept
+     in ext_nid order. There is a simple program 'tabtest.c' which checks
+     this. New extensions are not added too often so this file can readily
+     be maintained manually.
+
+     There are two big advantages in doing things this way. The extensions
+     can be looked up immediately and no longer need to be "added" using
+     X509V3_add_standard_extensions(): this function now does nothing.
+     [Side note: I get *lots* of email saying the extension code doesn't
+      work because people forget to call this function]
+     Also no dynamic allocation is done unless new extensions are added:
+     so if we don't add custom extensions there is no need to call
+     X509V3_EXT_cleanup().
+     [Steve Henson]
+
+  *) Modify enc utility's salting as follows: make salting the default. Add a
+     magic header, so unsalted files fail gracefully instead of just decrypting
+     to garbage. This is because not salting is a big security hole, so people
+     should be discouraged from doing it.
+     [Ben Laurie]
+
+  *) Fixes and enhancements to the 'x509' utility. It allowed a message
+     digest to be passed on the command line but it only used this
+     parameter when signing a certificate. Modified so all relevant
+     operations are affected by the digest parameter including the
+     -fingerprint and -x509toreq options. Also -x509toreq choked if a
+     DSA key was used because it didn't fix the digest.
+     [Steve Henson]
+
+  *) Initial certificate chain verify code. Currently tests the untrusted
+     certificates for consistency with the verify purpose (which is set
+     when the X509_STORE_CTX structure is set up) and checks the pathlength.
+
+     There is a NO_CHAIN_VERIFY compilation option to keep the old behaviour:
+     this is because it will reject chains with invalid extensions whereas
+     every previous version of OpenSSL and SSLeay made no checks at all.
+
+     Trust code: checks the root CA for the relevant trust settings. Trust
+     settings have an initial value consistent with the verify purpose: e.g.
+     if the verify purpose is for SSL client use it expects the CA to be
+     trusted for SSL client use. However the default value can be changed to
+     permit custom trust settings: one example of this would be to only trust
+     certificates from a specific "secure" set of CAs.
+
+     Also added X509_STORE_CTX_new() and X509_STORE_CTX_free() functions
+     which should be used for version portability: especially since the
+     verify structure is likely to change more often now.
+
+     SSL integration. Add purpose and trust to SSL_CTX and SSL and functions
+     to set them. If not set then assume SSL clients will verify SSL servers
+     and vice versa.
+
+     Two new options to the verify program: -untrusted allows a set of
+     untrusted certificates to be passed in and -purpose which sets the
+     intended purpose of the certificate. If a purpose is set then the
+     new chain verify code is used to check extension consistency.
+     [Steve Henson]
+
+  *) Support for the authority information access extension.
+     [Steve Henson]
+
+  *) Modify RSA and DSA PEM read routines to transparently handle
+     PKCS#8 format private keys. New *_PUBKEY_* functions that handle
+     public keys in a format compatible with certificate
+     SubjectPublicKeyInfo structures. Unfortunately there were already
+     functions called *_PublicKey_* which used various odd formats so
+     these are retained for compatibility: however the DSA variants were
+     never in a public release so they have been deleted. Changed dsa/rsa
+     utilities to handle the new format: note no releases ever handled public
+     keys so we should be OK.
+
+     The primary motivation for this change is to avoid the same fiasco
+     that dogs private keys: there are several incompatible private key
+     formats some of which are standard and some OpenSSL specific and
+     require various evil hacks to allow partial transparent handling and
+     even then it doesn't work with DER formats. Given the option anything
+     other than PKCS#8 should be dumped: but the other formats have to
+     stay in the name of compatibility.
+
+     With public keys and the benefit of hindsight one standard format 
+     is used which works with EVP_PKEY, RSA or DSA structures: though
+     it clearly returns an error if you try to read the wrong kind of key.
+
+     Added a -pubkey option to the 'x509' utility to output the public key.
+     Also rename the EVP_PKEY_get_*() to EVP_PKEY_rget_*()
+     (renamed to EVP_PKEY_get1_*() in the OpenSSL 0.9.5 release) and add
+     EVP_PKEY_rset_*() functions (renamed to EVP_PKEY_set1_*())
+     that do the same as the EVP_PKEY_assign_*() except they up the
+     reference count of the added key (they don't "swallow" the
+     supplied key).
+     [Steve Henson]
+
+  *) Fixes to crypto/x509/by_file.c the code to read in certificates and
+     CRLs would fail if the file contained no certificates or no CRLs:
+     added a new function to read in both types and return the number
+     read: this means that if none are read it will be an error. The
+     DER versions of the certificate and CRL reader would always fail
+     because it isn't possible to mix certificates and CRLs in DER format
+     without choking one or the other routine. Changed this to just read
+     a certificate: this is the best we can do. Also modified the code
+     in apps/verify.c to take notice of return codes: it was previously
+     attempting to read in certificates from NULL pointers and ignoring
+     any errors: this is one reason why the cert and CRL reader seemed
+     to work. It doesn't check return codes from the default certificate
+     routines: these may well fail if the certificates aren't installed.
+     [Steve Henson]
+
+  *) Code to support otherName option in GeneralName.
+     [Steve Henson]
+
+  *) First update to verify code. Change the verify utility
+     so it warns if it is passed a self signed certificate:
+     for consistency with the normal behaviour. X509_verify
+     has been modified to it will now verify a self signed
+     certificate if *exactly* the same certificate appears
+     in the store: it was previously impossible to trust a
+     single self signed certificate. This means that:
+     openssl verify ss.pem
+     now gives a warning about a self signed certificate but
+     openssl verify -CAfile ss.pem ss.pem
+     is OK.
+     [Steve Henson]
+
+  *) For servers, store verify_result in SSL_SESSION data structure
+     (and add it to external session representation).
+     This is needed when client certificate verifications fails,
+     but an application-provided verification callback (set by
+     SSL_CTX_set_cert_verify_callback) allows accepting the session
+     anyway (i.e. leaves x509_store_ctx->error != X509_V_OK
+     but returns 1): When the session is reused, we have to set
+     ssl->verify_result to the appropriate error code to avoid
+     security holes.
+     [Bodo Moeller, problem pointed out by Lutz Jaenicke]
+
+  *) Fix a bug in the new PKCS#7 code: it didn't consider the
+     case in PKCS7_dataInit() where the signed PKCS7 structure
+     didn't contain any existing data because it was being created.
+     [Po-Cheng Chen <pocheng@nst.com.tw>, slightly modified by Steve Henson]
+
+  *) Add a salt to the key derivation routines in enc.c. This
+     forms the first 8 bytes of the encrypted file. Also add a
+     -S option to allow a salt to be input on the command line.
+     [Steve Henson]
+
+  *) New function X509_cmp(). Oddly enough there wasn't a function
+     to compare two certificates. We do this by working out the SHA1
+     hash and comparing that. X509_cmp() will be needed by the trust
+     code.
+     [Steve Henson]
+
+  *) SSL_get1_session() is like SSL_get_session(), but increments
+     the reference count in the SSL_SESSION returned.
+     [Geoff Thorpe <geoff@eu.c2.net>]
+
+  *) Fix for 'req': it was adding a null to request attributes.
+     Also change the X509_LOOKUP and X509_INFO code to handle
+     certificate auxiliary information.
+     [Steve Henson]
+
+  *) Add support for 40 and 64 bit RC2 and RC4 algorithms: document
+     the 'enc' command.
+     [Steve Henson]
+
+  *) Add the possibility to add extra information to the memory leak
+     detecting output, to form tracebacks, showing from where each
+     allocation was originated: CRYPTO_push_info("constant string") adds
+     the string plus current file name and line number to a per-thread
+     stack, CRYPTO_pop_info() does the obvious, CRYPTO_remove_all_info()
+     is like calling CYRPTO_pop_info() until the stack is empty.
+     Also updated memory leak detection code to be multi-thread-safe.
+     [Richard Levitte]
+
+  *) Add options -text and -noout to pkcs7 utility and delete the
+     encryption options which never did anything. Update docs.
+     [Steve Henson]
+
+  *) Add options to some of the utilities to allow the pass phrase
+     to be included on either the command line (not recommended on
+     OSes like Unix) or read from the environment. Update the
+     manpages and fix a few bugs.
+     [Steve Henson]
+
+  *) Add a few manpages for some of the openssl commands.
+     [Steve Henson]
+
+  *) Fix the -revoke option in ca. It was freeing up memory twice,
+     leaking and not finding already revoked certificates.
+     [Steve Henson]
+
+  *) Extensive changes to support certificate auxiliary information.
+     This involves the use of X509_CERT_AUX structure and X509_AUX
+     functions. An X509_AUX function such as PEM_read_X509_AUX()
+     can still read in a certificate file in the usual way but it
+     will also read in any additional "auxiliary information". By
+     doing things this way a fair degree of compatibility can be
+     retained: existing certificates can have this information added
+     using the new 'x509' options. 
+
+     Current auxiliary information includes an "alias" and some trust
+     settings. The trust settings will ultimately be used in enhanced
+     certificate chain verification routines: currently a certificate
+     can only be trusted if it is self signed and then it is trusted
+     for all purposes.
+     [Steve Henson]
+
+  *) Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD).
+     The problem was that one of the replacement routines had not been working
+     since SSLeay releases.  For now the offending routine has been replaced
+     with non-optimised assembler.  Even so, this now gives around 95%
+     performance improvement for 1024 bit RSA signs.
+     [Mark Cox]
+
+  *) Hack to fix PKCS#7 decryption when used with some unorthodox RC2 
+     handling. Most clients have the effective key size in bits equal to
+     the key length in bits: so a 40 bit RC2 key uses a 40 bit (5 byte) key.
+     A few however don't do this and instead use the size of the decrypted key
+     to determine the RC2 key length and the AlgorithmIdentifier to determine
+     the effective key length. In this case the effective key length can still
+     be 40 bits but the key length can be 168 bits for example. This is fixed
+     by manually forcing an RC2 key into the EVP_PKEY structure because the
+     EVP code can't currently handle unusual RC2 key sizes: it always assumes
+     the key length and effective key length are equal.
+     [Steve Henson]
+
+  *) Add a bunch of functions that should simplify the creation of 
+     X509_NAME structures. Now you should be able to do:
+     X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, "Steve", -1, -1, 0);
+     and have it automatically work out the correct field type and fill in
+     the structures. The more adventurous can try:
+     X509_NAME_add_entry_by_txt(nm, field, MBSTRING_UTF8, str, -1, -1, 0);
+     and it will (hopefully) work out the correct multibyte encoding.
+     [Steve Henson]
+
+  *) Change the 'req' utility to use the new field handling and multibyte
+     copy routines. Before the DN field creation was handled in an ad hoc
+     way in req, ca, and x509 which was rather broken and didn't support
+     BMPStrings or UTF8Strings. Since some software doesn't implement
+     BMPStrings or UTF8Strings yet, they can be enabled using the config file
+     using the dirstring_type option. See the new comment in the default
+     openssl.cnf for more info.
+     [Steve Henson]
+
+  *) Make crypto/rand/md_rand.c more robust:
+     - Assure unique random numbers after fork().
+     - Make sure that concurrent threads access the global counter and
+       md serializably so that we never lose entropy in them
+       or use exactly the same state in multiple threads.
+       Access to the large state is not always serializable because
+       the additional locking could be a performance killer, and
+       md should be large enough anyway.
+     [Bodo Moeller]
+
+  *) New file apps/app_rand.c with commonly needed functionality
+     for handling the random seed file.
+
+     Use the random seed file in some applications that previously did not:
+          ca,
+          dsaparam -genkey (which also ignored its '-rand' option), 
+          s_client,
+          s_server,
+          x509 (when signing).
+     Except on systems with /dev/urandom, it is crucial to have a random
+     seed file at least for key creation, DSA signing, and for DH exchanges;
+     for RSA signatures we could do without one.
+
+     gendh and gendsa (unlike genrsa) used to read only the first byte
+     of each file listed in the '-rand' option.  The function as previously
+     found in genrsa is now in app_rand.c and is used by all programs
+     that support '-rand'.
+     [Bodo Moeller]
+
+  *) In RAND_write_file, use mode 0600 for creating files;
+     don't just chmod when it may be too late.
+     [Bodo Moeller]
+
+  *) Report an error from X509_STORE_load_locations
+     when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.
+     [Bill Perry]
+
+  *) New function ASN1_mbstring_copy() this copies a string in either
+     ASCII, Unicode, Universal (4 bytes per character) or UTF8 format
+     into an ASN1_STRING type. A mask of permissible types is passed
+     and it chooses the "minimal" type to use or an error if not type
+     is suitable.
+     [Steve Henson]
+
+  *) Add function equivalents to the various macros in asn1.h. The old
+     macros are retained with an M_ prefix. Code inside the library can
+     use the M_ macros. External code (including the openssl utility)
+     should *NOT* in order to be "shared library friendly".
+     [Steve Henson]
+
+  *) Add various functions that can check a certificate's extensions
+     to see if it usable for various purposes such as SSL client,
+     server or S/MIME and CAs of these types. This is currently 
+     VERY EXPERIMENTAL but will ultimately be used for certificate chain
+     verification. Also added a -purpose flag to x509 utility to
+     print out all the purposes.
+     [Steve Henson]
+
+  *) Add a CRYPTO_EX_DATA to X509 certificate structure and associated
+     functions.
+     [Steve Henson]
+
+  *) New X509V3_{X509,CRL,REVOKED}_get_d2i() functions. These will search
+     for, obtain and decode and extension and obtain its critical flag.
+     This allows all the necessary extension code to be handled in a
+     single function call.
+     [Steve Henson]
+
+  *) RC4 tune-up featuring 30-40% performance improvement on most RISC
+     platforms. See crypto/rc4/rc4_enc.c for further details.
+     [Andy Polyakov]
+
+  *) New -noout option to asn1parse. This causes no output to be produced
+     its main use is when combined with -strparse and -out to extract data
+     from a file (which may not be in ASN.1 format).
+     [Steve Henson]
+
+  *) Fix for pkcs12 program. It was hashing an invalid certificate pointer
+     when producing the local key id.
+     [Richard Levitte <levitte@stacken.kth.se>]
+
+  *) New option -dhparam in s_server. This allows a DH parameter file to be
+     stated explicitly. If it is not stated then it tries the first server
+     certificate file. The previous behaviour hard coded the filename
+     "server.pem".
+     [Steve Henson]
+
+  *) Add -pubin and -pubout options to the rsa and dsa commands. These allow
+     a public key to be input or output. For example:
+     openssl rsa -in key.pem -pubout -out pubkey.pem
+     Also added necessary DSA public key functions to handle this.
+     [Steve Henson]
+
+  *) Fix so PKCS7_dataVerify() doesn't crash if no certificates are contained
+     in the message. This was handled by allowing
+     X509_find_by_issuer_and_serial() to tolerate a NULL passed to it.
+     [Steve Henson, reported by Sampo Kellomaki <sampo@mail.neuronio.pt>]
+
+  *) Fix for bug in d2i_ASN1_bytes(): other ASN1 functions add an extra null
+     to the end of the strings whereas this didn't. This would cause problems
+     if strings read with d2i_ASN1_bytes() were later modified.
+     [Steve Henson, reported by Arne Ansper <arne@ats.cyber.ee>]
+
+  *) Fix for base64 decode bug. When a base64 bio reads only one line of
+     data and it contains EOF it will end up returning an error. This is
+     caused by input 46 bytes long. The cause is due to the way base64
+     BIOs find the start of base64 encoded data. They do this by trying a
+     trial decode on each line until they find one that works. When they
+     do a flag is set and it starts again knowing it can pass all the
+     data directly through the decoder. Unfortunately it doesn't reset
+     the context it uses. This means that if EOF is reached an attempt
+     is made to pass two EOFs through the context and this causes the
+     resulting error. This can also cause other problems as well. As is
+     usual with these problems it takes *ages* to find and the fix is
+     trivial: move one line.
+     [Steve Henson, reported by ian@uns.ns.ac.yu (Ivan Nejgebauer) ]
+
+  *) Ugly workaround to get s_client and s_server working under Windows. The
+     old code wouldn't work because it needed to select() on sockets and the
+     tty (for keypresses and to see if data could be written). Win32 only
+     supports select() on sockets so we select() with a 1s timeout on the
+     sockets and then see if any characters are waiting to be read, if none
+     are present then we retry, we also assume we can always write data to
+     the tty. This isn't nice because the code then blocks until we've
+     received a complete line of data and it is effectively polling the
+     keyboard at 1s intervals: however it's quite a bit better than not
+     working at all :-) A dedicated Windows application might handle this
+     with an event loop for example.
+     [Steve Henson]
+
+  *) Enhance RSA_METHOD structure. Now there are two extra methods, rsa_sign
+     and rsa_verify. When the RSA_FLAGS_SIGN_VER option is set these functions
+     will be called when RSA_sign() and RSA_verify() are used. This is useful
+     if rsa_pub_dec() and rsa_priv_enc() equivalents are not available.
+     For this to work properly RSA_public_decrypt() and RSA_private_encrypt()
+     should *not* be used: RSA_sign() and RSA_verify() must be used instead.
+     This necessitated the support of an extra signature type NID_md5_sha1
+     for SSL signatures and modifications to the SSL library to use it instead
+     of calling RSA_public_decrypt() and RSA_private_encrypt().
+     [Steve Henson]
+
+  *) Add new -verify -CAfile and -CApath options to the crl program, these
+     will lookup a CRL issuers certificate and verify the signature in a
+     similar way to the verify program. Tidy up the crl program so it
+     no longer accesses structures directly. Make the ASN1 CRL parsing a bit
+     less strict. It will now permit CRL extensions even if it is not
+     a V2 CRL: this will allow it to tolerate some broken CRLs.
+     [Steve Henson]
+
+  *) Initialize all non-automatic variables each time one of the openssl
+     sub-programs is started (this is necessary as they may be started
+     multiple times from the "OpenSSL>" prompt).
+     [Lennart Bang, Bodo Moeller]
+
+  *) Preliminary compilation option RSA_NULL which disables RSA crypto without
+     removing all other RSA functionality (this is what NO_RSA does). This
+     is so (for example) those in the US can disable those operations covered
+     by the RSA patent while allowing storage and parsing of RSA keys and RSA
+     key generation.
+     [Steve Henson]
+
+  *) Non-copying interface to BIO pairs.
+     (still largely untested)
+     [Bodo Moeller]
+
+  *) New function ANS1_tag2str() to convert an ASN1 tag to a descriptive
+     ASCII string. This was handled independently in various places before.
+     [Steve Henson]
+
+  *) New functions UTF8_getc() and UTF8_putc() that parse and generate
+     UTF8 strings a character at a time.
+     [Steve Henson]
+
+  *) Use client_version from client hello to select the protocol
+     (s23_srvr.c) and for RSA client key exchange verification
+     (s3_srvr.c), as required by the SSL 3.0/TLS 1.0 specifications.
+     [Bodo Moeller]
+
+  *) Add various utility functions to handle SPKACs, these were previously
+     handled by poking round in the structure internals. Added new function
+     NETSCAPE_SPKI_print() to print out SPKAC and a new utility 'spkac' to
+     print, verify and generate SPKACs. Based on an original idea from
+     Massimiliano Pala <madwolf@comune.modena.it> but extensively modified.
+     [Steve Henson]
+
+  *) RIPEMD160 is operational on all platforms and is back in 'make test'.
+     [Andy Polyakov]
+
+  *) Allow the config file extension section to be overwritten on the
+     command line. Based on an original idea from Massimiliano Pala
+     <madwolf@comune.modena.it>. The new option is called -extensions
+     and can be applied to ca, req and x509. Also -reqexts to override
+     the request extensions in req and -crlexts to override the crl extensions
+     in ca.
+     [Steve Henson]
+
+  *) Add new feature to the SPKAC handling in ca.  Now you can include
+     the same field multiple times by preceding it by "XXXX." for example:
+     1.OU="Unit name 1"
+     2.OU="Unit name 2"
+     this is the same syntax as used in the req config file.
+     [Steve Henson]
+
+  *) Allow certificate extensions to be added to certificate requests. These
+     are specified in a 'req_extensions' option of the req section of the
+     config file. They can be printed out with the -text option to req but
+     are otherwise ignored at present.
+     [Steve Henson]
+
+  *) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first
+     data read consists of only the final block it would not decrypted because
+     EVP_CipherUpdate() would correctly report zero bytes had been decrypted.
+     A misplaced 'break' also meant the decrypted final block might not be
+     copied until the next read.
+     [Steve Henson]
+
+  *) Initial support for DH_METHOD. Again based on RSA_METHOD. Also added
+     a few extra parameters to the DH structure: these will be useful if
+     for example we want the value of 'q' or implement X9.42 DH.
+     [Steve Henson]
+
+  *) Initial support for DSA_METHOD. This is based on the RSA_METHOD and
+     provides hooks that allow the default DSA functions or functions on a
+     "per key" basis to be replaced. This allows hardware acceleration and
+     hardware key storage to be handled without major modification to the
+     library. Also added low level modexp hooks and CRYPTO_EX structure and 
+     associated functions.
+     [Steve Henson]
+
+  *) Add a new flag to memory BIOs, BIO_FLAG_MEM_RDONLY. This marks the BIO
+     as "read only": it can't be written to and the buffer it points to will
+     not be freed. Reading from a read only BIO is much more efficient than
+     a normal memory BIO. This was added because there are several times when
+     an area of memory needs to be read from a BIO. The previous method was
+     to create a memory BIO and write the data to it, this results in two
+     copies of the data and an O(n^2) reading algorithm. There is a new
+     function BIO_new_mem_buf() which creates a read only memory BIO from
+     an area of memory. Also modified the PKCS#7 routines to use read only
+     memory BIOs.
+     [Steve Henson]
+
+  *) Bugfix: ssl23_get_client_hello did not work properly when called in
+     state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of
+     a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read,
+     but a retry condition occured while trying to read the rest.
+     [Bodo Moeller]
+
+  *) The PKCS7_ENC_CONTENT_new() function was setting the content type as
+     NID_pkcs7_encrypted by default: this was wrong since this should almost
+     always be NID_pkcs7_data. Also modified the PKCS7_set_type() to handle
+     the encrypted data type: this is a more sensible place to put it and it
+     allows the PKCS#12 code to be tidied up that duplicated this
+     functionality.
+     [Steve Henson]
+
+  *) Changed obj_dat.pl script so it takes its input and output files on
+     the command line. This should avoid shell escape redirection problems
+     under Win32.
+     [Steve Henson]
+
+  *) Initial support for certificate extension requests, these are included
+     in things like Xenroll certificate requests. Included functions to allow
+     extensions to be obtained and added.
+     [Steve Henson]
+
+  *) -crlf option to s_client and s_server for sending newlines as
+     CRLF (as required by many protocols).
+     [Bodo Moeller]
+
+ Changes between 0.9.3a and 0.9.4  [09 Aug 1999]
+  
+  *) Install libRSAglue.a when OpenSSL is built with RSAref.
+     [Ralf S. Engelschall]
+
+  *) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency.
+     [Andrija Antonijevic <TheAntony2@bigfoot.com>]
+
+  *) Fix -startdate and -enddate (which was missing) arguments to 'ca'
+     program.
+     [Steve Henson]
+
+  *) New function DSA_dup_DH, which duplicates DSA parameters/keys as
+     DH parameters/keys (q is lost during that conversion, but the resulting
+     DH parameters contain its length).
+
+     For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is
+     much faster than DH_generate_parameters (which creates parameters
+     where p = 2*q + 1), and also the smaller q makes DH computations
+     much more efficient (160-bit exponentiation instead of 1024-bit
+     exponentiation); so this provides a convenient way to support DHE
+     ciphersuites in SSL/TLS servers (see ssl/ssltest.c).  It is of
+     utter importance to use
+         SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+     or
+         SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+     when such DH parameters are used, because otherwise small subgroup
+     attacks may become possible!
+     [Bodo Moeller]
+
+  *) Avoid memory leak in i2d_DHparams.
+     [Bodo Moeller]
+
+  *) Allow the -k option to be used more than once in the enc program:
+     this allows the same encrypted message to be read by multiple recipients.
+     [Steve Henson]
+
+  *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts
+     an ASN1_OBJECT to a text string. If the "no_name" parameter is set then
+     it will always use the numerical form of the OID, even if it has a short
+     or long name.
+     [Steve Henson]
+
+  *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp
+     method only got called if p,q,dmp1,dmq1,iqmp components were present,
+     otherwise bn_mod_exp was called. In the case of hardware keys for example
+     no private key components need be present and it might store extra data
+     in the RSA structure, which cannot be accessed from bn_mod_exp.
+     By setting RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for
+     private key operations.
+     [Steve Henson]
+
+  *) Added support for SPARC Linux.
+     [Andy Polyakov]
+
+  *) pem_password_cb function type incompatibly changed from
+          typedef int pem_password_cb(char *buf, int size, int rwflag);
+     to
+          ....(char *buf, int size, int rwflag, void *userdata);
+     so that applications can pass data to their callbacks:
+     The PEM[_ASN1]_{read,write}... functions and macros now take an
+     additional void * argument, which is just handed through whenever
+     the password callback is called.
+     [Damien Miller <dmiller@ilogic.com.au>; tiny changes by Bodo Moeller]
+
+     New function SSL_CTX_set_default_passwd_cb_userdata.
+
+     Compatibility note: As many C implementations push function arguments
+     onto the stack in reverse order, the new library version is likely to
+     interoperate with programs that have been compiled with the old
+     pem_password_cb definition (PEM_whatever takes some data that
+     happens to be on the stack as its last argument, and the callback
+     just ignores this garbage); but there is no guarantee whatsoever that
+     this will work.
+
+  *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=...
+     (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused
+     problems not only on Windows, but also on some Unix platforms.
+     To avoid problematic command lines, these definitions are now in an
+     auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl
+     for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds).
+     [Bodo Moeller]
+
+  *) MIPS III/IV assembler module is reimplemented.
+     [Andy Polyakov]
+
+  *) More DES library cleanups: remove references to srand/rand and
+     delete an unused file.
+     [Ulf Möller]
+
+  *) Add support for the the free Netwide assembler (NASM) under Win32,
+     since not many people have MASM (ml) and it can be hard to obtain.
+     This is currently experimental but it seems to work OK and pass all
+     the tests. Check out INSTALL.W32 for info.
+     [Steve Henson]
+
+  *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections
+     without temporary keys kept an extra copy of the server key,
+     and connections with temporary keys did not free everything in case
+     of an error.
+     [Bodo Moeller]
+
+  *) New function RSA_check_key and new openssl rsa option -check
+     for verifying the consistency of RSA keys.
+     [Ulf Moeller, Bodo Moeller]
+
+  *) Various changes to make Win32 compile work: 
+     1. Casts to avoid "loss of data" warnings in p5_crpt2.c
+     2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned
+        comparison" warnings.
+     3. Add sk_<TYPE>_sort to DEF file generator and do make update.
+     [Steve Henson]
+
+  *) Add a debugging option to PKCS#5 v2 key generation function: when
+     you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and
+     derived keys are printed to stderr.
+     [Steve Henson]
+
+  *) Copy the flags in ASN1_STRING_dup().
+     [Roman E. Pavlov <pre@mo.msk.ru>]
+
+  *) The x509 application mishandled signing requests containing DSA
+     keys when the signing key was also DSA and the parameters didn't match.
+
+     It was supposed to omit the parameters when they matched the signing key:
+     the verifying software was then supposed to automatically use the CA's
+     parameters if they were absent from the end user certificate.
+
+     Omitting parameters is no longer recommended. The test was also
+     the wrong way round! This was probably due to unusual behaviour in
+     EVP_cmp_parameters() which returns 1 if the parameters match. 
+     This meant that parameters were omitted when they *didn't* match and
+     the certificate was useless. Certificates signed with 'ca' didn't have
+     this bug.
+     [Steve Henson, reported by Doug Erickson <Doug.Erickson@Part.NET>]
+
+  *) Memory leak checking (-DCRYPTO_MDEBUG) had some problems.
+     The interface is as follows:
+     Applications can use
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) aka MemCheck_start(),
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) aka MemCheck_stop();
+     "off" is now the default.
+     The library internally uses
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) aka MemCheck_off(),
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) aka MemCheck_on()
+     to disable memory-checking temporarily.
+
+     Some inconsistent states that previously were possible (and were
+     even the default) are now avoided.
+
+     -DCRYPTO_MDEBUG_TIME is new and additionally stores the current time
+     with each memory chunk allocated; this is occasionally more helpful
+     than just having a counter.
+
+     -DCRYPTO_MDEBUG_THREAD is also new and adds the thread ID.
+
+     -DCRYPTO_MDEBUG_ALL enables all of the above, plus any future
+     extensions.
+     [Bodo Moeller]
+
+  *) Introduce "mode" for SSL structures (with defaults in SSL_CTX),
+     which largely parallels "options", but is for changing API behaviour,
+     whereas "options" are about protocol behaviour.
+     Initial "mode" flags are:
+
+     SSL_MODE_ENABLE_PARTIAL_WRITE   Allow SSL_write to report success when
+                                     a single record has been written.
+     SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER  Don't insist that SSL_write
+                                     retries use the same buffer location.
+                                     (But all of the contents must be
+                                     copied!)
+     [Bodo Moeller]
+
+  *) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options
+     worked.
+
+  *) Fix problems with no-hmac etc.
+     [Ulf Möller, pointed out by Brian Wellington <bwelling@tislabs.com>]
+
+  *) New functions RSA_get_default_method(), RSA_set_method() and
+     RSA_get_method(). These allows replacement of RSA_METHODs without having
+     to mess around with the internals of an RSA structure.
+     [Steve Henson]
+
+  *) Fix memory leaks in DSA_do_sign and DSA_is_prime.
+     Also really enable memory leak checks in openssl.c and in some
+     test programs.
+     [Chad C. Mulligan, Bodo Moeller]
+
+  *) Fix a bug in d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() which can mess
+     up the length of negative integers. This has now been simplified to just
+     store the length when it is first determined and use it later, rather
+     than trying to keep track of where data is copied and updating it to
+     point to the end.
+     [Steve Henson, reported by Brien Wheeler
+      <bwheeler@authentica-security.com>]
+
+  *) Add a new function PKCS7_signatureVerify. This allows the verification
+     of a PKCS#7 signature but with the signing certificate passed to the
+     function itself. This contrasts with PKCS7_dataVerify which assumes the
+     certificate is present in the PKCS#7 structure. This isn't always the
+     case: certificates can be omitted from a PKCS#7 structure and be
+     distributed by "out of band" means (such as a certificate database).
+     [Steve Henson]
+
+  *) Complete the PEM_* macros with DECLARE_PEM versions to replace the
+     function prototypes in pem.h, also change util/mkdef.pl to add the
+     necessary function names. 
+     [Steve Henson]
+
+  *) mk1mf.pl (used by Windows builds) did not properly read the
+     options set by Configure in the top level Makefile, and Configure
+     was not even able to write more than one option correctly.
+     Fixed, now "no-idea no-rc5 -DCRYPTO_MDEBUG" etc. works as intended.
+     [Bodo Moeller]
+
+  *) New functions CONF_load_bio() and CONF_load_fp() to allow a config
+     file to be loaded from a BIO or FILE pointer. The BIO version will
+     for example allow memory BIOs to contain config info.
+     [Steve Henson]
+
+  *) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS.
+     Whoever hopes to achieve shared-library compatibility across versions
+     must use this, not the compile-time macro.
+     (Exercise 0.9.4: Which is the minimum library version required by
+     such programs?)
+     Note: All this applies only to multi-threaded programs, others don't
+     need locks.
+     [Bodo Moeller]
+
+  *) Add missing case to s3_clnt.c state machine -- one of the new SSL tests
+     through a BIO pair triggered the default case, i.e.
+     SSLerr(...,SSL_R_UNKNOWN_STATE).
+     [Bodo Moeller]
+
+  *) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications
+     can use the SSL library even if none of the specific BIOs is
+     appropriate.
+     [Bodo Moeller]
+
+  *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value
+     for the encoded length.
+     [Jeon KyoungHo <khjeon@sds.samsung.co.kr>]
+
+  *) Add initial documentation of the X509V3 functions.
+     [Steve Henson]
+
+  *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and 
+     PEM_write_bio_PKCS8PrivateKey() that are equivalent to
+     PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more
+     secure PKCS#8 private key format with a high iteration count.
+     [Steve Henson]
+
+  *) Fix determination of Perl interpreter: A perl or perl5
+     _directory_ in $PATH was also accepted as the interpreter.
+     [Ralf S. Engelschall]
+
+  *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking
+     wrong with it but it was very old and did things like calling
+     PEM_ASN1_read() directly and used MD5 for the hash not to mention some
+     unusual formatting.
+     [Steve Henson]
+
+  *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed
+     to use the new extension code.
+     [Steve Henson]
+
+  *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c
+     with macros. This should make it easier to change their form, add extra
+     arguments etc. Fix a few PEM prototypes which didn't have cipher as a
+     constant.
+     [Steve Henson]
+
+  *) Add to configuration table a new entry that can specify an alternative
+     name for unistd.h (for pre-POSIX systems); we need this for NeXTstep,
+     according to Mark Crispin <MRC@Panda.COM>.
+     [Bodo Moeller]
+
+#if 0
+  *) DES CBC did not update the IV. Weird.
+     [Ben Laurie]
+#else
+     des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does.
+     Changing the behaviour of the former might break existing programs --
+     where IV updating is needed, des_ncbc_encrypt can be used.
+#endif
+
+  *) When bntest is run from "make test" it drives bc to check its
+     calculations, as well as internally checking them. If an internal check
+     fails, it needs to cause bc to give a non-zero result or make test carries
+     on without noticing the failure. Fixed.
+     [Ben Laurie]
+
+  *) DES library cleanups.
+     [Ulf Möller]
+
+  *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be
+     used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit
+     ciphers. NOTE: although the key derivation function has been verified
+     against some published test vectors it has not been extensively tested
+     yet. Added a -v2 "cipher" option to pkcs8 application to allow the use
+     of v2.0.
+     [Steve Henson]
+
+  *) Instead of "mkdir -p", which is not fully portable, use new
+     Perl script "util/mkdir-p.pl".
+     [Bodo Moeller]
+
+  *) Rewrite the way password based encryption (PBE) is handled. It used to
+     assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter
+     structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms
+     but doesn't apply to PKCS#5 v2.0 where it can be something else. Now
+     the 'parameter' field of the AlgorithmIdentifier is passed to the
+     underlying key generation function so it must do its own ASN1 parsing.
+     This has also changed the EVP_PBE_CipherInit() function which now has a
+     'parameter' argument instead of literal salt and iteration count values
+     and the function EVP_PBE_ALGOR_CipherInit() has been deleted.
+     [Steve Henson]
+
+  *) Support for PKCS#5 v1.5 compatible password based encryption algorithms
+     and PKCS#8 functionality. New 'pkcs8' application linked to openssl.
+     Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE
+     KEY" because this clashed with PKCS#8 unencrypted string. Since this
+     value was just used as a "magic string" and not used directly its
+     value doesn't matter.
+     [Steve Henson]
+
+  *) Introduce some semblance of const correctness to BN. Shame C doesn't
+     support mutable.
+     [Ben Laurie]
+
+  *) "linux-sparc64" configuration (ultrapenguin).
+     [Ray Miller <ray.miller@oucs.ox.ac.uk>]
+     "linux-sparc" configuration.
+     [Christian Forster <fo@hawo.stw.uni-erlangen.de>]
+
+  *) config now generates no-xxx options for missing ciphers.
+     [Ulf Möller]
+
+  *) Support the EBCDIC character set (work in progress).
+     File ebcdic.c not yet included because it has a different license.
+     [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
+
+  *) Support BS2000/OSD-POSIX.
+     [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
+
+  *) Make callbacks for key generation use void * instead of char *.
+     [Ben Laurie]
+
+  *) Make S/MIME samples compile (not yet tested).
+     [Ben Laurie]
+
+  *) Additional typesafe stacks.
+     [Ben Laurie]
+
+  *) New configuration variants "bsdi-elf-gcc" (BSD/OS 4.x).
+     [Bodo Moeller]
+
+
+ Changes between 0.9.3 and 0.9.3a  [29 May 1999]
+
+  *) New configuration variant "sco5-gcc".
+
+  *) Updated some demos.
+     [Sean O Riordain, Wade Scholine]
+
+  *) Add missing BIO_free at exit of pkcs12 application.
+     [Wu Zhigang]
+
+  *) Fix memory leak in conf.c.
+     [Steve Henson]
+
+  *) Updates for Win32 to assembler version of MD5.
+     [Steve Henson]
+
+  *) Set #! path to perl in apps/der_chop to where we found it
+     instead of using a fixed path.
+     [Bodo Moeller]
+
+  *) SHA library changes for irix64-mips4-cc.
+     [Andy Polyakov]
+
+  *) Improvements for VMS support.
+     [Richard Levitte]
+
+
+ Changes between 0.9.2b and 0.9.3  [24 May 1999]
+
+  *) Bignum library bug fix. IRIX 6 passes "make test" now!
+     This also avoids the problems with SC4.2 and unpatched SC5.  
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) New functions sk_num, sk_value and sk_set to replace the previous macros.
+     These are required because of the typesafe stack would otherwise break 
+     existing code. If old code used a structure member which used to be STACK
+     and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with
+     sk_num or sk_value it would produce an error because the num, data members
+     are not present in STACK_OF. Now it just produces a warning. sk_set
+     replaces the old method of assigning a value to sk_value
+     (e.g. sk_value(x, i) = y) which the library used in a few cases. Any code
+     that does this will no longer work (and should use sk_set instead) but
+     this could be regarded as a "questionable" behaviour anyway.
+     [Steve Henson]
+
+  *) Fix most of the other PKCS#7 bugs. The "experimental" code can now
+     correctly handle encrypted S/MIME data.
+     [Steve Henson]
+
+  *) Change type of various DES function arguments from des_cblock
+     (which means, in function argument declarations, pointer to char)
+     to des_cblock * (meaning pointer to array with 8 char elements),
+     which allows the compiler to do more typechecking; it was like
+     that back in SSLeay, but with lots of ugly casts.
+
+     Introduce new type const_des_cblock.
+     [Bodo Moeller]
+
+  *) Reorganise the PKCS#7 library and get rid of some of the more obvious
+     problems: find RecipientInfo structure that matches recipient certificate
+     and initialise the ASN1 structures properly based on passed cipher.
+     [Steve Henson]
+
+  *) Belatedly make the BN tests actually check the results.
+     [Ben Laurie]
+
+  *) Fix the encoding and decoding of negative ASN1 INTEGERS and conversion
+     to and from BNs: it was completely broken. New compilation option
+     NEG_PUBKEY_BUG to allow for some broken certificates that encode public
+     key elements as negative integers.
+     [Steve Henson]
+
+  *) Reorganize and speed up MD5.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) VMS support.
+     [Richard Levitte <richard@levitte.org>]
+
+  *) New option -out to asn1parse to allow the parsed structure to be
+     output to a file. This is most useful when combined with the -strparse
+     option to examine the output of things like OCTET STRINGS.
+     [Steve Henson]
+
+  *) Make SSL library a little more fool-proof by not requiring any longer
+     that SSL_set_{accept,connect}_state be called before
+     SSL_{accept,connect} may be used (SSL_set_..._state is omitted
+     in many applications because usually everything *appeared* to work as
+     intended anyway -- now it really works as intended).
+     [Bodo Moeller]
+
+  *) Move openssl.cnf out of lib/.
+     [Ulf Möller]
+
+  *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall
+     -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes
+     -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+ 
+     [Ralf S. Engelschall]
+
+  *) Various fixes to the EVP and PKCS#7 code. It may now be able to
+     handle PKCS#7 enveloped data properly.
+     [Sebastian Akerman <sak@parallelconsulting.com>, modified by Steve]
+
+  *) Create a duplicate of the SSL_CTX's CERT in SSL_new instead of
+     copying pointers.  The cert_st handling is changed by this in
+     various ways (and thus what used to be known as ctx->default_cert
+     is now called ctx->cert, since we don't resort to s->ctx->[default_]cert
+     any longer when s->cert does not give us what we need).
+     ssl_cert_instantiate becomes obsolete by this change.
+     As soon as we've got the new code right (possibly it already is?),
+     we have solved a couple of bugs of the earlier code where s->cert
+     was used as if it could not have been shared with other SSL structures.
+
+     Note that using the SSL API in certain dirty ways now will result
+     in different behaviour than observed with earlier library versions:
+     Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx)
+     does not influence s as it used to.
+     
+     In order to clean up things more thoroughly, inside SSL_SESSION
+     we don't use CERT any longer, but a new structure SESS_CERT
+     that holds per-session data (if available); currently, this is
+     the peer's certificate chain and, for clients, the server's certificate
+     and temporary key.  CERT holds only those values that can have
+     meaningful defaults in an SSL_CTX.
+     [Bodo Moeller]
+
+  *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure
+     from the internal representation. Various PKCS#7 fixes: remove some
+     evil casts and set the enc_dig_alg field properly based on the signing
+     key type.
+     [Steve Henson]
+
+  *) Allow PKCS#12 password to be set from the command line or the
+     environment. Let 'ca' get its config file name from the environment
+     variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req'
+     and 'x509').
+     [Steve Henson]
+
+  *) Allow certificate policies extension to use an IA5STRING for the
+     organization field. This is contrary to the PKIX definition but
+     VeriSign uses it and IE5 only recognises this form. Document 'x509'
+     extension option.
+     [Steve Henson]
+
+  *) Add PEDANTIC compiler flag to allow compilation with gcc -pedantic,
+     without disallowing inline assembler and the like for non-pedantic builds.
+     [Ben Laurie]
+
+  *) Support Borland C++ builder.
+     [Janez Jere <jj@void.si>, modified by Ulf Möller]
+
+  *) Support Mingw32.
+     [Ulf Möller]
+
+  *) SHA-1 cleanups and performance enhancements.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) Sparc v8plus assembler for the bignum library.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) Accept any -xxx and +xxx compiler options in Configure.
+     [Ulf Möller]
+
+  *) Update HPUX configuration.
+     [Anonymous]
+  
+  *) Add missing sk_<type>_unshift() function to safestack.h
+     [Ralf S. Engelschall]
+
+  *) New function SSL_CTX_use_certificate_chain_file that sets the
+     "extra_cert"s in addition to the certificate.  (This makes sense
+     only for "PEM" format files, as chains as a whole are not
+     DER-encoded.)
+     [Bodo Moeller]
+
+  *) Support verify_depth from the SSL API.
+     x509_vfy.c had what can be considered an off-by-one-error:
+     Its depth (which was not part of the external interface)
+     was actually counting the number of certificates in a chain;
+     now it really counts the depth.
+     [Bodo Moeller]
+
+  *) Bugfix in crypto/x509/x509_cmp.c: The SSLerr macro was used
+     instead of X509err, which often resulted in confusing error
+     messages since the error codes are not globally unique
+     (e.g. an alleged error in ssl3_accept when a certificate
+     didn't match the private key).
+
+  *) New function SSL_CTX_set_session_id_context that allows to set a default
+     value (so that you don't need SSL_set_session_id_context for each
+     connection using the SSL_CTX).
+     [Bodo Moeller]
+
+  *) OAEP decoding bug fix.
+     [Ulf Möller]
+
+  *) Support INSTALL_PREFIX for package builders, as proposed by
+     David Harris.
+     [Bodo Moeller]
+
+  *) New Configure options "threads" and "no-threads".  For systems
+     where the proper compiler options are known (currently Solaris
+     and Linux), "threads" is the default.
+     [Bodo Moeller]
+
+  *) New script util/mklink.pl as a faster substitute for util/mklink.sh.
+     [Bodo Moeller]
+
+  *) Install various scripts to $(OPENSSLDIR)/misc, not to
+     $(INSTALLTOP)/bin -- they shouldn't clutter directories
+     such as /usr/local/bin.
+     [Bodo Moeller]
+
+  *) "make linux-shared" to build shared libraries.
+     [Niels Poppe <niels@netbox.org>]
+
+  *) New Configure option no-<cipher> (rsa, idea, rc5, ...).
+     [Ulf Möller]
+
+  *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for
+     extension adding in x509 utility.
+     [Steve Henson]
+
+  *) Remove NOPROTO sections and error code comments.
+     [Ulf Möller]
+
+  *) Partial rewrite of the DEF file generator to now parse the ANSI
+     prototypes.
+     [Steve Henson]
+
+  *) New Configure options --prefix=DIR and --openssldir=DIR.
+     [Ulf Möller]
+
+  *) Complete rewrite of the error code script(s). It is all now handled
+     by one script at the top level which handles error code gathering,
+     header rewriting and C source file generation. It should be much better
+     than the old method: it now uses a modified version of Ulf's parser to
+     read the ANSI prototypes in all header files (thus the old K&R definitions
+     aren't needed for error creation any more) and do a better job of
+     translating function codes into names. The old 'ASN1 error code imbedded
+     in a comment' is no longer necessary and it doesn't use .err files which
+     have now been deleted. Also the error code call doesn't have to appear all
+     on one line (which resulted in some large lines...).
+     [Steve Henson]
+
+  *) Change #include filenames from <foo.h> to <openssl/foo.h>.
+     [Bodo Moeller]
+
+  *) Change behaviour of ssl2_read when facing length-0 packets: Don't return
+     0 (which usually indicates a closed connection), but continue reading.
+     [Bodo Moeller]
+
+  *) Fix some race conditions.
+     [Bodo Moeller]
+
+  *) Add support for CRL distribution points extension. Add Certificate
+     Policies and CRL distribution points documentation.
+     [Steve Henson]
+
+  *) Move the autogenerated header file parts to crypto/opensslconf.h.
+     [Ulf Möller]
+
+  *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of
+     8 of keying material. Merlin has also confirmed interop with this fix
+     between OpenSSL and Baltimore C/SSL 2.0 and J/SSL 2.0.
+     [Merlin Hughes <merlin@baltimore.ie>]
+
+  *) Fix lots of warnings.
+     [Richard Levitte <levitte@stacken.kth.se>]
+ 
+  *) In add_cert_dir() in crypto/x509/by_dir.c, break out of the loop if
+     the directory spec didn't end with a LIST_SEPARATOR_CHAR.
+     [Richard Levitte <levitte@stacken.kth.se>]
+ 
+  *) Fix problems with sizeof(long) == 8.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) Change functions to ANSI C.
+     [Ulf Möller]
+
+  *) Fix typos in error codes.
+     [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>, Ulf Möller]
+
+  *) Remove defunct assembler files from Configure.
+     [Ulf Möller]
+
+  *) SPARC v8 assembler BIGNUM implementation.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) Support for Certificate Policies extension: both print and set.
+     Various additions to support the r2i method this uses.
+     [Steve Henson]
+
+  *) A lot of constification, and fix a bug in X509_NAME_oneline() that could
+     return a const string when you are expecting an allocated buffer.
+     [Ben Laurie]
+
+  *) Add support for ASN1 types UTF8String and VISIBLESTRING, also the CHOICE
+     types DirectoryString and DisplayText.
+     [Steve Henson]
+
+  *) Add code to allow r2i extensions to access the configuration database,
+     add an LHASH database driver and add several ctx helper functions.
+     [Steve Henson]
+
+  *) Fix an evil bug in bn_expand2() which caused various BN functions to
+     fail when they extended the size of a BIGNUM.
+     [Steve Henson]
+
+  *) Various utility functions to handle SXNet extension. Modify mkdef.pl to
+     support typesafe stack.
+     [Steve Henson]
+
+  *) Fix typo in SSL_[gs]et_options().
+     [Nils Frostberg <nils@medcom.se>]
+
+  *) Delete various functions and files that belonged to the (now obsolete)
+     old X509V3 handling code.
+     [Steve Henson]
+
+  *) New Configure option "rsaref".
+     [Ulf Möller]
+
+  *) Don't auto-generate pem.h.
+     [Bodo Moeller]
+
+  *) Introduce type-safe ASN.1 SETs.
+     [Ben Laurie]
+
+  *) Convert various additional casted stacks to type-safe STACK_OF() variants.
+     [Ben Laurie, Ralf S. Engelschall, Steve Henson]
+
+  *) Introduce type-safe STACKs. This will almost certainly break lots of code
+     that links with OpenSSL (well at least cause lots of warnings), but fear
+     not: the conversion is trivial, and it eliminates loads of evil casts. A
+     few STACKed things have been converted already. Feel free to convert more.
+     In the fullness of time, I'll do away with the STACK type altogether.
+     [Ben Laurie]
+
+  *) Add `openssl ca -revoke <certfile>' facility which revokes a certificate
+     specified in <certfile> by updating the entry in the index.txt file.
+     This way one no longer has to edit the index.txt file manually for
+     revoking a certificate. The -revoke option does the gory details now.
+     [Massimiliano Pala <madwolf@openca.org>, Ralf S. Engelschall]
+
+  *) Fix `openssl crl -noout -text' combination where `-noout' killed the
+     `-text' option at all and this way the `-noout -text' combination was
+     inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'.
+     [Ralf S. Engelschall]
+
+  *) Make sure a corresponding plain text error message exists for the
+     X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
+     verify callback function determined that a certificate was revoked.
+     [Ralf S. Engelschall]
+
+  *) Bugfix: In test/testenc, don't test "openssl <cipher>" for
+     ciphers that were excluded, e.g. by -DNO_IDEA.  Also, test
+     all available cipers including rc5, which was forgotten until now.
+     In order to let the testing shell script know which algorithms
+     are available, a new (up to now undocumented) command
+     "openssl list-cipher-commands" is used.
+     [Bodo Moeller]
+
+  *) Bugfix: s_client occasionally would sleep in select() when
+     it should have checked SSL_pending() first.
+     [Bodo Moeller]
+
+  *) New functions DSA_do_sign and DSA_do_verify to provide access to
+     the raw DSA values prior to ASN.1 encoding.
+     [Ulf Möller]
+
+  *) Tweaks to Configure
+     [Niels Poppe <niels@netbox.org>]
+
+  *) Add support for PKCS#5 v2.0 ASN1 PBES2 structures. No other support,
+     yet...
+     [Steve Henson]
+
+  *) New variables $(RANLIB) and $(PERL) in the Makefiles.
+     [Ulf Möller]
+
+  *) New config option to avoid instructions that are illegal on the 80386.
+     The default code is faster, but requires at least a 486.
+     [Ulf Möller]
+  
+  *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and
+     SSL2_SERVER_VERSION (not used at all) macros, which are now the
+     same as SSL2_VERSION anyway.
+     [Bodo Moeller]
+
+  *) New "-showcerts" option for s_client.
+     [Bodo Moeller]
+
+  *) Still more PKCS#12 integration. Add pkcs12 application to openssl
+     application. Various cleanups and fixes.
+     [Steve Henson]
+
+  *) More PKCS#12 integration. Add new pkcs12 directory with Makefile.ssl and
+     modify error routines to work internally. Add error codes and PBE init
+     to library startup routines.
+     [Steve Henson]
+
+  *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and
+     packing functions to asn1 and evp. Changed function names and error
+     codes along the way.
+     [Steve Henson]
+
+  *) PKCS12 integration: and so it begins... First of several patches to
+     slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12
+     objects to objects.h
+     [Steve Henson]
+
+  *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1
+     and display support for Thawte strong extranet extension.
+     [Steve Henson]
+
+  *) Add LinuxPPC support.
+     [Jeff Dubrule <igor@pobox.org>]
+
+  *) Get rid of redundant BN file bn_mulw.c, and rename bn_div64 to
+     bn_div_words in alpha.s.
+     [Hannes Reinecke <H.Reinecke@hw.ac.uk> and Ben Laurie]
+
+  *) Make sure the RSA OAEP test is skipped under -DRSAref because
+     OAEP isn't supported when OpenSSL is built with RSAref.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h 
+     so they no longer are missing under -DNOPROTO. 
+     [Soren S. Jorvang <soren@t.dk>]
+
+
+ Changes between 0.9.1c and 0.9.2b  [22 Mar 1999]
+
+  *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still
+     doesn't work when the session is reused. Coming soon!
+     [Ben Laurie]
+
+  *) Fix a security hole, that allows sessions to be reused in the wrong
+     context thus bypassing client cert protection! All software that uses
+     client certs and session caches in multiple contexts NEEDS PATCHING to
+     allow session reuse! A fuller solution is in the works.
+     [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)]
+
+  *) Some more source tree cleanups (removed obsolete files
+     crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed
+     permission on "config" script to be executable) and a fix for the INSTALL
+     document.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Remove some legacy and erroneous uses of malloc, free instead of
+     Malloc, Free.
+     [Lennart Bang <lob@netstream.se>, with minor changes by Steve]
+
+  *) Make rsa_oaep_test return non-zero on error.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Add support for native Solaris shared libraries. Configure
+     solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice
+     if someone would make that last step automatic.
+     [Matthias Loepfe <Matthias.Loepfe@AdNovum.CH>]
+
+  *) ctx_size was not built with the right compiler during "make links". Fixed.
+     [Ben Laurie]
+
+  *) Change the meaning of 'ALL' in the cipher list. It now means "everything
+     except NULL ciphers". This means the default cipher list will no longer
+     enable NULL ciphers. They need to be specifically enabled e.g. with
+     the string "DEFAULT:eNULL".
+     [Steve Henson]
+
+  *) Fix to RSA private encryption routines: if p < q then it would
+     occasionally produce an invalid result. This will only happen with
+     externally generated keys because OpenSSL (and SSLeay) ensure p > q.
+     [Steve Henson]
+
+  *) Be less restrictive and allow also `perl util/perlpath.pl
+     /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin',
+     because this way one can also use an interpreter named `perl5' (which is
+     usually the name of Perl 5.xxx on platforms where an Perl 4.x is still
+     installed as `perl').
+     [Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
+
+  *) Let util/clean-depend.pl work also with older Perl 5.00x versions.
+     [Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
+
+  *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add
+     advapi32.lib to Win32 build and change the pem test comparision
+     to fc.exe (thanks to Ulrich Kroener <kroneru@yahoo.com> for the
+     suggestion). Fix misplaced ASNI prototypes and declarations in evp.h
+     and crypto/des/ede_cbcm_enc.c.
+     [Steve Henson]
+
+  *) DES quad checksum was broken on big-endian architectures. Fixed.
+     [Ben Laurie]
+
+  *) Comment out two functions in bio.h that aren't implemented. Fix up the
+     Win32 test batch file so it (might) work again. The Win32 test batch file
+     is horrible: I feel ill....
+     [Steve Henson]
+
+  *) Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected
+     in e_os.h. Audit of header files to check ANSI and non ANSI
+     sections: 10 functions were absent from non ANSI section and not exported
+     from Windows DLLs. Fixed up libeay.num for new functions.
+     [Steve Henson]
+
+  *) Make `openssl version' output lines consistent.
+     [Ralf S. Engelschall]
+
+  *) Fix Win32 symbol export lists for BIO functions: Added
+     BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data
+     to ms/libeay{16,32}.def.
+     [Ralf S. Engelschall]
+
+  *) Second round of fixing the OpenSSL perl/ stuff. It now at least compiled
+     fine under Unix and passes some trivial tests I've now added. But the
+     whole stuff is horribly incomplete, so a README.1ST with a disclaimer was
+     added to make sure no one expects that this stuff really works in the
+     OpenSSL 0.9.2 release.  Additionally I've started to clean the XS sources
+     up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and
+     openssl_bio.xs.
+     [Ralf S. Engelschall]
+
+  *) Fix the generation of two part addresses in perl.
+     [Kenji Miyake <kenji@miyake.org>, integrated by Ben Laurie]
+
+  *) Add config entry for Linux on MIPS.
+     [John Tobey <jtobey@channel1.com>]
+
+  *) Make links whenever Configure is run, unless we are on Windoze.
+     [Ben Laurie]
+
+  *) Permit extensions to be added to CRLs using crl_section in openssl.cnf.
+     Currently only issuerAltName and AuthorityKeyIdentifier make any sense
+     in CRLs.
+     [Steve Henson]
+
+  *) Add a useful kludge to allow package maintainers to specify compiler and
+     other platforms details on the command line without having to patch the
+     Configure script everytime: One now can use ``perl Configure
+     <id>:<details>'', i.e. platform ids are allowed to have details appended
+     to them (seperated by colons). This is treated as there would be a static
+     pre-configured entry in Configure's %table under key <id> with value
+     <details> and ``perl Configure <id>'' is called.  So, when you want to
+     perform a quick test-compile under FreeBSD 3.1 with pgcc and without
+     assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"''
+     now, which overrides the FreeBSD-elf entry on-the-fly.
+     [Ralf S. Engelschall]
+
+  *) Disable new TLS1 ciphersuites by default: they aren't official yet.
+     [Ben Laurie]
+
+  *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified
+     on the `perl Configure ...' command line. This way one can compile
+     OpenSSL libraries with Position Independent Code (PIC) which is needed
+     for linking it into DSOs.
+     [Ralf S. Engelschall]
+
+  *) Remarkably, export ciphers were totally broken and no-one had noticed!
+     Fixed.
+     [Ben Laurie]
+
+  *) Cleaned up the LICENSE document: The official contact for any license
+     questions now is the OpenSSL core team under openssl-core@openssl.org.
+     And add a paragraph about the dual-license situation to make sure people
+     recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply
+     to the OpenSSL toolkit.
+     [Ralf S. Engelschall]
+
+  *) General source tree makefile cleanups: Made `making xxx in yyy...'
+     display consistent in the source tree and replaced `/bin/rm' by `rm'.
+     Additonally cleaned up the `make links' target: Remove unnecessary
+     semicolons, subsequent redundant removes, inline point.sh into mklink.sh
+     to speed processing and no longer clutter the display with confusing
+     stuff. Instead only the actually done links are displayed.
+     [Ralf S. Engelschall]
+
+  *) Permit null encryption ciphersuites, used for authentication only. It used
+     to be necessary to set the preprocessor define SSL_ALLOW_ENULL to do this.
+     It is now necessary to set SSL_FORBID_ENULL to prevent the use of null
+     encryption.
+     [Ben Laurie]
+
+  *) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder
+     signed attributes when verifying signatures (this would break them), 
+     the detached data encoding was wrong and public keys obtained using
+     X509_get_pubkey() weren't freed.
+     [Steve Henson]
+
+  *) Add text documentation for the BUFFER functions. Also added a work around
+     to a Win95 console bug. This was triggered by the password read stuff: the
+     last character typed gets carried over to the next fread(). If you were 
+     generating a new cert request using 'req' for example then the last
+     character of the passphrase would be CR which would then enter the first
+     field as blank.
+     [Steve Henson]
+
+  *) Added the new `Includes OpenSSL Cryptography Software' button as
+     doc/openssl_button.{gif,html} which is similar in style to the old SSLeay
+     button and can be used by applications based on OpenSSL to show the
+     relationship to the OpenSSL project.  
+     [Ralf S. Engelschall]
+
+  *) Remove confusing variables in function signatures in files
+     ssl/ssl_lib.c and ssl/ssl.h.
+     [Lennart Bong <lob@kulthea.stacken.kth.se>]
+
+  *) Don't install bss_file.c under PREFIX/include/
+     [Lennart Bong <lob@kulthea.stacken.kth.se>]
+
+  *) Get the Win32 compile working again. Modify mkdef.pl so it can handle
+     functions that return function pointers and has support for NT specific
+     stuff. Fix mk1mf.pl and VC-32.pl to support NT differences also. Various
+     #ifdef WIN32 and WINNTs sprinkled about the place and some changes from
+     unsigned to signed types: this was killing the Win32 compile.
+     [Steve Henson]
+
+  *) Add new certificate file to stack functions,
+     SSL_add_dir_cert_subjects_to_stack() and
+     SSL_add_file_cert_subjects_to_stack().  These largely supplant
+     SSL_load_client_CA_file(), and can be used to add multiple certs easily
+     to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()).
+     This means that Apache-SSL and similar packages don't have to mess around
+     to add as many CAs as they want to the preferred list.
+     [Ben Laurie]
+
+  *) Experiment with doxygen documentation. Currently only partially applied to
+     ssl/ssl_lib.c.
+     See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with
+     openssl.doxy as the configuration file.
+     [Ben Laurie]
+  
+  *) Get rid of remaining C++-style comments which strict C compilers hate.
+     [Ralf S. Engelschall, pointed out by Carlos Amengual]
+
+  *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not
+     compiled in by default: it has problems with large keys.
+     [Steve Henson]
+
+  *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and
+     DH private keys and/or callback functions which directly correspond to
+     their SSL_CTX_xxx() counterparts but work on a per-connection basis. This
+     is needed for applications which have to configure certificates on a
+     per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis
+     (e.g. s_server). 
+        For the RSA certificate situation is makes no difference, but
+     for the DSA certificate situation this fixes the "no shared cipher"
+     problem where the OpenSSL cipher selection procedure failed because the
+     temporary keys were not overtaken from the context and the API provided
+     no way to reconfigure them. 
+        The new functions now let applications reconfigure the stuff and they
+     are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
+     SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback.  Additionally a new
+     non-public-API function ssl_cert_instantiate() is used as a helper
+     function and also to reduce code redundancy inside ssl_rsa.c.
+     [Ralf S. Engelschall]
+
+  *) Move s_server -dcert and -dkey options out of the undocumented feature
+     area because they are useful for the DSA situation and should be
+     recognized by the users.
+     [Ralf S. Engelschall]
+
+  *) Fix the cipher decision scheme for export ciphers: the export bits are
+     *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within
+     SSL_EXP_MASK.  So, the original variable has to be used instead of the
+     already masked variable.
+     [Richard Levitte <levitte@stacken.kth.se>]
+
+  *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c
+     [Richard Levitte <levitte@stacken.kth.se>]
+
+  *) Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal()
+     from `int' to `unsigned int' because it's a length and initialized by
+     EVP_DigestFinal() which expects an `unsigned int *'.
+     [Richard Levitte <levitte@stacken.kth.se>]
+
+  *) Don't hard-code path to Perl interpreter on shebang line of Configure
+     script. Instead use the usual Shell->Perl transition trick.
+     [Ralf S. Engelschall]
+
+  *) Make `openssl x509 -noout -modulus' functional also for DSA certificates
+     (in addition to RSA certificates) to match the behaviour of `openssl dsa
+     -noout -modulus' as it's already the case for `openssl rsa -noout
+     -modulus'.  For RSA the -modulus is the real "modulus" while for DSA
+     currently the public key is printed (a decision which was already done by
+     `openssl dsa -modulus' in the past) which serves a similar purpose.
+     Additionally the NO_RSA no longer completely removes the whole -modulus
+     option; it now only avoids using the RSA stuff. Same applies to NO_DSA
+     now, too.
+     [Ralf S.  Engelschall]
+
+  *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested
+     BIO. See the source (crypto/evp/bio_ok.c) for more info.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) Dump the old yucky req code that tried (and failed) to allow raw OIDs
+     to be added. Now both 'req' and 'ca' can use new objects defined in the
+     config file.
+     [Steve Henson]
+
+  *) Add cool BIO that does syslog (or event log on NT).
+     [Arne Ansper <arne@ats.cyber.ee>, integrated by Ben Laurie]
+
+  *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5,
+     TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and
+     TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher
+     Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt.
+     [Ben Laurie]
+
+  *) Add preliminary config info for new extension code.
+     [Steve Henson]
+
+  *) Make RSA_NO_PADDING really use no padding.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Generate errors when private/public key check is done.
+     [Ben Laurie]
+
+  *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support
+     for some CRL extensions and new objects added.
+     [Steve Henson]
+
+  *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private
+     key usage extension and fuller support for authority key id.
+     [Steve Henson]
+
+  *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved
+     padding method for RSA, which is recommended for new applications in PKCS
+     #1 v2.0 (RFC 2437, October 1998).
+     OAEP (Optimal Asymmetric Encryption Padding) has better theoretical
+     foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure
+     against Bleichbacher's attack on RSA.
+     [Ulf Moeller <ulf@fitug.de>, reformatted, corrected and integrated by
+      Ben Laurie]
+
+  *) Updates to the new SSL compression code
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Fix so that the version number in the master secret, when passed
+     via RSA, checks that if TLS was proposed, but we roll back to SSLv3
+     (because the server will not accept higher), that the version number
+     is 0x03,0x01, not 0x03,0x00
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory
+     leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes
+     in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c
+     [Steve Henson]
+
+  *) Support for RAW extensions where an arbitrary extension can be
+     created by including its DER encoding. See apps/openssl.cnf for
+     an example.
+     [Steve Henson]
+
+  *) Make sure latest Perl versions don't interpret some generated C array
+     code as Perl array code in the crypto/err/err_genc.pl script.
+     [Lars Weber <3weber@informatik.uni-hamburg.de>]
+
+  *) Modify ms/do_ms.bat to not generate assembly language makefiles since
+     not many people have the assembler. Various Win32 compilation fixes and
+     update to the INSTALL.W32 file with (hopefully) more accurate Win32
+     build instructions.
+     [Steve Henson]
+
+  *) Modify configure script 'Configure' to automatically create crypto/date.h
+     file under Win32 and also build pem.h from pem.org. New script
+     util/mkfiles.pl to create the MINFO file on environments that can't do a
+     'make files': perl util/mkfiles.pl >MINFO should work.
+     [Steve Henson]
+
+  *) Major rework of DES function declarations, in the pursuit of correctness
+     and purity. As a result, many evil casts evaporated, and some weirdness,
+     too. You may find this causes warnings in your code. Zapping your evil
+     casts will probably fix them. Mostly.
+     [Ben Laurie]
+
+  *) Fix for a typo in asn1.h. Bug fix to object creation script
+     obj_dat.pl. It considered a zero in an object definition to mean
+     "end of object": none of the objects in objects.h have any zeros
+     so it wasn't spotted.
+     [Steve Henson, reported by Erwann ABALEA <eabalea@certplus.com>]
+
+  *) Add support for Triple DES Cipher Block Chaining with Output Feedback
+     Masking (CBCM). In the absence of test vectors, the best I have been able
+     to do is check that the decrypt undoes the encrypt, so far. Send me test
+     vectors if you have them.
+     [Ben Laurie]
+
+  *) Correct calculation of key length for export ciphers (too much space was
+     allocated for null ciphers). This has not been tested!
+     [Ben Laurie]
+
+  *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage
+     message is now correct (it understands "crypto" and "ssl" on its
+     command line). There is also now an "update" option. This will update
+     the util/ssleay.num and util/libeay.num files with any new functions.
+     If you do a: 
+     perl util/mkdef.pl crypto ssl update
+     it will update them.
+     [Steve Henson]
+
+  *) Overhauled the Perl interface (perl/*):
+     - ported BN stuff to OpenSSL's different BN library
+     - made the perl/ source tree CVS-aware
+     - renamed the package from SSLeay to OpenSSL (the files still contain
+       their history because I've copied them in the repository)
+     - removed obsolete files (the test scripts will be replaced
+       by better Test::Harness variants in the future)
+     [Ralf S. Engelschall]
+
+  *) First cut for a very conservative source tree cleanup:
+     1. merge various obsolete readme texts into doc/ssleay.txt
+     where we collect the old documents and readme texts.
+     2. remove the first part of files where I'm already sure that we no
+     longer need them because of three reasons: either they are just temporary
+     files which were left by Eric or they are preserved original files where
+     I've verified that the diff is also available in the CVS via "cvs diff
+     -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for
+     the crypto/md/ stuff).
+     [Ralf S. Engelschall]
+
+  *) More extension code. Incomplete support for subject and issuer alt
+     name, issuer and authority key id. Change the i2v function parameters
+     and add an extra 'crl' parameter in the X509V3_CTX structure: guess
+     what that's for :-) Fix to ASN1 macro which messed up
+     IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
+     [Steve Henson]
+
+  *) Preliminary support for ENUMERATED type. This is largely copied from the
+     INTEGER code.
+     [Steve Henson]
+
+  *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Make sure `make rehash' target really finds the `openssl' program.
+     [Ralf S. Engelschall, Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
+
+  *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd
+     like to hear about it if this slows down other processors.
+     [Ben Laurie]
+
+  *) Add CygWin32 platform information to Configure script.
+     [Alan Batie <batie@aahz.jf.intel.com>]
+
+  *) Fixed ms/32all.bat script: `no_asm' -> `no-asm'
+     [Rainer W. Gerling <gerling@mpg-gv.mpg.de>]
+  
+  *) New program nseq to manipulate netscape certificate sequences
+     [Steve Henson]
+
+  *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a
+     few typos.
+     [Steve Henson]
+
+  *) Fixes to BN code.  Previously the default was to define BN_RECURSION
+     but the BN code had some problems that would cause failures when
+     doing certificate verification and some other functions.
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Add ASN1 and PEM code to support netscape certificate sequences.
+     [Steve Henson]
+
+  *) Add ASN1 and PEM code to support netscape certificate sequences.
+     [Steve Henson]
+
+  *) Add several PKIX and private extended key usage OIDs.
+     [Steve Henson]
+
+  *) Modify the 'ca' program to handle the new extension code. Modify
+     openssl.cnf for new extension format, add comments.
+     [Steve Henson]
+
+  *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req'
+     and add a sample to openssl.cnf so req -x509 now adds appropriate
+     CA extensions.
+     [Steve Henson]
+
+  *) Continued X509 V3 changes. Add to other makefiles, integrate with the
+     error code, add initial support to X509_print() and x509 application.
+     [Steve Henson]
+
+  *) Takes a deep breath and start addding X509 V3 extension support code. Add
+     files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
+     stuff is currently isolated and isn't even compiled yet.
+     [Steve Henson]
+
+  *) Continuing patches for GeneralizedTime. Fix up certificate and CRL
+     ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
+     Removed the versions check from X509 routines when loading extensions:
+     this allows certain broken certificates that don't set the version
+     properly to be processed.
+     [Steve Henson]
+
+  *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
+     Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
+     can still be regenerated with "make depend".
+     [Ben Laurie]
+
+  *) Spelling mistake in C version of CAST-128.
+     [Ben Laurie, reported by Jeremy Hylton <jeremy@cnri.reston.va.us>]
+
+  *) Changes to the error generation code. The perl script err-code.pl 
+     now reads in the old error codes and retains the old numbers, only
+     adding new ones if necessary. It also only changes the .err files if new
+     codes are added. The makefiles have been modified to only insert errors
+     when needed (to avoid needlessly modifying header files). This is done
+     by only inserting errors if the .err file is newer than the auto generated
+     C file. To rebuild all the error codes from scratch (the old behaviour)
+     either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl
+     or delete all the .err files.
+     [Steve Henson]
+
+  *) CAST-128 was incorrectly implemented for short keys. The C version has
+     been fixed, but is untested. The assembler versions are also fixed, but
+     new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing
+     to regenerate it if needed.
+     [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun
+      Hagino <itojun@kame.net>]
+
+  *) File was opened incorrectly in randfile.c.
+     [Ulf Möller <ulf@fitug.de>]
+
+  *) Beginning of support for GeneralizedTime. d2i, i2d, check and print
+     functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or
+     GeneralizedTime. ASN1_TIME is the proper type used in certificates et
+     al: it's just almost always a UTCTime. Note this patch adds new error
+     codes so do a "make errors" if there are problems.
+     [Steve Henson]
+
+  *) Correct Linux 1 recognition in config.
+     [Ulf Möller <ulf@fitug.de>]
+
+  *) Remove pointless MD5 hash when using DSA keys in ca.
+     [Anonymous <nobody@replay.com>]
+
+  *) Generate an error if given an empty string as a cert directory. Also
+     generate an error if handed NULL (previously returned 0 to indicate an
+     error, but didn't set one).
+     [Ben Laurie, reported by Anonymous <nobody@replay.com>]
+
+  *) Add prototypes to SSL methods. Make SSL_write's buffer const, at last.
+     [Ben Laurie]
+
+  *) Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct
+     parameters. This was causing a warning which killed off the Win32 compile.
+     [Steve Henson]
+
+  *) Remove C++ style comments from crypto/bn/bn_local.h.
+     [Neil Costigan <neil.costigan@celocom.com>]
+
+  *) The function OBJ_txt2nid was broken. It was supposed to return a nid
+     based on a text string, looking up short and long names and finally
+     "dot" format. The "dot" format stuff didn't work. Added new function
+     OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote 
+     OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the
+     OID is not part of the table.
+     [Steve Henson]
+
+  *) Add prototypes to X509 lookup/verify methods, fixing a bug in
+     X509_LOOKUP_by_alias().
+     [Ben Laurie]
+
+  *) Sort openssl functions by name.
+     [Ben Laurie]
+
+  *) Get the gendsa program working (hopefully) and add it to app list. Remove
+     encryption from sample DSA keys (in case anyone is interested the password
+     was "1234").
+     [Steve Henson]
+
+  *) Make _all_ *_free functions accept a NULL pointer.
+     [Frans Heymans <fheymans@isaserver.be>]
+
+  *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use
+     NULL pointers.
+     [Anonymous <nobody@replay.com>]
+
+  *) s_server should send the CAfile as acceptable CAs, not its own cert.
+     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
+
+  *) Don't blow it for numeric -newkey arguments to apps/req.
+     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
+
+  *) Temp key "for export" tests were wrong in s3_srvr.c.
+     [Anonymous <nobody@replay.com>]
+
+  *) Add prototype for temp key callback functions
+     SSL_CTX_set_tmp_{rsa,dh}_callback().
+     [Ben Laurie]
+
+  *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and
+     DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey().
+     [Steve Henson]
+
+  *) X509_name_add_entry() freed the wrong thing after an error.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) rsa_eay.c would attempt to free a NULL context.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) BIO_s_socket() had a broken should_retry() on Windoze.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) Make sure the already existing X509_STORE->depth variable is initialized
+     in X509_STORE_new(), but document the fact that this variable is still
+     unused in the certificate verification process.
+     [Ralf S. Engelschall]
+
+  *) Fix the various library and apps files to free up pkeys obtained from
+     X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
+     [Steve Henson]
+
+  *) Fix reference counting in X509_PUBKEY_get(). This makes
+     demos/maurice/example2.c work, amongst others, probably.
+     [Steve Henson and Ben Laurie]
+
+  *) First cut of a cleanup for apps/. First the `ssleay' program is now named
+     `openssl' and second, the shortcut symlinks for the `openssl <command>'
+     are no longer created. This way we have a single and consistent command
+     line interface `openssl <command>', similar to `cvs <command>'.
+     [Ralf S. Engelschall, Paul Sutton and Ben Laurie]
+
+  *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey
+     BIT STRING wrapper always have zero unused bits.
+     [Steve Henson]
+
+  *) Add CA.pl, perl version of CA.sh, add extended key usage OID.
+     [Steve Henson]
+
+  *) Make the top-level INSTALL documentation easier to understand.
+     [Paul Sutton]
+
+  *) Makefiles updated to exit if an error occurs in a sub-directory
+     make (including if user presses ^C) [Paul Sutton]
+
+  *) Make Montgomery context stuff explicit in RSA data structure.
+     [Ben Laurie]
+
+  *) Fix build order of pem and err to allow for generated pem.h.
+     [Ben Laurie]
+
+  *) Fix renumbering bug in X509_NAME_delete_entry().
+     [Ben Laurie]
+
+  *) Enhanced the err-ins.pl script so it makes the error library number 
+     global and can add a library name. This is needed for external ASN1 and
+     other error libraries.
+     [Steve Henson]
+
+  *) Fixed sk_insert which never worked properly.
+     [Steve Henson]
+
+  *) Fix ASN1 macros so they can handle indefinite length construted 
+     EXPLICIT tags. Some non standard certificates use these: they can now
+     be read in.
+     [Steve Henson]
+
+  *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc)
+     into a single doc/ssleay.txt bundle. This way the information is still
+     preserved but no longer messes up this directory. Now it's new room for
+     the new set of documenation files.
+     [Ralf S. Engelschall]
+
+  *) SETs were incorrectly DER encoded. This was a major pain, because they
+     shared code with SEQUENCEs, which aren't coded the same. This means that
+     almost everything to do with SETs or SEQUENCEs has either changed name or
+     number of arguments.
+     [Ben Laurie, based on a partial fix by GP Jayan <gp@nsj.co.jp>]
+
+  *) Fix test data to work with the above.
+     [Ben Laurie]
+
+  *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
+     was already fixed by Eric for 0.9.1 it seems.
+     [Ben Laurie - pointed out by Ulf Möller <ulf@fitug.de>]
+
+  *) Autodetect FreeBSD3.
+     [Ben Laurie]
+
+  *) Fix various bugs in Configure. This affects the following platforms:
+     nextstep
+     ncr-scde
+     unixware-2.0
+     unixware-2.0-pentium
+     sco5-cc.
+     [Ben Laurie]
+
+  *) Eliminate generated files from CVS. Reorder tests to regenerate files
+     before they are needed.
+     [Ben Laurie]
+
+  *) Generate Makefile.ssl from Makefile.org (to keep CVS happy).
+     [Ben Laurie]
+
+
+ Changes between 0.9.1b and 0.9.1c  [23-Dec-1998]
+
+  *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and 
+     changed SSLeay to OpenSSL in version strings.
+     [Ralf S. Engelschall]
+  
+  *) Some fixups to the top-level documents.
+     [Paul Sutton]
+
+  *) Fixed the nasty bug where rsaref.h was not found under compile-time
+     because the symlink to include/ was missing.
+     [Ralf S. Engelschall]
+
+  *) Incorporated the popular no-RSA/DSA-only patches 
+     which allow to compile a RSA-free SSLeay.
+     [Andrew Cooke / Interrader Ldt., Ralf S. Engelschall]
+
+  *) Fixed nasty rehash problem under `make -f Makefile.ssl links'
+     when "ssleay" is still not found.
+     [Ralf S. Engelschall]
+
+  *) Added more platforms to Configure: Cray T3E, HPUX 11, 
+     [Ralf S. Engelschall, Beckmann <beckman@acl.lanl.gov>]
+
+  *) Updated the README file.
+     [Ralf S. Engelschall]
+
+  *) Added various .cvsignore files in the CVS repository subdirs
+     to make a "cvs update" really silent.
+     [Ralf S. Engelschall]
+
+  *) Recompiled the error-definition header files and added
+     missing symbols to the Win32 linker tables.
+     [Ralf S. Engelschall]
+
+  *) Cleaned up the top-level documents;
+     o new files: CHANGES and LICENSE
+     o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay 
+     o merged COPYRIGHT into LICENSE
+     o removed obsolete TODO file
+     o renamed MICROSOFT to INSTALL.W32
+     [Ralf S. Engelschall]
+
+  *) Removed dummy files from the 0.9.1b source tree: 
+     crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi
+     crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f
+     crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f
+     crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f
+     util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f
+     [Ralf S. Engelschall]
+
+  *) Added various platform portability fixes.
+     [Mark J. Cox]
+
+  *) The Genesis of the OpenSSL rpject:
+     We start with the latest (unreleased) SSLeay version 0.9.1b which Eric A.
+     Young and Tim J. Hudson created while they were working for C2Net until
+     summer 1998.
+     [The OpenSSL Project]
+ 
+
+ Changes between 0.9.0b and 0.9.1b  [not released]
+
+  *) Updated a few CA certificates under certs/
+     [Eric A. Young]
+
+  *) Changed some BIGNUM api stuff.
+     [Eric A. Young]
+
+  *) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD, 
+     DGUX x86, Linux Alpha, etc.
+     [Eric A. Young]
+
+  *) New COMP library [crypto/comp/] for SSL Record Layer Compression: 
+     RLE (dummy implemented) and ZLIB (really implemented when ZLIB is
+     available).
+     [Eric A. Young]
+
+  *) Add -strparse option to asn1pars program which parses nested 
+     binary structures 
+     [Dr Stephen Henson <shenson@bigfoot.com>]
+
+  *) Added "oid_file" to ssleay.cnf for "ca" and "req" programs.
+     [Eric A. Young]
+
+  *) DSA fix for "ca" program.
+     [Eric A. Young]
+
+  *) Added "-genkey" option to "dsaparam" program.
+     [Eric A. Young]
+
+  *) Added RIPE MD160 (rmd160) message digest.
+     [Eric A. Young]
+
+  *) Added -a (all) option to "ssleay version" command.
+     [Eric A. Young]
+
+  *) Added PLATFORM define which is the id given to Configure.
+     [Eric A. Young]
+
+  *) Added MemCheck_XXXX functions to crypto/mem.c for memory checking.
+     [Eric A. Young]
+
+  *) Extended the ASN.1 parser routines.
+     [Eric A. Young]
+
+  *) Extended BIO routines to support REUSEADDR, seek, tell, etc.
+     [Eric A. Young]
+
+  *) Added a BN_CTX to the BN library.
+     [Eric A. Young]
+
+  *) Fixed the weak key values in DES library
+     [Eric A. Young]
+
+  *) Changed API in EVP library for cipher aliases.
+     [Eric A. Young]
+
+  *) Added support for RC2/64bit cipher.
+     [Eric A. Young]
+
+  *) Converted the lhash library to the crypto/mem.c functions.
+     [Eric A. Young]
+
+  *) Added more recognized ASN.1 object ids.
+     [Eric A. Young]
+
+  *) Added more RSA padding checks for SSL/TLS.
+     [Eric A. Young]
+
+  *) Added BIO proxy/filter functionality.
+     [Eric A. Young]
+
+  *) Added extra_certs to SSL_CTX which can be used
+     send extra CA certificates to the client in the CA cert chain sending
+     process. It can be configured with SSL_CTX_add_extra_chain_cert().
+     [Eric A. Young]
+
+  *) Now Fortezza is denied in the authentication phase because
+     this is key exchange mechanism is not supported by SSLeay at all.
+     [Eric A. Young]
+
+  *) Additional PKCS1 checks.
+     [Eric A. Young]
+
+  *) Support the string "TLSv1" for all TLS v1 ciphers.
+     [Eric A. Young]
+
+  *) Added function SSL_get_ex_data_X509_STORE_CTX_idx() which gives the
+     ex_data index of the SSL context in the X509_STORE_CTX ex_data.
+     [Eric A. Young]
+
+  *) Fixed a few memory leaks.
+     [Eric A. Young]
+
+  *) Fixed various code and comment typos.
+     [Eric A. Young]
+
+  *) A minor bug in ssl/s3_clnt.c where there would always be 4 0 
+     bytes sent in the client random.
+     [Edward Bishop <ebishop@spyglass.com>]
+
diff --git a/HISTORY.066 b/CHANGES.SSLeay
index f85224977a..dbb80b003d 100644
--- a/HISTORY.066
+++ b/CHANGES.SSLeay
@@ -1,4 +1,529 @@
-SSLeay 0.6.5
+This file contains the changes for the SSLeay library up to version
+0.9.0b. For later changes, see the file "CHANGES".
+
+  SSLeay CHANGES
+  ______________
+
+Changes between 0.8.x and 0.9.0b
+
+10-Apr-1998
+
+I said the next version would go out at easter, and so it shall.
+I expect a 0.9.1 will follow with portability fixes in the next few weeks.
+
+This is a quick, meet the deadline.  Look to ssl-users for comments on what
+is new etc.
+
+eric (about to go bushwalking for the 4 day easter break :-)
+
+16-Mar-98
+    - Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
+    - Lots and lots of changes
+
+29-Jan-98
+    - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
+      Goetz Babin-Ebell <babinebell@trustcenter.de>.
+    - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
+      TLS1_VERSION.
+
+7-Jan-98
+    - Finally reworked the cipher string to ciphers again, so it
+      works correctly
+    - All the app_data stuff is now ex_data with funcion calls to access.
+      The index is supplied by a function and 'methods' can be setup
+      for the types that are called on XXX_new/XXX_free.  This lets
+      applications get notified on creation and destruction.  Some of
+      the RSA methods could be implemented this way and I may do so.
+    - Oh yes, SSL under perl5 is working at the basic level.
+
+15-Dec-97
+    - Warning - the gethostbyname cache is not fully thread safe,
+      but it should work well enough.
+    - Major internal reworking of the app_data stuff.  More functions
+      but if you were accessing ->app_data directly, things will
+      stop working.
+    - The perlv5 stuff is working.  Currently on message digests,
+      ciphers and the bignum library.
+
+9-Dec-97
+    - Modified re-negotiation so that server initated re-neg
+      will cause a SSL_read() to return -1 should retry.
+      The danger otherwise was that the server and the
+      client could end up both trying to read when using non-blocking
+      sockets.
+
+4-Dec-97
+    - Lots of small changes
+    - Fix for binaray mode in Windows for the FILE BIO, thanks to
+      Bob Denny <rdenny@dc3.com>
+
+17-Nov-97
+    - Quite a few internal cleanups, (removal of errno, and using macros
+      defined in e_os.h).
+    - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
+      the automactic naming out output files was being stuffed up.
+
+29-Oct-97
+    - The Cast5 cipher has been added.  MD5 and SHA-1 are now in assember
+      for x86.
+
+21-Oct-97
+    - Fixed a bug in the BIO_gethostbyname() cache.
+
+15-Oct-97
+    - cbc mode for blowfish/des/3des is now in assember.  Blowfish asm
+      has also been improved.  At this point in time, on the pentium,
+      md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
+      des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
+      is %62 faster.
+
+12-Oct-97
+    - MEM_BUF_grow() has been fixed so that it always sets the buf->length
+      to the value we are 'growing' to.  Think of MEM_BUF_grow() as the
+      way to set the length value correctly.
+
+10-Oct-97
+    - I now hash for certificate lookup on the raw DER encoded RDN (md5).
+      This breaks things again :-(.  This is efficent since I cache
+      the DER encoding of the RDN.
+    - The text DN now puts in the numeric OID instead of UNKNOWN.
+    - req can now process arbitary OIDs in the config file.
+    - I've been implementing md5 in x86 asm, much faster :-).
+    - Started sha1 in x86 asm, needs more work.
+    - Quite a few speedups in the BN stuff.  RSA public operation
+      has been made faster by caching the BN_MONT_CTX structure.
+      The calulating of the Ai where A*Ai === 1 mod m was rather
+      expensive.  Basically a 40-50% speedup on public operations.
+      The RSA speedup is now 15% on pentiums and %20 on pentium
+      pro.
+
+30-Sep-97
+    - After doing some profiling, I added x86 adm for bn_add_words(),
+      which just adds 2 arrays of longs together.  A %10 speedup
+      for 512 and 1024 bit RSA on the pentium pro.
+
+29-Sep-97
+    - Converted the x86 bignum assembler to us the perl scripts
+      for generation.
+
+23-Sep-97
+    - If SSL_set_session() is passed a NULL session, it now clears the
+      current session-id.
+
+22-Sep-97
+    - Added a '-ss_cert file' to apps/ca.c.  This will sign selfsigned
+      certificates.
+    - Bug in crypto/evp/encode.c where by decoding of 65 base64
+      encoded lines, one line at a time (via a memory BIO) would report
+      EOF after the first line was decoded.
+    - Fix in X509_find_by_issuer_and_serial() from
+      Dr Stephen Henson <shenson@bigfoot.com>
+
+19-Sep-97
+    - NO_FP_API and NO_STDIO added.
+    - Put in sh config command.  It auto runs Configure with the correct
+      parameters.
+
+18-Sep-97
+    - Fix x509.c so if a DSA cert has different parameters to its parent,
+      they are left in place.  Not tested yet.
+
+16-Sep-97
+    - ssl_create_cipher_list() had some bugs, fixes from
+      Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
+    - Fixed a bug in the Base64 BIO, where it would return 1 instead
+      of -1 when end of input was encountered but should retry.
+      Basically a Base64/Memory BIO interaction problem.
+    - Added a HMAC set of functions in preporarion for TLS work.
+
+15-Sep-97
+    - Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
+    - Prime generation spead up %25 (512 bit prime, pentium pro linux)
+      by using montgomery multiplication in the prime number test.
+
+11-Sep-97
+    - Ugly bug in ssl3_write_bytes().  Basically if application land
+      does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
+      did not check the size and tried to copy the entire buffer.
+      This would tend to cause memory overwrites since SSLv3 has
+      a maximum packet size of 16k.  If your program uses
+      buffers <= 16k, you would probably never see this problem.
+    - Fixed a new errors that were cause by malloc() not returning
+      0 initialised memory..
+    - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
+      SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
+      since this flags stops SSLeay being able to handle client
+      cert requests correctly.
+
+08-Sep-97
+    - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added.  When switched
+      on, the SSL server routines will not use a SSL_SESSION that is
+      held in it's cache.  This in intended to be used with the session-id
+      callbacks so that while the session-ids are still stored in the
+      cache, the decision to use them and how to look them up can be
+      done by the callbacks.  The are the 'new', 'get' and 'remove'
+      callbacks.  This can be used to determine the session-id
+      to use depending on information like which port/host the connection
+      is coming from.  Since the are also SSL_SESSION_set_app_data() and
+      SSL_SESSION_get_app_data() functions, the application can hold
+      information against the session-id as well.
+
+03-Sep-97
+    - Added lookup of CRLs to the by_dir method,
+      X509_load_crl_file() also added.  Basically it means you can
+      lookup CRLs via the same system used to lookup certificates.
+    - Changed things so that the X509_NAME structure can contain
+      ASN.1 BIT_STRINGS which is required for the unique
+      identifier OID.
+    - Fixed some problems with the auto flushing of the session-id
+      cache.  It was not occuring on the server side.
+
+02-Sep-97
+    - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
+      which is the maximum number of entries allowed in the
+      session-id cache.  This is enforced with a simple FIFO list.
+      The default size is 20*1024 entries which is rather large :-).
+      The Timeout code is still always operating.
+
+01-Sep-97
+    - Added an argument to all the 'generate private key/prime`
+      callbacks.  It is the last parameter so this should not
+      break existing code but it is needed for C++.
+    - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
+      BIO.  This lets the BIO read and write base64 encoded data
+      without inserting or looking for '\n' characters.  The '-A'
+      flag turns this on when using apps/enc.c.
+    - RSA_NO_PADDING added to help BSAFE functionality.  This is a
+      very dangerous thing to use, since RSA private key
+      operations without random padding bytes (as PKCS#1 adds) can
+      be attacked such that the private key can be revealed.
+    - ASN.1 bug and rc2-40-cbc and rc4-40 added by
+      Dr Stephen Henson <shenson@bigfoot.com>
+
+31-Aug-97 (stuff added while I was away)    
+    - Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
+    - RSA_flags() added allowing bypass of pub/priv match check
+      in ssl/ssl_rsa.c - Tim Hudson.
+    - A few minor bugs.
+
+SSLeay 0.8.1 released.
+
+19-Jul-97
+    - Server side initated dynamic renegotiation is broken.  I will fix
+      it when I get back from holidays.
+
+15-Jul-97
+    - Quite a few small changes.
+    - INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
+
+09-Jul-97
+    - Added 2 new values to the SSL info callback.
+      SSL_CB_START which is passed when the SSL protocol is started
+      and SSL_CB_DONE when it has finished sucsessfully.
+
+08-Jul-97
+    - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
+      that related to DSA public/private keys.
+    - Added all the relevent PEM and normal IO functions to support
+      reading and writing RSAPublic keys.
+    - Changed makefiles to use ${AR} instead of 'ar r'
+
+07-Jul-97
+    - Error in ERR_remove_state() that would leave a dangling reference
+      to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
+    - s_client now prints the X509_NAMEs passed from the server
+      when requesting a client cert.
+    - Added a ssl->type, which is one of SSL_ST_CONNECT or
+      SSL_ST_ACCEPT.  I had to add it so I could tell if I was
+      a connect or an accept after the handshake had finished.
+    - SSL_get_client_CA_list(SSL *s) now returns the CA names
+      passed by the server if called by a client side SSL.
+
+05-Jul-97
+    - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
+      0, not -1 :-(  Fix from Tim Hudson (tjh@cryptsoft.com).
+
+04-Jul-97
+    - Fixed some things in X509_NAME_add_entry(), thanks to
+      Matthew Donald <matthew@world.net>.
+    - I had a look at the cipher section and though that it was a
+      bit confused, so I've changed it.
+    - I was not setting up the RC4-64-MD5 cipher correctly.  It is
+      a MS special that appears in exported MS Money.
+    - Error in all my DH ciphers.  Section 7.6.7.3 of the SSLv3
+      spec.  I was missing the two byte length header for the
+      ClientDiffieHellmanPublic value.  This is a packet sent from
+      the client to the server.  The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+      option will enable SSLeay server side SSLv3 accept either
+      the correct or my 080 packet format.
+    - Fixed a few typos in crypto/pem.org.
+
+02-Jul-97
+    - Alias mapping for EVP_get_(digest|cipher)byname is now
+      performed before a lookup for actual cipher.  This means
+      that an alias can be used to 're-direct' a cipher or a
+      digest.
+    - ASN1_read_bio() had a bug that only showed up when using a
+      memory BIO.  When EOF is reached in the memory BIO, it is
+      reported as a -1 with BIO_should_retry() set to true.
+
+01-Jul-97
+    - Fixed an error in X509_verify_cert() caused by my
+      miss-understanding how 'do { contine } while(0);' works.
+      Thanks to Emil Sit <sit@mit.edu> for educating me :-)
+
+30-Jun-97
+    - Base64 decoding error.  If the last data line did not end with
+      a '=', sometimes extra data would be returned.
+    - Another 'cut and paste' bug in x509.c related to setting up the
+      STDout BIO.
+
+27-Jun-97
+    - apps/ciphers.c was not printing due to an editing error.
+    - Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
+      a library build error in util/mk1mf.pl
+
+26-Jun-97
+    - Still did not have the auto 'experimental' code removal
+      script correct.
+    - A few header tweaks for Watcom 11.0 under Win32 from
+      Rolf Lindemann <Lindemann@maz-hh.de>
+    - 0 length OCTET_STRING bug in asn1_parse
+    - A minor fix with an non-existent function in the MS .def files.
+    - A few changes to the PKCS7 stuff.
+
+25-Jun-97
+    SSLeay 0.8.0 finally it gets released.
+
+24-Jun-97
+    Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
+    use a temporary RSA key.  This is experimental and needs some more work.
+    Fixed a few Win16 build problems.
+
+23-Jun-97
+    SSLv3 bug. I was not doing the 'lookup' of the CERT structure
+    correctly. I was taking the SSL->ctx->default_cert when I should
+    have been using SSL->cert. The bug was in ssl/s3_srvr.c
+
+20-Jun-97
+    X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
+    rest of the library. Even though I had the code required to do
+    it correctly, apps/req.c was doing the wrong thing.  I have fixed
+    and tested everything.
+
+    Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
+
+19-Jun-97
+    Fixed a bug in the SSLv2 server side first packet handling. When
+    using the non-blocking test BIO, the ssl->s2->first_packet flag
+    was being reset when a would-block failure occurred when reading
+    the first 5 bytes of the first packet. This caused the checking
+    logic to run at the wrong time and cause an error.
+
+    Fixed a problem with specifying cipher. If RC4-MD5 were used,
+    only the SSLv3 version would be picked up.  Now this will pick
+    up both SSLv2 and SSLv3 versions. This required changing the
+    SSL_CIPHER->mask values so that they only mask the ciphers,
+    digests, authentication, export type and key-exchange algorithms.
+
+    I found that when a SSLv23 session is established, a reused
+    session, of type SSLv3 was attempting to write the SSLv2 
+    ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char 
+    method has been modified so it will only write out cipher which
+    that method knows about.  
+
+
+ Changes between 0.8.0 and 0.8.1
+
+  *) Mostly bug fixes. 
+     There is an Ephemeral DH cipher problem which is fixed.
+
+ SSLeay 0.8.0
+
+This version of SSLeay has quite a lot of things different from the
+previous version.
+
+Basically check all callback parameters, I will be producing documentation
+about how to use things in th future.  Currently I'm just getting 080 out
+the door.  Please not that there are several ways to do everything, and
+most of the applications in the apps directory are hybrids, some using old
+methods and some using new methods.
+
+Have a look in demos/bio for some very simple programs and
+apps/s_client.c and apps/s_server.c for some more advanced versions.
+Notes are definitly needed but they are a week or so away.
+
+Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
+---
+Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
+get those people that want to move to using the new code base off to
+a quick start.
+
+Note that Eric has tidied up a lot of the areas of the API that were
+less than desirable and renamed quite a few things (as he had to break
+the API in lots of places anyrate). There are a whole pile of additional
+functions for making dealing with (and creating) certificates a lot
+cleaner.
+
+01-Jul-97
+Tim Hudson
+tjh@cryptsoft.com
+
+---8<---
+
+To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
+use something like the following (assuming you #include "crypto.h" which
+is something that you really should be doing).
+
+#if SSLEAY_VERSION_NUMBER >= 0x0800
+#define SSLEAY8
+#endif
+
+buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
+            too if you are working with BIO internal stuff (as distinct
+        from simply using the interface in an opaque manner)
+
+#include "bio.h"    - required along with "buffer.h" if you write
+              your own BIO routines as the buffer and bio
+              stuff that was intermixed has been separated
+              out 
+            
+envelope.h -> evp.h  (which should have been done ages ago)
+
+Initialisation ... don't forget these or you end up with code that
+is missing the bits required to do useful things (like ciphers):
+
+SSLeay_add_ssl_algorithms()
+(probably also want SSL_load_error_strings() too but you should have
+ already had that call in place)
+
+SSL_CTX_new()   - requires an extra method parameter
+              SSL_CTX_new(SSLv23_method()) 
+              SSL_CTX_new(SSLv2_method()) 
+              SSL_CTX_new(SSLv3_method()) 
+
+          OR to only have the server or the client code
+              SSL_CTX_new(SSLv23_server_method()) 
+              SSL_CTX_new(SSLv2_server_method()) 
+              SSL_CTX_new(SSLv3_server_method()) 
+          or  
+              SSL_CTX_new(SSLv23_client_method()) 
+              SSL_CTX_new(SSLv2_client_method()) 
+              SSL_CTX_new(SSLv3_client_method()) 
+
+SSL_set_default_verify_paths() ... renamed to the more appropriate
+SSL_CTX_set_default_verify_paths()
+
+If you want to use client certificates then you have to add in a bit
+of extra stuff in that a SSLv3 server sends a list of those CAs that
+it will accept certificates from ... so you have to provide a list to
+SSLeay otherwise certain browsers will not send client certs.
+
+SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
+
+
+X509_NAME_oneline(X)    -> X509_NAME_oneline(X,NULL,0)  
+               or provide a buffer and size to copy the
+               result into
+
+X509_add_cert ->  X509_STORE_add_cert (and you might want to read the
+          notes on X509_NAME structure changes too)
+
+
+VERIFICATION CODE
+=================
+
+The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
+more accurately reflect things.
+
+The verification callback args are now packaged differently so that
+extra fields for verification can be added easily in future without
+having to break things by adding extra parameters each release :-)
+
+X509_cert_verify_error_string -> X509_verify_cert_error_string
+
+
+BIO INTERNALS
+=============
+
+Eric has fixed things so that extra flags can be introduced in
+the BIO layer in future without having to play with all the BIO
+modules by adding in some macros.
+
+The ugly stuff using 
+    b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
+becomes
+    BIO_clear_retry_flags(b)
+
+    b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
+becomes
+    BIO_set_retry_read(b)
+
+Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
+
+
+
+OTHER THINGS
+============
+
+X509_NAME has been altered so that it isn't just a STACK ... the STACK
+is now in the "entries" field ... and there are a pile of nice functions
+for getting at the details in a much cleaner manner.
+
+SSL_CTX has been altered ... "cert" is no longer a direct member of this
+structure ... things are now down under "cert_store" (see x509_vfy.h) and
+things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
+If your code "knows" about this level of detail then it will need some 
+surgery.
+
+If you depending on the incorrect spelling of a number of the error codes
+then you will have to change your code as these have been fixed.
+
+ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
+has been all along so this makes things clearer.
+ify_cert_error_string(ctx->error));
+
+SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
+            and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
+
+
+
+ Changes between 0.7.x and 0.8.0
+  
+  *) There have been lots of changes, mostly the addition of SSLv3.
+     There have been many additions from people and amongst
+     others, C2Net has assisted greatly.
+ 
+ Changes between 0.7.x and 0.7.x
+
+  *) Internal development version only
+
+SSLeay 0.6.6 13-Jan-1997
+
+The main additions are
+
+- assember for x86 DES improvments.
+  From 191,000 per second on a pentium 100, I now get 281,000.  The inner
+  loop and the IP/FP modifications are from
+  Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  Many thanks for his
+  contribution.
+- The 'DES macros' introduced in 0.6.5 now have 3 types.
+  DES_PTR1, DES_PTR2 and 'normal'.  As per before, des_opts reports which
+  is best and there is a summery of mine in crypto/des/options.txt
+- A few bug fixes.
+- Added blowfish.  It is not used by SSL but all the other stuff that
+  deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
+  There are 3 options for optimising Blowfish.  BF_PTR, BF_PTR2 and 'normal'.
+  BF_PTR2 is pentium/x86 specific.  The correct option is setup in
+  the 'Configure' script.
+- There is now a 'get client certificate' callback which can be
+  'non-blocking'.  If more details are required, let me know.  It will
+  documented more in SSLv3 when I finish it.
+- Bug fixes from 0.6.5 including the infamous 'ca' bug.  The 'make test'
+  now tests the ca program.
+- Lots of little things modified and tweaked.
+
+ SSLeay 0.6.5
 
 After quite some time (3 months), the new release.  I have been very busy
 for the last few months and so this is mostly bug fixes and improvments.
@@ -57,7 +582,7 @@ The main changes in this release
 - 'ssleay ciphers' added, lists the default cipher list for SSLeay.
 - RC2 key setup is now compatable with Netscape.
 - Modifed server side of SSL implementation, big performance difference when
-	  using session-id reuse.
+      using session-id reuse.
 
 0.6.3
 
@@ -186,16 +711,16 @@ The wrappers are easy to write
 
 function_fp(fp,x)
 FILE *fp;
-	{
-	BIO *b;
-	int ret;
-
-	if ((b=BIO_new(BIO_s_file())) == NULL) error.....
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	ret=function_bio(b,x);
-	BIO_free(b);
-	return(ret);
-	}
+    {
+    BIO *b;
+    int ret;
+
+    if ((b=BIO_new(BIO_s_file())) == NULL) error.....
+    BIO_set_fp(b,fp,BIO_NOCLOSE);
+    ret=function_bio(b,x);
+    BIO_free(b);
+    return(ret);
+    }
 Remember, there are no functions that take FILE * in SSLeay when
 compiled for Windows 3.1 DLL's.
 
@@ -236,8 +761,8 @@ The list of things to read and do
 
 dgst -d
 s_client -state (this uses a callback placed in the SSL state loop and
-		will be used else-where to help debug/monitor what
-		is happening.)
+        will be used else-where to help debug/monitor what
+        is happening.)
 
 doc/why.doc
 doc/bio.doc <- hmmm, needs lots of work.
diff --git a/COPYRIGHT b/COPYRIGHT
deleted file mode 100644
index 4faa8c0a46..0000000000
--- a/COPYRIGHT
+++ /dev/null
@@ -1,65 +0,0 @@
-Copyright (C) 1997 Eric Young (eay@cryptsoft.com)
-All rights reserved.
-
-This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
-The implementation was written so as to conform with Netscapes SSL.
-
-This library is free for commercial and non-commercial use as long as
-the following conditions are aheared to.  The following conditions
-apply to all code found in this distribution, be it the RC4, RSA,
-lhash, DES, etc., code; not just the SSL code.  The SSL documentation
-included with this distribution is covered by the same copyright terms
-except that the holder is Tim Hudson (tjh@cryptsoft.com).
-
-Please note that MD2, MD5 and IDEA are publically available standards
-that contain sample implementations, I have re-coded them in my own
-way but there is nothing special about those implementations.  The DES
-library is another mater :-).
-
-Copyright remains Eric Young's, and as such any Copyright notices in
-the code are not to be removed.
-If this package is used in a product, Eric Young should be given attribution
-as the author of the parts of the library used.
-This can be in the form of a textual message at program startup or
-in documentation (online or textual) provided with the package.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-3. All advertising materials mentioning features or use of this software
-   must display the following acknowledgement:
-   "This product includes cryptographic software written by
-    Eric Young (eay@cryptsoft.com)"
-   The word 'cryptographic' can be left out if the rouines from the library
-   being used are not cryptographic related :-).
-4. If you include any Windows specific code (or a derivative thereof) from 
-   the apps directory (application code) you must include an acknowledgement:
-   "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
-
-THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
-The licence and distribution terms for any publically available version or
-derivative of this code cannot be changed.  i.e. this code cannot simply be
-copied and put under another distribution licence
-[including the GNU Public Licence.]
-
-The reason behind this being stated in this direct manner is past
-experience in code simply being copied and the attribution removed
-from it and then being distributed as part of other packages. This
-implementation was a non-trivial and unpaid effort.
-
diff --git a/Configure b/Configure
index b1c47828a6..6eff4d6dc0 100755
--- a/Configure
+++ b/Configure
@@ -1,17 +1,66 @@
-#!/usr/local/bin/perl
+:
+eval 'exec perl -S $0 ${1+"$@"}'
+    if $running_under_some_shell;
+##
+##  Configure -- OpenSSL source tree configuration script
+##
+
+require 5.000;
+use strict;
+
+# see INSTALL for instructions.
+
+my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+
+# Options:
+#
+# --openssldir  install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the
+#               --prefix option is given; /usr/local/ssl otherwise)
+# --prefix      prefix for the OpenSSL include, lib and bin directories
+#               (Default: the OPENSSLDIR directory)
+#
+# --install_prefix  Additional prefix for package builders (empty by
+#               default).  This needn't be set in advance, you can
+#               just as well use "make INSTALL_PREFIX=/whatever install".
 #
-# see PROBLEMS for instructions on what sort of things to do when 
-# tracking a bug --tjh
+# --with-krb5-dir  Declare where Kerberos 5 lives.  The libraries are expected
+#		to live in the subdirectory lib/ and the header files in
+#		include/.  A value is required.
+# --with-krb5-lib  Declare where the Kerberos 5 libraries live.  A value is
+#		required.
+#		(Default: KRB5_DIR/lib)
+# --with-krb5-include  Declare where the Kerberos 5 header files live.  A
+#		value is required.
+#		(Default: KRB5_DIR/include)
+# --with-krb5-flavor  Declare what flavor of Kerberos 5 is used.  Currently
+#		supported values are "MIT" and "Heimdal".  A value is required.
 #
-# extra options
-# -DRSAref	build to use RSAref
-# -DNO_IDEA	build with no IDEA algorithm
-# -DNO_RC4	build with no RC4 algorithm
-# -DNO_RC2	build with no RC2 algorithm
-# -DNO_BF	build with no Blowfish algorithm
-# -DNO_DES	build with no DES/3DES algorithm
-# -DNO_MD2	build with no MD2 algorithm
+# --test-sanity Make a number of sanity checks on the data in this file.
+#               This is a debugging tool for OpenSSL developers.
 #
+# no-hw-xxx     do not compile support for specific crypto hardware.
+#               Generic OpenSSL-style methods relating to this support
+#               are always compiled but return NULL if the hardware
+#               support isn't compiled.
+# no-hw         do not compile support for any crypto hardware.
+# [no-]threads  [don't] try to create a library that is suitable for
+#               multithreaded applications (default is "threads" if we
+#               know how to do it)
+# [no-]shared	[don't] try to create shared libraries when supported.
+# no-asm        do not use assembler
+# no-dso        do not compile in any native shared-library methods. This
+#               will ensure that all methods just return NULL.
+# no-krb5       do not compile in any KRB5 library or code.
+# [no-]zlib     [don't] compile support for zlib compression.
+# zlib-dynamic	Like "zlib", but the zlib library is expected to be a shared
+#		library and will be loaded in run-time by the OpenSSL library.
+# 386           generate 80386 code
+# no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
+# -<xxx> +<xxx> compiler options are passed through 
+#
+# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
+#		provided to stack calls. Generates unique stack functions for
+#		each possible stack type.
 # DES_PTR	use pointer lookup vs arrays in the DES in crypto/des/des_locl.h
 # DES_RISC1	use different DES_ENCRYPT macro that helps reduce register
 #		dependancies but needs to more registers, good for RISC CPU's
@@ -31,129 +80,370 @@
 # RC4_LONG	use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
 # RC4_INDEX	define RC4_INDEX in crypto/rc4/rc4_locl.h.  This turns on
 #		array lookups instead of pointer use.
+# RC4_CHUNK	enables code that handles data aligned at long (natural CPU
+#		word) boundary.
+# RC4_CHUNK_LL	enables code that handles data aligned at long long boundary
+#		(intended for 64-bit CPUs running 32-bit OS).
 # BF_PTR	use 'pointer arithmatic' for Blowfish (unsafe on Alpha).
-# BF_PTR2	use a pentium/intel specific version.
+# BF_PTR2	intel specific version (generic version is more efficient).
 # MD5_ASM	use some extra md5 assember,
 # SHA1_ASM	use some extra sha1 assember, must define L_ENDIAN for x86
 # RMD160_ASM	use some extra ripemd160 assember,
 
-$x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
+my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
 
 # MD2_CHAR slags pentium pros
-$x86_gcc_opts="RC4_INDEX MD2_INT BF_PTR2";
+my $x86_gcc_opts="RC4_INDEX MD2_INT";
 
 # MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT
 # Don't worry about these normally
 
-$tcc="cc";
-$tflags="-fast -Xa";
-$tbn_mul="";
-$tlib="-lnsl -lsocket";
+my $tcc="cc";
+my $tflags="-fast -Xa";
+my $tbn_mul="";
+my $tlib="-lnsl -lsocket";
 #$bits1="SIXTEEN_BIT ";
 #$bits2="THIRTY_TWO_BIT ";
-$bits1="THIRTY_TWO_BIT ";
-$bits2="SIXTY_FOUR_BIT ";
+my $bits1="THIRTY_TWO_BIT ";
+my $bits2="SIXTY_FOUR_BIT ";
+
+my $x86_sol_asm="asm/bn86-sol.o asm/co86-sol.o:asm/dx86-sol.o asm/yx86-sol.o:asm/bx86-sol.o:asm/mx86-sol.o:asm/sx86-sol.o:asm/cx86-sol.o:asm/rx86-sol.o:asm/rm86-sol.o:asm/r586-sol.o";
+my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o";
+my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
+my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";
 
-$x86_sol_asm="asm/bn86-sol.o asm/co86-sol.o:asm/dx86-sol.o asm/yx86-sol.o:asm/bx86-sol.o:asm/mx86-sol.o:asm/sx86-sol.o:asm/cx86-sol.o:asm/rx86-sol.o:asm/rm86-sol.o:asm/r586-sol.o";
-$x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o";
-$x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
-$x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";
+my $mips3_irix_asm="asm/mips3.o::::::::";
+# There seems to be boundary faults in asm/alpha.s.
+#my $alpha_asm="asm/alpha.o::::::::";
+my $alpha_asm="::::::::";
 
 # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
 # So the md5_locl.h file has an undef B_ENDIAN if sun is defined
 
-#config-string	CC : CFLAGS : LDFLAGS : special header file mods:bn_asm \
-# des_asm:bf_asm
-%table=(
-#"b",		"$tcc:$tflags:$tlib:$bits1:$tbn_mul::",
-#"bl-4c-2c",	"$tcc:$tflags:$tlib:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:$tbn_mul::",
-#"bl-4c-ri",	"$tcc:$tflags:$tlib:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:$tbn_mul::",
-#"b2-is-ri-dp",	"$tcc:$tflags:$tlib:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:$tbn_mul::",
-
-# A few of my development configs
-"purify",	"purify gcc:-g -DPURIFY -Wall:-lsocket -lnsl::::",
-"debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:-lefence::::",
-"dist",		"cc:-O -DNOPROTO::::",
-
-# Basic configs that should work on any box
-"gcc",		"gcc:-O3::BN_LLONG:::",
-"cc",		"cc:-O -DNOPROTO -DNOCONST:::::",
-
-
-# My solaris setups
-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN:-lsocket -lnsl:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_sol_asm",
-"solaris-sparc-gcc","gcc:-O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN:-lsocket -lnsl:BN_LLONG RC4_CHAR DES_UNROLL BF_PTR:::",
-# DO NOT use /xO[34] on sparc with SC3.0. 
-# It is broken, and will not pass the tests
-"solaris-sparc-cc","cc:-fast -O -Xa -DB_ENDIAN:\
-	-lsocket -lnsl:BN_LLONG RC4_CHAR DES_PTR DES_UNROLL BF_PTR:asm/sparc.o::",
-# SC4.0 is ok, better than gcc, except for the bignum stuff.
-# -fast slows things like DES down quite a lot
-"solaris-sparc-sc4","cc:-xO5 -Xa -DB_ENDIAN:-lsocket -lnsl:\
-	BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparc.o::",
-"solaris-usparc-sc4","cc:-xtarget=ultra -xarch=v8plus -Xa -xO5 -DB_ENDIAN:\
-	-lsocket -lnsl:\
-	BN_LLONG RC4_CHAR DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparc.o::",
+#config-string	$cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags
+
+my %table=(
+# File 'TABLE' (created by 'make TABLE') contains the data from this list,
+# formatted for better readability.
+
+
+#"b",		"${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::",
+#"bl-4c-2c",	"${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::",
+#"bl-4c-ri",	"${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::",
+#"b2-is-ri-dp",	"${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::",
+
+# Our development configs
+"purify",	"purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
+"debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
+"debug-ben",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::asm/bn86-elf.o asm/co86-elf.o",
+"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
+"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
+"debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::",
+"debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
+"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT:::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-steve-linux-pseudo64",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT::dlfcn",
+"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"dist",		"cc:-O::(unknown)::::::",
+
+# Basic configs that should work on any (32 and less bit) box
+"gcc",		"gcc:-O3::(unknown):::BN_LLONG:::",
+"cc",		"cc:-O::(unknown)::::::",
+
+#### Solaris x86 with GNU C setups
+# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it
+# here because whenever GNU C instantiates an assembler template it
+# surrounds it with #APP #NO_APP comment pair which (at least Solaris
+# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
+# error message.
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### Solaris x86 with Sun C setups
+"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### SPARC Solaris with GNU C setups
+"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
+"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
+# but keep the assembler modules.
+"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+####
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### SPARC Solaris with Sun C setups
+# DO NOT use /xO[34] on sparc with SC3.0.  It is broken, and will not pass the tests
+"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
+# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
+# SC5.0 note: Compiler common patch 107357-01 or later is required!
+"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
+####
+"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### SPARC Linux setups
+"linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
+# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
+# assisted with debugging of following two configs.
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# it's a real mess with -mcpu=ultrasparc option under Linux, but
+# -Wa,-Av8plus should do the trick no matter what.
+"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# GCC 3.1 is a requirement
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # Sunos configs, assuming sparc for the gcc one.
-"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::DES_UNROLL:::",
-"sunos-gcc","gcc:-O3 -mv8::BN_LLONG RC4_CHAR DES_UNROLL DES_PTR DES_RISC1:::",
-
-# SGI configurations.  If the box is rather old (r3000 cpu), you will
-# probably have to remove the '-mips2' flag.  I've only been using
-# IRIX 5.[23].
-# I've recently done 32 and 64 bit mips assember, it make this RSA
-# 3 times faster, use if at all possible.
-#"irix-gcc","gcc:-O2 -mips2::SIXTY_FOUR_BIT BN_LLONG RC4_INDEX RC4_CHAR:::",
-"irix-gcc","gcc:-O2 -DTERMIOS -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:asm/mips1.o::",
-"irix64-gcc","gcc:-mips3 -O2 -DTERMIOS -DB_ENDIAN::MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
-"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:asm/mips1.o::",
-"irix64-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::DES_PTR DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:asm/mips3.o::",
-"debug-irix-cc", "cc:-w2 -g -DCRYPTO_MDEBUG -DTERMIOS -DB_ENDIAN:::asm/r3000.o::",
-# This is the n64 mode build.
-"irix-n64-cc", "cc:-64 -O2 -use_readonly_const -DTERMIOS::DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT:asm/mips3_64.o::",
-
-# HPUX config.  I've been building on HPUX 9, so the options may be
-# different on version 10.  The pa-risc2.o assember file is 2 times
-# faster than the old asm/pa-risc.o version but it may not run on old
-# PA-RISC CPUs.  If you have problems, swap back to the old one.
-# Both were generated by gcc, so use the C version with the PA-RISC specific
-# options turned on if you are using gcc.
-"hpux-cc",	"cc:-DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit +O4 -Wl,-a,archive::DES_PTR DES_UNROLL DES_RISC1:asm/pa-risc2.o::",
-"hpux-kr-cc",	"cc:-DB_ENDIAN -DNOCONST -DNOPROTO -D_HPUX_SOURCE::DES_PTR DES_UNROLL:asm/pa-risc2.o::",
-"hpux-gcc",	"gcc:-DB_ENDIAN -O3::BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
-
-# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
-# the new compiler
+##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:::",
+"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::",
+
+#### IRIX 5.x configs
+# -mips2 flag is added by ./config when appropriate.
+"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+#### IRIX 6.x configs
+# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
+# './Configure irix-[g]cc' manually.
+# -mips4 flag is added by ./config when appropriate.
+"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# N64 ABI builds.
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### Unified HP-UX ANSI C configs.
+# Special notes:
+# - Originally we were optimizing at +O4 level. It should be noted
+#   that the only difference between +O3 and +O4 is global inter-
+#   procedural analysis. As it has to be performed during the link
+#   stage the compiler leaves behind certain pseudo-code in lib*.a
+#   which might be release or even patch level specific. Generating
+#   the machine code for and analyzing the *whole* program appears
+#   to be *extremely* memory demanding while the performance gain is
+#   actually questionable. The situation is intensified by the default
+#   HP-UX data set size limit (infamous 'maxdsiz' tunable) of 64MB
+#   which is way too low for +O4. In other words, doesn't +O3 make
+#   more sense?
+# - Keep in mind that the HP compiler by default generates code
+#   suitable for execution on the host you're currently compiling at.
+#   If the toolkit is ment to be used on various PA-RISC processors
+#   consider './config +DAportable'.
+# - +DD64 is chosen in favour of +DA2.0W because it's ment to be
+#   compatible with *future* releases.
+# - If you run ./Configure hpux-parisc-[g]cc manually don't forget to
+#   pass -D_REENTRANT on HP-UX 10 and later.
+# - -DMD32_XARRAY triggers workaround for compiler bug we ran into in
+#   32-bit message digests. (For the moment of this writing) HP C
+#   doesn't seem to "digest" too many local variables (they make "him"
+#   chew forever:-). For more details look-up MD32_XARRAY comment in
+#   crypto/sha/sha_lcl.h.
+#					<appro@fy.chalmers.se>
+#
+#!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+# Since there is mention of this in shlib/hpux10-cc.sh
+"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# 64bit PARISC for GCC without optimization, which seems to make problems.
+# Submitted by <ross.alexander@uk.neceur.com>
+"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+# IA-64 targets
+# I have no idea if this one actually works, feedback needed. <appro>
+"hpux-ia64-cc","cc:-Ae +DD32 +O3 +ESlit -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
+# with debugging of the following config.
+"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+# More attempts at unified 10.X and 11.X targets for HP C compiler.
+#
+# Chris Ruemmler <ruemmler@cup.hp.com>
+# Kevin Steves <ks@hp.se>
+"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# Isn't the line below meaningless? HP-UX cc optimizes for host by default.
+# hpux-parisc1_0-cc with +DAportable flag would make more sense. <appro>
+"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+# HPUX 9.X config.
+# Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
+# egcs.  gcc 2.8.1 is also broken.
+
+"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown)::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
+# please report your OS and compiler version to the openssl-bugs@openssl.org
+# mailing list.
+"hpux-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# If hpux-gcc fails, try this one:
+"hpux-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+# HPUX 9.X on Motorola 68k platforms with gcc
+"hpux-m68k-gcc",  "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):::BN_LLONG DES_PTR DES_UNROLL:::::::::::::",
+
+# HPUX 10.X config.  Supports threads.
+"hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
+"hpux10-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+"hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# If hpux10-gcc fails, try this one:
+"hpux10-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+# HPUX 11.X from www.globus.org.
+# Only works on PA-RISC 2.0 cpus, and not optimized.  Why?
+#"hpux11-32bit-cc","cc:+DA2.0 -DB_ENDIAN -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT:::DES_PTR DES_UNROLL DES_RISC1:::",
+#"hpux11-64bit-cc","cc:+DA2.0W -g -D_HPUX_SOURCE -Aa -Ae +ESlit::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT :::",
+# Use unified settings above instead.
+
+#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
+"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+
+#### PARISC Linux setups
+"linux-parisc","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
+
+# Dec Alpha, OSF/1 - the alpha164-cc is historical, for the conversion
+# from the older DEC C Compiler to the newer compiler.  It's now the
+# same as the preferred entry, alpha-cc.  If you are still using the
+# older compiler (you're at 3.x or earlier, or perhaps very early 4.x)
+# you should use `alphaold-cc'.
+#
+#	"What's in a name? That which we call a rose
+#	 By any other word would smell as sweet."
+#
+# - William Shakespeare, "Romeo & Juliet", Act II, scene II.
+#
+# For OSF/1 3.2b and earlier, and Digital UNIX 3.2c - 3.2g, with the
+# vendor compiler, use alphaold-cc.
+# For Digital UNIX 4.0 - 4.0e, with the vendor compiler, use alpha-cc.
+# For Tru64 UNIX 4.f - current, with the vendor compiler, use alpha-cc.
+#
+# There's also an alternate target available (which `config' will never
+# select) called alpha-cc-rpath.  This target builds an RPATH into the
+# shared libraries, which is very convenient on Tru64 since binaries
+# linked against that shared library will automatically inherit that RPATH,
+# and hence know where to look for the openssl libraries, even if they're in
+# an odd place.
+#
 # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
-"alpha-gcc","gcc:-O3::SIXTY_FOUR_BIT_LONG DES_UNROLL DES_RISC1:asm/alpha.o::",
-"alpha-cc", "cc:-tune host -O4 -readonly_strings::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
-"alpha164-cc", "cc:-tune host -fast -readonly_strings::SIXTY_FOUR_BIT_LONG:asm/alpha.o::",
+#
+"alpha-gcc","gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
+"alphaold-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
+"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so",
+"alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so",
+"alpha-cc-rpath", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared-rpath:::.so",
+#
+# This probably belongs in a different section.
+#
+"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### Alpha Linux with GNU C and Compaq C setups
+# Special notes:
+# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
+#   ought to run './Configure linux-alpha+bwx-gcc' manually, do
+#   complement the command line with -mcpu=ev56, -mcpu=ev6 or whatever
+#   which is appropriate.
+# - If you use ccc keep in mind that -fast implies -arch host and the
+#   compiler is free to issue instructions which gonna make elder CPU
+#   choke. If you wish to build "blended" toolkit, add -arch generic
+#   *after* -fast and invoke './Configure linux-alpha-ccc' manually.
+#
+#					<appro@fy.chalmers.se>
+#
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+
+# assembler versions -- currently defunct:
+##"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:::(unknown):SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${alpha_asm}",
 
 # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
 # bn86-elf.o file file since it is hand tweaked assembler.
-"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"debug-linux-elf","gcc:-DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
-"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
-"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
-"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
-"NetBSD-x86",	"gcc:-DTERMIOS -D_ANSI_SOURCE -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
-"FreeBSD",   "gcc:-DTERMIOS -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
-#"bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::RSA_LLONG $x86_gc_des $x86_gcc_opts:$x86_bsdi_asm",
-"nextstep",	"cc:-O3 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:::",
+"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-pentium",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppro",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-k6",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+"linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::",
+"linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::",
+"linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
+"linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-s390x",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-x86_64", "gcc:-DL_ENDIAN -DNO_ASM ::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+"bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown):::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
+"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"nextstep",	"cc:-O -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+"nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+
 # NCR MP-RAS UNIX ver 02.03.01
-"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw:-lsocket -lnsl:$x86_gcc_des $x86_gcc_opts:::",
+"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
+
+# QNX 4
+"qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
+
+# QNX 6
+"qnx6",	"cc:-DL_ENDIAN -DTERMIOS::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:",
+
+# Linux on ARM
+"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+# UnixWare 2.0x fails destest with -O
+"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-2.0-pentium","cc:-DFILIO_H -DNO_STRINGS_H -Kpentium::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+
+# UnixWare 2.1
+"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-2.1-pentium","cc:-O -DFILIO_H -Kpentium::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+"unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
 
-# UnixWare 2.0
-"unixware-2.0","cc:-O -DFILIO_H:-lsocket -lnsl:$x86_gcc_des $x86_gcc_opts:::",
-"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX $x86_des_des::",
+# UnixWare 7
+"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+# OpenUNIX 8
+"OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenUNIX-8-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenUNIX-8-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 # IBM's AIX.
-"aix-cc",   "cc:-O -DAIX -DB_ENDIAN::BN_LLONG RC4_CHAR:::",
-"aix-gcc",  "gcc:-O2 -DAIX -DB_ENDIAN::BN_LLONG RC4_CHAR:::",
+"aix-cc",   "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+"aix-gcc",  "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+"aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+"aix43-gcc",  "gcc:-O1 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+"aix64-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn::::::-X 64",
 
 #
-# Cray T90 (SDSC)
+# Cray T90 and similar (SDSC)
 # It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
 # defined.  The T90 ints and longs are 8 bytes long, and apparently the
 # B_ENDIAN code assumes 4 byte ints.  Fortunately, the non-B_ENDIAN and
@@ -163,115 +453,649 @@ $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/b
 #'Taking the address of a bit field is not allowed. '
 #'An expression with bit field exists as the operand of "sizeof" '
 # (written by Wayne Schroeder <schroede@SDSC.EDU>)
-"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::SIXTY_FOUR_BIT_LONG DES_INT:::",
+#
+# j90 is considered the base machine type for unicos machines,
+# so this configuration is now called "cray-j90" ...
+"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG DES_INT:::",
+
+#
+# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
+#
+# The BIT_FIELD_LIMITS define was written for the C90 (it seems).  I added
+# another use.  Basically, the problem is that the T3E uses some bit fields
+# for some st_addr stuff, and then sizeof and address-of fails
+# I could not use the ams/alpha.o option because the Cray assembler, 'cam'
+# did not like it.
+"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:::",
 
 # DGUX, 88100.
-"dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer::RC4_INDEX DES_UNROLL:::",
-"dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer:-lnsl -lsocket:RC4_INDEX:RC4_INDEX DES_UNROLL:::",
-"dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN:-lnsl -lsocket:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+"dgux-R3-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown):::RC4_INDEX DES_UNROLL:::",
+"dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown)::-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
+"dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown)::-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+
+# SCO 3 - Tim Rice <tim@multitalents.net>
+"sco3-gcc",  "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
 
 # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
 # SCO cc.
-"sco5-cc",  "cc::-lsocket:$x86_gcc_des $x86_gcc_opts:::", # des options?
+"sco5-cc",  "cc:-belf::(unknown)::-lsocket -lresolv -lnsl:${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-Kpic", # des options?
+"sco5-cc-pentium",  "cc:-Kpentium::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
+"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC", # the SCO assembler doesn't seem to like our assembler files ...
+
+# Sinix/ReliantUNIX RM400
+# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
+"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"SINIX","cc:-O::(unknown):SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
+"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::",
 
-# Sinix RM400
-"SINIX-N","/usr/ucb/cc:-O2 -misaligned:-lucb:RC4_INDEX RC4_CHAR:::",
+# SIEMENS BS2000/OSD: an EBCDIC-based mainframe
+"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
+
+# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
+# You need to compile using the c89.sh wrapper in the tools directory, because the
+# IBM compiler does not like the -L switch after any object modules.
+#
+"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H  -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
 
 # Windows NT, Microsoft Visual C++ 4.0
 
-# hmm... bug in perl under NT, I need to concatinate :-(
-"VC-NT","cl:::BN_LLONG RC4_INDEX ".$x86_gcc_opts.":::",
-"VC-WIN32","cl:::BN_LLONG RC4_INDEX ".$x86_gcc_opts.":::",
-"VC-WIN16","cl:::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
-"VC-W31-16","cl:::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
-"VC-W31-32","cl:::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
-"VC-MSDOS","cl:::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"VC-NT","cl::::WINNT::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}::::::::::win32",
+"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}::::::::::win32",
+"VC-WIN32","cl::::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}::::::::::win32",
+"VC-WIN16","cl:::(unknown):WIN16::MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
+"VC-W31-16","cl:::(unknown):WIN16::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"VC-W31-32","cl::::WIN16::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT:::",
+"VC-MSDOS","cl:::(unknown):MSDOS::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
 
 # Borland C++ 4.5
-"BC-32","bcc32:::DES_PTR RC4_INDEX:::",
-"BC-16","bcc:::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX::::::::::win32",
+"BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+
+# Mingw32
+# (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl
+# and its library files in util/pl/*)
+"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
 
-# Our old Ultrix box :-). -O2 breaks some of the bignum stuff (now fixed,
-# it is a compiler bug, look in bug/ultrixcc.c for example code.
-"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN:::asm/mips1.o:::",
+# UWIN 
+"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+
+# Cygwin
+"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32:cygwin-shared:::.dll",
+
+# DJGPP
+"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::",
+
+# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
+"ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown):::::::",
+"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::::::",
+# K&R C is no longer supported; you need gcc on old Ultrix installations
+##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::",
 
 # Some OpenBSD from Bob Beck <beck@obtuse.com>
-"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer:SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:asm/alpha.o::",
-"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
-"OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL:::",
-"OpenBSD-mips","gcc:-O2 -DL_ENDIAN:BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::",
+"OpenBSD",		"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-alpha",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-i386",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-m68k",		"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-m88k",		"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-mips",		"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-powerpc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-vax",		"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"OpenBSD-hppa",		"gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown):::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+##### MacOS X (a.k.a. Rhapsody or Darwin) setup
+"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
+"darwin-ppc-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-i386-cc","cc:-O3 -fomit-frame-pointer -fno-common -DB_ENDIAN::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+
+##### A/UX
+"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
+
+##### Sony NEWS-OS 4.x
+"newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
+
+##### GNU Hurd
+"hurd-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
+
+##### OS/2 EMX
+"OS2-EMX", "gcc::::::::",
+
+##### VxWorks for various targets
+"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
+"vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::",
+"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
+
+##### Compaq Non-Stop Kernel (Tandem)
+"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
+
 );
 
-$no_asm=0;
-$postfix="org";
-$Makefile="Makefile.ssl";
-$des_locl="crypto/des/des_locl.h";
-$des	="crypto/des/des.h";
-$bn	="crypto/bn/bn.h";
-$md2	="crypto/md2/md2.h";
-$rc4	="crypto/rc4/rc4.h";
-$rc4_locl="crypto/rc4/rc4_locl.h";
-$idea	="crypto/idea/idea.h";
-$rc2	="crypto/rc2/rc2.h";
-$bf	="crypto/bf/bf_locl.h";
-$bn_asm	="bn_asm.o";
-$des_enc="des_enc.o fcrypt_b.o";
-$bf_enc	="bf_enc.o";
-$cast_enc="c_enc.o";
-$rc4_enc="rc4_enc.o";
-$rc5_enc="rc5_enc.o";
-$md5_obj="";
-$sha1_obj="";
-$rmd160_obj="";
-
-if ($#ARGV < 0)
-	{
-	&bad_target;
-	exit(1);
-	}
+my @WinTargets=qw(VC-NT VC-CE VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS
+	BC-32 BC-16 Mingw32 OS2-EMX);
+
+my $idx = 0;
+my $idx_cc = $idx++;
+my $idx_cflags = $idx++;
+my $idx_unistd = $idx++;
+my $idx_thread_cflag = $idx++;
+my $idx_sys_id = $idx++;
+my $idx_lflags = $idx++;
+my $idx_bn_ops = $idx++;
+my $idx_bn_obj = $idx++;
+my $idx_des_obj = $idx++;
+my $idx_bf_obj = $idx++;
+my $idx_md5_obj = $idx++;
+my $idx_sha1_obj = $idx++;
+my $idx_cast_obj = $idx++;
+my $idx_rc4_obj = $idx++;
+my $idx_rmd160_obj = $idx++;
+my $idx_rc5_obj = $idx++;
+my $idx_dso_scheme = $idx++;
+my $idx_shared_target = $idx++;
+my $idx_shared_cflag = $idx++;
+my $idx_shared_ldflag = $idx++;
+my $idx_shared_extension = $idx++;
+my $idx_ranlib = $idx++;
+my $idx_arflags = $idx++;
+
+my $prefix="";
+my $openssldir="";
+my $exe_ext="";
+my $install_prefix="";
+my $no_threads=0;
+my $no_shared=1;
+my $zlib=0;
+my $no_krb5=0;
+my $threads=0;
+my $no_asm=0;
+my $no_dso=0;
+my @skip=();
+my $Makefile="Makefile.ssl";
+my $des_locl="crypto/des/des_locl.h";
+my $des	="crypto/des/des.h";
+my $bn	="crypto/bn/bn.h";
+my $md2	="crypto/md2/md2.h";
+my $rc4	="crypto/rc4/rc4.h";
+my $rc4_locl="crypto/rc4/rc4_locl.h";
+my $idea	="crypto/idea/idea.h";
+my $rc2	="crypto/rc2/rc2.h";
+my $bf	="crypto/bf/bf_locl.h";
+my $bn_asm	="bn_asm.o";
+my $des_enc="des_enc.o fcrypt_b.o";
+my $bf_enc	="bf_enc.o";
+my $cast_enc="c_enc.o";
+my $rc4_enc="rc4_enc.o";
+my $rc5_enc="rc5_enc.o";
+my $md5_obj="";
+my $sha1_obj="";
+my $rmd160_obj="";
+my $processor="";
+my $default_ranlib;
+my $perl;
+
+my $no_ssl2=0;
+my $no_ssl3=0;
+my $no_tls1=0;
+my $no_md5=0;
+my $no_sha=0;
+my $no_rsa=0;
+my $no_dh=0;
+
+$default_ranlib= &which("ranlib") or $default_ranlib="true";
+$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
+  or $perl="perl";
+
+&usage if ($#ARGV < 0);
+
+my $flags;
+my $depflags;
+my $openssl_algorithm_defines;
+my $openssl_thread_defines;
+my $openssl_sys_defines="";
+my $openssl_other_defines;
+my $libs;
+my $target;
+my $options;
+my $symlink;
+my $make_depend=0;
+my %withargs=();
+
+my @argvcopy=@ARGV;
+my $argvstring="";
+my $argv_unprocessed=1;
 
-$flags="";
-foreach (@ARGV)
+while($argv_unprocessed)
 	{
-	if ($_ =~ /^no-asm$/)
-		{ $no_asm=1; }
-	elsif ($_ =~ /^-/)
+	$flags="";
+	$depflags="";
+	$openssl_algorithm_defines="";
+	$openssl_thread_defines="";
+	$openssl_sys_defines="";
+	$openssl_other_defines="";
+	$libs="";
+	$target="";
+	$options="";
+	$symlink=1;
+
+	$argv_unprocessed=0;
+	$argvstring=join(' ',@argvcopy);
+
+PROCESS_ARGS:
+	foreach (@argvcopy)
 		{
-		if ($_ =~ /^-[lL](.*)$/)
+		s /^-no-/no-/; # some people just can't read the instructions
+		if (/^--test-sanity$/)
+			{
+			exit(&test_sanity());
+			}
+		elsif (/^no-asm$/)
+		 	{
+			$no_asm=1;
+			$flags .= "-DOPENSSL_NO_ASM ";
+			$openssl_other_defines .= "#define OPENSSL_NO_ASM\n";
+			}
+		elsif (/^no-hw-(.+)$/)
+			{
+			my $hw=$1;
+			$hw =~ tr/[a-z]/[A-Z]/;
+			$flags .= "-DOPENSSL_NO_HW_$hw ";
+			$openssl_other_defines .= "#define OPENSSL_NO_HW_$hw\n";
+			}
+		elsif (/^no-hw$/)
+			{
+			$flags .= "-DOPENSSL_NO_HW ";
+			$openssl_other_defines .= "#define OPENSSL_NO_HW\n";
+			}
+		elsif (/^no-dso$/)
+			{ $no_dso=1; }
+		elsif (/^no-krb5$/)
+			{ $no_krb5=1; }
+		elsif (/^no-threads$/)
+			{ $no_threads=1; }
+		elsif (/^threads$/)
+			{ $threads=1; }
+		elsif (/^no-shared$/)
+			{ $no_shared=1; }
+		elsif (/^shared$/ || /^-shared$/ || /^--shared$/)
+			{ $no_shared=0; }
+		elsif (/^no-zlib$/)
+			{ $zlib=0; }
+		elsif (/^zlib$/)
+			{ $zlib=1; }
+		elsif (/^zlib-dynamic$/)
+			{ $zlib=2; }
+		elsif (/^no-symlinks$/)
+			{ $symlink=0; }
+		elsif (/^no-ssl$/)
+			{ $no_ssl2 = $no_ssl3 = 1; }
+		elsif (/^no-ssl2$/)
+			{ $no_ssl2 = 1; }
+		elsif (/^no-ssl3$/)
+			{ $no_ssl3 = 1; }
+		elsif (/^no-tls1?$/)
+			{ $no_tls1 = 1; }
+		elsif (/^no-(.+)$/)
+			{
+			my $algo=$1;
+			push @skip,$algo;
+			$algo =~ tr/[a-z]/[A-Z]/;
+			$flags .= "-DOPENSSL_NO_$algo ";
+			$depflags .= "-DOPENSSL_NO_$algo ";
+			$openssl_algorithm_defines .= "#define OPENSSL_NO_$algo\n";
+			if ($algo eq "RIJNDAEL")
+				{
+				push @skip, "aes";
+				$flags .= "-DOPENSSL_NO_AES ";
+				$depflags .= "-DOPENSSL_NO_AES ";
+				$openssl_algorithm_defines .= "#define OPENSSL_NO_AES\n";
+				}
+			if ($algo eq "DES")
+				{
+				push @skip, "mdc2";
+				$options .= " no-mdc2";
+				$flags .= "-DOPENSSL_NO_MDC2 ";
+				$depflags .= "-DOPENSSL_NO_MDC2 ";
+				$openssl_algorithm_defines .= "#define OPENSSL_NO_MDC2\n";
+				}
+			if ($algo eq "EC")
+				{
+				push @skip, "ecdsa";
+				push @skip, "ecdh";
+				$options .= " no-ecdsa";
+				$options .= " no-ecdh";
+				$flags .= "-DOPENSSL_NO_ECDSA ";
+				$flags .= "-DOPENSSL_NO_ECDH ";
+				$depflags .= "-DOPENSSL_NO_ECDSA ";
+				$depflags .= "-DOPENSSL_NO_ECDH ";
+				$openssl_algorithm_defines .= "#define OPENSSL_NO_ECDSA\n";
+				$openssl_algorithm_defines .= "#define OPENSSL_NO_ECDH\n";
+				}
+			if ($algo eq "SHA" || $algo eq "SHA1")
+				{
+				push @skip, "ecdsa";
+				$options .= " no-ecdsa";
+				$flags .= "-DOPENSSL_NO_ECDSA ";
+				$depflags .= "-DOPENSSL_NO_ECDSA ";
+				$openssl_algorithm_defines .= "#define OPENSSL_NO_ECDSA\n";
+				}
+			if ($algo eq "MD5")
+				{
+				$no_md5 = 1;
+				}
+			if ($algo eq "SHA")
+				{
+				$no_sha = 1;
+				}
+			if ($algo eq "RSA")
+				{
+				$no_rsa = 1;
+				}
+			if ($algo eq "DH")
+				{
+				$no_dh = 1;
+				}
+			}
+		elsif (/^reconfigure/ || /^reconf/)
 			{
-			$libs.=$_." ";
+			if (open(IN,"<$Makefile"))
+				{
+				while (<IN>)
+					{
+					chop;
+					if (/^CONFIGURE_ARGS=(.*)/)
+						{
+						$argvstring=$1;
+						@argvcopy=split(' ',$argvstring);
+						die "Incorrect data to reconfigure, please do a normal configuration\n"
+							if (grep(/^reconf/,@argvcopy));
+						print "Reconfiguring with: $argvstring\n";
+						$argv_unprocessed=1;
+						close(IN);
+						last PROCESS_ARGS;
+						}
+					}
+				close(IN);
+				}
+			die "Insufficient data to reconfigure, please do a normal configuration\n";
 			}
-		elsif ($_ =~ /^-D(.*)$/)
+		elsif (/^386$/)
+			{ $processor=386; }
+		elsif (/^rsaref$/)
 			{
-			$flags.=$_." ";
+			# No RSAref support any more since it's not needed.
+			# The check for the option is there so scripts aren't
+			# broken
+			}
+		elsif (/^[-+]/)
+			{
+			if (/^-[lL](.*)$/)
+				{
+				$libs.=$_." ";
+				}
+			elsif (/^-[^-]/ or /^\+/)
+				{
+				$flags.=$_." ";
+				}
+			elsif (/^--prefix=(.*)$/)
+				{
+				$prefix=$1;
+				}
+			elsif (/^--openssldir=(.*)$/)
+				{
+				$openssldir=$1;
+				}
+			elsif (/^--install.prefix=(.*)$/)
+				{
+				$install_prefix=$1;
+				}
+			elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/)
+				{
+				$withargs{"krb5-".$1}=$2;
+				}
+			else
+				{
+				print STDERR $usage;
+				exit(1);
+				}
+			}
+		elsif ($_ =~ /^([^:]+):(.+)$/)
+			{
+			eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
+			$target=$1;
 			}
 		else
 			{
-			die "unknown options, only -Dxxx, -Lxxx -lxxx supported\n";
+			die "target already defined - $target\n" if ($target ne "");
+			$target=$_;
+			}
+		unless ($_ eq $target) {
+			if ($options eq "") {
+				$options = $_;
+			} else {
+				$options .= " ".$_;
 			}
 		}
-	else
+	}
+}
+
+$no_ssl3=1 if ($no_md5 || $no_sha);
+$no_ssl3=1 if ($no_rsa && $no_dh);
+
+$no_ssl2=1 if ($no_md5);
+$no_ssl2=1 if ($no_rsa);
+
+$no_tls1=1 if ($no_md5 || $no_sha);
+$no_tls1=1 if ($no_dh);
+
+if ($no_ssl2)
+	{
+	push @skip,"SSL2";
+	$flags .= "-DOPENSSL_NO_SSL2 ";
+	$depflags .= "-DOPENSSL_NO_SSL2 ";
+	$openssl_algorithm_defines .= "#define OPENSSL_NO_SSL2\n";
+	}
+
+if ($no_ssl3)
+	{
+	push @skip,"SSL3";
+	$flags .= "-DOPENSSL_NO_SSL3 ";
+	$depflags .= "-DOPENSSL_NO_SSL3 ";
+	$openssl_algorithm_defines .= "#define OPENSSL_NO_SSL3\n";
+	}
+
+if ($no_tls1)
+	{
+	push @skip,"TLS1";
+	$flags .= "-DOPENSSL_NO_TLS1 ";
+	$depflags .= "-DOPENSSL_NO_TLS1 ";
+	$openssl_algorithm_defines .= "#define OPENSSL_NO_TLS1\n";
+	}
+
+if ($target eq "TABLE") {
+	foreach $target (sort keys %table) {
+		print_table_entry($target);
+	}
+	exit 0;
+}
+
+if ($target eq "LIST") {
+	foreach (sort keys %table) {
+		print;
+		print "\n";
+	}
+	exit 0;
+}
+
+if ($target =~ m/^CygWin32(-.*)$/) {
+	$target = "Cygwin".$1;
+}
+
+print "Configuring for $target\n";
+
+&usage if (!defined($table{$target}));
+
+my $IsWindows=scalar grep /^$target$/,@WinTargets;
+
+$exe_ext=".exe" if ($target eq "Cygwin");
+$exe_ext=".exe" if ($target eq "DJGPP");
+$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
+$prefix=$openssldir if $prefix eq "";
+
+chop $openssldir if $openssldir =~ /\/$/;
+chop $prefix if $prefix =~ /\/$/;
+
+$openssldir=$prefix . "/ssl" if $openssldir eq "";
+$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
+
+
+print "IsWindows=$IsWindows\n";
+
+my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+my $cc = $fields[$idx_cc];
+my $cflags = $fields[$idx_cflags];
+my $unistd = $fields[$idx_unistd];
+my $thread_cflag = $fields[$idx_thread_cflag];
+my $sys_id = $fields[$idx_sys_id];
+my $lflags = $fields[$idx_lflags];
+my $bn_ops = $fields[$idx_bn_ops];
+my $bn_obj = $fields[$idx_bn_obj];
+my $des_obj = $fields[$idx_des_obj];
+my $bf_obj = $fields[$idx_bf_obj];
+$md5_obj = $fields[$idx_md5_obj];
+$sha1_obj = $fields[$idx_sha1_obj];
+my $cast_obj = $fields[$idx_cast_obj];
+my $rc4_obj = $fields[$idx_rc4_obj];
+$rmd160_obj = $fields[$idx_rmd160_obj];
+my $rc5_obj = $fields[$idx_rc5_obj];
+my $dso_scheme = $fields[$idx_dso_scheme];
+my $shared_target = $fields[$idx_shared_target];
+my $shared_cflag = $fields[$idx_shared_cflag];
+my $shared_ldflag = $fields[$idx_shared_ldflag];
+my $shared_extension = $fields[$idx_shared_extension];
+my $ranlib = $fields[$idx_ranlib];
+my $arflags = $fields[$idx_arflags];
+
+$cflags="$flags$cflags" if ($flags ne "");
+
+# Kerberos settings.  The flavor must be provided from outside, either through
+# the script "config" or manually.
+if ($no_krb5
+	|| !defined($withargs{"krb5-flavor"})
+	|| $withargs{"krb5-flavor"} eq "")
+	{
+	$cflags="-DOPENSSL_NO_KRB5 $cflags";
+	$options.=" no-krb5" unless $no_krb5;
+	$openssl_algorithm_defines .= "#define OPENSSL_NO_KRB5\n";
+	}
+else
+	{
+	my ($lresolv, $lpath, $lext);
+	if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/)
+		{
+		die "Sorry, Heimdal is currently not supported\n";
+		}
+	##### HACK to force use of Heimdal.
+	##### WARNING: Since we don't really have adequate support for Heimdal,
+	#####          using this will break the build.  You'll have to make
+	#####          changes to the source, and if you do, please send
+	#####          patches to openssl-dev@openssl.org
+	if ($withargs{"krb5-flavor"} =~ /^force-[Hh]eimdal$/)
 		{
-		die "target already defined - $target\n" if ($target ne "");
-		$target=$_;
-		if (!defined($table{$target}))
+		warn "Heimdal isn't really supported.  Your build WILL break\n";
+		warn "If you fix the problems, please send a patch to openssl-dev\@openssl.org\n";
+		$withargs{"krb5-dir"} = "/usr/heimdal"
+			if $withargs{"krb5-dir"} eq "";
+		$withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
+			"/lib -lgssapi -lkrb5 -lcom_err"
+			if $withargs{"krb5-lib"} eq "";
+		$cflags="-DKRB5_HEIMDAL $cflags";
+		}
+	if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/)
+		{
+		$withargs{"krb5-dir"} = "/usr/kerberos"
+			if $withargs{"krb5-dir"} eq "";
+		$withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
+			"/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto"
+			if $withargs{"krb5-lib"} eq "";
+		$cflags="-DKRB5_MIT $cflags";
+		$withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//;
+		if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/)
+			{
+			$cflags="-DKRB5_MIT_OLD11 $cflags";
+			}
+		}
+	LRESOLV:
+	foreach $lpath ("/lib", "/usr/lib")
+		{
+		foreach $lext ("a", "so")
 			{
-			&bad_target;
-			exit(1);
+			$lresolv = "$lpath/libresolv.$lext";
+			last LRESOLV	if (-r "$lresolv");
+			$lresolv = "";
 			}
 		}
+	$withargs{"krb5-lib"} .= " -lresolv"
+		if ("$lresolv");
+	$withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include"
+		if $withargs{"krb5-include"} eq "" &&
+		   $withargs{"krb5-dir"} ne "";
 	}
 
-if (!defined($table{$target}))
+# The DSO code currently always implements all functions so that no
+# applications will have to worry about that from a compilation point
+# of view. However, the "method"s may return zero unless that platform
+# has support compiled in for them. Currently each method is enabled
+# by a define "DSO_<name>" ... we translate the "dso_scheme" config
+# string entry into using the following logic;
+my $dso_cflags;
+if (!$no_dso && $dso_scheme ne "")
 	{
-	&bad_target;
-	exit(1);
+	$dso_scheme =~ tr/[a-z]/[A-Z]/;
+	if ($dso_scheme eq "DLFCN")
+		{
+		$dso_cflags = "-DDSO_DLFCN -DHAVE_DLFCN_H";
+		}
+	elsif ($dso_scheme eq "DLFCN_NO_H")
+		{
+		$dso_cflags = "-DDSO_DLFCN";
+		}
+	else
+		{
+		$dso_cflags = "-DDSO_$dso_scheme";
+		}
+	$cflags = "$dso_cflags $cflags";
 	}
 
-($cc,$cflags,$lflags,$bn_ops,$bn_obj,$des_obj,$bf_obj,$md5_obj,$sha1_obj,
-	$cast_obj,$rc4_obj,$rmd160_obj,$rc5_obj)=
-	split(/\s*:\s*/,$table{$target});
-$cflags="$flags$cflags" if ($flags ne "");
+my $thread_cflags;
+my $thread_defines;
+if ($thread_cflag ne "(unknown)" && !$no_threads)
+	{
+	# If we know how to do it, support threads by default.
+	$threads = 1;
+	}
+if ($thread_cflag eq "(unknown)")
+	{
+	# If the user asked for "threads", hopefully they also provided
+	# any system-dependent compiler options that are necessary.
+	$thread_cflags="-DOPENSSL_THREADS $cflags" ;
+	$thread_defines .= "#define OPENSSL_THREADS\n";
+	}
+else
+	{
+	$thread_cflags="-DOPENSSL_THREADS $thread_cflag $cflags";
+	$thread_defines .= "#define OPENSSL_THREADS\n";
+#	my $def;
+#	foreach $def (split ' ',$thread_cflag)
+#		{
+#		if ($def =~ s/^-D// && $def !~ /^_/)
+#			{
+#			$thread_defines .= "#define $def\n";
+#			}
+#		}
+	}	
+
 $lflags="$libs$lflags"if ($libs ne "");
 
 if ($no_asm)
@@ -280,9 +1104,65 @@ if ($no_asm)
 	$sha1_obj=$md5_obj=$rmd160_obj="";
 	}
 
-($bn1)=split(/\s+/,$bn_obj);
-$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
-$bn_obj="$bn1";
+if ($threads)
+	{
+	$cflags=$thread_cflags;
+	$openssl_thread_defines .= $thread_defines;
+	}
+
+if ($zlib)
+	{
+	$cflags = "-DZLIB $cflags";
+	$cflags = "-DZLIB_SHARED $cflags" if $zlib == 2;
+	$lflags = "$lflags -lz" if $zlib == 1;
+	}
+
+# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
+my $shared_mark = "";
+if ($shared_target ne "")
+	{
+	if ($shared_cflag ne "")
+		{
+		$cflags = "$shared_cflag $cflags";
+		}
+	if (!$no_shared)
+		{
+		#$shared_mark = "\$(SHARED_LIBS)";
+		}
+	}
+else
+	{
+	$no_shared = 1;
+	}
+
+if ($no_shared)
+	{
+	$cflags="-DOPENSSL_NO_DYNAMIC_ENGINE $cflags";
+	$openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n";
+	}
+else
+	{
+	$cflags="-DOPENSSL_NO_STATIC_ENGINE $cflags";
+	$openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n";
+	}
+
+if ($sys_id ne "")
+	{
+	$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags";
+	$openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n";
+	}
+
+if ($ranlib eq "")
+	{
+	$ranlib = $default_ranlib;
+	}
+
+#my ($bn1)=split(/\s+/,$bn_obj);
+#$bn1 = "" unless defined $bn1;
+#$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
+#$bn_obj="$bn1";
+
+$bn_obj = $bn_asm unless $bn_obj ne "";
 
 $des_obj=$des_enc	unless ($des_obj =~ /\.o$/);
 $bf_obj=$bf_enc		unless ($bf_obj =~ /\.o$/);
@@ -305,17 +1185,79 @@ if ($rmd160_obj =~ /\.o$/)
 	$cflags.=" -DRMD160_ASM";
 	}
 
-$n=&file_new($Makefile);
-open(IN,"<".$Makefile) || die "unable to read $Makefile:$!\n";
-open(OUT,">".$n) || die "unable to read $n:$!\n";
+# "Stringify" the C flags string.  This permits it to be made part of a string
+# and works as well on command lines.
+$cflags =~ s/([\\\"])/\\\1/g;
+
+my $version = "unknown";
+my $version_num = "unknown";
+my $major = "unknown";
+my $minor = "unknown";
+my $shlib_version_number = "unknown";
+my $shlib_version_history = "unknown";
+my $shlib_major = "unknown";
+my $shlib_minor = "unknown";
+
+open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n";
+while (<IN>)
+	{
+	$version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
+	$version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/;
+	$shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
+	$shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
+	}
+close(IN);
+if ($shlib_version_history ne "") { $shlib_version_history .= ":"; }
+
+if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
+	{
+	$major=$1;
+	$minor=$2;
+	}
+
+if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
+	{
+	$shlib_major=$1;
+	$shlib_minor=$2;
+	}
+
+open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
+unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
+open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
+print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
+my $sdirs=0;
 while (<IN>)
 	{
 	chop;
+	$sdirs = 1 if /^SDIRS=/;
+	if ($sdirs) {
+		my $dir;
+		foreach $dir (@skip) {
+			s/([ 	])$dir /\1/;
+			}
+		}
+	$sdirs = 0 unless /\\$/;
+	s/^VERSION=.*/VERSION=$version/;
+	s/^MAJOR=.*/MAJOR=$major/;
+	s/^MINOR=.*/MINOR=$minor/;
+	s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
+	s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
+	s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
+	s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/;
+	s/^SHLIB_EXT=.*/SHLIB_EXT=$shared_extension/;
+	s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
+	s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
+	s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
 	s/^PLATFORM=.*$/PLATFORM=$target/;
+	s/^OPTIONS=.*$/OPTIONS=$options/;
+	s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/;
 	s/^CC=.*$/CC= $cc/;
+	s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
 	s/^CFLAG=.*$/CFLAG= $cflags/;
+	s/^DEPFLAG=.*$/DEPFLAG= $depflags/;
 	s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
-	s/^BN_MULW=.*$/BN_MULW= $bn_obj/;
+	s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
+	s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
 	s/^DES_ENC=.*$/DES_ENC= $des_obj/;
 	s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
 	s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/;
@@ -324,16 +1266,45 @@ while (<IN>)
 	s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
 	s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
 	s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
+	s/^PROCESSOR=.*/PROCESSOR= $processor/;
+	s/^RANLIB=.*/RANLIB= $ranlib/;
+	s/^ARFLAGS=.*/ARFLAGS= $arflags/;
+	s/^PERL=.*/PERL= $perl/;
+	s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
+	s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
+	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
+	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
+	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
+	if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
+		{
+		my $sotmp = $1;
+		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/;
+		}
+	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.dylib$/)
+		{
+		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.dylib/;
+		}
+	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
+		{
+		my $sotmp = $1;
+		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
+		}
+	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
+		{
+		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
+		}
+	s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
 	print OUT $_."\n";
 	}
 close(IN);
 close(OUT);
-&Rename($Makefile,&file_old($Makefile));
-&Rename($n,$Makefile);
+rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
+rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
+
 print "CC            =$cc\n";
 print "CFLAG         =$cflags\n";
 print "EX_LIBS       =$lflags\n";
-print "BN_MULW       =$bn_obj\n";
+print "BN_ASM        =$bn_obj\n";
 print "DES_ENC       =$des_obj\n";
 print "BF_ENC        =$bf_obj\n";
 print "CAST_ENC      =$cast_obj\n";
@@ -342,21 +1313,33 @@ print "RC5_ENC       =$rc5_obj\n";
 print "MD5_OBJ_ASM   =$md5_obj\n";
 print "SHA1_OBJ_ASM  =$sha1_obj\n";
 print "RMD160_OBJ_ASM=$rmd160_obj\n";
+print "PROCESSOR     =$processor\n";
+print "RANLIB        =$ranlib\n";
+print "ARFLAGS       =$arflags\n";
+print "PERL          =$perl\n";
+print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n"
+	if $withargs{"krb5-include"} ne "";
+print "LIBKRB5       =",$withargs{"krb5-lib"},"\n"
+	if $withargs{"krb5-lib"} ne "";
 
-$des_ptr=0;
-$des_risc1=0;
-$des_risc2=0;
-$des_unroll=0;
-$bn_ll=0;
-$def_int=2;
-$rc4_int=$def_int;
-$md2_int=$def_int;
-$idea_int=$def_int;
-$rc2_int=$def_int;
-$rc4_idx=0;
-$bf_ptr=0;
-@type=("char","short","int","long");
-($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0);
+my $des_ptr=0;
+my $des_risc1=0;
+my $des_risc2=0;
+my $des_unroll=0;
+my $bn_ll=0;
+my $def_int=2;
+my $rc4_int=$def_int;
+my $md2_int=$def_int;
+my $idea_int=$def_int;
+my $rc2_int=$def_int;
+my $rc4_idx=0;
+my $rc4_chunk=0;
+my $bf_ptr=0;
+my @type=("char","short","int","long");
+my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0);
+my $export_var_as_fn=0;
+
+my $des_int;
 
 foreach (sort split(/\s+/,$bn_ops))
 	{
@@ -369,6 +1352,8 @@ foreach (sort split(/\s+/,$bn_ops))
 	$rc4_int=0 if /RC4_CHAR/;
 	$rc4_int=3 if /RC4_LONG/;
 	$rc4_idx=1 if /RC4_INDEX/;
+	$rc4_chunk=1 if /RC4_CHUNK/;
+	$rc4_chunk=2 if /RC4_CHUNK_LL/;
 	$md2_int=0 if /MD2_CHAR/;
 	$md2_int=3 if /MD2_LONG/;
 	$idea_int=1 if /IDEA_SHORT/;
@@ -382,15 +1367,53 @@ foreach (sort split(/\s+/,$bn_ops))
 	($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0) if /THIRTY_TWO_BIT/;
 	($b64l,$b64,$b32,$b16,$b8)=(0,0,0,1,0) if /SIXTEEN_BIT/;
 	($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/;
+	$export_var_as_fn=1 if /EXPORT_VAR_AS_FN/;
 	}
 
-(($in=$bn) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($bn);
-open(IN,"<".$in) || die "unable to read $bn:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
+open(IN,'<crypto/opensslconf.h.in') || die "unable to read crypto/opensslconf.h.in:$!\n";
+unlink("crypto/opensslconf.h.new") || die "unable to remove old crypto/opensslconf.h.new:$!\n" if -e "crypto/opensslconf.h.new";
+open(OUT,'>crypto/opensslconf.h.new') || die "unable to create crypto/opensslconf.h.new:$!\n";
+print OUT "/* opensslconf.h */\n";
+print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n";
+
+print OUT "/* OpenSSL was configured with the following options: */\n";
+my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
+$openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n#  define $1\n# endif/mg;
+$openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
+$openssl_algorithm_defines = "   /* no ciphers excluded */\n" if $openssl_algorithm_defines eq "";
+$openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
+$openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
+$openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
+print OUT $openssl_sys_defines;
+print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n";
+print OUT $openssl_algorithm_defines;
+print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n";
+print OUT $openssl_thread_defines;
+print OUT $openssl_other_defines,"\n";
+
+print OUT "/* The OPENSSL_NO_* macros are also defined as NO_* if the application\n";
+print OUT "   asks for it.  This is a transient feature that is provided for those\n";
+print OUT "   who haven't had the time to do the appropriate changes in their\n";
+print OUT "   applications.  */\n";
+print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n";
+print OUT $openssl_algorithm_defines_trans;
+print OUT "#endif\n\n";
+
 while (<IN>)
 	{
-	if	(/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/)
+	if	(/^#define\s+OPENSSLDIR/)
+		{ print OUT "#define OPENSSLDIR \"$openssldir\"\n"; }
+	elsif	(/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/)
+		{ printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n"
+			if $export_var_as_fn;
+		  printf OUT "#%s OPENSSL_EXPORT_VAR_AS_FUNCTION\n",
+			($export_var_as_fn)?"define":"undef"; }
+	elsif	(/^#define\s+OPENSSL_UNISTD/)
+		{
+		$unistd = "<unistd.h>" if $unistd eq "";
+		print OUT "#define OPENSSL_UNISTD $unistd\n";
+		}
+	elsif	(/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/)
 		{ printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; }
 	elsif	(/^#((define)|(undef))\s+SIXTY_FOUR_BIT/)
 		{ printf OUT "#%s SIXTY_FOUR_BIT\n",($b64)?"define":"undef"; }
@@ -402,38 +1425,10 @@ while (<IN>)
 		{ printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; }
 	elsif	(/^#((define)|(undef))\s+BN_LLONG\s*$/)
 		{ printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; }
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($bn,&file_old($bn));
-&Rename($n,$bn);
-
-(($in=$des) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($des);
-open(IN,"<".$in) || die "unable to read $des:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if	(/^\#define\s+DES_LONG\s+.*/)
+	elsif	(/^\#define\s+DES_LONG\s+.*/)
 		{ printf OUT "#define DES_LONG unsigned %s\n",
 			($des_int)?'int':'long'; }
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($des,&file_old($des));
-&Rename($n,$des);
-
-(($in=$des_locl) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($des_locl);
-open(IN,"<".$in) || die "unable to read $des_locl:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if	(/^\#(define|undef)\s+DES_PTR/)
+	elsif	(/^\#(define|undef)\s+DES_PTR/)
 		{ printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; }
 	elsif	(/^\#(define|undef)\s+DES_RISC1/)
 		{ printf OUT "#%s DES_RISC1\n",($des_risc1)?'define':'undef'; }
@@ -441,113 +1436,41 @@ while (<IN>)
 		{ printf OUT "#%s DES_RISC2\n",($des_risc2)?'define':'undef'; }
 	elsif	(/^\#(define|undef)\s+DES_UNROLL/)
 		{ printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; }
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($des_locl,&file_old($des_locl));
-&Rename($n,$des_locl);
-
-(($in=$rc4) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($rc4);
-open(IN,"<".$in) || die "unable to read $rc4:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if	(/^#define\s+RC4_INT\s/)
+	elsif	(/^#define\s+RC4_INT\s/)
 		{ printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; }
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($rc4,&file_old($rc4));
-&Rename($n,$rc4);
-
-(($in=$rc4_locl) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($rc4_locl);
-open(IN,"<".$in) || die "unable to read $rc4_locl:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if	(/^#((define)|(undef))\s+RC4_INDEX/)
+	elsif	(/^#undef\s+RC4_CHUNK/)
+		{
+		printf OUT "#undef RC4_CHUNK\n" if $rc4_chunk==0;
+		printf OUT "#define RC4_CHUNK unsigned long\n" if $rc4_chunk==1;
+		printf OUT "#define RC4_CHUNK unsigned long long\n" if $rc4_chunk==2;
+		}
+	elsif	(/^#((define)|(undef))\s+RC4_INDEX/)
 		{ printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; }
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($rc4_locl,&file_old($rc4_locl));
-&Rename($n,$rc4_locl);
-
-(($in=$md2) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($md2);
-open(IN,"<".$in) || die "unable to read $bn:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if	(/^#define\s+MD2_INT\s/)
+	elsif (/^#(define|undef)\s+I386_ONLY/)
+		{ printf OUT "#%s I386_ONLY\n", ($processor == 386)?
+			"define":"undef"; }
+	elsif	(/^#define\s+MD2_INT\s/)
 		{ printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; }
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($md2,&file_old($md2));
-&Rename($n,$md2);
-
-(($in=$idea) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($idea);
-open(IN,"<".$in) || die "unable to read $idea:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if	(/^#define\s+IDEA_INT\s/)
+	elsif	(/^#define\s+IDEA_INT\s/)
 		{printf OUT "#define IDEA_INT unsigned %s\n",$type[$idea_int];}
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($idea,&file_old($idea));
-&Rename($n,$idea);
-
-(($in=$rc2) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($rc2);
-open(IN,"<".$in) || die "unable to read $rc2:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if	(/^#define\s+RC2_INT\s/)
+	elsif	(/^#define\s+RC2_INT\s/)
 		{printf OUT "#define RC2_INT unsigned %s\n",$type[$rc2_int];}
-	else
-		{ print OUT $_; }
-	}
-close(IN);
-close(OUT);
-&Rename($rc2,&file_old($rc2));
-&Rename($n,$rc2);
-
-(($in=$bf) =~ s/\.([^.]+)/.$postfix/);
-$n=&file_new($bf);
-open(IN,"<".$in) || die "unable to read $bf:$!\n";
-open(OUT,">$n") || die "unable to read $n:$!\n";
-while (<IN>)
-	{
-	if (/^#(define|undef)\s+BF_PTR/)
+	elsif (/^#(define|undef)\s+BF_PTR/)
 		{
 		printf OUT "#undef BF_PTR\n" if $bf_ptr == 0;
 		printf OUT "#define BF_PTR\n" if $bf_ptr == 1;
 		printf OUT "#define BF_PTR2\n" if $bf_ptr == 2;
-		}
+	        }
 	else
 		{ print OUT $_; }
 	}
 close(IN);
 close(OUT);
-&Rename($bf,&file_old($bf));
-&Rename($n,$bf);
+rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
+rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
+
+
+# Fix the date
 
 print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l;
 print "SIXTY_FOUR_BIT mode\n" if $b64;
@@ -562,34 +1485,270 @@ print "DES_INT used\n" if $des_int;
 print "BN_LLONG mode\n" if $bn_ll;
 print "RC4 uses u$type[$rc4_int]\n" if $rc4_int != $def_int;
 print "RC4_INDEX mode\n" if $rc4_idx;
+print "RC4_CHUNK is undefined\n" if $rc4_chunk==0;
+print "RC4_CHUNK is unsigned long\n" if $rc4_chunk==1;
+print "RC4_CHUNK is unsigned long long\n" if $rc4_chunk==2;
 print "MD2 uses u$type[$md2_int]\n" if $md2_int != $def_int;
 print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int;
 print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int;
 print "BF_PTR used\n" if $bf_ptr == 1; 
 print "BF_PTR2 used\n" if $bf_ptr == 2; 
+
+if($IsWindows) {
+	open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
+	printf OUT <<EOF;
+#ifndef MK1MF_BUILD
+  /* auto-generated by Configure for crypto/cversion.c:
+   * for Unix builds, crypto/Makefile.ssl generates functional definitions;
+   * Windows builds (and other mk1mf builds) compile cversion.c with
+   * -DMK1MF_BUILD and use definitions added to this file by util/mk1mf.pl. */
+  #error "Windows builds (PLATFORM=$target) use mk1mf.pl-created Makefiles"
+#endif
+EOF
+	close(OUT);
+} else {
+	my $make_command = "make -f Makefile.ssl PERL=\'$perl\'";
+	my $make_targets = "";
+	$make_targets .= " links" if $symlink;
+	$make_targets .= " depend" if $depflags ne "" && $make_depend;
+	$make_targets .= " gentests" if $symlink;
+	(system $make_command.$make_targets) == 0 or exit $?
+		if $make_targets ne "";
+	if ( $perl =~ m@^/@) {
+	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+	    &dofile("apps/der_chop",$perl,'^#!/', '#!%s');
+	    &dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
+	} else {
+	    # No path for Perl known ...
+	    &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+	    &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
+	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
+	}
+	if ($depflags ne "" && !$make_depend) {
+		print <<EOF;
+
+Since you've disabled at least one algorithm, you need to do the following
+before building:
+
+	make depend
+EOF
+	}
+}
+
+# create the ms/version32.rc file if needed
+if ($IsWindows) {
+	my ($v1, $v2, $v3, $v4);
+	if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) {
+		$v1=hex $1;
+		$v2=hex $2;
+		$v3=hex $3;
+		$v4=hex $4;
+	}
+	open (OUT,">ms/version32.rc") || die "Can't open ms/version32.rc";
+	print OUT <<EOF;
+#include <winver.h>
+
+LANGUAGE 0x09,0x01
+
+1 VERSIONINFO
+  FILEVERSION $v1,$v2,$v3,$v4
+  PRODUCTVERSION $v1,$v2,$v3,$v4
+  FILEFLAGSMASK 0x3fL
+#ifdef _DEBUG
+  FILEFLAGS 0x01L
+#else
+  FILEFLAGS 0x00L
+#endif
+  FILEOS VOS__WINDOWS32
+  FILETYPE VFT_DLL
+  FILESUBTYPE 0x0L
+BEGIN
+    BLOCK "StringFileInfo"
+    BEGIN
+	BLOCK "040904b0"
+	BEGIN
+	    // Required:	    
+	    VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0"
+	    VALUE "FileDescription", "OpenSSL Shared Library\\0"
+	    VALUE "FileVersion", "$version\\0"
+#if defined(CRYPTO)
+	    VALUE "InternalName", "libeay32\\0"
+	    VALUE "OriginalFilename", "libeay32.dll\\0"
+#elif defined(SSL)
+	    VALUE "InternalName", "ssleay32\\0"
+	    VALUE "OriginalFilename", "ssleay32.dll\\0"
+#endif
+	    VALUE "ProductName", "The OpenSSL Toolkit\\0"
+	    VALUE "ProductVersion", "$version\\0"
+	    // Optional:
+	    //VALUE "Comments", "\\0"
+	    VALUE "LegalCopyright", "Copyright © 1998-2002 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
+	    //VALUE "LegalTrademarks", "\\0"
+	    //VALUE "PrivateBuild", "\\0"
+	    //VALUE "SpecialBuild", "\\0"
+	END
+    END
+    BLOCK "VarFileInfo"
+    BEGIN
+        VALUE "Translation", 0x409, 0x4b0
+    END
+END
+EOF
+	close(OUT);
+  }
+  
+print <<EOF;
+
+Configured for $target.
+EOF
+
+print <<\EOF if (!$no_threads && !$threads);
+
+The library could not be configured for supporting multi-threaded
+applications as the compiler options required on this system are not known.
+See file INSTALL for details if you need multi-threading.
+EOF
+
 exit(0);
 
-sub bad_target
+sub usage
 	{
-	print STDERR "Usage: Configure [-Dxxx] [-Lxxx] [-lxxx] os/compiler\n";
-	print STDERR "pick os/compiler from:";
-	$j=0;
+	print STDERR $usage;
+	print STDERR "\npick os/compiler from:\n";
+	my $j=0;
+	my $i;
+        my $k=0;
+	foreach $i (sort keys %table)
+		{
+		next if $i =~ /^debug/;
+		$k += length($i) + 1;
+		if ($k > 78)
+			{
+			print STDERR "\n";
+			$k=length($i);
+			}
+		print STDERR $i . " ";
+		}
 	foreach $i (sort keys %table)
 		{
-		next if /^b-/;
-		print STDERR "\n" if ($j++ % 4) == 0;
-		printf(STDERR "%-18s ",$i);
+		next if $i !~ /^debug/;
+		$k += length($i) + 1;
+		if ($k > 78)
+			{
+			print STDERR "\n";
+			$k=length($i);
+			}
+		print STDERR $i . " ";
+		}
+	print STDERR "\n\nNOTE: If in doubt, on Unix-ish systems use './config'.\n";
+	exit(1);
+	}
+
+sub which
+	{
+	my($name)=@_;
+	my $path;
+	foreach $path (split /:/, $ENV{PATH})
+		{
+		if (-f "$path/$name" and -x _)
+			{
+			return "$path/$name" unless ($name eq "perl" and
+			 system("$path/$name -e " . '\'exit($]<5.0);\''));
+			}
 		}
-	print STDERR "\n";
 	}
 
-sub Rename
+sub dofile
 	{
-	local($from,$to)=@_;
+	my $f; my $p; my %m; my @a; my $k; my $ff;
+	($f,$p,%m)=@_;
 
-	unlink($to);
-	rename($from,$to) || die "unable to rename $from to $to:$!\n";
+	open(IN,"<$f.in") || open(IN,"<$f") || die "unable to open $f:$!\n";
+	@a=<IN>;
+	close(IN);
+	foreach $k (keys %m)
+		{
+		grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)),@a);
+		}
+	open(OUT,">$f.new") || die "unable to open $f.new:$!\n";
+	print OUT @a;
+	close(OUT);
+	rename($f,"$f.bak") || die "unable to rename $f\n" if -e $f;
+	rename("$f.new",$f) || die "unable to rename $f.new\n";
+	}
+
+sub print_table_entry
+	{
+	my $target = shift;
+
+	(my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags,
+	my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
+	my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
+	my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
+	my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags)=
+	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+			
+	print <<EOF
+
+*** $target
+\$cc           = $cc
+\$cflags       = $cflags
+\$unistd       = $unistd
+\$thread_cflag = $thread_cflag
+\$sys_id       = $sys_id
+\$lflags       = $lflags
+\$bn_ops       = $bn_ops
+\$bn_obj       = $bn_obj
+\$des_obj      = $des_obj
+\$bf_obj       = $bf_obj
+\$md5_obj      = $md5_obj
+\$sha1_obj     = $sha1_obj
+\$cast_obj     = $cast_obj
+\$rc4_obj      = $rc4_obj
+\$rmd160_obj   = $rmd160_obj
+\$rc5_obj      = $rc5_obj
+\$dso_scheme   = $dso_scheme
+\$shared_target= $shared_target
+\$shared_cflag = $shared_cflag
+\$shared_ldflag = $shared_ldflag
+\$shared_extension = $shared_extension
+\$ranlib       = $ranlib
+\$arflags      = $arflags
+EOF
 	}
 
-sub file_new { local($a)=@_; $a =~ s/(\.[^.]+$|$)/.new/; $a; }
-sub file_old { local($a)=@_; $a =~ s/(\.[^.]+$|$)/.old/; $a; }
+sub test_sanity
+	{
+	my $errorcnt = 0;
+
+	print STDERR "=" x 70, "\n";
+	print STDERR "=== SANITY TESTING!\n";
+	print STDERR "=== No configuration will be done, all other arguments will be ignored!\n";
+	print STDERR "=" x 70, "\n";
+
+	foreach $target (sort keys %table)
+		{
+		@fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+
+		if ($fields[$idx_dso_scheme-1] =~ /^(dl|dlfcn|win32|vms)$/)
+			{
+			$errorcnt++;
+			print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
+			print STDERR "              in the previous field\n";
+			}
+		elsif ($fields[$idx_dso_scheme+1] =~ /^(dl|dlfcn|win32|vms)$/)
+			{
+			$errorcnt++;
+			print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
+			print STDERR "              in the following field\n";
+			}
+		elsif ($fields[$idx_dso_scheme] !~ /^(dl|dlfcn|win32|vms|)$/)
+			{
+			$errorcnt++;
+			print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] field = ",$fields[$idx_dso_scheme],"\n";
+			print STDERR "              valid values are 'dl', 'dlfcn', 'win32' and 'vms'\n";
+			}
+		}
+	print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
+	return $errorcnt;
+	}
diff --git a/FAQ b/FAQ
new file mode 100644
index 0000000000..2867ed0d36
--- /dev/null
+++ b/FAQ
@@ -0,0 +1,729 @@
+OpenSSL  -  Frequently Asked Questions
+--------------------------------------
+
+[MISC] Miscellaneous questions
+
+* Which is the current version of OpenSSL?
+* Where is the documentation?
+* How can I contact the OpenSSL developers?
+* Where can I get a compiled version of OpenSSL?
+* Why aren't tools like 'autoconf' and 'libtool' used?
+* What is an 'engine' version?
+* How do I check the authenticity of the OpenSSL distribution?
+
+[LEGAL] Legal questions
+
+* Do I need patent licenses to use OpenSSL?
+* Can I use OpenSSL with GPL software? 
+
+[USER] Questions on using the OpenSSL applications
+
+* Why do I get a "PRNG not seeded" error message?
+* Why do I get an "unable to write 'random state'" error message?
+* How do I create certificates or certificate requests?
+* Why can't I create certificate requests?
+* Why does <SSL program> fail with a certificate verify error?
+* Why can I only use weak ciphers when I connect to a server using OpenSSL?
+* How can I create DSA certificates?
+* Why can't I make an SSL connection using a DSA certificate?
+* How can I remove the passphrase on a private key?
+* Why can't I use OpenSSL certificates with SSL client authentication?
+* Why does my browser give a warning about a mismatched hostname?
+* How do I install a CA certificate into a browser?
+* Why is OpenSSL x509 DN output not conformant to RFC2253?
+
+[BUILD] Questions about building and testing OpenSSL
+
+* Why does the linker complain about undefined symbols?
+* Why does the OpenSSL test fail with "bc: command not found"?
+* Why does the OpenSSL test fail with "bc: 1 no implemented"?
+* Why does the OpenSSL test fail with "bc: stack empty"?
+* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
+* Why does the OpenSSL compilation fail with "ar: command not found"?
+* Why does the OpenSSL compilation fail on Win32 with VC++?
+* What is special about OpenSSL on Redhat?
+* Why does the OpenSSL compilation fail on MacOS X?
+* Why does the OpenSSL test suite fail on MacOS X?
+
+[PROG] Questions about programming with OpenSSL
+
+* Is OpenSSL thread-safe?
+* I've compiled a program under Windows and it crashes: why?
+* How do I read or write a DER encoded buffer using the ASN1 functions?
+* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
+* I've called <some function> and it fails, why?
+* I just get a load of numbers for the error output, what do they mean?
+* Why do I get errors about unknown algorithms?
+* Why can't the OpenSSH configure script detect OpenSSL?
+* Can I use OpenSSL's SSL library with non-blocking I/O?
+* Why doesn't my server application receive a client certificate?
+* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
+
+===============================================================================
+
+[MISC] ========================================================================
+
+* Which is the current version of OpenSSL?
+
+The current version is available from <URL: http://www.openssl.org>.
+OpenSSL 0.9.6h was released on December 5, 2002.
+
+In addition to the current stable release, you can also access daily
+snapshots of the OpenSSL development version at <URL:
+ftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access.
+
+
+* Where is the documentation?
+
+OpenSSL is a library that provides cryptographic functionality to
+applications such as secure web servers.  Be sure to read the
+documentation of the application you want to use.  The INSTALL file
+explains how to install this library.
+
+OpenSSL includes a command line utility that can be used to perform a
+variety of cryptographic functions.  It is described in the openssl(1)
+manpage.  Documentation for developers is currently being written.  A
+few manual pages already are available; overviews over libcrypto and
+libssl are given in the crypto(3) and ssl(3) manpages.
+
+The OpenSSL manpages are installed in /usr/local/ssl/man/ (or a
+different directory if you specified one as described in INSTALL).
+In addition, you can read the most current versions at
+<URL: http://www.openssl.org/docs/>.
+
+For information on parts of libcrypto that are not yet documented, you
+might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
+predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>.  Much
+of this still applies to OpenSSL.
+
+There is some documentation about certificate extensions and PKCS#12
+in doc/openssl.txt
+
+The original SSLeay documentation is included in OpenSSL as
+doc/ssleay.txt.  It may be useful when none of the other resources
+help, but please note that it reflects the obsolete version SSLeay
+0.6.6.
+
+
+* How can I contact the OpenSSL developers?
+
+The README file describes how to submit bug reports and patches to
+OpenSSL.  Information on the OpenSSL mailing lists is available from
+<URL: http://www.openssl.org>.
+
+
+* Where can I get a compiled version of OpenSSL?
+
+Some applications that use OpenSSL are distributed in binary form.
+When using such an application, you don't need to install OpenSSL
+yourself; the application will include the required parts (e.g. DLLs).
+
+If you want to install OpenSSL on a Windows system and you don't have
+a C compiler, read the "Mingw32" section of INSTALL.W32 for information
+on how to obtain and install the free GNU C compiler.
+
+A number of Linux and *BSD distributions include OpenSSL.
+
+
+* Why aren't tools like 'autoconf' and 'libtool' used?
+
+autoconf will probably be used in future OpenSSL versions. If it was
+less Unix-centric, it might have been used much earlier.
+
+* What is an 'engine' version?
+
+With version 0.9.6 OpenSSL was extended to interface to external crypto
+hardware. This was realized in a special release '0.9.6-engine'. With
+version 0.9.7 (not yet released) the changes were merged into the main
+development line, so that the special release is no longer necessary.
+
+* How do I check the authenticity of the OpenSSL distribution?
+
+We provide MD5 digests and ASC signatures of each tarball.
+Use MD5 to check that a tarball from a mirror site is identical:
+
+   md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
+
+You can check authenticity using pgp or gpg. You need the OpenSSL team
+member public key used to sign it (download it from a key server). Then
+just do:
+
+   pgp TARBALL.asc
+
+[LEGAL] =======================================================================
+
+* Do I need patent licenses to use OpenSSL?
+
+The patents section of the README file lists patents that may apply to
+you if you want to use OpenSSL.  For information on intellectual
+property rights, please consult a lawyer.  The OpenSSL team does not
+offer legal advice.
+
+You can configure OpenSSL so as not to use RC5 and IDEA by using
+ ./config no-rc5 no-idea
+
+
+* Can I use OpenSSL with GPL software?
+
+On many systems including the major Linux and BSD distributions, yes (the
+GPL does not place restrictions on using libraries that are part of the
+normal operating system distribution).
+
+On other systems, the situation is less clear. Some GPL software copyright
+holders claim that you infringe on their rights if you use OpenSSL with
+their software on operating systems that don't normally include OpenSSL.
+
+If you develop open source software that uses OpenSSL, you may find it
+useful to choose an other license than the GPL, or state explicitly that
+"This program is released under the GPL with the additional exemption that
+compiling, linking, and/or using OpenSSL is allowed."  If you are using
+GPL software developed by others, you may want to ask the copyright holder
+for permission to use their software with OpenSSL.
+
+
+[USER] ========================================================================
+
+* Why do I get a "PRNG not seeded" error message?
+
+Cryptographic software needs a source of unpredictable data to work
+correctly.  Many open source operating systems provide a "randomness
+device" that serves this purpose.  On other systems, applications have
+to call the RAND_add() or RAND_seed() function with appropriate data
+before generating keys or performing public key encryption.
+(These functions initialize the pseudo-random number generator, PRNG.)
+
+Some broken applications do not do this.  As of version 0.9.5, the
+OpenSSL functions that need randomness report an error if the random
+number generator has not been seeded with at least 128 bits of
+randomness.  If this error occurs, please contact the author of the
+application you are using.  It is likely that it never worked
+correctly.  OpenSSL 0.9.5 and later make the error visible by refusing
+to perform potentially insecure encryption.
+
+On systems without /dev/urandom and /dev/random, it is a good idea to
+use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
+details.  Starting with version 0.9.7, OpenSSL will automatically look
+for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
+/etc/entropy.
+
+Most components of the openssl command line utility automatically try
+to seed the random number generator from a file.  The name of the
+default seeding file is determined as follows: If environment variable
+RANDFILE is set, then it names the seeding file.  Otherwise if
+environment variable HOME is set, then the seeding file is $HOME/.rnd.
+If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
+use file .rnd in the current directory while OpenSSL 0.9.6a uses no
+default seeding file at all.  OpenSSL 0.9.6b and later will behave
+similarly to 0.9.6a, but will use a default of "C:\" for HOME on
+Windows systems if the environment variable has not been set.
+
+If the default seeding file does not exist or is too short, the "PRNG
+not seeded" error message may occur.
+
+The openssl command line utility will write back a new state to the
+default seeding file (and create this file if necessary) unless
+there was no sufficient seeding.
+
+Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
+Use the "-rand" option of the OpenSSL command line tools instead.
+The $RANDFILE environment variable and $HOME/.rnd are only used by the
+OpenSSL command line tools. Applications using the OpenSSL library
+provide their own configuration options to specify the entropy source,
+please check out the documentation coming the with application.
+
+For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
+installing the SUNski package from Sun patch 105710-01 (Sparc) which
+adds a /dev/random device and make sure it gets used, usually through
+$RANDFILE.  There are probably similar patches for the other Solaris
+versions.  An official statement from Sun with respect to /dev/random
+support can be found at
+  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
+However, be warned that /dev/random is usually a blocking device, which
+may have some effects on OpenSSL.
+A third party /dev/random solution for Solaris is available at
+  http://www.cosy.sbg.ac.at/~andi/
+
+
+* Why do I get an "unable to write 'random state'" error message?
+
+
+Sometimes the openssl command line utility does not abort with
+a "PRNG not seeded" error message, but complains that it is
+"unable to write 'random state'".  This message refers to the
+default seeding file (see previous answer).  A possible reason
+is that no default filename is known because neither RANDFILE
+nor HOME is set.  (Versions up to 0.9.6 used file ".rnd" in the
+current directory in this case, but this has changed with 0.9.6a.)
+
+
+* How do I create certificates or certificate requests?
+
+Check out the CA.pl(1) manual page. This provides a simple wrapper round
+the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
+out the manual pages for the individual utilities and the certificate
+extensions documentation (currently in doc/openssl.txt).
+
+
+* Why can't I create certificate requests?
+
+You typically get the error:
+
+	unable to find 'distinguished_name' in config
+	problems making Certificate Request
+
+This is because it can't find the configuration file. Check out the
+DIAGNOSTICS section of req(1) for more information.
+
+
+* Why does <SSL program> fail with a certificate verify error?
+
+This problem is usually indicated by log messages saying something like
+"unable to get local issuer certificate" or "self signed certificate".
+When a certificate is verified its root CA must be "trusted" by OpenSSL
+this typically means that the CA certificate must be placed in a directory
+or file and the relevant program configured to read it. The OpenSSL program
+'verify' behaves in a similar way and issues similar error messages: check
+the verify(1) program manual page for more information.
+
+
+* Why can I only use weak ciphers when I connect to a server using OpenSSL?
+
+This is almost certainly because you are using an old "export grade" browser
+which only supports weak encryption. Upgrade your browser to support 128 bit
+ciphers.
+
+
+* How can I create DSA certificates?
+
+Check the CA.pl(1) manual page for a DSA certificate example.
+
+
+* Why can't I make an SSL connection to a server using a DSA certificate?
+
+Typically you'll see a message saying there are no shared ciphers when
+the same setup works fine with an RSA certificate. There are two possible
+causes. The client may not support connections to DSA servers most web
+browsers (including Netscape and MSIE) only support connections to servers
+supporting RSA cipher suites. The other cause is that a set of DH parameters
+has not been supplied to the server. DH parameters can be created with the
+dhparam(1) command and loaded using the SSL_CTX_set_tmp_dh() for example:
+check the source to s_server in apps/s_server.c for an example.
+
+
+* How can I remove the passphrase on a private key?
+
+Firstly you should be really *really* sure you want to do this. Leaving
+a private key unencrypted is a major security risk. If you decide that
+you do have to do this check the EXAMPLES sections of the rsa(1) and
+dsa(1) manual pages.
+
+
+* Why can't I use OpenSSL certificates with SSL client authentication?
+
+What will typically happen is that when a server requests authentication
+it will either not include your certificate or tell you that you have
+no client certificates (Netscape) or present you with an empty list box
+(MSIE). The reason for this is that when a server requests a client
+certificate it includes a list of CAs names which it will accept. Browsers
+will only let you select certificates from the list on the grounds that
+there is little point presenting a certificate which the server will
+reject.
+
+The solution is to add the relevant CA certificate to your servers "trusted
+CA list". How you do this depends on the server software in uses. You can
+print out the servers list of acceptable CAs using the OpenSSL s_client tool:
+
+openssl s_client -connect www.some.host:443 -prexit
+
+If your server only requests certificates on certain URLs then you may need
+to manually issue an HTTP GET command to get the list when s_client connects:
+
+GET /some/page/needing/a/certificate.html
+
+If your CA does not appear in the list then this confirms the problem.
+
+
+* Why does my browser give a warning about a mismatched hostname?
+
+Browsers expect the server's hostname to match the value in the commonName
+(CN) field of the certificate. If it does not then you get a warning.
+
+
+* How do I install a CA certificate into a browser?
+
+The usual way is to send the DER encoded certificate to the browser as
+MIME type application/x-x509-ca-cert, for example by clicking on an appropriate
+link. On MSIE certain extensions such as .der or .cacert may also work, or you
+can import the certificate using the certificate import wizard.
+
+You can convert a certificate to DER form using the command:
+
+openssl x509 -in ca.pem -outform DER -out ca.der
+
+Occasionally someone suggests using a command such as:
+
+openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem
+
+DO NOT DO THIS! This command will give away your CAs private key and
+reduces its security to zero: allowing anyone to forge certificates in
+whatever name they choose.
+
+* Why is OpenSSL x509 DN output not conformant to RFC2253?
+
+The ways to print out the oneline format of the DN (Distinguished Name) have
+been extended in version 0.9.7 of OpenSSL. Using the new X509_NAME_print_ex()
+interface, the "-nameopt" option could be introduded. See the manual
+page of the "openssl x509" commandline tool for details. The old behaviour
+has however been left as default for the sake of compatibility.
+
+[BUILD] =======================================================================
+
+* Why does the linker complain about undefined symbols?
+
+Maybe the compilation was interrupted, and make doesn't notice that
+something is missing.  Run "make clean; make".
+
+If you used ./Configure instead of ./config, make sure that you
+selected the right target.  File formats may differ slightly between
+OS versions (for example sparcv8/sparcv9, or a.out/elf).
+
+In case you get errors about the following symbols, use the config
+option "no-asm", as described in INSTALL:
+
+ BF_cbc_encrypt, BF_decrypt, BF_encrypt, CAST_cbc_encrypt,
+ CAST_decrypt, CAST_encrypt, RC4, RC5_32_cbc_encrypt, RC5_32_decrypt,
+ RC5_32_encrypt, bn_add_words, bn_div_words, bn_mul_add_words,
+ bn_mul_comba4, bn_mul_comba8, bn_mul_words, bn_sqr_comba4,
+ bn_sqr_comba8, bn_sqr_words, bn_sub_words, des_decrypt3,
+ des_ede3_cbc_encrypt, des_encrypt, des_encrypt2, des_encrypt3,
+ des_ncbc_encrypt, md5_block_asm_host_order, sha1_block_asm_data_order
+
+If none of these helps, you may want to try using the current snapshot.
+If the problem persists, please submit a bug report.
+
+
+* Why does the OpenSSL test fail with "bc: command not found"?
+
+You didn't install "bc", the Unix calculator.  If you want to run the
+tests, get GNU bc from ftp://ftp.gnu.org or from your OS distributor.
+
+
+* Why does the OpenSSL test fail with "bc: 1 no implemented"?
+
+On some SCO installations or versions, bc has a bug that gets triggered
+when you run the test suite (using "make test").  The message returned is
+"bc: 1 not implemented".
+
+The best way to deal with this is to find another implementation of bc
+and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
+for download instructions) can be safely used, for example.
+
+
+* Why does the OpenSSL test fail with "bc: stack empty"?
+
+On some DG/ux versions, bc seems to have a too small stack for calculations
+that the OpenSSL bntest throws at it.  This gets triggered when you run the
+test suite (using "make test").  The message returned is "bc: stack empty".
+
+The best way to deal with this is to find another implementation of bc
+and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
+for download instructions) can be safely used, for example.
+
+
+* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
+
+On some Alpha installations running Tru64 Unix and Compaq C, the compilation
+of crypto/sha/sha_dgst.c fails with the message 'Fatal:  Insufficient virtual
+memory to continue compilation.'  As far as the tests have shown, this may be
+a compiler bug.  What happens is that it eats up a lot of resident memory
+to build something, probably a table.  The problem is clearly in the
+optimization code, because if one eliminates optimization completely (-O0),
+the compilation goes through (and the compiler consumes about 2MB of resident
+memory instead of 240MB or whatever one's limit is currently).
+
+There are three options to solve this problem:
+
+1. set your current data segment size soft limit higher.  Experience shows
+that about 241000 kbytes seems to be enough on an AlphaServer DS10.  You do
+this with the command 'ulimit -Sd nnnnnn', where 'nnnnnn' is the number of
+kbytes to set the limit to.
+
+2. If you have a hard limit that is lower than what you need and you can't
+get it changed, you can compile all of OpenSSL with -O0 as optimization
+level.  This is however not a very nice thing to do for those who expect to
+get the best result from OpenSSL.  A bit more complicated solution is the
+following:
+
+----- snip:start -----
+  make DIRS=crypto SDIRS=sha "`grep '^CFLAG=' Makefile.ssl | \
+       sed -e 's/ -O[0-9] / -O0 /'`"
+  rm `ls crypto/*.o crypto/sha/*.o | grep -v 'sha_dgst\.o'`
+  make
+----- snip:end -----
+
+This will only compile sha_dgst.c with -O0, the rest with the optimization
+level chosen by the configuration process.  When the above is done, do the
+test and installation and you're set.
+
+
+* Why does the OpenSSL compilation fail with "ar: command not found"?
+
+Getting this message is quite usual on Solaris 2, because Sun has hidden
+away 'ar' and other development commands in directories that aren't in
+$PATH by default.  One of those directories is '/usr/ccs/bin'.  The
+quickest way to fix this is to do the following (it assumes you use sh
+or any sh-compatible shell):
+
+----- snip:start -----
+  PATH=${PATH}:/usr/ccs/bin; export PATH
+----- snip:end -----
+
+and then redo the compilation.  What you should really do is make sure
+'/usr/ccs/bin' is permanently in your $PATH, for example through your
+'.profile' (again, assuming you use a sh-compatible shell).
+
+
+* Why does the OpenSSL compilation fail on Win32 with VC++?
+
+Sometimes, you may get reports from VC++ command line (cl) that it
+can't find standard include files like stdio.h and other weirdnesses.
+One possible cause is that the environment isn't correctly set up.
+To solve that problem, one should run VCVARS32.BAT which is found in
+the 'bin' subdirectory of the VC++ installation directory (somewhere
+under 'Program Files').  This needs to be done prior to running NMAKE,
+and the changes are only valid for the current DOS session.
+
+
+* What is special about OpenSSL on Redhat?
+
+Red Hat Linux (release 7.0 and later) include a preinstalled limited
+version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2
+is disabled in this version. The same may apply to other Linux distributions.
+Users may therefore wish to install more or all of the features left out.
+
+To do this you MUST ensure that you do not overwrite the openssl that is in
+/usr/bin on your Red Hat machine. Several packages depend on this file,
+including sendmail and ssh. /usr/local/bin is a good alternative choice. The
+libraries that come with Red Hat 7.0 onwards have different names and so are
+not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
+/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
+/lib/libcrypto.so.2 respectively).
+
+Please note that we have been advised by Red Hat attempting to recompile the
+openssl rpm with all the cryptography enabled will not work. All other
+packages depend on the original Red Hat supplied openssl package. It is also
+worth noting that due to the way Red Hat supplies its packages, updates to
+openssl on each distribution never change the package version, only the
+build number. For example, on Red Hat 7.1, the latest openssl package has
+version number 0.9.6 and build number 9 even though it contains all the
+relevant updates in packages up to and including 0.9.6b.
+
+A possible way around this is to persuade Red Hat to produce a non-US
+version of Red Hat Linux.
+
+FYI: Patent numbers and expiry dates of US patents:
+MDC-2: 4,908,861 13/03/2007
+IDEA:  5,214,703 25/05/2010
+RC5:   5,724,428 03/03/2015
+
+
+* Why does the OpenSSL compilation fail on MacOS X?
+
+If the failure happens when trying to build the "openssl" binary, with
+a large number of undefined symbols, it's very probable that you have
+OpenSSL 0.9.6b delivered with the operating system (you can find out by
+running '/usr/bin/openssl version') and that you were trying to build
+OpenSSL 0.9.7 or newer.  The problem is that the loader ('ld') in
+MacOS X has a misfeature that's quite difficult to go around.
+Look in the file PROBLEMS for a more detailed explanation and for possible
+solutions.
+
+
+* Why does the OpenSSL test suite fail on MacOS X?
+
+If the failure happens when running 'make test' and the RC4 test fails,
+it's very probable that you have OpenSSL 0.9.6b delivered with the
+operating system (you can find out by running '/usr/bin/openssl version')
+and that you were trying to build OpenSSL 0.9.6d.  The problem is that
+the loader ('ld') in MacOS X has a misfeature that's quite difficult to
+go around and has linked the programs "openssl" and the test programs
+with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the
+libraries you just built.
+Look in the file PROBLEMS for a more detailed explanation and for possible
+solutions.
+
+[PROG] ========================================================================
+
+* Is OpenSSL thread-safe?
+
+Yes (with limitations: an SSL connection may not concurrently be used
+by multiple threads).  On Windows and many Unix systems, OpenSSL
+automatically uses the multi-threaded versions of the standard
+libraries.  If your platform is not one of these, consult the INSTALL
+file.
+
+Multi-threaded applications must provide two callback functions to
+OpenSSL.  This is described in the threads(3) manpage.
+
+
+* I've compiled a program under Windows and it crashes: why?
+
+This is usually because you've missed the comment in INSTALL.W32.
+Your application must link against the same version of the Win32
+C-Runtime against which your openssl libraries were linked.  The
+default version for OpenSSL is /MD - "Multithreaded DLL".
+
+If you are using Microsoft Visual C++'s IDE (Visual Studio), in
+many cases, your new project most likely defaulted to "Debug
+Singlethreaded" - /ML.  This is NOT interchangeable with /MD and your
+program will crash, typically on the first BIO related read or write
+operation.
+
+For each of the six possible link stage configurations within Win32,
+your application must link  against the same by which OpenSSL was
+built.  If you are using MS Visual C++ (Studio) this can be changed
+by:
+
+1.  Select Settings... from the Project Menu.
+2.  Select the C/C++ Tab.
+3.  Select "Code Generation from the "Category" drop down list box
+4.  Select the Appropriate library (see table below) from the "Use
+    run-time library" drop down list box.  Perform this step for both
+    your debug and release versions of your application (look at the
+    top left of the settings panel to change between the two)
+
+    Single Threaded           /ML        -  MS VC++ often defaults to
+                                            this for the release
+                                            version of a new project.
+    Debug Single Threaded     /MLd       -  MS VC++ often defaults to
+                                            this for the debug version
+                                            of a new project.
+    Multithreaded             /MT
+    Debug Multithreaded       /MTd
+    Multithreaded DLL         /MD        -  OpenSSL defaults to this.
+    Debug Multithreaded DLL   /MDd
+
+Note that debug and release libraries are NOT interchangeable.  If you
+built OpenSSL with /MD your application must use /MD and cannot use /MDd.
+
+
+* How do I read or write a DER encoded buffer using the ASN1 functions?
+
+You have two options. You can either use a memory BIO in conjunction
+with the i2d_XXX_bio() or d2i_XXX_bio() functions or you can use the
+i2d_XXX(), d2i_XXX() functions directly. Since these are often the
+cause of grief here are some code fragments using PKCS7 as an example:
+
+unsigned char *buf, *p;
+int len;
+
+len = i2d_PKCS7(p7, NULL);
+buf = OPENSSL_malloc(len); /* or Malloc, error checking omitted */
+p = buf;
+i2d_PKCS7(p7, &p);
+
+At this point buf contains the len bytes of the DER encoding of
+p7.
+
+The opposite assumes we already have len bytes in buf:
+
+unsigned char *p;
+p = buf;
+p7 = d2i_PKCS7(NULL, &p, len);
+
+At this point p7 contains a valid PKCS7 structure of NULL if an error
+occurred. If an error occurred ERR_print_errors(bio) should give more
+information.
+
+The reason for the temporary variable 'p' is that the ASN1 functions
+increment the passed pointer so it is ready to read or write the next
+structure. This is often a cause of problems: without the temporary
+variable the buffer pointer is changed to point just after the data
+that has been read or written. This may well be uninitialized data
+and attempts to free the buffer will have unpredictable results
+because it no longer points to the same address.
+
+
+* I've tried using <M_some_evil_pkcs12_macro> and I get errors why?
+
+This usually happens when you try compiling something using the PKCS#12
+macros with a C++ compiler. There is hardly ever any need to use the
+PKCS#12 macros in a program, it is much easier to parse and create
+PKCS#12 files using the PKCS12_parse() and PKCS12_create() functions
+documented in doc/openssl.txt and with examples in demos/pkcs12. The
+'pkcs12' application has to use the macros because it prints out 
+debugging information.
+
+
+* I've called <some function> and it fails, why?
+
+Before submitting a report or asking in one of the mailing lists, you
+should try to determine the cause. In particular, you should call
+ERR_print_errors() or ERR_print_errors_fp() after the failed call
+and see if the message helps. Note that the problem may occur earlier
+than you think -- you should check for errors after every call where
+it is possible, otherwise the actual problem may be hidden because
+some OpenSSL functions clear the error state.
+
+
+* I just get a load of numbers for the error output, what do they mean?
+
+The actual format is described in the ERR_print_errors() manual page.
+You should call the function ERR_load_crypto_strings() before hand and
+the message will be output in text form. If you can't do this (for example
+it is a pre-compiled binary) you can use the errstr utility on the error
+code itself (the hex digits after the second colon).
+
+
+* Why do I get errors about unknown algorithms?
+
+This can happen under several circumstances such as reading in an
+encrypted private key or attempting to decrypt a PKCS#12 file. The cause
+is forgetting to load OpenSSL's table of algorithms with
+OpenSSL_add_all_algorithms(). See the manual page for more information.
+
+
+* Why can't the OpenSSH configure script detect OpenSSL?
+
+Several reasons for problems with the automatic detection exist.
+OpenSSH requires at least version 0.9.5a of the OpenSSL libraries.
+Sometimes the distribution has installed an older version in the system
+locations that is detected instead of a new one installed. The OpenSSL
+library might have been compiled for another CPU or another mode (32/64 bits).
+Permissions might be wrong.
+
+The general answer is to check the config.log file generated when running
+the OpenSSH configure script. It should contain the detailed information
+on why the OpenSSL library was not detected or considered incompatible.
+
+* Can I use OpenSSL's SSL library with non-blocking I/O?
+
+Yes; make sure to read the SSL_get_error(3) manual page!
+
+A pitfall to avoid: Don't assume that SSL_read() will just read from
+the underlying transport or that SSL_write() will just write to it --
+it is also possible that SSL_write() cannot do any useful work until
+there is data to read, or that SSL_read() cannot do anything until it
+is possible to send data.  One reason for this is that the peer may
+request a new TLS/SSL handshake at any time during the protocol,
+requiring a bi-directional message exchange; both SSL_read() and
+SSL_write() will try to continue any pending handshake.
+
+
+* Why doesn't my server application receive a client certificate?
+
+Due to the TLS protocol definition, a client will only send a certificate,
+if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
+SSL_CTX_set_verify() function to enable the use of client certificates.
+
+
+* Why does compilation fail due to an undefined symbol NID_uniqueIdentifier?
+
+For OpenSSL 0.9.7 the OID table was extended and corrected. In earlier
+versions, uniqueIdentifier was incorrectly used for X.509 certificates.
+The correct name according to RFC2256 (LDAP) is x500UniqueIdentifier.
+Change your code to use the new name when compiling against OpenSSL 0.9.7.
+
+
+===============================================================================
+
diff --git a/HISTORY b/HISTORY
deleted file mode 100644
index 7712100038..0000000000
--- a/HISTORY
+++ /dev/null
@@ -1,316 +0,0 @@
-16-Mar-98
-	- Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
-	- Lots and lots of changes
-
-29-Jan-98
-	- ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
-	  Goetz Babin-Ebell <babinebell@trustcenter.de>.
-	- SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
-	  TLS1_VERSION.
-
-7-Jan-98
-	- Finally reworked the cipher string to ciphers again, so it
-	  works correctly
-	- All the app_data stuff is now ex_data with funcion calls to access.
-	  The index is supplied by a function and 'methods' can be setup
-	  for the types that are called on XXX_new/XXX_free.  This lets
-	  applications get notified on creation and destruction.  Some of
-	  the RSA methods could be implemented this way and I may do so.
-	- Oh yes, SSL under perl5 is working at the basic level.
-
-15-Dec-97
-	- Warning - the gethostbyname cache is not fully thread safe,
-	  but it should work well enough.
-	- Major internal reworking of the app_data stuff.  More functions
-	  but if you were accessing ->app_data directly, things will
-	  stop working.
-	- The perlv5 stuff is working.  Currently on message digests,
-	  ciphers and the bignum library.
-
-9-Dec-97
-	- Modified re-negotiation so that server initated re-neg
-	  will cause a SSL_read() to return -1 should retry.
-	  The danger otherwise was that the server and the
-	  client could end up both trying to read when using non-blocking
-	  sockets.
-
-4-Dec-97
-	- Lots of small changes
-	- Fix for binaray mode in Windows for the FILE BIO, thanks to
-	  Bob Denny <rdenny@dc3.com>
-
-17-Nov-97
-	- Quite a few internal cleanups, (removal of errno, and using macros
-	  defined in e_os.h).
-	- A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
-	  the automactic naming out output files was being stuffed up.
-
-29-Oct-97
-	- The Cast5 cipher has been added.  MD5 and SHA-1 are now in assember
-	  for x86.
-
-21-Oct-97
-	- Fixed a bug in the BIO_gethostbyname() cache.
-
-15-Oct-97
-	- cbc mode for blowfish/des/3des is now in assember.  Blowfish asm
-	  has also been improved.  At this point in time, on the pentium,
-	  md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
-	  des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
-	  is %62 faster.
-
-12-Oct-97
-	- MEM_BUF_grow() has been fixed so that it always sets the buf->length
-	  to the value we are 'growing' to.  Think of MEM_BUF_grow() as the
-	  way to set the length value correctly.
-
-10-Oct-97
-	- I now hash for certificate lookup on the raw DER encoded RDN (md5).
-	  This breaks things again :-(.  This is efficent since I cache
-	  the DER encoding of the RDN.
-	- The text DN now puts in the numeric OID instead of UNKNOWN.
-	- req can now process arbitary OIDs in the config file.
-	- I've been implementing md5 in x86 asm, much faster :-).
-	- Started sha1 in x86 asm, needs more work.
-	- Quite a few speedups in the BN stuff.  RSA public operation
-	  has been made faster by caching the BN_MONT_CTX structure.
-	  The calulating of the Ai where A*Ai === 1 mod m was rather
-	  expensive.  Basically a 40-50% speedup on public operations.
-	  The RSA speedup is now 15% on pentiums and %20 on pentium
-	  pro.
-
-30-Sep-97
-	- After doing some profiling, I added x86 adm for bn_add_words(),
-	  which just adds 2 arrays of longs together.  A %10 speedup
-	  for 512 and 1024 bit RSA on the pentium pro.
-
-29-Sep-97
-	- Converted the x86 bignum assembler to us the perl scripts
-	  for generation.
-
-23-Sep-97
-	- If SSL_set_session() is passed a NULL session, it now clears the
-	  current session-id.
-
-22-Sep-97
-	- Added a '-ss_cert file' to apps/ca.c.  This will sign selfsigned
-	  certificates.
-	- Bug in crypto/evp/encode.c where by decoding of 65 base64
-	  encoded lines, one line at a time (via a memory BIO) would report
-	  EOF after the first line was decoded.
-	- Fix in X509_find_by_issuer_and_serial() from
-	  Dr Stephen Henson <shenson@bigfoot.com>
-
-19-Sep-97
-	- NO_FP_API and NO_STDIO added.
-	- Put in sh config command.  It auto runs Configure with the correct
-	  parameters.
-
-18-Sep-97
-	- Fix x509.c so if a DSA cert has different parameters to its parent,
-	  they are left in place.  Not tested yet.
-
-16-Sep-97
-	- ssl_create_cipher_list() had some bugs, fixes from
-	  Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
-	- Fixed a bug in the Base64 BIO, where it would return 1 instead
-	  of -1 when end of input was encountered but should retry.
-	  Basically a Base64/Memory BIO interaction problem.
-	- Added a HMAC set of functions in preporarion for TLS work.
-
-15-Sep-97
-	- Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
-	- Prime generation spead up %25 (512 bit prime, pentium pro linux)
-	  by using montgomery multiplication in the prime number test.
-
-11-Sep-97
-	- Ugly bug in ssl3_write_bytes().  Basically if application land
-	  does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
-	  did not check the size and tried to copy the entire buffer.
-	  This would tend to cause memory overwrites since SSLv3 has
-	  a maximum packet size of 16k.  If your program uses
-	  buffers <= 16k, you would probably never see this problem.
-	- Fixed a new errors that were cause by malloc() not returning
-	  0 initialised memory..
-	- SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
-	  SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
-	  since this flags stops SSLeay being able to handle client
-	  cert requests correctly.
-
-08-Sep-97
-	- SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added.  When switched
-	  on, the SSL server routines will not use a SSL_SESSION that is
-	  held in it's cache.  This in intended to be used with the session-id
-	  callbacks so that while the session-ids are still stored in the
-	  cache, the decision to use them and how to look them up can be
-	  done by the callbacks.  The are the 'new', 'get' and 'remove'
-	  callbacks.  This can be used to determine the session-id
-	  to use depending on information like which port/host the connection
-	  is coming from.  Since the are also SSL_SESSION_set_app_data() and
-	  SSL_SESSION_get_app_data() functions, the application can hold
-	  information against the session-id as well.
-
-03-Sep-97
-	- Added lookup of CRLs to the by_dir method,
-	  X509_load_crl_file() also added.  Basically it means you can
-	  lookup CRLs via the same system used to lookup certificates.
-	- Changed things so that the X509_NAME structure can contain
-	  ASN.1 BIT_STRINGS which is required for the unique
-	  identifier OID.
-	- Fixed some problems with the auto flushing of the session-id
-	  cache.  It was not occuring on the server side.
-
-02-Sep-97
-	- Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
-	  which is the maximum number of entries allowed in the
-	  session-id cache.  This is enforced with a simple FIFO list.
-	  The default size is 20*1024 entries which is rather large :-).
-	  The Timeout code is still always operating.
-
-01-Sep-97
-	- Added an argument to all the 'generate private key/prime`
-	  callbacks.  It is the last parameter so this should not
-	  break existing code but it is needed for C++.
-	- Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
-	  BIO.  This lets the BIO read and write base64 encoded data
-	  without inserting or looking for '\n' characters.  The '-A'
-	  flag turns this on when using apps/enc.c.
-	- RSA_NO_PADDING added to help BSAFE functionality.  This is a
-	  very dangerous thing to use, since RSA private key
-	  operations without random padding bytes (as PKCS#1 adds) can
-	  be attacked such that the private key can be revealed.
-	- ASN.1 bug and rc2-40-cbc and rc4-40 added by
-	  Dr Stephen Henson <shenson@bigfoot.com>
-
-31-Aug-97 (stuff added while I was away)	
-	- Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
-	- RSA_flags() added allowing bypass of pub/priv match check
-	  in ssl/ssl_rsa.c - Tim Hudson.
-	- A few minor bugs.
-
-SSLeay 0.8.1 released.
-
-19-Jul-97
-	- Server side initated dynamic renegotiation is broken.  I will fix
-	  it when I get back from holidays.
-
-15-Jul-97
-	- Quite a few small changes.
-	- INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
-
-09-Jul-97
-	- Added 2 new values to the SSL info callback.
-	  SSL_CB_START which is passed when the SSL protocol is started
-	  and SSL_CB_DONE when it has finished sucsessfully.
-
-08-Jul-97
-	- Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
-	  that related to DSA public/private keys.
-	- Added all the relevent PEM and normal IO functions to support
-	  reading and writing RSAPublic keys.
-	- Changed makefiles to use ${AR} instead of 'ar r'
-
-07-Jul-97
-	- Error in ERR_remove_state() that would leave a dangling reference
-	  to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
-	- s_client now prints the X509_NAMEs passed from the server
-	  when requesting a client cert.
-	- Added a ssl->type, which is one of SSL_ST_CONNECT or
-	  SSL_ST_ACCEPT.  I had to add it so I could tell if I was
-	  a connect or an accept after the handshake had finished.
-	- SSL_get_client_CA_list(SSL *s) now returns the CA names
-	  passed by the server if called by a client side SSL.
-
-05-Jul-97
-	- Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
-	  0, not -1 :-(  Fix from Tim Hudson (tjh@cryptsoft.com).
-
-04-Jul-97
-	- Fixed some things in X509_NAME_add_entry(), thanks to
-	  Matthew Donald <matthew@world.net>.
-	- I had a look at the cipher section and though that it was a
-	  bit confused, so I've changed it.
-	- I was not setting up the RC4-64-MD5 cipher correctly.  It is
-	  a MS special that appears in exported MS Money.
-	- Error in all my DH ciphers.  Section 7.6.7.3 of the SSLv3
-	  spec.  I was missing the two byte length header for the
-	  ClientDiffieHellmanPublic value.  This is a packet sent from
-	  the client to the server.  The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
-	  option will enable SSLeay server side SSLv3 accept either
-	  the correct or my 080 packet format.
-	- Fixed a few typos in crypto/pem.org.
-
-02-Jul-97
-	- Alias mapping for EVP_get_(digest|cipher)byname is now
-	  performed before a lookup for actual cipher.  This means
-	  that an alias can be used to 're-direct' a cipher or a
-	  digest.
-	- ASN1_read_bio() had a bug that only showed up when using a
-	  memory BIO.  When EOF is reached in the memory BIO, it is
-	  reported as a -1 with BIO_should_retry() set to true.
-
-01-Jul-97
-	- Fixed an error in X509_verify_cert() caused by my
-	  miss-understanding how 'do { contine } while(0);' works.
-	  Thanks to Emil Sit <sit@mit.edu> for educating me :-)
-
-30-Jun-97
-	- Base64 decoding error.  If the last data line did not end with
-	  a '=', sometimes extra data would be returned.
-	- Another 'cut and paste' bug in x509.c related to setting up the
-	  STDout BIO.
-
-27-Jun-97
-	- apps/ciphers.c was not printing due to an editing error.
-	- Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
-	  a library build error in util/mk1mf.pl
-
-26-Jun-97
-	- Still did not have the auto 'experimental' code removal
-	  script correct.
-	- A few header tweaks for Watcom 11.0 under Win32 from
-	  Rolf Lindemann <Lindemann@maz-hh.de>
-	- 0 length OCTET_STRING bug in asn1_parse
-	- A minor fix with an non-existent function in the MS .def files.
-	- A few changes to the PKCS7 stuff.
-
-25-Jun-97
-	SSLeay 0.8.0 finally it gets released.
-
-24-Jun-97
-	Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
-	use a temporary RSA key.  This is experimental and needs some more work.
-	Fixed a few Win16 build problems.
-
-23-Jun-97
-	SSLv3 bug. I was not doing the 'lookup' of the CERT structure
-	correctly. I was taking the SSL->ctx->default_cert when I should
-	have been using SSL->cert. The bug was in ssl/s3_srvr.c
-
-20-Jun-97
-	X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
-	rest of the library. Even though I had the code required to do
-	it correctly, apps/req.c was doing the wrong thing.  I have fixed
-	and tested everything.
-
-	Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
-
-19-Jun-97
-	Fixed a bug in the SSLv2 server side first packet handling. When
-	using the non-blocking test BIO, the ssl->s2->first_packet flag
-	was being reset when a would-block failure occurred when reading
-	the first 5 bytes of the first packet. This caused the checking
-	logic to run at the wrong time and cause an error.
-
-	Fixed a problem with specifying cipher. If RC4-MD5 were used,
-	only the SSLv3 version would be picked up.  Now this will pick
-	up both SSLv2 and SSLv3 versions. This required changing the
-	SSL_CIPHER->mask values so that they only mask the ciphers,
-	digests, authentication, export type and key-exchange algorithms.
-
-	I found that when a SSLv23 session is established, a reused
-	session, of type SSLv3 was attempting to write the SSLv2 
-	ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char 
-	method has been modified so it will only write out cipher which
-	that method knows about.  
-
diff --git a/HISTORY.090 b/HISTORY.090
deleted file mode 100644
index b7bbb5e5fd..0000000000
--- a/HISTORY.090
+++ /dev/null
@@ -1,7 +0,0 @@
--	A minor bug in ssl/s3_clnt.c where there would always be 4 0 bytes
-	sent in the client random, thanks to 
-	Edward Bishop <ebishop@spyglass.com>
--	Changed some BIGNUM api stuff.
-
--	I Deleted the HISTORY.090 I was working on and when I found out, it was
-	permanently gone :-(
diff --git a/INSTALL b/INSTALL
index 2cddfb93e6..63c88523c3 100644
--- a/INSTALL
+++ b/INSTALL
@@ -1,133 +1,310 @@
-# Installation of SSLeay.
-# It depends on perl for a few bits but those steps can be skipped and
-# the top level makefile edited by hand
-
-# When bringing the SSLeay distribution back from the evil intel world
-# of Windows NT, do the following to make it nice again under unix :-)
-# You don't normally need to run this.
-sh util/fixNT.sh	# This only works for NT now - eay - 21-Jun-1996
-
-# If you have perl, and it is not in /usr/local/bin, you can run
-perl util/perlpath.pl /new/path
-# and this will fix the paths in all the scripts.  DO NOT put
-# /new/path/perl, just /new/path. The build
-# environment always run scripts as 'perl perlscript.pl' but some of the
-# 'applications' are easier to usr with the path fixed.
-
-# Edit crypto/cryptlib.h, tools/c_rehash, and Makefile.ssl
-# to set the install locations if you don't like
-# the default location of /usr/local/ssl
-# Do this by running
-perl util/ssldir.pl /new/ssl/home
-# if you have perl, or by hand if not.
-
-# If things have been stuffed up with the sym links, run
-make -f Makefile.ssl links
-# This will re-populate lib/include with symlinks and for each
-# directory, link Makefile to Makefile.ssl
-
-# Setup the machine dependent stuff for the top level makefile
-# and some select .h files
-# If you don't have perl, this will bomb, in which case just edit the
-# top level Makefile.ssl
-./Configure 'system type'
-
-# The 'Configure' command contains default configuration parameters
-# for lots of machines.  Configure edits 5 lines in the top level Makefile
-# It modifies the following values in the following files
-Makefile.ssl		CC CFLAG EX_LIBS BN_MULW
-crypto/des/des.h	DES_LONG
-crypto/des/des_locl.h	DES_PTR
-crypto/md2/md2.h	MD2_INT
-crypto/rc4/rc4.h	RC4_INT
-crypto/rc4/rc4_enc.c	RC4_INDEX
-crypto/rc2/rc2.h	RC2_INT
-crypto/bf/bf_locl.h	BF_INT
-crypto/idea/idea.h	IDEA_INT
-crypto/bn/bn.h		BN_LLONG (and defines one of SIXTY_FOUR_BIT,
-				  SIXTY_FOUR_BIT_LONG, THIRTY_TWO_BIT,
-				  SIXTEEN_BIT or EIGHT_BIT)
-Please remember that all these files are actually copies of the file with
-a .org extention.  So if you change crypto/des/des.h, the next time
-you run Configure, it will be runover by a 'configured' version of
-crypto/des/des.org.  So to make the changer the default, change the .org
-files.  The reason these files have to be edited is because most of
-these modifications change the size of fundamental data types.
-While in theory this stuff is optional, it often makes a big
-difference in performance and when using assember, it is importaint
-for the 'Bignum bits' match those required by the assember code.
-A warning for people using gcc with sparc cpu's.  Gcc needs the -mv8
-flag to use the hardware multiply instruction which was not present in
-earlier versions of the sparc CPU.  I define it by default.  If you
-have an old sparc, and it crashes, try rebuilding with this flag
-removed.  I am leaving this flag on by default because it makes
-things run 4 times faster :-)
-
-# clean out all the old stuff
-make clean
-
-# Do a make depend only if you have the makedepend command installed
-# This is not needed but it does make things nice when developing.
-make depend
-
-# make should build everything
-make
-
-# fix up the demo certificate hash directory if it has been stuffed up.
-make rehash
-
-# test everything
-make test
-
-# install the lot
-make install
-
-# It is worth noting that all the applications are built into the one
-# program, ssleay, which is then has links from the other programs
-# names to it.
-# The applicatons can be built by themselves, just don't define the
-# 'MONOLITH' flag.  So to build the 'enc' program stand alone,
-gcc -O2 -Iinclude apps/enc.c apps/apps.c libcrypto.a
-
-# Other useful make options are
-make makefile.one
-# which generate a 'makefile.one' file which will build the complete
-# SSLeay distribution with temp. files in './tmp' and 'installable' files
-# in './out'
-
-# Have a look at running
-perl util/mk1mf.pl help
-# this can be used to generate a single makefile and is about the only
-# way to generate makefiles for windows.
-
-# There is actually a final way of building SSLeay.
-gcc -O2 -c -Icrypto -Iinclude crypto/crypto.c
-gcc -O2 -c -Issl -Iinclude ssl/ssl.c
-# and you now have the 2 libraries as single object files :-).
-# If you want to use the assember code for your particular platform
-# (DEC alpha/x86 are the main ones, the other assember is just the
-# output from gcc) you will need to link the assember with the above generated
-# object file and also do the above compile as
-gcc -O2 -DBN_ASM -c -Icrypto -Iinclude crypto/crypto.c
-
-This last option is probably the best way to go when porting to another
-platform or building shared libraries.  It is not good for development so
-I don't normally use it.
-
-To build shared libararies under unix, have a look in shlib, basically 
-you are on your own, but it is quite easy and all you have to do
-is compile 2 (or 3) files.
-
-For mult-threading, have a read of doc/threads.doc.  Again it is quite
-easy and normally only requires some extra callbacks to be defined
-by the application.
-The examples for solaris and windows NT/95 are in the mt directory.
-
-have fun
-
-eric 25-Jun-1997
-
-IRIX 5.x will build as a 32 bit system with mips1 assember.
-IRIX 6.x will build as a 64 bit system with mips3 assember.  It conforms
-to n32 standards. In theory you can compile the 64 bit assember under
-IRIX 5.x but you will have to have the correct system software installed.
+
+ INSTALLATION ON THE UNIX PLATFORM
+ ---------------------------------
+
+ [Installation on DOS (with djgpp), Windows, OpenVMS and MacOS (before MacOS X)
+  is described in INSTALL.DJGPP, INSTALL.W32, INSTALL.VMS and INSTALL.MacOS.
+  This document describes installation on operating systems in the Unix
+  family.]
+
+ To install OpenSSL, you will need:
+
+  * make
+  * Perl 5
+  * an ANSI C compiler
+  * a development environment in form of development libraries and C
+    header files
+  * a supported Unix operating system
+
+ Quick Start
+ -----------
+
+ If you want to just get on with it, do:
+
+  $ ./config
+  $ make
+  $ make test
+  $ make install
+
+ [If any of these steps fails, see section Installation in Detail below.]
+
+ This will build and install OpenSSL in the default location, which is (for
+ historical reasons) /usr/local/ssl. If you want to install it anywhere else,
+ run config like this:
+
+  $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
+
+
+ Configuration Options
+ ---------------------
+
+ There are several options to ./config (or ./Configure) to customize
+ the build:
+
+  --prefix=DIR  Install in DIR/bin, DIR/lib, DIR/include/openssl.
+	        Configuration files used by OpenSSL will be in DIR/ssl
+                or the directory specified by --openssldir.
+
+  --openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
+                the library files and binaries are also installed there.
+
+  no-threads    Don't try to build with support for multi-threaded
+                applications.
+
+  threads       Build with support for multi-threaded applications.
+                This will usually require additional system-dependent options!
+                See "Note on multi-threading" below.
+
+  no-zlib       Don't try to build with support for zlib compression and
+                decompression.
+
+  zlib          Build with support for zlib compression/decompression.
+
+  zlib-dynamic  Like "zlib", but has OpenSSL load the zlib library dynamically
+                when needed.  This is only supported on systems where loading
+                of shared libraries is supported.  This is the default choice.
+
+  no-shared     Don't try to create shared libraries.
+
+  shared        In addition to the usual static libraries, create shared
+                libraries on platforms where it's supported.  See "Note on
+                shared libraries" below.
+
+  no-asm        Do not use assembler code.
+
+  386           Use the 80386 instruction set only (the default x86 code is
+                more efficient, but requires at least a 486).
+
+  no-<cipher>   Build without the specified cipher (bf, cast, des, dh, dsa,
+                hmac, md2, md5, mdc2, rc2, rc4, rc5, rsa, sha).
+                The crypto/<cipher> directory can be removed after running
+                "make depend".
+
+  -Dxxx, -lxxx, -Lxxx, -fxxx, -Kxxx These system specific options will
+                be passed through to the compiler to allow you to
+                define preprocessor symbols, specify additional libraries,
+                library directories or other compiler options.
+
+
+ Installation in Detail
+ ----------------------
+
+ 1a. Configure OpenSSL for your operation system automatically:
+
+       $ ./config [options]
+
+     This guesses at your operating system (and compiler, if necessary) and
+     configures OpenSSL based on this guess. Run ./config -t to see
+     if it guessed correctly. If you want to use a different compiler, you
+     are cross-compiling for another platform, or the ./config guess was
+     wrong for other reasons, go to step 1b. Otherwise go to step 2.
+
+     On some systems, you can include debugging information as follows:
+
+       $ ./config -d [options]
+
+ 1b. Configure OpenSSL for your operating system manually
+
+     OpenSSL knows about a range of different operating system, hardware and
+     compiler combinations. To see the ones it knows about, run
+
+       $ ./Configure
+
+     Pick a suitable name from the list that matches your system. For most
+     operating systems there is a choice between using "cc" or "gcc".  When
+     you have identified your system (and if necessary compiler) use this name
+     as the argument to ./Configure. For example, a "linux-elf" user would
+     run:
+
+       $ ./Configure linux-elf [options]
+
+     If your system is not available, you will have to edit the Configure
+     program and add the correct configuration for your system. The
+     generic configurations "cc" or "gcc" should usually work on 32 bit
+     systems.
+
+     Configure creates the file Makefile.ssl from Makefile.org and
+     defines various macros in crypto/opensslconf.h (generated from
+     crypto/opensslconf.h.in).
+
+  2. Build OpenSSL by running:
+
+       $ make
+
+     This will build the OpenSSL libraries (libcrypto.a and libssl.a) and the
+     OpenSSL binary ("openssl"). The libraries will be built in the top-level
+     directory, and the binary will be in the "apps" directory.
+
+     If "make" fails, look at the output.  There may be reasons for
+     the failure that aren't problems in OpenSSL itself (like missing
+     standard headers).  If it is a problem with OpenSSL itself, please
+     report the problem to <openssl-bugs@openssl.org> (note that your
+     message will be recorded in the request tracker publicly readable
+     via http://www.openssl.org/rt2.html and will be forwarded to a public
+     mailing list). Include the output of "make report" in your message.
+     Please check out the request tracker. Maybe the bug was already
+     reported or has already been fixed.
+
+     [If you encounter assembler error messages, try the "no-asm"
+     configuration option as an immediate fix.]
+
+     Compiling parts of OpenSSL with gcc and others with the system
+     compiler will result in unresolved symbols on some systems.
+
+  3. After a successful build, the libraries should be tested. Run:
+
+       $ make test
+
+     If a test fails, look at the output.  There may be reasons for
+     the failure that isn't a problem in OpenSSL itself (like a missing
+     or malfunctioning bc).  If it is a problem with OpenSSL itself,
+     try removing any compiler optimization flags from the CFLAGS line
+     in Makefile.ssl and run "make clean; make". Please send a bug
+     report to <openssl-bugs@openssl.org>, including the output of
+     "make report" in order to be added to the request tracker at
+     http://www.openssl.org/rt2.html.
+
+  4. If everything tests ok, install OpenSSL with
+
+       $ make install
+
+     This will create the installation directory (if it does not exist) and
+     then the following subdirectories:
+
+       certs           Initially empty, this is the default location
+                       for certificate files.
+       man/man1        Manual pages for the 'openssl' command line tool
+       man/man3        Manual pages for the libraries (very incomplete)
+       misc            Various scripts.
+       private         Initially empty, this is the default location
+                       for private key files.
+
+     If you didn't choose a different installation prefix, the
+     following additional subdirectories will be created:
+
+       bin             Contains the openssl binary and a few other 
+                       utility programs. 
+       include/openssl Contains the header files needed if you want to
+                       compile programs with libcrypto or libssl.
+       lib             Contains the OpenSSL library files themselves.
+
+     Package builders who want to configure the library for standard
+     locations, but have the package installed somewhere else so that
+     it can easily be packaged, can use
+
+       $ make INSTALL_PREFIX=/tmp/package-root install
+
+     (or specify "--install_prefix=/tmp/package-root" as a configure
+     option).  The specified prefix will be prepended to all
+     installation target filenames.
+
+
+  NOTE: The header files used to reside directly in the include
+  directory, but have now been moved to include/openssl so that
+  OpenSSL can co-exist with other libraries which use some of the
+  same filenames.  This means that applications that use OpenSSL
+  should now use C preprocessor directives of the form
+
+       #include <openssl/ssl.h>
+
+  instead of "#include <ssl.h>", which was used with library versions
+  up to OpenSSL 0.9.2b.
+
+  If you install a new version of OpenSSL over an old library version,
+  you should delete the old header files in the include directory.
+
+  Compatibility issues:
+
+  *  COMPILING existing applications
+
+     To compile an application that uses old filenames -- e.g.
+     "#include <ssl.h>" --, it will usually be enough to find
+     the CFLAGS definition in the application's Makefile and
+     add a C option such as
+
+          -I/usr/local/ssl/include/openssl
+
+     to it.
+
+     But don't delete the existing -I option that points to
+     the ..../include directory!  Otherwise, OpenSSL header files
+     could not #include each other.
+
+  *  WRITING applications
+
+     To write an application that is able to handle both the new
+     and the old directory layout, so that it can still be compiled
+     with library versions up to OpenSSL 0.9.2b without bothering
+     the user, you can proceed as follows:
+
+     -  Always use the new filename of OpenSSL header files,
+        e.g. #include <openssl/ssl.h>.
+
+     -  Create a directory "incl" that contains only a symbolic
+        link named "openssl", which points to the "include" directory
+        of OpenSSL.
+        For example, your application's Makefile might contain the
+        following rule, if OPENSSLDIR is a pathname (absolute or
+        relative) of the directory where OpenSSL resides:
+
+        incl/openssl:
+        	-mkdir incl
+        	cd $(OPENSSLDIR) # Check whether the directory really exists
+        	-ln -s `cd $(OPENSSLDIR); pwd`/include incl/openssl
+
+        You will have to add "incl/openssl" to the dependencies
+        of those C files that include some OpenSSL header file.
+
+     -  Add "-Iincl" to your CFLAGS.
+
+     With these additions, the OpenSSL header files will be available
+     under both name variants if an old library version is used:
+     Your application can reach them under names like <openssl/foo.h>,
+     while the header files still are able to #include each other
+     with names of the form <foo.h>.
+
+
+ Note on multi-threading
+ -----------------------
+
+ For some systems, the OpenSSL Configure script knows what compiler options
+ are needed to generate a library that is suitable for multi-threaded
+ applications.  On these systems, support for multi-threading is enabled
+ by default; use the "no-threads" option to disable (this should never be
+ necessary).
+
+ On other systems, to enable support for multi-threading, you will have
+ to specify at least two options: "threads", and a system-dependent option.
+ (The latter is "-D_REENTRANT" on various systems.)  The default in this
+ case, obviously, is not to include support for multi-threading (but
+ you can still use "no-threads" to suppress an annoying warning message
+ from the Configure script.)
+
+
+ Note on shared libraries
+ ------------------------
+
+ Shared library is currently an experimental feature.  The only reason to
+ have them would be to conserve memory on systems where several program
+ are using OpenSSL.  Binary backward compatibility can't be guaranteed
+ before OpenSSL version 1.0.
+
+ For some systems, the OpenSSL Configure script knows what is needed to
+ build shared libraries for libcrypto and libssl.  On these systems,
+ the shared libraries are currently not created by default, but giving
+ the option "shared" will get them created.  This method supports Makefile
+ targets for shared library creation, like linux-shared.  Those targets
+ can currently be used on their own just as well, but this is expected
+ to change in future versions of OpenSSL.
+
+ Note on random number generation
+ --------------------------------
+
+ Availability of cryptographically secure random numbers is required for
+ secret key generation. OpenSSL provides several options to seed the
+ internal PRNG. If not properly seeded, the internal PRNG will refuse
+ to deliver random bytes and a "PRNG not seeded error" will occur.
+ On systems without /dev/urandom (or similar) device, it may be necessary
+ to install additional support software to obtain random seed.
+ Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
+ and the FAQ for more information.
diff --git a/INSTALL.DJGPP b/INSTALL.DJGPP
new file mode 100644
index 0000000000..cdeac222b2
--- /dev/null
+++ b/INSTALL.DJGPP
@@ -0,0 +1,34 @@
+
+ 
+ INSTALLATION ON THE DOS PLATFORM WITH DJGPP
+ -------------------------------------------
+
+ Openssl has been ported to DOS, but only with long filename support. If
+ you wish to compile on native DOS with 8+3 filenames, you will have to
+ tweak the installation yourself, including renaming files with illegal
+ or duplicate names.
+
+ You should have a full DJGPP environment installed, including the
+ latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
+ requires that PERL and BC also be installed.
+
+ All of these can be obtained from the usual DJGPP mirror sites, such
+ as "ftp://ftp.simtel.net/pub/simtelnet/gnu/djgpp". You also need to
+ have the WATT-32 networking package installed before you try to compile
+ openssl. This can be obtained from "http://www.bgnett.no/~giva/".
+ The Makefile assumes that the WATT-32 code is in the directory
+ specified by the environment variable WATT_ROOT. If you have watt-32
+ in directory "watt32" under your main DJGPP directory, specify
+ WATT_ROOT="/dev/env/DJDIR/watt32".
+
+ To compile openssl, start your BASH shell. Then configure for DOS by
+ running "./Configure" with appropriate arguments. The basic syntax for
+ DOS is:
+ ./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
+ 
+ You may run out of DPMI selectors when running in a DOS box under
+ Windows. If so, just close the BASH shell, go back to Windows, and
+ restart BASH. Then run "make" again.
+
+ Building openssl under DJGPP has been tested with DJGPP 2.03,
+ GCC 2.952, GCC 2.953, perl 5.005_02 and perl 5.006_01.
diff --git a/INSTALL.MacOS b/INSTALL.MacOS
new file mode 100644
index 0000000000..01c60d81f9
--- /dev/null
+++ b/INSTALL.MacOS
@@ -0,0 +1,72 @@
+OpenSSL - Port To The Macintosh OS 9 or Earlier
+===============================================
+
+Thanks to Roy Wood <roy@centricsystems.ca> initial support for Mac OS (pre
+X) is now provided. "Initial" means that unlike other platforms where you
+get an SDK and a "swiss army" openssl application, on Macintosh you only
+get one sample application which fetches a page over HTTPS(*) and dumps it
+in a window. We don't even build the test applications so that we can't
+guarantee that all algorithms are operational.
+
+Required software:
+
+- StuffIt Expander 5.5 or later, alternatively MacGzip and SUNtar;
+- Scriptable Finder;
+- CodeWarrior Pro 5;
+
+Installation procedure:
+
+- fetch the source at ftp://ftp.openssl.org/ (well, you probably already
+  did, huh?)
+- unpack the .tar.gz file:
+	- if you have StuffIt Expander then just drag it over it;
+	- otherwise uncompress it with MacGzip and then unpack with SUNtar;
+- locate MacOS folder in OpenSSL source tree and open it;
+- unbinhex mklinks.as.hqx and OpenSSL.mcp.hqx if present (**), do it
+  "in-place", i.e. unpacked files should end-up in the very same folder;
+- execute mklinks.as;
+- open OpenSSL.mcp(***) and build 'GetHTTPS PPC' target(****);
+- that's it for now;
+
+(*)	URL is hardcoded into ./MacOS/GetHTTPS.src/GetHTTPS.cpp, lines 40
+        to 42, change appropriately.
+(**)	If you use SUNtar, then it might have already unbinhexed the files
+	in question.
+(***)	The project file was saved with CW Pro 5.3. If you have an earlier
+	version and it refuses to open it, then download
+	http://www.openssl.org/~appro/OpenSSL.mcp.xml and import it
+	overwriting the original OpenSSL.mcp.
+(****)	Other targets are works in progress. If you feel like giving 'em a
+	shot, then you should know that OpenSSL* and Lib* targets are
+	supposed to be built with the GUSI, MacOS library which mimics
+	BSD sockets and some other POSIX APIs. The GUSI distribution is
+	expected to be found in the same directory as the openssl source tree,
+	i.e., in the parent directory to the one where this very file,
+	namely INSTALL.MacOS, resides. For more information about GUSI, see
+	http://www.iis.ee.ethz.ch/~neeri/macintosh/gusi-qa.html
+
+Finally some essential comments from our generous contributor:-)
+
+"I've gotten OpenSSL working on the Macintosh. It's probably a bit of a
+hack, but it works for what I'm doing. If you don't like the way I've done
+it, then feel free to change what I've done. I freely admit that I've done
+some less-than-ideal things in my port, and if you don't like the way I've
+done something, then feel free to change it-- I won't be offended!
+
+... I've tweaked "bss_sock.c" a little to call routines in a "MacSocket"
+library I wrote. My MacSocket library is a wrapper around OpenTransport,
+handling stuff like endpoint creation, reading, writing, etc. It is not
+designed as a high-performance package such as you'd use in a webserver,
+but is fine for lots of other applications. MacSocket also uses some other
+code libraries I've written to deal with string manipulations and error
+handling. Feel free to use these things in your own code, but give me
+credit and/or send me free stuff in appreciation! :-)
+
+...
+
+If you have any questions, feel free to email me as the following:
+
+roy@centricsystems.ca
+
+-Roy Wood"
+
diff --git a/INSTALL.OS2 b/INSTALL.OS2
new file mode 100644
index 0000000000..530316db18
--- /dev/null
+++ b/INSTALL.OS2
@@ -0,0 +1,31 @@
+ 
+ Installation on OS/2
+ --------------------
+
+ You need to have the following tools installed:
+
+  * EMX GCC
+  * PERL
+  * GNU make
+
+
+ To build the makefile, run
+
+ > os2\os2-emx
+
+ This will configure OpenSSL and create OS2-EMX.mak which you then use to 
+ build the OpenSSL libraries & programs by running
+
+ > make -f os2-emx.mak
+
+ If that finishes successfully you will find the libraries and programs in the
+ "out" directory.
+
+ Alternatively, you can make a dynamic build that puts the library code into
+ crypto.dll and ssl.dll by running
+
+ > make -f os2-emx-dll.mak
+
+ This will build the above mentioned dlls and a matching pair of import
+ libraries in the "out_dll" directory along with the set of test programs
+ and the openssl application.
diff --git a/INSTALL.VMS b/INSTALL.VMS
new file mode 100644
index 0000000000..7658f64e1d
--- /dev/null
+++ b/INSTALL.VMS
@@ -0,0 +1,299 @@
+			VMS Installation instructions
+			written by Richard Levitte
+			<richard@levitte.org>
+
+
+Intro:
+======
+
+This file is divided in the following parts:
+
+  Requirements			- Mandatory reading.
+  Checking the distribution	- Mandatory reading.
+  Compilation			- Mandatory reading.
+  Logical names			- Mandatory reading.
+  Test				- Mandatory reading.
+  Installation			- Mandatory reading.
+  Backward portability		- Read if it's an issue.
+  Possible bugs or quirks	- A few warnings on things that
+				  may go wrong or may surprise you.
+  TODO				- Things that are to come.
+
+
+Requirements:
+=============
+
+To build and install OpenSSL, you will need:
+
+ * DEC C or some other ANSI C compiler.  VAX C is *not* supported.
+   [Note: OpenSSL has only been tested with DEC C.  Compiling with 
+    a different ANSI C compiler may require some work]
+
+Checking the distribution:
+==========================
+
+There have been reports of places where the distribution didn't quite get
+through, for example if you've copied the tree from a NFS-mounted Unix
+mount point.
+
+The easiest way to check if everything got through as it should is to check
+for one of the following files:
+
+	[.CRYPTO]OPENSSLCONF.H_IN
+	[.CRYPTO]OPENSSLCONF_H.IN
+
+They should never exist both at once, but one of them should (preferably
+the first variant).  If you can't find any of those two, something went
+wrong.
+
+The best way to get a correct distribution is to download the gzipped tar
+file from ftp://ftp.openssl.org/source/, use GUNZIP to uncompress it and
+use VMSTAR to unpack the resulting tar file.
+
+GUNZIP is available in many places on the net.  One of the distribution
+points is the WKU software archive, ftp://ftp.wku.edu/vms/fileserv/ .
+
+VMSTAR is also available in many places on the net.  The recommended place
+to find information about it is http://www.free.lp.se/vmstar/ .
+
+
+Compilation:
+============
+
+I've used the very good command procedures written by Robert Byer
+<byer@mail.all-net.net>, and just slightly modified them, making
+them slightly more general and easier to maintain.
+
+You can actually compile in almost any directory separately.  Look
+for a command procedure name xxx-LIB.COM (in the library directories)
+or MAKExxx.COM (in the program directories) and read the comments at
+the top to understand how to use them.  However, if you want to
+compile all you can get, the simplest is to use MAKEVMS.COM in the top
+directory.  The syntax is the following:
+
+  @MAKEVMS <option> <rsaref-p> <debug-p> [<compiler>]
+
+<option> must be one of the following:
+
+      ALL       Just build "everything".
+      CONFIG    Just build the "[.CRYPTO]OPENSSLCONF.H" file.
+      BUILDINF  Just build the "[.INCLUDE]BUILDINF.H" file.
+      SOFTLINKS Just copies some files, to simulate Unix soft links.
+      BUILDALL  Same as ALL, except CONFIG, BUILDINF and SOFTLINKS aren't done.
+      RSAREF    Just build the "[.xxx.EXE.RSAREF]LIBRSAGLUE.OLB" library.
+      CRYPTO    Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
+      SSL       Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library.
+      SSL_TASK  Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program.
+      TEST      Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL.
+      APPS      Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL.
+
+<rsaref-p> must be one of the following:
+
+      RSAREF    compile using the RSAREF Library
+      NORSAREF  compile without using RSAREF
+
+Note 0: The RSAREF library IS NO LONGER NEEDED.  The RSA patent
+        expires September 20, 2000, and RSA Security chose to make
+        the algorithm public domain two weeks before that.
+
+Note 1: If you still want to use RSAREF, the library is NOT INCLUDED
+        and you have to download it.  RSA Security doesn't carry it
+        any more, but there are a number of places where you can find
+        it.  You have to get the ".tar-Z" file as the ".zip" file
+        doesn't have the directory structure stored.  You have to
+        extract the file into the [.RSAREF] directory as that is where
+        the scripts will look for the files.
+
+Note 2: I have never done this, so I've no idea if it works or not.
+
+<debug-p> must be one of the following:
+
+      DEBUG     compile with debugging info (will not optimize)
+      NODEBUG   compile without debugging info (will optimize)
+
+<compiler> must be one of the following:
+
+      DECC      For DEC C.
+      GNUC      For GNU C.
+
+
+You will find the crypto library in [.xxx.EXE.CRYPTO], called LIBCRYPTO.OLB,
+where xxx is VAX or AXP.  You will find the SSL library in [.xxx.EXE.SSL],
+named LIBSSL.OLB, and you will find a bunch of useful programs in
+[.xxx.EXE.APPS].  However, these shouldn't be used right off unless it's
+just to test them.  For production use, make sure you install first, see
+Installation below.
+
+Note 1: Some programs in this package require a TCP/IP library.
+
+Note 2: if you want to compile the crypto library only, please make sure
+        you have at least done a @MAKEVMS CONFIG, a @MAKEVMS BUILDINF and
+        a @MAKEVMS SOFTLINKS.  A lot of things will break if you don't.
+
+
+Logical names:
+==============
+
+There are a few things that can't currently be given through the command
+line.  Instead, logical names are used.
+
+Currently, the logical names supported are:
+
+      OPENSSL_NO_ASM    with value YES, the assembler parts of OpenSSL will
+                        not be used.  Instead, plain C implementations are
+                        used.  This is good to try if something doesn't work.
+      OPENSSL_NO_'alg'  with value YES, the corresponding crypto algorithm
+                        will not be implemented.  Supported algorithms to
+                        do this with are: RSA, DSA, DH, MD2, MD4, MD5, RIPEMD,
+                        SHA, DES, MDC2, CR2, RC4, RC5, IDEA, BF, CAST, HMAC,
+                        SSL2.  So, for example, having the logical name
+                        OPENSSL_NO_RSA with the value YES means that the
+                        LIBCRYPTO.OLB library will not contain an RSA
+                        implementation.
+
+
+Test:
+=====
+
+Testing is very simple, just do the following:
+
+  @[.TEST]TESTS
+
+If a test fails, try with defining the logical name OPENSSL_NO_ASM (yes,
+it's an ugly hack!) and rebuild. Please send a bug report to
+<openssl-bugs@openssl.org>, including the output of "openssl version -a"
+and of the failed test.
+
+
+Installation:
+=============
+
+Installation is easy, just do the following:
+
+  @INSTALL <root>
+
+<root> is the directory in which everything will be installed,
+subdirectories, libraries, header files, programs and startup command
+procedures.
+
+N.B.: INSTALL.COM builds a new directory structure, different from
+the directory tree where you have now build OpenSSL.
+
+In the [.VMS] subdirectory of the installation, you will find the
+following command procedures:
+
+  OPENSSL_STARTUP.COM
+
+        defines all needed logical names.  Takes one argument that
+        tells it in what logical name table to insert the logical
+        names.  If you insert if it SYS$MANAGER:SYSTARTUP_VMS.COM, the
+        call should look like this: 
+
+          @openssldev:[openssldir.VMS]OPENSSL_STARTUP "/SYSTEM"
+
+  OPENSSL_UTILS.COM
+
+        sets up the symbols to the applications.  Should be called
+        from for example SYS$MANAGER:SYLOGIN.COM 
+
+The logical names that are set up are the following:
+
+  SSLROOT       a dotted concealed logical name pointing at the
+                root directory.
+
+  SSLCERTS      Initially an empty directory, this is the default
+		location for certificate files.
+  SSLMISC	Various scripts.
+  SSLPRIVATE	Initially an empty directory, this is the default
+		location for private key files.
+
+  SSLEXE        Contains the openssl binary and a few other utility
+		programs.
+  SSLINCLUDE    Contains the header files needed if you want to
+		compile programs with libcrypto or libssl.
+  SSLLIB        Contains the OpenSSL library files (LIBCRYPTO.OLB
+		and LIBSSL.OLB) themselves.
+
+  OPENSSL	Same as SSLINCLUDE.  This is because the standard
+		way to include OpenSSL header files from version
+		0.9.3 and on is:
+
+			#include <openssl/header.h>
+
+		For more info on this issue, see the INSTALL. file
+		(the NOTE in section 4 of "Installation in Detail").
+		You don't need to "deleting old header files"!!!
+
+
+Backward portability:
+=====================
+
+One great problem when you build a library is making sure it will work
+on as many versions of VMS as possible.  Especially, code compiled on
+OpenVMS version 7.x and above tend to be unusable in version 6.x or
+lower, because some C library routines have changed names internally
+(the C programmer won't usually see it, because the old name is
+maintained through C macros).  One obvious solution is to make sure
+you have a development machine with an old enough version of OpenVMS.
+However, if you are stuck with a bunch of Alphas running OpenVMS version
+7.1, you seem to be out of luck.  Fortunately, the DEC C header files
+are cluttered with conditionals that make some declarations and definitions
+dependent on the OpenVMS version or the C library version, *and* you
+can use those macros to simulate older OpenVMS or C library versions,
+by defining the macros _VMS_V6_SOURCE, __VMS_VER and __CTRL_VER with
+correct values.  In the compilation scripts, I've provided the possibility
+for the user to influence the creation of such macros, through a bunch of
+symbols, all having names starting with USER_.  Here's the list of them:
+
+  USER_CCFLAGS		 - Used to give additional qualifiers to the
+			   compiler.  It can't be used to define macros
+			   since the scripts will do such things as well.
+			   To do such things, use USER_CCDEFS.
+  USER_CCDEFS		 - Used to define macros on the command line.  The
+			   value of this symbol will be inserted inside a
+			   /DEFINE=(...).
+  USER_CCDISABLEWARNINGS - Used to disable some warnings.  The value is
+			   inserted inside a /DISABLE=WARNING=(...).
+
+So, to maintain backward compatibility with older VMS versions, do the
+following before you start compiling:
+
+  $ USER_CCDEFS := _VMS_V6_SOURCE=1,__VMS_VER=60000000,__CRTL_VER=60000000
+  $ USER_CCDISABLEWARNINGS := PREOPTW
+
+The USER_CCDISABLEWARNINGS is there because otherwise, DEC C will complain
+that those macros have been changed.
+
+Note: Currently, this is only useful for library compilation.  The
+      programs will still be linked with the current version of the
+      C library shareable image, and will thus complain if they are
+      faced with an older version of the same C library shareable image.
+      This will probably be fixed in a future revision of OpenSSL.
+
+
+Possible bugs or quirks:
+========================
+
+I'm not perfectly sure all the programs will use the SSLCERTS:
+directory by default, it may very well be that you have to give them
+extra arguments.  Please experiment.
+
+
+TODO:
+=====
+
+There are a few things that need to be worked out in the VMS version of
+OpenSSL, still:
+
+- Description files. ("Makefile's" :-))
+- Script code to link an already compiled build tree.
+- A VMSINSTALlable version (way in the future, unless someone else hacks).
+- shareable images (DLL for you Windows folks).
+
+There may be other things that I have missed and that may be desirable.
+Please send mail to <openssl-users@openssl.org> or to me directly if you
+have any ideas.
+
+--
+Richard Levitte <richard@levitte.org>
+2000-02-27
diff --git a/INSTALL.W32 b/INSTALL.W32
new file mode 100644
index 0000000000..8a875cf0be
--- /dev/null
+++ b/INSTALL.W32
@@ -0,0 +1,277 @@
+ 
+ INSTALLATION ON THE WIN32 PLATFORM
+ ----------------------------------
+
+ [Instructions for building for Windows CE can be found in INSTALL.WCE]
+
+ Heres a few comments about building OpenSSL in Windows environments.  Most
+ of this is tested on Win32 but it may also work in Win 3.1 with some
+ modification.
+
+ You need Perl for Win32.  Unless you will build on Cygwin, you will need
+ ActiveState Perl, available from http://www.activestate.com/ActivePerl.
+ For Cygwin users, there's more info in the Cygwin section.
+
+ and one of the following C compilers:
+
+  * Visual C++
+  * Borland C
+  * GNU C (Mingw32 or Cygwin)
+
+ If you want to compile in the assembly language routines with Visual C++ then
+ you will need an assembler. This is worth doing because it will result in
+ faster code: for example it will typically result in a 2 times speedup in the
+ RSA routines. Currently the following assemblers are supported:
+
+  * Microsoft MASM (aka "ml")
+  * Free Netwide Assembler NASM.
+
+ MASM was at one point distributed with VC++. It is now distributed with some
+ Microsoft DDKs, for example the Windows NT 4.0 DDK and the Windows 98 DDK. If
+ you do not have either of these DDKs then you can just download the binaries
+ for the Windows 98 DDK and extract and rename the two files XXXXXml.exe and
+ XXXXXml.err, to ml.exe and ml.err and install somewhere on your PATH. Both
+ DDKs can be downloaded from the Microsoft developers site www.msdn.com.
+
+ NASM is freely available. Version 0.98 was used during testing: other versions
+ may also work. It is available from many places, see for example:
+ http://www.kernel.org/pub/software/devel/nasm/binaries/win32/
+ The NASM binary nasmw.exe needs to be installed anywhere on your PATH.
+
+ If you are compiling from a tarball or a CVS snapshot then the Win32 files
+ may well be not up to date. This may mean that some "tweaking" is required to
+ get it all to work. See the trouble shooting section later on for if (when?)
+ it goes wrong.
+
+ Visual C++
+ ----------
+
+ Firstly you should run Configure:
+
+ > perl Configure VC-WIN32
+
+ Next you need to build the Makefiles and optionally the assembly language
+ files:
+
+ - If you are using MASM then run:
+
+   > ms\do_masm
+
+ - If you are using NASM then run:
+
+   > ms\do_nasm
+
+ - If you don't want to use the assembly language files at all then run:
+
+   > ms\do_ms
+
+ If you get errors about things not having numbers assigned then check the
+ troubleshooting section: you probably won't be able to compile it as it
+ stands.
+
+ Then from the VC++ environment at a prompt do:
+
+ > nmake -f ms\ntdll.mak
+
+ If all is well it should compile and you will have some DLLs and executables
+ in out32dll. If you want to try the tests then do:
+ 
+ > cd out32dll
+ > ..\ms\test
+
+ Tweaks:
+
+ There are various changes you can make to the Win32 compile environment. By
+ default the library is not compiled with debugging symbols. If you add 'debug'
+ to the mk1mf.pl lines in the do_* batch file then debugging symbols will be
+ compiled in. Note that mk1mf.pl expects the platform to be the last argument
+ on the command line, so 'debug' must appear before that, as all other options.
+
+ The default Win32 environment is to leave out any Windows NT specific
+ features.
+
+ If you want to enable the NT specific features of OpenSSL (currently only the
+ logging BIO) follow the instructions above but call the batch file do_nt.bat
+ instead of do_ms.bat.
+
+ You can also build a static version of the library using the Makefile
+ ms\nt.mak
+
+ Borland C++ builder 5
+ ---------------------
+
+ * Configure for building with Borland Builder:
+   > perl Configure BC-32
+
+ * Create the appropriate makefile
+   > ms\do_nasm
+
+ * Build
+   > make -f ms\bcb.mak
+
+ Borland C++ builder 3 and 4
+ ---------------------------
+
+ * Setup PATH. First must be GNU make then bcb4/bin 
+
+ * Run ms\bcb4.bat
+
+ * Run make:
+   > make -f bcb.mak
+
+ GNU C (Mingw32)
+ ---------------
+
+ To build OpenSSL, you need the Mingw32 package and GNU make.
+
+ * Compiler installation:
+
+   Mingw32 is available from <ftp://ftp.xraylith.wisc.edu/pub/khan/
+   gnu-win32/mingw32/gcc-2.95.2/gcc-2.95.2-msvcrt.exe>. Extract it
+   to a directory such as C:\gcc-2.95.2 and add c:\gcc-2.95.2\bin to
+   the PATH environment variable in "System Properties"; or edit and
+   run C:\gcc-2.95.2\mingw32.bat to set the PATH.
+
+ * Compile OpenSSL:
+
+   > ms\mingw32
+
+   This will create the library and binaries in out. In case any problems
+   occur, try
+   > ms\mingw32 no-asm
+   instead.
+
+   libcrypto.a and libssl.a are the static libraries. To use the DLLs,
+   link with libeay32.a and libssl32.a instead.
+
+   See troubleshooting if you get error messages about functions not having
+   a number assigned.
+
+ * You can now try the tests:
+
+   > cd out
+   > ..\ms\test
+
+ GNU C (Cygwin)
+ --------------
+
+ Cygwin provides a bash shell and GNU tools environment running
+ on NT 4.0, Windows 9x, Windows ME, Windows 2000, and Windows XP.
+ Consequently, a make of OpenSSL with Cygwin is closer to a GNU
+ bash environment such as Linux than to other W32 makes which are
+ based on a single makefile approach. Cygwin implements Posix/Unix
+ calls through cygwin1.dll, and is contrasted to Mingw32 which links
+ dynamically to msvcrt.dll or crtdll.dll.
+
+ To build OpenSSL using Cygwin:
+
+ * Install Cygwin (see http://cygwin.com/)
+
+ * Install Perl and ensure it is in the path (recent Cygwin perl 
+   (version 5.6.1-2 of the latter has been reported to work) or
+   ActivePerl)
+
+ * Run the Cygwin bash shell
+
+ * $ tar zxvf openssl-x.x.x.tar.gz
+   $ cd openssl-x.x.x
+   $ ./config
+   [...]
+   $ make
+   [...]
+   $ make test
+   $ make install
+
+ This will create a default install in /usr/local/ssl.
+
+ Cygwin Notes:
+
+ "make test" and normal file operations may fail in directories
+ mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
+ stripping of carriage returns. To avoid this ensure that a binary
+ mount is used, e.g. mount -b c:\somewhere /home.
+
+ "bc" is not provided in older Cygwin distribution.  This causes a
+ non-fatal error in "make test" but is otherwise harmless.  If
+ desired and needed, GNU bc can be built with Cygwin without change.
+
+
+ Installation
+ ------------
+
+ If you used the Cygwin procedure above, you have already installed and
+ can skip this section.  For all other procedures, there's currently no real
+ installation procedure for Win32.  There are, however, some suggestions:
+
+    - do nothing.  The include files are found in the inc32/ subdirectory,
+      all binaries are found in out32dll/ or out32/ depending if you built
+      dynamic or static libraries.
+
+    - do as is written in INSTALL.Win32 that comes with modssl:
+
+	$ md c:\openssl 
+	$ md c:\openssl\bin
+	$ md c:\openssl\lib
+	$ md c:\openssl\include
+	$ md c:\openssl\include\openssl
+	$ copy /b inc32\*               c:\openssl\include\openssl
+	$ copy /b out32dll\ssleay32.lib c:\openssl\lib
+	$ copy /b out32dll\libeay32.lib c:\openssl\lib
+	$ copy /b out32dll\ssleay32.dll c:\openssl\bin
+	$ copy /b out32dll\libeay32.dll c:\openssl\bin
+	$ copy /b out32dll\openssl.exe  c:\openssl\bin
+
+      Of course, you can choose another device than c:.  C: is used here
+      because that's usually the first (and often only) harddisk device.
+      Note: in the modssl INSTALL.Win32, p: is used rather than c:.
+
+
+ Troubleshooting
+ ---------------
+
+ Since the Win32 build is only occasionally tested it may not always compile
+ cleanly.  If you get an error about functions not having numbers assigned
+ when you run ms\do_ms then this means the Win32 ordinal files are not up to
+ date. You can do:
+
+ > perl util\mkdef.pl crypto ssl update
+
+ then ms\do_XXX should not give a warning any more. However the numbers that
+ get assigned by this technique may not match those that eventually get
+ assigned in the CVS tree: so anything linked against this version of the
+ library may need to be recompiled.
+
+ If you get errors about unresolved symbols there are several possible
+ causes.
+
+ If this happens when the DLL is being linked and you have disabled some
+ ciphers then it is possible the DEF file generator hasn't removed all
+ the disabled symbols: the easiest solution is to edit the DEF files manually
+ to delete them. The DEF files are ms\libeay32.def ms\ssleay32.def.
+
+ Another cause is if you missed or ignored the errors about missing numbers
+ mentioned above.
+
+ If you get warnings in the code then the compilation will halt.
+
+ The default Makefile for Win32 halts whenever any warnings occur. Since VC++
+ has its own ideas about warnings which don't always match up to other
+ environments this can happen. The best fix is to edit the file with the
+ warning in and fix it. Alternatively you can turn off the halt on warnings by
+ editing the CFLAG line in the Makefile and deleting the /WX option.
+
+ You might get compilation errors. Again you will have to fix these or report
+ them.
+
+ One final comment about compiling applications linked to the OpenSSL library.
+ If you don't use the multithreaded DLL runtime library (/MD option) your
+ program will almost certainly crash because malloc gets confused -- the
+ OpenSSL DLLs are statically linked to one version, the application must
+ not use a different one.  You might be able to work around such problems
+ by adding CRYPTO_malloc_init() to your program before any calls to the
+ OpenSSL libraries: This tells the OpenSSL libraries to use the same
+ malloc(), free() and realloc() as the application.  However there are many
+ standard library functions used by OpenSSL that call malloc() internally
+ (e.g. fopen()), and OpenSSL cannot change these; so in general you cannot
+ rely on CRYPTO_malloc_init() solving your problem, and you should
+ consistently use the multithreaded library.
diff --git a/INSTALL.WCE b/INSTALL.WCE
new file mode 100644
index 0000000000..ac587d6bd2
--- /dev/null
+++ b/INSTALL.WCE
@@ -0,0 +1,71 @@
+ 
+ INSTALLATION FOR THE WINDOWS CE PLATFORM
+ ----------------------------------------
+
+ Building OpenSSL for Windows CE requires the following external tools:
+
+  * Microsoft eMbedded Visual C++ 3.0
+  * wcecompat compatibility library (www.essemer.com.au)
+  * Optionally ceutils for running automated tests (www.essemer.com.au)
+
+ You also need Perl for Win32.  You will need ActiveState Perl, available
+ from http://www.activestate.com/ActivePerl.
+
+ Windows CE support in OpenSSL relies on wcecompat.  All Windows CE specific
+ issues should be directed to www.essemer.com.au.
+
+ The C Runtime Library implementation for Windows CE that is included with
+ Microsoft eMbedded Visual C++ 3.0 is incomplete and in some places
+ incorrect.  wcecompat plugs the holes and tries to bring the Windows CE
+ CRT to a level that is more compatible with ANSI C.  wcecompat goes further
+ and provides low-level IO and stream IO support for stdin/stdout/stderr
+ (which Windows CE does not provide).  This IO functionality is not needed
+ by the OpenSSL library itself but is used for the tests and openssl.exe.
+ More information is available at www.essemer.com.au.
+
+ Building
+ --------
+
+ Setup the eMbedded Visual C++ environment.  There are batch files for doing
+ this installed with eVC++.  For an ARM processor, for example, execute:
+
+ > "C:\Program Files\Microsoft eMbedded Tools\EVC\WCE300\BIN\WCEARM.BAT"
+
+ Next indicate where wcecompat is located:
+
+ > set WCECOMPAT=C:\wcecompat
+
+ Next you should run Configure:
+
+ > perl Configure VC-CE
+
+ Next you need to build the Makefiles:
+
+ > ms\do_ms
+
+ If you get errors about things not having numbers assigned then check the
+ troubleshooting section in INSTALL.W32: you probably won't be able to compile
+ it as it stands.
+
+ Then from the VC++ environment at a prompt do:
+
+ - to build static libraries:
+
+   > nmake -f ms\ce.mak
+
+ - or to build DLLs:
+
+   > nmake -f ms\cedll.mak
+
+ If all is well it should compile and you will have some static libraries and
+ executables in out32, or some DLLs and executables in out32dll.  If you want
+ to try the tests then make sure the ceutils are in the path and do:
+ 
+ > cd out32
+ > ..\ms\testce
+
+ This will copy each of the test programs to the Windows CE device and execute
+ them, displaying the output of the tests on this computer.  The output should
+ look similar to the output produced by running the tests for a regular Windows
+ build.
+
diff --git a/crypto/des/supp.c b/LICENSE
index 75c1015252..7b93e0dbce 100644
--- a/crypto/des/supp.c
+++ b/LICENSE
@@ -1,4 +1,73 @@
-/* crypto/des/supp.c */
+
+  LICENSE ISSUES
+  ==============
+
+  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
+  the OpenSSL License and the original SSLeay license apply to the toolkit.
+  See below for the actual license texts. Actually both licenses are BSD-style
+  Open Source licenses. In case of any license issues related to OpenSSL
+  please contact openssl-core@openssl.org.
+
+  OpenSSL License
+  ---------------
+
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+ Original SSLeay License
+ -----------------------
+
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,54 +125,3 @@
  * [including the GNU Public Licence.]
  */
 
-/*
- * Copyright (c) 1995
- *	Mark Murray.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *	This product includes software developed by Mark Murray
- * 4. Neither the name of the author nor the names of any co-contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY MARK MURRAY AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $Id: supp.c,v 1.1.1.2 1998/12/21 10:55:04 rse Exp $
- */
-
-#include <stdio.h>
-#include "des_locl.h"
-
-void des_cblock_print_file(cb, fp)
-	des_cblock *cb;
-	FILE *fp;
-{
-	int i;
-	unsigned int *p = (unsigned int *)cb;
-
-	fprintf(fp, " 0x { ");
-	for (i = 0; i < 8; i++) {
-		fprintf(fp, "%x", p[i]);
-		if (i != 7) fprintf(fp, ", ");
-	}
-	fprintf(fp, " }");
-}
diff --git a/MICROSOFT b/MICROSOFT
deleted file mode 100644
index 54176f0472..0000000000
--- a/MICROSOFT
+++ /dev/null
@@ -1,146 +0,0 @@
-The Microsoft World.
-
-The good news, to build SSLeay for the Microsft World
-
-Windows 3.1 DLL's
-perl Configure VC-WIN16
-nmake -f ms\w31dll.mak
-
-Windows NT/95 DLL's
-perl Configure VC-WIN32
-nmake -f ms\ntdll.mak
-
-Now the bad news
-All builds were done using Microsofts Visual C++ 1.52c and [45].x.
-If you are a borland person, you are probably going to have to help me
-finish the stuff in util/pl/BC*pl
-
-All builds were made under Windows NT - this means long filenames, so
-you may have problems under Windows 3.1 but probably not under 95.
-
-Because file pointers don't work in DLL's under Windows 3.1 (well at
-least stdin/stdout don't and I don't like having to differentiate
-between these and other file pointers), I now use the BIO file-pointer
-module, which needs to be linked into your application.  You can either
-use the memory buffer BIO for IO, or compile bss_file.c into your
-application, it is in the apps directory and is just a copy of
-crypto/buffer/bss_file.c with #define APPS_WIN16 added.
-I have not yet automated the makefile to automatically copy it into 'out'
-for a win 3.1 build....
-
-All callbacks passed into SSLeay for Windows 3.1 need to be of type
-_far _loadds.
-
-I don't support building with the pascal calling convention.
-
-The DLL and static builds are large memory model.
-
-To build static libraries for NT/95 or win 3.1
-
-perl util/mk1mf.pl VC-WIN32 > mf-stat.nt
-perl util/mk1mf.pl VC-WIN16 > mf-stat.w31
-for DLL's
-perl util/mk1mf.pl dll VC-WIN32	> mf-dll.nt
-perl util/mk1mf.pl dll VC-WIN16 > mf-dll.w31
-
-Again you will notice that if you dont have perl, you cannot do this.
-
-Now the next importaint issue.  Running Configure!
-I have small assember code files for critical big number library operation
-in crypto/bn/asm.  There is, asm code, object files and uuencode
-object files.  They are
-x86nt32.asm	- 32bit flat memory model assember - suitable Win32
-x86w16.asm	- 16bit assember - used in the msdos build.
-x86w32.asm	- 32bit assember, win 3.1 segments, used for win16 build.
-
-If you feel compelled to build the 16bit maths routines in the windows 3.1
-build,
-perl Configure VC-W31-16
-perl util/mk1mf.pl dll VC-W31-16 > mf-dll.w31
-
-If you hate assember and don't want anything to do with it,
-perl util/mk1mf.pl no-asm VC-WIN16 > mf-dll.w31
-will work for any of the makefile generations.
-
-There are more options to mk1mf.pl but these all leave the temporary
-files in 'tmp' and the output files in 'out' by default.
-
-The NT build is done for console mode.
-
-The Windows 3.1 version of SSLeay uses quickwin, the interface is ugly
-but it is better than nothing.  If you want ugly, try doing anything
-that involves getting a password.  I decided to be ugly instead of
-echoing characters.  For Windows 3.1 I would just sugest using the
-msdos version of the ssleay application for command line work.
-The QuickWin build is primarily for testing.
-
-For both NT and Windows 3.1, I have not written the code so that
-s_client, s_server can take input from the keyboard.  You can happily
-start applications up in separate windows, watch them handshake, and then sit
-there for-ever.  I have not had the time to get this working, and I've
-been able to test things from a unix box to the NT box :-).
-Try running ssleay s_server on the windows box
-(with either -cert ../apps/server.pem -www)
-and run ssleay s_time from another window.
-This often stuffs up on Windows 3.1, but I'm not worried since this is
-probably a problem with my demo applications, not the libraries.
-
-After a build of one of the version of microsoft SSLeay,
-'cd ms' and then run 'test'.  This should check everything out and
-even does a trial run of generating certificates.
-'test.bat' requires that perl be install, you be in the ms directory
-(not the test directory, thats for unix so stay out :-) and that the
-build output directory be ../out 
-
-On a last note, you will probably get division by zero errors and
-stuff after a build.  This is due to your own inability to follow
-instructions :-).
-
-The reasons for the problem is probably one of the following.
-
-1)	You did not run Configure.  This is critical for windows 3.1 when
-	using assember.  The values in crypto/bn/bn.h must match the
-	ones requred for the assember code.  (remember that if you
-	edit crypto/bn/bn.h by hand, it will be clobered the next time
-	you run Configure by the contents of crypto/bn/bn.org).
-	SSLeay version -o will list the compile options.
-	For VC-WIN32 you need bn(64,32) or bn(32,32)
-	For VC-W31-32/VC-WIN16 you need bn(32,32)
-	For VC-W31-16 you need bn(32,16) or bn(16,16)
-	For VC-MSDOS you need bn(32,16) or bn(16,16).
-
-	The first number will be 2 times bigger than the second if
-	BN_LLONG is defined in bn.h and the size of the second number
-	depends on the 'bits' defined at the start of bn.h.  Have a
-	look, it's all reasonably clear.
-	If you want to start messing with 8 bit builds and things like
-	that, build without the assember by re-generating a makefile
-	via 'perl util/mk1mf.pl no-asm'.
-2)	You tried to build under MS-DOS or Windows 3.1 using the /G3
-	option.  Don't.  It is buggy (thats why you just got that
-	error) and unless you want to work out which optimising flag
-	to turn off, I'm not going to help you :-).  I also noticed
-	that code often ran slower when compiled with /G3.
-3)	Under NT/95, malloc goes stupid.  You are probably linking with
-	the wrong library, there are problems if you mix the threaded
-	and non-threaded libraries (due to the DLL being staticly
-	linked with one and the applicaion using another.
-
-Well hopefully thats most of the MS issues handled, see you in ssl-users :-).
-
-eric 30-Aug-1996
-
-SSLeay 0.6.5
-For Windows 95/NT, add CRYPTO_malloc_init() to your program before any
-calls to the SSLeay libraries.  This function will insert callbacks so that
-the SSLeay libraries will use the same malloc(), free() and realloc() as
-your application so 'problem 3)' mentioned above will go away.
-
-There is now DES assember for Windows NT/95.  The file is
-crypto/des/asm/win32.asm and replaces crypto/des/des_enc.c in the build.
-
-There is also Blowfish assember for Windows NT/95.  The file is
-crypto/bf/asm/win32.asm and replaces crypto/bf/bf_enc.c in the build.
-
-eric 25-Jun-1997
-
diff --git a/MINFO b/MINFO
deleted file mode 100644
index 4680e23fbe..0000000000
--- a/MINFO
+++ /dev/null
@@ -1,1019 +0,0 @@
-RELATIVE_DIRECTORY=.
-AR=ar r
-BASENAME=SSLeay
-BF_ENC=bf_enc.o
-BN_ASM=bn_asm.o
-CAST_ENC=c_enc.o
-CC=cl
-CFLAG=
-DES_ENC=des_enc.o fcrypt_b.o
-DIRS=crypto ssl rsaref apps test tools
-EDIRS=times doc bugs util include certs ms shlib mt demos perl sf dep
-EXHEADER=e_os.h
-EX_LIBS=
-GENERAL=Makefile
-HEADER=e_os.h
-INSTALLTOP=/usr/local/ssl
-LIBS=libcrypto.a libssl.a
-MAKE=make -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-MAN1=1
-MAN3=3
-MD5_ASM_OBJ=
-MISC=COPYRIGHT Configure HISTORY.090 HISTORY.066 INSTALL Makefile.ssl Makefile README TODO HISTORY README.066 README.080 README.090 VERSION PROBLEMS MINFO makefile.one e_os.h MICROSOFT makevms.com config PATENTS
-NAME=SSLeay-0.9.1b
-ONEDIRS=out tmp
-PEX_LIBS=-L. -L.. -L../.. -L../../..
-PLATFORM=VC-WIN32
-RC4_ENC=rc4_enc.o
-RC5_ENC=rc5_enc.o
-RMD160_ASM_OBJ=
-SDIRS=md2 md5 sha mdc2 hmac ripemd des rc2 rc4 rc5 idea bf cast bn rsa dsa dh buffer bio stack lhash rand err objects evp pem asn1 x509 conf txt_db pkcs7 proxy comp
-SHA1_ASM_OBJ=
-SHELL=/bin/sh
-TARFILE=SSLeay-0.9.1b.tar
-TOP=.
-VERSION=0.9.1b
-WDIRS=windows
-WTARFILE=SSLeay-0.9.1b-win.tar
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto
-ALL=Makefile README cryptlib.c mem.c cversion.c ex_data.c tmdiff.c cpt_err.c cryptlib.h date.h crypto.h cryptall.h tmdiff.h
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I. -I../include -g -DCFLAGS=" \"cc -g\" " -DPLATFORM=" \"\" "
-DIR=crypto
-ERR=crypto
-ERRC=cpt_err
-EXHEADER=crypto.h cryptall.h tmdiff.h
-EX_LIBS=
-GENERAL=Makefile README
-HEADER=cryptlib.h date.h crypto.h cryptall.h tmdiff.h
-INCLUDE=-I. -I../include
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../libcrypto.a
-LIBOBJ=cryptlib.o mem.o cversion.o ex_data.o tmdiff.o cpt_err.o
-LIBS=
-LIBSRC=cryptlib.c mem.c cversion.c ex_data.c tmdiff.c cpt_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-PEX_LIBS=
-RM=/bin/rm -f
-SDIRS=md2 md5 sha mdc2 hmac ripemd des rc2 rc4 rc5 idea bf cast bn rsa dsa dh buffer bio stack lhash rand err objects evp pem x509 asn1 conf txt_db pkcs7 proxy comp
-SRC=cryptlib.c mem.c cversion.c ex_data.c tmdiff.c cpt_err.c
-TOP=..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/md2
-ALL=Makefile md2_dgst.c md5_one.c md2.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=md
-EXHEADER=md2.h
-GENERAL=Makefile
-HEADER=md2.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=md2_dgst.o md2_one.o
-LIBSRC=md2_dgst.c md5_one.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=md2_dgst.c md5_one.c
-TEST=md2test.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/md5
-ALL=Makefile md5_dgst.c md5_one.c md5_locl.h md5.h
-APPS=md5.c
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-CPP=cc -E
-DIR=md5
-EXHEADER=md5.h
-GENERAL=Makefile
-HEADER=md5_locl.h md5.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=md5_dgst.o md5_one.o 
-LIBSRC=md5_dgst.c md5_one.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-MD5_ASM_OBJ=
-SRC=md5_dgst.c md5_one.c
-TEST=md5test.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/sha
-ALL=Makefile sha_dgst.c sha1dgst.c sha_one.c sha1_one.c sha_locl.h sha.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=sha
-EXHEADER=sha.h
-GENERAL=Makefile
-HEADER=sha_locl.h sha.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o 
-LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SHA1_ASM_OBJ=
-SRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
-TEST=shatest.c sha1test.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/mdc2
-ALL=Makefile mdc2dgst.c mdc2_one.c mdc2.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=mdc2
-EXHEADER=mdc2.h
-GENERAL=Makefile
-HEADER=mdc2.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=mdc2dgst.o mdc2_one.o
-LIBSRC=mdc2dgst.c mdc2_one.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=mdc2dgst.c mdc2_one.c
-TEST=mdc2test.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/hmac
-ALL=Makefile hmac.c hmac.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=hmac
-EXHEADER=hmac.h
-GENERAL=Makefile
-HEADER=hmac.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=hmac.o
-LIBSRC=hmac.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=hmac.c
-TEST=hmactest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/ripemd
-ALL=Makefile rmd_dgst.c rmd_one.c rmd_locl.h rmdconst.h ripemd.h
-APPS=rmd160.c
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-CPP=cc -E
-DIR=ripemd
-EXHEADER=ripemd.h
-GENERAL=Makefile
-HEADER=rmd_locl.h rmdconst.h ripemd.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=rmd_dgst.o rmd_one.o 
-LIBSRC=rmd_dgst.c rmd_one.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-RIP_ASM_OBJ=
-SRC=rmd_dgst.c rmd_one.c
-TEST=rmdtest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/des
-ALL=Makefile des.org des_locl.org cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h des.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-CPP=cc -E
-DES_ENC=des_enc.o fcrypt_b.o
-DIR=des
-EXHEADER=des.h
-GENERAL=Makefile des.org des_locl.org
-HEADER=des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h des.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=set_key.o ecb_enc.o cbc_enc.o ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o ofb64ede.o enc_read.o enc_writ.o ofb64enc.o ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o des_enc.o fcrypt_b.o read2pwd.o fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o cbc_cksm.o supp.o
-LIBSRC=cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c ecb_enc.c enc_read.c enc_writ.c fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c des_enc.c fcrypt_b.c read2pwd.c fcrypt.c xcbc_enc.c str2key.c cfb64ede.c ofb64ede.c supp.c
-TEST=destest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/rc2
-ALL=Makefile rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c rc2_locl.h rc2.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=rc2
-EXHEADER=rc2.h
-GENERAL=Makefile
-HEADER=rc2_locl.h rc2.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o
-LIBSRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
-TEST=rc2test.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/rc4
-ALL=Makefile rc4_skey.c rc4_enc.c rc4.h rc4_locl.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=rc4
-EXHEADER=rc4.h
-GENERAL=Makefile
-HEADER=rc4.h rc4_locl.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=rc4_skey.o rc4_enc.o
-LIBSRC=rc4_skey.c rc4_enc.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-RC4_ENC=rc4_enc.o
-SRC=rc4_skey.c rc4_enc.c
-TEST=rc4test.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/rc5
-ALL=Makefile rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c rc5_locl.h rc5.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-CPP=cc -E
-DIR=rc5
-EXHEADER=rc5.h
-GENERAL=Makefile
-HEADER=rc5_locl.h rc5.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=rc5_skey.o rc5_ecb.o rc5_enc.o rc5cfb64.o rc5ofb64.o
-LIBSRC=rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-RC5_ENC=rc5_enc.o
-SRC=rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c
-TEST=rc5test.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/idea
-ALL=Makefile i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c idea_lcl.h idea.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=idea
-EXHEADER=idea.h
-GENERAL=Makefile
-HEADER=idea_lcl.h idea.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=i_cbc.o i_cfb64.o i_ofb64.o i_ecb.o i_skey.o
-LIBSRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
-TEST=ideatest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/bf
-ALL=Makefile bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c bf_pi.h bf_locl.h blowfish.h
-APPS=
-AR=ar r
-BF_ENC=bf_enc.o
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-CPP=cc -E
-DIR=bf
-EXHEADER=blowfish.h
-GENERAL=Makefile
-HEADER=bf_pi.h bf_locl.h blowfish.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=bf_skey.o bf_ecb.o bf_enc.o bf_cfb64.o bf_ofb64.o
-LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c
-TEST=bftest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/cast
-ALL=Makefile c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c cast_s.h cast_lcl.h cast.h
-APPS=
-AR=ar r
-CAST_ENC=c_enc.o
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-CPP=cc -E
-DIR=cast
-EXHEADER=cast.h
-GENERAL=Makefile
-HEADER=cast_s.h cast_lcl.h cast.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=c_skey.o c_ecb.o c_enc.o c_cfb64.o c_ofb64.o
-LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c
-TEST=casttest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/bn
-ALL=Makefile bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_lcl.h bn_prime.h bn.h
-APPS=
-AR=ar r
-BN_ASM=bn_asm.o
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=bn
-ERR=bn
-ERRC=bn_err
-EXHEADER=bn.h
-GENERAL=Makefile
-HEADER=bn_lcl.h bn_prime.h bn.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=bn_add.o bn_div.o bn_exp.o bn_lib.o bn_mul.o bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o bn_asm.o bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o
-LIBSRC=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mul.c bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c
-TEST=bntest.c exptest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/rsa
-ALL=Makefile rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c rsa_pk1.c rsa_ssl.c rsa_none.c rsa.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=rsa
-ERR=rsa
-ERRC=rsa_err
-EXHEADER=rsa.h
-GENERAL=Makefile
-HEADER=rsa.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o rsa_pk1.o rsa_ssl.o rsa_none.o
-LIBSRC=rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c rsa_pk1.c rsa_ssl.c rsa_none.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c rsa_pk1.c rsa_ssl.c rsa_none.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/dsa
-ALL=Makefile dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c dsa_err.c dsa.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=dsa
-ERR=dsa
-ERRC=dsa_err
-EXHEADER=dsa.h
-GENERAL=Makefile
-HEADER=dsa.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=dsa_gen.o dsa_key.o dsa_lib.o dsa_vrf.o dsa_sign.o dsa_err.o
-LIBSRC=dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c dsa_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c dsa_err.c
-TEST=dsatest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/dh
-ALL=Makefile dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=dh
-ERR=dh
-ERRC=dh_err
-EXHEADER=dh.h
-GENERAL=Makefile
-HEADER=dh.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o
-LIBSRC=dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
-TEST=dhtest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/buffer
-ALL=Makefile buffer.c buf_err.c buffer.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=buffer
-ERR=buffer
-ERRC=buf_err
-EXHEADER=buffer.h
-GENERAL=Makefile
-HEADER=buffer.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=buffer.o buf_err.o
-LIBSRC=buffer.c buf_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=buffer.c buf_err.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/bio
-ALL=Makefile bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c bss_cs4a.c bio.h bss_file.c
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=bio
-ERR=bio
-ERRC=bio_err
-EXHEADER=bio.h bss_file.c
-GENERAL=Makefile
-HEADER=bio.h bss_file.c
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=bio_lib.o bio_cb.o bio_err.o bss_mem.o bss_null.o bss_fd.o bss_file.o bss_sock.o bss_conn.o bf_null.o bf_buff.o b_print.o b_dump.o b_sock.o bss_acpt.o bf_nbio.o bss_cs4a.o
-LIBSRC=bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c bss_cs4a.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_print.c b_dump.c b_sock.c bss_acpt.c bf_nbio.c bss_cs4a.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/stack
-ALL=Makefile stack.c stack.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=stack
-EXHEADER=stack.h
-GENERAL=Makefile
-HEADER=stack.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=stack.o
-LIBSRC=stack.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=stack.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/lhash
-ALL=Makefile lhash.c lh_stats.c lhash.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=lhash
-EXHEADER=lhash.h
-GENERAL=Makefile
-HEADER=lhash.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=lhash.o lh_stats.o
-LIBSRC=lhash.c lh_stats.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=lhash.c lh_stats.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/rand
-ALL=Makefile md_rand.c randfile.c rand_lib.c rand.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=rand
-EXHEADER=rand.h
-GENERAL=Makefile
-HEADER=rand.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=md_rand.o randfile.o rand_lib.o
-LIBSRC=md_rand.c randfile.c rand_lib.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=md_rand.c randfile.c rand_lib.c
-TEST=randtest.c
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/err
-ALL=Makefile err.c err_all.c err_prn.c err.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=err
-EXHEADER=err.h
-GENERAL=Makefile
-HEADER=err.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=err.o err_all.o err_prn.o
-LIBSRC=err.c err_all.c err_prn.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=err.c err_all.c err_prn.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/objects
-ALL=Makefile README o_names.c obj_dat.c obj_lib.c obj_err.c objects.h obj_dat.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=objects
-ERR=objects
-ERRC=obj_err
-EXHEADER=objects.h
-GENERAL=Makefile README
-HEADER=objects.h obj_dat.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=o_names.o obj_dat.o obj_lib.o obj_err.o
-LIBSRC=o_names.c obj_dat.c obj_lib.c obj_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=o_names.c obj_dat.c obj_lib.c obj_err.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/evp
-ALL=Makefile encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c e_ecb_c.c e_cbc_c.c e_cfb_c.c e_ofb_c.c e_ecb_r5.c e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c m_ripemd.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c evp_lib.c evp.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=evp
-ERR=evp
-ERRC=evp_err
-EXHEADER=evp.h
-GENERAL=Makefile
-HEADER=evp.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=encode.o digest.o evp_enc.o evp_key.o e_ecb_d.o e_cbc_d.o e_cfb_d.o e_ofb_d.o e_ecb_i.o e_cbc_i.o e_cfb_i.o e_ofb_i.o e_ecb_3d.o e_cbc_3d.o e_rc4.o names.o e_cfb_3d.o e_ofb_3d.o e_xcbc_d.o e_ecb_r2.o e_cbc_r2.o e_cfb_r2.o e_ofb_r2.o e_ecb_bf.o e_cbc_bf.o e_cfb_bf.o e_ofb_bf.o e_ecb_c.o e_cbc_c.o e_cfb_c.o e_ofb_c.o e_ecb_r5.o e_cbc_r5.o e_cfb_r5.o e_ofb_r5.o m_null.o m_md2.o m_md5.o m_sha.o m_sha1.o m_dss.o m_dss1.o m_mdc2.o m_ripemd.o p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o c_all.o evp_lib.o
-LIBSRC=encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c e_ecb_c.c e_cbc_c.c e_cfb_c.c e_ofb_c.c e_ecb_r5.c e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c m_ripemd.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c evp_lib.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=encode.c digest.c evp_enc.c evp_key.c e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c e_ecb_c.c e_cbc_c.c e_cfb_c.c e_ofb_c.c e_ecb_r5.c e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c m_ripemd.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c evp_lib.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/pem
-ALL=Makefile pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c pem.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-CTX_SIZE=ctx_size
-DIR=pem
-ERR=pem
-ERRC=pem_err
-EXHEADER=pem.h
-GENERAL=Makefile
-HEADER=pem.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o
-LIBSRC=pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/asn1
-ALL=Makefile README a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_bmp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c evp_asn1.c asn1.h asn1_mac.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=asn1
-ERR=asn1
-ERRC=asn1_err
-EXHEADER=asn1.h asn1_mac.h
-GENERAL=Makefile README
-HEADER=asn1.h asn1_mac.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=a_object.o a_bitstr.o a_utctm.o a_int.o a_octet.o a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_bmp.o a_sign.o a_digest.o a_verify.o x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_name.o x_cinf.o x_x509.o x_crl.o x_info.o x_spki.o d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o t_req.o t_x509.o t_pkey.o p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o a_hdr.o x_pkey.o a_bool.o x_exten.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o evp_asn1.o
-LIBSRC=a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_bmp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c evp_asn1.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_bmp.c a_sign.c a_digest.c a_verify.c x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_pkey.c p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c a_hdr.c x_pkey.c a_bool.c x_exten.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c evp_asn1.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/x509
-ALL=Makefile README x509_def.c x509_d2.c x509_r2x.c x509_cmp.c x509_obj.c x509_req.c x509_vfy.c x509_set.c x509rset.c x509_err.c x509name.c x509_v3.c x509_ext.c x509pack.c x509type.c x509_lu.c x_all.c x509_txt.c by_file.c by_dir.c v3_net.c v3_x509.c x509.h x509_vfy.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=x509
-ERR=x509
-ERRC=x509_err
-EXHEADER=x509.h x509_vfy.h
-GENERAL=Makefile README
-HEADER=x509.h x509_vfy.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=x509_def.o x509_d2.o x509_r2x.o x509_cmp.o x509_obj.o x509_req.o x509_vfy.o x509_set.o x509rset.o x509_err.o x509name.o x509_v3.o x509_ext.o x509pack.o x509type.o x509_lu.o x_all.o x509_txt.o by_file.o by_dir.o v3_net.o v3_x509.o
-LIBSRC=x509_def.c x509_d2.c x509_r2x.c x509_cmp.c x509_obj.c x509_req.c x509_vfy.c x509_set.c x509rset.c x509_err.c x509name.c x509_v3.c x509_ext.c x509pack.c x509type.c x509_lu.c x_all.c x509_txt.c by_file.c by_dir.c v3_net.c v3_x509.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=x509_def.c x509_d2.c x509_r2x.c x509_cmp.c x509_obj.c x509_req.c x509_vfy.c x509_set.c x509rset.c x509_err.c x509name.c x509_v3.c x509_ext.c x509pack.c x509type.c x509_lu.c x_all.c x509_txt.c by_file.c by_dir.c v3_net.c v3_x509.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/conf
-ALL=Makefile conf.c conf_err.c conf_lcl.h conf.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=conf
-ERR=conf
-ERRC=conf_err
-EXHEADER=conf.h
-GENERAL=Makefile
-HEADER=conf_lcl.h conf.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=conf.o conf_err.o
-LIBSRC=conf.c conf_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=conf.c conf_err.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/txt_db
-ALL=Makefile txt_db.c txt_db.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS= -g
-DIR=txt_db
-EXHEADER=txt_db.h
-GENERAL=Makefile
-HEADER=txt_db.h
-INCLUDES=
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=txt_db.o
-LIBSRC=txt_db.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=txt_db.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/pkcs7
-ALL=Makefile README pk7_lib.c pkcs7err.c pk7_doit.c pkcs7.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=pkcs7
-ERR=pkcs7
-ERRC=pkcs7err
-EXHEADER=pkcs7.h
-GENERAL=Makefile README
-HEADER=pkcs7.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=pk7_lib.o pkcs7err.o pk7_doit.o
-LIBSRC=pk7_lib.c pkcs7err.c pk7_doit.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=pk7_lib.c pkcs7err.c pk7_doit.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/proxy
-ALL=Makefile proxy.c pxy_txt.c bf_proxy.c pxy_conf.c pxy_err.c proxy.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=proxy
-ERR=proxy
-ERRC=pxy_err
-EXHEADER=proxy.h
-GENERAL=Makefile
-HEADER=proxy.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=proxy.o pxy_txt.o bf_proxy.o pxy_conf.o pxy_err.o
-LIBSRC=proxy.c pxy_txt.c bf_proxy.c pxy_conf.c pxy_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=proxy.c pxy_txt.c bf_proxy.c pxy_conf.c pxy_err.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=crypto/comp
-ALL=Makefile comp_lib.c c_rle.c c_zlib.c comp.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=comp
-ERR=comp
-ERRC=comp_err
-EXHEADER=comp.h
-GENERAL=Makefile
-HEADER=comp.h
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-LIB=../../libcrypto.a
-LIBOBJ=comp_lib.o c_rle.o c_zlib.o
-LIBSRC=comp_lib.c c_rle.c c_zlib.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=comp_lib.c c_rle.c c_zlib.c
-TEST=
-TOP=../..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=ssl
-ALL=Makefile README s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c pxy_ssl.c ssl_err.c ssl.h ssl2.h ssl3.h ssl23.h tls1.h ssl_locl.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I../crypto -I../include -g
-DIR=ssl
-ERR=ssl
-ERRC=ssl_err
-EXHEADER=ssl.h ssl2.h ssl3.h ssl23.h tls1.h
-GENERAL=Makefile README
-HEADER=ssl.h ssl2.h ssl3.h ssl23.h tls1.h ssl_locl.h
-INCLUDES=-I../crypto -I../include
-INSTALLTOP=/usr/local/ssl
-LIB=../libssl.a
-LIBOBJ=s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o ssl_ciph.o ssl_stat.o ssl_rsa.o ssl_asn1.o ssl_txt.o ssl_algs.o bio_ssl.o pxy_ssl.o ssl_err.o
-LIBSRC=s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c pxy_ssl.c ssl_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c ssl_algs.c bio_ssl.c pxy_ssl.c ssl_err.c
-TEST=ssltest.c
-TOP=..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=rsaref
-ALL=Makefile rsaref.c rsar_err.c  rsaref.h
-APPS=
-AR=ar r
-CC=cc
-CFLAG=-g
-CFLAGS=-I../crypto -I../include -g
-DIR=rsaref
-ERR=rsaref
-ERRC=rsar_err
-EXHEADER=
-GENERAL=Makefile
-HEADER= rsaref.h
-INCLUDES=-I../crypto -I../include
-INSTALLTOP=/usr/local/ssl
-LIB=../libRSAglue.a
-LIBOBJ=rsaref.o rsar_err.o
-LIBSRC=rsaref.c rsar_err.c
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-SRC=rsaref.c rsar_err.c
-TEST=
-TOP=..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=apps
-ALL=Makefile verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c bf_perm.c version.c sess_id.c ciphers.c apps.h progs.h s_apps.h testdsa.h testrsa.h 
-A_OBJ=apps.o
-A_SRC=apps.c
-CC=cc
-CFLAG=-g -static
-CFLAGS=-DMONOLITH -I../include -g -static
-DIR=apps
-DLIBCRYPTO=../libcrypto.a
-DLIBSSL=../libssl.a
-EXE=ssleay
-EXHEADER=
-EX_LIBS=
-E_EXE=verify asn1pars req dgst dh enc gendh errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers
-E_OBJ=verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o dsa.o dsaparam.o x509.o genrsa.o s_server.o s_client.o s_ speed.o s_time.o apps.o s_cb.o s_socket.o bf_perm.o version.o sess_id.o ciphers.o
-E_SRC=verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c bf_perm.c version.c sess_id.c ciphers.c
-GENERAL=Makefile
-HEADER=apps.h progs.h s_apps.h testdsa.h testrsa.h 
-INCLUDES=-I../include
-INSTALLTOP=/usr/local/ssl
-LIBCRYPTO=-L.. -lcrypto
-LIBSSL=-L.. -lssl
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-PEX_LIBS=
-PROGS=ssleay.c
-RM=/bin/rm -f
-SCRIPTS=CA.sh der_chop
-SRC=verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c pkcs7.c crl2p7.c crl.c rsa.c dsa.c dsaparam.c x509.c genrsa.c s_server.c s_client.c speed.c s_time.c apps.c s_cb.c s_socket.c bf_perm.c version.c sess_id.c ciphers.c
-SSLEAY=ssleay
-S_OBJ=s_cb.o s_socket.o bf_perm.o
-S_SRC=s_cb.c s_socket.c bf_perm.c
-TOP=..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=test
-ALL=Makefile.ssl bntest.c ideatest.c md2test.c md5test.c hmactest.c rc2test.c rc4test.c rc5test.c destest.c shatest.c sha1test.c mdc2test.c rmdtest.c randtest.c dhtest.c casttest.c bftest.c ssltest.c dsatest.c exptest.c 
-BFTEST=bftest
-BNTEST=bntest
-CASTTEST=casttest
-CC=cc
-CFLAG=-g
-CFLAGS=-I../include -g
-DESTEST=destest
-DHTEST=dhtest
-DIR=test
-DLIBCRYPTO=../libcrypto.a
-DLIBSSL=../libssl.a
-DSATEST=dsatest
-EXE=bntest ideatest md2test md5test hmactest rc2test rc4test rc5test destest shatest sha1test mdc2test rmdtest randtest dhtest bftest casttest ssltest exptest dsatest
-EXHEADER=
-EXPTEST=exptest
-EX_LIBS=
-GENERAL=Makefile.ssl
-HEADER=
-HMACTEST=hmactest
-IDEATEST=ideatest
-INCLUDES=-I../include
-INSTALLTOP=/usr/local/ssl
-LIBCRYPTO=-L.. -lcrypto
-LIBSSL=-L.. -lssl
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -fMakefile.ssl
-MAKEFILE=Makefile.ssl
-MD2TEST=md2test
-MD5TEST=md5test
-MDC2TEST=mdc2test
-METHTEST=methtest
-OBJ=bntest.o ideatest.o md2test.o md5test.o hmactest.o rc2test.o rc4test.o rc5test.o destest.o shatest.o sha1test.o mdc2test.o rmdtest.o randtest.o dhtest.o casttest.o bftest.o ssltest.o dsatest.o exptest.o
-PEX_LIBS=
-RANDTEST=randtest
-RC2TEST=rc2test
-RC4TEST=rc4test
-RC5TEST=rc5test
-RMDTEST=rmdtest
-SHA1TEST=sha1test
-SHATEST=shatest
-SRC=bntest.c ideatest.c md2test.c md5test.c hmactest.c rc2test.c rc4test.c rc5test.c destest.c shatest.c sha1test.c mdc2test.c rmdtest.c randtest.c dhtest.c casttest.c bftest.c ssltest.c dsatest.c exptest.c
-SSLTEST=ssltest
-TOP=..
-RELATIVE_DIRECTORY=
-RELATIVE_DIRECTORY=tools
-APPS=c_hash c_info c_issuer c_name c_rehash
-CC=cc
-CFLAG=-g
-CFLAGS=-I.. -I../../include -g
-DIR=tools
-GENERAL=Makefile.ssl
-INCLUDES=-I.. -I../../include
-INSTALLTOP=/usr/local/ssl
-MAKE=make -f Makefile.ssl
-MAKEDEPEND=makedepend -f Makefile.ssl
-MAKEFILE=Makefile.ssl
-TEST=
-TOP=..
-RELATIVE_DIRECTORY=
diff --git a/MacOS/GUSI_Init.cpp b/MacOS/GUSI_Init.cpp
new file mode 100644
index 0000000000..d8223dba2c
--- /dev/null
+++ b/MacOS/GUSI_Init.cpp
@@ -0,0 +1,62 @@
+/**************** BEGIN GUSI CONFIGURATION ****************************
+ *
+ * GUSI Configuration section generated by GUSI Configurator
+ * last modified: Wed Jan  5 20:33:51 2000
+ *
+ * This section will be overwritten by the next run of Configurator.
+ */
+
+#define GUSI_SOURCE
+#include <GUSIConfig.h>
+#include <sys/cdefs.h>
+
+/* Declarations of Socket Factories */
+
+__BEGIN_DECLS
+void GUSIwithInetSockets();
+void GUSIwithLocalSockets();
+void GUSIwithMTInetSockets();
+void GUSIwithMTTcpSockets();
+void GUSIwithMTUdpSockets();
+void GUSIwithOTInetSockets();
+void GUSIwithOTTcpSockets();
+void GUSIwithOTUdpSockets();
+void GUSIwithPPCSockets();
+void GUSISetupFactories();
+__END_DECLS
+
+/* Configure Socket Factories */
+
+void GUSISetupFactories()
+{
+#ifdef GUSISetupFactories_BeginHook
+	GUSISetupFactories_BeginHook
+#endif
+	GUSIwithInetSockets();
+#ifdef GUSISetupFactories_EndHook
+	GUSISetupFactories_EndHook
+#endif
+}
+
+/* Declarations of File Devices */
+
+__BEGIN_DECLS
+void GUSIwithDConSockets();
+void GUSIwithNullSockets();
+void GUSISetupDevices();
+__END_DECLS
+
+/* Configure File Devices */
+
+void GUSISetupDevices()
+{
+#ifdef GUSISetupDevices_BeginHook
+	GUSISetupDevices_BeginHook
+#endif
+	GUSIwithNullSockets();
+#ifdef GUSISetupDevices_EndHook
+	GUSISetupDevices_EndHook
+#endif
+}
+
+/**************** END GUSI CONFIGURATION *************************/
diff --git a/MacOS/GetHTTPS.src/CPStringUtils.cpp b/MacOS/GetHTTPS.src/CPStringUtils.cpp
new file mode 100644
index 0000000000..5f64afe967
--- /dev/null
+++ b/MacOS/GetHTTPS.src/CPStringUtils.cpp
@@ -0,0 +1,2753 @@
+/* ====================================================================
+ * Copyright (c) 1998-1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+ 
+ 
+ 
+ #include "CPStringUtils.hpp"
+#include "ErrorHandling.hpp"
+
+
+
+#define kNumberFormatString			"\p########0.00#######;-########0.00#######"
+
+
+
+//	Useful utility functions which could be optimized a whole lot
+
+
+void CopyPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength)
+{
+int		i,numPChars;
+
+
+	if (thePStr != nil && theCStr != nil && maxCStrLength > 0)
+	{
+		numPChars = thePStr[0];
+		
+		for (i = 0;;i++)
+		{
+			if (i >= numPChars || i >= maxCStrLength - 1)
+			{
+				theCStr[i] = 0;
+				
+				break;
+			}
+			
+			else
+			{
+				theCStr[i] = thePStr[i + 1];
+			}
+		}
+	}
+}
+
+
+void CopyPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength)
+{
+int		theMaxDstStrLength;
+
+	
+	theMaxDstStrLength = maxDstStrLength;
+	
+	
+	if (theDstPStr != nil && theSrcPStr != nil && theMaxDstStrLength > 0)
+	{
+		if (theMaxDstStrLength > 255)
+		{
+			theMaxDstStrLength = 255;
+		}
+		
+		
+		if (theMaxDstStrLength - 1 < theSrcPStr[0])
+		{
+			BlockMove(theSrcPStr + 1,theDstPStr + 1,theMaxDstStrLength - 1);
+			
+			theDstPStr[0] = theMaxDstStrLength - 1;
+		}
+		
+		else
+		{
+			BlockMove(theSrcPStr,theDstPStr,theSrcPStr[0] + 1);
+		}
+	}
+}
+
+
+void CopyCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxDstStrLength)
+{
+int		i;
+
+
+	if (theDstCStr != nil && theSrcCStr != nil && maxDstStrLength > 0)
+	{
+		for (i = 0;;i++)
+		{
+			if (theSrcCStr[i] == 0 || i >= maxDstStrLength - 1)
+			{
+				theDstCStr[i] = 0;
+				
+				break;
+			}
+			
+			else
+			{
+				theDstCStr[i] = theSrcCStr[i];
+			}
+		}
+	}
+}
+
+
+
+void CopyCSubstrToCStr(const char *theSrcCStr,const int maxCharsToCopy,char *theDstCStr,const int maxDstStrLength)
+{
+int		i;
+
+
+	if (theDstCStr != nil && theSrcCStr != nil && maxDstStrLength > 0)
+	{
+		for (i = 0;;i++)
+		{
+			if (theSrcCStr[i] == 0 || i >= maxDstStrLength - 1 || i >= maxCharsToCopy)
+			{
+				theDstCStr[i] = 0;
+				
+				break;
+			}
+			
+			else
+			{
+				theDstCStr[i] = theSrcCStr[i];
+			}
+		}
+	}
+}
+
+
+
+void CopyCSubstrToPStr(const char *theSrcCStr,const int maxCharsToCopy,unsigned char *theDstPStr,const int maxDstStrLength)
+{
+int		i;
+int		theMaxDstStrLength;
+
+	
+	theMaxDstStrLength = maxDstStrLength;
+
+	if (theDstPStr != nil && theSrcCStr != nil && theMaxDstStrLength > 0)
+	{
+		if (theMaxDstStrLength > 255)
+		{
+			theMaxDstStrLength = 255;
+		}
+		
+		
+		for (i = 0;;i++)
+		{
+			if (theSrcCStr[i] == 0 || i >= theMaxDstStrLength - 1 || i >= maxCharsToCopy)
+			{
+				theDstPStr[0] = i;
+				
+				break;
+			}
+			
+			else
+			{
+				theDstPStr[i + 1] = theSrcCStr[i];
+			}
+		}
+	}
+}
+
+
+
+void CopyCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength)
+{
+int		i;
+int		theMaxDstStrLength;
+
+	
+	theMaxDstStrLength = maxDstStrLength;
+
+	if (theDstPStr != nil && theSrcCStr != nil && theMaxDstStrLength > 0)
+	{
+		if (theMaxDstStrLength > 255)
+		{
+			theMaxDstStrLength = 255;
+		}
+		
+		
+		for (i = 0;;i++)
+		{
+			if (i >= theMaxDstStrLength - 1 || theSrcCStr[i] == 0)
+			{
+				theDstPStr[0] = i;
+				
+				break;
+			}
+			
+			else
+			{
+				theDstPStr[i + 1] = theSrcCStr[i];
+			}
+		}
+	}
+}
+
+
+void ConcatPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength)
+{
+int		i,numPChars,cStrLength;
+
+
+	if (thePStr != nil && theCStr != nil && maxCStrLength > 0)
+	{
+		for (cStrLength = 0;theCStr[cStrLength] != 0;cStrLength++)
+		{
+		
+		}
+		
+
+		numPChars = thePStr[0];
+		
+		
+		for (i = 0;;i++)
+		{
+			if (i >= numPChars || cStrLength >= maxCStrLength - 1)
+			{
+				theCStr[cStrLength++] = 0;
+				
+				break;
+			}
+			
+			else
+			{
+				theCStr[cStrLength++] = thePStr[i + 1];
+			}
+		}
+	}
+}
+
+
+
+void ConcatPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength)
+{
+int		theMaxDstStrLength;
+
+	
+	theMaxDstStrLength = maxDstStrLength;
+	
+	if (theSrcPStr != nil && theDstPStr != nil && theMaxDstStrLength > 0)
+	{
+		if (theMaxDstStrLength > 255)
+		{
+			theMaxDstStrLength = 255;
+		}
+		
+		
+		if (theMaxDstStrLength - theDstPStr[0] - 1 < theSrcPStr[0])
+		{
+			BlockMove(theSrcPStr + 1,theDstPStr + theDstPStr[0] + 1,theMaxDstStrLength - 1 - theDstPStr[0]);
+			
+			theDstPStr[0] = theMaxDstStrLength - 1;
+		}
+		
+		else
+		{
+			BlockMove(theSrcPStr + 1,theDstPStr + theDstPStr[0] + 1,theSrcPStr[0]);
+			
+			theDstPStr[0] += theSrcPStr[0];
+		}
+	}
+}
+
+
+
+void ConcatCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength)
+{
+int		i,thePStrLength;
+int		theMaxDstStrLength;
+
+	
+	theMaxDstStrLength = maxDstStrLength;
+
+	if (theSrcCStr != nil && theDstPStr != nil && theMaxDstStrLength > 0)
+	{
+		if (theMaxDstStrLength > 255)
+		{
+			theMaxDstStrLength = 255;
+		}
+		
+		
+		thePStrLength = theDstPStr[0];
+		
+		for (i = 0;;i++)
+		{
+			if (theSrcCStr[i] == 0 || thePStrLength >= theMaxDstStrLength - 1)
+			{
+				theDstPStr[0] = thePStrLength;
+				
+				break;
+			}
+			
+			else
+			{
+				theDstPStr[thePStrLength + 1] = theSrcCStr[i];
+				
+				thePStrLength++;
+			}
+		}
+	}
+}
+
+
+
+void ConcatCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxCStrLength)
+{
+int		cStrLength;
+
+
+	if (theSrcCStr != nil && theDstCStr != nil && maxCStrLength > 0)
+	{
+		for (cStrLength = 0;theDstCStr[cStrLength] != 0;cStrLength++)
+		{
+		
+		}
+		
+
+		for (;;)
+		{
+			if (*theSrcCStr == 0 || cStrLength >= maxCStrLength - 1)
+			{
+				theDstCStr[cStrLength++] = 0;
+				
+				break;
+			}
+			
+			else
+			{
+				theDstCStr[cStrLength++] = *theSrcCStr++;
+			}
+		}
+	}
+}
+
+
+
+void ConcatCharToCStr(const char theChar,char *theDstCStr,const int maxCStrLength)
+{
+int		cStrLength;
+
+
+	if (theDstCStr != nil && maxCStrLength > 0)
+	{
+		cStrLength = CStrLength(theDstCStr);
+		
+		if (cStrLength < maxCStrLength - 1)
+		{
+			theDstCStr[cStrLength++] = theChar;
+			theDstCStr[cStrLength++] = '\0';
+		}
+	}
+}
+
+
+
+void ConcatCharToPStr(const char theChar,unsigned char *theDstPStr,const int maxPStrLength)
+{
+int		pStrLength;
+
+
+	if (theDstPStr != nil && maxPStrLength > 0)
+	{
+		pStrLength = PStrLength(theDstPStr);
+		
+		if (pStrLength < maxPStrLength - 1 && pStrLength < 255)
+		{
+			theDstPStr[pStrLength + 1] = theChar;
+			theDstPStr[0] += 1;
+		}
+	}
+}
+
+
+
+
+int CompareCStrs(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase)
+{
+int		returnValue;
+char	firstChar,secondChar;
+
+	
+	returnValue = 0;
+	
+	
+	if (theFirstCStr != nil && theSecondCStr != nil)
+	{
+		for (;;)
+		{
+			firstChar = *theFirstCStr;
+			secondChar = *theSecondCStr;
+			
+			if (ignoreCase == true)
+			{
+				if (firstChar >= 'A' && firstChar <= 'Z')
+				{
+					firstChar = 'a' + (firstChar - 'A');
+				}
+				
+				if (secondChar >= 'A' && secondChar <= 'Z')
+				{
+					secondChar = 'a' + (secondChar - 'A');
+				}
+			}
+			
+			
+			if (firstChar == 0 && secondChar != 0)
+			{
+				returnValue = -1;
+				
+				break;
+			}
+			
+			else if (firstChar != 0 && secondChar == 0)
+			{
+				returnValue = 1;
+				
+				break;
+			}
+			
+			else if (firstChar == 0 && secondChar == 0)
+			{
+				returnValue = 0;
+				
+				break;
+			}
+			
+			else if (firstChar < secondChar)
+			{
+				returnValue = -1;
+				
+				break;
+			}
+			
+			else if (firstChar > secondChar)
+			{
+				returnValue = 1;
+				
+				break;
+			}
+			
+			theFirstCStr++;
+			theSecondCStr++;
+		}
+	}
+	
+	
+	return(returnValue);
+}
+
+
+
+Boolean CStrsAreEqual(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase)
+{
+	if (CompareCStrs(theFirstCStr,theSecondCStr,ignoreCase) == 0)
+	{
+		return true;
+	}
+	
+	else
+	{
+		return false;
+	}
+}
+
+
+Boolean PStrsAreEqual(const unsigned char *theFirstPStr,const unsigned char *theSecondPStr,const Boolean ignoreCase)
+{
+	if (ComparePStrs(theFirstPStr,theSecondPStr,ignoreCase) == 0)
+	{
+		return true;
+	}
+	
+	else
+	{
+		return false;
+	}
+}
+
+
+
+int ComparePStrs(const unsigned char *theFirstPStr,const unsigned char *theSecondPStr,const Boolean ignoreCase)
+{
+int		i,returnValue;
+char	firstChar,secondChar;
+
+	
+	returnValue = 0;
+	
+	
+	if (theFirstPStr != nil && theSecondPStr != nil)
+	{
+		for (i = 1;;i++)
+		{
+			firstChar = theFirstPStr[i];
+			secondChar = theSecondPStr[i];
+
+			if (ignoreCase == true)
+			{
+				if (firstChar >= 'A' && firstChar <= 'Z')
+				{
+					firstChar = 'a' + (firstChar - 'A');
+				}
+				
+				if (secondChar >= 'A' && secondChar <= 'Z')
+				{
+					secondChar = 'a' + (secondChar - 'A');
+				}
+			}
+
+
+			if (theFirstPStr[0] < i && theSecondPStr[0] >= i)
+			{
+				returnValue = -1;
+				
+				break;
+			}
+			
+			else if (theFirstPStr[0] >= i && theSecondPStr[0] < i)
+			{
+				returnValue = 1;
+				
+				break;
+			}
+			
+			else if (theFirstPStr[0] < i && theSecondPStr[0] < i)
+			{
+				returnValue = 0;
+				
+				break;
+			}
+			
+			else if (firstChar < secondChar)
+			{
+				returnValue = -1;
+				
+				break;
+			}
+			
+			else if (firstChar > secondChar)
+			{
+				returnValue = 1;
+				
+				break;
+			}
+		}
+	}
+	
+	
+	return(returnValue);
+}
+
+
+
+int CompareCStrToPStr(const char *theCStr,const unsigned char *thePStr,const Boolean ignoreCase)
+{
+int		returnValue;
+char	tempString[256];
+
+	
+	returnValue = 0;
+	
+	if (theCStr != nil && thePStr != nil)
+	{
+		CopyPStrToCStr(thePStr,tempString,sizeof(tempString));
+		
+		returnValue = CompareCStrs(theCStr,tempString,ignoreCase);
+	}
+	
+	
+	return(returnValue);
+}
+
+
+
+void ConcatLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits)
+{
+Str255 		theStr255;
+
+
+	NumToString(theNum,theStr255);
+
+
+	if (numDigits > 0)
+	{
+	int 	charsToInsert;
+	
+		
+		charsToInsert = numDigits - PStrLength(theStr255);
+		
+		if (charsToInsert > 0)
+		{
+		char	tempString[256];
+			
+			CopyCStrToCStr("",tempString,sizeof(tempString));
+			
+			for (;charsToInsert > 0;charsToInsert--)
+			{
+				ConcatCStrToCStr("0",tempString,sizeof(tempString));
+			}
+			
+			ConcatPStrToCStr(theStr255,tempString,sizeof(tempString));
+			
+			CopyCStrToPStr(tempString,theStr255,sizeof(theStr255));
+		}
+	}
+
+
+	ConcatPStrToCStr(theStr255,theCStr,maxCStrLength);
+}
+
+
+
+
+void ConcatLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits)
+{
+Str255 		theStr255;
+
+
+	NumToString(theNum,theStr255);
+
+
+	if (numDigits > 0)
+	{
+	int 	charsToInsert;
+	
+		
+		charsToInsert = numDigits - PStrLength(theStr255);
+		
+		if (charsToInsert > 0)
+		{
+		char	tempString[256];
+			
+			CopyCStrToCStr("",tempString,sizeof(tempString));
+			
+			for (;charsToInsert > 0;charsToInsert--)
+			{
+				ConcatCStrToCStr("0",tempString,sizeof(tempString));
+			}
+			
+			ConcatPStrToCStr(theStr255,tempString,sizeof(tempString));
+			
+			CopyCStrToPStr(tempString,theStr255,sizeof(theStr255));
+		}
+	}
+
+
+	ConcatPStrToPStr(theStr255,thePStr,maxPStrLength);
+}
+
+
+
+void CopyCStrAndConcatLongIntToCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength)
+{
+	CopyCStrToCStr(theSrcCStr,theDstCStr,maxDstStrLength);
+	
+	ConcatLongIntToCStr(theNum,theDstCStr,maxDstStrLength);
+}
+
+
+
+void CopyLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits)
+{
+Str255 		theStr255;
+
+
+	NumToString(theNum,theStr255);
+
+
+	if (numDigits > 0)
+	{
+	int 	charsToInsert;
+	
+		
+		charsToInsert = numDigits - PStrLength(theStr255);
+		
+		if (charsToInsert > 0)
+		{
+		char	tempString[256];
+			
+			CopyCStrToCStr("",tempString,sizeof(tempString));
+			
+			for (;charsToInsert > 0;charsToInsert--)
+			{
+				ConcatCStrToCStr("0",tempString,sizeof(tempString));
+			}
+			
+			ConcatPStrToCStr(theStr255,tempString,sizeof(tempString));
+			
+			CopyCStrToPStr(tempString,theStr255,sizeof(theStr255));
+		}
+	}
+
+
+	CopyPStrToCStr(theStr255,theCStr,maxCStrLength);
+}
+
+
+
+
+
+void CopyUnsignedLongIntToCStr(const unsigned long theNum,char *theCStr,const int maxCStrLength)
+{
+char			tempString[256];
+int				srcCharIndex,dstCharIndex;
+unsigned long	tempNum,quotient,remainder;
+
+	
+	if (theNum == 0)
+	{
+		CopyCStrToCStr("0",theCStr,maxCStrLength);
+	}
+	
+	else
+	{
+		srcCharIndex = 0;
+		
+		tempNum = theNum;
+		
+		for (;;)
+		{
+			if (srcCharIndex >= sizeof(tempString) - 1 || tempNum == 0)
+			{
+				for (dstCharIndex = 0;;)
+				{
+					if (dstCharIndex >= maxCStrLength - 1 || srcCharIndex <= 0)
+					{
+						theCStr[dstCharIndex] = 0;
+						
+						break;
+					}
+					
+					theCStr[dstCharIndex++] = tempString[--srcCharIndex];
+				}
+				
+				break;
+			}
+			
+
+			quotient = tempNum / 10;
+			
+			remainder = tempNum - (quotient * 10);
+			
+			tempString[srcCharIndex] = '0' + remainder;
+			
+			srcCharIndex++;
+			
+			tempNum = quotient;
+		}
+	}
+}
+
+
+
+
+void CopyLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits)
+{
+char	tempString[256];
+
+
+	CopyLongIntToCStr(theNum,tempString,sizeof(tempString),numDigits);
+	
+	CopyCStrToPStr(tempString,thePStr,maxPStrLength);
+}
+
+
+
+OSErr CopyLongIntToNewHandle(const long inTheLongInt,Handle *theHandle)
+{
+OSErr		errCode = noErr;
+char		tempString[32];
+	
+	
+	CopyLongIntToCStr(inTheLongInt,tempString,sizeof(tempString));
+	
+	errCode = CopyCStrToNewHandle(tempString,theHandle);
+
+	return(errCode);
+}
+
+
+OSErr CopyLongIntToExistingHandle(const long inTheLongInt,Handle theHandle)
+{
+OSErr		errCode = noErr;
+char		tempString[32];
+	
+	
+	CopyLongIntToCStr(inTheLongInt,tempString,sizeof(tempString));
+	
+	errCode = CopyCStrToExistingHandle(tempString,theHandle);
+
+	return(errCode);
+}
+
+
+
+
+OSErr CopyCStrToExistingHandle(const char *theCString,Handle theHandle)
+{
+OSErr	errCode = noErr;
+long	stringLength;
+
+	
+	if (theCString == nil)
+	{
+		SetErrorMessageAndBail(("CopyCStrToExistingHandle: Bad parameter, theCString == nil"));
+	}
+
+	if (theHandle == nil)
+	{
+		SetErrorMessageAndBail(("CopyCStrToExistingHandle: Bad parameter, theHandle == nil"));
+	}
+
+	if (*theHandle == nil)
+	{
+		SetErrorMessageAndBail(("CopyCStrToExistingHandle: Bad parameter, *theHandle == nil"));
+	}
+
+
+
+	stringLength = CStrLength(theCString) + 1;
+	
+	SetHandleSize(theHandle,stringLength);
+	
+	if (GetHandleSize(theHandle) < stringLength)
+	{
+		SetErrorMessageAndLongIntAndBail("CopyCStrToExistingHandle: Can't set Handle size, MemError() = ",MemError());
+	}
+	
+	
+	::BlockMove(theCString,*theHandle,stringLength);
+	
+
+EXITPOINT:
+	
+	return(errCode);
+}
+
+
+
+
+
+OSErr CopyCStrToNewHandle(const char *theCString,Handle *theHandle)
+{
+OSErr	errCode = noErr;
+long	stringLength;
+
+	
+	if (theCString == nil)
+	{
+		SetErrorMessageAndBail(("CopyCStrToNewHandle: Bad parameter, theCString == nil"));
+	}
+
+	if (theHandle == nil)
+	{
+		SetErrorMessageAndBail(("CopyCStrToNewHandle: Bad parameter, theHandle == nil"));
+	}
+
+
+
+	stringLength = CStrLength(theCString) + 1;
+	
+	*theHandle = NewHandle(stringLength);
+	
+	if (*theHandle == nil)
+	{
+		SetErrorMessageAndLongIntAndBail("CopyCStrToNewHandle: Can't allocate Handle, MemError() = ",MemError());
+	}
+	
+	
+	::BlockMove(theCString,**theHandle,stringLength);
+	
+
+EXITPOINT:
+	
+	return(errCode);
+}
+
+
+
+OSErr CopyPStrToNewHandle(const unsigned char *thePString,Handle *theHandle)
+{
+OSErr	errCode = noErr;
+long	stringLength;
+
+	
+	if (thePString == nil)
+	{
+		SetErrorMessageAndBail(("CopyPStrToNewHandle: Bad parameter, thePString == nil"));
+	}
+
+	if (theHandle == nil)
+	{
+		SetErrorMessageAndBail(("CopyPStrToNewHandle: Bad parameter, theHandle == nil"));
+	}
+
+
+
+	stringLength = PStrLength(thePString) + 1;
+	
+	*theHandle = NewHandle(stringLength);
+	
+	if (*theHandle == nil)
+	{
+		SetErrorMessageAndLongIntAndBail("CopyPStrToNewHandle: Can't allocate Handle, MemError() = ",MemError());
+	}
+	
+	
+	if (stringLength > 1)
+	{
+		BlockMove(thePString + 1,**theHandle,stringLength - 1);
+	}
+	
+	(**theHandle)[stringLength - 1] = 0;
+	
+
+EXITPOINT:
+	
+	return(errCode);
+}
+
+
+OSErr AppendPStrToHandle(const unsigned char *thePString,Handle theHandle,long *currentLength)
+{
+OSErr		errCode = noErr;
+char		tempString[256];
+
+	
+	CopyPStrToCStr(thePString,tempString,sizeof(tempString));
+	
+	errCode = AppendCStrToHandle(tempString,theHandle,currentLength);
+	
+
+EXITPOINT:
+	
+	return(errCode);
+}
+
+
+
+OSErr AppendCStrToHandle(const char *theCString,Handle theHandle,long *currentLength,long *maxLength)
+{
+OSErr		errCode = noErr;
+long		handleMaxLength,handleCurrentLength,stringLength,byteCount;
+
+
+	if (theCString == nil)
+	{
+		SetErrorMessageAndBail(("AppendCStrToHandle: Bad parameter, theCString == nil"));
+	}
+
+	if (theHandle == nil)
+	{
+		SetErrorMessageAndBail(("AppendCStrToHandle: Bad parameter, theHandle == nil"));
+	}
+	
+	
+	if (maxLength != nil)
+	{
+		handleMaxLength = *maxLength;
+	}
+	
+	else
+	{
+		handleMaxLength = GetHandleSize(theHandle);
+	}
+	
+	
+	if (currentLength != nil && *currentLength >= 0)
+	{
+		handleCurrentLength = *currentLength;
+	}
+	
+	else
+	{
+		handleCurrentLength = CStrLength(*theHandle);
+	}
+	
+	
+	stringLength = CStrLength(theCString);
+	
+	byteCount = handleCurrentLength + stringLength + 1;
+	
+	if (byteCount > handleMaxLength)
+	{
+		SetHandleSize(theHandle,handleCurrentLength + stringLength + 1);
+		
+		if (maxLength != nil)
+		{
+			*maxLength = GetHandleSize(theHandle);
+			
+			handleMaxLength = *maxLength;
+		}
+		
+		else
+		{
+			handleMaxLength = GetHandleSize(theHandle);
+		}
+
+		if (byteCount > handleMaxLength)
+		{
+			SetErrorMessageAndLongIntAndBail("AppendCStrToHandle: Can't increase Handle allocation, MemError() = ",MemError());
+		}
+	}
+	
+	
+	BlockMove(theCString,*theHandle + handleCurrentLength,stringLength + 1);
+	
+	
+	if (currentLength != nil)
+	{
+		*currentLength += stringLength;
+	}
+
+
+	errCode = noErr;
+	
+	
+EXITPOINT:
+
+	return(errCode);
+}
+
+
+
+OSErr AppendCharsToHandle(const char *theChars,const int numChars,Handle theHandle,long *currentLength,long *maxLength)
+{
+OSErr		errCode = noErr;
+long		handleMaxLength,handleCurrentLength,byteCount;
+
+
+	if (theChars == nil)
+	{
+		SetErrorMessageAndBail(("AppendCharsToHandle: Bad parameter, theChars == nil"));
+	}
+
+	if (theHandle == nil)
+	{
+		SetErrorMessageAndBail(("AppendCharsToHandle: Bad parameter, theHandle == nil"));
+	}
+	
+	
+	if (maxLength != nil)
+	{
+		handleMaxLength = *maxLength;
+	}
+	
+	else
+	{
+		handleMaxLength = GetHandleSize(theHandle);
+	}
+	
+	
+	if (currentLength != nil && *currentLength >= 0)
+	{
+		handleCurrentLength = *currentLength;
+	}
+	
+	else
+	{
+		handleCurrentLength = CStrLength(*theHandle);
+	}
+	
+	
+	byteCount = handleCurrentLength + numChars + 1;
+	
+	if (byteCount > handleMaxLength)
+	{
+		SetHandleSize(theHandle,handleCurrentLength + numChars + 1);
+		
+		if (maxLength != nil)
+		{
+			*maxLength = GetHandleSize(theHandle);
+			
+			handleMaxLength = *maxLength;
+		}
+		
+		else
+		{
+			handleMaxLength = GetHandleSize(theHandle);
+		}
+
+		if (byteCount > handleMaxLength)
+		{
+			SetErrorMessageAndLongIntAndBail("AppendCharsToHandle: Can't increase Handle allocation, MemError() = ",MemError());
+		}
+	}
+	
+	
+	BlockMove(theChars,*theHandle + handleCurrentLength,numChars);
+	
+	(*theHandle)[handleCurrentLength + numChars] = '\0';
+	
+	if (currentLength != nil)
+	{
+		*currentLength += numChars;
+	}
+
+
+	errCode = noErr;
+	
+	
+EXITPOINT:
+
+	return(errCode);
+}
+
+
+
+OSErr AppendLongIntToHandle(const long inTheLongInt,Handle theHandle,long *currentLength)
+{
+OSErr		errCode = noErr;
+char		tempString[32];
+	
+	
+	CopyLongIntToCStr(inTheLongInt,tempString,sizeof(tempString));
+	
+	errCode = AppendCStrToHandle(tempString,theHandle,currentLength);
+
+	return(errCode);
+}
+
+
+
+
+long CStrLength(const char *theCString)
+{
+long	cStrLength = 0;
+
+	
+	if (theCString != nil)
+	{
+		for (cStrLength = 0;theCString[cStrLength] != 0;cStrLength++)
+		{
+		
+		}
+	}
+	
+	
+	return(cStrLength);
+}
+
+
+
+long PStrLength(const unsigned char *thePString)
+{
+long	pStrLength = 0;
+
+	
+	if (thePString != nil)
+	{
+		pStrLength = thePString[0];
+	}
+	
+	
+	return(pStrLength);
+}
+
+
+
+
+
+void ZeroMem(void *theMemPtr,const unsigned long numBytes)
+{
+unsigned char	*theBytePtr;
+unsigned long	*theLongPtr;
+unsigned long	numSingleBytes;
+unsigned long	theNumBytes;
+
+	
+	theNumBytes = numBytes;
+	
+	if (theMemPtr != nil && theNumBytes > 0)
+	{
+		theBytePtr = (unsigned char	*) theMemPtr;
+		
+		numSingleBytes = (unsigned long) theBytePtr & 0x0003;
+		
+		while (numSingleBytes > 0)
+		{
+			*theBytePtr++ = 0;
+			
+			theNumBytes--;
+			numSingleBytes--;
+		}
+		
+
+		theLongPtr = (unsigned long	*) theBytePtr;
+		
+		while (theNumBytes >= 4)
+		{
+			*theLongPtr++ = 0;
+			
+			theNumBytes -= 4;
+		}
+		
+		
+		theBytePtr = (unsigned char	*) theLongPtr;
+		
+		while (theNumBytes > 0)
+		{
+			*theBytePtr++ = 0;
+			
+			theNumBytes--;
+		}
+	}
+}
+
+
+
+
+char *FindCharInCStr(const char theChar,const char *theCString)
+{
+char	*theStringSearchPtr;
+
+	
+	theStringSearchPtr = (char	*) theCString;
+	
+	if (theStringSearchPtr != nil)
+	{
+		while (*theStringSearchPtr != '\0' && *theStringSearchPtr != theChar)
+		{
+			theStringSearchPtr++;
+		}
+		
+		if (*theStringSearchPtr == '\0')
+		{
+			theStringSearchPtr = nil;
+		}
+	}
+	
+	return(theStringSearchPtr);
+}
+
+
+
+long FindCharOffsetInCStr(const char theChar,const char *theCString,const Boolean inIgnoreCase)
+{
+long	theOffset = -1;
+
+
+	if (theCString != nil)
+	{
+		theOffset = 0;
+		
+
+		if (inIgnoreCase)
+		{
+		char	searchChar = theChar;
+		
+			if (searchChar >= 'a' && searchChar <= 'z')
+			{
+				searchChar = searchChar - 'a' + 'A';
+			}
+			
+			
+			while (*theCString != 0)
+			{
+			char	currentChar = *theCString;
+			
+				if (currentChar >= 'a' && currentChar <= 'z')
+				{
+					currentChar = currentChar - 'a' + 'A';
+				}
+			
+				if (currentChar == searchChar)
+				{
+					break;
+				}
+				
+				theCString++;
+				theOffset++;
+			}
+		}
+		
+		else
+		{
+			while (*theCString != 0 && *theCString != theChar)
+			{
+				theCString++;
+				theOffset++;
+			}
+		}
+		
+		if (*theCString == 0)
+		{
+			theOffset = -1;
+		}
+	}
+	
+	return(theOffset);
+}
+
+
+long FindCStrOffsetInCStr(const char *theCSubstring,const char *theCString,const Boolean inIgnoreCase)
+{
+long	theOffset = -1;
+
+
+	if (theCSubstring != nil && theCString != nil)
+	{
+		for (theOffset = 0;;theOffset++)
+		{
+			if (theCString[theOffset] == 0)
+			{
+				theOffset = -1;
+				
+				goto EXITPOINT;
+			}
+			
+			
+			for (const char	*tempSubstringPtr = theCSubstring,*tempCStringPtr = theCString + theOffset;;tempSubstringPtr++,tempCStringPtr++)
+			{
+				if (*tempSubstringPtr == 0)
+				{
+					goto EXITPOINT;
+				}
+				
+				else if (*tempCStringPtr == 0)
+				{
+					break;
+				}
+			
+			char	searchChar = *tempSubstringPtr;
+			char	currentChar = *tempCStringPtr;
+			
+				if (inIgnoreCase && searchChar >= 'a' && searchChar <= 'z')
+				{
+					searchChar = searchChar - 'a' + 'A';
+				}
+				
+				if (inIgnoreCase && currentChar >= 'a' && currentChar <= 'z')
+				{
+					currentChar = currentChar - 'a' + 'A';
+				}
+				
+				if (currentChar != searchChar)
+				{
+					break;
+				}
+			}
+		}
+		
+		theOffset = -1;
+	}
+
+
+EXITPOINT:
+	
+	return(theOffset);
+}
+
+
+
+void InsertCStrIntoCStr(const char *theSrcCStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength)
+{
+int		currentLength;
+int		insertLength;
+int		numCharsToInsert;
+int		numCharsToShift;
+
+	
+	if (theDstCStr != nil && theSrcCStr != nil && maxDstStrLength > 0 && theInsertionOffset < maxDstStrLength - 1)
+	{
+		currentLength = CStrLength(theDstCStr);
+		
+		insertLength = CStrLength(theSrcCStr);
+		
+
+		if (theInsertionOffset + insertLength < maxDstStrLength - 1)
+		{
+			numCharsToInsert = insertLength;
+		}
+		
+		else
+		{
+			numCharsToInsert = maxDstStrLength - 1 - theInsertionOffset;
+		}
+		
+
+		if (numCharsToInsert + currentLength < maxDstStrLength - 1)
+		{
+			numCharsToShift = currentLength - theInsertionOffset;
+		}
+		
+		else
+		{
+			numCharsToShift = maxDstStrLength - 1 - theInsertionOffset - numCharsToInsert;
+		}
+
+		
+		if (numCharsToShift > 0)
+		{
+			BlockMove(theDstCStr + theInsertionOffset,theDstCStr + theInsertionOffset + numCharsToInsert,numCharsToShift);
+		}
+		
+		if (numCharsToInsert > 0)
+		{
+			BlockMove(theSrcCStr,theDstCStr + theInsertionOffset,numCharsToInsert);
+		}
+		
+		theDstCStr[theInsertionOffset + numCharsToInsert + numCharsToShift] = 0;
+	}
+}
+
+
+
+void InsertPStrIntoCStr(const unsigned char *theSrcPStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength)
+{
+int		currentLength;
+int		insertLength;
+int		numCharsToInsert;
+int		numCharsToShift;
+
+	
+	if (theDstCStr != nil && theSrcPStr != nil && maxDstStrLength > 0 && theInsertionOffset < maxDstStrLength - 1)
+	{
+		currentLength = CStrLength(theDstCStr);
+		
+		insertLength = PStrLength(theSrcPStr);
+		
+
+		if (theInsertionOffset + insertLength < maxDstStrLength - 1)
+		{
+			numCharsToInsert = insertLength;
+		}
+		
+		else
+		{
+			numCharsToInsert = maxDstStrLength - 1 - theInsertionOffset;
+		}
+		
+
+		if (numCharsToInsert + currentLength < maxDstStrLength - 1)
+		{
+			numCharsToShift = currentLength - theInsertionOffset;
+		}
+		
+		else
+		{
+			numCharsToShift = maxDstStrLength - 1 - theInsertionOffset - numCharsToInsert;
+		}
+
+		
+		if (numCharsToShift > 0)
+		{
+			BlockMove(theDstCStr + theInsertionOffset,theDstCStr + theInsertionOffset + numCharsToInsert,numCharsToShift);
+		}
+		
+		if (numCharsToInsert > 0)
+		{
+			BlockMove(theSrcPStr + 1,theDstCStr + theInsertionOffset,numCharsToInsert);
+		}
+		
+		theDstCStr[theInsertionOffset + numCharsToInsert + numCharsToShift] = 0;
+	}
+}
+
+
+
+OSErr InsertCStrIntoHandle(const char *theCString,Handle theHandle,const long inInsertOffset)
+{
+OSErr	errCode;
+int		currentLength;
+int		insertLength;
+
+	
+	SetErrorMessageAndBailIfNil(theCString,"InsertCStrIntoHandle: Bad parameter, theCString == nil");
+
+	SetErrorMessageAndBailIfNil(theHandle,"InsertCStrIntoHandle: Bad parameter, theHandle == nil");
+	
+	currentLength = CStrLength(*theHandle);
+	
+	if (currentLength + 1 > ::GetHandleSize(theHandle))
+	{
+		SetErrorMessageAndBail("InsertCStrIntoHandle: Handle has been overflowed");
+	}
+	
+	if (inInsertOffset > currentLength)
+	{
+		SetErrorMessageAndBail("InsertCStrIntoHandle: Insertion offset is greater than string length");
+	}
+	
+	insertLength = CStrLength(theCString);
+	
+	::SetHandleSize(theHandle,currentLength + 1 + insertLength);
+	
+	if (::GetHandleSize(theHandle) < currentLength + 1 + insertLength)
+	{
+		SetErrorMessageAndLongIntAndBail("InsertCStrIntoHandle: Can't expand storage for Handle, MemError() = ",MemError());
+	}
+	
+	::BlockMove(*theHandle + inInsertOffset,*theHandle + inInsertOffset + insertLength,currentLength - inInsertOffset + 1);
+	
+	::BlockMove(theCString,*theHandle + inInsertOffset,insertLength);
+
+
+	errCode = noErr;
+	
+	
+EXITPOINT:
+
+	return(errCode);
+}
+
+
+
+
+void CopyCStrAndInsert1LongIntIntoCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength)
+{
+	CopyCStrAndInsertCStrLongIntIntoCStr(theSrcCStr,nil,theNum,theDstCStr,maxDstStrLength);
+}
+
+
+void CopyCStrAndInsert2LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,char *theDstCStr,const int maxDstStrLength)
+{
+const long	theLongInts[] = { long1,long2 };
+
+	CopyCStrAndInsertCStrsLongIntsIntoCStr(theSrcCStr,nil,theLongInts,theDstCStr,maxDstStrLength);
+}
+
+
+void CopyCStrAndInsert3LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,const long long3,char *theDstCStr,const int maxDstStrLength)
+{
+const long	theLongInts[] = { long1,long2,long3 };
+
+	CopyCStrAndInsertCStrsLongIntsIntoCStr(theSrcCStr,nil,theLongInts,theDstCStr,maxDstStrLength);
+}
+
+
+void CopyCStrAndInsertCStrIntoCStr(const char *theSrcCStr,const char *theInsertCStr,char *theDstCStr,const int maxDstStrLength)
+{
+const char	*theCStrs[2] = { theInsertCStr,nil };
+
+	CopyCStrAndInsertCStrsLongIntsIntoCStr(theSrcCStr,theCStrs,nil,theDstCStr,maxDstStrLength);
+}
+
+
+
+void CopyCStrAndInsertCStrLongIntIntoCStr(const char *theSrcCStr,const char *theInsertCStr,const long theNum,char *theDstCStr,const int maxDstStrLength)
+{
+const char	*theCStrs[2] = { theInsertCStr,nil };
+const long	theLongInts[1] = { theNum };
+
+	CopyCStrAndInsertCStrsLongIntsIntoCStr(theSrcCStr,theCStrs,theLongInts,theDstCStr,maxDstStrLength);
+}
+
+
+
+void CopyCStrAndInsertCStrsLongIntsIntoCStr(const char *theSrcCStr,const char **theInsertCStrs,const long *theLongInts,char *theDstCStr,const int maxDstStrLength)
+{
+int			dstCharIndex,srcCharIndex,theMaxDstStrLength;
+int			theCStrIndex = 0;
+int			theLongIntIndex = 0;
+
+	
+	theMaxDstStrLength = maxDstStrLength;
+	
+	if (theDstCStr != nil && theSrcCStr != nil && theMaxDstStrLength > 0)
+	{
+		dstCharIndex = 0;
+		
+		srcCharIndex = 0;
+		
+		
+		//	Allow room for NULL at end of string
+		
+		theMaxDstStrLength--;
+		
+		
+		for (;;)
+		{
+			//	Hit end of buffer?
+			
+			if (dstCharIndex >= theMaxDstStrLength)
+			{
+				theDstCStr[dstCharIndex++] = 0;
+				
+				goto EXITPOINT;
+			}
+			
+			//	End of source string?
+			
+			else if (theSrcCStr[srcCharIndex] == 0)
+			{
+				theDstCStr[dstCharIndex++] = 0;
+				
+				goto EXITPOINT;
+			}
+			
+			//	Did we find a '%s'?
+			
+			else if (theInsertCStrs != nil && theInsertCStrs[theCStrIndex] != nil && theSrcCStr[srcCharIndex] == '%' && theSrcCStr[srcCharIndex + 1] == 's')
+			{
+				//	Skip over the '%s'
+				
+				srcCharIndex += 2;
+				
+				
+				//	Terminate the dest string and then concat the string
+				
+				theDstCStr[dstCharIndex] = 0;
+				
+				ConcatCStrToCStr(theInsertCStrs[theCStrIndex],theDstCStr,theMaxDstStrLength);
+				
+				dstCharIndex = CStrLength(theDstCStr);
+				
+				theCStrIndex++;
+			}
+			
+			//	Did we find a '%ld'?
+			
+			else if (theLongInts != nil && theSrcCStr[srcCharIndex] == '%' && theSrcCStr[srcCharIndex + 1] == 'l' && theSrcCStr[srcCharIndex + 2] == 'd')
+			{
+				//	Skip over the '%ld'
+				
+				srcCharIndex += 3;
+				
+				
+				//	Terminate the dest string and then concat the number
+				
+				theDstCStr[dstCharIndex] = 0;
+				
+				ConcatLongIntToCStr(theLongInts[theLongIntIndex],theDstCStr,theMaxDstStrLength);
+				
+				theLongIntIndex++;
+				
+				dstCharIndex = CStrLength(theDstCStr);
+			}
+			
+			else
+			{
+				theDstCStr[dstCharIndex++] = theSrcCStr[srcCharIndex++];
+			}
+		}
+	}
+
+
+
+EXITPOINT:
+
+	return;
+}
+
+
+
+
+
+OSErr CopyCStrAndInsertCStrLongIntIntoHandle(const char *theSrcCStr,const char *theInsertCStr,const long theNum,Handle *theHandle)
+{
+OSErr	errCode;
+long	byteCount;
+
+	
+	if (theHandle != nil)
+	{
+		byteCount = CStrLength(theSrcCStr) + CStrLength(theInsertCStr) + 32;
+		
+		*theHandle = NewHandle(byteCount);
+		
+		if (*theHandle == nil)
+		{
+			SetErrorMessageAndLongIntAndBail("CopyCStrAndInsertCStrLongIntIntoHandle: Can't allocate Handle, MemError() = ",MemError());
+		}
+		
+		
+		HLock(*theHandle);
+		
+		CopyCStrAndInsertCStrLongIntIntoCStr(theSrcCStr,theInsertCStr,theNum,**theHandle,byteCount);
+		
+		HUnlock(*theHandle);
+	}
+	
+	errCode = noErr;
+	
+	
+EXITPOINT:
+
+	return(errCode);
+}
+
+
+
+
+
+OSErr CopyIndexedWordToCStr(char *theSrcCStr,int whichWord,char *theDstCStr,int maxDstCStrLength)
+{
+OSErr		errCode;
+char		*srcCharPtr,*dstCharPtr;
+int			wordCount;
+int			byteCount;
+
+
+	if (theSrcCStr == nil)
+	{
+		SetErrorMessageAndBail(("CopyIndexedWordToCStr: Bad parameter, theSrcCStr == nil"));
+	}
+	
+	if (theDstCStr == nil)
+	{
+		SetErrorMessageAndBail(("CopyIndexedWordToCStr: Bad parameter, theDstCStr == nil"));
+	}
+	
+	if (whichWord < 0)
+	{
+		SetErrorMessageAndBail(("CopyIndexedWordToCStr: Bad parameter, whichWord < 0"));
+	}
+	
+	if (maxDstCStrLength <= 0)
+	{
+		SetErrorMessageAndBail(("CopyIndexedWordToCStr: Bad parameter, maxDstCStrLength <= 0"));
+	}
+
+	
+	*theDstCStr = '\0';
+	
+	srcCharPtr = theSrcCStr;
+
+	while (*srcCharPtr == ' ' || *srcCharPtr == '\t')
+	{
+		srcCharPtr++;
+	}
+	
+
+	for (wordCount = 0;wordCount < whichWord;wordCount++)
+	{
+		while (*srcCharPtr != ' ' && *srcCharPtr != '\t' && *srcCharPtr != '\r' && *srcCharPtr != '\n' && *srcCharPtr != '\0')
+		{
+			srcCharPtr++;
+		}
+		
+		if (*srcCharPtr == '\r' || *srcCharPtr == '\n' || *srcCharPtr == '\0')
+		{
+			errCode = noErr;
+			
+			goto EXITPOINT;
+		}
+
+		while (*srcCharPtr == ' ' || *srcCharPtr == '\t')
+		{
+			srcCharPtr++;
+		}
+		
+		if (*srcCharPtr == '\r' || *srcCharPtr == '\n' || *srcCharPtr == '\0')
+		{
+			errCode = noErr;
+			
+			goto EXITPOINT;
+		}
+	}
+
+
+	dstCharPtr = theDstCStr;
+	byteCount = 0;
+	
+	
+	for(;;)
+	{
+		if (byteCount >= maxDstCStrLength - 1 || *srcCharPtr == '\0' || *srcCharPtr == ' ' || *srcCharPtr == '\t' || *srcCharPtr == '\r' || *srcCharPtr == '\n')
+		{
+			*dstCharPtr = '\0';
+			break;
+		}
+		
+		*dstCharPtr++ = *srcCharPtr++;
+		
+		byteCount++;
+	}
+
+
+	errCode = noErr;
+
+
+EXITPOINT:
+
+	return(errCode);
+}
+
+
+
+
+
+OSErr CopyIndexedWordToNewHandle(char *theSrcCStr,int whichWord,Handle *outTheHandle)
+{
+OSErr		errCode;
+char		*srcCharPtr;
+int			wordCount;
+int			byteCount;
+
+
+	if (theSrcCStr == nil)
+	{
+		SetErrorMessageAndBail(("CopyIndexedWordToNewHandle: Bad parameter, theSrcCStr == nil"));
+	}
+	
+	if (outTheHandle == nil)
+	{
+		SetErrorMessageAndBail(("CopyIndexedWordToNewHandle: Bad parameter, outTheHandle == nil"));
+	}
+	
+	if (whichWord < 0)
+	{
+		SetErrorMessageAndBail(("CopyIndexedWordToNewHandle: Bad parameter, whichWord < 0"));
+	}
+
+	
+	*outTheHandle = nil;
+	
+
+	srcCharPtr = theSrcCStr;
+
+	while (*srcCharPtr == ' ' || *srcCharPtr == '\t')
+	{
+		srcCharPtr++;
+	}
+	
+
+	for (wordCount = 0;wordCount < whichWord;wordCount++)
+	{
+		while (*srcCharPtr != ' ' && *srcCharPtr != '\t' && *srcCharPtr != '\r' && *srcCharPtr != '\n' && *srcCharPtr != '\0')
+		{
+			srcCharPtr++;
+		}
+		
+		if (*srcCharPtr == '\r' || *srcCharPtr == '\n' || *srcCharPtr == '\0')
+		{
+			break;
+		}
+
+		while (*srcCharPtr == ' ' || *srcCharPtr == '\t')
+		{
+			srcCharPtr++;
+		}
+		
+		if (*srcCharPtr == '\r' || *srcCharPtr == '\n' || *srcCharPtr == '\0')
+		{
+			break;
+		}
+	}
+
+
+	for (byteCount = 0;;byteCount++)
+	{
+		if (srcCharPtr[byteCount] == ' ' || srcCharPtr[byteCount] == '\t' || srcCharPtr[byteCount] == '\r' || srcCharPtr[byteCount] == '\n' || srcCharPtr[byteCount] == '\0')
+		{
+			break;
+		}
+	}
+
+	
+	*outTheHandle = NewHandle(byteCount + 1);
+	
+	if (*outTheHandle == nil)
+	{
+		SetErrorMessageAndLongIntAndBail("CopyIndexedWordToNewHandle: Can't allocate Handle, MemError() = ",MemError());
+	}
+	
+	
+	::BlockMove(srcCharPtr,**outTheHandle,byteCount);
+	
+	(**outTheHandle)[byteCount] = '\0';
+
+	errCode = noErr;
+
+
+EXITPOINT:
+
+	return(errCode);
+}
+
+
+
+OSErr CopyIndexedLineToCStr(const char *theSrcCStr,int inWhichLine,int *lineEndIndex,Boolean *gotLastLine,char *theDstCStr,const int maxDstCStrLength)
+{
+OSErr		errCode;
+int			theCurrentLine;
+int			theCurrentLineOffset;
+int			theEOSOffset;
+
+
+	if (theSrcCStr == nil)
+	{
+		SetErrorMessageAndBail(("CopyIndexedLineToCStr: Bad parameter, theSrcCStr == nil"));
+	}
+	
+	if (theDstCStr == nil)
+	{
+		SetErrorMessageAndBail(("CopyIndexedLineToCStr: Bad parameter, theDstCStr == nil"));
+	}
+	
+	if (inWhichLine < 0)
+	{
+		SetErrorMessageAndBail(("CopyIndexedLineToCStr: Bad parameter, inWhichLine < 0"));
+	}
+	
+	if (maxDstCStrLength <= 0)
+	{
+		SetErrorMessageAndBail(("CopyIndexedLineToCStr: Bad parameter, maxDstCStrLength <= 0"));
+	}
+	
+	
+	if (gotLastLine != nil)
+	{
+		*gotLastLine = false;
+	}
+
+	
+	*theDstCStr = 0;
+	
+	theCurrentLineOffset = 0;
+	
+	theCurrentLine = 0;
+	
+	
+	while (theCurrentLine < inWhichLine)
+	{
+		while (theSrcCStr[theCurrentLineOffset] != '\r' && theSrcCStr[theCurrentLineOffset] != 0)
+		{
+			theCurrentLineOffset++;
+		}
+		
+		if (theSrcCStr[theCurrentLineOffset] == 0)
+		{
+			break;
+		}
+		
+		theCurrentLineOffset++;
+		theCurrentLine++;
+	}
+		
+	if (theSrcCStr[theCurrentLineOffset] == 0)
+	{
+		SetErrorMessageAndLongIntAndBail("CopyIndexedLineToCStr: Too few lines in source text, can't get line ",inWhichLine);
+	}
+
+
+	theEOSOffset = FindCharOffsetInCStr('\r',theSrcCStr + theCurrentLineOffset);
+	
+	if (theEOSOffset >= 0)
+	{
+		CopyCSubstrToCStr(theSrcCStr + theCurrentLineOffset,theEOSOffset,theDstCStr,maxDstCStrLength);
+		
+		if (gotLastLine != nil)
+		{
+			*gotLastLine = false;
+		}
+	
+		if (lineEndIndex != nil)
+		{
+			*lineEndIndex = theEOSOffset;
+		}
+	}
+	
+	else
+	{
+		theEOSOffset = CStrLength(theSrcCStr + theCurrentLineOffset);
+
+		CopyCSubstrToCStr(theSrcCStr + theCurrentLineOffset,theEOSOffset,theDstCStr,maxDstCStrLength);
+		
+		if (gotLastLine != nil)
+		{
+			*gotLastLine = true;
+		}
+	
+		if (lineEndIndex != nil)
+		{
+			*lineEndIndex = theEOSOffset;
+		}
+	}
+	
+
+	errCode = noErr;
+
+
+EXITPOINT:
+
+	return(errCode);
+}
+
+
+
+OSErr CopyIndexedLineToNewHandle(const char *theSrcCStr,int inWhichLine,Handle *outNewHandle)
+{
+OSErr		errCode;
+int			theCurrentLine;
+int			theCurrentLineOffset;
+int			byteCount;
+
+
+	SetErrorMessageAndBailIfNil(theSrcCStr,"CopyIndexedLineToNewHandle: Bad parameter, theSrcCStr == nil");
+	SetErrorMessageAndBailIfNil(outNewHandle,"CopyIndexedLineToNewHandle: Bad parameter, outNewHandle == nil");
+	
+	if (inWhichLine < 0)
+	{
+		SetErrorMessageAndBail(("CopyIndexedLineToNewHandle: Bad parameter, inWhichLine < 0"));
+	}
+	
+
+	theCurrentLineOffset = 0;
+	
+	theCurrentLine = 0;
+	
+	
+	while (theCurrentLine < inWhichLine)
+	{
+		while (theSrcCStr[theCurrentLineOffset] != '\r' && theSrcCStr[theCurrentLineOffset] != '\0')
+		{
+			theCurrentLineOffset++;
+		}
+		
+		if (theSrcCStr[theCurrentLineOffset] == '\0')
+		{
+			break;
+		}
+		
+		theCurrentLineOffset++;
+		theCurrentLine++;
+	}
+		
+	if (theSrcCStr[theCurrentLineOffset] == '\0')
+	{
+		SetErrorMessageAndLongIntAndBail("CopyIndexedLineToNewHandle: Too few lines in source text, can't get line #",inWhichLine);
+	}
+
+	
+	byteCount = 0;
+	
+	while (theSrcCStr[theCurrentLineOffset + byteCount] != '\r' && theSrcCStr[theCurrentLineOffset + byteCount] != '\0')
+	{
+		byteCount++;
+	}
+		
+	
+	*outNewHandle = NewHandle(byteCount + 1);
+	
+	if (*outNewHandle == nil)
+	{
+		SetErrorMessageAndLongIntAndBail("CopyIndexedLineToNewHandle: Can't allocate Handle, MemError() = ",MemError());
+	}
+	
+	::BlockMove(theSrcCStr + theCurrentLineOffset,**outNewHandle,byteCount);
+	
+	(**outNewHandle)[byteCount] = '\0';
+
+	errCode = noErr;
+
+
+EXITPOINT:
+
+	return(errCode);
+}
+
+
+
+
+OSErr CountDigits(const char *inCStr,int *outNumIntegerDigits,int *outNumFractDigits)
+{
+OSErr	errCode = noErr;
+int		numIntDigits = 0;
+int		numFractDigits = 0;
+int 	digitIndex = 0;
+
+	
+	SetErrorMessageAndBailIfNil(inCStr,"CountDigits: Bad parameter, theSrcCStr == nil");
+	SetErrorMessageAndBailIfNil(outNumIntegerDigits,"CountDigits: Bad parameter, outNumIntegerDigits == nil");
+	SetErrorMessageAndBailIfNil(outNumFractDigits,"CountDigits: Bad parameter, outNumFractDigits == nil");
+	
+	digitIndex = 0;
+	
+	while (inCStr[digitIndex] >= '0' && inCStr[digitIndex] <= '9')
+	{
+		digitIndex++;
+		numIntDigits++;
+	}
+	
+	if (inCStr[digitIndex] == '.')
+	{
+		digitIndex++;
+		
+		while (inCStr[digitIndex] >= '0' && inCStr[digitIndex] <= '9')
+		{
+			digitIndex++;
+			numFractDigits++;
+		}
+	}
+	
+	*outNumIntegerDigits = numIntDigits;
+	
+	*outNumFractDigits = numFractDigits;
+	
+	errCode = noErr;
+	
+EXITPOINT:
+
+	return(errCode);
+}
+
+
+
+OSErr ExtractIntFromCStr(const char *theSrcCStr,int *outInt,Boolean skipLeadingSpaces)
+{
+OSErr		errCode;
+int			theCharIndex;
+
+
+	if (theSrcCStr == nil)
+	{
+		SetErrorMessageAndBail(("ExtractIntFromCStr: Bad parameter, theSrcCStr == nil"));
+	}
+	
+	if (outInt == nil)
+	{
+		SetErrorMessageAndBail(("ExtractIntFromCStr: Bad parameter, outInt == nil"));
+	}	
+
+	
+	*outInt = 0;
+	
+	theCharIndex = 0;
+	
+	if (skipLeadingSpaces == true)
+	{
+		while (theSrcCStr[theCharIndex] == ' ')
+		{
+			theCharIndex++;
+		}
+	}
+	
+	if (theSrcCStr[theCharIndex] < '0' || theSrcCStr[theCharIndex] > '9')
+	{
+		SetErrorMessageAndBail(("ExtractIntFromCStr: Bad parameter, theSrcCStr contains a bogus numeric representation"));
+	}
+
+
+	while (theSrcCStr[theCharIndex] >= '0' && theSrcCStr[theCharIndex] <= '9')
+	{
+		*outInt = (*outInt * 10) + (theSrcCStr[theCharIndex] - '0');
+		
+		theCharIndex++;
+	}
+	
+
+	errCode = noErr;
+
+
+EXITPOINT:
+
+	return(errCode);
+}
+
+
+
+OSErr ExtractIntFromPStr(const unsigned char *theSrcPStr,int *outInt,Boolean skipLeadingSpaces)
+{
+OSErr		errCode;
+char		theCStr[256];
+
+
+	if (theSrcPStr == nil)
+	{
+		SetErrorMessageAndBail(("ExtractIntFromPStr: Bad parameter, theSrcPStr == nil"));
+	}
+	
+	if (outInt == nil)
+	{
+		SetErrorMessageAndBail(("ExtractIntFromPStr: Bad parameter, outInt == nil"));
+	}
+	
+	
+	CopyPStrToCStr(theSrcPStr,theCStr,sizeof(theCStr));
+	
+	
+	errCode = ExtractIntFromCStr(theCStr,outInt,skipLeadingSpaces);
+
+
+EXITPOINT:
+
+	return(errCode);
+}
+
+
+
+int CountOccurencesOfCharInCStr(const char inChar,const char *inSrcCStr)
+{
+int		theSrcCharIndex;
+int		numOccurrences = -1;
+
+
+	if (inSrcCStr != nil && inChar != '\0')
+	{
+		numOccurrences = 0;
+		
+		for (theSrcCharIndex = 0;inSrcCStr[theSrcCharIndex] != '\0';theSrcCharIndex++)
+		{
+			if (inSrcCStr[theSrcCharIndex] == inChar)
+			{
+				numOccurrences++;
+			}
+		}
+	}
+	
+	return(numOccurrences);
+}
+
+
+int CountWordsInCStr(const char *inSrcCStr)
+{
+int		numWords = -1;
+
+
+	if (inSrcCStr != nil)
+	{
+		numWords = 0;
+		
+		//	Skip lead spaces
+		
+		while (*inSrcCStr == ' ')
+		{
+			inSrcCStr++;
+		}
+
+		while (*inSrcCStr != '\0')
+		{
+			numWords++;
+
+			while (*inSrcCStr != ' ' && *inSrcCStr != '\0')
+			{
+				inSrcCStr++;
+			}
+			
+			while (*inSrcCStr == ' ')
+			{
+				inSrcCStr++;
+			}
+		}
+	}
+	
+	return(numWords);
+}
+
+
+
+
+void ConvertCStrToUpperCase(char *theSrcCStr)
+{
+char		*theCharPtr;
+
+
+	if (theSrcCStr != nil)
+	{
+		theCharPtr = theSrcCStr;
+		
+		while (*theCharPtr != 0)
+		{
+			if (*theCharPtr >= 'a' && *theCharPtr <= 'z')
+			{
+				*theCharPtr = *theCharPtr - 'a' + 'A';
+			}
+			
+			theCharPtr++;
+		}
+	}
+}
+
+
+
+
+
+
+
+void ExtractCStrItemFromCStr(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,char *outDstCharPtr,const int inDstCharPtrMaxLength,const Boolean inTreatMultipleDelimsAsSingleDelim)
+{
+int		theItem;
+int		theSrcCharIndex;
+int		theDstCharIndex;
+
+
+	if (foundItem != nil)
+	{
+		*foundItem = false;
+	}
+	
+	
+	if (outDstCharPtr != nil && inDstCharPtrMaxLength > 0 && inItemNumber >= 0 && inItemDelimiter != 0)
+	{
+		*outDstCharPtr = 0;
+		
+
+		theSrcCharIndex = 0;
+		
+		for (theItem = 0;theItem < inItemNumber;theItem++)
+		{
+			while (inSrcCStr[theSrcCharIndex] != inItemDelimiter && inSrcCStr[theSrcCharIndex] != '\0')
+			{
+				theSrcCharIndex++;
+			}
+			
+			if (inSrcCStr[theSrcCharIndex] == inItemDelimiter)
+			{
+				theSrcCharIndex++;
+				
+				if (inTreatMultipleDelimsAsSingleDelim)
+				{
+					while (inSrcCStr[theSrcCharIndex] == inItemDelimiter)
+					{
+						theSrcCharIndex++;
+					}
+				}
+			}
+			
+			
+			if (inSrcCStr[theSrcCharIndex] == '\0')
+			{
+				goto EXITPOINT;
+			}
+		}
+		
+
+		if (foundItem != nil)
+		{
+			*foundItem = true;
+		}
+		
+		
+		theDstCharIndex = 0;
+		
+		for (;;)
+		{
+			if (inSrcCStr[theSrcCharIndex] == 0 || inSrcCStr[theSrcCharIndex] == inItemDelimiter || theDstCharIndex >= inDstCharPtrMaxLength - 1)
+			{
+				outDstCharPtr[theDstCharIndex] = 0;
+				
+				break;
+			}
+			
+			outDstCharPtr[theDstCharIndex++] = inSrcCStr[theSrcCharIndex++];
+		}
+	}
+	
+	
+EXITPOINT:
+
+	return;
+}
+
+
+
+OSErr ExtractCStrItemFromCStrIntoNewHandle(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,Handle *outNewHandle,const Boolean inTreatMultipleDelimsAsSingleDelim)
+{
+OSErr	errCode;
+int		theItem;
+int		theSrcCharIndex;
+int		theItemLength;
+
+
+	if (inSrcCStr == nil)
+	{
+		SetErrorMessage("ExtractCStrItemFromCStrIntoNewHandle: Bad parameter, inSrcCStr == nil");
+		errCode = kGenericError;
+		goto EXITPOINT;
+	}
+	
+	if (outNewHandle == nil)
+	{
+		SetErrorMessage("ExtractCStrItemFromCStrIntoNewHandle: Bad parameter, outNewHandle == nil");
+		errCode = kGenericError;
+		goto EXITPOINT;
+	}
+	
+	if (foundItem == nil)
+	{
+		SetErrorMessage("ExtractCStrItemFromCStrIntoNewHandle: Bad parameter, foundItem == nil");
+		errCode = kGenericError;
+		goto EXITPOINT;
+	}
+	
+	if (inItemNumber < 0)
+	{
+		SetErrorMessage("ExtractCStrItemFromCStrIntoNewHandle: Bad parameter, inItemNumber < 0");
+		errCode = kGenericError;
+		goto EXITPOINT;
+	}
+	
+	if (inItemDelimiter == 0)
+	{
+		SetErrorMessage("ExtractCStrItemFromCStrIntoNewHandle: Bad parameter, inItemDelimiter == 0");
+		errCode = kGenericError;
+		goto EXITPOINT;
+	}
+
+
+	*foundItem = false;
+	
+	theSrcCharIndex = 0;
+	
+	for (theItem = 0;theItem < inItemNumber;theItem++)
+	{
+		while (inSrcCStr[theSrcCharIndex] != inItemDelimiter && inSrcCStr[theSrcCharIndex] != '\0')
+		{
+			theSrcCharIndex++;
+		}
+		
+		if (inSrcCStr[theSrcCharIndex] == inItemDelimiter)
+		{
+			theSrcCharIndex++;
+			
+			if (inTreatMultipleDelimsAsSingleDelim)
+			{
+				while (inSrcCStr[theSrcCharIndex] == inItemDelimiter)
+				{
+					theSrcCharIndex++;
+				}
+			}
+		}
+		
+		
+		if (inSrcCStr[theSrcCharIndex] == '\0')
+		{
+			errCode = noErr;
+			
+			goto EXITPOINT;
+		}
+	}
+	
+
+	*foundItem = true;
+	
+	
+	for (theItemLength = 0;;theItemLength++)
+	{
+		if (inSrcCStr[theSrcCharIndex + theItemLength] == 0 || inSrcCStr[theSrcCharIndex + theItemLength] == inItemDelimiter)
+		{
+			break;
+		}
+	}
+	
+
+	*outNewHandle = NewHandle(theItemLength + 1);
+	
+	if (*outNewHandle == nil)
+	{
+		SetErrorMessageAndLongIntAndBail("ExtractCStrItemFromCStrIntoNewHandle: Can't allocate Handle, MemError() = ",MemError());
+	}
+	
+	
+	BlockMove(inSrcCStr + theSrcCharIndex,**outNewHandle,theItemLength);
+	
+	(**outNewHandle)[theItemLength] = 0;
+	
+	errCode = noErr;
+	
+	
+EXITPOINT:
+
+	return(errCode);
+}
+
+
+
+
+
+
+OSErr ExtractFloatFromCStr(const char *inCString,extended80 *outFloat)
+{
+OSErr				errCode;
+Str255				theStr255;
+Handle				theNumberPartsTableHandle = nil;
+long				theNumberPartsOffset,theNumberPartsLength;
+FormatResultType	theFormatResultType;
+NumberParts			theNumberPartsTable;
+NumFormatStringRec	theNumFormatStringRec;
+
+
+	if (inCString == nil)
+	{
+		SetErrorMessage("ExtractFloatFromCStr: Bad parameter, inCString == nil");
+		errCode = kGenericError;
+		goto EXITPOINT;
+	}
+
+	if (outFloat == nil)
+	{
+		SetErrorMessage("ExtractFloatFromCStr: Bad parameter, outFloat == nil");
+		errCode = kGenericError;
+		goto EXITPOINT;
+	}
+	
+	
+//	GetIntlResourceTable(smRoman,smNumberPartsTable,&theNumberPartsTableHandle,&theNumberPartsOffset,&theNumberPartsLength);
+
+	GetIntlResourceTable(GetScriptManagerVariable(smSysScript),smNumberPartsTable,&theNumberPartsTableHandle,&theNumberPartsOffset,&theNumberPartsLength);	
+	
+	if (theNumberPartsTableHandle == nil)
+	{
+		SetErrorMessage("ExtractFloatFromCStr: Can't get number parts table for converting string representations to/from numeric representations");
+		errCode = kGenericError;
+		goto EXITPOINT;
+	}
+	
+	if (theNumberPartsLength > sizeof(theNumberPartsTable))
+	{
+		SetErrorMessage("ExtractFloatFromCStr: Number parts table has bad length");
+		errCode = kGenericError;
+		goto EXITPOINT;
+	}
+	
+
+	BlockMove(*theNumberPartsTableHandle + theNumberPartsOffset,&theNumberPartsTable,theNumberPartsLength);
+	
+	
+	theFormatResultType = (FormatResultType) StringToFormatRec(kNumberFormatString,&theNumberPartsTable,&theNumFormatStringRec);
+	
+	if (theFormatResultType != fFormatOK)
+	{
+		SetErrorMessage("ExtractFloatFromCStr: StringToFormatRec() != fFormatOK");
+		errCode = kGenericError;
+		goto EXITPOINT;
+	}
+
+	
+	CopyCStrToPStr(inCString,theStr255,sizeof(theStr255));
+
+
+	theFormatResultType = (FormatResultType) StringToExtended(theStr255,&theNumFormatStringRec,&theNumberPartsTable,outFloat);
+	
+	if (theFormatResultType != fFormatOK && theFormatResultType != fBestGuess)
+	{
+		SetErrorMessageAndLongIntAndBail("ExtractFloatFromCStr: StringToExtended() = ",theFormatResultType);
+	}
+
+	
+	errCode = noErr;
+	
+
+EXITPOINT:
+	
+	return(errCode);
+}
+
+
+
+OSErr CopyFloatToCStr(const extended80 *theFloat,char *theCStr,const int maxCStrLength,const int inMaxNumIntDigits,const int inMaxNumFractDigits)
+{
+OSErr				errCode;
+Str255				theStr255;
+Handle				theNumberPartsTableHandle = nil;
+long				theNumberPartsOffset,theNumberPartsLength;
+FormatResultType	theFormatResultType;
+NumberParts			theNumberPartsTable;
+NumFormatStringRec	theNumFormatStringRec;
+
+
+	if (theCStr == nil)
+	{
+		SetErrorMessage("CopyFloatToCStr: Bad parameter, theCStr == nil");
+		errCode = kGenericError;
+		goto EXITPOINT;
+	}
+
+	if (theFloat == nil)
+	{
+		SetErrorMessage("CopyFloatToCStr: Bad parameter, theFloat == nil");
+		errCode = kGenericError;
+		goto EXITPOINT;
+	}
+	
+
+//	GetIntlResourceTable(smRoman,smNumberPartsTable,&theNumberPartsTableHandle,&theNumberPartsOffset,&theNumberPartsLength);
+
+	GetIntlResourceTable(GetScriptManagerVariable(smSysScript),smNumberPartsTable,&theNumberPartsTableHandle,&theNumberPartsOffset,&theNumberPartsLength);	
+	
+	if (theNumberPartsTableHandle == nil)
+	{
+		SetErrorMessage("CopyFloatToCStr: Can't get number parts table for converting string representations to/from numeric representations");
+		errCode = kGenericError;
+		goto EXITPOINT;
+	}
+	
+	if (theNumberPartsLength > sizeof(theNumberPartsTable))
+	{
+		SetErrorMessage("CopyFloatToCStr: Number parts table has bad length");
+		errCode = kGenericError;
+		goto EXITPOINT;
+	}
+	
+	
+	BlockMove(*theNumberPartsTableHandle + theNumberPartsOffset,&theNumberPartsTable,theNumberPartsLength);
+	
+	
+	if (inMaxNumIntDigits >= 0 || inMaxNumFractDigits >= 0)
+	{
+	char	numberFormat[64];
+	int		numberFormatLength = 0;
+	
+		for (int i = 0;i < inMaxNumIntDigits && numberFormatLength < sizeof(numberFormat) - 1;i++)
+		{
+			numberFormat[numberFormatLength++] = '0';
+		}
+		
+		if (inMaxNumFractDigits > 0 && numberFormatLength < sizeof(numberFormat) - 1)
+		{
+			numberFormat[numberFormatLength++] = '.';
+			
+			for (int i = 0;i < inMaxNumFractDigits && numberFormatLength < sizeof(numberFormat) - 1;i++)
+			{
+				numberFormat[numberFormatLength++] = '0';
+			}
+		}
+
+		
+		if (numberFormatLength < sizeof(numberFormat) - 1)
+		{
+			numberFormat[numberFormatLength++] = ';';
+		}
+		
+		if (numberFormatLength < sizeof(numberFormat) - 1)
+		{
+			numberFormat[numberFormatLength++] = '-';
+		}
+		
+
+		for (int i = 0;i < inMaxNumIntDigits && numberFormatLength < sizeof(numberFormat) - 1;i++)
+		{
+			numberFormat[numberFormatLength++] = '0';
+		}
+		
+		if (inMaxNumFractDigits > 0 && numberFormatLength < sizeof(numberFormat) - 1)
+		{
+			numberFormat[numberFormatLength++] = '.';
+			
+			for (int i = 0;i < inMaxNumFractDigits && numberFormatLength < sizeof(numberFormat) - 1;i++)
+			{
+				numberFormat[numberFormatLength++] = '0';
+			}
+		}
+		
+		numberFormat[numberFormatLength] = '\0';
+
+
+	Str255	tempStr255;
+	
+		CopyCStrToPStr(numberFormat,tempStr255,sizeof(tempStr255));
+		
+		theFormatResultType = (FormatResultType) StringToFormatRec(tempStr255,&theNumberPartsTable,&theNumFormatStringRec);
+	}
+	
+	else
+	{
+		theFormatResultType = (FormatResultType) StringToFormatRec(kNumberFormatString,&theNumberPartsTable,&theNumFormatStringRec);
+	}
+	
+	if (theFormatResultType != fFormatOK)
+	{
+		SetErrorMessage("CopyFloatToCStr: StringToFormatRec() != fFormatOK");
+		errCode = kGenericError;
+		goto EXITPOINT;
+	}
+
+
+	theFormatResultType = (FormatResultType) ExtendedToString(theFloat,&theNumFormatStringRec,&theNumberPartsTable,theStr255);
+	
+	if (theFormatResultType != fFormatOK)
+	{
+		SetErrorMessage("CopyFloatToCStr: ExtendedToString() != fFormatOK");
+		errCode = kGenericError;
+		goto EXITPOINT;
+	}
+
+	
+	CopyPStrToCStr(theStr255,theCStr,maxCStrLength);
+	
+	errCode = noErr;
+	
+
+EXITPOINT:
+	
+	return(errCode);
+}
+
+
+
+
+
+void SkipWhiteSpace(char **ioSrcCharPtr,const Boolean inStopAtEOL)
+{
+	if (ioSrcCharPtr != nil && *ioSrcCharPtr != nil)
+	{
+		if (inStopAtEOL)
+		{
+			while ((**ioSrcCharPtr == ' ' || **ioSrcCharPtr == '\t') && **ioSrcCharPtr != '\r' && **ioSrcCharPtr != '\n')
+			{
+				*ioSrcCharPtr++;
+			}
+		}
+		
+		else
+		{
+			while (**ioSrcCharPtr == ' ' || **ioSrcCharPtr == '\t')
+			{
+				*ioSrcCharPtr++;
+			}
+		}
+	}
+}
\ No newline at end of file
diff --git a/MacOS/GetHTTPS.src/CPStringUtils.hpp b/MacOS/GetHTTPS.src/CPStringUtils.hpp
new file mode 100644
index 0000000000..5045c41019
--- /dev/null
+++ b/MacOS/GetHTTPS.src/CPStringUtils.hpp
@@ -0,0 +1,104 @@
+#pragma once
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void CopyPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength);
+void CopyPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength);
+void CopyCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxDstStrLength);
+void CopyCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength);
+void ConcatPStrToCStr(const unsigned char *thePStr,char *theCStr,const int maxCStrLength);
+void ConcatPStrToPStr(const unsigned char *theSrcPStr,unsigned char *theDstPStr,const int maxDstStrLength);
+void ConcatCStrToPStr(const char *theSrcCStr,unsigned char *theDstPStr,const int maxDstStrLength);
+void ConcatCStrToCStr(const char *theSrcCStr,char *theDstCStr,const int maxCStrLength);
+
+void ConcatCharToCStr(const char theChar,char *theDstCStr,const int maxCStrLength);
+void ConcatCharToPStr(const char theChar,unsigned char *theDstPStr,const int maxPStrLength);
+
+int ComparePStrs(const unsigned char *theFirstPStr,const unsigned char *theSecondPStr,const Boolean ignoreCase = true);
+int CompareCStrs(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase = true);
+int CompareCStrToPStr(const char *theCStr,const unsigned char *thePStr,const Boolean ignoreCase = true);
+
+Boolean CStrsAreEqual(const char *theFirstCStr,const char *theSecondCStr,const Boolean ignoreCase = true);
+Boolean PStrsAreEqual(const unsigned char *theFirstCStr,const unsigned char *theSecondCStr,const Boolean ignoreCase = true);
+
+void CopyLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits = -1);
+void CopyUnsignedLongIntToCStr(const unsigned long theNum,char *theCStr,const int maxCStrLength);
+void ConcatLongIntToCStr(const long theNum,char *theCStr,const int maxCStrLength,const int numDigits = -1);
+void CopyCStrAndConcatLongIntToCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
+
+void CopyLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits = -1);
+void ConcatLongIntToPStr(const long theNum,unsigned char *thePStr,const int maxPStrLength,const int numDigits = -1);
+
+long CStrLength(const char *theCString);
+long PStrLength(const unsigned char *thePString);
+
+OSErr CopyCStrToExistingHandle(const char *theCString,Handle theHandle);
+OSErr CopyLongIntToExistingHandle(const long inTheLongInt,Handle theHandle);
+
+OSErr CopyCStrToNewHandle(const char *theCString,Handle *theHandle);
+OSErr CopyPStrToNewHandle(const unsigned char *thePString,Handle *theHandle);
+OSErr CopyLongIntToNewHandle(const long inTheLongInt,Handle *theHandle);
+
+OSErr AppendCStrToHandle(const char *theCString,Handle theHandle,long *currentLength = nil,long *maxLength = nil);
+OSErr AppendCharsToHandle(const char *theChars,const int numChars,Handle theHandle,long *currentLength = nil,long *maxLength = nil);
+OSErr AppendPStrToHandle(const unsigned char *thePString,Handle theHandle,long *currentLength = nil);
+OSErr AppendLongIntToHandle(const long inTheLongInt,Handle theHandle,long *currentLength = nil);
+
+void ZeroMem(void *theMemPtr,const unsigned long numBytes);
+
+char *FindCharInCStr(const char theChar,const char *theCString);
+long FindCharOffsetInCStr(const char theChar,const char *theCString,const Boolean inIgnoreCase = false);
+long FindCStrOffsetInCStr(const char *theCSubstring,const char *theCString,const Boolean inIgnoreCase = false);
+
+void CopyCSubstrToCStr(const char *theSrcCStr,const int maxCharsToCopy,char *theDstCStr,const int maxDstStrLength);
+void CopyCSubstrToPStr(const char *theSrcCStr,const int maxCharsToCopy,unsigned char *theDstPStr,const int maxDstStrLength);
+
+void InsertCStrIntoCStr(const char *theSrcCStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength);
+void InsertPStrIntoCStr(const unsigned char *theSrcPStr,const int theInsertionOffset,char *theDstCStr,const int maxDstStrLength);
+OSErr InsertCStrIntoHandle(const char *theCString,Handle theHandle,const long inInsertOffset);
+
+void CopyCStrAndInsertCStrIntoCStr(const char *theSrcCStr,const char *theInsertCStr,char *theDstCStr,const int maxDstStrLength);
+
+void CopyCStrAndInsertCStrsLongIntsIntoCStr(const char *theSrcCStr,const char **theInsertCStrs,const long *theLongInts,char *theDstCStr,const int maxDstStrLength);
+
+void CopyCStrAndInsert1LongIntIntoCStr(const char *theSrcCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
+void CopyCStrAndInsert2LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,char *theDstCStr,const int maxDstStrLength);
+void CopyCStrAndInsert3LongIntsIntoCStr(const char *theSrcCStr,const long long1,const long long2,const long long3,char *theDstCStr,const int maxDstStrLength);
+
+void CopyCStrAndInsertCStrLongIntIntoCStr(const char *theSrcCStr,const char *theInsertCStr,const long theNum,char *theDstCStr,const int maxDstStrLength);
+OSErr CopyCStrAndInsertCStrLongIntIntoHandle(const char *theSrcCStr,const char *theInsertCStr,const long theNum,Handle *theHandle);
+
+
+OSErr CopyIndexedWordToCStr(char *theSrcCStr,int whichWord,char *theDstCStr,int maxDstCStrLength);
+OSErr CopyIndexedWordToNewHandle(char *theSrcCStr,int whichWord,Handle *outTheHandle);
+
+OSErr CopyIndexedLineToCStr(const char *theSrcCStr,int inWhichLine,int *lineEndIndex,Boolean *gotLastLine,char *theDstCStr,const int maxDstCStrLength);
+OSErr CopyIndexedLineToNewHandle(const char *theSrcCStr,int inWhichLine,Handle *outNewHandle);
+
+OSErr ExtractIntFromCStr(const char *theSrcCStr,int *outInt,Boolean skipLeadingSpaces = true);
+OSErr ExtractIntFromPStr(const unsigned char *theSrcPStr,int *outInt,Boolean skipLeadingSpaces = true);
+
+
+void ConvertCStrToUpperCase(char *theSrcCStr);
+
+
+int CountOccurencesOfCharInCStr(const char inChar,const char *inSrcCStr);
+int CountWordsInCStr(const char *inSrcCStr);
+
+OSErr CountDigits(const char *inCStr,int *outNumIntegerDigits,int *outNumFractDigits);
+
+void ExtractCStrItemFromCStr(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,char *outDstCharPtr,const int inDstCharPtrMaxLength,const Boolean inTreatMultipleDelimsAsSingleDelim = false);
+OSErr ExtractCStrItemFromCStrIntoNewHandle(const char *inSrcCStr,const char inItemDelimiter,const int inItemNumber,Boolean *foundItem,Handle *outNewHandle,const Boolean inTreatMultipleDelimsAsSingleDelim = false);
+
+
+OSErr ExtractFloatFromCStr(const char *inCString,extended80 *outFloat);
+OSErr CopyFloatToCStr(const extended80 *theFloat,char *theCStr,const int maxCStrLength,const int inMaxNumIntDigits = -1,const int inMaxNumFractDigits = -1);
+
+void SkipWhiteSpace(char **ioSrcCharPtr,const Boolean inStopAtEOL = false);
+
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/MacOS/GetHTTPS.src/ErrorHandling.cpp b/MacOS/GetHTTPS.src/ErrorHandling.cpp
new file mode 100644
index 0000000000..07a32de59e
--- /dev/null
+++ b/MacOS/GetHTTPS.src/ErrorHandling.cpp
@@ -0,0 +1,170 @@
+/* ====================================================================
+ * Copyright (c) 1998-1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+ 
+ 
+ 
+ #include "ErrorHandling.hpp"
+#include "CPStringUtils.hpp"
+
+#ifdef __EXCEPTIONS_ENABLED__
+	#include "CMyException.hpp"
+#endif
+
+
+static char					gErrorMessageBuffer[512];
+
+char 						*gErrorMessage = gErrorMessageBuffer;
+int							gErrorMessageMaxLength = sizeof(gErrorMessageBuffer);
+
+
+
+void SetErrorMessage(const char *theErrorMessage)
+{
+	if (theErrorMessage != nil)
+	{
+		CopyCStrToCStr(theErrorMessage,gErrorMessage,gErrorMessageMaxLength);
+	}
+}
+
+
+void SetErrorMessageAndAppendLongInt(const char *theErrorMessage,const long theLongInt)
+{
+	if (theErrorMessage != nil)
+	{
+		CopyCStrAndConcatLongIntToCStr(theErrorMessage,theLongInt,gErrorMessage,gErrorMessageMaxLength);
+	}
+}
+
+void SetErrorMessageAndCStrAndLongInt(const char *theErrorMessage,const char * theCStr,const long theLongInt)
+{
+	if (theErrorMessage != nil)
+	{
+		CopyCStrAndInsertCStrLongIntIntoCStr(theErrorMessage,theCStr,theLongInt,gErrorMessage,gErrorMessageMaxLength);
+	}
+
+}
+
+void SetErrorMessageAndCStr(const char *theErrorMessage,const char * theCStr)
+{
+	if (theErrorMessage != nil)
+	{
+		CopyCStrAndInsertCStrLongIntIntoCStr(theErrorMessage,theCStr,-1,gErrorMessage,gErrorMessageMaxLength);
+	}
+}
+
+
+void AppendCStrToErrorMessage(const char *theErrorMessage)
+{
+	if (theErrorMessage != nil)
+	{
+		ConcatCStrToCStr(theErrorMessage,gErrorMessage,gErrorMessageMaxLength);
+	}
+}
+
+
+void AppendLongIntToErrorMessage(const long theLongInt)
+{
+	ConcatLongIntToCStr(theLongInt,gErrorMessage,gErrorMessageMaxLength);
+}
+
+
+
+char *GetErrorMessage(void)
+{
+	return gErrorMessage;
+}
+
+
+OSErr GetErrorMessageInNewHandle(Handle *inoutHandle)
+{
+OSErr		errCode;
+
+
+	errCode = CopyCStrToNewHandle(gErrorMessage,inoutHandle);
+	
+	return(errCode);
+}
+
+
+OSErr GetErrorMessageInExistingHandle(Handle inoutHandle)
+{
+OSErr		errCode;
+
+
+	errCode = CopyCStrToExistingHandle(gErrorMessage,inoutHandle);
+	
+	return(errCode);
+}
+
+
+
+OSErr AppendErrorMessageToHandle(Handle inoutHandle)
+{
+OSErr		errCode;
+
+
+	errCode = AppendCStrToHandle(gErrorMessage,inoutHandle,nil);
+	
+	return(errCode);
+}
+
+
+#ifdef __EXCEPTIONS_ENABLED__
+
+void ThrowErrorMessageException(void)
+{
+	ThrowDescriptiveException(gErrorMessage);
+}
+
+#endif
\ No newline at end of file
diff --git a/MacOS/GetHTTPS.src/ErrorHandling.hpp b/MacOS/GetHTTPS.src/ErrorHandling.hpp
new file mode 100644
index 0000000000..3036df7ee0
--- /dev/null
+++ b/MacOS/GetHTTPS.src/ErrorHandling.hpp
@@ -0,0 +1,147 @@
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef kGenericError
+	#define kGenericError		-1
+#endif
+
+extern char	*gErrorMessage;
+
+
+void SetErrorMessage(const char *theErrorMessage);
+void SetErrorMessageAndAppendLongInt(const char *theErrorMessage,const long theLongInt);
+void SetErrorMessageAndCStrAndLongInt(const char *theErrorMessage,const char * theCStr,const long theLongInt);
+void SetErrorMessageAndCStr(const char *theErrorMessage,const char * theCStr);
+void AppendCStrToErrorMessage(const char *theErrorMessage);
+void AppendLongIntToErrorMessage(const long theLongInt);
+
+
+char *GetErrorMessage(void);
+OSErr GetErrorMessageInNewHandle(Handle *inoutHandle);
+OSErr GetErrorMessageInExistingHandle(Handle inoutHandle);
+OSErr AppendErrorMessageToHandle(Handle inoutHandle);
+
+
+#ifdef __EXCEPTIONS_ENABLED__
+	void ThrowErrorMessageException(void);
+#endif
+
+
+
+//	A bunch of evil macros that would be uneccessary if I were always using C++ !
+
+#define SetErrorMessageAndBailIfNil(theArg,theMessage)								\
+{																					\
+	if (theArg == nil)																\
+	{																				\
+		SetErrorMessage(theMessage);												\
+		errCode = kGenericError;													\
+		goto EXITPOINT;																\
+	}																				\
+}
+
+
+#define SetErrorMessageAndBail(theMessage)											\
+{																					\
+		SetErrorMessage(theMessage);												\
+		errCode = kGenericError;													\
+		goto EXITPOINT;																\
+}
+
+
+#define SetErrorMessageAndLongIntAndBail(theMessage,theLongInt)						\
+{																					\
+		SetErrorMessageAndAppendLongInt(theMessage,theLongInt);						\
+		errCode = kGenericError;													\
+		goto EXITPOINT;																\
+}
+
+
+#define SetErrorMessageAndLongIntAndBailIfError(theErrCode,theMessage,theLongInt)	\
+{																					\
+	if (theErrCode != noErr)														\
+	{																				\
+		SetErrorMessageAndAppendLongInt(theMessage,theLongInt);						\
+		errCode = theErrCode;														\
+		goto EXITPOINT;																\
+	}																				\
+}
+
+
+#define SetErrorMessageCStrLongIntAndBailIfError(theErrCode,theMessage,theCStr,theLongInt)	\
+{																					\
+	if (theErrCode != noErr)														\
+	{																				\
+		SetErrorMessageAndCStrAndLongInt(theMessage,theCStr,theLongInt);			\
+		errCode = theErrCode;														\
+		goto EXITPOINT;																\
+	}																				\
+}
+
+
+#define SetErrorMessageAndCStrAndBail(theMessage,theCStr)							\
+{																					\
+	SetErrorMessageAndCStr(theMessage,theCStr);										\
+	errCode = kGenericError;														\
+	goto EXITPOINT;																	\
+}
+
+
+#define SetErrorMessageAndBailIfError(theErrCode,theMessage)						\
+{																					\
+	if (theErrCode != noErr)														\
+	{																				\
+		SetErrorMessage(theMessage);												\
+		errCode = theErrCode;														\
+		goto EXITPOINT;																\
+	}																				\
+}
+
+
+#define SetErrorMessageAndLongIntAndBailIfNil(theArg,theMessage,theLongInt)			\
+{																					\
+	if (theArg == nil)																\
+	{																				\
+		SetErrorMessageAndAppendLongInt(theMessage,theLongInt);						\
+		errCode = kGenericError;													\
+		goto EXITPOINT;																\
+	}																				\
+}
+
+
+#define BailIfError(theErrCode)														\
+{																					\
+	if ((theErrCode) != noErr)														\
+	{																				\
+		goto EXITPOINT;																\
+	}																				\
+}
+
+
+#define SetErrCodeAndBail(theErrCode)												\
+{																					\
+	errCode = theErrCode;															\
+																					\
+	goto EXITPOINT;																	\
+}
+
+
+#define SetErrorCodeAndMessageAndBail(theErrCode,theMessage)						\
+{																					\
+	SetErrorMessage(theMessage);													\
+	errCode = theErrCode;															\
+	goto EXITPOINT;																	\
+}
+
+
+#define BailNow()																	\
+{																					\
+	errCode = kGenericError;														\
+	goto EXITPOINT;																	\
+}
+
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/MacOS/GetHTTPS.src/GetHTTPS.cpp b/MacOS/GetHTTPS.src/GetHTTPS.cpp
new file mode 100644
index 0000000000..3a5e3f0186
--- /dev/null
+++ b/MacOS/GetHTTPS.src/GetHTTPS.cpp
@@ -0,0 +1,209 @@
+/*
+ *	An demo illustrating how to retrieve a URI from a secure HTTP server.
+ *
+ *	Author: 	Roy Wood
+ *	Date:		September 7, 1999
+ *	Comments:	This relies heavily on my MacSockets library.
+ *				This project is also set up so that it expects the OpenSSL source folder (0.9.4 as I write this)
+ *				to live in a folder called "OpenSSL-0.9.4" in this project's parent folder.  For example:
+ *
+ *					Macintosh HD:
+ *						Development:
+ *							OpenSSL-0.9.4:
+ *								(OpenSSL sources here)
+ *							OpenSSL Example:
+ *								(OpenSSL example junk here)
+ *
+ *
+ *				Also-- before attempting to compile this, make sure the aliases in "OpenSSL-0.9.4:include:openssl" 
+ *				are installed!  Use the AppleScript applet in the "openssl-0.9.4" folder to do this!
+ */
+/* modified to seed the PRNG */
+/* modified to use CRandomizer for seeding */
+
+
+//	Include some funky libs I've developed over time
+
+#include "CPStringUtils.hpp"
+#include "ErrorHandling.hpp"
+#include "MacSocket.h"
+#include "Randomizer.h"
+
+//	We use the OpenSSL implementation of SSL....
+//	This was a lot of work to finally get going, though you wouldn't know it by the results!
+
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+#include <timer.h>
+
+//	Let's try grabbing some data from here:
+
+#define kHTTPS_DNS		"www.apache-ssl.org"
+#define kHTTPS_Port		443
+#define kHTTPS_URI		"/"
+
+
+//	Forward-declare this
+
+OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr);
+
+//	My idle-wait callback.  Doesn't do much, does it?  Silly cooperative multitasking.
+
+OSErr MyMacSocket_IdleWaitCallback(void *inUserRefPtr)
+{
+#pragma unused(inUserRefPtr)
+
+EventRecord		theEvent;
+	::EventAvail(everyEvent,&theEvent);
+	
+	CRandomizer *randomizer = (CRandomizer*)inUserRefPtr;
+	if (randomizer)
+		randomizer->PeriodicAction();
+
+	return(noErr);
+}
+
+
+//	Finally!
+
+void main(void)
+{
+	OSErr				errCode;
+	int					theSocket = -1;
+	int					theTimeout = 30;
+
+	SSL_CTX				*ssl_ctx = nil;
+	SSL					*ssl = nil;
+
+	char				tempString[256];
+	UnsignedWide		microTickCount;
+
+
+	CRandomizer randomizer;
+	
+	printf("OpenSSL Demo by Roy Wood, roy@centricsystems.ca\n\n");
+	
+	BailIfError(errCode = MacSocket_Startup());
+
+
+
+	//	Create a socket-like object
+	
+	BailIfError(errCode = MacSocket_socket(&theSocket,false,theTimeout * 60,MyMacSocket_IdleWaitCallback,&randomizer));
+
+	
+	//	Set up the connect string and try to connect
+	
+	CopyCStrAndInsertCStrLongIntIntoCStr("%s:%ld",kHTTPS_DNS,kHTTPS_Port,tempString,sizeof(tempString));
+	
+	printf("Connecting to %s....\n",tempString);
+
+	BailIfError(errCode = MacSocket_connect(theSocket,tempString));
+	
+	
+	//	Init SSL stuff
+	
+	SSL_load_error_strings();
+	
+	SSLeay_add_ssl_algorithms();
+	
+	
+	//	Pick the SSL method
+	
+//	ssl_ctx = SSL_CTX_new(SSLv2_client_method());
+	ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+//	ssl_ctx = SSL_CTX_new(SSLv3_client_method());
+			
+
+	//	Create an SSL thingey and try to negotiate the connection
+	
+	ssl = SSL_new(ssl_ctx);
+	
+	SSL_set_fd(ssl,theSocket);
+	
+	errCode = SSL_connect(ssl);
+	
+	if (errCode < 0)
+	{
+		SetErrorMessageAndLongIntAndBail("OpenSSL: Can't initiate SSL connection, SSL_connect() = ",errCode);
+	}
+	
+	//	Request the URI from the host
+	
+	CopyCStrToCStr("GET ",tempString,sizeof(tempString));
+	ConcatCStrToCStr(kHTTPS_URI,tempString,sizeof(tempString));
+	ConcatCStrToCStr(" HTTP/1.0\r\n\r\n",tempString,sizeof(tempString));
+
+	
+	errCode = SSL_write(ssl,tempString,CStrLength(tempString));
+	
+	if (errCode < 0)
+	{
+		SetErrorMessageAndLongIntAndBail("OpenSSL: Error writing data via ssl, SSL_write() = ",errCode);
+	}
+	
+
+	for (;;)
+	{
+	char	tempString[256];
+	int		bytesRead;
+		
+
+		//	Read some bytes and dump them to the console
+		
+		bytesRead = SSL_read(ssl,tempString,sizeof(tempString) - 1);
+		
+		if (bytesRead == 0 && MacSocket_RemoteEndIsClosing(theSocket))
+		{
+			break;
+		}
+		
+		else if (bytesRead < 0)
+		{
+			SetErrorMessageAndLongIntAndBail("OpenSSL: Error reading data via ssl, SSL_read() = ",bytesRead);
+		}
+		
+		
+		tempString[bytesRead] = '\0';
+		
+		printf("%s", tempString);
+	}
+	
+	printf("\n\n\n");
+	
+	//	All done!
+	
+	errCode = noErr;
+	
+	
+EXITPOINT:
+
+	//	Clean up and go home
+	
+	if (theSocket >= 0)
+	{
+		MacSocket_close(theSocket);
+	}
+	
+	if (ssl != nil)
+	{
+		SSL_free(ssl);
+	}
+	
+	if (ssl_ctx != nil)
+	{
+		SSL_CTX_free(ssl_ctx);
+	}
+	
+	
+	if (errCode != noErr)
+	{
+		printf("An error occurred:\n");
+		
+		printf("%s",GetErrorMessage());
+	}
+	
+	
+	MacSocket_Shutdown();
+}
diff --git a/MacOS/GetHTTPS.src/MacSocket.cpp b/MacOS/GetHTTPS.src/MacSocket.cpp
new file mode 100644
index 0000000000..c95d804d5d
--- /dev/null
+++ b/MacOS/GetHTTPS.src/MacSocket.cpp
@@ -0,0 +1,1607 @@
+/*
+ *	A simple socket-like package.  
+ *	This could undoubtedly be improved, since it does polling and busy-waiting.  
+ *	At least it uses asynch I/O and implements timeouts!
+ *
+ *	Other funkiness includes the use of my own (possibly brain-damaged) error-handling infrastructure.
+ *
+ *	-Roy Wood (roy@centricsystems.ca)
+ *
+ */
+
+
+/* ====================================================================
+ * Copyright (c) 1998-1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+ 
+
+
+
+
+#include "MacSocket.h"
+
+#include <Threads.h>
+
+#include <OpenTransport.h>
+#include <OpenTpTInternet.h>
+#include <OpenTptClient.h>
+
+
+
+#include "CPStringUtils.hpp"
+#include "ErrorHandling.hpp"
+
+
+//	#define MACSOCKET_DEBUG		1
+
+#ifdef MACSOCKET_DEBUG
+	#include <stdio.h>
+#endif
+
+
+
+extern int errno;
+
+
+#define kMaxNumSockets			4
+
+
+struct SocketStruct
+{
+	Boolean						mIsInUse;
+
+	Boolean						mEndpointIsBound;
+
+	Boolean						mLocalEndIsConnected;
+	Boolean						mRemoteEndIsConnected;
+
+	Boolean						mReceivedTOpenComplete;
+	Boolean						mReceivedTBindComplete;
+	Boolean						mReceivedTConnect;
+	Boolean						mReceivedTListen;
+	Boolean						mReceivedTPassCon;
+	Boolean						mReceivedTDisconnect;
+	Boolean						mReceivedTOrdRel;
+	Boolean						mReceivedTDisconnectComplete;
+	
+	long						mTimeoutTicks;
+	long						mOperationStartTicks;
+	
+	MacSocket_IdleWaitCallback	mIdleWaitCallback;
+	void						*mUserRefPtr;
+	
+	OTEventCode					mExpectedCode;
+	OTResult					mAsyncOperationResult;
+	
+	EndpointRef		 			mEndPointRef;
+	TBind						*mBindRequestedAddrInfo;
+	TBind						*mAssignedAddrInfo;
+	TCall						*mRemoteAddrInfo;
+	
+	Boolean						mReadyToReadData;
+	Boolean						mReadyToWriteData;
+	
+	Ptr							mReadBuffer;
+	Ptr							mWriteBuffer;
+	
+	int							mLastError;
+	char						mErrMessage[256];
+};
+
+typedef struct SocketStruct	SocketStruct;
+
+
+static SocketStruct			sSockets[kMaxNumSockets];
+static Boolean				sSocketsSetup = false;
+
+
+
+
+static OSErr MyBusyWait(SocketStruct *ioSocket,Boolean returnImmediatelyOnError,OTResult *outOTResult,Boolean *inAsyncOperationCompleteFlag);
+
+static pascal void OTNonYieldingNotifier(void *contextPtr,OTEventCode code,OTResult result,void *cookie);
+
+static Boolean	SocketIndexIsValid(const int inSocketNum);
+
+static void InitSocket(SocketStruct *ioSocket);
+
+static void PrepareForAsyncOperation(SocketStruct *ioSocket,const OTEventCode inExpectedCode);
+
+static Boolean TimeoutElapsed(const SocketStruct *inSocket);
+
+static OSStatus NegotiateIPReuseAddrOption(EndpointRef inEndpoint,const Boolean inEnableReuseIP);
+
+
+
+void MacSocket_GetSocketErrorInfo(const int inSocketNum,int *outSocketErrCode,char *outSocketErrString,const int inSocketErrStringMaxLength)
+{
+	if (outSocketErrCode != nil)
+	{
+		*outSocketErrCode = -1;
+	}
+	
+	if (outSocketErrString != nil)
+	{
+		CopyCStrToCStr("",outSocketErrString,inSocketErrStringMaxLength);
+	}
+	
+	
+	if (SocketIndexIsValid(inSocketNum))
+	{
+	SocketStruct	*theSocketStruct = &(sSockets[inSocketNum]);
+	
+		
+		if (outSocketErrCode != nil)
+		{
+			*outSocketErrCode = theSocketStruct->mLastError;
+		}
+
+		if (outSocketErrString != nil)
+		{
+			CopyCStrToCStr(theSocketStruct->mErrMessage,outSocketErrString,inSocketErrStringMaxLength);
+		}
+	}
+}
+
+
+void MacSocket_SetUserRefPtr(const int inSocketNum,void *inNewRefPtr)
+{
+	if (SocketIndexIsValid(inSocketNum))
+	{
+	SocketStruct	*theSocketStruct = &(sSockets[inSocketNum]);
+
+		theSocketStruct->mUserRefPtr = inNewRefPtr;
+	}
+}
+
+
+
+void MacSocket_GetLocalIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength)
+{
+	if (outIPAndPort != nil && SocketIndexIsValid(inSocketNum))
+	{
+	char			tempString[256];
+	SocketStruct	*theSocketStruct = &(sSockets[inSocketNum]);
+	
+		
+		CopyCStrToCStr("",tempString,sizeof(tempString));
+
+		if (theSocketStruct->mAssignedAddrInfo != nil)
+		{
+		InetAddress		*theInetAddress = (InetAddress *) theSocketStruct->mAssignedAddrInfo->addr.buf;
+		InetHost		theInetHost = theInetAddress->fHost;
+			
+			if (theInetHost == 0)
+			{
+			InetInterfaceInfo	theInetInterfaceInfo;
+				
+				if (::OTInetGetInterfaceInfo(&theInetInterfaceInfo,kDefaultInetInterface) == noErr)
+				{
+					theInetHost = theInetInterfaceInfo.fAddress;
+				}
+			}
+		
+			::OTInetHostToString(theInetHost,tempString);
+			
+			ConcatCStrToCStr(":",tempString,sizeof(tempString));
+			ConcatLongIntToCStr(theInetAddress->fPort,tempString,sizeof(tempString));
+		}
+		
+		CopyCStrToCStr(tempString,outIPAndPort,inIPAndPortLength);
+	}
+}
+
+
+
+void MacSocket_GetRemoteIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength)
+{
+	if (outIPAndPort != nil && SocketIndexIsValid(inSocketNum))
+	{
+	char			tempString[256];
+	SocketStruct	*theSocketStruct = &(sSockets[inSocketNum]);
+	
+		
+		CopyCStrToCStr("",tempString,sizeof(tempString));
+
+		if (theSocketStruct->mRemoteAddrInfo != nil)
+		{
+		InetAddress		*theInetAddress = (InetAddress *) theSocketStruct->mRemoteAddrInfo->addr.buf;
+		InetHost		theInetHost = theInetAddress->fHost;
+			
+			if (theInetHost == 0)
+			{
+			InetInterfaceInfo	theInetInterfaceInfo;
+				
+				if (::OTInetGetInterfaceInfo(&theInetInterfaceInfo,kDefaultInetInterface) == noErr)
+				{
+					theInetHost = theInetInterfaceInfo.fAddress;
+				}
+			}
+		
+			::OTInetHostToString(theInetHost,tempString);
+			
+			ConcatCStrToCStr(":",tempString,sizeof(tempString));
+			ConcatLongIntToCStr(theInetAddress->fPort,tempString,sizeof(tempString));
+		}
+		
+		CopyCStrToCStr(tempString,outIPAndPort,inIPAndPortLength);
+	}
+}
+
+
+
+Boolean MacSocket_RemoteEndIsClosing(const int inSocketNum)
+{
+Boolean		theResult = false;
+
+	if (SocketIndexIsValid(inSocketNum))
+	{
+	SocketStruct	*theSocketStruct = &(sSockets[inSocketNum]);
+
+		theResult = theSocketStruct->mReceivedTOrdRel;
+	}
+
+	return(theResult);
+}
+
+
+
+Boolean MacSocket_ListenCompleted(const int inSocketNum)
+{
+Boolean		theResult = false;
+
+	if (SocketIndexIsValid(inSocketNum))
+	{
+	SocketStruct	*theSocketStruct = &(sSockets[inSocketNum]);
+
+		theResult = theSocketStruct->mReceivedTPassCon;
+	}
+
+	return(theResult);
+}
+
+
+
+Boolean MacSocket_RemoteEndIsOpen(const int inSocketNum)
+{
+	if (SocketIndexIsValid(inSocketNum))
+	{
+	SocketStruct	*theSocketStruct = &(sSockets[inSocketNum]);
+	
+		return(theSocketStruct->mRemoteEndIsConnected);
+	}
+	
+	else
+	{
+		return(false);
+	}
+}
+
+
+
+Boolean MacSocket_LocalEndIsOpen(const int inSocketNum)
+{
+	if (SocketIndexIsValid(inSocketNum))
+	{
+	SocketStruct	*theSocketStruct = &(sSockets[inSocketNum]);
+	
+		return(theSocketStruct->mLocalEndIsConnected);
+	}
+	
+	else
+	{
+		return(false);
+	}
+}
+
+
+
+static Boolean TimeoutElapsed(const SocketStruct *inSocket)
+{
+Boolean		timeIsUp = false;
+
+	if (inSocket != nil && inSocket->mTimeoutTicks > 0 && ::TickCount() > inSocket->mOperationStartTicks + inSocket->mTimeoutTicks)
+	{
+		timeIsUp = true;
+	}
+	
+	
+	return(timeIsUp);
+}
+
+
+
+static Boolean SocketIndexIsValid(const int inSocketNum)
+{
+	if (inSocketNum >= 0 && inSocketNum < kMaxNumSockets && sSockets[inSocketNum].mEndPointRef != kOTInvalidEndpointRef)
+	{
+		return(true);
+	}
+	
+	else
+	{
+		return(false);
+	}
+}
+
+
+
+static void InitSocket(SocketStruct *ioSocket)
+{
+	ioSocket->mIsInUse = false;
+	
+	ioSocket->mEndpointIsBound = false;
+	
+	ioSocket->mLocalEndIsConnected = false;
+	ioSocket->mRemoteEndIsConnected = false;
+	
+	ioSocket->mReceivedTOpenComplete = false;
+	ioSocket->mReceivedTBindComplete = false;
+	ioSocket->mReceivedTConnect = false;
+	ioSocket->mReceivedTListen = false;
+	ioSocket->mReceivedTPassCon = false;
+	ioSocket->mReceivedTDisconnect = false;
+	ioSocket->mReceivedTOrdRel = false;
+	ioSocket->mReceivedTDisconnectComplete = false;
+	
+	ioSocket->mTimeoutTicks = 30 * 60;
+	ioSocket->mOperationStartTicks = -1;
+	
+	ioSocket->mIdleWaitCallback = nil;
+	ioSocket->mUserRefPtr = nil;
+	
+	ioSocket->mExpectedCode = 0;
+	ioSocket->mAsyncOperationResult = noErr;
+	
+	ioSocket->mEndPointRef = kOTInvalidEndpointRef;
+	
+	ioSocket->mBindRequestedAddrInfo = nil;
+	ioSocket->mAssignedAddrInfo = nil;
+	ioSocket->mRemoteAddrInfo = nil;
+	
+	ioSocket->mReadyToReadData = false;
+	ioSocket->mReadyToWriteData = true;
+	
+	ioSocket->mReadBuffer = nil;
+	ioSocket->mWriteBuffer = nil;
+
+	ioSocket->mLastError = noErr;
+	CopyCStrToCStr("",ioSocket->mErrMessage,sizeof(ioSocket->mErrMessage));
+}
+
+
+
+static void PrepareForAsyncOperation(SocketStruct *ioSocket,const OTEventCode inExpectedCode)
+{
+	ioSocket->mOperationStartTicks = ::TickCount();
+	
+	ioSocket->mAsyncOperationResult = noErr;
+	
+	ioSocket->mExpectedCode = inExpectedCode;
+}
+
+
+//	The wait function....
+
+static OSErr MyBusyWait(SocketStruct *ioSocket,Boolean returnImmediatelyOnError,OTResult *outOTResult,Boolean *inAsyncOperationCompleteFlag)
+{
+OSErr 		errCode = noErr;
+OTResult	theOTResult = noErr;
+
+	
+	SetErrorMessageAndBailIfNil(ioSocket,"MyBusyWait: Bad parameter, ioSocket = nil");
+	SetErrorMessageAndBailIfNil(inAsyncOperationCompleteFlag,"MyBusyWait: Bad parameter, inAsyncOperationCompleteFlag = nil");
+	
+	for (;;) 
+	{
+		if (*inAsyncOperationCompleteFlag)
+		{
+			theOTResult = ioSocket->mAsyncOperationResult;
+			
+			break;
+		}
+		
+		if (ioSocket->mIdleWaitCallback != nil)
+		{
+			theOTResult = (*(ioSocket->mIdleWaitCallback))(ioSocket->mUserRefPtr);
+			
+			if (theOTResult != noErr && returnImmediatelyOnError)
+			{
+				break;
+			}
+		}
+		
+		if (TimeoutElapsed(ioSocket))
+		{
+			theOTResult = kMacSocket_TimeoutErr;
+			
+			break;
+		}
+	}
+
+
+EXITPOINT:
+	
+	if (outOTResult != nil)
+	{
+		*outOTResult = theOTResult;
+	}
+	
+	return(errCode);
+}
+
+
+
+//	I used to do thread switching, but stopped.  It could easily be rolled back in though....
+
+static pascal void OTNonYieldingNotifier(void *contextPtr,OTEventCode code,OTResult result,void *cookie)
+{
+SocketStruct *theSocketStruct = (SocketStruct *) contextPtr;
+	
+	if (theSocketStruct != nil)
+	{
+		if (theSocketStruct->mExpectedCode != 0 && code == theSocketStruct->mExpectedCode)
+		{
+			theSocketStruct->mAsyncOperationResult = result;
+			
+			theSocketStruct->mExpectedCode = 0;
+		}
+		
+		
+		switch (code) 
+		{
+			case T_OPENCOMPLETE:
+			{
+				theSocketStruct->mReceivedTOpenComplete = true;
+				
+				theSocketStruct->mEndPointRef = (EndpointRef) cookie;
+				
+				break;
+			}
+
+			
+			case T_BINDCOMPLETE:
+			{
+				theSocketStruct->mReceivedTBindComplete = true;
+				
+				break;
+			}
+			
+
+			case T_CONNECT:
+			{
+				theSocketStruct->mReceivedTConnect = true;
+
+				theSocketStruct->mLocalEndIsConnected = true;
+				
+				theSocketStruct->mRemoteEndIsConnected = true;
+
+				break;
+			}
+			
+
+			case T_LISTEN:
+			{
+				theSocketStruct->mReceivedTListen = true;
+				
+				break;
+			}
+			
+
+			case T_PASSCON:
+			{
+				theSocketStruct->mReceivedTPassCon = true;
+				
+				theSocketStruct->mLocalEndIsConnected = true;
+				
+				theSocketStruct->mRemoteEndIsConnected = true;
+
+				break;
+			}
+
+
+			case T_DATA:
+			{
+				theSocketStruct->mReadyToReadData = true;
+				
+				break;
+			}
+			
+			case T_GODATA:
+			{
+				theSocketStruct->mReadyToWriteData = true;
+				
+				break;
+			}
+			
+			case T_DISCONNECT:
+			{
+				theSocketStruct->mReceivedTDisconnect = true;
+				
+				theSocketStruct->mRemoteEndIsConnected = false;
+				
+				theSocketStruct->mLocalEndIsConnected = false;
+				
+				::OTRcvDisconnect(theSocketStruct->mEndPointRef,nil);
+				
+				break;
+			}
+
+			case T_ORDREL:
+			{
+				theSocketStruct->mReceivedTOrdRel = true;
+				
+				//	We can still write data, so don't clear mRemoteEndIsConnected
+				
+				::OTRcvOrderlyDisconnect(theSocketStruct->mEndPointRef);
+				
+				break;
+			}
+			
+			case T_DISCONNECTCOMPLETE:
+			{
+				theSocketStruct->mReceivedTDisconnectComplete = true;
+				
+				theSocketStruct->mRemoteEndIsConnected = false;
+				
+				theSocketStruct->mLocalEndIsConnected = false;
+				
+				break;
+			}
+		}
+	}
+/*
+T_LISTEN OTListen
+T_CONNECT OTRcvConnect
+T_DATA OTRcv, OTRcvUData
+T_DISCONNECT OTRcvDisconnect
+T_ORDREL OTRcvOrderlyDisconnect
+T_GODATA OTSnd, OTSndUData, OTLook
+T_PASSCON none
+
+T_EXDATA OTRcv
+T_GOEXDATA OTSnd, OTLook
+T_UDERR OTRcvUDErr
+*/
+}
+
+
+
+//	Initialize the main socket data structure
+
+OSErr MacSocket_Startup(void)
+{
+	if (!sSocketsSetup)
+	{
+		for (int i = 0;i < kMaxNumSockets;i++)
+		{
+			InitSocket(&(sSockets[i]));
+		}
+
+		::InitOpenTransport();
+		
+		sSocketsSetup = true;
+	}
+	
+	
+	return(noErr);
+}
+
+
+
+//	Cleanup before exiting
+
+OSErr MacSocket_Shutdown(void)
+{
+	if (sSocketsSetup)
+	{
+		for (int i = 0;i < kMaxNumSockets;i++)
+		{
+		SocketStruct *theSocketStruct = &(sSockets[i]);
+		
+			if (theSocketStruct->mIsInUse)
+			{
+				if (theSocketStruct->mEndPointRef != kOTInvalidEndpointRef)
+				{
+				OTResult	theOTResult;
+				
+				
+					//	Since we're killing the endpoint, I don't bother to send the disconnect (sorry!)
+
+/*
+					if (theSocketStruct->mLocalEndIsConnected)
+					{
+						//	This is an abortive action, so we do a hard disconnect instead of an OTSndOrderlyDisconnect
+						
+						theOTResult = ::OTSndDisconnect(theSocketStruct->mEndPointRef, nil);
+						
+						//	Now we have to watch for T_DISCONNECTCOMPLETE event
+						
+						theSocketStruct->mLocalEndIsConnected = false;
+					}
+*/					
+					
+					theOTResult = ::OTCloseProvider(theSocketStruct->mEndPointRef);
+					
+					
+					theSocketStruct->mEndPointRef = kOTInvalidEndpointRef;
+				}
+				
+				if (theSocketStruct->mBindRequestedAddrInfo != nil)
+				{
+					::OTFree((void *) theSocketStruct->mBindRequestedAddrInfo,T_BIND);
+					
+					theSocketStruct->mBindRequestedAddrInfo = nil;
+				}
+				
+				if (theSocketStruct->mAssignedAddrInfo != nil)
+				{
+					::OTFree((void *) theSocketStruct->mAssignedAddrInfo,T_BIND);
+					
+					theSocketStruct->mAssignedAddrInfo = nil;
+				}
+				
+				if (theSocketStruct->mRemoteAddrInfo != nil)
+				{
+					::OTFree((void *) theSocketStruct->mRemoteAddrInfo,T_CALL);
+					
+					theSocketStruct->mRemoteAddrInfo = nil;
+				}
+				
+				
+			}
+		}
+		
+		::CloseOpenTransport();
+
+		sSocketsSetup = false;
+	}
+	
+	return(noErr);
+}
+
+
+
+
+
+
+//	Allocate a socket
+
+OSErr MacSocket_socket(int *outSocketNum,const Boolean inDoThreadSwitching,const long inTimeoutTicks,MacSocket_IdleWaitCallback inIdleWaitCallback,void *inUserRefPtr)
+{
+//	Gotta roll support back in for threads eventually.....
+
+#pragma unused(inDoThreadSwitching)
+
+
+OSErr	errCode = noErr;
+
+	
+	SetErrorMessageAndBailIfNil(outSocketNum,"MacSocket_socket: Bad parameter, outSocketNum == nil");
+	
+	*outSocketNum = -1;
+	
+	
+	//	Find an unused socket
+	
+	for (int i = 0;i < kMaxNumSockets;i++)
+	{
+		if (sSockets[i].mIsInUse == false)
+		{
+		OTResult		theOTResult;
+		SocketStruct	*theSocketStruct = &(sSockets[i]);
+		
+			
+			InitSocket(theSocketStruct);
+			
+			theSocketStruct->mIdleWaitCallback = inIdleWaitCallback;
+			theSocketStruct->mUserRefPtr = inUserRefPtr;
+			
+			theSocketStruct->mTimeoutTicks = inTimeoutTicks;
+			
+
+			//	Set up OT endpoint
+			
+			PrepareForAsyncOperation(theSocketStruct,T_OPENCOMPLETE);
+			
+			theOTResult = ::OTAsyncOpenEndpoint(OTCreateConfiguration(kTCPName),0,nil,OTNonYieldingNotifier,(void *) theSocketStruct);
+			
+			SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_socket: Can't create OT endpoint, OTAsyncOpenEndpoint() = ",theOTResult);
+			
+			BailIfError(MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTOpenComplete)));
+																						
+			SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_socket: Can't create OT endpoint, OTAsyncOpenEndpoint() = ",theOTResult);
+			
+			
+			*outSocketNum = i;
+			
+			errCode = noErr;
+			
+			theSocketStruct->mIsInUse = true;
+			
+			break;
+		}
+		
+		else if (i == kMaxNumSockets - 1)
+		{
+			SetErrorMessageAndBail("MacSocket_socket: No sockets available");
+		}
+	}
+
+
+EXITPOINT:
+	
+	errno = errCode;
+	
+	return(errCode);
+}
+
+
+
+
+OSErr MacSocket_listen(const int inSocketNum,const int inPortNum)
+{
+OSErr			errCode = noErr;
+SocketStruct	*theSocketStruct = nil;
+
+
+	if (!SocketIndexIsValid(inSocketNum))
+	{
+		SetErrorMessageAndBail("MacSocket_listen: Invalid socket number specified");
+	}
+
+
+	theSocketStruct = &(sSockets[inSocketNum]);
+
+
+OTResult		theOTResult;
+	
+	
+	if (theSocketStruct->mBindRequestedAddrInfo == nil)
+	{
+		theSocketStruct->mBindRequestedAddrInfo = (TBind *) ::OTAlloc(theSocketStruct->mEndPointRef,T_BIND,T_ADDR,&theOTResult);
+																					
+		SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't allocate OT T_BIND structure, OTAlloc() = ",theOTResult);
+		SetErrorMessageAndBailIfNil(theSocketStruct->mBindRequestedAddrInfo,"MacSocket_listen: Can't allocate OT T_BIND structure, OTAlloc() returned nil");
+	}
+	
+	if (theSocketStruct->mAssignedAddrInfo == nil)
+	{
+		theSocketStruct->mAssignedAddrInfo = (TBind *) ::OTAlloc(theSocketStruct->mEndPointRef,T_BIND,T_ADDR,&theOTResult);
+																					
+		SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't allocate OT T_BIND structure, OTAlloc() = ",theOTResult);
+		SetErrorMessageAndBailIfNil(theSocketStruct->mAssignedAddrInfo,"MacSocket_listen: Can't allocate OT T_BIND structure, OTAlloc() returned nil");
+	}
+	
+	if (theSocketStruct->mRemoteAddrInfo == nil)
+	{
+		theSocketStruct->mRemoteAddrInfo = (TCall *) ::OTAlloc(theSocketStruct->mEndPointRef,T_CALL,T_ADDR,&theOTResult);
+																					
+		SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't allocate OT T_CALL structure, OTAlloc() = ",theOTResult);
+		SetErrorMessageAndBailIfNil(theSocketStruct->mRemoteAddrInfo,"MacSocket_listen: Can't allocate OT T_CALL structure, OTAlloc() returned nil");
+	}
+	
+
+	if (!theSocketStruct->mEndpointIsBound)
+	{
+	InetInterfaceInfo	theInetInterfaceInfo;
+		
+		theOTResult = ::OTInetGetInterfaceInfo(&theInetInterfaceInfo,kDefaultInetInterface);
+																					
+		SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't determine OT interface info, OTInetGetInterfaceInfo() = ",theOTResult);
+
+
+	InetAddress	*theInetAddress = (InetAddress *) theSocketStruct->mBindRequestedAddrInfo->addr.buf;
+		
+//		theInetAddress->fAddressType = AF_INET;
+//		theInetAddress->fPort = inPortNum;
+//		theInetAddress->fHost = theInetInterfaceInfo.fAddress;
+		
+		::OTInitInetAddress(theInetAddress,inPortNum,theInetInterfaceInfo.fAddress);
+
+		theSocketStruct->mBindRequestedAddrInfo->addr.len = sizeof(InetAddress);
+		
+		theSocketStruct->mBindRequestedAddrInfo->qlen = 1;
+		
+		
+		theOTResult = ::OTSetSynchronous(theSocketStruct->mEndPointRef);
+																					
+		SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't set OT endpoint mode, OTSetSynchronous() = ",theOTResult);
+		
+		theOTResult = NegotiateIPReuseAddrOption(theSocketStruct->mEndPointRef,true);
+																					
+		SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't set OT IP address reuse flag, NegotiateIPReuseAddrOption() = ",theOTResult);
+		
+		theOTResult = ::OTSetAsynchronous(theSocketStruct->mEndPointRef);
+																					
+		SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't set OT endpoint mode, OTSetAsynchronous() = ",theOTResult);
+
+		
+		PrepareForAsyncOperation(theSocketStruct,T_BINDCOMPLETE);
+				
+		theOTResult = ::OTBind(theSocketStruct->mEndPointRef,theSocketStruct->mBindRequestedAddrInfo,theSocketStruct->mAssignedAddrInfo);
+																					
+		SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't bind OT endpoint, OTBind() = ",theOTResult);
+		
+		BailIfError(MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTBindComplete)));
+																					
+		SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't bind OT endpoint, OTBind() = ",theOTResult);
+		
+		
+		theSocketStruct->mEndpointIsBound = true;
+	}
+
+
+	PrepareForAsyncOperation(theSocketStruct,T_LISTEN);
+
+	theOTResult = ::OTListen(theSocketStruct->mEndPointRef,theSocketStruct->mRemoteAddrInfo);
+	
+	if (theOTResult == noErr)
+	{
+		PrepareForAsyncOperation(theSocketStruct,T_PASSCON);
+		
+		theOTResult = ::OTAccept(theSocketStruct->mEndPointRef,theSocketStruct->mEndPointRef,theSocketStruct->mRemoteAddrInfo);
+		
+		SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't begin OT accept, OTAccept() = ",theOTResult);
+		
+		BailIfError(MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTPassCon)));
+																					
+		SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_listen: Can't accept OT connection, OTAccept() = ",theOTResult);
+	}
+	
+	else if (theOTResult == kOTNoDataErr)
+	{
+		theOTResult = noErr;
+	}
+	
+	else
+	{
+		SetErrorMessageAndLongIntAndBail("MacSocket_listen: Can't begin OT listen, OTListen() = ",theOTResult);
+	}
+
+
+	errCode = noErr;
+
+
+EXITPOINT:
+	
+	if (theSocketStruct != nil)
+	{
+		theSocketStruct->mLastError = noErr;
+		
+		CopyCStrToCStr("",theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
+
+		if (errCode != noErr)
+		{
+			theSocketStruct->mLastError = errCode;
+			
+			CopyCStrToCStr(GetErrorMessage(),theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
+		}
+	}
+	
+	errno = errCode;
+	
+	return(errCode);
+}
+
+
+
+
+OSErr MacSocket_connect(const int inSocketNum,char *inTargetAddressAndPort)
+{
+OSErr			errCode = noErr;
+SocketStruct	*theSocketStruct = nil;
+
+
+	if (!SocketIndexIsValid(inSocketNum))
+	{
+		SetErrorMessageAndBail("MacSocket_connect: Invalid socket number specified");
+	}
+
+	theSocketStruct = &(sSockets[inSocketNum]);
+
+	if (theSocketStruct->mEndpointIsBound)
+	{
+		SetErrorMessageAndBail("MacSocket_connect: Socket previously bound");
+	}
+
+	
+OTResult		theOTResult;
+
+	theSocketStruct->mBindRequestedAddrInfo = (TBind *) ::OTAlloc(theSocketStruct->mEndPointRef,T_BIND,T_ADDR,&theOTResult);
+																				
+	SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't allocate OT T_BIND structure, OTAlloc() = ",theOTResult);
+	SetErrorMessageAndBailIfNil(theSocketStruct->mBindRequestedAddrInfo,"MacSocket_connect: Can't allocate OT T_BIND structure, OTAlloc() returned nil");
+	
+
+	theSocketStruct->mAssignedAddrInfo = (TBind *) ::OTAlloc(theSocketStruct->mEndPointRef,T_BIND,T_ADDR,&theOTResult);
+																				
+	SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't allocate OT T_BIND structure, OTAlloc() = ",theOTResult);
+	SetErrorMessageAndBailIfNil(theSocketStruct->mAssignedAddrInfo,"MacSocket_connect: Can't allocate OT T_BIND structure, OTAlloc() returned nil");
+
+
+	theSocketStruct->mRemoteAddrInfo = (TCall *) ::OTAlloc(theSocketStruct->mEndPointRef,T_CALL,T_ADDR,&theOTResult);
+																				
+	SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't allocate OT T_CALL structure, OTAlloc() = ",theOTResult);
+	SetErrorMessageAndBailIfNil(theSocketStruct->mRemoteAddrInfo,"MacSocket_connect: Can't allocate OT T_CALL structure, OTAlloc() returned nil");
+
+	
+	PrepareForAsyncOperation(theSocketStruct,T_BINDCOMPLETE);
+
+	theOTResult = ::OTBind(theSocketStruct->mEndPointRef,nil,theSocketStruct->mAssignedAddrInfo);
+																				
+	SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't bind OT endpoint, OTBind() = ",theOTResult);
+	
+	BailIfError(MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTBindComplete)));
+																				
+	SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't bind OT endpoint, OTBind() = ",theOTResult);
+	
+	theSocketStruct->mEndpointIsBound = true;
+	
+
+TCall		sndCall;
+DNSAddress 	hostDNSAddress;
+	
+	//	Set up target address
+	
+	sndCall.addr.buf = (UInt8 *) &hostDNSAddress;
+	sndCall.addr.len = ::OTInitDNSAddress(&hostDNSAddress,inTargetAddressAndPort);
+	sndCall.opt.buf = nil;
+	sndCall.opt.len = 0;
+	sndCall.udata.buf = nil;
+	sndCall.udata.len = 0;
+	sndCall.sequence = 0;
+		
+	//	Connect!
+	
+	PrepareForAsyncOperation(theSocketStruct,T_CONNECT);
+
+	theOTResult = ::OTConnect(theSocketStruct->mEndPointRef,&sndCall,nil);
+	
+	if (theOTResult == kOTNoDataErr)
+	{
+		theOTResult = noErr;
+	}
+												
+	SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't connect OT endpoint, OTConnect() = ",theOTResult);
+	
+	BailIfError(MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTConnect)));
+	
+	if (theOTResult == kMacSocket_TimeoutErr)
+	{
+		SetErrorMessageAndBail("MacSocket_connect: Can't connect OT endpoint, OTConnect() = kMacSocket_TimeoutErr");
+	}
+	
+	else
+	{
+		SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't connect OT endpoint, OTConnect() = ",theOTResult);
+	}
+
+	theOTResult = ::OTRcvConnect(theSocketStruct->mEndPointRef,nil);
+												
+	SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_connect: Can't complete connect on OT endpoint, OTRcvConnect() = ",theOTResult);
+
+
+	errCode = noErr;
+
+
+#ifdef MACSOCKET_DEBUG
+	printf("MacSocket_connect: connect completed\n");
+#endif
+
+EXITPOINT:
+	
+	if (theSocketStruct != nil)
+	{
+		theSocketStruct->mLastError = noErr;
+		
+		CopyCStrToCStr("",theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
+
+		if (errCode != noErr)
+		{
+			theSocketStruct->mLastError = errCode;
+			
+			CopyCStrToCStr(GetErrorMessage(),theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
+		}
+	}
+	
+	errno = errCode;
+	
+	return(errCode);
+}
+
+
+
+
+//	Close a connection
+
+OSErr MacSocket_close(const int inSocketNum)
+{
+OSErr			errCode = noErr;
+SocketStruct	*theSocketStruct = nil;
+
+
+	if (!SocketIndexIsValid(inSocketNum))
+	{
+		SetErrorMessageAndBail("MacSocket_close: Invalid socket number specified");
+	}
+
+
+	theSocketStruct = &(sSockets[inSocketNum]);
+	
+	if (theSocketStruct->mEndPointRef != kOTInvalidEndpointRef)
+	{
+	OTResult		theOTResult = noErr;
+	
+		//	Try to play nice
+		
+		if (theSocketStruct->mReceivedTOrdRel)
+		{
+			//	Already did an OTRcvOrderlyDisconnect() in the notifier
+		
+			if (theSocketStruct->mLocalEndIsConnected)
+			{
+				theOTResult = ::OTSndOrderlyDisconnect(theSocketStruct->mEndPointRef);
+				
+				theSocketStruct->mLocalEndIsConnected = false;
+			}
+		}
+		
+		else if (theSocketStruct->mLocalEndIsConnected)
+		{
+			theOTResult = ::OTSndOrderlyDisconnect(theSocketStruct->mEndPointRef);
+			
+			theSocketStruct->mLocalEndIsConnected = false;
+			
+			//	Wait for other end to hang up too!
+			
+//			PrepareForAsyncOperation(theSocketStruct,T_ORDREL);
+//
+//			errCode = MyBusyWait(theSocketStruct,false,&theOTResult,&(theSocketStruct->mReceivedTOrdRel));
+		}
+		
+		
+		if (theOTResult != noErr)
+		{
+			::OTCloseProvider(theSocketStruct->mEndPointRef);
+		}
+		
+		else
+		{
+			theOTResult = ::OTCloseProvider(theSocketStruct->mEndPointRef);
+		}
+
+		theSocketStruct->mEndPointRef = kOTInvalidEndpointRef;
+		
+		errCode = theOTResult;
+	}
+
+
+	theSocketStruct->mIsInUse = false;
+
+	
+EXITPOINT:
+	
+	if (theSocketStruct != nil)
+	{
+		theSocketStruct->mLastError = noErr;
+		
+		CopyCStrToCStr("",theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
+
+		if (errCode != noErr)
+		{
+			theSocketStruct->mLastError = errCode;
+			
+			CopyCStrToCStr(GetErrorMessage(),theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
+		}
+	}
+
+	errno = errCode;
+		
+	return(errCode);
+}
+
+
+
+
+//	Receive some bytes
+
+int MacSocket_recv(const int inSocketNum,void *outBuff,int outBuffLength,const Boolean inBlock)
+{
+OSErr			errCode = noErr;
+int				totalBytesRead = 0;
+SocketStruct	*theSocketStruct = nil;
+
+	
+	SetErrorMessageAndBailIfNil(outBuff,"MacSocket_recv: Bad parameter, outBuff = nil");
+	
+	if (outBuffLength <= 0)
+	{
+		SetErrorMessageAndBail("MacSocket_recv: Bad parameter, outBuffLength <= 0");
+	}
+	
+	if (!SocketIndexIsValid(inSocketNum))
+	{
+		SetErrorMessageAndBail("MacSocket_recv: Invalid socket number specified");
+	}
+
+	theSocketStruct = &(sSockets[inSocketNum]);
+
+	if (!theSocketStruct->mLocalEndIsConnected)
+	{
+		SetErrorMessageAndBail("MacSocket_recv: Socket not connected");
+	}
+
+	if (theSocketStruct->mReceivedTOrdRel)
+	{
+		totalBytesRead = 0;
+		
+		goto EXITPOINT;
+	}
+
+	
+	PrepareForAsyncOperation(theSocketStruct,0);
+	
+	for (;;)
+	{
+	int			bytesRead;
+	OTResult	theOTResult;
+	
+	
+		theOTResult = ::OTRcv(theSocketStruct->mEndPointRef,(void *) ((unsigned long) outBuff + (unsigned long) totalBytesRead),outBuffLength - totalBytesRead,nil);
+		
+		if (theOTResult >= 0)
+		{
+			bytesRead = theOTResult;
+			
+#ifdef MACSOCKET_DEBUG
+	printf("MacSocket_recv: read %d bytes in part\n",bytesRead);
+#endif
+		}
+		
+		else if (theOTResult == kOTNoDataErr)
+		{
+			bytesRead = 0;
+		}
+		
+		else
+		{
+			SetErrorMessageAndLongIntAndBail("MacSocket_recv: Can't receive OT data, OTRcv() = ",theOTResult);
+		}
+		
+		
+		totalBytesRead += bytesRead;
+		
+		
+		if (totalBytesRead <= 0)
+		{
+			if (theSocketStruct->mReceivedTOrdRel)
+			{
+				break;
+			}
+			
+			//	This seems pretty stupid to me now.  Maybe I'll delete this blocking garbage.
+			
+			if (inBlock)
+			{
+				if (TimeoutElapsed(theSocketStruct))
+				{
+					SetErrorCodeAndMessageAndBail(kMacSocket_TimeoutErr,"MacSocket_recv: Receive operation timed-out");
+				}
+				
+				if (theSocketStruct->mIdleWaitCallback != nil)
+				{
+					theOTResult = (*(theSocketStruct->mIdleWaitCallback))(theSocketStruct->mUserRefPtr);
+					
+					SetErrorMessageAndBailIfError(theOTResult,"MacSocket_recv: User cancelled operation");
+				}
+				
+				continue;
+			}
+		}
+		
+		
+		break;
+	}
+	
+	errCode = noErr;
+
+
+#ifdef MACSOCKET_DEBUG
+	printf("MacSocket_recv: read %d bytes in total\n",totalBytesRead);
+#endif
+	
+	
+EXITPOINT:
+	
+	if (theSocketStruct != nil)
+	{
+		theSocketStruct->mLastError = noErr;
+		
+		CopyCStrToCStr("",theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
+
+		if (errCode != noErr)
+		{
+			theSocketStruct->mLastError = errCode;
+			
+			CopyCStrToCStr(GetErrorMessage(),theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
+		}
+	}
+
+	errno = errCode;
+	
+	return(totalBytesRead);
+}
+
+
+
+//	Send some bytes
+
+int MacSocket_send(const int inSocketNum,const void *inBuff,int inBuffLength)
+{
+OSErr			errCode = noErr;
+int				bytesSent = 0;
+SocketStruct	*theSocketStruct = nil;
+
+
+	SetErrorMessageAndBailIfNil(inBuff,"MacSocket_send: Bad parameter, inBuff = nil");
+	
+	if (inBuffLength <= 0)
+	{
+		SetErrorMessageAndBail("MacSocket_send: Bad parameter, inBuffLength <= 0");
+	}
+
+	if (!SocketIndexIsValid(inSocketNum))
+	{
+		SetErrorMessageAndBail("MacSocket_send: Invalid socket number specified");
+	}
+	
+
+	theSocketStruct = &(sSockets[inSocketNum]);
+	
+	if (!theSocketStruct->mLocalEndIsConnected)
+	{
+		SetErrorMessageAndBail("MacSocket_send: Socket not connected");
+	}
+
+
+OTResult		theOTResult;
+	
+
+	PrepareForAsyncOperation(theSocketStruct,0);
+
+	while (bytesSent < inBuffLength)
+	{
+		if (theSocketStruct->mIdleWaitCallback != nil)
+		{
+			theOTResult = (*(theSocketStruct->mIdleWaitCallback))(theSocketStruct->mUserRefPtr);
+			
+			SetErrorMessageAndBailIfError(theOTResult,"MacSocket_send: User cancelled");
+		}
+
+
+		theOTResult = ::OTSnd(theSocketStruct->mEndPointRef,(void *) ((unsigned long) inBuff + bytesSent),inBuffLength - bytesSent,0);
+		
+		if (theOTResult >= 0)
+		{
+			bytesSent += theOTResult;
+			
+			theOTResult = noErr;
+			
+			//	Reset timer....
+			
+			PrepareForAsyncOperation(theSocketStruct,0);
+		}
+		
+		if (theOTResult == kOTFlowErr)
+		{
+			if (TimeoutElapsed(theSocketStruct))
+			{
+				SetErrorCodeAndMessageAndBail(kMacSocket_TimeoutErr,"MacSocket_send: Send timed-out")
+			}
+
+			theOTResult = noErr;
+		}
+													
+		SetErrorMessageAndLongIntAndBailIfError(theOTResult,"MacSocket_send: Can't send OT data, OTSnd() = ",theOTResult);
+	}
+
+	
+	errCode = noErr;
+
+#ifdef MACSOCKET_DEBUG
+	printf("MacSocket_send: sent %d bytes\n",bytesSent);
+#endif
+	
+	
+EXITPOINT:
+	
+	if (theSocketStruct != nil)
+	{
+		theSocketStruct->mLastError = noErr;
+		
+		CopyCStrToCStr("",theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
+
+		if (errCode != noErr)
+		{
+			theSocketStruct->mLastError = errCode;
+			
+			CopyCStrToCStr(GetErrorMessage(),theSocketStruct->mErrMessage,sizeof(theSocketStruct->mErrMessage));
+		}
+	}
+	
+	if (errCode != noErr)
+	{
+		::SysBeep(1);
+	}
+	
+	errno = errCode;
+	
+	return(bytesSent);
+}
+
+
+
+
+
+static OSStatus NegotiateIPReuseAddrOption(EndpointRef inEndpoint,const Boolean inEnableReuseIP)
+{
+OSStatus	errCode;
+UInt8		buf[kOTFourByteOptionSize];
+TOption*	theOTOption;
+TOptMgmt	theOTRequest;
+TOptMgmt	theOTResult;
+	
+
+	if (!OTIsSynchronous(inEndpoint))
+	{
+		SetErrorMessageAndBail("NegotiateIPReuseAddrOption: Open Transport endpoint is not synchronous");
+	}
+	
+	theOTRequest.opt.buf = buf;
+	theOTRequest.opt.len = sizeof(buf);
+	theOTRequest.flags = T_NEGOTIATE;
+
+	theOTResult.opt.buf = buf;
+	theOTResult.opt.maxlen = kOTFourByteOptionSize;
+
+
+	theOTOption = (TOption *) buf;
+	
+	theOTOption->level = INET_IP;
+	theOTOption->name = IP_REUSEADDR;
+	theOTOption->len = kOTFourByteOptionSize;
+	theOTOption->status = 0;
+	*((UInt32 *) (theOTOption->value)) = inEnableReuseIP;
+
+	errCode = ::OTOptionManagement(inEndpoint,&theOTRequest,&theOTResult);
+	
+	if (errCode == kOTNoError)
+	{
+		if (theOTOption->status != T_SUCCESS)
+		{
+			errCode = theOTOption->status;
+		}
+		
+		else
+		{
+			errCode = kOTNoError;
+		}
+	}
+				
+
+EXITPOINT:
+	
+	errno = errCode;
+	
+	return(errCode);
+}
+
+
+
+
+
+//	Some rough notes....
+
+
+
+//	OTAckSends(ep);
+//	OTAckSends(ep) // enable AckSend option
+//	......
+//	buf = OTAllocMem( nbytes); // Allocate nbytes of memory from OT
+//	OTSnd(ep, buf, nbytes, 0); // send a packet
+//	......
+//	NotifyProc( .... void* theParam) // Notifier Proc
+//	case T_MEMORYRELEASED: // process event
+//	OTFreeMem( theParam); // free up memory
+//	break;
+
+
+
+/*
+struct InetInterfaceInfo
+{
+	InetHost		fAddress;
+	InetHost		fNetmask;
+	InetHost		fBroadcastAddr;
+	InetHost		fDefaultGatewayAddr;
+	InetHost		fDNSAddr;
+	UInt16			fVersion;
+	UInt16			fHWAddrLen;
+	UInt8*			fHWAddr;
+	UInt32			fIfMTU;
+	UInt8*			fReservedPtrs[2];
+	InetDomainName	fDomainName;
+	UInt32			fIPSecondaryCount;
+	UInt8			fReserved[252];			
+};
+typedef struct InetInterfaceInfo InetInterfaceInfo;
+
+
+
+((InetAddress *) addr.buf)->fHost
+
+struct TBind
+{
+	TNetbuf	addr;
+	OTQLen	qlen;
+};
+
+typedef struct TBind	TBind;
+
+struct TNetbuf
+{
+	size_t	maxlen;
+	size_t	len;
+	UInt8*	buf;
+};
+
+typedef struct TNetbuf	TNetbuf;
+
+	
+	struct InetAddress
+{
+		OTAddressType	fAddressType;	// always AF_INET
+		InetPort		fPort;			// Port number 
+		InetHost		fHost;			// Host address in net byte order
+		UInt8			fUnused[8];		// Traditional unused bytes
+};
+typedef struct InetAddress InetAddress;
+*/
+
+
+
+/*
+static pascal void Notifier(void* context, OTEventCode event, OTResult result, void* cookie)
+{
+EPInfo* epi = (EPInfo*) context;
+
+	switch (event)
+	{
+		case T_LISTEN:
+		{
+			DoListenAccept();
+			return;
+		}
+		
+		case T_ACCEPTCOMPLETE:
+		{
+			if (result != kOTNoError)
+				DBAlert1("Notifier: T_ACCEPTCOMPLETE - result %d",result);
+			return;
+		}
+		
+		case T_PASSCON:
+		{
+			if (result != kOTNoError)
+			{
+				DBAlert1("Notifier: T_PASSCON result %d", result);
+				return;
+			}
+
+			OTAtomicAdd32(1, &gCntrConnections);
+			OTAtomicAdd32(1, &gCntrTotalConnections);
+			OTAtomicAdd32(1, &gCntrIntervalConnects);
+			
+			if ( OTAtomicSetBit(&epi->stateFlags, kPassconBit) != 0 )
+			{
+				ReadData(epi);
+			}
+			
+			return;
+		}
+		
+		case T_DATA:
+		{
+			if ( OTAtomicSetBit(&epi->stateFlags, kPassconBit) != 0 )
+			{
+				ReadData(epi);
+			}
+			
+			return;
+		}
+		
+		case T_GODATA:
+		{
+			SendData(epi);
+			return;
+		}
+		
+		case T_DISCONNECT:
+		{
+			DoRcvDisconnect(epi);
+			return;
+		}
+		
+		case T_DISCONNECTCOMPLETE:
+		{
+			if (result != kOTNoError)
+				DBAlert1("Notifier: T_DISCONNECT_COMPLETE result %d",result);
+				
+			return;
+		}
+		
+		case T_MEMORYRELEASED:
+		{
+			OTAtomicAdd32(-1, &epi->outstandingSends);
+			return;
+		}
+		
+		default:
+		{
+			DBAlert1("Notifier: unknown event <%x>", event);
+			return;
+		}
+	}
+}
+*/
diff --git a/MacOS/GetHTTPS.src/MacSocket.h b/MacOS/GetHTTPS.src/MacSocket.h
new file mode 100644
index 0000000000..ad59dc9e4f
--- /dev/null
+++ b/MacOS/GetHTTPS.src/MacSocket.h
@@ -0,0 +1,103 @@
+#pragma once
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+
+enum
+{
+	kMacSocket_TimeoutErr = -2
+};
+
+
+//	Since MacSocket does busy waiting, I do a callback while waiting
+
+typedef OSErr (*MacSocket_IdleWaitCallback)(void *);
+
+
+//	Call this before anything else!
+
+OSErr MacSocket_Startup(void);
+
+
+//	Call this to cleanup before quitting
+
+OSErr MacSocket_Shutdown(void);
+
+
+//	Call this to allocate a "socket" (reference number is returned in outSocketNum)
+//	Note that inDoThreadSwitching is pretty much irrelevant right now, since I ignore it
+//	The inTimeoutTicks parameter is applied during reads/writes of data
+//	The inIdleWaitCallback parameter specifies a callback which is called during busy-waiting periods
+//	The inUserRefPtr parameter is passed back to the idle-wait callback
+
+OSErr MacSocket_socket(int *outSocketNum,const Boolean inDoThreadSwitching,const long inTimeoutTicks,MacSocket_IdleWaitCallback inIdleWaitCallback,void *inUserRefPtr);
+
+
+//	Call this to connect to an IP/DNS address
+//	Note that inTargetAddressAndPort is in "IP:port" format-- e.g. 10.1.1.1:123
+
+OSErr MacSocket_connect(const int inSocketNum,char *inTargetAddressAndPort);
+
+
+//	Call this to listen on a port
+//	Since this a low-performance implementation, I allow a maximum of 1 (one!) incoming request when I listen
+
+OSErr MacSocket_listen(const int inSocketNum,const int inPortNum);
+
+
+//	Call this to close a socket
+
+OSErr MacSocket_close(const int inSocketNum);
+
+
+//	Call this to receive data on a socket
+//	Most parameters' purpose are obvious-- except maybe "inBlock" which controls whether I wait for data or return immediately
+
+int MacSocket_recv(const int inSocketNum,void *outBuff,int outBuffLength,const Boolean inBlock);
+
+
+//	Call this to send data on a socket
+
+int MacSocket_send(const int inSocketNum,const void *inBuff,int inBuffLength);
+
+
+//	If zero bytes were read in a call to MacSocket_recv(), it may be that the remote end has done a half-close
+//	This function will let you check whether that's true or not
+
+Boolean MacSocket_RemoteEndIsClosing(const int inSocketNum);
+
+
+//	Call this to see if the listen has completed after a call to MacSocket_listen()
+
+Boolean MacSocket_ListenCompleted(const int inSocketNum);
+
+
+//	These really aren't very useful anymore
+
+Boolean MacSocket_LocalEndIsOpen(const int inSocketNum);
+Boolean MacSocket_RemoteEndIsOpen(const int inSocketNum);
+
+
+//	You may wish to change the userRefPtr for a socket callback-- use this to do it
+
+void MacSocket_SetUserRefPtr(const int inSocketNum,void *inNewRefPtr);
+
+
+//	Call these to get the socket's IP:port descriptor
+
+void MacSocket_GetLocalIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength);
+void MacSocket_GetRemoteIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength);
+
+
+//	Call this to get error info from a socket
+
+void MacSocket_GetSocketErrorInfo(const int inSocketNum,int *outSocketErrCode,char *outSocketErrString,const int inSocketErrStringMaxLength);
+
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/MacOS/OpenSSL.mcp.hqx b/MacOS/OpenSSL.mcp.hqx
new file mode 100644
index 0000000000..c357ea5af9
--- /dev/null
+++ b/MacOS/OpenSSL.mcp.hqx
@@ -0,0 +1,4940 @@
+(This file must be converted with BinHex 4.0)
+
+:#dp`C@j68d`ZE@0`!%e08(*$9dP&!!!!!jeU!!!!!0U2Bfp[E!!!!!-!!!%S!!1
+%3J!$K@S!!"J!!!!"!!%#!3!!!!!!!!!!!%0[C'9ABA*bD@pb)&"bEfTPBh3!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"(CA4)9&4
+38b"38%-k4'9LG@GRCA)J8R9ZG'PYC3"(CA4)9&438b"38%-k8fpeFQ0P)&4bC@9
+c!%GPG%K89&"6)&"33cT$GA0dEfdJ5f9jGfpbC(-!4f9d5&488&-J8&"$1N&MBf9
+cFb"3BA4SF`"(CA4)9&438b"38%-k9'&bCf9d)&0PG(4TEQGc!%GPG%K89&"6)&"
+33cT'D@aP)%eKF("TEQGc!%GPG%K89&"6)&"33cT#G@PXC#"&H(4bBA-!4f9d5&4
+88&-J8&"$1N4PBR9RCf9b)&4KFQGPG!"(CA4)9&438b"38%-k0MK,)%0[C'9(C@i
+!4f9d5&488&-J8&"$1MBi5b"%DA0KFh0PE@*XCA)!4f9d5&488&-J8&"$1MBi5b"
+(E'pLB@`J6h"dD@eTHQ9b!%GPG%K89&"6)&"33cSf1%XJ6'PZDf9b!%GPG%K89&"
+6)&"33cSf1%XJ8(*[DQ9MG!"(CA4)9&438b"38%-k3bp$+bXJ3fpYF'PXCA)!4f9
+d5&488&-J8&"$1N-[3bXV)&GKFQjTEQGc!%GPG%K89&"6)&"33cT$4Ndf1%X!4f9
+d5&488&-J8&"$1NeKBdp6)%ePFQGP)&"KEQ9X!%GPG%K89&"6)&"33cT38%-J3fp
+NC8GPEJ"(CA4)9&438b"38%-k8&"$)%4TFf&cFf9YBQaPFJ"(CA4)9&438b"38%-
+k8&"$)%GXEf*KE#"2F(4TE@PkCA)!4f9d5&488&-J8&"$1P"33b"-D@jVCA)!4f9
+d5&488&-J8&"$1P"33b"348B!4f9d5&488&-J8&"$1P"33b"3FQpUC@0d!%GPG%K
+89&"6)&"33cT38%0"FfdJ8'&ZC@`!4f9d5&488&-J8&"$1P*PHL"$Efe`D@aPFJ"
+2F'9Z8e0-)&"33cT%C@*eCfGPFL"5G@jdD@eP!%p`C@j68d`J8&"$1P0[GA*MC5"
+8FQ9PF`"2F'9Z8e0-)&"33cT$GA0dEfdJ5f9jGfpbC(-!6h"PEP066#"38%-k3@0
+MCA0c)&"KG'Kc!%p`C@j68d`J8&"$1P4KFQGPG#"6CA4dD@jRF`"2F'9Z8e0-)&"
+33cT'D@aP)%eKF("TEQGc!%p`C@j68d`J8&"$1N*eD@aN)%9iG(*KF`"2F'9Z8e0
+-)&"33cT%C@*eCfGPFL"8BA*RCA3!6h"PEP066#"38%-k0MK,)%0[C'9(C@i!6h"
+PEP066#"38%-k0MK,)%4TFf&cFf9YBQaPFJ"2F'9Z8e0-)&"33cSf1%XJ4fa[BQ&
+X)%p`G'PYDATPFJ"2F'9Z8e0-)&"33cSf1%XJ6'PZDf9b!%p`C@j68d`J8&"$1MB
+i5b"3FQpUC@0d!%p`C@j68d`J8&"$1N-[3bXV)%0[EA"TE'9b!%p`C@j68d`J8&"
+$1N-[3bXV)&GKFQjTEQGc!%p`C@j68d`J8&"$1N0'66Bi5`"2F'9Z8e0-)&"33cT
+0B@028b"0CA*RC5"3B@jPE!"2F'9Z8e0-)&"33cT38%-J3fpNC8GPEJ"2F'9Z8e0
+-)&"33cT38%-J4'PcBA0cC@eLE'9b!%p`C@j68d`J8&"$1P"33b"(E'pLB@`J6h"
+dD@eTHQ9b!%p`C@j68d`J8&"$1P"33b"-D@jVCA)!6h"PEP066#"38%-k8&"$)&"
+&4J"2F'9Z8e0-)&"33cT38%-J8(*[DQ9MG!"2F'9Z8e0-)&"33cT38%0"FfdJ8'&
+ZC@`!6h"PEP066#"38%-k8Q9k)%0[EA"TE'9b!%GPG%K89&"6)$Bi5cT%C@*eCfG
+PFL"5G@jdD@eP!%GPG%K89&"6)$Bi5cT6Eh9bBf8J9(*PCA-!4f9d5&488&-J0MK
+,1N0eFh4[E5",CAPhEh*NF`"(CA4)9&438b!f1%Xk3@0MCA0c)&"KG'Kc!%GPG%K
+89&"6)$Bi5cT8BA*RCA3J8f9dG'PZCh-!4f9d5&488&-J0MK,1NCTE'8J6@&`F'P
+ZCh-!4f9d5&488&-J0MK,1N*eD@aN)%9iG(*KF`"(CA4)9&438b!f1%Xk4'9LG@G
+RCA)J9'&bCf9d!%GPG%K89&"6)$Bi5cSf1%XJ3fpNC8GPEJ"(CA4)9&438b!f1%X
+k0MK,)%4TFf&cFf9YBQaPFJ"(CA4)9&438b!f1%Xk0MK,)%GXEf*KE#"2F(4TE@P
+kCA)!4f9d5&488&-J0MK,1MBi5b"-D@jVCA)!4f9d5&488&-J0MK,1MBi5b"3FQp
+UC@0d!%GPG%K89&"6)$Bi5cT$,d-V+b"$Efe`D@aPFJ"(CA4)9&438b!f1%Xk3bp
+$+bXJ9f&bEQPZCh-!4f9d5&488&-J0MK,1N0'66Bi5`"(CA4)9&438b!f1%Xk6@&
+M6e-J6@9bCf8J8'&ZC@`!4f9d5&488&-J0MK,1P"33b"$Ef4P4f9Z!%GPG%K89&"
+6)$Bi5cT38%-J4'PcBA0cC@eLE'9b!%GPG%K89&"6)$Bi5cT38%-J4fa[BQ&X)%p
+`G'PYDATPFJ"(CA4)9&438b!f1%Xk8&"$)%aTEQYPFJ"(CA4)9&438b!f1%Xk8&"
+$)&"&4J"(CA4)9&438b!f1%Xk8&"$)&"bEfTPBh3!4f9d5&488&-J0MK,1P"33d&
+cE5"3B@jPE!"(CA4)9&438b!f1%Xk8Q9k)%0[EA"TE'9b!%aTBP066#!f1%Xk4'9
+LG@GRCA)J8R9ZG'PYC3"-D@*68d`J0MK,1P0[GA*MC5"8FQ9PF`"-D@*68d`J0MK
+,1N0eFh4[E5",CAPhEh*NF`"-D@*68d`J0MK,1N&MBf9cFb"3BA4SF`"-D@*68d`
+J0MK,1P4KFQGPG#"6CA4dD@jRF`"-D@*68d`J0MK,1NCTE'8J6@&`F'PZCh-!6'P
+L8e0-)$Bi5cT#G@PXC#"&H(4bBA-!6'PL8e0-)$Bi5cT%C@*eCfGPFL"8BA*RCA3
+!6'PL8e0-)$Bi5cSf1%XJ3fpNC8GPEJ"-D@*68d`J0MK,1MBi5b"%DA0KFh0PE@*
+XCA)!6'PL8e0-)$Bi5cSf1%XJ4fa[BQ&X)%p`G'PYDATPFJ"-D@*68d`J0MK,1MB
+i5b"-D@jVCA)!6'PL8e0-)$Bi5cSf1%XJ8(*[DQ9MG!"-D@*68d`J0MK,1N-[3bX
+V)%0[EA"TE'9b!%aTBP066#!f1%Xk3bp$+bXJ9f&bEQPZCh-!6'PL8e0-)$Bi5cT
+$4Ndf1%X!6'PL8e0-)$Bi5cT0B@028b"0CA*RC5"3B@jPE!"-D@*68d`J0MK,1P"
+33b"$Ef4P4f9Z!%aTBP066#!f1%Xk8&"$)%4TFf&cFf9YBQaPFJ"-D@*68d`J0MK
+,1P"33b"(E'pLB@`J6h"dD@eTHQ9b!%aTBP066#!f1%Xk8&"$)%aTEQYPFJ"-D@*
+68d`J0MK,1P"33b"348B!6'PL8e0-)$Bi5cT38%-J8(*[DQ9MG!"-D@*68d`J0MK
+,1P"33d&cE5"3B@jPE!"-D@*68d`J0MK,1P*PHL"$Efe`D@aPFJ"2F'9Z8e0-)$B
+iDcT%C@*eCfGPFL"5G@jdD@eP!%p`C@j68d`J0MKV1P0[GA*MC5"8FQ9PF`"2F'9
+Z8e0-)$BiDcT$GA0dEfdJ5f9jGfpbC(-!6h"PEP066#!f1'Xk3@0MCA0c)&"KG'K
+c!%p`C@j68d`J0MKV1P4KFQGPG#"6CA4dD@jRF`"2F'9Z8e0-)$BiDcT'D@aP)%e
+KF("TEQGc!%p`C@j68d`J0MKV1N*eD@aN)%9iG(*KF`"2F'9Z8e0-)$BiDcT%C@*
+eCfGPFL"8BA*RCA3!6h"PEP066#!f1'Xk0MK,)%0[C'9(C@i!6h"PEP066#!f1'X
+k0MK,)%4TFf&cFf9YBQaPFJ"2F'9Z8e0-)$BiDcSf1%XJ4fa[BQ&X)%p`G'PYDAT
+PFJ"2F'9Z8e0-)$BiDcSf1%XJ6'PZDf9b!%p`C@j68d`J0MKV1MBi5b"3FQpUC@0
+d!%p`C@j68d`J0MKV1N-[3bXV)%0[EA"TE'9b!%p`C@j68d`J0MKV1N-[3bXV)&G
+KFQjTEQGc!%p`C@j68d`J0MKV1N0'66Bi5`"2F'9Z8e0-)$BiDcT0B@028b"0CA*
+RC5"3B@jPE!"2F'9Z8e0-)$BiDcT38%-J3fpNC8GPEJ"2F'9Z8e0-)$BiDcT38%-
+J4'PcBA0cC@eLE'9b!%p`C@j68d`J0MKV1P"33b"(E'pLB@`J6h"dD@eTHQ9b!%p
+`C@j68d`J0MKV1P"33b"-D@jVCA)!6h"PEP066#!f1'Xk8&"$)&"&4J"2F'9Z8e0
+-)$BiDcT38%-J8(*[DQ9MG!"2F'9Z8e0-)$BiDcT38%0"FfdJ8'&ZC@`!6h"PEP0
+66#!f1'Xk8Q9k)%0[EA"TE'9b!%aTBP066#"38%-k4'9LG@GRCA)J8R9ZG'PYC3"
+-D@*68d`J8&"$1P0[GA*MC5"8FQ9PF`"-D@*68d`J8&"$1N0eFh4[E5",CAPhEh*
+NF`"-D@*68d`J8&"$1N&MBf9cFb"3BA4SF`"-D@*68d`J8&"$1P4KFQGPG#"6CA4
+dD@jRF`"-D@*68d`J8&"$1NCTE'8J6@&`F'PZCh-!6'PL8e0-)&"33cT#G@PXC#"
+&H(4bBA-!6'PL8e0-)&"33cT%C@*eCfGPFL"8BA*RCA3!6'PL8e0-)&"33cSf1%X
+J3fpNC8GPEJ"-D@*68d`J8&"$1MBi5b"%DA0KFh0PE@*XCA)!6'PL8e0-)&"33cS
+f1%XJ4fa[BQ&X)%p`G'PYDATPFJ"-D@*68d`J8&"$1MBi5b"-D@jVCA)!6'PL8e0
+-)&"33cSf1%XJ8(*[DQ9MG!"-D@*68d`J8&"$1N-[3bXV)%0[EA"TE'9b!%aTBP0
+66#"38%-k3bp$+bXJ9f&bEQPZCh-!6'PL8e0-)&"33cT$4Ndf1%X!6'PL8e0-)&"
+33cT0B@028b"0CA*RC5"3B@jPE!"-D@*68d`J8&"$1P"33b"$Ef4P4f9Z!%aTBP0
+66#"38%-k8&"$)%4TFf&cFf9YBQaPFJ"-D@*68d`J8&"$1P"33b"(E'pLB@`J6h"
+dD@eTHQ9b!%aTBP066#"38%-k8&"$)%aTEQYPFJ"-D@*68d`J8&"$1P"33b"348B
+!6'PL8e0-)&"33cT38%-J8(*[DQ9MG!"-D@*68d`J8&"$1P"33d&cE5"3B@jPE!"
+-D@*68d`J8&"$1P*PHL"$Efe`D@aPFJ"-D@*$FRP`G'mJ8&"$1N4PBR9RCf9b)&*
+eER4TE@8!6'PL3h*jF(4[)&"33cT6Eh9bBf8J9(*PCA-!6'PL3h*jF(4[)&"33cT
+$GA0dEfdJ5f9jGfpbC(-!6'PL3h*jF(4[)&"33cT"Bf0PFh-J8'&dD(-!6'PL3h*
+jF(4[)&"33cT8BA*RCA3J8f9dG'PZCh-!6'PL3h*jF(4[)&"33cT'D@aP)%eKF("
+TEQGc!%aTBN0bHA"dEb"38%-k3R9TE'3J4AKdFQ&c!%aTBN0bHA"dEb"38%-k4'9
+LG@GRCA)J9'&bCf9d!%aTBN0bHA"dEb"38%-k0MK,)%0[C'9(C@i!6'PL3h*jF(4
+[)&"33cSf1%XJ4'PcBA0cC@eLE'9b!%aTBN0bHA"dEb"38%-k0MK,)%GXEf*KE#"
+2F(4TE@PkCA)!6'PL3h*jF(4[)&"33cSf1%XJ6'PZDf9b!%aTBN0bHA"dEb"38%-
+k0MK,)&"bEfTPBh3!6'PL3h*jF(4[)&"33cT$,d-V+b"$Efe`D@aPFJ"-D@*$FRP
+`G'mJ8&"$1N-[3bXV)&GKFQjTEQGc!%aTBN0bHA"dEb"38%-k3dC00MK,!%aTBN0
+bHA"dEb"38%-k6@&M6e-J6@9bCf8J8'&ZC@`!6'PL3h*jF(4[)&"33cT38%-J3fp
+NC8GPEJ"-D@*$FRP`G'mJ8&"$1P"33b"%DA0KFh0PE@*XCA)!6'PL3h*jF(4[)&"
+33cT38%-J4fa[BQ&X)%p`G'PYDATPFJ"-D@*$FRP`G'mJ8&"$1P"33b"-D@jVCA)
+!6'PL3h*jF(4[)&"33cT38%-J8%9'!%aTBN0bHA"dEb"38%-k8&"$)&"bEfTPBh3
+!6'PL3h*jF(4[)&"33cT38%0"FfdJ8'&ZC@`!6'PL3h*jF(4[)&"33cT5CASJ3fp
+YF'PXCA)!6'PL3h*jF(4[)$Bi5cT%C@*eCfGPFL"5G@jdD@eP!%aTBN0bHA"dEb!
+f1%Xk8fpeFQ0P)&4bC@9c!%aTBN0bHA"dEb!f1%Xk3h9cG'pY)%YPHAG[FQ4c!%a
+TBN0bHA"dEb!f1%Xk3@0MCA0c)&"KG'Kc!%aTBN0bHA"dEb!f1%Xk9'&bCf9d)&0
+PG(4TEQGc!%aTBN0bHA"dEb!f1%Xk4QPXC5"0BA"`D@jRF`"-D@*$FRP`G'mJ0MK
+,1N*eD@aN)%9iG(*KF`"-D@*$FRP`G'mJ0MK,1N4PBR9RCf9b)&4KFQGPG!"-D@*
+$FRP`G'mJ0MK,1MBi5b"$Ef4P4f9Z!%aTBN0bHA"dEb!f1%Xk0MK,)%4TFf&cFf9
+YBQaPFJ"-D@*$FRP`G'mJ0MK,1MBi5b"(E'pLB@`J6h"dD@eTHQ9b!%aTBN0bHA"
+dEb!f1%Xk0MK,)%aTEQYPFJ"-D@*$FRP`G'mJ0MK,1MBi5b"3FQpUC@0d!%aTBN0
+bHA"dEb!f1%Xk3bp$+bXJ3fpYF'PXCA)!6'PL3h*jF(4[)$Bi5cT$,d-V+b"ABA*
+ZD@jRF`"-D@*$FRP`G'mJ0MK,1N0'66Bi5`"-D@*$FRP`G'mJ0MK,1NeKBdp6)%e
+PFQGP)&"KEQ9X!%aTBN0bHA"dEb!f1%Xk8&"$)%0[C'9(C@i!6'PL3h*jF(4[)$B
+i5cT38%-J4'PcBA0cC@eLE'9b!%aTBN0bHA"dEb!f1%Xk8&"$)%GXEf*KE#"2F(4
+TE@PkCA)!6'PL3h*jF(4[)$Bi5cT38%-J6'PZDf9b!%aTBN0bHA"dEb!f1%Xk8&"
+$)&"&4J"-D@*$FRP`G'mJ0MK,1P"33b"3FQpUC@0d!%aTBN0bHA"dEb!f1%Xk8&"
+$3A0Y)&"KEQ9X!%aTBN0bHA"dEb!f1%Xk8Q9k)%0[EA"TE'9b!&"bEfTPBh3J4QP
+XC5"-DA0d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!3!!!!!!!!!H!!!!!J!!!!!!!!!i!!!!!`!!!!!!!!"9!!!!"!!!!!!!!!"[!!!
+!"3!!!!!!!!#-!!!!"J!!!!!!!!#R!!!!"`!!!!!!!!$"!!!!#!!!!!!!!!$H!!!
+!#3!!!!!!!!$h!!!!#J!!!!!!!!%9!!!!#`!!!!!!!!%h!!!!$!!!!!!!!!&2!!!
+!$3!!!!!!!!&S!!!!$J!!!!!!!!'%!!!!$`!!!!!!!!'J!!!!%!!!!!!!!!'d!!!
+!%3!!!!!!!!(6!!!!%J!!!!!!!!(X!!!!%`!!!!!!!!)+!!!!&!!!!!!!!!)X!!!
+!&3!!!!!!!!*%!!!!&J!!!!!!!!*C!!!!&`!!!!!!!!*b!!!!'!!!!!!!!!+-!!!
+!'3!!!!!!!!+Q!!!!'J!!!!!!!!,$!!!!'`!!!!!!!!,F!!!!(!!!!!!!!!,i!!!
+!(3!!!!!!!!-4!!!!(J!!!!!!!!-Y!!!!(`!!!!!!!!0(!!!!)!!!!!!!!!0J!!!
+!)3!!!!!!!!0m!!!!)J!!!!!!!!18!!!!)`!!!!!!!!1a!!!!*!!!!!!!!!25!!!
+!*3!!!!!!!!2T!!!!*J!!!!!!!!3"!!!!*`!!!!!!!!3F!!!!+!!!!!!!!!3h!!!
+!+3!!!!!!!!4+!!!!+J!!!!!!!!4S!!!!+`!!!!!!!!5!!!!!,!!!!!!!!!5G!!!
+!,3!!!!!!!!5q!!!!,J!!!!!!!!69!!!!,`!!!!!!!!6T!!!!-!!!!!!!!!8"!!!
+!-3!!!!!!!!8D!!!!-J!!!!!!!!8c!!!!-`!!!!!!!!94!!!!0!!!!!!!!!9V!!!
+!03!!!!!!!!@)!!!!0J!!!!!!!!@L!!!!0`!!!!!!!!@r!!!!1!!!!!!!!!AD!!!
+!13!!!!!!!!Ad!!!!1J!!!!!!!!B4!!!!1`!!!!!!!!BU!!!!2!!!!!!!!!C)!!!
+!23!!!!!!!!CU!!!!2J!!!!!!!!D#!!!!2`!!!!!!!!DE!!!!3!!!!!!!!!Dh!!!
+!33!!!!!!!!E6!!!!3J!!!!!!!!ER!!!!3`!!!!!!!!F'!!!!4!!!!!!!!!FI!!!
+!43!!!!!!!!Fp!!!!4J!!!!!!!!GI!!!!4`!!!!!!!!Gh!!!!5!!!!!!!!!H-!!!
+!53!!!!!!!!HP!!!!5J!!!!!!!!Hr!!!!5`!!!!!!!!IC!!!!6!!!!!!!!!Ie!!!
+!63!!!!!!!!J0!!!!6J!!!!!!!!JS!!!!6`!!!!!!!!K!!!!!8!!!!!!!!!KE!!!
+!83!!!!!!!!Kd!!!!8J!!!!!!!!L-!!!!8`!!!!!!!!LR!!!!9!!!!!!!!!Lq!!!
+!93!!!!!!!!MD!!!!9J!!!!!!!!Mk!!!!9`!!!!!!!!N3!!!!@!!!!!!!!!NR!!!
+!@3!!!!!!!!P"!!!!@J!!!!!!!!PE!!!!@`!!!!!!!!PY!!!!A!!!!!!!!!Q+!!!
+!A3!!!!!!!!QK!!!!AJ!!!!!!!!Qp!!!!A`!!!!!!!!RG!!!!B!!!!!!!!!Rc!!!
+!B3!!!!!!!!S'!!!!BJ!!!!!!!!SG!!!!B`!!!!!!!!Se!!!!C!!!!!!!!!T0!!!
+!C3!!!!!!!!TU!!!!CJ!!!!!!!!U$!!!!C`!!!!!!!!UI!!!!D!!!!!!!!!Ui!!!
+!D3!!!!!!!!V8!!!!DJ!!!!!!!!VZ!!!!D`!!!!!!!!X(!!!!E!!!!!!!!!XM!!!
+!E3!!!!!!!!Xl!!!!EJ!!!!!!!!YB!!!!E`!!!!!!!!Yj!!!!F!!!!!!!!!Z3!!!
+!!(%!!!!!!!!,U!!!!()!!!!!!!!,``!!!(-!!!!!!!!,hJ!!!(3!!!!!!!!,m3!
+!!(8!!!!!!!!-$`!!!(B!!!!!!!!-*`!!!(F!!!!!!!!-4!!!!(J!!!!!!!!-C3!
+!!(N!!!!!!!!-I!!!!(S!!!!!!!!-N!!!!!"l!!!!!!!!$+J!!!"m!!!!!!!!$-%
+!!!"p!!!!!!!!$0S!!!"q!!!!!!!!$2B!!!"r!!!!!!!!$3i!!!#!!!!!!!!!$5N
+!!!#"!!!!!!!!$8%!!!##!!!!!!!!$9`!!!#$!!!!!!!!$A8!!!#%!!!!!!!!$Bd
+!!!#&!!!!!!!!$DJ!!!#'!!!!!!!!$Em!!!#(!!!!!!!!$GX!!!#)!!!!!!!!$IX
+!!!#*!!!!!!!!$K%!!!#+!!!!!!!!$LJ!!!#,!!!!!!!!$N)!!!#-!!!!!!!!$P`
+!!!#0!!!!!!!!$Qi!!!#1!!!!!!!!$SX!!!#2!!!!!!!!$U)!!!#3!!!!!!!!!!k
+q!!!!N3!!!!!!!!lH!!!!NJ!!!!!!!!ld!!!!N`!!!!!!!!m(!!!!P!!!!!!!!!m
+H!!!!P3!!!!!!!!mf!!!!PJ!!!!!!!!p1!!!!P`!!!!!!!!pY!!!!Q!!!!!!!!!q
+)!!!!Q3!!!!!!!!qQ!!!!QJ!!!!!!!!r"!!!!Q`!!!!!!!!rI!!!!R!!!!!!!!!r
+l!!!!R3!!!!!!!"!@!!!!RJ!!!!!!!"!d!!!!R`!!!!!!!""1!!!!S!!!!!!!!""
+Y!!!!S3!!!!!!!"#3!!!!!+)!!!!!!!!3U3!!!+-!!!!!!!!3``!!!+3!!!!!!!!
+3i!!!!+8!!!!!!!!3r3!!!+B!!!!!!!!4%J!!!+F!!!!!!!!4-J!!!+J!!!!!!!!
+46!!!!+N!!!!!!!!4D`!!!+S!!!!!!!!4MJ!!!+X!!!!!!!!4T`!!!+`!!!!!!!!
+4[3!!!+d!!!!!!!!4e`!!!+i!!!!!!!!4mJ!!!+m!!!!!!!!5$3!!!,!!!!!!!!!
+5,!!!!,%!!!!!!!!54`!!!,)!!!!!!!!5C3!!!,-!!!!!!!!5J!!!!,3!!!!!!!!
+5RJ!!!,8!!!!!!!!5ZJ!!!,B!!!!!!!!5e3!!!,F!!!!!!!!5m`!!!,J!!!!!!!!
+6$3!!!,N!!!!!!!!6,!!!!,S!!!!!!!!66`!!!,X!!!!!!!!6D!!!!,`!!!!!!!!
+6JJ!!!,d!!!!!!!!6R`!!!,i!!!!!!!!6[!!!!,m!!!!!!!!6d3!!!-!!!!!!!!!
+6m3!!!-%!!!!!!!!8#`!!!-)!!!!!!!!8+J!!!--!!!!!!!!863!!!-3!!!!!!!!
+8CJ!!!-8!!!!!!!!8I!!!!-B!!!!!!!!8PJ!!!-F!!!!!!!!8X3!!!-J!!!!!!!!
+8c!!!!-N!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!1J!!!$X!!!!m!!!!23!!!$i!!!!e!!!!1!!!!$m!!!"!!!!!33!!!$3!!!!b!!!
+!13!!!$F!!!"#!!!!3`!!!%3!!!"&!!!!4J!!!%F!!!")!!!!53!!!%S!!!!c!!!
+!0J!!!!J!!!!*!!!!#J!!!!X!!!!-!!!!!`!!!!B!!!!0!!!!$J!!!!m!!!!#!!!
+!!!!!!!F!!!!&!!!!%!!!!"%!!!!5!!!!%`!!!"3!!!!9!!!!&J!!!"F!!!!B!!!
+!!3!!!!3!!!#h!!!!Z!!!!,N!!!#k!!!!Z`!!!,)!!!#e!!!![!!!!,d!!!#q!!!
+!X3!!!+m!!!#f!!!!Y!!!!,m!!!$!!!!!`3!!!-)!!!$$!!!!a!!!!-8!!!$'!!!
+!a`!!!,!!!!#c!!!!RJ!!!*m!!!#J!!!!S3!!!+)!!!#C!!!!R!!!!+-!!!#N!!!
+!T3!!!*J!!!#@!!!!R3!!!*X!!!#Q!!!!T`!!!+J!!!#T!!!!UJ!!!+X!!!#X!!!
+!V3!!!+i!!!#A!!!!QJ!!!&-!!!"8!!!!93!!!&B!!!"A!!!!6J!!!&%!!!"B!!!
+!@3!!!&S!!!"0!!!!5`!!!&)!!!"3!!!!@`!!!&`!!!"G!!!!AJ!!!&m!!!"J!!!
+!B3!!!')!!!"M!!!!6!!!!%m!!!#&!!!!KJ!!!)F!!!#)!!!!L3!!!)!!!!#$!!!
+!LJ!!!)X!!!#-!!!!I`!!!(d!!!#%!!!!JJ!!!)d!!!#1!!!!M`!!!*!!!!!!N3!
+!!*)!!!#6!!!!P!!!!*8!!!"q!!!!J3!!!'`!!!"Y!!!!EJ!!!'m!!!"`!!!!C`!
+!!'S!!!"a!!!!FJ!!!(-!!!"Q!!!!C!!!!'X!!!"T!!!!G!!!!(8!!!"f!!!!G`!
+!!(J!!!"j!!!!HJ!!!(X!!!"m!!!!C3!!!'J!!!!K!!!!)J!!!#-!!!!N!!!!*3!
+!!"`!!!!I!!!!*J!!!#F!!!!S!!!!'`!!!"N!!!!J!!!!(J!!!#N!!!!U!!!!+`!
+!!#`!!!!Y!!!!,J!!!#m!!!!`!!!!-3!!!"S!!!!G!!!!b!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!690-)%-Z8&"$,NaTBJ"*ER4
+PFQCKBf9-D@)!6@&dD%aTBJ"08d`J8R9ZG'PYC9"33bj-D@)!6h"PEP4`G%PZCA4
+38%-ZE`"2F'9Z9("d5@jdCA*ZCA4-D@)!6h"PEP4bB@jcF'pbG%9iG'j38%-ZE`"
+2F'9Z9(*KER0`Eh*d6'PL!&4SFQ9KC(0-D@)!BQP[Ah0cE#jM!(-b-epME'jd,Q-
+!Fc)cAfaTBLjM!(-b-epYCA4S,Q-!Fc)cAh"VG#jM!(-b-epcFRCb,Q-!Fc*IBfa
+ZG#jM!(-bAf9ZBbjM!(-bAfaTBLjM!(-bAfePG'JZB`"c-Pp`Dh3ZB`"c-PpcFRC
+b,Q-!Fc0IBQpdD#jM!(-cAf0XER3ZB`"c-epPEQ-ZB`"c-epXD@)ZB`"c-epYCA4
+S,Q-!Fc0IF'Yd,Q-!Fc0IFh*fFLjM!(0cE&pKE'Gc,Q-!Fh0XAf&cEM%ZB`"cFfa
+IBf9bG#jM!(0cE&pMDA"S,Q-!Fh0XAf9bFLjM!(0cE&pPFR)b,Q-!Fh0XAfaTBLj
+M!(0cE&pbFf%ZB`"cFfaIFf9cFbjM!(0cE&pcG'&d,Q-!Fh0XAh4iG#jM!(3aAf0
+XER3ZB`"d-9pPEQ-ZB`"d-9pXD@)ZB`"d-9pYCA4S,Q-!G$&IFh*fFLjM!'&cEM&
+ICA*b,Q-!BA0Z-9pXD@)ZB`"KFfiaAh"KFLjM!'&cEPp`B@0V,Q-!B9pLDA4cG()
+ZB`"KAf*YF#jM!'&IBQp[E#jM!'&IBRPdCA-ZB`"KAf3bD9pQF#jM!'&IC'PRCA0
+d,Q-!B9pNGA!ZB`"KAf9ZG@dZB`"KAfGPER4Y,Q-!B9pSC()ZB`"KAfNbC&pQF#j
+M!'&ID@jd,Q-!B9pYCA4S,Q-!B9p[BQTPBh3ZB`"KAfpMG'9d,Q-!B9p`FQPZG#j
+M!'&IFf9d,Q-!B9pcD@GZ,Q-!B9pdD@eP,Q-!B9pdHA"P,Q-!B9peG'0dE5jM!'&
+IGA4Q1#jM!'&IGQ9bD@Cj,Q-!B9pfDA-ZB`"N-QPIC'K`,Q-!C$*TAf4cBA!ZB`"
+N-QPIF()ZB`"N-QPIF(8ZB`"N-QPIFPp`FLjM!'3bD9pbAh"e,Q-!C$*TAh0IF()
+ZB`"N-QPIFep`G5jM!'9fF&pKFfia,Q-!CPpPER9Y,Q-!CPpTER3ZB`"QAh0dFQP
+ZCbjM!'NbC&pND(!ZB`"T-Q4IC(0KF#jM!'NbC&p`FLjM!'NbC&p`G5jM!'NbC&p
+bAh"b,Q-!D6*NAh*IF(8ZB`"T-Q4IFep`FLjM!'NbC&pcAh"e,Q-!ER0cCA%ZB`"
+ZAh"VCANZB`"`09p`BQ8ZB`"`09p`BQ9f-LjM!(!hAf4RFh3ZB`"`0epPEQ-ZB`"
+`0epPEQ0IBbjM!(!hAf9fF#jM!(!hAfPIFbjM!(!hAfaTBLjM!(!hAh*PBfP`,Q-
+!F$GIFfPREQ3ZB`"`0epcD@GZD5jM!(!hAh0IC5jM!(!iAh"VCANZB`"dAf0bE#j
+M!(4IF'YPH5jM!(4IFQ9a,Q-!G&pi06!j,Q-!H&pKE'G[FLjM!(KIBA4dFQPL,Q-
+!H&pMD@jQ,Q-!H&pMFQ`ZB`"iAf9iG'9Z,Q-!H&pTEQC[,Q-!H&pZB@eP,Q-!H&p
+`Df9j,Q-!H&p`G@*VCANZB`"iAh*PF5jM!(KIFfPR,Q-!H&pcF'YT,Q-!H&pfB@`
+ZB`"iAhJe-$NZB`"LCPpMCQ)f0#jM!'*QAf9MBLjM!'*QAf9ZBbjM!'*QAfpQBMB
+d,Q-!BQCIFfYPH5jM!'*TEepPFR)ZB`"LD@pIE'PL,Q-!BR0cAh0[BfXZB`"LEPp
+KC'3ZB`"LEPpKFfdZB`"LEPpLE'PZC#jM!'*ZAf4TGLjM!'*ZAf9bFLjM!'*ZAf9
+iF#jM!'*ZAf9iF$)ZB`"LEPpRBf3ZB`"LEPpXD@)ZB`"LEPpYEfjd,Q-!BQjIEA"
+T,Q-!BQjIEA9X,Q-!BQjIF(*TE@8ZB`"LEPp`FQPZG#jM!'*ZAh*KEQ3ZB`"LEPp
+bC@0`,Q-!BQjIFfKTCR3ZB`"LEPpcFA)ZB`"LEPphEh*N,Q-!BR9QCQ9b,Q-!BR9
+QAf9bFLjM!'0IBfCL0M3ZB`"MAf9MBLjM!'0IC@jM,Q-!Bep[CQ)f0#jM!'0IFfY
+PH5jM!'0[EA"IE'PL,Q-!BepbE'8ZB`"MAhTXD@)ZB`"MEfjQ,Q-!BfpZCPpPFR)
+ZB`"MBQ0IBfYcE5jM!'0LBepPEQ-ZB`"MCQ)f0'9NC5jM!'0QBMBdC@jM,Q-!BfC
+LAf9ZBbjM!'4PFepPEQ-ZB`"PBf)cAf9ZBbjM!'9MBPpPEQ-ZB`"PC'9IBf*ME9p
+PEQ-ZB`"PEQ0IFQ9KC#jM!'CMFRP`G#jM!'CMFRP`G&pL,Q-!EfCL0M4PC'8ZB`"
+[CQ)f0'9ZBbjM!'pQBPpPEQ-ZB`"`Bf*MAf9ZBbjM!(&eC&pMDh0Y,Q-!FQ&ZC&p
+VCANZB`"bC@&N-R"hC#jM!(*PB@4IF(GN,Q-!FR"MAf9ZBbjM!(0PG&pVCANZB`"
+cG()bDf9j,Q-!Fh9`F#jM!(KMBQ0IC@jM,Q-!C'KIBfKPBfXZB`"ND&pPFR)ZB`"
+ND&pRC@iZB`"ND&pVCANZB`"ND&pXD@)ZB`"NFf&IBA0Z-5jM!'4cB9pPFR)ZB`"
+NFf&ICf9Z,Q-!C(0KAfYPH5jM!'4cB9pXD@)ZB`"NFf&IFfPRELjM!'4cB9pfFQB
+ZB`"PFR)ZB`"PFR*IB@aX,Q-!CA*bAh"bELjM!'*TEepL0M3ZB`"LD@pIC@jM,Q-
+!BQP[AfeN,Q-!BQP[AfpV,Q-!BepKE'`ZB`"ND@GPFh3ZB`"PEQ0[C'8ZB`"PGR"
+IC@jM,Q-!CAC`Af9bFLjM!'9fF&pVCANZB`"PGR"IE'PL,Q-!CAC`Ah"LC5jM!'9
+fF&p`Df9j,Q-!C9pMBQ0I-f3ZB`"PAf0LBepLCLjM!'9IBf*MAf-ZB`"PAf0LBep
+N,Q-!C9pMBQ0ID5jM!'9IBf*MAh)b,Q-!C9pMBQ0IFM8ZB`"PAf0QBPmcC#jM!'9
+IBfCLAf*Q,Q-!C9pMCQ*IBbjM!'9IBfCLAf3ZB`"PAf0QBPpT,Q-!C9pMCQ*IFM)
+ZB`"PAf0QBPpb05jM!'9IC@0LAc0N,Q-!C9pPBf*IBQBZB`"PAf9MBPpM,Q-!C9p
+PBf*IC#jM!'9IC@0LAfNZB`"PAf9MBPpb-LjM!'9IC@0LAh)e,Q-!C9pZG@aX,Q-
+!C9p[CQ*I-f3ZB`"PAfpQBPpLCLjM!'9IEfCLAf-ZB`"PAfpQBPpN,Q-!C9p[CQ*
+ID5jM!'9IEfCLAh)b,Q-!C9p[CQ*IFM8ZB`"PAh*M0#jM!'9IH'0LBepN,Q-!E9p
+NFh-ZB`"YAf4cFc%ZB`"YAfeN-LjM!'eIE@3e,Q-!E9pYC'-b,Q-!E9pZG@aX,Q-
+!E9pbDA"PE@3ZB`"YAh0SB5jM!'eIFfKK-5jM!'jKE@9c,Q-!F&pNC@-ZB`"`Af9
+ZBbjM!("IE'PL,Q-!F&p[F'9Z,Q-!F&pcC@&X,Q-!F&pcD@GZ,Q-!F&pfCA*TCRN
+ZB`"SE@&M,Q-!D9pMBQ-ZB`"TAf0QBMBd,Q-!D9pPBf)ZB`"TAfpQBMBd,Q-!D9p
+cDf9j,Q-!E'KKFfJZB`"XD&pcG'&dFbjM!'eN-PpNCh0d,Q-!E@3bAfpZC5jM!'e
+N09pNCh0d,Q-!E@3eAfpZC5jM!'eNBc*NCh0d,Q-!E@4M-Pp[EQ8ZB`"[BQTIC'&
+d,Q-!Ef*UAf9bFLjM!'pLDPpXD@)ZB`"[AfjKE@9c,Q-!F'9YAf&XE#jM!("PE9p
+PFR)ZB`"`C@eID@jQEbjM!("PE9pXD@)ZB`"`C@eIFf9KE#jM!("PE9pcD@GZ,Q-
+!F$%bAf&NC#jM!(!a-PpKG(4b,Q-!F$%bAf*KCh-ZB`"`-6*IBh*`G#jM!(!a-Pp
+MFR3ZB`"`-6*IC'9MFLjM!(!a-PpTEQPd,Q-!F$%bAfYPH5jM!(!a-PpVDA0c,Q-
+!F$%bAfaTBLjM!(!a-PpYB@-ZB`"`-6*IEA9dE#jM!(!a-PpcBQ&R,Q-!F$%bAh9
+dE#jM!("V-6*PFR)ZB`"`DcGIC'pTG#jM!("V0epXD@)ZB`"`Df0c0f9bFLjM!'e
+NAh*KEQ3ZB`"bB@jNCQPXC5jM!(*KEQ4IE'PL,Q-!FQ-bBfCL0M3ZB`"bBc*[CQ)
+f0#jM!(*M-PpMBQ-ZB`"bBc*IC@0L,Q-!FQ-bAh0VCANZB`"bBc4IC@jM,Q-!FQ-
+dAh0VCANZB`"bBc9MCQ)f0#jM!(*M0@pQBMBd,Q-!FQ-eAf9MBLjM!(*M09pPEQ-
+ZB`"bBc9IFfYPH5jM!(*YC&pNCh0d,Q-!FQeNAfpZC5jM!(*cB9pPBANZB`"bFf&
+ICA*b,Q-!FR0KAfGPELjM!(*cB9pXD@)ZB`"bFf&IEQpZC5jM!(*cB9p[B@9`,Q-
+!FR0KAh"V-5jM!(*cB9pcB@pc,Q-!FR0KAh0TCfiZB`"bFf&IFh0X,Q-!FfKK-@4
+RFh3ZB`"cD'%aAfpZC5jM!(0SB9pNCh0d,Q-!FfKKAfpZC5jM!(0dB@0V,Q-!G(K
+dAf4L,Q-!BRPIC'Pb,Q-!BRPICQPXC5jM!(Je-$PZB@eP,Q-!H$8`1A*cCA3ZB`"
+i06!jG(P`C5jM!(Je-$PIBfe`,Q-!H$8`19pN-LjM!(Je-$PIC'9Q,Q-!H$8`19p
+PFR)ZB`"i06!jAf9iG#jM!(Je-$PIE(8ZB`"i06!jAfpLDLjM!(Je-$PIFM*i,Q-
+!H$8`19pbCA%ZB`"i06!jAh0PG#jM!(Je-$PIG(Kd,Q-!H$8`19pf-bjM!(Je-$P
+IGQCj,Q-!H&pKE'`ZB`"f-f9bFLjM!(BcAf&VCANZB`"f-epKE(3ZB`"f-epLBfp
+ZFbjM!(BcAf*TG(0d,Q-!GM0IBfpZCLjM!(BcAf0`Efac,Q-!GM0IBh*XC#jM!(B
+cAf9ZG@dZB`"f-epPH(4VG5jM!(BcAfGPEQiZB`"f-epTB68ZB`"f-epTER3ZB`"
+f-epXD@)ZB`"f-ep`Dh8ZB`"f-ep`FQiZB`"f-epcDf9j,Q-!GM0IFhKZCA3ZB`"
+f-epeG'`ZB`"MF(4ICA*b,Q-!Bh*jF(4XD@)ZB`"PH&pNBA4K,Q-!E@9Y,Q-!690
+-)&0*6e9B,P"33bj-D@)!BQCIBR9QCLjM!(KIH$8`1@%ZB`"NFf&IEh0cE#jM!(J
+e-$PcF'YT,Q-!H$8`19pdFR-ZB`"f-ep`GA*`,Q-!GM0ID@jQEbjM!'*IF(*TER3
+ZB`"KAfeLFh4b,Q-!G&pcF'YT,Q-!G&pi06!jB5jM!(4IBQPdFh3ZB`"KAh0dFQj
+TC#jM!'*TEepMBLjM!'*cFepYC@dZB`"LFh0ICQ3ZB`"LFh0ICQPXC5jM!'*cFep
+ZG@aX,Q-!BQCIER9XE#jM!'*QAfjLD@mZB`"LFh0IBQP[,Q-!BPpNG@e`,Q-!C@j
+MAhGbDA3ZB`"`09pMFR"d,Q-!F$9IBh*`G$)ZB`"`-6*IER"KFbjM!("V0epKG(4
+b,Q-!F'XhAfeTE@8ZB`"`DcGIFfeTE@8ZB`"bFf&IBfKV,Q-!FR0KAfjeE'`ZB`"
+MGQ9bFfP[ELjM!%038h4bD@jR9A4TE(-ZBh"`!%9bFQpb5'&ZC'aTEQFZBh"`!%G
+PG%K89&"6,Q0`F!"0B@06Ef0VCA3ZBh"`!'ePE9pNBQFZB`"36&0dFQPZCdCeEQ0
+c8&"$,QaTBJ"LEPpMG(JZB`"bB@jNAf9bFLjM!&*KEQ4[E@PkCA)ZBh"`!(J!BA"
+`FbjM!'&`F&pbB@jN,Q-!BA0Z-A"KFR-ZB`"MB5jM!'0TF'KPFR-ZB`"MFQ`ZB`"
+MFQ`bF$FZB`"NCh0d,Q-!C'JZB`"NFf%ZB`"NFf&`BA*KE5jM!'9ZBbjM!'9bFR0
+dFLjM!'GPEQ4S,Q-!Cf9ZC(0K,Q-!Cf9ZFR0K,Q-!ER0PF5jM!'p`C@jcFf`ZB`"
+`Df0c-6)ZB`"`Df0c0bjM!("VBh-i,Q-!FQ9a,Q-!FR0K,Q-!Ff9cFepTC#jM!(0
+YD@eP,Q-!Fh"PC@3ZB`"cF'YKBbjM!(0IBf)ZB`"cAf0XD@9ZG#jM!(0IFf9bGQ9
+b,Q-!FepcEf0VCA3ZB`"fCA*TCRNZB`"fCA*cD@pZ,Q-!H$8`15jM!(0IG'PYC5j
+M!%G98dPI5@jTG#jMF(!!4e9659p$Eh*P,P"33bj-D@)!4e9659p08d`Z8&"$,Na
+TBJ"(990*Ae0*6e9B,P"33bj-D@)!1NaTBP066#j38%-Z6'PL!$T-D@*$FRP`G'm
+Z8&"$,NaTBJ"0B@028bjXD@)!690-)&*eER4TE@8f1%XZ6'PL!%p`C@j8F(4*EQ9
+d,Qm!6h"PEP4bB@jcF'pbG#j[!%p`C@j8FQ&ZFh"[FR4"F(!ZE`"08d`J8dP299J
+Z0MK,,NaTBJ"08d`J3bif1%XJ4Q%S0'PI1'3T,NaTBJ"0BA4S6'PL0MK,)%CK+$4
+TAcKN+5j-D@)!4QPbFh3J8f9RE@9ZG!"(990*Ad0[FQ8Z0MK,,NaTBJ"(990*Ade
+66#if1%XZ6'PL!%G98dPI8dP299JZ0MK,,NaTBJ!k6'PL3h*jF(4[,MBiDb"'B5J
+dD9miC#NZ6'PL!%aTBP066#if1%XJ4Q%S0'PI1'3T,NaTBJ"(CA4)9&438b"38%-
+!6h"PEP066#"38%-!4f9d5&488&-J0MK,!%aTBP066#!f1%X!6h"PEP066#!f1'X
+!6'PL8e0-)&"33`"-D@*$FRP`G'mJ8&"$!%aTBN0bHA"dEb!f1%X!1NGPG%K89&"
+6+&"33bN!6'PL)%PYF'pbG#"38%-!3Q&XE'p[EL")C@a`!%eA)%-[3bXV)&"33`"
+(B@eP3fpNC5"$EfjfCA*dCA)!4QaPH#"3FQ9`FQpMCA0cEh)!69FJ8'&cBf&X)&"
+33`"5CAS!8&"$3A0Y!%*TFfpZ)&"bCA"bEf0PFh0[FJ"B3dp'4L"*EA"[FR3J8&"
+$!&"&4L"*EA"[FR3J8&"$!$T2F'9Z8e0-!$T(CA4)9&438bJf1%XT!%aTBL"*EA"
+[FR3J0MK,!%e39b"*EA"[FR3J0MK,!%eA)%-[3bXV)$Bi5`"09b"3BA0MB@`J0MK
+,!&"&4L"*EA"[FR3J0MK,!$T-D@*68d`Z0MK,)%CK+$4TAcKN+5j-D@)!1Np`C@j
+68d`S0MKV+3"0B@028b"38%-J6'PZDf9b!%eKBdp6)$Bi5b"-D@jVCA)!8fpeFQ0
+P)&4bC@9c!%0eFh4[E5",CAPhEh*NF`""Bf0PFh-J8'&dD(-!9'&bCf9d)&0PG(4
+TEQGc!%CTE'8J6@&`F'PZCh-!3R9TE'3J4AKdFQ&c!%4PBR9RCf9b)&*eER4TE@8
+!4'9LG@GRCA)J9'&bCf9d!%-[3bXV)%0[EA"TE'9b!%-[3bXV)&GKFQjTEQGc!&"
+33b"$Ef4P4f9Z!&"33b"%DA0KFh0PE@*XCA)!8&"$)%GXEf*KE#"2F(4TE@PkCA)
+!8&"$)%aTEQYPFJ"38%-J8%9'!&"33b"3FQpUC@0d!&"33d&cE5"3B@jPE!"5CAS
+J3fpYF'PXCA)!0MK,)%0[C'9(C@i!0MK,)%4TFf&cFf9YBQaPFJ!f1%XJ4fa[BQ&
+X)%p`G'PYDATPFJ!f1%XJ6'PZDf9b!$Bi5b"3FQpUC@0d!%0'66Bi5`!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!!!!!!!$J!
+!!!)!!!!!!!!!'`!!!!-!!!!!!!!!)`!!!!3!!!!!!!!!0J!!!!8!!!!!!!!!4`!
+!!!B!!!!!!!!!@J!!!!F!!!!!!!!!F3!!!!J!!!!!!!!!JJ!!!!N!!!!!!!!!M3!
+!!!S!!!!!!!!!P`!!!!X!!!!!!!!!SJ!!!!`!!!!!!!!!V!!!!!d!!!!!!!!!Y`!
+!!!i!!!!!!!!!`3!!!!m!!!!!!!!!c!!!!"!!!!!!!!!!eJ!!!"%!!!!!!!!!h`!
+!!")!!!!!!!!!k!!!!"-!!!!!!!!!mJ!!!"3!!!!!!!!!q`!!!"8!!!!!!!!""3!
+!!"B!!!!!!!!"$`!!!"F!!!!!!!!"'3!!!"J!!!!!!!!")J!!!"N!!!!!!!!"+`!
+!!"S!!!!!!!!"03!!!"X!!!!!!!!"2J!!!"`!!!!!!!!"5!!!!"d!!!!!!!!"8`!
+!!"i!!!!!!!!"AJ!!!"m!!!!!!!!"D3!!!#!!!!!!!!!"G!!!!#%!!!!!!!!"IJ!
+!!#)!!!!!!!!"L3!!!#-!!!!!!!!"N`!!!#3!!!!!!!!"R3!!!#8!!!!!!!!"U!!
+!!#B!!!!!!!!"X`!!!#F!!!!!!!!"[3!!!#J!!!!!!!!"a`!!!#N!!!!!!!!"d!!
+!!#S!!!!!!!!"f3!!!#X!!!!!!!!"i`!!!#`!!!!!!!!"l3!!!#d!!!!!!!!"q!!
+!!#i!!!!!!!!#!`!!!#m!!!!!!!!#$J!!!$!!!!!!!!!#'3!!!$%!!!!!!!!#*!!
+!!$)!!!!!!!!#,!!!!$-!!!!!!!!#03!!!$3!!!!!!!!#2`!!!$8!!!!!!!!#5J!
+!!$B!!!!!!!!#93!!!$F!!!!!!!!#A3!!!$J!!!!!!!!#CJ!!!$N!!!!!!!!#F!!
+!!$S!!!!!!!!#H!!!!$X!!!!!!!!#J`!!!$`!!!!!!!!#L`!!!$d!!!!!!!!#P!!
+!!$i!!!!!!!!#R`!!!$m!!!!!!!!#U3!!!%!!!!!!!!!#X`!!!%%!!!!!!!!#Z`!
+!!%)!!!!!!!!#a!!!!%-!!!!!!!!#c3!!!%3!!!!!!!!#eJ!!!%8!!!!!!!!#i!!
+!!%B!!!!!!!!#k3!!!%F!!!!!!!!#p!!!!%J!!!!!!!!#r!!!!%N!!!!!!!!$"J!
+!!%S!!!!!!!!$%3!!!%X!!!!!!!!$'J!!!%`!!!!!!!!$)`!!!%d!!!!!!!!$,J!
+!!%i!!!!!!!!$13!!!%m!!!!!!!!$4!!!!&!!!!!!!!!$6`!!!&%!!!!!!!!$@J!
+!!&)!!!!!!!!$B`!!!&-!!!!!!!!$D`!!!&3!!!!!!!!$GJ!!!&8!!!!!!!!$J!!
+!!&B!!!!!!!!$L`!!!&F!!!!!!!!$P!!!!&J!!!!!!!!$R3!!!&N!!!!!!!!$U!!
+!!&S!!!!!!!!$X`!!!&X!!!!!!!!$[J!!!&`!!!!!!!!$b3!!!&d!!!!!!!!$d3!
+!!&i!!!!!!!!$fJ!!!&m!!!!!!!!$i`!!!'!!!!!!!!!$lJ!!!'%!!!!!!!!$q!!
+!!')!!!!!!!!%!3!!!'-!!!!!!!!%$!!!!'3!!!!!!!!%&3!!!'8!!!!!!!!%(J!
+!!'B!!!!!!!!%*`!!!'F!!!!!!!!%-J!!!'J!!!!!!!!%23!!!'N!!!!!!!!%5!!
+!!'S!!!!!!!!%83!!!'X!!!!!!!!%@`!!!'`!!!!!!!!%B`!!!'d!!!!!!!!%E!!
+!!'i!!!!!!!!%G!!!!'m!!!!!!!!%I3!!!(!!!!!!!!!%K`!!!(%!!!!!!!!%NJ!
+!!()!!!!!!!!%Q`!!!(-!!!!!!!!%S`!!!(3!!!!!!!!%V3!!!(8!!!!!!!!%YJ!
+!!(B!!!!!!!!%[`!!!(F!!!!!!!!%b!!!!(J!!!!!!!!%d`!!!(N!!!!!!!!%f`!
+!!(S!!!!!!!!%i`!!!(X!!!!!!!!%l!!!!(`!!!!!!!!%p!!!!(d!!!!!!!!%r3!
+!!(i!!!!!!!!&#!!!!(m!!!!!!!!&%3!!!)!!!!!!!!!&'J!!!)%!!!!!!!!&*3!
+!!))!!!!!!!!&,`!!!)-!!!!!!!!&13!!!)3!!!!!!!!&3`!!!)8!!!!!!!!&6J!
+!!)B!!!!!!!!&9`!!!)F!!!!!!!!&B!!!!)J!!!!!!!!&D`!!!)N!!!!!!!!&G!!
+!!)S!!!!!!!!&I3!!!)X!!!!!!!!&KJ!!!)`!!!!!!!!&N!!!!!#0!!!!!!!!"CN
+!!!#1!!!!!!!!"D)!!!#2!!!!!!!!"D`!!!#3!!!!!!!!!!@e!!!!N3!!!!!!!!@
+q!!!!NJ!!!!!!!!A*!!!!N`!!!!!!!!A8!!!!P!!!!!!!!!AH!!!!P3!!!!!!!!A
+S!!!!PJ!!!!!!!!Ac!!!!P`!!!!!!!!Am!!!!Q!!!!!!!!!B'!!!!Q3!!!!!!!!B
+2!!!!QJ!!!!!!!!BC!!!!Q`!!!!!!!!BM!!!!R!!!!!!!!!BV!!!!R3!!!!!!!!B
+c!!!!RJ!!!!!!!!Bp!!!!R`!!!!!!!!C'!!!!S!!!!!!!!!C4!!!!S3!!!!!!!!C
+C!!!!SJ!!!!!!!!CL!!!!S`!!!!!!!!CT!!!!T!!!!!!!!!Cd!!!!T3!!!!!!!!C
+r!!!!TJ!!!!!!!!D*!!!!T`!!!!!!!!D8!!!!U!!!!!!!!!DI!!!!U3!!!!!!!!D
+T!!!!UJ!!!!!!!!Dc!!!!U`!!!!!!!!Dq!!!!V!!!!!!!!!E)!!!!V3!!!!!!!!E
+A!!!!VJ!!!!!!!!EL!!!!V`!!!!!!!!EV!!!!X!!!!!!!!!Ef!!!!X3!!!!!!!!F
+"!!!!XJ!!!!!!!!F-!!!!X`!!!!!!!!F@!!!!Y!!!!!!!!!FK!!!!Y3!!!!!!!!F
+X!!!!YJ!!!!!!!!Fh!!!!Y`!!!!!!!!G#!!!!Z!!!!!!!!!G0!!!!Z3!!!!!!!!G
+A!!!!ZJ!!!!!!!!GK!!!!Z`!!!!!!!!GV!!!![!!!!!!!!!Gb!!!![3!!!!!!!!G
+p!!!![J!!!!!!!!H)!!!![`!!!!!!!!H4!!!!`!!!!!!!!!HD!!!!`3!!!!!!!!H
+M!!!!`J!!!!!!!!HX!!!!``!!!!!!!!Hh!!!!a!!!!!!!!!I"!!!!a3!!!!!!!!I
+,!!!!aJ!!!!!!!!I9!!!!a`!!!!!!!!II!!!!b!!!!!!!!!IU!!!!b3!!!!!!!!I
+d!!!!bJ!!!!!!!!Ik!!!!b`!!!!!!!!J%!!!!c!!!!!!!!!J1!!!!c3!!!!!!!!J
+B!!!!cJ!!!!!!!!JL!!!!c`!!!!!!!!JV!!!!d!!!!!!!!!Jd!!!!d3!!!!!!!!J
+m!!!!dJ!!!!!!!!K&!!!!d`!!!!!!!!K1!!!!e!!!!!!!!!KB!!!!e3!!!!!!!!K
+L!!!!eJ!!!!!!!!KX!!!!e`!!!!!!!!Kf!!!!f!!!!!!!!!L!!!!!f3!!!!!!!!L
+,!!!!fJ!!!!!!!!L@!!!!f`!!!!!!!!LK!!!!h!!!!!!!!!LV!!!!h3!!!!!!!!L
+e!!!!hJ!!!!!!!!Lr!!!!h`!!!!!!!!M+!!!!i!!!!!!!!!M9!!!!i3!!!!!!!!M
+J!!!!iJ!!!!!!!!MV!!!!i`!!!!!!!!Me!!!!j!!!!!!!!!Mr!!!!j3!!!!!!!!N
+*!!!!jJ!!!!!!!!N8!!!!j`!!!!!!!!NI!!!!k!!!!!!!!!NU!!!!k3!!!!!!!!N
+e!!!!kJ!!!!!!!!Nr!!!!k`!!!!!!!!P*!!!!l!!!!!!!!!P6!!!!l3!!!!!!!!P
+H!!!!lJ!!!!!!!!PT!!!!l`!!!!!!!!Pb!!!!m!!!!!!!!!Pp!!!!m3!!!!!!!!Q
+)!!!!mJ!!!!!!!!Q5!!!!m`!!!!!!!!QF!!!!p!!!!!!!!!QQ!!!!p3!!!!!!!!Q
+a!!!!pJ!!!!!!!!Qm!!!!p`!!!!!!!!R%!!!!q!!!!!!!!!R2!!!!q3!!!!!!!!R
+A!!!!qJ!!!!!!!!RJ!!!!q`!!!!!!!!RS!!!!r!!!!!!!!!R`!!!!r3!!!!!!!!R
+j!!!!rJ!!!!!!!!S#!!!!r`!!!!!!!!S0!!!"!!!!!!!!!!S9!!!"!3!!!!!!!!S
+H!!!"!J!!!!!!!!SQ!!!"!`!!!!!!!!SZ!!!""!!!!!!!!!Sf!!!""3!!!!!!!!S
+q!!!""J!!!!!!!!T(!!!""`!!!!!!!!T3!!!"#!!!!!!!!!TC!!!"#3!!!!!!!!T
+N!!!"#J!!!!!!!!TV!!!"#`!!!!!!!!Tc!!!"$!!!!!!!!!Tp!!!"$3!!!!!!!!U
+&!!!"$J!!!!!!!!U2!!!"$`!!!!!!!!UB!!!"%!!!!!!!!!UJ!!!"%3!!!!!!!!U
+V!!!"%J!!!!!!!!Uf!!!"%`!!!!!!!!V!!!!"&!!!!!!!!!V,!!!"&3!!!!!!!!V
+9!!!"&J!!!!!!!!VJ!!!"&`!!!!!!!!VV!!!"'!!!!!!!!!Ve!!!"'3!!!!!!!!V
+r!!!"'J!!!!!!!!X*!!!"'`!!!!!!!!X6!!!"(!!!!!!!!!XG!!!"(3!!!!!!!!X
+R!!!"(J!!!!!!!!Xb!!!"(`!!!!!!!!Xm!!!")!!!!!!!!!Y(!!!")3!!!!!!!!Y
+5!!!")J!!!!!!!!YF!!!")`!!!!!!!!YR!!!"*!!!!!!!!!Yb!!!"*3!!!!!!!!Y
+p!!!"*J!!!!!!!!Z(!!!"*`!!!!!!!!Z5!!!"+!!!!!!!!!ZG!!!"+3!!!!!!!!Z
+R!!!"+J!!!!!!!!Zb!!!"+`!!!!!!!!Zm!!!",!!!!!!!!!['!!!",3!!!!!!!![
+4!!!",J!!!!!!!![F!!!",`!!!!!!!![Q!!!"-!!!!!!!!![`!!!"-3!!!!!!!![
+l!!!"-J!!!!!!!!`&!!!"-`!!!!!!!!`3!!!"0!!!!!!!!!`D!!!"03!!!!!!!!`
+P!!!"0J!!!!!!!!``!!!"0`!!!!!!!!`l!!!"1!!!!!!!!!a'!!!"13!!!!!!!!a
+3!!!"1J!!!!!!!!aD!!!"1`!!!!!!!!aP!!!"2!!!!!!!!!a[!!!"23!!!!!!!!a
+k!!!"2J!!!!!!!!b&!!!"2`!!!!!!!!b3!!!!!8!!!!!!!!!-QJ!!!8%!!!!!!!!
+-T!!!!8)!!!!!!!!-V`!!!8-!!!!!!!!-ZJ!!!83!!!!!!!!-a!!!!88!!!!!!!!
+-cJ!!!8B!!!!!!!!-f!!!!8F!!!!!!!!-iJ!!!8J!!!!!!!!-l!!!!8N!!!!!!!!
+-p`!!!8S!!!!!!!!0!J!!!8X!!!!!!!!0$!!!!8`!!!!!!!!0&`!!!8d!!!!!!!!
+0)J!!!8i!!!!!!!!0,!!!!8m!!!!!!!!00`!!!9!!!!!!!!!03J!!!9%!!!!!!!!
+063!!!9)!!!!!!!!09`!!!9-!!!!!!!!0A`!!!93!!!!!!!!0D!!!!98!!!!!!!!
+0F3!!!9B!!!!!!!!0H`!!!9F!!!!!!!!0KJ!!!9J!!!!!!!!0N3!!!9N!!!!!!!!
+0R!!!!9S!!!!!!!!0T`!!!9X!!!!!!!!0X3!!!9`!!!!!!!!0[!!!!9d!!!!!!!!
+0a`!!!9i!!!!!!!!0dJ!!!9m!!!!!!!!0h!!!!@!!!!!!!!!0j`!!!@%!!!!!!!!
+0mJ!!!@)!!!!!!!!0r3!!!@-!!!!!!!!1#!!!!@3!!!!!!!!1%`!!!@8!!!!!!!!
+1(3!!!@B!!!!!!!!1+!!!!@F!!!!!!!!1-!!!!@J!!!!!!!!11!!!!@N!!!!!!!!
+13J!!!@S!!!!!!!!15`!!!@X!!!!!!!!19J!!!@`!!!!!!!!1B3!!!@d!!!!!!!!
+1D`!!!@i!!!!!!!!1GJ!!!@m!!!!!!!!1J!!!!A!!!!!!!!!1LJ!!!A%!!!!!!!!
+1P3!!!A)!!!!!!!!1R`!!!A-!!!!!!!!1U!!!!A3!!!!!!!!1X3!!!A8!!!!!!!!
+1ZJ!!!AB!!!!!!!!1``!!!AF!!!!!!!!1c!!!!AJ!!!!!!!!1eJ!!!AN!!!!!!!!
+1i3!!!AS!!!!!!!!1kJ!!!AX!!!!!!!!1p!!!!A`!!!!!!!!1r`!!!Ad!!!!!!!!
+2#3!!!Ai!!!!!!!!2$`!!!Am!!!!!!!!2)3!!!B!!!!!!!!!2+`!!!B%!!!!!!!!
+203!!!B)!!!!!!!!23!!!!B-!!!!!!!!25`!!!B3!!!!!!!!29J!!!B8!!!!!!!!
+2B!!!!BB!!!!!!!!2DJ!!!BF!!!!!!!!2G!!!!BJ!!!!!!!!2IJ!!!BN!!!!!!!!
+2K`!!!BS!!!!!!!!2N3!!!BX!!!!!!!!2Q`!!!B`!!!!!!!!2TJ!!!Bd!!!!!!!!
+2V`!!!Bi!!!!!!!!2Z3!!!Bm!!!!!!!!2`J!!!C!!!!!!!!!!$md!!!'4!!!!!!!
+!$pJ!!!'5!!!!!!!!$q)!!!'6!!!!!!!!$q`!!!'8!!!!!!!!$rB!!!'9!!!!!!!
+!$rm!!!'@!!!!!!!!%!S!!!'A!!!!!!!!%"3!!!'B!!!!!!!!%"m!!!'C!!!!!!!
+!%#S!!!'D!!!!!!!!%$8!!!'E!!!!!!!!%%!!!!'F!!!!!!!!%%`!!!'G!!!!!!!
+!%&B!!!'H!!!!!!!!%'%!!!'I!!!!!!!!%'`!!!'J!!!!!!!!%(i!!!'K!!!!!!!
+!%*!!!!!"SJ!!!!!!!"#G!!!"S`!!!!!!!"#V!!!"T!!!!!!!!"#e!!!"T3!!!!!
+!!"$+!!!"TJ!!!!!!!"$6!!!"T`!!!!!!!"$H!!!"U!!!!!!!!"$Y!!!"U3!!!!!
+!!"$[!!!"UJ!!!!!!!"$f!!!"U`!!!!!!!"%"!!!"V!!!!!!!!"%-!!!"V3!!!!!
+!!"%4!!!"VJ!!!!!!!"%E!!!"V`!!!!!!!"%K!!!"X!!!!!!!!"%U!!!"X3!!!!!
+!!"%a!!!"XJ!!!!!!!"%f!!!"X`!!!!!!!"%m!!!"Y!!!!!!!!"&(!!!"Y3!!!!!
+!!"&0!!!"YJ!!!!!!!"&@!!!"Y`!!!!!!!"&H!!!"Z!!!!!!!!"&R!!!"Z3!!!!!
+!!"&`!!!"ZJ!!!!!!!"&h!!!"Z`!!!!!!!"'"!!!"[!!!!!!!!"'+!!!"[3!!!!!
+!!"'5!!!"[J!!!!!!!"'D!!!"[`!!!!!!!"'J!!!"`!!!!!!!!"'Q!!!"`3!!!!!
+!!"'`!!!"`J!!!!!!!"'i!!!"``!!!!!!!"(!!!!"a!!!!!!!!"()!!!"a3!!!!!
+!!"(2!!!"aJ!!!!!!!"(D!!!"a`!!!!!!!"(P!!!"b!!!!!!!!"(`!!!"b3!!!!!
+!!"(j!!!"bJ!!!!!!!")$!!!"b`!!!!!!!")+!!!"c!!!!!!!!")6!!!"c3!!!!!
+!!")K!!!"cJ!!!!!!!")c!!!"c`!!!!!!!"*%!!!"d!!!!!!!!"*A!!!"d3!!!!!
+!!"*R!!!"dJ!!!!!!!"*k!!!"d`!!!!!!!"+%!!!"e!!!!!!!!"+A!!!"e3!!!!!
+!!"+P!!!"eJ!!!!!!!"+e!!!"e`!!!!!!!",)!!!"f!!!!!!!!",D!!!"f3!!!!!
+!!",b!!!"fJ!!!!!!!"-,!!!"f`!!!!!!!"-C!!!"h!!!!!!!!"-V!!!"h3!!!!!
+!!"-m!!!"hJ!!!!!!!"02!!!"h`!!!!!!!"0X!!!"i!!!!!!!!"1&!!!"i3!!!!!
+!!"15!!!"iJ!!!!!!!"1H!!!"i`!!!!!!!"1V!!!"j!!!!!!!!"1f!!!"j3!!!!!
+!!"2#!!!"jJ!!!!!!!"20!!!"j`!!!!!!!"2E!!!"k!!!!!!!!"2T!!!"k3!!!!!
+!!"2i!!!"kJ!!!!!!!"3(!!!"k`!!!!!!!"38!!!"l!!!!!!!!"3K!!!"l3!!!!!
+!!"3d!!!"lJ!!!!!!!"4'!!!"l`!!!!!!!"48!!!"m!!!!!!!!"4B!!!"m3!!!!!
+!!"4I!!!"mJ!!!!!!!"4b!!!"m`!!!!!!!"5$!!!"p!!!!!!!!"55!!!"p3!!!!!
+!!"5E!!!"pJ!!!!!!!"5U!!!"p`!!!!!!!"5j!!!"q!!!!!!!!"6)!!!"q3!!!!!
+!!"69!!!"qJ!!!!!!!"6M!!!"q`!!!!!!!"6b!!!"r!!!!!!!!"8-!!!"r3!!!!!
+!!"8D!!!"rJ!!!!!!!"8V!!!"r`!!!!!!!"8m!!!#!!!!!!!!!"9*!!!#!3!!!!!
+!!"9C!!!#!J!!!!!!!"9Q!!!#!`!!!!!!!"9f!!!#"!!!!!!!!"@%!!!#"3!!!!!
+!!"@4!!!#"J!!!!!!!"@L!!!#"`!!!!!!!"@b!!!##!!!!!!!!"A"!!!##3!!!!!
+!!"A3!!!##J!!!!!!!"AF!!!##`!!!!!!!"AY!!!#$!!!!!!!!"B#!!!#$3!!!!!
+!!"B0!!!#$J!!!!!!!"B9!!!#$`!!!!!!!"BK!!!#%!!!!!!!!"BZ!!!#%3!!!!!
+!!"Bl!!!#%J!!!!!!!"C(!!!#%`!!!!!!!"CB!!!#&!!!!!!!!"CY!!!#&3!!!!!
+!!"Ci!!!#&J!!!!!!!"D%!!!#&`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$!!!!$!!!!!-
+!!!!-Y0ifDrrrqUS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!#&`!!!L!!!"D,!!!B!!!!!KF!!!!!!!!!!!!!!!!
+!!!!!9%9B9!!!!!)!!!(q!!!"r`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#`MlJ!!!!!!!!!3!
+#`NI`!!)!!!!!!!!!!!!!!X)fJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!)!!!%!!!!!"3!!Irm!!!!!Irm!!!!!Irm!!!!!Irm!!!!-!!%!!J!%!!!
+!"8!!!!B!!3!"1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!%!!!$rrrrr!!!!!`!"!!%k1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!3!!!2rrrrm!!!!%!!%!!6SkD@jME(9NC6S!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!)!!3!"1J!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!!`!#!!%k6@&M6e-
+J8h9`F'pbG$S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2rrrrp!!!!%!!)
+!!6T08d`k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrr
+rrd!!!!8!#J!!6@&M6e-J8&"$)%aTEQYPFJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!4f9d5&488&-J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!%k!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!&0B@028b"38%-J6'PZDf9b!!!
+!!!!!!!!!!!!!!!!!!!!H39"36!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!3A"`E!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"J!!!!68e-3J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!6'PL)%PYF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69"-4J!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6'PL)%PYF'pbG#"38%-!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!69G$4!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!8P053`!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"J!!!!9%9B9#jLD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!3Q&XE'p[EL")C@a`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jM!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!9%9B9#jM+bX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jMB`!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!9%9B9#jMF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jMF(!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!9%9B9#jPH(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jRB`!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4f&YC80[C'8J3fpZGQ9bG'9b!!!
+!!!!!!!!!!!!!!!"!!!!!9%9B9#jS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!9%9B9#jX!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4QaPH#"3FQ9`FQpMCA0cEh)!!!!
+!!!!!!!!!!!!!!!#!!!!!9%9B9#j`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!69FJ8'&cBf&X)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j`BA-
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ8'&cBf&X)&"33`!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!9%9B9#j`BfJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`BfJ
+V+`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!
+!!!!!!!!!!!!!!!#!!!!!9%9B9#j`F(8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!69FJ8'&cBf&X)&"33`!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#jb!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8Q9k!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!9%9B9#jc!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!8&"$3A0Y!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jj!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3QPcEfiJ8(*PF(*[Bf9cFfpb!!!
+!!!!!!!!!!!!!!!#!!!!!@%024J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!@%024NBJ5@e`Eh*d)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!C'pMG3!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"J!!!!FR0bB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!FfKXBJ!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%9')%PYF'pbG#"38%-!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!Fh4eBJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!8%9')%PYF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#jNEf-
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"3!!!!!!8"!3!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!!"!!!
+!!!8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!"!3!!E@&TEJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!3!"!!!!!3%"!3%!!3%!!!!!!!%"!!!
+"!3!"!!!"!!%!!!!!!!!!!!!)!3!"!3!"!3!!!!%!!!N!!"G0B@028b"8EfpXBQp
+i)%4&3P9()$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!r2cmr39"36!!!!B"B`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cm!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!0!!%!!!!!!""I69G&8NY6Ah"bC@CTH#jS!!!!!!!!!!!!!!!!!!!!!!!
+"!!!"!!!!!!!"!!!!!!!!!!!!!!8"!3%!!!%"!!%!!!!!"!!!!!!!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"IAh0dBA*d!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!3!!#8ePFQGP)%peG!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$m
+r2cp"8&"-!!%"!!!%)#!J)!1ARe!$GYpi!`@Z%!!&!J%!!3%!!3%"!!!"!!!!!!!
+!!!%"!3%!!3%!!3!""!!!!!!!!!!!!!!(!3%!!3!!!3!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+IAh0dBA*d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8!!!e(CA4)9&438bK38%-T!!!!!!!
+!!!!!!!!!!!!!!!!!2cmr2d&38%`!!!3!!!!%!!!!!%!!!&M!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%r2cmr!!!!!!!
+!!!)!!!!#!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+#!&!!!3!"!!%!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8*d024%8R)#G%394"*b!R8%P$9#F
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!3!
+!!!%#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!)!!!!#!J%!!!!
+!!!%!!3-!!!!!!!!!!!!!!!!%!!!!!!!!!!!"!!!$!!!!!`)"!!!!!!!"!!%$!!!
+!!!!!!!!!!!!!"!!!!!!!!!!!!3!!"!!!!!3#!3!!!!!!!3!"!`!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!%!!!8!!!!&!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!!'!!!!"J)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!"3!!!!!!!!!!!3!!"`!
+!!!F#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!!J!!!!)!J%!!!!
+!!!%!!3-!!!!!!!!!!!!!!!!&!!!!!!!!!!!"!!!*!!!!#3)"!!!!!!!"!!%$!!!
+!!!!!!!!!!!!!"3!!!!!!!!!!!3!!#J!!!!S#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!!X!!!!,!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!!-!!!!$!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!$3!
+!!!d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!!i!!!!1!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!2!!!!$`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!%!!!!"!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!"%!!!!4!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!!5!!!!%J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!%`!
+!!"-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!"3!!!!8!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!9!!!!&3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!&J!!!"B#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!"F!!!!A!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!!B!!!!'!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!'3!
+!!"N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!"S!!!!D!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!E!!!!'`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!(!!!!"`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!"d!!!!G!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!!H!!!!(J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!(`!
+!!"m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!#!!!!!J!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!K!!!!)3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!)J!!!#)#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!#-!!!!M!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!!N!!!!*!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!*3!
+!!#8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!#B!!!!Q!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!R!!!!*`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!+!!!!#J#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!#N!!!!T!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!!U!!!!+J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!+`!
+!!#X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!#`!!!!X!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!Y!!!!,3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!,J!!!#i#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!#m!!!![!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!!`!!!!-!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!-3!
+!!$%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!$)!!!!b!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!c!!!!-`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!0!!!!$3#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!$8!!!!e!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!!f!!!!0J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!0`!
+!!$F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!$J!!!!i!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!j!!!!13)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!1J!!!$S#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!$X!!!!l!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!!m!!!!2!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!23!
+!!$d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!$i!!!!q!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!!r!!!!2`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!3!!!!%!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!%%!!!""!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!"#!!!!3J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!3`!
+!!%-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!%3!!!"%!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"&!!!!43)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!4J!!!%B#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!%F!!!"(!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!")!!!!5!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!53!
+!!%N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!%S!!!"+!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!",!!!!5`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!6!!!!%`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!%d!!!"0!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!"1!!!!6J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!6`!
+!!%m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!&!!!!"3!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"4!!!!83)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!8J!!!&)#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!&-!!!"6!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!"8!!!!9!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!93!
+!!&8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!&B!!!"@!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"A!!!!9`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!@!!!!&J#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!&N!!!"C!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!"D!!!!@J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!@`!
+!!&X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!&`!!!"F!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"G!!!!A3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!AJ!!!&i#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!&m!!!"I!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!"J!!!!B!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!B3!
+!!'%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!')!!!"L!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"M!!!!B`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!C!!!!'3#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!'8!!!"P!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!"Q!!!!CJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!C`!
+!!'F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!'J!!!"S!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"T!!!!D3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!DJ!!!'S#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!'X!!!"V!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!"X!!!!E!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!E3!
+!!'d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!'i!!!"Z!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"[!!!!E`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!F!!!!(!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!(%!!!"a!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!"b!!!!FJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!F`!
+!!(-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!(3!!!"d!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"e!!!!G3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!GJ!!!(B#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!(F!!!"h!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!"i!!!!H!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!H3!
+!!(N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!(S!!!"k!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!"l!!!!H`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!I!!!!(`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!(d!!!"p!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!"q!!!!IJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!I`!
+!!(m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!)!!!!#!!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#"!!!!J3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!JJ!!!))#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!)-!!!#$!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!#%!!!!K!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!K3!
+!!)8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!)B!!!#'!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#(!!!!K`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!L!!!!)J#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!)N!!!#*!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!#+!!!!LJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!L`!
+!!)X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!)`!!!#-!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#0!!!!M3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!3!!MJ!!!)i#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!%!!)m!!!#2!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!"!!#3!!!!!*!!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
+4!!!!N3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!NJ!!!*)#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!*-!!!#6!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#8!!!!P!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!P3!!!*8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!*B!!!#@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
+A!!!!P`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!Q!!!!*J#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!*N!!!#C!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#D!!!!QJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!Q`!!!*X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!*`!!!#F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
+G!!!!R3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!RJ!!!*i#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!*m!!!#I!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#J!!!!S!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!S3!!!+%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!+)!!!#L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
+M!!!!S`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!T!!!!+3#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!+8!!!#P!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#Q!!!!TJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!T`!!!+F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!+J!!!#S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
+T!!!!U3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!UJ!!!+S#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!+X!!!#V!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#X!!!!V!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!V3!!!+d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!+i!!!#Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
+[!!!!V`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!X!!!!,!#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!,%!!!#a!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#b!!!!XJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!X`!!!,-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!,3!!!#d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
+e!!!!Y3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!YJ!!!,B#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!,F!!!#h!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#i!!!!Z!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!Z3!!!,N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!,S!!!#k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#
+l!!!!Z`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!![!!!!,`#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!,d!!!#p!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!#q!!!![J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!![`!!!,m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!-!!!!$!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
+"!!!!`3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!`J!!!-)#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!--!!!$$!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$%!!!!a!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!a3!!!-8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!-B!!!$'!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
+(!!!!a`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!b!!!!-J#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!-N!!!$*!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$+!!!!bJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!b`!!!-X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!-`!!!$-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
+0!!!!c3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!cJ!!!-i#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!-m!!!$2!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$3!!!!d!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!d3!!!0%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!0)!!!$5!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
+6!!!!d`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!e!!!!03#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!08!!!$9!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$@!!!!eJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!e`!!!0F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!0J!!!$B!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
+C!!!!f3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!fJ!!!0S#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!0X!!!$E!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$F!!!!h!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!h3!!!0d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!0i!!!$H!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
+I!!!!h`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!i!!!!1!#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!1%!!!$K!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$L!!!!iJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!i`!!!1-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!13!!!$N!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
+P!!!!j3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!jJ!!!1B#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!1F!!!$R!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$S!!!!k!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!k3!!!1N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!1S!!!$U!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
+V!!!!k`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!l!!!!1`#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!1d!!!$Y!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$Z!!!!lJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!l`!!!1m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!2!!!!$`!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
+a!!!!m3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!mJ!!!2)#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!2-!!!$c!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$d!!!!p!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!p3!!!28#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!2B!!!$f!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
+h!!!!p`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!q!!!!2J#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!2N!!!$j!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$k!!!!qJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!!q`!!!2X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!2`!!!$m!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!$
+p!!!!r3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!!rJ!!!2i#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!2m!!!$r!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%!!!!"!!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"!3!!!3%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!3)!!!%#!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
+$!!!"!`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!""!!!!33#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!38!!!%&!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%'!!!""J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!""`!!!3F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!3J!!!%)!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
+*!!!"#3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"#J!!!3S#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!3X!!!%,!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%-!!!"$!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"$3!!!3d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!3i!!!%1!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
+2!!!"$`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"%!!!!4!#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!4%!!!%4!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%5!!!"%J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"%`!!!4-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!43!!!%8!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
+9!!!"&3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"&J!!!4B#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!4F!!!%A!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%B!!!"'!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"'3!!!4N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!4S!!!%D!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
+E!!!"'`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"(!!!!4`#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!4d!!!%G!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%H!!!"(J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"(`!!!4m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!5!!!!%J!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
+K!!!")3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!")J!!!5)#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!5-!!!%M!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%N!!!"*!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"*3!!!58#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!5B!!!%Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
+R!!!"*`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"+!!!!5J#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!5N!!!%T!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%U!!!"+J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"+`!!!5X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!5`!!!%X!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
+Y!!!",3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!",J!!!5i#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!5m!!!%[!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%`!!!"-!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"-3!!!6%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!6)!!!%b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
+c!!!"-`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"0!!!!63#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!68!!!%e!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%f!!!"0J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"0`!!!6F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!6J!!!%i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
+j!!!"13)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"1J!!!6S#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!6X!!!%l!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%m!!!"2!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"23!!!6d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!6i!!!%q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!%
+r!!!"2`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"3!!!!8!#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!8%!!!&"!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&#!!!"3J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"3`!!!8-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!83!!!&%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
+&!!!"43)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"4J!!!8B#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!8F!!!&(!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&)!!!"5!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"53!!!8N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!8S!!!&+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
+,!!!"5`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"6!!!!8`#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!8d!!!&0!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&1!!!"6J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"6`!!!8m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!9!!!!&3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
+4!!!"83)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"8J!!!9)#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!9-!!!&6!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&8!!!"9!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"93!!!98#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!9B!!!&@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
+A!!!"9`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"@!!!!9J#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!9N!!!&C!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&D!!!"@J)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"@`!!!9X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!9`!!!&F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
+G!!!"A3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"AJ!!!9i#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!9m!!!&I!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&J!!!"B!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"B3!!!@%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!@)!!!&L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
+M!!!"B`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"C!!!!@3#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!@8!!!&P!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&Q!!!"CJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"C`!!!@F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!@J!!!&S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
+T!!!"D3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"DJ!!!@S#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!@X!!!&V!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&X!!!"E!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"E3!!!@d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!@i!!!&Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
+[!!!"E`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"F!!!!A!#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!A%!!!&a!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&b!!!"FJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"F`!!!A-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!A3!!!&d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
+e!!!"G3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"GJ!!!AB#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!AF!!!&h!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&i!!!"H!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"H3!!!AN#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!AS!!!&k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&
+l!!!"H`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"I!!!!A`#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!Ad!!!&p!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!&q!!!"IJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"I`!!!Am#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!B!!!!'!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'
+"!!!"J3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"JJ!!!B)#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!B-!!!'$!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'%!!!"K!)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"K3!!!B8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!BB!!!''!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'
+(!!!"K`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"L!!!!BJ#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!BN!!!'*!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'+!!!"LJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!3!"L`!!!BX#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!B`!!!'-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'
+0!!!"M3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"MJ!!!Bi#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!Bm!!!'2!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'3!!!!!C!!!J%!!!!!!!%!!3%!!!!!!!!
+!!!!!!!!"!!!!!!!!!!!"!!'4!!!"N3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!
+!!!!!!!!!!3!"NJ!!!C)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%
+!!C-!!!'6!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'8!!!"P!)
+"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"P3!!!C8#!3!!!!!!!3!
+"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!CB!!!'@!J%!!!!!!!%!!3%!!!!!!!!
+!!!!!!!!"!!!!!!!!!!!"!!'A!!!"P`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!
+!!!!!!!!!!3!"Q!!!!CJ#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%
+!!CN!!!'C!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'D!!!"QJ)
+"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"Q`!!!CX#!3!!!!!!!3!
+"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!C`!!!'F!J%!!!!!!!%!!3%!!!!!!!!
+!!!!!!!!"!!!!!!!!!!!"!!'G!!!"R3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!
+!!!!!!!!!!3!"RJ!!!Ci#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%
+!!Cm!!!'I!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'J!!!"S!)
+"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"S3!!!D%#!3!!!!!!!3!
+"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!D)!!!'L!J%!!!!!!!%!!3%!!!!!!!!
+!!!!!!!!"!!!!!!!!!!!"!!'M!!!"S`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!
+!!!!!!!!!!3!"T!!!!D3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%
+!!D8!!!'P!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!!!!!"!!'Q!!!"TJ)
+"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!3!"T`!!!DF#!3!!!!!!!3!
+"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!%!!DJ!!!'S!J%!!!!!!!%!!3%!!!!!!!!
+!!!!!!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!)!!!!$!!!!"!!!!!8!!!!'!!!!"`!
+!!!J!!!!*!!!!#J!!!!X!!!!-!!!!$3!!!!i!!!!2!!!!%!!!!"%!!!!5!!!!%`!
+!!"3!!!!9!!!!&J!!!"F!!!!B!!!!'3!!!"S!!!!E!!!!(!!!!"d!!!!H!!!!(`!
+!!#!!!!!K!!!!)J!!!#-!!!!N!!!!*3!!!#B!!!!R!!!!+!!!!#N!!!!U!!!!+`!
+!!#`!!!!Y!!!!,J!!!#m!!!!`!!!!-3!!!$)!!!!c!!!!0!!!!$8!!!!f!!!!0`!
+!!$J!!!!j!!!!1J!!!$X!!!!m!!!!23!!!$i!!!!r!!!!3!!!!%%!!!"#!!!!3`!
+!!%3!!!"&!!!!4J!!!%F!!!")!!!!53!!!%S!!!",!!!!6!!!!%d!!!"1!!!!6`!
+!!&!!!!"4!!!!8J!!!&-!!!"8!!!!93!!!&B!!!"A!!!!@!!!!&N!!!"D!!!!@`!
+!!&`!!!"G!!!!AJ!!!&m!!!"J!!!!B3!!!')!!!"M!!!!C!!!!'8!!!"Q!!!!C`!
+!!'J!!!"T!!!!DJ!!!'X!!!"X!!!!E3!!!'i!!!"[!!!!F!!!!(%!!!"b!!!!F`!
+!!(3!!!"e!!!!GJ!!!(F!!!"i!!!!H3!!!(S!!!"l!!!!I!!!!(d!!!"q!!!!I`!
+!!)!!!!#"!!!!JJ!!!)-!!!#%!!!!K3!!!)B!!!#(!!!!L!!!!)N!!!#+!!!!L`!
+!!)`!!!#0!!!!MJ!!!)m!!!#3!!!!!*%!!!#5!!!!N`!!!*3!!!#9!!!!PJ!!!*F
+!!!#B!!!!Q3!!!*S!!!#E!!!!R!!!!*d!!!#H!!!!R`!!!+!!!!#K!!!!SJ!!!+-
+!!!#N!!!!T3!!!+B!!!#R!!!!U!!!!+N!!!#U!!!!U`!!!+`!!!#Y!!!!VJ!!!+m
+!!!#`!!!!X3!!!,)!!!#c!!!!Y!!!!,8!!!#f!!!!Y`!!!,J!!!#j!!!!ZJ!!!,X
+!!!#m!!!![3!!!,i!!!#r!!!!`!!!!-%!!!$#!!!!``!!!-3!!!$&!!!!aJ!!!-F
+!!!$)!!!!b3!!!-S!!!$,!!!!c!!!!-d!!!$1!!!!c`!!!0!!!!$4!!!!dJ!!!0-
+!!!$8!!!!e3!!!0B!!!$A!!!!f!!!!0N!!!$D!!!!f`!!!0`!!!$G!!!!hJ!!!0m
+!!!$J!!!!i3!!!1)!!!$M!!!!j!!!!18!!!$Q!!!!j`!!!1J!!!$T!!!!kJ!!!1X
+!!!$X!!!!l3!!!1i!!!$[!!!!m!!!!2%!!!$b!!!!m`!!!23!!!$e!!!!pJ!!!2F
+!!!$i!!!!q3!!!2S!!!$l!!!!r!!!!2d!!!$q!!!!r`!!!3!!!!%"!!!"!J!!!3-
+!!!%%!!!""3!!!3B!!!%(!!!"#!!!!3N!!!%+!!!"#`!!!3`!!!%0!!!"$J!!!3m
+!!!%3!!!"%3!!!4)!!!%6!!!"&!!!!48!!!%@!!!"&`!!!4J!!!%C!!!"'J!!!4X
+!!!%F!!!"(3!!!4i!!!%I!!!")!!!!5%!!!%L!!!")`!!!53!!!%P!!!"*J!!!5F
+!!!%S!!!"+3!!!5S!!!%V!!!",!!!!5d!!!%Z!!!",`!!!6!!!!%a!!!"-J!!!6-
+!!!%d!!!"03!!!6B!!!%h!!!"1!!!!6N!!!%k!!!"1`!!!6`!!!%p!!!"2J!!!6m
+!!!&!!!!"33!!!8)!!!&$!!!"4!!!!88!!!&'!!!"4`!!!8J!!!&*!!!"5J!!!8X
+!!!&-!!!"63!!!8i!!!&2!!!"8!!!!9%!!!&5!!!"8`!!!93!!!&9!!!"9J!!!9F
+!!!&B!!!"@3!!!9S!!!&E!!!"A!!!!9d!!!&H!!!"A`!!!@!!!!&K!!!"BJ!!!@-
+!!!&N!!!"C3!!!@B!!!&R!!!"D!!!!@N!!!&U!!!"D`!!!@`!!!&Y!!!"EJ!!!@m
+!!!&`!!!"F3!!!A)!!!&c!!!"G!!!!A8!!!&f!!!"G`!!!AJ!!!&j!!!"HJ!!!AX
+!!!&m!!!"I3!!!Ai!!!&r!!!"J!!!!B%!!!'#!!!"J`!!!B3!!!'&!!!"KJ!!!BF
+!!!')!!!"L3!!!BS!!!',!!!"M!!!!Bd!!!'1!!!"M`!!!C!!!!!"N3!!!C)!!!'
+6!!!"P!!!!C8!!!'@!!!"P`!!!CJ!!!'C!!!"QJ!!!CX!!!'F!!!"R3!!!Ci!!!'
+I!!!"S!!!!D%!!!'L!!!"S`!!!D3!!!'P!!!"TJ!!!DF!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'S!!!"`!%!!!!"!!'
+S!3!"SJ%!!D-"!!'S!3!"S3%!!D!"!!!,!3!!$!%!!!S"!!!0!3!!$J%!!!m"!!!
+3!3!!%3%!!")"!!!6!3!!&!%!!"8"!!!@!3!!&`%!!"J"!!!C!3!!'J%!!"X"!!!
+F!3!!(3%!!"i"!!!I!3!!)!%!!#%"!!!L!3!!)`%!!#3"!!!P!3!!*J%!!#F"!!!
+S!3!!+3%!!#S"!!!V!3!!,!%!!#d"!!!Z!3!!,`%!!$!"!!!a!3!!-J%!!$-"!!!
+d!3!!03%!!$B"!!!h!3!!1!%!!$N"!!!k!3!!1`%!!$`"!!!p!3!!2J%!!$m"!!"
+!!3!!33%!!%)"!!"$!3!!4!%!!%8"!!"'!3!!4`%!!%J"!!"*!3!!5J%!!%X"!!"
+-!3!!63%!!%i"!!"2!3!!8!%!!&%"!!"5!3!!8`%!!&3"!!"9!3!!9J%!!&F"!!"
+B!3!!@3%!!&S"!!"E!3!!A!%!!&d"!!"H!3!!A`%!!'!"!!"K!3!!BJ%!!'-"!!"
+N!3!!C3%!!'B"!!"R!3!!D!%!!'N"!!"U!3!!D`%!!'`"!!"Y!3!!EJ%!!'m"!!"
+`!3!!F3%!!()"!!"c!3!!G!%!!(8"!!"f!3!!G`%!!(J"!!"j!3!!HJ%!!(X"!!"
+m!3!!I3%!!(i"!!"r!3!!J!%!!)%"!!##!3!!J`%!!)3"!!#&!3!!KJ%!!)F"!!#
+)!3!!L3%!!)S"!!#,!3!!M!%!!)d"!!#1!3!!M`%!!*!!!3!"TJ%!!*%"!!#5!3!
+!N`%!!*3"!!#9!3!!PJ%!!*F"!!#B!3!!Q3%!!*S"!!#E!3!!R!%!!*d"!!#H!3!
+!R`%!!+!"!!#K!3!!SJ%!!+-"!!#N!3!!T3%!!+B"!!#R!3!!U!%!!+N"!!#U!3!
+!U`%!!+`"!!#Y!3!!VJ%!!+m"!!#`!3!!X3%!!,)"!!#c!3!!Y!%!!,8"!!#f!3!
+!Y`%!!,J"!!#j!3!!ZJ%!!,X"!!#m!3!![3%!!,i"!!#r!3!!`!%!!-%"!!$#!3!
+!``%!!-3"!!$&!3!!aJ%!!-F"!!$)!3!!b3%!!-S"!!$,!3!!c!%!!-d"!!$1!3!
+!c`%!!0!"!!$4!3!!dJ%!!0-"!!$8!3!!e3%!!0B"!!$A!3!!f!%!!0N"!!$D!3!
+!f`%!!0`"!!$G!3!!hJ%!!0m"!!$J!3!!i3%!!1)"!!$M!3!!j!%!!18"!!$Q!3!
+!j`%!!1J"!!$T!3!!kJ%!!1X"!!$X!3!!l3%!!1i"!!$[!3!!m!%!!2%"!!$b!3!
+!m`%!!23"!!$e!3!!pJ%!!2F"!!$i!3!!q3%!!2S"!!$l!3!!r!%!!2d"!!$q!3!
+!r`%!!3!"!!%"!3!"!J%!!3-"!!%%!3!""3%!!3B"!!%(!3!"#!%!!3N"!!%+!3!
+"#`%!!3`"!!%0!3!"$J%!!3m"!!%3!3!"%3%!!4)"!!%6!3!"&!%!!48"!!%@!3!
+"&`%!!4J"!!%C!3!"'J%!!4X"!!%F!3!"(3%!!4i"!!%I!3!")!%!!5%"!!%L!3!
+")`%!!53"!!%P!3!"*J%!!5F"!!%S!3!"+3%!!5S"!!%V!3!",!%!!5d"!!%Z!3!
+",`%!!6!"!!%a!3!"-J%!!6-"!!%d!3!"03%!!6B"!!'R!3!"0`%!!6J"!!%j!3!
+"1J%!!6X"!!%m!3!"23%!!6i"!!%r!3!"3!%!!8%"!!&#!3!"3`%!!83"!!&&!3!
+"4J%!!8F"!!&)!3!"53%!!8S"!!&,!3!"6!%!!8d"!!&1!3!"6`%!!9!"!!&4!3!
+"8J%!!9-"!!&8!3!"93%!!9B"!!&A!3!"@!%!!9N"!!&D!3!"@`%!!9`"!!&G!3!
+"AJ%!!9m"!!&J!3!"B3%!!@)"!!&M!3!"C!%!!@8"!!&Q!3!"C`%!!@J"!!&T!3!
+"DJ%!!@X"!!&X!3!"E3%!!@i"!!&[!3!"F!%!!A%"!!&b!3!"F`%!!A3"!!&e!3!
+"GJ%!!AF"!!&i!3!"H3%!!AS"!!&l!3!"I!%!!Ad"!!&q!3!"J!%!!B%"!!'#!3!
+"J`%!!B3"!!'&!3!"KJ%!!BF"!!')!3!"L3%!!BS"!!',!3!"M!%!!Bd"!!'1!3!
+"M`%!!C!!!3!"N3%!!C)"!!'6!3!"P!%!!C8"!!'@!3!"P`%!!CJ"!!'C!3!"QJ%
+!!CX"!!'F!3!"R3%!!Ci"!!'I!3!"T!%!!Am"!!!"!3!!"!%!!!-"!!!#!3!!#3%
+!!!8"!!!'!3!!"`%!!!J"!!'P!!!"U3!"!#J!!!!JrrrjT!!""!!!!!!!!!!!!!!
+!!!!!!J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!"1NKjF'9
+b3f&bC!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,#2Z!!!!!!!!!"!!,
+#4r!!!J!!!!!!!!!!!!!#`MD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!J!!!3!!!!!&!!"rr`!!!!"rr`!!!!"rr`!!!!"rr`!!!!`!!3!#!!B!!!!
+&3!!!#!!"!!%k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!3!!!2rrrrm!!!!$!!%!!6Sk!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!"!!!!rrrrr`!!!!3!!3!"1MTTEQ0XG@4P1J!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!!J!"!!%k!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!$!!%!!6Sk1NG98dN
+kD@jME(9NC6S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!3!!3!
+"1MSk4e9656TXD@)k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrr
+r3!!!"3!#!!%k6@&M6e-J8h9`F'pbG$S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!3!!!2rrrrp!!!!'!!)!!6T08d`k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!"!!!!rrrrrd!!!!F!#J!!6@&M6e-J8&"$)%aTEQYPFJ!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6h"PEP066#"38%-!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!%k!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!&0B@0
+28b"38%-J6'PZDf9b!!!!!!!!!!!!!!!!!!!!!!!H39"36!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!"J!!!!3A"`E!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!68e-3J!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!6'PL)%PYF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!69"-4J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6'PL)%P
+YF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69G$4!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!"J!!!!8P053`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!9%9B9#jLD!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!3Q&XE'p[EL")C@a`!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!9%9B9#jM!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp
+$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jM+bX!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!9%9B9#jMB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp
+$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jMF!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!9%9B9#jMF(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp
+$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jPH(!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!9%9B9#jRB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4f&YC80
+[C'8J3fpZGQ9bG'9b!!!!!!!!!!!!!!!!!!"!!!!!9%9B9#jS!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!
+!!!!3!!!!9%9B9#jX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4QaPH#"
+3FQ9`FQpMCA0cEh)!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!69FJ8'&cBf&X)&"33`!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!9%9B9#j`BA-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ8'&
+cBf&X)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j`BfJ!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!
+!!!#!!!!!9%9B9#j`BfJV+`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp
+$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`F(8!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!69FJ8'&cBf&X)&"33`!!!!!!!!!!!!!!!!!!!!!
+!!!#!!!!!9%9B9#jb!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8Q9k!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jc!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!8&"$3A0Y!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!9%9B9#jj!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3QPcEfi
+J8(*PF(*[Bf9cFfpb!!!!!!!!!!!!!!!!!!#!!!!!@%024J!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!@%024NBJ5@e`Eh*d)&"33`!!!!!!!!!!!!!!!!!
+!!!!!!!!!C'pMG3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!FR0bB`!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!"J!!!!FfKXBJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%9')%P
+YF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Fh4eBJ!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!8%9')%PYF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!#jNEf-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3!!!!!!8"!3!"!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!"J!!!!!"!!!!!!8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!"!3!!E@&TEJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!3!"!!!!!3%
+"!3%!!3%!!!!!!!%"!!!"!3!"!!!"!!%!!!!!!!!!!!!)!3!"!3!"!3!!!!%!!!N
+!!"G0B@028b"8EfpXBQpi)%4&3P9()$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!r2cmr39"36!!!!B"B`!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!$mr2cm!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!0!!%!!!!!!"9I69G&8NY6AdG98dPIF(*PCQP
+i,QJ!!!!!!!!!!!!!!!!"!!!"!!!!!!!"!!!!!!!!!!!!!!8"!3%!!!%"!!%!!!!
+!"!!!!!!!!!!!!!!!!!!!!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!"IAh0dBA*d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!3!!#8e
+PFQGP)%peG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!$mr2cp"8&"-!!%"!!!%)#!J)!1ARe!$GYpi!`@Z%!!&!J%
+!!3%!!3%"!!!"!!!!!!!!!!%"!3%!!3%!!3!""!!!!!!!!!!!!!!(!3%!!3!!!3!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!"IAh0dBA*d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8!!!G2F'9
+Z8e0-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2d&38%`!!!3!!!!%!!!!!%!
+!!&M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!%r2cmr!!!!!!!!!!)!!!!#!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!#!&!!!3!"!!%!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8*d024%8
+R)#G%394"*b!R8%P$9#F!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!J!!!3!!!!%#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!)!!!)!!!!#!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!%!!!!!!!!!!!#!!!$!!!
+!!`)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!"!!!!!!!!!!!!J!!"!!!!!3#!3!!!!!
+!!3!"!`!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!8!!!!&!J%!!!!!!!%!!3-!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!#!!!'!!!!"J)"!!!!!!!"!!%$!!!!!!!!!!!!!!!
+!"3!!!!!!!!!!!J!!"`!!!!F#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!)!!!J!!!!)!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!&!!!!!!!!!!!#!!!*!!!
+!#3)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!"3!!!!!!!!!!!J!!#J!!!Am#!3!!!!!
+!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!!X!!!'U!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!#!!!-!!!"U`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!!J!!$3!!!D`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!)!!!i!!!'Y!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!2!!!
+"VJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!%!!!!Dm#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!"%!!!'`!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!#!!!5!!!"X3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!!J!!%`!!!E)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!)!!"3!!!'c!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!9!!!
+"Y!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!&J!!!E8#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!"F!!!'f!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!#!!!B!!!"Y`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!!J!!'3!!!EJ#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!)!!"S!!!'j!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!E!!!
+"ZJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!(!!!!EX#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!"d!!!'m!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!#!!!H!!!"[3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!!J!!(`!!!Ei#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!)!!#!!!!'r!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!K!!!
+"`!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!)J!!!F%#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!#-!!!(#!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!#!!!N!!!"``)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!!J!!*3!!!F3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!)!!#B!!!(&!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!R!!!
+"aJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!+!!!!FF#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!#N!!!()!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!#!!!U!!!"b3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!!J!!+`!!!FS#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!)!!#`!!!(,!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!Y!!!
+"c!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!J!!,J!!!D8#!3!!!!!
+!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!)!!#m!!!(0!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!#!!!`!!!"cJ)"!!!!!!!"!!%$!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!!J!!-3!!!Fm#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!)!!$)!!!(3!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!!!!!#!!!c!!!
+"d33"!!!!!!!!!!%$!!!!!!!!!!!!!!!!J3!!!!!!!!!!!J!!0!!!!G)%!3!!!!!
+!!!!"!`!!!!!!!!!!!!!!!)%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!!J!!!!-!!!!%!!!
+!"3!!!!B!!!!(!!!!#!!!!!N!!!!Y!!!!#J!!!!X!!!!-!!!!$3!!!!i!!!!2!!!
+!%!!!!"%!!!!5!!!!%`!!!"3!!!!9!!!!&J!!!"F!!!!B!!!!'3!!!"S!!!!E!!!
+!(!!!!"d!!!!H!!!!(`!!!#!!!!!K!!!!)J!!!#-!!!!N!!!!*3!!!#B!!!!R!!!
+!+!!!!#N!!!!U!!!!+`!!!#`!!!!Z!!!!,`!!!$!!!!!a!!!!-J!!!$-!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!d!!!
+!3!)!!!!#!!!d!J!!(!)!!"d#!!!H!J!!(`)!!#!#!!!K!J!!)J)!!#-#!!!N!J!
+!*3)!!#B#!!!R!J!!+!)!!#N#!!!U!J!!+`)!!#`#!!!Y!J!!#`)!!!`#!!!0!J!
+!$J)!!!m#!!!3!J!!%3)!!")#!!!6!J!!&!)!!"8#!!!@!J!!&`)!!"J#!!!C!J!
+!'J)!!"X#!!!c!J!!0!)!!#m#!!!`!J!!-J)!!$%#!!!+!J!!!3)!!!3#!!!$!J!
+!!J)!!!N#!!!&!J!!"J)!!!F#!!!)!J!!,J!!!DN!!3!S!J!!%`)!!"3#!!!9!J!
+!&J)!!"F#!!!B!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#`MlJ!!!
+!!!!!!3!#`NI`!!)!!!!!!!!!!!!!!X)fJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!)!!!%!!!!!"3!!Irm!!!!!Irm!!!!!Irm!!!!!Irm!!!!-!!%
+!!J!%!!!!"8!!!!B!!3!"1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!%!!!$rrrrr!!!!!`!"!!%k1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!3!!!2rrrrm!!!!%!!%!!6SkD@jME(9NC6S!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!)!!3!"1J!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!!`!#!!%
+k6@&M6e-J8h9`F'pbG$S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2rrrrp
+!!!!%!!)!!6T08d`k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+"!!!!rrrrrd!!!!8!#J!!6@&M6e-J0MK,)%aTEQYPFJ!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!4f9d5&488&-J0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!%k!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!&0B@028b!f1%XJ6'P
+ZDf9b!!!!!!!!!!!!!!!!!!!!!!!J39"36!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!3A"
+`E!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"J!!!!68e-3J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!6'PL)%PYF'pbG#!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69"
+-4J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6'PL)%PYF'pbG#!f1%X
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69G$4!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!6d*
++)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69"A)%PYF'pbG#!f1%X
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%a[BJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!8P0
+53`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"J!!!!9%9B9#jLD!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!3Q&XE'p[EL")C@a`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
+B9#jM!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jM+bX!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
+B9#jMB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jMF!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
+B9#jMF(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jPH(!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
+B9#jRB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4f&YC80[C'8J3fpZGQ9
+bG'9b!!!!!!!!!!!!!!!!!!"!!!!!9%9B9#jS!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!9%9
+B9#jX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4QaPH#"3FQ9`FQpMCA0
+cEh)!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!69FJ8'&cBf&X)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
+B9#j`BA-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ8'&cBf&X)$Bi5`!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j`BfJ!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9
+B9#j`BfJV+`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!
+!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`F(8!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!69FJ8'&cBf&X)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9
+B9#jb!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8Q9k!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jcC@F!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
+B9#jj!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3QPcEfiJ8(*PF(*[Bf9
+cFfpb!!!!!!!!!!!!!!!!!!#!!!!!C'pMG3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!FR0
+bB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"J!!!!FfKXBJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!8%9')%PYF'pbG#!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Fh4
+eBJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%9')%PYF'pbG#!f1%X
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#jNEf-!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3!!!!!!!
+!!#jbFh*M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"J!!!!!!8"!3!"!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!
+!!!!"!!!!!!8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!"!3!!E@&TEJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!3%"!!!!!3%"!!!"!3%!!!!
+!!!%"!!!"!3!"!!!""!!!!!!!!!!!!!!)!3!"!3!"!3!!!!%!!!N!!!e(CA4)9&4
+38bJf1%XT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!r2cmr39"36!!!!J"B`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cm!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!0!!%!!!!!!""I69G&8NY6Ah"bC@CTH#jS!!!!!!!!!!!!!!!
+!!!!!!!!"!!!!!!!!!!!"!!!!!!!!!!!!!!8"!3%!!!%"!!%!!!!!"!!!!!!!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"IAh0
+dBA*d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!3!!#8ePFQGP)%peG!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!$mr2cp"8&"-!!%"!!!%)#!J)!1ARe!$GYpi!`@Z%!!&!J%!!3%!!3%"!!!
+"!!!!!!!!!!%"!3%!!3%!!3!""!!!!!!!!!!!!!!(!3%!!3!!!3!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!"IAh0dBA*d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8!!!K(CA4)9&438`!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2d&38%`!!!3!!!!%!!!!!%!!!&M!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%r2cm
+r!!!!!!!!!!)!!!!#!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!#!&!!!3!"!!%!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8*d024%8R)#G%394"*b!
+R8%P$9#F!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!`!!!3!!!!S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!!)!!!!
+,!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!$!!!!$!)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!"!!!!!d#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!-!!!8!!!!1!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!$!!!'!!!!$`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!!`!!"`!!!"!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!!J!!!!
+4!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!*!!!!%J)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!#J!!!"-#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!-!!!X!!!!8!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!$!!!-!!!!&3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!!`!!$3!!!"B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!!i!!!!
+A!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!2!!!!'!)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!%!!!!"N#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!-!!"%!!!!D!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!$!!!5!!!!'`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!!`!!%`!!!"`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!"3!!!!
+G!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!9!!!!(J)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!&J!!!"m#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!-!!"F!!!!J!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!$!!!B!!!!)3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!!`!!'3!!!#)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!"S!!!!
+M!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!E!!!!*!)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!(!!!!#8#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!-!!"d!!!!Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!$!!!H!!!!*`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!!`!!(`!!!#J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!#!!!!!
+T!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!K!!!!+J)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!)J!!!#X#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!-!!#-!!!!X!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!$!!!N!!!!,3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!!`!!*3!!!#i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!#B!!!!
+[!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!R!!!!-!)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!+!!!!$%#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!-!!#N!!!!b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!$!!!U!!!!-`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!!`!!+`!!!$3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!#`!!!!
+e!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!Y!!!!0J)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!,J!!!$F#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!-!!#m!!!!i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!$!!!`!!!!13)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!!`!!-3!!!$S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!$)!!!!
+l!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!c!!!!2!)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!0!!!!$d#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!-!!$8!!!!q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!$!!!f!!!!2`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!!`!!0`!!!%!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!$J!!!"
+"!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!j!!!!3J)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!1J!!!%-#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!-!!$X!!!"%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!$!!!m!!!!43)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!!`!!23!!!%B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!$i!!!"
+(!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!!r!!!!5!)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!3!!!!%N#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!-!!%%!!!"+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!$!!"#!!!!5`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!!`!!3`!!!%`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!%3!!!"
+0!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"&!!!!6J)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!4J!!!%m#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!-!!%F!!!"3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!$!!")!!!!83)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!!`!!53!!!&)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!%S!!!"
+6!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!",!!!!9!)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!6!!!!&8#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!-!!%d!!!"@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!$!!"1!!!!9`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!!`!!6`!!!&J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!&!!!!"
+C!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"4!!!!@J)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!8J!!!&X#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!-!!&-!!!"F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!$!!"8!!!!A3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!!`!!93!!!&i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!&B!!!"
+I!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"A!!!!B!)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!@!!!!'%#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!-!!&N!!!"L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!$!!"D!!!!B`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!!`!!@`!!!'3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!&`!!!"
+P!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"G!!!!CJ)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!AJ!!!'F#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!-!!&m!!!"S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!$!!"J!!!!D3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!!`!!B3!!!'S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!')!!!"
+V!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"M!!!!E!)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!C!!!!'d#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!-!!'8!!!"Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!$!!"Q!!!!E`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!!`!!C`!!!(!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!'J!!!"
+a!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"T!!!!FJ)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!DJ!!!(-#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!-!!'X!!!"d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!$!!"X!!!!G3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!!`!!E3!!!(B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!'i!!!"
+h!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"[!!!!H!)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!F!!!!(N#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!-!!(%!!!"k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!$!!"b!!!!H`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!!`!!F`!!!(`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!(3!!!"
+p!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"e!!!!IJ)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!GJ!!!(m#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!-!!(F!!!#!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!$!!"i!!!!J3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!!`!!H3!!!))#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!(S!!!#
+$!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!"l!!!!K!)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!I!!!!)8#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!-!!(d!!!#'!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!$!!"q!!!!K`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!!`!!I`!!!)J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!)!!!!#
+*!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#"!!!!LJ)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!JJ!!!)X#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!-!!)-!!!#-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!$!!#%!!!!M3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!!`!!K3!!!)i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!)B!!!#
+2!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#(!!!!N!!#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!)J!!!#4!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!$!!#*!!!!NJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!!`!!LJ!!!*-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!-!!)X!!!#8!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#-!!!
+!P3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!M3!!!*B#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!)i!!!#A!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!$!!#2!!!!Q!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!!`!!N!!!!!#C!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!#4!!!!QJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!NJ!
+!!*X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!*-!!!#F!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#8!!!!R3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!P3!!!*i#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!*B!!!#I!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!#A!!!!S!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!Q!!
+!!+%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!*N!!!#L!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#D!!!!S`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!Q`!!!+3#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!*`!!!#P!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!#G!!!!TJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!RJ!
+!!+F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!*m!!!#S!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#J!!!!U3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!S3!!!+S#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!+)!!!#V!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!#M!!!!V!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!T!!
+!!+d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!+8!!!#Z!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#Q!!!!V`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!T`!!!,!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!+J!!!#a!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!#T!!!!XJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!UJ!
+!!,-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!+X!!!#d!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#X!!!!Y3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!V3!!!,B#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!+i!!!#h!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!#[!!!!Z!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!X!!
+!!,N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!,%!!!#k!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#b!!!!Z`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!X`!!!,`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!,3!!!#p!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!#e!!!![J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!YJ!
+!!,m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!,F!!!$!!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#i!!!!`3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!Z3!!!-)#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!,S!!!$$!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!#l!!!!a!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!![!!
+!!-8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!,d!!!$'!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!#q!!!!a`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!![`!!!-J#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!-!!!!$*!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!$"!!!!bJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!`J!
+!!-X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!--!!!$-!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$%!!!!c3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!a3!!!-i#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!-B!!!$2!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!$(!!!!d!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!b!!
+!!0%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!-N!!!$5!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$+!!!!d`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!b`!!!03#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!-`!!!$9!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!$0!!!!eJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!cJ!
+!!0F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!-m!!!$B!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$3!!!!f3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!d3!!!0S#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!0)!!!$E!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!$6!!!!h!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!e!!
+!!0d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!08!!!$H!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$@!!!!h`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!e`!!!1!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!0J!!!$K!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!$C!!!!iJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!fJ!
+!!1-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!0X!!!$N!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$F!!!!j3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!h3!!!1B#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!0i!!!$R!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!$I!!!!k!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!i!!
+!!1N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!1%!!!$U!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$L!!!!k`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!i`!!!1`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!13!!!$Y!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!$P!!!!lJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!jJ!
+!!1m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!1F!!!$`!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$S!!!!m3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!k3!!!2)#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!1S!!!$c!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!$V!!!!p!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!l!!
+!!28#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!1d!!!$f!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$Z!!!!p`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!l`!!!2J#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!2!!!!$j!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!$a!!!!qJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!mJ!
+!!2X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!2-!!!$m!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$d!!!!r3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!p3!!!2i#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!2B!!!$r!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!$h!!!"!!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!q!!
+!!3%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!2N!!!%#!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!$k!!!"!`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!!q`!!!33#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!2`!!!%&!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!$p!!!""J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!!rJ!
+!!3F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!2m!!!%)!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%!!!!"#3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!"!3!!!3S#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!3)!!!%,!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!%$!!!"$!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!""!!
+!!3d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!38!!!%1!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%'!!!"$`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!""`!!!4!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!3J!!!%4!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!%*!!!"%J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"#J!
+!!4-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!3X!!!%8!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%-!!!"&3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!"$3!!!4B#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!3i!!!%A!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!%2!!!"'!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"%!!
+!!4N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!4%!!!%D!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%5!!!"'`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!"%`!!!4`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!43!!!%G!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!%9!!!"(J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"&J!
+!!4m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!4F!!!%J!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%B!!!")3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!"'3!!!5)#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!4S!!!%M!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!%E!!!"*!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"(!!
+!!58#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!4d!!!%Q!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%H!!!"*`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!"(`!!!5J#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!5!!!!%T!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!%K!!!"+J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!")J!
+!!5X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!5-!!!%X!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%N!!!",3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!"*3!!!5i#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!5B!!!%[!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!%R!!!"-!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"+!!
+!!6%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!5N!!!%b!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%U!!!"-`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!"+`!!!63#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!5`!!!%e!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!%Y!!!"0J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!",J!
+!!6F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!5m!!!%i!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%`!!!"13)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!"-3!!!6S#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!6)!!!%l!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!%c!!!"2!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"0!!
+!!6d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!68!!!%q!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%f!!!"2`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!"0`!!!8!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!6J!!!&"!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!%j!!!"3J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"1J!
+!!8-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!6X!!!&%!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!%m!!!"43)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!"23!!!8B#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!6i!!!&(!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!%r!!!"5!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"3!!
+!!8N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!8%!!!&+!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&#!!!"5`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!"3`!!!8`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!83!!!&0!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!&&!!!"6J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"4J!
+!!8m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!8F!!!&3!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&)!!!"83)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!"53!!!9)#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!8S!!!&6!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!&,!!!"9!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"6!!
+!!98#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!8d!!!&@!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&1!!!"9`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!"6`!!!9J#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!9!!!!&C!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!&4!!!"@J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"8J!
+!!9X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!9-!!!&F!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&8!!!"A3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!"93!!!9i#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!9B!!!&I!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!&A!!!"B!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"@!!
+!!@%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!9N!!!&L!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&D!!!"B`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!"@`!!!@3#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!9`!!!&P!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!&G!!!"CJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"AJ!
+!!@F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!9m!!!&S!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&J!!!"D3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!"B3!!!@S#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!@)!!!&V!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!&M!!!"E!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"C!!
+!!@d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!@8!!!&Z!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&Q!!!"E`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!"C`!!!A!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!@J!!!&a!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!&T!!!"FJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"DJ!
+!!A-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!@X!!!&d!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&X!!!"G3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!"E3!!!AB#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!@i!!!&h!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!&[!!!"H!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"F!!
+!!AN#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!A%!!!&k!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&b!!!"H`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!"F`!!!A`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!A3!!!&p!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!&e!!!"IJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"GJ!
+!!B!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!AF!!!'"!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&i!!!"JJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!"H3!!!B-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!AS!!!'%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!&l!!!"K3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"I!!
+!!BB#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!Ad!!!'(!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!&q!!!"L!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!"I`!!!BN#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!B!!!!'+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!$!!'"!!!"L`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"JJ!
+!!B`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!B-!!!'0!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'%!!!"MJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!!`!"K3!!!Bm#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!-!!BB!!!'3!!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!!`!"K`!!!C%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!BJ
+!!!'5!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'*!!!"N`)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"LJ!!!C3#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!BX!!!'9!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!$!!'-!!!"PJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!!`!"M3!!!CF#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!Bi
+!!!'B!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'2!!!"Q3)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"N!!!!!'D!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'4!!!"Q`)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"NJ!!!C`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!C-!!!'G!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'
+8!!!"RJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"P3!!!Cm#!3!
+!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!CB!!!'J!J%!!!!!!!%!!3%
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'A!!!"S3)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"Q!!!!D)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!CN!!!'M!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'
+D!!!"d`)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"Q`!!!G3#!3!
+!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!C`!!!(9!J%!!!!!!!%!!3-
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'G!!!"eJ)"!!!!!!!"!!%$!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"RJ!!!D3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!Cm!!!(A!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'
+J!!!"f!)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!3!!!!!!!!!!!`!"S3!!!GN#!3!
+!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!-!!D)!!!(D!J%!!!!!!!%!!3-
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!$!!'M!!!"TJ)"!!!!!!!"!!%"!!!!!!!!!!!
+!!!!!!3!!!!!!!!!!!`!"T!!!!DF#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!-!!D8!!!'S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!)!!!!$!!!!"!!!!!8!!!!
+'!!!!"`!!!!J!!!!*!!!!#J!!!!X!!!!-!!!!$3!!!!i!!!!2!!!!%!!!!"%!!!!
+5!!!!%`!!!"3!!!!9!!!!&J!!!"F!!!!B!!!!'3!!!"S!!!!E!!!!(!!!!"d!!!!
+H!!!!(`!!!#!!!!!K!!!!)J!!!#-!!!!N!!!!*3!!!#B!!!!R!!!!+!!!!#N!!!!
+U!!!!+`!!!#`!!!!Y!!!!,J!!!#m!!!!`!!!!-3!!!$)!!!!c!!!!0!!!!$8!!!!
+f!!!!0`!!!$J!!!!j!!!!1J!!!$X!!!!m!!!!23!!!$i!!!!r!!!!3!!!!%%!!!"
+#!!!!3`!!!%3!!!"&!!!!4J!!!%F!!!")!!!!53!!!%S!!!",!!!!6!!!!%d!!!"
+1!!!!6`!!!&!!!!"4!!!!8J!!!&-!!!"8!!!!93!!!&B!!!"A!!!!@!!!!&N!!!"
+D!!!!@`!!!&`!!!"G!!!!AJ!!!&m!!!"J!!!!B3!!!')!!!"M!!!!C!!!!'8!!!"
+Q!!!!C`!!!'J!!!"T!!!!DJ!!!'X!!!"X!!!!E3!!!'i!!!"[!!!!F!!!!(%!!!"
+b!!!!F`!!!(3!!!"e!!!!GJ!!!(F!!!"i!!!!H3!!!(S!!!"l!!!!I!!!!(d!!!"
+q!!!!I`!!!)!!!!#"!!!!JJ!!!)-!!!#%!!!!K3!!!)B!!!#(!!!!L!!!!)N!!!#
++!!!!L`!!!)`!!!#0!!!!MJ!!!)m!!!#3!!!!!*%!!!#5!!!!N`!!!*3!!!#9!!!
+!PJ!!!*F!!!#B!!!!Q3!!!*S!!!#E!!!!R!!!!*d!!!#H!!!!R`!!!+!!!!#K!!!
+!SJ!!!+-!!!#N!!!!T3!!!+B!!!#R!!!!U!!!!+N!!!#U!!!!U`!!!+`!!!#Y!!!
+!VJ!!!+m!!!#`!!!!X3!!!,)!!!#c!!!!Y!!!!,8!!!#f!!!!Y`!!!,J!!!#j!!!
+!ZJ!!!,X!!!#m!!!![3!!!,i!!!#r!!!!`!!!!-%!!!$#!!!!``!!!-3!!!$&!!!
+!aJ!!!-F!!!$)!!!!b3!!!-S!!!$,!!!!c!!!!-d!!!$1!!!!c`!!!0!!!!$4!!!
+!dJ!!!0-!!!$8!!!!e3!!!0B!!!$A!!!!f!!!!0N!!!$D!!!!f`!!!0`!!!$G!!!
+!hJ!!!0m!!!$J!!!!i3!!!1)!!!$M!!!!j!!!!18!!!$Q!!!!j`!!!1J!!!$T!!!
+!kJ!!!1X!!!$X!!!!l3!!!1i!!!$[!!!!m!!!!2%!!!$b!!!!m`!!!23!!!$e!!!
+!pJ!!!2F!!!$i!!!!q3!!!2S!!!$l!!!!r!!!!2d!!!$q!!!!r`!!!3!!!!%"!!!
+"!J!!!3-!!!%%!!!""3!!!3B!!!%(!!!"#!!!!3N!!!%+!!!"#`!!!3`!!!%0!!!
+"$J!!!3m!!!%3!!!"%3!!!4)!!!%6!!!"&!!!!48!!!%@!!!"&`!!!4J!!!%C!!!
+"'J!!!4X!!!%F!!!"(3!!!4i!!!%I!!!")!!!!5%!!!%L!!!")`!!!53!!!%P!!!
+"*J!!!5F!!!%S!!!"+3!!!5S!!!%V!!!",!!!!5d!!!%Z!!!",`!!!6!!!!%a!!!
+"-J!!!6-!!!%d!!!"03!!!6B!!!%h!!!"1!!!!6N!!!%k!!!"1`!!!6`!!!%p!!!
+"2J!!!6m!!!&!!!!"33!!!8)!!!&$!!!"4!!!!88!!!&'!!!"4`!!!8J!!!&*!!!
+"5J!!!8X!!!&-!!!"63!!!8i!!!&2!!!"8!!!!9%!!!&5!!!"8`!!!93!!!&9!!!
+"9J!!!9F!!!&B!!!"@3!!!9S!!!&E!!!"A!!!!9d!!!&H!!!"A`!!!@!!!!&K!!!
+"BJ!!!@-!!!&N!!!"C3!!!@B!!!&R!!!"D!!!!@N!!!&U!!!"D`!!!@`!!!&Y!!!
+"EJ!!!@m!!!&`!!!"F3!!!A)!!!&c!!!"G!!!!A8!!!&f!!!"G`!!!AJ!!!&j!!!
+"HJ!!!AX!!!&m!!!"I3!!!Ai!!!&r!!!"J!!!!B%!!!'#!!!"J`!!!B3!!!'&!!!
+"KJ!!!BF!!!')!!!"L3!!!BS!!!',!!!"M!!!!Bd!!!'1!!!"M`!!!C!!!!!"N3!
+!!C)!!!'6!!!"P!!!!C8!!!'@!!!"P`!!!CJ!!!'G!!!"SJ!!!D-!!!'N!!!"Q3!
+!!CS!!!'E!!!"R!!!!Ci!!!'I!!!"S!!!!D%!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'P!!!"`!-
+!!!!$!!'P!!!"f`!"!"`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$!!'B!`!"Q3-
+!!D8$!!'A!`!"PJ-!!!)$!!!$!`!!!3-!!!3$!!!&!`!!"J-!!!F$!!!)!`!!#3-
+!!!S$!!!,!`!!$!-!!!d$!!!1!`!!$`-!!"!$!!!4!`!!%J-!!"-$!!!8!`!!&3-
+!!"B$!!!A!`!!'!-!!"N$!!!D!`!!'`-!!"`$!!!G!`!!(J-!!"m$!!!J!`!!)3-
+!!#)$!!!M!`!!*!-!!#8$!!!Q!`!!*`-!!#J$!!!T!`!!+J-!!#X$!!!X!`!!,3-
+!!#i$!!![!`!!-!-!!$%$!!!b!`!!-`-!!$3$!!!e!`!!0J-!!$F$!!!i!`!!13-
+!!$S$!!!l!`!!2!-!!$d$!!!q!`!!2`-!!%!$!!""!`!!3J-!!%-$!!"%!`!!43-
+!!%B$!!"(!`!!5!-!!%N$!!"+!`!!5`-!!%`$!!"0!`!!6J-!!%m$!!"3!`!!83-
+!!&)$!!"6!`!!9!-!!&8$!!"@!`!!9`-!!&J$!!"C!`!!@J-!!&X$!!"F!`!!A3-
+!!&i$!!"I!`!!B!-!!'%$!!"L!`!!B`-!!'3$!!"P!`!!CJ-!!'F$!!"S!`!!D3-
+!!'S$!!"V!`!!E!-!!'d$!!"Z!`!!E`-!!(!$!!"a!`!!FJ-!!(-$!!"d!`!!G3-
+!!(B$!!"h!`!!H!-!!(N$!!"k!`!!H`-!!(`$!!"p!`!!IJ-!!(m$!!#!!`!!J3-
+!!))$!!#$!`!!K!-!!)8$!!'M!`!!KJ-!!)F$!!#)!`!!L3-!!)S$!!#,!`!!M!-
+!!)d$!!#1!`!!M`-!!*!!!`!!N3-!!*)$!!#6!`!!P!-!!*8$!!#@!`!!P`-!!*J
+$!!#C!`!!QJ-!!*X$!!#F!`!!R3-!!*i$!!#I!`!!S!-!!+%$!!#L!`!!S`-!!+3
+$!!#P!`!!TJ-!!+F$!!#S!`!!U3-!!+S$!!#V!`!!V!-!!+d$!!#Z!`!!V`-!!,!
+$!!#a!`!!XJ-!!,-$!!#d!`!!Y3-!!,B$!!#h!`!!Z!-!!,N$!!#k!`!!Z`-!!,`
+$!!#p!`!![J-!!,m$!!$!!`!!`3-!!-)$!!$$!`!!a!-!!-8$!!$'!`!!a`-!!-J
+$!!$*!`!!bJ-!!-X$!!$-!`!!c3-!!-i$!!$2!`!!d!-!!0%$!!$5!`!!d`-!!03
+$!!$9!`!!eJ-!!0F$!!$B!`!!f3-!!0S$!!$E!`!!h!-!!0d$!!$H!`!!h`-!!1!
+$!!$K!`!!iJ-!!1-$!!$N!`!!j3-!!1B$!!$R!`!!k!-!!1N$!!$U!`!!k`-!!1`
+$!!$Y!`!!lJ-!!1m$!!$`!`!!m3-!!2)$!!$c!`!!p!-!!28$!!$f!`!!p`-!!2J
+$!!$j!`!!qJ-!!2X$!!$m!`!!r3-!!2i$!!$r!`!"!!-!!3%$!!%#!`!"!`-!!33
+$!!%&!`!""J-!!3F$!!%)!`!"#3-!!3S$!!%,!`!"$!-!!3d$!!%1!`!"$`-!!4!
+$!!%4!`!"%J-!!4-$!!%8!`!"&3-!!4B$!!%A!`!"'!-!!4N$!!%D!`!"'`-!!4`
+$!!%G!`!"(J-!!4m$!!%J!`!")3-!!5)$!!%M!`!"*!-!!58$!!%Q!`!"*`-!!5J
+$!!%T!`!"+J-!!5X$!!%X!`!",3-!!D3$!!%Z!`!",`-!!6!$!!%a!`!"-J-!!6-
+$!!%d!`!"03-!!6B$!!%h!`!"1!-!!6N$!!%k!`!"1`-!!6`$!!%p!`!"2J-!!6m
+$!!&!!`!"33-!!8)$!!&$!`!"4!-!!88$!!&'!`!"4`-!!8J$!!&*!`!"5J-!!8X
+$!!&-!`!"63-!!8i$!!&2!`!"8!-!!9%$!!&5!`!"8`-!!93$!!&9!`!"9J-!!9F
+$!!&B!`!"@3-!!9S$!!&E!`!"A!-!!9d$!!&H!`!"A`-!!@!$!!&K!`!"BJ-!!@-
+$!!&N!`!"C3-!!@B$!!&R!`!"D!-!!@N$!!&U!`!"D`-!!@`$!!&Y!`!"EJ-!!@m
+$!!&`!`!"F3-!!A)$!!&c!`!"G!-!!A8$!!&f!`!"G`-!!AJ$!!&j!`!"HJ-!!AX
+$!!&m!`!"I3-!!Ai$!!&r!`!"J!-!!B%$!!'#!`!"J`-!!B3$!!'&!`!"KJ-!!BF
+$!!')!`!"L3-!!BS$!!',!`!"M!-!!Bd$!!'1!`!"M`-!!C!!!`!"N3-!!C)$!!'
+6!`!"P!-!!C8$!!'H!`!"S!-!!D%$!!'E!`!"SJ-!!CS$!!'F!`!"R3-!!Cm!!J!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,#2Z!!!!!!!!!"!!,#4r!!!J!
+!!!!!!!!!!!!#`MD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!
+!!3!!!!!&!!"rr`!!!!"rr`!!!!"rr`!!!!"rr`!!!!`!!3!#!!B!!!!&3!!!#!!
+"!!%k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2r
+rrrm!!!!$!!%!!6Sk!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!"!!!!rrrrr`!!!!3!!3!"1MTTEQ0XG@4P1J!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!$rrrrr3!!!!J!"!!%k!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!$!!%!!6Sk1NG98dNkD@jME(9
+NC6S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!3!!3!"1MSk4e9
+656TXD@)k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!"3!
+#!!%k6@&M6e-J8h9`F'pbG$S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2r
+rrrp!!!!'!!)!!6T08d`k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!"!!!!rrrrrd!!!!F!#J!!6@&M6e-J0MK,)%aTEQYPFJ!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!6'PL8e0-)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!%k!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!&0B@028b!f1%X
+J6'PZDf9b!!!!!!!!!!!!!!!!!!!!!!!J39"36!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!
+!3A"`E!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!68e-3J!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!6'PL)%PYF'pbG#!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!69"-4J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6'PL)%PYF'pbG#!
+f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69G$4!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!
+!6d*+)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69"A)%PYF'pbG#!
+f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%a[BJ!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!
+!8P053`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!9%9B9#jLD!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!3Q&XE'p[EL")C@a`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!9%9B9#jM!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK
+,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jM+bX!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!9%9B9#jMB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK
+,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jMF!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!9%9B9#jMF(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK
+,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jPH(!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!9%9B9#jRB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4f&YC80[C'8J3fp
+ZGQ9bG'9b!!!!!!!!!!!!!!!!!!"!!!!!9%9B9#jS!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!
+!9%9B9#jX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4QaPH#"3FQ9`FQp
+MCA0cEh)!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!69FJ8'&cBf&X)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!9%9B9#j`BA-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ8'&cBf&X)$B
+i5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j`BfJ!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!
+!9%9B9#j`BfJV+`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK
+,!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`F(8!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!69FJ8'&cBf&X)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!#!!!!
+!9%9B9#jb!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8Q9k!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jcC@F!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!9%9B9#jj!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3QPcEfiJ8(*PF(*
+[Bf9cFfpb!!!!!!!!!!!!!!!!!!#!!!!!C'pMG3!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!
+!FR0bB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!FfKXBJ!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!8%9')%PYF'pbG#!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!Fh4eBJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%9')%PYF'pbG#!
+f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#jNEf-!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3!!!
+!!!!!!#jbFh*M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!!!8"!3!"!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!"J!!!!!"!!!!!!8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!"!3!!E@&TEJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!3%"!!!!!3%"!!!"!3%
+!!!!!!!%"!!!"!3!"!!!""!!!!!!!!!!!!!!)!3!"!3!"!3!!!!%!!!N!!aK-D@*
+68d`Z0MK,)%CK+$4TAcKN+5j-D@)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!r2cmr2cmr2`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cm
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!0!!%!!!!!!"9I69G&8NY6AdG98dPIF(*PCQPi,QJ!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!"!!!!!!!!!!!!!!8"!3%!!!%"!!%!!!!!"!!!!!!
+!!!!!!!!!!!!!!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+IAh0dBA*d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!3!!#8ePFQGP)%p
+eG!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!$mr2cp"8&"-!!%"!!!%)#!J)!1ARe!$GYpi!`@Z%!!&!J%!!3%!!3%
+"!!!"!!!!!!!!!!%"!3%!!3%!!3!""!!!!!!!!!!!!!!(!3%!!3!!!3!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!"IAh0dBA*d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8!!!K(CA4)9&438`!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2d&38%`!!!3!!!!%!!!!!%!!!&M!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%
+r2cmr!!!!!!!!!!)!!!!#!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!#!&!!!3!"!!%!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8*d024%8R)#G%394
+"*b!R8%P$9#F!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!"!!!!3!!!!S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!!)
+!!!!,!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!$!!!!$!)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!"!!!!!d#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!!8!!!!1!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!%!!!'!!!!$`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!"!!!"`!!!"!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!!J
+!!!!4!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!*!!!!%J)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!#J!!!"-#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!!X!!!!8!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!%!!!-!!!!&3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!"!!!$3!!!"B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!!i
+!!!!A!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!2!!!!'!)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!%!!!!"N#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!"%!!!!D!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!%!!!5!!!!'`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!"!!!%`!!!"`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!"3
+!!!!G!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!9!!!!(J)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!&J!!!"m#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!"F!!!!J!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!%!!!B!!!!)3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!"!!!'3!!!#)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!"S
+!!!!M!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!E!!!!*!)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!(!!!!#8#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!"d!!!!Q!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!%!!!H!!!!*`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!"!!!(`!!!#J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!#!
+!!!!T!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!%!!!K!!!!+J)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"!!!)J!!!#X#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!3!!#-!!!!X!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!!J!!!!-!!!!%!!!!"3!!!!B
+!!!!(!!!!#!!!!!N!!!!+!!!!#`!!!!`!!!!0!!!!$J!!!!m!!!!3!!!!%3!!!")
+!!!!6!!!!&!!!!"8!!!!@!!!!&`!!!"J!!!!C!!!!'J!!!"X!!!!F!!!!(3!!!"i
+!!!!I!!!!)!!!!#%!!!!L!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!M!!!!3!3!!!!
+%!!!M!!!"f`!"!"`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!&"!!!"!3!!!-
+%!!!#"!!!"J3!!!X%!!!+"!!!#33!!!J%!!!("!!!$!3!!")%!!!4"!!!%!3!!!m
+%!!!0"!!!$J3!!"-%!!!L"!!!)33!!#!%!!!I"!!!)`3!!!%%!!!8"!!!&33!!"B
+%!!!A"!!!'!3!!"N%!!!D"!!!'`3!!"`%!!!G"!!!(J!#!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!X)qi!!!!!!!!!%!!X*(m!!#!!!!!!!!!!!!!!,#0S!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!"!!!!!!8!!(rr!!!
+!!(rr!!!!!(rr!!!!!(rr!!!!$!!"!!)!"J!!!!9!!!!)!!%!!6S!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrrrr`!!!!-!!3!"1MS
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!$rrrrr!!!
+!"!!"!!%k1QPZBfaeC'8k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!2rrrrp!!!!#!!%!!6S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!rrrrrd!!!!-!!3!"1MSk4e9656TTEQ0XG@4P1J!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!"!!"!!%k1MT(990*1QaTBMS!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!&!!)!!6T0B@028b"6GA"
+`Eh*d1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrrrrd!!!!B!!J!"1Ne
+66$S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!$rrrrr3!!
+!"`!+!!"0B@028b!f1%XJ6'PZDf9b!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!"2F'9Z8e0-)$BiD`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!6S!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!8eKBdp6)$Bi5b"-D@jVCA)!!!!!!!!
+!!!!!!!!!!!!!!#""8&"-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!""F("X!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!'!!!!"068a#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+-D@)J5@e`Eh*d)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!"08%a'!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"-D@)J5@e`Eh*d)$Bi5`!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"09d0%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"23NSJ!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"08&FJ5@e`Eh*d)$Bi5`!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"36'pL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"58e*$!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!'!!!!"849K8,Q*S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+#B@aXEfpZ)%KPE(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q-!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"849K8,Q-V+`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q0M!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"849K8,Q0`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q0`F!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"849K8,Q9iF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,QGM!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"(B@eP3fpNC5"$EfjfCA*dCA)!!!!!!!!
+!!!!!!!!!!%!!!!"849K8,QJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!"849K8,Q`!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"'E'9i)&"bCA"bEf0PFh0[FJ!!!!!!!!!
+!!!!!!!!!!)!!!!"849K8,R!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+09b"3BA0MB@`J0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,R"KF`!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"3BA0MB@`J0MK,!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"849K8,R"MD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!"849K8,R"MD#XV!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b!f1%X!!!!!!!!!!!!!!!!
+!!!!!!!!!!)!!!!"849K8,R"`G3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+09b"3BA0MB@`J0MK,!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!"849K8,R)!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"5CAS!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!"849K8,R0PC`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,RN!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"#DA0[EL"3FQ9`FQpMCA0cEh)!!!!!!!!
+!!!!!!!!!!)!!!!"NEf0e!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"bFh*M!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!'!!!!"cD'aL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+348BJ5@e`Eh*d)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!"cG(9L!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"348BJ5@e`Eh*d)$Bi5`!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!,Q4[B`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&!!!!!!!!!!,R*cFQ-!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!'!!!!!!"3%"!!%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!!!%!!!!!"3!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%
+"!!"YB@PZ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!J"!!%!!!!"!3%!!!%"!3!!!!!!!3%!!!%"!!%
+!!!%%!!!!!!!!!!!!!!J"!!%"!!%"!!!!!3!!#3!!$%p`C@j68d`S0MKV+3!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$m
+r2cp"8&"-!!!#!&M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2`!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!d!!3!!!!!!&9p09d955e0I4e9659p`FQ9QDAJZD!!!!!!!!!!!!!!!!!%!!!!
+!!!!!!!%!!!!!!!!!!!!!"3%"!3!!!3%!!3!!!!!%!!!!!!!!!!!!!!!!!!!!!!%
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&pIFh4KFR3!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!"!!!*6@9bCf8J6h9d!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2d&
+38%`!!3%!!!3J)#!J!jHI8!0fhhJ$"Di3!!8#!3!"!3!"!3%!!!%!!!!!!!!!!3%
+"!3!"!3!"!!%%!!!!!!!!!!!!!!F"!3!"!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&pIFh4
+KFR3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3!!"dp`C@j68d`!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!r2cmr39"36!!!"!!!!!3!!!!!3!!!@-!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6mr2cm!!!!!!!!!!J!
+!!!)!!J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!8!!
+"!!%!!3!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3R3dp%45FJ*d4"9%%R)#G35808*`!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&!!!"!!!"Z`)
+"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"3!!!J!!!E`#!3!!!!!!!3!
+"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!8!!!-!!!'p!J%!!!!!!!%!!3%!!!!!!!!
+!!!!!!!!"!!!!!!!!!!!&!!!%!!!"[J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!
+!!!!!!!!!"3!!"3!!!Em#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!8
+!!!B!!!(!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!(!!!"`3)
+"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"3!!#!!!!F)#!3!!!!!!!3!
+"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!8!!!N!!!($!J%!!!!!!!%!!3%!!!!!!!!
+!!!!!!!!"!!!!!!!!!!!&!!!+!!!"a!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!
+!!!!!!!!!"3!!#`!!!F8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!8
+!!!`!!!('!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!0!!!"a`)
+"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"3!!$J!!!FJ#!3!!!!!!!3!
+"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!8!!!m!!!(*!J%!!!!!!!%!!3%!!!!!!!!
+!!!!!!!!"!!!!!!!!!!!&!!!3!!!"bJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!
+!!!!!!!!!"3!!%3!!!FX#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!8
+!!")!!!(-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!6!!!"c3)
+"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"3!!&!!!!G`#!3!!!!!!!3!
+"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!8!!"8!!!(G!J%!!!!!!!%!!3-!!!!!!!!
+!!!!!!!!"!!!!!!!!!!!&!!!@!!!"hJ)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!3!
+!!!!!!!!!"3!!&`!!!G-#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!8
+!!"J!!!(D!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!C!!!"e3)
+"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!3!!!!!!!!!!"3!!'J!!!GB#!3!!!!!!!3!
+"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!8!!"X!!!(A!J%!!!!!!!%!!3-!!!!!!!!
+!!!!!!!!"!!!!!!!!!!!&!!!F!!!"e!)"!!!!!!!"!!%$!!!!!!!!!!!!!!!!!3!
+!!!!!!!!!"3!!(3!!!GJ#!3!!!!!!!3!"!`!!!!!!!!!!!!!!!!%!!!!!!!!!!!8
+!!"i!!!(C!J%!!!!!!!%!!3-!!!!!!!!!!!!!!!!"!!!!!!!!!!!&!!!I!!!"h`3
+"!!!!!!!!!!%$!!!!!!!!!!!!!!!!J3!!!!!!!!!!"3!!)!!!!H!#!3!!!!!!!3!
+"!`!!!!!!!!!!!!!!!)%!!!!!!!!!!!!!!!!!!!!"!!!!!J!!!!-!!!!%!!!!"3!
+!!!B!!!!(!!!!#!!!!!N!!!!+!!!!#`!!!!`!!!!0!!!!$J!!!!m!!!!3!!!!%3!
+!!")!!!!@!!!!'`!!!"J!!!!C!!!!'J!!!"`!!!!G!!!!&`!!!"-!!!!8!!!!&3!
+!!"i!!!!I!!!!)!!!!#!&!!!!"3!!)!!!!GX!!3!F!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!"3!!!38!!!)&!!!$"3!!"!8!!!8&!!!'"3!!"`8!!!J&!!!*"3!!#J8
+!!!X&!!!-"3!!$38!!!i&!!!2"3!!%!8!!"%&!!!5"3!!)!8!!"m&!!!6"3!!&!8
+!!"8&!!!@"3!!(38!!"i&!!!F"3!!'!8!!"F&!!!C"3!!'J8!!"X!!J!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,#2Z!!!!!!!!!"!!,#4r!!!J!!!!!!!!!
+!!!!#`MD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!!!3!!!!!
+&!!"rr`!!!!"rr`!!!!"rr`!!!!"rr`!!!!`!!3!#!!B!!!!&3!!!#!!"!!%k!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2rrrrm!!!!
+$!!%!!6Sk!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!
+!rrrrr`!!!!3!!3!"1MTTEQ0XG@4P1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!$rrrrr3!!!!J!"!!%k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!$!!%!!6Sk1NG98dNkD@jME(9NC6S!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!3!!3!"1MSk4e9656TXD@)
+k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!"3!#!!%k6@&
+M6e-J8h9`F'pbG$S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2rrrrp!!!!
+'!!)!!6T08d`k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!
+!rrrrrd!!!!F!#J!!6@&M6e-J8&"$)%aTEQYPFJ!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!6'PL8e0-)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!%k!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!&0B@028b"38%-J6'PZDf9
+b!!!!!!!!!!!!!!!!!!!!!!!H39"36!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!3A"`E!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!"J!!!!68e-3J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!6'PL)%PYF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69"-4J!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6'PL)%PYF'pbG#"38%-!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!69G$4!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!8P053`!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!"J!!!!9%9B9#jLD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!3Q&XE'p[EL")C@a`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j
+M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jM+bX!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j
+MB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jMF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j
+MF(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jPH(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j
+RB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4f&YC80[C'8J3fpZGQ9bG'9
+b!!!!!!!!!!!!!!!!!!"!!!!!9%9B9#jS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!9%9B9#j
+X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4QaPH#"3FQ9`FQpMCA0cEh)
+!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!69FJ8'&cBf&X)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j
+`BA-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ8'&cBf&X)&"33`!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j`BfJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j
+`BfJV+`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ8&"$!!!!!!!
+!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`F(8!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!69FJ8'&cBf&X)&"33`!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j
+b!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8Q9k!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jc!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!8&"$3A0Y!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j
+j!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3QPcEfiJ8(*PF(*[Bf9cFfp
+b!!!!!!!!!!!!!!!!!!#!!!!!@%024J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!@%024NBJ5@e`Eh*d)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!C'pMG3!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!"J!!!!FR0bB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!FfKXBJ!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%9')%PYF'pbG#"38%-!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!Fh4eBJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!8%9')%PYF'pbG#"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#j
+NEf-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!"3!!!!!!8"!3!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!!
+"!!!!!!8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!"!3!!E@&TEJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!3%"!!!!!3%"!!!"!3%!!!!!!!%
+"!!!"!3!"!!!""!!!!!!!!!!!!!!)!3!"!3!"!3!!!!%!!!N!!aK-D@*68d`Z0MK
+,)%CK+$KTAc4N+5j-D@)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!r2cmr2cmr2`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cm!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!0!!%!!!!!!"9I69G&8NY6AdG98dPIF(*PCQPi,QJ!!!!!!!!!!!!
+!!!!"!!!"!!!!!!!"!!!!!!!!!!!!!!8"!3%!!!%"!!%!!!!!"!!!!!!!!!!!!!!
+!!!!!!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"IAh0dBA*
+d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!3!!#8ePFQGP)%peG!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!$mr2cp"8&"-!!%"!!!%)#!J)!1ARe!$GYpi!`@Z%!!&!J%!!3%!!3%"!!!"!!!
+!!!!!!!%"!3%!!3%!!3!""!!!!!!!!!!!!!!(!3%!!3!!!3!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!"IAh0dBA*d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8!!`j-D@*68d`Z8&"$,NaTBJ!
+!!!!!!!!!!!!!!!!!!!!!2cmr2cmr2cm!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%r2cmr!!!
+!!!!!!!)!!!!#!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!#!&!!!3!"!!%!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8*d024%8R)#G%394"*b!R8%P
+$9#F!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!
+!!3!!!!S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!!)!!!!,!J%
+!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!$!!!!$!)"!!!!!!!"!!%
+"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!"!!!!!d#!3!!!!!!!3!"!3!!!!!!!!!
+!!!!!!!%!!!!!!!!!!!B!!!8!!!!1!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!
+!!!!!!!!'!!!'!!!!$`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!
+!"`!!!"!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!!J!!!!4!J%
+!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!*!!!!%J)"!!!!!!!"!!%
+"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!#J!!!"-#!3!!!!!!!3!"!3!!!!!!!!!
+!!!!!!!%!!!!!!!!!!!B!!!X!!!!8!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!
+!!!!!!!!'!!!-!!!!&3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!
+!$3!!!"B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!!i!!!!A!J%
+!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!2!!!!'!)"!!!!!!!"!!%
+"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!%!!!!"N#!3!!!!!!!3!"!3!!!!!!!!!
+!!!!!!!%!!!!!!!!!!!B!!"%!!!!D!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!
+!!!!!!!!'!!!5!!!!'`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!
+!%`!!!"`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!"3!!!!G!J%
+!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!9!!!!(J)"!!!!!!!"!!%
+"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!&J!!!"m#!3!!!!!!!3!"!3!!!!!!!!!
+!!!!!!!%!!!!!!!!!!!B!!"F!!!!J!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!
+!!!!!!!!'!!!B!!!!)3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!
+!'3!!!#)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!"S!!!!M!J%
+!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!E!!!!*!)"!!!!!!!"!!%
+"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!(!!!!#8#!3!!!!!!!3!"!3!!!!!!!!!
+!!!!!!!%!!!!!!!!!!!B!!"d!!!!Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!
+!!!!!!!!'!!!H!!!!*`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!
+!(`!!!#J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!B!!#!!!!!T!J%
+!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!'!!!K!!!!+J)"!!!!!!!"!!%
+"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"J!!)J!!!#X#!3!!!!!!!3!"!3!!!!!!!!!
+!!!!!!!%!!!!!!!!!!!B!!#-!!!!X!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!!J!!!!-!!!!%!!!!"3!!!!B!!!!(!!!
+!#!!!!!N!!!!+!!!!#`!!!!`!!!!0!!!!$J!!!!m!!!!3!!!!%3!!!")!!!!6!!!
+!&!!!!"8!!!!@!!!!&`!!!"J!!!!C!!!!'J!!!"X!!!!F!!!!(3!!!"i!!!!I!!!
+!)!!!!#%!!!!L!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!M!!!!3!B!!!!'!!!M"J!
+!"3B!!!3'!!!$"J!!!JB!!!B'!!!,"J!!#JB!!!N'!!!)"J!!"`B!!!`'!!!5"J!
+!%3B!!"!'!!!2"J!!$3B!!!i'!!!6"J!!)JB!!#%'!!!J"J!!(`B!!#-'!!!""J!
+!&!B!!"8'!!!@"J!!&`B!!"J'!!!C"J!!'JB!!"X'!!!F"J!!(3B!!"i!!!'T!!%
+!+!!!!!!$Pj@!!!!!!!!!Irm!!!%!!!"j`!!#!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!X)qi!!!!!!!!!%!!X*(m!!#!!!!!!!!!!!!!!,#0S!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!"!!!!!!8!!(rr!!!!!(rr!!!
+!!(rr!!!!!(rr!!!!$!!"!!)!"J!!!!9!!!!)!!%!!6S!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrrrr`!!!!-!!3!"1MS!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!$rrrrr!!!!"!!"!!%
+k1QPZBfaeC'8k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp
+!!!!#!!%!!6S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!rrrrrd!!!!-!!3!"1MSk4e9656TTEQ0XG@4P1J!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!$rrrrr3!!!"!!"!!%k1MT(990*1QaTBMS!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!&!!)!!6T0B@028b"6GA"`Eh*d1J!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!rrrrrd!!!!B!!J!"1Ne66$S!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!!$rrrrr3!!!"`!+!!"
+0B@028b"38%-J6'PZDf9b!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
+-D@*$FRP`G'mJ8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!%!!6S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!)!!8eKBdp6)&"33b"-D@jVCA)!!!!!!!!!!!!!!!!
+!!!!!!"j"8&"-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!""F("X!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!'!!!!"068a#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"-D@)J5@e
+`Eh*d)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!"08%a'!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"-D@)J5@e`Eh*d)&"33`!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!"09d0%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"58e*$!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!'!!!!"849K8,Q*S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"#B@aXEfp
+Z)%KPE(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q-!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!"849K8,Q-V+`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-
+V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q0M!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!"849K8,Q0`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-
+V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,Q0`F!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!"849K8,Q9iF!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,QGM!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"(B@eP3fpNC5"$EfjfCA*dCA)!!!!!!!!!!!!!!!!
+!!%!!!!"849K8,QJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-
+V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!"!!!!"849K8,Q`!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"'E'9i)&"bCA"bEf0PFh0[FJ!!!!!!!!!!!!!!!!!
+!!)!!!!"849K8,R!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"3BA0
+MB@`J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,R"KF`!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"09b"3BA0MB@`J8&"$!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!"849K8,R"MD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-
+V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!"849K8,R"MD#XV!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"09b"$,d-V+b"38%-!!!!!!!!!!!!!!!!!!!!!!!!
+!!)!!!!"849K8,R"`G3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"09b"3BA0
+MB@`J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!"849K8,R)!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"5CAS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!"849K8,R-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"38%0"Ffd
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"849K8,RN!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"#DA0[EL"3FQ9`FQpMCA0cEh)!!!!!!!!!!!!!!!!
+!!)!!!!"B3dp'!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"B3dp'4L"
+*EA"[FR3J8&"$!!!!!!!!!!!!!!!!!!!!!!!!!!"NEf0e!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!'!!!!"bFh*M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!"cD'aL!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"348BJ5@e`Eh*d)&"33`!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!"cG(9L!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"348BJ5@e
+`Eh*d)&"33`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,Q4[B`!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!&!!!!!!"3%"!!%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'!!!!!!%!!!!!"3!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%"!!"YB@P
+Z!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!J"!!%!!!!"!3%"!3!"!3!!!!!!!3%!!!%"!!%!!!%!!3!
+!!!!!!!!!!!J"!!%"!!%"!!!!!3!!#3!!&deKBdp6)&4[EfaLEhJJ4%9#98FJ0MK
+,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cp"8&"
+-!!!"J&M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2`!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!'!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!d!!3!
+!!!!!&9p09d955e0I4e9659p`FQ9QDAJZD!!!!!!!!!!!!!!!!!%!!!%!!!!!!!%
+!!!!!!!!!!!!!"3%"!3!!!3%!!3!!!!!%!!!!!!!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&pIFh4KFR3!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!3!"!!!*6@9bCf8J6h9d!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2d&38%`!!3%
+!!!3J)#!J!jHI8!0fhhJ$"Di3!!8#!3!"!3!"!3%!!!%!!!!!!!!!!3%"!3!"!3!
+"!!%%!!!!!!!!!!!!!!F"!3!"!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!&pIFh4KFR3!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!"3!$%8aTBN0bHA"dEbj38%-Z6'PL!!!!!!!!!!!!!!!
+!!!!r2cmr2cmr2`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6mr2cm!!!!!!!!!!J!!!!)!!J!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!8!!"!!%!!3!
+"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!"3R3dp%45FJ*d4"9%%R)#G35808*`!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(!!!"!!!!,3)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!!J!!!#i#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!!-!!!![!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!!%!!!!-!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!"3!!!$%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!!B!!!!
+b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!(!!!!-`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!#!!!!$3#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!!N!!!!e!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!!+!!!!0J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!#`!!!$F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!!`!!!!
+i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!0!!!!13)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!$J!!!$S#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!!m!!!!l!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!!3!!!!2!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!%3!!!$d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!")!!!!
+q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!6!!!!2`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!&!!!!%!#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!"8!!!""!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!!@!!!!3J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!&`!!!%-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!"J!!!"
+%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!C!!!!43)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!'J!!!%B#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!"X!!!"(!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!!F!!!!5!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!(3!!!%N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!"i!!!"
++!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!I!!!!5`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!)!!!!%`#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!#%!!!"0!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!!L!!!!6J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!)`!!!%m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!#3!!!"
+3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!P!!!!83)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!*J!!!&)#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!#F!!!"6!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!!S!!!!9!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!+3!!!&8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!#S!!!"
+@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!V!!!!9`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!,!!!!&J#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!#d!!!"C!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!!Z!!!!@J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!,`!!!&X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!$!!!!"
+F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!a!!!!A3)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!-J!!!&i#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!$-!!!"I!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!!d!!!!B!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!03!!!'%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!$B!!!"
+L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!h!!!!B`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!1!!!!'3#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!$N!!!"P!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!!k!!!!CJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!1`!!!'F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!$`!!!"
+S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!!p!!!!D3)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!2J!!!'S#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!$m!!!"V!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!"!!!!!E!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!33!!!'d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!%)!!!"
+Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"$!!!!E`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!4!!!!(!#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!%8!!!"a!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!"'!!!!FJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!4`!!!(-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!%J!!!"
+d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"*!!!!G3)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!5J!!!(B#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!%X!!!"h!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!"-!!!!H!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!63!!!(N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!%i!!!"
+k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"2!!!!H`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!8!!!!(`#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!&%!!!"p!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!"5!!!!IJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!8`!!!(m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!&3!!!#
+!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"9!!!!J3)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!9J!!!))#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!&F!!!#$!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!"B!!!!K!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!@3!!!)8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!&S!!!#
+'!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"E!!!!K`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!A!!!!)J#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!&d!!!#*!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!"H!!!!LJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!"`!!A`!!!)X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!'!!!!#
+-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"K!!!!M3)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!BJ!!!)i#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!F!!'-!!!#2!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!(!!"N!!!!N!!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!F!!'8!!!#4!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"Q!!!
+!NJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!C`!!!*-#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!'J!!!#8!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!(!!"T!!!!P3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!"`!!DJ!!!*B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!F!!'X!!!#A!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"X!!!
+!Q!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!E3!!!*N#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!'i!!!#D!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!(!!"[!!!!Q`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!"`!!F!!!!*`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!F!!(%!!!#G!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"b!!!
+!RJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!F`!!!*m#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!(3!!!#J!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!(!!"e!!!!S3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!"`!!GJ!!!+)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!F!!(F!!!#M!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"i!!!
+!T!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!H3!!!+8#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!(S!!!#Q!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!(!!"l!!!!T`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!"`!!I!!!!+J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!F!!(d!!!#T!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!"q!!!
+!UJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!I`!!!+X#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!)!!!!#X!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!(!!#"!!!!V3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!"`!!JJ!!!+i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!F!!)-!!!#[!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#%!!!
+!X!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!K3!!!,%#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!)B!!!#b!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!(!!#(!!!!X`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!"`!!L!!!!,3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!F!!)N!!!#e!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#+!!!
+!YJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!L`!!!,F#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!)`!!!#i!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!(!!#0!!!!Z3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!"`!!MJ!!!,S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!F!!)m!!!#l!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#3!!!
+!!,`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!*%!!!#p!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#5!!!![J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!N`!!!,m#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!*3!!!$!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!#9!!!!`3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!PJ!
+!!-)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!*F!!!$$!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#B!!!!a!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!Q3!!!-8#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!*S!!!$'!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!#E!!!!a`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!R!!
+!!-J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!*d!!!$*!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#H!!!!bJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!R`!!!-X#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!+!!!!$-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!#K!!!!c3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!SJ!
+!!-i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!+-!!!$2!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#N!!!!d!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!T3!!!0%#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!+B!!!$5!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!#R!!!!d`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!U!!
+!!03#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!+N!!!$9!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#U!!!!eJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!U`!!!0F#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!+`!!!$B!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!#Y!!!!f3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!VJ!
+!!0S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!+m!!!$E!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#`!!!!h!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!X3!!!0d#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!,)!!!$H!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!#c!!!!h`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!Y!!
+!!1!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!,8!!!$K!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#f!!!!iJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!Y`!!!1-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!,J!!!$N!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!#j!!!!j3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!ZJ!
+!!1B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!,X!!!$R!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!#m!!!!k!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!![3!!!1N#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!,i!!!$U!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!#r!!!!k`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!`!!
+!!1`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!-%!!!$Y!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$#!!!!lJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!``!!!1m#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!-3!!!$`!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!$&!!!!m3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!aJ!
+!!2)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!-F!!!$c!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$)!!!!p!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!b3!!!28#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!-S!!!$f!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!$,!!!!p`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!c!!
+!!2J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!-d!!!$j!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$1!!!!qJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!c`!!!2X#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!0!!!!$m!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!$4!!!!r3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!dJ!
+!!2i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!0-!!!$r!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$8!!!"!!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!e3!!!3%#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!0B!!!%#!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!$A!!!"!`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!f!!
+!!33#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!0N!!!%&!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$D!!!""J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!f`!!!3F#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!0`!!!%)!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!$G!!!"#3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!hJ!
+!!3S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!0m!!!%,!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$J!!!"$!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!i3!!!3d#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!1)!!!%1!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!$M!!!"$`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!j!!
+!!4!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!18!!!%4!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$Q!!!"%J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!j`!!!4-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!1J!!!%8!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!$T!!!"&3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!kJ!
+!!4B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!1X!!!%A!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$X!!!"'!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!l3!!!4N#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!1i!!!%D!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!$[!!!"'`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!m!!
+!!4`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!2%!!!%G!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$b!!!"(J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!m`!!!4m#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!23!!!%J!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!$e!!!")3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!pJ!
+!!5)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!2F!!!%M!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$i!!!"*!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!q3!!!58#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!2S!!!%Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!$l!!!"*`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!!r!!
+!!5J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!2d!!!%T!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!$q!!!"+J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!!r`!!!5X#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!3!!!!%X!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!%"!!!",3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"!J!
+!!5i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!3-!!!%[!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%%!!!"-!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!""3!!!6%#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!3B!!!%b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!%(!!!"-`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"#!!
+!!63#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!3N!!!%e!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%+!!!"0J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"#`!!!6F#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!3`!!!%i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!%0!!!"13)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"$J!
+!!6S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!3m!!!%l!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%3!!!"2!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"%3!!!6d#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!4)!!!%q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!%6!!!"2`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"&!!
+!!8!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!48!!!&"!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%@!!!"3J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"&`!!!8-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!4J!!!&%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!%C!!!"43)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"'J!
+!!8B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!4X!!!&(!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%F!!!"5!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"(3!!!8N#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!4i!!!&+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!%I!!!"5`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!")!!
+!!8`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!5%!!!&0!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%L!!!"6J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!")`!!!8m#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!53!!!&3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!%P!!!"83)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"*J!
+!!9)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!5F!!!&6!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%S!!!"9!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"+3!!!98#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!5S!!!&@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!%V!!!"9`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!",!!
+!!9J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!5d!!!&C!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%Z!!!"@J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!",`!!!9X#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!6!!!!&F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!%a!!!"A3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"-J!
+!!9i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!6-!!!&I!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%d!!!"B!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"03!!!@%#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!6B!!!&L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!%h!!!"B`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"1!!
+!!@3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!6N!!!&P!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!%k!!!"CJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"1`!!!@F#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!6`!!!&S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!%p!!!"D3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"2J!
+!!@S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!6m!!!&V!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&!!!!"E!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"33!!!@d#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!8)!!!&Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!&$!!!"E`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"4!!
+!!A!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!88!!!&a!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&'!!!"FJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"4`!!!A-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!8J!!!&d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!&*!!!"G3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"5J!
+!!AB#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!8X!!!&h!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&-!!!"H!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"63!!!AN#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!8i!!!&k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!&2!!!"H`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"8!!
+!!A`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!9%!!!&p!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&5!!!"IJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"8`!!!B!#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!93!!!'"!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!&9!!!"JJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"9J!
+!!B-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!9F!!!'%!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&B!!!"K3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"@3!!!BB#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!9S!!!'(!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!&E!!!"L!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"A!!
+!!BN#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!9d!!!'+!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&H!!!"L`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!"`!"A`!!!B`#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!F!!@!!!!'0!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!(!!&K!!!"MJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"BJ!
+!!Bm#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!@-!!!'3!!)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"C!!!!C%#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!@8!!!'5!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!(!!&Q!!!"N`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!"`!"C`!!!C3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!@J
+!!!'9!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&T!!!"PJ)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"DJ!!!CF#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!@X!!!'B!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!(!!&X!!!"Q3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!"`!"E3!!!CS#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!@i
+!!!'E!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&[!!!"R!)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!"`!"F!!!!Cd#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!A%!!!'H!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!(!!&b!!!"R`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!"`!"F`!!!D3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!F!!A3
+!!!'Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!(!!&e!!!"T`)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!)
+!!!!$!!!!"!!!!!8!!!!'!!!!"`!!!!J!!!!*!!!!#J!!!!X!!!!-!!!!$3!!!!i
+!!!!2!!!!%!!!!"%!!!!5!!!!%`!!!"3!!!!9!!!!&J!!!"F!!!!B!!!!'3!!!"S
+!!!!E!!!!(!!!!"d!!!!H!!!!(`!!!#!!!!!K!!!!)J!!!#-!!!!N!!!!*3!!!#B
+!!!!R!!!!+!!!!#N!!!!U!!!!+`!!!#`!!!!Y!!!!,J!!!#m!!!!`!!!!-3!!!$)
+!!!!c!!!!0!!!!$8!!!!f!!!!0`!!!$J!!!!j!!!!1J!!!$X!!!!m!!!!23!!!$i
+!!!!r!!!!3!!!!%%!!!"#!!!!3`!!!%3!!!"&!!!!4J!!!%F!!!")!!!!53!!!%S
+!!!",!!!!6!!!!%d!!!"1!!!!6`!!!&!!!!"4!!!!8J!!!&-!!!"8!!!!93!!!&B
+!!!"A!!!!@!!!!&N!!!"D!!!!@`!!!&`!!!"G!!!!AJ!!!&m!!!"J!!!!B3!!!')
+!!!"M!!!!C!!!!'8!!!"Q!!!!C`!!!'J!!!"T!!!!DJ!!!'X!!!"X!!!!E3!!!'i
+!!!"[!!!!F!!!!(%!!!"b!!!!F`!!!(3!!!"e!!!!GJ!!!(F!!!"i!!!!H3!!!(S
+!!!"l!!!!I!!!!(d!!!"q!!!!I`!!!)!!!!#"!!!!JJ!!!)-!!!#%!!!!K3!!!)B
+!!!#(!!!!L!!!!)N!!!#+!!!!L`!!!)`!!!#0!!!!MJ!!!)m!!!#3!!!!!*%!!!#
+5!!!!N`!!!*3!!!#9!!!!PJ!!!*F!!!#B!!!!Q3!!!*S!!!#E!!!!R!!!!*d!!!#
+H!!!!R`!!!+!!!!#K!!!!SJ!!!+-!!!#N!!!!T3!!!+B!!!#R!!!!U!!!!+N!!!#
+U!!!!U`!!!+`!!!#Y!!!!VJ!!!+m!!!#`!!!!X3!!!,)!!!#c!!!!Y!!!!,8!!!#
+f!!!!Y`!!!,J!!!#j!!!!ZJ!!!,X!!!#m!!!![3!!!,i!!!#r!!!!`!!!!-%!!!$
+#!!!!``!!!-3!!!$&!!!!aJ!!!-F!!!$)!!!!b3!!!-S!!!$,!!!!c!!!!-d!!!$
+1!!!!c`!!!0!!!!$4!!!!dJ!!!0-!!!$8!!!!e3!!!0B!!!$A!!!!f!!!!0N!!!$
+D!!!!f`!!!0`!!!$G!!!!hJ!!!0m!!!$J!!!!i3!!!1)!!!$M!!!!j!!!!18!!!$
+Q!!!!j`!!!1J!!!$T!!!!kJ!!!1X!!!$X!!!!l3!!!1i!!!$[!!!!m!!!!2%!!!$
+b!!!!m`!!!23!!!$e!!!!pJ!!!2F!!!$i!!!!q3!!!2S!!!$l!!!!r!!!!2d!!!$
+q!!!!r`!!!3!!!!%"!!!"!J!!!3-!!!%%!!!""3!!!3B!!!%(!!!"#!!!!3N!!!%
++!!!"#`!!!3`!!!%0!!!"$J!!!3m!!!%3!!!"%3!!!4)!!!%6!!!"&!!!!48!!!%
+@!!!"&`!!!4J!!!%C!!!"'J!!!4X!!!%F!!!"(3!!!4i!!!%I!!!")!!!!5%!!!%
+L!!!")`!!!53!!!%P!!!"*J!!!5F!!!%S!!!"+3!!!5S!!!%V!!!",!!!!5d!!!%
+Z!!!",`!!!6!!!!%a!!!"-J!!!6-!!!%d!!!"03!!!6B!!!%h!!!"1!!!!6N!!!%
+k!!!"1`!!!6`!!!%p!!!"2J!!!6m!!!&!!!!"33!!!8)!!!&$!!!"4!!!!88!!!&
+'!!!"4`!!!8J!!!&*!!!"5J!!!8X!!!&-!!!"63!!!8i!!!&2!!!"8!!!!9%!!!&
+5!!!"8`!!!93!!!&9!!!"9J!!!9F!!!&B!!!"@3!!!9S!!!&E!!!"A!!!!9d!!!&
+H!!!"A`!!!@!!!!&K!!!"BJ!!!@-!!!&N!!!"C3!!!@B!!!&R!!!"D!!!!@N!!!&
+U!!!"D`!!!@`!!!&Y!!!"EJ!!!@m!!!&`!!!"F3!!!A)!!!&c!!!"G!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"G3!!!B!(!!!
+!"`!"G3F!!!%(!!!#"`!!!`F!!!3(!!!&"`!!"JF!!!F(!!!)"`!!#3F!!!S(!!!
+,"`!!$!F!!!d(!!!1"`!!$`F!!"!(!!!4"`!!%JF!!"-(!!!8"`!!&3F!!"B(!!!
+A"`!!'!F!!"N(!!!D"`!!'`F!!"`(!!!G"`!!(JF!!"m(!!!J"`!!)3F!!#)(!!!
+M"`!!*!F!!#8(!!!Q"`!!*`F!!#J(!!!T"`!!+JF!!#X(!!!X"`!!,3F!!#i(!!!
+["`!!-!F!!$%(!!!b"`!!-`F!!$3(!!!e"`!!0JF!!$F(!!!i"`!!13F!!$S(!!!
+l"`!!2!F!!$d(!!!q"`!!2`F!!%!(!!"""`!!3JF!!%-(!!"%"`!!43F!!%B(!!"
+("`!!5!F!!%N(!!"+"`!!5`F!!%`(!!"0"`!!6JF!!%m(!!"3"`!!83F!!&)(!!"
+6"`!!9!F!!&8(!!"@"`!!9`F!!&J(!!"C"`!!@JF!!&X(!!"F"`!!A3F!!&i(!!"
+I"`!!B!F!!'%(!!"L"`!"G!F!!'-(!!"N"`!!C3F!!'B(!!"R"`!!D!F!!'N(!!"
+U"`!!D`F!!'`(!!"Y"`!!EJF!!'m(!!"`"`!!F3F!!()(!!"c"`!!G!F!!(8(!!"
+f"`!!G`F!!(J(!!"j"`!!HJF!!(X(!!"m"`!!I3F!!(i(!!"r"`!!J!F!!)%(!!#
+#"`!!J`F!!)3(!!#&"`!!KJF!!)F(!!#)"`!!L3F!!)S(!!#,"`!!M!F!!)d(!!#
+1"`!!M`F!!*!!"`!!N3F!!*)(!!#6"`!!P!F!!*8(!!#@"`!!P`F!!*J(!!#C"`!
+!QJF!!*X(!!#F"`!!R3F!!*i(!!#I"`!!S!F!!+%(!!#L"`!!S`F!!+3(!!#P"`!
+!TJF!!+F(!!#S"`!!U3F!!+S(!!#V"`!!V!F!!+d(!!#Z"`!!V`F!!,!(!!#a"`!
+!XJF!!,-(!!#d"`!!Y3F!!,B(!!#h"`!!Z!F!!,N(!!#k"`!!Z`F!!,`(!!#p"`!
+![JF!!,m(!!$!"`!!`3F!!-)(!!$$"`!!a!F!!-8(!!$'"`!!a`F!!-J(!!$*"`!
+!bJF!!-X(!!$-"`!!c3F!!-i(!!$2"`!!d!F!!0%(!!$5"`!!d`F!!03(!!$9"`!
+!eJF!!0F(!!$B"`!!f3F!!0S(!!$E"`!!h!F!!0d(!!$H"`!!h`F!!1!(!!$K"`!
+!iJF!!1-(!!$N"`!!j3F!!1B(!!$R"`!!k!F!!1N(!!$U"`!!k`F!!1`(!!$Y"`!
+!lJF!!1m(!!$`"`!!m3F!!2)(!!$c"`!!p!F!!28(!!$f"`!!p`F!!2J(!!$j"`!
+!qJF!!2X(!!$m"`!!r3F!!2i(!!$r"`!"!!F!!3%(!!%#"`!"!`F!!33(!!%&"`!
+""JF!!3F(!!%)"`!"#3F!!3S(!!&e"`!"#`F!!3`(!!%0"`!"$JF!!3m(!!%3"`!
+"%3F!!4)(!!%6"`!"&!F!!48(!!%@"`!"&`F!!4J(!!%C"`!"'JF!!4X(!!%F"`!
+"(3F!!4i(!!%I"`!")!F!!5%(!!%L"`!")`F!!53(!!%P"`!"*JF!!5F(!!%S"`!
+"+3F!!5S(!!%V"`!",!F!!5d(!!%Z"`!",`F!!6!(!!%a"`!"-JF!!6-(!!%d"`!
+"03F!!6B(!!%h"`!"1!F!!6N(!!%k"`!"1`F!!6`(!!%p"`!"2JF!!6m(!!&!"`!
+"33F!!8)(!!&$"`!"4!F!!88(!!&'"`!"4`F!!8J(!!&*"`!"5JF!!8X(!!&-"`!
+"63F!!8i(!!&2"`!"8!F!!9%(!!&5"`!"8`F!!93(!!&9"`!"9JF!!9F(!!&B"`!
+"@3F!!9S(!!&E"`!"A!F!!9d(!!&H"`!"A`F!!@!(!!&K"`!"BJF!!@-(!!&N"`!
+"C3F!!@B(!!&R"`!"D!F!!@N(!!&U"`!"D`F!!@`(!!&Y"`!"EJF!!@m(!!&`"`!
+"F3F!!A)(!!&c!!!"U3!"!#J!!!!!!jH9J!!!!!!!!(rr!!!"!!!!HF!!!J!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!,#2Z!!!!!!!!!"!!,#4r!!!J!!!!!
+!!!!!!!!#`MD!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!J!!!3!
+!!!!&!!"rr`!!!!"rr`!!!!"rr`!!!!"rr`!!!!`!!3!#!!B!!!!&3!!!#!!"!!%
+k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2rrrrm
+!!!!$!!%!!6Sk!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+"!!!!rrrrr`!!!!3!!3!"1MTTEQ0XG@4P1J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!$rrrrr3!!!!J!"!!%k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!2rrrrp!!!!$!!%!!6Sk1NG98dNkD@jME(9NC6S
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!rrrrrd!!!!3!!3!"1MSk4e9656T
+XD@)k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$rrrrr3!!!"3!#!!%
+k6@&M6e-J8h9`F'pbG$S!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!2rrrrp
+!!!!'!!)!!6T08d`k!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+"!!!!rrrrrd!!!!F!#J!!6@&M6e-J0MK,)%aTEQYPFJ!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!6'PL3h*jF(4[)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"!!%k!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!&0B@028b!f1%XJ6'P
+ZDf9b!!!!!!!!!!!!!!!!!!!!!!!J39"36!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!3A"
+`E!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"J!!!!68e-3J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!6'PL)%PYF'pbG#!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69"
+-4J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!6'PL)%PYF'pbG#!f1%X
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69G$4!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!6d*
++)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69"A)%PYF'pbG#!f1%X
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%a[BJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!8P0
+53`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"J!!!!9%9B9#jLD!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!3Q&XE'p[EL")C@a`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
+B9#jM!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jM+bX!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
+B9#jMB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jMF!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
+B9#jMF(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jPH(!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
+B9#jRB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4f&YC80[C'8J3fpZGQ9
+bG'9b!!!!!!!!!!!!!!!!!!"!!!!!9%9B9#jS!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!!3!!!!9%9
+B9#jX!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!4QaPH#"3FQ9`FQpMCA0
+cEh)!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!69FJ8'&cBf&X)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
+B9#j`BA-!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ8'&cBf&X)$Bi5`!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#j`BfJ!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9
+B9#j`BfJV+`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!69FJ3bp$+bXJ0MK,!!!
+!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9B9#j`F(8!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!69FJ8'&cBf&X)$Bi5`!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!9%9
+B9#jb!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8Q9k!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9B9#jcC@F!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!9%9
+B9#jj!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!3QPcEfiJ8(*PF(*[Bf9
+cFfpb!!!!!!!!!!!!!!!!!!#!!!!!C'pMG3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!!!!FR0
+bB`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"J!!!!FfKXBJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!8%9')%PYF'pbG#!f1%X!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Fh4
+eBJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8%9')%PYF'pbG#!f1%X
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#jNEf-!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"3!!!!!!!
+!!#jbFh*M!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!"J!!!!!!8"!3!"!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"J!
+!!!!"!!!!!!8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!"!3!!E@&TEJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!3!"!!!!!3%"!!!"!3%!!!!
+!!!%"!!!"!3!"!!!""!!!!!!!!!!!!!!)!3!"!3!"!3!!!!%!!!N!!aY-D@*$FRP
+`G'mZ0MKV)%CK+$4TAcKN+5j-D@)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!r2cmr2cmr2`!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$mr2cm!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!0!!%!!!!!!"9I69G&8NY6AdG98dPIF(*PCQPi,QJ!!!!!!!!
+!!!!!!!!"!!!!!!!!!!!"!!!!!!!!!!!!!!8"!3%!!!%"!!%!!!!!"!!!!!!!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"IAh0
+dBA*d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%!!3!!#8ePFQGP)%peG!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!$mr2cp"8&"-!!%"!!!%)#!J)!1ARe!$GYpi!`@Z%!!&!J%!!3%!!3%"!!!
+"!!!!!!!!!!%"!3%!!3%!!3!""!!!!!!!!!!!!!!(!3%!!3!!!3!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!"IAh0dBA*d!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!#!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8!!!G2F'9Z8e0-!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!2cmr2d&38%`!!!3!!!!%!!!!!%!!!&M!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!%r2cm
+r!!!!!!!!!!)!!!!#!!)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!#!&!!!3!"!!%!!3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!8*d024%8R)#G%394"*b!
+R8%P$9#F!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!#!!!!3!!!#d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!!)!!!!
+Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!$!!!!,`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!"!!!!$!#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!J!!!8!!!!a!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!)!!!'!!!!-J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!#!!!"`!!!$-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!!J!!!!
+d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!*!!!!03)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!#J!!!$B#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!J!!!X!!!!h!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!)!!!-!!!!1!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!#!!!$3!!!$N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!!i!!!!
+k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!2!!!!1`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!%!!!!$`#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!J!!"%!!!!p!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!)!!!5!!!!2J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!#!!!%`!!!$m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!"3!!!"
+!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!9!!!!33)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!&J!!!%)#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!J!!"F!!!"$!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!)!!!B!!!!4!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!#!!!'3!!!%8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!"S!!!"
+'!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!E!!!!4`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!(!!!!%J#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!J!!"d!!!"*!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!)!!!H!!!!5J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!#!!!(`!!!%X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!#!!!!"
+-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!K!!!!63)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!)J!!!%i#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!J!!#-!!!"2!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!)!!!N!!!!8!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!#!!!*3!!!&%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!#B!!!"
+5!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!R!!!!8`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!+!!!!&3#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!J!!#N!!!"9!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!)!!!U!!!!9J)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!#!!!+`!!!&F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!#`!!!"
+B!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!Y!!!!@3)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!,J!!!&S#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!J!!#m!!!"E!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!)!!!`!!!!A!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!#!!!-3!!!&d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!$)!!!"
+H!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!c!!!!A`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!0!!!!'!#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!J!!$8!!!"K!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!)!!!f!!!!BJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!#!!!0`!!!'-#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!$J!!!"
+N!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!j!!!!C3)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!1J!!!'B#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!J!!$X!!!"R!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!)!!!m!!!!D!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!#!!!23!!!'N#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!$i!!!"
+U!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!!r!!!!D`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!3!!!!'`#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!J!!%%!!!"Y!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!)!!"#!!!!EJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!#!!!3`!!!'m#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!%3!!!"
+`!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"&!!!!F3)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!4J!!!()#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!J!!%F!!!"c!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!)!!")!!!!G!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!#!!!53!!!(8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!%S!!!"
+f!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!",!!!!G`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!6!!!!(J#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!J!!%d!!!"j!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!)!!"1!!!!HJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!#!!!6`!!!(X#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!&!!!!"
+m!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"4!!!!I3)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!8J!!!(i#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!J!!&-!!!"r!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!)!!"8!!!!J!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!#!!!93!!!)%#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!&B!!!#
+#!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"A!!!!J`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!@!!!!)3#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!J!!&N!!!#&!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!)!!"D!!!!KJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!#!!!@`!!!)F#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!&`!!!#
+)!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"G!!!!L3)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!AJ!!!)S#!3!!!!!!!3!"!3!!!!!
+!!!!!!!!!!!%!!!!!!!!!!!J!!&m!!!#,!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!
+"!!!!!!!!!!!)!!"J!!!!M!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!
+!#!!!B3!!!)d#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!')!!!#
+1!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"M!!!!M`)"!!!!!!!
+"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!C!!!!*!!!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!)!!"P!!!!N3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!#!!!CJ!!!*)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!J!!'F!!!#6!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"S!!!
+!P!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!D3!!!*8#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!'S!!!#@!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!)!!"V!!!!P`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!#!!!E!!!!*J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!J!!'d!!!#C!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"Z!!!
+!QJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!E`!!!*X#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!(!!!!#F!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!)!!"a!!!!R3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!#!!!FJ!!!*i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!J!!(-!!!#I!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"d!!!
+!S!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!G3!!!+%#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!(B!!!#L!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!)!!"h!!!!S`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!#!!!H!!!!+3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!J!!(N!!!#P!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!"k!!!
+!TJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!H`!!!+F#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!(`!!!#S!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!)!!"p!!!!U3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!#!!!IJ!!!+S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!J!!(m!!!#V!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#!!!!
+!V!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!J3!!!+d#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!))!!!#Z!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!)!!#$!!!!V`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!#!!!K!!!!,!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!J!!)8!!!#a!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#'!!!
+!XJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!K`!!!,-#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!)J!!!#d!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!)!!#*!!!!Y3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!#!!!LJ!!!,B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!
+!!!J!!)X!!!#h!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#-!!!
+!Z!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!M3!!!,N#!3!!!!!
+!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!)i!!!#k!J%!!!!!!!%!!3%!!!!
+!!!!!!!!!!!!"!!!!!!!!!!!)!!#2!!!!Z`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!
+!!3!!!!!!!!!!#!!!N!!!!!#m!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!#4!!!![3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!NJ!
+!!,i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!*-!!!#r!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#8!!!!`!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!P3!!!-%#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!*B!!!$#!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!#A!!!!``)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!Q!!
+!!-3#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!*N!!!$&!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#D!!!!aJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!Q`!!!-F#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!*`!!!$)!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!#G!!!!b3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!RJ!
+!!-S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!*m!!!$,!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#J!!!!c!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!S3!!!-d#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!+)!!!$1!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!#M!!!!c`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!T!!
+!!0!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!+8!!!$4!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#Q!!!!dJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!T`!!!0-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!+J!!!$8!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!#T!!!!e3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!UJ!
+!!0B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!+X!!!$A!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#X!!!!f!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!V3!!!0N#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!+i!!!$D!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!#[!!!!f`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!X!!
+!!0`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!,%!!!$G!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#b!!!!hJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!X`!!!0m#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!,3!!!$J!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!#e!!!!i3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!YJ!
+!!1)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!,F!!!$M!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#i!!!!j!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!Z3!!!18#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!,S!!!$Q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!#l!!!!j`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!![!!
+!!1J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!,d!!!$T!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!#q!!!!kJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!![`!!!1X#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!-!!!!$X!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!$"!!!!l3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!`J!
+!!1i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!--!!!$[!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$%!!!!m!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!a3!!!2%#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!-B!!!$b!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!$(!!!!m`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!b!!
+!!23#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!-N!!!$e!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$+!!!!pJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!b`!!!2F#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!-`!!!$i!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!$0!!!!q3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!cJ!
+!!2S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!-m!!!$l!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$3!!!!r!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!d3!!!2d#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!0)!!!$q!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!$6!!!!r`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!e!!
+!!3!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!08!!!%"!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$@!!!"!J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!e`!!!3-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!0J!!!%%!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!$C!!!""3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!fJ!
+!!3B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!0X!!!%(!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$F!!!"#!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!h3!!!3N#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!0i!!!%+!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!$I!!!"#`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!i!!
+!!3`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!1%!!!%0!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$L!!!"$J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!i`!!!3m#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!13!!!%3!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!$P!!!"%3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!jJ!
+!!4)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!1F!!!%6!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$S!!!"&!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!k3!!!48#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!1S!!!%@!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!$V!!!"&`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!l!!
+!!4J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!1d!!!%C!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$Z!!!"'J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!l`!!!4X#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!2!!!!%F!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!$a!!!"(3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!mJ!
+!!4i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!2-!!!%I!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$d!!!")!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!p3!!!5%#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!2B!!!%L!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!$h!!!")`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!q!!
+!!53#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!2N!!!%P!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!$k!!!"*J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!!q`!!!5F#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!2`!!!%S!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!$p!!!"+3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!!rJ!
+!!5S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!2m!!!%V!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%!!!!",!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!"!3!!!5d#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!3)!!!%Z!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!%$!!!",`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!""!!
+!!6!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!38!!!%a!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%'!!!"-J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!""`!!!6-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!3J!!!%d!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!%*!!!"03)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"#J!
+!!6B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!3X!!!%h!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%-!!!"1!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!"$3!!!6N#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!3i!!!%k!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!%2!!!"1`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"%!!
+!!6`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!4%!!!%p!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%5!!!"2J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!"%`!!!6m#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!43!!!&!!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!%9!!!"33)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"&J!
+!!8)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!4F!!!&$!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%B!!!"4!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!"'3!!!88#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!4S!!!&'!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!%E!!!"4`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"(!!
+!!8J#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!4d!!!&*!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%H!!!"5J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!"(`!!!8X#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!5!!!!&-!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!%K!!!"63)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!")J!
+!!8i#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!5-!!!&2!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%N!!!"8!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!"*3!!!9%#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!5B!!!&5!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!%R!!!"8`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"+!!
+!!93#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!5N!!!&9!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%U!!!"9J)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!"+`!!!9F#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!5`!!!&B!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!%Y!!!"@3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!",J!
+!!9S#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!5m!!!&E!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%`!!!"A!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!"-3!!!9d#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!6)!!!&H!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!%c!!!"A`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"0!!
+!!@!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!68!!!&K!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%f!!!"BJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!"0`!!!@-#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!6J!!!&N!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!%j!!!"C3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"1J!
+!!@B#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!6X!!!&R!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!%m!!!"D!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!"23!!!@N#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!6i!!!&U!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!%r!!!"D`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"3!!
+!!@`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!8%!!!&Y!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&#!!!"EJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!"3`!!!@m#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!83!!!&`!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!&&!!!"F3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"4J!
+!!A)#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!8F!!!&c!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&)!!!"G!)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!"53!!!A8#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!8S!!!&f!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!&,!!!"G`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"6!!
+!!AJ#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!8d!!!&j!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&1!!!"HJ)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!"6`!!!AX#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!9!!!!&m!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!&4!!!"I3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"8J!
+!!Ai#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!9-!!!'!!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&8!!!"J3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!"93!!!B)#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!9B!!!'$!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!&A!!!"K!)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"@!!
+!!B8#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!9N!!!''!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&D!!!"K`)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!"@`!!!BJ#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!9`!!!'*!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!&G!!!"LJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"AJ!
+!!BX#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!9m!!!'-!J%!!!!
+!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&J!!!"M3)"!!!!!!!"!!%"!!!
+!!!!!!!!!!!!!!3!!!!!!!!!!#!!"B3!!!Bi#!3!!!!!!!3!"!3!!!!!!!!!!!!!
+!!!%!!!!!!!!!!!J!!@)!!!'2!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!
+!!!!)!!&M!!!"N!!#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!@3
+!!!'4!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&P!!!"NJ)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"CJ!!!C-#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!@F!!!'8!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!)!!&S!!!"P3)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!#!!"D3!!!CB#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!@S
+!!!'A!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&V!!!"Q!)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"E!!!!CN#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!@d!!!'D!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!)!!&Z!!!"Q`)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!#!!"E`!!!C`#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!A!
+!!!'G!J%!!!!!!!%!!3%!!!!!!!!!!!!!!!!"!!!!!!!!!!!)!!&a!!!"RJ)"!!!
+!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!!!!!!#!!"FJ!!!Cm#!3!!!!!!!3!"!3!
+!!!!!!!!!!!!!!!%!!!!!!!!!!!J!!A-!!!'N!J%!!!!!!!%!!3%!!!!!!!!!!!!
+!!!!"!!!!!!!!!!!)!!&d!!!"TJ)"!!!!!!!"!!%"!!!!!!!!!!!!!!!!!3!!!!!
+!!!!!#!!"G3!!!DF#!3!!!!!!!3!"!3!!!!!!!!!!!!!!!!%!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!%!!!!#!!!!!`!!!!3!!!!&!!!!"J!!!!F!!!!)!!!!#3!!!!S
+!!!!,!!!!$!!!!!d!!!!1!!!!$`!!!"!!!!!4!!!!%J!!!"-!!!!8!!!!&3!!!"B
+!!!!A!!!!'!!!!"N!!!!D!!!!'`!!!"`!!!!G!!!!(J!!!"m!!!!J!!!!)3!!!#)
+!!!!M!!!!*!!!!#8!!!!Q!!!!*`!!!#J!!!!T!!!!+J!!!#X!!!!X!!!!,3!!!#i
+!!!![!!!!-!!!!$%!!!!b!!!!-`!!!$3!!!!e!!!!0J!!!$F!!!!i!!!!13!!!$S
+!!!!l!!!!2!!!!$d!!!!q!!!!2`!!!%!!!!""!!!!3J!!!%-!!!"%!!!!43!!!%B
+!!!"(!!!!5!!!!%N!!!"+!!!!5`!!!%`!!!"0!!!!6J!!!%m!!!"3!!!!83!!!&)
+!!!"6!!!!9!!!!&8!!!"@!!!!9`!!!&J!!!"C!!!!@J!!!&X!!!"F!!!!A3!!!&i
+!!!"I!!!!B!!!!'%!!!"L!!!!B`!!!'3!!!"P!!!!CJ!!!'F!!!"S!!!!D3!!!'S
+!!!"V!!!!E!!!!'d!!!"Z!!!!E`!!!(!!!!"a!!!!FJ!!!(-!!!"d!!!!G3!!!(B
+!!!"h!!!!H!!!!(N!!!"k!!!!H`!!!(`!!!"p!!!!IJ!!!(m!!!#!!!!!J3!!!))
+!!!#$!!!!K!!!!)8!!!#'!!!!K`!!!)J!!!#*!!!!LJ!!!)X!!!#-!!!!M3!!!)i
+!!!#2!!!!N!!!!!#4!!!!NJ!!!*-!!!#8!!!!P3!!!*B!!!#A!!!!Q!!!!*N!!!#
+D!!!!Q`!!!*`!!!#G!!!!RJ!!!*m!!!#J!!!!S3!!!+)!!!#M!!!!T!!!!+8!!!#
+Q!!!!T`!!!+J!!!#T!!!!UJ!!!+X!!!#X!!!!V3!!!+i!!!#[!!!!X!!!!,%!!!#
+b!!!!X`!!!,3!!!#e!!!!YJ!!!,F!!!#i!!!!Z3!!!,S!!!#l!!!![!!!!,d!!!#
+q!!!![`!!!-!!!!$"!!!!`J!!!--!!!$%!!!!a3!!!-B!!!$(!!!!b!!!!-N!!!$
++!!!!b`!!!-`!!!$0!!!!cJ!!!-m!!!$3!!!!d3!!!0)!!!$6!!!!e!!!!08!!!$
+@!!!!e`!!!0J!!!$C!!!!fJ!!!0X!!!$F!!!!h3!!!0i!!!$I!!!!i!!!!1%!!!$
+L!!!!i`!!!13!!!$P!!!!jJ!!!1F!!!$S!!!!k3!!!1S!!!$V!!!!l!!!!1d!!!$
+Z!!!!l`!!!2!!!!$a!!!!mJ!!!2-!!!$d!!!!p3!!!2B!!!$h!!!!q!!!!2N!!!$
+k!!!!q`!!!2`!!!$p!!!!rJ!!!2m!!!%!!!!"!3!!!3)!!!%$!!!""!!!!38!!!%
+'!!!""`!!!3J!!!%*!!!"#J!!!3X!!!%-!!!"$3!!!3i!!!%2!!!"%!!!!4%!!!%
+5!!!"%`!!!43!!!%9!!!"&J!!!4F!!!%B!!!"'3!!!4S!!!%E!!!"(!!!!4d!!!%
+H!!!"(`!!!5!!!!%K!!!")J!!!5-!!!%N!!!"*3!!!5B!!!%R!!!"+!!!!5N!!!%
+U!!!"+`!!!5`!!!%Y!!!",J!!!5m!!!%`!!!"-3!!!6)!!!%c!!!"0!!!!68!!!%
+f!!!"0`!!!6J!!!%j!!!"1J!!!6X!!!%m!!!"23!!!6i!!!%r!!!"3!!!!8%!!!&
+#!!!"3`!!!83!!!&&!!!"4J!!!8F!!!&)!!!"53!!!8S!!!&,!!!"6!!!!8d!!!&
+1!!!"6`!!!9!!!!&4!!!"8J!!!9-!!!&8!!!"93!!!9B!!!&A!!!"@!!!!9N!!!&
+D!!!"@`!!!9`!!!&G!!!"AJ!!!9m!!!&J!!!"B3!!!@)!!!&M!!!"C!!!!@8!!!&
+Q!!!"C`!!!@J!!!&T!!!"DJ!!!@X!!!&X!!!"E3!!!@i!!!&[!!!"F!!!!A%!!!&
+b!!!"F`!!!A3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!A8!!!'!#!!!!!J!!A8!!!(E!!%!(!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!J!!!%)!!!##!!!!`J!!!3)!!!&#!!!"JJ!!!F)!!!)#!!!#3J!!!S)!!!
+,#!!!$!J!!!d)!!!1#!!!$`J!!"!)!!!4#!!!%JJ!!"-)!!!8#!!!&3J!!"B)!!!
+A#!!!'!J!!"N)!!!D#!!!'`J!!"`)!!!G#!!!(JJ!!"m)!!!J#!!!)3J!!#))!!!
+M#!!!*!J!!#8)!!!Q#!!!*`J!!#J)!!!T#!!!+JJ!!#X)!!!X#!!!,3J!!#i)!!!
+[#!!!-!J!!$%)!!!b#!!!-`J!!$3)!!!e#!!!0JJ!!$F)!!!i#!!!13J!!$S)!!!
+l#!!!2!J!!$d)!!!q#!!!2`J!!%!)!!""#!!!3JJ!!%-)!!"%#!!!43J!!%B)!!"
+(#!!!5!J!!%N)!!"+#!!!5`J!!%`)!!"0#!!!6JJ!!%m)!!"3#!!!83J!!&))!!"
+6#!!!9!J!!&8)!!"@#!!!9`J!!&J)!!"C#!!!@JJ!!&X)!!"F#!!!A3J!!&i)!!"
+I#!!!B!J!!'%)!!"L#!!"G!J!!'-)!!"N#!!!C3J!!'B)!!"R#!!!D!J!!'N)!!"
+U#!!!D`J!!'`)!!"Y#!!!EJJ!!'m)!!"`#!!!F3J!!())!!"c#!!!G!J!!(8)!!"
+f#!!!G`J!!(J)!!"j#!!!HJJ!!(X)!!"m#!!!I3J!!(i)!!"r#!!!J!J!!)%)!!#
+##!!!J`J!!)3)!!#&#!!!KJJ!!)F)!!#)#!!!L3J!!)S)!!#,#!!!M!J!!)d)!!#
+1#!!!M`J!!*!!#!!!N3J!!*))!!#6#!!!P!J!!*8)!!#@#!!!P`J!!*J)!!#C#!!
+!QJJ!!*X)!!#F#!!!R3J!!*i)!!#I#!!!S!J!!+%)!!#L#!!!S`J!!+3)!!#P#!!
+!TJJ!!+F)!!#S#!!!U3J!!+S)!!#V#!!!V!J!!+d)!!#Z#!!!V`J!!,!)!!#a#!!
+!XJJ!!,-)!!#d#!!!Y3J!!,B)!!#h#!!!Z!J!!,N)!!#k#!!!Z`J!!,`)!!#p#!!
+![JJ!!,m)!!$!#!!!`3J!!-))!!$$#!!!a!J!!-8)!!$'#!!!a`J!!-J)!!$*#!!
+!bJJ!!-X)!!$-#!!!c3J!!-i)!!$2#!!!d!J!!0%)!!$5#!!!d`J!!03)!!$9#!!
+!eJJ!!0F)!!$B#!!!f3J!!0S)!!$E#!!!h!J!!0d)!!$H#!!!h`J!!1!)!!$K#!!
+!iJJ!!1-)!!$N#!!!j3J!!1B)!!$R#!!!k!J!!1N)!!$U#!!!k`J!!1`)!!$Y#!!
+!lJJ!!1m)!!$`#!!!m3J!!2))!!$c#!!!p!J!!28)!!$f#!!!p`J!!2J)!!$j#!!
+!qJJ!!2X)!!$m#!!!r3J!!2i)!!$r#!!"!!J!!3%)!!%##!!"!`J!!33)!!%&#!!
+""JJ!!3F)!!%)#!!"#3J!!3S)!!&e#!!"#`J!!3`)!!%0#!!"$JJ!!3m)!!%3#!!
+"%3J!!4))!!%6#!!"&!J!!48)!!%@#!!"&`J!!4J)!!%C#!!"'JJ!!4X)!!%F#!!
+"(3J!!4i)!!%I#!!")!J!!5%)!!%L#!!")`J!!53)!!%P#!!"*JJ!!5F)!!%S#!!
+"+3J!!5S)!!%V#!!",!J!!5d)!!%Z#!!",`J!!6!)!!%a#!!"-JJ!!6-)!!%d#!!
+"03J!!6B)!!%h#!!"1!J!!6N)!!%k#!!"1`J!!6`)!!%p#!!"2JJ!!6m)!!&!#!!
+"33J!!8))!!&$#!!"4!J!!88)!!&'#!!"4`J!!8J)!!&*#!!"5JJ!!8X)!!&-#!!
+"63J!!8i)!!&2#!!"8!J!!9%)!!&5#!!"8`J!!93)!!&9#!!"9JJ!!9F)!!&B#!!
+"@3J!!9S)!!&E#!!"A!J!!9d)!!&H#!!"A`J!!@!)!!&K#!!"BJJ!!@-)!!&N#!!
+"C3J!!@B)!!&R#!!"D!J!!@N)!!&U#!!"D`J!!@`)!!&Y#!!"EJJ!!@m)!!&`#!!
+"F3J!!A))!!&c!!!!#!!!!H%"!!!"!!!!!!!!!!!!"!!"!!!"kE6H0L[rrmA@!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"iJ)!!!%!!!!!!!!!!!!%!!%!!!(eY0i
+f,!!!IZ)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!(M!`!!!3!!!!!!!!!!!!3
+!!3!!!IDdhMBX!!!f%!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!H3%!!!"!!!
+!!!!!!!!!"!!"!!!"r,6H0L`!!&C*!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+"j38!!!%!!!!!!!!!!!!%!!%!!!(pY0if,2rrp2N!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!(Q"J!!!3!!!!!!!!!!!!3!!3!!!G'dhMBX!!!Si3!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!HF(!!!"!!!!!!!!!!!!"!!"!!!"dV6H0L`!!!ca!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"k!J!!!%!!!!!!!!!!!!%!!%!!!(IY0i
+f,2rr[fi!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)!!!!!H%!!!!"i`!!!!(
+L!!!!!H8!!!!"jJ!!!!(N!!!!!HF!!!!"k!!"!!!!!&*26e3!!!!!!!!!!!!!!!!
+'4e*98!!!!!!!!!!!$P*[H5Gc)%GPG%K89&"6!!!!"8C*6%8"!!'L4NP-43%!!D0
+'58a&!3!"U%C*6%8"!!'K4NP-43%!!D"(8P93!!!!!!!!!!!66h"PEP066#""F("
+XD@0KG'P[EJ!!!#0'58a&!J!!(%C*6%8#!!!U4NP-43)!!!e'58a&!J!!)%C*6%8
+#!!!54NP-43)!!"0'58a&!J!!&NC*6%8#!!!B4NP-43)!!"G'58a&!J!!$NC*6%8
+#!!!H4NP-43)!!"&'58a&!J!!%%C*6%8#!!!K4NP-43)!!"4'58a&!J!!&8C*6%8
+#!!!X4NP-43)!!"T'58a&!J!!'8C*6%8#!!!S4NP-43)!!#G'58a&!J!!*%C*6%8
+#!!!Y4NP-43)!!!Y'58a&!J!!*NC*6%8#!!!T4NP-43)!!!a'58a&!J!!+dC*6%8
+#!!!L4NP-43)!!!p'58a&!J!!'dC*6%8#!!!G4NP-43)!!"p'58a&!J!!*8C*6%8
+#!!!M4e*98!!!!!!!!!!!%8p`C@j68d`J6'PLFQ&bD@9c!!!!"%G599!!!!!!!!!
+!!!038%-!!!!#4NP-43)!!$0'58a&!J!!0%G599!!!!!!!!!!!!-f1'X!!!!#4NP
+-438!!#"'58a&"3!!(dG599!!!!!!!!!!!!CMFRP`G'm!!!!S4NP-43%!!Aa'58a
+&!3!"INC*6%8"!!'N4NP-43%!!Cp'58a&!3!"I8C*6%8"!!&l4e*98!!!!!!!!!!
+!"'&cEM%!!!"A4NP-43%!!$j'58a&!3!!-8C*6%8"!!"&4NP-43%!!$P'58a&!3!
+!3dC*6%8"!!!m4NP-43%!!$p'58a&!3!!3%C*6%8"!!"%4NP-43%!!%&'58a&!3!
+!0dC*6%8"!!!e4NP-43%!!$Y'58a&!3!!-NC*6%8"!!!i4NP-43%!!%K'58a&!3!
+!4NC*6%8"!!"#4NP-43%!!$C'58a&!3!!4dC*6%8"!!')4NP-43%!!("'58a&!3!
+!I%C*6%8"!!"i4NP-43%!!(T'58a&!3!!H8C*6%8"!!"a4NP-43%!!(C'58a&!3!
+!FNC*6%8"!!"p4NP-43%!!B&'58a&!3!!FdC*6%8"!!"e4NP-43%!!(Y'58a&!3!
+!A8C*6%8"!!"04NP-43%!!&P'58a&!3!!6NC*6%8"!!"D4NP-43%!!%p'58a&!3!
+!@dC*6%8"!!"34NP-43%!!&a'58a&!3!!5dC*6%8"!!"A4NP-43%!!%a'58a&!3!
+!@%C*6%8"!!"Z4NP-43%!!'p'58a&!3!"LNC*6%8"!!"X4NP-43%!!'e'58a&!3!
+"L8C*6%8"!!',4NP-43%!!'9'58a&!3!!D8C*6%8"!!"S4NP-43%!!'G'58a&!3!
+!BdC*6%8"!!"N4NP-43%!!'&'58a&!3!!DNC*6%8"!!"L4NP-43%!!'C'58a&!3!
+!8dC*6%8"!!"84NP-43%!!&9'58a&!3!!9NC*6%8"!!"*4NP-43%!!%T'58a&!3!
+!ANC*6%8"!!"54NP-43%!!$T'58a&!3!!GdC*6%8"!!!c4NP-43%!!(4'58a&!3!
+!,dC*6%8"!!!Z4NP-43%!!#e'58a&!3!!28C*6%8"!!!d4NP-43%!!Ba'58a&!3!
+!88C*6%8"!!!`4NP-43%!!&p'58a&!3!!B%C*6%8"!!"V4e*98!!!!!!!!!!!!Q*
+Q!!!!"8C*6%8"!!##4NP-43%!!(p'58a&!3!!J%C*6%8"!!"q4NP-43%!!)&(8P9
+3!!!!!!!!!!!$BQP[!!!!$NC*6%8"!!#%4NP-43%!!Be'58a&!3!!JdC*6%8"!!'
+14NP-43%!!C&'58a&!3!"MdC*6%8"!!'3!%C*6%8"!!#&4NP-43%!!C*'58a&!3!
+"J%C*6%8"!!'(4NP-43%!!C9'58a&!3!"NdC*6%8"!!'84e*98!!!!!!!!!!!!Q*
+Z!!!!&%C*6%8"!!#'4NP-43%!!)P'58a&!3!!LdC*6%8"!!#14NP-43%!!DC'58a
+&!3!!N8C*6%8"!!#64NP-43%!!*4'58a&!3!!PNC*6%8"!!#B4NP-43%!!)K'58a
+&!3!!M8C*6%8"!!#54NP-43%!!)T'58a&!3!!PdC*6%8"!!#(4NP-43%!!*9'58a
+&!3!!MdC*6%8"!!#3!%C*6%8"!!#-4e*98!!!!!!!!!!!"Q*eCQCPFJ!!!!*'58a
+&!3!!Q8C*6%8"!!#D4e*98!!!!!!!!!!!"'0KFh3!!!!&4NP-43%!!*p'58a&!3!
+!R%C*6%8"!!#G4NP-43%!!*Y'58a&!3!!RNG599!!!!!!!!!!!!4MEfe`!!!!!dC
+*6%8"!!#J4NP-43%!!+&'58a&!3!!SNG599!!!!!!!!!!!!4MEfjQ!!!!!NC*6%8
+"!!#M4NP-43%!!+4(8P93!!!!!!!!!!!$C'9c!!!!'NC*6%8"!!#P4NP-43%!!+C
+'58a&!3!!U%C*6%8"!!#T4NP-43%!!+Y'58a&!3!!V%C*6%8"!!#Z4NP-43%!!CC
+'58a&!3!!VdC*6%8"!!#b4NP-43%!!,0'58a&!3!!Y%C*6%8"!!#e4NP-43%!!,C
+'58a&!3!!Z%C*6%8"!!#j4NP-43%!!,T'58a&!3!!UNC*6%8"!!#`4NP-43%!!,G
+'58a&!3!![8C*6%8"!!#l4NP-43%!!+G'58a&!3!!X8C*6%8"!!#m4NP-43%!!+e
+(8P93!!!!!!!!!!!#C'J!!!!&4NP-43%!!-"'58a&!3!!`8C*6%8"!!$#4NP-43%
+!!,j'58a&!3!![dG599!!!!!!!!!!!!0NFf%!!!!)4NP-43%!!-9'58a&!3!!aNC
+*6%8"!!$(4NP-43%!!-0'58a&!3!!b8C*6%8"!!$)4NP-43%!!-4'58a&!3!"JNG
+599!!!!!!!!!!!!0PFR)!!!!$4NP-43%!!-T'58a&!3!!bdC*6%8"!!$-4e*98!!
+!!!!!!!!!!f9fF!!!!$p'58a&!3!!ddC*6%8"!!$54NP-43%!!04'58a&!3!!eNC
+*6%8"!!$V4NP-43%!!0e'58a&!3!!j%C*6%8"!!$c4NP-43%!!1a'58a&!3!!hNC
+*6%8"!!$P4NP-43%!!24'58a&!3!!k%C*6%8"!!$D4NP-43%!!2G'58a&!3!"!NC
+*6%8"!!$K4NP-43%!!2"'58a&!3!!q%C*6%8"!!$Y4NP-43%!!0p'58a&!3!!jNC
+*6%8"!!$e4NP-43%!!1P'58a&!3!!fdC*6%8"!!$L4NP-43%!!2&'58a&!3!!kNC
+*6%8"!!$F4NP-43%!!10'58a&!3!!mNC*6%8"!!$Z4NP-43%!!1"'58a&!3!!jdC
+*6%8"!!$f4NP-43%!!2j'58a&!3!!qdC*6%8"!!$m4NP-43%!!3"'58a&!3!"!8C
+*6%8"!!$j4NP-43%!!2T'58a&!3!!r8C*6%8"!!$r4NP-43%!!3C'58a&!3!""dC
+*6%8"!!%)4NP-43%!!3P'58a&!3!""8C*6%8"!!%%4NP-43%!!30'58a&!3!!cdC
+*6%8"!!$04NP-43%!!-j'58a&!3!!e8C*6%8"!!$[4NP-43%!!0&'58a&!3!!edC
+*6%8"!!$34NP-43%!!0P'58a&!3!!f%C*6%8"!!'A4NP-43%!!CK(8P93!!!!!!!
+!!!!%D'eKB`!!!!&'58a&!3!"#NG599!!!!!!!!!!!!4TC'9K!!!!"8C*6%8"!!%
+,4NP-43%!!3a'58a&!3!"$NC*6%8"!!%04NP-43%!!3p(8P93!!!!!!!!!!!&E'K
+KFfJ!!!!#4NP-43%!!4"'58a&!3!"%8G599!!!!!!!!!!!!0YC$)!!!!#4NP-43%
+!!4*'58a&!3!"%dG599!!!!!!!!!!!!0YC$8!!!!#4NP-43%!!44'58a&!3!"&8G
+599!!!!!!!!!!!!4YC'-b!!!!!NC*6%8"!!%@4NP-43%!!4G(8P93!!!!!!!!!!!
+(Ef*UC@0dF`!!!!4'58a&!3!"'dC*6%8"!!%B4NP-43%!!4T'58a&!3!"'8G599!
+!!!!!!!!!!!0`C@d!!!!'4NP-43%!!5&'58a&!3!")%C*6%8"!!%H4NP-43%!!4p
+'58a&!3!"(%C*6%8"!!%G4e*98!!!!!!!!!!!"R"VBh-a-J!!!""'58a&!3!")NC
+*6%8"!!%M4NP-43%!!54'58a&!3!"*8C*6%8"!!%Q4NP-43%!!5G'58a&!3!"+%C
+*6%8"!!%T4NP-43%!!5T'58a&!3!"+dC*6%8"!!%X4NP-43%!!5e'58a&!3!",NC
+*6%8"!!%[4NP-43%!!CP'58a&!3!"-%G599!!!!!!!!!!!!9`Df0c0`!!!!C'58a
+&!3!"-NC*6%8"!!%c4NP-43%!!6&'58a&!3!"R%C*6%8"!!'D4NP-43%!!CY(8P9
+3!!!!!!!!!!!%FQ&ZC!!!!!4'58a&!3!"0%C*6%8"!!%e4NP-43%!!6C'58a&!3!
+"TdG599!!!!!!!!!!!!0bBc)!!!!&4NP-43%!!6T'58a&!3!"1dC*6%8"!!%j4NP
+-43%!!6G'58a&!3!"1%G599!!!!!!!!!!!!0bBc3!!!!#4NP-43%!!6e'58a&!3!
+"2%G599!!!!!!!!!!!!0bBc8!!!!&4NP-43%!!8*'58a&!3!"3%C*6%8"!!&"4NP
+-43%!!6j'58a&!3!"2dG599!!!!!!!!!!!!CbDA"PE@3!!!!#4NP-43%!!80'58a
+&!3!"4%G599!!!!!!!!!!!!0bFf%!!!!-4NP-43%!!89'58a&!3!"4dC*6%8"!!&
+)4NP-43%!!8e'58a&!3!"6%C*6%8"!!&'4NP-43%!!8Y'58a&!3!"6NC*6%8"!!&
+*4NP-43%!!8T'58a&!3!"R8C*6%8"!!'H4e*98!!!!!!!!!!!!h0SB3!!!!4'58a
+&!3!"88C*6%8"!!&24NP-43%!!9*'58a&!3!"8%G599!!!!!!!!!!!!9cG'&MD`!
+!!!&'58a&!3!"8dG599!!!!!!!!!!!!CdH(4IC')!!!!"4NP-43%!!94(8P93!!!
+!!!!!!!!%H$8`13!!!"9'58a&!3!"A%C*6%8"!!&E4NP-43%!!@&'58a&!3!"@NC
+*6%8"!!&J4NP-43%!!@*'58a&!3!"JdC*6%8"!!&Q4NP-43%!!@0'58a&!3!"@%C
+*6%8"!!&G4NP-43%!!9G'58a&!3!"C8C*6%8"!!&H4NP-43%!!9P'58a&!3!"AdC
+*6%8"!!&R4NP-43%!!@4'58a&!3!"K%C*6%8"!!&94NP-43%!!9C(8P93!!!!!!!
+!!!!'H$8`1ABc!!!!&8C*6%8"!!&V4NP-43%!!@a'58a&!3!"E8C*6%8"!!&a4NP
+-43%!!A0'58a&!3!"G8C*6%8"!!&h4NP-43%!!AT'58a&!3!"D%C*6%8"!!&b4NP
+-43%!!@T'58a&!3!"H%C*6%8"!!&T4NP-43%!!AC'58a&!3!"G%C*6%8"!!&`4NP
+-43%!!AP'58a&!3!"ENC*6%8"!!&[4NP-43%!!B9'58a&!3!"KNG599!!!!!!!!!
+!!!0cFf`!!!!M4NP-43%!!"0'58a&!3!!&8C*6%8"!!!34NP-43%!!"*'58a&!3!
+!%8C*6%8"!!!84NP-43%!!"T'58a&!3!!(%C*6%8"!!!A4NP-43%!!"P'58a&!3!
+!'%C*6%8"!!!E4NP-43%!!"C'58a&!3!!$8C*6%8"!!!24NP-43%!!!Y'58a&!3!
+!$%C*6%8"!!!14NP-43%!!#Y'58a&!3!!,%C*6%8"!!!S4NP-43%!!#T'58a&!3!
+!+8C*6%8"!!!M4NP-43%!!#*'58a&!3!!(dC*6%8"!!!P4NP-43%!!#"'58a&!3!
+!*NC*6%8"!!!N4NP-43%!!"j'58a&!3!!*dC*6%8"!!!G4NP-43%!!!T'58a&!3!
+!)8G599!!!!!!!!!!!!j(990*)%aTBR*KFQPPF`!!!!0'58a&!J!!,dG599!!!!!
+!!!!!!!038%-!!!!$4NP-43)!!$"'58a&!J!!-8C*6%8#!!!b4e*98!!!!!!!!!!
+!!cBiD`!!!!0'58a&"3!!&%C*6%8&!!!94NP-438!!"C(8P93!!!!!!!!!!!138j
+655"-D@*bBA*TCA-!!!!#4e*98!!!!!!!!!!!!e"33`!!!!*'58a&!3!!!8C*6%8
+"!!&r4e*98!!!!!!!!!!!!cBiD`!!!!*'58a&!`!"S%C*6%8$!!'K4e*98!!!!!!
+!!!!!$8eKBb"-D@*bBA*TCA-!!!!#4e*98!!!!!!!!!!!!e"33`!!!!P'58a&!3!
+!"%C*6%8"!!!#4NP-43%!!!0'58a&!3!!#8C*6%8"!!!)4NP-43%!!!G'58a&!3!
+!"NC*6%8"!!!&4NP-43%!!D9(8P93!!!!!!!!!!!$0MKV!!!!"NC*6%8$!!'D4NP
+-43-!!D*'58a&!`!"R%C*6%8$!!'G4NP-43-!!Cp'58a&!`!"Q`!!!"J!!!)!!!)
+!!!!!!J%!"3!!!!!#!J!-!!!!!!)$!!S!!!!!!J3!!J!!!!!#"3!&!!!!!!)'!!)
+!!!!!!JF!"J!!!!!##!!0!!!!!!)*!!8!!!!!!JS!"3!!!!!##`!"!!!!!!)-!!%
+!!!!!!Jd!"`!!!!!#$J!)!!!!!!)2!!8!!!!!!K!!!J!!!!!#%3!#!!!!!!)5!!J
+!!!!!!K-!!3!!!!!#&!!"!!!!!!)9!!J!!!!!!KB!#3!!!!!#&`!%!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!#"J%#!!!c"`%#!!!d!!!!!J3""3!!)!J""3!
+!(`!!!HJ!!!)!!!!6k3!!&!!!!!(S!&j1G!!-6PB!!#m+,`-NEJ!35Ui!!!$*!!!
+!i!!!&0i!!"J!!!!!b3!-,bi!##"U!-JJD!"i6T!!-"mf!!!!!K%!!!)5!!!#%`!
+!!K3!!!)9!!!"p3!!!HJ!!!(H!!!"d3!!!IX!!!(3!!!"p!!!!I`!!!)"!!!"U3!
+!!DS!!!'V!!!!,!!!!#d!!!!Z!!!!,`!!!$!!!!!a!!!!-J!!!$-!!!!d!!!!03!
+!!$B!!!!h!!!!1!!!!$N!!!!k!!!!1`!!!BF!!!!m!!!!23!!!$i!!!!r!!!!3!!
+!!%%!!!',!!!!3J!!!%-!!!"%!!!!43!!!%B!!!"(!!!"kJ!!!Am!!!"p!!!!IJ!
+!!(m!!!'5!!!"N3!!!)!!!!#"!!!!c!!!!B`!!!$0!!!!JJ!!!)-!!!$1!!!!c`!
+!!!N!!!(a!!!!K3!!!)B!!!#(!!!"T3!!!)J!!!#*!!!!LJ!!!)X!!!#-!!!!M3!
+!!)i!!!#2!!!!N!!!!!#4!!!!NJ!!!*-!!!#8!!!!P3!!!*B!!!#A!!!"N`!!!Bi
+!!!'2!!!"M3!!!C!!!!!!K!!!!*J!!!#C!!!#"!!!!93!!!&9!!!"P!!!!BB!!!)
+(!!!##!!!!D`!!!#N!!!!T3!!!+B!!!#R!!!!U!!!!KB!!!'Y!!!!R`!!!+)!!!#
+M!!!"R`!!!AS!!!'Z!!!"V`!!!AX!!!)!!!!"RJ!!!0!!!!#D!!!!Q`!!!*`!!!#
+G!!!!S!!!!*i!!!#K!!!!5!!!!%N!!!"+!!!!5`!!!%`!!!"0!!!!6J!!!%m!!!)
+&!!!#"J!!!+N!!!'`!!!"X3!!!,d!!!#q!!!![`!!!-!!!!$"!!!!d3!!!E)!!!'
+c!!!!`J!!!--!!!$%!!!!a3!!!-B!!!'"!!!!a`!!!-J!!!#U!!!!U`!!!+`!!!'
+d!!!!dJ!!!+d!!!'9!!!!b3!!!D!!!!'e!!!!bJ!!!-X!!!"3!!!!d`!!!03!!!$
+9!!!!eJ!!!0F!!!$B!!!"I!!!!0N!!!$D!!!!f`!!!0`!!!$G!!!!hJ!!!0m!!!$
+J!!!!i3!!!1)!!!$M!!!!j!!!!18!!!$Q!!!!j`!!!1J!!!$T!!!!kJ!!!1X!!!$
+X!!!!l3!!!1i!!!$[!!!!m!!!!2%!!!$b!!!!m`!!!23!!!$e!!!!pJ!!!2F!!!#
+Z!!!!V`!!!J-!!!(D!!!"l3!!!&%!!!"5!!!!8`!!!H`!!!'f!!!"Y`!!!EJ!!!(
+L!!!"i!!!!D%!!!(E!!!"c3!!!F`!!!(F!!!"cJ!!!Gd!!!(2!!!"#3!!!&3!!!"
+9!!!!9J!!!&F!!!"B!!!!@3!!!&S!!!"E!!!!!3!!!3S!!!%,!!!"$!!!!3d!!!%
+1!!!"$`!!!4!!!!(f!!!"k3!!!HF!!!(Q!!!"i`!!!H8!!!(I!!!"rJ!!!Id!!!(
+5!!!"SJ!!!!)!!!(C!!!"%3!!!4)!!!%6!!!"&!!!!48!!!%@!!!"-`!!!Ad!!!'
+M!!!"p`!!!GJ!!!!!!!!"d`!!!!-!!!(A!!!"IJ!!!IJ!!!(V!!!"q3!!!Hi!!!$
+i!!!!q3!!!2S!!!$l!!!!r!!!!2d!!!$q!!!!r`!!!3!!!!%"!!!"Z3!!!&`!!!"
+G!!!"&`!!!4J!!!%C!!!!X!!!!,%!!!#b!!!"j!!!!H%!!!'k!!!"e!!!!!3!!!!
+&!!!"e3!!!GB!!!!'!!!!"`!!!4S!!!%K!!!")J!!!5-!!!%N!!!"*3!!!5B!!!%
+R!!!"+!!!!5N!!!%U!!!"+`!!!5`!!!'B!!!",3!!!5i!!!'@!!!"P`!!!&i!!!"
+I!!!!B!!!!'%!!!"L!!!!B`!!!'3!!!"P!!!!CJ!!!'F!!!"S!!!!D3!!!'S!!!#
+c!!!"qJ!!!I-!!!%E!!!"(!!!!4d!!!%H!!!"(`!!!5!!!!%[!!!"Q3!!!6!!!!%
+a!!!"QJ!!!CX!!!'l!!!"[!!!!6)!!!'p!!!"T!!!!JN!!!)+!!!##`!!!J`!!!)
+0!!!#$J!!!I!!!!)2!!!"!J!!!3-!!!%%!!!""3!!!3B!!!%(!!!"#!!!!,3!!!%
+d!!!"T`!!!DB!!!#e!!!"03!!!6B!!!%h!!!"1!!!!6N!!!%k!!!"1`!!!6`!!!%
+p!!!"2J!!!6m!!!&!!!!"33!!!,B!!!#h!!!"[J!!!Hm!!!)3!!!"3J!!!8-!!!#
+i!!!"[`!!!C`!!!&%!!!"43!!!8B!!!&(!!!"5!!!!Cd!!!&*!!!"5J!!!8X!!!&
+-!!!"63!!!!S!!!!,!!!!$!!!!!d!!!!1!!!!$`!!!"!!!!!4!!!!%J!!!"-!!!!
+8!!!!&3!!!"B!!!!A!!!!'!!!!"N!!!!D!!!!'`!!!F!!!!#j!!!"6J!!!8m!!!&
+3!!!"83!!!F%!!!(r!!!"`J!!!F-!!!!F!!!!(3!!!"i!!!!I!!!!)!!!!#%!!!!
+L!!!!)`!!!#3!!!!P!!!!*J!!!9)!!!#k!!!!Z`!!!F3!!!(&!!!"aJ!!!FF!!!(
+,!!!!*`!!!#J!!!!T!!!!+J!!!#X!!!)#!!!!#!!!!9-!!!'+!!!!D`!!!'`!!!"
+Y!!!"L!!!!'i!!!'*!!!"C`!!!@J!!!&T!!!"DJ!!!@X!!!&X!!!"E3!!!@i!!!&
+[!!!"F!!!!A%!!!&b!!!"K3!!!A-!!!&d!!!"G3!!!AB!!!'%!!!"G`!!!AJ!!!&
+j!!!"b!!!!FN!!!'S!!!"bJ!!!9B!!!&A!!!"JJ!!!9J!!!&C!!!"@J!!!9X!!!&
+F!!!"A3!!!9i!!!&I!!!"B!!!!@%!!!&L!!!"J`!!!@-!!!&N!!!"C3!!!,`!!!(
+b!!!!E`!!!@B!!!"`!!!!F3!!!()!!!"c!!!!G!!!!(8!!!"f!!!!G`!!!(J!!!"
+j!!!!HJ!!!(X!!!"m!!!"J!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!"!!!!-P*26e3!!!!!!!!!!!!!!!!'4e*98!!!!!!!!!!"$P*[H5Gc)%G
+PG%K89&"6!!!!"8C*6%8"!!'L4NP-43%!!D0'58a&!3!"U%C*6%8"!!'K4NP-43%
+!!D"(8P93!!!!!!!!!!)66h"PEP066#""F("XD@0KG'P[EJ!!!#0'58a&!J!!(%C
+*6%8#!!!U4NP-43)!!!e'58a&!J!!)%C*6%8#!!!54NP-43)!!"0'58a&!J!!&NC
+*6%8#!!!B4NP-43)!!"G'58a&!J!!$NC*6%8#!!!H4NP-43)!!"&'58a&!J!!%%C
+*6%8#!!!K4NP-43)!!"4'58a&!J!!&8C*6%8#!!!X4NP-43)!!"T'58a&!J!!'8C
+*6%8#!!!S4NP-43)!!#G'58a&!J!!*%C*6%8#!!!Y4NP-43)!!!Y'58a&!J!!*NC
+*6%8#!!!T4NP-43)!!!a'58a&!J!!+dC*6%8#!!!L4NP-43)!!!p'58a&!J!!'dC
+*6%8#!!!G4NP-43)!!"p'58a&!J!!*8C*6%8#!!!M4e*98!!!!!!!!!!$%8p`C@j
+68d`J6'PLFQ&bD@9c!!!!"%G599!!!!!!!!!!"!038%-!!!!#4NP-43)!!$0'58a
+&!J!!0%G599!!!!!!!!!!"3-f1'X!!!!#4NP-438!!#"'58a&"3!!(dG599!!!!!
+!!!!!"JCMFRP`G'm!!!!S4NP-43%!!Aa'58a&!3!"INC*6%8"!!'N4NP-43%!!Cp
+'58a&!3!"I8C*6%8"!!&l4e*98!!!!!!!!!!("'&cEM%!!!"A4NP-43%!!$j'58a
+&!3!!-8C*6%8"!!"&4NP-43%!!$P'58a&!3!!3dC*6%8"!!!m4NP-43%!!$p'58a
+&!3!!3%C*6%8"!!"%4NP-43%!!%&'58a&!3!!0dC*6%8"!!!e4NP-43%!!$Y'58a
+&!3!!-NC*6%8"!!!i4NP-43%!!%K'58a&!3!!4NC*6%8"!!"#4NP-43%!!$C'58a
+&!3!!4dC*6%8"!!')4NP-43%!!("'58a&!3!!I%C*6%8"!!"i4NP-43%!!(T'58a
+&!3!!H8C*6%8"!!"a4NP-43%!!(C'58a&!3!!FNC*6%8"!!"p4NP-43%!!B&'58a
+&!3!!FdC*6%8"!!"e4NP-43%!!(Y'58a&!3!!A8C*6%8"!!"04NP-43%!!&P'58a
+&!3!!6NC*6%8"!!"D4NP-43%!!%p'58a&!3!!@dC*6%8"!!"34NP-43%!!&a'58a
+&!3!!5dC*6%8"!!"A4NP-43%!!%a'58a&!3!!@%C*6%8"!!"Z4NP-43%!!'p'58a
+&!3!"LNC*6%8"!!"X4NP-43%!!'e'58a&!3!"L8C*6%8"!!',4NP-43%!!'9'58a
+&!3!!D8C*6%8"!!"S4NP-43%!!'G'58a&!3!!BdC*6%8"!!"N4NP-43%!!'&'58a
+&!3!!DNC*6%8"!!"L4NP-43%!!'C'58a&!3!!8dC*6%8"!!"84NP-43%!!&9'58a
+&!3!!9NC*6%8"!!"*4NP-43%!!%T'58a&!3!!ANC*6%8"!!"54NP-43%!!$T'58a
+&!3!!GdC*6%8"!!!c4NP-43%!!(4'58a&!3!!,dC*6%8"!!!Z4NP-43%!!#e'58a
+&!3!!28C*6%8"!!!d4NP-43%!!Ba'58a&!3!!88C*6%8"!!!`4NP-43%!!&p'58a
+&!3!!B%C*6%8"!!"V4e*98!!!!!!!!!!)!Q*Q!!!!"8C*6%8"!!##4NP-43%!!(p
+'58a&!3!!J%C*6%8"!!"q4NP-43%!!)&(8P93!!!!!!!!!!N$BQP[!!!!$NC*6%8
+"!!#%4NP-43%!!Be'58a&!3!!JdC*6%8"!!'14NP-43%!!C&'58a&!3!"MdC*6%8
+"!!'3!%C*6%8"!!#&4NP-43%!!C*'58a&!3!"J%C*6%8"!!'(4NP-43%!!C9'58a
+&!3!"NdC*6%8"!!'84e*98!!!!!!!!!!+!Q*Z!!!!&%C*6%8"!!#'4NP-43%!!)P
+'58a&!3!!LdC*6%8"!!#14NP-43%!!DC'58a&!3!!N8C*6%8"!!#64NP-43%!!*4
+'58a&!3!!PNC*6%8"!!#B4NP-43%!!)K'58a&!3!!M8C*6%8"!!#54NP-43%!!)T
+'58a&!3!!PdC*6%8"!!#(4NP-43%!!*9'58a&!3!!MdC*6%8"!!#3!%C*6%8"!!#
+-4e*98!!!!!!!!!!,"Q*eCQCPFJ!!!!*'58a&!3!!Q8C*6%8"!!#D4e*98!!!!!!
+!!!!-"'0KFh3!!!!&4NP-43%!!*p'58a&!3!!R%C*6%8"!!#G4NP-43%!!*Y'58a
+&!3!!RNG599!!!!!!!!!!$34MEfe`!!!!!dC*6%8"!!#J4NP-43%!!+&'58a&!3!
+!SNG599!!!!!!!!!!$J4MEfjQ!!!!!NC*6%8"!!#M4NP-43%!!+4(8P93!!!!!!!
+!!!m$C'9c!!!!'NC*6%8"!!#P4NP-43%!!+C'58a&!3!!U%C*6%8"!!#T4NP-43%
+!!+Y'58a&!3!!V%C*6%8"!!#Z4NP-43%!!CC'58a&!3!!VdC*6%8"!!#b4NP-43%
+!!,0'58a&!3!!Y%C*6%8"!!#e4NP-43%!!,C'58a&!3!!Z%C*6%8"!!#j4NP-43%
+!!,T'58a&!3!!UNC*6%8"!!#`4NP-43%!!,G'58a&!3!![8C*6%8"!!#l4NP-43%
+!!+G'58a&!3!!X8C*6%8"!!#m4NP-43%!!+e(8P93!!!!!!!!!"!#C'J!!!!&4NP
+-43%!!-"'58a&!3!!`8C*6%8"!!$#4NP-43%!!,j'58a&!3!![dG599!!!!!!!!!
+!%30NFf%!!!!)4NP-43%!!-9'58a&!3!!aNC*6%8"!!$(4NP-43%!!-0'58a&!3!
+!b8C*6%8"!!$)4NP-43%!!-4'58a&!3!"JNG599!!!!!!!!!!%J0PFR)!!!!$4NP
+-43%!!-T'58a&!3!!bdC*6%8"!!$-4e*98!!!!!!!!!!6!f9fF!!!!$p'58a&!3!
+!ddC*6%8"!!$54NP-43%!!04'58a&!3!!eNC*6%8"!!$V4NP-43%!!0e'58a&!3!
+!j%C*6%8"!!$c4NP-43%!!1a'58a&!3!!hNC*6%8"!!$P4NP-43%!!24'58a&!3!
+!k%C*6%8"!!$D4NP-43%!!2G'58a&!3!"!NC*6%8"!!$K4NP-43%!!2"'58a&!3!
+!q%C*6%8"!!$Y4NP-43%!!0p'58a&!3!!jNC*6%8"!!$e4NP-43%!!1P'58a&!3!
+!fdC*6%8"!!$L4NP-43%!!2&'58a&!3!!kNC*6%8"!!$F4NP-43%!!10'58a&!3!
+!mNC*6%8"!!$Z4NP-43%!!1"'58a&!3!!jdC*6%8"!!$f4NP-43%!!2j'58a&!3!
+!qdC*6%8"!!$m4NP-43%!!3"'58a&!3!"!8C*6%8"!!$j4NP-43%!!2T'58a&!3!
+!r8C*6%8"!!$r4NP-43%!!3C'58a&!3!""dC*6%8"!!%)4NP-43%!!3P'58a&!3!
+""8C*6%8"!!%%4NP-43%!!30'58a&!3!!cdC*6%8"!!$04NP-43%!!-j'58a&!3!
+!e8C*6%8"!!$[4NP-43%!!0&'58a&!3!!edC*6%8"!!$34NP-43%!!0P'58a&!3!
+!f%C*6%8"!!'A4NP-43%!!CK(8P93!!!!!!!!!"3%D'eKB`!!!!&'58a&!3!"#NG
+599!!!!!!!!!!&34TC'9K!!!!"8C*6%8"!!%,4NP-43%!!3a'58a&!3!"$NC*6%8
+"!!%04NP-43%!!3p(8P93!!!!!!!!!"B&E'KKFfJ!!!!#4NP-43%!!4"'58a&!3!
+"%8G599!!!!!!!!!!&`0YC$)!!!!#4NP-43%!!4*'58a&!3!"%dG599!!!!!!!!!
+!'!0YC$8!!!!#4NP-43%!!44'58a&!3!"&8G599!!!!!!!!!!'34YC'-b!!!!!NC
+*6%8"!!%@4NP-43%!!4G(8P93!!!!!!!!!"S(Ef*UC@0dF`!!!!4'58a&!3!"'dC
+*6%8"!!%B4NP-43%!!4T'58a&!3!"'8G599!!!!!!!!!!'`0`C@d!!!!'4NP-43%
+!!5&'58a&!3!")%C*6%8"!!%H4NP-43%!!4p'58a&!3!"(%C*6%8"!!%G4e*98!!
+!!!!!!!!F"R"VBh-a-J!!!""'58a&!3!")NC*6%8"!!%M4NP-43%!!54'58a&!3!
+"*8C*6%8"!!%Q4NP-43%!!5G'58a&!3!"+%C*6%8"!!%T4NP-43%!!5T'58a&!3!
+"+dC*6%8"!!%X4NP-43%!!5e'58a&!3!",NC*6%8"!!%[4NP-43%!!CP'58a&!3!
+"-%G599!!!!!!!!!!(39`Df0c0`!!!!C'58a&!3!"-NC*6%8"!!%c4NP-43%!!6&
+'58a&!3!"R%C*6%8"!!'D4NP-43%!!CY(8P93!!!!!!!!!"i%FQ&ZC!!!!!4'58a
+&!3!"0%C*6%8"!!%e4NP-43%!!6C'58a&!3!"TdG599!!!!!!!!!!(`0bBc)!!!!
+&4NP-43%!!6T'58a&!3!"1dC*6%8"!!%j4NP-43%!!6G'58a&!3!"1%G599!!!!!
+!!!!!)!0bBc3!!!!#4NP-43%!!6e'58a&!3!"2%G599!!!!!!!!!!)30bBc8!!!!
+&4NP-43%!!8*'58a&!3!"3%C*6%8"!!&"4NP-43%!!6j'58a&!3!"2dG599!!!!!
+!!!!!)JCbDA"PE@3!!!!#4NP-43%!!80'58a&!3!"4%G599!!!!!!!!!!)`0bFf%
+!!!!-4NP-43%!!89'58a&!3!"4dC*6%8"!!&)4NP-43%!!8e'58a&!3!"6%C*6%8
+"!!&'4NP-43%!!8Y'58a&!3!"6NC*6%8"!!&*4NP-43%!!8T'58a&!3!"R8C*6%8
+"!!'H4e*98!!!!!!!!!!N!h0SB3!!!!4'58a&!3!"88C*6%8"!!&24NP-43%!!9*
+'58a&!3!"8%G599!!!!!!!!!!*39cG'&MD`!!!!&'58a&!3!"8dG599!!!!!!!!!
+!*JCdH(4IC')!!!!"4NP-43%!!94(8P93!!!!!!!!!#F%H$8`13!!!"9'58a&!3!
+"A%C*6%8"!!&E4NP-43%!!@&'58a&!3!"@NC*6%8"!!&J4NP-43%!!@*'58a&!3!
+"JdC*6%8"!!&Q4NP-43%!!@0'58a&!3!"@%C*6%8"!!&G4NP-43%!!9G'58a&!3!
+"C8C*6%8"!!&H4NP-43%!!9P'58a&!3!"AdC*6%8"!!&R4NP-43%!!@4'58a&!3!
+"K%C*6%8"!!&94NP-43%!!9C(8P93!!!!!!!!!#J'H$8`1ABc!!!!&8C*6%8"!!&
+V4NP-43%!!@a'58a&!3!"E8C*6%8"!!&a4NP-43%!!A0'58a&!3!"G8C*6%8"!!&
+h4NP-43%!!AT'58a&!3!"D%C*6%8"!!&b4NP-43%!!@T'58a&!3!"H%C*6%8"!!&
+T4NP-43%!!AC'58a&!3!"G%C*6%8"!!&`4NP-43%!!AP'58a&!3!"ENC*6%8"!!&
+[4NP-43%!!B9'58a&!3!"KNG599!!!!!!!!!!+30cFf`!!!!M4NP-43%!!"0'58a
+&!3!!&8C*6%8"!!!34NP-43%!!"*'58a&!3!!%8C*6%8"!!!84NP-43%!!"T'58a
+&!3!!(%C*6%8"!!!A4NP-43%!!"P'58a&!3!!'%C*6%8"!!!E4NP-43%!!"C'58a
+&!3!!$8C*6%8"!!!24NP-43%!!!Y'58a&!3!!$%C*6%8"!!!14NP-43%!!#Y'58a
+&!3!!,%C*6%8"!!!S4NP-43%!!#T'58a&!3!!+8C*6%8"!!!M4NP-43%!!#*'58a
+&!3!!(dC*6%8"!!!P4NP-43%!!#"'58a&!3!!*NC*6%8"!!!N4NP-43%!!"j'58a
+&!3!!*dC*6%8"!!!G4NP-43%!!!T'58a&!3!!)8G599!!!!!!!!!!+Jj(990*)%a
+TBR*KFQPPF`!!!!0'58a&!J!!,dG599!!!!!!!!!!+`038%-!!!!$4NP-43)!!$"
+'58a&!J!!-8C*6%8#!!!b4e*98!!!!!!!!!!X!cBiD`!!!!0'58a&"3!!&%C*6%8
+&!!!94NP-438!!"C(8P93!!!!!!!!!#d138j655"-D@*bBA*TCA-!!!!#4e*98!!
+!!!!!!!!Z!e"33`!!!!*'58a&!3!!!8C*6%8"!!&r4e*98!!!!!!!!!![!cBiD`!
+!!!*'58a&!`!"S%C*6%8$!!'K4e*98!!!!!!!!!!`$8eKBb"-D@*bBA*TCA-!!!!
+#4e*98!!!!!!!!!!a!e"33`!!!!P'58a&!3!!"%C*6%8"!!!#4NP-43%!!!0'58a
+&!3!!#8C*6%8"!!!)4NP-43%!!!G'58a&!3!!"NC*6%8"!!!&4NP-43%!!D9(8P9
+3!!!!!!!!!$)$0MKV!!!!"NC*6%8$!!'D4NP-43-!!D*'58a&!`!"R%C*6%8$!!'
+G4NP-43-!!Cp'58a&!`!"Q`!!!4#V3!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!"+!!!'!"YFh4b!!!!!!!!!!!!!!!!!!!C+!!!#S"YFh4X!!!!!!!
+!!!!!!!!!!!!MU!!!!i"YFh4Z!!!!!!!!!!!!!!!!!!!R+!!!'!"YFh4b!!!$k!!
+!!!!!!!!!!!!r+!!!'B"YFh4X!!!$k!!!!!!!!!!!!!0TDJ!!#)"YFh4Z!!!$k!!
+!!!!!!!!!!!"E+!!!"4"`FQ9Q!!P'eJ!!!!%!!!!!!!"J1!!!!!K`FQ9Q!!L`,3!
+!!!)!!!!!!!"J3!!!!"T`FQ9Q!!PX2!!!!!-!!!!!!!"J@J!!$+"`FQ9Q!!MrS3!
+!!!3!!!!!!!"XqJ!!"K4`FQ9Q!!L+i3!!!!8!!!!!!!"c$J!!#*C`FQ9Q!!P5m!!
+!!!B!!!!!!!"lT!!!!3G`FQ9Q!!Le63!!!!F!!!!!!!"mU`!!!b"`FQ9Q!!N!,`!
+!!!J!!!!!!!"rb`!!!"4`FQ9Q!!NR4!!!!!N!!!!!!!"rh`!!!!T`FQ9Q!!M`UJ!
+!!!S!!!!!!!"rk3!!!!a`FQ9Q!!L"hJ!!!!X!!!!!!!"rp3!!!!j`FQ9Q!!M0!!!
+!!!`!!!!!!!#!!`!!!3C`FQ9Q!!Kpf3!!!!d!!!!!!!#"#3!!!$j`FQ9Q!!N#K!!
+!!!i!!!!!!!#"4`!!!!j`FQ9Q!!PRC3!!!!m!!!!!!!#"93!!!GT`FQ9Q!!MG@`!
+!!"!!!!!!!!#$,`!!!'*`FQ9Q!!M*!3!!!"%!!!!!!!#$N3!!!"4`FQ9Q!!MP"`!
+!!")!!!!!!!#$T3!!!!T`FQ9Q!!LpV!!!!"-!!!!!!!#$V`!!!!a`FQ9Q!!PJK`!
+!!"3!!!!!!!#$Z`!!!-T`FQ9Q!!L(e!!!!"8!!!!!!!#%K3!!!4K`FQ9Q!!LAh3!
+!!"B!!!!!!!#&R3!!!+K`FQ9Q!!LpP!!!!"F!!!!!!!#'43!!!#j`FQ9Q!!PBJJ!
+!!"J!!!!!!!#'F`!!!Ja`FQ9Q!!N()3!!!"N!!!!!!!#)I`!!4J"YG("X!!!!!3!
+!!!!!!!!!!!$1I`!!"`"YG("c!!!!!3!!!!!!!!!!!!$9I`!!!""YG("T!!!!!3!
+!!!!!!!!!!!$9M`!!"U"YG'a[!!!!!3!!!!!!!!!!!!$F,`!!!#"YG(0X!!!!!3!
+!!!!!!!!!!!$F6`!!"4"`FQ9Q!!NN23!!!"S!!!!!!!$KA`!!!!K`FQ9Q!!M6`J!
+!!"X!!!!!!!$KC`!!!"T`FQ9Q!!KkI3!!!"`!!!!!!!$KJ3!!%0"`FQ9Q!!LKD`!
+!!"d!!!!!!!$b83!!"K4`FQ9Q!!PS2J!!!"i!!!!!!!$iC3!!#*C`FQ9Q!!M14`!
+!!"m!!!!!!!%!q`!!!3G`FQ9Q!!P,IJ!!!#!!!!!!!!%#!J!!!b"`FQ9Q!!Mle3!
+!!#%!!!!!!!%&)J!!!"4`FQ9Q!!NP93!!!#)!!!!!!!%&0J!!!!T`FQ9Q!!LIJJ!
+!!#-!!!!!!!%&3!!!!!a`FQ9Q!!L8Z!!!!#3!!!!!!!%&6!!!!!j`FQ9Q!!P54!!
+!!#8!!!!!!!%&@J!!!3C`FQ9Q!!P'2`!!!#B!!!!!!!%'B!!!!$j`FQ9Q!!N63!!
+!!#F!!!!!!!%'RJ!!!!j`FQ9Q!!MZ(3!!!#J!!!!!!!%'V!!!!GT`FQ9Q!!Lmf!!
+!!#N!!!!!!!%)KJ!!!'*`FQ9Q!!LrK!!!!#S!!!!!!!%)k!!!!"4`FQ9Q!!NchJ!
+!!#X!!!!!!!%)r!!!!!T`FQ9Q!!M,S!!!!#`!!!!!!!%*"J!!!!a`FQ9Q!!N%'3!
+!!#d!!!!!!!%*%J!!!-T`FQ9Q!!NJ2!!!!#i!!!!!!!%*h!!!!4K`FQ9Q!!PIl3!
+!!#m!!!!!!!%+p!!!!+K`FQ9Q!!Lq%J!!!$!!!!!!!!%,R!!!!#j`FQ9Q!!LM0`!
+!!$%!!!!!!!%,bJ!!!Ja`FQ9Q!!NG#`!!!$)!!!!!!!%0eJ!!#J"YG("X!!!!!J!
+!!!!!!!!!!!%AeJ!!!3"YG("c!!!!!J!!!!!!!!!!!!%BeJ!!!""YG("T!!!!!J!
+!!!!!!!!!!!%BjJ!!!0"YG'a[!!!!!J!!!!!!!!!!!!%CYJ!!!#"YG(0X!!!!!J!
+!!!!!!!!!!!%CeJ!!"4"`FQ9Q!!PDj!!!!$-!!!!!!!%HjJ!!!!K`FQ9Q!!NN$!!
+!!$3!!!!!!!%HlJ!!!"T`FQ9Q!!MT*`!!!$8!!!!!!!%I#!!!$+"`FQ9Q!!P`ZJ!
+!!$B!!!!!!!%VU!!!"K4`FQ9Q!!N$-3!!!$F!!!!!!!%a[!!!#5C`FQ9Q!!L9f`!
+!!$J!!!!!!!%kiJ!!!3G`FQ9Q!!LI%`!!!$N!!!!!!!%lk3!!!b"`FQ9Q!!Lj$!!
+!!$S!!!!!!!%r#3!!!"4`FQ9Q!!MhR`!!!$X!!!!!!!%r(3!!!!T`FQ9Q!!M-hJ!
+!!$`!!!!!!!%r*`!!!!a`FQ9Q!!N&m!!!!$d!!!!!!!%r-`!!!!j`FQ9Q!!P[``!
+!!$i!!!!!!!%r33!!!3C`FQ9Q!!MmQ!!!!$m!!!!!!!&!4`!!!$j`FQ9Q!!MK!J!
+!!%!!!!!!!!&!K3!!!!j`FQ9Q!!LfY`!!!%%!!!!!!!&!N`!!!GT`FQ9Q!!MPM!!
+!!%)!!!!!!!&#E3!!!'*`FQ9Q!!PS+!!!!%-!!!!!!!&#c`!!!"4`FQ9Q!!MH03!
+!!%3!!!!!!!&#i`!!!!T`FQ9Q!!PH+3!!!%8!!!!!!!&#l3!!!!a`FQ9Q!!L*a3!
+!!%B!!!!!!!&#q3!!!-T`FQ9Q!!L*,!!!!%F!!!!!!!&$``!!!4K`FQ9Q!!MZ"!!
+!!%J!!!!!!!&%f`!!!+K`FQ9Q!!L@Q`!!!%N!!!!!!!&&J`!!!#j`FQ9Q!!M8&3!
+!!%S!!!!!!!&&X3!!!Ja`FQ9Q!!Lj"J!!!%X!!!!!!!&([3!!4J"YG("X!!!!!`!
+!!!!!!!!!!!'0[3!!"`"YG("c!!!!!`!!!!!!!!!!!!'8[3!!!""YG("T!!!!!`!
+!!!!!!!!!!!'8c3!!!#"YG(0X!!!!!`!!!!!!!!!!!!'8l3!!"T4YG'a[!!!!!`!
+!!!!!!!!!!!'EJ3!!"4"`FQ9Q!!N*[!!!!%`!!!!!!!'JN3!!!!K`FQ9Q!!Kq93!
+!!%d!!!!!!!'JQ3!!!"T`FQ9Q!!M+H`!!!%i!!!!!!!'JX`!!%0"`FQ9Q!!N6p!!
+!!%m!!!!!!!'aJ`!!"K4`FQ9Q!!M$+3!!!&!!!!!!!!'hP`!!#5C`FQ9Q!!L!9`!
+!!&%!!!!!!!(![3!!!3G`FQ9Q!!N`BJ!!!&)!!!!!!!("a!!!!b"`FQ9Q!!M3)3!
+!!&-!!!!!!!(%j!!!!"4`FQ9Q!!L4H3!!!&3!!!!!!!(%q!!!!!T`FQ9Q!!NR0J!
+!!&8!!!!!!!(&!J!!!!a`FQ9Q!!L'$3!!!&B!!!!!!!(&$J!!!!j`FQ9Q!!MR53!
+!!&F!!!!!!!(&(!!!!3C`FQ9Q!!PEH!!!!&J!!!!!!!(')J!!!$j`FQ9Q!!MfA3!
+!!&N!!!!!!!('B!!!!!j`FQ9Q!!N&53!!!&S!!!!!!!('EJ!!!GT`FQ9Q!!LB-`!
+!!&X!!!!!!!()5!!!!'*`FQ9Q!!L6[3!!!&`!!!!!!!()UJ!!!"4`FQ9Q!!LeT`!
+!!&d!!!!!!!()[J!!!!T`FQ9Q!!N,D`!!!&i!!!!!!!()b!!!!!a`FQ9Q!!LcY`!
+!!&m!!!!!!!()e!!!!-T`FQ9Q!!LFj`!!!'!!!!!!!!(*RJ!!!4K`FQ9Q!!N!V3!
+!!'%!!!!!!!(+YJ!!!+K`FQ9Q!!N(2!!!!')!!!!!!!(,AJ!!!#j`FQ9Q!!LQY!!
+!!'-!!!!!!!(,M!!!!Ja`FQ9Q!!M053!!!'3!!!!!!!(0Q!!!#J"YG("X!!!!"!!
+!!!!!!!!!!!(AQ!!!!3"YG("c!!!!"!!!!!!!!!!!!!(BQ!!!!""YG("T!!!!"!!
+!!!!!!!!!!!(BU!!!!#"YG(0X!!!!"!!!!!!!!!!!!!(Bb!!!!)aYG'a[!!!!"!!
+!!!!!!!!!!!(C9!!!"4"`FQ9Q!!MM#`!!!'8!!!!!!!(HC!!!!!K`FQ9Q!!M"$!!
+!!'B!!!!!!!(HE!!!!"T`FQ9Q!!MYHJ!!!'F!!!!!!!(HKJ!!%0"`FQ9Q!!MKm`!
+!!'J!!!!!!!([9J!!"K4`FQ9Q!!Nre3!!!'N!!!!!!!(eDJ!!#5C`FQ9Q!!LZ3J!
+!!'S!!!!!!!(qN!!!!!%(F(*PCJ!)KRi!!!"V!!!!!!!"rjF!!!-JF(*PCJ!)PD8
+!!!"X!!!!!!!#!VF!!!!8F(*PCJ!*0m)!!!"Y!!!!!!!#!XX!!!!+F(*PCJ!*AZd
+!!!"Z!!!!!!!#!Y8!!!!-F(*PCJ!)Vii!!!"[!!!!!!!#!Z%!!!!1F(*PCJ!*,[d
+!!!"`!!!!!!!#!Zm!!!%'F(*PCJ!*'EB!!!"a!!!!!!!#!r8!!!!qF(*PCJ!*0P8
+!!!"b!!!!!!!#"$-!!!!1F(*PCJ!*-D%!!!"c!!!!!!!#"%%!!!(DF(*PCJ!*0"i
+!!!"d!!!!!!!#"KX!!!"LF(*PCJ!)GH!!!!"e!!!!!!!#"Rd!!!!8F(*PCJ!)Q)S
+!!!"f!!!!!!!#"T%!!!!+F(*PCJ!*!Pd!!!"h!!!!!!!#"TX!!!!-F(*PCJ!)PR-
+!!!"i!!!!!!!#"UF!!!$+F(*PCJ!)TC!!!!!!H3!!!!!!!JGa!!!"'("bC@B!#-A
+9!!!!HJ!!!!!!!JL*!!!!U("bC@B!#86U!!!!H`!!!!!!!JNa!!!!,R"bC@B!#@@
+8!!!!I!!!!!!!!JPI!!!#$("bC@B!#(ep!!!!I3!!!!!!!JYV!!!&!'edF'`!!!!
+&!!!!!!!!!!!!!K"V!!!!J'edF(-!!!!&!!!!!!!!!!!!!K$V!!!!%'edF'N!!!!
+&!!!!!!!!!!!!!K$l!!!!)'edFf`!!!!&!!!!!!!!!!!!!K%E!!!!J'edE'm!!!!
+&!!!!!!!!!!!!!K'E!!!&%("bC@B!#8UQ!!!!IJ!!!!!!!KDV!!!!#("bC@B!#22
+(!!!!I`!!!!!!!KDc!!!!'R"bC@B!#3#p!!!!J!!!!!!!!KE0!!!3d("bC@B!#2`
+[!!!!J3!!!!!!!LHG!!!'&("bC@B!#1[4!!!!JJ!!!!!!!Lfa!!!)PR"bC@B!#(,
+9!!!!J`!!!!!!!MC(!!!""h"bC@B!#@rk!!!!K!!!!!!!!MG1!!!$)("bC@B!#1G
+'!!!!K3!!!!!!!MTZ!!!!&("bC@B!#128!!!!KJ!!!!!!!MU#!!!!#R"bC@B!#,1
+q!!!!K`!!!!!!!MU-!!!!$("bC@B!#)c'!!!!L!!!!!!!!MUB!!!!$R"bC@B!#4S
+,!!!!L3!!!!!!!MUQ!!!""R"bC@B!#-iX!!!!LJ!!!!!!!MZX!!!!2R"bC@B!#(C
+#!!!!L`!!!!!!!M[U!!!!$R"bC@B!#@+F!!!!M!!!!!!!!M[i!!!"fR"bC@B!#8(
+h!!!!M3!!!!!!!Mh5!!!!BR"bC@B!#2!L!!!!MJ!!!!!!!Mid!!!!&("bC@B!#(d
+@!!!!M`!!!!!!!Mj)!!!!#R"bC@B!#2iC!!!!N!!!!!!!!!)q8J!!!!a`FQ9Q!!M
+YZ!!!!*%!!!!!!!)qAJ!!!-T`FQ9Q!!Pb83!!!*)!!!!!!!)r+!!!!4K`FQ9Q!!L
+a"3!!!*-!!!!!!!*!3!!!!+K`FQ9Q!!NZf`!!!*3!!!!!!!*!k!!!!#j`FQ9Q!!K
+j[`!!!*8!!!!!!!*"&J!!!Ja`FQ9Q!!Mi,3!!!*B!!!!!!!*$)J!!#J"YG("X!!!
+!"J!!!!!!!!!!!!*0)J!!!3"YG("c!!!!"J!!!!!!!!!!!!*1)J!!!""YG("T!!!
+!"J!!!!!!!!!!!!*1-J!!!)aYG'a[!!!!"J!!!!!!!!!!!!*1[J!!!#"YG(0X!!!
+!"J!!!!!!!!!!!!*1hJ!!"4"`FQ9Q!!Kf)J!!!*F!!!!!!!*6lJ!!!!K`FQ9Q!!N
+bh`!!!*J!!!!!!!*6pJ!!!"T`FQ9Q!!MZB3!!!*N!!!!!!!*8%!!!%0"`FQ9Q!!M
+[m`!!!*S!!!!!!!*Ni!!!"K4`FQ9Q!!NVZ`!!!*X!!!!!!!*Up!!!#*C`FQ9Q!!M
+b!J!!!*`!!!!!!!*cLJ!!!3G`FQ9Q!!P083!!!*d!!!!!!!*dN3!!!b"`FQ9Q!!M
+a13!!!*i!!!!!!!*hX3!!!"4`FQ9Q!!P9h3!!!*m!!!!!!!*ha3!!!!T`FQ9Q!!M
++,3!!!+!!!!!!!!*hc`!!!!a`FQ9Q!!L6T`!!!+%!!!!!!!*hf`!!!!j`FQ9Q!!M
+jB3!!!+)!!!!!!!*hk3!!!3C`FQ9Q!!L0Z`!!!+-!!!!!!!*il`!!!$j`FQ9Q!!M
+P3J!!!+3!!!!!!!*j,3!!!!j`FQ9Q!!N6hJ!!!+8!!!!!!!*j1`!!!GT`FQ9Q!!N
+kJ`!!!+B!!!!!!!*l&3!!!'*`FQ9Q!!N&H!!!!+F!!!!!!!*lG`!!!"4`FQ9Q!!L
+,iJ!!!+J!!!!!!!*lL`!!!!T`FQ9Q!!MDI3!!!+N!!!!!!!*lP3!!!!a`FQ9Q!!K
+l33!!!+S!!!!!!!*lS3!!!-T`FQ9Q!!MlG3!!!+X!!!!!!!*mD`!!!4K`FQ9Q!!L
+e&!!!!+`!!!!!!!*pJ`!!!+K`FQ9Q!!MK1`!!!+d!!!!!!!*q+`!!!#j`FQ9Q!!L
+Y#!!!!+i!!!!!!!*q@3!!!Ja`FQ9Q!!L42`!!!+m!!!!!!!+!C3!!2!"YG("X!!!
+!"`!!!!!!!!!!!!+mC3!!"J"YG("c!!!!"`!!!!!!!!!!!!,#C3!!!""YG("T!!!
+!"`!!!!!!!!!!!!,#G3!!"G4YG'a[!!!!"`!!!!!!!!!!!!,)53!!!#"YG(0X!!!
+!"`!!!!!!!!!!!!,)D3!!"4"`FQ9Q!!NXL3!!!,!!!!!!!!,0H3!!!!K`FQ9Q!!P
+%U3!!!,%!!!!!!!,0J3!!!"T`FQ9Q!!LT(!!!!,)!!!!!!!,0Q`!!%0"`FQ9Q!!N
+(M3!!!,-!!!!!!!,HD`!!"K4`FQ9Q!!PH[`!!!,3!!!!!!!,NI`!!#5C`FQ9Q!!M
+Hh!!!!,8!!!!!!!,YT3!!!3G`FQ9Q!!M`h!!!!,B!!!!!!!,ZV!!!!b"`FQ9Q!!L
+N03!!!,F!!!!!!!,ac!!!!"4`FQ9Q!!Mb6J!!!,J!!!!!!!,ai!!!!!T`FQ9Q!!N
+a@!!!!,N!!!!!!!,akJ!!!!a`FQ9Q!!LH1J!!!,S!!!!!!!,apJ!!!!j`FQ9Q!!N
+"f3!!!,X!!!!!!!,b"!!!!3C`FQ9Q!!P`p!!!!,`!!!!!!!,c#J!!!$j`FQ9Q!!P
+Qf!!!!,d!!!!!!!,c5!!!!!j`FQ9Q!!PYDJ!!!,i!!!!!!!,c9J!!!GT`FQ9Q!!N
+#-!!!!,m!!!!!!!,e-!!!!'*`FQ9Q!!ME@!!!!-!!!!!!!!,eNJ!!!"4`FQ9Q!!L
+j4`!!!-%!!!!!!!,eTJ!!!!T`FQ9Q!!Mf$3!!!-)!!!!!!!,eX!!!!!a`FQ9Q!!M
+eDJ!!!--!!!!!!!,e[!!!!-T`FQ9Q!!MfF3!!!-3!!!!!!!,fKJ!!!4K`FQ9Q!!N
+`R`!!!-8!!!!!!!,hRJ!!!+K`FQ9Q!!LqH3!!!-B!!!!!!!,i4J!!!#j`FQ9Q!!L
+3!*S!!!$(!!!!!!!#q(3!!!)-F(*PCJ!)d'B!!!$)!!!!!!!#qS!!!$`!EA4`E!!
+!!!J!!!!!!!!!!!!$0S!!!!B!EA4`F`!!!!J!!!!!!!!!!!!$2)!!!!!3EA4`D3!
+!!!J!!!!!!!!!!!!$2*!!!!!!)'edFf`!!!!)!!!!!!!!!!!!!cb`!!!&e'edE'm
+!!!!)!!!!!!!!!!!!!d+%!!!3a'edCf`!!!2S!!!!!!!!!!!!!e0)!!!!,'e[G'N
+!!!!!!!!!!!!!!!!!!h(U!!!6J&"-Fh3!#,"V!!!!b3!!!!!!!&LS!!!#,'e`FfN
+!!!2S!!!!!!!!!!!!!fMk!!!!%'ecG(!!!!!#!!!!!!!!!!!!!fN+!!!!%'ecG(!
+!!!!&!!!!!!!!!!!!!&V8!!!!+'ecG'N!!!2S!!!!!!!!!!!!!fP#!!!!+'ecG'N
+!!!!!!!!!!!!!!!!!!&Vm!!!!$'eKE'`!!!!!!!!!!!!!!!!!!fE1!!!!a'eKF'`
+!!!!!!!!!!!!!!!$B03!!:
diff --git a/MacOS/Randomizer.cpp b/MacOS/Randomizer.cpp
new file mode 100644
index 0000000000..cceb6bde44
--- /dev/null
+++ b/MacOS/Randomizer.cpp
@@ -0,0 +1,476 @@
+/* 
+------- Strong random data generation on a Macintosh (pre - OS X) ------
+		
+--	GENERAL: We aim to generate unpredictable bits without explicit
+	user interaction. A general review of the problem may be found
+	in RFC 1750, "Randomness Recommendations for Security", and some
+	more discussion, of general and Mac-specific issues has appeared
+	in "Using and Creating Cryptographic- Quality Random Numbers" by
+	Jon Callas (www.merrymeet.com/jon/usingrandom.html).
+
+	The data and entropy estimates provided below are based on my
+	limited experimentation and estimates, rather than by any
+	rigorous study, and the entropy estimates tend to be optimistic.
+	They should not be considered absolute.
+
+	Some of the information being collected may be correlated in
+	subtle ways. That includes mouse positions, timings, and disk
+	size measurements. Some obvious correlations will be eliminated
+	by the programmer, but other, weaker ones may remain. The
+	reliability of the code depends on such correlations being
+	poorly understood, both by us and by potential interceptors.
+
+	This package has been planned to be used with OpenSSL, v. 0.9.5.
+	It requires the OpenSSL function RAND_add. 
+
+--	OTHER WORK: Some source code and other details have been
+	published elsewhere, but I haven't found any to be satisfactory
+	for the Mac per se:
+
+	* The Linux random number generator (by Theodore Ts'o, in
+	  drivers/char/random.c), is a carefully designed open-source
+	  crypto random number package. It collects data from a variety
+	  of sources, including mouse, keyboard and other interrupts.
+	  One nice feature is that it explicitly estimates the entropy
+	  of the data it collects. Some of its features (e.g. interrupt
+	  timing) cannot be reliably exported to the Mac without using
+	  undocumented APIs.
+
+	* Truerand by Don P. Mitchell and Matt Blaze uses variations
+	  between different timing mechanisms on the same system. This
+	  has not been tested on the Mac, but requires preemptive
+	  multitasking, and is hardware-dependent, and can't be relied
+	  on to work well if only one oscillator is present.
+
+	* Cryptlib's RNG for the Mac (RNDMAC.C by Peter Gutmann),
+	  gathers a lot of information about the machine and system
+	  environment. Unfortunately, much of it is constant from one
+	  startup to the next. In other words, the random seed could be
+	  the same from one day to the next. Some of the APIs are
+	  hardware-dependent, and not all are compatible with Carbon (OS
+	  X). Incidentally, the EGD library is based on the UNIX entropy
+	  gathering methods in cryptlib, and isn't suitable for MacOS
+	  either.
+
+	* Mozilla (and perhaps earlier versions of Netscape) uses the
+	  time of day (in seconds) and an uninitialized local variable
+	  to seed the random number generator. The time of day is known
+	  to an outside interceptor (to within the accuracy of the
+	  system clock). The uninitialized variable could easily be
+	  identical between subsequent launches of an application, if it
+	  is reached through the same path.
+
+	* OpenSSL provides the function RAND_screen(), by G. van
+	  Oosten, which hashes the contents of the screen to generate a
+	  seed. This is not useful for an extension or for an
+	  application which launches at startup time, since the screen
+	  is likely to look identical from one launch to the next. This
+	  method is also rather slow.
+
+	* Using variations in disk drive seek times has been proposed
+	  (Davis, Ihaka and Fenstermacher, world.std.com/~dtd/;
+	  Jakobsson, Shriver, Hillyer and Juels,
+	  www.bell-labs.com/user/shriver/random.html). These variations
+	  appear to be due to air turbulence inside the disk drive
+	  mechanism, and are very strongly unpredictable. Unfortunately
+	  this technique is slow, and some implementations of it may be
+	  patented (see Shriver's page above.) It of course cannot be
+	  used with a RAM disk.
+
+--	TIMING: On the 601 PowerPC the time base register is guaranteed
+	to change at least once every 10 addi instructions, i.e. 10
+	cycles. On a 60 MHz machine (slowest PowerPC) this translates to
+	a resolution of 1/6 usec. Newer machines seem to be using a 10
+	cycle resolution as well.
+	
+	For 68K Macs, the Microseconds() call may be used. See Develop
+	issue 29 on the Apple developer site
+	(developer.apple.com/dev/techsupport/develop/issue29/minow.html)
+	for information on its accuracy and resolution. The code below
+	has been tested only on PowerPC based machines.
+
+	The time from machine startup to the launch of an application in
+	the startup folder has a variance of about 1.6 msec on a new G4
+	machine with a defragmented and optimized disk, most extensions
+	off and no icons on the desktop. This can be reasonably taken as
+	a lower bound on the variance. Most of this variation is likely
+	due to disk seek time variability. The distribution of startup
+	times is probably not entirely even or uncorrelated. This needs
+	to be investigated, but I am guessing that it not a majpor
+	problem. Entropy = log2 (1600/0.166) ~= 13 bits on a 60 MHz
+	machine, ~16 bits for a 450 MHz machine.
+
+	User-launched application startup times will have a variance of
+	a second or more relative to machine startup time. Entropy >~22
+	bits.
+
+	Machine startup time is available with a 1-second resolution. It
+	is predictable to no better a minute or two, in the case of
+	people who show up punctually to work at the same time and
+	immediately start their computer. Using the scheduled startup
+	feature (when available) will cause the machine to start up at
+	the same time every day, making the value predictable. Entropy
+	>~7 bits, or 0 bits with scheduled startup.
+
+	The time of day is of course known to an outsider and thus has 0
+	entropy if the system clock is regularly calibrated.
+
+--	KEY TIMING: A  very fast typist (120 wpm) will have a typical
+	inter-key timing interval of 100 msec. We can assume a variance
+	of no less than 2 msec -- maybe. Do good typists have a constant
+	rhythm, like drummers? Since what we measure is not the
+	key-generated interrupt but the time at which the key event was
+	taken off the event queue, our resolution is roughly the time
+	between process switches, at best 1 tick (17 msec). I  therefore
+	consider this technique questionable and not very useful for
+	obtaining high entropy data on the Mac.
+
+--	MOUSE POSITION AND TIMING: The high bits of the mouse position
+	are far from arbitrary, since the mouse tends to stay in a few
+	limited areas of the screen. I am guessing that the position of
+	the mouse is arbitrary within a 6 pixel square. Since the mouse
+	stays still for long periods of time, it should be sampled only
+	after it was moved, to avoid correlated data. This gives an
+	entropy of log2(6*6) ~= 5 bits per measurement.
+
+	The time during which the mouse stays still can vary from zero
+	to, say, 5 seconds (occasionally longer). If the still time is
+	measured by sampling the mouse during null events, and null
+	events are received once per tick, its resolution is 1/60th of a
+	second, giving an entropy of log2 (60*5) ~= 8 bits per
+	measurement. Since the distribution of still times is uneven,
+	this estimate is on the high side.
+
+	For simplicity and compatibility across system versions, the
+	mouse is to be sampled explicitly (e.g. in the event loop),
+	rather than in a time manager task.
+
+--	STARTUP DISK TOTAL FILE SIZE: Varies typically by at least 20k
+	from one startup to the next, with 'minimal' computer use. Won't
+	vary at all if machine is started again immediately after
+	startup (unless virtual memory is on), but any application which
+	uses the web and caches information to disk is likely to cause
+	this much variation or more. The variation is probably not
+	random, but I don't know in what way. File sizes tend to be
+	divisible by 4 bytes since file format fields are often
+	long-aligned. Entropy > log2 (20000/4) ~= 12 bits.
+	
+--	STARTUP DISK FIRST AVAILABLE ALLOCATION BLOCK: As the volume
+	gets fragmented this could be anywhere in principle. In a
+	perfectly unfragmented volume this will be strongly correlated
+	with the total file size on the disk. With more fragmentation
+	comes less certainty. I took the variation in this value to be
+	1/8 of the total file size on the volume.
+
+--	SYSTEM REQUIREMENTS: The code here requires System 7.0 and above
+	(for Gestalt and Microseconds calls). All the calls used are
+	Carbon-compatible.
+*/
+
+/*------------------------------ Includes ----------------------------*/
+
+#include "Randomizer.h"
+
+// Mac OS API
+#include <Files.h>
+#include <Folders.h>
+#include <Events.h>
+#include <Processes.h>
+#include <Gestalt.h>
+#include <Resources.h>
+#include <LowMem.h>
+
+// Standard C library
+#include <stdlib.h>
+#include <math.h>
+
+/*---------------------- Function declarations -----------------------*/
+
+// declared in OpenSSL/crypto/rand/rand.h
+extern "C" void RAND_add (const void *buf, int num, double entropy);
+
+unsigned long GetPPCTimer (bool is601);	// Make it global if needed
+					// elsewhere
+
+/*---------------------------- Constants -----------------------------*/
+
+#define kMouseResolution 6		// Mouse position has to differ
+					// from the last one by this
+					// much to be entered
+#define kMousePositionEntropy 5.16	// log2 (kMouseResolution**2)
+#define kTypicalMouseIdleTicks 300.0	// I am guessing that a typical
+					// amount of time between mouse
+					// moves is 5 seconds
+#define kVolumeBytesEntropy 12.0	// about log2 (20000/4),
+					// assuming a variation of 20K
+					// in total file size and
+					// long-aligned file formats.
+#define kApplicationUpTimeEntropy 6.0	// Variance > 1 second, uptime
+					// in ticks  
+#define kSysStartupEntropy 7.0		// Entropy for machine startup
+					// time
+
+
+/*------------------------ Function definitions ----------------------*/
+
+CRandomizer::CRandomizer (void)
+{
+	long	result;
+	
+	mSupportsLargeVolumes =
+		(Gestalt(gestaltFSAttr, &result) == noErr) &&
+		((result & (1L << gestaltFSSupports2TBVols)) != 0);
+	
+	if (Gestalt (gestaltNativeCPUtype, &result) != noErr)
+	{
+		mIsPowerPC = false;
+		mIs601 = false;
+	}
+	else
+	{
+		mIs601 = (result == gestaltCPU601);
+		mIsPowerPC = (result >= gestaltCPU601);
+	}
+	mLastMouse.h = mLastMouse.v = -10;	// First mouse will
+						// always be recorded
+	mLastPeriodicTicks = TickCount();
+	GetTimeBaseResolution ();
+	
+	// Add initial entropy
+	AddTimeSinceMachineStartup ();
+	AddAbsoluteSystemStartupTime ();
+	AddStartupVolumeInfo ();
+	AddFiller ();
+}
+
+void CRandomizer::PeriodicAction (void)
+{
+	AddCurrentMouse ();
+	AddNow (0.0);	// Should have a better entropy estimate here
+	mLastPeriodicTicks = TickCount();
+}
+
+/*------------------------- Private Methods --------------------------*/
+
+void CRandomizer::AddCurrentMouse (void)
+{
+	Point mouseLoc;
+	unsigned long lastCheck;	// Ticks since mouse was last
+					// sampled
+
+#if TARGET_API_MAC_CARBON
+	GetGlobalMouse (&mouseLoc);
+#else
+	mouseLoc = LMGetMouseLocation();
+#endif
+	
+	if (labs (mLastMouse.h - mouseLoc.h) > kMouseResolution/2 &&
+	    labs (mLastMouse.v - mouseLoc.v) > kMouseResolution/2)
+		AddBytes (&mouseLoc, sizeof (mouseLoc),
+				kMousePositionEntropy);
+	
+	if (mLastMouse.h == mouseLoc.h && mLastMouse.v == mouseLoc.v)
+		mMouseStill ++;
+	else
+	{
+		double entropy;
+		
+		// Mouse has moved. Add the number of measurements for
+		// which it's been still. If the resolution is too
+		// coarse, assume the entropy is 0.
+
+		lastCheck = TickCount() - mLastPeriodicTicks;
+		if (lastCheck <= 0)
+			lastCheck = 1;
+		entropy = log2l
+			(kTypicalMouseIdleTicks/(double)lastCheck);
+		if (entropy < 0.0)
+			entropy = 0.0;
+		AddBytes (&mMouseStill, sizeof (mMouseStill), entropy);
+		mMouseStill = 0;
+	}
+	mLastMouse = mouseLoc;
+}
+
+void CRandomizer::AddAbsoluteSystemStartupTime (void)
+{
+	unsigned long	now;		// Time in seconds since
+					// 1/1/1904
+	GetDateTime (&now);
+	now -= TickCount() / 60;	// Time in ticks since machine
+					// startup
+	AddBytes (&now, sizeof (now), kSysStartupEntropy);
+}
+
+void CRandomizer::AddTimeSinceMachineStartup (void)
+{
+	AddNow (1.5);			// Uncertainty in app startup
+					// time is > 1.5 msec (for
+					// automated app startup).
+}
+
+void CRandomizer::AddAppRunningTime (void)
+{
+	ProcessSerialNumber PSN;
+	ProcessInfoRec		ProcessInfo;
+	
+	ProcessInfo.processInfoLength = sizeof (ProcessInfoRec);
+	ProcessInfo.processName = nil;
+	ProcessInfo.processAppSpec = nil;
+	
+	GetCurrentProcess (&PSN);
+	GetProcessInformation (&PSN, &ProcessInfo);
+
+	// Now add the amount of time in ticks that the current process
+	// has been active
+
+	AddBytes (&ProcessInfo, sizeof (ProcessInfoRec),
+			kApplicationUpTimeEntropy);
+}
+
+void CRandomizer::AddStartupVolumeInfo (void)
+{
+	short			vRefNum;
+	long			dirID;
+	XVolumeParam	pb;
+	OSErr			err;
+	
+	if (!mSupportsLargeVolumes)
+		return;
+		
+	FindFolder (kOnSystemDisk, kSystemFolderType, kDontCreateFolder,
+			&vRefNum, &dirID);
+	pb.ioVRefNum = vRefNum;
+	pb.ioCompletion = 0;
+	pb.ioNamePtr = 0;
+	pb.ioVolIndex = 0;
+	err = PBXGetVolInfoSync (&pb);
+	if (err != noErr)
+		return;
+		
+	// Base the entropy on the amount of space used on the disk and
+	// on the next available allocation block. A lot else might be
+	// unpredictable, so might as well toss the whole block in. See
+	// comments for entropy estimate justifications.
+
+	AddBytes (&pb, sizeof (pb),
+		kVolumeBytesEntropy +
+		log2l (((pb.ioVTotalBytes.hi - pb.ioVFreeBytes.hi)
+				* 4294967296.0D +
+			(pb.ioVTotalBytes.lo - pb.ioVFreeBytes.lo))
+				/ pb.ioVAlBlkSiz - 3.0));
+}
+
+/*
+	On a typical startup CRandomizer will come up with about 60
+	bits of good, unpredictable data. Assuming no more input will
+	be available, we'll need some more lower-quality data to give
+	OpenSSL the 128 bits of entropy it desires. AddFiller adds some
+	relatively predictable data into the soup.
+*/
+
+void CRandomizer::AddFiller (void)
+{
+	struct
+	{
+		ProcessSerialNumber psn;	// Front process serial
+						// number
+		RGBColor	hiliteRGBValue;	// User-selected
+						// highlight color
+		long		processCount;	// Number of active
+						// processes
+		long		cpuSpeed;	// Processor speed
+		long		totalMemory;	// Total logical memory
+						// (incl. virtual one)
+		long		systemVersion;	// OS version
+		short		resFile;	// Current resource file
+	} data;
+	
+	GetNextProcess ((ProcessSerialNumber*) kNoProcess);
+	while (GetNextProcess (&data.psn) == noErr)
+		data.processCount++;
+	GetFrontProcess (&data.psn);
+	LMGetHiliteRGB (&data.hiliteRGBValue);
+	Gestalt (gestaltProcClkSpeed, &data.cpuSpeed);
+	Gestalt (gestaltLogicalRAMSize, &data.totalMemory);
+	Gestalt (gestaltSystemVersion, &data.systemVersion);
+	data.resFile = CurResFile ();
+	
+	// Here we pretend to feed the PRNG completely random data. This
+	// is of course false, as much of the above data is predictable
+	// by an outsider. At this point we don't have any more
+	// randomness to add, but with OpenSSL we must have a 128 bit
+	// seed before we can start. We just add what we can, without a
+	// real entropy estimate, and hope for the best.
+
+	AddBytes (&data, sizeof(data), 8.0 * sizeof(data));
+	AddCurrentMouse ();
+	AddNow (1.0);
+}
+
+//-------------------  LOW LEVEL ---------------------
+
+void CRandomizer::AddBytes (void *data, long size, double entropy)
+{
+	RAND_add (data, size, entropy * 0.125);	// Convert entropy bits
+						// to bytes
+}
+
+void CRandomizer::AddNow (double millisecondUncertainty)
+{
+	long time = SysTimer();
+	AddBytes (&time, sizeof (time), log2l (millisecondUncertainty *
+			mTimebaseTicksPerMillisec));
+}
+
+//----------------- TIMING SUPPORT ------------------
+
+void CRandomizer::GetTimeBaseResolution (void)
+{	
+#ifdef __powerc
+	long speed;
+	
+	// gestaltProcClkSpeed available on System 7.5.2 and above
+	if (Gestalt (gestaltProcClkSpeed, &speed) != noErr)
+		// Only PowerPCs running pre-7.5.2 are 60-80 MHz
+		// machines.
+		mTimebaseTicksPerMillisec =  6000.0D;
+	// Assume 10 cycles per clock update, as in 601 spec. Seems true
+	// for later chips as well.
+	mTimebaseTicksPerMillisec = speed / 1.0e4D;
+#else
+	// 68K VIA-based machines (see Develop Magazine no. 29)
+	mTimebaseTicksPerMillisec = 783.360D;
+#endif
+}
+
+unsigned long CRandomizer::SysTimer (void)	// returns the lower 32
+						// bit of the chip timer
+{
+#ifdef __powerc
+	return GetPPCTimer (mIs601);
+#else
+	UnsignedWide usec;
+	Microseconds (&usec);
+	return usec.lo;
+#endif
+}
+
+#ifdef __powerc
+// The timebase is available through mfspr on 601, mftb on later chips.
+// Motorola recommends that an 601 implementation map mftb to mfspr
+// through an exception, but I haven't tested to see if MacOS actually
+// does this. We only sample the lower 32 bits of the timer (i.e. a
+// few minutes of resolution)
+
+asm unsigned long GetPPCTimer (register bool is601)
+{
+	cmplwi	is601, 0	// Check if 601
+	bne	_601		// if non-zero goto _601
+	mftb  	r3		// Available on 603 and later.
+	blr			// return with result in r3
+_601:
+	mfspr r3, spr5  	// Available on 601 only.
+				// blr inserted automatically
+}
+#endif
diff --git a/MacOS/Randomizer.h b/MacOS/Randomizer.h
new file mode 100644
index 0000000000..565537b15d
--- /dev/null
+++ b/MacOS/Randomizer.h
@@ -0,0 +1,43 @@
+
+//	Gathers unpredictable system data to be used for generating
+//	random bits
+
+#include <MacTypes.h>
+
+class CRandomizer
+{
+public:
+	CRandomizer (void);
+	void PeriodicAction (void);
+	
+private:
+
+	// Private calls
+
+	void		AddTimeSinceMachineStartup (void);
+	void		AddAbsoluteSystemStartupTime (void);
+	void		AddAppRunningTime (void);
+	void		AddStartupVolumeInfo (void);
+	void		AddFiller (void);
+
+	void		AddCurrentMouse (void);
+	void		AddNow (double millisecondUncertainty);
+	void		AddBytes (void *data, long size, double entropy);
+	
+	void		GetTimeBaseResolution (void);
+	unsigned long	SysTimer (void);
+
+	// System Info	
+	bool		mSupportsLargeVolumes;
+	bool		mIsPowerPC;
+	bool		mIs601;
+	
+	// Time info
+	double		mTimebaseTicksPerMillisec;
+	unsigned long	mLastPeriodicTicks;
+	
+	// Mouse info
+	long		mSamplePeriod;
+	Point		mLastMouse;
+	long		mMouseStill;
+};
diff --git a/MacOS/TODO b/MacOS/TODO
new file mode 100644
index 0000000000..903eb133de
--- /dev/null
+++ b/MacOS/TODO
@@ -0,0 +1,18 @@
+-------------------------------------------------------------------
+Verify server certificate
+-------------------------------------------------------------------
+Currently omitted from the project:
+
+	crypto/tmdiff.c
+	crypto/bio/bss_conn.c
+	crypto/bio/b_sock.c
+	crypto/bio/bss_acpt.c
+	crypto/bio/bss_log.h
+
+-------------------------------------------------------------------
+Build libraries to link with...
+-------------------------------------------------------------------
+Port openssl application.
+-------------------------------------------------------------------
+BN optimizations (currently PPC version is compiled with BN_LLONG)
+-------------------------------------------------------------------
diff --git a/MacOS/_MWERKS_GUSI_prefix.h b/MacOS/_MWERKS_GUSI_prefix.h
new file mode 100644
index 0000000000..fe6b5387d6
--- /dev/null
+++ b/MacOS/_MWERKS_GUSI_prefix.h
@@ -0,0 +1,9 @@
+#include <MacHeaders.h>
+#define B_ENDIAN
+#ifdef __POWERPC__
+#pragma longlong on
+#endif
+#if 1
+#define MAC_OS_GUSI_SOURCE
+#endif
+#define MONOLITH
diff --git a/MacOS/_MWERKS_prefix.h b/MacOS/_MWERKS_prefix.h
new file mode 100644
index 0000000000..2189da753b
--- /dev/null
+++ b/MacOS/_MWERKS_prefix.h
@@ -0,0 +1,9 @@
+#include <MacHeaders.h>
+#define B_ENDIAN
+#ifdef __POWERPC__
+#pragma longlong on
+#endif
+#if 0
+#define MAC_OS_GUSI_SOURCE
+#endif
+#define MONOLITH
diff --git a/MacOS/buildinf.h b/MacOS/buildinf.h
new file mode 100644
index 0000000000..90875b6e2f
--- /dev/null
+++ b/MacOS/buildinf.h
@@ -0,0 +1,5 @@
+#ifndef MK1MF_BUILD
+#  define CFLAGS	"-DB_ENDIAN"
+#  define PLATFORM	"macos"
+#  define DATE		"Sun Feb 27 19:44:16 MET 2000"
+#endif
diff --git a/MacOS/mklinks.as.hqx b/MacOS/mklinks.as.hqx
new file mode 100644
index 0000000000..fe3e7d53da
--- /dev/null
+++ b/MacOS/mklinks.as.hqx
@@ -0,0 +1,820 @@
+(This file must be converted with BinHex 4.0)
+
+:#QeVE'PZDh-ZBA-!39"36'&`E(3J!!!!!!!!!*LiI6m!!!!!!3!!!*G#!!#@3J!
+!!AChFQPd!!!!K3)"!3m(Fh9`F'pbG!!!!)B#!3%$"(0eFQ8!!!#(!J-%"!3("3C
+cGfPdBfJ!!!#)!J%"#39cH@jMD!!!!)N#"J%$!`-&"3-'FhPcG'9Y!!!!LJ)&"3)
+%!J8("!-#!`4dB@*X!!!!L`))!3-$!`-$!`-$"(4PE'`!!!#-!J)"#38$G'KP!!!
+!M3))(J)@!Ki#!J))!K)#!`)B!Kd%G'KPE3!!!)i#!J%&#`4dD'9j!!!!M`)#!J)
+#$3TdD(*[G@GSEh9d!!!!N!!#!3%&"(4TCQB!!!#4!J%"!`4dD@eP!!!!NJ)"!JS
+#!h4T!!!!'N!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!H!!!!!!!#!!!!!!
+!!!!!!!!!!!!!rrrrr`!!!$3!!!!N!!!!!#"[!!5JAb"[!!5K++!M6R9$9'mJFR9
+Z)(4SDA-JFf0bDA"d)'&`F'aTBf&dD@pZ,#"jEh8JEA9cG#"QDA*cG#"TER0dB@a
+X)%&`F'aP8f0bDA"d,J!!!)C8D'Pc)(0MFQP`G#"MFQ9KG'9c)#iZ,fPZBfaeC'8
+[Eh"PER0cE#"KEQ3JCQPXE(-JDA3JGfPdD#"ZC@0PFh0KFRNJB@aTBA0PFbi0$8P
+d)'eTCfKd)(4KDf8JB5"hD'PXC5"dEb"MEfe`E'9dC5"cEb"`E'9KFf8JBQ8JF'&
+dD@9ZG$SY+3!!!#S!!J!!!!!!$3!+!"!!!!!-!!!!!!!!!!!!63!0!!S!%!%!!!`
+!!!!!!!!!!!!B!!!!+!!!!!!!!!!)!!!!)!#N2c`!!DR`!!!!l!!!!!&19[ri,`0
+f!#m$-$bKVDG'*KmY52ri,`-`2+LITdBQ(b!ZrrLa`'FJ,`-J2'0`ER4"l[rm)NL
+KV5+)*Kp+3'B)5Ulrr'F#GJ%3!bBZrr41ANje6PB!!#m-@Bm[2%j29%Nr2!#!U"m
+SAb!-CJK`!cm!UFKJ+#m-UC)J9#!)d+J!'#&!!"JJ9#!)d+J!(#&!!"a9Mbm8)&q
+JAMk!9%mSE[rm6Pj1G8j@!!![$%kkre4+!'FU@Bm[2'&`E(3[2(0MF(4`)DJU+&m
+J$'F5@Bm[$#mm!!!!!A!!U#UTp&K26VVrG#KZrra1ANje!!!!('&`E(3!!!!"4P*
+&4J!!!!!!J%P$6L-!!!!!!*B!!!!"!!!!!!G"8&"-!!!!!!!"!!!"!!!!!S!!!!4
+!!!"i)!!!K"!!!3))!!)#"!!%"!)!#!J"!"!8!)!J)J"!3%%!)2#!J"#*!%!)KJ!
+J")3!)!*!!"!")!!3!K!!%!3)!"!)"!!J%!)!3#!"!)"!!S%!J!5#!3!)4!)!#%J
+%!!KB#!!%C"!!!m)J!!!"3!!!!)!!!!%!!!!$J!!!"m!!!(rJ!!$rm!!"rrJ!!rr
+m!!IrrJ!2rrm!(rrrJ$rrrm"rrrrJrrrrm2rrrrMrrrrmrrrrrRrrrrmrrrrq(rr
+rr!rrrrJ(rrr`!rrri!(rrm!$rrq!"rrr!!rrrJ!2rr`!$rri!!IRm!!$`q!!!!(
+!!!!!J!!!!!)!!!!!!!!!!!m!!!!!!!!!!!!!!!!!!!$`m!!!!!!!!!!!!!!!!!!
+2!!m!!!!!!!!!!!!!!!rrm!!!m!!!!!!!!!!!!!$`c0m!!!m!!!!!!!!!!!!2!!c
+-m!!!m!!!!!!!!!!!m!$-cI!!!!m!!!!!!!!!$`!-c0m!!!!!m!!!!!!!!2!!c-h
+`!!!!!!m!!!!!!!m!$-cIh`!!!!!!m!!!!!$`!-c0rGh`!!!!!!m!!!!2!!c-hph
+-h`!!!!!!m!!!rrr-cIhF`-h`!!!!!!m!!2lFr0rGc!`-h`!!!!!!m!$pc-rph-$
+!`-h`!!!!!!m!r-`2cF`-$!!-r3!!!!!!m!m!`-c!`-!!$0m!!!!!$-m!m!`-$!`
+!!-cI!!!!!-c`!!m!`-$!!!`-h`!!!!c2!!!!m!`-!!$!c0m!!!$-m!!!!!m!`!!
+-$-hm!!!-c`!!!!!!m!!!`-cIc!!!c2!!!!!!!!m!$!c0r-`!$-m!!!!!!!$pm-$
+-hmc!!-c`!!!!!!!2hI`-cIc-!!c2!!!!!!!!rGc2c0r-`!$-m!!!!!!!!2h-cmh
+mc!!-c`!!!!!!!!$mc!rIr-!!c2!!!!!!!!!!$m$2m!r-$-m!!!!!!!!!!!$rr`!
+!r-c`!!!!!!!!!!!!!!!!!!r2!!!!!!!!!!!!!!!!!!!!m!!!!!!!!!!!!!"!!B!
+13"%J)4"##18%Q)+3!%&!)5!L%%3BL#83*L!G3!#!!B!2`"rJ2r"rq2rmrrlrrhr
+r2riIr"ri2r!ri"h!!)!!!!#!!!!!$r!!!!!!!2r`$`!!!!!2$!m!m!!!!2$!c`!
+2!!!2$!c`!!$`!2r`cpm!!!m!rGrpc2!!!2$p$p`-c`!!$`m!`-$0m!$2!2!-$-h
+`$2!!$`$-hm$2!!!2m-hm$2!!!2h2hm$2!!!!r-rm$2!!!!!2r`r2!!!!!!!!!2!
+!!!!!!!#D8f0bDA"d)%&`F'aTBf&dD@pZ$3e8D'Pc)(0MFQP`G#"MFQ9KG'9c)#i
+Z,fPZBfaeC'8[Eh"PER0cE#"KEQ3JCQPXE(-JDA3JGfPdD#"ZC@0PFh0KFRNJB@a
+TBA0PFbi0$8Pd)'eTCfKd)(4KDf8JB5"hD'PXC5"dEb"MEfe`E'9dC5"cEb"`E'9
+KFf8JBQ8JF'&dD@9ZG$SY+3!!!")!!J!!!!!!!!!!!!%!"J!'%iN!!!!+@1!!!b!
+!!!-J!!!!!"3!+`!(!Cm#@!!V!!F"f!*B!!!!!3!!M`C'BA0N98&6)$%Z-6!a,M%
+`$J!!!!32rrm!!3!#!!-"rrm!!!d!!3!"D`!!!!!!!!!%!J!%!!)!"3!'$3!&!!*
+X!!)!!!U`!!IrrJd!"`!#6`!!!!!+X!!)!!N0!!J!!@X!!!!%#Um!#J)!#J!#!!X
+!$!d!#`!#E!!#!!3!"2rprr`"rrd!!!(rr!!!!J!-!!)!$3!1$3!0!!*X!!%!"!!
+%rrX!$`(rq`!!$!!2!&N!8b"(CA3JF'&dD#"dEb"dD'Pc)%&`F'aP8f0bDA"d)'&
+`F'aPG$XJGA0P)'Pd)(4[)'C[FQdJG'KP)("KG'JJG'mJG'KP)'PZBfaeC'8JCQp
+XC'9b!!)!!!)!$J!#!"!!%3d!%!!#E!!"!!3!"2rk!")"rrS!!!`!%J!Q!#!JB@j
+N)(4SC5"[G'KPFL"bC@aPGQ&ZG#"QEfaNCA*c,J!#!!!#!"%!!J!6!"30!"-!!R-
+!!!!%!"%!&3!@$3!9!!*M!!!!"!!1!"F!'!d!&`!#E!!&!!3!$!!CrrN0!"N!!Qi
+!!!!%!!`!'J!E$3!D!!)d!!!!"3!-rrJ!(!Vrq!!%#Q0[BQS0!"`!!Q`!"3!'!!X
+!(Irh$3!G!!0*!!)!"J!,rrB!([re#[rf!"JZC@&bFfCQC(*KE'Pc!!!!!!!!)!"
+KCQ4b$3!H!!"Q!!!!"J!(![re!!!"rrF!!!d!'`!"E3!!!!3!"3!I$`!I!6J)ER9
+XE!!!!!!!!Gq!rrm!!!!A"NCTEQ4PFJ!!(`*[Me!!ASfm!Qq,i!"HA[!!I&M!!!!
+!!!!!'mi!!JN#!Qq-1!!!Kb%#Ei`J!!!!!%C14&*038e"3e-!!"%!B@aTF`!!!!!
+!fJ!#!!!-6@&MD@jdEh0S)%K%!!!!!!!!!!!!!!!!!!!!XSA5h%*%!!!!!!!A"NC
+TEQ4PFJ!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!!!!!!!!!!!!!!!!!!!!!3rLc#@a!4Nj%8Ne"3e2rrrrr!!!!!!!!!!!!!!!!!!!
+!!!!!!!e6HA0dC@dJ4QpXC'9b!!!"!!3!!!!A!!)!)8eKBfPZG'pcD#")4$T6HA0
+dC@dJ4QpXC'9b1NCTEQ4PFJ$rr`!!!Irj!!!0!"J!!@d!!!!-!!hrp!Vrp!!%#Q0
+dH(30!"B!!@m!!!!!!!$rm`[rm`!5-!!(G'KPF'&dD!!(G'KP8'&dD!)!&!!#!#!
+!)3d!)!!#E!!#!")!%[rbrr%"rr)!!!(rm3!!!J!K!!)!)J!M$3!L!!*b!!!!%J!
+A!#3!*3d!*!!#EJ!$!")!&3!Q!#F0!#B!!6%!!!!6!"Arm!Vrm!!%#R4iC'`0!#F
+!!6%!!!!5!"2rl`Vrl`!%#Q&cBh)0!#8!!@m!!!!!!!$rlJ[rlJ!F-!!-G'KPEfa
+NC'9XD@ec!!adD'92E'4%C@aTEA-#!#-!!J!S!#N0!#J!!R)!!!!B!"d!+J!V$3!
+U!!&Y!!!!'!!C!#`-!#`!"`!"1J!#!!!0!#X!!Qi!!`!!!!!!,3!Z$3!Y!!%a!!!
+!'J!Frqd+rqd!"!TdH'4X$3!Z!!%a!!!!'3!Drq`+rq`!"!TKFf0b!J!T!!)!,`!
+`$3![!!*X!!)!(J!Hrq[rkJ(rk`!!!IrU!!!#!$!!!J!a!$)0!$%!!R)!!!!H!#X
+!-`!d$3!c!!*X!!8!(J!T!$Ark3d!03!#EJ!!!"i!+3!f!$F0!$B!!cF"!!!I!#R
+rk!!i!$N+rqJ!"!TMDA4Y$3!i!!&Y!!!!)`!PrqF$rqF!!3d!13!"E3!!!#B!+2r
+Q!rrQrrd0!$F!!@m!!!!H!"rrj3[rj3!5-!!(G'KPF'&dD!!(G'KP8'&dD!(rk3!
+!$3!d!!&[!!!!!!!!rq3,rq3!)$!!$R4SCA"bEfTPBh4`BA4S!!jdD'93FQpUC@0
+d8'&dD!)!-J!#!$S!1`d!1J!#FJ!!!#`!1`!m!$d0!$`!!Q-!!!!X!$N!2J!r$3!
+q!!*X!!8!,!!h!%$ri`d!3!!#EJ!!!#`!0`""!%)0!%%!!cF"!!!Y!$IriJ"$!%3
++rq)!"!TMDA4Y$3"$!!&Y!!!!-3!crq%$rq%!!3d!4!!"E3!!!$3!0[rJ!rrJrri
+0!%)!!@m!!!!X!#hrh`[rh`!5-!!(G'KPF'&dD!!(G'KP8'&dD!(ri`!!$3!r!!&
+Y!!!!0`!irpi+rpi!"!T849K8$3!p!!&[!!!!!!!!rpd,rpd!&M!!#A4SC@ePF'&
+dD!!*G'KP6@93BA4S!J!l!!)!43"'$3"&!!*X!!)!2!!mrpcrf`(rh!!!!IrE!!!
+#!%B!!J"(!%J0!%F!!R)!!!!m!%8!53"+$3"*!!*M!!!!2!""!%X!6!d!5`!#BJ!
+!!$`!2`"0!%i0!%d!!@m!!!!m!$hrfJ[rfJ!J-!!1G'KPF(*[DQ9MG("KG'J!$R4
+SC9"bEfTPBh43BA4S$3"1!!&Y!!!!23!q!%m-!%m!$3!(D@jME(9NC3!#!!!0!%`
+!!@d!!!!r!%$rf3Vrf3!%#P4&@&30!%S!!@m!!!!!!!$rf![rf!!Q-!!4D@jME(9
+NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S!J")!!)!8!"4$3"3!!*b!!!
+!4J"9!&)!8`d!8J!#B`!!!%B!83"8!&80!&3!!Q)!!!"'!%m!9J"A$3"@!!*L!!!
+!4J",!&J!@3d!@!!"E`!!!%B!4rrA#rrA!#!`!!jdD'9`FQpUC@0dF'&dD!!1G'K
+P8(*[DQ9MG&"KG'J0!&N!!@d!!!"(!%S!@J`!@J!0!!GTEQ0XG@4P!!)!!!d!9`!
+"E3!!!%X!6J"E$!"E!!d!"fp`C@jcFf`!!J!!$3"9!!&Y!!!!6`"3rpB+rpB!"!T
+849K8$3"6!!&[!!!!!!!!rp8,rp8!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
+dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S!J"4!!)!A!"G$3"F!!*b!!!!9J"
+K!&i!A`d!AJ!#B`!!!&B!A3"J!'%0!'!!!Q)!!!"@!&X!BJ"M$3"L!!&[!!!!9J"
+Arp3,rp3!)$!!$R4SCA"bEfTPBh4`BA4S!!jdD'93FQpUC@0d8'&dD!d!B`!"E3!
+!!&F!@J"N$!"N!!`!"Q0bHA"dE`!#!!!0!'%!!@d!!!"E!&crd`Vrd`!%#P4&@&3
+0!&m!!@m!!!!!!!$rdJ[rdJ!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4Qp
+XC'9b8'&dD!)!A3!#!'8!CJd!C3!#FJ!!!')!E3"R!'J0!'F!!Q-!!!"L!'N!D3"
+U$3"T!!*L!!!!BJ"R!'X!E!d!D`!"E`!!!')!Brr4#rr4!#!`!!jdD'9`FQpUC@0
+dF'&dD!!1G'KP8(*[DQ9MG&"KG'J0!'`!!@d!!!"M!'B!E3`!E3!*!!0cFf`!!J!
+!$3"U!!&Y!!!!C`"Srp!+rp!!"!T849K8$3"S!!&[!!!!!!!!rmm,rmm!(M!!$A0
+cE'C[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J#!'B!!J"Z!'m0!'i!!R)!!!"Z!(8
+!F!"a$3"`!!*M!!!!EJ"a!()!F`d!FJ!"E`!!!'i!Err1#rr1!#!`!!jdD'9`FQp
+UC@0dF'&dD!!1G'KP8(*[DQ9MG&"KG'J0!(-!!@d!!!"[!($rc3Vrc3!%#P4&@&3
+0!(%!!@m!!!!!!!$rc![rc!!Q-!!4Eh"PER0cE'C[E'4PFR"KG'J!%@p`C@jcFfa
+'EfaNCA*3BA4S!J"[!!)!G!"e$3"d!!*X!!)!GJ"frm[rbJ(rb`!!!Ir+!!!#!(8
+!!J"f!(F0!(B!!R)!!!"f!(X!H!"j$3"i!!&[!!!!GJ"hrmN,rmN!($!!$(4SC@p
+XC'4PE'PYF`!-G'KP6faN4'9XD@ec$3"j!!*Z!!-!!!!!!(S!H`d!HJ!"-3!!!(J
+!H[r)#[r)!!3+G(KNE!d!H`!"-3!!!(F!H2r(#[r(!!3+BA0MFJ)!G`!#!(`!I3d
+!I!!#E!!#!(`!I2r'rm8"rmB!!!(ra3!!!J"p!!)!IJ"r$3"q!!*X!!%!I!"mrm3
+!J!(ra!!!$!#!!%!!1L"NC@aPG'8JEfaN)'PZBfaeC'8kEh"PER0cE#"QEfaNCA)
+JB@jN)(*PBh*PBA4P)'Pd)'0XC@&ZE(N!!J!!!J"r!!)!J3##$3#"!!*X!!)!I!"
+mrm2r`J(r``!!!Ir#!!!#!))!!J#$!)30!)-!!e%!!!"m!+8!K3#'!)F0!)8!!@X
+!!!"r!*`!L!)!L!!#!)N!LJd!L3!$53!#!(m!N[r"!)[r`!Vr`3!B,QeTFf0cE'0
+d+LSU+J!!!!!!!*!!!#SU+LS0!)X!!Qi!!!"r!)i!M!#0$3#-!!)d!!!!K`#1rlm
+!MJVr[`!%#Q0QEf`0!)i!!@d!!!#+!)d!M``!M`!0!!G[F'9ZFh0X!!)!!!d!M3!
+#0!!!!(m!Krqq!*!!#[qq!!3+BfC[E!d!N!!!!@m!!!#$!)Er[3[r[3!Q-!!4D@j
+ME(9NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S![r!!!!#!)S!!J#4rl`
+0!*%!!dN!!J#6!*crZ`#5rlS+rlX!'#jMEh*PC'9XEbSU+LS!!!!!!!#3!!!U+LS
+U$3#5!!%a!!!!N`#BrlN+rlN!"!TcC@aP![qk!!!#rl`!!!d!KJ!$8J!!!!!!!2q
+irlIrYJVrZ!!B,Q&cBh*PFR)J+LSU+J!!!!!!!*!!!#SU+LS"rlF!!!,rYJ!!$3#
+(!!*X!!%!T!#Nrl8!N`(rY3!!$!#6!"-!$5"TCfj[FQ8JCA*bEh)!!J!!!J#%!!)
+!P!#9$3#8!!*X!!)!TJ#Qrl6rX`(rY!!!!Iqc!!!#!*8!!J#@!*F0!*B!!dN!!J#
+Q!,lrX[qa!*J+rl)!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Iqa!!!'!*J
+!!rq`!*N!QJVrX!!%#QY[Bf`0!*N!!@d!!!#U!+hrV`VrV`!%#Q0QEf`'!*S!!rq
+Z!*[rV3VrVJ!%#QPZFfJ0!*X!!M3!!!#`!,MrV!#F#[qX!!3+BfC[E!d!R!!"E`!
+!!,3!YrqV#rqV!#B`!"&TEQ0XG@4PCQpXC'9bF'&dD!!4D@jME(9NC8C[E'4PFP"
+KG'J'rkd!!!)!P`!#!*d!RJd!R3!#FJ!!!,m!aJ#I!+!0!*m!!Q`"!!#r!-)!SIq
+U$3#K!!%a!!!![`$#rkN+rkN!"!TbFfad!IqU!!!0!+!!!@m!!!!!!!$rU![rU!!
+Z-!!9G'KPEQ9hCQpXC'9bFQ9QCA*PEQ0P!"9dD'91CAG'EfaNCA*5C@CPFQ9ZBf8
+#!*i!!J#L!+-0!+)!!dN!!J$(!-lrT`#NrkB+rkF!'#jYDA0MFfaMG#SU+LS!!!!
+!!!#3!!!U+LSU$3#N!!&[!!!!a`$+rk8,rk8!,M!!&A4SC@jPGfC[E'4PFR*PCQ9
+bC@jMC3!9G'KP6Q9h4QpXC'9b8Q9QCA*PEQ0P![qQ!!!#!+-!!J#P!+B0!+8!!R)
+!!!$2!0`!T`#S$3#R!!&Y!!!!c`$5!+N-!+N!$3!(Eh"PER0cE!!#!!!0!+J!!Qi
+!!!!!!!!!UJ#V$3#U!!%a!!!!e`$Erk3+rk3!"!T`EQ&Y$3#V!!%a!!!!dJ$Ark-
++rk-!"!TcC@aP!J#Q!!)!V!#Y$3#X!!*X!!)!h3$Grk,rS3(rSJ!!!IqK!!!#!+d
+!!J#Z!+m0!+i!!Q`!!3$G!0hrS!#`!IqJ!!!-!,!!(`!C)&0dBA*d)'eKDfPZCb"
+dD'8JB@aTBA0PF`!#!!!#!+m!!J#a!,)0!,%!!dN!!J$G!3ArRrqH!,-+rjm!'#j
+MEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!IqH!!!'!,-!!rqG!,3!Y3VrR3!%#QY
+[Bf`0!,3!!@d!!!$K!16rR!VrR!!%#Q&XD@%'!,8!!rqE!,B!Y`VrQ`!%#QPZFfJ
+0!,B!!M3!!!$R!1rrQJ#i#[qD!!3+BfC[E!d!Z!!"E`!!!1X!l[qC#rqC!$3`!"K
+[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&
+dD!B!Y`!$rjJ!ZIqA#[qB!!3+G'mJ)!d!Z3!#EJ!!!2)!r`#k!,X0!,S!!M3!!!$
+i!2rrPJ#m#[q@!!3+CQPXC3d![!!"E3!!!2X!rJ#p$!#p!"-!$@p`C@jcFfaMEfj
+Q,QJ!!J!!$3#l!!)d!!!!mJ$irj8![JVrP3!%#Q0QEf`0!,i!!@m!!!$f!2IrP![
+rP!!@-!!*G'KPE@9`BA4S!!PdD'90C9"KG'J'rjF!!!)!XJ!#!,m!`!d![`!#E!!
+#!3B""[q6rj)"rj-!!!(rNJ!!!J$!!!)!`3$#$3$"!!*b!!!""J%4!--!a!d!``!
+#BJ!!!3B"$3$&!-B0!-8!!@m!!!%'!3RrN3[rN3!N-!!3Bh*jF(4[CQpXC'9bF'&
+dD!!3Bh*jF(4[4QpXC'9b8'&dD!d!aJ!"E3!!!3N"$!$($!$(!!X!"6TKFfia!!)
+!!!d!a!!"E`!!!!!!!2q3!![rN!!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)!`J!
+#!-J!b3d!b!!$53!#!4)"22q2rii!bJVrM`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!
+!!'jeE'`"rii!!!B!bJ!$rid!b`$-#[q0!!3+DfpME!d!b`!"E3!!!4B"'Iq-#[q
+-!!3+B@aTB3B!c!!$riX!c3$1#[q,!!3+D@jcD!d!c3!#0!!!!4`"*2q+!-m+riS
+!"!TMCQpX$3$2!!&[!!!")!%MriN,riN!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9
+bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J$1!!2rL!$3riF+riJ!"!T
+dEb!J$3$3!!*Z!!!"*`%f!0%!dJd!d3!#0!!!!5m"0[q'!0-+riB!"!TQD@aP$3$
+6!!&Y!!!"-J%e!03-!03!$!!'BA0Z-5jS!!)!!!d!dJ!#0!!!!5F",rq&!08+ri8
+!"!TMCQpX$3$9!!&[!!!"+`%Zri3,ri3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!E
+rK`!!!J$*!!)!eJ$A$3$@!!0*!!)"23&Rri2rJJ$B#[q$!"JZBfpbC@0bC@`U+LS
+U!!!!!!!!N!!!ER9XE!(rJJ!!"J$B!!2rJ3$C!0S+ri%!"!TVEf0X$3$C!!&Y!!!
+"33&%ri!+ri!!"!TKE'PK"J$D!!2rI`$E!0`+rhm!"!TTER0S$3$E!!)d!!!"4`&
+2rhi!h3VrIJ!%#Q0QEf`0!0d!!@m!!!&,!8lrI3[rI3!d-!!BEh"PER0cE'PZBfa
+eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!0`!!rpm!0l
+rH`VrI!!%#R4[)#!0!0i!!Qi!!!&5!@%!h`$J$3$I!!)d!!!"@J&KrhS!i3VrHJ!
+%#QCTE'80!1%!!@d!!!&G!@!!iJ`!iJ!3!!TKFfiaAfeKBbjS!!)!!!d!i!!#0!!
+!!9)"@[pj!1-+rhN!"!TMCQpX$3$M!!&[!!!"9J&CrhJ,rhJ!&$!!#(4PEA"`BA4
+S!!KdC@e`8'&dD!ErH`!!!J$A!!)!j!$P$3$N!!*X!!)"D!&SrhIrGJ(rG`!!!Ip
+f!!!#!18!!J$Q!1F0!1B!!R)!!!&S!A-!k!$T$3$S!!*L!!!"D!&[!1S!k`d!kJ!
+"E`!!!@J"Drpe#rpe!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*
+3BA4S$3$V!!&Y!!!"D`&Z!1`-!1`!#J!%1Q*TE`!#!!!0!1N!!@m!!!!!!!$rG![
+rG!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J$R!!)!l3$Z$3$Y!!0*!!)"G!'Hrh2
+rFJ$[#[pc!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(rFJ!!"J$[!!2rF3$
+`!2%+rh%!"!TVEf0X$3$`!!&Y!!!"H!&lrh!+rh!!"!TKE'PK"J$a!!2rE`$b!2-
++rfm!"!TTER0S$3$b!!)d!!!"IJ''rfi!p!VrEJ!%#Q0QEf`0!23!!@m!!!'#!BA
+rE3[rE3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
+NC8C[E'4PFP"KG'J'!2-!!rpX!2ArD`VrE!!%#R4[)#!0!28!!Qi!!!'*!CJ!pJ$
+h$3$f!!)d!!!"N3'BrfS!q!VrDJ!%#QCTE'80!2J!!@d!!!'8!CF!q3`!q3!,!!9
+LD@mZD!!#!!!0!2F!!M3!!!'*!C(rD3$k#[pT!!3+BfC[E!d!qJ!"E`!!!Bd"N!$
+rD![rD!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[pV!!!#!1i!!J$l!2`0!2X!!Q`
+!!J'I!CrrCrpQ!IpR!!!"rfB!!!)!r!!#!2d!rJd!r3!#FJ!!!Cm"UJ$r!3!0!2m
+!!Q)!!!'I!DB"!3%#$3%"!!&[!!!"R`'Lrf8,rf8!*$!!%'0bHA"dEfC[E'4PFR"
+KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!3)!!@d!!!'L!D8"!``"!`!*!!-kBQB!!J!
+!$3%!!!&[!!!!!!!!rf3,rf3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)!rJ!#!33
+""3d""!!$53!#!DX"eIpMrf)""JVrB`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'j
+eE'`"rf)!!!B""J!$rf%""`%)#[pK!!3+DfpME!d""`!"E3!!!Dm"X[pJ#[pJ!!3
++B@aTB3B"#!!$rem"#3%+#[pI!!3+D@jcD!d"#3!#0!!!!E8"[IpH!3X+rei!"!T
+MCQpX$3%,!!&[!!!"Z3'mred,red!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
+dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J%+!!2rA!%-reX+re`!"!TdEb!
+J$3%-!!*Z!!!"`!(2!3d"$Jd"$3!#0!!!!FJ"crpD!3m+reS!"!TQD@aP$3%2!!&
+Y!!!"b`(1!4!-!4!!%!!+BQa[GfCTFfJZD!!#!!!0!3i!!M3!!!(!!FMr@3%4#[p
+C!!3+BfC[E!d"%3!"E`!!!F3"arpB#rpB!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J
+'reX!!!)""3!#!4)"%`d"%J!#E!!#!GB"e[pAreB"reF!!!(r9J!!!J%6!!)"&!%
+9$3%8!!*b!!!"eJ(K!4B"&`d"&J!#BJ!!!GB"h3%B!4N0!4J!!@m!!!(@!GRr93[
+r93!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"'3!"E3!
+!!GN"h!%D$!%D!!N!!cTLEJ!#!!!0!4F!!@m!!!!!!!$r9![r9!!8-!!)G'9YF("
+KG'J!#(4PEA"3BA4S!J%9!!)"'`%F$3%E!!0*!!)"iJ)-re2r8J%G#[p6!"JZBfp
+bC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(r8J!!"J%G!!2r83%H!4m+re%!"!TVEf0
+X$3%H!!&Y!!!"jJ(Tre!+re!!"!TKE'PK"J%I!!2r6`%J!5%+rdm!"!TTER0S$3%
+J!!)d!!!"l!(drdi")JVr6J!%#Q0QEf`0!5)!!@m!!!(`!I2r63[r63!d-!!BEh"
+PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J
+'!5%!!rp-!52r5`Vr6!!%#R4[)#!0!5-!!Qi!!!(h!JB"*!%P$3%N!!)d!!!"r`)
+'rdS"*JVr5J!%#QCTE'80!5B!!@d!!!)#!J8"*``"*`!+!!4LELjS!!)!!!d"*3!
+#0!!!!IF"rrp*!5J+rdN!"!TMCQpX$3%S!!&[!!!"q`(qrdJ,rdJ!&$!!#(4PEA"
+`BA4S!!KdC@e`8'&dD!Er5`!!!J%F!!)"+3%U$3%T!!*X!!)#$3)0rdIr4J(r4`!
+!!Ip'!!!#!5S!!J%V!5`0!5X!!R)!!!)0!KJ",3%Z$3%Y!!*L!!!#$3)8!5m"-!d
+",`!"E`!!!Jd#%2p&#rp&!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'Efa
+NCA*3BA4S$3%`!!&Y!!!#%!)6!6%-!6%!$3!(1Q*eCQCPFJ!#!!!0!5i!!@m!!!!
+!!!$r4![r4!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J%X!!)"-J%c$3%b!!0*!!)
+#'3*$rd2r3J%d#[p$!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(r3J!!"J%
+d!!2r33%e!6B+rd%!"!TVEf0X$3%e!!&Y!!!#(3)Jrd!+rd!!"!TKE'PK"J%f!!2
+r2`%h!6J+rcm!"!TTER0S$3%h!!)d!!!#)`)Vrci"13Vr2J!%#Q0QEf`0!6N!!@m
+!!!)R!LVr23[r23!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
+-5@jME(9NC8C[E'4PFP"KG'J'!6J!!rmm!6Vr1`Vr2!!%#R4[)#!0!6S!!Qi!!!)
+Z!Md"1`%m$3%l!!)d!!!#0J)prcS"23Vr1J!%#QCTE'80!6d!!@d!!!)j!M`"2J`
+"2J!1!!KLG@CQCA)ZD!!#!!!0!6`!!M3!!!)Z!MEr13%r#[mj!!3+BfC[E!d"2`!
+"E`!!!M)#0Imi#rmi!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rcX!!!)"-`!#!8!
+"33d"3!!#E!!#!N3#42mhrcB"rcF!!!(r0J!!!J&"!!)"3J&$$3&#!!*b!!!#4!*
+2!83"43d"4!!#BJ!!!N3#5`&'!8F0!8B!!@m!!!*%!NIr03[r03!N-!!3Bh*jF(4
+[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"4`!"E3!!!NF#5J&)$!&)!!X
+!"6TMBA0d!!)!!!d"43!"E`!!!!!!!2md#rmd!"3`!!KdC@e`F'&dD!!)G'9YF&"
+KG'J#!8-!!J&*!8S0!8N!!dN!!J*3!RVr-rmb!8X+rc-!'#jMEh*PBh*PE#SU+LS
+!!!!!!!#3!!"ZG@aX!Imb!!!'!8X!!rma!8`"63Vr-3!%#QY[Bf`0!8`!!@d!!!*
+8!PIr-!Vr-!!%#Q&XD@%'!8d!!rm[!8i"6`Vr,`!%#QPZFfJ0!8i!!M3!!!*D!Q,
+r,J&3#[mZ!!3+BfC[E!d"8!!"E`!!!Pi#BImY#rmY!$3`!"K[F'9ZFh0XD@jME(9
+NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B"6`!$rb`"8Im
+V#[mX!!3+G'mJ)!d"83!#EJ!!!Q8#G!&5!9-0!9)!!M3!!!*Y!R6r+J&8#[mU!!3
++CQPXC3d"9!!"E3!!!R!#F`&9$!&9!!`!"Q0KFh3ZD!!#!!!0!9-!!M3!!!*P!Qh
+r+3&@#[mT!!3+BfC[E!d"9J!"E`!!!QN#E2mS#rmS!"3`!!KdC@e`F'&dD!!)G'9
+YF&"KG'J'rbX!!!)"5J!#!9F"@!d"9`!#E!!#!RX#HrmRrbB"rbF!!!(r*J!!!J&
+B!!)"@3&D$3&C!!*b!!!#H`+'!9X"A!d"@`!#BJ!!!RX#JJ&G!9i0!9d!!@m!!!*
+l!Rlr*3[r*3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d
+"AJ!"E3!!!Ri#J3&I$!&I!!X!"6TMEfe`!!)!!!d"A!!"E`!!!!!!!2mN#rmN!"3
+`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!9S!!J&J!@%0!@!!!dN!!J+(!V(r)rmL!@)
++rb-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!ImL!!!'!@)!!rmK!@-"C!V
+r)3!%#QY[Bf`0!@-!!@d!!!+,!Slr)!Vr)!!%#Q&XD@%'!@3!!rmI!@8"CJVr(`!
+%#QPZFfJ0!@8!!M3!!!+4!TRr(J&R#[mH!!3+BfC[E!d"C`!"E`!!!T8#Q2mG#rm
+G!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4Qp
+XC'9b8'&dD!B"CJ!$ra`"D2mE#[mF!!3+G'mJ)!d"D!!#EJ!!!T`#U`&T!@S0!@N
+!!M3!!!+N!U[r'J&V#[mD!!3+CQPXC3d"D`!"E3!!!UF#UJ&X$!&X!!`!"Q0[EA!
+ZD!!#!!!0!@S!!M3!!!+F!U6r'3&Y#[mC!!3+BfC[E!d"E3!"E`!!!U!#SrmB#rm
+B!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'raX!!!)"B3!#!@i"E`d"EJ!#E!!#!V)
+#X[mAraB"raF!!!(r&J!!!J&[!!)"F!&a$3&`!!*b!!!#XJ+p!A)"F`d"FJ!#BJ!
+!!V)#Z3&d!A80!A3!!@m!!!+b!VAr&3[r&3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!
+3Bh*jF(4[4QpXC'9b8'&dD!d"G3!"E3!!!V8#Z!&f$!&f!!X!"6TMEfjQ!!)!!!d
+"F`!"E`!!!!!!!2m8#rm8!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!A%!!J&h!AJ
+0!AF!!dN!!J+q!ZMr%rm5!AN+ra-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@a
+X!Im5!!!'!AN!!rm4!AS"H`Vr%3!%#QY[Bf`0!AS!!@d!!!,#!XAr%!Vr%!!%#Q&
+XD@%'!AX!!rm2!A`"I3Vr$`!%#QPZFfJ0!A`!!M3!!!,)!Y$r$J&q#[m1!!3+BfC
+[E!d"IJ!"E`!!!X`#crm0#rm0!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J
+!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B"I3!$r``"Irm,#[m-!!3+G'mJ)!d
+"I`!#EJ!!!Y-#iJ'!!B%0!B!!!M3!!!,E!Z,r#J'##[m+!!3+CQPXC3d"JJ!"E3!
+!!Yi#i3'$$!'$!!`!"Q0[EQBZD!!#!!!0!B%!!M3!!!,6!Y[r#3'%#[m*!!3+BfC
+[E!d"K!!"E`!!!YF#f[m)#rm)!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'r`X!!!)
+"H!!#!B8"KJd"K3!#E!!#!ZN#kIm(r`B"r`F!!!(r"J!!!J''!!)"K`')$3'(!!*
+b!!!#k3,d!BN"LJd"L3!#BJ!!!ZN#m!',!B`0!BX!!@m!!!,T!Zcr"3[r"3!N-!!
+3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"M!!"E3!!!Z`#l`'
+0$!'0!!S!"$TNCA-!!J!!$3'+!!&[!!!!!!!!r`3,r`3!&$!!#(4PEA"`BA4S!!K
+dC@e`8'&dD!)"L!!#!Bi"M`d"MJ!$53!#![8$(rm$r`)"N!!+r`-!'#jMEh*PBh*
+PE#SU+LS!!!!!!!#3!!"ZG@aX!Im#!!!'!C!!!!2r!3'4!C)+r`%!"!TVEf0X$3'
+4!!&Y!!!#q3,mr`!+r`!!"!TKE'PK"J'5!!2qr`'6!C3+r[m!"!TTER0S$3'6!!)
+d!!!#r`-(r[i"P3VqrJ!%#Q0QEf`0!C8!!@m!!!-$!`Eqr3[qr3!d-!!BEh"PER0
+cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!C3
+!!rlm!CEqq`Vqr!!%#R4[)#!0!CB!!Qi!!!-+!aN"P`'B$3'A!!)d!!!$%J-Cr[S
+"Q3VqqJ!%#QCTE'80!CN!!@d!!!-9!aJ"QJ`"QJ!,!!9NCA-ZD!!#!!!0!CJ!!M3
+!!!-+!a,qq3'E#[lj!!3+BfC[E!d"Q`!"E`!!!`i$%Ili#rli!"3`!!KdC@e`F'&
+dD!!)G'9YF&"KG'J'r[X!!!)"M`!#!C`"R3d"R!!#E!!#!b!$)2lhr[B"r[F!!!(
+qpJ!!!J'G!!)"RJ'I$3'H!!*b!!!$)!-V!D!"S3d"S!!#BJ!!!b!$*`'L!D-0!D)
+!!@m!!!-J!b2qp3[qp3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9
+b8'&dD!d"S`!"E3!!!b-$*J'N$!'N!!N!!cTND!!#!!!0!D%!!@m!!!!!!!$qp![
+qp!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J'I!!)"T3'Q$3'P!!0*!!)$,!0@r[2
+qmJ'R#[lc!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(qmJ!!"J'R!!2qm3'
+S!DN+r[%!"!TVEf0X$3'S!!&Y!!!$-!-cr[!+r[!!"!TKE'PK"J'T!!2ql`'U!DX
++rZm!"!TTER0S$3'U!!)d!!!$0J-qrZi"V!VqlJ!%#Q0QEf`0!D`!!@m!!!-k!ch
+ql3[ql3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
+NC8C[E'4PFP"KG'J'!DX!!rlX!Dhqk`Vql!!%#R4[)#!0!Dd!!Qi!!!0"!e!"VJ'
+[$3'Z!!)d!!!$5303rZS"X!VqkJ!%#QCTE'80!E!!!@d!!!0-!dm"X3`"X3!+!!4
+ND#jS!!)!!!d"V`!#0!!!!d%$5IlT!E)+rZN!"!TMCQpX$3'b!!&[!!!$430)rZJ
+,rZJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eqk`!!!J'Q!!)"X`'d$3'c!!*X!!)
+$9`0ArZIqjJ(qj`!!!IlQ!!!#!E3!!J'e!EB0!E8!!R)!!!0A!f)"Y`'i$3'h!!*
+L!!!$9`0H!EN"ZJd"Z3!"E`!!!eF$@[lP#rlP!#3`!""MFRP`G'pQEfaNCA*`BA4
+S!""MFRP`G'p'EfaNCA*3BA4S$3'k!!&Y!!!$@J0G!EX-!EX!#J!%1Q4cB3!#!!!
+0!EJ!!@m!!!!!!!$qj![qj!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J'f!!)"[!'
+p$3'm!!0*!!)$B`10rZ2qiJ'q#[lM!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
+XE!(qiJ!!"J'q!!2qi3'r!F!+rZ%!"!TVEf0X$3'r!!&Y!!!$C`0UrZ!+rZ!!"!T
+KE'PK"J(!!!2qh`("!F)+rYm!"!TTER0S$3("!!)d!!!$E30erYi"``VqhJ!%#Q0
+QEf`0!F-!!@m!!!0a!h6qh3[qh3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
+S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!F)!!rlF!F6qf`Vqh!!%#R4[)#!
+0!F3!!Qi!!!0i!iF"a3('$3(&!!)d!!!$J!1(rYS"a`VqfJ!%#QCTE'80!FF!!@d
+!!!1$!iB"b!`"b!!,!!9NFf%ZD!!#!!!0!FB!!M3!!!0i!i$qf3(*#[lC!!3+BfC
+[E!d"b3!"E`!!!h`$IrlB#rlB!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rYX!!!)
+"[3!#!FS"b`d"bJ!#E!!#!ii$M[lArYB"rYF!!!(qeJ!!!J(,!!)"c!(0$3(-!!*
+b!!!$MJ1C!Fi"c`d"cJ!#BJ!!!ii$P3(3!G%0!G!!!@m!!!11!j(qe3[qe3!N-!!
+3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d"d3!"E3!!!j%$P!(
+5$!(5!!S!"$TPFR)!!J!!$3(2!!&[!!!!!!!!rY3,rY3!&$!!#(4PEA"`BA4S!!K
+dC@e`8'&dD!)"c3!#!G-"e!d"d`!$53!#!jS$a2l6rY)"e3Vqd`!B,Q0[FQ9MFQ9
+X+LSU+J!!!!!!!*!!!'jeE'`"rY)!!!B"e3!$rY%"eJ(A#[l4!!3+DfpME!d"eJ!
+"E3!!!ji$SIl3#[l3!!3+B@aTB3B"e`!$rXm"f!(C#[l2!!3+D@jcD!d"f!!#0!!
+!!k3$V2l1!GS+rXi!"!TMCQpX$3(D!!&[!!!$U!1VrXd,rXd!0$!!''p`C@jcFfa
+TEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J(C!!2
+qc!(ErXX+rX`!"!TdEb!J$3(E!!*Z!!!$V`1q!G`"h3d"h!!#0!!!!lF$[[l+!Gi
++rXS!"!TQD@aP$3(H!!&Y!!!$ZJ1p!Gm-!Gm!#`!&CA*b,QJ!!J!!$3(G!!)d!!!
+$V`1hrXN"i!Vqb3!%#Q0QEf`0!H!!!@m!!!1c!lEqb![qb!!8-!!)G'9YF("KG'J
+!#(4PEA"3BA4S"[l,!!!#!G3!!J(K!H)0!H%!!Q`!!J2&!mAqarl'!Il(!!!"rXB
+!!!)"iJ!#!H-"j!d"i`!#FJ!!!m8$d!(P!HB0!H8!!Q)!!!2&!m`"j`(S$3(R!!&
+[!!!$a32)rX8,rX8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"
+KG'J0!HJ!!@d!!!2)!mX"k3`"k3!+!!3kCAC`!!)!!!d"jJ!"E`!!!!!!!2l%#rl
+%!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!H3!!J(U!HX0!HS!!dN!!J24!r[q`rl
+#!H`+rX-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Il#!!!'!H`!!rl"!Hd
+"lJVq`3!%#QY[Bf`0!Hd!!@d!!!29!pMq`!Vq`!!%#Q&XD@%'!Hi!!rkr!Hm"m!V
+q[`!%#QPZFfJ0!Hm!!M3!!!2E!q2q[J(a#[kq!!3+BfC[E!d"m3!"E`!!!pm$i[k
+p#rkp!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4
+P4QpXC'9b8'&dD!B"m!!$rV`"m[kl#[km!!3+G'mJ)!d"mJ!#EJ!!!qB$p3(c!I3
+0!I-!!M3!!!2Z!rAqZJ(e#[kk!!3+CQPXC3d"p3!"E3!!!r%$p!(f$!(f!!X!"@9
+fF#jS!!)!!!d"p!!#0!!!!qB$l[kj!IF+rVN!"!TMCQpX$3(h!!&[!!!$kJ2YrVJ
+,rVJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EqZ`!!!J(V!!)"q!(j$3(i!!*X!!)
+$r!2mrVIqYJ(qY`!!!Ikf!!!#!IN!!J(k!IX0!IS!!R)!!!2m"!F"r!(p$3(m!!*
+L!!!$r!3$!Ii"r`d"rJ!"E`!!!r`$rrke#rke!#3`!""MFRP`G'pQEfaNCA*`BA4
+S!""MFRP`G'p'EfaNCA*3BA4S$3(r!!&Y!!!$r`3#!J!-!J!!#`!&1QKYB@-!!J!
+!$3(p!!&[!!!!!!!!rV3,rV3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)"q`!#!J%
+#!Jd#!3!$53!#"!J%-[kcrV)#!`VqX`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'j
+eE'`"rV)!!!B#!`!$rV%#"!)&#[ka!!3+DfpME!d#"!!"E3!!"!`%$rk`#[k`!!3
++B@aTB3B#"3!$rUm#"J)(#[k[!!3+D@jcD!d#"J!#0!!!"")%'[kZ!JJ+rUi!"!T
+MCQpX$3))!!&[!!!%&J3CrUd,rUd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&
+dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J)(!!2qV!)*rUX+rU`!"!TdEb!
+J$3)*!!*Z!!!%(33X!JS##`d##J!#0!!!"#8%,2kU!J`+rUS!"!TQD@aP$3)-!!&
+Y!!!%+!3V!Jd-!Jd!$!!'D'eKBbjS!!)!!!d##`!#0!!!""d%*IkT!Ji+rUN!"!T
+MCQpX$3)1!!&[!!!%)33NrUJ,rUJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EqU`!
+!!J)#!!)#$`)3$3)2!!*X!!)%-`3crUIqTJ(qT`!!!IkQ!!!#!K!!!J)4!K)0!K%
+!!R)!!!3c"$i#%`)8$3)6!!*L!!!%-`3k!K8#&Jd#&3!"E`!!"$-%0[kP#rkP!#3
+`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3)@!!&Y!!!%0J3
+j!KF-!KF!#`!&1QPNC@%!!J!!$3)8!!&[!!!!!!!!rU3,rU3!&$!!#(4PEA"`BA4
+S!!KdC@e`8'&dD!)#%J!#!KJ#'3d#'!!$53!#"$m%DIkMrU)#'JVqS`!B,Q0[FQ9
+MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rU)!!!B#'J!$rU%#'`)F#[kK!!3+DfpME!d
+#'`!"E3!!"%-%4[kJ#[kJ!!3+B@aTB3B#(!!$rTm#(3)H#[kI!!3+D@jcD!d#(3!
+#0!!!"%N%8IkH!Km+rTi!"!TMCQpX$3)I!!&[!!!%6343rTd,rTd!0$!!''p`C@j
+cFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J)
+H!!2qR!)JrTX+rT`!"!TdEb!J$3)J!!*Z!!!%9!4M!L%#)Jd#)3!#0!!!"&`%Brk
+D!L-+rTS!"!TQD@aP$3)M!!&Y!!!%A`4L!L3-!L3!$!!'D@4PB5jS!!)!!!d#)J!
+#0!!!"&3%A2kC!L8+rTN!"!TMCQpX$3)P!!&[!!!%@!4ErTJ,rTJ!&$!!#(4PEA"
+`BA4S!!KdC@e`8'&dD!EqQ`!!!J)C!!)#*J)R$3)Q!!*X!!)%DJ4UrTIqPJ(qP`!
+!!Ik@!!!#!LF!!J)S!LN0!LJ!!R)!!!4U"(8#+J)V$3)U!!*L!!!%DJ4a!L`#,3d
+#,!!"E`!!"'S%EIk9#rk9!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'Efa
+NCA*3BA4S$3)Y!!&Y!!!%E34`!Li-!Li!$!!'1QaSBA0S!!)!!!d#+`!"E`!!!!!
+!!2k8#rk8!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!LN!!J)[!M!0!Lm!!dN!!J4
+f"+$qNrk5!M%+rT-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ik5!!!'!M%
+!!rk4!M)#-`VqN3!%#QY[Bf`0!M)!!@d!!!4k"(hqN!!+rT!!!!3+B@aTB3B#-`!
+$rSm#0!)e#[k2!!3+D@jcD!d#0!!#0!!!")!%L2k1!MB+rSi!"!TMCQpX$3)f!!&
+[!!!%K!5(rSd,rSd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP0
+66%PZBfaeC'9'EfaNCA*3BA4S"J)e!!2qM!)hrSX+rS`!"!TdEb!J$3)h!!*Z!!!
+%L`5D!MJ#13d#1!!#0!!!"*-%Q[k+!MS+rSS!"!TQD@aP$3)k!!&Y!!!%PJ5C!MX
+-!MX!$3!(E'KKFfJZD!!#!!!0!MN!!M3!!!5,"*2qL3)m#[k*!!3+BfC[E!d#2!!
+"E`!!")m%N[k)#rk)!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rSX!!!)#-!!#!Md
+#2Jd#23!#E!!#"+%%SIk(rSB"rSF!!!(qKJ!!!J)q!!)#2`*!$3)r!!*b!!!%S35
+X!N%#3Jd#33!#BJ!!"+%%U!*$!N30!N-!!@m!!!5K"+6qK3[qK3!N-!!3Bh*jF(4
+[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d#4!!"E3!!"+3%T`*&$!*&!!S
+!"$TYC$)!!J!!$3*#!!&[!!!!!!!!rS3,rS3!&$!!#(4PEA"`BA4S!!KdC@e`8'&
+dD!)#3!!#!NB#4`d#4J!$53!#"+d%erk$rS)#5!VqJ`!B,Q0[FQ9MFQ9X+LSU+J!
+!!!!!!*!!!'jeE'`"rS)!!!B#5!!$rS%#53*+#[k"!!3+DfpME!d#53!"E3!!",%
+%Y2k!#[k!!!3+B@aTB3B#5J!$rRm#5`*-#[jr!!3+D@jcD!d#5`!#0!!!",F%[rj
+q!Nd+rRi!"!TMCQpX$3*0!!&[!!!%Z`5qrRd,rRd!0$!!''p`C@jcFfaTEQ0XG@4
+PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J*-!!2qI!*1rRX
++rR`!"!TdEb!J$3*1!!*Z!!!%`J64!Nm#8!d#6`!#0!!!"-S%dIjk!P%+rRS!"!T
+QD@aP$3*4!!&Y!!!%c363!P)-!P)!#`!&E@3b,QJ!!J!!$3*3!!)d!!!%`J6+rRN
+#8`VqH3!%#Q0QEf`0!P-!!@m!!!6'"-RqH![qH!!8-!!)G'9YF("KG'J!#(4PEA"
+3BA4S"[jl!!!#!NF!!J*8!P80!P3!!Q`!!J6B"0MqGrjf!Ijh!!!"rRB!!!)#93!
+#!PB#9`d#9J!#FJ!!"0J%i`*B!PN0!PJ!!Q)!!!6B"0m#@J*E$3*D!!&[!!!%f!6
+ErR8,rR8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!PX
+!!@d!!!6E"0i#A!`#A!!+!!3kE@3e!!)!!!d#@3!"E`!!!!!!!2jd#rjd!"3`!!K
+dC@e`F'&dD!!)G'9YF&"KG'J#!PF!!J*G!Pi0!Pd!!dN!!J6N"3lqFrjb!Pm+rR-
+!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ijb!!!'!Pm!!rja!Q!#B3VqF3!
+%#QY[Bf`0!Q!!!@d!!!6S"1[qF!VqF!!%#Q&XD@%'!Q%!!rj[!Q)#B`VqE`!%#QP
+ZFfJ0!Q)!!M3!!!6Z"2EqEJ*N#[jZ!!3+BfC[E!d#C!!"E`!!"2)%pIjY#rjY!$3
+`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9
+b8'&dD!B#B`!$rQ`#CIjV#[jX!!3+G'mJ)!d#C3!#EJ!!"2N&#!*Q!QF0!QB!!M3
+!!!8""3MqDJ*S#[jU!!3+CQPXC3d#D!!"E3!!"33&"`*T$!*T!!X!"@eN05jS!!)
+!!!d#C`!#0!!!"2N&!IjT!QS+rQN!"!TMCQpX$3*U!!&[!!!%r38!rQJ,rQJ!&$!
+!#(4PEA"`BA4S!!KdC@e`8'&dD!EqD`!!!J*H!!)#D`*X$3*V!!*X!!)&$`82rQI
+qCJ(qC`!!!IjQ!!!#!Q`!!J*Y!Qi0!Qd!!R)!!!82"4S#E`*`$3*[!!*L!!!&$`8
+@!R%#FJd#F3!"E`!!"3m&%[jP#rjP!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP
+`G'p'EfaNCA*3BA4S$3*b!!&Y!!!&%J89!R--!R-!#`!&1QeNBc)!!J!!$3*`!!&
+[!!!!!!!!rQ3,rQ3!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)#EJ!#!R3#G3d#G!!
+$53!#"4X&4IjMrQ)#GJVqB`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rQ)
+!!!B#GJ!$rQ%#G`*i#[jK!!3+DfpME!d#G`!"E3!!"4m&)[jJ#[jJ!!3+B@aTB3B
+#H!!$rPm#H3*k#[jI!!3+D@jcD!d#H3!#0!!!"58&,IjH!RX+rPi!"!TMCQpX$3*
+l!!&[!!!&+38XrPd,rPd!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"
+PEP066%PZBfaeC'9'EfaNCA*3BA4S"J*k!!2qA!*mrPX+rP`!"!TdEb!J$3*m!!*
+Z!!!&-!8r!Rd#IJd#I3!#0!!!"6J&2rjD!Rm+rPS!"!TQD@aP$3*r!!&Y!!!&1`8
+q!S!-!S!!$!!'E@4M-LjS!!)!!!d#IJ!#0!!!"6!&12jC!S%+rPN!"!TMCQpX$3+
+"!!&[!!!&0!8hrPJ,rPJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq@`!!!J*e!!)
+#JJ+$$3+#!!*X!!)&4J9'rPIq9J(q9`!!!Ij@!!!#!S-!!J+%!S80!S3!!R)!!!9
+'"9%#KJ+($3+'!!*L!!!&4J90!SJ#L3d#L!!"E`!!"8B&5Ij9#rj9!#3`!""MFRP
+`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3+*!!&Y!!!&539-!SS-!SS
+!$J!)1QpLDQ9MG(-!!J!!$3+(!!&[!!!!!!!!rP3,rP3!&$!!#(4PEA"`BA4S!!K
+dC@e`8'&dD!)#K3!#!SX#M!d#L`!$53!#"9)&I2j6rP)#M3Vq8`!B,Q0[FQ9MFQ9
+X+LSU+J!!!!!!!*!!!'jeE'`"rP)!!!B#M3!$rP%#MJ+2#[j4!!3+DfpME!d#MJ!
+"E3!!"9B&@Ij3#[j3!!3+B@aTB3B#M`!$rNm#N!!#N3Vq6`!%#QPZFfJ0!T!!!!)
+d!!!&A!9NrNi#NJVq6J!%#Q0QEf`0!T)!!@m!!!9J"@2q63[q63!d-!!BEh"PER0
+cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!T%
+!!rj-!T2q5`Vq6!!%#R4[)#!0!T-!!Qi!!!9R"AB#P!+9$3+8!!)d!!!&E`9frNS
+#PJVq5J!%#QCTE'80!TB!!@d!!!9b"A8#P``#P`!2!!P[BQTPBh4c,QJ!!J!!$3+
+9!!)d!!!&C`9[rNN#Q!Vq53!%#Q0QEf`0!TJ!!@m!!!9V"@lq5![q5!!8-!!)G'9
+YF("KG'J!#(4PEA"3BA4S"[j,!!!#!S`!!J+C!TS0!TN!!Q`!!J9p"Ahq4rj'!Ij
+(!!!"rNB!!!)#QJ!#!TX#R!d#Q`!#FJ!!"Ad&L!+G!Ti0!Td!!Q)!!!9p"B3#R`+
+J$3+I!!&[!!!&I3@!rN8,rN8!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC
+[E'4PFP"KG'J0!U!!!@d!!!@!"B-#S3`#S3!+!!3kF'9Y!!)!!!d#RJ!"E`!!!!!
+!!2j%#rj%!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!T`!!J+L!U-0!U)!!dN!!J@
+*"E2q3rj#!U3+rN-!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ij#!!!'!U3
+!!rj"!U8#TJVq33!%#QY[Bf`0!U8!!@d!!!@0"C!!rN!+rN!!"!TKE'PK"J+Q!!2
+q2`+R!UJ+rMm!"!TTER0S$3+R!!)d!!!&N`@ErMi#U3Vq2J!%#Q0QEf`0!UN!!@m
+!!!@A"CVq23[q23!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
+-5@jME(9NC8C[E'4PFP"KG'J'!UJ!!rim!UVq1`Vq2!!%#R4[)#!0!US!!Qi!!!@
+H"Dd#U`+X$3+V!!)d!!!&TJ@YrMS#V3Vq1J!%#QCTE'80!Ud!!@d!!!@T"D`#VJ`
+#VJ!,!!9`C@dZD!!#!!!0!U`!!M3!!!@H"DEq13+[#[ij!!3+BfC[E!d#V`!"E`!
+!"D)&TIii#rii!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'rMX!!!)#S`!#!V!#X3d
+#X!!$53!#"E3&h[ihrMB#XJVq0`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`
+"rMB!!!B#XJ!$rM8#X`+d#[ie!!3+DfpME!d#X`!"E3!!"EJ&Zrid#[id!!3+B@a
+TB3B#Y!!$rM-#Y3+f#[ic!!3+D@jcD!d#Y3!#0!!!"Ei&a[ib!VF+rM)!"!TMCQp
+X$3+h!!&[!!!&`JA&rM%,rM%!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!
+BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J+f!!2q-!+irLm+rM!!"!TdEb!J$3+
+i!!*Z!!!&b3AB!VN#ZJd#Z3!#0!!!"G%&f2iZ!VX+rLi!"!TQD@aP$3+l!!&Y!!!
+&e!AA!V`-!V`!$!!'F'9Y-LjS!!)!!!d#ZJ!#0!!!"FN&dIiY!Vd+rLd!"!TMCQp
+X$3+p!!&[!!!&c3A3rL`,rL`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq,`!!!J+
+a!!)#[J+r$3+q!!*X!!)&h`AIrL[q+J(q+`!!!IiU!!!#!Vm!!J,!!X%0!X!!!R)
+!!!AI"HS#`J,$$3,#!!*L!!!&h`AQ!X3#a3d#a!!"E`!!"Gm&i[iT#riT!#3`!""
+MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3,&!!&Y!!!&iJAP!XB
+-!XB!$3!(1R"VBh-a-J!#!!!0!X-!!@m!!!!!!!$q+![q+!!8-!!)G'9YF("KG'J
+!#(4PEA"3BA4S!J,"!!)#a`,)$3,(!!0*!!)&k`B9rLIq*J,*#[iR!"JZBfpbC@0
+bC@`U+LSU!!!!!!!!N!!!ER9XE!(q*J!!"J,*!!2q*3,+!XX+rL8!"!TVEf0X$3,
++!!&Y!!!&l`AbrL3+rL3!"!TKE'PK"J,,!!2q)`,-!Xd+rL-!"!TTER0S$3,-!!)
+d!!!&p3AprL)#cJVq)J!%#Q0QEf`0!Xi!!@m!!!Aj"Icq)3[q)3!d-!!BEh"PER0
+cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!Xd
+!!riJ!Xrq(`Vq)!!%#R4[)#!0!Xm!!Qi!!!B!"Jm#d!,4$3,3!!)d!!!'#!B2rKi
+#dJVq(J!%#QCTE'80!Y)!!@d!!!B,"Ji#d``#d`!1!!K`Df0c-6)ZD!!#!!!0!Y%
+!!M3!!!B!"JMq(3,8#[iG!!3+BfC[E!d#e!!"E`!!"J3'"riF#riF!"3`!!KdC@e
+`F'&dD!!)G'9YF&"KG'J'rKm!!!)#b!!#!Y8#eJd#e3!#E!!#"KB'&[iErKS"rKX
+!!!(q'J!!!J,@!!)#e`,B$3,A!!*b!!!'&JBK!YN#fJd#f3!#BJ!!"KB'(3,E!Y`
+0!YX!!@m!!!B@"KRq'3[q'3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4Qp
+XC'9b8'&dD!d#h!!"E3!!"KN'(!,G$!,G!!`!"MT`Df0c0`!#!!!0!YS!!@m!!!!
+!!!$q'![q'!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J,B!!)#hJ,I$3,H!!0*!!)
+')JC-rKIq&J,J#[iA!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!(q&J!!"J,
+J!!2q&3,K!Z)+rK8!"!TVEf0X$3,K!!&Y!!!'*JBTrK3+rK3!"!TKE'PK"J,L!!2
+q%`,M!Z3+rK-!"!TTER0S$3,M!!)d!!!',!BdrK)#j3Vq%J!%#Q0QEf`0!Z8!!@m
+!!!B`"M2q%3[q%3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0
+-5@jME(9NC8C[E'4PFP"KG'J'!Z3!!ri3!ZEq$`Vq%!!%#R4[)#!0!ZB!!Qi!!!B
+h"NB#j`,S$3,R!!)d!!!'2`C'rJi#k3Vq$J!%#QCTE'80!ZN!!@d!!!C#"N8#kJ`
+#kJ!0!!G`Df0c0bjS!!)!!!d#k!!#0!!!"MF'2ri0!ZX+rJd!"!TMCQpX$3,V!!&
+[!!!'1`BqrJ`,rJ`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eq$`!!!J,I!!)#l!,
+Y$3,X!!*X!!)'63C0rJ[q#J(q#`!!!Ii+!!!#!Zd!!J,Z!Zm0!Zi!!R)!!!C0"PJ
+#m!,a$3,`!!*L!!!'63C8![)#m`d#mJ!"E`!!"Nd'82i*#ri*!#3`!""MFRP`G'p
+QEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3,c!!&Y!!!'8!C6![3-![3!#`!
+&1R*KEQ3!!J!!$3,a!!&[!!!!!!!!rJJ,rJJ!&$!!#(4PEA"`BA4S!!KdC@e`8'&
+dD!)#l`!#![8#pJd#p3!$53!#"PN'Jri(rJB#p`Vq"`!B,Q0[FQ9MFQ9X+LSU+J!
+!!!!!!*!!!'jeE'`"rJB!!!B#p`!$rJ8#q!,j#[i&!!3+DfpME!d#q!!"E3!!"Pd
+'B2i%#[i%!!3+B@aTB3B#q3!$rJ-#qJ,l#[i$!!3+D@jcD!d#qJ!#0!!!"Q-'Dri
+#![`+rJ)!"!TMCQpX$3,m!!&[!!!'C`CUrJ%,rJ%!0$!!''p`C@jcFfaTEQ0XG@4
+PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J,l!!2q!!,prIm
++rJ!!"!TdEb!J$3,p!!*Z!!!'EJCp![i#r`d#rJ!#0!!!"RB'IIhq!`!+rIi!"!T
+QD@aP$3-!!!&Y!!!'H3Cm!`%-!`%!$!!'FQ&ZC#jS!!)!!!d#r`!#0!!!"Qi'G[h
+p!`)+rId!"!TMCQpX$3-#!!&[!!!'FJCerI`,rI`!&$!!#(4PEA"`BA4S!!KdC@e
+`8'&dD!Epr`!!!J,f!!)$!`-%$3-$!!*X!!)'K!D%rI[pqJ(pq`!!!Ihk!!!#!`3
+!!J-&!`B0!`8!!R)!!!D%"Sm$"`-)$3-(!!*L!!!'K!D,!`N$#Jd$#3!"E`!!"S3
+'Krhj#rhj!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3-
++!!&Y!!!'K`D+!`X-!`X!#J!%1R*M-J!#!!!0!`J!!@m!!!!!!!$pq![pq!!8-!!
+)G'9YF("KG'J!#(4PEA"3BA4S!J-'!!)$$!-0$3--!!0*!!)'N!!'Z[hhrIB$$JV
+pp`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rIB!!!B$$J!$rI8$$`-3#[h
+e!!3+DfpME!d$$`!"E3!!"T3'Prhd#[hd!!3+B@aTB3B$%!!$rI-$%3-5#[hc!!3
++D@jcD!d$%3!#0!!!"TS'S[hb!a-+rI)!"!TMCQpX$3-6!!&[!!!'RJDKrI%,rI%
+!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'Efa
+NCA*3BA4S"J-5!!2pm!-8rHm+rI!!"!TdEb!J$3-8!!*Z!!!'T3Dd!a8$&Jd$&3!
+#0!!!"Ud'Y2hZ!aF+rHi!"!TQD@aP$3-A!!&Y!!!'X!Dc!aJ-!aJ!#`!&FQ-b,QJ
+!!J!!$3-@!!)d!!!'T3DYrHd$'3Vpl3!%#Q0QEf`0!aN!!@m!!!DT"Ucpl![pl!!
+8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[h[!!!#!`d!!J-D!aX0!aS!!Q`!!JDl"V[
+pkrhU!IhV!!!"rHS!!!)$'`!#!a`$(3d$(!!#FJ!!"VX'aJ-H!am0!ai!!Q)!!!D
+l"X)$)!-K$3-J!!&[!!!'Z`DqrHN,rHN!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0
+bHA"dEdC[E'4PFP"KG'J0!b%!!@d!!!Dq"X%$)J`$)J!+!!3kFQ-d!!)!!!d$(`!
+"E`!!!!!!!2hS#rhS!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!ad!!J-M!b30!b-
+!!dN!!JE("[(pjrhQ!b8+rHF!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"ZG@aX!Ih
+Q!!!'!b8!!rhP!bB$*`Vpj3!%#QY[Bf`0!bB!!@d!!!E,"Xlpj!Vpj!!%#Q&XD@%
+'!bF!!rhM!bJ$+3Vpi`!%#QPZFfJ0!bJ!!M3!!!E4"YRpiJ-U#[hL!!3+BfC[E!d
+$+J!"E`!!"Y8'f2hK#rhK!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p
+`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B$+3!$rH!$+rhI#[hJ!!3+G'mJ)!d$+`!
+#EJ!!"Y`'k`-X!bd0!b`!!M3!!!EN"Z[phJ-Z#[hH!!3+CQPXC3d$,J!"E3!!"ZF
+'kJ-[$!-[!!X!"A*M0#jS!!)!!!d$,3!#0!!!"Y`'j2hG!c!+rGd!"!TMCQpX$3-
+`!!&[!!!'i!EMrG`,rG`!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!Eph`!!!J-N!!)
+$-3-b$3-a!!*X!!)'mJEbrG[pfJ(pf`!!!IhD!!!#!c)!!J-c!c30!c-!!R)!!!E
+b"[d$03-f$3-e!!*L!!!'mJEj!cF$1!d$0`!"E`!!"[)'pIhC#rhC!#3`!""MFRP
+`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$3-i!!&Y!!!'p3Ei!cN-!cN
+!#J!%1R*M03!#!!!0!cB!!@m!!!!!!!$pf![pf!!8-!!)G'9YF("KG'J!#(4PEA"
+3BA4S!J-d!!)$1J-l$3-k!!0*!!)'rJFSrGIpeJ-m#[hA!"JZBfpbC@0bC@`U+LS
+U!!!!!!!!N!!!ER9XE!(peJ!!"J-m!!2pe3-p!ci+rG8!"!TVEf0X$3-p!!&Y!!!
+(!JF&rG3+rG3!"!TKE'PK"J-q!!2pd`-r!d!+rG-!"!TTER0S$3-r!!)d!!!(#!F
+3rG)$33VpdJ!%#Q0QEf`0!d%!!@m!!!F-"`rpd3[pd3!d-!!BEh"PER0cE'PZBfa
+eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!d!!!rh3!d,
+pc`Vpd!!%#R4[)#!0!d)!!Qi!!!F6"b)$3`0%$30$!!)d!!!('`FLrFi$43VpcJ!
+%#QCTE'80!d8!!@d!!!FH"b%$4J`$4J!,!!9bBc8ZD!!#!!!0!d3!!M3!!!F6"a[
+pc30(#[h0!!3+BfC[E!d$4`!"E`!!"aF('[h-#rh-!"3`!!KdC@e`F'&dD!!)G'9
+YF&"KG'J'rFm!!!)$1`!#!dJ$53d$5!!#E!!#"bN(+Ih,rFS"rFX!!!(pbJ!!!J0
+*!!)$5J0,$30+!!*b!!!(+3Fd!d`$63d$6!!#BJ!!"bN(-!01!dm0!di!!@m!!!F
+T"bcpb3[pb3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d
+$6`!"E3!!"b`(,`03$!03!!d!"cTbDA"PE@3!!J!!$300!!&[!!!!!!!!rFJ,rFJ
+!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)$5`!#!e%$8Jd$83!$53!#"c8(Arh(rFB
+$8`Vpa`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rFB!!!B$8`!$rF8$9!0
+9#[h&!!3+DfpME!d$9!!"E3!!"cN(22h%#[h%!!3+B@aTB3B$93!$rF-$9J0A#[h
+$!!3+D@jcD!d$9J!#0!!!"cm(4rh#!eJ+rF)!"!TMCQpX$30B!!&[!!!(3`G'rF%
+,rF%!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9
+'EfaNCA*3BA4S"J0A!!2p`!0CrEm+rF!!"!TdEb!J$30C!!*Z!!!(5JGC!eS$@`d
+$@J!#0!!!"e)(@Ifq!e`+rEi!"!TQD@aP$30F!!&Y!!!(93GB!ed-!ed!$J!)FQP
+`C@eN,QJ!!J!!$30E!!)d!!!(5JG5rEd$AJVp[3!%#Q0QEf`0!ei!!@m!!!G1"e(
+p[![p[!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[fr!!!#!e)!!J0I!f!0!em!!Q`
+!!JGJ"f$pZrfk!Ifl!!!"rES!!!)$B!!#!f%$BJd$B3!#FJ!!"f!(D`0M!f30!f-
+!!Q)!!!GJ"fF$C30Q$30P!!&[!!!(B!GMrEN,rEN!*$!!%'0bHA"dEfC[E'4PFR"
+KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!fB!!@d!!!GM"fB$C``$C`!+!!3kFR0K!!)
+!!!d$C!!"E`!!!!!!!2fi#rfi!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J#!f)!!J0
+S!fN0!fJ!!dN!!JGX"jEpYrff!fS+rEF!'#jMEh*PBh*PE#SU+LS!!!!!!!#3!!"
+ZG@aX!Iff!!!'!fS!!rfe!fX$E!VpY3!%#QY[Bf`0!fX!!@d!!!G`"h2pY!VpY!!
+%#Q&XD@%'!f`!!rfc!fd$EJVpX`!%#QPZFfJ0!fd!!M3!!!Gf"hlpXJ0[#[fb!!3
++BfC[E!d$E`!"E`!!"hS(IIfa#rfa!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4PFR"
+KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B$EJ!$rE!$F2f[#[f`!!3+G'm
+J)!d$F!!#EJ!!"i%(N!!$F30b$30a!!)d!!!(L3H3!2fZ!h-+rDi!"!TQD@aP$30
+c!!&Y!!!(M!H2!h3-!h3!#`!&FR0K,QJ!!J!!$30b!!)d!!!(J3H*rDd$G3VpV3!
+%#Q0QEf`0!h8!!@m!!!H&"iMpV![pV!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[f
+[!!!#!fN!!J0f!hF0!hB!!Q`!!JHA"jIpUrfU!IfV!!!"rDS!!!)$G`!#!hJ$H3d
+$H!!#FJ!!"jF(SJ0k!hX0!hS!!Q)!!!HA"ji$I!0p$30m!!&[!!!(P`HDrDN,rDN
+!*$!!%'0bHA"dEfC[E'4PFR"KG'J!%'0bHA"dEdC[E'4PFP"KG'J0!hd!!@d!!!H
+D"jd$IJ`$IJ!-!!BkFh4KBfX!!J!!$30l!!&[!!!!!!!!rDJ,rDJ!&$!!#(4PEA"
+`BA4S!!KdC@e`8'&dD!)$H3!#!hm$J!d$I`!$53!#"k-(cIfRrDB$J3VpT`!B,Q0
+[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rDB!!!B$J3!$rD8$JJ1$#[fP!!3+Dfp
+ME!d$JJ!"E3!!"kF(U[fN#[fN!!3+B@aTB3B$J`!$rD-$K!1&#[fM!!3+D@jcD!d
+$K!!#0!!!"kd(YIfL!iB+rD)!"!TMCQpX$31'!!&[!!!(X3HdrD%,rD%!0$!!''p
+`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4
+S"J1&!!2pS!1(rCm+rD!!"!TdEb!J$31(!!*Z!!!(Z!I(!iJ$L3d$L!!#0!!!"m!
+(arfH!iS+rCi!"!TQD@aP$31+!!&Y!!!(``I'!iX-!iX!$3!(Fh4KBfXZD!!#!!!
+0!iN!!M3!!!Hi"m$pR31-#[fG!!3+BfC[E!d$M!!"E`!!"l`([rfF#rfF!"3`!!K
+dC@e`F'&dD!!)G'9YF&"KG'J'rCm!!!)$J!!#!id$MJd$M3!$53!#"mi(q2fErCS
+$M`VpQ`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rCS!!!B$M`!$rCN$N!!
+$N3VpQ3!%#QY[Bf`0!j!!!!&Y!!!(dJI9rCJ+rCJ!"!TKE'PK"J14!!2pP`15!j-
++rCF!"!TTER0S$315!!)d!!!(f!IJrCB$P!VpPJ!%#Q0QEf`0!j3!!@m!!!IF"pr
+pP3[pP3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
+NC8C[E'4PFP"KG'J'!j-!!rf8!jApN`VpP!!%#R4[)#!0!j8!!Qi!!!IM"r)$PJ1
+A$31@!!)d!!!(k`IbrC)$Q!VpNJ!%#QCTE'80!jJ!!@d!!!IZ"r%$Q3`$Q3!4!!Y
+cB@CPFh4KBfXZD!!#!!!0!jF!!M3!!!IM"q[pN31D#[f4!!3+BfC[E!d$QJ!"E`!
+!"qF(k[f3!![pN!!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!EpN`!!!J11!!)$Q`1
+F$31E!!*X!!)(q3IjrBrpMJ(pM`!!!If1!!!#!j`!!J1G!ji0!jd!!R)!!!Ij#!3
+$R`1J$31I!!*L!!!(q3J!!k%$SJd$S3!"E`!!"rN(r2f0#rf0!#3`!""MFRP`G'p
+QEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S$31L!!&Y!!!(r!Ir!k--!k-!#J!
+%1R0SB3!#!!!0!k!!!@m!!!!!!!$pM![pM!!8-!!)G'9YF("KG'J!#(4PEA"3BA4
+S!J1H!!)$T!1P$31N!!0*!!))"3J[rB[pLJ1Q#[f,!"JZBfpbC@0bC@`U+LSU!!!
+!!!!!N!!!ER9XE!(pLJ!!"J1Q!!2pL31R!kJ+rBN!"!TVEf0X$31R!!&Y!!!)#3J
+-rBJ+rBJ!"!TKE'PK"J1S!!2pK`1T!kS+rBF!"!TTER0S$31T!!)d!!!)$`JArBB
+$U`VpKJ!%#Q0QEf`0!kX!!@m!!!J6#"EpK3[pK3!d-!!BEh"PER0cE'PZBfaeC'9
+QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!kS!!rf%!kcpJ`V
+pK!!%#R4[)#!0!k`!!Qi!!!JD##N$V31Z$31Y!!)d!!!))JJTrB)$V`VpJJ!%#QC
+TE'80!km!!@d!!!JP##J$X!`$X!!,!!9cD'%ZD!!#!!!0!ki!!M3!!!JD##,pJ31
+a#[f"!!3+BfC[E!d$X3!"E`!!#"i))If!#rf!!"3`!!KdC@e`F'&dD!!)G'9YF&"
+KG'J'rB-!!!)$T3!#!l)$X`d$XJ!#E!!##$!)-2errAi"rAm!!!(pIJ!!!J1c!!)
+$Y!1e$31d!!*b!!!)-!Jl!lB$Y`d$YJ!#BJ!!#$!)0`1i!lN0!lJ!!@m!!!J`#$2
+pI3[pI3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD!d$Z3!
+"E3!!#$-)0J1k$!1k!!d!"cTdH(4IC')!!J!!$31h!!&[!!!!!!!!rA`,rA`!&$!
+!#(4PEA"`BA4S!!KdC@e`8'&dD!)$Y3!#!lX$[!d$Z`!$53!##$`)C[elrAS$[3V
+pH`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"rAS!!!B$[3!$rAN$[J1r#[e
+j!!3+DfpME!d$[J!"E3!!#%!)3rei#[ei!!3+B@aTB3B$[`!$rAF$`!2"#[eh!!3
++D@jcD!d$`!!#0!!!#%B)6[ef!m)+rAB!"!TMCQpX$32#!!&[!!!)5JK0rA8,rA8
+!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'Efa
+NCA*3BA4S"J2"!!2pG!2$rA-+rA3!"!TdEb!J$32$!!*Z!!!)83KJ!m3$a3d$a!!
+#0!!!#&N)B2eb!mB+rA)!"!TQD@aP$32'!!&Y!!!)A!KI!mF-!mF!$J!)G(KdAf4
+L,QJ!!J!!$32&!!)d!!!)83KCrA%$b!VpF3!%#Q0QEf`0!mJ!!@m!!!K9#&MpF![
+pF!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[ec!!!#!l`!!J2*!mS0!mN!!Q`!!JK
+R#'IpEreZ!Ie[!!!"r@i!!!)$bJ!#!mX$c!d$b`!#FJ!!#'F)FJ20!mi0!md!!Q)
+!!!KR#'i$c`23$322!!&[!!!)C`KUr@d,r@d!*$!!%'0bHA"dEfC[E'4PFR"KG'J
+!%'0bHA"dEdC[E'4PFP"KG'J0!p!!!@d!!!KU#'d$d3`$d3!,!!8kH$8`13!#!!!
+0!mi!!@m!!!!!!!$pE![pE!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!J2-!!)$dJ2
+6$325!!0*!!))F`LGr@[pDJ28#[eV!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
+XE!(pDJ!!"J28!!2pD329!pB+r@N!"!TVEf0X$329!!&Y!!!)G`Kkr@J+r@J!"!T
+KE'PK"J2@!!2pC`2A!pJ+r@F!"!TTER0S$32A!!)d!!!)I3L&r@B$f3VpCJ!%#Q0
+QEf`0!pN!!@m!!!L"#)6pC3[pC3!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
+S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'!pJ!!reN!pVpB`VpC!!%#R4[)#!
+0!pS!!Qi!!!L)#*F$f`2F$32E!!)d!!!)N!!)PreL!pd+r@)!"!TQD@aP$32G!!&
+Y!!!)N`L@!pi-!pi!$!!'H$8`15jS!!)!!!d$h!!#0!!!#)J)N!$pB32I#[eK!!3
++BfC[E!d$h`!"E`!!#)`)MreJ#reJ!"3`!!KdC@e`F'&dD!!)G'9YF&"KG'J'r@-
+!!!)$d`!#!q!$i3d$i!!$53!##*i)b2eIr9i$iJVpA`!B,Q0[FQ9MFQ9X+LSU+J!
+!!!!!!*!!!'jeE'`"r9i!!!B$iJ!$r9d$i`2N#[eG!!3+DfpME!d$i`!"E3!!#+)
+)TIeF#[eF!!3+B@aTB3B$j!!$r9X$j32Q#[eE!!3+D@jcD!d$j3!#0!!!#+J)X2e
+D!qF+r9S!"!TMCQpX$32R!!&[!!!)V!L[r9N,r9N!0$!!''p`C@jcFfaTEQ0XG@4
+PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J2Q!!2p@!2Sr9F
++r9J!"!TdEb!J$32S!!*Z!!!)X`M#!qN$kJd$k3!#0!!!#,X)`[e@!qX+r9B!"!T
+QD@aP$32V!!&Y!!!)[JM"!q`-!q`!%!!+H$8`19pfCRNZD!!#!!!0!qS!!M3!!!L
+c#,[p932Y#[e9!!3+BfC[E!d$l3!"E`!!#,F)Z[e8#re8!"3`!!KdC@e`F'&dD!!
+)G'9YF&"KG'J'r9F!!!)$i3!#!qi$l`d$lJ!#E!!##-N)bIe6r9)"r9-!!!(p8J!
+!!J2[!!)$m!2a$32`!!*b!!!)b3M8!r)$m`d$mJ!#BJ!!#-N)d!2d!r80!r3!!@m
+!!!M*#-cp83[p83!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&
+dD!d$p3!"E3!!#-`)c`2f$!2f!!d!"cTi06!jGM-!!J!!$32c!!&[!!!!!!!!r9!
+,r9!!&$!!#(4PEA"`BA4S!!KdC@e`8'&dD!)$m3!#!rF$q!d$p`!$53!##08)rre
+2r8i$q3Vp6`!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r8i!!!B$q3!$r8d
+$qJ2l#[e0!!3+DfpME!d$qJ!"E3!!#0N)h2e-#[e-!!3+B@aTB3B$q`!$r8X$r!2
+p#[e,!!3+D@jcD!d$r!!#0!!!#0m)jre+!ri+r8S!"!TMCQpX$32q!!&[!!!)i`M
+Qr8N,r8N!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfa
+eC'9'EfaNCA*3BA4S"J2p!!2p5!2rr8F+r8J!"!TdEb!J$32r!!*Z!!!)kJMj"!!
+%!3d%!!!#0!!!#2))qIe'"!)+r8B!"!TQD@aP$33#!!&Y!!!)p3Mi"!--"!-!$J!
+)H$8`1ABc,QJ!!J!!$33"!!)d!!!)kJMbr88%"!Vp43!%#Q0QEf`0"!3!!@m!!!M
+Z#2(p4![p4!!8-!!)G'9YF("KG'J!#(4PEA"3BA4S"[e(!!!#!rJ!!J3&"!B0"!8
+!!Q`!!JN!#3$p3re#!Ie$!!!"r8)!!!)%"J!#"!F%#!d%"`!$53!##3!*+[e"r8!
+%#3Vp33!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r8!!!!B%#3!$r6m%#J3
+,#[dr!!3+DfpME!d%#J!"E3!!#33*"rdq#[dq!!3+B@aTB3B%#`!$r6d%$!30#[d
+p!!3+D@jcD!d%$!!#0!!!#3S*%[dm"!i+r6`!"!TMCQpX$331!!&[!!!*$JN4r6X
+,r6X!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9
+'EfaNCA*3BA4S"J30!!2p1J32r6N+r6S!"!TdEb!J$332!!*Z!!!*&3NN""!%%3d
+%%!!#0!!!#4d**2di"")+r6J!"!TQD@aP$335!!&Y!!!*)!NM""--""-!#`!&Fh0
+X,QJ!!J!!$334!!)d!!!*&3NGr6F%&!Vp0`!%#Q0QEf`0""3!!@m!!!NC#4cp0J[
+p0J!H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9b8'&dD!Ep13!!!J3)!!)%&33
+@$339!!0*!!)*+`P9r6Ap0!3A#[de!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9
+XE!(p0!!!"J3A!!2p-`3B""N+r6-!"!TVEf0X$33B!!&Y!!!*,`Nbr6)+r6)!"!T
+KE'PK"J3C!!2p-33D""X+r6%!"!TTER0S$33D!!)d!!!*03Npr6!%(!Vp-!!%#Q0
+QEf`0""`!!@m!!!Nj#6cp,`[p,`!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4
+S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'""X!!rdZ""hp,3Vp,J!%#R4[)#!
+0""d!!Qi!!!P!#8m%(J3I$33H!!)d!!!*5!P2r5`%)!Vp,!!%#QCTE'80"#!!!@d
+!!!P,#8i%)3`%)3!-!!CcFf`b,QJ!!J!!$33I!!)d!!!*3!P)r5X%)JVp+`!%#Q0
+QEf`0"#)!!@m!!!P%#8Ip+J[p+J!H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9
+b8'&dD!Ep,3!!!J3@!!)%)`3N$33M!!0*!!)*9JQ!r5Rp+!3P#[dT!"JZBfpbC@0
+bC@`U+LSU!!!!!!!!N!!!ER9XE!(p+!!!"J3P!!2p*`3Q"#F+r5F!"!TVEf0X$33
+Q!!&Y!!!*@JPGr5B+r5B!"!TKE'PK"J3R!!2p*33S"#N+r58!"!TTER0S$33S!!)
+d!!!*B!PSr53%+JVp*!!%#Q0QEf`0"#S!!@m!!!PN#@Ip)`[p)`!d-!!BEh"PER0
+cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'"#N
+!!rdL"#[p)3Vp)J!%#R4[)#!0"#X!!Qi!!!PV#AS%,!3Y$33X!!)d!!!*F`Pkr5!
+%,JVp)!!%#QCTE'80"#i!!@d!!!Pf#AN%,``%,`!0!!GcFf`b-bjS!!)!!!d%,3!
+#0!!!#@X*FrdI"$!+r4m!"!TMCQpX$33`!!&[!!!*E`Pbr4i,r4i!(M!!$A0cE'C
+[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J'r5%!!!)%*!!#"$%%-Jd%-3!$53!##B%
+*UrdGr4`%-`Vp(3!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r4`!!!B%-`!
+$r4X%0!3e#[dE!!3+DfpME!d%0!!"E3!!#B8*L2dD#[dD!!3+B@aTB3B%03!$r4N
+%0J3h#[dC!!3+D@jcD!d%0J!#0!!!#BX*NrdB"$J+r4J!"!TMCQpX$33i!!&[!!!
+*M`Q5r4F,r4F!0$!!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%P
+ZBfaeC'9'EfaNCA*3BA4S"J3h!!2p&J3jr48+r4B!"!TdEb!J$33j!!*Z!!!*PJQ
+P"$S%1`d%1J!#0!!!#Ci*TId8"$`+r43!"!TQD@aP$33m!!&Y!!!*S3QN"$d-"$d
+!$!!'Fh0X-bjS!!)!!!d%1`!#0!!!#CB*R[d6"$i+r4-!"!TMCQpX$33q!!&[!!!
+*QJQGr4),r4)!(M!!$A0cE'C[E'4PFR"KG'J!$A0cE%C[E'4PFP"KG'J'r48!!!)
+%-J!#"$m%3!d%2`!$53!##D`*e[d4r4!%33Vp%3!B,Q0[FQ9MFQ9X+LSU+J!!!!!
+!!*!!!'jeE'`"r4!!!!B%33!$r3m%3J4$#[d2!!3+DfpME!d%3J!"E3!!#E!*Xrd
+1#[d1!!3+B@aTB3B%3`!$r3d%4!4&#[d0!!3+D@jcD!d%4!!#0!!!#EB*[[d-"%B
++r3`!"!TMCQpX$34'!!&[!!!*ZJQpr3X,r3X!0$!!''p`C@jcFfaTEQ0XG@4PCQp
+XC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*3BA4S"J4&!!2p#J4(r3N+r3S
+!"!TdEb!J$34(!!*Z!!!*`3R3"%J%53d%5!!#0!!!#FN*d2d)"%S+r3J!"!TQD@a
+P$34+!!&Y!!!*c!R2"%X-"%X!$!!'G'ac-5jS!!)!!!d%53!#0!!!#F%*bId("%`
++r3F!"!TMCQpX$34-!!&[!!!*a3R)r3B,r3B!(M!!$A0cE'C[E'4PFR"KG'J!$A0
+cE%C[E'4PFP"KG'J'r3N!!!)%3!!#"%d%6Jd%63!#E!!##GF*erd&r33"r38!!!(
+p"!!!!J41!!)%6`43$342!!0*!!)*e`S"r32p!J44#[d$!"JZBfpbC@0bC@`U+LS
+U!!!!!!!!N!!!ER9XE!(p!J!!"J44!!2p!345"&-+r3%!"!TVEf0X$345!!&Y!!!
+*f`RHr3!+r3!!"!TKE'PK"J46!!2mr`48"&8+r2m!"!TTER0S$348!!)d!!!*i3R
+Tr2i%9JVmrJ!%#Q0QEf`0"&B!!@m!!!RP#HMmr3[mr3!d-!!BEh"PER0cE'PZBfa
+eC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9NC8C[E'4PFP"KG'J'"&8!!rcm"&I
+mq`Vmr!!%#R4[)#!0"&F!!Qi!!!RX#IX%@!4C$34B!!)d!!!*p!Rlr2S%@JVmqJ!
+%#QCTE'80"&S!!@d!!!Rh#IS%@``%@`!1!!KMFRP`G'mZD!!#!!!0"&N!!M3!!!R
+X#I6mq34F#[cj!!3+BfC[E!d%A!!"E`!!#I!*mrci#rci!#3`!""MFRP`G'pQEfa
+NCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S"[cl!!!#"&!!!J4G"&i0"&d!!Q`!!JS
+##J,mprcf!Ich!!!"r2B!!!)%AJ!#"&m%B!d%A`!$53!##J)+,2cer23%B3Vmp3!
+B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r23!!!B%B3!$r2-%BJ4M#[cc!!3
++DfpME!d%BJ!"E3!!#JB+#Icb#[cb!!3+B@aTB3B%B`!$r2%%C!4P#[ca!!3+D@j
+cD!d%C!!#0!!!#J`+&2c`"'B+r2!!"!TMCQpX$34Q!!&[!!!+%!S6r1m,r1m!0$!
+!''p`C@jcFfaTEQ0XG@4PCQpXC'9bF'&dD!!BEh"PEP066%PZBfaeC'9'EfaNCA*
+3BA4S"J4P!!2mlJ4Rr1d+r1i!"!TdEb!J$34R!!*Z!!!+&`SQ"'J%D3d%D!!#0!!
+!#Km+*[cX"'S+r1`!"!TQD@aP$34U!!&Y!!!+)JSP"'X-"'X!%!!+Eh"PER0cE(B
+ZD!!#!!!0"'N!!M3!!!SA#Krmk`4X#[cV!!3+BfC[E!d%E!!"E`!!#KX+([cU#rc
+U!#3`!""MFRP`G'pQEfaNCA*`BA4S!""MFRP`G'p'EfaNCA*3BA4S"[cY!!!#"'!
+!!J4Y"'i0"'d!!dN!!JSY#PImkIcS"'m+r1N!'#jMEh*PBh*PE#SU+LS!!!!!!!#
+3!!"ZG@aX!IcS!!!'"'m!!rcR"(!%F3Vmj`!%#QY[Bf`0"(!!!@d!!!Sa#M6mjJV
+mjJ!%#Q&XD@%'"(%!!rcP"()%F`Vmj3!%#QPZFfJ0"()!!M3!!!Sh#Mrmj!4d#[c
+N!!3+BfC[E!d%G!!"E`!!#MX+2[cM#rcM!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4
+PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B%F`!$r1)%GIcK#[cL!!3
++G'mJ)!d%G3!#EJ!!#N)+834f"(F0"(B!!M3!!!T+#P(mi!4i#[cJ!!3+CQPXC3d
+%H!!"E3!!#Nd+8!4j$!4j!!i!#(4YC'PQCLjS!!)!!!d%G`!#0!!!#N)+5[cI"(S
++r0m!"!TMCQpX$34k!!&[!!!+4JT*r0i,r0i!*$!!%'0bHA"dEfC[E'4PFR"KG'J
+!%'0bHA"dEdC[E'4PFP"KG'J'r1%!!!)%EJ!#"(X%I!d%H`!#E!!##PJ+@2cGr0`
+"r0d!!!(mh!!!!J4m!!)%I34q$34p!!*X!!)+@!TBr0[mfJ(mf`!!!IcD!!!#"(i
+!!J4r")!0"(m!!dN!!JTB#S,mfIcB")%+r0N!'#jMEh*PBh*PE#SU+LS!!!!!!!#
+3!!"ZG@aX!IcB!!!'")%!!rcA"))%J`Vme`!%#QY[Bf`0"))!!@d!!!TF#PrmeJV
+meJ!%#Q&XD@%'")-!!rc9")3%K3Vme3!%#QPZFfJ0")3!!M3!!!TL#QVme!5'#[c
+8!!3+BfC[E!d%KJ!"E`!!#QB+DIc6#rc6!$3`!"K[F'9ZFh0XD@jME(9NC@C[E'4
+PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD!B%K3!$r0)%Krc4#[c5!!3
++G'mJ)!d%K`!#EJ!!#Qd+I!5)")N0")J!!M3!!!Te#Rcmd!5+#[c3!!3+CQPXC3d
+%LJ!"E3!!#RJ+H`5,$!5,!!`!"Q9IEh-ZD!!#!!!0")N!!M3!!!TY#RAmc`5-#[c
+2!!3+BfC[E!d%M!!"E`!!#R%+G2c1#rc1!#B`!"&[F'9ZFh0XCQpXC'9bF'&dD!!
+4Eh"PER0cE%C[E'4PFP"KG'J'r0%!!!)%J!!#")d%MJd%M3!$53!##S-+VIc0r-`
+%M`Vmc3!B,Q0[FQ9MFQ9X+LSU+J!!!!!!!*!!!'jeE'`"r-`!!!B%M`!$r-X%N!!
+%N3Vmb`!%#QY[Bf`0"*!!!!&Y!!!+K`U+r-S+r-S!"!TKE'PK"J54!!2mb355"*-
++r-N!"!TTER0S$355!!)d!!!+M3U9r-J%P!Vmb!!%#Q0QEf`0"*3!!@m!!!U4#T6
+ma`[ma`!d-!!BEh"PER0cE'PZBfaeC'9QEfaNCA*`BA4S!"K[F'9Z8e0-5@jME(9
+NC8C[E'4PFP"KG'J'"*-!!rc'"*Ama3VmaJ!%#R4[)#!0"*8!!Qi!!!UB#UF%PJ5
+A$35@!!)d!!!+S!URr-3%Q!Vma!!%#QCTE'80"*J!!@d!!!UM#UB%Q3`%Q3!0!!G
+PAfpc-LjS!!)!!!d%P`!#0!!!#TJ+S2c$"*S+r--!"!TMCQpX$35D!!&[!!!+R!U
+Ir-),r-)!*M!!%@p`C@jcFfaQEfaNCA*`BA4S!"&[F'9ZFh0X4QpXC'9b8'&dD!E
+ma3!!!J51!!)%Qrc"$35E!!*X!!)+VJUZr-$m[`(m`!!!!Ibr!!!#r-%!!!d!#3!
+"E3!!!!!!!3!I!Irq!!!#!!B!!J5F"*d0"*`!!Q`!!J!!!!$m[[bp!Ibq!!!"r,d
+!!!)%R3!#"*i%R`d%RJ!#E!!##V%+b!5Jr,`0"+!!!dN!!JUa#XMmZ`5K"+)+r,X
+!'#jcHA0[C'a[Cf&cDh)!!!!!!!!!!&4&@&30"+%!!@d!!!Ua#V3%S``%S`!'!!!
+!!J!!"J5L!!2mZJ5N"+8+r,S!"!TLG'jc$35N!!&+!!!+Y`Um"+B#"+B!!J5Rr,N
+0"+F!!@d!!!Uh#VS%U!`%U!!+!!4%EfjP!!)!!!,mZ3!!"J5P!!2mZ!5Tr,F+r,J
+!"!TRDACe$35T!!&Y!!!+[`V#r,B$r,B!"3EmY`!!!Ibm!!!#"*m!!J5Ur,80"+S
+!!Q`!!J!!!!$mY2bc!Ibd!!!"r,-!!!,mY3!!$J!#!!!2%!!$!",mXJ5V"+`%V35
+Z"+m%X!5a",)%X`5d",8%YJ5hr,(mX2b[r+i"r,)!!"!%U`!3r+hmV2bVr+VmUIb
+Sr+ImT[bPr+6mSrbLr+(mS2bIr*i+r+d!'#jKCACdEf&`F'jeE'`!!)!!!!#3!!!
+U+LSU#rbX!")`!!GdD'9`BA4S!!GdD'93BA4S#rbV!"``!!adD'9[E'4NC@aTEA-
+!$(4SC8pXC%4PE'PYF`[mUJ!J-!!1G'KPF(*[DQ9MG("KG'J!$R4SC9"bEfTPBh4
+3BA4S#rbT!"B`!!PdD'9YCA"KG'J!#A4SC8eP8'&dD![mU!!Q-!!4D@jME(9NC@C
+[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S#rbR!$3`!"K[F'9ZFh0XD@jME(9
+NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&dD![mTJ!N-!!3Bh*
+jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD![mT3!H-!!0Fh0XCQpXC'9
+bF'&dD!!0Fh0X4QpXC'9b8'&dD![mT!!Q-!!4Eh"PER0cE'C[E'4PFR"KG'J!%@p
+`C@jcFfa'EfaNCA*3BA4S#rbM!#i`!"9dD'9ZCAGQEfaNCA*bC@CPFQ9ZBf8!&A4
+SC8jPGdC[E'4PFP*PCQ9bC@jMC3[mSJ!8-!!)G'9YF("KG'J!#(4PEA"3BA4S!Ib
+K!!!"r+!!!!(mR`!!!IbH!!!1"+`!"a$mR35ir*cmQ`5j",VmQJVmR3!B,Q&PGR4
+[BA"`ER9XE!!!J!!!!*!!!#SU+LS0",J!!@X!!!!!#XJ%Z`)%Z`!#!!8%[!)%[!!
+#"*lmQ3,mQ3!!!IbF!!!#r*X!!"!%Z3!!%!5k!)B!(rbBr*ImP[b9r*6mNrb5!#c
+mNIb3!2b2r)lmMIb-!%rmL`"D!&[mLJ"Nr)N!EIb)r)ImKJ#2r)AmK2b$r),mJIb
+!r(rmI[apr(cmH`#Tr(VmHIair(F![Iaf!-ImG3$8!1)!l!$j!3-"%!%D!5F"-3%
+q!8J"93&I!@`"GJ'$!Bd"QJ'N!E%"Z`()!G)"h`(T!IB#!!)0!KF#*!)Z!MX#43*
+5!P`#D3*c!S!#LJ+A!U%#VJ+m!XB#d`,G!ZS#p!-"!`X$'!-L!bm$130'!e!$A30
+R!h3$IJ1,!jN$S`1`!lS$a`24!pi$l!2f"!-%%`3K"#m%234,"&X%D`4j")X%Q35
+Mr(3%U2acr(,mF3VmQ!!%#Q0[BQS+r*F!'#jPBA*cCQCNFQ&XDA-!!!!!!!!J!'&
+QC()+r*B!"!TMG(Kd#rb9!")`!!GdD'9`BA4S!!GdD'93BA4S#[b8!!3+BA0MFJV
+mN`!%#R4iC'`,r*)!($!!$(4SC@pXC'4PE'PYF`!-G'KP6faN4'9XD@ec#[b4!!3
++BfPdE32mN!$rr3[mM`!J-!!1G'KPF(*[DQ9MG("KG'J!$R4SC9"bEfTPBh43BA4
+S!rb1rri+r)d!"!T849K8#rb-!"B`!!PdD'9YCA"KG'J!#A4SC8eP8'&dD![mL`!
+Q-!!4D@jME(9NC@C[E'4PFR"KG'J!%@PZBfaeC'9'EfaNCA*3BA4S#rb+!$3`!"K
+[F'9ZFh0XD@jME(9NC@C[E'4PFR"KG'J!''p`C@j68da*EQ0XG@4P4QpXC'9b8'&
+dD![mL3!N-!!3Bh*jF(4[CQpXC'9bF'&dD!!3Bh*jF(4[4QpXC'9b8'&dD![mL!!
+H-!!0Fh0XCQpXC'9bF'&dD!!0Fh0X4QpXC'9b8'&dD![mK`!Q-!!4Eh"PER0cE'C
+[E'4PFR"KG'J!%@p`C@jcFfa'EfaNCA*3BA4S#[b'!!3+BfC[E!VmK3!B,QeTFf0
+cE'0d+LSU+J!!!!!!!*!!!#SU+LS+r)3!"!TcC@aP#[b$!"JZBfpbC@4PE'mU+LS
+U!!!!!!!!N!!!+LSU+J(mJJ!!![b"!!!+r)!!"!TVEf0X#[ar!!3+D@jcD!2mIJ!
+%#[ap!"JZBfpbC@0bC@`U+LSU!!!!!!!!N!!!ER9XE!VmI!!%#R*cE(3,r(X!,M!
+!&A4SC@jPGfC[E'4PFR*PCQ9bC@jMC3!9G'KP6Q9h4QpXC'9b8Q9QCA*PEQ0P#[a
+k!!3+F'jKE3VmH3!%#Q&XD@%+r(J!"!TdEb!J#[ah!!3+CQPXC32mGJ!'#rae!"3
+`!!KdC@e`F'&dD!!)G'9YF&"KG'J+r(3!"!TLG'jc#[ac!!3+CfPfG32mFJ!&#[a
+a!"JZFhPcEf4XEfGKFfYb!!!!!!!!!!"849K8%IbD#XRJ%JUYi1%TDJ`!!LrM*N9
+4e%r&jLa&edrSaHBX4Nr%@qPF@eTVA&VU-NAE6m4Ek9aE@QYF@Z`bl5C&hNr,lbA
+Y*N9J!""2bf%!%59K!")Pl5C&B!!66mYK!"3Pl5C&B!!96mYK!"BPl5C&B!!A6m[
+Y*N9J!"K2amAQ,%C2&!!L+Q%!'9m!%#pK!"PK!"S[DJ`!'dmUB3!F,'S-!"eA!!K
+B!"i!(fK2+Q%!)'%!'@%!)5TK!"PI!"![B3!L$!!M6em!*%9J!#92A`!PDJ`!'dp
+K!#BUB3!F,'%!*ba'6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"R1,f%!+Q%!+bp
+K!#`-!#02A`!9B3!Y*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,Lp
+K!#TK!#m[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3!
+`,f%!,!`!)dpI!"9K!$%P4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!
+Z,f%!+Q%!-LpK!#`-!#02A`!9B3!c*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!
+T+Q%!'9m!,LpK!#TK!$3[B3!X$!!M6em!&@%!059&B!!Z6bTK!#"K!#KK!#%UB3!
+CA`!6,f%!+5TK!"PI!#i[B3!UB3!f,f%!,!`!)dpI!"9K!$FP4@!!,NmUB3!JB3!
+SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!1#pK!#`-!#02A`!9B3!j*89J!#j
+2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!$S[B3!X$!!M6em!&@%
+!1b9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3!m,f%!,!`
+!)dpI!"9K!$dP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%
+!2LpK!#`-!#02A`!9B3!r*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m
+!,LpK!#TK!%![B3!X$!!M6em!&@%!359&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%
+!+5TK!"PI!#i[B3!UB3"#,f%!,!`!)dpI!"9K!%-P4@!!,NmUB3!JB3!SB3!K+Q%
+!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!4#pK!#`-!#02A`!9B3"&*89J!#j2+Q%!)'%
+!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!%B[B3!X$!!M6em!&@%!4b9&B!!
+Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"),f%!,!`!)dpI!"9
+K!%NP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!5LpK!#`
+-!#02A`!9B3",*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#T
+K!%`[B3!X$!!M6em!&@%!659&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"P
+I!#i[B3!UB3"1,f%!,!`!)dpI!"9K!%mP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bp
+K!#NUB3!CA`!Z,f%!+Q%!8#pK!#`-!#02A`!9B3"4*89J!#j2+Q%!)'%!+'%!)5T
+K!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!&)[B3!X$!!M6em!&@%!8b9&B!!Z6bTK!#"
+K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"8,f%!,!`!)dpI!"9K!&8P4@!
+!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!9LpK!#`-!#02A`!
+9B3"A*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!&J[B3!
+X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"C,f%!,!`!)dp
+I!"9K!&SP4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!@bp
+K!#`-!#02A`!9B3"F*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,Lp
+K!#TK!&d[B3!X$!!M6em!&@%!AL9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5T
+K!"PI!#i[B3!UB3"I,f%!,!`!)dpI!"9K!'!P4@!!,NmUB3!JB3!SB3!K+Q%!'9m
+!%bpK!#NUB3!CA`!Z,f%!+Q%!B5pK!#`-!#02A`!9B3"L*89J!#j2+Q%!)'%!+'%
+!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!'-[B3!X$!!M6em!&@%!C#9&B!!Z6bT
+K!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"P,f%!,!`!)dpI!"9K!'B
+P4@!!,NmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!CbpK!#`-!#0
+2A`!9B3"S*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!,LpK!#TK!'N
+[B3!X$!!M6em!&@%!DL9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!#i
+[B3!UB3"V,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%
+!E#pK!#`-!#02A`!9B3"Y*89J!#j2+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m
+!,LpK!#TK!'i[B3!X$!!M6em!&@%!Eb9&B!!Z6bTK!#"K!#KK!#%UB3!CA`!6,f%
+!+5TK!"PI!#i[B3!UB3"`,f%!,!`!)dpI!"9K!(%P4@!!,NmUB3!JB3!SB3!K+Q%
+!'9m!%bpK!#NUB3!CA`!Z,f%!+Q%!FLpK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-
+[B3!T+Q%!'9m!,LpK!#TK!(-[B3!X$!!M6em!&@%!G#9&B!!Z6bTK!#"K!#KK!#%
+UB3!CA`!6,f%!+5TK!"PI!#i[B3!UB3"e,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m
+!%bpK!#NUB3!CA`!A,f%!+Q%!GLpK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-[B3!
+T+Q%!'9m!&bpK!#TK!(F[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"P
+I!"F[B3!UB3"i,f%!,!`!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!A,f%
+!+Q%!H5pK!#`-!#02+Q%!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!&bpK!#TK!(S
+[B3!X$!!M6bTK!#"K!#KK!#%UB3!CA`!6,f%!+5TK!"PI!"8[B3!UB3"l,f%!,!`
+!)dmUB3!JB3!SB3!K+Q%!'9m!%bpK!#NUB3!CA`!9,f%!+Q%!I#pK!#`-!#02+Q%
+!)'%!+'%!)5TK!"PI!"-[B3!T+Q%!'9m!&5pK!#TK!(d[B3!X$!!M6bTK!#"K!#K
+K!#%UB3!CA`!6,f%!+5TK!"PI!"J[B3!UB3"q,f%!,!`!)dmUB3!JB3!SB3!K+Q%
+!'9m!%bpK!#NUB3!CA`!B,f%!+Q%!IbpK!#`-!#028&92B3#!B3#"B3##DhCK!)0
+K!)4K!#)-!)82$!5Y!&%!5deKBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0
+[E@PZCcT[F'9ZFh0X,90139!Y-6Nj16%b-6%k6@&M6e-kE@YXD@jVFbjKF`!#!!!
+1"+i!!J6mF!5p!ra`!!%1",d!!3!%[J`%[J!'!!!!!J!!$J5[!!)%r'm%[`2mE`!
+%$J5r!!3!"-!%`36#"---"-!!%J!-6@&MD@jdEh0S)%K%!!)!!!`%`3!8!!j%CA0
+VG'p`)%C[E'4PFJ!#!!!-"-)!$J!)5@jMEfeTEQF!!J!!$!6$!"X!&@p`C@jcFf`
+Y8dj"8#da16Nj-6)a-3!#!!!-",!!4J"!6@&MD@jdEh0S)%K%1N4PFfYdEh!J4Qp
+XC'9b1NPZBfpYD@jR1Qp`C@jcFf`Y8dj"8#da16Nj-6)a-6T0B@028`!#!!!-",%
+!5!"#6@&MD@jdEh0S)%K%1N4PFfYdEh!J4QpXC'9b1NPZBfpYD@jR1Qp`C@jcFf`
+Y8dj"8#da16Nj-6)a-6TTEQ0XG@4P!!)!!!`%XJ"3!%T0B@0TER4[FfJJ5%3k4'9
+cDh4[F#"'EfaNCA)k5@jMEfeTEQFkEh"PER0cE#e66N&3,6%j16Na-M%a1QPZBfa
+eC'8kEh"PER0cE!!#!!!-",-!4`""6@&MD@jdEh0S)%K%1N4PFfYdEh!J4QpXC'9
+b1NPZBfpYD@jR1Qp`C@jcFf`Y8dj"8#da16Nj-6)a-6TMFRP`G'm!!J!!$!5d!%3
+!2NeKBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0[E@PZCcT[F'9ZFh0X,90
+139!Y-6Nj16%b-6%kFh0X!!)!!!`%Y3"!!$T0B@0TER4[FfJJ5%3k4'9cDh4[F#"
+'EfaNCA)k5@jMEfeTEQFkEh"PER0cE#e66N&3,6%j16Na-M%a!!)!!!i%YJ!"&!6
+%$J6%!!-B"-AmEJ6'$J6&!!-B"-ImE36)$J6(!!-B"-RmE!6+$J6*!!-B!"rmD`6
+,#[aV!!3+BfC[E!`%b`!1!!K*EQ0[E@PZC`!#!!!+r'`!"!TMCQpX$!6+!"X!&@p
+`C@jcFf`Y8dj"8#da16Nj-6)a-3!#!!!+r'd!"!TMCQpX$!6)!!d!"fPZBfaeC'8
+!!J!!#[aZ!!3+BfC[E!`%aJ!9!!peER4TG'aPC#"QEfaNCA)!!J!!$!5h!%i!5%e
+KBfPZG'pcD#")4$T%CA0VG'p`)%C[E'4PFMT*EQ0[E@PZCcT[F'9ZFh0X,90139!
+Y-6Nj16%b-6%kBh*jF(4[1RJe-$Pf-`!#!!!"r,%!!!(mX!!!!Ib[!!!"r+i!!'&
+cBh)!!3!-qYlHV3!!!3!!!*G#!!#@3J!!!AB!!$-8-0J!!!!F!AB!$h0MFhS!!!#
+#6Np853!!!)jcBh"d!!!!QP4&@&3!!3#QFh4jE!!!!,j$6d4&!!%!bN*14%`!!!$
+LBA"XG!!!!1j'8N9'!!!!qNP$6L-!!!%'D@0X0!!!!4*TBh-M!!!"(QPMFc3!!!%
+UD'CNFJ!!!6C659T&!!!"3PG3Eh-!!!&1!!$rr`!!!!!!!!!!!)$rre!!!"i!!!!
+!!)$rr`!!"cJ#DH#m"'Mrr`!!!*S!!!!!%iRrr`!!"Pi!!!!!"'Mrr`!!!53!!!!
+!!!$rrb!!!9)!!!!!!!(rra3!!@i#DG`%!)$rr`!!!Pi#DH"X!!$rr`!!!Ri!!!!
+!!)$rr`!!!S-#DH"d!*Err`!!!Si!!!!!!*Err`!!!j)!!!!!!*Err`!!"CB#DH%
+i!*Err`!!"GS#DH%dkF$rr`!!"[`!!!!!rrrrr`!!"a)!!!!!!)$rr`!!"b!!!!!
+!*4S:
diff --git a/MacOS/opensslconf.h b/MacOS/opensslconf.h
new file mode 100644
index 0000000000..ad557cc06a
--- /dev/null
+++ b/MacOS/opensslconf.h
@@ -0,0 +1,116 @@
+/* MacOS/opensslconf.h */
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define OPENSSLDIR "/usr/local/ssl"
+#endif
+#endif
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned char
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#define RC4_CHUNK unsigned long
+#endif
+#endif
+
+#if defined(HEADER_DES_H) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#if __option(longlong)
+#  define BN_LLONG
+#else
+#  undef BN_LLONG
+#endif
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#define BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#define DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#define DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#define DES_UNROLL
+#endif
+
+#endif /* HEADER_DES_LOCL_H */
+
+#ifndef __POWERPC__
+#define MD32_XARRAY
+#endif
diff --git a/Makefile.org b/Makefile.org
new file mode 100644
index 0000000000..5954940fed
--- /dev/null
+++ b/Makefile.org
@@ -0,0 +1,565 @@
+##
+## Makefile for OpenSSL
+##
+
+VERSION=
+MAJOR=
+MINOR=
+SHLIB_VERSION_NUMBER=
+SHLIB_VERSION_HISTORY=
+SHLIB_MAJOR=
+SHLIB_MINOR=
+SHLIB_EXT=
+PLATFORM=dist
+OPTIONS=
+CONFIGURE_ARGS=
+SHLIB_TARGET=
+
+# INSTALL_PREFIX is for package builders so that they can configure
+# for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
+# Normally it is left empty.
+INSTALL_PREFIX=
+INSTALLTOP=/usr/local/ssl
+
+# Do not edit this manually. Use Configure --openssldir=DIR do change this!
+OPENSSLDIR=/usr/local/ssl
+
+# NO_IDEA - Define to build without the IDEA algorithm
+# NO_RC4  - Define to build without the RC4 algorithm
+# NO_RC2  - Define to build without the RC2 algorithm
+# THREADS - Define when building with threads, you will probably also need any
+#           system defines as well, i.e. _REENTERANT for Solaris 2.[34]
+# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
+# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
+# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
+# DEVRANDOM - Give this the value of the 'random device' if your OS supports
+#           one.  32 bytes will be read from this when the random
+#           number generator is initalised.
+# SSL_FORBID_ENULL - define if you want the server to be not able to use the
+#           NULL encryption ciphers.
+#
+# LOCK_DEBUG - turns on lots of lock debug output :-)
+# REF_CHECK - turn on some xyz_free() assertions.
+# REF_PRINT - prints some stuff on structure free.
+# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
+# MFUNC - Make all Malloc/Free/Realloc calls call
+#       CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
+#       call application defined callbacks via CRYPTO_set_mem_functions()
+# MD5_ASM needs to be defined to use the x86 assembler for MD5
+# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
+# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
+# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8.  It must
+# equal 4.
+# PKCS1_CHECK - pkcs1 tests.
+
+CC= gcc
+#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+CFLAG= -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+DEPFLAG= 
+PEX_LIBS= 
+EX_LIBS= 
+EXE_EXT= 
+ARFLAGS=
+AR=ar $(ARFLAGS) r
+RANLIB= ranlib
+PERL= perl
+TAR= tar
+TARFLAGS= --no-recursion
+MAKEDEPPROG=makedepend
+
+# Set BN_ASM to bn_asm.o if you want to use the C version
+BN_ASM= bn_asm.o
+#BN_ASM= bn_asm.o
+#BN_ASM= asm/bn86-elf.o	# elf, linux-elf
+#BN_ASM= asm/bn86-sol.o # solaris
+#BN_ASM= asm/bn86-out.o # a.out, FreeBSD
+#BN_ASM= asm/bn86bsdi.o # bsdi
+#BN_ASM= asm/alpha.o    # DEC Alpha
+#BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC
+#BN_ASM= asm/r3000.o    # SGI MIPS cpu
+#BN_ASM= asm/sparc.o    # Sun solaris/SunOS
+#BN_ASM= asm/bn-win32.o # Windows 95/NT
+#BN_ASM= asm/x86w16.o   # 16 bit code for Windows 3.1/DOS
+#BN_ASM= asm/x86w32.o   # 32 bit code for Windows 3.1
+
+# For x86 assembler: Set PROCESSOR to 386 if you want to support
+# the 80386.
+PROCESSOR=
+
+# Set DES_ENC to des_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+DES_ENC= asm/dx86-out.o asm/yx86-out.o
+#DES_ENC= des_enc.o fcrypt_b.o          # C
+#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
+#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
+#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD
+#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi
+
+# Set BF_ENC to bf_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+BF_ENC= asm/bx86-out.o
+#BF_ENC= bf_enc.o
+#BF_ENC= asm/bx86-elf.o # elf
+#BF_ENC= asm/bx86-sol.o # solaris
+#BF_ENC= asm/bx86-out.o # a.out, FreeBSD
+#BF_ENC= asm/bx86bsdi.o # bsdi
+
+# Set CAST_ENC to c_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+CAST_ENC= asm/cx86-out.o
+#CAST_ENC= c_enc.o
+#CAST_ENC= asm/cx86-elf.o # elf
+#CAST_ENC= asm/cx86-sol.o # solaris
+#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD
+#CAST_ENC= asm/cx86bsdi.o # bsdi
+
+# Set RC4_ENC to rc4_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+RC4_ENC= asm/rx86-out.o
+#RC4_ENC= rc4_enc.o
+#RC4_ENC= asm/rx86-elf.o # elf
+#RC4_ENC= asm/rx86-sol.o # solaris
+#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD
+#RC4_ENC= asm/rx86bsdi.o # bsdi
+
+# Set RC5_ENC to rc5_enc.o if you want to use the C version
+#There are 4 x86 assember options.
+RC5_ENC= asm/r586-out.o
+#RC5_ENC= rc5_enc.o
+#RC5_ENC= asm/r586-elf.o # elf
+#RC5_ENC= asm/r586-sol.o # solaris
+#RC5_ENC= asm/r586-out.o # a.out, FreeBSD
+#RC5_ENC= asm/r586bsdi.o # bsdi
+
+# Also need MD5_ASM defined
+MD5_ASM_OBJ= asm/mx86-out.o
+#MD5_ASM_OBJ= asm/mx86-elf.o        # elf
+#MD5_ASM_OBJ= asm/mx86-sol.o        # solaris
+#MD5_ASM_OBJ= asm/mx86-out.o        # a.out, FreeBSD
+#MD5_ASM_OBJ= asm/mx86bsdi.o        # bsdi
+
+# Also need SHA1_ASM defined
+SHA1_ASM_OBJ= asm/sx86-out.o
+#SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
+#SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
+#SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
+#SHA1_ASM_OBJ= asm/sx86bsdi.o       # bsdi
+
+# Also need RMD160_ASM defined
+RMD160_ASM_OBJ= asm/rm86-out.o
+#RMD160_ASM_OBJ= asm/rm86-elf.o       # elf
+#RMD160_ASM_OBJ= asm/rm86-sol.o       # solaris
+#RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
+#RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
+
+# KRB5 stuff
+KRB5_INCLUDES=
+LIBKRB5=
+
+DIRS=   crypto ssl engines apps test tools
+SHLIBDIRS= crypto ssl
+
+# dirs in crypto to build
+SDIRS=  \
+	md2 md4 md5 sha mdc2 hmac ripemd \
+	des rc2 rc4 rc5 idea bf cast \
+	bn ec rsa dsa ecdsa dh ecdh dso engine aes \
+	buffer bio stack lhash rand err objects \
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
+
+# tests to perform.  "alltests" is a special word indicating that all tests
+# should be performed.
+TESTS = alltests
+
+MAKEFILE= Makefile.ssl
+NEWMAKE=  make
+MAKE=     $(NEWMAKE) -f Makefile.ssl
+
+MANDIR=$(OPENSSLDIR)/man
+MAN1=1
+MAN3=3
+SHELL=/bin/sh
+
+TOP=    .
+ONEDIRS=out tmp
+EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep VMS
+WDIRS=  windows
+LIBS=   libcrypto.a libssl.a
+SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
+SHARED_SSL=libssl$(SHLIB_EXT)
+SHARED_LIBS=
+SHARED_LIBS_LINK_EXTS=
+SHARED_LDFLAGS=
+
+GENERAL=        Makefile
+BASENAME=       openssl
+NAME=           $(BASENAME)-$(VERSION)
+TARFILE=        $(NAME).tar
+WTARFILE=       $(NAME)-win.tar
+EXHEADER=       e_os2.h
+HEADER=         e_os.h
+
+all: Makefile.ssl build_all openssl.pc
+
+BUILD_CMD=if echo " $(DIRS) " | grep " $$i " >/dev/null 2>/dev/null; then \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making all in $$i..." && \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+	else \
+		$(MAKE) $$i; \
+	fi; fi
+
+sub_all: build_all
+build_all: build_libs build_apps build_tests build_tools
+
+build_libs: build_crypto build_ssl build_engines
+
+build_crypto:
+	@i=crypto; $(BUILD_CMD)
+build_ssl:
+	@i=ssl; $(BUILD_CMD)
+build_engines:
+	@i=engines; $(BUILD_CMD)
+build_apps:
+	@i=apps; $(BUILD_CMD)
+build_tests:
+	@i=test; $(BUILD_CMD)
+build_tools:
+	@i=tools; $(BUILD_CMD)
+
+libcrypto$(SHLIB_EXT): libcrypto.a
+	@if [ "$(SHLIB_TARGET)" != "" ]; then \
+		$(MAKE) SHLIBDIRS=crypto build-shared; \
+	else \
+		echo "There's no support for shared libraries on this platform" >&2; \
+	fi
+
+libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
+	@if [ "$(SHLIB_TARGET)" != "" ]; then \
+		$(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
+	else \
+		echo "There's no support for shared libraries on this platform" >&2; \
+	fi
+
+clean-shared:
+	@for i in $(SHLIBDIRS); do \
+		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
+			for j in $${tmp:-x}; do \
+				( set -x; rm -f lib$$i$$j ); \
+			done; \
+		fi; \
+		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
+		if [ "$(PLATFORM)" = "Cygwin" ]; then \
+			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
+		fi; \
+	done
+
+link-shared:
+	@ for i in ${SHLIBDIRS}; do \
+		$(NEWMAKE) -f Makefile.shared \
+			LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
+			symlink.$(SHLIB_TARGET); \
+		libs="$$libs -l$$i"; \
+	done
+
+build-shared: do_$(SHLIB_TARGET) link-shared
+
+do_$(SHLIB_TARGET):
+	@ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+		$(NEWMAKE) -f Makefile.shared \
+			CC="$(CC)" LDFLAGS="$(LDFLAGS)" \
+			SHARED_LDFLAGS="$(SHARED_LDFLAGS)" \
+			LIBNAME=$$i LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+			LIBCOMPATVERSIONS=";${SHLIB_VERSION_HISTORY}" \
+			LIBDEPS="$$libs $(EX_LIBS)" \
+			link_a.$(SHLIB_TARGET); \
+		libs="$$libs -l$$i"; \
+	done
+
+openssl.pc:
+	@ ( echo 'prefix=$(INSTALLTOP)'; \
+	    echo 'exec_prefix=$${prefix}'; \
+	    echo 'libdir=$${exec_prefix}/lib'; \
+	    echo 'includedir=$${prefix}/include'; \
+	    echo ''; \
+	    echo 'Name: OpenSSL'; \
+	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+	    echo 'Version: '$(VERSION); \
+	    echo 'Requires: '; \
+	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+	    echo 'Cflags: -I$${includedir}' ) > openssl.pc
+
+Makefile.ssl: Makefile.org
+	@echo "Makefile.ssl is older than Makefile.org."
+	@echo "Reconfigure the source tree (via './config' or 'perl Configure'), please."
+	@false
+
+libclean:
+	rm -f *.so *.so.* engines/*.so *.a */lib */*/lib
+
+clean:
+	rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
+	@for i in $(DIRS) ;\
+	do \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making clean in $$i..." && \
+		$(MAKE) SDIRS='${SDIRS}' clean ) || exit 1; \
+		rm -f $(LIBS); \
+	fi; \
+	done;
+	rm -f openssl.pc
+	rm -f *.a *.o speed.* *.map *.so .pure core
+	rm -f $(TARFILE)
+	@for i in $(ONEDIRS) ;\
+	do \
+	rm -fr $$i/*; \
+	done
+
+makefile.one: files
+	$(PERL) util/mk1mf.pl >makefile.one; \
+	sh util/do_ms.sh
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
+	@for i in $(DIRS) ;\
+	do \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making 'files' in $$i..." && \
+		$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' files ) || exit 1; \
+	fi; \
+	done;
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mkdir-p.pl include/openssl
+	@$(PERL) $(TOP)/util/mklink.pl include/openssl $(EXHEADER)
+	@for i in $(DIRS); do \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making links in $$i..." && \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PERL='${PERL}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' links ) || exit 1; \
+	fi; \
+	done;
+
+gentests:
+	@(cd test && echo "generating dummy tests (if needed)..." && \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
+
+dclean:
+	rm -f *.bak
+	@for i in $(DIRS) ;\
+	do \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making dclean in $$i..." && \
+		$(MAKE) SDIRS='${SDIRS}' PERL='${PERL}' dclean ) || exit 1; \
+	fi; \
+	done;
+
+rehash: rehash.time
+rehash.time: certs
+	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
+		export OPENSSL OPENSSL_DEBUG_MEMORY; \
+		LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+		elif [ "$(PLATFORM)" != "Cygwin" ];  then PATH="`pwd`:$$PATH"; fi; \
+		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+		$(PERL) tools/c_rehash certs)
+	touch rehash.time
+
+test:   tests
+
+tests: rehash
+	@(cd test && echo "testing..." && \
+	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+	@LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+		elif [ "$(PLATFORM)" != "Cygwin" ];  then PATH="`pwd`:$$PATH"; fi; \
+		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+		apps/openssl version -a
+
+report:
+	@$(PERL) util/selftest.pl
+
+depend:
+	@for i in $(DIRS) ;\
+	do \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making dependencies $$i..." && \
+		$(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' MAKEDEPPROG='${MAKEDEPPROG}' KRB5_INCLUDES='${KRB5_INCLUDES}' PERL='${PERL}' depend ) || exit 1; \
+	fi; \
+	done;
+
+lint:
+	@for i in $(DIRS) ;\
+	do \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making lint $$i..." && \
+		$(MAKE) SDIRS='${SDIRS}' lint ) || exit 1; \
+	fi; \
+	done;
+
+tags:
+	@for i in $(DIRS) ;\
+	do \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making tags $$i..." && \
+		$(MAKE) SDIRS='${SDIRS}' tags ) || exit 1; \
+	fi; \
+	done;
+
+errors:
+	$(PERL) util/mkerr.pl -recurse -write
+	(cd engines; $(MAKE) PERL=$(PERL) errors)
+
+stacks:
+	$(PERL) util/mkstack.pl -write
+
+util/libeay.num::
+	$(PERL) util/mkdef.pl crypto update
+
+util/ssleay.num::
+	$(PERL) util/mkdef.pl ssl update
+
+crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
+	$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
+	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+
+TABLE: Configure
+	(echo 'Output of `Configure TABLE'"':"; \
+	$(PERL) Configure TABLE) > TABLE
+
+update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
+
+# Build distribution tar-file. As the list of files returned by "find" is
+# pretty long, on several platforms a "too many arguments" error or similar
+# would occur. Therefore the list of files is temporarily stored into a file
+# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
+# tar does not support the --files-from option.
+tar:
+	find . -type d -print | xargs chmod 755
+	find . -type f -print | xargs chmod a+r
+	find . -type f -perm -0100 -print | xargs chmod a+x
+	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
+	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
+	tardy --user_number=0  --user_name=openssl \
+	      --group_number=0 --group_name=openssl \
+	      --prefix=openssl-$(VERSION) - |\
+	gzip --best >../$(TARFILE).gz; \
+	rm -f ../$(TARFILE).list; \
+	ls -l ../$(TARFILE).gz
+
+tar-snap:
+	@$(TAR) $(TARFLAGS) -cvf - \
+		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
+	tardy --user_number=0  --user_name=openssl \
+	      --group_number=0 --group_name=openssl \
+	      --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
+	ls -l ../$(TARFILE)
+
+dist:   
+	$(PERL) Configure dist
+	@$(MAKE) dist_pem_h
+	@$(MAKE) SDIRS='${SDIRS}' clean
+	@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
+
+dist_pem_h:
+	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
+
+install: all install_docs
+	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkginfo \
+		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/engines \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/private \
+		$(INSTALL_PREFIX)$(OPENSSLDIR)/lib
+	@for i in $(EXHEADER) ;\
+	do \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+	@for i in $(DIRS) ;\
+	do \
+	if [ -d "$$i" ]; then \
+		(cd $$i; echo "installing $$i..."; \
+		$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' RANLIB='${RANLIB}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' install ); \
+	fi; \
+	done
+	@for i in $(LIBS) ;\
+	do \
+		if [ -f "$$i" ]; then \
+		(       echo installing $$i; \
+			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+			mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+		fi; \
+	done;
+	@if [ -n "$(SHARED_LIBS)" ]; then \
+		tmp="$(SHARED_LIBS)"; \
+		for i in $${tmp:-x}; \
+		do \
+			if [ -f "$$i" -o -f "$$i.a" ]; then \
+			(       echo installing $$i; \
+				if [ "$(PLATFORM)" != "Cygwin" ]; then \
+					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+					mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+				else \
+					c=`echo $$i | sed 's/^lib/cyg/'`; \
+					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+					mv $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+					mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+				fi ); \
+			fi; \
+		done; \
+		(	here="`pwd`"; \
+			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+			$(NEWMAKE) -f $$here/Makefile link-shared ); \
+	fi
+	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkginfo
+
+install_docs:
+	@$(PERL) $(TOP)/util/mkdir-p.pl \
+		$(INSTALL_PREFIX)$(MANDIR)/man1 \
+		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+		$(INSTALL_PREFIX)$(MANDIR)/man7
+	@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
+	for i in doc/apps/*.pod; do \
+		fn=`basename $$i .pod`; \
+		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
+		echo "installing man$$sec/$$fn.$$sec"; \
+		(cd `$(PERL) util/dirname.pl $$i`; \
+		sh -c "$$pod2man \
+			--section=$$sec --center=OpenSSL \
+			--release=$(VERSION) `basename $$i`") \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
+		$(PERL) util/extract-names.pl < $$i | grep -v "^$$fn" | \
+			while read n; do \
+				util/point.sh $$fn.$$sec $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$n.$$sec; \
+			done; \
+	done; \
+	for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+		fn=`basename $$i .pod`; \
+		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
+		echo "installing man$$sec/$$fn.$$sec"; \
+		(cd `$(PERL) util/dirname.pl $$i`; \
+		sh -c "$$pod2man \
+			--section=$$sec --center=OpenSSL \
+			--release=$(VERSION) `basename $$i`") \
+			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$$sec; \
+		$(PERL) util/extract-names.pl < $$i | grep -v "^$$fn" | \
+			while read n; do \
+				util/point.sh $$fn.$$sec $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$n.$$sec; \
+			done; \
+	done
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/Makefile.shared b/Makefile.shared
new file mode 100644
index 0000000000..dd7bf8dbc7
--- /dev/null
+++ b/Makefile.shared
@@ -0,0 +1,584 @@
+#
+# Helper makefile to link shared libraries in a portable way.
+# This is much simpler than libtool, and hopefully not too error-prone.
+#
+# The following variables need to be set on the command line to build
+# properly
+
+# CC contains the current compiler.  This one MUST be defined
+CC=cc
+# LDFLAGS contains flags to be used when the temporary object file is
+# created.  SHARED_LDFLAGS contains flags to be used when the shared
+# library is created.
+LDFLAGS=
+SHARED_LDFLAGS=
+
+# LIBNAME contains just the name of thhe library, without prefix ("lib"
+# on Unix, "cyg" for certain forms under Cygwin...) or suffix (.a, .so,
+# .dll, ...).  This one MUST have a value when using this makefile.
+# For example, to build libfoo.so, you need to do the following:
+#LIBNAME=foo
+LIBNAME=
+
+# LIBEXTRAS contains extra modules to link together with the library.
+# For example, if a second library, say libbar.a needs to be linked into
+# libfoo.so, you need to do the following:
+#LIBEXTRAS=libbar.a
+# Note that this MUST be used when using the link_o targets, to hold the
+# names of all object files that go into the target library.
+LIBEXTRAS=
+
+# LIBVERSION contains the current version of the library.
+# For example, to build libfoo.so.1.2, you need to do the following:
+#LIBVERSION=1.2
+LIBVERSION=
+
+# LIBCOMPATVERSIONS contains the compatibility versions (a list) of
+# the library.  They MUST be in decreasing order.
+# For example, if libfoo.so.1.2.1 is backward compatible with libfoo.so.1.2
+# and libfoo.so.1, you need to do the following:
+#LIBCOMPATVERSIONS=1.2 1
+# Note that on systems that use sonames, the last number will appear as
+# part of it.
+# It's also possible, for systems that support it (Tru64, for example),
+# to add extra compatibility info with more precision, by adding a second
+# list of versions, separated from the first with a semicolon, like this:
+#LIBCOMPATVERSIONS=1.2 1;1.2.0 1.1.2 1.1.1 1.1.0 1.0.0
+LIBCOMPATVERSIONS=
+
+# LIBDEPS contains all the flags necessary to cover all necessary
+# dependencies to other libraries.
+LIBDEPS=
+
+#------------------------------------------------------------------------------
+# The rest is private to this makefile.
+
+#DEBUG=:
+DEBUG=set -x
+
+top:
+	echo "Trying to use this makefile interactively?  Don't."
+
+CALC_VERSIONS=	\
+	SHLIB_COMPAT=; SHLIB_SOVER=; \
+	if [ -n "$(LIBVERSION)$(LIBCOMPATVERSIONS)" ]; then \
+		prev=""; \
+		for v in `echo "$(LIBVERSION) $(LIBCOMPATVERSIONS)" | cut -d';' -f1`; do \
+			SHLIB_SOVER_NODOT=$$v \
+			SHLIB_SOVER=.$$v; \
+			if [ -n "$$prev" ]; then \
+				SHLIB_COMPAT="$$SHLIB_COMPAT .$$prev"; \
+			fi; \
+			prev=$$v; \
+		done; \
+	fi
+
+LINK_SO=	\
+  ( $(DEBUG); \
+    nm -Pg $$SHOBJECTS | grep ' [BDT] ' | cut -f1 -d' ' > lib$(LIBNAME).exp; \
+    $$SHAREDCMD $(SHARED_LDFLAGS) $$SHAREDFLAGS -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+	$$ALLSYMSFLAGS $$SHOBJECTS $$NOALLSYMSFLAGS $$LIBDEPS ) && \
+  $(SYMLINK_SO); ( $(DEBUG); rm -f lib$(LIBNAME).exp )
+SYMLINK_SO=	\
+	if [ -n "$$INHIBIT_SYMLINKS" ]; then :; else \
+		prev=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
+		if [ -n "$$SHLIB_COMPAT" ]; then \
+			for x in $$SHLIB_COMPAT; do \
+				( $(DEBUG); rm -f $$SHLIB$$x$$SHLIB_SUFFIX; \
+				  ln -s $$prev $$SHLIB$$x$$SHLIB_SUFFIX ); \
+				prev=$$SHLIB$$x$$SHLIB_SUFFIX; \
+			done; \
+		fi; \
+		if [ -n "$$SHLIB_SOVER" ]; then \
+			( $(DEBUG); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+		fi; \
+	fi
+
+LINK_SO_A=	SHOBJECTS="lib$(LIBNAME).a $(LIBEXTRAS)"; $(LINK_SO)
+LINK_SO_O=	SHOBJECTS="$(LIBEXTRAS)"; $(LINK_SO)
+LINK_SO_A_VIA_O=	\
+  SHOBJECTS=lib$(LIBNAME).o ALL=$$ALLSYMSFLAGS ALLSYMSFLAGS= NOALLSYMSFLAGS=; \
+  ( $(DEBUG); \
+    ld $(LDFLAGS) -r -o lib$(LIBNAME).o $$ALL lib$(LIBNAME).a $(LIBEXTRAS) ); \
+  $(LINK_SO) && rm -f $(LIBNAME).o
+LINK_SO_A_UNPACKED=	\
+  UNPACKDIR=link_tmp.$$$$; rm -rf $$UNPACKDIR; mkdir $$UNPACKDIR; \
+  (cd $$UNPACKDIR; ar x ../lib$(LIBNAME).a) && cp $(LIBEXTRAS) $$UNPACKDIR && \
+  SHOBJECTS=$$UNPACKDIR/*.o; \
+  $(LINK_SO) && rm -rf $$UNPACKDIR
+
+DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
+	my_ld=`${CC} -print-prog-name=ld 2>&1` && \
+	[ -n "$$my_ld" ] && \
+	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
+DO_GNU=$(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME).so \
+	SHLIB_SUFFIX= \
+	LIBDEPS="$(LIBDEPS) -lc" \
+	ALLSYMSFLAGS='-Wl,--whole-archive' \
+	NOALLSYMSFLAGS='-Wl,--no-whole-archive' \
+	SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" \
+	SHAREDCMD='$(CC)'
+
+link_o.gnu:
+	@ $(DO_GNU); $(LINK_SO_O)
+link_a.gnu:
+	@ $(DO_GNU); $(LINK_SO_A)
+
+# For Darwin AKA Mac OS/X (dyld)
+link_o.darwin:
+	@ $(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME) \
+	SHLIB_SUFFIX=.dylib \
+	LIBDEPS="$(LIBDEPS) -lc" \
+	ALLSYMSFLAGS='-all_load' \
+	NOALLSYMSFLAGS='' \
+	SHAREDFLAGS="-dynamiclib" \
+	SHAREDCMD='$(CC)'; \
+	if [ -n "$(LIBVERSION)" ]; then \
+		SHAREDFLAGS="$SHAREDFLAGS -current_version $(LIBVERSION)"; \
+	fi; \
+	if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
+		SHAREDFLAGS="$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
+	fi; \
+	$(LINK_SO_O)
+link_a.darwin:
+	@ $(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME) \
+	SHLIB_SUFFIX=.dylib \
+	LIBDEPS="$(LIBDEPS) -lc" \
+	ALLSYMSFLAGS='-all_load' \
+	NOALLSYMSFLAGS='' \
+	SHAREDFLAGS="-dynamiclib" \
+	SHAREDCMD='$(CC)'; \
+	if [ -n "$(LIBVERSION)" ]; then \
+		SHAREDFLAGS="$SHAREDFLAGS -current_version $(LIBVERSION)"; \
+	fi; \
+	if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
+		SHAREDFLAGS="$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \
+	fi; \
+	$(LINK_SO_A)
+
+link_o.cygwin:
+	@ $(CALC_VERSIONS); \
+	INHIBIT_SYMLINKS=yes; \
+	SHLIB=cyg$(LIBNAME) \
+	SHLIB_SUFFIX=.dll \
+	LIBDEPS="$(LIBDEPS) -lc" \
+	SHLIB_SOVER=-$(LIBVERSION) \
+	ALLSYMSFLAGS='-Wl,--whole-archive' \
+	NOALLSYMSFLAGS='-Wl,--no-whole-archive' \
+	SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a" \
+	SHAREDCMD='${CC}'; \
+	$(LINK_SO_O)
+link_a.cygwin:
+	@ $(CALC_VERSIONS); \
+	INHIBIT_SYMLINKS=yes; \
+	SHLIB=cyg$(LIBNAME) \
+	SHLIB_SUFFIX=.dll \
+	LIBDEPS="$(LIBDEPS) -lc" \
+	SHLIB_SOVER= \
+	ALLSYMSFLAGS='-Wl,--whole-archive' \
+	NOALLSYMSFLAGS='-Wl,--no-whole-archive' \
+	SHAREDFLAGS="-shared -Wl,-Bsymbolic -Wl,--out-implib,lib$(LIBNAME).dll.a" \
+	SHAREDCMD='${CC}'; \
+	$(LINK_SO_A)
+
+link_o.alpha-osf1:
+	@ if ${DETECT_GNU_LD}; then \
+		$(DO_GNU); \
+	else \
+		SHLIB=lib$(LIBNAME).so \
+		SHLIB_SUFFIX= \
+		LIBDEPS="$(LIBDEPS) -lc" \
+		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
+		if [ -n "$$SHLIB_HIST" ]; then \
+			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
+		else \
+			SHLIB_HIST="$(LIBVERSION)"; \
+		fi
+		SHLIB_SOVER= \
+		ALLSYMSFLAGS='-all' \
+		NOALLSYMSFLAGS='-none' \
+		SHAREDFLAGS="-shared" \
+		SHAREDCMD='$(CC)'; \
+		if [ -n "$$SHLIB_HIST" ]; then \
+			SHAREDFLAGS="$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
+		fi; \
+	fi; \
+	$(LINK_SO_O)
+link_a.alpha-osf1:
+	@ if ${DETECT_GNU_LD}; then \
+		$(DO_GNU); \
+	else \
+		SHLIB=lib$(LIBNAME).so \
+		SHLIB_SUFFIX= \
+		LIBDEPS="$(LIBDEPS) -lc" \
+		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
+		if [ -n "$$SHLIB_HIST" ]; then \
+			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
+		else \
+			SHLIB_HIST="$(LIBVERSION)"; \
+		fi
+		SHLIB_SOVER= \
+		ALLSYMSFLAGS='-all' \
+		NOALLSYMSFLAGS='-none' \
+		SHAREDFLAGS="-shared" \
+		SHAREDCMD='$(CC)'; \
+		if [ -n "$$SHLIB_HIST" ]; then \
+			SHAREDFLAGS="$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
+		fi; \
+	fi; \
+	$(LINK_SO_A)
+
+# The difference between alpha-osf1-shared and tru64-shared is the `-msym'
+# option passed to the linker.
+link_o.tru64:
+	@ if ${DETECT_GNU_LD}; then \
+		$(DO_GNU); \
+	else \
+		SHLIB=lib$(LIBNAME).so \
+		SHLIB_SUFFIX= \
+		LIBDEPS="$(LIBDEPS) -lc" \
+		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
+		if [ -n "$$SHLIB_HIST" ]; then \
+			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
+		else \
+			SHLIB_HIST="$(LIBVERSION)"; \
+		fi
+		SHLIB_SOVER= \
+		ALLSYMSFLAGS='-all' \
+		NOALLSYMSFLAGS='-none' \
+		SHAREDFLAGS="-shared -msym" \
+		SHAREDCMD='$(CC)'; \
+		if [ -n "$$SHLIB_HIST" ]; then \
+			SHAREDFLAGS="$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
+		fi; \
+	fi; \
+	$(LINK_SO_O)
+link_a.tru64:
+	@ if ${DETECT_GNU_LD}; then \
+		$(DO_GNU); \
+	else \
+		SHLIB=lib$(LIBNAME).so \
+		SHLIB_SUFFIX= \
+		LIBDEPS="$(LIBDEPS) -lc" \
+		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
+		if [ -n "$$SHLIB_HIST" ]; then \
+			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
+		else \
+			SHLIB_HIST="$(LIBVERSION)"; \
+		fi
+		SHLIB_SOVER= \
+		ALLSYMSFLAGS='-all' \
+		NOALLSYMSFLAGS='-none' \
+		SHAREDFLAGS="-shared -msym" \
+		SHAREDCMD='$(CC)'; \
+		if [ -n "$$SHLIB_HIST" ]; then \
+			SHAREDFLAGS="$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
+		fi; \
+	fi; \
+	$(LINK_SO_A)
+
+# The difference between tru64-shared and tru64-shared-rpath is the
+# -rpath ${LIBRPATH} passed to the linker.
+link_o.tru64-rpath:
+	@ if ${DETECT_GNU_LD}; then \
+		$(DO_GNU); \
+	else \
+		SHLIB=lib$(LIBNAME).so \
+		SHLIB_SUFFIX= \
+		LIBDEPS="$(LIBDEPS) -lc" \
+		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
+		if [ -n "$$SHLIB_HIST" ]; then \
+			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
+		else \
+			SHLIB_HIST="$(LIBVERSION)"; \
+		fi
+		SHLIB_SOVER= \
+		ALLSYMSFLAGS='-all' \
+		NOALLSYMSFLAGS='-none' \
+		SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)" \
+		SHAREDCMD='$(CC)'; \
+		if [ -n "$$SHLIB_HIST" ]; then \
+			SHAREDFLAGS="$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
+		fi; \
+	fi; \
+	$(LINK_SO_O)
+link_a.tru64-rpath:
+	@ if ${DETECT_GNU_LD}; then \
+		$(DO_GNU); \
+	else \
+		SHLIB=lib$(LIBNAME).so \
+		SHLIB_SUFFIX= \
+		LIBDEPS="$(LIBDEPS) -lc" \
+		SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \
+		if [ -n "$$SHLIB_HIST" ]; then \
+			SHLIB_HIST="$${SHLIB_HIST}:$(LIBVERSION)"; \
+		else \
+			SHLIB_HIST="$(LIBVERSION)"; \
+		fi
+		SHLIB_SOVER= \
+		ALLSYMSFLAGS='-all' \
+		NOALLSYMSFLAGS='-none' \
+		SHAREDFLAGS="-shared -msym -rpath $(LIBRPATH)" \
+		SHAREDCMD='$(CC)'; \
+		if [ -n "$$SHLIB_HIST" ]; then \
+			SHAREDFLAGS="$SHAREDFLAGS -set_version \"$$SHLIB_HIST\""; \
+		fi; \
+	fi; \
+	$(LINK_SO_A)
+
+link_o.solaris:
+	@ if ${DETECT_GNU_LD}; then \
+		$(DO_GNU); \
+	else \
+		$(CALC_VERSIONS); \
+		SHLIB=lib$(LIBNAME).so \
+		SHLIB_SUFFIX= \
+		LIBDEPS="$(LIBDEPS) -lc" \
+		ALLSYMSFLAGS='-z allextract' \
+		NOALLSYMSFLAGS='' \
+		SHAREDFLAGS='-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX' \
+		SHAREDCMD='$(CC)'; \
+	fi; \
+	$(LINK_SO_O)
+link_a.solaris:
+	@ if ${DETECT_GNU_LD}; then \
+		$(DO_GNU); \
+	else \
+		$(CALC_VERSIONS); \
+		SHLIB=lib$(LIBNAME).so \
+		SHLIB_SUFFIX= \
+		LIBDEPS="$(LIBDEPS) -lc" \
+		ALLSYMSFLAGS='-z allextract' \
+		NOALLSYMSFLAGS='' \
+		SHAREDFLAGS='-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX' \
+		SHAREDCMD='$(CC)'; \
+	fi; \
+	$(LINK_SO_A)
+
+# OpenServer 5 native compilers used
+# UnixWare 7 and OpenUNIX 8 native compilers used
+link_o.svr3:
+	@ if ${DETECT_GNU_LD}; then \
+		$(DO_GNU); \
+	else \
+		$(CALC_VERSIONS); \
+		SHLIB=lib$(LIBNAME).so \
+		SHLIB_SUFFIX= \
+		LIBDEPS="$(LIBDEPS) -lc" \
+		ALLSYMSFLAGS='-z allextract' \
+		NOALLSYMSFLAGS='' \
+		SHAREDFLAGS='-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX' \
+		SHAREDCMD='$(CC)'; \
+	fi; \
+	$(LINK_SO_O)
+link_a.svr3:
+	@ if ${DETECT_GNU_LD}; then \
+		$(DO_GNU); \
+	else \
+		$(CALC_VERSIONS); \
+		SHLIB=lib$(LIBNAME).so \
+		SHLIB_SUFFIX= \
+		LIBDEPS="$(LIBDEPS) -lc" \
+		ALLSYMSFLAGS='-z allextract' \
+		NOALLSYMSFLAGS='' \
+		SHAREDFLAGS='-G -h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX' \
+		SHAREDCMD='$(CC)'; \
+	fi; \
+	$(LINK_SO_A_UNPACKED)
+
+link_o.irix:
+	@ if ${DETECT_GNU_LD}; then \
+		$(DO_GNU); \
+	else \
+		$(CALC_VERSIONS); \
+		SHLIB=lib$(LIBNAME).so \
+		SHLIB_SUFFIX= \
+		LIBDEPS="$(LIBDEPS) -lc" \
+		ALLSYMSFLAGS='-all' \
+		NOALLSYMSFLAGS='' \
+		SHAREDFLAGS='-shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX' \
+		SHAREDCMD='$(CC)'; \
+	fi; \
+	$(LINK_SO_O)
+link_a.irix:
+	@ if ${DETECT_GNU_LD}; then \
+		$(DO_GNU); \
+	else \
+		$(CALC_VERSIONS); \
+		SHLIB=lib$(LIBNAME).so \
+		SHLIB_SUFFIX= \
+		LIBDEPS="$(LIBDEPS) -lc" \
+		ALLSYMSFLAGS='-all' \
+		NOALLSYMSFLAGS='' \
+		SHAREDFLAGS='-shared -Wl,-soname,$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX' \
+		SHAREDCMD='$(CC)'; \
+	fi; \
+	$(LINK_SO_A)
+
+# HP-UX includes the full pathname of libs we depend on, so we would get
+# ./libcrypto (with ./ as path information) compiled into libssl, hence
+# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
+# anyway.
+# The object modules are loaded from lib$i.a using the undocumented -Fl
+# option.
+#
+# WARNING: Until DSO is fixed to support a search path, we support SHLIB_PATH
+#          by temporarily specifying "+s"!
+#
+link_o.hpux32:
+	@ $(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME).sl \
+	SHLIB_SUFFIX= \
+	LIBDEPS="$(LIBDEPS) -lc" \
+	ALLSYMSFLAGS='-Fl' \
+	NOALLSYMSFLAGS='' \
+	SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX' \
+	SHAREDCMD='/usr/ccs/bin/ld'; \
+	$(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
+link_a.hpux32:
+	@ $(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME).sl \
+	SHLIB_SUFFIX= \
+	LIBDEPS="$(LIBDEPS) -lc" \
+	ALLSYMSFLAGS='-Fl' \
+	NOALLSYMSFLAGS='' \
+	SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX' \
+	SHAREDCMD='/usr/ccs/bin/ld'; \
+	$(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
+
+# HP-UX includes the full pathname of libs we depend on, so we would get
+# ./libcrypto (with ./ as path information) compiled into libssl, hence
+# we omit the SHLIBDEPS. Applications must be linked with -lssl -lcrypto
+# anyway.
+#
+# HP-UX in 64bit mode has "+s" enabled by default; it will search for
+# shared libraries along LD_LIBRARY_PATH _and_ SHLIB_PATH.
+#
+link_o.hpux64:
+	@ $(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME).sl \
+	SHLIB_SUFFIX= \
+	LIBDEPS="$(LIBDEPS) -lc" \
+	ALLSYMSFLAGS='+forceload' \
+	NOALLSYMSFLAGS='' \
+	SHAREDFLAGS='-b -z +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX' \
+	SHAREDCMD='/usr/ccs/bin/ld'; \
+	$(LINK_SO_O) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
+link_a.hpux64:
+	@ $(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME).sl \
+	SHLIB_SUFFIX= \
+	LIBDEPS="$(LIBDEPS) -lc" \
+	ALLSYMSFLAGS='+forceload' \
+	NOALLSYMSFLAGS='' \
+	SHAREDFLAGS='-b -z +h $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX' \
+	SHAREDCMD='/usr/ccs/bin/ld'; \
+	$(LINK_SO_A) && chmod a=rx $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX
+
+link_o.aix:
+	@ $(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME).so \
+	SHLIB_SUFFIX= \
+	LIBDEPS="$(LIBDEPS) -lc" \
+	ALLSYMSFLAGS='-bnogc' \
+	NOALLSYMSFLAGS='' \
+	SHAREDFLAGS='-G -bE:lib$(LIBNAME).exp -bM:SRE' \
+	SHAREDCMD='$(CC)'; \
+	$(LINK_SO_O)
+link_a.aix:
+	@ $(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME).so \
+	SHLIB_SUFFIX= \
+	LIBDEPS="$(LIBDEPS) -lc" \
+	ALLSYMSFLAGS='-bnogc' \
+	NOALLSYMSFLAGS='' \
+	SHAREDFLAGS='-G -bE:lib$(LIBNAME).exp -bM:SRE' \
+	SHAREDCMD='$(CC)'; \
+	$(LINK_SO_A_VIA_O)
+
+link_o.reliantunix:
+	@ $(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME).so \
+	SHLIB_SUFFIX= \
+	LIBDEPS="$(LIBDEPS) -lc" \
+	ALLSYMSFLAGS= \
+	NOALLSYMSFLAGS='' \
+	SHAREDFLAGS='-G' \
+	SHAREDCMD='$(CC)'; \
+	$(LINK_SO_O)
+link_a.reliantunix:
+	@ $(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME).so \
+	SHLIB_SUFFIX= \
+	LIBDEPS="$(LIBDEPS) -lc" \
+	ALLSYMSFLAGS= \
+	NOALLSYMSFLAGS='' \
+	SHAREDFLAGS='-G' \
+	SHAREDCMD='$(CC)'; \
+	$(LINK_SO_A_UNPACKED)
+
+# Targets to build symbolic links when needed
+symlink.gnu symlink.solaris symlink.svr3 symlink.irix \
+symlink.aix symlink.reliantunix:
+	@ $(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME).so; \
+	$(SYMLINK_SO)
+symlink.darwin:
+	@ $(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME) \
+	SHLIB_SUFFIX=.dylib; \
+	$(SYMLINK_SO)
+symlink.hpux32 symlink.hpux64:
+	@ $(CALC_VERSIONS); \
+	SHLIB=lib$(LIBNAME).sl; \
+	$(SYMLINK_SO)
+# The following lines means those specific architectures do no symlinks
+symlink.cygwin symlib.alpha-osf1 symlink.tru64 symlink.tru64-rpath:
+
+# Compatibility targets
+link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu
+link_a.bsd-gcc-shared link_a.linux-shared link_a.gnu-shared: link_a.gnu
+symlink.bsd-gcc-shared symlink.linux-shared symlink.gnu-shared: symlink.gnu
+link_o.darwin-shared: link_o.darwin
+link_a.darwin-shared: link_a.darwin
+symlink.darwin-shared: symlink.darwin
+link_o.cygwin-shared: link_o.cygwin
+link_a.cygwin-shared: link_a.cygwin
+symlink.cygwin-shared: symlink.cygwin
+link_o.alpha-osf1-shared: link_o.alpha-osf1
+link_a.alpha-osf1-shared: link_a.alpha-osf1
+symlink.alpha-osf1-shared: symlink.alpha-osf1
+link_o.tru64-shared: link_o.tru64
+link_a.tru64-shared: link_a.tru64
+symlink.tru64-shared: symlink.tru64
+link_o.tru64-shared-rpath: link_o.tru64-rpath
+link_a.tru64-shared-rpath: link_a.tru64-rpath
+symlink.tru64-shared-rpath: symlink.tru64-rpath
+link_o.solaris-shared: link_o.solaris
+link_a.solaris-shared: link_a.solaris
+symlink.solaris-shared: symlink.solaris
+link_o.svr3-shared: link_o.svr3
+link_a.svr3-shared: link_a.svr3
+symlink.svr3-shared: symlink.svr3
+link_o.svr5-shared: link_o.svr3
+link_a.svr5-shared: link_a.svr3
+symlink.svr5-shared: symlink.svr3
+link_o.irix-shared: link_o.irix
+link_a.irix-shared: link_a.irix
+symlink.irix-shared: symlink.irix
+link_o.hpux-shared: link_o.hpux32
+link_a.hpux-shared: link_a.hpux32
+symlink.hpux-shared: symlink.hpux32
+link_o.hpux64-shared: link_o.hpux64
+link_a.hpux64-shared: link_a.hpux64
+symlink.hpux64-shared: symlink.hpux64
+link_o.aix-shared: link_o.aix
+link_a.aix-shared: link_a.aix
+symlink.aix-shared: symlink.aix
+link_o.reliantunix-shared: link_o.reliantunix
+link_a.reliantunix-shared: link_a.reliantunix
+symlink.reliantunix-shared: symlink.reliantunix
diff --git a/Makefile.ssl b/Makefile.ssl
deleted file mode 100644
index 09c2ff25e3..0000000000
--- a/Makefile.ssl
+++ /dev/null
@@ -1,338 +0,0 @@
-#
-# Makefile for all the SSL related library routines and utilities
-VERSION = 0.9.1b
-PLATFORM=debug
-#
-# make install will install:
-#   libraries into $INSTALLTOP/lib
-#   headers   into $INSTALLTOP/include
-#   utilities into $INSTALLTOP/bin
-#
-# By default INSTALLTOP is set to /usr/local/ssl
-# If you want things install elsewere, consider running
-# perl util/ssldir.pl /new/path
-#
-# Interesting Mailing Lists:
-#     ssl-bugs@mincom.oz.au
-#     ssl-users@mincom.oz.au
-#
-# To join the Mailing Lists:
-#     ssl-bugs-request@mincom.oz.au
-#     ssl-users-request@mincom.oz.au
-#
-# If you must get hold of people directly (we much prefer the above
-# lists to be used if the question is of general interest!):
-#       Eric Young <eay@cryptsoft.com>
-#       Tim Hudson <tjh@cryptsoft.com>
-#       or both    <ssleay@cryptsoft.com>
-#
-# The primary distribution of SSLeay is from
-# ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL
-#
-# NOCONST - Define for C compilers that don't like the const key word.
-# NOPROTO - Define in if your compiler does not support prototypes.
-# RSAref  - Define if we are to link with RSAref.
-# NO_IDEA - Define to build without the IDEA algorithm
-# NO_RC4  - Define to build without the RC4 algorithm
-# NO_RC2  - Define to build without the RC2 algorithm
-# THREADS - Define when building with threads, you will probably also need any
-#           system defines as well, i.e. _REENTERANT for Solaris 2.[34]
-# TERMIO  - Define the termio terminal subsystem, needed if sgtty is missing.
-# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
-# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
-# DEVRANDOM - Give this the value of the 'random device' if your OS supports
-#           one.  32 bytes will be read from this when the random
-#           number generator is initalised.
-# SSL_ALLOW_ADH - define if you want the server to be able to use the
-#           SSLv3 anon-DH ciphers.
-# SSL_ALLOW_ENULL - define if you want the server to be able to use the
-#           NULL encryption ciphers.
-#
-# LOCK_DEBUG - turns on lots of lock debug output :-)
-# REF_CHECK - turn on some xyz_free() assertions.
-# REF_PRINT - prints some stuff on structure free.
-# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
-# MFUNC - Make all Malloc/Free/Realloc calls call
-#       CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
-#       call application defined callbacks via CRYPTO_set_mem_functions()
-# MD5_ASM needs to be defined to use the x86 assembler for MD5
-# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
-# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
-# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8.  It must
-# equal 4.
-# PKCS1_CHECK - pkcs1 tests.
-
-CC= gcc
-#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
-CFLAG= -DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror
-PEX_LIBS= -L. -L.. -L../.. -L../../..
-EX_LIBS= -lefence
-AR=ar r
-
-# Set BN_ASM to bn_asm.o if you want to use the C version
-BN_ASM= bn_asm.o
-#BN_ASM= bn_asm.o
-#BN_ASM= asm/bn86-elf.o	# elf, linux-elf
-#BN_ASM= asm/bn86-sol.o # solaris
-#BN_ASM= asm/bn86-out.o # a.out, FreeBSD
-#BN_ASM= asm/bn86bsdi.o # bsdi
-#BN_ASM= asm/alpha.o    # DEC Alpha
-#BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC
-#BN_ASM= asm/r3000.o    # SGI MIPS cpu
-#BN_ASM= asm/sparc.o    # Sun solaris/SunOS
-#BN_ASM= asm/bn-win32.o # Windows 95/NT
-#BN_ASM= asm/x86w16.o   # 16 bit code for Windows 3.1/DOS
-#BN_ASM= asm/x86w32.o   # 32 bit code for Windows 3.1
-
-# Set DES_ENC to des_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-DES_ENC= des_enc.o fcrypt_b.o
-#DES_ENC= des_enc.o fcrypt_b.o          # C
-#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
-#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
-#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD
-#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi
-
-# Set BF_ENC to bf_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-BF_ENC= bf_enc.o
-#BF_ENC= bf_enc.o
-#BF_ENC= asm/bx86-elf.o # elf
-#BF_ENC= asm/bx86-sol.o # solaris
-#BF_ENC= asm/bx86-out.o # a.out, FreeBSD
-#BF_ENC= asm/bx86bsdi.o # bsdi
-
-# Set CAST_ENC to c_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-CAST_ENC= c_enc.o
-#CAST_ENC= c_enc.o
-#CAST_ENC= asm/cx86-elf.o # elf
-#CAST_ENC= asm/cx86-sol.o # solaris
-#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD
-#CAST_ENC= asm/cx86bsdi.o # bsdi
-
-# Set RC4_ENC to rc4_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-RC4_ENC= rc4_enc.o
-#RC4_ENC= rc4_enc.o
-#RC4_ENC= asm/rx86-elf.o # elf
-#RC4_ENC= asm/rx86-sol.o # solaris
-#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD
-#RC4_ENC= asm/rx86bsdi.o # bsdi
-
-# Set RC5_ENC to rc5_enc.o if you want to use the C version
-#There are 4 x86 assember options.
-RC5_ENC= rc5_enc.o
-#RC5_ENC= rc5_enc.o
-#RC5_ENC= asm/r586-elf.o # elf
-#RC5_ENC= asm/r586-sol.o # solaris
-#RC5_ENC= asm/r586-out.o # a.out, FreeBSD
-#RC5_ENC= asm/r586bsdi.o # bsdi
-
-# Also need MD5_ASM defined
-MD5_ASM_OBJ= 
-#MD5_ASM_OBJ= asm/mx86-elf.o        # elf
-#MD5_ASM_OBJ= asm/mx86-sol.o        # solaris
-#MD5_ASM_OBJ= asm/mx86-out.o        # a.out, FreeBSD
-#MD5_ASM_OBJ= asm/mx86bsdi.o        # bsdi
-
-# Also need SHA1_ASM defined
-SHA1_ASM_OBJ= 
-#SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
-#SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
-#SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
-#SHA1_ASM_OBJ= asm/sx86bsdi.o       # bsdi
-
-# Also need RMD160_ASM defined
-RMD160_ASM_OBJ= 
-#RMD160_ASM_OBJ= asm/rm86-elf.o       # elf
-#RMD160_ASM_OBJ= asm/rm86-sol.o       # solaris
-#RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
-#RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
-
-DIRS=   crypto ssl rsaref apps test tools
-# dirs in crypto to build
-SDIRS=  \
-	md2 md5 sha mdc2 hmac ripemd \
-	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh \
-	buffer bio stack lhash rand err objects \
-	evp pem asn1 x509 conf txt_db pkcs7 comp
-
-# If you change the INSTALLTOP, make sure to also change the values
-# in crypto/location.h
-INSTALLTOP=/usr/local/ssl
-
-MAKEFILE= Makefile.ssl
-MAKE=     make -f Makefile.ssl
-
-MAN1=1
-MAN3=3
-SHELL=/bin/sh
-
-TOP=    .
-ONEDIRS=out tmp
-EDIRS=  times doc bugs util include certs ms shlib mt demos perl sf dep
-MISC=   COPYRIGHT Configure HISTORY.090	HISTORY.066 INSTALL Makefile.ssl \
-	Makefile \
-	README TODO HISTORY README.066 README.080 README.090 \
-	VERSION PROBLEMS MINFO makefile.one e_os.h \
-	MICROSOFT makevms.com config PATENTS
-WDIRS=  windows
-LIBS=   libcrypto.a libssl.a 
-
-GENERAL=        Makefile
-BASENAME=       SSLeay
-NAME=           $(BASENAME)-$(VERSION)
-TARFILE=        $(NAME).tar
-WTARFILE=       $(NAME)-win.tar
-EXHEADER=       e_os.h
-HEADER=         e_os.h
-
-all:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making $$i..."; \
-	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' all ); \
-	done;
-
-sub_all:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making $$i..."; \
-	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' all ); \
-	done;
-
-libclean:
-	/bin/rm *.a */lib */*/lib
-
-clean:
-	/bin/rm -f shlib/*.o *.o core a.out fluff *.map
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "cleaning $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' clean ); \
-	/bin/rm -f $(LIBS); \
-	done;
-	/bin/rm -f *.a *.o speed.* *.map *.so .pure core
-	/bin/rm -f $(TARFILE)
-	@for i in $(ONEDIRS) ;\
-	do \
-	/bin/rm -fr $$i/*; \
-	done
-
-makefile.one: files
-	perl util/mk1mf.pl >makefile.one; \
-	sh util/do_ms.sh
-
-files:  MINFO
-	perl $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making 'files' in $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' files ); \
-	done;
-
-links:
-	/bin/rm -f Makefile;
-	./util/point.sh Makefile.ssl Makefile;
-	$(TOP)/util/mklink.sh include $(EXHEADER) ;
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making links in $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' links ); \
-	done;
-	# @(cd apps; sh ./mklinks)
-	@( SSLEAY="`pwd`/apps/ssleay"; export SSLEAY; sh tools/c_rehash certs )
-
-dclean:
-	/bin/rm -f *.bak
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "undoing makedepend in $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' dclean ); \
-	done;
-
-rehash:
-	@(PATH="`pwd`/apps:${PATH}"; sh tools/c_rehash certs)
-
-test:   tests
-
-tests:
-	(cd test; echo "testing $$i..."; \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests );
-	@apps/ssleay version -a
-
-depend:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making dependancies $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' depend ); \
-	done;
-
-lint:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making lint $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' lint ); \
-	done;
-
-tags:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making tags $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' tags ); \
-	done;
-
-errors:
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "making errors in $$i..."; \
-	$(MAKE) SDIRS='${SDIRS}' errors ); \
-	done;
-
-tar:
-	@(cd ..;\
-	mv $(BASENAME) $(NAME); \
-	export STUFF; \
-	for i in $(MISC) $(DIRS) $(EDIRS) $(ONEDIRS) ;\
-	do \
-		STUFF="$$STUFF $(NAME)/$$i"; \
-	done; \
-	tar cf $(NAME)/$(TARFILE) $$STUFF; \
-	mv $(NAME) $(BASENAME) ) 
-	gzip -f $(TARFILE)
-
-dist:   
-	perl Configure dist
-	perl util/up_ver.pl ${VERSION}
-	@$(MAKE) dist_pem_h
-	@$(MAKE) SDIRS='${SDIRS}' clean
-	@$(MAKE) SDIRS='${SDIRS}' dclean
-	@(cd apps; sh ./rmlinks)
-	@$(MAKE) makefile.one
-	@$(MAKE) tar
-
-dist_pem_h:
-	(cd crypto/pem; $(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
-
-install: all
-	@-mkdir -p $(INSTALLTOP)/bin 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/lib 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/include 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/certs 2>/dev/null
-	@-mkdir -p $(INSTALLTOP)/private 2>/dev/null
-	@for i in $(DIRS) ;\
-	do \
-	(cd $$i; echo "installing $$i..."; \
-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \
-	done
-	@for i in $(LIBS) ;\
-	do \
-	(       echo installing $$i; \
-		cp $$i $(INSTALLTOP)/lib; \
-		sh util/ranlib.sh $(INSTALLTOP)/lib/$$i; \
-		chmod 644 $(INSTALLTOP)/lib/$$i ); \
-	done
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/NEWS b/NEWS
new file mode 100644
index 0000000000..b500ec3db4
--- /dev/null
+++ b/NEWS
@@ -0,0 +1,255 @@
+
+  NEWS
+  ====
+
+  This file gives a brief overview of the major changes between each OpenSSL
+  release. For more details please read the CHANGES file.
+
+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
+
+      o New library section OCSP.
+      o Complete rewrite of ASN1 code.
+      o CRL checking in verify code and openssl utility.
+      o Extension copying in 'ca' utility.
+      o Flexible display options in 'ca' utility.
+      o Provisional support for international characters with UTF8.
+      o Support for external crypto devices ('engine') is no longer
+        a separate distribution.
+      o New elliptic curve library section.
+      o New AES (Rijndael) library section.
+      o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
+        Linux x86_64
+      o Extended support for some platforms: VxWorks
+      o Enhanced support for shared libraries.
+      o Support for pkg-config.
+      o Lots of new manuals.
+      o Change DES API to clean up the namespace (some applications link also
+        against libdes providing similar functions having the same name).
+        Provide macros for backward compatibility (will be removed in the
+        future).
+      o Unify handling of cryptographic algorithms (software and engine)
+        to be available via EVP routines for asymmetric and symmetric ciphers.
+      o NCONF: new configuration handling routines.
+      o Change API to use more 'const' modifiers to improve error checking
+        and help optimizers.
+      o Finally remove references to RSAref.
+      o Reworked parts of the BIGNUM code.
+      o Support for new engines: Broadcom ubsec, Accelerated Encryption
+        Processing, IBM 4758.
+      o A few new engines added in the demos area.
+      o Extended and corrected OID (object identifier) table.
+      o PRNG: query at more locations for a random device, automatic query for
+        EGD style random sources at several locations.
+      o SSL/TLS: allow optional cipher choice according to server's preference.
+      o SSL/TLS: allow server to explicitly set new session ids.
+      o SSL/TLS: support Kerberos cipher suites (RFC2712).
+	Only supports MIT Kerberos for now.
+      o SSL/TLS: allow more precise control of renegotiations and sessions.
+      o SSL/TLS: add callback to retrieve SSL/TLS messages.
+      o SSL/TLS: support AES cipher suites (RFC3268).
+
+  Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
+
+      o New configuration targets for Tandem OSS and A/UX.
+      o New OIDs for Microsoft attributes.
+      o Better handling of SSL session caching.
+      o Better comparison of distinguished names.
+      o Better handling of shared libraries in a mixed GNU/non-GNU environment.
+      o Support assembler code with Borland C.
+      o Fixes for length problems.
+      o Fixes for uninitialised variables.
+      o Fixes for memory leaks, some unusual crashes and some race conditions.
+      o Fixes for smaller building problems.
+      o Updates of manuals, FAQ and other instructive documents.
+
+  Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
+
+      o Important building fixes on Unix.
+
+  Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f:
+
+      o Various important bugfixes.
+
+  Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e:
+
+      o Important security related bugfixes.
+      o Various SSL/TLS library bugfixes.
+
+  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
+
+      o Various SSL/TLS library bugfixes.
+      o Fix DH parameter generation for 'non-standard' generators.
+
+  Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
+
+      o Various SSL/TLS library bugfixes.
+      o BIGNUM library fixes.
+      o RSA OAEP and random number generation fixes.
+      o Object identifiers corrected and added.
+      o Add assembler BN routines for IA64.
+      o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8,
+        MIPS Linux; shared library support for Irix, HP-UX.
+      o Add crypto accelerator support for AEP, Baltimore SureWare,
+        Broadcom and Cryptographic Appliance's keyserver
+        [in 0.9.6c-engine release].
+
+  Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
+
+      o Security fix: PRNG improvements.
+      o Security fix: RSA OAEP check.
+      o Security fix: Reinsert and fix countermeasure to Bleichbacher's
+        attack.
+      o MIPS bug fix in BIGNUM.
+      o Bug fix in "openssl enc".
+      o Bug fix in X.509 printing routine.
+      o Bug fix in DSA verification routine and DSA S/MIME verification.
+      o Bug fix to make PRNG thread-safe.
+      o Bug fix in RAND_file_name().
+      o Bug fix in compatibility mode trust settings.
+      o Bug fix in blowfish EVP.
+      o Increase default size for BIO buffering filter.
+      o Compatibility fixes in some scripts.
+
+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
+
+      o Security fix: change behavior of OpenSSL to avoid using
+        environment variables when running as root.
+      o Security fix: check the result of RSA-CRT to reduce the
+        possibility of deducing the private key from an incorrectly
+        calculated signature.
+      o Security fix: prevent Bleichenbacher's DSA attack.
+      o Security fix: Zero the premaster secret after deriving the
+        master secret in DH ciphersuites.
+      o Reimplement SSL_peek(), which had various problems.
+      o Compatibility fix: the function des_encrypt() renamed to
+        des_encrypt1() to avoid clashes with some Unixen libc.
+      o Bug fixes for Win32, HP/UX and Irix.
+      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
+        memory checking routines.
+      o Bug fixes for RSA operations in threaded environments.
+      o Bug fixes in misc. openssl applications.
+      o Remove a few potential memory leaks.
+      o Add tighter checks of BIGNUM routines.
+      o Shared library support has been reworked for generality.
+      o More documentation.
+      o New function BN_rand_range().
+      o Add "-rand" option to openssl s_client and s_server.
+
+  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6:
+
+      o Some documentation for BIO and SSL libraries.
+      o Enhanced chain verification using key identifiers.
+      o New sign and verify options to 'dgst' application.
+      o Support for DER and PEM encoded messages in 'smime' application.
+      o New 'rsautl' application, low level RSA utility.
+      o MD4 now included.
+      o Bugfix for SSL rollback padding check.
+      o Support for external crypto devices [1].
+      o Enhanced EVP interface.
+
+    [1] The support for external crypto devices is currently a separate
+        distribution.  See the file README.ENGINE.
+
+  Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a:
+
+      o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8 
+      o Shared library support for HPUX and Solaris-gcc
+      o Support of Linux/IA64
+      o Assembler support for Mingw32
+      o New 'rand' application
+      o New way to check for existence of algorithms from scripts
+
+  Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5:
+
+      o S/MIME support in new 'smime' command
+      o Documentation for the OpenSSL command line application
+      o Automation of 'req' application
+      o Fixes to make s_client, s_server work under Windows
+      o Support for multiple fieldnames in SPKACs
+      o New SPKAC command line utilty and associated library functions
+      o Options to allow passwords to be obtained from various sources
+      o New public key PEM format and options to handle it
+      o Many other fixes and enhancements to command line utilities
+      o Usable certificate chain verification
+      o Certificate purpose checking
+      o Certificate trust settings
+      o Support of authority information access extension
+      o Extensions in certificate requests
+      o Simplified X509 name and attribute routines
+      o Initial (incomplete) support for international character sets
+      o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
+      o Read only memory BIOs and simplified creation function
+      o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0
+        record; allow fragmentation and interleaving of handshake and other
+        data
+      o TLS/SSL code now "tolerates" MS SGC
+      o Work around for Netscape client certificate hang bug
+      o RSA_NULL option that removes RSA patent code but keeps other
+        RSA functionality
+      o Memory leak detection now allows applications to add extra information
+        via a per-thread stack
+      o PRNG robustness improved
+      o EGD support
+      o BIGNUM library bug fixes
+      o Faster DSA parameter generation
+      o Enhanced support for Alpha Linux
+      o Experimental MacOS support
+
+  Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:
+
+      o Transparent support for PKCS#8 format private keys: these are used
+        by several software packages and are more secure than the standard
+        form
+      o PKCS#5 v2.0 implementation
+      o Password callbacks have a new void * argument for application data
+      o Avoid various memory leaks
+      o New pipe-like BIO that allows using the SSL library when actual I/O
+        must be handled by the application (BIO pair)
+
+  Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3:
+      o Lots of enhancements and cleanups to the Configuration mechanism
+      o RSA OEAP related fixes
+      o Added `openssl ca -revoke' option for revoking a certificate
+      o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
+      o Source tree cleanups: removed lots of obsolete files
+      o Thawte SXNet, certificate policies and CRL distribution points
+        extension support
+      o Preliminary (experimental) S/MIME support
+      o Support for ASN.1 UTF8String and VisibleString
+      o Full integration of PKCS#12 code
+      o Sparc assembler bignum implementation, optimized hash functions
+      o Option to disable selected ciphers
+
+  Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b:
+      o Fixed a security hole related to session resumption
+      o Fixed RSA encryption routines for the p < q case
+      o "ALL" in cipher lists now means "everything except NULL ciphers"
+      o Support for Triple-DES CBCM cipher
+      o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
+      o First support for new TLSv1 ciphers
+      o Added a few new BIOs (syslog BIO, reliable BIO)
+      o Extended support for DSA certificate/keys.
+      o Extended support for Certificate Signing Requests (CSR)
+      o Initial support for X.509v3 extensions
+      o Extended support for compression inside the SSL record layer
+      o Overhauled Win32 builds
+      o Cleanups and fixes to the Big Number (BN) library
+      o Support for ASN.1 GeneralizedTime
+      o Splitted ASN.1 SETs from SEQUENCEs
+      o ASN1 and PEM support for Netscape Certificate Sequences
+      o Overhauled Perl interface
+      o Lots of source tree cleanups.
+      o Lots of memory leak fixes.
+      o Lots of bug fixes.
+
+  Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c:
+      o Integration of the popular NO_RSA/NO_DSA patches
+      o Initial support for compression inside the SSL record layer
+      o Added BIO proxy and filtering functionality
+      o Extended Big Number (BN) library
+      o Added RIPE MD160 message digest
+      o Addeed support for RC2/64bit cipher
+      o Extended ASN.1 parser routines
+      o Adjustations of the source tree for CVS
+      o Support for various new platforms
+
diff --git a/PATENTS b/PATENTS
deleted file mode 100644
index 1e09003ec7..0000000000
--- a/PATENTS
+++ /dev/null
@@ -1,13 +0,0 @@
-RSA Data Security holds software patents on the RSA and RC5 algorithms.
-If there ciphers are used used inside the USA (and Japan?), you must contact
-RSA Data Security for licencing conditions.  Their web page is
-http://www.rsa.com
-
-RC4 is a trademark of RSA Data Security, so use of this label should perhaps
-only me used with RSA Data Security's permission. 
-
-The IDEA algorithm is patented by Ascom in Austria, France, Germany,
-Italy, Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA.
-They should be contacted if that algorithm is to be used, their web page is
-http://www.ascom.ch
-
diff --git a/PROBLEMS b/PROBLEMS
index d78e2d9a23..56bc73816b 100644
--- a/PROBLEMS
+++ b/PROBLEMS
@@ -1,50 +1,64 @@
-If you have any problems with SSLeay then please take the following 
-steps:
+* System libcrypto.dylib and libssl.dylib are used by system ld on MacOS X.
 
-    Remove the ASM version of the BN routines (edit Configure)
-    Remove the compiler optimisation flags
-    Add in the compiler debug flags (-g)
 
-Note: if using gcc then remove -fomit-frame-pointer before you try
-      to debug things.
+    NOTE: The problem described here only applies when OpenSSL isn't built
+    with shared library support (i.e. without the "shared" configuration
+    option).  If you build with shared library support, you will have no
+    problems as long as you set up DYLD_LIBRARY_PATH properly at all times.
 
-If you wish to report a bug then please include the following information
-in any bug report:
 
-    SSLeay Details
-	- Version, most of these details can be got from the
-	  'ssleay version -a' command.
-    Operating System Details
-	- OS Name
-	- OS Version
-	- Hardware platform
-    Compiler Details
-	- Name
-	- Version
-    Application Details 
-	- Name 
-	- Version 
-    Problem Description
-	- include steps that will reproduce the problem (if known)
-    Stack Traceback (if the application dumps core)
+This is really a misfeature in ld, which seems to look for .dylib libraries
+along the whole library path before it bothers looking for .a libraries.  This
+means that -L switches won't matter unless OpenSSL is built with shared
+library support.
 
-For example:
+The workaround may be to change the following lines in apps/Makefile.ssl and
+test/Makefile.ssl:
 
-    SSLeay-0.5.1a
-    SunOS 5.3, SPARC, SunC 3.0
-    SSLtelnet-0.7
+  LIBCRYPTO=-L.. -lcrypto
+  LIBSSL=-L.. -lssl
 
-    Core dumps when using telnet with SSL support in bn_mul() with 
-    the following stack trackback 
-	...
+to:
 
+  LIBCRYPTO=../libcrypto.a
+  LIBSSL=../libssl.a
 
-Report the bug to either
-    ssleay@mincom.oz.au (Eric and Tim)
-or
-    ssl-bugs@mincom.oz.au (mailing list of active developers)
+It's possible that something similar is needed for shared library support
+as well.  That hasn't been well tested yet.
 
 
-Tim Hudson
-tjh@mincom.oz.au
+Another solution that many seem to recommend is to move the libraries
+/usr/lib/libcrypto.0.9.dylib, /usr/lib/libssl.0.9.dylib to a different
+directory, build and install OpenSSL and anything that depends on your
+build, then move libcrypto.0.9.dylib and libssl.0.9.dylib back to their
+original places.  Note that the version numbers on those two libraries
+may differ on your machine.
 
+
+As long as Apple doesn't fix the problem with ld, this problem building
+OpenSSL will remain as is.
+
+
+* Parallell make leads to errors
+
+While running tests, running a parallell make is a bad idea.  Many test
+scripts use the same name for output and input files, which means different
+will interfere with each other and lead to test failure.
+
+The solution is simple for now: don't run parallell make when testing.
+
+
+* Bugs in gcc 3.0 triggered
+
+According to a problem report, there are bugs in gcc 3.0 that are
+triggered by some of the code in OpenSSL, more specifically in
+PEM_get_EVP_CIPHER_INFO().  The triggering code is the following:
+
+	header+=11;
+	if (*header != '4') return(0); header++;
+	if (*header != ',') return(0); header++;
+
+What happens is that gcc might optimize a little too agressively, and
+you end up with an extra incrementation when *header != '4'.
+
+We recommend that you upgrade gcc to as high a 3.x version as you can.
diff --git a/README b/README
index bc72bfe316..cfac87fdd8 100644
--- a/README
+++ b/README
@@ -1,173 +1,187 @@
-		SSLeay 0.9.1a 06-Jul-1998
-		Copyright (c) 1997, Eric Young
-		All rights reserved.
-
-This directory contains Eric Young's (eay@cryptsoft.com) implementation
-of SSL and supporting libraries.
-
-The current version of this library is available from
-    ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/SSLeay-x.x.x.tar.gz
-
-There are patches to a number of internet applications which can be found in
-    ftp://ftp.psy.uq.oz.au/pub/Crypto/SSLapps/
-
-A Web page containing the SSLeay FAQ written by Tim Hudson <tjh@cryptsoft.com> 
-can be found at 
-    http://www.psy.uq.oz.au/~ftp/Crypto
-
-Additional documentation is being slowly written by Eric Young, and is being
-added to http://www.cryptsoft.com/ssleay/doc.  It will normally also be
-available on http://www.psy.uq.oz.au/~ftp/Crypto/ssleay
-
-This Library and programs are FREE for commercial and non-commercial
-usage.  The only restriction is that I must be attributed with the
-development of this code.  See the COPYRIGHT file for more details.
-Donations would still be accepted :-).
-
-THIS LIBRARY IS NOT %100 COMPATABLE WITH SSLeay 0.6.6
-
-The package includes
-
-libssl.a:
-	My implementation of SSLv2, SSLv3 and the required code to support
-	both SSLv2 and SSLv3 in the one server.
-
-libcrypto.a:
-	General encryption and X509 stuff needed by SSL but not
-	actually logically part of it.  It includes routines for the following:
-
-  Ciphers
-	libdes - My libdes DES encryption package which has been floating
-		around the net for a few years.  It includes 15
-		'modes/variations' of DES (1, 2 and 3 key versions of ecb,
-		cbc, cfb and ofb; pcbc and a more general form of cfb and ofb)
-		including desx in cbc mode,
-		a fast crypt(3), and routines to read passwords from the
-		keyboard.
-	RC4 encryption,
-	RC2 encryption 		- 4 different modes, ecb, cbc, cfb and ofb.
-	Blowfish encryption	- 4 different modes, ecb, cbc, cfb and ofb.
-	IDEA encryption		- 4 different modes, ecb, cbc, cfb and ofb.
-
-  Digests
-	MD5 and MD2 message digest algorithms, fast implementations,
-	SHA (SHA-0) and SHA-1 message digest algorithms,
-	MDC2 message digest.  A DES based hash that is polular on smart cards.
-
-  Public Key
-	RSA encryption/decryption/generation.  There is no limit
-		on the number of bits.
-	DSA encryption/decryption/generation.   There is no limit on the
-		number of bits.
-	Diffie-Hellman key-exchange/key generation.  There is no limit
-		on the number of bits.
-
-  X509v3 certificates
-	X509 encoding/decoding into/from binary ASN1 and a PEM
-		based ascii-binary encoding which supports encryption with
-		a private key.
-	Program to generate RSA and DSA certificate requests and to
-		generate RSA and DSA certificates.
-
-  Systems
-  	The normal digital envelope routines and base64 encoding.
-	Higher level access to ciphers and digests by name.  New ciphers can be
-		loaded at run time.
-	The BIO io system which is a simple non-blocking IO abstraction.
-		Current methods supported are file descriptors, sockets,
-		socket accept, socket connect, memory buffer, buffering,
-		SSL client/server, file pointer, encryption, digest,
-		non-blocking testing and null.
-  Data structures
-  	A dynamically growing hashing system
-	A simple stack.
-	A Configuration loader that uses a format similar to MS .ini files.
-
-Programs in this package include
-	enc	- a general encryption program that can encrypt/decrypt using
-		one of 17 different cipher/mode combinations.  The
-		input/output can also be converted to/from base64
-		ascii encoding.
-	dgst	- a generate message digesting program that will generate
-		message digests for any of md2, md5, sha (sha-0 or sha-1)
-		or mdc2.
-	asn1parse - parse and display the structure of an asn1 encoded
-		binary file.
-	rsa	- Manipulate RSA private keys.
-	dsa	- Manipulate DSA private keys.
-	dh	- Manipulate Diffie-Hellman parameter files.
-	dsaparam- Manipulate and generate DSA parameter files.
-	crl	- Manipulate certificate revocation lists.
-	crt2pkcs7- Generate a pkcs7 object containing a crl and a certificate.
-	x509	- Manipulate x509 certificates, self-sign certificates.
-	req	- Manipulate PKCS#10 certificate requests and also
-		  generate certificate requests.
-	genrsa  - Generates an arbitrary sized RSA private key.
-	gendh	- Generates a set of Diffie-Hellman parameters, the prime
-		  will be a strong prime.
-	ca	- Create certificates from PKCS#10 certificate requests.
-		  This program also maintains a database of certificates
-		  issued.
-	verify	- Check x509 certificate signatures.
-	speed	- Benchmark SSLeay's ciphers.
-	s_server- A test SSL server.
-	s_client- A test SSL client.
-	s_time	- Benchmark SSL performance of SSL server programs.
-	errstr	- Convert from SSLeay hex error codes to a readable form.
-	
-Documents avaliable are
-	A Postscript and html reference manual
-	(written by Tim Hudson tjh@cryptsoft.com).
-
-	A list of text protocol references I used.
-	An initial version of the library manual.
-
-To install this package, read the INSTALL file.
-For the Microsoft word, read MICROSOFT
-This library has been compiled and tested on Solaris 2.[34] (sparc and x86),
-SunOS 4.1.3, DGUX, OSF1 Alpha, HPUX 9, AIX 3.5(?), IRIX 5.[23],
-LINUX, NeXT (intel), linux, Windows NT, Windows 3.1, MSDOS 6.22.
-
-Multithreading has been tested under Windows NT and Solaris 2.5.1
-
-Due to time constraints, the current release has only be rigorously tested
-on Solaris 2.[45], Linux and Windows NT.
-
-For people in the USA, it is possible to compile SSLeay to use RSA
-Inc.'s public key library, RSAref.  From my understanding, it is
-claimed by RSA Inc. to be illegal to use my public key routines inside the USA.
-Read doc/rsaref.doc on how to build with RSAref.
-
-Read the documentation in the doc directory.  It is quite rough,
-but it lists the functions, you will probably have to look at
-the code to work out how to used them.  I will be working on
-documentation.  Look at the example programs.
-
-There should be a SSL reference manual which is being put together by
-Tim Hudson (tjh@cryptsoft.com) in the same location as this
-distribution.  This contains a lot more information that is very
-useful.  For a description of X509 Certificates, their use, and
-certification, read rfc1421, rfc1422, rfc1423 and rfc1424.  ssl/README
-also goes over the mechanism.
-
-We have setup some mailing lists for use by people that are interested
-in helping develop this code and/or ask questions.
-    ssl-bugs@mincom.oz.au
-    ssl-users@mincom.oz.au
-    ssl-bugs-request@mincom.oz.au
-    ssl-users-request@mincom.oz.au
-
-I have recently read about a new form of software, that which is in
-a permanent state of beta release.  Linux and Netscape are 2 good 
-examples of this, and I would also add SSLeay to this category.
-The Current stable release is 0.6.6.  It has a few minor problems.
-0.8.0 is not call compatable so make sure you have the correct version
-of SSLeay to link with.  
-
-eric (Jun 1997)
-
-Eric Young (eay@cryptsoft.com)
-86 Taunton St.
-Annerley 4103.
-Australia.
 
+ OpenSSL 0.9.8-dev XX xxx XXXX
+
+ Copyright (c) 1998-2002 The OpenSSL Project
+ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+ All rights reserved.
+
+ DESCRIPTION
+ -----------
+
+ The OpenSSL Project is a collaborative effort to develop a robust,
+ commercial-grade, fully featured, and Open Source toolkit implementing the
+ Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+ protocols as well as a full-strength general purpose cryptography library.
+ The project is managed by a worldwide community of volunteers that use the
+ Internet to communicate, plan, and develop the OpenSSL toolkit and its
+ related documentation. 
+
+ OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
+ and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
+ OpenSSL license plus the SSLeay license) situation, which basically means
+ that you are free to get and use it for commercial and non-commercial
+ purposes as long as you fulfill the conditions of both licenses. 
+
+ OVERVIEW
+ --------
+
+ The OpenSSL toolkit includes:
+
+ libssl.a:
+     Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
+     both SSLv2, SSLv3 and TLSv1 in the one server and client.
+
+ libcrypto.a:
+     General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
+     actually logically part of it. It includes routines for the following:
+
+     Ciphers
+        libdes - EAY's libdes DES encryption package which has been floating
+                 around the net for a few years.  It includes 15
+                 'modes/variations' of DES (1, 2 and 3 key versions of ecb,
+                 cbc, cfb and ofb; pcbc and a more general form of cfb and
+                 ofb) including desx in cbc mode, a fast crypt(3), and
+                 routines to read passwords from the keyboard.
+        RC4 encryption,
+        RC2 encryption      - 4 different modes, ecb, cbc, cfb and ofb.
+        Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
+        IDEA encryption     - 4 different modes, ecb, cbc, cfb and ofb.
+
+     Digests
+        MD5 and MD2 message digest algorithms, fast implementations,
+        SHA (SHA-0) and SHA-1 message digest algorithms,
+        MDC2 message digest. A DES based hash that is popular on smart cards.
+
+     Public Key
+        RSA encryption/decryption/generation.  
+            There is no limit on the number of bits.
+        DSA encryption/decryption/generation.   
+            There is no limit on the number of bits.
+        Diffie-Hellman key-exchange/key generation.  
+            There is no limit on the number of bits.
+
+     X.509v3 certificates
+        X509 encoding/decoding into/from binary ASN1 and a PEM
+             based ASCII-binary encoding which supports encryption with a
+             private key.  Program to generate RSA and DSA certificate
+             requests and to generate RSA and DSA certificates.
+
+     Systems
+        The normal digital envelope routines and base64 encoding.  Higher
+        level access to ciphers and digests by name.  New ciphers can be
+        loaded at run time.  The BIO io system which is a simple non-blocking
+        IO abstraction.  Current methods supported are file descriptors,
+        sockets, socket accept, socket connect, memory buffer, buffering, SSL
+        client/server, file pointer, encryption, digest, non-blocking testing
+        and null.
+
+     Data structures
+        A dynamically growing hashing system
+        A simple stack.
+        A Configuration loader that uses a format similar to MS .ini files.
+
+ openssl: 
+     A command line tool that can be used for:
+        Creation of RSA, DH and DSA key parameters
+        Creation of X.509 certificates, CSRs and CRLs 
+        Calculation of Message Digests
+        Encryption and Decryption with Ciphers
+        SSL/TLS Client and Server Tests
+        Handling of S/MIME signed or encrypted mail
+
+        
+ PATENTS
+ -------
+
+ Various companies hold various patents for various algorithms in various
+ locations around the world. _YOU_ are responsible for ensuring that your use
+ of any algorithms is legal by checking if there are any patents in your
+ country.  The file contains some of the patents that we know about or are
+ rumored to exist. This is not a definitive list.
+
+ RSA Security holds software patents on the RC5 algorithm.  If you
+ intend to use this cipher, you must contact RSA Security for
+ licensing conditions. Their web page is http://www.rsasecurity.com/.
+
+ RC4 is a trademark of RSA Security, so use of this label should perhaps
+ only be used with RSA Security's permission. 
+
+ The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
+ Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They
+ should be contacted if that algorithm is to be used; their web page is
+ http://www.ascom.ch/.
+
+ INSTALLATION
+ ------------
+
+ To install this package under a Unix derivative, read the INSTALL file.  For
+ a Win32 platform, read the INSTALL.W32 file.  For OpenVMS systems, read
+ INSTALL.VMS.
+
+ Read the documentation in the doc/ directory.  It is quite rough, but it
+ lists the functions; you will probably have to look at the code to work out
+ how to use them. Look at the example programs.
+
+ PROBLEMS
+ --------
+
+ For some platforms, there are some known problems that may affect the user
+ or application author.  We try to collect those in doc/PROBLEMS, with current
+ thoughts on how they should be solved in a future of OpenSSL.
+
+ SUPPORT 
+ -------
+
+ If you have any problems with OpenSSL then please take the following steps
+ first:
+
+    - Download the current snapshot from ftp://ftp.openssl.org/snapshot/
+      to see if the problem has already been addressed
+    - Remove ASM versions of libraries
+    - Remove compiler optimisation flags 
+
+ If you wish to report a bug then please include the following information in
+ any bug report:
+
+    - On Unix systems:
+        Self-test report generated by 'make report'
+    - On other systems:
+        OpenSSL version: output of 'openssl version -a'
+        OS Name, Version, Hardware platform
+        Compiler Details (name, version)
+    - Application Details (name, version)
+    - Problem Description (steps that will reproduce the problem, if known)
+    - Stack Traceback (if the application dumps core)
+
+ Report the bug to the OpenSSL project via the Request Tracker
+ (http://www.openssl.org/rt2.html) by mail to:
+
+    openssl-bugs@openssl.org
+
+ Note that mail to openssl-bugs@openssl.org is recorded in the publicly
+ readable request tracker database and is forwarded to a public
+ mailing list. Confidential mail may be sent to openssl-security@openssl.org
+ (PGP key available from the key servers).
+
+ HOW TO CONTRIBUTE TO OpenSSL
+ ----------------------------
+
+ Development is coordinated on the openssl-dev mailing list (see
+ http://www.openssl.org for information on subscribing). If you
+ would like to submit a patch, send it to openssl-dev@openssl.org with
+ the string "[PATCH]" in the subject. Please be sure to include a
+ textual explanation of what your patch does.
+
+ Note: For legal reasons, contributions from the US can be accepted only
+ if a TSA notification and a copy of the patch is sent to crypt@bis.doc.gov;
+ see http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
+ and http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)).
+
+ The preferred format for changes is "diff -u" output. You might
+ generate it like this:
+
+ # cd openssl-work
+ # [your changes]
+ # ./Configure dist; make clean
+ # cd ..
+ # diff -ur openssl-orig openssl-work > mydiffs.patch
diff --git a/README.066 b/README.066
deleted file mode 100644
index d8e086d0b4..0000000000
--- a/README.066
+++ /dev/null
@@ -1,27 +0,0 @@
-
-SSLeay 0.6.6 13-Jan-1997
-
-The main additions are
-
-- assember for x86 DES improvments.
-  From 191,000 per second on a pentium 100, I now get 281,000.  The inner
-  loop and the IP/FP modifications are from
-  Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>.  Many thanks for his
-  contribution.
-- The 'DES macros' introduced in 0.6.5 now have 3 types.
-  DES_PTR1, DES_PTR2 and 'normal'.  As per before, des_opts reports which
-  is best and there is a summery of mine in crypto/des/options.txt
-- A few bug fixes.
-- Added blowfish.  It is not used by SSL but all the other stuff that
-  deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
-  There are 3 options for optimising Blowfish.  BF_PTR, BF_PTR2 and 'normal'.
-  BF_PTR2 is pentium/x86 specific.  The correct option is setup in
-  the 'Configure' script.
-- There is now a 'get client certificate' callback which can be
-  'non-blocking'.  If more details are required, let me know.  It will
-  documented more in SSLv3 when I finish it.
-- Bug fixes from 0.6.5 including the infamous 'ca' bug.  The 'make test'
-  now tests the ca program.
-- Lots of little things modified and tweaked.
-
-eric
diff --git a/README.080 b/README.080
deleted file mode 100644
index 155ce1c712..0000000000
--- a/README.080
+++ /dev/null
@@ -1,147 +0,0 @@
-This version of SSLeay has quite a lot of things different from the
-previous version.
-
-Basically check all callback parameters, I will be producing documentation
-about how to use things in th future.  Currently I'm just getting 080 out
-the door.  Please not that there are several ways to do everything, and
-most of the applications in the apps directory are hybrids, some using old
-methods and some using new methods.
-
-Have a look in demos/bio for some very simple programs and
-apps/s_client.c and apps/s_server.c for some more advanced versions.
-Notes are definitly needed but they are a week or so away.
-
-Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
----
-Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
-get those people that want to move to using the new code base off to
-a quick start.
-
-Note that Eric has tidied up a lot of the areas of the API that were
-less than desirable and renamed quite a few things (as he had to break
-the API in lots of places anyrate). There are a whole pile of additional
-functions for making dealing with (and creating) certificates a lot
-cleaner.
-
-01-Jul-97
-Tim Hudson
-tjh@cryptsoft.com
-
----8<---
-
-To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
-use something like the following (assuming you #include "crypto.h" which
-is something that you really should be doing).
-
-#if SSLEAY_VERSION_NUMBER >= 0x0800
-#define SSLEAY8
-#endif
-
-buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
-            too if you are working with BIO internal stuff (as distinct
-	    from simply using the interface in an opaque manner)
-
-#include "bio.h"	- required along with "buffer.h" if you write
-			  your own BIO routines as the buffer and bio
-			  stuff that was intermixed has been separated
-			  out 
-			
-envelope.h -> evp.h  (which should have been done ages ago)
-
-Initialisation ... don't forget these or you end up with code that
-is missing the bits required to do useful things (like ciphers):
-
-SSLeay_add_ssl_algorithms()
-(probably also want SSL_load_error_strings() too but you should have
- already had that call in place)
-
-SSL_CTX_new()	- requires an extra method parameter
-		      SSL_CTX_new(SSLv23_method()) 
-		      SSL_CTX_new(SSLv2_method()) 
-		      SSL_CTX_new(SSLv3_method()) 
-
-		  OR to only have the server or the client code
-		      SSL_CTX_new(SSLv23_server_method()) 
-		      SSL_CTX_new(SSLv2_server_method()) 
-		      SSL_CTX_new(SSLv3_server_method()) 
-		  or  
-		      SSL_CTX_new(SSLv23_client_method()) 
-		      SSL_CTX_new(SSLv2_client_method()) 
-		      SSL_CTX_new(SSLv3_client_method()) 
-
-SSL_set_default_verify_paths() ... renamed to the more appropriate
-SSL_CTX_set_default_verify_paths()
-
-If you want to use client certificates then you have to add in a bit
-of extra stuff in that a SSLv3 server sends a list of those CAs that
-it will accept certificates from ... so you have to provide a list to
-SSLeay otherwise certain browsers will not send client certs.
-
-SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
-
-
-X509_NAME_oneline(X)	-> X509_NAME_oneline(X,NULL,0)	
-			   or provide a buffer and size to copy the
-			   result into
-
-X509_add_cert ->  X509_STORE_add_cert (and you might want to read the
-		  notes on X509_NAME structure changes too)
-
-
-VERIFICATION CODE
-=================
-
-The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
-more accurately reflect things.
-
-The verification callback args are now packaged differently so that
-extra fields for verification can be added easily in future without
-having to break things by adding extra parameters each release :-)
-
-X509_cert_verify_error_string -> X509_verify_cert_error_string
-
-
-BIO INTERNALS
-=============
-
-Eric has fixed things so that extra flags can be introduced in
-the BIO layer in future without having to play with all the BIO
-modules by adding in some macros.
-
-The ugly stuff using 
-	b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
-becomes
-	BIO_clear_retry_flags(b)
-
-	b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
-becomes
-	BIO_set_retry_read(b)
-
-Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
-
-
-
-OTHER THINGS
-============
-
-X509_NAME has been altered so that it isn't just a STACK ... the STACK
-is now in the "entries" field ... and there are a pile of nice functions
-for getting at the details in a much cleaner manner.
-
-SSL_CTX has been altered ... "cert" is no longer a direct member of this
-structure ... things are now down under "cert_store" (see x509_vfy.h) and
-things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
-If your code "knows" about this level of detail then it will need some 
-surgery.
-
-If you depending on the incorrect spelling of a number of the error codes
-then you will have to change your code as these have been fixed.
-
-ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
-has been all along so this makes things clearer.
-ify_cert_error_string(ctx->error));
-
-SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
-			and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
-
-
diff --git a/README.090 b/README.090
deleted file mode 100644
index 811037fc2d..0000000000
--- a/README.090
+++ /dev/null
@@ -1,8 +0,0 @@
-10-Apr-1998
-I said the next version would go out at easter, and so it shall.
-I expect a 0.9.1 will follow with portability fixes in the next few weeks.
-
-This is a quick, meet the deadline.  Look to ssl-users for comments on what
-is new etc.
-
-eric (about to go bushwalking for the 4 day easter break :-)
diff --git a/README.ASN1 b/README.ASN1
new file mode 100644
index 0000000000..11bcfaf4dd
--- /dev/null
+++ b/README.ASN1
@@ -0,0 +1,187 @@
+
+OpenSSL ASN1 Revision
+=====================
+
+This document describes some of the issues relating to the new ASN1 code.
+
+Previous OpenSSL ASN1 problems
+=============================
+
+OK why did the OpenSSL ASN1 code need revising in the first place? Well
+there are lots of reasons some of which are included below...
+
+1. The code is difficult to read and write. For every single ASN1 structure
+(e.g. SEQUENCE) four functions need to be written for new, free, encode and
+decode operations. This is a very painful and error prone operation. Very few
+people have ever written any OpenSSL ASN1 and those that have usually wish
+they hadn't.
+
+2. Partly because of 1. the code is bloated and takes up a disproportionate
+amount of space. The SEQUENCE encoder is particularly bad: it essentially
+contains two copies of the same operation, one to compute the SEQUENCE length
+and the other to encode it.
+
+3. The code is memory based: that is it expects to be able to read the whole
+structure from memory. This is fine for small structures but if you have a
+(say) 1Gb PKCS#7 signedData structure it isn't such a good idea...
+
+4. The code for the ASN1 IMPLICIT tag is evil. It is handled by temporarily
+changing the tag to the expected one, attempting to read it, then changing it
+back again. This means that decode buffers have to be writable even though they
+are ultimately unchanged. This gets in the way of constification.
+
+5. The handling of EXPLICIT isn't much better. It adds a chunk of code into 
+the decoder and encoder for every EXPLICIT tag.
+
+6. APPLICATION and PRIVATE tags aren't even supported at all.
+
+7. Even IMPLICIT isn't complete: there is no support for implicitly tagged
+types that are not OPTIONAL.
+
+8. Much of the code assumes that a tag will fit in a single octet. This is
+only true if the tag is 30 or less (mercifully tags over 30 are rare).
+
+9. The ASN1 CHOICE type has to be largely handled manually, there aren't any
+macros that properly support it.
+
+10. Encoders have no concept of OPTIONAL and have no error checking. If the
+passed structure contains a NULL in a mandatory field it will not be encoded,
+resulting in an invalid structure.
+
+11. It is tricky to add ASN1 encoders and decoders to external applications.
+
+Template model
+==============
+
+One of the major problems with revision is the sheer volume of the ASN1 code.
+Attempts to change (for example) the IMPLICIT behaviour would result in a
+modification of *every* single decode function. 
+
+I decided to adopt a template based approach. I'm using the term 'template'
+in a manner similar to SNACC templates: it has nothing to do with C++
+templates.
+
+A template is a description of an ASN1 module as several constant C structures.
+It describes in a machine readable way exactly how the ASN1 structure should
+behave. If this template contains enough detail then it is possible to write
+versions of new, free, encode, decode (and possibly others operations) that
+operate on templates.
+
+Instead of having to write code to handle each operation only a single
+template needs to be written. If new operations are needed (such as a 'print'
+operation) only a single new template based function needs to be written 
+which will then automatically handle all existing templates.
+
+Plans for revision
+==================
+
+The revision will consist of the following steps. Other than the first two
+these can be handled in any order.
+ 
+o Design and write template new, free, encode and decode operations, initially
+memory based. *DONE*
+
+o Convert existing ASN1 code to template form. *IN PROGRESS*
+
+o Convert an existing ASN1 compiler (probably SNACC) to output templates
+in OpenSSL form.
+
+o Add support for BIO based ASN1 encoders and decoders to handle large
+structures, initially blocking I/O.
+
+o Add support for non blocking I/O: this is quite a bit harder than blocking
+I/O.
+
+o Add new ASN1 structures, such as OCSP, CRMF, S/MIME v3 (CMS), attribute
+certificates etc etc.
+
+Description of major changes
+============================
+
+The BOOLEAN type now takes three values. 0xff is TRUE, 0 is FALSE and -1 is
+absent. The meaning of absent depends on the context. If for example the
+boolean type is DEFAULT FALSE (as in the case of the critical flag for
+certificate extensions) then -1 is FALSE, if DEFAULT TRUE then -1 is TRUE.
+Usually the value will only ever be read via an API which will hide this from
+an application.
+
+There is an evil bug in the old ASN1 code that mishandles OPTIONAL with
+SEQUENCE OF or SET OF. These are both implemented as a STACK structure. The
+old code would omit the structure if the STACK was NULL (which is fine) or if
+it had zero elements (which is NOT OK). This causes problems because an empty
+SEQUENCE OF or SET OF will result in an empty STACK when it is decoded but when
+it is encoded it will be omitted resulting in different encodings. The new code
+only omits the encoding if the STACK is NULL, if it contains zero elements it
+is encoded and empty. There is an additional problem though: because an empty
+STACK was omitted, sometimes the corresponding *_new() function would
+initialize the STACK to empty so an application could immediately use it, if
+this is done with the new code (i.e. a NULL) it wont work. Therefore a new
+STACK should be allocated first. One instance of this is the X509_CRL list of
+revoked certificates: a helper function X509_CRL_add0_revoked() has been added
+for this purpose.
+
+The X509_ATTRIBUTE structure used to have an element called 'set' which took
+the value 1 if the attribute value was a SET OF or 0 if it was a single. Due
+to the behaviour of CHOICE in the new code this has been changed to a field
+called 'single' which is 0 for a SET OF and 1 for single. The old field has
+been deleted to deliberately break source compatibility. Since this structure
+is normally accessed via higher level functions this shouldn't break too much.
+
+The X509_REQ_INFO certificate request info structure no longer has a field
+called 'req_kludge'. This used to be set to 1 if the attributes field was
+(incorrectly) omitted. You can check to see if the field is omitted now by
+checking if the attributes field is NULL. Similarly if you need to omit
+the field then free attributes and set it to NULL.
+
+The top level 'detached' field in the PKCS7 structure is no longer set when
+a PKCS#7 structure is read in. PKCS7_is_detached() should be called instead.
+The behaviour of PKCS7_get_detached() is unaffected.
+
+The values of 'type' in the GENERAL_NAME structure have changed. This is
+because the old code use the ASN1 initial octet as the selector. The new
+code uses the index in the ASN1_CHOICE template.
+
+The DIST_POINT_NAME structure has changed to be a true CHOICE type.
+
+typedef struct DIST_POINT_NAME_st {
+int type;
+union {
+	STACK_OF(GENERAL_NAME) *fullname;
+	STACK_OF(X509_NAME_ENTRY) *relativename;
+} name;
+} DIST_POINT_NAME;
+
+This means that name.fullname or name.relativename should be set
+and type reflects the option. That is if name.fullname is set then
+type is 0 and if name.relativename is set type is 1.
+
+With the old code using the i2d functions would typically involve:
+
+unsigned char *buf, *p;
+int len;
+/* Find length of encoding */
+len = i2d_SOMETHING(x, NULL);
+/* Allocate buffer */
+buf = OPENSSL_malloc(len);
+if(buf == NULL) {
+	/* Malloc error */
+}
+/* Use temp variable because &p gets updated to point to end of
+ * encoding.
+ */
+p = buf;
+i2d_SOMETHING(x, &p);
+
+
+Using the new i2d you can also do:
+
+unsigned char *buf = NULL;
+int len;
+len = i2d_SOMETHING(x, &buf);
+if(len < 0) {
+	/* Malloc error */
+}
+
+and it will automatically allocate and populate a buffer with the
+encoding. After this call 'buf' will point to the start of the
+encoding which is len bytes long.
diff --git a/README.ENGINE b/README.ENGINE
new file mode 100644
index 0000000000..0ff8333709
--- /dev/null
+++ b/README.ENGINE
@@ -0,0 +1,289 @@
+  ENGINE
+  ======
+
+  With OpenSSL 0.9.6, a new component was added to support alternative
+  cryptography implementations, most commonly for interfacing with external
+  crypto devices (eg. accelerator cards). This component is called ENGINE,
+  and its presence in OpenSSL 0.9.6 (and subsequent bug-fix releases)
+  caused a little confusion as 0.9.6** releases were rolled in two
+  versions, a "standard" and an "engine" version. In development for 0.9.7,
+  the ENGINE code has been merged into the main branch and will be present
+  in the standard releases from 0.9.7 forwards.
+
+  There are currently built-in ENGINE implementations for the following
+  crypto devices:
+
+      o CryptoSwift
+      o Compaq Atalla
+      o nCipher CHIL
+      o Nuron
+      o Broadcom uBSec
+
+  In addition, dynamic binding to external ENGINE implementations is now
+  provided by a special ENGINE called "dynamic". See the "DYNAMIC ENGINE"
+  section below for details.
+
+  At this stage, a number of things are still needed and are being worked on:
+
+      1 Integration of EVP support.
+      2 Configuration support.
+      3 Documentation!
+
+1 With respect to EVP, this relates to support for ciphers and digests in
+  the ENGINE model so that alternative implementations of existing
+  algorithms/modes (or previously unimplemented ones) can be provided by
+  ENGINE implementations.
+
+2 Configuration support currently exists in the ENGINE API itself, in the
+  form of "control commands". These allow an application to expose to the
+  user/admin the set of commands and parameter types a given ENGINE
+  implementation supports, and for an application to directly feed string
+  based input to those ENGINEs, in the form of name-value pairs. This is an
+  extensible way for ENGINEs to define their own "configuration" mechanisms
+  that are specific to a given ENGINE (eg. for a particular hardware
+  device) but that should be consistent across *all* OpenSSL-based
+  applications when they use that ENGINE. Work is in progress (or at least
+  in planning) for supporting these control commands from the CONF (or
+  NCONF) code so that applications using OpenSSL's existing configuration
+  file format can have ENGINE settings specified in much the same way.
+  Presently however, applications must use the ENGINE API itself to provide
+  such functionality. To see first hand the types of commands available
+  with the various compiled-in ENGINEs (see further down for dynamic
+  ENGINEs), use the "engine" openssl utility with full verbosity, ie;
+       openssl engine -vvvv
+
+3 Documentation? Volunteers welcome! The source code is reasonably well
+  self-documenting, but some summaries and usage instructions are needed -
+  moreover, they are needed in the same POD format the existing OpenSSL
+  documentation is provided in. Any complete or incomplete contributions
+  would help make this happen.
+
+  STABILITY & BUG-REPORTS
+  =======================
+
+  What already exists is fairly stable as far as it has been tested, but
+  the test base has been a bit small most of the time. For the most part,
+  the vendors of the devices these ENGINEs support have contributed to the
+  development and/or testing of the implementations, and *usually* (with no
+  guarantees) have experience in using the ENGINE support to drive their
+  devices from common OpenSSL-based applications. Bugs and/or inexplicable
+  behaviour in using a specific ENGINE implementation should be sent to the
+  author of that implementation (if it is mentioned in the corresponding C
+  file), and in the case of implementations for commercial hardware
+  devices, also through whatever vendor support channels are available.  If
+  none of this is possible, or the problem seems to be something about the
+  ENGINE API itself (ie. not necessarily specific to a particular ENGINE
+  implementation) then you should mail complete details to the relevant
+  OpenSSL mailing list. For a definition of "complete details", refer to
+  the OpenSSL "README" file. As for which list to send it to;
+
+     openssl-users: if you are *using* the ENGINE abstraction, either in an
+          pre-compiled application or in your own application code.
+
+     openssl-dev: if you are discussing problems with OpenSSL source code.
+
+  USAGE
+  =====
+
+  The default "openssl" ENGINE is always chosen when performing crypto
+  operations unless you specify otherwise. You must actively tell the
+  openssl utility commands to use anything else through a new command line
+  switch called "-engine". Also, if you want to use the ENGINE support in
+  your own code to do something similar, you must likewise explicitly
+  select the ENGINE implementation you want.
+
+  Depending on the type of hardware, system, and configuration, "settings"
+  may need to be applied to an ENGINE for it to function as expected/hoped.
+  The recommended way of doing this is for the application to support
+  ENGINE "control commands" so that each ENGINE implementation can provide
+  whatever configuration primitives it might require and the application
+  can allow the user/admin (and thus the hardware vendor's support desk
+  also) to provide any such input directly to the ENGINE implementation.
+  This way, applications do not need to know anything specific to any
+  device, they only need to provide the means to carry such user/admin
+  input through to the ENGINE in question. Ie. this connects *you* (and
+  your helpdesk) to the specific ENGINE implementation (and device), and
+  allows application authors to not get buried in hassle supporting
+  arbitrary devices they know (and care) nothing about.
+
+  A new "openssl" utility, "openssl engine", has been added in that allows
+  for testing and examination of ENGINE implementations. Basic usage
+  instructions are available by specifying the "-?" command line switch.
+
+  DYNAMIC ENGINES
+  ===============
+
+  The new "dynamic" ENGINE provides a low-overhead way to support ENGINE
+  implementations that aren't pre-compiled and linked into OpenSSL-based
+  applications. This could be because existing compiled-in implementations
+  have known problems and you wish to use a newer version with an existing
+  application. It could equally be because the application (or OpenSSL
+  library) you are using simply doesn't have support for the ENGINE you
+  wish to use, and the ENGINE provider (eg. hardware vendor) is providing
+  you with a self-contained implementation in the form of a shared-library.
+  The other use-case for "dynamic" is with applications that wish to
+  maintain the smallest foot-print possible and so do not link in various
+  ENGINE implementations from OpenSSL, but instead leaves you to provide
+  them, if you want them, in the form of "dynamic"-loadable
+  shared-libraries. It should be possible for hardware vendors to provide
+  their own shared-libraries to support arbitrary hardware to work with
+  applications based on OpenSSL 0.9.7 or later. If you're using an
+  application based on 0.9.7 (or later) and the support you desire is only
+  announced for versions later than the one you need, ask the vendor to
+  backport their ENGINE to the version you need.
+
+  How does "dynamic" work?
+  ------------------------
+    The dynamic ENGINE has a special flag in its implementation such that
+    every time application code asks for the 'dynamic' ENGINE, it in fact
+    gets its own copy of it. As such, multi-threaded code (or code that
+    multiplexes multiple uses of 'dynamic' in a single application in any
+    way at all) does not get confused by 'dynamic' being used to do many
+    independent things. Other ENGINEs typically don't do this so there is
+    only ever 1 ENGINE structure of its type (and reference counts are used
+    to keep order). The dynamic ENGINE itself provides absolutely no
+    cryptographic functionality, and any attempt to "initialise" the ENGINE
+    automatically fails. All it does provide are a few "control commands"
+    that can be used to control how it will load an external ENGINE
+    implementation from a shared-library. To see these control commands,
+    use the command-line;
+
+       openssl engine -vvvv dynamic
+
+    The "SO_PATH" control command should be used to identify the
+    shared-library that contains the ENGINE implementation, and "NO_VCHECK"
+    might possibly be useful if there is a minor version conflict and you
+    (or a vendor helpdesk) is convinced you can safely ignore it.
+    "ID" is probably only needed if a shared-library implements
+    multiple ENGINEs, but if you know the engine id you expect to be using,
+    it doesn't hurt to specify it (and this provides a sanity check if
+    nothing else). "LIST_ADD" is only required if you actually wish the
+    loaded ENGINE to be discoverable by application code later on using the
+    ENGINE's "id". For most applications, this isn't necessary - but some
+    application authors may have nifty reasons for using it. The "LOAD"
+    command is the only one that takes no parameters and is the command
+    that uses the settings from any previous commands to actually *load*
+    the shared-library ENGINE implementation. If this command succeeds, the
+    (copy of the) 'dynamic' ENGINE will magically morph into the ENGINE
+    that has been loaded from the shared-library. As such, any control
+    commands supported by the loaded ENGINE could then be executed as per
+    normal. Eg. if ENGINE "foo" is implemented in the shared-library
+    "libfoo.so" and it supports some special control command "CMD_FOO", the
+    following code would load and use it (NB: obviously this code has no
+    error checking);
+
+       ENGINE *e = ENGINE_by_id("dynamic");
+       ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libfoo.so", 0);
+       ENGINE_ctrl_cmd_string(e, "ID", "foo", 0);
+       ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0);
+       ENGINE_ctrl_cmd_string(e, "CMD_FOO", "some input data", 0);
+
+    For testing, the "openssl engine" utility can be useful for this sort
+    of thing. For example the above code excerpt would achieve much the
+    same result as;
+
+       openssl engine dynamic \
+                 -pre SO_PATH:/lib/libfoo.so \
+                 -pre ID:foo \
+                 -pre LOAD \
+                 -pre "CMD_FOO:some input data"
+
+    Or to simply see the list of commands supported by the "foo" ENGINE;
+
+       openssl engine -vvvv dynamic \
+                 -pre SO_PATH:/lib/libfoo.so \
+                 -pre ID:foo \
+                 -pre LOAD
+
+    Applications that support the ENGINE API and more specifically, the
+    "control commands" mechanism, will provide some way for you to pass
+    such commands through to ENGINEs. As such, you would select "dynamic"
+    as the ENGINE to use, and the parameters/commands you pass would
+    control the *actual* ENGINE used. Each command is actually a name-value
+    pair and the value can sometimes be omitted (eg. the "LOAD" command).
+    Whilst the syntax demonstrated in "openssl engine" uses a colon to
+    separate the command name from the value, applications may provide
+    their own syntax for making that separation (eg. a win32 registry
+    key-value pair may be used by some applications). The reason for the
+    "-pre" syntax in the "openssl engine" utility is that some commands
+    might be issued to an ENGINE *after* it has been initialised for use.
+    Eg. if an ENGINE implementation requires a smart-card to be inserted
+    during initialisation (or a PIN to be typed, or whatever), there may be
+    a control command you can issue afterwards to "forget" the smart-card
+    so that additional initialisation is no longer possible. In
+    applications such as web-servers, where potentially volatile code may
+    run on the same host system, this may provide some arguable security
+    value. In such a case, the command would be passed to the ENGINE after
+    it has been initialised for use, and so the "-post" switch would be
+    used instead. Applications may provide a different syntax for
+    supporting this distinction, and some may simply not provide it at all
+    ("-pre" is almost always what you're after, in reality).
+
+  How do I build a "dynamic" ENGINE?
+  ----------------------------------
+    This question is trickier - currently OpenSSL bundles various ENGINE
+    implementations that are statically built in, and any application that
+    calls the "ENGINE_load_builtin_engines()" function will automatically
+    have all such ENGINEs available (and occupying memory). Applications
+    that don't call that function have no ENGINEs available like that and
+    would have to use "dynamic" to load any such ENGINE - but on the other
+    hand such applications would only have the memory footprint of any
+    ENGINEs explicitly loaded using user/admin provided control commands.
+    The main advantage of not statically linking ENGINEs and only using
+    "dynamic" for hardware support is that any installation using no
+    "external" ENGINE suffers no unnecessary memory footprint from unused
+    ENGINEs. Likewise, installations that do require an ENGINE incur the
+    overheads from only *that* ENGINE once it has been loaded.
+
+    Sounds good? Maybe, but currently building an ENGINE implementation as
+    a shared-library that can be loaded by "dynamic" isn't automated in
+    OpenSSL's build process. It can be done manually quite easily however.
+    Such a shared-library can either be built with any OpenSSL code it
+    needs statically linked in, or it can link dynamically against OpenSSL
+    if OpenSSL itself is built as a shared library. The instructions are
+    the same in each case, but in the former (statically linked any
+    dependencies on OpenSSL) you must ensure OpenSSL is built with
+    position-independent code ("PIC"). The default OpenSSL compilation may
+    already specify the relevant flags to do this, but you should consult
+    with your compiler documentation if you are in any doubt.
+
+    This example will show building the "atalla" ENGINE in the
+    crypto/engine/ directory as a shared-library for use via the "dynamic"
+    ENGINE.
+    1) "cd" to the crypto/engine/ directory of a pre-compiled OpenSSL
+       source tree.
+    2) Recompile at least one source file so you can see all the compiler
+       flags (and syntax) being used to build normally. Eg;
+           touch hw_atalla.c ; make
+       will rebuild "hw_atalla.o" using all such flags.
+    3) Manually enter the same compilation line to compile the
+       "hw_atalla.c" file but with the following two changes;
+         (a) add "-DENGINE_DYNAMIC_SUPPORT" to the command line switches,
+	 (b) change the output file from "hw_atalla.o" to something new,
+             eg. "tmp_atalla.o"
+    4) Link "tmp_atalla.o" into a shared-library using the top-level
+       OpenSSL libraries to resolve any dependencies. The syntax for doing
+       this depends heavily on your system/compiler and is a nightmare
+       known well to anyone who has worked with shared-library portability
+       before. 'gcc' on Linux, for example, would use the following syntax;
+          gcc -shared -o dyn_atalla.so tmp_atalla.o -L../.. -lcrypto
+    5) Test your shared library using "openssl engine" as explained in the
+       previous section. Eg. from the top-level directory, you might try;
+          apps/openssl engine -vvvv dynamic \
+              -pre SO_PATH:./crypto/engine/dyn_atalla.so -pre LOAD
+       If the shared-library loads successfully, you will see both "-pre"
+       commands marked as "SUCCESS" and the list of control commands
+       displayed (because of "-vvvv") will be the control commands for the
+       *atalla* ENGINE (ie. *not* the 'dynamic' ENGINE). You can also add
+       the "-t" switch to the utility if you want it to try and initialise
+       the atalla ENGINE for use to test any possible hardware/driver
+       issues.
+
+  PROBLEMS
+  ========
+
+  It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32.
+  A quick test done right before the release showed that trying "openssl speed
+  -engine cswift" generated errors. If the DSO gets enabled, an attempt is made
+  to write at memory address 0x00000002.
+
diff --git a/STATUS b/STATUS
new file mode 100644
index 0000000000..781adf1083
--- /dev/null
+++ b/STATUS
@@ -0,0 +1,129 @@
+
+  OpenSSL STATUS                           Last modified at
+  ______________                           $Date: 2002/12/07 20:03:42 $
+
+  DEVELOPMENT STATE
+
+    o  OpenSSL 0.9.8:  Under development...
+    o  OpenSSL 0.9.7-beta5: Released on December  5th, 2002
+    o  OpenSSL 0.9.7-beta4: Released on November 19th, 2002
+       Debian GNU/Linux (kernel version 2.4.19, gcc 2.95.4)	- PASSED
+    o  OpenSSL 0.9.7-beta3: Released on July     30th, 2002
+    o  OpenSSL 0.9.7-beta2: Released on June     16th, 2002
+    o  OpenSSL 0.9.7-beta1: Released on June      1st, 2002
+    o  OpenSSL 0.9.6h: Released on December   5th, 2002
+    o  OpenSSL 0.9.6g: Released on August     9th, 2002
+    o  OpenSSL 0.9.6f: Released on August     8th, 2002
+    o  OpenSSL 0.9.6e: Released on July      30th, 2002
+    o  OpenSSL 0.9.6d: Released on May        9th, 2002
+    o  OpenSSL 0.9.6c: Released on December  21st, 2001
+    o  OpenSSL 0.9.6b: Released on July       9th, 2001
+    o  OpenSSL 0.9.6a: Released on April      5th, 2001
+    o  OpenSSL 0.9.6:  Released on September 24th, 2000
+    o  OpenSSL 0.9.5a: Released on April      1st, 2000
+    o  OpenSSL 0.9.5:  Released on February  28th, 2000
+    o  OpenSSL 0.9.4:  Released on August    09th, 1999
+    o  OpenSSL 0.9.3a: Released on May       29th, 1999
+    o  OpenSSL 0.9.3:  Released on May       25th, 1999
+    o  OpenSSL 0.9.2b: Released on March     22th, 1999
+    o  OpenSSL 0.9.1c: Released on December  23th, 1998
+
+  [See also http://www.openssl.org/support/rt2.html]
+
+  RELEASE SHOWSTOPPERS
+
+    o BN_mod_mul verification fails for mips3-sgi-irix
+      unless configured with no-asm
+
+    o [2002-11-21]
+      PR 343 mentions that scrubbing memory with 'memset(ptr, 0, n)' may
+      be optimized away in modern compilers.  This is definitely not good
+      and needs to be fixed immediately.  The formula to use is presented
+      in:
+
+      http://online.securityfocus.com/archive/82/297918/2002-10-27/2002-11-02/0
+
+      The problem report that mentions this is:
+
+      https://www.aet.TU-Cottbus.DE/rt2/Ticket/Display.html?id=343
+
+  AVAILABLE PATCHES
+
+    o 
+
+  IN PROGRESS
+
+    o Steve is currently working on (in no particular order):
+        ASN1 code redesign, butchery, replacement.
+        OCSP
+        EVP cipher enhancement.
+        Enhanced certificate chain verification.
+	Private key, certificate and CRL API and implementation.
+	Developing and bugfixing PKCS#7 (S/MIME code).
+        Various X509 issues: character sets, certificate request extensions.
+    o Geoff and Richard are currently working on:
+	ENGINE (the new code that gives hardware support among others).
+    o Richard is currently working on:
+	UI (User Interface)
+	UTIL (a new set of library functions to support some higher level
+	      functionality that is currently missing).
+	Shared library support for VMS.
+	Kerberos 5 authentication (Heimdal)
+	Constification
+	Compression
+	Attribute Certificate support
+	Certificate Pair support
+	Storage Engines (primarly an LDAP storage engine)
+
+  NEEDS PATCH
+
+    o  0.9.8-dev: COMPLEMENTOFALL and COMPLEMENTOFDEFAULT do not
+       handle ECCdraft cipher suites correctly.
+
+    o  apps/ca.c: "Sign the certificate?" - "n" creates empty certificate file
+
+    o  "OpenSSL STATUS" is never up-to-date.
+
+  OPEN ISSUES
+
+    o  The Makefile hierarchy and build mechanism is still not a round thing:
+
+       1. The config vs. Configure scripts
+          It's the same nasty situation as for Apache with APACI vs.
+          src/Configure. It confuses.
+          Suggestion: Merge Configure and config into a single configure
+                      script with a Autoconf style interface ;-) and remove
+                      Configure and config. Or even let us use GNU Autoconf
+                      itself. Then we can avoid a lot of those platform checks
+                      which are currently in Configure.
+
+    o  Support for Shared Libraries has to be added at least
+       for the major Unix platforms. The details we can rip from the stuff
+       Ralf has done for the Apache src/Configure script. Ben wants the
+       solution to be really simple.
+
+       Status: Ralf will look how we can easily incorporate the
+               compiler PIC and linker DSO flags from Apache
+               into the OpenSSL Configure script.
+
+               Ulf: +1 for using GNU autoconf and libtool (but not automake,
+                    which apparently is not flexible enough to generate
+                    libcrypto)
+
+  WISHES
+
+    o  Add variants of DH_generate_parameters() and BN_generate_prime() [etc?]
+       where the callback function can request that the function be aborted.
+       [Gregory Stark <ghstark@pobox.com>, <rayyang2000@yahoo.com>]
+
+    o  SRP in TLS.
+       [wished by:
+        Dj <derek@yo.net>, Tom Wu <tom@arcot.com>,
+        Tom Holroyd <tomh@po.crl.go.jp>]
+
+       See http://search.ietf.org/internet-drafts/draft-ietf-tls-srp-00.txt
+       as well as http://www-cs-students.stanford.edu/~tjw/srp/.
+
+       Tom Holroyd tells us there is a SRP patch for OpenSSH at
+       http://members.tripod.com/professor_tom/archives/, that could
+       be useful.
diff --git a/TABLE b/TABLE
new file mode 100644
index 0000000000..74121b920d
--- /dev/null
+++ b/TABLE
@@ -0,0 +1,4451 @@
+Output of `Configure TABLE':
+
+*** BC-16
+$cc           = bcc
+$cflags       = 
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = WIN16
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** BC-32
+$cc           = bcc32
+$cflags       = 
+$unistd       = 
+$thread_cflag = 
+$sys_id       = WIN32
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR RC4_INDEX
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = win32
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** BS2000-OSD
+$cc           = c89
+$cflags       = -O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** Cygwin
+$cc           = gcc
+$cflags       = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall
+$unistd       = 
+$thread_cflag = 
+$sys_id       = CYGWIN32
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-out.o asm/co86-out.o
+$des_obj      = asm/dx86-out.o asm/yx86-out.o
+$bf_obj       = asm/bx86-out.o
+$md5_obj      = asm/mx86-out.o
+$sha1_obj     = asm/sx86-out.o
+$cast_obj     = asm/cx86-out.o
+$rc4_obj      = asm/rx86-out.o
+$rmd160_obj   = asm/rm86-out.o
+$rc5_obj      = asm/r586-out.o
+$dso_scheme   = win32
+$shared_target= cygwin-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .dll
+$ranlib       = 
+$arflags      = 
+
+*** Cygwin-pre1.3
+$cc           = gcc
+$cflags       = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = CYGWIN32
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = win32
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** DJGPP
+$cc           = gcc
+$cflags       = -I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall
+$unistd       = 
+$thread_cflag = 
+$sys_id       = MSDOS
+$lflags       = -L/dev/env/WATT_ROOT/lib -lwatt
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** FreeBSD
+$cc           = gcc
+$cflags       = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-out.o asm/co86-out.o
+$des_obj      = asm/dx86-out.o asm/yx86-out.o
+$bf_obj       = asm/bx86-out.o
+$md5_obj      = asm/mx86-out.o
+$sha1_obj     = asm/sx86-out.o
+$cast_obj     = asm/cx86-out.o
+$rc4_obj      = asm/rx86-out.o
+$rmd160_obj   = asm/rm86-out.o
+$rc5_obj      = asm/r586-out.o
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** FreeBSD-alpha
+$cc           = gcc
+$cflags       = -DTERMIOS -O -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** FreeBSD-elf
+$cc           = gcc
+$cflags       = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+$unistd       = 
+$thread_cflag = -pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** MPE/iX-gcc
+$cc           = gcc
+$cflags       = -D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = MPE
+$lflags       = -L/SYSLOG/PUB -lsyslog -lsocket -lcurses
+$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** Mingw32
+$cc           = gcc
+$cflags       = -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+$unistd       = 
+$thread_cflag = 
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = win32
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** NetBSD-m68
+$cc           = gcc
+$cflags       = -DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** NetBSD-sparc
+$cc           = gcc
+$cflags       = -DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** NetBSD-x86
+$cc           = gcc
+$cflags       = -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OS2-EMX
+$cc           = gcc
+$cflags       = 
+$unistd       = 
+$thread_cflag = 
+$sys_id       = 
+$lflags       = 
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** OS390-Unix
+$cc           = c89.sh
+$cflags       = -O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H  -D_ALL_SOURCE
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** OpenBSD
+$cc           = gcc
+$cflags       = -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenBSD-alpha
+$cc           = gcc
+$cflags       = -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenBSD-hppa
+$cc           = gcc
+$cflags       = -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenBSD-i386
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-out.o asm/co86-out.o
+$des_obj      = asm/dx86-out.o asm/yx86-out.o
+$bf_obj       = asm/bx86-out.o
+$md5_obj      = asm/mx86-out.o
+$sha1_obj     = asm/sx86-out.o
+$cast_obj     = asm/cx86-out.o
+$rc4_obj      = asm/rx86-out.o
+$rmd160_obj   = asm/rm86-out.o
+$rc5_obj      = asm/r586-out.o
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenBSD-m68k
+$cc           = gcc
+$cflags       = -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenBSD-m88k
+$cc           = gcc
+$cflags       = -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenBSD-mips
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenBSD-powerpc
+$cc           = gcc
+$cflags       = -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenBSD-sparc
+$cc           = gcc
+$cflags       = -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenBSD-sparc64
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenBSD-vax
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenUNIX-8
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kalloca
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= svr5-shared
+$shared_cflag = -Kpic
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenUNIX-8-gcc
+$cc           = gcc
+$cflags       = -O -DFILIO_H -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = -pthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= svr5-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenUNIX-8-pentium
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kalloca -Kpentium
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= svr5-shared
+$shared_cflag = -Kpic
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** OpenUNIX-8-pentium_pro
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kalloca -Kpentium_pro
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= svr5-shared
+$shared_cflag = -Kpic
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** ReliantUNIX
+$cc           = cc
+$cflags       = -KPIC -g -DTERMIOS -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = SNI
+$lflags       = -lsocket -lnsl -lc -L/usr/ucblib -lucb
+$bn_ops       = BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= reliantunix-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** SINIX
+$cc           = cc
+$cflags       = -O
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = SNI
+$lflags       = -lsocket -lnsl -lc -L/usr/ucblib -lucb
+$bn_ops       = RC4_INDEX RC4_CHAR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** SINIX-N
+$cc           = /usr/ucb/cc
+$cflags       = -O2 -misaligned
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lucb
+$bn_ops       = RC4_INDEX RC4_CHAR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** UWIN
+$cc           = cc
+$cflags       = -DTERMIOS -DL_ENDIAN -O -Wall
+$unistd       = 
+$thread_cflag = 
+$sys_id       = UWIN
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = win32
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** VC-CE
+$cc           = cl
+$cflags       = 
+$unistd       = 
+$thread_cflag = 
+$sys_id       = WINCE
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = win32
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** VC-MSDOS
+$cc           = cl
+$cflags       = 
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = MSDOS
+$lflags       = 
+$bn_ops       = BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** VC-NT
+$cc           = cl
+$cflags       = 
+$unistd       = 
+$thread_cflag = 
+$sys_id       = WINNT
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = win32
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** VC-W31-16
+$cc           = cl
+$cflags       = 
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = WIN16
+$lflags       = 
+$bn_ops       = BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** VC-W31-32
+$cc           = cl
+$cflags       = 
+$unistd       = 
+$thread_cflag = 
+$sys_id       = WIN16
+$lflags       = 
+$bn_ops       = BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** VC-WIN16
+$cc           = cl
+$cflags       = 
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = WIN16
+$lflags       = 
+$bn_ops       = MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** VC-WIN32
+$cc           = cl
+$cflags       = 
+$unistd       = 
+$thread_cflag = 
+$sys_id       = WIN32
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = win32
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** aix-cc
+$cc           = cc
+$cflags       = -O -DB_ENDIAN -qmaxmem=16384
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = AIX
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** aix-gcc
+$cc           = gcc
+$cflags       = -O3 -DB_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = AIX
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** aix43-cc
+$cc           = cc
+$cflags       = -O -DAIX -DB_ENDIAN -qmaxmem=16384
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** aix43-gcc
+$cc           = gcc
+$cflags       = -O1 -DAIX -DB_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** aix64-cc
+$cc           = cc
+$cflags       = -O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = -X 64
+
+*** alpha-cc
+$cc           = cc
+$cflags       = -std1 -tune host -fast -readonly_strings
+$unistd       = 
+$thread_cflag = -pthread
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= tru64-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so
+$ranlib       = 
+$arflags      = 
+
+*** alpha-cc-rpath
+$cc           = cc
+$cflags       = -std1 -tune host -fast -readonly_strings
+$unistd       = 
+$thread_cflag = -pthread
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= tru64-shared-rpath
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so
+$ranlib       = 
+$arflags      = 
+
+*** alpha-gcc
+$cc           = gcc
+$cflags       = -O3
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= alpha-osf1-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so
+$ranlib       = 
+$arflags      = 
+
+*** alpha164-cc
+$cc           = cc
+$cflags       = -std1 -tune host -fast -readonly_strings
+$unistd       = 
+$thread_cflag = -pthread
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= tru64-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so
+$ranlib       = 
+$arflags      = 
+
+*** alphaold-cc
+$cc           = cc
+$cflags       = -std1 -tune host -O4 -readonly_strings
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= alpha-osf1-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so
+$ranlib       = 
+$arflags      = 
+
+*** aux3-gcc
+$cc           = gcc
+$cflags       = -O2 -DTERMIO
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = AUX
+$lflags       = -lbsd
+$bn_ops       = RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** bsdi-elf-gcc
+$cc           = gcc
+$cflags       = -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= bsd-gcc-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** bsdi-gcc
+$cc           = gcc
+$cflags       = -O3 -ffast-math -DL_ENDIAN -DPERL5 -m486
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = RSA_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86bsdi.o asm/co86bsdi.o
+$des_obj      = asm/dx86bsdi.o asm/yx86bsdi.o
+$bf_obj       = asm/bx86bsdi.o
+$md5_obj      = asm/mx86bsdi.o
+$sha1_obj     = asm/sx86bsdi.o
+$cast_obj     = asm/cx86bsdi.o
+$rc4_obj      = asm/rx86bsdi.o
+$rmd160_obj   = asm/rm86bsdi.o
+$rc5_obj      = asm/r586bsdi.o
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** cc
+$cc           = cc
+$cflags       = -O
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** cray-j90
+$cc           = cc
+$cflags       = -DBIT_FIELD_LIMITS -DTERMIOS
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = CRAY
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG DES_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** cray-t3e
+$cc           = cc
+$cflags       = -DBIT_FIELD_LIMITS -DTERMIOS
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = CRAY
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** darwin-i386-cc
+$cc           = cc
+$cflags       = -O3 -fomit-frame-pointer -fno-common -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = MACOSX
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= darwin-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
+$ranlib       = 
+$arflags      = 
+
+*** darwin-ppc-cc
+$cc           = cc
+$cflags       = -O3 -fomit-frame-pointer -fno-common -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = MACOSX
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= darwin-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib
+$ranlib       = 
+$arflags      = 
+
+*** debug
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lefence
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-ben
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = 
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-ben-debug
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-ben-openbsd
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-ben-openbsd-debug
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-ben-strict
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-bodo
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -m486 -pedantic -Wshadow -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-levitte-linux-elf
+$cc           = gcc
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** debug-levitte-linux-elf-extreme
+$cc           = gcc
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** debug-levitte-linux-noasm
+$cc           = gcc
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -pipe
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** debug-levitte-linux-noasm-extreme
+$cc           = gcc
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wconversion -Wno-long-long -pipe
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** debug-linux-elf
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lefence -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** debug-linux-elf-noefence
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-linux-pentium
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-linux-ppro
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-rse
+$cc           = cc
+$cflags       = -DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-solaris-sparcv8-cc
+$cc           = cc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+$bn_obj       = asm/sparcv8.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -KPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** debug-solaris-sparcv8-gcc
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = asm/sparcv8.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** debug-solaris-sparcv9-cc
+$cc           = cc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = ULTRASPARC
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+$bn_obj       = asm/sparcv8plus.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = asm/md5-sparcv8plus.o
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -KPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** debug-solaris-sparcv9-gcc
+$cc           = gcc
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = asm/sparcv8plus.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** debug-steve
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -mcpu=i486 -pedantic -Wall -Werror -Wshadow -pipe
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -rdynamic -ldl
+$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-steve-linux-pseudo64
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -rdynamic -ldl
+$bn_ops       = SIXTY_FOUR_BIT
+$bn_obj       = 
+$des_obj      = dlfcn
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** debug-ulf
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = 
+$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** dgux-R3-gcc
+$cc           = gcc
+$cflags       = -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = RC4_INDEX DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** dgux-R4-gcc
+$cc           = gcc
+$cflags       = -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lnsl -lsocket
+$bn_ops       = RC4_INDEX DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** dgux-R4-x86-gcc
+$cc           = gcc
+$cflags       = -O3 -fomit-frame-pointer -DL_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lnsl -lsocket
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** dist
+$cc           = cc
+$cflags       = -O
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** gcc
+$cc           = gcc
+$cflags       = -O3
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** hpux-brokencc
+$cc           = cc
+$cflags       = -DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux-brokengcc
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DBN_DIV2W -O3
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux-cc
+$cc           = cc
+$cflags       = -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux-gcc
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DBN_DIV2W -O3
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux-ia64-cc
+$cc           = cc
+$cflags       = -Ae +DD32 +O3 +ESlit -z -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+$bn_obj       = asm/ia64-cpp.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= hpux-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux-m68k-gcc
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DBN_DIV2W -O3
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** hpux-parisc-cc
+$cc           = cc
+$cflags       = +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux-parisc-cc-o4
+$cc           = cc
+$cflags       = -Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY
+$unistd       = 
+$thread_cflag = 
+$sys_id       = 
+$lflags       = -ldld
+$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux-parisc-gcc
+$cc           = gcc
+$cflags       = -O3 -DB_ENDIAN -DBN_DIV2W
+$unistd       = 
+$thread_cflag = 
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux-parisc1_1-cc
+$cc           = cc
+$cflags       = +DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux-parisc2-cc
+$cc           = cc
+$cflags       = +DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+$bn_obj       = asm/pa-risc2.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux10-brokencc
+$cc           = cc
+$cflags       = -DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux10-brokengcc
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DBN_DIV2W -O3
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux10-cc
+$cc           = cc
+$cflags       = -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux10-gcc
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DBN_DIV2W -O3
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -Wl,+s -ldld
+$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dl
+$shared_target= hpux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux64-ia64-cc
+$cc           = cc
+$cflags       = -Ae +DD64 +O3 +ESlit -z -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+$bn_obj       = asm/ia64-cpp.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= hpux64-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux64-parisc-cc
+$cc           = cc
+$cflags       = -Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= hpux64-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux64-parisc-gcc
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DMD32_XARRAY
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= hpux64-shared
+$shared_cflag = -fpic
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hpux64-parisc2-cc
+$cc           = cc
+$cflags       = +DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+$bn_obj       = asm/pa-risc2W.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= hpux64-shared
+$shared_cflag = +Z
+$shared_ldflag = 
+$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** hurd-x86
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** irix-cc
+$cc           = cc
+$cflags       = -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= irix-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** irix-gcc
+$cc           = gcc
+$cflags       = -O3 -DTERMIOS -DB_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= irix-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** irix-mips3-cc
+$cc           = cc
+$cflags       = -n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+$unistd       = 
+$thread_cflag = -D_SGI_MP_SOURCE
+$sys_id       = 
+$lflags       = 
+$bn_ops       = DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT
+$bn_obj       = asm/mips3.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= irix-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** irix-mips3-gcc
+$cc           = gcc
+$cflags       = -mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+$unistd       = 
+$thread_cflag = -D_SGI_MP_SOURCE
+$sys_id       = 
+$lflags       = 
+$bn_ops       = MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT
+$bn_obj       = asm/mips3.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= irix-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** irix64-mips4-cc
+$cc           = cc
+$cflags       = -64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+$unistd       = 
+$thread_cflag = -D_SGI_MP_SOURCE
+$sys_id       = 
+$lflags       = 
+$bn_ops       = RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG
+$bn_obj       = asm/mips3.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= irix-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** irix64-mips4-gcc
+$cc           = gcc
+$cflags       = -mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+$unistd       = 
+$thread_cflag = -D_SGI_MP_SOURCE
+$sys_id       = 
+$lflags       = 
+$bn_ops       = RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG
+$bn_obj       = asm/mips3.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= irix-shared
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-alpha+bwx-ccc
+$cc           = ccc
+$cflags       = -fast -readonly_strings -DL_ENDIAN -DTERMIO
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** linux-alpha+bwx-gcc
+$cc           = gcc
+$cflags       = -O3 -DL_ENDIAN -DTERMIO
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-alpha-ccc
+$cc           = ccc
+$cflags       = -fast -readonly_strings -DL_ENDIAN -DTERMIO
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = 
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** linux-alpha-gcc
+$cc           = gcc
+$cflags       = -O3 -DL_ENDIAN -DTERMIO
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-aout
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-out.o asm/co86-out.o
+$des_obj      = asm/dx86-out.o asm/yx86-out.o
+$bf_obj       = asm/bx86-out.o
+$md5_obj      = asm/mx86-out.o
+$sha1_obj     = asm/sx86-out.o
+$cast_obj     = asm/cx86-out.o
+$rc4_obj      = asm/rx86-out.o
+$rmd160_obj   = asm/rm86-out.o
+$rc5_obj      = asm/r586-out.o
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** linux-elf
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-elf-arm
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-ia64
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR
+$bn_obj       = asm/ia64.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-k6
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=k6 -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-m68k
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** linux-mips
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** linux-mipsel
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** linux-parisc
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** linux-pentium
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentium -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-ppc
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-ppro
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -mcpu=pentiumpro -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-s390
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-s390x
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-sparcv7
+$cc           = gcc
+$cflags       = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** linux-sparcv8
+$cc           = gcc
+$cflags       = -mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = asm/sparcv8.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-sparcv9
+$cc           = gcc
+$cflags       = -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = ULTRASPARC
+$lflags       = -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = asm/sparcv8plus.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = asm/md5-sparcv8plus.o
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux-x86_64
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DNO_ASM
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** linux64-sparcv9
+$cc           = gcc
+$cflags       = -m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = ULTRASPARC
+$lflags       = -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = asm/md5-sparcv9.o
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= linux-shared
+$shared_cflag = -fPIC
+$shared_ldflag = -m64
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** ncr-scde
+$cc           = cc
+$cflags       = -O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** newsos4-gcc
+$cc           = gcc
+$cflags       = -O -DB_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = NEWS4
+$lflags       = -lmld -liberty
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** nextstep
+$cc           = cc
+$cflags       = -O -Wall
+$unistd       = <libc.h>
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** nextstep3.3
+$cc           = cc
+$cflags       = -O3 -Wall
+$unistd       = <libc.h>
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** purify
+$cc           = purify gcc
+$cflags       = -g -DPURIFY -Wall
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** qnx4
+$cc           = cc
+$cflags       = -DL_ENDIAN -DTERMIO
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** qnx6
+$cc           = cc
+$cflags       = -DL_ENDIAN -DTERMIOS
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lsocket
+$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** rhapsody-ppc-cc
+$cc           = cc
+$cflags       = -O3 -DB_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = MACOSX_RHAPSODY
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** sco3-gcc
+$cc           = gcc
+$cflags       = -O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lsocket
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** sco5-cc
+$cc           = cc
+$cflags       = -belf
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lsocket -lresolv -lnsl
+$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= svr3-shared
+$shared_cflag = -Kpic
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** sco5-cc-pentium
+$cc           = cc
+$cflags       = -Kpentium
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lsocket
+$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** sco5-gcc
+$cc           = gcc
+$cflags       = -O3 -fomit-frame-pointer
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = -lsocket -lresolv -lnsl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+$bf_obj       = asm/bx86-elf.o
+$md5_obj      = asm/mx86-elf.o
+$sha1_obj     = asm/sx86-elf.o
+$cast_obj     = asm/cx86-elf.o
+$rc4_obj      = asm/rx86-elf.o
+$rmd160_obj   = asm/rm86-elf.o
+$rc5_obj      = asm/r586-elf.o
+$dso_scheme   = dlfcn
+$shared_target= svr3-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** solaris-sparc-sc3
+$cc           = cc
+$cflags       = -fast -O -Xa -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -KPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris-sparcv7-cc
+$cc           = cc
+$cflags       = -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -KPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris-sparcv7-gcc
+$cc           = gcc
+$cflags       = -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris-sparcv8-cc
+$cc           = cc
+$cflags       = -xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+$bn_obj       = asm/sparcv8.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -KPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris-sparcv8-gcc
+$cc           = gcc
+$cflags       = -mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = asm/sparcv8.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris-sparcv9-cc
+$cc           = cc
+$cflags       = -xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = ULTRASPARC
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+$bn_obj       = asm/sparcv8plus.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = asm/md5-sparcv8plus.o
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -KPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris-sparcv9-gcc
+$cc           = gcc
+$cflags       = -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = ULTRASPARC
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = asm/sparcv8plus.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = asm/md5-sparcv8plus.o
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris-sparcv9-gcc27
+$cc           = gcc
+$cflags       = -mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = ULTRASPARC
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+$bn_obj       = asm/sparcv8plus-gcc27.o
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = asm/md5-sparcv8plus-gcc27.o
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris-x86-cc
+$cc           = cc
+$cflags       = -fast -O -Xa
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -KPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris-x86-gcc
+$cc           = gcc
+$cflags       = -O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = asm/bn86-sol.o asm/co86-sol.o
+$des_obj      = asm/dx86-sol.o asm/yx86-sol.o
+$bf_obj       = asm/bx86-sol.o
+$md5_obj      = asm/mx86-sol.o
+$sha1_obj     = asm/sx86-sol.o
+$cast_obj     = asm/cx86-sol.o
+$rc4_obj      = asm/rx86-sol.o
+$rmd160_obj   = asm/rm86-sol.o
+$rc5_obj      = asm/r586-sol.o
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris64-sparcv9-cc
+$cc           = cc
+$cflags       = -xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = ULTRASPARC
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = asm/md5-sparcv9.o
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -KPIC
+$shared_ldflag = -xarch=v9
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = /usr/ccs/bin/ar rs
+$arflags      = 
+
+*** solaris64-sparcv9-gcc
+$cc           = gcc
+$cflags       = -m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = ULTRASPARC
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = asm/md5-sparcv9.o
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -fPIC
+$shared_ldflag = -m64
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** solaris64-sparcv9-gcc31
+$cc           = gcc
+$cflags       = -mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = ULTRASPARC
+$lflags       = -lsocket -lnsl -ldl
+$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = asm/md5-sparcv9.o
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= solaris-shared
+$shared_cflag = -fPIC
+$shared_ldflag = -m64
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** sunos-gcc
+$cc           = gcc
+$cflags       = -O3 -mv8 -Dssize_t=int
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = SUNOS
+$lflags       = 
+$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** tandem-c89
+$cc           = c89
+$cflags       = -Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = THIRTY_TWO_BIT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** ultrix-cc
+$cc           = cc
+$cflags       = -std1 -O -Olimit 1000 -DL_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** ultrix-gcc
+$cc           = gcc
+$cflags       = -O3 -DL_ENDIAN
+$unistd       = 
+$thread_cflag = (unknown)
+$sys_id       = 
+$lflags       = 
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** unixware-2.0
+$cc           = cc
+$cflags       = -DFILIO_H -DNO_STRINGS_H
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl -lresolv -lx
+$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** unixware-2.0-pentium
+$cc           = cc
+$cflags       = -DFILIO_H -DNO_STRINGS_H -Kpentium
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl -lresolv -lx
+$bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** unixware-2.1
+$cc           = cc
+$cflags       = -O -DFILIO_H
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl -lresolv -lx
+$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** unixware-2.1-p6
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kp6
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl -lresolv -lx
+$bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** unixware-2.1-pentium
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kpentium
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl -lresolv -lx
+$bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** unixware-7
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kalloca
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= svr5-shared
+$shared_cflag = -Kpic
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** unixware-7-gcc
+$cc           = gcc
+$cflags       = -DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall
+$unistd       = 
+$thread_cflag = -D_REENTRANT
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= gnu-shared
+$shared_cflag = -fPIC
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** unixware-7-pentium
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kalloca -Kpentium
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= svr5-shared
+$shared_cflag = -Kpic
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** unixware-7-pentium_pro
+$cc           = cc
+$cflags       = -O -DFILIO_H -Kalloca -Kpentium_pro
+$unistd       = 
+$thread_cflag = -Kthread
+$sys_id       = 
+$lflags       = -lsocket -lnsl
+$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = dlfcn
+$shared_target= svr5-shared
+$shared_cflag = -Kpic
+$shared_ldflag = 
+$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+$ranlib       = 
+$arflags      = 
+
+*** vxworks-ppc405
+$cc           = ccppc
+$cflags       = -g -msoft-float -mlongcall -DCPU=PPC405 -I$(WIND_BASE)/target/h
+$unistd       = 
+$thread_cflag = 
+$sys_id       = VXWORKS
+$lflags       = -r
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** vxworks-ppc750
+$cc           = ccppc
+$cflags       = -ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I$(WIND_BASE)/target/h $(DEBUG_FLAG)
+$unistd       = 
+$thread_cflag = 
+$sys_id       = VXWORKS
+$lflags       = -r
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
+
+*** vxworks-ppc750-debug
+$cc           = ccppc
+$cflags       = -ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g
+$unistd       = 
+$thread_cflag = 
+$sys_id       = VXWORKS
+$lflags       = -r
+$bn_ops       = 
+$bn_obj       = 
+$des_obj      = 
+$bf_obj       = 
+$md5_obj      = 
+$sha1_obj     = 
+$cast_obj     = 
+$rc4_obj      = 
+$rmd160_obj   = 
+$rc5_obj      = 
+$dso_scheme   = 
+$shared_target= 
+$shared_cflag = 
+$shared_ldflag = 
+$shared_extension = 
+$ranlib       = 
+$arflags      = 
diff --git a/TODO b/TODO
deleted file mode 100644
index 1c3da41cdf..0000000000
--- a/TODO
+++ /dev/null
@@ -1,28 +0,0 @@
-- The loading of the netscape RC4 encrypted key is a crock of pig pellets.
-  It will be reworked along with a nice general mechanism for encrypting
-  ASN.1 stuff. [ Jun 96 ] I've cleaned up private keys internally but
-  still have not done PKCS#8 support.
-
-- Winsock support in s_client/s_server for windows nt/3.1 is a crock.
-  I will probably not get this fixed for a while, it is just there so
-  I could test things.
-
-- Be able to generate DSS certificates.
-
-- Add CRL to the X509 verification stuff, this will probably be added with
-  SSLv3.
-
-+ X509 callback.  I need to callback the application to retrieve certificates
-  and CRL.
-
-*<- designates the things I'm activly working on.
-+<- designates that which I have next in the queue.
-
-====
-
-X509v3 extensions
-verify certificate chains
-X509 cert lookup methods
-RSA/DSA/DH methods mostly for smart cards
-dsa cert generation
-
diff --git a/VERSION b/VERSION
deleted file mode 100644
index 5555e9a3af..0000000000
--- a/VERSION
+++ /dev/null
@@ -1,24 +0,0 @@
-SSLeay 0.8.1
-	- Mostly bug fixes.  There is an Ephemeral DH cipher problem which
-	  is fixed.
-
-SSLeay 0.8.0
-	- New release, for those that are wondering what happend to
-	  0.7.x, call it our internal development version :-)
-	- There have been lots of changes, mostly the addition of SSLv3.
-	- There have been many additions from people and amongst
-	  others, C2Net has assisted greatly.
-
-SSLeay 0.6.6
-	SSLeay 0.8.0 is not upward compatable with SSLeay 0.6.6, so
-	if your application requires 0.6.6, use it.  There have been
-	lots of bug fixes to 0.8.x that have not been applied to 0.6.6
-	so use 0.8.0+ in preference.
-
-PORTING 0.6.6 to 0.8.0
-	I'll be documenting this over the next few weeks but as
-	pressures have been increasing for making SSLv3 support
-	available I'm shipping it without this documentation as I
-	basically have not had time to write it (too busy earning a
-	living :-)
-
diff --git a/VMS/TODO b/VMS/TODO
new file mode 100644
index 0000000000..359e069191
--- /dev/null
+++ b/VMS/TODO
@@ -0,0 +1,18 @@
+TODO:
+=====
+
+There are a few things that need to be worked out in the VMS version of
+OpenSSL, still:
+
+- Description files. ("Makefile's" :-))
+- Script code to link an already compiled build tree.
+- A VMSINSTALlable version (way in the future, unless someone else hacks).
+- shareable images (DLL for you Windows folks).
+
+There may be other things that I have missed and that may be desirable.
+Please send mail to <openssl-users@openssl.org> or to me directly if you
+have any ideas.
+
+--
+Richard Levitte <richard@levitte.org>
+1999-05-24
diff --git a/VMS/WISHLIST.TXT b/VMS/WISHLIST.TXT
new file mode 100644
index 0000000000..c151fc8ea7
--- /dev/null
+++ b/VMS/WISHLIST.TXT
@@ -0,0 +1,4 @@
+* Have the building procedure contain a LINK-only possibility.
+  Wished by Mark Daniel <mark.daniel@dsto.defence.gov.au>
+
+  One way to enable that is also to go over to DESCRIP.MMS files.
diff --git a/VMS/install.com b/VMS/install.com
new file mode 100644
index 0000000000..f62635f24d
--- /dev/null
+++ b/VMS/install.com
@@ -0,0 +1,72 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 23-MAY-1998 19:22
+$!
+$! P1	root of the directory tree
+$!
+$	IF P1 .EQS. ""
+$	THEN
+$	    WRITE SYS$OUTPUT "First argument missing."
+$	    WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$	    EXIT
+$	ENDIF
+$
+$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
+$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
+$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
+		   - "[000000." - "][" - "[" - "]"
+$	ROOT = ROOT_DEV + "[" + ROOT_DIR
+$
+$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
+$	DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB]
+$	DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB]
+$	DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
+$	DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
+$	DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
+$	DEFINE/NOLOG WRK_SSLCERTS WRK_SSLROOT:[CERTS]
+$	DEFINE/NOLOG WRK_SSLPRIVATE WRK_SSLROOT:[PRIVATE]
+$
+$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
+$	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLINCLUDE:
+$	IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLROOT:[VMS]
+$
+$	IF F$SEARCH("WRK_SSLINCLUDE:vms_idhacks.h") .NES. "" THEN -
+	   DELETE WRK_SSLINCLUDE:vms_idhacks.h;*
+$
+$	OPEN/WRITE SF WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
+$	WRITE SYS$OUTPUT "%OPEN-I-CREATED,  ",F$SEARCH("WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM")," created."
+$	WRITE SF "$! Startup file for Openssl 0.9.2-RL 15-Mar-1999"
+$	WRITE SF "$!"
+$	WRITE SF "$! Do not edit this file, as it will be regenerated during next installation."
+$	WRITE SF "$! Instead, add or change SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
+$	WRITE SF "$!"
+$	WRITE SF "$! P1	a qualifier to DEFINE.  For example ""/SYSTEM"" to get the logical names"
+$	WRITE SF "$!	defined in the system logical name table."
+$	WRITE SF "$!"
+$	WRITE SF "$	ARCH = ""VAX"""
+$	WRITE SF "$	IF F$GETSYI(""CPU"") .GE. 128 THEN ARCH = ""ALPHA"""
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLROOT		",ROOT,".] /TRANS=CONC"
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLLIB		SSLROOT:['ARCH'_LIB]"
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLINCLUDE	SSLROOT:[INCLUDE]"
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLEXE		SSLROOT:['ARCH'_EXE]"
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLCERTS	SSLROOT:[CERTS]"
+$	WRITE SF "$	DEFINE/NOLOG'P1	SSLPRIVATE	SSLROOT:[PRIVATE]"
+$	WRITE SF "$"
+$	WRITE SF "$!	This is program can include <openssl/{foo}.h>"
+$	WRITE SF "$	DEFINE/NOLOG'P1	OPENSSL		SSLINCLUDE:"
+$	WRITE SF "$"
+$	WRITE SF "$	IF F$SEARCH(""SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"") .NES."""" THEN -"
+$	WRITE SF "	   @SSLROOT:[VMS]OPENSSL_SYSTARTUP.COM"
+$	WRITE SF "$"
+$	WRITE SF "$	EXIT"
+$	CLOSE SF
+$	SET FILE/PROT=WORLD:RE WRK_SSLROOT:[VMS]OPENSSL_STARTUP.COM
+$
+$	COPY OPENSSL_UTILS.COM WRK_SSLROOT:[VMS]/LOG
+$	SET FILE/PROT=WORLD:RE WRK_SSLROOT:[VMS]OPENSSL_UTILS.COM
+$
+$	EXIT
diff --git a/VMS/mkshared.com b/VMS/mkshared.com
new file mode 100644
index 0000000000..1356fb9dd7
--- /dev/null
+++ b/VMS/mkshared.com
@@ -0,0 +1,354 @@
+$! MKSHARED.COM -- script to created shareable images on VMS
+$!
+$! No command line parameters.  This should be run at the start of the source
+$! tree (the same directory where one finds INSTALL.VMS).
+$!
+$! Input:	[.UTIL]LIBEAY.NUM,[.AXP.EXE.CRYPTO]LIBCRYPTO.OLB
+$!		[.UTIL]SSLEAY.NUM,[.AXP.EXE.SSL]LIBSSL.OLB
+$! Output:	[.AXP.EXE.CRYPTO]LIBCRYPTO.OPT,.MAP,.EXE
+$!		[.AXP.EXE.SSL]LIBSSL.OPT,.MAP,.EXE
+$!
+$! So far, tests have only been made on VMS for Alpha.  VAX will come in time.
+$! ===========================================================================
+$
+$! ----- Prepare info for processing: version number and file info
+$ gosub read_version_info
+$ if libver .eqs. ""
+$ then
+$   write sys$error "ERROR: Couldn't find any library version info..."
+$   exit
+$ endif
+$
+$ if f$getsyi("CPU") .ge. 128
+$ then
+$   libid  = "Crypto"
+$   libnum = "[.UTIL]LIBEAY.NUM"
+$   libdir = "[.AXP.EXE.CRYPTO]"
+$   libolb = "''libdir'LIBCRYPTO.OLB"
+$   libopt = "''libdir'LIBCRYPTO.OPT"
+$   libmap = "''libdir'LIBCRYPTO.MAP"
+$   libgoal= "''libdir'LIBCRYPTO.EXE"
+$   libref = ""
+$   gosub create_axp_shr
+$   libid  = "SSL"
+$   libnum = "[.UTIL]SSLEAY.NUM"
+$   libdir = "[.AXP.EXE.SSL]"
+$   libolb = "''libdir'LIBSSL.OLB"
+$   libopt = "''libdir'LIBSSL.OPT"
+$   libmap = "''libdir'LIBSSL.MAP"
+$   libgoal= "''libdir'LIBSSL.EXE"
+$   libref = "[.AXP.EXE.CRYPTO]LIBCRYPTO.EXE"
+$   gosub create_axp_shr
+$ else
+$   libtit = "CRYPTO_TRANSFER_VECTOR"
+$   libid  = "Crypto"
+$   libnum = "[.UTIL]LIBEAY.NUM"
+$   libdir = "[.VAX.EXE.CRYPTO]"
+$   libmar = "''libdir'LIBCRYPTO.MAR"
+$   libolb = "''libdir'LIBCRYPTO.OLB"
+$   libopt = "''libdir'LIBCRYPTO.OPT"
+$   libobj = "''libdir'LIBCRYPTO.OBJ"
+$   libmap = "''libdir'LIBCRYPTO.MAP"
+$   libgoal= "''libdir'LIBCRYPTO.EXE"
+$   libref = ""
+$   libvec = "LIBCRYPTO"
+$   gosub create_vax_shr
+$   libtit = "SSL_TRANSFER_VECTOR"
+$   libid  = "SSL"
+$   libnum = "[.UTIL]SSLEAY.NUM"
+$   libdir = "[.VAX.EXE.SSL]"
+$   libmar = "''libdir'LIBSSL.MAR"
+$   libolb = "''libdir'LIBSSL.OLB"
+$   libopt = "''libdir'LIBSSL.OPT"
+$   libobj = "''libdir'LIBSSL.OBJ"
+$   libmap = "''libdir'LIBSSL.MAP"
+$   libgoal= "''libdir'LIBSSL.EXE"
+$   libref = "[.VAX.EXE.CRYPTO]LIBCRYPTO.EXE"
+$   libvec = "LIBSSL"
+$   gosub create_vax_shr
+$ endif
+$ exit
+$
+$! ----- Soubroutines to actually build the shareable libraries
+$! The way things work, there's a main shareable library creator for each
+$! supported architecture, which is called from the main code above.
+$! The creator will define a number of variables to tell the next levels of
+$! subroutines what routines to use to write to the option files, call the
+$! main processor, read_func_num, and when that is done, it will write version
+$! data at the end of the .opt file, close it, and link the library.
+$!
+$! read_func_num reads through a .num file and calls the writer routine for
+$! each line.  It's also responsible for checking that order is properly kept
+$! in the .num file, check that each line applies to VMS and the architecture,
+$! and to fill in "holes" with dummy entries.
+$!
+$! The creator routines depend on the following variables:
+$! libnum	The name of the .num file to use as input
+$! libolb	The name of the object library to build from
+$! libid	The identification string of the shareable library
+$! libopt	The name of the .opt file to write
+$! libtit	The title of the assembler transfer vector file (VAX only)
+$! libmar	The name of the assembler transfer vector file (VAX only)
+$! libmap	The name of the map file to write
+$! libgoal	The name of the shareable library to write
+$! libref	The name of a shareable library to link in
+$!
+$! read_func_num depends on the following variables from the creator:
+$! libwriter	The name of the writer routine to call for each .num file line
+$! -----
+$
+$! ----- Subroutines for AXP
+$! -----
+$! The creator routine
+$ create_axp_shr:
+$   open/write opt 'libopt'
+$   write opt "identification=""",libid," ",libverstr,""""
+$   write opt libolb,"/lib"
+$   if libref .nes. "" then write opt libref,"/SHARE"
+$   write opt "SYMBOL_VECTOR=(-"
+$   libfirstentry := true
+$   libwrch   := opt
+$   libwriter := write_axp_transfer_entry
+$   textcount = 0
+$   gosub read_func_num
+$   write opt ")"
+$   write opt "GSMATCH=",libvmatch,",",libver
+$   close opt
+$   link/map='libmap'/full/share='libgoal' 'libopt'/option
+$   return
+$
+$! The record writer routine
+$ write_axp_transfer_entry:
+$   if libentry .eqs. ".dummy" then return
+$   if info_kind .eqs. "VARIABLE"
+$   then
+$     pr:=DATA
+$   else
+$     pr:=PROCEDURE
+$   endif
+$   textcount_this = f$length(pr) + f$length(libentry) + 5
+$   if textcount + textcount_this .gt. 1024
+$   then
+$     write opt ")"
+$     write opt "SYMBOL_VECTOR=(-"
+$     textcount = 16
+$     libfirstentry := true
+$   endif
+$   if libfirstentry
+$   then
+$     write 'libwrch' "    ",libentry,"=",pr," -"
+$   else
+$     write 'libwrch' "    ,",libentry,"=",pr," -"
+$   endif
+$   libfirstentry := false
+$   textcount = textcount + textcount_this
+$   return
+$
+$! ----- Subroutines for AXP
+$! -----
+$! The creator routine
+$ create_vax_shr:
+$   open/write mar 'libmar'
+$   type sys$input:/out=mar:
+;
+; Transfer vector for VAX shareable image
+;
+$   write mar "	.TITLE ",libtit
+$   write mar "	.IDENT /",libid,"/"
+$   type sys$input:/out=mar:
+;
+; Define macro to assist in building transfer vector entries.  Each entry
+; should take no more than 8 bytes.
+;
+	.MACRO FTRANSFER_ENTRY routine
+	.ALIGN QUAD
+	.TRANSFER routine
+	.MASK	routine
+	JMP	routine+2
+	.ENDM FTRANSFER_ENTRY
+;
+; Place entries in own program section.
+;
+$   write mar "	.PSECT $$",libvec,",QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT"
+$   write mar libvec,"_xfer:"
+$   libwrch   := mar
+$   libwriter := write_vax_ftransfer_entry
+$   gosub read_func_num
+$   type sys$input:/out=mar:
+;
+; Allocate extra storage at end of vector to allow for expansion.
+;
+$   write mar "	.BLKB 32768-<.-",libvec,"_xfer>	; 64 pages total."
+$!   libwriter := write_vax_vtransfer_entry
+$!   gosub read_func_num
+$   write mar "	.END"
+$   close mar
+$   open/write opt 'libopt'
+$   write opt "identification=""",libid," ",libverstr,""""
+$   write opt libobj
+$   write opt libolb,"/lib"
+$   if libref .nes. "" then write opt libref,"/SHARE"
+$   type sys$input:/out=opt:
+!
+! Ensure transfer vector is at beginning of image
+!
+CLUSTER=FIRST
+$   write opt "COLLECT=FIRST,$$",libvec
+$   write opt "GSMATCH=",libvmatch,",",libver
+$   type sys$input:/out=opt:
+!
+! make psects nonshareable so image can be installed.
+!
+PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT
+$   libwrch   := opt
+$   libwriter := write_vax_psect_attr
+$   gosub read_func_num
+$   close opt
+$   macro/obj='libobj' 'libmar'
+$   link/map='libmap'/full/share='libgoal' 'libopt'/option
+$   return
+$
+$! The record writer routine for VAX functions
+$ write_vax_ftransfer_entry:
+$   if info_kind .nes. "FUNCTION" then return
+$   if libentry .eqs ".dummy"
+$   then
+$     write 'libwrch' "	.BLKB 8" ! Dummy is zeroes...
+$   else
+$     write 'libwrch' "	FTRANSFER_ENTRY ",libentry
+$   endif
+$   return
+$! The record writer routine for VAX variables (should never happen!)
+$ write_vax_psect_attr:
+$   if info_kind .nes. "VARIABLE" then return
+$   if libentry .eqs ".dummy" then return
+$   write 'libwrch' "PSECT_ATTR=",libentry,",NOSHR"
+$   return
+$
+$! ----- Common subroutines
+$! -----
+$! The .num file reader.  This one has great responsability.
+$ read_func_num:
+$   open libnum 'libnum'
+$   goto read_nums
+$
+$ read_nums:
+$   libentrynum=0
+$   liblastentry:=false
+$   entrycount=0
+$   loop:
+$     read/end=loop_end/err=loop_end libnum line
+$     entrynum=f$int(f$element(1," ",f$edit(line,"COMPRESS,TRIM")))
+$     entryinfo=f$element(2," ",f$edit(line,"COMPRESS,TRIM"))
+$     curentry=f$element(0," ",f$edit(line,"COMPRESS,TRIM"))
+$     info_exist=f$element(0,":",entryinfo)
+$     info_platforms=","+f$element(1,":",entryinfo)+","
+$     info_kind=f$element(2,":",entryinfo)
+$     info_algorithms=","+f$element(3,":",entryinfo)+","
+$     if info_exist .eqs. "NOEXIST" then goto loop
+$     truesum = 0
+$     falsesum = 0
+$     negatives = 1
+$     plat_i = 0
+$     loop1:
+$       plat_entry = f$element(plat_i,",",info_platforms)
+$       plat_i = plat_i + 1
+$       if plat_entry .eqs. "" then goto loop1
+$       if plat_entry .nes. ","
+$       then
+$         if f$extract(0,1,plat_entry) .nes. "!" then negatives = 0
+$         if f$getsyi("CPU") .lt. 128
+$         then
+$           if plat_entry .eqs. "EXPORT_VAR_AS_FUNCTION" then -
+$             truesum = truesum + 1
+$           if plat_entry .eqs. "!EXPORT_VAR_AS_FUNCTION" then -
+$             falsesum = falsesum + 1
+$         endif
+$         if plat_entry .eqs. "VMS" then truesum = truesum + 1
+$         if plat_entry .eqs. "!VMS" then falsesum = falsesum + 1
+$	  goto loop1
+$       endif
+$     endloop1:
+$!DEBUG!$     if info_platforms - "EXPORT_VAR_AS_FUNCTION" .nes. info_platforms
+$!DEBUG!$     then
+$!DEBUG!$       write sys$output line
+$!DEBUG!$       write sys$output "        truesum = ",truesum,-
+$!DEBUG!		", negatives = ",negatives,", falsesum = ",falsesum
+$!DEBUG!$     endif
+$     if falsesum .ne. 0 then goto loop
+$     if truesum+negatives .eq. 0 then goto loop
+$     alg_i = 0
+$     loop2:
+$       alg_entry = f$element(alg_i,",",info_algorithms)
+$	alg_i = alg_i + 1
+$       if alg_entry .eqs. "" then goto loop2
+$       if alg_entry .nes. ","
+$       then
+$         if alg_entry .eqs. "KRB5" then goto loop ! Special for now
+$	  if alg_entry .eqs. "STATIC_ENGINE" then goto loop ! Special for now
+$         if f$trnlnm("OPENSSL_NO_"+alg_entry) .nes. "" then goto loop
+$	  goto loop2
+$       endif
+$     endloop2:
+$     if info_platforms - "EXPORT_VAR_AS_FUNCTION" .nes. info_platforms
+$     then
+$!DEBUG!$     write sys$output curentry," ; ",entrynum," ; ",entryinfo
+$     endif
+$   redo:
+$     next:=loop
+$     tolibentry=curentry
+$     if libentrynum .ne. entrynum
+$     then
+$       entrycount=entrycount+1
+$       if entrycount .lt. entrynum
+$       then
+$!DEBUG!$         write sys$output "Info: entrycount: ''entrycount', entrynum: ''entrynum' => 0"
+$         tolibentry=".dummy"
+$         next:=redo
+$       endif
+$       if entrycount .gt. entrynum
+$       then
+$         write sys$error "Decreasing library entry numbers!  Can't continue"
+$         write sys$error """",line,""""
+$         close libnum
+$         return
+$       endif
+$       libentry=tolibentry
+$!DEBUG!$       write sys$output entrycount," ",libentry," ",entryinfo
+$       if libentry .nes. "" .and. libwriter .nes. "" then gosub 'libwriter'
+$     else
+$       write sys$error "Info: ""''curentry'"" is an alias for ""''libentry'"".  Overriding..."
+$     endif
+$     libentrynum=entrycount
+$     goto 'next'
+$   loop_end:
+$   close libnum
+$   return
+$
+$! The version number reader
+$ read_version_info:
+$   libver = ""
+$   open/read vf [.CRYPTO]OPENSSLV.H
+$   loop_rvi:
+$     read/err=endloop_rvi/end=endloop_rvi vf rvi_line
+$     if rvi_line - "SHLIB_VERSION_NUMBER """ .eqs. rvi_line then -
+	goto loop_rvi
+$     libverstr = f$element(1,"""",rvi_line)
+$     libvmajor = f$element(0,".",libverstr)
+$     libvminor = f$element(1,".",libverstr)
+$     libvedit = f$element(2,".",libverstr)
+$     libvpatch = f$cvui(0,8,f$extract(1,1,libvedit)+"@")-f$cvui(0,8,"@")
+$     libvedit = f$extract(0,1,libvedit)
+$     libver = f$string(f$int(libvmajor)*100)+","+-
+	f$string(f$int(libvminor)*100+f$int(libvedit)*10+f$int(libvpatch))
+$     if libvmajor .eqs. "0"
+$     then
+$       libvmatch = "EQUAL"
+$     else
+$       ! Starting with the 1.0 release, backward compatibility should be
+$       ! kept, so switch over to the following
+$       libvmatch = "LEQUAL"
+$     endif
+$   endloop_rvi:
+$   close vf
+$   return
diff --git a/VMS/multinet_shr.opt b/VMS/multinet_shr.opt
new file mode 100644
index 0000000000..610f42dddb
--- /dev/null
+++ b/VMS/multinet_shr.opt
@@ -0,0 +1 @@
+multinet:multinet_socket_library.exe/share
diff --git a/VMS/openssl_utils.com b/VMS/openssl_utils.com
new file mode 100644
index 0000000000..ddc107394f
--- /dev/null
+++ b/VMS/openssl_utils.com
@@ -0,0 +1,38 @@
+$!
+$!  APPS.COM
+$!  Written By:  Robert Byer
+$!               Vice-President
+$!               A-Com Computing, Inc.
+$!               byer@mail.all-net.net
+$!
+$!
+$! Slightly modified by Richard Levitte <richard@levitte.org>
+$!
+$ OPENSSL  :== $SSLEXE:OPENSSL
+$ VERIFY   :== $SSLEXE:OPENSSL VERIFY
+$ ASN1PARSE:== $SSLEXE:OPENSSL ASN1PARS
+$ REQ      :== $SSLEXE:OPENSSL REQ
+$ DGST     :== $SSLEXE:OPENSSL DGST
+$ DH       :== $SSLEXE:OPENSSL DH
+$ ENC      :== $SSLEXE:OPENSSL ENC
+$ GENDH    :== $SSLEXE:OPENSSL GENDH
+$ ERRSTR   :== $SSLEXE:OPENSSL ERRSTR
+$ CA       :== $SSLEXE:OPENSSL CA
+$ CRL      :== $SSLEXE:OPENSSL CRL
+$ RSA      :== $SSLEXE:OPENSSL RSA
+$ DSA      :== $SSLEXE:OPENSSL DSA
+$ DSAPARAM :== $SSLEXE:OPENSSL DSAPARAM
+$ X509     :== $SSLEXE:OPENSSL X509
+$ GENRSA   :== $SSLEXE:OPENSSL GENRSA
+$ GENDSA   :== $SSLEXE:OPENSSL GENDSA
+$ S_SERVER :== $SSLEXE:OPENSSL S_SERVER
+$ S_CLIENT :== $SSLEXE:OPENSSL S_CLIENT
+$ SPEED    :== $SSLEXE:OPENSSL SPEED
+$ S_TIME   :== $SSLEXE:OPENSSL S_TIME
+$ VERSION  :== $SSLEXE:OPENSSL VERSION
+$ PKCS7    :== $SSLEXE:OPENSSL PKCS7
+$ CRL2PKCS7:== $SSLEXE:OPENSSL CRL2P7
+$ SESS_ID  :== $SSLEXE:OPENSSL SESS_ID
+$ CIPHERS  :== $SSLEXE:OPENSSL CIPHERS
+$ NSEQ     :== $SSLEXE:OPENSSL NSEQ
+$ PKCS12   :== $SSLEXE:OPENSSL PKCS12
diff --git a/VMS/socketshr_shr.opt b/VMS/socketshr_shr.opt
new file mode 100644
index 0000000000..f6e3131626
--- /dev/null
+++ b/VMS/socketshr_shr.opt
@@ -0,0 +1 @@
+socketshr/share
diff --git a/VMS/test-includes.com b/VMS/test-includes.com
new file mode 100644
index 0000000000..c1d7ccd0ee
--- /dev/null
+++ b/VMS/test-includes.com
@@ -0,0 +1,28 @@
+$! Quick script to check how well including individual header files works
+$! on VMS, even when the VMS macro isn't defined.
+$
+$	sav_def = f$env("DEFAULT")
+$	here = f$parse("A.;0",f$ENV("PROCEDURE")) - "A.;0"
+$	set default 'here'
+$	set default [-.include.openssl]
+$	define openssl 'f$env("DEFAULT")'
+$	set default [--]
+$
+$ loop:
+$	f = f$search("openssl:*.h")
+$	if f .eqs. "" then goto loop_end
+$	write sys$output "Checking ",f
+$	open/write foo foo.c
+$	write foo "#undef VMS"
+$	write foo "#include <stdio.h>"
+$	write foo "#include <openssl/",f$parse(f,,,"NAME"),".h>"
+$	write foo "main()"
+$	write foo "{printf(""foo\n"");}"
+$	close foo
+$	cc/STANDARD=ANSI89/NOLIST/PREFIX=ALL foo.c
+$	delete foo.c;
+$	goto loop
+$ loop_end:
+$	set default 'save_def'
+$	exit
+
diff --git a/VMS/ucx_shr_decc.opt b/VMS/ucx_shr_decc.opt
new file mode 100644
index 0000000000..28d84f4af6
--- /dev/null
+++ b/VMS/ucx_shr_decc.opt
@@ -0,0 +1 @@
+sys$share:ucx$ipc_shr.exe/share
diff --git a/VMS/ucx_shr_decc_log.opt b/VMS/ucx_shr_decc_log.opt
new file mode 100644
index 0000000000..c9d9a96d09
--- /dev/null
+++ b/VMS/ucx_shr_decc_log.opt
@@ -0,0 +1 @@
+ucx$ipc_shr/share
diff --git a/VMS/ucx_shr_vaxc.opt b/VMS/ucx_shr_vaxc.opt
new file mode 100644
index 0000000000..86bfaf0d07
--- /dev/null
+++ b/VMS/ucx_shr_vaxc.opt
@@ -0,0 +1 @@
+sys$library:ucx$ipc.olb/library
diff --git a/apps/.cvsignore b/apps/.cvsignore
new file mode 100644
index 0000000000..cdd6c00dae
--- /dev/null
+++ b/apps/.cvsignore
@@ -0,0 +1,5 @@
+openssl
+Makefile.save
+der_chop
+der_chop.bak
+CA.pl
diff --git a/apps/CA.com b/apps/CA.com
new file mode 100644
index 0000000000..02682e424a
--- /dev/null
+++ b/apps/CA.com
@@ -0,0 +1,220 @@
+$! CA - wrapper around ca to make it easier to use ... basically ca requires
+$!      some setup stuff to be done before you can use it and this makes
+$!      things easier between now and when Eric is convinced to fix it :-)
+$!
+$! CA -newca ... will setup the right stuff
+$! CA -newreq ... will generate a certificate request 
+$! CA -sign ... will sign the generated request and output 
+$!
+$! At the end of that grab newreq.pem and newcert.pem (one has the key 
+$! and the other the certificate) and cat them together and that is what
+$! you want/need ... I'll make even this a little cleaner later.
+$!
+$!
+$! 12-Jan-96 tjh    Added more things ... including CA -signcert which
+$!                  converts a certificate to a request and then signs it.
+$! 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
+$!                 environment variable so this can be driven from
+$!                 a script.
+$! 25-Jul-96 eay    Cleaned up filenames some more.
+$! 11-Jun-96 eay    Fixed a few filename missmatches.
+$! 03-May-96 eay    Modified to use 'openssl cmd' instead of 'cmd'.
+$! 18-Apr-96 tjh    Original hacking
+$!
+$! Tim Hudson
+$! tjh@cryptsoft.com
+$!
+$!
+$! default ssleay.cnf file has setup as per the following
+$! demoCA ... where everything is stored
+$
+$ IF F$TYPE(SSLEAY_CONFIG) .EQS. "" THEN SSLEAY_CONFIG := SSLLIB:SSLEAY.CNF
+$
+$ DAYS   = "-days 365"
+$ REQ    = openssl + " req " + SSLEAY_CONFIG
+$ CA     = openssl + " ca " + SSLEAY_CONFIG
+$ VERIFY = openssl + " verify"
+$ X509   = openssl + " x509"
+$ PKCS12 = openssl + " pkcs12"
+$ echo   = "write sys$Output"
+$!
+$ s = F$PARSE(F$ENVIRONMENT("DEFAULT"),"[]") - "].;"
+$ CATOP  := 's'.demoCA
+$ CAKEY  := ]cakey.pem
+$ CACERT := ]cacert.pem
+$
+$ __INPUT := SYS$COMMAND
+$ RET = 1
+$!
+$ i = 1
+$opt_loop:
+$ if i .gt. 8 then goto opt_loop_end
+$
+$ prog_opt = F$EDIT(P'i',"lowercase")
+$
+$ IF (prog_opt .EQS. "?" .OR. prog_opt .EQS. "-h" .OR. prog_opt .EQS. "-help") 
+$ THEN
+$   echo "usage: CA -newcert|-newreq|-newca|-sign|-verify" 
+$   exit
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-input")
+$ THEN
+$   ! Get input from somewhere other than SYS$COMMAND
+$   i = i + 1
+$   __INPUT = P'i'
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-newcert")
+$ THEN
+$   ! Create a certificate.
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   REQ -new -x509 -keyout newreq.pem -out newreq.pem 'DAYS'
+$   RET=$STATUS
+$   echo "Certificate (and private key) is in newreq.pem"
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-newreq")
+$ THEN
+$   ! Create a certificate request
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   REQ -new -keyout newreq.pem -out newreq.pem 'DAYS'
+$   RET=$STATUS
+$   echo "Request (and private key) is in newreq.pem"
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-newca")
+$ THEN
+$   ! If explicitly asked for or it doesn't exist then setup the directory
+$   ! structure that Eric likes to manage things.
+$   IF F$SEARCH(CATOP+"]serial.") .EQS. ""
+$   THEN
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP']
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.certs]
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.crl]
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.newcerts]
+$     CREATE /DIR /PROTECTION=OWNER:RWED 'CATOP'.private]
+$
+$     OPEN   /WRITE ser_file 'CATOP']serial. 
+$     WRITE ser_file "01"
+$     CLOSE ser_file
+$     APPEND/NEW NL: 'CATOP']index.txt
+$
+$     ! The following is to make sure access() doesn't get confused.  It
+$     ! really needs one file in the directory to give correct answers...
+$     COPY NLA0: 'CATOP'.certs].;
+$     COPY NLA0: 'CATOP'.crl].;
+$     COPY NLA0: 'CATOP'.newcerts].;
+$     COPY NLA0: 'CATOP'.private].;
+$   ENDIF
+$!
+$   IF F$SEARCH(CATOP+".private"+CAKEY) .EQS. ""
+$   THEN
+$     READ '__INPUT' FILE -
+	   /PROMT="CA certificate filename (or enter to create)"
+$     IF F$SEARCH(FILE) .NES. ""
+$     THEN
+$       COPY 'FILE' 'CATOP'.private'CAKEY'
+$	RET=$STATUS
+$     ELSE
+$       echo "Making CA certificate ..."
+$       DEFINE/USER SYS$INPUT '__INPUT'
+$       REQ -new -x509 -keyout 'CATOP'.private'CAKEY' -
+		       -out 'CATOP''CACERT' 'DAYS'
+$	RET=$STATUS
+$     ENDIF
+$   ENDIF
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-pkcs12")
+$ THEN
+$   i = i + 1
+$   cname = P'i'
+$   IF cname .EQS. "" THEN cname = "My certificate"
+$   PKCS12 -in newcert.pem -inkey newreq.pem -certfile 'CATOP''CACERT -
+	   -out newcert.p12 -export -name "''cname'"
+$   RET=$STATUS
+$   exit RET
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-xsign")
+$ THEN
+$!
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   CA -policy policy_anything -infiles newreq.pem
+$   RET=$STATUS
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF ((prog_opt .EQS. "-sign") .OR. (prog_opt .EQS. "-signreq"))
+$ THEN
+$!   
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   CA -policy policy_anything -out newcert.pem -infiles newreq.pem
+$   RET=$STATUS
+$   type newcert.pem
+$   echo "Signed certificate is in newcert.pem"
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-signcert")
+$  THEN
+$!   
+$   echo "Cert passphrase will be requested twice - bug?"
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   X509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
+$   DEFINE/USER SYS$INPUT '__INPUT'
+$   CA -policy policy_anything -out newcert.pem -infiles tmp.pem
+y
+y
+$   type newcert.pem
+$   echo "Signed certificate is in newcert.pem"
+$   GOTO opt_loop_continue
+$ ENDIF
+$!
+$ IF (prog_opt .EQS. "-verify")
+$ THEN
+$!   
+$   i = i + 1
+$   IF (p'i' .EQS. "")
+$   THEN
+$     DEFINE/USER SYS$INPUT '__INPUT'
+$     VERIFY "-CAfile" 'CATOP''CACERT' newcert.pem
+$   ELSE
+$     j = i
+$    verify_opt_loop:
+$     IF j .GT. 8 THEN GOTO verify_opt_loop_end
+$     IF p'j' .NES. ""
+$     THEN 
+$       DEFINE/USER SYS$INPUT '__INPUT'
+$       __tmp = p'j'
+$       VERIFY "-CAfile" 'CATOP''CACERT' '__tmp'
+$       tmp=$STATUS
+$       IF tmp .NE. 0 THEN RET=tmp
+$     ENDIF
+$     j = j + 1
+$     GOTO verify_opt_loop
+$    verify_opt_loop_end:
+$   ENDIF
+$   
+$   GOTO opt_loop_end
+$ ENDIF
+$!
+$ IF (prog_opt .NES. "")
+$ THEN
+$!   
+$   echo "Unknown argument ''prog_opt'"
+$   
+$   EXIT 3
+$ ENDIF
+$
+$opt_loop_continue:
+$ i = i + 1
+$ GOTO opt_loop
+$
+$opt_loop_end:
+$ EXIT 'RET'
diff --git a/apps/CA.pl.in b/apps/CA.pl.in
new file mode 100644
index 0000000000..8b2ce7ea42
--- /dev/null
+++ b/apps/CA.pl.in
@@ -0,0 +1,173 @@
+#!/usr/local/bin/perl
+#
+# CA - wrapper around ca to make it easier to use ... basically ca requires
+#      some setup stuff to be done before you can use it and this makes
+#      things easier between now and when Eric is convinced to fix it :-)
+#
+# CA -newca ... will setup the right stuff
+# CA -newreq[-nodes] ... will generate a certificate request 
+# CA -sign ... will sign the generated request and output 
+#
+# At the end of that grab newreq.pem and newcert.pem (one has the key 
+# and the other the certificate) and cat them together and that is what
+# you want/need ... I'll make even this a little cleaner later.
+#
+#
+# 12-Jan-96 tjh    Added more things ... including CA -signcert which
+#                  converts a certificate to a request and then signs it.
+# 10-Jan-96 eay    Fixed a few more bugs and added the SSLEAY_CONFIG
+#		   environment variable so this can be driven from
+#		   a script.
+# 25-Jul-96 eay    Cleaned up filenames some more.
+# 11-Jun-96 eay    Fixed a few filename missmatches.
+# 03-May-96 eay    Modified to use 'ssleay cmd' instead of 'cmd'.
+# 18-Apr-96 tjh    Original hacking
+#
+# Tim Hudson
+# tjh@cryptsoft.com
+#
+
+# 27-Apr-98 snh    Translation into perl, fix existing CA bug.
+#
+#
+# Steve Henson
+# shenson@bigfoot.com
+
+# default openssl.cnf file has setup as per the following
+# demoCA ... where everything is stored
+
+$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
+$DAYS="-days 365";
+$REQ="openssl req $SSLEAY_CONFIG";
+$CA="openssl ca $SSLEAY_CONFIG";
+$VERIFY="openssl verify";
+$X509="openssl x509";
+$PKCS12="openssl pkcs12";
+
+$CATOP="./demoCA";
+$CAKEY="cakey.pem";
+$CACERT="cacert.pem";
+
+$DIRMODE = 0777;
+
+$RET = 0;
+
+foreach (@ARGV) {
+	if ( /^(-\?|-h|-help)$/ ) {
+	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
+	    exit 0;
+	} elsif (/^-newcert$/) {
+	    # create a certificate
+	    system ("$REQ -new -x509 -keyout newreq.pem -out newreq.pem $DAYS");
+	    $RET=$?;
+	    print "Certificate (and private key) is in newreq.pem\n"
+	} elsif (/^-newreq$/) {
+	    # create a certificate request
+	    system ("$REQ -new -keyout newreq.pem -out newreq.pem $DAYS");
+	    $RET=$?;
+	    print "Request (and private key) is in newreq.pem\n";
+	} elsif (/^-newreq-nodes$/) {
+	    # create a certificate request
+	    system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem $DAYS");
+	    $RET=$?;
+	    print "Request (and private key) is in newreq.pem\n";
+	} elsif (/^-newca$/) {
+		# if explicitly asked for or it doesn't exist then setup the
+		# directory structure that Eric likes to manage things 
+	    $NEW="1";
+	    if ( "$NEW" || ! -f "${CATOP}/serial" ) {
+		# create the directory hierarchy
+		mkdir $CATOP, $DIRMODE;
+		mkdir "${CATOP}/certs", $DIRMODE;
+		mkdir "${CATOP}/crl", $DIRMODE ;
+		mkdir "${CATOP}/newcerts", $DIRMODE;
+		mkdir "${CATOP}/private", $DIRMODE;
+		open OUT, ">${CATOP}/serial";
+		print OUT "01\n";
+		close OUT;
+		open OUT, ">${CATOP}/index.txt";
+		close OUT;
+	    }
+	    if ( ! -f "${CATOP}/private/$CAKEY" ) {
+		print "CA certificate filename (or enter to create)\n";
+		$FILE = <STDIN>;
+
+		chop $FILE;
+
+		# ask user for existing CA certificate
+		if ($FILE) {
+		    cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE");
+		    cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
+		    $RET=$?;
+		} else {
+		    print "Making CA certificate ...\n";
+		    system ("$REQ -new -x509 -keyout " .
+			"${CATOP}/private/$CAKEY -out ${CATOP}/$CACERT $DAYS");
+		    $RET=$?;
+		}
+	    }
+	} elsif (/^-pkcs12$/) {
+	    my $cname = $ARGV[1];
+	    $cname = "My Certificate" unless defined $cname;
+	    system ("$PKCS12 -in newcert.pem -inkey newreq.pem " .
+			"-certfile ${CATOP}/$CACERT -out newcert.p12 " .
+			"-export -name \"$cname\"");
+	    $RET=$?;
+	    exit $RET;
+	} elsif (/^-xsign$/) {
+	    system ("$CA -policy policy_anything -infiles newreq.pem");
+	    $RET=$?;
+	} elsif (/^(-sign|-signreq)$/) {
+	    system ("$CA -policy policy_anything -out newcert.pem " .
+							"-infiles newreq.pem");
+	    $RET=$?;
+	    print "Signed certificate is in newcert.pem\n";
+	} elsif (/^(-signCA)$/) {
+	    system ("$CA -policy policy_anything -out newcert.pem " .
+					"-extensions v3_ca -infiles newreq.pem");
+	    $RET=$?;
+	    print "Signed CA certificate is in newcert.pem\n";
+	} elsif (/^-signcert$/) {
+	    system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " .
+								"-out tmp.pem");
+	    system ("$CA -policy policy_anything -out newcert.pem " .
+							"-infiles tmp.pem");
+	    $RET = $?;
+	    print "Signed certificate is in newcert.pem\n";
+	} elsif (/^-verify$/) {
+	    if (shift) {
+		foreach $j (@ARGV) {
+		    system ("$VERIFY -CAfile $CATOP/$CACERT $j");
+		    $RET=$? if ($? != 0);
+		}
+		exit $RET;
+	    } else {
+		    system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem");
+		    $RET=$?;
+	    	    exit 0;
+	    }
+	} else {
+	    print STDERR "Unknown arg $_\n";
+	    print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
+	    exit 1;
+	}
+}
+
+exit $RET;
+
+sub cp_pem {
+my ($infile, $outfile, $bound) = @_;
+open IN, $infile;
+open OUT, ">$outfile";
+my $flag = 0;
+while (<IN>) {
+	$flag = 1 if (/^-----BEGIN.*$bound/) ;
+	print OUT $_ if ($flag);
+	if (/^-----END.*$bound/) {
+		close IN;
+		close OUT;
+		return;
+	}
+}
+}
+
diff --git a/apps/CA.sh b/apps/CA.sh
index 1942b985a2..d9f3069fb2 100644
--- a/apps/CA.sh
+++ b/apps/CA.sh
@@ -27,14 +27,14 @@
 # tjh@cryptsoft.com
 #
 
-# default ssleay.cnf file has setup as per the following
+# default openssl.cnf file has setup as per the following
 # demoCA ... where everything is stored
 
 DAYS="-days 365"
-REQ="ssleay req $SSLEAY_CONFIG"
-CA="ssleay ca $SSLEAY_CONFIG"
-VERIFY="ssleay verify"
-X509="ssleay x509"
+REQ="openssl req $SSLEAY_CONFIG"
+CA="openssl ca $SSLEAY_CONFIG"
+VERIFY="openssl verify"
+X509="openssl x509"
 
 CATOP=./demoCA
 CAKEY=./cakey.pem
@@ -60,7 +60,7 @@ case $i in
     echo "Request (and private key) is in newreq.pem"
     ;;
 -newca)     
-    # if explictly asked for or it doesn't exist then setup the directory
+    # if explicitly asked for or it doesn't exist then setup the directory
     # structure that Eric likes to manage things 
     NEW="1"
     if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl
index 1cace40ab7..1908f8dd34 100644
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
@@ -1,65 +1,74 @@
 #
-# SSLeay/apps/Makefile.ssl
+#  apps/Makefile.ssl
 #
 
 DIR=		apps
 TOP=		..
 CC=		cc
-INCLUDES=	-I../include
+INCLUDES=	-I$(TOP) -I../include $(KRB5_INCLUDES)
 CFLAG=		-g -static
+INSTALL_PREFIX=
 INSTALLTOP=	/usr/local/ssl
+OPENSSLDIR=	/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
-RM=		/bin/rm -f
+PERL=		perl
+RM=		rm -f
+# KRB5 stuff
+KRB5_INCLUDES=
+LIBKRB5=
 
 PEX_LIBS=
 EX_LIBS= 
+EXE_EXT= 
+
+SHLIB_TARGET=
 
 CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
 
-GENERAL=Makefile
+GENERAL=Makefile makeapps.com install.com
 
 DLIBCRYPTO=../libcrypto.a
 DLIBSSL=../libssl.a
 LIBCRYPTO=-L.. -lcrypto
 LIBSSL=-L.. -lssl
 
-SSLEAY= ssleay
+PROGRAM= openssl
 
-SCRIPTS=CA.sh der_chop
+SCRIPTS=CA.sh CA.pl der_chop
 
-EXE= $(SSLEAY)
+EXE= $(PROGRAM)$(EXE_EXT)
 
-E_EXE=	verify asn1pars req dgst dh enc gendh errstr ca crl \
-	rsa dsa dsaparam \
-	x509 genrsa s_server s_client speed \
-	s_time version pkcs7 crl2pkcs7 sess_id ciphers
+E_EXE=	verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
+	ca crl rsa rsautl dsa dsaparam ec ecparam \
+	x509 genrsa gendsa s_server s_client speed \
+	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
+	pkcs8 spkac smime rand engine ocsp
 
-PROGS= $(SSLEAY).c
+PROGS= $(PROGRAM).c
 
 A_OBJ=apps.o
 A_SRC=apps.c
 S_OBJ=	s_cb.o s_socket.o
 S_SRC=	s_cb.c s_socket.c
+RAND_OBJ=app_rand.o
+RAND_SRC=app_rand.c
 
-E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \
-	pkcs7.o crl2p7.o crl.o \
-	rsa.o dsa.o dsaparam.o \
-	x509.o genrsa.o s_server.o s_client.o speed.o \
-	s_time.o $(A_OBJ) $(S_OBJ) version.o sess_id.o \
-	ciphers.o
-
-#	pem_mail.o
+E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \
+	ca.o pkcs7.o crl2p7.o crl.o \
+	rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o \
+	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
+	s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
+	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o engine.o ocsp.o
 
-E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \
+E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
 	pkcs7.c crl2p7.c crl.c \
-	rsa.c dsa.c dsaparam.c \
-	x509.c genrsa.c s_server.c s_client.c speed.c \
-	s_time.c $(A_SRC) $(S_SRC) version.c sess_id.c \
-	ciphers.c
-
-#	pem_mail.c
+	rsa.c rsautl.c dsa.c dsaparam.c ec.c ecparam.c \
+	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
+	s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
+	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c engine.c ocsp.c
 
 SRC=$(E_SRC)
 
@@ -75,29 +84,32 @@ top:
 
 all:	exe
 
-exe:	$(EXE)
+exe:	$(PROGRAM)
 
 req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
-	$(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	$(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(RAND_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
 
 sreq.o: req.c 
 	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
-install: mklinks
-	@for i in $(EXE) $(SCRIPTS) mklinks; \
+install:
+	@for i in $(EXE); \
+	do  \
+	(echo installing $$i; \
+	 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
+	 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+	 done;
+	@for i in $(SCRIPTS); \
 	do  \
 	(echo installing $$i; \
-	 cp $$i $(INSTALLTOP)/bin/$$i; \
-	 chmod 755 $(INSTALLTOP)/bin/$$i ); \
-	 done; \
-	cp ssleay.cnf $(INSTALLTOP)/lib
-	chmod 644 $(INSTALLTOP)/lib/ssleay.cnf
-	cd $(INSTALLTOP)/bin; \
-	/bin/sh ./mklinks; \
-	/bin/rm -f ./mklinks
+	 cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \
+	 chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
+	 done
+	@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR); \
+	chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
 
 tags:
 	ctags $(SRC)
@@ -105,40 +117,1140 @@ tags:
 tests:
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(SRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
-errors:
-
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
-	/bin/rm -f req
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
+	rm -f req
 
 $(DLIBSSL):
-	(cd ../ssl; $(MAKE))
+	(cd ..; $(MAKE) DIRS=ssl all)
 
 $(DLIBCRYPTO):
-	(cd ../crypto; $(MAKE))
+	(cd ..; $(MAKE) DIRS=crypto all)
 
-$(SSLEAY): progs.h $(E_OBJ) $(SSLEAY).o $(DLIBCRYPTO) $(DLIBSSL)
-	$(RM) $(SSLEAY)
-	$(CC) -o $(SSLEAY) $(CFLAGS) $(SSLEAY).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+	$(RM) $(PROGRAM)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
+	-(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \
+		LIBPATH="`pwd`"; LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; \
+		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+		elif [ "$(PLATFORM)" != "Cygwin" ];  then PATH="`pwd`:$$PATH"; fi; \
+		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+		$(PERL) tools/c_rehash certs)
 
-progs.h:
-	perl ./g_ssleay.pl $(E_EXE) >progs.h
-	$(RM) $(SSLEAY).o
-
-mklinks:
-	perl ./g_ssleay.pl $(E_EXE) >progs.h
+progs.h: progs.pl
+	$(PERL) progs.pl $(E_EXE) >progs.h
+	$(RM) $(PROGRAM).o
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+app_rand.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+app_rand.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+app_rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+app_rand.o: ../include/openssl/cast.h ../include/openssl/conf.h
+app_rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
+app_rand.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+app_rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+app_rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+app_rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+app_rand.o: ../include/openssl/err.h ../include/openssl/evp.h
+app_rand.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+app_rand.o: ../include/openssl/md2.h ../include/openssl/md4.h
+app_rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+app_rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+app_rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+app_rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+app_rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+app_rand.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+app_rand.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+app_rand.o: ../include/openssl/x509_vfy.h app_rand.c apps.h
+apps.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+apps.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+apps.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+apps.o: ../include/openssl/cast.h ../include/openssl/conf.h
+apps.o: ../include/openssl/crypto.h ../include/openssl/des.h
+apps.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+apps.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+apps.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+apps.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+apps.o: ../include/openssl/err.h ../include/openssl/evp.h
+apps.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+apps.o: ../include/openssl/md2.h ../include/openssl/md4.h
+apps.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+apps.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+apps.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+apps.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+apps.o: ../include/openssl/sha.h ../include/openssl/stack.h
+apps.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+apps.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+apps.o: ../include/openssl/x509v3.h apps.c apps.h
+asn1pars.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+asn1pars.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+asn1pars.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+asn1pars.o: ../include/openssl/cast.h ../include/openssl/conf.h
+asn1pars.o: ../include/openssl/crypto.h ../include/openssl/des.h
+asn1pars.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+asn1pars.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+asn1pars.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+asn1pars.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
+asn1pars.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+asn1pars.o: ../include/openssl/md2.h ../include/openssl/md4.h
+asn1pars.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+asn1pars.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+asn1pars.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+asn1pars.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+asn1pars.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+asn1pars.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+asn1pars.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+asn1pars.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+asn1pars.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+asn1pars.o: ../include/openssl/x509_vfy.h apps.h asn1pars.c
+ca.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ca.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ca.o: ../include/openssl/cast.h ../include/openssl/conf.h
+ca.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ca.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ca.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ca.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ca.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+ca.o: ../include/openssl/err.h ../include/openssl/evp.h
+ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ca.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ca.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ca.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+ca.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ca.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+ca.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ca.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ca.o: ../include/openssl/sha.h ../include/openssl/stack.h
+ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+ca.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ca.o: ../include/openssl/x509v3.h apps.h ca.c
+ciphers.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ciphers.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ciphers.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ciphers.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ciphers.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ciphers.o: ../include/openssl/des.h ../include/openssl/des_old.h
+ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ciphers.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ciphers.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ciphers.o: ../include/openssl/engine.h ../include/openssl/err.h
+ciphers.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ciphers.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ciphers.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ciphers.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ciphers.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+ciphers.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ciphers.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+ciphers.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+ciphers.o: ciphers.c
+crl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+crl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+crl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+crl.o: ../include/openssl/cast.h ../include/openssl/conf.h
+crl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+crl.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+crl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+crl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+crl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+crl.o: ../include/openssl/err.h ../include/openssl/evp.h
+crl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+crl.o: ../include/openssl/md2.h ../include/openssl/md4.h
+crl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+crl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+crl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+crl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+crl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+crl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+crl.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h crl.c
+crl2p7.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+crl2p7.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+crl2p7.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+crl2p7.o: ../include/openssl/cast.h ../include/openssl/conf.h
+crl2p7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+crl2p7.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+crl2p7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+crl2p7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+crl2p7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
+crl2p7.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+crl2p7.o: ../include/openssl/md2.h ../include/openssl/md4.h
+crl2p7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+crl2p7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+crl2p7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+crl2p7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+crl2p7.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+crl2p7.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+crl2p7.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+crl2p7.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+crl2p7.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+crl2p7.o: ../include/openssl/x509_vfy.h apps.h crl2p7.c
+dgst.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dgst.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dgst.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dgst.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dgst.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dgst.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dgst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+dgst.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
+dgst.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+dgst.o: ../include/openssl/md2.h ../include/openssl/md4.h
+dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dgst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dgst.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+dgst.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+dgst.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+dgst.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+dgst.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+dgst.o: ../include/openssl/x509_vfy.h apps.h dgst.c
+dh.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dh.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dh.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dh.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+dh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+dh.o: ../include/openssl/err.h ../include/openssl/evp.h
+dh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+dh.o: ../include/openssl/md2.h ../include/openssl/md4.h
+dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+dh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+dh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+dh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+dh.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+dh.o: ../include/openssl/x509_vfy.h apps.h dh.c
+dsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+dsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+dsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+dsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
+dsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+dsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+dsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+dsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+dsa.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+dsa.o: ../include/openssl/x509_vfy.h apps.h dsa.c
+dsaparam.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+dsaparam.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+dsaparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+dsaparam.o: ../include/openssl/cast.h ../include/openssl/conf.h
+dsaparam.o: ../include/openssl/crypto.h ../include/openssl/des.h
+dsaparam.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+dsaparam.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+dsaparam.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
+dsaparam.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+dsaparam.o: ../include/openssl/md2.h ../include/openssl/md4.h
+dsaparam.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+dsaparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+dsaparam.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+dsaparam.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+dsaparam.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+dsaparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+dsaparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+dsaparam.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+dsaparam.o: ../include/openssl/x509_vfy.h apps.h dsaparam.c
+ec.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ec.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ec.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ec.o: ../include/openssl/cast.h ../include/openssl/conf.h
+ec.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ec.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ec.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ec.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ec.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+ec.o: ../include/openssl/err.h ../include/openssl/evp.h
+ec.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ec.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ec.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ec.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ec.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ec.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ec.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ec.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+ec.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ec.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ec.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ec.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ec.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+ec.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ec.o: ../include/openssl/x509_vfy.h apps.h ec.c
+ecparam.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ecparam.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ecparam.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ecparam.o: ../include/openssl/cast.h ../include/openssl/conf.h
+ecparam.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ecparam.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ecparam.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ecparam.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ecparam.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+ecparam.o: ../include/openssl/err.h ../include/openssl/evp.h
+ecparam.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ecparam.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ecparam.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ecparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ecparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ecparam.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ecparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ecparam.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+ecparam.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ecparam.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ecparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ecparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ecparam.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+ecparam.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ecparam.o: ../include/openssl/x509_vfy.h apps.h ecparam.c
+enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+enc.o: ../include/openssl/cast.h ../include/openssl/conf.h
+enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
+enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+enc.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+enc.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
+enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+enc.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+enc.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+enc.o: ../include/openssl/x509_vfy.h apps.h enc.c
+engine.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+engine.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+engine.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+engine.o: ../include/openssl/cast.h ../include/openssl/comp.h
+engine.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+engine.o: ../include/openssl/des.h ../include/openssl/des_old.h
+engine.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+engine.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+engine.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+engine.o: ../include/openssl/engine.h ../include/openssl/err.h
+engine.o: ../include/openssl/evp.h ../include/openssl/idea.h
+engine.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+engine.o: ../include/openssl/md2.h ../include/openssl/md4.h
+engine.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+engine.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+engine.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+engine.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+engine.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+engine.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+engine.o: engine.c
+errstr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+errstr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+errstr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+errstr.o: ../include/openssl/cast.h ../include/openssl/comp.h
+errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+errstr.o: ../include/openssl/des.h ../include/openssl/des_old.h
+errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+errstr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+errstr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+errstr.o: ../include/openssl/engine.h ../include/openssl/err.h
+errstr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+errstr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+errstr.o: ../include/openssl/md2.h ../include/openssl/md4.h
+errstr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+errstr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+errstr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+errstr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+errstr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+errstr.o: errstr.c
+gendh.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+gendh.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+gendh.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+gendh.o: ../include/openssl/cast.h ../include/openssl/conf.h
+gendh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+gendh.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+gendh.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+gendh.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
+gendh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+gendh.o: ../include/openssl/md2.h ../include/openssl/md4.h
+gendh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+gendh.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+gendh.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+gendh.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+gendh.o: ../include/openssl/x509_vfy.h apps.h gendh.c
+gendsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+gendsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+gendsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+gendsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+gendsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+gendsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+gendsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+gendsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+gendsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
+gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+gendsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+gendsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+gendsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+gendsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+gendsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+gendsa.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+gendsa.o: ../include/openssl/x509_vfy.h apps.h gendsa.c
+genrsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+genrsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+genrsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+genrsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+genrsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+genrsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+genrsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+genrsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+genrsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+genrsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
+genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+genrsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+genrsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+genrsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+genrsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+genrsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+genrsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+genrsa.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+genrsa.o: ../include/openssl/x509_vfy.h apps.h genrsa.c
+nseq.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+nseq.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+nseq.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+nseq.o: ../include/openssl/cast.h ../include/openssl/conf.h
+nseq.o: ../include/openssl/crypto.h ../include/openssl/des.h
+nseq.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+nseq.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+nseq.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+nseq.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
+nseq.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+nseq.o: ../include/openssl/md2.h ../include/openssl/md4.h
+nseq.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+nseq.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+nseq.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+nseq.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+nseq.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+nseq.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+nseq.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+nseq.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+nseq.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+nseq.o: ../include/openssl/x509_vfy.h apps.h nseq.c
+ocsp.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ocsp.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ocsp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ocsp.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ocsp.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ocsp.o: ../include/openssl/des.h ../include/openssl/des_old.h
+ocsp.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h
+ocsp.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ocsp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ocsp.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ocsp.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ocsp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ocsp.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h
+ocsp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ocsp.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ocsp.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+ocsp.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ocsp.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ocsp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ocsp.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ocsp.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+ocsp.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c
+openssl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+openssl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+openssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+openssl.o: ../include/openssl/cast.h ../include/openssl/comp.h
+openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+openssl.o: ../include/openssl/des.h ../include/openssl/des_old.h
+openssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+openssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+openssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+openssl.o: ../include/openssl/engine.h ../include/openssl/err.h
+openssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+openssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+openssl.o: ../include/openssl/md2.h ../include/openssl/md4.h
+openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+openssl.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+openssl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+openssl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+openssl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+openssl.o: openssl.c progs.h s_apps.h
+passwd.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+passwd.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+passwd.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+passwd.o: ../include/openssl/cast.h ../include/openssl/conf.h
+passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
+passwd.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+passwd.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+passwd.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+passwd.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
+passwd.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+passwd.o: ../include/openssl/md2.h ../include/openssl/md4.h
+passwd.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+passwd.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+passwd.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+passwd.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+passwd.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+passwd.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+passwd.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+passwd.o: ../include/openssl/x509_vfy.h apps.h passwd.c
+pkcs12.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+pkcs12.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+pkcs12.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+pkcs12.o: ../include/openssl/cast.h ../include/openssl/conf.h
+pkcs12.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs12.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+pkcs12.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+pkcs12.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs12.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+pkcs12.o: ../include/openssl/md2.h ../include/openssl/md4.h
+pkcs12.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkcs12.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+pkcs12.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+pkcs12.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+pkcs12.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h
+pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+pkcs12.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+pkcs12.o: pkcs12.c
+pkcs7.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+pkcs7.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+pkcs7.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+pkcs7.o: ../include/openssl/cast.h ../include/openssl/conf.h
+pkcs7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs7.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+pkcs7.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+pkcs7.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs7.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+pkcs7.o: ../include/openssl/md2.h ../include/openssl/md4.h
+pkcs7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkcs7.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+pkcs7.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+pkcs7.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+pkcs7.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+pkcs7.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+pkcs7.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+pkcs7.o: ../include/openssl/x509_vfy.h apps.h pkcs7.c
+pkcs8.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+pkcs8.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+pkcs8.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+pkcs8.o: ../include/openssl/cast.h ../include/openssl/conf.h
+pkcs8.o: ../include/openssl/crypto.h ../include/openssl/des.h
+pkcs8.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+pkcs8.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+pkcs8.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
+pkcs8.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+pkcs8.o: ../include/openssl/md2.h ../include/openssl/md4.h
+pkcs8.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+pkcs8.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+pkcs8.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+pkcs8.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+pkcs8.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h
+pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+pkcs8.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h pkcs8.c
+rand.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+rand.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+rand.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+rand.o: ../include/openssl/cast.h ../include/openssl/conf.h
+rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rand.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+rand.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rand.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+rand.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+rand.o: ../include/openssl/err.h ../include/openssl/evp.h
+rand.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+rand.o: ../include/openssl/md2.h ../include/openssl/md4.h
+rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rand.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rand.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+rand.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+rand.o: ../include/openssl/x509_vfy.h apps.h rand.c
+req.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+req.o: ../include/openssl/des.h ../include/openssl/des_old.h
+req.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+req.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+req.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+req.o: ../include/openssl/engine.h ../include/openssl/err.h
+req.o: ../include/openssl/evp.h ../include/openssl/idea.h
+req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+req.o: ../include/openssl/md4.h ../include/openssl/md5.h
+req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+req.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+req.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+req.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+req.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+req.o: ../include/openssl/sha.h ../include/openssl/stack.h
+req.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+req.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+req.o: ../include/openssl/x509v3.h apps.h req.c
+rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+rsa.o: ../include/openssl/cast.h ../include/openssl/conf.h
+rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+rsa.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+rsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+rsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
+rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsa.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+rsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+rsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rsa.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+rsa.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+rsa.o: ../include/openssl/x509_vfy.h apps.h rsa.c
+rsautl.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+rsautl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+rsautl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+rsautl.o: ../include/openssl/cast.h ../include/openssl/conf.h
+rsautl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rsautl.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rsautl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+rsautl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h
+rsautl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+rsautl.o: ../include/openssl/md2.h ../include/openssl/md4.h
+rsautl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rsautl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+rsautl.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+rsautl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+rsautl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rsautl.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+rsautl.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+rsautl.o: ../include/openssl/x509_vfy.h apps.h rsautl.c
+s_cb.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_cb.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_cb.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_cb.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_cb.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_cb.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_cb.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s_cb.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s_cb.o: ../include/openssl/engine.h ../include/openssl/err.h
+s_cb.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_cb.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s_cb.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s_cb.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_cb.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s_cb.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_cb.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_cb.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_cb.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h s_apps.h
+s_cb.o: s_cb.c
+s_client.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_client.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_client.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_client.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_client.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s_client.o: ../include/openssl/engine.h ../include/openssl/err.h
+s_client.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_client.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s_client.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s_client.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_client.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s_client.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_client.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_client.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_client.o: s_apps.h s_client.c
+s_server.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_server.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_server.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_server.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_server.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_server.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s_server.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s_server.o: ../include/openssl/engine.h ../include/openssl/err.h
+s_server.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_server.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s_server.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s_server.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_server.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s_server.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_server.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_server.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_server.o: s_apps.h s_server.c
+s_socket.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_socket.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_socket.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_socket.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_socket.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_socket.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s_socket.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s_socket.o: ../include/openssl/engine.h ../include/openssl/err.h
+s_socket.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s_socket.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s_socket.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_socket.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s_socket.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_socket.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_socket.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_socket.o: s_apps.h s_socket.c
+s_time.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s_time.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s_time.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s_time.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+s_time.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s_time.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s_time.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s_time.o: ../include/openssl/engine.h ../include/openssl/err.h
+s_time.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s_time.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s_time.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s_time.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s_time.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s_time.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s_time.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+s_time.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+s_time.o: s_apps.h s_time.c
+sess_id.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+sess_id.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+sess_id.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+sess_id.o: ../include/openssl/cast.h ../include/openssl/comp.h
+sess_id.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+sess_id.o: ../include/openssl/des.h ../include/openssl/des_old.h
+sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+sess_id.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+sess_id.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+sess_id.o: ../include/openssl/engine.h ../include/openssl/err.h
+sess_id.o: ../include/openssl/evp.h ../include/openssl/idea.h
+sess_id.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+sess_id.o: ../include/openssl/md2.h ../include/openssl/md4.h
+sess_id.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+sess_id.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+sess_id.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+sess_id.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h
+sess_id.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+sess_id.o: sess_id.c
+smime.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+smime.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+smime.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+smime.o: ../include/openssl/cast.h ../include/openssl/conf.h
+smime.o: ../include/openssl/crypto.h ../include/openssl/des.h
+smime.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+smime.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+smime.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+smime.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+smime.o: ../include/openssl/err.h ../include/openssl/evp.h
+smime.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+smime.o: ../include/openssl/md2.h ../include/openssl/md4.h
+smime.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+smime.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+smime.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+smime.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+smime.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+smime.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+smime.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+smime.o: ../include/openssl/x509_vfy.h apps.h smime.c
+speed.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+speed.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+speed.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+speed.o: ../include/openssl/cast.h ../include/openssl/conf.h
+speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
+speed.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+speed.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+speed.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+speed.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+speed.o: ../include/openssl/err.h ../include/openssl/evp.h
+speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
+speed.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+speed.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
+speed.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+speed.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h speed.c
+speed.o: testdsa.h testrsa.h
+spkac.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+spkac.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+spkac.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+spkac.o: ../include/openssl/cast.h ../include/openssl/conf.h
+spkac.o: ../include/openssl/crypto.h ../include/openssl/des.h
+spkac.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+spkac.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+spkac.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
+spkac.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+spkac.o: ../include/openssl/md2.h ../include/openssl/md4.h
+spkac.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+spkac.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+spkac.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+spkac.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+spkac.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+spkac.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+spkac.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+spkac.o: ../include/openssl/x509_vfy.h apps.h spkac.c
+verify.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+verify.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+verify.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+verify.o: ../include/openssl/cast.h ../include/openssl/conf.h
+verify.o: ../include/openssl/crypto.h ../include/openssl/des.h
+verify.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+verify.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+verify.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+verify.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+verify.o: ../include/openssl/err.h ../include/openssl/evp.h
+verify.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+verify.o: ../include/openssl/md2.h ../include/openssl/md4.h
+verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+verify.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+verify.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+verify.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+verify.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+verify.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+verify.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+verify.o: verify.c
+version.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+version.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+version.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+version.o: ../include/openssl/cast.h ../include/openssl/conf.h
+version.o: ../include/openssl/crypto.h ../include/openssl/des.h
+version.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+version.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+version.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+version.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+version.o: ../include/openssl/err.h ../include/openssl/evp.h
+version.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+version.o: ../include/openssl/md2.h ../include/openssl/md4.h
+version.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+version.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+version.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+version.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+version.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+version.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+version.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+version.o: ../include/openssl/x509_vfy.h apps.h version.c
+x509.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+x509.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+x509.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+x509.o: ../include/openssl/cast.h ../include/openssl/conf.h
+x509.o: ../include/openssl/crypto.h ../include/openssl/des.h
+x509.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+x509.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+x509.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+x509.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+x509.o: ../include/openssl/err.h ../include/openssl/evp.h
+x509.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+x509.o: ../include/openssl/md2.h ../include/openssl/md4.h
+x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+x509.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+x509.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+x509.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+x509.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+x509.o: ../include/openssl/txt_db.h ../include/openssl/ui.h
+x509.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h x509.c
diff --git a/apps/app_rand.c b/apps/app_rand.c
new file mode 100644
index 0000000000..b7b6128c1e
--- /dev/null
+++ b/apps/app_rand.c
@@ -0,0 +1,218 @@
+/* apps/app_rand.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define NON_MAIN
+#include "apps.h"
+#undef NON_MAIN
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+
+
+static int seeded = 0;
+static int egdsocket = 0;
+
+int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
+	{
+	int consider_randfile = (file == NULL);
+	char buffer[200];
+	
+#ifdef OPENSSL_SYS_WINDOWS
+	BIO_printf(bio_e,"Loading 'screen' into random state -");
+	BIO_flush(bio_e);
+	RAND_screen();
+	BIO_printf(bio_e," done\n");
+#endif
+
+	if (file == NULL)
+		file = RAND_file_name(buffer, sizeof buffer);
+	else if (RAND_egd(file) > 0)
+		{
+		/* we try if the given filename is an EGD socket.
+		   if it is, we don't write anything back to the file. */
+		egdsocket = 1;
+		return 1;
+		}
+	if (file == NULL || !RAND_load_file(file, -1))
+		{
+		if (RAND_status() == 0)
+			{
+			if (!dont_warn)
+				{
+				BIO_printf(bio_e,"unable to load 'random state'\n");
+				BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
+				BIO_printf(bio_e,"with much random data.\n");
+				if (consider_randfile) /* explanation does not apply when a file is explicitly named */
+					{
+					BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
+					BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
+					}
+				}
+			return 0;
+			}
+		}
+	seeded = 1;
+	return 1;
+	}
+
+long app_RAND_load_files(char *name)
+	{
+	char *p,*n;
+	int last;
+	long tot=0;
+	int egd;
+	
+	for (;;)
+		{
+		last=0;
+		for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
+		if (*p == '\0') last=1;
+		*p='\0';
+		n=name;
+		name=p+1;
+		if (*n == '\0') break;
+
+		egd=RAND_egd(n);
+		if (egd > 0)
+			tot+=egd;
+		else
+			tot+=RAND_load_file(n,-1);
+		if (last) break;
+		}
+	if (tot > 512)
+		app_RAND_allow_write_file();
+	return(tot);
+	}
+
+int app_RAND_write_file(const char *file, BIO *bio_e)
+	{
+	char buffer[200];
+	
+	if (egdsocket || !seeded)
+		/* If we did not manage to read the seed file,
+		 * we should not write a low-entropy seed file back --
+		 * it would suppress a crucial warning the next time
+		 * we want to use it. */
+		return 0;
+
+	if (file == NULL)
+		file = RAND_file_name(buffer, sizeof buffer);
+	if (file == NULL || !RAND_write_file(file))
+		{
+		BIO_printf(bio_e,"unable to write 'random state'\n");
+		return 0;
+		}
+	return 1;
+	}
+
+void app_RAND_allow_write_file(void)
+	{
+	seeded = 1;
+	}
diff --git a/apps/apps.c b/apps/apps.c
index 5f0c8fa539..4a8c9263a7 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -55,31 +55,114 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <ctype.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+#include <openssl/ui.h>
+#include <openssl/safestack.h>
+#include <openssl/engine.h>
+
+#ifdef OPENSSL_SYS_WINDOWS
+#define strcasecmp _stricmp
+#else
+#  ifdef NO_STRINGS_H
+    int	strcasecmp();
+#  else
+#    include <strings.h>
+#  endif /* NO_STRINGS_H */
+#endif
+
 #define NON_MAIN
 #include "apps.h"
 #undef NON_MAIN
 
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
 #  include "bss_file.c"
 #endif
 
-#ifndef NOPROTO
-int app_init(long mesgwin);
-#else
-int app_init();
+typedef struct {
+	char *name;
+	unsigned long flag;
+	unsigned long mask;
+} NAME_EX_TBL;
+
+static UI_METHOD *ui_method = NULL;
+
+static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
+static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl);
+
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+/* Looks like this stuff is worth moving into separate function */
+static EVP_PKEY *
+load_netscape_key(BIO *err, BIO *key, const char *file,
+		const char *key_descrip, int format);
 #endif
 
+int app_init(long mesgwin);
 #ifdef undef /* never finished - probably never will be :-) */
-int args_from_file(file,argc,argv)
-char *file;
-int *argc;
-char **argv[];
+int args_from_file(char *file, int *argc, char **argv[])
 	{
 	FILE *fp;
 	int num,i;
@@ -99,8 +182,8 @@ char **argv[];
 	*argv=NULL;
 
 	len=(unsigned int)stbuf.st_size;
-	if (buf != NULL) Free(buf);
-	buf=(char *)Malloc(len+1);
+	if (buf != NULL) OPENSSL_free(buf);
+	buf=(char *)OPENSSL_malloc(len+1);
 	if (buf == NULL) return(0);
 
 	len=fread(buf,1,len,fp);
@@ -110,8 +193,8 @@ char **argv[];
 	i=0;
 	for (p=buf; *p; p++)
 		if (*p == '\n') i++;
-	if (arg != NULL) Free(arg);
-	arg=(char **)Malloc(sizeof(char *)*(i*2));
+	if (arg != NULL) OPENSSL_free(arg);
+	arg=(char **)OPENSSL_malloc(sizeof(char *)*(i*2));
 
 	*argv=arg;
 	num=0;
@@ -157,8 +240,7 @@ char **argv[];
 	}
 #endif
 
-int str2fmt(s)
-char *s;
+int str2fmt(char *s)
 	{
 	if 	((*s == 'D') || (*s == 'd'))
 		return(FORMAT_ASN1);
@@ -168,15 +250,20 @@ char *s;
 		return(FORMAT_PEM);
 	else if ((*s == 'N') || (*s == 'n'))
 		return(FORMAT_NETSCAPE);
+	else if ((*s == 'S') || (*s == 's'))
+		return(FORMAT_SMIME);
+	else if ((*s == '1')
+		|| (strcmp(s,"PKCS12") == 0) || (strcmp(s,"pkcs12") == 0)
+		|| (strcmp(s,"P12") == 0) || (strcmp(s,"p12") == 0))
+		return(FORMAT_PKCS12);
+	else if ((*s == 'E') || (*s == 'e'))
+		return(FORMAT_ENGINE);
 	else
 		return(FORMAT_UNDEF);
 	}
 
-#if defined(MSDOS) || defined(WIN32) || defined(WIN16)
-void program_name(in,out,size)
-char *in;
-char *out;
-int size;
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
+void program_name(char *in, char *out, int size)
 	{
 	int i,n;
 	char *p=NULL;
@@ -213,10 +300,35 @@ int size;
 	out[n]='\0';
 	}
 #else
-void program_name(in,out,size)
-char *in;
-char *out;
-int size;
+#ifdef OPENSSL_SYS_VMS
+void program_name(char *in, char *out, int size)
+	{
+	char *p=in, *q;
+	char *chars=":]>";
+
+	while(*chars != '\0')
+		{
+		q=strrchr(p,*chars);
+		if (q > p)
+			p = q + 1;
+		chars++;
+		}
+
+	q=strrchr(p,'.');
+	if (q == NULL)
+		q = p + strlen(p);
+	strncpy(out,p,size-1);
+	if (q-p >= size)
+		{
+		out[size-1]='\0';
+		}
+	else
+		{
+		out[q-p]='\0';
+		}
+	}
+#else
+void program_name(char *in, char *out, int size)
 	{
 	char *p;
 
@@ -225,28 +337,66 @@ int size;
 		p++;
 	else
 		p=in;
-	strncpy(out,p,size-1);
-	out[size-1]='\0';
+	BUF_strlcpy(out,p,size);
 	}
 #endif
+#endif
 
-#ifdef WIN32
-int WIN32_rename(from,to)
-char *from;
-char *to;
+#ifdef OPENSSL_SYS_WIN32
+int WIN32_rename(char *from, char *to)
+	{
+#ifndef OPENSSL_SYS_WINCE
+	/* Windows rename gives an error if 'to' exists, so delete it
+	 * first and ignore file not found errror
+	 */
+	if((remove(to) != 0) && (errno != ENOENT))
+		return -1;
+#undef rename
+	return rename(from, to);
+#else
+	/* convert strings to UNICODE */
 	{
-	int ret;
+	BOOL result = FALSE;
+	WCHAR* wfrom;
+	WCHAR* wto;
+	int i;
+	wfrom = malloc((strlen(from)+1)*2);
+	wto = malloc((strlen(to)+1)*2);
+	if (wfrom != NULL && wto != NULL)
+		{
+		for (i=0; i<(int)strlen(from)+1; i++)
+			wfrom[i] = (short)from[i];
+		for (i=0; i<(int)strlen(to)+1; i++)
+			wto[i] = (short)to[i];
+		result = MoveFile(wfrom, wto);
+		}
+	if (wfrom != NULL)
+		free(wfrom);
+	if (wto != NULL)
+		free(wto);
+	return result;
+	}
+#endif
+	}
+#endif
 
-	ret=MoveFileEx(from,to,MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED);
-	return(ret?0:-1);
+#ifdef OPENSSL_SYS_VMS
+int VMS_strcasecmp(const char *str1, const char *str2)
+	{
+	while (*str1 && *str2)
+		{
+		int res = toupper(*str1) - toupper(*str2);
+		if (res) return res < 0 ? -1 : 1;
+		}
+	if (*str1)
+		return 1;
+	if (*str2)
+		return -1;
+	return 0;
 	}
 #endif
 
-int chopup_args(arg,buf,argc,argv)
-ARGS *arg;
-char *buf;
-int *argc;
-char **argv[];
+int chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
 	{
 	int num,len,i;
 	char *p;
@@ -259,7 +409,7 @@ char **argv[];
 	if (arg->count == 0)
 		{
 		arg->count=20;
-		arg->data=(char **)Malloc(sizeof(char *)*arg->count);
+		arg->data=(char **)OPENSSL_malloc(sizeof(char *)*arg->count);
 		}
 	for (i=0; i<arg->count; i++)
 		arg->data[i]=NULL;
@@ -278,7 +428,7 @@ char **argv[];
 		if (num >= arg->count)
 			{
 			arg->count+=20;
-			arg->data=(char **)Realloc(arg->data,
+			arg->data=(char **)OPENSSL_realloc(arg->data,
 				sizeof(char *)*arg->count);
 			if (argc == 0) return(0);
 			}
@@ -312,9 +462,959 @@ char **argv[];
 	}
 
 #ifndef APP_INIT
-int app_init(mesgwin)
-long mesgwin;
+int app_init(long mesgwin)
 	{
 	return(1);
 	}
 #endif
+
+
+int dump_cert_text (BIO *out, X509 *x)
+{
+	char *p;
+
+	p=X509_NAME_oneline(X509_get_subject_name(x),NULL,0);
+	BIO_puts(out,"subject=");
+	BIO_puts(out,p);
+	OPENSSL_free(p);
+
+	p=X509_NAME_oneline(X509_get_issuer_name(x),NULL,0);
+	BIO_puts(out,"\nissuer=");
+	BIO_puts(out,p);
+	BIO_puts(out,"\n");
+	OPENSSL_free(p);
+
+	return 0;
+}
+
+static int ui_open(UI *ui)
+	{
+	return UI_method_get_opener(UI_OpenSSL())(ui);
+	}
+static int ui_read(UI *ui, UI_STRING *uis)
+	{
+	if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+		&& UI_get0_user_data(ui))
+		{
+		switch(UI_get_string_type(uis))
+			{
+		case UIT_PROMPT:
+		case UIT_VERIFY:
+			{
+			const char *password =
+				((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+			if (password[0] != '\0')
+				{
+				UI_set_result(ui, uis, password);
+				return 1;
+				}
+			}
+		default:
+			break;
+			}
+		}
+	return UI_method_get_reader(UI_OpenSSL())(ui, uis);
+	}
+static int ui_write(UI *ui, UI_STRING *uis)
+	{
+	if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+		&& UI_get0_user_data(ui))
+		{
+		switch(UI_get_string_type(uis))
+			{
+		case UIT_PROMPT:
+		case UIT_VERIFY:
+			{
+			const char *password =
+				((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+			if (password[0] != '\0')
+				return 1;
+			}
+		default:
+			break;
+			}
+		}
+	return UI_method_get_writer(UI_OpenSSL())(ui, uis);
+	}
+static int ui_close(UI *ui)
+	{
+	return UI_method_get_closer(UI_OpenSSL())(ui);
+	}
+int setup_ui_method(void)
+	{
+	ui_method = UI_create_method("OpenSSL application user interface");
+	UI_method_set_opener(ui_method, ui_open);
+	UI_method_set_reader(ui_method, ui_read);
+	UI_method_set_writer(ui_method, ui_write);
+	UI_method_set_closer(ui_method, ui_close);
+	return 0;
+	}
+void destroy_ui_method(void)
+	{
+	if(ui_method)
+		{
+		UI_destroy_method(ui_method);
+		ui_method = NULL;
+		}
+	}
+int password_callback(char *buf, int bufsiz, int verify,
+	PW_CB_DATA *cb_tmp)
+	{
+	UI *ui = NULL;
+	int res = 0;
+	const char *prompt_info = NULL;
+	const char *password = NULL;
+	PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
+
+	if (cb_data)
+		{
+		if (cb_data->password)
+			password = cb_data->password;
+		if (cb_data->prompt_info)
+			prompt_info = cb_data->prompt_info;
+		}
+
+	if (password)
+		{
+		res = strlen(password);
+		if (res > bufsiz)
+			res = bufsiz;
+		memcpy(buf, password, res);
+		return res;
+		}
+
+	ui = UI_new_method(ui_method);
+	if (ui)
+		{
+		int ok = 0;
+		char *buff = NULL;
+		int ui_flags = 0;
+		char *prompt = NULL;
+
+		prompt = UI_construct_prompt(ui, "pass phrase",
+			cb_data->prompt_info);
+
+		ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
+		UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+
+		if (ok >= 0)
+			ok = UI_add_input_string(ui,prompt,ui_flags,buf,
+				PW_MIN_LENGTH,BUFSIZ-1);
+		if (ok >= 0 && verify)
+			{
+			buff = (char *)OPENSSL_malloc(bufsiz);
+			ok = UI_add_verify_string(ui,prompt,ui_flags,buff,
+				PW_MIN_LENGTH,BUFSIZ-1, buf);
+			}
+		if (ok >= 0)
+			do
+				{
+				ok = UI_process(ui);
+				}
+			while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+
+		if (buff)
+			{
+			OPENSSL_cleanse(buff,(unsigned int)bufsiz);
+			OPENSSL_free(buff);
+			}
+
+		if (ok >= 0)
+			res = strlen(buf);
+		if (ok == -1)
+			{
+			BIO_printf(bio_err, "User interface error\n");
+			ERR_print_errors(bio_err);
+			OPENSSL_cleanse(buf,(unsigned int)bufsiz);
+			res = 0;
+			}
+		if (ok == -2)
+			{
+			BIO_printf(bio_err,"aborted!\n");
+			OPENSSL_cleanse(buf,(unsigned int)bufsiz);
+			res = 0;
+			}
+		UI_free(ui);
+		OPENSSL_free(prompt);
+		}
+	return res;
+	}
+
+static char *app_get_pass(BIO *err, char *arg, int keepbio);
+
+int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2)
+{
+	int same;
+	if(!arg2 || !arg1 || strcmp(arg1, arg2)) same = 0;
+	else same = 1;
+	if(arg1) {
+		*pass1 = app_get_pass(err, arg1, same);
+		if(!*pass1) return 0;
+	} else if(pass1) *pass1 = NULL;
+	if(arg2) {
+		*pass2 = app_get_pass(err, arg2, same ? 2 : 0);
+		if(!*pass2) return 0;
+	} else if(pass2) *pass2 = NULL;
+	return 1;
+}
+
+static char *app_get_pass(BIO *err, char *arg, int keepbio)
+{
+	char *tmp, tpass[APP_PASS_LEN];
+	static BIO *pwdbio = NULL;
+	int i;
+	if(!strncmp(arg, "pass:", 5)) return BUF_strdup(arg + 5);
+	if(!strncmp(arg, "env:", 4)) {
+		tmp = getenv(arg + 4);
+		if(!tmp) {
+			BIO_printf(err, "Can't read environment variable %s\n", arg + 4);
+			return NULL;
+		}
+		return BUF_strdup(tmp);
+	}
+	if(!keepbio || !pwdbio) {
+		if(!strncmp(arg, "file:", 5)) {
+			pwdbio = BIO_new_file(arg + 5, "r");
+			if(!pwdbio) {
+				BIO_printf(err, "Can't open file %s\n", arg + 5);
+				return NULL;
+			}
+		} else if(!strncmp(arg, "fd:", 3)) {
+			BIO *btmp;
+			i = atoi(arg + 3);
+			if(i >= 0) pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
+			if((i < 0) || !pwdbio) {
+				BIO_printf(err, "Can't access file descriptor %s\n", arg + 3);
+				return NULL;
+			}
+			/* Can't do BIO_gets on an fd BIO so add a buffering BIO */
+			btmp = BIO_new(BIO_f_buffer());
+			pwdbio = BIO_push(btmp, pwdbio);
+		} else if(!strcmp(arg, "stdin")) {
+			pwdbio = BIO_new_fp(stdin, BIO_NOCLOSE);
+			if(!pwdbio) {
+				BIO_printf(err, "Can't open BIO for stdin\n");
+				return NULL;
+			}
+		} else {
+			BIO_printf(err, "Invalid password argument \"%s\"\n", arg);
+			return NULL;
+		}
+	}
+	i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
+	if(keepbio != 1) {
+		BIO_free_all(pwdbio);
+		pwdbio = NULL;
+	}
+	if(i <= 0) {
+		BIO_printf(err, "Error reading password from BIO\n");
+		return NULL;
+	}
+	tmp = strchr(tpass, '\n');
+	if(tmp) *tmp = 0;
+	return BUF_strdup(tpass);
+}
+
+int add_oid_section(BIO *err, CONF *conf)
+{	
+	char *p;
+	STACK_OF(CONF_VALUE) *sktmp;
+	CONF_VALUE *cnf;
+	int i;
+	if(!(p=NCONF_get_string(conf,NULL,"oid_section")))
+		{
+		ERR_clear_error();
+		return 1;
+		}
+	if(!(sktmp = NCONF_get_section(conf, p))) {
+		BIO_printf(err, "problem loading oid section %s\n", p);
+		return 0;
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+		cnf = sk_CONF_VALUE_value(sktmp, i);
+		if(OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
+			BIO_printf(err, "problem creating object %s=%s\n",
+							 cnf->name, cnf->value);
+			return 0;
+		}
+	}
+	return 1;
+}
+
+X509 *load_cert(BIO *err, const char *file, int format,
+	const char *pass, ENGINE *e, const char *cert_descrip)
+	{
+	ASN1_HEADER *ah=NULL;
+	BUF_MEM *buf=NULL;
+	X509 *x=NULL;
+	BIO *cert;
+
+	if ((cert=BIO_new(BIO_s_file())) == NULL)
+		{
+		ERR_print_errors(err);
+		goto end;
+		}
+
+	if (file == NULL)
+		{
+		setvbuf(stdin, NULL, _IONBF, 0);
+		BIO_set_fp(cert,stdin,BIO_NOCLOSE);
+		}
+	else
+		{
+		if (BIO_read_filename(cert,file) <= 0)
+			{
+			BIO_printf(err, "Error opening %s %s\n",
+				cert_descrip, file);
+			ERR_print_errors(err);
+			goto end;
+			}
+		}
+
+	if 	(format == FORMAT_ASN1)
+		x=d2i_X509_bio(cert,NULL);
+	else if (format == FORMAT_NETSCAPE)
+		{
+		unsigned char *p,*op;
+		int size=0,i;
+
+		/* We sort of have to do it this way because it is sort of nice
+		 * to read the header first and check it, then
+		 * try to read the certificate */
+		buf=BUF_MEM_new();
+		for (;;)
+			{
+			if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
+				goto end;
+			i=BIO_read(cert,&(buf->data[size]),1024*10);
+			size+=i;
+			if (i == 0) break;
+			if (i < 0)
+				{
+				perror("reading certificate");
+				goto end;
+				}
+			}
+		p=(unsigned char *)buf->data;
+		op=p;
+
+		/* First load the header */
+		if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
+			goto end;
+		if ((ah->header == NULL) || (ah->header->data == NULL) ||
+			(strncmp(NETSCAPE_CERT_HDR,(char *)ah->header->data,
+			ah->header->length) != 0))
+			{
+			BIO_printf(err,"Error reading header on certificate\n");
+			goto end;
+			}
+		/* header is ok, so now read the object */
+		p=op;
+		ah->meth=X509_asn1_meth();
+		if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
+			goto end;
+		x=(X509 *)ah->data;
+		ah->data=NULL;
+		}
+	else if (format == FORMAT_PEM)
+		x=PEM_read_bio_X509_AUX(cert,NULL,
+			(pem_password_cb *)password_callback, NULL);
+	else if (format == FORMAT_PKCS12)
+		{
+		PKCS12 *p12 = d2i_PKCS12_bio(cert, NULL);
+
+		PKCS12_parse(p12, NULL, NULL, &x, NULL);
+		PKCS12_free(p12);
+		p12 = NULL;
+		}
+	else	{
+		BIO_printf(err,"bad input format specified for %s\n",
+			cert_descrip);
+		goto end;
+		}
+end:
+	if (x == NULL)
+		{
+		BIO_printf(err,"unable to load certificate\n");
+		ERR_print_errors(err);
+		}
+	if (ah != NULL) ASN1_HEADER_free(ah);
+	if (cert != NULL) BIO_free(cert);
+	if (buf != NULL) BUF_MEM_free(buf);
+	return(x);
+	}
+
+EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
+	const char *pass, ENGINE *e, const char *key_descrip)
+	{
+	BIO *key=NULL;
+	EVP_PKEY *pkey=NULL;
+	PW_CB_DATA cb_data;
+
+	cb_data.password = pass;
+	cb_data.prompt_info = file;
+
+	if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
+		{
+		BIO_printf(err,"no keyfile specified\n");
+		goto end;
+		}
+	if (format == FORMAT_ENGINE)
+		{
+		if (!e)
+			BIO_printf(bio_err,"no engine specified\n");
+		else
+			pkey = ENGINE_load_private_key(e, file,
+				ui_method, &cb_data);
+		goto end;
+		}
+	key=BIO_new(BIO_s_file());
+	if (key == NULL)
+		{
+		ERR_print_errors(err);
+		goto end;
+		}
+	if (file == NULL && maybe_stdin)
+		{
+		setvbuf(stdin, NULL, _IONBF, 0);
+		BIO_set_fp(key,stdin,BIO_NOCLOSE);
+		}
+	else
+		if (BIO_read_filename(key,file) <= 0)
+			{
+			BIO_printf(err, "Error opening %s %s\n",
+				key_descrip, file);
+			ERR_print_errors(err);
+			goto end;
+			}
+	if (format == FORMAT_ASN1)
+		{
+		pkey=d2i_PrivateKey_bio(key, NULL);
+		}
+	else if (format == FORMAT_PEM)
+		{
+		pkey=PEM_read_bio_PrivateKey(key,NULL,
+			(pem_password_cb *)password_callback, &cb_data);
+		}
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+	else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
+		pkey = load_netscape_key(err, key, file, key_descrip, format);
+#endif
+	else if (format == FORMAT_PKCS12)
+		{
+		PKCS12 *p12 = d2i_PKCS12_bio(key, NULL);
+
+		PKCS12_parse(p12, pass, &pkey, NULL, NULL);
+		PKCS12_free(p12);
+		p12 = NULL;
+		}
+	else
+		{
+		BIO_printf(err,"bad input format specified for key file\n");
+		goto end;
+		}
+ end:
+	if (key != NULL) BIO_free(key);
+	if (pkey == NULL)
+		BIO_printf(err,"unable to load %s\n", key_descrip);
+	return(pkey);
+	}
+
+EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
+	const char *pass, ENGINE *e, const char *key_descrip)
+	{
+	BIO *key=NULL;
+	EVP_PKEY *pkey=NULL;
+	PW_CB_DATA cb_data;
+
+	cb_data.password = pass;
+	cb_data.prompt_info = file;
+
+	if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE))
+		{
+		BIO_printf(err,"no keyfile specified\n");
+		goto end;
+		}
+	if (format == FORMAT_ENGINE)
+		{
+		if (!e)
+			BIO_printf(bio_err,"no engine specified\n");
+		else
+			pkey = ENGINE_load_public_key(e, file,
+				ui_method, &cb_data);
+		goto end;
+		}
+	key=BIO_new(BIO_s_file());
+	if (key == NULL)
+		{
+		ERR_print_errors(err);
+		goto end;
+		}
+	if (file == NULL && maybe_stdin)
+		{
+		setvbuf(stdin, NULL, _IONBF, 0);
+		BIO_set_fp(key,stdin,BIO_NOCLOSE);
+		}
+	else
+		if (BIO_read_filename(key,file) <= 0)
+			{
+			BIO_printf(err, "Error opening %s %s\n",
+				key_descrip, file);
+			ERR_print_errors(err);
+			goto end;
+		}
+	if (format == FORMAT_ASN1)
+		{
+		pkey=d2i_PUBKEY_bio(key, NULL);
+		}
+	else if (format == FORMAT_PEM)
+		{
+		pkey=PEM_read_bio_PUBKEY(key,NULL,
+			(pem_password_cb *)password_callback, &cb_data);
+		}
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+	else if (format == FORMAT_NETSCAPE || format == FORMAT_IISSGC)
+		pkey = load_netscape_key(err, key, file, key_descrip, format);
+#endif
+	else
+		{
+		BIO_printf(err,"bad input format specified for key file\n");
+		goto end;
+		}
+ end:
+	if (key != NULL) BIO_free(key);
+	if (pkey == NULL)
+		BIO_printf(err,"unable to load %s\n", key_descrip);
+	return(pkey);
+	}
+
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_RSA)
+static EVP_PKEY *
+load_netscape_key(BIO *err, BIO *key, const char *file,
+		const char *key_descrip, int format)
+	{
+	EVP_PKEY *pkey;
+	BUF_MEM *buf;
+	RSA	*rsa;
+	const unsigned char *p;
+	int size, i;
+
+	buf=BUF_MEM_new();
+	pkey = EVP_PKEY_new();
+	size = 0;
+	if (buf == NULL || pkey == NULL)
+		goto error;
+	for (;;)
+		{
+		if (!BUF_MEM_grow_clean(buf,size+1024*10))
+			goto error;
+		i = BIO_read(key, &(buf->data[size]), 1024*10);
+		size += i;
+		if (i == 0)
+			break;
+		if (i < 0)
+			{
+				BIO_printf(err, "Error reading %s %s",
+					key_descrip, file);
+				goto error;
+			}
+		}
+	p=(unsigned char *)buf->data;
+	rsa = d2i_RSA_NET(NULL,&p,(long)size,NULL,
+		(format == FORMAT_IISSGC ? 1 : 0));
+	if (rsa == NULL)
+		goto error;
+	BUF_MEM_free(buf);
+	EVP_PKEY_set1_RSA(pkey, rsa);
+	return pkey;
+error:
+	BUF_MEM_free(buf);
+	EVP_PKEY_free(pkey);
+	return NULL;
+	}
+#endif /* ndef OPENSSL_NO_RC4 */
+
+STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
+	const char *pass, ENGINE *e, const char *cert_descrip)
+	{
+	BIO *certs;
+	int i;
+	STACK_OF(X509) *othercerts = NULL;
+	STACK_OF(X509_INFO) *allcerts = NULL;
+	X509_INFO *xi;
+	PW_CB_DATA cb_data;
+
+	cb_data.password = pass;
+	cb_data.prompt_info = file;
+
+	if((certs = BIO_new(BIO_s_file())) == NULL)
+		{
+		ERR_print_errors(err);
+		goto end;
+		}
+
+	if (file == NULL)
+		BIO_set_fp(certs,stdin,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_read_filename(certs,file) <= 0)
+			{
+			BIO_printf(err, "Error opening %s %s\n",
+				cert_descrip, file);
+			ERR_print_errors(err);
+			goto end;
+			}
+		}
+
+	if      (format == FORMAT_PEM)
+		{
+		othercerts = sk_X509_new_null();
+		if(!othercerts)
+			{
+			sk_X509_free(othercerts);
+			othercerts = NULL;
+			goto end;
+			}
+		allcerts = PEM_X509_INFO_read_bio(certs, NULL,
+				(pem_password_cb *)password_callback, &cb_data);
+		for(i = 0; i < sk_X509_INFO_num(allcerts); i++)
+			{
+			xi = sk_X509_INFO_value (allcerts, i);
+			if (xi->x509)
+				{
+				sk_X509_push(othercerts, xi->x509);
+				xi->x509 = NULL;
+				}
+			}
+		goto end;
+		}
+	else	{
+		BIO_printf(err,"bad input format specified for %s\n",
+			cert_descrip);
+		goto end;
+		}
+end:
+	if (othercerts == NULL)
+		{
+		BIO_printf(err,"unable to load certificates\n");
+		ERR_print_errors(err);
+		}
+	if (allcerts) sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
+	if (certs != NULL) BIO_free(certs);
+	return(othercerts);
+	}
+
+
+#define X509V3_EXT_UNKNOWN_MASK		(0xfL << 16)
+/* Return error for unknown extensions */
+#define X509V3_EXT_DEFAULT		0
+/* Print error for unknown extensions */
+#define X509V3_EXT_ERROR_UNKNOWN	(1L << 16)
+/* ASN1 parse unknown extensions */
+#define X509V3_EXT_PARSE_UNKNOWN	(2L << 16)
+/* BIO_dump unknown extensions */
+#define X509V3_EXT_DUMP_UNKNOWN		(3L << 16)
+
+#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
+			 X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
+
+int set_cert_ex(unsigned long *flags, const char *arg)
+{
+	static const NAME_EX_TBL cert_tbl[] = {
+		{ "compatible", X509_FLAG_COMPAT, 0xffffffffl},
+		{ "ca_default", X509_FLAG_CA, 0xffffffffl},
+		{ "no_header", X509_FLAG_NO_HEADER, 0},
+		{ "no_version", X509_FLAG_NO_VERSION, 0},
+		{ "no_serial", X509_FLAG_NO_SERIAL, 0},
+		{ "no_signame", X509_FLAG_NO_SIGNAME, 0},
+		{ "no_validity", X509_FLAG_NO_VALIDITY, 0},
+		{ "no_subject", X509_FLAG_NO_SUBJECT, 0},
+		{ "no_issuer", X509_FLAG_NO_ISSUER, 0},
+		{ "no_pubkey", X509_FLAG_NO_PUBKEY, 0},
+		{ "no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
+		{ "no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
+		{ "no_aux", X509_FLAG_NO_AUX, 0},
+		{ "no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
+		{ "ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
+		{ "ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+		{ "ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+		{ "ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+		{ NULL, 0, 0}
+	};
+	return set_multi_opts(flags, arg, cert_tbl);
+}
+
+int set_name_ex(unsigned long *flags, const char *arg)
+{
+	static const NAME_EX_TBL ex_tbl[] = {
+		{ "esc_2253", ASN1_STRFLGS_ESC_2253, 0},
+		{ "esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
+		{ "esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
+		{ "use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
+		{ "utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
+		{ "ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
+		{ "show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
+		{ "dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
+		{ "dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
+		{ "dump_der", ASN1_STRFLGS_DUMP_DER, 0},
+		{ "compat", XN_FLAG_COMPAT, 0xffffffffL},
+		{ "sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
+		{ "sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
+		{ "sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
+		{ "sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
+		{ "dn_rev", XN_FLAG_DN_REV, 0},
+		{ "nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
+		{ "sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
+		{ "lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
+		{ "align", XN_FLAG_FN_ALIGN, 0},
+		{ "oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
+		{ "space_eq", XN_FLAG_SPC_EQ, 0},
+		{ "dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
+		{ "RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
+		{ "oneline", XN_FLAG_ONELINE, 0xffffffffL},
+		{ "multiline", XN_FLAG_MULTILINE, 0xffffffffL},
+		{ "ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
+		{ NULL, 0, 0}
+	};
+	return set_multi_opts(flags, arg, ex_tbl);
+}
+
+int set_ext_copy(int *copy_type, const char *arg)
+{
+	if (!strcasecmp(arg, "none"))
+		*copy_type = EXT_COPY_NONE;
+	else if (!strcasecmp(arg, "copy"))
+		*copy_type = EXT_COPY_ADD;
+	else if (!strcasecmp(arg, "copyall"))
+		*copy_type = EXT_COPY_ALL;
+	else
+		return 0;
+	return 1;
+}
+
+int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
+{
+	STACK_OF(X509_EXTENSION) *exts = NULL;
+	X509_EXTENSION *ext, *tmpext;
+	ASN1_OBJECT *obj;
+	int i, idx, ret = 0;
+	if (!x || !req || (copy_type == EXT_COPY_NONE))
+		return 1;
+	exts = X509_REQ_get_extensions(req);
+
+	for(i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+		ext = sk_X509_EXTENSION_value(exts, i);
+		obj = X509_EXTENSION_get_object(ext);
+		idx = X509_get_ext_by_OBJ(x, obj, -1);
+		/* Does extension exist? */
+		if (idx != -1) {
+			/* If normal copy don't override existing extension */
+			if (copy_type == EXT_COPY_ADD)
+				continue;
+			/* Delete all extensions of same type */
+			do {
+				tmpext = X509_get_ext(x, idx);
+				X509_delete_ext(x, idx);
+				X509_EXTENSION_free(tmpext);
+				idx = X509_get_ext_by_OBJ(x, obj, -1);
+			} while (idx != -1);
+		}
+		if (!X509_add_ext(x, ext, -1))
+			goto end;
+	}
+
+	ret = 1;
+
+	end:
+
+	sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+
+	return ret;
+}
+		
+		
+			
+
+static int set_multi_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
+{
+	STACK_OF(CONF_VALUE) *vals;
+	CONF_VALUE *val;
+	int i, ret = 1;
+	if(!arg) return 0;
+	vals = X509V3_parse_list(arg);
+	for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+		val = sk_CONF_VALUE_value(vals, i);
+		if (!set_table_opts(flags, val->name, in_tbl))
+			ret = 0;
+	}
+	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+	return ret;
+}
+
+static int set_table_opts(unsigned long *flags, const char *arg, const NAME_EX_TBL *in_tbl)
+{
+	char c;
+	const NAME_EX_TBL *ptbl;
+	c = arg[0];
+
+	if(c == '-') {
+		c = 0;
+		arg++;
+	} else if (c == '+') {
+		c = 1;
+		arg++;
+	} else c = 1;
+
+	for(ptbl = in_tbl; ptbl->name; ptbl++) {
+		if(!strcasecmp(arg, ptbl->name)) {
+			*flags &= ~ptbl->mask;
+			if(c) *flags |= ptbl->flag;
+			else *flags &= ~ptbl->flag;
+			return 1;
+		}
+	}
+	return 0;
+}
+
+void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
+{
+	char *buf;
+	char mline = 0;
+	int indent = 0;
+
+	if(title) BIO_puts(out, title);
+	if((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+		mline = 1;
+		indent = 4;
+	}
+	if(lflags == XN_FLAG_COMPAT) {
+		buf = X509_NAME_oneline(nm, 0, 0);
+		BIO_puts(out, buf);
+		BIO_puts(out, "\n");
+		OPENSSL_free(buf);
+	} else {
+		if(mline) BIO_puts(out, "\n");
+		X509_NAME_print_ex(out, nm, indent, lflags);
+		BIO_puts(out, "\n");
+	}
+}
+
+X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath)
+{
+	X509_STORE *store;
+	X509_LOOKUP *lookup;
+	if(!(store = X509_STORE_new())) goto end;
+	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
+	if (lookup == NULL) goto end;
+	if (CAfile) {
+		if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
+			BIO_printf(bp, "Error loading file %s\n", CAfile);
+			goto end;
+		}
+	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+		
+	lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
+	if (lookup == NULL) goto end;
+	if (CApath) {
+		if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
+			BIO_printf(bp, "Error loading directory %s\n", CApath);
+			goto end;
+		}
+	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+	ERR_clear_error();
+	return store;
+	end:
+	X509_STORE_free(store);
+	return NULL;
+}
+
+/* Try to load an engine in a shareable library */
+static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
+	{
+	ENGINE *e = ENGINE_by_id("dynamic");
+	if (e)
+		{
+		if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
+			|| !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
+			{
+			ENGINE_free(e);
+			e = NULL;
+			}
+		}
+	return e;
+	}
+
+ENGINE *setup_engine(BIO *err, const char *engine, int debug)
+        {
+        ENGINE *e = NULL;
+
+        if (engine)
+                {
+		if(strcmp(engine, "auto") == 0)
+			{
+			BIO_printf(err,"enabling auto ENGINE support\n");
+			ENGINE_register_all_complete();
+			return NULL;
+			}
+		if((e = ENGINE_by_id(engine)) == NULL
+			&& (e = try_load_engine(err, engine, debug)) == NULL)
+			{
+			BIO_printf(err,"invalid engine \"%s\"\n", engine);
+			ERR_print_errors(err);
+			return NULL;
+			}
+		if (debug)
+			{
+			ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM,
+				0, err, 0);
+			}
+                ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+			{
+			BIO_printf(err,"can't use that engine\n");
+			ERR_print_errors(err);
+			ENGINE_free(e);
+			return NULL;
+			}
+
+		BIO_printf(err,"engine \"%s\" set.\n", ENGINE_get_id(e));
+
+		/* Free our "structural" reference. */
+		ENGINE_free(e);
+		}
+        return e;
+        }
+
+int load_config(BIO *err, CONF *cnf)
+	{
+	if (!cnf)
+		cnf = config;
+	if (!cnf)
+		return 1;
+
+	OPENSSL_load_builtin_modules();
+
+	if (CONF_modules_load(cnf, NULL, 0) <= 0)
+		{
+		BIO_printf(err, "Error configuring OpenSSL\n");
+		ERR_print_errors(err);
+		return 0;
+		}
+	return 1;
+	}
+
+char *make_config_name()
+	{
+	const char *t=X509_get_default_cert_area();
+	char *p;
+
+	p=OPENSSL_malloc(strlen(t)+strlen(OPENSSL_CONF)+2);
+	strcpy(p,t);
+#ifndef OPENSSL_SYS_VMS
+	strcat(p,"/");
+#endif
+	strcat(p,OPENSSL_CONF);
+
+	return p;
+	}
diff --git a/apps/apps.h b/apps/apps.h
index 25a9262e03..7b1f8ded78 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -55,41 +55,112 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #ifndef HEADER_APPS_H
 #define HEADER_APPS_H
 
 #include "e_os.h"
 
-#include "buffer.h"
-#include "bio.h"
-#include "crypto.h"
-#include "progs.h"
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+#include <openssl/txt_db.h>
+#include <openssl/engine.h>
+#include <openssl/ossl_typ.h>
 
-#ifdef NO_STDIO
-BIO_METHOD *BIO_s_file();
-#endif
+int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
+int app_RAND_write_file(const char *file, BIO *bio_e);
+/* When `file' is NULL, use defaults.
+ * `bio_e' is for error messages. */
+void app_RAND_allow_write_file(void);
+long app_RAND_load_files(char *file); /* `file' is a list of files to read,
+                                       * separated by LIST_SEPARATOR_CHAR
+                                       * (see e_os.h).  The string is
+                                       * destroyed! */
 
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 #define rename(from,to) WIN32_rename((from),(to))
 int WIN32_rename(char *oldname,char *newname);
 #endif
 
+/* VMS below version 7.0 doesn't have strcasecmp() */
+#ifdef OPENSSL_SYS_VMS
+#define strcasecmp(str1,str2) VMS_strcasecmp((str1),(str2))
+int VMS_strcasecmp(const char *str1, const char *str2);
+#endif
+
 #ifndef MONOLITH
 
 #define MAIN(a,v)	main(a,v)
 
 #ifndef NON_MAIN
+CONF *config=NULL;
 BIO *bio_err=NULL;
 #else
+extern CONF *config;
 extern BIO *bio_err;
 #endif
 
 #else
 
 #define MAIN(a,v)	PROG(a,v)
-#include "conf.h"
-extern LHASH *config;
+extern CONF *config;
 extern char *default_config_file;
 extern BIO *bio_err;
 
@@ -103,48 +174,109 @@ extern BIO *bio_err;
 #define do_pipe_sig()
 #endif
 
-#if defined(MONOLITH) && !defined(SSLEAY)
-#  define apps_startup()	do_pipe_sig()
+#if defined(MONOLITH) && !defined(OPENSSL_C)
+#  define apps_startup() \
+		do_pipe_sig()
+#  define apps_shutdown()
 #else
-#  if defined(MSDOS) || defined(WIN16) || defined(WIN32)
+#  if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+   defined(OPENSSL_SYS_WIN32)
 #    ifdef _O_BINARY
 #      define apps_startup() \
-		_fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
-		SSLeay_add_all_algorithms()
+		do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+		ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+		ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
 #    else
 #      define apps_startup() \
-		_fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
-		SSLeay_add_all_algorithms()
+		do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+		ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+		ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
 #    endif
 #  else
-#    define apps_startup()	do_pipe_sig(); SSLeay_add_all_algorithms();
+#    define apps_startup() \
+		do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
+		ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
+		setup_ui_method(); } while(0)
 #  endif
+#  define apps_shutdown() \
+		do { CONF_modules_unload(1); destroy_ui_method(); \
+		EVP_cleanup(); ENGINE_cleanup(); \
+		CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
+		ERR_free_strings(); } while(0)
 #endif
 
 typedef struct args_st
-        {
-        char **data;
+	{
+	char **data;
 	int count;
-        } ARGS;
+	} ARGS;
+
+#define PW_MIN_LENGTH 4
+typedef struct pw_cb_data
+	{
+	const void *password;
+	const char *prompt_info;
+	} PW_CB_DATA;
+
+int password_callback(char *buf, int bufsiz, int verify,
+	PW_CB_DATA *cb_data);
+
+int setup_ui_method(void);
+void destroy_ui_method(void);
 
-#ifndef NOPROTO
 int should_retry(int i);
 int args_from_file(char *file, int *argc, char **argv[]);
 int str2fmt(char *s);
 void program_name(char *in,char *out,int size);
 int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
-#else
-int should_retry();
-int args_from_file();
-int str2fmt();
-void program_name();
-int chopup_args();
+#ifdef HEADER_X509_H
+int dump_cert_text(BIO *out, X509 *x);
+void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags);
 #endif
+int set_cert_ex(unsigned long *flags, const char *arg);
+int set_name_ex(unsigned long *flags, const char *arg);
+int set_ext_copy(int *copy_type, const char *arg);
+int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
+int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
+int add_oid_section(BIO *err, CONF *conf);
+X509 *load_cert(BIO *err, const char *file, int format,
+	const char *pass, ENGINE *e, const char *cert_descrip);
+EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
+	const char *pass, ENGINE *e, const char *key_descrip);
+EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
+	const char *pass, ENGINE *e, const char *key_descrip);
+STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
+	const char *pass, ENGINE *e, const char *cert_descrip);
+X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
+ENGINE *setup_engine(BIO *err, const char *engine, int debug);
+
+int load_config(BIO *err, CONF *cnf);
+char *make_config_name(void);
+
+/* Functions defined in ca.c and also used in ocsp.c */
+int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
+			ASN1_GENERALIZEDTIME **pinvtm, char *str);
+int make_serial_index(TXT_DB *db);
+
+X509_NAME *do_subject(char *str, long chtype);
 
 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
 #define FORMAT_TEXT     2
 #define FORMAT_PEM      3
 #define FORMAT_NETSCAPE 4
+#define FORMAT_PKCS12   5
+#define FORMAT_SMIME    6
+#define FORMAT_ENGINE   7
+#define FORMAT_IISSGC	8	/* XXX this stupid macro helps us to avoid
+				 * adding yet another param to load_*key() */
+
+#define EXT_COPY_NONE	0
+#define EXT_COPY_ADD	1
+#define EXT_COPY_ALL	2
+
+#define NETSCAPE_CERT_HDR	"certificate"
+
+#define APP_PASS_LEN	1024
 
 #endif
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index edeffaaa84..5f8ba5e730 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -57,39 +57,42 @@
  */
 
 /* A nice addition from Dr Stephen Henson <shenson@bigfoot.com> to 
- * add the -strparse option which parses nested binarary structures
+ * add the -strparse option which parses nested binary structures
  */
 
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "err.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 /* -inform arg	- input format - default PEM (DER or PEM)
  * -in arg	- input file - default stdin
  * -i		- indent the details by depth
  * -offset	- where in the file to start
  * -length	- how many bytes to use
- * -oid file	- extra oid decription file
+ * -oid file	- extra oid description file
  */
 
 #undef PROG
 #define PROG	asn1parse_main
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int, char **);
+
+static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);
+
+int MAIN(int argc, char **argv)
 	{
 	int i,badops=0,offset=0,ret=1,j;
 	unsigned int length=0;
 	long num,tmplen;
-	BIO *in=NULL,*out=NULL,*b64=NULL;
-	int informat,indent=0;
-	char *infile=NULL,*str=NULL,*prog,*oidfile=NULL;
+	BIO *in=NULL,*out=NULL,*b64=NULL, *derout = NULL;
+	int informat,indent=0, noout = 0, dump = 0;
+	char *infile=NULL,*str=NULL,*prog,*oidfile=NULL, *derfile=NULL;
+	char *genstr=NULL, *genconf=NULL;
 	unsigned char *tmpbuf;
 	BUF_MEM *buf=NULL;
 	STACK *osk=NULL;
@@ -103,12 +106,15 @@ char **argv;
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	prog=argv[0];
 	argc--;
 	argv++;
 	if ((osk=sk_new_null()) == NULL)
 		{
-		BIO_printf(bio_err,"Malloc failure\n");
+		BIO_printf(bio_err,"Memory allocation failure\n");
 		goto end;
 		}
 	while (argc >= 1)
@@ -123,10 +129,16 @@ char **argv;
 			if (--argc < 1) goto bad;
 			infile= *(++argv);
 			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
+			derfile= *(++argv);
+			}
 		else if (strcmp(*argv,"-i") == 0)
 			{
 			indent=1;
 			}
+		else if (strcmp(*argv,"-noout") == 0) noout = 1;
 		else if (strcmp(*argv,"-oid") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -143,11 +155,31 @@ char **argv;
 			length= atoi(*(++argv));
 			if (length == 0) goto bad;
 			}
+		else if (strcmp(*argv,"-dump") == 0)
+			{
+			dump= -1;
+			}
+		else if (strcmp(*argv,"-dlimit") == 0)
+			{
+			if (--argc < 1) goto bad;
+			dump= atoi(*(++argv));
+			if (dump <= 0) goto bad;
+			}
 		else if (strcmp(*argv,"-strparse") == 0)
 			{
 			if (--argc < 1) goto bad;
 			sk_push(osk,*(++argv));
 			}
+		else if (strcmp(*argv,"-genstr") == 0)
+			{
+			if (--argc < 1) goto bad;
+			genstr= *(++argv);
+			}
+		else if (strcmp(*argv,"-genconf") == 0)
+			{
+			if (--argc < 1) goto bad;
+			genconf= *(++argv);
+			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -164,14 +196,20 @@ bad:
 		BIO_printf(bio_err,"%s [options] <infile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -in arg       input file\n");
+		BIO_printf(bio_err," -out arg      output file (output format is always DER\n");
+		BIO_printf(bio_err," -noout arg    don't produce any output\n");
 		BIO_printf(bio_err," -offset arg   offset into file\n");
-		BIO_printf(bio_err," -length arg   lenth of section in file\n");
+		BIO_printf(bio_err," -length arg   length of section in file\n");
 		BIO_printf(bio_err," -i            indent entries\n");
+		BIO_printf(bio_err," -dump         dump unknown data in hex form\n");
+		BIO_printf(bio_err," -dlimit arg   dump the first arg bytes of unknown data in hex form\n");
 		BIO_printf(bio_err," -oid file     file of extra oid definitions\n");
 		BIO_printf(bio_err," -strparse offset\n");
 		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
 		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
+		BIO_printf(bio_err," -genstr str   string to generate ASN1 structure from\n");
+		BIO_printf(bio_err," -genconf file file to generate ASN1 structure from\n");
 		goto end;
 		}
 
@@ -185,6 +223,12 @@ bad:
 		goto end;
 		}
 	BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
+#ifdef OPENSSL_SYS_VMS
+	{
+	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+	out = BIO_push(tmpbio, out);
+	}
+#endif
 
 	if (oidfile != NULL)
 		{
@@ -208,28 +252,50 @@ bad:
 			}
 		}
 
+	if (derfile) {
+		if(!(derout = BIO_new_file(derfile, "wb"))) {
+			BIO_printf(bio_err,"problems opening %s\n",derfile);
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	}
+
 	if ((buf=BUF_MEM_new()) == NULL) goto end;
 	if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */
 
-	if (informat == FORMAT_PEM)
+	if (genstr || genconf)
 		{
-		BIO *tmp;
-
-		if ((b64=BIO_new(BIO_f_base64())) == NULL)
+		num = do_generate(bio_err, genstr, genconf, buf);
+		if (num < 0)
+			{
+			ERR_print_errors(bio_err);
 			goto end;
-		BIO_push(b64,in);
-		tmp=in;
-		in=b64;
-		b64=tmp;
+			}
 		}
 
-	num=0;
-	for (;;)
+	else
 		{
-		if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end;
-		i=BIO_read(in,&(buf->data[num]),BUFSIZ);
-		if (i <= 0) break;
-		num+=i;
+
+		if (informat == FORMAT_PEM)
+			{
+			BIO *tmp;
+
+			if ((b64=BIO_new(BIO_f_base64())) == NULL)
+				goto end;
+			BIO_push(b64,in);
+			tmp=in;
+			in=b64;
+			b64=tmp;
+			}
+
+		num=0;
+		for (;;)
+			{
+			if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end;
+			i=BIO_read(in,&(buf->data[num]),BUFSIZ);
+			if (i <= 0) break;
+			num+=i;
+			}
 		}
 	str=buf->data;
 
@@ -241,6 +307,7 @@ bad:
 		tmplen=num;
 		for (i=0; i<sk_num(osk); i++)
 			{
+			ASN1_TYPE *atmp;
 			j=atoi(sk_value(osk,i));
 			if (j == 0)
 				{
@@ -249,7 +316,10 @@ bad:
 				}
 			tmpbuf+=j;
 			tmplen-=j;
-			if (d2i_ASN1_TYPE(&at,&tmpbuf,tmplen) == NULL)
+			atmp = at;
+			at = d2i_ASN1_TYPE(NULL,&tmpbuf,tmplen);
+			ASN1_TYPE_free(atmp);
+			if(!at)
 				{
 				BIO_printf(bio_err,"Error parsing structure\n");
 				ERR_print_errors(bio_err);
@@ -264,15 +334,25 @@ bad:
 		}
 
 	if (length == 0) length=(unsigned int)num;
-	if (!ASN1_parse(out,(unsigned char *)&(str[offset]),length,indent))
+	if(derout) {
+		if(BIO_write(derout, str + offset, length) != (int)length) {
+			BIO_printf(bio_err, "Error writing output\n");
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	}
+	if (!noout &&
+	    !ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length,
+		    indent,dump))
 		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	ret=0;
 end:
+	BIO_free(derout);
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free(out);
+	if (out != NULL) BIO_free_all(out);
 	if (b64 != NULL) BIO_free(b64);
 	if (ret != 0)
 		ERR_print_errors(bio_err);
@@ -280,6 +360,65 @@ end:
 	if (at != NULL) ASN1_TYPE_free(at);
 	if (osk != NULL) sk_free(osk);
 	OBJ_cleanup();
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
+static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
+	{
+	CONF *cnf = NULL;
+	int len;
+	long errline;
+	unsigned char *p;
+	ASN1_TYPE *atyp = NULL;
+
+	if (genconf)
+		{
+		cnf = NCONF_new(NULL);
+		if (!NCONF_load(cnf, genconf, &errline))
+			goto conferr;
+		if (!genstr)
+			genstr = NCONF_get_string(cnf, "default", "asn1");
+		if (!genstr)
+			{
+			BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
+			goto err;
+			}
+		}
+
+	atyp = ASN1_generate_nconf(genstr, cnf);
+	NCONF_free(cnf);
+
+	if (!atyp)
+		return -1;
+
+	len = i2d_ASN1_TYPE(atyp, NULL);
+
+	if (len <= 0)
+		goto err;
+
+	if (!BUF_MEM_grow(buf,len))
+		goto err;
+
+	p=(unsigned char *)buf->data;
+
+	i2d_ASN1_TYPE(atyp, &p);
+
+	ASN1_TYPE_free(atyp);
+	return len;
+
+	conferr:
+
+	if (errline > 0)
+		BIO_printf(bio, "Error on line %ld of config file '%s'\n",
+							errline, genconf);
+	else
+		BIO_printf(bio, "Error loading config file '%s'\n", genconf);
+
+	err:
+	NCONF_free(cnf);
+	ASN1_TYPE_free(atyp);
+
+	return -1;
+
+	}
diff --git a/apps/bss_file.c b/apps/bss_file.c
deleted file mode 100644
index 9aa71f9d0f..0000000000
--- a/apps/bss_file.c
+++ /dev/null
@@ -1,324 +0,0 @@
-/* crypto/bio/bss_file.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define APPS_WIN16
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include "bio.h"
-#include "err.h"
-
-#ifndef NOPROTO
-static int MS_CALLBACK file_write(BIO *h,char *buf,int num);
-static int MS_CALLBACK file_read(BIO *h,char *buf,int size);
-static int MS_CALLBACK file_puts(BIO *h,char *str);
-static int MS_CALLBACK file_gets(BIO *h,char *str,int size);
-static long MS_CALLBACK file_ctrl(BIO *h,int cmd,long arg1,char *arg2);
-static int MS_CALLBACK file_new(BIO *h);
-static int MS_CALLBACK file_free(BIO *data);
-#else
-static int MS_CALLBACK file_write();
-static int MS_CALLBACK file_read();
-static int MS_CALLBACK file_puts();
-static int MS_CALLBACK file_gets();
-static long MS_CALLBACK file_ctrl();
-static int MS_CALLBACK file_new();
-static int MS_CALLBACK file_free();
-#endif
-
-static BIO_METHOD methods_filep=
-	{
-	BIO_TYPE_FILE,"FILE pointer",
-	file_write,
-	file_read,
-	file_puts,
-	file_gets,
-	file_ctrl,
-	file_new,
-	file_free,
-	};
-
-BIO *BIO_new_file(filename,mode)
-char *filename;
-char *mode;
-	{
-	BIO *ret;
-	FILE *file;
-
-	if ((file=fopen(filename,mode)) == NULL)
-		{
-		SYSerr(SYS_F_FOPEN,errno);
-		BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
-		return(NULL);
-		}
-	if ((ret=BIO_new_fp(file,BIO_CLOSE)) == NULL)
-		{
-		fclose(file);
-		return(NULL);
-		}
-	return(ret);
-	}
-
-BIO *BIO_new_fp(stream,close_flag)
-FILE *stream;
-int close_flag;
-	{
-	BIO *ret;
-
-	if ((ret=BIO_new(BIO_s_file())) == NULL)
-		return(NULL);
-	BIO_set_fp(ret,stream,close_flag);
-	return(ret);
-	}
-
-#if !defined(WIN16) || defined(APPS_WIN16)
-
-BIO_METHOD *BIO_s_file()
-	{
-	return(&methods_filep);
-	}
-
-#else
-
-BIO_METHOD *BIO_s_file_internal_w16()
-	{
-	return(&methods_filep);
-	}
-
-#endif
-
-static int MS_CALLBACK file_new(bi)
-BIO *bi;
-	{
-	bi->init=0;
-	bi->num=0;
-	bi->ptr=NULL;
-	return(1);
-	}
-
-static int MS_CALLBACK file_free(a)
-BIO *a;
-	{
-	if (a == NULL) return(0);
-	if (a->shutdown)
-		{
-		if ((a->init) && (a->ptr != NULL))
-			{
-			fclose((FILE *)a->ptr);
-			a->ptr=NULL;
-			}
-		a->init=0;
-		}
-	return(1);
-	}
-	
-static int MS_CALLBACK file_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
-	{
-	int ret=0;
-
-	if (b->init && (out != NULL))
-		{
-		ret=fread(out,1,(int)outl,(FILE *)b->ptr);
-		}
-	return(ret);
-	}
-
-static int MS_CALLBACK file_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
-	{
-	int ret=0;
-
-	if (b->init && (in != NULL))
-		{
-		if (fwrite(in,(int)inl,1,(FILE *)b->ptr))
-			ret=inl;
-		/* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
-		/* acording to Tim Hudson <tjh@cryptsoft.com>, the commented
-		 * out version above can cause 'inl' write calls under
-		 * some stupid stdio implementations (VMS) */
-		}
-	return(ret);
-	}
-
-static long MS_CALLBACK file_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
-	{
-	long ret=1;
-	FILE *fp=(FILE *)b->ptr;
-	FILE **fpp;
-	char p[4];
-
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		ret=(long)fseek(fp,num,0);
-		break;
-	case BIO_CTRL_EOF:
-		ret=(long)feof(fp);
-		break;
-	case BIO_CTRL_INFO:
-		ret=ftell(fp);
-		break;
-	case BIO_C_SET_FILE_PTR:
-		file_free(b);
-		b->shutdown=(int)num;
-		b->ptr=(char *)ptr;
-		b->init=1;
-		break;
-	case BIO_C_SET_FILENAME:
-		file_free(b);
-		b->shutdown=(int)num&BIO_CLOSE;
-		if (num & BIO_FP_APPEND)
-			{
-			if (num & BIO_FP_READ)
-				strcpy(p,"a+");
-			else	strcpy(p,"a");
-			}
-		else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
-			strcpy(p,"r+");
-		else if (num & BIO_FP_WRITE)
-			strcpy(p,"w");
-		else if (num & BIO_FP_READ)
-			strcpy(p,"r");
-		else
-			{
-			BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
-			ret=0;
-			break;
-			}
-#if defined(MSDOS) || defined(WINDOWS)
-		if (!(num & BIO_FP_TEXT))
-			strcat(p,"b");
-		else
-			strcat(p,"t");
-#endif
-		fp=fopen(ptr,p);
-		if (fp == NULL)
-			{
-			SYSerr(SYS_F_FOPEN,errno);
-			BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB);
-			ret=0;
-			break;
-			}
-		b->ptr=(char *)fp;
-		b->init=1;
-		break;
-	case BIO_C_GET_FILE_PTR:
-		/* the ptr parameter is actually a FILE ** in this case. */
-		if (ptr != NULL)
-			{
-			fpp=(FILE **)ptr;
-			*fpp=(FILE *)b->ptr;
-			}
-		break;
-	case BIO_CTRL_GET_CLOSE:
-		ret=(long)b->shutdown;
-		break;
-	case BIO_CTRL_SET_CLOSE:
-		b->shutdown=(int)num;
-		break;
-	case BIO_CTRL_FLUSH:
-		fflush((FILE *)b->ptr);
-		break;
-	case BIO_CTRL_DUP:
-		ret=1;
-		break;
-
-	case BIO_CTRL_PENDING:
-	case BIO_CTRL_PUSH:
-	case BIO_CTRL_POP:
-	default:
-		ret=0;
-		break;
-		}
-	return(ret);
-	}
-
-static int MS_CALLBACK file_gets(bp,buf,size)
-BIO *bp;
-char *buf;
-int size;
-	{
-	int ret=0;
-
-	buf[0]='\0';
-	fgets(buf,size,(FILE *)bp->ptr);
-	if (buf[0] != '\0')
-		ret=strlen(buf);
-	return(ret);
-	}
-
-static int MS_CALLBACK file_puts(bp,str)
-BIO *bp;
-char *str;
-	{
-	int n,ret;
-
-	n=strlen(str);
-	ret=file_write(bp,str,n);
-	return(ret);
-	}
-
diff --git a/apps/c512-key.pem b/apps/c512-key.pem
deleted file mode 100644
index a1ea82e644..0000000000
--- a/apps/c512-key.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIBOwIBAAJBALtv55QyzG6i2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexm
-q/R4KedLjFEIYjocDui+IXs62NNtXrT8odkCAwEAAQJAbwXq0vJ/+uyEvsNgxLko
-/V86mGXQ/KrSkeKlL0r4ENxjcyeMAGoKu6J9yMY7+X9+Zm4nxShNfTsf/+Freoe1
-HQIhAPOSm5Q1YI+KIsII2GeVJx1U69+wnd71OasIPakS1L1XAiEAxQAW+J3/JWE0
-ftEYakbhUOKL8tD1OaFZS71/5GdG7E8CIQCefUMmySSvwd6kC0VlATSWbW+d+jp/
-nWmM1KvqnAo5uQIhALqEADu5U1Wvt8UN8UDGBRPQulHWNycuNV45d3nnskWPAiAw
-ueTyr6WsZ5+SD8g/Hy3xuvF3nPmJRH+rwvVihlcFOg==
------END RSA PRIVATE KEY-----
diff --git a/apps/c512-req.pem b/apps/c512-req.pem
deleted file mode 100644
index e8d0fea538..0000000000
--- a/apps/c512-req.pem
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBGzCBxgIBADBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEa
-MBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGkNsaWVudCB0ZXN0
-IGNlcnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALtv55QyzG6i
-2PlwZ1pah7++Gv8L5j6Hnyr/uTZE1NLG0ABDDexmq/R4KedLjFEIYjocDui+IXs6
-2NNtXrT8odkCAwEAATANBgkqhkiG9w0BAQQFAANBAC5JBTeji7RosqMaUIDzIW13
-oO6+kPhx9fXSpMFHIsY3aH92Milkov/2A4SuZTcnv/P6+8klmS0EaiUKcRzak4E=
------END CERTIFICATE REQUEST-----
diff --git a/apps/ca-cert.srl b/apps/ca-cert.srl
index eeee65ec41..2c7456e3eb 100644
--- a/apps/ca-cert.srl
+++ b/apps/ca-cert.srl
@@ -1 +1 @@
-05
+07
diff --git a/apps/ca.c b/apps/ca.c
index 8990aa20a7..8cb5342ce0 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -61,28 +61,57 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <ctype.h>
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <openssl/conf.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/txt_db.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/ocsp.h>
+#include <openssl/pem.h>
+
+#ifdef OPENSSL_SYS_WINDOWS
+#define strcasecmp _stricmp
+#else
+#  ifdef NO_STRINGS_H
+    int	strcasecmp();
+#  else
+#    include <strings.h>
+#  endif /* NO_STRINGS_H */
+#endif
+
+#ifndef W_OK
+#  ifdef OPENSSL_SYS_VMS
+#    if defined(__DECC)
+#      include <unistd.h>
+#    else
+#      include <unixlib.h>
+#    endif
+#  elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS)
+#    include <sys/file.h>
+#  endif
+#endif
+
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "bn.h"
-#include "txt_db.h"
-#include "evp.h"
-#include "x509.h"
-#include "objects.h"
-#include "pem.h"
-#include "conf.h"
 
 #ifndef W_OK
-#include <sys/file.h>
+#  define F_OK 0
+#  define X_OK 1
+#  define W_OK 2
+#  define R_OK 4
 #endif
 
 #undef PROG
 #define PROG ca_main
 
 #define BASE_SECTION	"ca"
-#define CONFIG_FILE "lib/ssleay.cnf"
+#define CONFIG_FILE "openssl.cnf"
 
 #define ENV_DEFAULT_CA		"default_ca"
 
@@ -98,13 +127,19 @@
 #define ENV_RANDFILE		"RANDFILE"
 #define ENV_DEFAULT_DAYS 	"default_days"
 #define ENV_DEFAULT_STARTDATE 	"default_startdate"
+#define ENV_DEFAULT_ENDDATE 	"default_enddate"
 #define ENV_DEFAULT_CRL_DAYS 	"default_crl_days"
 #define ENV_DEFAULT_CRL_HOURS 	"default_crl_hours"
 #define ENV_DEFAULT_MD		"default_md"
+#define ENV_DEFAULT_EMAIL_DN	"email_in_dn"
 #define ENV_PRESERVE		"preserve"
 #define ENV_POLICY      	"policy"
 #define ENV_EXTENSIONS      	"x509_extensions"
+#define ENV_CRLEXT      	"crl_extensions"
 #define ENV_MSIE_HACK		"msie_hack"
+#define ENV_NAMEOPT		"name_opt"
+#define ENV_CERTOPT		"cert_opt"
+#define ENV_EXTCOPY		"copy_extensions"
 
 #define ENV_DATABASE		"database"
 
@@ -120,6 +155,14 @@
 #define DB_TYPE_EXP	'E'
 #define DB_TYPE_VAL	'V'
 
+/* Additional revocation information types */
+
+#define REV_NONE		0	/* No addditional information */
+#define REV_CRL_REASON		1	/* Value is CRL reason code */
+#define REV_HOLD		2	/* Value is hold instruction */
+#define REV_KEY_COMPROMISE	3	/* Value is cert key compromise time */
+#define REV_CA_COMPROMISE	4	/* Value is CA key compromise time */
+
 static char *ca_usage[]={
 "usage: ca args\n",
 "\n",
@@ -129,12 +172,15 @@ static char *ca_usage[]={
 " -gencrl         - Generate a new CRL\n",
 " -crldays days   - Days is when the next CRL is due\n",
 " -crlhours hours - Hours is when the next CRL is due\n",
+" -startdate YYMMDDHHMMSSZ  - certificate validity notBefore\n",
+" -enddate YYMMDDHHMMSSZ    - certificate validity notAfter (overrides -days)\n",
 " -days arg       - number of days to certify the certificate for\n",
 " -md arg         - md to use, one of md2, md5, sha or sha1\n",
 " -policy arg     - The CA 'policy' to support\n",
-" -keyfile arg    - PEM private key file\n",
+" -keyfile arg    - private key file\n",
+" -keyform arg    - private key file format (PEM or ENGINE)\n",
 " -key arg        - key to decode the private key if it is encrypted\n",
-" -cert           - The CA certificate\n",
+" -cert file      - The CA certificate\n",
 " -in file        - The input PEM encoded certificate request(s)\n",
 " -out file       - Where to put the output file(s)\n",
 " -outdir dir     - Where to put output certificates\n",
@@ -142,8 +188,17 @@ static char *ca_usage[]={
 " -spkac file     - File contains DN and signed public key and challenge\n",
 " -ss_cert file   - File contains a self signed cert to sign\n",
 " -preserveDN     - Don't re-order the DN\n",
-" -batch	  - Don't ask questions\n",
-" -msie_hack	  - msie modifications to handle all thos universal strings\n",
+" -noemailDN      - Don't add the EMAIL field into certificate' subject\n",
+" -batch          - Don't ask questions\n",
+" -msie_hack      - msie modifications to handle all those universal strings\n",
+" -revoke file    - Revoke a certificate (given in file)\n",
+" -subj arg       - Use arg instead of request's subject\n",
+" -extensions ..  - Extension section (override value in config file)\n",
+" -extfile file   - Configuration file with X509v3 extentions to add\n",
+" -crlexts ..     - CRL extension section (override value in config file)\n",
+" -engine e       - use engine e, possibly a hardware device.\n",
+" -status serial  - Shows certificate status given the serial number\n",
+" -updatedb       - Updates db for expired certificates\n",
 NULL
 };
 
@@ -153,70 +208,78 @@ extern int EF_PROTECT_BELOW;
 extern int EF_ALIGNMENT;
 #endif
 
-#ifndef NOPROTO
-static STACK *load_extensions(char *section);
 static void lookup_fail(char *name,char *tag);
-static int MS_CALLBACK key_callback(char *buf,int len,int verify);
-static unsigned long index_serial_hash(char **a);
-static int index_serial_cmp(char **a, char **b);
-static unsigned long index_name_hash(char **a);
+static unsigned long index_serial_hash(const char **a);
+static int index_serial_cmp(const char **a, const char **b);
+static unsigned long index_name_hash(const char **a);
 static int index_name_qual(char **a);
-static int index_name_cmp(char **a,char **b);
+static int index_name_cmp(const char **a,const char **b);
 static BIGNUM *load_serial(char *serialfile);
 static int save_serial(char *serialfile, BIGNUM *serial);
 static int certify(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
-	int days, int batch, STACK *extensions,int verbose);
+		   const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,TXT_DB *db,
+		   BIGNUM *serial, char *subj, int email_dn, char *startdate,
+		   char *enddate, long days, int batch, char *ext_sect, CONF *conf,
+		   int verbose, unsigned long certopt, unsigned long nameopt,
+		   int default_op, int ext_copy);
 static int certify_cert(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
-	int days,int batch,STACK *extensions,int verbose);
+			const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
+			TXT_DB *db, BIGNUM *serial, char *subj, int email_dn,
+			char *startdate, char *enddate, long days, int batch,
+			char *ext_sect, CONF *conf,int verbose, unsigned long certopt,
+			unsigned long nameopt, int default_op, int ext_copy,
+			ENGINE *e);
 static int certify_spkac(X509 **xret, char *infile,EVP_PKEY *pkey,X509 *x509,
-	EVP_MD *dgst,STACK *policy,TXT_DB *db,BIGNUM *serial,char *startdate,
-	int days,STACK *extensions,int verbose);
+			 const EVP_MD *dgst,STACK_OF(CONF_VALUE) *policy,
+			 TXT_DB *db, BIGNUM *serial,char *subj, int email_dn,
+			 char *startdate, char *enddate, long days, char *ext_sect,
+			 CONF *conf, int verbose, unsigned long certopt, 
+			 unsigned long nameopt, int default_op, int ext_copy);
 static int fix_data(int nid, int *type);
-static void write_new_certificate(BIO *bp, X509 *x, int output_der);
-static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, EVP_MD *dgst,
-	STACK *policy, TXT_DB *db, BIGNUM *serial, char *startdate,
-	int days, int batch, int verbose, X509_REQ *req, STACK *extensions);
+static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
+	STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial,char *subj,
+	int email_dn, char *startdate, char *enddate, long days, int batch,
+       	int verbose, X509_REQ *req, char *ext_sect, CONF *conf,
+	unsigned long certopt, unsigned long nameopt, int default_op,
+	int ext_copy);
+static int do_revoke(X509 *x509, TXT_DB *db, int ext, char *extval);
+static int get_certificate_status(const char *ser_status, TXT_DB *db);
+static int do_updatedb(TXT_DB *db);
 static int check_time_format(char *str);
-#else
-static STACK *load_extensions();
-static void lookup_fail();
-static int MS_CALLBACK key_callback();
-static unsigned long index_serial_hash();
-static int index_serial_cmp();
-static unsigned long index_name_hash();
-static int index_name_qual();
-static int index_name_cmp();
-static int fix_data();
-static BIGNUM *load_serial();
-static int save_serial();
-static int certify();
-static int certify_cert();
-static int certify_spkac();
-static void write_new_certificate();
-static int do_body();
-static int check_time_format();
-#endif
-
-static LHASH *conf;
-static char *key=NULL;
+char *make_revocation_str(int rev_type, char *rev_arg);
+int make_revoked(X509_REVOKED *rev, char *str);
+int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str);
+static CONF *conf=NULL;
+static CONF *extconf=NULL;
 static char *section=NULL;
 
 static int preserve=0;
 static int msie_hack=0;
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+static IMPLEMENT_LHASH_HASH_FN(index_serial_hash,const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_serial_cmp,const char **)
+static IMPLEMENT_LHASH_HASH_FN(index_name_hash,const char **)
+static IMPLEMENT_LHASH_COMP_FN(index_name_cmp,const char **)
+
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
+	char *key=NULL,*passargin=NULL;
+	int free_key = 0;
 	int total=0;
 	int total_done=0;
 	int badops=0;
 	int ret=1;
+	int email_dn=1;
 	int req=0;
 	int verbose=0;
 	int gencrl=0;
+	int dorevoke=0;
+	int doupdatedb=0;
 	long crldays=0;
 	long crlhours=0;
 	long errorline= -1;
@@ -225,38 +288,53 @@ char **argv;
 	char *policy=NULL;
 	char *keyfile=NULL;
 	char *certfile=NULL;
+	int keyform=FORMAT_PEM;
 	char *infile=NULL;
 	char *spkac_file=NULL;
 	char *ss_cert_file=NULL;
+	char *ser_status=NULL;
 	EVP_PKEY *pkey=NULL;
 	int output_der = 0;
 	char *outfile=NULL;
 	char *outdir=NULL;
 	char *serialfile=NULL;
 	char *extensions=NULL;
+	char *extfile=NULL;
+	char *subj=NULL;
+	char *tmp_email_dn=NULL;
+	char *crl_ext=NULL;
+	int rev_type = REV_NONE;
+	char *rev_arg = NULL;
 	BIGNUM *serial=NULL;
 	char *startdate=NULL;
-	int days=0;
+	char *enddate=NULL;
+	long days=0;
 	int batch=0;
+	int notext=0;
+	unsigned long nameopt = 0, certopt = 0;
+	int default_op = 1;
+	int ext_copy = EXT_COPY_NONE;
 	X509 *x509=NULL;
 	X509 *x=NULL;
 	BIO *in=NULL,*out=NULL,*Sout=NULL,*Cout=NULL;
 	char *dbfile=NULL;
 	TXT_DB *db=NULL;
 	X509_CRL *crl=NULL;
-	X509_CRL_INFO *ci=NULL;
 	X509_REVOKED *r=NULL;
+	ASN1_TIME *tmptm;
+	ASN1_INTEGER *tmpser;
 	char **pp,*p,*f;
 	int i,j;
 	long l;
-	EVP_MD *dgst=NULL;
-	STACK *attribs=NULL;
-	STACK *extensions_sk=NULL;
-	STACK *cert_sk=NULL;
-	BIO *hex=NULL;
+	const EVP_MD *dgst=NULL;
+	STACK_OF(CONF_VALUE) *attribs=NULL;
+	STACK_OF(X509) *cert_sk=NULL;
 #undef BSIZE
 #define BSIZE 256
 	MS_STATIC char buf[3][BSIZE];
+	char *randfile=NULL;
+	char *engine = NULL;
+	char *tofree=NULL;
 
 #ifdef EFENCE
 EF_PROTECT_FREE=1;
@@ -266,9 +344,12 @@ EF_ALIGNMENT=0;
 
 	apps_startup();
 
-	X509v3_add_netscape_extensions();
+	conf = NULL;
+	key = NULL;
+	section = NULL;
 
 	preserve=0;
+	msie_hack=0;
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
@@ -289,11 +370,22 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			section= *(++argv);
 			}
+		else if (strcmp(*argv,"-subj") == 0)
+			{
+			if (--argc < 1) goto bad;
+			subj= *(++argv);
+			/* preserve=1; */
+			}
 		else if (strcmp(*argv,"-startdate") == 0)
 			{
 			if (--argc < 1) goto bad;
 			startdate= *(++argv);
 			}
+		else if (strcmp(*argv,"-enddate") == 0)
+			{
+			if (--argc < 1) goto bad;
+			enddate= *(++argv);
+			}
 		else if (strcmp(*argv,"-days") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -314,6 +406,16 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			keyfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-keyform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			keyform=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-passin") == 0)
+			{
+			if (--argc < 1) goto bad;
+			passargin= *(++argv);
+			}
 		else if (strcmp(*argv,"-key") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -340,10 +442,14 @@ EF_ALIGNMENT=0;
 			if (--argc < 1) goto bad;
 			outdir= *(++argv);
 			}
+		else if (strcmp(*argv,"-notext") == 0)
+			notext=1;
 		else if (strcmp(*argv,"-batch") == 0)
 			batch=1;
 		else if (strcmp(*argv,"-preserveDN") == 0)
 			preserve=1;
+		else if (strcmp(*argv,"-noemailDN") == 0)
+			email_dn=0;
 		else if (strcmp(*argv,"-gencrl") == 0)
 			gencrl=1;
 		else if (strcmp(*argv,"-msie_hack") == 0)
@@ -377,6 +483,65 @@ EF_ALIGNMENT=0;
 			spkac_file = *(++argv);
 			req=1;
 			}
+		else if (strcmp(*argv,"-revoke") == 0)
+			{
+			if (--argc < 1) goto bad;
+			infile= *(++argv);
+			dorevoke=1;
+			}
+		else if (strcmp(*argv,"-extensions") == 0)
+			{
+			if (--argc < 1) goto bad;
+			extensions= *(++argv);
+			}
+		else if (strcmp(*argv,"-extfile") == 0)
+			{
+			if (--argc < 1) goto bad;
+			extfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-status") == 0)
+			{
+			if (--argc < 1) goto bad;
+			ser_status= *(++argv);
+			}
+		else if (strcmp(*argv,"-updatedb") == 0)
+			{
+			doupdatedb=1;
+			}
+		else if (strcmp(*argv,"-crlexts") == 0)
+			{
+			if (--argc < 1) goto bad;
+			crl_ext= *(++argv);
+			}
+		else if (strcmp(*argv,"-crl_reason") == 0)
+			{
+			if (--argc < 1) goto bad;
+			rev_arg = *(++argv);
+			rev_type = REV_CRL_REASON;
+			}
+		else if (strcmp(*argv,"-crl_hold") == 0)
+			{
+			if (--argc < 1) goto bad;
+			rev_arg = *(++argv);
+			rev_type = REV_HOLD;
+			}
+		else if (strcmp(*argv,"-crl_compromise") == 0)
+			{
+			if (--argc < 1) goto bad;
+			rev_arg = *(++argv);
+			rev_type = REV_KEY_COMPROMISE;
+			}
+		else if (strcmp(*argv,"-crl_CA_compromise") == 0)
+			{
+			if (--argc < 1) goto bad;
+			rev_arg = *(++argv);
+			rev_type = REV_CA_COMPROMISE;
+			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else
 			{
 bad:
@@ -391,25 +556,37 @@ bad:
 	if (badops)
 		{
 		for (pp=ca_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,*pp);
+			BIO_printf(bio_err,"%s",*pp);
 		goto err;
 		}
 
 	ERR_load_crypto_strings();
 
+	e = setup_engine(bio_err, engine, 0);
+
 	/*****************************************************************/
+	tofree=NULL;
+	if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
+	if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
 	if (configfile == NULL)
 		{
-		/* We will just use 'buf[0]' as a temporary buffer.  */
-		strncpy(buf[0],X509_get_default_cert_area(),
-			sizeof(buf[0])-2-sizeof(CONFIG_FILE));
-		strcat(buf[0],"/");
-		strcat(buf[0],CONFIG_FILE);
-		configfile=buf[0];
+		const char *s=X509_get_default_cert_area();
+
+#ifdef OPENSSL_SYS_VMS
+		tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE));
+		strcpy(tofree,s);
+#else
+		tofree=OPENSSL_malloc(strlen(s)+sizeof(CONFIG_FILE)+1);
+		strcpy(tofree,s);
+		strcat(tofree,"/");
+#endif
+		strcat(tofree,CONFIG_FILE);
+		configfile=tofree;
 		}
 
 	BIO_printf(bio_err,"Using configuration from %s\n",configfile);
-	if ((conf=CONF_load(NULL,configfile,&errorline)) == NULL)
+	conf = NCONF_new(NULL);
+	if (NCONF_load(conf,configfile,&errorline) <= 0)
 		{
 		if (errorline <= 0)
 			BIO_printf(bio_err,"error loading the config file '%s'\n",
@@ -419,11 +596,16 @@ bad:
 				,errorline,configfile);
 		goto err;
 		}
+	if(tofree)
+		OPENSSL_free(tofree);
+
+	if (!load_config(bio_err, conf))
+		goto err;
 
 	/* Lets get the config section we are using */
 	if (section == NULL)
 		{
-		section=CONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
+		section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_CA);
 		if (section == NULL)
 			{
 			lookup_fail(BASE_SECTION,ENV_DEFAULT_CA);
@@ -433,7 +615,9 @@ bad:
 
 	if (conf != NULL)
 		{
-		p=CONF_get_string(conf,NULL,"oid_file");
+		p=NCONF_get_string(conf,NULL,"oid_file");
+		if (p == NULL)
+			ERR_clear_error();
 		if (p != NULL)
 			{
 			BIO *oid_bio;
@@ -445,6 +629,7 @@ bad:
 				BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
 				ERR_print_errors(bio_err);
 				*/
+				ERR_clear_error();
 				}
 			else
 				{
@@ -452,8 +637,18 @@ bad:
 				BIO_free(oid_bio);
 				}
 			}
+		if (!add_oid_section(bio_err,conf)) 
+			{
+			ERR_print_errors(bio_err);
+			goto err;
+			}
 		}
 
+	randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");
+	if (randfile == NULL)
+		ERR_clear_error();
+	app_RAND_load_file(randfile, bio_err, 0);
+	
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	Sout=BIO_new(BIO_s_file());
@@ -465,53 +660,71 @@ bad:
 		}
 
 	/*****************************************************************/
-	/* we definitly need an public key, so lets get it */
+	/* report status of cert with serial number given on command line */
+	if (ser_status)
+	{
+		if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+			{
+			lookup_fail(section,ENV_DATABASE);
+			goto err;
+			}
+		if (BIO_read_filename(in,dbfile) <= 0)
+			{
+			perror(dbfile);
+			BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+			goto err;
+			}
+		db=TXT_DB_read(in,DB_NUMBER);
+		if (db == NULL) goto err;
+
+		if (!make_serial_index(db))
+			goto err;
+
+		if (get_certificate_status(ser_status,db) != 1)
+			BIO_printf(bio_err,"Error verifying serial %s!\n",
+				 ser_status);
+		goto err;
+	}
+
+	/*****************************************************************/
+	/* we definitely need a public key, so let's get it */
 
-	if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf,
+	if ((keyfile == NULL) && ((keyfile=NCONF_get_string(conf,
 		section,ENV_PRIVATE_KEY)) == NULL))
 		{
 		lookup_fail(section,ENV_PRIVATE_KEY);
 		goto err;
 		}
-	if (BIO_read_filename(in,keyfile) <= 0)
+	if (!key)
 		{
-		perror(keyfile);
-		BIO_printf(bio_err,"trying to load CA private key\n");
-		goto err;
-		}
-	if (key == NULL)
-		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL);
-	else
-		{
-		pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback);
-		memset(key,0,strlen(key));
+		free_key = 1;
+		if (!app_passwd(bio_err, passargin, NULL, &key, NULL))
+			{
+			BIO_printf(bio_err,"Error getting password\n");
+			goto err;
+			}
 		}
+	pkey = load_key(bio_err, keyfile, keyform, 0, key, e, 
+		"CA private key");
+	if (key) OPENSSL_cleanse(key,strlen(key));
 	if (pkey == NULL)
 		{
-		BIO_printf(bio_err,"unable to load CA private key\n");
+		/* load_key() has already printed an appropriate message */
 		goto err;
 		}
 
 	/*****************************************************************/
 	/* we need a certificate */
-	if ((certfile == NULL) && ((certfile=CONF_get_string(conf,
+	if ((certfile == NULL) && ((certfile=NCONF_get_string(conf,
 		section,ENV_CERTIFICATE)) == NULL))
 		{
 		lookup_fail(section,ENV_CERTIFICATE);
 		goto err;
 		}
-        if (BIO_read_filename(in,certfile) <= 0)
-		{
-		perror(certfile);
-		BIO_printf(bio_err,"trying to load CA certificate\n");
-		goto err;
-		}
-	x509=PEM_read_bio_X509(in,NULL,NULL);
+	x509=load_cert(bio_err, certfile, FORMAT_PEM, NULL, e,
+		"CA certificate");
 	if (x509 == NULL)
-		{
-		BIO_printf(bio_err,"unable to load CA certificate\n");
 		goto err;
-		}
 
 	if (!X509_check_private_key(x509,pkey))
 		{
@@ -519,28 +732,84 @@ bad:
 		goto err;
 		}
 
-	f=CONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
+	f=NCONF_get_string(conf,BASE_SECTION,ENV_PRESERVE);
+	if (f == NULL)
+		ERR_clear_error();
 	if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
 		preserve=1;
-	f=CONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
+	f=NCONF_get_string(conf,BASE_SECTION,ENV_MSIE_HACK);
+	if (f == NULL)
+		ERR_clear_error();
 	if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
 		msie_hack=1;
 
+	f=NCONF_get_string(conf,section,ENV_NAMEOPT);
+
+	if (f)
+		{
+		if (!set_name_ex(&nameopt, f))
+			{
+			BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f);
+			goto err;
+			}
+		default_op = 0;
+		}
+	else
+		ERR_clear_error();
+
+	f=NCONF_get_string(conf,section,ENV_CERTOPT);
+
+	if (f)
+		{
+		if (!set_cert_ex(&certopt, f))
+			{
+			BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f);
+			goto err;
+			}
+		default_op = 0;
+		}
+	else
+		ERR_clear_error();
+
+	f=NCONF_get_string(conf,section,ENV_EXTCOPY);
+
+	if (f)
+		{
+		if (!set_ext_copy(&ext_copy, f))
+			{
+			BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f);
+			goto err;
+			}
+		}
+	else
+		ERR_clear_error();
+
 	/*****************************************************************/
 	/* lookup where to write new certificates */
 	if ((outdir == NULL) && (req))
 		{
 		struct stat sb;
 
-		if ((outdir=CONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
+		if ((outdir=NCONF_get_string(conf,section,ENV_NEW_CERTS_DIR))
 			== NULL)
 			{
 			BIO_printf(bio_err,"there needs to be defined a directory for new certificate to be placed in\n");
 			goto err;
 			}
+#ifndef OPENSSL_SYS_VMS
+	    /* outdir is a directory spec, but access() for VMS demands a
+	       filename.  In any case, stat(), below, will catch the problem
+	       if outdir is not a directory spec, and the fopen() or open()
+	       will catch an error if there is no write access.
+
+	       Presumably, this problem could also be solved by using the DEC
+	       C routines to convert the directory syntax to Unixly, and give
+	       that to access().  However, time's too short to do that just
+	       now.
+	    */
 		if (access(outdir,R_OK|W_OK|X_OK) != 0)
 			{
-			BIO_printf(bio_err,"I am unable to acces the %s directory\n",outdir);
+			BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);
 			perror(outdir);
 			goto err;
 			}
@@ -551,22 +820,25 @@ bad:
 			perror(outdir);
 			goto err;
 			}
+#ifdef S_IFDIR
 		if (!(sb.st_mode & S_IFDIR))
 			{
 			BIO_printf(bio_err,"%s need to be a directory\n",outdir);
 			perror(outdir);
 			goto err;
 			}
+#endif
+#endif
 		}
 
 	/*****************************************************************/
 	/* we need to load the database file */
-	if ((dbfile=CONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+	if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
 		{
 		lookup_fail(section,ENV_DATABASE);
 		goto err;
 		}
-        if (BIO_read_filename(in,dbfile) <= 0)
+	if (BIO_read_filename(in,dbfile) <= 0)
 		{
 		perror(dbfile);
 		BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
@@ -582,14 +854,13 @@ bad:
 		if ((pp[DB_type][0] != DB_TYPE_REV) &&
 			(pp[DB_rev_date][0] != '\0'))
 			{
-			BIO_printf(bio_err,"entry %d: not, revoked yet has a revokation date\n",i+1);
+			BIO_printf(bio_err,"entry %d: not revoked yet, but has a revocation date\n",i+1);
 			goto err;
 			}
 		if ((pp[DB_type][0] == DB_TYPE_REV) &&
-			!check_time_format(pp[DB_rev_date]))
+			!make_revoked(NULL, pp[DB_rev_date]))
 			{
-			BIO_printf(bio_err,"entry %d: invalid revokation date\n",
-				i+1);
+			BIO_printf(bio_err," in entry %d\n", i+1);
 			goto err;
 			}
 		if (!check_time_format(pp[DB_exp_date]))
@@ -599,6 +870,11 @@ bad:
 			}
 		p=pp[DB_serial];
 		j=strlen(p);
+		if (*p == '-')
+			{
+			p++;
+			j--;
+			}
 		if ((j&1) || (j < 2))
 			{
 			BIO_printf(bio_err,"entry %d: bad serial number length (%d)\n",i+1,j);
@@ -619,21 +895,24 @@ bad:
 	if (verbose)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE|BIO_FP_TEXT); /* cannot fail */
+#ifdef OPENSSL_SYS_VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
 		TXT_DB_write(out,db);
 		BIO_printf(bio_err,"%d entries loaded from the database\n",
 			db->data->num);
-		BIO_printf(bio_err,"generating indexs\n");
+		BIO_printf(bio_err,"generating index\n");
 		}
 	
-	if (!TXT_DB_create_index(db,DB_serial,NULL,index_serial_hash,
-		index_serial_cmp))
-		{
-		BIO_printf(bio_err,"error creating serial number index:(%ld,%ld,%ld)\n",db->error,db->arg1,db->arg2);
+	if (!make_serial_index(db))
 		goto err;
-		}
 
-	if (!TXT_DB_create_index(db,DB_name,index_name_qual,index_name_hash,
-		index_name_cmp))
+	if (!TXT_DB_create_index(db, DB_name, index_name_qual,
+			LHASH_HASH_FN(index_name_hash),
+			LHASH_COMP_FN(index_name_cmp)))
 		{
 		BIO_printf(bio_err,"error creating name index:(%ld,%ld,%ld)\n",
 			db->error,db->arg1,db->arg2);
@@ -641,11 +920,119 @@ bad:
 		}
 
 	/*****************************************************************/
+	/* Update the db file for expired certificates */
+	if (doupdatedb)
+		{
+		if (verbose)
+			BIO_printf(bio_err, "Updating %s ...\n",
+							dbfile);
+
+		i = do_updatedb(db);
+		if (i == -1)
+			{
+			BIO_printf(bio_err,"Malloc failure\n");
+			goto err;
+			}
+		else if (i == 0)
+			{
+			if (verbose) BIO_printf(bio_err,
+					"No entries found to mark expired\n"); 
+			}
+	    	else
+			{
+			out = BIO_new(BIO_s_file());
+			if (out == NULL)
+				{
+				ERR_print_errors(bio_err);
+				goto err;
+				}
+
+#ifndef OPENSSL_SYS_VMS
+			j = BIO_snprintf(buf[0], sizeof buf[0], "%s.new", dbfile);
+#else
+			j = BIO_snprintf(buf[0], sizeof buf[0], "%s-new", dbfile);
+#endif
+			if (j < 0 || j >= sizeof buf[0])
+				{
+				BIO_printf(bio_err, "file name too long\n");
+				goto err;
+				}
+			if (BIO_write_filename(out,buf[0]) <= 0)
+		  		{
+		    		perror(dbfile);
+		    		BIO_printf(bio_err,"unable to open '%s'\n",
+									dbfile);
+		    		goto err;
+		  		}
+			j=TXT_DB_write(out,db);
+			if (j <= 0) goto err;
+			
+			BIO_free(out);
+			out = NULL;
+#ifndef OPENSSL_SYS_VMS
+			j = BIO_snprintf(buf[1], sizeof buf[1], "%s.old", dbfile);
+#else
+			j = BIO_snprintf(buf[1], sizeof buf[1], "%s-old", dbfile);
+#endif
+			if (j < 0 || j >= sizeof buf[1])
+				{
+				BIO_printf(bio_err, "file name too long\n");
+				goto err;
+				}
+			if (rename(dbfile,buf[1]) < 0)
+		  		{
+		    		BIO_printf(bio_err,
+						"unable to rename %s to %s\n",
+						dbfile, buf[1]);
+		    		perror("reason");
+		    		goto err;
+		  		}
+			if (rename(buf[0],dbfile) < 0)
+				{
+		    		BIO_printf(bio_err,
+						"unable to rename %s to %s\n",
+						buf[0],dbfile);
+		    		perror("reason");
+		    		rename(buf[1],dbfile);
+		    		goto err;
+		  		}
+				
+			if (verbose) BIO_printf(bio_err,
+				"Done. %d entries marked as expired\n",i); 
+	      		}
+			goto err;
+	  	}
+
+ 	/*****************************************************************/
+	/* Read extentions config file                                   */
+	if (extfile)
+		{
+		extconf = NCONF_new(NULL);
+		if (NCONF_load(extconf,extfile,&errorline) <= 0)
+			{
+			if (errorline <= 0)
+				BIO_printf(bio_err, "ERROR: loading the config file '%s'\n",
+					extfile);
+			else
+				BIO_printf(bio_err, "ERROR: on line %ld of config file '%s'\n",
+					errorline,extfile);
+			ret = 1;
+			goto err;
+			}
+
+		if (verbose)
+			BIO_printf(bio_err, "Succesfully loaded extensions file %s\n", extfile);
+
+		/* We can have sections in the ext file */
+		if (!extensions && !(extensions = NCONF_get_string(extconf, "default", "extensions")))
+			extensions = "default";
+		}
+
+	/*****************************************************************/
 	if (req || gencrl)
 		{
 		if (outfile != NULL)
 			{
-
 			if (BIO_write_filename(Sout,outfile) <= 0)
 				{
 				perror(outfile);
@@ -653,17 +1040,31 @@ bad:
 				}
 			}
 		else
+			{
 			BIO_set_fp(Sout,stdout,BIO_NOCLOSE|BIO_FP_TEXT);
+#ifdef OPENSSL_SYS_VMS
+			{
+			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+			Sout = BIO_push(tmpbio, Sout);
+			}
+#endif
+			}
 		}
 
 	if (req)
 		{
-		if ((md == NULL) && ((md=CONF_get_string(conf,
+		if ((md == NULL) && ((md=NCONF_get_string(conf,
 			section,ENV_DEFAULT_MD)) == NULL))
 			{
 			lookup_fail(section,ENV_DEFAULT_MD);
 			goto err;
 			}
+		if ((email_dn == 1) && ((tmp_email_dn=NCONF_get_string(conf,
+			section,ENV_DEFAULT_EMAIL_DN)) != NULL ))
+			{
+			if(strcmp(tmp_email_dn,"no") == 0)
+				email_dn=0;
+			}
 		if ((dgst=EVP_get_digestbyname(md)) == NULL)
 			{
 			BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
@@ -672,7 +1073,7 @@ bad:
 		if (verbose)
 			BIO_printf(bio_err,"message digest is %s\n",
 				OBJ_nid2ln(dgst->type));
-		if ((policy == NULL) && ((policy=CONF_get_string(conf,
+		if ((policy == NULL) && ((policy=NCONF_get_string(conf,
 			section,ENV_POLICY)) == NULL))
 			{
 			lookup_fail(section,ENV_POLICY);
@@ -681,43 +1082,76 @@ bad:
 		if (verbose)
 			BIO_printf(bio_err,"policy is %s\n",policy);
 
-		if ((serialfile=CONF_get_string(conf,section,ENV_SERIAL))
+		if ((serialfile=NCONF_get_string(conf,section,ENV_SERIAL))
 			== NULL)
 			{
 			lookup_fail(section,ENV_SERIAL);
 			goto err;
 			}
 
-		if ((extensions=CONF_get_string(conf,section,ENV_EXTENSIONS))
-			!= NULL)
+		if (!extconf)
 			{
-			if ((extensions_sk=load_extensions(extensions)) == NULL)
-				goto err;
+			/* no '-extfile' option, so we look for extensions
+			 * in the main configuration file */
+			if (!extensions)
+				{
+				extensions=NCONF_get_string(conf,section,
+								ENV_EXTENSIONS);
+				if (!extensions)
+					ERR_clear_error();
+				}
+			if (extensions)
+				{
+				/* Check syntax of file */
+				X509V3_CTX ctx;
+				X509V3_set_ctx_test(&ctx);
+				X509V3_set_nconf(&ctx, conf);
+				if (!X509V3_EXT_add_nconf(conf, &ctx, extensions,
+								NULL))
+					{
+					BIO_printf(bio_err,
+				 	"Error Loading extension section %s\n",
+								 extensions);
+					ret = 1;
+					goto err;
+					}
+				}
 			}
 
 		if (startdate == NULL)
 			{
-			startdate=(char *)CONF_get_string(conf,section,
+			startdate=NCONF_get_string(conf,section,
 				ENV_DEFAULT_STARTDATE);
 			if (startdate == NULL)
-				startdate="today";
-			else
-				{
-				if (!ASN1_UTCTIME_set_string(NULL,startdate))
-					{
-					BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSS\n");
-					goto err;
-					}
-				}
+				ERR_clear_error();
 			}
+		if (startdate && !ASN1_UTCTIME_set_string(NULL,startdate))
+			{
+			BIO_printf(bio_err,"start date is invalid, it should be YYMMDDHHMMSSZ\n");
+			goto err;
+			}
+		if (startdate == NULL) startdate="today";
 
-		if (days == 0)
+		if (enddate == NULL)
+			{
+			enddate=NCONF_get_string(conf,section,
+				ENV_DEFAULT_ENDDATE);
+			if (enddate == NULL)
+				ERR_clear_error();
+			}
+		if (enddate && !ASN1_UTCTIME_set_string(NULL,enddate))
 			{
-			days=(int)CONF_get_number(conf,section,
-				ENV_DEFAULT_DAYS);
+			BIO_printf(bio_err,"end date is invalid, it should be YYMMDDHHMMSSZ\n");
+			goto err;
 			}
+
 		if (days == 0)
 			{
+			if(!NCONF_get_number(conf,section, ENV_DEFAULT_DAYS, &days))
+				days = 0;
+			}
+		if (!enddate && (days == 0))
+			{
 			BIO_printf(bio_err,"cannot lookup how many days to certify for\n");
 			goto err;
 			}
@@ -729,36 +1163,42 @@ bad:
 			}
 		if (verbose)
 			{
-			if ((f=BN_bn2hex(serial)) == NULL) goto err;
-			BIO_printf(bio_err,"next serial number is %s\n",f);
-			Free(f);
+			if (BN_is_zero(serial))
+				BIO_printf(bio_err,"next serial number is 00\n");
+			else
+				{
+				if ((f=BN_bn2hex(serial)) == NULL) goto err;
+				BIO_printf(bio_err,"next serial number is %s\n",f);
+				OPENSSL_free(f);
+				}
 			}
 
-		if ((attribs=CONF_get_section(conf,policy)) == NULL)
+		if ((attribs=NCONF_get_section(conf,policy)) == NULL)
 			{
 			BIO_printf(bio_err,"unable to find 'section' for %s\n",policy);
 			goto err;
 			}
 
-		if ((cert_sk=sk_new_null()) == NULL)
+		if ((cert_sk=sk_X509_new_null()) == NULL)
 			{
-			BIO_printf(bio_err,"Malloc failure\n");
+			BIO_printf(bio_err,"Memory allocation failure\n");
 			goto err;
 			}
 		if (spkac_file != NULL)
 			{
 			total++;
 			j=certify_spkac(&x,spkac_file,pkey,x509,dgst,attribs,db,
-				serial,startdate,days,extensions_sk,verbose);
+				serial,subj,email_dn,startdate,enddate,days,extensions,
+				conf,verbose,certopt,nameopt,default_op,ext_copy);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
 				total_done++;
 				BIO_printf(bio_err,"\n");
 				if (!BN_add_word(serial,1)) goto err;
-				if (!sk_push(cert_sk,(char *)x))
+				if (!sk_X509_push(cert_sk,x))
 					{
-					BIO_printf(bio_err,"Malloc failure\n");
+					BIO_printf(bio_err,"Memory allocation failure\n");
 					goto err;
 					}
 				if (outfile)
@@ -772,17 +1212,18 @@ bad:
 			{
 			total++;
 			j=certify_cert(&x,ss_cert_file,pkey,x509,dgst,attribs,
-				db,serial,startdate,days,batch,
-				extensions_sk,verbose);
+				db,serial,subj,email_dn,startdate,enddate,days,batch,
+				extensions,conf,verbose, certopt, nameopt,
+				default_op, ext_copy, e);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
 				total_done++;
 				BIO_printf(bio_err,"\n");
 				if (!BN_add_word(serial,1)) goto err;
-				if (!sk_push(cert_sk,(char *)x))
+				if (!sk_X509_push(cert_sk,x))
 					{
-					BIO_printf(bio_err,"Malloc failure\n");
+					BIO_printf(bio_err,"Memory allocation failure\n");
 					goto err;
 					}
 				}
@@ -791,17 +1232,18 @@ bad:
 			{
 			total++;
 			j=certify(&x,infile,pkey,x509,dgst,attribs,db,
-				serial,startdate,days,batch,
-				extensions_sk,verbose);
+				serial,subj,email_dn,startdate,enddate,days,batch,
+				extensions,conf,verbose, certopt, nameopt,
+				default_op, ext_copy);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
 				total_done++;
 				BIO_printf(bio_err,"\n");
 				if (!BN_add_word(serial,1)) goto err;
-				if (!sk_push(cert_sk,(char *)x))
+				if (!sk_X509_push(cert_sk,x))
 					{
-					BIO_printf(bio_err,"Malloc failure\n");
+					BIO_printf(bio_err,"Memory allocation failure\n");
 					goto err;
 					}
 				}
@@ -810,17 +1252,18 @@ bad:
 			{
 			total++;
 			j=certify(&x,argv[i],pkey,x509,dgst,attribs,db,
-				serial,startdate,days,batch,
-				extensions_sk,verbose);
+				serial,subj,email_dn,startdate,enddate,days,batch,
+				extensions,conf,verbose, certopt, nameopt,
+				default_op, ext_copy);
 			if (j < 0) goto err;
 			if (j > 0)
 				{
 				total_done++;
 				BIO_printf(bio_err,"\n");
 				if (!BN_add_word(serial,1)) goto err;
-				if (!sk_push(cert_sk,(char *)x))
+				if (!sk_X509_push(cert_sk,x))
 					{
-					BIO_printf(bio_err,"Malloc failure\n");
+					BIO_printf(bio_err,"Memory allocation failure\n");
 					goto err;
 					}
 				}
@@ -829,12 +1272,12 @@ bad:
 		 * and a data base and serial number that need
 		 * updating */
 
-		if (sk_num(cert_sk) > 0)
+		if (sk_X509_num(cert_sk) > 0)
 			{
 			if (!batch)
 				{
 				BIO_printf(bio_err,"\n%d out of %d certificate requests certified, commit? [y/n]",total_done,total);
-				BIO_flush(bio_err);
+				(void)BIO_flush(bio_err);
 				buf[0][0]='\0';
 				fgets(buf[0],10,stdin);
 				if ((buf[0][0] != 'y') && (buf[0][0] != 'Y'))
@@ -845,15 +1288,32 @@ bad:
 					}
 				}
 
-			BIO_printf(bio_err,"Write out database with %d new entries\n",sk_num(cert_sk));
+			BIO_printf(bio_err,"Write out database with %d new entries\n",sk_X509_num(cert_sk));
+
+			if(strlen(serialfile) > BSIZE-5 || strlen(dbfile) > BSIZE-5)
+				{
+				BIO_printf(bio_err,"file name too long\n");
+				goto err;
+				}
+
+			strcpy(buf[0],serialfile);
 
-			strncpy(buf[0],serialfile,BSIZE-4);
+#ifdef OPENSSL_SYS_VMS
+			strcat(buf[0],"-new");
+#else
 			strcat(buf[0],".new");
+#endif
 
 			if (!save_serial(buf[0],serial)) goto err;
 
-			strncpy(buf[1],dbfile,BSIZE-4);
+			strcpy(buf[1],dbfile);
+
+#ifdef OPENSSL_SYS_VMS
+			strcat(buf[1],"-new");
+#else
 			strcat(buf[1],".new");
+#endif
+
 			if (BIO_write_filename(out,buf[1]) <= 0)
 				{
 				perror(dbfile);
@@ -866,18 +1326,28 @@ bad:
 	
 		if (verbose)
 			BIO_printf(bio_err,"writing new certificates\n");
-		for (i=0; i<sk_num(cert_sk); i++)
+		for (i=0; i<sk_X509_num(cert_sk); i++)
 			{
 			int k;
 			unsigned char *n;
 
-			x=(X509 *)sk_value(cert_sk,i);
+			x=sk_X509_value(cert_sk,i);
 
 			j=x->cert_info->serialNumber->length;
 			p=(char *)x->cert_info->serialNumber->data;
 			
-			strncpy(buf[2],outdir,BSIZE-(j*2)-6);
+			if(strlen(outdir) >= (size_t)(j ? BSIZE-j*2-6 : BSIZE-8))
+				{
+				BIO_printf(bio_err,"certificate file name too long\n");
+				goto err;
+				}
+
+			strcpy(buf[2],outdir);
+
+#ifndef OPENSSL_SYS_VMS
 			strcat(buf[2],"/");
+#endif
+
 			n=(unsigned char *)&(buf[2][strlen(buf[2])]);
 			if (j > 0)
 				{
@@ -902,29 +1372,36 @@ bad:
 				perror(buf[2]);
 				goto err;
 				}
-			write_new_certificate(Cout,x, 0);
-			write_new_certificate(Sout,x, output_der);
+			write_new_certificate(Cout,x, 0, notext);
+			write_new_certificate(Sout,x, output_der, notext);
 			}
 
-		if (sk_num(cert_sk))
+		if (sk_X509_num(cert_sk))
 			{
 			/* Rename the database and the serial file */
 			strncpy(buf[2],serialfile,BSIZE-4);
+			buf[2][BSIZE-4]='\0';
+
+#ifdef OPENSSL_SYS_VMS
+			strcat(buf[2],"-old");
+#else
 			strcat(buf[2],".old");
+#endif
+
 			BIO_free(in);
-			BIO_free(out);
+			BIO_free_all(out);
 			in=NULL;
 			out=NULL;
 			if (rename(serialfile,buf[2]) < 0)
 				{
-				BIO_printf(bio_err,"unabel to rename %s to %s\n",
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
 					serialfile,buf[2]);
 				perror("reason");
 				goto err;
 				}
 			if (rename(buf[0],serialfile) < 0)
 				{
-				BIO_printf(bio_err,"unabel to rename %s to %s\n",
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
 					buf[0],serialfile);
 				perror("reason");
 				rename(buf[2],serialfile);
@@ -932,17 +1409,24 @@ bad:
 				}
 
 			strncpy(buf[2],dbfile,BSIZE-4);
+			buf[2][BSIZE-4]='\0';
+
+#ifdef OPENSSL_SYS_VMS
+			strcat(buf[2],"-old");
+#else
 			strcat(buf[2],".old");
+#endif
+
 			if (rename(dbfile,buf[2]) < 0)
 				{
-				BIO_printf(bio_err,"unabel to rename %s to %s\n",
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
 					dbfile,buf[2]);
 				perror("reason");
 				goto err;
 				}
 			if (rename(buf[1],dbfile) < 0)
 				{
-				BIO_printf(bio_err,"unabel to rename %s to %s\n",
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
 					buf[1],dbfile);
 				perror("reason");
 				rename(buf[2],dbfile);
@@ -955,32 +1439,56 @@ bad:
 	/*****************************************************************/
 	if (gencrl)
 		{
-		if ((hex=BIO_new(BIO_s_mem())) == NULL) goto err;
+		int crl_v2 = 0;
+		if (!crl_ext)
+			{
+			crl_ext=NCONF_get_string(conf,section,ENV_CRLEXT);
+			if (!crl_ext)
+				ERR_clear_error();
+			}
+		if (crl_ext)
+			{
+			/* Check syntax of file */
+			X509V3_CTX ctx;
+			X509V3_set_ctx_test(&ctx);
+			X509V3_set_nconf(&ctx, conf);
+			if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL))
+				{
+				BIO_printf(bio_err,
+				 "Error Loading CRL extension section %s\n",
+								 crl_ext);
+				ret = 1;
+				goto err;
+				}
+			}
 
 		if (!crldays && !crlhours)
 			{
-			crldays=CONF_get_number(conf,section,
-				ENV_DEFAULT_CRL_DAYS);
-			crlhours=CONF_get_number(conf,section,
-				ENV_DEFAULT_CRL_HOURS);
+			if (!NCONF_get_number(conf,section,
+				ENV_DEFAULT_CRL_DAYS, &crldays))
+				crldays = 0;
+			if (!NCONF_get_number(conf,section,
+				ENV_DEFAULT_CRL_HOURS, &crlhours))
+				crlhours = 0;
 			}
 		if ((crldays == 0) && (crlhours == 0))
 			{
-			BIO_printf(bio_err,"cannot lookup how long until the next CRL is issuer\n");
+			BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");
 			goto err;
 			}
 
 		if (verbose) BIO_printf(bio_err,"making CRL\n");
 		if ((crl=X509_CRL_new()) == NULL) goto err;
-		ci=crl->crl;
-		X509_NAME_free(ci->issuer);
-		ci->issuer=X509_NAME_dup(x509->cert_info->subject);
-		if (ci->issuer == NULL) goto err;
+		if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509))) goto err;
+
+		tmptm = ASN1_TIME_new();
+		if (!tmptm) goto err;
+		X509_gmtime_adj(tmptm,0);
+		X509_CRL_set_lastUpdate(crl, tmptm);	
+		X509_gmtime_adj(tmptm,(crldays*24+crlhours)*60*60);
+		X509_CRL_set_nextUpdate(crl, tmptm);	
 
-		X509_gmtime_adj(ci->lastUpdate,0);
-		if (ci->nextUpdate == NULL)
-			ci->nextUpdate=ASN1_UTCTIME_new();
-		X509_gmtime_adj(ci->nextUpdate,(crldays*24+crlhours)*60*60);
+		ASN1_TIME_free(tmptm);
 
 		for (i=0; i<sk_num(db->data); i++)
 			{
@@ -988,31 +1496,27 @@ bad:
 			if (pp[DB_type][0] == DB_TYPE_REV)
 				{
 				if ((r=X509_REVOKED_new()) == NULL) goto err;
-				ASN1_STRING_set((ASN1_STRING *)
-					r->revocationDate,
-					(unsigned char *)pp[DB_rev_date],
-					strlen(pp[DB_rev_date]));
-				/* strcpy(r->revocationDate,pp[DB_rev_date]);*/
-
-				BIO_reset(hex);
-				if (!BIO_puts(hex,pp[DB_serial]))
+				j = make_revoked(r, pp[DB_rev_date]);
+				if (!j) goto err;
+				if (j == 2) crl_v2 = 1;
+				if (!BN_hex2bn(&serial, pp[DB_serial]))
 					goto err;
-				if (!a2i_ASN1_INTEGER(hex,r->serialNumber,
-					buf[0],BSIZE)) goto err;
-
-				sk_push(ci->revoked,(char *)r);
+				tmpser = BN_to_ASN1_INTEGER(serial, NULL);
+				BN_free(serial);
+				serial = NULL;
+				if (!tmpser)
+					goto err;
+				X509_REVOKED_set_serialNumber(r, tmpser);
+				ASN1_INTEGER_free(tmpser);
+				X509_CRL_add0_revoked(crl,r);
 				}
 			}
+
 		/* sort the data so it will be written in serial
 		 * number order */
-		sk_find(ci->revoked,NULL);
-		for (i=0; i<sk_num(ci->revoked); i++)
-			{
-			r=(X509_REVOKED *)sk_value(ci->revoked,i);
-			r->sequence=i;
-			}
+		X509_CRL_sort(crl);
 
-		/* we how have a CRL */
+		/* we now have a CRL */
 		if (verbose) BIO_printf(bio_err,"signing CRL\n");
 		if (md != NULL)
 			{
@@ -1023,91 +1527,168 @@ bad:
 				}
 			}
 		else
-			dgst=EVP_md5();
+			{
+#ifndef OPENSSL_NO_DSA
+			if (pkey->type == EVP_PKEY_DSA) 
+				dgst=EVP_dss1();
+			else
+#endif
+#ifndef OPENSSL_NO_ECDSA
+			if (pkey->type == EVP_PKEY_EC)
+				dgst=EVP_ecdsa();
+			else
+#endif
+				dgst=EVP_md5();
+			}
+
+		/* Add any extensions asked for */
+
+		if (crl_ext)
+			{
+			X509V3_CTX crlctx;
+			X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
+			X509V3_set_nconf(&crlctx, conf);
+
+			if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx,
+				crl_ext, crl)) goto err;
+			}
+		if (crl_ext || crl_v2)
+			{
+			if (!X509_CRL_set_version(crl, 1))
+				goto err; /* version 2 CRL */
+			}
+
 		if (!X509_CRL_sign(crl,pkey,dgst)) goto err;
 
 		PEM_write_bio_X509_CRL(Sout,crl);
 		}
 	/*****************************************************************/
+	if (dorevoke)
+		{
+		if (infile == NULL) 
+			{
+			BIO_printf(bio_err,"no input files\n");
+			goto err;
+			}
+		else
+			{
+			X509 *revcert;
+			revcert=load_cert(bio_err, infile, FORMAT_PEM,
+				NULL, e, infile);
+			if (revcert == NULL)
+				goto err;
+			j=do_revoke(revcert,db, rev_type, rev_arg);
+			if (j <= 0) goto err;
+			X509_free(revcert);
+
+			if(strlen(dbfile) > BSIZE-5)
+				{
+				BIO_printf(bio_err,"filename too long\n");
+				goto err;
+				}
+
+			strcpy(buf[0],dbfile);
+#ifndef OPENSSL_SYS_VMS
+			strcat(buf[0],".new");
+#else
+			strcat(buf[0],"-new");
+#endif
+			if (BIO_write_filename(out,buf[0]) <= 0)
+				{
+				perror(dbfile);
+				BIO_printf(bio_err,"unable to open '%s'\n",dbfile);
+				goto err;
+				}
+			j=TXT_DB_write(out,db);
+			if (j <= 0) goto err;
+			strncpy(buf[1],dbfile,BSIZE-4);
+			buf[1][BSIZE-4]='\0';
+#ifndef OPENSSL_SYS_VMS
+			strcat(buf[1],".old");
+#else
+			strcat(buf[1],"-old");
+#endif
+			BIO_free(in);
+			in = NULL;
+			BIO_free(out);
+			out = NULL;
+			if (rename(dbfile,buf[1]) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
+				perror("reason");
+				goto err;
+				}
+			if (rename(buf[0],dbfile) < 0)
+				{
+				BIO_printf(bio_err,"unable to rename %s to %s\n", buf[0],dbfile);
+				perror("reason");
+				rename(buf[1],dbfile);
+				goto err;
+				}
+			BIO_printf(bio_err,"Data Base Updated\n"); 
+			}
+		}
+	/*****************************************************************/
 	ret=0;
 err:
-	if (hex != NULL) BIO_free(hex);
-	if (Cout != NULL) BIO_free(Cout);
-	if (Sout != NULL) BIO_free(Sout);
-	if (out != NULL) BIO_free(out);
-	if (in != NULL) BIO_free(in);
+	if(tofree)
+		OPENSSL_free(tofree);
+	BIO_free_all(Cout);
+	BIO_free_all(Sout);
+	BIO_free_all(out);
+	BIO_free_all(in);
 
-	if (cert_sk != NULL) sk_pop_free(cert_sk,X509_free);
-	if (extensions_sk != NULL)
-		sk_pop_free(extensions_sk,X509_EXTENSION_free);
+	sk_X509_pop_free(cert_sk,X509_free);
 
 	if (ret) ERR_print_errors(bio_err);
-	if (serial != NULL) BN_free(serial);
-	if (db != NULL) TXT_DB_free(db);
-	if (pkey != NULL) EVP_PKEY_free(pkey);
-	if (x509 != NULL) X509_free(x509);
-	if (crl != NULL) X509_CRL_free(crl);
-	if (conf != NULL) CONF_free(conf);
-	X509v3_cleanup_extensions();
-	EXIT(ret);
+	app_RAND_write_file(randfile, bio_err);
+	if (free_key)
+		OPENSSL_free(key);
+	BN_free(serial);
+	TXT_DB_free(db);
+	EVP_PKEY_free(pkey);
+	X509_free(x509);
+	X509_CRL_free(crl);
+	NCONF_free(conf);
+	OBJ_cleanup();
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
-static void lookup_fail(name,tag)
-char *name;
-char *tag;
+static void lookup_fail(char *name, char *tag)
 	{
 	BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
 	}
 
-static int MS_CALLBACK key_callback(buf,len,verify)
-char *buf;
-int len,verify;
-	{
-	int i;
-
-	if (key == NULL) return(0);
-	i=strlen(key);
-	i=(i > len)?len:i;
-	memcpy(buf,key,i);
-	return(i);
-	}
-
-static unsigned long index_serial_hash(a)
-char **a;
+static unsigned long index_serial_hash(const char **a)
 	{
-	char *n;
+	const char *n;
 
 	n=a[DB_serial];
 	while (*n == '0') n++;
 	return(lh_strhash(n));
 	}
 
-static int index_serial_cmp(a,b)
-char **a;
-char **b;
+static int index_serial_cmp(const char **a, const char **b)
 	{
-	char *aa,*bb;
+	const char *aa,*bb;
 
 	for (aa=a[DB_serial]; *aa == '0'; aa++);
 	for (bb=b[DB_serial]; *bb == '0'; bb++);
 	return(strcmp(aa,bb));
 	}
 
-static unsigned long index_name_hash(a)
-char **a;
+static unsigned long index_name_hash(const char **a)
 	{ return(lh_strhash(a[DB_name])); }
 
-static int index_name_qual(a)
-char **a;
+static int index_name_qual(char **a)
 	{ return(a[0][0] == 'V'); }
 
-static int index_name_cmp(a,b)
-char **a;
-char **b;
-	{ return(strcmp(a[DB_name],b[DB_name])); }
+static int index_name_cmp(const char **a, const char **b)
+	{ return(strcmp(a[DB_name],
+	     b[DB_name])); }
 
-static BIGNUM *load_serial(serialfile)
-char *serialfile;
+static BIGNUM *load_serial(char *serialfile)
 	{
 	BIO *in=NULL;
 	BIGNUM *ret=NULL;
@@ -1136,7 +1717,7 @@ char *serialfile;
 	ret=ASN1_INTEGER_to_BN(ai,NULL);
 	if (ret == NULL)
 		{
-		BIO_printf(bio_err,"error converting number from bin to BIGNUM");
+		BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
 		goto err;
 		}
 err:
@@ -1145,9 +1726,7 @@ err:
 	return(ret);
 	}
 
-static int save_serial(serialfile,serial)
-char *serialfile;
-BIGNUM *serial;
+static int save_serial(char *serialfile, BIGNUM *serial)
 	{
 	BIO *out;
 	int ret=0;
@@ -1174,26 +1753,17 @@ BIGNUM *serial;
 	BIO_puts(out,"\n");
 	ret=1;
 err:
-	if (out != NULL) BIO_free(out);
+	if (out != NULL) BIO_free_all(out);
 	if (ai != NULL) ASN1_INTEGER_free(ai);
 	return(ret);
 	}
 
-static int certify(xret,infile,pkey,x509,dgst,policy,db,serial,startdate,days,
-	batch,extensions,verbose)
-X509 **xret;
-char *infile;
-EVP_PKEY *pkey;
-X509 *x509;
-EVP_MD *dgst;
-STACK *policy;
-TXT_DB *db;
-BIGNUM *serial;
-char *startdate;
-int days;
-int batch;
-STACK *extensions;
-int verbose;
+static int certify(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
+	     BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
+	     long days, int batch, char *ext_sect, CONF *lconf, int verbose,
+	     unsigned long certopt, unsigned long nameopt, int default_op,
+	     int ext_copy)
 	{
 	X509_REQ *req=NULL;
 	BIO *in=NULL;
@@ -1207,7 +1777,7 @@ int verbose;
 		perror(infile);
 		goto err;
 		}
-	if ((req=PEM_read_bio_X509_REQ(in,NULL,NULL)) == NULL)
+	if ((req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL)) == NULL)
 		{
 		BIO_printf(bio_err,"Error reading certificate request in %s\n",
 			infile);
@@ -1224,6 +1794,7 @@ int verbose;
 		goto err;
 		}
 	i=X509_REQ_verify(req,pktmp);
+	EVP_PKEY_free(pktmp);
 	if (i < 0)
 		{
 		ok=0;
@@ -1239,8 +1810,9 @@ int verbose;
 	else
 		BIO_printf(bio_err,"Signature ok\n");
 
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,
-		days,batch,verbose,req,extensions);
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj, email_dn,
+		startdate,enddate,days,batch,verbose,req,ext_sect,lconf,
+		certopt, nameopt, default_op, ext_copy);
 
 err:
 	if (req != NULL) X509_REQ_free(req);
@@ -1248,40 +1820,20 @@ err:
 	return(ok);
 	}
 
-static int certify_cert(xret,infile,pkey,x509,dgst,policy,db,serial,startdate,
-	days, batch,extensions,verbose)
-X509 **xret;
-char *infile;
-EVP_PKEY *pkey;
-X509 *x509;
-EVP_MD *dgst;
-STACK *policy;
-TXT_DB *db;
-BIGNUM *serial;
-char *startdate;
-int days;
-int batch;
-STACK *extensions;
-int verbose;
+static int certify_cert(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
+	     BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
+	     long days, int batch, char *ext_sect, CONF *lconf, int verbose,
+	     unsigned long certopt, unsigned long nameopt, int default_op,
+	     int ext_copy, ENGINE *e)
 	{
 	X509 *req=NULL;
 	X509_REQ *rreq=NULL;
-	BIO *in=NULL;
 	EVP_PKEY *pktmp=NULL;
 	int ok= -1,i;
 
-	in=BIO_new(BIO_s_file());
-
-	if (BIO_read_filename(in,infile) <= 0)
-		{
-		perror(infile);
-		goto err;
-		}
-	if ((req=PEM_read_bio_X509(in,NULL,NULL)) == NULL)
-		{
-		BIO_printf(bio_err,"Error reading self signed certificate in %s\n",infile);
+	if ((req=load_cert(bio_err, infile, FORMAT_PEM, NULL, e, infile)) == NULL)
 		goto err;
-		}
 	if (verbose)
 		X509_print(bio_err,req);
 
@@ -1293,6 +1845,7 @@ int verbose;
 		goto err;
 		}
 	i=X509_verify(req,pktmp);
+	EVP_PKEY_free(pktmp);
 	if (i < 0)
 		{
 		ok=0;
@@ -1311,33 +1864,24 @@ int verbose;
 	if ((rreq=X509_to_X509_REQ(req,NULL,EVP_md5())) == NULL)
 		goto err;
 
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,days,
-		batch,verbose,rreq,extensions);
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate,
+		days,batch,verbose,rreq,ext_sect,lconf, certopt, nameopt, default_op,
+		ext_copy);
 
 err:
 	if (rreq != NULL) X509_REQ_free(rreq);
 	if (req != NULL) X509_free(req);
-	if (in != NULL) BIO_free(in);
 	return(ok);
 	}
 
-static int do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,days,
-	batch,verbose,req, extensions)
-X509 **xret;
-EVP_PKEY *pkey;
-X509 *x509;
-EVP_MD *dgst;
-STACK *policy;
-TXT_DB *db;
-BIGNUM *serial;
-char *startdate;
-int days;
-int batch;
-int verbose;
-X509_REQ *req;
-STACK *extensions;
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
+	     STACK_OF(CONF_VALUE) *policy, TXT_DB *db, BIGNUM *serial, char *subj,
+	     int email_dn, char *startdate, char *enddate, long days, int batch,
+	     int verbose, X509_REQ *req, char *ext_sect, CONF *lconf,
+	     unsigned long certopt, unsigned long nameopt, int default_op,
+	     int ext_copy)
 	{
-	X509_NAME *name=NULL,*CAname=NULL,*subject=NULL;
+	X509_NAME *name=NULL,*CAname=NULL,*subject=NULL, *dn_subject=NULL;
 	ASN1_UTCTIME *tm,*tmptm;
 	ASN1_STRING *str,*str2;
 	ASN1_OBJECT *obj;
@@ -1345,13 +1889,12 @@ STACK *extensions;
 	X509_CINF *ci;
 	X509_NAME_ENTRY *ne;
 	X509_NAME_ENTRY *tne,*push;
-	X509_EXTENSION *ex=NULL;
 	EVP_PKEY *pktmp;
 	int ok= -1,i,j,last,nid;
 	char *p;
 	CONF_VALUE *cv;
 	char *row[DB_NUMBER],**rrow,**irow=NULL;
-	char buf[25],*pbuf;
+	char buf[25];
 
 	tmptm=ASN1_UTCTIME_new();
 	if (tmptm == NULL)
@@ -1363,20 +1906,29 @@ STACK *extensions;
 	for (i=0; i<DB_NUMBER; i++)
 		row[i]=NULL;
 
-	BIO_printf(bio_err,"The Subjects Distinguished Name is as follows\n");
+	if (subj)
+		{
+		X509_NAME *n = do_subject(subj, MBSTRING_ASC);
+
+		if (!n)
+			{
+			ERR_print_errors(bio_err);
+			goto err;
+			}
+		X509_REQ_set_subject_name(req,n);
+		req->req_info->enc.modified = 1;
+		X509_NAME_free(n);
+		}
+
+	if (default_op)
+		BIO_printf(bio_err,"The Subject's Distinguished Name is as follows\n");
+
 	name=X509_REQ_get_subject_name(req);
 	for (i=0; i<X509_NAME_entry_count(name); i++)
 		{
-		ne=(X509_NAME_ENTRY *)X509_NAME_get_entry(name,i);
-		obj=X509_NAME_ENTRY_get_object(ne);
-		j=i2a_ASN1_OBJECT(bio_err,obj);
+		ne= X509_NAME_get_entry(name,i);
 		str=X509_NAME_ENTRY_get_data(ne);
-		pbuf=buf;
-		for (j=22-j; j>0; j--)
-			*(pbuf++)=' ';
-		*(pbuf++)=':';
-		*(pbuf++)='\0';
-		BIO_puts(bio_err,buf);
+		obj=X509_NAME_ENTRY_get_object(ne);
 
 		if (msie_hack)
 			{
@@ -1395,16 +1947,9 @@ STACK *extensions;
 				str->type=V_ASN1_IA5STRING;
 			}
 
-		if (str->type == V_ASN1_PRINTABLESTRING)
-			BIO_printf(bio_err,"PRINTABLE:'");
-		else if (str->type == V_ASN1_T61STRING)
-			BIO_printf(bio_err,"T61STRING:'");
-		else if (str->type == V_ASN1_IA5STRING)
-			BIO_printf(bio_err,"IA5STRING:'");
-		else if (str->type == V_ASN1_UNIVERSALSTRING)
-			BIO_printf(bio_err,"UNIVERSALSTRING:'");
-		else
-			BIO_printf(bio_err,"ASN.1 %2d:'",str->type);
+		/* If no EMAIL is wanted in the subject */
+		if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) && (!email_dn))
+			continue;
 
 		/* check some things */
 		if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) &&
@@ -1413,35 +1958,27 @@ STACK *extensions;
 			BIO_printf(bio_err,"\nemailAddress type needs to be of type IA5STRING\n");
 			goto err;
 			}
-		j=ASN1_PRINTABLE_type(str->data,str->length);
-		if (	((j == V_ASN1_T61STRING) &&
-			 (str->type != V_ASN1_T61STRING)) ||
-			((j == V_ASN1_IA5STRING) &&
-			 (str->type == V_ASN1_PRINTABLESTRING)))
+		if ((str->type != V_ASN1_BMPSTRING) && (str->type != V_ASN1_UTF8STRING))
 			{
-			BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n");
-			goto err;
-			}
-			
-		p=(char *)str->data;
-		for (j=str->length; j>0; j--)
-			{
-			if ((*p >= ' ') && (*p <= '~'))
-				BIO_printf(bio_err,"%c",*p);
-			else if (*p & 0x80)
-				BIO_printf(bio_err,"\\0x%02X",*p);
-			else if ((unsigned char)*p == 0xf7)
-				BIO_printf(bio_err,"^?");
-			else	BIO_printf(bio_err,"^%c",*p+'@');
-			p++;
+			j=ASN1_PRINTABLE_type(str->data,str->length);
+			if (	((j == V_ASN1_T61STRING) &&
+				 (str->type != V_ASN1_T61STRING)) ||
+				((j == V_ASN1_IA5STRING) &&
+				 (str->type == V_ASN1_PRINTABLESTRING)))
+				{
+				BIO_printf(bio_err,"\nThe string contains characters that are illegal for the ASN.1 type\n");
+				goto err;
+				}
 			}
-		BIO_printf(bio_err,"'\n");
+
+		if (default_op)
+			old_entry_print(bio_err, obj, str);
 		}
 
 	/* Ok, now we check the 'policy' stuff. */
 	if ((subject=X509_NAME_new()) == NULL)
 		{
-		BIO_printf(bio_err,"Malloc failure\n");
+		BIO_printf(bio_err,"Memory allocation failure\n");
 		goto err;
 		}
 
@@ -1450,9 +1987,9 @@ STACK *extensions;
 	if (CAname == NULL) goto err;
 	str=str2=NULL;
 
-	for (i=0; i<sk_num(policy); i++)
+	for (i=0; i<sk_CONF_VALUE_num(policy); i++)
 		{
-		cv=(CONF_VALUE *)sk_value(policy,i); /* get the object id */
+		cv=sk_CONF_VALUE_value(policy,i); /* get the object id */
 		if ((j=OBJ_txt2nid(cv->name)) == NID_undef)
 			{
 			BIO_printf(bio_err,"%s:unknown object type in 'policy' configuration\n",cv->name);
@@ -1523,7 +2060,7 @@ again2:
 					}
 				if (j < 0)
 					{
-					BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str == NULL)?"NULL":(char *)str->data),((str2 == NULL)?"NULL":(char *)str2->data));
+					BIO_printf(bio_err,"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",cv->name,((str2 == NULL)?"NULL":(char *)str2->data),((str == NULL)?"NULL":(char *)str->data));
 					goto err;
 					}
 				}
@@ -1535,12 +2072,11 @@ again2:
 
 			if (push != NULL)
 				{
-				if (!X509_NAME_add_entry(subject,push,
-					X509_NAME_entry_count(subject),0))
+				if (!X509_NAME_add_entry(subject,push, -1, 0))
 					{
 					if (push != NULL)
 						X509_NAME_ENTRY_free(push);
-					BIO_printf(bio_err,"Malloc failure\n");
+					BIO_printf(bio_err,"Memory allocation failure\n");
 					goto err;
 					}
 				}
@@ -1551,18 +2087,46 @@ again2:
 	if (preserve)
 		{
 		X509_NAME_free(subject);
-		subject=X509_NAME_dup(X509_REQ_get_subject_name(req));
+		/* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */
+		subject=X509_NAME_dup(name);
 		if (subject == NULL) goto err;
 		}
 
 	if (verbose)
-		BIO_printf(bio_err,"The subject name apears to be ok, checking data base for clashes\n");
+		BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
 
-	row[DB_name]=X509_NAME_oneline(subject,NULL,0);
-	row[DB_serial]=BN_bn2hex(serial);
-	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+	/* Build the correct Subject if no e-mail is wanted in the subject */
+	/* and add it later on because of the method extensions are added (altName) */
+	 
+	if (email_dn)
+		dn_subject = subject;
+	else
 		{
-		BIO_printf(bio_err,"Malloc failure\n");
+		X509_NAME_ENTRY *tmpne;
+		/* Its best to dup the subject DN and then delete any email
+		 * addresses because this retains its structure.
+		 */
+		if (!(dn_subject = X509_NAME_dup(subject)))
+			{
+			BIO_printf(bio_err,"Memory allocation failure\n");
+			goto err;
+			}
+		while((i = X509_NAME_get_index_by_NID(dn_subject,
+					NID_pkcs9_emailAddress, -1)) >= 0)
+			{
+			tmpne = X509_NAME_get_entry(dn_subject, i);
+			X509_NAME_delete_entry(dn_subject, i);
+			X509_NAME_ENTRY_free(tmpne);
+			}
+		}
+
+	if (BN_is_zero(serial))
+		row[DB_serial]=BUF_strdup("00");
+	else
+		row[DB_serial]=BN_bn2hex(serial);
+	if (row[DB_serial] == NULL)
+		{
+		BIO_printf(bio_err,"Memory allocation failure\n");
 		goto err;
 		}
 
@@ -1595,7 +2159,7 @@ again2:
 			p="Valid";
 		else
 			p="\ninvalid type, Data base error\n";
-		BIO_printf(bio_err,"Type          :%s\n",p);;
+		BIO_printf(bio_err,"Type	  :%s\n",p);;
 		if (rrow[DB_type][0] == 'R')
 			{
 			p=rrow[DB_exp_date]; if (p == NULL) p="undef";
@@ -1613,7 +2177,7 @@ again2:
 		goto err;
 		}
 
-	/* We are now totaly happy, lets make and sign the certificate */
+	/* We are now totally happy, lets make and sign the certificate */
 	if (verbose)
 		BIO_printf(bio_err,"Everything appears to be ok, creating and signing the certificate\n");
 
@@ -1630,56 +2194,114 @@ again2:
 	if (!X509_set_issuer_name(ret,X509_get_subject_name(x509)))
 		goto err;
 
-	BIO_printf(bio_err,"Certificate is to be certified until ");
 	if (strcmp(startdate,"today") == 0)
-		{
 		X509_gmtime_adj(X509_get_notBefore(ret),0);
+	else ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
+
+	if (enddate == NULL)
 		X509_gmtime_adj(X509_get_notAfter(ret),(long)60*60*24*days);
-		}
-	else
-		{
-		/*XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX*/
-		ASN1_UTCTIME_set_string(X509_get_notBefore(ret),startdate);
-		}
-	ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
-	BIO_printf(bio_err," (%d days)\n",days);
+	else ASN1_UTCTIME_set_string(X509_get_notAfter(ret),enddate);
 
 	if (!X509_set_subject_name(ret,subject)) goto err;
 
 	pktmp=X509_REQ_get_pubkey(req);
-	if (!X509_set_pubkey(ret,pktmp)) goto err;
+	i = X509_set_pubkey(ret,pktmp);
+	EVP_PKEY_free(pktmp);
+	if (!i) goto err;
 
 	/* Lets add the extensions, if there are any */
-	if ((extensions != NULL) && (sk_num(extensions) > 0))
+	if (ext_sect)
 		{
+		X509V3_CTX ctx;
 		if (ci->version == NULL)
 			if ((ci->version=ASN1_INTEGER_new()) == NULL)
 				goto err;
 		ASN1_INTEGER_set(ci->version,2); /* version 3 certificate */
 
 		/* Free the current entries if any, there should not
-		 * be any I belive */
+		 * be any I believe */
 		if (ci->extensions != NULL)
-			sk_pop_free(ci->extensions,X509_EXTENSION_free);
+			sk_X509_EXTENSION_pop_free(ci->extensions,
+						   X509_EXTENSION_free);
 
-		if ((ci->extensions=sk_new_null()) == NULL)
-			goto err;
+		ci->extensions = NULL;
+
+		/* Initialize the context structure */
+		X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
 
-		/* Lets 'copy' in the new ones */
-		for (i=0; i<sk_num(extensions); i++)
+		if (extconf)
+			{
+			if (verbose)
+				BIO_printf(bio_err, "Extra configuration file found\n");
+ 
+			/* Use the extconf configuration db LHASH */
+			X509V3_set_nconf(&ctx, extconf);
+ 
+			/* Test the structure (needed?) */
+			/* X509V3_set_ctx_test(&ctx); */
+
+			/* Adds exts contained in the configuration file */
+			if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect,ret))
+				{
+				BIO_printf(bio_err,
+				    "ERROR: adding extensions in section %s\n",
+								ext_sect);
+				ERR_print_errors(bio_err);
+				goto err;
+				}
+			if (verbose)
+				BIO_printf(bio_err, "Successfully added extensions from file.\n");
+			}
+		else if (ext_sect)
 			{
-			ex=X509_EXTENSION_dup((X509_EXTENSION *)
-				sk_value(extensions,i));
-			if (ex == NULL) goto err;
-			if (!sk_push(ci->extensions,(char *)ex)) goto err;
+			/* We found extensions to be set from config file */
+			X509V3_set_nconf(&ctx, lconf);
+
+			if(!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret))
+				{
+				BIO_printf(bio_err, "ERROR: adding extensions in section %s\n", ext_sect);
+				ERR_print_errors(bio_err);
+				goto err;
+				}
+
+			if (verbose) 
+				BIO_printf(bio_err, "Successfully added extensions from config\n");
 			}
 		}
 
+	/* Copy extensions from request (if any) */
+
+	if (!copy_extensions(ret, req, ext_copy))
+		{
+		BIO_printf(bio_err, "ERROR: adding extensions from request\n");
+		ERR_print_errors(bio_err);
+		goto err;
+		}
+
+	/* Set the right value for the noemailDN option */
+	if( email_dn == 0 )
+		{
+		if (!X509_set_subject_name(ret,dn_subject)) goto err;
+		}
+
+	if (!default_op)
+		{
+		BIO_printf(bio_err, "Certificate Details:\n");
+		/* Never print signature details because signature not present */
+		certopt |= X509_FLAG_NO_SIGDUMP | X509_FLAG_NO_SIGNAME;
+		X509_print_ex(bio_err, ret, nameopt, certopt); 
+		}
+
+	BIO_printf(bio_err,"Certificate is to be certified until ");
+	ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ret));
+	if (days) BIO_printf(bio_err," (%d days)",days);
+	BIO_printf(bio_err, "\n");
 
 	if (!batch)
 		{
+
 		BIO_printf(bio_err,"Sign the certificate? [y/n]:");
-		BIO_flush(bio_err);
+		(void)BIO_flush(bio_err);
 		buf[0]='\0';
 		fgets(buf,sizeof(buf)-1,stdin);
 		if (!((buf[0] == 'y') || (buf[0] == 'Y')))
@@ -1690,45 +2312,56 @@ again2:
 			}
 		}
 
-	if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();
 
-#ifndef NO_DSA
-        pktmp=X509_get_pubkey(ret);
-        if (EVP_PKEY_missing_parameters(pktmp) &&
+#ifndef OPENSSL_NO_DSA
+	if (pkey->type == EVP_PKEY_DSA) dgst=EVP_dss1();
+	pktmp=X509_get_pubkey(ret);
+	if (EVP_PKEY_missing_parameters(pktmp) &&
 		!EVP_PKEY_missing_parameters(pkey))
 		EVP_PKEY_copy_parameters(pktmp,pkey);
+	EVP_PKEY_free(pktmp);
+#endif
+#ifndef OPENSSL_NO_ECDSA
+	if (pkey->type == EVP_PKEY_EC)
+		dgst = EVP_ecdsa();
+	pktmp = X509_get_pubkey(ret);
+	if (EVP_PKEY_missing_parameters(pktmp) &&
+		!EVP_PKEY_missing_parameters(pkey))
+		EVP_PKEY_copy_parameters(pktmp, pkey);
+	EVP_PKEY_free(pktmp);
 #endif
 
+
 	if (!X509_sign(ret,pkey,dgst))
 		goto err;
 
 	/* We now just add it to the database */
-	row[DB_type]=(char *)Malloc(2);
+	row[DB_type]=(char *)OPENSSL_malloc(2);
 
 	tm=X509_get_notAfter(ret);
-	row[DB_exp_date]=(char *)Malloc(tm->length+1);
+	row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1);
 	memcpy(row[DB_exp_date],tm->data,tm->length);
 	row[DB_exp_date][tm->length]='\0';
 
 	row[DB_rev_date]=NULL;
 
 	/* row[DB_serial] done already */
-	row[DB_file]=(char *)Malloc(8);
-	/* row[DB_name] done already */
+	row[DB_file]=(char *)OPENSSL_malloc(8);
+	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(ret),NULL,0);
 
 	if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
-		(row[DB_file] == NULL))
+		(row[DB_file] == NULL) || (row[DB_name] == NULL))
 		{
-		BIO_printf(bio_err,"Malloc failure\n");
+		BIO_printf(bio_err,"Memory allocation failure\n");
 		goto err;
 		}
 	strcpy(row[DB_file],"unknown");
 	row[DB_type][0]='V';
 	row[DB_type][1]='\0';
 
-	if ((irow=(char **)Malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
+	if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
 		{
-		BIO_printf(bio_err,"Malloc failure\n");
+		BIO_printf(bio_err,"Memory allocation failure\n");
 		goto err;
 		}
 
@@ -1748,12 +2381,16 @@ again2:
 	ok=1;
 err:
 	for (i=0; i<DB_NUMBER; i++)
-		if (row[i] != NULL) Free(row[i]);
+		if (row[i] != NULL) OPENSSL_free(row[i]);
 
 	if (CAname != NULL)
 		X509_NAME_free(CAname);
 	if (subject != NULL)
 		X509_NAME_free(subject);
+	if ((dn_subject != NULL) && !email_dn)
+		X509_NAME_free(dn_subject);
+	if (tmptm != NULL)
+		ASN1_UTCTIME_free(tmptm);
 	if (ok <= 0)
 		{
 		if (ret != NULL) X509_free(ret);
@@ -1764,20 +2401,16 @@ err:
 	return(ok);
 	}
 
-static void write_new_certificate(bp,x, output_der)
-BIO *bp;
-X509 *x;
-int output_der;
+static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
 	{
-	char *f;
-	char buf[256];
 
 	if (output_der)
 		{
 		(void)i2d_X509_bio(bp,x);
 		return;
 		}
-
+#if 0
+	/* ??? Not needed since X509_print prints all this stuff anyway */
 	f=X509_NAME_oneline(X509_get_issuer_name(x),buf,256);
 	BIO_printf(bp,"issuer :%s\n",f);
 
@@ -1787,33 +2420,22 @@ int output_der;
 	BIO_puts(bp,"serial :");
 	i2a_ASN1_INTEGER(bp,x->cert_info->serialNumber);
 	BIO_puts(bp,"\n\n");
-	X509_print(bp,x);
-	BIO_puts(bp,"\n");
+#endif
+	if (!notext)X509_print(bp,x);
 	PEM_write_bio_X509(bp,x);
-	BIO_puts(bp,"\n");
 	}
 
-static int certify_spkac(xret,infile,pkey,x509,dgst,policy,db,serial,
-	startdate,days,extensions,verbose)
-X509 **xret;
-char *infile;
-EVP_PKEY *pkey;
-X509 *x509;
-EVP_MD *dgst;
-STACK *policy;
-TXT_DB *db;
-BIGNUM *serial;
-char *startdate;
-int days;
-STACK *extensions;
-int verbose;
+static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, X509 *x509,
+	     const EVP_MD *dgst, STACK_OF(CONF_VALUE) *policy, TXT_DB *db,
+	     BIGNUM *serial, char *subj, int email_dn, char *startdate, char *enddate,
+	     long days, char *ext_sect, CONF *lconf, int verbose, unsigned long certopt,
+	     unsigned long nameopt, int default_op, int ext_copy)
 	{
-	STACK *sk=NULL;
+	STACK_OF(CONF_VALUE) *sk=NULL;
 	LHASH *parms=NULL;
 	X509_REQ *req=NULL;
 	CONF_VALUE *cv=NULL;
 	NETSCAPE_SPKI *spki = NULL;
-	unsigned char *spki_der = NULL,*p;
 	X509_REQ_INFO *ri;
 	char *type,*buf;
 	EVP_PKEY *pktmp=NULL;
@@ -1837,7 +2459,7 @@ int verbose;
 		}
 
 	sk=CONF_get_section(parms, "default");
-	if (sk_num(sk) == 0)
+	if (sk_CONF_VALUE_num(sk) == 0)
 		{
 		BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
 		CONF_free(parms);
@@ -1866,35 +2488,27 @@ int verbose;
 
 	for (i = 0; ; i++)
 		{
-		if ((int)sk_num(sk) <= i) break;
+		if (sk_CONF_VALUE_num(sk) <= i) break;
 
-		cv=(CONF_VALUE *)sk_value(sk,i);
+		cv=sk_CONF_VALUE_value(sk,i);
 		type=cv->name;
-		buf=cv->value;
+		/* Skip past any leading X. X: X, etc to allow for
+		 * multiple instances
+		 */
+		for (buf = cv->name; *buf ; buf++)
+			if ((*buf == ':') || (*buf == ',') || (*buf == '.'))
+				{
+				buf++;
+				if (*buf) type = buf;
+				break;
+				}
 
+		buf=cv->value;
 		if ((nid=OBJ_txt2nid(type)) == NID_undef)
 			{
 			if (strcmp(type, "SPKAC") == 0)
 				{
-				spki_der=(unsigned char *)Malloc(
-					strlen(cv->value)+1);
-				if (spki_der == NULL)
-					{
-					BIO_printf(bio_err,"Malloc failure\n");
-					goto err;
-					}
-				j = EVP_DecodeBlock(spki_der, (unsigned char *)cv->value,
-					strlen(cv->value));
-				if (j <= 0)
-					{
-					BIO_printf(bio_err, "Can't b64 decode SPKAC structure\n");
-					goto err;
-					}
-
-				p=spki_der;
-				spki = d2i_NETSCAPE_SPKI(&spki, &p, j);
-				Free(spki_der);
-				spki_der = NULL;
+				spki = NETSCAPE_SPKI_b64_decode(cv->value, -1);
 				if (spki == NULL)
 					{
 					BIO_printf(bio_err,"unable to load Netscape SPKAC structure\n");
@@ -1905,6 +2519,11 @@ int verbose;
 			continue;
 			}
 
+		/*
+		if ((nid == NID_pkcs9_emailAddress) && (email_dn == 0))
+			continue;
+		*/
+		
 		j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
 		if (fix_data(nid, &j) == 0)
 			{
@@ -1918,8 +2537,7 @@ int verbose;
 			strlen(buf))) == NULL)
 			goto err;
 
-		if (!X509_NAME_add_entry(n,ne,X509_NAME_entry_count(n),0))
-			goto err;
+		if (!X509_NAME_add_entry(n,ne,-1, 0)) goto err;
 		}
 	if (spki == NULL)
 		{
@@ -1934,7 +2552,7 @@ int verbose;
 
 	BIO_printf(bio_err,"Check that the SPKAC request matches the signature\n");
 
-	if ((pktmp=X509_PUBKEY_get(spki->spkac->pubkey)) == NULL)
+	if ((pktmp=NETSCAPE_SPKI_get_pubkey(spki)) == NULL)
 		{
 		BIO_printf(bio_err,"error unpacking SPKAC public key\n");
 		goto err;
@@ -1949,21 +2567,20 @@ int verbose;
 	BIO_printf(bio_err,"Signature ok\n");
 
 	X509_REQ_set_pubkey(req,pktmp);
-	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,startdate,
-		days,1,verbose,req,extensions);
+	EVP_PKEY_free(pktmp);
+	ok=do_body(xret,pkey,x509,dgst,policy,db,serial,subj,email_dn,startdate,enddate,
+		   days,1,verbose,req,ext_sect,lconf, certopt, nameopt, default_op,
+			ext_copy);
 err:
 	if (req != NULL) X509_REQ_free(req);
 	if (parms != NULL) CONF_free(parms);
-	if (spki_der != NULL) Free(spki_der);
 	if (spki != NULL) NETSCAPE_SPKI_free(spki);
 	if (ne != NULL) X509_NAME_ENTRY_free(ne);
 
 	return(ok);
 	}
 
-static int fix_data(nid,type)
-int nid;
-int *type;
+static int fix_data(int nid, int *type)
 	{
 	if (nid == NID_pkcs9_emailAddress)
 		*type=V_ASN1_IA5STRING;
@@ -1978,110 +2595,746 @@ int *type;
 	return(1);
 	}
 
+static int check_time_format(char *str)
+	{
+	ASN1_UTCTIME tm;
 
-static STACK *load_extensions(sec)
-char *sec;
+	tm.data=(unsigned char *)str;
+	tm.length=strlen(str);
+	tm.type=V_ASN1_UTCTIME;
+	return(ASN1_UTCTIME_check(&tm));
+	}
+
+static int do_revoke(X509 *x509, TXT_DB *db, int type, char *value)
 	{
-	STACK *ext;
-	STACK *ret=NULL;
-	CONF_VALUE *cv;
-	ASN1_OCTET_STRING *str=NULL;
-	ASN1_STRING *tmp=NULL;
-	X509_EXTENSION *x;
-	BIO *mem=NULL;
-	BUF_MEM *buf=NULL;
-	int i,nid,len;
-	unsigned char *ptr;
-	int pack_type;
-	int data_type;
+	ASN1_UTCTIME *tm=NULL;
+	char *row[DB_NUMBER],**rrow,**irow;
+	char *rev_str = NULL;
+	BIGNUM *bn = NULL;
+	int ok=-1,i;
 
-	if ((ext=CONF_get_section(conf,sec)) == NULL)
+	for (i=0; i<DB_NUMBER; i++)
+		row[i]=NULL;
+	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
+	bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
+	if (BN_is_zero(bn))
+		row[DB_serial]=BUF_strdup("00");
+	else
+		row[DB_serial]=BN_bn2hex(bn);
+	BN_free(bn);
+	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
 		{
-		BIO_printf(bio_err,"unable to find extension section called '%s'\n",sec);
-		return(NULL);
+		BIO_printf(bio_err,"Memory allocation failure\n");
+		goto err;
 		}
+	/* We have to lookup by serial number because name lookup
+	 * skips revoked certs
+ 	 */
+	rrow=TXT_DB_get_by_index(db,DB_serial,row);
+	if (rrow == NULL)
+		{
+		BIO_printf(bio_err,"Adding Entry to DB for %s\n", row[DB_name]);
 
-	if ((ret=sk_new_null()) == NULL) return(NULL);
+		/* We now just add it to the database */
+		row[DB_type]=(char *)OPENSSL_malloc(2);
 
-	for (i=0; i<sk_num(ext); i++)
-		{
-		cv=(CONF_VALUE *)sk_value(ext,i); /* get the object id */
-		if ((nid=OBJ_txt2nid(cv->name)) == NID_undef)
+		tm=X509_get_notAfter(x509);
+		row[DB_exp_date]=(char *)OPENSSL_malloc(tm->length+1);
+		memcpy(row[DB_exp_date],tm->data,tm->length);
+		row[DB_exp_date][tm->length]='\0';
+
+		row[DB_rev_date]=NULL;
+
+		/* row[DB_serial] done already */
+		row[DB_file]=(char *)OPENSSL_malloc(8);
+
+		/* row[DB_name] done already */
+
+		if ((row[DB_type] == NULL) || (row[DB_exp_date] == NULL) ||
+			(row[DB_file] == NULL))
 			{
-			BIO_printf(bio_err,"%s:unknown object type in section, '%s'\n",sec,cv->name);
+			BIO_printf(bio_err,"Memory allocation failure\n");
 			goto err;
 			}
+		strcpy(row[DB_file],"unknown");
+		row[DB_type][0]='V';
+		row[DB_type][1]='\0';
 
-		pack_type=X509v3_pack_type_by_NID(nid);
-		data_type=X509v3_data_type_by_NID(nid);
+		if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
+			{
+			BIO_printf(bio_err,"Memory allocation failure\n");
+			goto err;
+			}
+
+		for (i=0; i<DB_NUMBER; i++)
+			{
+			irow[i]=row[i];
+			row[i]=NULL;
+			}
+		irow[DB_NUMBER]=NULL;
 
-		/* pack up the input bytes */
-		ptr=(unsigned char *)cv->value;
-		len=strlen((char *)ptr);
-		if ((len > 2) && (cv->value[0] == '0') &&
-			(cv->value[1] == 'x'))
+		if (!TXT_DB_insert(db,irow))
 			{
-			if (data_type == V_ASN1_UNDEF)
+			BIO_printf(bio_err,"failed to update database\n");
+			BIO_printf(bio_err,"TXT_DB error number %ld\n",db->error);
+			goto err;
+			}
+
+		/* Revoke Certificate */
+		ok = do_revoke(x509,db, type, value);
+
+		goto err;
+
+		}
+	else if (index_name_cmp((const char **)row,(const char **)rrow))
+		{
+		BIO_printf(bio_err,"ERROR:name does not match %s\n",
+			   row[DB_name]);
+		goto err;
+		}
+	else if (rrow[DB_type][0]=='R')
+		{
+		BIO_printf(bio_err,"ERROR:Already revoked, serial number %s\n",
+			   row[DB_serial]);
+		goto err;
+		}
+	else
+		{
+		BIO_printf(bio_err,"Revoking Certificate %s.\n", rrow[DB_serial]);
+		rev_str = make_revocation_str(type, value);
+		if (!rev_str)
+			{
+			BIO_printf(bio_err, "Error in revocation arguments\n");
+			goto err;
+			}
+		rrow[DB_type][0]='R';
+		rrow[DB_type][1]='\0';
+		rrow[DB_rev_date] = rev_str;
+		}
+	ok=1;
+err:
+	for (i=0; i<DB_NUMBER; i++)
+		{
+		if (row[i] != NULL) 
+			OPENSSL_free(row[i]);
+		}
+	return(ok);
+	}
+
+static int get_certificate_status(const char *serial, TXT_DB *db)
+	{
+	char *row[DB_NUMBER],**rrow;
+	int ok=-1,i;
+
+	/* Free Resources */
+	for (i=0; i<DB_NUMBER; i++)
+		row[i]=NULL;
+
+	/* Malloc needed char spaces */
+	row[DB_serial] = OPENSSL_malloc(strlen(serial) + 2);
+	if (row[DB_serial] == NULL)
+		{
+		BIO_printf(bio_err,"Malloc failure\n");
+		goto err;
+		}
+
+	if (strlen(serial) % 2)
+		{
+		/* Set the first char to 0 */;
+		row[DB_serial][0]='0';
+
+		/* Copy String from serial to row[DB_serial] */
+		memcpy(row[DB_serial]+1, serial, strlen(serial));
+		row[DB_serial][strlen(serial)+1]='\0';
+		}
+	else
+		{
+		/* Copy String from serial to row[DB_serial] */
+		memcpy(row[DB_serial], serial, strlen(serial));
+		row[DB_serial][strlen(serial)]='\0';
+		}
+			
+	/* Make it Upper Case */
+	for (i=0; row[DB_serial][i] != '\0'; i++)
+		row[DB_serial][i] = toupper(row[DB_serial][i]);
+	
+
+	ok=1;
+
+	/* Search for the certificate */
+	rrow=TXT_DB_get_by_index(db,DB_serial,row);
+	if (rrow == NULL)
+		{
+		BIO_printf(bio_err,"Serial %s not present in db.\n",
+				 row[DB_serial]);
+		ok=-1;
+		goto err;
+		}
+	else if (rrow[DB_type][0]=='V')
+		{
+		BIO_printf(bio_err,"%s=Valid (%c)\n",
+			row[DB_serial], rrow[DB_type][0]);
+		goto err;
+		}
+	else if (rrow[DB_type][0]=='R')
+		{
+		BIO_printf(bio_err,"%s=Revoked (%c)\n",
+			row[DB_serial], rrow[DB_type][0]);
+		goto err;
+		}
+	else if (rrow[DB_type][0]=='E')
+		{
+		BIO_printf(bio_err,"%s=Expired (%c)\n",
+			row[DB_serial], rrow[DB_type][0]);
+		goto err;
+		}
+	else if (rrow[DB_type][0]=='S')
+		{
+		BIO_printf(bio_err,"%s=Suspended (%c)\n",
+			row[DB_serial], rrow[DB_type][0]);
+		goto err;
+		}
+	else
+		{
+		BIO_printf(bio_err,"%s=Unknown (%c).\n",
+			row[DB_serial], rrow[DB_type][0]);
+		ok=-1;
+		}
+err:
+	for (i=0; i<DB_NUMBER; i++)
+		{
+		if (row[i] != NULL)
+			OPENSSL_free(row[i]);
+		}
+	return(ok);
+	}
+
+static int do_updatedb (TXT_DB *db)
+	{
+	ASN1_UTCTIME	*a_tm = NULL;
+	int i, cnt = 0;
+	int db_y2k, a_y2k;  /* flags = 1 if y >= 2000 */ 
+	char **rrow, *a_tm_s;
+
+	a_tm = ASN1_UTCTIME_new();
+
+	/* get actual time and make a string */
+	a_tm = X509_gmtime_adj(a_tm, 0);
+	a_tm_s = (char *) OPENSSL_malloc(a_tm->length+1);
+	if (a_tm_s == NULL)
+		{
+		cnt = -1;
+		goto err;
+		}
+
+	memcpy(a_tm_s, a_tm->data, a_tm->length);
+	a_tm_s[a_tm->length] = '\0';
+
+	if (strncmp(a_tm_s, "49", 2) <= 0)
+		a_y2k = 1;
+	else
+		a_y2k = 0;
+
+	for (i = 0; i < sk_num(db->data); i++)
+		{
+		rrow = (char **) sk_value(db->data, i);
+
+		if (rrow[DB_type][0] == 'V')
+		 	{
+			/* ignore entries that are not valid */
+			if (strncmp(rrow[DB_exp_date], "49", 2) <= 0)
+				db_y2k = 1;
+			else
+				db_y2k = 0;
+
+			if (db_y2k == a_y2k)
 				{
-				BIO_printf(bio_err,"data type for extension %s is unknown\n",cv->name);
-				goto err;
+				/* all on the same y2k side */
+				if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0)
+				       	{
+				       	rrow[DB_type][0]  = 'E';
+				       	rrow[DB_type][1]  = '\0';
+	  				cnt++;
+
+					BIO_printf(bio_err, "%s=Expired\n",
+							rrow[DB_serial]);
+					}
+				}
+			else if (db_y2k < a_y2k)
+				{
+		  		rrow[DB_type][0]  = 'E';
+		  		rrow[DB_type][1]  = '\0';
+	  			cnt++;
+
+				BIO_printf(bio_err, "%s=Expired\n",
+							rrow[DB_serial]);
 				}
-			if (mem == NULL)
-				if ((mem=BIO_new(BIO_s_mem())) == NULL)
-					goto err;
-			if (((buf=BUF_MEM_new()) == NULL) ||
-				!BUF_MEM_grow(buf,128))
-				goto err;
-			if ((tmp=ASN1_STRING_new()) == NULL) goto err;
 
-			BIO_reset(mem);
-			BIO_write(mem,(char *)&(ptr[2]),len-2);
-			if (!a2i_ASN1_STRING(mem,tmp,buf->data,buf->max))
-				goto err;
-			len=tmp->length;
-			ptr=tmp->data;
 			}
+    		}
+
+err:
+
+	ASN1_UTCTIME_free(a_tm);
+	OPENSSL_free(a_tm_s);
+
+	return (cnt);
+	}
+
+static char *crl_reasons[] = {
+	/* CRL reason strings */
+	"unspecified",
+	"keyCompromise",
+	"CACompromise",
+	"affiliationChanged",
+	"superseded", 
+	"cessationOfOperation",
+	"certificateHold",
+	"removeFromCRL",
+	/* Additional pseudo reasons */
+	"holdInstruction",
+	"keyTime",
+	"CAkeyTime"
+};
+
+#define NUM_REASONS (sizeof(crl_reasons) / sizeof(char *))
 
-		switch (pack_type)
+/* Given revocation information convert to a DB string.
+ * The format of the string is:
+ * revtime[,reason,extra]. Where 'revtime' is the
+ * revocation time (the current time). 'reason' is the
+ * optional CRL reason and 'extra' is any additional
+ * argument
+ */
+
+char *make_revocation_str(int rev_type, char *rev_arg)
+	{
+	char *reason = NULL, *other = NULL, *str;
+	ASN1_OBJECT *otmp;
+	ASN1_UTCTIME *revtm = NULL;
+	int i;
+	switch (rev_type)
+		{
+	case REV_NONE:
+		break;
+
+	case REV_CRL_REASON:
+		for (i = 0; i < 8; i++)
 			{
-		case X509_EXT_PACK_STRING:
-			if ((str=X509v3_pack_string(&str,
-				data_type,ptr,len)) == NULL)
-				goto err;
-			break;
-		case X509_EXT_PACK_UNKNOWN:
-		default:
-			BIO_printf(bio_err,"Don't know how to pack extension %s\n",cv->name);
-			goto err;
-			/* break; */
+			if (!strcasecmp(rev_arg, crl_reasons[i]))
+				{
+				reason = crl_reasons[i];
+				break;
+				}
 			}
+		if (reason == NULL)
+			{
+			BIO_printf(bio_err, "Unknown CRL reason %s\n", rev_arg);
+			return NULL;
+			}
+		break;
+
+	case REV_HOLD:
+		/* Argument is an OID */
+
+		otmp = OBJ_txt2obj(rev_arg, 0);
+		ASN1_OBJECT_free(otmp);
+
+		if (otmp == NULL)
+			{
+			BIO_printf(bio_err, "Invalid object identifier %s\n", rev_arg);
+			return NULL;
+			}
+
+		reason = "holdInstruction";
+		other = rev_arg;
+		break;
+		
+	case REV_KEY_COMPROMISE:
+	case REV_CA_COMPROMISE:
+
+		/* Argument is the key compromise time  */
+		if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg))
+			{	
+			BIO_printf(bio_err, "Invalid time format %s. Need YYYYMMDDHHMMSSZ\n", rev_arg);
+			return NULL;
+			}
+		other = rev_arg;
+		if (rev_type == REV_KEY_COMPROMISE)
+			reason = "keyTime";
+		else 
+			reason = "CAkeyTime";
+
+		break;
+
+		}
+
+	revtm = X509_gmtime_adj(NULL, 0);
+
+	i = revtm->length + 1;
+
+	if (reason) i += strlen(reason) + 1;
+	if (other) i += strlen(other) + 1;
+
+	str = OPENSSL_malloc(i);
+
+	if (!str) return NULL;
+
+	strcpy(str, (char *)revtm->data);
+	if (reason)
+		{
+		strcat(str, ",");
+		strcat(str, reason);
+		}
+	if (other)
+		{
+		strcat(str, ",");
+		strcat(str, other);
+		}
+	ASN1_UTCTIME_free(revtm);
+	return str;
+	}
+
+/* Convert revocation field to X509_REVOKED entry 
+ * return code:
+ * 0 error
+ * 1 OK
+ * 2 OK and some extensions added (i.e. V2 CRL)
+ */
+
+
+int make_revoked(X509_REVOKED *rev, char *str)
+	{
+	char *tmp = NULL;
+	int reason_code = -1;
+	int i, ret = 0;
+	ASN1_OBJECT *hold = NULL;
+	ASN1_GENERALIZEDTIME *comp_time = NULL;
+	ASN1_ENUMERATED *rtmp = NULL;
+
+	ASN1_TIME *revDate = NULL;
+
+	i = unpack_revinfo(&revDate, &reason_code, &hold, &comp_time, str);
+
+	if (i == 0)
+		goto err;
+
+	if (rev && !X509_REVOKED_set_revocationDate(rev, revDate))
+		goto err;
 
-		if ((x=X509_EXTENSION_create_by_NID(NULL,nid,0,str)) == NULL)
+	if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS))
+		{
+		rtmp = ASN1_ENUMERATED_new();
+		if (!rtmp || !ASN1_ENUMERATED_set(rtmp, reason_code))
+			goto err;
+		if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0))
 			goto err;
-		sk_push(ret,(char *)x);
 		}
 
-	if (0)
+	if (rev && comp_time)
 		{
-err:
-		if (ret != NULL) sk_pop_free(ret,X509_EXTENSION_free);
-		ret=NULL;
+		if (!X509_REVOKED_add1_ext_i2d(rev, NID_invalidity_date, comp_time, 0, 0))
+			goto err;
 		}
-	if (str != NULL) ASN1_OCTET_STRING_free(str);
-	if (tmp != NULL) ASN1_STRING_free(tmp);
-	if (buf != NULL) BUF_MEM_free(buf);
-	if (mem != NULL) BIO_free(mem);
-	return(ret);
+	if (rev && hold)
+		{
+		if (!X509_REVOKED_add1_ext_i2d(rev, NID_hold_instruction_code, hold, 0, 0))
+			goto err;
+		}
+
+	if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)
+		ret = 2;
+	else ret = 1;
+
+	err:
+
+	if (tmp) OPENSSL_free(tmp);
+	ASN1_OBJECT_free(hold);
+	ASN1_GENERALIZEDTIME_free(comp_time);
+	ASN1_ENUMERATED_free(rtmp);
+	ASN1_TIME_free(revDate);
+
+	return ret;
 	}
 
-static int check_time_format(str)
-char *str;
+/*
+ * subject is expected to be in the format /type0=value0/type1=value1/type2=...
+ * where characters may be escaped by \
+ */
+X509_NAME *do_subject(char *subject, long chtype)
 	{
-	ASN1_UTCTIME tm;
+	size_t buflen = strlen(subject)+1; /* to copy the types and values into. due to escaping, the copy can only become shorter */
+	char *buf = OPENSSL_malloc(buflen);
+	size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
+	char **ne_types = OPENSSL_malloc(max_ne * sizeof (char *));
+	char **ne_values = OPENSSL_malloc(max_ne * sizeof (char *));
 
-	tm.data=(unsigned char *)str;
-	tm.length=strlen(str);
-	tm.type=V_ASN1_UTCTIME;
-	return(ASN1_UTCTIME_check(&tm));
+	char *sp = subject, *bp = buf;
+	int i, ne_num = 0;
+
+	X509_NAME *n = NULL;
+	int nid;
+
+	if (!buf || !ne_types || !ne_values)
+		{
+		BIO_printf(bio_err, "malloc error\n");
+		goto error;
+		}	
+
+	if (*subject != '/')
+		{
+		BIO_printf(bio_err, "Subject does not start with '/'.\n");
+		goto error;
+		}
+	sp++; /* skip leading / */
+
+	while (*sp)
+		{
+		/* collect type */
+		ne_types[ne_num] = bp;
+		while (*sp)
+			{
+			if (*sp == '\\') /* is there anything to escape in the type...? */
+				{
+				if (*++sp)
+					*bp++ = *sp++;
+				else	
+					{
+					BIO_printf(bio_err, "escape character at end of string\n");
+					goto error;
+					}
+				}	
+			else if (*sp == '=')
+				{
+				sp++;
+				*bp++ = '\0';
+				break;
+				}
+			else
+				*bp++ = *sp++;
+			}
+		if (!*sp)
+			{
+			BIO_printf(bio_err, "end of string encountered while processing type of subject name element #%d\n", ne_num);
+			goto error;
+			}
+		ne_values[ne_num] = bp;
+		while (*sp)
+			{
+			if (*sp == '\\')
+				{
+				if (*++sp)
+					*bp++ = *sp++;
+				else
+					{
+					BIO_printf(bio_err, "escape character at end of string\n");
+					goto error;
+					}
+				}
+			else if (*sp == '/')
+				{
+				sp++;
+				break;
+				}
+			else
+				*bp++ = *sp++;
+			}
+		*bp++ = '\0';
+		ne_num++;
+		}	
+
+	if (!(n = X509_NAME_new()))
+		goto error;
+
+	for (i = 0; i < ne_num; i++)
+		{
+		if ((nid=OBJ_txt2nid(ne_types[i])) == NID_undef)
+			{
+			BIO_printf(bio_err, "Subject Attribute %s has no known NID, skipped\n", ne_types[i]);
+			continue;
+			}
+
+		if (!*ne_values[i])
+			{
+			BIO_printf(bio_err, "No value provided for Subject Attribute %s, skipped\n", ne_types[i]);
+			continue;
+			}
+
+		if (!X509_NAME_add_entry_by_NID(n, nid, chtype, (unsigned char*)ne_values[i], -1,-1,0))
+			goto error;
+		}
+
+	OPENSSL_free(ne_values);
+	OPENSSL_free(ne_types);
+	OPENSSL_free(buf);
+	return n;
+
+error:
+	X509_NAME_free(n);
+	if (ne_values)
+		OPENSSL_free(ne_values);
+	if (ne_types)
+		OPENSSL_free(ne_types);
+	if (buf)
+		OPENSSL_free(buf);
+	return NULL;
+}
+
+int old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
+	{
+	char buf[25],*pbuf, *p;
+	int j;
+	j=i2a_ASN1_OBJECT(bp,obj);
+	pbuf=buf;
+	for (j=22-j; j>0; j--)
+		*(pbuf++)=' ';
+	*(pbuf++)=':';
+	*(pbuf++)='\0';
+	BIO_puts(bp,buf);
+
+	if (str->type == V_ASN1_PRINTABLESTRING)
+		BIO_printf(bp,"PRINTABLE:'");
+	else if (str->type == V_ASN1_T61STRING)
+		BIO_printf(bp,"T61STRING:'");
+	else if (str->type == V_ASN1_IA5STRING)
+		BIO_printf(bp,"IA5STRING:'");
+	else if (str->type == V_ASN1_UNIVERSALSTRING)
+		BIO_printf(bp,"UNIVERSALSTRING:'");
+	else
+		BIO_printf(bp,"ASN.1 %2d:'",str->type);
+			
+	p=(char *)str->data;
+	for (j=str->length; j>0; j--)
+		{
+		if ((*p >= ' ') && (*p <= '~'))
+			BIO_printf(bp,"%c",*p);
+		else if (*p & 0x80)
+			BIO_printf(bp,"\\0x%02X",*p);
+		else if ((unsigned char)*p == 0xf7)
+			BIO_printf(bp,"^?");
+		else	BIO_printf(bp,"^%c",*p+'@');
+		p++;
+		}
+	BIO_printf(bp,"'\n");
+	return 1;
 	}
 
+int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME **pinvtm, char *str)
+	{
+	char *tmp = NULL;
+	char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;
+	int reason_code = -1;
+	int i, ret = 0;
+	ASN1_OBJECT *hold = NULL;
+	ASN1_GENERALIZEDTIME *comp_time = NULL;
+	tmp = BUF_strdup(str);
+
+	p = strchr(tmp, ',');
+
+	rtime_str = tmp;
+
+	if (p)
+		{
+		*p = '\0';
+		p++;
+		reason_str = p;
+		p = strchr(p, ',');
+		if (p)
+			{
+			*p = '\0';
+			arg_str = p + 1;
+			}
+		}
+
+	if (prevtm)
+		{
+		*prevtm = ASN1_UTCTIME_new();
+		if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str))
+			{
+			BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str);
+			goto err;
+			}
+		}
+	if (reason_str)
+		{
+		for (i = 0; i < NUM_REASONS; i++)
+			{
+			if(!strcasecmp(reason_str, crl_reasons[i]))
+				{
+				reason_code = i;
+				break;
+				}
+			}
+		if (reason_code == OCSP_REVOKED_STATUS_NOSTATUS)
+			{
+			BIO_printf(bio_err, "invalid reason code %s\n", reason_str);
+			goto err;
+			}
+
+		if (reason_code == 7)
+			reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL;
+		else if (reason_code == 8)		/* Hold instruction */
+			{
+			if (!arg_str)
+				{	
+				BIO_printf(bio_err, "missing hold instruction\n");
+				goto err;
+				}
+			reason_code = OCSP_REVOKED_STATUS_CERTIFICATEHOLD;
+			hold = OBJ_txt2obj(arg_str, 0);
+
+			if (!hold)
+				{
+				BIO_printf(bio_err, "invalid object identifier %s\n", arg_str);
+				goto err;
+				}
+			if (phold) *phold = hold;
+			}
+		else if ((reason_code == 9) || (reason_code == 10))
+			{
+			if (!arg_str)
+				{	
+				BIO_printf(bio_err, "missing compromised time\n");
+				goto err;
+				}
+			comp_time = ASN1_GENERALIZEDTIME_new();
+			if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str))
+				{	
+				BIO_printf(bio_err, "invalid compromised time %s\n", arg_str);
+				goto err;
+				}
+			if (reason_code == 9)
+				reason_code = OCSP_REVOKED_STATUS_KEYCOMPROMISE;
+			else
+				reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE;
+			}
+		}
+
+	if (preason) *preason = reason_code;
+	if (pinvtm) *pinvtm = comp_time;
+	else ASN1_GENERALIZEDTIME_free(comp_time);
+
+	ret = 1;
+
+	err:
+
+	if (tmp) OPENSSL_free(tmp);
+	if (!phold) ASN1_OBJECT_free(hold);
+	if (!pinvtm) ASN1_GENERALIZEDTIME_free(comp_time);
+
+	return ret;
+	}
+
+int make_serial_index(TXT_DB *db)
+	{
+	if (!TXT_DB_create_index(db, DB_serial, NULL,
+				LHASH_HASH_FN(index_serial_hash),
+				LHASH_COMP_FN(index_serial_cmp)))
+		{
+		BIO_printf(bio_err,
+		  "error creating serial number index:(%ld,%ld,%ld)\n",
+		  			db->error,db->arg1,db->arg2);
+			return 0;
+		}
+	return 1;
+	}
diff --git a/apps/cert.der b/apps/cert.der
deleted file mode 100644
index 58d9fd89ba..0000000000
--- a/apps/cert.der
+++ /dev/null
diff --git a/apps/ciphers.c b/apps/ciphers.c
index 867196e393..7c62fc5dc3 100644
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@@ -59,12 +59,12 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef NO_STDIO
+#ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
-#include "err.h"
-#include "ssl.h"
+#include <openssl/err.h>
+#include <openssl/ssl.h>
 
 #undef PROG
 #define PROG	ciphers_main
@@ -74,30 +74,32 @@ static char *ciphers_usage[]={
 " -v          - verbose mode, a textual listing of the ciphers in SSLeay\n",
 " -ssl2       - SSL2 mode\n",
 " -ssl3       - SSL3 mode\n",
+" -tls1       - TLS1 mode\n",
 NULL
 };
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
 	{
 	int ret=1,i;
 	int verbose=0;
-	char **pp,*p;
+	char **pp;
+	const char *p;
 	int badops=0;
 	SSL_CTX *ctx=NULL;
 	SSL *ssl=NULL;
 	char *ciphers=NULL;
 	SSL_METHOD *meth=NULL;
-	STACK *sk;
+	STACK_OF(SSL_CIPHER) *sk;
 	char buf[512];
 	BIO *STDout=NULL;
 
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 	meth=SSLv23_server_method();
-#elif !defined(NO_SSL3)
+#elif !defined(OPENSSL_NO_SSL3)
 	meth=SSLv3_server_method();
-#elif !defined(NO_SSL2)
+#elif !defined(OPENSSL_NO_SSL2)
 	meth=SSLv2_server_method();
 #endif
 
@@ -106,6 +108,12 @@ char **argv;
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+	{
+	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+	STDout = BIO_push(tmpbio, STDout);
+	}
+#endif
 
 	argc--;
 	argv++;
@@ -113,14 +121,18 @@ char **argv;
 		{
 		if (strcmp(*argv,"-v") == 0)
 			verbose=1;
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 		else if (strcmp(*argv,"-ssl2") == 0)
 			meth=SSLv2_client_method();
 #endif
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
 		else if (strcmp(*argv,"-ssl3") == 0)
 			meth=SSLv3_client_method();
 #endif
+#ifndef OPENSSL_NO_TLS1
+		else if (strcmp(*argv,"-tls1") == 0)
+			meth=TLSv1_client_method();
+#endif
 		else if ((strncmp(*argv,"-h",2) == 0) ||
 			 (strcmp(*argv,"-?") == 0))
 			{
@@ -138,16 +150,20 @@ char **argv;
 	if (badops)
 		{
 		for (pp=ciphers_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,*pp);
+			BIO_printf(bio_err,"%s",*pp);
 		goto end;
 		}
 
-	SSLeay_add_ssl_algorithms();
+	OpenSSL_add_ssl_algorithms();
 
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL) goto err;
-	if (ciphers != NULL)
-		SSL_CTX_set_cipher_list(ctx,ciphers);
+	if (ciphers != NULL) {
+		if(!SSL_CTX_set_cipher_list(ctx,ciphers)) {
+			BIO_printf(bio_err, "Error in cipher list\n");
+			goto err;
+		}
+	}
 	ssl=SSL_new(ctx);
 	if (ssl == NULL) goto err;
 
@@ -167,11 +183,11 @@ char **argv;
 		{
 		sk=SSL_get_ciphers(ssl);
 
-		for (i=0; i<sk_num(sk); i++)
+		for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
 			{
 			BIO_puts(STDout,SSL_CIPHER_description(
-				(SSL_CIPHER *)sk_value(sk,i),
-				buf,512));
+				sk_SSL_CIPHER_value(sk,i),
+				buf,sizeof buf));
 			}
 		}
 
@@ -185,7 +201,8 @@ err:
 end:
 	if (ctx != NULL) SSL_CTX_free(ctx);
 	if (ssl != NULL) SSL_free(ssl);
-	if (STDout != NULL) BIO_free(STDout);
-	EXIT(ret);
+	if (STDout != NULL) BIO_free_all(STDout);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
diff --git a/apps/crl.c b/apps/crl.c
index acb5cb9b24..c6089ace52 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -60,10 +60,11 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	crl_main
@@ -74,7 +75,7 @@
 static char *crl_usage[]={
 "usage: crl args\n",
 "\n",
-" -inform arg     - input format - default PEM (one of DER, TXT or PEM)\n",
+" -inform arg     - input format - default PEM (DER or PEM)\n",
 " -outform arg    - output format - default PEM\n",
 " -text           - print out a text format version\n",
 " -in arg         - input file - default stdin\n",
@@ -84,28 +85,36 @@ static char *crl_usage[]={
 " -lastupdate     - lastUpdate field\n",
 " -nextupdate     - nextUpdate field\n",
 " -noout          - no CRL output\n",
+" -CAfile  name   - verify CRL using certificates in file \"name\"\n",
+" -CApath  dir    - verify CRL using certificates in \"dir\"\n",
+" -nameopt arg    - various certificate name options\n",
 NULL
 };
 
-#ifndef NOPROTO
 static X509_CRL *load_crl(char *file, int format);
-#else
-static X509_CRL *load_crl();
-#endif
-
 static BIO *bio_out=NULL;
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
 	{
+	unsigned long nmflag = 0;
 	X509_CRL *x=NULL;
+	char *CAfile = NULL, *CApath = NULL;
 	int ret=1,i,num,badops=0;
 	BIO *out=NULL;
 	int informat,outformat;
 	char *infile=NULL,*outfile=NULL;
-	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0;
-	char **pp,buf[256];
+	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
+	int fingerprint = 0;
+	char **pp;
+	X509_STORE *store = NULL;
+	X509_STORE_CTX ctx;
+	X509_LOOKUP *lookup = NULL;
+	X509_OBJECT xobj;
+	EVP_PKEY *pkey;
+	int do_ver = 0;
+	const EVP_MD *md_alg,*digest=EVP_md5();
 
 	apps_startup();
 
@@ -113,9 +122,20 @@ char **argv;
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	if (bio_out == NULL)
 		if ((bio_out=BIO_new(BIO_s_file())) != NULL)
+			{
 			BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+			{
+			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+			bio_out = BIO_push(tmpbio, bio_out);
+			}
+#endif
+			}
 
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
@@ -142,10 +162,6 @@ char **argv;
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
-		else if (strcmp(*argv,"-text") == 0)
-			{
-			outformat=FORMAT_TEXT;
-			}
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -156,8 +172,29 @@ char **argv;
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-CApath") == 0)
+			{
+			if (--argc < 1) goto bad;
+			CApath = *(++argv);
+			do_ver = 1;
+			}
+		else if (strcmp(*argv,"-CAfile") == 0)
+			{
+			if (--argc < 1) goto bad;
+			CAfile = *(++argv);
+			do_ver = 1;
+			}
+		else if (strcmp(*argv,"-verify") == 0)
+			do_ver = 1;
+		else if (strcmp(*argv,"-text") == 0)
+			text = 1;
 		else if (strcmp(*argv,"-hash") == 0)
 			hash= ++num;
+		else if (strcmp(*argv,"-nameopt") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!set_name_ex(&nmflag, *(++argv))) goto bad;
+			}
 		else if (strcmp(*argv,"-issuer") == 0)
 			issuer= ++num;
 		else if (strcmp(*argv,"-lastupdate") == 0)
@@ -166,6 +203,13 @@ char **argv;
 			nextupdate= ++num;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout= ++num;
+		else if (strcmp(*argv,"-fingerprint") == 0)
+			fingerprint= ++num;
+		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
+			{
+			/* ok */
+			digest=md_alg;
+			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -176,19 +220,11 @@ char **argv;
 		argv++;
 		}
 
-	if (outformat == FORMAT_TEXT)
-		{
-		num=0;
-		issuer= ++num;
-		lastupdate= ++num;
-		nextupdate= ++num;
-		}
-
 	if (badops)
 		{
 bad:
 		for (pp=crl_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,*pp);
+			BIO_printf(bio_err,"%s",*pp);
 		goto end;
 		}
 
@@ -196,41 +232,100 @@ bad:
 	x=load_crl(infile,informat);
 	if (x == NULL) { goto end; }
 
+	if(do_ver) {
+		store = X509_STORE_new();
+		lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
+		if (lookup == NULL) goto end;
+		if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM))
+			X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+			
+		lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
+		if (lookup == NULL) goto end;
+		if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM))
+			X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+		ERR_clear_error();
+
+		if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
+			BIO_printf(bio_err,
+				"Error initialising X509 store\n");
+			goto end;
+		}
+
+		i = X509_STORE_get_by_subject(&ctx, X509_LU_X509, 
+					X509_CRL_get_issuer(x), &xobj);
+		if(i <= 0) {
+			BIO_printf(bio_err,
+				"Error getting CRL issuer certificate\n");
+			goto end;
+		}
+		pkey = X509_get_pubkey(xobj.data.x509);
+		X509_OBJECT_free_contents(&xobj);
+		if(!pkey) {
+			BIO_printf(bio_err,
+				"Error getting CRL issuer public key\n");
+			goto end;
+		}
+		i = X509_CRL_verify(x, pkey);
+		EVP_PKEY_free(pkey);
+		if(i < 0) goto end;
+		if(i == 0) BIO_printf(bio_err, "verify failure\n");
+		else BIO_printf(bio_err, "verify OK\n");
+	}
+
 	if (num)
 		{
 		for (i=1; i<=num; i++)
 			{
 			if (issuer == i)
 				{
-				X509_NAME_oneline(x->crl->issuer,buf,256);
-				fprintf(stdout,"issuer= %s\n",buf);
+				print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag);
 				}
 
 			if (hash == i)
 				{
-				fprintf(stdout,"%08lx\n",
-					X509_NAME_hash(x->crl->issuer));
+				BIO_printf(bio_out,"%08lx\n",
+					X509_NAME_hash(X509_CRL_get_issuer(x)));
 				}
 			if (lastupdate == i)
 				{
-				fprintf(stdout,"lastUpdate=");
-				ASN1_UTCTIME_print(bio_out,x->crl->lastUpdate);
-				fprintf(stdout,"\n");
+				BIO_printf(bio_out,"lastUpdate=");
+				ASN1_TIME_print(bio_out,
+						X509_CRL_get_lastUpdate(x));
+				BIO_printf(bio_out,"\n");
 				}
 			if (nextupdate == i)
 				{
-				fprintf(stdout,"nextUpdate=");
-				if (x->crl->nextUpdate != NULL)
-					ASN1_UTCTIME_print(bio_out,x->crl->nextUpdate);
+				BIO_printf(bio_out,"nextUpdate=");
+				if (X509_CRL_get_nextUpdate(x)) 
+					ASN1_TIME_print(bio_out,
+						X509_CRL_get_nextUpdate(x));
 				else
-					fprintf(stdout,"NONE");
-				fprintf(stdout,"\n");
+					BIO_printf(bio_out,"NONE");
+				BIO_printf(bio_out,"\n");
+				}
+			if (fingerprint == i)
+				{
+				int j;
+				unsigned int n;
+				unsigned char md[EVP_MAX_MD_SIZE];
+
+				if (!X509_CRL_digest(x,digest,md,&n))
+					{
+					BIO_printf(bio_err,"out of memory\n");
+					goto end;
+					}
+				BIO_printf(bio_out,"%s Fingerprint=",
+						OBJ_nid2sn(EVP_MD_type(digest)));
+				for (j=0; j<(int)n; j++)
+					{
+					BIO_printf(bio_out,"%02X%c",md[j],
+						(j+1 == (int)n)
+						?'\n':':');
+					}
 				}
 			}
 		}
 
-	if (noout) goto end;
-
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)
 		{
@@ -239,7 +334,15 @@ bad:
 		}
 
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -249,27 +352,14 @@ bad:
 			}
 		}
 
+	if (text) X509_CRL_print(out, x);
+
+	if (noout) goto end;
+
 	if 	(outformat == FORMAT_ASN1)
 		i=(int)i2d_X509_CRL_bio(out,x);
 	else if (outformat == FORMAT_PEM)
 		i=PEM_write_bio_X509_CRL(out,x);
-	else if (outformat == FORMAT_TEXT)
-		{
-		X509_REVOKED *r;
-		STACK *sk;
-
-		sk=sk_dup(x->crl->revoked);
-		while ((r=(X509_REVOKED *)sk_pop(sk)) != NULL)
-			{
-			fprintf(stdout,"revoked: serialNumber=");
-			i2a_ASN1_INTEGER(out,r->serialNumber);
-			fprintf(stdout," revocationDate=");
-			ASN1_UTCTIME_print(bio_out,r->revocationDate);
-			fprintf(stdout,"\n");
-			}
-		sk_free(sk);
-		i=1;
-		}
 	else	
 		{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
@@ -278,15 +368,19 @@ bad:
 	if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
 	ret=0;
 end:
-	if (out != NULL) BIO_free(out);
-	if (bio_out != NULL) BIO_free(bio_out);
-	if (x != NULL) X509_CRL_free(x);
-	EXIT(ret);
+	BIO_free_all(out);
+	BIO_free_all(bio_out);
+	bio_out=NULL;
+	X509_CRL_free(x);
+	if(store) {
+		X509_STORE_CTX_cleanup(&ctx);
+		X509_STORE_free(store);
+	}
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
-static X509_CRL *load_crl(infile, format)
-char *infile;
-int format;
+static X509_CRL *load_crl(char *infile, int format)
 	{
 	X509_CRL *x=NULL;
 	BIO *in=NULL;
@@ -311,7 +405,7 @@ int format;
 	if 	(format == FORMAT_ASN1)
 		x=d2i_X509_CRL_bio(in,NULL);
 	else if (format == FORMAT_PEM)
-		x=PEM_read_bio_X509_CRL(in,NULL,NULL);
+		x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
 	else	{
 		BIO_printf(bio_err,"bad input format specified for input crl\n");
 		goto end;
@@ -324,7 +418,7 @@ int format;
 		}
 	
 end:
-	if (in != NULL) BIO_free(in);
+	BIO_free(in);
 	return(x);
 	}
 
diff --git a/apps/crl.out b/apps/crl.out
deleted file mode 100644
index 85d10e989b..0000000000
--- a/apps/crl.out
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN X509 CRL-----
-MIIBDjCBuTANBgkqhkiG9w0BAQQFADBgMQswCQYDVQQGEwJBVTEMMAoGA1UECBMD
-UUxEMRkwFwYDVQQKExBNaW5jb20gUHR5LiBMdGQuMQswCQYDVQQLEwJDUzEbMBkG
-A1UEAxMSU1NMZWF5IGRlbW8gc2VydmVyFw05NzA3MDkwMDAwMjJaFw05NzA4MDgw
-MDAwMjJaMCgwEgIBARcNOTUxMDA5MjMzMjA1WjASAgEDFw05NTEyMDEwMTAwMDBa
-MA0GCSqGSIb3DQEBBAUAA0EAcEBIWVZPXxSlLMPPLfBi4s0N3lzTgskZkgO6pjZi
-oQRwh5vi5zFqDNQteGx7RTHpUYntgyoAZ87FZE0GOJgBaQ==
------END X509 CRL-----
diff --git a/apps/crl2p7.c b/apps/crl2p7.c
index 82a7829558..b2f2d121d5 100644
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@@ -65,31 +65,26 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include "err.h"
-#include "evp.h"
-#include "x509.h"
-#include "pkcs7.h"
-#include "pem.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static int add_certs_from_file(STACK *stack, char *certfile);
-#else
-static int add_certs_from_file();
-#endif
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+#include <openssl/objects.h>
 
+static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
 #undef PROG
 #define PROG	crl2pkcs7_main
 
-/* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
  * -outform arg - output format - default PEM
  * -in arg	- input file - default stdin
  * -out arg	- output file - default stdout
  */
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
 	{
 	int i,badops=0;
 	BIO *in=NULL,*out=NULL;
@@ -98,8 +93,9 @@ char **argv;
 	PKCS7 *p7 = NULL;
 	PKCS7_SIGNED *p7s = NULL;
 	X509_CRL *crl=NULL;
-	STACK *crl_stack=NULL;
-	STACK *cert_stack=NULL;
+	STACK *certflst=NULL;
+	STACK_OF(X509_CRL) *crl_stack=NULL;
+	STACK_OF(X509) *cert_stack=NULL;
 	int ret=1,nocrl=0;
 
 	apps_startup();
@@ -112,7 +108,6 @@ char **argv;
 	outfile=NULL;
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
-	certfile=NULL;
 
 	prog=argv[0];
 	argc--;
@@ -146,7 +141,8 @@ char **argv;
 		else if (strcmp(*argv,"-certfile") == 0)
 			{
 			if (--argc < 1) goto bad;
-			certfile= *(++argv);
+			if(!certflst) certflst = sk_new_null();
+			sk_push(certflst,*(++argv));
 			}
 		else
 			{
@@ -163,13 +159,15 @@ char **argv;
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg    input format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -outform arg   output format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg        inout file\n");
+		BIO_printf(bio_err," -inform arg    input format - DER or PEM\n");
+		BIO_printf(bio_err," -outform arg   output format - DER or PEM\n");
+		BIO_printf(bio_err," -in arg        input file\n");
 		BIO_printf(bio_err," -out arg       output file\n");
 		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");
+		BIO_printf(bio_err,"                (can be used more than once)\n");
 		BIO_printf(bio_err," -nocrl         no crl to load, just certs from '-certfile'\n");
-		EXIT(1);
+		ret = 1;
+		goto end;
 		}
 
 	ERR_load_crypto_strings();
@@ -198,7 +196,7 @@ bad:
 		if 	(informat == FORMAT_ASN1)
 			crl=d2i_X509_CRL_bio(in,NULL);
 		else if (informat == FORMAT_PEM)
-			crl=PEM_read_bio_X509_CRL(in,NULL,NULL);
+			crl=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
 		else	{
 			BIO_printf(bio_err,"bad input format specified for input crl\n");
 			goto end;
@@ -218,29 +216,39 @@ bad:
 	p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);
 
 	if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
-	if ((crl_stack=sk_new(NULL)) == NULL) goto end;
+	if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end;
 	p7s->crl=crl_stack;
 	if (crl != NULL)
 		{
-		sk_push(crl_stack,(char *)crl);
-		crl=NULL; /* now part of p7 for Freeing */
+		sk_X509_CRL_push(crl_stack,crl);
+		crl=NULL; /* now part of p7 for OPENSSL_freeing */
 		}
 
-	if ((cert_stack=sk_new(NULL)) == NULL) goto end;
+	if ((cert_stack=sk_X509_new_null()) == NULL) goto end;
 	p7s->cert=cert_stack;
 
-	if (certfile != NULL) 
-		{
+	if(certflst) for(i = 0; i < sk_num(certflst); i++) {
+		certfile = sk_value(certflst, i);
 		if (add_certs_from_file(cert_stack,certfile) < 0)
 			{
-			BIO_printf(bio_err,"error loading certificates\n");
+			BIO_printf(bio_err, "error loading certificates\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
-		}
+	}
+
+	sk_free(certflst);
 
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -267,11 +275,12 @@ bad:
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free(out);
+	if (out != NULL) BIO_free_all(out);
 	if (p7 != NULL) PKCS7_free(p7);
 	if (crl != NULL) X509_CRL_free(crl);
 
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
 /*
@@ -284,40 +293,42 @@ end:
  *	number of certs added if successful, -1 if not.
  *----------------------------------------------------------------------
  */
-static int add_certs_from_file(stack,certfile)
-STACK *stack;
-char *certfile;
+static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
 	{
 	struct stat st;
 	BIO *in=NULL;
 	int count=0;
 	int ret= -1;
-	STACK *sk=NULL;
+	STACK_OF(X509_INFO) *sk=NULL;
 	X509_INFO *xi;
 
 	if ((stat(certfile,&st) != 0))
 		{
-		BIO_printf(bio_err,"unable to file the file, %s\n",certfile);
+		BIO_printf(bio_err,"unable to load the file, %s\n",certfile);
 		goto end;
 		}
 
 	in=BIO_new(BIO_s_file());
 	if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0))
 		{
+		BIO_printf(bio_err,"error opening the file, %s\n",certfile);
 		goto end;
 		}
 
 	/* This loads from a file, a stack of x509/crl/pkey sets */
-	sk=PEM_X509_INFO_read_bio(in,NULL,NULL);
-	if (sk == NULL) goto end;
+	sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL);
+	if (sk == NULL) {
+		BIO_printf(bio_err,"error reading the file, %s\n",certfile);
+		goto end;
+	}
 
 	/* scan over it and pull out the CRL's */
-	while (sk_num(sk))
+	while (sk_X509_INFO_num(sk))
 		{
-		xi=(X509_INFO *)sk_shift(sk);
+		xi=sk_X509_INFO_shift(sk);
 		if (xi->x509 != NULL)
 			{
-			sk_push(stack,(char *)xi->x509);
+			sk_X509_push(stack,xi->x509);
 			xi->x509=NULL;
 			count++;
 			}
@@ -326,9 +337,9 @@ char *certfile;
 
 	ret=count;
 end:
- 	/* never need to Free x */
+ 	/* never need to OPENSSL_free x */
 	if (in != NULL) BIO_free(in);
-	if (sk != NULL) sk_free(sk);
+	if (sk != NULL) sk_X509_INFO_free(sk);
 	return(ret);
 	}
 
diff --git a/apps/der_chop b/apps/der_chop.in
index 4639330c10..9070b032fc 100644
--- a/apps/der_chop
+++ b/apps/der_chop.in
@@ -42,13 +42,13 @@ $md4_cmd="md4";
 $rsa_cmd="rsa -des -inform der ";
 
 # this was the 0.5.x way of doing things ...
-$cmd="ssleay asn1parse";
-$x509_cmd="ssleay x509";
-$crl_cmd="ssleay crl";
-$rc4_cmd="ssleay rc4";
-$md2_cmd="ssleay md2";
-$md4_cmd="ssleay md4";
-$rsa_cmd="ssleay rsa -des -inform der ";
+$cmd="openssl asn1parse";
+$x509_cmd="openssl x509";
+$crl_cmd="openssl crl";
+$rc4_cmd="openssl rc4";
+$md2_cmd="openssl md2";
+$md4_cmd="openssl md4";
+$rsa_cmd="openssl rsa -des -inform der ";
 
 &Getopts('vd:') || die "usage:$0 [-v] [-d num] file";
 $depth=($opt_d =~ /^\d+$/)?$opt_d:0;
diff --git a/apps/dgst.c b/apps/dgst.c
index 86d60c53da..280f79b4a2 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -60,12 +60,12 @@
 #include <string.h>
 #include <stdlib.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef BUFSIZE
 #define BUFSIZE	1024*8
@@ -73,30 +73,38 @@
 #undef PROG
 #define PROG	dgst_main
 
-#ifndef NOPROTO
-void do_fp(unsigned char *buf,BIO *f,int sep);
-#else
-void do_fp();
-#endif
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
+	  const char *file);
+
+int MAIN(int, char **);
 
-int MAIN(argc,argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	unsigned char *buf=NULL;
 	int i,err=0;
-	EVP_MD *md=NULL,*m;
+	const EVP_MD *md=NULL,*m;
 	BIO *in=NULL,*inp;
 	BIO *bmd=NULL;
-	char *name;
-#define PROG_NAME_SIZE  16
-        char pname[PROG_NAME_SIZE];
+	BIO *out = NULL;
+	const char *name;
+#define PROG_NAME_SIZE  39
+	char pname[PROG_NAME_SIZE+1];
 	int separator=0;
 	int debug=0;
+	int keyform=FORMAT_PEM;
+	const char *outfile = NULL, *keyfile = NULL;
+	const char *sigfile = NULL, *randfile = NULL;
+	int out_bin = -1, want_pub = 0, do_verify = 0;
+	EVP_PKEY *sigkey = NULL;
+	unsigned char *sigbuf = NULL;
+	int siglen = 0;
+	char *engine=NULL;
 
 	apps_startup();
 
-	if ((buf=(unsigned char *)Malloc(BUFSIZE)) == NULL)
+	if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
@@ -105,18 +113,68 @@ char **argv;
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	/* first check the program name */
-        program_name(argv[0],pname,PROG_NAME_SIZE);
+	program_name(argv[0],pname,sizeof pname);
 
 	md=EVP_get_digestbyname(pname);
 
 	argc--;
 	argv++;
-	for (i=0; i<argc; i++)
+	while (argc > 0)
 		{
 		if ((*argv)[0] != '-') break;
 		if (strcmp(*argv,"-c") == 0)
 			separator=1;
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) break;
+			randfile=*(++argv);
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) break;
+			outfile=*(++argv);
+			}
+		else if (strcmp(*argv,"-sign") == 0)
+			{
+			if (--argc < 1) break;
+			keyfile=*(++argv);
+			}
+		else if (strcmp(*argv,"-verify") == 0)
+			{
+			if (--argc < 1) break;
+			keyfile=*(++argv);
+			want_pub = 1;
+			do_verify = 1;
+			}
+		else if (strcmp(*argv,"-prverify") == 0)
+			{
+			if (--argc < 1) break;
+			keyfile=*(++argv);
+			do_verify = 1;
+			}
+		else if (strcmp(*argv,"-signature") == 0)
+			{
+			if (--argc < 1) break;
+			sigfile=*(++argv);
+			}
+		else if (strcmp(*argv,"-keyform") == 0)
+			{
+			if (--argc < 1) break;
+			keyform=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) break;
+			engine= *(++argv);
+			}
+		else if (strcmp(*argv,"-hex") == 0)
+			out_bin = 0;
+		else if (strcmp(*argv,"-binary") == 0)
+			out_bin = 1;
 		else if (strcmp(*argv,"-d") == 0)
 			debug=1;
 		else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
@@ -130,15 +188,33 @@ char **argv;
 	if (md == NULL)
 		md=EVP_md5();
 
+	if(do_verify && !sigfile) {
+		BIO_printf(bio_err, "No signature to verify: use the -signature option\n");
+		err = 1; 
+		goto end;
+	}
+
 	if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
 		{
 		BIO_printf(bio_err,"unknown option '%s'\n",*argv);
 		BIO_printf(bio_err,"options are\n");
-		BIO_printf(bio_err,"-c   to output the digest with separating colons\n");
-		BIO_printf(bio_err,"-d   to output debug info\n");
+		BIO_printf(bio_err,"-c              to output the digest with separating colons\n");
+		BIO_printf(bio_err,"-d              to output debug info\n");
+		BIO_printf(bio_err,"-hex            output as hex dump\n");
+		BIO_printf(bio_err,"-binary         output in binary form\n");
+		BIO_printf(bio_err,"-sign   file    sign digest using private key in file\n");
+		BIO_printf(bio_err,"-verify file    verify a signature using public key in file\n");
+		BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
+		BIO_printf(bio_err,"-keyform arg    key file format (PEM or ENGINE)\n");
+		BIO_printf(bio_err,"-signature file signature to verify\n");
+		BIO_printf(bio_err,"-binary         output in binary form\n");
+		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
+
 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
 			LN_md5,LN_md5);
 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
+			LN_md4,LN_md4);
+		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_md2,LN_md2);
 		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm\n",
 			LN_sha1,LN_sha1);
@@ -151,7 +227,9 @@ char **argv;
 		err=1;
 		goto end;
 		}
-	
+
+        e = setup_engine(bio_err, engine, 0);
+
 	in=BIO_new(BIO_s_file());
 	bmd=BIO_new(BIO_f_md());
 	if (debug)
@@ -167,6 +245,74 @@ char **argv;
 		goto end;
 		}
 
+	if(out_bin == -1) {
+		if(keyfile) out_bin = 1;
+		else out_bin = 0;
+	}
+
+	if(randfile)
+		app_RAND_load_file(randfile, bio_err, 0);
+
+	if(outfile) {
+		if(out_bin)
+			out = BIO_new_file(outfile, "wb");
+		else    out = BIO_new_file(outfile, "w");
+	} else {
+		out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+	}
+
+	if(!out) {
+		BIO_printf(bio_err, "Error opening output file %s\n", 
+					outfile ? outfile : "(stdout)");
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+
+	if(keyfile)
+		{
+		if (want_pub)
+			sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
+				e, "key file");
+		else
+			sigkey = load_key(bio_err, keyfile, keyform, 0, NULL,
+				e, "key file");
+		if (!sigkey)
+			{
+			/* load_[pub]key() has already printed an appropriate
+			   message */
+			goto end;
+			}
+		}
+
+	if(sigfile && sigkey) {
+		BIO *sigbio;
+		sigbio = BIO_new_file(sigfile, "rb");
+		siglen = EVP_PKEY_size(sigkey);
+		sigbuf = OPENSSL_malloc(siglen);
+		if(!sigbio) {
+			BIO_printf(bio_err, "Error opening signature file %s\n",
+								sigfile);
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+		siglen = BIO_read(sigbio, sigbuf, siglen);
+		BIO_free(sigbio);
+		if(siglen <= 0) {
+			BIO_printf(bio_err, "Error reading signature file %s\n",
+								sigfile);
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	}
+		
+
+
 	/* we use md as a filter, reading from 'in' */
 	BIO_set_md(bmd,md);
 	inp=BIO_push(bmd,in);
@@ -174,39 +320,57 @@ char **argv;
 	if (argc == 0)
 		{
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-		do_fp(buf,inp,separator);
+		err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
+			  siglen,"","(stdin)");
 		}
 	else
 		{
 		name=OBJ_nid2sn(md->type);
 		for (i=0; i<argc; i++)
 			{
+			char *tmp,*tofree=NULL;
+			int r;
+
 			if (BIO_read_filename(in,argv[i]) <= 0)
 				{
 				perror(argv[i]);
 				err++;
 				continue;
 				}
-			printf("%s(%s)= ",name,argv[i]);
-			do_fp(buf,inp,separator);
-			BIO_reset(bmd);
+			if(!out_bin)
+				{
+				tmp=tofree=OPENSSL_malloc(strlen(name)+strlen(argv[i])+5);
+				sprintf(tmp,"%s(%s)= ",name,argv[i]);
+				}
+			else
+				tmp="";
+			r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
+				siglen,tmp,argv[i]);
+			if(r)
+			    err=r;
+			if(tofree)
+				OPENSSL_free(tofree);
+			(void)BIO_reset(bmd);
 			}
 		}
 end:
 	if (buf != NULL)
 		{
-		memset(buf,0,BUFSIZE);
-		Free(buf);
+		OPENSSL_cleanse(buf,BUFSIZE);
+		OPENSSL_free(buf);
 		}
 	if (in != NULL) BIO_free(in);
+	BIO_free_all(out);
+	EVP_PKEY_free(sigkey);
+	if(sigbuf) OPENSSL_free(sigbuf);
 	if (bmd != NULL) BIO_free(bmd);
-	EXIT(err);
+	apps_shutdown();
+	OPENSSL_EXIT(err);
 	}
 
-void do_fp(buf,bp,sep)
-unsigned char *buf;
-BIO *bp;
-int sep;
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+	  EVP_PKEY *key, unsigned char *sigin, int siglen, const char *title,
+	  const char *file)
 	{
 	int len;
 	int i;
@@ -214,16 +378,60 @@ int sep;
 	for (;;)
 		{
 		i=BIO_read(bp,(char *)buf,BUFSIZE);
-		if (i <= 0) break;
+		if(i < 0)
+			{
+			BIO_printf(bio_err, "Read Error in %s\n",file);
+			ERR_print_errors(bio_err);
+			return 1;
+			}
+		if (i == 0) break;
 		}
-	len=BIO_gets(bp,(char *)buf,BUFSIZE);
+	if(sigin)
+		{
+		EVP_MD_CTX *ctx;
+		BIO_get_md_ctx(bp, &ctx);
+		i = EVP_VerifyFinal(ctx, sigin, (unsigned int)siglen, key); 
+		if(i > 0)
+			BIO_printf(out, "Verified OK\n");
+		else if(i == 0)
+			{
+			BIO_printf(out, "Verification Failure\n");
+			return 1;
+			}
+		else
+			{
+			BIO_printf(bio_err, "Error Verifying Data\n");
+			ERR_print_errors(bio_err);
+			return 1;
+			}
+		return 0;
+		}
+	if(key)
+		{
+		EVP_MD_CTX *ctx;
+		BIO_get_md_ctx(bp, &ctx);
+		if(!EVP_SignFinal(ctx, buf, (unsigned int *)&len, key)) 
+			{
+			BIO_printf(bio_err, "Error Signing Data\n");
+			ERR_print_errors(bio_err);
+			return 1;
+			}
+		}
+	else
+		len=BIO_gets(bp,(char *)buf,BUFSIZE);
 
-	for (i=0; i<len; i++)
+	if(binout) BIO_write(out, buf, len);
+	else 
 		{
-		if (sep && (i != 0))
-			putc(':',stdout);
-		printf("%02x",buf[i]);
+		BIO_write(out,title,strlen(title));
+		for (i=0; i<len; i++)
+			{
+			if (sep && (i != 0))
+				BIO_printf(out, ":");
+			BIO_printf(out, "%02x",buf[i]);
+			}
+		BIO_printf(out, "\n");
 		}
-	printf("\n");
+	return 0;
 	}
 
diff --git a/apps/dh.c b/apps/dh.c
index bbf445e845..c10ea96b90 100644
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -1,4 +1,5 @@
 /* apps/dh.c */
+/* obsoleted by dhparam.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,22 +57,23 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_DH
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "bn.h"
-#include "dh.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	dh_main
 
-/* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
  * -outform arg - output format - default PEM
  * -in arg	- input file - default stdin
  * -out arg	- output file - default stdout
@@ -81,15 +83,16 @@
  * -C
  */
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,check=0,noout=0,C=0,ret=1;
-	char *infile,*outfile,*prog;
+	char *infile,*outfile,*prog,*engine;
 
 	apps_startup();
 
@@ -97,6 +100,10 @@ char **argv;
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
+	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -127,6 +134,11 @@ char **argv;
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
 		else if (strcmp(*argv,"-text") == 0)
@@ -150,19 +162,22 @@ char **argv;
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -inform arg   input format - one of DER PEM\n");
+		BIO_printf(bio_err," -outform arg  output format - one of DER PEM\n");
+		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -check        check the DH parameters\n");
-		BIO_printf(bio_err," -text         check the DH parameters\n");
+		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
+		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		goto end;
 		}
 
 	ERR_load_crypto_strings();
 
+        e = setup_engine(bio_err, engine, 0);
+
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
@@ -182,7 +197,15 @@ bad:
 			}
 		}
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -195,7 +218,7 @@ bad:
 	if	(informat == FORMAT_ASN1)
 		dh=d2i_DHparams_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
-		dh=PEM_read_bio_DHparams(in,NULL,NULL);
+		dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
 	else
 		{
 		BIO_printf(bio_err,"bad input format specified\n");
@@ -220,7 +243,7 @@ bad:
 		BN_print(stdout,dh->g);
 		printf("\n");
 		if (dh->length != 0)
-			printf("recomented private length=%ld\n",dh->length);
+			printf("recommended private length=%ld\n",dh->length);
 #endif
 		}
 	
@@ -233,8 +256,8 @@ bad:
 			}
 		if (i & DH_CHECK_P_NOT_PRIME)
 			printf("p value is not prime\n");
-		if (i & DH_CHECK_P_NOT_STRONG_PRIME)
-			printf("p value is not a strong prime\n");
+		if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+			printf("p value is not a safe prime\n");
 		if (i & DH_UNABLE_TO_CHECK_GENERATOR)
 			printf("unable to check the generator value\n");
 		if (i & DH_NOT_SUITABLE_GENERATOR)
@@ -249,10 +272,10 @@ bad:
 
 		len=BN_num_bytes(dh->p);
 		bits=BN_num_bits(dh->p);
-		data=(unsigned char *)Malloc(len);
+		data=(unsigned char *)OPENSSL_malloc(len);
 		if (data == NULL)
 			{
-			perror("Malloc");
+			perror("OPENSSL_malloc");
 			goto end;
 			}
 		l=BN_bn2bin(dh->p,data);
@@ -283,6 +306,7 @@ bad:
 		printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
 		printf("\t\treturn(NULL);\n");
 		printf("\treturn(dh);\n\t}\n");
+		OPENSSL_free(data);
 		}
 
 
@@ -298,7 +322,7 @@ bad:
 			}
 		if (!i)
 			{
-			BIO_printf(bio_err,"unable to write DH paramaters\n");
+			BIO_printf(bio_err,"unable to write DH parameters\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
@@ -306,7 +330,9 @@ bad:
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free(out);
+	if (out != NULL) BIO_free_all(out);
 	if (dh != NULL) DH_free(dh);
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
+#endif
diff --git a/apps/dh1024.pem b/apps/dh1024.pem
index 81d43f6a3e..6eaeca9b8e 100644
--- a/apps/dh1024.pem
+++ b/apps/dh1024.pem
@@ -1,5 +1,10 @@
 -----BEGIN DH PARAMETERS-----
-MIGHAoGBAJf2QmHKtQXdKCjhPx1ottPb0PMTBH9A6FbaWMsTuKG/K3g6TG1Z1fkq
-/Gz/PWk/eLI9TzFgqVAuPvr3q14a1aZeVUMTgo2oO5/y2UHe6VaJ+trqCTat3xlx
-/mNbIK9HA2RgPC3gWfVLZQrY+gz3ASHHR5nXWHEyvpuZm7m3h+irAgEC
+MIGHAoGBAPSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY
+jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6
+ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpL3jHAgEC
 -----END DH PARAMETERS-----
+
+These are the 1024 bit DH parameters from "Assigned Number for SKIP Protocols"
+(http://www.skip-vpn.org/spec/numbers.html).
+See there for how they were generated.
+Note that g is not a generator, but this is not a problem since p is a safe prime.
diff --git a/apps/dh2048.pem b/apps/dh2048.pem
new file mode 100644
index 0000000000..dcd0b8d01b
--- /dev/null
+++ b/apps/dh2048.pem
@@ -0,0 +1,12 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV
+89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50
+T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb
+zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX
+Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT
+CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==
+-----END DH PARAMETERS-----
+
+These are the 2048 bit DH parameters from "Assigned Number for SKIP Protocols"
+(http://www.skip-vpn.org/spec/numbers.html).
+See there for how they were generated.
diff --git a/apps/dh4096.pem b/apps/dh4096.pem
new file mode 100644
index 0000000000..1b35ad8e62
--- /dev/null
+++ b/apps/dh4096.pem
@@ -0,0 +1,18 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA+hRyUsFN4VpJ1O8JLcCo/VWr19k3BCgJ4uk+d+KhehjdRqNDNyOQ
+l/MOyQNQfWXPeGKmOmIig6Ev/nm6Nf9Z2B1h3R4hExf+zTiHnvVPeRBhjdQi81rt
+Xeoh6TNrSBIKIHfUJWBh3va0TxxjQIs6IZOLeVNRLMqzeylWqMf49HsIXqbcokUS
+Vt1BkvLdW48j8PPv5DsKRN3tloTxqDJGo9tKvj1Fuk74A+Xda1kNhB7KFlqMyN98
+VETEJ6c7KpfOo30mnK30wqw3S8OtaIR/maYX72tGOno2ehFDkq3pnPtEbD2CScxc
+alJC+EL7RPk5c/tgeTvCngvc1KZn92Y//EI7G9tPZtylj2b56sHtMftIoYJ9+ODM
+sccD5Piz/rejE3Ome8EOOceUSCYAhXn8b3qvxVI1ddd1pED6FHRhFvLrZxFvBEM9
+ERRMp5QqOaHJkM+Dxv8Cj6MqrCbfC4u+ZErxodzuusgDgvZiLF22uxMZbobFWyte
+OvOzKGtwcTqO/1wV5gKkzu1ZVswVUQd5Gg8lJicwqRWyyNRczDDoG9jVDxmogKTH
+AaqLulO7R8Ifa1SwF2DteSGVtgWEN8gDpN3RBmmPTDngyF2DHb5qmpnznwtFKdTL
+KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=
+-----END DH PARAMETERS-----
+
+These are the 4096 bit DH parameters from "Assigned Number for SKIP Protocols"
+(http://www.skip-vpn.org/spec/numbers.html).
+See there for how they were generated.
+Note that g is not a generator, but this is not a problem since p is a safe prime.
diff --git a/apps/dh512.pem b/apps/dh512.pem
new file mode 100644
index 0000000000..200d16cd89
--- /dev/null
+++ b/apps/dh512.pem
@@ -0,0 +1,9 @@
+-----BEGIN DH PARAMETERS-----
+MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak
+XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC
+-----END DH PARAMETERS-----
+
+These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols"
+(http://www.skip-vpn.org/spec/numbers.html).
+See there for how they were generated.
+Note that g is not a generator, but this is not a problem since p is a safe prime.
diff --git a/apps/dhparam.c b/apps/dhparam.c
new file mode 100644
index 0000000000..cbc65bcc5f
--- /dev/null
+++ b/apps/dhparam.c
@@ -0,0 +1,541 @@
+/* apps/dhparam.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef OPENSSL_NO_DH
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+
+#undef PROG
+#define PROG	dhparam_main
+
+#define DEFBITS	512
+
+/* -inform arg	- input format - default PEM (DER or PEM)
+ * -outform arg - output format - default PEM
+ * -in arg	- input file - default stdin
+ * -out arg	- output file - default stdout
+ * -dsaparam  - read or generate DSA parameters, convert to DH
+ * -check	- check the parameters are ok
+ * -noout
+ * -text
+ * -C
+ */
+
+static void MS_CALLBACK dh_cb(int p, int n, void *arg);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+	{
+	ENGINE *e = NULL;
+	DH *dh=NULL;
+	int i,badops=0,text=0;
+#ifndef OPENSSL_NO_DSA
+	int dsaparam=0;
+#endif
+	BIO *in=NULL,*out=NULL;
+	int informat,outformat,check=0,noout=0,C=0,ret=1;
+	char *infile,*outfile,*prog;
+	char *inrand=NULL,*engine=NULL;
+	int num = 0, g = 0;
+
+	apps_startup();
+
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
+
+	infile=NULL;
+	outfile=NULL;
+	informat=FORMAT_PEM;
+	outformat=FORMAT_PEM;
+
+	prog=argv[0];
+	argc--;
+	argv++;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			informat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outformat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
+			infile= *(++argv);
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
+		else if (strcmp(*argv,"-check") == 0)
+			check=1;
+		else if (strcmp(*argv,"-text") == 0)
+			text=1;
+#ifndef OPENSSL_NO_DSA
+		else if (strcmp(*argv,"-dsaparam") == 0)
+			dsaparam=1;
+#endif
+		else if (strcmp(*argv,"-C") == 0)
+			C=1;
+		else if (strcmp(*argv,"-noout") == 0)
+			noout=1;
+		else if (strcmp(*argv,"-2") == 0)
+			g=2;
+		else if (strcmp(*argv,"-5") == 0)
+			g=5;
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
+			inrand= *(++argv);
+			}
+		else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0)))
+			goto bad;
+		argv++;
+		argc--;
+		}
+
+	if (badops)
+		{
+bad:
+		BIO_printf(bio_err,"%s [options] [numbits]\n",prog);
+		BIO_printf(bio_err,"where options are\n");
+		BIO_printf(bio_err," -inform arg   input format - one of DER PEM\n");
+		BIO_printf(bio_err," -outform arg  output format - one of DER PEM\n");
+		BIO_printf(bio_err," -in arg       input file\n");
+		BIO_printf(bio_err," -out arg      output file\n");
+#ifndef OPENSSL_NO_DSA
+		BIO_printf(bio_err," -dsaparam     read or generate DSA parameters, convert to DH\n");
+#endif
+		BIO_printf(bio_err," -check        check the DH parameters\n");
+		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
+		BIO_printf(bio_err," -C            Output C code\n");
+		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
+		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
+		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
+		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err,"               the random number generator\n");
+		BIO_printf(bio_err," -noout        no output\n");
+		goto end;
+		}
+
+	ERR_load_crypto_strings();
+
+        e = setup_engine(bio_err, engine, 0);
+
+	if (g && !num)
+		num = DEFBITS;
+
+#ifndef OPENSSL_NO_DSA
+	if (dsaparam)
+		{
+		if (g)
+			{
+			BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n");
+			goto end;
+			}
+		}
+	else
+#endif
+		{
+		/* DH parameters */
+		if (num && !g)
+			g = 2;
+		}
+
+	if(num) {
+
+		if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+			{
+			BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+			}
+		if (inrand != NULL)
+			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+				app_RAND_load_files(inrand));
+
+#ifndef OPENSSL_NO_DSA
+		if (dsaparam)
+			{
+			DSA *dsa;
+			
+			BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
+			dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, bio_err);
+			if (dsa == NULL)
+				{
+				ERR_print_errors(bio_err);
+				goto end;
+				}
+
+			dh = DSA_dup_DH(dsa);
+			DSA_free(dsa);
+			if (dh == NULL)
+				{
+				ERR_print_errors(bio_err);
+				goto end;
+				}
+			}
+		else
+#endif
+			{
+			BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
+			BIO_printf(bio_err,"This is going to take a long time\n");
+			dh=DH_generate_parameters(num,g,dh_cb,bio_err);
+			
+			if (dh == NULL)
+				{
+				ERR_print_errors(bio_err);
+				goto end;
+				}
+			}
+
+		app_RAND_write_file(NULL, bio_err);
+	} else {
+
+		in=BIO_new(BIO_s_file());
+		if (in == NULL)
+			{
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		if (infile == NULL)
+			BIO_set_fp(in,stdin,BIO_NOCLOSE);
+		else
+			{
+			if (BIO_read_filename(in,infile) <= 0)
+				{
+				perror(infile);
+				goto end;
+				}
+			}
+
+		if	(informat != FORMAT_ASN1 && informat != FORMAT_PEM)
+			{
+			BIO_printf(bio_err,"bad input format specified\n");
+			goto end;
+			}
+
+#ifndef OPENSSL_NO_DSA
+		if (dsaparam)
+			{
+			DSA *dsa;
+			
+			if (informat == FORMAT_ASN1)
+				dsa=d2i_DSAparams_bio(in,NULL);
+			else /* informat == FORMAT_PEM */
+				dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
+			
+			if (dsa == NULL)
+				{
+				BIO_printf(bio_err,"unable to load DSA parameters\n");
+				ERR_print_errors(bio_err);
+				goto end;
+				}
+			
+			dh = DSA_dup_DH(dsa);
+			DSA_free(dsa);
+			if (dh == NULL)
+				{
+				ERR_print_errors(bio_err);
+				goto end;
+				}
+			}
+		else
+#endif
+			{
+			if (informat == FORMAT_ASN1)
+				dh=d2i_DHparams_bio(in,NULL);
+			else /* informat == FORMAT_PEM */
+				dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
+			
+			if (dh == NULL)
+				{
+				BIO_printf(bio_err,"unable to load DH parameters\n");
+				ERR_print_errors(bio_err);
+				goto end;
+				}
+			}
+		
+		/* dh != NULL */
+	}
+	
+	out=BIO_new(BIO_s_file());
+	if (out == NULL)
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+	if (outfile == NULL)
+		{
+		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
+			perror(outfile);
+			goto end;
+			}
+		}
+
+
+	if (text)
+		{
+		DHparams_print(out,dh);
+		}
+	
+	if (check)
+		{
+		if (!DH_check(dh,&i))
+			{
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		if (i & DH_CHECK_P_NOT_PRIME)
+			printf("p value is not prime\n");
+		if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+			printf("p value is not a safe prime\n");
+		if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+			printf("unable to check the generator value\n");
+		if (i & DH_NOT_SUITABLE_GENERATOR)
+			printf("the g value is not a generator\n");
+		if (i == 0)
+			printf("DH parameters appear to be ok.\n");
+		}
+	if (C)
+		{
+		unsigned char *data;
+		int len,l,bits;
+
+		len=BN_num_bytes(dh->p);
+		bits=BN_num_bits(dh->p);
+		data=(unsigned char *)OPENSSL_malloc(len);
+		if (data == NULL)
+			{
+			perror("OPENSSL_malloc");
+			goto end;
+			}
+		printf("#ifndef HEADER_DH_H\n"
+		       "#include <openssl/dh.h>\n"
+		       "#endif\n");
+		printf("DH *get_dh%d()\n\t{\n",bits);
+
+		l=BN_bn2bin(dh->p,data);
+		printf("\tstatic unsigned char dh%d_p[]={",bits);
+		for (i=0; i<l; i++)
+			{
+			if ((i%12) == 0) printf("\n\t\t");
+			printf("0x%02X,",data[i]);
+			}
+		printf("\n\t\t};\n");
+
+		l=BN_bn2bin(dh->g,data);
+		printf("\tstatic unsigned char dh%d_g[]={",bits);
+		for (i=0; i<l; i++)
+			{
+			if ((i%12) == 0) printf("\n\t\t");
+			printf("0x%02X,",data[i]);
+			}
+		printf("\n\t\t};\n");
+
+		printf("\tDH *dh;\n\n");
+		printf("\tif ((dh=DH_new()) == NULL) return(NULL);\n");
+		printf("\tdh->p=BN_bin2bn(dh%d_p,sizeof(dh%d_p),NULL);\n",
+			bits,bits);
+		printf("\tdh->g=BN_bin2bn(dh%d_g,sizeof(dh%d_g),NULL);\n",
+			bits,bits);
+		printf("\tif ((dh->p == NULL) || (dh->g == NULL))\n");
+		printf("\t\t{ DH_free(dh); return(NULL); }\n");
+		if (dh->length)
+			printf("\tdh->length = %ld;\n", dh->length);
+		printf("\treturn(dh);\n\t}\n");
+		OPENSSL_free(data);
+		}
+
+
+	if (!noout)
+		{
+		if 	(outformat == FORMAT_ASN1)
+			i=i2d_DHparams_bio(out,dh);
+		else if (outformat == FORMAT_PEM)
+			i=PEM_write_bio_DHparams(out,dh);
+		else	{
+			BIO_printf(bio_err,"bad output format specified for outfile\n");
+			goto end;
+			}
+		if (!i)
+			{
+			BIO_printf(bio_err,"unable to write DH parameters\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		}
+	ret=0;
+end:
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free_all(out);
+	if (dh != NULL) DH_free(dh);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
+	}
+
+/* dh_cb is identical to dsa_cb in apps/dsaparam.c */
+static void MS_CALLBACK dh_cb(int p, int n, void *arg)
+	{
+	char c='*';
+
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
+	BIO_write((BIO *)arg,&c,1);
+	(void)BIO_flush((BIO *)arg);
+#ifdef LINT
+	p=n;
+#endif
+	}
+
+#endif
diff --git a/apps/dsa-ca.pem b/apps/dsa-ca.pem
index 9eb08f3ddd..cccc14208f 100644
--- a/apps/dsa-ca.pem
+++ b/apps/dsa-ca.pem
@@ -1,17 +1,14 @@
 -----BEGIN DSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0
-
-svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0
-Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl
-Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/
-par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr
-zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO
-uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5
-rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx
-1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4
-HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827
-MVqOsYxGCb+kez0FoDSTgw==
+MIIBugIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
+PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
+u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
+Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
+hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
+SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
+Mu0OArgCgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuHvSLw9YUrJahcBHmbpvt4
+94lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUqAylOVFJJJXuirVJ+o+0T
+tOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u3enxhqnDGQIUB78dhW77
+J6zsFbSEHaQGUmfSeoM=
 -----END DSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE REQUEST-----
 MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
diff --git a/apps/dsa-pca.pem b/apps/dsa-pca.pem
index e3641ad47e..d23774edd6 100644
--- a/apps/dsa-pca.pem
+++ b/apps/dsa-pca.pem
@@ -1,17 +1,14 @@
 -----BEGIN DSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4
-
-GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS
-mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt
-of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr
-FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX
-RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd
-qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1
-diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn
-V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h
-hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf
-dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7
+MIIBvAIBAAKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2GlrMV4FMuj+BZgnOQ
+PnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7OZq5riDb77Cjcwtel
+u+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR5HCVW1DNSQIVAPcH
+Me36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnlaG8w42nh5bNdmLso
+hkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6kQmdtvFNnFQPWAbu
+SXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15AlsQReVkusBtXOlan7Y
+Mu0OArgCgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
+umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
+29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUCFQDNvrBz
+6TicfImU7UFRn9h00j0lJQ==
 -----END DSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE REQUEST-----
 MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
diff --git a/apps/dsa.c b/apps/dsa.c
index fbd85a467a..65988717bb 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -56,17 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_DSA
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "dsa.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/dsa.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	dsa_main
@@ -78,21 +79,28 @@
  * -des		- encrypt output if PEM format with DES in cbc mode
  * -des3	- encrypt output if PEM format
  * -idea	- encrypt output if PEM format
+ * -aes128	- encrypt output if PEM format
+ * -aes192	- encrypt output if PEM format
+ * -aes256	- encrypt output if PEM format
  * -text	- print a text version
  * -modulus	- print the DSA public key
  */
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int ret=1;
 	DSA *dsa=NULL;
 	int i,badops=0;
-	EVP_CIPHER *enc=NULL;
+	const EVP_CIPHER *enc=NULL;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,text=0,noout=0;
-	char *infile,*outfile,*prog;
+	int pubin = 0, pubout = 0;
+	char *infile,*outfile,*prog,*engine;
+	char *passargin = NULL, *passargout = NULL;
+	char *passin = NULL, *passout = NULL;
 	int modulus=0;
 
 	apps_startup();
@@ -101,6 +109,10 @@ char **argv;
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
+	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -131,12 +143,31 @@ char **argv;
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-passin") == 0)
+			{
+			if (--argc < 1) goto bad;
+			passargin= *(++argv);
+			}
+		else if (strcmp(*argv,"-passout") == 0)
+			{
+			if (--argc < 1) goto bad;
+			passargout= *(++argv);
+			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
 		else if (strcmp(*argv,"-modulus") == 0)
 			modulus=1;
+		else if (strcmp(*argv,"-pubin") == 0)
+			pubin=1;
+		else if (strcmp(*argv,"-pubout") == 0)
+			pubout=1;
 		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -152,23 +183,37 @@ char **argv;
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg   input format - one of DER NET PEM\n");
-		BIO_printf(bio_err," -outform arg  output format - one of DER NET PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
-		BIO_printf(bio_err," -out arg      output file\n");
-		BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
-		BIO_printf(bio_err," -des3         encrypt PEM output with ede cbc des using 168 bit key\n");
-#ifndef NO_IDEA
-		BIO_printf(bio_err," -idea         encrypt PEM output with cbc idea\n");
+		BIO_printf(bio_err," -inform arg     input format - DER or PEM\n");
+		BIO_printf(bio_err," -outform arg    output format - DER or PEM\n");
+		BIO_printf(bio_err," -in arg         input file\n");
+		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
+		BIO_printf(bio_err," -out arg        output file\n");
+		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
+		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
+#ifndef OPENSSL_NO_IDEA
+		BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");
+#endif
+#ifndef OPENSSL_NO_AES
+		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
 #endif
-		BIO_printf(bio_err," -text         print the key in text\n");
-		BIO_printf(bio_err," -noout        don't print key out\n");
-		BIO_printf(bio_err," -modulus      print the DSA public value\n");
+		BIO_printf(bio_err," -text           print the key in text\n");
+		BIO_printf(bio_err," -noout          don't print key out\n");
+		BIO_printf(bio_err," -modulus        print the DSA public value\n");
 		goto end;
 		}
 
 	ERR_load_crypto_strings();
 
+        e = setup_engine(bio_err, engine, 0);
+
+	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+		BIO_printf(bio_err, "Error getting passwords\n");
+		goto end;
+	}
+
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
@@ -188,25 +233,35 @@ bad:
 			}
 		}
 
-	BIO_printf(bio_err,"read DSA private key\n");
-	if	(informat == FORMAT_ASN1)
-		dsa=d2i_DSAPrivateKey_bio(in,NULL);
-	else if (informat == FORMAT_PEM)
-		dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL);
-	else
+	BIO_printf(bio_err,"read DSA key\n");
+	if	(informat == FORMAT_ASN1) {
+		if(pubin) dsa=d2i_DSA_PUBKEY_bio(in,NULL);
+		else dsa=d2i_DSAPrivateKey_bio(in,NULL);
+	} else if (informat == FORMAT_PEM) {
+		if(pubin) dsa=PEM_read_bio_DSA_PUBKEY(in,NULL, NULL, NULL);
+		else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,passin);
+	} else
 		{
 		BIO_printf(bio_err,"bad input format specified for key\n");
 		goto end;
 		}
 	if (dsa == NULL)
 		{
-		BIO_printf(bio_err,"unable to load Private Key\n");
+		BIO_printf(bio_err,"unable to load Key\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -232,12 +287,16 @@ bad:
 		}
 
 	if (noout) goto end;
-	BIO_printf(bio_err,"writing DSA private key\n");
-	if 	(outformat == FORMAT_ASN1)
-		i=i2d_DSAPrivateKey_bio(out,dsa);
-	else if (outformat == FORMAT_PEM)
-		i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL);
-	else	{
+	BIO_printf(bio_err,"writing DSA key\n");
+	if 	(outformat == FORMAT_ASN1) {
+		if(pubin || pubout) i=i2d_DSA_PUBKEY_bio(out,dsa);
+		else i=i2d_DSAPrivateKey_bio(out,dsa);
+	} else if (outformat == FORMAT_PEM) {
+		if(pubin || pubout)
+			i=PEM_write_bio_DSA_PUBKEY(out,dsa);
+		else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
+							NULL,0,NULL, passout);
+	} else {
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
 		}
@@ -249,9 +308,12 @@ bad:
 	else
 		ret=0;
 end:
-	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free(out);
-	if (dsa != NULL) DSA_free(dsa);
-	EXIT(ret);
+	if(in != NULL) BIO_free(in);
+	if(out != NULL) BIO_free_all(out);
+	if(dsa != NULL) DSA_free(dsa);
+	if(passin) OPENSSL_free(passin);
+	if(passout) OPENSSL_free(passout);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
-
+#endif
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index de1d0cc953..320d76f632 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -56,23 +56,24 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_DSA
+#include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "bn.h"
-#include "rand.h"
-#include "dsa.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	dsaparam_main
 
-/* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
  * -outform arg - output format - default PEM
  * -in arg	- input file - default stdin
  * -out arg	- output file - default stdout
@@ -83,23 +84,21 @@
  * -genkey
  */
 
-#ifndef NOPROTO
-static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
-#else
-static void MS_CALLBACK dsa_cb();
-#endif
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
+
+int MAIN(int, char **);
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	DSA *dsa=NULL;
 	int i,badops=0,text=0;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,noout=0,C=0,ret=1;
 	char *infile,*outfile,*prog,*inrand=NULL;
 	int numbits= -1,num,genkey=0;
-	char buffer[200],*randfile=NULL;
+	int need_rand=0;
+	char *engine=NULL;
 
 	apps_startup();
 
@@ -107,6 +106,9 @@ char **argv;
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -137,16 +139,25 @@ char **argv;
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if(strcmp(*argv, "-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine = *(++argv);
+			}
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
 		else if (strcmp(*argv,"-C") == 0)
 			C=1;
 		else if (strcmp(*argv,"-genkey") == 0)
+			{
 			genkey=1;
+			need_rand=1;
+			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
+			need_rand=1;
 			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
@@ -154,6 +165,7 @@ char **argv;
 			{
 			/* generate a key */
 			numbits=num;
+			need_rand=1;
 			}
 		else
 			{
@@ -170,14 +182,16 @@ char **argv;
 bad:
 		BIO_printf(bio_err,"%s [options] [bits] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -inform arg   input format - DER or PEM\n");
+		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");
+		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
-		BIO_printf(bio_err," -text         check the DSA parameters\n");
+		BIO_printf(bio_err," -text         print as text\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
+		BIO_printf(bio_err," -genkey       generate a DSA key\n");
 		BIO_printf(bio_err," -rand         files to use for random number input\n");
+		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 		BIO_printf(bio_err," number        number of bits to use for generating private key\n");
 		goto end;
 		}
@@ -203,7 +217,15 @@ bad:
 			}
 		}
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -213,20 +235,27 @@ bad:
 			}
 		}
 
-	if (numbits > 0)
+        e = setup_engine(bio_err, engine, 0);
+
+	if (need_rand)
 		{
-		randfile=RAND_file_name(buffer,200);
-		RAND_load_file(randfile,1024L*1024L);
+		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+		if (inrand != NULL)
+			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+				app_RAND_load_files(inrand));
+		}
 
+	if (numbits > 0)
+		{
+		assert(need_rand);
 		BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
 	        BIO_printf(bio_err,"This could take some time\n");
-	        dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL,
-			dsa_cb,(char *)bio_err);
+	        dsa=DSA_generate_parameters(num,NULL,0,NULL,NULL, dsa_cb,bio_err);
 		}
 	else if	(informat == FORMAT_ASN1)
 		dsa=d2i_DSAparams_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
-		dsa=PEM_read_bio_DSAparams(in,NULL,NULL);
+		dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
 	else
 		{
 		BIO_printf(bio_err,"bad input format specified\n");
@@ -253,10 +282,10 @@ bad:
 		bits_p=BN_num_bits(dsa->p);
 		bits_q=BN_num_bits(dsa->q);
 		bits_g=BN_num_bits(dsa->g);
-		data=(unsigned char *)Malloc(len+20);
+		data=(unsigned char *)OPENSSL_malloc(len+20);
 		if (data == NULL)
 			{
-			perror("Malloc");
+			perror("OPENSSL_malloc");
 			goto end;
 			}
 		l=BN_bn2bin(dsa->p,data);
@@ -296,7 +325,7 @@ bad:
 		printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
 			bits_p,bits_p);
 		printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
-		printf("\t\treturn(NULL);\n");
+		printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
 		printf("\treturn(dsa);\n\t}\n");
 		}
 
@@ -313,7 +342,7 @@ bad:
 			}
 		if (!i)
 			{
-			BIO_printf(bio_err,"unable to write DSA paramaters\n");
+			BIO_printf(bio_err,"unable to write DSA parameters\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
@@ -322,30 +351,31 @@ bad:
 		{
 		DSA *dsakey;
 
+		assert(need_rand);
 		if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
 		if (!DSA_generate_key(dsakey)) goto end;
 		if 	(outformat == FORMAT_ASN1)
 			i=i2d_DSAPrivateKey_bio(out,dsakey);
 		else if (outformat == FORMAT_PEM)
-			i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL);
+			i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL);
 		else	{
 			BIO_printf(bio_err,"bad output format specified for outfile\n");
 			goto end;
 			}
 		DSA_free(dsakey);
 		}
+	if (need_rand)
+		app_RAND_write_file(NULL, bio_err);
 	ret=0;
 end:
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free(out);
+	if (out != NULL) BIO_free_all(out);
 	if (dsa != NULL) DSA_free(dsa);
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
-static void MS_CALLBACK dsa_cb(p, n, arg)
-int p;
-int n;
-char *arg;
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
 	{
 	char c='*';
 
@@ -353,9 +383,10 @@ char *arg;
 	if (p == 1) c='+';
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
-	BIO_write((BIO *)arg,&c,1);
-	BIO_flush((BIO *)arg);
+	BIO_write(arg,&c,1);
+	(void)BIO_flush(arg);
 #ifdef LINT
 	p=n;
 #endif
 	}
+#endif
diff --git a/apps/ec.c b/apps/ec.c
new file mode 100644
index 0000000000..7d57341cb4
--- /dev/null
+++ b/apps/ec.c
@@ -0,0 +1,395 @@
+/* apps/ec.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef OPENSSL_NO_EC
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+
+#undef PROG
+#define PROG	ec_main
+
+/* -inform arg    - input format - default PEM (one of DER, NET or PEM)
+ * -outform arg   - output format - default PEM
+ * -in arg        - input file - default stdin
+ * -out arg       - output file - default stdout
+ * -des           - encrypt output if PEM format with DES in cbc mode
+ * -text          - print a text version
+ * -param_out     - print the elliptic curve parameters
+ * -conv_form arg - specifies the point encoding form
+ * -param_enc arg - specifies the parameter encoding
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+	ENGINE 	*e = NULL;
+	int 	ret = 1;
+	EC_KEY 	*eckey = NULL;
+	int 	i, badops = 0;
+	const EVP_CIPHER *enc = NULL;
+	BIO 	*in = NULL, *out = NULL;
+	int 	informat, outformat, text=0, noout=0;
+	int  	pubin = 0, pubout = 0, param_out = 0;
+	char 	*infile, *outfile, *prog, *engine;
+	char 	*passargin = NULL, *passargout = NULL;
+	char 	*passin = NULL, *passout = NULL;
+	point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
+	int	new_form = 0;
+	int	asn1_flag = OPENSSL_EC_NAMED_CURVE;
+	int 	new_asn1_flag = 0;
+
+	apps_startup();
+
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
+
+	engine = NULL;
+	infile = NULL;
+	outfile = NULL;
+	informat = FORMAT_PEM;
+	outformat = FORMAT_PEM;
+
+	prog = argv[0];
+	argc--;
+	argv++;
+	while (argc >= 1)
+		{
+		if (strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			informat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outformat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
+			infile= *(++argv);
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-passin") == 0)
+			{
+			if (--argc < 1) goto bad;
+			passargin= *(++argv);
+			}
+		else if (strcmp(*argv,"-passout") == 0)
+			{
+			if (--argc < 1) goto bad;
+			passargout= *(++argv);
+			}
+		else if (strcmp(*argv, "-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
+		else if (strcmp(*argv, "-noout") == 0)
+			noout = 1;
+		else if (strcmp(*argv, "-text") == 0)
+			text = 1;
+		else if (strcmp(*argv, "-conv_form") == 0)
+			{
+			if (--argc < 1)
+				goto bad;
+			++argv;
+			new_form = 1;
+			if (strcmp(*argv, "compressed") == 0)
+				form = POINT_CONVERSION_COMPRESSED;
+			else if (strcmp(*argv, "uncompressed") == 0)
+				form = POINT_CONVERSION_UNCOMPRESSED;
+			else if (strcmp(*argv, "hybrid") == 0)
+				form = POINT_CONVERSION_HYBRID;
+			else
+				goto bad;
+			}
+		else if (strcmp(*argv, "-param_enc") == 0)
+			{
+			if (--argc < 1)
+				goto bad;
+			++argv;
+			new_asn1_flag = 1;
+			if (strcmp(*argv, "named_curve") == 0)
+				asn1_flag = OPENSSL_EC_NAMED_CURVE;
+			else if (strcmp(*argv, "explicit") == 0)
+				asn1_flag = 0;
+			else
+				goto bad;
+			}
+		else if (strcmp(*argv, "-param_out") == 0)
+			param_out = 1;
+		else if (strcmp(*argv, "-pubin") == 0)
+			pubin=1;
+		else if (strcmp(*argv, "-pubout") == 0)
+			pubout=1;
+		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
+			{
+			BIO_printf(bio_err, "unknown option %s\n", *argv);
+			badops=1;
+			break;
+			}
+		argc--;
+		argv++;
+		}
+
+	if (badops)
+		{
+bad:
+		BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
+		BIO_printf(bio_err, "where options are\n");
+		BIO_printf(bio_err, " -inform arg     input format - "
+				"DER or PEM\n");
+		BIO_printf(bio_err, " -outform arg    output format - "
+				"DER or PEM\n");
+		BIO_printf(bio_err, " -in arg         input file\n");
+		BIO_printf(bio_err, " -passin arg     input file pass "
+				"phrase source\n");
+		BIO_printf(bio_err, " -out arg        output file\n");
+		BIO_printf(bio_err, " -passout arg    output file pass "
+				"phrase source\n");
+		BIO_printf(bio_err, " -engine e       use engine e, "
+				"possibly a hardware device.\n");
+		BIO_printf(bio_err, " -des            encrypt PEM output, "
+				"instead of 'des' every other \n"
+				"                 cipher "
+				"supported by OpenSSL can be used\n");
+		BIO_printf(bio_err, " -text           print the key\n");
+		BIO_printf(bio_err, " -noout          don't print key out\n");
+		BIO_printf(bio_err, " -param_out      print the elliptic "
+				"curve parameters\n");
+		BIO_printf(bio_err, " -conv_form arg  specifies the "
+				"point conversion form \n");
+		BIO_printf(bio_err, "                 possible values:"
+				" compressed\n");
+		BIO_printf(bio_err, "                                 "
+				" uncompressed (default)\n");
+		BIO_printf(bio_err, "                                  "
+				" hybrid\n");
+		BIO_printf(bio_err, " -param_enc arg  specifies the way"
+				" the ec parameters are encoded\n");
+		BIO_printf(bio_err, "                 in the asn1 der "
+				"encoding\n");
+		BIO_printf(bio_err, "                 possilbe values:"
+				" named_curve (default)\n");
+		BIO_printf(bio_err,"                                  "
+				"explicit\n");
+		goto end;
+		}
+
+	ERR_load_crypto_strings();
+
+        e = setup_engine(bio_err, engine, 0);
+
+	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) 
+		{
+		BIO_printf(bio_err, "Error getting passwords\n");
+		goto end;
+		}
+
+	in = BIO_new(BIO_s_file());
+	out = BIO_new(BIO_s_file());
+	if ((in == NULL) || (out == NULL))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	if (infile == NULL)
+		BIO_set_fp(in, stdin, BIO_NOCLOSE);
+	else
+		{
+		if (BIO_read_filename(in, infile) <= 0)
+			{
+			perror(infile);
+			goto end;
+			}
+		}
+
+	BIO_printf(bio_err, "read EC key\n");
+	if (informat == FORMAT_ASN1) 
+		{
+		if (pubin) 
+			eckey = d2i_EC_PUBKEY_bio(in, NULL);
+		else 
+			eckey = d2i_ECPrivateKey_bio(in, NULL);
+		} 
+	else if (informat == FORMAT_PEM) 
+		{
+		if (pubin) 
+			eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, 
+				NULL);
+		else 
+			eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL,
+				passin);
+		} 
+	else
+		{
+		BIO_printf(bio_err, "bad input format specified for key\n");
+		goto end;
+		}
+	if (eckey == NULL)
+		{
+		BIO_printf(bio_err,"unable to load Key\n");
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	if (outfile == NULL)
+		{
+		BIO_set_fp(out, stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+			{
+			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+			out = BIO_push(tmpbio, out);
+			}
+#endif
+		}
+	else
+		{
+		if (BIO_write_filename(out, outfile) <= 0)
+			{
+			perror(outfile);
+			goto end;
+			}
+		}
+
+	if (new_form)
+		{
+		EC_GROUP_set_point_conversion_form(eckey->group, form);
+		eckey->conv_form = form;
+		}
+
+	if (new_asn1_flag)
+		EC_GROUP_set_asn1_flag(eckey->group, asn1_flag);
+
+	if (text) 
+		if (!EC_KEY_print(out, eckey, 0))
+			{
+			perror(outfile);
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+
+	if (noout) 
+		goto end;
+
+	BIO_printf(bio_err, "writing EC key\n");
+	if (outformat == FORMAT_ASN1) 
+		{
+		if (param_out)
+			i = i2d_ECPKParameters_bio(out, eckey->group);
+		else if (pubin || pubout) 
+			i = i2d_EC_PUBKEY_bio(out, eckey);
+		else 
+			i = i2d_ECPrivateKey_bio(out, eckey);
+		} 
+	else if (outformat == FORMAT_PEM) 
+		{
+		if (param_out)
+			i = PEM_write_bio_ECPKParameters(out, eckey->group);
+		else if (pubin || pubout)
+			i = PEM_write_bio_EC_PUBKEY(out, eckey);
+		else 
+			i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
+						NULL, 0, NULL, passout);
+		} 
+	else 
+		{
+		BIO_printf(bio_err, "bad output format specified for "
+			"outfile\n");
+		goto end;
+		}
+
+	if (!i)
+		{
+		BIO_printf(bio_err, "unable to write private key\n");
+		ERR_print_errors(bio_err);
+		}
+	else
+		ret=0;
+end:
+	if (in)
+		BIO_free(in);
+	if (out)
+		BIO_free_all(out);
+	if (eckey)
+		EC_KEY_free(eckey);
+	if (passin)
+		OPENSSL_free(passin);
+	if (passout)
+		OPENSSL_free(passout);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
+}
+#endif
diff --git a/apps/ecparam.c b/apps/ecparam.c
new file mode 100644
index 0000000000..3bd0a97487
--- /dev/null
+++ b/apps/ecparam.c
@@ -0,0 +1,709 @@
+/* apps/ecparam.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by 
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+#ifndef OPENSSL_NO_EC
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+#undef PROG
+#define PROG	ecparam_main
+
+/* -inform arg      - input format - default PEM (DER or PEM)
+ * -outform arg     - output format - default PEM
+ * -in  arg         - input file  - default stdin
+ * -out arg         - output file - default stdout
+ * -noout           - do not print the ec parameter
+ * -text            - print the ec parameters in text form
+ * -check           - validate the ec parameters
+ * -C               - print a 'C' function creating the parameters
+ * -name arg        - use the ec parameters with 'short name' name
+ * -list_curves     - prints a list of all currently available curve 'short names'
+ * -conv_form arg   - specifies the point conversion form 
+ *                  - possible values: compressed
+ *                                     uncompressed (default)
+ *                                     hybrid
+ * -param_enc arg   - specifies the way the ec parameters are encoded
+ *                    in the asn1 der encoding
+ *                    possible values: named_curve (default)
+ *                                     explicit
+ * -no_seed         - if 'explicit' parameters are choosen do not use the seed
+ * -genkey          - generate ec key
+ * -rand file       - files to use for random number input
+ * -engine e        - use engine e, possibly a hardware device
+ */
+
+
+static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+	{
+	EC_GROUP *group = NULL;
+	point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED; 
+	int 	new_form = 0;
+	int 	asn1_flag = OPENSSL_EC_NAMED_CURVE;
+	int 	new_asn1_flag = 0;
+	char 	*curve_name = NULL, *inrand = NULL;
+	int	list_curves = 0, no_seed = 0, check = 0,
+		badops = 0, text = 0, i, need_rand = 0, genkey = 0;
+	char	*infile = NULL, *outfile = NULL, *prog;
+	BIO 	*in = NULL, *out = NULL;
+	int 	informat, outformat, noout = 0, C = 0, ret = 1;
+	ENGINE	*e = NULL;
+	char	*engine = NULL;
+
+	BIGNUM	*ec_p = NULL, *ec_a = NULL, *ec_b = NULL,
+		*ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
+	unsigned char *buffer = NULL;
+
+	apps_startup();
+
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
+
+	informat=FORMAT_PEM;
+	outformat=FORMAT_PEM;
+
+	prog=argv[0];
+	argc--;
+	argv++;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			informat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outformat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
+			infile= *(++argv);
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-text") == 0)
+			text = 1;
+		else if (strcmp(*argv,"-C") == 0)
+			C = 1;
+		else if (strcmp(*argv,"-check") == 0)
+			check = 1;
+		else if (strcmp (*argv, "-name") == 0)
+			{
+			if (--argc < 1)
+				goto bad;
+			curve_name = *(++argv);
+			}
+		else if (strcmp(*argv, "-list_curves") == 0)
+			list_curves = 1;
+		else if (strcmp(*argv, "-conv_form") == 0)
+			{
+			if (--argc < 1)
+				goto bad;
+			++argv;
+			new_form = 1;
+			if (strcmp(*argv, "compressed") == 0)
+				form = POINT_CONVERSION_COMPRESSED;
+			else if (strcmp(*argv, "uncompressed") == 0)
+				form = POINT_CONVERSION_UNCOMPRESSED;
+			else if (strcmp(*argv, "hybrid") == 0)
+				form = POINT_CONVERSION_HYBRID;
+			else
+				goto bad;
+			}
+		else if (strcmp(*argv, "-param_enc") == 0)
+			{
+			if (--argc < 1)
+				goto bad;
+			++argv;
+			new_asn1_flag = 1;
+			if (strcmp(*argv, "named_curve") == 0)
+				asn1_flag = OPENSSL_EC_NAMED_CURVE;
+			else if (strcmp(*argv, "explicit") == 0)
+				asn1_flag = 0;
+			else
+				goto bad;
+			}
+		else if (strcmp(*argv, "-no_seed") == 0)
+			no_seed = 1;
+		else if (strcmp(*argv, "-noout") == 0)
+			noout=1;
+		else if (strcmp(*argv,"-genkey") == 0)
+			{
+			genkey=1;
+			need_rand=1;
+			}
+		else if (strcmp(*argv, "-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
+			inrand= *(++argv);
+			need_rand=1;
+			}
+		else if(strcmp(*argv, "-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine = *(++argv);
+			}	
+		else
+			{
+			BIO_printf(bio_err,"unknown option %s\n",*argv);
+			badops=1;
+			break;
+			}
+		argc--;
+		argv++;
+		}
+
+	if (badops)
+		{
+bad:
+		BIO_printf(bio_err, "%s [options] <infile >outfile\n",prog);
+		BIO_printf(bio_err, "where options are\n");
+		BIO_printf(bio_err, " -inform arg       input format - "
+				"default PEM (DER or PEM)\n");
+		BIO_printf(bio_err, " -outform arg      output format - "
+				"default PEM\n");
+		BIO_printf(bio_err, " -in  arg          input file  - "
+				"default stdin\n");
+		BIO_printf(bio_err, " -out arg          output file - "
+				"default stdout\n");
+		BIO_printf(bio_err, " -noout            do not print the "
+				"ec parameter\n");
+		BIO_printf(bio_err, " -text             print the ec "
+				"parameters in text form\n");
+		BIO_printf(bio_err, " -check            validate the ec "
+				"parameters\n");
+		BIO_printf(bio_err, " -C                print a 'C' "
+				"function creating the parameters\n");
+		BIO_printf(bio_err, " -name arg         use the "
+				"ec parameters with 'short name' name\n");
+		BIO_printf(bio_err, " -list_curves      prints a list of "
+				"all currently available curve 'short names'\n");
+		BIO_printf(bio_err, " -conv_form arg    specifies the "
+				"point conversion form \n");
+		BIO_printf(bio_err, "                   possible values:"
+				" compressed\n");
+		BIO_printf(bio_err, "                                   "
+				" uncompressed (default)\n");
+		BIO_printf(bio_err, "                                   "
+				" hybrid\n");
+		BIO_printf(bio_err, " -param_enc arg    specifies the way"
+				" the ec parameters are encoded\n");
+		BIO_printf(bio_err, "                   in the asn1 der "
+				"encoding\n");
+		BIO_printf(bio_err, "                   possible values:"
+				" named_curve (default)\n");
+		BIO_printf(bio_err, "                                   "
+				" explicit\n");
+		BIO_printf(bio_err, " -no_seed          if 'explicit'"
+				" parameters are choosen do not"
+				" use the seed\n");
+		BIO_printf(bio_err, " -genkey           generate ec"
+				" key\n");
+		BIO_printf(bio_err, " -rand file        files to use for"
+				" random number input\n");
+		BIO_printf(bio_err, " -engine e         use engine e, "
+				"possibly a hardware device\n");
+		goto end;
+		}
+
+	ERR_load_crypto_strings();
+
+	in=BIO_new(BIO_s_file());
+	out=BIO_new(BIO_s_file());
+	if ((in == NULL) || (out == NULL))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	if (infile == NULL)
+		BIO_set_fp(in,stdin,BIO_NOCLOSE);
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+			{
+			perror(infile);
+			goto end;
+			}
+		}
+	if (outfile == NULL)
+		{
+		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
+			perror(outfile);
+			goto end;
+			}
+		}
+
+	e = setup_engine(bio_err, engine, 0);
+
+	if (list_curves)
+		{
+		EC_builtin_curve *curves = NULL;
+		size_t crv_len = 0;
+		size_t n = 0;
+		size_t len;
+
+		crv_len = EC_get_builtin_curves(NULL, 0);
+
+		curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
+
+		if (curves == NULL)
+			goto end;
+
+		if (!EC_get_builtin_curves(curves, crv_len))
+			{
+			OPENSSL_free(curves);
+			goto end;
+			}
+
+		
+		for (n = 0; n < crv_len; n++)
+			{
+			const char *comment;
+			const char *sname;
+			comment = curves[n].comment;
+			sname   = OBJ_nid2sn(curves[n].nid);
+			if (comment == NULL)
+				comment = "CURVE DESCRIPTION NOT AVAILABLE";
+			if (sname == NULL)
+				sname = "";
+
+			len = BIO_printf(out, "  %-10s: ", sname);
+			if (len + strlen(comment) > 80)
+				BIO_printf(out, "\n%80s\n", comment);
+			else
+				BIO_printf(out, "%s\n", comment);
+			} 
+
+		OPENSSL_free(curves);
+		ret = 0;
+		goto end;
+		}
+
+	if (curve_name != NULL)
+		{
+		int nid = OBJ_sn2nid(curve_name);
+	
+		if (nid == 0)
+			{
+			BIO_printf(bio_err, "unknown curve name (%s)\n", 
+				curve_name);
+			goto end;
+			}
+
+		group = EC_GROUP_new_by_nid(nid);
+		if (group == NULL)
+			{
+			BIO_printf(bio_err, "unable to create curve (%s)\n", 
+				curve_name);
+			goto end;
+			}
+		EC_GROUP_set_asn1_flag(group, asn1_flag);
+		EC_GROUP_set_point_conversion_form(group, form);
+		}
+	else if (informat == FORMAT_ASN1)
+		{
+		group = d2i_ECPKParameters_bio(in, NULL);
+		}
+	else if (informat == FORMAT_PEM)
+		{
+		group = PEM_read_bio_ECPKParameters(in,NULL,NULL,NULL);
+		}
+	else
+		{
+		BIO_printf(bio_err, "bad input format specified\n");
+		goto end;
+		}
+
+	if (group == NULL)
+		{
+		BIO_printf(bio_err, 
+			"unable to load elliptic curve parameters\n");
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
+	if (new_form)
+		EC_GROUP_set_point_conversion_form(group, form);
+
+	if (new_asn1_flag)
+		EC_GROUP_set_asn1_flag(group, asn1_flag);
+
+	if (no_seed)
+		{
+		EC_GROUP_set_seed(group, NULL, 0);
+		}
+
+	if (text)
+		{
+		if (!ECPKParameters_print(out, group, 0))
+			goto end;
+		}
+
+	if (check)
+		{
+		if (group == NULL)
+			BIO_printf(bio_err, "no elliptic curve parameters\n");
+		BIO_printf(bio_err, "checking elliptic curve parameters: ");
+		if (!EC_GROUP_check(group, NULL))
+			{
+			BIO_printf(bio_err, "failed\n");
+			ERR_print_errors(bio_err);
+			}
+		else
+			BIO_printf(bio_err, "ok\n");
+			
+		}
+
+	if (C)
+		{
+		size_t	buf_len = 0, tmp_len = 0;
+		const EC_POINT *point;
+		int	is_prime, len = 0;
+		const EC_METHOD *meth = EC_GROUP_method_of(group);
+
+		if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL ||
+		    (ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL ||
+		    (ec_order = BN_new()) == NULL || 
+		    (ec_cofactor = BN_new()) == NULL )
+			{
+			perror("OPENSSL_malloc");
+			goto end;
+			}
+
+		is_prime = (EC_METHOD_get_field_type(meth) == 
+			NID_X9_62_prime_field);
+
+		if (is_prime)
+			{
+			if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a,
+				ec_b, NULL))
+				goto end;
+			}
+		else
+			{
+			/* TODO */
+			goto end;
+			}
+
+		if ((point = EC_GROUP_get0_generator(group)) == NULL)
+			goto end;
+		if (!EC_POINT_point2bn(group, point, 
+			EC_GROUP_get_point_conversion_form(group), ec_gen, 
+			NULL))
+			goto end;
+		if (!EC_GROUP_get_order(group, ec_order, NULL))
+			goto end;
+		if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
+			goto end;
+
+		if (!ec_p || !ec_a || !ec_b || !ec_gen || 
+			!ec_order || !ec_cofactor)
+			goto end;
+
+		len = BN_num_bits(ec_order);
+
+		if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len)
+			buf_len = tmp_len;
+		if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len)
+			buf_len = tmp_len;
+		if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len)
+			buf_len = tmp_len;
+		if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len)
+			buf_len = tmp_len;
+		if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len)
+			buf_len = tmp_len;
+		if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len)
+			buf_len = tmp_len;
+
+		buffer = (unsigned char *)OPENSSL_malloc(buf_len);
+
+		if (buffer == NULL)
+			{
+			perror("OPENSSL_malloc");
+			goto end;
+			}
+
+		ecparam_print_var(out, ec_p, "ec_p", len, buffer);
+		ecparam_print_var(out, ec_a, "ec_a", len, buffer);
+		ecparam_print_var(out, ec_b, "ec_b", len, buffer);
+		ecparam_print_var(out, ec_gen, "ec_gen", len, buffer);
+		ecparam_print_var(out, ec_order, "ec_order", len, buffer);
+		ecparam_print_var(out, ec_cofactor, "ec_cofactor", len, 
+			buffer);
+
+		BIO_printf(out, "\n\n");
+
+		BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n\t{\n", len);
+		BIO_printf(out, "\tint ok=0;\n");
+		BIO_printf(out, "\tEC_GROUP *group = NULL;\n");
+		BIO_printf(out, "\tEC_POINT *point = NULL;\n");
+		BIO_printf(out, "\tBIGNUM   *tmp_1 = NULL, *tmp_2 = NULL, "
+				"*tmp_3 = NULL;\n\n");
+		BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_p_%d, "
+				"sizeof(ec_p_%d), NULL)) == NULL)\n\t\t"
+				"goto err;\n", len, len);
+		BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_a_%d, "
+				"sizeof(ec_a_%d), NULL)) == NULL)\n\t\t"
+				"goto err;\n", len, len);
+		BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, "
+				"sizeof(ec_b_%d), NULL)) == NULL)\n\t\t"
+				"goto err;\n", len, len);
+		if (is_prime)
+			{
+			BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_"
+				"GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)"
+				"\n\t\tgoto err;\n\n");
+			}
+		else
+			{
+			/* TODO */
+			goto end;
+			}
+		BIO_printf(out, "\t/* build generator */\n");
+		BIO_printf(out, "\tif ((tmp_1 = BN_bin2bn(ec_gen_%d, "
+				"sizeof(ec_gen_%d), tmp_1)) == NULL)"
+				"\n\t\tgoto err;\n", len, len);
+		BIO_printf(out, "\tpoint = EC_POINT_bn2point(group, tmp_1, "
+				"NULL, NULL);\n");
+		BIO_printf(out, "\tif (point == NULL)\n\t\tgoto err;\n");
+		BIO_printf(out, "\tif ((tmp_2 = BN_bin2bn(ec_order_%d, "
+				"sizeof(ec_order_%d), tmp_2)) == NULL)"
+				"\n\t\tgoto err;\n", len, len);
+		BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_cofactor_%d, "
+				"sizeof(ec_cofactor_%d), tmp_3)) == NULL)"
+				"\n\t\tgoto err;\n", len, len);
+		BIO_printf(out, "\tif (!EC_GROUP_set_generator(group, point,"
+				" tmp_2, tmp_3))\n\t\tgoto err;\n");
+		BIO_printf(out, "\n\tok=1;\n");
+		BIO_printf(out, "err:\n");
+		BIO_printf(out, "\tif (tmp_1)\n\t\tBN_free(tmp_1);\n");
+		BIO_printf(out, "\tif (tmp_2)\n\t\tBN_free(tmp_2);\n");
+		BIO_printf(out, "\tif (tmp_3)\n\t\tBN_free(tmp_3);\n");
+		BIO_printf(out, "\tif (point)\n\t\tEC_POINT_free(point);\n");
+		BIO_printf(out, "\tif (!ok)\n");
+		BIO_printf(out, "\t\t{\n");
+		BIO_printf(out, "\t\tEC_GROUP_free(group);\n");
+		BIO_printf(out, "\t\tgroup = NULL;\n");
+		BIO_printf(out, "\t\t}\n");
+		BIO_printf(out, "\treturn(group);\n\t}\n");
+	}
+
+	if (!noout)
+		{
+		if (outformat == FORMAT_ASN1)
+			i = i2d_ECPKParameters_bio(out, group);
+		else if (outformat == FORMAT_PEM)
+			i = PEM_write_bio_ECPKParameters(out, group);
+		else	
+			{
+			BIO_printf(bio_err,"bad output format specified for"
+				" outfile\n");
+			goto end;
+			}
+		if (!i)
+			{
+			BIO_printf(bio_err, "unable to write elliptic "
+				"curve parameters\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		}
+	
+	if (need_rand)
+		{
+		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+		if (inrand != NULL)
+			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+				app_RAND_load_files(inrand));
+		}
+
+	if (genkey)
+		{
+		EC_KEY *eckey = EC_KEY_new();
+
+		if (eckey == NULL)
+			goto end;
+
+		assert(need_rand);
+
+		eckey->group = group;
+		
+		if (!EC_KEY_generate_key(eckey))
+			{
+			eckey->group = NULL;
+			EC_KEY_free(eckey);
+			goto end;
+			}
+		if (outformat == FORMAT_ASN1)
+			i = i2d_ECPrivateKey_bio(out, eckey);
+		else if (outformat == FORMAT_PEM)
+			i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
+				NULL, 0, NULL, NULL);
+		else	
+			{
+			BIO_printf(bio_err, "bad output format specified "
+				"for outfile\n");
+			eckey->group = NULL;
+			EC_KEY_free(eckey);
+			goto end;
+			}
+		eckey->group = NULL;
+		EC_KEY_free(eckey);
+		}
+
+	if (need_rand)
+		app_RAND_write_file(NULL, bio_err);
+
+	ret=0;
+end:
+	if (ec_p)
+		BN_free(ec_p);
+	if (ec_a)
+		BN_free(ec_a);
+	if (ec_b)
+		BN_free(ec_b);
+	if (ec_gen)
+		BN_free(ec_gen);
+	if (ec_order)
+		BN_free(ec_order);
+	if (ec_cofactor)
+		BN_free(ec_cofactor);
+	if (buffer)
+		OPENSSL_free(buffer);
+	if (in != NULL)
+		BIO_free(in);
+	if (out != NULL)
+		BIO_free_all(out);
+	if (group != NULL)
+		EC_GROUP_free(group);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
+}
+
+int ecparam_print_var(BIO *out, BIGNUM *in, const char *var,
+	int len, unsigned char *buffer)
+	{
+	BIO_printf(out, "static unsigned char %s_%d[] = {", var, len);
+	if (BN_is_zero(in))
+		BIO_printf(out, "\n\t0x00");
+	else 
+		{
+		int i, l;
+
+		l = BN_bn2bin(in, buffer);
+		for (i=0; i<l-1; i++)
+			{
+			if ((i%12) == 0) 
+				BIO_printf(out, "\n\t");
+			BIO_printf(out, "0x%02X,", buffer[i]);
+			}
+		if ((i%12) == 0) 
+			BIO_printf(out, "\n\t");
+		BIO_printf(out, "0x%02X", buffer[i]);
+		}
+	BIO_printf(out, "\n\t};\n\n");
+	return 1;
+	}
+#endif
diff --git a/apps/enc.c b/apps/enc.c
index c00d520b44..42ddfd244b 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -60,22 +60,16 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#ifdef NO_MD5
-#include "md5.h"
-#endif
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+#include <openssl/pem.h>
+#include <ctype.h>
 
-#ifndef NOPROTO
 int set_hex(char *in,unsigned char *out,int size);
-#else
-int set_hex();
-#endif
-
 #undef SIZE
 #undef BSIZE
 #undef PROG
@@ -84,24 +78,48 @@ int set_hex();
 #define BSIZE	(8*1024)
 #define	PROG	enc_main
 
-int MAIN(argc,argv)
-int argc;
-char **argv;
+static void show_ciphers(const OBJ_NAME *name,void *bio_)
 	{
+	BIO *bio=bio_;
+	static int n;
+
+	if(!islower((unsigned char)*name->name))
+		return;
+
+	BIO_printf(bio,"-%-25s",name->name);
+	if(++n == 3)
+		{
+		BIO_printf(bio,"\n");
+		n=0;
+		}
+	else
+		BIO_printf(bio," ");
+	}
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+	{
+	ENGINE *e = NULL;
+	static const char magic[]="Salted__";
+	char mbuf[sizeof magic-1];
 	char *strbuf=NULL;
 	unsigned char *buff=NULL,*bufsize=NULL;
 	int bsize=BSIZE,verbose=0;
 	int ret=1,inl;
-	unsigned char key[24],iv[MD5_DIGEST_LENGTH];
-	char *str=NULL;
-	char *hkey=NULL,*hiv=NULL;
+	int nopad = 0;
+	unsigned char key[EVP_MAX_KEY_LENGTH],iv[EVP_MAX_IV_LENGTH];
+	unsigned char salt[PKCS5_SALT_LEN];
+	char *str=NULL, *passarg = NULL, *pass = NULL;
+	char *hkey=NULL,*hiv=NULL,*hsalt = NULL;
 	int enc=1,printkey=0,i,base64=0;
-	int debug=0,olb64=0;
-	EVP_CIPHER *cipher=NULL,*c;
+	int debug=0,olb64=0,nosalt=0;
+	const EVP_CIPHER *cipher=NULL,*c;
 	char *inf=NULL,*outf=NULL;
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
-#define PROG_NAME_SIZE  16
-        char pname[PROG_NAME_SIZE];
+#define PROG_NAME_SIZE  39
+	char pname[PROG_NAME_SIZE+1];
+	char *engine = NULL;
 
 	apps_startup();
 
@@ -109,8 +127,11 @@ char **argv;
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	/* first check the program name */
-        program_name(argv[0],pname,PROG_NAME_SIZE);
+	program_name(argv[0],pname,sizeof pname);
 	if (strcmp(pname,"base64") == 0)
 		base64=1;
 
@@ -137,14 +158,29 @@ char **argv;
 			if (--argc < 1) goto bad;
 			outf= *(++argv);
 			}
+		else if (strcmp(*argv,"-pass") == 0)
+			{
+			if (--argc < 1) goto bad;
+			passarg= *(++argv);
+			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if	(strcmp(*argv,"-d") == 0)
 			enc=0;
 		else if	(strcmp(*argv,"-p") == 0)
 			printkey=1;
 		else if	(strcmp(*argv,"-v") == 0)
 			verbose=1;
-		else if	((strcmp(*argv,"-debug") == 0) ||
-			 (strcmp(*argv,"-d") == 0))
+		else if	(strcmp(*argv,"-nopad") == 0)
+			nopad=1;
+		else if	(strcmp(*argv,"-salt") == 0)
+			nosalt=0;
+		else if	(strcmp(*argv,"-nosalt") == 0)
+			nosalt=1;
+		else if	(strcmp(*argv,"-debug") == 0)
 			debug=1;
 		else if	(strcmp(*argv,"-P") == 0)
 			printkey=2;
@@ -180,7 +216,7 @@ char **argv;
 				goto bad;
 				}
 			buf[0]='\0';
-			fgets(buf,128,infile);
+			fgets(buf,sizeof buf,infile);
 			fclose(infile);
 			i=strlen(buf);
 			if ((i > 0) &&
@@ -201,6 +237,11 @@ char **argv;
 			if (--argc < 1) goto bad;
 			hkey= *(++argv);
 			}
+		else if (strcmp(*argv,"-S") == 0)
+			{
+			if (--argc < 1) goto bad;
+			hsalt= *(++argv);
+			}
 		else if (strcmp(*argv,"-iv") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -219,7 +260,8 @@ char **argv;
 bad:
 			BIO_printf(bio_err,"options are\n");
 			BIO_printf(bio_err,"%-14s input file\n","-in <file>");
-			BIO_printf(bio_err,"%-14s output fileencrypt\n","-out <file>");
+			BIO_printf(bio_err,"%-14s output file\n","-out <file>");
+			BIO_printf(bio_err,"%-14s pass phrase source\n","-pass <arg>");
 			BIO_printf(bio_err,"%-14s encrypt\n","-e");
 			BIO_printf(bio_err,"%-14s decrypt\n","-d");
 			BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
@@ -228,79 +270,22 @@ bad:
 			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
 			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
 			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
+			BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
 
 			BIO_printf(bio_err,"Cipher Types\n");
-			BIO_printf(bio_err,"des     : 56 bit key DES encryption\n");
-			BIO_printf(bio_err,"des_ede :112 bit key ede DES encryption\n");
-			BIO_printf(bio_err,"des_ede3:168 bit key ede DES encryption\n");
-#ifndef NO_IDEA
-			BIO_printf(bio_err,"idea    :128 bit key IDEA encryption\n");
-#endif
-#ifndef NO_RC4
-			BIO_printf(bio_err,"rc2     :128 bit key RC2 encryption\n");
-#endif
-#ifndef NO_BLOWFISH
-			BIO_printf(bio_err,"bf      :128 bit key BlowFish encryption\n");
-#endif
-#ifndef NO_RC4
-			BIO_printf(bio_err," -%-5s :128 bit key RC4 encryption\n",
-				LN_rc4);
-#endif
+			OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
+					       show_ciphers,
+					       bio_err);
+			BIO_printf(bio_err,"\n");
 
-			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-				LN_des_ecb,LN_des_cbc,
-				LN_des_cfb64,LN_des_ofb64);
-			BIO_printf(bio_err," -%-4s (%s)\n",
-				"des", LN_des_cbc);
-
-			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-				LN_des_ede,LN_des_ede_cbc,
-				LN_des_ede_cfb64,LN_des_ede_ofb64);
-			BIO_printf(bio_err," -desx -none\n");
-
-
-			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-				LN_des_ede3,LN_des_ede3_cbc,
-				LN_des_ede3_cfb64,LN_des_ede3_ofb64);
-			BIO_printf(bio_err," -%-4s (%s)\n",
-				"des3", LN_des_ede3_cbc);
-
-#ifndef NO_IDEA
-			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-				LN_idea_ecb, LN_idea_cbc,
-				LN_idea_cfb64, LN_idea_ofb64);
-			BIO_printf(bio_err," -%-4s (%s)\n","idea",LN_idea_cbc);
-#endif
-#ifndef NO_RC2
-			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-				LN_rc2_ecb, LN_rc2_cbc,
-				LN_rc2_cfb64, LN_rc2_ofb64);
-			BIO_printf(bio_err," -%-4s (%s)\n","rc2", LN_rc2_cbc);
-#endif
-#ifndef NO_BLOWFISH
-			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-				LN_bf_ecb, LN_bf_cbc,
-				LN_bf_cfb64, LN_bf_ofb64);
-			BIO_printf(bio_err," -%-4s (%s)\n","bf", LN_bf_cbc);
-#endif
-#ifndef NO_BLOWFISH
-			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-				LN_cast5_ecb, LN_cast5_cbc,
-				LN_cast5_cfb64, LN_cast5_ofb64);
-			BIO_printf(bio_err," -%-4s (%s)\n","cast", LN_cast5_cbc);
-#endif
-#ifndef NO_BLOWFISH
-			BIO_printf(bio_err," -%-12s -%-12s -%-12s -%-12s",
-				LN_rc5_ecb, LN_rc5_cbc,
-				LN_rc5_cfb64, LN_rc5_ofb64);
-			BIO_printf(bio_err," -%-4s (%s)\n","rc5", LN_rc5_cbc);
-#endif
 			goto end;
 			}
 		argc--;
 		argv++;
 		}
 
+        e = setup_engine(bio_err, engine, 0);
+
 	if (bufsize != NULL)
 		{
 		unsigned long n;
@@ -330,11 +315,11 @@ bad:
 		if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
 		}
 
-	strbuf=Malloc(SIZE);
-	buff=(unsigned char *)Malloc(EVP_ENCODE_LENGTH(bsize));
+	strbuf=OPENSSL_malloc(SIZE);
+	buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
 	if ((buff == NULL) || (strbuf == NULL))
 		{
-		BIO_printf(bio_err,"Malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
+		BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
 		goto end;
 		}
 
@@ -364,6 +349,14 @@ bad:
 			}
 		}
 
+	if(!str && passarg) {
+		if(!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
+			BIO_printf(bio_err, "Error getting password\n");
+			goto end;
+		}
+		str = pass;
+	}
+
 	if ((str == NULL) && (cipher != NULL) && (hkey == NULL))
 		{
 		for (;;)
@@ -393,11 +386,94 @@ bad:
 			}
 		}
 
+
+	if (outf == NULL)
+		{
+		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
+	else
+		{
+		if (BIO_write_filename(out,outf) <= 0)
+			{
+			perror(outf);
+			goto end;
+			}
+		}
+
+	rbio=in;
+	wbio=out;
+
+	if (base64)
+		{
+		if ((b64=BIO_new(BIO_f_base64())) == NULL)
+			goto end;
+		if (debug)
+			{
+			BIO_set_callback(b64,BIO_debug_callback);
+			BIO_set_callback_arg(b64,bio_err);
+			}
+		if (olb64)
+			BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
+		if (enc)
+			wbio=BIO_push(b64,wbio);
+		else
+			rbio=BIO_push(b64,rbio);
+		}
+
 	if (cipher != NULL)
 		{
+		/* Note that str is NULL if a key was passed on the command
+		 * line, so we get no salt in that case. Is this a bug?
+		 */
 		if (str != NULL)
 			{
-			EVP_BytesToKey(cipher,EVP_md5(),NULL,
+			/* Salt handling: if encrypting generate a salt and
+			 * write to output BIO. If decrypting read salt from
+			 * input BIO.
+			 */
+			unsigned char *sptr;
+			if(nosalt) sptr = NULL;
+			else {
+				if(enc) {
+					if(hsalt) {
+						if(!set_hex(hsalt,salt,sizeof salt)) {
+							BIO_printf(bio_err,
+								"invalid hex salt value\n");
+							goto end;
+						}
+					} else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
+						goto end;
+					/* If -P option then don't bother writing */
+					if((printkey != 2)
+					   && (BIO_write(wbio,magic,
+							 sizeof magic-1) != sizeof magic-1
+					       || BIO_write(wbio,
+							    (char *)salt,
+							    sizeof salt) != sizeof salt)) {
+						BIO_printf(bio_err,"error writing output file\n");
+						goto end;
+					}
+				} else if(BIO_read(rbio,mbuf,sizeof mbuf) != sizeof mbuf
+					  || BIO_read(rbio,
+						      (unsigned char *)salt,
+				    sizeof salt) != sizeof salt) {
+					BIO_printf(bio_err,"error reading input file\n");
+					goto end;
+				} else if(memcmp(mbuf,magic,sizeof magic-1)) {
+				    BIO_printf(bio_err,"bad magic number\n");
+				    goto end;
+				}
+
+				sptr = salt;
+			}
+
+			EVP_BytesToKey(cipher,EVP_md5(),sptr,
 				(unsigned char *)str,
 				strlen(str),1,key,iv);
 			/* zero the complete buffer or the string
@@ -405,16 +481,24 @@ bad:
 			 * bug picked up by
 			 * Larry J. Hughes Jr. <hughes@indiana.edu> */
 			if (str == strbuf)
-				memset(str,0,SIZE);
+				OPENSSL_cleanse(str,SIZE);
 			else
-				memset(str,0,strlen(str));
+				OPENSSL_cleanse(str,strlen(str));
 			}
-		if ((hiv != NULL) && !set_hex(hiv,iv,8))
+		if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
 			{
 			BIO_printf(bio_err,"invalid hex iv value\n");
 			goto end;
 			}
-		if ((hkey != NULL) && !set_hex(hkey,key,24))
+		if ((hiv == NULL) && (str == NULL))
+			{
+			/* No IV was explicitly set and no IV was generated
+			 * during EVP_BytesToKey. Hence the IV is undefined,
+			 * making correct decryption impossible. */
+			BIO_printf(bio_err, "iv undefined\n");
+			goto end;
+			}
+		if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))
 			{
 			BIO_printf(bio_err,"invalid hex key value\n");
 			goto end;
@@ -423,6 +507,12 @@ bad:
 		if ((benc=BIO_new(BIO_f_cipher())) == NULL)
 			goto end;
 		BIO_set_cipher(benc,cipher,key,iv,enc);
+		if (nopad)
+			{
+			EVP_CIPHER_CTX *ctx;
+			BIO_get_cipher_ctx(benc, &ctx);
+			EVP_CIPHER_CTX_set_padding(ctx, 0);
+			}
 		if (debug)
 			{
 			BIO_set_callback(benc,BIO_debug_callback);
@@ -431,6 +521,13 @@ bad:
 
 		if (printkey)
 			{
+			if (!nosalt)
+				{
+				printf("salt=");
+				for (i=0; i<sizeof salt; i++)
+					printf("%02X",salt[i]);
+				printf("\n");
+				}
 			if (cipher->key_len > 0)
 				{
 				printf("key=");
@@ -453,38 +550,6 @@ bad:
 			}
 		}
 
-
-	if (outf == NULL)
-		BIO_set_fp(out,stdout,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_write_filename(out,outf) <= 0)
-			{
-			perror(outf);
-			goto end;
-			}
-		}
-
-	rbio=in;
-	wbio=out;
-
-	if (base64)
-		{
-		if ((b64=BIO_new(BIO_f_base64())) == NULL)
-			goto end;
-		if (debug)
-			{
-			BIO_set_callback(b64,BIO_debug_callback);
-			BIO_set_callback_arg(b64,bio_err);
-			}
-		if (olb64)
-			BIO_set_flags(b64,BIO_FLAGS_BASE64_NO_NL);
-		if (enc)
-			wbio=BIO_push(b64,wbio);
-		else
-			rbio=BIO_push(b64,rbio);
-		}
-
 	/* Only encrypt/decrypt as we write the file */
 	if (benc != NULL)
 		wbio=BIO_push(benc,wbio);
@@ -512,19 +577,19 @@ bad:
 		BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
 		}
 end:
-	if (strbuf != NULL) Free(strbuf);
-	if (buff != NULL) Free(buff);
+	ERR_print_errors(bio_err);
+	if (strbuf != NULL) OPENSSL_free(strbuf);
+	if (buff != NULL) OPENSSL_free(buff);
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free(out);
+	if (out != NULL) BIO_free_all(out);
 	if (benc != NULL) BIO_free(benc);
 	if (b64 != NULL) BIO_free(b64);
-	EXIT(ret);
+	if(pass) OPENSSL_free(pass);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
-int set_hex(in,out,size)
-char *in;
-unsigned char *out;
-int size;
+int set_hex(char *in, unsigned char *out, int size)
 	{
 	int i,n;
 	unsigned char j;
diff --git a/apps/engine.c b/apps/engine.c
new file mode 100644
index 0000000000..b718ae124c
--- /dev/null
+++ b/apps/engine.c
@@ -0,0 +1,520 @@
+/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef OPENSSL_NO_STDIO
+#define APPS_WIN16
+#endif
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/engine.h>
+#include <openssl/ssl.h>
+
+#undef PROG
+#define PROG	engine_main
+
+static char *engine_usage[]={
+"usage: engine opts [engine ...]\n",
+" -v[v[v[v]]] - verbose mode, for each engine, list its 'control commands'\n",
+"               -vv will additionally display each command's description\n",
+"               -vvv will also add the input flags for each command\n",
+"               -vvvv will also show internal input flags\n",
+" -c          - for each engine, also list the capabilities\n",
+" -t          - for each engine, check that they are really available\n",
+" -pre <cmd>  - runs command 'cmd' against the ENGINE before any attempts\n",
+"               to load it (if -t is used)\n",
+" -post <cmd> - runs command 'cmd' against the ENGINE after loading it\n",
+"               (only used if -t is also provided)\n",
+" NB: -pre and -post will be applied to all ENGINEs supplied on the command\n",
+" line, or all supported ENGINEs if none are specified.\n",
+" Eg. '-pre \"SO_PATH:/lib/libdriver.so\"' calls command \"SO_PATH\" with\n",
+" argument \"/lib/libdriver.so\".\n",
+NULL
+};
+
+static void identity(void *ptr)
+	{
+	return;
+	}
+
+static int append_buf(char **buf, const char *s, int *size, int step)
+	{
+	int l = strlen(s);
+
+	if (*buf == NULL)
+		{
+		*size = step;
+		*buf = OPENSSL_malloc(*size);
+		if (*buf == NULL)
+			return 0;
+		**buf = '\0';
+		}
+
+	if (**buf != '\0')
+		l += 2;		/* ", " */
+
+	if (strlen(*buf) + strlen(s) >= (unsigned int)*size)
+		{
+		*size += step;
+		*buf = OPENSSL_realloc(*buf, *size);
+		}
+
+	if (*buf == NULL)
+		return 0;
+
+	if (**buf != '\0')
+		strcat(*buf, ", ");
+	strcat(*buf, s);
+
+	return 1;
+	}
+
+static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
+	{
+	int started = 0, err = 0;
+	/* Indent before displaying input flags */
+	BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
+	if(flags == 0)
+		{
+		BIO_printf(bio_out, "<no flags>\n");
+		return 1;
+		}
+        /* If the object is internal, mark it in a way that shows instead of
+         * having it part of all the other flags, even if it really is. */
+	if(flags & ENGINE_CMD_FLAG_INTERNAL)
+		{
+		BIO_printf(bio_out, "[Internal] ");
+		}
+
+	if(flags & ENGINE_CMD_FLAG_NUMERIC)
+		{
+		if(started)
+			{
+			BIO_printf(bio_out, "|");
+			err = 1;
+			}
+		BIO_printf(bio_out, "NUMERIC");
+		started = 1;
+		}
+	/* Now we check that no combinations of the mutually exclusive NUMERIC,
+	 * STRING, and NO_INPUT flags have been used. Future flags that can be
+	 * OR'd together with these would need to added after these to preserve
+	 * the testing logic. */
+	if(flags & ENGINE_CMD_FLAG_STRING)
+		{
+		if(started)
+			{
+			BIO_printf(bio_out, "|");
+			err = 1;
+			}
+		BIO_printf(bio_out, "STRING");
+		started = 1;
+		}
+	if(flags & ENGINE_CMD_FLAG_NO_INPUT)
+		{
+		if(started)
+			{
+			BIO_printf(bio_out, "|");
+			err = 1;
+			}
+		BIO_printf(bio_out, "NO_INPUT");
+		started = 1;
+		}
+	/* Check for unknown flags */
+	flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
+			~ENGINE_CMD_FLAG_STRING &
+			~ENGINE_CMD_FLAG_NO_INPUT &
+			~ENGINE_CMD_FLAG_INTERNAL;
+	if(flags)
+		{
+		if(started) BIO_printf(bio_out, "|");
+		BIO_printf(bio_out, "<0x%04X>", flags);
+		}
+	if(err)
+		BIO_printf(bio_out, "  <illegal flags!>");
+	BIO_printf(bio_out, "\n");
+	return 1;
+	}
+
+static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent)
+	{
+	static const int line_wrap = 78;
+	int num;
+	int ret = 0;
+	char *name = NULL;
+	char *desc = NULL;
+	int flags;
+	int xpos = 0;
+	STACK *cmds = NULL;
+	if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
+			((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
+					0, NULL, NULL)) <= 0))
+		{
+#if 0
+		BIO_printf(bio_out, "%s<no control commands>\n", indent);
+#endif
+		return 1;
+		}
+
+	cmds = sk_new_null();
+
+	if(!cmds)
+		goto err;
+	do {
+		int len;
+		/* Get the command input flags */
+		if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
+					NULL, NULL)) < 0)
+			goto err;
+                if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4)
+                        {
+                        /* Get the command name */
+                        if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
+                                NULL, NULL)) <= 0)
+                                goto err;
+                        if((name = OPENSSL_malloc(len + 1)) == NULL)
+                                goto err;
+                        if(ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
+                                NULL) <= 0)
+                                goto err;
+                        /* Get the command description */
+                        if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
+                                NULL, NULL)) < 0)
+                                goto err;
+                        if(len > 0)
+                                {
+                                if((desc = OPENSSL_malloc(len + 1)) == NULL)
+                                        goto err;
+                                if(ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
+                                        NULL) <= 0)
+                                        goto err;
+                                }
+                        /* Now decide on the output */
+                        if(xpos == 0)
+                                /* Do an indent */
+                                xpos = BIO_printf(bio_out, indent);
+                        else
+                                /* Otherwise prepend a ", " */
+                                xpos += BIO_printf(bio_out, ", ");
+                        if(verbose == 1)
+                                {
+                                /* We're just listing names, comma-delimited */
+                                if((xpos > (int)strlen(indent)) &&
+					(xpos + (int)strlen(name) > line_wrap))
+                                        {
+                                        BIO_printf(bio_out, "\n");
+                                        xpos = BIO_printf(bio_out, indent);
+                                        }
+                                xpos += BIO_printf(bio_out, "%s", name);
+                                }
+                        else
+                                {
+                                /* We're listing names plus descriptions */
+                                BIO_printf(bio_out, "%s: %s\n", name,
+                                        (desc == NULL) ? "<no description>" : desc);
+                                /* ... and sometimes input flags */
+                                if((verbose >= 3) && !util_flags(bio_out, flags,
+                                        indent))
+                                        goto err;
+                                xpos = 0;
+                                }
+                        }
+		OPENSSL_free(name); name = NULL;
+		if(desc) { OPENSSL_free(desc); desc = NULL; }
+		/* Move to the next command */
+		num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE,
+					num, NULL, NULL);
+		} while(num > 0);
+	if(xpos > 0)
+		BIO_printf(bio_out, "\n");
+	ret = 1;
+err:
+	if(cmds) sk_pop_free(cmds, identity);
+	if(name) OPENSSL_free(name);
+	if(desc) OPENSSL_free(desc);
+	return ret;
+	}
+
+static void util_do_cmds(ENGINE *e, STACK *cmds, BIO *bio_out, const char *indent)
+	{
+	int loop, res, num = sk_num(cmds);
+	if(num < 0)
+		{
+		BIO_printf(bio_out, "[Error]: internal stack error\n");
+		return;
+		}
+	for(loop = 0; loop < num; loop++)
+		{
+		char buf[256];
+		const char *cmd, *arg;
+		cmd = sk_value(cmds, loop);
+		res = 1; /* assume success */
+		/* Check if this command has no ":arg" */
+		if((arg = strstr(cmd, ":")) == NULL)
+			{
+			if(!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
+				res = 0;
+			}
+		else
+			{
+			if((int)(arg - cmd) > 254)
+				{
+				BIO_printf(bio_out,"[Error]: command name too long\n");
+				return;
+				}
+			memcpy(buf, cmd, (int)(arg - cmd));
+			buf[arg-cmd] = '\0';
+			arg++; /* Move past the ":" */
+			/* Call the command with the argument */
+			if(!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
+				res = 0;
+			}
+		if(res)
+			BIO_printf(bio_out, "[Success]: %s\n", cmd);
+		else
+			{
+			BIO_printf(bio_out, "[Failure]: %s\n", cmd);
+			ERR_print_errors(bio_out);
+			}
+		}
+	}
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+	{
+	int ret=1,i;
+	char **pp;
+	int verbose=0, list_cap=0, test_avail=0;
+	ENGINE *e;
+	STACK *engines = sk_new_null();
+	STACK *pre_cmds = sk_new_null();
+	STACK *post_cmds = sk_new_null();
+	int badops=1;
+	BIO *bio_out=NULL;
+	const char *indent = "     ";
+
+	apps_startup();
+	SSL_load_error_strings();
+
+	if (bio_err == NULL)
+		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
+	bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+	{
+	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+	bio_out = BIO_push(tmpbio, bio_out);
+	}
+#endif
+
+	argc--;
+	argv++;
+	while (argc >= 1)
+		{
+		if (strncmp(*argv,"-v",2) == 0)
+			{
+			if(strspn(*argv + 1, "v") < strlen(*argv + 1))
+				goto skip_arg_loop;
+			if((verbose=strlen(*argv + 1)) > 4)
+				goto skip_arg_loop;
+			}
+		else if (strcmp(*argv,"-c") == 0)
+			list_cap=1;
+		else if (strcmp(*argv,"-t") == 0)
+			test_avail=1;
+		else if (strcmp(*argv,"-pre") == 0)
+			{
+			argc--; argv++;
+			sk_push(pre_cmds,*argv);
+			}
+		else if (strcmp(*argv,"-post") == 0)
+			{
+			argc--; argv++;
+			sk_push(post_cmds,*argv);
+			}
+		else if ((strncmp(*argv,"-h",2) == 0) ||
+				(strcmp(*argv,"-?") == 0))
+			goto skip_arg_loop;
+		else
+			sk_push(engines,*argv);
+		argc--;
+		argv++;
+		}
+	/* Looks like everything went OK */
+	badops = 0;
+skip_arg_loop:
+
+	if (badops)
+		{
+		for (pp=engine_usage; (*pp != NULL); pp++)
+			BIO_printf(bio_err,"%s",*pp);
+		goto end;
+		}
+
+	if (sk_num(engines) == 0)
+		{
+		for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
+			{
+			sk_push(engines,(char *)ENGINE_get_id(e));
+			}
+		}
+
+	for (i=0; i<sk_num(engines); i++)
+		{
+		const char *id = sk_value(engines,i);
+		if ((e = ENGINE_by_id(id)) != NULL)
+			{
+			const char *name = ENGINE_get_name(e);
+			/* Do "id" first, then "name". Easier to auto-parse. */
+			BIO_printf(bio_out, "(%s) %s\n", id, name);
+			util_do_cmds(e, pre_cmds, bio_out, indent);
+			if (strcmp(ENGINE_get_id(e), id) != 0)
+				{
+				BIO_printf(bio_out, "Loaded: (%s) %s\n",
+					ENGINE_get_id(e), ENGINE_get_name(e));
+				}
+			if (list_cap)
+				{
+				int cap_size = 256;
+				char *cap_buf = NULL;
+				int k,n;
+				const int *nids;
+				ENGINE_CIPHERS_PTR fn_c;
+				ENGINE_DIGESTS_PTR fn_d;
+
+				if (ENGINE_get_RSA(e) != NULL
+					&& !append_buf(&cap_buf, "RSA",
+						&cap_size, 256))
+					goto end;
+				if (ENGINE_get_DSA(e) != NULL
+					&& !append_buf(&cap_buf, "DSA",
+						&cap_size, 256))
+					goto end;
+				if (ENGINE_get_DH(e) != NULL
+					&& !append_buf(&cap_buf, "DH",
+						&cap_size, 256))
+					goto end;
+				if (ENGINE_get_RAND(e) != NULL
+					&& !append_buf(&cap_buf, "RAND",
+						&cap_size, 256))
+					goto end;
+
+				fn_c = ENGINE_get_ciphers(e);
+				if(!fn_c) goto skip_ciphers;
+				n = fn_c(e, NULL, &nids, 0);
+				for(k=0 ; k < n ; ++k)
+					if(!append_buf(&cap_buf,
+						       OBJ_nid2sn(nids[k]),
+						       &cap_size, 256))
+						goto end;
+
+skip_ciphers:
+				fn_d = ENGINE_get_digests(e);
+				if(!fn_d) goto skip_digests;
+				n = fn_d(e, NULL, &nids, 0);
+				for(k=0 ; k < n ; ++k)
+					if(!append_buf(&cap_buf,
+						       OBJ_nid2sn(nids[k]),
+						       &cap_size, 256))
+						goto end;
+
+skip_digests:
+				if (cap_buf && (*cap_buf != '\0'))
+					BIO_printf(bio_out, " [%s]\n", cap_buf);
+
+				OPENSSL_free(cap_buf);
+				}
+			if(test_avail)
+				{
+				BIO_printf(bio_out, "%s", indent);
+				if (ENGINE_init(e))
+					{
+					BIO_printf(bio_out, "[ available ]\n");
+					util_do_cmds(e, post_cmds, bio_out, indent);
+					ENGINE_finish(e);
+					}
+				else
+					{
+					BIO_printf(bio_out, "[ unavailable ]\n");
+					ERR_print_errors_fp(stdout);
+					ERR_clear_error();
+					}
+				}
+			if((verbose > 0) && !util_verbose(e, verbose, bio_out, indent))
+				goto end;
+			ENGINE_free(e);
+			}
+		else
+			ERR_print_errors(bio_err);
+		}
+
+	ret=0;
+end:
+	ERR_print_errors(bio_err);
+	sk_pop_free(engines, identity);
+	sk_pop_free(pre_cmds, identity);
+	sk_pop_free(post_cmds, identity);
+	if (bio_out != NULL) BIO_free_all(bio_out);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
+	}
diff --git a/apps/errstr.c b/apps/errstr.c
index d2b2b3fcea..19489b0df3 100644
--- a/apps/errstr.c
+++ b/apps/errstr.c
@@ -60,17 +60,17 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "lhash.h"
-#include "err.h"
-#include "ssl.h"
+#include <openssl/bio.h>
+#include <openssl/lhash.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
 
 #undef PROG
 #define PROG	errstr_main
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
 	{
 	int i,ret=0;
 	char buf[256];
@@ -91,12 +91,18 @@ char **argv;
 		out=BIO_new(BIO_s_file());
 		if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
 			{
+#ifdef OPENSSL_SYS_VMS
+			{
+			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+			out = BIO_push(tmpbio, out);
+			}
+#endif
 			lh_node_stats_bio((LHASH *)ERR_get_string_table(),out);
 			lh_stats_bio((LHASH *)ERR_get_string_table(),out);
 			lh_node_usage_stats_bio((LHASH *)
 				ERR_get_string_table(),out);
 			}
-		if (out != NULL) BIO_free(out);
+		if (out != NULL) BIO_free_all(out);
 		argc--;
 		argv++;
 		}
@@ -104,7 +110,10 @@ char **argv;
 	for (i=1; i<argc; i++)
 		{
 		if (sscanf(argv[i],"%lx",&l))
-			printf("%s\n",ERR_error_string(l,buf));
+			{
+			ERR_error_string_n(l, buf, sizeof buf);
+			printf("%s\n",buf);
+			}
 		else
 			{
 			printf("%s: bad error code\n",argv[i]);
@@ -112,5 +121,6 @@ char **argv;
 			ret++;
 			}
 		}
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
diff --git a/apps/ext.v3 b/apps/ext.v3
deleted file mode 100644
index 87ee8e6173..0000000000
--- a/apps/ext.v3
+++ /dev/null
@@ -1,2 +0,0 @@
-2.99999.3	SET.ex3		SET x509v3 extension 3
-
diff --git a/apps/f b/apps/f
deleted file mode 100644
index 857052edd0..0000000000
--- a/apps/f
+++ /dev/null
@@ -1,5 +0,0 @@
-586
-2481
-
-1400
-2064
diff --git a/apps/g_ssleay.pl b/apps/g_ssleay.pl
deleted file mode 100644
index 4c63e86ea5..0000000000
--- a/apps/g_ssleay.pl
+++ /dev/null
@@ -1,114 +0,0 @@
-#!/usr/local/bin/perl
-
-$mkprog='mklinks';
-$rmprog='rmlinks';
-
-print "#ifndef NOPROTO\n";
-
-grep(s/^asn1pars$/asn1parse/,@ARGV);
-
-foreach (@ARGV)
-	{ printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
-print "#else\n";
-foreach (@ARGV)
-	{ printf "extern int %s_main();\n",$_; }
-print "#endif\n";
-
-
-print <<'EOF';
-
-#ifdef SSLEAY_SRC
-
-#define FUNC_TYPE_GENERAL	1
-#define FUNC_TYPE_MD		2
-#define FUNC_TYPE_CIPHER	3
-
-typedef struct {
-	int type;
-	char *name;
-	int (*func)();
-	} FUNCTION;
-
-FUNCTION functions[] = {
-EOF
-
-foreach (@ARGV)
-	{
-	push(@files,$_);
-	$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
-	if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
-		{ print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; } 
-	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ||
-		($_ =~ /^req$/) || ($_ =~ /^ca$/) || ($_ =~ /^x509$/))
-		{ print "#ifndef NO_RSA\n${str}#endif\n";  }
-	elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
-		{ print "#ifndef NO_DSA\n${str}#endif\n"; }
-	elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/))
-		{ print "#ifndef NO_DH\n${str}#endif\n"; }
-	else
-		{ print $str; }
-	}
-
-foreach ("md2","md5","sha","sha1","mdc2","rmd160")
-	{
-	push(@files,$_);
-	printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_;
-	}
-
-foreach (
-	"base64",
-	"des", "des3", "desx", "idea", "rc4", "rc2","bf","cast","rc5",
-	"des-ecb", "des-ede",    "des-ede3",
-	"des-cbc", "des-ede-cbc","des-ede3-cbc",
-	"des-cfb", "des-ede-cfb","des-ede3-cfb",
-	"des-ofb", "des-ede-ofb","des-ede3-ofb",
-	"idea-cbc","idea-ecb",   "idea-cfb", "idea-ofb",
-	"rc2-cbc", "rc2-ecb",    "rc2-cfb",  "rc2-ofb",
-	"bf-cbc",  "bf-ecb",     "bf-cfb",   "bf-ofb",
-	"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
-	"cast-cbc", "rc5-cbc",   "rc5-ecb",  "rc5-cfb",  "rc5-ofb")
-	{
-	push(@files,$_);
-
-	$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
-	if    ($_ =~ /des/)  { $t="#ifndef NO_DES\n${t}#endif\n"; }
-	elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; }
-	elsif ($_ =~ /rc4/)  { $t="#ifndef NO_RC4\n${t}#endif\n"; }
-	elsif ($_ =~ /rc2/)  { $t="#ifndef NO_RC2\n${t}#endif\n"; }
-	elsif ($_ =~ /bf/)   { $t="#ifndef NO_BLOWFISH\n${t}#endif\n"; }
-	elsif ($_ =~ /cast/) { $t="#ifndef NO_CAST\n${t}#endif\n"; }
-	elsif ($_ =~ /rc5/)  { $t="#ifndef NO_RC5\n${t}#endif\n"; }
-	print $t;
-	}
-
-print "\t{0,NULL,NULL}\n\t};\n";
-print "#endif\n\n";
-
-open(OUT,">$mkprog") || die "unable to open '$prog':$!\n";
-print OUT "#!/bin/sh\nfor i in ";
-foreach (@files)
-	{ print OUT $_." "; }
-print OUT <<'EOF';
-
-do
-echo making symlink for $i
-/bin/rm -f $i
-ln -s ssleay $i
-done
-EOF
-close(OUT);
-chmod(0755,$mkprog);
-
-open(OUT,">$rmprog") || die "unable to open '$prog':$!\n";
-print OUT "#!/bin/sh\nfor i in ";
-foreach (@files)
-	{ print OUT $_." "; }
-print OUT <<'EOF';
-
-do
-echo removing $i
-/bin/rm -f $i
-done
-EOF
-close(OUT);
-chmod(0755,$rmprog);
diff --git a/apps/gendh.c b/apps/gendh.c
index 2790f179fd..98ee413c74 100644
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -1,4 +1,5 @@
 /* apps/gendh.c */
+/* obsoleted by dhparam.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,41 +57,37 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_DH
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include "bio.h"
-#include "rand.h"
-#include "err.h"
-#include "bn.h"
-#include "dh.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #define DEFBITS	512
 #undef PROG
 #define PROG gendh_main
 
-#ifndef NOPROTO
-static void MS_CALLBACK dh_cb(int p, int n, char *arg);
-static long dh_load_rand(char *names);
-#else
-static void MS_CALLBACK dh_cb();
-static long dh_load_rand();
-#endif
+static void MS_CALLBACK dh_cb(int p, int n, void *arg);
+
+int MAIN(int, char **);
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
-	char buffer[200];
+	ENGINE *e = NULL;
 	DH *dh=NULL;
 	int ret=1,num=DEFBITS;
 	int g=2;
 	char *outfile=NULL;
-	char *inrand=NULL,*randfile;
+	char *inrand=NULL;
+	char *engine=NULL;
 	BIO *out=NULL;
 
 	apps_startup();
@@ -99,6 +96,9 @@ char **argv;
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	argv++;
 	argc--;
 	for (;;)
@@ -115,6 +115,11 @@ char **argv;
 			g=3; */
 		else if (strcmp(*argv,"-5") == 0)
 			g=5;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -130,15 +135,18 @@ char **argv;
 bad:
 		BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
 		BIO_printf(bio_err," -out file - output the key to 'file\n");
-		BIO_printf(bio_err," -2    use 2 as the generator value\n");
-	/*	BIO_printf(bio_err," -3    use 3 as the generator value\n"); */
-		BIO_printf(bio_err," -5    use 5 as the generator value\n");
-		BIO_printf(bio_err," -rand file:file:...\n");
+		BIO_printf(bio_err," -2        - use 2 as the generator value\n");
+	/*	BIO_printf(bio_err," -3        - use 3 as the generator value\n"); */
+		BIO_printf(bio_err," -5        - use 5 as the generator value\n");
+		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		goto end;
 		}
 		
+        e = setup_engine(bio_err, engine, 0);
+
 	out=BIO_new(BIO_s_file());
 	if (out == NULL)
 		{
@@ -147,7 +155,15 @@ bad:
 		}
 
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -157,28 +173,21 @@ bad:
 			}
 		}
 
-	randfile=RAND_file_name(buffer,200);
-	if ((randfile == NULL)|| !RAND_load_file(randfile,1024L*1024L))
-		BIO_printf(bio_err,"unable to load 'random state'\n");
-
-	if (inrand == NULL)
-		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
-	else
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
 		{
-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-			dh_load_rand(inrand));
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
+	if (inrand != NULL)
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+			app_RAND_load_files(inrand));
 
-	BIO_printf(bio_err,"Generating DH parameters, %d bit long strong prime, generator of %d\n",num,g);
+	BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
 	BIO_printf(bio_err,"This is going to take a long time\n");
-	dh=DH_generate_parameters(num,g,dh_cb,(char *)bio_err);
+	dh=DH_generate_parameters(num,g,dh_cb,bio_err);
 		
 	if (dh == NULL) goto end;
 
-	if (randfile == NULL)
-		BIO_printf(bio_err,"unable to write 'random state'\n");
-	else
-		RAND_write_file(randfile);
+	app_RAND_write_file(NULL, bio_err);
 
 	if (!PEM_write_bio_DHparams(out,dh))
 		goto end;
@@ -186,15 +195,13 @@ bad:
 end:
 	if (ret != 0)
 		ERR_print_errors(bio_err);
-	if (out != NULL) BIO_free(out);
+	if (out != NULL) BIO_free_all(out);
 	if (dh != NULL) DH_free(dh);
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
-static void MS_CALLBACK dh_cb(p,n,arg)
-int p;
-int n;
-char *arg;
+static void MS_CALLBACK dh_cb(int p, int n, void *arg)
 	{
 	char c='*';
 
@@ -203,33 +210,9 @@ char *arg;
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
 	BIO_write((BIO *)arg,&c,1);
-	BIO_flush((BIO *)arg);
+	(void)BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
 	}
-
-static long dh_load_rand(name)
-char *name;
-	{
-	char *p,*n;
-	int last;
-	long tot=0;
-
-	for (;;)
-		{
-		last=0;
-		for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
-		if (*p == '\0') last=1;
-		*p='\0';
-		n=name;
-		name=p+1;
-		if (*n == '\0') break;
-
-		tot+=RAND_load_file(n,1);
-		if (last) break;
-		}
-	return(tot);
-	}
-
-
+#endif
diff --git a/apps/gendsa.c b/apps/gendsa.c
index e0e5afa400..4600711c36 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -56,39 +56,36 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_DSA
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include "bio.h"
-#include "rand.h"
-#include "err.h"
-#include "bn.h"
-#include "dsa.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #define DEFBITS	512
 #undef PROG
 #define PROG gendsa_main
 
-#ifndef NOPROTO
-static long dsa_load_rand(char *names);
-#else
-static long dsa_load_rand();
-#endif
+int MAIN(int, char **);
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
-	char buffer[200];
+	ENGINE *e = NULL;
 	DSA *dsa=NULL;
-	int ret=1,num=DEFBITS;
+	int ret=1;
 	char *outfile=NULL;
-	char *inrand=NULL,*randfile,*dsaparams=NULL;
+	char *inrand=NULL,*dsaparams=NULL;
+	char *passargout = NULL, *passout = NULL;
 	BIO *out=NULL,*in=NULL;
+	const EVP_CIPHER *enc=NULL;
+	char *engine=NULL;
 
 	apps_startup();
 
@@ -96,6 +93,9 @@ char **argv;
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	argv++;
 	argc--;
 	for (;;)
@@ -106,6 +106,16 @@ char **argv;
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-passout") == 0)
+			{
+			if (--argc < 1) goto bad;
+			passargout= *(++argv);
+			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -113,9 +123,27 @@ char **argv;
 			}
 		else if (strcmp(*argv,"-") == 0)
 			goto bad;
-		else if (dsaparams == NULL)
+#ifndef OPENSSL_NO_DES
+		else if (strcmp(*argv,"-des") == 0)
+			enc=EVP_des_cbc();
+		else if (strcmp(*argv,"-des3") == 0)
+			enc=EVP_des_ede3_cbc();
+#endif
+#ifndef OPENSSL_NO_IDEA
+		else if (strcmp(*argv,"-idea") == 0)
+			enc=EVP_idea_cbc();
+#endif
+#ifndef OPENSSL_NO_AES
+		else if (strcmp(*argv,"-aes128") == 0)
+			enc=EVP_aes_128_cbc();
+		else if (strcmp(*argv,"-aes192") == 0)
+			enc=EVP_aes_192_cbc();
+		else if (strcmp(*argv,"-aes256") == 0)
+			enc=EVP_aes_256_cbc();
+#endif
+		else if (**argv != '-' && dsaparams == NULL)
 			{
-			dsaparams= *argv;
+			dsaparams = *argv;
 			}
 		else
 			goto bad;
@@ -126,33 +154,64 @@ char **argv;
 	if (dsaparams == NULL)
 		{
 bad:
-		BIO_printf(bio_err,"usage: gendsa [args] [numbits]\n");
-		BIO_printf(bio_err," -out file - output the key to 'file\n");
-		BIO_printf(bio_err," -rand file:file:...\n");
+		BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n");
+		BIO_printf(bio_err," -out file - output the key to 'file'\n");
+#ifndef OPENSSL_NO_DES
+		BIO_printf(bio_err," -des      - encrypt the generated key with DES in cbc mode\n");
+		BIO_printf(bio_err," -des3     - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
+#endif
+#ifndef OPENSSL_NO_IDEA
+		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
+#endif
+#ifndef OPENSSL_NO_AES
+		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
+#endif
+		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
+		BIO_printf(bio_err," dsaparam-file\n");
+		BIO_printf(bio_err,"           - a DSA parameter file as generated by the dsaparam command\n");
 		goto end;
 		}
 
+        e = setup_engine(bio_err, engine, 0);
+
+	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
+		BIO_printf(bio_err, "Error getting password\n");
+		goto end;
+	}
+
+
 	in=BIO_new(BIO_s_file());
-	if (!(BIO_read_filename(in,"dsaparams")))
+	if (!(BIO_read_filename(in,dsaparams)))
 		{
 		perror(dsaparams);
 		goto end;
 		}
 
-	if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL)) == NULL)
+	if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)
 		{
 		BIO_printf(bio_err,"unable to load DSA parameter file\n");
 		goto end;
 		}
 	BIO_free(in);
+	in = NULL;
 		
 	out=BIO_new(BIO_s_file());
 	if (out == NULL) goto end;
 
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -162,59 +221,31 @@ bad:
 			}
 		}
 
-	randfile=RAND_file_name(buffer,200);
-	if ((randfile == NULL)|| !RAND_load_file(randfile,1024L*1024L))
-		BIO_printf(bio_err,"unable to load 'random state'\n");
-
-	if (inrand == NULL)
-		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
-	else
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
 		{
-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
-			dsa_load_rand(inrand));
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
+	if (inrand != NULL)
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+			app_RAND_load_files(inrand));
 
-	BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
-	BIO_printf(bio_err,"This could take some time\n");
+	BIO_printf(bio_err,"Generating DSA key, %d bits\n",
+							BN_num_bits(dsa->p));
 	if (!DSA_generate_key(dsa)) goto end;
 
-	if (randfile == NULL)
-		BIO_printf(bio_err,"unable to write 'random state'\n");
-	else
-		RAND_write_file(randfile);
+	app_RAND_write_file(NULL, bio_err);
 
-	if (!PEM_write_bio_DSAPrivateKey(out,dsa,EVP_des_ede3_cbc(),NULL,0,NULL))
+	if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL, passout))
 		goto end;
 	ret=0;
 end:
 	if (ret != 0)
 		ERR_print_errors(bio_err);
-	if (out != NULL) BIO_free(out);
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free_all(out);
 	if (dsa != NULL) DSA_free(dsa);
-	EXIT(ret);
+	if(passout) OPENSSL_free(passout);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
-
-static long dsa_load_rand(name)
-char *name;
-	{
-	char *p,*n;
-	int last;
-	long tot=0;
-
-	for (;;)
-		{
-		last=0;
-		for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
-		if (*p == '\0') last=1;
-		*p='\0';
-		n=name;
-		name=p+1;
-		if (*n == '\0') break;
-
-		tot+=RAND_load_file(n,1);
-		if (last) break;
-		}
-	return(tot);
-	}
-
-
+#endif
diff --git a/apps/genrsa.c b/apps/genrsa.c
index cdba6189ad..dbc23e40aa 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -56,45 +56,42 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "apps.h"
-#include "bio.h"
-#include "rand.h"
-#include "err.h"
-#include "bn.h"
-#include "rsa.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
 
 #define DEFBITS	512
 #undef PROG
 #define PROG genrsa_main
 
-#ifndef NOPROTO
-static void MS_CALLBACK genrsa_cb(int p, int n, char *arg);
-static long gr_load_rand(char *names);
-#else
-static void MS_CALLBACK genrsa_cb();
-static long gr_load_rand();
-#endif
+static void MS_CALLBACK genrsa_cb(int p, int n, void *arg);
+
+int MAIN(int, char **);
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int ret=1;
-	char buffer[200];
 	RSA *rsa=NULL;
 	int i,num=DEFBITS;
-	long rnum=0,l;
-	EVP_CIPHER *enc=NULL;
+	long l;
+	const EVP_CIPHER *enc=NULL;
 	unsigned long f4=RSA_F4;
 	char *outfile=NULL;
-	char *inrand=NULL,*randfile;
+	char *passargout = NULL, *passout = NULL;
+	char *engine=NULL;
+	char *inrand=NULL;
 	BIO *out=NULL;
 
 	apps_startup();
@@ -102,9 +99,12 @@ char **argv;
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+	if (!load_config(bio_err, NULL))
+		goto err;
 	if ((out=BIO_new(BIO_s_file())) == NULL)
 		{
-		BIO_printf(bio_err,"unable to creat BIO for output\n");
+		BIO_printf(bio_err,"unable to create BIO for output\n");
 		goto err;
 		}
 
@@ -120,23 +120,41 @@ char **argv;
 			}
 		else if (strcmp(*argv,"-3") == 0)
 			f4=3;
-		else if (strcmp(*argv,"-F4") == 0)
+		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
 			f4=RSA_F4;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-rand") == 0)
 			{
 			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 		else if (strcmp(*argv,"-des") == 0)
 			enc=EVP_des_cbc();
 		else if (strcmp(*argv,"-des3") == 0)
 			enc=EVP_des_ede3_cbc();
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 		else if (strcmp(*argv,"-idea") == 0)
 			enc=EVP_idea_cbc();
 #endif
+#ifndef OPENSSL_NO_AES
+		else if (strcmp(*argv,"-aes128") == 0)
+			enc=EVP_aes_128_cbc();
+		else if (strcmp(*argv,"-aes192") == 0)
+			enc=EVP_aes_192_cbc();
+		else if (strcmp(*argv,"-aes256") == 0)
+			enc=EVP_aes_256_cbc();
+#endif
+		else if (strcmp(*argv,"-passout") == 0)
+			{
+			if (--argc < 1) goto bad;
+			passargout= *(++argv);
+			}
 		else
 			break;
 		argv++;
@@ -146,23 +164,45 @@ char **argv;
 		{
 bad:
 		BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n");
-		BIO_printf(bio_err," -des      - encrypt the generated key with DES in cbc mode\n");
-		BIO_printf(bio_err," -des3     - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
-#ifndef NO_IDEA
-		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
+		BIO_printf(bio_err," -des            encrypt the generated key with DES in cbc mode\n");
+		BIO_printf(bio_err," -des3           encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
+#ifndef OPENSSL_NO_IDEA
+		BIO_printf(bio_err," -idea           encrypt the generated key with IDEA in cbc mode\n");
 #endif
-		BIO_printf(bio_err," -out file - output the key to 'file\n");
-		BIO_printf(bio_err," -f4       - use F4 (0x10001) for the E value\n");
-		BIO_printf(bio_err," -3        - use 3 for the E value\n");
-		BIO_printf(bio_err," -rand file:file:...\n");
-		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
-		BIO_printf(bio_err,"             the random number generator\n");
+#ifndef OPENSSL_NO_AES
+		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
+#endif
+		BIO_printf(bio_err," -out file       output the key to 'file\n");
+		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
+		BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
+		BIO_printf(bio_err," -3              use 3 for the E value\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err,"                 the random number generator\n");
 		goto err;
 		}
 		
 	ERR_load_crypto_strings();
+
+	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
+		BIO_printf(bio_err, "Error getting password\n");
+		goto err;
+	}
+
+        e = setup_engine(bio_err, engine, 0);
+
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -172,45 +212,24 @@ bad:
 			}
 		}
 
-#ifdef WINDOWS
-	BIO_printf(bio_err,"Loading 'screen' into random state -");
-	BIO_flush(bio_err);
-	RAND_screen();
-	BIO_printf(bio_err," done\n");
-#endif
-	randfile=RAND_file_name(buffer,200);
-	if ((randfile == NULL) ||
-		 !(rnum=(long)RAND_load_file(randfile,1024L*1024L)))
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+		&& !RAND_status())
 		{
-		BIO_printf(bio_err,"unable to load 'random state'\n");
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
-
-	if (inrand == NULL)
-		{
-		if (rnum == 0)
-			{
-			BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
-			}
-		}
-	else
-		{
-		rnum+=gr_load_rand(inrand);
-		}
-	if (rnum != 0)
-		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",rnum);
+	if (inrand != NULL)
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+			app_RAND_load_files(inrand));
 
 	BIO_printf(bio_err,"Generating RSA private key, %d bit long modulus\n",
 		num);
-	rsa=RSA_generate_key(num,f4,genrsa_cb,(char *)bio_err);
+	rsa=RSA_generate_key(num,f4,genrsa_cb,bio_err);
 		
-	if (randfile == NULL)
-		BIO_printf(bio_err,"unable to write 'random state'\n");
-	else
-		RAND_write_file(randfile);
+	app_RAND_write_file(NULL, bio_err);
 
 	if (rsa == NULL) goto err;
 	
-	/* We need to do the folloing for when the base number size is <
+	/* We need to do the following for when the base number size is <
 	 * long, esp windows 3.1 :-(. */
 	l=0L;
 	for (i=0; i<rsa->e->top; i++)
@@ -222,22 +241,27 @@ bad:
 		l+=rsa->e->d[i];
 		}
 	BIO_printf(bio_err,"e is %ld (0x%lX)\n",l,l);
-	if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL))
+	{
+	PW_CB_DATA cb_data;
+	cb_data.password = passout;
+	cb_data.prompt_info = outfile;
+	if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,
+		(pem_password_cb *)password_callback,&cb_data))
 		goto err;
+	}
 
 	ret=0;
 err:
 	if (rsa != NULL) RSA_free(rsa);
-	if (out != NULL) BIO_free(out);
+	if (out != NULL) BIO_free_all(out);
+	if(passout) OPENSSL_free(passout);
 	if (ret != 0)
 		ERR_print_errors(bio_err);
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
-static void MS_CALLBACK genrsa_cb(p, n, arg)
-int p;
-int n;
-char *arg;
+static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
 	{
 	char c='*';
 
@@ -246,33 +270,15 @@ char *arg;
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
 	BIO_write((BIO *)arg,&c,1);
-	BIO_flush((BIO *)arg);
+	(void)BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
 	}
+#else /* !OPENSSL_NO_RSA */
 
-static long gr_load_rand(name)
-char *name;
-	{
-	char *p,*n;
-	int last;
-	long tot=0;
-
-	for (;;)
-		{
-		last=0;
-		for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
-		if (*p == '\0') last=1;
-		*p='\0';
-		n=name;
-		name=p+1;
-		if (*n == '\0') break;
-
-		tot+=RAND_load_file(n,1024L*1024L);
-		if (last) break;
-		}
-	return(tot);
-	}
-
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
 
+#endif
diff --git a/apps/gmon.out b/apps/gmon.out
deleted file mode 100644
index abab8b9eec..0000000000
--- a/apps/gmon.out
+++ /dev/null
diff --git a/apps/install.com b/apps/install.com
new file mode 100644
index 0000000000..f927dc29f5
--- /dev/null
+++ b/apps/install.com
@@ -0,0 +1,69 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 22-MAY-1998 10:13
+$!
+$! P1	root of the directory tree
+$!
+$	IF P1 .EQS. ""
+$	THEN
+$	    WRITE SYS$OUTPUT "First argument missing."
+$	    WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$	    EXIT
+$	ENDIF
+$
+$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
+$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
+$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
+		   - "[000000." - "][" - "[" - "]"
+$	ROOT = ROOT_DEV + "[" + ROOT_DIR
+$
+$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
+$	DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
+$	DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
+$	DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:[LIB]
+$
+$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
+$	IF F$PARSE("WRK_SSLVEXE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLVEXE:
+$	IF F$PARSE("WRK_SSLAEXE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLAEXE:
+$	IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLLIB:
+$
+$	EXE := openssl
+$
+$	VEXE_DIR := [-.VAX.EXE.APPS]
+$	AEXE_DIR := [-.AXP.EXE.APPS]
+$
+$	I = 0
+$ LOOP_EXE: 
+$	E = F$EDIT(F$ELEMENT(I, ",", EXE),"TRIM")
+$	I = I + 1
+$	IF E .EQS. "," THEN GOTO LOOP_EXE_END
+$	SET NOON
+$	IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. ""
+$	THEN
+$	  COPY 'VEXE_DIR''E'.EXE WRK_SSLVEXE:'E'.EXE/log
+$	  SET FILE/PROT=W:RE WRK_SSLVEXE:'E'.EXE
+$	ENDIF
+$	IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. ""
+$	THEN
+$	  COPY 'AEXE_DIR''E'.EXE WRK_SSLAEXE:'E'.EXE/log
+$	  SET FILE/PROT=W:RE WRK_SSLAEXE:'E'.EXE
+$	ENDIF
+$	SET ON
+$	GOTO LOOP_EXE
+$ LOOP_EXE_END:
+$
+$	SET NOON
+$	COPY CA.COM WRK_SSLAEXE:CA.COM/LOG
+$	SET FILE/PROT=W:RE WRK_SSLAEXE:CA.COM
+$	COPY CA.COM WRK_SSLVEXE:CA.COM/LOG
+$	SET FILE/PROT=W:RE WRK_SSLVEXE:CA.COM
+$	COPY OPENSSL-VMS.CNF WRK_SSLROOT:[000000]OPENSSL.CNF/LOG
+$	SET FILE/PROT=W:R WRK_SSLROOT:[000000]OPENSSL.CNF
+$	SET ON
+$
+$	EXIT
diff --git a/apps/makeapps.com b/apps/makeapps.com
new file mode 100644
index 0000000000..140816a7c9
--- /dev/null
+++ b/apps/makeapps.com
@@ -0,0 +1,984 @@
+$!
+$!  MAKEAPPS.COM
+$!  Written By:  Robert Byer
+$!               Vice-President
+$!               A-Com Computing, Inc.
+$!               byer@mail.all-net.net
+$!
+$!  Changes by Richard Levitte <richard@levitte.org>
+$!
+$!  This command files compiles and creates all the various different
+$!  "application" programs for the different types of encryption for OpenSSL.
+$!  The EXE's are placed in the directory [.xxx.EXE.APPS] where "xxx" denotes
+$!  either AXP or VAX depending on your machine architecture.
+$!
+$!  It was written so it would try to determine what "C" compiler to
+$!  use or you can specify which "C" compiler to use.
+$!
+$!  Specify DEBUG or NODEBUG as P1 to compile with or without debugger
+$!  information.
+$!
+$!  Specify which compiler at P2 to try to compile under.
+$!
+$!	   VAXC	 For VAX C.
+$!	   DECC	 For DEC C.
+$!	   GNUC	 For GNU C.
+$!
+$!  If you don't speficy a compiler, it will try to determine which
+$!  "C" compiler to use.
+$!
+$!  P3, if defined, sets a TCP/IP library to use, through one of the following
+$!  keywords:
+$!
+$!	UCX		for UCX
+$!	SOCKETSHR	for SOCKETSHR+NETLIB
+$!	TCPIP		for TCPIP (post UCX)
+$!
+$!  P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$!
+$!  P5, if defined, sets a choice of programs to compile.
+$!
+$!
+$! Define A TCP/IP Library That We Will Need To Link To.
+$! (That Is, If We Need To Link To One.)
+$!
+$ TCPIP_LIB = ""
+$!
+$! Check What Architecture We Are Using.
+$!
+$ IF (F$GETSYI("CPU").GE.128)
+$ THEN
+$!
+$!  The Architecture Is AXP.
+$!
+$   ARCH := AXP
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  The Architecture Is VAX.
+$!
+$   ARCH := VAX
+$!
+$! End The Architecture Check.
+$!
+$ ENDIF
+$!
+$! Define what programs should be compiled
+$!
+$ PROGRAMS := OPENSSL
+$!$ PROGRAMS := VERIFY,ASN1PARS,REQ,DGST,DH,ENC,PASSWD,GENDH,ERRSTR,CA,CRL,-
+$!	      RSA,DSA,DSAPARAM,-
+$!	      X509,GENRSA,GENDSA,S_SERVER,S_CLIENT,SPEED,-
+$!	      S_TIME,VERSION,PKCS7,CRL2P7,SESS_ID,CIPHERS,NSEQ,
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
+$! Initialise logical names and such
+$!
+$ GOSUB INITIALISE
+$!
+$! Tell The User What Kind of Machine We Run On.
+$!
+$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$!
+$! Define The CRYPTO Library.
+$!
+$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
+$!
+$! Define The SSL Library.
+$!
+$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB
+$!
+$! Define The OBJ Directory.
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.APPS]
+$!
+$! Check To See If The OBJ Directory Exists.
+$!
+$ IF (F$PARSE(OBJ_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIRECTORY 'OBJ_DIR'
+$!
+$! End The OBJ Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The EXE Directory.
+$!
+$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.APPS]
+$!
+$! Check To See If The EXE Directory Exists.
+$!
+$ IF (F$PARSE(EXE_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIRECTORY 'EXE_DIR'
+$!
+$! End The EXE Directory Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Define The Application Files.
+$!
+$ LIB_FILES = "VERIFY;ASN1PARS;REQ;DGST;DH;DHPARAM;ENC;PASSWD;GENDH;ERRSTR;"+-
+	      "CA;PKCS7;CRL2P7;CRL;"+-
+	      "RSA;RSAUTL;DSA;DSAPARAM;EC;ECPARAM;"+-
+	      "X509;GENRSA;GENDSA;S_SERVER;S_CLIENT;SPEED;"+-
+	      "S_TIME;APPS;S_CB;S_SOCKET;APP_RAND;VERSION;SESS_ID;"+-
+	      "CIPHERS;NSEQ;PKCS12;PKCS8;SPKAC;SMIME;RAND;ENGINE;OCSP"
+$ APP_FILES := OPENSSL,'OBJ_DIR'VERIFY.OBJ,ASN1PARS.OBJ,REQ.OBJ,DGST.OBJ,DH.OBJ,DHPARAM.OBJ,ENC.OBJ,PASSWD.OBJ,GENDH.OBJ,ERRSTR.OBJ,-
+	       CA.OBJ,PKCS7.OBJ,CRL2P7.OBJ,CRL.OBJ,-
+	       RSA.OBJ,RSAUTL.OBJ,DSA.OBJ,DSAPARAM.OBJ,EC.OBJ,ECPARAM.OBJ,-
+	       X509.OBJ,GENRSA.OBJ,GENDSA.OBJ,S_SERVER.OBJ,S_CLIENT.OBJ,SPEED.OBJ,-
+	       S_TIME.OBJ,APPS.OBJ,S_CB.OBJ,S_SOCKET.OBJ,APP_RAND.OBJ,VERSION.OBJ,SESS_ID.OBJ,-
+	       CIPHERS.OBJ,NSEQ.OBJ,PKCS12.OBJ,PKCS8.OBJ,SPKAC.OBJ,SMIME.OBJ,RAND.OBJ,ENGINE.OBJ,OCSP.OBJ
+$ TCPIP_PROGRAMS = ",,"
+$ IF COMPILER .EQS. "VAXC" THEN -
+     TCPIP_PROGRAMS = ",OPENSSL,"
+$!$ APP_FILES := VERIFY;ASN1PARS;REQ;DGST;DH;ENC;GENDH;ERRSTR;CA;-
+$!	       PKCS7;CRL2P7;CRL;-
+$!	       RSA;DSA;DSAPARAM;-
+$!	       X509;GENRSA;GENDSA;-
+$!	       S_SERVER,'OBJ_DIR'S_SOCKET.OBJ,'OBJ_DIR'S_CB.OBJ;-
+$!	       S_CLIENT,'OBJ_DIR'S_SOCKET.OBJ,'OBJ_DIR'S_CB.OBJ;-
+$!	       SPEED;-
+$!	       S_TIME,'OBJ_DIR'S_CB.OBJ;VERSION;SESS_ID;CIPHERS;NSEQ
+$!$ TCPIP_PROGRAMS = ",,"
+$!$ IF COMPILER .EQS. "VAXC" THEN -
+$!     TCPIP_PROGRAMS = ",S_SERVER,S_CLIENT,SESS_ID,CIPHERS,S_TIME,"
+$!
+$! Setup exceptional compilations
+$!
+$ COMPILEWITH_CC2 = ",S_SOCKET,S_SERVER,S_CLIENT,"
+$!
+$ PHASE := LIB
+$!
+$ RESTART: 
+$!
+$!  Define A File Counter And Set It To "0".
+$!
+$ FILE_COUNTER = 0
+$!
+$! Top Of The File Loop.
+$!
+$ NEXT_FILE:
+$!
+$! O.K, Extract The File Name From The File List.
+$!
+$ FILE_NAME0 = F$EDIT(F$ELEMENT(FILE_COUNTER,";",'PHASE'_FILES),"TRIM")
+$ FILE_NAME = F$EDIT(F$ELEMENT(0,",",FILE_NAME0),"TRIM")
+$ EXTRA_OBJ = FILE_NAME0 - FILE_NAME
+$!
+$! Check To See If We Are At The End Of The File List.
+$!
+$ IF (FILE_NAME0.EQS.";")
+$ THEN
+$   IF (PHASE.EQS."LIB")
+$   THEN
+$     PHASE := APP
+$     GOTO RESTART
+$   ELSE
+$     GOTO FILE_DONE
+$   ENDIF
+$ ENDIF
+$!
+$! Increment The Counter.
+$!
+$ FILE_COUNTER = FILE_COUNTER + 1
+$!
+$! Check to see if this program should actually be compiled
+$!
+$ IF PHASE .EQS. "APP" .AND. -
+     ","+PROGRAMS+"," - (","+F$EDIT(FILE_NAME,"UPCASE")+",") .EQS. ","+PROGRAMS+","
+$ THEN
+$   GOTO NEXT_FILE
+$ ENDIF
+$!
+$! Create The Source File Name.
+$!
+$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
+$!
+$! Create The Object File Name.
+$!
+$ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ"
+$!
+$! Create The Executable File Name.
+$!
+$ EXE_FILE = EXE_DIR + FILE_NAME + ".EXE"
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH(SOURCE_FILE).EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   GOTO EXIT
+$!
+$! End The File Exist Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ IF (PHASE.EQS."LIB")
+$ THEN
+$   WRITE SYS$OUTPUT "Compiling The ",FILE_NAME,".C File."
+$ ELSE
+$   WRITE SYS$OUTPUT "Building The ",FILE_NAME," Application Program."
+$ ENDIF
+$!
+$! Compile The File.
+$!
+$ ON ERROR THEN GOTO NEXT_FILE
+$ IF COMPILEWITH_CC2 - FILE_NAME .NES. COMPILEWITH_CC2
+$ THEN
+$   CC2/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ELSE
+$   CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ENDIF
+$!
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$ IF (PHASE.EQS."LIB") 
+$ THEN 
+$   GOTO NEXT_FILE
+$ ENDIF
+$!
+$!  Check if this program works well without a TCPIP library
+$!
+$ IF TCPIP_LIB .EQS. "" .AND. TCPIP_PROGRAMS - FILE_NAME .NES. TCPIP_PROGRAMS
+$ THEN
+$   WRITE SYS$OUTPUT FILE_NAME," needs a TCP/IP library.  Can't link.  Skipping..."
+$   GOTO NEXT_FILE
+$ ENDIF
+$!
+$! Link The Program.
+$! Check To See If We Are To Link With A Specific TCP/IP Library.
+$!
+$ IF (TCPIP_LIB.NES."")
+$ THEN
+$!
+$! Don't Link With The RSAREF Routines And TCP/IP Library.
+$!
+$   LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
+	'OBJECT_FILE''EXTRA_OBJ', -
+        'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
+        'TCPIP_LIB','OPT_FILE'/OPTION
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$! Don't Link With The RSAREF Routines And Link With A TCP/IP Library.
+$!
+$   LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
+	'OBJECT_FILE''EXTRA_OBJ', -
+        'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
+        'OPT_FILE'/OPTION
+$!
+$! End The TCP/IP Library Check.
+$!
+$ ENDIF
+$!
+$! Go Back And Do It Again.
+$!
+$ GOTO NEXT_FILE
+$!
+$! All Done With This File.
+$!
+$ FILE_DONE:
+$ EXIT:
+$!
+$! All Done, Time To Clean Up And Exit.
+$!
+$ GOSUB CLEANUP
+$ EXIT
+$!
+$! Check For The Link Option FIle.
+$!
+$ CHECK_OPT_FILE:
+$!
+$! Check To See If We Need To Make A VAX C Option File.
+$!
+$ IF (COMPILER.EQS."VAXC")
+$ THEN
+$!
+$!  Check To See If We Already Have A VAX C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A VAX C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable VAX C Runtime Library.
+!
+SYS$SHARE:VAXCRTL.EXE/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The VAXC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A GNU C Option File.
+$!
+$ IF (COMPILER.EQS."GNUC")
+$ THEN
+$!
+$!  Check To See If We Already Have A GNU C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A GNU C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable C Runtime Library.
+!
+GNU_CC:[000000]GCCLIB/LIBRARY
+SYS$SHARE:VAXCRTL/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A DEC C Option File.
+$!
+$ IF (COMPILER.EQS."DECC")
+$ THEN
+$!
+$!  Check To See If We Already Have A DEC C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!
+$     IF ARCH.EQS."VAX"
+$     THEN
+$!
+$!      We Need A DEC C Linker Option File For VAX.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable DEC C Runtime Library.
+!
+SYS$SHARE:DECC$SHR.EXE/SHARE
+$EOD
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Create The AXP Linker Option File.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File For AXP To Link Agianst 
+! The Sharable C Runtime Library.
+!
+SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
+SYS$SHARE:CMA$OPEN_RTL/SHARE
+$EOD
+$!
+$!    End The VAX/AXP DEC C Option File Check.
+$!
+$     ENDIF
+$!
+$!  End The Option File Search.
+$!
+$   ENDIF
+$!
+$! End The DEC C Check.
+$!
+$ ENDIF
+$!
+$!  Tell The User What Linker Option File We Are Using.
+$!
+$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."	
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$!
+$! Check To See If We Have The Appropiate Libraries.
+$!
+$ LIB_CHECK:
+$!
+$! Look For The Library LIBCRYPTO.OLB.
+$!
+$ IF (F$SEARCH(CRYPTO_LIB).EQS."")
+$ THEN
+$!
+$!  Tell The User We Can't Find The LIBCRYPTO.OLB Library.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "Can't Find The Library ",CRYPTO_LIB,"."
+$   WRITE SYS$OUTPUT "We Can't Link Without It."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Since We Can't Link Without It, Exit.
+$!
+$   EXIT
+$!
+$! End The Crypto Library Check.
+$!
+$ ENDIF
+$!
+$! Look For The Library LIBSSL.OLB.
+$!
+$ IF (F$SEARCH(SSL_LIB).EQS."")
+$ THEN
+$!
+$!  Tell The User We Can't Find The LIBSSL.OLB Library.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "Can't Find The Library ",SSL_LIB,"."
+$   WRITE SYS$OUTPUT "Some Of The Test Programs Need To Link To It."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Since We Can't Link Without It, Exit.
+$!
+$   EXIT
+$!
+$! End The SSL Library Check.
+$!
+$ ENDIF
+$!
+$! Time To Return.
+$!
+$ RETURN
+$!
+$! Check The User's Options.
+$!
+$ CHECK_OPTIONS:
+$!
+$! Check To See If P1 Is Blank.
+$!
+$ IF (P1.EQS."NODEBUG")
+$ THEN
+$!
+$!   P1 Is NODEBUG, So Compile Without Debugger Information.
+$!
+$    DEBUGGER  = "NODEBUG"
+$    TRACEBACK = "NOTRACEBACK" 
+$    GCC_OPTIMIZE = "OPTIMIZE"
+$    CC_OPTIMIZE = "OPTIMIZE"
+$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Check To See If We Are To Compile With Debugger Information.
+$!
+$   IF (P1.EQS."DEBUG")
+$   THEN
+$!
+$!    Compile With Debugger Information.
+$!
+$     DEBUGGER  = "DEBUG"
+$     TRACEBACK = "TRACEBACK"
+$     GCC_OPTIMIZE = "NOOPTIMIZE"
+$     CC_OPTIMIZE = "NOOPTIMIZE"
+$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
+$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
+$   ELSE
+$!
+$!    Tell The User Entered An Invalid Option..
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    DEBUG    :  Compile With The Debugger Information."
+$     WRITE SYS$OUTPUT "    NODEBUG  :  Compile Without The Debugger Information."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P1 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P2 Is Blank.
+$!
+$ IF (P2.EQS."")
+$ THEN
+$!
+$!  O.K., The User Didn't Specify A Compiler, Let's Try To
+$!  Find Out Which One To Use.
+$!
+$!  Check To See If We Have GNU C.
+$!
+$   IF (F$TRNLNM("GNU_CC").NES."")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     P2 = "GNUC"
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!  Check To See If We Have VAXC Or DECC.
+$!
+$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     THEN 
+$!
+$!      Looks Like DECC, Set To Use DECC.
+$!
+$       P2 = "DECC"
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Looks Like VAXC, Set To Use VAXC.
+$!
+$       P2 = "VAXC"
+$!
+$!    End The VAXC Compiler Check.
+$!
+$     ENDIF
+$!
+$!  End The DECC & VAXC Compiler Check.
+$!
+$   ENDIF
+$!
+$!  End The Compiler Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Have A Option For P3.
+$!
+$ IF (P3.EQS."")
+$ THEN
+$!
+$!  Find out what socket library we have available
+$!
+$   IF F$PARSE("SOCKETSHR:") .NES. ""
+$   THEN
+$!
+$!    We have SOCKETSHR, and it is my opinion that it's the best to use.
+$!
+$     P3 = "SOCKETSHR"
+$!
+$!    Tell the user
+$!
+$     WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
+$!
+$!    Else, let's look for something else
+$!
+$   ELSE
+$!
+$!    Like UCX (the reason to do this before Multinet is that the UCX
+$!    emulation is easier to use...)
+$!
+$     IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
+	 .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
+	 .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
+$     THEN
+$!
+$!	Last resort: a UCX or UCX-compatible library
+$!
+$	P3 = "UCX"
+$!
+$!      Tell the user
+$!
+$       WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
+$!
+$!	That was all...
+$!
+$     ENDIF
+$   ENDIF
+$ ENDIF
+$!
+$! Set Up Initial CC Definitions, Possibly With User Ones
+$!
+$ CCDEFS = "MONOLITH"
+$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
+$ CCEXTRAFLAGS = ""
+$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
+	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
+$!
+$!  Check To See If The User Entered A Valid Paramter.
+$!
+$ IF (P2.EQS."VAXC").OR.(P2.EQS."DECC").OR.(P2.EQS."GNUC")
+$ THEN
+$!
+$!  Check To See If The User Wanted DECC.
+$!
+$   IF (P2.EQS."DECC")
+$   THEN
+$!
+$!    Looks Like DECC, Set To Use DECC.
+$!
+$     COMPILER = "DECC"
+$!
+$!    Tell The User We Are Using DECC.
+$!
+$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$!    Use DECC...
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
+	 THEN CC = "CC/DECC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+           "/NOLIST/PREFIX=ALL" + -
+	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$!
+$!  End DECC Check.
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use VAXC.
+$!
+$   IF (P2.EQS."VAXC")
+$   THEN
+$!
+$!    Looks Like VAXC, Set To Use VAXC.
+$!
+$     COMPILER = "VAXC"
+$!
+$!    Tell The User We Are Using VAX C.
+$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$!    Compile Using VAXC.
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."AXP"
+$     THEN
+$	WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$	EXIT
+$     ENDIF
+$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
+$     CCDEFS = CCDEFS + ",""VAXC"""
+$!
+$!    Define <sys> As SYS$COMMON:[SYSLIB]
+$!
+$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$!
+$!  End VAXC Check
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use GNU C.
+$!
+$   IF (P2.EQS."GNUC")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     COMPILER = "GNUC"
+$!
+$!    Tell The User We Are Using GNUC.
+$!
+$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$!    Use GNU C...
+$!
+$     IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
+$     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$!
+$!  End The GNU C Check.
+$!
+$   ENDIF
+$!
+$!  Set up default defines
+$!
+$   CCDEFS = """FLAT_INC=1""," + CCDEFS
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
+$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
+$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$ ENDIF
+$!
+$! Time to check the contents, and to make sure we get the correct library.
+$!
+$ IF P3.EQS."SOCKETSHR" .OR. P3.EQS."MULTINET" .OR. P3.EQS."UCX" -
+     .OR. P3.EQS."TCPIP" .OR. P3.EQS."NONE"
+$ THEN
+$!
+$!  Check to see if SOCKETSHR was chosen
+$!
+$   IF P3.EQS."SOCKETSHR"
+$   THEN
+$!
+$!    Set the library to use SOCKETSHR
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$!
+$!    Done with SOCKETSHR
+$!
+$   ENDIF
+$!
+$!  Check to see if MULTINET was chosen
+$!
+$   IF P3.EQS."MULTINET"
+$   THEN
+$!
+$!    Set the library to use UCX emulation.
+$!
+$     P3 = "UCX"
+$!
+$!    Done with MULTINET
+$!
+$   ENDIF
+$!
+$!  Check to see if UCX was chosen
+$!
+$   IF P3.EQS."UCX"
+$   THEN
+$!
+$!    Set the library to use UCX.
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
+$     THEN
+$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$     ELSE
+$       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
+	  TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+$     ENDIF
+$!
+$!    Done with UCX
+$!
+$   ENDIF
+$!
+$!  Check to see if TCPIP (post UCX) was chosen
+$!
+$   IF P3.EQS."TCPIP"
+$   THEN
+$!
+$!    Set the library to use TCPIP.
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$!
+$!    Done with TCPIP
+$!
+$   ENDIF
+$!
+$!  Check to see if NONE was chosen
+$!
+$   IF P3.EQS."NONE"
+$   THEN
+$!
+$!    Do not use TCPIP.
+$!
+$     TCPIP_LIB = ""
+$!
+$!    Done with TCPIP
+$!
+$   ENDIF
+$!
+$!  Add TCP/IP type to CC definitions.
+$!
+$   CCDEFS = CCDEFS + ",TCPIP_TYPE_''P3'"
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
+$   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
+$   WRITE SYS$OUTPUT "    TCPIP      :  To link with TCPIP (post UCX) TCP/IP library."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$!
+$!  Done with TCP/IP libraries
+$!
+$ ENDIF
+$!
+$! Finish up the definition of CC.
+$!
+$ IF COMPILER .EQS. "DECC"
+$ THEN
+$   IF CCDISABLEWARNINGS .NES. ""
+$   THEN
+$     CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$   ENDIF
+$ ELSE
+$   CCDISABLEWARNINGS = ""
+$ ENDIF
+$ CC2 = CC + "/DEFINE=(" + CCDEFS + ",_POSIX_C_SOURCE)" + CCDISABLEWARNINGS
+$ CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$!
+$! Show user the result
+$!
+$ WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
+$!
+$! Special Threads For OpenVMS v7.1 Or Later
+$!
+$! Written By:  Richard Levitte
+$!              richard@levitte.org
+$!
+$!
+$! Check To See If We Have A Option For P4.
+$!
+$ IF (P4.EQS."")
+$ THEN
+$!
+$!  Get The Version Of VMS We Are Using.
+$!
+$   ISSEVEN :=
+$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
+$!
+$!  Check To See If The VMS Version Is v7.1 Or Later.
+$!
+$   IF (TMP.GE.71)
+$   THEN
+$!
+$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
+$!
+$     ISSEVEN := ,PTHREAD_USE_D4
+$!
+$!  End The VMS Version Check.
+$!
+$   ENDIF
+$!
+$! End The P4 Check.
+$!
+$ ENDIF
+$!
+$! Check if the user wanted to compile just a subset of all the programs.
+$!
+$ IF P5 .NES. ""
+$ THEN
+$   PROGRAMS = P5
+$ ENDIF
+$!
+$!  Time To RETURN...
+$!
+$ RETURN
+$!
+$ INITIALISE:
+$!
+$! Save old value of the logical name OPENSSL
+$!
+$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
+$!
+$! Save directory information
+$!
+$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
+$ __HERE = F$EDIT(__HERE,"UPCASE")
+$ __TOP = __HERE - "APPS]"
+$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
+$!
+$! Set up the logical name OPENSSL to point at the include directory
+$!
+$ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$!
+$! Done
+$!
+$ RETURN
+$!
+$ CLEANUP:
+$!
+$! Restore the logical name OPENSSL if it had a value
+$!
+$ IF __SAVE_OPENSSL .EQS. ""
+$ THEN
+$   DEASSIGN OPENSSL
+$ ELSE
+$   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
+$ ENDIF
+$!
+$! Done
+$!
+$ RETURN
diff --git a/apps/mklinks b/apps/mklinks
deleted file mode 100644
index d9be1c35c4..0000000000
--- a/apps/mklinks
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-for i in verify asn1parse req dgst dh enc gendh errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 rmd160 base64 des des3 desx idea rc4 rc2 bf cast rc5 des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb cast5-cbc cast5-ecb cast5-cfb cast5-ofb cast-cbc rc5-cbc rc5-ecb rc5-cfb rc5-ofb 
-do
-echo making symlink for $i
-/bin/rm -f $i
-ln -s ssleay $i
-done
diff --git a/apps/nseq.c b/apps/nseq.c
new file mode 100644
index 0000000000..dc71d45012
--- /dev/null
+++ b/apps/nseq.c
@@ -0,0 +1,167 @@
+/* nseq.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+
+#undef PROG
+#define PROG nseq_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+	char **args, *infile = NULL, *outfile = NULL;
+	BIO *in = NULL, *out = NULL;
+	int toseq = 0;
+	X509 *x509 = NULL;
+	NETSCAPE_CERT_SEQUENCE *seq = NULL;
+	int i, ret = 1;
+	int badarg = 0;
+	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+	ERR_load_crypto_strings();
+	args = argv + 1;
+	while (!badarg && *args && *args[0] == '-') {
+		if (!strcmp (*args, "-toseq")) toseq = 1;
+		else if (!strcmp (*args, "-in")) {
+			if (args[1]) {
+				args++;
+				infile = *args;
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-out")) {
+			if (args[1]) {
+				args++;
+				outfile = *args;
+			} else badarg = 1;
+		} else badarg = 1;
+		args++;
+	}
+
+	if (badarg) {
+		BIO_printf (bio_err, "Netscape certificate sequence utility\n");
+		BIO_printf (bio_err, "Usage nseq [options]\n");
+		BIO_printf (bio_err, "where options are\n");
+		BIO_printf (bio_err, "-in file  input file\n");
+		BIO_printf (bio_err, "-out file output file\n");
+		BIO_printf (bio_err, "-toseq    output NS Sequence file\n");
+		OPENSSL_EXIT(1);
+	}
+
+	if (infile) {
+		if (!(in = BIO_new_file (infile, "r"))) {
+			BIO_printf (bio_err,
+				 "Can't open input file %s\n", infile);
+			goto end;
+		}
+	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+	if (outfile) {
+		if (!(out = BIO_new_file (outfile, "w"))) {
+			BIO_printf (bio_err,
+				 "Can't open output file %s\n", outfile);
+			goto end;
+		}
+	} else {
+		out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+	}
+	if (toseq) {
+		seq = NETSCAPE_CERT_SEQUENCE_new();
+		seq->certs = sk_X509_new_null();
+		while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) 
+		    sk_X509_push(seq->certs,x509);
+
+		if(!sk_X509_num(seq->certs))
+		{
+			BIO_printf (bio_err, "Error reading certs file %s\n", infile);
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+		PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);
+		ret = 0;
+		goto end;
+	}
+
+	if (!(seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL))) {
+		BIO_printf (bio_err, "Error reading sequence file %s\n", infile);
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+
+	for(i = 0; i < sk_X509_num(seq->certs); i++) {
+		x509 = sk_X509_value(seq->certs, i);
+		dump_cert_text(out, x509);
+		PEM_write_bio_X509(out, x509);
+	}
+	ret = 0;
+end:
+	BIO_free(in);
+	BIO_free_all(out);
+	NETSCAPE_CERT_SEQUENCE_free(seq);
+
+	OPENSSL_EXIT(ret);
+}
+
diff --git a/apps/ocsp.c b/apps/ocsp.c
new file mode 100644
index 0000000000..92922bc8ad
--- /dev/null
+++ b/apps/ocsp.c
@@ -0,0 +1,1228 @@
+/* ocsp.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/pem.h>
+#include <openssl/ocsp.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+/* Maximum leeway in validity period: default 5 minutes */
+#define MAX_VALIDITY_PERIOD	(5 * 60)
+
+/* CA index.txt definitions */
+#define DB_type         0
+#define DB_exp_date     1
+#define DB_rev_date     2
+#define DB_serial       3       /* index - unique */
+#define DB_file         4       
+#define DB_name         5       /* index - unique for active */
+#define DB_NUMBER       6
+
+#define DB_TYPE_REV	'R'
+#define DB_TYPE_EXP	'E'
+#define DB_TYPE_VAL	'V'
+
+static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
+				STACK_OF(OCSP_CERTID) *ids);
+static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
+				STACK_OF(OCSP_CERTID) *ids);
+static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
+				STACK *names, STACK_OF(OCSP_CERTID) *ids,
+				long nsec, long maxage);
+
+static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db,
+			X509 *ca, X509 *rcert, EVP_PKEY *rkey,
+			STACK_OF(X509) *rother, unsigned long flags,
+			int nmin, int ndays);
+
+static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser);
+static BIO *init_responder(char *port);
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port);
+static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
+
+#undef PROG
+#define PROG ocsp_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+	{
+	ENGINE *e = NULL;
+	char **args;
+	char *host = NULL, *port = NULL, *path = "/";
+	char *reqin = NULL, *respin = NULL;
+	char *reqout = NULL, *respout = NULL;
+	char *signfile = NULL, *keyfile = NULL;
+	char *rsignfile = NULL, *rkeyfile = NULL;
+	char *outfile = NULL;
+	int add_nonce = 1, noverify = 0, use_ssl = -1;
+	OCSP_REQUEST *req = NULL;
+	OCSP_RESPONSE *resp = NULL;
+	OCSP_BASICRESP *bs = NULL;
+	X509 *issuer = NULL, *cert = NULL;
+	X509 *signer = NULL, *rsigner = NULL;
+	EVP_PKEY *key = NULL, *rkey = NULL;
+	BIO *acbio = NULL, *cbio = NULL;
+	BIO *derbio = NULL;
+	BIO *out = NULL;
+	int req_text = 0, resp_text = 0;
+	long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
+	char *CAfile = NULL, *CApath = NULL;
+	X509_STORE *store = NULL;
+	SSL_CTX *ctx = NULL;
+	STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
+	char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
+	unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
+	int ret = 1;
+	int accept_count = -1;
+	int badarg = 0;
+	int i;
+	STACK *reqnames = NULL;
+	STACK_OF(OCSP_CERTID) *ids = NULL;
+
+	X509 *rca_cert = NULL;
+	char *ridx_filename = NULL;
+	char *rca_filename = NULL;
+	TXT_DB *rdb = NULL;
+	int nmin = 0, ndays = -1;
+
+	if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
+	SSL_load_error_strings();
+	args = argv + 1;
+	reqnames = sk_new_null();
+	ids = sk_OCSP_CERTID_new_null();
+	while (!badarg && *args && *args[0] == '-')
+		{
+		if (!strcmp(*args, "-out"))
+			{
+			if (args[1])
+				{
+				args++;
+				outfile = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-url"))
+			{
+			if (args[1])
+				{
+				args++;
+				if (!OCSP_parse_url(*args, &host, &port, &path, &use_ssl))
+					{
+					BIO_printf(bio_err, "Error parsing URL\n");
+					badarg = 1;
+					}
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-host"))
+			{
+			if (args[1])
+				{
+				args++;
+				host = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-port"))
+			{
+			if (args[1])
+				{
+				args++;
+				port = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-noverify"))
+			noverify = 1;
+		else if (!strcmp(*args, "-nonce"))
+			add_nonce = 2;
+		else if (!strcmp(*args, "-no_nonce"))
+			add_nonce = 0;
+		else if (!strcmp(*args, "-resp_no_certs"))
+			rflags |= OCSP_NOCERTS;
+		else if (!strcmp(*args, "-resp_key_id"))
+			rflags |= OCSP_RESPID_KEY;
+		else if (!strcmp(*args, "-no_certs"))
+			sign_flags |= OCSP_NOCERTS;
+		else if (!strcmp(*args, "-no_signature_verify"))
+			verify_flags |= OCSP_NOSIGS;
+		else if (!strcmp(*args, "-no_cert_verify"))
+			verify_flags |= OCSP_NOVERIFY;
+		else if (!strcmp(*args, "-no_chain"))
+			verify_flags |= OCSP_NOCHAIN;
+		else if (!strcmp(*args, "-no_cert_checks"))
+			verify_flags |= OCSP_NOCHECKS;
+		else if (!strcmp(*args, "-no_explicit"))
+			verify_flags |= OCSP_NOEXPLICIT;
+		else if (!strcmp(*args, "-trust_other"))
+			verify_flags |= OCSP_TRUSTOTHER;
+		else if (!strcmp(*args, "-no_intern"))
+			verify_flags |= OCSP_NOINTERN;
+		else if (!strcmp(*args, "-text"))
+			{
+			req_text = 1;
+			resp_text = 1;
+			}
+		else if (!strcmp(*args, "-req_text"))
+			req_text = 1;
+		else if (!strcmp(*args, "-resp_text"))
+			resp_text = 1;
+		else if (!strcmp(*args, "-reqin"))
+			{
+			if (args[1])
+				{
+				args++;
+				reqin = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-respin"))
+			{
+			if (args[1])
+				{
+				args++;
+				respin = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-signer"))
+			{
+			if (args[1])
+				{
+				args++;
+				signfile = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-VAfile"))
+			{
+			if (args[1])
+				{
+				args++;
+				verify_certfile = *args;
+				verify_flags |= OCSP_TRUSTOTHER;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-sign_other"))
+			{
+			if (args[1])
+				{
+				args++;
+				sign_certfile = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-verify_other"))
+			{
+			if (args[1])
+				{
+				args++;
+				verify_certfile = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-CAfile"))
+			{
+			if (args[1])
+				{
+				args++;
+				CAfile = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-CApath"))
+			{
+			if (args[1])
+				{
+				args++;
+				CApath = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-validity_period"))
+			{
+			if (args[1])
+				{
+				args++;
+				nsec = atol(*args);
+				if (nsec < 0)
+					{
+					BIO_printf(bio_err,
+						"Illegal validity period %s\n",
+						*args);
+					badarg = 1;
+					}
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-status_age"))
+			{
+			if (args[1])
+				{
+				args++;
+				maxage = atol(*args);
+				if (maxage < 0)
+					{
+					BIO_printf(bio_err,
+						"Illegal validity age %s\n",
+						*args);
+					badarg = 1;
+					}
+				}
+			else badarg = 1;
+			}
+		 else if (!strcmp(*args, "-signkey"))
+			{
+			if (args[1])
+				{
+				args++;
+				keyfile = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-reqout"))
+			{
+			if (args[1])
+				{
+				args++;
+				reqout = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-respout"))
+			{
+			if (args[1])
+				{
+				args++;
+				respout = *args;
+				}
+			else badarg = 1;
+			}
+		 else if (!strcmp(*args, "-path"))
+			{
+			if (args[1])
+				{
+				args++;
+				path = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-issuer"))
+			{
+			if (args[1])
+				{
+				args++;
+				X509_free(issuer);
+				issuer = load_cert(bio_err, *args, FORMAT_PEM,
+					NULL, e, "issuer certificate");
+				if(!issuer) goto end;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-cert"))
+			{
+			if (args[1])
+				{
+				args++;
+				X509_free(cert);
+				cert = load_cert(bio_err, *args, FORMAT_PEM,
+					NULL, e, "certificate");
+				if(!cert) goto end;
+				if(!add_ocsp_cert(&req, cert, issuer, ids))
+					goto end;
+				if(!sk_push(reqnames, *args))
+					goto end;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-serial"))
+			{
+			if (args[1])
+				{
+				args++;
+				if(!add_ocsp_serial(&req, *args, issuer, ids))
+					goto end;
+				if(!sk_push(reqnames, *args))
+					goto end;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-index"))
+			{
+			if (args[1])
+				{
+				args++;
+				ridx_filename = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-CA"))
+			{
+			if (args[1])
+				{
+				args++;
+				rca_filename = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-nmin"))
+			{
+			if (args[1])
+				{
+				args++;
+				nmin = atol(*args);
+				if (nmin < 0)
+					{
+					BIO_printf(bio_err,
+						"Illegal update period %s\n",
+						*args);
+					badarg = 1;
+					}
+				}
+				if (ndays == -1)
+					ndays = 0;
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-nrequest"))
+			{
+			if (args[1])
+				{
+				args++;
+				accept_count = atol(*args);
+				if (accept_count < 0)
+					{
+					BIO_printf(bio_err,
+						"Illegal accept count %s\n",
+						*args);
+					badarg = 1;
+					}
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-ndays"))
+			{
+			if (args[1])
+				{
+				args++;
+				ndays = atol(*args);
+				if (ndays < 0)
+					{
+					BIO_printf(bio_err,
+						"Illegal update period %s\n",
+						*args);
+					badarg = 1;
+					}
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-rsigner"))
+			{
+			if (args[1])
+				{
+				args++;
+				rsignfile = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-rkey"))
+			{
+			if (args[1])
+				{
+				args++;
+				rkeyfile = *args;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args, "-rother"))
+			{
+			if (args[1])
+				{
+				args++;
+				rcertfile = *args;
+				}
+			else badarg = 1;
+			}
+		else badarg = 1;
+		args++;
+		}
+
+	/* Have we anything to do? */
+	if (!req && !reqin && !respin && !(port && ridx_filename)) badarg = 1;
+
+	if (badarg)
+		{
+		BIO_printf (bio_err, "OCSP utility\n");
+		BIO_printf (bio_err, "Usage ocsp [options]\n");
+		BIO_printf (bio_err, "where options are\n");
+		BIO_printf (bio_err, "-out file          output filename\n");
+		BIO_printf (bio_err, "-issuer file       issuer certificate\n");
+		BIO_printf (bio_err, "-cert file         certificate to check\n");
+		BIO_printf (bio_err, "-serial n          serial number to check\n");
+		BIO_printf (bio_err, "-signer file       certificate to sign OCSP request with\n");
+		BIO_printf (bio_err, "-signkey file      private key to sign OCSP request with\n");
+		BIO_printf (bio_err, "-sign_certs file   additional certificates to include in signed request\n");
+		BIO_printf (bio_err, "-no_certs          don't include any certificates in signed request\n");
+		BIO_printf (bio_err, "-req_text          print text form of request\n");
+		BIO_printf (bio_err, "-resp_text         print text form of response\n");
+		BIO_printf (bio_err, "-text              print text form of request and response\n");
+		BIO_printf (bio_err, "-reqout file       write DER encoded OCSP request to \"file\"\n");
+		BIO_printf (bio_err, "-respout file      write DER encoded OCSP reponse to \"file\"\n");
+		BIO_printf (bio_err, "-reqin file        read DER encoded OCSP request from \"file\"\n");
+		BIO_printf (bio_err, "-respin file       read DER encoded OCSP reponse from \"file\"\n");
+		BIO_printf (bio_err, "-nonce             add OCSP nonce to request\n");
+		BIO_printf (bio_err, "-no_nonce          don't add OCSP nonce to request\n");
+		BIO_printf (bio_err, "-url URL           OCSP responder URL\n");
+		BIO_printf (bio_err, "-host host:n       send OCSP request to host on port n\n");
+		BIO_printf (bio_err, "-path              path to use in OCSP request\n");
+		BIO_printf (bio_err, "-CApath dir        trusted certificates directory\n");
+		BIO_printf (bio_err, "-CAfile file       trusted certificates file\n");
+		BIO_printf (bio_err, "-VAfile file       validator certificates file\n");
+		BIO_printf (bio_err, "-validity_period n maximum validity discrepancy in seconds\n");
+		BIO_printf (bio_err, "-status_age n      maximum status age in seconds\n");
+		BIO_printf (bio_err, "-noverify          don't verify response at all\n");
+		BIO_printf (bio_err, "-verify_certs file additional certificates to search for signer\n");
+		BIO_printf (bio_err, "-trust_other       don't verify additional certificates\n");
+		BIO_printf (bio_err, "-no_intern         don't search certificates contained in response for signer\n");
+		BIO_printf (bio_err, "-no_sig_verify     don't check signature on response\n");
+		BIO_printf (bio_err, "-no_cert_verify    don't check signing certificate\n");
+		BIO_printf (bio_err, "-no_chain          don't chain verify response\n");
+		BIO_printf (bio_err, "-no_cert_checks    don't do additional checks on signing certificate\n");
+		BIO_printf (bio_err, "-port num		 port to run responder on\n");
+		BIO_printf (bio_err, "-index file	 certificate status index file\n");
+		BIO_printf (bio_err, "-CA file		 CA certificate\n");
+		BIO_printf (bio_err, "-rsigner file	 responder certificate to sign responses with\n");
+		BIO_printf (bio_err, "-rkey file	 responder key to sign responses with\n");
+		BIO_printf (bio_err, "-rother file	 other certificates to include in response\n");
+		BIO_printf (bio_err, "-resp_no_certs     don't include any certificates in response\n");
+		BIO_printf (bio_err, "-nmin n	 	 number of minutes before next update\n");
+		BIO_printf (bio_err, "-ndays n	 	 number of days before next update\n");
+		BIO_printf (bio_err, "-resp_key_id       identify reponse by signing certificate key ID\n");
+		BIO_printf (bio_err, "-nrequest n        number of requests to accept (default unlimited)\n");
+		goto end;
+		}
+
+	if(outfile) out = BIO_new_file(outfile, "w");
+	else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+	if(!out)
+		{
+		BIO_printf(bio_err, "Error opening output file\n");
+		goto end;
+		}
+
+	if (!req && (add_nonce != 2)) add_nonce = 0;
+
+	if (!req && reqin)
+		{
+		derbio = BIO_new_file(reqin, "rb");
+		if (!derbio)
+			{
+			BIO_printf(bio_err, "Error Opening OCSP request file\n");
+			goto end;
+			}
+		req = d2i_OCSP_REQUEST_bio(derbio, NULL);
+		BIO_free(derbio);
+		if(!req)
+			{
+			BIO_printf(bio_err, "Error reading OCSP request\n");
+			goto end;
+			}
+		}
+
+	if (!req && port)
+		{
+		acbio = init_responder(port);
+		if (!acbio)
+			goto end;
+		}
+
+	if (rsignfile && !rdb)
+		{
+		if (!rkeyfile) rkeyfile = rsignfile;
+		rsigner = load_cert(bio_err, rsignfile, FORMAT_PEM,
+			NULL, e, "responder certificate");
+		if (!rsigner)
+			{
+			BIO_printf(bio_err, "Error loading responder certificate\n");
+			goto end;
+			}
+		rca_cert = load_cert(bio_err, rca_filename, FORMAT_PEM,
+			NULL, e, "CA certificate");
+		if (rcertfile)
+			{
+			rother = load_certs(bio_err, rcertfile, FORMAT_PEM,
+				NULL, e, "responder other certificates");
+			if (!rother) goto end;
+			}
+		rkey = load_key(bio_err, rkeyfile, FORMAT_PEM, 0, NULL, NULL,
+			"responder private key");
+		if (!rkey)
+			goto end;
+		}
+	if(acbio)
+		BIO_printf(bio_err, "Waiting for OCSP client connections...\n");
+
+	redo_accept:
+
+	if (acbio)
+		{
+		if (!do_responder(&req, &cbio, acbio, port))
+			goto end;
+		if (!req)
+			{
+			resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
+			send_ocsp_response(cbio, resp);
+			goto done_resp;
+			}
+		}
+
+	if (!req && (signfile || reqout || host || add_nonce || ridx_filename))
+		{
+		BIO_printf(bio_err, "Need an OCSP request for this operation!\n");
+		goto end;
+		}
+
+	if (req && add_nonce) OCSP_request_add1_nonce(req, NULL, -1);
+
+	if (signfile)
+		{
+		if (!keyfile) keyfile = signfile;
+		signer = load_cert(bio_err, signfile, FORMAT_PEM,
+			NULL, e, "signer certificate");
+		if (!signer)
+			{
+			BIO_printf(bio_err, "Error loading signer certificate\n");
+			goto end;
+			}
+		if (sign_certfile)
+			{
+			sign_other = load_certs(bio_err, sign_certfile, FORMAT_PEM,
+				NULL, e, "signer certificates");
+			if (!sign_other) goto end;
+			}
+		key = load_key(bio_err, keyfile, FORMAT_PEM, 0, NULL, NULL,
+			"signer private key");
+		if (!key)
+			goto end;
+		if (!OCSP_request_sign(req, signer, key, EVP_sha1(), sign_other, sign_flags))
+			{
+			BIO_printf(bio_err, "Error signing OCSP request\n");
+			goto end;
+			}
+		}
+
+	if (req_text && req) OCSP_REQUEST_print(out, req, 0);
+
+	if (reqout)
+		{
+		derbio = BIO_new_file(reqout, "wb");
+		if(!derbio)
+			{
+			BIO_printf(bio_err, "Error opening file %s\n", reqout);
+			goto end;
+			}
+		i2d_OCSP_REQUEST_bio(derbio, req);
+		BIO_free(derbio);
+		}
+
+	if (ridx_filename && (!rkey || !rsigner || !rca_cert))
+		{
+		BIO_printf(bio_err, "Need a responder certificate, key and CA for this operation!\n");
+		goto end;
+		}
+
+	if (ridx_filename && !rdb)
+		{
+		BIO *db_bio = NULL;
+		db_bio = BIO_new_file(ridx_filename, "r");
+		if (!db_bio)
+			{
+			BIO_printf(bio_err, "Error opening index file %s\n", ridx_filename);
+			goto end;
+			}
+		rdb = TXT_DB_read(db_bio, DB_NUMBER);
+		BIO_free(db_bio);
+		if (!rdb)
+			{
+			BIO_printf(bio_err, "Error reading index file %s\n", ridx_filename);
+			goto end;
+			}
+		if (!make_serial_index(rdb))
+			goto end;
+		}
+
+	if (rdb)
+		{
+		i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays);
+		if (cbio)
+			send_ocsp_response(cbio, resp);
+		}
+	else if (host)
+		{
+		cbio = BIO_new_connect(host);
+		if (!cbio)
+			{
+			BIO_printf(bio_err, "Error creating connect BIO\n");
+			goto end;
+			}
+		if (port) BIO_set_conn_port(cbio, port);
+		if (use_ssl == 1)
+			{
+			BIO *sbio;
+			ctx = SSL_CTX_new(SSLv23_client_method());
+			SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
+			sbio = BIO_new_ssl(ctx, 1);
+			cbio = BIO_push(sbio, cbio);
+			}
+		if (BIO_do_connect(cbio) <= 0)
+			{
+			BIO_printf(bio_err, "Error connecting BIO\n");
+			goto end;
+			}
+		resp = OCSP_sendreq_bio(cbio, path, req);
+		BIO_free_all(cbio);
+		cbio = NULL;
+		if (!resp)
+			{
+			BIO_printf(bio_err, "Error querying OCSP responsder\n");
+			goto end;
+			}
+		}
+	else if (respin)
+		{
+		derbio = BIO_new_file(respin, "rb");
+		if (!derbio)
+			{
+			BIO_printf(bio_err, "Error Opening OCSP response file\n");
+			goto end;
+			}
+		resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);
+		BIO_free(derbio);
+		if(!resp)
+			{
+			BIO_printf(bio_err, "Error reading OCSP response\n");
+			goto end;
+			}
+	
+		}
+	else
+		{
+		ret = 0;
+		goto end;
+		}
+
+	done_resp:
+
+	if (respout)
+		{
+		derbio = BIO_new_file(respout, "wb");
+		if(!derbio)
+			{
+			BIO_printf(bio_err, "Error opening file %s\n", respout);
+			goto end;
+			}
+		i2d_OCSP_RESPONSE_bio(derbio, resp);
+		BIO_free(derbio);
+		}
+
+	i = OCSP_response_status(resp);
+
+	if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL)
+		{
+		BIO_printf(out, "Responder Error: %s (%ld)\n",
+				OCSP_response_status_str(i), i);
+		ret = 0;
+		goto end;
+		}
+
+	if (resp_text) OCSP_RESPONSE_print(out, resp, 0);
+
+	/* If running as responder don't verify our own response */
+	if (cbio)
+		{
+		if (accept_count > 0)
+			accept_count--;
+		/* Redo if more connections needed */
+		if (accept_count)
+			{
+			BIO_free_all(cbio);
+			cbio = NULL;
+			OCSP_REQUEST_free(req);
+			req = NULL;
+			OCSP_RESPONSE_free(resp);
+			resp = NULL;
+			goto redo_accept;
+			}
+		goto end;
+		}
+
+	if (!store)
+		store = setup_verify(bio_err, CAfile, CApath);
+	if (!store)
+		goto end;
+	if (verify_certfile)
+		{
+		verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,
+			NULL, e, "validator certificate");
+		if (!verify_other) goto end;
+		}
+
+	bs = OCSP_response_get1_basic(resp);
+
+	if (!bs)
+		{
+		BIO_printf(bio_err, "Error parsing response\n");
+		goto end;
+		}
+
+	if (!noverify)
+		{
+		if (req && ((i = OCSP_check_nonce(req, bs)) <= 0))
+			{
+			if (i == -1)
+				BIO_printf(bio_err, "WARNING: no nonce in response\n");
+			else
+				{
+				BIO_printf(bio_err, "Nonce Verify error\n");
+				goto end;
+				}
+			}
+
+		i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
+                if (i < 0) i = OCSP_basic_verify(bs, NULL, store, 0);
+
+		if(i <= 0)
+			{
+			BIO_printf(bio_err, "Response Verify Failure\n", i);
+			ERR_print_errors(bio_err);
+			}
+		else
+			BIO_printf(bio_err, "Response verify OK\n");
+
+		}
+
+	if (!print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage))
+		goto end;
+
+	ret = 0;
+
+end:
+	ERR_print_errors(bio_err);
+	X509_free(signer);
+	X509_STORE_free(store);
+	EVP_PKEY_free(key);
+	EVP_PKEY_free(rkey);
+	X509_free(issuer);
+	X509_free(cert);
+	X509_free(rsigner);
+	X509_free(rca_cert);
+	TXT_DB_free(rdb);
+	BIO_free_all(cbio);
+	BIO_free_all(acbio);
+	BIO_free(out);
+	OCSP_REQUEST_free(req);
+	OCSP_RESPONSE_free(resp);
+	OCSP_BASICRESP_free(bs);
+	sk_free(reqnames);
+	sk_OCSP_CERTID_free(ids);
+	sk_X509_pop_free(sign_other, X509_free);
+	sk_X509_pop_free(verify_other, X509_free);
+
+	if (use_ssl != -1)
+		{
+		OPENSSL_free(host);
+		OPENSSL_free(port);
+		OPENSSL_free(path);
+		SSL_CTX_free(ctx);
+		}
+
+	OPENSSL_EXIT(ret);
+}
+
+static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert, X509 *issuer,
+				STACK_OF(OCSP_CERTID) *ids)
+	{
+	OCSP_CERTID *id;
+	if(!issuer)
+		{
+		BIO_printf(bio_err, "No issuer certificate specified\n");
+		return 0;
+		}
+	if(!*req) *req = OCSP_REQUEST_new();
+	if(!*req) goto err;
+	id = OCSP_cert_to_id(NULL, cert, issuer);
+	if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
+	if(!OCSP_request_add0_id(*req, id)) goto err;
+	return 1;
+
+	err:
+	BIO_printf(bio_err, "Error Creating OCSP request\n");
+	return 0;
+	}
+
+static int add_ocsp_serial(OCSP_REQUEST **req, char *serial, X509 *issuer,
+				STACK_OF(OCSP_CERTID) *ids)
+	{
+	OCSP_CERTID *id;
+	X509_NAME *iname;
+	ASN1_BIT_STRING *ikey;
+	ASN1_INTEGER *sno;
+	if(!issuer)
+		{
+		BIO_printf(bio_err, "No issuer certificate specified\n");
+		return 0;
+		}
+	if(!*req) *req = OCSP_REQUEST_new();
+	if(!*req) goto err;
+	iname = X509_get_subject_name(issuer);
+	ikey = X509_get0_pubkey_bitstr(issuer);
+	sno = s2i_ASN1_INTEGER(NULL, serial);
+	if(!sno)
+		{
+		BIO_printf(bio_err, "Error converting serial number %s\n", serial);
+		return 0;
+		}
+	id = OCSP_cert_id_new(EVP_sha1(), iname, ikey, sno);
+	ASN1_INTEGER_free(sno);
+	if(!id || !sk_OCSP_CERTID_push(ids, id)) goto err;
+	if(!OCSP_request_add0_id(*req, id)) goto err;
+	return 1;
+
+	err:
+	BIO_printf(bio_err, "Error Creating OCSP request\n");
+	return 0;
+	}
+
+static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
+					STACK *names, STACK_OF(OCSP_CERTID) *ids,
+					long nsec, long maxage)
+	{
+	OCSP_CERTID *id;
+	char *name;
+	int i;
+
+	int status, reason;
+
+	ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
+
+	if (!bs || !req || !sk_num(names) || !sk_OCSP_CERTID_num(ids))
+		return 1;
+
+	for (i = 0; i < sk_OCSP_CERTID_num(ids); i++)
+		{
+		id = sk_OCSP_CERTID_value(ids, i);
+		name = sk_value(names, i);
+		BIO_printf(out, "%s: ", name);
+
+		if(!OCSP_resp_find_status(bs, id, &status, &reason,
+					&rev, &thisupd, &nextupd))
+			{
+			BIO_puts(out, "ERROR: No Status found.\n");
+			continue;
+			}
+
+		/* Check validity: if invalid write to output BIO so we
+		 * know which response this refers to.
+		 */
+		if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage))
+			{
+			BIO_puts(out, "WARNING: Status times invalid.\n");
+			ERR_print_errors(out);
+			}
+		BIO_printf(out, "%s\n", OCSP_cert_status_str(status));
+
+		BIO_puts(out, "\tThis Update: ");
+		ASN1_GENERALIZEDTIME_print(out, thisupd);
+		BIO_puts(out, "\n");
+
+		if(nextupd)
+			{
+			BIO_puts(out, "\tNext Update: ");
+			ASN1_GENERALIZEDTIME_print(out, nextupd);
+			BIO_puts(out, "\n");
+			}
+
+		if (status != V_OCSP_CERTSTATUS_REVOKED)
+			continue;
+
+		if (reason != -1)
+			BIO_printf(out, "\tReason: %s\n",
+				OCSP_crl_reason_str(reason));
+
+		BIO_puts(out, "\tRevocation Time: ");
+		ASN1_GENERALIZEDTIME_print(out, rev);
+		BIO_puts(out, "\n");
+		}
+
+	return 1;
+	}
+
+
+static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, TXT_DB *db,
+			X509 *ca, X509 *rcert, EVP_PKEY *rkey,
+			STACK_OF(X509) *rother, unsigned long flags,
+			int nmin, int ndays)
+	{
+	ASN1_TIME *thisupd = NULL, *nextupd = NULL;
+	OCSP_CERTID *cid, *ca_id = NULL;
+	OCSP_BASICRESP *bs = NULL;
+	int i, id_count, ret = 1;
+
+
+	id_count = OCSP_request_onereq_count(req);
+
+	if (id_count <= 0)
+		{
+		*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
+		goto end;
+		}
+
+	ca_id = OCSP_cert_to_id(EVP_sha1(), NULL, ca);
+
+	bs = OCSP_BASICRESP_new();
+	thisupd = X509_gmtime_adj(NULL, 0);
+	if (ndays != -1)
+		nextupd = X509_gmtime_adj(NULL, nmin * 60 + ndays * 3600 * 24 );
+
+	/* Examine each certificate id in the request */
+	for (i = 0; i < id_count; i++)
+		{
+		OCSP_ONEREQ *one;
+		ASN1_INTEGER *serial;
+		char **inf;
+		one = OCSP_request_onereq_get0(req, i);
+		cid = OCSP_onereq_get0_id(one);
+		/* Is this request about our CA? */
+		if (OCSP_id_issuer_cmp(ca_id, cid))
+			{
+			OCSP_basic_add1_status(bs, cid,
+						V_OCSP_CERTSTATUS_UNKNOWN,
+						0, NULL,
+						thisupd, nextupd);
+			continue;
+			}
+		OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid);
+		inf = lookup_serial(db, serial);
+		if (!inf)
+			OCSP_basic_add1_status(bs, cid,
+						V_OCSP_CERTSTATUS_UNKNOWN,
+						0, NULL,
+						thisupd, nextupd);
+		else if (inf[DB_type][0] == DB_TYPE_VAL)
+			OCSP_basic_add1_status(bs, cid,
+						V_OCSP_CERTSTATUS_GOOD,
+						0, NULL,
+						thisupd, nextupd);
+		else if (inf[DB_type][0] == DB_TYPE_REV)
+			{
+			ASN1_OBJECT *inst = NULL;
+			ASN1_TIME *revtm = NULL;
+			ASN1_GENERALIZEDTIME *invtm = NULL;
+			OCSP_SINGLERESP *single;
+			int reason = -1;
+			unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]);
+			single = OCSP_basic_add1_status(bs, cid,
+						V_OCSP_CERTSTATUS_REVOKED,
+						reason, revtm,
+						thisupd, nextupd);
+			if (invtm)
+				OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date, invtm, 0, 0);
+			else if (inst)
+				OCSP_SINGLERESP_add1_ext_i2d(single, NID_hold_instruction_code, inst, 0, 0);
+			ASN1_OBJECT_free(inst);
+			ASN1_TIME_free(revtm);
+			ASN1_GENERALIZEDTIME_free(invtm);
+			}
+		}
+
+	OCSP_copy_nonce(bs, req);
+		
+	OCSP_basic_sign(bs, rcert, rkey, EVP_sha1(), rother, flags);
+
+	*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
+
+	end:
+	ASN1_TIME_free(thisupd);
+	ASN1_TIME_free(nextupd);
+	OCSP_CERTID_free(ca_id);
+	OCSP_BASICRESP_free(bs);
+	return ret;
+
+	}
+
+static char **lookup_serial(TXT_DB *db, ASN1_INTEGER *ser)
+	{
+	int i;
+	BIGNUM *bn = NULL;
+	char *itmp, *row[DB_NUMBER],**rrow;
+	for (i = 0; i < DB_NUMBER; i++) row[i] = NULL;
+	bn = ASN1_INTEGER_to_BN(ser,NULL);
+	if (BN_is_zero(bn))
+		itmp = BUF_strdup("00");
+	else
+		itmp = BN_bn2hex(bn);
+	row[DB_serial] = itmp;
+	BN_free(bn);
+	rrow=TXT_DB_get_by_index(db,DB_serial,row);
+	OPENSSL_free(itmp);
+	return rrow;
+	}
+
+/* Quick and dirty OCSP server: read in and parse input request */
+
+static BIO *init_responder(char *port)
+	{
+	BIO *acbio = NULL, *bufbio = NULL;
+	bufbio = BIO_new(BIO_f_buffer());
+	if (!bufbio) 
+		goto err;
+	acbio = BIO_new_accept(port);
+	if (!acbio)
+		goto err;
+	BIO_set_accept_bios(acbio, bufbio);
+	bufbio = NULL;
+
+	if (BIO_do_accept(acbio) <= 0)
+		{
+			BIO_printf(bio_err, "Error setting up accept BIO\n");
+			ERR_print_errors(bio_err);
+			goto err;
+		}
+
+	return acbio;
+
+	err:
+	BIO_free_all(acbio);
+	BIO_free(bufbio);
+	return NULL;
+	}
+
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, char *port)
+	{
+	int have_post = 0, len;
+	OCSP_REQUEST *req = NULL;
+	char inbuf[1024];
+	BIO *cbio = NULL;
+
+	if (BIO_do_accept(acbio) <= 0)
+		{
+			BIO_printf(bio_err, "Error accepting connection\n");
+			ERR_print_errors(bio_err);
+			return 0;
+		}
+
+	cbio = BIO_pop(acbio);
+	*pcbio = cbio;
+
+	for(;;)
+		{
+		len = BIO_gets(cbio, inbuf, sizeof inbuf);
+		if (len <= 0)
+			return 1;
+		/* Look for "POST" signalling start of query */
+		if (!have_post)
+			{
+			if(strncmp(inbuf, "POST", 4))
+				{
+				BIO_printf(bio_err, "Invalid request\n");
+				return 1;
+				}
+			have_post = 1;
+			}
+		/* Look for end of headers */
+		if ((inbuf[0] == '\r') || (inbuf[0] == '\n'))
+			break;
+		}
+
+	/* Try to read OCSP request */
+
+	req = d2i_OCSP_REQUEST_bio(cbio, NULL);
+
+	if (!req)
+		{
+		BIO_printf(bio_err, "Error parsing OCSP request\n");
+		ERR_print_errors(bio_err);
+		}
+
+	*preq = req;
+
+	return 1;
+
+	}
+
+static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
+	{
+	char http_resp[] = 
+		"HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"
+		"Content-Length: %d\r\n\r\n";
+	if (!cbio)
+		return 0;
+	BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL));
+	i2d_OCSP_RESPONSE_bio(cbio, resp);
+	BIO_flush(cbio);
+	return 1;
+	}
+
diff --git a/apps/openssl-vms.cnf b/apps/openssl-vms.cnf
new file mode 100644
index 0000000000..d4498713fa
--- /dev/null
+++ b/apps/openssl-vms.cnf
@@ -0,0 +1,236 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+RANDFILE		= $ENV::HOME/.rnd
+oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca	= CA_default		# The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir		= sys\$disk:[.demoCA	# Where everything is kept
+certs		= $dir.certs]		# Where the issued certs are kept
+crl_dir		= $dir.crl]		# Where the issued crl are kept
+database	= $dir]index.txt	# database index file.
+new_certs_dir	= $dir.newcerts]	# default place for new certs.
+
+certificate	= $dir]cacert.pem 	# The CA certificate
+serial		= $dir]serial.		# The current serial number
+crl		= $dir]crl.pem 		# The current CRL
+private_key	= $dir.private]cakey.pem# The private key
+RANDFILE	= $dir.private].rand	# private random number file
+
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
+default_days	= 365			# how long to certify for
+default_crl_days= 30			# how long before next CRL
+default_md	= md5			# which md to use.
+preserve	= no			# keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy		= policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName		= match
+stateOrProvinceName	= match
+organizationName	= match
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName		= optional
+stateOrProvinceName	= optional
+localityName		= optional
+organizationName	= optional
+organizationalUnitName	= optional
+commonName		= supplied
+emailAddress		= optional
+
+####################################################################
+[ req ]
+default_bits		= 1024
+default_keyfile 	= privkey.pem
+distinguished_name	= req_distinguished_name
+attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# This sets the permitted types in a DirectoryString. There are several
+# options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nobmp : PrintableString, T61String (no BMPStrings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+dirstring_type = nobmp
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+countryName_min			= 2
+countryName_max			= 2
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Some-State
+
+localityName			= Locality Name (eg, city)
+
+0.organizationName		= Organization Name (eg, company)
+0.organizationName_default	= Internet Widgits Pty Ltd
+
+# we can do this but it is not needed normally :-)
+#1.organizationName		= Second Organization Name (eg, company)
+#1.organizationName_default	= World Wide Web Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+#organizationalUnitName_default	=
+
+commonName			= Common Name (eg, YOUR name)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 40
+
+# SET-ex3			= SET extension number 3
+
+[ req_attributes ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/apps/openssl.c b/apps/openssl.c
index 739a0e8f31..47896472e8 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -1,4 +1,4 @@
-/* apps/ssleay.c */
+/* apps/openssl.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -55,73 +55,171 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
-#ifndef DEBUG
-#undef DEBUG
-#endif
 
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "bio.h"
-#include "crypto.h"
-#include "lhash.h"
-#include "conf.h"
-#include "x509.h"
-#include "pem.h"
-#include "ssl.h"
-#define SSLEAY	/* turn off a few special case MONOLITH macros */
-#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
-#define SSLEAY_SRC
+#define OPENSSL_C /* tells apps.h to use complete apps_startup() */
 #include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#include <openssl/engine.h>
+#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
+#include "progs.h"
 #include "s_apps.h"
-#include "err.h"
+#include <openssl/err.h>
 
-/*
-#ifdef WINDOWS
-#include "bss_file.c"
-#endif
-*/
+/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
+ * base prototypes (we cast each variable inside the function to the required
+ * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
+ * functions. */
 
-#ifndef NOPROTO
-static unsigned long MS_CALLBACK hash(FUNCTION *a);
-static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
+/* static unsigned long MS_CALLBACK hash(FUNCTION *a); */
+static unsigned long MS_CALLBACK hash(const void *a_void);
+/* static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b); */
+static int MS_CALLBACK cmp(const void *a_void,const void *b_void);
 static LHASH *prog_init(void );
 static int do_cmd(LHASH *prog,int argc,char *argv[]);
-#else
-static unsigned long MS_CALLBACK hash();
-static int MS_CALLBACK cmp();
-static LHASH *prog_init();
-static int do_cmd();
+char *default_config_file=NULL;
+
+/* Make sure there is only one when MONOLITH is defined */
+#ifdef MONOLITH
+CONF *config=NULL;
+BIO *bio_err=NULL;
 #endif
 
-LHASH *config=NULL;
-char *default_config_file=NULL;
 
-#ifdef DEBUG
-static void sig_stop(i)
-int i;
+static void lock_dbg_cb(int mode, int type, const char *file, int line)
 	{
-	char *a=NULL;
+	static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
+	const char *errstr = NULL;
+	int rw;
+	
+	rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
+	if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
+		{
+		errstr = "invalid mode";
+		goto err;
+		}
+
+	if (type < 0 || type > CRYPTO_NUM_LOCKS)
+		{
+		errstr = "type out of bounds";
+		goto err;
+		}
+
+	if (mode & CRYPTO_LOCK)
+		{
+		if (modes[type])
+			{
+			errstr = "already locked";
+			/* must not happen in a single-threaded program
+			 * (would deadlock) */
+			goto err;
+			}
+
+		modes[type] = rw;
+		}
+	else if (mode & CRYPTO_UNLOCK)
+		{
+		if (!modes[type])
+			{
+			errstr = "not locked";
+			goto err;
+			}
+		
+		if (modes[type] != rw)
+			{
+			errstr = (rw == CRYPTO_READ) ?
+				"CRYPTO_r_unlock on write lock" :
+				"CRYPTO_w_unlock on read lock";
+			}
 
-	*a='\0';
+		modes[type] = 0;
+		}
+	else
+		{
+		errstr = "invalid mode";
+		goto err;
+		}
+
+ err:
+	if (errstr)
+		{
+		/* we cannot use bio_err here */
+		fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
+			errstr, mode, type, file, line);
+		}
 	}
-#endif
 
-/* Make sure there is only one when MONOLITH is defined */
-#ifdef MONOLITH
-BIO *bio_err=NULL;
-#endif
 
-int main(Argc,Argv)
-int Argc;
-char *Argv[];
+int main(int Argc, char *Argv[])
 	{
 	ARGS arg;
-#define PROG_NAME_SIZE	16
-	char pname[PROG_NAME_SIZE];
+#define PROG_NAME_SIZE	39
+	char pname[PROG_NAME_SIZE+1];
 	FUNCTION f,*fp;
-	MS_STATIC char *prompt,buf[1024],config_name[256];
+	MS_STATIC char *prompt,buf[1024];
+	char *to_free=NULL;
 	int n,i,ret=0;
 	int argc;
 	char **argv,*p;
@@ -131,48 +229,59 @@ char *Argv[];
 	arg.data=NULL;
 	arg.count=0;
 
-	/* SSLeay_add_ssl_algorithms(); is called in apps_startup() */
-	apps_startup();
-
-#if defined(DEBUG) && !defined(WINDOWS) && !defined(MSDOS)
-#ifdef SIGBUS
-	signal(SIGBUS,sig_stop);
-#endif
-#ifdef SIGSEGV
-	signal(SIGSEGV,sig_stop);
-#endif
-#endif
-
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) /* if not defined, use compiled-in library defaults */
+		{
+		if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))
+			{
+			CRYPTO_malloc_debug_init();
+			CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+			}
+		else
+			{
+			/* OPENSSL_DEBUG_MEMORY=off */
+			CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+			}
+		}
 	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 
-	ERR_load_crypto_strings();
+#if 0
+	if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
+#endif
+		{
+		CRYPTO_set_locking_callback(lock_dbg_cb);
+		}
+
+	apps_startup();
 
 	/* Lets load up our environment a little */
-	p=getenv("SSLEAY_CONF");
+	p=getenv("OPENSSL_CONF");
 	if (p == NULL)
-		{
-		strcpy(config_name,X509_get_default_cert_area());
-		strcat(config_name,"/lib/");
-		strcat(config_name,SSLEAY_CONF);
-		p=config_name;
-		}
+		p=getenv("SSLEAY_CONF");
+	if (p == NULL)
+		p=to_free=make_config_name();
 
 	default_config_file=p;
 
-	config=CONF_load(config,p,&errline);
-	if (config == NULL) ERR_clear_error();
+	config=NCONF_new(NULL);
+	i=NCONF_load(config,p,&errline);
+	if (i == 0)
+		{
+		NCONF_free(config);
+		config = NULL;
+		ERR_clear_error();
+		}
 
 	prog=prog_init();
 
 	/* first check the program name */
-	program_name(Argv[0],pname,PROG_NAME_SIZE);
+	program_name(Argv[0],pname,sizeof pname);
 
 	f.name=pname;
-	fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
+	fp=(FUNCTION *)lh_retrieve(prog,&f);
 	if (fp != NULL)
 		{
 		Argv[0]=pname;
@@ -191,20 +300,20 @@ char *Argv[];
 		goto end;
 		}
 
-	/* ok, lets enter the old 'SSLeay>' mode */
+	/* ok, lets enter the old 'OpenSSL>' mode */
 	
 	for (;;)
 		{
 		ret=0;
 		p=buf;
-		n=1024;
+		n=sizeof buf;
 		i=0;
 		for (;;)
 			{
 			p[0]='\0';
 			if (i++)
 				prompt=">";
-			else	prompt="SSLeay>";
+			else	prompt="OpenSSL> ";
 			fputs(prompt,stdout);
 			fflush(stdout);
 			fgets(p,n,stdin);
@@ -226,22 +335,22 @@ char *Argv[];
 			}
 		if (ret != 0)
 			BIO_printf(bio_err,"error in %s\n",argv[0]);
-		BIO_flush(bio_err);
+		(void)BIO_flush(bio_err);
 		}
 	BIO_printf(bio_err,"bad exit\n");
 	ret=1;
 end:
+	if (to_free)
+		OPENSSL_free(to_free);
 	if (config != NULL)
 		{
-		CONF_free(config);
+		NCONF_free(config);
 		config=NULL;
 		}
 	if (prog != NULL) lh_free(prog);
-	if (arg.data != NULL) Free(arg.data);
-	ERR_remove_state(0);
+	if (arg.data != NULL) OPENSSL_free(arg.data);
 
-	EVP_cleanup();
-	ERR_free_strings();
+	apps_shutdown();
 
 	CRYPTO_mem_leaks(bio_err);
 	if (bio_err != NULL)
@@ -249,13 +358,14 @@ end:
 		BIO_free(bio_err);
 		bio_err=NULL;
 		}
-	EXIT(ret);
+	OPENSSL_EXIT(ret);
 	}
 
-static int do_cmd(prog,argc,argv)
-LHASH *prog;
-int argc;
-char *argv[];
+#define LIST_STANDARD_COMMANDS "list-standard-commands"
+#define LIST_MESSAGE_DIGEST_COMMANDS "list-message-digest-commands"
+#define LIST_CIPHER_COMMANDS "list-cipher-commands"
+
+static int do_cmd(LHASH *prog, int argc, char *argv[])
 	{
 	FUNCTION f,*fp;
 	int i,ret=1,tp,nl;
@@ -263,11 +373,29 @@ char *argv[];
 	if ((argc <= 0) || (argv[0] == NULL))
 		{ ret=0; goto end; }
 	f.name=argv[0];
-	fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
+	fp=(FUNCTION *)lh_retrieve(prog,&f);
 	if (fp != NULL)
 		{
 		ret=fp->func(argc,argv);
 		}
+	else if ((strncmp(argv[0],"no-",3)) == 0)
+		{
+		BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		bio_stdout = BIO_push(tmpbio, bio_stdout);
+		}
+#endif
+		f.name=argv[0]+3;
+		ret = (lh_retrieve(prog,&f) != NULL);
+		if (!ret)
+			BIO_printf(bio_stdout, "%s\n", argv[0]);
+		else
+			BIO_printf(bio_stdout, "%s\n", argv[0]+3);
+		BIO_free_all(bio_stdout);
+		goto end;
+		}
 	else if ((strcmp(argv[0],"quit") == 0) ||
 		(strcmp(argv[0],"q") == 0) ||
 		(strcmp(argv[0],"exit") == 0) ||
@@ -276,12 +404,40 @@ char *argv[];
 		ret= -1;
 		goto end;
 		}
+	else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) ||
+		(strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
+		(strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0))
+		{
+		int list_type;
+		BIO *bio_stdout;
+
+		if (strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0)
+			list_type = FUNC_TYPE_GENERAL;
+		else if (strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0)
+			list_type = FUNC_TYPE_MD;
+		else /* strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0 */
+			list_type = FUNC_TYPE_CIPHER;
+		bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		bio_stdout = BIO_push(tmpbio, bio_stdout);
+		}
+#endif
+		
+		for (fp=functions; fp->name != NULL; fp++)
+			if (fp->type == list_type)
+				BIO_printf(bio_stdout, "%s\n", fp->name);
+		BIO_free_all(bio_stdout);
+		ret=0;
+		goto end;
+		}
 	else
 		{
-		BIO_printf(bio_err,"'%s' is a bad command, valid commands are",
+		BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n",
 			argv[0]);
+		BIO_printf(bio_err, "\nStandard commands");
 		i=0;
-		fp=functions;
 		tp=0;
 		for (fp=functions; fp->name != NULL; fp++)
 			{
@@ -299,45 +455,61 @@ char *argv[];
 					{
 					i=1;
 					BIO_printf(bio_err,
-						"Message Digest commands - see the dgst command for more details\n");
+						"\nMessage Digest commands (see the `dgst' command for more details)\n");
 					}
 				else if (tp == FUNC_TYPE_CIPHER)
 					{
 					i=1;
-					BIO_printf(bio_err,"Cipher commands - see the enc command for more details\n");
+					BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
 					}
 				}
 			BIO_printf(bio_err,"%-15s",fp->name);
 			}
-		BIO_printf(bio_err,"\nquit\n");
+		BIO_printf(bio_err,"\n\n");
 		ret=0;
 		}
 end:
 	return(ret);
 	}
 
-static LHASH *prog_init()
+static int SortFnByName(const void *_f1,const void *_f2)
+    {
+    const FUNCTION *f1=_f1;
+    const FUNCTION *f2=_f2;
+
+    if(f1->type != f2->type)
+	return f1->type-f2->type;
+    return strcmp(f1->name,f2->name);
+    }
+
+static LHASH *prog_init(void)
 	{
 	LHASH *ret;
 	FUNCTION *f;
+	int i;
 
-	if ((ret=lh_new(hash,cmp)) == NULL) return(NULL);
+	/* Purely so it looks nice when the user hits ? */
+	for(i=0,f=functions ; f->name != NULL ; ++f,++i)
+	    ;
+	qsort(functions,i,sizeof *functions,SortFnByName);
+
+	if ((ret=lh_new(hash, cmp)) == NULL)
+		return(NULL);
 
 	for (f=functions; f->name != NULL; f++)
-		lh_insert(ret,(char *)f);
+		lh_insert(ret,f);
 	return(ret);
 	}
 
-static int MS_CALLBACK cmp(a,b)
-FUNCTION *a,*b;
+/* static int MS_CALLBACK cmp(FUNCTION *a, FUNCTION *b) */
+static int MS_CALLBACK cmp(const void *a_void, const void *b_void)
 	{
-	return(strncmp(a->name,b->name,8));
+	return(strncmp(((FUNCTION *)a_void)->name,
+			((FUNCTION *)b_void)->name,8));
 	}
 
-static unsigned long MS_CALLBACK hash(a)
-FUNCTION *a;
+/* static unsigned long MS_CALLBACK hash(FUNCTION *a) */
+static unsigned long MS_CALLBACK hash(const void *a_void)
 	{
-	return(lh_strhash(a->name));
+	return(lh_strhash(((FUNCTION *)a_void)->name));
 	}
-
-#undef SSLEAY
diff --git a/apps/openssl.cnf b/apps/openssl.cnf
index 2621d90d31..eca51c3322 100644
--- a/apps/openssl.cnf
+++ b/apps/openssl.cnf
@@ -1,10 +1,31 @@
 #
-# SSLeay example configuration file.
+# OpenSSL example configuration file.
 # This is mostly being used for generation of certificate requests.
 #
 
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME			= .
 RANDFILE		= $ENV::HOME/.rnd
-oid_file		= $ENV::HOME/.oid
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file		= $ENV::HOME/.oid
+oid_section		= new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions		= 
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
 
 ####################################################################
 [ ca ]
@@ -25,7 +46,20 @@ crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem# The private key
 RANDFILE	= $dir/private/.rand	# private random number file
 
-x509_extensions	= x509v3_extensions	# The extentions to add to the cert
+x509_extensions	= usr_cert		# The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt 	= ca_default		# Subject Name options
+cert_opt 	= ca_default		# Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crl_extensions	= crl_ext
+
 default_days	= 365			# how long to certify for
 default_crl_days= 30			# how long before next CRL
 default_md	= md5			# which md to use.
@@ -63,6 +97,23 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
+x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options. 
+# default: PrintableString, T61String, BMPString.
+# pkix	 : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
 
 [ req_distinguished_name ]
 countryName			= Country Name (2 letter code)
@@ -80,7 +131,7 @@ localityName			= Locality Name (eg, city)
 
 # we can do this but it is not needed normally :-)
 #1.organizationName		= Second Organization Name (eg, company)
-#1.organizationName_default	= CryptSoft Pty Ltd
+#1.organizationName_default	= World Wide Web Pty Ltd
 
 organizationalUnitName		= Organizational Unit Name (eg, section)
 #organizationalUnitName_default	=
@@ -89,9 +140,9 @@ commonName			= Common Name (eg, YOUR name)
 commonName_max			= 64
 
 emailAddress			= Email Address
-emailAddress_max		= 40
+emailAddress_max		= 64
 
-SET-ex3				= SET extension number 3
+# SET-ex3			= SET extension number 3
 
 [ req_attributes ]
 challengePassword		= A challenge password
@@ -100,20 +151,105 @@ challengePassword_max		= 20
 
 unstructuredName		= An optional company name
 
-[ x509v3_extensions ]
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType			= server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
 
-nsCaRevocationUrl		= http://www.cryptsoft.com/ca-crl.pem
-nsComment			= "This is a comment"
+# This will be displayed in Netscape's comment listbox.
+nsComment			= "OpenSSL Generated Certificate"
 
-# under ASN.1, the 0 bit would be encoded as 80
-nsCertType			= 0x40
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
 
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl		= http://www.domain.dom/ca-crl.pem
 #nsBaseUrl
 #nsRevocationUrl
 #nsRenewalUrl
 #nsCaPolicyUrl
 #nsSslServerName
-#nsCertSequence
-#nsCertExt
-#nsDataType
 
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/apps/passwd.c b/apps/passwd.c
new file mode 100644
index 0000000000..3ad91d89d6
--- /dev/null
+++ b/apps/passwd.c
@@ -0,0 +1,510 @@
+/* apps/passwd.c */
+
+#if defined OPENSSL_NO_MD5 || defined CHARSET_EBCDIC
+# define NO_MD5CRYPT_1
+#endif
+
+#if !defined(OPENSSL_NO_DES) || !defined(NO_MD5CRYPT_1)
+
+#include <assert.h>
+#include <string.h>
+
+#include "apps.h"
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_DES
+# include <openssl/des.h>
+#endif
+#ifndef NO_MD5CRYPT_1
+# include <openssl/md5.h>
+#endif
+
+
+#undef PROG
+#define PROG passwd_main
+
+
+static unsigned const char cov_2char[64]={
+	/* from crypto/des/fcrypt.c */
+	0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
+	0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
+	0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
+	0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
+	0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
+	0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
+	0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
+	0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
+};
+
+static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
+	char *passwd, BIO *out, int quiet, int table, int reverse,
+	size_t pw_maxlen, int usecrypt, int use1, int useapr1);
+
+/* -crypt        - standard Unix password algorithm (default)
+ * -1            - MD5-based password algorithm
+ * -apr1         - MD5-based password algorithm, Apache variant
+ * -salt string  - salt
+ * -in file      - read passwords from file
+ * -stdin        - read passwords from stdin
+ * -noverify     - never verify when reading password from terminal
+ * -quiet        - no warnings
+ * -table        - format output as table
+ * -reverse      - switch table columns
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+	{
+	int ret = 1;
+	char *infile = NULL;
+	int in_stdin = 0;
+	int in_noverify = 0;
+	char *salt = NULL, *passwd = NULL, **passwds = NULL;
+	char *salt_malloc = NULL, *passwd_malloc = NULL;
+	size_t passwd_malloc_size = 0;
+	int pw_source_defined = 0;
+	BIO *in = NULL, *out = NULL;
+	int i, badopt, opt_done;
+	int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
+	int usecrypt = 0, use1 = 0, useapr1 = 0;
+	size_t pw_maxlen = 0;
+
+	apps_startup();
+
+	if (bio_err == NULL)
+		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+	if (!load_config(bio_err, NULL))
+		goto err;
+	out = BIO_new(BIO_s_file());
+	if (out == NULL)
+		goto err;
+	BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+#ifdef OPENSSL_SYS_VMS
+	{
+	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+	out = BIO_push(tmpbio, out);
+	}
+#endif
+
+	badopt = 0, opt_done = 0;
+	i = 0;
+	while (!badopt && !opt_done && argv[++i] != NULL)
+		{
+		if (strcmp(argv[i], "-crypt") == 0)
+			usecrypt = 1;
+		else if (strcmp(argv[i], "-1") == 0)
+			use1 = 1;
+		else if (strcmp(argv[i], "-apr1") == 0)
+			useapr1 = 1;
+		else if (strcmp(argv[i], "-salt") == 0)
+			{
+			if ((argv[i+1] != NULL) && (salt == NULL))
+				{
+				passed_salt = 1;
+				salt = argv[++i];
+				}
+			else
+				badopt = 1;
+			}
+		else if (strcmp(argv[i], "-in") == 0)
+			{
+			if ((argv[i+1] != NULL) && !pw_source_defined)
+				{
+				pw_source_defined = 1;
+				infile = argv[++i];
+				}
+			else
+				badopt = 1;
+			}
+		else if (strcmp(argv[i], "-stdin") == 0)
+			{
+			if (!pw_source_defined)
+				{
+				pw_source_defined = 1;
+				in_stdin = 1;
+				}
+			else
+				badopt = 1;
+			}
+		else if (strcmp(argv[i], "-noverify") == 0)
+			in_noverify = 1;
+		else if (strcmp(argv[i], "-quiet") == 0)
+			quiet = 1;
+		else if (strcmp(argv[i], "-table") == 0)
+			table = 1;
+		else if (strcmp(argv[i], "-reverse") == 0)
+			reverse = 1;
+		else if (argv[i][0] == '-')
+			badopt = 1;
+		else if (!pw_source_defined)
+			/* non-option arguments, use as passwords */
+			{
+			pw_source_defined = 1;
+			passwds = &argv[i];
+			opt_done = 1;
+			}
+		else
+			badopt = 1;
+		}
+
+	if (!usecrypt && !use1 && !useapr1) /* use default */
+		usecrypt = 1;
+	if (usecrypt + use1 + useapr1 > 1) /* conflict */
+		badopt = 1;
+
+	/* reject unsupported algorithms */
+#ifdef OPENSSL_NO_DES
+	if (usecrypt) badopt = 1;
+#endif
+#ifdef NO_MD5CRYPT_1
+	if (use1 || useapr1) badopt = 1;
+#endif
+
+	if (badopt) 
+		{
+		BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
+		BIO_printf(bio_err, "where options are\n");
+#ifndef OPENSSL_NO_DES
+		BIO_printf(bio_err, "-crypt             standard Unix password algorithm (default)\n");
+#endif
+#ifndef NO_MD5CRYPT_1
+		BIO_printf(bio_err, "-1                 MD5-based password algorithm\n");
+		BIO_printf(bio_err, "-apr1              MD5-based password algorithm, Apache variant\n");
+#endif
+		BIO_printf(bio_err, "-salt string       use provided salt\n");
+		BIO_printf(bio_err, "-in file           read passwords from file\n");
+		BIO_printf(bio_err, "-stdin             read passwords from stdin\n");
+		BIO_printf(bio_err, "-noverify          never verify when reading password from terminal\n");
+		BIO_printf(bio_err, "-quiet             no warnings\n");
+		BIO_printf(bio_err, "-table             format output as table\n");
+		BIO_printf(bio_err, "-reverse           switch table columns\n");
+		
+		goto err;
+		}
+
+	if ((infile != NULL) || in_stdin)
+		{
+		in = BIO_new(BIO_s_file());
+		if (in == NULL)
+			goto err;
+		if (infile != NULL)
+			{
+			assert(in_stdin == 0);
+			if (BIO_read_filename(in, infile) <= 0)
+				goto err;
+			}
+		else
+			{
+			assert(in_stdin);
+			BIO_set_fp(in, stdin, BIO_NOCLOSE);
+			}
+		}
+	
+	if (usecrypt)
+		pw_maxlen = 8;
+	else if (use1 || useapr1)
+		pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */
+
+	if (passwds == NULL)
+		{
+		/* no passwords on the command line */
+
+		passwd_malloc_size = pw_maxlen + 2;
+		/* longer than necessary so that we can warn about truncation */
+		passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size);
+		if (passwd_malloc == NULL)
+			goto err;
+		}
+
+	if ((in == NULL) && (passwds == NULL))
+		{
+		/* build a null-terminated list */
+		static char *passwds_static[2] = {NULL, NULL};
+		
+		passwds = passwds_static;
+		if (in == NULL)
+			if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0)
+				goto err;
+		passwds[0] = passwd_malloc;
+		}
+
+	if (in == NULL)
+		{
+		assert(passwds != NULL);
+		assert(*passwds != NULL);
+		
+		do /* loop over list of passwords */
+			{
+			passwd = *passwds++;
+			if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
+				quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
+				goto err;
+			}
+		while (*passwds != NULL);
+		}
+	else
+		/* in != NULL */
+		{
+		int done;
+
+		assert (passwd != NULL);
+		do
+			{
+			int r = BIO_gets(in, passwd, pw_maxlen + 1);
+			if (r > 0)
+				{
+				char *c = (strchr(passwd, '\n')) ;
+				if (c != NULL)
+					*c = 0; /* truncate at newline */
+				else
+					{
+					/* ignore rest of line */
+					char trash[BUFSIZ];
+					do
+						r = BIO_gets(in, trash, sizeof trash);
+					while ((r > 0) && (!strchr(trash, '\n')));
+					}
+				
+				if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
+					quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
+					goto err;
+				}
+			done = (r <= 0);
+			}
+		while (!done);
+		}
+	ret = 0;
+
+err:
+	ERR_print_errors(bio_err);
+	if (salt_malloc)
+		OPENSSL_free(salt_malloc);
+	if (passwd_malloc)
+		OPENSSL_free(passwd_malloc);
+	if (in)
+		BIO_free(in);
+	if (out)
+		BIO_free_all(out);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
+	}
+
+
+#ifndef NO_MD5CRYPT_1
+/* MD5-based password algorithm (should probably be available as a library
+ * function; then the static buffer would not be acceptable).
+ * For magic string "1", this should be compatible to the MD5-based BSD
+ * password algorithm.
+ * For 'magic' string "apr1", this is compatible to the MD5-based Apache
+ * password algorithm.
+ * (Apparently, the Apache password algorithm is identical except that the
+ * 'magic' string was changed -- the laziest application of the NIH principle
+ * I've ever encountered.)
+ */
+static char *md5crypt(const char *passwd, const char *magic, const char *salt)
+	{
+	static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
+	unsigned char buf[MD5_DIGEST_LENGTH];
+	char *salt_out;
+	int n, i;
+	EVP_MD_CTX md,md2;
+	size_t passwd_len, salt_len;
+
+	passwd_len = strlen(passwd);
+	out_buf[0] = '$';
+	out_buf[1] = 0;
+	assert(strlen(magic) <= 4); /* "1" or "apr1" */
+	strncat(out_buf, magic, 4);
+	strncat(out_buf, "$", 1);
+	strncat(out_buf, salt, 8);
+	assert(strlen(out_buf) <= 6 + 8); /* "$apr1$..salt.." */
+	salt_out = out_buf + 2 + strlen(magic);
+	salt_len = strlen(salt_out);
+	assert(salt_len <= 8);
+	
+	EVP_MD_CTX_init(&md);
+	EVP_DigestInit_ex(&md,EVP_md5(), NULL);
+	EVP_DigestUpdate(&md, passwd, passwd_len);
+	EVP_DigestUpdate(&md, "$", 1);
+	EVP_DigestUpdate(&md, magic, strlen(magic));
+	EVP_DigestUpdate(&md, "$", 1);
+	EVP_DigestUpdate(&md, salt_out, salt_len);
+	
+	EVP_MD_CTX_init(&md2);
+	EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
+	EVP_DigestUpdate(&md2, passwd, passwd_len);
+	EVP_DigestUpdate(&md2, salt_out, salt_len);
+	EVP_DigestUpdate(&md2, passwd, passwd_len);
+	EVP_DigestFinal_ex(&md2, buf, NULL);
+
+	for (i = passwd_len; i > sizeof buf; i -= sizeof buf)
+		EVP_DigestUpdate(&md, buf, sizeof buf);
+	EVP_DigestUpdate(&md, buf, i);
+	
+	n = passwd_len;
+	while (n)
+		{
+		EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
+		n >>= 1;
+		}
+	EVP_DigestFinal_ex(&md, buf, NULL);
+
+	for (i = 0; i < 1000; i++)
+		{
+		EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
+		EVP_DigestUpdate(&md2, (i & 1) ? (unsigned char *) passwd : buf,
+		                       (i & 1) ? passwd_len : sizeof buf);
+		if (i % 3)
+			EVP_DigestUpdate(&md2, salt_out, salt_len);
+		if (i % 7)
+			EVP_DigestUpdate(&md2, passwd, passwd_len);
+		EVP_DigestUpdate(&md2, (i & 1) ? buf : (unsigned char *) passwd,
+		                       (i & 1) ? sizeof buf : passwd_len);
+		EVP_DigestFinal_ex(&md2, buf, NULL);
+		}
+	EVP_MD_CTX_cleanup(&md2);
+	
+	 {
+		/* transform buf into output string */
+	
+		unsigned char buf_perm[sizeof buf];
+		int dest, source;
+		char *output;
+
+		/* silly output permutation */
+		for (dest = 0, source = 0; dest < 14; dest++, source = (source + 6) % 17)
+			buf_perm[dest] = buf[source];
+		buf_perm[14] = buf[5];
+		buf_perm[15] = buf[11];
+#ifndef PEDANTIC /* Unfortunately, this generates a "no effect" warning */
+		assert(16 == sizeof buf_perm);
+#endif
+		
+		output = salt_out + salt_len;
+		assert(output == out_buf + strlen(out_buf));
+		
+		*output++ = '$';
+
+		for (i = 0; i < 15; i += 3)
+			{
+			*output++ = cov_2char[buf_perm[i+2] & 0x3f];
+			*output++ = cov_2char[((buf_perm[i+1] & 0xf) << 2) |
+				                  (buf_perm[i+2] >> 6)];
+			*output++ = cov_2char[((buf_perm[i] & 3) << 4) |
+				                  (buf_perm[i+1] >> 4)];
+			*output++ = cov_2char[buf_perm[i] >> 2];
+			}
+		assert(i == 15);
+		*output++ = cov_2char[buf_perm[i] & 0x3f];
+		*output++ = cov_2char[buf_perm[i] >> 6];
+		*output = 0;
+		assert(strlen(out_buf) < sizeof(out_buf));
+	 }
+	EVP_MD_CTX_cleanup(&md);
+
+	return out_buf;
+	}
+#endif
+
+
+static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
+	char *passwd, BIO *out,	int quiet, int table, int reverse,
+	size_t pw_maxlen, int usecrypt, int use1, int useapr1)
+	{
+	char *hash = NULL;
+
+	assert(salt_p != NULL);
+	assert(salt_malloc_p != NULL);
+
+	/* first make sure we have a salt */
+	if (!passed_salt)
+		{
+#ifndef OPENSSL_NO_DES
+		if (usecrypt)
+			{
+			if (*salt_malloc_p == NULL)
+				{
+				*salt_p = *salt_malloc_p = OPENSSL_malloc(3);
+				if (*salt_malloc_p == NULL)
+					goto err;
+				}
+			if (RAND_pseudo_bytes((unsigned char *)*salt_p, 2) < 0)
+				goto err;
+			(*salt_p)[0] = cov_2char[(*salt_p)[0] & 0x3f]; /* 6 bits */
+			(*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
+			(*salt_p)[2] = 0;
+#ifdef CHARSET_EBCDIC
+			ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert
+			                                    * back to ASCII */
+#endif
+			}
+#endif /* !OPENSSL_NO_DES */
+
+#ifndef NO_MD5CRYPT_1
+		if (use1 || useapr1)
+			{
+			int i;
+			
+			if (*salt_malloc_p == NULL)
+				{
+				*salt_p = *salt_malloc_p = OPENSSL_malloc(9);
+				if (*salt_malloc_p == NULL)
+					goto err;
+				}
+			if (RAND_pseudo_bytes((unsigned char *)*salt_p, 8) < 0)
+				goto err;
+			
+			for (i = 0; i < 8; i++)
+				(*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
+			(*salt_p)[8] = 0;
+			}
+#endif /* !NO_MD5CRYPT_1 */
+		}
+	
+	assert(*salt_p != NULL);
+	
+	/* truncate password if necessary */
+	if ((strlen(passwd) > pw_maxlen))
+		{
+		if (!quiet)
+			BIO_printf(bio_err, "Warning: truncating password to %u characters\n", pw_maxlen);
+		passwd[pw_maxlen] = 0;
+		}
+	assert(strlen(passwd) <= pw_maxlen);
+	
+	/* now compute password hash */
+#ifndef OPENSSL_NO_DES
+	if (usecrypt)
+		hash = DES_crypt(passwd, *salt_p);
+#endif
+#ifndef NO_MD5CRYPT_1
+	if (use1 || useapr1)
+		hash = md5crypt(passwd, (use1 ? "1" : "apr1"), *salt_p);
+#endif
+	assert(hash != NULL);
+
+	if (table && !reverse)
+		BIO_printf(out, "%s\t%s\n", passwd, hash);
+	else if (table && reverse)
+		BIO_printf(out, "%s\t%s\n", hash, passwd);
+	else
+		BIO_printf(out, "%s\n", hash);
+	return 1;
+	
+err:
+	return 0;
+	}
+#else
+
+int MAIN(int argc, char **argv)
+	{
+	fputs("Program not available.\n", stderr)
+	OPENSSL_EXIT(1);
+	}
+#endif
diff --git a/apps/pca-cert.srl b/apps/pca-cert.srl
index 8a0f05e166..2c7456e3eb 100644
--- a/apps/pca-cert.srl
+++ b/apps/pca-cert.srl
@@ -1 +1 @@
-01
+07
diff --git a/apps/pem_mail.c b/apps/pem_mail.c
deleted file mode 100644
index 64e04acb52..0000000000
--- a/apps/pem_mail.c
+++ /dev/null
@@ -1,170 +0,0 @@
-/* apps/pem_mail.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "rsa.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "err.h"
-#include "pem.h"
-#include "apps.h"
-
-#undef PROG
-#define PROG	pem_mail_main
-
-static char *usage[]={
-"usage: pem_mail args\n",
-"\n",
-" -in arg         - input file - default stdin\n",
-" -out arg        - output file - default stdout\n",
-" -cert arg       - the certificate to use\n",
-" -key arg        - the private key to use\n",
-" -MIC           - sign the message\n",
-" -enc arg        - encrypt with one of cbc-des\n",
-NULL
-};
-
-
-typedef struct lines_St
-	{
-	char *line;
-	struct lines_st *next;
-	} LINES;
-
-int main(argc, argv)
-int argc;
-char **argv;
-	{
-	FILE *in;
-	RSA *rsa=NULL;
-	EVP_MD_CTX ctx;
-	unsigned int mic=0,i,n;
-	unsigned char buf[1024*15];
-	char *prog,*infile=NULL,*outfile=NULL,*key=NULL;
-	int badops=0;
-
-	apps_startup();
-
-	prog=argv[0];
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if (strcmp(*argv,"-key") == 0)
-			{
-			if (--argc < 1) goto bad;
-			key= *(++argv);
-			}
-		else if (strcmp(*argv,"-in") == 0)
-			{
-			if (--argc < 1) goto bad;
-			infile= *(++argv);
-			}
-		else if (strcmp(*argv,"-out") == 0)
-			{
-			if (--argc < 1) goto bad;
-			outfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-mic") == 0)
-			mic=1;
-		else
-			{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badops=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-
-	if (badops)
-		{
-bad:
-		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
-		BIO_printf(bio_err,"where options  are\n");
-		EXIT(1);
-		}
-
-	if (key == NULL)
-		{ BIO_printf(bio_err,"you need to specify a key\n"); EXIT(1); }
-	in=fopen(key,"r");
-	if (in == NULL) { perror(key); EXIT(1); }
-	rsa=PEM_read_RSAPrivateKey(in,NULL,NULL);
-	if (rsa == NULL)
-		{
-		BIO_printf(bio_err,"unable to load Private Key\n");
-		ERR_print_errors(bio_err);
-		EXIT(1);
-		}
-	fclose(in);
-
-	PEM_SignInit(&ctx,EVP_md5());
-	for (;;)
-		{
-		i=fread(buf,1,1024*10,stdin);
-		if (i <= 0) break;
-		PEM_SignUpdate(&ctx,buf,i);
-		}
-	if (!PEM_SignFinal(&ctx,buf,&n,rsa)) goto err;
-	BIO_printf(bio_err,"%s\n",buf);
-	EXIT(0);
-err:
-	ERR_print_errors(bio_err);
-	EXIT(1);
-	}
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
new file mode 100644
index 0000000000..e445c24b9b
--- /dev/null
+++ b/apps/pkcs12.c
@@ -0,0 +1,905 @@
+/* pkcs12.c */
+#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
+
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+
+#define PROG pkcs12_main
+
+const EVP_CIPHER *enc;
+
+
+#define NOKEYS		0x1
+#define NOCERTS 	0x2
+#define INFO		0x4
+#define CLCERTS		0x8
+#define CACERTS		0x10
+
+int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
+int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass);
+int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
+			  int passlen, int options, char *pempass);
+int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
+int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name);
+void hex_prin(BIO *out, unsigned char *buf, int len);
+int alg_print(BIO *x, X509_ALGOR *alg);
+int cert_load(BIO *in, STACK_OF(X509) *sk);
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    char *infile=NULL, *outfile=NULL, *keyname = NULL;	
+    char *certfile=NULL;
+    BIO *in=NULL, *out = NULL;
+    char **args;
+    char *name = NULL;
+    char *csp_name = NULL;
+    PKCS12 *p12 = NULL;
+    char pass[50], macpass[50];
+    int export_cert = 0;
+    int options = 0;
+    int chain = 0;
+    int badarg = 0;
+    int iter = PKCS12_DEFAULT_ITER;
+    int maciter = PKCS12_DEFAULT_ITER;
+    int twopass = 0;
+    int keytype = 0;
+    int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+    int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+    int ret = 1;
+    int macver = 1;
+    int noprompt = 0;
+    STACK *canames = NULL;
+    char *cpass = NULL, *mpass = NULL;
+    char *passargin = NULL, *passargout = NULL, *passarg = NULL;
+    char *passin = NULL, *passout = NULL;
+    char *inrand = NULL;
+    char *CApath = NULL, *CAfile = NULL;
+    char *engine=NULL;
+
+    apps_startup();
+
+    enc = EVP_des_ede3_cbc();
+    if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
+
+    args = argv + 1;
+
+
+    while (*args) {
+	if (*args[0] == '-') {
+		if (!strcmp (*args, "-nokeys")) options |= NOKEYS;
+		else if (!strcmp (*args, "-keyex")) keytype = KEY_EX;
+		else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG;
+		else if (!strcmp (*args, "-nocerts")) options |= NOCERTS;
+		else if (!strcmp (*args, "-clcerts")) options |= CLCERTS;
+		else if (!strcmp (*args, "-cacerts")) options |= CACERTS;
+		else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS);
+		else if (!strcmp (*args, "-info")) options |= INFO;
+		else if (!strcmp (*args, "-chain")) chain = 1;
+		else if (!strcmp (*args, "-twopass")) twopass = 1;
+		else if (!strcmp (*args, "-nomacver")) macver = 0;
+		else if (!strcmp (*args, "-descert"))
+    			cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+		else if (!strcmp (*args, "-export")) export_cert = 1;
+		else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
+#ifndef OPENSSL_NO_IDEA
+		else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
+#endif
+		else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
+#ifndef OPENSSL_NO_AES
+		else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
+		else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
+		else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();
+#endif
+		else if (!strcmp (*args, "-noiter")) iter = 1;
+		else if (!strcmp (*args, "-maciter"))
+					 maciter = PKCS12_DEFAULT_ITER;
+		else if (!strcmp (*args, "-nomaciter"))
+					 maciter = 1;
+		else if (!strcmp (*args, "-nomac"))
+					 maciter = -1;
+		else if (!strcmp (*args, "-nodes")) enc=NULL;
+		else if (!strcmp (*args, "-certpbe")) {
+			if (args[1]) {
+				args++;
+				if (!strcmp(*args, "NONE"))
+					cert_pbe = -1;
+				cert_pbe=OBJ_txt2nid(*args);
+				if(cert_pbe == NID_undef) {
+					BIO_printf(bio_err,
+						 "Unknown PBE algorithm %s\n", *args);
+					badarg = 1;
+				}
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-keypbe")) {
+			if (args[1]) {
+				args++;
+				if (!strcmp(*args, "NONE"))
+					key_pbe = -1;
+				else
+					key_pbe=OBJ_txt2nid(*args);
+				if(key_pbe == NID_undef) {
+					BIO_printf(bio_err,
+						 "Unknown PBE algorithm %s\n", *args);
+					badarg = 1;
+				}
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-rand")) {
+		    if (args[1]) {
+			args++;	
+			inrand = *args;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-inkey")) {
+		    if (args[1]) {
+			args++;	
+			keyname = *args;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-certfile")) {
+		    if (args[1]) {
+			args++;	
+			certfile = *args;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-name")) {
+		    if (args[1]) {
+			args++;	
+			name = *args;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-CSP")) {
+		    if (args[1]) {
+			args++;	
+			csp_name = *args;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-caname")) {
+		    if (args[1]) {
+			args++;	
+			if (!canames) canames = sk_new_null();
+			sk_push(canames, *args);
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-in")) {
+		    if (args[1]) {
+			args++;	
+			infile = *args;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-out")) {
+		    if (args[1]) {
+			args++;	
+			outfile = *args;
+		    } else badarg = 1;
+		} else if (!strcmp(*args,"-passin")) {
+		    if (args[1]) {
+			args++;	
+			passargin = *args;
+		    } else badarg = 1;
+		} else if (!strcmp(*args,"-passout")) {
+		    if (args[1]) {
+			args++;	
+			passargout = *args;
+		    } else badarg = 1;
+		} else if (!strcmp (*args, "-password")) {
+		    if (args[1]) {
+			args++;	
+			passarg = *args;
+		    	noprompt = 1;
+		    } else badarg = 1;
+		} else if (!strcmp(*args,"-CApath")) {
+		    if (args[1]) {
+			args++;	
+			CApath = *args;
+		    } else badarg = 1;
+		} else if (!strcmp(*args,"-CAfile")) {
+		    if (args[1]) {
+			args++;	
+			CAfile = *args;
+		    } else badarg = 1;
+		} else if (!strcmp(*args,"-engine")) {
+		    if (args[1]) {
+			args++;	
+			engine = *args;
+		    } else badarg = 1;
+		} else badarg = 1;
+
+	} else badarg = 1;
+	args++;
+    }
+
+    if (badarg) {
+	BIO_printf (bio_err, "Usage: pkcs12 [options]\n");
+	BIO_printf (bio_err, "where options are\n");
+	BIO_printf (bio_err, "-export       output PKCS12 file\n");
+	BIO_printf (bio_err, "-chain        add certificate chain\n");
+	BIO_printf (bio_err, "-inkey file   private key if not infile\n");
+	BIO_printf (bio_err, "-certfile f   add all certs in f\n");
+	BIO_printf (bio_err, "-CApath arg   - PEM format directory of CA's\n");
+	BIO_printf (bio_err, "-CAfile arg   - PEM format file of CA's\n");
+	BIO_printf (bio_err, "-name \"name\"  use name as friendly name\n");
+	BIO_printf (bio_err, "-caname \"nm\"  use nm as CA friendly name (can be used more than once).\n");
+	BIO_printf (bio_err, "-in  infile   input filename\n");
+	BIO_printf (bio_err, "-out outfile  output filename\n");
+	BIO_printf (bio_err, "-noout        don't output anything, just verify.\n");
+	BIO_printf (bio_err, "-nomacver     don't verify MAC.\n");
+	BIO_printf (bio_err, "-nocerts      don't output certificates.\n");
+	BIO_printf (bio_err, "-clcerts      only output client certificates.\n");
+	BIO_printf (bio_err, "-cacerts      only output CA certificates.\n");
+	BIO_printf (bio_err, "-nokeys       don't output private keys.\n");
+	BIO_printf (bio_err, "-info         give info about PKCS#12 structure.\n");
+	BIO_printf (bio_err, "-des          encrypt private keys with DES\n");
+	BIO_printf (bio_err, "-des3         encrypt private keys with triple DES (default)\n");
+#ifndef OPENSSL_NO_IDEA
+	BIO_printf (bio_err, "-idea         encrypt private keys with idea\n");
+#endif
+#ifndef OPENSSL_NO_AES
+	BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
+	BIO_printf (bio_err, "              encrypt PEM output with cbc aes\n");
+#endif
+	BIO_printf (bio_err, "-nodes        don't encrypt private keys\n");
+	BIO_printf (bio_err, "-noiter       don't use encryption iteration\n");
+	BIO_printf (bio_err, "-maciter      use MAC iteration\n");
+	BIO_printf (bio_err, "-twopass      separate MAC, encryption passwords\n");
+	BIO_printf (bio_err, "-descert      encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
+	BIO_printf (bio_err, "-certpbe alg  specify certificate PBE algorithm (default RC2-40)\n");
+	BIO_printf (bio_err, "-keypbe alg   specify private key PBE algorithm (default 3DES)\n");
+	BIO_printf (bio_err, "-keyex        set MS key exchange type\n");
+	BIO_printf (bio_err, "-keysig       set MS key signature type\n");
+	BIO_printf (bio_err, "-password p   set import/export password source\n");
+	BIO_printf (bio_err, "-passin p     input file pass phrase source\n");
+	BIO_printf (bio_err, "-passout p    output file pass phrase source\n");
+	BIO_printf (bio_err, "-engine e     use engine e, possibly a hardware device.\n");
+	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
+	BIO_printf(bio_err,  "              the random number generator\n");
+    	goto end;
+    }
+
+    e = setup_engine(bio_err, engine, 0);
+
+    if(passarg) {
+	if(export_cert) passargout = passarg;
+	else passargin = passarg;
+    }
+
+    if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+	BIO_printf(bio_err, "Error getting passwords\n");
+	goto end;
+    }
+
+    if(!cpass) {
+    	if(export_cert) cpass = passout;
+    	else cpass = passin;
+    }
+
+    if(cpass) {
+	mpass = cpass;
+	noprompt = 1;
+    } else {
+	cpass = pass;
+	mpass = macpass;
+    }
+
+    if(export_cert || inrand) {
+    	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+        if (inrand != NULL)
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+			app_RAND_load_files(inrand));
+    }
+    ERR_load_crypto_strings();
+
+#ifdef CRYPTO_MDEBUG
+    CRYPTO_push_info("read files");
+#endif
+
+    if (!infile) in = BIO_new_fp(stdin, BIO_NOCLOSE);
+    else in = BIO_new_file(infile, "rb");
+    if (!in) {
+	    BIO_printf(bio_err, "Error opening input file %s\n",
+						infile ? infile : "<stdin>");
+	    perror (infile);
+	    goto end;
+   }
+
+#ifdef CRYPTO_MDEBUG
+    CRYPTO_pop_info();
+    CRYPTO_push_info("write files");
+#endif
+
+    if (!outfile) {
+	out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+	{
+	    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+	    out = BIO_push(tmpbio, out);
+	}
+#endif
+    } else out = BIO_new_file(outfile, "wb");
+    if (!out) {
+	BIO_printf(bio_err, "Error opening output file %s\n",
+						outfile ? outfile : "<stdout>");
+	perror (outfile);
+	goto end;
+    }
+    if (twopass) {
+#ifdef CRYPTO_MDEBUG
+    CRYPTO_push_info("read MAC password");
+#endif
+	if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert))
+	{
+    	    BIO_printf (bio_err, "Can't read Password\n");
+    	    goto end;
+       	}
+#ifdef CRYPTO_MDEBUG
+    CRYPTO_pop_info();
+#endif
+    }
+
+    if (export_cert) {
+	EVP_PKEY *key = NULL;
+	X509 *ucert = NULL, *x = NULL;
+	STACK_OF(X509) *certs=NULL;
+	unsigned char *catmp = NULL;
+	int i;
+
+	if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS))
+		{	
+		BIO_printf(bio_err, "Nothing to do!\n");
+		goto export_end;
+		}
+
+	if (options & NOCERTS)
+		chain = 0;
+
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_push_info("process -export_cert");
+	CRYPTO_push_info("reading private key");
+#endif
+	if (!(options & NOKEYS))
+		{
+		key = load_key(bio_err, keyname ? keyname : infile,
+				FORMAT_PEM, 1, passin, e, "private key");
+		if (!key)
+			goto export_end;
+		}
+
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_push_info("reading certs from input");
+#endif
+
+	/* Load in all certs in input file */
+	if(!(options & NOCERTS))
+		{
+		certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
+							"certificates");
+		if (!certs)
+			goto export_end;
+
+		if (key)
+			{
+			/* Look for matching private key */
+			for(i = 0; i < sk_X509_num(certs); i++)
+				{
+				x = sk_X509_value(certs, i);
+				if(X509_check_private_key(x, key))
+					{
+					ucert = x;
+					/* Zero keyid and alias */
+					X509_keyid_set1(ucert, NULL, 0);
+					X509_alias_set1(ucert, NULL, 0);
+					/* Remove from list */
+					sk_X509_delete(certs, i);
+					break;
+					}
+				}
+			if (!ucert)
+				{
+				BIO_printf(bio_err, "No certificate matches private key\n");
+				goto export_end;
+				}
+			}
+
+		}
+
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_push_info("reading certs from input 2");
+#endif
+
+	/* Add any more certificates asked for */
+	if(certfile)
+		{
+		STACK_OF(X509) *morecerts=NULL;
+		if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
+					    NULL, e,
+					    "certificates from certfile")))
+			goto export_end;
+		while(sk_X509_num(morecerts) > 0)
+			sk_X509_push(certs, sk_X509_shift(morecerts));
+		sk_X509_free(morecerts);
+ 		}
+
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_push_info("reading certs from certfile");
+#endif
+
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_push_info("building chain");
+#endif
+
+	/* If chaining get chain from user cert */
+	if (chain) {
+        	int vret;
+		STACK_OF(X509) *chain2;
+		X509_STORE *store = X509_STORE_new();
+		if (!store)
+			{
+			BIO_printf (bio_err, "Memory allocation error\n");
+			goto export_end;
+			}
+		if (!X509_STORE_load_locations(store, CAfile, CApath))
+			X509_STORE_set_default_paths (store);
+
+		vret = get_cert_chain (ucert, store, &chain2);
+		X509_STORE_free(store);
+
+		if (!vret) {
+		    /* Exclude verified certificate */
+		    for (i = 1; i < sk_X509_num (chain2) ; i++) 
+			sk_X509_push(certs, sk_X509_value (chain2, i));
+		    /* Free first certificate */
+		    X509_free(sk_X509_value(chain2, 0));
+		    sk_X509_free(chain2);
+		} else {
+			BIO_printf (bio_err, "Error %s getting chain.\n",
+					X509_verify_cert_error_string(vret));
+			goto export_end;
+		}			
+    	}
+
+	/* Add any CA names */
+
+	for (i = 0; i < sk_num(canames); i++)
+		{
+		catmp = (unsigned char *)sk_value(canames, i);
+		X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
+		}
+		
+
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_push_info("reading password");
+#endif
+
+	if(!noprompt &&
+		EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1))
+		{
+	    	BIO_printf (bio_err, "Can't read Password\n");
+	    	goto export_end;
+        	}
+	if (!twopass) strcpy(macpass, pass);
+
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_push_info("creating PKCS#12 structure");
+#endif
+
+	p12 = PKCS12_create(pass, name, key, ucert, certs,
+				key_pbe, cert_pbe, iter, -1, keytype);
+
+	if (!p12)
+		{
+	    	ERR_print_errors (bio_err);
+		goto export_end;
+		}
+
+	if (maciter != -1)
+		PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, NULL);
+
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_push_info("writing pkcs12");
+#endif
+
+	i2d_PKCS12_bio(out, p12);
+
+	ret = 0;
+
+    export_end:
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+	CRYPTO_pop_info();
+	CRYPTO_push_info("process -export_cert: freeing");
+#endif
+
+	if (key) EVP_PKEY_free(key);
+	if (certs) sk_X509_pop_free(certs, X509_free);
+	if (ucert) X509_free(ucert);
+
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+#endif
+	goto end;
+	
+    }
+
+    if (!(p12 = d2i_PKCS12_bio (in, NULL))) {
+	ERR_print_errors(bio_err);
+	goto end;
+    }
+
+#ifdef CRYPTO_MDEBUG
+    CRYPTO_push_info("read import password");
+#endif
+    if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) {
+	BIO_printf (bio_err, "Can't read Password\n");
+	goto end;
+    }
+#ifdef CRYPTO_MDEBUG
+    CRYPTO_pop_info();
+#endif
+
+    if (!twopass) strcpy(macpass, pass);
+
+    if (options & INFO) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
+    if(macver) {
+#ifdef CRYPTO_MDEBUG
+    CRYPTO_push_info("verify MAC");
+#endif
+	/* If we enter empty password try no password first */
+	if(!macpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
+		/* If mac and crypto pass the same set it to NULL too */
+		if(!twopass) cpass = NULL;
+	} else if (!PKCS12_verify_mac(p12, mpass, -1)) {
+	    BIO_printf (bio_err, "Mac verify error: invalid password?\n");
+	    ERR_print_errors (bio_err);
+	    goto end;
+	}
+	BIO_printf (bio_err, "MAC verified OK\n");
+#ifdef CRYPTO_MDEBUG
+    CRYPTO_pop_info();
+#endif
+    }
+
+#ifdef CRYPTO_MDEBUG
+    CRYPTO_push_info("output keys and certificates");
+#endif
+    if (!dump_certs_keys_p12 (out, p12, cpass, -1, options, passout)) {
+	BIO_printf(bio_err, "Error outputting keys and certificates\n");
+	ERR_print_errors (bio_err);
+	goto end;
+    }
+#ifdef CRYPTO_MDEBUG
+    CRYPTO_pop_info();
+#endif
+    ret = 0;
+ end:
+    if (p12) PKCS12_free(p12);
+    if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
+#ifdef CRYPTO_MDEBUG
+    CRYPTO_remove_all_info();
+#endif
+    BIO_free(in);
+    BIO_free_all(out);
+    if (canames) sk_free(canames);
+    if(passin) OPENSSL_free(passin);
+    if(passout) OPENSSL_free(passout);
+    apps_shutdown();
+    OPENSSL_EXIT(ret);
+}
+
+int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
+	     int passlen, int options, char *pempass)
+{
+	STACK_OF(PKCS7) *asafes;
+	STACK_OF(PKCS12_SAFEBAG) *bags;
+	int i, bagnid;
+	PKCS7 *p7;
+
+	if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0;
+	for (i = 0; i < sk_PKCS7_num (asafes); i++) {
+		p7 = sk_PKCS7_value (asafes, i);
+		bagnid = OBJ_obj2nid (p7->type);
+		if (bagnid == NID_pkcs7_data) {
+			bags = PKCS12_unpack_p7data(p7);
+			if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n");
+		} else if (bagnid == NID_pkcs7_encrypted) {
+			if (options & INFO) {
+				BIO_printf(bio_err, "PKCS7 Encrypted data: ");
+				alg_print(bio_err, 
+					p7->d.encrypted->enc_data->algorithm);
+			}
+			bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
+		} else continue;
+		if (!bags) return 0;
+	    	if (!dump_certs_pkeys_bags (out, bags, pass, passlen, 
+						 options, pempass)) {
+			sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
+			return 0;
+		}
+		sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
+	}
+	sk_PKCS7_pop_free (asafes, PKCS7_free);
+	return 1;
+}
+
+int dump_certs_pkeys_bags (BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
+			   char *pass, int passlen, int options, char *pempass)
+{
+	int i;
+	for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) {
+		if (!dump_certs_pkeys_bag (out,
+					   sk_PKCS12_SAFEBAG_value (bags, i),
+					   pass, passlen,
+					   options, pempass))
+		    return 0;
+	}
+	return 1;
+}
+
+int dump_certs_pkeys_bag (BIO *out, PKCS12_SAFEBAG *bag, char *pass,
+	     int passlen, int options, char *pempass)
+{
+	EVP_PKEY *pkey;
+	PKCS8_PRIV_KEY_INFO *p8;
+	X509 *x509;
+	
+	switch (M_PKCS12_bag_type(bag))
+	{
+	case NID_keyBag:
+		if (options & INFO) BIO_printf (bio_err, "Key bag\n");
+		if (options & NOKEYS) return 1;
+		print_attribs (out, bag->attrib, "Bag Attributes");
+		p8 = bag->value.keybag;
+		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
+		print_attribs (out, p8->attributes, "Key Attributes");
+		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
+		EVP_PKEY_free(pkey);
+	break;
+
+	case NID_pkcs8ShroudedKeyBag:
+		if (options & INFO) {
+			BIO_printf (bio_err, "Shrouded Keybag: ");
+			alg_print (bio_err, bag->value.shkeybag->algor);
+		}
+		if (options & NOKEYS) return 1;
+		print_attribs (out, bag->attrib, "Bag Attributes");
+		if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
+				return 0;
+		if (!(pkey = EVP_PKCS82PKEY (p8))) {
+			PKCS8_PRIV_KEY_INFO_free(p8);
+			return 0;
+		}
+		print_attribs (out, p8->attributes, "Key Attributes");
+		PKCS8_PRIV_KEY_INFO_free(p8);
+		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
+		EVP_PKEY_free(pkey);
+	break;
+
+	case NID_certBag:
+		if (options & INFO) BIO_printf (bio_err, "Certificate bag\n");
+		if (options & NOCERTS) return 1;
+                if (PKCS12_get_attr(bag, NID_localKeyID)) {
+			if (options & CACERTS) return 1;
+		} else if (options & CLCERTS) return 1;
+		print_attribs (out, bag->attrib, "Bag Attributes");
+		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
+								 return 1;
+		if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
+		dump_cert_text (out, x509);
+		PEM_write_bio_X509 (out, x509);
+		X509_free(x509);
+	break;
+
+	case NID_safeContentsBag:
+		if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n");
+		print_attribs (out, bag->attrib, "Bag Attributes");
+		return dump_certs_pkeys_bags (out, bag->value.safes, pass,
+							    passlen, options, pempass);
+					
+	default:
+		BIO_printf (bio_err, "Warning unsupported bag type: ");
+		i2a_ASN1_OBJECT (bio_err, bag->type);
+		BIO_printf (bio_err, "\n");
+		return 1;
+	break;
+	}
+	return 1;
+}
+
+/* Given a single certificate return a verified chain or NULL if error */
+
+/* Hope this is OK .... */
+
+int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
+{
+	X509_STORE_CTX store_ctx;
+	STACK_OF(X509) *chn;
+	int i;
+
+	/* FIXME: Should really check the return status of X509_STORE_CTX_init
+	 * for an error, but how that fits into the return value of this
+	 * function is less obvious. */
+	X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
+	if (X509_verify_cert(&store_ctx) <= 0) {
+		i = X509_STORE_CTX_get_error (&store_ctx);
+		goto err;
+	}
+	chn =  X509_STORE_CTX_get1_chain(&store_ctx);
+	i = 0;
+	*chain = chn;
+err:
+	X509_STORE_CTX_cleanup(&store_ctx);
+	
+	return i;
+}	
+
+int alg_print (BIO *x, X509_ALGOR *alg)
+{
+	PBEPARAM *pbe;
+	unsigned char *p;
+	p = alg->parameter->value.sequence->data;
+	pbe = d2i_PBEPARAM (NULL, &p, alg->parameter->value.sequence->length);
+	BIO_printf (bio_err, "%s, Iteration %d\n", 
+	OBJ_nid2ln(OBJ_obj2nid(alg->algorithm)), ASN1_INTEGER_get(pbe->iter));
+	PBEPARAM_free (pbe);
+	return 0;
+}
+
+/* Load all certificates from a given file */
+
+int cert_load(BIO *in, STACK_OF(X509) *sk)
+{
+	int ret;
+	X509 *cert;
+	ret = 0;
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_push_info("cert_load(): reading one cert");
+#endif
+	while((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_pop_info();
+#endif
+		ret = 1;
+		sk_X509_push(sk, cert);
+#ifdef CRYPTO_MDEBUG
+		CRYPTO_push_info("cert_load(): reading one cert");
+#endif
+	}
+#ifdef CRYPTO_MDEBUG
+	CRYPTO_pop_info();
+#endif
+	if(ret) ERR_clear_error();
+	return ret;
+}
+
+/* Generalised attribute print: handle PKCS#8 and bag attributes */
+
+int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, char *name)
+{
+	X509_ATTRIBUTE *attr;
+	ASN1_TYPE *av;
+	char *value;
+	int i, attr_nid;
+	if(!attrlst) {
+		BIO_printf(out, "%s: <No Attributes>\n", name);
+		return 1;
+	}
+	if(!sk_X509_ATTRIBUTE_num(attrlst)) {
+		BIO_printf(out, "%s: <Empty Attributes>\n", name);
+		return 1;
+	}
+	BIO_printf(out, "%s\n", name);
+	for(i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
+		attr = sk_X509_ATTRIBUTE_value(attrlst, i);
+		attr_nid = OBJ_obj2nid(attr->object);
+		BIO_printf(out, "    ");
+		if(attr_nid == NID_undef) {
+			i2a_ASN1_OBJECT (out, attr->object);
+			BIO_printf(out, ": ");
+		} else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
+
+		if(sk_ASN1_TYPE_num(attr->value.set)) {
+			av = sk_ASN1_TYPE_value(attr->value.set, 0);
+			switch(av->type) {
+				case V_ASN1_BMPSTRING:
+        			value = uni2asc(av->value.bmpstring->data,
+                                	       av->value.bmpstring->length);
+				BIO_printf(out, "%s\n", value);
+				OPENSSL_free(value);
+				break;
+
+				case V_ASN1_OCTET_STRING:
+				hex_prin(out, av->value.octet_string->data,
+					av->value.octet_string->length);
+				BIO_printf(out, "\n");	
+				break;
+
+				case V_ASN1_BIT_STRING:
+				hex_prin(out, av->value.bit_string->data,
+					av->value.bit_string->length);
+				BIO_printf(out, "\n");	
+				break;
+
+				default:
+					BIO_printf(out, "<Unsupported tag %d>\n", av->type);
+				break;
+			}
+		} else BIO_printf(out, "<No Values>\n");
+	}
+	return 1;
+}
+
+void hex_prin(BIO *out, unsigned char *buf, int len)
+{
+	int i;
+	for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]);
+}
+
+#endif
diff --git a/apps/pkcs7.c b/apps/pkcs7.c
index 4105dbd9ef..738dd853ce 100644
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@@ -61,40 +61,36 @@
 #include <string.h>
 #include <time.h>
 #include "apps.h"
-#include "err.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
-#include "pkcs7.h"
-#include "pem.h"
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	pkcs7_main
 
-/* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
  * -outform arg - output format - default PEM
  * -in arg	- input file - default stdin
  * -out arg	- output file - default stdout
- * -des		- encrypt output if PEM format with DES in cbc mode
- * -des3	- encrypt output if PEM format
- * -idea	- encrypt output if PEM format
  * -print_certs
  */
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	PKCS7 *p7=NULL;
 	int i,badops=0;
-#if !defined(NO_DES) || !defined(NO_IDEA)
-	EVP_CIPHER *enc=NULL;
-#endif
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat;
-	char *infile,*outfile,*prog,buf[256];
-	int print_certs=0;
-	int ret=0;
+	char *infile,*outfile,*prog;
+	int print_certs=0,text=0,noout=0;
+	int ret=1;
+	char *engine=NULL;
 
 	apps_startup();
 
@@ -132,18 +128,17 @@ char **argv;
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-noout") == 0)
+			noout=1;
+		else if (strcmp(*argv,"-text") == 0)
+			text=1;
 		else if (strcmp(*argv,"-print_certs") == 0)
 			print_certs=1;
-#ifndef NO_DES
-		else if (strcmp(*argv,"-des") == 0)
-			enc=EVP_des_cbc();
-		else if (strcmp(*argv,"-des3") == 0)
-			enc=EVP_des_ede3_cbc();
-#endif
-#ifndef NO_IDEA
-		else if (strcmp(*argv,"-idea") == 0)
-			enc=EVP_idea_cbc();
-#endif
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -159,21 +154,22 @@ char **argv;
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -outform arg  output format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
+		BIO_printf(bio_err," -inform arg   input format - DER or PEM\n");
+		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");
+		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
-		BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
-		BIO_printf(bio_err," -des3         encrypt PEM output with ede cbc des using 168 bit key\n");
-#ifndef NO_IDEA
-		BIO_printf(bio_err," -idea         encrypt PEM output with cbc idea\n");
-#endif
-		EXIT(1);
+		BIO_printf(bio_err," -text         print full details of certificates\n");
+		BIO_printf(bio_err," -noout        don't output encoded data\n");
+		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
+		ret = 1;
+		goto end;
 		}
 
 	ERR_load_crypto_strings();
 
+        e = setup_engine(bio_err, engine, 0);
+
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
@@ -197,7 +193,7 @@ bad:
 	if	(informat == FORMAT_ASN1)
 		p7=d2i_PKCS7_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
-		p7=PEM_read_bio_PKCS7(in,NULL,NULL);
+		p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL);
 	else
 		{
 		BIO_printf(bio_err,"bad input format specified for pkcs7 object\n");
@@ -211,7 +207,15 @@ bad:
 		}
 
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -223,8 +227,8 @@ bad:
 
 	if (print_certs)
 		{
-		STACK *certs=NULL;
-		STACK *crls=NULL;
+		STACK_OF(X509) *certs=NULL;
+		STACK_OF(X509_CRL) *crls=NULL;
 
 		i=OBJ_obj2nid(p7->type);
 		switch (i)
@@ -245,22 +249,13 @@ bad:
 			{
 			X509 *x;
 
-			for (i=0; i<sk_num(certs); i++)
+			for (i=0; i<sk_X509_num(certs); i++)
 				{
-				x=(X509 *)sk_value(certs,i);
-
-				X509_NAME_oneline(X509_get_subject_name(x),
-					buf,256);
-				BIO_puts(out,"subject=");
-				BIO_puts(out,buf);
+				x=sk_X509_value(certs,i);
+				if(text) X509_print(out, x);
+				else dump_cert_text(out, x);
 
-				X509_NAME_oneline(X509_get_issuer_name(x),
-					buf,256);
-				BIO_puts(out,"\nissuer= ");
-				BIO_puts(out,buf);
-				BIO_puts(out,"\n");
-
-				PEM_write_bio_X509(out,x);
+				if(!noout) PEM_write_bio_X509(out,x);
 				BIO_puts(out,"\n");
 				}
 			}
@@ -268,21 +263,13 @@ bad:
 			{
 			X509_CRL *crl;
 
-			for (i=0; i<sk_num(crls); i++)
+			for (i=0; i<sk_X509_CRL_num(crls); i++)
 				{
-				crl=(X509_CRL *)sk_value(crls,i);
+				crl=sk_X509_CRL_value(crls,i);
 
-				X509_NAME_oneline(crl->crl->issuer,buf,256);
-				BIO_puts(out,"issuer= ");
-				BIO_puts(out,buf);
-
-				BIO_puts(out,"\nlast update=");
-				ASN1_UTCTIME_print(out,crl->crl->lastUpdate);
-				BIO_puts(out,"\nnext update=");
-				ASN1_UTCTIME_print(out,crl->crl->nextUpdate);
-				BIO_puts(out,"\n");
+				X509_CRL_print(out, crl);
 
-				PEM_write_bio_X509_CRL(out,crl);
+				if(!noout)PEM_write_bio_X509_CRL(out,crl);
 				BIO_puts(out,"\n");
 				}
 			}
@@ -291,25 +278,28 @@ bad:
 		goto end;
 		}
 
-	if 	(outformat == FORMAT_ASN1)
-		i=i2d_PKCS7_bio(out,p7);
-	else if (outformat == FORMAT_PEM)
-		i=PEM_write_bio_PKCS7(out,p7);
-	else	{
-		BIO_printf(bio_err,"bad output format specified for outfile\n");
-		goto end;
-		}
+	if(!noout) {
+		if 	(outformat == FORMAT_ASN1)
+			i=i2d_PKCS7_bio(out,p7);
+		else if (outformat == FORMAT_PEM)
+			i=PEM_write_bio_PKCS7(out,p7);
+		else	{
+			BIO_printf(bio_err,"bad output format specified for outfile\n");
+			goto end;
+			}
 
-	if (!i)
-		{
-		BIO_printf(bio_err,"unable to write pkcs7 object\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
+		if (!i)
+			{
+			BIO_printf(bio_err,"unable to write pkcs7 object\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+	}
 	ret=0;
 end:
 	if (p7 != NULL) PKCS7_free(p7);
 	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free(out);
-	EXIT(ret);
+	if (out != NULL) BIO_free_all(out);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
new file mode 100644
index 0000000000..1debccb17e
--- /dev/null
+++ b/apps/pkcs8.c
@@ -0,0 +1,362 @@
+/* pkcs8.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+
+#define PROG pkcs8_main
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+	ENGINE *e = NULL;
+	char **args, *infile = NULL, *outfile = NULL;
+	char *passargin = NULL, *passargout = NULL;
+	BIO *in = NULL, *out = NULL;
+	int topk8 = 0;
+	int pbe_nid = -1;
+	const EVP_CIPHER *cipher = NULL;
+	int iter = PKCS12_DEFAULT_ITER;
+	int informat, outformat;
+	int p8_broken = PKCS8_OK;
+	int nocrypt = 0;
+	X509_SIG *p8;
+	PKCS8_PRIV_KEY_INFO *p8inf;
+	EVP_PKEY *pkey=NULL;
+	char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
+	int badarg = 0;
+	char *engine=NULL;
+
+	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
+
+	informat=FORMAT_PEM;
+	outformat=FORMAT_PEM;
+
+	ERR_load_crypto_strings();
+	OpenSSL_add_all_algorithms();
+	args = argv + 1;
+	while (!badarg && *args && *args[0] == '-') {
+		if (!strcmp(*args,"-v2")) {
+			if (args[1]) {
+				args++;
+				cipher=EVP_get_cipherbyname(*args);
+				if(!cipher) {
+					BIO_printf(bio_err,
+						 "Unknown cipher %s\n", *args);
+					badarg = 1;
+				}
+			} else badarg = 1;
+		} else if (!strcmp(*args,"-v1")) {
+			if (args[1]) {
+				args++;
+				pbe_nid=OBJ_txt2nid(*args);
+				if(pbe_nid == NID_undef) {
+					BIO_printf(bio_err,
+						 "Unknown PBE algorithm %s\n", *args);
+					badarg = 1;
+				}
+			} else badarg = 1;
+		} else if (!strcmp(*args,"-inform")) {
+			if (args[1]) {
+				args++;
+				informat=str2fmt(*args);
+			} else badarg = 1;
+		} else if (!strcmp(*args,"-outform")) {
+			if (args[1]) {
+				args++;
+				outformat=str2fmt(*args);
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-topk8")) topk8 = 1;
+		else if (!strcmp (*args, "-noiter")) iter = 1;
+		else if (!strcmp (*args, "-nocrypt")) nocrypt = 1;
+		else if (!strcmp (*args, "-nooct")) p8_broken = PKCS8_NO_OCTET;
+		else if (!strcmp (*args, "-nsdb")) p8_broken = PKCS8_NS_DB;
+		else if (!strcmp (*args, "-embed")) p8_broken = PKCS8_EMBEDDED_PARAM;
+		else if (!strcmp(*args,"-passin"))
+			{
+			if (!args[1]) goto bad;
+			passargin= *(++args);
+			}
+		else if (!strcmp(*args,"-passout"))
+			{
+			if (!args[1]) goto bad;
+			passargout= *(++args);
+			}
+		else if (strcmp(*args,"-engine") == 0)
+			{
+			if (!args[1]) goto bad;
+			engine= *(++args);
+			}
+		else if (!strcmp (*args, "-in")) {
+			if (args[1]) {
+				args++;
+				infile = *args;
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-out")) {
+			if (args[1]) {
+				args++;
+				outfile = *args;
+			} else badarg = 1;
+		} else badarg = 1;
+		args++;
+	}
+
+	if (badarg) {
+		bad:
+		BIO_printf(bio_err, "Usage pkcs8 [options]\n");
+		BIO_printf(bio_err, "where options are\n");
+		BIO_printf(bio_err, "-in file        input file\n");
+		BIO_printf(bio_err, "-inform X       input format (DER or PEM)\n");
+		BIO_printf(bio_err, "-passin arg     input file pass phrase source\n");
+		BIO_printf(bio_err, "-outform X      output format (DER or PEM)\n");
+		BIO_printf(bio_err, "-out file       output file\n");
+		BIO_printf(bio_err, "-passout arg    output file pass phrase source\n");
+		BIO_printf(bio_err, "-topk8          output PKCS8 file\n");
+		BIO_printf(bio_err, "-nooct          use (nonstandard) no octet format\n");
+		BIO_printf(bio_err, "-embed          use (nonstandard) embedded DSA parameters format\n");
+		BIO_printf(bio_err, "-nsdb           use (nonstandard) DSA Netscape DB format\n");
+		BIO_printf(bio_err, "-noiter         use 1 as iteration count\n");
+		BIO_printf(bio_err, "-nocrypt        use or expect unencrypted private key\n");
+		BIO_printf(bio_err, "-v2 alg         use PKCS#5 v2.0 and cipher \"alg\"\n");
+		BIO_printf(bio_err, "-v1 obj         use PKCS#5 v1.5 and cipher \"alg\"\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
+		return (1);
+	}
+
+        e = setup_engine(bio_err, engine, 0);
+
+	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+		BIO_printf(bio_err, "Error getting passwords\n");
+		return (1);
+	}
+
+	if ((pbe_nid == -1) && !cipher) pbe_nid = NID_pbeWithMD5AndDES_CBC;
+
+	if (infile) {
+		if (!(in = BIO_new_file(infile, "rb"))) {
+			BIO_printf(bio_err,
+				 "Can't open input file %s\n", infile);
+			return (1);
+		}
+	} else in = BIO_new_fp (stdin, BIO_NOCLOSE);
+
+	if (outfile) {
+		if (!(out = BIO_new_file (outfile, "wb"))) {
+			BIO_printf(bio_err,
+				 "Can't open output file %s\n", outfile);
+			return (1);
+		}
+	} else {
+		out = BIO_new_fp (stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+			out = BIO_push(tmpbio, out);
+		}
+#endif
+	}
+	if (topk8)
+		{
+		BIO_free(in); /* Not needed in this section */
+		pkey = load_key(bio_err, infile, informat, 1,
+			passin, e, "key");
+		if (!pkey) {
+			return (1);
+		}
+		if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
+			BIO_printf(bio_err, "Error converting key\n", outfile);
+			ERR_print_errors(bio_err);
+			return (1);
+		}
+		if(nocrypt) {
+			if(outformat == FORMAT_PEM) 
+				PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
+			else if(outformat == FORMAT_ASN1)
+				i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
+			else {
+				BIO_printf(bio_err, "Bad format specified for key\n");
+				return (1);
+			}
+		} else {
+			if(passout) p8pass = passout;
+			else {
+				p8pass = pass;
+				if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
+					return (1);
+			}
+			app_RAND_load_file(NULL, bio_err, 0);
+			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
+					p8pass, strlen(p8pass),
+					NULL, 0, iter, p8inf))) {
+				BIO_printf(bio_err, "Error encrypting key\n",
+								 outfile);
+				ERR_print_errors(bio_err);
+				return (1);
+			}
+			app_RAND_write_file(NULL, bio_err);
+			if(outformat == FORMAT_PEM) 
+				PEM_write_bio_PKCS8(out, p8);
+			else if(outformat == FORMAT_ASN1)
+				i2d_PKCS8_bio(out, p8);
+			else {
+				BIO_printf(bio_err, "Bad format specified for key\n");
+				return (1);
+			}
+			X509_SIG_free(p8);
+		}
+		PKCS8_PRIV_KEY_INFO_free (p8inf);
+		EVP_PKEY_free(pkey);
+		BIO_free_all(out);
+		if(passin) OPENSSL_free(passin);
+		if(passout) OPENSSL_free(passout);
+		return (0);
+	}
+
+	if(nocrypt) {
+		if(informat == FORMAT_PEM) 
+			p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL);
+		else if(informat == FORMAT_ASN1)
+			p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
+		else {
+			BIO_printf(bio_err, "Bad format specified for key\n");
+			return (1);
+		}
+	} else {
+		if(informat == FORMAT_PEM) 
+			p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
+		else if(informat == FORMAT_ASN1)
+			p8 = d2i_PKCS8_bio(in, NULL);
+		else {
+			BIO_printf(bio_err, "Bad format specified for key\n");
+			return (1);
+		}
+
+		if (!p8) {
+			BIO_printf (bio_err, "Error reading key\n", outfile);
+			ERR_print_errors(bio_err);
+			return (1);
+		}
+		if(passin) p8pass = passin;
+		else {
+			p8pass = pass;
+			EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
+		}
+		p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
+		X509_SIG_free(p8);
+	}
+
+	if (!p8inf) {
+		BIO_printf(bio_err, "Error decrypting key\n", outfile);
+		ERR_print_errors(bio_err);
+		return (1);
+	}
+
+	if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
+		BIO_printf(bio_err, "Error converting key\n", outfile);
+		ERR_print_errors(bio_err);
+		return (1);
+	}
+	
+	if (p8inf->broken) {
+		BIO_printf(bio_err, "Warning: broken key encoding: ");
+		switch (p8inf->broken) {
+			case PKCS8_NO_OCTET:
+			BIO_printf(bio_err, "No Octet String in PrivateKey\n");
+			break;
+
+			case PKCS8_EMBEDDED_PARAM:
+			BIO_printf(bio_err, "DSA parameters included in PrivateKey\n");
+			break;
+
+			case PKCS8_NS_DB:
+			BIO_printf(bio_err, "DSA public key include in PrivateKey\n");
+			break;
+
+			default:
+			BIO_printf(bio_err, "Unknown broken type\n");
+			break;
+		}
+	}
+	
+	PKCS8_PRIV_KEY_INFO_free(p8inf);
+	if(outformat == FORMAT_PEM) 
+		PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
+	else if(outformat == FORMAT_ASN1)
+		i2d_PrivateKey_bio(out, pkey);
+	else {
+		BIO_printf(bio_err, "Bad format specified for key\n");
+			return (1);
+	}
+
+	end:
+	EVP_PKEY_free(pkey);
+	BIO_free_all(out);
+	BIO_free(in);
+	if(passin) OPENSSL_free(passin);
+	if(passout) OPENSSL_free(passout);
+
+	return (0);
+}
diff --git a/apps/progs.h b/apps/progs.h
index 578bfcf510..999de31bdd 100644
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -1,19 +1,27 @@
-#ifndef NOPROTO
+/* apps/progs.h */
+/* automatically generated by progs.pl for openssl.c */
+
 extern int verify_main(int argc,char *argv[]);
 extern int asn1parse_main(int argc,char *argv[]);
 extern int req_main(int argc,char *argv[]);
 extern int dgst_main(int argc,char *argv[]);
 extern int dh_main(int argc,char *argv[]);
+extern int dhparam_main(int argc,char *argv[]);
 extern int enc_main(int argc,char *argv[]);
+extern int passwd_main(int argc,char *argv[]);
 extern int gendh_main(int argc,char *argv[]);
 extern int errstr_main(int argc,char *argv[]);
 extern int ca_main(int argc,char *argv[]);
 extern int crl_main(int argc,char *argv[]);
 extern int rsa_main(int argc,char *argv[]);
+extern int rsautl_main(int argc,char *argv[]);
 extern int dsa_main(int argc,char *argv[]);
 extern int dsaparam_main(int argc,char *argv[]);
+extern int ec_main(int argc,char *argv[]);
+extern int ecparam_main(int argc,char *argv[]);
 extern int x509_main(int argc,char *argv[]);
 extern int genrsa_main(int argc,char *argv[]);
+extern int gendsa_main(int argc,char *argv[]);
 extern int s_server_main(int argc,char *argv[]);
 extern int s_client_main(int argc,char *argv[]);
 extern int speed_main(int argc,char *argv[]);
@@ -23,34 +31,14 @@ extern int pkcs7_main(int argc,char *argv[]);
 extern int crl2pkcs7_main(int argc,char *argv[]);
 extern int sess_id_main(int argc,char *argv[]);
 extern int ciphers_main(int argc,char *argv[]);
-#else
-extern int verify_main();
-extern int asn1parse_main();
-extern int req_main();
-extern int dgst_main();
-extern int dh_main();
-extern int enc_main();
-extern int gendh_main();
-extern int errstr_main();
-extern int ca_main();
-extern int crl_main();
-extern int rsa_main();
-extern int dsa_main();
-extern int dsaparam_main();
-extern int x509_main();
-extern int genrsa_main();
-extern int s_server_main();
-extern int s_client_main();
-extern int speed_main();
-extern int s_time_main();
-extern int version_main();
-extern int pkcs7_main();
-extern int crl2pkcs7_main();
-extern int sess_id_main();
-extern int ciphers_main();
-#endif
-
-#ifdef SSLEAY_SRC
+extern int nseq_main(int argc,char *argv[]);
+extern int pkcs12_main(int argc,char *argv[]);
+extern int pkcs8_main(int argc,char *argv[]);
+extern int spkac_main(int argc,char *argv[]);
+extern int smime_main(int argc,char *argv[]);
+extern int rand_main(int argc,char *argv[]);
+extern int engine_main(int argc,char *argv[]);
+extern int ocsp_main(int argc,char *argv[]);
 
 #define FUNC_TYPE_GENERAL	1
 #define FUNC_TYPE_MD		2
@@ -65,188 +53,248 @@ typedef struct {
 FUNCTION functions[] = {
 	{FUNC_TYPE_GENERAL,"verify",verify_main},
 	{FUNC_TYPE_GENERAL,"asn1parse",asn1parse_main},
-#ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"req",req_main},
-#endif
 	{FUNC_TYPE_GENERAL,"dgst",dgst_main},
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	{FUNC_TYPE_GENERAL,"dh",dh_main},
 #endif
+#ifndef OPENSSL_NO_DH
+	{FUNC_TYPE_GENERAL,"dhparam",dhparam_main},
+#endif
 	{FUNC_TYPE_GENERAL,"enc",enc_main},
-#ifndef NO_DH
+	{FUNC_TYPE_GENERAL,"passwd",passwd_main},
+#ifndef OPENSSL_NO_DH
 	{FUNC_TYPE_GENERAL,"gendh",gendh_main},
 #endif
 	{FUNC_TYPE_GENERAL,"errstr",errstr_main},
-#ifndef NO_RSA
 	{FUNC_TYPE_GENERAL,"ca",ca_main},
-#endif
 	{FUNC_TYPE_GENERAL,"crl",crl_main},
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	{FUNC_TYPE_GENERAL,"rsa",rsa_main},
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_RSA
+	{FUNC_TYPE_GENERAL,"rsautl",rsautl_main},
+#endif
+#ifndef OPENSSL_NO_DSA
 	{FUNC_TYPE_GENERAL,"dsa",dsa_main},
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	{FUNC_TYPE_GENERAL,"dsaparam",dsaparam_main},
 #endif
-#ifndef NO_RSA
-	{FUNC_TYPE_GENERAL,"x509",x509_main},
+#ifndef OPENSSL_NO_EC
+	{FUNC_TYPE_GENERAL,"ec",ec_main},
 #endif
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_EC
+	{FUNC_TYPE_GENERAL,"ecparam",ecparam_main},
+#endif
+	{FUNC_TYPE_GENERAL,"x509",x509_main},
+#ifndef OPENSSL_NO_RSA
 	{FUNC_TYPE_GENERAL,"genrsa",genrsa_main},
 #endif
-#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
+#ifndef OPENSSL_NO_DSA
+	{FUNC_TYPE_GENERAL,"gendsa",gendsa_main},
+#endif
+#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
 	{FUNC_TYPE_GENERAL,"s_server",s_server_main},
 #endif
-#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
+#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
 	{FUNC_TYPE_GENERAL,"s_client",s_client_main},
 #endif
 	{FUNC_TYPE_GENERAL,"speed",speed_main},
-#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
+#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
 	{FUNC_TYPE_GENERAL,"s_time",s_time_main},
 #endif
 	{FUNC_TYPE_GENERAL,"version",version_main},
 	{FUNC_TYPE_GENERAL,"pkcs7",pkcs7_main},
 	{FUNC_TYPE_GENERAL,"crl2pkcs7",crl2pkcs7_main},
 	{FUNC_TYPE_GENERAL,"sess_id",sess_id_main},
-#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))
+#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
 	{FUNC_TYPE_GENERAL,"ciphers",ciphers_main},
 #endif
+	{FUNC_TYPE_GENERAL,"nseq",nseq_main},
+#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)
+	{FUNC_TYPE_GENERAL,"pkcs12",pkcs12_main},
+#endif
+	{FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
+	{FUNC_TYPE_GENERAL,"spkac",spkac_main},
+	{FUNC_TYPE_GENERAL,"smime",smime_main},
+	{FUNC_TYPE_GENERAL,"rand",rand_main},
+	{FUNC_TYPE_GENERAL,"engine",engine_main},
+	{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
+#ifndef OPENSSL_NO_MD2
 	{FUNC_TYPE_MD,"md2",dgst_main},
+#endif
+#ifndef OPENSSL_NO_MD4
+	{FUNC_TYPE_MD,"md4",dgst_main},
+#endif
+#ifndef OPENSSL_NO_MD5
 	{FUNC_TYPE_MD,"md5",dgst_main},
+#endif
+#ifndef OPENSSL_NO_SHA
 	{FUNC_TYPE_MD,"sha",dgst_main},
+#endif
+#ifndef OPENSSL_NO_SHA1
 	{FUNC_TYPE_MD,"sha1",dgst_main},
+#endif
+#ifndef OPENSSL_NO_MDC2
 	{FUNC_TYPE_MD,"mdc2",dgst_main},
+#endif
+#ifndef OPENSSL_NO_RMD160
 	{FUNC_TYPE_MD,"rmd160",dgst_main},
+#endif
+#ifndef OPENSSL_NO_AES
+	{FUNC_TYPE_CIPHER,"aes-128-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+	{FUNC_TYPE_CIPHER,"aes-128-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+	{FUNC_TYPE_CIPHER,"aes-192-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+	{FUNC_TYPE_CIPHER,"aes-192-ecb",enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+	{FUNC_TYPE_CIPHER,"aes-256-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_AES
+	{FUNC_TYPE_CIPHER,"aes-256-ecb",enc_main},
+#endif
 	{FUNC_TYPE_CIPHER,"base64",enc_main},
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des3",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"desx",enc_main},
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea",enc_main},
 #endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 	{FUNC_TYPE_CIPHER,"rc4",enc_main},
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC4
+	{FUNC_TYPE_CIPHER,"rc4-40",enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2",enc_main},
 #endif
-#ifndef NO_BLOWFISH
+#ifndef OPENSSL_NO_BF
 	{FUNC_TYPE_CIPHER,"bf",enc_main},
 #endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 	{FUNC_TYPE_CIPHER,"cast",enc_main},
 #endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-ecb",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede3",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-cbc",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede-cbc",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede3-cbc",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-cfb",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede-cfb",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede3-cfb",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-ofb",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede-ofb",enc_main},
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	{FUNC_TYPE_CIPHER,"des-ede3-ofb",enc_main},
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea-cbc",enc_main},
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea-ecb",enc_main},
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea-cfb",enc_main},
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 	{FUNC_TYPE_CIPHER,"idea-ofb",enc_main},
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-cbc",enc_main},
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-ecb",enc_main},
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-cfb",enc_main},
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 	{FUNC_TYPE_CIPHER,"rc2-ofb",enc_main},
 #endif
-#ifndef NO_BLOWFISH
+#ifndef OPENSSL_NO_RC2
+	{FUNC_TYPE_CIPHER,"rc2-64-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_RC2
+	{FUNC_TYPE_CIPHER,"rc2-40-cbc",enc_main},
+#endif
+#ifndef OPENSSL_NO_BF
 	{FUNC_TYPE_CIPHER,"bf-cbc",enc_main},
 #endif
-#ifndef NO_BLOWFISH
+#ifndef OPENSSL_NO_BF
 	{FUNC_TYPE_CIPHER,"bf-ecb",enc_main},
 #endif
-#ifndef NO_BLOWFISH
+#ifndef OPENSSL_NO_BF
 	{FUNC_TYPE_CIPHER,"bf-cfb",enc_main},
 #endif
-#ifndef NO_BLOWFISH
+#ifndef OPENSSL_NO_BF
 	{FUNC_TYPE_CIPHER,"bf-ofb",enc_main},
 #endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 	{FUNC_TYPE_CIPHER,"cast5-cbc",enc_main},
 #endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 	{FUNC_TYPE_CIPHER,"cast5-ecb",enc_main},
 #endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 	{FUNC_TYPE_CIPHER,"cast5-cfb",enc_main},
 #endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 	{FUNC_TYPE_CIPHER,"cast5-ofb",enc_main},
 #endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 	{FUNC_TYPE_CIPHER,"cast-cbc",enc_main},
 #endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5-cbc",enc_main},
 #endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5-ecb",enc_main},
 #endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5-cfb",enc_main},
 #endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 	{FUNC_TYPE_CIPHER,"rc5-ofb",enc_main},
 #endif
 	{0,NULL,NULL}
 	};
-#endif
-
diff --git a/apps/progs.pl b/apps/progs.pl
index 4c63e86ea5..c94f49bbf0 100644
--- a/apps/progs.pl
+++ b/apps/progs.pl
@@ -1,24 +1,15 @@
 #!/usr/local/bin/perl
 
-$mkprog='mklinks';
-$rmprog='rmlinks';
-
-print "#ifndef NOPROTO\n";
+print "/* apps/progs.h */\n";
+print "/* automatically generated by progs.pl for openssl.c */\n\n";
 
 grep(s/^asn1pars$/asn1parse/,@ARGV);
 
 foreach (@ARGV)
 	{ printf "extern int %s_main(int argc,char *argv[]);\n",$_; }
-print "#else\n";
-foreach (@ARGV)
-	{ printf "extern int %s_main();\n",$_; }
-print "#endif\n";
-
 
 print <<'EOF';
 
-#ifdef SSLEAY_SRC
-
 #define FUNC_TYPE_GENERAL	1
 #define FUNC_TYPE_MD		2
 #define FUNC_TYPE_CIPHER	3
@@ -37,33 +28,40 @@ foreach (@ARGV)
 	push(@files,$_);
 	$str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n";
 	if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/))
-		{ print "#if !defined(NO_SOCK) && !(defined(NO_SSL2) && defined(O_SSL3))\n${str}#endif\n"; } 
-	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) ||
-		($_ =~ /^req$/) || ($_ =~ /^ca$/) || ($_ =~ /^x509$/))
-		{ print "#ifndef NO_RSA\n${str}#endif\n";  }
+		{ print "#if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))\n${str}#endif\n"; } 
+	elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/)) 
+		{ print "#ifndef OPENSSL_NO_RSA\n${str}#endif\n";  }
 	elsif ( ($_ =~ /^dsa$/) || ($_ =~ /^gendsa$/) || ($_ =~ /^dsaparam$/))
-		{ print "#ifndef NO_DSA\n${str}#endif\n"; }
-	elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/))
-		{ print "#ifndef NO_DH\n${str}#endif\n"; }
+		{ print "#ifndef OPENSSL_NO_DSA\n${str}#endif\n"; }
+	elsif ( ($_ =~ /^ec$/) || ($_ =~ /^ecparam$/))
+		{ print "#ifndef OPENSSL_NO_EC\n${str}#endif\n";}
+	elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/))
+		{ print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; }
+	elsif ( ($_ =~ /^pkcs12$/))
+		{ print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; }
 	else
 		{ print $str; }
 	}
 
-foreach ("md2","md5","sha","sha1","mdc2","rmd160")
+foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160")
 	{
 	push(@files,$_);
-	printf "\t{FUNC_TYPE_MD,\"%s\",dgst_main},\n",$_;
+	printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n";
 	}
 
 foreach (
+	"aes-128-cbc", "aes-128-ecb",
+	"aes-192-cbc", "aes-192-ecb",
+	"aes-256-cbc", "aes-256-ecb",
 	"base64",
-	"des", "des3", "desx", "idea", "rc4", "rc2","bf","cast","rc5",
+	"des", "des3", "desx", "idea", "rc4", "rc4-40",
+	"rc2", "bf", "cast", "rc5",
 	"des-ecb", "des-ede",    "des-ede3",
 	"des-cbc", "des-ede-cbc","des-ede3-cbc",
 	"des-cfb", "des-ede-cfb","des-ede3-cfb",
 	"des-ofb", "des-ede-ofb","des-ede3-ofb",
 	"idea-cbc","idea-ecb",   "idea-cfb", "idea-ofb",
-	"rc2-cbc", "rc2-ecb",    "rc2-cfb",  "rc2-ofb",
+	"rc2-cbc", "rc2-ecb", "rc2-cfb","rc2-ofb", "rc2-64-cbc", "rc2-40-cbc",
 	"bf-cbc",  "bf-ecb",     "bf-cfb",   "bf-ofb",
 	"cast5-cbc","cast5-ecb", "cast5-cfb","cast5-ofb",
 	"cast-cbc", "rc5-cbc",   "rc5-ecb",  "rc5-cfb",  "rc5-ofb")
@@ -71,44 +69,15 @@ foreach (
 	push(@files,$_);
 
 	$t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_);
-	if    ($_ =~ /des/)  { $t="#ifndef NO_DES\n${t}#endif\n"; }
-	elsif ($_ =~ /idea/) { $t="#ifndef NO_IDEA\n${t}#endif\n"; }
-	elsif ($_ =~ /rc4/)  { $t="#ifndef NO_RC4\n${t}#endif\n"; }
-	elsif ($_ =~ /rc2/)  { $t="#ifndef NO_RC2\n${t}#endif\n"; }
-	elsif ($_ =~ /bf/)   { $t="#ifndef NO_BLOWFISH\n${t}#endif\n"; }
-	elsif ($_ =~ /cast/) { $t="#ifndef NO_CAST\n${t}#endif\n"; }
-	elsif ($_ =~ /rc5/)  { $t="#ifndef NO_RC5\n${t}#endif\n"; }
+	if    ($_ =~ /des/)  { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; }
+	elsif ($_ =~ /aes/)  { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; }
+	elsif ($_ =~ /idea/) { $t="#ifndef OPENSSL_NO_IDEA\n${t}#endif\n"; }
+	elsif ($_ =~ /rc4/)  { $t="#ifndef OPENSSL_NO_RC4\n${t}#endif\n"; }
+	elsif ($_ =~ /rc2/)  { $t="#ifndef OPENSSL_NO_RC2\n${t}#endif\n"; }
+	elsif ($_ =~ /bf/)   { $t="#ifndef OPENSSL_NO_BF\n${t}#endif\n"; }
+	elsif ($_ =~ /cast/) { $t="#ifndef OPENSSL_NO_CAST\n${t}#endif\n"; }
+	elsif ($_ =~ /rc5/)  { $t="#ifndef OPENSSL_NO_RC5\n${t}#endif\n"; }
 	print $t;
 	}
 
 print "\t{0,NULL,NULL}\n\t};\n";
-print "#endif\n\n";
-
-open(OUT,">$mkprog") || die "unable to open '$prog':$!\n";
-print OUT "#!/bin/sh\nfor i in ";
-foreach (@files)
-	{ print OUT $_." "; }
-print OUT <<'EOF';
-
-do
-echo making symlink for $i
-/bin/rm -f $i
-ln -s ssleay $i
-done
-EOF
-close(OUT);
-chmod(0755,$mkprog);
-
-open(OUT,">$rmprog") || die "unable to open '$prog':$!\n";
-print OUT "#!/bin/sh\nfor i in ";
-foreach (@files)
-	{ print OUT $_." "; }
-print OUT <<'EOF';
-
-do
-echo removing $i
-/bin/rm -f $i
-done
-EOF
-close(OUT);
-chmod(0755,$rmprog);
diff --git a/apps/rand.c b/apps/rand.c
new file mode 100644
index 0000000000..eaaa6e35a6
--- /dev/null
+++ b/apps/rand.c
@@ -0,0 +1,217 @@
+/* apps/rand.c */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "apps.h"
+
+#include <ctype.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+#undef PROG
+#define PROG rand_main
+
+/* -out file         - write to file
+ * -rand file:file   - PRNG seed files
+ * -base64           - encode output
+ * num               - write 'num' bytes
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+	{
+	ENGINE *e = NULL;
+	int i, r, ret = 1;
+	int badopt;
+	char *outfile = NULL;
+	char *inrand = NULL;
+	int base64 = 0;
+	BIO *out = NULL;
+	int num = -1;
+	char *engine=NULL;
+
+	apps_startup();
+
+	if (bio_err == NULL)
+		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+
+	if (!load_config(bio_err, NULL))
+		goto err;
+
+	badopt = 0;
+	i = 0;
+	while (!badopt && argv[++i] != NULL)
+		{
+		if (strcmp(argv[i], "-out") == 0)
+			{
+			if ((argv[i+1] != NULL) && (outfile == NULL))
+				outfile = argv[++i];
+			else
+				badopt = 1;
+			}
+		else if (strcmp(argv[i], "-engine") == 0)
+			{
+			if ((argv[i+1] != NULL) && (engine == NULL))
+				engine = argv[++i];
+			else
+				badopt = 1;
+			}
+		else if (strcmp(argv[i], "-rand") == 0)
+			{
+			if ((argv[i+1] != NULL) && (inrand == NULL))
+				inrand = argv[++i];
+			else
+				badopt = 1;
+			}
+		else if (strcmp(argv[i], "-base64") == 0)
+			{
+			if (!base64)
+				base64 = 1;
+			else
+				badopt = 1;
+			}
+		else if (isdigit((unsigned char)argv[i][0]))
+			{
+			if (num < 0)
+				{
+				r = sscanf(argv[i], "%d", &num);
+				if (r == 0 || num < 0)
+					badopt = 1;
+				}
+			else
+				badopt = 1;
+			}
+		else
+			badopt = 1;
+		}
+
+	if (num < 0)
+		badopt = 1;
+	
+	if (badopt) 
+		{
+		BIO_printf(bio_err, "Usage: rand [options] num\n");
+		BIO_printf(bio_err, "where options are\n");
+		BIO_printf(bio_err, "-out file             - write to file\n");
+		BIO_printf(bio_err, "-engine e             - use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err, "-base64               - encode output\n");
+		goto err;
+		}
+
+        e = setup_engine(bio_err, engine, 0);
+
+	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+	if (inrand != NULL)
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+			app_RAND_load_files(inrand));
+
+	out = BIO_new(BIO_s_file());
+	if (out == NULL)
+		goto err;
+	if (outfile != NULL)
+		r = BIO_write_filename(out, outfile);
+	else
+		{
+		r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
+#ifdef OPENSSL_SYS_VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
+	if (r <= 0)
+		goto err;
+
+	if (base64)
+		{
+		BIO *b64 = BIO_new(BIO_f_base64());
+		if (b64 == NULL)
+			goto err;
+		out = BIO_push(b64, out);
+		}
+	
+	while (num > 0) 
+		{
+		unsigned char buf[4096];
+		int chunk;
+
+		chunk = num;
+		if (chunk > sizeof buf)
+			chunk = sizeof buf;
+		r = RAND_bytes(buf, chunk);
+		if (r <= 0)
+			goto err;
+		BIO_write(out, buf, chunk);
+		num -= chunk;
+		}
+	BIO_flush(out);
+
+	app_RAND_write_file(NULL, bio_err);
+	ret = 0;
+	
+err:
+	ERR_print_errors(bio_err);
+	if (out)
+		BIO_free_all(out);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
+	}
diff --git a/apps/req.c b/apps/req.c
index 9af5b49570..a582e69775 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -60,26 +60,32 @@
 #include <stdlib.h>
 #include <time.h>
 #include <string.h>
-#ifdef NO_STDIO
+#ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
-#include "bio.h"
-#include "evp.h"
-#include "rand.h"
-#include "conf.h"
-#include "err.h"
-#include "asn1.h"
-#include "x509.h"
-#include "objects.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
+#include "../crypto/cryptlib.h"
 
 #define SECTION		"req"
 
 #define BITS		"default_bits"
 #define KEYFILE		"default_keyfile"
+#define PROMPT		"prompt"
 #define DISTINGUISHED_NAME	"distinguished_name"
 #define ATTRIBUTES	"attributes"
+#define V3_EXTENSIONS	"x509_extensions"
+#define REQ_EXTENSIONS	"req_extensions"
+#define STRING_MASK	"string_mask"
+#define UTF8_IN		"utf8"
 
 #define DEFAULT_KEY_LENGTH	512
 #define MIN_KEY_LENGTH		384
@@ -87,7 +93,7 @@
 #undef PROG
 #define PROG	req_main
 
-/* -inform arg	- input format - default PEM (one of DER, TXT or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
  * -outform arg - output format - default PEM
  * -in arg	- input file - default stdin
  * -out arg	- output file - default stdout
@@ -97,65 +103,90 @@
  * -nodes	- no des encryption
  * -config file	- Load configuration file.
  * -key file	- make a request using key in file (or use it for verification).
- * -keyform	- key file format.
+ * -keyform arg	- key file format.
+ * -rand file(s) - load the file(s) into the PRNG.
  * -newkey	- make a key and a request.
  * -modulus	- print RSA modulus.
+ * -pubkey	- output Public Key.
  * -x509	- output a self signed X509 structure instead.
  * -asn1-kludge	- output new certificate request in a format that some CA's
  *		  require.  This format is wrong
  */
 
-#ifndef NOPROTO
-static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,int attribs);
-static int add_attribute_object(STACK *n, char *text, char *def, 
-	char *value, int nid,int min,int max);
+static int make_REQ(X509_REQ *req,EVP_PKEY *pkey,char *dn,int attribs,
+		unsigned long chtype);
+static int build_subject(X509_REQ *req, char *subj, unsigned long chtype);
+static int prompt_info(X509_REQ *req,
+		STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
+		STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,
+		unsigned long chtype);
+static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
+				STACK_OF(CONF_VALUE) *attr, int attribs,
+				unsigned long chtype);
+static int add_attribute_object(X509_REQ *req, char *text,
+				char *def, char *value, int nid, int n_min,
+				int n_max, unsigned long chtype);
 static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
-	int nid,int min,int max);
-static void MS_CALLBACK req_cb(int p,int n,char *arg);
-static int req_fix_data(int nid,int *type,int len,int min,int max);
-#else
-static int make_REQ();
-static int add_attribute_object();
-static int add_DN_object();
-static void MS_CALLBACK req_cb();
-static int req_fix_data();
+	int nid,int n_min,int n_max, unsigned long chtype);
+#ifndef OPENSSL_NO_RSA
+static void MS_CALLBACK req_cb(int p,int n,void *arg);
 #endif
-
+static int req_check_len(int len,int n_min,int n_max);
+static int check_end(char *str, char *end);
 #ifndef MONOLITH
 static char *default_config_file=NULL;
-static LHASH *config=NULL;
+static CONF *config=NULL;
 #endif
-static LHASH *req_conf=NULL;
+static CONF *req_conf=NULL;
+static int batch=0;
 
 #define TYPE_RSA	1
 #define TYPE_DSA	2
 #define TYPE_DH		3
+#define TYPE_EC		4
+
+int MAIN(int, char **);
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
-#ifndef NO_DSA
+	ENGINE *e = NULL;
+#ifndef OPENSSL_NO_DSA
 	DSA *dsa_params=NULL;
 #endif
+#ifndef OPENSSL_NO_ECDSA
+	EC_KEY *ec_params = NULL;
+#endif
+	unsigned long nmflag = 0, reqflag = 0;
 	int ex=1,x509=0,days=30;
 	X509 *x509ss=NULL;
 	X509_REQ *req=NULL;
 	EVP_PKEY *pkey=NULL;
-	int i,badops=0,newreq=0,newkey= -1,pkey_type=0;
+	int i=0,badops=0,newreq=0,verbose=0,pkey_type=TYPE_RSA;
+	long newkey = -1;
 	BIO *in=NULL,*out=NULL;
 	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
-	int nodes=0,kludge=0;
+	int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0;
 	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
-	EVP_CIPHER *cipher=NULL;
+	char *engine=NULL;
+	char *extensions = NULL;
+	char *req_exts = NULL;
+	const EVP_CIPHER *cipher=NULL;
+	ASN1_INTEGER *serial = NULL;
 	int modulus=0;
+	char *inrand=NULL;
+	char *passargin = NULL, *passargout = NULL;
+	char *passin = NULL, *passout = NULL;
 	char *p;
-	EVP_MD *md_alg=NULL,*digest=EVP_md5();
+	char *subj = NULL;
+	const EVP_MD *md_alg=NULL,*digest=EVP_md5();
+	unsigned long chtype = MBSTRING_ASC;
 #ifndef MONOLITH
-	MS_STATIC char config_name[256];
+	char *to_free;
+	long errline;
 #endif
 
-#ifndef NO_DES
+	req_conf = NULL;
+#ifndef OPENSSL_NO_DES
 	cipher=EVP_des_ede3_cbc();
 #endif
 	apps_startup();
@@ -184,14 +215,22 @@ char **argv;
 			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
 			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-key") == 0)
 			{
 			if (--argc < 1) goto bad;
 			keyfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-pubkey") == 0)
+			{
+			pubkey=1;
+			}
 		else if (strcmp(*argv,"-new") == 0)
 			{
-			pkey_type=TYPE_RSA;
 			newreq=1;
 			}
 		else if (strcmp(*argv,"-config") == 0)
@@ -219,19 +258,37 @@ char **argv;
 			if (--argc < 1) goto bad;
 			keyout= *(++argv);
 			}
+		else if (strcmp(*argv,"-passin") == 0)
+			{
+			if (--argc < 1) goto bad;
+			passargin= *(++argv);
+			}
+		else if (strcmp(*argv,"-passout") == 0)
+			{
+			if (--argc < 1) goto bad;
+			passargout= *(++argv);
+			}
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
+			inrand= *(++argv);
+			}
 		else if (strcmp(*argv,"-newkey") == 0)
 			{
+			int is_numeric;
+
 			if (--argc < 1) goto bad;
 			p= *(++argv);
-			if ((strncmp("rsa:",p,4) == 0) ||
-				((p[0] >= '0') && (p[0] <= '9')))
+			is_numeric = p[0] >= '0' && p[0] <= '9';
+			if (strncmp("rsa:",p,4) == 0 || is_numeric)
 				{
 				pkey_type=TYPE_RSA;
-				p+=4;
+				if(!is_numeric)
+				    p+=4;
 				newkey= atoi(p);
 				}
 			else
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 				if (strncmp("dsa:",p,4) == 0)
 				{
 				X509 *xtmp=NULL;
@@ -244,21 +301,20 @@ char **argv;
 					perror(p);
 					goto end;
 					}
-				if ((dsa_params=PEM_read_bio_DSAparams(in,NULL,NULL)) == NULL)
+				if ((dsa_params=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)
 					{
 					ERR_clear_error();
-					BIO_reset(in);
-					if ((xtmp=PEM_read_bio_X509(in,NULL,NULL)) == NULL)
+					(void)BIO_reset(in);
+					if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
 						{
 						BIO_printf(bio_err,"unable to load DSA parameters from file\n");
 						goto end;
 						}
 
-					/* This will 'disapear'
-					 * when we free xtmp */
-					dtmp=X509_get_pubkey(xtmp);
+					if ((dtmp=X509_get_pubkey(xtmp)) == NULL) goto end;
 					if (dtmp->type == EVP_PKEY_DSA)
 						dsa_params=DSAparams_dup(dtmp->pkey.dsa);
+					EVP_PKEY_free(dtmp);
 					X509_free(xtmp);
 					if (dsa_params == NULL)
 						{
@@ -267,12 +323,60 @@ char **argv;
 						}
 					}
 				BIO_free(in);
-				newkey=BN_num_bits(dsa_params->p);
 				in=NULL;
+				newkey=BN_num_bits(dsa_params->p);
 				}
 			else 
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_ECDSA
+				if (strncmp("ec:",p,3) == 0)
+				{
+				X509 *xtmp=NULL;
+				EVP_PKEY *dtmp;
+
+				pkey_type=TYPE_EC;
+				p+=3;
+				if ((in=BIO_new_file(p,"r")) == NULL)
+					{
+					perror(p);
+					goto end;
+					}
+				if ((ec_params = EC_KEY_new()) == NULL)
+					goto end;
+				if ((ec_params->group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL)) == NULL)
+					{
+					if (ec_params)
+						EC_KEY_free(ec_params);
+					ERR_clear_error();
+					(void)BIO_reset(in);
+					if ((xtmp=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL)
+						{	
+						BIO_printf(bio_err,"unable to load EC parameters from file\n");
+						goto end;
+						}
+
+					if ((dtmp=X509_get_pubkey(xtmp))==NULL)
+						goto end;
+					if (dtmp->type == EVP_PKEY_EC)
+						ec_params = ECParameters_dup(dtmp->pkey.eckey);
+					EVP_PKEY_free(dtmp);
+					X509_free(xtmp);
+					if (ec_params == NULL)
+						{
+						BIO_printf(bio_err,"Certificate does not contain EC parameters\n");
+						goto end;
+						}
+					}
+
+				BIO_free(in);
+				in=NULL;
+				
+				newkey = EC_GROUP_get_degree(ec_params->group);
+
+				}
+			else
+#endif
+#ifndef OPENSSL_NO_DH
 				if (strncmp("dh:",p,4) == 0)
 				{
 				pkey_type=TYPE_DH;
@@ -280,10 +384,16 @@ char **argv;
 				}
 			else
 #endif
-				pkey_type=TYPE_RSA;
+				{
+				goto bad;
+				}
 
 			newreq=1;
 			}
+		else if (strcmp(*argv,"-batch") == 0)
+			batch=1;
+		else if (strcmp(*argv,"-newhdr") == 0)
+			newhdr=1;
 		else if (strcmp(*argv,"-modulus") == 0)
 			modulus=1;
 		else if (strcmp(*argv,"-verify") == 0)
@@ -292,6 +402,22 @@ char **argv;
 			nodes=1;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
+		else if (strcmp(*argv,"-verbose") == 0)
+			verbose=1;
+		else if (strcmp(*argv,"-utf8") == 0)
+			chtype = MBSTRING_UTF8;
+		else if (strcmp(*argv,"-nameopt") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!set_name_ex(&nmflag, *(++argv))) goto bad;
+			}
+		else if (strcmp(*argv,"-reqopt") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!set_cert_ex(&reqflag, *(++argv))) goto bad;
+			}
+		else if (strcmp(*argv,"-subject") == 0)
+			subject=1;
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
 		else if (strcmp(*argv,"-x509") == 0)
@@ -300,19 +426,39 @@ char **argv;
 			kludge=1;
 		else if (strcmp(*argv,"-no-asn1-kludge") == 0)
 			kludge=0;
+		else if (strcmp(*argv,"-subj") == 0)
+			{
+			if (--argc < 1) goto bad;
+			subj= *(++argv);
+			}
 		else if (strcmp(*argv,"-days") == 0)
 			{
 			if (--argc < 1) goto bad;
 			days= atoi(*(++argv));
 			if (days == 0) days=30;
 			}
+		else if (strcmp(*argv,"-set_serial") == 0)
+			{
+			if (--argc < 1) goto bad;
+			serial = s2i_ASN1_INTEGER(NULL, *(++argv));
+			if (!serial) goto bad;
+			}
 		else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
 			{
 			/* ok */
 			digest=md_alg;
 			}
+		else if (strcmp(*argv,"-extensions") == 0)
+			{
+			if (--argc < 1) goto bad;
+			extensions = *(++argv);
+			}
+		else if (strcmp(*argv,"-reqexts") == 0)
+			{
+			if (--argc < 1) goto bad;
+			req_exts = *(++argv);
+			}
 		else
-
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
@@ -327,55 +473,76 @@ char **argv;
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options  are\n");
-		BIO_printf(bio_err," -inform arg    input format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -outform arg   output format - one of DER TXT PEM\n");
-		BIO_printf(bio_err," -in arg        inout file\n");
+		BIO_printf(bio_err," -inform arg    input format - DER or PEM\n");
+		BIO_printf(bio_err," -outform arg   output format - DER or PEM\n");
+		BIO_printf(bio_err," -in arg        input file\n");
 		BIO_printf(bio_err," -out arg       output file\n");
 		BIO_printf(bio_err," -text          text form of request\n");
+		BIO_printf(bio_err," -pubkey        output public key\n");
 		BIO_printf(bio_err," -noout         do not output REQ\n");
 		BIO_printf(bio_err," -verify        verify signature on REQ\n");
 		BIO_printf(bio_err," -modulus       RSA modulus\n");
 		BIO_printf(bio_err," -nodes         don't encrypt the output key\n");
-		BIO_printf(bio_err," -key file	use the private key contained in file\n");
+		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device\n");
+		BIO_printf(bio_err," -subject       output the request's subject\n");
+		BIO_printf(bio_err," -passin        private key password source\n");
+		BIO_printf(bio_err," -key file      use the private key contained in file\n");
 		BIO_printf(bio_err," -keyform arg   key file format\n");
 		BIO_printf(bio_err," -keyout arg    file to send the key to\n");
+		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err,"                load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err,"                the random number generator\n");
 		BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
 		BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
-
-		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2)\n");
-		BIO_printf(bio_err," -config file   request templace file.\n");
+#ifndef OPENSSL_NO_ECDSA
+		BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n");
+#endif
+		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
+		BIO_printf(bio_err," -config file   request template file.\n");
+		BIO_printf(bio_err," -subj arg      set or modify request subject\n");
 		BIO_printf(bio_err," -new           new request.\n");
+		BIO_printf(bio_err," -batch         do not ask anything during request generation\n");
 		BIO_printf(bio_err," -x509          output a x509 structure instead of a cert. req.\n");
-		BIO_printf(bio_err," -days          number of days a x509 generated by -x509 is valid for.\n");
+		BIO_printf(bio_err," -days          number of days a certificate generated by -x509 is valid for.\n");
+		BIO_printf(bio_err," -set_serial    serial number to use for a certificate generated by -x509.\n");
+		BIO_printf(bio_err," -newhdr        output \"NEW\" in the header lines\n");
 		BIO_printf(bio_err," -asn1-kludge   Output the 'request' in a format that is wrong but some CA's\n");
 		BIO_printf(bio_err,"                have been reported as requiring\n");
-		BIO_printf(bio_err,"                [ It is now always turned on but can be turned off with -no-asn1-kludge ]\n");
+		BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
+		BIO_printf(bio_err," -reqexts ..    specify request extension section (override value in config file)\n");
+		BIO_printf(bio_err," -utf8          input characters are UTF8 (default ASCII)\n");
+		BIO_printf(bio_err," -nameopt arg   - various certificate name options\n");
+		BIO_printf(bio_err," -reqopt arg    - various request text options\n\n");
 		goto end;
 		}
 
 	ERR_load_crypto_strings();
+	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+		BIO_printf(bio_err, "Error getting passwords\n");
+		goto end;
+	}
 
-#ifndef MONOLITH
+#ifndef MONOLITH /* else this has happened in openssl.c (global `config') */
 	/* Lets load up our environment a little */
-	p=getenv("SSLEAY_CONF");
+	p=getenv("OPENSSL_CONF");
 	if (p == NULL)
-		{
-		strcpy(config_name,X509_get_default_cert_area());
-		strcat(config_name,"/lib/");
-		strcat(config_name,SSLEAY_CONF);
-		p=config_name;
-		}
-        default_config_file=p;
-	config=CONF_load(config,p,NULL);
+		p=getenv("SSLEAY_CONF");
+	if (p == NULL)
+		p=to_free=make_config_name();
+	default_config_file=p;
+	config=NCONF_new(NULL);
+	i=NCONF_load(config, p, &errline);
 #endif
 
 	if (template != NULL)
 		{
-		long errline;
+		long errline = -1;
 
-		BIO_printf(bio_err,"Using configuration from %s\n",template);
-		req_conf=CONF_load(NULL,template,&errline);
-		if (req_conf == NULL)
+		if( verbose )
+			BIO_printf(bio_err,"Using configuration from %s\n",template);
+		req_conf=NCONF_new(NULL);
+		i=NCONF_load(req_conf,template,&errline);
+		if (i == 0)
 			{
 			BIO_printf(bio_err,"error on line %ld of %s\n",errline,template);
 			goto end;
@@ -384,7 +551,8 @@ bad:
 	else
 		{
 		req_conf=config;
-		BIO_printf(bio_err,"Using configuration from %s\n",
+		if( verbose )
+			BIO_printf(bio_err,"Using configuration from %s\n",
 			default_config_file);
 		if (req_conf == NULL)
 			{
@@ -394,7 +562,11 @@ bad:
 
 	if (req_conf != NULL)
 		{
-		p=CONF_get_string(req_conf,NULL,"oid_file");
+		if (!load_config(bio_err, req_conf))
+			goto end;
+		p=NCONF_get_string(req_conf,NULL,"oid_file");
+		if (p == NULL)
+			ERR_clear_error();
 		if (p != NULL)
 			{
 			BIO *oid_bio;
@@ -414,95 +586,155 @@ bad:
 				}
 			}
 		}
+	if(!add_oid_section(bio_err, req_conf)) goto end;
 
-	if ((md_alg == NULL) &&
-		((p=CONF_get_string(req_conf,SECTION,"default_md")) != NULL))
+	if (md_alg == NULL)
 		{
-		if ((md_alg=EVP_get_digestbyname(p)) != NULL)
-			digest=md_alg;
+		p=NCONF_get_string(req_conf,SECTION,"default_md");
+		if (p == NULL)
+			ERR_clear_error();
+		if (p != NULL)
+			{
+			if ((md_alg=EVP_get_digestbyname(p)) != NULL)
+				digest=md_alg;
+			}
+		}
+
+	if (!extensions)
+		{
+		extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
+		if (!extensions)
+			ERR_clear_error();
+		}
+	if (extensions) {
+		/* Check syntax of file */
+		X509V3_CTX ctx;
+		X509V3_set_ctx_test(&ctx);
+		X509V3_set_nconf(&ctx, req_conf);
+		if(!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
+			BIO_printf(bio_err,
+			 "Error Loading extension section %s\n", extensions);
+			goto end;
+		}
+	}
+
+	if(!passin)
+		{
+		passin = NCONF_get_string(req_conf, SECTION, "input_password");
+		if (!passin)
+			ERR_clear_error();
+		}
+	
+	if(!passout)
+		{
+		passout = NCONF_get_string(req_conf, SECTION, "output_password");
+		if (!passout)
+			ERR_clear_error();
+		}
+
+	p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
+	if (!p)
+		ERR_clear_error();
+
+	if(p && !ASN1_STRING_set_default_mask_asc(p)) {
+		BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
+		goto end;
+	}
+
+	if (chtype != MBSTRING_UTF8)
+		{
+		p = NCONF_get_string(req_conf, SECTION, UTF8_IN);
+		if (!p)
+			ERR_clear_error();
+		else if (!strcmp(p, "yes"))
+			chtype = MBSTRING_UTF8;
 		}
 
+
+	if(!req_exts)
+		{
+		req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
+		if (!req_exts)
+			ERR_clear_error();
+		}
+	if(req_exts) {
+		/* Check syntax of file */
+		X509V3_CTX ctx;
+		X509V3_set_ctx_test(&ctx);
+		X509V3_set_nconf(&ctx, req_conf);
+		if(!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
+			BIO_printf(bio_err,
+			 "Error Loading request extension section %s\n",
+								req_exts);
+			goto end;
+		}
+	}
+
 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
 	if ((in == NULL) || (out == NULL))
 		goto end;
 
+        e = setup_engine(bio_err, engine, 0);
+
 	if (keyfile != NULL)
 		{
-		if (BIO_read_filename(in,keyfile) <= 0)
-			{
-			perror(keyfile);
-			goto end;
-			}
-
-/*		if (keyform == FORMAT_ASN1)
-			rsa=d2i_RSAPrivateKey_bio(in,NULL);
-		else */
-		if (keyform == FORMAT_PEM)
-			pkey=PEM_read_bio_PrivateKey(in,NULL,NULL);
-		else
+		pkey = load_key(bio_err, keyfile, keyform, 0, passin, e,
+			"Private Key");
+		if (!pkey)
 			{
-			BIO_printf(bio_err,"bad input format specified for X509 request\n");
+			/* load_key() has already printed an appropriate
+			   message */
 			goto end;
 			}
-
-		if (pkey == NULL)
+		if (EVP_PKEY_type(pkey->type) == EVP_PKEY_DSA || 
+			EVP_PKEY_type(pkey->type) == EVP_PKEY_EC)
 			{
-			BIO_printf(bio_err,"unable to load Private key\n");
-			goto end;
+			char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
+			if (randfile == NULL)
+				ERR_clear_error();
+			app_RAND_load_file(randfile, bio_err, 0);
 			}
 		}
 
 	if (newreq && (pkey == NULL))
 		{
-		char *randfile;
-		char buffer[200];
-
-		if ((randfile=CONF_get_string(req_conf,SECTION,"RANDFILE")) == NULL)
-			randfile=RAND_file_name(buffer,200);
-#ifdef WINDOWS
-		BIO_printf(bio_err,"Loading 'screen' into random state -");
-		BIO_flush(bio_err);
-		RAND_screen();
-		BIO_printf(bio_err," done\n");
-#endif
-		if ((randfile == NULL) || !RAND_load_file(randfile,1024L*1024L))
-			{
-			BIO_printf(bio_err,"unable to load 'random state'\n");
-			BIO_printf(bio_err,"What this means is that the random number generator has not been seeded\n");
-			BIO_printf(bio_err,"with much random data.\n");
-			BIO_printf(bio_err,"Consider setting the RANDFILE environment variable to point at a file that\n");
-			BIO_printf(bio_err,"'random' data can be kept in.\n");
-			}
+		char *randfile = NCONF_get_string(req_conf,SECTION,"RANDFILE");
+		if (randfile == NULL)
+			ERR_clear_error();
+		app_RAND_load_file(randfile, bio_err, 0);
+		if (inrand)
+			app_RAND_load_files(inrand);
+	
 		if (newkey <= 0)
 			{
-			newkey=(int)CONF_get_number(req_conf,SECTION,BITS);
-			if (newkey <= 0)
+			if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
 				newkey=DEFAULT_KEY_LENGTH;
 			}
 
-		if (newkey < MIN_KEY_LENGTH)
+		if (newkey < MIN_KEY_LENGTH && (pkey_type == TYPE_RSA || pkey_type == TYPE_DSA))
 			{
 			BIO_printf(bio_err,"private key length is too short,\n");
 			BIO_printf(bio_err,"it needs to be at least %d bits, not %d\n",MIN_KEY_LENGTH,newkey);
 			goto end;
 			}
 		BIO_printf(bio_err,"Generating a %d bit %s private key\n",
-			newkey,(pkey_type == TYPE_RSA)?"RSA":"DSA");
+			newkey,(pkey_type == TYPE_RSA)?"RSA":
+			(pkey_type == TYPE_DSA)?"DSA":"EC");
 
 		if ((pkey=EVP_PKEY_new()) == NULL) goto end;
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		if (pkey_type == TYPE_RSA)
 			{
 			if (!EVP_PKEY_assign_RSA(pkey,
 				RSA_generate_key(newkey,0x10001,
-					req_cb,(char *)bio_err)))
+					req_cb,bio_err)))
 				goto end;
 			}
 		else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 			if (pkey_type == TYPE_DSA)
 			{
 			if (!DSA_generate_key(dsa_params)) goto end;
@@ -510,19 +742,37 @@ bad:
 			dsa_params=NULL;
 			}
 #endif
+#ifndef OPENSSL_NO_ECDSA
+			if (pkey_type == TYPE_EC)
+			{
+			if (!EC_KEY_generate_key(ec_params)) goto end;
+			if (!EVP_PKEY_assign_EC_KEY(pkey, ec_params)) 
+				goto end;
+			ec_params = NULL;
+			}
+#endif
 
-		if ((randfile == NULL) || (RAND_write_file(randfile) == 0))
-			BIO_printf(bio_err,"unable to write 'random state'\n");
+		app_RAND_write_file(randfile, bio_err);
 
 		if (pkey == NULL) goto end;
 
 		if (keyout == NULL)
-			keyout=CONF_get_string(req_conf,SECTION,KEYFILE);
-
+			{
+			keyout=NCONF_get_string(req_conf,SECTION,KEYFILE);
+			if (keyout == NULL)
+				ERR_clear_error();
+			}
+		
 		if (keyout == NULL)
 			{
 			BIO_printf(bio_err,"writing new private key to stdout\n");
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+			{
+			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+			out = BIO_push(tmpbio, out);
+			}
+#endif
 			}
 		else
 			{
@@ -534,9 +784,14 @@ bad:
 				}
 			}
 
-		p=CONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
+		p=NCONF_get_string(req_conf,SECTION,"encrypt_rsa_key");
 		if (p == NULL)
-			p=CONF_get_string(req_conf,SECTION,"encrypt_key");
+			{
+			ERR_clear_error();
+			p=NCONF_get_string(req_conf,SECTION,"encrypt_key");
+			if (p == NULL)
+				ERR_clear_error();
+			}
 		if ((p != NULL) && (strcmp(p,"no") == 0))
 			cipher=NULL;
 		if (nodes) cipher=NULL;
@@ -544,7 +799,7 @@ bad:
 		i=0;
 loop:
 		if (!PEM_write_bio_PrivateKey(out,pkey,cipher,
-			NULL,0,NULL))
+			NULL,0,NULL,passout))
 			{
 			if ((ERR_GET_REASON(ERR_peek_error()) ==
 				PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))
@@ -578,7 +833,7 @@ loop:
 		if	(informat == FORMAT_ASN1)
 			req=d2i_X509_REQ_bio(in,NULL);
 		else if (informat == FORMAT_PEM)
-			req=PEM_read_bio_X509_REQ(in,NULL,NULL);
+			req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
 		else
 			{
 			BIO_printf(bio_err,"bad input format specified for X509 request\n");
@@ -593,16 +848,19 @@ loop:
 
 	if (newreq || x509)
 		{
-#ifndef NO_DSA
-		if (pkey->type == EVP_PKEY_DSA)
-			digest=EVP_dss1();
-#endif
-
 		if (pkey == NULL)
 			{
 			BIO_printf(bio_err,"you need to specify a private key\n");
 			goto end;
 			}
+#ifndef OPENSSL_NO_DSA
+		if (pkey->type == EVP_PKEY_DSA)
+			digest=EVP_dss1();
+#endif
+#ifndef OPENSSL_NO_ECDSA
+		if (pkey->type == EVP_PKEY_EC)
+			digest=EVP_ecdsa();
+#endif
 		if (req == NULL)
 			{
 			req=X509_REQ_new();
@@ -611,9 +869,13 @@ loop:
 				goto end;
 				}
 
-			i=make_REQ(req,pkey,!x509);
-			if (kludge >= 0)
-				req->req_info->req_kludge=kludge;
+			i=make_REQ(req,pkey,subj,!x509, chtype);
+			subj=NULL; /* done processing '-subj' option */
+			if ((kludge > 0) && !sk_X509_ATTRIBUTE_num(req->req_info->attributes))
+				{
+				sk_X509_ATTRIBUTE_free(req->req_info->attributes);
+				req->req_info->attributes = NULL;
+				}
 			if (!i)
 				{
 				BIO_printf(bio_err,"problems making Certificate Request\n");
@@ -622,33 +884,99 @@ loop:
 			}
 		if (x509)
 			{
+			EVP_PKEY *tmppkey;
+			X509V3_CTX ext_ctx;
 			if ((x509ss=X509_new()) == NULL) goto end;
 
-			/* don't set the version number, for starters
-			 * the field is null and second, null is v0 
-			 * if (!ASN1_INTEGER_set(ci->version,0L)) goto end;
-			 */
-			ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);
+			/* Set version to V3 */
+			if(!X509_set_version(x509ss, 2)) goto end;
+			if (serial)
+				{
+				if (!X509_set_serialNumber(x509ss, serial)) goto end;
+				}
+			else
+				{
+				if (!ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L)) goto end;
+				}
+
+			if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
+			if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end;
+			if (!X509_gmtime_adj(X509_get_notAfter(x509ss), (long)60*60*24*days)) goto end;
+			if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
+			tmppkey = X509_REQ_get_pubkey(req);
+			if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto end;
+			EVP_PKEY_free(tmppkey);
 
-			X509_set_issuer_name(x509ss,
-				X509_REQ_get_subject_name(req));
-			X509_gmtime_adj(X509_get_notBefore(x509ss),0);
-			X509_gmtime_adj(X509_get_notAfter(x509ss),
-				(long)60*60*24*days);
-			X509_set_subject_name(x509ss,
-				X509_REQ_get_subject_name(req));
-			X509_set_pubkey(x509ss,X509_REQ_get_pubkey(req));
+			/* Set up V3 context struct */
 
+			X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
+			X509V3_set_nconf(&ext_ctx, req_conf);
+
+			/* Add extensions */
+			if(extensions && !X509V3_EXT_add_nconf(req_conf, 
+				 	&ext_ctx, extensions, x509ss))
+				{
+				BIO_printf(bio_err,
+					"Error Loading extension section %s\n",
+					extensions);
+				goto end;
+				}
+			
 			if (!(i=X509_sign(x509ss,pkey,digest)))
 				goto end;
 			}
 		else
 			{
+			X509V3_CTX ext_ctx;
+
+			/* Set up V3 context struct */
+
+			X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);
+			X509V3_set_nconf(&ext_ctx, req_conf);
+
+			/* Add extensions */
+			if(req_exts && !X509V3_EXT_REQ_add_nconf(req_conf, 
+				 	&ext_ctx, req_exts, req))
+				{
+				BIO_printf(bio_err,
+					"Error Loading extension section %s\n",
+					req_exts);
+				goto end;
+				}
 			if (!(i=X509_REQ_sign(req,pkey,digest)))
 				goto end;
 			}
 		}
 
+	if (subj && x509)
+		{
+		BIO_printf(bio_err, "Cannot modifiy certificate subject\n");
+		goto end;
+		}
+
+	if (subj && !x509)
+		{
+		if (verbose)
+			{
+			BIO_printf(bio_err, "Modifying Request's Subject\n");
+			print_name(bio_err, "old subject=", X509_REQ_get_subject_name(req), nmflag);
+			}
+
+		if (build_subject(req, subj, chtype) == 0)
+			{
+			BIO_printf(bio_err, "ERROR: cannot modify subject\n");
+			ex=1;
+			goto end;
+			}
+
+		req->req_info->enc.modified = 1;
+
+		if (verbose)
+			{
+			print_name(bio_err, "new subject=", X509_REQ_get_subject_name(req), nmflag);
+			}
+		}
+
 	if (verify && !x509)
 		{
 		int tmp=0;
@@ -661,7 +989,10 @@ loop:
 			}
 
 		i=X509_REQ_verify(req,pkey);
-		if (tmp) pkey=NULL;
+		if (tmp) {
+			EVP_PKEY_free(pkey);
+			pkey=NULL;
+		}
 
 		if (i < 0)
 			{
@@ -670,19 +1001,28 @@ loop:
 		else if (i == 0)
 			{
 			BIO_printf(bio_err,"verify failure\n");
+			ERR_print_errors(bio_err);
 			}
 		else /* if (i > 0) */
 			BIO_printf(bio_err,"verify OK\n");
 		}
 
-	if (noout && !text && !modulus)
+	if (noout && !text && !modulus && !subject && !pubkey)
 		{
 		ex=0;
 		goto end;
 		}
 
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if ((keyout != NULL) && (strcmp(outfile,keyout) == 0))
@@ -696,32 +1036,57 @@ loop:
 			}
 		}
 
+	if (pubkey)
+		{
+		EVP_PKEY *tpubkey; 
+		tpubkey=X509_REQ_get_pubkey(req);
+		if (tpubkey == NULL)
+			{
+			BIO_printf(bio_err,"Error getting public key\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		PEM_write_bio_PUBKEY(out, tpubkey);
+		EVP_PKEY_free(tpubkey);
+		}
+
 	if (text)
 		{
 		if (x509)
-			X509_print(out,x509ss);
+			X509_print_ex(out, x509ss, nmflag, reqflag);
 		else	
-			X509_REQ_print(out,req);
+			X509_REQ_print_ex(out, req, nmflag, reqflag);
+		}
+
+	if(subject) 
+		{
+		if(x509)
+			print_name(out, "subject=", X509_get_subject_name(x509ss), nmflag);
+		else
+			print_name(out, "subject=", X509_REQ_get_subject_name(req), nmflag);
 		}
 
 	if (modulus)
 		{
-		EVP_PKEY *pubkey;
+		EVP_PKEY *tpubkey;
 
 		if (x509)
-			pubkey=X509_get_pubkey(x509ss);
+			tpubkey=X509_get_pubkey(x509ss);
 		else
-			pubkey=X509_REQ_get_pubkey(req);
-		if (pubkey == NULL)
+			tpubkey=X509_REQ_get_pubkey(req);
+		if (tpubkey == NULL)
 			{
 			fprintf(stdout,"Modulus=unavailable\n");
 			goto end; 
 			}
 		fprintf(stdout,"Modulus=");
-		if (pubkey->type == EVP_PKEY_RSA)
-			BN_print(out,pubkey->pkey.rsa->n);
+#ifndef OPENSSL_NO_RSA
+		if (tpubkey->type == EVP_PKEY_RSA)
+			BN_print(out,tpubkey->pkey.rsa->n);
 		else
+#endif
 			fprintf(stdout,"Wrong Algorithm type");
+		EVP_PKEY_free(tpubkey);
 		fprintf(stdout,"\n");
 		}
 
@@ -729,9 +1094,10 @@ loop:
 		{
 		if 	(outformat == FORMAT_ASN1)
 			i=i2d_X509_REQ_bio(out,req);
-		else if (outformat == FORMAT_PEM)
-			i=PEM_write_bio_X509_REQ(out,req);
-		else	{
+		else if (outformat == FORMAT_PEM) {
+			if(newhdr) i=PEM_write_bio_X509_REQ_NEW(out,req);
+			else i=PEM_write_bio_X509_REQ(out,req);
+		} else {
 			BIO_printf(bio_err,"bad output format specified for outfile\n");
 			goto end;
 			}
@@ -759,150 +1125,213 @@ loop:
 		}
 	ex=0;
 end:
+#ifndef MONOLITH
+	if(to_free)
+		OPENSSL_free(to_free);
+#endif
 	if (ex)
 		{
 		ERR_print_errors(bio_err);
 		}
-	if ((req_conf != NULL) && (req_conf != config)) CONF_free(req_conf);
-	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free(out);
-	if (pkey != NULL) EVP_PKEY_free(pkey);
-	if (req != NULL) X509_REQ_free(req);
-	if (x509ss != NULL) X509_free(x509ss);
-#ifndef NO_DSA
+	if ((req_conf != NULL) && (req_conf != config)) NCONF_free(req_conf);
+	BIO_free(in);
+	BIO_free_all(out);
+	EVP_PKEY_free(pkey);
+	X509_REQ_free(req);
+	X509_free(x509ss);
+	ASN1_INTEGER_free(serial);
+	if(passargin && passin) OPENSSL_free(passin);
+	if(passargout && passout) OPENSSL_free(passout);
+	OBJ_cleanup();
+#ifndef OPENSSL_NO_DSA
 	if (dsa_params != NULL) DSA_free(dsa_params);
 #endif
-	EXIT(ex);
+#ifndef OPENSSL_NO_ECDSA
+	if (ec_params != NULL) EC_KEY_free(ec_params);
+#endif
+	apps_shutdown();
+	OPENSSL_EXIT(ex);
 	}
 
-static int make_REQ(req,pkey,attribs)
-X509_REQ *req;
-EVP_PKEY *pkey;
-int attribs;
+static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int attribs,
+			unsigned long chtype)
 	{
-	int ret=0,i,j;
-	unsigned char *p,*q;
-	X509_REQ_INFO *ri;
-	char buf[100];
-	int nid,min,max;
-	char *type,*def,*tmp,*value,*tmp_attr;
-	STACK *sk,*attr=NULL;
-	CONF_VALUE *v;
-	
-	tmp=CONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
+	int ret=0,i;
+	char no_prompt = 0;
+	STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
+	char *tmp, *dn_sect,*attr_sect;
+
+	tmp=NCONF_get_string(req_conf,SECTION,PROMPT);
 	if (tmp == NULL)
+		ERR_clear_error();
+	if((tmp != NULL) && !strcmp(tmp, "no")) no_prompt = 1;
+
+	dn_sect=NCONF_get_string(req_conf,SECTION,DISTINGUISHED_NAME);
+	if (dn_sect == NULL)
 		{
 		BIO_printf(bio_err,"unable to find '%s' in config\n",
 			DISTINGUISHED_NAME);
 		goto err;
 		}
-	sk=CONF_get_section(req_conf,tmp);
-	if (sk == NULL)
+	dn_sk=NCONF_get_section(req_conf,dn_sect);
+	if (dn_sk == NULL)
 		{
-		BIO_printf(bio_err,"unable to get '%s' section\n",tmp);
+		BIO_printf(bio_err,"unable to get '%s' section\n",dn_sect);
 		goto err;
 		}
 
-	tmp_attr=CONF_get_string(req_conf,SECTION,ATTRIBUTES);
-	if (tmp_attr == NULL)
-		attr=NULL;
+	attr_sect=NCONF_get_string(req_conf,SECTION,ATTRIBUTES);
+	if (attr_sect == NULL)
+		{
+		ERR_clear_error();		
+		attr_sk=NULL;
+		}
 	else
 		{
-		attr=CONF_get_section(req_conf,tmp_attr);
-		if (attr == NULL)
+		attr_sk=NCONF_get_section(req_conf,attr_sect);
+		if (attr_sk == NULL)
 			{
-			BIO_printf(bio_err,"unable to get '%s' section\n",tmp_attr);
+			BIO_printf(bio_err,"unable to get '%s' section\n",attr_sect);
 			goto err;
 			}
 		}
 
-	ri=req->req_info;
+	/* setup version number */
+	if (!X509_REQ_set_version(req,0L)) goto err; /* version 1 */
 
-	BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
-	BIO_printf(bio_err,"into your certificate request.\n");
-	BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
-	BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
-	BIO_printf(bio_err,"For some fields there will be a default value,\n");
-	BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
-	BIO_printf(bio_err,"-----\n");
+	if (no_prompt) 
+		i = auto_info(req, dn_sk, attr_sk, attribs, chtype);
+	else 
+		{
+		if (subj)
+			i = build_subject(req, subj, chtype);
+		else
+			i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs, chtype);
+		}
+	if(!i) goto err;
 
-	/* setup version number */
-	if (!ASN1_INTEGER_set(ri->version,0L)) goto err; /* version 1 */
+	if (!X509_REQ_set_pubkey(req,pkey)) goto err;
+
+	ret=1;
+err:
+	return(ret);
+	}
+
+/*
+ * subject is expected to be in the format /type0=value0/type1=value1/type2=...
+ * where characters may be escaped by \
+ */
+static int build_subject(X509_REQ *req, char *subject, unsigned long chtype)
+	{
+	X509_NAME *n;
+
+	if (!(n = do_subject(subject, chtype)))
+		return 0;
 
-	if (sk_num(sk))
+	if (!X509_REQ_set_subject_name(req, n))
+		{
+		X509_NAME_free(n);
+		return 0;
+		}
+	X509_NAME_free(n);
+	return 1;
+}
+
+
+static int prompt_info(X509_REQ *req,
+		STACK_OF(CONF_VALUE) *dn_sk, char *dn_sect,
+		STACK_OF(CONF_VALUE) *attr_sk, char *attr_sect, int attribs,
+		unsigned long chtype)
+	{
+	int i;
+	char *p,*q;
+	char buf[100];
+	int nid;
+	long n_min,n_max;
+	char *type,*def,*value;
+	CONF_VALUE *v;
+	X509_NAME *subj;
+	subj = X509_REQ_get_subject_name(req);
+
+	if(!batch)
+		{
+		BIO_printf(bio_err,"You are about to be asked to enter information that will be incorporated\n");
+		BIO_printf(bio_err,"into your certificate request.\n");
+		BIO_printf(bio_err,"What you are about to enter is what is called a Distinguished Name or a DN.\n");
+		BIO_printf(bio_err,"There are quite a few fields but you can leave some blank\n");
+		BIO_printf(bio_err,"For some fields there will be a default value,\n");
+		BIO_printf(bio_err,"If you enter '.', the field will be left blank.\n");
+		BIO_printf(bio_err,"-----\n");
+		}
+
+
+	if (sk_CONF_VALUE_num(dn_sk))
 		{
 		i= -1;
 start:		for (;;)
 			{
 			i++;
-			if ((int)sk_num(sk) <= i) break;
+			if (sk_CONF_VALUE_num(dn_sk) <= i) break;
 
-			v=(CONF_VALUE *)sk_value(sk,i);
+			v=sk_CONF_VALUE_value(dn_sk,i);
 			p=q=NULL;
 			type=v->name;
-			/* Allow for raw OIDs */
-			/* [n.mm.ooo.ppp] */
-			for (j=0; type[j] != '\0'; j++)
-				{
-				if (	(type[j] == ':') ||
-					(type[j] == ',') ||
-					(type[j] == '.'))
-					p=(unsigned char *)&(type[j+1]);
-				if (type[j] == '[')
-					{
-					p=(unsigned char *)&(type[j+1]);
-					for (j++; type[j] != '\0'; j++)
-						if (type[j] == ']')
-							{
-							q=(unsigned char *)&(type[j]);
-							break;
-							}
+			if(!check_end(type,"_min") || !check_end(type,"_max") ||
+				!check_end(type,"_default") ||
+					 !check_end(type,"_value")) continue;
+			/* Skip past any leading X. X: X, etc to allow for
+			 * multiple instances 
+			 */
+			for(p = v->name; *p ; p++) 
+				if ((*p == ':') || (*p == ',') ||
+							 (*p == '.')) {
+					p++;
+					if(*p) type = p;
 					break;
-					}
-				}
-			if (p != NULL)
-				type=(char *)p;
-			if ((nid=OBJ_txt2nid(type)) == NID_undef)
-				{
-				/* Add a new one if possible */
-				if ((p != NULL) && (q != NULL) && (*q == ']'))
-					{
-					*q='\0';
-					nid=OBJ_create((char *)p,NULL,NULL);
-					*q=']';
-					if (nid == NID_undef) goto start;
-					}
-				else
-					goto start;
 				}
+			/* If OBJ not recognised ignore it */
+			if ((nid=OBJ_txt2nid(type)) == NID_undef) goto start;
+
+			if(strlen(v->name) > sizeof buf-9)
+			   {
+			   BIO_printf(bio_err,"Name '%s' too long\n",v->name);
+			   return 0;
+			   }
 
 			sprintf(buf,"%s_default",v->name);
-			if ((def=CONF_get_string(req_conf,tmp,buf)) == NULL)
+			if ((def=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
+				{
+				ERR_clear_error();
 				def="";
-				
+				}
 			sprintf(buf,"%s_value",v->name);
-			if ((value=CONF_get_string(req_conf,tmp,buf)) == NULL)
+			if ((value=NCONF_get_string(req_conf,dn_sect,buf)) == NULL)
+				{
+				ERR_clear_error();
 				value=NULL;
+				}
 
 			sprintf(buf,"%s_min",v->name);
-			min=(int)CONF_get_number(req_conf,tmp,buf);
+			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
+				n_min = -1;
 
 			sprintf(buf,"%s_max",v->name);
-			max=(int)CONF_get_number(req_conf,tmp,buf);
+			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
+				n_max = -1;
 
-			if (!add_DN_object(ri->subject,v->value,def,value,nid,
-				min,max))
-				goto err;
+			if (!add_DN_object(subj,v->value,def,value,nid,
+				n_min,n_max, chtype))
+				return 0;
 			}
-		if (sk_num(ri->subject->entries) == 0)
+		if (X509_NAME_entry_count(subj) == 0)
 			{
 			BIO_printf(bio_err,"error, no objects specified in config file\n");
-			goto err;
+			return 0;
 			}
 
 		if (attribs)
 			{
-			if ((attr != NULL) && (sk_num(attr) > 0))
+			if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0) && (!batch))
 				{
 				BIO_printf(bio_err,"\nPlease enter the following 'extra' attributes\n");
 				BIO_printf(bio_err,"to be sent with your certificate request\n");
@@ -912,66 +1341,125 @@ start:		for (;;)
 start2:			for (;;)
 				{
 				i++;
-				if ((attr == NULL) || ((int)sk_num(attr) <= i))
+				if ((attr_sk == NULL) ||
+					    (sk_CONF_VALUE_num(attr_sk) <= i))
 					break;
 
-				v=(CONF_VALUE *)sk_value(attr,i);
+				v=sk_CONF_VALUE_value(attr_sk,i);
 				type=v->name;
 				if ((nid=OBJ_txt2nid(type)) == NID_undef)
 					goto start2;
 
+				if(strlen(v->name) > sizeof buf-9)
+				   {
+				   BIO_printf(bio_err,"Name '%s' too long\n",v->name);
+				   return 0;
+				   }
+
 				sprintf(buf,"%s_default",type);
-				if ((def=CONF_get_string(req_conf,tmp_attr,buf))
+				if ((def=NCONF_get_string(req_conf,attr_sect,buf))
 					== NULL)
+					{
+					ERR_clear_error();
 					def="";
+					}
+				
 				
 				sprintf(buf,"%s_value",type);
-				if ((value=CONF_get_string(req_conf,tmp_attr,buf))
+				if ((value=NCONF_get_string(req_conf,attr_sect,buf))
 					== NULL)
+					{
+					ERR_clear_error();
 					value=NULL;
+					}
 
 				sprintf(buf,"%s_min",type);
-				min=(int)CONF_get_number(req_conf,tmp_attr,buf);
+				if (!NCONF_get_number(req_conf,attr_sect,buf, &n_min))
+					n_min = -1;
 
 				sprintf(buf,"%s_max",type);
-				max=(int)CONF_get_number(req_conf,tmp_attr,buf);
+				if (!NCONF_get_number(req_conf,attr_sect,buf, &n_max))
+					n_max = -1;
 
-				if (!add_attribute_object(ri->attributes,
-					v->value,def,value,nid,min,max))
-					goto err;
+				if (!add_attribute_object(req,
+					v->value,def,value,nid,n_min,n_max, chtype))
+					return 0;
 				}
 			}
 		}
 	else
 		{
 		BIO_printf(bio_err,"No template, please set one up.\n");
-		goto err;
+		return 0;
 		}
 
-	X509_REQ_set_pubkey(req,pkey);
+	return 1;
 
-	ret=1;
-err:
-	return(ret);
 	}
 
-static int add_DN_object(n,text,def,value,nid,min,max)
-X509_NAME *n;
-char *text;
-char *def;
-char *value;
-int nid;
-int min;
-int max;
+static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
+			STACK_OF(CONF_VALUE) *attr_sk, int attribs, unsigned long chtype)
 	{
-	int i,j,ret=0;
-	X509_NAME_ENTRY *ne=NULL;
-	MS_STATIC char buf[1024];
+	int i;
+	char *p,*q;
+	char *type;
+	CONF_VALUE *v;
+	X509_NAME *subj;
 
-	BIO_printf(bio_err,"%s [%s]:",text,def);
-	BIO_flush(bio_err);
-	if (value != NULL)
+	subj = X509_REQ_get_subject_name(req);
+
+	for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)
 		{
+		v=sk_CONF_VALUE_value(dn_sk,i);
+		p=q=NULL;
+		type=v->name;
+		/* Skip past any leading X. X: X, etc to allow for
+		 * multiple instances 
+		 */
+		for(p = v->name; *p ; p++) 
+#ifndef CHARSET_EBCDIC
+			if ((*p == ':') || (*p == ',') || (*p == '.')) {
+#else
+			if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.'])) {
+#endif
+				p++;
+				if(*p) type = p;
+				break;
+			}
+		if (!X509_NAME_add_entry_by_txt(subj,type, chtype,
+				(unsigned char *) v->value,-1,-1,0)) return 0;
+
+		}
+
+		if (!X509_NAME_entry_count(subj))
+			{
+			BIO_printf(bio_err,"error, no objects specified in config file\n");
+			return 0;
+			}
+		if (attribs)
+			{
+			for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++)
+				{
+				v=sk_CONF_VALUE_value(attr_sk,i);
+				if(!X509_REQ_add1_attr_by_txt(req, v->name, chtype,
+					(unsigned char *)v->value, -1)) return 0;
+				}
+			}
+	return 1;
+	}
+
+
+static int add_DN_object(X509_NAME *n, char *text, char *def, char *value,
+	     int nid, int n_min, int n_max, unsigned long chtype)
+	{
+	int i,ret=0;
+	MS_STATIC char buf[1024];
+start:
+	if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
+	(void)BIO_flush(bio_err);
+	if(value != NULL)
+		{
+		OPENSSL_assert(strlen(value) < sizeof buf-2);
 		strcpy(buf,value);
 		strcat(buf,"\n");
 		BIO_printf(bio_err,"%s\n",value);
@@ -979,7 +1467,15 @@ int max;
 	else
 		{
 		buf[0]='\0';
-		fgets(buf,1024,stdin);
+		if (!batch)
+			{
+			fgets(buf,sizeof buf,stdin);
+			}
+		else
+			{
+			buf[0] = '\n';
+			buf[1] = '\0';
+			}
 		}
 
 	if (buf[0] == '\0') return(0);
@@ -999,42 +1495,30 @@ int max;
 		return(0);
 		}
 	buf[--i]='\0';
-
-	j=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
-	if (req_fix_data(nid,&j,i,min,max) == 0)
-		goto err;
-	if ((ne=X509_NAME_ENTRY_create_by_NID(NULL,nid,j,(unsigned char *)buf,
-		strlen(buf)))
-		== NULL) goto err;
-	if (!X509_NAME_add_entry(n,ne,X509_NAME_entry_count(n),0))
-		goto err;
-
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(buf, buf, i);
+#endif
+	if(!req_check_len(i, n_min, n_max)) goto start;
+	if (!X509_NAME_add_entry_by_NID(n,nid, chtype,
+				(unsigned char *) buf, -1,-1,0)) goto err;
 	ret=1;
 err:
-	if (ne != NULL) X509_NAME_ENTRY_free(ne);
 	return(ret);
 	}
 
-static int add_attribute_object(n,text,def,value,nid,min,max)
-STACK *n;
-char *text;
-char *def;
-char *value;
-int nid;
-int min;
-int max;
+static int add_attribute_object(X509_REQ *req, char *text,
+				char *def, char *value, int nid, int n_min,
+				int n_max, unsigned long chtype)
 	{
-	int i,z;
-	X509_ATTRIBUTE *xa=NULL;
+	int i;
 	static char buf[1024];
-	ASN1_BIT_STRING *bs=NULL;
-	ASN1_TYPE *at=NULL;
 
 start:
-	BIO_printf(bio_err,"%s [%s]:",text,def);
-	BIO_flush(bio_err);
+	if (!batch) BIO_printf(bio_err,"%s [%s]:",text,def);
+	(void)BIO_flush(bio_err);
 	if (value != NULL)
 		{
+		OPENSSL_assert(strlen(value) < sizeof buf-2);
 		strcpy(buf,value);
 		strcat(buf,"\n");
 		BIO_printf(bio_err,"%s\n",value);
@@ -1042,7 +1526,15 @@ start:
 	else
 		{
 		buf[0]='\0';
-		fgets(buf,1024,stdin);
+		if (!batch)
+			{
+			fgets(buf,sizeof buf,stdin);
+			}
+		else
+			{
+			buf[0] = '\n';
+			buf[1] = '\0';
+			}
 		}
 
 	if (buf[0] == '\0') return(0);
@@ -1062,54 +1554,25 @@ start:
 		return(0);
 		}
 	buf[--i]='\0';
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(buf, buf, i);
+#endif
+	if(!req_check_len(i, n_min, n_max)) goto start;
 
-	/* add object plus value */
-	if ((xa=X509_ATTRIBUTE_new()) == NULL)
-		goto err;
-	if ((xa->value.set=sk_new_null()) == NULL)
+	if(!X509_REQ_add1_attr_by_NID(req, nid, chtype,
+					(unsigned char *)buf, -1)) {
+		BIO_printf(bio_err, "Error adding attribute\n");
+		ERR_print_errors(bio_err);
 		goto err;
-	xa->set=1;
-
-	if (xa->object != NULL) ASN1_OBJECT_free(xa->object);
-	xa->object=OBJ_nid2obj(nid);
-
-	if ((bs=ASN1_BIT_STRING_new()) == NULL) goto err;
-
-	bs->type=ASN1_PRINTABLE_type((unsigned char *)buf,-1);
-
-	z=req_fix_data(nid,&bs->type,i,min,max);
-	if (z == 0)
-		{
-		if (value == NULL)
-			goto start;
-		else	goto err;
-		}
-
-	if (!ASN1_STRING_set(bs,(unsigned char *)buf,i+1))
-		{ BIO_printf(bio_err,"Malloc failure\n"); goto err; }
-
-	if ((at=ASN1_TYPE_new()) == NULL)
-		{ BIO_printf(bio_err,"Malloc failure\n"); goto err; }
-
-	ASN1_TYPE_set(at,bs->type,(char *)bs);
-	sk_push(xa->value.set,(char *)at);
-	bs=NULL;
-	at=NULL;
-	/* only one item per attribute */
+	}
 
-	if (!sk_push(n,(char *)xa)) goto err;
 	return(1);
 err:
-	if (xa != NULL) X509_ATTRIBUTE_free(xa);
-	if (at != NULL) ASN1_TYPE_free(at);
-	if (bs != NULL) ASN1_BIT_STRING_free(bs);
 	return(0);
 	}
 
-static void MS_CALLBACK req_cb(p,n,arg)
-int p;
-int n;
-char *arg;
+#ifndef OPENSSL_NO_RSA
+static void MS_CALLBACK req_cb(int p, int n, void *arg)
 	{
 	char c='*';
 
@@ -1118,43 +1581,36 @@ char *arg;
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
 	BIO_write((BIO *)arg,&c,1);
-	BIO_flush((BIO *)arg);
+	(void)BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
 	}
+#endif
 
-static int req_fix_data(nid,type,len,min,max)
-int nid;
-int *type;
-int len,min,max;
+static int req_check_len(int len, int n_min, int n_max)
 	{
-	if (nid == NID_pkcs9_emailAddress)
-		*type=V_ASN1_IA5STRING;
-	if ((nid == NID_commonName) && (*type == V_ASN1_IA5STRING))
-		*type=V_ASN1_T61STRING;
-	if ((nid == NID_pkcs9_challengePassword) &&
-		(*type == V_ASN1_IA5STRING))
-		*type=V_ASN1_T61STRING;
-
-	if ((nid == NID_pkcs9_unstructuredName) &&
-		(*type == V_ASN1_T61STRING))
+	if ((n_min > 0) && (len < n_min))
 		{
-		BIO_printf(bio_err,"invalid characters in string, please re-enter the string\n");
+		BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",n_min);
 		return(0);
 		}
-	if (nid == NID_pkcs9_unstructuredName)
-		*type=V_ASN1_IA5STRING;
-
-	if (len < min)
+	if ((n_max >= 0) && (len > n_max))
 		{
-		BIO_printf(bio_err,"string is too short, it needs to be at least %d bytes long\n",min);
-		return(0);
-		}
-	if ((max != 0) && (len > max))
-		{
-		BIO_printf(bio_err,"string is too long, it needs to be less than  %d bytes long\n",max);
+		BIO_printf(bio_err,"string is too long, it needs to be less than  %d bytes long\n",n_max);
 		return(0);
 		}
 	return(1);
 	}
+
+/* Check if the end of a string matches 'end' */
+static int check_end(char *str, char *end)
+{
+	int elen, slen;	
+	char *tmp;
+	elen = strlen(end);
+	slen = strlen(str);
+	if(elen > slen) return 1;
+	tmp = str + slen - elen;
+	return strcmp(tmp, end);
+}
diff --git a/apps/rmlinks b/apps/rmlinks
deleted file mode 100644
index 0056736752..0000000000
--- a/apps/rmlinks
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-for i in verify asn1parse req dgst dh enc gendh errstr ca crl rsa dsa dsaparam x509 genrsa s_server s_client speed s_time version pkcs7 crl2pkcs7 sess_id ciphers md2 md5 sha sha1 mdc2 rmd160 base64 des des3 desx idea rc4 rc2 bf cast rc5 des-ecb des-ede des-ede3 des-cbc des-ede-cbc des-ede3-cbc des-cfb des-ede-cfb des-ede3-cfb des-ofb des-ede-ofb des-ede3-ofb idea-cbc idea-ecb idea-cfb idea-ofb rc2-cbc rc2-ecb rc2-cfb rc2-ofb bf-cbc bf-ecb bf-cfb bf-ofb cast5-cbc cast5-ecb cast5-cfb cast5-ofb cast-cbc rc5-cbc rc5-ecb rc5-cfb rc5-ofb 
-do
-echo removing $i
-/bin/rm -f $i
-done
diff --git a/apps/rsa.c b/apps/rsa.c
index 267b12b15e..aebec744a2 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -56,17 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "rsa.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	rsa_main
@@ -78,21 +79,32 @@
  * -des		- encrypt output if PEM format with DES in cbc mode
  * -des3	- encrypt output if PEM format
  * -idea	- encrypt output if PEM format
+ * -aes128	- encrypt output if PEM format
+ * -aes192	- encrypt output if PEM format
+ * -aes256	- encrypt output if PEM format
  * -text	- print a text version
  * -modulus	- print the RSA key modulus
+ * -check	- verify key consistency
+ * -pubin	- Expect a public key in input file.
+ * -pubout	- Output a public key.
  */
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int ret=1;
 	RSA *rsa=NULL;
-	int i,badops=0;
-	EVP_CIPHER *enc=NULL;
-	BIO *in=NULL,*out=NULL;
-	int informat,outformat,text=0,noout=0;
+	int i,badops=0, sgckey=0;
+	const EVP_CIPHER *enc=NULL;
+	BIO *out=NULL;
+	int informat,outformat,text=0,check=0,noout=0;
+	int pubin = 0, pubout = 0;
 	char *infile,*outfile,*prog;
+	char *passargin = NULL, *passargout = NULL;
+	char *passin = NULL, *passout = NULL;
+	char *engine=NULL;
 	int modulus=0;
 
 	apps_startup();
@@ -101,6 +113,9 @@ char **argv;
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
@@ -131,12 +146,35 @@ char **argv;
 			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
+		else if (strcmp(*argv,"-passin") == 0)
+			{
+			if (--argc < 1) goto bad;
+			passargin= *(++argv);
+			}
+		else if (strcmp(*argv,"-passout") == 0)
+			{
+			if (--argc < 1) goto bad;
+			passargout= *(++argv);
+			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
+		else if (strcmp(*argv,"-sgckey") == 0)
+			sgckey=1;
+		else if (strcmp(*argv,"-pubin") == 0)
+			pubin=1;
+		else if (strcmp(*argv,"-pubout") == 0)
+			pubout=1;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
 		else if (strcmp(*argv,"-modulus") == 0)
 			modulus=1;
+		else if (strcmp(*argv,"-check") == 0)
+			check=1;
 		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -152,88 +190,83 @@ char **argv;
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
-		BIO_printf(bio_err," -inform arg   input format - one of DER NET PEM\n");
-		BIO_printf(bio_err," -outform arg  output format - one of DER NET PEM\n");
-		BIO_printf(bio_err," -in arg       inout file\n");
-		BIO_printf(bio_err," -out arg      output file\n");
-		BIO_printf(bio_err," -des          encrypt PEM output with cbc des\n");
-		BIO_printf(bio_err," -des3         encrypt PEM output with ede cbc des using 168 bit key\n");
-#ifndef NO_IDEA
-		BIO_printf(bio_err," -idea         encrypt PEM output with cbc idea\n");
+		BIO_printf(bio_err," -inform arg     input format - one of DER NET PEM\n");
+		BIO_printf(bio_err," -outform arg    output format - one of DER NET PEM\n");
+		BIO_printf(bio_err," -in arg         input file\n");
+		BIO_printf(bio_err," -sgckey         Use IIS SGC key format\n");
+		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
+		BIO_printf(bio_err," -out arg        output file\n");
+		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
+		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
+		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
+#ifndef OPENSSL_NO_IDEA
+		BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");
+#endif
+#ifndef OPENSSL_NO_AES
+		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
 #endif
-		BIO_printf(bio_err," -text         print the key in text\n");
-		BIO_printf(bio_err," -noout        don't print key out\n");
-		BIO_printf(bio_err," -modulus      print the RSA key modulus\n");
+		BIO_printf(bio_err," -text           print the key in text\n");
+		BIO_printf(bio_err," -noout          don't print key out\n");
+		BIO_printf(bio_err," -modulus        print the RSA key modulus\n");
+		BIO_printf(bio_err," -check          verify key consistency\n");
+		BIO_printf(bio_err," -pubin          expect a public key in input file\n");
+		BIO_printf(bio_err," -pubout         output a public key\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 		goto end;
 		}
 
 	ERR_load_crypto_strings();
 
-	in=BIO_new(BIO_s_file());
-	out=BIO_new(BIO_s_file());
-	if ((in == NULL) || (out == NULL))
-		{
-		ERR_print_errors(bio_err);
+        e = setup_engine(bio_err, engine, 0);
+
+	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
-		}
+	}
 
-	if (infile == NULL)
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(in,infile) <= 0)
-			{
-			perror(infile);
-			goto end;
-			}
-		}
+	if(check && pubin) {
+		BIO_printf(bio_err, "Only private keys can be checked\n");
+		goto end;
+	}
 
-	BIO_printf(bio_err,"read RSA private key\n");
-	if	(informat == FORMAT_ASN1)
-		rsa=d2i_RSAPrivateKey_bio(in,NULL);
-#ifndef NO_RC4
-	else if (informat == FORMAT_NETSCAPE)
-		{
-		BUF_MEM *buf=NULL;
-		unsigned char *p;
-		int size=0;
+	out=BIO_new(BIO_s_file());
+
+	{
+		EVP_PKEY	*pkey;
+
+		if (pubin)
+			pkey = load_pubkey(bio_err, infile,
+				(informat == FORMAT_NETSCAPE && sgckey ?
+					FORMAT_IISSGC : informat), 1,
+				passin, e, "Public Key");
+		else
+			pkey = load_key(bio_err, infile,
+				(informat == FORMAT_NETSCAPE && sgckey ?
+					FORMAT_IISSGC : informat), 1,
+				passin, e, "Private Key");
+
+		if (pkey != NULL)
+		rsa = pkey == NULL ? NULL : EVP_PKEY_get1_RSA(pkey);
+		EVP_PKEY_free(pkey);
+	}
 
-		buf=BUF_MEM_new();
-		for (;;)
-			{
-			if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
-				goto end;
-			i=BIO_read(in,&(buf->data[size]),1024*10);
-			size+=i;
-			if (i == 0) break;
-			if (i < 0)
-				{
-				perror("reading private key");
-				BUF_MEM_free(buf);
-				goto end;
-				}
-			}
-		p=(unsigned char *)buf->data;
-		rsa=(RSA *)d2i_Netscape_RSA(NULL,&p,(long)size,NULL);
-		BUF_MEM_free(buf);
-		}
-#endif
-	else if (informat == FORMAT_PEM)
-		rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL);
-	else
-		{
-		BIO_printf(bio_err,"bad input format specified for key\n");
-		goto end;
-		}
 	if (rsa == NULL)
 		{
-		BIO_printf(bio_err,"unable to load Private Key\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 
 	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+		BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		out = BIO_push(tmpbio, out);
+		}
+#endif
+		}
 	else
 		{
 		if (BIO_write_filename(out,outfile) <= 0)
@@ -253,51 +286,95 @@ bad:
 
 	if (modulus)
 		{
-		fprintf(stdout,"Modulus=");
+		BIO_printf(out,"Modulus=");
 		BN_print(out,rsa->n);
-		fprintf(stdout,"\n");
+		BIO_printf(out,"\n");
 		}
 
-	if (noout) goto end;
-	BIO_printf(bio_err,"writing RSA private key\n");
-	if 	(outformat == FORMAT_ASN1)
-		i=i2d_RSAPrivateKey_bio(out,rsa);
-#ifndef NO_RC4
+	if (check)
+		{
+		int r = RSA_check_key(rsa);
+
+		if (r == 1)
+			BIO_printf(out,"RSA key ok\n");
+		else if (r == 0)
+			{
+			long err;
+
+			while ((err = ERR_peek_error()) != 0 &&
+				ERR_GET_LIB(err) == ERR_LIB_RSA &&
+				ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
+				ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE)
+				{
+				BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));
+				ERR_get_error(); /* remove e from error stack */
+				}
+			}
+		
+		if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */
+			{
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		}
+		
+	if (noout)
+		{
+		ret = 0;
+		goto end;
+		}
+	BIO_printf(bio_err,"writing RSA key\n");
+	if 	(outformat == FORMAT_ASN1) {
+		if(pubout || pubin) i=i2d_RSA_PUBKEY_bio(out,rsa);
+		else i=i2d_RSAPrivateKey_bio(out,rsa);
+	}
+#ifndef OPENSSL_NO_RC4
 	else if (outformat == FORMAT_NETSCAPE)
 		{
 		unsigned char *p,*pp;
 		int size;
 
 		i=1;
-		size=i2d_Netscape_RSA(rsa,NULL,NULL);
-		if ((p=(unsigned char *)Malloc(size)) == NULL)
+		size=i2d_RSA_NET(rsa,NULL,NULL, sgckey);
+		if ((p=(unsigned char *)OPENSSL_malloc(size)) == NULL)
 			{
-			BIO_printf(bio_err,"Malloc failure\n");
+			BIO_printf(bio_err,"Memory allocation failure\n");
 			goto end;
 			}
 		pp=p;
-		i2d_Netscape_RSA(rsa,&p,NULL);
+		i2d_RSA_NET(rsa,&p,NULL, sgckey);
 		BIO_write(out,(char *)pp,size);
-		Free(pp);
+		OPENSSL_free(pp);
 		}
 #endif
-	else if (outformat == FORMAT_PEM)
-		i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL);
-	else	{
+	else if (outformat == FORMAT_PEM) {
+		if(pubout || pubin)
+		    i=PEM_write_bio_RSA_PUBKEY(out,rsa);
+		else i=PEM_write_bio_RSAPrivateKey(out,rsa,
+						enc,NULL,0,NULL,passout);
+	} else	{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
 		}
 	if (!i)
 		{
-		BIO_printf(bio_err,"unable to write private key\n");
+		BIO_printf(bio_err,"unable to write key\n");
 		ERR_print_errors(bio_err);
 		}
 	else
 		ret=0;
 end:
-	if (in != NULL) BIO_free(in);
-	if (out != NULL) BIO_free(out);
-	if (rsa != NULL) RSA_free(rsa);
-	EXIT(ret);
+	if(out != NULL) BIO_free_all(out);
+	if(rsa != NULL) RSA_free(rsa);
+	if(passin) OPENSSL_free(passin);
+	if(passout) OPENSSL_free(passout);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
+#else /* !OPENSSL_NO_RSA */
 
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
+#endif
diff --git a/apps/rsa/01.pem b/apps/rsa/01.pem
deleted file mode 100644
index 36ec57598e..0000000000
--- a/apps/rsa/01.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG
-A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
-VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4
-MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV
-BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0
-cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv
-bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb
-qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU
-MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D
-gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/
-LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k
-Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq
-Pjrmw2eSgbdmmdumWAcNPVbV
------END CERTIFICATE-----
diff --git a/apps/rsa/1.txt b/apps/rsa/1.txt
deleted file mode 100644
index 95a862e150..0000000000
--- a/apps/rsa/1.txt
+++ /dev/null
@@ -1,50 +0,0 @@
-issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
-subject=/C=US/ST=New York/L=New York/O=Industrial Press Inc./CN=www.industrialpress.com
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            68:ae:14:a4:c9:9f:a9:f3:9a:23:cf:2f:15:19:b3:5a
-        Signature Algorithm: md5WithRSAEncryption
-        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
-        Validity
-            Not Before: May 18 00:00:00 1998 GMT
-            Not After : May 18 23:59:59 1999 GMT
-        Subject: C=US, ST=New York, L=New York, O=Industrial Press Inc., CN=www.industrialpress.com
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1024 bit)
-                Modulus (1024 bit):
-                    00:aa:21:fd:c5:42:4d:1e:fa:82:99:a0:e8:9f:6e:
-                    d5:6a:52:5b:a9:32:f2:98:5d:f2:28:a5:81:c5:b3:
-                    83:2d:68:d7:ef:22:a3:7b:0a:2a:5a:1a:2d:68:40:
-                    11:23:a8:d7:3e:aa:26:53:ce:e0:15:4d:6d:1f:8a:
-                    ff:6e:0c:21:dc:59:94:30:ad:ea:a3:dd:97:3a:cb:
-                    f0:34:01:f3:5f:35:91:5d:03:49:9a:6e:78:83:61:
-                    75:45:4b:74:d2:98:18:88:ec:62:98:3b:1e:d6:df:
-                    51:2f:93:ce:08:31:1b:7d:7f:03:82:e8:2b:13:f5:
-                    b0:91:2d:85:ad:2a:1c:e7:f7
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md5WithRSAEncryption
-        8c:3b:7e:f1:74:12:d1:2f:ac:d4:bf:2d:8b:aa:02:05:30:fe:
-        d1:f4:14:b8:02:92:a2:8b:99:86:26:ff:24:7e:67:48:43:d9:
-        e3:ff:52:11:7e:8c:0c:26:57:ca:c7:b4:19:da:4c:ce:e8:37:
-        6d:d1:55:6d:a4:09:ff:2c:a2:21:9f:af:63:d8:b5:fb:9f:a5:
-        7b:5d:ed:ac:d4:15:af:96:24:25:a7:a7:43:76:f4:41:b4:05:
-        1d:49:38:50:b4:43:fe:1d:87:f5:fd:aa:e9:4c:f2:5b:aa:3e:
-        3a:e6:c3:67:92:81:b7:66:99:db:a6:58:07:0d:3d:56:d5
------BEGIN CERTIFICATE-----
-MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG
-A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
-VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4
-MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV
-BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0
-cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv
-bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb
-qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU
-MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D
-gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/
-LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k
-Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq
-Pjrmw2eSgbdmmdumWAcNPVbV
------END CERTIFICATE-----
diff --git a/apps/rsa/SecureServer.pem b/apps/rsa/SecureServer.pem
deleted file mode 100644
index 7c8ffb2cd8..0000000000
--- a/apps/rsa/SecureServer.pem
+++ /dev/null
@@ -1,47 +0,0 @@
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
-        Signature Algorithm: md2WithRSAEncryption
-        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
-        Validity
-            Not Before: Nov  9 00:00:00 1994 GMT
-            Not After : Jan  7 23:59:59 2010 GMT
-        Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1000 bit)
-                Modulus (1000 bit):
-                    00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
-                    01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
-                    e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
-                    37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
-                    4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
-                    65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
-                    b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
-                    54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
-                    dd:2d:d6:c8:1e:7b
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md2WithRSAEncryption
-        65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
-        c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
-        b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
-        c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
-        4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
-        16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
-        f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
------BEGIN CERTIFICATE-----
-MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
-A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
-VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
-MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
-BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
-dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
-ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
-0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
-uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
-hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
-YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
-1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
------END CERTIFICATE-----
diff --git a/apps/rsa/s.txt b/apps/rsa/s.txt
deleted file mode 100644
index 7de7e0764f..0000000000
--- a/apps/rsa/s.txt
+++ /dev/null
@@ -1,49 +0,0 @@
-issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
-subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
-Certificate:
-    Data:
-        Version: 1 (0x0)
-        Serial Number:
-            02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
-        Signature Algorithm: md2WithRSAEncryption
-        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
-        Validity
-            Not Before: Nov  9 00:00:00 1994 GMT
-            Not After : Jan  7 23:59:59 2010 GMT
-        Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
-        Subject Public Key Info:
-            Public Key Algorithm: rsaEncryption
-            RSA Public Key: (1000 bit)
-                Modulus (1000 bit):
-                    00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
-                    01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
-                    e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
-                    37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
-                    4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
-                    65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
-                    b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
-                    54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
-                    dd:2d:d6:c8:1e:7b
-                Exponent: 65537 (0x10001)
-    Signature Algorithm: md2WithRSAEncryption
-        65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
-        c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
-        b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
-        c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
-        4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
-        16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
-        f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
------BEGIN CERTIFICATE-----
-MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
-A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
-VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
-MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
-BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
-dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
-ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
-0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
-uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
-hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
-YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
-1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
------END CERTIFICATE-----
diff --git a/apps/rsautl.c b/apps/rsautl.c
new file mode 100644
index 0000000000..36957e5b84
--- /dev/null
+++ b/apps/rsautl.c
@@ -0,0 +1,312 @@
+/* rsautl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef OPENSSL_NO_RSA
+
+#include "apps.h"
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+
+#define RSA_SIGN 	1
+#define RSA_VERIFY 	2
+#define RSA_ENCRYPT 	3
+#define RSA_DECRYPT 	4
+
+#define KEY_PRIVKEY	1
+#define KEY_PUBKEY	2
+#define KEY_CERT	3
+
+static void usage(void);
+
+#undef PROG
+
+#define PROG rsautl_main
+
+int MAIN(int argc, char **);
+
+int MAIN(int argc, char **argv)
+{
+	ENGINE *e = NULL;
+	BIO *in = NULL, *out = NULL;
+	char *infile = NULL, *outfile = NULL;
+	char *engine = NULL;
+	char *keyfile = NULL;
+	char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
+	int keyform = FORMAT_PEM;
+	char need_priv = 0, badarg = 0, rev = 0;
+	char hexdump = 0, asn1parse = 0;
+	X509 *x;
+	EVP_PKEY *pkey = NULL;
+	RSA *rsa = NULL;
+	unsigned char *rsa_in = NULL, *rsa_out = NULL, pad;
+	int rsa_inlen, rsa_outlen = 0;
+	int keysize;
+
+	int ret = 1;
+
+	argc--;
+	argv++;
+
+	if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
+	ERR_load_crypto_strings();
+	OpenSSL_add_all_algorithms();
+	pad = RSA_PKCS1_PADDING;
+	
+	while(argc >= 1)
+	{
+		if (!strcmp(*argv,"-in")) {
+			if (--argc < 1) badarg = 1;
+                        infile= *(++argv);
+		} else if (!strcmp(*argv,"-out")) {
+			if (--argc < 1) badarg = 1;
+			outfile= *(++argv);
+		} else if(!strcmp(*argv, "-inkey")) {
+			if (--argc < 1) badarg = 1;
+			keyfile = *(++argv);
+		} else if (strcmp(*argv,"-keyform") == 0) {
+			if (--argc < 1) badarg = 1;
+			keyform=str2fmt(*(++argv));
+		} else if(!strcmp(*argv, "-engine")) {
+			if (--argc < 1) badarg = 1;
+			engine = *(++argv);
+		} else if(!strcmp(*argv, "-pubin")) {
+			key_type = KEY_PUBKEY;
+		} else if(!strcmp(*argv, "-certin")) {
+			key_type = KEY_CERT;
+		} 
+		else if(!strcmp(*argv, "-asn1parse")) asn1parse = 1;
+		else if(!strcmp(*argv, "-hexdump")) hexdump = 1;
+		else if(!strcmp(*argv, "-raw")) pad = RSA_NO_PADDING;
+		else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;
+		else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;
+		else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;
+		else if(!strcmp(*argv, "-sign")) {
+			rsa_mode = RSA_SIGN;
+			need_priv = 1;
+		} else if(!strcmp(*argv, "-verify")) rsa_mode = RSA_VERIFY;
+		else if(!strcmp(*argv, "-rev")) rev = 1;
+		else if(!strcmp(*argv, "-encrypt")) rsa_mode = RSA_ENCRYPT;
+		else if(!strcmp(*argv, "-decrypt")) {
+			rsa_mode = RSA_DECRYPT;
+			need_priv = 1;
+		} else badarg = 1;
+		if(badarg) {
+			usage();
+			goto end;
+		}
+		argc--;
+		argv++;
+	}
+
+	if(need_priv && (key_type != KEY_PRIVKEY)) {
+		BIO_printf(bio_err, "A private key is needed for this operation\n");
+		goto end;
+	}
+
+        e = setup_engine(bio_err, engine, 0);
+
+/* FIXME: seed PRNG only if needed */
+	app_RAND_load_file(NULL, bio_err, 0);
+	
+	switch(key_type) {
+		case KEY_PRIVKEY:
+		pkey = load_key(bio_err, keyfile, keyform, 0,
+			NULL, e, "Private Key");
+		break;
+
+		case KEY_PUBKEY:
+		pkey = load_pubkey(bio_err, keyfile, keyform, 0,
+			NULL, e, "Public Key");
+		break;
+
+		case KEY_CERT:
+		x = load_cert(bio_err, keyfile, keyform,
+			NULL, e, "Certificate");
+		if(x) {
+			pkey = X509_get_pubkey(x);
+			X509_free(x);
+		}
+		break;
+	}
+
+	if(!pkey) {
+		return 1;
+	}
+
+	rsa = EVP_PKEY_get1_RSA(pkey);
+	EVP_PKEY_free(pkey);
+
+	if(!rsa) {
+		BIO_printf(bio_err, "Error getting RSA key\n");
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+
+
+	if(infile) {
+		if(!(in = BIO_new_file(infile, "rb"))) {
+			BIO_printf(bio_err, "Error Reading Input File\n");
+			ERR_print_errors(bio_err);	
+			goto end;
+		}
+	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+	if(outfile) {
+		if(!(out = BIO_new_file(outfile, "wb"))) {
+			BIO_printf(bio_err, "Error Reading Output File\n");
+			ERR_print_errors(bio_err);	
+			goto end;
+		}
+	} else {
+		out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		    out = BIO_push(tmpbio, out);
+		}
+#endif
+	}
+
+	keysize = RSA_size(rsa);
+
+	rsa_in = OPENSSL_malloc(keysize * 2);
+	rsa_out = OPENSSL_malloc(keysize);
+
+	/* Read the input data */
+	rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
+	if(rsa_inlen <= 0) {
+		BIO_printf(bio_err, "Error reading input Data\n");
+		exit(1);
+	}
+	if(rev) {
+		int i;
+		unsigned char ctmp;
+		for(i = 0; i < rsa_inlen/2; i++) {
+			ctmp = rsa_in[i];
+			rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
+			rsa_in[rsa_inlen - 1 - i] = ctmp;
+		}
+	}
+	switch(rsa_mode) {
+
+		case RSA_VERIFY:
+			rsa_outlen  = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+		break;
+
+		case RSA_SIGN:
+			rsa_outlen  = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+		break;
+
+		case RSA_ENCRYPT:
+			rsa_outlen  = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+		break;
+
+		case RSA_DECRYPT:
+			rsa_outlen  = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+		break;
+
+	}
+
+	if(rsa_outlen <= 0) {
+		BIO_printf(bio_err, "RSA operation error\n");
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+	ret = 0;
+	if(asn1parse) {
+		if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
+			ERR_print_errors(bio_err);
+		}
+	} else if(hexdump) BIO_dump(out, (char *)rsa_out, rsa_outlen);
+	else BIO_write(out, rsa_out, rsa_outlen);
+	end:
+	RSA_free(rsa);
+	BIO_free(in);
+	BIO_free_all(out);
+	if(rsa_in) OPENSSL_free(rsa_in);
+	if(rsa_out) OPENSSL_free(rsa_out);
+	return ret;
+}
+
+static void usage()
+{
+	BIO_printf(bio_err, "Usage: rsautl [options]\n");
+	BIO_printf(bio_err, "-in file        input file\n");
+	BIO_printf(bio_err, "-out file       output file\n");
+	BIO_printf(bio_err, "-inkey file     input key\n");
+	BIO_printf(bio_err, "-keyform arg    private key format - default PEM\n");
+	BIO_printf(bio_err, "-pubin          input is an RSA public\n");
+	BIO_printf(bio_err, "-certin         input is a certificate carrying an RSA public key\n");
+	BIO_printf(bio_err, "-ssl            use SSL v2 padding\n");
+	BIO_printf(bio_err, "-raw            use no padding\n");
+	BIO_printf(bio_err, "-pkcs           use PKCS#1 v1.5 padding (default)\n");
+	BIO_printf(bio_err, "-oaep           use PKCS#1 OAEP\n");
+	BIO_printf(bio_err, "-sign           sign with private key\n");
+	BIO_printf(bio_err, "-verify         verify with public key\n");
+	BIO_printf(bio_err, "-encrypt        encrypt with public key\n");
+	BIO_printf(bio_err, "-decrypt        decrypt with private key\n");
+	BIO_printf(bio_err, "-hexdump        hex dump output\n");
+	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
+
+}
+
+#endif
diff --git a/apps/s_apps.h b/apps/s_apps.h
index ba320946be..ff18a72fe0 100644
--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@@ -55,65 +55,106 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <sys/types.h>
+#include <openssl/opensslconf.h>
+
+#if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
+/* VAX C does not defined fd_set and friends, but it's actually quite simple */
+/* These definitions are borrowed from SOCKETSHR.	/Richard Levitte */
+#define MAX_NOFILE	32
+#define	NBBY		 8		/* number of bits in a byte	*/
+
+#ifndef	FD_SETSIZE
+#define	FD_SETSIZE	MAX_NOFILE
+#endif	/* FD_SETSIZE */
+
+/* How many things we'll allow select to use. 0 if unlimited */
+#define MAXSELFD	MAX_NOFILE
+typedef int	fd_mask;	/* int here! VMS prototypes int, not long */
+#define NFDBITS	(sizeof(fd_mask) * NBBY)	/* bits per mask (power of 2!)*/
+#define NFDSHIFT 5				/* Shift based on above */
+
+typedef fd_mask fd_set;
+#define	FD_SET(n, p)	(*(p) |= (1 << ((n) % NFDBITS)))
+#define	FD_CLR(n, p)	(*(p) &= ~(1 << ((n) % NFDBITS)))
+#define	FD_ISSET(n, p)	(*(p) & (1 << ((n) % NFDBITS)))
+#define FD_ZERO(p)	memset((char *)(p), 0, sizeof(*(p)))
+#endif
 
 #define PORT            4433
 #define PORT_STR        "4433"
 #define PROTOCOL        "tcp"
 
-#ifndef NOPROTO
-int do_accept(int acc_sock, int *sock, char **host);
-int do_server(int port, int *ret, int (*cb) ());
+int do_server(int port, int *ret, int (*cb) (), char *context);
 #ifdef HEADER_X509_H
 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
-#else
-int MS_CALLBACK verify_callback(int ok, char *ctx);
 #endif
 #ifdef HEADER_SSL_H
 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
-#else
-int set_cert_stuff(char *ctx, char *cert_file, char *key_file);
 #endif
 int init_client(int *sock, char *server, int port);
-int init_client_ip(int *sock,unsigned char ip[4], int port);
-int nbio_init_client_ip(int *sock,unsigned char ip[4], int port);
-int nbio_sock_error(int sock);
-int spawn(int argc, char **argv, int *in, int *out);
-int init_server(int *sock, int port);
-int init_server_long(int *sock, int port,char *ip);
 int should_retry(int i);
-void sock_cleanup(void );
 int extract_port(char *str, short *port_ptr);
 int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
-int host_ip(char *str, unsigned char ip[4]);
 
-long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, char *argp,
+long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp,
 	int argi, long argl, long ret);
 
 #ifdef HEADER_SSL_H
-void MS_CALLBACK apps_ssl_info_callback(SSL *s, int where, int ret);
-#else
-void MS_CALLBACK apps_ssl_info_callback(char *s, int where, int ret);
-#endif
-
-#else
-int do_accept();
-int do_server();
-int MS_CALLBACK verify_callback();
-int set_cert_stuff();
-int init_client();
-int init_client_ip();
-int nbio_init_client_ip();
-int nbio_sock_error();
-int spawn();
-int init_server();
-int should_retry();
-void sock_cleanup();
-int extract_port();
-int extract_host_port();
-int host_ip();
-
-long MS_CALLBACK bio_dump_cb();
-void MS_CALLBACK apps_ssl_info_callback();
-
+void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret);
+void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
 #endif
-
diff --git a/apps/s_cb.c b/apps/s_cb.c
index 7fa855c5dc..675527df1f 100644
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@@ -1,4 +1,4 @@
-/* apps/s_cb.c */
+/* apps/s_cb.c - callback functions used by s_client, s_server, and s_time */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -55,6 +55,59 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -63,17 +116,15 @@
 #include "apps.h"
 #undef NON_MAIN
 #undef USE_SOCKETS
-#include "err.h"
-#include "x509.h"
-#include "ssl.h"
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
 #include "s_apps.h"
 
 int verify_depth=0;
 int verify_error=X509_V_OK;
 
-int MS_CALLBACK verify_callback(ok, ctx)
-int ok;
-X509_STORE_CTX *ctx;
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
 	{
 	char buf[256];
 	X509 *err_cert;
@@ -83,7 +134,7 @@ X509_STORE_CTX *ctx;
 	err=	X509_STORE_CTX_get_error(ctx);
 	depth=	X509_STORE_CTX_get_error_depth(ctx);
 
-	X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
+	X509_NAME_oneline(X509_get_subject_name(err_cert),buf,sizeof buf);
 	BIO_printf(bio_err,"depth=%d %s\n",depth,buf);
 	if (!ok)
 		{
@@ -103,19 +154,19 @@ X509_STORE_CTX *ctx;
 	switch (ctx->error)
 		{
 	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-		X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,256);
+		X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),buf,sizeof buf);
 		BIO_printf(bio_err,"issuer= %s\n",buf);
 		break;
 	case X509_V_ERR_CERT_NOT_YET_VALID:
 	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
 		BIO_printf(bio_err,"notBefore=");
-		ASN1_UTCTIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
+		ASN1_TIME_print(bio_err,X509_get_notBefore(ctx->current_cert));
 		BIO_printf(bio_err,"\n");
 		break;
 	case X509_V_ERR_CERT_HAS_EXPIRED:
 	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
 		BIO_printf(bio_err,"notAfter=");
-		ASN1_UTCTIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
+		ASN1_TIME_print(bio_err,X509_get_notAfter(ctx->current_cert));
 		BIO_printf(bio_err,"\n");
 		break;
 		}
@@ -123,10 +174,7 @@ X509_STORE_CTX *ctx;
 	return(ok);
 	}
 
-int set_cert_stuff(ctx, cert_file, key_file)
-SSL_CTX *ctx;
-char *cert_file;
-char *key_file;
+int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
 	{
 	if (cert_file != NULL)
 		{
@@ -156,9 +204,13 @@ char *key_file;
 		ssl=SSL_new(ctx);
 		x509=SSL_get_certificate(ssl);
 
-		if (x509 != NULL)
-			EVP_PKEY_copy_parameters(X509_get_pubkey(x509),
-				SSL_get_privatekey(ssl));
+		if (x509 != NULL) {
+			EVP_PKEY *pktmp;
+			pktmp = X509_get_pubkey(x509);
+			EVP_PKEY_copy_parameters(pktmp,
+						SSL_get_privatekey(ssl));
+			EVP_PKEY_free(pktmp);
+		}
 		SSL_free(ssl);
 		*/
 
@@ -177,13 +229,8 @@ char *key_file;
 	return(1);
 	}
 
-long MS_CALLBACK bio_dump_cb(bio,cmd,argp,argi,argl,ret)
-BIO *bio;
-int cmd;
-char *argp;
-int argi;
-long argl;
-long ret;
+long MS_CALLBACK bio_dump_cb(BIO *bio, int cmd, const char *argp, int argi,
+	     long argl, long ret)
 	{
 	BIO *out;
 
@@ -206,10 +253,7 @@ long ret;
 	return(ret);
 	}
 
-void MS_CALLBACK apps_ssl_info_callback(s,where,ret)
-SSL *s;
-int where;
-int ret;
+void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)
 	{
 	char *str;
 	int w;
@@ -245,3 +289,261 @@ int ret;
 		}
 	}
 
+
+void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
+	{
+	BIO *bio = arg;
+	const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= "";
+	
+	str_write_p = write_p ? ">>>" : "<<<";
+
+	switch (version)
+		{
+	case SSL2_VERSION:
+		str_version = "SSL 2.0";
+		break;
+	case SSL3_VERSION:
+		str_version = "SSL 3.0 ";
+		break;
+	case TLS1_VERSION:
+		str_version = "TLS 1.0 ";
+		break;
+	default:
+		str_version = "???";
+		}
+
+	if (version == SSL2_VERSION)
+		{
+		str_details1 = "???";
+
+		if (len > 0)
+			{
+			switch (((unsigned char*)buf)[0])
+				{
+				case 0:
+					str_details1 = ", ERROR:";
+					str_details2 = " ???";
+					if (len >= 3)
+						{
+						unsigned err = (((unsigned char*)buf)[1]<<8) + ((unsigned char*)buf)[2];
+						
+						switch (err)
+							{
+						case 0x0001:
+							str_details2 = " NO-CIPHER-ERROR";
+							break;
+						case 0x0002:
+							str_details2 = " NO-CERTIFICATE-ERROR";
+							break;
+						case 0x0004:
+							str_details2 = " BAD-CERTIFICATE-ERROR";
+							break;
+						case 0x0006:
+							str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR";
+							break;
+							}
+						}
+
+					break;
+				case 1:
+					str_details1 = ", CLIENT-HELLO";
+					break;
+				case 2:
+					str_details1 = ", CLIENT-MASTER-KEY";
+					break;
+				case 3:
+					str_details1 = ", CLIENT-FINISHED";
+					break;
+				case 4:
+					str_details1 = ", SERVER-HELLO";
+					break;
+				case 5:
+					str_details1 = ", SERVER-VERIFY";
+					break;
+				case 6:
+					str_details1 = ", SERVER-FINISHED";
+					break;
+				case 7:
+					str_details1 = ", REQUEST-CERTIFICATE";
+					break;
+				case 8:
+					str_details1 = ", CLIENT-CERTIFICATE";
+					break;
+				}
+			}
+		}
+
+	if (version == SSL3_VERSION || version == TLS1_VERSION)
+		{
+		switch (content_type)
+			{
+		case 20:
+			str_content_type = "ChangeCipherSpec";
+			break;
+		case 21:
+			str_content_type = "Alert";
+			break;
+		case 22:
+			str_content_type = "Handshake";
+			break;
+			}
+
+		if (content_type == 21) /* Alert */
+			{
+			str_details1 = ", ???";
+			
+			if (len == 2)
+				{
+				switch (((unsigned char*)buf)[0])
+					{
+				case 1:
+					str_details1 = ", warning";
+					break;
+				case 2:
+					str_details1 = ", fatal";
+					break;
+					}
+
+				str_details2 = " ???";
+				switch (((unsigned char*)buf)[1])
+					{
+				case 0:
+					str_details2 = " close_notify";
+					break;
+				case 10:
+					str_details2 = " unexpected_message";
+					break;
+				case 20:
+					str_details2 = " bad_record_mac";
+					break;
+				case 21:
+					str_details2 = " decryption_failed";
+					break;
+				case 22:
+					str_details2 = " record_overflow";
+					break;
+				case 30:
+					str_details2 = " decompression_failure";
+					break;
+				case 40:
+					str_details2 = " handshake_failure";
+					break;
+				case 42:
+					str_details2 = " bad_certificate";
+					break;
+				case 43:
+					str_details2 = " unsupported_certificate";
+					break;
+				case 44:
+					str_details2 = " certificate_revoked";
+					break;
+				case 45:
+					str_details2 = " certificate_expired";
+					break;
+				case 46:
+					str_details2 = " certificate_unknown";
+					break;
+				case 47:
+					str_details2 = " illegal_parameter";
+					break;
+				case 48:
+					str_details2 = " unknown_ca";
+					break;
+				case 49:
+					str_details2 = " access_denied";
+					break;
+				case 50:
+					str_details2 = " decode_error";
+					break;
+				case 51:
+					str_details2 = " decrypt_error";
+					break;
+				case 60:
+					str_details2 = " export_restriction";
+					break;
+				case 70:
+					str_details2 = " protocol_version";
+					break;
+				case 71:
+					str_details2 = " insufficient_security";
+					break;
+				case 80:
+					str_details2 = " internal_error";
+					break;
+				case 90:
+					str_details2 = " user_canceled";
+					break;
+				case 100:
+					str_details2 = " no_renegotiation";
+					break;
+					}
+				}
+			}
+		
+		if (content_type == 22) /* Handshake */
+			{
+			str_details1 = "???";
+
+			if (len > 0)
+				{
+				switch (((unsigned char*)buf)[0])
+					{
+				case 0:
+					str_details1 = ", HelloRequest";
+					break;
+				case 1:
+					str_details1 = ", ClientHello";
+					break;
+				case 2:
+					str_details1 = ", ServerHello";
+					break;
+				case 11:
+					str_details1 = ", Certificate";
+					break;
+				case 12:
+					str_details1 = ", ServerKeyExchange";
+					break;
+				case 13:
+					str_details1 = ", CertificateRequest";
+					break;
+				case 14:
+					str_details1 = ", ServerHelloDone";
+					break;
+				case 15:
+					str_details1 = ", CertificateVerify";
+					break;
+				case 16:
+					str_details1 = ", ClientKeyExchange";
+					break;
+				case 20:
+					str_details1 = ", Finished";
+					break;
+					}
+				}
+			}
+		}
+
+	BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2);
+
+	if (len > 0)
+		{
+		size_t num, i;
+		
+		BIO_printf(bio, "   ");
+		num = len;
+#if 0
+		if (num > 16)
+			num = 16;
+#endif
+		for (i = 0; i < num; i++)
+			{
+			if (i % 16 == 0 && i > 0)
+				BIO_printf(bio, "\n   ");
+			BIO_printf(bio, " %02x", ((unsigned char*)buf)[i]);
+			}
+		if (i < len)
+			BIO_printf(bio, " ...");
+		BIO_printf(bio, "\n");
+		}
+	BIO_flush(bio);
+	}
diff --git a/apps/s_client.c b/apps/s_client.c
index e0cb245003..738588c6aa 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -55,21 +55,105 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
+#include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#define USE_SOCKETS
-#ifdef NO_STDIO
+#include <openssl/e_os2.h>
+#ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #endif
+
+/* With IPv6, it looks like Digital has mixed up the proper order of
+   recursive header file inclusion, resulting in the compiler complaining
+   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
+   is needed to have fileno() declared correctly...  So let's define u_int */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+#define __U_INT
+typedef unsigned int u_int;
+#endif
+
+#define USE_SOCKETS
 #include "apps.h"
-#include "x509.h"
-#include "ssl.h"
-#include "err.h"
-#include "pem.h"
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
 #include "s_apps.h"
 
+#ifdef OPENSSL_SYS_WINDOWS
+#include <conio.h>
+#endif
+
+#ifdef OPENSSL_SYS_WINCE
+/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
+#ifdef fileno
+#undef fileno
+#endif
+#define fileno(a) (int)_fileno(a)
+#endif
+
+
+#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+
 #undef PROG
 #define PROG	s_client_main
 
@@ -90,21 +174,18 @@ static int c_nbio=0;
 #endif
 static int c_Pause=0;
 static int c_debug=0;
+static int c_msg=0;
+static int c_showcerts=0;
 
-#ifndef NOPROTO
 static void sc_usage(void);
 static void print_stuff(BIO *berr,SSL *con,int full);
-#else
-static void sc_usage();
-static void print_stuff();
-#endif
-
 static BIO *bio_c_out=NULL;
 static int c_quiet=0;
+static int c_ign_eof=0;
 
-static void sc_usage()
+static void sc_usage(void)
 	{
-	BIO_printf(bio_err,"usage: client args\n");
+	BIO_printf(bio_err,"usage: s_client args\n");
 	BIO_printf(bio_err,"\n");
 	BIO_printf(bio_err," -host host     - use -connect instead\n");
 	BIO_printf(bio_err," -port port     - use -connect instead\n");
@@ -118,31 +199,43 @@ static void sc_usage()
 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
 	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
 	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
+	BIO_printf(bio_err," -showcerts    - show all certificates in the chain\n");
 	BIO_printf(bio_err," -debug        - extra output\n");
+	BIO_printf(bio_err," -msg          - Show protocol messages\n");
 	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
 	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
 #ifdef FIONBIO
 	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
 #endif
+	BIO_printf(bio_err," -crlf         - convert LF from terminal into CRLF\n");
 	BIO_printf(bio_err," -quiet        - no s_client output\n");
+	BIO_printf(bio_err," -ign_eof      - ignore input eof (default when -quiet)\n");
 	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
 	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
 	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
 	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
-	BIO_printf(bio_err," -cipher       - prefered cipher to use, use the 'ssleay ciphers'\n");
+	BIO_printf(bio_err," -serverpref   - Use server's cipher preferences (only SSLv2)\n");
+	BIO_printf(bio_err," -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");
 	BIO_printf(bio_err,"                 command to see what is available\n");
+	BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n");
+	BIO_printf(bio_err,"                 for those protocols that support it, where\n");
+	BIO_printf(bio_err,"                 'prot' defines which one to assume.  Currently,\n");
+	BIO_printf(bio_err,"                 only \"smtp\" is supported.\n");
+	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
+	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 
 	}
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
 	{
 	int off=0;
 	SSL *con=NULL,*con2=NULL;
+	X509_STORE *store = NULL;
 	int s,k,width,state=0;
-	char *cbuf=NULL,*sbuf=NULL;
+	char *cbuf=NULL,*sbuf=NULL,*mbuf=NULL;
 	int cbuf_len,cbuf_off;
 	int sbuf_len,sbuf_off;
 	fd_set readfds,writefds;
@@ -152,31 +245,46 @@ char **argv;
 	char *cert_file=NULL,*key_file=NULL;
 	char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
 	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
-	int write_tty,read_tty,write_ssl,read_ssl,tty_on;
+	int crlf=0;
+	int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
 	SSL_CTX *ctx=NULL;
 	int ret=1,in_init=1,i,nbio_test=0;
+	int smtp_starttls = 0;
+	int prexit = 0, vflags = 0;
 	SSL_METHOD *meth=NULL;
 	BIO *sbio;
-	/*static struct timeval timeout={10,0};*/
+	char *inrand=NULL;
+	char *engine_id=NULL;
+	ENGINE *e=NULL;
+#ifdef OPENSSL_SYS_WINDOWS
+	struct timeval tv;
+#endif
 
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 	meth=SSLv23_client_method();
-#elif !defined(NO_SSL3)
+#elif !defined(OPENSSL_NO_SSL3)
 	meth=SSLv3_client_method();
-#elif !defined(NO_SSL2)
+#elif !defined(OPENSSL_NO_SSL2)
 	meth=SSLv2_client_method();
 #endif
 
 	apps_startup();
 	c_Pause=0;
 	c_quiet=0;
+	c_ign_eof=0;
 	c_debug=0;
+	c_msg=0;
+	c_showcerts=0;
 
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
-	if (	((cbuf=Malloc(BUFSIZZ)) == NULL) ||
-		((sbuf=Malloc(BUFSIZZ)) == NULL))
+	if (!load_config(bio_err, NULL))
+		goto end;
+
+	if (	((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
+		((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
+		((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
 		{
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
@@ -221,25 +329,42 @@ char **argv;
 			if (--argc < 1) goto bad;
 			cert_file= *(++argv);
 			}
+		else if	(strcmp(*argv,"-crl_check") == 0)
+			vflags |= X509_V_FLAG_CRL_CHECK;
+		else if	(strcmp(*argv,"-crl_check_all") == 0)
+			vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
+		else if	(strcmp(*argv,"-prexit") == 0)
+			prexit=1;
+		else if	(strcmp(*argv,"-crlf") == 0)
+			crlf=1;
 		else if	(strcmp(*argv,"-quiet") == 0)
+			{
 			c_quiet=1;
+			c_ign_eof=1;
+			}
+		else if	(strcmp(*argv,"-ign_eof") == 0)
+			c_ign_eof=1;
 		else if	(strcmp(*argv,"-pause") == 0)
 			c_Pause=1;
 		else if	(strcmp(*argv,"-debug") == 0)
 			c_debug=1;
+		else if	(strcmp(*argv,"-msg") == 0)
+			c_msg=1;
+		else if	(strcmp(*argv,"-showcerts") == 0)
+			c_showcerts=1;
 		else if	(strcmp(*argv,"-nbio_test") == 0)
 			nbio_test=1;
 		else if	(strcmp(*argv,"-state") == 0)
 			state=1;
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 		else if	(strcmp(*argv,"-ssl2") == 0)
 			meth=SSLv2_client_method();
 #endif
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
 		else if	(strcmp(*argv,"-ssl3") == 0)
 			meth=SSLv3_client_method();
 #endif
-#ifndef NO_TLS1
+#ifndef OPENSSL_NO_TLS1
 		else if	(strcmp(*argv,"-tls1") == 0)
 			meth=TLSv1_client_method();
 #endif
@@ -270,6 +395,8 @@ char **argv;
 			off|=SSL_OP_NO_SSLv3;
 		else if (strcmp(*argv,"-no_ssl2") == 0)
 			off|=SSL_OP_NO_SSLv2;
+		else if (strcmp(*argv,"-serverpref") == 0)
+			off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
 		else if	(strcmp(*argv,"-cipher") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -279,6 +406,25 @@ char **argv;
 		else if (strcmp(*argv,"-nbio") == 0)
 			{ c_nbio=1; }
 #endif
+		else if	(strcmp(*argv,"-starttls") == 0)
+			{
+			if (--argc < 1) goto bad;
+			++argv;
+			if (strcmp(*argv,"smtp") == 0)
+				smtp_starttls = 1;
+			else
+				goto bad;
+			}
+		else if	(strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine_id = *(++argv);
+			}
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
+			inrand= *(++argv);
+			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -295,9 +441,23 @@ bad:
 		goto end;
 		}
 
+	OpenSSL_add_ssl_algorithms();
+	SSL_load_error_strings();
+
+        e = setup_engine(bio_err, engine_id, 1);
+
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+		&& !RAND_status())
+		{
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+		}
+	if (inrand != NULL)
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+			app_RAND_load_files(inrand));
+
 	if (bio_c_out == NULL)
 		{
-		if (c_quiet)
+		if (c_quiet && !c_debug && !c_msg)
 			{
 			bio_c_out=BIO_new(BIO_s_null());
 			}
@@ -308,7 +468,6 @@ bad:
 			}
 		}
 
-	SSLeay_add_ssl_algorithms();
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{
@@ -323,7 +482,11 @@ bad:
 
 	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
 	if (cipher != NULL)
-		SSL_CTX_set_cipher_list(ctx,cipher);
+		if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
+		BIO_printf(bio_err,"error setting cipher list\n");
+		ERR_print_errors(bio_err);
+		goto end;
+	}
 #if 0
 	else
 		SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
@@ -336,14 +499,21 @@ bad:
 	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
 		(!SSL_CTX_set_default_verify_paths(ctx)))
 		{
-		/* BIO_printf(bio_err,"error seting default verify locations\n"); */
+		/* BIO_printf(bio_err,"error setting default verify locations\n"); */
 		ERR_print_errors(bio_err);
 		/* goto end; */
 		}
 
-	SSL_load_error_strings();
+	store = SSL_CTX_get_cert_store(ctx);
+	X509_STORE_set_flags(store, vflags);
 
-	con=(SSL *)SSL_new(ctx);
+	con=SSL_new(ctx);
+#ifndef OPENSSL_NO_KRB5
+	if (con  &&  (con->kssl_ctx = kssl_ctx_new()) != NULL)
+                {
+                kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVER, host);
+		}
+#endif	/* OPENSSL_NO_KRB5  */
 /*	SSL_set_cipher_list(con,"RC4-MD5"); */
 
 re_start:
@@ -385,6 +555,11 @@ re_start:
 		BIO_set_callback(sbio,bio_dump_cb);
 		BIO_set_callback_arg(sbio,bio_c_out);
 		}
+	if (c_msg)
+		{
+		SSL_set_msg_callback(con, msg_cb);
+		SSL_set_msg_callback_arg(con, bio_c_out);
+		}
 
 	SSL_set_bio(con,sbio,sbio);
 	SSL_set_connect_state(con);
@@ -403,6 +578,14 @@ re_start:
 	sbuf_len=0;
 	sbuf_off=0;
 
+	/* This is an ugly hack that does a lot of assumptions */
+	if (smtp_starttls)
+		{
+		BIO_read(sbio,mbuf,BUFSIZZ);
+		BIO_printf(sbio,"STARTTLS\r\n");
+		BIO_read(sbio,sbuf,BUFSIZZ);
+		}
+
 	for (;;)
 		{
 		FD_ZERO(&readfds);
@@ -422,6 +605,13 @@ re_start:
 				print_stuff(bio_c_out,con,full_log);
 				if (full_log > 0) full_log--;
 
+				if (smtp_starttls)
+					{
+					BIO_printf(bio_err,"%s",mbuf);
+					/* We don't need to know any more */
+					smtp_starttls = 0;
+					}
+
 				if (reconnect)
 					{
 					reconnect--;
@@ -434,31 +624,74 @@ re_start:
 				}
 			}
 
-#ifndef WINDOWS
-		if (tty_on)
+		ssl_pending = read_ssl && SSL_pending(con);
+
+		if (!ssl_pending)
 			{
-			if (read_tty)  FD_SET(fileno(stdin),&readfds);
-			if (write_tty) FD_SET(fileno(stdout),&writefds);
+#ifndef OPENSSL_SYS_WINDOWS
+			if (tty_on)
+				{
+				if (read_tty)  FD_SET(fileno(stdin),&readfds);
+				if (write_tty) FD_SET(fileno(stdout),&writefds);
+				}
+			if (read_ssl)
+				FD_SET(SSL_get_fd(con),&readfds);
+			if (write_ssl)
+				FD_SET(SSL_get_fd(con),&writefds);
+#else
+			if(!tty_on || !write_tty) {
+				if (read_ssl)
+					FD_SET(SSL_get_fd(con),&readfds);
+				if (write_ssl)
+					FD_SET(SSL_get_fd(con),&writefds);
 			}
 #endif
-		if (read_ssl)
-			FD_SET(SSL_get_fd(con),&readfds);
-		if (write_ssl)
-			FD_SET(SSL_get_fd(con),&writefds);
-
-/*		printf("mode tty(%d %d%d) ssl(%d%d)\n",
-			tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
+/*			printf("mode tty(%d %d%d) ssl(%d%d)\n",
+				tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
 
-		i=select(width,&readfds,&writefds,NULL,NULL);
-		if ( i < 0)
-			{
-			BIO_printf(bio_err,"bad select %d\n",
+			/* Note: under VMS with SOCKETSHR the second parameter
+			 * is currently of type (int *) whereas under other
+			 * systems it is (void *) if you don't have a cast it
+			 * will choke the compiler: if you do have a cast then
+			 * you can either go for (int *) or (void *).
+			 */
+#ifdef OPENSSL_SYS_WINDOWS
+			/* Under Windows we make the assumption that we can
+			 * always write to the tty: therefore if we need to
+			 * write to the tty we just fall through. Otherwise
+			 * we timeout the select every second and see if there
+			 * are any keypresses. Note: this is a hack, in a proper
+			 * Windows application we wouldn't do this.
+			 */
+			i=0;
+			if(!write_tty) {
+				if(read_tty) {
+					tv.tv_sec = 1;
+					tv.tv_usec = 0;
+					i=select(width,(void *)&readfds,(void *)&writefds,
+						 NULL,&tv);
+#ifdef OPENSSL_SYS_WINCE
+					if(!i && (!_kbhit() || !read_tty) ) continue;
+#else
+					if(!i && (!((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0))) || !read_tty) ) continue;
+#endif
+				} else 	i=select(width,(void *)&readfds,(void *)&writefds,
+					 NULL,NULL);
+			}
+#else
+			i=select(width,(void *)&readfds,(void *)&writefds,
+				 NULL,NULL);
+#endif
+			if ( i < 0)
+				{
+				BIO_printf(bio_err,"bad select %d\n",
 				get_last_socket_error());
-			goto shut;
-			/* goto end; */
+				goto shut;
+				/* goto end; */
+				}
 			}
 
-		if (FD_ISSET(SSL_get_fd(con),&writefds))
+		if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
 			{
 			k=SSL_write(con,&(cbuf[cbuf_off]),
 				(unsigned int)cbuf_len);
@@ -525,9 +758,16 @@ re_start:
 				goto shut;
 				}
 			}
-#ifndef WINDOWS
-		else if (FD_ISSET(fileno(stdout),&writefds))
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+		/* Assume Windows/DOS can always write */
+		else if (!ssl_pending && write_tty)
+#else
+		else if (!ssl_pending && FD_ISSET(fileno(stdout),&writefds))
+#endif
 			{
+#ifdef CHARSET_EBCDIC
+			ascii2ebcdic(&(sbuf[sbuf_off]),&(sbuf[sbuf_off]),sbuf_len);
+#endif
 			i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
 
 			if (i <= 0)
@@ -545,8 +785,7 @@ re_start:
 				write_tty=0;
 				}
 			}
-#endif
-		else if (FD_ISSET(SSL_get_fd(con),&readfds))
+		else if (ssl_pending || FD_ISSET(SSL_get_fd(con),&readfds))
 			{
 #ifdef RENEG
 { static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
@@ -600,81 +839,120 @@ printf("read=%d pending=%d peek=%d\n",k,SSL_pending(con),SSL_peek(con,zbuf,10240
 				}
 			}
 
-#ifndef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
+#ifdef OPENSSL_SYS_WINCE
+		else if (_kbhit())
+#else
+		else if ((_kbhit()) || (WAIT_OBJECT_0 == WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
+#endif
+#else
 		else if (FD_ISSET(fileno(stdin),&readfds))
+#endif
 			{
-			i=read(fileno(stdin),cbuf,BUFSIZZ);
+			if (crlf)
+				{
+				int j, lf_num;
+
+				i=read(fileno(stdin),cbuf,BUFSIZZ/2);
+				lf_num = 0;
+				/* both loops are skipped when i <= 0 */
+				for (j = 0; j < i; j++)
+					if (cbuf[j] == '\n')
+						lf_num++;
+				for (j = i-1; j >= 0; j--)
+					{
+					cbuf[j+lf_num] = cbuf[j];
+					if (cbuf[j] == '\n')
+						{
+						lf_num--;
+						i++;
+						cbuf[j+lf_num] = '\r';
+						}
+					}
+				assert(lf_num == 0);
+				}
+			else
+				i=read(fileno(stdin),cbuf,BUFSIZZ);
 
-			if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q')))
+			if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q')))
 				{
 				BIO_printf(bio_err,"DONE\n");
 				goto shut;
 				}
 
-			if ((!c_quiet) && (cbuf[0] == 'R'))
+			if ((!c_ign_eof) && (cbuf[0] == 'R'))
 				{
+				BIO_printf(bio_err,"RENEGOTIATING\n");
 				SSL_renegotiate(con);
-				read_tty=0;
-				write_ssl=1;
+				cbuf_len=0;
 				}
 			else
 				{
 				cbuf_len=i;
 				cbuf_off=0;
+#ifdef CHARSET_EBCDIC
+				ebcdic2ascii(cbuf, cbuf, i);
+#endif
 				}
 
-			read_tty=0;
 			write_ssl=1;
+			read_tty=0;
 			}
-#endif
 		}
 shut:
 	SSL_shutdown(con);
 	SHUTDOWN(SSL_get_fd(con));
 	ret=0;
 end:
+	if(prexit) print_stuff(bio_c_out,con,1);
 	if (con != NULL) SSL_free(con);
 	if (con2 != NULL) SSL_free(con2);
 	if (ctx != NULL) SSL_CTX_free(ctx);
-	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
-	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
+	if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
+	if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
+	if (mbuf != NULL) { OPENSSL_cleanse(mbuf,BUFSIZZ); OPENSSL_free(mbuf); }
 	if (bio_c_out != NULL)
 		{
 		BIO_free(bio_c_out);
 		bio_c_out=NULL;
 		}
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
 
-static void print_stuff(bio,s,full)
-BIO *bio;
-SSL *s;
-int full;
+static void print_stuff(BIO *bio, SSL *s, int full)
 	{
 	X509 *peer=NULL;
 	char *p;
 	static char *space="                ";
 	char buf[BUFSIZ];
-	STACK *sk;
+	STACK_OF(X509) *sk;
+	STACK_OF(X509_NAME) *sk2;
 	SSL_CIPHER *c;
 	X509_NAME *xn;
 	int j,i;
 
 	if (full)
 		{
+		int got_a_chain = 0;
+
 		sk=SSL_get_peer_cert_chain(s);
 		if (sk != NULL)
 			{
+			got_a_chain = 1; /* we don't have it for SSL2 (yet) */
+
 			BIO_printf(bio,"---\nCertificate chain\n");
-			for (i=0; i<sk_num(sk); i++)
+			for (i=0; i<sk_X509_num(sk); i++)
 				{
-				X509_NAME_oneline(X509_get_subject_name((X509 *)
-					sk_value(sk,i)),buf,BUFSIZ);
+				X509_NAME_oneline(X509_get_subject_name(
+					sk_X509_value(sk,i)),buf,sizeof buf);
 				BIO_printf(bio,"%2d s:%s\n",i,buf);
-				X509_NAME_oneline(X509_get_issuer_name((X509 *)
-					sk_value(sk,i)),buf,BUFSIZ);
+				X509_NAME_oneline(X509_get_issuer_name(
+					sk_X509_value(sk,i)),buf,sizeof buf);
 				BIO_printf(bio,"   i:%s\n",buf);
+				if (c_showcerts)
+					PEM_write_bio_X509(bio,sk_X509_value(sk,i));
 				}
 			}
 
@@ -683,24 +961,25 @@ int full;
 		if (peer != NULL)
 			{
 			BIO_printf(bio,"Server certificate\n");
-			PEM_write_bio_X509(bio,peer);
+			if (!(c_showcerts && got_a_chain)) /* Redundant if we showed the whole chain */
+				PEM_write_bio_X509(bio,peer);
 			X509_NAME_oneline(X509_get_subject_name(peer),
-				buf,BUFSIZ);
+				buf,sizeof buf);
 			BIO_printf(bio,"subject=%s\n",buf);
 			X509_NAME_oneline(X509_get_issuer_name(peer),
-				buf,BUFSIZ);
+				buf,sizeof buf);
 			BIO_printf(bio,"issuer=%s\n",buf);
 			}
 		else
 			BIO_printf(bio,"no peer certificate available\n");
 
-		sk=SSL_get_client_CA_list(s);
-		if ((sk != NULL) && (sk_num(sk) > 0))
+		sk2=SSL_get_client_CA_list(s);
+		if ((sk2 != NULL) && (sk_X509_NAME_num(sk2) > 0))
 			{
 			BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
-			for (i=0; i<sk_num(sk); i++)
+			for (i=0; i<sk_X509_NAME_num(sk2); i++)
 				{
-				xn=(X509_NAME *)sk_value(sk,i);
+				xn=sk_X509_NAME_value(sk2,i);
 				X509_NAME_oneline(xn,buf,sizeof(buf));
 				BIO_write(bio,buf,strlen(buf));
 				BIO_write(bio,"\n",1);
@@ -710,9 +989,14 @@ int full;
 			{
 			BIO_printf(bio,"---\nNo client certificate CA names sent\n");
 			}
-		p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
+		p=SSL_get_shared_ciphers(s,buf,sizeof buf);
 		if (p != NULL)
 			{
+			/* This works only for SSL 2.  In later protocol
+			 * versions, the client does not know what other
+			 * ciphers (in addition to the one to be used
+			 * in the current connection) the server supports. */
+
 			BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
 			j=i=0;
 			while (*p)
@@ -743,12 +1027,18 @@ int full;
 	BIO_printf(bio,"%s, Cipher is %s\n",
 		SSL_CIPHER_get_version(c),
 		SSL_CIPHER_get_name(c));
-	if (peer != NULL)
+	if (peer != NULL) {
+		EVP_PKEY *pktmp;
+		pktmp = X509_get_pubkey(peer);
 		BIO_printf(bio,"Server public key is %d bit\n",
-			EVP_PKEY_bits(X509_get_pubkey(peer)));
+							 EVP_PKEY_bits(pktmp));
+		EVP_PKEY_free(pktmp);
+	}
 	SSL_SESSION_print(bio,SSL_get_session(s));
 	BIO_printf(bio,"---\n");
 	if (peer != NULL)
 		X509_free(peer);
+	/* flush, or debugging output gets mixed with http response */
+	BIO_flush(bio);
 	}
 
diff --git a/apps/s_server.c b/apps/s_server.c
index c9651b84af..aa7ff66b70 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -55,59 +55,142 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
+#include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
-#ifdef NO_STDIO
+#include <openssl/e_os2.h>
+#ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #endif
-#include "lhash.h"
-#include "bn.h"
+
+/* With IPv6, it looks like Digital has mixed up the proper order of
+   recursive header file inclusion, resulting in the compiler complaining
+   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
+   is needed to have fileno() declared correctly...  So let's define u_int */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+#define __U_INT
+typedef unsigned int u_int;
+#endif
+
+#include <openssl/lhash.h>
+#include <openssl/bn.h>
 #define USE_SOCKETS
 #include "apps.h"
-#include "err.h"
-#include "pem.h"
-#include "x509.h"
-#include "ssl.h"
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/rand.h>
 #include "s_apps.h"
 
-#ifndef NOPROTO
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export);
-static int sv_body(char *hostname, int s);
-static int www_body(char *hostname, int s);
+#ifdef OPENSSL_SYS_WINDOWS
+#include <conio.h>
+#endif
+
+#ifdef OPENSSL_SYS_WINCE
+/* Windows CE incorrectly defines fileno as returning void*, so to avoid problems below... */
+#ifdef fileno
+#undef fileno
+#endif
+#define fileno(a) (int)_fileno(a)
+#endif
+
+#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+
+#ifndef OPENSSL_NO_RSA
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength);
+#endif
+static int sv_body(char *hostname, int s, unsigned char *context);
+static int www_body(char *hostname, int s, unsigned char *context);
 static void close_accept_socket(void );
 static void sv_usage(void);
 static int init_ssl_connection(SSL *s);
 static void print_stats(BIO *bp,SSL_CTX *ctx);
-#ifndef NO_DH
-static DH *load_dh_param(void );
+static int generate_session_id(const SSL *ssl, unsigned char *id,
+				unsigned int *id_len);
+#ifndef OPENSSL_NO_DH
+static DH *load_dh_param(char *dhfile);
 static DH *get_dh512(void);
 #endif
-/* static void s_server_init(void);*/
-#else
-static RSA MS_CALLBACK *tmp_rsa_cb();
-static int sv_body();
-static int www_body();
-static void close_accept_socket();
-static void sv_usage();
-static int init_ssl_connection();
-static void print_stats();
-#ifndef NO_DH
-static DH *load_dh_param();
-static DH *get_dh512();
-#endif
-/* static void s_server_init(); */
-#endif
 
+#ifdef MONOLITH
+static void s_server_init(void);
+#endif
 
 #ifndef S_ISDIR
-#define S_ISDIR(a)	(((a) & _S_IFMT) == _S_IFDIR)
+# if defined(_S_IFMT) && defined(_S_IFDIR)
+#  define S_ISDIR(a)	(((a) & _S_IFMT) == _S_IFDIR)
+# else
+#  define S_ISDIR(a)	(((a) & S_IFMT) == S_IFDIR)
+# endif
 #endif
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 static unsigned char dh512_p[]={
 	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
 	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
@@ -120,7 +203,7 @@ static unsigned char dh512_g[]={
 	0x02,
 	};
 
-static DH *get_dh512()
+static DH *get_dh512(void)
 	{
 	DH *dh=NULL;
 
@@ -133,39 +216,46 @@ static DH *get_dh512()
 	}
 #endif
 
+
 /* static int load_CA(SSL_CTX *ctx, char *file);*/
 
 #undef BUFSIZZ
 #define BUFSIZZ	16*1024
-static int bufsize=32;
+static int bufsize=BUFSIZZ;
 static int accept_socket= -1;
 
 #define TEST_CERT	"server.pem"
 #undef PROG
 #define PROG		s_server_main
 
-#define DH_PARAM	"server.pem"
-
 extern int verify_depth;
 
 static char *cipher=NULL;
 static int s_server_verify=SSL_VERIFY_NONE;
+static int s_server_session_id_context = 1; /* anything will do */
 static char *s_cert_file=TEST_CERT,*s_key_file=NULL;
 static char *s_dcert_file=NULL,*s_dkey_file=NULL;
 #ifdef FIONBIO
 static int s_nbio=0;
 #endif
 static int s_nbio_test=0;
+int s_crlf=0;
 static SSL_CTX *ctx=NULL;
 static int www=0;
 
 static BIO *bio_s_out=NULL;
 static int s_debug=0;
+static int s_msg=0;
 static int s_quiet=0;
 
-#if 0
-static void s_server_init()
+static int hack=0;
+static char *engine_id=NULL;
+static const char *session_id_prefix=NULL;
+
+#ifdef MONOLITH
+static void s_server_init(void)
 	{
+	accept_socket=-1;
 	cipher=NULL;
 	s_server_verify=SSL_VERIFY_NONE;
 	s_dcert_file=NULL;
@@ -181,31 +271,47 @@ static void s_server_init()
 
 	bio_s_out=NULL;
 	s_debug=0;
+	s_msg=0;
 	s_quiet=0;
+	hack=0;
+	engine_id=NULL;
 	}
 #endif
 
-static void sv_usage()
+static void sv_usage(void)
 	{
 	BIO_printf(bio_err,"usage: s_server [args ...]\n");
 	BIO_printf(bio_err,"\n");
-	BIO_printf(bio_err," -accept arg   - port to accept on (default is %d\n",PORT);
+	BIO_printf(bio_err," -accept arg   - port to accept on (default is %d)\n",PORT);
+	BIO_printf(bio_err," -context arg  - set session ID context\n");
 	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
 	BIO_printf(bio_err," -Verify arg   - turn on peer certificate verification, must have a cert.\n");
 	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
 	BIO_printf(bio_err,"                 (default is %s)\n",TEST_CERT);
-	BIO_printf(bio_err," -key arg      - RSA file to use, PEM format assumed, in cert file if\n");
+	BIO_printf(bio_err," -key arg      - Private Key file to use, PEM format assumed, in cert file if\n");
 	BIO_printf(bio_err,"                 not specified (default is %s)\n",TEST_CERT);
+	BIO_printf(bio_err," -dcert arg    - second certificate file to use (usually for DSA)\n");
+	BIO_printf(bio_err," -dkey arg     - second private key file to use (usually for DSA)\n");
+	BIO_printf(bio_err," -dhparam arg  - DH parameter file to use, in cert file if not specified\n");
+	BIO_printf(bio_err,"                 or a default set of parameters is used\n");
+#ifndef OPENSSL_NO_ECDH
+	BIO_printf(bio_err," -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n" \
+	                   "                 Use \"openssl ecparam -list_curves\" for all names\n" \
+	                   "                 (default is sect163r2).\n");
+#endif
 #ifdef FIONBIO
 	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
 #endif
 	BIO_printf(bio_err," -nbio_test    - test with the non-blocking test bio\n");
+	BIO_printf(bio_err," -crlf         - convert LF from terminal into CRLF\n");
 	BIO_printf(bio_err," -debug        - Print more output\n");
+	BIO_printf(bio_err," -msg          - Show protocol messages\n");
 	BIO_printf(bio_err," -state        - Print the SSL states\n");
 	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
 	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
 	BIO_printf(bio_err," -nocert       - Don't use any certificates (Anon-DH)\n");
-	BIO_printf(bio_err," -cipher arg   - play with 'ssleay ciphers' to see what goes here\n");
+	BIO_printf(bio_err," -cipher arg   - play with 'openssl ciphers' to see what goes here\n");
+	BIO_printf(bio_err," -serverpref   - Use server's cipher preferences\n");
 	BIO_printf(bio_err," -quiet        - No server output\n");
 	BIO_printf(bio_err," -no_tmp_rsa   - Do not generate a tmp RSA key\n");
 	BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");
@@ -214,36 +320,200 @@ static void sv_usage()
 	BIO_printf(bio_err," -no_ssl2      - Just disable SSLv2\n");
 	BIO_printf(bio_err," -no_ssl3      - Just disable SSLv3\n");
 	BIO_printf(bio_err," -no_tls1      - Just disable TLSv1\n");
-	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatability\n");
+#ifndef OPENSSL_NO_DH
+	BIO_printf(bio_err," -no_dhe       - Disable ephemeral DH\n");
+#endif
+#ifndef OPENSSL_NO_ECDH
+	BIO_printf(bio_err," -no_ecdhe     - Disable ephemeral ECDH\n");
+#endif
+	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
-	BIO_printf(bio_err," -WWW          - Returns requested page from to a 'GET <path> HTTP/1.0'\n");
+	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+	BIO_printf(bio_err," -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+        BIO_printf(bio_err,"                 with the assumption it contains a complete HTTP response.\n");
+	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
+	BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
+	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 	}
 
 static int local_argc=0;
 static char **local_argv;
-static int hack=0;
 
-int MAIN(argc, argv)
-int argc;
-char *argv[];
+#ifdef CHARSET_EBCDIC
+static int ebcdic_new(BIO *bi);
+static int ebcdic_free(BIO *a);
+static int ebcdic_read(BIO *b, char *out, int outl);
+static int ebcdic_write(BIO *b, const char *in, int inl);
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
+static int ebcdic_gets(BIO *bp, char *buf, int size);
+static int ebcdic_puts(BIO *bp, const char *str);
+
+#define BIO_TYPE_EBCDIC_FILTER	(18|0x0200)
+static BIO_METHOD methods_ebcdic=
 	{
+	BIO_TYPE_EBCDIC_FILTER,
+	"EBCDIC/ASCII filter",
+	ebcdic_write,
+	ebcdic_read,
+	ebcdic_puts,
+	ebcdic_gets,
+	ebcdic_ctrl,
+	ebcdic_new,
+	ebcdic_free,
+	};
+
+typedef struct
+{
+	size_t	alloced;
+	char	buff[1];
+} EBCDIC_OUTBUFF;
+
+BIO_METHOD *BIO_f_ebcdic_filter()
+{
+	return(&methods_ebcdic);
+}
+
+static int ebcdic_new(BIO *bi)
+{
+	EBCDIC_OUTBUFF *wbuf;
+
+	wbuf = (EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024);
+	wbuf->alloced = 1024;
+	wbuf->buff[0] = '\0';
+
+	bi->ptr=(char *)wbuf;
+	bi->init=1;
+	bi->flags=0;
+	return(1);
+}
+
+static int ebcdic_free(BIO *a)
+{
+	if (a == NULL) return(0);
+	if (a->ptr != NULL)
+		OPENSSL_free(a->ptr);
+	a->ptr=NULL;
+	a->init=0;
+	a->flags=0;
+	return(1);
+}
+	
+static int ebcdic_read(BIO *b, char *out, int outl)
+{
+	int ret=0;
+
+	if (out == NULL || outl == 0) return(0);
+	if (b->next_bio == NULL) return(0);
+
+	ret=BIO_read(b->next_bio,out,outl);
+	if (ret > 0)
+		ascii2ebcdic(out,out,ret);
+	return(ret);
+}
+
+static int ebcdic_write(BIO *b, const char *in, int inl)
+{
+	EBCDIC_OUTBUFF *wbuf;
+	int ret=0;
+	int num;
+	unsigned char n;
+
+	if ((in == NULL) || (inl <= 0)) return(0);
+	if (b->next_bio == NULL) return(0);
+
+	wbuf=(EBCDIC_OUTBUFF *)b->ptr;
+
+	if (inl > (num = wbuf->alloced))
+	{
+		num = num + num;  /* double the size */
+		if (num < inl)
+			num = inl;
+		OPENSSL_free(wbuf);
+		wbuf=(EBCDIC_OUTBUFF *)OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num);
+
+		wbuf->alloced = num;
+		wbuf->buff[0] = '\0';
+
+		b->ptr=(char *)wbuf;
+	}
+
+	ebcdic2ascii(wbuf->buff, in, inl);
+
+	ret=BIO_write(b->next_bio, wbuf->buff, inl);
+
+	return(ret);
+}
+
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+	long ret;
+
+	if (b->next_bio == NULL) return(0);
+	switch (cmd)
+	{
+	case BIO_CTRL_DUP:
+		ret=0L;
+		break;
+	default:
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	}
+	return(ret);
+}
+
+static int ebcdic_gets(BIO *bp, char *buf, int size)
+{
+	int i, ret=0;
+	if (bp->next_bio == NULL) return(0);
+/*	return(BIO_gets(bp->next_bio,buf,size));*/
+	for (i=0; i<size-1; ++i)
+	{
+		ret = ebcdic_read(bp,&buf[i],1);
+		if (ret <= 0)
+			break;
+		else if (buf[i] == '\n')
+		{
+			++i;
+			break;
+		}
+	}
+	if (i < size)
+		buf[i] = '\0';
+	return (ret < 0 && i == 0) ? ret : i;
+}
+
+static int ebcdic_puts(BIO *bp, const char *str)
+{
+	if (bp->next_bio == NULL) return(0);
+	return ebcdic_write(bp, str, strlen(str));
+}
+#endif
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char *argv[])
+	{
+	X509_STORE *store = NULL;
+	int vflags = 0;
 	short port=PORT;
 	char *CApath=NULL,*CAfile=NULL;
+	char *context = NULL;
+	char *dhfile = NULL;
+	char *named_curve = NULL;
 	int badop=0,bugs=0;
 	int ret=1;
 	int off=0;
-	int no_tmp_rsa=0,nocert=0;
+	int no_tmp_rsa=0,no_dhe=0,no_ecdhe=0,nocert=0;
 	int state=0;
 	SSL_METHOD *meth=NULL;
-#ifndef NO_DH
-	DH *dh=NULL;
-#endif
+	ENGINE *e=NULL;
+	char *inrand=NULL;
 
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 	meth=SSLv23_server_method();
-#elif !defined(NO_SSL3)
+#elif !defined(OPENSSL_NO_SSL3)
 	meth=SSLv3_server_method();
-#elif !defined(NO_SSL2)
+#elif !defined(OPENSSL_NO_SSL2)
 	meth=SSLv2_server_method();
 #endif
 
@@ -251,12 +521,16 @@ char *argv[];
 	local_argv=argv;
 
 	apps_startup();
-	s_quiet=0;
-	s_debug=0;
+#ifdef MONOLITH
+	s_server_init();
+#endif
 
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	verify_depth=0;
 #ifdef FIONBIO
 	s_nbio=0;
@@ -290,6 +564,11 @@ char *argv[];
 			verify_depth=atoi(*(++argv));
 			BIO_printf(bio_err,"verify depth is %d, must return a certificate\n",verify_depth);
 			}
+		else if	(strcmp(*argv,"-context") == 0)
+			{
+			if (--argc < 1) goto bad;
+			context= *(++argv);
+			}
 		else if	(strcmp(*argv,"-cert") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -300,6 +579,18 @@ char *argv[];
 			if (--argc < 1) goto bad;
 			s_key_file= *(++argv);
 			}
+		else if	(strcmp(*argv,"-dhparam") == 0)
+			{
+			if (--argc < 1) goto bad;
+			dhfile = *(++argv);
+			}
+#ifndef OPENSSL_NO_ECDH		
+		else if	(strcmp(*argv,"-named_curve") == 0)
+			{
+			if (--argc < 1) goto bad;
+			named_curve = *(++argv);
+			}
+#endif
 		else if	(strcmp(*argv,"-dcert") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -319,6 +610,16 @@ char *argv[];
 			if (--argc < 1) goto bad;
 			CApath= *(++argv);
 			}
+		else if (strcmp(*argv,"-crl_check") == 0)
+			{
+			vflags |= X509_V_FLAG_CRL_CHECK;
+			}
+		else if (strcmp(*argv,"-crl_check") == 0)
+			{
+			vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
+			}
+		else if	(strcmp(*argv,"-serverpref") == 0)
+			{ off|=SSL_OP_CIPHER_SERVER_PREFERENCE; }
 		else if	(strcmp(*argv,"-cipher") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -342,38 +643,63 @@ char *argv[];
 			}
 		else if	(strcmp(*argv,"-debug") == 0)
 			{ s_debug=1; }
+		else if	(strcmp(*argv,"-msg") == 0)
+			{ s_msg=1; }
 		else if	(strcmp(*argv,"-hack") == 0)
 			{ hack=1; }
 		else if	(strcmp(*argv,"-state") == 0)
 			{ state=1; }
+		else if	(strcmp(*argv,"-crlf") == 0)
+			{ s_crlf=1; }
 		else if	(strcmp(*argv,"-quiet") == 0)
 			{ s_quiet=1; }
 		else if	(strcmp(*argv,"-bugs") == 0)
 			{ bugs=1; }
 		else if	(strcmp(*argv,"-no_tmp_rsa") == 0)
 			{ no_tmp_rsa=1; }
+		else if	(strcmp(*argv,"-no_dhe") == 0)
+			{ no_dhe=1; }
+		else if	(strcmp(*argv,"-no_ecdhe") == 0)
+			{ no_ecdhe=1; }
 		else if	(strcmp(*argv,"-www") == 0)
 			{ www=1; }
 		else if	(strcmp(*argv,"-WWW") == 0)
 			{ www=2; }
+		else if	(strcmp(*argv,"-HTTP") == 0)
+			{ www=3; }
 		else if	(strcmp(*argv,"-no_ssl2") == 0)
 			{ off|=SSL_OP_NO_SSLv2; }
 		else if	(strcmp(*argv,"-no_ssl3") == 0)
 			{ off|=SSL_OP_NO_SSLv3; }
 		else if	(strcmp(*argv,"-no_tls1") == 0)
 			{ off|=SSL_OP_NO_TLSv1; }
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 		else if	(strcmp(*argv,"-ssl2") == 0)
 			{ meth=SSLv2_server_method(); }
 #endif
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
 		else if	(strcmp(*argv,"-ssl3") == 0)
 			{ meth=SSLv3_server_method(); }
 #endif
-#ifndef NO_TLS1
+#ifndef OPENSSL_NO_TLS1
 		else if	(strcmp(*argv,"-tls1") == 0)
 			{ meth=TLSv1_server_method(); }
 #endif
+		else if (strcmp(*argv, "-id_prefix") == 0)
+			{
+			if (--argc < 1) goto bad;
+			session_id_prefix = *(++argv);
+			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine_id= *(++argv);
+			}
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
+			inrand= *(++argv);
+			}
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -390,9 +716,23 @@ bad:
 		goto end;
 		}
 
+	SSL_load_error_strings();
+	OpenSSL_add_ssl_algorithms();
+
+        e = setup_engine(bio_err, engine_id, 1);
+
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+		&& !RAND_status())
+		{
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
+		}
+	if (inrand != NULL)
+		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+			app_RAND_load_files(inrand));
+
 	if (bio_s_out == NULL)
 		{
-		if (s_quiet && !s_debug)
+		if (s_quiet && !s_debug && !s_msg)
 			{
 			bio_s_out=BIO_new(BIO_s_null());
 			}
@@ -403,7 +743,7 @@ bad:
 			}
 		}
 
-#if !defined(NO_RSA) || !defined(NO_DSA)
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
 	if (nocert)
 #endif
 		{
@@ -413,21 +753,32 @@ bad:
 		s_dkey_file=NULL;
 		}
 
-	SSL_load_error_strings();
-	SSLeay_add_ssl_algorithms();
-
 	ctx=SSL_CTX_new(meth);
 	if (ctx == NULL)
 		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
-
+	if (session_id_prefix)
+		{
+		if(strlen(session_id_prefix) >= 32)
+			BIO_printf(bio_err,
+"warning: id_prefix is too long, only one new session will be possible\n");
+		else if(strlen(session_id_prefix) >= 16)
+			BIO_printf(bio_err,
+"warning: id_prefix is too long if you use SSLv2\n");
+		if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id))
+			{
+			BIO_printf(bio_err,"error setting 'id_prefix'\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		BIO_printf(bio_err,"id_prefix '%s' set.\n", session_id_prefix);
+		}
 	SSL_CTX_set_quiet_shutdown(ctx,1);
 	if (bugs) SSL_CTX_set_options(ctx,SSL_OP_ALL);
 	if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
 	SSL_CTX_set_options(ctx,off);
-	if (hack) SSL_CTX_set_options(ctx,SSL_OP_NON_EXPORT_FIRST);
 
 	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
 
@@ -452,23 +803,86 @@ bad:
 		ERR_print_errors(bio_err);
 		/* goto end; */
 		}
+	store = SSL_CTX_get_cert_store(ctx);
+	X509_STORE_set_flags(store, vflags);
 
-#ifndef NO_DH
-	/* EAY EAY EAY evil hack */
-	dh=load_dh_param();
-	if (dh != NULL)
+#ifndef OPENSSL_NO_DH
+	if (!no_dhe)
 		{
-		BIO_printf(bio_s_out,"Setting temp DH parameters\n");
+		DH *dh=NULL;
+
+		if (dhfile)
+			dh = load_dh_param(dhfile);
+		else if (s_cert_file)
+			dh = load_dh_param(s_cert_file);
+
+		if (dh != NULL)
+			{
+			BIO_printf(bio_s_out,"Setting temp DH parameters\n");
+			}
+		else
+			{
+			BIO_printf(bio_s_out,"Using default temp DH parameters\n");
+			dh=get_dh512();
+			}
+		(void)BIO_flush(bio_s_out);
+
+		SSL_CTX_set_tmp_dh(ctx,dh);
+		DH_free(dh);
 		}
-	else
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+	if (!no_ecdhe)
 		{
-		BIO_printf(bio_s_out,"Using default temp DH parameters\n");
-		dh=get_dh512();
-		}
-	BIO_flush(bio_s_out);
+		EC_KEY *ecdh=NULL;
+
+		ecdh = EC_KEY_new();
+		if (ecdh == NULL)
+			{
+			BIO_printf(bio_err,"Could not create ECDH struct.\n");
+			goto end;
+			}
+
+		if (named_curve)
+			{
+			int nid = OBJ_sn2nid(named_curve);
+
+			if (nid == 0)
+				{
+				BIO_printf(bio_err, "unknown curve name (%s)\n", 
+					named_curve);
+				goto end;
+				}
+
+			ecdh->group = EC_GROUP_new_by_nid(nid);
+			if (ecdh->group == NULL)
+				{
+				BIO_printf(bio_err, "unable to create curve (%s)\n", 
+					named_curve);
+				goto end;
+				}
+			}
+
+		if (ecdh->group != NULL)
+			{
+			BIO_printf(bio_s_out,"Setting temp ECDH parameters\n");
+			}
+		else
+			{
+			BIO_printf(bio_s_out,"Using default temp ECDH parameters\n");
+			ecdh->group=EC_GROUP_new_by_nid(NID_sect163r2);
+			if (ecdh->group == NULL) 
+				{
+				BIO_printf(bio_err, "unable to create curve (sect163r2)\n");
+				goto end;
+				}
+			}
+		(void)BIO_flush(bio_s_out);
 
-	SSL_CTX_set_tmp_dh(ctx,dh);
-	DH_free(dh);
+		SSL_CTX_set_tmp_ecdh(ctx,ecdh);
+		EC_KEY_free(ecdh);
+		}
 #endif
 	
 	if (!set_cert_stuff(ctx,s_cert_file,s_key_file))
@@ -479,8 +893,10 @@ bad:
 			goto end;
 		}
 
+#ifndef OPENSSL_NO_RSA
 #if 1
-	SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
+	if (!no_tmp_rsa)
+		SSL_CTX_set_tmp_rsa_callback(ctx,tmp_rsa_cb);
 #else
 	if (!no_tmp_rsa && SSL_CTX_need_tmp_RSA(ctx))
 		{
@@ -500,18 +916,26 @@ bad:
 		BIO_printf(bio_s_out,"\n");
 		}
 #endif
+#endif
 
 	if (cipher != NULL)
-		SSL_CTX_set_cipher_list(ctx,cipher);
+		if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
+		BIO_printf(bio_err,"error setting cipher list\n");
+		ERR_print_errors(bio_err);
+		goto end;
+	}
 	SSL_CTX_set_verify(ctx,s_server_verify,verify_callback);
+	SSL_CTX_set_session_id_context(ctx,(void*)&s_server_session_id_context,
+		sizeof s_server_session_id_context);
 
-	SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
+	if (CAfile != NULL)
+	    SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
 
 	BIO_printf(bio_s_out,"ACCEPT\n");
 	if (www)
-		do_server(port,&accept_socket,www_body);
+		do_server(port,&accept_socket,www_body, context);
 	else
-		do_server(port,&accept_socket,sv_body);
+		do_server(port,&accept_socket,sv_body, context);
 	print_stats(bio_s_out,ctx);
 	ret=0;
 end:
@@ -521,12 +945,11 @@ end:
 		BIO_free(bio_s_out);
 		bio_s_out=NULL;
 		}
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
-static void print_stats(bio,ssl_ctx)
-BIO *bio;
-SSL_CTX *ssl_ctx;
+static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
 	{
 	BIO_printf(bio,"%4ld items in the session cache\n",
 		SSL_CTX_sess_number(ssl_ctx));
@@ -551,9 +974,7 @@ SSL_CTX *ssl_ctx;
 		SSL_CTX_sess_get_cache_size(ssl_ctx));
 	}
 
-static int sv_body(hostname, s)
-char *hostname;
-int s;
+static int sv_body(char *hostname, int s, unsigned char *context)
 	{
 	char *buf=NULL;
 	fd_set readfds;
@@ -562,8 +983,11 @@ int s;
 	unsigned long l;
 	SSL *con=NULL;
 	BIO *sbio;
+#ifdef OPENSSL_SYS_WINDOWS
+	struct timeval tv;
+#endif
 
-	if ((buf=Malloc(bufsize)) == NULL)
+	if ((buf=OPENSSL_malloc(bufsize)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
 		goto err;
@@ -580,8 +1004,21 @@ int s;
 		}
 #endif
 
-	if (con == NULL)
-		con=(SSL *)SSL_new(ctx);
+	if (con == NULL) {
+		con=SSL_new(ctx);
+#ifndef OPENSSL_NO_KRB5
+		if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
+                        {
+                        kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE,
+								KRB5SVC);
+                        kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB,
+								KRB5KEYTAB);
+                        }
+#endif	/* OPENSSL_NO_KRB5 */
+		if(context)
+		      SSL_set_session_id_context(con, context,
+						 strlen((char *)context));
+	}
 	SSL_clear(con);
 
 	sbio=BIO_new_socket(s,BIO_NOCLOSE);
@@ -602,20 +1039,81 @@ int s;
 		BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
 		BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
 		}
+	if (s_msg)
+		{
+		SSL_set_msg_callback(con, msg_cb);
+		SSL_set_msg_callback_arg(con, bio_s_out);
+		}
 
 	width=s+1;
 	for (;;)
 		{
-		FD_ZERO(&readfds);
-#ifndef WINDOWS
-		FD_SET(fileno(stdin),&readfds);
+		int read_from_terminal;
+		int read_from_sslcon;
+
+		read_from_terminal = 0;
+		read_from_sslcon = SSL_pending(con);
+
+		if (!read_from_sslcon)
+			{
+			FD_ZERO(&readfds);
+#ifndef OPENSSL_SYS_WINDOWS
+			FD_SET(fileno(stdin),&readfds);
+#endif
+			FD_SET(s,&readfds);
+			/* Note: under VMS with SOCKETSHR the second parameter is
+			 * currently of type (int *) whereas under other systems
+			 * it is (void *) if you don't have a cast it will choke
+			 * the compiler: if you do have a cast then you can either
+			 * go for (int *) or (void *).
+			 */
+#ifdef OPENSSL_SYS_WINDOWS
+			/* Under Windows we can't select on stdin: only
+			 * on sockets. As a workaround we timeout the select every
+			 * second and check for any keypress. In a proper Windows
+			 * application we wouldn't do this because it is inefficient.
+			 */
+			tv.tv_sec = 1;
+			tv.tv_usec = 0;
+			i=select(width,(void *)&readfds,NULL,NULL,&tv);
+			if((i < 0) || (!i && !_kbhit() ) )continue;
+			if(_kbhit())
+				read_from_terminal = 1;
+#else
+			i=select(width,(void *)&readfds,NULL,NULL,NULL);
+			if (i <= 0) continue;
+			if (FD_ISSET(fileno(stdin),&readfds))
+				read_from_terminal = 1;
 #endif
-		FD_SET(s,&readfds);
-		i=select(width,&readfds,NULL,NULL,NULL);
-		if (i <= 0) continue;
-		if (FD_ISSET(fileno(stdin),&readfds))
+			if (FD_ISSET(s,&readfds))
+				read_from_sslcon = 1;
+			}
+		if (read_from_terminal)
 			{
-			i=read(fileno(stdin),buf,bufsize);
+			if (s_crlf)
+				{
+				int j, lf_num;
+
+				i=read(fileno(stdin), buf, bufsize/2);
+				lf_num = 0;
+				/* both loops are skipped when i <= 0 */
+				for (j = 0; j < i; j++)
+					if (buf[j] == '\n')
+						lf_num++;
+				for (j = i-1; j >= 0; j--)
+					{
+					buf[j+lf_num] = buf[j];
+					if (buf[j] == '\n')
+						{
+						lf_num--;
+						i++;
+						buf[j+lf_num] = '\r';
+						}
+					}
+				assert(lf_num == 0);
+				}
+			else
+				i=read(fileno(stdin),buf,bufsize);
 			if (!s_quiet)
 				{
 				if ((i <= 0) || (buf[0] == 'Q'))
@@ -645,7 +1143,7 @@ int s;
 					/* strcpy(buf,"server side RE-NEGOTIATE\n"); */
 					}
 				if ((buf[0] == 'R') &&
-					((buf[1] == '\0') || (buf[1] == '\r')))
+					((buf[1] == '\n') || (buf[1] == '\r')))
 					{
 					SSL_set_verify(con,
 						SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,NULL);
@@ -666,6 +1164,9 @@ int s;
 					print_stats(bio_s_out,SSL_get_SSL_CTX(con));
 					}
 				}
+#ifdef CHARSET_EBCDIC
+			ebcdic2ascii(buf,buf,i);
+#endif
 			l=k=0;
 			for (;;)
 				{
@@ -700,7 +1201,7 @@ int s;
 				if (i <= 0) break;
 				}
 			}
-		if (FD_ISSET(s,&readfds))
+		if (read_from_sslcon)
 			{
 			if (!SSL_is_init_finished(con))
 				{
@@ -724,6 +1225,9 @@ again:
 				switch (SSL_get_error(con,i))
 					{
 				case SSL_ERROR_NONE:
+#ifdef CHARSET_EBCDIC
+					ascii2ebcdic(buf,buf,i);
+#endif
 					write(fileno(stdout),buf,
 						(unsigned int)i);
 					if (SSL_pending(con)) goto again;
@@ -758,15 +1262,15 @@ err:
 	BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
 	if (buf != NULL)
 		{
-		memset(buf,0,bufsize);
-		Free(buf);
+		OPENSSL_cleanse(buf,bufsize);
+		OPENSSL_free(buf);
 		}
 	if (ret >= 0)
 		BIO_printf(bio_s_out,"ACCEPT\n");
 	return(ret);
 	}
 
-static void close_accept_socket()
+static void close_accept_socket(void)
 	{
 	BIO_printf(bio_err,"shutdown accept socket\n");
 	if (accept_socket >= 0)
@@ -775,11 +1279,10 @@ static void close_accept_socket()
 		}
 	}
 
-static int init_ssl_connection(con)
-SSL *con;
+static int init_ssl_connection(SSL *con)
 	{
 	int i;
-	char *str;
+	const char *str;
 	X509 *peer;
 	long verify_error;
 	MS_STATIC char buf[BUFSIZ];
@@ -811,14 +1314,14 @@ SSL *con;
 		{
 		BIO_printf(bio_s_out,"Client certificate\n");
 		PEM_write_bio_X509(bio_s_out,peer);
-		X509_NAME_oneline(X509_get_subject_name(peer),buf,BUFSIZ);
+		X509_NAME_oneline(X509_get_subject_name(peer),buf,sizeof buf);
 		BIO_printf(bio_s_out,"subject=%s\n",buf);
-		X509_NAME_oneline(X509_get_issuer_name(peer),buf,BUFSIZ);
+		X509_NAME_oneline(X509_get_issuer_name(peer),buf,sizeof buf);
 		BIO_printf(bio_s_out,"issuer=%s\n",buf);
 		X509_free(peer);
 		}
 
-	if (SSL_get_shared_ciphers(con,buf,BUFSIZ) != NULL)
+	if (SSL_get_shared_ciphers(con,buf,sizeof buf) != NULL)
 		BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
 	str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
 	BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
@@ -830,15 +1333,15 @@ SSL *con;
 	return(1);
 	}
 
-#ifndef NO_DH
-static DH *load_dh_param()
+#ifndef OPENSSL_NO_DH
+static DH *load_dh_param(char *dhfile)
 	{
 	DH *ret=NULL;
 	BIO *bio;
 
-	if ((bio=BIO_new_file(DH_PARAM,"r")) == NULL)
+	if ((bio=BIO_new_file(dhfile,"r")) == NULL)
 		goto err;
-	ret=PEM_read_bio_DHparams(bio,NULL,NULL);
+	ret=PEM_read_bio_DHparams(bio,NULL,NULL,NULL);
 err:
 	if (bio != NULL) BIO_free(bio);
 	return(ret);
@@ -846,9 +1349,7 @@ err:
 #endif
 
 #if 0
-static int load_CA(ctx,file)
-SSL_CTX *ctx;
-char *file;
+static int load_CA(SSL_CTX *ctx, char *file)
 	{
 	FILE *in;
 	X509 *x=NULL;
@@ -868,9 +1369,7 @@ char *file;
 	}
 #endif
 
-static int www_body(hostname, s)
-char *hostname;
-int s;
+static int www_body(char *hostname, int s, unsigned char *context)
 	{
 	char *buf=NULL;
 	int ret=1;
@@ -881,7 +1380,7 @@ int s;
 	BIO *io,*ssl_bio,*sbio;
 	long total_bytes;
 
-	buf=Malloc(bufsize);
+	buf=OPENSSL_malloc(bufsize);
 	if (buf == NULL) return(0);
 	io=BIO_new(BIO_f_buffer());
 	ssl_bio=BIO_new(BIO_f_ssl());
@@ -902,7 +1401,16 @@ int s;
 	/* lets make the output buffer a reasonable size */
 	if (!BIO_set_write_buffer_size(io,bufsize)) goto err;
 
-	if ((con=(SSL *)SSL_new(ctx)) == NULL) goto err;
+	if ((con=SSL_new(ctx)) == NULL) goto err;
+#ifndef OPENSSL_NO_KRB5
+	if ((con->kssl_ctx = kssl_ctx_new()) != NULL)
+		{
+		kssl_ctx_setstring(con->kssl_ctx, KSSL_SERVICE, KRB5SVC);
+		kssl_ctx_setstring(con->kssl_ctx, KSSL_KEYTAB, KRB5KEYTAB);
+		}
+#endif	/* OPENSSL_NO_KRB5 */
+	if(context) SSL_set_session_id_context(con, context,
+					       strlen((char *)context));
 
 	sbio=BIO_new_socket(s,BIO_NOCLOSE);
 	if (s_nbio_test)
@@ -918,6 +1426,9 @@ int s;
 	/* SSL_set_fd(con,s); */
 	BIO_set_ssl(ssl_bio,con,BIO_CLOSE);
 	BIO_push(io,ssl_bio);
+#ifdef CHARSET_EBCDIC
+	io = BIO_push(BIO_new(BIO_f_ebcdic_filter()),io);
+#endif
 
 	if (s_debug)
 		{
@@ -925,6 +1436,11 @@ int s;
 		BIO_set_callback(SSL_get_rbio(con),bio_dump_cb);
 		BIO_set_callback_arg(SSL_get_rbio(con),bio_s_out);
 		}
+	if (s_msg)
+		{
+		SSL_set_msg_callback(con, msg_cb);
+		SSL_set_msg_callback_arg(con, bio_s_out);
+		}
 
 	blank=0;
 	for (;;)
@@ -965,7 +1481,7 @@ int s;
 			else
 				{
 				BIO_printf(bio_s_out,"read R BLOCK\n");
-#ifndef MSDOS
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(__DJGPP__)
 				sleep(1);
 #endif
 				continue;
@@ -983,11 +1499,11 @@ int s;
 			{
 			char *p;
 			X509 *peer;
-			STACK *sk;
+			STACK_OF(SSL_CIPHER) *sk;
 			static char *space="                          ";
 
 			BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
-			BIO_puts(io,"<HTML><BODY BGCOLOR=ffffff>\n");
+			BIO_puts(io,"<HTML><BODY BGCOLOR=\"#ffffff\">\n");
 			BIO_puts(io,"<pre>\n");
 /*			BIO_puts(io,SSLeay_version(SSLEAY_VERSION));*/
 			BIO_puts(io,"\n");
@@ -1002,10 +1518,10 @@ int s;
 			 * be done */
 			BIO_printf(io,"Ciphers supported in s_server binary\n");
 			sk=SSL_get_ciphers(con);
-			j=sk_num(sk);
+			j=sk_SSL_CIPHER_num(sk);
 			for (i=0; i<j; i++)
 				{
-				c=(SSL_CIPHER *)sk_value(sk,i);
+				c=sk_SSL_CIPHER_value(sk,i);
 				BIO_printf(io,"%-11s:%-25s",
 					SSL_CIPHER_get_version(c),
 					SSL_CIPHER_get_name(c));
@@ -1059,7 +1575,8 @@ int s;
 			BIO_puts(io,"</BODY></HTML>\r\n\r\n");
 			break;
 			}
-		else if ((www == 2) && (strncmp("GET ",buf,4) == 0))
+		else if ((www == 2 || www == 3)
+                         && (strncmp("GET /",buf,5) == 0))
 			{
 			BIO *file;
 			char *p,*e;
@@ -1067,15 +1584,29 @@ int s;
 
 			/* skip the '/' */
 			p= &(buf[5]);
-			dot=0;
+
+			dot = 1;
 			for (e=p; *e != '\0'; e++)
 				{
-				if (e[0] == ' ') break;
-				if (	(e[0] == '.') &&
-					(strncmp(&(e[-1]),"/../",4) == 0))
-					dot=1;
+				if (e[0] == ' ')
+					break;
+
+				switch (dot)
+					{
+				case 1:
+					dot = (e[0] == '.') ? 2 : 0;
+					break;
+				case 2:
+					dot = (e[0] == '.') ? 3 : 0;
+					break;
+				case 3:
+					dot = (e[0] == '/') ? -1 : 0;
+					break;
+					}
+				if (dot == 0)
+					dot = (e[0] == '/') ? 1 : 0;
 				}
-			
+			dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
 
 			if (*e == '\0')
 				{
@@ -1099,9 +1630,11 @@ int s;
 				break;
 				}
 
+#if 0
 			/* append if a directory lookup */
 			if (e[-1] == '/')
 				strcat(p,"index.html");
+#endif
 
 			/* if a directory, do the index thang */
 			if (stat(p,&st_buf) < 0)
@@ -1113,7 +1646,13 @@ int s;
 				}
 			if (S_ISDIR(st_buf.st_mode))
 				{
+#if 0 /* must check buffer size */
 				strcat(p,"/index.html");
+#else
+				BIO_puts(io,text);
+				BIO_printf(io,"'%s' is a directory\r\n",p);
+				break;
+#endif
 				}
 
 			if ((file=BIO_new_file(p,"r")) == NULL)
@@ -1127,13 +1666,16 @@ int s;
 			if (!s_quiet)
 				BIO_printf(bio_err,"FILE:%s\n",p);
 
-			i=strlen(p);
-			if (	((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
-				((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
-				((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
-				BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
-			else
-				BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
+                        if (www == 2)
+                                {
+                                i=strlen(p);
+                                if (	((i > 5) && (strcmp(&(p[i-5]),".html") == 0)) ||
+                                        ((i > 4) && (strcmp(&(p[i-4]),".php") == 0)) ||
+                                        ((i > 4) && (strcmp(&(p[i-4]),".htm") == 0)))
+                                        BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+                                else
+                                        BIO_puts(io,"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
+                                }
 			/* send the file */
 			total_bytes=0;
 			for (;;)
@@ -1195,7 +1737,7 @@ end:
 	/* make sure we re-use sessions */
 	SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 #else
-	/* This kills performace */
+	/* This kills performance */
 /*	SSL_shutdown(con); A shutdown gets sent in the
  *	BIO_free_all(io) procession */
 #endif
@@ -1205,15 +1747,14 @@ err:
 	if (ret >= 0)
 		BIO_printf(bio_s_out,"ACCEPT\n");
 
-	if (buf != NULL) Free(buf);
+	if (buf != NULL) OPENSSL_free(buf);
 	if (io != NULL) BIO_free_all(io);
 /*	if (ssl_bio != NULL) BIO_free(ssl_bio);*/
 	return(ret);
 	}
 
-static RSA MS_CALLBACK *tmp_rsa_cb(s,export)
-SSL *s;
-int export;
+#ifndef OPENSSL_NO_RSA
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
 	{
 	static RSA *rsa_tmp=NULL;
 
@@ -1221,17 +1762,39 @@ int export;
 		{
 		if (!s_quiet)
 			{
-			BIO_printf(bio_err,"Generating temp (512 bit) RSA key...");
-			BIO_flush(bio_err);
+			BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
+			(void)BIO_flush(bio_err);
 			}
-#ifndef NO_RSA
-		rsa_tmp=RSA_generate_key(512,RSA_F4,NULL,NULL);
-#endif
+		rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
 		if (!s_quiet)
 			{
 			BIO_printf(bio_err,"\n");
-			BIO_flush(bio_err);
+			(void)BIO_flush(bio_err);
 			}
 		}
 	return(rsa_tmp);
 	}
+#endif
+
+#define MAX_SESSION_ID_ATTEMPTS 10
+static int generate_session_id(const SSL *ssl, unsigned char *id,
+				unsigned int *id_len)
+	{
+	unsigned int count = 0;
+	do	{
+		RAND_pseudo_bytes(id, *id_len);
+		/* Prefix the session_id with the required prefix. NB: If our
+		 * prefix is too long, clip it - but there will be worse effects
+		 * anyway, eg. the server could only possibly create 1 session
+		 * ID (ie. the prefix!) so all future session negotiations will
+		 * fail due to conflicts. */
+		memcpy(id, session_id_prefix,
+			(strlen(session_id_prefix) < *id_len) ?
+			strlen(session_id_prefix) : *id_len);
+		}
+	while(SSL_has_matching_session_id(ssl, id, *id_len) &&
+		(++count < MAX_SESSION_ID_ATTEMPTS));
+	if(count >= MAX_SESSION_ID_ATTEMPTS)
+		return 0;
+	return 1;
+	}
diff --git a/apps/s_socket.c b/apps/s_socket.c
index 4bc3fde925..9a696d5f93 100644
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@@ -1,4 +1,4 @@
-/* apps/s_socket.c */
+/* apps/s_socket.c -  socket-related functions used by s_client and s_server */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -61,43 +61,61 @@
 #include <string.h>
 #include <errno.h>
 #include <signal.h>
+
+/* With IPv6, it looks like Digital has mixed up the proper order of
+   recursive header file inclusion, resulting in the compiler complaining
+   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
+   is needed to have fileno() declared correctly...  So let's define u_int */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+#define __U_INT
+typedef unsigned int u_int;
+#endif
+
 #define USE_SOCKETS
 #define NON_MAIN
 #include "apps.h"
 #undef USE_SOCKETS
 #undef NON_MAIN
 #include "s_apps.h"
-#include "ssl.h"
+#include <openssl/ssl.h>
 
-#ifndef NOPROTO
-static struct hostent *GetHostByName(char *name);
-int sock_init(void );
+#ifdef FLAT_INC
+#include "e_os.h"
 #else
-static struct hostent *GetHostByName();
-int sock_init();
+#include "../e_os.h"
 #endif
 
-#ifdef WIN16
+#ifndef OPENSSL_NO_SOCK
+
+static struct hostent *GetHostByName(char *name);
+#ifdef OPENSSL_SYS_WINDOWS
+static void ssl_sock_cleanup(void);
+#endif
+static int ssl_sock_init(void);
+static int init_client_ip(int *sock,unsigned char ip[4], int port);
+static int init_server(int *sock, int port);
+static int init_server_long(int *sock, int port,char *ip);
+static int do_accept(int acc_sock, int *sock, char **host);
+static int host_ip(char *str, unsigned char ip[4]);
+
+#ifdef OPENSSL_SYS_WIN16
 #define SOCKET_PROTOCOL	0 /* more microsoft stupidity */
 #else
 #define SOCKET_PROTOCOL	IPPROTO_TCP
 #endif
 
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
 static struct WSAData wsa_state;
 static int wsa_init_done=0;
 
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
 static HWND topWnd=0;
 static FARPROC lpTopWndProc=NULL;
 static FARPROC lpTopHookProc=NULL;
 extern HINSTANCE _hInstance;  /* nice global CRT provides */
 
-static LONG FAR PASCAL topHookProc(hwnd,message,wParam,lParam)
-HWND hwnd;
-UINT message;
-WPARAM wParam;
-LPARAM lParam;
+static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam,
+	     LPARAM lParam)
 	{
 	if (hwnd == topWnd)
 		{
@@ -106,7 +124,7 @@ LPARAM lParam;
 		case WM_DESTROY:
 		case WM_CLOSE:
 			SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc);
-			sock_cleanup();
+			ssl_sock_cleanup();
 			break;
 			}
 		}
@@ -119,30 +137,38 @@ static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam)
 	return(FALSE);
 	}
 
-#endif /* WIN32 */
-#endif /* WINDOWS */
+#endif /* OPENSSL_SYS_WIN32 */
+#endif /* OPENSSL_SYS_WINDOWS */
 
-void sock_cleanup()
+#ifdef OPENSSL_SYS_WINDOWS
+static void ssl_sock_cleanup(void)
 	{
-#ifdef WINDOWS
 	if (wsa_init_done)
 		{
 		wsa_init_done=0;
+#ifndef OPENSSL_SYS_WINCE
 		WSACancelBlockingCall();
+#endif
 		WSACleanup();
 		}
-#endif
 	}
+#endif
 
-int sock_init()
+static int ssl_sock_init(void)
 	{
-#ifdef WINDOWS
+#ifdef WATT32
+	extern int _watt_do_exit;
+	_watt_do_exit = 0;
+	dbug_init();
+	if (sock_init())
+		return (0);
+#elif defined(OPENSSL_SYS_WINDOWS)
 	if (!wsa_init_done)
 		{
 		int err;
 	  
 #ifdef SIGINT
-		signal(SIGINT,(void (*)(int))sock_cleanup);
+		signal(SIGINT,(void (*)(int))ssl_sock_cleanup);
 #endif
 		wsa_init_done=1;
 		memset(&wsa_state,0,sizeof(wsa_state));
@@ -153,22 +179,19 @@ int sock_init()
 			return(0);
 			}
 
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
 		EnumTaskWindows(GetCurrentTask(),enumproc,0L);
 		lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC);
 		lpTopHookProc=MakeProcInstance((FARPROC)topHookProc,_hInstance);
 
 		SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc);
-#endif /* WIN16 */
+#endif /* OPENSSL_SYS_WIN16 */
 		}
-#endif /* WINDOWS */
+#endif /* OPENSSL_SYS_WINDOWS */
 	return(1);
 	}
 
-int init_client(sock, host, port)
-int *sock;
-char *host;
-int port;
+int init_client(int *sock, char *host, int port)
 	{
 	unsigned char ip[4];
 	short p=0;
@@ -181,16 +204,13 @@ int port;
 	return(init_client_ip(sock,ip,port));
 	}
 
-int init_client_ip(sock, ip, port)
-int *sock;
-unsigned char ip[4];
-int port;
+static int init_client_ip(int *sock, unsigned char ip[4], int port)
 	{
 	unsigned long addr;
 	struct sockaddr_in them;
 	int s,i;
 
-	if (!sock_init()) return(0);
+	if (!ssl_sock_init()) return(0);
 
 	memset((char *)&them,0,sizeof(them));
 	them.sin_family=AF_INET;
@@ -205,9 +225,11 @@ int port;
 	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
 
+#ifndef OPENSSL_SYS_MPE
 	i=0;
 	i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
 	if (i < 0) { perror("keepalive"); return(0); }
+#endif
 
 	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
 		{ close(s); perror("connect"); return(0); }
@@ -215,75 +237,7 @@ int port;
 	return(1);
 	}
 
-int nbio_sock_error(sock)
-int sock;
-	{
-	int j,i,size;
-
-	size=sizeof(int);
-	i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,&size);
-	if (i < 0)
-		return(1);
-	else
-		return(j);
-	}
-
-int nbio_init_client_ip(sock, ip, port)
-int *sock;
-unsigned char ip[4];
-int port;
-	{
-	unsigned long addr;
-	struct sockaddr_in them;
-	int s,i;
-
-	if (!sock_init()) return(0);
-
-	memset((char *)&them,0,sizeof(them));
-	them.sin_family=AF_INET;
-	them.sin_port=htons((unsigned short)port);
-	addr=	(unsigned long)
-		((unsigned long)ip[0]<<24L)|
-		((unsigned long)ip[1]<<16L)|
-		((unsigned long)ip[2]<< 8L)|
-		((unsigned long)ip[3]);
-	them.sin_addr.s_addr=htonl(addr);
-
-	if (*sock <= 0)
-		{
-		unsigned long l=1;
-
-		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-		if (s == INVALID_SOCKET) { perror("socket"); return(0); }
-
-		i=0;
-		i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
-		if (i < 0) { perror("keepalive"); return(0); }
-		*sock=s;
-
-#ifdef FIONBIO
-		BIO_socket_ioctl(s,FIONBIO,&l);
-#endif
-		}
-	else
-		s= *sock;
-
-	i=connect(s,(struct sockaddr *)&them,sizeof(them));
-	if (i == INVALID_SOCKET)
-		{
-		if (BIO_sock_should_retry(i))
-			return(-1);
-		else
-			return(0);
-		}
-	else
-		return(1);
-	}
-
-int do_server(port, ret, cb)
-int port;
-int *ret;
-int (*cb)();
+int do_server(int port, int *ret, int (*cb)(), char *context)
 	{
 	int sock;
 	char *name;
@@ -304,8 +258,8 @@ int (*cb)();
 			SHUTDOWN(accept_socket);
 			return(0);
 			}
-		i=(*cb)(name,sock);
-		if (name != NULL) Free(name);
+		i=(*cb)(name,sock, context);
+		if (name != NULL) OPENSSL_free(name);
 		SHUTDOWN2(sock);
 		if (i < 0)
 			{
@@ -315,16 +269,13 @@ int (*cb)();
 		}
 	}
 
-int init_server_long(sock, port, ip)
-int *sock;
-int port;
-char *ip;
+static int init_server_long(int *sock, int port, char *ip)
 	{
 	int ret=0;
 	struct sockaddr_in server;
 	int s= -1,i;
 
-	if (!sock_init()) return(0);
+	if (!ssl_sock_init()) return(0);
 
 	memset((char *)&server,0,sizeof(server));
 	server.sin_family=AF_INET;
@@ -332,13 +283,25 @@ char *ip;
 	if (ip == NULL)
 		server.sin_addr.s_addr=INADDR_ANY;
 	else
+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
+#ifndef BIT_FIELD_LIMITS
 		memcpy(&server.sin_addr.s_addr,ip,4);
+#else
+		memcpy(&server.sin_addr,ip,4);
+#endif
 	s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
 
 	if (s == INVALID_SOCKET) goto err;
+#if defined SOL_SOCKET && defined SO_REUSEADDR
+		{
+		int j = 1;
+		setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
+			   (void *) &j, sizeof j);
+		}
+#endif
 	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
 		{
-#ifndef WINDOWS
+#ifndef OPENSSL_SYS_WINDOWS
 		perror("bind");
 #endif
 		goto err;
@@ -356,17 +319,12 @@ err:
 	return(ret);
 	}
 
-int init_server(sock,port)
-int *sock;
-int port;
+static int init_server(int *sock, int port)
 	{
 	return(init_server_long(sock, port, NULL));
 	}
 
-int do_accept(acc_sock, sock, host)
-int acc_sock;
-int *sock;
-char **host;
+static int do_accept(int acc_sock, int *sock, char **host)
 	{
 	int ret,i;
 	struct hostent *h1,*h2;
@@ -374,18 +332,23 @@ char **host;
 	int len;
 /*	struct linger ling; */
 
-	if (!sock_init()) return(0);
+	if (!ssl_sock_init()) return(0);
 
-#ifndef WINDOWS
+#ifndef OPENSSL_SYS_WINDOWS
 redoit:
 #endif
 
 	memset((char *)&from,0,sizeof(from));
 	len=sizeof(from);
-	ret=accept(acc_sock,(struct sockaddr *)&from,&len);
+	/* Note: under VMS with SOCKETSHR the fourth parameter is currently
+	 * of type (int *) whereas under other systems it is (void *) if
+	 * you don't have a cast it will choke the compiler: if you do
+	 * have a cast then you can either go for (int *) or (void *).
+	 */
+	ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
 	if (ret == INVALID_SOCKET)
 		{
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
 		i=WSAGetLastError();
 		BIO_printf(bio_err,"accept error %d\n",i);
 #else
@@ -427,9 +390,9 @@ redoit:
 		}
 	else
 		{
-		if ((*host=(char *)Malloc(strlen(h1->h_name)+1)) == NULL)
+		if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
 			{
-			perror("Malloc");
+			perror("OPENSSL_malloc");
 			return(0);
 			}
 		strcpy(*host,h1->h_name);
@@ -452,11 +415,8 @@ end:
 	return(1);
 	}
 
-int extract_host_port(str,host_ptr,ip,port_ptr)
-char *str;
-char **host_ptr;
-unsigned char *ip;
-short *port_ptr;
+int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
+	     short *port_ptr)
 	{
 	char *h,*p;
 
@@ -480,14 +440,12 @@ err:
 	return(0);
 	}
 
-int host_ip(str,ip)
-char *str;
-unsigned char ip[4];
+static int host_ip(char *str, unsigned char ip[4])
 	{
 	unsigned int in[4]; 
 	int i;
 
-	if (sscanf(str,"%d.%d.%d.%d",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
+	if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
 		{
 		for (i=0; i<4; i++)
 			if (in[i] > 255)
@@ -504,7 +462,7 @@ unsigned char ip[4];
 		{ /* do a gethostbyname */
 		struct hostent *he;
 
-		if (!sock_init()) return(0);
+		if (!ssl_sock_init()) return(0);
 
 		he=GetHostByName(str);
 		if (he == NULL)
@@ -528,9 +486,7 @@ err:
 	return(0);
 	}
 
-int extract_port(str,port_ptr)
-char *str;
-short *port_ptr;
+int extract_port(char *str, short *port_ptr)
 	{
 	int i;
 	struct servent *s;
@@ -562,8 +518,7 @@ static struct ghbn_cache_st
 static unsigned long ghbn_hits=0L;
 static unsigned long ghbn_miss=0L;
 
-static struct hostent *GetHostByName(name)
-char *name;
+static struct hostent *GetHostByName(char *name)
 	{
 	struct hostent *ret;
 	int i,lowi=0;
@@ -588,9 +543,12 @@ char *name;
 		ret=gethostbyname(name);
 		if (ret == NULL) return(NULL);
 		/* else add to cache */
-		strncpy(ghbn_cache[lowi].name,name,128);
-		memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
-		ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
+		if(strlen(name) < sizeof ghbn_cache[0].name)
+			{
+			strcpy(ghbn_cache[lowi].name,name);
+			memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
+			ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
+			}
 		return(ret);
 		}
 	else
@@ -602,68 +560,4 @@ char *name;
 		}
 	}
 
-#ifndef MSDOS
-int spawn(argc, argv, in, out)
-int argc;
-char **argv;
-int *in;
-int *out;
-	{
-	int pid;
-#define CHILD_READ	p1[0]
-#define CHILD_WRITE	p2[1]
-#define PARENT_READ	p2[0]
-#define PARENT_WRITE	p1[1]
-	int p1[2],p2[2];
-
-	if ((pipe(p1) < 0) || (pipe(p2) < 0)) return(-1);
-
-	if ((pid=fork()) == 0)
-		{ /* child */
-		if (dup2(CHILD_WRITE,fileno(stdout)) < 0)
-			perror("dup2");
-		if (dup2(CHILD_WRITE,fileno(stderr)) < 0)
-			perror("dup2");
-		if (dup2(CHILD_READ,fileno(stdin)) < 0)
-			perror("dup2");
-		close(CHILD_READ); 
-		close(CHILD_WRITE);
-
-		close(PARENT_READ);
-		close(PARENT_WRITE);
-		execvp(argv[0],argv);
-		perror("child");
-		exit(1);
-		}
-
-	/* parent */
-	*in= PARENT_READ;
-	*out=PARENT_WRITE;
-	close(CHILD_READ);
-	close(CHILD_WRITE);
-	return(pid);
-	}
-#endif /* MSDOS */
-
-
-#ifdef undef
-	/* Turn on synchronous sockets so that we can do a WaitForMultipleObjects
-	 * on sockets */
-	{
-	SOCKET s;
-	int optionValue = SO_SYNCHRONOUS_NONALERT;
-	int err;
-
-	err = setsockopt( 
-	    INVALID_SOCKET, 
-	    SOL_SOCKET, 
-	    SO_OPENTYPE, 
-	    (char *)&optionValue, 
-	    sizeof(optionValue));
-	if (err != NO_ERROR) {
-	/* failed for some reason... */
-		BIO_printf(bio_err, "failed to setsockopt(SO_OPENTYPE, SO_SYNCHRONOUS_ALERT) - %d\n",
-			WSAGetLastError());
-		}
-	}
 #endif
diff --git a/apps/s_time.c b/apps/s_time.c
index 02f54f9d84..1ad16cd607 100644
--- a/apps/s_time.c
+++ b/apps/s_time.c
@@ -59,7 +59,7 @@
 #define NO_SHUTDOWN
 
 /*-----------------------------------------
-   cntime - SSL client connection timer program
+   s_time - SSL client connection timer program
    Written and donated by Larry Streepy <streepy@healthcare.com>
   -----------------------------------------*/
 
@@ -67,26 +67,28 @@
 #include <stdlib.h>
 #include <string.h>
 
-#ifdef NO_STDIO
-#define APPS_WIN16
-#endif
-#include "x509.h"
-#include "ssl.h"
-#include "pem.h"
 #define USE_SOCKETS
 #include "apps.h"
+#ifdef OPENSSL_NO_STDIO
+#define APPS_WIN16
+#endif
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/pem.h>
 #include "s_apps.h"
-#include "err.h"
+#include <openssl/err.h>
 #ifdef WIN32_STUFF
 #include "winmain.h"
 #include "wintext.h"
 #endif
+#if !defined(OPENSSL_SYS_MSDOS)
+#include OPENSSL_UNISTD
+#endif
 
-#ifndef MSDOS
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
 #define TIMES
 #endif
 
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -94,21 +96,17 @@
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
-#endif
-#ifndef TIMES
-#include <sys/timeb.h>
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
 #endif
 
-#ifdef _AIX
-#include <sys/select.h>
+#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS)
+#include <sys/timeb.h>
 #endif
 
 #if defined(sun) || defined(__ultrix)
@@ -120,20 +118,25 @@ struct tms {
 /* The following if from times(3) man page.  It may need to be changed
 */
 #ifndef HZ
-#ifndef CLK_TCK
-#ifndef VMS
-#define HZ      100.0
-#else /* VMS */
-#define HZ      100.0
-#endif
-#else /* CLK_TCK */
-#define HZ ((double)CLK_TCK)
-#endif
+# ifdef _SC_CLK_TCK
+#  define HZ ((double)sysconf(_SC_CLK_TCK))
+# else
+#  ifndef CLK_TCK
+#   ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
+#    define HZ	100.0
+#   else /* _BSD_CLK_TCK_ */
+#    define HZ ((double)_BSD_CLK_TCK_)
+#   endif
+#  else /* CLK_TCK */
+#   define HZ ((double)CLK_TCK)
+#  endif
+# endif
 #endif
 
 #undef PROG
 #define PROG s_time_main
 
+#undef ioctl
 #define ioctl ioctlsocket
 
 #define SSL_CONNECT_NAME	"localhost:4433"
@@ -143,6 +146,10 @@ struct tms {
 #undef BUFSIZZ
 #define BUFSIZZ 1024*10
 
+#define MYBUFSIZ 1024*8
+
+#undef min
+#undef max
 #define min(a,b) (((a) < (b)) ? (a) : (b))
 #define max(a,b) (((a) > (b)) ? (a) : (b))
 
@@ -151,18 +158,10 @@ struct tms {
 extern int verify_depth;
 extern int verify_error;
 
-#ifndef NOPROTO
 static void s_time_usage(void);
 static int parseArgs( int argc, char **argv );
 static SSL *doConnection( SSL *scon );
 static void s_time_init(void);
-#else
-static void s_time_usage();
-static int parseArgs();
-static SSL *doConnection();
-static void s_time_init();
-#endif
-
 
 /***********************************************************************
  * Static data declarations
@@ -186,11 +185,11 @@ static int perform=0;
 #ifdef FIONBIO
 static int t_nbio=0;
 #endif
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 static int exitNow = 0;		/* Set when it's time to exit main */
 #endif
 
-static void s_time_init()
+static void s_time_init(void)
 	{
 	host=SSL_CONNECT_NAME;
 	t_cert_file=NULL;
@@ -210,7 +209,7 @@ static void s_time_init()
 #ifdef FIONBIO
 	t_nbio=0;
 #endif
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 	exitNow = 0;		/* Set when it's time to exit main */
 #endif
 	}
@@ -218,26 +217,26 @@ static void s_time_init()
 /***********************************************************************
  * usage - display usage message
  */
-static void s_time_usage()
+static void s_time_usage(void)
 {
 	static char umsg[] = "\
 -time arg     - max number of seconds to collect data, default %d\n\
 -verify arg   - turn on peer certificate verification, arg == depth\n\
 -cert arg     - certificate file to use, PEM format assumed\n\
--key arg      - RSA file to use, PEM format assumed, in cert file if\n\
-                not specified but cert fill is.\n\
+-key arg      - RSA file to use, PEM format assumed, key is in cert file\n\
+                file if not specified by this option\n\
 -CApath arg   - PEM format directory of CA's\n\
 -CAfile arg   - PEM format file of CA's\n\
--cipher       - prefered cipher to use, play with 'ssleay ciphers'\n\n";
+-cipher       - preferred cipher to use, play with 'openssl ciphers'\n\n";
 
-	printf( "usage: client <args>\n\n" );
+	printf( "usage: s_time <args>\n\n" );
 
 	printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME);
 #ifdef FIONBIO
 	printf("-nbio         - Run with non-blocking IO\n");
 	printf("-ssl2         - Just use SSLv2\n");
 	printf("-ssl3         - Just use SSLv3\n");
-	printf("-bugs         - Turn on SSL bug compatability\n");
+	printf("-bugs         - Turn on SSL bug compatibility\n");
 	printf("-new          - Just time new connections\n");
 	printf("-reuse        - Just time connection reuse\n");
 	printf("-www page     - Retrieve 'page' from the site\n");
@@ -250,23 +249,12 @@ static void s_time_usage()
  *
  * Returns 0 if ok, -1 on bad args
  */
-static int parseArgs(argc,argv)
-int argc;
-char **argv;
+static int parseArgs(int argc, char **argv)
 {
     int badop = 0;
 
     verify_depth=0;
     verify_error=X509_V_OK;
-#ifdef FIONBIO
-    t_nbio=0;
-#endif
-
-	apps_startup();
-	s_time_init();
-
-	if (bio_err == NULL)
-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
     argc--;
     argv++;
@@ -334,14 +322,19 @@ char **argv;
 		{
 		if (--argc < 1) goto bad;
 		s_www_path= *(++argv);
+		if(strlen(s_www_path) > MYBUFSIZ-100)
+			{
+			BIO_printf(bio_err,"-www option too long\n");
+			badop=1;
+			}
 		}
 	else if(strcmp(*argv,"-bugs") == 0)
 	    st_bugs=1;
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 	else if(strcmp(*argv,"-ssl2") == 0)
 	    s_time_meth=SSLv2_client_method();
 #endif
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
 	else if(strcmp(*argv,"-ssl3") == 0)
 	    s_time_meth=SSLv3_client_method();
 #endif
@@ -377,8 +370,7 @@ bad:
 #define START	0
 #define STOP	1
 
-static double tm_Time_F(s)
-int s;
+static double tm_Time_F(int s)
 	{
 	static double ret;
 #ifdef TIMES
@@ -392,6 +384,22 @@ int s;
 		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
 		return((ret == 0.0)?1e-6:ret);
 	}
+#elif defined(OPENSSL_SYS_VXWORKS)
+        {
+	static unsigned long tick_start, tick_end;
+
+	if( s == START )
+		{
+		tick_start = tickGet();
+		return 0;
+		}
+	else
+		{
+		tick_end = tickGet();
+		ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
+		return((ret == 0.0)?1e-6:ret);
+		}
+        }
 #else /* !times() */
 	static struct timeb tstart,tend;
 	long i;
@@ -412,10 +420,9 @@ int s;
  * MAIN - main processing area for client
  *			real name depends on MONOLITH
  */
-int
-MAIN(argc,argv)
-int argc;
-char **argv;
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
 	{
 	double totalTime = 0.0;
 	int nConn = 0;
@@ -425,11 +432,17 @@ char **argv;
 	MS_STATIC char buf[1024*8];
 	int ver;
 
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
+	apps_startup();
+	s_time_init();
+
+	if (bio_err == NULL)
+		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 	s_time_meth=SSLv23_client_method();
-#elif !defined(NO_SSL3)
+#elif !defined(OPENSSL_NO_SSL3)
 	s_time_meth=SSLv3_client_method();
-#elif !defined(NO_SSL2)
+#elif !defined(OPENSSL_NO_SSL2)
 	s_time_meth=SSLv2_client_method();
 #endif
 
@@ -437,7 +450,7 @@ char **argv;
 	if( parseArgs( argc, argv ) < 0 )
 		goto end;
 
-	SSLeay_add_ssl_algorithms();
+	OpenSSL_add_ssl_algorithms();
 	if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1);
 
 	SSL_CTX_set_quiet_shutdown(tm_ctx,1);
@@ -452,7 +465,7 @@ char **argv;
 	if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
 		(!SSL_CTX_set_default_verify_paths(tm_ctx)))
 		{
-		/* BIO_printf(bio_err,"error seting default verify locations\n"); */
+		/* BIO_printf(bio_err,"error setting default verify locations\n"); */
 		ERR_print_errors(bio_err);
 		/* goto end; */
 		}
@@ -462,7 +475,6 @@ char **argv;
 
 	if (tm_cipher == NULL ) {
 		fprintf( stderr, "No CIPHER specified\n" );
-/*		EXIT(1); */
 	}
 
 	if (!(perform & 1)) goto next;
@@ -475,7 +487,7 @@ char **argv;
 	tm_Time_F(START);
 	for (;;)
 		{
-		if (finishtime < time(NULL)) break;
+		if (finishtime < (long)time(NULL)) break;
 #ifdef WIN32_STUFF
 
 		if( flushWinMsgs(0) == -1 )
@@ -526,9 +538,9 @@ char **argv;
 		}
 	totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
 
-	i=(int)(time(NULL)-finishtime+maxTime);
+	i=(int)((long)time(NULL)-finishtime+maxTime);
 	printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
-	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn);
+	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
 
 	/* Now loop and time connections using the same session id over and over */
 
@@ -560,7 +572,7 @@ next:
 	nConn = 0;
 	totalTime = 0.0;
 
-	finishtime=time(NULL)+maxTime;
+	finishtime=(long)time(NULL)+maxTime;
 
 	printf( "starting\n" );
 	bytes_read=0;
@@ -568,7 +580,7 @@ next:
 		
 	for (;;)
 		{
-		if (finishtime < time(NULL)) break;
+		if (finishtime < (long)time(NULL)) break;
 
 #ifdef WIN32_STUFF
 		if( flushWinMsgs(0) == -1 )
@@ -618,7 +630,7 @@ next:
 
 
 	printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
-	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,time(NULL)-finishtime+maxTime,bytes_read/nConn);
+	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);
 
 	ret=0;
 end:
@@ -629,7 +641,8 @@ end:
 		SSL_CTX_free(tm_ctx);
 		tm_ctx=NULL;
 		}
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
 /***********************************************************************
@@ -639,9 +652,7 @@ end:
  * Returns:
  *		SSL *	= the connection pointer.
  */
-static SSL *
-doConnection(scon)
-SSL *scon;
+static SSL *doConnection(SSL *scon)
 	{
 	BIO *conn;
 	SSL *serverCon;
@@ -655,7 +666,7 @@ SSL *scon;
 	BIO_set_conn_hostname(conn,host);
 
 	if (scon == NULL)
-		serverCon=(SSL *)SSL_new(tm_ctx);
+		serverCon=SSL_new(tm_ctx);
 	else
 		{
 		serverCon=scon;
@@ -680,7 +691,13 @@ SSL *scon;
 			width=i+1;
 			FD_ZERO(&readfds);
 			FD_SET(i,&readfds);
-			select(width,&readfds,NULL,NULL,NULL);
+			/* Note: under VMS with SOCKETSHR the 2nd parameter
+			 * is currently of type (int *) whereas under other
+			 * systems it is (void *) if you don't have a cast it
+			 * will choke the compiler: if you do have a cast then
+			 * you can either go for (int *) or (void *).
+			 */
+			select(width,(void *)&readfds,NULL,NULL,NULL);
 			continue;
 			}
 		break;
diff --git a/apps/sc.c b/apps/sc.c
deleted file mode 100644
index 0c00c37fc6..0000000000
--- a/apps/sc.c
+++ /dev/null
@@ -1,780 +0,0 @@
-/* apps/s_client.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#define USE_SOCKETS
-#ifdef NO_STDIO
-#define APPS_WIN16
-#endif
-#include "apps.h"
-#include "x509.h"
-#include "ssl.h"
-#include "err.h"
-#include "pem.h"
-#include "s_apps.h"
-
-#ifdef WINDOWS
-/* Most of the #if(n)def WINDOWS put in by Gerrit van Niekerk 
-   <gerritvn@osi.co.za> to support the keyboard under Windows.
-   Tested using Win95, *should* work with NT and Win3.x
-*/
-#include <conio.h>
-#endif
-
-#undef PROG
-#define PROG	s_client_main
-
-/*#define SSL_HOST_NAME	"www.netscape.com" */
-/*#define SSL_HOST_NAME	"193.118.187.102" */
-#define SSL_HOST_NAME	"localhost"
-
-/*#define TEST_CERT "client.pem" */ /* no default cert. */
-
-#undef BUFSIZZ
-#define BUFSIZZ 1024*8
-
-extern int verify_depth;
-extern int verify_error;
-
-#ifdef FIONBIO
-static int c_nbio=0;
-#endif
-static int c_Pause=0;
-static int c_debug=0;
-
-#ifndef NOPROTO
-static void sc_usage(void);
-static void print_stuff(BIO *berr,SSL *con,int full);
-#else
-static void sc_usage();
-static void print_stuff();
-#endif
-
-static BIO *bio_c_out=NULL;
-static int c_quiet=0;
-
-static void sc_usage()
-	{
-	BIO_printf(bio_err,"usage: client args\n");
-	BIO_printf(bio_err,"\n");
-	BIO_printf(bio_err," -host host     - use -connect instead\n");
-	BIO_printf(bio_err," -port port     - use -connect instead\n");
-	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
-
-	BIO_printf(bio_err," -verify arg   - turn on peer certificate verification\n");
-	BIO_printf(bio_err," -cert arg     - certificate file to use, PEM format assumed\n");
-	BIO_printf(bio_err," -key arg      - Private key file to use, PEM format assumed, in cert file if\n");
-	BIO_printf(bio_err,"                 not specified but cert file is.\n");
-	BIO_printf(bio_err," -CApath arg   - PEM format directory of CA's\n");
-	BIO_printf(bio_err," -CAfile arg   - PEM format file of CA's\n");
-	BIO_printf(bio_err," -reconnect    - Drop and re-make the connection with the same Session-ID\n");
-	BIO_printf(bio_err," -pause        - sleep(1) after each read(2) and write(2) system call\n");
-	BIO_printf(bio_err," -debug        - extra output\n");
-	BIO_printf(bio_err," -nbio_test    - more ssl protocol testing\n");
-	BIO_printf(bio_err," -state        - print the 'ssl' states\n");
-#ifdef FIONBIO
-	BIO_printf(bio_err," -nbio         - Run with non-blocking IO\n");
-#endif
-	BIO_printf(bio_err," -quiet        - no s_client output\n");
-	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
-	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
-	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
-	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
-	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
-	BIO_printf(bio_err," -cipher       - prefered cipher to use, use the 'ssleay ciphers'\n");
-	BIO_printf(bio_err,"                 command to see what is available\n");
-
-	}
-
-int MAIN(argc, argv)
-int argc;
-char **argv;
-	{
-	int off=0;
-	SSL *con=NULL,*con2=NULL;
-	int s,k,width,state=0;
-	char *cbuf=NULL,*sbuf=NULL;
-	int cbuf_len,cbuf_off;
-	int sbuf_len,sbuf_off;
-	fd_set readfds,writefds;
-	short port=PORT;
-	int full_log=1;
-	char *host=SSL_HOST_NAME;
-	char *cert_file=NULL,*key_file=NULL;
-	char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
-	int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
-	int write_tty,read_tty,write_ssl,read_ssl,tty_on;
-	SSL_CTX *ctx=NULL;
-	int ret=1,in_init=1,i,nbio_test=0;
-	SSL_METHOD *meth=NULL;
-	BIO *sbio;
-	/*static struct timeval timeout={10,0};*/
-
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
-	meth=SSLv23_client_method();
-#elif !defined(NO_SSL3)
-	meth=SSLv3_client_method();
-#elif !defined(NO_SSL2)
-	meth=SSLv2_client_method();
-#endif
-
-	apps_startup();
-	c_Pause=0;
-	c_quiet=0;
-	c_debug=0;
-
-	if (bio_err == NULL)
-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-
-	if (	((cbuf=Malloc(BUFSIZZ)) == NULL) ||
-		((sbuf=Malloc(BUFSIZZ)) == NULL))
-		{
-		BIO_printf(bio_err,"out of memory\n");
-		goto end;
-		}
-
-	verify_depth=0;
-	verify_error=X509_V_OK;
-#ifdef FIONBIO
-	c_nbio=0;
-#endif
-#ifdef WINDOWS
-	c_nbio = 1;
-#endif
-
-	argc--;
-	argv++;
-	while (argc >= 1)
-		{
-		if	(strcmp(*argv,"-host") == 0)
-			{
-			if (--argc < 1) goto bad;
-			host= *(++argv);
-			}
-		else if	(strcmp(*argv,"-port") == 0)
-			{
-			if (--argc < 1) goto bad;
-			port=atoi(*(++argv));
-			if (port == 0) goto bad;
-			}
-		else if (strcmp(*argv,"-connect") == 0)
-			{
-			if (--argc < 1) goto bad;
-			if (!extract_host_port(*(++argv),&host,NULL,&port))
-				goto bad;
-			}
-		else if	(strcmp(*argv,"-verify") == 0)
-			{
-			verify=SSL_VERIFY_PEER;
-			if (--argc < 1) goto bad;
-			verify_depth=atoi(*(++argv));
-			BIO_printf(bio_err,"verify depth is %d\n",verify_depth);
-			}
-		else if	(strcmp(*argv,"-cert") == 0)
-			{
-			if (--argc < 1) goto bad;
-			cert_file= *(++argv);
-			}
-		else if	(strcmp(*argv,"-quiet") == 0)
-			c_quiet=1;
-		else if	(strcmp(*argv,"-pause") == 0)
-			c_Pause=1;
-		else if	(strcmp(*argv,"-debug") == 0)
-			c_debug=1;
-		else if	(strcmp(*argv,"-nbio_test") == 0)
-			nbio_test=1;
-		else if	(strcmp(*argv,"-state") == 0)
-			state=1;
-#ifndef NO_SSL2
-		else if	(strcmp(*argv,"-ssl2") == 0)
-			meth=SSLv2_client_method();
-#endif
-#ifndef NO_SSL3
-		else if	(strcmp(*argv,"-ssl3") == 0)
-			meth=SSLv3_client_method();
-#endif
-#ifndef NO_TLS1
-		else if	(strcmp(*argv,"-tls1") == 0)
-			meth=TLSv1_client_method();
-#endif
-		else if (strcmp(*argv,"-bugs") == 0)
-			bugs=1;
-		else if	(strcmp(*argv,"-key") == 0)
-			{
-			if (--argc < 1) goto bad;
-			key_file= *(++argv);
-			}
-		else if	(strcmp(*argv,"-reconnect") == 0)
-			{
-			reconnect=5;
-			}
-		else if	(strcmp(*argv,"-CApath") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CApath= *(++argv);
-			}
-		else if	(strcmp(*argv,"-CAfile") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CAfile= *(++argv);
-			}
-		else if (strcmp(*argv,"-no_tls1") == 0)
-			off|=SSL_OP_NO_TLSv1;
-		else if (strcmp(*argv,"-no_ssl3") == 0)
-			off|=SSL_OP_NO_SSLv3;
-		else if (strcmp(*argv,"-no_ssl2") == 0)
-			off|=SSL_OP_NO_SSLv2;
-		else if	(strcmp(*argv,"-cipher") == 0)
-			{
-			if (--argc < 1) goto bad;
-			cipher= *(++argv);
-			}
-#ifdef FIONBIO
-		else if (strcmp(*argv,"-nbio") == 0)
-			{ c_nbio=1; }
-#endif
-		else
-			{
-			BIO_printf(bio_err,"unknown option %s\n",*argv);
-			badop=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-	if (badop)
-		{
-bad:
-		sc_usage();
-		goto end;
-		}
-
-	if (bio_c_out == NULL)
-		{
-		if (c_quiet)
-			{
-			bio_c_out=BIO_new(BIO_s_null());
-			}
-		else
-			{
-			if (bio_c_out == NULL)
-				bio_c_out=BIO_new_fp(stdout,BIO_NOCLOSE);
-			}
-		}
-
-	SSLeay_add_ssl_algorithms();
-	ctx=SSL_CTX_new(meth);
-	if (ctx == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (bugs)
-		SSL_CTX_set_options(ctx,SSL_OP_ALL|off);
-	else
-		SSL_CTX_set_options(ctx,off);
-
-	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
-	if (cipher != NULL)
-		SSL_CTX_set_cipher_list(ctx,cipher);
-#if 0
-	else
-		SSL_CTX_set_cipher_list(ctx,getenv("SSL_CIPHER"));
-#endif
-
-	SSL_CTX_set_verify(ctx,verify,verify_callback);
-	if (!set_cert_stuff(ctx,cert_file,key_file))
-		goto end;
-
-	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
-		(!SSL_CTX_set_default_verify_paths(ctx)))
-		{
-		/* BIO_printf(bio_err,"error seting default verify locations\n"); */
-		ERR_print_errors(bio_err);
-		/* goto end; */
-		}
-
-	SSL_load_error_strings();
-
-	con=(SSL *)SSL_new(ctx);
-/*	SSL_set_cipher_list(con,"RC4-MD5"); */
-
-re_start:
-
-	if (init_client(&s,host,port) == 0)
-		{
-		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
-		SHUTDOWN(s);
-		goto end;
-		}
-	BIO_printf(bio_c_out,"CONNECTED(%08X)\n",s);
-
-#ifdef FIONBIO
-	if (c_nbio)
-		{
-		unsigned long l=1;
-		BIO_printf(bio_c_out,"turning on non blocking io\n");
-		if (BIO_socket_ioctl(s,FIONBIO,&l) < 0)
-			{
-			ERR_print_errors(bio_err);
-			goto end;
-			}
-		}
-#endif                                              
-	if (c_Pause & 0x01) con->debug=1;
-	sbio=BIO_new_socket(s,BIO_NOCLOSE);
-
-	if (nbio_test)
-		{
-		BIO *test;
-
-		test=BIO_new(BIO_f_nbio_test());
-		sbio=BIO_push(test,sbio);
-		}
-
-	if (c_debug)
-		{
-		con->debug=1;
-		BIO_set_callback(sbio,bio_dump_cb);
-		BIO_set_callback_arg(sbio,bio_c_out);
-		}
-
-	SSL_set_bio(con,sbio,sbio);
-	SSL_set_connect_state(con);
-
-	/* ok, lets connect */
-	width=SSL_get_fd(con)+1;
-
-	read_tty=1;
-	write_tty=0;
-	tty_on=0;
-	read_ssl=1;
-	write_ssl=1;
-	
-	cbuf_len=0;
-	cbuf_off=0;
-	sbuf_len=0;
-	sbuf_off=0;
-
-	for (;;)
-		{
-		FD_ZERO(&readfds);
-		FD_ZERO(&writefds);
-
-		if (SSL_in_init(con) && !SSL_total_renegotiations(con))
-			{
-			in_init=1;
-			tty_on=0;
-			}
-		else
-			{
-			tty_on=1;
-			if (in_init)
-				{
-				in_init=0;
-				print_stuff(bio_c_out,con,full_log);
-				if (full_log > 0) full_log--;
-
-				if (reconnect)
-					{
-					reconnect--;
-					BIO_printf(bio_c_out,"drop connection and then reconnect\n");
-					SSL_shutdown(con);
-					SSL_set_connect_state(con);
-					SHUTDOWN(SSL_get_fd(con));
-					goto re_start;
-					}
-				}
-			}
-
-#ifndef WINDOWS
-		if (tty_on)
-			{
-			if (read_tty)  FD_SET(fileno(stdin),&readfds);
-			if (write_tty) FD_SET(fileno(stdout),&writefds);
-			}
-#endif
-		if (read_ssl)
-			FD_SET(SSL_get_fd(con),&readfds);
-		if (write_ssl)
-			FD_SET(SSL_get_fd(con),&writefds);
-
-/*		printf("mode tty(%d %d%d) ssl(%d%d)\n",
-			tty_on,read_tty,write_tty,read_ssl,write_ssl);*/
-
-#ifndef WINDOWS
-		i=select(width,&readfds,&writefds,NULL,NULL);
-		if ( i < 0)
-			{
-			BIO_printf(bio_err,"bad select %d\n",
-				get_last_socket_error());
-			goto shut;
-			/* goto end; */
-			}
-
-		if (FD_ISSET(SSL_get_fd(con),&writefds))
-#else
-		if (write_ssl)
-#endif
-			{
-			k=SSL_write(con,&(cbuf[cbuf_off]),
-				(unsigned int)cbuf_len);
-			switch (SSL_get_error(con,k))
-				{
-			case SSL_ERROR_NONE:
-				cbuf_off+=k;
-				cbuf_len-=k;
-				if (k <= 0) goto end;
-				/* we have done a  write(con,NULL,0); */
-				if (cbuf_len <= 0)
-					{
-					read_tty=1;
-					write_ssl=0;
-					}
-				else /* if (cbuf_len > 0) */
-					{
-					read_tty=0;
-					write_ssl=1;
-					}
-				break;
-			case SSL_ERROR_WANT_WRITE:
-#ifndef WINDOWS
-				BIO_printf(bio_c_out,"write W BLOCK\n");
-#endif
-				write_ssl=1;
-				read_tty=0;
-				break;
-			case SSL_ERROR_WANT_READ:
-#ifndef WINDOWS
-				BIO_printf(bio_c_out,"write R BLOCK\n");
-#endif
-				write_tty=0;
-				read_ssl=1;
-				write_ssl=0;
-				break;
-			case SSL_ERROR_WANT_X509_LOOKUP:
-				BIO_printf(bio_c_out,"write X BLOCK\n");
-				break;
-			case SSL_ERROR_ZERO_RETURN:
-				if (cbuf_len != 0)
-					{
-					BIO_printf(bio_c_out,"shutdown\n");
-					goto shut;
-					}
-				else
-					{
-					read_tty=1;
-					write_ssl=0;
-					break;
-					}
-				
-			case SSL_ERROR_SYSCALL:
-				if ((k != 0) || (cbuf_len != 0))
-					{
-					BIO_printf(bio_err,"write:errno=%d\n",
-						get_last_socket_error());
-					goto shut;
-					}
-				else
-					{
-					read_tty=1;
-					write_ssl=0;
-					}
-				break;
-			case SSL_ERROR_SSL:
-				ERR_print_errors(bio_err);
-				goto shut;
-				}
-			}
-#ifndef WINDOWS
-		else if (FD_ISSET(fileno(stdout),&writefds))
-#else
-		else if (tty_on && write_tty)
-#endif
-			{
-			i=write(fileno(stdout),&(sbuf[sbuf_off]),sbuf_len);
-
-			if (i <= 0)
-				{
-				BIO_printf(bio_c_out,"DONE\n");
-				goto shut;
-				/* goto end; */
-				}
-
-			sbuf_len-=i;;
-			sbuf_off+=i;
-			if (sbuf_len <= 0)
-				{
-				read_ssl=1;
-				write_tty=0;
-				}
-			}
-#ifndef WINDOWS
-		else if (FD_ISSET(SSL_get_fd(con),&readfds))
-#else
-		if (read_ssl)
-#endif
-			{
-#ifdef RENEG
-{ static int iiii; if (++iiii == 52) { SSL_renegotiate(con); iiii=0; } }
-#endif
-			k=SSL_read(con,sbuf,1024 /* BUFSIZZ */ );
-
-			switch (SSL_get_error(con,k))
-				{
-			case SSL_ERROR_NONE:
-				if (k <= 0)
-					goto end;
-				sbuf_off=0;
-				sbuf_len=k;
-
-				read_ssl=0;
-				write_tty=1;
-				break;
-			case SSL_ERROR_WANT_WRITE:
-#ifndef WINDOWS
-				BIO_printf(bio_c_out,"read W BLOCK\n");
-#endif
-				write_ssl=1;
-				read_tty=0;
-				break;
-			case SSL_ERROR_WANT_READ:
-#ifndef WINDOWS
-				BIO_printf(bio_c_out,"read R BLOCK\n");
-#endif
-				write_tty=0;
-				read_ssl=1;
-				if ((read_tty == 0) && (write_ssl == 0))
-					write_ssl=1;
-				break;
-			case SSL_ERROR_WANT_X509_LOOKUP:
-				BIO_printf(bio_c_out,"read X BLOCK\n");
-				break;
-			case SSL_ERROR_SYSCALL:
-				BIO_printf(bio_err,"read:errno=%d\n",get_last_socket_error());
-				goto shut;
-			case SSL_ERROR_ZERO_RETURN:
-				BIO_printf(bio_c_out,"closed\n");
-				goto shut;
-			case SSL_ERROR_SSL:
-				ERR_print_errors(bio_err);
-				goto shut;
-				break;
-				}
-			}
-
-#ifndef WINDOWS
-		else if (FD_ISSET(fileno(stdin),&readfds))
-			{
-			i=read(fileno(stdin),cbuf,BUFSIZZ);
-#else
-		if (tty_on && read_tty && _kbhit())
-			{
-			i = 1;
-			cbuf[0] = _getch();
-#endif
-
-			if ((!c_quiet) && ((i <= 0) || (cbuf[0] == 'Q')))
-				{
-				BIO_printf(bio_err,"DONE\n");
-				goto shut;
-				}
-
-			if ((!c_quiet) && (cbuf[0] == 'R'))
-				{
-				SSL_renegotiate(con);
-				read_tty=0;
-				write_ssl=1;
-				}
-			else
-				{
-				cbuf_len=i;
-				cbuf_off=0;
-				}
-
-			read_tty=0;
-			write_ssl=1;
-			}
-		}
-shut:
-	SSL_shutdown(con);
-	SHUTDOWN(SSL_get_fd(con));
-	ret=0;
-end:
-	if (con != NULL) SSL_free(con);
-	if (con2 != NULL) SSL_free(con2);
-	if (ctx != NULL) SSL_CTX_free(ctx);
-	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); Free(cbuf); }
-	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); Free(sbuf); }
-	if (bio_c_out != NULL)
-		{
-		BIO_free(bio_c_out);
-		bio_c_out=NULL;
-		}
-	EXIT(ret);
-	}
-
-
-static void print_stuff(bio,s,full)
-BIO *bio;
-SSL *s;
-int full;
-	{
-	X509 *peer=NULL;
-	char *p;
-	static char *space="                ";
-	char buf[BUFSIZ];
-	STACK *sk;
-	SSL_CIPHER *c;
-	X509_NAME *xn;
-	int j,i;
-
-	if (full)
-		{
-		sk=SSL_get_peer_cert_chain(s);
-		if (sk != NULL)
-			{
-			BIO_printf(bio,"---\nCertificate chain\n");
-			for (i=0; i<sk_num(sk); i++)
-				{
-				X509_NAME_oneline(X509_get_subject_name((X509 *)
-					sk_value(sk,i)),buf,BUFSIZ);
-				BIO_printf(bio,"%2d s:%s\n",i,buf);
-				X509_NAME_oneline(X509_get_issuer_name((X509 *)
-					sk_value(sk,i)),buf,BUFSIZ);
-				BIO_printf(bio,"   i:%s\n",buf);
-				}
-			}
-
-		BIO_printf(bio,"---\n");
-		peer=SSL_get_peer_certificate(s);
-		if (peer != NULL)
-			{
-			BIO_printf(bio,"Server certificate\n");
-			PEM_write_bio_X509(bio,peer);
-			X509_NAME_oneline(X509_get_subject_name(peer),
-				buf,BUFSIZ);
-			BIO_printf(bio,"subject=%s\n",buf);
-			X509_NAME_oneline(X509_get_issuer_name(peer),
-				buf,BUFSIZ);
-			BIO_printf(bio,"issuer=%s\n",buf);
-			}
-		else
-			BIO_printf(bio,"no peer certificate available\n");
-
-		sk=SSL_get_client_CA_list(s);
-		if ((sk != NULL) && (sk_num(sk) > 0))
-			{
-			BIO_printf(bio,"---\nAcceptable client certificate CA names\n");
-			for (i=0; i<sk_num(sk); i++)
-				{
-				xn=(X509_NAME *)sk_value(sk,i);
-				X509_NAME_oneline(xn,buf,sizeof(buf));
-				BIO_write(bio,buf,strlen(buf));
-				BIO_write(bio,"\n",1);
-				}
-			}
-		else
-			{
-			BIO_printf(bio,"---\nNo client certificate CA names sent\n");
-			}
-		p=SSL_get_shared_ciphers(s,buf,BUFSIZ);
-		if (p != NULL)
-			{
-			BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n");
-			j=i=0;
-			while (*p)
-				{
-				if (*p == ':')
-					{
-					BIO_write(bio,space,15-j%25);
-					i++;
-					j=0;
-					BIO_write(bio,((i%3)?" ":"\n"),1);
-					}
-				else
-					{
-					BIO_write(bio,p,1);
-					j++;
-					}
-				p++;
-				}
-			BIO_write(bio,"\n",1);
-			}
-
-		BIO_printf(bio,"---\nSSL handshake has read %ld bytes and written %ld bytes\n",
-			BIO_number_read(SSL_get_rbio(s)),
-			BIO_number_written(SSL_get_wbio(s)));
-		}
-	BIO_printf(bio,((s->hit)?"---\nReused, ":"---\nNew, "));
-	c=SSL_get_current_cipher(s);
-	BIO_printf(bio,"%s, Cipher is %s\n",
-		SSL_CIPHER_get_version(c),
-		SSL_CIPHER_get_name(c));
-	if (peer != NULL)
-		BIO_printf(bio,"Server public key is %d bit\n",
-			EVP_PKEY_bits(X509_get_pubkey(peer)));
-	SSL_SESSION_print(bio,SSL_get_session(s));
-	BIO_printf(bio,"---\n");
-	if (peer != NULL)
-		X509_free(peer);
-	}
-
diff --git a/apps/server.pem b/apps/server.pem
index c57b32507d..56248e57a3 100644
--- a/apps/server.pem
+++ b/apps/server.pem
@@ -1,17 +1,17 @@
 issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
+subject= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
 -----BEGIN CERTIFICATE-----
-MIIB6TCCAVICAQQwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+MIIB6TCCAVICAQYwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
 BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
-VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTgwNjI5MjM1MjQwWhcNMDAwNjI4
-MjM1MjQwWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDAxMDE2MjIzMTAzWhcNMDMwMTE0
+MjIzMTAzWjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
 A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
 cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
 Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
-Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCVvvfkGSe2GHgDFfmOua4Isjb9
-JVhImWMASiOClkZlMESDJjsszg/6+d/W+8TrbObhazpl95FivXBVucbj9dudh7AO
-IZu1h1MAPlyknc9Ud816vz3FejB4qqUoaXjnlkrIgEbr/un7jSS86WOe0hRhwHkJ
-FUGcPZf9ND22Etc+AQ==
+Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQCT0grFQeZaqYb5EYfk20XixZV4
+GmyAbXMftG1Eo7qGiMhYzRwGNWxEYojf5PZkYZXvSqZ/ZXHXa4g59jK/rJNnaVGM
+k+xIX8mxQvlV0n5O9PIha5BX5teZnkHKgL8aKKLKW1BK7YTngsfSzzaeame5iKfz
+itAE+OjGF+PFKbwX8Q==
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
diff --git a/apps/sess_id.c b/apps/sess_id.c
index a606ca3a5c..d91d84d220 100644
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@@ -60,43 +60,40 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "x509.h"
-#include "pem.h"
-#include "ssl.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
 
 #undef PROG
 #define PROG	sess_id_main
 
 static char *sess_id_usage[]={
-"usage: crl args\n",
+"usage: sess_id args\n",
 "\n",
-" -inform arg     - input format - default PEM (one of DER, TXT or PEM)\n",
+" -inform arg     - input format - default PEM (DER or PEM)\n",
 " -outform arg    - output format - default PEM\n",
 " -in arg         - input file - default stdin\n",
 " -out arg        - output file - default stdout\n",
 " -text           - print ssl session id details\n",
-" -cert           - output certificaet \n",
+" -cert           - output certificate \n",
 " -noout          - no CRL output\n",
+" -context arg    - set the session ID context\n",
 NULL
 };
 
-#ifndef NOPROTO
 static SSL_SESSION *load_sess_id(char *file, int format);
-#else
-static SSL_SESSION *load_sess_id();
-#endif
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
 	{
 	SSL_SESSION *x=NULL;
 	int ret=1,i,num,badops=0;
 	BIO *out=NULL;
 	int informat,outformat;
-	char *infile=NULL,*outfile=NULL;
+	char *infile=NULL,*outfile=NULL,*context=NULL;
 	int cert=0,noout=0,text=0;
 	char **pp;
 
@@ -140,6 +137,11 @@ char **argv;
 			cert= ++num;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout= ++num;
+		else if (strcmp(*argv,"-context") == 0)
+		    {
+		    if(--argc < 1) goto bad;
+		    context=*++argv;
+		    }
 		else
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -154,7 +156,7 @@ char **argv;
 		{
 bad:
 		for (pp=sess_id_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,*pp);
+			BIO_printf(bio_err,"%s",*pp);
 		goto end;
 		}
 
@@ -162,6 +164,17 @@ bad:
 	x=load_sess_id(infile,informat);
 	if (x == NULL) { goto end; }
 
+	if(context)
+	    {
+	    x->sid_ctx_length=strlen(context);
+	    if(x->sid_ctx_length > SSL_MAX_SID_CTX_LENGTH)
+		{
+		BIO_printf(bio_err,"Context too long\n");
+		goto end;
+		}
+	    memcpy(x->sid_ctx,context,x->sid_ctx_length);
+	    }
+
 #ifdef undef
 	/* just testing for memory leaks :-) */
 	{
@@ -193,7 +206,15 @@ bad:
 			}
 
 		if (outfile == NULL)
+			{
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+			{
+			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+			out = BIO_push(tmpbio, out);
+			}
+#endif
+			}
 		else
 			{
 			if (BIO_write_filename(out,outfile) <= 0)
@@ -249,14 +270,13 @@ bad:
 		}
 	ret=0;
 end:
-	if (out != NULL) BIO_free(out);
+	if (out != NULL) BIO_free_all(out);
 	if (x != NULL) SSL_SESSION_free(x);
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
-static SSL_SESSION *load_sess_id(infile, format)
-char *infile;
-int format;
+static SSL_SESSION *load_sess_id(char *infile, int format)
 	{
 	SSL_SESSION *x=NULL;
 	BIO *in=NULL;
@@ -281,7 +301,7 @@ int format;
 	if 	(format == FORMAT_ASN1)
 		x=d2i_SSL_SESSION_bio(in,NULL);
 	else if (format == FORMAT_PEM)
-		x=PEM_read_bio_SSL_SESSION(in,NULL,NULL);
+		x=PEM_read_bio_SSL_SESSION(in,NULL,NULL,NULL);
 	else	{
 		BIO_printf(bio_err,"bad input format specified for input crl\n");
 		goto end;
diff --git a/apps/smime.c b/apps/smime.c
new file mode 100644
index 0000000000..ef0e477464
--- /dev/null
+++ b/apps/smime.c
@@ -0,0 +1,579 @@
+/* smime.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* S/MIME utility function */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+
+#undef PROG
+#define PROG smime_main
+static int save_certs(char *signerfile, STACK_OF(X509) *signers);
+
+#define SMIME_OP	0x10
+#define SMIME_ENCRYPT	(1 | SMIME_OP)
+#define SMIME_DECRYPT	2
+#define SMIME_SIGN	(3 | SMIME_OP)
+#define SMIME_VERIFY	4
+#define SMIME_PK7OUT	5
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+{
+	ENGINE *e = NULL;
+	int operation = 0;
+	int ret = 0;
+	char **args;
+	char *inmode = "r", *outmode = "w";
+	char *infile = NULL, *outfile = NULL;
+	char *signerfile = NULL, *recipfile = NULL;
+	char *certfile = NULL, *keyfile = NULL, *contfile=NULL;
+	const EVP_CIPHER *cipher = NULL;
+	PKCS7 *p7 = NULL;
+	X509_STORE *store = NULL;
+	X509 *cert = NULL, *recip = NULL, *signer = NULL;
+	EVP_PKEY *key = NULL;
+	STACK_OF(X509) *encerts = NULL, *other = NULL;
+	BIO *in = NULL, *out = NULL, *indata = NULL;
+	int badarg = 0;
+	int flags = PKCS7_DETACHED, store_flags = 0;
+	char *to = NULL, *from = NULL, *subject = NULL;
+	char *CAfile = NULL, *CApath = NULL;
+	char *passargin = NULL, *passin = NULL;
+	char *inrand = NULL;
+	int need_rand = 0;
+	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
+        int keyform = FORMAT_PEM;
+	char *engine=NULL;
+
+	args = argv + 1;
+	ret = 1;
+
+	apps_startup();
+
+	if (bio_err == NULL)
+		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
+			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
+
+	while (!badarg && *args && *args[0] == '-') {
+		if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT;
+		else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT;
+		else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN;
+		else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY;
+		else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT;
+#ifndef OPENSSL_NO_DES
+		else if (!strcmp (*args, "-des3")) 
+				cipher = EVP_des_ede3_cbc();
+		else if (!strcmp (*args, "-des")) 
+				cipher = EVP_des_cbc();
+#endif
+#ifndef OPENSSL_NO_RC2
+		else if (!strcmp (*args, "-rc2-40")) 
+				cipher = EVP_rc2_40_cbc();
+		else if (!strcmp (*args, "-rc2-128")) 
+				cipher = EVP_rc2_cbc();
+		else if (!strcmp (*args, "-rc2-64")) 
+				cipher = EVP_rc2_64_cbc();
+#endif
+#ifndef OPENSSL_NO_AES
+		else if (!strcmp(*args,"-aes128"))
+				cipher = EVP_aes_128_cbc();
+		else if (!strcmp(*args,"-aes192"))
+				cipher = EVP_aes_192_cbc();
+		else if (!strcmp(*args,"-aes256"))
+				cipher = EVP_aes_256_cbc();
+#endif
+		else if (!strcmp (*args, "-text")) 
+				flags |= PKCS7_TEXT;
+		else if (!strcmp (*args, "-nointern")) 
+				flags |= PKCS7_NOINTERN;
+		else if (!strcmp (*args, "-noverify")) 
+				flags |= PKCS7_NOVERIFY;
+		else if (!strcmp (*args, "-nochain")) 
+				flags |= PKCS7_NOCHAIN;
+		else if (!strcmp (*args, "-nocerts")) 
+				flags |= PKCS7_NOCERTS;
+		else if (!strcmp (*args, "-noattr")) 
+				flags |= PKCS7_NOATTR;
+		else if (!strcmp (*args, "-nodetach")) 
+				flags &= ~PKCS7_DETACHED;
+		else if (!strcmp (*args, "-nosmimecap"))
+				flags |= PKCS7_NOSMIMECAP;
+		else if (!strcmp (*args, "-binary"))
+				flags |= PKCS7_BINARY;
+		else if (!strcmp (*args, "-nosigs"))
+				flags |= PKCS7_NOSIGS;
+		else if (!strcmp (*args, "-crl_check"))
+				store_flags |= X509_V_FLAG_CRL_CHECK;
+		else if (!strcmp (*args, "-crl_check_all"))
+				store_flags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
+		else if (!strcmp(*args,"-rand")) {
+			if (args[1]) {
+				args++;
+				inrand = *args;
+			} else badarg = 1;
+			need_rand = 1;
+		} else if (!strcmp(*args,"-engine")) {
+			if (args[1]) {
+				args++;
+				engine = *args;
+			} else badarg = 1;
+		} else if (!strcmp(*args,"-passin")) {
+			if (args[1]) {
+				args++;
+				passargin = *args;
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-to")) {
+			if (args[1]) {
+				args++;
+				to = *args;
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-from")) {
+			if (args[1]) {
+				args++;
+				from = *args;
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-subject")) {
+			if (args[1]) {
+				args++;
+				subject = *args;
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-signer")) {
+			if (args[1]) {
+				args++;
+				signerfile = *args;
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-recip")) {
+			if (args[1]) {
+				args++;
+				recipfile = *args;
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-inkey")) {
+			if (args[1]) {
+				args++;
+				keyfile = *args;
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-keyform")) {
+			if (args[1]) {
+				args++;
+				keyform = str2fmt(*args);
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-certfile")) {
+			if (args[1]) {
+				args++;
+				certfile = *args;
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-CAfile")) {
+			if (args[1]) {
+				args++;
+				CAfile = *args;
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-CApath")) {
+			if (args[1]) {
+				args++;
+				CApath = *args;
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-in")) {
+			if (args[1]) {
+				args++;
+				infile = *args;
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-inform")) {
+			if (args[1]) {
+				args++;
+				informat = str2fmt(*args);
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-outform")) {
+			if (args[1]) {
+				args++;
+				outformat = str2fmt(*args);
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-out")) {
+			if (args[1]) {
+				args++;
+				outfile = *args;
+			} else badarg = 1;
+		} else if (!strcmp (*args, "-content")) {
+			if (args[1]) {
+				args++;
+				contfile = *args;
+			} else badarg = 1;
+		} else badarg = 1;
+		args++;
+	}
+
+	if(operation == SMIME_SIGN) {
+		if(!signerfile) {
+			BIO_printf(bio_err, "No signer certificate specified\n");
+			badarg = 1;
+		}
+		need_rand = 1;
+	} else if(operation == SMIME_DECRYPT) {
+		if(!recipfile) {
+			BIO_printf(bio_err, "No recipient certificate and key specified\n");
+			badarg = 1;
+		}
+	} else if(operation == SMIME_ENCRYPT) {
+		if(!*args) {
+			BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
+			badarg = 1;
+		}
+		need_rand = 1;
+	} else if(!operation) badarg = 1;
+
+	if (badarg) {
+		BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
+		BIO_printf (bio_err, "where options are\n");
+		BIO_printf (bio_err, "-encrypt       encrypt message\n");
+		BIO_printf (bio_err, "-decrypt       decrypt encrypted message\n");
+		BIO_printf (bio_err, "-sign          sign message\n");
+		BIO_printf (bio_err, "-verify        verify signed message\n");
+		BIO_printf (bio_err, "-pk7out        output PKCS#7 structure\n");
+#ifndef OPENSSL_NO_DES
+		BIO_printf (bio_err, "-des3          encrypt with triple DES\n");
+		BIO_printf (bio_err, "-des           encrypt with DES\n");
+#endif
+#ifndef OPENSSL_NO_RC2
+		BIO_printf (bio_err, "-rc2-40        encrypt with RC2-40 (default)\n");
+		BIO_printf (bio_err, "-rc2-64        encrypt with RC2-64\n");
+		BIO_printf (bio_err, "-rc2-128       encrypt with RC2-128\n");
+#endif
+#ifndef OPENSSL_NO_AES
+		BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
+		BIO_printf (bio_err, "               encrypt PEM output with cbc aes\n");
+#endif
+		BIO_printf (bio_err, "-nointern      don't search certificates in message for signer\n");
+		BIO_printf (bio_err, "-nosigs        don't verify message signature\n");
+		BIO_printf (bio_err, "-noverify      don't verify signers certificate\n");
+		BIO_printf (bio_err, "-nocerts       don't include signers certificate when signing\n");
+		BIO_printf (bio_err, "-nodetach      use opaque signing\n");
+		BIO_printf (bio_err, "-noattr        don't include any signed attributes\n");
+		BIO_printf (bio_err, "-binary        don't translate message to text\n");
+		BIO_printf (bio_err, "-certfile file other certificates file\n");
+		BIO_printf (bio_err, "-signer file   signer certificate file\n");
+		BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");
+		BIO_printf (bio_err, "-in file       input file\n");
+		BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
+		BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");
+		BIO_printf (bio_err, "-keyform arg   input private key format (PEM or ENGINE)\n");
+		BIO_printf (bio_err, "-out file      output file\n");
+		BIO_printf (bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");
+		BIO_printf (bio_err, "-content file  supply or override content for detached signature\n");
+		BIO_printf (bio_err, "-to addr       to address\n");
+		BIO_printf (bio_err, "-from ad       from address\n");
+		BIO_printf (bio_err, "-subject s     subject\n");
+		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
+		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
+		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
+		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
+		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
+		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
+		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err,  "               the random number generator\n");
+		BIO_printf (bio_err, "cert.pem       recipient certificate(s) for encryption\n");
+		goto end;
+	}
+
+        e = setup_engine(bio_err, engine, 0);
+
+	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+		BIO_printf(bio_err, "Error getting password\n");
+		goto end;
+	}
+
+	if (need_rand) {
+		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+		if (inrand != NULL)
+			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
+				app_RAND_load_files(inrand));
+	}
+
+	ret = 2;
+
+	if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;
+
+	if(operation & SMIME_OP) {
+		if(flags & PKCS7_BINARY) inmode = "rb";
+		if(outformat == FORMAT_ASN1) outmode = "wb";
+	} else {
+		if(flags & PKCS7_BINARY) outmode = "wb";
+		if(informat == FORMAT_ASN1) inmode = "rb";
+	}
+
+	if(operation == SMIME_ENCRYPT) {
+		if (!cipher) {
+#ifndef OPENSSL_NO_RC2			
+			cipher = EVP_rc2_40_cbc();
+#else
+			BIO_printf(bio_err, "No cipher selected\n");
+			goto end;
+#endif
+		}
+		encerts = sk_X509_new_null();
+		while (*args) {
+			if(!(cert = load_cert(bio_err,*args,FORMAT_PEM,
+				NULL, e, "recipient certificate file"))) {
+#if 0				/* An appropriate message is already printed */
+				BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
+#endif
+				goto end;
+			}
+			sk_X509_push(encerts, cert);
+			cert = NULL;
+			args++;
+		}
+	}
+
+	if(signerfile && (operation == SMIME_SIGN)) {
+		if(!(signer = load_cert(bio_err,signerfile,FORMAT_PEM, NULL,
+			e, "signer certificate"))) {
+#if 0			/* An appropri message has already been printed */
+			BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
+#endif
+			goto end;
+		}
+	}
+
+	if(certfile) {
+		if(!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
+			e, "certificate file"))) {
+#if 0			/* An appropriate message has already been printed */
+			BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
+#endif
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	}
+
+	if(recipfile && (operation == SMIME_DECRYPT)) {
+		if(!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
+			e, "recipient certificate file"))) {
+#if 0			/* An appropriate message has alrady been printed */
+			BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
+#endif
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	}
+
+	if(operation == SMIME_DECRYPT) {
+		if(!keyfile) keyfile = recipfile;
+	} else if(operation == SMIME_SIGN) {
+		if(!keyfile) keyfile = signerfile;
+	} else keyfile = NULL;
+
+	if(keyfile) {
+		key = load_key(bio_err, keyfile, keyform, 0, passin, e,
+			       "signing key file");
+		if (!key) {
+			goto end;
+                }
+	}
+
+	if (infile) {
+		if (!(in = BIO_new_file(infile, inmode))) {
+			BIO_printf (bio_err,
+				 "Can't open input file %s\n", infile);
+			goto end;
+		}
+	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+	if (outfile) {
+		if (!(out = BIO_new_file(outfile, outmode))) {
+			BIO_printf (bio_err,
+				 "Can't open output file %s\n", outfile);
+			goto end;
+		}
+	} else {
+		out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		    out = BIO_push(tmpbio, out);
+		}
+#endif
+	}
+
+	if(operation == SMIME_VERIFY) {
+		if(!(store = setup_verify(bio_err, CAfile, CApath))) goto end;
+		X509_STORE_set_flags(store, store_flags);
+	}
+
+
+	ret = 3;
+
+	if(operation == SMIME_ENCRYPT) {
+		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
+	} else if(operation == SMIME_SIGN) {
+		p7 = PKCS7_sign(signer, key, other, in, flags);
+		if (BIO_reset(in) != 0 && (flags & PKCS7_DETACHED)) {
+		  BIO_printf(bio_err, "Can't rewind input file\n");
+		  goto end;
+		}
+	} else {
+		if(informat == FORMAT_SMIME) 
+			p7 = SMIME_read_PKCS7(in, &indata);
+		else if(informat == FORMAT_PEM) 
+			p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
+		else if(informat == FORMAT_ASN1) 
+			p7 = d2i_PKCS7_bio(in, NULL);
+		else {
+			BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
+			goto end;
+		}
+
+		if(!p7) {
+			BIO_printf(bio_err, "Error reading S/MIME message\n");
+			goto end;
+		}
+		if(contfile) {
+			BIO_free(indata);
+			if(!(indata = BIO_new_file(contfile, "rb"))) {
+				BIO_printf(bio_err, "Can't read content file %s\n", contfile);
+				goto end;
+			}
+		}
+	}
+
+	if(!p7) {
+		BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
+		goto end;
+	}
+
+	ret = 4;
+	if(operation == SMIME_DECRYPT) {
+		if(!PKCS7_decrypt(p7, key, recip, out, flags)) {
+			BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
+			goto end;
+		}
+	} else if(operation == SMIME_VERIFY) {
+		STACK_OF(X509) *signers;
+		if(PKCS7_verify(p7, other, store, indata, out, flags)) {
+			BIO_printf(bio_err, "Verification successful\n");
+		} else {
+			BIO_printf(bio_err, "Verification failure\n");
+			goto end;
+		}
+		signers = PKCS7_get0_signers(p7, other, flags);
+		if(!save_certs(signerfile, signers)) {
+			BIO_printf(bio_err, "Error writing signers to %s\n",
+								signerfile);
+			ret = 5;
+			goto end;
+		}
+		sk_X509_free(signers);
+	} else if(operation == SMIME_PK7OUT) {
+		PEM_write_bio_PKCS7(out, p7);
+	} else {
+		if(to) BIO_printf(out, "To: %s\n", to);
+		if(from) BIO_printf(out, "From: %s\n", from);
+		if(subject) BIO_printf(out, "Subject: %s\n", subject);
+		if(outformat == FORMAT_SMIME) 
+			SMIME_write_PKCS7(out, p7, in, flags);
+		else if(outformat == FORMAT_PEM) 
+			PEM_write_bio_PKCS7(out,p7);
+		else if(outformat == FORMAT_ASN1) 
+			i2d_PKCS7_bio(out,p7);
+		else {
+			BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
+			goto end;
+		}
+	}
+	ret = 0;
+end:
+	if (need_rand)
+		app_RAND_write_file(NULL, bio_err);
+	if(ret) ERR_print_errors(bio_err);
+	sk_X509_pop_free(encerts, X509_free);
+	sk_X509_pop_free(other, X509_free);
+	X509_STORE_free(store);
+	X509_free(cert);
+	X509_free(recip);
+	X509_free(signer);
+	EVP_PKEY_free(key);
+	PKCS7_free(p7);
+	BIO_free(in);
+	BIO_free(indata);
+	BIO_free_all(out);
+	if(passin) OPENSSL_free(passin);
+	return (ret);
+}
+
+static int save_certs(char *signerfile, STACK_OF(X509) *signers)
+{
+	int i;
+	BIO *tmp;
+	if(!signerfile) return 1;
+	tmp = BIO_new_file(signerfile, "w");
+	if(!tmp) return 0;
+	for(i = 0; i < sk_X509_num(signers); i++)
+		PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
+	BIO_free(tmp);
+	return 1;
+}
+	
diff --git a/apps/speed.c b/apps/speed.c
index 9e20b7217c..800ecd35d6 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -1,4 +1,4 @@
-/* apps/speed.c */
+/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -55,6 +55,19 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The ECDH and ECDSA speed test software is originally written by 
+ * Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
 
 /* most of this code has been pilfered from my libdes speed.c program */
 
@@ -62,6 +75,8 @@
 #define SECONDS		3	
 #define RSA_SECONDS	10
 #define DSA_SECONDS	10
+#define ECDSA_SECONDS   10
+#define ECDH_SECONDS    10
 
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
@@ -75,122 +90,181 @@
 #include <string.h>
 #include <math.h>
 #include "apps.h"
-#ifdef NO_STDIO
+#ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #endif
-#include "crypto.h"
-#include "rand.h"
-#include "err.h"
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#if !defined(OPENSSL_SYS_MSDOS)
+#include OPENSSL_UNISTD
+#endif
 
-#ifndef MSDOS
-#define TIMES
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX)
+# define USE_TOD
+#elif !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
+# define TIMES
+#endif
+#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(OPENSSL_SYS_MPE) && !defined(__NetBSD__) && !defined(OPENSSL_SYS_VXWORKS) /* FIXME */
+# define TIMEB
 #endif
 
-#ifndef VMS
 #ifndef _IRIX
-#include <time.h>
+# include <time.h>
 #endif
 #ifdef TIMES
-#include <sys/types.h>
-#include <sys/times.h>
-#endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+# include <sys/types.h>
+# include <sys/times.h>
 #endif
-#ifndef TIMES
+#ifdef USE_TOD
+# include <sys/time.h>
+# include <sys/resource.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
+
+#ifdef TIMEB
 #include <sys/timeb.h>
 #endif
 
+#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(OPENSSL_SYS_VXWORKS)
+#error "It seems neither struct tms nor struct timeb is supported in this platform!"
+#endif
+
 #if defined(sun) || defined(__ultrix)
 #define _POSIX_SOURCE
 #include <limits.h>
 #include <sys/param.h>
 #endif
 
-#ifndef NO_DES
-#include "des.h"
+#ifndef OPENSSL_NO_DES
+#include <openssl/des.h>
 #endif
-#ifndef NO_MD2
-#include "md2.h"
+#ifndef OPENSSL_NO_AES
+#include <openssl/aes.h>
 #endif
-#ifndef NO_MDC2
-#include "mdc2.h"
+#ifndef OPENSSL_NO_MD2
+#include <openssl/md2.h>
 #endif
-#ifndef NO_MD5
-#include "md5.h"
-#include "hmac.h"
-#include "evp.h"
+#ifndef OPENSSL_NO_MDC2
+#include <openssl/mdc2.h>
 #endif
-#ifndef NO_SHA1
-#include "sha.h"
+#ifndef OPENSSL_NO_MD4
+#include <openssl/md4.h>
 #endif
-#ifndef NO_RMD160
-#include "ripemd.h"
+#ifndef OPENSSL_NO_MD5
+#include <openssl/md5.h>
 #endif
-#ifndef NO_RC4
-#include "rc4.h"
+#ifndef OPENSSL_NO_HMAC
+#include <openssl/hmac.h>
 #endif
-#ifndef NO_RC5
-#include "rc5.h"
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_SHA
+#include <openssl/sha.h>
 #endif
-#ifndef NO_RC2
-#include "rc2.h"
+#ifndef OPENSSL_NO_RIPEMD
+#include <openssl/ripemd.h>
 #endif
-#ifndef NO_IDEA
-#include "idea.h"
+#ifndef OPENSSL_NO_RC4
+#include <openssl/rc4.h>
 #endif
-#ifndef NO_BLOWFISH
-#include "blowfish.h"
+#ifndef OPENSSL_NO_RC5
+#include <openssl/rc5.h>
 #endif
-#ifndef NO_CAST
-#include "cast.h"
+#ifndef OPENSSL_NO_RC2
+#include <openssl/rc2.h>
 #endif
-#ifndef NO_RSA
-#include "rsa.h"
+#ifndef OPENSSL_NO_IDEA
+#include <openssl/idea.h>
 #endif
-#include "x509.h"
+#ifndef OPENSSL_NO_BF
+#include <openssl/blowfish.h>
+#endif
+#ifndef OPENSSL_NO_CAST
+#include <openssl/cast.h>
+#endif
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
 #include "./testrsa.h"
-#ifndef NO_DSA
+#endif
+#include <openssl/x509.h>
+#ifndef OPENSSL_NO_DSA
 #include "./testdsa.h"
 #endif
+#ifndef OPENSSL_NO_ECDSA
+#include <openssl/ecdsa.h>
+#endif
+#ifndef OPENSSL_NO_ECDH
+#include <openssl/ecdh.h>
+#endif
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
-# ifndef CLK_TCK
-#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-#   ifndef VMS
-#    define HZ	100.0
-#   else /* VMS */
+# if defined(_SC_CLK_TCK) \
+     && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000)
+#  define HZ ((double)sysconf(_SC_CLK_TCK))
+# else
+#  ifndef CLK_TCK
+#   ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
 #    define HZ	100.0
+#   else /* _BSD_CLK_TCK_ */
+#    define HZ ((double)_BSD_CLK_TCK_)
 #   endif
-#  else /* _BSD_CLK_TCK_ */
-#   define HZ ((double)_BSD_CLK_TCK_)
+#  else /* CLK_TCK */
+#   define HZ ((double)CLK_TCK)
 #  endif
-# else /* CLK_TCK */
-#  define HZ ((double)CLK_TCK)
 # endif
 #endif
 
+#if !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_OS2)
+# define HAVE_FORK 1
+#endif
+
 #undef BUFSIZE
 #define BUFSIZE	((long)1024*8+1)
 int run=0;
 
-#ifndef NOPROTO
+static char ftime_used = 0, times_used = 0, gettimeofday_used = 0, getrusage_used = 0;
+static int mr=0;
+static int usertime=1;
+
 static double Time_F(int s);
-static void print_message(char *s,long num,int length);
+static void print_message(const char *s,long num,int length);
 static void pkey_print_message(char *str,char *str2,long num,int bits,int sec);
-#else
-static double Time_F();
-static void print_message();
-static void pkey_print_message();
+static void print_result(int alg,int run_no,int count,double time_used);
+#ifdef HAVE_FORK
+static int do_multi(int multi);
 #endif
 
+#define ALGOR_NUM	19
+#define SIZE_NUM	5
+#define RSA_NUM		4
+#define DSA_NUM		3
+
+#define EC_NUM       16
+#define MAX_ECDH_SIZE 256
+
+static const char *names[ALGOR_NUM]={
+  "md2","mdc2","md4","md5","hmac(md5)","sha1","rmd160","rc4",
+  "des cbc","des ede3","idea cbc",
+  "rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc",
+  "aes-128 cbc","aes-192 cbc","aes-256 cbc"};
+static double results[ALGOR_NUM][SIZE_NUM];
+static int lengths[SIZE_NUM]={16,64,256,1024,8*1024};
+static double rsa_results[RSA_NUM][2];
+static double dsa_results[DSA_NUM][2];
+static double ecdsa_results[EC_NUM][2];
+static double ecdh_results[EC_NUM][1];
+
+
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
 #define SIGRETTYPE void
@@ -198,14 +272,8 @@ static void pkey_print_message();
 #define SIGRETTYPE int
 #endif 
 
-#ifndef NOPROTO
 static SIGRETTYPE sig_done(int sig);
-#else
-static SIGRETTYPE sig_done();
-#endif
-
-static SIGRETTYPE sig_done(sig)
-int sig;
+static SIGRETTYPE sig_done(int sig)
 	{
 	signal(SIGALRM,sig_done);
 	run=0;
@@ -218,120 +286,219 @@ int sig;
 #define START	0
 #define STOP	1
 
-static double Time_F(s)
-int s;
+static double Time_F(int s)
 	{
 	double ret;
-#ifdef TIMES
-	static struct tms tstart,tend;
 
-	if (s == START)
-		{
-		times(&tstart);
-		return(0);
+#ifdef USE_TOD
+	if(usertime)
+	    {
+		static struct rusage tstart,tend;
+
+		getrusage_used = 1;
+		if (s == START)
+			{
+			getrusage(RUSAGE_SELF,&tstart);
+			return(0);
+			}
+		else
+			{
+			long i;
+
+			getrusage(RUSAGE_SELF,&tend);
+			i=(long)tend.ru_utime.tv_usec-(long)tstart.ru_utime.tv_usec;
+			ret=((double)(tend.ru_utime.tv_sec-tstart.ru_utime.tv_sec))
+			  +((double)i)/1000000.0;
+			return((ret < 0.001)?0.001:ret);
+			}
 		}
 	else
 		{
-		times(&tend);
-		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
-		return((ret < 1e-3)?1e-3:ret);
-		}
-#else /* !times() */
-	static struct timeb tstart,tend;
-	long i;
+		static struct timeval tstart,tend;
+		long i;
 
-	if (s == START)
+		gettimeofday_used = 1;
+		if (s == START)
+			{
+			gettimeofday(&tstart,NULL);
+			return(0);
+			}
+		else
+			{
+			gettimeofday(&tend,NULL);
+			i=(long)tend.tv_usec-(long)tstart.tv_usec;
+			ret=((double)(tend.tv_sec-tstart.tv_sec))+((double)i)/1000000.0;
+			return((ret < 0.001)?0.001:ret);
+			}
+		}
+#else  /* ndef USE_TOD */
+		
+# ifdef TIMES
+	if (usertime)
 		{
-		ftime(&tstart);
-		return(0);
+		static struct tms tstart,tend;
+
+		times_used = 1;
+		if (s == START)
+			{
+			times(&tstart);
+			return(0);
+			}
+		else
+			{
+			times(&tend);
+			ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+			return((ret < 1e-3)?1e-3:ret);
+			}
 		}
+# endif /* times() */
+# if defined(TIMES) && defined(TIMEB)
 	else
+# endif
+# ifdef OPENSSL_SYS_VXWORKS
+                {
+		static unsigned long tick_start, tick_end;
+
+		if( s == START )
+			{
+			tick_start = tickGet();
+			return 0;
+			}
+		else
+			{
+			tick_end = tickGet();
+			ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
+			return((ret < 0.001)?0.001:ret);
+			}
+                }
+# elif defined(TIMEB)
 		{
-		ftime(&tend);
-		i=(long)tend.millitm-(long)tstart.millitm;
-		ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
-		return((ret < 0.001)?0.001:ret);
+		static struct timeb tstart,tend;
+		long i;
+
+		ftime_used = 1;
+		if (s == START)
+			{
+			ftime(&tstart);
+			return(0);
+			}
+		else
+			{
+			ftime(&tend);
+			i=(long)tend.millitm-(long)tstart.millitm;
+			ret=((double)(tend.time-tstart.time))+((double)i)/1000.0;
+			return((ret < 0.001)?0.001:ret);
+			}
 		}
+# endif
 #endif
 	}
 
-int MAIN(argc,argv)
-int argc;
-char **argv;
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	unsigned char *buf=NULL,*buf2=NULL;
-	int ret=1;
-#define ALGOR_NUM	14
-#define SIZE_NUM	5
-#define RSA_NUM		4
-#define DSA_NUM		3
-	long count,rsa_count;
-	int i,j,k,rsa_num,rsa_num2;
-#ifndef NO_MD2
+	int mret=1;
+	long count=0,save_count=0;
+	int i,j,k;
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA)
+	long rsa_count;
+#endif
+#ifndef OPENSSL_NO_RSA
+	unsigned rsa_num;
+#endif
+	unsigned char md[EVP_MAX_MD_SIZE];
+#ifndef OPENSSL_NO_MD2
 	unsigned char md2[MD2_DIGEST_LENGTH];
 #endif
-#ifndef NO_MDC2
+#ifndef OPENSSL_NO_MDC2
 	unsigned char mdc2[MDC2_DIGEST_LENGTH];
 #endif
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD4
+	unsigned char md4[MD4_DIGEST_LENGTH];
+#endif
+#ifndef OPENSSL_NO_MD5
 	unsigned char md5[MD5_DIGEST_LENGTH];
 	unsigned char hmac[MD5_DIGEST_LENGTH];
 #endif
-#ifndef NO_SHA1
+#ifndef OPENSSL_NO_SHA
 	unsigned char sha[SHA_DIGEST_LENGTH];
 #endif
-#ifndef NO_RMD160
+#ifndef OPENSSL_NO_RIPEMD
 	unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
 #endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 	RC4_KEY rc4_ks;
 #endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 	RC5_32_KEY rc5_ks;
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 	RC2_KEY rc2_ks;
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 	IDEA_KEY_SCHEDULE idea_ks;
 #endif
-#ifndef NO_BLOWFISH
+#ifndef OPENSSL_NO_BF
 	BF_KEY bf_ks;
 #endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 	CAST_KEY cast_ks;
 #endif
-	static unsigned char key16[16]=
+	static const unsigned char key16[16]=
 		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
 		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
-	unsigned char iv[8];
-#ifndef NO_DES
-	static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
-	static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
-	static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
-	des_key_schedule sch,sch2,sch3;
+	static const unsigned char key24[24]=
+		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
+		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+	static const unsigned char key32[32]=
+		{0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,
+		 0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,
+		 0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,
+		 0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34,0x56};
+#ifndef OPENSSL_NO_AES
+#define MAX_BLOCK_SIZE 128
+#else
+#define MAX_BLOCK_SIZE 64
+#endif
+	unsigned char DES_iv[8];
+	unsigned char iv[MAX_BLOCK_SIZE/8];
+#ifndef OPENSSL_NO_DES
+	DES_cblock *buf_as_des_cblock = NULL;
+	static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+	static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+	static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+	DES_key_schedule sch;
+	DES_key_schedule sch2;
+	DES_key_schedule sch3;
+#endif
+#ifndef OPENSSL_NO_AES
+	AES_KEY aes_ks1, aes_ks2, aes_ks3;
 #endif
 #define	D_MD2		0
 #define	D_MDC2		1
-#define	D_MD5		2
-#define	D_HMAC		3
-#define	D_SHA1		4
-#define D_RMD160	5
-#define	D_RC4		6
-#define	D_CBC_DES	7
-#define	D_EDE3_DES	8
-#define	D_CBC_IDEA	9
-#define	D_CBC_RC2	10
-#define	D_CBC_RC5	11
-#define	D_CBC_BF	12
-#define	D_CBC_CAST	13
-	double d,results[ALGOR_NUM][SIZE_NUM];
-	static int lengths[SIZE_NUM]={8,64,256,1024,8*1024};
+#define	D_MD4		2
+#define	D_MD5		3
+#define	D_HMAC		4
+#define	D_SHA1		5
+#define D_RMD160	6
+#define	D_RC4		7
+#define	D_CBC_DES	8
+#define	D_EDE3_DES	9
+#define	D_CBC_IDEA	10
+#define	D_CBC_RC2	11
+#define	D_CBC_RC5	12
+#define	D_CBC_BF	13
+#define	D_CBC_CAST	14
+#define D_CBC_128_AES	15
+#define D_CBC_192_AES	16
+#define D_CBC_256_AES	17
+#define D_EVP		18
+	double d=0.0;
 	long c[ALGOR_NUM][SIZE_NUM];
-	static char *names[ALGOR_NUM]={
-		"md2","mdc2","md5","hmac(md5)","sha1","rmd160","rc4",
-		"des cbc","des ede3","idea cbc",
-		"rc2 cbc","rc5-32/12 cbc","blowfish cbc","cast cbc"};
 #define	R_DSA_512	0
 #define	R_DSA_1024	1
 #define	R_DSA_2048	2
@@ -339,10 +506,27 @@ char **argv;
 #define	R_RSA_1024	1
 #define	R_RSA_2048	2
 #define	R_RSA_4096	3
+
+#define R_EC_P160    0
+#define R_EC_P192    1	
+#define R_EC_P224    2
+#define R_EC_P256    3
+#define R_EC_P384    4
+#define R_EC_P521    5
+#define R_EC_K163    6
+#define R_EC_K233    7
+#define R_EC_K283    8
+#define R_EC_K409    9
+#define R_EC_K571    10
+#define R_EC_B163    11
+#define R_EC_B233    12
+#define R_EC_B283    13
+#define R_EC_B409    14
+#define R_EC_B571    15
+
+#ifndef OPENSSL_NO_RSA
 	RSA *rsa_key[RSA_NUM];
 	long rsa_c[RSA_NUM][2];
-#ifndef NO_RSA
-	double rsa_results[RSA_NUM][2];
 	static unsigned int rsa_bits[RSA_NUM]={512,1024,2048,4096};
 	static unsigned char *rsa_data[RSA_NUM]=
 		{test512,test1024,test2048,test4096};
@@ -350,44 +534,147 @@ char **argv;
 		sizeof(test512),sizeof(test1024),
 		sizeof(test2048),sizeof(test4096)};
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	DSA *dsa_key[DSA_NUM];
 	long dsa_c[DSA_NUM][2];
-	double dsa_results[DSA_NUM][2];
 	static unsigned int dsa_bits[DSA_NUM]={512,1024,2048};
 #endif
+#ifndef OPENSSL_NO_EC
+	/* We only test over the following curves as they are representative, 
+	 * To add tests over more curves, simply add the curve NID
+	 * and curve name to the following arrays and increase the 
+	 * EC_NUM value accordingly. 
+	 */
+	static unsigned int test_curves[EC_NUM] = 
+	{	
+	/* Prime Curves */
+	NID_secp160r1,
+	NID_X9_62_prime192v1,
+	NID_secp224r1,
+	NID_X9_62_prime256v1,
+	NID_secp384r1,
+	NID_secp521r1,
+	/* Binary Curves */
+	NID_sect163k1,
+	NID_sect233k1,
+	NID_sect283k1,
+	NID_sect409k1,
+	NID_sect571k1,
+	NID_sect163r2,
+	NID_sect233r1,
+	NID_sect283r1,
+	NID_sect409r1,
+	NID_sect571r1
+	}; 
+	static char * test_curves_names[EC_NUM] = 
+	{
+	/* Prime Curves */
+	"secp160r1",
+	"nistp192",
+	"nistp224",
+	"nistp256",
+	"nistp384",
+	"nistp521",
+	/* Binary Curves */
+	"nistk163",
+	"nistk233",
+	"nistk283",
+	"nistk409",
+	"nistk571",
+	"nistb163",
+	"nistb233",
+	"nistb283",
+	"nistb409",
+	"nistb571"
+	};
+	static int test_curves_bits[EC_NUM] =
+        {
+        160, 192, 224, 256, 384, 521,
+        163, 233, 283, 409, 571,
+        163, 233, 283, 409, 571
+        };
+
+#endif
+
+#ifndef OPENSSL_NO_ECDSA
+        unsigned char ecdsasig[256];
+        unsigned int ecdsasiglen;
+        EC_KEY *ecdsa[EC_NUM];
+        long ecdsa_c[EC_NUM][2];
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+        EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM];
+        unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE];
+        int secret_size_a, secret_size_b;
+        int ecdh_checks = 0;
+        int secret_idx = 0;
+        long ecdh_c[EC_NUM][2];
+#endif
+
 	int rsa_doit[RSA_NUM];
 	int dsa_doit[DSA_NUM];
+	int ecdsa_doit[EC_NUM];
+        int ecdh_doit[EC_NUM];
 	int doit[ALGOR_NUM];
 	int pr_header=0;
+	const EVP_CIPHER *evp_cipher=NULL;
+	const EVP_MD *evp_md=NULL;
+	int decrypt=0;
+#ifdef HAVE_FORK
+	int multi=0;
+#endif
+
+#ifndef TIMES
+	usertime=-1;
+#endif
 
 	apps_startup();
-#ifdef NO_DSA
+	memset(results, 0, sizeof(results));
+#ifndef OPENSSL_NO_DSA
 	memset(dsa_key,0,sizeof(dsa_key));
 #endif
+#ifndef OPENSSL_NO_ECDSA
+	for (i=0; i<EC_NUM; i++) ecdsa[i] = NULL;
+#endif
+#ifndef OPENSSL_NO_ECDH
+	for (i=0; i<EC_NUM; i++)
+		{
+		ecdh_a[i] = NULL;
+		ecdh_b[i] = NULL;
+		}
+#endif
+
 
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
-#ifndef NO_RSA
+	if (!load_config(bio_err, NULL))
+		goto end;
+
+#ifndef OPENSSL_NO_RSA
 	memset(rsa_key,0,sizeof(rsa_key));
 	for (i=0; i<RSA_NUM; i++)
 		rsa_key[i]=NULL;
 #endif
 
-	if ((buf=(unsigned char *)Malloc((int)BUFSIZE)) == NULL)
+	if ((buf=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
 		}
-	if ((buf2=(unsigned char *)Malloc((int)BUFSIZE)) == NULL)
+#ifndef OPENSSL_NO_DES
+	buf_as_des_cblock = (DES_cblock *)buf;
+#endif
+	if ((buf2=(unsigned char *)OPENSSL_malloc((int)BUFSIZE)) == NULL)
 		{
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
 		}
 
 	memset(c,0,sizeof(c));
+	memset(DES_iv,0,sizeof(DES_iv));
 	memset(iv,0,sizeof(iv));
 
 	for (i=0; i<ALGOR_NUM; i++)
@@ -396,35 +683,124 @@ char **argv;
 		rsa_doit[i]=0;
 	for (i=0; i<DSA_NUM; i++)
 		dsa_doit[i]=0;
+#ifndef OPENSSL_NO_ECDSA
+	for (i=0; i<EC_NUM; i++)
+		ecdsa_doit[i]=0;
+#endif
+#ifndef OPENSSL_NO_ECDH
+	for (i=0; i<EC_NUM; i++)
+		ecdh_doit[i]=0;
+#endif
+
 	
 	j=0;
 	argc--;
 	argv++;
 	while (argc)
 		{
-#ifndef NO_MD2
+		if	((argc > 0) && (strcmp(*argv,"-elapsed") == 0))
+			{
+			usertime = 0;
+			j--;	/* Otherwise, -elapsed gets confused with
+				   an algorithm. */
+			}
+		else if	((argc > 0) && (strcmp(*argv,"-evp") == 0))
+			{
+			argc--;
+			argv++;
+			if(argc == 0)
+				{
+				BIO_printf(bio_err,"no EVP given\n");
+				goto end;
+				}
+			evp_cipher=EVP_get_cipherbyname(*argv);
+			if(!evp_cipher)
+				{
+				evp_md=EVP_get_digestbyname(*argv);
+				}
+			if(!evp_cipher && !evp_md)
+				{
+				BIO_printf(bio_err,"%s is an unknown cipher or digest\n",*argv);
+				goto end;
+				}
+			doit[D_EVP]=1;
+			}
+		else if (argc > 0 && !strcmp(*argv,"-decrypt"))
+			{
+			decrypt=1;
+			j--;	/* Otherwise, -elapsed gets confused with
+				   an algorithm. */
+			}
+		else if	((argc > 0) && (strcmp(*argv,"-engine") == 0))
+			{
+			argc--;
+			argv++;
+			if(argc == 0)
+				{
+				BIO_printf(bio_err,"no engine given\n");
+				goto end;
+				}
+                        e = setup_engine(bio_err, *argv, 0);
+			/* j will be increased again further down.  We just
+			   don't want speed to confuse an engine with an
+			   algorithm, especially when none is given (which
+			   means all of them should be run) */
+			j--;
+			}
+#ifdef HAVE_FORK
+		else if	((argc > 0) && (strcmp(*argv,"-multi") == 0))
+			{
+			argc--;
+			argv++;
+			if(argc == 0)
+				{
+				BIO_printf(bio_err,"no multi count given\n");
+				goto end;
+				}
+			multi=atoi(argv[0]);
+			if(multi <= 0)
+			    {
+				BIO_printf(bio_err,"bad multi count\n");
+				goto end;
+				}				
+			j--;	/* Otherwise, -mr gets confused with
+				   an algorithm. */
+			}
+#endif
+		else if (argc > 0 && !strcmp(*argv,"-mr"))
+			{
+			mr=1;
+			j--;	/* Otherwise, -mr gets confused with
+				   an algorithm. */
+			}
+		else
+#ifndef OPENSSL_NO_MD2
 		if	(strcmp(*argv,"md2") == 0) doit[D_MD2]=1;
 		else
 #endif
-#ifndef NO_MDC2
+#ifndef OPENSSL_NO_MDC2
 			if (strcmp(*argv,"mdc2") == 0) doit[D_MDC2]=1;
 		else
 #endif
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD4
+			if (strcmp(*argv,"md4") == 0) doit[D_MD4]=1;
+		else
+#endif
+#ifndef OPENSSL_NO_MD5
 			if (strcmp(*argv,"md5") == 0) doit[D_MD5]=1;
 		else
 #endif
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
 			if (strcmp(*argv,"hmac") == 0) doit[D_HMAC]=1;
 		else
 #endif
-#ifndef NO_SHA1
+#ifndef OPENSSL_NO_SHA
 			if (strcmp(*argv,"sha1") == 0) doit[D_SHA1]=1;
 		else
 			if (strcmp(*argv,"sha") == 0) doit[D_SHA1]=1;
 		else
 #endif
-#ifndef NO_RMD160
+#ifndef OPENSSL_NO_RIPEMD
 			if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1;
 		else
 			if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1;
@@ -432,31 +808,39 @@ char **argv;
 			if (strcmp(*argv,"ripemd160") == 0) doit[D_RMD160]=1;
 		else
 #endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 			if (strcmp(*argv,"rc4") == 0) doit[D_RC4]=1;
 		else 
 #endif
-#ifndef NO_DEF
+#ifndef OPENSSL_NO_DES
 			if (strcmp(*argv,"des-cbc") == 0) doit[D_CBC_DES]=1;
 		else	if (strcmp(*argv,"des-ede3") == 0) doit[D_EDE3_DES]=1;
 		else
 #endif
-#ifndef NO_RSA
-#ifdef RSAref
+#ifndef OPENSSL_NO_AES
+			if (strcmp(*argv,"aes-128-cbc") == 0) doit[D_CBC_128_AES]=1;
+		else	if (strcmp(*argv,"aes-192-cbc") == 0) doit[D_CBC_192_AES]=1;
+		else	if (strcmp(*argv,"aes-256-cbc") == 0) doit[D_CBC_256_AES]=1;
+		else
+#endif
+#ifndef OPENSSL_NO_RSA
+#if 0 /* was: #ifdef RSAref */
 			if (strcmp(*argv,"rsaref") == 0) 
 			{
-			RSA_set_default_method(RSA_PKCS1_RSAref());
+			RSA_set_default_openssl_method(RSA_PKCS1_RSAref());
 			j--;
 			}
 		else
 #endif
-			if (strcmp(*argv,"ssleay") == 0) 
+#ifndef RSA_NULL
+			if (strcmp(*argv,"openssl") == 0) 
 			{
 			RSA_set_default_method(RSA_PKCS1_SSLeay());
 			j--;
 			}
 		else
-#endif /* !NO_RSA */
+#endif
+#endif /* !OPENSSL_NO_RSA */
 		     if (strcmp(*argv,"dsa512") == 0) dsa_doit[R_DSA_512]=2;
 		else if (strcmp(*argv,"dsa1024") == 0) dsa_doit[R_DSA_1024]=2;
 		else if (strcmp(*argv,"dsa2048") == 0) dsa_doit[R_DSA_2048]=2;
@@ -465,34 +849,34 @@ char **argv;
 		else if (strcmp(*argv,"rsa2048") == 0) rsa_doit[R_RSA_2048]=2;
 		else if (strcmp(*argv,"rsa4096") == 0) rsa_doit[R_RSA_4096]=2;
 		else
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 		     if (strcmp(*argv,"rc2-cbc") == 0) doit[D_CBC_RC2]=1;
 		else if (strcmp(*argv,"rc2") == 0) doit[D_CBC_RC2]=1;
 		else
 #endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 		     if (strcmp(*argv,"rc5-cbc") == 0) doit[D_CBC_RC5]=1;
 		else if (strcmp(*argv,"rc5") == 0) doit[D_CBC_RC5]=1;
 		else
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 		     if (strcmp(*argv,"idea-cbc") == 0) doit[D_CBC_IDEA]=1;
 		else if (strcmp(*argv,"idea") == 0) doit[D_CBC_IDEA]=1;
 		else
 #endif
-#ifndef NO_BLOWFISH
+#ifndef OPENSSL_NO_BF
 		     if (strcmp(*argv,"bf-cbc") == 0) doit[D_CBC_BF]=1;
 		else if (strcmp(*argv,"blowfish") == 0) doit[D_CBC_BF]=1;
 		else if (strcmp(*argv,"bf") == 0) doit[D_CBC_BF]=1;
 		else
 #endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 		     if (strcmp(*argv,"cast-cbc") == 0) doit[D_CBC_CAST]=1;
 		else if (strcmp(*argv,"cast") == 0) doit[D_CBC_CAST]=1;
 		else if (strcmp(*argv,"cast5") == 0) doit[D_CBC_CAST]=1;
 		else
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 			if (strcmp(*argv,"des") == 0)
 			{
 			doit[D_CBC_DES]=1;
@@ -500,7 +884,16 @@ char **argv;
 			}
 		else
 #endif
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_AES
+			if (strcmp(*argv,"aes") == 0)
+			{
+			doit[D_CBC_128_AES]=1;
+			doit[D_CBC_192_AES]=1;
+			doit[D_CBC_256_AES]=1;
+			}
+		else
+#endif
+#ifndef OPENSSL_NO_RSA
 			if (strcmp(*argv,"rsa") == 0)
 			{
 			rsa_doit[R_RSA_512]=1;
@@ -510,7 +903,7 @@ char **argv;
 			}
 		else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 			if (strcmp(*argv,"dsa") == 0)
 			{
 			dsa_doit[R_DSA_512]=1;
@@ -518,35 +911,166 @@ char **argv;
 			}
 		else
 #endif
+#ifndef OPENSSL_NO_ECDSA
+		     if (strcmp(*argv,"ecdsap160") == 0) ecdsa_doit[R_EC_P160]=2;
+		else if (strcmp(*argv,"ecdsap224") == 0) ecdsa_doit[R_EC_P224]=2;
+		else if (strcmp(*argv,"ecdsap256") == 0) ecdsa_doit[R_EC_P256]=2;
+		else if (strcmp(*argv,"ecdsap384") == 0) ecdsa_doit[R_EC_P384]=2;
+		else if (strcmp(*argv,"ecdsap521") == 0) ecdsa_doit[R_EC_P521]=2;
+		else if (strcmp(*argv,"ecdsak163") == 0) ecdsa_doit[R_EC_K163]=2;
+		else if (strcmp(*argv,"ecdsak233") == 0) ecdsa_doit[R_EC_K233]=2;
+		else if (strcmp(*argv,"ecdsak283") == 0) ecdsa_doit[R_EC_K283]=2;
+		else if (strcmp(*argv,"ecdsak409") == 0) ecdsa_doit[R_EC_K409]=2;
+		else if (strcmp(*argv,"ecdsak571") == 0) ecdsa_doit[R_EC_K571]=2;
+		else if (strcmp(*argv,"ecdsab163") == 0) ecdsa_doit[R_EC_B163]=2;
+		else if (strcmp(*argv,"ecdsab233") == 0) ecdsa_doit[R_EC_B233]=2;
+		else if (strcmp(*argv,"ecdsab283") == 0) ecdsa_doit[R_EC_B283]=2;
+		else if (strcmp(*argv,"ecdsab409") == 0) ecdsa_doit[R_EC_B409]=2;
+		else if (strcmp(*argv,"ecdsab571") == 0) ecdsa_doit[R_EC_B571]=2;
+		else if (strcmp(*argv,"ecdsa") == 0)
 			{
-			BIO_printf(bio_err,"bad value, pick one of\n");
-			BIO_printf(bio_err,"md2      mdc2	md5      hmac      sha1    rmd160\n");
-#ifndef NO_IDEA
+			for (i=0; i < EC_NUM; i++)
+				ecdsa_doit[i]=1;
+			}
+		else
+#endif
+#ifndef OPENSSL_NO_ECDH
+		     if (strcmp(*argv,"ecdhp160") == 0) ecdh_doit[R_EC_P160]=2;
+		else if (strcmp(*argv,"ecdhp224") == 0) ecdh_doit[R_EC_P224]=2;
+		else if (strcmp(*argv,"ecdhp256") == 0) ecdh_doit[R_EC_P256]=2;
+		else if (strcmp(*argv,"ecdhp384") == 0) ecdh_doit[R_EC_P384]=2;
+		else if (strcmp(*argv,"ecdhp521") == 0) ecdh_doit[R_EC_P521]=2;
+		else if (strcmp(*argv,"ecdhk163") == 0) ecdh_doit[R_EC_K163]=2;
+		else if (strcmp(*argv,"ecdhk233") == 0) ecdh_doit[R_EC_K233]=2;
+		else if (strcmp(*argv,"ecdhk283") == 0) ecdh_doit[R_EC_K283]=2;
+		else if (strcmp(*argv,"ecdhk409") == 0) ecdh_doit[R_EC_K409]=2;
+		else if (strcmp(*argv,"ecdhk571") == 0) ecdh_doit[R_EC_K571]=2;
+		else if (strcmp(*argv,"ecdhb163") == 0) ecdh_doit[R_EC_B163]=2;
+		else if (strcmp(*argv,"ecdhb233") == 0) ecdh_doit[R_EC_B233]=2;
+		else if (strcmp(*argv,"ecdhb283") == 0) ecdh_doit[R_EC_B283]=2;
+		else if (strcmp(*argv,"ecdhb409") == 0) ecdh_doit[R_EC_B409]=2;
+		else if (strcmp(*argv,"ecdhb571") == 0) ecdh_doit[R_EC_B571]=2;
+		else if (strcmp(*argv,"ecdh") == 0)
+			{
+			for (i=0; i < EC_NUM; i++)
+				ecdh_doit[i]=1;
+			}
+		else
+#endif
+			{
+			BIO_printf(bio_err,"Error: bad option or value\n");
+			BIO_printf(bio_err,"\n");
+			BIO_printf(bio_err,"Available values:\n");
+#ifndef OPENSSL_NO_MD2
+			BIO_printf(bio_err,"md2      ");
+#endif
+#ifndef OPENSSL_NO_MDC2
+			BIO_printf(bio_err,"mdc2     ");
+#endif
+#ifndef OPENSSL_NO_MD4
+			BIO_printf(bio_err,"md4      ");
+#endif
+#ifndef OPENSSL_NO_MD5
+			BIO_printf(bio_err,"md5      ");
+#ifndef OPENSSL_NO_HMAC
+			BIO_printf(bio_err,"hmac     ");
+#endif
+#endif
+#ifndef OPENSSL_NO_SHA1
+			BIO_printf(bio_err,"sha1     ");
+#endif
+#ifndef OPENSSL_NO_RIPEMD160
+			BIO_printf(bio_err,"rmd160");
+#endif
+#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \
+    !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \
+    !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160)
+			BIO_printf(bio_err,"\n");
+#endif
+
+#ifndef OPENSSL_NO_IDEA
 			BIO_printf(bio_err,"idea-cbc ");
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 			BIO_printf(bio_err,"rc2-cbc  ");
 #endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 			BIO_printf(bio_err,"rc5-cbc  ");
 #endif
-#ifndef NO_BLOWFISH
+#ifndef OPENSSL_NO_BF
 			BIO_printf(bio_err,"bf-cbc");
 #endif
-#if !defined(NO_IDEA) && !defined(NO_RC2) && !defined(NO_BLOWFISH) && !defined(NO_RC5)
+#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \
+    !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5)
 			BIO_printf(bio_err,"\n");
 #endif
+#ifndef OPENSSL_NO_DES
 			BIO_printf(bio_err,"des-cbc  des-ede3 ");
-#ifndef NO_RC4
+#endif
+#ifndef OPENSSL_NO_AES
+			BIO_printf(bio_err,"aes-128-cbc aes-192-cbc aes-256-cbc ");
+#endif
+#ifndef OPENSSL_NO_RC4
 			BIO_printf(bio_err,"rc4");
 #endif
-#ifndef NO_RSA
-			BIO_printf(bio_err,"\nrsa512   rsa1024  rsa2048  rsa4096\n");
+			BIO_printf(bio_err,"\n");
+
+#ifndef OPENSSL_NO_RSA
+			BIO_printf(bio_err,"rsa512   rsa1024  rsa2048  rsa4096\n");
+#endif
+
+#ifndef OPENSSL_NO_DSA
+			BIO_printf(bio_err,"dsa512   dsa1024  dsa2048\n");
+#endif
+#ifndef OPENSSL_NO_ECDSA
+			BIO_printf(bio_err,"ecdsap160 ecdsap224 ecdsap256 ecdsap384 ecdsap521\n");
+			BIO_printf(bio_err,"ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
+			BIO_printf(bio_err,"ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
+			BIO_printf(bio_err,"ecdsa\n");
+#endif
+#ifndef OPENSSL_NO_ECDH
+			BIO_printf(bio_err,"ecdhp160  ecdhp224  ecdhp256  ecdhp384  ecdhp521\n");
+			BIO_printf(bio_err,"ecdhk163  ecdhk233  ecdhk283  ecdhk409  ecdhk571\n");
+			BIO_printf(bio_err,"ecdhb163  ecdhb233  ecdhb283  ecdhb409  ecdhb571\n");
+			BIO_printf(bio_err,"ecdh\n");
+#endif
+
+#ifndef OPENSSL_NO_IDEA
+			BIO_printf(bio_err,"idea     ");
+#endif
+#ifndef OPENSSL_NO_RC2
+			BIO_printf(bio_err,"rc2      ");
+#endif
+#ifndef OPENSSL_NO_DES
+			BIO_printf(bio_err,"des      ");
+#endif
+#ifndef OPENSSL_NO_AES
+			BIO_printf(bio_err,"aes      ");
+#endif
+#ifndef OPENSSL_NO_RSA
+			BIO_printf(bio_err,"rsa      ");
+#endif
+#ifndef OPENSSL_NO_BF
+			BIO_printf(bio_err,"blowfish");
+#endif
+#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_RC2) || \
+    !defined(OPENSSL_NO_DES) || !defined(OPENSSL_NO_RSA) || \
+    !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_AES)
+			BIO_printf(bio_err,"\n");
+#endif
+
+			BIO_printf(bio_err,"\n");
+			BIO_printf(bio_err,"Available options:\n");
+#if defined(TIMES) || defined(USE_TOD)
+			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
 #endif
-#ifndef NO_DSA
-			BIO_printf(bio_err,"\ndsa512   dsa1024  dsa2048\n");
+			BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
+			BIO_printf(bio_err,"-evp e          use EVP e.\n");
+			BIO_printf(bio_err,"-decrypt        time decryption instead of encryption (only EVP).\n");
+			BIO_printf(bio_err,"-mr             produce machine readable output.\n");
+#ifdef HAVE_FORK
+			BIO_printf(bio_err,"-multi n        run n benchmarks in parallel.\n");
 #endif
-			BIO_printf(bio_err,"idea     rc2      des      rsa    blowfish\n");
 			goto end;
 			}
 		argc--;
@@ -554,10 +1078,18 @@ char **argv;
 		j++;
 		}
 
+#ifdef HAVE_FORK
+	if(multi && do_multi(multi))
+		goto show_res;
+#endif
+
 	if (j == 0)
 		{
 		for (i=0; i<ALGOR_NUM; i++)
-			doit[i]=1;
+			{
+			if (i != D_EVP)
+				doit[i]=1;
+			}
 		for (i=0; i<RSA_NUM; i++)
 			rsa_doit[i]=1;
 		for (i=0; i<DSA_NUM; i++)
@@ -566,15 +1098,18 @@ char **argv;
 	for (i=0; i<ALGOR_NUM; i++)
 		if (doit[i]) pr_header++;
 
-#ifndef TIMES
-	BIO_printf(bio_err,"To get the most accurate results, try to run this\n");
-	BIO_printf(bio_err,"program when this computer is idle.\n");
-#endif
+	if (usertime == 0 && !mr)
+		BIO_printf(bio_err,"You have chosen to measure elapsed time instead of user CPU time.\n");
+	if (usertime <= 0 && !mr)
+		{
+		BIO_printf(bio_err,"To get the most accurate results, try to run this\n");
+		BIO_printf(bio_err,"program when this computer is idle.\n");
+		}
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	for (i=0; i<RSA_NUM; i++)
 		{
-		unsigned char *p;
+		const unsigned char *p;
 
 		p=rsa_data[i];
 		rsa_key[i]=d2i_RSAPrivateKey(NULL,&p,rsa_data_length[i]);
@@ -586,7 +1121,9 @@ char **argv;
 #if 0
 		else
 			{
-			BIO_printf(bio_err,"Loaded RSA key, %d bit modulus and e= 0x",BN_num_bits(rsa_key[i]->n));
+			BIO_printf(bio_err,mr ? "+RK:%d:"
+				   : "Loaded RSA key, %d bit modulus and e= 0x",
+				   BN_num_bits(rsa_key[i]->n));
 			BN_print(bio_err,rsa_key[i]->e);
 			BIO_printf(bio_err,"\n");
 			}
@@ -594,38 +1131,45 @@ char **argv;
 		}
 #endif
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	dsa_key[0]=get_dsa512();
 	dsa_key[1]=get_dsa1024();
 	dsa_key[2]=get_dsa2048();
 #endif
 
-#ifndef NO_DES
-	des_set_key((C_Block *)key,sch);
-	des_set_key((C_Block *)key2,sch2);
-	des_set_key((C_Block *)key3,sch3);
+#ifndef OPENSSL_NO_DES
+	DES_set_key_unchecked(&key,&sch);
+	DES_set_key_unchecked(&key2,&sch2);
+	DES_set_key_unchecked(&key3,&sch3);
+#endif
+#ifndef OPENSSL_NO_AES
+	AES_set_encrypt_key(key16,128,&aes_ks1);
+	AES_set_encrypt_key(key24,192,&aes_ks2);
+	AES_set_encrypt_key(key32,256,&aes_ks3);
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 	idea_set_encrypt_key(key16,&idea_ks);
 #endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 	RC4_set_key(&rc4_ks,16,key16);
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 	RC2_set_key(&rc2_ks,16,key16,128);
 #endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 	RC5_32_set_key(&rc5_ks,16,key16,12);
 #endif
-#ifndef NO_BLOWFISH
+#ifndef OPENSSL_NO_BF
 	BF_set_key(&bf_ks,16,key16);
 #endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 	CAST_set_key(&cast_ks,16,key16);
 #endif
-
+#ifndef OPENSSL_NO_RSA
 	memset(rsa_c,0,sizeof(rsa_c));
+#endif
 #ifndef SIGALRM
+#ifndef OPENSSL_NO_DES
 	BIO_printf(bio_err,"First we calculate the approximate speed ...\n");
 	count=10;
 	do	{
@@ -633,12 +1177,14 @@ char **argv;
 		count*=2;
 		Time_F(START);
 		for (i=count; i; i--)
-			des_ecb_encrypt((C_Block *)buf,(C_Block *)buf,
-				&(sch[0]),DES_ENCRYPT);
+			DES_ecb_encrypt(buf_as_des_cblock,buf_as_des_cblock,
+				&sch,DES_ENCRYPT);
 		d=Time_F(STOP);
 		} while (d <3);
+	save_count=count;
 	c[D_MD2][0]=count/10;
 	c[D_MDC2][0]=count/10;
+	c[D_MD4][0]=count;
 	c[D_MD5][0]=count;
 	c[D_HMAC][0]=count;
 	c[D_SHA1][0]=count;
@@ -656,6 +1202,7 @@ char **argv;
 		{
 		c[D_MD2][i]=c[D_MD2][0]*4*lengths[0]/lengths[i];
 		c[D_MDC2][i]=c[D_MDC2][0]*4*lengths[0]/lengths[i];
+		c[D_MD4][i]=c[D_MD4][0]*4*lengths[0]/lengths[i];
 		c[D_MD5][i]=c[D_MD5][0]*4*lengths[0]/lengths[i];
 		c[D_HMAC][i]=c[D_HMAC][0]*4*lengths[0]/lengths[i];
 		c[D_SHA1][i]=c[D_SHA1][0]*4*lengths[0]/lengths[i];
@@ -676,6 +1223,7 @@ char **argv;
 		c[D_CBC_BF][i]=c[D_CBC_BF][i-1]*l0/l1;
 		c[D_CBC_CAST][i]=c[D_CBC_CAST][i-1]*l0/l1;
 		}
+#ifndef OPENSSL_NO_RSA
 	rsa_c[R_RSA_512][0]=count/2000;
 	rsa_c[R_RSA_512][1]=count/400;
 	for (i=1; i<RSA_NUM; i++)
@@ -693,7 +1241,9 @@ char **argv;
 				}
 			}				
 		}
+#endif
 
+#ifndef OPENSSL_NO_DSA
 	dsa_c[R_DSA_512][0]=count/1000;
 	dsa_c[R_DSA_512][1]=count/1000/2;
 	for (i=1; i<DSA_NUM; i++)
@@ -711,16 +1261,129 @@ char **argv;
 				}
 			}				
 		}
+#endif
+
+#ifndef OPENSSL_NO_ECDSA
+	ecdsa_c[R_EC_P160][0]=count/1000;
+	ecdsa_c[R_EC_P160][1]=count/1000/2;
+	for (i=R_EC_P224; i<=R_EC_P521; i++)
+		{
+		ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
+		ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
+		if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
+			ecdsa_doit[i]=0;
+		else
+			{
+			if (ecdsa_c[i] == 0)
+				{
+				ecdsa_c[i][0]=1;
+				ecdsa_c[i][1]=1;
+				}
+			}
+		}
+	ecdsa_c[R_EC_K163][0]=count/1000;
+	ecdsa_c[R_EC_K163][1]=count/1000/2;
+	for (i=R_EC_K233; i<=R_EC_K571; i++)
+		{
+		ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
+		ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
+		if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
+			ecdsa_doit[i]=0;
+		else
+			{
+			if (ecdsa_c[i] == 0)
+				{
+				ecdsa_c[i][0]=1;
+				ecdsa_c[i][1]=1;
+				}
+			}
+		}
+	ecdsa_c[R_EC_B163][0]=count/1000;
+	ecdsa_c[R_EC_B163][1]=count/1000/2;
+	for (i=R_EC_B233; i<=R_EC_B571; i++)
+		{
+		ecdsa_c[i][0]=ecdsa_c[i-1][0]/2;
+		ecdsa_c[i][1]=ecdsa_c[i-1][1]/2;
+		if ((ecdsa_doit[i] <= 1) && (ecdsa_c[i][0] == 0))
+			ecdsa_doit[i]=0;
+		else
+			{
+			if (ecdsa_c[i] == 0)
+				{
+				ecdsa_c[i][0]=1;
+				ecdsa_c[i][1]=1;
+				}
+			}
+		}
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+	ecdh_c[R_EC_P160][0]=count/1000;
+	ecdh_c[R_EC_P160][1]=count/1000;
+	for (i=R_EC_P224; i<=R_EC_P521; i++)
+		{
+		ecdh_c[i][0]=ecdh_c[i-1][0]/2;
+		ecdh_c[i][1]=ecdh_c[i-1][1]/2;
+		if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
+			ecdh_doit[i]=0;
+		else
+			{
+			if (ecdh_c[i] == 0)
+				{
+				ecdh_c[i][0]=1;
+				ecdh_c[i][1]=1;
+				}
+			}
+		}
+	ecdh_c[R_EC_K163][0]=count/1000;
+	ecdh_c[R_EC_K163][1]=count/1000;
+	for (i=R_EC_K233; i<=R_EC_K571; i++)
+		{
+		ecdh_c[i][0]=ecdh_c[i-1][0]/2;
+		ecdh_c[i][1]=ecdh_c[i-1][1]/2;
+		if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
+			ecdh_doit[i]=0;
+		else
+			{
+			if (ecdh_c[i] == 0)
+				{
+				ecdh_c[i][0]=1;
+				ecdh_c[i][1]=1;
+				}
+			}
+		}
+	ecdh_c[R_EC_B163][0]=count/1000;
+	ecdh_c[R_EC_B163][1]=count/1000;
+	for (i=R_EC_B233; i<=R_EC_B571; i++)
+		{
+		ecdh_c[i][0]=ecdh_c[i-1][0]/2;
+		ecdh_c[i][1]=ecdh_c[i-1][1]/2;
+		if ((ecdh_doit[i] <= 1) && (ecdh_c[i][0] == 0))
+			ecdh_doit[i]=0;
+		else
+			{
+			if (ecdh_c[i] == 0)
+				{
+				ecdh_c[i][0]=1;
+				ecdh_c[i][1]=1;
+				}
+			}
+		}
+#endif
 
 #define COND(d)	(count < (d))
 #define COUNT(d) (d)
 #else
+/* not worth fixing */
+# error "You cannot disable DES on systems without SIGALRM."
+#endif /* OPENSSL_NO_DES */
+#else
 #define COND(c)	(run)
 #define COUNT(d) (count)
 	signal(SIGALRM,sig_done);
-#endif
+#endif /* SIGALRM */
 
-#ifndef NO_MD2
+#ifndef OPENSSL_NO_MD2
 	if (doit[D_MD2])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -728,15 +1391,13 @@ char **argv;
 			print_message(names[D_MD2],c[D_MD2][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_MD2][j]); count++)
-				MD2(buf,(unsigned long)lengths[j],&(md2[0]));
+				EVP_Digest(buf,(unsigned long)lengths[j],&(md2[0]),NULL,EVP_md2(),NULL);
 			d=Time_F(STOP);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_MD2],d);
-			results[D_MD2][j]=((double)count)/d*lengths[j];
+			print_result(D_MD2,j,count,d);
 			}
 		}
 #endif
-#ifndef NO_MDC2
+#ifndef OPENSSL_NO_MDC2
 	if (doit[D_MDC2])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -744,16 +1405,29 @@ char **argv;
 			print_message(names[D_MDC2],c[D_MDC2][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_MDC2][j]); count++)
-				MDC2(buf,(unsigned long)lengths[j],&(mdc2[0]));
+				EVP_Digest(buf,(unsigned long)lengths[j],&(mdc2[0]),NULL,EVP_mdc2(),NULL);
 			d=Time_F(STOP);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_MDC2],d);
-			results[D_MDC2][j]=((double)count)/d*lengths[j];
+			print_result(D_MDC2,j,count,d);
 			}
 		}
 #endif
 
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD4
+	if (doit[D_MD4])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			print_message(names[D_MD4],c[D_MD4][j],lengths[j]);
+			Time_F(START);
+			for (count=0,run=1; COND(c[D_MD4][j]); count++)
+				EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md4[0]),NULL,EVP_md4(),NULL);
+			d=Time_F(STOP);
+			print_result(D_MD4,j,count,d);
+			}
+		}
+#endif
+
+#ifndef OPENSSL_NO_MD5
 	if (doit[D_MD5])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -761,21 +1435,21 @@ char **argv;
 			print_message(names[D_MD5],c[D_MD5][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_MD5][j]); count++)
-				MD5(&(buf[0]),(unsigned long)lengths[j],&(md5[0]));
+				EVP_Digest(&(buf[0]),(unsigned long)lengths[j],&(md5[0]),NULL,EVP_get_digestbyname("md5"),NULL);
 			d=Time_F(STOP);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_MD5],d);
-			results[D_MD5][j]=((double)count)/d*lengths[j];
+			print_result(D_MD5,j,count,d);
 			}
 		}
 #endif
 
-#ifndef NO_MD5
+#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC)
 	if (doit[D_HMAC])
 		{
 		HMAC_CTX hctx;
-		HMAC_Init(&hctx,(unsigned char *)"This is a key...",
-			16,EVP_md5());
+
+		HMAC_CTX_init(&hctx);
+		HMAC_Init_ex(&hctx,(unsigned char *)"This is a key...",
+			16,EVP_md5(), NULL);
 
 		for (j=0; j<SIZE_NUM; j++)
 			{
@@ -783,18 +1457,17 @@ char **argv;
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_HMAC][j]); count++)
 				{
-				HMAC_Init(&hctx,NULL,0,NULL);
-                                HMAC_Update(&hctx,buf,lengths[j]);
-                                HMAC_Final(&hctx,&(hmac[0]),NULL);
+				HMAC_Init_ex(&hctx,NULL,0,NULL,NULL);
+				HMAC_Update(&hctx,buf,lengths[j]);
+				HMAC_Final(&hctx,&(hmac[0]),NULL);
 				}
 			d=Time_F(STOP);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_HMAC],d);
-			results[D_HMAC][j]=((double)count)/d*lengths[j];
+			print_result(D_HMAC,j,count,d);
 			}
+		HMAC_CTX_cleanup(&hctx);
 		}
 #endif
-#ifndef NO_SHA1
+#ifndef OPENSSL_NO_SHA
 	if (doit[D_SHA1])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -802,15 +1475,13 @@ char **argv;
 			print_message(names[D_SHA1],c[D_SHA1][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_SHA1][j]); count++)
-				SHA1(buf,(unsigned long)lengths[j],&(sha[0]));
+				EVP_Digest(buf,(unsigned long)lengths[j],&(sha[0]),NULL,EVP_sha1(),NULL);
 			d=Time_F(STOP);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_SHA1],d);
-			results[D_SHA1][j]=((double)count)/d*lengths[j];
+			print_result(D_SHA1,j,count,d);
 			}
 		}
 #endif
-#ifndef NO_RMD160
+#ifndef OPENSSL_NO_RIPEMD
 	if (doit[D_RMD160])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -818,15 +1489,13 @@ char **argv;
 			print_message(names[D_RMD160],c[D_RMD160][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_RMD160][j]); count++)
-				RIPEMD160(buf,(unsigned long)lengths[j],&(rmd160[0]));
+				EVP_Digest(buf,(unsigned long)lengths[j],&(rmd160[0]),NULL,EVP_ripemd160(),NULL);
 			d=Time_F(STOP);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_RMD160],d);
-			results[D_RMD160][j]=((double)count)/d*lengths[j];
+			print_result(D_RMD160,j,count,d);
 			}
 		}
 #endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 	if (doit[D_RC4])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -837,13 +1506,11 @@ char **argv;
 				RC4(&rc4_ks,(unsigned int)lengths[j],
 					buf,buf);
 			d=Time_F(STOP);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_RC4],d);
-			results[D_RC4][j]=((double)count)/d*lengths[j];
+			print_result(D_RC4,j,count,d);
 			}
 		}
 #endif
-#ifndef NO_DES
+#ifndef OPENSSL_NO_DES
 	if (doit[D_CBC_DES])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -851,14 +1518,10 @@ char **argv;
 			print_message(names[D_CBC_DES],c[D_CBC_DES][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_CBC_DES][j]); count++)
-				des_ncbc_encrypt((C_Block *)buf,
-					(C_Block *)buf,
-					(long)lengths[j],sch,
-					(C_Block *)&(iv[0]),DES_ENCRYPT);
+				DES_ncbc_encrypt(buf,buf,lengths[j],&sch,
+						 &DES_iv,DES_ENCRYPT);
 			d=Time_F(STOP);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_CBC_DES],d);
-			results[D_CBC_DES][j]=((double)count)/d*lengths[j];
+			print_result(D_CBC_DES,j,count,d);
 			}
 		}
 
@@ -869,18 +1532,60 @@ char **argv;
 			print_message(names[D_EDE3_DES],c[D_EDE3_DES][j],lengths[j]);
 			Time_F(START);
 			for (count=0,run=1; COND(c[D_EDE3_DES][j]); count++)
-				des_ede3_cbc_encrypt((C_Block *)buf,
-					(C_Block *)buf,
-					(long)lengths[j],sch,sch2,sch3,
-					(C_Block *)&(iv[0]),DES_ENCRYPT);
+				DES_ede3_cbc_encrypt(buf,buf,lengths[j],
+						     &sch,&sch2,&sch3,
+						     &DES_iv,DES_ENCRYPT);
+			d=Time_F(STOP);
+			print_result(D_EDE3_DES,j,count,d);
+			}
+		}
+#endif
+#ifndef OPENSSL_NO_AES
+	if (doit[D_CBC_128_AES])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			print_message(names[D_CBC_128_AES],c[D_CBC_128_AES][j],lengths[j]);
+			Time_F(START);
+			for (count=0,run=1; COND(c[D_CBC_128_AES][j]); count++)
+				AES_cbc_encrypt(buf,buf,
+					(unsigned long)lengths[j],&aes_ks1,
+					iv,AES_ENCRYPT);
+			d=Time_F(STOP);
+			print_result(D_CBC_128_AES,j,count,d);
+			}
+		}
+	if (doit[D_CBC_192_AES])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			print_message(names[D_CBC_192_AES],c[D_CBC_192_AES][j],lengths[j]);
+			Time_F(START);
+			for (count=0,run=1; COND(c[D_CBC_192_AES][j]); count++)
+				AES_cbc_encrypt(buf,buf,
+					(unsigned long)lengths[j],&aes_ks2,
+					iv,AES_ENCRYPT);
 			d=Time_F(STOP);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_EDE3_DES],d);
-			results[D_EDE3_DES][j]=((double)count)/d*lengths[j];
+			print_result(D_CBC_192_AES,j,count,d);
 			}
 		}
+	if (doit[D_CBC_256_AES])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			print_message(names[D_CBC_256_AES],c[D_CBC_256_AES][j],lengths[j]);
+			Time_F(START);
+			for (count=0,run=1; COND(c[D_CBC_256_AES][j]); count++)
+				AES_cbc_encrypt(buf,buf,
+					(unsigned long)lengths[j],&aes_ks3,
+					iv,AES_ENCRYPT);
+			d=Time_F(STOP);
+			print_result(D_CBC_256_AES,j,count,d);
+			}
+		}
+
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 	if (doit[D_CBC_IDEA])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -890,15 +1595,13 @@ char **argv;
 			for (count=0,run=1; COND(c[D_CBC_IDEA][j]); count++)
 				idea_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&idea_ks,
-					(unsigned char *)&(iv[0]),IDEA_ENCRYPT);
+					iv,IDEA_ENCRYPT);
 			d=Time_F(STOP);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_CBC_IDEA],d);
-			results[D_CBC_IDEA][j]=((double)count)/d*lengths[j];
+			print_result(D_CBC_IDEA,j,count,d);
 			}
 		}
 #endif
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 	if (doit[D_CBC_RC2])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -908,15 +1611,13 @@ char **argv;
 			for (count=0,run=1; COND(c[D_CBC_RC2][j]); count++)
 				RC2_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&rc2_ks,
-					(unsigned char *)&(iv[0]),RC2_ENCRYPT);
+					iv,RC2_ENCRYPT);
 			d=Time_F(STOP);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_CBC_RC2],d);
-			results[D_CBC_RC2][j]=((double)count)/d*lengths[j];
+			print_result(D_CBC_RC2,j,count,d);
 			}
 		}
 #endif
-#ifndef NO_RC5
+#ifndef OPENSSL_NO_RC5
 	if (doit[D_CBC_RC5])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -926,15 +1627,13 @@ char **argv;
 			for (count=0,run=1; COND(c[D_CBC_RC5][j]); count++)
 				RC5_32_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&rc5_ks,
-					(unsigned char *)&(iv[0]),RC5_ENCRYPT);
+					iv,RC5_ENCRYPT);
 			d=Time_F(STOP);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_CBC_RC5],d);
-			results[D_CBC_RC5][j]=((double)count)/d*lengths[j];
+			print_result(D_CBC_RC5,j,count,d);
 			}
 		}
 #endif
-#ifndef NO_BLOWFISH
+#ifndef OPENSSL_NO_BF
 	if (doit[D_CBC_BF])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -944,15 +1643,13 @@ char **argv;
 			for (count=0,run=1; COND(c[D_CBC_BF][j]); count++)
 				BF_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&bf_ks,
-					(unsigned char *)&(iv[0]),BF_ENCRYPT);
+					iv,BF_ENCRYPT);
 			d=Time_F(STOP);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_CBC_BF],d);
-			results[D_CBC_BF][j]=((double)count)/d*lengths[j];
+			print_result(D_CBC_BF,j,count,d);
 			}
 		}
 #endif
-#ifndef NO_CAST
+#ifndef OPENSSL_NO_CAST
 	if (doit[D_CBC_CAST])
 		{
 		for (j=0; j<SIZE_NUM; j++)
@@ -962,66 +1659,138 @@ char **argv;
 			for (count=0,run=1; COND(c[D_CBC_CAST][j]); count++)
 				CAST_cbc_encrypt(buf,buf,
 					(unsigned long)lengths[j],&cast_ks,
-					(unsigned char *)&(iv[0]),CAST_ENCRYPT);
+					iv,CAST_ENCRYPT);
 			d=Time_F(STOP);
-			BIO_printf(bio_err,"%ld %s's in %.2fs\n",
-				count,names[D_CBC_CAST],d);
-			results[D_CBC_CAST][j]=((double)count)/d*lengths[j];
+			print_result(D_CBC_CAST,j,count,d);
 			}
 		}
 #endif
 
-	RAND_bytes(buf,30);
-#ifndef NO_RSA
+	if (doit[D_EVP])
+		{
+		for (j=0; j<SIZE_NUM; j++)
+			{
+			if (evp_cipher)
+				{
+				EVP_CIPHER_CTX ctx;
+				int outl;
+
+				names[D_EVP]=OBJ_nid2ln(evp_cipher->nid);
+				/* -O3 -fschedule-insns messes up an
+				 * optimization here!  names[D_EVP]
+				 * somehow becomes NULL */
+				print_message(names[D_EVP],save_count,
+					lengths[j]);
+
+				EVP_CIPHER_CTX_init(&ctx);
+				if(decrypt)
+					EVP_DecryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
+				else
+					EVP_EncryptInit_ex(&ctx,evp_cipher,NULL,key16,iv);
+
+				Time_F(START);
+				if(decrypt)
+					for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
+						EVP_DecryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
+				else
+					for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
+						EVP_EncryptUpdate(&ctx,buf,&outl,buf,lengths[j]);
+				if(decrypt)
+					EVP_DecryptFinal_ex(&ctx,buf,&outl);
+				else
+					EVP_EncryptFinal_ex(&ctx,buf,&outl);
+				d=Time_F(STOP);
+				}
+			if (evp_md)
+				{
+				names[D_EVP]=OBJ_nid2ln(evp_md->type);
+				print_message(names[D_EVP],save_count,
+					lengths[j]);
+
+				Time_F(START);
+				for (count=0,run=1; COND(save_count*4*lengths[0]/lengths[j]); count++)
+					EVP_Digest(buf,lengths[j],&(md[0]),NULL,evp_md,NULL);
+
+				d=Time_F(STOP);
+				}
+			print_result(D_EVP,j,count,d);
+			}
+		}
+
+	RAND_pseudo_bytes(buf,36);
+#ifndef OPENSSL_NO_RSA
 	for (j=0; j<RSA_NUM; j++)
 		{
+		int ret;
 		if (!rsa_doit[j]) continue;
-		rsa_num=RSA_private_encrypt(30,buf,buf2,rsa_key[j],
-			RSA_PKCS1_PADDING);
-		pkey_print_message("private","rsa",rsa_c[j][0],rsa_bits[j],
-			RSA_SECONDS);
-/*		RSA_blinding_on(rsa_key[j],NULL); */
-		Time_F(START);
-		for (count=0,run=1; COND(rsa_c[j][0]); count++)
+		ret=RSA_sign(NID_md5_sha1, buf,36, buf2, &rsa_num, rsa_key[j]);
+		if (ret == 0)
+			{
+			BIO_printf(bio_err,"RSA sign failure.  No RSA sign will be done.\n");
+			ERR_print_errors(bio_err);
+			rsa_count=1;
+			}
+		else
 			{
-			rsa_num=RSA_private_encrypt(30,buf,buf2,rsa_key[j],
-				RSA_PKCS1_PADDING);
-			if (rsa_num <= 0)
+			pkey_print_message("private","rsa",
+				rsa_c[j][0],rsa_bits[j],
+				RSA_SECONDS);
+/*			RSA_blinding_on(rsa_key[j],NULL); */
+			Time_F(START);
+			for (count=0,run=1; COND(rsa_c[j][0]); count++)
 				{
-				BIO_printf(bio_err,"RSA private encrypt failure\n");
-				ERR_print_errors(bio_err);
-				count=1;
-				break;
+				ret=RSA_sign(NID_md5_sha1, buf,36, buf2,
+					&rsa_num, rsa_key[j]);
+				if (ret == 0)
+					{
+					BIO_printf(bio_err,
+						"RSA sign failure\n");
+					ERR_print_errors(bio_err);
+					count=1;
+					break;
+					}
 				}
+			d=Time_F(STOP);
+			BIO_printf(bio_err,mr ? "+R1:%ld:%d:%.2f\n"
+				   : "%ld %d bit private RSA's in %.2fs\n",
+				   count,rsa_bits[j],d);
+			rsa_results[j][0]=d/(double)count;
+			rsa_count=count;
 			}
-		d=Time_F(STOP);
-		BIO_printf(bio_err,"%ld %d bit private RSA's in %.2fs\n",
-			count,rsa_bits[j],d);
-		rsa_results[j][0]=d/(double)count;
-		rsa_count=count;
 
 #if 1
-		rsa_num2=RSA_public_decrypt(rsa_num,buf2,buf,rsa_key[j],
-			RSA_PKCS1_PADDING);
-		pkey_print_message("public","rsa",rsa_c[j][1],rsa_bits[j],
-			RSA_SECONDS);
-		Time_F(START);
-		for (count=0,run=1; COND(rsa_c[j][1]); count++)
+		ret=RSA_verify(NID_md5_sha1, buf,36, buf2, rsa_num, rsa_key[j]);
+		if (ret <= 0)
+			{
+			BIO_printf(bio_err,"RSA verify failure.  No RSA verify will be done.\n");
+			ERR_print_errors(bio_err);
+			rsa_doit[j] = 0;
+			}
+		else
 			{
-			rsa_num2=RSA_public_decrypt(rsa_num,buf2,buf,rsa_key[j],
-				RSA_PKCS1_PADDING);
-			if (rsa_num2 <= 0)
+			pkey_print_message("public","rsa",
+				rsa_c[j][1],rsa_bits[j],
+				RSA_SECONDS);
+			Time_F(START);
+			for (count=0,run=1; COND(rsa_c[j][1]); count++)
 				{
-				BIO_printf(bio_err,"RSA public encrypt failure\n");
-				ERR_print_errors(bio_err);
-				count=1;
-				break;
+				ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
+					rsa_num, rsa_key[j]);
+				if (ret == 0)
+					{
+					BIO_printf(bio_err,
+						"RSA verify failure\n");
+					ERR_print_errors(bio_err);
+					count=1;
+					break;
+					}
 				}
+			d=Time_F(STOP);
+			BIO_printf(bio_err,mr ? "+R2:%ld:%d:%.2f\n"
+				   : "%ld %d bit public RSA's in %.2fs\n",
+				   count,rsa_bits[j],d);
+			rsa_results[j][1]=d/(double)count;
 			}
-		d=Time_F(STOP);
-		BIO_printf(bio_err,"%ld %d bit public RSA's in %.2fs\n",
-			count,rsa_bits[j],d);
-		rsa_results[j][1]=d/(double)count;
 #endif
 
 		if (rsa_count <= 1)
@@ -1033,59 +1802,89 @@ char **argv;
 		}
 #endif
 
-	RAND_bytes(buf,20);
-#ifndef NO_DSA
+	RAND_pseudo_bytes(buf,20);
+#ifndef OPENSSL_NO_DSA
+	if (RAND_status() != 1)
+		{
+		RAND_seed(rnd_seed, sizeof rnd_seed);
+		rnd_fake = 1;
+		}
 	for (j=0; j<DSA_NUM; j++)
 		{
 		unsigned int kk;
+		int ret;
 
 		if (!dsa_doit[j]) continue;
-		DSA_generate_key(dsa_key[j]);
+/*		DSA_generate_key(dsa_key[j]); */
 /*		DSA_sign_setup(dsa_key[j],NULL); */
-		rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
+		ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
 			&kk,dsa_key[j]);
-		pkey_print_message("sign","dsa",dsa_c[j][0],dsa_bits[j],
-			DSA_SECONDS);
-		Time_F(START);
-		for (count=0,run=1; COND(dsa_c[j][0]); count++)
+		if (ret == 0)
+			{
+			BIO_printf(bio_err,"DSA sign failure.  No DSA sign will be done.\n");
+			ERR_print_errors(bio_err);
+			rsa_count=1;
+			}
+		else
 			{
-			rsa_num=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
-				&kk,dsa_key[j]);
-			if (rsa_num <= 0)
+			pkey_print_message("sign","dsa",
+				dsa_c[j][0],dsa_bits[j],
+				DSA_SECONDS);
+			Time_F(START);
+			for (count=0,run=1; COND(dsa_c[j][0]); count++)
 				{
-				BIO_printf(bio_err,"DSA sign failure\n");
-				ERR_print_errors(bio_err);
-				count=1;
-				break;
+				ret=DSA_sign(EVP_PKEY_DSA,buf,20,buf2,
+					&kk,dsa_key[j]);
+				if (ret == 0)
+					{
+					BIO_printf(bio_err,
+						"DSA sign failure\n");
+					ERR_print_errors(bio_err);
+					count=1;
+					break;
+					}
 				}
+			d=Time_F(STOP);
+			BIO_printf(bio_err,mr ? "+R3:%ld:%d:%.2f\n"
+				   : "%ld %d bit DSA signs in %.2fs\n",
+				   count,dsa_bits[j],d);
+			dsa_results[j][0]=d/(double)count;
+			rsa_count=count;
 			}
-		d=Time_F(STOP);
-		BIO_printf(bio_err,"%ld %d bit DSA signs in %.2fs\n",
-			count,dsa_bits[j],d);
-		dsa_results[j][0]=d/(double)count;
-		rsa_count=count;
 
-		rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
+		ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
 			kk,dsa_key[j]);
-		pkey_print_message("verify","dsa",dsa_c[j][1],dsa_bits[j],
-			DSA_SECONDS);
-		Time_F(START);
-		for (count=0,run=1; COND(dsa_c[j][1]); count++)
+		if (ret <= 0)
+			{
+			BIO_printf(bio_err,"DSA verify failure.  No DSA verify will be done.\n");
+			ERR_print_errors(bio_err);
+			dsa_doit[j] = 0;
+			}
+		else
 			{
-			rsa_num2=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
-				kk,dsa_key[j]);
-			if (rsa_num2 <= 0)
+			pkey_print_message("verify","dsa",
+				dsa_c[j][1],dsa_bits[j],
+				DSA_SECONDS);
+			Time_F(START);
+			for (count=0,run=1; COND(dsa_c[j][1]); count++)
 				{
-				BIO_printf(bio_err,"DSA verify failure\n");
-				ERR_print_errors(bio_err);
-				count=1;
-				break;
+				ret=DSA_verify(EVP_PKEY_DSA,buf,20,buf2,
+					kk,dsa_key[j]);
+				if (ret <= 0)
+					{
+					BIO_printf(bio_err,
+						"DSA verify failure\n");
+					ERR_print_errors(bio_err);
+					count=1;
+					break;
+					}
 				}
+			d=Time_F(STOP);
+			BIO_printf(bio_err,mr ? "+R4:%ld:%d:%.2f\n"
+				   : "%ld %d bit DSA verify in %.2fs\n",
+				   count,dsa_bits[j],d);
+			dsa_results[j][1]=d/(double)count;
 			}
-		d=Time_F(STOP);
-		BIO_printf(bio_err,"%ld %d bit DSA verify in %.2fs\n",
-			count,dsa_bits[j],d);
-		dsa_results[j][1]=d/(double)count;
 
 		if (rsa_count <= 1)
 			{
@@ -1094,134 +1893,679 @@ char **argv;
 				dsa_doit[j]=0;
 			}
 		}
+	if (rnd_fake) RAND_cleanup();
 #endif
 
-	fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION));
+#ifndef OPENSSL_NO_ECDSA
+	if (RAND_status() != 1) 
+		{
+		RAND_seed(rnd_seed, sizeof rnd_seed);
+		rnd_fake = 1;
+		}
+	for (j=0; j<EC_NUM; j++) 
+		{
+		int ret;
+
+		if (!ecdsa_doit[j]) continue; /* Ignore Curve */ 
+		ecdsa[j] = EC_KEY_new();
+		if (ecdsa[j] == NULL) 
+			{
+			BIO_printf(bio_err,"ECDSA failure.\n");
+			ERR_print_errors(bio_err);
+			rsa_count=1;
+			} 
+		else 
+			{
+			ecdsa[j]->group = EC_GROUP_new_by_nid(test_curves[j]);
+			/* Could not obtain group information */
+			if (ecdsa[j]->group == NULL) 
+				{
+				BIO_printf(bio_err,"ECDSA failure.Could not obtain group information\n");
+				ERR_print_errors(bio_err);
+				rsa_count=1;
+				} 
+			else 
+				{
+				/* Perform ECDSA signature test */
+				EC_KEY_generate_key(ecdsa[j]);
+				ret = ECDSA_sign(0, buf, 20, ecdsasig, 
+					&ecdsasiglen, ecdsa[j]);
+				if (ret == 0) 
+					{
+					BIO_printf(bio_err,"ECDSA sign failure.  No ECDSA sign will be done.\n");
+					ERR_print_errors(bio_err);
+					rsa_count=1;
+					} 
+				else 
+					{
+					pkey_print_message("sign","ecdsa",
+						ecdsa_c[j][0], 
+						test_curves_bits[j],
+						ECDSA_SECONDS);
+
+					Time_F(START);
+					for (count=0,run=1; COND(ecdsa_c[j][0]);
+						count++) 
+						{
+						ret=ECDSA_sign(0, buf, 20, 
+							ecdsasig, &ecdsasiglen,
+							ecdsa[j]);
+						if (ret == 0) 
+							{
+							BIO_printf(bio_err, "ECDSA sign failure\n");
+							ERR_print_errors(bio_err);
+							count=1;
+							break;
+							}
+						}
+						d=Time_F(STOP);
+
+						BIO_printf(bio_err, mr ? "+R5:%ld:%d:%.2f\n" :
+						"%ld %d bit ECDSA signs in %.2fs \n", 
+						count, test_curves_bits[j], d);
+						ecdsa_results[j][0]=d/(double)count;
+						rsa_count=count;
+					}
+
+				/* Perform ECDSA verification test */
+				ret=ECDSA_verify(0, buf, 20, ecdsasig, 
+					ecdsasiglen, ecdsa[j]);
+				if (ret != 1) 
+					{
+					BIO_printf(bio_err,"ECDSA verify failure.  No ECDSA verify will be done.\n");
+					ERR_print_errors(bio_err);
+					ecdsa_doit[j] = 0;
+					} 
+				else 
+					{
+					pkey_print_message("verify","ecdsa",
+					ecdsa_c[j][1],
+					test_curves_bits[j],
+					ECDSA_SECONDS);
+					Time_F(START);
+					for (count=0,run=1; COND(ecdsa_c[j][1]); count++) 
+						{
+						ret=ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[j]);
+						if (ret != 1) 
+							{
+							BIO_printf(bio_err, "ECDSA verify failure\n");
+							ERR_print_errors(bio_err);
+							count=1;
+							break;
+							}
+						}
+						d=Time_F(STOP);
+						BIO_printf(bio_err, mr? "+R6:%ld:%d:%.2f\n"
+							: "%ld %d bit ECDSA verify in %.2fs\n",
+						count, test_curves_bits[j], d);
+						ecdsa_results[j][1]=d/(double)count;
+					}
+
+				if (rsa_count <= 1) 
+					{
+					/* if longer than 10s, don't do any more */
+					for (j++; j<EC_NUM; j++)
+					ecdsa_doit[j]=0;
+					}
+				}
+			}
+		}
+	if (rnd_fake) RAND_cleanup();
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+	if (RAND_status() != 1)
+		{
+		RAND_seed(rnd_seed, sizeof rnd_seed);
+		rnd_fake = 1;
+		}
+	for (j=0; j<EC_NUM; j++)
+		{
+		if (!ecdh_doit[j]) continue;
+		ecdh_a[j] = EC_KEY_new();
+		ecdh_b[j] = EC_KEY_new();
+		if ((ecdh_a[j] == NULL) || (ecdh_b[j] == NULL))
+			{
+			BIO_printf(bio_err,"ECDH failure.\n");
+			ERR_print_errors(bio_err);
+			rsa_count=1;
+			}
+		else
+			{
+			ecdh_a[j]->group = EC_GROUP_new_by_nid(test_curves[j]);
+			if (ecdh_a[j]->group == NULL)
+				{
+				BIO_printf(bio_err,"ECDH failure.\n");
+				ERR_print_errors(bio_err);
+				rsa_count=1;
+				}
+			else
+				{
+				ecdh_b[j]->group = ecdh_a[j]->group;
+
+				/* generate two ECDH key pairs */
+				if (!EC_KEY_generate_key(ecdh_a[j]) ||
+					!EC_KEY_generate_key(ecdh_b[j]))
+					{
+					BIO_printf(bio_err,"ECDH key generation failure.\n");
+					ERR_print_errors(bio_err);
+					rsa_count=1;		
+					}
+				else
+					{
+					secret_size_a = ECDH_compute_key(secret_a, 
+						ecdh_b[j]->pub_key,
+						ecdh_a[j]);
+					secret_size_b = ECDH_compute_key(secret_b, 
+						ecdh_a[j]->pub_key,
+						ecdh_b[j]);
+					if (secret_size_a != secret_size_b) 
+						ecdh_checks = 0;
+					else
+						ecdh_checks = 1;
+
+					for (secret_idx = 0; 
+					    (secret_idx < secret_size_a)
+						&& (ecdh_checks == 1);
+					    secret_idx++)
+						{
+						if (secret_a[secret_idx] != secret_b[secret_idx])
+						ecdh_checks = 0;
+						}
+
+					if (ecdh_checks == 0)
+						{
+						BIO_printf(bio_err,"ECDH computations don't match.\n");
+						ERR_print_errors(bio_err);
+						rsa_count=1;		
+						}
+
+					pkey_print_message("","ecdh",
+					ecdh_c[j][0], 
+					test_curves_bits[j],
+					ECDH_SECONDS);
+					Time_F(START);
+					for (count=0,run=1; COND(ecdh_c[j][0]); count++)
+						{
+						ECDH_compute_key(secret_a, 
+						ecdh_b[j]->pub_key,
+						ecdh_a[j]);
+						}
+					d=Time_F(STOP);
+					BIO_printf(bio_err, mr ? "+R7:%ld:%d:%.2f\n" :"%ld %d-bit ECDH ops in %.2fs\n",
+					count, test_curves_bits[j], d);
+					ecdh_results[j][0]=d/(double)count;
+					rsa_count=count;
+					}
+				}
+			}
+
+		if (rsa_count <= 1)
+			{
+			/* if longer than 10s, don't do any more */
+			for (j++; j<EC_NUM; j++)
+			ecdh_doit[j]=0;
+			}
+		}
+	if (rnd_fake) RAND_cleanup();
+#endif
+#ifdef HAVE_FORK
+show_res:
+#endif
+	if(!mr)
+		{
+		fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_VERSION));
         fprintf(stdout,"%s\n",SSLeay_version(SSLEAY_BUILT_ON));
-	printf("options:");
-	printf("%s ",BN_options());
-#ifndef NO_MD2
-	printf("%s ",MD2_options());
+		printf("options:");
+		printf("%s ",BN_options());
+#ifndef OPENSSL_NO_MD2
+		printf("%s ",MD2_options());
+#endif
+#ifndef OPENSSL_NO_RC4
+		printf("%s ",RC4_options());
 #endif
-#ifndef NO_RC4
-	printf("%s ",RC4_options());
+#ifndef OPENSSL_NO_DES
+		printf("%s ",DES_options());
 #endif
-#ifndef NO_DES
-	printf("%s ",des_options());
+#ifndef OPENSSL_NO_AES
+		printf("%s ",AES_options());
 #endif
-#ifndef NO_IDEA
-	printf("%s ",idea_options());
+#ifndef OPENSSL_NO_IDEA
+		printf("%s ",idea_options());
 #endif
-#ifndef NO_BLOWFISH
-	printf("%s ",BF_options());
+#ifndef OPENSSL_NO_BF
+		printf("%s ",BF_options());
 #endif
-	fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS));
+		fprintf(stdout,"\n%s\n",SSLeay_version(SSLEAY_CFLAGS));
+		printf("available timing options: ");
+#ifdef TIMES
+		printf("TIMES ");
+#endif
+#ifdef TIMEB
+		printf("TIMEB ");
+#endif
+#ifdef USE_TOD
+		printf("USE_TOD ");
+#endif
+#ifdef HZ
+#define as_string(s) (#s)
+		printf("HZ=%g", (double)HZ);
+# ifdef _SC_CLK_TCK
+		printf(" [sysconf value]");
+# endif
+#endif
+		printf("\n");
+		printf("timing function used: %s%s%s%s%s%s%s\n",
+		       (ftime_used ? "ftime" : ""),
+		       (ftime_used + times_used > 1 ? "," : ""),
+		       (times_used ? "times" : ""),
+		       (ftime_used + times_used + gettimeofday_used > 1 ? "," : ""),
+		       (gettimeofday_used ? "gettimeofday" : ""),
+		       (ftime_used + times_used + gettimeofday_used + getrusage_used > 1 ? "," : ""),
+		       (getrusage_used ? "getrusage" : ""));
+		}
 
 	if (pr_header)
 		{
-		fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n"); 
-		fprintf(stdout,"type        ");
+		if(mr)
+			fprintf(stdout,"+H");
+		else
+			{
+			fprintf(stdout,"The 'numbers' are in 1000s of bytes per second processed.\n"); 
+			fprintf(stdout,"type        ");
+			}
 		for (j=0;  j<SIZE_NUM; j++)
-			fprintf(stdout,"%7d bytes",lengths[j]);
+			fprintf(stdout,mr ? ":%d" : "%7d bytes",lengths[j]);
 		fprintf(stdout,"\n");
 		}
 
 	for (k=0; k<ALGOR_NUM; k++)
 		{
 		if (!doit[k]) continue;
-		fprintf(stdout,"%-13s",names[k]);
+		if(mr)
+			fprintf(stdout,"+F:%d:%s",k,names[k]);
+		else
+			fprintf(stdout,"%-13s",names[k]);
 		for (j=0; j<SIZE_NUM; j++)
 			{
-			if (results[k][j] > 10000)
+			if (results[k][j] > 10000 && !mr)
 				fprintf(stdout," %11.2fk",results[k][j]/1e3);
 			else
-				fprintf(stdout," %11.2f ",results[k][j]);
+				fprintf(stdout,mr ? ":%.2f" : " %11.2f ",results[k][j]);
 			}
 		fprintf(stdout,"\n");
 		}
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	j=1;
 	for (k=0; k<RSA_NUM; k++)
 		{
 		if (!rsa_doit[k]) continue;
-		if (j)
+		if (j && !mr)
 			{
 			printf("%18ssign    verify    sign/s verify/s\n"," ");
 			j=0;
 			}
-		fprintf(stdout,"rsa %4d bits %8.4fs %8.4fs %8.1f %8.1f",
-			rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
-			1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
-		fprintf(stdout,"\n");
+		if(mr)
+			fprintf(stdout,"+F2:%u:%u:%f:%f\n",
+				k,rsa_bits[k],rsa_results[k][0],
+				rsa_results[k][1]);
+		else
+			fprintf(stdout,"rsa %4u bits %8.4fs %8.4fs %8.1f %8.1f\n",
+				rsa_bits[k],rsa_results[k][0],rsa_results[k][1],
+				1.0/rsa_results[k][0],1.0/rsa_results[k][1]);
 		}
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	j=1;
 	for (k=0; k<DSA_NUM; k++)
 		{
 		if (!dsa_doit[k]) continue;
-		if (j)	{
+		if (j && !mr)
+			{
 			printf("%18ssign    verify    sign/s verify/s\n"," ");
 			j=0;
 			}
-		fprintf(stdout,"dsa %4d bits %8.4fs %8.4fs %8.1f %8.1f",
-			dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
-			1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
-		fprintf(stdout,"\n");
+		if(mr)
+			fprintf(stdout,"+F3:%u:%u:%f:%f\n",
+				k,dsa_bits[k],dsa_results[k][0],dsa_results[k][1]);
+		else
+			fprintf(stdout,"dsa %4u bits %8.4fs %8.4fs %8.1f %8.1f\n",
+				dsa_bits[k],dsa_results[k][0],dsa_results[k][1],
+				1.0/dsa_results[k][0],1.0/dsa_results[k][1]);
 		}
 #endif
-	ret=0;
+#ifndef OPENSSL_NO_ECDSA
+	j=1;
+	for (k=0; k<EC_NUM; k++)
+		{
+		if (!ecdsa_doit[k]) continue;
+		if (j && !mr)
+			{
+			printf("%30ssign    verify    sign/s verify/s\n"," ");
+			j=0;
+			}
+
+		if (mr)
+			fprintf(stdout,"+F4:%u:%u:%f:%f\n", 
+				k, test_curves_bits[k],
+				ecdsa_results[k][0],ecdsa_results[k][1]);
+		else
+			fprintf(stdout,
+				"%4u bit ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n", 
+				test_curves_bits[k],
+				test_curves_names[k],
+				ecdsa_results[k][0],ecdsa_results[k][1], 
+				1.0/ecdsa_results[k][0],1.0/ecdsa_results[k][1]);
+		}
+#endif
+
+
+#ifndef OPENSSL_NO_ECDH
+	j=1;
+	for (k=0; k<EC_NUM; k++)
+		{
+		if (!ecdh_doit[k]) continue;
+		if (j && !mr)
+			{
+			printf("%30sop      op/s\n"," ");
+			j=0;
+			}
+		if (mr)
+			fprintf(stdout,"+F5:%u:%u:%f:%f\n",
+				k, test_curves_bits[k],
+				ecdh_results[k][0], 1.0/ecdh_results[k][0]);
+
+		else
+			fprintf(stdout,"%4u bit ecdh (%s) %8.4fs %8.1f\n",
+				test_curves_bits[k],
+				test_curves_names[k],
+				ecdh_results[k][0], 1.0/ecdh_results[k][0]);
+		}
+#endif
+
+	mret=0;
+
 end:
-	if (buf != NULL) Free(buf);
-	if (buf2 != NULL) Free(buf2);
-#ifndef NO_RSA
+	ERR_print_errors(bio_err);
+	if (buf != NULL) OPENSSL_free(buf);
+	if (buf2 != NULL) OPENSSL_free(buf2);
+#ifndef OPENSSL_NO_RSA
 	for (i=0; i<RSA_NUM; i++)
 		if (rsa_key[i] != NULL)
 			RSA_free(rsa_key[i]);
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	for (i=0; i<DSA_NUM; i++)
 		if (dsa_key[i] != NULL)
 			DSA_free(dsa_key[i]);
 #endif
-	EXIT(ret);
+
+#ifndef OPENSSL_NO_ECDSA
+	for (i=0; i<EC_NUM; i++)
+		if (ecdsa[i] != NULL)
+			EC_KEY_free(ecdsa[i]);
+#endif
+#ifndef OPENSSL_NO_ECDH
+	for (i=0; i<EC_NUM; i++)
+	{
+		if (ecdh_a[i] != NULL)
+			EC_KEY_free(ecdh_a[i]);
+		if (ecdh_b[i] != NULL)
+			EC_KEY_free(ecdh_b[i]);
+	}
+#endif
+
+	apps_shutdown();
+	OPENSSL_EXIT(mret);
 	}
 
-static void print_message(s,num,length)
-char *s;
-long num;
-int length;
+static void print_message(const char *s, long num, int length)
 	{
 #ifdef SIGALRM
-	BIO_printf(bio_err,"Doing %s for %ds on %d size blocks: ",s,SECONDS,length);
-	BIO_flush(bio_err);
+	BIO_printf(bio_err,mr ? "+DT:%s:%d:%d\n"
+		   : "Doing %s for %ds on %d size blocks: ",s,SECONDS,length);
+	(void)BIO_flush(bio_err);
 	alarm(SECONDS);
 #else
-	BIO_printf(bio_err,"Doing %s %ld times on %d size blocks: ",s,num,length);
-	BIO_flush(bio_err);
+	BIO_printf(bio_err,mr ? "+DN:%s:%ld:%d\n"
+		   : "Doing %s %ld times on %d size blocks: ",s,num,length);
+	(void)BIO_flush(bio_err);
 #endif
 #ifdef LINT
 	num=num;
 #endif
 	}
 
-static void pkey_print_message(str,str2,num,bits,tm)
-char *str;
-char *str2;
-long num;
-int bits;
-int tm;
+static void pkey_print_message(char *str, char *str2, long num, int bits,
+	     int tm)
 	{
 #ifdef SIGALRM
-	BIO_printf(bio_err,"Doing %d bit %s %s's for %ds: ",bits,str,str2,tm);
-	BIO_flush(bio_err);
+	BIO_printf(bio_err,mr ? "+DTP:%d:%s:%s:%d\n"
+			   : "Doing %d bit %s %s's for %ds: ",bits,str,str2,tm);
+	(void)BIO_flush(bio_err);
 	alarm(RSA_SECONDS);
 #else
-	BIO_printf(bio_err,"Doing %ld %d bit %s %s's: ",num,bits,str,str2);
-	BIO_flush(bio_err);
+	BIO_printf(bio_err,mr ? "+DNP:%ld:%d:%s:%s\n"
+			   : "Doing %ld %d bit %s %s's: ",num,bits,str,str2);
+	(void)BIO_flush(bio_err);
 #endif
 #ifdef LINT
 	num=num;
 #endif
 	}
 
+static void print_result(int alg,int run_no,int count,double time_used)
+	{
+	BIO_printf(bio_err,mr ? "+R:%ld:%s:%f\n"
+		   : "%ld %s's in %.2fs\n",count,names[alg],time_used);
+	results[alg][run_no]=((double)count)/time_used*lengths[run_no];
+	}
+
+static char *sstrsep(char **string, const char *delim)
+    {
+    char isdelim[256];
+    char *token = *string;
+
+    if (**string == 0)
+        return NULL;
+
+    memset(isdelim, 0, sizeof isdelim);
+    isdelim[0] = 1;
+
+    while (*delim)
+        {
+        isdelim[(unsigned char)(*delim)] = 1;
+        delim++;
+        }
+
+    while (!isdelim[(unsigned char)(**string)])
+        {
+        (*string)++;
+        }
+
+    if (**string)
+        {
+        **string = 0;
+        (*string)++;
+        }
+
+    return token;
+    }
+
+#ifdef HAVE_FORK
+static int do_multi(int multi)
+	{
+	int n;
+	int fd[2];
+	int *fds;
+	static char sep[]=":";
+
+	fds=malloc(multi*sizeof *fds);
+	for(n=0 ; n < multi ; ++n)
+		{
+		pipe(fd);
+		if(fork())
+			{
+			close(fd[1]);
+			fds[n]=fd[0];
+			}
+		else
+			{
+			close(fd[0]);
+			close(1);
+			dup(fd[1]);
+			close(fd[1]);
+			mr=1;
+			usertime=0;
+			return 0;
+			}
+		printf("Forked child %d\n",n);
+		}
+
+	/* for now, assume the pipe is long enough to take all the output */
+	for(n=0 ; n < multi ; ++n)
+		{
+		FILE *f;
+		char buf[1024];
+		char *p;
+
+		f=fdopen(fds[n],"r");
+		while(fgets(buf,sizeof buf,f))
+			{
+			p=strchr(buf,'\n');
+			if(p)
+				*p='\0';
+			if(buf[0] != '+')
+				{
+				fprintf(stderr,"Don't understand line '%s' from child %d\n",
+						buf,n);
+				continue;
+				}
+			printf("Got: %s from %d\n",buf,n);
+			if(!strncmp(buf,"+F:",3))
+				{
+				int alg;
+				int j;
+
+				p=buf+3;
+				alg=atoi(sstrsep(&p,sep));
+				sstrsep(&p,sep);
+				for(j=0 ; j < SIZE_NUM ; ++j)
+					results[alg][j]+=atof(sstrsep(&p,sep));
+				}
+			else if(!strncmp(buf,"+F2:",4))
+				{
+				int k;
+				double d;
+				
+				p=buf+4;
+				k=atoi(sstrsep(&p,sep));
+				sstrsep(&p,sep);
+
+				d=atof(sstrsep(&p,sep));
+				if(n)
+					rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
+				else
+					rsa_results[k][0]=d;
+
+				d=atof(sstrsep(&p,sep));
+				if(n)
+					rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
+				else
+					rsa_results[k][1]=d;
+				}
+			else if(!strncmp(buf,"+F2:",4))
+				{
+				int k;
+				double d;
+				
+				p=buf+4;
+				k=atoi(sstrsep(&p,sep));
+				sstrsep(&p,sep);
+
+				d=atof(sstrsep(&p,sep));
+				if(n)
+					rsa_results[k][0]=1/(1/rsa_results[k][0]+1/d);
+				else
+					rsa_results[k][0]=d;
+
+				d=atof(sstrsep(&p,sep));
+				if(n)
+					rsa_results[k][1]=1/(1/rsa_results[k][1]+1/d);
+				else
+					rsa_results[k][1]=d;
+				}
+			else if(!strncmp(buf,"+F3:",4))
+				{
+				int k;
+				double d;
+				
+				p=buf+4;
+				k=atoi(sstrsep(&p,sep));
+				sstrsep(&p,sep);
+
+				d=atof(sstrsep(&p,sep));
+				if(n)
+					dsa_results[k][0]=1/(1/dsa_results[k][0]+1/d);
+				else
+					dsa_results[k][0]=d;
+
+				d=atof(sstrsep(&p,sep));
+				if(n)
+					dsa_results[k][1]=1/(1/dsa_results[k][1]+1/d);
+				else
+					dsa_results[k][1]=d;
+				}
+#ifndef OPENSSL_NO_ECDSA
+			else if(!strncmp(buf,"+F4:",4))
+				{
+				int k;
+				double d;
+				
+				p=buf+4;
+				k=atoi(sstrsep(&p,sep));
+				sstrsep(&p,sep);
+
+				d=atof(sstrsep(&p,sep));
+				if(n)
+					ecdsa_results[k][0]=1/(1/ecdsa_results[k][0]+1/d);
+				else
+					ecdsa_results[k][0]=d;
+
+				d=atof(sstrsep(&p,sep));
+				if(n)
+					ecdsa_results[k][1]=1/(1/ecdsa_results[k][1]+1/d);
+				else
+					ecdsa_results[k][1]=d;
+				}
+#endif 
+
+#ifndef OPENSSL_NO_ECDH
+			else if(!strncmp(buf,"+F5:",4))
+				{
+				int k;
+				double d;
+				
+				p=buf+4;
+				k=atoi(sstrsep(&p,sep));
+				sstrsep(&p,sep);
+
+				d=atof(sstrsep(&p,sep));
+				if(n)
+					ecdh_results[k][0]=1/(1/ecdh_results[k][0]+1/d);
+				else
+					ecdh_results[k][0]=d;
+
+				}
+#endif
+
+			else if(!strncmp(buf,"+H:",3))
+				{
+				}
+			else
+				fprintf(stderr,"Unknown type '%s' from child %d\n",buf,n);
+			}
+		}
+	return 1;
+	}
+#endif
diff --git a/apps/spkac.c b/apps/spkac.c
new file mode 100644
index 0000000000..ed370c5ca9
--- /dev/null
+++ b/apps/spkac.c
@@ -0,0 +1,299 @@
+/* apps/spkac.c */
+
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999. Based on an original idea by Massimiliano Pala
+ * (madwolf@openca.org).
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/lhash.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+#undef PROG
+#define PROG	spkac_main
+
+/* -in arg	- input file - default stdin
+ * -out arg	- output file - default stdout
+ */
+
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
+	{
+	ENGINE *e = NULL;
+	int i,badops=0, ret = 1;
+	BIO *in = NULL,*out = NULL;
+	int verify=0,noout=0,pubkey=0;
+	char *infile = NULL,*outfile = NULL,*prog;
+	char *passargin = NULL, *passin = NULL;
+	char *spkac = "SPKAC", *spksect = "default", *spkstr = NULL;
+	char *challenge = NULL, *keyfile = NULL;
+	CONF *conf = NULL;
+	NETSCAPE_SPKI *spki = NULL;
+	EVP_PKEY *pkey = NULL;
+	char *engine=NULL;
+
+	apps_startup();
+
+	if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
+
+	prog=argv[0];
+	argc--;
+	argv++;
+	while (argc >= 1)
+		{
+		if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
+			infile= *(++argv);
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
+			outfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-passin") == 0)
+			{
+			if (--argc < 1) goto bad;
+			passargin= *(++argv);
+			}
+		else if (strcmp(*argv,"-key") == 0)
+			{
+			if (--argc < 1) goto bad;
+			keyfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-challenge") == 0)
+			{
+			if (--argc < 1) goto bad;
+			challenge= *(++argv);
+			}
+		else if (strcmp(*argv,"-spkac") == 0)
+			{
+			if (--argc < 1) goto bad;
+			spkac= *(++argv);
+			}
+		else if (strcmp(*argv,"-spksect") == 0)
+			{
+			if (--argc < 1) goto bad;
+			spksect= *(++argv);
+			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
+		else if (strcmp(*argv,"-noout") == 0)
+			noout=1;
+		else if (strcmp(*argv,"-pubkey") == 0)
+			pubkey=1;
+		else if (strcmp(*argv,"-verify") == 0)
+			verify=1;
+		else badops = 1;
+		argc--;
+		argv++;
+		}
+
+	if (badops)
+		{
+bad:
+		BIO_printf(bio_err,"%s [options]\n",prog);
+		BIO_printf(bio_err,"where options are\n");
+		BIO_printf(bio_err," -in arg        input file\n");
+		BIO_printf(bio_err," -out arg       output file\n");
+		BIO_printf(bio_err," -key arg       create SPKAC using private key\n");
+		BIO_printf(bio_err," -passin arg    input file pass phrase source\n");
+		BIO_printf(bio_err," -challenge arg challenge string\n");
+		BIO_printf(bio_err," -spkac arg     alternative SPKAC name\n");
+		BIO_printf(bio_err," -noout         don't print SPKAC\n");
+		BIO_printf(bio_err," -pubkey        output public key\n");
+		BIO_printf(bio_err," -verify        verify SPKAC signature\n");
+		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
+		goto end;
+		}
+
+	ERR_load_crypto_strings();
+	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+		BIO_printf(bio_err, "Error getting password\n");
+		goto end;
+	}
+
+        e = setup_engine(bio_err, engine, 0);
+
+	if(keyfile) {
+		pkey = load_key(bio_err,
+				strcmp(keyfile, "-") ? keyfile : NULL,
+				FORMAT_PEM, 1, passin, e, "private key");
+		if(!pkey) {
+			goto end;
+		}
+		spki = NETSCAPE_SPKI_new();
+		if(challenge) ASN1_STRING_set(spki->spkac->challenge,
+						 challenge, strlen(challenge));
+		NETSCAPE_SPKI_set_pubkey(spki, pkey);
+		NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
+		spkstr = NETSCAPE_SPKI_b64_encode(spki);
+
+		if (outfile) out = BIO_new_file(outfile, "w");
+		else {
+			out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+			{
+			    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+			    out = BIO_push(tmpbio, out);
+			}
+#endif
+		}
+
+		if(!out) {
+			BIO_printf(bio_err, "Error opening output file\n");
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+		BIO_printf(out, "SPKAC=%s\n", spkstr);
+		OPENSSL_free(spkstr);
+		ret = 0;
+		goto end;
+	}
+
+	
+
+	if (infile) in = BIO_new_file(infile, "r");
+	else in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+	if(!in) {
+		BIO_printf(bio_err, "Error opening input file\n");
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+
+	conf = NCONF_new(NULL);
+	i = NCONF_load_bio(conf, in, NULL);
+
+	if(!i) {
+		BIO_printf(bio_err, "Error parsing config file\n");
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+
+	spkstr = NCONF_get_string(conf, spksect, spkac);
+		
+	if(!spkstr) {
+		BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+
+	spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
+	
+	if(!spki) {
+		BIO_printf(bio_err, "Error loading SPKAC\n");
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+
+	if (outfile) out = BIO_new_file(outfile, "w");
+	else {
+		out = BIO_new_fp(stdout, BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+		{
+		    BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+		    out = BIO_push(tmpbio, out);
+		}
+#endif
+	}
+
+	if(!out) {
+		BIO_printf(bio_err, "Error opening output file\n");
+		ERR_print_errors(bio_err);
+		goto end;
+	}
+
+	if(!noout) NETSCAPE_SPKI_print(out, spki);
+	pkey = NETSCAPE_SPKI_get_pubkey(spki);
+	if(verify) {
+		i = NETSCAPE_SPKI_verify(spki, pkey);
+		if(i) BIO_printf(bio_err, "Signature OK\n");
+		else {
+			BIO_printf(bio_err, "Signature Failure\n");
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	}
+	if(pubkey) PEM_write_bio_PUBKEY(out, pkey);
+
+	ret = 0;
+
+end:
+	NCONF_free(conf);
+	NETSCAPE_SPKI_free(spki);
+	BIO_free(in);
+	BIO_free_all(out);
+	EVP_PKEY_free(pkey);
+	if(passin) OPENSSL_free(passin);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
+	}
diff --git a/apps/ssleay.c b/apps/ssleay.c
deleted file mode 100644
index 739a0e8f31..0000000000
--- a/apps/ssleay.c
+++ /dev/null
@@ -1,343 +0,0 @@
-/* apps/ssleay.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef DEBUG
-#undef DEBUG
-#endif
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include "bio.h"
-#include "crypto.h"
-#include "lhash.h"
-#include "conf.h"
-#include "x509.h"
-#include "pem.h"
-#include "ssl.h"
-#define SSLEAY	/* turn off a few special case MONOLITH macros */
-#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
-#define SSLEAY_SRC
-#include "apps.h"
-#include "s_apps.h"
-#include "err.h"
-
-/*
-#ifdef WINDOWS
-#include "bss_file.c"
-#endif
-*/
-
-#ifndef NOPROTO
-static unsigned long MS_CALLBACK hash(FUNCTION *a);
-static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
-static LHASH *prog_init(void );
-static int do_cmd(LHASH *prog,int argc,char *argv[]);
-#else
-static unsigned long MS_CALLBACK hash();
-static int MS_CALLBACK cmp();
-static LHASH *prog_init();
-static int do_cmd();
-#endif
-
-LHASH *config=NULL;
-char *default_config_file=NULL;
-
-#ifdef DEBUG
-static void sig_stop(i)
-int i;
-	{
-	char *a=NULL;
-
-	*a='\0';
-	}
-#endif
-
-/* Make sure there is only one when MONOLITH is defined */
-#ifdef MONOLITH
-BIO *bio_err=NULL;
-#endif
-
-int main(Argc,Argv)
-int Argc;
-char *Argv[];
-	{
-	ARGS arg;
-#define PROG_NAME_SIZE	16
-	char pname[PROG_NAME_SIZE];
-	FUNCTION f,*fp;
-	MS_STATIC char *prompt,buf[1024],config_name[256];
-	int n,i,ret=0;
-	int argc;
-	char **argv,*p;
-	LHASH *prog=NULL;
-	long errline;
- 
-	arg.data=NULL;
-	arg.count=0;
-
-	/* SSLeay_add_ssl_algorithms(); is called in apps_startup() */
-	apps_startup();
-
-#if defined(DEBUG) && !defined(WINDOWS) && !defined(MSDOS)
-#ifdef SIGBUS
-	signal(SIGBUS,sig_stop);
-#endif
-#ifdef SIGSEGV
-	signal(SIGSEGV,sig_stop);
-#endif
-#endif
-
-	if (bio_err == NULL)
-		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
-
-	ERR_load_crypto_strings();
-
-	/* Lets load up our environment a little */
-	p=getenv("SSLEAY_CONF");
-	if (p == NULL)
-		{
-		strcpy(config_name,X509_get_default_cert_area());
-		strcat(config_name,"/lib/");
-		strcat(config_name,SSLEAY_CONF);
-		p=config_name;
-		}
-
-	default_config_file=p;
-
-	config=CONF_load(config,p,&errline);
-	if (config == NULL) ERR_clear_error();
-
-	prog=prog_init();
-
-	/* first check the program name */
-	program_name(Argv[0],pname,PROG_NAME_SIZE);
-
-	f.name=pname;
-	fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
-	if (fp != NULL)
-		{
-		Argv[0]=pname;
-		ret=fp->func(Argc,Argv);
-		goto end;
-		}
-
-	/* ok, now check that there are not arguments, if there are,
-	 * run with them, shifting the ssleay off the front */
-	if (Argc != 1)
-		{
-		Argc--;
-		Argv++;
-		ret=do_cmd(prog,Argc,Argv);
-		if (ret < 0) ret=0;
-		goto end;
-		}
-
-	/* ok, lets enter the old 'SSLeay>' mode */
-	
-	for (;;)
-		{
-		ret=0;
-		p=buf;
-		n=1024;
-		i=0;
-		for (;;)
-			{
-			p[0]='\0';
-			if (i++)
-				prompt=">";
-			else	prompt="SSLeay>";
-			fputs(prompt,stdout);
-			fflush(stdout);
-			fgets(p,n,stdin);
-			if (p[0] == '\0') goto end;
-			i=strlen(p);
-			if (i <= 1) break;
-			if (p[i-2] != '\\') break;
-			i-=2;
-			p+=i;
-			n-=i;
-			}
-		if (!chopup_args(&arg,buf,&argc,&argv)) break;
-
-		ret=do_cmd(prog,argc,argv);
-		if (ret < 0)
-			{
-			ret=0;
-			goto end;
-			}
-		if (ret != 0)
-			BIO_printf(bio_err,"error in %s\n",argv[0]);
-		BIO_flush(bio_err);
-		}
-	BIO_printf(bio_err,"bad exit\n");
-	ret=1;
-end:
-	if (config != NULL)
-		{
-		CONF_free(config);
-		config=NULL;
-		}
-	if (prog != NULL) lh_free(prog);
-	if (arg.data != NULL) Free(arg.data);
-	ERR_remove_state(0);
-
-	EVP_cleanup();
-	ERR_free_strings();
-
-	CRYPTO_mem_leaks(bio_err);
-	if (bio_err != NULL)
-		{
-		BIO_free(bio_err);
-		bio_err=NULL;
-		}
-	EXIT(ret);
-	}
-
-static int do_cmd(prog,argc,argv)
-LHASH *prog;
-int argc;
-char *argv[];
-	{
-	FUNCTION f,*fp;
-	int i,ret=1,tp,nl;
-
-	if ((argc <= 0) || (argv[0] == NULL))
-		{ ret=0; goto end; }
-	f.name=argv[0];
-	fp=(FUNCTION *)lh_retrieve(prog,(char *)&f);
-	if (fp != NULL)
-		{
-		ret=fp->func(argc,argv);
-		}
-	else if ((strcmp(argv[0],"quit") == 0) ||
-		(strcmp(argv[0],"q") == 0) ||
-		(strcmp(argv[0],"exit") == 0) ||
-		(strcmp(argv[0],"bye") == 0))
-		{
-		ret= -1;
-		goto end;
-		}
-	else
-		{
-		BIO_printf(bio_err,"'%s' is a bad command, valid commands are",
-			argv[0]);
-		i=0;
-		fp=functions;
-		tp=0;
-		for (fp=functions; fp->name != NULL; fp++)
-			{
-			nl=0;
-			if (((i++) % 5) == 0)
-				{
-				BIO_printf(bio_err,"\n");
-				nl=1;
-				}
-			if (fp->type != tp)
-				{
-				tp=fp->type;
-				if (!nl) BIO_printf(bio_err,"\n");
-				if (tp == FUNC_TYPE_MD)
-					{
-					i=1;
-					BIO_printf(bio_err,
-						"Message Digest commands - see the dgst command for more details\n");
-					}
-				else if (tp == FUNC_TYPE_CIPHER)
-					{
-					i=1;
-					BIO_printf(bio_err,"Cipher commands - see the enc command for more details\n");
-					}
-				}
-			BIO_printf(bio_err,"%-15s",fp->name);
-			}
-		BIO_printf(bio_err,"\nquit\n");
-		ret=0;
-		}
-end:
-	return(ret);
-	}
-
-static LHASH *prog_init()
-	{
-	LHASH *ret;
-	FUNCTION *f;
-
-	if ((ret=lh_new(hash,cmp)) == NULL) return(NULL);
-
-	for (f=functions; f->name != NULL; f++)
-		lh_insert(ret,(char *)f);
-	return(ret);
-	}
-
-static int MS_CALLBACK cmp(a,b)
-FUNCTION *a,*b;
-	{
-	return(strncmp(a->name,b->name,8));
-	}
-
-static unsigned long MS_CALLBACK hash(a)
-FUNCTION *a;
-	{
-	return(lh_strhash(a->name));
-	}
-
-#undef SSLEAY
diff --git a/apps/ssleay.cnf b/apps/ssleay.cnf
deleted file mode 100644
index 2621d90d31..0000000000
--- a/apps/ssleay.cnf
+++ /dev/null
@@ -1,119 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE		= $ENV::HOME/.rnd
-oid_file		= $ENV::HOME/.oid
-
-####################################################################
-[ ca ]
-default_ca	= CA_default		# The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir		= ./demoCA		# Where everything is kept
-certs		= $dir/certs		# Where the issued certs are kept
-crl_dir		= $dir/crl		# Where the issued crl are kept
-database	= $dir/index.txt	# database index file.
-new_certs_dir	= $dir/newcerts		# default place for new certs.
-
-certificate	= $dir/cacert.pem 	# The CA certificate
-serial		= $dir/serial 		# The current serial number
-crl		= $dir/crl.pem 		# The current CRL
-private_key	= $dir/private/cakey.pem# The private key
-RANDFILE	= $dir/private/.rand	# private random number file
-
-x509_extensions	= x509v3_extensions	# The extentions to add to the cert
-default_days	= 365			# how long to certify for
-default_crl_days= 30			# how long before next CRL
-default_md	= md5			# which md to use.
-preserve	= no			# keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy		= policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName		= match
-stateOrProvinceName	= match
-organizationName	= match
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName		= optional
-stateOrProvinceName	= optional
-localityName		= optional
-organizationName	= optional
-organizationalUnitName	= optional
-commonName		= supplied
-emailAddress		= optional
-
-####################################################################
-[ req ]
-default_bits		= 1024
-default_keyfile 	= privkey.pem
-distinguished_name	= req_distinguished_name
-attributes		= req_attributes
-
-[ req_distinguished_name ]
-countryName			= Country Name (2 letter code)
-countryName_default		= AU
-countryName_min			= 2
-countryName_max			= 2
-
-stateOrProvinceName		= State or Province Name (full name)
-stateOrProvinceName_default	= Some-State
-
-localityName			= Locality Name (eg, city)
-
-0.organizationName		= Organization Name (eg, company)
-0.organizationName_default	= Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName		= Second Organization Name (eg, company)
-#1.organizationName_default	= CryptSoft Pty Ltd
-
-organizationalUnitName		= Organizational Unit Name (eg, section)
-#organizationalUnitName_default	=
-
-commonName			= Common Name (eg, YOUR name)
-commonName_max			= 64
-
-emailAddress			= Email Address
-emailAddress_max		= 40
-
-SET-ex3				= SET extension number 3
-
-[ req_attributes ]
-challengePassword		= A challenge password
-challengePassword_min		= 4
-challengePassword_max		= 20
-
-unstructuredName		= An optional company name
-
-[ x509v3_extensions ]
-
-nsCaRevocationUrl		= http://www.cryptsoft.com/ca-crl.pem
-nsComment			= "This is a comment"
-
-# under ASN.1, the 0 bit would be encoded as 80
-nsCertType			= 0x40
-
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-#nsCertSequence
-#nsCertExt
-#nsDataType
-
diff --git a/apps/stuff/pkcs12.der b/apps/stuff/pkcs12.der
deleted file mode 100644
index 49c28b4785..0000000000
--- a/apps/stuff/pkcs12.der
+++ /dev/null
diff --git a/apps/stuff/pkcs7.ex1 b/apps/stuff/pkcs7.ex1
deleted file mode 100644
index 0eed41b6dc..0000000000
--- a/apps/stuff/pkcs7.ex1
+++ /dev/null
@@ -1,25 +0,0 @@
------BEGIN xxx-----
-MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIB
-rTCCAUkCAgC2MA0GCSqGSIb3DQEBAgUAME0xCzAJBgNVBAYTAlVTMSAw
-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMT
-UGVyc29uYSBDZXJ0aWZpY2F0ZTAeFw05NDA0MDkwMDUwMzdaFw05NDA4
-MDIxODM4NTdaMGcxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
-YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMTUGVyc29uYSBDZXJ0aWZp
-Y2F0ZTEYMBYGA1UEAxMPU2V0ZWMgQXN0cm9ub215MFwwDQYJKoZIhvcN
-AQEBBQADSwAwSAJBAMy8QcW7RMrB4sTdQ8Nmb2DFmJmkWn+el+NdeamI
-DElX/qw9mIQu4xNj1FfepfJNxzPvA0OtMKhy6+bkrlyMEU8CAwEAATAN
-BgkqhkiG9w0BAQIFAANPAAYn7jDgirhiIL4wnP8nGzUisGSpsFsF4/7z
-2P2wqne6Qk8Cg/Dstu3RyaN78vAMGP8d82H5+Ndfhi2mRp4YHiGHz0Hl
-K6VbPfnyvS2wdjCCAccwggFRAgUCQAAAFDANBgkqhkiG9w0BAQIFADBf
-MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHks
-IEluYy4xLjAsBgNVBAsTJUxvdyBBc3N1cmFuY2UgQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHkwHhcNOTQwMTA3MDAwMDAwWhcNOTYwMTA3MjM1OTU5
-WjBNMQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJp
-dHksIEluYy4xHDAaBgNVBAsTE1BlcnNvbmEgQ2VydGlmaWNhdGUwaTAN
-BgkqhkiG9w0BAQEFAANYADBVAk4GqghQDa9Xi/2zAdYEqJVIcYhlLN1F
-pI9tXQ1m6zZ39PYXK8Uhoj0Es7kWRv8hC04vqkOKwndWbzVtvoHQOmP8
-nOkkuBi+AQvgFoRcgOUCAwEAATANBgkqhkiG9w0BAQIFAANhAD/5Uo7x
-Ddp49oZm9GoNcPhZcW1e+nojLvHXWAU/CBkwfcR+FSf4hQ5eFu1AjYv6
-Wqf430Xe9Et5+jgnMTiq4LnwgTdA8xQX4elJz9QzQobkE3XVOjVAtCFc
-miin80RB8AAAMYAAAAAAAAAAAA==
------END xxx-----
diff --git a/apps/stuff/pkcs7.ex2 b/apps/stuff/pkcs7.ex2
deleted file mode 100644
index 2b21a67ca5..0000000000
--- a/apps/stuff/pkcs7.ex2
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN PRIVACY-ENHANCED MESSAGE-----
-MIAGCSqGSIb3DQEHBqCAMIACAQAwgAYJKoZIhvcNAQcBMBEGBSsOAwIHBAifqtdy
-x6uIMYCCARgvFzJtOZBn773DtmXlx037ck3giqnV0WC0QAx5f+fesAiGaxMqWcir
-r9XvT0nT0LgSQ/8tiLCDBEKdyCNgdcJAduy3D0r2sb5sNTT0TyL9uydG3w55vTnW
-aPbCPCWLudArI1UHDZbnoJICrVehxG/sYX069M8v6VO8PsJS7//hh1yM+0nekzQ5
-l1p0j7uWKu4W0csrlGqhLvEJanj6dQAGSTNCOoH3jzEXGQXntgesk8poFPfHdtj0
-5RH4MuJRajDmoEjlrNcnGl/BdHAd2JaCo6uZWGcnGAgVJ/TVfSVSwN5nlCK87tXl
-nL7DJwaPRYwxb3mnPKNq7ATiJPf5u162MbwxrddmiE7e3sST7naSN+GS0ateY5X7
-AAAAAAAAAAA=
------END PRIVACY-ENHANCED MESSAGE-----
-
diff --git a/apps/stuff/pkcs7.ex3 b/apps/stuff/pkcs7.ex3
deleted file mode 100644
index b2eabefc5b..0000000000
--- a/apps/stuff/pkcs7.ex3
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN PRIVACY-ENHANCED MESSAGE-----
-MIAGCSqGSIb3DQEHA6CAMIACAQAxgDCBqQIBADBTME0xCzAJBgNVBAYTAlVTMSAw
-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEcMBoGA1UECxMTUGVyc29u
-YSBDZXJ0aWZpY2F0ZQICALYwDQYJKoZIhvcNAQEBBQAEQCU/R+YCJSUsV6XLilHG
-cNVzwqKcWzmT/rZ+duOv8Ggb7oO/d8H3xUVGQ2LsX4kYGq2szwj8Q6eWhsmhf4oz
-lvMAADCABgkqhkiG9w0BBwEwEQYFKw4DAgcECFif7BadXlw3oIAEgZBNcMexKe16
-+mNxx8YQPukBCL0bWqS86lvws/AgRkKPELmysBi5lco8MBCsWK/fCyrnxIRHs1oK
-BXBVlsAhKkkusk1kCf/GbXSAphdSgG+d6LxrNZwHbBFOX6A2hYS63Iczd5bOVDDW
-Op2gcgUtMJq6k2LFrs4L7HHqRPPlqNJ6j5mFP4xkzOCNIQynpD1rV6EECMIk/T7k
-1JLSAAAAAAAAAAAAAA==
------END PRIVACY-ENHANCED MESSAGE-----
-
diff --git a/apps/stuff/pkcs7.pem b/apps/stuff/pkcs7.pem
deleted file mode 100644
index eef654ca81..0000000000
--- a/apps/stuff/pkcs7.pem
+++ /dev/null
@@ -1,46 +0,0 @@
------BEGIN PKCS7-----
-MIIIEgYJKoZIhvcNAQcCMIIIAwIBATEAMAsGCSqGSIb3DQEHAaCCBDUwggIhMIIB
-jgIFAnIAAGcwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT
-F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk1MDUxNzAwMDAwMFoXDTk1MTEx
-NjIzNTk1OVowdzELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5h
-MRIwEAYDVQQHEwlDaGFybG90dGUxIzAhBgNVBAoTGlZuZXQgSW50ZXJuZXQgQWNj
-ZXNzLCBJbmMuMRYwFAYDVQQDFA13d3cqLnZuZXQubmV0MHwwDQYJKoZIhvcNAQEB
-BQADawAwaAJhAOngW+io4W1lAp1b2k4+KqICaLHatp6AWkPLpa3Li2mwmggSGeRD
-AmTI4FQB0EFrDMfKLOteHgGoDJ0vifmV5cKvevRt5Gn+xPn54Halu7i145iUldyv
-oViUNpWmLJhKTQIDAQABMA0GCSqGSIb3DQEBAgUAA34AQkyfJje6H8fxtN68TvXV
-RibnPpQol2jMbh0VnK9cP9ePvsXy+7JoGuWxj6zlgjZGwia49xITggZ+0b+wP51l
-5e8xEEc2K7eC5QVD0qh/NSqdPcVP+UG6UK/LT25w/yLuZgqJ3g87kGbOo9myLhkZ
-3jr3kXnsriBmwmqcjgUwggIMMIIBlgIFAkAAAEUwDQYJKoZIhvcNAQECBQAwXzEL
-MAkGA1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4w
-LAYDVQQLEyVMb3cgQXNzdXJhbmNlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X
-DTk0MTEwOTIzMTk0NFoXDTk5MTIzMTIzMTk0NFowXzELMAkGA1UEBhMCVVMxIDAe
-BgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUg
-U2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUA
-A4GJADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwji
-ioII0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJ
-VphIuR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJ
-KoZIhvcNAQECBQADYQAjOCnuhWTdRq+8PhUBSzKbOhmafQQPQ8Ltw+49U8N1zgq9
-1ROaW46znUQykAPUdaAIflEfV2e0ULuyOWCwDJ2ME7NUmWL86SLkk6QLC9iItjva
-h+tdpLV/+TerjmrxCWChggOyMIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkG
-A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
-VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1
-MDIwMjEyMjZaFw05NTA2MDEwMDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcy
-NDI2WjAWAgUCQQAACRcNOTUwMjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAx
-MjQ5WjAWAgUCQQAADBcNOTUwMjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0
-MDQ5WjAWAgUCQQAAFhcNOTUwMzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0
-MDQxWjAWAgUCQQAAHxcNOTUwMzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAw
-NzExWjAWAgUCcgAAERcNOTUwMzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDEx
-MzIxWjAWAgUCcgAAHhcNOTUwNDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcx
-NzI0WjAWAgUCcgAAOBcNOTUwNDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIx
-MjI2WjANBgkqhkiG9w0BAQIFAAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6q
-QmK92W0hW158wpJg+ovV3+wQwvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3M
-rJBnZ4GaZDu4FutZh72MR3GtJaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFA
-yp0vMIIBHTCBqDANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEgMB4GA1UE
-ChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4xLjAsBgNVBAsTJUxvdyBBc3N1cmFu
-Y2UgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkXDTk1MDUwMTE5MjcyOVoXDTk1MDYw
-MTA4MDAwMFowGDAWAgUCQAAAXhcNOTUwMjA4MDE0NjIyWjANBgkqhkiG9w0BAQIF
-AANhAF70VxEAKgGlS2otYkWSqYJ286MMDbdAIoEGCDTtVuLCOP3YKHOSTjFhbIhL
-5mBd+Q/W+lKSqdoyYhdObaBk4I4Wk+/BE2QK1x4QhtYG144spESXIRIKAbhffg1g
-rRe/ETEA
------END PKCS7-----
diff --git a/apps/test.ssl b/apps/test.ssl
deleted file mode 100644
index d0566e0d05..0000000000
--- a/apps/test.ssl
+++ /dev/null
@@ -1,16 +0,0 @@
-www.microsoft.com:443
-sectest.microsoft.com:443
-https://sectest.microsoft.com/ClientAuth/test.asp
-ssl3.netscape.com:443
-ssl3.netscape.com:444
-www.openmarket.com:443 - no session ID caching. - no swap
-
-Servers
-bad  www.openmarket.com	Open-Market-Secure-WebServer/V2.1
-bad  www.microsoft.com	Server: Microsoft-IIS/3.0
-good transact.netscape.com	Netscape-Enterprise/2.01
-
-clients
-good netscape
-hmm  MSIE
-
diff --git a/apps/testdsa.h b/apps/testdsa.h
index 8e8aea617a..9e84e31c93 100644
--- a/apps/testdsa.h
+++ b/apps/testdsa.h
@@ -1,14 +1,20 @@
 /* NOCW */
-#ifndef NOPROTO
+/* used by apps/speed.c */
 DSA *get_dsa512(void );
 DSA *get_dsa1024(void );
 DSA *get_dsa2048(void );
-#else
-DSA *get_dsa512();
-DSA *get_dsa1024();
-DSA *get_dsa2048();
-#endif
-
+static unsigned char dsa512_priv[] = {
+	0x65,0xe5,0xc7,0x38,0x60,0x24,0xb5,0x89,0xd4,0x9c,0xeb,0x4c,
+	0x9c,0x1d,0x7a,0x22,0xbd,0xd1,0xc2,0xd2,
+	};
+static unsigned char dsa512_pub[] = {
+	0x00,0x95,0xa7,0x0d,0xec,0x93,0x68,0xba,0x5f,0xf7,0x5f,0x07,
+	0xf2,0x3b,0xad,0x6b,0x01,0xdc,0xbe,0xec,0xde,0x04,0x7a,0x3a,
+	0x27,0xb3,0xec,0x49,0xfd,0x08,0x43,0x3d,0x7e,0xa8,0x2c,0x5e,
+	0x7b,0xbb,0xfc,0xf4,0x6e,0xeb,0x6c,0xb0,0x6e,0xf8,0x02,0x12,
+	0x8c,0x38,0x5d,0x83,0x56,0x7d,0xee,0x53,0x05,0x3e,0x24,0x84,
+	0xbe,0xba,0x0a,0x6b,0xc8,
+	};
 static unsigned char dsa512_p[]={
 	0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86,
 	0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0,
@@ -35,14 +41,34 @@ DSA *get_dsa512()
 	DSA *dsa;
 
 	if ((dsa=DSA_new()) == NULL) return(NULL);
+	dsa->priv_key=BN_bin2bn(dsa512_priv,sizeof(dsa512_priv),NULL);
+	dsa->pub_key=BN_bin2bn(dsa512_pub,sizeof(dsa512_pub),NULL);
 	dsa->p=BN_bin2bn(dsa512_p,sizeof(dsa512_p),NULL);
 	dsa->q=BN_bin2bn(dsa512_q,sizeof(dsa512_q),NULL);
 	dsa->g=BN_bin2bn(dsa512_g,sizeof(dsa512_g),NULL);
-	if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+	if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
+				(dsa->q == NULL) || (dsa->g == NULL))
 		return(NULL);
 	return(dsa);
 	}
 
+static unsigned char dsa1024_priv[]={
+	0x7d,0x21,0xda,0xbb,0x62,0x15,0x47,0x36,0x07,0x67,0x12,0xe8,
+	0x8c,0xaa,0x1c,0xcd,0x38,0x12,0x61,0x18,
+	};
+static unsigned char dsa1024_pub[]={
+	0x3c,0x4e,0x9c,0x2a,0x7f,0x16,0xc1,0x25,0xeb,0xac,0x78,0x63,
+	0x90,0x14,0x8c,0x8b,0xf4,0x68,0x43,0x3c,0x2d,0xee,0x65,0x50,
+	0x7d,0x9c,0x8f,0x8c,0x8a,0x51,0xd6,0x11,0x2b,0x99,0xaf,0x1e,
+	0x90,0x97,0xb5,0xd3,0xa6,0x20,0x25,0xd6,0xfe,0x43,0x02,0xd5,
+	0x91,0x7d,0xa7,0x8c,0xdb,0xc9,0x85,0xa3,0x36,0x48,0xf7,0x68,
+	0xaa,0x60,0xb1,0xf7,0x05,0x68,0x3a,0xa3,0x3f,0xd3,0x19,0x82,
+	0xd8,0x82,0x7a,0x77,0xfb,0xef,0xf4,0x15,0x0a,0xeb,0x06,0x04,
+	0x7f,0x53,0x07,0x0c,0xbc,0xcb,0x2d,0x83,0xdb,0x3e,0xd1,0x28,
+	0xa5,0xa1,0x31,0xe0,0x67,0xfa,0x50,0xde,0x9b,0x07,0x83,0x7e,
+	0x2c,0x0b,0xc3,0x13,0x50,0x61,0xe5,0xad,0xbd,0x36,0xb8,0x97,
+	0x4e,0x40,0x7d,0xe8,0x83,0x0d,0xbc,0x4b
+	};
 static unsigned char dsa1024_p[]={
 	0xA7,0x3F,0x6E,0x85,0xBF,0x41,0x6A,0x29,0x7D,0xF0,0x9F,0x47,
 	0x19,0x30,0x90,0x9A,0x09,0x1D,0xDA,0x6A,0x33,0x1E,0xC5,0x3D,
@@ -79,14 +105,45 @@ DSA *get_dsa1024()
 	DSA *dsa;
 
 	if ((dsa=DSA_new()) == NULL) return(NULL);
+	dsa->priv_key=BN_bin2bn(dsa1024_priv,sizeof(dsa1024_priv),NULL);
+	dsa->pub_key=BN_bin2bn(dsa1024_pub,sizeof(dsa1024_pub),NULL);
 	dsa->p=BN_bin2bn(dsa1024_p,sizeof(dsa1024_p),NULL);
 	dsa->q=BN_bin2bn(dsa1024_q,sizeof(dsa1024_q),NULL);
 	dsa->g=BN_bin2bn(dsa1024_g,sizeof(dsa1024_g),NULL);
-	if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+	if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
+				(dsa->q == NULL) || (dsa->g == NULL))
 		return(NULL);
 	return(dsa);
 	}
 
+static unsigned char dsa2048_priv[]={
+	0x32,0x67,0x92,0xf6,0xc4,0xe2,0xe2,0xe8,0xa0,0x8b,0x6b,0x45,
+	0x0c,0x8a,0x76,0xb0,0xee,0xcf,0x91,0xa7,
+	};
+static unsigned char dsa2048_pub[]={
+	0x17,0x8f,0xa8,0x11,0x84,0x92,0xec,0x83,0x47,0xc7,0x6a,0xb0,
+	0x92,0xaf,0x5a,0x20,0x37,0xa3,0x64,0x79,0xd2,0xd0,0x3d,0xcd,
+	0xe0,0x61,0x88,0x88,0x21,0xcc,0x74,0x5d,0xce,0x4c,0x51,0x47,
+	0xf0,0xc5,0x5c,0x4c,0x82,0x7a,0xaf,0x72,0xad,0xb9,0xe0,0x53,
+	0xf2,0x78,0xb7,0xf0,0xb5,0x48,0x7f,0x8a,0x3a,0x18,0xd1,0x9f,
+	0x8b,0x7d,0xa5,0x47,0xb7,0x95,0xab,0x98,0xf8,0x7b,0x74,0x50,
+	0x56,0x8e,0x57,0xf0,0xee,0xf5,0xb7,0xba,0xab,0x85,0x86,0xf9,
+	0x2b,0xef,0x41,0x56,0xa0,0xa4,0x9f,0xb7,0x38,0x00,0x46,0x0a,
+	0xa6,0xf1,0xfc,0x1f,0xd8,0x4e,0x85,0x44,0x92,0x43,0x21,0x5d,
+	0x6e,0xcc,0xc2,0xcb,0x26,0x31,0x0d,0x21,0xc4,0xbd,0x8d,0x24,
+	0xbc,0xd9,0x18,0x19,0xd7,0xdc,0xf1,0xe7,0x93,0x50,0x48,0x03,
+	0x2c,0xae,0x2e,0xe7,0x49,0x88,0x5f,0x93,0x57,0x27,0x99,0x36,
+	0xb4,0x20,0xab,0xfc,0xa7,0x2b,0xf2,0xd9,0x98,0xd7,0xd4,0x34,
+	0x9d,0x96,0x50,0x58,0x9a,0xea,0x54,0xf3,0xee,0xf5,0x63,0x14,
+	0xee,0x85,0x83,0x74,0x76,0xe1,0x52,0x95,0xc3,0xf7,0xeb,0x04,
+	0x04,0x7b,0xa7,0x28,0x1b,0xcc,0xea,0x4a,0x4e,0x84,0xda,0xd8,
+	0x9c,0x79,0xd8,0x9b,0x66,0x89,0x2f,0xcf,0xac,0xd7,0x79,0xf9,
+	0xa9,0xd8,0x45,0x13,0x78,0xb9,0x00,0x14,0xc9,0x7e,0x22,0x51,
+	0x86,0x67,0xb0,0x9f,0x26,0x11,0x23,0xc8,0x38,0xd7,0x70,0x1d,
+	0x15,0x8e,0x4d,0x4f,0x95,0x97,0x40,0xa1,0xc2,0x7e,0x01,0x18,
+	0x72,0xf4,0x10,0xe6,0x8d,0x52,0x16,0x7f,0xf2,0xc9,0xf8,0x33,
+	0x8b,0x33,0xb7,0xce,
+	};
 static unsigned char dsa2048_p[]={
 	0xA0,0x25,0xFA,0xAD,0xF4,0x8E,0xB9,0xE5,0x99,0xF3,0x5D,0x6F,
 	0x4F,0x83,0x34,0xE2,0x7E,0xCF,0x6F,0xBF,0x30,0xAF,0x6F,0x81,
@@ -145,11 +202,16 @@ DSA *get_dsa2048()
 	DSA *dsa;
  
 	if ((dsa=DSA_new()) == NULL) return(NULL);
+	dsa->priv_key=BN_bin2bn(dsa2048_priv,sizeof(dsa2048_priv),NULL);
+	dsa->pub_key=BN_bin2bn(dsa2048_pub,sizeof(dsa2048_pub),NULL);
 	dsa->p=BN_bin2bn(dsa2048_p,sizeof(dsa2048_p),NULL);
 	dsa->q=BN_bin2bn(dsa2048_q,sizeof(dsa2048_q),NULL);
 	dsa->g=BN_bin2bn(dsa2048_g,sizeof(dsa2048_g),NULL);
-	if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+	if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
+				(dsa->q == NULL) || (dsa->g == NULL))
 		return(NULL);
 	return(dsa);
 	}
 
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+static int rnd_fake = 0;
diff --git a/apps/testrsa.h b/apps/testrsa.h
index 9a0e811c73..3007d792b0 100644
--- a/apps/testrsa.h
+++ b/apps/testrsa.h
@@ -1,4 +1,5 @@
 /* apps/testrsa.h */
+/* used by apps/speed.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
diff --git a/apps/tkca b/apps/tkca
deleted file mode 100644
index bdaf21606a..0000000000
--- a/apps/tkca
+++ /dev/null
@@ -1,66 +0,0 @@
-#!/usr/local/bin/perl5
-#
-# This is only something I'm playing with, it does not work :-)
-#
-
-use Tk;
-
-my $main=MainWindow->new();
-my $f=$main->Frame(-relief => "ridge", -borderwidth => 2);
-$f->pack(-fill => 'x');
-
-my $ff=$f->Frame;
-$ff->pack(-fill => 'x');
-my $l=$ff->Label(-text => "TkCA - SSLeay",
-	-relief => "ridge", -borderwidth => 2);
-$l->pack(-fill => 'x', -ipady => 5);
-
-my $l=$ff->Button(-text => "Certify");
-$l->pack(-fill => 'x', -ipady => 5);
-
-my $l=$ff->Button(-text => "Review");
-$l->pack(-fill => 'x', -ipady => 5);
-
-my $l=$ff->Button(-text => "Revoke");
-$l->pack(-fill => 'x', -ipady => 5);
-
-my $l=$ff->Button(-text => "Generate CRL");
-$l->pack(-fill => 'x', -ipady => 5);
-
-my($db)=&load_db("demoCA/index.txt");
-
-MainLoop;
-
-sub load_db
-	{
-	my(%ret);
-	my($file)=@_;
-	my(*IN);
-	my(%db_serial,%db_name,@f,@db_s);
-
-	$ret{'serial'}=\%db_serial;
-	$ret{'name'}=\%db_name;
-
-	open(IN,"<$file") || die "unable to open $file:$!\n";
-	while (<IN>)
-		{
-		chop;
-		s/([^\\])\t/\1\t\t/g;
-		my(@f)=split(/\t\t/);
-		die "wrong number of fields in $file, line $.\n"
-			if ($#f != 5);
-
-		my(%f);
-		$f{'type'}=$f[0];
-		$f{'exp'}=$f[1];
-		$f{'rev'}=$f[2];
-		$f{'serial'}=$f[3];
-		$f{'file'}=$f[4];
-		$f{'name'}=$f[5];
-		die "serial number $f{'serial'} appears twice (line $.)\n"
-			if (defined($db{$f{'serial'}}))
-		$db_serial{$f{'serial'}}=\%f;
-		$db_name{$f{'name'}}.=$f{'serial'}." ";
-		}
-	return \%ret;
-	}
diff --git a/apps/verify.c b/apps/verify.c
index 2179110d37..9a18213ece 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -60,32 +60,33 @@
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "bio.h"
-#include "err.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG	verify_main
 
-#ifndef NOPROTO
 static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx);
-static int check(X509_STORE *ctx,char *file);
-#else
-static int MS_CALLBACK cb();
-static int check();
-#endif
+static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e);
+static STACK_OF(X509) *load_untrusted(char *file);
+static int v_verbose=0, vflags = 0;
 
-static int v_verbose=0;
+int MAIN(int, char **);
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int i,ret=1;
+	int purpose = -1;
 	char *CApath=NULL,*CAfile=NULL;
+	char *untfile = NULL, *trustfile = NULL;
+	STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
 	X509_STORE *cert_ctx=NULL;
 	X509_LOOKUP *lookup=NULL;
+	char *engine=NULL;
 
 	cert_ctx=X509_STORE_new();
 	if (cert_ctx == NULL) goto end;
@@ -99,6 +100,9 @@ char **argv;
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	argc--;
 	argv++;
 	for (;;)
@@ -115,8 +119,44 @@ char **argv;
 				if (argc-- < 1) goto end;
 				CAfile= *(++argv);
 				}
+			else if (strcmp(*argv,"-purpose") == 0)
+				{
+				X509_PURPOSE *xptmp;
+				if (argc-- < 1) goto end;
+				i = X509_PURPOSE_get_by_sname(*(++argv));
+				if(i < 0)
+					{
+					BIO_printf(bio_err, "unrecognized purpose\n");
+					goto end;
+					}
+				xptmp = X509_PURPOSE_get0(i);
+				purpose = X509_PURPOSE_get_id(xptmp);
+				}
+			else if (strcmp(*argv,"-untrusted") == 0)
+				{
+				if (argc-- < 1) goto end;
+				untfile= *(++argv);
+				}
+			else if (strcmp(*argv,"-trusted") == 0)
+				{
+				if (argc-- < 1) goto end;
+				trustfile= *(++argv);
+				}
+			else if (strcmp(*argv,"-engine") == 0)
+				{
+				if (--argc < 1) goto end;
+				engine= *(++argv);
+				}
 			else if (strcmp(*argv,"-help") == 0)
 				goto end;
+			else if (strcmp(*argv,"-ignore_critical") == 0)
+				vflags |= X509_V_FLAG_IGNORE_CRITICAL;
+			else if (strcmp(*argv,"-issuer_checks") == 0)
+				vflags |= X509_V_FLAG_CB_ISSUER_CHECK;
+			else if (strcmp(*argv,"-crl_check") == 0)
+				vflags |= X509_V_FLAG_CRL_CHECK;
+			else if (strcmp(*argv,"-crl_check_all") == 0)
+				vflags |= X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL;
 			else if (strcmp(*argv,"-verbose") == 0)
 				v_verbose=1;
 			else if (argv[0][0] == '-')
@@ -130,70 +170,98 @@ char **argv;
 			break;
 		}
 
+        e = setup_engine(bio_err, engine, 0);
+
 	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
 	if (lookup == NULL) abort();
-	if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM))
-		X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+	if (CAfile) {
+		i=X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM);
+		if(!i) {
+			BIO_printf(bio_err, "Error loading file %s\n", CAfile);
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
 		
 	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir());
 	if (lookup == NULL) abort();
-	if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM))
-		X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
-
+	if (CApath) {
+		i=X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM);
+		if(!i) {
+			BIO_printf(bio_err, "Error loading directory %s\n", CApath);
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
 
 	ERR_clear_error();
-	if (argc < 1) check(cert_ctx,NULL);
+
+	if(untfile) {
+		if(!(untrusted = load_untrusted(untfile))) {
+			BIO_printf(bio_err, "Error loading untrusted file %s\n", untfile);
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	}
+
+	if(trustfile) {
+		if(!(trusted = load_untrusted(trustfile))) {
+			BIO_printf(bio_err, "Error loading untrusted file %s\n", trustfile);
+			ERR_print_errors(bio_err);
+			goto end;
+		}
+	}
+
+	if (argc < 1) check(cert_ctx, NULL, untrusted, trusted, purpose, e);
 	else
 		for (i=0; i<argc; i++)
-			check(cert_ctx,argv[i]);
+			check(cert_ctx,argv[i], untrusted, trusted, purpose, e);
 	ret=0;
 end:
-	if (ret == 1)
-		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] cert1 cert2 ...\n");
+	if (ret == 1) {
+		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...\n");
+		BIO_printf(bio_err,"recognized usages:\n");
+		for(i = 0; i < X509_PURPOSE_get_count(); i++) {
+			X509_PURPOSE *ptmp;
+			ptmp = X509_PURPOSE_get0(i);
+			BIO_printf(bio_err, "\t%-10s\t%s\n", X509_PURPOSE_get0_sname(ptmp),
+								X509_PURPOSE_get0_name(ptmp));
+		}
+	}
 	if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
-	EXIT(ret);
+	sk_X509_pop_free(untrusted, X509_free);
+	sk_X509_pop_free(trusted, X509_free);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
-static int check(ctx,file)
-X509_STORE *ctx;
-char *file;
+static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose, ENGINE *e)
 	{
 	X509 *x=NULL;
-	BIO *in=NULL;
 	int i=0,ret=0;
-	X509_STORE_CTX csc;
+	X509_STORE_CTX *csc;
 
-	in=BIO_new(BIO_s_file());
-	if (in == NULL)
-		{
-		ERR_print_errors(bio_err);
+	x = load_cert(bio_err, file, FORMAT_PEM, NULL, e, "certificate file");
+	if (x == NULL)
 		goto end;
-		}
+	fprintf(stdout,"%s: ",(file == NULL)?"stdin":file);
 
-	if (file == NULL)
-		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-	else
+	csc = X509_STORE_CTX_new();
+	if (csc == NULL)
 		{
-		if (BIO_read_filename(in,file) <= 0)
-			{
-			perror(file);
-			goto end;
-			}
+		ERR_print_errors(bio_err);
+		goto end;
 		}
-
-	x=PEM_read_bio_X509(in,NULL,NULL);
-	if (x == NULL)
+	X509_STORE_set_flags(ctx, vflags);
+	if(!X509_STORE_CTX_init(csc,ctx,x,uchain))
 		{
-		fprintf(stdout,"%s: unable to load certificate file\n",
-			(file == NULL)?"stdin":file);
 		ERR_print_errors(bio_err);
 		goto end;
 		}
-	fprintf(stdout,"%s: ",(file == NULL)?"stdin":file);
-
-	X509_STORE_CTX_init(&csc,ctx,x,NULL);
-	i=X509_verify_cert(&csc);
-	X509_STORE_CTX_cleanup(&csc);
+	if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);
+	if(purpose >= 0) X509_STORE_CTX_set_purpose(csc, purpose);
+	i=X509_verify_cert(csc);
+	X509_STORE_CTX_free(csc);
 
 	ret=0;
 end:
@@ -205,34 +273,83 @@ end:
 	else
 		ERR_print_errors(bio_err);
 	if (x != NULL) X509_free(x);
-	if (in != NULL) BIO_free(in);
 
 	return(ret);
 	}
 
-static int MS_CALLBACK cb(ok,ctx)
-int ok;
-X509_STORE_CTX *ctx;
+static STACK_OF(X509) *load_untrusted(char *certfile)
+{
+	STACK_OF(X509_INFO) *sk=NULL;
+	STACK_OF(X509) *stack=NULL, *ret=NULL;
+	BIO *in=NULL;
+	X509_INFO *xi;
+
+	if(!(stack = sk_X509_new_null())) {
+		BIO_printf(bio_err,"memory allocation failure\n");
+		goto end;
+	}
+
+	if(!(in=BIO_new_file(certfile, "r"))) {
+		BIO_printf(bio_err,"error opening the file, %s\n",certfile);
+		goto end;
+	}
+
+	/* This loads from a file, a stack of x509/crl/pkey sets */
+	if(!(sk=PEM_X509_INFO_read_bio(in,NULL,NULL,NULL))) {
+		BIO_printf(bio_err,"error reading the file, %s\n",certfile);
+		goto end;
+	}
+
+	/* scan over it and pull out the certs */
+	while (sk_X509_INFO_num(sk))
+		{
+		xi=sk_X509_INFO_shift(sk);
+		if (xi->x509 != NULL)
+			{
+			sk_X509_push(stack,xi->x509);
+			xi->x509=NULL;
+			}
+		X509_INFO_free(xi);
+		}
+	if(!sk_X509_num(stack)) {
+		BIO_printf(bio_err,"no certificates in file, %s\n",certfile);
+		sk_X509_free(stack);
+		goto end;
+	}
+	ret=stack;
+end:
+	BIO_free(in);
+	sk_X509_INFO_free(sk);
+	return(ret);
+	}
+
+static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
 	{
 	char buf[256];
 
 	if (!ok)
 		{
+		X509_NAME_oneline(
+				X509_get_subject_name(ctx->current_cert),buf,
+				sizeof buf);
+		printf("%s\n",buf);
+		printf("error %d at %d depth lookup:%s\n",ctx->error,
+			ctx->error_depth,
+			X509_verify_cert_error_string(ctx->error));
+		if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED) ok=1;
 		/* since we are just checking the certificates, it is
-		 * ok if they are self signed. */
-		if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
-			ok=1;
-		else
-			{
-			X509_NAME_oneline(
-				X509_get_subject_name(ctx->current_cert),buf,256);
-			printf("%s\n",buf);
-			printf("error %d at %d depth lookup:%s\n",ctx->error,
-				ctx->error_depth,
-				X509_verify_cert_error_string(ctx->error));
-			if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED)
-				ok=1;
-			}
+		 * ok if they are self signed. But we should still warn
+		 * the user.
+ 		 */
+		if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
+		/* Continue after extension errors too */
+		if (ctx->error == X509_V_ERR_INVALID_CA) ok=1;
+		if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1;
+		if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1;
+		if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1;
+		if (ctx->error == X509_V_ERR_CRL_HAS_EXPIRED) ok=1;
+		if (ctx->error == X509_V_ERR_CRL_NOT_YET_VALID) ok=1;
+		if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) ok=1;
 		}
 	if (!v_verbose)
 		ERR_clear_error();
diff --git a/apps/version.c b/apps/version.c
index 8d154ea8b3..041da37e99 100644
--- a/apps/version.c
+++ b/apps/version.c
@@ -55,23 +55,91 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include "apps.h"
-#include "evp.h"
-#include "crypto.h"
+#include <openssl/evp.h>
+#include <openssl/crypto.h>
+#ifndef OPENSSL_NO_MD2
+# include <openssl/md2.h>
+#endif
+#ifndef OPENSSL_NO_RC4
+# include <openssl/rc4.h>
+#endif
+#ifndef OPENSSL_NO_DES
+# include <openssl/des.h>
+#endif
+#ifndef OPENSSL_NO_IDEA
+# include <openssl/idea.h>
+#endif
+#ifndef OPENSSL_NO_BF
+# include <openssl/blowfish.h>
+#endif
 
 #undef PROG
 #define PROG	version_main
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
 	{
 	int i,ret=0;
-	int cflags=0,version=0,date=0,options=0,platform=0;
+	int cflags=0,version=0,date=0,options=0,platform=0,dir=0;
 
 	apps_startup();
 
@@ -92,8 +160,10 @@ char **argv;
 			options=1;
 		else if (strcmp(argv[i],"-p") == 0)
 			platform=1;
+		else if (strcmp(argv[i],"-d") == 0)
+			dir=1;
 		else if (strcmp(argv[i],"-a") == 0)
-			date=version=cflags=options=platform=1;
+			date=version=cflags=options=platform=dir=1;
 		else
 			{
 			BIO_printf(bio_err,"usage:version -[avbofp]\n");
@@ -102,31 +172,45 @@ char **argv;
 			}
 		}
 
-	if (version) printf("%s\n",SSLeay_version(SSLEAY_VERSION));
+	if (version)
+		{
+		if (SSLeay() == SSLEAY_VERSION_NUMBER)
+			{
+			printf("%s\n",SSLeay_version(SSLEAY_VERSION));
+			}
+		else
+			{
+			printf("%s (Library: %s)\n",
+				OPENSSL_VERSION_TEXT,
+				SSLeay_version(SSLEAY_VERSION));
+			}
+		}
 	if (date)    printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON));
 	if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM));
 	if (options) 
 		{
-		printf("options:");
+		printf("options:  ");
 		printf("%s ",BN_options());
-#ifndef NO_MD2
+#ifndef OPENSSL_NO_MD2
 		printf("%s ",MD2_options());
 #endif
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 		printf("%s ",RC4_options());
 #endif
-#ifndef NO_DES
-		printf("%s ",des_options());
+#ifndef OPENSSL_NO_DES
+		printf("%s ",DES_options());
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 		printf("%s ",idea_options());
 #endif
-#ifndef NO_BLOWFISH
+#ifndef OPENSSL_NO_BF
 		printf("%s ",BF_options());
 #endif
 		printf("\n");
 		}
 	if (cflags)  printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
+	if (dir)  printf("%s\n",SSLeay_version(SSLEAY_DIR));
 end:
-	EXIT(ret);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
diff --git a/apps/winrand.c b/apps/winrand.c
new file mode 100644
index 0000000000..59bede3d70
--- /dev/null
+++ b/apps/winrand.c
@@ -0,0 +1,148 @@
+/* apps/winrand.c */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* Usage: winrand [filename]
+ *
+ * Collects entropy from mouse movements and other events and writes
+ * random data to filename or .rnd
+ */
+
+#include <windows.h>
+#include <openssl/opensslv.h>
+#include <openssl/rand.h>
+
+LRESULT CALLBACK WndProc(HWND, UINT, WPARAM, LPARAM);
+const char *filename;
+
+int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
+        PSTR cmdline, int iCmdShow)
+	{
+	static char appname[] = "OpenSSL";
+	HWND hwnd;
+	MSG msg;
+	WNDCLASSEX wndclass;
+        char buffer[200];
+
+        if (cmdline[0] == '\0')
+                filename = RAND_file_name(buffer, sizeof buffer);
+        else
+                filename = cmdline;
+
+        RAND_load_file(filename, -1);
+
+	wndclass.cbSize = sizeof(wndclass);
+	wndclass.style = CS_HREDRAW | CS_VREDRAW;
+	wndclass.lpfnWndProc = WndProc;
+	wndclass.cbClsExtra = 0;
+	wndclass.cbWndExtra = 0;
+	wndclass.hInstance = hInstance;
+	wndclass.hIcon = LoadIcon(NULL, IDI_APPLICATION);
+	wndclass.hCursor = LoadCursor(NULL, IDC_ARROW);
+	wndclass.hbrBackground = (HBRUSH) GetStockObject(WHITE_BRUSH);
+	wndclass.lpszMenuName = NULL;
+        wndclass.lpszClassName = appname;
+	wndclass.hIconSm = LoadIcon(NULL, IDI_APPLICATION);
+	RegisterClassEx(&wndclass);
+
+        hwnd = CreateWindow(appname, OPENSSL_VERSION_TEXT,
+		WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT,
+		CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance, NULL);
+
+	ShowWindow(hwnd, iCmdShow);
+	UpdateWindow(hwnd);
+
+
+	while (GetMessage(&msg, NULL, 0, 0))
+		{
+		TranslateMessage(&msg);
+		DispatchMessage(&msg);
+		}
+
+	return msg.wParam;
+	}
+
+LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
+	{
+        HDC hdc;
+	PAINTSTRUCT ps;
+        RECT rect;
+        static int seeded = 0;
+
+	switch (iMsg)
+		{
+	case WM_PAINT:
+		hdc = BeginPaint(hwnd, &ps);
+		GetClientRect(hwnd, &rect);
+                DrawText(hdc, "Seeding the PRNG. Please move the mouse!", -1,
+			&rect, DT_SINGLELINE | DT_CENTER | DT_VCENTER);
+		EndPaint(hwnd, &ps);
+		return 0;
+		
+        case WM_DESTROY:
+                PostQuitMessage(0);
+                return 0;
+                }
+
+        if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0)
+                {
+                seeded = 1;
+                if (RAND_write_file(filename) <= 0)
+                        MessageBox(hwnd, "Couldn't write random file!",
+				"OpenSSL", MB_OK | MB_ICONERROR);
+                PostQuitMessage(0);
+                }
+
+	return DefWindowProc(hwnd, iMsg, wParam, lParam);
+	}
diff --git a/apps/x509.c b/apps/x509.c
index 94d57bb3d2..9709628df3 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -56,21 +56,23 @@
  * [including the GNU Public Licence.]
  */
 
+#include <assert.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef NO_STDIO
+#ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #endif
 #include "apps.h"
-#include "bio.h"
-#include "asn1.h"
-#include "err.h"
-#include "bn.h"
-#include "evp.h"
-#include "x509.h"
-#include "objects.h"
-#include "pem.h"
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
 
 #undef PROG
 #define PROG x509_main
@@ -79,84 +81,109 @@
 #define	POSTFIX	".srl"
 #define DEF_DAYS	30
 
-#define CERT_HDR	"certificate"
-
 static char *x509_usage[]={
 "usage: x509 args\n",
 " -inform arg     - input format - default PEM (one of DER, NET or PEM)\n",
-" -outform arg    - output format - default PEM (one of DER, NET or PEM\n",
+" -outform arg    - output format - default PEM (one of DER, NET or PEM)\n",
 " -keyform arg    - private key format - default PEM\n",
 " -CAform arg     - CA format - default PEM\n",
 " -CAkeyform arg  - CA key format - default PEM\n",
 " -in arg         - input file - default stdin\n",
 " -out arg        - output file - default stdout\n",
+" -passin arg     - private key password source\n",
 " -serial         - print serial number value\n",
 " -hash           - print hash value\n",
 " -subject        - print subject DN\n",
 " -issuer         - print issuer DN\n",
+" -email          - print email address(es)\n",
 " -startdate      - notBefore field\n",
 " -enddate        - notAfter field\n",
+" -purpose        - print out certificate purposes\n",
 " -dates          - both Before and After dates\n",
 " -modulus        - print the RSA key modulus\n",
+" -pubkey         - output the public key\n",
 " -fingerprint    - print the certificate fingerprint\n",
+" -alias          - output certificate alias\n",
 " -noout          - no certificate output\n",
-
+" -ocspid         - print OCSP hash values for the subject name and public key\n",
+" -trustout       - output a \"trusted\" certificate\n",
+" -clrtrust       - clear all trusted purposes\n",
+" -clrreject      - clear all rejected purposes\n",
+" -addtrust arg   - trust certificate for a given purpose\n",
+" -addreject arg  - reject certificate for a given purpose\n",
+" -setalias arg   - set certificate alias\n",
 " -days arg       - How long till expiry of a signed certificate - def 30 days\n",
+" -checkend arg   - check whether the cert expires in the next arg seconds\n",
+"                   exit 1 if so, 0 if not\n",
 " -signkey arg    - self sign cert with arg\n",
 " -x509toreq      - output a certification request object\n",
 " -req            - input is a certificate request, sign and output.\n",
 " -CA arg         - set the CA certificate, must be PEM format.\n",
 " -CAkey arg      - set the CA key, must be PEM format\n",
-"                   missing, it is asssumed to be in the CA file.\n",
+"                   missing, it is assumed to be in the CA file.\n",
 " -CAcreateserial - create serial number file if it does not exist\n",
-" -CAserial       - serial file\n",
-" -text           - print the certitificate in text form\n",
+" -CAserial arg   - serial file\n",
+" -set_serial     - serial number to use\n",
+" -text           - print the certificate in text form\n",
 " -C              - print out C code forms\n",
-" -md2/-md5/-sha1/-mdc2 - digest to do an RSA sign with\n",
+" -md2/-md5/-sha1/-mdc2 - digest to use\n",
+" -extfile        - configuration file with X509V3 extensions to add\n",
+" -extensions     - section from config file with X509V3 extensions to add\n",
+" -clrext         - delete extensions before signing and input certificate\n",
+" -nameopt arg    - various certificate name options\n",
+" -engine e       - use engine e, possibly a hardware device.\n",
+" -certopt arg    - various certificate text options\n",
 NULL
 };
 
-#ifndef NOPROTO
 static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx);
-static EVP_PKEY *load_key(char *file, int format);
-static X509 *load_cert(char *file, int format);
-static int sign (X509 *x, EVP_PKEY *pkey,int days,EVP_MD *digest);
-static int x509_certify (X509_STORE *ctx,char *CAfile, EVP_MD *digest,X509 *x,
-	X509 *xca, EVP_PKEY *pkey,char *serial, int create, int days);
-#else
-static int MS_CALLBACK callb();
-static EVP_PKEY *load_key();
-static X509 *load_cert();
-static int sign ();
-static int x509_certify ();
-#endif
-
+static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest,
+						CONF *conf, char *section);
+static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest,
+			 X509 *x,X509 *xca,EVP_PKEY *pkey,char *serial,
+			 int create,int days, int clrext, CONF *conf, char *section,
+						ASN1_INTEGER *sno);
+static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
 static int reqfile=0;
 
-int MAIN(argc, argv)
-int argc;
-char **argv;
+int MAIN(int, char **);
+
+int MAIN(int argc, char **argv)
 	{
+	ENGINE *e = NULL;
 	int ret=1;
 	X509_REQ *req=NULL;
 	X509 *x=NULL,*xca=NULL;
+	ASN1_OBJECT *objtmp;
 	EVP_PKEY *Upkey=NULL,*CApkey=NULL;
+	ASN1_INTEGER *sno = NULL;
 	int i,num,badops=0;
 	BIO *out=NULL;
 	BIO *STDout=NULL;
+	STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL;
 	int informat,outformat,keyformat,CAformat,CAkeyformat;
 	char *infile=NULL,*outfile=NULL,*keyfile=NULL,*CAfile=NULL;
 	char *CAkeyfile=NULL,*CAserial=NULL;
+	char *alias=NULL;
 	int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
-	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0;
+	int ocspid=0;
+	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
+	int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
 	int C=0;
-	int x509req=0,days=DEF_DAYS,modulus=0;
+	int x509req=0,days=DEF_DAYS,modulus=0,pubkey=0;
+	int pprint = 0;
 	char **pp;
 	X509_STORE *ctx=NULL;
 	X509_REQ *rq=NULL;
 	int fingerprint=0;
 	char buf[256];
-	EVP_MD *md_alg,*digest=EVP_md5();
+	const EVP_MD *md_alg,*digest=EVP_md5();
+	CONF *extconf = NULL;
+	char *extsect = NULL, *extfile = NULL, *passin = NULL, *passargin = NULL;
+	int need_rand = 0;
+	int checkend=0,checkoffset=0;
+	unsigned long nmflag = 0, certflag = 0;
+	char *engine=NULL;
 
 	reqfile=0;
 
@@ -164,7 +191,16 @@ char **argv;
 
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
 	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+	{
+	BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+	STDout = BIO_push(tmpbio, STDout);
+	}
+#endif
 
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
@@ -197,7 +233,10 @@ char **argv;
 			keyformat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-req") == 0)
+			{
 			reqfile=1;
+			need_rand = 1;
+			}
 		else if (strcmp(*argv,"-CAform") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -206,7 +245,7 @@ char **argv;
 		else if (strcmp(*argv,"-CAkeyform") == 0)
 			{
 			if (--argc < 1) goto bad;
-			CAformat=str2fmt(*(++argv));
+			CAkeyformat=str2fmt(*(++argv));
 			}
 		else if (strcmp(*argv,"-days") == 0)
 			{
@@ -218,6 +257,21 @@ char **argv;
 				goto bad;
 				}
 			}
+		else if (strcmp(*argv,"-passin") == 0)
+			{
+			if (--argc < 1) goto bad;
+			passargin= *(++argv);
+			}
+		else if (strcmp(*argv,"-extfile") == 0)
+			{
+			if (--argc < 1) goto bad;
+			extfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-extensions") == 0)
+			{
+			if (--argc < 1) goto bad;
+			extsect= *(++argv);
+			}
 		else if (strcmp(*argv,"-in") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -233,12 +287,14 @@ char **argv;
 			if (--argc < 1) goto bad;
 			keyfile= *(++argv);
 			sign_flag= ++num;
+			need_rand = 1;
 			}
 		else if (strcmp(*argv,"-CA") == 0)
 			{
 			if (--argc < 1) goto bad;
 			CAfile= *(++argv);
 			CA_flag= ++num;
+			need_rand = 1;
 			}
 		else if (strcmp(*argv,"-CAkey") == 0)
 			{
@@ -250,12 +306,75 @@ char **argv;
 			if (--argc < 1) goto bad;
 			CAserial= *(++argv);
 			}
+		else if (strcmp(*argv,"-set_serial") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!(sno = s2i_ASN1_INTEGER(NULL, *(++argv))))
+				goto bad;
+			}
+		else if (strcmp(*argv,"-addtrust") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
+				{
+				BIO_printf(bio_err,
+					"Invalid trust object value %s\n", *argv);
+				goto bad;
+				}
+			if (!trust) trust = sk_ASN1_OBJECT_new_null();
+			sk_ASN1_OBJECT_push(trust, objtmp);
+			trustout = 1;
+			}
+		else if (strcmp(*argv,"-addreject") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!(objtmp = OBJ_txt2obj(*(++argv), 0)))
+				{
+				BIO_printf(bio_err,
+					"Invalid reject object value %s\n", *argv);
+				goto bad;
+				}
+			if (!reject) reject = sk_ASN1_OBJECT_new_null();
+			sk_ASN1_OBJECT_push(reject, objtmp);
+			trustout = 1;
+			}
+		else if (strcmp(*argv,"-setalias") == 0)
+			{
+			if (--argc < 1) goto bad;
+			alias= *(++argv);
+			trustout = 1;
+			}
+		else if (strcmp(*argv,"-certopt") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!set_cert_ex(&certflag, *(++argv))) goto bad;
+			}
+		else if (strcmp(*argv,"-nameopt") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!set_name_ex(&nmflag, *(++argv))) goto bad;
+			}
+		else if (strcmp(*argv,"-setalias") == 0)
+			{
+			if (--argc < 1) goto bad;
+			alias= *(++argv);
+			trustout = 1;
+			}
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
+			engine= *(++argv);
+			}
 		else if (strcmp(*argv,"-C") == 0)
 			C= ++num;
+		else if (strcmp(*argv,"-email") == 0)
+			email= ++num;
 		else if (strcmp(*argv,"-serial") == 0)
 			serial= ++num;
 		else if (strcmp(*argv,"-modulus") == 0)
 			modulus= ++num;
+		else if (strcmp(*argv,"-pubkey") == 0)
+			pubkey= ++num;
 		else if (strcmp(*argv,"-x509toreq") == 0)
 			x509req= ++num;
 		else if (strcmp(*argv,"-text") == 0)
@@ -273,15 +392,42 @@ char **argv;
 			startdate= ++num;
 			enddate= ++num;
 			}
+		else if (strcmp(*argv,"-purpose") == 0)
+			pprint= ++num;
 		else if (strcmp(*argv,"-startdate") == 0)
 			startdate= ++num;
 		else if (strcmp(*argv,"-enddate") == 0)
 			enddate= ++num;
+		else if (strcmp(*argv,"-checkend") == 0)
+			{
+			if (--argc < 1) goto bad;
+			checkoffset=atoi(*(++argv));
+			checkend=1;
+			}
 		else if (strcmp(*argv,"-noout") == 0)
 			noout= ++num;
+		else if (strcmp(*argv,"-trustout") == 0)
+			trustout= 1;
+		else if (strcmp(*argv,"-clrtrust") == 0)
+			clrtrust= ++num;
+		else if (strcmp(*argv,"-clrreject") == 0)
+			clrreject= ++num;
+		else if (strcmp(*argv,"-alias") == 0)
+			aliasout= ++num;
 		else if (strcmp(*argv,"-CAcreateserial") == 0)
 			CA_createserial= ++num;
-		else if ((md_alg=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
+		else if (strcmp(*argv,"-clrext") == 0)
+			clrext = 1;
+#if 1 /* stay backwards-compatible with 0.9.5; this should go away soon */
+		else if (strcmp(*argv,"-crlext") == 0)
+			{
+			BIO_printf(bio_err,"use -clrext instead of -crlext\n");
+			clrext = 1;
+			}
+#endif
+		else if (strcmp(*argv,"-ocspid") == 0)
+			ocspid= ++num;
+		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
 			{
 			/* ok */
 			digest=md_alg;
@@ -300,12 +446,23 @@ char **argv;
 		{
 bad:
 		for (pp=x509_usage; (*pp != NULL); pp++)
-			BIO_printf(bio_err,*pp);
+			BIO_printf(bio_err,"%s",*pp);
 		goto end;
 		}
 
+        e = setup_engine(bio_err, engine, 0);
+
+	if (need_rand)
+		app_RAND_load_file(NULL, bio_err, 0);
+
 	ERR_load_crypto_strings();
 
+	if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
+		{
+		BIO_printf(bio_err, "Error getting password\n");
+		goto end;
+		}
+
 	if (!X509_STORE_set_default_paths(ctx))
 		{
 		ERR_print_errors(bio_err);
@@ -320,6 +477,45 @@ bad:
 		goto end;
 		}
 
+	if (extfile)
+		{
+		long errorline = -1;
+		X509V3_CTX ctx2;
+		extconf = NCONF_new(NULL);
+		if (!NCONF_load(extconf, extfile,&errorline))
+			{
+			if (errorline <= 0)
+				BIO_printf(bio_err,
+					"error loading the config file '%s'\n",
+								extfile);
+                	else
+                        	BIO_printf(bio_err,
+				       "error on line %ld of config file '%s'\n"
+							,errorline,extfile);
+			goto end;
+			}
+		if (!extsect)
+			{
+			extsect = NCONF_get_string(extconf, "default", "extensions");
+			if (!extsect)
+				{
+				ERR_clear_error();
+				extsect = "default";
+				}
+			}
+		X509V3_set_ctx_test(&ctx2);
+		X509V3_set_nconf(&ctx2, extconf);
+		if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL))
+			{
+			BIO_printf(bio_err,
+				"Error Loading extension section %s\n",
+								 extsect);
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		}
+
+
 	if (reqfile)
 		{
 		EVP_PKEY *pkey;
@@ -345,13 +541,18 @@ bad:
 			if (BIO_read_filename(in,infile) <= 0)
 				{
 				perror(infile);
+				BIO_free(in);
 				goto end;
 				}
 			}
-		req=PEM_read_bio_X509_REQ(in,NULL,NULL);
+		req=PEM_read_bio_X509_REQ(in,NULL,NULL,NULL);
 		BIO_free(in);
 
-		if (req == NULL) { perror(infile); goto end; }
+		if (req == NULL)
+			{
+			ERR_print_errors(bio_err);
+			goto end;
+			}
 
 		if (	(req->req_info == NULL) ||
 			(req->req_info->pubkey == NULL) ||
@@ -368,6 +569,7 @@ bad:
 	                goto end;
 	                }
 		i=X509_REQ_verify(req,pkey);
+		EVP_PKEY_free(pkey);
 		if (i < 0)
 			{
 			BIO_printf(bio_err,"Signature verification error\n");
@@ -381,35 +583,35 @@ bad:
 			}
 		else
 			BIO_printf(bio_err,"Signature ok\n");
-		
-		X509_NAME_oneline(req->req_info->subject,buf,256);
-		BIO_printf(bio_err,"subject=%s\n",buf);
+
+		print_name(bio_err, "subject=", X509_REQ_get_subject_name(req), nmflag);
 
 		if ((x=X509_new()) == NULL) goto end;
 		ci=x->cert_info;
 
-		if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
+		if (sno)
+			{
+			if (!X509_set_serialNumber(x, sno))
+				goto end;
+			}
+		else if (!ASN1_INTEGER_set(X509_get_serialNumber(x),0)) goto end;
 		if (!X509_set_issuer_name(x,req->req_info->subject)) goto end;
 		if (!X509_set_subject_name(x,req->req_info->subject)) goto end;
 
 		X509_gmtime_adj(X509_get_notBefore(x),0);
 	        X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
 
-#if 0
-		X509_PUBKEY_free(ci->key);
-		ci->key=req->req_info->pubkey;
-	        req->req_info->pubkey=NULL;
-#else
-		X509_set_pubkey(x,X509_REQ_get_pubkey(req));
-#endif
+		pkey = X509_REQ_get_pubkey(req);
+		X509_set_pubkey(x,pkey);
+		EVP_PKEY_free(pkey);
 		}
 	else
-		x=load_cert(infile,informat);
+		x=load_cert(bio_err,infile,informat,NULL,e,"Certificate");
 
 	if (x == NULL) goto end;
 	if (CA_flag)
 		{
-		xca=load_cert(CAfile,CAformat);
+		xca=load_cert(bio_err,CAfile,CAformat,NULL,e,"CA Certificate");
 		if (xca == NULL) goto end;
 		}
 
@@ -425,7 +627,15 @@ bad:
 			goto end;
 			}
 		if (outfile == NULL)
+			{
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
+#ifdef OPENSSL_SYS_VMS
+			{
+			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
+			out = BIO_push(tmpbio, out);
+			}
+#endif
+			}
 		else
 			{
 			if (BIO_write_filename(out,outfile) <= 0)
@@ -436,21 +646,42 @@ bad:
 			}
 		}
 
+	if (alias) X509_alias_set1(x, (unsigned char *)alias, -1);
+
+	if (clrtrust) X509_trust_clear(x);
+	if (clrreject) X509_reject_clear(x);
+
+	if (trust)
+		{
+		for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++)
+			{
+			objtmp = sk_ASN1_OBJECT_value(trust, i);
+			X509_add1_trust_object(x, objtmp);
+			}
+		}
+
+	if (reject)
+		{
+		for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++)
+			{
+			objtmp = sk_ASN1_OBJECT_value(reject, i);
+			X509_add1_reject_object(x, objtmp);
+			}
+		}
+
 	if (num)
 		{
 		for (i=1; i<=num; i++)
 			{
 			if (issuer == i)
 				{
-				X509_NAME_oneline(X509_get_issuer_name(x),
-					buf,256);
-				BIO_printf(STDout,"issuer= %s\n",buf);
+				print_name(STDout, "issuer= ",
+					X509_get_issuer_name(x), nmflag);
 				}
 			else if (subject == i) 
 				{
-				X509_NAME_oneline(X509_get_subject_name(x),
-					buf,256);
-				BIO_printf(STDout,"subject=%s\n",buf);
+				print_name(STDout, "subject= ",
+					X509_get_subject_name(x), nmflag);
 				}
 			else if (serial == i)
 				{
@@ -458,12 +689,38 @@ bad:
 				i2a_ASN1_INTEGER(STDout,x->cert_info->serialNumber);
 				BIO_printf(STDout,"\n");
 				}
+			else if (email == i) 
+				{
+				int j;
+				STACK *emlst;
+				emlst = X509_get1_email(x);
+				for (j = 0; j < sk_num(emlst); j++)
+					BIO_printf(STDout, "%s\n", sk_value(emlst, j));
+				X509_email_free(emlst);
+				}
+			else if (aliasout == i)
+				{
+				unsigned char *alstr;
+				alstr = X509_alias_get0(x, NULL);
+				if (alstr) BIO_printf(STDout,"%s\n", alstr);
+				else BIO_puts(STDout,"<No Alias>\n");
+				}
 			else if (hash == i)
 				{
 				BIO_printf(STDout,"%08lx\n",X509_subject_name_hash(x));
 				}
+			else if (pprint == i)
+				{
+				X509_PURPOSE *ptmp;
+				int j;
+				BIO_printf(STDout, "Certificate purposes:\n");
+				for (j = 0; j < X509_PURPOSE_get_count(); j++)
+					{
+					ptmp = X509_PURPOSE_get0(j);
+					purpose_print(STDout, x, ptmp);
+					}
+				}
 			else
-#ifndef NO_RSA
 				if (modulus == i)
 				{
 				EVP_PKEY *pkey;
@@ -476,14 +733,36 @@ bad:
 					goto end;
 					}
 				BIO_printf(STDout,"Modulus=");
+#ifndef OPENSSL_NO_RSA
 				if (pkey->type == EVP_PKEY_RSA)
 					BN_print(STDout,pkey->pkey.rsa->n);
 				else
+#endif
+#ifndef OPENSSL_NO_DSA
+				if (pkey->type == EVP_PKEY_DSA)
+					BN_print(STDout,pkey->pkey.dsa->pub_key);
+				else
+#endif
 					BIO_printf(STDout,"Wrong Algorithm type");
 				BIO_printf(STDout,"\n");
+				EVP_PKEY_free(pkey);
+				}
+			else
+				if (pubkey == i)
+				{
+				EVP_PKEY *pkey;
+
+				pkey=X509_get_pubkey(x);
+				if (pkey == NULL)
+					{
+					BIO_printf(bio_err,"Error getting public key\n");
+					ERR_print_errors(bio_err);
+					goto end;
+					}
+				PEM_write_bio_PUBKEY(STDout, pkey);
+				EVP_PKEY_free(pkey);
 				}
 			else
-#endif
 				if (C == i)
 				{
 				unsigned char *d;
@@ -491,14 +770,15 @@ bad:
 				int y,z;
 
 				X509_NAME_oneline(X509_get_subject_name(x),
-					buf,256);
+					buf,sizeof buf);
 				BIO_printf(STDout,"/* subject:%s */\n",buf);
 				m=X509_NAME_oneline(
-					X509_get_issuer_name(x),buf,256);
+					X509_get_issuer_name(x),buf,
+					sizeof buf);
 				BIO_printf(STDout,"/* issuer :%s */\n",buf);
 
 				z=i2d_X509(x,NULL);
-				m=Malloc(z);
+				m=OPENSSL_malloc(z);
 
 				d=(unsigned char *)m;
 				z=i2d_X509_NAME(X509_get_subject_name(x),&d);
@@ -536,22 +816,22 @@ bad:
 				if (y%16 != 0) BIO_printf(STDout,"\n");
 				BIO_printf(STDout,"};\n");
 
-				Free(m);
+				OPENSSL_free(m);
 				}
 			else if (text == i)
 				{
-				X509_print(out,x);
+				X509_print_ex(out,x,nmflag, certflag);
 				}
 			else if (startdate == i)
 				{
 				BIO_puts(STDout,"notBefore=");
-				ASN1_UTCTIME_print(STDout,X509_get_notBefore(x));
+				ASN1_TIME_print(STDout,X509_get_notBefore(x));
 				BIO_puts(STDout,"\n");
 				}
 			else if (enddate == i)
 				{
 				BIO_puts(STDout,"notAfter=");
-				ASN1_UTCTIME_print(STDout,X509_get_notAfter(x));
+				ASN1_TIME_print(STDout,X509_get_notAfter(x));
 				BIO_puts(STDout,"\n");
 				}
 			else if (fingerprint == i)
@@ -560,12 +840,13 @@ bad:
 				unsigned int n;
 				unsigned char md[EVP_MAX_MD_SIZE];
 
-				if (!X509_digest(x,EVP_md5(),md,&n))
+				if (!X509_digest(x,digest,md,&n))
 					{
 					BIO_printf(bio_err,"out of memory\n");
 					goto end;
 					}
-				BIO_printf(STDout,"MD5 Fingerprint=");
+				BIO_printf(STDout,"%s Fingerprint=",
+						OBJ_nid2sn(EVP_MD_type(digest)));
 				for (j=0; j<(int)n; j++)
 					{
 					BIO_printf(STDout,"%02X%c",md[j],
@@ -580,32 +861,48 @@ bad:
 				BIO_printf(bio_err,"Getting Private key\n");
 				if (Upkey == NULL)
 					{
-					Upkey=load_key(keyfile,keyformat);
+					Upkey=load_key(bio_err,
+						keyfile, keyformat, 0,
+						passin, e, "Private key");
 					if (Upkey == NULL) goto end;
 					}
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		                if (Upkey->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
+#ifndef OPENSSL_NO_ECDSA
+				if (Upkey->type == EVP_PKEY_EC)
+					digest=EVP_ecdsa();
+#endif
 
-				if (!sign(x,Upkey,days,digest)) goto end;
+				assert(need_rand);
+				if (!sign(x,Upkey,days,clrext,digest,
+						 extconf, extsect)) goto end;
 				}
 			else if (CA_flag == i)
 				{
 				BIO_printf(bio_err,"Getting CA Private Key\n");
 				if (CAkeyfile != NULL)
 					{
-					CApkey=load_key(CAkeyfile,CAkeyformat);
+					CApkey=load_key(bio_err,
+						CAkeyfile, CAkeyformat,
+						0, passin, e,
+						"CA Private Key");
 					if (CApkey == NULL) goto end;
 					}
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		                if (CApkey->type == EVP_PKEY_DSA)
 		                        digest=EVP_dss1();
 #endif
+#ifndef OPENSSL_NO_ECDSA
+				if (CApkey->type == EVP_PKEY_EC)
+					digest = EVP_ecdsa();
+#endif
 				
+				assert(need_rand);
 				if (!x509_certify(ctx,CAfile,digest,x,xca,
-					CApkey,
-					CAserial,CA_createserial,days))
+					CApkey, CAserial,CA_createserial,days, clrext,
+					extconf, extsect, sno))
 					goto end;
 				}
 			else if (x509req == i)
@@ -620,13 +917,24 @@ bad:
 					}
 				else
 					{
-					pk=load_key(keyfile,FORMAT_PEM);
+					pk=load_key(bio_err,
+						keyfile, FORMAT_PEM, 0,
+						passin, e, "request key");
 					if (pk == NULL) goto end;
 					}
 
 				BIO_printf(bio_err,"Generating certificate request\n");
 
-				rq=X509_to_X509_REQ(x,pk,EVP_md5());
+#ifndef OPENSSL_NO_DSA
+		                if (pk->type == EVP_PKEY_DSA)
+		                        digest=EVP_dss1();
+#endif
+#ifndef OPENSSL_NO_ECDSA
+				if (pk->type == EVP_PKEY_EC)
+					digest=EVP_ecdsa();
+#endif
+
+				rq=X509_to_X509_REQ(x,pk,digest);
 				EVP_PKEY_free(pk);
 				if (rq == NULL)
 					{
@@ -640,7 +948,28 @@ bad:
 					}
 				noout=1;
 				}
+			else if (ocspid == i)
+				{
+				X509_ocspid_print(out, x);
+				}
+			}
+		}
+
+	if (checkend)
+		{
+		time_t tnow=time(NULL);
+
+		if (ASN1_UTCTIME_cmp_time_t(X509_get_notAfter(x), tnow+checkoffset) == -1)
+			{
+			BIO_printf(out,"Certificate will expire\n");
+			ret=1;
+			}
+		else
+			{
+			BIO_printf(out,"Certificate will not expire\n");
+			ret=0;
 			}
+		goto end;
 		}
 
 	if (noout)
@@ -652,14 +981,17 @@ bad:
 	if 	(outformat == FORMAT_ASN1)
 		i=i2d_X509_bio(out,x);
 	else if (outformat == FORMAT_PEM)
-		i=PEM_write_bio_X509(out,x);
+		{
+		if (trustout) i=PEM_write_bio_X509_AUX(out,x);
+		else i=PEM_write_bio_X509(out,x);
+		}
 	else if (outformat == FORMAT_NETSCAPE)
 		{
 		ASN1_HEADER ah;
 		ASN1_OCTET_STRING os;
 
-		os.data=(unsigned char *)CERT_HDR;
-		os.length=strlen(CERT_HDR);
+		os.data=(unsigned char *)NETSCAPE_CERT_HDR;
+		os.length=strlen(NETSCAPE_CERT_HDR);
 		ah.header= &os;
 		ah.data=(char *)x;
 		ah.meth=X509_asn1_meth();
@@ -671,51 +1003,44 @@ bad:
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
 		}
-	if (!i) {
+	if (!i)
+		{
 		BIO_printf(bio_err,"unable to write certificate\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	ret=0;
 end:
+	if (need_rand)
+		app_RAND_write_file(NULL, bio_err);
 	OBJ_cleanup();
-	if (out != NULL) BIO_free(out);
-	if (STDout != NULL) BIO_free(STDout);
-	if (ctx != NULL) X509_STORE_free(ctx);
-	if (req != NULL) X509_REQ_free(req);
-	if (x != NULL) X509_free(x);
-	if (xca != NULL) X509_free(xca);
-	if (Upkey != NULL) EVP_PKEY_free(Upkey);
-	if (CApkey != NULL) EVP_PKEY_free(CApkey);
-	if (rq != NULL) X509_REQ_free(rq);
-	EXIT(ret);
+	NCONF_free(extconf);
+	BIO_free_all(out);
+	BIO_free_all(STDout);
+	X509_STORE_free(ctx);
+	X509_REQ_free(req);
+	X509_free(x);
+	X509_free(xca);
+	EVP_PKEY_free(Upkey);
+	EVP_PKEY_free(CApkey);
+	X509_REQ_free(rq);
+	ASN1_INTEGER_free(sno);
+	sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
+	sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
+	if (passin) OPENSSL_free(passin);
+	apps_shutdown();
+	OPENSSL_EXIT(ret);
 	}
 
-static int x509_certify(ctx,CAfile,digest,x,xca,pkey,serialfile,create,days)
-X509_STORE *ctx;
-char *CAfile;
-EVP_MD *digest;
-X509 *x;
-X509 *xca;
-EVP_PKEY *pkey;
-char *serialfile;
-int create;
-int days;
+static ASN1_INTEGER *load_serial(char *CAfile, char *serialfile, int create)
 	{
-	int ret=0;
-	BIO *io=NULL;
+	char *buf = NULL, *p;
 	MS_STATIC char buf2[1024];
-	char *buf=NULL,*p;
-	BIGNUM *serial=NULL;
-	ASN1_INTEGER *bs=NULL,bs2;
-	X509_STORE_CTX xsc;
-	EVP_PKEY *upkey;
-
-	EVP_PKEY_copy_parameters(X509_get_pubkey(xca),pkey);
+	ASN1_INTEGER *bs = NULL, *bs2 = NULL;
+	BIO *io = NULL;
+	BIGNUM *serial = NULL;
 
-	X509_STORE_CTX_init(&xsc,ctx,x,NULL);
-	buf=(char *)Malloc(EVP_PKEY_size(pkey)*2+
-		((serialfile == NULL)
+	buf=OPENSSL_malloc( ((serialfile == NULL)
 			?(strlen(CAfile)+strlen(POSTFIX)+1)
 			:(strlen(serialfile)))+1);
 	if (buf == NULL) { BIO_printf(bio_err,"out of mem\n"); goto end; }
@@ -756,13 +1081,13 @@ int days;
 			}
 		else
 			{
-			ASN1_INTEGER_set(bs,0);
-			BN_zero(serial);
+			ASN1_INTEGER_set(bs,1);
+			BN_one(serial);
 			}
 		}
 	else 
 		{
-		if (!a2i_ASN1_INTEGER(io,bs,buf2,1024))
+		if (!a2i_ASN1_INTEGER(io,bs,buf2,sizeof buf2))
 			{
 			BIO_printf(bio_err,"unable to load serial number from %s\n",buf);
 			ERR_print_errors(bio_err);
@@ -781,20 +1106,55 @@ int days;
 
 	if (!BN_add_word(serial,1))
 		{ BIO_printf(bio_err,"add_word failure\n"); goto end; }
-	bs2.data=(unsigned char *)buf2;
-	bs2.length=BN_bn2bin(serial,bs2.data);
-
+	if (!(bs2 = BN_to_ASN1_INTEGER(serial, NULL)))
+		{ BIO_printf(bio_err,"error converting bn 2 asn1_integer\n"); goto end; }
 	if (BIO_write_filename(io,buf) <= 0)
 		{
 		BIO_printf(bio_err,"error attempting to write serial number file\n");
 		perror(buf);
 		goto end;
 		}
-	i2a_ASN1_INTEGER(io,&bs2);
+	i2a_ASN1_INTEGER(io,bs2);
 	BIO_puts(io,"\n");
+
 	BIO_free(io);
+	if (buf) OPENSSL_free(buf);
+	ASN1_INTEGER_free(bs2);
+	BN_free(serial);
 	io=NULL;
-	
+	return bs;
+
+	end:
+	if (buf) OPENSSL_free(buf);
+	BIO_free(io);
+	ASN1_INTEGER_free(bs);
+	BN_free(serial);
+	return NULL;
+
+	}
+
+static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+	     X509 *x, X509 *xca, EVP_PKEY *pkey, char *serialfile, int create,
+	     int days, int clrext, CONF *conf, char *section, ASN1_INTEGER *sno)
+	{
+	int ret=0;
+	ASN1_INTEGER *bs=NULL;
+	X509_STORE_CTX xsc;
+	EVP_PKEY *upkey;
+
+	upkey = X509_get_pubkey(xca);
+	EVP_PKEY_copy_parameters(upkey,pkey);
+	EVP_PKEY_free(upkey);
+
+	if(!X509_STORE_CTX_init(&xsc,ctx,x,NULL))
+		{
+		BIO_printf(bio_err,"Error initialising X509 store\n");
+		goto end;
+		}
+	if (sno) bs = sno;
+	else if (!(bs = load_serial(CAfile, serialfile, create)))
+		goto end;
+
 	if (!X509_STORE_add_cert(ctx,x)) goto end;
 
 	/* NOTE: this certificate can/should be self signed, unless it was
@@ -819,15 +1179,18 @@ int days;
 	if (X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days) == NULL)
 		goto end;
 
-	/* don't save DSA parameters in child if parent has them
-	 * and the parents and the childs are the same. */
-	upkey=X509_get_pubkey(x);
-	if (!EVP_PKEY_missing_parameters(pkey) &&
-		(EVP_PKEY_cmp_parameters(pkey,upkey) == 0))
+	if (clrext)
+		{
+		while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
+		}
+
+	if (conf)
 		{
-		EVP_PKEY_save_parameters(upkey,0);
-		/* Force a re-write */
-		X509_set_pubkey(x,upkey);
+		X509V3_CTX ctx2;
+		X509_set_version(x,2); /* version 3 certificate */
+                X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
+                X509V3_set_nconf(&ctx2, conf);
+                if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x)) goto end;
 		}
 
 	if (!X509_sign(x,pkey,digest)) goto end;
@@ -836,18 +1199,12 @@ end:
 	X509_STORE_CTX_cleanup(&xsc);
 	if (!ret)
 		ERR_print_errors(bio_err);
-	if (buf != NULL) Free(buf);
-	if (bs != NULL) ASN1_INTEGER_free(bs);
-	if (io != NULL)	BIO_free(io);
-	if (serial != NULL) BN_free(serial);
-	return(ret);
+	if (!sno) ASN1_INTEGER_free(bs);
+	return ret;
 	}
 
-static int MS_CALLBACK callb(ok, ctx)
-int ok;
-X509_STORE_CTX *ctx;
+static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
 	{
-	char buf[256];
 	int err;
 	X509 *err_cert;
 
@@ -856,7 +1213,7 @@ X509_STORE_CTX *ctx;
 	 * final ok == 1 calls to this function */
 	err=X509_STORE_CTX_get_error(ctx);
 	if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
-		return(1);
+		return 1;
 
 	/* BAD we should have gotten an error.  Normally if everything
 	 * worked X509_STORE_CTX_get_error(ctx) will still be set to
@@ -864,173 +1221,30 @@ X509_STORE_CTX *ctx;
 	if (ok)
 		{
 		BIO_printf(bio_err,"error with certificate to be certified - should be self signed\n");
-		return(0);
+		return 0;
 		}
 	else
 		{
 		err_cert=X509_STORE_CTX_get_current_cert(ctx);
-		X509_NAME_oneline(X509_get_subject_name(err_cert),buf,256);
-		BIO_printf(bio_err,"%s\n",buf);
+		print_name(bio_err, NULL, X509_get_subject_name(err_cert),0);
 		BIO_printf(bio_err,"error with certificate - error %d at depth %d\n%s\n",
 			err,X509_STORE_CTX_get_error_depth(ctx),
 			X509_verify_cert_error_string(err));
-		return(1);
-		}
-	}
-
-static EVP_PKEY *load_key(file, format)
-char *file;
-int format;
-	{
-	BIO *key=NULL;
-	EVP_PKEY *pkey=NULL;
-
-	if (file == NULL)
-		{
-		BIO_printf(bio_err,"no keyfile specified\n");
-		goto end;
-		}
-	key=BIO_new(BIO_s_file());
-	if (key == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-	if (BIO_read_filename(key,file) <= 0)
-		{
-		perror(file);
-		goto end;
-		}
-#ifndef NO_RSA
-	if	(format == FORMAT_ASN1)
-		{
-		RSA *rsa;
-
-		rsa=d2i_RSAPrivateKey_bio(key,NULL);
-		if (rsa != NULL)
-			{
-			if ((pkey=EVP_PKEY_new()) != NULL)
-				EVP_PKEY_assign_RSA(pkey,rsa);
-			else
-				RSA_free(rsa);
-			}
-		}
-	else
-#endif
-		if (format == FORMAT_PEM)
-		{
-		pkey=PEM_read_bio_PrivateKey(key,NULL,NULL);
-		}
-	else
-		{
-		BIO_printf(bio_err,"bad input format specified for key\n");
-		goto end;
+		return 1;
 		}
-end:
-	if (key != NULL) BIO_free(key);
-	if (pkey == NULL)
-		BIO_printf(bio_err,"unable to load Private Key\n");
-	return(pkey);
-	}
-
-static X509 *load_cert(file, format)
-char *file;
-int format;
-	{
-	ASN1_HEADER *ah=NULL;
-	BUF_MEM *buf=NULL;
-	X509 *x=NULL;
-	BIO *cert;
-
-	if ((cert=BIO_new(BIO_s_file())) == NULL)
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (file == NULL)
-		BIO_set_fp(cert,stdin,BIO_NOCLOSE);
-	else
-		{
-		if (BIO_read_filename(cert,file) <= 0)
-			{
-			perror(file);
-			goto end;
-			}
-		}
-	if 	(format == FORMAT_ASN1)
-		x=d2i_X509_bio(cert,NULL);
-	else if (format == FORMAT_NETSCAPE)
-		{
-		unsigned char *p,*op;
-		int size=0,i;
-
-		/* We sort of have to do it this way because it is sort of nice
-		 * to read the header first and check it, then
-		 * try to read the certificate */
-		buf=BUF_MEM_new();
-		for (;;)
-			{
-			if ((buf == NULL) || (!BUF_MEM_grow(buf,size+1024*10)))
-				goto end;
-			i=BIO_read(cert,&(buf->data[size]),1024*10);
-			size+=i;
-			if (i == 0) break;
-			if (i < 0)
-				{
-				perror("reading certificate");
-				goto end;
-				}
-			}
-		p=(unsigned char *)buf->data;
-		op=p;
-
-		/* First load the header */
-		if ((ah=d2i_ASN1_HEADER(NULL,&p,(long)size)) == NULL)
-			goto end;
-		if ((ah->header == NULL) || (ah->header->data == NULL) ||
-			(strncmp(CERT_HDR,(char *)ah->header->data,
-			ah->header->length) != 0))
-			{
-			BIO_printf(bio_err,"Error reading header on certificate\n");
-			goto end;
-			}
-		/* header is ok, so now read the object */
-		p=op;
-		ah->meth=X509_asn1_meth();
-		if ((ah=d2i_ASN1_HEADER(&ah,&p,(long)size)) == NULL)
-			goto end;
-		x=(X509 *)ah->data;
-		ah->data=NULL;
-		}
-	else if (format == FORMAT_PEM)
-		x=PEM_read_bio_X509(cert,NULL,NULL);
-	else	{
-		BIO_printf(bio_err,"bad input format specified for input cert\n");
-		goto end;
-		}
-end:
-	if (x == NULL)
-		{
-		BIO_printf(bio_err,"unable to load certificate\n");
-		ERR_print_errors(bio_err);
-		}
-	if (ah != NULL) ASN1_HEADER_free(ah);
-	if (cert != NULL) BIO_free(cert);
-	if (buf != NULL) BUF_MEM_free(buf);
-	return(x);
 	}
 
 /* self sign */
-static int sign(x, pkey, days, digest)
-X509 *x;
-EVP_PKEY *pkey;
-int days;
-EVP_MD *digest;
+static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext, const EVP_MD *digest, 
+						CONF *conf, char *section)
 	{
 
-	EVP_PKEY_copy_parameters(X509_get_pubkey(x),pkey);
-	EVP_PKEY_save_parameters(X509_get_pubkey(x),1);
+	EVP_PKEY *pktmp;
+
+	pktmp = X509_get_pubkey(x);
+	EVP_PKEY_copy_parameters(pktmp,pkey);
+	EVP_PKEY_save_parameters(pktmp,1);
+	EVP_PKEY_free(pktmp);
 
 	if (!X509_set_issuer_name(x,X509_get_subject_name(x))) goto err;
 	if (X509_gmtime_adj(X509_get_notBefore(x),0) == NULL) goto err;
@@ -1043,9 +1257,38 @@ EVP_MD *digest;
 		goto err;
 
 	if (!X509_set_pubkey(x,pkey)) goto err;
+	if (clrext)
+		{
+		while (X509_get_ext_count(x) > 0) X509_delete_ext(x, 0);
+		}
+	if (conf)
+		{
+		X509V3_CTX ctx;
+		X509_set_version(x,2); /* version 3 certificate */
+                X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
+                X509V3_set_nconf(&ctx, conf);
+                if (!X509V3_EXT_add_nconf(conf, &ctx, section, x)) goto err;
+		}
 	if (!X509_sign(x,pkey,digest)) goto err;
-	return(1);
+	return 1;
 err:
 	ERR_print_errors(bio_err);
-	return(0);
+	return 0;
 	}
+
+static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
+{
+	int id, i, idret;
+	char *pname;
+	id = X509_PURPOSE_get_id(pt);
+	pname = X509_PURPOSE_get0_name(pt);
+	for (i = 0; i < 2; i++)
+		{
+		idret = X509_check_purpose(cert, id, i);
+		BIO_printf(bio, "%s%s : ", pname, i ? " CA" : ""); 
+		if (idret == 1) BIO_printf(bio, "Yes\n");
+		else if (idret == 0) BIO_printf(bio, "No\n");
+		else BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
+		}
+	return 1;
+}
diff --git a/bugs/SSLv3 b/bugs/SSLv3
index 2e22a65cdd..db53e1343a 100644
--- a/bugs/SSLv3
+++ b/bugs/SSLv3
@@ -39,3 +39,11 @@ SSL_shutdown() and still sharing the socket with its parent).
 
 Netscape, when using export ciphers, will accept a 1024 bit temporary
 RSA key.  It is supposed to only accept 512.
+
+If Netscape connects to a server which requests a client certificate
+it will frequently hang after the user has selected one and never
+complete the connection. Hitting "Stop" and reload fixes this and
+all subsequent connections work fine. This appears to be because 
+Netscape wont read any new records in when it is awaiting a server
+done message at this point. The fix is to send the certificate request
+and server done messages in one record.
diff --git a/bugs/stream.c b/bugs/stream.c
index 50a3884995..c3b5e867d2 100644
--- a/bugs/stream.c
+++ b/bugs/stream.c
@@ -57,11 +57,11 @@
  */
 
 #include <stdio.h>
-#include "rc4.h"
-#ifdef NO_DES
+#include <openssl/rc4.h>
+#ifdef OPENSSL_NO_DES
 #include <des.h>
 #else
-#include "des.h"
+#include <openssl/des.h>
 #endif
 
 /* show how stream ciphers are not very good.  The mac has no affect
diff --git a/certs/RegTP-4R.pem b/certs/RegTP-4R.pem
new file mode 100644
index 0000000000..6f2c6abccd
--- /dev/null
+++ b/certs/RegTP-4R.pem
@@ -0,0 +1,19 @@
+issuer= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
+notBefore=Jan 21 16:04:53 1999 GMT
+notAfter=Jan 21 16:04:53 2004 GMT
+subject= CN=4R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
+-----BEGIN CERTIFICATE-----
+MIICZzCCAdOgAwIBAgIEOwVn1DAKBgYrJAMDAQIFADBvMQswCQYDVQQGEwJERTE9
+MDsGA1UEChQ0UmVndWxpZXJ1bmdzYmVoyG9yZGUgZsh1ciBUZWxla29tbXVuaWth
+dGlvbiB1bmQgUG9zdDEhMAwGBwKCBgEKBxQTATEwEQYDVQQDFAo0Ui1DQSAxOlBO
+MCIYDzE5OTkwMTIxMTYwNDUzWhgPMjAwNDAxMjExNjA0NTNaMG8xCzAJBgNVBAYT
+AkRFMT0wOwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21t
+dW5pa2F0aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjRSLUNB
+IDE6UE4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGAjzHbq2asUlqeWbXTQHso
+aVF6YIPVH3c/B2cbuy9HJ/lnE6x0asOzM2DGDqi47xkdAxPc0LZ0fxO87rkmz7xs
+jJObnVrMXpyUSDSp5Y0wqKJdsFdr6mGFOQZteIti8AJnr8xMkwnWVyuOlEXsFe1h
+5gxwQXrOcPinE6qu1t/3PmECBMAAAAGjEjAQMA4GA1UdDwEB/wQEAwIBBjAKBgYr
+JAMDAQIFAAOBgQA+RdocBmA2VV9E5aKPBcp01tdZAvvW9Tve3docArVKR/4/yvSX
+Z+wvzzk+uu4qBp49HN3nqPYMrzbTmjBFu4ce5fkZ7dHF0W1sSBL0rox5z36Aq2re
+JjfEOEmSnNe0+opuh4FSVOssXblXTE8lEQU0FhhItgDx2ADnWZibaxLG4w==
+-----END CERTIFICATE-----
diff --git a/certs/RegTP-5R.pem b/certs/RegTP-5R.pem
new file mode 100644
index 0000000000..9eb79aa17c
--- /dev/null
+++ b/certs/RegTP-5R.pem
@@ -0,0 +1,19 @@
+issuer= CN=5R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
+notBefore=Mar 22 08:55:51 2000 GMT
+notAfter=Mar 22 08:55:51 2005 GMT
+subject= CN=5R-CA 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
+-----BEGIN CERTIFICATE-----
+MIICaDCCAdSgAwIBAgIDDIOqMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
+OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
+aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjVSLUNBIDE6UE4w
+IhgPMjAwMDAzMjIwODU1NTFaGA8yMDA1MDMyMjA4NTU1MVowbzELMAkGA1UEBhMC
+REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
+bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNVItQ0Eg
+MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAih5BUycfBpqKhU8RDsaS
+vV5AtzWeXQRColL9CH3t0DKnhjKAlJ8iccFtJNv+d3bh8bb9sh0maRSo647xP7hs
+HTjKgTE4zM5BYNfXvST79OtcMgAzrnDiGjQIIWv8xbfV1MqxxdtZJygrwzRMb9jG
+CAGoJEymoyzAMNG7tSdBWnUCBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
+KyQDAwECBQADgYEAOaK8ihVSBUcL2IdVBxZYYUKwMz5m7H3zqhN8W9w+iafWudH6
+b+aahkbENEwzg3C3v5g8nze7v7ssacQze657LHjP+e7ksUDIgcS4R1pU2eN16bjS
+P/qGPF3rhrIEHoK5nJULkjkZYTtNiOvmQ/+G70TXDi3Os/TwLlWRvu+7YLM=
+-----END CERTIFICATE-----
diff --git a/certs/RegTP-6R.pem b/certs/RegTP-6R.pem
new file mode 100644
index 0000000000..4d79c74e5a
--- /dev/null
+++ b/certs/RegTP-6R.pem
@@ -0,0 +1,19 @@
+issuer= CN=6R-Ca 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
+notBefore=Feb  1 09:52:17 2001 GMT
+notAfter=Jun  1 09:52:17 2005 GMT
+subject= CN=6R-Ca 1:PN+0.2.262.1.10.7.20=#130131,O=Regulierungsbeh\C3\88orde f\C3\88ur Telekommunikation und Post,C=DE
+-----BEGIN CERTIFICATE-----
+MIICaDCCAdSgAwIBAgIDMtGNMAoGBiskAwMBAgUAMG8xCzAJBgNVBAYTAkRFMT0w
+OwYDVQQKFDRSZWd1bGllcnVuZ3NiZWjIb3JkZSBmyHVyIFRlbGVrb21tdW5pa2F0
+aW9uIHVuZCBQb3N0MSEwDAYHAoIGAQoHFBMBMTARBgNVBAMUCjZSLUNhIDE6UE4w
+IhgPMjAwMTAyMDEwOTUyMTdaGA8yMDA1MDYwMTA5NTIxN1owbzELMAkGA1UEBhMC
+REUxPTA7BgNVBAoUNFJlZ3VsaWVydW5nc2JlaMhvcmRlIGbIdXIgVGVsZWtvbW11
+bmlrYXRpb24gdW5kIFBvc3QxITAMBgcCggYBCgcUEwExMBEGA1UEAxQKNlItQ2Eg
+MTpQTjCBoTANBgkqhkiG9w0BAQEFAAOBjwAwgYsCgYEAg6KrFSTNXKqe+2GKGeW2
+wTmbVeflNkp5H/YxA9K1zmEn5XjKm0S0jH4Wfms6ipPlURVaFwTfnB1s++AnJAWf
+mayaE9BP/pdIY6WtZGgW6aZc32VDMCMKPWyBNyagsJVDmzlakIA5cXBVa7Xqqd3P
+ew8i2feMnQXcqHfDv02CW88CBQDAAAABoxIwEDAOBgNVHQ8BAf8EBAMCAQYwCgYG
+KyQDAwECBQADgYEAOkqkUwdaTCt8wcJLA2zLuOwL5ADHMWLhv6gr5zEF+VckA6qe
+IVLVf8e7fYlRmzQd+5OJcGglCQJLGT+ZplI3Mjnrd4plkoTNKV4iOzBcvJD7K4tn
+XPvs9wCFcC7QU7PLvc1FDsAlr7e4wyefZRDL+wbqNfI7QZTSF1ubLd9AzeQ=
+-----END CERTIFICATE-----
diff --git a/certs/ca-cert.pem b/certs/ca-cert.pem
index 6dd974d70d..bcba68aefa 100644
--- a/certs/ca-cert.pem
+++ b/certs/ca-cert.pem
@@ -1,18 +1,20 @@
-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
 -----BEGIN CERTIFICATE-----
-MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
-VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
-OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
-BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
-IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
-DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
-1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
-mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
-hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
-YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
-q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
+MIIC5TCCAk6gAwIBAgIBATANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET
+MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx
+HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzODUxWhcN
+MDUwNzEwMjEzODUxWjBbMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu
+ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxGzAZBgNVBAMTElRlc3QgQ0Eg
+KDEwMjQgYml0KTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAo7ujy3XXpU/p
+yDJtOxkMJmGv3mdiVm7JrdoKLUgqjO2rBaeNuYMUiuI6oYU+tlD6agwRML0Pn2JF
+b90VdK/UXrmRr9djaEuH17EIKjte5RwOzndCndsjcCYyoeODMTyg7dqPIkDMmRNM
+5R5xBTabD+Aji0wzQupYxBLuW5PLj7ECAwEAAaOBtzCBtDAdBgNVHQ4EFgQU1WWA
+U42mkhi3ecgey1dsJjU61+UwgYQGA1UdIwR9MHuAFE0RaEcrj18q1dw+G6nJbsTW
+R213oWCkXjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
+A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0
+IGJpdCmCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBb39BRphHL
+6aRAQyymsvBvPSCiG9+kR0R1L23aTpNbhXp2BebyFjbEQYZc2kWGiKKcHkNECA35
+3d4LoqUlVey8DFyafOIJd9hxdZfg+rxlHMxnL7uCJRmx9+xB411Jtsol9/wg1uCK
+sleGpgB4j8cG2SVCz7V2MNZNK+d5QCnR7A==
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
diff --git a/certs/rsa-ssca.pem b/certs/expired/rsa-ssca.pem
index c9403212d1..c9403212d1 100644
--- a/certs/rsa-ssca.pem
+++ b/certs/expired/rsa-ssca.pem
diff --git a/certs/pca-cert.pem b/certs/pca-cert.pem
index 140e9a6b43..9d754d460d 100644
--- a/certs/pca-cert.pem
+++ b/certs/pca-cert.pem
@@ -1,18 +1,20 @@
-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
 -----BEGIN CERTIFICATE-----
-MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
-VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
-OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+MIIC5jCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVTET
+MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx
+HDAaBgNVBAMTE1Rlc3QgUENBICgxMDI0IGJpdCkwHhcNOTkxMjAyMjEzNTQ4WhcN
+MDUwNzExMjEzNTQ4WjBcMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFu
+ZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxHDAaBgNVBAMTE1Rlc3QgUENB
+ICgxMDI0IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJ2haT/f5Zwy
+V+MiuSDjSR62adBoSiBB7Usty44lXqsp9RICw+DCCxpsn/CfxPEDXLLd4olsWXc6
+JRcxGynbYmnzk+Z6aIPPJQhK3CTvaqGnWKZsA1m+WaUIUqJCuNTK4N+7hMAGaf6S
+S3e9HVgEQ4a34gXJ7VQFVIBNV1EnZRWHAgMBAAGjgbcwgbQwHQYDVR0OBBYEFE0R
+aEcrj18q1dw+G6nJbsTWR213MIGEBgNVHSMEfTB7gBRNEWhHK49fKtXcPhupyW7E
+1kdtd6FgpF4wXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
 BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
-NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
-40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
-22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
-BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
-Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
-xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
-cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
+NCBiaXQpggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAUa8B3pho
++Mvxeq9HsEzJxHIFQla05S5J/e/V+DQTYoKiRFchKPrDAdrzYSEvP3h4QJEtsNqQ
+JfOxg5M42uLFq7aPGWkF6ZZqZsYS+zA9IVT14g7gNA6Ne+5QtJqQtH9HA24st0T0
+Tga/lZ9M2ovImovaxSL/kRHbpCWcqWVxpOw=
 -----END CERTIFICATE-----
 -----BEGIN RSA PRIVATE KEY-----
 MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
diff --git a/certs/vsign4.pem b/certs/vsign4.pem
deleted file mode 100644
index b5bcef4d0d..0000000000
--- a/certs/vsign4.pem
+++ /dev/null
@@ -1,16 +0,0 @@
- subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
- issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
------BEGIN CERTIFICATE-----
-MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
-Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
-biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
-9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
-IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
-O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
-AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
-g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
-yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
------END CERTIFICATE-----
diff --git a/config b/config
index f403a22451..8988f665bb 100755
--- a/config
+++ b/config
@@ -1,17 +1,11 @@
 #!/bin/sh
 #
-# config - this is a merge of minarch and GuessOS from the Apache Group
-#          which then automatically runs Configure from SSLeay after
-#	   mapping the Apache names for OSs into SSLeay names
+# OpenSSL config: determine the operating system and run ./Configure
 #
-# 29-May-97 eay		Added no-asm option
-# 27-May-97 eay		Alpha linux mods
-# ??-May-97 eay		IRIX mods
-# 16-Sep-97 tjh		first cut of merged version
-#
-# Tim Hudson
-# tjh@cryptsoft.com
+# "config -h" for usage information.
 #
+#          this is a merge of minarch and GuessOS from the Apache Group.
+#          Originally written by Tim Hudson <tjh@cryptsoft.com>.
 
 # Original Apache Group comments on GuessOS
 
@@ -26,6 +20,31 @@
 # Be as similar to the output of config.guess/config.sub
 # as possible.
 
+PREFIX=""
+SUFFIX=""
+TEST="false"
+
+# pick up any command line args to config
+for i
+do
+case "$i" in 
+-d*) PREFIX="debug-";;
+-t*) TEST="true";;
+-h*) TEST="true"; cat <<EOF
+Usage: config [options]
+ -d	Add a debug- prefix to machine choice.
+ -t	Test mode, do not run the Configure perl script.
+ -h	This help.
+
+Any other text will be passed to the Configure perl script.
+See INSTALL for instructions.
+
+EOF
+;;
+*) options=$options" $i" ;;
+esac
+done
+
 # First get uname entries that we use below
 
 MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown"
@@ -33,6 +52,7 @@ RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown"
 SYSTEM=`(uname -s) 2>/dev/null`  || SYSTEM="unknown"
 VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown"
 
+
 # Now test for ISC and SCO, since it is has a braindamaged uname.
 #
 # We need to work around FreeBSD 1.1.5.1 
@@ -54,8 +74,18 @@ if [ "x$XREL" != "x" ]; then
 		echo "whatever-whatever-sco5"; exit 0
 		;;
 	    4.2MP)
-		if [ "x$VERSION" = "x2.1.1" ]; then
+		if [ "x$VERSION" = "x2.01" ]; then
+		    echo "${MACHINE}-whatever-unixware201"; exit 0
+		elif [ "x$VERSION" = "x2.02" ]; then
+		    echo "${MACHINE}-whatever-unixware202"; exit 0
+		elif [ "x$VERSION" = "x2.03" ]; then
+		    echo "${MACHINE}-whatever-unixware203"; exit 0
+		elif [ "x$VERSION" = "x2.1.1" ]; then
 		    echo "${MACHINE}-whatever-unixware211"; exit 0
+		elif [ "x$VERSION" = "x2.1.2" ]; then
+		    echo "${MACHINE}-whatever-unixware212"; exit 0
+		elif [ "x$VERSION" = "x2.1.3" ]; then
+		    echo "${MACHINE}-whatever-unixware213"; exit 0
 		else
 		    echo "${MACHINE}-whatever-unixware2"; exit 0
 		fi
@@ -63,16 +93,38 @@ if [ "x$XREL" != "x" ]; then
 	    4.2)
 		echo "whatever-whatever-unixware1"; exit 0
 		;;
+	    OpenUNIX)
+		if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x8" ]; then
+		    echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
+		fi
+		;;
+	    5)
+		if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x7" ]; then
+		    echo "${MACHINE}-sco-unixware7"; exit 0
+		fi
+		;;
 	esac
     fi
 fi
 # Now we simply scan though... In most cases, the SYSTEM info is enough
 #
 case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
+    MPE/iX:*)
+	MACHINE=`echo "$MACHINE" | sed -e 's/-/_/g'`
+	echo "parisc-hp-MPE/iX"; exit 0
+	;;
     A/UX:*)
 	echo "m68k-apple-aux3"; exit 0
 	;;
 
+    AIX:[3456789]:4:*)
+	echo "${MACHINE}-ibm-aix43"; exit 0
+	;;
+
+    AIX:*:[56789]:*)
+	echo "${MACHINE}-ibm-aix43"; exit 0
+	;;
+
     AIX:*)
 	echo "${MACHINE}-ibm-aix"; exit 0
 	;;
@@ -88,8 +140,8 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
     HP-UX:*)
 	HPUXVER=`echo ${RELEASE}|sed -e 's/[^.]*.[0B]*//'`
 	case "$HPUXVER" in
-	    10.*)
-		echo "${MACHINE}-hp-hpux10."; exit 0
+	    1[0-9].*)	# HPUX 10 and 11 targets are unified
+		echo "${MACHINE}-hp-hpux10"; exit 0
 		;;
 	    *)
 		echo "${MACHINE}-hp-hpux"; exit 0
@@ -97,12 +149,16 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	esac
 	;;
 
-    IRIX:*)
-	echo "${MACHINE}-sgi-irix"; exit 0
+    IRIX:5.*)
+	echo "mips2-sgi-irix"; exit 0
+	;;
+
+    IRIX:6.*)
+	echo "mips3-sgi-irix"; exit 0
 	;;
 
     IRIX64:*)
-	echo "${MACHINE}-sgi-irix64"; exit 0
+	echo "mips4-sgi-irix64"; exit 0
 	;;
 
     Linux:[2-9].*)
@@ -113,28 +169,53 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-whatever-linux1"; exit 0
 	;;
 
+    GNU*)
+	echo "hurd-x86"; exit 0;
+	;;
+
     LynxOS:*)
 	echo "${MACHINE}-lynx-lynxos"; exit 0
 	;;
 
+    BSD/OS:4.*)  # BSD/OS always says 386
+	echo "i486-whatever-bsdi4"; exit 0
+	;;
+
     BSD/386:*:*:*486*|BSD/OS:*:*:*:*486*)
-	echo "i486-whatever-bsdi"; exit 0
+        case `/sbin/sysctl -n hw.model` in
+	    Pentium*)
+                echo "i586-whatever-bsdi"; exit 0
+                ;;
+            *)
+                echo "i386-whatever-bsdi"; exit 0
+                ;;
+            esac;
 	;;
 
     BSD/386:*|BSD/OS:*)
 	echo "${MACHINE}-whatever-bsdi"; exit 0
 	;;
 
-    FreeBSD:*:*:*486*)
-	echo "i486-whatever-freebsd"; exit 0
-	;;
-
     FreeBSD:*)
-	echo "${MACHINE}-whatever-freebsd"; exit 0
-	;;
-
-    NetBSD:*:*:*486*)
-	echo "i486-whatever-netbsd"; exit 0
+        VERS=`echo ${RELEASE} | sed -e 's/[-(].*//'`
+        MACH=`sysctl -n hw.model`
+        ARCH='whatever'
+        case ${MACH} in
+           *386*       ) MACH="i386"     ;;
+           *486*       ) MACH="i486"     ;;
+           Pentium\ II*) MACH="i686"     ;;
+           Pentium*    ) MACH="i586"     ;;
+           Alpha*      ) MACH="alpha"    ;;
+           *           ) MACH="$MACHINE" ;;
+        esac
+        case ${MACH} in
+           i[0-9]86 ) ARCH="pc" ;;
+        esac
+        echo "${MACH}-${ARCH}-freebsd${VERS}"; exit 0
+        ;;
+
+    NetBSD:*:*:*386*)
+        echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
 	;;
 
     NetBSD:*)
@@ -145,17 +226,35 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-whatever-openbsd"; exit 0
 	;;
 
+    OpenUNIX:*)
+	echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
+	;;
+
     OSF1:*:*:*alpha*)
-	echo "${MACHINE}-dec-osf"; exit 0
+	OSFMAJOR=`echo ${RELEASE}| sed -e 's/^V\([0-9]*\)\..*$/\1/'`
+	case "$OSFMAJOR" in
+	    4|5)
+		echo "${MACHINE}-dec-tru64"; exit 0
+		;;
+	    1|2|3)
+		echo "${MACHINE}-dec-osf"; exit 0
+		;;
+	    *)
+		echo "${MACHINE}-dec-osf"; exit 0
+		;;
+	esac
 	;;
 
     QNX:*)
-	case "$VERSION" in
-	    423)
-		echo "${MACHINE}-qssl-qnx32"
+	case "$RELEASE" in
+	    4*)
+		echo "${MACHINE}-whatever-qnx4"
+		;;
+	    6*)
+		echo "${MACHINE}-whatever-qnx6"
 		;;
 	    *)
-		echo "${MACHINE}-qssl-qnx"
+		echo "${MACHINE}-whatever-qnx"
 		;;
 	esac
 	exit 0
@@ -165,8 +264,24 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "i860-intel-osf1"; exit 0
 	;;
 
+    Rhapsody:*)
+	echo "ppc-apple-rhapsody"; exit 0
+	;;
+
+    Darwin:*)
+	case "$MACHINE" in
+	    Power*)
+		echo "ppc-apple-darwin${VERSION}"
+		;;
+	    *)
+		echo "i386-apple-darwin${VERSION}"
+		;;
+	esac
+	exit 0
+	;;
+
     SunOS:5.*)
-	echo "${MACHINE}-sun-solaris2"; exit 0
+	echo "${MACHINE}-whatever-solaris2"; exit 0
 	;;
 
     SunOS:*)
@@ -193,8 +308,12 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-unknown-ultrix"; exit 0
 	;;
 
-    SINIX*)
-	echo "${MACHINE}-sni-sysv4"; exit 0
+    SINIX*|ReliantUNIX*)
+	echo "${MACHINE}-siemens-sysv4"; exit 0
+	;;
+
+    POSIX-BC*)
+	echo "${MACHINE}-siemens-sysv4"; exit 0   # Here, $MACHINE == "BS2000"
 	;;
 
     machten:*)
@@ -209,6 +328,33 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
 	echo "${MACHINE}-v11-${SYSTEM}"; exit 0;
 	;;
 
+    NEWS-OS:4.*)
+	echo "mips-sony-newsos4"; exit 0;
+	;;
+
+    CYGWIN*)
+	case "$RELEASE" in
+	    [bB]*|1.0|1.[12].*)
+		echo "${MACHINE}-whatever-cygwin_pre1.3"
+		;;
+	    *)
+		echo "${MACHINE}-whatever-cygwin"
+		;;
+	esac
+	exit 0
+	;;
+
+    *"CRAY T3E")
+       echo "t3e-cray-unicosmk"; exit 0;
+       ;;
+
+    *CRAY*)
+       echo "j90-cray-unicos"; exit 0;
+       ;;
+
+    NONSTOP_KERNEL*)
+       echo "nsr-tandem-nsk"; exit 0;
+       ;;
 esac
 
 #
@@ -227,6 +373,9 @@ fi
 # Now NeXT
 ISNEXT=`hostinfo 2>/dev/null`
 case "$ISNEXT" in
+    *'NeXT Mach 3.3'*)
+	echo "whatever-next-nextstep3.3"; exit 0
+	;;
     *NeXT*)
 	echo "whatever-next-nextstep"; exit 0
 	;;
@@ -235,7 +384,7 @@ esac
 # At this point we gone through all the one's
 # we know of: Punt
 
-echo "${MACHINE}-whatever-${SYSTEM}|${RELEASE}|${VERSION}" 
+echo "${MACHINE}-whatever-${SYSTEM}" 
 exit 0
 ) 2>/dev/null | (
 
@@ -243,109 +392,459 @@ exit 0
 # this is where the translation occurs into SSLeay terms
 # ---------------------------------------------------------------------------
 
-PREFIX=""
-SUFFIX=""
-VERBOSE="false"
-TEST="false"
-
-# pick up any command line args to config
-for i
-do
-case "$i" in 
--d*) PREFIX="debug-";;
--v*) VERBOSE="true";;
--t*) TEST="true";;
--h*) cat <<EOF
-usage: config [options]
- -d	Add a debug- prefix to machine choice.
- -v	Verbose mode.
- -t	Test mode, do not run the Configure perl script.
- -h	This help.
-
-Any other text will be passed to ther Configure perl script.
-Usefull options include
- no-asm Build with no assember code.
- -Dxxx	Add xxx define to compilation.
- -Lxxx	Add xxx library include path to build.
- -lxxx	Add xxx library to build.
-
-eg, to build using RSAref, without assember, building to allow anon-DH
-ciphers and null encryption ciphers,
- config no-asm -DRSAref -DSSL_ALLOW_ADH -DSSL_ALLOW_ENULL -lrsaref
-EOF
-;;
-*) options=$options" $i" ;;
-esac
-done
-
 # figure out if gcc is available and if so we use it otherwise
 # we fallback to whatever cc does on the system
-GCCVER=`gcc -v 2>&1`
-if [ $? = "0" ]; then
+GCCVER=`(gcc -dumpversion) 2>/dev/null`
+if [ "$GCCVER" != "" ]; then
   CC=gcc
+  # then strip off whatever prefix egcs prepends the number with...
+  # Hopefully, this will work for any future prefixes as well.
+  GCCVER=`echo $GCCVER | sed 's/^[a-zA-Z]*\-//'`
+  # Since gcc 3.1 gcc --version behaviour has changed.  gcc -dumpversion
+  # does give us what we want though, so we use that.  We just just the
+  # major and minor version numbers.
+  # peak single digit before and after first dot, e.g. 2.95.1 gives 29
+  GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
 else
   CC=cc
 fi
+GCCVER=${GCCVER:-0}
+if [ "$SYSTEM" = "HP-UX" ];then
+  # By default gcc is a ILP32 compiler (with long long == 64).
+  GCC_BITS="32"
+  if [ $GCCVER -ge 30 ]; then
+    # PA64 support only came in with gcc 3.0.x.
+    # We look for the preprocessor symbol __LP64__ indicating
+    # 64bit bit long and pointer.  sizeof(int) == 32 on HPUX64.
+    if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then
+      GCC_BITS="64"
+    fi
+  fi
+fi
+if [ "$SYSTEM" = "SunOS" ]; then
+  if [ $GCCVER -ge 30 ]; then
+    # 64-bit ABI isn't officially supported in gcc 3.0, but it appears
+    # to be working, at the very least 'make test' passes...
+    if gcc -v -E -x c /dev/null 2>&1 | grep __arch64__ > /dev/null; then
+      GCC_ARCH="-m64"
+    else
+      GCC_ARCH="-m32"
+    fi
+  fi
+  # check for WorkShop C, expected output is "cc: blah-blah C x.x"
+  CCVER=`(cc -V 2>&1) 2>/dev/null | \
+  	egrep -e '^cc: .* C [0-9]\.[0-9]' | \
+	sed 's/.* C \([0-9]\)\.\([0-9]\).*/\1\2/'`
+  CCVER=${CCVER:-0}
+  if [ $CCVER -gt 40 ]; then
+    CC=cc	# overrides gcc!!!
+    if [ $CCVER -eq 50 ]; then
+      echo "WARNING! Detected WorkShop C 5.0. Do make sure you have"
+      echo "         patch #107357-01 or later applied."
+      sleep 5
+    fi
+  elif [ "$CC" = "cc" -a $CCVER -gt 0 ]; then
+    CC=sc3
+  fi
+fi
+
+if [ "${SYSTEM}-${MACHINE}" = "Linux-alpha" ]; then
+  # check for Compaq C, expected output is "blah-blah C Vx.x"
+  CCCVER=`(ccc -V 2>&1) 2>/dev/null | \
+	egrep -e '.* C V[0-9]\.[0-9]' | \
+	sed 's/.* C V\([0-9]\)\.\([0-9]\).*/\1\2/'`
+  CCCVER=${CCCVER:-0}
+  if [ $CCCVER -gt 60 ]; then
+    CC=ccc	# overrides gcc!!! well, ccc outperforms inoticeably
+		# only on hash routines and des, otherwise gcc (2.95)
+		# keeps along rather tight...
+  fi
+fi
+
+CCVER=${CCVER:-0}
 
 # read the output of the embedded GuessOS 
 read GUESSOS
 
-if [ "$VERBOSE" = "true" ]; then
-  echo GUESSOS $GUESSOS
-fi
+echo Operating system: $GUESSOS
 
 # now map the output into SSLeay terms ... really should hack into the
 # script above so we end up with values in vars but that would take
 # more time that I want to waste at the moment
 case "$GUESSOS" in
-  alpha-*-linux2) OUT="alpha-gcc" ;;
-  *-*-linux2) OUT="linux-elf" ;;
-  *-*-linux) OUT="linux-aout" ;;
-  sun4*-sun-solaris2) OUT="solaris-sparc-$CC" ;;
-  *86*-sun-solaris2) OUT="solaris-x86-$CC" ;;
+  mips2-sgi-irix)
+	CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+	CPU=${CPU:-0}
+	if [ $CPU -ge 4000 ]; then
+		options="$options -mips2"
+	fi
+	OUT="irix-$CC"
+	;;
+  mips3-sgi-irix)
+	CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+	CPU=${CPU:-0}
+	if [ $CPU -ge 5000 ]; then
+		options="$options -mips4"
+	else
+		options="$options -mips3"
+	fi
+	OUT="irix-mips3-$CC"
+	;;
+  mips4-sgi-irix64)
+	echo "WARNING! If you wish to build 64-bit library, then you have to"
+	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
+	if [ "$TEST" = "false" ]; then
+	  echo "         You have about 5 seconds to press Ctrl-C to abort."
+	  (stty -icanon min 0 time 50; read waste) < /dev/tty
+	fi
+        CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+        CPU=${CPU:-0}
+        if [ $CPU -ge 5000 ]; then
+                options="$options -mips4"
+        else
+                options="$options -mips3"
+        fi
+	OUT="irix-mips3-$CC"
+	;;
+  alpha-*-linux2)
+        ISA=`awk '/cpu model/{print$4}' /proc/cpuinfo`
+	case ${ISA:-generic} in
+	*[67])	OUT="linux-alpha+bwx-$CC" ;;
+	*)	OUT="linux-alpha-$CC" ;;
+	esac
+	if [ "$CC" = "gcc" ]; then
+	    case ${ISA:-generic} in
+	    EV5|EV45)		options="$options -mcpu=ev5";;
+	    EV56|PCA56)		options="$options -mcpu=ev56";;
+	    EV6|EV67|PCA57)	options="$options -mcpu=ev6";;
+	    esac
+	fi
+	;;
+  mips-*-linux?)
+          cat >dummy.c <<EOF
+#include <stdio.h>  /* for printf() prototype */
+        int main (argc, argv) int argc; char *argv[]; {
+#ifdef __MIPSEB__
+  printf ("linux-%s\n", argv[1]);
+#endif
+#ifdef __MIPSEL__
+  printf ("linux-%sel\n", argv[1]);
+#endif
+  return 0;
+}
+EOF
+	${CC} -o dummy dummy.c && OUT=`./dummy ${MACHINE}`
+	rm dummy dummy.c
+	;;
+  ppc64-*-linux2)
+	#Use the standard target for PPC architecture until we create a
+	#special one for the 64bit architecture.
+	OUT="linux-ppc" ;;
+  ppc-*-linux2) OUT="linux-ppc" ;;
+  m68k-*-linux*) OUT="linux-m68k" ;;
+  ia64-*-linux?) OUT="linux-ia64" ;;
+  ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
+  ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
+  i386-apple-darwin*) OUT="darwin-i386-cc" ;;
+  sparc64-*-linux2)
+	echo "WARNING! If *know* that your GNU C supports 64-bit/V9 ABI"
+	echo "         and wish to build 64-bit library, then you have to"
+	echo "         invoke './Configure linux64-sparcv9' *manually*."
+	if [ "$TEST" = "false" ]; then
+	  echo "          You have about 5 seconds to press Ctrl-C to abort."
+	  (stty -icanon min 0 time 50; read waste) < /dev/tty
+	fi
+	OUT="linux-sparcv9" ;;
+  sparc-*-linux2)
+	KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
+	case ${KARCH:-sun4} in
+	sun4u*)	OUT="linux-sparcv9" ;;
+	sun4m)	OUT="linux-sparcv8" ;;
+	sun4d)	OUT="linux-sparcv8" ;;
+	*)	OUT="linux-sparcv7" ;;
+	esac ;;
+  parisc-*-linux2)
+        CPUARCH=`awk '/cpu family/{print substr($5,1,3)}' /proc/cpuinfo`
+	CPUSCHEDULE=`awk '/^cpu.[ 	]: PA/{print substr($3,3)}' /proc/cpuinfo`
+
+	# ??TODO ??  Model transformations
+	# 0. CPU Architecture for the 1.1 processor has letter suffixes. We strip that off
+	#    assuming no further arch. identification will ever be used by GCC.
+	# 1. I'm most concerned about whether is a 7300LC is closer to a 7100 versus a 7100LC.
+	# 2. The variant 64-bit processors cause concern should GCC support explicit schedulers
+	#    for these chips in the future.
+	#         PA7300LC -> 7100LC (1.1)
+	#         PA8200   -> 8000   (2.0)
+	#         PA8500   -> 8000   (2.0)
+	#         PA8600   -> 8000   (2.0)
+
+	CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8?00/8000/'`
+	# Finish Model transformations
+
+	options="$options -mschedule=$CPUSCHEDULE -march=$CPUARCH"
+	OUT="linux-parisc" ;;
+  arm*-*-linux2) OUT="linux-elf-arm" ;;
+  s390-*-linux2) OUT="linux-s390" ;;
+  s390x-*-linux?) OUT="linux-s390x" ;;
+  x86_64-*-linux?) OUT="linux-x86_64" ;;
+  *-*-linux2) OUT="linux-elf"
+	if [ "$GCCVER" -gt 28 ]; then
+          if grep '^model.*Pentium' /proc/cpuinfo >/dev/null ; then
+            OUT="linux-pentium"
+          fi
+          if grep '^model.*Pentium Pro' /proc/cpuinfo >/dev/null ; then
+            OUT="linux-ppro"
+          fi
+          if grep '^model.*K6' /proc/cpuinfo >/dev/null ; then
+            OUT="linux-k6"
+          fi
+        fi ;;
+  *-*-linux1) OUT="linux-aout" ;;
+  sun4u*-*-solaris2)
+	OUT="solaris-sparcv9-$CC"
+	ISA64=`(isalist) 2>/dev/null | grep sparcv9`
+	if [ "$ISA64" != "" ]; then
+	    if [ "$CC" = "cc" -a $CCVER -ge 50 ]; then
+		echo "WARNING! If you wish to build 64-bit library, then you have to"
+		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
+		if [ "$TEST" = "false" ]; then
+		  echo "         You have about 5 seconds to press Ctrl-C to abort."
+		  (stty -icanon min 0 time 50; read waste) < /dev/tty
+		fi
+	    elif [ "$CC" = "gcc" -a "$GCC_ARCH" = "-m64" ]; then
+		# $GCC_ARCH denotes default ABI chosen by compiler driver
+		# (first one found on the $PATH). I assume that user
+		# expects certain consistency with the rest of his builds
+		# and therefore switch over to 64-bit. <appro>
+		OUT="solaris64-sparcv9-gcc"
+		echo "WARNING! If you wish to build 32-bit library, then you have to"
+		echo "         invoke './Configure solaris-sparcv9-gcc' *manually*."
+		if [ "$TEST" = "false" ]; then
+		  echo "         You have about 5 seconds to press Ctrl-C to abort."
+		  (stty -icanon min 0 time 50; read waste) < /dev/tty
+		fi
+	    elif [ "$GCC_ARCH" = "-m32" ]; then
+		echo "NOTICE! If you *know* that your GNU C supports 64-bit/V9 ABI"
+		echo "        and wish to build 64-bit library, then you have to"
+		echo "        invoke './Configure solaris64-sparcv9-gcc' *manually*."
+		if [ "$TEST" = "false" ]; then
+		  echo "         You have about 5 seconds to press Ctrl-C to abort."
+		  (stty -icanon min 0 time 50; read waste) < /dev/tty
+		fi
+	    fi
+	fi
+	;;
+  sun4m-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
+  sun4d-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
+  sun4*-*-solaris2)	OUT="solaris-sparcv7-$CC" ;;
+  *86*-*-solaris2) OUT="solaris-x86-$CC" ;;
   *-*-sunos4) OUT="sunos-$CC" ;;
-  *-freebsd) OUT="FreeBSD" ;;
+  alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;;
+  *-freebsd[3-9]*) OUT="FreeBSD-elf" ;;
+  *-freebsd[1-2]*) OUT="FreeBSD" ;;
   *86*-*-netbsd) OUT="NetBSD-x86" ;;
   sun3*-*-netbsd) OUT="NetBSD-m68" ;;
   *-*-netbsd) OUT="NetBSD-sparc" ;;
-  *86*-*-openbsd) OUT="OpenBSD-x86" ;;
   alpha*-*-openbsd) OUT="OpenBSD-alpha" ;;
+  *86*-*-openbsd) OUT="OpenBSD-i386" ;;
+  m68k*-*-openbsd) OUT="OpenBSD-m68k" ;;
+  m88k*-*-openbsd) OUT="OpenBSD-m88k" ;;
+  mips*-*-openbsd) OUT="OpenBSD-mips" ;;
   pmax*-*-openbsd) OUT="OpenBSD-mips" ;;
+  powerpc*-*-openbsd) OUT="OpenBSD-powerpc" ;;
+  sparc64*-*-openbsd) OUT="OpenBSD-sparc64" ;;
+  sparc*-*-openbsd) OUT="OpenBSD-sparc" ;;
+  vax*-*-openbsd) OUT="OpenBSD-vax" ;;
+  hppa*-*-openbsd) OUT="OpenBSD-hppa" ;;
   *-*-openbsd) OUT="OpenBSD" ;;
-  *-*-osf) OUT="alpha-cc" ;;
-  *-*-unixware*) OUT="unixware-2.0" ;;
-  *-sni-sysv4) OUT="SINIX" ;;
-  *-hpux*) OUT="hpux-$CC" ;;
+  *86*-*-bsdi4) OUT="bsdi-elf-gcc" ;;
+  *-*-osf) OUT="alphaold-cc" ;;
+  *-*-tru64) OUT="alpha-cc" ;;
+  *-*-OpenUNIX*)
+	if [ "$CC" = "gcc" ]; then
+	  OUT="OpenUNIX-8-gcc" 
+	else    
+	  OUT="OpenUNIX-8" 
+	fi
+	;;
+  *-*-unixware7) OUT="unixware-7" ;;
+  *-*-UnixWare7) OUT="unixware-7" ;;
+  *-*-Unixware7) OUT="unixware-7" ;;
+  *-*-unixware20*) OUT="unixware-2.0" ;;
+  *-*-unixware21*) OUT="unixware-2.1" ;;
+  *-*-UnixWare20*) OUT="unixware-2.0" ;;
+  *-*-UnixWare21*) OUT="unixware-2.1" ;;
+  *-*-Unixware20*) OUT="unixware-2.0" ;;
+  *-*-Unixware21*) OUT="unixware-2.1" ;;
+  BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
+  RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
+  *-siemens-sysv4) OUT="SINIX" ;;
+  *-hpux1*)
+	if [ $CC = "gcc" ];
+	then
+	  if [ $GCC_BITS = "64" ]; then
+	    OUT="hpux64-parisc-gcc"
+	  else
+	    OUT="hpux-parisc-gcc"
+	  fi
+	else
+	  OUT="hpux-parisc-$CC"
+	fi
+	KERNEL_BITS=`(getconf KERNEL_BITS) 2>/dev/null`
+	KERNEL_BITS=${KERNEL_BITS:-32}
+	CPU_VERSION=`(getconf CPU_VERSION) 2>/dev/null`
+	CPU_VERSION=${CPU_VERSION:-0}
+	# See <sys/unistd.h> for further info on CPU_VERSION.
+	if   [ $CPU_VERSION -ge 768 ]; then	# IA-64 CPU
+	     echo "NOTICE! 64-bit is the only ABI currently operational on HP-UXi."
+	     echo "        Post request to openssl-dev@openssl.org for 32-bit support."
+	     if [ "$TEST" = "false" ]; then
+		(stty -icanon min 0 time 50; read waste) < /dev/tty
+	     fi
+	     OUT="hpux64-ia64-cc"
+	elif [ $CPU_VERSION -ge 532 ]; then	# PA-RISC 2.x CPU
+	     if [ "$CC" = "cc" ]; then
+		OUT="hpux-parisc2-cc" # can't we have hpux-parisc2-gcc?
+	     fi
+	     if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then
+		echo "WARNING! If you wish to build 64-bit library then you have to"
+		echo "         invoke './Configure hpux64-parisc2-cc' *manually*."
+		if [ "$TEST" = "false" ]; then
+		  echo "         You have about 5 seconds to press Ctrl-C to abort."
+		  (stty -icanon min 0 time 50; read waste) < /dev/tty
+		fi
+	     fi
+	elif [ $CPU_VERSION -ge 528 ]; then	# PA-RISC 1.1+ CPU
+	     :
+	elif [ $CPU_VERSION -ge 523 ]; then	# PA-RISC 1.0 CPU
+	     :
+	else					# Motorola(?) CPU
+	     OUT="hpux-$CC"
+	fi
+	options="$options -D_REENTRANT" ;;
+  *-hpux)	OUT="hpux-parisc-$CC" ;;
   # these are all covered by the catchall below
   # *-aix) OUT="aix-$CC" ;;
   # *-dgux) OUT="dgux" ;;
+  mips-sony-newsos4) OUT="newsos4-gcc" ;;
+  *-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;;
+  *-*-cygwin) OUT="Cygwin" ;;
+  t3e-cray-unicosmk) OUT="cray-t3e" ;;
+  j90-cray-unicos) OUT="cray-j90" ;;
+  nsr-tandem-nsk) OUT="tandem-c89" ;;
   *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
 esac
 
+# NB: This atalla support has been superceded by the ENGINE support
+# That contains its own header and definitions anyway. Support can
+# be enabled or disabled on any supported platform without external
+# headers, eg. by adding the "hw-atalla" switch to ./config or
+# perl Configure
+#
+# See whether we can compile Atalla support
+#if [ -f /usr/include/atasi.h ]
+#then
+#  options="$options -DATALLA"
+#fi
+
+# gcc < 2.8 does not support -mcpu=ultrasparc
+if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
+then
+  echo "WARNING! Do consider upgrading to gcc-2.8 or later."
+  sleep 5
+  OUT=solaris-sparcv9-gcc27
+fi
+if [ "$OUT" = "linux-sparcv9" -a $GCCVER -lt 28 ]
+then
+  echo "WARNING! Falling down to 'linux-sparcv8'."
+  echo "         Upgrade to gcc-2.8 or later."
+  sleep 5
+  OUT=linux-sparcv8
+fi
+
+case "$GUESSOS" in
+  i386-*) options="$options 386" ;;
+esac
+
+for i in bf cast des dh dsa ec hmac idea md2 md5 mdc2 rc2 rc4 rc5 aes ripemd rsa sha
+do
+  if [ ! -d crypto/$i ]
+  then
+    options="$options no-$i"
+  fi
+done
+
+# Discover Kerberos 5 (since it's still a prototype, we don't
+# do any guesses yet, that's why this section is commented away.
+#if [ -d /usr/kerberos ]; then
+#    krb5_dir=/usr/kerberos
+#    if [ \( -f $krb5_dir/lib/libgssapi_krb5.a -o -f $krb5_dir/lib/libgssapi_krb5.so* \)\
+#	-a \( -f $krb5_dir/lib/libkrb5.a -o -f $krb5_dir/lib/libkrb5.so* \)\
+#	-a \( -f $krb5_dir/lib/libcom_err.a -o -f $krb5_dir/lib/libcom_err.so* \)\
+#	-a \( -f $krb5_dir/lib/libk5crypto.a -o -f $krb5_dir/lib/libk5crypto.so* \)\
+#	-a \( -f $krb5_dir/include/krb5.h \) ]; then
+#	options="$options --with-krb5-flavor=MIT"
+#    fi
+#elif [ -d /usr/heimdal ]; then
+#    krb5_dir=/usr/heimdal
+#    if [ \( -f $krb5_dir/lib/libgssapi.a -o -f $krb5_dir/lib/libgssapi.so* \)\
+#	-a \( -f $krb5_dir/lib/libkrb5.a -o -f $krb5_dir/lib/libkrb5.so* \)\
+#	-a \( -f $krb5_dir/lib/libcom_err.a -o -f $krb5_dir/lib/libcom_err.so* \)\
+#	-a \( -f $krb5_dir/include/krb5.h \) ]; then
+#	options="$options --with-krb5-flavor=Heimdal"
+#    fi
+#fi
+
 if [ -z "$OUT" ]; then
   OUT="$CC"
 fi
 
+if [ ".$PERL" = . ] ; then
+	for i in . `echo $PATH | sed 's/:/ /g'`; do
+		if [ -f "$i/perl5" ] ; then
+			PERL="$i/perl5"
+			break;
+		fi;
+	done
+fi
+
+if [ ".$PERL" = . ] ; then
+	for i in . `echo $PATH | sed 's/:/ /g'`; do
+		if [ -f "$i/perl" ] ; then
+			if "$i/perl" -e 'exit($]<5.0)'; then
+				PERL="$i/perl"
+				break;
+			fi;
+		fi;
+	done
+fi
+
+if [ ".$PERL" = . ] ; then
+	echo "You need Perl 5."
+	exit 1
+fi
+
 # run Configure to check to see if we need to specify the 
 # compiler for the platform ... in which case we add it on
 # the end ... otherwise we leave it off
-perl ./Configure 2>&1 | grep "$OUT-$CC" > /dev/null
+
+$PERL ./Configure LIST | grep "$OUT-$CC" > /dev/null
 if [ $? = "0" ]; then
   OUT="$OUT-$CC"
 fi
 
 OUT="$PREFIX$OUT"
 
-# at this point we have the answer ... which we could check again
-# and then fallback to a vanilla SSLeay build but then this script
-# wouldn't get updated
-echo Configuring for $OUT
+$PERL ./Configure LIST | grep "$OUT" > /dev/null
+if [ $? = "0" ]; then
+  echo Configuring for $OUT
 
-if [ "$TEST" = "true" ]; then
-  echo ./Configure $OUT $options
+  if [ "$TEST" = "true" ]; then
+    echo $PERL ./Configure $OUT $options
+  else
+    $PERL ./Configure $OUT $options
+  fi
 else
-  perl ./Configure $OUT $options
+  echo "This system ($OUT) is not supported. See file INSTALL for details."
 fi
-
 )
-
diff --git a/crypto/.cvsignore b/crypto/.cvsignore
new file mode 100644
index 0000000000..6b86a0a8dc
--- /dev/null
+++ b/crypto/.cvsignore
@@ -0,0 +1,4 @@
+lib
+buildinf.h
+opensslconf.h
+Makefile.save
diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl
index ab821e2ccb..061211dbd4 100644
--- a/crypto/Makefile.ssl
+++ b/crypto/Makefile.ssl
@@ -5,157 +5,214 @@
 DIR=		crypto
 TOP=		..
 CC=		cc
-INCLUDE=	-I. -I../include
-INCLUDES=	-I.. -I../../include
+INCLUDE=	-I. -I$(TOP) -I../include
+INCLUDES=	-I.. -I../.. -I../../include
 CFLAG=		-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=	/usr/local/ssl
 MAKE=           make -f Makefile.ssl
-MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=       Makefile.ssl
-RM=             /bin/rm -f
+RM=             rm -f
 AR=		ar r
 
-MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
-MAKEFILE=	Makefile.ssl
-
 PEX_LIBS=
 EX_LIBS=
  
-CFLAGS= $(INCLUDE) $(CFLAG) -DCFLAGS=" \"$(CC) $(CFLAG)\" " -DPLATFORM=" \"$(PLATFORM)\" "
+CFLAGS= $(INCLUDE) $(CFLAG)
 
-ERR=crypto
-ERRC=cpt_err
 
 LIBS=
 
 SDIRS=	md2 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
-	bn rsa dsa dh \
+	bn ec rsa dsa ecdsa ecdh dh dso engine aes \
 	buffer bio stack lhash rand err objects \
-	evp pem x509 \
-	asn1 conf txt_db pkcs7 comp
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
 
-GENERAL=Makefile README
+GENERAL=Makefile README crypto-lib.com install.com
 
 LIB= $(TOP)/libcrypto.a
-LIBSRC=	cryptlib.c mem.c cversion.c ex_data.c tmdiff.c $(ERRC).c
-LIBOBJ= cryptlib.o mem.o cversion.o ex_data.o tmdiff.o $(ERRC).o
+SHARED_LIB= libcrypto$(SHLIB_EXT)
+LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c o_time.c
+LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o o_time.o
 
 SRC= $(LIBSRC)
 
-EXHEADER= crypto.h cryptall.h tmdiff.h
-HEADER=	cryptlib.h date.h $(EXHEADER)
+EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
+	ossl_typ.h
+HEADER=	cryptlib.h buildinf.h md32_common.h o_time.h $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
 top:
 	@(cd ..; $(MAKE) DIRS=$(DIR) all)
 
-all: date.h lib subdirs
+all: buildinf.h lib subdirs shared
+
+buildinf.h: ../Makefile.ssl
+	( echo "#ifndef MK1MF_BUILD"; \
+	echo '  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */'; \
+	echo '  #define CFLAGS "$(CC) $(CFLAG)"'; \
+	echo '  #define PLATFORM "$(PLATFORM)"'; \
+	echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
+	echo '#endif' ) >buildinf.h
 
-date.h: ../Makefile.ssl ../VERSION
-	echo "#define DATE	\"`date`\"" >date.h
+testapps:
+	if echo ${SDIRS} | fgrep ' des '; \
+	then cd des && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' des; fi
+	cd pkcs7 && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps
 
 subdirs:
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making all in $$i..."; \
-	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' all ); \
+	(cd $$i && echo "making all in crypto/$$i..." && \
+	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
 	done;
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making 'files' in $$i..."; \
-	$(MAKE) files ); \
+	(cd $$i && echo "making 'files' in crypto/$$i..." && \
+	$(MAKE) PERL='${PERL}' files ); \
 	done;
 
 links:
-	/bin/rm -f Makefile 
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../include $(HEADER) ;
-	$(TOP)/util/mklink.sh ../test $(TEST) ;
-	$(TOP)/util/mklink.sh ../apps $(APPS) ;
-	$(TOP)/util/point.sh Makefile.ssl Makefile;
-	@for i in $(SDIRS) ;\
-	do \
-	(cd $$i; echo "making links in $$i..."; \
-	$(MAKE) links ); \
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@for i in $(SDIRS); do \
+	(cd $$i && echo "making links in crypto/$$i..." && \
+	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
 	done;
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
+shared:
+	if [ -n "$(SHARED_LIBS)" ]; then \
+		(cd ..; $(MAKE) $(SHARED_LIB)); \
+	fi
+
 libs:
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making libs in $$i..."; \
-	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
+	(cd $$i && echo "making libs in crypto/$$i..." && \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
 	done;
 
 tests:
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making tests in $$i..."; \
+	(cd $$i && echo "making tests in crypto/$$i..." && \
 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
 	done;
 
 install:
 	@for i in $(EXHEADER) ;\
 	do \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making install in $$i..."; \
-	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
+	(cd $$i && echo "making install in crypto/$$i..." && \
+	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}'  INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
 	done;
 
 lint:
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making lint in $$i..."; \
+	(cd $$i && echo "making lint in crypto/$$i..." && \
 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
 	done;
 
 depend:
-	$(MAKEDEPEND) $(INCLUDE) $(PROGS) $(LIBSRC)
+	if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+	if [ ! -s buildinf.h ]; then rm buildinf.h; fi
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making depend in $$i..."; \
-	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' MAKEDEPEND='${MAKEDEPEND}' depend ); \
+	(cd $$i && echo "making depend in crypto/$$i..." && \
+	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ); \
 	done;
 
 clean:
-	/bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+	rm -f buildinf.h *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making clean in $$i..."; \
+	(cd $$i && echo "making clean in crypto/$$i..." && \
 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
 	done;
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 	@for i in $(SDIRS) ;\
 	do \
-	(cd $$i; echo "making dclean in $$i..."; \
-	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
-	done;
-
-errors:
-	perl ./err/err_code.pl -conf err/ssleay.ec *.c */*.c ../ssl/*.c ../rsaref/*.c
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl err/err_genc.pl -s $(ERR).h $(ERRC).c
-	@for i in $(SDIRS) ;\
-	do \
-	(cd $$i; echo "making errors in $$i..."; \
-	$(MAKE) errors ); \
+	(cd $$i && echo "making dclean in crypto/$$i..." && \
+	$(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
 	done;
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
+cpt_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+cpt_err.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cpt_err.c
+cryptlib.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+cryptlib.o: ../include/openssl/err.h ../include/openssl/lhash.h
+cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cryptlib.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+cryptlib.o: ../include/openssl/symhacks.h cryptlib.c cryptlib.h
+cversion.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+cversion.o: ../include/openssl/err.h ../include/openssl/lhash.h
+cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+cversion.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+cversion.o: ../include/openssl/symhacks.h buildinf.h cryptlib.h cversion.c
+ebcdic.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h ebcdic.c
+ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+ex_data.o: ../include/openssl/err.h ../include/openssl/lhash.h
+ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ex_data.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+ex_data.o: ../include/openssl/symhacks.h cryptlib.h ex_data.c
+mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
+mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+mem.o: ../include/openssl/symhacks.h cryptlib.h mem.c
+mem_clr.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem_clr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem_clr.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+mem_clr.o: ../include/openssl/symhacks.h mem_clr.c
+mem_dbg.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h
+mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mem_dbg.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+mem_dbg.o: ../include/openssl/symhacks.h cryptlib.h mem_dbg.c
+o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c
+o_time.o: o_time.h
+tmdiff.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+tmdiff.o: ../include/openssl/err.h ../include/openssl/lhash.h
+tmdiff.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+tmdiff.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+tmdiff.o: ../include/openssl/symhacks.h ../include/openssl/tmdiff.h cryptlib.h
+tmdiff.o: tmdiff.c
+uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+uid.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+uid.o: ../include/openssl/symhacks.h uid.c
diff --git a/crypto/aes/.cvsignore b/crypto/aes/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/aes/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/aes/Makefile.ssl b/crypto/aes/Makefile.ssl
new file mode 100644
index 0000000000..364d05bbfe
--- /dev/null
+++ b/crypto/aes/Makefile.ssl
@@ -0,0 +1,103 @@
+#
+# crypto/aes/Makefile
+#
+
+DIR=	aes
+TOP=	../..
+CC=	cc
+CPP=	$(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=	/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+# CFLAGS= -mpentiumpro $(INCLUDES) $(CFLAG) -O3 -fexpensive-optimizations -funroll-loops -fforce-addr
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+#TEST=aestest.c
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=aes_core.c aes_misc.c aes_ecb.c aes_cbc.c aes_cfb.c aes_ofb.c aes_ctr.c
+LIBOBJ=aes_core.o aes_misc.o aes_ecb.o aes_cbc.o aes_cfb.o aes_ofb.o aes_ctr.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= aes.h
+HEADER= aes_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB) || echo Never mind.
+	@touch lib
+
+$(LIBOBJ): $(LIBSRC)
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install: installs
+
+installs:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+aes_cbc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_cbc.o: ../../include/openssl/opensslconf.h aes_cbc.c aes_locl.h
+aes_cfb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_cfb.o: ../../include/openssl/opensslconf.h aes_cfb.c aes_locl.h
+aes_core.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_core.o: ../../include/openssl/opensslconf.h aes_core.c aes_locl.h
+aes_ctr.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ctr.o: ../../include/openssl/opensslconf.h aes_ctr.c aes_locl.h
+aes_ecb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ecb.o: ../../include/openssl/opensslconf.h aes_ecb.c aes_locl.h
+aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_misc.o: ../../include/openssl/opensslconf.h
+aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c
+aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
+aes_ofb.o: ../../include/openssl/opensslconf.h aes_locl.h aes_ofb.c
diff --git a/crypto/aes/README b/crypto/aes/README
new file mode 100644
index 0000000000..0f9620a80e
--- /dev/null
+++ b/crypto/aes/README
@@ -0,0 +1,3 @@
+This is an OpenSSL-compatible version of AES (also called Rijndael).
+aes_core.c is basically the same as rijndael-alg-fst.c but with an
+API that looks like the rest of the OpenSSL symmetric cipher suite.
diff --git a/crypto/aes/aes.h b/crypto/aes/aes.h
new file mode 100644
index 0000000000..f708f6f34b
--- /dev/null
+++ b/crypto/aes/aes.h
@@ -0,0 +1,111 @@
+/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef HEADER_AES_H
+#define HEADER_AES_H
+
+#ifdef OPENSSL_NO_AES
+#error AES is disabled.
+#endif
+
+static const int AES_DECRYPT = 0;
+static const int AES_ENCRYPT = 1;
+/* Because array size can't be a const in C, the following two are macros.
+   Both sizes are in bytes. */
+#define AES_MAXNR 14
+#define AES_BLOCK_SIZE 16
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* This should be a hidden type, but EVP requires that the size be known */
+struct aes_key_st {
+    unsigned long rd_key[4 *(AES_MAXNR + 1)];
+    int rounds;
+};
+typedef struct aes_key_st AES_KEY;
+
+const char *AES_options(void);
+
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+	AES_KEY *key);
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+	AES_KEY *key);
+
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+	const AES_KEY *key);
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+	const AES_KEY *key);
+
+void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
+	const AES_KEY *key, const int enc);
+void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const AES_KEY *key,
+	unsigned char *ivec, const int enc);
+void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const AES_KEY *key,
+	unsigned char *ivec, int *num, const int enc);
+void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const AES_KEY *key,
+	unsigned char *ivec, int *num);
+void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const AES_KEY *key,
+	unsigned char counter[AES_BLOCK_SIZE],
+	unsigned char ecount_buf[AES_BLOCK_SIZE],
+	unsigned int *num);
+
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* !HEADER_AES_H */
diff --git a/crypto/aes/aes_cbc.c b/crypto/aes/aes_cbc.c
new file mode 100644
index 0000000000..01e965a532
--- /dev/null
+++ b/crypto/aes/aes_cbc.c
@@ -0,0 +1,111 @@
+/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+		     const unsigned long length, const AES_KEY *key,
+		     unsigned char *ivec, const int enc) {
+
+	unsigned long n;
+	unsigned long len = length;
+	unsigned char tmp[AES_BLOCK_SIZE];
+
+	assert(in && out && key && ivec);
+	assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
+
+	if (AES_ENCRYPT == enc) {
+		while (len >= AES_BLOCK_SIZE) {
+			for(n=0; n < AES_BLOCK_SIZE; ++n)
+				tmp[n] = in[n] ^ ivec[n];
+			AES_encrypt(tmp, out, key);
+			memcpy(ivec, out, AES_BLOCK_SIZE);
+			len -= AES_BLOCK_SIZE;
+			in += AES_BLOCK_SIZE;
+			out += AES_BLOCK_SIZE;
+		}
+		if (len) {
+			for(n=0; n < len; ++n)
+				tmp[n] = in[n] ^ ivec[n];
+			for(n=len; n < AES_BLOCK_SIZE; ++n)
+				tmp[n] = ivec[n];
+			AES_encrypt(tmp, tmp, key);
+			memcpy(out, tmp, len);
+			memcpy(ivec, tmp, AES_BLOCK_SIZE);
+		}			
+	} else {
+		while (len >= AES_BLOCK_SIZE) {
+			memcpy(tmp, in, AES_BLOCK_SIZE);
+			AES_decrypt(in, out, key);
+			for(n=0; n < AES_BLOCK_SIZE; ++n)
+				out[n] ^= ivec[n];
+			memcpy(ivec, tmp, AES_BLOCK_SIZE);
+			len -= AES_BLOCK_SIZE;
+			in += AES_BLOCK_SIZE;
+			out += AES_BLOCK_SIZE;
+		}
+		if (len) {
+			memcpy(tmp, in, AES_BLOCK_SIZE);
+			AES_decrypt(tmp, tmp, key);
+			for(n=0; n < len; ++n)
+				out[n] ^= ivec[n];
+			memcpy(ivec, tmp, AES_BLOCK_SIZE);
+		}			
+	}
+}
diff --git a/crypto/aes/aes_cfb.c b/crypto/aes/aes_cfb.c
new file mode 100644
index 0000000000..9b569dda90
--- /dev/null
+++ b/crypto/aes/aes_cfb.c
@@ -0,0 +1,157 @@
+/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+/* The input and output encrypted as though 128bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
+ */
+
+void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const AES_KEY *key,
+	unsigned char *ivec, int *num, const int enc) {
+
+	unsigned int n;
+	unsigned long l = length;
+	unsigned char c;
+
+	assert(in && out && key && ivec && num);
+
+	n = *num;
+
+	if (enc) {
+		while (l--) {
+			if (n == 0) {
+				AES_encrypt(ivec, ivec, key);
+			}
+			ivec[n] = *(out++) = *(in++) ^ ivec[n];
+			n = (n+1) % AES_BLOCK_SIZE;
+		}
+	} else {
+		while (l--) {
+			if (n == 0) {
+				AES_encrypt(ivec, ivec, key);
+			}
+			c = *(in);
+			*(out++) = *(in++) ^ ivec[n];
+			ivec[n] = c;
+			n = (n+1) % AES_BLOCK_SIZE;
+		}
+	}
+
+	*num=n;
+}
+
diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c
new file mode 100644
index 0000000000..ea884f6f9e
--- /dev/null
+++ b/crypto/aes/aes_core.c
@@ -0,0 +1,1257 @@
+/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
+/**
+ * rijndael-alg-fst.c
+ *
+ * @version 3.0 (December 2000)
+ *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
+ * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
+ * @author Paulo Barreto <paulo.barreto@terra.com.br>
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Note: rewritten a little bit to provide error control and an OpenSSL-
+   compatible API */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <stdlib.h>
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+/*
+Te0[x] = S [x].[02, 01, 01, 03];
+Te1[x] = S [x].[03, 02, 01, 01];
+Te2[x] = S [x].[01, 03, 02, 01];
+Te3[x] = S [x].[01, 01, 03, 02];
+Te4[x] = S [x].[01, 01, 01, 01];
+
+Td0[x] = Si[x].[0e, 09, 0d, 0b];
+Td1[x] = Si[x].[0b, 0e, 09, 0d];
+Td2[x] = Si[x].[0d, 0b, 0e, 09];
+Td3[x] = Si[x].[09, 0d, 0b, 0e];
+Td4[x] = Si[x].[01, 01, 01, 01];
+*/
+
+static const u32 Te0[256] = {
+    0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
+    0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
+    0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
+    0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
+    0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
+    0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
+    0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
+    0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
+    0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
+    0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
+    0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
+    0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
+    0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
+    0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
+    0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
+    0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
+    0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
+    0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
+    0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
+    0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
+    0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
+    0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
+    0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
+    0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
+    0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
+    0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
+    0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
+    0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
+    0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
+    0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
+    0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
+    0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
+    0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
+    0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
+    0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
+    0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
+    0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
+    0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
+    0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
+    0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
+    0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
+    0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
+    0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
+    0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
+    0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
+    0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
+    0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
+    0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
+    0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
+    0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
+    0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
+    0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
+    0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
+    0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
+    0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
+    0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
+    0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
+    0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
+    0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
+    0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
+    0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
+    0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
+    0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
+    0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
+};
+static const u32 Te1[256] = {
+    0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
+    0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
+    0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
+    0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
+    0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
+    0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
+    0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
+    0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
+    0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
+    0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
+    0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
+    0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
+    0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
+    0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
+    0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
+    0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
+    0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
+    0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
+    0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
+    0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
+    0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
+    0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
+    0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
+    0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
+    0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
+    0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
+    0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
+    0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
+    0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
+    0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
+    0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
+    0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
+    0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
+    0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
+    0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
+    0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
+    0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
+    0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
+    0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
+    0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
+    0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
+    0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
+    0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
+    0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
+    0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
+    0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
+    0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
+    0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
+    0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
+    0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
+    0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
+    0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
+    0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
+    0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
+    0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
+    0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
+    0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
+    0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
+    0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
+    0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
+    0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
+    0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
+    0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
+    0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
+};
+static const u32 Te2[256] = {
+    0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
+    0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
+    0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
+    0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
+    0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
+    0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
+    0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
+    0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
+    0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
+    0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
+    0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
+    0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
+    0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
+    0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
+    0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
+    0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
+    0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
+    0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
+    0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
+    0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
+    0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
+    0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
+    0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
+    0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
+    0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
+    0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
+    0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
+    0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
+    0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
+    0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
+    0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
+    0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
+    0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
+    0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
+    0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
+    0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
+    0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
+    0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
+    0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
+    0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
+    0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
+    0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
+    0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
+    0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
+    0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
+    0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
+    0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
+    0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
+    0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
+    0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
+    0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
+    0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
+    0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
+    0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
+    0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
+    0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
+    0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
+    0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
+    0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
+    0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
+    0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
+    0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
+    0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
+    0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
+};
+static const u32 Te3[256] = {
+
+    0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
+    0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
+    0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
+    0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
+    0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
+    0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
+    0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
+    0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
+    0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
+    0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
+    0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
+    0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
+    0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
+    0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
+    0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
+    0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
+    0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
+    0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
+    0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
+    0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
+    0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
+    0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
+    0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
+    0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
+    0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
+    0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
+    0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
+    0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
+    0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
+    0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
+    0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
+    0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
+    0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
+    0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
+    0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
+    0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
+    0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
+    0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
+    0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
+    0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
+    0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
+    0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
+    0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
+    0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
+    0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
+    0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
+    0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
+    0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
+    0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
+    0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
+    0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
+    0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
+    0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
+    0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
+    0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
+    0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
+    0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
+    0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
+    0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
+    0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
+    0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
+    0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
+    0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
+    0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
+};
+static const u32 Te4[256] = {
+    0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU,
+    0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U,
+    0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU,
+    0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U,
+    0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU,
+    0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U,
+    0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU,
+    0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U,
+    0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U,
+    0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU,
+    0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U,
+    0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U,
+    0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U,
+    0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU,
+    0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U,
+    0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U,
+    0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU,
+    0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U,
+    0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U,
+    0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U,
+    0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU,
+    0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU,
+    0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U,
+    0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU,
+    0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU,
+    0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U,
+    0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU,
+    0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U,
+    0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU,
+    0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U,
+    0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U,
+    0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U,
+    0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU,
+    0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U,
+    0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU,
+    0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U,
+    0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU,
+    0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U,
+    0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U,
+    0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU,
+    0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU,
+    0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU,
+    0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U,
+    0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U,
+    0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU,
+    0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U,
+    0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU,
+    0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U,
+    0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU,
+    0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U,
+    0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU,
+    0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU,
+    0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U,
+    0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU,
+    0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U,
+    0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU,
+    0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U,
+    0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U,
+    0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U,
+    0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU,
+    0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU,
+    0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U,
+    0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU,
+    0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U,
+};
+static const u32 Td0[256] = {
+    0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
+    0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
+    0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
+    0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
+    0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
+    0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
+    0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
+    0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
+    0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
+    0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
+    0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
+    0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
+    0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
+    0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
+    0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
+    0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
+    0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
+    0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
+    0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
+    0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
+    0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
+    0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
+    0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
+    0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
+    0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
+    0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
+    0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
+    0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
+    0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
+    0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
+    0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
+    0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
+    0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
+    0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
+    0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
+    0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
+    0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
+    0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
+    0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
+    0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
+    0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
+    0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
+    0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
+    0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
+    0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
+    0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
+    0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
+    0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
+    0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
+    0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
+    0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
+    0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
+    0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
+    0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
+    0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
+    0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
+    0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
+    0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
+    0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
+    0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
+    0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
+    0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
+    0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
+    0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
+};
+static const u32 Td1[256] = {
+    0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
+    0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
+    0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
+    0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
+    0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
+    0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
+    0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
+    0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
+    0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
+    0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
+    0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
+    0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
+    0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
+    0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
+    0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
+    0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
+    0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
+    0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
+    0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
+    0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
+    0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
+    0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
+    0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
+    0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
+    0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
+    0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
+    0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
+    0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
+    0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
+    0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
+    0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
+    0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
+    0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
+    0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
+    0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
+    0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
+    0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
+    0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
+    0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
+    0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
+    0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
+    0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
+    0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
+    0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
+    0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
+    0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
+    0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
+    0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
+    0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
+    0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
+    0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
+    0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
+    0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
+    0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
+    0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
+    0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
+    0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
+    0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
+    0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
+    0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
+    0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
+    0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
+    0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
+    0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
+};
+static const u32 Td2[256] = {
+    0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
+    0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
+    0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
+    0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
+    0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
+    0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
+    0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
+    0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
+    0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
+    0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
+    0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
+    0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
+    0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
+    0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
+    0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
+    0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
+    0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
+    0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
+    0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
+    0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
+
+    0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
+    0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
+    0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
+    0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
+    0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
+    0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
+    0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
+    0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
+    0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
+    0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
+    0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
+    0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
+    0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
+    0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
+    0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
+    0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
+    0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
+    0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
+    0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
+    0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
+    0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
+    0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
+    0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
+    0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
+    0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
+    0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
+    0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
+    0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
+    0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
+    0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
+    0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
+    0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
+    0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
+    0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
+    0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
+    0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
+    0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
+    0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
+    0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
+    0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
+    0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
+    0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
+    0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
+    0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
+};
+static const u32 Td3[256] = {
+    0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
+    0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
+    0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
+    0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
+    0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
+    0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
+    0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
+    0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
+    0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
+    0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
+    0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
+    0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
+    0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
+    0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
+    0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
+    0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
+    0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
+    0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
+    0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
+    0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
+    0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
+    0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
+    0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
+    0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
+    0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
+    0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
+    0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
+    0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
+    0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
+    0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
+    0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
+    0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
+    0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
+    0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
+    0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
+    0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
+    0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
+    0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
+    0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
+    0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
+    0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
+    0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
+    0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
+    0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
+    0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
+    0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
+    0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
+    0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
+    0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
+    0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
+    0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
+    0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
+    0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
+    0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
+    0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
+    0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
+    0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
+    0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
+    0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
+    0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
+    0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
+    0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
+    0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
+    0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
+};
+static const u32 Td4[256] = {
+    0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U,
+    0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U,
+    0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU,
+    0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU,
+    0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U,
+    0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U,
+    0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U,
+    0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU,
+    0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U,
+    0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU,
+    0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU,
+    0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU,
+    0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U,
+    0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U,
+    0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U,
+    0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U,
+    0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U,
+    0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U,
+    0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU,
+    0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U,
+    0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U,
+    0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU,
+    0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U,
+    0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U,
+    0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U,
+    0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU,
+    0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U,
+    0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U,
+    0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU,
+    0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U,
+    0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U,
+    0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU,
+    0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U,
+    0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU,
+    0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU,
+    0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U,
+    0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U,
+    0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U,
+    0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U,
+    0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU,
+    0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U,
+    0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U,
+    0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU,
+    0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU,
+    0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU,
+    0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U,
+    0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU,
+    0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U,
+    0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U,
+    0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U,
+    0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U,
+    0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU,
+    0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U,
+    0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU,
+    0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU,
+    0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU,
+    0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU,
+    0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U,
+    0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU,
+    0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U,
+    0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU,
+    0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U,
+    0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U,
+    0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU,
+};
+static const u32 rcon[] = {
+	0x01000000, 0x02000000, 0x04000000, 0x08000000,
+	0x10000000, 0x20000000, 0x40000000, 0x80000000,
+	0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ */
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+			AES_KEY *key) {
+
+	u32 *rk;
+   	int i = 0;
+	u32 temp;
+
+	if (!userKey || !key)
+		return -1;
+	if (bits != 128 && bits != 192 && bits != 256)
+		return -2;
+
+	rk = key->rd_key;
+
+	if (bits==128)
+		key->rounds = 10;
+	else if (bits==192)
+		key->rounds = 12;
+	else
+		key->rounds = 14;
+
+	rk[0] = GETU32(userKey     );
+	rk[1] = GETU32(userKey +  4);
+	rk[2] = GETU32(userKey +  8);
+	rk[3] = GETU32(userKey + 12);
+	if (bits == 128) {
+		for (;;) {
+			temp  = rk[3];
+			rk[4] = rk[0] ^
+				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+				(Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
+				(Te4[(temp      ) & 0xff] & 0x0000ff00) ^
+				(Te4[(temp >> 24)       ] & 0x000000ff) ^
+				rcon[i];
+			rk[5] = rk[1] ^ rk[4];
+			rk[6] = rk[2] ^ rk[5];
+			rk[7] = rk[3] ^ rk[6];
+			if (++i == 10) {
+				return 0;
+			}
+			rk += 4;
+		}
+	}
+	rk[4] = GETU32(userKey + 16);
+	rk[5] = GETU32(userKey + 20);
+	if (bits == 192) {
+		for (;;) {
+			temp = rk[ 5];
+			rk[ 6] = rk[ 0] ^
+				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+				(Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
+				(Te4[(temp      ) & 0xff] & 0x0000ff00) ^
+				(Te4[(temp >> 24)       ] & 0x000000ff) ^
+				rcon[i];
+			rk[ 7] = rk[ 1] ^ rk[ 6];
+			rk[ 8] = rk[ 2] ^ rk[ 7];
+			rk[ 9] = rk[ 3] ^ rk[ 8];
+			if (++i == 8) {
+				return 0;
+			}
+			rk[10] = rk[ 4] ^ rk[ 9];
+			rk[11] = rk[ 5] ^ rk[10];
+			rk += 6;
+		}
+	}
+	rk[6] = GETU32(userKey + 24);
+	rk[7] = GETU32(userKey + 28);
+	if (bits == 256) {
+		for (;;) {
+			temp = rk[ 7];
+			rk[ 8] = rk[ 0] ^
+				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+				(Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
+				(Te4[(temp      ) & 0xff] & 0x0000ff00) ^
+				(Te4[(temp >> 24)       ] & 0x000000ff) ^
+				rcon[i];
+			rk[ 9] = rk[ 1] ^ rk[ 8];
+			rk[10] = rk[ 2] ^ rk[ 9];
+			rk[11] = rk[ 3] ^ rk[10];
+			if (++i == 7) {
+				return 0;
+			}
+			temp = rk[11];
+			rk[12] = rk[ 4] ^
+				(Te4[(temp >> 24)       ] & 0xff000000) ^
+				(Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
+				(Te4[(temp >>  8) & 0xff] & 0x0000ff00) ^
+				(Te4[(temp      ) & 0xff] & 0x000000ff);
+			rk[13] = rk[ 5] ^ rk[12];
+			rk[14] = rk[ 6] ^ rk[13];
+			rk[15] = rk[ 7] ^ rk[14];
+
+			rk += 8;
+        	}
+	}
+	return 0;
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ */
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+			 AES_KEY *key) {
+
+        u32 *rk;
+	int i, j, status;
+	u32 temp;
+
+	/* first, start with an encryption schedule */
+	status = AES_set_encrypt_key(userKey, bits, key);
+	if (status < 0)
+		return status;
+
+	rk = key->rd_key;
+
+	/* invert the order of the round keys: */
+	for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+		temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+		temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+		temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+		temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+	}
+	/* apply the inverse MixColumn transform to all round keys but the first and the last: */
+	for (i = 1; i < (key->rounds); i++) {
+		rk += 4;
+		rk[0] =
+			Td0[Te4[(rk[0] >> 24)       ] & 0xff] ^
+			Td1[Te4[(rk[0] >> 16) & 0xff] & 0xff] ^
+			Td2[Te4[(rk[0] >>  8) & 0xff] & 0xff] ^
+			Td3[Te4[(rk[0]      ) & 0xff] & 0xff];
+		rk[1] =
+			Td0[Te4[(rk[1] >> 24)       ] & 0xff] ^
+			Td1[Te4[(rk[1] >> 16) & 0xff] & 0xff] ^
+			Td2[Te4[(rk[1] >>  8) & 0xff] & 0xff] ^
+			Td3[Te4[(rk[1]      ) & 0xff] & 0xff];
+		rk[2] =
+			Td0[Te4[(rk[2] >> 24)       ] & 0xff] ^
+			Td1[Te4[(rk[2] >> 16) & 0xff] & 0xff] ^
+			Td2[Te4[(rk[2] >>  8) & 0xff] & 0xff] ^
+			Td3[Te4[(rk[2]      ) & 0xff] & 0xff];
+		rk[3] =
+			Td0[Te4[(rk[3] >> 24)       ] & 0xff] ^
+			Td1[Te4[(rk[3] >> 16) & 0xff] & 0xff] ^
+			Td2[Te4[(rk[3] >>  8) & 0xff] & 0xff] ^
+			Td3[Te4[(rk[3]      ) & 0xff] & 0xff];
+	}
+	return 0;
+}
+
+/*
+ * Encrypt a single block
+ * in and out can overlap
+ */
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+		 const AES_KEY *key) {
+
+	const u32 *rk;
+	u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+	int r;
+#endif /* ?FULL_UNROLL */
+
+	assert(in && out && key);
+	rk = key->rd_key;
+
+	/*
+	 * map byte array block to cipher state
+	 * and add initial round key:
+	 */
+	s0 = GETU32(in     ) ^ rk[0];
+	s1 = GETU32(in +  4) ^ rk[1];
+	s2 = GETU32(in +  8) ^ rk[2];
+	s3 = GETU32(in + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+	/* round 1: */
+   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
+   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
+   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
+   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
+   	/* round 2: */
+   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
+   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
+   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
+   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
+	/* round 3: */
+   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
+   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
+   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
+   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
+   	/* round 4: */
+   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
+   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
+   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
+   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
+	/* round 5: */
+   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
+   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
+   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
+   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
+   	/* round 6: */
+   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
+   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
+   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
+   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
+	/* round 7: */
+   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
+   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
+   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
+   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
+   	/* round 8: */
+   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
+   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
+   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
+   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
+	/* round 9: */
+   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
+   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
+   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
+   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
+    if (key->rounds > 10) {
+        /* round 10: */
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
+        /* round 11: */
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
+        if (key->rounds > 12) {
+            /* round 12: */
+            s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
+            s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
+            s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
+            s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
+            /* round 13: */
+            t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
+            t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
+            t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
+            t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
+        }
+    }
+    rk += key->rounds << 2;
+#else  /* !FULL_UNROLL */
+    /*
+     * Nr - 1 full rounds:
+     */
+    r = key->rounds >> 1;
+    for (;;) {
+        t0 =
+            Te0[(s0 >> 24)       ] ^
+            Te1[(s1 >> 16) & 0xff] ^
+            Te2[(s2 >>  8) & 0xff] ^
+            Te3[(s3      ) & 0xff] ^
+            rk[4];
+        t1 =
+            Te0[(s1 >> 24)       ] ^
+            Te1[(s2 >> 16) & 0xff] ^
+            Te2[(s3 >>  8) & 0xff] ^
+            Te3[(s0      ) & 0xff] ^
+            rk[5];
+        t2 =
+            Te0[(s2 >> 24)       ] ^
+            Te1[(s3 >> 16) & 0xff] ^
+            Te2[(s0 >>  8) & 0xff] ^
+            Te3[(s1      ) & 0xff] ^
+            rk[6];
+        t3 =
+            Te0[(s3 >> 24)       ] ^
+            Te1[(s0 >> 16) & 0xff] ^
+            Te2[(s1 >>  8) & 0xff] ^
+            Te3[(s2      ) & 0xff] ^
+            rk[7];
+
+        rk += 8;
+        if (--r == 0) {
+            break;
+        }
+
+        s0 =
+            Te0[(t0 >> 24)       ] ^
+            Te1[(t1 >> 16) & 0xff] ^
+            Te2[(t2 >>  8) & 0xff] ^
+            Te3[(t3      ) & 0xff] ^
+            rk[0];
+        s1 =
+            Te0[(t1 >> 24)       ] ^
+            Te1[(t2 >> 16) & 0xff] ^
+            Te2[(t3 >>  8) & 0xff] ^
+            Te3[(t0      ) & 0xff] ^
+            rk[1];
+        s2 =
+            Te0[(t2 >> 24)       ] ^
+            Te1[(t3 >> 16) & 0xff] ^
+            Te2[(t0 >>  8) & 0xff] ^
+            Te3[(t1      ) & 0xff] ^
+            rk[2];
+        s3 =
+            Te0[(t3 >> 24)       ] ^
+            Te1[(t0 >> 16) & 0xff] ^
+            Te2[(t1 >>  8) & 0xff] ^
+            Te3[(t2      ) & 0xff] ^
+            rk[3];
+    }
+#endif /* ?FULL_UNROLL */
+    /*
+	 * apply last round and
+	 * map cipher state to byte array block:
+	 */
+	s0 =
+		(Te4[(t0 >> 24)       ] & 0xff000000) ^
+		(Te4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+		(Te4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+		(Te4[(t3      ) & 0xff] & 0x000000ff) ^
+		rk[0];
+	PUTU32(out     , s0);
+	s1 =
+		(Te4[(t1 >> 24)       ] & 0xff000000) ^
+		(Te4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+		(Te4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+		(Te4[(t0      ) & 0xff] & 0x000000ff) ^
+		rk[1];
+	PUTU32(out +  4, s1);
+	s2 =
+		(Te4[(t2 >> 24)       ] & 0xff000000) ^
+		(Te4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+		(Te4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+		(Te4[(t1      ) & 0xff] & 0x000000ff) ^
+		rk[2];
+	PUTU32(out +  8, s2);
+	s3 =
+		(Te4[(t3 >> 24)       ] & 0xff000000) ^
+		(Te4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+		(Te4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+		(Te4[(t2      ) & 0xff] & 0x000000ff) ^
+		rk[3];
+	PUTU32(out + 12, s3);
+}
+
+/*
+ * Decrypt a single block
+ * in and out can overlap
+ */
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+		 const AES_KEY *key) {
+
+	const u32 *rk;
+	u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+	int r;
+#endif /* ?FULL_UNROLL */
+
+	assert(in && out && key);
+	rk = key->rd_key;
+
+	/*
+	 * map byte array block to cipher state
+	 * and add initial round key:
+	 */
+    s0 = GETU32(in     ) ^ rk[0];
+    s1 = GETU32(in +  4) ^ rk[1];
+    s2 = GETU32(in +  8) ^ rk[2];
+    s3 = GETU32(in + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+    /* round 1: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
+    /* round 2: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
+    /* round 3: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
+    /* round 4: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
+    /* round 5: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
+    /* round 6: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
+    /* round 7: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
+    /* round 8: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
+    /* round 9: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
+    if (key->rounds > 10) {
+        /* round 10: */
+        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
+        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
+        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
+        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
+        /* round 11: */
+        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
+        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
+        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
+        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
+        if (key->rounds > 12) {
+            /* round 12: */
+            s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
+            s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
+            s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
+            s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
+            /* round 13: */
+            t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
+            t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
+            t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
+            t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
+        }
+    }
+	rk += key->rounds << 2;
+#else  /* !FULL_UNROLL */
+    /*
+     * Nr - 1 full rounds:
+     */
+    r = key->rounds >> 1;
+    for (;;) {
+        t0 =
+            Td0[(s0 >> 24)       ] ^
+            Td1[(s3 >> 16) & 0xff] ^
+            Td2[(s2 >>  8) & 0xff] ^
+            Td3[(s1      ) & 0xff] ^
+            rk[4];
+        t1 =
+            Td0[(s1 >> 24)       ] ^
+            Td1[(s0 >> 16) & 0xff] ^
+            Td2[(s3 >>  8) & 0xff] ^
+            Td3[(s2      ) & 0xff] ^
+            rk[5];
+        t2 =
+            Td0[(s2 >> 24)       ] ^
+            Td1[(s1 >> 16) & 0xff] ^
+            Td2[(s0 >>  8) & 0xff] ^
+            Td3[(s3      ) & 0xff] ^
+            rk[6];
+        t3 =
+            Td0[(s3 >> 24)       ] ^
+            Td1[(s2 >> 16) & 0xff] ^
+            Td2[(s1 >>  8) & 0xff] ^
+            Td3[(s0      ) & 0xff] ^
+            rk[7];
+
+        rk += 8;
+        if (--r == 0) {
+            break;
+        }
+
+        s0 =
+            Td0[(t0 >> 24)       ] ^
+            Td1[(t3 >> 16) & 0xff] ^
+            Td2[(t2 >>  8) & 0xff] ^
+            Td3[(t1      ) & 0xff] ^
+            rk[0];
+        s1 =
+            Td0[(t1 >> 24)       ] ^
+            Td1[(t0 >> 16) & 0xff] ^
+            Td2[(t3 >>  8) & 0xff] ^
+            Td3[(t2      ) & 0xff] ^
+            rk[1];
+        s2 =
+            Td0[(t2 >> 24)       ] ^
+            Td1[(t1 >> 16) & 0xff] ^
+            Td2[(t0 >>  8) & 0xff] ^
+            Td3[(t3      ) & 0xff] ^
+            rk[2];
+        s3 =
+            Td0[(t3 >> 24)       ] ^
+            Td1[(t2 >> 16) & 0xff] ^
+            Td2[(t1 >>  8) & 0xff] ^
+            Td3[(t0      ) & 0xff] ^
+            rk[3];
+    }
+#endif /* ?FULL_UNROLL */
+    /*
+	 * apply last round and
+	 * map cipher state to byte array block:
+	 */
+   	s0 =
+   		(Td4[(t0 >> 24)       ] & 0xff000000) ^
+   		(Td4[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+   		(Td4[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+   		(Td4[(t1      ) & 0xff] & 0x000000ff) ^
+   		rk[0];
+	PUTU32(out     , s0);
+   	s1 =
+   		(Td4[(t1 >> 24)       ] & 0xff000000) ^
+   		(Td4[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+   		(Td4[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+   		(Td4[(t2      ) & 0xff] & 0x000000ff) ^
+   		rk[1];
+	PUTU32(out +  4, s1);
+   	s2 =
+   		(Td4[(t2 >> 24)       ] & 0xff000000) ^
+   		(Td4[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+   		(Td4[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+   		(Td4[(t3      ) & 0xff] & 0x000000ff) ^
+   		rk[2];
+	PUTU32(out +  8, s2);
+   	s3 =
+   		(Td4[(t3 >> 24)       ] & 0xff000000) ^
+   		(Td4[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+   		(Td4[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+   		(Td4[(t0      ) & 0xff] & 0x000000ff) ^
+   		rk[3];
+	PUTU32(out + 12, s3);
+}
+
diff --git a/crypto/aes/aes_ctr.c b/crypto/aes/aes_ctr.c
new file mode 100644
index 0000000000..59088499a0
--- /dev/null
+++ b/crypto/aes/aes_ctr.c
@@ -0,0 +1,128 @@
+/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+/* NOTE: CTR mode is big-endian.  The rest of the AES code
+ * is endian-neutral. */
+
+/* increment counter (128-bit int) by 2^64 */
+static void AES_ctr128_inc(unsigned char *counter) {
+	unsigned long c;
+
+	/* Grab 3rd dword of counter and increment */
+#ifdef L_ENDIAN
+	c = GETU32(counter + 8);
+	c++;
+	PUTU32(counter + 8, c);
+#else
+	c = GETU32(counter + 4);
+	c++;
+	PUTU32(counter + 4, c);
+#endif
+
+	/* if no overflow, we're done */
+	if (c)
+		return;
+
+	/* Grab top dword of counter and increment */
+#ifdef L_ENDIAN
+	c = GETU32(counter + 12);
+	c++;
+	PUTU32(counter + 12, c);
+#else
+	c = GETU32(counter +  0);
+	c++;
+	PUTU32(counter +  0, c);
+#endif
+
+}
+
+/* The input encrypted as though 128bit counter mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num, and the
+ * encrypted counter is kept in ecount_buf.  Both *num and
+ * ecount_buf must be initialised with zeros before the first
+ * call to AES_ctr128_encrypt().
+ */
+void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const AES_KEY *key,
+	unsigned char counter[AES_BLOCK_SIZE],
+	unsigned char ecount_buf[AES_BLOCK_SIZE],
+	unsigned int *num) {
+
+	unsigned int n;
+	unsigned long l=length;
+
+	assert(in && out && key && counter && num);
+	assert(*num < AES_BLOCK_SIZE);
+
+	n = *num;
+
+	while (l--) {
+		if (n == 0) {
+			AES_encrypt(counter, ecount_buf, key);
+			AES_ctr128_inc(counter);
+		}
+		*(out++) = *(in++) ^ ecount_buf[n];
+		n = (n+1) % AES_BLOCK_SIZE;
+	}
+
+	*num=n;
+}
diff --git a/crypto/aes/aes_ecb.c b/crypto/aes/aes_ecb.c
new file mode 100644
index 0000000000..28aa561c2d
--- /dev/null
+++ b/crypto/aes/aes_ecb.c
@@ -0,0 +1,73 @@
+/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
+		     const AES_KEY *key, const int enc) {
+
+        assert(in && out && key);
+	assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
+
+	if (AES_ENCRYPT == enc)
+		AES_encrypt(in, out, key);
+	else
+		AES_decrypt(in, out, key);
+}
+
diff --git a/crypto/aes/aes_locl.h b/crypto/aes/aes_locl.h
new file mode 100644
index 0000000000..f290946058
--- /dev/null
+++ b/crypto/aes/aes_locl.h
@@ -0,0 +1,85 @@
+/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef HEADER_AES_LOCL_H
+#define HEADER_AES_LOCL_H
+
+#include <openssl/e_os2.h>
+
+#ifdef OPENSSL_NO_AES
+#error AES is disabled.
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(_MSC_VER) && !defined(OPENSSL_SYS_WINCE)
+# define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+# define GETU32(p) SWAP(*((u32 *)(p)))
+# define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
+#else
+# define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
+# define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
+#endif
+
+typedef unsigned long u32;
+typedef unsigned short u16;
+typedef unsigned char u8;
+
+#define MAXKC   (256/32)
+#define MAXKB   (256/8)
+#define MAXNR   14
+
+/* This controls loop-unrolling in aes_core.c */
+#undef FULL_UNROLL
+
+#endif /* !HEADER_AES_LOCL_H */
diff --git a/crypto/aes/aes_misc.c b/crypto/aes/aes_misc.c
new file mode 100644
index 0000000000..090def25d5
--- /dev/null
+++ b/crypto/aes/aes_misc.c
@@ -0,0 +1,64 @@
+/* crypto/aes/aes_misc.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#include <openssl/opensslv.h>
+#include <openssl/aes.h>
+#include "aes_locl.h"
+
+const char *AES_version="AES" OPENSSL_VERSION_PTEXT;
+
+const char *AES_options(void) {
+#ifdef FULL_UNROLL
+        return "aes(full)";
+#else   
+        return "aes(partial)";
+#endif
+}
diff --git a/crypto/x509/x509pack.c b/crypto/aes/aes_ofb.c
index 846f125859..f358bb39e2 100644
--- a/crypto/x509/x509pack.c
+++ b/crypto/aes/aes_ofb.c
@@ -1,4 +1,53 @@
-/* crypto/x509/x509pack.c */
+/* crypto/aes/aes_ofb.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,102 +105,38 @@
  * [including the GNU Public Licence.]
  */
 
-#include <stdio.h>
-#include "stack.h"
-#include "cryptlib.h"
-#include "asn1.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
-
-ASN1_OCTET_STRING *X509v3_pack_string(ex,type,bytes,len)
-ASN1_OCTET_STRING **ex;
-int type;
-unsigned char *bytes;
-int len;
-	{
-	ASN1_OCTET_STRING *os;
-	ASN1_STRING str;
-	unsigned char *p;
-	int i;
+#ifndef AES_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
 
-	if ((ex == NULL) || (*ex == NULL))
-		os=ASN1_OCTET_STRING_new();
-	else
-		os= *ex;
+#include <openssl/aes.h>
+#include "aes_locl.h"
 
-	if (len < 0) len=strlen((char *)bytes);
-	str.length=len;
-	str.type=type;
-	str.data=bytes;
-
-	/* str now holds the data, we just have to copy it into ->value */
+/* The input and output encrypted as though 128bit ofb mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
+ */
+void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+	const unsigned long length, const AES_KEY *key,
+	unsigned char *ivec, int *num) {
 
-	switch (type)
-		{
-	case V_ASN1_BIT_STRING:
-		i=i2d_ASN1_BIT_STRING((ASN1_BIT_STRING *)&str,NULL);
-		if (!ASN1_STRING_set((ASN1_STRING *)os,NULL,i))
-			goto err;
-		p=(unsigned char *)os->data;
-		i2d_ASN1_BIT_STRING((ASN1_BIT_STRING *)&str,&p);
-		break;
-	case V_ASN1_OCTET_STRING:
-		i=i2d_ASN1_OCTET_STRING((ASN1_OCTET_STRING *)&str,NULL);
-		if (!ASN1_STRING_set((ASN1_STRING *)os,NULL,i))
-			goto err;
-		p=(unsigned char *)os->data;
-		i2d_ASN1_OCTET_STRING((ASN1_OCTET_STRING *)&str,&p);
-		break;
-	case V_ASN1_IA5STRING:
-	case V_ASN1_PRINTABLESTRING:
-	case V_ASN1_T61STRING:
-		i=i2d_ASN1_bytes(&str,NULL,type,V_ASN1_UNIVERSAL);
-		if (!ASN1_STRING_set((ASN1_STRING *)os,NULL,i))
-			goto err;
-		p=(unsigned char *)os->data;
-		i=i2d_ASN1_bytes(&str,&p,type,V_ASN1_UNIVERSAL);
-		break;
-	default:
-		X509err(X509_F_X509V3_PACK_STRING,X509_R_UNKNOWN_STRING_TYPE);
-		goto err;
-		}
-	os->length=i;
+	unsigned int n;
+	unsigned long l=length;
 
-	if ((ex != NULL) && (os != *ex))
-		*ex=os;
-	return(os);
-err:
-	return(NULL);
-	}
+	assert(in && out && key && ivec && num);
 
-ASN1_STRING *X509v3_unpack_string(ex,type,os)
-ASN1_STRING **ex;
-int type;
-ASN1_OCTET_STRING *os;
-	{
-	unsigned char *p;
-	ASN1_STRING *ret=NULL;
+	n = *num;
 
-	p=os->data;
-	switch (type)
-		{
-	case V_ASN1_BIT_STRING:
-		ret=(ASN1_STRING *)d2i_ASN1_BIT_STRING(
-			(ASN1_BIT_STRING **)ex,&p,os->length);
-		break;
-	case V_ASN1_OCTET_STRING:
-		ret=(ASN1_STRING *)d2i_ASN1_OCTET_STRING(
-			(ASN1_BIT_STRING **)ex,&p,os->length);
-		break;
-	case V_ASN1_IA5STRING:
-	case V_ASN1_PRINTABLESTRING:
-	case V_ASN1_T61STRING:
-		ret=(ASN1_STRING *)d2i_ASN1_PRINTABLE(ex,&p,os->length);
-		break;
-	default:
-		X509err(X509_F_X509V3_UNPACK_STRING,X509_R_UNKNOWN_STRING_TYPE);
+	while (l--) {
+		if (n == 0) {
+			AES_encrypt(ivec, ivec, key);
 		}
-	return(ret);
+		*(out++) = *(in++) ^ ivec[n];
+		n = (n+1) % AES_BLOCK_SIZE;
 	}
 
+	*num=n;
+}
diff --git a/crypto/asn1/.cvsignore b/crypto/asn1/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/asn1/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/asn1/Makefile.ssl b/crypto/asn1/Makefile.ssl
index 1e9951fc56..5edfa17a04 100644
--- a/crypto/asn1/Makefile.ssl
+++ b/crypto/asn1/Makefile.ssl
@@ -5,57 +5,52 @@
 DIR=	asn1
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=asn1
-ERRC=asn1_err
 GENERAL=Makefile README
 TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_int.c a_octet.c a_print.c \
-	a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_bmp.c \
-	a_sign.c a_digest.c a_verify.c \
-	x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c \
-	x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c \
-	d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \
-	d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c \
+LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
+	a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \
+	a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
+	x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \
+	x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
 	d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
-	t_req.c t_x509.c t_pkey.c \
-	p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c \
-	p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c \
-	f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \
-	a_hdr.c x_pkey.c a_bool.c x_exten.c \
-	asn1_par.c asn1_lib.c $(ERRC).c a_meth.c a_bytes.c \
-	evp_asn1.c
-LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_int.o a_octet.o a_print.o \
-	a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_bmp.o \
-	a_sign.o a_digest.o a_verify.o \
-	x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o \
-	x_name.o x_cinf.o x_x509.o x_crl.o x_info.o x_spki.o \
-	d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \
-	d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o \
+	t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
+	tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \
+	f_int.c f_string.c n_pkey.c \
+	f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
+	asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \
+	evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
+LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
+	a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
+	a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
+	x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \
+	x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
 	d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
-	t_req.o t_x509.o t_pkey.o \
-	p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o \
-	p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o \
-	f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \
-	a_hdr.o x_pkey.o a_bool.o x_exten.o \
-	asn1_par.o asn1_lib.o $(ERRC).o a_meth.o a_bytes.o \
-	evp_asn1.o
+	t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
+	tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \
+	f_int.o f_string.o n_pkey.o \
+	f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
+	asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \
+	evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o
 
 SRC= $(LIBSRC)
 
-EXHEADER=  asn1.h asn1_mac.h
+EXHEADER=  asn1.h asn1_mac.h asn1t.h
 HEADER=	$(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -75,24 +70,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -104,17 +98,1130 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+a_bitstr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bitstr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_bitstr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_bitstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_bitstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_bitstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bitstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bitstr.c
+a_bool.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bool.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_bool.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_bool.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_bool.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_bool.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_bool.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_bool.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_bool.o: ../cryptlib.h a_bool.c
+a_bytes.o: ../../e_os.h ../../include/openssl/asn1.h
+a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_bytes.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_bytes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_bytes.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_bytes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_bytes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_bytes.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bytes.c
+a_d2i_fp.o: ../../e_os.h ../../include/openssl/asn1.h
+a_d2i_fp.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_d2i_fp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_d2i_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_d2i_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_d2i_fp.o: ../../include/openssl/opensslconf.h
+a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_d2i_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_d2i_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_d2i_fp.c
+a_digest.o: ../../e_os.h ../../include/openssl/aes.h
+a_digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_digest.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+a_digest.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_digest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+a_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+a_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+a_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+a_digest.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+a_digest.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+a_digest.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+a_digest.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+a_digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+a_digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+a_digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_digest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+a_digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_digest.o: ../cryptlib.h a_digest.c
+a_dup.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_dup.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_dup.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_dup.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_dup.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_dup.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_dup.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_dup.o: ../cryptlib.h a_dup.c
+a_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_enum.o: ../cryptlib.h a_enum.c
+a_gentm.o: ../../e_os.h ../../include/openssl/asn1.h
+a_gentm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_gentm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_gentm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_gentm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_gentm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_gentm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_gentm.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_gentm.c
+a_hdr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_hdr.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_hdr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_hdr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_hdr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_hdr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_hdr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_hdr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_hdr.o: ../cryptlib.h a_hdr.c
+a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h
+a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_i2d_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_i2d_fp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_i2d_fp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_i2d_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_i2d_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_i2d_fp.c
+a_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_int.o: ../cryptlib.h a_int.c
+a_mbstr.o: ../../e_os.h ../../include/openssl/asn1.h
+a_mbstr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_mbstr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_mbstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_mbstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_mbstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_mbstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_mbstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_mbstr.c
+a_meth.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_meth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_meth.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_meth.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_meth.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_meth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_meth.o: ../cryptlib.h a_meth.c
+a_object.o: ../../e_os.h ../../include/openssl/asn1.h
+a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_object.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_object.o: ../../include/openssl/symhacks.h ../cryptlib.h a_object.c
+a_octet.o: ../../e_os.h ../../include/openssl/asn1.h
+a_octet.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_octet.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_octet.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_octet.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_octet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_octet.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_octet.o: ../../include/openssl/symhacks.h ../cryptlib.h a_octet.c
+a_print.o: ../../e_os.h ../../include/openssl/asn1.h
+a_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_print.o: ../../include/openssl/symhacks.h ../cryptlib.h a_print.c
+a_set.o: ../../e_os.h ../../include/openssl/asn1.h
+a_set.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+a_set.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_set.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_set.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_set.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_set.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_set.o: ../cryptlib.h a_set.c
+a_sign.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+a_sign.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_sign.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+a_sign.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+a_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+a_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+a_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+a_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+a_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+a_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+a_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+a_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+a_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+a_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+a_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+a_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+a_sign.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+a_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_sign.c
+a_strex.o: ../../e_os.h ../../include/openssl/aes.h
+a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_strex.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+a_strex.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+a_strex.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+a_strex.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+a_strex.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+a_strex.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+a_strex.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+a_strex.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+a_strex.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_strex.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_strex.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+a_strex.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+a_strex.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_strex.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_strex.o: ../cryptlib.h a_strex.c charmap.h
+a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h
+a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_strnid.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_strnid.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_strnid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+a_strnid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_strnid.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_strnid.o: ../../include/openssl/symhacks.h ../cryptlib.h a_strnid.c
+a_time.o: ../../e_os.h ../../include/openssl/asn1.h
+a_time.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_time.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_time.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_time.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_time.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_time.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_time.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_time.o: ../cryptlib.h ../o_time.h a_time.c
+a_type.o: ../../e_os.h ../../include/openssl/asn1.h
+a_type.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+a_type.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_type.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_type.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_type.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_type.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_type.o: ../cryptlib.h a_type.c
+a_utctm.o: ../../e_os.h ../../include/openssl/asn1.h
+a_utctm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+a_utctm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+a_utctm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+a_utctm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+a_utctm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_utctm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+a_utctm.o: ../../include/openssl/symhacks.h ../cryptlib.h ../o_time.h a_utctm.c
+a_utf8.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_utf8.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+a_utf8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+a_utf8.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+a_utf8.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+a_utf8.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+a_utf8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_utf8.o: ../cryptlib.h a_utf8.c
+a_verify.o: ../../e_os.h ../../include/openssl/aes.h
+a_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+a_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+a_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+a_verify.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+a_verify.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+a_verify.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+a_verify.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+a_verify.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+a_verify.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+a_verify.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+a_verify.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+a_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+a_verify.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+a_verify.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+a_verify.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+a_verify.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+a_verify.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+a_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+a_verify.o: ../cryptlib.h a_verify.c
+asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+asn1_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+asn1_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn1_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_err.o: ../../include/openssl/symhacks.h asn1_err.c
+asn1_gen.o: ../../e_os.h ../../include/openssl/aes.h
+asn1_gen.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+asn1_gen.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+asn1_gen.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+asn1_gen.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+asn1_gen.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+asn1_gen.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+asn1_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+asn1_gen.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+asn1_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+asn1_gen.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+asn1_gen.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+asn1_gen.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+asn1_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+asn1_gen.o: ../../include/openssl/opensslconf.h
+asn1_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_gen.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+asn1_gen.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+asn1_gen.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+asn1_gen.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+asn1_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+asn1_gen.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+asn1_gen.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+asn1_gen.o: ../../include/openssl/x509v3.h ../cryptlib.h asn1_gen.c
+asn1_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+asn1_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+asn1_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+asn1_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+asn1_lib.o: ../../include/openssl/opensslconf.h
+asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_lib.c
+asn1_par.o: ../../e_os.h ../../include/openssl/asn1.h
+asn1_par.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+asn1_par.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+asn1_par.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn1_par.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+asn1_par.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn1_par.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn1_par.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_par.c
+asn_moid.o: ../../e_os.h ../../include/openssl/aes.h
+asn_moid.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+asn_moid.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+asn_moid.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+asn_moid.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+asn_moid.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+asn_moid.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+asn_moid.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+asn_moid.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+asn_moid.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+asn_moid.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+asn_moid.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+asn_moid.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+asn_moid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+asn_moid.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+asn_moid.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+asn_moid.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+asn_moid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+asn_moid.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+asn_moid.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+asn_moid.o: ../cryptlib.h asn_moid.c
+asn_pack.o: ../../e_os.h ../../include/openssl/asn1.h
+asn_pack.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+asn_pack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+asn_pack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+asn_pack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c
+d2i_pr.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+d2i_pr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+d2i_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+d2i_pr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+d2i_pr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+d2i_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+d2i_pr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+d2i_pr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+d2i_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+d2i_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+d2i_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+d2i_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+d2i_pr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+d2i_pr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+d2i_pr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+d2i_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+d2i_pr.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+d2i_pr.o: ../cryptlib.h d2i_pr.c
+d2i_pu.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+d2i_pu.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+d2i_pu.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+d2i_pu.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+d2i_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+d2i_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+d2i_pu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+d2i_pu.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+d2i_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+d2i_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+d2i_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+d2i_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+d2i_pu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+d2i_pu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+d2i_pu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+d2i_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+d2i_pu.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+d2i_pu.o: ../cryptlib.h d2i_pu.c
+evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_asn1.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+evp_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+evp_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+evp_asn1.o: ../../include/openssl/opensslconf.h
+evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_asn1.c
+f_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+f_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+f_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+f_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+f_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+f_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+f_enum.o: ../cryptlib.h f_enum.c
+f_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+f_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+f_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+f_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+f_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+f_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+f_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+f_int.o: ../cryptlib.h f_int.c
+f_string.o: ../../e_os.h ../../include/openssl/asn1.h
+f_string.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+f_string.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+f_string.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+f_string.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c
+i2d_pr.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+i2d_pr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+i2d_pr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+i2d_pr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+i2d_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+i2d_pr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+i2d_pr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+i2d_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+i2d_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+i2d_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i2d_pr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+i2d_pr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+i2d_pr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+i2d_pr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+i2d_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+i2d_pr.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+i2d_pr.o: ../cryptlib.h i2d_pr.c
+i2d_pu.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+i2d_pu.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+i2d_pu.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+i2d_pu.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+i2d_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+i2d_pu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+i2d_pu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+i2d_pu.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+i2d_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+i2d_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+i2d_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+i2d_pu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+i2d_pu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+i2d_pu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+i2d_pu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+i2d_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+i2d_pu.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+i2d_pu.o: ../cryptlib.h i2d_pu.c
+n_pkey.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+n_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/asn1t.h
+n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+n_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+n_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+n_pkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+n_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+n_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+n_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+n_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+n_pkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+n_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+n_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+n_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+n_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+n_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+n_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+n_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+n_pkey.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h n_pkey.c
+nsseq.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+nsseq.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+nsseq.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+nsseq.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+nsseq.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+nsseq.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+nsseq.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+nsseq.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+nsseq.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+nsseq.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+nsseq.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+nsseq.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+nsseq.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+nsseq.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+nsseq.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+nsseq.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+nsseq.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+nsseq.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+nsseq.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+nsseq.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+nsseq.o: ../../include/openssl/x509_vfy.h nsseq.c
+p5_pbe.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p5_pbe.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+p5_pbe.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p5_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p5_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p5_pbe.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p5_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p5_pbe.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p5_pbe.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p5_pbe.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p5_pbe.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p5_pbe.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p5_pbe.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p5_pbe.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p5_pbe.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p5_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p5_pbe.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p5_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbe.c
+p5_pbev2.o: ../../e_os.h ../../include/openssl/aes.h
+p5_pbev2.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+p5_pbev2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p5_pbev2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p5_pbev2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p5_pbev2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p5_pbev2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p5_pbev2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p5_pbev2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p5_pbev2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p5_pbev2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p5_pbev2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p5_pbev2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_pbev2.o: ../../include/openssl/opensslconf.h
+p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+p5_pbev2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p5_pbev2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p5_pbev2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p5_pbev2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p5_pbev2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p5_pbev2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p5_pbev2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_pbev2.c
+p8_pkey.o: ../../e_os.h ../../include/openssl/aes.h
+p8_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+p8_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p8_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p8_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p8_pkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p8_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p8_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p8_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p8_pkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p8_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p8_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p8_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p8_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p8_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p8_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p8_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p8_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p8_pkey.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p8_pkey.c
+t_bitst.o: ../../e_os.h ../../include/openssl/aes.h
+t_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+t_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+t_bitst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+t_bitst.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+t_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_bitst.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_bitst.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_bitst.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+t_bitst.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+t_bitst.o: ../cryptlib.h t_bitst.c
+t_crl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+t_crl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_crl.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+t_crl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_crl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_crl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+t_crl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+t_crl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_crl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+t_crl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_crl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_crl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_crl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h t_crl.c
+t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+t_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_pkey.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+t_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+t_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_pkey.o: ../cryptlib.h t_pkey.c
+t_req.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+t_req.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_req.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+t_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_req.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+t_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+t_req.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+t_req.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_req.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+t_req.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_req.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h t_req.c
+t_spki.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+t_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+t_spki.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+t_spki.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+t_spki.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+t_spki.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+t_spki.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+t_spki.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+t_spki.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+t_spki.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+t_spki.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+t_spki.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+t_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+t_spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+t_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+t_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+t_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+t_spki.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+t_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h t_spki.c
+t_x509.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+t_x509.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+t_x509.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+t_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_x509.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+t_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+t_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+t_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_x509.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h t_x509.c
+t_x509a.o: ../../e_os.h ../../include/openssl/aes.h
+t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+t_x509a.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+t_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+t_x509a.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+t_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+t_x509a.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+t_x509a.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+t_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+t_x509a.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+t_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+t_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+t_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+t_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+t_x509a.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+t_x509a.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+t_x509a.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+t_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+t_x509a.o: ../cryptlib.h t_x509a.c
+tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+tasn_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+tasn_dec.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+tasn_dec.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+tasn_dec.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_dec.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_dec.o: ../../include/openssl/symhacks.h tasn_dec.c
+tasn_enc.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_enc.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_enc.o: ../../include/openssl/opensslconf.h
+tasn_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_enc.o: ../../include/openssl/symhacks.h tasn_enc.c
+tasn_fre.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_fre.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_fre.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_fre.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_fre.o: ../../include/openssl/opensslconf.h
+tasn_fre.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_fre.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_fre.o: ../../include/openssl/symhacks.h tasn_fre.c
+tasn_new.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_new.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_new.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_new.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tasn_new.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_new.o: ../../include/openssl/opensslconf.h
+tasn_new.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_new.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_new.o: ../../include/openssl/symhacks.h tasn_new.c
+tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_typ.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_typ.o: ../../include/openssl/opensslconf.h
+tasn_typ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_typ.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_typ.o: ../../include/openssl/symhacks.h tasn_typ.c
+tasn_utl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+tasn_utl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+tasn_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+tasn_utl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+tasn_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tasn_utl.o: ../../include/openssl/opensslconf.h
+tasn_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tasn_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+tasn_utl.o: ../../include/openssl/symhacks.h tasn_utl.c
+x_algor.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_algor.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_algor.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_algor.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_algor.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_algor.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_algor.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_algor.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_algor.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+x_algor.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_algor.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_algor.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_algor.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_algor.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_algor.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_algor.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_algor.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_algor.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_algor.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_algor.o: ../../include/openssl/x509_vfy.h x_algor.c
+x_attrib.o: ../../e_os.h ../../include/openssl/aes.h
+x_attrib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_attrib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_attrib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_attrib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_attrib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_attrib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_attrib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_attrib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_attrib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_attrib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_attrib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_attrib.o: ../../include/openssl/opensslconf.h
+x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_attrib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_attrib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_attrib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_attrib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_attrib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_attrib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_attrib.o: ../cryptlib.h x_attrib.c
+x_bignum.o: ../../e_os.h ../../include/openssl/asn1.h
+x_bignum.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_bignum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_bignum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_bignum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+x_bignum.o: ../../include/openssl/opensslconf.h
+x_bignum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c
+x_crl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_crl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_crl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_crl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_crl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x_crl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_crl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_crl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_crl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_crl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_crl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_crl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_crl.o: ../cryptlib.h x_crl.c
+x_exten.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_exten.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_exten.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_exten.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_exten.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_exten.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_exten.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_exten.o: ../../include/openssl/ecdsa.h ../../include/openssl/evp.h
+x_exten.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_exten.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_exten.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_exten.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_exten.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_exten.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_exten.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_exten.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_exten.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_exten.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_exten.o: ../../include/openssl/x509_vfy.h x_exten.c
+x_info.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_info.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_info.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_info.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_info.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_info.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_info.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_info.c
+x_long.o: ../../e_os.h ../../include/openssl/asn1.h
+x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_long.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+x_long.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_long.o: ../cryptlib.h x_long.c
+x_name.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_name.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_name.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_name.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_name.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_name.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x_name.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_name.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_name.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_name.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_name.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_name.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_name.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_name.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_name.o: ../cryptlib.h x_name.c
+x_pkey.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_pkey.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+x_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_pkey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_pkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_pkey.o: ../cryptlib.h x_pkey.c
+x_pubkey.o: ../../e_os.h ../../include/openssl/aes.h
+x_pubkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_pubkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_pubkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_pubkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_pubkey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_pubkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_pubkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_pubkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_pubkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_pubkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_pubkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_pubkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_pubkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_pubkey.o: ../../include/openssl/opensslconf.h
+x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_pubkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_pubkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_pubkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_pubkey.o: ../cryptlib.h x_pubkey.c
+x_req.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_req.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x_req.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_req.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_req.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_req.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_req.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_req.o: ../cryptlib.h x_req.c
+x_sig.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_sig.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_sig.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_sig.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_sig.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_sig.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_sig.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x_sig.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_sig.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_sig.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_sig.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_sig.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_sig.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_sig.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_sig.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_sig.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_sig.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_sig.o: ../cryptlib.h x_sig.c
+x_spki.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_spki.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_spki.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_spki.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_spki.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_spki.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x_spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_spki.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_spki.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_spki.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_spki.o: ../cryptlib.h x_spki.c
+x_val.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_val.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_val.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_val.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x_val.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x_val.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x_val.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x_val.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x_val.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x_val.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x_val.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x_val.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x_val.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x_val.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x_val.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x_val.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x_val.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x_val.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x_val.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x_val.o: ../cryptlib.h x_val.c
+x_x509.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+x_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x_x509.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_x509.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_x509.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x_x509.o: ../cryptlib.h x_x509.c
+x_x509a.o: ../../e_os.h ../../include/openssl/aes.h
+x_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+x_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_x509a.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_x509a.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_x509a.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_x509a.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_x509a.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_x509a.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_x509a.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_x509a.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_x509a.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_x509a.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_x509a.c
diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c
index 275de43eb6..f4ea96cd54 100644
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -58,17 +58,14 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
+#include <openssl/asn1.h>
 
-/* ASN1err(ASN1_F_ASN1_STRING_NEW,ASN1_R_STRING_TOO_SHORT);
- * ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,ASN1_R_EXPECTING_A_BIT_STRING);
- */
+int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
+{ return M_ASN1_BIT_STRING_set(x, d, len); }
 
-int i2d_ASN1_BIT_STRING(a,pp)
-ASN1_BIT_STRING *a;
-unsigned char **pp;
+int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
 	{
-	int ret,j,r,bits,len;
+	int ret,j,bits,len;
 	unsigned char *p,*d;
 
 	if (a == NULL) return(0);
@@ -101,54 +98,42 @@ unsigned char **pp;
 		}
 	else
 		bits=0;
+
 	ret=1+len;
-	r=ASN1_object_size(0,ret,V_ASN1_BIT_STRING);
-	if (pp == NULL) return(r);
+	if (pp == NULL) return(ret);
+
 	p= *pp;
 
-	ASN1_put_object(&p,0,ret,V_ASN1_BIT_STRING,V_ASN1_UNIVERSAL);
 	*(p++)=(unsigned char)bits;
 	d=a->data;
 	memcpy(p,d,len);
 	p+=len;
 	if (len > 0) p[-1]&=(0xff<<bits);
 	*pp=p;
-	return(r);
+	return(ret);
 	}
 
-ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(a, pp, length)
-ASN1_BIT_STRING **a;
-unsigned char **pp;
-long length;
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp,
+	     long len)
 	{
 	ASN1_BIT_STRING *ret=NULL;
 	unsigned char *p,*s;
-	long len;
-	int inf,tag,xclass;
 	int i;
 
-	if ((a == NULL) || ((*a) == NULL))
-		{
-		if ((ret=ASN1_BIT_STRING_new()) == NULL) return(NULL);
-		}
-	else
-		ret=(*a);
-
-	p= *pp;
-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-	if (inf & 0x80)
+	if (len < 1)
 		{
-		i=ASN1_R_BAD_OBJECT_HEADER;
+		i=ASN1_R_STRING_TOO_SHORT;
 		goto err;
 		}
 
-	if (tag != V_ASN1_BIT_STRING)
+	if ((a == NULL) || ((*a) == NULL))
 		{
-		i=ASN1_R_EXPECTING_A_BIT_STRING;
-		goto err;
+		if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
 		}
-	if (len < 1) { i=ASN1_R_STRING_TOO_SHORT; goto err; }
+	else
+		ret=(*a);
 
+	p= *pp;
 	i= *(p++);
 	/* We do this to preserve the settings.  If we modify
 	 * the settings, via the _set_bit function, we will recalculate
@@ -158,7 +143,7 @@ long length;
 
 	if (len-- > 1) /* using one because of the bits left byte */
 		{
-		s=(unsigned char *)Malloc((int)len);
+		s=(unsigned char *)OPENSSL_malloc((int)len);
 		if (s == NULL)
 			{
 			i=ERR_R_MALLOC_FAILURE;
@@ -172,7 +157,7 @@ long length;
 		s=NULL;
 
 	ret->length=(int)len;
-	if (ret->data != NULL) Free((char *)ret->data);
+	if (ret->data != NULL) OPENSSL_free(ret->data);
 	ret->data=s;
 	ret->type=V_ASN1_BIT_STRING;
 	if (a != NULL) (*a)=ret;
@@ -181,16 +166,13 @@ long length;
 err:
 	ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i);
 	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		ASN1_BIT_STRING_free(ret);
+		M_ASN1_BIT_STRING_free(ret);
 	return(NULL);
 	}
 
 /* These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de>
  */
-int ASN1_BIT_STRING_set_bit(a,n,value)
-ASN1_BIT_STRING *a;
-int n;
-int value;
+int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
 	{
 	int w,v,iv;
 	unsigned char *c;
@@ -198,6 +180,7 @@ int value;
 	w=n/8;
 	v=1<<(7-(n&0x07));
 	iv= ~v;
+	if (!value) v=0;
 
 	a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */
 
@@ -206,23 +189,23 @@ int value;
 		{
 		if (!value) return(1); /* Don't need to set */
 		if (a->data == NULL)
-			c=(unsigned char *)Malloc(w+1);
+			c=(unsigned char *)OPENSSL_malloc(w+1);
 		else
-			c=(unsigned char *)Realloc(a->data,w+1);
+			c=(unsigned char *)OPENSSL_realloc_clean(a->data,
+								 a->length,
+								 w+1);
 		if (c == NULL) return(0);
+		if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
 		a->data=c;
 		a->length=w+1;
-		c[w]=0;
-		}
+	}
 	a->data[w]=((a->data[w])&iv)|v;
 	while ((a->length > 0) && (a->data[a->length-1] == 0))
 		a->length--;
 	return(1);
 	}
 
-int ASN1_BIT_STRING_get_bit(a,n)
-ASN1_BIT_STRING *a;
-int n;
+int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
 	{
 	int w,v;
 
diff --git a/crypto/asn1/a_bitstr.orig.c b/crypto/asn1/a_bitstr.orig.c
deleted file mode 100644
index 871e0575d9..0000000000
--- a/crypto/asn1/a_bitstr.orig.c
+++ /dev/null
@@ -1,236 +0,0 @@
-/* crypto/asn1/a_bitstr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "asn1.h"
-
-/* ASN1err(ASN1_F_ASN1_STRING_NEW,ASN1_R_STRING_TOO_SHORT);
- * ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,ASN1_R_EXPECTING_A_BIT_STRING);
- */
-
-int i2d_ASN1_BIT_STRING(a,pp)
-ASN1_BIT_STRING *a;
-unsigned char **pp;
-	{
-	int ret,i,j,r,bits,len;
-	unsigned char *p,*d;
-
-	if (a == NULL) return(0);
-
-	len=a->length;
-
-	if ((len > 0)
-		{
-		if (a->flags & ASN1_FG_BITS_LEFT))
-			{
-			bits=a->flags&0x07;
-			}
-		else
-			{
-			for ( ; len > 0; len--)
-				{
-				if (a->data[len-1]) break;
-				}
-			j=a->data[len-1];
-			if      (j & 0x80) bits=1;
-			else if (j & 0x40) bits=2;
-			else if (j & 0x20) bits=3;
-			else if (j & 0x10) bits=4;
-			else if (j & 0x08) bits=5;
-			else if (j & 0x04) bits=6;
-			else if (j & 0x02) bits=7;
-			else if (j & 0x01) bits=8;
-			else bits=0;
-			}
-		}
-	else
-		bits=0;
-	ret=1+len;
-	r=ASN1_object_size(0,ret,V_ASN1_BIT_STRING);
-	if (pp == NULL) return(r);
-	p= *pp;
-
-	ASN1_put_object(&p,0,ret,V_ASN1_BIT_STRING,V_ASN1_UNIVERSAL);
-	if (bits == 0)
-		j=0;
-	else	j=8-bits;
-	*(p++)=(unsigned char)j;
-	d=a->data;
-	memcpy(p,d,len);
-	p+=len;
-	if (len > 0) p[-1]&=(0xff<<j);
-	*pp=p;
-	return(r);
-	}
-
-ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(a, pp, length)
-ASN1_BIT_STRING **a;
-unsigned char **pp;
-long length;
-	{
-	ASN1_BIT_STRING *ret=NULL;
-	unsigned char *p,*s;
-	long len;
-	int inf,tag,xclass;
-	int i;
-
-	if ((a == NULL) || ((*a) == NULL))
-		{
-		if ((ret=ASN1_BIT_STRING_new()) == NULL) return(NULL);
-		}
-	else
-		ret=(*a);
-
-	p= *pp;
-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-	if (inf & 0x80)
-		{
-		i=ASN1_R_BAD_OBJECT_HEADER;
-		goto err;
-		}
-
-	if (tag != V_ASN1_BIT_STRING)
-		{
-		i=ASN1_R_EXPECTING_A_BIT_STRING;
-		goto err;
-		}
-	if (len < 1) { i=ASN1_R_STRING_TOO_SHORT; goto err; }
-
-	i= *(p++);
-	ret->flag&= ~(ASN1_FG_BITS_LEFT|0x07); /* clear */
-	if (i > 0)
-		ret->flag|=(ASN1_FG_BITS_LEFT|(i&0x07)); /* set */
-
-	if (len-- > 1) /* using one because of the bits left byte */
-		{
-		s=(unsigned char *)Malloc((int)len);
-		if (s == NULL)
-			{
-			i=ERR_R_MALLOC_FAILURE;
-			goto err;
-			}
-		memcpy(s,p,(int)len);
-		s[len-1]&=(0xff<<i);
-		p+=len;
-		}
-	else
-		s=NULL;
-
-	ret->length=(int)len;
-	if (ret->data != NULL) Free((char *)ret->data);
-	ret->data=s;
-	ret->type=V_ASN1_BIT_STRING;
-	if (a != NULL) (*a)=ret;
-	*pp=p;
-	return(ret);
-err:
-	ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i);
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		ASN1_BIT_STRING_free(ret);
-	return(NULL);
-	}
-
-/* These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de>
- */
-int ASN1_BIT_STRING_set_bit(a,n,value)
-ASN1_BIT_STRING *a;
-int n;
-int value;
-	{
-	int w,v,iv;
-	unsigned char *c;
-
-	w=n/8;
-	v=1<<(7-(n&0x07));
-	iv= ~v;
-
-	a->flag&= ~(ASN1_FG_BITS_LEFT|0x07); /* clear, set on write */
-
-	if (a == NULL) return(0);
-	if ((a->length < (w+1)) || (a->data == NULL))
-		{
-		if (!value) return(1); /* Don't need to set */
-		if (a->data == NULL)
-			c=(unsigned char *)Malloc(w+1);
-		else
-			c=(unsigned char *)Realloc(a->data,w+1);
-		if (c == NULL) return(0);
-		a->data=c;
-		a->length=w+1;
-		c[w]=0;
-		}
-	a->data[w]=((a->data[w])&iv)|v;
-	while ((a->length > 0) && (a->data[a->length-1] == 0))
-		a->length--;
-	return(1);
-	}
-
-int ASN1_BIT_STRING_get_bit(a,n)
-ASN1_BIT_STRING *a;
-int n;
-	{
-	int w,v;
-
-	w=n/8;
-	v=1<<(7-(n&0x07));
-	if ((a == NULL) || (a->length < (w+1)) || (a->data == NULL))
-		return(0);
-	return((a->data[w]&v) != 0);
-	}
-
diff --git a/crypto/asn1/a_bool.c b/crypto/asn1/a_bool.c
index 41a95aa278..24333ea4d5 100644
--- a/crypto/asn1/a_bool.c
+++ b/crypto/asn1/a_bool.c
@@ -58,15 +58,9 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
+#include <openssl/asn1t.h>
 
-/* ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,ASN1_R_EXPECTING_A_BOOLEAN);
- * ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
- */
-
-int i2d_ASN1_BOOLEAN(a,pp)
-int a;
-unsigned char **pp;
+int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
 	{
 	int r;
 	unsigned char *p;
@@ -81,10 +75,7 @@ unsigned char **pp;
 	return(r);
 	}
 
-int d2i_ASN1_BOOLEAN(a, pp, length)
-int *a;
-unsigned char **pp;
-long length;
+int d2i_ASN1_BOOLEAN(int *a, unsigned char **pp, long length)
 	{
 	int ret= -1;
 	unsigned char *p;
@@ -119,3 +110,5 @@ err:
 	ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i);
 	return(ret);
 	}
+
+
diff --git a/crypto/asn1/a_bytes.c b/crypto/asn1/a_bytes.c
index 6bfa983349..afd27b80e1 100644
--- a/crypto/asn1/a_bytes.c
+++ b/crypto/asn1/a_bytes.c
@@ -58,36 +58,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
+#include <openssl/asn1.h>
 
-/* ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,ASN1_R_WRONG_TYPE);
- * ASN1err(ASN1_F_ASN1_COLLATE_PRIMATIVE,ASN1_R_WRONG_TAG);
+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c);
+/* type is a 'bitmap' of acceptable string types.
  */
-
-static unsigned long tag2bit[32]={
-0,	0,	0,	B_ASN1_BIT_STRING,	/* tags  0 -  3 */
-B_ASN1_OCTET_STRING,	0,	0,		B_ASN1_UNKNOWN,/* tags  4- 7 */
-B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags  8-11 */
-B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags 12-15 */
-0,	0,	B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,
-B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,0,
-0,B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,
-B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN,
-	};
-
-#ifndef NOPROTO
-static int asn1_collate_primative(ASN1_STRING *a, ASN1_CTX *c);
-#else
-static int asn1_collate_primative();
-#endif
-
-/* type is a 'bitmap' of acceptable string types to be accepted.
- */
-ASN1_STRING *d2i_ASN1_type_bytes(a, pp, length, type)
-ASN1_STRING **a;
-unsigned char **pp;
-long length;
-int type;
+ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
+	     long length, int type)
 	{
 	ASN1_STRING *ret=NULL;
 	unsigned char *p,*s;
@@ -104,7 +81,7 @@ int type;
 		i=ASN1_R_TAG_VALUE_TOO_HIGH;;
 		goto err;
 		}
-	if (!(tag2bit[tag] & type))
+	if (!(ASN1_tag2bit(tag) & type))
 		{
 		i=ASN1_R_WRONG_TYPE;
 		goto err;
@@ -123,7 +100,7 @@ int type;
 
 	if (len != 0)
 		{
-		s=(unsigned char *)Malloc((int)len+1);
+		s=(unsigned char *)OPENSSL_malloc((int)len+1);
 		if (s == NULL)
 			{
 			i=ERR_R_MALLOC_FAILURE;
@@ -136,7 +113,7 @@ int type;
 	else
 		s=NULL;
 
-	if (ret->data != NULL) Free((char *)ret->data);
+	if (ret->data != NULL) OPENSSL_free(ret->data);
 	ret->length=(int)len;
 	ret->data=s;
 	ret->type=tag;
@@ -150,11 +127,7 @@ err:
 	return(NULL);
 	}
 
-int i2d_ASN1_bytes(a, pp, tag, xclass)
-ASN1_STRING *a;
-unsigned char **pp;
-int tag;
-int xclass;
+int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
 	{
 	int ret,r,constructed;
 	unsigned char *p;
@@ -180,12 +153,8 @@ int xclass;
 	return(r);
 	}
 
-ASN1_STRING *d2i_ASN1_bytes(a, pp, length, Ptag, Pclass)
-ASN1_STRING **a;
-unsigned char **pp;
-long length;
-int Ptag;
-int Pclass;
+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length,
+	     int Ptag, int Pclass)
 	{
 	ASN1_STRING *ret=NULL;
 	unsigned char *p,*s;
@@ -225,7 +194,7 @@ int Pclass;
 		c.tag=Ptag;
 		c.xclass=Pclass;
 		c.max=(length == 0)?0:(p+length);
-		if (!asn1_collate_primative(ret,&c)) 
+		if (!asn1_collate_primitive(ret,&c)) 
 			goto err; 
 		else
 			{
@@ -238,8 +207,8 @@ int Pclass;
 			{
 			if ((ret->length < len) || (ret->data == NULL))
 				{
-				if (ret->data != NULL) Free((char *)ret->data);
-				s=(unsigned char *)Malloc((int)len);
+				if (ret->data != NULL) OPENSSL_free(ret->data);
+				s=(unsigned char *)OPENSSL_malloc((int)len + 1);
 				if (s == NULL)
 					{
 					i=ERR_R_MALLOC_FAILURE;
@@ -249,12 +218,13 @@ int Pclass;
 			else
 				s=ret->data;
 			memcpy(s,p,(int)len);
+			s[len] = '\0';
 			p+=len;
 			}
 		else
 			{
 			s=NULL;
-			if (ret->data != NULL) Free((char *)ret->data);
+			if (ret->data != NULL) OPENSSL_free(ret->data);
 			}
 
 		ret->length=(int)len;
@@ -273,13 +243,11 @@ err:
 	}
 
 
-/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapes
- * them into the one struture that is then returned */
+/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse
+ * them into the one structure that is then returned */
 /* There have been a few bug fixes for this function from
  * Paul Keogh <paul.keogh@sse.ie>, many thanks to him */
-static int asn1_collate_primative(a,c)
-ASN1_STRING *a;
-ASN1_CTX *c;
+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
 	{
 	ASN1_STRING *os=NULL;
 	BUF_MEM b;
@@ -317,7 +285,7 @@ ASN1_CTX *c;
 			goto err;
 			}
 
-		if (!BUF_MEM_grow(&b,num+os->length))
+		if (!BUF_MEM_grow_clean(&b,num+os->length))
 			{
 			c->error=ERR_R_BUF_LIB;
 			goto err;
@@ -331,14 +299,14 @@ ASN1_CTX *c;
 	if (!asn1_Finish(c)) goto err;
 
 	a->length=num;
-	if (a->data != NULL) Free(a->data);
+	if (a->data != NULL) OPENSSL_free(a->data);
 	a->data=(unsigned char *)b.data;
 	if (os != NULL) ASN1_STRING_free(os);
 	return(1);
 err:
-	ASN1err(ASN1_F_ASN1_COLLATE_PRIMATIVE,c->error);
+	ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error);
 	if (os != NULL) ASN1_STRING_free(os);
-	if (b.data != NULL) Free(b.data);
+	if (b.data != NULL) OPENSSL_free(b.data);
 	return(0);
 	}
 
diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c
index d952836a91..b67b75e7c2 100644
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@@ -58,17 +58,16 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "asn1_mac.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1_mac.h>
 
-#define HEADER_SIZE   8
+static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
+
+#ifndef NO_OLD_ASN1
+#ifndef OPENSSL_NO_FP_API
 
-#ifndef NO_FP_API
-char *ASN1_d2i_fp(xnew,d2i,in,x)
-char *(*xnew)();
-char *(*d2i)();
-FILE *in;
-unsigned char **x;
+char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in,
+	     unsigned char **x)
         {
         BIO *b;
         char *ret;
@@ -85,27 +84,84 @@ unsigned char **x;
         }
 #endif
 
-char *ASN1_d2i_bio(xnew,d2i,in,x)
-char *(*xnew)();
-char *(*d2i)();
-BIO *in;
-unsigned char **x;
+char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in,
+	     unsigned char **x)
+	{
+	BUF_MEM *b = NULL;
+	unsigned char *p;
+	char *ret=NULL;
+	int len;
+
+	len = asn1_d2i_read_bio(in, &b);
+	if(len < 0) goto err;
+
+	p=(unsigned char *)b->data;
+	ret=d2i(x,&p,len);
+err:
+	if (b != NULL) BUF_MEM_free(b);
+	return(ret);
+	}
+
+#endif
+
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
+	{
+	BUF_MEM *b = NULL;
+	unsigned char *p;
+	void *ret=NULL;
+	int len;
+
+	len = asn1_d2i_read_bio(in, &b);
+	if(len < 0) goto err;
+
+	p=(unsigned char *)b->data;
+	ret=ASN1_item_d2i(x,&p,len, it);
+err:
+	if (b != NULL) BUF_MEM_free(b);
+	return(ret);
+	}
+
+#ifndef OPENSSL_NO_FP_API
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
+        {
+        BIO *b;
+        char *ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB);
+                return(NULL);
+		}
+        BIO_set_fp(b,in,BIO_NOCLOSE);
+        ret=ASN1_item_d2i_bio(it,b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+#define HEADER_SIZE   8
+static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
 	{
 	BUF_MEM *b;
 	unsigned char *p;
 	int i;
-	char *ret=NULL;
+	int ret=-1;
 	ASN1_CTX c;
 	int want=HEADER_SIZE;
 	int eos=0;
+#if defined(__GNUC__) && defined(__ia64)
+	/* pathetic compiler bug in all known versions as of Nov. 2002 */
+	long off=0;
+#else
 	int off=0;
+#endif
 	int len=0;
 
 	b=BUF_MEM_new();
 	if (b == NULL)
 		{
 		ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
-		return(NULL);
+		return -1;
 		}
 
 	ERR_clear_error();
@@ -115,7 +171,7 @@ unsigned char **x;
 			{
 			want-=(len-off);
 
-			if (!BUF_MEM_grow(b,len+want))
+			if (!BUF_MEM_grow_clean(b,len+want))
 				{
 				ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
 				goto err;
@@ -170,18 +226,23 @@ unsigned char **x;
 			if (want > (len-off))
 				{
 				want-=(len-off);
-				if (!BUF_MEM_grow(b,len+want))
+				if (!BUF_MEM_grow_clean(b,len+want))
 					{
 					ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE);
 					goto err;
 					}
-				i=BIO_read(in,&(b->data[len]),want);
-				if (i <= 0)
+				while (want > 0)
 					{
-					ASN1err(ASN1_F_ASN1_D2I_BIO,ASN1_R_NOT_ENOUGH_DATA);
-					goto err;
+					i=BIO_read(in,&(b->data[len]),want);
+					if (i <= 0)
+						{
+						ASN1err(ASN1_F_ASN1_D2I_BIO,
+						    ASN1_R_NOT_ENOUGH_DATA);
+						goto err;
+						}
+					len+=i;
+					want -= i;
 					}
-				len+=i;
 				}
 			off+=(int)c.slen;
 			if (eos <= 0)
@@ -193,8 +254,8 @@ unsigned char **x;
 			}
 		}
 
-	p=(unsigned char *)b->data;
-	ret=d2i(x,&p,off);
+	*pb = b;
+	return off;
 err:
 	if (b != NULL) BUF_MEM_free(b);
 	return(ret);
diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c
index 8ddb65b0dc..4931e222a0 100644
--- a/crypto/asn1/a_digest.c
+++ b/crypto/asn1/a_digest.c
@@ -58,34 +58,49 @@
 
 #include <stdio.h>
 #include <time.h>
-#include <sys/types.h>
-#include <sys/stat.h>
 
 #include "cryptlib.h"
-#include "evp.h"
-#include "x509.h"
-#include "buffer.h"
 
-int ASN1_digest(i2d,type,data,md,len)
-int (*i2d)();
-EVP_MD *type;
-char *data;
-unsigned char *md;
-unsigned int *len;
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
+		unsigned char *md, unsigned int *len)
 	{
-	EVP_MD_CTX ctx;
 	int i;
 	unsigned char *str,*p;
 
 	i=i2d(data,NULL);
-	if ((str=(unsigned char *)Malloc(i)) == NULL) return(0);
+	if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) return(0);
 	p=str;
 	i2d(data,&p);
 
-	EVP_DigestInit(&ctx,type);
-	EVP_DigestUpdate(&ctx,str,i);
-	EVP_DigestFinal(&ctx,md,len);
-	Free(str);
+	EVP_Digest(str, i, md, len, type, NULL);
+	OPENSSL_free(str);
+	return(1);
+	}
+
+#endif
+
+
+int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
+		unsigned char *md, unsigned int *len)
+	{
+	int i;
+	unsigned char *str = NULL;
+
+	i=ASN1_item_i2d(asn,&str, it);
+	if (!str) return(0);
+
+	EVP_Digest(str, i, md, len, type, NULL);
+	OPENSSL_free(str);
 	return(1);
 	}
 
diff --git a/crypto/asn1/a_dup.c b/crypto/asn1/a_dup.c
index 961b4cb069..58a017884c 100644
--- a/crypto/asn1/a_dup.c
+++ b/crypto/asn1/a_dup.c
@@ -58,14 +58,11 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
+#include <openssl/asn1.h>
 
-#define READ_CHUNK   2048
+#ifndef NO_OLD_ASN1
 
-char *ASN1_dup(i2d,d2i,x)
-int (*i2d)();
-char *(*d2i)();
-char *x;
+char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x)
 	{
 	unsigned char *b,*p;
 	long i;
@@ -74,13 +71,37 @@ char *x;
 	if (x == NULL) return(NULL);
 
 	i=(long)i2d(x,NULL);
-	b=(unsigned char *)Malloc((unsigned int)i+10);
+	b=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
 	if (b == NULL)
 		{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
 	p= b;
 	i=i2d(x,&p);
 	p= b;
 	ret=d2i(NULL,&p,i);
-	Free((char *)b);
+	OPENSSL_free(b);
+	return(ret);
+	}
+
+#endif
+
+/* ASN1_ITEM version of dup: this follows the model above except we don't need
+ * to allocate the buffer. At some point this could be rewritten to directly dup
+ * the underlying structure instead of doing and encode and decode.
+ */
+
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
+	{
+	unsigned char *b = NULL, *p;
+	long i;
+	void *ret;
+
+	if (x == NULL) return(NULL);
+
+	i=ASN1_item_i2d(x,&b,it);
+	if (b == NULL)
+		{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
+	p= b;
+	ret=ASN1_item_d2i(NULL,&p,i, it);
+	OPENSSL_free(b);
 	return(ret);
 	}
diff --git a/crypto/bn/bn_sub.c b/crypto/asn1/a_enum.c
index bba80f8afb..68a525fb12 100644
--- a/crypto/bn/bn_sub.c
+++ b/crypto/asn1/a_enum.c
@@ -1,4 +1,4 @@
-/* crypto/bn/bn_sub.c */
+/* crypto/asn1/a_enum.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -58,123 +58,123 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn_lcl.h"
+#include <openssl/asn1.h>
 
-/* unsigned subtraction of b from a, a must be larger than b. */
-void bn_qsub(r, a, b)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *b;
-	{
-	int max,min;
-	register BN_ULONG t1,t2,*ap,*bp,*rp;
-	int i,carry;
-#if defined(IRIX_CC_BUG) && !defined(LINT)
-	int dummy;
-#endif
+/* 
+ * Code for ENUMERATED type: identical to INTEGER apart from a different tag.
+ * for comments on encoding see a_int.c
+ */
 
-	max=a->top;
-	min=b->top;
-	ap=a->d;
-	bp=b->d;
-	rp=r->d;
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
+	{
+	int i,j,k;
+	unsigned char buf[sizeof(long)+1];
+	long d;
 
-	carry=0;
-	for (i=0; i<min; i++)
+	a->type=V_ASN1_ENUMERATED;
+	if (a->length < (sizeof(long)+1))
 		{
-		t1= *(ap++);
-		t2= *(bp++);
-		if (carry)
-			{
-			carry=(t1 <= t2);
-			t1=(t1-t2-1)&BN_MASK2;
-			}
-		else
-			{
-			carry=(t1 < t2);
-			t1=(t1-t2)&BN_MASK2;
-			}
-#if defined(IRIX_CC_BUG) && !defined(LINT)
-		dummy=t1;
-#endif
-		*(rp++)=t1&BN_MASK2;
+		if (a->data != NULL)
+			OPENSSL_free(a->data);
+		if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
+			memset((char *)a->data,0,sizeof(long)+1);
 		}
-	if (carry) /* subtracted */
+	if (a->data == NULL)
 		{
-		while (i < max)
-			{
-			i++;
-			t1= *(ap++);
-			t2=(t1-1)&BN_MASK2;
-			*(rp++)=t2;
-			if (t1 > t2) break;
-			}
+		ASN1err(ASN1_F_ASN1_ENUMERATED_SET,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	d=v;
+	if (d < 0)
+		{
+		d= -d;
+		a->type=V_ASN1_NEG_ENUMERATED;
 		}
-#if 0
-	memcpy(rp,ap,sizeof(*rp)*(max-i));
-#else
-	for (; i<max; i++)
-		*(rp++)= *(ap++);
-#endif
 
-	r->top=max;
-	bn_fix_top(r);
+	for (i=0; i<sizeof(long); i++)
+		{
+		if (d == 0) break;
+		buf[i]=(int)d&0xff;
+		d>>=8;
+		}
+	j=0;
+	for (k=i-1; k >=0; k--)
+		a->data[j++]=buf[k];
+	a->length=j;
+	return(1);
 	}
 
-int BN_sub(r, a, b)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *b;
+long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
 	{
-	int max,i;
-	int add=0,neg=0;
-	BIGNUM *tmp;
+	int neg=0,i;
+	long r=0;
 
-	/*  a -  b	a-b
-	 *  a - -b	a+b
-	 * -a -  b	-(a+b)
-	 * -a - -b	b-a
-	 */
-	if (a->neg)
+	if (a == NULL) return(0L);
+	i=a->type;
+	if (i == V_ASN1_NEG_ENUMERATED)
+		neg=1;
+	else if (i != V_ASN1_ENUMERATED)
+		return -1;
+	
+	if (a->length > sizeof(long))
 		{
-		if (b->neg)
-			{ tmp=a; a=b; b=tmp; }
-		else
-			{ add=1; neg=1; }
-		}
-	else
-		{
-		if (b->neg) { add=1; neg=0; }
+		/* hmm... a bit ugly */
+		return(0xffffffffL);
 		}
+	if (a->data == NULL)
+		return 0;
 
-	if (add)
+	for (i=0; i<a->length; i++)
 		{
-		/* As a fast max size, do a a->top | b->top */
-		i=(a->top | b->top)+1;
-	        if (bn_wexpand(r,i) == NULL)
-			return(0);
-		if (i)
-			bn_qadd(r,a,b);
-		else
-			bn_qadd(r,b,a);
-		r->neg=neg;
-		return(1);
+		r<<=8;
+		r|=(unsigned char)a->data[i];
 		}
+	if (neg) r= -r;
+	return(r);
+	}
 
-	/* We are actually doing a - b :-) */
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
+	{
+	ASN1_ENUMERATED *ret;
+	int len,j;
 
-	max=(a->top > b->top)?a->top:b->top;
-	if (bn_wexpand(r,max) == NULL) return(0);
-	if (BN_ucmp(a,b) < 0)
+	if (ai == NULL)
+		ret=M_ASN1_ENUMERATED_new();
+	else
+		ret=ai;
+	if (ret == NULL)
 		{
-		bn_qsub(r,b,a);
-		r->neg=1;
+		ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR);
+		goto err;
 		}
-	else
+	if(BN_get_sign(bn)) ret->type = V_ASN1_NEG_ENUMERATED;
+	else ret->type=V_ASN1_ENUMERATED;
+	j=BN_num_bits(bn);
+	len=((j == 0)?0:((j/8)+1));
+	if (ret->length < len+4)
 		{
-		bn_qsub(r,a,b);
-		r->neg=0;
+		unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
+		if (!new_data)
+			{
+			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		ret->data=new_data;
 		}
-	return(1);
+
+	ret->length=BN_bn2bin(bn,ret->data);
+	return(ret);
+err:
+	if (ret != ai) M_ASN1_ENUMERATED_free(ret);
+	return(NULL);
 	}
 
+BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
+	{
+	BIGNUM *ret;
+
+	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
+		ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);
+	else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_sign(ret,1);
+	return(ret);
+	}
diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c
new file mode 100644
index 0000000000..cd09f68b38
--- /dev/null
+++ b/crypto/asn1/a_gentm.c
@@ -0,0 +1,239 @@
+/* crypto/asn1/a_gentm.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "o_time.h"
+#include <openssl/asn1.h>
+
+#if 0
+
+int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
+	{
+#ifdef CHARSET_EBCDIC
+	/* KLUDGE! We convert to ascii before writing DER */
+	int len;
+	char tmp[24];
+	ASN1_STRING tmpstr = *(ASN1_STRING *)a;
+
+	len = tmpstr.length;
+	ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
+	tmpstr.data = tmp;
+
+	a = (ASN1_GENERALIZEDTIME *) &tmpstr;
+#endif
+	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+		V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL));
+	}
+
+
+ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,
+	     unsigned char **pp, long length)
+	{
+	ASN1_GENERALIZEDTIME *ret=NULL;
+
+	ret=(ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,
+		V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL);
+	if (ret == NULL)
+		{
+		ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ERR_R_NESTED_ASN1_ERROR);
+		return(NULL);
+		}
+#ifdef CHARSET_EBCDIC
+	ascii2ebcdic(ret->data, ret->data, ret->length);
+#endif
+	if (!ASN1_GENERALIZEDTIME_check(ret))
+		{
+		ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ASN1_R_INVALID_TIME_FORMAT);
+		goto err;
+		}
+
+	return(ret);
+err:
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		M_ASN1_GENERALIZEDTIME_free(ret);
+	return(NULL);
+	}
+
+#endif
+
+int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
+	{
+	static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
+	static int max[9]={99, 99,12,31,23,59,59,12,59};
+	char *a;
+	int n,i,l,o;
+
+	if (d->type != V_ASN1_GENERALIZEDTIME) return(0);
+	l=d->length;
+	a=(char *)d->data;
+	o=0;
+	/* GENERALIZEDTIME is similar to UTCTIME except the year is
+         * represented as YYYY. This stuff treats everything as a two digit
+         * field so make first two fields 00 to 99
+         */
+	if (l < 13) goto err;
+	for (i=0; i<7; i++)
+		{
+		if ((i == 6) && ((a[o] == 'Z') ||
+			(a[o] == '+') || (a[o] == '-')))
+			{ i++; break; }
+		if ((a[o] < '0') || (a[o] > '9')) goto err;
+		n= a[o]-'0';
+		if (++o > l) goto err;
+
+		if ((a[o] < '0') || (a[o] > '9')) goto err;
+		n=(n*10)+ a[o]-'0';
+		if (++o > l) goto err;
+
+		if ((n < min[i]) || (n > max[i])) goto err;
+		}
+	/* Optional fractional seconds: decimal point followed by one
+	 * or more digits.
+	 */
+	if (a[o] == '.')
+		{
+		if (++o > l) goto err;
+		i = o;
+		while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))
+			o++;
+		/* Must have at least one digit after decimal point */
+		if (i == o) goto err;
+		}
+
+	if (a[o] == 'Z')
+		o++;
+	else if ((a[o] == '+') || (a[o] == '-'))
+		{
+		o++;
+		if (o+4 > l) goto err;
+		for (i=7; i<9; i++)
+			{
+			if ((a[o] < '0') || (a[o] > '9')) goto err;
+			n= a[o]-'0';
+			o++;
+			if ((a[o] < '0') || (a[o] > '9')) goto err;
+			n=(n*10)+ a[o]-'0';
+			if ((n < min[i]) || (n > max[i])) goto err;
+			o++;
+			}
+		}
+	return(o == l);
+err:
+	return(0);
+	}
+
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str)
+	{
+	ASN1_GENERALIZEDTIME t;
+
+	t.type=V_ASN1_GENERALIZEDTIME;
+	t.length=strlen(str);
+	t.data=(unsigned char *)str;
+	if (ASN1_GENERALIZEDTIME_check(&t))
+		{
+		if (s != NULL)
+			{
+			ASN1_STRING_set((ASN1_STRING *)s,
+				(unsigned char *)str,t.length);
+			s->type=V_ASN1_GENERALIZEDTIME;
+			}
+		return(1);
+		}
+	else
+		return(0);
+	}
+
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
+	     time_t t)
+	{
+	char *p;
+	struct tm *ts;
+	struct tm data;
+
+	if (s == NULL)
+		s=M_ASN1_GENERALIZEDTIME_new();
+	if (s == NULL)
+		return(NULL);
+
+	ts=OPENSSL_gmtime(&t, &data);
+	if (ts == NULL)
+		return(NULL);
+
+	p=(char *)s->data;
+	if ((p == NULL) || (s->length < 16))
+		{
+		p=OPENSSL_malloc(20);
+		if (p == NULL) return(NULL);
+		if (s->data != NULL)
+			OPENSSL_free(s->data);
+		s->data=(unsigned char *)p;
+		}
+
+	sprintf(p,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
+		ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
+	s->length=strlen(p);
+	s->type=V_ASN1_GENERALIZEDTIME;
+#ifdef CHARSET_EBCDIC_not
+	ebcdic2ascii(s->data, s->data, s->length);
+#endif
+	return(s);
+	}
diff --git a/crypto/asn1/a_hdr.c b/crypto/asn1/a_hdr.c
index e9de2838d0..b1aad81f77 100644
--- a/crypto/asn1/a_hdr.c
+++ b/crypto/asn1/a_hdr.c
@@ -58,19 +58,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-#include "asn1.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/asn1.h>
 
-/*
- * ASN1err(ASN1_F_D2I_ASN1_HEADER,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_I2D_ASN1_HEADER,ERR_R_BAD_GET_ASN1_OBJECT_CALL);
- * ASN1err(ASN1_F_I2D_ASN1_HEADER,ERR_R_BAD_GET_ASN1_OBJECT_CALL);
- * ASN1err(ASN1_F_ASN1_HEADER_NEW,ERR_R_BAD_GET_ASN1_OBJECT_CALL);
- */
-
-int i2d_ASN1_HEADER(a,pp)
-ASN1_HEADER *a;
-unsigned char **pp;
+int i2d_ASN1_HEADER(ASN1_HEADER *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
@@ -85,10 +76,8 @@ unsigned char **pp;
 	M_ASN1_I2D_finish();
 	}
 
-ASN1_HEADER *d2i_ASN1_HEADER(a,pp,length)
-ASN1_HEADER **a;
-unsigned char **pp;
-long length;
+ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, unsigned char **pp,
+	     long length)
 	{
 	M_ASN1_D2I_vars(a,ASN1_HEADER *,ASN1_HEADER_new);
 
@@ -107,25 +96,24 @@ long length;
         M_ASN1_D2I_Finish(a,ASN1_HEADER_free,ASN1_F_D2I_ASN1_HEADER);
 	}
 
-ASN1_HEADER *ASN1_HEADER_new()
+ASN1_HEADER *ASN1_HEADER_new(void)
 	{
 	ASN1_HEADER *ret=NULL;
 	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,ASN1_HEADER);
-	M_ASN1_New(ret->header,ASN1_OCTET_STRING_new);
+	M_ASN1_New(ret->header,M_ASN1_OCTET_STRING_new);
 	ret->meth=NULL;
 	ret->data=NULL;
 	return(ret);
         M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW);
 	}
 
-void ASN1_HEADER_free(a)
-ASN1_HEADER *a;
+void ASN1_HEADER_free(ASN1_HEADER *a)
 	{
 	if (a == NULL) return;
-	ASN1_OCTET_STRING_free(a->header);
+	M_ASN1_OCTET_STRING_free(a->header);
 	if (a->meth != NULL)
 		a->meth->destroy(a->data);
-	Free((char *)a);
+	OPENSSL_free(a);
 	}
diff --git a/crypto/asn1/a_i2d_fp.c b/crypto/asn1/a_i2d_fp.c
index 66c3df68d5..f4f1b73ebe 100644
--- a/crypto/asn1/a_i2d_fp.c
+++ b/crypto/asn1/a_i2d_fp.c
@@ -58,14 +58,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "asn1_mac.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
 
-#ifndef NO_FP_API
-int ASN1_i2d_fp(i2d,out,x)
-int (*i2d)();
-FILE *out;
-unsigned char *x;
+#ifndef NO_OLD_ASN1
+
+#ifndef OPENSSL_NO_FP_API
+int ASN1_i2d_fp(int (*i2d)(), FILE *out, unsigned char *x)
         {
         BIO *b;
         int ret;
@@ -82,17 +81,14 @@ unsigned char *x;
         }
 #endif
 
-int ASN1_i2d_bio(i2d,out,x)
-int (*i2d)();
-BIO *out;
-unsigned char *x;
+int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x)
 	{
 	char *b;
 	unsigned char *p;
 	int i,j=0,n,ret=1;
 
 	n=i2d(x,NULL);
-	b=(char *)Malloc(n);
+	b=(char *)OPENSSL_malloc(n);
 	if (b == NULL)
 		{
 		ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
@@ -114,6 +110,54 @@ unsigned char *x;
 		j+=i;
 		n-=i;
 		}
-	Free((char *)b);
+	OPENSSL_free(b);
+	return(ret);
+	}
+
+#endif
+
+#ifndef OPENSSL_NO_FP_API
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,out,BIO_NOCLOSE);
+        ret=ASN1_item_i2d_bio(it,b,x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
+	{
+	unsigned char *b = NULL;
+	int i,j=0,n,ret=1;
+
+	n = ASN1_item_i2d(x, &b, it);
+	if (b == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+
+	for (;;)
+		{
+		i=BIO_write(out,&(b[j]),n);
+		if (i == n) break;
+		if (i <= 0)
+			{
+			ret=0;
+			break;
+			}
+		j+=i;
+		n-=i;
+		}
+	OPENSSL_free(b);
 	return(ret);
 	}
diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
index e847efee85..78402cd985 100644
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -58,68 +58,197 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
+#include <openssl/asn1.h>
 
-/* ASN1err(ASN1_F_D2I_ASN1_INTEGER,ASN1_R_EXPECTING_AN_INTEGER);
+ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
+{ return M_ASN1_INTEGER_dup(x);}
+
+int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
+{ return M_ASN1_INTEGER_cmp(x,y);}
+
+/* 
+ * This converts an ASN1 INTEGER into its content encoding.
+ * The internal representation is an ASN1_STRING whose data is a big endian
+ * representation of the value, ignoring the sign. The sign is determined by
+ * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. 
+ *
+ * Positive integers are no problem: they are almost the same as the DER
+ * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
+ *
+ * Negative integers are a bit trickier...
+ * The DER representation of negative integers is in 2s complement form.
+ * The internal form is converted by complementing each octet and finally 
+ * adding one to the result. This can be done less messily with a little trick.
+ * If the internal form has trailing zeroes then they will become FF by the
+ * complement and 0 by the add one (due to carry) so just copy as many trailing 
+ * zeros to the destination as there are in the source. The carry will add one
+ * to the last none zero octet: so complement this octet and add one and finally
+ * complement any left over until you get to the start of the string.
+ *
+ * Padding is a little trickier too. If the first bytes is > 0x80 then we pad
+ * with 0xff. However if the first byte is 0x80 and one of the following bytes
+ * is non-zero we pad with 0xff. The reason for this distinction is that 0x80
+ * followed by optional zeros isn't padded.
  */
 
-int i2d_ASN1_INTEGER(a,pp)
-ASN1_INTEGER *a;
-unsigned char **pp;
+int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
 	{
-	int pad=0,ret,r,i,t;
-	unsigned char *p,*pt,*n,pb=0;
+	int pad=0,ret,i,neg;
+	unsigned char *p,*n,pb=0;
 
 	if ((a == NULL) || (a->data == NULL)) return(0);
-	t=a->type;
+	neg=a->type & V_ASN1_NEG;
 	if (a->length == 0)
 		ret=1;
 	else
 		{
 		ret=a->length;
 		i=a->data[0];
-		if ((t == V_ASN1_INTEGER) && (i > 127))
-			{
+		if (!neg && (i > 127)) {
 			pad=1;
 			pb=0;
+		} else if(neg) {
+			if(i>128) {
+				pad=1;
+				pb=0xFF;
+			} else if(i == 128) {
+			/*
+			 * Special case: if any other bytes non zero we pad:
+			 * otherwise we don't.
+			 */
+				for(i = 1; i < a->length; i++) if(a->data[i]) {
+						pad=1;
+						pb=0xFF;
+						break;
+				}
 			}
-		else if ((t == V_ASN1_NEG_INTEGER) && (i>128))
-			{
-			pad=1;
-			pb=0xFF;
-			}
+		}
 		ret+=pad;
 		}
-	r=ASN1_object_size(0,ret,V_ASN1_INTEGER);
-	if (pp == NULL) return(r);
+	if (pp == NULL) return(ret);
 	p= *pp;
 
-	ASN1_put_object(&p,0,ret,V_ASN1_INTEGER,V_ASN1_UNIVERSAL);
 	if (pad) *(p++)=pb;
-	if (a->length == 0)
-		*(p++)=0;
-	else if (t == V_ASN1_INTEGER)
+	if (a->length == 0) *(p++)=0;
+	else if (!neg) memcpy(p,a->data,(unsigned int)a->length);
+	else {
+		/* Begin at the end of the encoding */
+		n=a->data + a->length - 1;
+		p += a->length - 1;
+		i = a->length;
+		/* Copy zeros to destination as long as source is zero */
+		while(!*n) {
+			*(p--) = 0;
+			n--;
+			i--;
+		}
+		/* Complement and increment next octet */
+		*(p--) = ((*(n--)) ^ 0xff) + 1;
+		i--;
+		/* Complement any octets left */
+		for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
+	}
+
+	*pp+=ret;
+	return(ret);
+	}
+
+/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
+
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp,
+	     long len)
+	{
+	ASN1_INTEGER *ret=NULL;
+	unsigned char *p,*to,*s, *pend;
+	int i;
+
+	if ((a == NULL) || ((*a) == NULL))
 		{
-		memcpy(p,a->data,(unsigned int)a->length);
-		p+=a->length;
+		if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);
+		ret->type=V_ASN1_INTEGER;
 		}
 	else
+		ret=(*a);
+
+	p= *pp;
+	pend = p + len;
+
+	/* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
+	 * signifies a missing NULL parameter. */
+	s=(unsigned char *)OPENSSL_malloc((int)len+1);
+	if (s == NULL)
 		{
-		n=a->data;
-		pt=p;
-		for (i=a->length; i>0; i--)
-			*(p++)= (*(n++)^0xFF)+1;
-		if (!pad) *pt|=0x80;
+		i=ERR_R_MALLOC_FAILURE;
+		goto err;
 		}
+	to=s;
+	if(!len) {
+		/* Strictly speaking this is an illegal INTEGER but we
+		 * tolerate it.
+		 */
+		ret->type=V_ASN1_INTEGER;
+	} else if (*p & 0x80) /* a negative number */
+		{
+		ret->type=V_ASN1_NEG_INTEGER;
+		if ((*p == 0xff) && (len != 1)) {
+			p++;
+			len--;
+		}
+		i = len;
+		p += i - 1;
+		to += i - 1;
+		while((!*p) && i) {
+			*(to--) = 0;
+			i--;
+			p--;
+		}
+		/* Special case: if all zeros then the number will be of
+		 * the form FF followed by n zero bytes: this corresponds to
+		 * 1 followed by n zero bytes. We've already written n zeros
+		 * so we just append an extra one and set the first byte to
+		 * a 1. This is treated separately because it is the only case
+		 * where the number of bytes is larger than len.
+		 */
+		if(!i) {
+			*s = 1;
+			s[len] = 0;
+			len++;
+		} else {
+			*(to--) = (*(p--) ^ 0xff) + 1;
+			i--;
+			for(;i > 0; i--) *(to--) = *(p--) ^ 0xff;
+		}
+	} else {
+		ret->type=V_ASN1_INTEGER;
+		if ((*p == 0) && (len != 1))
+			{
+			p++;
+			len--;
+			}
+		memcpy(s,p,(int)len);
+	}
 
-	*pp=p;
-	return(r);
+	if (ret->data != NULL) OPENSSL_free(ret->data);
+	ret->data=s;
+	ret->length=(int)len;
+	if (a != NULL) (*a)=ret;
+	*pp=pend;
+	return(ret);
+err:
+	ASN1err(ASN1_F_D2I_ASN1_INTEGER,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		M_ASN1_INTEGER_free(ret);
+	return(NULL);
 	}
 
-ASN1_INTEGER *d2i_ASN1_INTEGER(a, pp, length)
-ASN1_INTEGER **a;
-unsigned char **pp;
-long length;
+
+/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of
+ * ASN1 integers: some broken software can encode a positive INTEGER
+ * with its MSB set as negative (it doesn't add a padding zero).
+ */
+
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp,
+	     long length)
 	{
 	ASN1_INTEGER *ret=NULL;
 	unsigned char *p,*to,*s;
@@ -129,7 +258,7 @@ long length;
 
 	if ((a == NULL) || ((*a) == NULL))
 		{
-		if ((ret=ASN1_INTEGER_new()) == NULL) return(NULL);
+		if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);
 		ret->type=V_ASN1_INTEGER;
 		}
 	else
@@ -149,29 +278,17 @@ long length;
 		goto err;
 		}
 
-	/* We must Malloc stuff, even for 0 bytes otherwise it
+	/* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
 	 * signifies a missing NULL parameter. */
-	s=(unsigned char *)Malloc((int)len+1);
+	s=(unsigned char *)OPENSSL_malloc((int)len+1);
 	if (s == NULL)
 		{
 		i=ERR_R_MALLOC_FAILURE;
 		goto err;
 		}
 	to=s;
-	if (*p & 0x80) /* a negative number */
-		{
-		ret->type=V_ASN1_NEG_INTEGER;
-		if (*p == 0xff)
-			{
-			p++;
-			len--;
-			}
-		for (i=(int)len; i>0; i--)
-			*(to++)= (*(p++)^0xFF)+1;
-		}
-	else
-		{
-		ret->type=V_ASN1_INTEGER;
+	ret->type=V_ASN1_INTEGER;
+	if(len) {
 		if ((*p == 0) && (len != 1))
 			{
 			p++;
@@ -179,24 +296,22 @@ long length;
 			}
 		memcpy(s,p,(int)len);
 		p+=len;
-		}
+	}
 
-	if (ret->data != NULL) Free((char *)ret->data);
+	if (ret->data != NULL) OPENSSL_free(ret->data);
 	ret->data=s;
 	ret->length=(int)len;
 	if (a != NULL) (*a)=ret;
 	*pp=p;
 	return(ret);
 err:
-	ASN1err(ASN1_F_D2I_ASN1_INTEGER,i);
+	ASN1err(ASN1_F_D2I_ASN1_UINTEGER,i);
 	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		ASN1_INTEGER_free(ret);
+		M_ASN1_INTEGER_free(ret);
 	return(NULL);
 	}
 
-int ASN1_INTEGER_set(a,v)
-ASN1_INTEGER *a;
-long v;
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
 	{
 	int i,j,k;
 	unsigned char buf[sizeof(long)+1];
@@ -206,8 +321,8 @@ long v;
 	if (a->length < (sizeof(long)+1))
 		{
 		if (a->data != NULL)
-			Free((char *)a->data);
-		if ((a->data=(unsigned char *)Malloc(sizeof(long)+1)) != NULL)
+			OPENSSL_free(a->data);
+		if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
 			memset((char *)a->data,0,sizeof(long)+1);
 		}
 	if (a->data == NULL)
@@ -229,15 +344,13 @@ long v;
 		d>>=8;
 		}
 	j=0;
-	if (v < 0) a->data[j++]=0;
 	for (k=i-1; k >=0; k--)
 		a->data[j++]=buf[k];
 	a->length=j;
 	return(1);
 	}
 
-long ASN1_INTEGER_get(a)
-ASN1_INTEGER *a;
+long ASN1_INTEGER_get(ASN1_INTEGER *a)
 	{
 	int neg=0,i;
 	long r=0;
@@ -247,7 +360,7 @@ ASN1_INTEGER *a;
 	if (i == V_ASN1_NEG_INTEGER)
 		neg=1;
 	else if (i != V_ASN1_INTEGER)
-		return(0);
+		return -1;
 	
 	if (a->length > sizeof(long))
 		{
@@ -255,7 +368,7 @@ ASN1_INTEGER *a;
 		return(0xffffffffL);
 		}
 	if (a->data == NULL)
-		return(0);
+		return 0;
 
 	for (i=0; i<a->length; i++)
 		{
@@ -266,15 +379,13 @@ ASN1_INTEGER *a;
 	return(r);
 	}
 
-ASN1_INTEGER *BN_to_ASN1_INTEGER(bn,ai)
-BIGNUM *bn;
-ASN1_INTEGER *ai;
+ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
 	{
 	ASN1_INTEGER *ret;
 	int len,j;
 
 	if (ai == NULL)
-		ret=ASN1_INTEGER_new();
+		ret=M_ASN1_INTEGER_new();
 	else
 		ret=ai;
 	if (ret == NULL)
@@ -282,24 +393,44 @@ ASN1_INTEGER *ai;
 		ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR);
 		goto err;
 		}
-	ret->type=V_ASN1_INTEGER;
+	if (BN_get_sign(bn))
+		ret->type = V_ASN1_NEG_INTEGER;
+	else ret->type=V_ASN1_INTEGER;
 	j=BN_num_bits(bn);
 	len=((j == 0)?0:((j/8)+1));
-	ret->data=(unsigned char *)Malloc(len+4);
+	if (ret->length < len+4)
+		{
+		unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
+		if (!new_data)
+			{
+			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		ret->data=new_data;
+		}
 	ret->length=BN_bn2bin(bn,ret->data);
+	/* Correct zero case */
+	if(!ret->length)
+		{
+		ret->data[0] = 0;
+		ret->length = 1;
+		}
 	return(ret);
 err:
-	if (ret != ai) ASN1_INTEGER_free(ret);
+	if (ret != ai) M_ASN1_INTEGER_free(ret);
 	return(NULL);
 	}
 
-BIGNUM *ASN1_INTEGER_to_BN(ai,bn)
-ASN1_INTEGER *ai;
-BIGNUM *bn;
+BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
 	{
 	BIGNUM *ret;
 
 	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
 		ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
+	else if(ai->type == V_ASN1_NEG_INTEGER)
+		BN_set_sign(ret, 1);
 	return(ret);
 	}
+
+IMPLEMENT_STACK_OF(ASN1_INTEGER)
+IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER)
diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c
new file mode 100644
index 0000000000..5d981c6553
--- /dev/null
+++ b/crypto/asn1/a_mbstr.c
@@ -0,0 +1,400 @@
+/* a_mbstr.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+static int traverse_string(const unsigned char *p, int len, int inform,
+		 int (*rfunc)(unsigned long value, void *in), void *arg);
+static int in_utf8(unsigned long value, void *arg);
+static int out_utf8(unsigned long value, void *arg);
+static int type_str(unsigned long value, void *arg);
+static int cpy_asc(unsigned long value, void *arg);
+static int cpy_bmp(unsigned long value, void *arg);
+static int cpy_univ(unsigned long value, void *arg);
+static int cpy_utf8(unsigned long value, void *arg);
+static int is_printable(unsigned long value);
+
+/* These functions take a string in UTF8, ASCII or multibyte form and
+ * a mask of permissible ASN1 string types. It then works out the minimal
+ * type (using the order Printable < IA5 < T61 < BMP < Universal < UTF8)
+ * and creates a string of the correct type with the supplied data.
+ * Yes this is horrible: it has to be :-(
+ * The 'ncopy' form checks minimum and maximum size limits too.
+ */
+
+int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
+					int inform, unsigned long mask)
+{
+	return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
+}
+
+int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
+					int inform, unsigned long mask, 
+					long minsize, long maxsize)
+{
+	int str_type;
+	int ret;
+	char free_out;
+	int outform, outlen;
+	ASN1_STRING *dest;
+	unsigned char *p;
+	int nchar;
+	char strbuf[32];
+	int (*cpyfunc)(unsigned long,void *) = NULL;
+	if(len == -1) len = strlen((const char *)in);
+	if(!mask) mask = DIRSTRING_TYPE;
+
+	/* First do a string check and work out the number of characters */
+	switch(inform) {
+
+		case MBSTRING_BMP:
+		if(len & 1) {
+			ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
+					 ASN1_R_INVALID_BMPSTRING_LENGTH);
+			return -1;
+		}
+		nchar = len >> 1;
+		break;
+
+		case MBSTRING_UNIV:
+		if(len & 3) {
+			ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
+					 ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
+			return -1;
+		}
+		nchar = len >> 2;
+		break;
+
+		case MBSTRING_UTF8:
+		nchar = 0;
+		/* This counts the characters and does utf8 syntax checking */
+		ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
+		if(ret < 0) {
+			ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
+						 ASN1_R_INVALID_UTF8STRING);
+			return -1;
+		}
+		break;
+
+		case MBSTRING_ASC:
+		nchar = len;
+		break;
+
+		default:
+		ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_UNKNOWN_FORMAT);
+		return -1;
+	}
+
+	if((minsize > 0) && (nchar < minsize)) {
+		ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT);
+		sprintf(strbuf, "%ld", minsize);
+		ERR_add_error_data(2, "minsize=", strbuf);
+		return -1;
+	}
+
+	if((maxsize > 0) && (nchar > maxsize)) {
+		ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG);
+		sprintf(strbuf, "%ld", maxsize);
+		ERR_add_error_data(2, "maxsize=", strbuf);
+		return -1;
+	}
+
+	/* Now work out minimal type (if any) */
+	if(traverse_string(in, len, inform, type_str, &mask) < 0) {
+		ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_ILLEGAL_CHARACTERS);
+		return -1;
+	}
+
+
+	/* Now work out output format and string type */
+	outform = MBSTRING_ASC;
+	if(mask & B_ASN1_PRINTABLESTRING) str_type = V_ASN1_PRINTABLESTRING;
+	else if(mask & B_ASN1_IA5STRING) str_type = V_ASN1_IA5STRING;
+	else if(mask & B_ASN1_T61STRING) str_type = V_ASN1_T61STRING;
+	else if(mask & B_ASN1_BMPSTRING) {
+		str_type = V_ASN1_BMPSTRING;
+		outform = MBSTRING_BMP;
+	} else if(mask & B_ASN1_UNIVERSALSTRING) {
+		str_type = V_ASN1_UNIVERSALSTRING;
+		outform = MBSTRING_UNIV;
+	} else {
+		str_type = V_ASN1_UTF8STRING;
+		outform = MBSTRING_UTF8;
+	}
+	if(!out) return str_type;
+	if(*out) {
+		free_out = 0;
+		dest = *out;
+		if(dest->data) {
+			dest->length = 0;
+			OPENSSL_free(dest->data);
+			dest->data = NULL;
+		}
+		dest->type = str_type;
+	} else {
+		free_out = 1;
+		dest = ASN1_STRING_type_new(str_type);
+		if(!dest) {
+			ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
+							ERR_R_MALLOC_FAILURE);
+			return -1;
+		}
+		*out = dest;
+	}
+	/* If both the same type just copy across */
+	if(inform == outform) {
+		if(!ASN1_STRING_set(dest, in, len)) {
+			ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE);
+			return -1;
+		}
+		return str_type;
+	} 
+
+	/* Work out how much space the destination will need */
+	switch(outform) {
+		case MBSTRING_ASC:
+		outlen = nchar;
+		cpyfunc = cpy_asc;
+		break;
+
+		case MBSTRING_BMP:
+		outlen = nchar << 1;
+		cpyfunc = cpy_bmp;
+		break;
+
+		case MBSTRING_UNIV:
+		outlen = nchar << 2;
+		cpyfunc = cpy_univ;
+		break;
+
+		case MBSTRING_UTF8:
+		outlen = 0;
+		traverse_string(in, len, inform, out_utf8, &outlen);
+		cpyfunc = cpy_utf8;
+		break;
+	}
+	if(!(p = OPENSSL_malloc(outlen + 1))) {
+		if(free_out) ASN1_STRING_free(dest);
+		ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE);
+		return -1;
+	}
+	dest->length = outlen;
+	dest->data = p;
+	p[outlen] = 0;
+	traverse_string(in, len, inform, cpyfunc, &p);
+	return str_type;	
+}
+
+/* This function traverses a string and passes the value of each character
+ * to an optional function along with a void * argument.
+ */
+
+static int traverse_string(const unsigned char *p, int len, int inform,
+		 int (*rfunc)(unsigned long value, void *in), void *arg)
+{
+	unsigned long value;
+	int ret;
+	while(len) {
+		if(inform == MBSTRING_ASC) {
+			value = *p++;
+			len--;
+		} else if(inform == MBSTRING_BMP) {
+			value = *p++ << 8;
+			value |= *p++;
+			len -= 2;
+		} else if(inform == MBSTRING_UNIV) {
+			value = ((unsigned long)*p++) << 24;
+			value |= ((unsigned long)*p++) << 16;
+			value |= *p++ << 8;
+			value |= *p++;
+			len -= 4;
+		} else {
+			ret = UTF8_getc(p, len, &value);
+			if(ret < 0) return -1;
+			len -= ret;
+			p += ret;
+		}
+		if(rfunc) {
+			ret = rfunc(value, arg);
+			if(ret <= 0) return ret;
+		}
+	}
+	return 1;
+}
+
+/* Various utility functions for traverse_string */
+
+/* Just count number of characters */
+
+static int in_utf8(unsigned long value, void *arg)
+{
+	int *nchar;
+	nchar = arg;
+	(*nchar)++;
+	return 1;
+}
+
+/* Determine size of output as a UTF8 String */
+
+static int out_utf8(unsigned long value, void *arg)
+{
+	long *outlen;
+	outlen = arg;
+	*outlen += UTF8_putc(NULL, -1, value);
+	return 1;
+}
+
+/* Determine the "type" of a string: check each character against a
+ * supplied "mask".
+ */
+
+static int type_str(unsigned long value, void *arg)
+{
+	unsigned long types;
+	types = *((unsigned long *)arg);
+	if((types & B_ASN1_PRINTABLESTRING) && !is_printable(value))
+					types &= ~B_ASN1_PRINTABLESTRING;
+	if((types & B_ASN1_IA5STRING) && (value > 127))
+					types &= ~B_ASN1_IA5STRING;
+	if((types & B_ASN1_T61STRING) && (value > 0xff))
+					types &= ~B_ASN1_T61STRING;
+	if((types & B_ASN1_BMPSTRING) && (value > 0xffff))
+					types &= ~B_ASN1_BMPSTRING;
+	if(!types) return -1;
+	*((unsigned long *)arg) = types;
+	return 1;
+}
+
+/* Copy one byte per character ASCII like strings */
+
+static int cpy_asc(unsigned long value, void *arg)
+{
+	unsigned char **p, *q;
+	p = arg;
+	q = *p;
+	*q = (unsigned char) value;
+	(*p)++;
+	return 1;
+}
+
+/* Copy two byte per character BMPStrings */
+
+static int cpy_bmp(unsigned long value, void *arg)
+{
+	unsigned char **p, *q;
+	p = arg;
+	q = *p;
+	*q++ = (unsigned char) ((value >> 8) & 0xff);
+	*q = (unsigned char) (value & 0xff);
+	*p += 2;
+	return 1;
+}
+
+/* Copy four byte per character UniversalStrings */
+
+static int cpy_univ(unsigned long value, void *arg)
+{
+	unsigned char **p, *q;
+	p = arg;
+	q = *p;
+	*q++ = (unsigned char) ((value >> 24) & 0xff);
+	*q++ = (unsigned char) ((value >> 16) & 0xff);
+	*q++ = (unsigned char) ((value >> 8) & 0xff);
+	*q = (unsigned char) (value & 0xff);
+	*p += 4;
+	return 1;
+}
+
+/* Copy to a UTF8String */
+
+static int cpy_utf8(unsigned long value, void *arg)
+{
+	unsigned char **p;
+	int ret;
+	p = arg;
+	/* We already know there is enough room so pass 0xff as the length */
+	ret = UTF8_putc(*p, 0xff, value);
+	*p += ret;
+	return 1;
+}
+
+/* Return 1 if the character is permitted in a PrintableString */
+static int is_printable(unsigned long value)
+{
+	int ch;
+	if(value > 0x7f) return 0;
+	ch = (int) value;
+	/* Note: we can't use 'isalnum' because certain accented 
+	 * characters may count as alphanumeric in some environments.
+	 */
+#ifndef CHARSET_EBCDIC
+	if((ch >= 'a') && (ch <= 'z')) return 1;
+	if((ch >= 'A') && (ch <= 'Z')) return 1;
+	if((ch >= '0') && (ch <= '9')) return 1;
+	if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1;
+#else /*CHARSET_EBCDIC*/
+	if((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) return 1;
+	if((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) return 1;
+	if((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) return 1;
+	if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) return 1;
+#endif /*CHARSET_EBCDIC*/
+	return 0;
+}
diff --git a/crypto/asn1/a_meth.c b/crypto/asn1/a_meth.c
index 513625c305..63158e9cab 100644
--- a/crypto/asn1/a_meth.c
+++ b/crypto/asn1/a_meth.c
@@ -58,8 +58,8 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "x509.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
 
 static  ASN1_METHOD ia5string_meth={
 	(int (*)())	i2d_ASN1_IA5STRING,
@@ -73,12 +73,12 @@ static  ASN1_METHOD bit_string_meth={
 	(char *(*)())	ASN1_STRING_new,
 	(void (*)())	ASN1_STRING_free};
 
-ASN1_METHOD *ASN1_IA5STRING_asn1_meth()
+ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void)
 	{
 	return(&ia5string_meth);
 	}
 
-ASN1_METHOD *ASN1_BIT_STRING_asn1_meth()
+ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void)
 	{
 	return(&bit_string_meth);
 	}
diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index a476960d9a..0a8e6c287c 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -58,25 +58,19 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "asn1.h"
-#include "objects.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
 
-/* ASN1err(ASN1_F_ASN1_OBJECT_NEW,ASN1_R_EXPECTING_AN_OBJECT); 
- * ASN1err(ASN1_F_D2I_ASN1_OBJECT,ASN1_R_BAD_OBJECT_HEADER); 
- * ASN1err(ASN1_F_I2T_ASN1_OBJECT,ASN1_R_BAD_OBJECT_HEADER);
- */
-
-int i2d_ASN1_OBJECT(a, pp)
-ASN1_OBJECT *a;
-unsigned char **pp;
+int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
 	{
 	unsigned char *p;
+	int objsize;
 
 	if ((a == NULL) || (a->data == NULL)) return(0);
 
-	if (pp == NULL)
-		return(ASN1_object_size(0,a->length,V_ASN1_OBJECT));
+	objsize = ASN1_object_size(0,a->length,V_ASN1_OBJECT);
+	if (pp == NULL) return objsize;
 
 	p= *pp;
 	ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
@@ -84,17 +78,14 @@ unsigned char **pp;
 	p+=a->length;
 
 	*pp=p;
-	return(a->length);
+	return(objsize);
 	}
 
-int a2d_ASN1_OBJECT(out,olen,buf,num)
-unsigned char *out;
-int olen;
-char *buf;
-int num;
+int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
 	{
 	int i,first,len=0,c;
-	char tmp[24],*p;
+	char tmp[24];
+	const char *p;
 	unsigned long l;
 
 	if (num == 0)
@@ -180,119 +171,33 @@ err:
 	return(0);
 	}
 
-int i2t_ASN1_OBJECT(buf,buf_len,a)
-char *buf;
-int buf_len;
-ASN1_OBJECT *a;
-	{
-	int i,idx=0,n=0,len,nid;
-	unsigned long l;
-	unsigned char *p;
-	char *s;
-	char tbuf[32];
-
-	if (buf_len <= 0) return(0);
-
-	if ((a == NULL) || (a->data == NULL))
-		{
-		buf[0]='\0';
-		return(0);
-		}
-
-	nid=OBJ_obj2nid(a);
-	if (nid == NID_undef)
-		{
-		len=a->length;
-		p=a->data;
+int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
+{
+	return OBJ_obj2txt(buf, buf_len, a, 0);
+}
 
-		idx=0;
-		l=0;
-		while (idx < a->length)
-			{
-			l|=(p[idx]&0x7f);
-			if (!(p[idx] & 0x80)) break;
-			l<<=7L;
-			idx++;
-			}
-		idx++;
-		i=(int)(l/40);
-		if (i > 2) i=2;
-		l-=(long)(i*40);
-
-		sprintf(tbuf,"%d.%ld",i,l);
-		i=strlen(tbuf);
-		strncpy(buf,tbuf,buf_len);
-		buf_len-=i;
-		buf+=i;
-		n+=i;
-
-		l=0;
-		for (; idx<len; idx++)
-			{
-			l|=p[idx]&0x7f;
-			if (!(p[idx] & 0x80))
-				{
-				sprintf(tbuf,".%ld",l);
-				i=strlen(tbuf);
-				if (buf_len > 0)
-					strncpy(buf,tbuf,buf_len);
-				buf_len-=i;
-				buf+=i;
-				n+=i;
-				l=0;
-				}
-			l<<=7L;
-			}
-		}
-	else
-		{
-		s=(char *)OBJ_nid2ln(nid);
-		if (s == NULL)
-			s=(char *)OBJ_nid2sn(nid);
-		strncpy(buf,s,buf_len);
-		n=strlen(s);
-		}
-	buf[buf_len-1]='\0';
-	return(n);
-	}
-
-int i2a_ASN1_OBJECT(bp,a)
-BIO *bp;
-ASN1_OBJECT *a;
+int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
 	{
 	char buf[80];
 	int i;
 
 	if ((a == NULL) || (a->data == NULL))
 		return(BIO_write(bp,"NULL",4));
-	i=i2t_ASN1_OBJECT(buf,80,a);
-	if (i > 80) i=80;
+	i=i2t_ASN1_OBJECT(buf,sizeof buf,a);
+	if (i > sizeof buf) i=sizeof buf;
 	BIO_write(bp,buf,i);
 	return(i);
 	}
 
-ASN1_OBJECT *d2i_ASN1_OBJECT(a, pp, length)
-ASN1_OBJECT **a;
-unsigned char **pp;
-long length; 
-	{
-	ASN1_OBJECT *ret=NULL;
+ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
+	     long length)
+{
 	unsigned char *p;
 	long len;
 	int tag,xclass;
 	int inf,i;
-
-	/* only the ASN1_OBJECTs from the 'table' will have values
-	 * for ->sn or ->ln */
-	if ((a == NULL) || ((*a) == NULL) ||
-		!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
-		{
-		if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
-		}
-	else	ret=(*a);
-
+	ASN1_OBJECT *ret = NULL;
 	p= *pp;
-
 	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
 	if (inf & 0x80)
 		{
@@ -305,10 +210,36 @@ long length;
 		i=ASN1_R_EXPECTING_AN_OBJECT;
 		goto err;
 		}
+	ret = c2i_ASN1_OBJECT(a, &p, len);
+	if(ret) *pp = p;
+	return ret;
+err:
+	ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
+	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+		ASN1_OBJECT_free(ret);
+	return(NULL);
+}
+ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp,
+	     long len)
+	{
+	ASN1_OBJECT *ret=NULL;
+	unsigned char *p;
+	int i;
+
+	/* only the ASN1_OBJECTs from the 'table' will have values
+	 * for ->sn or ->ln */
+	if ((a == NULL) || ((*a) == NULL) ||
+		!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
+		{
+		if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
+		}
+	else	ret=(*a);
+
+	p= *pp;
 	if ((ret->data == NULL) || (ret->length < len))
 		{
-		if (ret->data != NULL) Free((char *)ret->data);
-		ret->data=(unsigned char *)Malloc((int)len);
+		if (ret->data != NULL) OPENSSL_free(ret->data);
+		ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1);
 		ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
 		if (ret->data == NULL)
 			{ i=ERR_R_MALLOC_FAILURE; goto err; }
@@ -330,11 +261,11 @@ err:
 	return(NULL);
 	}
 
-ASN1_OBJECT *ASN1_OBJECT_new()
+ASN1_OBJECT *ASN1_OBJECT_new(void)
 	{
 	ASN1_OBJECT *ret;
 
-	ret=(ASN1_OBJECT *)Malloc(sizeof(ASN1_OBJECT));
+	ret=(ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT));
 	if (ret == NULL)
 		{
 		ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE);
@@ -349,31 +280,29 @@ ASN1_OBJECT *ASN1_OBJECT_new()
 	return(ret);
 	}
 
-void ASN1_OBJECT_free(a)
-ASN1_OBJECT *a;
+void ASN1_OBJECT_free(ASN1_OBJECT *a)
 	{
 	if (a == NULL) return;
 	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)
 		{
-		if (a->sn != NULL) Free(a->sn);
-		if (a->ln != NULL) Free(a->ln);
+#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */
+		if (a->sn != NULL) OPENSSL_free((void *)a->sn);
+		if (a->ln != NULL) OPENSSL_free((void *)a->ln);
+#endif
 		a->sn=a->ln=NULL;
 		}
 	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)
 		{
-		if (a->data != NULL) Free(a->data);
+		if (a->data != NULL) OPENSSL_free(a->data);
 		a->data=NULL;
 		a->length=0;
 		}
 	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
-		Free((char *)a);
+		OPENSSL_free(a);
 	}
 
-ASN1_OBJECT *ASN1_OBJECT_create(nid,data,len,sn,ln)
-int nid;
-unsigned char *data;
-int len;
-char *sn,*ln;
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
+	     const char *sn, const char *ln)
 	{
 	ASN1_OBJECT o;
 
@@ -387,3 +316,5 @@ char *sn,*ln;
 	return(OBJ_dup(&o));
 	}
 
+IMPLEMENT_STACK_OF(ASN1_OBJECT)
+IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT)
diff --git a/crypto/asn1/a_octet.c b/crypto/asn1/a_octet.c
index 5954c7bee0..9690bae0f1 100644
--- a/crypto/asn1/a_octet.c
+++ b/crypto/asn1/a_octet.c
@@ -58,33 +58,14 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
+#include <openssl/asn1.h>
 
-/* ASN1err(ASN1_F_D2I_ASN1_OCTET_STRING,ASN1_R_EXPECTING_AN_OCTET_STRING);
- */
-
-int i2d_ASN1_OCTET_STRING(a, pp)
-ASN1_OCTET_STRING *a;
-unsigned char **pp;
-	{
-	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
-		V_ASN1_OCTET_STRING,V_ASN1_UNIVERSAL));
-	}
+ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x)
+{ return M_ASN1_OCTET_STRING_dup(x); }
 
-ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(a, pp, length)
-ASN1_OCTET_STRING **a;
-unsigned char **pp;
-long length;
-	{
-	ASN1_OCTET_STRING *ret=NULL;
+int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b)
+{ return M_ASN1_OCTET_STRING_cmp(a, b); }
 
-	ret=(ASN1_OCTET_STRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
-		pp,length,V_ASN1_OCTET_STRING,V_ASN1_UNIVERSAL);
-	if (ret == NULL)
-		{
-		ASN1err(ASN1_F_D2I_ASN1_OCTET_STRING,ERR_R_NESTED_ASN1_ERROR);
-		return(NULL);
-		}
-	return(ret);
-	}
+int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, unsigned char *d, int len)
+{ return M_ASN1_OCTET_STRING_set(x, d, len); }
 
diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c
index 3023361dee..8035513f04 100644
--- a/crypto/asn1/a_print.c
+++ b/crypto/asn1/a_print.c
@@ -58,49 +58,9 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
+#include <openssl/asn1.h>
 
-/* ASN1err(ASN1_F_D2I_ASN1_PRINT_TYPE,ASN1_R_WRONG_PRINTABLE_TYPE);
- * ASN1err(ASN1_F_D2I_ASN1_PRINT_TYPE,ASN1_R_TAG_VALUE_TOO_HIGH);
- */
-
-int i2d_ASN1_IA5STRING(a,pp)
-ASN1_IA5STRING *a;
-unsigned char **pp;
-	{ return(M_i2d_ASN1_IA5STRING(a,pp)); }
-
-ASN1_IA5STRING *d2i_ASN1_IA5STRING(a,pp,l)
-ASN1_IA5STRING **a;
-unsigned char **pp;
-long l;
-	{ return(M_d2i_ASN1_IA5STRING(a,pp,l)); }
-
-ASN1_T61STRING *d2i_ASN1_T61STRING(a,pp,l)
-ASN1_T61STRING **a;
-unsigned char **pp;
-long l;
-	{ return(M_d2i_ASN1_T61STRING(a,pp,l)); }
-
-ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(a,pp,l)
-ASN1_PRINTABLESTRING **a;
-unsigned char **pp;
-long l;
-	{ return(M_d2i_ASN1_PRINTABLESTRING(a,pp,l)); }
-
-int i2d_ASN1_PRINTABLE(a,pp)
-ASN1_STRING *a;
-unsigned char **pp;
-	{ return(M_i2d_ASN1_PRINTABLE(a,pp)); }
-
-ASN1_STRING *d2i_ASN1_PRINTABLE(a,pp,l)
-ASN1_STRING **a;
-unsigned char **pp;
-long l;
-	{ return(M_d2i_ASN1_PRINTABLE(a,pp,l)); }
-
-int ASN1_PRINTABLE_type(s,len)
-unsigned char *s;
-int len;
+int ASN1_PRINTABLE_type(unsigned char *s, int len)
 	{
 	int c;
 	int ia5=0;
@@ -112,6 +72,7 @@ int len;
 	while ((*s) && (len-- != 0))
 		{
 		c= *(s++);
+#ifndef CHARSET_EBCDIC
 		if (!(	((c >= 'a') && (c <= 'z')) ||
 			((c >= 'A') && (c <= 'Z')) ||
 			(c == ' ') ||
@@ -125,14 +86,20 @@ int len;
 			ia5=1;
 		if (c&0x80)
 			t61=1;
+#else
+		if (!isalnum(c) && (c != ' ') &&
+		    strchr("'()+,-./:=?", c) == NULL)
+			ia5=1;
+		if (os_toascii[c] & 0x80)
+			t61=1;
+#endif
 		}
 	if (t61) return(V_ASN1_T61STRING);
 	if (ia5) return(V_ASN1_IA5STRING);
 	return(V_ASN1_PRINTABLESTRING);
 	}
 
-int ASN1_UNIVERSALSTRING_to_string(s)
-ASN1_UNIVERSALSTRING *s;
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
 	{
 	int i;
 	unsigned char *p;
@@ -158,4 +125,3 @@ ASN1_UNIVERSALSTRING *s;
 	s->type=ASN1_PRINTABLE_type(s->data,s->length);
 	return(1);
 	}
-
diff --git a/crypto/asn1/a_set.c b/crypto/asn1/a_set.c
index 7fd4807e52..0f839822ff 100644
--- a/crypto/asn1/a_set.c
+++ b/crypto/asn1/a_set.c
@@ -58,21 +58,42 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
+#include <openssl/asn1_mac.h>
 
-/* ASN1err(ASN1_F_ASN1_TYPE_NEW,ERR_R_MALLOC_FAILURE);
+#ifndef NO_ASN1_OLD
+
+typedef struct
+    {
+    unsigned char *pbData;
+    int cbData;
+    } MYBLOB;
+
+/* SetBlobCmp
+ * This function compares two elements of SET_OF block
  */
+static int SetBlobCmp(const void *elem1, const void *elem2 )
+    {
+    const MYBLOB *b1 = (const MYBLOB *)elem1;
+    const MYBLOB *b2 = (const MYBLOB *)elem2;
+    int r;
+
+    r = memcmp(b1->pbData, b2->pbData,
+	       b1->cbData < b2->cbData ? b1->cbData : b2->cbData);
+    if(r != 0)
+	return r;
+    return b1->cbData-b2->cbData;
+    }
 
-int i2d_ASN1_SET(a,pp,func,ex_tag,ex_class)
-STACK *a;
-unsigned char **pp;
-int (*func)();
-int ex_tag;
-int ex_class;
+/* int is_set:  if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)    */
+int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag,
+	     int ex_class, int is_set)
 	{
 	int ret=0,r;
 	int i;
 	unsigned char *p;
+        unsigned char *pStart, *pTempMem;
+        MYBLOB *rgSetBlob;
+        int totSize;
 
 	if (a == NULL) return(0);
 	for (i=sk_num(a)-1; i>=0; i--)
@@ -82,27 +103,64 @@ int ex_class;
 
 	p= *pp;
 	ASN1_put_object(&p,1,ret,ex_tag,ex_class);
-	for (i=0; i<sk_num(a); i++)
-		func(sk_value(a,i),&p);
 
-	*pp=p;
-	return(r);
-	}
+/* Modified by gp@nsj.co.jp */
+	/* And then again by Ben */
+	/* And again by Steve */
+
+	if(!is_set || (sk_num(a) < 2))
+		{
+		for (i=0; i<sk_num(a); i++)
+                	func(sk_value(a,i),&p);
+
+		*pp=p;
+		return(r);
+		}
+
+        pStart  = p; /* Catch the beg of Setblobs*/
+        if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array
+we will store the SET blobs */
+
+        for (i=0; i<sk_num(a); i++)
+	        {
+                rgSetBlob[i].pbData = p;  /* catch each set encode blob */
+                func(sk_value(a,i),&p);
+                rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
+SetBlob
+*/
+		}
+        *pp=p;
+        totSize = p - pStart; /* This is the total size of all set blobs */
+
+ /* Now we have to sort the blobs. I am using a simple algo.
+    *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
+        qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
+        if (!(pTempMem = OPENSSL_malloc(totSize))) return 0;
+
+/* Copy to temp mem */
+        p = pTempMem;
+        for(i=0; i<sk_num(a); ++i)
+		{
+                memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
+                p += rgSetBlob[i].cbData;
+		}
+
+/* Copy back to user mem*/
+        memcpy(pStart, pTempMem, totSize);
+        OPENSSL_free(pTempMem);
+        OPENSSL_free(rgSetBlob);
+
+        return(r);
+        }
 
-STACK *d2i_ASN1_SET(a,pp,length,func,free_func,ex_tag,ex_class)
-STACK **a;
-unsigned char **pp;
-long length;
-char *(*func)();
-void (*free_func)();
-int ex_tag;
-int ex_class;
+STACK *d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
+	     char *(*func)(), void (*free_func)(void *), int ex_tag, int ex_class)
 	{
 	ASN1_CTX c;
 	STACK *ret=NULL;
 
 	if ((a == NULL) || ((*a) == NULL))
-		{ if ((ret=sk_new(NULL)) == NULL) goto err; }
+		{ if ((ret=sk_new_null()) == NULL) goto err; }
 	else
 		ret=(*a);
 
@@ -159,3 +217,4 @@ err:
 	return(NULL);
 	}
 
+#endif
diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c
index c2ff9783ac..52ce7e3974 100644
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -55,34 +55,87 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
 #include <time.h>
-#include <sys/types.h>
-#include <sys/stat.h>
 
 #include "cryptlib.h"
-#include "bn.h"
-#include "evp.h"
-#include "x509.h"
-#include "objects.h"
-#include "buffer.h"
-#include "pem.h"
 
-int ASN1_sign(i2d,algor1,algor2,signature,data,pkey,type)
-int (*i2d)();
-X509_ALGOR *algor1;
-X509_ALGOR *algor2;
-ASN1_BIT_STRING *signature;
-char *data;
-EVP_PKEY *pkey;
-EVP_MD *type;
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
+	     ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
+	     const EVP_MD *type)
 	{
 	EVP_MD_CTX ctx;
 	unsigned char *p,*buf_in=NULL,*buf_out=NULL;
 	int i,inl=0,outl=0,outll=0;
 	X509_ALGOR *a;
 
+	EVP_MD_CTX_init(&ctx);
 	for (i=0; i<2; i++)
 		{
 		if (i == 0)
@@ -90,7 +143,14 @@ EVP_MD *type;
 		else
 			a=algor2;
 		if (a == NULL) continue;
-		if (	(a->parameter == NULL) || 
+                if (type->pkey_type == NID_dsaWithSHA1)
+			{
+			/* special case: RFC 2459 tells us to omit 'parameters'
+			 * with id-dsa-with-sha1 */
+			ASN1_TYPE_free(a->parameter);
+			a->parameter = NULL;
+			}
+		else if ((a->parameter == NULL) || 
 			(a->parameter->type != V_ASN1_NULL))
 			{
 			ASN1_TYPE_free(a->parameter);
@@ -111,9 +171,9 @@ EVP_MD *type;
 			}
 		}
 	inl=i2d(data,NULL);
-	buf_in=(unsigned char *)Malloc((unsigned int)inl);
+	buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl);
 	outll=outl=EVP_PKEY_size(pkey);
-	buf_out=(unsigned char *)Malloc((unsigned int)outl);
+	buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
 	if ((buf_in == NULL) || (buf_out == NULL))
 		{
 		outl=0;
@@ -123,7 +183,90 @@ EVP_MD *type;
 	p=buf_in;
 
 	i2d(data,&p);
-	EVP_SignInit(&ctx,type);
+	EVP_SignInit_ex(&ctx,type, NULL);
+	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
+	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
+			(unsigned int *)&outl,pkey))
+		{
+		outl=0;
+		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
+		goto err;
+		}
+	if (signature->data != NULL) OPENSSL_free(signature->data);
+	signature->data=buf_out;
+	buf_out=NULL;
+	signature->length=outl;
+	/* In the interests of compatibility, I'll make sure that
+	 * the bit string has a 'not-used bits' value of 0
+	 */
+	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+err:
+	EVP_MD_CTX_cleanup(&ctx);
+	if (buf_in != NULL)
+		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
+	if (buf_out != NULL)
+		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
+	return(outl);
+	}
+
+#endif
+
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
+	     ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey,
+	     const EVP_MD *type)
+	{
+	EVP_MD_CTX ctx;
+	unsigned char *buf_in=NULL,*buf_out=NULL;
+	int i,inl=0,outl=0,outll=0;
+	X509_ALGOR *a;
+
+	EVP_MD_CTX_init(&ctx);
+	for (i=0; i<2; i++)
+		{
+		if (i == 0)
+			a=algor1;
+		else
+			a=algor2;
+		if (a == NULL) continue;
+                if (type->pkey_type == NID_dsaWithSHA1)
+			{
+			/* special case: RFC 2459 tells us to omit 'parameters'
+			 * with id-dsa-with-sha1 */
+			ASN1_TYPE_free(a->parameter);
+			a->parameter = NULL;
+			}
+		else if ((a->parameter == NULL) || 
+			(a->parameter->type != V_ASN1_NULL))
+			{
+			ASN1_TYPE_free(a->parameter);
+			if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
+			a->parameter->type=V_ASN1_NULL;
+			}
+		ASN1_OBJECT_free(a->algorithm);
+		a->algorithm=OBJ_nid2obj(type->pkey_type);
+		if (a->algorithm == NULL)
+			{
+			ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
+			goto err;
+			}
+		if (a->algorithm->length == 0)
+			{
+			ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+			goto err;
+			}
+		}
+	inl=ASN1_item_i2d(asn,&buf_in, it);
+	outll=outl=EVP_PKEY_size(pkey);
+	buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
+	if ((buf_in == NULL) || (buf_out == NULL))
+		{
+		outl=0;
+		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	EVP_SignInit_ex(&ctx,type, NULL);
 	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
 	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
 			(unsigned int *)&outl,pkey))
@@ -132,20 +275,20 @@ EVP_MD *type;
 		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
 		goto err;
 		}
-	if (signature->data != NULL) Free((char *)signature->data);
+	if (signature->data != NULL) OPENSSL_free(signature->data);
 	signature->data=buf_out;
 	buf_out=NULL;
 	signature->length=outl;
-	/* In the interests of compatability, I'll make sure that
+	/* In the interests of compatibility, I'll make sure that
 	 * the bit string has a 'not-used bits' value of 0
 	 */
 	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
 	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
 err:
-	memset(&ctx,0,sizeof(ctx));
+	EVP_MD_CTX_cleanup(&ctx);
 	if (buf_in != NULL)
-		{ memset((char *)buf_in,0,(unsigned int)inl); Free((char *)buf_in); }
+		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
 	if (buf_out != NULL)
-		{ memset((char *)buf_out,0,outll); Free((char *)buf_out); }
+		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
 	return(outl);
 	}
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
new file mode 100644
index 0000000000..1def6c6549
--- /dev/null
+++ b/crypto/asn1/a_strex.c
@@ -0,0 +1,562 @@
+/* a_strex.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+
+#include "charmap.h"
+#include "cryptlib.h"
+
+/* ASN1_STRING_print_ex() and X509_NAME_print_ex().
+ * Enhanced string and name printing routines handling
+ * multibyte characters, RFC2253 and a host of other
+ * options.
+ */
+
+
+#define CHARTYPE_BS_ESC		(ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
+
+
+/* Three IO functions for sending data to memory, a BIO and
+ * and a FILE pointer.
+ */
+#if 0				/* never used */
+static int send_mem_chars(void *arg, const void *buf, int len)
+{
+	unsigned char **out = arg;
+	if(!out) return 1;
+	memcpy(*out, buf, len);
+	*out += len;
+	return 1;
+}
+#endif
+
+static int send_bio_chars(void *arg, const void *buf, int len)
+{
+	if(!arg) return 1;
+	if(BIO_write(arg, buf, len) != len) return 0;
+	return 1;
+}
+
+static int send_fp_chars(void *arg, const void *buf, int len)
+{
+	if(!arg) return 1;
+	if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
+	return 1;
+}
+
+typedef int char_io(void *arg, const void *buf, int len);
+
+/* This function handles display of
+ * strings, one character at a time.
+ * It is passed an unsigned long for each
+ * character because it could come from 2 or even
+ * 4 byte forms.
+ */
+
+static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg)
+{
+	unsigned char chflgs, chtmp;
+	char tmphex[HEX_SIZE(long)+3];
+
+	if(c > 0xffffffffL)
+		return -1;
+	if(c > 0xffff) {
+		BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
+		if(!io_ch(arg, tmphex, 10)) return -1;
+		return 10;
+	}
+	if(c > 0xff) {
+		BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
+		if(!io_ch(arg, tmphex, 6)) return -1;
+		return 6;
+	}
+	chtmp = (unsigned char)c;
+	if(chtmp > 0x7f) chflgs = flags & ASN1_STRFLGS_ESC_MSB;
+	else chflgs = char_type[chtmp] & flags;
+	if(chflgs & CHARTYPE_BS_ESC) {
+		/* If we don't escape with quotes, signal we need quotes */
+		if(chflgs & ASN1_STRFLGS_ESC_QUOTE) {
+			if(do_quotes) *do_quotes = 1;
+			if(!io_ch(arg, &chtmp, 1)) return -1;
+			return 1;
+		}
+		if(!io_ch(arg, "\\", 1)) return -1;
+		if(!io_ch(arg, &chtmp, 1)) return -1;
+		return 2;
+	}
+	if(chflgs & (ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_ESC_MSB)) {
+		BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
+		if(!io_ch(arg, tmphex, 3)) return -1;
+		return 3;
+	}
+	if(!io_ch(arg, &chtmp, 1)) return -1;
+	return 1;
+}
+
+#define BUF_TYPE_WIDTH_MASK	0x7
+#define BUF_TYPE_CONVUTF8	0x8
+
+/* This function sends each character in a buffer to
+ * do_esc_char(). It interprets the content formats
+ * and converts to or from UTF8 as appropriate.
+ */
+
+static int do_buf(unsigned char *buf, int buflen,
+			int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg)
+{
+	int i, outlen, len;
+	unsigned char orflags, *p, *q;
+	unsigned long c;
+	p = buf;
+	q = buf + buflen;
+	outlen = 0;
+	while(p != q) {
+		if(p == buf) orflags = CHARTYPE_FIRST_ESC_2253;
+		else orflags = 0;
+		switch(type & BUF_TYPE_WIDTH_MASK) {
+			case 4:
+			c = ((unsigned long)*p++) << 24;
+			c |= ((unsigned long)*p++) << 16;
+			c |= ((unsigned long)*p++) << 8;
+			c |= *p++;
+			break;
+
+			case 2:
+			c = ((unsigned long)*p++) << 8;
+			c |= *p++;
+			break;
+
+			case 1:
+			c = *p++;
+			break;
+			
+			case 0:
+			i = UTF8_getc(p, buflen, &c);
+			if(i < 0) return -1;	/* Invalid UTF8String */
+			p += i;
+			break;
+		}
+		if (p == q) orflags = CHARTYPE_LAST_ESC_2253;
+		if(type & BUF_TYPE_CONVUTF8) {
+			unsigned char utfbuf[6];
+			int utflen;
+			utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
+			for(i = 0; i < utflen; i++) {
+				/* We don't need to worry about setting orflags correctly
+				 * because if utflen==1 its value will be correct anyway 
+				 * otherwise each character will be > 0x7f and so the 
+				 * character will never be escaped on first and last.
+				 */
+				len = do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), quotes, io_ch, arg);
+				if(len < 0) return -1;
+				outlen += len;
+			}
+		} else {
+			len = do_esc_char(c, (unsigned char)(flags | orflags), quotes, io_ch, arg);
+			if(len < 0) return -1;
+			outlen += len;
+		}
+	}
+	return outlen;
+}
+
+/* This function hex dumps a buffer of characters */
+
+static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen)
+{
+	const static char hexdig[] = "0123456789ABCDEF";
+	unsigned char *p, *q;
+	char hextmp[2];
+	if(arg) {
+		p = buf;
+		q = buf + buflen;
+		while(p != q) {
+			hextmp[0] = hexdig[*p >> 4];
+			hextmp[1] = hexdig[*p & 0xf];
+			if(!io_ch(arg, hextmp, 2)) return -1;
+			p++;
+		}
+	}
+	return buflen << 1;
+}
+
+/* "dump" a string. This is done when the type is unknown,
+ * or the flags request it. We can either dump the content
+ * octets or the entire DER encoding. This uses the RFC2253
+ * #01234 format.
+ */
+
+static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
+{
+	/* Placing the ASN1_STRING in a temp ASN1_TYPE allows
+	 * the DER encoding to readily obtained
+	 */
+	ASN1_TYPE t;
+	unsigned char *der_buf, *p;
+	int outlen, der_len;
+
+	if(!io_ch(arg, "#", 1)) return -1;
+	/* If we don't dump DER encoding just dump content octets */
+	if(!(lflags & ASN1_STRFLGS_DUMP_DER)) {
+		outlen = do_hex_dump(io_ch, arg, str->data, str->length);
+		if(outlen < 0) return -1;
+		return outlen + 1;
+	}
+	t.type = str->type;
+	t.value.ptr = (char *)str;
+	der_len = i2d_ASN1_TYPE(&t, NULL);
+	der_buf = OPENSSL_malloc(der_len);
+	if(!der_buf) return -1;
+	p = der_buf;
+	i2d_ASN1_TYPE(&t, &p);
+	outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
+	OPENSSL_free(der_buf);
+	if(outlen < 0) return -1;
+	return outlen + 1;
+}
+
+/* Lookup table to convert tags to character widths,
+ * 0 = UTF8 encoded, -1 is used for non string types
+ * otherwise it is the number of bytes per character
+ */
+
+const static char tag2nbyte[] = {
+	-1, -1, -1, -1, -1,	/* 0-4 */
+	-1, -1, -1, -1, -1,	/* 5-9 */
+	-1, -1, 0, -1,		/* 10-13 */
+	-1, -1, -1, -1,		/* 15-17 */
+	-1, 1, 1,		/* 18-20 */
+	-1, 1, -1,-1,		/* 21-24 */
+	-1, 1, -1,		/* 25-27 */
+	4, -1, 2		/* 28-30 */
+};
+
+#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
+		  ASN1_STRFLGS_ESC_QUOTE | \
+		  ASN1_STRFLGS_ESC_CTRL | \
+		  ASN1_STRFLGS_ESC_MSB)
+
+/* This is the main function, print out an
+ * ASN1_STRING taking note of various escape
+ * and display options. Returns number of
+ * characters written or -1 if an error
+ * occurred.
+ */
+
+static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STRING *str)
+{
+	int outlen, len;
+	int type;
+	char quotes;
+	unsigned char flags;
+	quotes = 0;
+	/* Keep a copy of escape flags */
+	flags = (unsigned char)(lflags & ESC_FLAGS);
+
+	type = str->type;
+
+	outlen = 0;
+
+
+	if(lflags & ASN1_STRFLGS_SHOW_TYPE) {
+		const char *tagname;
+		tagname = ASN1_tag2str(type);
+		outlen += strlen(tagname);
+		if(!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) return -1; 
+		outlen++;
+	}
+
+	/* Decide what to do with type, either dump content or display it */
+
+	/* Dump everything */
+	if(lflags & ASN1_STRFLGS_DUMP_ALL) type = -1;
+	/* Ignore the string type */
+	else if(lflags & ASN1_STRFLGS_IGNORE_TYPE) type = 1;
+	else {
+		/* Else determine width based on type */
+		if((type > 0) && (type < 31)) type = tag2nbyte[type];
+		else type = -1;
+		if((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1;
+	}
+
+	if(type == -1) {
+		len = do_dump(lflags, io_ch, arg, str);
+		if(len < 0) return -1;
+		outlen += len;
+		return outlen;
+	}
+
+	if(lflags & ASN1_STRFLGS_UTF8_CONVERT) {
+		/* Note: if string is UTF8 and we want
+		 * to convert to UTF8 then we just interpret
+		 * it as 1 byte per character to avoid converting
+		 * twice.
+		 */
+		if(!type) type = 1;
+		else type |= BUF_TYPE_CONVUTF8;
+	}
+
+	len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
+	if(outlen < 0) return -1;
+	outlen += len;
+	if(quotes) outlen += 2;
+	if(!arg) return outlen;
+	if(quotes && !io_ch(arg, "\"", 1)) return -1;
+	do_buf(str->data, str->length, type, flags, NULL, io_ch, arg);
+	if(quotes && !io_ch(arg, "\"", 1)) return -1;
+	return outlen;
+}
+
+/* Used for line indenting: print 'indent' spaces */
+
+static int do_indent(char_io *io_ch, void *arg, int indent)
+{
+	int i;
+	for(i = 0; i < indent; i++)
+			if(!io_ch(arg, " ", 1)) return 0;
+	return 1;
+}
+
+#define FN_WIDTH_LN	25
+#define FN_WIDTH_SN	10
+
+static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
+				int indent, unsigned long flags)
+{
+	int i, prev = -1, orflags, cnt;
+	int fn_opt, fn_nid;
+	ASN1_OBJECT *fn;
+	ASN1_STRING *val;
+	X509_NAME_ENTRY *ent;
+	char objtmp[80];
+	const char *objbuf;
+	int outlen, len;
+	char *sep_dn, *sep_mv, *sep_eq;
+	int sep_dn_len, sep_mv_len, sep_eq_len;
+	if(indent < 0) indent = 0;
+	outlen = indent;
+	if(!do_indent(io_ch, arg, indent)) return -1;
+	switch (flags & XN_FLAG_SEP_MASK)
+	{
+		case XN_FLAG_SEP_MULTILINE:
+		sep_dn = "\n";
+		sep_dn_len = 1;
+		sep_mv = " + ";
+		sep_mv_len = 3;
+		break;
+
+		case XN_FLAG_SEP_COMMA_PLUS:
+		sep_dn = ",";
+		sep_dn_len = 1;
+		sep_mv = "+";
+		sep_mv_len = 1;
+		indent = 0;
+		break;
+
+		case XN_FLAG_SEP_CPLUS_SPC:
+		sep_dn = ", ";
+		sep_dn_len = 2;
+		sep_mv = " + ";
+		sep_mv_len = 3;
+		indent = 0;
+		break;
+
+		case XN_FLAG_SEP_SPLUS_SPC:
+		sep_dn = "; ";
+		sep_dn_len = 2;
+		sep_mv = " + ";
+		sep_mv_len = 3;
+		indent = 0;
+		break;
+
+		default:
+		return -1;
+	}
+
+	if(flags & XN_FLAG_SPC_EQ) {
+		sep_eq = " = ";
+		sep_eq_len = 3;
+	} else {
+		sep_eq = "=";
+		sep_eq_len = 1;
+	}
+
+	fn_opt = flags & XN_FLAG_FN_MASK;
+
+	cnt = X509_NAME_entry_count(n);	
+	for(i = 0; i < cnt; i++) {
+		if(flags & XN_FLAG_DN_REV)
+				ent = X509_NAME_get_entry(n, cnt - i - 1);
+		else ent = X509_NAME_get_entry(n, i);
+		if(prev != -1) {
+			if(prev == ent->set) {
+				if(!io_ch(arg, sep_mv, sep_mv_len)) return -1;
+				outlen += sep_mv_len;
+			} else {
+				if(!io_ch(arg, sep_dn, sep_dn_len)) return -1;
+				outlen += sep_dn_len;
+				if(!do_indent(io_ch, arg, indent)) return -1;
+				outlen += indent;
+			}
+		}
+		prev = ent->set;
+		fn = X509_NAME_ENTRY_get_object(ent);
+		val = X509_NAME_ENTRY_get_data(ent);
+		fn_nid = OBJ_obj2nid(fn);
+		if(fn_opt != XN_FLAG_FN_NONE) {
+			int objlen, fld_len;
+			if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) {
+				OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
+				fld_len = 0; /* XXX: what should this be? */
+				objbuf = objtmp;
+			} else {
+				if(fn_opt == XN_FLAG_FN_SN) {
+					fld_len = FN_WIDTH_SN;
+					objbuf = OBJ_nid2sn(fn_nid);
+				} else if(fn_opt == XN_FLAG_FN_LN) {
+					fld_len = FN_WIDTH_LN;
+					objbuf = OBJ_nid2ln(fn_nid);
+				} else {
+					fld_len = 0; /* XXX: what should this be? */
+					objbuf = "";
+				}
+			}
+			objlen = strlen(objbuf);
+			if(!io_ch(arg, objbuf, objlen)) return -1;
+			if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
+				if (!do_indent(io_ch, arg, fld_len - objlen)) return -1;
+				outlen += fld_len - objlen;
+			}
+			if(!io_ch(arg, sep_eq, sep_eq_len)) return -1;
+			outlen += objlen + sep_eq_len;
+		}
+		/* If the field name is unknown then fix up the DER dump
+		 * flag. We might want to limit this further so it will
+ 		 * DER dump on anything other than a few 'standard' fields.
+		 */
+		if((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) 
+					orflags = ASN1_STRFLGS_DUMP_ALL;
+		else orflags = 0;
+     
+		len = do_print_ex(io_ch, arg, flags | orflags, val);
+		if(len < 0) return -1;
+		outlen += len;
+	}
+	return outlen;
+}
+
+/* Wrappers round the main functions */
+
+int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
+{
+	if(flags == XN_FLAG_COMPAT)
+		return X509_NAME_print(out, nm, indent);
+	return do_name_ex(send_bio_chars, out, nm, indent, flags);
+}
+
+
+int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)
+{
+	if(flags == XN_FLAG_COMPAT)
+		{
+		BIO *btmp;
+		int ret;
+		btmp = BIO_new_fp(fp, BIO_NOCLOSE);
+		if(!btmp) return -1;
+		ret = X509_NAME_print(btmp, nm, indent);
+		BIO_free(btmp);
+		return ret;
+		}
+	return do_name_ex(send_fp_chars, fp, nm, indent, flags);
+}
+
+int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags)
+{
+	return do_print_ex(send_bio_chars, out, flags, str);
+}
+
+
+int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags)
+{
+	return do_print_ex(send_fp_chars, fp, flags, str);
+}
+
+/* Utility function: convert any string type to UTF8, returns number of bytes
+ * in output string or a negative error code
+ */
+
+int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
+{
+	ASN1_STRING stmp, *str = &stmp;
+	int mbflag, type, ret;
+	if(!in) return -1;
+	type = in->type;
+	if((type < 0) || (type > 30)) return -1;
+	mbflag = tag2nbyte[type];
+	if(mbflag == -1) return -1;
+	mbflag |= MBSTRING_FLAG;
+	stmp.data = NULL;
+	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
+	if(ret < 0) return ret;
+	*out = stmp.data;
+	return stmp.length;
+}
diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c
new file mode 100644
index 0000000000..04789d1c63
--- /dev/null
+++ b/crypto/asn1/a_strnid.c
@@ -0,0 +1,252 @@
+/* a_strnid.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+
+
+static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
+static void st_free(ASN1_STRING_TABLE *tbl);
+static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
+			const ASN1_STRING_TABLE * const *b);
+static int table_cmp(const void *a, const void *b);
+
+
+/* This is the global mask for the mbstring functions: this is use to
+ * mask out certain types (such as BMPString and UTF8String) because
+ * certain software (e.g. Netscape) has problems with them.
+ */
+
+static unsigned long global_mask = 0xFFFFFFFFL;
+
+void ASN1_STRING_set_default_mask(unsigned long mask)
+{
+	global_mask = mask;
+}
+
+unsigned long ASN1_STRING_get_default_mask(void)
+{
+	return global_mask;
+}
+
+/* This function sets the default to various "flavours" of configuration.
+ * based on an ASCII string. Currently this is:
+ * MASK:XXXX : a numerical mask value.
+ * nobmp : Don't use BMPStrings (just Printable, T61).
+ * pkix : PKIX recommendation in RFC2459.
+ * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004).
+ * default:   the default value, Printable, T61, BMP.
+ */
+
+int ASN1_STRING_set_default_mask_asc(char *p)
+{
+	unsigned long mask;
+	char *end;
+	if(!strncmp(p, "MASK:", 5)) {
+		if(!p[5]) return 0;
+		mask = strtoul(p + 5, &end, 0);
+		if(*end) return 0;
+	} else if(!strcmp(p, "nombstr"))
+			 mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
+	else if(!strcmp(p, "pkix"))
+			mask = ~((unsigned long)B_ASN1_T61STRING);
+	else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;
+	else if(!strcmp(p, "default"))
+	    mask = 0xFFFFFFFFL;
+	else return 0;
+	ASN1_STRING_set_default_mask(mask);
+	return 1;
+}
+
+/* The following function generates an ASN1_STRING based on limits in a table.
+ * Frequently the types and length of an ASN1_STRING are restricted by a 
+ * corresponding OID. For example certificates and certificate requests.
+ */
+
+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
+					int inlen, int inform, int nid)
+{
+	ASN1_STRING_TABLE *tbl;
+	ASN1_STRING *str = NULL;
+	unsigned long mask;
+	int ret;
+	if(!out) out = &str;
+	tbl = ASN1_STRING_TABLE_get(nid);
+	if(tbl) {
+		mask = tbl->mask;
+		if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask;
+		ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
+					tbl->minsize, tbl->maxsize);
+	} else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask);
+	if(ret <= 0) return NULL;
+	return *out;
+}
+
+/* Now the tables and helper functions for the string table:
+ */
+
+/* size limits: this stuff is taken straight from RFC2459 */
+
+#define ub_name				32768
+#define ub_common_name			64
+#define ub_locality_name		128
+#define ub_state_name			128
+#define ub_organization_name		64
+#define ub_organization_unit_name	64
+#define ub_title			64
+#define ub_email_address		128
+
+/* This table must be kept in NID order */
+
+static ASN1_STRING_TABLE tbl_standard[] = {
+{NID_commonName,		1, ub_common_name, DIRSTRING_TYPE, 0},
+{NID_countryName,		2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+{NID_localityName,		1, ub_locality_name, DIRSTRING_TYPE, 0},
+{NID_stateOrProvinceName,	1, ub_state_name, DIRSTRING_TYPE, 0},
+{NID_organizationName,		1, ub_organization_name, DIRSTRING_TYPE, 0},
+{NID_organizationalUnitName,	1, ub_organization_unit_name, DIRSTRING_TYPE, 0},
+{NID_pkcs9_emailAddress,	1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK},
+{NID_pkcs9_unstructuredName,	1, -1, PKCS9STRING_TYPE, 0},
+{NID_pkcs9_challengePassword,	1, -1, PKCS9STRING_TYPE, 0},
+{NID_pkcs9_unstructuredAddress,	1, -1, DIRSTRING_TYPE, 0},
+{NID_givenName,			1, ub_name, DIRSTRING_TYPE, 0},
+{NID_surname,			1, ub_name, DIRSTRING_TYPE, 0},
+{NID_initials,			1, ub_name, DIRSTRING_TYPE, 0},
+{NID_friendlyName,		-1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
+{NID_name,			1, ub_name, DIRSTRING_TYPE, 0},
+{NID_dnQualifier,		-1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+{NID_ms_csp_name,		-1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
+};
+
+static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
+			const ASN1_STRING_TABLE * const *b)
+{
+	return (*a)->nid - (*b)->nid;
+}
+
+static int table_cmp(const void *a, const void *b)
+{
+	const ASN1_STRING_TABLE *sa = a, *sb = b;
+	return sa->nid - sb->nid;
+}
+
+ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
+{
+	int idx;
+	ASN1_STRING_TABLE *ttmp;
+	ASN1_STRING_TABLE fnd;
+	fnd.nid = nid;
+	ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd,
+					(char *)tbl_standard, 
+			sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
+			sizeof(ASN1_STRING_TABLE), table_cmp);
+	if(ttmp) return ttmp;
+	if(!stable) return NULL;
+	idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
+	if(idx < 0) return NULL;
+	return sk_ASN1_STRING_TABLE_value(stable, idx);
+}
+	
+int ASN1_STRING_TABLE_add(int nid,
+		 long minsize, long maxsize, unsigned long mask,
+				unsigned long flags)
+{
+	ASN1_STRING_TABLE *tmp;
+	char new_nid = 0;
+	flags &= ~STABLE_FLAGS_MALLOC;
+	if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
+	if(!stable) {
+		ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	if(!(tmp = ASN1_STRING_TABLE_get(nid))) {
+		tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));
+		if(!tmp) {
+			ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD,
+							ERR_R_MALLOC_FAILURE);
+			return 0;
+		}
+		tmp->flags = flags | STABLE_FLAGS_MALLOC;
+		tmp->nid = nid;
+		new_nid = 1;
+	} else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;
+	if(minsize != -1) tmp->minsize = minsize;
+	if(maxsize != -1) tmp->maxsize = maxsize;
+	tmp->mask = mask;
+	if(new_nid) sk_ASN1_STRING_TABLE_push(stable, tmp);
+	return 1;
+}
+
+void ASN1_STRING_TABLE_cleanup(void)
+{
+	STACK_OF(ASN1_STRING_TABLE) *tmp;
+	tmp = stable;
+	if(!tmp) return;
+	stable = NULL;
+	sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
+}
+
+static void st_free(ASN1_STRING_TABLE *tbl)
+{
+	if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl);
+}
+
+IMPLEMENT_STACK_OF(ASN1_STRING_TABLE)
diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c
new file mode 100644
index 0000000000..6e5e9d845d
--- /dev/null
+++ b/crypto/asn1/a_time.c
@@ -0,0 +1,158 @@
+/* crypto/asn1/a_time.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+/* This is an implementation of the ASN1 Time structure which is:
+ *    Time ::= CHOICE {
+ *      utcTime        UTCTime,
+ *      generalTime    GeneralizedTime }
+ * written by Steve Henson.
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include "o_time.h"
+#include <openssl/asn1t.h>
+
+IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
+
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
+
+#if 0
+int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
+	{
+#ifdef CHARSET_EBCDIC
+	/* KLUDGE! We convert to ascii before writing DER */
+	char tmp[24];
+	ASN1_STRING tmpstr;
+
+	if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) {
+	    int len;
+
+	    tmpstr = *(ASN1_STRING *)a;
+	    len = tmpstr.length;
+	    ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
+	    tmpstr.data = tmp;
+	    a = (ASN1_GENERALIZEDTIME *) &tmpstr;
+	}
+#endif
+	if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME)
+				return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
+				     a->type ,V_ASN1_UNIVERSAL));
+	ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
+	return -1;
+	}
+#endif
+
+
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
+	{
+	struct tm *ts;
+	struct tm data;
+
+	ts=OPENSSL_gmtime(&t,&data);
+	if (ts == NULL)
+		return NULL;
+	if((ts->tm_year >= 50) && (ts->tm_year < 150))
+					return ASN1_UTCTIME_set(s, t);
+	return ASN1_GENERALIZEDTIME_set(s,t);
+	}
+
+int ASN1_TIME_check(ASN1_TIME *t)
+	{
+	if (t->type == V_ASN1_GENERALIZEDTIME)
+		return ASN1_GENERALIZEDTIME_check(t);
+	else if (t->type == V_ASN1_UTCTIME)
+		return ASN1_UTCTIME_check(t);
+	return 0;
+	}
+
+/* Convert an ASN1_TIME structure to GeneralizedTime */
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
+	{
+	ASN1_GENERALIZEDTIME *ret;
+	char *str;
+
+	if (!ASN1_TIME_check(t)) return NULL;
+
+	if (!out || !*out)
+		{
+		if (!(ret = ASN1_GENERALIZEDTIME_new ()))
+			return NULL;
+		if (out) *out = ret;
+		}
+	else ret = *out;
+
+	/* If already GeneralizedTime just copy across */
+	if (t->type == V_ASN1_GENERALIZEDTIME)
+		{
+		if(!ASN1_STRING_set(ret, t->data, t->length))
+			return NULL;
+		return ret;
+		}
+
+	/* grow the string */
+	if (!ASN1_STRING_set(ret, NULL, t->length + 2))
+		return NULL;
+	str = (char *)ret->data;
+	/* Work out the century and prepend */
+	if (t->data[0] >= '5') strcpy(str, "19");
+	else strcpy(str, "20");
+
+	BUF_strlcat(str, (char *)t->data, t->length+2);
+
+	return ret;
+	}
diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c
index 7ddf5f9917..fe3fcd40b0 100644
--- a/crypto/asn1/a_type.c
+++ b/crypto/asn1/a_type.c
@@ -57,274 +57,25 @@
  */
 
 #include <stdio.h>
+#include <openssl/asn1t.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
 
-/* ASN1err(ASN1_F_D2I_ASN1_BYTES,ASN1_R_WRONG_TAG);
- * ASN1err(ASN1_F_ASN1_COLLATE_PRIMATIVE,ASN1_R_WRONG_TAG);
- */
-
-#ifndef NOPROTO
-static void ASN1_TYPE_component_free(ASN1_TYPE *a);
-#else
-static void ASN1_TYPE_component_free();
-#endif
-
-int i2d_ASN1_TYPE(a,pp)
-ASN1_TYPE *a;
-unsigned char **pp;
-	{
-	int r=0;
-
-	if (a == NULL) return(0);
-
-	switch (a->type)
-		{
-	case V_ASN1_NULL:
-		if (pp != NULL)
-			ASN1_put_object(pp,0,0,V_ASN1_NULL,V_ASN1_UNIVERSAL);
-		r=2;
-		break;
-	case V_ASN1_INTEGER:
-	case V_ASN1_NEG_INTEGER:
-		r=i2d_ASN1_INTEGER(a->value.integer,pp);
-		break;
-	case V_ASN1_BIT_STRING:
-		r=i2d_ASN1_BIT_STRING(a->value.bit_string,pp);
-		break;
-	case V_ASN1_OCTET_STRING:
-		r=i2d_ASN1_OCTET_STRING(a->value.octet_string,pp);
-		break;
-	case V_ASN1_OBJECT:
-		r=i2d_ASN1_OBJECT(a->value.object,pp);
-		break;
-	case V_ASN1_PRINTABLESTRING:
-		r=M_i2d_ASN1_PRINTABLESTRING(a->value.printablestring,pp);
-		break;
-	case V_ASN1_T61STRING:
-		r=M_i2d_ASN1_T61STRING(a->value.t61string,pp);
-		break;
-	case V_ASN1_IA5STRING:
-		r=M_i2d_ASN1_IA5STRING(a->value.ia5string,pp);
-		break;
-	case V_ASN1_GENERALSTRING:
-		r=M_i2d_ASN1_GENERALSTRING(a->value.generalstring,pp);
-		break;
-	case V_ASN1_UNIVERSALSTRING:
-		r=M_i2d_ASN1_UNIVERSALSTRING(a->value.universalstring,pp);
-		break;
-	case V_ASN1_BMPSTRING:
-		r=M_i2d_ASN1_BMPSTRING(a->value.bmpstring,pp);
-		break;
-	case V_ASN1_UTCTIME:
-		r=i2d_ASN1_UTCTIME(a->value.utctime,pp);
-		break;
-	case V_ASN1_SET:
-	case V_ASN1_SEQUENCE:
-		if (a->value.set == NULL)
-			r=0;
-		else
-			{
-			r=a->value.set->length;
-			if (pp != NULL)
-				{
-				memcpy(*pp,a->value.set->data,r);
-				*pp+=r;
-				}
-			}
-		break;
-		}
-	return(r);
-	}
-
-ASN1_TYPE *d2i_ASN1_TYPE(a,pp,length)
-ASN1_TYPE **a;
-unsigned char **pp;
-long length;
+int ASN1_TYPE_get(ASN1_TYPE *a)
 	{
-	ASN1_TYPE *ret=NULL;
-	unsigned char *q,*p,*max;
-	int inf,tag,xclass;
-	long len;
-
-	if ((a == NULL) || ((*a) == NULL))
-		{
-		if ((ret=ASN1_TYPE_new()) == NULL) goto err;
-		}
-	else
-		ret=(*a);
-
-	p= *pp;
-	q=p;
-	max=(p+length);
-
-	inf=ASN1_get_object(&q,&len,&tag,&xclass,length);
-	if (inf & 0x80) goto err;
-	
-	ASN1_TYPE_component_free(ret);
-
-	switch (tag)
-		{
-	case V_ASN1_NULL:
-		p=q;
-		ret->value.ptr=NULL;
-		break;
-	case V_ASN1_INTEGER:
-		if ((ret->value.integer=
-			d2i_ASN1_INTEGER(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_BIT_STRING:
-		if ((ret->value.bit_string=
-			d2i_ASN1_BIT_STRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_OCTET_STRING:
-		if ((ret->value.octet_string=
-			d2i_ASN1_OCTET_STRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_OBJECT:
-		if ((ret->value.object=
-			d2i_ASN1_OBJECT(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_PRINTABLESTRING:
-		if ((ret->value.printablestring=
-			d2i_ASN1_PRINTABLESTRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_T61STRING:
-		if ((ret->value.t61string=
-			M_d2i_ASN1_T61STRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_IA5STRING:
-		if ((ret->value.ia5string=
-			M_d2i_ASN1_IA5STRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_GENERALSTRING:
-		if ((ret->value.generalstring=
-			M_d2i_ASN1_GENERALSTRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_UNIVERSALSTRING:
-		if ((ret->value.universalstring=
-			M_d2i_ASN1_UNIVERSALSTRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_BMPSTRING:
-		if ((ret->value.bmpstring=
-			M_d2i_ASN1_BMPSTRING(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_UTCTIME:
-		if ((ret->value.utctime=
-			d2i_ASN1_UTCTIME(NULL,&p,max-p)) == NULL)
-			goto err;
-		break;
-	case V_ASN1_SET:
-	case V_ASN1_SEQUENCE:
-		/* Sets and sequences are left complete */
-		if ((ret->value.set=ASN1_STRING_new()) == NULL) goto err;
-		ret->value.set->type=tag;
-		len+=(q-p);
-		if (!ASN1_STRING_set(ret->value.set,p,(int)len)) goto err;
-		p+=len;
-		break;
-	default:
-		ASN1err(ASN1_F_D2I_ASN1_TYPE,ASN1_R_BAD_TYPE);
-		goto err;
-		}
-
-	ret->type=tag;
-	if (a != NULL) (*a)=ret;
-	*pp=p;
-	return(ret);
-err:
-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) ASN1_TYPE_free(ret);
-	return(NULL);
-	}
-
-ASN1_TYPE *ASN1_TYPE_new()
-	{
-	ASN1_TYPE *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,ASN1_TYPE);
-	ret->type= -1;
-	ret->value.ptr=NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_ASN1_TYPE_NEW);
-	}
-
-void ASN1_TYPE_free(a)
-ASN1_TYPE *a;
-	{
-	if (a == NULL) return;
-	ASN1_TYPE_component_free(a);
-	Free((char *)(char *)a);
-	}
-
-int ASN1_TYPE_get(a)
-ASN1_TYPE *a;
-	{
-	if (a->value.ptr != NULL)
+	if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
 		return(a->type);
 	else
 		return(0);
 	}
 
-void ASN1_TYPE_set(a,type,value)
-ASN1_TYPE *a;
-int type;
-char *value;
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
 	{
 	if (a->value.ptr != NULL)
-		ASN1_TYPE_component_free(a);
+		ASN1_primitive_free((ASN1_VALUE **)&a, NULL);
 	a->type=type;
 	a->value.ptr=value;
 	}
 
-static void ASN1_TYPE_component_free(a)
-ASN1_TYPE *a;
-	{
-	if (a == NULL) return;
-
-	if (a->value.ptr != NULL)
-		{
-		switch (a->type)
-			{
-		case V_ASN1_OBJECT:
-			ASN1_OBJECT_free(a->value.object);
-			break;
-		case V_ASN1_INTEGER:
-		case V_ASN1_NEG_INTEGER:
-		case V_ASN1_BIT_STRING:
-		case V_ASN1_OCTET_STRING:
-		case V_ASN1_SEQUENCE:
-		case V_ASN1_SET:
-		case V_ASN1_NUMERICSTRING:
-		case V_ASN1_PRINTABLESTRING:
-		case V_ASN1_T61STRING:
-		case V_ASN1_VIDEOTEXSTRING:
-		case V_ASN1_IA5STRING:
-		case V_ASN1_UTCTIME:
-		case V_ASN1_GENERALIZEDTIME:
-		case V_ASN1_GRAPHICSTRING:
-		case V_ASN1_VISIBLESTRING:
-		case V_ASN1_GENERALSTRING:
-		case V_ASN1_UNIVERSALSTRING:
-		case V_ASN1_BMPSTRING:
-			ASN1_STRING_free((ASN1_STRING *)a->value.ptr);
-			break;
-		default:
-			/* MEMORY LEAK */
-			break;
-			}
-		a->type=0;
-		a->value.ptr=NULL;
-		}
-	}
 
+IMPLEMENT_STACK_OF(ASN1_TYPE)
+IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c
index ddd1a4016b..dbb4a42c9d 100644
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -59,25 +59,31 @@
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#include "asn1.h"
+#include "o_time.h"
+#include <openssl/asn1.h>
 
-/* ASN1err(ASN1_F_ASN1_UTCTIME_NEW,ASN1_R_UTCTIME_TOO_LONG);
- * ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_EXPECTING_A_UTCTIME);
- */
-
-int i2d_ASN1_UTCTIME(a,pp)
-ASN1_UTCTIME *a;
-unsigned char **pp;
+#if 0
+int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
 	{
+#ifndef CHARSET_EBCDIC
 	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
 		V_ASN1_UTCTIME,V_ASN1_UNIVERSAL));
+#else
+	/* KLUDGE! We convert to ascii before writing DER */
+	int len;
+	char tmp[24];
+	ASN1_STRING x = *(ASN1_STRING *)a;
+
+	len = x.length;
+	ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len);
+	x.data = tmp;
+	return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
+#endif
 	}
 
 
-ASN1_UTCTIME *d2i_ASN1_UTCTIME(a, pp, length)
-ASN1_UTCTIME **a;
-unsigned char **pp;
-long length;
+ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp,
+	     long length)
 	{
 	ASN1_UTCTIME *ret=NULL;
 
@@ -88,6 +94,9 @@ long length;
 		ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ERR_R_NESTED_ASN1_ERROR);
 		return(NULL);
 		}
+#ifdef CHARSET_EBCDIC
+	ascii2ebcdic(ret->data, ret->data, ret->length);
+#endif
 	if (!ASN1_UTCTIME_check(ret))
 		{
 		ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_INVALID_TIME_FORMAT);
@@ -97,12 +106,13 @@ long length;
 	return(ret);
 err:
 	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		ASN1_UTCTIME_free(ret);
+		M_ASN1_UTCTIME_free(ret);
 	return(NULL);
 	}
 
-int ASN1_UTCTIME_check(d)
-ASN1_UTCTIME *d;
+#endif
+
+int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
 	{
 	static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
 	static int max[8]={99,12,31,23,59,59,12,59};
@@ -152,9 +162,7 @@ err:
 	return(0);
 	}
 
-int ASN1_UTCTIME_set_string(s,str)
-ASN1_UTCTIME *s;
-char *str;
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str)
 	{
 	ASN1_UTCTIME t;
 
@@ -167,6 +175,7 @@ char *str;
 			{
 			ASN1_STRING_set((ASN1_STRING *)s,
 				(unsigned char *)str,t.length);
+			s->type = V_ASN1_UTCTIME;
 			}
 		return(1);
 		}
@@ -174,33 +183,28 @@ char *str;
 		return(0);
 	}
 
-ASN1_UTCTIME *ASN1_UTCTIME_set(s, t)
-ASN1_UTCTIME *s;
-time_t t;
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
 	{
 	char *p;
 	struct tm *ts;
-#if defined(THREADS) && !defined(WIN32)
 	struct tm data;
-#endif
 
 	if (s == NULL)
-		s=ASN1_UTCTIME_new();
+		s=M_ASN1_UTCTIME_new();
 	if (s == NULL)
 		return(NULL);
 
-#if defined(THREADS) && !defined(WIN32)
-	ts=(struct tm *)gmtime_r(&t,&data);
-#else
-	ts=(struct tm *)gmtime(&t);
-#endif
+	ts=OPENSSL_gmtime(&t, &data);
+	if (ts == NULL)
+		return(NULL);
+
 	p=(char *)s->data;
 	if ((p == NULL) || (s->length < 14))
 		{
-		p=Malloc(20);
+		p=OPENSSL_malloc(20);
 		if (p == NULL) return(NULL);
 		if (s->data != NULL)
-			Free(s->data);
+			OPENSSL_free(s->data);
 		s->data=(unsigned char *)p;
 		}
 
@@ -208,5 +212,86 @@ time_t t;
 		ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
 	s->length=strlen(p);
 	s->type=V_ASN1_UTCTIME;
+#ifdef CHARSET_EBCDIC_not
+	ebcdic2ascii(s->data, s->data, s->length);
+#endif
 	return(s);
 	}
+
+
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
+	{
+	struct tm *tm;
+	struct tm data;
+	int offset;
+	int year;
+
+#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
+
+	if (s->data[12] == 'Z')
+		offset=0;
+	else
+		{
+		offset = g2(s->data+13)*60+g2(s->data+15);
+		if (s->data[12] == '-')
+			offset = -offset;
+		}
+
+	t -= offset*60; /* FIXME: may overflow in extreme cases */
+
+	tm = OPENSSL_gmtime(&t, &data);
+	
+#define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
+	year = g2(s->data);
+	if (year < 50)
+		year += 100;
+	return_cmp(year,              tm->tm_year);
+	return_cmp(g2(s->data+2) - 1, tm->tm_mon);
+	return_cmp(g2(s->data+4),     tm->tm_mday);
+	return_cmp(g2(s->data+6),     tm->tm_hour);
+	return_cmp(g2(s->data+8),     tm->tm_min);
+	return_cmp(g2(s->data+10),    tm->tm_sec);
+#undef g2
+#undef return_cmp
+
+	return 0;
+	}
+
+
+#if 0
+time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
+	{
+	struct tm tm;
+	int offset;
+
+	memset(&tm,'\0',sizeof tm);
+
+#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
+	tm.tm_year=g2(s->data);
+	if(tm.tm_year < 50)
+		tm.tm_year+=100;
+	tm.tm_mon=g2(s->data+2)-1;
+	tm.tm_mday=g2(s->data+4);
+	tm.tm_hour=g2(s->data+6);
+	tm.tm_min=g2(s->data+8);
+	tm.tm_sec=g2(s->data+10);
+	if(s->data[12] == 'Z')
+		offset=0;
+	else
+		{
+		offset=g2(s->data+13)*60+g2(s->data+15);
+		if(s->data[12] == '-')
+			offset= -offset;
+		}
+#undef g2
+
+	return mktime(&tm)-offset*60; /* FIXME: mktime assumes the current timezone
+	                               * instead of UTC, and unless we rewrite OpenSSL
+				       * in Lisp we cannot locally change the timezone
+				       * without possibly interfering with other parts
+	                               * of the program. timegm, which uses UTC, is
+				       * non-standard.
+	                               * Also time_t is inappropriate for general
+	                               * UTC times because it may a 32 bit type. */
+	}
+#endif
diff --git a/crypto/asn1/a_utf8.c b/crypto/asn1/a_utf8.c
new file mode 100644
index 0000000000..508e11e527
--- /dev/null
+++ b/crypto/asn1/a_utf8.c
@@ -0,0 +1,211 @@
+/* crypto/asn1/a_utf8.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+
+/* UTF8 utilities */
+
+/* This parses a UTF8 string one character at a time. It is passed a pointer
+ * to the string and the length of the string. It sets 'value' to the value of
+ * the current character. It returns the number of characters read or a
+ * negative error code:
+ * -1 = string too short
+ * -2 = illegal character
+ * -3 = subsequent characters not of the form 10xxxxxx
+ * -4 = character encoded incorrectly (not minimal length).
+ */
+
+int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
+{
+	const unsigned char *p;
+	unsigned long value;
+	int ret;
+	if(len <= 0) return 0;
+	p = str;
+
+	/* Check syntax and work out the encoded value (if correct) */
+	if((*p & 0x80) == 0) {
+		value = *p++ & 0x7f;
+		ret = 1;
+	} else if((*p & 0xe0) == 0xc0) {
+		if(len < 2) return -1;
+		if((p[1] & 0xc0) != 0x80) return -3;
+		value = (*p++ & 0x1f) << 6;
+		value |= *p++ & 0x3f;
+		if(value < 0x80) return -4;
+		ret = 2;
+	} else if((*p & 0xf0) == 0xe0) {
+		if(len < 3) return -1;
+		if( ((p[1] & 0xc0) != 0x80)
+		   || ((p[2] & 0xc0) != 0x80) ) return -3;
+		value = (*p++ & 0xf) << 12;
+		value |= (*p++ & 0x3f) << 6;
+		value |= *p++ & 0x3f;
+		if(value < 0x800) return -4;
+		ret = 3;
+	} else if((*p & 0xf8) == 0xf0) {
+		if(len < 4) return -1;
+		if( ((p[1] & 0xc0) != 0x80)
+		   || ((p[2] & 0xc0) != 0x80) 
+		   || ((p[3] & 0xc0) != 0x80) ) return -3;
+		value = ((unsigned long)(*p++ & 0x7)) << 18;
+		value |= (*p++ & 0x3f) << 12;
+		value |= (*p++ & 0x3f) << 6;
+		value |= *p++ & 0x3f;
+		if(value < 0x10000) return -4;
+		ret = 4;
+	} else if((*p & 0xfc) == 0xf8) {
+		if(len < 5) return -1;
+		if( ((p[1] & 0xc0) != 0x80)
+		   || ((p[2] & 0xc0) != 0x80) 
+		   || ((p[3] & 0xc0) != 0x80) 
+		   || ((p[4] & 0xc0) != 0x80) ) return -3;
+		value = ((unsigned long)(*p++ & 0x3)) << 24;
+		value |= ((unsigned long)(*p++ & 0x3f)) << 18;
+		value |= ((unsigned long)(*p++ & 0x3f)) << 12;
+		value |= (*p++ & 0x3f) << 6;
+		value |= *p++ & 0x3f;
+		if(value < 0x200000) return -4;
+		ret = 5;
+	} else if((*p & 0xfe) == 0xfc) {
+		if(len < 6) return -1;
+		if( ((p[1] & 0xc0) != 0x80)
+		   || ((p[2] & 0xc0) != 0x80) 
+		   || ((p[3] & 0xc0) != 0x80) 
+		   || ((p[4] & 0xc0) != 0x80) 
+		   || ((p[5] & 0xc0) != 0x80) ) return -3;
+		value = ((unsigned long)(*p++ & 0x1)) << 30;
+		value |= ((unsigned long)(*p++ & 0x3f)) << 24;
+		value |= ((unsigned long)(*p++ & 0x3f)) << 18;
+		value |= ((unsigned long)(*p++ & 0x3f)) << 12;
+		value |= (*p++ & 0x3f) << 6;
+		value |= *p++ & 0x3f;
+		if(value < 0x4000000) return -4;
+		ret = 6;
+	} else return -2;
+	*val = value;
+	return ret;
+}
+
+/* This takes a character 'value' and writes the UTF8 encoded value in
+ * 'str' where 'str' is a buffer containing 'len' characters. Returns
+ * the number of characters written or -1 if 'len' is too small. 'str' can
+ * be set to NULL in which case it just returns the number of characters.
+ * It will need at most 6 characters.
+ */
+
+int UTF8_putc(unsigned char *str, int len, unsigned long value)
+{
+	if(!str) len = 6;	/* Maximum we will need */
+	else if(len <= 0) return -1;
+	if(value < 0x80) {
+		if(str) *str = (unsigned char)value;
+		return 1;
+	}
+	if(value < 0x800) {
+		if(len < 2) return -1;
+		if(str) {
+			*str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0);
+			*str = (unsigned char)((value & 0x3f) | 0x80);
+		}
+		return 2;
+	}
+	if(value < 0x10000) {
+		if(len < 3) return -1;
+		if(str) {
+			*str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0);
+			*str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+			*str = (unsigned char)((value & 0x3f) | 0x80);
+		}
+		return 3;
+	}
+	if(value < 0x200000) {
+		if(len < 4) return -1;
+		if(str) {
+			*str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0);
+			*str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+			*str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+			*str = (unsigned char)((value & 0x3f) | 0x80);
+		}
+		return 4;
+	}
+	if(value < 0x4000000) {
+		if(len < 5) return -1;
+		if(str) {
+			*str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8);
+			*str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
+			*str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+			*str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+			*str = (unsigned char)((value & 0x3f) | 0x80);
+		}
+		return 5;
+	}
+	if(len < 6) return -1;
+	if(str) {
+		*str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc);
+		*str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80);
+		*str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
+		*str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+		*str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+		*str = (unsigned char)((value & 0x3f) | 0x80);
+	}
+	return 6;
+}
diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
index 03fc63dbef..da2a0a6d69 100644
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -58,29 +58,30 @@
 
 #include <stdio.h>
 #include <time.h>
-#include <sys/types.h>
-#include <sys/stat.h>
 
 #include "cryptlib.h"
-#include "bn.h"
-#include "x509.h"
-#include "objects.h"
-#include "buffer.h"
-#include "evp.h"
-#include "pem.h"
-
-int ASN1_verify(i2d,a,signature,data,pkey)
-int (*i2d)();
-X509_ALGOR *a;
-ASN1_BIT_STRING *signature;
-char *data;
-EVP_PKEY *pkey;
+
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
+	     char *data, EVP_PKEY *pkey)
 	{
 	EVP_MD_CTX ctx;
-	EVP_MD *type;
+	const EVP_MD *type;
 	unsigned char *p,*buf_in=NULL;
 	int ret= -1,i,inl;
 
+	EVP_MD_CTX_init(&ctx);
 	i=OBJ_obj2nid(a->algorithm);
 	type=EVP_get_digestbyname(OBJ_nid2sn(i));
 	if (type == NULL)
@@ -90,7 +91,7 @@ EVP_PKEY *pkey;
 		}
 	
 	inl=i2d(data,NULL);
-	buf_in=(unsigned char *)Malloc((unsigned int)inl);
+	buf_in=OPENSSL_malloc((unsigned int)inl);
 	if (buf_in == NULL)
 		{
 		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
@@ -99,11 +100,11 @@ EVP_PKEY *pkey;
 	p=buf_in;
 
 	i2d(data,&p);
-	EVP_VerifyInit(&ctx,type);
+	EVP_VerifyInit_ex(&ctx,type, NULL);
 	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
 
-	memset(buf_in,0,(unsigned int)inl);
-	Free((char *)buf_in);
+	OPENSSL_cleanse(buf_in,(unsigned int)inl);
+	OPENSSL_free(buf_in);
 
 	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
 			(unsigned int)signature->length,pkey) <= 0)
@@ -117,5 +118,58 @@ EVP_PKEY *pkey;
 	/* memset(&ctx,0,sizeof(ctx)); */
 	ret=1;
 err:
+	EVP_MD_CTX_cleanup(&ctx);
 	return(ret);
 	}
+
+#endif
+
+
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
+	     void *asn, EVP_PKEY *pkey)
+	{
+	EVP_MD_CTX ctx;
+	const EVP_MD *type;
+	unsigned char *buf_in=NULL;
+	int ret= -1,i,inl;
+
+	EVP_MD_CTX_init(&ctx);
+	i=OBJ_obj2nid(a->algorithm);
+	type=EVP_get_digestbyname(OBJ_nid2sn(i));
+	if (type == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+		goto err;
+		}
+
+	inl = ASN1_item_i2d(asn, &buf_in, it);
+	
+	if (buf_in == NULL)
+		{
+		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	EVP_VerifyInit_ex(&ctx,type, NULL);
+	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+
+	OPENSSL_cleanse(buf_in,(unsigned int)inl);
+	OPENSSL_free(buf_in);
+
+	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+			(unsigned int)signature->length,pkey) <= 0)
+		{
+		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+		ret=0;
+		goto err;
+		}
+	/* we don't need to zero the 'ctx' because we just checked
+	 * public information */
+	/* memset(&ctx,0,sizeof(ctx)); */
+	ret=1;
+err:
+	EVP_MD_CTX_cleanup(&ctx);
+	return(ret);
+	}
+
+
diff --git a/crypto/asn1/asn1.err b/crypto/asn1/asn1.err
deleted file mode 100644
index 1f5af96941..0000000000
--- a/crypto/asn1/asn1.err
+++ /dev/null
@@ -1,178 +0,0 @@
-/* Error codes for the ASN1 functions. */
-
-/* Function codes. */
-#define ASN1_F_A2D_ASN1_OBJECT				 100
-#define ASN1_F_A2I_ASN1_INTEGER				 101
-#define ASN1_F_A2I_ASN1_STRING				 102
-#define ASN1_F_ASN1_COLLATE_PRIMATIVE			 103
-#define ASN1_F_ASN1_D2I_BIO				 104
-#define ASN1_F_ASN1_D2I_FP				 105
-#define ASN1_F_ASN1_DUP					 106
-#define ASN1_F_ASN1_GET_OBJECT				 107
-#define ASN1_F_ASN1_HEADER_NEW				 108
-#define ASN1_F_ASN1_I2D_BIO				 109
-#define ASN1_F_ASN1_I2D_FP				 110
-#define ASN1_F_ASN1_INTEGER_SET				 111
-#define ASN1_F_ASN1_INTEGER_TO_BN			 112
-#define ASN1_F_ASN1_OBJECT_NEW				 113
-#define ASN1_F_ASN1_SIGN				 114
-#define ASN1_F_ASN1_STRING_NEW				 115
-#define ASN1_F_ASN1_STRING_TYPE_NEW			 116
-#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 117
-#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 118
-#define ASN1_F_ASN1_TYPE_NEW				 119
-#define ASN1_F_ASN1_UTCTIME_NEW				 120
-#define ASN1_F_ASN1_VERIFY				 121
-#define ASN1_F_BN_TO_ASN1_INTEGER			 122
-#define ASN1_F_D2I_ASN1_BIT_STRING			 123
-#define ASN1_F_D2I_ASN1_BMPSTRING			 124
-#define ASN1_F_D2I_ASN1_BOOLEAN				 125
-#define ASN1_F_D2I_ASN1_BYTES				 126
-#define ASN1_F_D2I_ASN1_HEADER				 127
-#define ASN1_F_D2I_ASN1_INTEGER				 128
-#define ASN1_F_D2I_ASN1_OBJECT				 129
-#define ASN1_F_D2I_ASN1_OCTET_STRING			 130
-#define ASN1_F_D2I_ASN1_PRINT_TYPE			 131
-#define ASN1_F_D2I_ASN1_SET				 132
-#define ASN1_F_D2I_ASN1_TYPE				 133
-#define ASN1_F_D2I_ASN1_TYPE_BYTES			 134
-#define ASN1_F_D2I_ASN1_UTCTIME				 135
-#define ASN1_F_D2I_DHPARAMS				 136
-#define ASN1_F_D2I_DSAPARAMS				 137
-#define ASN1_F_D2I_DSAPRIVATEKEY			 138
-#define ASN1_F_D2I_DSAPUBLICKEY				 139
-#define ASN1_F_D2I_NETSCAPE_PKEY			 140
-#define ASN1_F_D2I_NETSCAPE_RSA				 141
-#define ASN1_F_D2I_NETSCAPE_RSA_2			 142
-#define ASN1_F_D2I_NETSCAPE_SPKAC			 143
-#define ASN1_F_D2I_NETSCAPE_SPKI			 144
-#define ASN1_F_D2I_PKCS7				 145
-#define ASN1_F_D2I_PKCS7_DIGEST				 146
-#define ASN1_F_D2I_PKCS7_ENCRYPT			 147
-#define ASN1_F_D2I_PKCS7_ENC_CONTENT			 148
-#define ASN1_F_D2I_PKCS7_ENVELOPE			 149
-#define ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL		 150
-#define ASN1_F_D2I_PKCS7_RECIP_INFO			 151
-#define ASN1_F_D2I_PKCS7_SIGNED				 152
-#define ASN1_F_D2I_PKCS7_SIGNER_INFO			 153
-#define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE			 154
-#define ASN1_F_D2I_PRIVATEKEY				 155
-#define ASN1_F_D2I_PUBLICKEY				 156
-#define ASN1_F_D2I_RSAPRIVATEKEY			 157
-#define ASN1_F_D2I_RSAPUBLICKEY				 158
-#define ASN1_F_D2I_X509					 159
-#define ASN1_F_D2I_X509_ALGOR				 160
-#define ASN1_F_D2I_X509_ATTRIBUTE			 161
-#define ASN1_F_D2I_X509_CINF				 162
-#define ASN1_F_D2I_X509_CRL				 163
-#define ASN1_F_D2I_X509_CRL_INFO			 164
-#define ASN1_F_D2I_X509_EXTENSION			 165
-#define ASN1_F_D2I_X509_KEY				 166
-#define ASN1_F_D2I_X509_NAME				 167
-#define ASN1_F_D2I_X509_NAME_ENTRY			 168
-#define ASN1_F_D2I_X509_PKEY				 169
-#define ASN1_F_D2I_X509_PUBKEY				 170
-#define ASN1_F_D2I_X509_REQ				 171
-#define ASN1_F_D2I_X509_REQ_INFO			 172
-#define ASN1_F_D2I_X509_REVOKED				 173
-#define ASN1_F_D2I_X509_SIG				 174
-#define ASN1_F_D2I_X509_VAL				 175
-#define ASN1_F_I2D_ASN1_HEADER				 176
-#define ASN1_F_I2D_DHPARAMS				 177
-#define ASN1_F_I2D_DSAPARAMS				 178
-#define ASN1_F_I2D_DSAPRIVATEKEY			 179
-#define ASN1_F_I2D_DSAPUBLICKEY				 180
-#define ASN1_F_I2D_NETSCAPE_RSA				 181
-#define ASN1_F_I2D_PKCS7				 182
-#define ASN1_F_I2D_PRIVATEKEY				 183
-#define ASN1_F_I2D_PUBLICKEY				 184
-#define ASN1_F_I2D_RSAPRIVATEKEY			 185
-#define ASN1_F_I2D_RSAPUBLICKEY				 186
-#define ASN1_F_I2D_X509_ATTRIBUTE			 187
-#define ASN1_F_I2T_ASN1_OBJECT				 188
-#define ASN1_F_NETSCAPE_PKEY_NEW			 189
-#define ASN1_F_NETSCAPE_SPKAC_NEW			 190
-#define ASN1_F_NETSCAPE_SPKI_NEW			 191
-#define ASN1_F_PKCS7_DIGEST_NEW				 192
-#define ASN1_F_PKCS7_ENCRYPT_NEW			 193
-#define ASN1_F_PKCS7_ENC_CONTENT_NEW			 194
-#define ASN1_F_PKCS7_ENVELOPE_NEW			 195
-#define ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW		 196
-#define ASN1_F_PKCS7_NEW				 197
-#define ASN1_F_PKCS7_RECIP_INFO_NEW			 198
-#define ASN1_F_PKCS7_SIGNED_NEW				 199
-#define ASN1_F_PKCS7_SIGNER_INFO_NEW			 200
-#define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW			 201
-#define ASN1_F_X509_ALGOR_NEW				 202
-#define ASN1_F_X509_ATTRIBUTE_NEW			 203
-#define ASN1_F_X509_CINF_NEW				 204
-#define ASN1_F_X509_CRL_INFO_NEW			 205
-#define ASN1_F_X509_CRL_NEW				 206
-#define ASN1_F_X509_DHPARAMS_NEW			 207
-#define ASN1_F_X509_EXTENSION_NEW			 208
-#define ASN1_F_X509_INFO_NEW				 209
-#define ASN1_F_X509_KEY_NEW				 210
-#define ASN1_F_X509_NAME_ENTRY_NEW			 211
-#define ASN1_F_X509_NAME_NEW				 212
-#define ASN1_F_X509_NEW					 213
-#define ASN1_F_X509_PKEY_NEW				 214
-#define ASN1_F_X509_PUBKEY_NEW				 215
-#define ASN1_F_X509_REQ_INFO_NEW			 216
-#define ASN1_F_X509_REQ_NEW				 217
-#define ASN1_F_X509_REVOKED_NEW				 218
-#define ASN1_F_X509_SIG_NEW				 219
-#define ASN1_F_X509_VAL_FREE				 220
-#define ASN1_F_X509_VAL_NEW				 221
-
-/* Reason codes. */
-#define ASN1_R_BAD_CLASS				 100
-#define ASN1_R_BAD_OBJECT_HEADER			 101
-#define ASN1_R_BAD_PASSWORD_READ			 102
-#define ASN1_R_BAD_PKCS7_CONTENT			 103
-#define ASN1_R_BAD_PKCS7_TYPE				 104
-#define ASN1_R_BAD_TAG					 105
-#define ASN1_R_BAD_TYPE					 106
-#define ASN1_R_BN_LIB					 107
-#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 108
-#define ASN1_R_BUFFER_TOO_SMALL				 109
-#define ASN1_R_DATA_IS_WRONG				 110
-#define ASN1_R_DECODING_ERROR				 111
-#define ASN1_R_ERROR_PARSING_SET_ELEMENT		 112
-#define ASN1_R_EXPECTING_AN_INTEGER			 113
-#define ASN1_R_EXPECTING_AN_OBJECT			 114
-#define ASN1_R_EXPECTING_AN_OCTET_STRING		 115
-#define ASN1_R_EXPECTING_A_BIT_STRING			 116
-#define ASN1_R_EXPECTING_A_BOOLEAN			 117
-#define ASN1_R_EXPECTING_A_UTCTIME			 118
-#define ASN1_R_FIRST_NUM_TOO_LARGE			 119
-#define ASN1_R_HEADER_TOO_LONG				 120
-#define ASN1_R_INVALID_DIGIT				 121
-#define ASN1_R_INVALID_SEPARATOR			 122
-#define ASN1_R_INVALID_TIME_FORMAT			 123
-#define ASN1_R_IV_TOO_LARGE				 124
-#define ASN1_R_LENGTH_ERROR				 125
-#define ASN1_R_MISSING_SECOND_NUMBER			 126
-#define ASN1_R_NON_HEX_CHARACTERS			 127
-#define ASN1_R_NOT_ENOUGH_DATA				 128
-#define ASN1_R_ODD_NUMBER_OF_CHARS			 129
-#define ASN1_R_PARSING					 130
-#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 131
-#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 132
-#define ASN1_R_SHORT_LINE				 133
-#define ASN1_R_STRING_TOO_SHORT				 134
-#define ASN1_R_TAG_VALUE_TOO_HIGH			 135
-#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 136
-#define ASN1_R_TOO_LONG					 137
-#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 138
-#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 139
-#define ASN1_R_UNKNOWN_ATTRIBUTE_TYPE			 140
-#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 141
-#define ASN1_R_UNKNOWN_OBJECT_TYPE			 142
-#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 143
-#define ASN1_R_UNSUPPORTED_CIPHER			 144
-#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 145
-#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 146
-#define ASN1_R_UTCTIME_TOO_LONG				 147
-#define ASN1_R_WRONG_PRINTABLE_TYPE			 148
-#define ASN1_R_WRONG_TAG				 149
-#define ASN1_R_WRONG_TYPE				 150
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index 0aa1ca043d..460e0eb6e7 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -59,29 +59,48 @@
 #ifndef HEADER_ASN1_H
 #define HEADER_ASN1_H
 
+#include <time.h>
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#include <openssl/e_os2.h>
+#include <openssl/bn.h>
+#include <openssl/stack.h>
+#include <openssl/safestack.h>
+
+#include <openssl/symhacks.h>
+
+#include <openssl/ossl_typ.h>
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#include <time.h>
-#include "bn.h"
-#include "stack.h"
-
 #define V_ASN1_UNIVERSAL		0x00
 #define	V_ASN1_APPLICATION		0x40
 #define V_ASN1_CONTEXT_SPECIFIC		0x80
 #define V_ASN1_PRIVATE			0xc0
 
 #define V_ASN1_CONSTRUCTED		0x20
+#define V_ASN1_PRIMITIVE_TAG		0x1f
 #define V_ASN1_PRIMATIVE_TAG		0x1f
 
-#define V_ASN1_APP_CHOOSE		-2	/* let the recipent choose */
+#define V_ASN1_APP_CHOOSE		-2	/* let the recipient choose */
+#define V_ASN1_OTHER			-3	/* used in ASN1_TYPE */
+#define V_ASN1_ANY			-4	/* used in ASN1 template code */
+
+#define V_ASN1_NEG			0x100	/* negative flag */
 
 #define V_ASN1_UNDEF			-1
 #define V_ASN1_EOC			0
 #define V_ASN1_BOOLEAN			1	/**/
 #define V_ASN1_INTEGER			2
-#define V_ASN1_NEG_INTEGER		(2+0x100)
+#define V_ASN1_NEG_INTEGER		(2 | V_ASN1_NEG)
 #define V_ASN1_BIT_STRING		3
 #define V_ASN1_OCTET_STRING		4
 #define V_ASN1_NULL			5
@@ -89,7 +108,9 @@ extern "C" {
 #define V_ASN1_OBJECT_DESCRIPTOR	7
 #define V_ASN1_EXTERNAL			8
 #define V_ASN1_REAL			9
-#define V_ASN1_ENUMERATED		10	/* microsoft weirdness */
+#define V_ASN1_ENUMERATED		10
+#define V_ASN1_NEG_ENUMERATED		(10 | V_ASN1_NEG)
+#define V_ASN1_UTF8STRING		12
 #define V_ASN1_SEQUENCE			16
 #define V_ASN1_SET			17
 #define V_ASN1_NUMERICSTRING		18	/**/
@@ -111,16 +132,33 @@ extern "C" {
 #define B_ASN1_NUMERICSTRING	0x0001
 #define B_ASN1_PRINTABLESTRING	0x0002
 #define B_ASN1_T61STRING	0x0004
+#define B_ASN1_TELETEXSTRING	0x0008
 #define B_ASN1_VIDEOTEXSTRING	0x0008
 #define B_ASN1_IA5STRING	0x0010
 #define B_ASN1_GRAPHICSTRING	0x0020
 #define B_ASN1_ISO64STRING	0x0040
+#define B_ASN1_VISIBLESTRING	0x0040
 #define B_ASN1_GENERALSTRING	0x0080
 #define B_ASN1_UNIVERSALSTRING	0x0100
 #define B_ASN1_OCTET_STRING	0x0200
 #define B_ASN1_BIT_STRING	0x0400
 #define B_ASN1_BMPSTRING	0x0800
 #define B_ASN1_UNKNOWN		0x1000
+#define B_ASN1_UTF8STRING	0x2000
+#define B_ASN1_UTCTIME		0x4000
+#define B_ASN1_GENERALIZEDTIME	0x8000
+
+/* For use with ASN1_mbstring_copy() */
+#define MBSTRING_FLAG		0x1000
+#define MBSTRING_ASC		(MBSTRING_FLAG|1)
+#define MBSTRING_BMP		(MBSTRING_FLAG|2)
+#define MBSTRING_UNIV		(MBSTRING_FLAG|3)
+#define MBSTRING_UTF8		(MBSTRING_FLAG|4)
+
+struct X509_algor_st;
+
+#define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */
+#define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */
 
 typedef struct asn1_ctx_st
 	{
@@ -131,7 +169,7 @@ typedef struct asn1_ctx_st
 	int tag;	/* tag from last 'get object' */
 	int xclass;	/* class from last 'get object' */
 	long slen;	/* length of last 'get object' */
-	unsigned char *max; /* largest value of p alowed */
+	unsigned char *max; /* largest value of p allowed */
 	unsigned char *q;/* temporary variable */
 	unsigned char **pp;/* variable */
 	int line;	/* used in error processing */
@@ -145,7 +183,7 @@ typedef struct asn1_ctx_st
 #define ASN1_OBJECT_FLAG_DYNAMIC_DATA 	 0x08	/* internal use */
 typedef struct asn1_object_st
 	{
-	char *sn,*ln;
+	const char *sn,*ln;
 	int nid;
 	int length;
 	unsigned char *data;
@@ -153,6 +191,11 @@ typedef struct asn1_object_st
 	} ASN1_OBJECT;
 
 #define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
+/* This indicates that the ASN1_STRING is not a real value but just a place
+ * holder for the location where indefinite length constructed data should
+ * be inserted in the memory buffer 
+ */
+#define ASN1_STRING_FLAG_NDEF 0x010 
 /* This is the base type that holds just about everything :-) */
 typedef struct asn1_string_st
 	{
@@ -166,40 +209,256 @@ typedef struct asn1_string_st
 	long flags;
 	} ASN1_STRING;
 
-#ifndef DEBUG
-#define ASN1_INTEGER		ASN1_STRING
-#define ASN1_BIT_STRING		ASN1_STRING
-#define ASN1_OCTET_STRING	ASN1_STRING
-#define ASN1_PRINTABLESTRING	ASN1_STRING
-#define ASN1_T61STRING		ASN1_STRING
-#define ASN1_IA5STRING		ASN1_STRING
-#define ASN1_UTCTIME		ASN1_STRING
-#define ASN1_GENERALIZEDTIME	ASN1_STRING
-#define ASN1_GENERALSTRING	ASN1_STRING
-#define ASN1_UNIVERSALSTRING	ASN1_STRING
-#define ASN1_BMPSTRING		ASN1_STRING
+/* ASN1_ENCODING structure: this is used to save the received
+ * encoding of an ASN1 type. This is useful to get round
+ * problems with invalid encodings which can break signatures.
+ */
+
+typedef struct ASN1_ENCODING_st
+	{
+	unsigned char *enc;	/* DER encoding */
+	long len;		/* Length of encoding */
+	int modified;		 /* set to 1 if 'enc' is invalid */
+	} ASN1_ENCODING;
+
+/* Used with ASN1 LONG type: if a long is set to this it is omitted */
+#define ASN1_LONG_UNDEF	0x7fffffffL
+
+#define STABLE_FLAGS_MALLOC	0x01
+#define STABLE_NO_MASK		0x02
+#define DIRSTRING_TYPE	\
+ (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)
+#define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING)
+
+typedef struct asn1_string_table_st {
+	int nid;
+	long minsize;
+	long maxsize;
+	unsigned long mask;
+	unsigned long flags;
+} ASN1_STRING_TABLE;
+
+DECLARE_STACK_OF(ASN1_STRING_TABLE)
+
+/* size limits: this stuff is taken straight from RFC2459 */
+
+#define ub_name				32768
+#define ub_common_name			64
+#define ub_locality_name		128
+#define ub_state_name			128
+#define ub_organization_name		64
+#define ub_organization_unit_name	64
+#define ub_title			64
+#define ub_email_address		128
+
+/* Declarations for template structures: for full definitions
+ * see asn1t.h
+ */
+typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
+typedef struct ASN1_ITEM_st ASN1_ITEM;
+typedef struct ASN1_TLC_st ASN1_TLC;
+/* This is just an opaque pointer */
+typedef struct ASN1_VALUE_st ASN1_VALUE;
+
+/* Declare ASN1 functions: the implement macro in in asn1t.h */
+
+#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
+
+#define DECLARE_ASN1_FUNCTIONS_name(type, name) \
+	type *name##_new(void); \
+	void name##_free(type *a); \
+	DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
+
+#define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
+	type *name##_new(void); \
+	void name##_free(type *a); \
+	DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
+
+#define	DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
+	type *d2i_##name(type **a, unsigned char **in, long len); \
+	int i2d_##name(type *a, unsigned char **out); \
+	DECLARE_ASN1_ITEM(itname)
+
+#define	DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
+	type *d2i_##name(type **a, const unsigned char **in, long len); \
+	int i2d_##name(const type *a, unsigned char **out); \
+	DECLARE_ASN1_ITEM(name)
+
+#define	DECLARE_ASN1_NDEF_FUNCTION(name) \
+	int i2d_##name##_NDEF(name *a, unsigned char **out);
+
+#define DECLARE_ASN1_FUNCTIONS_const(name) \
+	name *name##_new(void); \
+	void name##_free(name *a);
+
+
+/* The following macros and typedefs allow an ASN1_ITEM
+ * to be embedded in a structure and referenced. Since
+ * the ASN1_ITEM pointers need to be globally accessible
+ * (possibly from shared libraries) they may exist in
+ * different forms. On platforms that support it the
+ * ASN1_ITEM structure itself will be globally exported.
+ * Other platforms will export a function that returns
+ * an ASN1_ITEM pointer.
+ *
+ * To handle both cases transparently the macros below
+ * should be used instead of hard coding an ASN1_ITEM
+ * pointer in a structure.
+ *
+ * The structure will look like this:
+ *
+ * typedef struct SOMETHING_st {
+ *      ...
+ *      ASN1_ITEM_EXP *iptr;
+ *      ...
+ * } SOMETHING; 
+ *
+ * It would be initialised as e.g.:
+ *
+ * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
+ *
+ * and the actual pointer extracted with:
+ *
+ * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
+ *
+ * Finally an ASN1_ITEM pointer can be extracted from an
+ * appropriate reference with: ASN1_ITEM_rptr(X509). This
+ * would be used when a function takes an ASN1_ITEM * argument.
+ *
+ */
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM ASN1_ITEM_EXP;
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#define ASN1_ITEM_ptr(iptr) (iptr)
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#define ASN1_ITEM_ref(iptr) (&(iptr##_it))
+
+#define ASN1_ITEM_rptr(ref) (&(ref##_it))
+
+#define DECLARE_ASN1_ITEM(name) \
+	OPENSSL_EXTERN const ASN1_ITEM name##_it;
+
 #else
-typedef struct asn1_string_st ASN1_INTEGER;
-typedef struct asn1_string_st ASN1_BIT_STRING;
-typedef struct asn1_string_st ASN1_OCTET_STRING;
-typedef struct asn1_string_st ASN1_PRINTABLESTRING;
-typedef struct asn1_string_st ASN1_T61STRING;
-typedef struct asn1_string_st ASN1_IA5STRING;
-typedef struct asn1_string_st ASN1_GENERALSTRING;
-typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
-typedef struct asn1_string_st ASN1_BMPSTRING;
-typedef struct asn1_string_st ASN1_UTCTIME;
-typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
+
+/* Platforms that can't easily handle shared global variables are declared
+ * as functions returning ASN1_ITEM pointers.
+ */
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM * ASN1_ITEM_EXP(void);
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#define ASN1_ITEM_ptr(iptr) (iptr())
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#define ASN1_ITEM_ref(iptr) (iptr##_it)
+
+#define ASN1_ITEM_rptr(ref) (ref##_it())
+
+#define DECLARE_ASN1_ITEM(name) \
+	const ASN1_ITEM * name##_it(void);
+
 #endif
 
+/* Parameters used by ASN1_STRING_print_ex() */
+
+/* These determine which characters to escape:
+ * RFC2253 special characters, control characters and
+ * MSB set characters
+ */
+
+#define ASN1_STRFLGS_ESC_2253		1
+#define ASN1_STRFLGS_ESC_CTRL		2
+#define ASN1_STRFLGS_ESC_MSB		4
+
+
+/* This flag determines how we do escaping: normally
+ * RC2253 backslash only, set this to use backslash and
+ * quote.
+ */
+
+#define ASN1_STRFLGS_ESC_QUOTE		8
+
+
+/* These three flags are internal use only. */
+
+/* Character is a valid PrintableString character */
+#define CHARTYPE_PRINTABLESTRING	0x10
+/* Character needs escaping if it is the first character */
+#define CHARTYPE_FIRST_ESC_2253		0x20
+/* Character needs escaping if it is the last character */
+#define CHARTYPE_LAST_ESC_2253		0x40
+
+/* NB the internal flags are safely reused below by flags
+ * handled at the top level.
+ */
+
+/* If this is set we convert all character strings
+ * to UTF8 first 
+ */
+
+#define ASN1_STRFLGS_UTF8_CONVERT	0x10
+
+/* If this is set we don't attempt to interpret content:
+ * just assume all strings are 1 byte per character. This
+ * will produce some pretty odd looking output!
+ */
+
+#define ASN1_STRFLGS_IGNORE_TYPE	0x20
+
+/* If this is set we include the string type in the output */
+#define ASN1_STRFLGS_SHOW_TYPE		0x40
+
+/* This determines which strings to display and which to
+ * 'dump' (hex dump of content octets or DER encoding). We can
+ * only dump non character strings or everything. If we
+ * don't dump 'unknown' they are interpreted as character
+ * strings with 1 octet per character and are subject to
+ * the usual escaping options.
+ */
+
+#define ASN1_STRFLGS_DUMP_ALL		0x80
+#define ASN1_STRFLGS_DUMP_UNKNOWN	0x100
+
+/* These determine what 'dumping' does, we can dump the
+ * content octets or the DER encoding: both use the
+ * RFC2253 #XXXXX notation.
+ */
+
+#define ASN1_STRFLGS_DUMP_DER		0x200
+
+/* All the string flags consistent with RFC2253,
+ * escaping control characters isn't essential in
+ * RFC2253 but it is advisable anyway.
+ */
+
+#define ASN1_STRFLGS_RFC2253	(ASN1_STRFLGS_ESC_2253 | \
+				ASN1_STRFLGS_ESC_CTRL | \
+				ASN1_STRFLGS_ESC_MSB | \
+				ASN1_STRFLGS_UTF8_CONVERT | \
+				ASN1_STRFLGS_DUMP_UNKNOWN | \
+				ASN1_STRFLGS_DUMP_DER)
+
+DECLARE_STACK_OF(ASN1_INTEGER)
+DECLARE_ASN1_SET_OF(ASN1_INTEGER)
+
+DECLARE_STACK_OF(ASN1_GENERALSTRING)
+
 typedef struct asn1_type_st
 	{
 	int type;
 	union	{
 		char *ptr;
+		ASN1_BOOLEAN		boolean;
 		ASN1_STRING *		asn1_string;
 		ASN1_OBJECT *		object;
 		ASN1_INTEGER *		integer;
+		ASN1_ENUMERATED *	enumerated;
 		ASN1_BIT_STRING *	bit_string;
 		ASN1_OCTET_STRING *	octet_string;
 		ASN1_PRINTABLESTRING *	printablestring;
@@ -210,6 +469,8 @@ typedef struct asn1_type_st
 		ASN1_UNIVERSALSTRING *	universalstring;
 		ASN1_UTCTIME *		utctime;
 		ASN1_GENERALIZEDTIME *	generalizedtime;
+		ASN1_VISIBLESTRING *	visiblestring;
+		ASN1_UTF8STRING *	utf8string;
 		/* set and sequence are left complete and still
 		 * contain the set or sequence bytes */
 		ASN1_STRING *		set;
@@ -217,6 +478,9 @@ typedef struct asn1_type_st
 		} value;
 	} ASN1_TYPE;
 
+DECLARE_STACK_OF(ASN1_TYPE)
+DECLARE_ASN1_SET_OF(ASN1_TYPE)
+
 typedef struct asn1_method_st
 	{
 	int (*i2d)();
@@ -233,64 +497,110 @@ typedef struct asn1_header_st
 	ASN1_METHOD *meth;
 	} ASN1_HEADER;
 
-#define ASN1_STRING_length(x)	((x)->length)
-#define ASN1_STRING_type(x)	((x)->type)
-#define ASN1_STRING_data(x)	((x)->data)
+/* This is used to contain a list of bit names */
+typedef struct BIT_STRING_BITNAME_st {
+	int bitnum;
+	const char *lname;
+	const char *sname;
+} BIT_STRING_BITNAME;
+
+
+#define M_ASN1_STRING_length(x)	((x)->length)
+#define M_ASN1_STRING_length_set(x, n)	((x)->length = (n))
+#define M_ASN1_STRING_type(x)	((x)->type)
+#define M_ASN1_STRING_data(x)	((x)->data)
 
 /* Macros for string operations */
-#define ASN1_BIT_STRING_new()	(ASN1_BIT_STRING *)\
+#define M_ASN1_BIT_STRING_new()	(ASN1_BIT_STRING *)\
 		ASN1_STRING_type_new(V_ASN1_BIT_STRING)
-#define ASN1_BIT_STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\
+#define M_ASN1_BIT_STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\
 		ASN1_STRING_dup((ASN1_STRING *)a)
-#define ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\
+#define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\
 		(ASN1_STRING *)a,(ASN1_STRING *)b)
-#define ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
-/* i2d_ASN1_BIT_STRING() is a function */
-/* d2i_ASN1_BIT_STRING() is a function */
+#define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c)
 
-#define ASN1_INTEGER_new()	(ASN1_INTEGER *)\
+#define M_ASN1_INTEGER_new()	(ASN1_INTEGER *)\
 		ASN1_STRING_type_new(V_ASN1_INTEGER)
-#define ASN1_INTEGER_free(a)		ASN1_STRING_free((ASN1_STRING *)a)
-#define ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a)
-#define ASN1_INTEGER_cmp(a,b)	ASN1_STRING_cmp(\
+#define M_ASN1_INTEGER_free(a)		ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_INTEGER_cmp(a,b)	ASN1_STRING_cmp(\
+		(ASN1_STRING *)a,(ASN1_STRING *)b)
+
+#define M_ASN1_ENUMERATED_new()	(ASN1_ENUMERATED *)\
+		ASN1_STRING_type_new(V_ASN1_ENUMERATED)
+#define M_ASN1_ENUMERATED_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a)
+#define M_ASN1_ENUMERATED_cmp(a,b)	ASN1_STRING_cmp(\
 		(ASN1_STRING *)a,(ASN1_STRING *)b)
-/* ASN1_INTEGER_set() is a function, also see BN_to_ASN1_INTEGER() */
-/* ASN1_INTEGER_get() is a function, also see ASN1_INTEGER_to_BN() */
-/* i2d_ASN1_INTEGER() is a function */
-/* d2i_ASN1_INTEGER() is a function */
 
-#define ASN1_OCTET_STRING_new()	(ASN1_OCTET_STRING *)\
+#define M_ASN1_OCTET_STRING_new()	(ASN1_OCTET_STRING *)\
 		ASN1_STRING_type_new(V_ASN1_OCTET_STRING)
-#define ASN1_OCTET_STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\
+#define M_ASN1_OCTET_STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\
 		ASN1_STRING_dup((ASN1_STRING *)a)
-#define ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\
+#define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\
 		(ASN1_STRING *)a,(ASN1_STRING *)b)
-#define ASN1_OCTET_STRING_set(a,b,c)	ASN1_STRING_set((ASN1_STRING *)a,b,c)
-#define ASN1_OCTET_STRING_print(a,b)	ASN1_STRING_print(a,(ASN1_STRING *)b)
+#define M_ASN1_OCTET_STRING_set(a,b,c)	ASN1_STRING_set((ASN1_STRING *)a,b,c)
+#define M_ASN1_OCTET_STRING_print(a,b)	ASN1_STRING_print(a,(ASN1_STRING *)b)
 #define M_i2d_ASN1_OCTET_STRING(a,pp) \
 		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\
-		V_ASN1_OCTET_STRING)
-/* d2i_ASN1_OCTET_STRING() is a function */
+		V_ASN1_UNIVERSAL)
 
-#define ASN1_PRINTABLE_new()	ASN1_STRING_type_new(V_ASN1_T61STRING)
-#define ASN1_PRINTABLE_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
-		pp,a->type,V_ASN1_UNIVERSAL)
-#define M_d2i_ASN1_PRINTABLE(a,pp,l) \
-		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+#define B_ASN1_TIME \
+			B_ASN1_UTCTIME | \
+			B_ASN1_GENERALIZEDTIME
+
+#define B_ASN1_PRINTABLE \
 			B_ASN1_PRINTABLESTRING| \
 			B_ASN1_T61STRING| \
 			B_ASN1_IA5STRING| \
 			B_ASN1_BIT_STRING| \
 			B_ASN1_UNIVERSALSTRING|\
 			B_ASN1_BMPSTRING|\
-			B_ASN1_UNKNOWN)
+			B_ASN1_UTF8STRING|\
+			B_ASN1_UNKNOWN
 
-#define ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING_STRING *)\
+#define B_ASN1_DIRECTORYSTRING \
+			B_ASN1_PRINTABLESTRING| \
+			B_ASN1_TELETEXSTRING|\
+			B_ASN1_BMPSTRING|\
+			B_ASN1_UNIVERSALSTRING|\
+			B_ASN1_UTF8STRING
+
+#define B_ASN1_DISPLAYTEXT \
+			B_ASN1_IA5STRING| \
+			B_ASN1_VISIBLESTRING| \
+			B_ASN1_BMPSTRING|\
+			B_ASN1_UTF8STRING
+
+#define M_ASN1_PRINTABLE_new()	ASN1_STRING_type_new(V_ASN1_T61STRING)
+#define M_ASN1_PRINTABLE_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+		pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_PRINTABLE(a,pp,l) \
+		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+			B_ASN1_PRINTABLE)
+
+#define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
+#define M_DIRECTORYSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+						pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_DIRECTORYSTRING(a,pp,l) \
+		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+			B_ASN1_DIRECTORYSTRING)
+
+#define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
+#define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\
+						pp,a->type,V_ASN1_UNIVERSAL)
+#define M_d2i_DISPLAYTEXT(a,pp,l) \
+		d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \
+			B_ASN1_DISPLAYTEXT)
+
+#define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\
 		ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)
-#define ASN1_PRINTABLESTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_PRINTABLESTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
 #define M_i2d_ASN1_PRINTABLESTRING(a,pp) \
 		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\
 		V_ASN1_UNIVERSAL)
@@ -298,9 +608,9 @@ typedef struct asn1_header_st
 		(ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\
 		((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING)
 
-#define ASN1_T61STRING_new()	(ASN1_T61STRING_STRING *)\
+#define M_ASN1_T61STRING_new()	(ASN1_T61STRING *)\
 		ASN1_STRING_type_new(V_ASN1_T61STRING)
-#define ASN1_T61STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_T61STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
 #define M_i2d_ASN1_T61STRING(a,pp) \
 		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\
 		V_ASN1_UNIVERSAL)
@@ -308,9 +618,11 @@ typedef struct asn1_header_st
 		(ASN1_T61STRING *)d2i_ASN1_type_bytes\
 		((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING)
 
-#define ASN1_IA5STRING_new()	(ASN1_IA5STRING *)\
+#define M_ASN1_IA5STRING_new()	(ASN1_IA5STRING *)\
 		ASN1_STRING_type_new(V_ASN1_IA5STRING)
-#define ASN1_IA5STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_IA5STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_IA5STRING_dup(a)	\
+			(ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a)
 #define M_i2d_ASN1_IA5STRING(a,pp) \
 		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\
 			V_ASN1_UNIVERSAL)
@@ -318,28 +630,25 @@ typedef struct asn1_header_st
 		(ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\
 			B_ASN1_IA5STRING)
 
-#define ASN1_UTCTIME_new()	(ASN1_UTCTIME *)\
+#define M_ASN1_UTCTIME_new()	(ASN1_UTCTIME *)\
 		ASN1_STRING_type_new(V_ASN1_UTCTIME)
-#define ASN1_UTCTIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a)
-/* i2d_ASN1_UTCTIME() is a function */
-/* d2i_ASN1_UTCTIME() is a function */
-/* ASN1_UTCTIME_set() is a function */
-/* ASN1_UTCTIME_check() is a function */
-
-#define ASN1_GENERALIZEDTIME_new()	(ASN1_GENERALIZEDTIME *)\
+#define M_ASN1_UTCTIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+
+#define M_ASN1_GENERALIZEDTIME_new()	(ASN1_GENERALIZEDTIME *)\
 		ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME)
-#define ASN1_GENERALIZEDTIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
-#define ASN1_GENERALIZEDTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup(\
+#define M_ASN1_GENERALIZEDTIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\
 	(ASN1_STRING *)a)
-/* DOES NOT EXIST YET i2d_ASN1_GENERALIZEDTIME() is a function */
-/* DOES NOT EXIST YET d2i_ASN1_GENERALIZEDTIME() is a function */
-/* DOES NOT EXIST YET ASN1_GENERALIZEDTIME_set() is a function */
-/* DOES NOT EXIST YET ASN1_GENERALIZEDTIME_check() is a function */
 
-#define ASN1_GENERALSTRING_new()	(ASN1_GENERALSTRING *)\
+#define M_ASN1_TIME_new()	(ASN1_TIME *)\
+		ASN1_STRING_type_new(V_ASN1_UTCTIME)
+#define M_ASN1_TIME_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a)
+
+#define M_ASN1_GENERALSTRING_new()	(ASN1_GENERALSTRING *)\
 		ASN1_STRING_type_new(V_ASN1_GENERALSTRING)
-#define ASN1_GENERALSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_GENERALSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
 #define M_i2d_ASN1_GENERALSTRING(a,pp) \
 		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\
 			V_ASN1_UNIVERSAL)
@@ -347,9 +656,9 @@ typedef struct asn1_header_st
 		(ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\
 		((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING)
 
-#define ASN1_UNIVERSALSTRING_new()	(ASN1_UNIVERSALSTRING *)\
+#define M_ASN1_UNIVERSALSTRING_new()	(ASN1_UNIVERSALSTRING *)\
 		ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING)
-#define ASN1_UNIVERSALSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_UNIVERSALSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
 #define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \
 		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\
 			V_ASN1_UNIVERSAL)
@@ -357,9 +666,9 @@ typedef struct asn1_header_st
 		(ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\
 		((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING)
 
-#define ASN1_BMPSTRING_new()	(ASN1_BMPSTRING *)\
+#define M_ASN1_BMPSTRING_new()	(ASN1_BMPSTRING *)\
 		ASN1_STRING_type_new(V_ASN1_BMPSTRING)
-#define ASN1_BMPSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_ASN1_BMPSTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
 #define M_i2d_ASN1_BMPSTRING(a,pp) \
 		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\
 			V_ASN1_UNIVERSAL)
@@ -367,93 +676,167 @@ typedef struct asn1_header_st
 		(ASN1_BMPSTRING *)d2i_ASN1_type_bytes\
 		((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING)
 
-#ifndef NOPROTO
-ASN1_TYPE *	ASN1_TYPE_new(void );
-void		ASN1_TYPE_free(ASN1_TYPE *a);
-int		i2d_ASN1_TYPE(ASN1_TYPE *a,unsigned char **pp);
-ASN1_TYPE *	d2i_ASN1_TYPE(ASN1_TYPE **a,unsigned char **pp,long length);
+#define M_ASN1_VISIBLESTRING_new()	(ASN1_VISIBLESTRING *)\
+		ASN1_STRING_type_new(V_ASN1_VISIBLESTRING)
+#define M_ASN1_VISIBLESTRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_VISIBLESTRING(a,pp) \
+		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\
+			V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \
+		(ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\
+		((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING)
+
+#define M_ASN1_UTF8STRING_new()	(ASN1_UTF8STRING *)\
+		ASN1_STRING_type_new(V_ASN1_UTF8STRING)
+#define M_ASN1_UTF8STRING_free(a)	ASN1_STRING_free((ASN1_STRING *)a)
+#define M_i2d_ASN1_UTF8STRING(a,pp) \
+		i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\
+			V_ASN1_UNIVERSAL)
+#define M_d2i_ASN1_UTF8STRING(a,pp,l) \
+		(ASN1_UTF8STRING *)d2i_ASN1_type_bytes\
+		((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING)
+
+  /* for the is_set parameter to i2d_ASN1_SET */
+#define IS_SEQUENCE	0
+#define IS_SET		1
+
+DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
 int ASN1_TYPE_get(ASN1_TYPE *a);
-void ASN1_TYPE_set(ASN1_TYPE *a, int type, char *value);
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
 
 ASN1_OBJECT *	ASN1_OBJECT_new(void );
 void		ASN1_OBJECT_free(ASN1_OBJECT *a);
 int		i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp);
+ASN1_OBJECT *	c2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
+			long length);
 ASN1_OBJECT *	d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp,
 			long length);
 
-ASN1_STRING *	ASN1_STRING_new(void );
+DECLARE_ASN1_ITEM(ASN1_OBJECT)
+
+DECLARE_STACK_OF(ASN1_OBJECT)
+DECLARE_ASN1_SET_OF(ASN1_OBJECT)
+
+ASN1_STRING *	ASN1_STRING_new(void);
 void		ASN1_STRING_free(ASN1_STRING *a);
 ASN1_STRING *	ASN1_STRING_dup(ASN1_STRING *a);
 ASN1_STRING *	ASN1_STRING_type_new(int type );
 int 		ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
-int 		ASN1_STRING_set(ASN1_STRING *str,unsigned char *data, int len);
-
-int		i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
-ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
+  /* Since this is used to store all sorts of things, via macros, for now, make
+     its data void * */
+int 		ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
+int ASN1_STRING_length(ASN1_STRING *x);
+void ASN1_STRING_length_set(ASN1_STRING *x, int n);
+int ASN1_STRING_type(ASN1_STRING *x);
+unsigned char * ASN1_STRING_data(ASN1_STRING *x);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
+int		i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp);
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp,
 			long length);
+int		ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d,
+			int length );
 int		ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
 int		ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n);
 
+#ifndef OPENSSL_NO_BIO
+int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+				BIT_STRING_BITNAME *tbl, int indent);
+#endif
+int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl);
+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
+				BIT_STRING_BITNAME *tbl);
 
 int		i2d_ASN1_BOOLEAN(int a,unsigned char **pp);
 int 		d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length);
 
-int		i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
-ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
+DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
+int		i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
+			long length);
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp,
 			long length);
+ASN1_INTEGER *	ASN1_INTEGER_dup(ASN1_INTEGER *x);
+int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
 
 int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t);
 int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); 
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
+#if 0
+time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s);
+#endif
 
-int		i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a,unsigned char **pp);
-ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a,
-			unsigned char **pp,long length);
+int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t);
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str); 
 
-int i2d_ASN1_BMPSTRING(ASN1_BMPSTRING *a, unsigned char **pp);
-ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **a, unsigned char **pp,
-	long length);
+DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
+ASN1_OCTET_STRING *	ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a);
+int 	ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b);
+int 	ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, unsigned char *data, int len);
 
-int i2d_ASN1_PRINTABLE(ASN1_STRING *a,unsigned char **pp);
-ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a,
-	unsigned char **pp, long l);
-ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a,
-	unsigned char **pp, long l);
+DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
+DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
 
-ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a,
-	unsigned char **pp, long l);
-int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a,unsigned char **pp);
-ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a,
-	unsigned char **pp, long l);
+int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
+int UTF8_putc(unsigned char *str, int len, unsigned long value);
 
-int		i2d_ASN1_UTCTIME(ASN1_UTCTIME *a,unsigned char **pp);
-ASN1_UTCTIME *	d2i_ASN1_UTCTIME(ASN1_UTCTIME **a,unsigned char **pp,
-			long length);
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
+
+DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
+
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t);
+int ASN1_TIME_check(ASN1_TIME *t);
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out);
 
 int		i2d_ASN1_SET(STACK *a, unsigned char **pp,
-			int (*func)(), int ex_tag, int ex_class);
+			int (*func)(), int ex_tag, int ex_class, int is_set);
 STACK *		d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
-			char *(*func)(), void (*free_func)(),
+			char *(*func)(), void (*free_func)(void *),
 			int ex_tag, int ex_class);
 
-#ifdef HEADER_BIO_H
+#ifndef OPENSSL_NO_BIO
 int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
 int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
+int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a);
+int a2i_ASN1_ENUMERATED(BIO *bp,ASN1_ENUMERATED *bs,char *buf,int size);
 int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a);
 int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size);
 int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type);
 #endif
 int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a);
 
-int a2d_ASN1_OBJECT(unsigned char *out,int olen, char *buf, int num);
+int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num);
 ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len,
-	char *sn, char *ln);
+	const char *sn, const char *ln);
 
 int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
 long ASN1_INTEGER_get(ASN1_INTEGER *a);
 ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
 BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
 
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
+long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a);
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai);
+BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn);
+
 /* General */
 /* given a string, return the correct type, max is the maximum length */
 int ASN1_PRINTABLE_type(unsigned char *s, int max);
@@ -461,6 +844,7 @@ int ASN1_PRINTABLE_type(unsigned char *s, int max);
 int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass);
 ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp,
 	long length, int Ptag, int Pclass);
+unsigned long ASN1_tag2bit(int tag);
 /* type is one or more of the B_ASN1_ values. */
 ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,unsigned char **pp,
 		long length,int type);
@@ -474,23 +858,38 @@ int ASN1_get_object(unsigned char **pp, long *plength, int *ptag,
 int ASN1_check_infinite_end(unsigned char **p,long len);
 void ASN1_put_object(unsigned char **pp, int constructed, int length,
 	int tag, int xclass);
+int ASN1_put_eoc(unsigned char **pp);
 int ASN1_object_size(int constructed, int length, int tag);
 
 /* Used to implement other functions */
 char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);
 
-#ifndef NO_FP_API
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
+
+#ifndef OPENSSL_NO_FP_API
 char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x);
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
 int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
+int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
 #endif
 
-#ifdef HEADER_BIO_H
+int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
+
+#ifndef OPENSSL_NO_BIO
 char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x);
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
 int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x);
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
 int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
+int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a);
+int ASN1_TIME_print(BIO *fp,ASN1_TIME *a);
 int ASN1_STRING_print(BIO *bp,ASN1_STRING *v);
+int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
 int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent);
+int ASN1_parse_dump(BIO *bp,unsigned char *pp,long len,int indent,int dump);
 #endif
+const char *ASN1_tag2str(int tag);
 
 /* Used to load and write netscape format cert/key */
 int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp);
@@ -500,8 +899,6 @@ void ASN1_HEADER_free(ASN1_HEADER *a);
 
 int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
 
-void ERR_load_ASN1_strings(void);
-
 /* Not used that much at this point, except for the first two */
 ASN1_METHOD *X509_asn1_meth(void);
 ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
@@ -517,285 +914,236 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
 int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num,
 	unsigned char *data, int max_len);
 
-#else
-
-ASN1_TYPE *	ASN1_TYPE_new();
-void		ASN1_TYPE_free();
-int		i2d_ASN1_TYPE();
-ASN1_TYPE *	d2i_ASN1_TYPE();
-int ASN1_TYPE_get();
-void ASN1_TYPE_set();
-
-ASN1_OBJECT *	ASN1_OBJECT_new();
-void		ASN1_OBJECT_free();
-int		i2d_ASN1_OBJECT();
-ASN1_OBJECT *	d2i_ASN1_OBJECT();
-ASN1_STRING *	ASN1_STRING_new();
-void		ASN1_STRING_free();
-ASN1_STRING *	ASN1_STRING_dup();
-ASN1_STRING *	ASN1_STRING_type_new();
-int 		ASN1_STRING_cmp();
-int 		ASN1_STRING_set();
-int		i2d_ASN1_BIT_STRING();
-ASN1_BIT_STRING *d2i_ASN1_BIT_STRING();
-int		ASN1_BIT_STRING_set_bit();
-int		ASN1_BIT_STRING_get_bit();
-int		i2d_ASN1_BOOLEAN();
-int 		d2i_ASN1_BOOLEAN();
-int		i2d_ASN1_INTEGER();
-ASN1_INTEGER *d2i_ASN1_INTEGER();
-int ASN1_UTCTIME_check();
-ASN1_UTCTIME *ASN1_UTCTIME_set();
-int ASN1_UTCTIME_set_string();
-int		i2d_ASN1_OCTET_STRING();
-ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING();
-int i2d_ASN1_PRINTABLE();
-ASN1_STRING *d2i_ASN1_PRINTABLE();
-ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING();
-ASN1_T61STRING *d2i_ASN1_T61STRING();
-int i2d_ASN1_IA5STRING();
-ASN1_IA5STRING *d2i_ASN1_IA5STRING();
-int		i2d_ASN1_UTCTIME();
-ASN1_UTCTIME *	d2i_ASN1_UTCTIME();
-int		i2d_ASN1_SET();
-STACK *		d2i_ASN1_SET();
-int a2d_ASN1_OBJECT();
-ASN1_OBJECT *ASN1_OBJECT_create();
-int ASN1_INTEGER_set();
-long ASN1_INTEGER_get();
-ASN1_INTEGER *BN_to_ASN1_INTEGER();
-BIGNUM *ASN1_INTEGER_to_BN();
-int ASN1_PRINTABLE_type();
-int i2d_ASN1_bytes();
-ASN1_STRING *d2i_ASN1_bytes();
-ASN1_STRING *d2i_ASN1_type_bytes();
-int asn1_Finish();
-int ASN1_get_object();
-int ASN1_check_infinite_end();
-void ASN1_put_object();
-int ASN1_object_size();
-char *ASN1_dup();
-#ifndef NO_FP_API
-char *ASN1_d2i_fp();
-int ASN1_i2d_fp();
-#endif
-
-char *ASN1_d2i_bio();
-int ASN1_i2d_bio();
-int ASN1_UTCTIME_print();
-int ASN1_STRING_print();
-int ASN1_parse();
-int i2a_ASN1_INTEGER();
-int a2i_ASN1_INTEGER();
-int i2a_ASN1_OBJECT();
-int i2t_ASN1_OBJECT();
-int a2i_ASN1_STRING();
-int i2a_ASN1_STRING();
-
-int i2d_ASN1_HEADER();
-ASN1_HEADER *d2i_ASN1_HEADER();
-ASN1_HEADER *ASN1_HEADER_new();
-void ASN1_HEADER_free();
-void ERR_load_ASN1_strings();
-ASN1_METHOD *X509_asn1_meth();
-ASN1_METHOD *RSAPrivateKey_asn1_meth();
-ASN1_METHOD *ASN1_IA5STRING_asn1_meth();
-ASN1_METHOD *ASN1_BIT_STRING_asn1_meth();
-
-int ASN1_UNIVERSALSTRING_to_string();
-
-int ASN1_TYPE_set_octetstring();
-int ASN1_TYPE_get_octetstring();
-int ASN1_TYPE_set_int_octetstring();
-int ASN1_TYPE_get_int_octetstring();
-
-int i2d_ASN1_BMPSTRING();
-ASN1_BMPSTRING *d2i_ASN1_BMPSTRING();
-
-#endif
-
+STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
+						 void (*free_func)(void *) ); 
+unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
+			     int *len );
+void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)());
+void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it);
+ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct);
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct);
+
+void ASN1_STRING_set_default_mask(unsigned long mask);
+int ASN1_STRING_set_default_mask_asc(char *p);
+unsigned long ASN1_STRING_get_default_mask(void);
+int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
+					int inform, unsigned long mask);
+int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
+					int inform, unsigned long mask, 
+					long minsize, long maxsize);
+
+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, 
+		const unsigned char *in, int inlen, int inform, int nid);
+ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
+int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);
+void ASN1_STRING_TABLE_cleanup(void);
+
+/* ASN1 template functions */
+
+/* Old API compatible functions */
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
+ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it);
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
+int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
+
+void ASN1_add_oid_module(void);
+
+ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
+ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
+	
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_ASN1_strings(void);
+
 /* Error codes for the ASN1 functions. */
 
 /* Function codes. */
 #define ASN1_F_A2D_ASN1_OBJECT				 100
-#define ASN1_F_A2I_ASN1_INTEGER				 101
-#define ASN1_F_A2I_ASN1_STRING				 102
-#define ASN1_F_ASN1_COLLATE_PRIMATIVE			 103
-#define ASN1_F_ASN1_D2I_BIO				 104
-#define ASN1_F_ASN1_D2I_FP				 105
-#define ASN1_F_ASN1_DUP					 106
-#define ASN1_F_ASN1_GET_OBJECT				 107
-#define ASN1_F_ASN1_HEADER_NEW				 108
-#define ASN1_F_ASN1_I2D_BIO				 109
-#define ASN1_F_ASN1_I2D_FP				 110
-#define ASN1_F_ASN1_INTEGER_SET				 111
-#define ASN1_F_ASN1_INTEGER_TO_BN			 112
-#define ASN1_F_ASN1_OBJECT_NEW				 113
-#define ASN1_F_ASN1_SIGN				 114
-#define ASN1_F_ASN1_STRING_NEW				 115
-#define ASN1_F_ASN1_STRING_TYPE_NEW			 116
-#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 117
-#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 118
-#define ASN1_F_ASN1_TYPE_NEW				 119
-#define ASN1_F_ASN1_UTCTIME_NEW				 120
-#define ASN1_F_ASN1_VERIFY				 121
-#define ASN1_F_BN_TO_ASN1_INTEGER			 122
-#define ASN1_F_D2I_ASN1_BIT_STRING			 123
-#define ASN1_F_D2I_ASN1_BMPSTRING			 124
-#define ASN1_F_D2I_ASN1_BOOLEAN				 125
-#define ASN1_F_D2I_ASN1_BYTES				 126
-#define ASN1_F_D2I_ASN1_HEADER				 127
-#define ASN1_F_D2I_ASN1_INTEGER				 128
-#define ASN1_F_D2I_ASN1_OBJECT				 129
-#define ASN1_F_D2I_ASN1_OCTET_STRING			 130
-#define ASN1_F_D2I_ASN1_PRINT_TYPE			 131
-#define ASN1_F_D2I_ASN1_SET				 132
-#define ASN1_F_D2I_ASN1_TYPE				 133
-#define ASN1_F_D2I_ASN1_TYPE_BYTES			 134
-#define ASN1_F_D2I_ASN1_UTCTIME				 135
-#define ASN1_F_D2I_DHPARAMS				 136
-#define ASN1_F_D2I_DSAPARAMS				 137
-#define ASN1_F_D2I_DSAPRIVATEKEY			 138
-#define ASN1_F_D2I_DSAPUBLICKEY				 139
-#define ASN1_F_D2I_NETSCAPE_PKEY			 140
-#define ASN1_F_D2I_NETSCAPE_RSA				 141
-#define ASN1_F_D2I_NETSCAPE_RSA_2			 142
-#define ASN1_F_D2I_NETSCAPE_SPKAC			 143
-#define ASN1_F_D2I_NETSCAPE_SPKI			 144
-#define ASN1_F_D2I_PKCS7				 145
-#define ASN1_F_D2I_PKCS7_DIGEST				 146
-#define ASN1_F_D2I_PKCS7_ENCRYPT			 147
-#define ASN1_F_D2I_PKCS7_ENC_CONTENT			 148
-#define ASN1_F_D2I_PKCS7_ENVELOPE			 149
-#define ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL		 150
-#define ASN1_F_D2I_PKCS7_RECIP_INFO			 151
-#define ASN1_F_D2I_PKCS7_SIGNED				 152
-#define ASN1_F_D2I_PKCS7_SIGNER_INFO			 153
-#define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE			 154
-#define ASN1_F_D2I_PRIVATEKEY				 155
-#define ASN1_F_D2I_PUBLICKEY				 156
-#define ASN1_F_D2I_RSAPRIVATEKEY			 157
-#define ASN1_F_D2I_RSAPUBLICKEY				 158
-#define ASN1_F_D2I_X509					 159
-#define ASN1_F_D2I_X509_ALGOR				 160
-#define ASN1_F_D2I_X509_ATTRIBUTE			 161
-#define ASN1_F_D2I_X509_CINF				 162
-#define ASN1_F_D2I_X509_CRL				 163
-#define ASN1_F_D2I_X509_CRL_INFO			 164
-#define ASN1_F_D2I_X509_EXTENSION			 165
-#define ASN1_F_D2I_X509_KEY				 166
-#define ASN1_F_D2I_X509_NAME				 167
-#define ASN1_F_D2I_X509_NAME_ENTRY			 168
-#define ASN1_F_D2I_X509_PKEY				 169
-#define ASN1_F_D2I_X509_PUBKEY				 170
-#define ASN1_F_D2I_X509_REQ				 171
-#define ASN1_F_D2I_X509_REQ_INFO			 172
-#define ASN1_F_D2I_X509_REVOKED				 173
-#define ASN1_F_D2I_X509_SIG				 174
-#define ASN1_F_D2I_X509_VAL				 175
-#define ASN1_F_I2D_ASN1_HEADER				 176
-#define ASN1_F_I2D_DHPARAMS				 177
-#define ASN1_F_I2D_DSAPARAMS				 178
-#define ASN1_F_I2D_DSAPRIVATEKEY			 179
-#define ASN1_F_I2D_DSAPUBLICKEY				 180
-#define ASN1_F_I2D_NETSCAPE_RSA				 181
-#define ASN1_F_I2D_PKCS7				 182
-#define ASN1_F_I2D_PRIVATEKEY				 183
-#define ASN1_F_I2D_PUBLICKEY				 184
-#define ASN1_F_I2D_RSAPRIVATEKEY			 185
-#define ASN1_F_I2D_RSAPUBLICKEY				 186
-#define ASN1_F_I2D_X509_ATTRIBUTE			 187
-#define ASN1_F_I2T_ASN1_OBJECT				 188
-#define ASN1_F_NETSCAPE_PKEY_NEW			 189
-#define ASN1_F_NETSCAPE_SPKAC_NEW			 190
-#define ASN1_F_NETSCAPE_SPKI_NEW			 191
-#define ASN1_F_PKCS7_DIGEST_NEW				 192
-#define ASN1_F_PKCS7_ENCRYPT_NEW			 193
-#define ASN1_F_PKCS7_ENC_CONTENT_NEW			 194
-#define ASN1_F_PKCS7_ENVELOPE_NEW			 195
-#define ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW		 196
-#define ASN1_F_PKCS7_NEW				 197
-#define ASN1_F_PKCS7_RECIP_INFO_NEW			 198
-#define ASN1_F_PKCS7_SIGNED_NEW				 199
-#define ASN1_F_PKCS7_SIGNER_INFO_NEW			 200
-#define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW			 201
-#define ASN1_F_X509_ALGOR_NEW				 202
-#define ASN1_F_X509_ATTRIBUTE_NEW			 203
-#define ASN1_F_X509_CINF_NEW				 204
-#define ASN1_F_X509_CRL_INFO_NEW			 205
-#define ASN1_F_X509_CRL_NEW				 206
-#define ASN1_F_X509_DHPARAMS_NEW			 207
-#define ASN1_F_X509_EXTENSION_NEW			 208
-#define ASN1_F_X509_INFO_NEW				 209
-#define ASN1_F_X509_KEY_NEW				 210
-#define ASN1_F_X509_NAME_ENTRY_NEW			 211
-#define ASN1_F_X509_NAME_NEW				 212
-#define ASN1_F_X509_NEW					 213
-#define ASN1_F_X509_PKEY_NEW				 214
-#define ASN1_F_X509_PUBKEY_NEW				 215
-#define ASN1_F_X509_REQ_INFO_NEW			 216
-#define ASN1_F_X509_REQ_NEW				 217
-#define ASN1_F_X509_REVOKED_NEW				 218
-#define ASN1_F_X509_SIG_NEW				 219
-#define ASN1_F_X509_VAL_FREE				 220
-#define ASN1_F_X509_VAL_NEW				 221
+#define ASN1_F_A2I_ASN1_ENUMERATED			 101
+#define ASN1_F_A2I_ASN1_INTEGER				 102
+#define ASN1_F_A2I_ASN1_STRING				 103
+#define ASN1_F_APPEND_TAG				 177
+#define ASN1_F_ASN1_CB					 178
+#define ASN1_F_ASN1_CHECK_TLEN				 104
+#define ASN1_F_ASN1_COLLATE_PRIMITIVE			 105
+#define ASN1_F_ASN1_COLLECT				 106
+#define ASN1_F_ASN1_D2I_BIO				 107
+#define ASN1_F_ASN1_D2I_EX_PRIMITIVE			 108
+#define ASN1_F_ASN1_D2I_FP				 109
+#define ASN1_F_ASN1_DO_ADB				 110
+#define ASN1_F_ASN1_DUP					 111
+#define ASN1_F_ASN1_ENUMERATED_SET			 112
+#define ASN1_F_ASN1_ENUMERATED_TO_BN			 113
+#define ASN1_F_ASN1_GENERATE_V3				 182
+#define ASN1_F_ASN1_GET_OBJECT				 114
+#define ASN1_F_ASN1_HEADER_NEW				 115
+#define ASN1_F_ASN1_I2D_BIO				 116
+#define ASN1_F_ASN1_I2D_FP				 117
+#define ASN1_F_ASN1_INTEGER_SET				 118
+#define ASN1_F_ASN1_INTEGER_TO_BN			 119
+#define ASN1_F_ASN1_ITEM_EX_D2I				 120
+#define ASN1_F_ASN1_ITEM_NEW				 121
+#define ASN1_F_ASN1_MBSTRING_COPY			 122
+#define ASN1_F_ASN1_OBJECT_NEW				 123
+#define ASN1_F_ASN1_PACK_STRING				 124
+#define ASN1_F_ASN1_PBE_SET				 125
+#define ASN1_F_ASN1_SEQ_PACK				 126
+#define ASN1_F_ASN1_SEQ_UNPACK				 127
+#define ASN1_F_ASN1_SIGN				 128
+#define ASN1_F_ASN1_STR2TYPE				 179
+#define ASN1_F_ASN1_STRING_TABLE_ADD			 129
+#define ASN1_F_ASN1_STRING_TYPE_NEW			 130
+#define ASN1_F_ASN1_TEMPLATE_D2I			 131
+#define ASN1_F_ASN1_TEMPLATE_EX_D2I			 132
+#define ASN1_F_ASN1_TEMPLATE_NEW			 133
+#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 134
+#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 135
+#define ASN1_F_ASN1_UNPACK_STRING			 136
+#define ASN1_F_ASN1_VERIFY				 137
+#define ASN1_F_BITSTR_CB				 180
+#define ASN1_F_BN_TO_ASN1_ENUMERATED			 138
+#define ASN1_F_BN_TO_ASN1_INTEGER			 139
+#define ASN1_F_COLLECT_DATA				 140
+#define ASN1_F_D2I_ASN1_BIT_STRING			 141
+#define ASN1_F_D2I_ASN1_BOOLEAN				 142
+#define ASN1_F_D2I_ASN1_BYTES				 143
+#define ASN1_F_D2I_ASN1_GENERALIZEDTIME			 144
+#define ASN1_F_D2I_ASN1_HEADER				 145
+#define ASN1_F_D2I_ASN1_INTEGER				 146
+#define ASN1_F_D2I_ASN1_OBJECT				 147
+#define ASN1_F_D2I_ASN1_SET				 148
+#define ASN1_F_D2I_ASN1_TYPE_BYTES			 149
+#define ASN1_F_D2I_ASN1_UINTEGER			 150
+#define ASN1_F_D2I_ASN1_UTCTIME				 151
+#define ASN1_F_D2I_NETSCAPE_RSA				 152
+#define ASN1_F_D2I_NETSCAPE_RSA_2			 153
+#define ASN1_F_D2I_PRIVATEKEY				 154
+#define ASN1_F_D2I_PUBLICKEY				 155
+#define ASN1_F_D2I_X509					 156
+#define ASN1_F_D2I_X509_CINF				 157
+#define ASN1_F_D2I_X509_NAME				 158
+#define ASN1_F_D2I_X509_PKEY				 159
+#define ASN1_F_I2D_ASN1_TIME				 160
+#define ASN1_F_I2D_DSA_PUBKEY				 161
+#define ASN1_F_I2D_ECDSA_PUBKEY				 174
+#define ASN1_F_I2D_EC_PUBKEY				 176
+#define ASN1_F_I2D_NETSCAPE_RSA				 162
+#define ASN1_F_I2D_PRIVATEKEY				 163
+#define ASN1_F_I2D_PUBLICKEY				 164
+#define ASN1_F_I2D_RSA_PUBKEY				 165
+#define ASN1_F_LONG_C2I					 166
+#define ASN1_F_OID_MODULE_INIT				 175
+#define ASN1_F_PARSE_TAGGING				 181
+#define ASN1_F_PKCS5_PBE2_SET				 167
+#define ASN1_F_X509_CINF_NEW				 168
+#define ASN1_F_X509_CRL_ADD0_REVOKED			 169
+#define ASN1_F_X509_INFO_NEW				 170
+#define ASN1_F_X509_NAME_NEW				 171
+#define ASN1_F_X509_NEW					 172
+#define ASN1_F_X509_PKEY_NEW				 173
 
 /* Reason codes. */
-#define ASN1_R_BAD_CLASS				 100
-#define ASN1_R_BAD_OBJECT_HEADER			 101
-#define ASN1_R_BAD_PASSWORD_READ			 102
-#define ASN1_R_BAD_PKCS7_CONTENT			 103
-#define ASN1_R_BAD_PKCS7_TYPE				 104
-#define ASN1_R_BAD_TAG					 105
-#define ASN1_R_BAD_TYPE					 106
-#define ASN1_R_BN_LIB					 107
-#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 108
-#define ASN1_R_BUFFER_TOO_SMALL				 109
-#define ASN1_R_DATA_IS_WRONG				 110
+#define ASN1_R_ADDING_OBJECT				 171
+#define ASN1_R_AUX_ERROR				 100
+#define ASN1_R_BAD_CLASS				 101
+#define ASN1_R_BAD_OBJECT_HEADER			 102
+#define ASN1_R_BAD_PASSWORD_READ			 103
+#define ASN1_R_BAD_TAG					 104
+#define ASN1_R_BN_LIB					 105
+#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 106
+#define ASN1_R_BUFFER_TOO_SMALL				 107
+#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER		 108
+#define ASN1_R_DATA_IS_WRONG				 109
+#define ASN1_R_DECODE_ERROR				 110
 #define ASN1_R_DECODING_ERROR				 111
-#define ASN1_R_ERROR_PARSING_SET_ELEMENT		 112
-#define ASN1_R_EXPECTING_AN_INTEGER			 113
-#define ASN1_R_EXPECTING_AN_OBJECT			 114
-#define ASN1_R_EXPECTING_AN_OCTET_STRING		 115
-#define ASN1_R_EXPECTING_A_BIT_STRING			 116
+#define ASN1_R_DEPTH_EXCEEDED				 173
+#define ASN1_R_ENCODE_ERROR				 112
+#define ASN1_R_ERROR_LOADING_SECTION			 172
+#define ASN1_R_ERROR_PARSING_SET_ELEMENT		 113
+#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS		 114
+#define ASN1_R_EXPECTING_AN_INTEGER			 115
+#define ASN1_R_EXPECTING_AN_OBJECT			 116
 #define ASN1_R_EXPECTING_A_BOOLEAN			 117
-#define ASN1_R_EXPECTING_A_UTCTIME			 118
-#define ASN1_R_FIRST_NUM_TOO_LARGE			 119
-#define ASN1_R_HEADER_TOO_LONG				 120
-#define ASN1_R_INVALID_DIGIT				 121
-#define ASN1_R_INVALID_SEPARATOR			 122
-#define ASN1_R_INVALID_TIME_FORMAT			 123
-#define ASN1_R_IV_TOO_LARGE				 124
-#define ASN1_R_LENGTH_ERROR				 125
-#define ASN1_R_MISSING_SECOND_NUMBER			 126
-#define ASN1_R_NON_HEX_CHARACTERS			 127
-#define ASN1_R_NOT_ENOUGH_DATA				 128
-#define ASN1_R_ODD_NUMBER_OF_CHARS			 129
-#define ASN1_R_PARSING					 130
-#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 131
-#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 132
-#define ASN1_R_SHORT_LINE				 133
-#define ASN1_R_STRING_TOO_SHORT				 134
-#define ASN1_R_TAG_VALUE_TOO_HIGH			 135
-#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 136
-#define ASN1_R_TOO_LONG					 137
-#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 138
-#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 139
-#define ASN1_R_UNKNOWN_ATTRIBUTE_TYPE			 140
-#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 141
-#define ASN1_R_UNKNOWN_OBJECT_TYPE			 142
-#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 143
-#define ASN1_R_UNSUPPORTED_CIPHER			 144
-#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 145
-#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 146
-#define ASN1_R_UTCTIME_TOO_LONG				 147
-#define ASN1_R_WRONG_PRINTABLE_TYPE			 148
-#define ASN1_R_WRONG_TAG				 149
-#define ASN1_R_WRONG_TYPE				 150
- 
+#define ASN1_R_EXPECTING_A_TIME				 118
+#define ASN1_R_EXPLICIT_LENGTH_MISMATCH			 119
+#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED		 120
+#define ASN1_R_FIELD_MISSING				 121
+#define ASN1_R_FIRST_NUM_TOO_LARGE			 122
+#define ASN1_R_HEADER_TOO_LONG				 123
+#define ASN1_R_ILLEGAL_BITSTRING_FORMAT			 174
+#define ASN1_R_ILLEGAL_BOOLEAN				 175
+#define ASN1_R_ILLEGAL_CHARACTERS			 124
+#define ASN1_R_ILLEGAL_FORMAT				 176
+#define ASN1_R_ILLEGAL_HEX				 177
+#define ASN1_R_ILLEGAL_IMPLICIT_TAG			 178
+#define ASN1_R_ILLEGAL_INTEGER				 179
+#define ASN1_R_ILLEGAL_NESTED_TAGGING			 180
+#define ASN1_R_ILLEGAL_NULL				 125
+#define ASN1_R_ILLEGAL_NULL_VALUE			 181
+#define ASN1_R_ILLEGAL_OBJECT				 182
+#define ASN1_R_ILLEGAL_OPTIONAL_ANY			 126
+#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE		 170
+#define ASN1_R_ILLEGAL_TAGGED_ANY			 127
+#define ASN1_R_ILLEGAL_TIME_VALUE			 183
+#define ASN1_R_INTEGER_NOT_ASCII_FORMAT			 184
+#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG		 128
+#define ASN1_R_INVALID_BMPSTRING_LENGTH			 129
+#define ASN1_R_INVALID_DIGIT				 130
+#define ASN1_R_INVALID_MODIFIER				 185
+#define ASN1_R_INVALID_NUMBER				 186
+#define ASN1_R_INVALID_SEPARATOR			 131
+#define ASN1_R_INVALID_TIME_FORMAT			 132
+#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH		 133
+#define ASN1_R_INVALID_UTF8STRING			 134
+#define ASN1_R_IV_TOO_LARGE				 135
+#define ASN1_R_LENGTH_ERROR				 136
+#define ASN1_R_LIST_ERROR				 187
+#define ASN1_R_MISSING_EOC				 137
+#define ASN1_R_MISSING_SECOND_NUMBER			 138
+#define ASN1_R_MISSING_VALUE				 188
+#define ASN1_R_MSTRING_NOT_UNIVERSAL			 139
+#define ASN1_R_MSTRING_WRONG_TAG			 140
+#define ASN1_R_NON_HEX_CHARACTERS			 141
+#define ASN1_R_NOT_ASCII_FORMAT				 189
+#define ASN1_R_NOT_ENOUGH_DATA				 142
+#define ASN1_R_NO_MATCHING_CHOICE_TYPE			 143
+#define ASN1_R_NULL_IS_WRONG_LENGTH			 144
+#define ASN1_R_OBJECT_NOT_ASCII_FORMAT			 190
+#define ASN1_R_ODD_NUMBER_OF_CHARS			 145
+#define ASN1_R_PRIVATE_KEY_HEADER_MISSING		 146
+#define ASN1_R_SECOND_NUMBER_TOO_LARGE			 147
+#define ASN1_R_SEQUENCE_LENGTH_MISMATCH			 148
+#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED			 149
+#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG		 195
+#define ASN1_R_SHORT_LINE				 150
+#define ASN1_R_STRING_TOO_LONG				 151
+#define ASN1_R_STRING_TOO_SHORT				 152
+#define ASN1_R_TAG_VALUE_TOO_HIGH			 153
+#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
+#define ASN1_R_TIME_NOT_ASCII_FORMAT			 191
+#define ASN1_R_TOO_LONG					 155
+#define ASN1_R_TYPE_NOT_CONSTRUCTED			 156
+#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157
+#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 158
+#define ASN1_R_UNEXPECTED_EOC				 159
+#define ASN1_R_UNKNOWN_FORMAT				 160
+#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 161
+#define ASN1_R_UNKNOWN_OBJECT_TYPE			 162
+#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE			 163
+#define ASN1_R_UNKNOWN_TAG				 192
+#define ASN1_R_UNKOWN_FORMAT				 193
+#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE		 164
+#define ASN1_R_UNSUPPORTED_CIPHER			 165
+#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM		 166
+#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE		 167
+#define ASN1_R_UNSUPPORTED_TYPE				 194
+#define ASN1_R_WRONG_TAG				 168
+#define ASN1_R_WRONG_TYPE				 169
+
 #ifdef  __cplusplus
 }
 #endif
 #endif
-
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index b7818f8477..55aef5e790 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -1,259 +1,268 @@
-/* lib/asn1/asn1_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/asn1/asn1_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "asn1.h"
+#include <openssl/err.h>
+#include <openssl/asn1.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA ASN1_str_functs[]=
 	{
 {ERR_PACK(0,ASN1_F_A2D_ASN1_OBJECT,0),	"a2d_ASN1_OBJECT"},
+{ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0),	"a2i_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0),	"a2i_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0),	"a2i_ASN1_STRING"},
-{ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMATIVE,0),	"ASN1_COLLATE_PRIMATIVE"},
+{ERR_PACK(0,ASN1_F_APPEND_TAG,0),	"APPEND_TAG"},
+{ERR_PACK(0,ASN1_F_ASN1_CB,0),	"ASN1_CB"},
+{ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0),	"ASN1_CHECK_TLEN"},
+{ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0),	"ASN1_COLLATE_PRIMITIVE"},
+{ERR_PACK(0,ASN1_F_ASN1_COLLECT,0),	"ASN1_COLLECT"},
 {ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0),	"ASN1_d2i_bio"},
+{ERR_PACK(0,ASN1_F_ASN1_D2I_EX_PRIMITIVE,0),	"ASN1_D2I_EX_PRIMITIVE"},
 {ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0),	"ASN1_d2i_fp"},
+{ERR_PACK(0,ASN1_F_ASN1_DO_ADB,0),	"ASN1_DO_ADB"},
 {ERR_PACK(0,ASN1_F_ASN1_DUP,0),	"ASN1_dup"},
+{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0),	"ASN1_ENUMERATED_set"},
+{ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0),	"ASN1_ENUMERATED_to_BN"},
+{ERR_PACK(0,ASN1_F_ASN1_GENERATE_V3,0),	"ASN1_generate_v3"},
 {ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0),	"ASN1_get_object"},
 {ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0),	"ASN1_HEADER_new"},
 {ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0),	"ASN1_i2d_bio"},
 {ERR_PACK(0,ASN1_F_ASN1_I2D_FP,0),	"ASN1_i2d_fp"},
 {ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0),	"ASN1_INTEGER_set"},
 {ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0),	"ASN1_INTEGER_to_BN"},
+{ERR_PACK(0,ASN1_F_ASN1_ITEM_EX_D2I,0),	"ASN1_ITEM_EX_D2I"},
+{ERR_PACK(0,ASN1_F_ASN1_ITEM_NEW,0),	"ASN1_item_new"},
+{ERR_PACK(0,ASN1_F_ASN1_MBSTRING_COPY,0),	"ASN1_mbstring_copy"},
 {ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0),	"ASN1_OBJECT_new"},
-{ERR_PACK(0,ASN1_F_ASN1_SIGN,0),	"ASN1_SIGN"},
-{ERR_PACK(0,ASN1_F_ASN1_STRING_NEW,0),	"ASN1_STRING_new"},
+{ERR_PACK(0,ASN1_F_ASN1_PACK_STRING,0),	"ASN1_pack_string"},
+{ERR_PACK(0,ASN1_F_ASN1_PBE_SET,0),	"ASN1_PBE_SET"},
+{ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0),	"ASN1_seq_pack"},
+{ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0),	"ASN1_seq_unpack"},
+{ERR_PACK(0,ASN1_F_ASN1_SIGN,0),	"ASN1_sign"},
+{ERR_PACK(0,ASN1_F_ASN1_STR2TYPE,0),	"ASN1_STR2TYPE"},
+{ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0),	"ASN1_STRING_TABLE_add"},
 {ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0),	"ASN1_STRING_type_new"},
+{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0),	"ASN1_TEMPLATE_D2I"},
+{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0),	"ASN1_TEMPLATE_EX_D2I"},
+{ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0),	"ASN1_TEMPLATE_NEW"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0),	"ASN1_TYPE_get_int_octetstring"},
 {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0),	"ASN1_TYPE_get_octetstring"},
-{ERR_PACK(0,ASN1_F_ASN1_TYPE_NEW,0),	"ASN1_TYPE_new"},
-{ERR_PACK(0,ASN1_F_ASN1_UTCTIME_NEW,0),	"ASN1_UTCTIME_NEW"},
-{ERR_PACK(0,ASN1_F_ASN1_VERIFY,0),	"ASN1_VERIFY"},
+{ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0),	"ASN1_unpack_string"},
+{ERR_PACK(0,ASN1_F_ASN1_VERIFY,0),	"ASN1_verify"},
+{ERR_PACK(0,ASN1_F_BITSTR_CB,0),	"BITSTR_CB"},
+{ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0),	"BN_to_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0),	"BN_to_ASN1_INTEGER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0),	"d2i_ASN1_BIT_STRING"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_BMPSTRING,0),	"d2i_ASN1_BMPSTRING"},
+{ERR_PACK(0,ASN1_F_COLLECT_DATA,0),	"COLLECT_DATA"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0),	"D2I_ASN1_BIT_STRING"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0),	"d2i_ASN1_BOOLEAN"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BYTES,0),	"d2i_ASN1_bytes"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0),	"D2I_ASN1_GENERALIZEDTIME"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_HEADER,0),	"d2i_ASN1_HEADER"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0),	"d2i_ASN1_INTEGER"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0),	"D2I_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_OBJECT,0),	"d2i_ASN1_OBJECT"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_OCTET_STRING,0),	"d2i_ASN1_OCTET_STRING"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_PRINT_TYPE,0),	"D2I_ASN1_PRINT_TYPE"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_SET,0),	"d2i_ASN1_SET"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE,0),	"d2i_ASN1_TYPE"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0),	"d2i_ASN1_type_bytes"},
-{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0),	"d2i_ASN1_UTCTIME"},
-{ERR_PACK(0,ASN1_F_D2I_DHPARAMS,0),	"D2I_DHPARAMS"},
-{ERR_PACK(0,ASN1_F_D2I_DSAPARAMS,0),	"D2I_DSAPARAMS"},
-{ERR_PACK(0,ASN1_F_D2I_DSAPRIVATEKEY,0),	"D2I_DSAPRIVATEKEY"},
-{ERR_PACK(0,ASN1_F_D2I_DSAPUBLICKEY,0),	"D2I_DSAPUBLICKEY"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_PKEY,0),	"D2I_NETSCAPE_PKEY"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0),	"D2I_NETSCAPE_RSA"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_UINTEGER,0),	"d2i_ASN1_UINTEGER"},
+{ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0),	"D2I_ASN1_UTCTIME"},
+{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0),	"d2i_Netscape_RSA"},
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0),	"D2I_NETSCAPE_RSA_2"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0),	"D2I_NETSCAPE_SPKAC"},
-{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0),	"D2I_NETSCAPE_SPKI"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7,0),	"D2I_PKCS7"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_DIGEST,0),	"D2I_PKCS7_DIGEST"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENCRYPT,0),	"D2I_PKCS7_ENCRYPT"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENC_CONTENT,0),	"D2I_PKCS7_ENC_CONTENT"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_ENVELOPE,0),	"D2I_PKCS7_ENVELOPE"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL,0),	"D2I_PKCS7_ISSUER_AND_SERIAL"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_RECIP_INFO,0),	"D2I_PKCS7_RECIP_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNED,0),	"D2I_PKCS7_SIGNED"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNER_INFO,0),	"D2I_PKCS7_SIGNER_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGN_ENVELOPE,0),	"D2I_PKCS7_SIGN_ENVELOPE"},
-{ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0),	"D2I_PRIVATEKEY"},
-{ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0),	"D2I_PUBLICKEY"},
-{ERR_PACK(0,ASN1_F_D2I_RSAPRIVATEKEY,0),	"D2I_RSAPRIVATEKEY"},
-{ERR_PACK(0,ASN1_F_D2I_RSAPUBLICKEY,0),	"D2I_RSAPUBLICKEY"},
+{ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0),	"d2i_PrivateKey"},
+{ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0),	"d2i_PublicKey"},
 {ERR_PACK(0,ASN1_F_D2I_X509,0),	"D2I_X509"},
-{ERR_PACK(0,ASN1_F_D2I_X509_ALGOR,0),	"D2I_X509_ALGOR"},
-{ERR_PACK(0,ASN1_F_D2I_X509_ATTRIBUTE,0),	"D2I_X509_ATTRIBUTE"},
 {ERR_PACK(0,ASN1_F_D2I_X509_CINF,0),	"D2I_X509_CINF"},
-{ERR_PACK(0,ASN1_F_D2I_X509_CRL,0),	"D2I_X509_CRL"},
-{ERR_PACK(0,ASN1_F_D2I_X509_CRL_INFO,0),	"D2I_X509_CRL_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_X509_EXTENSION,0),	"D2I_X509_EXTENSION"},
-{ERR_PACK(0,ASN1_F_D2I_X509_KEY,0),	"D2I_X509_KEY"},
 {ERR_PACK(0,ASN1_F_D2I_X509_NAME,0),	"D2I_X509_NAME"},
-{ERR_PACK(0,ASN1_F_D2I_X509_NAME_ENTRY,0),	"D2I_X509_NAME_ENTRY"},
-{ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0),	"D2I_X509_PKEY"},
-{ERR_PACK(0,ASN1_F_D2I_X509_PUBKEY,0),	"D2I_X509_PUBKEY"},
-{ERR_PACK(0,ASN1_F_D2I_X509_REQ,0),	"D2I_X509_REQ"},
-{ERR_PACK(0,ASN1_F_D2I_X509_REQ_INFO,0),	"D2I_X509_REQ_INFO"},
-{ERR_PACK(0,ASN1_F_D2I_X509_REVOKED,0),	"D2I_X509_REVOKED"},
-{ERR_PACK(0,ASN1_F_D2I_X509_SIG,0),	"D2I_X509_SIG"},
-{ERR_PACK(0,ASN1_F_D2I_X509_VAL,0),	"D2I_X509_VAL"},
-{ERR_PACK(0,ASN1_F_I2D_ASN1_HEADER,0),	"i2d_ASN1_HEADER"},
-{ERR_PACK(0,ASN1_F_I2D_DHPARAMS,0),	"I2D_DHPARAMS"},
-{ERR_PACK(0,ASN1_F_I2D_DSAPARAMS,0),	"I2D_DSAPARAMS"},
-{ERR_PACK(0,ASN1_F_I2D_DSAPRIVATEKEY,0),	"I2D_DSAPRIVATEKEY"},
-{ERR_PACK(0,ASN1_F_I2D_DSAPUBLICKEY,0),	"I2D_DSAPUBLICKEY"},
-{ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0),	"I2D_NETSCAPE_RSA"},
-{ERR_PACK(0,ASN1_F_I2D_PKCS7,0),	"I2D_PKCS7"},
-{ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0),	"I2D_PRIVATEKEY"},
-{ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0),	"I2D_PUBLICKEY"},
-{ERR_PACK(0,ASN1_F_I2D_RSAPRIVATEKEY,0),	"I2D_RSAPRIVATEKEY"},
-{ERR_PACK(0,ASN1_F_I2D_RSAPUBLICKEY,0),	"I2D_RSAPUBLICKEY"},
-{ERR_PACK(0,ASN1_F_I2D_X509_ATTRIBUTE,0),	"I2D_X509_ATTRIBUTE"},
-{ERR_PACK(0,ASN1_F_I2T_ASN1_OBJECT,0),	"i2t_ASN1_OBJECT"},
-{ERR_PACK(0,ASN1_F_NETSCAPE_PKEY_NEW,0),	"NETSCAPE_PKEY_NEW"},
-{ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0),	"NETSCAPE_SPKAC_NEW"},
-{ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0),	"NETSCAPE_SPKI_NEW"},
-{ERR_PACK(0,ASN1_F_PKCS7_DIGEST_NEW,0),	"PKCS7_DIGEST_NEW"},
-{ERR_PACK(0,ASN1_F_PKCS7_ENCRYPT_NEW,0),	"PKCS7_ENCRYPT_NEW"},
-{ERR_PACK(0,ASN1_F_PKCS7_ENC_CONTENT_NEW,0),	"PKCS7_ENC_CONTENT_NEW"},
-{ERR_PACK(0,ASN1_F_PKCS7_ENVELOPE_NEW,0),	"PKCS7_ENVELOPE_NEW"},
-{ERR_PACK(0,ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW,0),	"PKCS7_ISSUER_AND_SERIAL_NEW"},
-{ERR_PACK(0,ASN1_F_PKCS7_NEW,0),	"PKCS7_NEW"},
-{ERR_PACK(0,ASN1_F_PKCS7_RECIP_INFO_NEW,0),	"PKCS7_RECIP_INFO_NEW"},
-{ERR_PACK(0,ASN1_F_PKCS7_SIGNED_NEW,0),	"PKCS7_SIGNED_NEW"},
-{ERR_PACK(0,ASN1_F_PKCS7_SIGNER_INFO_NEW,0),	"PKCS7_SIGNER_INFO_NEW"},
-{ERR_PACK(0,ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,0),	"PKCS7_SIGN_ENVELOPE_NEW"},
-{ERR_PACK(0,ASN1_F_X509_ALGOR_NEW,0),	"X509_ALGOR_NEW"},
-{ERR_PACK(0,ASN1_F_X509_ATTRIBUTE_NEW,0),	"X509_ATTRIBUTE_NEW"},
+{ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0),	"d2i_X509_PKEY"},
+{ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0),	"I2D_ASN1_TIME"},
+{ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0),	"i2d_DSA_PUBKEY"},
+{ERR_PACK(0,ASN1_F_I2D_ECDSA_PUBKEY,0),	"I2D_ECDSA_PUBKEY"},
+{ERR_PACK(0,ASN1_F_I2D_EC_PUBKEY,0),	"i2d_EC_PUBKEY"},
+{ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0),	"i2d_Netscape_RSA"},
+{ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0),	"i2d_PrivateKey"},
+{ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0),	"i2d_PublicKey"},
+{ERR_PACK(0,ASN1_F_I2D_RSA_PUBKEY,0),	"i2d_RSA_PUBKEY"},
+{ERR_PACK(0,ASN1_F_LONG_C2I,0),	"LONG_C2I"},
+{ERR_PACK(0,ASN1_F_OID_MODULE_INIT,0),	"OID_MODULE_INIT"},
+{ERR_PACK(0,ASN1_F_PARSE_TAGGING,0),	"PARSE_TAGGING"},
+{ERR_PACK(0,ASN1_F_PKCS5_PBE2_SET,0),	"PKCS5_pbe2_set"},
 {ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),	"X509_CINF_NEW"},
-{ERR_PACK(0,ASN1_F_X509_CRL_INFO_NEW,0),	"X509_CRL_INFO_NEW"},
-{ERR_PACK(0,ASN1_F_X509_CRL_NEW,0),	"X509_CRL_NEW"},
-{ERR_PACK(0,ASN1_F_X509_DHPARAMS_NEW,0),	"X509_DHPARAMS_NEW"},
-{ERR_PACK(0,ASN1_F_X509_EXTENSION_NEW,0),	"X509_EXTENSION_NEW"},
-{ERR_PACK(0,ASN1_F_X509_INFO_NEW,0),	"X509_INFO_NEW"},
-{ERR_PACK(0,ASN1_F_X509_KEY_NEW,0),	"X509_KEY_NEW"},
-{ERR_PACK(0,ASN1_F_X509_NAME_ENTRY_NEW,0),	"X509_NAME_ENTRY_NEW"},
+{ERR_PACK(0,ASN1_F_X509_CRL_ADD0_REVOKED,0),	"X509_CRL_add0_revoked"},
+{ERR_PACK(0,ASN1_F_X509_INFO_NEW,0),	"X509_INFO_new"},
 {ERR_PACK(0,ASN1_F_X509_NAME_NEW,0),	"X509_NAME_NEW"},
 {ERR_PACK(0,ASN1_F_X509_NEW,0),	"X509_NEW"},
-{ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0),	"X509_PKEY_NEW"},
-{ERR_PACK(0,ASN1_F_X509_PUBKEY_NEW,0),	"X509_PUBKEY_NEW"},
-{ERR_PACK(0,ASN1_F_X509_REQ_INFO_NEW,0),	"X509_REQ_INFO_NEW"},
-{ERR_PACK(0,ASN1_F_X509_REQ_NEW,0),	"X509_REQ_NEW"},
-{ERR_PACK(0,ASN1_F_X509_REVOKED_NEW,0),	"X509_REVOKED_NEW"},
-{ERR_PACK(0,ASN1_F_X509_SIG_NEW,0),	"X509_SIG_NEW"},
-{ERR_PACK(0,ASN1_F_X509_VAL_FREE,0),	"X509_VAL_FREE"},
-{ERR_PACK(0,ASN1_F_X509_VAL_NEW,0),	"X509_VAL_NEW"},
-{0,NULL},
+{ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0),	"X509_PKEY_new"},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA ASN1_str_reasons[]=
 	{
+{ASN1_R_ADDING_OBJECT                    ,"adding object"},
+{ASN1_R_AUX_ERROR                        ,"aux error"},
 {ASN1_R_BAD_CLASS                        ,"bad class"},
 {ASN1_R_BAD_OBJECT_HEADER                ,"bad object header"},
 {ASN1_R_BAD_PASSWORD_READ                ,"bad password read"},
-{ASN1_R_BAD_PKCS7_CONTENT                ,"bad pkcs7 content"},
-{ASN1_R_BAD_PKCS7_TYPE                   ,"bad pkcs7 type"},
 {ASN1_R_BAD_TAG                          ,"bad tag"},
-{ASN1_R_BAD_TYPE                         ,"bad type"},
 {ASN1_R_BN_LIB                           ,"bn lib"},
 {ASN1_R_BOOLEAN_IS_WRONG_LENGTH          ,"boolean is wrong length"},
 {ASN1_R_BUFFER_TOO_SMALL                 ,"buffer too small"},
+{ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER  ,"cipher has no object identifier"},
 {ASN1_R_DATA_IS_WRONG                    ,"data is wrong"},
+{ASN1_R_DECODE_ERROR                     ,"decode error"},
 {ASN1_R_DECODING_ERROR                   ,"decoding error"},
+{ASN1_R_DEPTH_EXCEEDED                   ,"depth exceeded"},
+{ASN1_R_ENCODE_ERROR                     ,"encode error"},
+{ASN1_R_ERROR_LOADING_SECTION            ,"error loading section"},
 {ASN1_R_ERROR_PARSING_SET_ELEMENT        ,"error parsing set element"},
+{ASN1_R_ERROR_SETTING_CIPHER_PARAMS      ,"error setting cipher params"},
 {ASN1_R_EXPECTING_AN_INTEGER             ,"expecting an integer"},
 {ASN1_R_EXPECTING_AN_OBJECT              ,"expecting an object"},
-{ASN1_R_EXPECTING_AN_OCTET_STRING        ,"expecting an octet string"},
-{ASN1_R_EXPECTING_A_BIT_STRING           ,"expecting a bit string"},
 {ASN1_R_EXPECTING_A_BOOLEAN              ,"expecting a boolean"},
-{ASN1_R_EXPECTING_A_UTCTIME              ,"expecting a utctime"},
+{ASN1_R_EXPECTING_A_TIME                 ,"expecting a time"},
+{ASN1_R_EXPLICIT_LENGTH_MISMATCH         ,"explicit length mismatch"},
+{ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED     ,"explicit tag not constructed"},
+{ASN1_R_FIELD_MISSING                    ,"field missing"},
 {ASN1_R_FIRST_NUM_TOO_LARGE              ,"first num too large"},
 {ASN1_R_HEADER_TOO_LONG                  ,"header too long"},
+{ASN1_R_ILLEGAL_BITSTRING_FORMAT         ,"illegal bitstring format"},
+{ASN1_R_ILLEGAL_BOOLEAN                  ,"illegal boolean"},
+{ASN1_R_ILLEGAL_CHARACTERS               ,"illegal characters"},
+{ASN1_R_ILLEGAL_FORMAT                   ,"illegal format"},
+{ASN1_R_ILLEGAL_HEX                      ,"illegal hex"},
+{ASN1_R_ILLEGAL_IMPLICIT_TAG             ,"illegal implicit tag"},
+{ASN1_R_ILLEGAL_INTEGER                  ,"illegal integer"},
+{ASN1_R_ILLEGAL_NESTED_TAGGING           ,"illegal nested tagging"},
+{ASN1_R_ILLEGAL_NULL                     ,"illegal null"},
+{ASN1_R_ILLEGAL_NULL_VALUE               ,"illegal null value"},
+{ASN1_R_ILLEGAL_OBJECT                   ,"illegal object"},
+{ASN1_R_ILLEGAL_OPTIONAL_ANY             ,"illegal optional any"},
+{ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE ,"illegal options on item template"},
+{ASN1_R_ILLEGAL_TAGGED_ANY               ,"illegal tagged any"},
+{ASN1_R_ILLEGAL_TIME_VALUE               ,"illegal time value"},
+{ASN1_R_INTEGER_NOT_ASCII_FORMAT         ,"integer not ascii format"},
+{ASN1_R_INTEGER_TOO_LARGE_FOR_LONG       ,"integer too large for long"},
+{ASN1_R_INVALID_BMPSTRING_LENGTH         ,"invalid bmpstring length"},
 {ASN1_R_INVALID_DIGIT                    ,"invalid digit"},
+{ASN1_R_INVALID_MODIFIER                 ,"invalid modifier"},
+{ASN1_R_INVALID_NUMBER                   ,"invalid number"},
 {ASN1_R_INVALID_SEPARATOR                ,"invalid separator"},
 {ASN1_R_INVALID_TIME_FORMAT              ,"invalid time format"},
+{ASN1_R_INVALID_UNIVERSALSTRING_LENGTH   ,"invalid universalstring length"},
+{ASN1_R_INVALID_UTF8STRING               ,"invalid utf8string"},
 {ASN1_R_IV_TOO_LARGE                     ,"iv too large"},
 {ASN1_R_LENGTH_ERROR                     ,"length error"},
+{ASN1_R_LIST_ERROR                       ,"list error"},
+{ASN1_R_MISSING_EOC                      ,"missing eoc"},
 {ASN1_R_MISSING_SECOND_NUMBER            ,"missing second number"},
+{ASN1_R_MISSING_VALUE                    ,"missing value"},
+{ASN1_R_MSTRING_NOT_UNIVERSAL            ,"mstring not universal"},
+{ASN1_R_MSTRING_WRONG_TAG                ,"mstring wrong tag"},
 {ASN1_R_NON_HEX_CHARACTERS               ,"non hex characters"},
+{ASN1_R_NOT_ASCII_FORMAT                 ,"not ascii format"},
 {ASN1_R_NOT_ENOUGH_DATA                  ,"not enough data"},
+{ASN1_R_NO_MATCHING_CHOICE_TYPE          ,"no matching choice type"},
+{ASN1_R_NULL_IS_WRONG_LENGTH             ,"null is wrong length"},
+{ASN1_R_OBJECT_NOT_ASCII_FORMAT          ,"object not ascii format"},
 {ASN1_R_ODD_NUMBER_OF_CHARS              ,"odd number of chars"},
-{ASN1_R_PARSING                          ,"parsing"},
 {ASN1_R_PRIVATE_KEY_HEADER_MISSING       ,"private key header missing"},
 {ASN1_R_SECOND_NUMBER_TOO_LARGE          ,"second number too large"},
+{ASN1_R_SEQUENCE_LENGTH_MISMATCH         ,"sequence length mismatch"},
+{ASN1_R_SEQUENCE_NOT_CONSTRUCTED         ,"sequence not constructed"},
+{ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG     ,"sequence or set needs config"},
 {ASN1_R_SHORT_LINE                       ,"short line"},
+{ASN1_R_STRING_TOO_LONG                  ,"string too long"},
 {ASN1_R_STRING_TOO_SHORT                 ,"string too short"},
 {ASN1_R_TAG_VALUE_TOO_HIGH               ,"tag value too high"},
 {ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
+{ASN1_R_TIME_NOT_ASCII_FORMAT            ,"time not ascii format"},
 {ASN1_R_TOO_LONG                         ,"too long"},
+{ASN1_R_TYPE_NOT_CONSTRUCTED             ,"type not constructed"},
 {ASN1_R_UNABLE_TO_DECODE_RSA_KEY         ,"unable to decode rsa key"},
 {ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"},
-{ASN1_R_UNKNOWN_ATTRIBUTE_TYPE           ,"unknown attribute type"},
+{ASN1_R_UNEXPECTED_EOC                   ,"unexpected eoc"},
+{ASN1_R_UNKNOWN_FORMAT                   ,"unknown format"},
 {ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"},
 {ASN1_R_UNKNOWN_OBJECT_TYPE              ,"unknown object type"},
 {ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE          ,"unknown public key type"},
+{ASN1_R_UNKNOWN_TAG                      ,"unknown tag"},
+{ASN1_R_UNKOWN_FORMAT                    ,"unkown format"},
+{ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE  ,"unsupported any defined by type"},
 {ASN1_R_UNSUPPORTED_CIPHER               ,"unsupported cipher"},
 {ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM ,"unsupported encryption algorithm"},
 {ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE      ,"unsupported public key type"},
-{ASN1_R_UTCTIME_TOO_LONG                 ,"utctime too long"},
-{ASN1_R_WRONG_PRINTABLE_TYPE             ,"wrong printable type"},
+{ASN1_R_UNSUPPORTED_TYPE                 ,"unsupported type"},
 {ASN1_R_WRONG_TAG                        ,"wrong tag"},
 {ASN1_R_WRONG_TYPE                       ,"wrong type"},
-{0,NULL},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_ASN1_strings()
+void ERR_load_ASN1_strings(void)
 	{
 	static int init=1;
 
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_ASN1,ASN1_str_functs);
 		ERR_load_strings(ERR_LIB_ASN1,ASN1_str_reasons);
 #endif
diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c
new file mode 100644
index 0000000000..097b4b8ecf
--- /dev/null
+++ b/crypto/asn1/asn1_gen.c
@@ -0,0 +1,839 @@
+/* asn1_gen.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/x509v3.h>
+
+#define ASN1_GEN_FLAG		0x10000
+#define ASN1_GEN_FLAG_IMP	(ASN1_GEN_FLAG|1)
+#define ASN1_GEN_FLAG_EXP	(ASN1_GEN_FLAG|2)
+#define ASN1_GEN_FLAG_TAG	(ASN1_GEN_FLAG|3)
+#define ASN1_GEN_FLAG_BITWRAP	(ASN1_GEN_FLAG|4)
+#define ASN1_GEN_FLAG_OCTWRAP	(ASN1_GEN_FLAG|5)
+#define ASN1_GEN_FLAG_SEQWRAP	(ASN1_GEN_FLAG|6)
+#define ASN1_GEN_FLAG_SETWRAP	(ASN1_GEN_FLAG|7)
+#define ASN1_GEN_FLAG_FORMAT	(ASN1_GEN_FLAG|8)
+
+#define ASN1_GEN_STR(str,val)	{str, sizeof(str) - 1, val}
+
+#define ASN1_FLAG_EXP_MAX	20
+
+/* Input formats */
+
+/* ASCII: default */
+#define ASN1_GEN_FORMAT_ASCII	1
+/* UTF8 */
+#define ASN1_GEN_FORMAT_UTF8	2
+/* Hex */
+#define ASN1_GEN_FORMAT_HEX	3
+/* List of bits */
+#define ASN1_GEN_FORMAT_BITLIST	4
+
+
+struct tag_name_st
+	{
+	char *strnam;
+	int len;
+	int tag;
+	};
+
+typedef struct
+	{
+	int exp_tag;
+	int exp_class;
+	int exp_constructed;
+	int exp_pad;
+	long exp_len;
+	} tag_exp_type;
+
+typedef struct
+	{
+	int imp_tag;
+	int imp_class;
+	int utype;
+	int format;
+	const char *str;
+	tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];
+	int exp_count;
+	} tag_exp_arg;
+
+static int bitstr_cb(const char *elem, int len, void *bitstr);
+static int asn1_cb(const char *elem, int len, void *bitstr);
+static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok);
+static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass);
+static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
+static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
+static int asn1_str2tag(const char *tagstr, int len);
+
+ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
+	{
+	X509V3_CTX cnf;
+
+	if (!nconf)
+		return ASN1_generate_v3(str, NULL);
+
+	X509V3_set_nconf(&cnf, nconf);
+	return ASN1_generate_v3(str, &cnf);
+	}
+
+ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
+	{
+	ASN1_TYPE *ret;
+	tag_exp_arg asn1_tags;
+	tag_exp_type *etmp;
+
+	int i, len;
+
+	unsigned char *orig_der = NULL, *new_der = NULL;
+	unsigned char *cpy_start, *p;
+	int cpy_len;
+	long hdr_len;
+	int hdr_constructed = 0, hdr_tag, hdr_class;
+	int r;
+
+	asn1_tags.imp_tag = -1;
+	asn1_tags.imp_class = -1;
+	asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
+	asn1_tags.exp_count = 0;
+	if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
+		return NULL;
+
+	if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET))
+		{
+		if (!cnf)
+			{
+			ASN1err(ASN1_F_ASN1_GENERATE_V3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
+			return NULL;
+			}
+		ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
+		}
+	else
+		ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
+
+	if (!ret)
+		return NULL;
+
+	/* If no tagging return base type */
+	if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))
+		return ret;
+
+	/* Generate the encoding */
+	cpy_len = i2d_ASN1_TYPE(ret, &orig_der);
+	ASN1_TYPE_free(ret);
+	ret = NULL;
+	/* Set point to start copying for modified encoding */
+	cpy_start = orig_der;
+
+	/* Do we need IMPLICIT tagging? */
+	if (asn1_tags.imp_tag != -1)
+		{
+		/* If IMPLICIT we will replace the underlying tag */
+		/* Skip existing tag+len */
+		r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, cpy_len);
+		if (r & 0x80)
+			goto err;
+		/* Update copy length */
+		cpy_len -= cpy_start - orig_der;
+		/* For IMPLICIT tagging the length should match the
+		 * original length and constructed flag should be
+		 * consistent.
+		 */
+		if (r & 0x1)
+			{
+			/* Indefinite length constructed */
+			hdr_constructed = 2;
+			hdr_len = 0;
+			}
+		else
+			/* Just retain constructed flag */
+			hdr_constructed = r & V_ASN1_CONSTRUCTED;
+		/* Work out new length with IMPLICIT tag: ignore constructed
+		 * because it will mess up if indefinite length
+		 */
+		len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);
+		}
+	else
+		len = cpy_len;
+
+	/* Work out length in any EXPLICIT, starting from end */
+
+	for(i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; i < asn1_tags.exp_count; i++, etmp--)
+		{
+		/* Content length: number of content octets + any padding */
+		len += etmp->exp_pad;
+		etmp->exp_len = len;
+		/* Total object length: length including new header */
+		len = ASN1_object_size(0, len, etmp->exp_tag);
+		}
+
+	/* Allocate buffer for new encoding */
+
+	new_der = OPENSSL_malloc(len);
+
+	/* Generate tagged encoding */
+
+	p = new_der;
+
+	/* Output explicit tags first */
+
+	for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; i++, etmp++)
+		{
+		ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,
+					etmp->exp_tag, etmp->exp_class);
+		if (etmp->exp_pad)
+			*p++ = 0;
+		}
+
+	/* If IMPLICIT, output tag */
+
+	if (asn1_tags.imp_tag != -1)
+		ASN1_put_object(&p, hdr_constructed, hdr_len,
+					asn1_tags.imp_tag, asn1_tags.imp_class);
+
+	/* Copy across original encoding */
+	memcpy(p, cpy_start, cpy_len);
+
+	p = new_der;
+
+	/* Obtain new ASN1_TYPE structure */
+	ret = d2i_ASN1_TYPE(NULL, &p, len);
+
+	err:
+	if (orig_der)
+		OPENSSL_free(orig_der);
+	if (new_der)
+		OPENSSL_free(new_der);
+
+	return ret;
+
+	}
+
+static int asn1_cb(const char *elem, int len, void *bitstr)
+	{
+	tag_exp_arg *arg = bitstr;
+	int i;
+	int utype;
+	int vlen = 0;
+	const char *p, *vstart = NULL;
+
+	int tmp_tag, tmp_class;
+
+	for(i = 0, p = elem; i < len; p++, i++)
+		{
+		/* Look for the ':' in name value pairs */
+		if (*p == ':')
+			{
+			vstart = p + 1;
+			vlen = len - (vstart - elem);
+			len = p - elem;
+			break;
+			}
+		}
+
+	utype = asn1_str2tag(elem, len);
+
+	if (utype == -1)
+		{
+		ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG);
+		ERR_add_error_data(2, "tag=", elem);
+		return -1;
+		}
+
+	/* If this is not a modifier mark end of string and exit */
+	if (!(utype & ASN1_GEN_FLAG))
+		{
+		arg->utype = utype;
+		arg->str = vstart;
+		/* If no value and not end of string, error */
+		if (!vstart && elem[len])
+			{
+			ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE);
+			return -1;
+			}
+		return 0;
+		}
+
+	switch(utype)
+		{
+
+		case ASN1_GEN_FLAG_IMP:
+		/* Check for illegal multiple IMPLICIT tagging */
+		if (arg->imp_tag != -1)
+			{
+			ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING);
+			return -1;
+			}
+		if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))
+			return -1;
+		break;
+
+		case ASN1_GEN_FLAG_EXP:
+
+		if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))
+			return -1;
+		if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))
+			return -1;
+		break;
+
+		case ASN1_GEN_FLAG_SEQWRAP:
+		if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))
+			return -1;
+		break;
+
+		case ASN1_GEN_FLAG_SETWRAP:
+		if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))
+			return -1;
+		break;
+
+		case ASN1_GEN_FLAG_BITWRAP:
+		if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))
+			return -1;
+		break;
+
+		case ASN1_GEN_FLAG_OCTWRAP:
+		if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
+			return -1;
+		break;
+
+		case ASN1_GEN_FLAG_FORMAT:
+		if (!strncmp(vstart, "ASCII", 5))
+			arg->format = ASN1_GEN_FORMAT_ASCII;
+		else if (!strncmp(vstart, "UTF8", 4))
+			arg->format = ASN1_GEN_FORMAT_UTF8;
+		else if (!strncmp(vstart, "HEX", 3))
+			arg->format = ASN1_GEN_FORMAT_HEX;
+		else if (!strncmp(vstart, "BITLIST", 3))
+			arg->format = ASN1_GEN_FORMAT_BITLIST;
+		else
+			{
+			ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT);
+			return -1;
+			}
+		break;
+
+		}
+
+	return 1;
+
+	}
+
+static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
+	{
+	char erch[2];
+	long tag_num;
+	char *eptr;
+	if (!vstart)
+		return 0;
+	tag_num = strtoul(vstart, &eptr, 10);
+	/* Check we haven't gone past max length: should be impossible */
+	if (eptr && *eptr && (eptr > vstart + vlen))
+		return 0;
+	if (tag_num < 0)
+		{
+		ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER);
+		return 0;
+		}
+	*ptag = tag_num;
+	/* If we have non numeric characters, parse them */
+	if (eptr)
+		vlen -= eptr - vstart;
+	else 
+		vlen = 0;
+	if (vlen)
+		{
+		switch (*eptr)
+			{
+
+			case 'U':
+			*pclass = V_ASN1_UNIVERSAL;
+			break;
+
+			case 'A':
+			*pclass = V_ASN1_APPLICATION;
+			break;
+
+			case 'P':
+			*pclass = V_ASN1_PRIVATE;
+			break;
+
+			case 'C':
+			*pclass = V_ASN1_CONTEXT_SPECIFIC;
+			break;
+
+			default:
+			erch[0] = *eptr;
+			erch[1] = 0;
+			ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER);
+			ERR_add_error_data(2, "Char=", erch);
+			return 0;
+			break;
+
+			}
+		}
+	else
+		*pclass = V_ASN1_CONTEXT_SPECIFIC;
+
+	return 1;
+
+	}
+
+/* Handle multiple types: SET and SEQUENCE */
+
+static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
+	{
+	ASN1_TYPE *ret = NULL, *typ = NULL;
+	STACK_OF(ASN1_TYPE) *sk = NULL;
+	STACK_OF(CONF_VALUE) *sect = NULL;
+	unsigned char *der = NULL, *p;
+	int derlen;
+	int i, is_set;
+	sk = sk_ASN1_TYPE_new_null();
+	if (section)
+		{
+		if (!cnf)
+			goto bad;
+		sect = X509V3_get_section(cnf, (char *)section);
+		if (!sect)
+			goto bad;
+		for (i = 0; i < sk_CONF_VALUE_num(sect); i++)
+			{
+			typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
+			if (!typ)
+				goto bad;
+			sk_ASN1_TYPE_push(sk, typ);
+			typ = NULL;
+			}
+		}
+
+	/* Now we has a STACK of the components, convert to the correct form */
+
+	if (utype == V_ASN1_SET)
+		is_set = 1;
+	else
+		is_set = 0;
+
+
+	derlen = i2d_ASN1_SET((STACK *)sk, NULL, i2d_ASN1_TYPE, utype, V_ASN1_UNIVERSAL, is_set);
+	der = OPENSSL_malloc(derlen);
+	p = der;
+	i2d_ASN1_SET((STACK *)sk, &p, i2d_ASN1_TYPE, utype, V_ASN1_UNIVERSAL, is_set);
+
+	if (!(ret = ASN1_TYPE_new()))
+		goto bad;
+
+	if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))
+		goto bad;
+
+	ret->type = utype;
+
+	ret->value.asn1_string->data = der;
+	ret->value.asn1_string->length = derlen;
+
+	der = NULL;
+
+	bad:
+
+	if (der)
+		OPENSSL_free(der);
+
+	if (sk)
+		sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
+	if (typ)
+		ASN1_TYPE_free(typ);
+	if (sect)
+		X509V3_section_free(cnf, sect);
+
+	return ret;
+	}
+
+static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok)
+	{
+	tag_exp_type *exp_tmp;
+	/* Can only have IMPLICIT if permitted */
+	if ((arg->imp_tag != -1) && !imp_ok)
+		{
+		ASN1err(ASN1_F_APPEND_TAG, ASN1_R_ILLEGAL_IMPLICIT_TAG);
+		return 0;
+		}
+
+	if (arg->exp_count == ASN1_FLAG_EXP_MAX)
+		{
+		ASN1err(ASN1_F_APPEND_TAG, ASN1_R_DEPTH_EXCEEDED);
+		return 0;
+		}
+
+	exp_tmp = &arg->exp_list[arg->exp_count++];
+
+	/* If IMPLICIT set tag to implicit value then
+	 * reset implicit tag since it has been used.
+	 */
+	if (arg->imp_tag != -1)
+		{
+		exp_tmp->exp_tag = arg->imp_tag;
+		exp_tmp->exp_class = arg->imp_class;
+		arg->imp_tag = -1;
+		arg->imp_class = -1;
+		}
+	else
+		{
+		exp_tmp->exp_tag = exp_tag;
+		exp_tmp->exp_class = exp_class;
+		}
+	exp_tmp->exp_constructed = exp_constructed;
+	exp_tmp->exp_pad = exp_pad;
+
+	return 1;
+	}
+
+
+static int asn1_str2tag(const char *tagstr, int len)
+	{
+	int i;
+	static struct tag_name_st *tntmp, tnst [] = {
+		ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
+		ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
+		ASN1_GEN_STR("NULL", V_ASN1_NULL),
+		ASN1_GEN_STR("INT", V_ASN1_INTEGER),
+		ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),
+		ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),
+		ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),
+		ASN1_GEN_STR("OID", V_ASN1_OBJECT),
+		ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),
+		ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),
+		ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),
+		ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),
+		ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),
+		ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),
+		ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),
+		ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),
+		ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),
+		ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),
+		ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),
+		ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),
+		ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),
+		ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),
+		ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),
+		ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),
+		ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),
+		ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),
+		ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),
+		ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),
+		ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),
+		ASN1_GEN_STR("T61", V_ASN1_T61STRING),
+		ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),
+		ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
+
+		/* Special cases */
+		ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
+		ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),
+		ASN1_GEN_STR("SET", V_ASN1_SET),
+		/* type modifiers */
+		/* Explicit tag */
+		ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),
+		ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),
+		/* Implicit tag */
+		ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),
+		ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),
+		/* OCTET STRING wrapper */
+		ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),
+		/* SEQUENCE wrapper */
+		ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),
+		/* SET wrapper */
+		ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SEQWRAP),
+		/* BIT STRING wrapper */
+		ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),
+		ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),
+		ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),
+	};
+
+	if (len == -1)
+		len = strlen(tagstr);
+	
+	tntmp = tnst;	
+	for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++)
+		{
+		if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))
+			return tntmp->tag;
+		}
+	
+	return -1;
+	}
+
+static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
+	{
+	ASN1_TYPE *atmp = NULL;
+
+	CONF_VALUE vtmp;
+
+	unsigned char *rdata;
+	long rdlen;
+
+	int no_unused = 1;
+
+	if (!(atmp = ASN1_TYPE_new()))
+		{
+		ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+		return NULL;
+		}
+
+	if (!str)
+		str = "";
+
+	switch(utype)
+		{
+
+		case V_ASN1_NULL:
+		if (str && *str)
+			{
+			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE);
+			goto bad_form;
+			}
+		break;
+		
+		case V_ASN1_BOOLEAN:
+		if (format != ASN1_GEN_FORMAT_ASCII)
+			{
+			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT);
+			goto bad_form;
+			}
+		vtmp.value = (char *)str;
+		if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean))
+			{
+			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN);
+			goto bad_str;
+			}
+		break;
+
+		case V_ASN1_INTEGER:
+		case V_ASN1_ENUMERATED:
+		if (format != ASN1_GEN_FORMAT_ASCII)
+			{
+			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT);
+			goto bad_form;
+			}
+		if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str)))
+			{
+			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);
+			goto bad_str;
+			}
+		break;
+
+		case V_ASN1_OBJECT:
+		if (format != ASN1_GEN_FORMAT_ASCII)
+			{
+			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT);
+			goto bad_form;
+			}
+		if (!(atmp->value.object = OBJ_txt2obj(str, 0)))
+			{
+			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT);
+			goto bad_str;
+			}
+		break;
+
+		case V_ASN1_UTCTIME:
+		case V_ASN1_GENERALIZEDTIME:
+		if (format != ASN1_GEN_FORMAT_ASCII)
+			{
+			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT);
+			goto bad_form;
+			}
+		if (!(atmp->value.asn1_string = ASN1_STRING_new()))
+			{
+			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+			goto bad_str;
+			}
+		if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1))
+			{
+			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+			goto bad_str;
+			}
+		atmp->value.asn1_string->type = utype;
+		if (!ASN1_TIME_check(atmp->value.asn1_string))
+			{
+			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE);
+			goto bad_str;
+			}
+
+		break;
+
+		case V_ASN1_BMPSTRING:
+		case V_ASN1_PRINTABLESTRING:
+		case V_ASN1_IA5STRING:
+		case V_ASN1_T61STRING:
+		case V_ASN1_UTF8STRING:
+		case V_ASN1_VISIBLESTRING:
+		case V_ASN1_UNIVERSALSTRING:
+
+		if (format == ASN1_GEN_FORMAT_ASCII)
+			format = MBSTRING_ASC;
+		else if (format == ASN1_GEN_FORMAT_UTF8)
+			format = MBSTRING_UTF8;
+		else
+			{
+			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT);
+			goto bad_form;
+			}
+
+
+		if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,
+						-1, format, ASN1_tag2bit(utype)) <= 0)
+			{
+			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+			goto bad_str;
+			}
+		
+
+		break;
+
+		case V_ASN1_BIT_STRING:
+
+		case V_ASN1_OCTET_STRING:
+
+		if (!(atmp->value.asn1_string = ASN1_STRING_new()))
+			{
+			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+			goto bad_form;
+			}
+
+		if (format == ASN1_GEN_FORMAT_HEX)
+			{
+
+			if (!(rdata = string_to_hex((char *)str, &rdlen)))
+				{
+				ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX);
+				goto bad_str;
+				}
+
+			atmp->value.asn1_string->data = rdata;
+			atmp->value.asn1_string->length = rdlen;
+			atmp->value.asn1_string->type = utype;
+
+			}
+		else if (format == ASN1_GEN_FORMAT_ASCII)
+			ASN1_STRING_set(atmp->value.asn1_string, str, -1);
+		else if ((format == ASN1_GEN_FORMAT_BITLIST) && (utype == V_ASN1_BIT_STRING))
+			{
+			if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string))
+				{
+				ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR);
+				goto bad_str;
+				}
+			no_unused = 0;
+			
+			}
+		else 
+			{
+			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT);
+			goto bad_form;
+			}
+
+		if ((utype == V_ASN1_BIT_STRING) && no_unused)
+			{
+			atmp->value.asn1_string->flags
+				&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+        		atmp->value.asn1_string->flags
+				|= ASN1_STRING_FLAG_BITS_LEFT;
+			}
+
+
+		break;
+
+		default:
+		ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE);
+		goto bad_str;
+		break;
+		}
+
+
+	atmp->type = utype;
+	return atmp;
+
+
+	bad_str:
+	ERR_add_error_data(2, "string=", str);
+	bad_form:
+
+	ASN1_TYPE_free(atmp);
+	return NULL;
+
+	}
+
+static int bitstr_cb(const char *elem, int len, void *bitstr)
+	{
+	long bitnum;
+	char *eptr;
+	if (!elem)
+		return 0;
+	bitnum = strtoul(elem, &eptr, 10);
+	if (eptr && *eptr && (eptr != elem + len))
+		return 0;
+	if (bitnum < 0)
+		{
+		ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER);
+		return 0;
+		}
+	if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1))
+		{
+		ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
+	return 1;
+	}
+
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index bc34cc4fe0..3f7b3aad2a 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -57,23 +57,16 @@
  */
 
 #include <stdio.h>
+#include <limits.h>
 #include "cryptlib.h"
-#include "asn1.h"
-#include "asn1_mac.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
 
-#ifndef NOPROTO
 static int asn1_get_length(unsigned char **pp,int *inf,long *rl,int max);
 static void asn1_put_length(unsigned char **pp, int length);
-#else
-static int asn1_get_length();
-static void asn1_put_length();
-#endif
-
-char *ASN1_version="ASN1 part of SSLeay 0.9.1a 06-Jul-1998";
+const char *ASN1_version="ASN.1" OPENSSL_VERSION_PTEXT;
 
-int ASN1_check_infinite_end(p,len)
-unsigned char **p;
-long len;
+int ASN1_check_infinite_end(unsigned char **p, long len)
 	{
 	/* If there is 0 or 1 byte left, the length check should pick
 	 * things up */
@@ -88,12 +81,8 @@ long len;
 	}
 
 
-int ASN1_get_object(pp, plength, ptag, pclass, omax)
-unsigned char **pp;
-long *plength;
-int *ptag;
-int *pclass;
-long omax;
+int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass,
+	     long omax)
 	{
 	int i,ret;
 	long l;
@@ -104,8 +93,8 @@ long omax;
 	if (!max) goto err;
 	ret=(*p&V_ASN1_CONSTRUCTED);
 	xclass=(*p&V_ASN1_PRIVATE);
-	i= *p&V_ASN1_PRIMATIVE_TAG;
-	if (i == V_ASN1_PRIMATIVE_TAG)
+	i= *p&V_ASN1_PRIMITIVE_TAG;
+	if (i == V_ASN1_PRIMITIVE_TAG)
 		{		/* high-tag */
 		p++;
 		if (--max == 0) goto err;
@@ -136,15 +125,13 @@ long omax;
 		(int)(omax+ *pp));
 
 #endif
-#if 0
-	if ((p+ *plength) > (omax+ *pp))
+	if (*plength > (omax - (p - *pp)))
 		{
 		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
 		/* Set this so that even if things are not long enough
 		 * the values are set correctly */
 		ret|=0x80;
 		}
-#endif
 	*pp=p;
 	return(ret|inf);
 err:
@@ -152,14 +139,10 @@ err:
 	return(0x80);
 	}
 
-static int asn1_get_length(pp,inf,rl,max)
-unsigned char **pp;
-int *inf;
-long *rl;
-int max;
+static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
 	{
 	unsigned char *p= *pp;
-	long ret=0;
+	unsigned long ret=0;
 	int i;
 
 	if (max-- < 1) return(0);
@@ -175,6 +158,8 @@ int max;
 		i= *p&0x7f;
 		if (*(p++) & 0x80)
 			{
+			if (i > sizeof(long))
+				return 0;
 			if (max-- == 0) return(0);
 			while (i-- > 0)
 				{
@@ -186,47 +171,55 @@ int max;
 		else
 			ret=i;
 		}
+	if (ret > LONG_MAX)
+		return 0;
 	*pp=p;
-	*rl=ret;
+	*rl=(long)ret;
 	return(1);
 	}
 
 /* class 0 is constructed
- * constructed == 2 for indefinitle length constructed */
-void ASN1_put_object(pp,constructed,length,tag,xclass)
-unsigned char **pp;
-int constructed;
-int length;
-int tag;
-int xclass;
+ * constructed == 2 for indefinite length constructed */
+void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
+	     int xclass)
 	{
 	unsigned char *p= *pp;
-	int i;
+	int i, ttag;
 
 	i=(constructed)?V_ASN1_CONSTRUCTED:0;
 	i|=(xclass&V_ASN1_PRIVATE);
 	if (tag < 31)
-		*(p++)=i|(tag&V_ASN1_PRIMATIVE_TAG);
+		*(p++)=i|(tag&V_ASN1_PRIMITIVE_TAG);
 	else
 		{
-		*(p++)=i|V_ASN1_PRIMATIVE_TAG;
-		while (tag > 0x7f)
+		*(p++)=i|V_ASN1_PRIMITIVE_TAG;
+		for(i = 0, ttag = tag; ttag > 0; i++) ttag >>=7;
+		ttag = i;
+		while(i-- > 0)
 			{
-			*(p++)=(tag&0x7f)|0x80;
-			tag>>=7;
+			p[i] = tag & 0x7f;
+			if(i != (ttag - 1)) p[i] |= 0x80;
+			tag >>= 7;
 			}
-		*(p++)=(tag&0x7f);
+		p += ttag;
 		}
-	if ((constructed == 2) && (length == 0))
-		*(p++)=0x80; /* der_put_length would output 0 instead */
+	if (constructed == 2)
+		*(p++)=0x80;
 	else
 		asn1_put_length(&p,length);
 	*pp=p;
 	}
 
-static void asn1_put_length(pp, length)
-unsigned char **pp;
-int length;
+int ASN1_put_eoc(unsigned char **pp)
+	{
+	unsigned char *p = *pp;
+	*p++ = 0;
+	*p++ = 0;
+	*pp = p;
+	return 2;
+	}
+
+static void asn1_put_length(unsigned char **pp, int length)
 	{
 	unsigned char *p= *pp;
 	int i,l;
@@ -249,10 +242,7 @@ int length;
 	*pp=p;
 	}
 
-int ASN1_object_size(constructed, length, tag)
-int constructed;
-int length;
-int tag;
+int ASN1_object_size(int constructed, int length, int tag)
 	{
 	int ret;
 
@@ -266,8 +256,8 @@ int tag;
 			ret++;
 			}
 		}
-	if ((length == 0) && (constructed == 2))
-		ret+=2;
+	if (constructed == 2)
+		return ret + 3;
 	ret++;
 	if (length > 127)
 		{
@@ -280,8 +270,7 @@ int tag;
 	return(ret);
 	}
 
-int asn1_Finish(c)
-ASN1_CTX *c;
+int asn1_Finish(ASN1_CTX *c)
 	{
 	if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos))
 		{
@@ -300,9 +289,7 @@ ASN1_CTX *c;
 	return(1);
 	}
 
-int asn1_GetSequence(c,length)
-ASN1_CTX *c;
-long *length;
+int asn1_GetSequence(ASN1_CTX *c, long *length)
 	{
 	unsigned char *q;
 
@@ -331,8 +318,7 @@ long *length;
 	return(1);
 	}
 
-ASN1_STRING *ASN1_STRING_dup(str)
-ASN1_STRING *str;
+ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *str)
 	{
 	ASN1_STRING *ret;
 
@@ -344,34 +330,33 @@ ASN1_STRING *str;
 		ASN1_STRING_free(ret);
 		return(NULL);
 		}
+	ret->flags = str->flags;
 	return(ret);
 	}
 
-int ASN1_STRING_set(str,data,len)
-ASN1_STRING *str;
-unsigned char *data;
-int len;
+int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
 	{
-	char *c;
+	unsigned char *c;
+	const char *data=_data;
 
 	if (len < 0)
 		{
 		if (data == NULL)
 			return(0);
 		else
-			len=strlen((char *)data);
+			len=strlen(data);
 		}
 	if ((str->length < len) || (str->data == NULL))
 		{
-		c=(char *)str->data;
+		c=str->data;
 		if (c == NULL)
-			str->data=(unsigned char *)Malloc(len+1);
+			str->data=OPENSSL_malloc(len+1);
 		else
-			str->data=(unsigned char *)Realloc(c,len+1);
+			str->data=OPENSSL_realloc(c,len+1);
 
 		if (str->data == NULL)
 			{
-			str->data=(unsigned char *)c;
+			str->data=c;
 			return(0);
 			}
 		}
@@ -379,24 +364,23 @@ int len;
 	if (data != NULL)
 		{
 		memcpy(str->data,data,len);
-		/* an alowance for strings :-) */
+		/* an allowance for strings :-) */
 		str->data[len]='\0';
 		}
 	return(1);
 	}
 
-ASN1_STRING *ASN1_STRING_new()
+ASN1_STRING *ASN1_STRING_new(void)
 	{
 	return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
 	}
 
 
-ASN1_STRING *ASN1_STRING_type_new(type)
-int type;
+ASN1_STRING *ASN1_STRING_type_new(int type)
 	{
 	ASN1_STRING *ret;
 
-	ret=(ASN1_STRING *)Malloc(sizeof(ASN1_STRING));
+	ret=(ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING));
 	if (ret == NULL)
 		{
 		ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW,ERR_R_MALLOC_FAILURE);
@@ -409,16 +393,14 @@ int type;
 	return(ret);
 	}
 
-void ASN1_STRING_free(a)
-ASN1_STRING *a;
+void ASN1_STRING_free(ASN1_STRING *a)
 	{
 	if (a == NULL) return;
-	if (a->data != NULL) Free((char *)a->data);
-	Free((char *)a);
+	if (a->data != NULL) OPENSSL_free(a->data);
+	OPENSSL_free(a);
 	}
 
-int ASN1_STRING_cmp(a,b)
-ASN1_STRING *a,*b;
+int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
 	{
 	int i;
 
@@ -435,14 +417,23 @@ ASN1_STRING *a,*b;
 		return(i);
 	}
 
-void asn1_add_error(address,offset)
-unsigned char *address;
-int offset;
+void asn1_add_error(unsigned char *address, int offset)
 	{
-	char buf1[16],buf2[16];
+	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
 
 	sprintf(buf1,"%lu",(unsigned long)address);
 	sprintf(buf2,"%d",offset);
 	ERR_add_error_data(4,"address=",buf1," offset=",buf2);
 	}
 
+int ASN1_STRING_length(ASN1_STRING *x)
+{ return M_ASN1_STRING_length(x); }
+
+void ASN1_STRING_length_set(ASN1_STRING *x, int len)
+{ M_ASN1_STRING_length_set(x, len); return; }
+
+int ASN1_STRING_type(ASN1_STRING *x)
+{ return M_ASN1_STRING_type(x); }
+
+unsigned char * ASN1_STRING_data(ASN1_STRING *x)
+{ return M_ASN1_STRING_data(x); }
diff --git a/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h
index 4e6115224c..a48649ceeb 100644
--- a/crypto/asn1/asn1_mac.h
+++ b/crypto/asn1/asn1_mac.h
@@ -59,27 +59,25 @@
 #ifndef HEADER_ASN1_MAC_H
 #define HEADER_ASN1_MAC_H
 
+#include <openssl/asn1.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#include "asn1.h"
-#include "x509.h"
-#include "pkcs7.h"
-
 #ifndef ASN1_MAC_ERR_LIB
 #define ASN1_MAC_ERR_LIB	ERR_LIB_ASN1
 #endif 
 
 #define ASN1_MAC_H_err(f,r,line) \
-	ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),ERR_file_name,(line))
+	ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line))
 
 #define M_ASN1_D2I_vars(a,type,func) \
 	ASN1_CTX c; \
 	type ret=NULL; \
 	\
-	c.pp=pp; \
-	c.q= *pp; \
+	c.pp=(unsigned char **)pp; \
+	c.q= *(unsigned char **)pp; \
 	c.error=ERR_R_NESTED_ASN1_ERROR; \
 	if ((a == NULL) || ((*a) == NULL)) \
 		{ if ((ret=(type)func()) == NULL) \
@@ -87,13 +85,13 @@ extern "C" {
 	else	ret=(*a);
 
 #define M_ASN1_D2I_Init() \
-	c.p= *pp; \
+	c.p= *(unsigned char **)pp; \
 	c.max=(length == 0)?0:(c.p+length);
 
 #define M_ASN1_D2I_Finish_2(a) \
 	if (!asn1_Finish(&c)) \
 		{ c.line=__LINE__; goto err; } \
-	*pp=c.p; \
+	*(unsigned char **)pp=c.p; \
 	if (a != NULL) (*a)=ret; \
 	return(ret);
 
@@ -101,13 +99,27 @@ extern "C" {
 	M_ASN1_D2I_Finish_2(a); \
 err:\
 	ASN1_MAC_H_err((e),c.error,c.line); \
-	asn1_add_error(*pp,(int)(c.q- *pp)); \
+	asn1_add_error(*(unsigned char **)pp,(int)(c.q- *pp)); \
 	if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
 	return(NULL)
 
 #define M_ASN1_D2I_start_sequence() \
 	if (!asn1_GetSequence(&c,&length)) \
 		{ c.line=__LINE__; goto err; }
+/* Begin reading ASN1 without a surrounding sequence */
+#define M_ASN1_D2I_begin() \
+	c.slen = length;
+
+/* End reading ASN1 with no check on length */
+#define M_ASN1_D2I_Finish_nolen(a, func, e) \
+	*pp=c.p; \
+	if (a != NULL) (*a)=ret; \
+	return(ret); \
+err:\
+	ASN1_MAC_H_err((e),c.error,c.line); \
+	asn1_add_error(*pp,(int)(c.q- *pp)); \
+	if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \
+	return(NULL)
 
 #define M_ASN1_D2I_end_sequence() \
 	(((c.inf&1) == 0)?(c.slen <= 0): \
@@ -134,26 +146,40 @@ err:\
 		M_ASN1_D2I_get(b,func); \
 		}
 
+#define M_ASN1_D2I_get_imp(b,func, type) \
+	M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \
+	c.q=c.p; \
+	if (func(&(b),&c.p,c.slen) == NULL) \
+		{c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \
+	c.slen-=(c.p-c.q);\
+	M_ASN1_next_prev=_tmp;
+
 #define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \
 	if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \
 		(V_ASN1_CONTEXT_SPECIFIC|(tag)))) \
 		{ \
-		unsigned char tmp; \
-		tmp=M_ASN1_next; \
-		M_ASN1_next=(tmp& ~V_ASN1_PRIMATIVE_TAG)|type; \
-		M_ASN1_D2I_get(b,func); \
-		M_ASN1_next_prev=tmp; \
+		unsigned char _tmp = M_ASN1_next; \
+		M_ASN1_D2I_get_imp(b,func, type);\
 		}
 
 #define M_ASN1_D2I_get_set(r,func,free_func) \
 		M_ASN1_D2I_get_imp_set(r,func,free_func, \
 			V_ASN1_SET,V_ASN1_UNIVERSAL);
 
+#define M_ASN1_D2I_get_set_type(type,r,func,free_func) \
+		M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \
+			V_ASN1_SET,V_ASN1_UNIVERSAL);
+
 #define M_ASN1_D2I_get_set_opt(r,func,free_func) \
 	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
 		V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
 		{ M_ASN1_D2I_get_set(r,func,free_func); }
 
+#define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \
+	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+		V_ASN1_CONSTRUCTED|V_ASN1_SET)))\
+		{ M_ASN1_D2I_get_set_type(type,r,func,free_func); }
+
 #define M_ASN1_I2D_len_SET_opt(a,f) \
 	if ((a != NULL) && (sk_num(a) != 0)) \
 		M_ASN1_I2D_len_SET(a,f);
@@ -162,6 +188,14 @@ err:\
 	if ((a != NULL) && (sk_num(a) != 0)) \
 		M_ASN1_I2D_put_SET(a,f);
 
+#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
+	if ((a != NULL) && (sk_num(a) != 0)) \
+		M_ASN1_I2D_put_SEQUENCE(a,f);
+
+#define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \
+	if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+		M_ASN1_I2D_put_SEQUENCE_type(type,a,f);
+
 #define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \
 	if ((c.slen != 0) && \
 		(M_ASN1_next == \
@@ -171,19 +205,41 @@ err:\
 			tag,V_ASN1_CONTEXT_SPECIFIC); \
 		}
 
+#define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \
+	if ((c.slen != 0) && \
+		(M_ASN1_next == \
+		(V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\
+		{ \
+		M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\
+			tag,V_ASN1_CONTEXT_SPECIFIC); \
+		}
+
 #define M_ASN1_D2I_get_seq(r,func,free_func) \
 		M_ASN1_D2I_get_imp_set(r,func,free_func,\
 			V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
 
+#define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \
+		M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
+					    V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL)
+
 #define M_ASN1_D2I_get_seq_opt(r,func,free_func) \
 	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
 		V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
 		{ M_ASN1_D2I_get_seq(r,func,free_func); }
 
+#define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \
+	if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \
+		V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\
+		{ M_ASN1_D2I_get_seq_type(type,r,func,free_func); }
+
 #define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \
 		M_ASN1_D2I_get_imp_set(r,func,free_func,\
 			x,V_ASN1_CONTEXT_SPECIFIC);
 
+#define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \
+		M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\
+			x,V_ASN1_CONTEXT_SPECIFIC);
+
 #define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \
 	c.q=c.p; \
 	if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\
@@ -191,6 +247,13 @@ err:\
 		{ c.line=__LINE__; goto err; } \
 	c.slen-=(c.p-c.q);
 
+#define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \
+	c.q=c.p; \
+	if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\
+				   free_func,a,b) == NULL) \
+		{ c.line=__LINE__; goto err; } \
+	c.slen-=(c.p-c.q);
+
 #define M_ASN1_D2I_get_set_strings(r,func,a,b) \
 	c.q=c.p; \
 	if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \
@@ -209,8 +272,16 @@ err:\
 		if (Tinf & 0x80) \
 			{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
 			c.line=__LINE__; goto err; } \
+		if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
+					Tlen = c.slen - (c.p - c.q) - 2; \
 		if (func(&(r),&c.p,Tlen) == NULL) \
 			{ c.line=__LINE__; goto err; } \
+		if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
+			Tlen = c.slen - (c.p - c.q); \
+			if(!ASN1_check_infinite_end(&c.p, Tlen)) \
+				{ c.error=ERR_R_MISSING_ASN1_EOS; \
+				c.line=__LINE__; goto err; } \
+		}\
 		c.slen-=(c.p-c.q); \
 		}
 
@@ -226,16 +297,50 @@ err:\
 		if (Tinf & 0x80) \
 			{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
 			c.line=__LINE__; goto err; } \
+		if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
+					Tlen = c.slen - (c.p - c.q) - 2; \
 		if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \
 			(void (*)())free_func, \
 			b,V_ASN1_UNIVERSAL) == NULL) \
 			{ c.line=__LINE__; goto err; } \
+		if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
+			Tlen = c.slen - (c.p - c.q); \
+			if(!ASN1_check_infinite_end(&c.p, Tlen)) \
+				{ c.error=ERR_R_MISSING_ASN1_EOS; \
+				c.line=__LINE__; goto err; } \
+		}\
+		c.slen-=(c.p-c.q); \
+		}
+
+#define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \
+	if ((c.slen != 0) && (M_ASN1_next == \
+		(V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \
+		{ \
+		int Tinf,Ttag,Tclass; \
+		long Tlen; \
+		\
+		c.q=c.p; \
+		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \
+		if (Tinf & 0x80) \
+			{ c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \
+			c.line=__LINE__; goto err; } \
+		if (Tinf == (V_ASN1_CONSTRUCTED+1)) \
+					Tlen = c.slen - (c.p - c.q) - 2; \
+		if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \
+			free_func,b,V_ASN1_UNIVERSAL) == NULL) \
+			{ c.line=__LINE__; goto err; } \
+		if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \
+			Tlen = c.slen - (c.p - c.q); \
+			if(!ASN1_check_infinite_end(&c.p, Tlen)) \
+				{ c.error=ERR_R_MISSING_ASN1_EOS; \
+				c.line=__LINE__; goto err; } \
+		}\
 		c.slen-=(c.p-c.q); \
 		}
 
 /* New macros */
 #define M_ASN1_New_Malloc(ret,type) \
-	if ((ret=(type *)Malloc(sizeof(type))) == NULL) \
+	if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \
 		{ c.line=__LINE__; goto err2; }
 
 #define M_ASN1_New(arg,func) \
@@ -262,21 +367,59 @@ err:\
 #define M_ASN1_I2D_len_IMP_opt(a,f)	if (a != NULL) M_ASN1_I2D_len(a,f)
 
 #define M_ASN1_I2D_len_SET(a,f) \
-		ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL);
+		ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
 
-#define M_ASN1_I2D_len_SEQ(a,f) \
-		ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+#define M_ASN1_I2D_len_SET_type(type,a,f) \
+		ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \
+					    V_ASN1_UNIVERSAL,IS_SET);
 
-#define M_ASN1_I2D_len_SEQ_opt(a,f) \
+#define M_ASN1_I2D_len_SEQUENCE(a,f) \
+		ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
+				  IS_SEQUENCE);
+
+#define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \
+		ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \
+					    V_ASN1_UNIVERSAL,IS_SEQUENCE)
+
+#define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \
 		if ((a != NULL) && (sk_num(a) != 0)) \
-			M_ASN1_I2D_len_SEQ(a,f);
+			M_ASN1_I2D_len_SEQUENCE(a,f);
+
+#define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \
+		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+			M_ASN1_I2D_len_SEQUENCE_type(type,a,f);
 
-#define M_ASN1_I2D_len_IMP_set(a,f,x) \
-		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC);
+#define M_ASN1_I2D_len_IMP_SET(a,f,x) \
+		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET);
 
-#define M_ASN1_I2D_len_IMP_set_opt(a,f,x) \
+#define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \
+		ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
+					    V_ASN1_CONTEXT_SPECIFIC,IS_SET);
+
+#define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \
 		if ((a != NULL) && (sk_num(a) != 0)) \
-			ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC);
+			ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+					  IS_SET);
+
+#define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \
+		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+			ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
+					       V_ASN1_CONTEXT_SPECIFIC,IS_SET);
+
+#define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \
+		ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+				  IS_SEQUENCE);
+
+#define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \
+		if ((a != NULL) && (sk_num(a) != 0)) \
+			ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+					  IS_SEQUENCE);
+
+#define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \
+		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+			ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \
+						    V_ASN1_CONTEXT_SPECIFIC, \
+						    IS_SEQUENCE);
 
 #define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \
 		if (a != NULL)\
@@ -285,10 +428,27 @@ err:\
 			ret+=ASN1_object_size(1,v,mtag); \
 			}
 
-#define M_ASN1_I2D_len_EXP_set_opt(a,f,mtag,tag,v) \
+#define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \
+		if ((a != NULL) && (sk_num(a) != 0))\
+			{ \
+			v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
+			ret+=ASN1_object_size(1,v,mtag); \
+			}
+
+#define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
 		if ((a != NULL) && (sk_num(a) != 0))\
 			{ \
-			v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL); \
+			v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \
+				       IS_SEQUENCE); \
+			ret+=ASN1_object_size(1,v,mtag); \
+			}
+
+#define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
+		if ((a != NULL) && (sk_##type##_num(a) != 0))\
+			{ \
+			v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \
+						 V_ASN1_UNIVERSAL, \
+						 IS_SEQUENCE); \
 			ret+=ASN1_object_size(1,v,mtag); \
 			}
 
@@ -304,20 +464,48 @@ err:\
 			}
 
 #define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\
-			V_ASN1_UNIVERSAL)
-#define M_ASN1_I2D_put_IMP_set(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
-			V_ASN1_CONTEXT_SPECIFIC)
-
-#define M_ASN1_I2D_put_SEQ(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\
-			V_ASN1_UNIVERSAL)
+			V_ASN1_UNIVERSAL,IS_SET)
+#define M_ASN1_I2D_put_SET_type(type,a,f) \
+     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET)
+#define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
+			V_ASN1_CONTEXT_SPECIFIC,IS_SET)
+#define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \
+     i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET)
+#define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\
+			V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE)
+
+#define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\
+					     V_ASN1_UNIVERSAL,IS_SEQUENCE)
+
+#define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \
+     i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \
+			    IS_SEQUENCE)
+
+#define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \
+		if ((a != NULL) && (sk_num(a) != 0)) \
+			M_ASN1_I2D_put_SEQUENCE(a,f);
 
-#define M_ASN1_I2D_put_SEQ_opt(a,f) \
+#define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \
 		if ((a != NULL) && (sk_num(a) != 0)) \
-			M_ASN1_I2D_put_SEQ(a,f);
+			{ i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+				       IS_SET); }
 
-#define M_ASN1_I2D_put_IMP_set_opt(a,f,x) \
+#define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \
+		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+			{ i2d_ASN1_SET_OF_##type(a,&p,f,x, \
+						 V_ASN1_CONTEXT_SPECIFIC, \
+						 IS_SET); }
+
+#define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \
 		if ((a != NULL) && (sk_num(a) != 0)) \
-			{ i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC); }
+			{ i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \
+				       IS_SEQUENCE); }
+
+#define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \
+		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+			{ i2d_ASN1_SET_OF_##type(a,&p,f,x, \
+						 V_ASN1_CONTEXT_SPECIFIC, \
+						 IS_SEQUENCE); }
 
 #define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \
 		if (a != NULL) \
@@ -326,11 +514,26 @@ err:\
 			f(a,&p); \
 			}
 
-#define M_ASN1_I2D_put_EXP_set_opt(a,f,mtag,tag,v) \
+#define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \
 		if ((a != NULL) && (sk_num(a) != 0)) \
 			{ \
 			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
-			i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL); \
+			i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \
+			}
+
+#define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \
+		if ((a != NULL) && (sk_num(a) != 0)) \
+			{ \
+			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+			i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \
+			}
+
+#define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \
+		if ((a != NULL) && (sk_##type##_num(a) != 0)) \
+			{ \
+			ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \
+			i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \
+					       IS_SEQUENCE); \
 			}
 
 #define M_ASN1_I2D_seq_total() \
@@ -348,14 +551,8 @@ err:\
 #define M_ASN1_I2D_finish()	*pp=p; \
 				return(r);
 
-#ifndef NOPROTO
 int asn1_GetSequence(ASN1_CTX *c, long *length);
 void asn1_add_error(unsigned char *address,int offset);
-#else 
-int asn1_GetSequence();
-void asn1_add_error();
-#endif
-
 #ifdef  __cplusplus
 }
 #endif
diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c
index af71b1a85d..d64edbd797 100644
--- a/crypto/asn1/asn1_par.c
+++ b/crypto/asn1/asn1_par.c
@@ -58,42 +58,28 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
 
-#ifndef NOPROTO
 static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
 	int indent);
 static int asn1_parse2(BIO *bp, unsigned char **pp, long length,
-	int offset, int depth, int indent);
-#else
-static int asn1_print_info();
-static int asn1_parse2();
-#endif
-
-static int asn1_print_info(bp, tag, xclass, constructed,indent)
-BIO *bp;
-int tag;
-int xclass;
-int constructed;
-int indent;
+	int offset, int depth, int indent, int dump);
+static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
+	     int indent)
 	{
-	static char *fmt="%-18s";
-	static char *fmt2="%2d %-15s";
-	char *p,str[128],*p2=NULL;
+	static const char fmt[]="%-18s";
+	static const char fmt2[]="%2d %-15s";
+	char str[128];
+	const char *p,*p2=NULL;
 
 	if (constructed & V_ASN1_CONSTRUCTED)
 		p="cons: ";
 	else
 		p="prim: ";
 	if (BIO_write(bp,p,6) < 6) goto err;
-	if (indent)
-		{
-		if (indent > 128) indent=128;
-		memset(str,' ',indent);
-		if (BIO_write(bp,str,indent) < indent) goto err;
-		}
+	BIO_indent(bp,indent,128);
 
 	p=str;
 	if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
@@ -102,53 +88,8 @@ int indent;
 		sprintf(str,"cont [ %d ]",tag);
 	else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
 		sprintf(str,"appl [ %d ]",tag);
-	else if ((tag == V_ASN1_EOC) /* && (xclass == V_ASN1_UNIVERSAL) */)
-		p="EOC";
-	else if (tag == V_ASN1_BOOLEAN)
-		p="BOOLEAN";
-	else if (tag == V_ASN1_INTEGER)
-		p="INTEGER";
-	else if (tag == V_ASN1_BIT_STRING)
-		p="BIT STRING";
-	else if (tag == V_ASN1_OCTET_STRING)
-		p="OCTET STRING";
-	else if (tag == V_ASN1_NULL)
-		p="NULL";
-	else if (tag == V_ASN1_OBJECT)
-		p="OBJECT";
-	else if (tag == V_ASN1_SEQUENCE)
-		p="SEQUENCE";
-	else if (tag == V_ASN1_SET)
-		p="SET";
-	else if (tag == V_ASN1_PRINTABLESTRING)
-		p="PRINTABLESTRING";
-	else if (tag == V_ASN1_T61STRING)
-		p="T61STRING";
-	else if (tag == V_ASN1_IA5STRING)
-		p="IA5STRING";
-	else if (tag == V_ASN1_UTCTIME)
-		p="UTCTIME";
+	else p = ASN1_tag2str(tag);
 
-	/* extras */
-	else if (tag == V_ASN1_NUMERICSTRING)
-		p="NUMERICSTRING";
-	else if (tag == V_ASN1_VIDEOTEXSTRING)
-		p="VIDEOTEXSTRING";
-	else if (tag == V_ASN1_GENERALIZEDTIME)
-		p="GENERALIZEDTIME";
-	else if (tag == V_ASN1_GRAPHICSTRING)
-		p="GRAPHICSTRING";
-	else if (tag == V_ASN1_ISO64STRING)
-		p="ISO64STRING";
-	else if (tag == V_ASN1_GENERALSTRING)
-		p="GENERALSTRING";
-	else if (tag == V_ASN1_UNIVERSALSTRING)
-		p="UNIVERSALSTRING";
-	else if (tag == V_ASN1_BMPSTRING)
-		p="BMPSTRING";
-	else
-		p2="(unknown)";
-		
 	if (p2 != NULL)
 		{
 		if (BIO_printf(bp,fmt2,tag,p2) <= 0) goto err;
@@ -162,22 +103,18 @@ err:
 	return(0);
 	}
 
-int ASN1_parse(bp, pp, len, indent)
-BIO *bp;
-unsigned char *pp;
-long len;
-int indent;
+int ASN1_parse(BIO *bp, unsigned char *pp, long len, int indent)
+	{
+	return(asn1_parse2(bp,&pp,len,0,0,indent,0));
+	}
+
+int ASN1_parse_dump(BIO *bp, unsigned char *pp, long len, int indent, int dump)
 	{
-	return(asn1_parse2(bp,&pp,len,0,0,indent));
+	return(asn1_parse2(bp,&pp,len,0,0,indent,dump));
 	}
 
-static int asn1_parse2(bp, pp, length, offset, depth, indent)
-BIO *bp;
-unsigned char **pp;
-long length;
-int offset;
-int depth;
-int indent;
+static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset,
+	     int depth, int indent, int dump)
 	{
 	unsigned char *p,*ep,*tot,*op,*opp;
 	long len;
@@ -186,7 +123,13 @@ int indent;
 	ASN1_OBJECT *o=NULL;
 	ASN1_OCTET_STRING *os=NULL;
 	/* ASN1_BMPSTRING *bmp=NULL;*/
+	int dump_indent;
 
+#if 0
+	dump_indent = indent;
+#else
+	dump_indent = 6;	/* Because we know BIO_dump_indent() */
+#endif
 	p= *pp;
 	tot=p+length;
 	op=p-1;
@@ -241,7 +184,7 @@ int indent;
 					{
 					r=asn1_parse2(bp,&p,(long)(tot-p),
 						offset+(p - *pp),depth+1,
-						indent);
+						indent,dump);
 					if (r == 0) { ret=0; goto end; }
 					if ((r == 2) || (p >= tot)) break;
 					}
@@ -251,7 +194,7 @@ int indent;
 					{
 					r=asn1_parse2(bp,&p,(long)len,
 						offset+(p - *pp),depth+1,
-						indent);
+						indent,dump);
 					if (r == 0) { ret=0; goto end; }
 					}
 			}
@@ -266,6 +209,7 @@ int indent;
 			if (	(tag == V_ASN1_PRINTABLESTRING) ||
 				(tag == V_ASN1_T61STRING) ||
 				(tag == V_ASN1_IA5STRING) ||
+				(tag == V_ASN1_VISIBLESTRING) ||
 				(tag == V_ASN1_UTCTIME) ||
 				(tag == V_ASN1_GENERALIZEDTIME))
 				{
@@ -312,9 +256,11 @@ int indent;
 
 				opp=op;
 				os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl);
-				if (os != NULL)
+				if (os != NULL && os->length > 0)
 					{
-					opp=os->data;
+					opp = os->data;
+					/* testing whether the octet string is
+					 * printable */
 					for (i=0; i<os->length; i++)
 						{
 						if ((	(opp[i] < ' ') &&
@@ -327,7 +273,8 @@ int indent;
 							break;
 							}
 						}
-					if (printable && (os->length > 0))
+					if (printable)
+					/* printable string */
 						{
 						if (BIO_write(bp,":",1) <= 0)
 							goto end;
@@ -335,7 +282,38 @@ int indent;
 							os->length) <= 0)
 							goto end;
 						}
-					ASN1_OCTET_STRING_free(os);
+					else if (!dump)
+					/* not printable => print octet string
+					 * as hex dump */
+						{
+						if (BIO_write(bp,"[HEX DUMP]:",11) <= 0)
+							goto end;
+						for (i=0; i<os->length; i++)
+							{
+							if (BIO_printf(bp,"%02X"
+								, opp[i]) <= 0)
+								goto end;
+							}
+						}
+					else
+					/* print the normal dump */
+						{
+						if (!nl) 
+							{
+							if (BIO_write(bp,"\n",1) <= 0)
+								goto end;
+							}
+						if (BIO_dump_indent(bp,(char *)opp,
+							((dump == -1 || dump > 
+							os->length)?os->length:dump),
+							dump_indent) <= 0)
+							goto end;
+						nl=1;
+						}
+					}
+				if (os != NULL)
+					{
+					M_ASN1_OCTET_STRING_free(os);
 					os=NULL;
 					}
 				}
@@ -369,7 +347,52 @@ int indent;
 					if (BIO_write(bp,"BAD INTEGER",11) <= 0)
 						goto end;
 					}
-				ASN1_INTEGER_free(bs);
+				M_ASN1_INTEGER_free(bs);
+				}
+			else if (tag == V_ASN1_ENUMERATED)
+				{
+				ASN1_ENUMERATED *bs;
+				int i;
+
+				opp=op;
+				bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl);
+				if (bs != NULL)
+					{
+					if (BIO_write(bp,":",1) <= 0) goto end;
+					if (bs->type == V_ASN1_NEG_ENUMERATED)
+						if (BIO_write(bp,"-",1) <= 0)
+							goto end;
+					for (i=0; i<bs->length; i++)
+						{
+						if (BIO_printf(bp,"%02X",
+							bs->data[i]) <= 0)
+							goto end;
+						}
+					if (bs->length == 0)
+						{
+						if (BIO_write(bp,"00",2) <= 0)
+							goto end;
+						}
+					}
+				else
+					{
+					if (BIO_write(bp,"BAD ENUMERATED",11) <= 0)
+						goto end;
+					}
+				M_ASN1_ENUMERATED_free(bs);
+				}
+			else if (len > 0 && dump)
+				{
+				if (!nl) 
+					{
+					if (BIO_write(bp,"\n",1) <= 0)
+						goto end;
+					}
+				if (BIO_dump_indent(bp,(char *)p,
+					((dump == -1 || dump > len)?len:dump),
+					dump_indent) <= 0)
+					goto end;
+				nl=1;
 				}
 
 			if (!nl) 
@@ -388,7 +411,28 @@ int indent;
 	ret=1;
 end:
 	if (o != NULL) ASN1_OBJECT_free(o);
-	if (os != NULL) ASN1_OCTET_STRING_free(os);
+	if (os != NULL) M_ASN1_OCTET_STRING_free(os);
 	*pp=p;
 	return(ret);
 	}
+
+const char *ASN1_tag2str(int tag)
+{
+	const static char *tag2str[] = {
+	 "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */
+	 "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */
+	 "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>", 	    /* 10-13 */
+	"<ASN1 14>", "<ASN1 15>", "SEQUENCE", "SET", 		    /* 15-17 */
+	"NUMERICSTRING", "PRINTABLESTRING", "T61STRING",	    /* 18-20 */
+	"VIDEOTEXSTRING", "IA5STRING", "UTCTIME","GENERALIZEDTIME", /* 21-24 */
+	"GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING",	    /* 25-27 */
+	"UNIVERSALSTRING", "<ASN1 29>", "BMPSTRING"		    /* 28-30 */
+	};
+
+	if((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED))
+							tag &= ~0x100;
+
+	if(tag < 0 || tag > 30) return "(unknown)";
+	return tag2str[tag];
+}
+
diff --git a/crypto/asn1/asn1t.h b/crypto/asn1/asn1t.h
new file mode 100644
index 0000000000..479225bea0
--- /dev/null
+++ b/crypto/asn1/asn1t.h
@@ -0,0 +1,884 @@
+/* asn1t.h */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_ASN1T_H
+#define HEADER_ASN1T_H
+
+#include <stddef.h>
+#include <openssl/e_os2.h>
+#include <openssl/asn1.h>
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
+/* ASN1 template defines, structures and functions */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
+
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+#define ASN1_ITEM_start(itname) \
+	OPENSSL_GLOBAL const ASN1_ITEM itname##_it = {
+
+#define ASN1_ITEM_end(itname) \
+		};
+
+#else
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr()))
+
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+#define ASN1_ITEM_start(itname) \
+	const ASN1_ITEM * itname##_it(void) \
+	{ \
+		static const ASN1_ITEM local_it = { \
+
+#define ASN1_ITEM_end(itname) \
+		}; \
+	return &local_it; \
+	}
+
+#endif
+
+
+/* Macros to aid ASN1 template writing */
+
+#define ASN1_ITEM_TEMPLATE(tname) \
+	static const ASN1_TEMPLATE tname##_item_tt 
+
+#define ASN1_ITEM_TEMPLATE_END(tname) \
+	;\
+	ASN1_ITEM_start(tname) \
+		ASN1_ITYPE_PRIMITIVE,\
+		-1,\
+		&tname##_item_tt,\
+		0,\
+		NULL,\
+		0,\
+		#tname \
+	ASN1_ITEM_end(tname)
+
+
+/* This is a ASN1 type which just embeds a template */
+ 
+/* This pair helps declare a SEQUENCE. We can do:
+ *
+ * 	ASN1_SEQUENCE(stname) = {
+ * 		... SEQUENCE components ...
+ * 	} ASN1_SEQUENCE_END(stname)
+ *
+ * 	This will produce an ASN1_ITEM called stname_it
+ *	for a structure called stname.
+ *
+ * 	If you want the same structure but a different
+ *	name then use:
+ *
+ * 	ASN1_SEQUENCE(itname) = {
+ * 		... SEQUENCE components ...
+ * 	} ASN1_SEQUENCE_END_name(stname, itname)
+ *
+ *	This will create an item called itname_it using
+ *	a structure called stname.
+ */
+
+#define ASN1_SEQUENCE(tname) \
+	static const ASN1_TEMPLATE tname##_seq_tt[] 
+
+#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
+
+#define ASN1_SEQUENCE_END_name(stname, tname) \
+	;\
+	ASN1_ITEM_start(tname) \
+		ASN1_ITYPE_SEQUENCE,\
+		V_ASN1_SEQUENCE,\
+		tname##_seq_tt,\
+		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+		NULL,\
+		sizeof(stname),\
+		#stname \
+	ASN1_ITEM_end(tname)
+
+#define ASN1_NDEF_SEQUENCE(tname) \
+	ASN1_SEQUENCE(tname)
+
+#define ASN1_SEQUENCE_cb(tname, cb) \
+	static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+	ASN1_SEQUENCE(tname)
+
+#define ASN1_BROKEN_SEQUENCE(tname) \
+	static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
+	ASN1_SEQUENCE(tname)
+
+#define ASN1_SEQUENCE_ref(tname, cb, lck) \
+	static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \
+	ASN1_SEQUENCE(tname)
+
+#define ASN1_SEQUENCE_enc(tname, enc, cb) \
+	static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
+	ASN1_SEQUENCE(tname)
+
+#define ASN1_NDEF_SEQUENCE_END(tname) \
+	;\
+	ASN1_ITEM_start(tname) \
+		ASN1_ITYPE_NDEF_SEQUENCE,\
+		V_ASN1_SEQUENCE,\
+		tname##_seq_tt,\
+		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+		NULL,\
+		sizeof(tname),\
+		#tname \
+	ASN1_ITEM_end(tname)
+
+#define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
+
+#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+
+#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+
+#define ASN1_SEQUENCE_END_ref(stname, tname) \
+	;\
+	ASN1_ITEM_start(tname) \
+		ASN1_ITYPE_SEQUENCE,\
+		V_ASN1_SEQUENCE,\
+		tname##_seq_tt,\
+		sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+		&tname##_aux,\
+		sizeof(stname),\
+		#stname \
+	ASN1_ITEM_end(tname)
+
+
+/* This pair helps declare a CHOICE type. We can do:
+ *
+ * 	ASN1_CHOICE(chname) = {
+ * 		... CHOICE options ...
+ * 	ASN1_CHOICE_END(chname)
+ *
+ * 	This will produce an ASN1_ITEM called chname_it
+ *	for a structure called chname. The structure
+ *	definition must look like this:
+ *	typedef struct {
+ *		int type;
+ *		union {
+ *			ASN1_SOMETHING *opt1;
+ *			ASN1_SOMEOTHER *opt2;
+ *		} value;
+ *	} chname;
+ *	
+ *	the name of the selector must be 'type'.
+ * 	to use an alternative selector name use the
+ *      ASN1_CHOICE_END_selector() version.
+ */
+
+#define ASN1_CHOICE(tname) \
+	static const ASN1_TEMPLATE tname##_ch_tt[] 
+
+#define ASN1_CHOICE_cb(tname, cb) \
+	static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+	ASN1_CHOICE(tname)
+
+#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
+
+#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
+
+#define ASN1_CHOICE_END_selector(stname, tname, selname) \
+	;\
+	ASN1_ITEM_start(tname) \
+		ASN1_ITYPE_CHOICE,\
+		offsetof(stname,selname) ,\
+		tname##_ch_tt,\
+		sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+		NULL,\
+		sizeof(stname),\
+		#stname \
+	ASN1_ITEM_end(tname)
+
+#define ASN1_CHOICE_END_cb(stname, tname, selname) \
+	;\
+	ASN1_ITEM_start(tname) \
+		ASN1_ITYPE_CHOICE,\
+		offsetof(stname,selname) ,\
+		tname##_ch_tt,\
+		sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+		&tname##_aux,\
+		sizeof(stname),\
+		#stname \
+	ASN1_ITEM_end(tname)
+
+/* This helps with the template wrapper form of ASN1_ITEM */
+
+#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
+	(flags), (tag), 0,\
+	#name, ASN1_ITEM_ref(type) }
+
+/* These help with SEQUENCE or CHOICE components */
+
+/* used to declare other types */
+
+#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
+	(flags), (tag), offsetof(stname, field),\
+	#field, ASN1_ITEM_ref(type) }
+
+/* used when the structure is combined with the parent */
+
+#define ASN1_EX_COMBINE(flags, tag, type) { \
+	(flags)|ASN1_TFLG_COMBINE, (tag), 0, NULL, ASN1_ITEM_ref(type) }
+
+/* implicit and explicit helper macros */
+
+#define ASN1_IMP_EX(stname, field, type, tag, ex) \
+		ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)
+
+#define ASN1_EXP_EX(stname, field, type, tag, ex) \
+		ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)
+
+/* Any defined by macros: the field used is in the table itself */
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+#else
+#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb }
+#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb }
+#endif
+/* Plain simple type */
+#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
+
+/* OPTIONAL simple type */
+#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* IMPLICIT tagged simple type */
+#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
+
+/* IMPLICIT tagged OPTIONAL simple type */
+#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+
+/* Same as above but EXPLICIT */
+
+#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
+#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+
+/* SEQUENCE OF type */
+#define ASN1_SEQUENCE_OF(stname, field, type) \
+		ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
+
+/* OPTIONAL SEQUENCE OF */
+#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
+		ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Same as above but for SET OF */
+
+#define ASN1_SET_OF(stname, field, type) \
+		ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
+
+#define ASN1_SET_OF_OPT(stname, field, type) \
+		ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */
+
+#define ASN1_IMP_SET_OF(stname, field, type, tag) \
+			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+#define ASN1_EXP_SET_OF(stname, field, type, tag) \
+			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \
+			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \
+			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \
+			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+			ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \
+			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+/* EXPLICIT OPTIONAL using indefinite length constructed form */
+#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \
+			ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)
+
+/* Macros for the ASN1_ADB structure */
+
+#define ASN1_ADB(name) \
+	static const ASN1_ADB_TABLE name##_adbtbl[] 
+
+#ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
+	;\
+	static const ASN1_ADB name##_adb = {\
+		flags,\
+		offsetof(name, field),\
+		app_table,\
+		name##_adbtbl,\
+		sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+		def,\
+		none\
+	}
+
+#else
+
+#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
+	;\
+	static const ASN1_ITEM *name##_adb(void) \
+	{ \
+	static const ASN1_ADB internal_adb = \
+		{\
+		flags,\
+		offsetof(name, field),\
+		app_table,\
+		name##_adbtbl,\
+		sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+		def,\
+		none\
+		}; \
+		return (const ASN1_ITEM *) &internal_adb; \
+	} \
+	void dummy_function(void)
+
+#endif
+
+#define ADB_ENTRY(val, template) {val, template}
+
+#define ASN1_ADB_TEMPLATE(name) \
+	static const ASN1_TEMPLATE name##_tt 
+
+/* This is the ASN1 template structure that defines
+ * a wrapper round the actual type. It determines the
+ * actual position of the field in the value structure,
+ * various flags such as OPTIONAL and the field name.
+ */
+
+struct ASN1_TEMPLATE_st {
+unsigned long flags;		/* Various flags */
+long tag;			/* tag, not used if no tagging */
+unsigned long offset;		/* Offset of this field in structure */
+#ifndef NO_ASN1_FIELD_NAMES
+char *field_name;		/* Field name */
+#endif
+ASN1_ITEM_EXP *item;		/* Relevant ASN1_ITEM or ASN1_ADB */
+};
+
+/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
+
+#define ASN1_TEMPLATE_item(t) (t->item_ptr)
+#define ASN1_TEMPLATE_adb(t) (t->item_ptr)
+
+typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;
+typedef struct ASN1_ADB_st ASN1_ADB;
+
+struct ASN1_ADB_st {
+	unsigned long flags;	/* Various flags */
+	unsigned long offset;	/* Offset of selector field */
+	STACK_OF(ASN1_ADB_TABLE) **app_items; /* Application defined items */
+	const ASN1_ADB_TABLE *tbl;	/* Table of possible types */
+	long tblcount;		/* Number of entries in tbl */
+	const ASN1_TEMPLATE *default_tt;  /* Type to use if no match */
+	const ASN1_TEMPLATE *null_tt;  /* Type to use if selector is NULL */
+};
+
+struct ASN1_ADB_TABLE_st {
+	long value;		/* NID for an object or value for an int */
+	const ASN1_TEMPLATE tt;		/* item for this value */
+};
+
+/* template flags */
+
+/* Field is optional */
+#define ASN1_TFLG_OPTIONAL	(0x1)
+
+/* Field is a SET OF */
+#define ASN1_TFLG_SET_OF	(0x1 << 1)
+
+/* Field is a SEQUENCE OF */
+#define ASN1_TFLG_SEQUENCE_OF	(0x2 << 1)
+
+/* Special case: this refers to a SET OF that
+ * will be sorted into DER order when encoded *and*
+ * the corresponding STACK will be modified to match
+ * the new order.
+ */
+#define ASN1_TFLG_SET_ORDER	(0x3 << 1)
+
+/* Mask for SET OF or SEQUENCE OF */
+#define ASN1_TFLG_SK_MASK	(0x3 << 1)
+
+/* These flags mean the tag should be taken from the
+ * tag field. If EXPLICIT then the underlying type
+ * is used for the inner tag.
+ */
+
+/* IMPLICIT tagging */
+#define ASN1_TFLG_IMPTAG	(0x1 << 3)
+
+
+/* EXPLICIT tagging, inner tag from underlying type */
+#define ASN1_TFLG_EXPTAG	(0x2 << 3)
+
+#define ASN1_TFLG_TAG_MASK	(0x3 << 3)
+
+/* context specific IMPLICIT */
+#define ASN1_TFLG_IMPLICIT	ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT
+
+/* context specific EXPLICIT */
+#define ASN1_TFLG_EXPLICIT	ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT
+
+/* If tagging is in force these determine the
+ * type of tag to use. Otherwise the tag is
+ * determined by the underlying type. These 
+ * values reflect the actual octet format.
+ */
+
+/* Universal tag */ 
+#define ASN1_TFLG_UNIVERSAL	(0x0<<6)
+/* Application tag */ 
+#define ASN1_TFLG_APPLICATION	(0x1<<6)
+/* Context specific tag */ 
+#define ASN1_TFLG_CONTEXT	(0x2<<6)
+/* Private tag */ 
+#define ASN1_TFLG_PRIVATE	(0x3<<6)
+
+#define ASN1_TFLG_TAG_CLASS	(0x3<<6)
+
+/* These are for ANY DEFINED BY type. In this case
+ * the 'item' field points to an ASN1_ADB structure
+ * which contains a table of values to decode the
+ * relevant type
+ */
+
+#define ASN1_TFLG_ADB_MASK	(0x3<<8)
+
+#define ASN1_TFLG_ADB_OID	(0x1<<8)
+
+#define ASN1_TFLG_ADB_INT	(0x1<<9)
+
+/* This flag means a parent structure is passed
+ * instead of the field: this is useful is a
+ * SEQUENCE is being combined with a CHOICE for
+ * example. Since this means the structure and
+ * item name will differ we need to use the
+ * ASN1_CHOICE_END_name() macro for example.
+ */
+
+#define ASN1_TFLG_COMBINE	(0x1<<10)
+
+/* This flag when present in a SEQUENCE OF, SET OF
+ * or EXPLICIT causes indefinite length constructed
+ * encoding to be used if required.
+ */
+
+#define ASN1_TFLG_NDEF		(0x1<<11)
+
+/* This is the actual ASN1 item itself */
+
+struct ASN1_ITEM_st {
+char itype;			/* The item type, primitive, SEQUENCE, CHOICE or extern */
+long utype;			/* underlying type */
+const ASN1_TEMPLATE *templates;	/* If SEQUENCE or CHOICE this contains the contents */
+long tcount;			/* Number of templates if SEQUENCE or CHOICE */
+const void *funcs;		/* functions that handle this type */
+long size;			/* Structure size (usually)*/
+#ifndef NO_ASN1_FIELD_NAMES
+const char *sname;		/* Structure name */
+#endif
+};
+
+/* These are values for the itype field and
+ * determine how the type is interpreted.
+ *
+ * For PRIMITIVE types the underlying type
+ * determines the behaviour if items is NULL.
+ *
+ * Otherwise templates must contain a single 
+ * template and the type is treated in the
+ * same way as the type specified in the template.
+ *
+ * For SEQUENCE types the templates field points
+ * to the members, the size field is the
+ * structure size.
+ *
+ * For CHOICE types the templates field points
+ * to each possible member (typically a union)
+ * and the 'size' field is the offset of the
+ * selector.
+ *
+ * The 'funcs' field is used for application
+ * specific functions. 
+ *
+ * For COMPAT types the funcs field gives a
+ * set of functions that handle this type, this
+ * supports the old d2i, i2d convention.
+ *
+ * The EXTERN type uses a new style d2i/i2d.
+ * The new style should be used where possible
+ * because it avoids things like the d2i IMPLICIT
+ * hack.
+ *
+ * MSTRING is a multiple string type, it is used
+ * for a CHOICE of character strings where the
+ * actual strings all occupy an ASN1_STRING
+ * structure. In this case the 'utype' field
+ * has a special meaning, it is used as a mask
+ * of acceptable types using the B_ASN1 constants.
+ *
+ * NDEF_SEQUENCE is the same as SEQUENCE except
+ * that it will use indefinite length constructed
+ * encoding if requested.
+ *
+ */
+
+#define ASN1_ITYPE_PRIMITIVE		0x0
+
+#define ASN1_ITYPE_SEQUENCE		0x1
+
+#define ASN1_ITYPE_CHOICE		0x2
+
+#define ASN1_ITYPE_COMPAT		0x3
+
+#define ASN1_ITYPE_EXTERN		0x4
+
+#define ASN1_ITYPE_MSTRING		0x5
+
+#define ASN1_ITYPE_NDEF_SEQUENCE	0x6
+
+/* Cache for ASN1 tag and length, so we
+ * don't keep re-reading it for things
+ * like CHOICE
+ */
+
+struct ASN1_TLC_st{
+	char valid;	/* Values below are valid */
+	int ret;	/* return value */
+	long plen;	/* length */
+	int ptag;	/* class value */
+	int pclass;	/* class value */
+	int hdrlen;	/* header length */
+};
+
+/* Typedefs for ASN1 function pointers */
+
+typedef ASN1_VALUE * ASN1_new_func(void);
+typedef void ASN1_free_func(ASN1_VALUE *a);
+typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, unsigned char ** in, long length);
+typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in);
+
+typedef int ASN1_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
+					int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+typedef struct ASN1_COMPAT_FUNCS_st {
+	ASN1_new_func *asn1_new;
+	ASN1_free_func *asn1_free;
+	ASN1_d2i_func *asn1_d2i;
+	ASN1_i2d_func *asn1_i2d;
+} ASN1_COMPAT_FUNCS;
+
+typedef struct ASN1_EXTERN_FUNCS_st {
+	void *app_data;
+	ASN1_ex_new_func *asn1_ex_new;
+	ASN1_ex_free_func *asn1_ex_free;
+	ASN1_ex_free_func *asn1_ex_clear;
+	ASN1_ex_d2i *asn1_ex_d2i;
+	ASN1_ex_i2d *asn1_ex_i2d;
+} ASN1_EXTERN_FUNCS;
+
+typedef struct ASN1_PRIMITIVE_FUNCS_st {
+	void *app_data;
+	unsigned long flags;
+	ASN1_ex_new_func *prim_new;
+	ASN1_ex_free_func *prim_free;
+	ASN1_ex_free_func *prim_clear;
+	ASN1_primitive_c2i *prim_c2i;
+	ASN1_primitive_i2c *prim_i2c;
+} ASN1_PRIMITIVE_FUNCS;
+
+/* This is the ASN1_AUX structure: it handles various
+ * miscellaneous requirements. For example the use of
+ * reference counts and an informational callback.
+ *
+ * The "informational callback" is called at various
+ * points during the ASN1 encoding and decoding. It can
+ * be used to provide minor customisation of the structures
+ * used. This is most useful where the supplied routines
+ * *almost* do the right thing but need some extra help
+ * at a few points. If the callback returns zero then
+ * it is assumed a fatal error has occurred and the 
+ * main operation should be abandoned.
+ *
+ * If major changes in the default behaviour are required
+ * then an external type is more appropriate.
+ */
+
+typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it);
+
+typedef struct ASN1_AUX_st {
+	void *app_data;
+	int flags;
+	int ref_offset;		/* Offset of reference value */
+	int ref_lock;		/* Lock type to use */
+	ASN1_aux_cb *asn1_cb;
+	int enc_offset;		/* Offset of ASN1_ENCODING structure */
+} ASN1_AUX;
+
+/* Flags in ASN1_AUX */
+
+/* Use a reference count */
+#define ASN1_AFLG_REFCOUNT	1
+/* Save the encoding of structure (useful for signatures) */
+#define ASN1_AFLG_ENCODING	2
+/* The Sequence length is invalid */
+#define ASN1_AFLG_BROKEN	4
+
+/* operation values for asn1_cb */
+
+#define ASN1_OP_NEW_PRE		0
+#define ASN1_OP_NEW_POST	1
+#define ASN1_OP_FREE_PRE	2
+#define ASN1_OP_FREE_POST	3
+#define ASN1_OP_D2I_PRE		4
+#define ASN1_OP_D2I_POST	5
+#define ASN1_OP_I2D_PRE		6
+#define ASN1_OP_I2D_POST	7
+
+/* Macro to implement a primitive type */
+#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
+#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
+				ASN1_ITEM_start(itname) \
+					ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
+				ASN1_ITEM_end(itname)
+
+/* Macro to implement a multi string type */
+#define IMPLEMENT_ASN1_MSTRING(itname, mask) \
+				ASN1_ITEM_start(itname) \
+					ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
+				ASN1_ITEM_end(itname)
+
+/* Macro to implement an ASN1_ITEM in terms of old style funcs */
+
+#define IMPLEMENT_COMPAT_ASN1(sname) IMPLEMENT_COMPAT_ASN1_type(sname, V_ASN1_SEQUENCE)
+
+#define IMPLEMENT_COMPAT_ASN1_type(sname, tag) \
+	static const ASN1_COMPAT_FUNCS sname##_ff = { \
+		(ASN1_new_func *)sname##_new, \
+		(ASN1_free_func *)sname##_free, \
+		(ASN1_d2i_func *)d2i_##sname, \
+		(ASN1_i2d_func *)i2d_##sname, \
+	}; \
+	ASN1_ITEM_start(sname) \
+		ASN1_ITYPE_COMPAT, \
+		tag, \
+		NULL, \
+		0, \
+		&sname##_ff, \
+		0, \
+		#sname \
+	ASN1_ITEM_end(sname)
+
+#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
+	ASN1_ITEM_start(sname) \
+		ASN1_ITYPE_EXTERN, \
+		tag, \
+		NULL, \
+		0, \
+		&fptrs, \
+		0, \
+		#sname \
+	ASN1_ITEM_end(sname)
+
+/* Macro to implement standard functions in terms of ASN1_ITEM structures */
+
+#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
+
+#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
+
+#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
+			IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
+
+#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
+	stname *fname##_new(void) \
+	{ \
+		return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
+	} \
+	void fname##_free(stname *a) \
+	{ \
+		ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
+	}
+
+#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
+	IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+	IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+	stname *d2i_##fname(stname **a, unsigned char **in, long len) \
+	{ \
+		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
+	} \
+	int i2d_##fname(stname *a, unsigned char **out) \
+	{ \
+		return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+	} 
+
+#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \
+	int i2d_##stname##_NDEF(stname *a, unsigned char **out) \
+	{ \
+		return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\
+	} 
+
+/* This includes evil casts to remove const: they will go away when full
+ * ASN1 constification is done.
+ */
+#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+	stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
+	{ \
+		return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, (unsigned char **)in, len, ASN1_ITEM_rptr(itname));\
+	} \
+	int i2d_##fname(const stname *a, unsigned char **out) \
+	{ \
+		return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+	} 
+
+#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
+	stname * stname##_dup(stname *x) \
+        { \
+        return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
+        }
+
+#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
+		IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
+
+#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
+	IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+	IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+/* external definitions for primitive types */
+
+DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_ANY)
+DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
+DECLARE_ASN1_ITEM(CBIGNUM)
+DECLARE_ASN1_ITEM(BIGNUM)
+DECLARE_ASN1_ITEM(LONG)
+DECLARE_ASN1_ITEM(ZLONG)
+
+DECLARE_STACK_OF(ASN1_VALUE)
+
+/* Functions used internally by the ASN1 code */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt);
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
+				int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt);
+void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it);
+
+ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr);
+
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_enc_save(ASN1_VALUE **pval, unsigned char *in, int inlen, const ASN1_ITEM *it);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c
new file mode 100644
index 0000000000..be20db4bad
--- /dev/null
+++ b/crypto/asn1/asn_moid.c
@@ -0,0 +1,95 @@
+/* asn_moid.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+
+/* Simple ASN1 OID module: add all objects in a given section */
+
+static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
+	{
+	int i;
+	const char *oid_section;
+	STACK_OF(CONF_VALUE) *sktmp;
+	CONF_VALUE *oval;
+	oid_section = CONF_imodule_get_value(md);
+	if(!(sktmp = NCONF_get_section(cnf, oid_section)))
+		{
+		ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
+		return 0;
+		}
+	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++)
+		{
+		oval = sk_CONF_VALUE_value(sktmp, i);
+		if(OBJ_create(oval->value, oval->name, oval->name) == NID_undef)
+			{
+			ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT);
+			return 0;
+			}
+		}
+	return 1;
+}
+
+void ASN1_add_oid_module(void)
+	{
+	CONF_module_add("oid_section", oid_module_init, 0);
+	}
diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.c
new file mode 100644
index 0000000000..e6051db2dc
--- /dev/null
+++ b/crypto/asn1/asn_pack.c
@@ -0,0 +1,191 @@
+/* asn_pack.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+
+#ifndef NO_ASN1_OLD
+
+/* ASN1 packing and unpacking functions */
+
+/* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
+
+STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(),
+	     void (*free_func)(void *))
+{
+    STACK *sk;
+    unsigned char *pbuf;
+    pbuf =  buf;
+    if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
+					V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL)))
+		 ASN1err(ASN1_F_ASN1_SEQ_UNPACK,ASN1_R_DECODE_ERROR);
+    return sk;
+}
+
+/* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a
+ * OPENSSL_malloc'ed buffer
+ */
+
+unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf,
+	     int *len)
+{
+	int safelen;
+	unsigned char *safe, *p;
+	if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE,
+					      V_ASN1_UNIVERSAL, IS_SEQUENCE))) {
+		ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR);
+		return NULL;
+	}
+	if (!(safe = OPENSSL_malloc (safelen))) {
+		ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	p = safe;
+	i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
+								 IS_SEQUENCE);
+	if (len) *len = safelen;
+	if (buf) *buf = safe;
+	return safe;
+}
+
+/* Extract an ASN1 object from an ASN1_STRING */
+
+void *ASN1_unpack_string (ASN1_STRING *oct, char *(*d2i)())
+{
+	unsigned char *p;
+	char *ret;
+
+	p = oct->data;
+	if(!(ret = d2i(NULL, &p, oct->length)))
+		ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);
+	return ret;
+}
+
+/* Pack an ASN1 object into an ASN1_STRING */
+
+ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_STRING **oct)
+{
+	unsigned char *p;
+	ASN1_STRING *octmp;
+
+	if (!oct || !*oct) {
+		if (!(octmp = ASN1_STRING_new ())) {
+			ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+			return NULL;
+		}
+		if (oct) *oct = octmp;
+	} else octmp = *oct;
+		
+	if (!(octmp->length = i2d(obj, NULL))) {
+		ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
+		return NULL;
+	}
+	if (!(p = OPENSSL_malloc (octmp->length))) {
+		ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	octmp->data = p;
+	i2d (obj, &p);
+	return octmp;
+}
+
+#endif
+
+/* ASN1_ITEM versions of the above */
+
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
+{
+	ASN1_STRING *octmp;
+
+	if (!oct || !*oct) {
+		if (!(octmp = ASN1_STRING_new ())) {
+			ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+			return NULL;
+		}
+		if (oct) *oct = octmp;
+	} else octmp = *oct;
+
+	if(octmp->data) {
+		OPENSSL_free(octmp->data);
+		octmp->data = NULL;
+	}
+		
+	if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) {
+		ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
+		return NULL;
+	}
+	if (!octmp->data) {
+		ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	return octmp;
+}
+
+/* Extract an ASN1 object from an ASN1_STRING */
+
+void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
+{
+	unsigned char *p;
+	void *ret;
+
+	p = oct->data;
+	if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))
+		ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);
+	return ret;
+}
diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h
new file mode 100644
index 0000000000..bd020a9562
--- /dev/null
+++ b/crypto/asn1/charmap.h
@@ -0,0 +1,15 @@
+/* Auto generated with chartype.pl script.
+ * Mask of various character properties
+ */
+
+static unsigned char char_type[] = {
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+ 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
+120, 0, 1,40, 0, 0, 0,16,16,16, 0,25,25,16,16,16,
+16,16,16,16,16,16,16,16,16,16,16, 9, 9,16, 9,16,
+ 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,
+16,16,16,16,16,16,16,16,16,16,16, 0, 1, 0, 0, 0,
+ 0,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,
+16,16,16,16,16,16,16,16,16,16,16, 0, 0, 0, 0, 2
+};
+
diff --git a/crypto/asn1/charmap.pl b/crypto/asn1/charmap.pl
new file mode 100644
index 0000000000..2875c59867
--- /dev/null
+++ b/crypto/asn1/charmap.pl
@@ -0,0 +1,80 @@
+#!/usr/local/bin/perl -w
+
+use strict;
+
+my ($i, @arr);
+
+# Set up an array with the type of ASCII characters
+# Each set bit represents a character property.
+
+# RFC2253 character properties
+my $RFC2253_ESC = 1;	# Character escaped with \
+my $ESC_CTRL	= 2;	# Escaped control character
+# These are used with RFC1779 quoting using "
+my $NOESC_QUOTE	= 8;	# Not escaped if quoted
+my $PSTRING_CHAR = 0x10;	# Valid PrintableString character
+my $RFC2253_FIRST_ESC = 0x20; # Escaped with \ if first character
+my $RFC2253_LAST_ESC = 0x40;  # Escaped with \ if last character
+
+for($i = 0; $i < 128; $i++) {
+	# Set the RFC2253 escape characters (control)
+	$arr[$i] = 0;
+	if(($i < 32) || ($i > 126)) {
+		$arr[$i] |= $ESC_CTRL;
+	}
+
+	# Some PrintableString characters
+	if(		   ( ( $i >= ord("a")) && ( $i <= ord("z")) )
+			|| (  ( $i >= ord("A")) && ( $i <= ord("Z")) )
+			|| (  ( $i >= ord("0")) && ( $i <= ord("9")) )  ) {
+		$arr[$i] |= $PSTRING_CHAR;
+	}
+}
+
+# Now setup the rest
+
+# Remaining RFC2253 escaped characters
+
+$arr[ord(" ")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC | $RFC2253_LAST_ESC;
+$arr[ord("#")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC;
+
+$arr[ord(",")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord("+")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord("\"")] |= $RFC2253_ESC;
+$arr[ord("\\")] |= $RFC2253_ESC;
+$arr[ord("<")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord(">")] |= $NOESC_QUOTE | $RFC2253_ESC;
+$arr[ord(";")] |= $NOESC_QUOTE | $RFC2253_ESC;
+
+# Remaining PrintableString characters
+
+$arr[ord(" ")] |= $PSTRING_CHAR;
+$arr[ord("'")] |= $PSTRING_CHAR;
+$arr[ord("(")] |= $PSTRING_CHAR;
+$arr[ord(")")] |= $PSTRING_CHAR;
+$arr[ord("+")] |= $PSTRING_CHAR;
+$arr[ord(",")] |= $PSTRING_CHAR;
+$arr[ord("-")] |= $PSTRING_CHAR;
+$arr[ord(".")] |= $PSTRING_CHAR;
+$arr[ord("/")] |= $PSTRING_CHAR;
+$arr[ord(":")] |= $PSTRING_CHAR;
+$arr[ord("=")] |= $PSTRING_CHAR;
+$arr[ord("?")] |= $PSTRING_CHAR;
+
+# Now generate the C code
+
+print <<EOF;
+/* Auto generated with chartype.pl script.
+ * Mask of various character properties
+ */
+
+static unsigned char char_type[] = {
+EOF
+
+for($i = 0; $i < 128; $i++) {
+	print("\n") if($i && (($i % 16) == 0));
+	printf("%2d", $arr[$i]);
+	print(",") if ($i != 127);
+}
+print("\n};\n\n");
+
diff --git a/crypto/asn1/d2i_dhp.c b/crypto/asn1/d2i_dhp.c
deleted file mode 100644
index f2236fc2e2..0000000000
--- a/crypto/asn1/d2i_dhp.c
+++ /dev/null
@@ -1,108 +0,0 @@
-/* crypto/asn1/d2i_dhp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn.h"
-#include "dh.h"
-#include "objects.h"
-#include "asn1_mac.h"
-
-/*
- * ASN1err(ASN1_F_D2I_DHPARAMS,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_I2D_DHPARAMS,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- */
-
-DH *d2i_DHparams(a,pp,length)
-DH **a;
-unsigned char **pp;
-long length;
-	{
-	int i=ERR_R_NESTED_ASN1_ERROR;
-	ASN1_INTEGER *bs=NULL;
-	long v=0;
-	M_ASN1_D2I_vars(a,DH *,DH_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if ((ret->p=BN_bin2bn(bs->data,bs->length,ret->p)) == NULL) goto err_bn;
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if ((ret->g=BN_bin2bn(bs->data,bs->length,ret->g)) == NULL) goto err_bn;
-
-	if (!M_ASN1_D2I_end_sequence())
-		{
-		M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-		for (i=0; i<bs->length; i++)
-			v=(v<<8)|(bs->data[i]);
-		ret->length=(int)v;
-		}
-
-	ASN1_BIT_STRING_free(bs);
-
-	M_ASN1_D2I_Finish_2(a);
-
-err_bn:
-	i=ERR_R_BN_LIB;
-err:
-	ASN1err(ASN1_F_D2I_DHPARAMS,i);
-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) DH_free(ret);
-	if (bs != NULL) ASN1_BIT_STRING_free(bs);
-	return(NULL);
-	}
-
diff --git a/crypto/asn1/d2i_dsap.c b/crypto/asn1/d2i_dsap.c
deleted file mode 100644
index fc2961b3a4..0000000000
--- a/crypto/asn1/d2i_dsap.c
+++ /dev/null
@@ -1,101 +0,0 @@
-/* crypto/asn1/d2i_dsap.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn.h"
-#include "dsa.h"
-#include "objects.h"
-#include "asn1_mac.h"
-
-/*
- * ASN1err(ASN1_F_D2I_DSAPARAMS,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_I2D_DSAPARAMS,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- */
-
-DSA *d2i_DSAparams(a,pp,length)
-DSA **a;
-unsigned char **pp;
-long length;
-	{
-	int i=ERR_R_NESTED_ASN1_ERROR;
-	ASN1_INTEGER *bs=NULL;
-	M_ASN1_D2I_vars(a,DSA *,DSA_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if ((ret->p=BN_bin2bn(bs->data,bs->length,ret->p)) == NULL) goto err_bn;
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if ((ret->q=BN_bin2bn(bs->data,bs->length,ret->q)) == NULL) goto err_bn;
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if ((ret->g=BN_bin2bn(bs->data,bs->length,ret->g)) == NULL) goto err_bn;
-
-	ASN1_BIT_STRING_free(bs);
-
-	M_ASN1_D2I_Finish_2(a);
-
-err_bn:
-	i=ERR_R_BN_LIB;
-err:
-	ASN1err(ASN1_F_D2I_DSAPARAMS,i);
-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_free(ret);
-	if (bs != NULL) ASN1_BIT_STRING_free(bs);
-	return(NULL);
-	}
-
diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c
index 677403564b..8d0dc27904 100644
--- a/crypto/asn1/d2i_pr.c
+++ b/crypto/asn1/d2i_pr.c
@@ -58,16 +58,22 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#endif
 
-EVP_PKEY *d2i_PrivateKey(type,a,pp,length)
-int type;
-EVP_PKEY **a;
-unsigned char **pp;
-long length;
+EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp,
+	     long length)
 	{
 	EVP_PKEY *ret;
 
@@ -85,24 +91,36 @@ long length;
 	ret->type=EVP_PKEY_type(type);
 	switch (ret->type)
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	case EVP_PKEY_RSA:
-		if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,pp,length)) == NULL)
+		if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,
+			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
 			{
 			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
 			goto err;
 			}
 		break;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	case EVP_PKEY_DSA:
-		if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,pp,length)) == NULL)
+		if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,
+			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
 			{
 			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
 			goto err;
 			}
 		break;
 #endif
+#ifndef OPENSSL_NO_EC
+	case EVP_PKEY_EC:
+		if ((ret->pkey.eckey = d2i_ECPrivateKey(NULL, 
+			(const unsigned char **)pp, length)) == NULL)
+			{
+			ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
+			goto err;
+			}
+		break;
+#endif
 	default:
 		ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
 		goto err;
@@ -115,3 +133,29 @@ err:
 	return(NULL);
 	}
 
+/* This works like d2i_PrivateKey() except it automatically works out the type */
+
+EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp,
+	     long length)
+{
+	STACK_OF(ASN1_TYPE) *inkey;
+	unsigned char *p;
+	int keytype;
+	p = *pp;
+	/* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE):
+	 * by analyzing it we can determine the passed structure: this
+	 * assumes the input is surrounded by an ASN1 SEQUENCE.
+	 */
+	inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, 
+			ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+	/* Since we only need to discern "traditional format" RSA and DSA
+	 * keys we can just count the elements.
+         */
+	if(sk_ASN1_TYPE_num(inkey) == 6) 
+		keytype = EVP_PKEY_DSA;
+	else if (sk_ASN1_TYPE_num(inkey) == 4)
+		keytype = EVP_PKEY_EC;
+	else keytype = EVP_PKEY_RSA;
+	sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
+	return d2i_PrivateKey(keytype, a, pp, length);
+}
diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c
index eb572acb0f..cf97b83eac 100644
--- a/crypto/asn1/d2i_pu.c
+++ b/crypto/asn1/d2i_pu.c
@@ -58,16 +58,22 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#endif
 
-EVP_PKEY *d2i_PublicKey(type,a,pp,length)
-int type;
-EVP_PKEY **a;
-unsigned char **pp;
-long length;
+EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp,
+	     long length)
 	{
 	EVP_PKEY *ret;
 
@@ -85,24 +91,37 @@ long length;
 	ret->type=EVP_PKEY_type(type);
 	switch (ret->type)
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	case EVP_PKEY_RSA:
-		if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,pp,length)) == NULL)
+		if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,
+			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
 			{
 			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
 			goto err;
 			}
 		break;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	case EVP_PKEY_DSA:
-		if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL,pp,length)) == NULL)
+		if ((ret->pkey.dsa=d2i_DSAPublicKey(&(ret->pkey.dsa),
+			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
 			{
 			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
 			goto err;
 			}
 		break;
 #endif
+#ifndef OPENSSL_NO_EC
+	case EVP_PKEY_EC:
+		if ((ret->pkey.eckey = ECPublicKey_set_octet_string(
+			&(ret->pkey.eckey), (const unsigned char **)pp, 
+			length)) == NULL)
+			{
+			ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+			goto err;
+			}
+	break;
+#endif
 	default:
 		ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
 		goto err;
diff --git a/crypto/asn1/d2i_r_pr.c b/crypto/asn1/d2i_r_pr.c
deleted file mode 100644
index a276a1d4c5..0000000000
--- a/crypto/asn1/d2i_r_pr.c
+++ /dev/null
@@ -1,129 +0,0 @@
-/* crypto/asn1/d2i_r_pr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "objects.h"
-#include "asn1_mac.h"
-
-/*
- * ASN1err(ASN1_F_D2I_RSAPRIVATEKEY,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_I2D_RSAPRIVATEKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- * ASN1err(ASN1_F_I2D_RSAPRIVATEKEY,ASN1_R_PARSING);
- */
-
-static ASN1_METHOD method={
-        (int (*)())  i2d_RSAPrivateKey,
-        (char *(*)())d2i_RSAPrivateKey,
-        (char *(*)())RSA_new,
-        (void (*)()) RSA_free};
-
-ASN1_METHOD *RSAPrivateKey_asn1_meth()
-	{
-	return(&method);
-	}
-
-RSA *d2i_RSAPrivateKey(a,pp,length)
-RSA **a;
-unsigned char **pp;
-long length;
-	{
-	int i=ASN1_R_PARSING;
-	ASN1_INTEGER *bs=NULL;
-	M_ASN1_D2I_vars(a,RSA *,RSA_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if (bs->length == 0)
-		ret->version=0;
-	else	ret->version=bs->data[0];
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if ((ret->n=BN_bin2bn(bs->data,bs->length,ret->n)) == NULL) goto err_bn;
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if ((ret->e=BN_bin2bn(bs->data,bs->length,ret->e)) == NULL) goto err_bn;
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if ((ret->d=BN_bin2bn(bs->data,bs->length,ret->d)) == NULL) goto err_bn;
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if ((ret->p=BN_bin2bn(bs->data,bs->length,ret->p)) == NULL) goto err_bn;
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if ((ret->q=BN_bin2bn(bs->data,bs->length,ret->q)) == NULL) goto err_bn;
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if ((ret->dmp1=BN_bin2bn(bs->data,bs->length,ret->dmp1)) == NULL)
-		goto err_bn;
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if ((ret->dmq1=BN_bin2bn(bs->data,bs->length,ret->dmq1)) == NULL)
-		goto err_bn;
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if ((ret->iqmp=BN_bin2bn(bs->data,bs->length,ret->iqmp)) == NULL)
-		goto err_bn;
-
-	ASN1_INTEGER_free(bs);
-
-	M_ASN1_D2I_Finish_2(a);
-err_bn:
-	i=ERR_R_BN_LIB;
-err:
-	ASN1err(ASN1_F_D2I_RSAPRIVATEKEY,i);
-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) RSA_free(ret);
-	if (bs != NULL) ASN1_INTEGER_free(bs);
-	return(NULL);
-	}
-
diff --git a/crypto/asn1/d2i_r_pu.c b/crypto/asn1/d2i_r_pu.c
deleted file mode 100644
index a4e2c22f36..0000000000
--- a/crypto/asn1/d2i_r_pu.c
+++ /dev/null
@@ -1,100 +0,0 @@
-/* crypto/asn1/d2i_r_pu.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "objects.h"
-#include "asn1_mac.h"
-
-/*
- * ASN1err(ASN1_F_D2I_RSAPUBLICKEY,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_I2D_RSAPUBLICKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- */
-
-RSA *d2i_RSAPublicKey(a,pp,length)
-RSA **a;
-unsigned char **pp;
-long length;
-	{
-	int i=ASN1_R_PARSING;
-	ASN1_INTEGER *bs=NULL;
-	M_ASN1_D2I_vars(a,RSA *,RSA_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if ((ret->n=BN_bin2bn(bs->data,bs->length,ret->n)) == NULL) goto err_bn;
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if ((ret->e=BN_bin2bn(bs->data,bs->length,ret->e)) == NULL) goto err_bn;
-
-	ASN1_INTEGER_free(bs);
-	bs=NULL;
-
-	M_ASN1_D2I_Finish_2(a);
-
-err_bn:
-	i=ERR_R_BN_LIB;
-err:
-	ASN1err(ASN1_F_D2I_RSAPUBLICKEY,i);
-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) RSA_free(ret);
-	if (bs != NULL) ASN1_INTEGER_free(bs);
-	return(NULL);
-	}
-
diff --git a/crypto/asn1/d2i_s_pr.c b/crypto/asn1/d2i_s_pr.c
deleted file mode 100644
index 8499702c9c..0000000000
--- a/crypto/asn1/d2i_s_pr.c
+++ /dev/null
@@ -1,113 +0,0 @@
-/* crypto/asn1/d2i_s_pr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn.h"
-#include "dsa.h"
-#include "objects.h"
-#include "asn1_mac.h"
-
-/*
- * ASN1err(ASN1_F_D2I_DSAPRIVATEKEY,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_I2D_DSAPRIVATEKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- * ASN1err(ASN1_F_I2D_DSAPRIVATEKEY,ASN1_R_PARSING);
- */
-
-DSA *d2i_DSAPrivateKey(a,pp,length)
-DSA **a;
-unsigned char **pp;
-long length;
-	{
-	int i=ASN1_R_PARSING;
-	ASN1_INTEGER *bs=NULL;
-	M_ASN1_D2I_vars(a,DSA *,DSA_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if (bs->length == 0)
-		ret->version=0;
-	else	ret->version=bs->data[0];
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if ((ret->p=BN_bin2bn(bs->data,bs->length,ret->p)) == NULL) goto err_bn;
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if ((ret->q=BN_bin2bn(bs->data,bs->length,ret->q)) == NULL) goto err_bn;
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if ((ret->g=BN_bin2bn(bs->data,bs->length,ret->g)) == NULL) goto err_bn;
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if ((ret->pub_key=BN_bin2bn(bs->data,bs->length,ret->pub_key))
-		== NULL) goto err_bn;
-	M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-	if ((ret->priv_key=BN_bin2bn(bs->data,bs->length,ret->priv_key))
-		== NULL) goto err_bn;
-
-	ASN1_INTEGER_free(bs);
-
-	M_ASN1_D2I_Finish_2(a);
-err_bn:
-	i=ERR_R_BN_LIB;
-err:
-	ASN1err(ASN1_F_D2I_DSAPRIVATEKEY,i);
-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_free(ret);
-	if (bs != NULL) ASN1_INTEGER_free(bs);
-	return(NULL);
-	}
-
diff --git a/crypto/asn1/d2i_s_pu.c b/crypto/asn1/d2i_s_pu.c
deleted file mode 100644
index ecf6407eab..0000000000
--- a/crypto/asn1/d2i_s_pu.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/* crypto/asn1/d2i_s_pu.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn.h"
-#include "dsa.h"
-#include "objects.h"
-#include "asn1_mac.h"
-
-/*
- * ASN1err(ASN1_F_D2I_DSAPUBLICKEY,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_I2D_DSAPUBLICKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- */
-
-DSA *d2i_DSAPublicKey(a,pp,length)
-DSA **a;
-unsigned char **pp;
-long length;
-	{
-	int i=ASN1_R_PARSING;
-	ASN1_INTEGER *bs=NULL;
-	M_ASN1_D2I_vars(a,DSA *,DSA_new);
-
-	M_ASN1_D2I_Init();
-	if ((length != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED))
-		== (V_ASN1_UNIVERSAL|(V_ASN1_INTEGER))))
-		{
-		c.slen=length;
-		M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-		if ((ret->pub_key=BN_bin2bn(bs->data,bs->length,ret->pub_key))
-                        == NULL)
-                        goto err_bn;
-		ret->write_params=0;
-		}
-	else
-		{
-		M_ASN1_D2I_start_sequence();
-		M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-		if ((ret->pub_key=BN_bin2bn(bs->data,bs->length,ret->pub_key))
-			== NULL)
-			goto err_bn;
-		M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-		if ((ret->p=BN_bin2bn(bs->data,bs->length,ret->p)) == NULL)
-			goto err_bn;
-		M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-		if ((ret->q=BN_bin2bn(bs->data,bs->length,ret->q)) == NULL)
-			goto err_bn;
-		M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-		if ((ret->g=BN_bin2bn(bs->data,bs->length,ret->g)) == NULL)
-			goto err_bn;
-
-		ret->write_params=1;
-		}
-
-	ASN1_INTEGER_free(bs);
-	bs=NULL;
-	M_ASN1_D2I_Finish_2(a);
-err_bn:
-	i=ERR_R_BN_LIB;
-err:
-	ASN1err(ASN1_F_D2I_DSAPUBLICKEY,i);
-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_free(ret);
-	if (bs != NULL) ASN1_INTEGER_free(bs);
-	return(NULL);
-	}
-
diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c
index 4153d1b57f..3506005a71 100644
--- a/crypto/asn1/evp_asn1.c
+++ b/crypto/asn1/evp_asn1.c
@@ -58,26 +58,22 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
-#include "asn1_mac.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
 
-int ASN1_TYPE_set_octetstring(a,data,len)
-ASN1_TYPE *a;
-unsigned char *data;
-int len;
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
 	{
 	ASN1_STRING *os;
 
-	if ((os=ASN1_OCTET_STRING_new()) == NULL) return(0);
-	if (!ASN1_OCTET_STRING_set(os,data,len)) return(0);
-	ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,(char *)os);
+	if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0);
+	if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0);
+	ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
 	return(1);
 	}
 
-int ASN1_TYPE_get_octetstring(a,data,max_len)
-ASN1_TYPE *a;
-unsigned char *data;
-int max_len; /* for returned value */
+/* int max_len:  for returned value    */
+int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data,
+	     int max_len)
 	{
 	int ret,num;
 	unsigned char *p;
@@ -87,8 +83,8 @@ int max_len; /* for returned value */
 		ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING,ASN1_R_DATA_IS_WRONG);
 		return(-1);
 		}
-	p=ASN1_STRING_data(a->value.octet_string);
-	ret=ASN1_STRING_length(a->value.octet_string);
+	p=M_ASN1_STRING_data(a->value.octet_string);
+	ret=M_ASN1_STRING_length(a->value.octet_string);
 	if (ret < max_len)
 		num=ret;
 	else
@@ -97,11 +93,8 @@ int max_len; /* for returned value */
 	return(ret);
 	}
 
-int ASN1_TYPE_set_int_octetstring(a,num,data,len)
-ASN1_TYPE *a;
-long num;
-unsigned char *data;
-int len;
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
+	     int len)
 	{
 	int n,size;
 	ASN1_OCTET_STRING os,*osp;
@@ -124,24 +117,22 @@ int len;
 	/* Grow the 'string' */
 	ASN1_STRING_set(osp,NULL,size);
 
-	ASN1_STRING_length(osp)=size;
-	p=ASN1_STRING_data(osp);
+	M_ASN1_STRING_length_set(osp, size);
+	p=M_ASN1_STRING_data(osp);
 
 	ASN1_put_object(&p,1,n,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
 	  i2d_ASN1_INTEGER(&in,&p);
 	M_i2d_ASN1_OCTET_STRING(&os,&p);
 
-	ASN1_TYPE_set(a,V_ASN1_SEQUENCE,(char *)osp);
+	ASN1_TYPE_set(a,V_ASN1_SEQUENCE,osp);
 	return(1);
 	}
 
 /* we return the actual length..., num may be missing, in which
  * case, set it to zero */
-int ASN1_TYPE_get_int_octetstring(a,num,data,max_len)
-ASN1_TYPE *a;
-long *num;
-unsigned char *data;
-int max_len; /* for returned value */
+/* int max_len:  for returned value    */
+int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data,
+	     int max_len)
 	{
 	int ret= -1,n;
 	ASN1_INTEGER *ai=NULL;
@@ -154,8 +145,8 @@ int max_len; /* for returned value */
 		{
 		goto err;
 		}
-	p=ASN1_STRING_data(a->value.sequence);
-	length=ASN1_STRING_length(a->value.sequence);
+	p=M_ASN1_STRING_data(a->value.sequence);
+	length=M_ASN1_STRING_length(a->value.sequence);
 
 	c.pp= &p;
 	c.p=p;
@@ -174,21 +165,21 @@ int max_len; /* for returned value */
 	if (num != NULL)
 		*num=ASN1_INTEGER_get(ai);
 
-	ret=ASN1_STRING_length(os);
+	ret=M_ASN1_STRING_length(os);
 	if (max_len > ret)
 		n=ret;
 	else
 		n=max_len;
 
 	if (data != NULL)
-		memcpy(data,ASN1_STRING_data(os),n);
+		memcpy(data,M_ASN1_STRING_data(os),n);
 	if (0)
 		{
 err:
 		ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,ASN1_R_DATA_IS_WRONG);
 		}
-	if (os != NULL) ASN1_OCTET_STRING_free(os);
-	if (ai != NULL) ASN1_INTEGER_free(ai);
+	if (os != NULL) M_ASN1_OCTET_STRING_free(os);
+	if (ai != NULL) M_ASN1_INTEGER_free(ai);
 	return(ret);
 	}
 
diff --git a/crypto/asn1/f.c b/crypto/asn1/f.c
index 2ab3a262ac..82bccdfd51 100644
--- a/crypto/asn1/f.c
+++ b/crypto/asn1/f.c
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 #include <stdio.h>
-#include "asn1.h"
-#include "err.h"
+#include <openssl/asn1.h>
+#include <openssl/err.h>
 
 main()
 	{
diff --git a/crypto/bn/old/bn_mul.c.works b/crypto/asn1/f_enum.c
index 6d565d44a2..56e3cc8df2 100644
--- a/crypto/bn/old/bn_mul.c.works
+++ b/crypto/asn1/f_enum.c
@@ -1,4 +1,4 @@
-/* crypto/bn/bn_mul.c */
+/* crypto/asn1/f_enum.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -58,162 +58,150 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn_lcl.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
 
-int bn_mm(BIGNUM *m,BIGNUM *A,BIGNUM *B, BIGNUM *sk,BN_CTX *ctx);
+/* Based on a_int.c: equivalent ENUMERATED functions */
 
-/* r must be different to a and b */
-int BN_mul(r, a, b)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *b;
+int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a)
 	{
-	BN_ULONG *ap,*bp,*rp;
-	BIGNUM *sk;
-	int i,n,ret;
-	int max,al,bl;
-	BN_CTX ctx;
+	int i,n=0;
+	static const char *h="0123456789ABCDEF";
+	char buf[2];
 
-	bn_check_top(a);
-	bn_check_top(b);
+	if (a == NULL) return(0);
 
-	al=a->top;
-	bl=b->top;
-	if ((al == 0) || (bl == 0))
+	if (a->length == 0)
 		{
-		r->top=0;
-		return(1);
-		}
-#ifdef BN_MUL_DEBUG
-printf("BN_mul(%d,%d)\n",a->top,b->top);
-#endif
-
-#ifdef BN_RECURSION
-	if (	(bn_limit_bits > 0) &&
-		(bl > bn_limit_num) && (al > bn_limit_num))
-		{
-		n=(BN_num_bits_word(al|bl)-bn_limit_bits);
-		n*=2;
-		sk=(BIGNUM *)Malloc(sizeof(BIGNUM)*n);
-		memset(sk,0,sizeof(BIGNUM)*n);
-		memset(&ctx,0,sizeof(ctx));
-
-		ret=bn_mm(r,a,b,&(sk[0]),&ctx);
-		for (i=0; i<n; i+=2)
-			{
-			BN_clear_free(&sk[i]);
-			BN_clear_free(&sk[i+1]);
-			}
-		Free(sk);
-		return(ret);
-		}
-#endif
-
-	max=(al+bl);
-	if (bn_wexpand(r,max) == NULL) return(0);
-	r->top=max;
-	r->neg=a->neg^b->neg;
-	ap=a->d;
-	bp=b->d;
-	rp=r->d;
-
-#ifdef BN_RECURSION
-	if ((al == bl) && (al == 8))
-		{
-		bn_mul_comba8(rp,ap,bp);
+		if (BIO_write(bp,"00",2) != 2) goto err;
+		n=2;
 		}
 	else
-#endif
 		{
-		rp[al]=bn_mul_words(rp,ap,al,*(bp++));
-		rp++;
-		for (i=1; i<bl; i++)
+		for (i=0; i<a->length; i++)
 			{
-			rp[al]=bn_mul_add_words(rp,ap,al,*(bp++));
-			rp++;
+			if ((i != 0) && (i%35 == 0))
+				{
+				if (BIO_write(bp,"\\\n",2) != 2) goto err;
+				n+=2;
+				}
+			buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
+			buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
+			if (BIO_write(bp,buf,2) != 2) goto err;
+			n+=2;
 			}
 		}
-	if ((max > 0) && (r->d[max-1] == 0)) r->top--;
-	return(1);
+	return(n);
+err:
+	return(-1);
 	}
 
-#ifdef BN_RECURSION
-
-#define ahal	(sk[0])
-#define blbh	(sk[1])
-
-/* r must be different to a and b */
-int bn_mm(m, A, B, sk,ctx)
-BIGNUM *m,*A,*B;
-BIGNUM *sk;
-BN_CTX *ctx;
+int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
 	{
-	int n,num,sqr=0;
-	int an,bn;
-	BIGNUM ah,al,bh,bl;
-
-	an=A->top;
-	bn=B->top;
-#ifdef BN_MUL_DEBUG
-printf("bn_mm(%d,%d)\n",A->top,B->top);
-#endif
-
-	if (A == B) sqr=1;
-	num=(an>bn)?an:bn;
-	n=(num+1)/2;
-	/* Are going to now chop things into 'num' word chunks. */
-
-	BN_init(&ah);
-	BN_init(&al);
-	BN_init(&bh);
-	BN_init(&bl);
-
-	bn_set_low (&al,A,n);
-	bn_set_high(&ah,A,n);
-	bn_set_low (&bl,B,n);
-	bn_set_high(&bh,B,n);
+	int ret=0;
+	int i,j,k,m,n,again,bufsize;
+	unsigned char *s=NULL,*sp;
+	unsigned char *bufp;
+	int num=0,slen=0,first=1;
 
-	BN_sub(&ahal,&ah,&al);
-	BN_sub(&blbh,&bl,&bh);
+	bs->type=V_ASN1_ENUMERATED;
 
-	if (num <= (bn_limit_num+bn_limit_num))
+	bufsize=BIO_gets(bp,buf,size);
+	for (;;)
 		{
-		BN_mul(m,&ahal,&blbh);
-		if (sqr)
+		if (bufsize < 1) goto err_sl;
+		i=bufsize;
+		if (buf[i-1] == '\n') buf[--i]='\0';
+		if (i == 0) goto err_sl;
+		if (buf[i-1] == '\r') buf[--i]='\0';
+		if (i == 0) goto err_sl;
+		again=(buf[i-1] == '\\');
+
+		for (j=0; j<i; j++)
 			{
-			BN_sqr(&ahal,&al,ctx);
-			BN_sqr(&blbh,&ah,ctx);
+			if (!(	((buf[j] >= '0') && (buf[j] <= '9')) ||
+				((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+				((buf[j] >= 'A') && (buf[j] <= 'F'))))
+				{
+				i=j;
+				break;
+				}
 			}
-		else
+		buf[i]='\0';
+		/* We have now cleared all the crap off the end of the
+		 * line */
+		if (i < 2) goto err_sl;
+
+		bufp=(unsigned char *)buf;
+		if (first)
+			{
+			first=0;
+			if ((bufp[0] == '0') && (buf[1] == '0'))
+				{
+				bufp+=2;
+				i-=2;
+				}
+			}
+		k=0;
+		i-=again;
+		if (i%2 != 0)
+			{
+			ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_ODD_NUMBER_OF_CHARS);
+			goto err;
+			}
+		i/=2;
+		if (num+i > slen)
+			{
+			if (s == NULL)
+				sp=(unsigned char *)OPENSSL_malloc(
+					(unsigned int)num+i*2);
+			else
+				sp=(unsigned char *)OPENSSL_realloc(s,
+					(unsigned int)num+i*2);
+			if (sp == NULL)
+				{
+				ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
+				if (s != NULL) OPENSSL_free(s);
+				goto err;
+				}
+			s=sp;
+			slen=num+i*2;
+			}
+		for (j=0; j<i; j++,k+=2)
 			{
-			BN_mul(&ahal,&al,&bl);
-			BN_mul(&blbh,&ah,&bh);
+			for (n=0; n<2; n++)
+				{
+				m=bufp[k+n];
+				if ((m >= '0') && (m <= '9'))
+					m-='0';
+				else if ((m >= 'a') && (m <= 'f'))
+					m=m-'a'+10;
+				else if ((m >= 'A') && (m <= 'F'))
+					m=m-'A'+10;
+				else
+					{
+					ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_NON_HEX_CHARACTERS);
+					goto err;
+					}
+				s[num+j]<<=4;
+				s[num+j]|=m;
+				}
 			}
+		num+=i;
+		if (again)
+			bufsize=BIO_gets(bp,buf,size);
+		else
+			break;
 		}
-	else
+	bs->length=num;
+	bs->data=s;
+	ret=1;
+err:
+	if (0)
 		{
-		bn_mm(m,&ahal,&blbh,&(sk[2]),ctx);
-		bn_mm(&ahal,&al,&bl,&(sk[2]),ctx);
-		bn_mm(&blbh,&ah,&bh,&(sk[2]),ctx);
+err_sl:
+		ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_SHORT_LINE);
 		}
-
-	BN_add(m,m,&ahal);
-	BN_add(m,m,&blbh);
-
-	BN_lshift(m,m,n*BN_BITS2);
-	BN_lshift(&blbh,&blbh,n*BN_BITS2*2);
-
-	BN_add(m,m,&ahal);
-	BN_add(m,m,&blbh);
-
-	m->neg=A->neg^B->neg;
-	return(1);
+	return(ret);
 	}
-#undef ahal	(sk[0])
-#undef blbh	(sk[1])
-
-#include "bn_low.c"
-#include "bn_high.c"
-#include "f.c"
 
-#endif
diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c
index 4817c45cb7..9494e597ab 100644
--- a/crypto/asn1/f_int.c
+++ b/crypto/asn1/f_int.c
@@ -58,23 +58,27 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "x509.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
 
-int i2a_ASN1_INTEGER(bp, a)
-BIO *bp;
-ASN1_INTEGER *a;
+int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
 	{
 	int i,n=0;
-	static char *h="0123456789ABCDEF";
+	static const char *h="0123456789ABCDEF";
 	char buf[2];
 
 	if (a == NULL) return(0);
 
+	if (a->type & V_ASN1_NEG)
+		{
+		if (BIO_write(bp, "-", 1) != 1) goto err;
+		n = 1;
+		}
+
 	if (a->length == 0)
 		{
 		if (BIO_write(bp,"00",2) != 2) goto err;
-		n=2;
+		n += 2;
 		}
 	else
 		{
@@ -96,11 +100,7 @@ err:
 	return(-1);
 	}
 
-int a2i_ASN1_INTEGER(bp,bs,buf,size)
-BIO *bp;
-ASN1_INTEGER *bs;
-char *buf;
-int size;
+int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
 	{
 	int ret=0;
 	int i,j,k,m,n,again,bufsize;
@@ -123,9 +123,18 @@ int size;
 
 		for (j=0; j<i; j++)
 			{
+#ifndef CHARSET_EBCDIC
 			if (!(	((buf[j] >= '0') && (buf[j] <= '9')) ||
 				((buf[j] >= 'a') && (buf[j] <= 'f')) ||
 				((buf[j] >= 'A') && (buf[j] <= 'F'))))
+#else
+			/* This #ifdef is not strictly necessary, since
+			 * the characters A...F a...f 0...9 are contiguous
+			 * (yes, even in EBCDIC - but not the whole alphabet).
+			 * Nevertheless, isxdigit() is faster.
+			 */
+			if (!isxdigit(buf[j]))
+#endif
 				{
 				i=j;
 				break;
@@ -157,15 +166,14 @@ int size;
 		if (num+i > slen)
 			{
 			if (s == NULL)
-				sp=(unsigned char *)Malloc(
+				sp=(unsigned char *)OPENSSL_malloc(
 					(unsigned int)num+i*2);
 			else
-				sp=(unsigned char *)Realloc(s,
-					(unsigned int)num+i*2);
+				sp=OPENSSL_realloc_clean(s,slen,num+i*2);
 			if (sp == NULL)
 				{
 				ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
-				if (s != NULL) Free((char *)s);
+				if (s != NULL) OPENSSL_free(s);
 				goto err;
 				}
 			s=sp;
diff --git a/crypto/asn1/f_string.c b/crypto/asn1/f_string.c
index ab2837824e..968698a798 100644
--- a/crypto/asn1/f_string.c
+++ b/crypto/asn1/f_string.c
@@ -58,16 +58,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "x509.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
 
-int i2a_ASN1_STRING(bp, a, type)
-BIO *bp;
-ASN1_STRING *a;
-int type;
+int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type)
 	{
 	int i,n=0;
-	static char *h="0123456789ABCDEF";
+	static const char *h="0123456789ABCDEF";
 	char buf[2];
 
 	if (a == NULL) return(0);
@@ -97,11 +94,7 @@ err:
 	return(-1);
 	}
 
-int a2i_ASN1_STRING(bp,bs,buf,size)
-BIO *bp;
-ASN1_STRING *bs;
-char *buf;
-int size;
+int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
 	{
 	int ret=0;
 	int i,j,k,m,n,again,bufsize;
@@ -130,9 +123,18 @@ int size;
 
 		for (j=i-1; j>0; j--)
 			{
+#ifndef CHARSET_EBCDIC
 			if (!(	((buf[j] >= '0') && (buf[j] <= '9')) ||
 				((buf[j] >= 'a') && (buf[j] <= 'f')) ||
 				((buf[j] >= 'A') && (buf[j] <= 'F'))))
+#else
+			/* This #ifdef is not strictly necessary, since
+			 * the characters A...F a...f 0...9 are contiguous
+			 * (yes, even in EBCDIC - but not the whole alphabet).
+			 * Nevertheless, isxdigit() is faster.
+			 */
+			if (!isxdigit(buf[j]))
+#endif
 				{
 				i=j;
 				break;
@@ -156,15 +158,15 @@ int size;
 		if (num+i > slen)
 			{
 			if (s == NULL)
-				sp=(unsigned char *)Malloc(
+				sp=(unsigned char *)OPENSSL_malloc(
 					(unsigned int)num+i*2);
 			else
-				sp=(unsigned char *)Realloc(s,
+				sp=(unsigned char *)OPENSSL_realloc(s,
 					(unsigned int)num+i*2);
 			if (sp == NULL)
 				{
 				ASN1err(ASN1_F_A2I_ASN1_STRING,ERR_R_MALLOC_FAILURE);
-				if (s != NULL) Free((char *)s);
+				if (s != NULL) OPENSSL_free(s);
 				goto err;
 				}
 			s=sp;
diff --git a/crypto/asn1/i2d_dhp.c b/crypto/asn1/i2d_dhp.c
deleted file mode 100644
index a1afa46c86..0000000000
--- a/crypto/asn1/i2d_dhp.c
+++ /dev/null
@@ -1,128 +0,0 @@
-/* crypto/asn1/i2d_dhp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn.h"
-#include "asn1_mac.h"
-#include "dh.h"
-
-/*
- * ASN1err(ASN1_F_D2I_DHPARAMS,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_DHPARAMS_NEW,ERR_R_ASN1_LENGTH_MISMATCH);
- */
-
-int i2d_DHparams(a,pp)
-DH *a;
-unsigned char **pp;
-	{
-	BIGNUM *num[3];
-	ASN1_INTEGER bs;
-	unsigned int j,i,tot=0,len,max=0;
-	int t,ret= -1;
-	unsigned char *p;
-
-	if (a == NULL) return(0);
-	num[0]=a->p;
-	num[1]=a->g;
-	if (a->length != 0)
-		{
-		if ((num[2]=BN_new()) == NULL) goto err;
-		if (!BN_set_word(num[2],a->length)) goto err;
-		}
-	else	
-		num[2]=NULL;
-
-	for (i=0; i<3; i++)
-		{
-		if (num[i] == NULL) continue;
-		j=BN_num_bits(num[i]);
-		len=((j == 0)?0:((j/8)+1));
-		if (len > max) max=len;
-		len=ASN1_object_size(0,len,
-			(num[i]->neg)?V_ASN1_NEG_INTEGER:V_ASN1_INTEGER);
-		tot+=len;
-		}
-
-	t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
-	if (pp == NULL) return(t);
-
-	p= *pp;
-	ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-
-	bs.type=V_ASN1_INTEGER;
-	bs.data=(unsigned char *)Malloc(max+4);
-	if (bs.data == NULL)
-		{
-		ASN1err(ASN1_F_I2D_DHPARAMS,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	for (i=0; i<3; i++)
-		{
-		if (num[i] == NULL) continue;
-		bs.length=BN_bn2bin(num[i],bs.data);
-		i2d_ASN1_INTEGER(&bs,&p);
-		}
-	Free((char *)bs.data);
-	ret=t;
-err:
-	if (num[2] != NULL) BN_free(num[2]);
-	*pp=p;
-	return(ret);
-	}
diff --git a/crypto/asn1/i2d_dsap.c b/crypto/asn1/i2d_dsap.c
deleted file mode 100644
index 0b7d5543f3..0000000000
--- a/crypto/asn1/i2d_dsap.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/* crypto/asn1/i2d_dsap.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn.h"
-#include "asn1_mac.h"
-#include "dsa.h"
-
-/*
- * ASN1err(ASN1_F_D2I_DSAPARAMS,ERR_R_ASN1_LENGTH_MISMATCH);
- */
-
-int i2d_DSAparams(a,pp)
-DSA *a;
-unsigned char **pp;
-	{
-	BIGNUM *num[3];
-	ASN1_INTEGER bs;
-	unsigned int j,i,tot=0,len,max=0;
-	int t,ret= -1;
-	unsigned char *p;
-
-	if (a == NULL) return(0);
-	num[0]=a->p;
-	num[1]=a->q;
-	num[2]=a->g;
-
-	for (i=0; i<3; i++)
-		{
-		if (num[i] == NULL) continue;
-		j=BN_num_bits(num[i]);
-		len=((j == 0)?0:((j/8)+1));
-		if (len > max) max=len;
-		len=ASN1_object_size(0,len,
-			(num[i]->neg)?V_ASN1_NEG_INTEGER:V_ASN1_INTEGER);
-		tot+=len;
-		}
-
-	t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
-	if (pp == NULL) return(t);
-
-	p= *pp;
-	ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-
-	bs.type=V_ASN1_INTEGER;
-	bs.data=(unsigned char *)Malloc(max+4);
-	if (bs.data == NULL)
-		{
-		ASN1err(ASN1_F_I2D_DSAPARAMS,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	for (i=0; i<3; i++)
-		{
-		if (num[i] == NULL) continue;
-		bs.length=BN_bn2bin(num[i],bs.data);
-		i2d_ASN1_INTEGER(&bs,&p);
-		}
-	Free((char *)bs.data);
-	ret=t;
-err:
-	*pp=p;
-	return(ret);
-	}
-
diff --git a/crypto/asn1/i2d_pr.c b/crypto/asn1/i2d_pr.c
index b6b821d73c..bbf2a0d2d6 100644
--- a/crypto/asn1/i2d_pr.c
+++ b/crypto/asn1/i2d_pr.c
@@ -58,27 +58,40 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#endif
 
-int i2d_PrivateKey(a,pp)
-EVP_PKEY *a;
-unsigned char **pp;
+int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
 	{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (a->type == EVP_PKEY_RSA)
 		{
 		return(i2d_RSAPrivateKey(a->pkey.rsa,pp));
 		}
 	else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	if (a->type == EVP_PKEY_DSA)
 		{
 		return(i2d_DSAPrivateKey(a->pkey.dsa,pp));
 		}
 #endif
+#ifndef OPENSSL_NO_EC
+	if (a->type == EVP_PKEY_EC)
+		{
+		return(i2d_ECPrivateKey(a->pkey.eckey, pp));
+		}
+#endif
 
 	ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
 	return(-1);
diff --git a/crypto/asn1/i2d_pu.c b/crypto/asn1/i2d_pu.c
index 1b854252b7..85220b44d6 100644
--- a/crypto/asn1/i2d_pu.c
+++ b/crypto/asn1/i2d_pu.c
@@ -58,24 +58,35 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#endif
 
-int i2d_PublicKey(a,pp)
-EVP_PKEY *a;
-unsigned char **pp;
+int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
 	{
 	switch (a->type)
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	case EVP_PKEY_RSA:
 		return(i2d_RSAPublicKey(a->pkey.rsa,pp));
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	case EVP_PKEY_DSA:
 		return(i2d_DSAPublicKey(a->pkey.dsa,pp));
 #endif
+#ifndef OPENSSL_NO_EC
+	case EVP_PKEY_EC:
+		return(ECPublicKey_get_octet_string(a->pkey.eckey, pp));
+#endif
 	default:
 		ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
 		return(-1);
diff --git a/crypto/asn1/i2d_r_pr.c b/crypto/asn1/i2d_r_pr.c
deleted file mode 100644
index 78312dbf2f..0000000000
--- a/crypto/asn1/i2d_r_pr.c
+++ /dev/null
@@ -1,132 +0,0 @@
-/* crypto/asn1/i2d_r_pr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "objects.h"
-#include "asn1_mac.h"
-
-/*
- * ASN1err(ASN1_F_D2I_RSAPRIVATEKEY,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_I2D_RSAPRIVATEKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- */
-
-int i2d_RSAPrivateKey(a,pp)
-RSA *a;
-unsigned char **pp;
-	{
-	BIGNUM *num[9];
-	unsigned char data[1];
-	ASN1_INTEGER bs;
-	unsigned int j,i,tot,t,len,max=0;
-	unsigned char *p;
-
-	if (a == NULL) return(0);
-
-	num[1]=a->n;
-	num[2]=a->e;
-	num[3]=a->d;
-	num[4]=a->p;
-	num[5]=a->q;
-	num[6]=a->dmp1;
-	num[7]=a->dmq1;
-	num[8]=a->iqmp;
-
-	bs.length=1;
-	bs.data=data;
-	bs.type=V_ASN1_INTEGER;
-	data[0]=a->version&0x7f;
-
-	tot=i2d_ASN1_INTEGER(&(bs),NULL);
-	for (i=1; i<9; i++)
-		{
-		j=BN_num_bits(num[i]);
-		len=((j == 0)?0:((j/8)+1));
-		if (len > max) max=len;
-		len=ASN1_object_size(0,len,
-			(num[i]->neg)?V_ASN1_NEG_INTEGER:V_ASN1_INTEGER);
-		tot+=len;
-		}
-
-	t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
-	if (pp == NULL) return(t);
-
-	p= *pp;
-	ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-
-	i2d_ASN1_INTEGER(&bs,&p);
-
-	bs.data=(unsigned char *)Malloc(max+4);
-	if (bs.data == NULL)
-		{
-		ASN1err(ASN1_F_I2D_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
-		return(-1);
-		}
-
-	for (i=1; i<9; i++)
-		{
-		bs.length=BN_bn2bin(num[i],bs.data);
-		i2d_ASN1_INTEGER(&bs,&p);
-		}
-	Free((char *)bs.data);
-	*pp=p;
-	return(t);
-	}
-
diff --git a/crypto/asn1/i2d_r_pu.c b/crypto/asn1/i2d_r_pu.c
deleted file mode 100644
index 4bcebaa1ba..0000000000
--- a/crypto/asn1/i2d_r_pu.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/* crypto/asn1/i2d_r_pu.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "objects.h"
-#include "asn1_mac.h"
-
-/*
- * ASN1err(ASN1_F_D2I_RSAPUBLICKEY,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_I2D_RSAPUBLICKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- */
-
-int i2d_RSAPublicKey(a,pp)
-RSA *a;
-unsigned char **pp;
-	{
-	BIGNUM *num[2];
-	ASN1_INTEGER bs;
-	unsigned int j,i,tot=0,len,max=0,t;
-	unsigned char *p;
-
-	if (a == NULL) return(0);
-
-	num[0]=a->n;
-	num[1]=a->e;
-
-	for (i=0; i<2; i++)
-		{
-		j=BN_num_bits(num[i]);
-		len=((j == 0)?0:((j/8)+1));
-		if (len > max) max=len;
-		len=ASN1_object_size(0,len,
-			(num[i]->neg)?V_ASN1_NEG_INTEGER:V_ASN1_INTEGER);
-		tot+=len;
-		}
-
-	t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
-	if (pp == NULL) return(t);
-
-	p= *pp;
-	ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-
-	bs.type=V_ASN1_INTEGER;
-	bs.data=(unsigned char *)Malloc(max+4);
-	if (bs.data == NULL)
-		{
-		ASN1err(ASN1_F_I2D_RSAPUBLICKEY,ERR_R_MALLOC_FAILURE);
-		return(-1);
-		}
-
-	for (i=0; i<2; i++)
-		{
-		bs.length=BN_bn2bin(num[i],bs.data);
-		i2d_ASN1_INTEGER(&bs,&p);
-		}
-	Free((char *)bs.data);
-	*pp=p;
-	return(t);
-	}
-
diff --git a/crypto/asn1/i2d_s_pr.c b/crypto/asn1/i2d_s_pr.c
deleted file mode 100644
index 6e95305548..0000000000
--- a/crypto/asn1/i2d_s_pr.c
+++ /dev/null
@@ -1,128 +0,0 @@
-/* crypto/asn1/i2d_s_pr.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn.h"
-#include "dsa.h"
-#include "objects.h"
-#include "asn1_mac.h"
-
-/*
- * ASN1err(ASN1_F_I2D_DSAPRIVATEKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- */
-
-int i2d_DSAPrivateKey(a,pp)
-DSA *a;
-unsigned char **pp;
-	{
-	BIGNUM *num[6];
-	unsigned char data[1];
-	ASN1_INTEGER bs;
-	unsigned int j,i,tot,t,len,max=0;
-	unsigned char *p;
-
-	if (a == NULL) return(0);
-
-	num[1]=a->p;
-	num[2]=a->q;
-	num[3]=a->g;
-	num[4]=a->pub_key;
-	num[5]=a->priv_key;
-
-	bs.length=1;
-	bs.data=data;
-	bs.type=V_ASN1_INTEGER;
-	data[0]=a->version&0x7f;
-
-	tot=i2d_ASN1_INTEGER(&(bs),NULL);
-	for (i=1; i<6; i++)
-		{
-		j=BN_num_bits(num[i]);
-		len=((j == 0)?0:((j/8)+1));
-		if (len > max) max=len;
-		len=ASN1_object_size(0,len,
-			(num[i]->neg)?V_ASN1_NEG_INTEGER:V_ASN1_INTEGER);
-		tot+=len;
-		}
-
-	t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
-	if (pp == NULL) return(t);
-
-	p= *pp;
-	ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-
-	i2d_ASN1_INTEGER(&bs,&p);
-
-	bs.data=(unsigned char *)Malloc(max+4);
-	if (bs.data == NULL)
-		{
-		ASN1err(ASN1_F_I2D_DSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
-		return(-1);
-		}
-
-	for (i=1; i<6; i++)
-		{
-		bs.length=BN_bn2bin(num[i],bs.data);
-		i2d_ASN1_INTEGER(&bs,&p);
-		}
-	Free((char *)bs.data);
-	*pp=p;
-	return(t);
-	}
-
diff --git a/crypto/asn1/i2d_s_pu.c b/crypto/asn1/i2d_s_pu.c
deleted file mode 100644
index 5cf2877069..0000000000
--- a/crypto/asn1/i2d_s_pu.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/* crypto/asn1/i2d_s_pu.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn.h"
-#include "dsa.h"
-#include "objects.h"
-#include "asn1_mac.h"
-
-/*
- * ASN1err(ASN1_F_I2D_DSAPUBLICKEY,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- */
-
-int i2d_DSAPublicKey(a,pp)
-DSA *a;
-unsigned char **pp;
-	{
-	BIGNUM *num[4];
-	ASN1_INTEGER bs;
-	unsigned int j,i,tot=0,len,max=0,t=0,all,n=1;
-	unsigned char *p;
-
-	if (a == NULL) return(0);
-
-	all=a->write_params;
-
-	num[0]=a->pub_key;
-	if (all)
-		{
-		num[1]=a->p;
-		num[2]=a->q;
-		num[3]=a->g;
-		n=4;
-		}
-
-	for (i=0; i<n; i++)
-		{
-		j=BN_num_bits(num[i]);
-		len=((j == 0)?0:((j/8)+1));
-		if (len > max) max=len;
-		len=ASN1_object_size(0,len,
-			(num[i]->neg)?V_ASN1_NEG_INTEGER:V_ASN1_INTEGER);
-		tot+=len;
-		}
-
-	if (all)
-		{
-		t=ASN1_object_size(1,tot,V_ASN1_SEQUENCE);
-		if (pp == NULL) return(t);
-		}
-	else
-		{
-		if (pp == NULL) return(tot);
-		}
-
-	p= *pp;
-	if (all)
-		ASN1_put_object(&p,1,tot,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-
-	bs.type=V_ASN1_INTEGER;
-	bs.data=(unsigned char *)Malloc(max+4);
-	if (bs.data == NULL)
-		{
-		ASN1err(ASN1_F_I2D_DSAPUBLICKEY,ERR_R_MALLOC_FAILURE);
-		return(-1);
-		}
-
-	for (i=0; i<n; i++)
-		{
-		bs.length=BN_bn2bin(num[i],bs.data);
-		i2d_ASN1_INTEGER(&bs,&p);
-		}
-	Free((char *)bs.data);
-	*pp=p;
-	return(t);
-	}
-
diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c
index 9649847866..766b51c538 100644
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -56,118 +56,138 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "rsa.h"
-#include "objects.h"
-#include "asn1_mac.h"
-#include "evp.h"
-#include "x509.h"
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/asn1t.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
 
 
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 
 typedef struct netscape_pkey_st
 	{
-	ASN1_INTEGER *version;
+	long version;
 	X509_ALGOR *algor;
 	ASN1_OCTET_STRING *private_key;
 	} NETSCAPE_PKEY;
 
-/*
- * ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR);
- * ASN1err(ASN1_F_D2I_NETSCAPE_PKEY,ASN1_R_DECODING_ERROR);
- * ASN1err(ASN1_F_NETSCAPE_PKEY_NEW,ASN1_R_DECODING_ERROR);
- */
-#ifndef NOPROTO
-static int i2d_NETSCAPE_PKEY(NETSCAPE_PKEY *a, unsigned char **pp);
-static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a,unsigned char **pp, long length);
-static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void);
-static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *);
-#else
-static int i2d_NETSCAPE_PKEY();
-static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY();
-static NETSCAPE_PKEY *NETSCAPE_PKEY_new();
-static void NETSCAPE_PKEY_free();
-#endif
-
-int i2d_Netscape_RSA(a,pp,cb)
-RSA *a;
-unsigned char **pp;
-int (*cb)();
+typedef struct netscape_encrypted_pkey_st
+	{
+	ASN1_OCTET_STRING *os;
+	/* This is the same structure as DigestInfo so use it:
+	 * although this isn't really anything to do with
+	 * digests.
+	 */
+	X509_SIG *enckey;
+	} NETSCAPE_ENCRYPTED_PKEY;
+
+
+ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
+	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
+} ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
+
+ASN1_SEQUENCE(NETSCAPE_PKEY) = {
+	ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
+	ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
+	ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_PKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+
+static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
+	     int (*cb)(), int sgckey);
+
+int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)())
+{
+	return i2d_RSA_NET(a, pp, cb, 0);
+}
+
+int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey)
 	{
-	int i,j,l[6];
-	NETSCAPE_PKEY *pkey;
+	int i, j, ret = 0;
+	int rsalen, pkeylen, olen;
+	NETSCAPE_PKEY *pkey = NULL;
+	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
 	unsigned char buf[256],*zz;
 	unsigned char key[EVP_MAX_KEY_LENGTH];
 	EVP_CIPHER_CTX ctx;
-	X509_ALGOR *alg=NULL;
-	ASN1_OCTET_STRING os,os2;
-	M_ASN1_I2D_vars(a);
 
 	if (a == NULL) return(0);
 
-#ifdef WIN32
-	r=r; /* shut the damn compiler up :-) */
-#endif
-
-	os.data=os2.data=NULL;
 	if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
-	if (!ASN1_INTEGER_set(pkey->version,0)) goto err;
+	if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;
+	pkey->version = 0;
 
-	if (pkey->algor->algorithm != NULL)
-		ASN1_OBJECT_free(pkey->algor->algorithm);
 	pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
 	if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
 	pkey->algor->parameter->type=V_ASN1_NULL;
 
-	l[0]=i2d_RSAPrivateKey(a,NULL);
-	pkey->private_key->length=l[0];
+	rsalen = i2d_RSAPrivateKey(a, NULL);
 
-	os2.length=i2d_NETSCAPE_PKEY(pkey,NULL);
-	l[1]=i2d_ASN1_OCTET_STRING(&os2,NULL);
+	/* Fake some octet strings just for the initial length
+	 * calculation.
+ 	 */
 
-	if ((alg=X509_ALGOR_new()) == NULL) goto err;
-	if (alg->algorithm != NULL)
-		ASN1_OBJECT_free(alg->algorithm);
-	alg->algorithm=OBJ_nid2obj(NID_rc4);
-	if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
-	alg->parameter->type=V_ASN1_NULL;
+	pkey->private_key->length=rsalen;
 
-	l[2]=i2d_X509_ALGOR(alg,NULL);
-	l[3]=ASN1_object_size(1,l[2]+l[1],V_ASN1_SEQUENCE);
+	pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
 
-	os.data=(unsigned char *)"private-key";
-	os.length=11;
-	l[4]=i2d_ASN1_OCTET_STRING(&os,NULL);
+	enckey->enckey->digest->length = pkeylen;
 
-	l[5]=ASN1_object_size(1,l[4]+l[3],V_ASN1_SEQUENCE);
+	enckey->os->length = 11;	/* "private-key" */
+
+	enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);
+	if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
+	enckey->enckey->algor->parameter->type=V_ASN1_NULL;
 
 	if (pp == NULL)
 		{
-		if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
-		if (alg != NULL) X509_ALGOR_free(alg);
-		return(l[5]);
+		olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
+		NETSCAPE_PKEY_free(pkey);
+		NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+		return olen;
 		}
 
-	if (pkey->private_key->data != NULL)
-		Free((char *)pkey->private_key->data);
-	if ((pkey->private_key->data=(unsigned char *)Malloc(l[0])) == NULL)
+
+	/* Since its RC4 encrypted length is actual length */
+	if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL)
 		{
 		ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
-	zz=pkey->private_key->data;
+
+	pkey->private_key->data = zz;
+	/* Write out private key encoding */
 	i2d_RSAPrivateKey(a,&zz);
 
-	if ((os2.data=(unsigned char *)Malloc(os2.length)) == NULL)
+	if ((zz=OPENSSL_malloc(pkeylen)) == NULL)
+		{
+		ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	if (!ASN1_STRING_set(enckey->os, "private-key", -1)) 
 		{
 		ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
-	zz=os2.data;
+	enckey->enckey->digest->data = zz;
 	i2d_NETSCAPE_PKEY(pkey,&zz);
+
+	/* Wipe the private key encoding */
+	OPENSSL_cleanse(pkey->private_key->data, rsalen);
 		
 	if (cb == NULL)
 		cb=EVP_read_pw_string;
@@ -177,92 +197,88 @@ int (*cb)();
 		ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ASN1_R_BAD_PASSWORD_READ);
 		goto err;
 		}
-	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,
-		strlen((char *)buf),1,key,NULL);
-	memset(buf,0,256);
+	i = strlen((char *)buf);
+	/* If the key is used for SGC the algorithm is modified a little. */
+	if(sgckey) {
+		EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
+		memcpy(buf + 16, "SGCKEYSALT", 10);
+		i = 26;
+	}
 
+	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+	OPENSSL_cleanse(buf,256);
+
+	/* Encrypt private key in place */
+	zz = enckey->enckey->digest->data;
 	EVP_CIPHER_CTX_init(&ctx);
-	EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
-	EVP_EncryptUpdate(&ctx,os2.data,&i,os2.data,os2.length);
-	EVP_EncryptFinal(&ctx,&(os2.data[i]),&j);
+	EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
+	EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
+	EVP_EncryptFinal_ex(&ctx,zz + i,&j);
 	EVP_CIPHER_CTX_cleanup(&ctx);
 
-	p= *pp;
-	ASN1_put_object(&p,1,l[4]+l[3],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-	i2d_ASN1_OCTET_STRING(&os,&p);
-	ASN1_put_object(&p,1,l[2]+l[1],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-	i2d_X509_ALGOR(alg,&p);
-	i2d_ASN1_OCTET_STRING(&os2,&p);
-	ret=l[5];
+	ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
 err:
-	if (os2.data != NULL) Free((char *)os2.data);
-	if (alg != NULL) X509_ALGOR_free(alg);
-	if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
-	r=r;
+	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+	NETSCAPE_PKEY_free(pkey);
 	return(ret);
 	}
 
-RSA *d2i_Netscape_RSA(a,pp,length,cb)
-RSA **a;
-unsigned char **pp;
-long length;
-int (*cb)();
+
+RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)())
+{
+	return d2i_RSA_NET(a, pp, length, cb, 0);
+}
+
+RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey)
 	{
 	RSA *ret=NULL;
-	ASN1_OCTET_STRING *os=NULL;
-	ASN1_CTX c;
+	const unsigned char *p, *kp;
+	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
+
+	p = *pp;
 
-	c.pp=pp;
-	c.error=ASN1_R_DECODING_ERROR;
+	enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
+	if(!enckey) {
+		ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR);
+		return NULL;
+	}
 
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING);
-	if ((os->length != 11) || (strncmp("private-key",
-		(char *)os->data,os->length) != 0))
+	if ((enckey->os->length != 11) || (strncmp("private-key",
+		(char *)enckey->os->data,11) != 0))
 		{
 		ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
-		ASN1_BIT_STRING_free(os);
-		goto err;
+		NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+		return NULL;
 		}
-	ASN1_BIT_STRING_free(os);
-	c.q=c.p;
-	if ((ret=d2i_Netscape_RSA_2(a,&c.p,c.slen,cb)) == NULL) goto err;
-	c.slen-=(c.p-c.q);
+	if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4)
+		{
+		ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
+		goto err;
+	}
+	kp = enckey->enckey->digest->data;
+	if (cb == NULL)
+		cb=EVP_read_pw_string;
+	if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
+
+	*pp = p;
+
+	err:
+	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+	return ret;
 
-	M_ASN1_D2I_Finish(a,RSA_free,ASN1_F_D2I_NETSCAPE_RSA);
 	}
 
-RSA *d2i_Netscape_RSA_2(a,pp,length,cb)
-RSA **a;
-unsigned char **pp;
-long length;
-int (*cb)();
+static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
+	     int (*cb)(), int sgckey)
 	{
 	NETSCAPE_PKEY *pkey=NULL;
 	RSA *ret=NULL;
 	int i,j;
-	unsigned char buf[256],*zz;
+	unsigned char buf[256];
+	const unsigned char *zz;
 	unsigned char key[EVP_MAX_KEY_LENGTH];
 	EVP_CIPHER_CTX ctx;
-	X509_ALGOR *alg=NULL;
-	ASN1_OCTET_STRING *os=NULL;
-	ASN1_CTX c;
 
-	c.error=ERR_R_NESTED_ASN1_ERROR;
-	c.pp=pp;
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(alg,d2i_X509_ALGOR);
-	if (OBJ_obj2nid(alg->algorithm) != NID_rc4)
-		{
-		ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
-		goto err;
-		}
-	M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING);
-	if (cb == NULL)
-		cb=EVP_read_pw_string;
 	i=cb(buf,256,"Enter Private Key password:",0);
 	if (i != 0)
 		{
@@ -270,14 +286,20 @@ int (*cb)();
 		goto err;
 		}
 
-	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,
-		strlen((char *)buf),1,key,NULL);
-	memset(buf,0,256);
+	i = strlen((char *)buf);
+	if(sgckey){
+		EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
+		memcpy(buf + 16, "SGCKEYSALT", 10);
+		i = 26;
+	}
+		
+	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+	OPENSSL_cleanse(buf,256);
 
 	EVP_CIPHER_CTX_init(&ctx);
-	EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
+	EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
 	EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
-	EVP_DecryptFinal(&ctx,&(os->data[i]),&j);
+	EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
 	EVP_CIPHER_CTX_cleanup(&ctx);
 	os->length=i+j;
 
@@ -295,72 +317,17 @@ int (*cb)();
 		ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
 		goto err;
 		}
-	if (!asn1_Finish(&c)) goto err;
-	*pp=c.p;
 err:
-	if (pkey != NULL) NETSCAPE_PKEY_free(pkey);
-	if (os != NULL) ASN1_BIT_STRING_free(os);
-	if (alg != NULL) X509_ALGOR_free(alg);
+	NETSCAPE_PKEY_free(pkey);
 	return(ret);
 	}
 
-static int i2d_NETSCAPE_PKEY(a,pp)
-NETSCAPE_PKEY *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
+#endif /* OPENSSL_NO_RC4 */
 
+#else /* !OPENSSL_NO_RSA */
 
-	M_ASN1_I2D_len(a->version,	i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len(a->algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->private_key,	i2d_ASN1_OCTET_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->version,	i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put(a->algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->private_key,	i2d_ASN1_OCTET_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(a,pp,length)
-NETSCAPE_PKEY **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,NETSCAPE_PKEY *,NETSCAPE_PKEY_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->private_key,d2i_ASN1_OCTET_STRING);
-	M_ASN1_D2I_Finish(a,NETSCAPE_PKEY_free,ASN1_F_D2I_NETSCAPE_PKEY);
-	}
-
-static NETSCAPE_PKEY *NETSCAPE_PKEY_new()
-	{
-	NETSCAPE_PKEY *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,NETSCAPE_PKEY);
-	M_ASN1_New(ret->version,ASN1_INTEGER_new);
-	M_ASN1_New(ret->algor,X509_ALGOR_new);
-	M_ASN1_New(ret->private_key,ASN1_OCTET_STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_NETSCAPE_PKEY_NEW);
-	}
-
-static void NETSCAPE_PKEY_free(a)
-NETSCAPE_PKEY *a;
-	{
-	if (a == NULL) return;
-	ASN1_INTEGER_free(a->version);
-	X509_ALGOR_free(a->algor);
-	ASN1_OCTET_STRING_free(a->private_key);
-	Free((char *)a);
-	}
-
-#endif /* NO_RC4 */
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
 
+#endif
diff --git a/crypto/asn1/nsseq.c b/crypto/asn1/nsseq.c
new file mode 100644
index 0000000000..50e2d4d07a
--- /dev/null
+++ b/crypto/asn1/nsseq.c
@@ -0,0 +1,82 @@
+/* nsseq.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+
+static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	if(operation == ASN1_OP_NEW_POST) {
+		NETSCAPE_CERT_SEQUENCE *nsseq;
+		nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval;
+		nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence);
+	}
+	return 1;
+}
+
+/* Netscape certificate sequence structure */
+
+ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = {
+	ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT),
+	ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0)
+} ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c
new file mode 100644
index 0000000000..891150638e
--- /dev/null
+++ b/crypto/asn1/p5_pbe.c
@@ -0,0 +1,122 @@
+/* p5_pbe.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+/* PKCS#5 password based encryption structure */
+
+ASN1_SEQUENCE(PBEPARAM) = {
+	ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PBEPARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
+
+/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
+
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
+	     int saltlen)
+{
+	PBEPARAM *pbe;
+	ASN1_OBJECT *al;
+	X509_ALGOR *algor;
+	ASN1_TYPE *astype;
+
+	if (!(pbe = PBEPARAM_new ())) {
+		ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
+	ASN1_INTEGER_set (pbe->iter, iter);
+	if (!saltlen) saltlen = PKCS5_SALT_LEN;
+	if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) {
+		ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	pbe->salt->length = saltlen;
+	if (salt) memcpy (pbe->salt->data, salt, saltlen);
+	else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0)
+		return NULL;
+
+	if (!(astype = ASN1_TYPE_new())) {
+		ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	astype->type = V_ASN1_SEQUENCE;
+	if(!ASN1_pack_string(pbe, i2d_PBEPARAM, &astype->value.sequence)) {
+		ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	PBEPARAM_free (pbe);
+	
+	al = OBJ_nid2obj(alg); /* never need to free al */
+	if (!(algor = X509_ALGOR_new())) {
+		ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	ASN1_OBJECT_free(algor->algorithm);
+	algor->algorithm = al;
+	algor->parameter = astype;
+
+	return (algor);
+}
diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
new file mode 100644
index 0000000000..91e1c8987d
--- /dev/null
+++ b/crypto/asn1/p5_pbev2.c
@@ -0,0 +1,203 @@
+/* p5_pbev2.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+/* PKCS#5 v2.0 password based encryption structures */
+
+ASN1_SEQUENCE(PBE2PARAM) = {
+	ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),
+	ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBE2PARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM)
+
+ASN1_SEQUENCE(PBKDF2PARAM) = {
+	ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY),
+	ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),
+	ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),
+	ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBKDF2PARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
+
+/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
+ * yes I know this is horrible!
+ */
+
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+				 unsigned char *salt, int saltlen)
+{
+	X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
+	int alg_nid;
+	EVP_CIPHER_CTX ctx;
+	unsigned char iv[EVP_MAX_IV_LENGTH];
+	PBKDF2PARAM *kdf = NULL;
+	PBE2PARAM *pbe2 = NULL;
+	ASN1_OCTET_STRING *osalt = NULL;
+	ASN1_OBJECT *obj;
+
+	alg_nid = EVP_CIPHER_type(cipher);
+	if(alg_nid == NID_undef) {
+		ASN1err(ASN1_F_PKCS5_PBE2_SET,
+				ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+		goto err;
+	}
+	obj = OBJ_nid2obj(alg_nid);
+
+	if(!(pbe2 = PBE2PARAM_new())) goto merr;
+
+	/* Setup the AlgorithmIdentifier for the encryption scheme */
+	scheme = pbe2->encryption;
+
+	scheme->algorithm = obj;
+	if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
+
+	/* Create random IV */
+	if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+		goto err;
+
+	EVP_CIPHER_CTX_init(&ctx);
+
+	/* Dummy cipherinit to just setup the IV */
+	EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
+	if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
+		ASN1err(ASN1_F_PKCS5_PBE2_SET,
+					ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
+		goto err;
+	}
+	EVP_CIPHER_CTX_cleanup(&ctx);
+
+	if(!(kdf = PBKDF2PARAM_new())) goto merr;
+	if(!(osalt = M_ASN1_OCTET_STRING_new())) goto merr;
+
+	if (!saltlen) saltlen = PKCS5_SALT_LEN;
+	if (!(osalt->data = OPENSSL_malloc (saltlen))) goto merr;
+	osalt->length = saltlen;
+	if (salt) memcpy (osalt->data, salt, saltlen);
+	else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr;
+
+	if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
+	if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;
+
+	/* Now include salt in kdf structure */
+	kdf->salt->value.octet_string = osalt;
+	kdf->salt->type = V_ASN1_OCTET_STRING;
+	osalt = NULL;
+
+	/* If its RC2 then we'd better setup the key length */
+
+	if(alg_nid == NID_rc2_cbc) {
+		if(!(kdf->keylength = M_ASN1_INTEGER_new())) goto merr;
+		if(!ASN1_INTEGER_set (kdf->keylength,
+				 EVP_CIPHER_key_length(cipher))) goto merr;
+	}
+
+	/* prf can stay NULL because we are using hmacWithSHA1 */
+
+	/* Now setup the PBE2PARAM keyfunc structure */
+
+	pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
+
+	/* Encode PBKDF2PARAM into parameter of pbe2 */
+
+	if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr;
+
+	if(!ASN1_pack_string(kdf, i2d_PBKDF2PARAM,
+			 &pbe2->keyfunc->parameter->value.sequence)) goto merr;
+	pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
+
+	PBKDF2PARAM_free(kdf);
+	kdf = NULL;
+
+	/* Now set up top level AlgorithmIdentifier */
+
+	if(!(ret = X509_ALGOR_new())) goto merr;
+	if(!(ret->parameter = ASN1_TYPE_new())) goto merr;
+
+	ret->algorithm = OBJ_nid2obj(NID_pbes2);
+
+	/* Encode PBE2PARAM into parameter */
+
+	if(!ASN1_pack_string(pbe2, i2d_PBE2PARAM,
+				 &ret->parameter->value.sequence)) goto merr;
+	ret->parameter->type = V_ASN1_SEQUENCE;
+
+	PBE2PARAM_free(pbe2);
+	pbe2 = NULL;
+
+	return ret;
+
+	merr:
+	ASN1err(ASN1_F_PKCS5_PBE2_SET,ERR_R_MALLOC_FAILURE);
+
+	err:
+	PBE2PARAM_free(pbe2);
+	/* Note 'scheme' is freed as part of pbe2 */
+	M_ASN1_OCTET_STRING_free(osalt);
+	PBKDF2PARAM_free(kdf);
+	X509_ALGOR_free(kalg);
+	X509_ALGOR_free(ret);
+
+	return NULL;
+
+}
diff --git a/crypto/asn1/p7_dgst.c b/crypto/asn1/p7_dgst.c
deleted file mode 100644
index bf7b8e2f43..0000000000
--- a/crypto/asn1/p7_dgst.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/* crypto/asn1/p7_dgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
-
-/*
- * ASN1err(ASN1_F_PKCS7_DIGEST_NEW,ERR_R_MISSING_ASN1_EOS);
- * ASN1err(ASN1_F_D2I_PKCS7_DIGEST,ERR_R_ASN1_LENGTH_MISMATCH);
- */
-
-int i2d_PKCS7_DIGEST(a,pp)
-PKCS7_DIGEST *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len(a->md,i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->contents,i2d_PKCS7);
-	M_ASN1_I2D_len(a->digest,i2d_ASN1_OCTET_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put(a->md,i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->contents,i2d_PKCS7);
-	M_ASN1_I2D_put(a->digest,i2d_ASN1_OCTET_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-PKCS7_DIGEST *d2i_PKCS7_DIGEST(a,pp,length)
-PKCS7_DIGEST **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,PKCS7_DIGEST *,PKCS7_DIGEST_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get(ret->md,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->contents,d2i_PKCS7);
-	M_ASN1_D2I_get(ret->digest,d2i_ASN1_OCTET_STRING);
-
-	M_ASN1_D2I_Finish(a,PKCS7_DIGEST_free,ASN1_F_D2I_PKCS7_DIGEST);
-	}
-
-PKCS7_DIGEST *PKCS7_DIGEST_new()
-	{
-	PKCS7_DIGEST *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,PKCS7_DIGEST);
-	M_ASN1_New(ret->version,ASN1_INTEGER_new);
-	M_ASN1_New(ret->md,X509_ALGOR_new);
-	M_ASN1_New(ret->contents,PKCS7_new);
-	M_ASN1_New(ret->digest,ASN1_OCTET_STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_PKCS7_DIGEST_NEW);
-	}
-
-void PKCS7_DIGEST_free(a)
-PKCS7_DIGEST *a;
-	{
-	if (a == NULL) return;
-	ASN1_INTEGER_free(a->version);
-	X509_ALGOR_free(a->md);
-	PKCS7_free(a->contents);
-	ASN1_OCTET_STRING_free(a->digest);
-	Free((char *)a);
-	}
-
diff --git a/crypto/asn1/p7_enc.c b/crypto/asn1/p7_enc.c
deleted file mode 100644
index 56e27fa112..0000000000
--- a/crypto/asn1/p7_enc.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/* crypto/asn1/p7_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
-
-/*
- * ASN1err(ASN1_F_PKCS7_ENCRYPT_NEW,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_PKCS7_ENCRYPT,ERR_R_ASN1_LENGTH_MISMATCH);
- */
-
-int i2d_PKCS7_ENCRYPT(a,pp)
-PKCS7_ENCRYPT *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len(a->enc_data,i2d_PKCS7_ENC_CONTENT);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put(a->enc_data,i2d_PKCS7_ENC_CONTENT);
-
-	M_ASN1_I2D_finish();
-	}
-
-PKCS7_ENCRYPT *d2i_PKCS7_ENCRYPT(a,pp,length)
-PKCS7_ENCRYPT **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,PKCS7_ENCRYPT *,PKCS7_ENCRYPT_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get(ret->enc_data,d2i_PKCS7_ENC_CONTENT);
-
-	M_ASN1_D2I_Finish(a,PKCS7_ENCRYPT_free,ASN1_F_D2I_PKCS7_ENCRYPT);
-	}
-
-PKCS7_ENCRYPT *PKCS7_ENCRYPT_new()
-	{
-	PKCS7_ENCRYPT *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,PKCS7_ENCRYPT);
-	M_ASN1_New(ret->version,ASN1_INTEGER_new);
-	M_ASN1_New(ret->enc_data,PKCS7_ENC_CONTENT_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_PKCS7_ENCRYPT_NEW);
-	}
-
-void PKCS7_ENCRYPT_free(a)
-PKCS7_ENCRYPT *a;
-	{
-	if (a == NULL) return;
-	ASN1_INTEGER_free(a->version);
-	PKCS7_ENC_CONTENT_free(a->enc_data);
-	Free((char *)a);
-	}
-
diff --git a/crypto/asn1/p7_enc_c.c b/crypto/asn1/p7_enc_c.c
deleted file mode 100644
index f98afb51b8..0000000000
--- a/crypto/asn1/p7_enc_c.c
+++ /dev/null
@@ -1,129 +0,0 @@
-/* crypto/asn1/p7_enc_c.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
-
-/*
- * ASN1err(ASN1_F_PKCS7_ENC_CONTENT_NEW,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_PKCS7_ENC_CONTENT,ERR_R_ASN1_LENGTH_MISMATCH);
- */
-
-int i2d_PKCS7_ENC_CONTENT(a,pp)
-PKCS7_ENC_CONTENT *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->content_type,i2d_ASN1_OBJECT);
-	M_ASN1_I2D_len(a->algorithm,i2d_X509_ALGOR);
-	M_ASN1_I2D_len_IMP_opt(a->enc_data,i2d_ASN1_OCTET_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->content_type,i2d_ASN1_OBJECT);
-	M_ASN1_I2D_put(a->algorithm,i2d_X509_ALGOR);
-	M_ASN1_I2D_put_IMP_opt(a->enc_data,i2d_ASN1_OCTET_STRING,0);
-
-	M_ASN1_I2D_finish();
-	}
-
-PKCS7_ENC_CONTENT *d2i_PKCS7_ENC_CONTENT(a,pp,length)
-PKCS7_ENC_CONTENT **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,PKCS7_ENC_CONTENT *,PKCS7_ENC_CONTENT_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->content_type,d2i_ASN1_OBJECT);
-	M_ASN1_D2I_get(ret->algorithm,d2i_X509_ALGOR);
-	M_ASN1_D2I_get_IMP_opt(ret->enc_data,d2i_ASN1_OCTET_STRING,0,
-		V_ASN1_OCTET_STRING);
-
-	M_ASN1_D2I_Finish(a,PKCS7_ENC_CONTENT_free,
-		ASN1_F_D2I_PKCS7_ENC_CONTENT);
-	}
-
-PKCS7_ENC_CONTENT *PKCS7_ENC_CONTENT_new()
-	{
-	PKCS7_ENC_CONTENT *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,PKCS7_ENC_CONTENT);
-	/* M_ASN1_New(ret->content_type,ASN1_OBJECT_new); */
-	ret->content_type=OBJ_nid2obj(NID_pkcs7_encrypted);
-	M_ASN1_New(ret->algorithm,X509_ALGOR_new);
-	ret->enc_data=NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_PKCS7_ENC_CONTENT_NEW);
-	}
-
-void PKCS7_ENC_CONTENT_free(a)
-PKCS7_ENC_CONTENT *a;
-	{
-	if (a == NULL) return;
-	ASN1_OBJECT_free(a->content_type);
-	X509_ALGOR_free(a->algorithm);
-	ASN1_OCTET_STRING_free(a->enc_data);
-	Free((char *)a);
-	}
-
diff --git a/crypto/asn1/p7_evp.c b/crypto/asn1/p7_evp.c
deleted file mode 100644
index 7879a66848..0000000000
--- a/crypto/asn1/p7_evp.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/* crypto/asn1/p7_evp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
-
-/*
- * ASN1err(ASN1_F_PKCS7_ENVELOPE_NEW,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_PKCS7_ENVELOPE,ERR_R_ASN1_LENGTH_MISMATCH);
- */
-
-int i2d_PKCS7_ENVELOPE(a,pp)
-PKCS7_ENVELOPE *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len_SET(a->recipientinfo,i2d_PKCS7_RECIP_INFO);
-	M_ASN1_I2D_len(a->enc_data,i2d_PKCS7_ENC_CONTENT);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put_SET(a->recipientinfo,i2d_PKCS7_RECIP_INFO);
-	M_ASN1_I2D_put(a->enc_data,i2d_PKCS7_ENC_CONTENT);
-
-	M_ASN1_I2D_finish();
-	}
-
-PKCS7_ENVELOPE *d2i_PKCS7_ENVELOPE(a,pp,length)
-PKCS7_ENVELOPE **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,PKCS7_ENVELOPE *,PKCS7_ENVELOPE_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get_set(ret->recipientinfo,d2i_PKCS7_RECIP_INFO,
-		PKCS7_RECIP_INFO_free);
-	M_ASN1_D2I_get(ret->enc_data,d2i_PKCS7_ENC_CONTENT);
-
-	M_ASN1_D2I_Finish(a,PKCS7_ENVELOPE_free,ASN1_F_D2I_PKCS7_ENVELOPE);
-	}
-
-PKCS7_ENVELOPE *PKCS7_ENVELOPE_new()
-	{
-	PKCS7_ENVELOPE *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,PKCS7_ENVELOPE);
-	M_ASN1_New(ret->version,ASN1_INTEGER_new);
-	M_ASN1_New(ret->recipientinfo,sk_new_null);
-	M_ASN1_New(ret->enc_data,PKCS7_ENC_CONTENT_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_PKCS7_ENVELOPE_NEW);
-	}
-
-void PKCS7_ENVELOPE_free(a)
-PKCS7_ENVELOPE *a;
-	{
-	if (a == NULL) return;
-	ASN1_INTEGER_free(a->version);
-	sk_pop_free(a->recipientinfo,PKCS7_RECIP_INFO_free);
-	PKCS7_ENC_CONTENT_free(a->enc_data);
-	Free((char *)a);
-	}
-
diff --git a/crypto/asn1/p7_lib.c b/crypto/asn1/p7_lib.c
deleted file mode 100644
index 06e1da4a74..0000000000
--- a/crypto/asn1/p7_lib.c
+++ /dev/null
@@ -1,303 +0,0 @@
-/* crypto/asn1/p7_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "asn1_mac.h"
-#include "objects.h"
-
-/* ASN1err(ASN1_F_D2I_PKCS7,ASN1_R_BAD_PKCS7_CONTENT);
- * ASN1err(ASN1_F_I2D_PKCS7,ASN1_R_BAD_PKCS7_TYPE);
- * ASN1err(ASN1_F_PKCS7_NEW,ASN1_R_BAD_PKCS7_TYPE);
- */
-
-int i2d_PKCS7(a,pp)
-PKCS7 *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-
-	if (a->asn1 != NULL)
-		{
-		if (pp == NULL)
-			return((int)a->length);
-		memcpy(*pp,a->asn1,(int)a->length);
-		*pp+=a->length;
-		return((int)a->length);
-		}
-
-	ret+=4; /* sequence, BER header plus '0 0' end padding */
-	M_ASN1_I2D_len(a->type,i2d_ASN1_OBJECT);
-	if (a->d.ptr != NULL)
-		{
-		ret+=4; /* explicit tag [ 0 ] BER plus '0 0' */
-		switch (OBJ_obj2nid(a->type))
-			{
-		case NID_pkcs7_data:
-			M_ASN1_I2D_len(a->d.data,i2d_ASN1_OCTET_STRING);
-			break;
-		case NID_pkcs7_signed:
-			M_ASN1_I2D_len(a->d.sign,i2d_PKCS7_SIGNED);
-			break;
-		case NID_pkcs7_enveloped:
-			M_ASN1_I2D_len(a->d.enveloped,i2d_PKCS7_ENVELOPE);
-			break;
-		case NID_pkcs7_signedAndEnveloped:
-			M_ASN1_I2D_len(a->d.signed_and_enveloped,
-				i2d_PKCS7_SIGN_ENVELOPE);
-			break;
-		case NID_pkcs7_digest:
-			M_ASN1_I2D_len(a->d.digest,i2d_PKCS7_DIGEST);
-			break;
-		case NID_pkcs7_encrypted:
-			M_ASN1_I2D_len(a->d.encrypted,i2d_PKCS7_ENCRYPT);
-			break;
-		default:
-			break;
-			}
-		}
-	r=ret;
-	if (pp == NULL) return(r);
-	p= *pp;
-	M_ASN1_I2D_INF_seq_start(V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-	M_ASN1_I2D_put(a->type,i2d_ASN1_OBJECT);
-
-	if (a->d.ptr != NULL)
-		{
-		M_ASN1_I2D_INF_seq_start(0,V_ASN1_CONTEXT_SPECIFIC);
-		switch (OBJ_obj2nid(a->type))
-			{
-		case NID_pkcs7_data:
-			M_ASN1_I2D_put(a->d.data,i2d_ASN1_OCTET_STRING);
-			break;
-		case NID_pkcs7_signed:
-			M_ASN1_I2D_put(a->d.sign,i2d_PKCS7_SIGNED);
-			break;
-		case NID_pkcs7_enveloped:
-			M_ASN1_I2D_put(a->d.enveloped,i2d_PKCS7_ENVELOPE);
-			break;
-		case NID_pkcs7_signedAndEnveloped:
-			M_ASN1_I2D_put(a->d.signed_and_enveloped,
-				i2d_PKCS7_SIGN_ENVELOPE);
-			break;
-		case NID_pkcs7_digest:
-			M_ASN1_I2D_put(a->d.digest,i2d_PKCS7_DIGEST);
-			break;
-		case NID_pkcs7_encrypted:
-			M_ASN1_I2D_put(a->d.encrypted,i2d_PKCS7_ENCRYPT);
-			break;
-		default:
-			break;
-			}
-		M_ASN1_I2D_INF_seq_end();
-		}
-	M_ASN1_I2D_INF_seq_end();
-	M_ASN1_I2D_finish();
-	}
-
-PKCS7 *d2i_PKCS7(a,pp,length)
-PKCS7 **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,PKCS7 *,PKCS7_new);
-
-	if ((a != NULL) && ((*a) != NULL))
-		{
-		if ((*a)->asn1 != NULL)
-			{
-			Free((char *)(*a)->asn1);
-			(*a)->asn1=NULL;
-			}
-		(*a)->length=0;
-		}
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->type,d2i_ASN1_OBJECT);
-	if (!M_ASN1_D2I_end_sequence())
-		{
-		int Tinf,Ttag,Tclass;
-		long Tlen;
-
-		if (M_ASN1_next != (V_ASN1_CONSTRUCTED|
-			V_ASN1_CONTEXT_SPECIFIC|0))
-			{
-			c.error=ASN1_R_BAD_PKCS7_CONTENT;
-			c.line=__LINE__;
-			goto err;
-			}
-
-		ret->detached=0;
-
-		c.q=c.p;
-		Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,
-			(c.inf & 1)?(length+ *pp-c.q):c.slen);
-		if (Tinf & 0x80) { c.line=__LINE__; goto err; }
-		c.slen-=(c.p-c.q);
-
-		switch (OBJ_obj2nid(ret->type))
-			{
-		case NID_pkcs7_data:
-			M_ASN1_D2I_get(ret->d.data,d2i_ASN1_OCTET_STRING);
-			break;
-		case NID_pkcs7_signed:
-			M_ASN1_D2I_get(ret->d.sign,d2i_PKCS7_SIGNED);
-			if (ret->d.sign->contents->d.ptr == NULL)
-				ret->detached=1;
-			break;
-		case NID_pkcs7_enveloped:
-			M_ASN1_D2I_get(ret->d.enveloped,d2i_PKCS7_ENVELOPE);
-			break;
-		case NID_pkcs7_signedAndEnveloped:
-			M_ASN1_D2I_get(ret->d.signed_and_enveloped,
-				d2i_PKCS7_SIGN_ENVELOPE);
-			break;
-		case NID_pkcs7_digest:
-			M_ASN1_D2I_get(ret->d.digest,d2i_PKCS7_DIGEST);
-			break;
-		case NID_pkcs7_encrypted:
-			M_ASN1_D2I_get(ret->d.encrypted,d2i_PKCS7_ENCRYPT);
-			break;
-		default:
-			c.error=ASN1_R_BAD_PKCS7_TYPE;
-			c.line=__LINE__;
-			goto err;
-			/* break; */
-			}
-		if (Tinf == (1|V_ASN1_CONSTRUCTED))
-			{
-			if (!ASN1_check_infinite_end(&c.p,c.slen))
-				{
-				c.error=ERR_R_MISSING_ASN1_EOS;
-				c.line=__LINE__;
-				goto err;
-				}
-			}
-		}
-	else
-		ret->detached=1;
-		
-	M_ASN1_D2I_Finish(a,PKCS7_free,ASN1_F_D2I_PKCS7);
-	}
-
-PKCS7 *PKCS7_new()
-	{
-	PKCS7 *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,PKCS7);
-	ret->type=OBJ_nid2obj(NID_undef);
-	ret->asn1=NULL;
-	ret->length=0;
-	ret->detached=0;
-	ret->d.ptr=NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_PKCS7_NEW);
-	}
-
-void PKCS7_free(a)
-PKCS7 *a;
-	{
-	if (a == NULL) return;
-
-	PKCS7_content_free(a);
-	if (a->type != NULL)
-		{
-		ASN1_OBJECT_free(a->type);
-		}
-	Free((char *)(char *)a);
-	}
-
-void PKCS7_content_free(a)
-PKCS7 *a;
-	{
-	if (a->asn1 != NULL) Free((char *)a->asn1);
-
-	if (a->d.ptr != NULL)
-		{
-		if (a->type == NULL) return;
-
-		switch (OBJ_obj2nid(a->type))
-			{
-		case NID_pkcs7_data:
-			ASN1_OCTET_STRING_free(a->d.data);
-			break;
-		case NID_pkcs7_signed:
-			PKCS7_SIGNED_free(a->d.sign);
-			break;
-		case NID_pkcs7_enveloped:
-			PKCS7_ENVELOPE_free(a->d.enveloped);
-			break;
-		case NID_pkcs7_signedAndEnveloped:
-			PKCS7_SIGN_ENVELOPE_free(a->d.signed_and_enveloped);
-			break;
-		case NID_pkcs7_digest:
-			PKCS7_DIGEST_free(a->d.digest);
-			break;
-		case NID_pkcs7_encrypted:
-			PKCS7_ENCRYPT_free(a->d.encrypted);
-			break;
-		default:
-			/* MEMORY LEAK */
-			break;
-			}
-		}
-	a->d.ptr=NULL;
-	}
-
diff --git a/crypto/asn1/p7_recip.c b/crypto/asn1/p7_recip.c
deleted file mode 100644
index 2516d7b193..0000000000
--- a/crypto/asn1/p7_recip.c
+++ /dev/null
@@ -1,133 +0,0 @@
-/* crypto/asn1/p7_recip.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
-
-/*
- * ASN1err(ASN1_F_PKCS7_RECIP_INFO_NEW,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_PKCS7_RECIP_INFO,ERR_R_ASN1_LENGTH_MISMATCH);
- */
-
-int i2d_PKCS7_RECIP_INFO(a,pp)
-PKCS7_RECIP_INFO *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len(a->issuer_and_serial,i2d_PKCS7_ISSUER_AND_SERIAL);
-	M_ASN1_I2D_len(a->key_enc_algor,i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->enc_key,i2d_ASN1_OCTET_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put(a->issuer_and_serial,i2d_PKCS7_ISSUER_AND_SERIAL);
-	M_ASN1_I2D_put(a->key_enc_algor,i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->enc_key,i2d_ASN1_OCTET_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-PKCS7_RECIP_INFO *d2i_PKCS7_RECIP_INFO(a,pp,length)
-PKCS7_RECIP_INFO **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,PKCS7_RECIP_INFO *,PKCS7_RECIP_INFO_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get(ret->issuer_and_serial,d2i_PKCS7_ISSUER_AND_SERIAL);
-	M_ASN1_D2I_get(ret->key_enc_algor,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->enc_key,d2i_ASN1_OCTET_STRING);
-
-	M_ASN1_D2I_Finish(a,PKCS7_RECIP_INFO_free,ASN1_F_D2I_PKCS7_RECIP_INFO);
-	}
-
-PKCS7_RECIP_INFO *PKCS7_RECIP_INFO_new()
-	{
-	PKCS7_RECIP_INFO *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,PKCS7_RECIP_INFO);
-	M_ASN1_New(ret->version,ASN1_INTEGER_new);
-	M_ASN1_New(ret->issuer_and_serial,PKCS7_ISSUER_AND_SERIAL_new);
-	M_ASN1_New(ret->key_enc_algor,X509_ALGOR_new);
-	M_ASN1_New(ret->enc_key,ASN1_OCTET_STRING_new);
-	ret->cert=NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_PKCS7_RECIP_INFO_NEW);
-	}
-
-void PKCS7_RECIP_INFO_free(a)
-PKCS7_RECIP_INFO *a;
-	{
-	if (a == NULL) return;
-	ASN1_INTEGER_free(a->version);
-	PKCS7_ISSUER_AND_SERIAL_free(a->issuer_and_serial);
-	X509_ALGOR_free(a->key_enc_algor);
-	ASN1_OCTET_STRING_free(a->enc_key);
-	if (a->cert != NULL) X509_free(a->cert);
-	Free((char *)a);
-	}
-
diff --git a/crypto/asn1/p7_s_e.c b/crypto/asn1/p7_s_e.c
deleted file mode 100644
index 0368bcbbcd..0000000000
--- a/crypto/asn1/p7_s_e.c
+++ /dev/null
@@ -1,149 +0,0 @@
-/* crypto/asn1/p7_s_e.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
-
-/*
- * ASN1err(ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_PKCS7_SIGN_ENVELOPE,ERR_R_ASN1_LENGTH_MISMATCH);
- */
-
-int i2d_PKCS7_SIGN_ENVELOPE(a,pp)
-PKCS7_SIGN_ENVELOPE *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len_SET(a->recipientinfo,i2d_PKCS7_RECIP_INFO);
-	M_ASN1_I2D_len_SET(a->md_algs,i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->enc_data,i2d_PKCS7_ENC_CONTENT);
-	M_ASN1_I2D_len_IMP_set_opt(a->cert,i2d_X509,0);
-	M_ASN1_I2D_len_IMP_set_opt(a->crl,i2d_X509_CRL,1);
-	M_ASN1_I2D_len_SET(a->signer_info,i2d_PKCS7_SIGNER_INFO);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put_SET(a->recipientinfo,i2d_PKCS7_RECIP_INFO);
-	M_ASN1_I2D_put_SET(a->md_algs,i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->enc_data,i2d_PKCS7_ENC_CONTENT);
-	M_ASN1_I2D_put_IMP_set_opt(a->cert,i2d_X509,0);
-	M_ASN1_I2D_put_IMP_set_opt(a->crl,i2d_X509_CRL,1);
-	M_ASN1_I2D_put_SET(a->signer_info,i2d_PKCS7_SIGNER_INFO);
-
-	M_ASN1_I2D_finish();
-	}
-
-PKCS7_SIGN_ENVELOPE *d2i_PKCS7_SIGN_ENVELOPE(a,pp,length)
-PKCS7_SIGN_ENVELOPE **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,PKCS7_SIGN_ENVELOPE *,PKCS7_SIGN_ENVELOPE_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get_set(ret->recipientinfo,d2i_PKCS7_RECIP_INFO,
-		PKCS7_RECIP_INFO_free);
-	M_ASN1_D2I_get_set(ret->md_algs,d2i_X509_ALGOR,X509_ALGOR_free);
-	M_ASN1_D2I_get(ret->enc_data,d2i_PKCS7_ENC_CONTENT);
-	M_ASN1_D2I_get_IMP_set_opt(ret->cert,d2i_X509,X509_free,0);
-	M_ASN1_D2I_get_IMP_set_opt(ret->crl,d2i_X509_CRL,X509_CRL_free,1);
-	M_ASN1_D2I_get_set(ret->signer_info,d2i_PKCS7_SIGNER_INFO,
-		PKCS7_SIGNER_INFO_free);
-
-	M_ASN1_D2I_Finish(a,PKCS7_SIGN_ENVELOPE_free,
-		ASN1_F_D2I_PKCS7_SIGN_ENVELOPE);
-	}
-
-PKCS7_SIGN_ENVELOPE *PKCS7_SIGN_ENVELOPE_new()
-	{
-	PKCS7_SIGN_ENVELOPE *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,PKCS7_SIGN_ENVELOPE);
-	M_ASN1_New(ret->version,ASN1_INTEGER_new);
-	M_ASN1_New(ret->recipientinfo,sk_new_null);
-	M_ASN1_New(ret->md_algs,sk_new_null);
-	M_ASN1_New(ret->enc_data,PKCS7_ENC_CONTENT_new);
-	ret->cert=NULL;
-	ret->crl=NULL;
-	M_ASN1_New(ret->signer_info,sk_new_null);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_PKCS7_SIGN_ENVELOPE_NEW);
-	}
-
-void PKCS7_SIGN_ENVELOPE_free(a)
-PKCS7_SIGN_ENVELOPE *a;
-	{
-	if (a == NULL) return;
-	ASN1_INTEGER_free(a->version);
-	sk_pop_free(a->recipientinfo,PKCS7_RECIP_INFO_free);
-	sk_pop_free(a->md_algs,X509_ALGOR_free);
-	PKCS7_ENC_CONTENT_free(a->enc_data);
-	sk_pop_free(a->cert,X509_free);
-	sk_pop_free(a->crl,X509_CRL_free);
-	sk_pop_free(a->signer_info,PKCS7_SIGNER_INFO_free);
-	Free((char *)a);
-	}
-
diff --git a/crypto/asn1/p7_signd.c b/crypto/asn1/p7_signd.c
deleted file mode 100644
index 830617cbf8..0000000000
--- a/crypto/asn1/p7_signd.c
+++ /dev/null
@@ -1,142 +0,0 @@
-/* crypto/asn1/p7_signd.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
-
-/*
- * ASN1err(ASN1_F_PKCS7_SIGNED_NEW,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_PKCS7_SIGNED,ERR_R_ASN1_LENGTH_MISMATCH);
- */
-
-int i2d_PKCS7_SIGNED(a,pp)
-PKCS7_SIGNED *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len_SET(a->md_algs,i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->contents,i2d_PKCS7);
-	M_ASN1_I2D_len_IMP_set_opt(a->cert,i2d_X509,0);
-	M_ASN1_I2D_len_IMP_set_opt(a->crl,i2d_X509_CRL,1);
-	M_ASN1_I2D_len_SET(a->signer_info,i2d_PKCS7_SIGNER_INFO);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put_SET(a->md_algs,i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->contents,i2d_PKCS7);
-	M_ASN1_I2D_put_IMP_set_opt(a->cert,i2d_X509,0);
-	M_ASN1_I2D_put_IMP_set_opt(a->crl,i2d_X509_CRL,1);
-	M_ASN1_I2D_put_SET(a->signer_info,i2d_PKCS7_SIGNER_INFO);
-
-	M_ASN1_I2D_finish();
-	}
-
-PKCS7_SIGNED *d2i_PKCS7_SIGNED(a,pp,length)
-PKCS7_SIGNED **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,PKCS7_SIGNED *,PKCS7_SIGNED_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get_set(ret->md_algs,d2i_X509_ALGOR,X509_ALGOR_free);
-	M_ASN1_D2I_get(ret->contents,d2i_PKCS7);
-	M_ASN1_D2I_get_IMP_set_opt(ret->cert,d2i_X509,X509_free,0);
-	M_ASN1_D2I_get_IMP_set_opt(ret->crl,d2i_X509_CRL,X509_CRL_free,1);
-	M_ASN1_D2I_get_set(ret->signer_info,d2i_PKCS7_SIGNER_INFO,
-		PKCS7_SIGNER_INFO_free);
-
-	M_ASN1_D2I_Finish(a,PKCS7_SIGNED_free,ASN1_F_D2I_PKCS7_SIGNED);
-	}
-
-PKCS7_SIGNED *PKCS7_SIGNED_new()
-	{
-	PKCS7_SIGNED *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,PKCS7_SIGNED);
-	M_ASN1_New(ret->version,ASN1_INTEGER_new);
-	M_ASN1_New(ret->md_algs,sk_new_null);
-	M_ASN1_New(ret->contents,PKCS7_new);
-	ret->cert=NULL;
-	ret->crl=NULL;
-	M_ASN1_New(ret->signer_info,sk_new_null);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_PKCS7_SIGNED_NEW);
-	}
-
-void PKCS7_SIGNED_free(a)
-PKCS7_SIGNED *a;
-	{
-	if (a == NULL) return;
-	ASN1_INTEGER_free(a->version);
-	sk_pop_free(a->md_algs,X509_ALGOR_free);
-	PKCS7_free(a->contents);
-	sk_pop_free(a->cert,X509_free);
-	sk_pop_free(a->crl,X509_CRL_free);
-	sk_pop_free(a->signer_info,PKCS7_SIGNER_INFO_free);
-	Free((char *)a);
-	}
-
diff --git a/crypto/asn1/p7_signi.c b/crypto/asn1/p7_signi.c
deleted file mode 100644
index 4bc415d572..0000000000
--- a/crypto/asn1/p7_signi.c
+++ /dev/null
@@ -1,152 +0,0 @@
-/* crypto/asn1/p7_signi.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
-
-/*
- * ASN1err(ASN1_F_PKCS7_SIGNER_INFO_NEW,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_PKCS7_SIGNER_INFO,ERR_R_ASN1_LENGTH_MISMATCH);
- */
-
-int i2d_PKCS7_SIGNER_INFO(a,pp)
-PKCS7_SIGNER_INFO *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len(a->issuer_and_serial,i2d_PKCS7_ISSUER_AND_SERIAL);
-	M_ASN1_I2D_len(a->digest_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_len_IMP_set_opt(a->auth_attr,i2d_X509_ATTRIBUTE,0);
-	M_ASN1_I2D_len(a->digest_enc_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->enc_digest,i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_len_IMP_set_opt(a->unauth_attr,i2d_X509_ATTRIBUTE,1);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put(a->issuer_and_serial,i2d_PKCS7_ISSUER_AND_SERIAL);
-	M_ASN1_I2D_put(a->digest_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_put_IMP_set_opt(a->auth_attr,i2d_X509_ATTRIBUTE,0);
-	M_ASN1_I2D_put(a->digest_enc_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->enc_digest,i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_put_IMP_set_opt(a->unauth_attr,i2d_X509_ATTRIBUTE,1);
-
-	M_ASN1_I2D_finish();
-	}
-
-PKCS7_SIGNER_INFO *d2i_PKCS7_SIGNER_INFO(a,pp,length)
-PKCS7_SIGNER_INFO **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,PKCS7_SIGNER_INFO *,PKCS7_SIGNER_INFO_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get(ret->issuer_and_serial,d2i_PKCS7_ISSUER_AND_SERIAL);
-	M_ASN1_D2I_get(ret->digest_alg,d2i_X509_ALGOR);
-	M_ASN1_D2I_get_IMP_set_opt(ret->auth_attr,d2i_X509_ATTRIBUTE,
-		X509_ATTRIBUTE_free,0);
-	M_ASN1_D2I_get(ret->digest_enc_alg,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->enc_digest,d2i_ASN1_OCTET_STRING);
-	M_ASN1_D2I_get_IMP_set_opt(ret->unauth_attr,d2i_X509_ATTRIBUTE,
-		X509_ATTRIBUTE_free,1);
-
-	M_ASN1_D2I_Finish(a,PKCS7_SIGNER_INFO_free,
-		ASN1_F_D2I_PKCS7_SIGNER_INFO);
-	}
-
-PKCS7_SIGNER_INFO *PKCS7_SIGNER_INFO_new()
-	{
-	PKCS7_SIGNER_INFO *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,PKCS7_SIGNER_INFO);
-	M_ASN1_New(ret->version,ASN1_INTEGER_new);
-	M_ASN1_New(ret->issuer_and_serial,PKCS7_ISSUER_AND_SERIAL_new);
-	M_ASN1_New(ret->digest_alg,X509_ALGOR_new);
-	ret->auth_attr=NULL;
-	M_ASN1_New(ret->digest_enc_alg,X509_ALGOR_new);
-	M_ASN1_New(ret->enc_digest,ASN1_OCTET_STRING_new);
-	ret->unauth_attr=NULL;
-	ret->pkey=NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_PKCS7_SIGNER_INFO_NEW);
-	}
-
-void PKCS7_SIGNER_INFO_free(a)
-PKCS7_SIGNER_INFO *a;
-	{
-	if (a == NULL) return;
-	ASN1_INTEGER_free(a->version);
-	PKCS7_ISSUER_AND_SERIAL_free(a->issuer_and_serial);
-	X509_ALGOR_free(a->digest_alg);
-	sk_pop_free(a->auth_attr,X509_ATTRIBUTE_free);
-	X509_ALGOR_free(a->digest_enc_alg);
-	ASN1_OCTET_STRING_free(a->enc_digest);
-	sk_pop_free(a->unauth_attr,X509_ATTRIBUTE_free);
-	if (a->pkey != NULL)
-		EVP_PKEY_free(a->pkey);
-	Free((char *)a);
-	}
-
diff --git a/crypto/asn1/pkcs8.c b/crypto/asn1/p8_key.c
index d2bc9ce134..3a31248e14 100644
--- a/crypto/asn1/pkcs8.c
+++ b/crypto/asn1/p8_key.c
@@ -1,4 +1,4 @@
-/* crypto/asn1/pkcs8.c */
+/* crypto/asn1/p8_key.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -58,17 +58,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-#include "objects.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/objects.h>
 
-/*
- * ASN1err(ASN1_F_D2I_X509_KEY,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_KEY_NEW,ERR_R_BAD_GET_ASN1_OBJECT_CALL);
- */
-
-int i2d_X509_KEY(a,pp)
-X509 *a;
-unsigned char **pp;
+int i2d_X509_KEY(X509 *a, unsigned char **pp)
 	{
 	M_ASN1_I2D_vars(a);
 
@@ -85,10 +78,7 @@ unsigned char **pp;
 	M_ASN1_I2D_finish();
 	}
 
-X509 *d2i_X509_KEY(a,pp,length)
-X509 **a;
-unsigned char **pp;
-long length;
+X509 *d2i_X509_KEY(X509 **a, unsigned char **pp, long length)
 	{
 	M_ASN1_D2I_vars(a,X509 *,X509_new);
 
@@ -100,11 +90,11 @@ long length;
 	M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);
 	}
 
-X509 *X509_KEY_new()
+X509 *X509_KEY_new(void)
 	{
 	X509_KEY *ret=NULL;
 
-	M_ASN1_New_Malloc(ret,X509_KEY);
+	M_ASN1_New_OPENSSL_malloc(ret,X509_KEY);
 	ret->references=1;
 	ret->type=NID
 	M_ASN1_New(ret->cert_info,X509_CINF_new);
@@ -114,8 +104,7 @@ X509 *X509_KEY_new()
 	M_ASN1_New_Error(ASN1_F_X509_NEW);
 	}
 
-void X509_KEY_free(a)
-X509 *a;
+void X509_KEY_free(X509 *a)
 	{
 	int i;
 
@@ -137,6 +126,6 @@ X509 *a;
 	X509_CINF_free(a->cert_info);
 	X509_ALGOR_free(a->sig_alg);
 	ASN1_BIT_STRING_free(a->signature);
-	Free((char *)a);
+	OPENSSL_free(a);
 	}
 
diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c
new file mode 100644
index 0000000000..24b409132f
--- /dev/null
+++ b/crypto/asn1/p8_pkey.c
@@ -0,0 +1,84 @@
+/* p8_pkey.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+/* Minor tweak to operation: zero private key data */
+static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	/* Since the structure must still be valid use ASN1_OP_FREE_PRE */
+	if(operation == ASN1_OP_FREE_PRE) {
+		PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
+		if (key->pkey->value.octet_string)
+		OPENSSL_cleanse(key->pkey->value.octet_string->data,
+			key->pkey->value.octet_string->length);
+	}
+	return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
+	ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),
+	ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),
+	ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY),
+	ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
diff --git a/crypto/asn1/pk.c b/crypto/asn1/pk.c
deleted file mode 100644
index b96f22d139..0000000000
--- a/crypto/asn1/pk.c
+++ /dev/null
@@ -1,117 +0,0 @@
-/* crypto/asn1/pk.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "../error/err.h"
-#include "./asn1.h"
-#include "rsa.h"
-#include "x509.h"
-#include "pkcs7.h"
-
-main()
-	{
-	PKCS7 *x;
-	FILE *in;
-	unsigned char buf[10240],buf2[10240],*p;
-	int num,i;
-
-	PKCS7 *nx=NULL,*mx=NULL;
-
-	in=fopen("pkcs7.der","r");
-	if (in == NULL)
-		{
-		perror("pkcs7.der");
-		exit(1);
-		}
-	num=fread(buf,1,10240,in);
-	fclose(in);
-
-
-		p=buf;
-		if (d2i_PKCS7(&nx,&p,num) == NULL) goto err;
-		printf("num=%d p-buf=%d\n",num,p-buf);
-
-exit(0);
-		p=buf2;
-		num=i2d_PKCS7(nx,&p);
-		printf("num=%d p-buf=%d\n",num,p-buf2);
-
-		if (memcmp(buf,buf2,num) != 0)
-			{
-			fprintf(stderr,"data difference\n");
-			for (i=0; i<num; i++)
-				fprintf(stderr,"%c%03d <%02X-%02X>\n",
-					(buf[i] == buf2[i])?' ':'*',i,
-					buf[i],buf2[i]);
-			fprintf(stderr,"\n");
-			exit(1);
-			}
-
-		p=buf2;
-		if (d2i_PKCS7(&mx,&p,num) == NULL) goto err;
-		printf("num=%d p-buf=%d\n",num,p-buf2);
-
-/*		X509_print(stdout,mx);*/
-
-	exit(0);
-err:
-	ERR_load_crypto_strings();
-	ERR_print_errors(stderr);
-	exit(1);
-	}
-
diff --git a/crypto/asn1/t_bitst.c b/crypto/asn1/t_bitst.c
new file mode 100644
index 0000000000..8ee789f082
--- /dev/null
+++ b/crypto/asn1/t_bitst.c
@@ -0,0 +1,99 @@
+/* t_bitst.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+				BIT_STRING_BITNAME *tbl, int indent)
+{
+	BIT_STRING_BITNAME *bnam;
+	char first = 1;
+	BIO_printf(out, "%*s", indent, "");
+	for(bnam = tbl; bnam->lname; bnam++) {
+		if(ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) {
+			if(!first) BIO_puts(out, ", ");
+			BIO_puts(out, bnam->lname);
+			first = 0;
+		}
+	}
+	BIO_puts(out, "\n");
+	return 1;
+}
+
+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
+				BIT_STRING_BITNAME *tbl)
+{
+	int bitnum;
+	bitnum = ASN1_BIT_STRING_num_asc(name, tbl);
+	if(bitnum < 0) return 0;
+	if(bs) ASN1_BIT_STRING_set_bit(bs, bitnum, value);
+	return 1;
+}
+
+int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl)
+{
+	BIT_STRING_BITNAME *bnam;
+	for(bnam = tbl; bnam->lname; bnam++) {
+		if(!strcmp(bnam->sname, name) ||
+			!strcmp(bnam->lname, name) ) return bnam->bitnum;
+	}
+	return -1;
+}
diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c
new file mode 100644
index 0000000000..757c148df8
--- /dev/null
+++ b/crypto/asn1/t_crl.c
@@ -0,0 +1,134 @@
+/* t_crl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_NO_FP_API
+int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
+        {
+        BIO *b;
+        int ret;
+
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		X509err(X509_F_X509_PRINT_FP,ERR_R_BUF_LIB);
+                return(0);
+		}
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=X509_CRL_print(b, x);
+        BIO_free(b);
+        return(ret);
+        }
+#endif
+
+int X509_CRL_print(BIO *out, X509_CRL *x)
+{
+	STACK_OF(X509_REVOKED) *rev;
+	X509_REVOKED *r;
+	long l;
+	int i, n;
+	char *p;
+
+	BIO_printf(out, "Certificate Revocation List (CRL):\n");
+	l = X509_CRL_get_version(x);
+	BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l);
+	i = OBJ_obj2nid(x->sig_alg->algorithm);
+	BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
+				 (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
+	p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0);
+	BIO_printf(out,"%8sIssuer: %s\n","",p);
+	OPENSSL_free(p);
+	BIO_printf(out,"%8sLast Update: ","");
+	ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));
+	BIO_printf(out,"\n%8sNext Update: ","");
+	if (X509_CRL_get_nextUpdate(x))
+		 ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x));
+	else BIO_printf(out,"NONE");
+	BIO_printf(out,"\n");
+
+	n=X509_CRL_get_ext_count(x);
+	X509V3_extensions_print(out, "CRL extensions",
+						x->crl->extensions, 0, 8);
+
+	rev = X509_CRL_get_REVOKED(x);
+
+	if(sk_X509_REVOKED_num(rev) > 0)
+	    BIO_printf(out, "Revoked Certificates:\n");
+	else BIO_printf(out, "No Revoked Certificates.\n");
+
+	for(i = 0; i < sk_X509_REVOKED_num(rev); i++) {
+		r = sk_X509_REVOKED_value(rev, i);
+		BIO_printf(out,"    Serial Number: ");
+		i2a_ASN1_INTEGER(out,r->serialNumber);
+		BIO_printf(out,"\n        Revocation Date: ","");
+		ASN1_TIME_print(out,r->revocationDate);
+		BIO_printf(out,"\n");
+		X509V3_extensions_print(out, "CRL entry extensions",
+						r->extensions, 0, 8);
+	}
+	X509_signature_print(out, x->sig_alg, x->signature);
+
+	return 1;
+
+}
diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c
index bc518d59a2..06e85f3b4c 100644
--- a/crypto/asn1/t_pkey.c
+++ b/crypto/asn1/t_pkey.c
@@ -55,79 +55,96 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Binary polynomial ECC support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "bn.h"
-#ifndef NO_RSA
-#include "rsa.h"
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
 #endif
-#ifndef NO_DH
-#include "dh.h"
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
 #endif
-#ifndef NO_DSA
-#include "dsa.h"
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
 #endif
 
-/* DHerr(DH_F_DHPARAMS_PRINT,ERR_R_MALLOC_FAILURE);
- * DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE);
- */
-
-#ifndef NOPROTO
-static int print(BIO *fp,char *str,BIGNUM *num,
+static int print(BIO *fp,const char *str,BIGNUM *num,
 		unsigned char *buf,int off);
-#else
-static int print();
-#endif
+static int print_bin(BIO *fp, const char *str, const unsigned char *num,
+		size_t len, int off);
+#ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_FP_API
+int RSA_print_fp(FILE *fp, const RSA *x, int off)
+	{
+	BIO *b;
+	int ret;
 
-#ifndef NO_RSA
-#ifndef NO_FP_API
-int RSA_print_fp(fp,x,off)
-FILE *fp;
-RSA *x;
-int off;
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
+	if ((b=BIO_new(BIO_s_file())) == NULL)
 		{
 		RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
+		return(0);
 		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=RSA_print(b,x,off);
-        BIO_free(b);
-        return(ret);
-        }
+	BIO_set_fp(b,fp,BIO_NOCLOSE);
+	ret=RSA_print(b,x,off);
+	BIO_free(b);
+	return(ret);
+	}
 #endif
 
-int RSA_print(bp,x,off)
-BIO *bp;
-RSA *x;
-int off;
+int RSA_print(BIO *bp, const RSA *x, int off)
 	{
-	char str[128],*s;
+	char str[128];
+	const char *s;
 	unsigned char *m=NULL;
-	int i,ret=0;
+	int ret=0;
+	size_t buf_len=0, i;
+
+	if (x->n)
+		buf_len = (size_t)BN_num_bytes(x->n);
+	if (x->e)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->e)))
+			buf_len = i;
+	if (x->d)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->d)))
+			buf_len = i;
+	if (x->p)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->p)))
+			buf_len = i;
+	if (x->q)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+			buf_len = i;
+	if (x->dmp1)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))
+			buf_len = i;
+	if (x->dmq1)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))
+			buf_len = i;
+	if (x->iqmp)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))
+			buf_len = i;
 
-	i=RSA_size(x);
-	m=(unsigned char *)Malloc((unsigned int)i+10);
+	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
 	if (m == NULL)
 		{
 		RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
 
-	if (off)
-		{
-		if (off > 128) off=128;
-		memset(str,' ',off);
-		}
 	if (x->d != NULL)
 		{
-		if (off && (BIO_write(bp,str,off) <= 0)) goto err;
+		if(!BIO_indent(bp,off,128))
+		   goto err;
 		if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->n))
 			<= 0) goto err;
 		}
@@ -147,17 +164,14 @@ int off;
 	if (!print(bp,"coefficient:",x->iqmp,m,off)) goto err;
 	ret=1;
 err:
-	if (m != NULL) Free((char *)m);
+	if (m != NULL) OPENSSL_free(m);
 	return(ret);
 	}
-#endif /* NO_RSA */
-
-#ifndef NO_DSA
-#ifndef NO_FP_API
-int DSA_print_fp(fp,x,off)
-FILE *fp;
-DSA *x;
-int off;
+#endif /* OPENSSL_NO_RSA */
+
+#ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_FP_API
+int DSA_print_fp(FILE *fp, const DSA *x, int off)
 	{
 	BIO *b;
 	int ret;
@@ -174,43 +188,38 @@ int off;
 	}
 #endif
 
-int DSA_print(bp,x,off)
-BIO *bp;
-DSA *x;
-int off;
+int DSA_print(BIO *bp, const DSA *x, int off)
 	{
-	char str[128];
 	unsigned char *m=NULL;
-	int i,ret=0;
-	BIGNUM *bn=NULL;
-
-	if (x->p != NULL)
-		bn=x->p;
-	else if (x->priv_key != NULL)
-		bn=x->priv_key;
-	else if (x->pub_key != NULL)
-		bn=x->pub_key;
-		
-	/* larger than needed but what the hell :-) */
-	if (bn != NULL)
-		i=BN_num_bytes(bn)*2;
-	else
-		i=256;
-	m=(unsigned char *)Malloc((unsigned int)i+10);
+	int ret=0;
+	size_t buf_len=0,i;
+
+	if (x->p)
+		buf_len = (size_t)BN_num_bytes(x->p);
+	if (x->q)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+			buf_len = i;
+	if (x->g)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+			buf_len = i;
+	if (x->priv_key)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))
+			buf_len = i;
+	if (x->pub_key)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))
+			buf_len = i;
+
+	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
 	if (m == NULL)
 		{
 		DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
 
-	if (off)
-		{
-		if (off > 128) off=128;
-		memset(str,' ',off);
-		}
 	if (x->priv_key != NULL)
 		{
-		if (off && (BIO_write(bp,str,off) <= 0)) goto err;
+		if(!BIO_indent(bp,off,128))
+		   goto err;
 		if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p))
 			<= 0) goto err;
 		}
@@ -224,28 +233,333 @@ int off;
 	if ((x->g != NULL) && !print(bp,"G:   ",x->g,m,off)) goto err;
 	ret=1;
 err:
-	if (m != NULL) Free((char *)m);
+	if (m != NULL) OPENSSL_free(m);
+	return(ret);
+	}
+#endif /* !OPENSSL_NO_DSA */
+
+#ifndef OPENSSL_NO_EC
+#ifndef OPENSSL_NO_FP_API
+int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
+	{
+	BIO *b;
+	int ret;
+
+	if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB);
+		return(0);
+		}
+	BIO_set_fp(b, fp, BIO_NOCLOSE);
+	ret = ECPKParameters_print(b, x, off);
+	BIO_free(b);
+	return(ret);
+	}
+
+int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off)
+	{
+	BIO *b;
+	int ret;
+ 
+	if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);
+		return(0);
+		}
+	BIO_set_fp(b, fp, BIO_NOCLOSE);
+	ret = EC_KEY_print(b, x, off);
+	BIO_free(b);
+	return(ret);
+	}
+#endif
+
+int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
+	{
+	unsigned char *buffer=NULL;
+	size_t	buf_len=0, i;
+	int     ret=0, reason=ERR_R_BIO_LIB;
+	BN_CTX  *ctx=NULL;
+	EC_POINT *point=NULL;
+	BIGNUM	*p=NULL, *a=NULL, *b=NULL, *gen=NULL,
+		*order=NULL, *cofactor=NULL;
+	const unsigned char *seed;
+	size_t	seed_len=0;
+	
+	static const char *gen_compressed = "Generator (compressed):";
+	static const char *gen_uncompressed = "Generator (uncompressed):";
+	static const char *gen_hybrid = "Generator (hybrid):";
+ 
+	if (!x)
+		{
+		reason = ERR_R_PASSED_NULL_PARAMETER;
+		goto err;
+		}
+
+	if (EC_GROUP_get_asn1_flag(x))
+		{
+		/* the curve parameter are given by an asn1 OID */
+		int nid;
+
+		if (!BIO_indent(bp, off, 128))
+			goto err;
+
+		nid = EC_GROUP_get_nid(x);
+		if (nid == 0)
+			goto err;
+
+		if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
+			goto err;
+		if (BIO_printf(bp, "\n") <= 0)
+			goto err;
+		}
+	else
+		{
+		/* explicit parameters */
+		int is_char_two = 0;
+		point_conversion_form_t form;
+		int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));
+
+		if (tmp_nid == NID_X9_62_characteristic_two_field)
+			is_char_two = 1;
+
+		if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
+			(b = BN_new()) == NULL || (order = BN_new()) == NULL ||
+			(cofactor = BN_new()) == NULL)
+			{
+			reason = ERR_R_MALLOC_FAILURE;
+			goto err;
+			}
+
+		if (is_char_two)
+			{
+			if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx))
+				{
+				reason = ERR_R_EC_LIB;
+				goto err;
+				}
+			}
+		else /* prime field */
+			{
+			if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx))
+				{
+				reason = ERR_R_EC_LIB;
+				goto err;
+				}
+			}
+
+		if ((point = EC_GROUP_get0_generator(x)) == NULL)
+			{
+			reason = ERR_R_EC_LIB;
+			goto err;
+			}
+		if (!EC_GROUP_get_order(x, order, NULL) || 
+            		!EC_GROUP_get_cofactor(x, cofactor, NULL))
+			{
+			reason = ERR_R_EC_LIB;
+			goto err;
+			}
+		
+		form = EC_GROUP_get_point_conversion_form(x);
+
+		if ((gen = EC_POINT_point2bn(x, point, 
+				form, NULL, ctx)) == NULL)
+			{
+			reason = ERR_R_EC_LIB;
+			goto err;
+			}
+
+		buf_len = (size_t)BN_num_bytes(p);
+		if (buf_len < (i = (size_t)BN_num_bytes(a)))
+			buf_len = i;
+		if (buf_len < (i = (size_t)BN_num_bytes(b)))
+			buf_len = i;
+		if (buf_len < (i = (size_t)BN_num_bytes(gen)))
+			buf_len = i;
+		if (buf_len < (i = (size_t)BN_num_bytes(order)))
+			buf_len = i;
+		if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) 
+			buf_len = i;
+
+		if ((seed = EC_GROUP_get0_seed(x)) != NULL)
+			seed_len = EC_GROUP_get_seed_len(x);
+
+		buf_len += 10;
+		if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
+			{
+			reason = ERR_R_MALLOC_FAILURE;
+			goto err;
+			}
+
+		if (!BIO_indent(bp, off, 128))
+			goto err;
+
+		/* print the 'short name' of the field type */
+		if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid))
+			<= 0)
+			goto err;  
+
+		if (is_char_two)
+			{
+			/* print the 'short name' of the base type OID */
+			int basis_type = EC_GROUP_get_basis_type(x);
+			if (basis_type == 0)
+				goto err;
+
+			if (!BIO_indent(bp, off, 128))
+				goto err;
+
+			if (BIO_printf(bp, "Basis Type: %s\n", 
+				OBJ_nid2sn(basis_type)) <= 0)
+				goto err;
+
+			/* print the polynomial */
+			if ((p != NULL) && !print(bp, "Polynomial:", p, buffer,
+				off))
+				goto err;
+			}
+		else
+			{
+			if ((p != NULL) && !print(bp, "Prime:", p, buffer,off))
+				goto err;
+			}
+		if ((a != NULL) && !print(bp, "A:   ", a, buffer, off)) 
+			goto err;
+		if ((b != NULL) && !print(bp, "B:   ", b, buffer, off))
+			goto err;
+		if (form == POINT_CONVERSION_COMPRESSED)
+			{
+			if ((gen != NULL) && !print(bp, gen_compressed, gen,
+				buffer, off))
+				goto err;
+			}
+		else if (form == POINT_CONVERSION_UNCOMPRESSED)
+			{
+			if ((gen != NULL) && !print(bp, gen_uncompressed, gen,
+				buffer, off))
+				goto err;
+			}
+		else /* form == POINT_CONVERSION_HYBRID */
+			{
+			if ((gen != NULL) && !print(bp, gen_hybrid, gen,
+				buffer, off))
+				goto err;
+			}
+		if ((order != NULL) && !print(bp, "Order: ", order, 
+			buffer, off)) goto err;
+		if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor, 
+			buffer, off)) goto err;
+		if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
+			goto err;
+		}
+	ret=1;
+err:
+	if (!ret)
+ 		ECerr(EC_F_ECPKPARAMETERS_PRINT, reason);
+	if (p) 
+		BN_free(p);
+	if (a) 
+		BN_free(a);
+	if (b)
+		BN_free(b);
+	if (gen)
+		BN_free(gen);
+	if (order)
+		BN_free(order);
+	if (cofactor)
+		BN_free(cofactor);
+	if (ctx)
+		BN_CTX_free(ctx);
+	if (buffer != NULL) 
+		OPENSSL_free(buffer);
+	return(ret);	
+	}
+
+int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
+	{
+	unsigned char *buffer=NULL;
+	size_t	buf_len=0, i;
+	int     ret=0, reason=ERR_R_BIO_LIB;
+	BIGNUM  *pub_key=NULL, *order=NULL;
+	BN_CTX  *ctx=NULL;
+ 
+	if (!x || !x->group)
+		{
+		reason = ERR_R_PASSED_NULL_PARAMETER;
+		goto err;
+		}
+
+	if ((pub_key = EC_POINT_point2bn(x->group, x->pub_key,
+		x->conv_form, NULL, ctx)) == NULL)
+		{
+		reason = ERR_R_EC_LIB;
+		goto err;
+		}
+
+	buf_len = (size_t)BN_num_bytes(pub_key);
+	if (x->priv_key)
+		{
+		if ((i = (size_t)BN_num_bytes(x->priv_key)) > buf_len)
+			buf_len = i;
+		}
+
+	buf_len += 10;
+	if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
+		{
+		reason = ERR_R_MALLOC_FAILURE;
+		goto err;
+		}
+
+	if (x->priv_key != NULL)
+		{
+		if (!BIO_indent(bp, off, 128))
+			goto err;
+		if ((order = BN_new()) == NULL)
+			goto err;
+		if (!EC_GROUP_get_order(x->group, order, NULL))
+			goto err;
+		if (BIO_printf(bp, "Private-Key: (%d bit)\n", 
+			BN_num_bits(order)) <= 0) goto err;
+		}
+  
+	if ((x->priv_key != NULL) && !print(bp, "priv:", x->priv_key, 
+		buffer, off))
+		goto err;
+	if ((pub_key != NULL) && !print(bp, "pub: ", pub_key,
+		buffer, off))
+		goto err;
+	if (!ECPKParameters_print(bp, x->group, off))
+		goto err;
+	ret=1;
+err:
+	if (!ret)
+ 		ECerr(EC_F_EC_KEY_PRINT, reason);
+	if (pub_key) 
+		BN_free(pub_key);
+	if (order)
+		BN_free(order);
+	if (ctx)
+		BN_CTX_free(ctx);
+	if (buffer != NULL)
+		OPENSSL_free(buffer);
 	return(ret);
 	}
-#endif /* !NO_DSA */
-
-static int print(bp,number,num,buf,off)
-BIO *bp;
-char *number;
-BIGNUM *num;
-unsigned char *buf;
-int off;
+#endif /* OPENSSL_NO_EC */
+
+static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf,
+	     int off)
 	{
 	int n,i;
-	char str[128],*neg;
+	const char *neg;
 
 	if (num == NULL) return(1);
-	neg=(num->neg)?"-":"";
-	if (off)
+	neg = (BN_get_sign(num))?"-":"";
+	if(!BIO_indent(bp,off,128))
+		return 0;
+	if (BN_is_zero(num))
 		{
-		if (off > 128) off=128;
-		memset(str,' ',off);
-		if (BIO_write(bp,str,off) <= 0) return(0);
+		if (BIO_printf(bp, "%s 0\n", number) <= 0)
+			return 0;
+		return 1;
 		}
 
 	if (BN_num_bytes(num) <= BN_BYTES)
@@ -270,9 +584,9 @@ int off;
 			{
 			if ((i%15) == 0)
 				{
-				str[0]='\n';
-				memset(&(str[1]),' ',off+4);
-				if (BIO_write(bp,str,off+1+4) <= 0) return(0);
+				if(BIO_puts(bp,"\n") <= 0
+				   || !BIO_indent(bp,off+4,128))
+				    return 0;
 				}
 			if (BIO_printf(bp,"%02x%s",buf[i],((i+1) == n)?"":":")
 				<= 0) return(0);
@@ -282,36 +596,75 @@ int off;
 	return(1);
 	}
 
-#ifndef NO_DH
-#ifndef NO_FP_API
-int DHparams_print_fp(fp,x)
-FILE *fp;
-DH *x;
-        {
-        BIO *b;
-        int ret;
+static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
+		size_t len, int off)
+	{
+	size_t i;
+	char str[128];
 
-        if ((b=BIO_new(BIO_s_file())) == NULL)
+	if (buf == NULL)
+		return 1;
+	if (off)
+		{
+		if (off > 128)
+			off=128;
+		memset(str,' ',off);
+		if (BIO_write(fp, str, off) <= 0)
+			return 0;
+		}
+
+	if (BIO_printf(fp,"%s", name) <= 0)
+		return 0;
+
+	for (i=0; i<len; i++)
+		{
+		if ((i%15) == 0)
+			{
+			str[0]='\n';
+			memset(&(str[1]),' ',off+4);
+			if (BIO_write(fp, str, off+1+4) <= 0)
+				return 0;
+			}
+		if (BIO_printf(fp,"%02x%s",buf[i],((i+1) == len)?"":":") <= 0)
+			return 0;
+		}
+	if (BIO_write(fp,"\n",1) <= 0)
+		return 0;
+
+	return 1;
+	}
+
+#ifndef OPENSSL_NO_DH
+#ifndef OPENSSL_NO_FP_API
+int DHparams_print_fp(FILE *fp, const DH *x)
+	{
+	BIO *b;
+	int ret;
+
+	if ((b=BIO_new(BIO_s_file())) == NULL)
 		{
 		DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
+		return(0);
 		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=DHparams_print(b, x);
-        BIO_free(b);
-        return(ret);
-        }
+	BIO_set_fp(b,fp,BIO_NOCLOSE);
+	ret=DHparams_print(b, x);
+	BIO_free(b);
+	return(ret);
+	}
 #endif
 
-int DHparams_print(bp,x)
-BIO *bp;
-DH *x;
+int DHparams_print(BIO *bp, const DH *x)
 	{
 	unsigned char *m=NULL;
-	int reason=ERR_R_BUF_LIB,i,ret=0;
+	int reason=ERR_R_BUF_LIB,ret=0;
+	size_t buf_len=0, i;
 
-	i=BN_num_bytes(x->p);
-	m=(unsigned char *)Malloc((unsigned int)i+10);
+	if (x->p)
+		buf_len = (size_t)BN_num_bytes(x->p);
+	if (x->g)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+			buf_len = i;
+	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
 	if (m == NULL)
 		{
 		reason=ERR_R_MALLOC_FAILURE;
@@ -325,7 +678,7 @@ DH *x;
 	if (!print(bp,"generator:",x->g,m,4)) goto err;
 	if (x->length != 0)
 		{
-		if (BIO_printf(bp,"    recomented-private-length: %d bits\n",
+		if (BIO_printf(bp,"    recommended-private-length: %d bits\n",
 			(int)x->length) <= 0) goto err;
 		}
 	ret=1;
@@ -334,41 +687,45 @@ DH *x;
 err:
 		DHerr(DH_F_DHPARAMS_PRINT,reason);
 		}
-	if (m != NULL) Free((char *)m);
+	if (m != NULL) OPENSSL_free(m);
 	return(ret);
 	}
 #endif
 
-#ifndef NO_DSA
-#ifndef NO_FP_API
-int DSAparams_print_fp(fp,x)
-FILE *fp;
-DSA *x;
-        {
-        BIO *b;
-        int ret;
+#ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_FP_API
+int DSAparams_print_fp(FILE *fp, const DSA *x)
+	{
+	BIO *b;
+	int ret;
 
-        if ((b=BIO_new(BIO_s_file())) == NULL)
+	if ((b=BIO_new(BIO_s_file())) == NULL)
 		{
 		DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
+		return(0);
 		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=DSAparams_print(b, x);
-        BIO_free(b);
-        return(ret);
-        }
+	BIO_set_fp(b,fp,BIO_NOCLOSE);
+	ret=DSAparams_print(b, x);
+	BIO_free(b);
+	return(ret);
+	}
 #endif
 
-int DSAparams_print(bp,x)
-BIO *bp;
-DSA *x;
+int DSAparams_print(BIO *bp, const DSA *x)
 	{
 	unsigned char *m=NULL;
-	int reason=ERR_R_BUF_LIB,i,ret=0;
+	int reason=ERR_R_BUF_LIB,ret=0;
+	size_t buf_len=0,i;
 
-	i=BN_num_bytes(x->p);
-	m=(unsigned char *)Malloc((unsigned int)i+10);
+	if (x->p)
+		buf_len = (size_t)BN_num_bytes(x->p);
+	if (x->q)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+			buf_len = i;
+	if (x->g)
+		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+			buf_len = i;
+	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
 	if (m == NULL)
 		{
 		reason=ERR_R_MALLOC_FAILURE;
@@ -383,10 +740,66 @@ DSA *x;
 	if (!print(bp,"g:",x->g,m,4)) goto err;
 	ret=1;
 err:
-	if (m != NULL) Free((char *)m);
+	if (m != NULL) OPENSSL_free(m);
 	DSAerr(DSA_F_DSAPARAMS_PRINT,reason);
 	return(ret);
 	}
 
-#endif /* !NO_DSA */
+#endif /* !OPENSSL_NO_DSA */
+
+#ifndef OPENSSL_NO_EC
+#ifndef OPENSSL_NO_FP_API
+int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
+	{
+	BIO *b;
+	int ret;
+ 
+	if ((b=BIO_new(BIO_s_file())) == NULL)
+		{
+		ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
+		return(0);
+		}
+	BIO_set_fp(b, fp, BIO_NOCLOSE);
+	ret = ECParameters_print(b, x);
+	BIO_free(b);
+	return(ret);
+	}
+#endif
+
+int ECParameters_print(BIO *bp, const EC_KEY *x)
+	{
+	int     reason=ERR_R_EC_LIB, ret=0;
+	BIGNUM	*order=NULL;
+ 
+	if (!x || !x->group)
+		{
+		reason = ERR_R_PASSED_NULL_PARAMETER;;
+		goto err;
+		}
+
+	if ((order = BN_new()) == NULL)
+		{
+		reason = ERR_R_MALLOC_FAILURE;
+		goto err;
+		}
 
+	if (!EC_GROUP_get_order(x->group, order, NULL))
+		{
+		reason = ERR_R_EC_LIB;
+		goto err;
+		}
+ 
+	if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n", 
+		BN_num_bits(order)) <= 0)
+		goto err;
+	if (!ECPKParameters_print(bp, x->group, 4))
+		goto err;
+	ret=1;
+err:
+	if (order)
+		BN_free(order);
+	ECerr(EC_F_ECPARAMETERS_PRINT, reason);
+	return(ret);
+	}
+  
+#endif
diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c
index 7df749a48f..b70bda71db 100644
--- a/crypto/asn1/t_req.c
+++ b/crypto/asn1/t_req.c
@@ -58,15 +58,14 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "bn.h"
-#include "objects.h"
-#include "x509.h"
-
-#ifndef NO_FP_API
-int X509_REQ_print_fp(fp,x)
-FILE *fp;
-X509_REQ *x;
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_NO_FP_API
+int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
         {
         BIO *b;
         int ret;
@@ -83,144 +82,203 @@ X509_REQ *x;
         }
 #endif
 
-int X509_REQ_print(bp,x)
-BIO *bp;
-X509_REQ *x;
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag)
 	{
 	unsigned long l;
-	int i,n;
-	char *s,*neg;
+	int i;
+	const char *neg;
 	X509_REQ_INFO *ri;
 	EVP_PKEY *pkey;
-	STACK *sk;
-	char str[128];
+	STACK_OF(X509_ATTRIBUTE) *sk;
+	STACK_OF(X509_EXTENSION) *exts;
+	char mlch = ' ';
+	int nmindent = 0;
+
+	if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+		mlch = '\n';
+		nmindent = 12;
+	}
+
+	if(nmflags == X509_FLAG_COMPAT)
+		nmindent = 16;
+
 
 	ri=x->req_info;
-	sprintf(str,"Certificate Request:\n");
-	if (BIO_puts(bp,str) <= 0) goto err;
-	sprintf(str,"%4sData:\n","");
-	if (BIO_puts(bp,str) <= 0) goto err;
-
-	neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
-	l=0;
-	for (i=0; i<ri->version->length; i++)
-		{ l<<=8; l+=ri->version->data[i]; }
-	sprintf(str,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,l);
-	if (BIO_puts(bp,str) <= 0) goto err;
-	sprintf(str,"%8sSubject: ","");
-	if (BIO_puts(bp,str) <= 0) goto err;
-
-	X509_NAME_print(bp,ri->subject,16);
-	sprintf(str,"\n%8sSubject Public Key Info:\n","");
-	if (BIO_puts(bp,str) <= 0) goto err;
-	i=OBJ_obj2nid(ri->pubkey->algor->algorithm);
-	sprintf(str,"%12sPublic Key Algorithm: %s\n","",
-		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
-	if (BIO_puts(bp,str) <= 0) goto err;
-
-	pkey=X509_REQ_get_pubkey(x);
-#ifndef NO_RSA
-	if (pkey->type == EVP_PKEY_RSA)
+	if(!(cflag & X509_FLAG_NO_HEADER))
 		{
-		BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
-			BN_num_bits(pkey->pkey.rsa->n));
-		RSA_print(bp,pkey->pkey.rsa,16);
+		if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err;
+		if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
+		}
+	if(!(cflag & X509_FLAG_NO_VERSION))
+		{
+		neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
+		l=0;
+		for (i=0; i<ri->version->length; i++)
+			{ l<<=8; l+=ri->version->data[i]; }
+		if(BIO_printf(bp,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,
+			      l) <= 0)
+		    goto err;
 		}
-	else 
+        if(!(cflag & X509_FLAG_NO_SUBJECT))
+                {
+                if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
+                if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err;
+                if (BIO_write(bp,"\n",1) <= 0) goto err;
+                }
+	if(!(cflag & X509_FLAG_NO_PUBKEY))
+		{
+		if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)
+			goto err;
+		if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
+			goto err;
+		if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)
+			goto err;
+		if (BIO_puts(bp, "\n") <= 0)
+			goto err;
+
+		pkey=X509_REQ_get_pubkey(x);
+		if (pkey == NULL)
+			{
+			BIO_printf(bp,"%12sUnable to load Public Key\n","");
+			ERR_print_errors(bp);
+			}
+		else
+#ifndef OPENSSL_NO_RSA
+		if (pkey->type == EVP_PKEY_RSA)
+			{
+			BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+			BN_num_bits(pkey->pkey.rsa->n));
+			RSA_print(bp,pkey->pkey.rsa,16);
+			}
+		else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
+			{
+			BIO_printf(bp,"%12sDSA Public Key:\n","");
+			DSA_print(bp,pkey->pkey.dsa,16);
+			}
+		else
+#endif
+#ifndef OPENSSL_NO_EC
+		if (pkey->type == EVP_PKEY_EC)
 		{
-		BIO_printf(bp,"%12sDSA Public Key:\n","");
-		DSA_print(bp,pkey->pkey.dsa,16);
+			BIO_printf(bp, "%12sEC Public Key: \n","");
+			EC_KEY_print(bp, pkey->pkey.eckey, 16);
 		}
 	else
 #endif
-		BIO_printf(bp,"%12sUnknown Public Key:\n","");
+			BIO_printf(bp,"%12sUnknown Public Key:\n","");
 
-	/* may not be */
-	sprintf(str,"%8sAttributes:\n","");
-	if (BIO_puts(bp,str) <= 0) goto err;
+		EVP_PKEY_free(pkey);
+		}
 
-	sk=x->req_info->attributes;
-	if ((sk == NULL) || (sk_num(sk) == 0))
+	if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
 		{
-		if (!x->req_info->req_kludge)
+		/* may not be */
+		if(BIO_printf(bp,"%8sAttributes:\n","") <= 0)
+		    goto err;
+
+		sk=x->req_info->attributes;
+		if (sk_X509_ATTRIBUTE_num(sk) == 0)
 			{
-			sprintf(str,"%12sa0:00\n","");
-			if (BIO_puts(bp,str) <= 0) goto err;
+			if(BIO_printf(bp,"%12sa0:00\n","") <= 0)
+			    goto err;
 			}
-		}
-	else
-		{
-		for (i=0; i<sk_num(sk); i++)
+		else
 			{
-			ASN1_TYPE *at;
-			X509_ATTRIBUTE *a;
-			ASN1_BIT_STRING *bs=NULL;
-			ASN1_TYPE *t;
-			int j,type=0,count=1,ii=0;
-
-			a=(X509_ATTRIBUTE *)sk_value(sk,i);
-			sprintf(str,"%12s","");
-			if (BIO_puts(bp,str) <= 0) goto err;
-			if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
-
-			if (a->set)
+			for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
+				{
+				ASN1_TYPE *at;
+				X509_ATTRIBUTE *a;
+				ASN1_BIT_STRING *bs=NULL;
+				ASN1_TYPE *t;
+				int j,type=0,count=1,ii=0;
+
+				a=sk_X509_ATTRIBUTE_value(sk,i);
+				if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
+									continue;
+				if(BIO_printf(bp,"%12s","") <= 0)
+				    goto err;
+				if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
 				{
-				ii=0;
-				count=sk_num(a->value.set);
+				if (a->single)
+					{
+					t=a->value.single;
+					type=t->type;
+					bs=t->value.bit_string;
+					}
+				else
+					{
+					ii=0;
+					count=sk_ASN1_TYPE_num(a->value.set);
 get_next:
-				at=(ASN1_TYPE *)sk_value(a->value.set,ii);
-				type=at->type;
-				bs=at->value.asn1_string;
+					at=sk_ASN1_TYPE_value(a->value.set,ii);
+					type=at->type;
+					bs=at->value.asn1_string;
+					}
 				}
-			else
-				{
-				t=a->value.single;
-				type=t->type;
-				bs=t->value.bit_string;
+				for (j=25-j; j>0; j--)
+					if (BIO_write(bp," ",1) != 1) goto err;
+				if (BIO_puts(bp,":") <= 0) goto err;
+				if (	(type == V_ASN1_PRINTABLESTRING) ||
+					(type == V_ASN1_T61STRING) ||
+					(type == V_ASN1_IA5STRING))
+					{
+					if (BIO_write(bp,(char *)bs->data,bs->length)
+						!= bs->length)
+						goto err;
+					BIO_puts(bp,"\n");
+					}
+				else
+					{
+					BIO_puts(bp,"unable to print attribute\n");
+					}
+				if (++ii < count) goto get_next;
 				}
-			for (j=25-j; j>0; j--)
-				if (BIO_write(bp," ",1) != 1) goto err;
-			if (BIO_puts(bp,":") <= 0) goto err;
-			if (	(type == V_ASN1_PRINTABLESTRING) ||
-				(type == V_ASN1_T61STRING) ||
-				(type == V_ASN1_IA5STRING))
+			}
+		}
+	if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
+		{
+		exts = X509_REQ_get_extensions(x);
+		if(exts)
+			{
+			BIO_printf(bp,"%8sRequested Extensions:\n","");
+			for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
 				{
-				if (BIO_write(bp,(char *)bs->data,bs->length)
-					!= bs->length)
+				ASN1_OBJECT *obj;
+				X509_EXTENSION *ex;
+				int j;
+				ex=sk_X509_EXTENSION_value(exts, i);
+				if (BIO_printf(bp,"%12s","") <= 0) goto err;
+				obj=X509_EXTENSION_get_object(ex);
+				i2a_ASN1_OBJECT(bp,obj);
+				j=X509_EXTENSION_get_critical(ex);
+				if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
 					goto err;
-				BIO_puts(bp,"\n");
+				if(!X509V3_EXT_print(bp, ex, 0, 16))
+					{
+					BIO_printf(bp, "%16s", "");
+					M_ASN1_OCTET_STRING_print(bp,ex->value);
+					}
+				if (BIO_write(bp,"\n",1) <= 0) goto err;
 				}
-			else
-				{
-				BIO_puts(bp,"unable to print attribute\n");
-				}
-			if (++ii < count) goto get_next;
+			sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
 			}
 		}
 
-	i=OBJ_obj2nid(x->sig_alg->algorithm);
-	sprintf(str,"%4sSignature Algorithm: %s","",
-		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
-	if (BIO_puts(bp,str) <= 0) goto err;
-
-	n=x->signature->length;
-	s=(char *)x->signature->data;
-	for (i=0; i<n; i++)
+	if(!(cflag & X509_FLAG_NO_SIGDUMP))
 		{
-		if ((i%18) == 0)
-			{
-			sprintf(str,"\n%8s","");
-			if (BIO_puts(bp,str) <= 0) goto err;
-			}
-		sprintf(str,"%02x%s",(unsigned char)s[i],((i+1) == n)?"":":");
-		if (BIO_puts(bp,str) <= 0) goto err;
+		if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
 		}
-	if (BIO_puts(bp,"\n") <= 0) goto err;
+
 	return(1);
 err:
 	X509err(X509_F_X509_REQ_PRINT,ERR_R_BUF_LIB);
 	return(0);
 	}
+
+int X509_REQ_print(BIO *bp, X509_REQ *x)
+	{
+	return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+	}
diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c
new file mode 100644
index 0000000000..499e12834a
--- /dev/null
+++ b/crypto/asn1/t_spki.c
@@ -0,0 +1,125 @@
+/* t_spki.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+
+/* Print out an SPKI */
+
+int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
+{
+	EVP_PKEY *pkey;
+	ASN1_IA5STRING *chal;
+	int i, n;
+	char *s;
+	BIO_printf(out, "Netscape SPKI:\n");
+	i=OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm);
+	BIO_printf(out,"  Public Key Algorithm: %s\n",
+				(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
+	pkey = X509_PUBKEY_get(spki->spkac->pubkey);
+	if(!pkey) BIO_printf(out, "  Unable to load public key\n");
+	else {
+#ifndef OPENSSL_NO_RSA
+		if (pkey->type == EVP_PKEY_RSA)
+			{
+			BIO_printf(out,"  RSA Public Key: (%d bit)\n",
+				BN_num_bits(pkey->pkey.rsa->n));
+			RSA_print(out,pkey->pkey.rsa,2);
+			}
+		else 
+#endif
+#ifndef OPENSSL_NO_DSA
+		if (pkey->type == EVP_PKEY_DSA)
+		{
+		BIO_printf(out,"  DSA Public Key:\n");
+		DSA_print(out,pkey->pkey.dsa,2);
+		}
+		else
+#endif
+#ifndef OPENSSL_NO_EC
+		if (pkey->type == EVP_PKEY_EC)
+		{
+			BIO_printf(out, "  EC Public Key:\n");
+			EC_KEY_print(out, pkey->pkey.eckey,2);
+		}
+		else
+#endif
+
+			BIO_printf(out,"  Unknown Public Key:\n");
+		EVP_PKEY_free(pkey);
+	}
+	chal = spki->spkac->challenge;
+	if(chal->length)
+		BIO_printf(out, "  Challenge String: %s\n", chal->data);
+	i=OBJ_obj2nid(spki->sig_algor->algorithm);
+	BIO_printf(out,"  Signature Algorithm: %s",
+				(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
+
+	n=spki->signature->length;
+	s=(char *)spki->signature->data;
+	for (i=0; i<n; i++)
+		{
+		if ((i%18) == 0) BIO_write(out,"\n      ",7);
+		BIO_printf(out,"%02x%s",(unsigned char)s[i],
+						((i+1) == n)?"":":");
+		}
+	BIO_write(out,"\n",1);
+	return 1;
+}
diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c
index 9a8c8bf0ca..36cef4605d 100644
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -58,21 +58,28 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "bn.h"
-#ifndef NO_RSA
-#include "rsa.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
 #endif
-#ifndef NO_DSA
-#include "dsa.h"
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
 #endif
-#include "objects.h"
-#include "x509.h"
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
+#endif
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
 
-#ifndef NO_FP_API
-int X509_print_fp(fp,x)
-FILE *fp;
-X509 *x;
+#ifndef OPENSSL_NO_FP_API
+int X509_print_fp(FILE *fp, X509 *x)
+	{
+	return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+	}
+
+int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)
         {
         BIO *b;
         int ret;
@@ -83,184 +90,246 @@ X509 *x;
                 return(0);
 		}
         BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=X509_print(b, x);
+        ret=X509_print_ex(b, x, nmflag, cflag);
         BIO_free(b);
         return(ret);
         }
 #endif
 
-int X509_print(bp,x)
-BIO *bp;
-X509 *x;
+int X509_print(BIO *bp, X509 *x)
+{
+	return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
+
+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 	{
 	long l;
-	int ret=0,i,j,n;
-	char *m=NULL,*s;
+	int ret=0,i;
+	char *m=NULL,mlch = ' ';
+	int nmindent = 0;
 	X509_CINF *ci;
 	ASN1_INTEGER *bs;
 	EVP_PKEY *pkey=NULL;
-	char *neg;
-	X509_EXTENSION *ex;
+	const char *neg;
 	ASN1_STRING *str=NULL;
 
+	if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+			mlch = '\n';
+			nmindent = 12;
+	}
+
+	if(nmflags == X509_FLAG_COMPAT)
+		nmindent = 16;
+
 	ci=x->cert_info;
-	if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
-	if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
-	l=X509_get_version(x);
-	if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
-	if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;
-
-	bs=X509_get_serialNumber(x);
-	if (bs->length <= 4)
+	if(!(cflag & X509_FLAG_NO_HEADER))
 		{
-		l=ASN1_INTEGER_get(bs);
-		if (l < 0)
-			{
-			l= -l;
-			neg="-";
-			}
-		else
-			neg="";
-		if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
-			goto err;
+		if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
+		if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
 		}
-	else
+	if(!(cflag & X509_FLAG_NO_VERSION))
 		{
-		neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
-		if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
+		l=X509_get_version(x);
+		if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
+		}
+	if(!(cflag & X509_FLAG_NO_SERIAL))
+		{
+
+		if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;
 
-		for (i=0; i<bs->length; i++)
+		bs=X509_get_serialNumber(x);
+		if (bs->length <= 4)
 			{
-			if (BIO_printf(bp,"%02x%c",bs->data[i],
-				((i+1 == bs->length)?'\n':':')) <= 0)
+			l=ASN1_INTEGER_get(bs);
+			if (l < 0)
+				{
+				l= -l;
+				neg="-";
+				}
+			else
+				neg="";
+			if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
 				goto err;
 			}
-		}
+		else
+			{
+			neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
+			if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
 
-	i=OBJ_obj2nid(ci->signature->algorithm);
-	if (BIO_printf(bp,"%8sSignature Algorithm: %s\n","",
-		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0)
-		goto err;
+			for (i=0; i<bs->length; i++)
+				{
+				if (BIO_printf(bp,"%02x%c",bs->data[i],
+					((i+1 == bs->length)?'\n':':')) <= 0)
+					goto err;
+				}
+			}
 
-	if (BIO_write(bp,"        Issuer: ",16) <= 0) goto err;
-	if (!X509_NAME_print(bp,X509_get_issuer_name(x),16)) goto err;
-	if (BIO_write(bp,"\n        Validity\n",18) <= 0) goto err;
-	if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
-	if (!ASN1_UTCTIME_print(bp,X509_get_notBefore(x))) goto err;
-	if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
-	if (!ASN1_UTCTIME_print(bp,X509_get_notAfter(x))) goto err;
-	if (BIO_write(bp,"\n        Subject: ",18) <= 0) goto err;
-	if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err;
-	if (BIO_write(bp,"\n        Subject Public Key Info:\n",34) <= 0)
-		goto err;
-	i=OBJ_obj2nid(ci->key->algor->algorithm);
-	if (BIO_printf(bp,"%12sPublic Key Algorithm: %s\n","",
-		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
+		}
 
-	pkey=X509_get_pubkey(x);
-	if (pkey == NULL)
+	if(!(cflag & X509_FLAG_NO_SIGNAME))
 		{
-		BIO_printf(bp,"%12sUnable to load Public Key\n","");
+		if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0) 
+			goto err;
+		if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)
+			goto err;
+		if (BIO_puts(bp, "\n") <= 0)
+			goto err;
 		}
-	else
-#ifndef NO_RSA
-	if (pkey->type == EVP_PKEY_RSA)
+
+	if(!(cflag & X509_FLAG_NO_ISSUER))
 		{
-		BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
-		BN_num_bits(pkey->pkey.rsa->n));
-		RSA_print(bp,pkey->pkey.rsa,16);
+		if (BIO_printf(bp,"        Issuer:%c",mlch) <= 0) goto err;
+		if (X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags) < 0) goto err;
+		if (BIO_write(bp,"\n",1) <= 0) goto err;
 		}
-	else
-#endif
-#ifndef NO_DSA
-	if (pkey->type == EVP_PKEY_DSA)
+	if(!(cflag & X509_FLAG_NO_VALIDITY))
 		{
-		BIO_printf(bp,"%12sDSA Public Key:\n","");
-		DSA_print(bp,pkey->pkey.dsa,16);
+		if (BIO_write(bp,"        Validity\n",17) <= 0) goto err;
+		if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
+		if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
+		if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
+		if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
+		if (BIO_write(bp,"\n",1) <= 0) goto err;
 		}
-	else
-#endif
-		BIO_printf(bp,"%12sUnknown Public Key:\n","");
-
-	n=X509_get_ext_count(x);
-	if (n > 0)
+	if(!(cflag & X509_FLAG_NO_SUBJECT))
 		{
-		BIO_printf(bp,"%8sX509v3 extensions:\n","");
-		for (i=0; i<n; i++)
-			{
-			int data_type,pack_type;
-			ASN1_OBJECT *obj;
-
-			ex=X509_get_ext(x,i);
-			if (BIO_printf(bp,"%12s","") <= 0) goto err;
-			obj=X509_EXTENSION_get_object(ex);
-			i2a_ASN1_OBJECT(bp,obj);
-			j=X509_EXTENSION_get_critical(ex);
-			if (BIO_printf(bp,": %s\n%16s",j?"critical":"","") <= 0)
-				goto err;
+		if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
+		if (X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags) < 0) goto err;
+		if (BIO_write(bp,"\n",1) <= 0) goto err;
+		}
+	if(!(cflag & X509_FLAG_NO_PUBKEY))
+		{
+		if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)
+			goto err;
+		if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
+			goto err;
+		if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
+			goto err;
+		if (BIO_puts(bp, "\n") <= 0)
+			goto err;
 
-			pack_type=X509v3_pack_type_by_OBJ(obj);
-			data_type=X509v3_data_type_by_OBJ(obj);
-			
-			if (pack_type == X509_EXT_PACK_STRING)
-				{
-				if (X509v3_unpack_string(
-					&str,data_type,
-					X509_EXTENSION_get_data(ex)) == NULL)
-					{
-					/* hmm... */
-					goto err;
-					}
-				if (	(data_type == V_ASN1_IA5STRING) ||
-					(data_type == V_ASN1_PRINTABLESTRING) ||
-					(data_type == V_ASN1_T61STRING))
-					{
-					if (BIO_write(bp,(char *)str->data,
-							str->length) <= 0)
-						goto err;
-					}
-				else if (data_type == V_ASN1_BIT_STRING)
-					{
-					BIO_printf(bp,"0x");
-					for (j=0; j<str->length; j++)
-						{
-						BIO_printf(bp,"%02X",
-							str->data[j]);
-						}
-					}
-				}
-			else
-				{
-				ASN1_OCTET_STRING_print(bp,ex->value);
-				}
-			if (BIO_write(bp,"\n",1) <= 0) goto err;
+		pkey=X509_get_pubkey(x);
+		if (pkey == NULL)
+			{
+			BIO_printf(bp,"%12sUnable to load Public Key\n","");
+			ERR_print_errors(bp);
+			}
+		else
+#ifndef OPENSSL_NO_RSA
+		if (pkey->type == EVP_PKEY_RSA)
+			{
+			BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
+			BN_num_bits(pkey->pkey.rsa->n));
+			RSA_print(bp,pkey->pkey.rsa,16);
+			}
+		else
+#endif
+#ifndef OPENSSL_NO_DSA
+		if (pkey->type == EVP_PKEY_DSA)
+			{
+			BIO_printf(bp,"%12sDSA Public Key:\n","");
+			DSA_print(bp,pkey->pkey.dsa,16);
+			}
+		else
+#endif
+#ifndef OPENSSL_NO_EC
+		if (pkey->type == EVP_PKEY_EC)
+			{
+			BIO_printf(bp, "%12sEC Public Key:\n","");
+			EC_KEY_print(bp, pkey->pkey.eckey, 16);
 			}
+		else
+#endif
+			BIO_printf(bp,"%12sUnknown Public Key:\n","");
+
+		EVP_PKEY_free(pkey);
 		}
 
-	i=OBJ_obj2nid(x->sig_alg->algorithm);
-	if (BIO_printf(bp,"%4sSignature Algorithm: %s","",
-		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err;
+	if (!(cflag & X509_FLAG_NO_EXTENSIONS))
+		X509V3_extensions_print(bp, "X509v3 extensions",
+					ci->extensions, cflag, 8);
 
-	n=x->signature->length;
-	s=(char *)x->signature->data;
-	for (i=0; i<n; i++)
+	if(!(cflag & X509_FLAG_NO_SIGDUMP))
 		{
-		if ((i%18) == 0)
-			if (BIO_write(bp,"\n        ",9) <= 0) goto err;
-		if (BIO_printf(bp,"%02x%s",(unsigned char)s[i],
-			((i+1) == n)?"":":") <= 0) goto err;
+		if(X509_signature_print(bp, x->sig_alg, x->signature) <= 0) goto err;
+		}
+	if(!(cflag & X509_FLAG_NO_AUX))
+		{
+		if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;
 		}
-	if (BIO_write(bp,"\n",1) != 1) goto err;
 	ret=1;
 err:
 	if (str != NULL) ASN1_STRING_free(str);
-	if (m != NULL) Free((char *)m);
+	if (m != NULL) OPENSSL_free(m);
 	return(ret);
 	}
 
-int ASN1_STRING_print(bp,v)
-BIO *bp;
-ASN1_STRING *v;
+int X509_ocspid_print (BIO *bp, X509 *x)
+	{
+	unsigned char *der=NULL ;
+	unsigned char *dertmp;
+	int derlen;
+	int i;
+	unsigned char SHA1md[SHA_DIGEST_LENGTH];
+
+	/* display the hash of the subject as it would appear
+	   in OCSP requests */
+	if (BIO_printf(bp,"        Subject OCSP hash: ") <= 0)
+		goto err;
+	derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
+	if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL)
+		goto err;
+	i2d_X509_NAME(x->cert_info->subject, &dertmp);
+
+	EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL);
+	for (i=0; i < SHA_DIGEST_LENGTH; i++)
+		{
+		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
+		}
+	OPENSSL_free (der);
+	der=NULL;
+
+	/* display the hash of the public key as it would appear
+	   in OCSP requests */
+	if (BIO_printf(bp,"\n        Public key OCSP hash: ") <= 0)
+		goto err;
+
+	EVP_Digest(x->cert_info->key->public_key->data,
+		x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1(), NULL);
+	for (i=0; i < SHA_DIGEST_LENGTH; i++)
+		{
+		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
+			goto err;
+		}
+	BIO_printf(bp,"\n");
+
+	return (1);
+err:
+	if (der != NULL) OPENSSL_free(der);
+	return(0);
+	}
+
+int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
+{
+	unsigned char *s;
+	int i, n;
+	if (BIO_puts(bp,"    Signature Algorithm: ") <= 0) return 0;
+	if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0;
+
+	n=sig->length;
+	s=sig->data;
+	for (i=0; i<n; i++)
+		{
+		if ((i%18) == 0)
+			if (BIO_write(bp,"\n        ",9) <= 0) return 0;
+			if (BIO_printf(bp,"%02x%s",s[i],
+				((i+1) == n)?"":":") <= 0) return 0;
+		}
+	if (BIO_write(bp,"\n",1) != 1) return 0;
+	return 1;
+}
+
+int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
 	{
 	int i,n;
 	char buf[80],*p;;
@@ -289,15 +358,59 @@ ASN1_STRING *v;
 	return(1);
 	}
 
-int ASN1_UTCTIME_print(bp,tm)
-BIO *bp;
-ASN1_UTCTIME *tm;
+int ASN1_TIME_print(BIO *bp, ASN1_TIME *tm)
+{
+	if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm);
+	if(tm->type == V_ASN1_GENERALIZEDTIME)
+				return ASN1_GENERALIZEDTIME_print(bp, tm);
+	BIO_write(bp,"Bad time value",14);
+	return(0);
+}
+
+static const char *mon[12]=
+    {
+    "Jan","Feb","Mar","Apr","May","Jun",
+    "Jul","Aug","Sep","Oct","Nov","Dec"
+    };
+
+int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)
+	{
+	char *v;
+	int gmt=0;
+	int i;
+	int y=0,M=0,d=0,h=0,m=0,s=0;
+
+	i=tm->length;
+	v=(char *)tm->data;
+
+	if (i < 12) goto err;
+	if (v[i-1] == 'Z') gmt=1;
+	for (i=0; i<12; i++)
+		if ((v[i] > '9') || (v[i] < '0')) goto err;
+	y= (v[0]-'0')*1000+(v[1]-'0')*100 + (v[2]-'0')*10+(v[3]-'0');
+	M= (v[4]-'0')*10+(v[5]-'0');
+	if ((M > 12) || (M < 1)) goto err;
+	d= (v[6]-'0')*10+(v[7]-'0');
+	h= (v[8]-'0')*10+(v[9]-'0');
+	m=  (v[10]-'0')*10+(v[11]-'0');
+	if (	(v[12] >= '0') && (v[12] <= '9') &&
+		(v[13] >= '0') && (v[13] <= '9'))
+		s=  (v[12]-'0')*10+(v[13]-'0');
+
+	if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
+		mon[M-1],d,h,m,s,y,(gmt)?" GMT":"") <= 0)
+		return(0);
+	else
+		return(1);
+err:
+	BIO_write(bp,"Bad time value",14);
+	return(0);
+	}
+
+int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm)
 	{
 	char *v;
 	int gmt=0;
-	static char *mon[12]={
-		"Jan","Feb","Mar","Apr","May","Jun",
-		"Jul","Aug","Sep","Oct","Nov","Dec"};
 	int i;
 	int y=0,M=0,d=0,h=0,m=0,s=0;
 
@@ -329,24 +442,26 @@ err:
 	return(0);
 	}
 
-int X509_NAME_print(bp,name,obase)
-BIO *bp;
-X509_NAME *name;
-int obase;
+int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
 	{
-	char *s,*c;
+	char *s,*c,*b;
 	int ret=0,l,ll,i,first=1;
-	char buf[256];
 
 	ll=80-2-obase;
 
-	s=X509_NAME_oneline(name,buf,256);
+	b=s=X509_NAME_oneline(name,NULL,0);
+	if (!*s)
+		{
+		OPENSSL_free(b);
+		return 1;
+		}
 	s++; /* skip the first slash */
 
 	l=ll;
 	c=s;
 	for (;;)
 		{
+#ifndef CHARSET_EBCDIC
 		if (	((*s == '/') &&
 				((s[1] >= 'A') && (s[1] <= 'Z') && (
 					(s[2] == '=') ||
@@ -354,6 +469,15 @@ int obase;
 					(s[3] == '='))
 				 ))) ||
 			(*s == '\0'))
+#else
+		if (	((*s == '/') &&
+				(isupper(s[1]) && (
+					(s[2] == '=') ||
+					(isupper(s[2]) &&
+					(s[3] == '='))
+				 ))) ||
+			(*s == '\0'))
+#endif
 			{
 			if ((l <= 0) && !first)
 				{
@@ -386,6 +510,7 @@ int obase;
 err:
 		X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB);
 		}
+	OPENSSL_free(b);
 	return(ret);
 	}
 
diff --git a/crypto/asn1/t_x509a.c b/crypto/asn1/t_x509a.c
new file mode 100644
index 0000000000..ffbbfb51f4
--- /dev/null
+++ b/crypto/asn1/t_x509a.c
@@ -0,0 +1,110 @@
+/* t_x509a.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+
+/* X509_CERT_AUX and string set routines
+ */
+
+int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
+{
+	char oidstr[80], first;
+	int i;
+	if(!aux) return 1;
+	if(aux->trust) {
+		first = 1;
+		BIO_printf(out, "%*sTrusted Uses:\n%*s",
+						indent, "", indent + 2, "");
+		for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
+			if(!first) BIO_puts(out, ", ");
+			else first = 0;
+			OBJ_obj2txt(oidstr, sizeof oidstr,
+				sk_ASN1_OBJECT_value(aux->trust, i), 0);
+			BIO_puts(out, oidstr);
+		}
+		BIO_puts(out, "\n");
+	} else BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
+	if(aux->reject) {
+		first = 1;
+		BIO_printf(out, "%*sRejected Uses:\n%*s",
+						indent, "", indent + 2, "");
+		for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
+			if(!first) BIO_puts(out, ", ");
+			else first = 0;
+			OBJ_obj2txt(oidstr, sizeof oidstr,
+				sk_ASN1_OBJECT_value(aux->reject, i), 0);
+			BIO_puts(out, oidstr);
+		}
+		BIO_puts(out, "\n");
+	} else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
+	if(aux->alias) BIO_printf(out, "%*sAlias: %s\n", indent, "",
+							aux->alias->data);
+	if(aux->keyid) {
+		BIO_printf(out, "%*sKey Id: ", indent, "");
+		for(i = 0; i < aux->keyid->length; i++) 
+			BIO_printf(out, "%s%02X", 
+				i ? ":" : "",
+				aux->keyid->data[i]);
+		BIO_write(out,"\n",1);
+	}
+	return 1;
+}
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
new file mode 100644
index 0000000000..75bbafacd7
--- /dev/null
+++ b/crypto/asn1/tasn_dec.c
@@ -0,0 +1,959 @@
+/* tasn_dec.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+static int asn1_check_eoc(unsigned char **in, long len);
+static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass);
+static int collect_data(BUF_MEM *buf, unsigned char **p, long plen);
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst,
+			unsigned char **in, long len, int exptag, int expclass, char opt, ASN1_TLC *ctx);
+static int asn1_template_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx);
+static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx);
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long len,
+					const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+/* Table to convert tags to bit values, used for MSTRING type */
+static unsigned long tag2bit[32]={
+0,	0,	0,	B_ASN1_BIT_STRING,	/* tags  0 -  3 */
+B_ASN1_OCTET_STRING,	0,	0,		B_ASN1_UNKNOWN,/* tags  4- 7 */
+B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags  8-11 */
+B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
+0,	0,	B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING,   /* tags 16-19 */
+B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,       /* tags 20-22 */
+B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,			       /* tags 23-24 */	
+B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,  /* tags 25-27 */
+B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */
+	};
+
+unsigned long ASN1_tag2bit(int tag)
+{
+	if((tag < 0) || (tag > 30)) return 0;
+	return tag2bit[tag];
+}
+
+/* Macro to initialize and invalidate the cache */
+
+#define asn1_tlc_clear(c)	if(c) (c)->valid = 0
+
+/* Decode an ASN1 item, this currently behaves just 
+ * like a standard 'd2i' function. 'in' points to 
+ * a buffer to read the data from, in future we will
+ * have more advanced versions that can input data
+ * a piece at a time and this will simply be a special
+ * case.
+ */
+
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it)
+{
+	ASN1_TLC c;
+	ASN1_VALUE *ptmpval = NULL;
+	if(!pval) pval = &ptmpval;
+	asn1_tlc_clear(&c);
+	if(ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
+		return *pval;
+	return NULL;
+}
+
+int ASN1_template_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_TEMPLATE *tt)
+{
+	ASN1_TLC c;
+	asn1_tlc_clear(&c);
+	return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
+}
+
+
+/* Decode an item, taking care of IMPLICIT tagging, if any.
+ * If 'opt' set and tag mismatch return -1 to handle OPTIONAL
+ */
+
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, unsigned char **in, long len, const ASN1_ITEM *it,
+				int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+	const ASN1_TEMPLATE *tt, *errtt = NULL;
+	const ASN1_COMPAT_FUNCS *cf;
+	const ASN1_EXTERN_FUNCS *ef;
+	const ASN1_AUX *aux = it->funcs;
+	ASN1_aux_cb *asn1_cb;
+	unsigned char *p, *q, imphack = 0, oclass;
+	char seq_eoc, seq_nolen, cst, isopt;
+	long tmplen;
+	int i;
+	int otag;
+	int ret = 0;
+	ASN1_VALUE *pchval, **pchptr, *ptmpval;
+	if(!pval) return 0;
+	if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
+	else asn1_cb = 0;
+
+	switch(it->itype) {
+
+		case ASN1_ITYPE_PRIMITIVE:
+		if(it->templates) {
+			/* tagging or OPTIONAL is currently illegal on an item template
+			 * because the flags can't get passed down. In practice this isn't
+			 * a problem: we include the relevant flags from the item template
+			 * in the template itself.
+			 */
+			if ((tag != -1) || opt) {
+				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
+				goto err;
+			}
+			return asn1_template_ex_d2i(pval, in, len, it->templates, opt, ctx);
+		}
+		return asn1_d2i_ex_primitive(pval, in, len, it, tag, aclass, opt, ctx);
+		break;
+
+		case ASN1_ITYPE_MSTRING:
+		p = *in;
+		/* Just read in tag and class */
+		ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, &p, len, -1, 0, 1, ctx);
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+			goto err;
+		} 
+		/* Must be UNIVERSAL class */
+		if(oclass != V_ASN1_UNIVERSAL) {
+			/* If OPTIONAL, assume this is OK */
+			if(opt) return -1;
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
+			goto err;
+		} 
+		/* Check tag matches bit map */
+		if(!(ASN1_tag2bit(otag) & it->utype)) {
+			/* If OPTIONAL, assume this is OK */
+			if(opt) return -1;
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_WRONG_TAG);
+			goto err;
+		} 
+		return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx);
+
+		case ASN1_ITYPE_EXTERN:
+		/* Use new style d2i */
+		ef = it->funcs;
+		return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx);
+
+		case ASN1_ITYPE_COMPAT:
+		/* we must resort to old style evil hackery */
+		cf = it->funcs;
+
+		/* If OPTIONAL see if it is there */
+		if(opt) {
+			int exptag;
+			p = *in;
+			if(tag == -1) exptag = it->utype;
+			else exptag = tag;
+			/* Don't care about anything other than presence of expected tag */
+			ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL, &p, len, exptag, aclass, 1, ctx);
+			if(!ret) {
+				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+				goto err;
+			}
+			if(ret == -1) return -1;
+		}
+		/* This is the old style evil hack IMPLICIT handling:
+		 * since the underlying code is expecting a tag and
+		 * class other than the one present we change the
+		 * buffer temporarily then change it back afterwards.
+		 * This doesn't and never did work for tags > 30.
+		 *
+		 * Yes this is *horrible* but it is only needed for
+		 * old style d2i which will hopefully not be around
+		 * for much longer.
+		 * FIXME: should copy the buffer then modify it so
+		 * the input buffer can be const: we should *always*
+		 * copy because the old style d2i might modify the
+		 * buffer.
+		 */
+
+		if(tag != -1) {
+			p = *in;
+			imphack = *p;
+			*p = (unsigned char)((*p & V_ASN1_CONSTRUCTED) | it->utype);
+		}
+
+		ptmpval = cf->asn1_d2i(pval, in, len);
+
+		if(tag != -1) *p = imphack;
+
+		if(ptmpval) return 1;
+		ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+		goto err;
+
+
+		case ASN1_ITYPE_CHOICE:
+		if(asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+				goto auxerr;
+
+		/* Allocate structure */
+		if(!*pval) {
+			if(!ASN1_item_ex_new(pval, it)) {
+				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+				goto err;
+			}
+		}
+		/* CHOICE type, try each possibility in turn */
+		pchval = NULL;
+		p = *in;
+		for(i = 0, tt=it->templates; i < it->tcount; i++, tt++) {
+			pchptr = asn1_get_field_ptr(pval, tt);
+			/* We mark field as OPTIONAL so its absence
+			 * can be recognised.
+			 */
+			ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
+			/* If field not present, try the next one */
+			if(ret == -1) continue;
+			/* If positive return, read OK, break loop */
+			if(ret > 0) break;
+			/* Otherwise must be an ASN1 parsing error */
+			errtt = tt;
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+			goto err;
+		}
+		/* Did we fall off the end without reading anything? */
+		if(i == it->tcount) {
+			/* If OPTIONAL, this is OK */
+			if(opt) {
+				/* Free and zero it */
+				ASN1_item_ex_free(pval, it);
+				return -1;
+			}
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE);
+			goto err;
+		}
+		asn1_set_choice_selector(pval, i, it);
+		*in = p;
+		if(asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+				goto auxerr;
+		return 1;
+
+		case ASN1_ITYPE_NDEF_SEQUENCE:
+		case ASN1_ITYPE_SEQUENCE:
+		p = *in;
+		tmplen = len;
+
+		/* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+		if(tag == -1) {
+			tag = V_ASN1_SEQUENCE;
+			aclass = V_ASN1_UNIVERSAL;
+		}
+		/* Get SEQUENCE length and update len, p */
+		ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, &p, len, tag, aclass, opt, ctx);
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+			goto err;
+		} else if(ret == -1) return -1;
+		if(aux && (aux->flags & ASN1_AFLG_BROKEN)) {
+			len = tmplen - (p - *in);
+			seq_nolen = 1;
+		} else seq_nolen = seq_eoc;	/* If indefinite we don't do a length check */
+		if(!cst) {
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
+			goto err;
+		}
+
+		if(!*pval) {
+			if(!ASN1_item_ex_new(pval, it)) {
+				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+				goto err;
+			}
+		}
+		if(asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+				goto auxerr;
+
+		/* Get each field entry */
+		for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+			const ASN1_TEMPLATE *seqtt;
+			ASN1_VALUE **pseqval;
+			seqtt = asn1_do_adb(pval, tt, 1);
+			if(!seqtt) goto err;
+			pseqval = asn1_get_field_ptr(pval, seqtt);
+			/* Have we ran out of data? */
+			if(!len) break;
+			q = p;
+			if(asn1_check_eoc(&p, len)) {
+				if(!seq_eoc) {
+					ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_UNEXPECTED_EOC);
+					goto err;
+				}
+				len -= p - q;
+				seq_eoc = 0;
+				q = p;
+				break;
+			}
+			/* This determines the OPTIONAL flag value. The field cannot
+			 * be omitted if it is the last of a SEQUENCE and there is
+			 * still data to be read. This isn't strictly necessary but
+			 * it increases efficiency in some cases.
+			 */
+			if(i == (it->tcount - 1)) isopt = 0;
+			else isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
+			/* attempt to read in field, allowing each to be OPTIONAL */
+			ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx);
+			if(!ret) {
+				errtt = seqtt;
+				goto err;
+			} else if(ret == -1) {
+				/* OPTIONAL component absent. Free and zero the field
+				 */
+				ASN1_template_free(pseqval, seqtt);
+				continue;
+			}
+			/* Update length */
+			len -= p - q;
+		}
+		/* Check for EOC if expecting one */
+		if(seq_eoc && !asn1_check_eoc(&p, len)) {
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC);
+			goto err;
+		}
+		/* Check all data read */
+		if(!seq_nolen && len) {
+			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH);
+			goto err;
+		}
+
+		/* If we get here we've got no more data in the SEQUENCE,
+		 * however we may not have read all fields so check all
+		 * remaining are OPTIONAL and clear any that are.
+		 */
+		for(; i < it->tcount; tt++, i++) {
+			const ASN1_TEMPLATE *seqtt;
+			seqtt = asn1_do_adb(pval, tt, 1);
+			if(!seqtt) goto err;
+			if(seqtt->flags & ASN1_TFLG_OPTIONAL) {
+				ASN1_VALUE **pseqval;
+				pseqval = asn1_get_field_ptr(pval, seqtt);
+				ASN1_template_free(pseqval, seqtt);
+			} else {
+				errtt = seqtt;
+				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_FIELD_MISSING);
+				goto err;
+			}
+		}
+		/* Save encoding */
+		if(!asn1_enc_save(pval, *in, p - *in, it)) goto auxerr;
+		*in = p;
+		if(asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+				goto auxerr;
+		return 1;
+
+		default:
+		return 0;
+	}
+	auxerr:
+	ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
+	err:
+	ASN1_item_ex_free(pval, it);
+	if(errtt) ERR_add_error_data(4, "Field=", errtt->field_name, ", Type=", it->sname);
+	else ERR_add_error_data(2, "Type=", it->sname);
+	return 0;
+}
+
+/* Templates are handled with two separate functions. One handles any EXPLICIT tag and the other handles the
+ * rest.
+ */
+
+static int asn1_template_ex_d2i(ASN1_VALUE **val, unsigned char **in, long inlen, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx)
+{
+	int flags, aclass;
+	int ret;
+	long len;
+	unsigned char *p, *q;
+	char exp_eoc;
+	if(!val) return 0;
+	flags = tt->flags;
+	aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+	p = *in;
+
+	/* Check if EXPLICIT tag expected */
+	if(flags & ASN1_TFLG_EXPTAG) {
+		char cst;
+		/* Need to work out amount of data available to the inner content and where it
+		 * starts: so read in EXPLICIT header to get the info.
+		 */
+		ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst, &p, inlen, tt->tag, aclass, opt, ctx);
+		q = p;
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+			return 0;
+		} else if(ret == -1) return -1;
+		if(!cst) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
+			return 0;
+		}
+		/* We've found the field so it can't be OPTIONAL now */
+		ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+			return 0;
+		}
+		/* We read the field in OK so update length */
+		len -= p - q;
+		if(exp_eoc) {
+			/* If NDEF we must have an EOC here */
+			if(!asn1_check_eoc(&p, len)) {
+				ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_MISSING_EOC);
+				goto err;
+			}
+		} else {
+			/* Otherwise we must hit the EXPLICIT tag end or its an error */
+			if(len) {
+				ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_EXPLICIT_LENGTH_MISMATCH);
+				goto err;
+			}
+		}
+	} else 
+		return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);
+
+	*in = p;
+	return 1;
+
+	err:
+	ASN1_template_free(val, tt);
+	*val = NULL;
+	return 0;
+}
+
+static int asn1_template_noexp_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, ASN1_TLC *ctx)
+{
+	int flags, aclass;
+	int ret;
+	unsigned char *p, *q;
+	if(!val) return 0;
+	flags = tt->flags;
+	aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+	p = *in;
+	q = p;
+
+	if(flags & ASN1_TFLG_SK_MASK) {
+		/* SET OF, SEQUENCE OF */
+		int sktag, skaclass;
+		char sk_eoc;
+		/* First work out expected inner tag value */
+		if(flags & ASN1_TFLG_IMPTAG) {
+			sktag = tt->tag;
+			skaclass = aclass;
+		} else {
+			skaclass = V_ASN1_UNIVERSAL;
+			if(flags & ASN1_TFLG_SET_OF) sktag = V_ASN1_SET;
+			else sktag = V_ASN1_SEQUENCE;
+		}
+		/* Get the tag */
+		ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL, &p, len, sktag, skaclass, opt, ctx);
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+			return 0;
+		} else if(ret == -1) return -1;
+		if(!*val) *val = (ASN1_VALUE *)sk_new_null();
+		else {
+			/* We've got a valid STACK: free up any items present */
+			STACK *sktmp = (STACK *)*val;
+			ASN1_VALUE *vtmp;
+			while(sk_num(sktmp) > 0) {
+				vtmp = (ASN1_VALUE *)sk_pop(sktmp);
+				ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item));
+			}
+		}
+				
+		if(!*val) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+		/* Read as many items as we can */
+		while(len > 0) {
+			ASN1_VALUE *skfield;
+			q = p;
+			/* See if EOC found */
+			if(asn1_check_eoc(&p, len)) {
+				if(!sk_eoc) {
+					ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_UNEXPECTED_EOC);
+					goto err;
+				}
+				len -= p - q;
+				sk_eoc = 0;
+				break;
+			}
+			skfield = NULL;
+			if(!ASN1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
+				ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
+				goto err;
+			}
+			len -= p - q;
+			if(!sk_push((STACK *)*val, (char *)skfield)) {
+				ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_MALLOC_FAILURE);
+				goto err;
+			}
+		}
+		if(sk_eoc) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ASN1_R_MISSING_EOC);
+			goto err;
+		}
+	} else if(flags & ASN1_TFLG_IMPTAG) {
+		/* IMPLICIT tagging */
+		ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx);
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
+			goto err;
+		} else if(ret == -1) return -1;
+	} else {
+		/* Nothing special */
+		ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, opt, ctx);
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_D2I, ERR_R_NESTED_ASN1_ERROR);
+			goto err;
+		} else if(ret == -1) return -1;
+	}
+
+	*in = p;
+	return 1;
+
+	err:
+	ASN1_template_free(val, tt);
+	*val = NULL;
+	return 0;
+}
+
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, unsigned char **in, long inlen, 
+						const ASN1_ITEM *it,
+						int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+	int ret = 0, utype;
+	long plen;
+	char cst, inf, free_cont = 0;
+	unsigned char *p;
+	BUF_MEM buf;
+	unsigned char *cont = NULL;
+	long len; 
+	if(!pval) {
+		ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
+		return 0; /* Should never happen */
+	}
+
+	if(it->itype == ASN1_ITYPE_MSTRING) {
+		utype = tag;
+		tag = -1;
+	} else utype = it->utype;
+
+	if(utype == V_ASN1_ANY) {
+		/* If type is ANY need to figure out type from tag */
+		unsigned char oclass;
+		if(tag >= 0) {
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_TAGGED_ANY);
+			return 0;
+		}
+		if(opt) {
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_OPTIONAL_ANY);
+			return 0;
+		}
+		p = *in;
+		ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL, &p, inlen, -1, 0, 0, ctx);
+		if(!ret) {
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+			return 0;
+		}
+		if(oclass != V_ASN1_UNIVERSAL) utype = V_ASN1_OTHER;
+	}
+	if(tag == -1) {
+		tag = utype;
+		aclass = V_ASN1_UNIVERSAL;
+	}
+	p = *in;
+	/* Check header */
+	ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst, &p, inlen, tag, aclass, opt, ctx);
+	if(!ret) {
+		ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+		return 0;
+	} else if(ret == -1) return -1;
+	/* SEQUENCE, SET and "OTHER" are left in encoded form */
+	if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) {
+		/* Clear context cache for type OTHER because the auto clear when
+		 * we have a exact match wont work
+		 */
+		if(utype == V_ASN1_OTHER) {
+			asn1_tlc_clear(ctx);
+		/* SEQUENCE and SET must be constructed */
+		} else if(!cst) {
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_CONSTRUCTED);
+			return 0;
+		}
+
+		cont = *in;
+		/* If indefinite length constructed find the real end */
+		if(inf) {
+			if(!asn1_collect(NULL, &p, plen, inf, -1, -1)) goto err;
+			len = p - cont;
+		} else {
+			len = p - cont + plen;
+			p += plen;
+			buf.data = NULL;
+		}
+	} else if(cst) {
+		buf.length = 0;
+		buf.max = 0;
+		buf.data = NULL;
+		/* Should really check the internal tags are correct but
+		 * some things may get this wrong. The relevant specs
+		 * say that constructed string types should be OCTET STRINGs
+		 * internally irrespective of the type. So instead just check
+		 * for UNIVERSAL class and ignore the tag.
+		 */
+		if(!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) goto err;
+		len = buf.length;
+		/* Append a final null to string */
+		if(!BUF_MEM_grow_clean(&buf, len + 1)) {
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
+			return 0;
+		}
+		buf.data[len] = 0;
+		cont = (unsigned char *)buf.data;
+		free_cont = 1;
+	} else {
+		cont = p;
+		len = plen;
+		p += plen;
+	}
+
+	/* We now have content length and type: translate into a structure */
+	if(!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) goto err;
+
+	*in = p;
+	ret = 1;
+	err:
+	if(free_cont && buf.data) OPENSSL_free(buf.data);
+	return ret;
+}
+
+/* Translate ASN1 content octets into a structure */
+
+int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
+{
+	ASN1_STRING *stmp;
+	ASN1_TYPE *typ = NULL;
+	int ret = 0;
+	const ASN1_PRIMITIVE_FUNCS *pf;
+	ASN1_INTEGER **tint;
+	pf = it->funcs;
+	if(pf && pf->prim_c2i) return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
+	/* If ANY type clear type and set pointer to internal value */
+	if(it->utype == V_ASN1_ANY) {
+		if(!*pval) {
+			typ = ASN1_TYPE_new();
+			*pval = (ASN1_VALUE *)typ;
+		} else typ = (ASN1_TYPE *)*pval;
+		if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
+		pval = (ASN1_VALUE **)&typ->value.ptr;
+	}
+	switch(utype) {
+		case V_ASN1_OBJECT:
+		if(!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) goto err;
+		break;
+
+		case V_ASN1_NULL:
+		if(len) {
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_NULL_IS_WRONG_LENGTH);
+			goto err;
+		}
+		*pval = (ASN1_VALUE *)1;
+		break;
+
+		case V_ASN1_BOOLEAN:
+		if(len != 1) {
+			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
+			goto err;
+		} else {
+			ASN1_BOOLEAN *tbool;
+			tbool = (ASN1_BOOLEAN *)pval;
+			*tbool = *cont;
+		}
+		break;
+
+		case V_ASN1_BIT_STRING:
+		if(!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) goto err;
+		break;
+
+		case V_ASN1_INTEGER:
+		case V_ASN1_NEG_INTEGER:
+		case V_ASN1_ENUMERATED:
+		case V_ASN1_NEG_ENUMERATED:
+		tint = (ASN1_INTEGER **)pval;
+		if(!c2i_ASN1_INTEGER(tint, &cont, len)) goto err;
+		/* Fixup type to match the expected form */
+		(*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
+		break;
+
+		case V_ASN1_OCTET_STRING:
+		case V_ASN1_NUMERICSTRING:
+		case V_ASN1_PRINTABLESTRING:
+		case V_ASN1_T61STRING:
+		case V_ASN1_VIDEOTEXSTRING:
+		case V_ASN1_IA5STRING:
+		case V_ASN1_UTCTIME:
+		case V_ASN1_GENERALIZEDTIME:
+		case V_ASN1_GRAPHICSTRING:
+		case V_ASN1_VISIBLESTRING:
+		case V_ASN1_GENERALSTRING:
+		case V_ASN1_UNIVERSALSTRING:
+		case V_ASN1_BMPSTRING:
+		case V_ASN1_UTF8STRING:
+		case V_ASN1_OTHER:
+		case V_ASN1_SET:
+		case V_ASN1_SEQUENCE:
+		default:
+		/* All based on ASN1_STRING and handled the same */
+		if(!*pval) {
+			stmp = ASN1_STRING_type_new(utype);
+			if(!stmp) {
+				ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
+				goto err;
+			}
+			*pval = (ASN1_VALUE *)stmp;
+		} else {
+			stmp = (ASN1_STRING *)*pval;
+			stmp->type = utype;
+		}
+		/* If we've already allocated a buffer use it */
+		if(*free_cont) {
+			if(stmp->data) OPENSSL_free(stmp->data);
+			stmp->data = cont;
+			stmp->length = len;
+			*free_cont = 0;
+		} else {
+			if(!ASN1_STRING_set(stmp, cont, len)) {
+				ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
+				ASN1_STRING_free(stmp);	
+				*pval = NULL;
+				goto err;
+			}
+		}
+		break;
+	}
+	/* If ASN1_ANY and NULL type fix up value */
+	if(typ && utype==V_ASN1_NULL) typ->value.ptr = NULL;
+
+	ret = 1;
+	err:
+	if(!ret) ASN1_TYPE_free(typ);
+	return ret;
+}
+
+/* This function collects the asn1 data from a constructred string
+ * type into a buffer. The values of 'in' and 'len' should refer
+ * to the contents of the constructed type and 'inf' should be set
+ * if it is indefinite length. If 'buf' is NULL then we just want
+ * to find the end of the current structure: useful for indefinite
+ * length constructed stuff.
+ */
+
+static int asn1_collect(BUF_MEM *buf, unsigned char **in, long len, char inf, int tag, int aclass)
+{
+	unsigned char *p, *q;
+	long plen;
+	char cst, ininf;
+	p = *in;
+	inf &= 1;
+	/* If no buffer and not indefinite length constructed just pass over the encoded data */
+	if(!buf && !inf) {
+		*in += len;
+		return 1;
+	}
+	while(len > 0) {
+		q = p;
+		/* Check for EOC */
+		if(asn1_check_eoc(&p, len)) {
+			/* EOC is illegal outside indefinite length constructed form */
+			if(!inf) {
+				ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_UNEXPECTED_EOC);
+				return 0;
+			}
+			inf = 0;
+			break;
+		}
+		if(!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, len, tag, aclass, 0, NULL)) {
+			ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);
+			return 0;
+		}
+		/* If indefinite length constructed update max length */
+		if(cst) {
+			if(!asn1_collect(buf, &p, plen, ininf, tag, aclass)) return 0;
+		} else {
+			if(!collect_data(buf, &p, plen)) return 0;
+		}
+		len -= p - q;
+	}
+	if(inf) {
+		ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);
+		return 0;
+	}
+	*in = p;
+	return 1;
+}
+
+static int collect_data(BUF_MEM *buf, unsigned char **p, long plen)
+{
+		int len;
+		if(buf) {
+			len = buf->length;
+			if(!BUF_MEM_grow_clean(buf, len + plen)) {
+				ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
+				return 0;
+			}
+			memcpy(buf->data + len, *p, plen);
+		}
+		*p += plen;
+		return 1;
+}
+
+/* Check for ASN1 EOC and swallow it if found */
+
+static int asn1_check_eoc(unsigned char **in, long len)
+{
+	unsigned char *p;
+	if(len < 2) return 0;
+	p = *in;
+	if(!p[0] && !p[1]) {
+		*in += 2;
+		return 1;
+	}
+	return 0;
+}
+
+/* Check an ASN1 tag and length: a bit like ASN1_get_object
+ * but it sets the length for indefinite length constructed
+ * form, we don't know the exact length but we can set an
+ * upper bound to the amount of data available minus the
+ * header length just read.
+ */
+
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, char *inf, char *cst,
+		unsigned char **in, long len, int exptag, int expclass, char opt, ASN1_TLC *ctx)
+{
+	int i;
+	int ptag, pclass;
+	long plen;
+	unsigned char *p, *q;
+	p = *in;
+	q = p;
+
+	if(ctx && ctx->valid) {
+		i = ctx->ret;
+		plen = ctx->plen;
+		pclass = ctx->pclass;
+		ptag = ctx->ptag;
+		p += ctx->hdrlen;
+	} else {
+		i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
+		if(ctx) {
+			ctx->ret = i;
+			ctx->plen = plen;
+			ctx->pclass = pclass;
+			ctx->ptag = ptag;
+			ctx->hdrlen = p - q;
+			ctx->valid = 1;
+			/* If definite length, and no error, length +
+			 * header can't exceed total amount of data available. 
+			 */
+			if(!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
+				ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG);
+				asn1_tlc_clear(ctx);
+				return 0;
+			}
+		}
+	}
+
+	if(i & 0x80) {
+		ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
+		asn1_tlc_clear(ctx);
+		return 0;
+	}
+	if(exptag >= 0) {
+		if((exptag != ptag) || (expclass != pclass)) {
+			/* If type is OPTIONAL, not an error, but indicate missing
+			 * type.
+			 */
+			if(opt) return -1;
+			asn1_tlc_clear(ctx);
+			ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
+			return 0;
+		}
+		/* We have a tag and class match, so assume we are going to do something with it */
+		asn1_tlc_clear(ctx);
+	}
+
+	if(i & 1) plen = len - (p - q);
+
+	if(inf) *inf = i & 1;
+
+	if(cst) *cst = i & V_ASN1_CONSTRUCTED;
+
+	if(olen) *olen = plen;
+	if(oclass) *oclass = pclass;
+	if(otag) *otag = ptag;
+
+	*in = p;
+	return 1;
+}
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
new file mode 100644
index 0000000000..5ce38e1920
--- /dev/null
+++ b/crypto/asn1/tasn_enc.c
@@ -0,0 +1,614 @@
+/* tasn_enc.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
+					const ASN1_ITEM *it,
+					int tag, int aclass);
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
+					int skcontlen, const ASN1_ITEM *item,
+					int do_sort, int iclass);
+static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+					const ASN1_TEMPLATE *tt,
+					int tag, int aclass);
+static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
+					const ASN1_ITEM *it, int flags);
+
+/* Top level i2d equivalents: the 'ndef' variant instructs the encoder
+ * to use indefinite length constructed encoding, where appropriate
+ */
+
+int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
+{
+	return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF);
+}
+
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
+{
+	return asn1_item_flags_i2d(val, out, it, 0);
+}
+
+/* Encode an ASN1 item, this is use by the
+ * standard 'i2d' function. 'out' points to 
+ * a buffer to output the data to.
+ *
+ * The new i2d has one additional feature. If the output
+ * buffer is NULL (i.e. *out == NULL) then a buffer is
+ * allocated and populated with the encoding.
+ */
+
+static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it, int flags)
+{
+	if(out && !*out) {
+		unsigned char *p, *buf;
+		int len;
+		len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags);
+		if(len <= 0) return len;
+		buf = OPENSSL_malloc(len);
+		if(!buf) return -1;
+		p = buf;
+		ASN1_item_ex_i2d(&val, &p, it, -1, flags);
+		*out = buf;
+		return len;
+	}
+
+	return ASN1_item_ex_i2d(&val, out, it, -1, flags);
+}
+
+/* Encode an item, taking care of IMPLICIT tagging (if any).
+ * This function performs the normal item handling: it can be
+ * used in external types.
+ */
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+			const ASN1_ITEM *it, int tag, int aclass)
+{
+	const ASN1_TEMPLATE *tt = NULL;
+	unsigned char *p = NULL;
+	int i, seqcontlen, seqlen, ndef = 1;
+	const ASN1_COMPAT_FUNCS *cf;
+	const ASN1_EXTERN_FUNCS *ef;
+	const ASN1_AUX *aux = it->funcs;
+	ASN1_aux_cb *asn1_cb = 0;
+
+	if((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
+		return 0;
+
+	if(aux && aux->asn1_cb)
+		 asn1_cb = aux->asn1_cb;
+
+	switch(it->itype) {
+
+		case ASN1_ITYPE_PRIMITIVE:
+		if(it->templates)
+			return asn1_template_ex_i2d(pval, out, it->templates,
+								tag, aclass);
+		return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
+		break;
+
+		case ASN1_ITYPE_MSTRING:
+		return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
+
+		case ASN1_ITYPE_CHOICE:
+		if(asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+				return 0;
+		i = asn1_get_choice_selector(pval, it);
+		if((i >= 0) && (i < it->tcount)) {
+			ASN1_VALUE **pchval;
+			const ASN1_TEMPLATE *chtt;
+			chtt = it->templates + i;
+			pchval = asn1_get_field_ptr(pval, chtt);
+			return asn1_template_ex_i2d(pchval, out, chtt,
+								-1, aclass);
+		} 
+		/* Fixme: error condition if selector out of range */
+		if(asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+				return 0;
+		break;
+
+		case ASN1_ITYPE_EXTERN:
+		/* If new style i2d it does all the work */
+		ef = it->funcs;
+		return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
+
+		case ASN1_ITYPE_COMPAT:
+		/* old style hackery... */
+		cf = it->funcs;
+		if(out) p = *out;
+		i = cf->asn1_i2d(*pval, out);
+		/* Fixup for IMPLICIT tag: note this messes up for tags > 30,
+		 * but so did the old code. Tags > 30 are very rare anyway.
+		 */
+		if(out && (tag != -1))
+			*p = aclass | tag | (*p & V_ASN1_CONSTRUCTED);
+		return i;
+		
+		case ASN1_ITYPE_NDEF_SEQUENCE:
+		/* Use indefinite length constructed if requested */
+		if (aclass & ASN1_TFLG_NDEF) ndef = 2;
+		/* fall through */
+
+		case ASN1_ITYPE_SEQUENCE:
+		i = asn1_enc_restore(&seqcontlen, out, pval, it);
+		/* An error occurred */
+		if(i < 0) return 0;
+		/* We have a valid cached encoding... */
+		if(i > 0) return seqcontlen;
+		/* Otherwise carry on */
+		seqcontlen = 0;
+		/* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+		if(tag == -1) {
+			tag = V_ASN1_SEQUENCE;
+			/* Retain any other flags in aclass */
+			aclass = (aclass & ~ASN1_TFLG_TAG_CLASS)
+					| V_ASN1_UNIVERSAL;
+		}
+		if(asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+				return 0;
+		/* First work out sequence content length */
+		for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+			const ASN1_TEMPLATE *seqtt;
+			ASN1_VALUE **pseqval;
+			seqtt = asn1_do_adb(pval, tt, 1);
+			if(!seqtt) return 0;
+			pseqval = asn1_get_field_ptr(pval, seqtt);
+			/* FIXME: check for errors in enhanced version */
+			seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt,
+								-1, aclass);
+		}
+		seqlen = ASN1_object_size(ndef, seqcontlen, tag);
+		if(!out) return seqlen;
+		/* Output SEQUENCE header */
+		ASN1_put_object(out, ndef, seqcontlen, tag, aclass);
+		for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+			const ASN1_TEMPLATE *seqtt;
+			ASN1_VALUE **pseqval;
+			seqtt = asn1_do_adb(pval, tt, 1);
+			if(!seqtt) return 0;
+			pseqval = asn1_get_field_ptr(pval, seqtt);
+			/* FIXME: check for errors in enhanced version */
+			asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass);
+		}
+		if (ndef == 2) ASN1_put_eoc(out);
+		if(asn1_cb  && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+				return 0;
+		return seqlen;
+
+		default:
+		return 0;
+	}
+	return 0;
+}
+
+int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt)
+	{
+	return asn1_template_ex_i2d(pval, out, tt, -1, 0);
+	}
+
+static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt, int tag, int iclass)
+{
+	int i, ret, flags, ttag, tclass, ndef;
+	flags = tt->flags;
+	/* Work out tag and class to use: tagging may come
+	 * either from the template or the arguments, not both
+	 * because this would create ambiguity. Additionally
+	 * the iclass argument may contain some additional flags
+	 * which should be noted and passed down to other levels.
+	 */
+	if (flags & ASN1_TFLG_TAG_MASK)
+		{
+		/* Error if argument and template tagging */
+		if (tag != -1)
+			/* FIXME: error code here */
+			return -1;
+		/* Get tagging from template */
+		ttag = tt->tag;
+		tclass = flags & ASN1_TFLG_TAG_CLASS;
+		}
+	else if (tag != -1)
+		{
+		/* No template tagging, get from arguments */
+		ttag = tag;
+		tclass = iclass & ASN1_TFLG_TAG_CLASS;
+		}
+	else
+		{
+		ttag = -1;
+		tclass = 0;
+		}
+	/* 
+	 * Remove any class mask from iflag.
+	 */
+	iclass &= ~ASN1_TFLG_TAG_CLASS;
+
+	/* At this point 'ttag' contains the outer tag to use,
+	 * 'tclass' is the class and iclass is any flags passed
+	 * to this function.
+	 */
+
+	/* if template and arguments require ndef, use it */
+	if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF))
+		ndef = 2;
+	else ndef = 1;
+
+	if(flags & ASN1_TFLG_SK_MASK) {
+		/* SET OF, SEQUENCE OF */
+		STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+		int isset, sktag, skaclass;
+		int skcontlen, sklen;
+		ASN1_VALUE *skitem;
+
+		if(!*pval) return 0;
+
+		if(flags & ASN1_TFLG_SET_OF) {
+			isset = 1;
+			/* 2 means we reorder */
+			if(flags & ASN1_TFLG_SEQUENCE_OF) isset = 2;
+		} else isset = 0;
+
+		/* Work out inner tag value: if EXPLICIT
+		 * or no tagging use underlying type.
+		 */
+		if((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG)) {
+			sktag = ttag;
+			skaclass = tclass;
+		} else {
+			skaclass = V_ASN1_UNIVERSAL;
+			if(isset) sktag = V_ASN1_SET;
+			else sktag = V_ASN1_SEQUENCE;
+		}
+
+		/* Determine total length of items */
+		skcontlen = 0;
+		for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+			skitem = sk_ASN1_VALUE_value(sk, i);
+			skcontlen += ASN1_item_ex_i2d(&skitem, NULL,
+							ASN1_ITEM_ptr(tt->item),
+							-1, iclass);
+		}
+		sklen = ASN1_object_size(ndef, skcontlen, sktag);
+		/* If EXPLICIT need length of surrounding tag */
+		if(flags & ASN1_TFLG_EXPTAG)
+			ret = ASN1_object_size(ndef, sklen, ttag);
+		else ret = sklen;
+
+		if(!out) return ret;
+
+		/* Now encode this lot... */
+		/* EXPLICIT tag */
+		if(flags & ASN1_TFLG_EXPTAG)
+			ASN1_put_object(out, ndef, sklen, ttag, tclass);
+		/* SET or SEQUENCE and IMPLICIT tag */
+		ASN1_put_object(out, ndef, skcontlen, sktag, skaclass);
+		/* And the stuff itself */
+		asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item),
+								isset, iclass);
+		if (ndef == 2) {
+			ASN1_put_eoc(out);
+			if(flags & ASN1_TFLG_EXPTAG)
+				ASN1_put_eoc(out);
+		}
+
+		return ret;
+	}
+
+	if(flags & ASN1_TFLG_EXPTAG) {
+		/* EXPLICIT tagging */
+		/* Find length of tagged item */
+		i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item),
+								-1, iclass);
+		if(!i) return 0;
+		/* Find length of EXPLICIT tag */
+		ret = ASN1_object_size(ndef, i, ttag);
+		if(out) {
+			/* Output tag and item */
+			ASN1_put_object(out, ndef, i, ttag, tclass);
+			ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
+								-1, iclass);
+			if (ndef == 2) ASN1_put_eoc(out);
+		}
+		return ret;
+	}
+
+	/* Either normal or IMPLICIT tagging: combine class and flags */
+	return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
+						ttag, tclass | iclass);
+
+}
+
+/* Temporary structure used to hold DER encoding of items for SET OF */
+
+typedef	struct {
+	unsigned char *data;
+	int length;
+	ASN1_VALUE *field;
+} DER_ENC;
+
+static int der_cmp(const void *a, const void *b)
+{
+	const DER_ENC *d1 = a, *d2 = b;
+	int cmplen, i;
+	cmplen = (d1->length < d2->length) ? d1->length : d2->length;
+	i = memcmp(d1->data, d2->data, cmplen);
+	if(i) return i;
+	return d1->length - d2->length;
+}
+
+/* Output the content octets of SET OF or SEQUENCE OF */
+
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
+					int skcontlen, const ASN1_ITEM *item,
+					int do_sort, int iclass)
+{
+	int i;
+	ASN1_VALUE *skitem;
+	unsigned char *tmpdat = NULL, *p = NULL;
+	DER_ENC *derlst = NULL, *tder;
+	if(do_sort) {
+		/* Don't need to sort less than 2 items */
+		if(sk_ASN1_VALUE_num(sk) < 2) do_sort = 0;
+		else {
+			derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) * sizeof(*derlst));
+			tmpdat = OPENSSL_malloc(skcontlen);
+			if(!derlst || !tmpdat) return 0;
+		}
+	}
+	/* If not sorting just output each item */
+	if(!do_sort) {
+		for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+			skitem = sk_ASN1_VALUE_value(sk, i);
+			ASN1_item_ex_i2d(&skitem, out, item, -1, iclass);
+		}
+		return 1;
+	}
+	p = tmpdat;
+	/* Doing sort: build up a list of each member's DER encoding */
+	for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
+		skitem = sk_ASN1_VALUE_value(sk, i);
+		tder->data = p;
+		tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass);
+		tder->field = skitem;
+	}
+	/* Now sort them */
+	qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
+	/* Output sorted DER encoding */	
+	p = *out;
+	for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
+		memcpy(p, tder->data, tder->length);
+		p += tder->length;
+	}
+	*out = p;
+	/* If do_sort is 2 then reorder the STACK */
+	if(do_sort == 2) {
+		for(i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
+			sk_ASN1_VALUE_set(sk, i, tder->field);
+	}
+	OPENSSL_free(derlst);
+	OPENSSL_free(tmpdat);
+	return 1;
+}
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
+{
+	int len;
+	int utype;
+	int usetag;
+	int ndef = 0;
+
+	utype = it->utype;
+
+	/* Get length of content octets and maybe find
+	 * out the underlying type.
+	 */
+
+	len = asn1_ex_i2c(pval, NULL, &utype, it);
+
+	/* If SEQUENCE, SET or OTHER then header is
+	 * included in pseudo content octets so don't
+	 * include tag+length. We need to check here
+	 * because the call to asn1_ex_i2c() could change
+	 * utype.
+	 */
+	if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
+	   (utype == V_ASN1_OTHER))
+		usetag = 0;
+	else usetag = 1;
+
+	/* -1 means omit type */
+
+	if(len == -1)
+		return 0;
+
+	/* -2 return is special meaning use ndef */
+	if (len == -2)
+		{
+		ndef = 2;
+		len = 0;
+		}
+
+	/* If not implicitly tagged get tag from underlying type */
+	if(tag == -1) tag = utype;
+
+	/* Output tag+length followed by content octets */
+	if(out) {
+		if(usetag) ASN1_put_object(out, ndef, len, tag, aclass);
+		asn1_ex_i2c(pval, *out, &utype, it);
+		*out += len;
+	}
+
+	if(usetag) return ASN1_object_size(ndef, len, tag);
+	return len;
+}
+
+/* Produce content octets from a structure */
+
+int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ITEM *it)
+{
+	ASN1_BOOLEAN *tbool = NULL;
+	ASN1_STRING *strtmp;
+	ASN1_OBJECT *otmp;
+	int utype;
+	unsigned char *cont, c;
+	int len;
+	const ASN1_PRIMITIVE_FUNCS *pf;
+	pf = it->funcs;
+	if(pf && pf->prim_i2c) return pf->prim_i2c(pval, cout, putype, it);
+
+	/* Should type be omitted? */
+	if((it->itype != ASN1_ITYPE_PRIMITIVE) || (it->utype != V_ASN1_BOOLEAN)) {
+		if(!*pval) return -1;
+	}
+
+	if(it->itype == ASN1_ITYPE_MSTRING) {
+		/* If MSTRING type set the underlying type */
+		strtmp = (ASN1_STRING *)*pval;
+		utype = strtmp->type;
+		*putype = utype;
+	} else if(it->utype == V_ASN1_ANY) {
+		/* If ANY set type and pointer to value */
+		ASN1_TYPE *typ;
+		typ = (ASN1_TYPE *)*pval;
+		utype = typ->type;
+		*putype = utype;
+		pval = (ASN1_VALUE **)&typ->value.ptr;
+	} else utype = *putype;
+
+	switch(utype) {
+		case V_ASN1_OBJECT:
+		otmp = (ASN1_OBJECT *)*pval;
+		cont = otmp->data;
+		len = otmp->length;
+		break;
+
+		case V_ASN1_NULL:
+		cont = NULL;
+		len = 0;
+		break;
+
+		case V_ASN1_BOOLEAN:
+		tbool = (ASN1_BOOLEAN *)pval;
+		if(*tbool == -1) return -1;
+		/* Default handling if value == size field then omit */
+		if(*tbool && (it->size > 0)) return -1;
+		if(!*tbool && !it->size) return -1;
+		c = (unsigned char)*tbool;
+		cont = &c;
+		len = 1;
+		break;
+
+		case V_ASN1_BIT_STRING:
+		return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, cout ? &cout : NULL);
+		break;
+
+		case V_ASN1_INTEGER:
+		case V_ASN1_NEG_INTEGER:
+		case V_ASN1_ENUMERATED:
+		case V_ASN1_NEG_ENUMERATED:
+		/* These are all have the same content format
+		 * as ASN1_INTEGER
+		 */
+		return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL);
+		break;
+
+		case V_ASN1_OCTET_STRING:
+		case V_ASN1_NUMERICSTRING:
+		case V_ASN1_PRINTABLESTRING:
+		case V_ASN1_T61STRING:
+		case V_ASN1_VIDEOTEXSTRING:
+		case V_ASN1_IA5STRING:
+		case V_ASN1_UTCTIME:
+		case V_ASN1_GENERALIZEDTIME:
+		case V_ASN1_GRAPHICSTRING:
+		case V_ASN1_VISIBLESTRING:
+		case V_ASN1_GENERALSTRING:
+		case V_ASN1_UNIVERSALSTRING:
+		case V_ASN1_BMPSTRING:
+		case V_ASN1_UTF8STRING:
+		case V_ASN1_SEQUENCE:
+		case V_ASN1_SET:
+		default:
+		/* All based on ASN1_STRING and handled the same */
+		strtmp = (ASN1_STRING *)*pval;
+		/* Special handling for NDEF */
+		if ((it->size == ASN1_TFLG_NDEF)
+			&& (strtmp->flags & ASN1_STRING_FLAG_NDEF))
+			{
+			if (cout)
+				{
+				strtmp->data = cout;
+				strtmp->length = 0;
+				ASN1_put_eoc(&cout);
+				}
+			/* Special return code */
+			return -2;
+			}
+		cont = strtmp->data;
+		len = strtmp->length;
+
+		break;
+
+	}
+	if(cout && len) memcpy(cout, cont, len);
+	return len;
+}
diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c
new file mode 100644
index 0000000000..30096a0bcf
--- /dev/null
+++ b/crypto/asn1/tasn_fre.c
@@ -0,0 +1,230 @@
+/* tasn_fre.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine);
+
+/* Free up an ASN1 structure */
+
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
+{
+	asn1_item_combine_free(&val, it, 0);
+}
+
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	asn1_item_combine_free(pval, it, 0);
+}
+
+static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
+{
+	const ASN1_TEMPLATE *tt = NULL, *seqtt;
+	const ASN1_EXTERN_FUNCS *ef;
+	const ASN1_COMPAT_FUNCS *cf;
+	const ASN1_AUX *aux = it->funcs;
+	ASN1_aux_cb *asn1_cb;
+	int i;
+	if(!pval) return;
+	if((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) return;
+	if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
+	else asn1_cb = 0;
+
+	switch(it->itype) {
+
+		case ASN1_ITYPE_PRIMITIVE:
+		if(it->templates) ASN1_template_free(pval, it->templates);
+		else ASN1_primitive_free(pval, it);
+		break;
+
+		case ASN1_ITYPE_MSTRING:
+		ASN1_primitive_free(pval, it);
+		break;
+
+		case ASN1_ITYPE_CHOICE:
+		if(asn1_cb) {
+			i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+			if(i == 2) return;
+		}
+		i = asn1_get_choice_selector(pval, it);
+		if(asn1_cb) asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+		if((i >= 0) && (i < it->tcount)) {
+			ASN1_VALUE **pchval;
+			tt = it->templates + i;
+			pchval = asn1_get_field_ptr(pval, tt);
+			ASN1_template_free(pchval, tt);
+		}
+		if(asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it);
+		if(!combine) {
+			OPENSSL_free(*pval);
+			*pval = NULL;
+		}
+		break;
+
+		case ASN1_ITYPE_COMPAT:
+		cf = it->funcs;
+		if(cf && cf->asn1_free) cf->asn1_free(*pval);
+		break;
+
+		case ASN1_ITYPE_EXTERN:
+		ef = it->funcs;
+		if(ef && ef->asn1_ex_free) ef->asn1_ex_free(pval, it);
+		break;
+
+		case ASN1_ITYPE_NDEF_SEQUENCE:
+		case ASN1_ITYPE_SEQUENCE:
+		if(asn1_do_lock(pval, -1, it) > 0) return;
+		if(asn1_cb) {
+			i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+			if(i == 2) return;
+		}		
+		asn1_enc_free(pval, it);
+		/* If we free up as normal we will invalidate any
+		 * ANY DEFINED BY field and we wont be able to 
+		 * determine the type of the field it defines. So
+		 * free up in reverse order.
+		 */
+		tt = it->templates + it->tcount - 1;
+		for(i = 0; i < it->tcount; tt--, i++) {
+			ASN1_VALUE **pseqval;
+			seqtt = asn1_do_adb(pval, tt, 0);
+			if(!seqtt) continue;
+			pseqval = asn1_get_field_ptr(pval, seqtt);
+			ASN1_template_free(pseqval, seqtt);
+		}
+		if(asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it);
+		if(!combine) {
+			OPENSSL_free(*pval);
+			*pval = NULL;
+		}
+		break;
+	}
+}
+
+void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+	int i;
+	if(tt->flags & ASN1_TFLG_SK_MASK) {
+		STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+		for(i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+			ASN1_VALUE *vtmp;
+			vtmp = sk_ASN1_VALUE_value(sk, i);
+			asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), 0);
+		}
+		sk_ASN1_VALUE_free(sk);
+		*pval = NULL;
+	} else asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),
+						tt->flags & ASN1_TFLG_COMBINE);
+}
+
+void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	int utype;
+	if(it) {
+		const ASN1_PRIMITIVE_FUNCS *pf;
+		pf = it->funcs;
+		if(pf && pf->prim_free) {
+			pf->prim_free(pval, it);
+			return;
+		}
+	}
+	/* Special case: if 'it' is NULL free contents of ASN1_TYPE */
+	if(!it) {
+		ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
+		utype = typ->type;
+		pval = (ASN1_VALUE **)&typ->value.ptr;
+		if(!*pval) return;
+	} else if(it->itype == ASN1_ITYPE_MSTRING) {
+		utype = -1;
+		if(!*pval) return;
+	} else {
+		utype = it->utype;
+		if((utype != V_ASN1_BOOLEAN) && !*pval) return;
+	}
+
+	switch(utype) {
+		case V_ASN1_OBJECT:
+		ASN1_OBJECT_free((ASN1_OBJECT *)*pval);
+		break;
+
+		case V_ASN1_BOOLEAN:
+		if (it)
+			*(ASN1_BOOLEAN *)pval = it->size;
+		else
+			*(ASN1_BOOLEAN *)pval = -1;
+		return;
+
+		case V_ASN1_NULL:
+		break;
+
+		case V_ASN1_ANY:
+		ASN1_primitive_free(pval, NULL);
+		OPENSSL_free(*pval);
+		break;
+
+		default:
+		ASN1_STRING_free((ASN1_STRING *)*pval);
+		*pval = NULL;
+		break;
+	}
+	*pval = NULL;
+}
diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
new file mode 100644
index 0000000000..6a76a96ba9
--- /dev/null
+++ b/crypto/asn1/tasn_new.c
@@ -0,0 +1,353 @@
+/* tasn_new.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+#include <string.h>
+
+static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine);
+static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)
+{
+	ASN1_VALUE *ret = NULL;
+	if(ASN1_item_ex_new(&ret, it) > 0) return ret;
+	return NULL;
+}
+
+/* Allocate an ASN1 structure */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	return asn1_item_ex_combine_new(pval, it, 0);
+}
+
+static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
+{
+	const ASN1_TEMPLATE *tt = NULL;
+	const ASN1_COMPAT_FUNCS *cf;
+	const ASN1_EXTERN_FUNCS *ef;
+	const ASN1_AUX *aux = it->funcs;
+	ASN1_aux_cb *asn1_cb;
+	ASN1_VALUE **pseqval;
+	int i;
+	if(aux && aux->asn1_cb) asn1_cb = aux->asn1_cb;
+	else asn1_cb = 0;
+
+	if(!combine) *pval = NULL;
+
+#ifdef CRYPTO_MDEBUG
+	if(it->sname) CRYPTO_push_info(it->sname);
+#endif
+
+	switch(it->itype) {
+
+		case ASN1_ITYPE_EXTERN:
+		ef = it->funcs;
+		if(ef && ef->asn1_ex_new) {
+			if(!ef->asn1_ex_new(pval, it))
+				goto memerr;
+		}
+		break;
+
+		case ASN1_ITYPE_COMPAT:
+		cf = it->funcs;
+		if(cf && cf->asn1_new) {
+			*pval = cf->asn1_new();
+			if(!*pval) goto memerr;
+		}
+		break;
+
+		case ASN1_ITYPE_PRIMITIVE:
+		if(it->templates) {
+			if(!ASN1_template_new(pval, it->templates))
+				goto memerr;
+		} else {
+			if(!ASN1_primitive_new(pval, it))
+				goto memerr;
+		}
+		break;
+
+		case ASN1_ITYPE_MSTRING:
+		if(!ASN1_primitive_new(pval, it))
+				goto memerr;
+		break;
+
+		case ASN1_ITYPE_CHOICE:
+		if(asn1_cb) {
+			i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+			if(!i) goto auxerr;
+			if(i==2) {
+#ifdef CRYPTO_MDEBUG
+				if(it->sname) CRYPTO_pop_info();
+#endif
+				return 1;
+			}
+		}
+		if(!combine) {
+			*pval = OPENSSL_malloc(it->size);
+			if(!*pval) goto memerr;
+			memset(*pval, 0, it->size);
+		}
+		asn1_set_choice_selector(pval, -1, it);
+		if(asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+				goto auxerr;
+		break;
+
+		case ASN1_ITYPE_NDEF_SEQUENCE:
+		case ASN1_ITYPE_SEQUENCE:
+		if(asn1_cb) {
+			i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+			if(!i) goto auxerr;
+			if(i==2) {
+#ifdef CRYPTO_MDEBUG
+				if(it->sname) CRYPTO_pop_info();
+#endif
+				return 1;
+			}
+		}
+		if(!combine) {
+			*pval = OPENSSL_malloc(it->size);
+			if(!*pval) goto memerr;
+			memset(*pval, 0, it->size);
+			asn1_do_lock(pval, 0, it);
+			asn1_enc_init(pval, it);
+		}
+		for(i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+			pseqval = asn1_get_field_ptr(pval, tt);
+			if(!ASN1_template_new(pseqval, tt)) goto memerr;
+		}
+		if(asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+				goto auxerr;
+		break;
+	}
+#ifdef CRYPTO_MDEBUG
+	if(it->sname) CRYPTO_pop_info();
+#endif
+	return 1;
+
+	memerr:
+	ASN1err(ASN1_F_ASN1_ITEM_NEW, ERR_R_MALLOC_FAILURE);
+#ifdef CRYPTO_MDEBUG
+	if(it->sname) CRYPTO_pop_info();
+#endif
+	return 0;
+
+	auxerr:
+	ASN1err(ASN1_F_ASN1_ITEM_NEW, ASN1_R_AUX_ERROR);
+	ASN1_item_ex_free(pval, it);
+#ifdef CRYPTO_MDEBUG
+	if(it->sname) CRYPTO_pop_info();
+#endif
+	return 0;
+
+}
+
+static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	const ASN1_EXTERN_FUNCS *ef;
+
+	switch(it->itype) {
+
+		case ASN1_ITYPE_EXTERN:
+		ef = it->funcs;
+		if(ef && ef->asn1_ex_clear) 
+			ef->asn1_ex_clear(pval, it);
+		else *pval = NULL;
+		break;
+
+
+		case ASN1_ITYPE_PRIMITIVE:
+		if(it->templates) 
+			asn1_template_clear(pval, it->templates);
+		else
+			asn1_primitive_clear(pval, it);
+		break;
+
+		case ASN1_ITYPE_MSTRING:
+		asn1_primitive_clear(pval, it);
+		break;
+
+		case ASN1_ITYPE_COMPAT:
+		case ASN1_ITYPE_CHOICE:
+		case ASN1_ITYPE_SEQUENCE:
+		case ASN1_ITYPE_NDEF_SEQUENCE:
+		*pval = NULL;
+		break;
+	}
+}
+
+
+int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+	const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);
+	int ret;
+	if(tt->flags & ASN1_TFLG_OPTIONAL) {
+		asn1_template_clear(pval, tt);
+		return 1;
+	}
+	/* If ANY DEFINED BY nothing to do */
+
+	if(tt->flags & ASN1_TFLG_ADB_MASK) {
+		*pval = NULL;
+		return 1;
+	}
+#ifdef CRYPTO_MDEBUG
+	if(tt->field_name) CRYPTO_push_info(tt->field_name);
+#endif
+	/* If SET OF or SEQUENCE OF, its a STACK */
+	if(tt->flags & ASN1_TFLG_SK_MASK) {
+		STACK_OF(ASN1_VALUE) *skval;
+		skval = sk_ASN1_VALUE_new_null();
+		if(!skval) {
+			ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);
+			ret = 0;
+			goto done;
+		}
+		*pval = (ASN1_VALUE *)skval;
+		ret = 1;
+		goto done;
+	}
+	/* Otherwise pass it back to the item routine */
+	ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
+	done:
+#ifdef CRYPTO_MDEBUG
+	if(it->sname) CRYPTO_pop_info();
+#endif
+	return ret;
+}
+
+static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+	/* If ADB or STACK just NULL the field */
+	if(tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK)) 
+		*pval = NULL;
+	else
+		asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item));
+}
+
+
+/* NB: could probably combine most of the real XXX_new() behaviour and junk all the old
+ * functions.
+ */
+
+int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	ASN1_TYPE *typ;
+	int utype;
+	const ASN1_PRIMITIVE_FUNCS *pf;
+	pf = it->funcs;
+	if(pf && pf->prim_new) return pf->prim_new(pval, it);
+	if(!it || (it->itype == ASN1_ITYPE_MSTRING)) utype = -1;
+	else utype = it->utype;
+	switch(utype) {
+		case V_ASN1_OBJECT:
+		*pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);
+		return 1;
+
+		case V_ASN1_BOOLEAN:
+		if (it)
+			*(ASN1_BOOLEAN *)pval = it->size;
+		else
+			*(ASN1_BOOLEAN *)pval = -1;
+		return 1;
+
+		case V_ASN1_NULL:
+		*pval = (ASN1_VALUE *)1;
+		return 1;
+
+		case V_ASN1_ANY:
+		typ = OPENSSL_malloc(sizeof(ASN1_TYPE));
+		if(!typ) return 0;
+		typ->value.ptr = NULL;
+		typ->type = -1;
+		*pval = (ASN1_VALUE *)typ;
+		break;
+
+		default:
+		*pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype);
+		break;
+	}
+	if(*pval) return 1;
+	return 0;
+}
+
+void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	int utype;
+	const ASN1_PRIMITIVE_FUNCS *pf;
+	pf = it->funcs;
+	if(pf) {
+		if(pf->prim_clear)
+			pf->prim_clear(pval, it);
+		else 
+			*pval = NULL;
+		return;
+	}
+	if(!it || (it->itype == ASN1_ITYPE_MSTRING)) utype = -1;
+	else utype = it->utype;
+	if(utype == V_ASN1_BOOLEAN)
+		*(ASN1_BOOLEAN *)pval = it->size;
+	else *pval = NULL;
+}
diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c
new file mode 100644
index 0000000000..719639b511
--- /dev/null
+++ b/crypto/asn1/tasn_prn.c
@@ -0,0 +1,198 @@
+/* tasn_prn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/nasn.h>
+
+/* Print routines. Print out a whole structure from a template.
+ */
+
+static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name);
+
+int ASN1_item_print(BIO *out, void *fld, int indent, const ASN1_ITEM *it)
+{
+	return asn1_item_print_nm(out, fld, indent, it, it->sname);
+}
+
+static int asn1_item_print_nm(BIO *out, void *fld, int indent, const ASN1_ITEM *it, const char *name)
+{
+	ASN1_STRING *str;
+	const ASN1_TEMPLATE *tt;
+	void *tmpfld;
+	int i;
+	if(!fld) {
+		BIO_printf(out, "%*s%s ABSENT\n", indent, "", name);
+		return 1;
+	}
+	switch(it->itype) {
+
+		case ASN1_ITYPE_PRIMITIVE:
+		if(it->templates)
+			return ASN1_template_print(out, fld, indent, it->templates);
+		return asn1_primitive_print(out, fld, it->utype, indent, name);
+		break;
+
+		case ASN1_ITYPE_MSTRING:
+		str = fld;
+		return asn1_primitive_print(out, fld, str->type, indent, name);
+
+		case ASN1_ITYPE_EXTERN:
+		BIO_printf(out, "%*s%s:EXTERNAL TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
+		return 1;
+		case ASN1_ITYPE_COMPAT:
+		BIO_printf(out, "%*s%s:COMPATIBLE TYPE %s %s\n", indent, "", name, it->sname, fld ? "" : "ABSENT");
+		return 1;
+
+
+		case ASN1_ITYPE_CHOICE:
+		/* CHOICE type, get selector */
+		i = asn1_get_choice_selector(fld, it);
+		/* This should never happen... */
+		if((i < 0) || (i >= it->tcount)) {
+			BIO_printf(out, "%s selector [%d] out of range\n", it->sname, i);
+			return 1;
+		}
+		tt = it->templates + i;
+		tmpfld = asn1_get_field(fld, tt);
+		return ASN1_template_print(out, tmpfld, indent, tt);
+
+		case ASN1_ITYPE_SEQUENCE:
+		BIO_printf(out, "%*s%s {\n", indent, "", name);
+		/* Get each field entry */
+		for(i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+			tmpfld = asn1_get_field(fld, tt);
+			ASN1_template_print(out, tmpfld, indent + 2, tt);
+		}
+		BIO_printf(out, "%*s}\n", indent, "");
+		return 1;
+
+		default:
+		return 0;
+	}
+}
+
+int ASN1_template_print(BIO *out, void *fld, int indent, const ASN1_TEMPLATE *tt)
+{
+	int i, flags;
+#if 0
+	if(!fld) return 0; 
+#endif
+	flags = tt->flags;
+	if(flags & ASN1_TFLG_SK_MASK) {
+		char *tname;
+		void *skitem;
+		/* SET OF, SEQUENCE OF */
+		if(flags & ASN1_TFLG_SET_OF) tname = "SET";
+		else tname = "SEQUENCE";
+		if(fld) {
+			BIO_printf(out, "%*s%s OF %s {\n", indent, "", tname, tt->field_name);
+			for(i = 0; i < sk_num(fld); i++) {
+				skitem = sk_value(fld, i);
+				asn1_item_print_nm(out, skitem, indent + 2, tt->item, "");
+			}
+			BIO_printf(out, "%*s}\n", indent, "");
+		} else 
+			BIO_printf(out, "%*s%s OF %s ABSENT\n", indent, "", tname, tt->field_name);
+		return 1;
+	}
+	return asn1_item_print_nm(out, fld, indent, tt->item, tt->field_name);
+}
+
+static int asn1_primitive_print(BIO *out, void *fld, long utype, int indent, const char *name)
+{
+	ASN1_STRING *str = fld;
+	if(fld) {
+		if(utype == V_ASN1_BOOLEAN) {
+			int *bool = fld;
+if(*bool == -1) printf("BOOL MISSING\n");
+			BIO_printf(out, "%*s%s:%s", indent, "", "BOOLEAN", *bool ? "TRUE" : "FALSE");
+		} else if((utype == V_ASN1_INTEGER) 
+			  || (utype == V_ASN1_ENUMERATED)) {
+			char *s, *nm;
+			s = i2s_ASN1_INTEGER(NULL, fld);
+			if(utype == V_ASN1_INTEGER) nm = "INTEGER";
+			else nm = "ENUMERATED";
+			BIO_printf(out, "%*s%s:%s", indent, "", nm, s);
+			OPENSSL_free(s);
+		} else if(utype == V_ASN1_NULL) {
+			BIO_printf(out, "%*s%s", indent, "", "NULL");
+		} else if(utype == V_ASN1_UTCTIME) {
+			BIO_printf(out, "%*s%s:%s:", indent, "", name, "UTCTIME");
+			ASN1_UTCTIME_print(out, str);
+		} else if(utype == V_ASN1_GENERALIZEDTIME) {
+			BIO_printf(out, "%*s%s:%s:", indent, "", name, "GENERALIZEDTIME");
+			ASN1_GENERALIZEDTIME_print(out, str);
+		} else if(utype == V_ASN1_OBJECT) {
+			char objbuf[80], *ln;
+			ln = OBJ_nid2ln(OBJ_obj2nid(fld));
+			if(!ln) ln = "";
+			OBJ_obj2txt(objbuf, sizeof objbuf, fld, 1);
+			BIO_printf(out, "%*s%s:%s (%s)", indent, "", "OBJECT", ln, objbuf);
+		} else {
+			BIO_printf(out, "%*s%s:", indent, "", name);
+			ASN1_STRING_print_ex(out, str, ASN1_STRFLGS_DUMP_UNKNOWN|ASN1_STRFLGS_SHOW_TYPE);
+		}
+		BIO_printf(out, "\n");
+	} else BIO_printf(out, "%*s%s [ABSENT]\n", indent, "", name);
+	return 1;
+}
diff --git a/crypto/asn1/tasn_typ.c b/crypto/asn1/tasn_typ.c
new file mode 100644
index 0000000000..6f17f1bec7
--- /dev/null
+++ b/crypto/asn1/tasn_typ.c
@@ -0,0 +1,137 @@
+/* tasn_typ.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+/* Declarations for string types */
+
+
+IMPLEMENT_ASN1_TYPE(ASN1_INTEGER)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_INTEGER)
+
+IMPLEMENT_ASN1_TYPE(ASN1_ENUMERATED)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_ENUMERATED)
+
+IMPLEMENT_ASN1_TYPE(ASN1_BIT_STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_BIT_STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_OCTET_STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_NULL)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_NULL)
+
+IMPLEMENT_ASN1_TYPE(ASN1_OBJECT)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UTF8STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTF8STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_PRINTABLESTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_T61STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_T61STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_IA5STRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_IA5STRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_GENERALSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UTCTIME)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTCTIME)
+
+IMPLEMENT_ASN1_TYPE(ASN1_GENERALIZEDTIME)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
+
+IMPLEMENT_ASN1_TYPE(ASN1_VISIBLESTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_UNIVERSALSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_BMPSTRING)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_BMPSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_ANY)
+
+/* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */
+IMPLEMENT_ASN1_TYPE(ASN1_SEQUENCE)
+
+IMPLEMENT_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
+/* Multistring types */
+
+IMPLEMENT_ASN1_MSTRING(ASN1_PRINTABLE, B_ASN1_PRINTABLE)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+
+IMPLEMENT_ASN1_MSTRING(DISPLAYTEXT, B_ASN1_DISPLAYTEXT)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+
+IMPLEMENT_ASN1_MSTRING(DIRECTORYSTRING, B_ASN1_DIRECTORYSTRING)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+
+/* Three separate BOOLEAN type: normal, DEFAULT TRUE and DEFAULT FALSE */
+IMPLEMENT_ASN1_TYPE_ex(ASN1_BOOLEAN, ASN1_BOOLEAN, -1)
+IMPLEMENT_ASN1_TYPE_ex(ASN1_TBOOLEAN, ASN1_BOOLEAN, 1)
+IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0)
+
+/* Special, OCTET STRING with indefinite length constructed support */
+
+IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF)
diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c
new file mode 100644
index 0000000000..2a3f5db8f3
--- /dev/null
+++ b/crypto/asn1/tasn_utl.c
@@ -0,0 +1,254 @@
+/* tasn_utl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/err.h>
+
+/* Utility functions for manipulating fields and offsets */
+
+/* Add 'offset' to 'addr' */
+#define offset2ptr(addr, offset) (void *)(((char *) addr) + offset)
+
+/* Given an ASN1_ITEM CHOICE type return
+ * the selector value
+ */
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	int *sel = offset2ptr(*pval, it->utype);
+	return *sel;
+}
+
+/* Given an ASN1_ITEM CHOICE type set
+ * the selector value, return old value.
+ */
+
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it)
+{	
+	int *sel, ret;
+	sel = offset2ptr(*pval, it->utype);
+	ret = *sel;
+	*sel = value;
+	return ret;
+}
+
+/* Do reference counting. The value 'op' decides what to do. 
+ * if it is +1 then the count is incremented. If op is 0 count is
+ * set to 1. If op is -1 count is decremented and the return value
+ * is the current refrence count or 0 if no reference count exists.
+ */
+
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
+{
+	const ASN1_AUX *aux;
+	int *lck, ret;
+	if((it->itype != ASN1_ITYPE_SEQUENCE)
+	   && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE)) return 0;
+	aux = it->funcs;
+	if(!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) return 0;
+	lck = offset2ptr(*pval, aux->ref_offset);
+	if(op == 0) {
+		*lck = 1;
+		return 1;
+	}
+	ret = CRYPTO_add(lck, op, aux->ref_lock);
+#ifdef REF_PRINT
+	fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck);
+#endif
+#ifdef REF_CHECK
+	if(ret < 0) 
+		fprintf(stderr, "%s, bad reference count\n", it->sname);
+#endif
+	return ret;
+}
+
+static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	const ASN1_AUX *aux;
+	if(!pval || !*pval) return NULL;
+	aux = it->funcs;
+	if(!aux || !(aux->flags & ASN1_AFLG_ENCODING)) return NULL;
+	return offset2ptr(*pval, aux->enc_offset);
+}
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	ASN1_ENCODING *enc;
+	enc = asn1_get_enc_ptr(pval, it);
+	if(enc) {
+		enc->enc = NULL;
+		enc->len = 0;
+		enc->modified = 1;
+	}
+}
+
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	ASN1_ENCODING *enc;
+	enc = asn1_get_enc_ptr(pval, it);
+	if(enc) {
+		if(enc->enc) OPENSSL_free(enc->enc);
+		enc->enc = NULL;
+		enc->len = 0;
+		enc->modified = 1;
+	}
+}
+
+int asn1_enc_save(ASN1_VALUE **pval, unsigned char *in, int inlen, const ASN1_ITEM *it)
+{
+	ASN1_ENCODING *enc;
+	enc = asn1_get_enc_ptr(pval, it);
+	if(!enc) return 1;
+
+	if(enc->enc) OPENSSL_free(enc->enc);
+	enc->enc = OPENSSL_malloc(inlen);
+	if(!enc->enc) return 0;
+	memcpy(enc->enc, in, inlen);
+	enc->len = inlen;
+	enc->modified = 0;
+
+	return 1;
+}
+		
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	ASN1_ENCODING *enc;
+	enc = asn1_get_enc_ptr(pval, it);
+	if(!enc || enc->modified) return 0;
+	if(out) {
+		memcpy(*out, enc->enc, enc->len);
+		*out += enc->len;
+	}
+	if(len) *len = enc->len;
+	return 1;
+}
+
+/* Given an ASN1_TEMPLATE get a pointer to a field */
+ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+	ASN1_VALUE **pvaltmp;
+	if(tt->flags & ASN1_TFLG_COMBINE) return pval;
+	pvaltmp = offset2ptr(*pval, tt->offset);
+	/* NOTE for BOOLEAN types the field is just a plain
+ 	 * int so we can't return int **, so settle for
+	 * (int *).
+	 */
+	return pvaltmp;
+}
+
+/* Handle ANY DEFINED BY template, find the selector, look up
+ * the relevant ASN1_TEMPLATE in the table and return it.
+ */
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr)
+{
+	const ASN1_ADB *adb;
+	const ASN1_ADB_TABLE *atbl;
+	long selector;
+	ASN1_VALUE **sfld;
+	int i;
+	if(!(tt->flags & ASN1_TFLG_ADB_MASK)) return tt;
+
+	/* Else ANY DEFINED BY ... get the table */
+	adb = ASN1_ADB_ptr(tt->item);
+
+	/* Get the selector field */
+	sfld = offset2ptr(*pval, adb->offset);
+
+	/* Check if NULL */
+	if(!sfld) {
+		if(!adb->null_tt) goto err;
+		return adb->null_tt;
+	}
+
+	/* Convert type to a long:
+	 * NB: don't check for NID_undef here because it
+	 * might be a legitimate value in the table
+	 */
+	if(tt->flags & ASN1_TFLG_ADB_OID) 
+		selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld);
+	else 
+		selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld);
+
+	/* Try to find matching entry in table
+	 * Maybe should check application types first to
+	 * allow application override? Might also be useful
+	 * to have a flag which indicates table is sorted and
+	 * we can do a binary search. For now stick to a
+	 * linear search.
+	 */
+
+	for(atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++)
+		if(atbl->value == selector) return &atbl->tt;
+
+	/* FIXME: need to search application table too */
+
+	/* No match, return default type */
+	if(!adb->default_tt) goto err;		
+	return adb->default_tt;
+	
+	err:
+	/* FIXME: should log the value or OID of unsupported type */
+	if(nullerr) ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
+	return NULL;
+}
diff --git a/crypto/asn1/test.c b/crypto/asn1/test.c
deleted file mode 100644
index fe46cd0e76..0000000000
--- a/crypto/asn1/test.c
+++ /dev/null
@@ -1,253 +0,0 @@
-/* crypto/asn1/test.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "../error/err.h"
-#include "./asn1.h"
-#include "rsa.h"
-#include "../x509/x509.h"
-#include "x509.h"
-
-main()
-	{
-	main1();
-	main2();
-	main3();
-	main4();
-	}
-
-main1()
-	{
-	FILE *in;
-	unsigned char buf[10240],buf2[10240],*p;
-	int num,i;
-
-	X509 *nx=NULL,*mx=NULL;
-
-	in=fopen("x.der","r");
-	if (in == NULL)
-		{
-		perror("x.der");
-		exit(1);
-		}
-	num=fread(buf,1,10240,in);
-	fclose(in);
-
-
-		p=buf;
-		if (d2i_X509(&nx,&p,num) == NULL) goto err;
-		printf("num=%d p-buf=%d\n",num,p-buf);
-
-		p=buf2;
-		num=i2d_X509(nx,&p);
-		printf("num=%d p-buf=%d\n",num,p-buf2);
-
-		if (memcmp(buf,buf2,num) != 0)
-			{
-			fprintf(stderr,"data difference\n");
-			for (i=0; i<num; i++)
-				fprintf(stderr,"%c%03d <%02X-%02X>\n",
-					(buf[i] == buf2[i])?' ':'*',i,
-					buf[i],buf2[i]);
-			fprintf(stderr,"\n");
-			exit(1);
-			}
-
-		p=buf2;
-		if (d2i_X509(&mx,&p,num) == NULL) goto err;
-		printf("num=%d p-buf=%d\n",num,p-buf2);
-
-	return(1);
-err:
-	ERR_load_crypto_strings();
-	ERR_print_errors(stderr);
-	return(0);
-	}
-
-main2()
-	{
-	FILE *in;
-	unsigned char buf[10240],buf2[10240],*p;
-	int num,i;
-
-	X509_CRL *nx=NULL,*mx=NULL;
-
-	in=fopen("crl.der","r");
-	if (in == NULL)
-		{
-		perror("crl.der");
-		exit(1);
-		}
-	num=fread(buf,1,10240,in);
-	fclose(in);
-
-
-		p=buf;
-		if (d2i_X509_CRL(&nx,&p,num) == NULL) goto err;
-		printf("num=%d p-buf=%d\n",num,p-buf);
-
-		p=buf2;
-		num=i2d_X509_CRL(nx,&p);
-		printf("num=%d p-buf=%d\n",num,p-buf2);
-
-		if (memcmp(buf,buf2,num) != 0)
-			{
-			fprintf(stderr,"data difference\n");
-			for (i=0; i<num; i++)
-				fprintf(stderr,"%c%03d <%02X-%02X>\n",
-					(buf[i] == buf2[i])?' ':'*',i,
-					buf[i],buf2[i]);
-			fprintf(stderr,"\n");
-			exit(1);
-			}
-
-	return(1);
-err:
-	ERR_load_crypto_strings();
-	ERR_print_errors(stderr);
-	return(0);
-	}
-
-main3()
-	{
-	FILE *in;
-	unsigned char buf[10240],buf2[10240],*p;
-	int num,i;
-
-	X509_REQ *nx=NULL,*mx=NULL;
-
-	in=fopen("req.der","r");
-	if (in == NULL)
-		{
-		perror("req.der");
-		exit(1);
-		}
-	num=fread(buf,1,10240,in);
-	fclose(in);
-
-
-		p=buf;
-		if (d2i_X509_REQ(&nx,&p,num) == NULL) goto err;
-		printf("num=%d p-buf=%d\n",num,p-buf);
-
-		p=buf2;
-		num=i2d_X509_REQ(nx,&p);
-		printf("num=%d p-buf=%d\n",num,p-buf2);
-
-		if (memcmp(buf,buf2,num) != 0)
-			{
-			fprintf(stderr,"data difference\n");
-			for (i=0; i<num; i++)
-				fprintf(stderr,"%c%03d <%02X-%02X>\n",
-					(buf[i] == buf2[i])?' ':'*',i,
-					buf[i],buf2[i]);
-			fprintf(stderr,"\n");
-			exit(1);
-			}
-
-	return(1);
-err:
-	ERR_load_crypto_strings();
-	ERR_print_errors(stderr);
-	return(0);
-	}
-
-main4()
-	{
-	FILE *in;
-	unsigned char buf[10240],buf2[10240],*p;
-	int num,i;
-
-	RSA *nx=NULL,*mx=NULL;
-
-	in=fopen("rsa.der","r");
-	if (in == NULL)
-		{
-		perror("rsa.der");
-		exit(1);
-		}
-	num=fread(buf,1,10240,in);
-	fclose(in);
-
-
-		p=buf;
-		if (d2i_RSAPrivateKey(&nx,&p,num) == NULL) goto err;
-		printf("num=%d p-buf=%d\n",num,p-buf);
-
-		p=buf2;
-		num=i2d_RSAPrivateKey(nx,&p);
-		printf("num=%d p-buf=%d\n",num,p-buf2);
-
-		if (memcmp(buf,buf2,num) != 0)
-			{
-			fprintf(stderr,"data difference\n");
-			for (i=0; i<num; i++)
-				fprintf(stderr,"%c%03d <%02X-%02X>\n",
-					(buf[i] == buf2[i])?' ':'*',i,
-					buf[i],buf2[i]);
-			fprintf(stderr,"\n");
-			exit(1);
-			}
-
-	return(1);
-err:
-	ERR_load_crypto_strings();
-	ERR_print_errors(stderr);
-	return(0);
-	}
-
diff --git a/crypto/asn1/x b/crypto/asn1/x
deleted file mode 100644
index 13acdab427..0000000000
--- a/crypto/asn1/x
+++ /dev/null
@@ -1,353 +0,0 @@
-/* crypto/asn1/x_crl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
-
-/*
- * ASN1err(ASN1_F_D2I_X509_CRL,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_X509_CRL_INFO,ASN1_R_EXPECTING_A_SEQUENCE);
- * ASN1err(ASN1_F_D2I_X509_REVOKED,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_CRL_NEW,ASN1_R_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_CRL_INFO_NEW,ASN1_R_EXPECTING_A_SEQUENCE);
- * ASN1err(ASN1_F_X509_REVOKED_NEW,ASN1_R_LENGTH_MISMATCH);
- */
-
-#ifndef NOPROTO
-static int X509_REVOKED_cmp(X509_REVOKED **a,X509_REVOKED **b);
-static int X509_REVOKED_seq_cmp(X509_REVOKED **a,X509_REVOKED **b);
-#else
-static int X509_REVOKED_cmp();
-static int X509_REVOKED_seq_cmp();
-#endif
-
-int i2d_X509_REVOKED(a,pp)
-X509_REVOKED *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_UTCTIME);
-	M_ASN1_I2D_len_SEQ_opt(a->extensions,i2d_X509_EXTENSION);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_UTCTIME);
-	M_ASN1_I2D_put_SEQ_opt(a->extensions,i2d_X509_EXTENSION);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_REVOKED *d2i_X509_REVOKED(a,pp,length)
-X509_REVOKED **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,X509_REVOKED *,X509_REVOKED_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_UTCTIME);
-	M_ASN1_D2I_get_seq_opt(ret->extensions,d2i_X509_EXTENSION);
-	M_ASN1_D2I_Finish(a,X509_REVOKED_free,ASN1_F_D2I_X509_REVOKED);
-	}
-
-int i2d_X509_CRL_INFO(a,pp)
-X509_CRL_INFO *a;
-unsigned char **pp;
-	{
-	int v1=0;
-	long l=0;
-	M_ASN1_I2D_vars(a);
-
-	if (sk_num(a->revoked) != 0)
-		qsort((char *)a->revoked->data,sk_num(a->revoked),
-			sizeof(X509_REVOKED *),(int (*)(P_CC_CC))X509_REVOKED_seq_cmp);
-	if ((a->version != NULL) && ((l=ASN1_INTEGER_get(a->version)) != 0))
-		{
-		M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
-		}
-	M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);
-	M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_UTCTIME);
-	if (a->nextUpdate != NULL)
-		{ M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_UTCTIME); }
-	M_ASN1_I2D_len_SEQ_opt(a->revoked,i2d_X509_REVOKED);
-	M_ASN1_I2D_len_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,0,
-		V_ASN1_SEQUENCE,v1);
-
-	M_ASN1_I2D_seq_total();
-
-	if ((a->version != NULL) && (l != 0))
-		{
-		M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
-		}
-	M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->issuer,i2d_X509_NAME);
-	M_ASN1_I2D_put(a->lastUpdate,i2d_ASN1_UTCTIME);
-	if (a->nextUpdate != NULL)
-		{ M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_UTCTIME); }
-	M_ASN1_I2D_put_SEQ_opt(a->revoked,i2d_X509_REVOKED);
-	M_ASN1_I2D_put_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,0,
-		V_ASN1_SEQUENCE,v1);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_CRL_INFO *d2i_X509_CRL_INFO(a,pp,length)
-X509_CRL_INFO **a;
-unsigned char **pp;
-long length;
-	{
-	int i,ver=0;
-	M_ASN1_D2I_vars(a,X509_CRL_INFO *,X509_CRL_INFO_new);
-
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get_opt(ret->version,d2i_ASN1_INTEGER,V_ASN1_INTEGER);
-	if (ret->version != NULL)
-		ver=ret->version->data[0];
-	
-	if ((ver == 0) && (ret->version != NULL))
-		{
-		ASN1_INTEGER_free(ret->version);
-		ret->version=NULL;
-		}
-	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
-	M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_UTCTIME);
-	M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_UTCTIME,V_ASN1_UTCTIME);
-	if (ret->revoked != NULL)
-		{
-		while (sk_num(ret->revoked))
-			X509_REVOKED_free((X509_REVOKED *)sk_pop(ret->revoked));
-		}
-	M_ASN1_D2I_get_seq_opt(ret->revoked,d2i_X509_REVOKED);
-
-	if (ret->revoked != NULL)
-		{
-		for (i=0; i<sk_num(ret->revoked); i++)
-			{
-			((X509_REVOKED *)sk_value(ret->revoked,i))->sequence=i;
-			}
-		}
-
-	if (ver >= 1)
-		{
-		if (ret->extensions != NULL)
-			{
-			while (sk_num(ret->extensions))
-				X509_EXTENSION_free((X509_EXTENSION *)
-				sk_pop(ret->extensions));
-			}
-			
-		M_ASN1_D2I_get_EXP_set_opt(ret->extensions,d2i_X509_EXTENSION,
-			0,V_ASN1_SEQUENCE);
-		}
-
-	M_ASN1_D2I_Finish(a,X509_CRL_INFO_free,ASN1_F_D2I_X509_CRL_INFO);
-	}
-
-int i2d_X509_CRL(a,pp)
-X509_CRL *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->crl,i2d_X509_CRL_INFO);
-	M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->signature,i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->crl,i2d_X509_CRL_INFO);
-	M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->signature,i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_CRL *d2i_X509_CRL(a,pp,length)
-X509_CRL **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,X509_CRL *,X509_CRL_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->crl,d2i_X509_CRL_INFO);
-	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
-
-	M_ASN1_D2I_Finish(a,X509_CRL_free,ASN1_F_D2I_X509_CRL);
-	}
-
-
-X509_REVOKED *X509_REVOKED_new()
-	{
-	X509_REVOKED *ret=NULL;
-
-	M_ASN1_New_Malloc(ret,X509_REVOKED);
-	M_ASN1_New(ret->serialNumber,ASN1_INTEGER_new);
-	M_ASN1_New(ret->revocationDate,ASN1_UTCTIME_new);
-	ret->extensions=NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_REVOKED_NEW);
-	}
-
-X509_CRL_INFO *X509_CRL_INFO_new()
-	{
-	X509_CRL_INFO *ret=NULL;
-
-	M_ASN1_New_Malloc(ret,X509_CRL_INFO);
-	ret->version=NULL;
-	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
-	M_ASN1_New(ret->issuer,X509_NAME_new);
-	M_ASN1_New(ret->lastUpdate,ASN1_UTCTIME_new);
-	ret->nextUpdate=NULL;
-	M_ASN1_New(ret->revoked,sk_new_null);
-	M_ASN1_New(ret->extensions,sk_new_null);
-	ret->revoked->comp=(int (*)())X509_REVOKED_cmp;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW);
-	}
-
-X509_CRL *X509_CRL_new()
-	{
-	X509_CRL *ret=NULL;
-
-	M_ASN1_New_Malloc(ret,X509_CRL);
-	ret->references=1;
-	M_ASN1_New(ret->crl,X509_CRL_INFO_new);
-	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
-	M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_CRL_NEW);
-	}
-
-void X509_REVOKED_free(a)
-X509_REVOKED *a;
-	{
-	if (a == NULL) return;
-	ASN1_INTEGER_free(a->serialNumber);
-	ASN1_UTCTIME_free(a->revocationDate);
-	sk_pop_free(a->extensions,X509_EXTENSION_free);
-	Free((char *)a);
-	}
-
-void X509_CRL_INFO_free(a)
-X509_CRL_INFO *a;
-	{
-	if (a == NULL) return;
-	ASN1_INTEGER_free(a->version);
-	X509_ALGOR_free(a->sig_alg);
-	X509_NAME_free(a->issuer);
-	ASN1_UTCTIME_free(a->lastUpdate);
-	if (a->nextUpdate)
-		ASN1_UTCTIME_free(a->nextUpdate);
-	sk_pop_free(a->revoked,X509_REVOKED_free);
-	sk_pop_free(a->extensions,X509_EXTENSION_free);
-	Free((char *)a);
-	}
-
-void X509_CRL_free(a)
-X509_CRL *a;
-	{
-	int i;
-
-	if (a == NULL) return;
-
-	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509_CRL);
-#ifdef REF_PRINT
-	REF_PRINT("X509_CRL",a);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"X509_CRL_free, bad reference count\n");
-		abort();
-		}
-#endif
-
-	X509_CRL_INFO_free(a->crl);
-	X509_ALGOR_free(a->sig_alg);
-	ASN1_BIT_STRING_free(a->signature);
-	Free((char *)a);
-	}
-
-static int X509_REVOKED_cmp(a,b)
-X509_REVOKED **a,**b;
-	{
-	return(ASN1_STRING_cmp(
-		(ASN1_STRING *)(*a)->serialNumber,
-		(ASN1_STRING *)(*b)->serialNumber));
-	}
-
-static int X509_REVOKED_seq_cmp(a,b)
-X509_REVOKED **a,**b;
-	{
-	return((*a)->sequence-(*b)->sequence);
-	}
diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c
index 01aa0cb6fc..00b9ea54a1 100644
--- a/crypto/asn1/x_algor.c
+++ b/crypto/asn1/x_algor.c
@@ -1,127 +1,73 @@
-/* crypto/asn1/x_algor.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* x_algor.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "asn1_mac.h"
-
-/*
- * ASN1err(ASN1_F_D2I_X509_ALGOR,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_ALGOR_NEW,ERR_R_EXPECTING_AN_ASN1_SEQUENCE);
- * ASN1err(ASN1_F_D2I_X509_ALGOR,ERR_R_ASN1_LENGTH_MISMATCH);
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
 
-int i2d_X509_ALGOR(a,pp)
-X509_ALGOR *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->algorithm,i2d_ASN1_OBJECT);
-	if (a->parameter != NULL)
-		{ M_ASN1_I2D_len(a->parameter,i2d_ASN1_TYPE); }
-
-	M_ASN1_I2D_seq_total();
-	M_ASN1_I2D_put(a->algorithm,i2d_ASN1_OBJECT);
-	if (a->parameter != NULL)
-		{ M_ASN1_I2D_put(a->parameter,i2d_ASN1_TYPE); }
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_ALGOR *d2i_X509_ALGOR(a,pp,length)
-X509_ALGOR **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,X509_ALGOR *,X509_ALGOR_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->algorithm,d2i_ASN1_OBJECT);
-	if (!M_ASN1_D2I_end_sequence())
-		{ M_ASN1_D2I_get(ret->parameter,d2i_ASN1_TYPE); }
-	else
-		{
-		ASN1_TYPE_free(ret->parameter);
-		ret->parameter=NULL;
-		}
-	M_ASN1_D2I_Finish(a,X509_ALGOR_free,ASN1_F_D2I_X509_ALGOR);
-	}
-
-X509_ALGOR *X509_ALGOR_new()
-	{
-	X509_ALGOR *ret=NULL;
-	ASN1_CTX c;
+#include <stddef.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
 
-	M_ASN1_New_Malloc(ret,X509_ALGOR);
-	ret->algorithm=OBJ_nid2obj(NID_undef);
-	ret->parameter=NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_ALGOR_NEW);
-	}
+ASN1_SEQUENCE(X509_ALGOR) = {
+	ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT),
+	ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
+} ASN1_SEQUENCE_END(X509_ALGOR)
 
-void X509_ALGOR_free(a)
-X509_ALGOR *a;
-	{
-	if (a == NULL) return;
-	ASN1_OBJECT_free(a->algorithm);
-	ASN1_TYPE_free(a->parameter);
-	Free((char *)a);
-	}
+IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
 
+IMPLEMENT_STACK_OF(X509_ALGOR)
+IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
diff --git a/crypto/asn1/x_attrib.c b/crypto/asn1/x_attrib.c
index d9faf141d3..1e3713f18f 100644
--- a/crypto/asn1/x_attrib.c
+++ b/crypto/asn1/x_attrib.c
@@ -58,78 +58,45 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "objects.h"
-#include "asn1_mac.h"
+#include <openssl/objects.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
 
-/*
- * ASN1err(ASN1_F_D2I_X509_ATTRIBUTE,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_ATTRIBUTE_NEW,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- * ASN1err(ASN1_F_I2D_X509_ATTRIBUTE,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
+/* X509_ATTRIBUTE: this has the following form:
+ *
+ * typedef struct x509_attributes_st
+ *	{
+ *	ASN1_OBJECT *object;
+ *	int single;
+ *	union	{
+ *		char		*ptr;
+ * 		STACK_OF(ASN1_TYPE) *set;
+ * 		ASN1_TYPE	*single;
+ *		} value;
+ *	} X509_ATTRIBUTE;
+ *
+ * this needs some extra thought because the CHOICE type is
+ * merged with the main structure and because the value can
+ * be anything at all we *must* try the SET OF first because
+ * the ASN1_ANY type will swallow anything including the whole
+ * SET OF structure.
  */
 
-/* sequence */
-int i2d_X509_ATTRIBUTE(a,pp)
-X509_ATTRIBUTE *a;
-unsigned char **pp;
-	{
-	int k=0;
-	int r=0,ret=0;
-	unsigned char **p=NULL;
-
-	if (a == NULL) return(0);
-
-	p=NULL;
-	for (;;)
-		{
-		if (k)
-			{
-			r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
-			if (pp == NULL) return(r);
-			p=pp;
-			ASN1_put_object(p,1,ret,V_ASN1_SEQUENCE,
-				V_ASN1_UNIVERSAL);
-			}
-
-		ret+=i2d_ASN1_OBJECT(a->object,p);
-		if (a->set)
-			ret+=i2d_ASN1_SET(a->value.set,p,i2d_ASN1_TYPE,
-				V_ASN1_SET,V_ASN1_UNIVERSAL);
-		else
-			ret+=i2d_ASN1_TYPE(a->value.single,p);
-		if (k++) return(r);
-		}
-	}
-
-X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(a,pp,length)
-X509_ATTRIBUTE **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,X509_ATTRIBUTE *,X509_ATTRIBUTE_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT);
+ASN1_CHOICE(X509_ATTRIBUTE_SET) = {
+	ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY),
+	ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY)
+} ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single)
 
-	if ((c.slen != 0) &&
-		(M_ASN1_next == (V_ASN1_CONSTRUCTED|V_ASN1_UNIVERSAL|V_ASN1_SET)))
-		{
-		ret->set=1;
-		M_ASN1_D2I_get_set(ret->value.set,d2i_ASN1_TYPE,ASN1_TYPE_free);
-		}
-	else
-		{
-		ret->set=0;
-		M_ASN1_D2I_get(ret->value.single,d2i_ASN1_TYPE);
-		}
+ASN1_SEQUENCE(X509_ATTRIBUTE) = {
+	ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
+	/* CHOICE type merged with parent */
+	ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET)
+} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
 
-	M_ASN1_D2I_Finish(a,X509_ATTRIBUTE_free,ASN1_F_D2I_X509_ATTRIBUTE);
-	}
+IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
 
-X509_ATTRIBUTE *X509_ATTRIBUTE_create(nid,atrtype,value)
-int nid;
-int atrtype;
-char *value;
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
 	{
 	X509_ATTRIBUTE *ret=NULL;
 	ASN1_TYPE *val=NULL;
@@ -137,10 +104,10 @@ char *value;
 	if ((ret=X509_ATTRIBUTE_new()) == NULL)
 		return(NULL);
 	ret->object=OBJ_nid2obj(nid);
-	ret->set=1;
-	if ((ret->value.set=sk_new_null()) == NULL) goto err;
+	ret->single=0;
+	if ((ret->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err;
 	if ((val=ASN1_TYPE_new()) == NULL) goto err;
-	if (!sk_push(ret->value.set,(char *)val)) goto err;
+	if (!sk_ASN1_TYPE_push(ret->value.set,val)) goto err;
 
 	ASN1_TYPE_set(val,atrtype,value);
 	return(ret);
@@ -149,29 +116,3 @@ err:
 	if (val != NULL) ASN1_TYPE_free(val);
 	return(NULL);
 	}
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_new()
-	{
-	X509_ATTRIBUTE *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_ATTRIBUTE);
-	ret->object=OBJ_nid2obj(NID_undef);
-	ret->set=0;
-	ret->value.ptr=NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_ATTRIBUTE_NEW);
-	}
-	
-void X509_ATTRIBUTE_free(a)
-X509_ATTRIBUTE *a;
-	{
-	if (a == NULL) return;
-	ASN1_OBJECT_free(a->object);
-	if (a->set)
-		sk_pop_free(a->value.set,ASN1_TYPE_free);
-	else
-		ASN1_TYPE_free(a->value.single);
-	Free((char *)a);
-	}
-
diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c
new file mode 100644
index 0000000000..848c7a0877
--- /dev/null
+++ b/crypto/asn1/x_bignum.c
@@ -0,0 +1,137 @@
+/* x_bignum.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+
+/* Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a
+ * BIGNUM directly. Currently it ignores the sign which isn't a problem since all
+ * BIGNUMs used are non negative and anything that looks negative is normally due
+ * to an encoding error.
+ */
+
+#define BN_SENSITIVE	1
+
+static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+static int bn_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+static ASN1_PRIMITIVE_FUNCS bignum_pf = {
+	NULL, 0,
+	bn_new,
+	bn_free,
+	0,
+	bn_c2i,
+	bn_i2c
+};
+
+ASN1_ITEM_start(BIGNUM)
+	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
+ASN1_ITEM_end(BIGNUM)
+
+ASN1_ITEM_start(CBIGNUM)
+	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
+ASN1_ITEM_end(CBIGNUM)
+
+static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	*pval = (ASN1_VALUE *)BN_new();
+	if(*pval) return 1;
+	else return 0;
+}
+
+static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	if(!*pval) return;
+	if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval);
+	else BN_free((BIGNUM *)*pval);
+	*pval = NULL;
+}
+
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+{
+	BIGNUM *bn;
+	int pad;
+	if(!*pval) return -1;
+	bn = (BIGNUM *)*pval;
+	/* If MSB set in an octet we need a padding byte */
+	if(BN_num_bits(bn) & 0x7) pad = 0;
+	else pad = 1;
+	if(cont) {
+		if(pad) *cont++ = 0;
+		BN_bn2bin(bn, cont);
+	}
+	return pad + BN_num_bytes(bn);
+}
+
+static int bn_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
+{
+	BIGNUM *bn;
+	if(!*pval) bn_new(pval, it);
+	bn  = (BIGNUM *)*pval;
+	if(!BN_bin2bn(cont, len, bn)) {
+		bn_free(pval, it);
+		return 0;
+	}
+	return 1;
+}
+
+
diff --git a/crypto/asn1/x_cinf.c b/crypto/asn1/x_cinf.c
index 27aad14c52..339a110eef 100644
--- a/crypto/asn1/x_cinf.c
+++ b/crypto/asn1/x_cinf.c
@@ -58,16 +58,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-/*
- * ASN1err(ASN1_F_D2I_X509_CINF,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_CINF_NEW,ERR_R_ASN1_LENGTH_MISMATCH);
- */
-
-int i2d_X509_CINF(a,pp)
-X509_CINF *a;
-unsigned char **pp;
+int i2d_X509_CINF(X509_CINF *a, unsigned char **pp)
 	{
 	int v1=0,v2=0;
 	M_ASN1_I2D_vars(a);
@@ -81,7 +75,9 @@ unsigned char **pp;
 	M_ASN1_I2D_len(a->key,			i2d_X509_PUBKEY);
 	M_ASN1_I2D_len_IMP_opt(a->issuerUID,	i2d_ASN1_BIT_STRING);
 	M_ASN1_I2D_len_IMP_opt(a->subjectUID,	i2d_ASN1_BIT_STRING);
-	M_ASN1_I2D_len_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,3,V_ASN1_SEQUENCE,v2);
+	M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+					     i2d_X509_EXTENSION,3,
+					     V_ASN1_SEQUENCE,v2);
 
 	M_ASN1_I2D_seq_total();
 
@@ -94,15 +90,14 @@ unsigned char **pp;
 	M_ASN1_I2D_put(a->key,			i2d_X509_PUBKEY);
 	M_ASN1_I2D_put_IMP_opt(a->issuerUID,	i2d_ASN1_BIT_STRING,1);
 	M_ASN1_I2D_put_IMP_opt(a->subjectUID,	i2d_ASN1_BIT_STRING,2);
-	M_ASN1_I2D_put_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,3,V_ASN1_SEQUENCE,v2);
+	M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->extensions,
+					     i2d_X509_EXTENSION,3,
+					     V_ASN1_SEQUENCE,v2);
 
 	M_ASN1_I2D_finish();
 	}
 
-X509_CINF *d2i_X509_CINF(a,pp,length)
-X509_CINF **a;
-unsigned char **pp;
-long length;
+X509_CINF *d2i_X509_CINF(X509_CINF **a, unsigned char **pp, long length)
 	{
 	int ver=0;
 	M_ASN1_D2I_vars(a,X509_CINF *,X509_CINF_new);
@@ -120,7 +115,7 @@ long length;
 		{
 		if (ret->version != NULL)
 			{
-			ASN1_INTEGER_free(ret->version);
+			M_ASN1_INTEGER_free(ret->version);
 			ret->version=NULL;
 			}
 		}
@@ -134,12 +129,12 @@ long length;
 		{
 		if (ret->issuerUID != NULL)
 			{
-			ASN1_BIT_STRING_free(ret->issuerUID);
+			M_ASN1_BIT_STRING_free(ret->issuerUID);
 			ret->issuerUID=NULL;
 			}
 		if (ret->subjectUID != NULL)
 			{
-			ASN1_BIT_STRING_free(ret->subjectUID);
+			M_ASN1_BIT_STRING_free(ret->subjectUID);
 			ret->subjectUID=NULL;
 			}
 		M_ASN1_D2I_get_IMP_opt(ret->issuerUID,d2i_ASN1_BIT_STRING,  1,
@@ -147,26 +142,35 @@ long length;
 		M_ASN1_D2I_get_IMP_opt(ret->subjectUID,d2i_ASN1_BIT_STRING, 2,
 			V_ASN1_BIT_STRING);
 		}
+/* Note: some broken certificates include extensions but don't set
+ * the version number properly. By bypassing this check they can
+ * be parsed.
+ */
+
+#ifdef VERSION_EXT_CHECK
 	if (ver >= 2) /* version 3 extensions */
+#endif
 		{
 		if (ret->extensions != NULL)
-			while (sk_num(ret->extensions))
-				X509_EXTENSION_free((X509_EXTENSION *)
-					sk_pop(ret->extensions));
-		M_ASN1_D2I_get_EXP_set_opt(ret->extensions,d2i_X509_EXTENSION,
-			X509_EXTENSION_free,3,V_ASN1_SEQUENCE);
+			while (sk_X509_EXTENSION_num(ret->extensions))
+				X509_EXTENSION_free(
+				      sk_X509_EXTENSION_pop(ret->extensions));
+		M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,ret->extensions,
+						d2i_X509_EXTENSION,
+						X509_EXTENSION_free,3,
+						V_ASN1_SEQUENCE);
 		}
 	M_ASN1_D2I_Finish(a,X509_CINF_free,ASN1_F_D2I_X509_CINF);
 	}
 
-X509_CINF *X509_CINF_new()
+X509_CINF *X509_CINF_new(void)
 	{
 	X509_CINF *ret=NULL;
 	ASN1_CTX c;
 
 	M_ASN1_New_Malloc(ret,X509_CINF);
 	ret->version=NULL;
-	M_ASN1_New(ret->serialNumber,ASN1_INTEGER_new);
+	M_ASN1_New(ret->serialNumber,M_ASN1_INTEGER_new);
 	M_ASN1_New(ret->signature,X509_ALGOR_new);
 	M_ASN1_New(ret->issuer,X509_NAME_new);
 	M_ASN1_New(ret->validity,X509_VAL_new);
@@ -179,20 +183,19 @@ X509_CINF *X509_CINF_new()
 	M_ASN1_New_Error(ASN1_F_X509_CINF_NEW);
 	}
 
-void X509_CINF_free(a)
-X509_CINF *a;
+void X509_CINF_free(X509_CINF *a)
 	{
 	if (a == NULL) return;
-	ASN1_INTEGER_free(a->version);
-	ASN1_INTEGER_free(a->serialNumber);
+	M_ASN1_INTEGER_free(a->version);
+	M_ASN1_INTEGER_free(a->serialNumber);
 	X509_ALGOR_free(a->signature);
 	X509_NAME_free(a->issuer);
 	X509_VAL_free(a->validity);
 	X509_NAME_free(a->subject);
 	X509_PUBKEY_free(a->key);
-	ASN1_BIT_STRING_free(a->issuerUID);
-	ASN1_BIT_STRING_free(a->subjectUID);
-	sk_pop_free(a->extensions,X509_EXTENSION_free);
-	Free((char *)a);
+	M_ASN1_BIT_STRING_free(a->issuerUID);
+	M_ASN1_BIT_STRING_free(a->subjectUID);
+	sk_X509_EXTENSION_pop_free(a->extensions,X509_EXTENSION_free);
+	OPENSSL_free(a);
 	}
 
diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c
index fe7b5f175b..11fce96825 100644
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@@ -58,300 +58,105 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
-
-/*
- * ASN1err(ASN1_F_D2I_X509_CRL,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_X509_CRL_INFO,ERR_R_EXPECTING_AN_ASN1_SEQUENCE);
- * ASN1err(ASN1_F_D2I_X509_REVOKED,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_CRL_NEW,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_CRL_INFO_NEW,ERR_R_EXPECTING_AN_ASN1_SEQUENCE);
- * ASN1err(ASN1_F_X509_REVOKED_NEW,ERR_R_ASN1_LENGTH_MISMATCH);
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
+				const X509_REVOKED * const *b);
+static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,
+				const X509_REVOKED * const *b);
+
+ASN1_SEQUENCE(X509_REVOKED) = {
+	ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
+	ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
+	ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
+} ASN1_SEQUENCE_END(X509_REVOKED)
+
+/* The X509_CRL_INFO structure needs a bit of customisation. This is actually
+ * mirroring the old behaviour: its purpose is to allow the use of
+ * sk_X509_REVOKED_find to lookup revoked certificates. Unfortunately
+ * this will zap the original order and the signature so we keep a copy
+ * of the original positions and reorder appropriately before encoding.
+ *
+ * Might want to see if there's a better way of doing this later...
  */
-
-#ifndef NOPROTO
-static int X509_REVOKED_cmp(X509_REVOKED **a,X509_REVOKED **b);
-static int X509_REVOKED_seq_cmp(X509_REVOKED **a,X509_REVOKED **b);
-#else
-static int X509_REVOKED_cmp();
-static int X509_REVOKED_seq_cmp();
-#endif
-
-int i2d_X509_REVOKED(a,pp)
-X509_REVOKED *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_UTCTIME);
-	M_ASN1_I2D_len_SEQ_opt(a->extensions,i2d_X509_EXTENSION);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_UTCTIME);
-	M_ASN1_I2D_put_SEQ_opt(a->extensions,i2d_X509_EXTENSION);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_REVOKED *d2i_X509_REVOKED(a,pp,length)
-X509_REVOKED **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,X509_REVOKED *,X509_REVOKED_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_UTCTIME);
-	M_ASN1_D2I_get_seq_opt(ret->extensions,d2i_X509_EXTENSION,
-		X509_EXTENSION_free);
-	M_ASN1_D2I_Finish(a,X509_REVOKED_free,ASN1_F_D2I_X509_REVOKED);
-	}
-
-int i2d_X509_CRL_INFO(a,pp)
-X509_CRL_INFO *a;
-unsigned char **pp;
-	{
-	int v1=0;
-	long l=0;
-	M_ASN1_I2D_vars(a);
-
-	if (sk_num(a->revoked) != 0)
-		qsort((char *)a->revoked->data,sk_num(a->revoked),
-			sizeof(X509_REVOKED *),(int (*)(P_CC_CC))X509_REVOKED_seq_cmp);
-	if ((a->version != NULL) && ((l=ASN1_INTEGER_get(a->version)) != 0))
-		{
-		M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER);
-		}
-	M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);
-	M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_UTCTIME);
-	if (a->nextUpdate != NULL)
-		{ M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_UTCTIME); }
-	M_ASN1_I2D_len_SEQ_opt(a->revoked,i2d_X509_REVOKED);
-	M_ASN1_I2D_len_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,0,
-		V_ASN1_SEQUENCE,v1);
-
-	M_ASN1_I2D_seq_total();
-
-	if ((a->version != NULL) && (l != 0))
-		{
-		M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER);
-		}
-	M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->issuer,i2d_X509_NAME);
-	M_ASN1_I2D_put(a->lastUpdate,i2d_ASN1_UTCTIME);
-	if (a->nextUpdate != NULL)
-		{ M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_UTCTIME); }
-	M_ASN1_I2D_put_SEQ_opt(a->revoked,i2d_X509_REVOKED);
-	M_ASN1_I2D_put_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,0,
-		V_ASN1_SEQUENCE,v1);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_CRL_INFO *d2i_X509_CRL_INFO(a,pp,length)
-X509_CRL_INFO **a;
-unsigned char **pp;
-long length;
-	{
-	int i,ver=0;
-	M_ASN1_D2I_vars(a,X509_CRL_INFO *,X509_CRL_INFO_new);
-
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get_opt(ret->version,d2i_ASN1_INTEGER,V_ASN1_INTEGER);
-	if (ret->version != NULL)
-		ver=ret->version->data[0];
-	
-	if ((ver == 0) && (ret->version != NULL))
-		{
-		ASN1_INTEGER_free(ret->version);
-		ret->version=NULL;
-		}
-	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
-	M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_UTCTIME);
-	M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_UTCTIME,V_ASN1_UTCTIME);
-	if (ret->revoked != NULL)
-		{
-		while (sk_num(ret->revoked))
-			X509_REVOKED_free((X509_REVOKED *)sk_pop(ret->revoked));
-		}
-	M_ASN1_D2I_get_seq_opt(ret->revoked,d2i_X509_REVOKED,X509_REVOKED_free);
-
-	if (ret->revoked != NULL)
-		{
-		for (i=0; i<sk_num(ret->revoked); i++)
-			{
-			((X509_REVOKED *)sk_value(ret->revoked,i))->sequence=i;
-			}
-		}
-
-	if (ver >= 1)
-		{
-		if (ret->extensions != NULL)
-			{
-			while (sk_num(ret->extensions))
-				X509_EXTENSION_free((X509_EXTENSION *)
-				sk_pop(ret->extensions));
-			}
-			
-		M_ASN1_D2I_get_EXP_set_opt(ret->extensions,d2i_X509_EXTENSION,
-			X509_EXTENSION_free,0,V_ASN1_SEQUENCE);
-		}
-
-	M_ASN1_D2I_Finish(a,X509_CRL_INFO_free,ASN1_F_D2I_X509_CRL_INFO);
-	}
-
-int i2d_X509_CRL(a,pp)
-X509_CRL *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->crl,i2d_X509_CRL_INFO);
-	M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->signature,i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->crl,i2d_X509_CRL_INFO);
-	M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->signature,i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_CRL *d2i_X509_CRL(a,pp,length)
-X509_CRL **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,X509_CRL *,X509_CRL_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->crl,d2i_X509_CRL_INFO);
-	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
-
-	M_ASN1_D2I_Finish(a,X509_CRL_free,ASN1_F_D2I_X509_CRL);
-	}
-
-
-X509_REVOKED *X509_REVOKED_new()
-	{
-	X509_REVOKED *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_REVOKED);
-	M_ASN1_New(ret->serialNumber,ASN1_INTEGER_new);
-	M_ASN1_New(ret->revocationDate,ASN1_UTCTIME_new);
-	ret->extensions=NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_REVOKED_NEW);
-	}
-
-X509_CRL_INFO *X509_CRL_INFO_new()
-	{
-	X509_CRL_INFO *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_CRL_INFO);
-	ret->version=NULL;
-	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
-	M_ASN1_New(ret->issuer,X509_NAME_new);
-	M_ASN1_New(ret->lastUpdate,ASN1_UTCTIME_new);
-	ret->nextUpdate=NULL;
-	M_ASN1_New(ret->revoked,sk_new_null);
-	M_ASN1_New(ret->extensions,sk_new_null);
-	ret->revoked->comp=(int (*)())X509_REVOKED_cmp;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW);
-	}
-
-X509_CRL *X509_CRL_new()
-	{
-	X509_CRL *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_CRL);
-	ret->references=1;
-	M_ASN1_New(ret->crl,X509_CRL_INFO_new);
-	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
-	M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_CRL_NEW);
-	}
-
-void X509_REVOKED_free(a)
-X509_REVOKED *a;
-	{
-	if (a == NULL) return;
-	ASN1_INTEGER_free(a->serialNumber);
-	ASN1_UTCTIME_free(a->revocationDate);
-	sk_pop_free(a->extensions,X509_EXTENSION_free);
-	Free((char *)a);
-	}
-
-void X509_CRL_INFO_free(a)
-X509_CRL_INFO *a;
-	{
-	if (a == NULL) return;
-	ASN1_INTEGER_free(a->version);
-	X509_ALGOR_free(a->sig_alg);
-	X509_NAME_free(a->issuer);
-	ASN1_UTCTIME_free(a->lastUpdate);
-	if (a->nextUpdate)
-		ASN1_UTCTIME_free(a->nextUpdate);
-	sk_pop_free(a->revoked,X509_REVOKED_free);
-	sk_pop_free(a->extensions,X509_EXTENSION_free);
-	Free((char *)a);
-	}
-
-void X509_CRL_free(a)
-X509_CRL *a;
-	{
+static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
 	int i;
-
-	if (a == NULL) return;
-
-	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509_CRL);
-#ifdef REF_PRINT
-	REF_PRINT("X509_CRL",a);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"X509_CRL_free, bad reference count\n");
-		abort();
-		}
-#endif
-
-	X509_CRL_INFO_free(a->crl);
-	X509_ALGOR_free(a->sig_alg);
-	ASN1_BIT_STRING_free(a->signature);
-	Free((char *)a);
+	int (*old_cmp)(const X509_REVOKED * const *,
+			const X509_REVOKED * const *);
+
+	if(!a || !a->revoked) return 1;
+	switch(operation) {
+
+		/* Save original order */
+		case ASN1_OP_D2I_POST:
+		for (i=0; i<sk_X509_REVOKED_num(a->revoked); i++)
+			sk_X509_REVOKED_value(a->revoked,i)->sequence=i;
+		sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
+		break;
+
+		/* Restore original order */
+		case ASN1_OP_I2D_PRE:
+		old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp);
+		sk_X509_REVOKED_sort(a->revoked);
+		sk_X509_REVOKED_set_cmp_func(a->revoked,old_cmp);
+		break;
 	}
-
-static int X509_REVOKED_cmp(a,b)
-X509_REVOKED **a,**b;
+	return 1;
+}
+
+
+ASN1_SEQUENCE_cb(X509_CRL_INFO, crl_inf_cb) = {
+	ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
+	ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
+	ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
+	ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
+	ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
+	ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
+	ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END_cb(X509_CRL_INFO, X509_CRL_INFO)
+
+ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = {
+	ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
+	ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
+	ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED)
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
+
+static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
+			const X509_REVOKED * const *b)
 	{
 	return(ASN1_STRING_cmp(
 		(ASN1_STRING *)(*a)->serialNumber,
 		(ASN1_STRING *)(*b)->serialNumber));
 	}
 
-static int X509_REVOKED_seq_cmp(a,b)
-X509_REVOKED **a,**b;
+static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a,
+				const X509_REVOKED * const *b)
 	{
 	return((*a)->sequence-(*b)->sequence);
 	}
+
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
+{
+	X509_CRL_INFO *inf;
+	inf = crl->crl;
+	if(!inf->revoked)
+		inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
+	if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
+		ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	return 1;
+}
+
+IMPLEMENT_STACK_OF(X509_REVOKED)
+IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
+IMPLEMENT_STACK_OF(X509_CRL)
+IMPLEMENT_ASN1_SET_OF(X509_CRL)
diff --git a/crypto/asn1/x_exten.c b/crypto/asn1/x_exten.c
index f5e3ece226..702421b6c8 100644
--- a/crypto/asn1/x_exten.c
+++ b/crypto/asn1/x_exten.c
@@ -1,157 +1,71 @@
-/* crypto/asn1/x_exten.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* x_exten.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "objects.h"
-#include "asn1_mac.h"
-
-/*
- * ASN1err(ASN1_F_D2I_X509_EXTENSION,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_EXTENSION_NEW,ERR_R_ASN1_LENGTH_MISMATCH);
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
 
-int i2d_X509_EXTENSION(a,pp)
-X509_EXTENSION *a;
-unsigned char **pp;
-	{
-	int k=0;
-	int r=0,ret=0;
-	unsigned char **p=NULL;
-
-	if (a == NULL) return(0);
-
-	p=NULL;
-	for (;;)
-		{
-		if (k)
-			{
-			r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
-			if (pp == NULL) return(r);
-			p=pp;
-			ASN1_put_object(p,1,ret,V_ASN1_SEQUENCE,
-				V_ASN1_UNIVERSAL);
-			}
-
-		ret+=i2d_ASN1_OBJECT(a->object,p);
-		if ((a->critical) || a->netscape_hack)
-			ret+=i2d_ASN1_BOOLEAN(a->critical,p);
-		ret+=i2d_ASN1_OCTET_STRING(a->value,p);
-		if (k++) return(r);
-		}
-	}
-
-X509_EXTENSION *d2i_X509_EXTENSION(a,pp,length)
-X509_EXTENSION **a;
-unsigned char **pp;
-long length;
-	{
-	int i;
-	M_ASN1_D2I_vars(a,X509_EXTENSION *,X509_EXTENSION_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT);
-
-	if ((ret->argp != NULL) && (ret->ex_free != NULL))
-		ret->ex_free(ret);
-	ret->argl=0;
-	ret->argp=NULL;
-	ret->netscape_hack=0;
-	if ((c.slen != 0) &&
-		(M_ASN1_next == (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN)))
-		{
-		c.q=c.p;
-		if (d2i_ASN1_BOOLEAN(&i,&c.p,c.slen) < 0) goto err;
-		ret->critical=i;
-		c.slen-=(c.p-c.q);
-		if (ret->critical == 0) ret->netscape_hack=1;
-		}
-	M_ASN1_D2I_get(ret->value,d2i_ASN1_OCTET_STRING);
-
-	M_ASN1_D2I_Finish(a,X509_EXTENSION_free,ASN1_F_D2I_X509_EXTENSION);
-	}
-
-X509_EXTENSION *X509_EXTENSION_new()
-	{
-	X509_EXTENSION *ret=NULL;
-	ASN1_CTX c;
+#include <stddef.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
 
-	M_ASN1_New_Malloc(ret,X509_EXTENSION);
-	ret->object=OBJ_nid2obj(NID_undef);
-	M_ASN1_New(ret->value,ASN1_OCTET_STRING_new);
-	ret->critical=0;
-	ret->netscape_hack=0;
-	ret->argl=0L;
-	ret->argp=NULL;
-	ret->ex_free=NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_EXTENSION_NEW);
-	}
-	
-void X509_EXTENSION_free(a)
-X509_EXTENSION *a;
-	{
-	if (a == NULL) return;
-	if ((a->argp != NULL) && (a->ex_free != NULL))
-		a->ex_free(a);
-	ASN1_OBJECT_free(a->object);
-	ASN1_OCTET_STRING_free(a->value);
-	Free((char *)a);
-	}
+ASN1_SEQUENCE(X509_EXTENSION) = {
+	ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
+	ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
+	ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_EXTENSION)
 
+IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION)
diff --git a/crypto/asn1/x_info.c b/crypto/asn1/x_info.c
index b55f0ce77a..d44f6cdb01 100644
--- a/crypto/asn1/x_info.c
+++ b/crypto/asn1/x_info.c
@@ -58,15 +58,15 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "asn1_mac.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
 
-X509_INFO *X509_INFO_new()
+X509_INFO *X509_INFO_new(void)
 	{
 	X509_INFO *ret=NULL;
 
-	ret=(X509_INFO *)Malloc(sizeof(X509_INFO));
+	ret=(X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO));
 	if (ret == NULL)
 		{
 		ASN1err(ASN1_F_X509_INFO_NEW,ERR_R_MALLOC_FAILURE);
@@ -84,8 +84,7 @@ X509_INFO *X509_INFO_new()
 	return(ret);
 	}
 
-void X509_INFO_free(x)
-X509_INFO *x;
+void X509_INFO_free(X509_INFO *x)
 	{
 	int i;
 
@@ -107,5 +106,9 @@ X509_INFO *x;
 	if (x->x509 != NULL) X509_free(x->x509);
 	if (x->crl != NULL) X509_CRL_free(x->crl);
 	if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey);
-	Free((char *)x);
+	if (x->enc_data != NULL) OPENSSL_free(x->enc_data);
+	OPENSSL_free(x);
 	}
+
+IMPLEMENT_STACK_OF(X509_INFO)
+
diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c
new file mode 100644
index 0000000000..c04b192794
--- /dev/null
+++ b/crypto/asn1/x_long.c
@@ -0,0 +1,163 @@
+/* x_long.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+
+/* Custom primitive type for long handling. This converts between an ASN1_INTEGER
+ * and a long directly.
+ */
+
+
+static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+
+static ASN1_PRIMITIVE_FUNCS long_pf = {
+	NULL, 0,
+	long_new,
+	long_free,
+	long_free,	/* Clear should set to initial value */
+	long_c2i,
+	long_i2c
+};
+
+ASN1_ITEM_start(LONG)
+	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
+ASN1_ITEM_end(LONG)
+
+ASN1_ITEM_start(ZLONG)
+	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
+ASN1_ITEM_end(ZLONG)
+
+static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	*(long *)pval = it->size;
+	return 1;
+}
+
+static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	*(long *)pval = it->size;
+}
+
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+{
+	long ltmp;
+	unsigned long utmp;
+	int clen, pad, i;
+	ltmp = *(long *)pval;
+	if(ltmp == it->size) return -1;
+	/* Convert the long to positive: we subtract one if negative so
+	 * we can cleanly handle the padding if only the MSB of the leading
+	 * octet is set. 
+	 */
+	if(ltmp < 0) utmp = -ltmp - 1;
+	else utmp = ltmp;
+	clen = BN_num_bits_word(utmp);
+	/* If MSB of leading octet set we need to pad */
+	if(!(clen & 0x7)) pad = 1;
+	else pad = 0;
+
+	/* Convert number of bits to number of octets */
+	clen = (clen + 7) >> 3;
+
+	if(cont) {
+		if(pad) *cont++ = (ltmp < 0) ? 0xff : 0;
+		for(i = clen - 1; i >= 0; i--) {
+			cont[i] = (unsigned char)(utmp & 0xff);
+			if(ltmp < 0) cont[i] ^= 0xff;
+			utmp >>= 8;
+		}
+	}
+	return clen + pad;
+}
+
+static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
+{
+	int neg, i;
+	long ltmp;
+	unsigned long utmp = 0;
+	if(len > sizeof(long)) {
+		ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+		return 0;
+	}
+	/* Is it negative? */
+	if(len && (cont[0] & 0x80)) neg = 1;
+	else neg = 0;
+	utmp = 0;
+	for(i = 0; i < len; i++) {
+		utmp <<= 8;
+		if(neg) utmp |= cont[i] ^ 0xff;
+		else utmp |= cont[i];
+	}
+	ltmp = (long)utmp;
+	if(neg) {
+		ltmp++;
+		ltmp = -ltmp;
+	}
+	if(ltmp == it->size) {
+		ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+		return 0;
+	}
+	*(long *)pval = ltmp;
+	return 1;
+}
diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c
index 3b8bc5191f..caece0f158 100644
--- a/crypto/asn1/x_name.c
+++ b/crypto/asn1/x_name.c
@@ -58,232 +58,203 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "objects.h"
-#include "asn1_mac.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
 
-/*
- * ASN1err(ASN1_F_D2I_X509_NAME,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_NAME_NEW,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- * ASN1err(ASN1_F_D2I_X509_NAME_ENTRY,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_NAME_ENTRY_NEW,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE);
- */
-
-#ifndef NOPROTO
-static int i2d_X509_NAME_entries(X509_NAME *a);
-#else
-static int i2d_X509_NAME_entries();
-#endif
-
-int i2d_X509_NAME_ENTRY(a,pp)
-X509_NAME_ENTRY *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->object,i2d_ASN1_OBJECT);
-	M_ASN1_I2D_len(a->value,i2d_ASN1_PRINTABLE);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->object,i2d_ASN1_OBJECT);
-	M_ASN1_I2D_put(a->value,i2d_ASN1_PRINTABLE);
-
-	M_ASN1_I2D_finish();
-	}
+static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it,
+					int tag, int aclass, char opt, ASN1_TLC *ctx);
 
-X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(a,pp,length)
-X509_NAME_ENTRY **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,X509_NAME_ENTRY *,X509_NAME_ENTRY_new);
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
+static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
 
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT);
-	M_ASN1_D2I_get(ret->value,d2i_ASN1_PRINTABLE);
-	ret->set=0;
-	M_ASN1_D2I_Finish(a,X509_NAME_ENTRY_free,ASN1_F_D2I_X509_NAME_ENTRY);
-	}
+static int x509_name_encode(X509_NAME *a);
 
-int i2d_X509_NAME(a,pp)
-X509_NAME *a;
-unsigned char **pp;
-	{
-	int ret;
+ASN1_SEQUENCE(X509_NAME_ENTRY) = {
+	ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
+	ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
+} ASN1_SEQUENCE_END(X509_NAME_ENTRY)
 
-	if (a == NULL) return(0);
-	if (a->modified)
-		{
-		ret=i2d_X509_NAME_entries(a);
-		if (ret < 0) return(ret);
-		}
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
 
-	ret=a->bytes->length;
-	if (pp != NULL)
-		{
-		memcpy(*pp,a->bytes->data,ret);
-		*pp+=ret;
-		}
-	return(ret);
-	}
-
-static int i2d_X509_NAME_entries(a)
-X509_NAME *a;
-	{
-	X509_NAME_ENTRY *ne,*fe=NULL;
-	STACK *sk;
-	BUF_MEM *buf=NULL;
-	int set=0,r,ret=0;
-	int i;
-	unsigned char *p;
-	int size=0;
-
-	sk=a->entries;
-	for (i=0; i<sk_num(sk); i++)
-		{
-		ne=(X509_NAME_ENTRY *)sk_value(sk,i);
-		if (fe == NULL)
-			{
-			fe=ne;
-			size=0;
-			}
-
-		if (ne->set != set)
-			{
-			ret+=ASN1_object_size(1,size,V_ASN1_SET);
-			fe->size=size;
-			fe=ne;
-			size=0;
-			set=ne->set;
-			}
-		size+=i2d_X509_NAME_ENTRY(ne,NULL);
-		}
+/* For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY }
+ * so declare two template wrappers for this
+ */
 
-	ret+=ASN1_object_size(1,size,V_ASN1_SET);
-	if (fe != NULL)
-		fe->size=size;
+ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
+ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
 
-	r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE);
+ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
+ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
 
-	buf=a->bytes;
-	if (!BUF_MEM_grow(buf,r)) goto err;
-	p=(unsigned char *)buf->data;
+/* Normally that's where it would end: we'd have two nested STACK structures
+ * representing the ASN1. Unfortunately X509_NAME uses a completely different
+ * form and caches encodings so we have to process the internal form and convert
+ * to the external form.
+ */
 
-	ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
+const ASN1_EXTERN_FUNCS x509_name_ff = {
+	NULL,
+	x509_name_ex_new,
+	x509_name_ex_free,
+	0,	/* Default clear behaviour is OK */
+	x509_name_ex_d2i,
+	x509_name_ex_i2d
+};
+
+IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) 
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
+
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
+{
+	X509_NAME *ret = NULL;
+	ret = OPENSSL_malloc(sizeof(X509_NAME));
+	if(!ret) goto memerr;
+	if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)
+		goto memerr;
+	if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr;
+	ret->modified=1;
+	*val = (ASN1_VALUE *)ret;
+	return 1;
 
-	set= -1;
-	for (i=0; i<sk_num(sk); i++)
+ memerr:
+	ASN1err(ASN1_F_X509_NAME_NEW, ERR_R_MALLOC_FAILURE);
+	if (ret)
 		{
-		ne=(X509_NAME_ENTRY *)sk_value(sk,i);
-		if (set != ne->set)
-			{
-			set=ne->set;
-			ASN1_put_object(&p,1,ne->size,
-				V_ASN1_SET,V_ASN1_UNIVERSAL);
-			}
-		i2d_X509_NAME_ENTRY(ne,&p);
+		if (ret->entries)
+			sk_X509_NAME_ENTRY_free(ret->entries);
+		OPENSSL_free(ret);
 		}
-	a->modified=0;
-	return(r);
-err:
-	return(-1);
-	}
+	return 0;
+}
 
-X509_NAME *d2i_X509_NAME(a,pp,length)
-X509_NAME **a;
-unsigned char **pp;
-long length;
-	{
-	int set=0,i;
-	int idx=0;
-	unsigned char *orig;
-	M_ASN1_D2I_vars(a,X509_NAME *,X509_NAME_new);
+static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	X509_NAME *a;
+	if(!pval || !*pval)
+	    return;
+	a = (X509_NAME *)*pval;
 
-	orig= *pp;
-	if (sk_num(ret->entries) > 0)
-		{
-		while (sk_num(ret->entries) > 0)
-			X509_NAME_ENTRY_free((X509_NAME_ENTRY *)
-				sk_pop(ret->entries));
-		}
+	BUF_MEM_free(a->bytes);
+	sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
+	OPENSSL_free(a);
+	*pval = NULL;
+}
+
+/* Used with sk_pop_free() to free up the internal representation.
+ * NB: we only free the STACK and not its contents because it is
+ * already present in the X509_NAME structure.
+ */
 
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	for (;;)
-		{
-		if (M_ASN1_D2I_end_sequence()) break;
-		M_ASN1_D2I_get_set(ret->entries,d2i_X509_NAME_ENTRY,
-			X509_NAME_ENTRY_free);
-		for (; idx < sk_num(ret->entries); idx++)
-			{
-			((X509_NAME_ENTRY *)sk_value(ret->entries,idx))->set=
-				set;
-			}
-		set++;
+static void sk_internal_free(void *a)
+{
+	sk_free(a);
+}
+
+static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it,
+					int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+	unsigned char *p = *in, *q;
+	STACK *intname = NULL;
+	int i, j, ret;
+	X509_NAME *nm = NULL;
+	STACK_OF(X509_NAME_ENTRY) *entries;
+	X509_NAME_ENTRY *entry;
+	q = p;
+
+	/* Get internal representation of Name */
+	ret = ASN1_item_ex_d2i((ASN1_VALUE **)&intname, &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+								tag, aclass, opt, ctx);
+	
+	if(ret <= 0) return ret;
+
+	if(*val) x509_name_ex_free(val, NULL);
+	if(!x509_name_ex_new((ASN1_VALUE **)&nm, NULL)) goto err;
+	/* We've decoded it: now cache encoding */
+	if(!BUF_MEM_grow(nm->bytes, p - q)) goto err;
+	memcpy(nm->bytes->data, q, p - q);
+
+	/* Convert internal representation to X509_NAME structure */
+	for(i = 0; i < sk_num(intname); i++) {
+		entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname, i);
+		for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
+			entry = sk_X509_NAME_ENTRY_value(entries, j);
+			entry->set = i;
+			if(!sk_X509_NAME_ENTRY_push(nm->entries, entry))
+				goto err;
 		}
-
-	i=(int)(c.p-orig);
-	if (!BUF_MEM_grow(ret->bytes,i)) goto err;
-	memcpy(ret->bytes->data,orig,i);
-	ret->bytes->length=i;
-	ret->modified=0;
-
-	M_ASN1_D2I_Finish(a,X509_NAME_free,ASN1_F_D2I_X509_NAME);
+		sk_X509_NAME_ENTRY_free(entries);
 	}
-
-X509_NAME *X509_NAME_new()
-	{
-	X509_NAME *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_NAME);
-	if ((ret->entries=sk_new(NULL)) == NULL)
-		{ c.line=__LINE__; goto err2; }
-	M_ASN1_New(ret->bytes,BUF_MEM_new);
-	ret->modified=1;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_NAME_NEW);
+	sk_free(intname);
+	nm->modified = 0;
+	*val = (ASN1_VALUE *)nm;
+	*in = p;
+	return ret;
+	err:
+	ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_NESTED_ASN1_ERROR);
+	return 0;
+}
+
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
+{
+	int ret;
+	X509_NAME *a = (X509_NAME *)*val;
+	if(a->modified) {
+		ret = x509_name_encode((X509_NAME *)a);
+		if(ret < 0) return ret;
 	}
-
-X509_NAME_ENTRY *X509_NAME_ENTRY_new()
-	{
-	X509_NAME_ENTRY *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_NAME_ENTRY);
-/*	M_ASN1_New(ret->object,ASN1_OBJECT_new);*/
-	ret->object=NULL;
-	ret->set=0;
-	M_ASN1_New(ret->value,ASN1_STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_NAME_ENTRY_NEW);
+	ret = a->bytes->length;
+	if(out != NULL) {
+		memcpy(*out,a->bytes->data,ret);
+		*out+=ret;
 	}
+	return ret;
+}
 
-void X509_NAME_free(a)
-X509_NAME *a;
-	{
-	BUF_MEM_free(a->bytes);
-	sk_pop_free(a->entries,X509_NAME_ENTRY_free);
-	Free((char *)a);
-	}
-
-void X509_NAME_ENTRY_free(a)
-X509_NAME_ENTRY *a;
-	{
-	if (a == NULL) return;
-	ASN1_OBJECT_free(a->object);
-	ASN1_BIT_STRING_free(a->value);
-	Free((char *)a);
+static int x509_name_encode(X509_NAME *a)
+{
+	STACK *intname = NULL;
+	int len;
+	unsigned char *p;
+	STACK_OF(X509_NAME_ENTRY) *entries = NULL;
+	X509_NAME_ENTRY *entry;
+	int i, set = -1;
+	intname = sk_new_null();
+	if(!intname) goto memerr;
+	for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+		entry = sk_X509_NAME_ENTRY_value(a->entries, i);
+		if(entry->set != set) {
+			entries = sk_X509_NAME_ENTRY_new_null();
+			if(!entries) goto memerr;
+			if(!sk_push(intname, (char *)entries)) goto memerr;
+			set = entry->set;
+		}
+		if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
 	}
-
-int X509_NAME_set(xn,name)
-X509_NAME **xn;
-X509_NAME *name;
+	len = ASN1_item_ex_i2d((ASN1_VALUE **)&intname, NULL, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+	if (!BUF_MEM_grow(a->bytes,len)) goto memerr;
+	p=(unsigned char *)a->bytes->data;
+	ASN1_item_ex_i2d((ASN1_VALUE **)&intname, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+	sk_pop_free(intname, sk_internal_free);
+	a->modified = 0;
+	return len;
+	memerr:
+	sk_pop_free(intname, sk_internal_free);
+	ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_MALLOC_FAILURE);
+	return -1;
+}
+
+
+int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
 	{
 	X509_NAME *in;
 
-	if (*xn == NULL) return(0);
+	if (!xn || !name) return(0);
 
 	if (*xn != name)
 		{
@@ -297,3 +268,5 @@ X509_NAME *name;
 	return(*xn != NULL);
 	}
 	
+IMPLEMENT_STACK_OF(X509_NAME_ENTRY)
+IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY)
diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c
index 3a359cce9e..f1c6221ac3 100644
--- a/crypto/asn1/x_pkey.c
+++ b/crypto/asn1/x_pkey.c
@@ -58,25 +58,18 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "asn1_mac.h"
-
-/* ASN1err(ASN1_F_D2I_X509_PKEY,ASN1_R_UNSUPPORTED_CIPHER); */
-/* ASN1err(ASN1_F_X509_PKEY_NEW,ASN1_R_IV_TOO_LARGE); */
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
 /* need to implement */
-int i2d_X509_PKEY(a,pp)
-X509_PKEY *a;
-unsigned char **pp;
+int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)
 	{
 	return(0);
 	}
 
-X509_PKEY *d2i_X509_PKEY(a,pp,length)
-X509_PKEY **a;
-unsigned char **pp;
-long length;
+X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, unsigned char **pp, long length)
 	{
 	int i;
 	M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new);
@@ -111,7 +104,7 @@ long length;
 	M_ASN1_D2I_Finish(a,X509_PKEY_free,ASN1_F_D2I_X509_PKEY);
 	}
 
-X509_PKEY *X509_PKEY_new()
+X509_PKEY *X509_PKEY_new(void)
 	{
 	X509_PKEY *ret=NULL;
 	ASN1_CTX c;
@@ -119,7 +112,7 @@ X509_PKEY *X509_PKEY_new()
 	M_ASN1_New_Malloc(ret,X509_PKEY);
 	ret->version=0;
 	M_ASN1_New(ret->enc_algor,X509_ALGOR_new);
-	M_ASN1_New(ret->enc_pkey,ASN1_OCTET_STRING_new);
+	M_ASN1_New(ret->enc_pkey,M_ASN1_OCTET_STRING_new);
 	ret->dec_pkey=NULL;
 	ret->key_length=0;
 	ret->key_data=NULL;
@@ -131,8 +124,7 @@ X509_PKEY *X509_PKEY_new()
 	M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);
 	}
 
-void X509_PKEY_free(x)
-X509_PKEY *x;
+void X509_PKEY_free(X509_PKEY *x)
 	{
 	int i;
 
@@ -152,8 +144,8 @@ X509_PKEY *x;
 #endif
 
 	if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor);
-	if (x->enc_pkey != NULL) ASN1_OCTET_STRING_free(x->enc_pkey);
+	if (x->enc_pkey != NULL) M_ASN1_OCTET_STRING_free(x->enc_pkey);
 	if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey);
-	if ((x->key_data != NULL) && (x->key_free)) Free((char *)x->key_data);
-	Free((char *)(char *)x);
+	if ((x->key_data != NULL) && (x->key_free)) OPENSSL_free(x->key_data);
+	OPENSSL_free(x);
 	}
diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c
index b8e6d0e00e..c32a6eaa49 100644
--- a/crypto/asn1/x_pubkey.c
+++ b/crypto/asn1/x_pubkey.c
@@ -58,81 +58,34 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
 
-/*
- * ASN1err(ASN1_F_D2I_X509_PUBKEY,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_PUBKEY_NEW,ERR_R_ASN1_LENGTH_MISMATCH);
- */
-
-int i2d_X509_PUBKEY(a,pp)
-X509_PUBKEY *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->public_key,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->public_key,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_PUBKEY *d2i_X509_PUBKEY(a,pp,length)
-X509_PUBKEY **a;
-unsigned char **pp;
-long length;
+/* Minor tweak to operation: free up EVP_PKEY */
+static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 	{
-	M_ASN1_D2I_vars(a,X509_PUBKEY *,X509_PUBKEY_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->public_key,d2i_ASN1_BIT_STRING);
-	if (ret->pkey != NULL)
+	if (operation == ASN1_OP_FREE_POST)
 		{
-		EVP_PKEY_free(ret->pkey);
-		ret->pkey=NULL;
+		X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
+		EVP_PKEY_free(pubkey->pkey);
 		}
-	M_ASN1_D2I_Finish(a,X509_PUBKEY_free,ASN1_F_D2I_X509_PUBKEY);
+	return 1;
 	}
 
-X509_PUBKEY *X509_PUBKEY_new()
-	{
-	X509_PUBKEY *ret=NULL;
-	ASN1_CTX c;
+ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
+	ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
+	ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY)
 
-	M_ASN1_New_Malloc(ret,X509_PUBKEY);
-	M_ASN1_New(ret->algor,X509_ALGOR_new);
-	M_ASN1_New(ret->public_key,ASN1_BIT_STRING_new);
-	ret->pkey=NULL;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_PUBKEY_NEW);
-	}
+IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
 
-void X509_PUBKEY_free(a)
-X509_PUBKEY *a;
-	{
-	if (a == NULL) return;
-	X509_ALGOR_free(a->algor);
-	ASN1_BIT_STRING_free(a->public_key);
-	if (a->pkey != NULL) EVP_PKEY_free(a->pkey);
-	Free((char *)a);
-	}
-
-int X509_PUBKEY_set(x,pkey)
-X509_PUBKEY **x;
-EVP_PKEY *pkey;
+int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 	{
 	int ok=0;
 	X509_PUBKEY *pk;
 	X509_ALGOR *a;
 	ASN1_OBJECT *o;
-	unsigned char *s,*p;
+	unsigned char *s,*p = NULL;
 	int i;
 
 	if (x == NULL) return(0);
@@ -156,42 +109,105 @@ EVP_PKEY *pkey;
 			a->parameter->type=V_ASN1_NULL;
 			}
 		}
-	else
-#ifndef NO_DSA
-		if (pkey->type == EVP_PKEY_DSA)
+#ifndef OPENSSL_NO_DSA
+	else if (pkey->type == EVP_PKEY_DSA)
 		{
 		unsigned char *pp;
 		DSA *dsa;
-
+		
 		dsa=pkey->pkey.dsa;
 		dsa->write_params=0;
 		ASN1_TYPE_free(a->parameter);
 		i=i2d_DSAparams(dsa,NULL);
-		p=(unsigned char *)Malloc(i);
+		if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err;
 		pp=p;
 		i2d_DSAparams(dsa,&pp);
 		a->parameter=ASN1_TYPE_new();
 		a->parameter->type=V_ASN1_SEQUENCE;
 		a->parameter->value.sequence=ASN1_STRING_new();
 		ASN1_STRING_set(a->parameter->value.sequence,p,i);
-		Free(p);
+		OPENSSL_free(p);
+		}
+#endif
+#ifndef OPENSSL_NO_EC
+	else if (pkey->type == EVP_PKEY_EC)
+		{
+		int nid=0;
+		unsigned char *pp;
+		EC_KEY *eckey;
+		
+		eckey = pkey->pkey.eckey;
+		ASN1_TYPE_free(a->parameter);
+
+		if ((a->parameter = ASN1_TYPE_new()) == NULL)
+			{
+			X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
+			goto err;
+			}
+
+		if (EC_GROUP_get_asn1_flag(eckey->group)
+                     && (nid = EC_GROUP_get_nid(eckey->group)))
+			{
+			/* just set the OID */
+			a->parameter->type = V_ASN1_OBJECT;
+			a->parameter->value.object = OBJ_nid2obj(nid);
+			}
+		else /* explicit parameters */
+			{
+			if ((i = i2d_ECParameters(eckey, NULL)) == 0)
+				{
+				X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
+				goto err;
+				}
+			if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
+				{
+				X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
+				goto err;
+				}	
+			pp = p;
+			if (!i2d_ECParameters(eckey, &pp))
+				{
+				X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
+				OPENSSL_free(p);
+				goto err;
+				}
+			a->parameter->type = V_ASN1_SEQUENCE;
+			if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL)
+				{
+				X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
+				OPENSSL_free(p);
+				goto err;
+				}
+			ASN1_STRING_set(a->parameter->value.sequence, p, i);
+			OPENSSL_free(p);
+			}
 		}
-	else
 #endif
+	else if (1)
 		{
 		X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
 		goto err;
 		}
 
-	i=i2d_PublicKey(pkey,NULL);
-	if ((s=(unsigned char *)Malloc(i+1)) == NULL) goto err;
+	if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
+	if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)
+		{
+		X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
 	p=s;
 	i2d_PublicKey(pkey,&p);
-	if (!ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
-	Free(s);
+	if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err;
+	/* Set number of unused bits to zero */
+	pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+	pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+
+	OPENSSL_free(s);
 
+#if 0
 	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
 	pk->pkey=pkey;
+#endif
 
 	if (*x != NULL)
 		X509_PUBKEY_free(*x);
@@ -205,49 +221,116 @@ err:
 	return(ok);
 	}
 
-EVP_PKEY *X509_PUBKEY_get(key)
-X509_PUBKEY *key;
+EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 	{
 	EVP_PKEY *ret=NULL;
 	long j;
 	int type;
 	unsigned char *p;
-#ifndef NO_DSA
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
+	const unsigned char *cp;
 	X509_ALGOR *a;
 #endif
 
 	if (key == NULL) goto err;
 
-	if (key->pkey != NULL) return(key->pkey);
+	if (key->pkey != NULL)
+		{
+		CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+		return(key->pkey);
+		}
 
 	if (key->public_key == NULL) goto err;
 
 	type=OBJ_obj2nid(key->algor->algorithm);
-	p=key->public_key->data;
-        j=key->public_key->length;
-        if ((ret=d2i_PublicKey(type,NULL,&p,(long)j)) == NULL)
+	if ((ret = EVP_PKEY_new()) == NULL)
 		{
-		X509err(X509_F_X509_PUBKEY_GET,X509_R_ERR_ASN1_LIB);
+		X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
-	ret->save_parameters=0;
+	ret->type = EVP_PKEY_type(type);
 
-#ifndef NO_DSA
+	/* the parameters must be extracted before the public key (ECDSA!) */
+	
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
 	a=key->algor;
-	if (ret->type == EVP_PKEY_DSA)
+#endif
+
+	if (0)
+		;
+#ifndef OPENSSL_NO_DSA
+	else if (ret->type == EVP_PKEY_DSA)
 		{
-		if (a->parameter->type == V_ASN1_SEQUENCE)
+		if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
 			{
+			if ((ret->pkey.dsa = DSA_new()) == NULL)
+				{
+				X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
 			ret->pkey.dsa->write_params=0;
-			p=a->parameter->value.sequence->data;
+			cp=p=a->parameter->value.sequence->data;
 			j=a->parameter->value.sequence->length;
-			if (!d2i_DSAparams(&ret->pkey.dsa,&p,(long)j))
+			if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j))
 				goto err;
 			}
 		ret->save_parameters=1;
 		}
 #endif
-	key->pkey=ret;
+#ifndef OPENSSL_NO_EC
+	else if (ret->type == EVP_PKEY_EC)
+		{
+		if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
+			{
+			/* type == V_ASN1_SEQUENCE => we have explicit parameters
+                         * (e.g. parameters in the X9_62_EC_PARAMETERS-structure )
+			 */
+			if ((ret->pkey.eckey= EC_KEY_new()) == NULL)
+				{
+				X509err(X509_F_X509_PUBKEY_GET, 
+					ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
+			cp = p = a->parameter->value.sequence->data;
+			j = a->parameter->value.sequence->length;
+			if (!d2i_ECParameters(&ret->pkey.eckey, &cp, (long)j))
+				{
+				X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB);
+				goto err;
+				}
+			}
+		else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT))
+			{
+			/* type == V_ASN1_OBJECT => the parameters are given
+			 * by an asn1 OID
+			 */
+			EC_KEY *eckey;
+			if (ret->pkey.eckey == NULL)
+				ret->pkey.eckey = EC_KEY_new();
+			eckey = ret->pkey.eckey;
+			if (eckey->group)
+				EC_GROUP_free(eckey->group);
+			if ((eckey->group = EC_GROUP_new_by_nid(
+                             OBJ_obj2nid(a->parameter->value.object))) == NULL)
+				goto err;
+			EC_GROUP_set_asn1_flag(eckey->group, 
+						OPENSSL_EC_NAMED_CURVE);
+			}
+			/* the case implicitlyCA is currently not implemented */
+		ret->save_parameters = 1;
+		}
+#endif
+
+	p=key->public_key->data;
+        j=key->public_key->length;
+        if ((ret = d2i_PublicKey(type, &ret, &p, (long)j)) == NULL)
+		{
+		X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB);
+		goto err;
+		}
+
+	key->pkey = ret;
+	CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
 	return(ret);
 err:
 	if (ret != NULL)
@@ -255,3 +338,156 @@ err:
 	return(NULL);
 	}
 
+/* Now two pseudo ASN1 routines that take an EVP_PKEY structure
+ * and encode or decode as X509_PUBKEY
+ */
+
+EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, unsigned char **pp,
+	     long length)
+	{
+	X509_PUBKEY *xpk;
+	EVP_PKEY *pktmp;
+	xpk = d2i_X509_PUBKEY(NULL, pp, length);
+	if(!xpk) return NULL;
+	pktmp = X509_PUBKEY_get(xpk);
+	X509_PUBKEY_free(xpk);
+	if(!pktmp) return NULL;
+	if(a)
+		{
+		EVP_PKEY_free(*a);
+		*a = pktmp;
+		}
+	return pktmp;
+	}
+
+int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
+	{
+	X509_PUBKEY *xpk=NULL;
+	int ret;
+	if(!a) return 0;
+	if(!X509_PUBKEY_set(&xpk, a)) return 0;
+	ret = i2d_X509_PUBKEY(xpk, pp);
+	X509_PUBKEY_free(xpk);
+	return ret;
+	}
+
+/* The following are equivalents but which return RSA and DSA
+ * keys
+ */
+#ifndef OPENSSL_NO_RSA
+RSA *d2i_RSA_PUBKEY(RSA **a, unsigned char **pp,
+	     long length)
+	{
+	EVP_PKEY *pkey;
+	RSA *key;
+	unsigned char *q;
+	q = *pp;
+	pkey = d2i_PUBKEY(NULL, &q, length);
+	if (!pkey) return NULL;
+	key = EVP_PKEY_get1_RSA(pkey);
+	EVP_PKEY_free(pkey);
+	if (!key) return NULL;
+	*pp = q;
+	if (a)
+		{
+		RSA_free(*a);
+		*a = key;
+		}
+	return key;
+	}
+
+int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
+	{
+	EVP_PKEY *pktmp;
+	int ret;
+	if (!a) return 0;
+	pktmp = EVP_PKEY_new();
+	if (!pktmp)
+		{
+		ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
+	EVP_PKEY_set1_RSA(pktmp, a);
+	ret = i2d_PUBKEY(pktmp, pp);
+	EVP_PKEY_free(pktmp);
+	return ret;
+	}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp,
+	     long length)
+	{
+	EVP_PKEY *pkey;
+	DSA *key;
+	unsigned char *q;
+	q = *pp;
+	pkey = d2i_PUBKEY(NULL, &q, length);
+	if (!pkey) return NULL;
+	key = EVP_PKEY_get1_DSA(pkey);
+	EVP_PKEY_free(pkey);
+	if (!key) return NULL;
+	*pp = q;
+	if (a)
+		{
+		DSA_free(*a);
+		*a = key;
+		}
+	return key;
+	}
+
+int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
+	{
+	EVP_PKEY *pktmp;
+	int ret;
+	if(!a) return 0;
+	pktmp = EVP_PKEY_new();
+	if(!pktmp)
+		{
+		ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
+	EVP_PKEY_set1_DSA(pktmp, a);
+	ret = i2d_PUBKEY(pktmp, pp);
+	EVP_PKEY_free(pktmp);
+	return ret;
+	}
+#endif
+
+#ifndef OPENSSL_NO_EC
+EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, unsigned char **pp, long length)
+	{
+	EVP_PKEY *pkey;
+	EC_KEY *key;
+	unsigned char *q;
+	q = *pp;
+	pkey = d2i_PUBKEY(NULL, &q, length);
+	if (!pkey) return(NULL);
+	key = EVP_PKEY_get1_EC_KEY(pkey);
+	EVP_PKEY_free(pkey);
+	if (!key)  return(NULL);
+	*pp = q;
+	if (a)
+		{
+		EC_KEY_free(*a);
+		*a = key;
+		}
+	return(key);
+	}
+
+int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
+	{
+	EVP_PKEY *pktmp;
+	int ret;
+	if (!a)	return(0);
+	if ((pktmp = EVP_PKEY_new()) == NULL)
+		{
+		ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	EVP_PKEY_set1_EC_KEY(pktmp, a);
+	ret = i2d_PUBKEY(pktmp, pp);
+	EVP_PKEY_free(pktmp);
+	return(ret);
+	}
+#endif
diff --git a/crypto/asn1/x_req.c b/crypto/asn1/x_req.c
index a0df9982dc..b3f18ebc12 100644
--- a/crypto/asn1/x_req.c
+++ b/crypto/asn1/x_req.c
@@ -58,193 +58,55 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
-
-/*
- * ASN1err(ASN1_F_D2I_X509_REQ,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_X509_REQ_INFO,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_REQ_NEW,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_REQ_INFO_NEW,ERR_R_ASN1_LENGTH_MISMATCH);
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+/* X509_REQ_INFO is handled in an unusual way to get round
+ * invalid encodings. Some broken certificate requests don't
+ * encode the attributes field if it is empty. This is in
+ * violation of PKCS#10 but we need to tolerate it. We do
+ * this by making the attributes field OPTIONAL then using
+ * the callback to initialise it to an empty STACK. 
+ *
+ * This means that the field will be correctly encoded unless
+ * we NULL out the field.
+ *
+ * As a result we no longer need the req_kludge field because
+ * the information is now contained in the attributes field:
+ * 1. If it is NULL then it's the invalid omission.
+ * 2. If it is empty it is the correct encoding.
+ * 3. If it is not empty then some attributes are present.
+ *
  */
 
-int i2d_X509_REQ_INFO(a,pp)
-X509_REQ_INFO *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->version,		i2d_ASN1_INTEGER);
-	M_ASN1_I2D_len(a->subject,		i2d_X509_NAME);
-	M_ASN1_I2D_len(a->pubkey,		i2d_X509_PUBKEY);
-
-	/* this is a *nasty* hack reported to be required to
-	 * allow some CA Software to accept the cert request.
-	 * It is not following the PKCS standards ...
-	 * PKCS#10 pg 5
-	 * attributes [0] IMPLICIT Attibutes
-	 * NOTE: no OPTIONAL ... so it *must* be there
-	 */
-	if (a->req_kludge) 
-	        {
-	        M_ASN1_I2D_len_IMP_set_opt(a->attributes,i2d_X509_ATTRIBUTE,0);
-		}
-	else
-	        {
-	        M_ASN1_I2D_len_IMP_set(a->attributes,	i2d_X509_ATTRIBUTE,0);
-		}
-	
-	M_ASN1_I2D_seq_total();
-	M_ASN1_I2D_put(a->version,		i2d_ASN1_INTEGER);
-	M_ASN1_I2D_put(a->subject,		i2d_X509_NAME);
-	M_ASN1_I2D_put(a->pubkey,		i2d_X509_PUBKEY);
-
-	/* this is a *nasty* hack reported to be required by some CA's.
-	 * It is not following the PKCS standards ...
-	 * PKCS#10 pg 5
-	 * attributes [0] IMPLICIT Attibutes
-	 * NOTE: no OPTIONAL ... so it *must* be there
-	 */
-	if (a->req_kludge)
-		{
-	        M_ASN1_I2D_put_IMP_set_opt(a->attributes,i2d_X509_ATTRIBUTE,0);
-		}
-	else
-		{
-	        M_ASN1_I2D_put_IMP_set(a->attributes,i2d_X509_ATTRIBUTE,0);
-		}
+static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
 
-	M_ASN1_I2D_finish();
+	if(operation == ASN1_OP_NEW_POST) {
+		rinf->attributes = sk_X509_ATTRIBUTE_new_null();
+		if(!rinf->attributes) return 0;
 	}
-
-X509_REQ_INFO *d2i_X509_REQ_INFO(a,pp,length)
-X509_REQ_INFO **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,X509_REQ_INFO *,X509_REQ_INFO_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_get(ret->subject,d2i_X509_NAME);
-	M_ASN1_D2I_get(ret->pubkey,d2i_X509_PUBKEY);
-
-	/* this is a *nasty* hack to allow for some CA's that
-	 * have been reported as requiring it.
-	 * It is not following the PKCS standards ...
-	 * PKCS#10 pg 5
-	 * attributes [0] IMPLICIT Attibutes
-	 * NOTE: no OPTIONAL ... so it *must* be there
+	return 1;
+}
+
+ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {
+	ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER),
+	ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME),
+	ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY),
+	/* This isn't really OPTIONAL but it gets round invalid
+	 * encodings
 	 */
-	if (asn1_Finish(&c))
-		ret->req_kludge=1;
-	else
-		{
-		M_ASN1_D2I_get_IMP_set(ret->attributes,d2i_X509_ATTRIBUTE,
-			X509_ATTRIBUTE_free,0);
-		}
-
-	M_ASN1_D2I_Finish(a,X509_REQ_INFO_free,ASN1_F_D2I_X509_REQ_INFO);
-	}
-
-X509_REQ_INFO *X509_REQ_INFO_new()
-	{
-	X509_REQ_INFO *ret=NULL;
-	ASN1_CTX c;
+	ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO)
 
-	M_ASN1_New_Malloc(ret,X509_REQ_INFO);
-	M_ASN1_New(ret->version,ASN1_INTEGER_new);
-	M_ASN1_New(ret->subject,X509_NAME_new);
-	M_ASN1_New(ret->pubkey,X509_PUBKEY_new);
-	M_ASN1_New(ret->attributes,sk_new_null);
-	ret->req_kludge=0;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_REQ_INFO_NEW);
-	}
-	
-void X509_REQ_INFO_free(a)
-X509_REQ_INFO *a;
-	{
-	if (a == NULL) return;
-	ASN1_INTEGER_free(a->version);
-	X509_NAME_free(a->subject);
-	X509_PUBKEY_free(a->pubkey);
-	sk_pop_free(a->attributes,X509_ATTRIBUTE_free);
-	Free((char *)a);
-	}
-
-int i2d_X509_REQ(a,pp)
-X509_REQ *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-	M_ASN1_I2D_len(a->req_info,	i2d_X509_REQ_INFO);
-	M_ASN1_I2D_len(a->sig_alg,	i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->signature,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->req_info,	i2d_X509_REQ_INFO);
-	M_ASN1_I2D_put(a->sig_alg,	i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->signature,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_REQ *d2i_X509_REQ(a,pp,length)
-X509_REQ **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,X509_REQ *,X509_REQ_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->req_info,d2i_X509_REQ_INFO);
-	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
-	M_ASN1_D2I_Finish(a,X509_REQ_free,ASN1_F_D2I_X509_REQ);
-	}
-
-X509_REQ *X509_REQ_new()
-	{
-	X509_REQ *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_REQ);
-	ret->references=1;
-	M_ASN1_New(ret->req_info,X509_REQ_INFO_new);
-	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
-	M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_REQ_NEW);
-	}
-
-void X509_REQ_free(a)
-X509_REQ *a;
-	{
-	int i;
-
-	if (a == NULL) return;
-
-	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509_REQ);
-#ifdef REF_PRINT
-	REF_PRINT("X509_REQ",a);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"X509_REQ_free, bad reference count\n");
-		abort();
-		}
-#endif
-
-	X509_REQ_INFO_free(a->req_info);
-	X509_ALGOR_free(a->sig_alg);
-	ASN1_BIT_STRING_free(a->signature);
-	Free((char *)a);
-	}
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)
 
+ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_INFO) = {
+	ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO),
+	ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR),
+	ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ)
 
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ)
diff --git a/crypto/asn1/x_sig.c b/crypto/asn1/x_sig.c
index 245a76b0f0..42efa86c1c 100644
--- a/crypto/asn1/x_sig.c
+++ b/crypto/asn1/x_sig.c
@@ -58,63 +58,12 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-
-/*
- * ASN1err(ASN1_F_D2I_X509_SIG,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_SIG_NEW,ERR_R_ASN1_LENGTH_MISMATCH);
- */
-
-int i2d_X509_SIG(a,pp)
-X509_SIG *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->digest,	i2d_ASN1_OCTET_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->digest,	i2d_ASN1_OCTET_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_SIG *d2i_X509_SIG(a,pp,length)
-X509_SIG **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,X509_SIG *,X509_SIG_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->digest,d2i_ASN1_OCTET_STRING);
-	M_ASN1_D2I_Finish(a,X509_SIG_free,ASN1_F_D2I_X509_SIG);
-	}
-
-X509_SIG *X509_SIG_new()
-	{
-	X509_SIG *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_SIG);
-	M_ASN1_New(ret->algor,X509_ALGOR_new);
-	M_ASN1_New(ret->digest,ASN1_OCTET_STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_SIG_NEW);
-	}
-
-void X509_SIG_free(a)
-X509_SIG *a;
-	{
-	if (a == NULL) return;
-	X509_ALGOR_free(a->algor);
-	ASN1_OCTET_STRING_free(a->digest);
-	Free((char *)a);
-	}
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
 
+ASN1_SEQUENCE(X509_SIG) = {
+	ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
+	ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_SIG)
 
+IMPLEMENT_ASN1_FUNCTIONS(X509_SIG)
diff --git a/crypto/asn1/x_spki.c b/crypto/asn1/x_spki.c
index 5600d305a3..2aece077c5 100644
--- a/crypto/asn1/x_spki.c
+++ b/crypto/asn1/x_spki.c
@@ -57,127 +57,25 @@
  */
 
  /* This module was send to me my Pat Richards <patr@x509.com> who
-  * wrote it.  It is under my Copyright with his permision
+  * wrote it.  It is under my Copyright with his permission
   */
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "x509.h"
-#include "asn1_mac.h"
+#include <openssl/x509.h>
+#include <openssl/asn1t.h>
 
-/*
- * ASN1err(ASN1_F_D2I_NETSCAPE_SPKAC,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_NETSCAPE_SPKAC_NEW,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_NETSCAPE_SPKI,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_NETSCAPE_SPKI_NEW,ERR_R_ASN1_LENGTH_MISMATCH);
- */
-
-int i2d_NETSCAPE_SPKAC(a,pp)
-NETSCAPE_SPKAC *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->pubkey,	i2d_X509_PUBKEY);
-	M_ASN1_I2D_len(a->challenge,	i2d_ASN1_IA5STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->pubkey,	i2d_X509_PUBKEY);
-	M_ASN1_I2D_put(a->challenge,	i2d_ASN1_IA5STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(a,pp,length)
-NETSCAPE_SPKAC **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,NETSCAPE_SPKAC *,NETSCAPE_SPKAC_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->pubkey,d2i_X509_PUBKEY);
-	M_ASN1_D2I_get(ret->challenge,d2i_ASN1_IA5STRING);
-	M_ASN1_D2I_Finish(a,NETSCAPE_SPKAC_free,ASN1_F_D2I_NETSCAPE_SPKAC);
-	}
-
-NETSCAPE_SPKAC *NETSCAPE_SPKAC_new()
-	{
-	NETSCAPE_SPKAC *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,NETSCAPE_SPKAC);
-	M_ASN1_New(ret->pubkey,X509_PUBKEY_new);
-	M_ASN1_New(ret->challenge,ASN1_IA5STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_NETSCAPE_SPKAC_NEW);
-	}
-
-void NETSCAPE_SPKAC_free(a)
-NETSCAPE_SPKAC *a;
-	{
-	if (a == NULL) return;
-	X509_PUBKEY_free(a->pubkey);
-	ASN1_IA5STRING_free(a->challenge);
-	Free((char *)a);
-	}
-
-int i2d_NETSCAPE_SPKI(a,pp)
-NETSCAPE_SPKI *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->spkac,	i2d_NETSCAPE_SPKAC);
-	M_ASN1_I2D_len(a->sig_algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->signature,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->spkac,	i2d_NETSCAPE_SPKAC);
-	M_ASN1_I2D_put(a->sig_algor,	i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->signature,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(a,pp,length)
-NETSCAPE_SPKI **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,NETSCAPE_SPKI *,NETSCAPE_SPKI_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->spkac,d2i_NETSCAPE_SPKAC);
-	M_ASN1_D2I_get(ret->sig_algor,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
-	M_ASN1_D2I_Finish(a,NETSCAPE_SPKI_free,ASN1_F_D2I_NETSCAPE_SPKI);
-	}
-
-NETSCAPE_SPKI *NETSCAPE_SPKI_new()
-	{
-	NETSCAPE_SPKI *ret=NULL;
-	ASN1_CTX c;
+ASN1_SEQUENCE(NETSCAPE_SPKAC) = {
+	ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY),
+	ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_SPKAC)
 
-	M_ASN1_New_Malloc(ret,NETSCAPE_SPKI);
-	M_ASN1_New(ret->spkac,NETSCAPE_SPKAC_new);
-	M_ASN1_New(ret->sig_algor,X509_ALGOR_new);
-	M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_NETSCAPE_SPKI_NEW);
-	}
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
 
-void NETSCAPE_SPKI_free(a)
-NETSCAPE_SPKI *a;
-	{
-	if (a == NULL) return;
-	NETSCAPE_SPKAC_free(a->spkac);
-	X509_ALGOR_free(a->sig_algor);
-	ASN1_BIT_STRING_free(a->signature);
-	Free((char *)a);
-	}
+ASN1_SEQUENCE(NETSCAPE_SPKI) = {
+	ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC),
+	ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
+	ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_SPKI)
 
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKI)
diff --git a/crypto/asn1/x_val.c b/crypto/asn1/x_val.c
index 8d996e9950..dc17c67758 100644
--- a/crypto/asn1/x_val.c
+++ b/crypto/asn1/x_val.c
@@ -58,62 +58,12 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
 
-/* ASN1err(ASN1_F_X509_VAL_NEW,ERR_R_MALLOC_FAILURE);
- * ASN1err(ASN1_F_X509_VAL_FREE,ERR_R_MALLOC_FAILURE);
- * ASN1err(ASN1_F_D2I_X509_VAL,ERR_R_MALLOC_FAILURE);
- */
-
-int i2d_X509_VAL(a,pp)
-X509_VAL *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->notBefore,i2d_ASN1_UTCTIME);
-	M_ASN1_I2D_len(a->notAfter,i2d_ASN1_UTCTIME);
-
-	M_ASN1_I2D_seq_total();
-
-	M_ASN1_I2D_put(a->notBefore,i2d_ASN1_UTCTIME);
-	M_ASN1_I2D_put(a->notAfter,i2d_ASN1_UTCTIME);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509_VAL *d2i_X509_VAL(a,pp,length)
-X509_VAL **a;
-unsigned char **pp;
-long length;
-	{
-	M_ASN1_D2I_vars(a,X509_VAL *,X509_VAL_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->notBefore,d2i_ASN1_UTCTIME);
-	M_ASN1_D2I_get(ret->notAfter,d2i_ASN1_UTCTIME);
-	M_ASN1_D2I_Finish(a,X509_VAL_free,ASN1_F_D2I_X509_VAL);
-	}
-
-X509_VAL *X509_VAL_new()
-	{
-	X509_VAL *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509_VAL);
-	M_ASN1_New(ret->notBefore,ASN1_UTCTIME_new);
-	M_ASN1_New(ret->notAfter,ASN1_UTCTIME_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_VAL_NEW);
-	}
-
-void X509_VAL_free(a)
-X509_VAL *a;
-	{
-	if (a == NULL) return;
-	ASN1_UTCTIME_free(a->notBefore);
-	ASN1_UTCTIME_free(a->notAfter);
-	Free((char *)a);
-	}
+ASN1_SEQUENCE(X509_VAL) = {
+	ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME),
+	ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME)
+} ASN1_SEQUENCE_END(X509_VAL)
 
+IMPLEMENT_ASN1_FUNCTIONS(X509_VAL)
diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c
index e235abb231..b50167ce43 100644
--- a/crypto/asn1/x_x509.c
+++ b/crypto/asn1/x_x509.c
@@ -58,13 +58,72 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "asn1_mac.h"
+#include <openssl/evp.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(X509_CINF) = {
+	ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
+	ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
+	ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
+	ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
+	ASN1_SIMPLE(X509_CINF, validity, X509_VAL),
+	ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
+	ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
+	ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
+	ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
+	ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
+} ASN1_SEQUENCE_END(X509_CINF)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
+/* X509 top level structure needs a bit of customisation */
+
+static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	X509 *ret = (X509 *)*pval;
+
+	switch(operation) {
+
+		case ASN1_OP_NEW_POST:
+		ret->valid=0;
+		ret->name = NULL;
+		ret->ex_flags = 0;
+		ret->ex_pathlen = -1;
+		ret->skid = NULL;
+		ret->akid = NULL;
+		ret->aux = NULL;
+		CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+		break;
+
+		case ASN1_OP_D2I_POST:
+		if (ret->name != NULL) OPENSSL_free(ret->name);
+		ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
+		break;
+
+		case ASN1_OP_FREE_POST:
+		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+		X509_CERT_AUX_free(ret->aux);
+		ASN1_OCTET_STRING_free(ret->skid);
+		AUTHORITY_KEYID_free(ret->akid);
+
+		if (ret->name != NULL) OPENSSL_free(ret->name);
+		break;
 
-/*
- * ASN1err(ASN1_F_D2I_X509,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_X509_NEW,ERR_R_BAD_GET_ASN1_OBJECT_CALL);
- */
+	}
+
+	return 1;
+
+}
+
+ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
+	ASN1_SIMPLE(X509, cert_info, X509_CINF),
+	ASN1_SIMPLE(X509, sig_alg, X509_ALGOR),
+	ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509, X509)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509)
 
 static ASN1_METHOD meth={
 	(int (*)())  i2d_X509,
@@ -72,90 +131,59 @@ static ASN1_METHOD meth={
 	(char *(*)())X509_new,
 	(void (*)()) X509_free};
 
-ASN1_METHOD *X509_asn1_meth()
+ASN1_METHOD *X509_asn1_meth(void)
 	{
 	return(&meth);
 	}
 
-int i2d_X509(a,pp)
-X509 *a;
-unsigned char **pp;
-	{
-	M_ASN1_I2D_vars(a);
-
-	M_ASN1_I2D_len(a->cert_info,	i2d_X509_CINF);
-	M_ASN1_I2D_len(a->sig_alg,	i2d_X509_ALGOR);
-	M_ASN1_I2D_len(a->signature,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_seq_total();
+int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
+				new_func, dup_func, free_func);
+        }
 
-	M_ASN1_I2D_put(a->cert_info,	i2d_X509_CINF);
-	M_ASN1_I2D_put(a->sig_alg,	i2d_X509_ALGOR);
-	M_ASN1_I2D_put(a->signature,	i2d_ASN1_BIT_STRING);
-
-	M_ASN1_I2D_finish();
-	}
-
-X509 *d2i_X509(a,pp,length)
-X509 **a;
-unsigned char **pp;
-long length;
+int X509_set_ex_data(X509 *r, int idx, void *arg)
 	{
-	M_ASN1_D2I_vars(a,X509 *,X509_new);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF);
-	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
-	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
-if (ret->name != NULL) Free(ret->name);
-ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
-
-	M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);
+	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
 	}
 
-X509 *X509_new()
+void *X509_get_ex_data(X509 *r, int idx)
 	{
-	X509 *ret=NULL;
-	ASN1_CTX c;
-
-	M_ASN1_New_Malloc(ret,X509);
-	ret->references=1;
-	ret->valid=0;
-	ret->name=NULL;
-	M_ASN1_New(ret->cert_info,X509_CINF_new);
-	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
-	M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_NEW);
+	return(CRYPTO_get_ex_data(&r->ex_data,idx));
 	}
 
-void X509_free(a)
-X509 *a;
-	{
-	int i;
-
-	if (a == NULL) return;
-
-	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509);
-#ifdef REF_PRINT
-	REF_PRINT("X509",a);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"X509_free, bad reference count\n");
-		abort();
-		}
-#endif
-
-	/* CRYPTO_free_ex_data(bio_meth,(char *)a,&a->ex_data); */
-	X509_CINF_free(a->cert_info);
-	X509_ALGOR_free(a->sig_alg);
-	ASN1_BIT_STRING_free(a->signature);
-
-	if (a->name != NULL) Free(a->name);
-	Free((char *)a);
-	}
+/* X509_AUX ASN1 routines. X509_AUX is the name given to
+ * a certificate with extra info tagged on the end. Since these
+ * functions set how a certificate is trusted they should only
+ * be used when the certificate comes from a reliable source
+ * such as local storage.
+ *
+ */
 
+X509 *d2i_X509_AUX(X509 **a, unsigned char **pp, long length)
+{
+	unsigned char *q;
+	X509 *ret;
+	/* Save start position */
+	q = *pp;
+	ret = d2i_X509(a, pp, length);
+	/* If certificate unreadable then forget it */
+	if(!ret) return NULL;
+	/* update length */
+	length -= *pp - q;
+	if(!length) return ret;
+	if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err;
+	return ret;
+	err:
+	X509_free(ret);
+	return NULL;
+}
+
+int i2d_X509_AUX(X509 *a, unsigned char **pp)
+{
+	int length;
+	length = i2d_X509(a, pp);
+	if(a) length += i2d_X509_CERT_AUX(a->aux, pp);
+	return length;
+}
diff --git a/crypto/asn1/x_x509a.c b/crypto/asn1/x_x509a.c
new file mode 100644
index 0000000000..13db5fd03f
--- /dev/null
+++ b/crypto/asn1/x_x509a.c
@@ -0,0 +1,180 @@
+/* a_x509a.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+/* X509_CERT_AUX routines. These are used to encode additional
+ * user modifiable data about a certificate. This data is
+ * appended to the X509 encoding when the *_X509_AUX routines
+ * are used. This means that the "traditional" X509 routines
+ * will simply ignore the extra data. 
+ */
+
+static X509_CERT_AUX *aux_get(X509 *x);
+
+ASN1_SEQUENCE(X509_CERT_AUX) = {
+	ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
+	ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
+	ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
+	ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
+	ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
+} ASN1_SEQUENCE_END(X509_CERT_AUX)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
+
+static X509_CERT_AUX *aux_get(X509 *x)
+{
+	if(!x) return NULL;
+	if(!x->aux && !(x->aux = X509_CERT_AUX_new())) return NULL;
+	return x->aux;
+}
+
+int X509_alias_set1(X509 *x, unsigned char *name, int len)
+{
+	X509_CERT_AUX *aux;
+	if (!name)
+		{
+		if (!x || !x->aux || !x->aux->alias)
+			return 1;
+		ASN1_UTF8STRING_free(x->aux->alias);
+		x->aux->alias = NULL;
+		return 1;
+		}
+	if(!(aux = aux_get(x))) return 0;
+	if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0;
+	return ASN1_STRING_set(aux->alias, name, len);
+}
+
+int X509_keyid_set1(X509 *x, unsigned char *id, int len)
+{
+	X509_CERT_AUX *aux;
+	if (!id)
+		{
+		if (!x || !x->aux || !x->aux->keyid)
+			return 1;
+		ASN1_OCTET_STRING_free(x->aux->keyid);
+		x->aux->keyid = NULL;
+		return 1;
+		}
+	if(!(aux = aux_get(x))) return 0;
+	if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0;
+	return ASN1_STRING_set(aux->keyid, id, len);
+}
+
+unsigned char *X509_alias_get0(X509 *x, int *len)
+{
+	if(!x->aux || !x->aux->alias) return NULL;
+	if(len) *len = x->aux->alias->length;
+	return x->aux->alias->data;
+}
+
+unsigned char *X509_keyid_get0(X509 *x, int *len)
+{
+	if(!x->aux || !x->aux->keyid) return NULL;
+	if(len) *len = x->aux->keyid->length;
+	return x->aux->keyid->data;
+}
+
+int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
+{
+	X509_CERT_AUX *aux;
+	ASN1_OBJECT *objtmp;
+	if(!(objtmp = OBJ_dup(obj))) return 0;
+	if(!(aux = aux_get(x))) return 0;
+	if(!aux->trust
+		&& !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0;
+	return sk_ASN1_OBJECT_push(aux->trust, objtmp);
+}
+
+int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
+{
+	X509_CERT_AUX *aux;
+	ASN1_OBJECT *objtmp;
+	if(!(objtmp = OBJ_dup(obj))) return 0;
+	if(!(aux = aux_get(x))) return 0;
+	if(!aux->reject
+		&& !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0;
+	return sk_ASN1_OBJECT_push(aux->reject, objtmp);
+}
+
+void X509_trust_clear(X509 *x)
+{
+	if(x->aux && x->aux->trust) {
+		sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
+		x->aux->trust = NULL;
+	}
+}
+
+void X509_reject_clear(X509 *x)
+{
+	if(x->aux && x->aux->reject) {
+		sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
+		x->aux->reject = NULL;
+	}
+}
+
+ASN1_SEQUENCE(X509_CERT_PAIR) = {
+	ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0),
+	ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1)
+} ASN1_SEQUENCE_END(X509_CERT_PAIR)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR)
diff --git a/crypto/bf/.cvsignore b/crypto/bf/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/bf/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/bf/Makefile.ssl b/crypto/bf/Makefile.ssl
index 22aa4ca6f5..bd3cedc4f8 100644
--- a/crypto/bf/Makefile.ssl
+++ b/crypto/bf/Makefile.ssl
@@ -8,9 +8,12 @@ CC=	cc
 CPP=	$(CC) -E
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -42,12 +45,12 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 # elf
 asm/bx86-elf.o: asm/bx86unix.cpp
-	$(CPP) -DELF asm/bx86unix.cpp | as -o asm/bx86-elf.o
+	$(CPP) -DELF -x c asm/bx86unix.cpp | as -o asm/bx86-elf.o
 
 # solaris
 asm/bx86-sol.o: asm/bx86unix.cpp
@@ -63,25 +66,25 @@ asm/bx86-out.o: asm/bx86unix.cpp
 asm/bx86bsdi.o: asm/bx86unix.cpp
 	$(CPP) -DBSDI asm/bx86unix.cpp | sed 's/ :/:/' | as -o asm/bx86bsdi.o
 
-asm/bx86unix.cpp:
-	(cd asm; perl bf-586.pl cpp >bx86unix.cpp)
+asm/bx86unix.cpp: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+	(cd asm; $(PERL) bf-586.pl cpp $(PROCESSOR) >bx86unix.cpp)
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/point.sh ../../doc/blowfish.doc blowfish.doc ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
-
-install:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install: installs
+
+installs:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -93,15 +96,25 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f asm/bx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bf_cfb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_cfb64.o: ../../include/openssl/opensslconf.h bf_cfb64.c bf_locl.h
+bf_ecb.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bf_ecb.o: bf_ecb.c bf_locl.h
+bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h
+bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c
+bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
+bf_skey.o: ../../include/openssl/opensslconf.h bf_locl.h bf_pi.h bf_skey.c
diff --git a/crypto/bf/Makefile.uni b/crypto/bf/Makefile.uni
deleted file mode 100644
index 9ba5b0c854..0000000000
--- a/crypto/bf/Makefile.uni
+++ /dev/null
@@ -1,169 +0,0 @@
-# Targets
-# make          - twidle the options yourself :-)
-# make cc       - standard cc options
-# make gcc      - standard gcc options
-# make x86-elf  - linux-elf etc
-# make x86-out  - linux-a.out, FreeBSD etc
-# make x86-solaris
-# make x86-bdsi
-
-DIR=	bf
-TOP=	.
-# use BF_PTR2 for intel boxes,
-# BF_PTR for sparc and MIPS/SGI
-# use nothing for Alpha and HP.
-
-# There are 3 possible performance options, experiment :-)
-#OPTS= -DBF_PTR  # usr for sparc and MIPS/SGI
-#OPTS= -DBF_PTR2 # use for pentium
-OPTS=		 # use for pentium pro, Alpha and HP
-
-MAKE=make -f Makefile
-#CC=cc
-#CFLAG= -O
-
-CC=gcc
-#CFLAG= -O4 -funroll-loops -fomit-frame-pointer
-CFLAG= -O3 -fomit-frame-pointer
-
-CFLAGS=$(OPTS) $(CFLAG)
-CPP=$(CC) -E
-AS=as
-
-# Assember version of bf_encrypt().
-BF_ENC=bf_enc.o		# normal C version
-#BF_ENC=asm/bx86-elf.o	# elf format x86
-#BF_ENC=asm/bx86-out.o	# a.out format x86
-#BF_ENC=asm/bx86-sol.o	# solaris format x86 
-#BF_ENC=asm/bx86bsdi.o	# bsdi format x86 
-
-LIBDIR=/usr/local/lib
-BINDIR=/usr/local/bin
-INCDIR=/usr/local/include
-MANDIR=/usr/local/man
-MAN1=1
-MAN3=3
-SHELL=/bin/sh
-LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o
-LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c
-
-GENERAL=Makefile Makefile.ssl Makefile.uni asm bf_locl.org README \
-	COPYRIGHT blowfish.doc INSTALL
-
-TESTING=    bftest bfspeed bf_opts
-TESTING_SRC=bftest.c bfspeed.c bf_opts.c
-HEADERS=bf_locl.h blowfish.h bf_pi.h
-
-ALL=	$(GENERAL) $(TESTING_SRC) $(LIBSRC) $(HEADERS)
-
-BLIB=	libblowfish.a
-
-all: $(BLIB) $(TESTING)
-
-cc:
-	$(MAKE) CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all
-
-gcc:
-	$(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all
-
-x86-elf:
-	$(MAKE) BF_ENC='asm/bx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
-
-x86-out:
-	$(MAKE) BF_ENC='asm/bx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
-
-x86-solaris:
-	$(MAKE) BF_ENC='asm/bx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
-
-x86-bsdi:
-	$(MAKE) BF_ENC='asm/bx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
-
-# elf
-asm/bx86-elf.o: asm/bx86unix.cpp
-	$(CPP) -DELF asm/bx86unix.cpp | $(AS) -o asm/bx86-elf.o
-
-# solaris
-asm/bx86-sol.o: asm/bx86unix.cpp
-	$(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s
-	as -o asm/bx86-sol.o asm/bx86-sol.s
-	rm -f asm/bx86-sol.s
-
-# a.out
-asm/bx86-out.o: asm/bx86unix.cpp
-	$(CPP) -DOUT asm/bx86unix.cpp | $(AS) -o asm/bx86-out.o
-
-# bsdi
-asm/bx86bsdi.o: asm/bx86unix.cpp
-	$(CPP) -DBSDI asm/bx86unix.cpp | $(AS) -o asm/bx86bsdi.o
-
-asm/bx86unix.cpp:
-	(cd asm; perl bf-586.pl cpp >bx86unix.cpp)
-	
-test:	all
-	./bftest
-
-$(BLIB): $(LIBOBJ)
-	/bin/rm -f $(BLIB)
-	ar cr $(BLIB) $(LIBOBJ)
-	-if test -s /bin/ranlib; then /bin/ranlib $(BLIB); \
-	else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(BLIB); \
-	else exit 0; fi; fi
-
-bftest: bftest.o $(BLIB)
-	$(CC) $(CFLAGS) -o bftest bftest.o $(BLIB)
-
-bfspeed: bfspeed.o $(BLIB)
-	$(CC) $(CFLAGS) -o bfspeed bfspeed.o $(BLIB)
-
-bf_opts: bf_opts.o $(BLIB)
-	$(CC) $(CFLAGS) -o bf_opts bf_opts.o $(BLIB)
-
-tags:
-	ctags $(TESTING_SRC) $(LIBBF)
-
-tar:
-	tar chf libbf.tar $(ALL)
-
-shar:
-	shar $(ALL) >libbf.shar
-
-depend:
-	makedepend $(LIBBF) $(TESTING_SRC)
-
-clean:
-	/bin/rm -f *.o tags core $(TESTING) $(BLIB) .nfs* *.old *.bak asm/*.o 
-
-dclean:
-	sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new
-	mv -f Makefile.new Makefile
-
-# Eric is probably going to choke when he next looks at this --tjh
-install: $(BLIB)
-	if test $(INSTALLTOP); then \
-	    echo SSL style install; \
-	    cp $(BLIB) $(INSTALLTOP)/lib; \
-	    if test -s /bin/ranlib; then \
-	        /bin/ranlib $(INSTALLTOP)/lib/$(BLIB); \
-	    else \
-		if test -s /usr/bin/ranlib; then \
-		/usr/bin/ranlib $(INSTALLTOP)/lib/$(BLIB); \
-	    fi; fi; \
-	    chmod 644 $(INSTALLTOP)/lib/$(BLIB); \
-	    cp blowfish.h $(INSTALLTOP)/include; \
-	    chmod 644 $(INSTALLTOP)/include/blowfish.h; \
-	else \
-	    echo Standalone install; \
-	    cp $(BLIB) $(LIBDIR)/$(BLIB); \
-	    if test -s /bin/ranlib; then \
-	      /bin/ranlib $(LIBDIR)/$(BLIB); \
-	    else \
-	      if test -s /usr/bin/ranlib; then \
-		/usr/bin/ranlib $(LIBDIR)/$(BLIB); \
-	      fi; \
-	    fi; \
-	    chmod 644 $(LIBDIR)/$(BLIB); \
-	    cp blowfish.h $(INCDIR)/blowfish.h; \
-	    chmod 644 $(INCDIR)/blowfish.h; \
-	fi
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/bf/asm/.cvsignore b/crypto/bf/asm/.cvsignore
new file mode 100644
index 0000000000..9505a25ec6
--- /dev/null
+++ b/crypto/bf/asm/.cvsignore
@@ -0,0 +1 @@
+bx86unix.cpp
diff --git a/crypto/bf/asm/b-win32.asm b/crypto/bf/asm/b-win32.asm
deleted file mode 100644
index 138c99d0aa..0000000000
--- a/crypto/bf/asm/b-win32.asm
+++ /dev/null
@@ -1,906 +0,0 @@
-	; Don't even think of reading this code
-	; It was automatically generated by bf-586.pl
-	; Which is a perl program used to generate the x86 assember for
-	; any of elf, a.out, BSDI,Win32, or Solaris
-	; eric <eay@cryptsoft.com>
-	; 
-	TITLE	bf-586.asm
-        .486
-.model FLAT
-_TEXT	SEGMENT
-PUBLIC	_BF_encrypt
-
-_BF_encrypt PROC NEAR
-	; 
-	push	ebp
-	push	ebx
-	mov	ebx,		DWORD PTR 12[esp]
-	mov	ebp,		DWORD PTR 16[esp]
-	push	esi
-	push	edi
-	; Load the 2 words
-	mov	edi,		DWORD PTR [ebx]
-	mov	esi,		DWORD PTR 4[ebx]
-	xor	eax,		eax
-	mov	ebx,		DWORD PTR [ebp]
-	xor	ecx,		ecx
-	xor	edi,		ebx
-	; 
-	; Round 0
-	mov	edx,		DWORD PTR 4[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 1
-	mov	edx,		DWORD PTR 8[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 2
-	mov	edx,		DWORD PTR 12[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 3
-	mov	edx,		DWORD PTR 16[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 4
-	mov	edx,		DWORD PTR 20[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 5
-	mov	edx,		DWORD PTR 24[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 6
-	mov	edx,		DWORD PTR 28[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 7
-	mov	edx,		DWORD PTR 32[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 8
-	mov	edx,		DWORD PTR 36[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 9
-	mov	edx,		DWORD PTR 40[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 10
-	mov	edx,		DWORD PTR 44[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 11
-	mov	edx,		DWORD PTR 48[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 12
-	mov	edx,		DWORD PTR 52[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 13
-	mov	edx,		DWORD PTR 56[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 14
-	mov	edx,		DWORD PTR 60[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 15
-	mov	edx,		DWORD PTR 64[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	; Load parameter 0 (16) enc=1
-	mov	eax,		DWORD PTR 20[esp]
-	xor	edi,		ebx
-	mov	edx,		DWORD PTR 68[ebp]
-	xor	esi,		edx
-	mov	DWORD PTR 4[eax],edi
-	mov	DWORD PTR [eax],esi
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-_BF_encrypt ENDP
-_TEXT	ENDS
-_TEXT	SEGMENT
-PUBLIC	_BF_decrypt
-
-_BF_decrypt PROC NEAR
-	; 
-	push	ebp
-	push	ebx
-	mov	ebx,		DWORD PTR 12[esp]
-	mov	ebp,		DWORD PTR 16[esp]
-	push	esi
-	push	edi
-	; Load the 2 words
-	mov	edi,		DWORD PTR [ebx]
-	mov	esi,		DWORD PTR 4[ebx]
-	xor	eax,		eax
-	mov	ebx,		DWORD PTR 68[ebp]
-	xor	ecx,		ecx
-	xor	edi,		ebx
-	; 
-	; Round 16
-	mov	edx,		DWORD PTR 64[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 15
-	mov	edx,		DWORD PTR 60[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 14
-	mov	edx,		DWORD PTR 56[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 13
-	mov	edx,		DWORD PTR 52[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 12
-	mov	edx,		DWORD PTR 48[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 11
-	mov	edx,		DWORD PTR 44[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 10
-	mov	edx,		DWORD PTR 40[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 9
-	mov	edx,		DWORD PTR 36[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 8
-	mov	edx,		DWORD PTR 32[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 7
-	mov	edx,		DWORD PTR 28[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 6
-	mov	edx,		DWORD PTR 24[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 5
-	mov	edx,		DWORD PTR 20[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 4
-	mov	edx,		DWORD PTR 16[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 3
-	mov	edx,		DWORD PTR 12[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	edi,		ebx
-	; 
-	; Round 2
-	mov	edx,		DWORD PTR 8[ebp]
-	mov	ebx,		edi
-	xor	esi,		edx
-	shr	ebx,		16
-	mov	edx,		edi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	xor	eax,		eax
-	xor	esi,		ebx
-	; 
-	; Round 1
-	mov	edx,		DWORD PTR 4[ebp]
-	mov	ebx,		esi
-	xor	edi,		edx
-	shr	ebx,		16
-	mov	edx,		esi
-	mov	al,		bh
-	and	ebx,		255
-	mov	cl,		dh
-	and	edx,		255
-	mov	eax,		DWORD PTR 72[eax*4+ebp]
-	mov	ebx,		DWORD PTR 1096[ebx*4+ebp]
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 2120[ecx*4+ebp]
-	xor	ebx,		eax
-	mov	edx,		DWORD PTR 3144[edx*4+ebp]
-	add	ebx,		edx
-	; Load parameter 0 (1) enc=0
-	mov	eax,		DWORD PTR 20[esp]
-	xor	edi,		ebx
-	mov	edx,		DWORD PTR [ebp]
-	xor	esi,		edx
-	mov	DWORD PTR 4[eax],edi
-	mov	DWORD PTR [eax],esi
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-_BF_decrypt ENDP
-_TEXT	ENDS
-_TEXT	SEGMENT
-PUBLIC	_BF_cbc_encrypt
-
-_BF_cbc_encrypt PROC NEAR
-	; 
-	push	ebp
-	push	ebx
-	push	esi
-	push	edi
-	mov	ebp,		DWORD PTR 28[esp]
-	; getting iv ptr from parameter 4
-	mov	ebx,		DWORD PTR 36[esp]
-	mov	esi,		DWORD PTR [ebx]
-	mov	edi,		DWORD PTR 4[ebx]
-	push	edi
-	push	esi
-	push	edi
-	push	esi
-	mov	ebx,		esp
-	mov	esi,		DWORD PTR 36[esp]
-	mov	edi,		DWORD PTR 40[esp]
-	; getting encrypt flag from parameter 5
-	mov	ecx,		DWORD PTR 56[esp]
-	; get and push parameter 3
-	mov	eax,		DWORD PTR 48[esp]
-	push	eax
-	push	ebx
-	cmp	ecx,		0
-	jz	$L000decrypt
-	and	ebp,		4294967288
-	mov	eax,		DWORD PTR 8[esp]
-	mov	ebx,		DWORD PTR 12[esp]
-	jz	$L001encrypt_finish
-L002encrypt_loop:
-	mov	ecx,		DWORD PTR [esi]
-	mov	edx,		DWORD PTR 4[esi]
-	xor	eax,		ecx
-	xor	ebx,		edx
-	bswap	eax
-	bswap	ebx
-	mov	DWORD PTR 8[esp],eax
-	mov	DWORD PTR 12[esp],ebx
-	call	_BF_encrypt
-	mov	eax,		DWORD PTR 8[esp]
-	mov	ebx,		DWORD PTR 12[esp]
-	bswap	eax
-	bswap	ebx
-	mov	DWORD PTR [edi],eax
-	mov	DWORD PTR 4[edi],ebx
-	add	esi,		8
-	add	edi,		8
-	sub	ebp,		8
-	jnz	L002encrypt_loop
-$L001encrypt_finish:
-	mov	ebp,		DWORD PTR 52[esp]
-	and	ebp,		7
-	jz	$L003finish
-	xor	ecx,		ecx
-	xor	edx,		edx
-	mov	ebp,		DWORD PTR $L004cbc_enc_jmp_table[ebp*4]
-	jmp	 ebp
-L005ej7:
-	mov	dh,		BYTE PTR 6[esi]
-	shl	edx,		8
-L006ej6:
-	mov	dh,		BYTE PTR 5[esi]
-L007ej5:
-	mov	dl,		BYTE PTR 4[esi]
-L008ej4:
-	mov	ecx,		DWORD PTR [esi]
-	jmp	$L009ejend
-L010ej3:
-	mov	ch,		BYTE PTR 2[esi]
-	shl	ecx,		8
-L011ej2:
-	mov	ch,		BYTE PTR 1[esi]
-L012ej1:
-	mov	cl,		BYTE PTR [esi]
-$L009ejend:
-	xor	eax,		ecx
-	xor	ebx,		edx
-	bswap	eax
-	bswap	ebx
-	mov	DWORD PTR 8[esp],eax
-	mov	DWORD PTR 12[esp],ebx
-	call	_BF_encrypt
-	mov	eax,		DWORD PTR 8[esp]
-	mov	ebx,		DWORD PTR 12[esp]
-	bswap	eax
-	bswap	ebx
-	mov	DWORD PTR [edi],eax
-	mov	DWORD PTR 4[edi],ebx
-	jmp	$L003finish
-$L000decrypt:
-	and	ebp,		4294967288
-	mov	eax,		DWORD PTR 16[esp]
-	mov	ebx,		DWORD PTR 20[esp]
-	jz	$L013decrypt_finish
-L014decrypt_loop:
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-	bswap	eax
-	bswap	ebx
-	mov	DWORD PTR 8[esp],eax
-	mov	DWORD PTR 12[esp],ebx
-	call	_BF_decrypt
-	mov	eax,		DWORD PTR 8[esp]
-	mov	ebx,		DWORD PTR 12[esp]
-	bswap	eax
-	bswap	ebx
-	mov	ecx,		DWORD PTR 16[esp]
-	mov	edx,		DWORD PTR 20[esp]
-	xor	ecx,		eax
-	xor	edx,		ebx
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-	mov	DWORD PTR [edi],ecx
-	mov	DWORD PTR 4[edi],edx
-	mov	DWORD PTR 16[esp],eax
-	mov	DWORD PTR 20[esp],ebx
-	add	esi,		8
-	add	edi,		8
-	sub	ebp,		8
-	jnz	L014decrypt_loop
-$L013decrypt_finish:
-	mov	ebp,		DWORD PTR 52[esp]
-	and	ebp,		7
-	jz	$L003finish
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-	bswap	eax
-	bswap	ebx
-	mov	DWORD PTR 8[esp],eax
-	mov	DWORD PTR 12[esp],ebx
-	call	_BF_decrypt
-	mov	eax,		DWORD PTR 8[esp]
-	mov	ebx,		DWORD PTR 12[esp]
-	bswap	eax
-	bswap	ebx
-	mov	ecx,		DWORD PTR 16[esp]
-	mov	edx,		DWORD PTR 20[esp]
-	xor	ecx,		eax
-	xor	edx,		ebx
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-L015dj7:
-	ror	edx,		16
-	mov	BYTE PTR 6[edi],dl
-	shr	edx,		16
-L016dj6:
-	mov	BYTE PTR 5[edi],dh
-L017dj5:
-	mov	BYTE PTR 4[edi],dl
-L018dj4:
-	mov	DWORD PTR [edi],ecx
-	jmp	$L019djend
-L020dj3:
-	ror	ecx,		16
-	mov	BYTE PTR 2[edi],cl
-	shl	ecx,		16
-L021dj2:
-	mov	BYTE PTR 1[esi],ch
-L022dj1:
-	mov	BYTE PTR [esi],	cl
-$L019djend:
-	jmp	$L003finish
-$L003finish:
-	mov	ecx,		DWORD PTR 60[esp]
-	add	esp,		24
-	mov	DWORD PTR [ecx],eax
-	mov	DWORD PTR 4[ecx],ebx
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-$L004cbc_enc_jmp_table:
-	DD	0
-	DD	L012ej1
-	DD	L011ej2
-	DD	L010ej3
-	DD	L008ej4
-	DD	L007ej5
-	DD	L006ej6
-	DD	L005ej7
-L023cbc_dec_jmp_table:
-	DD	0
-	DD	L022dj1
-	DD	L021dj2
-	DD	L020dj3
-	DD	L018dj4
-	DD	L017dj5
-	DD	L016dj6
-	DD	L015dj7
-_BF_cbc_encrypt ENDP
-_TEXT	ENDS
-END
diff --git a/crypto/bf/asm/bf-586.pl b/crypto/bf/asm/bf-586.pl
index 252abb710d..b556642c94 100644
--- a/crypto/bf/asm/bf-586.pl
+++ b/crypto/bf/asm/bf-586.pl
@@ -4,7 +4,7 @@ push(@INC,"perlasm","../../perlasm");
 require "x86asm.pl";
 require "cbc.pl";
 
-&asm_init($ARGV[0],"bf-586.pl");
+&asm_init($ARGV[0],"bf-586.pl",$ARGV[$#ARGV] eq "386");
 
 $BF_ROUNDS=16;
 $BF_OFF=($BF_ROUNDS+2)*4;
diff --git a/crypto/bf/asm/bf-686.pl b/crypto/bf/asm/bf-686.pl
index 7a62f67161..8e4c25f598 100644
--- a/crypto/bf/asm/bf-686.pl
+++ b/crypto/bf/asm/bf-686.pl
@@ -1,5 +1,4 @@
 #!/usr/local/bin/perl
-#!/usr/local/bin/perl
 
 push(@INC,"perlasm","../../perlasm");
 require "x86asm.pl";
diff --git a/crypto/bf/asm/bf586.pl b/crypto/bf/asm/bf586.pl
deleted file mode 100644
index bcb53cf3f5..0000000000
--- a/crypto/bf/asm/bf586.pl
+++ /dev/null
@@ -1,159 +0,0 @@
-#!/usr/local/bin/perl
-#!/usr/local/bin/perl

-

-$prog="bf586.pl";

-

-# base code is in microsft

-# op dest, source

-# format.

-#

-

-if (	($ARGV[0] eq "elf"))

-	{ require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "a.out"))

-	{ $aout=1; require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "sol"))

-	{ $sol=1; require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "cpp"))

-	{ $cpp=1; require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "win32"))

-	{ require "x86ms.pl"; }

-else

-	{

-	print STDERR <<"EOF";

-Pick one target type from

-	elf	- linux, FreeBSD etc

-	a.out	- old linux

-	sol	- x86 solaris

-	cpp	- format so x86unix.cpp can be used

-	win32	- Windows 95/Windows NT

-EOF

-	exit(1);

-	}

-

-&comment("Don't even think of reading this code");

-&comment("It was automatically generated by $prog");

-&comment("Which is a perl program used to generate the x86 assember for");

-&comment("any of elf, a.out, Win32, or Solaris");

-&comment("It can be found in SSLeay 0.7.0+");

-&comment("eric <eay\@cryptsoft.com>");

-&comment("");

-

-&file("bfx86xxxx");

-

-$BF_ROUNDS=16;

-$BF_OFF=($BF_ROUNDS+2)*4;

-$L="ecx";

-$R="edx";

-$P="edi";

-$tot="esi";

-$tmp1="eax";

-$tmp2="ebx";

-$tmp3="ebp";

-

-&des_encrypt("BF_encrypt");

-

-&file_end();

-

-sub des_encrypt

-	{

-	local($name)=@_;

-

-	&function_begin($name,3,"");

-

-	&comment("");

-	&comment("Load the 2 words");

-	&mov("eax",&wparam(0));

-	&mov($L,&DWP(0,"eax","",0));

-	&mov($R,&DWP(4,"eax","",0));

-

-	&comment("");

-	&comment("P pointer, s and enc flag");

-	&mov($P,&wparam(1));

-

-	&xor(	$tmp1,	$tmp1);

-	&xor(	$tmp2,	$tmp2);

-

-	# encrypting part

-

-	&mov("ebp",&wparam(2));	# get encrypt flag

-	&cmp("ebp","0");

-	&je(&label("start_decrypt"));

-

-	&xor($L,&DWP(0,$P,"",0));

-	for ($i=0; $i<$BF_ROUNDS; $i+=2)

-		{

-		&comment("");

-		&comment("Round $i");

-		&BF_ENCRYPT($i+1,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3);

-

-		&comment("");

-		&comment("Round ".sprintf("%d",$i+1));

-		&BF_ENCRYPT($i+2,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3);

-		}

-	&xor($R,&DWP(($BF_ROUNDS+1)*4,$P,"",0));

-

-	&mov("eax",&wparam(0));

-	&mov(&DWP(0,"eax","",0),$R);

-	&mov(&DWP(4,"eax","",0),$L);

-	&function_end_A($name);

-

-	&set_label("start_decrypt");

-

-	&xor($L,&DWP(($BF_ROUNDS+1)*4,$P,"",0));

-	for ($i=$BF_ROUNDS; $i>0; $i-=2)

-		{

-		&comment("");

-		&comment("Round $i");

-		&BF_ENCRYPT($i,$R,$L,$P,$tot,$tmp1,$tmp2,$tmp3);

-		&comment("");

-		&comment("Round ".sprintf("%d",$i-1));

-		&BF_ENCRYPT($i-1,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3);

-		}

-	&xor($R,&DWP(0,$P,"",0));

-

-	&mov("eax",&wparam(0));

-	&mov(&DWP(0,"eax","",0),$R);

-	&mov(&DWP(4,"eax","",0),$L);

-	&function_end_A($name);

-

-	&function_end_B($name);

-	}

-

-sub BF_ENCRYPT

-	{

-	local($i,$L,$R,$P,$tot,$tmp1,$tmp2,$tmp3)=@_;

-

-	&rotr(	$R,		16);

-	&mov(	$tot,		&DWP(&n2a($i*4),$P,"",0));

-

-	&movb(	&LB($tmp1),	&HB($R));

-	&movb(	&LB($tmp2),	&LB($R));

-

-	&rotr(	$R,		16);

-	&xor(	$L,		$tot);

-

-	&mov(	$tot,		&DWP(&n2a($BF_OFF+0x0000),$P,$tmp1,4));

-	&mov(	$tmp3,		&DWP(&n2a($BF_OFF+0x0400),$P,$tmp2,4));

-

-	&movb(	&LB($tmp1),	&HB($R));

-	&movb(	&LB($tmp2),	&LB($R));

-

-	&add(	$tot,		$tmp3);

-	&mov(	$tmp1,		&DWP(&n2a($BF_OFF+0x0800),$P,$tmp1,4)); # delay

-

-	&xor(	$tot,		$tmp1);

-	&mov(	$tmp3,		&DWP(&n2a($BF_OFF+0x0C00),$P,$tmp2,4));

-

-	&add(	$tot,		$tmp3);

-	&xor(	$tmp1,		$tmp1);

-

-	&xor(	$L,		$tot);					

-	# delay

-	}

-

-sub n2a

-	{

-	sprintf("%d",$_[0]);

-	}

-

diff --git a/crypto/bf/asm/bx86-cpp.s b/crypto/bf/asm/bx86-cpp.s
deleted file mode 100644
index 0925137a6d..0000000000
--- a/crypto/bf/asm/bx86-cpp.s
+++ /dev/null
@@ -1,666 +0,0 @@
-	/* Don't even think of reading this code */
-	/* It was automatically generated by bf586.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, Win32, or Solaris */
-	/* It can be found in SSLeay 0.7.0+ */
-	/* eric <eay@cryptsoft.com> */
-
-	.file	"bfx86xxxx.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl BF_encrypt
-	TYPE(BF_encrypt,@function)
-BF_encrypt:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	/* Load the 2 words */
-	movl	20(%esp),	%eax
-	movl	(%eax),		%ecx
-	movl	4(%eax),	%edx
-
-	/* P pointer, s and enc flag */
-	movl	24(%esp),	%edi
-	xorl	%eax,		%eax
-	xorl	%ebx,		%ebx
-	movl	28(%esp),	%ebp
-	cmpl	$0,		%ebp
-	je	.L000start_decrypt
-	xorl	(%edi),		%ecx
-
-	/* Round 0 */
-	rorl	$16,		%ecx
-	movl	4(%edi),	%esi
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	rorl	$16,		%ecx
-	xorl	%esi,		%edx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%edx
-
-	/* Round 1 */
-	rorl	$16,		%edx
-	movl	8(%edi),	%esi
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	rorl	$16,		%edx
-	xorl	%esi,		%ecx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%ecx
-
-	/* Round 2 */
-	rorl	$16,		%ecx
-	movl	12(%edi),	%esi
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	rorl	$16,		%ecx
-	xorl	%esi,		%edx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%edx
-
-	/* Round 3 */
-	rorl	$16,		%edx
-	movl	16(%edi),	%esi
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	rorl	$16,		%edx
-	xorl	%esi,		%ecx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%ecx
-
-	/* Round 4 */
-	rorl	$16,		%ecx
-	movl	20(%edi),	%esi
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	rorl	$16,		%ecx
-	xorl	%esi,		%edx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%edx
-
-	/* Round 5 */
-	rorl	$16,		%edx
-	movl	24(%edi),	%esi
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	rorl	$16,		%edx
-	xorl	%esi,		%ecx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%ecx
-
-	/* Round 6 */
-	rorl	$16,		%ecx
-	movl	28(%edi),	%esi
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	rorl	$16,		%ecx
-	xorl	%esi,		%edx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%edx
-
-	/* Round 7 */
-	rorl	$16,		%edx
-	movl	32(%edi),	%esi
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	rorl	$16,		%edx
-	xorl	%esi,		%ecx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%ecx
-
-	/* Round 8 */
-	rorl	$16,		%ecx
-	movl	36(%edi),	%esi
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	rorl	$16,		%ecx
-	xorl	%esi,		%edx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%edx
-
-	/* Round 9 */
-	rorl	$16,		%edx
-	movl	40(%edi),	%esi
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	rorl	$16,		%edx
-	xorl	%esi,		%ecx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%ecx
-
-	/* Round 10 */
-	rorl	$16,		%ecx
-	movl	44(%edi),	%esi
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	rorl	$16,		%ecx
-	xorl	%esi,		%edx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%edx
-
-	/* Round 11 */
-	rorl	$16,		%edx
-	movl	48(%edi),	%esi
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	rorl	$16,		%edx
-	xorl	%esi,		%ecx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%ecx
-
-	/* Round 12 */
-	rorl	$16,		%ecx
-	movl	52(%edi),	%esi
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	rorl	$16,		%ecx
-	xorl	%esi,		%edx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%edx
-
-	/* Round 13 */
-	rorl	$16,		%edx
-	movl	56(%edi),	%esi
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	rorl	$16,		%edx
-	xorl	%esi,		%ecx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%ecx
-
-	/* Round 14 */
-	rorl	$16,		%ecx
-	movl	60(%edi),	%esi
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	rorl	$16,		%ecx
-	xorl	%esi,		%edx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%edx
-
-	/* Round 15 */
-	rorl	$16,		%edx
-	movl	64(%edi),	%esi
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	rorl	$16,		%edx
-	xorl	%esi,		%ecx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%ecx
-	xorl	68(%edi),	%edx
-	movl	20(%esp),	%eax
-	movl	%edx,		(%eax)
-	movl	%ecx,		4(%eax)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.align ALIGN
-.L000start_decrypt:
-	xorl	68(%edi),	%ecx
-
-	/* Round 16 */
-	rorl	$16,		%ecx
-	movl	64(%edi),	%esi
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	rorl	$16,		%ecx
-	xorl	%esi,		%edx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%edx
-
-	/* Round 15 */
-	rorl	$16,		%edx
-	movl	60(%edi),	%esi
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	rorl	$16,		%edx
-	xorl	%esi,		%ecx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%ecx
-
-	/* Round 14 */
-	rorl	$16,		%ecx
-	movl	56(%edi),	%esi
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	rorl	$16,		%ecx
-	xorl	%esi,		%edx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%edx
-
-	/* Round 13 */
-	rorl	$16,		%edx
-	movl	52(%edi),	%esi
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	rorl	$16,		%edx
-	xorl	%esi,		%ecx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%ecx
-
-	/* Round 12 */
-	rorl	$16,		%ecx
-	movl	48(%edi),	%esi
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	rorl	$16,		%ecx
-	xorl	%esi,		%edx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%edx
-
-	/* Round 11 */
-	rorl	$16,		%edx
-	movl	44(%edi),	%esi
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	rorl	$16,		%edx
-	xorl	%esi,		%ecx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%ecx
-
-	/* Round 10 */
-	rorl	$16,		%ecx
-	movl	40(%edi),	%esi
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	rorl	$16,		%ecx
-	xorl	%esi,		%edx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%edx
-
-	/* Round 9 */
-	rorl	$16,		%edx
-	movl	36(%edi),	%esi
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	rorl	$16,		%edx
-	xorl	%esi,		%ecx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%ecx
-
-	/* Round 8 */
-	rorl	$16,		%ecx
-	movl	32(%edi),	%esi
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	rorl	$16,		%ecx
-	xorl	%esi,		%edx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%edx
-
-	/* Round 7 */
-	rorl	$16,		%edx
-	movl	28(%edi),	%esi
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	rorl	$16,		%edx
-	xorl	%esi,		%ecx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%ecx
-
-	/* Round 6 */
-	rorl	$16,		%ecx
-	movl	24(%edi),	%esi
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	rorl	$16,		%ecx
-	xorl	%esi,		%edx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%edx
-
-	/* Round 5 */
-	rorl	$16,		%edx
-	movl	20(%edi),	%esi
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	rorl	$16,		%edx
-	xorl	%esi,		%ecx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%ecx
-
-	/* Round 4 */
-	rorl	$16,		%ecx
-	movl	16(%edi),	%esi
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	rorl	$16,		%ecx
-	xorl	%esi,		%edx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%edx
-
-	/* Round 3 */
-	rorl	$16,		%edx
-	movl	12(%edi),	%esi
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	rorl	$16,		%edx
-	xorl	%esi,		%ecx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%ecx
-
-	/* Round 2 */
-	rorl	$16,		%ecx
-	movl	8(%edi),	%esi
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	rorl	$16,		%ecx
-	xorl	%esi,		%edx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%ch,		%al
-	movb	%cl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%edx
-
-	/* Round 1 */
-	rorl	$16,		%edx
-	movl	4(%edi),	%esi
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	rorl	$16,		%edx
-	xorl	%esi,		%ecx
-	movl	72(%edi,%eax,4),%esi
-	movl	1096(%edi,%ebx,4),%ebp
-	movb	%dh,		%al
-	movb	%dl,		%bl
-	addl	%ebp,		%esi
-	movl	2120(%edi,%eax,4),%eax
-	xorl	%eax,		%esi
-	movl	3144(%edi,%ebx,4),%ebp
-	addl	%ebp,		%esi
-	xorl	%eax,		%eax
-	xorl	%esi,		%ecx
-	xorl	(%edi),		%edx
-	movl	20(%esp),	%eax
-	movl	%edx,		(%eax)
-	movl	%ecx,		4(%eax)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.BF_encrypt_end:
-	SIZE(BF_encrypt,.BF_encrypt_end-BF_encrypt)
-.ident	"desasm.pl"
diff --git a/crypto/bf/asm/bx86unix.cpp b/crypto/bf/asm/bx86unix.cpp
deleted file mode 100644
index cdaa269378..0000000000
--- a/crypto/bf/asm/bx86unix.cpp
+++ /dev/null
@@ -1,976 +0,0 @@
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-
-#if defined(OUT) || defined(BSDI)
-#define BF_encrypt _BF_encrypt
-#define BF_decrypt _BF_decrypt
-#define BF_cbc_encrypt _BF_cbc_encrypt
-
-#endif
-
-#ifdef OUT
-#define OK	1
-#define ALIGN	4
-#endif
-
-#ifdef BSDI
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-/* Let the Assembler begin :-) */
-	/* Don't even think of reading this code */
-	/* It was automatically generated by bf-586.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, BSDI,Win32, or Solaris */
-	/* eric <eay@cryptsoft.com> */
-
-	.file	"bf-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl BF_encrypt
-	TYPE(BF_encrypt,@function)
-BF_encrypt:
-
-	pushl	%ebp
-	pushl	%ebx
-	movl	12(%esp),	%ebx
-	movl	16(%esp),	%ebp
-	pushl	%esi
-	pushl	%edi
-	/* Load the 2 words */
-	movl	(%ebx),		%edi
-	movl	4(%ebx),	%esi
-	xorl	%eax,		%eax
-	movl	(%ebp),		%ebx
-	xorl	%ecx,		%ecx
-	xorl	%ebx,		%edi
-
-	/* Round 0 */
-	movl	4(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 1 */
-	movl	8(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 2 */
-	movl	12(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 3 */
-	movl	16(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 4 */
-	movl	20(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 5 */
-	movl	24(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 6 */
-	movl	28(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 7 */
-	movl	32(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 8 */
-	movl	36(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 9 */
-	movl	40(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 10 */
-	movl	44(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 11 */
-	movl	48(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 12 */
-	movl	52(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 13 */
-	movl	56(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 14 */
-	movl	60(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 15 */
-	movl	64(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	/* Load parameter 0 (16) enc=1 */
-	movl	20(%esp),	%eax
-	xorl	%ebx,		%edi
-	movl	68(%ebp),	%edx
-	xorl	%edx,		%esi
-	movl	%edi,		4(%eax)
-	movl	%esi,		(%eax)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.BF_encrypt_end:
-	SIZE(BF_encrypt,.BF_encrypt_end-BF_encrypt)
-.ident	"BF_encrypt"
-.text
-	.align ALIGN
-.globl BF_decrypt
-	TYPE(BF_decrypt,@function)
-BF_decrypt:
-
-	pushl	%ebp
-	pushl	%ebx
-	movl	12(%esp),	%ebx
-	movl	16(%esp),	%ebp
-	pushl	%esi
-	pushl	%edi
-	/* Load the 2 words */
-	movl	(%ebx),		%edi
-	movl	4(%ebx),	%esi
-	xorl	%eax,		%eax
-	movl	68(%ebp),	%ebx
-	xorl	%ecx,		%ecx
-	xorl	%ebx,		%edi
-
-	/* Round 16 */
-	movl	64(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 15 */
-	movl	60(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 14 */
-	movl	56(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 13 */
-	movl	52(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 12 */
-	movl	48(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 11 */
-	movl	44(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 10 */
-	movl	40(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 9 */
-	movl	36(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 8 */
-	movl	32(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 7 */
-	movl	28(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 6 */
-	movl	24(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 5 */
-	movl	20(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 4 */
-	movl	16(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 3 */
-	movl	12(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%edi
-
-	/* Round 2 */
-	movl	8(%ebp),	%edx
-	movl	%edi,		%ebx
-	xorl	%edx,		%esi
-	shrl	$16,		%ebx
-	movl	%edi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	xorl	%eax,		%eax
-	xorl	%ebx,		%esi
-
-	/* Round 1 */
-	movl	4(%ebp),	%edx
-	movl	%esi,		%ebx
-	xorl	%edx,		%edi
-	shrl	$16,		%ebx
-	movl	%esi,		%edx
-	movb	%bh,		%al
-	andl	$255,		%ebx
-	movb	%dh,		%cl
-	andl	$255,		%edx
-	movl	72(%ebp,%eax,4),%eax
-	movl	1096(%ebp,%ebx,4),%ebx
-	addl	%eax,		%ebx
-	movl	2120(%ebp,%ecx,4),%eax
-	xorl	%eax,		%ebx
-	movl	3144(%ebp,%edx,4),%edx
-	addl	%edx,		%ebx
-	/* Load parameter 0 (1) enc=0 */
-	movl	20(%esp),	%eax
-	xorl	%ebx,		%edi
-	movl	(%ebp),		%edx
-	xorl	%edx,		%esi
-	movl	%edi,		4(%eax)
-	movl	%esi,		(%eax)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.BF_decrypt_end:
-	SIZE(BF_decrypt,.BF_decrypt_end-BF_decrypt)
-.ident	"BF_decrypt"
-.text
-	.align ALIGN
-.globl BF_cbc_encrypt
-	TYPE(BF_cbc_encrypt,@function)
-BF_cbc_encrypt:
-
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	28(%esp),	%ebp
-	/* getting iv ptr from parameter 4 */
-	movl	36(%esp),	%ebx
-	movl	(%ebx),		%esi
-	movl	4(%ebx),	%edi
-	pushl	%edi
-	pushl	%esi
-	pushl	%edi
-	pushl	%esi
-	movl	%esp,		%ebx
-	movl	36(%esp),	%esi
-	movl	40(%esp),	%edi
-	/* getting encrypt flag from parameter 5 */
-	movl	56(%esp),	%ecx
-	/* get and push parameter 3 */
-	movl	48(%esp),	%eax
-	pushl	%eax
-	pushl	%ebx
-	cmpl	$0,		%ecx
-	jz	.L000decrypt
-	andl	$4294967288,	%ebp
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-	jz	.L001encrypt_finish
-.L002encrypt_loop:
-	movl	(%esi),		%ecx
-	movl	4(%esi),	%edx
-	xorl	%ecx,		%eax
-	xorl	%edx,		%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	BF_encrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		(%edi)
-	movl	%ebx,		4(%edi)
-	addl	$8,		%esi
-	addl	$8,		%edi
-	subl	$8,		%ebp
-	jnz	.L002encrypt_loop
-.L001encrypt_finish:
-	movl	52(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L003finish
-	xorl	%ecx,		%ecx
-	xorl	%edx,		%edx
-	movl	.L004cbc_enc_jmp_table(,%ebp,4),%ebp
-	jmp	*%ebp
-.L005ej7:
-	movb	6(%esi),	%dh
-	sall	$8,		%edx
-.L006ej6:
-	movb	5(%esi),	%dh
-.L007ej5:
-	movb	4(%esi),	%dl
-.L008ej4:
-	movl	(%esi),		%ecx
-	jmp	.L009ejend
-.L010ej3:
-	movb	2(%esi),	%ch
-	sall	$8,		%ecx
-.L011ej2:
-	movb	1(%esi),	%ch
-.L012ej1:
-	movb	(%esi),		%cl
-.L009ejend:
-	xorl	%ecx,		%eax
-	xorl	%edx,		%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	BF_encrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		(%edi)
-	movl	%ebx,		4(%edi)
-	jmp	.L003finish
-.align ALIGN
-.L000decrypt:
-	andl	$4294967288,	%ebp
-	movl	16(%esp),	%eax
-	movl	20(%esp),	%ebx
-	jz	.L013decrypt_finish
-.L014decrypt_loop:
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	BF_decrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	16(%esp),	%ecx
-	movl	20(%esp),	%edx
-	xorl	%eax,		%ecx
-	xorl	%ebx,		%edx
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%ecx,		(%edi)
-	movl	%edx,		4(%edi)
-	movl	%eax,		16(%esp)
-	movl	%ebx,		20(%esp)
-	addl	$8,		%esi
-	addl	$8,		%edi
-	subl	$8,		%ebp
-	jnz	.L014decrypt_loop
-.L013decrypt_finish:
-	movl	52(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L003finish
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	BF_decrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	16(%esp),	%ecx
-	movl	20(%esp),	%edx
-	xorl	%eax,		%ecx
-	xorl	%ebx,		%edx
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-.L015dj7:
-	rorl	$16,		%edx
-	movb	%dl,		6(%edi)
-	shrl	$16,		%edx
-.L016dj6:
-	movb	%dh,		5(%edi)
-.L017dj5:
-	movb	%dl,		4(%edi)
-.L018dj4:
-	movl	%ecx,		(%edi)
-	jmp	.L019djend
-.L020dj3:
-	rorl	$16,		%ecx
-	movb	%cl,		2(%edi)
-	sall	$16,		%ecx
-.L021dj2:
-	movb	%ch,		1(%esi)
-.L022dj1:
-	movb	%cl,		(%esi)
-.L019djend:
-	jmp	.L003finish
-.align ALIGN
-.L003finish:
-	movl	60(%esp),	%ecx
-	addl	$24,		%esp
-	movl	%eax,		(%ecx)
-	movl	%ebx,		4(%ecx)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.align ALIGN
-.L004cbc_enc_jmp_table:
-	.long 0
-	.long .L012ej1
-	.long .L011ej2
-	.long .L010ej3
-	.long .L008ej4
-	.long .L007ej5
-	.long .L006ej6
-	.long .L005ej7
-.align ALIGN
-.L023cbc_dec_jmp_table:
-	.long 0
-	.long .L022dj1
-	.long .L021dj2
-	.long .L020dj3
-	.long .L018dj4
-	.long .L017dj5
-	.long .L016dj6
-	.long .L015dj7
-.BF_cbc_encrypt_end:
-	SIZE(BF_cbc_encrypt,.BF_cbc_encrypt_end-BF_cbc_encrypt)
-.ident	"desasm.pl"
diff --git a/crypto/bf/asm/win32.asm b/crypto/bf/asm/win32.asm
deleted file mode 100644
index 6d2333f323..0000000000
--- a/crypto/bf/asm/win32.asm
+++ /dev/null
@@ -1,663 +0,0 @@
-	; Don't even think of reading this code
-	; It was automatically generated by bf586.pl
-	; Which is a perl program used to generate the x86 assember for
-	; any of elf, a.out, Win32, or Solaris
-	; It can be found in SSLeay 0.7.0+
-	; eric <eay@cryptsoft.com>
-	; 
-	TITLE	bfx86xxxx.asm
-        .386
-.model FLAT
-_TEXT	SEGMENT
-PUBLIC	_BF_encrypt
-EXTRN	_des_SPtrans:DWORD
-_BF_encrypt PROC NEAR
-	push	ebp
-	push	ebx
-	push	esi
-	push	edi
-	; 
-	; Load the 2 words
-	mov	eax,		DWORD PTR 20[esp]
-	mov	ecx,		DWORD PTR [eax]
-	mov	edx,		DWORD PTR 4[eax]
-	; 
-	; P pointer, s and enc flag
-	mov	edi,		DWORD PTR 24[esp]
-	xor	eax,		eax
-	xor	ebx,		ebx
-	mov	ebp,		DWORD PTR 28[esp]
-	cmp	ebp,		0
-	je	$L000start_decrypt
-	xor	ecx,		DWORD PTR [edi]
-	; 
-	; Round 0
-	ror	ecx,		16
-	mov	esi,		DWORD PTR 4[edi]
-	mov	al,		ch
-	mov	bl,		cl
-	ror	ecx,		16
-	xor	edx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		ch
-	mov	bl,		cl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	edx,		esi
-	; 
-	; Round 1
-	ror	edx,		16
-	mov	esi,		DWORD PTR 8[edi]
-	mov	al,		dh
-	mov	bl,		dl
-	ror	edx,		16
-	xor	ecx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		dh
-	mov	bl,		dl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	ecx,		esi
-	; 
-	; Round 2
-	ror	ecx,		16
-	mov	esi,		DWORD PTR 12[edi]
-	mov	al,		ch
-	mov	bl,		cl
-	ror	ecx,		16
-	xor	edx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		ch
-	mov	bl,		cl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	edx,		esi
-	; 
-	; Round 3
-	ror	edx,		16
-	mov	esi,		DWORD PTR 16[edi]
-	mov	al,		dh
-	mov	bl,		dl
-	ror	edx,		16
-	xor	ecx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		dh
-	mov	bl,		dl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	ecx,		esi
-	; 
-	; Round 4
-	ror	ecx,		16
-	mov	esi,		DWORD PTR 20[edi]
-	mov	al,		ch
-	mov	bl,		cl
-	ror	ecx,		16
-	xor	edx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		ch
-	mov	bl,		cl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	edx,		esi
-	; 
-	; Round 5
-	ror	edx,		16
-	mov	esi,		DWORD PTR 24[edi]
-	mov	al,		dh
-	mov	bl,		dl
-	ror	edx,		16
-	xor	ecx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		dh
-	mov	bl,		dl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	ecx,		esi
-	; 
-	; Round 6
-	ror	ecx,		16
-	mov	esi,		DWORD PTR 28[edi]
-	mov	al,		ch
-	mov	bl,		cl
-	ror	ecx,		16
-	xor	edx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		ch
-	mov	bl,		cl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	edx,		esi
-	; 
-	; Round 7
-	ror	edx,		16
-	mov	esi,		DWORD PTR 32[edi]
-	mov	al,		dh
-	mov	bl,		dl
-	ror	edx,		16
-	xor	ecx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		dh
-	mov	bl,		dl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	ecx,		esi
-	; 
-	; Round 8
-	ror	ecx,		16
-	mov	esi,		DWORD PTR 36[edi]
-	mov	al,		ch
-	mov	bl,		cl
-	ror	ecx,		16
-	xor	edx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		ch
-	mov	bl,		cl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	edx,		esi
-	; 
-	; Round 9
-	ror	edx,		16
-	mov	esi,		DWORD PTR 40[edi]
-	mov	al,		dh
-	mov	bl,		dl
-	ror	edx,		16
-	xor	ecx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		dh
-	mov	bl,		dl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	ecx,		esi
-	; 
-	; Round 10
-	ror	ecx,		16
-	mov	esi,		DWORD PTR 44[edi]
-	mov	al,		ch
-	mov	bl,		cl
-	ror	ecx,		16
-	xor	edx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		ch
-	mov	bl,		cl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	edx,		esi
-	; 
-	; Round 11
-	ror	edx,		16
-	mov	esi,		DWORD PTR 48[edi]
-	mov	al,		dh
-	mov	bl,		dl
-	ror	edx,		16
-	xor	ecx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		dh
-	mov	bl,		dl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	ecx,		esi
-	; 
-	; Round 12
-	ror	ecx,		16
-	mov	esi,		DWORD PTR 52[edi]
-	mov	al,		ch
-	mov	bl,		cl
-	ror	ecx,		16
-	xor	edx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		ch
-	mov	bl,		cl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	edx,		esi
-	; 
-	; Round 13
-	ror	edx,		16
-	mov	esi,		DWORD PTR 56[edi]
-	mov	al,		dh
-	mov	bl,		dl
-	ror	edx,		16
-	xor	ecx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		dh
-	mov	bl,		dl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	ecx,		esi
-	; 
-	; Round 14
-	ror	ecx,		16
-	mov	esi,		DWORD PTR 60[edi]
-	mov	al,		ch
-	mov	bl,		cl
-	ror	ecx,		16
-	xor	edx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		ch
-	mov	bl,		cl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	edx,		esi
-	; 
-	; Round 15
-	ror	edx,		16
-	mov	esi,		DWORD PTR 64[edi]
-	mov	al,		dh
-	mov	bl,		dl
-	ror	edx,		16
-	xor	ecx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		dh
-	mov	bl,		dl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	ecx,		esi
-	xor	edx,		DWORD PTR 68[edi]
-	mov	eax,		DWORD PTR 20[esp]
-	mov	DWORD PTR [eax],edx
-	mov	DWORD PTR 4[eax],ecx
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-$L000start_decrypt:
-	xor	ecx,		DWORD PTR 68[edi]
-	; 
-	; Round 16
-	ror	ecx,		16
-	mov	esi,		DWORD PTR 64[edi]
-	mov	al,		ch
-	mov	bl,		cl
-	ror	ecx,		16
-	xor	edx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		ch
-	mov	bl,		cl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	edx,		esi
-	; 
-	; Round 15
-	ror	edx,		16
-	mov	esi,		DWORD PTR 60[edi]
-	mov	al,		dh
-	mov	bl,		dl
-	ror	edx,		16
-	xor	ecx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		dh
-	mov	bl,		dl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	ecx,		esi
-	; 
-	; Round 14
-	ror	ecx,		16
-	mov	esi,		DWORD PTR 56[edi]
-	mov	al,		ch
-	mov	bl,		cl
-	ror	ecx,		16
-	xor	edx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		ch
-	mov	bl,		cl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	edx,		esi
-	; 
-	; Round 13
-	ror	edx,		16
-	mov	esi,		DWORD PTR 52[edi]
-	mov	al,		dh
-	mov	bl,		dl
-	ror	edx,		16
-	xor	ecx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		dh
-	mov	bl,		dl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	ecx,		esi
-	; 
-	; Round 12
-	ror	ecx,		16
-	mov	esi,		DWORD PTR 48[edi]
-	mov	al,		ch
-	mov	bl,		cl
-	ror	ecx,		16
-	xor	edx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		ch
-	mov	bl,		cl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	edx,		esi
-	; 
-	; Round 11
-	ror	edx,		16
-	mov	esi,		DWORD PTR 44[edi]
-	mov	al,		dh
-	mov	bl,		dl
-	ror	edx,		16
-	xor	ecx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		dh
-	mov	bl,		dl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	ecx,		esi
-	; 
-	; Round 10
-	ror	ecx,		16
-	mov	esi,		DWORD PTR 40[edi]
-	mov	al,		ch
-	mov	bl,		cl
-	ror	ecx,		16
-	xor	edx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		ch
-	mov	bl,		cl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	edx,		esi
-	; 
-	; Round 9
-	ror	edx,		16
-	mov	esi,		DWORD PTR 36[edi]
-	mov	al,		dh
-	mov	bl,		dl
-	ror	edx,		16
-	xor	ecx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		dh
-	mov	bl,		dl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	ecx,		esi
-	; 
-	; Round 8
-	ror	ecx,		16
-	mov	esi,		DWORD PTR 32[edi]
-	mov	al,		ch
-	mov	bl,		cl
-	ror	ecx,		16
-	xor	edx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		ch
-	mov	bl,		cl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	edx,		esi
-	; 
-	; Round 7
-	ror	edx,		16
-	mov	esi,		DWORD PTR 28[edi]
-	mov	al,		dh
-	mov	bl,		dl
-	ror	edx,		16
-	xor	ecx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		dh
-	mov	bl,		dl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	ecx,		esi
-	; 
-	; Round 6
-	ror	ecx,		16
-	mov	esi,		DWORD PTR 24[edi]
-	mov	al,		ch
-	mov	bl,		cl
-	ror	ecx,		16
-	xor	edx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		ch
-	mov	bl,		cl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	edx,		esi
-	; 
-	; Round 5
-	ror	edx,		16
-	mov	esi,		DWORD PTR 20[edi]
-	mov	al,		dh
-	mov	bl,		dl
-	ror	edx,		16
-	xor	ecx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		dh
-	mov	bl,		dl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	ecx,		esi
-	; 
-	; Round 4
-	ror	ecx,		16
-	mov	esi,		DWORD PTR 16[edi]
-	mov	al,		ch
-	mov	bl,		cl
-	ror	ecx,		16
-	xor	edx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		ch
-	mov	bl,		cl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	edx,		esi
-	; 
-	; Round 3
-	ror	edx,		16
-	mov	esi,		DWORD PTR 12[edi]
-	mov	al,		dh
-	mov	bl,		dl
-	ror	edx,		16
-	xor	ecx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		dh
-	mov	bl,		dl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	ecx,		esi
-	; 
-	; Round 2
-	ror	ecx,		16
-	mov	esi,		DWORD PTR 8[edi]
-	mov	al,		ch
-	mov	bl,		cl
-	ror	ecx,		16
-	xor	edx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		ch
-	mov	bl,		cl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	edx,		esi
-	; 
-	; Round 1
-	ror	edx,		16
-	mov	esi,		DWORD PTR 4[edi]
-	mov	al,		dh
-	mov	bl,		dl
-	ror	edx,		16
-	xor	ecx,		esi
-	mov	esi,		DWORD PTR 72[eax*4+edi]
-	mov	ebp,		DWORD PTR 1096[ebx*4+edi]
-	mov	al,		dh
-	mov	bl,		dl
-	add	esi,		ebp
-	mov	eax,		DWORD PTR 2120[eax*4+edi]
-	xor	esi,		eax
-	mov	ebp,		DWORD PTR 3144[ebx*4+edi]
-	add	esi,		ebp
-	xor	eax,		eax
-	xor	ecx,		esi
-	xor	edx,		DWORD PTR [edi]
-	mov	eax,		DWORD PTR 20[esp]
-	mov	DWORD PTR [eax],edx
-	mov	DWORD PTR 4[eax],ecx
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-_BF_encrypt ENDP
-_TEXT	ENDS
-END
diff --git a/crypto/bf/bf_cbc.c b/crypto/bf/bf_cbc.c
index e0fa9ad763..f949629dc6 100644
--- a/crypto/bf/bf_cbc.c
+++ b/crypto/bf/bf_cbc.c
@@ -56,16 +56,11 @@
  * [including the GNU Public Licence.]
  */
 
-#include "blowfish.h"
+#include <openssl/blowfish.h>
 #include "bf_locl.h"
 
-void BF_cbc_encrypt(in, out, length, ks, iv, encrypt)
-unsigned char *in;
-unsigned char *out;
-long length;
-BF_KEY *ks;
-unsigned char *iv;
-int encrypt;
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+	     const BF_KEY *schedule, unsigned char *ivec, int encrypt)
 	{
 	register BF_LONG tin0,tin1;
 	register BF_LONG tout0,tout1,xor0,xor1;
@@ -74,9 +69,9 @@ int encrypt;
 
 	if (encrypt)
 		{
-		n2l(iv,tout0);
-		n2l(iv,tout1);
-		iv-=8;
+		n2l(ivec,tout0);
+		n2l(ivec,tout1);
+		ivec-=8;
 		for (l-=8; l>=0; l-=8)
 			{
 			n2l(in,tin0);
@@ -85,7 +80,7 @@ int encrypt;
 			tin1^=tout1;
 			tin[0]=tin0;
 			tin[1]=tin1;
-			BF_encrypt(tin,ks);
+			BF_encrypt(tin,schedule);
 			tout0=tin[0];
 			tout1=tin[1];
 			l2n(tout0,out);
@@ -98,27 +93,27 @@ int encrypt;
 			tin1^=tout1;
 			tin[0]=tin0;
 			tin[1]=tin1;
-			BF_encrypt(tin,ks);
+			BF_encrypt(tin,schedule);
 			tout0=tin[0];
 			tout1=tin[1];
 			l2n(tout0,out);
 			l2n(tout1,out);
 			}
-		l2n(tout0,iv);
-		l2n(tout1,iv);
+		l2n(tout0,ivec);
+		l2n(tout1,ivec);
 		}
 	else
 		{
-		n2l(iv,xor0);
-		n2l(iv,xor1);
-		iv-=8;
+		n2l(ivec,xor0);
+		n2l(ivec,xor1);
+		ivec-=8;
 		for (l-=8; l>=0; l-=8)
 			{
 			n2l(in,tin0);
 			n2l(in,tin1);
 			tin[0]=tin0;
 			tin[1]=tin1;
-			BF_decrypt(tin,ks);
+			BF_decrypt(tin,schedule);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			l2n(tout0,out);
@@ -132,15 +127,15 @@ int encrypt;
 			n2l(in,tin1);
 			tin[0]=tin0;
 			tin[1]=tin1;
-			BF_decrypt(tin,ks);
+			BF_decrypt(tin,schedule);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			l2nn(tout0,tout1,out,l+8);
 			xor0=tin0;
 			xor1=tin1;
 			}
-		l2n(xor0,iv);
-		l2n(xor1,iv);
+		l2n(xor0,ivec);
+		l2n(xor1,ivec);
 		}
 	tin0=tin1=tout0=tout1=xor0=xor1=0;
 	tin[0]=tin[1]=0;
diff --git a/crypto/bf/bf_cfb64.c b/crypto/bf/bf_cfb64.c
index f9c66e7ced..6451c8d407 100644
--- a/crypto/bf/bf_cfb64.c
+++ b/crypto/bf/bf_cfb64.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#include "blowfish.h"
+#include <openssl/blowfish.h>
 #include "bf_locl.h"
 
 /* The input and output encrypted as though 64bit cfb mode is being
@@ -64,14 +64,8 @@
  * 64bit block we have used is contained in *num;
  */
 
-void BF_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt)
-unsigned char *in;
-unsigned char *out;
-long length;
-BF_KEY *schedule;
-unsigned char *ivec;
-int *num;
-int encrypt;
+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
+	     const BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt)
 	{
 	register BF_LONG v0,v1,t;
 	register int n= *num;
diff --git a/crypto/bf/bf_ecb.c b/crypto/bf/bf_ecb.c
index 3b534ac038..341991636f 100644
--- a/crypto/bf/bf_ecb.c
+++ b/crypto/bf/bf_ecb.c
@@ -56,17 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
-#include "blowfish.h"
+#include <openssl/blowfish.h>
 #include "bf_locl.h"
+#include <openssl/opensslv.h>
 
 /* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
- * (From LECTURE NOTES IN COIMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
+ * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
  * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
  */
 
-char *BF_version="BlowFish part of SSLeay 0.9.1a 06-Jul-1998";
+const char *BF_version="Blowfish" OPENSSL_VERSION_PTEXT;
 
-char *BF_options()
+const char *BF_options(void)
 	{
 #ifdef BF_PTR
 	return("blowfish(ptr)");
@@ -77,20 +78,17 @@ char *BF_options()
 #endif
 	}
 
-void BF_ecb_encrypt(in, out, ks, encrypt)
-unsigned char *in;
-unsigned char *out;
-BF_KEY *ks;
-int encrypt;
+void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+	     const BF_KEY *key, int encrypt)
 	{
 	BF_LONG l,d[2];
 
 	n2l(in,l); d[0]=l;
 	n2l(in,l); d[1]=l;
 	if (encrypt)
-		BF_encrypt(d,ks);
+		BF_encrypt(d,key);
 	else
-		BF_decrypt(d,ks);
+		BF_decrypt(d,key);
 	l=d[0]; l2n(l,out);
 	l=d[1]; l2n(l,out);
 	l=d[0]=d[1]=0;
diff --git a/crypto/bf/bf_enc.c b/crypto/bf/bf_enc.c
index 66a8604c59..b380acf959 100644
--- a/crypto/bf/bf_enc.c
+++ b/crypto/bf/bf_enc.c
@@ -56,24 +56,24 @@
  * [including the GNU Public Licence.]
  */
 
-#include "blowfish.h"
+#include <openssl/blowfish.h>
 #include "bf_locl.h"
 
 /* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
- * (From LECTURE NOTES IN COIMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
+ * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
  * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
  */
 
 #if (BF_ROUNDS != 16) && (BF_ROUNDS != 20)
-If you set BF_ROUNDS to some value other than 16 or 20, you will have
+#error If you set BF_ROUNDS to some value other than 16 or 20, you will have \
 to modify the code.
 #endif
 
-void BF_encrypt(data,key)
-BF_LONG *data;
-BF_KEY *key;
+void BF_encrypt(BF_LONG *data, const BF_KEY *key)
 	{
-	register BF_LONG l,r,*p,*s;
+#ifndef BF_PTR2
+	register BF_LONG l,r;
+    const register BF_LONG *p,*s;
 
 	p=key->P;
 	s= &(key->S[0]);
@@ -107,15 +107,50 @@ BF_KEY *key;
 
 	data[1]=l&0xffffffffL;
 	data[0]=r&0xffffffffL;
+#else
+	register BF_LONG l,r,t,*k;
+
+	l=data[0];
+	r=data[1];
+	k=(BF_LONG*)key;
+
+	l^=k[0];
+	BF_ENC(r,l,k, 1);
+	BF_ENC(l,r,k, 2);
+	BF_ENC(r,l,k, 3);
+	BF_ENC(l,r,k, 4);
+	BF_ENC(r,l,k, 5);
+	BF_ENC(l,r,k, 6);
+	BF_ENC(r,l,k, 7);
+	BF_ENC(l,r,k, 8);
+	BF_ENC(r,l,k, 9);
+	BF_ENC(l,r,k,10);
+	BF_ENC(r,l,k,11);
+	BF_ENC(l,r,k,12);
+	BF_ENC(r,l,k,13);
+	BF_ENC(l,r,k,14);
+	BF_ENC(r,l,k,15);
+	BF_ENC(l,r,k,16);
+#if BF_ROUNDS == 20
+	BF_ENC(r,l,k,17);
+	BF_ENC(l,r,k,18);
+	BF_ENC(r,l,k,19);
+	BF_ENC(l,r,k,20);
+#endif
+	r^=k[BF_ROUNDS+1];
+
+	data[1]=l&0xffffffffL;
+	data[0]=r&0xffffffffL;
+#endif
 	}
 
 #ifndef BF_DEFAULT_OPTIONS
 
-void BF_decrypt(data,key)
-BF_LONG *data;
-BF_KEY *key;
+void BF_decrypt(BF_LONG *data, const BF_KEY *key)
 	{
-	register BF_LONG l,r,*p,*s;
+#ifndef BF_PTR2
+	register BF_LONG l,r;
+    const register BF_LONG *p,*s;
 
 	p=key->P;
 	s= &(key->S[0]);
@@ -149,15 +184,45 @@ BF_KEY *key;
 
 	data[1]=l&0xffffffffL;
 	data[0]=r&0xffffffffL;
+#else
+	register BF_LONG l,r,t,*k;
+
+	l=data[0];
+	r=data[1];
+	k=(BF_LONG *)key;
+
+	l^=k[BF_ROUNDS+1];
+#if BF_ROUNDS == 20
+	BF_ENC(r,l,k,20);
+	BF_ENC(l,r,k,19);
+	BF_ENC(r,l,k,18);
+	BF_ENC(l,r,k,17);
+#endif
+	BF_ENC(r,l,k,16);
+	BF_ENC(l,r,k,15);
+	BF_ENC(r,l,k,14);
+	BF_ENC(l,r,k,13);
+	BF_ENC(r,l,k,12);
+	BF_ENC(l,r,k,11);
+	BF_ENC(r,l,k,10);
+	BF_ENC(l,r,k, 9);
+	BF_ENC(r,l,k, 8);
+	BF_ENC(l,r,k, 7);
+	BF_ENC(r,l,k, 6);
+	BF_ENC(l,r,k, 5);
+	BF_ENC(r,l,k, 4);
+	BF_ENC(l,r,k, 3);
+	BF_ENC(r,l,k, 2);
+	BF_ENC(l,r,k, 1);
+	r^=k[0];
+
+	data[1]=l&0xffffffffL;
+	data[0]=r&0xffffffffL;
+#endif
 	}
 
-void BF_cbc_encrypt(in, out, length, ks, iv, encrypt)
-unsigned char *in;
-unsigned char *out;
-long length;
-BF_KEY *ks;
-unsigned char *iv;
-int encrypt;
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+	     const BF_KEY *schedule, unsigned char *ivec, int encrypt)
 	{
 	register BF_LONG tin0,tin1;
 	register BF_LONG tout0,tout1,xor0,xor1;
@@ -166,9 +231,9 @@ int encrypt;
 
 	if (encrypt)
 		{
-		n2l(iv,tout0);
-		n2l(iv,tout1);
-		iv-=8;
+		n2l(ivec,tout0);
+		n2l(ivec,tout1);
+		ivec-=8;
 		for (l-=8; l>=0; l-=8)
 			{
 			n2l(in,tin0);
@@ -177,7 +242,7 @@ int encrypt;
 			tin1^=tout1;
 			tin[0]=tin0;
 			tin[1]=tin1;
-			BF_encrypt(tin,ks);
+			BF_encrypt(tin,schedule);
 			tout0=tin[0];
 			tout1=tin[1];
 			l2n(tout0,out);
@@ -190,27 +255,27 @@ int encrypt;
 			tin1^=tout1;
 			tin[0]=tin0;
 			tin[1]=tin1;
-			BF_encrypt(tin,ks);
+			BF_encrypt(tin,schedule);
 			tout0=tin[0];
 			tout1=tin[1];
 			l2n(tout0,out);
 			l2n(tout1,out);
 			}
-		l2n(tout0,iv);
-		l2n(tout1,iv);
+		l2n(tout0,ivec);
+		l2n(tout1,ivec);
 		}
 	else
 		{
-		n2l(iv,xor0);
-		n2l(iv,xor1);
-		iv-=8;
+		n2l(ivec,xor0);
+		n2l(ivec,xor1);
+		ivec-=8;
 		for (l-=8; l>=0; l-=8)
 			{
 			n2l(in,tin0);
 			n2l(in,tin1);
 			tin[0]=tin0;
 			tin[1]=tin1;
-			BF_decrypt(tin,ks);
+			BF_decrypt(tin,schedule);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			l2n(tout0,out);
@@ -224,15 +289,15 @@ int encrypt;
 			n2l(in,tin1);
 			tin[0]=tin0;
 			tin[1]=tin1;
-			BF_decrypt(tin,ks);
+			BF_decrypt(tin,schedule);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			l2nn(tout0,tout1,out,l+8);
 			xor0=tin0;
 			xor1=tin1;
 			}
-		l2n(xor0,iv);
-		l2n(xor1,iv);
+		l2n(xor0,ivec);
+		l2n(xor1,ivec);
 		}
 	tin0=tin1=tout0=tout1=xor0=xor1=0;
 	tin[0]=tin[1]=0;
diff --git a/crypto/bf/bf_locl b/crypto/bf/bf_locl
deleted file mode 100644
index abc23d7060..0000000000
--- a/crypto/bf/bf_locl
+++ /dev/null
@@ -1,243 +0,0 @@
-/* crypto/bf/bf_local.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@mincom.oz.au)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@mincom.oz.au).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@mincom.oz.au)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@mincom.oz.au)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * Always modify bf_locl.org since bf_locl.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
-
-#if defined( sun )                    /* Newer Sparc's */
-#  define BF_PTR
-#elif defined( __ultrix )     /* Older MIPS */
-#  define BF_PTR
-#elif defined( __osf1__ )     /* Alpha */
-  /* None */
-#elif defined ( _AIX )                /* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )               /* HP-PA */
-  /* None */
-#elif defined( __aux )                /* 68K */
-  /* Unknown */
-#elif defined( __dgux )               /* 88K (but P6 in latest boxes) */
-  /* Unknown */
-#elif defined( __sgi )                /* Newer MIPS */
-#  define BF_PTR
-#elif defined( i386 )         /* x86 boxes, should be gcc */
-#  define BF_PTR2
-#elif defined( _MSC_VER )     /* x86 boxes, Visual C */
-#  define BF_PTR2
-#endif /* Systems-specific speed defines */
-
-#undef c2l
-#define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \
-			 l|=((unsigned long)(*((c)++)))<< 8L, \
-			 l|=((unsigned long)(*((c)++)))<<16L, \
-			 l|=((unsigned long)(*((c)++)))<<24L)
-
-/* NOTE - c is not incremented as per c2l */
-#undef c2ln
-#define c2ln(c,l1,l2,n)	{ \
-			c+=n; \
-			l1=l2=0; \
-			switch (n) { \
-			case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
-			case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
-			case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
-			case 5: l2|=((unsigned long)(*(--(c))));     \
-			case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
-			case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
-			case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
-			case 1: l1|=((unsigned long)(*(--(c))));     \
-				} \
-			}
-
-#undef l2c
-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-#undef l2cn
-#define l2cn(l1,l2,c,n)	{ \
-			c+=n; \
-			switch (n) { \
-			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
-			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
-			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
-			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
-			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
-			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
-			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
-			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
-				} \
-			}
-
-/* NOTE - c is not incremented as per n2l */
-#define n2ln(c,l1,l2,n)	{ \
-			c+=n; \
-			l1=l2=0; \
-			switch (n) { \
-			case 8: l2 =((unsigned long)(*(--(c))))    ; \
-			case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
-			case 6: l2|=((unsigned long)(*(--(c))))<<16; \
-			case 5: l2|=((unsigned long)(*(--(c))))<<24; \
-			case 4: l1 =((unsigned long)(*(--(c))))    ; \
-			case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
-			case 2: l1|=((unsigned long)(*(--(c))))<<16; \
-			case 1: l1|=((unsigned long)(*(--(c))))<<24; \
-				} \
-			}
-
-/* NOTE - c is not incremented as per l2n */
-#define l2nn(l1,l2,c,n)	{ \
-			c+=n; \
-			switch (n) { \
-			case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
-			case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
-			case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
-			case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
-			case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
-			case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
-			case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
-			case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
-				} \
-			}
-
-#undef n2l
-#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
-                         l|=((unsigned long)(*((c)++)))<<16L, \
-                         l|=((unsigned long)(*((c)++)))<< 8L, \
-                         l|=((unsigned long)(*((c)++))))
-
-#undef l2n
-#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)     )&0xff))
-
-/* This is actually a big endian algorithm, the most significate byte
- * is used to lookup array 0 */
-
-/* use BF_PTR2 for intel boxes,
- * BF_PTR for sparc and MIPS/SGI
- * use nothing for Alpha and HP.
- */
-#if !defined(BF_PTR) && !defined(BF_PTR2)
-#undef BF_PTR
-#endif
-
-#define BF_M	0x3fc
-#define BF_0	22L
-#define BF_1	14L
-#define BF_2	 6L
-#define BF_3	 2L /* left shift */
-
-#if defined(BF_PTR2)
-
-/* This is basically a special pentium verson */
-#define BF_ENC(LL,R,S,P) \
-	{ \
-	BF_LONG t,u,v; \
-	u=R>>BF_0; \
-	v=R>>BF_1; \
-	u&=BF_M; \
-	v&=BF_M; \
-	t=  *(BF_LONG *)((unsigned char *)&(S[  0])+u); \
-	u=R>>BF_2; \
-	t+= *(BF_LONG *)((unsigned char *)&(S[256])+v); \
-	v=R<<BF_3; \
-	u&=BF_M; \
-	v&=BF_M; \
-	t^= *(BF_LONG *)((unsigned char *)&(S[512])+u); \
-	LL^=P; \
-	t+= *(BF_LONG *)((unsigned char *)&(S[768])+v); \
-	LL^=t; \
-	}
-
-#elif defined(BF_PTR)
-
-/* This is normally very good */
-
-#define BF_ENC(LL,R,S,P) \
-	LL^=P; \
-	LL^= (((*(BF_LONG *)((unsigned char *)&(S[  0])+((R>>BF_0)&BF_M))+ \
-		*(BF_LONG *)((unsigned char *)&(S[256])+((R>>BF_1)&BF_M)))^ \
-		*(BF_LONG *)((unsigned char *)&(S[512])+((R>>BF_2)&BF_M)))+ \
-		*(BF_LONG *)((unsigned char *)&(S[768])+((R<<BF_3)&BF_M)));
-#else
-
-/* This will always work, even on 64 bit machines and strangly enough,
- * on the Alpha it is faster than the pointer versions (both 32 and 64
- * versions of BF_LONG) */
-
-#define BF_ENC(LL,R,S,P) \
-	LL^=P; \
-	LL^=(((	S[        (int)(R>>24L)      ] + \
-		S[0x0100+((int)(R>>16L)&0xff)])^ \
-		S[0x0200+((int)(R>> 8L)&0xff)])+ \
-		S[0x0300+((int)(R     )&0xff)])&0xffffffffL;
-#endif
diff --git a/crypto/bf/bf_locl.h b/crypto/bf/bf_locl.h
index a5663de8ca..cc7c3ec992 100644
--- a/crypto/bf/bf_locl.h
+++ b/crypto/bf/bf_locl.h
@@ -1,4 +1,4 @@
-/* crypto/bf/bf_locl.org */
+/* crypto/bf/bf_locl.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,39 +56,9 @@
  * [including the GNU Public Licence.]
  */
 
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * Always modify bf_locl.org since bf_locl.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
-
-#if defined( sun )                    /* Newer Sparc's */
-#  define BF_PTR
-#elif defined( __ultrix )     /* Older MIPS */
-#  define BF_PTR
-#elif defined( __osf1__ )     /* Alpha */
-  /* None */
-#elif defined ( _AIX )                /* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )               /* HP-PA */
-  /* None */
-#elif defined( __aux )                /* 68K */
-  /* Unknown */
-#elif defined( __dgux )               /* 88K (but P6 in latest boxes) */
-  /* Unknown */
-#elif defined( __sgi )                /* Newer MIPS */
-#  define BF_PTR
-#elif defined( i386 )         /* x86 boxes, should be gcc */
-#elif defined( _MSC_VER )     /* x86 boxes, Visual C */
-#endif /* Systems-specific speed defines */
+#ifndef HEADER_BF_LOCL_H
+#define HEADER_BF_LOCL_H
+#include <openssl/opensslconf.h> /* BF_PTR, BF_PTR2 */
 
 #undef c2l
 #define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \
@@ -178,65 +148,72 @@
                          *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
                          *((c)++)=(unsigned char)(((l)     )&0xff))
 
-/* This is actually a big endian algorithm, the most significate byte
+/* This is actually a big endian algorithm, the most significant byte
  * is used to lookup array 0 */
 
-/* use BF_PTR2 for intel boxes,
- * BF_PTR for sparc and MIPS/SGI
- * use nothing for Alpha and HP.
- */
-#if !defined(BF_PTR) && !defined(BF_PTR2)
-#undef BF_PTR
-#endif
-
-#define BF_M	0x3fc
-#define BF_0	22L
-#define BF_1	14L
-#define BF_2	 6L
-#define BF_3	 2L /* left shift */
-
 #if defined(BF_PTR2)
 
-/* This is basically a special pentium verson */
-#define BF_ENC(LL,R,S,P) \
-	{ \
-	BF_LONG t,u,v; \
-	u=R>>BF_0; \
-	v=R>>BF_1; \
-	u&=BF_M; \
-	v&=BF_M; \
-	t=  *(BF_LONG *)((unsigned char *)&(S[  0])+u); \
-	u=R>>BF_2; \
-	t+= *(BF_LONG *)((unsigned char *)&(S[256])+v); \
-	v=R<<BF_3; \
-	u&=BF_M; \
-	v&=BF_M; \
-	t^= *(BF_LONG *)((unsigned char *)&(S[512])+u); \
-	LL^=P; \
-	t+= *(BF_LONG *)((unsigned char *)&(S[768])+v); \
-	LL^=t; \
-	}
+/*
+ * This is basically a special Intel version. Point is that Intel
+ * doesn't have many registers, but offers a reach choice of addressing
+ * modes. So we spare some registers by directly traversing BF_KEY
+ * structure and hiring the most decorated addressing mode. The code
+ * generated by EGCS is *perfectly* competitive with assembler
+ * implementation!
+ */
+#define BF_ENC(LL,R,KEY,Pi) (\
+	LL^=KEY[Pi], \
+	t=  KEY[BF_ROUNDS+2 +   0 + ((R>>24)&0xFF)], \
+	t+= KEY[BF_ROUNDS+2 + 256 + ((R>>16)&0xFF)], \
+	t^= KEY[BF_ROUNDS+2 + 512 + ((R>>8 )&0xFF)], \
+	t+= KEY[BF_ROUNDS+2 + 768 + ((R    )&0xFF)], \
+	LL^=t \
+	)
 
 #elif defined(BF_PTR)
 
-/* This is normally very good */
+#ifndef BF_LONG_LOG2
+#define BF_LONG_LOG2  2       /* default to BF_LONG being 32 bits */
+#endif
+#define BF_M  (0xFF<<BF_LONG_LOG2)
+#define BF_0  (24-BF_LONG_LOG2)
+#define BF_1  (16-BF_LONG_LOG2)
+#define BF_2  ( 8-BF_LONG_LOG2)
+#define BF_3  BF_LONG_LOG2 /* left shift */
+
+/*
+ * This is normally very good on RISC platforms where normally you
+ * have to explicitly "multiply" array index by sizeof(BF_LONG)
+ * in order to calculate the effective address. This implementation
+ * excuses CPU from this extra work. Power[PC] uses should have most
+ * fun as (R>>BF_i)&BF_M gets folded into a single instruction, namely
+ * rlwinm. So let'em double-check if their compiler does it.
+ */
 
-#define BF_ENC(LL,R,S,P) \
-	LL^=P; \
+#define BF_ENC(LL,R,S,P) ( \
+	LL^=P, \
 	LL^= (((*(BF_LONG *)((unsigned char *)&(S[  0])+((R>>BF_0)&BF_M))+ \
 		*(BF_LONG *)((unsigned char *)&(S[256])+((R>>BF_1)&BF_M)))^ \
 		*(BF_LONG *)((unsigned char *)&(S[512])+((R>>BF_2)&BF_M)))+ \
-		*(BF_LONG *)((unsigned char *)&(S[768])+((R<<BF_3)&BF_M)));
+		*(BF_LONG *)((unsigned char *)&(S[768])+((R<<BF_3)&BF_M))) \
+	)
 #else
 
-/* This will always work, even on 64 bit machines and strangly enough,
- * on the Alpha it is faster than the pointer versions (both 32 and 64
- * versions of BF_LONG) */
+/*
+ * This is a *generic* version. Seem to perform best on platforms that
+ * offer explicit support for extraction of 8-bit nibbles preferably
+ * complemented with "multiplying" of array index by sizeof(BF_LONG).
+ * For the moment of this writing the list comprises Alpha CPU featuring
+ * extbl and s[48]addq instructions.
+ */
+
+#define BF_ENC(LL,R,S,P) ( \
+	LL^=P, \
+	LL^=(((	S[       ((int)(R>>24)&0xff)] + \
+		S[0x0100+((int)(R>>16)&0xff)])^ \
+		S[0x0200+((int)(R>> 8)&0xff)])+ \
+		S[0x0300+((int)(R    )&0xff)])&0xffffffffL \
+	)
+#endif
 
-#define BF_ENC(LL,R,S,P) \
-	LL^=P; \
-	LL^=(((	S[        (int)(R>>24L)      ] + \
-		S[0x0100+((int)(R>>16L)&0xff)])^ \
-		S[0x0200+((int)(R>> 8L)&0xff)])+ \
-		S[0x0300+((int)(R     )&0xff)])&0xffffffffL;
 #endif
diff --git a/crypto/bf/bf_locl.org b/crypto/bf/bf_locl.org
deleted file mode 100644
index a5663de8ca..0000000000
--- a/crypto/bf/bf_locl.org
+++ /dev/null
@@ -1,242 +0,0 @@
-/* crypto/bf/bf_locl.org */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * Always modify bf_locl.org since bf_locl.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
-
-#if defined( sun )                    /* Newer Sparc's */
-#  define BF_PTR
-#elif defined( __ultrix )     /* Older MIPS */
-#  define BF_PTR
-#elif defined( __osf1__ )     /* Alpha */
-  /* None */
-#elif defined ( _AIX )                /* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )               /* HP-PA */
-  /* None */
-#elif defined( __aux )                /* 68K */
-  /* Unknown */
-#elif defined( __dgux )               /* 88K (but P6 in latest boxes) */
-  /* Unknown */
-#elif defined( __sgi )                /* Newer MIPS */
-#  define BF_PTR
-#elif defined( i386 )         /* x86 boxes, should be gcc */
-#elif defined( _MSC_VER )     /* x86 boxes, Visual C */
-#endif /* Systems-specific speed defines */
-
-#undef c2l
-#define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \
-			 l|=((unsigned long)(*((c)++)))<< 8L, \
-			 l|=((unsigned long)(*((c)++)))<<16L, \
-			 l|=((unsigned long)(*((c)++)))<<24L)
-
-/* NOTE - c is not incremented as per c2l */
-#undef c2ln
-#define c2ln(c,l1,l2,n)	{ \
-			c+=n; \
-			l1=l2=0; \
-			switch (n) { \
-			case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
-			case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
-			case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
-			case 5: l2|=((unsigned long)(*(--(c))));     \
-			case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
-			case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
-			case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
-			case 1: l1|=((unsigned long)(*(--(c))));     \
-				} \
-			}
-
-#undef l2c
-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-#undef l2cn
-#define l2cn(l1,l2,c,n)	{ \
-			c+=n; \
-			switch (n) { \
-			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
-			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
-			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
-			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
-			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
-			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
-			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
-			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
-				} \
-			}
-
-/* NOTE - c is not incremented as per n2l */
-#define n2ln(c,l1,l2,n)	{ \
-			c+=n; \
-			l1=l2=0; \
-			switch (n) { \
-			case 8: l2 =((unsigned long)(*(--(c))))    ; \
-			case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
-			case 6: l2|=((unsigned long)(*(--(c))))<<16; \
-			case 5: l2|=((unsigned long)(*(--(c))))<<24; \
-			case 4: l1 =((unsigned long)(*(--(c))))    ; \
-			case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
-			case 2: l1|=((unsigned long)(*(--(c))))<<16; \
-			case 1: l1|=((unsigned long)(*(--(c))))<<24; \
-				} \
-			}
-
-/* NOTE - c is not incremented as per l2n */
-#define l2nn(l1,l2,c,n)	{ \
-			c+=n; \
-			switch (n) { \
-			case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
-			case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
-			case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
-			case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
-			case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
-			case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
-			case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
-			case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
-				} \
-			}
-
-#undef n2l
-#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
-                         l|=((unsigned long)(*((c)++)))<<16L, \
-                         l|=((unsigned long)(*((c)++)))<< 8L, \
-                         l|=((unsigned long)(*((c)++))))
-
-#undef l2n
-#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-                         *((c)++)=(unsigned char)(((l)     )&0xff))
-
-/* This is actually a big endian algorithm, the most significate byte
- * is used to lookup array 0 */
-
-/* use BF_PTR2 for intel boxes,
- * BF_PTR for sparc and MIPS/SGI
- * use nothing for Alpha and HP.
- */
-#if !defined(BF_PTR) && !defined(BF_PTR2)
-#undef BF_PTR
-#endif
-
-#define BF_M	0x3fc
-#define BF_0	22L
-#define BF_1	14L
-#define BF_2	 6L
-#define BF_3	 2L /* left shift */
-
-#if defined(BF_PTR2)
-
-/* This is basically a special pentium verson */
-#define BF_ENC(LL,R,S,P) \
-	{ \
-	BF_LONG t,u,v; \
-	u=R>>BF_0; \
-	v=R>>BF_1; \
-	u&=BF_M; \
-	v&=BF_M; \
-	t=  *(BF_LONG *)((unsigned char *)&(S[  0])+u); \
-	u=R>>BF_2; \
-	t+= *(BF_LONG *)((unsigned char *)&(S[256])+v); \
-	v=R<<BF_3; \
-	u&=BF_M; \
-	v&=BF_M; \
-	t^= *(BF_LONG *)((unsigned char *)&(S[512])+u); \
-	LL^=P; \
-	t+= *(BF_LONG *)((unsigned char *)&(S[768])+v); \
-	LL^=t; \
-	}
-
-#elif defined(BF_PTR)
-
-/* This is normally very good */
-
-#define BF_ENC(LL,R,S,P) \
-	LL^=P; \
-	LL^= (((*(BF_LONG *)((unsigned char *)&(S[  0])+((R>>BF_0)&BF_M))+ \
-		*(BF_LONG *)((unsigned char *)&(S[256])+((R>>BF_1)&BF_M)))^ \
-		*(BF_LONG *)((unsigned char *)&(S[512])+((R>>BF_2)&BF_M)))+ \
-		*(BF_LONG *)((unsigned char *)&(S[768])+((R<<BF_3)&BF_M)));
-#else
-
-/* This will always work, even on 64 bit machines and strangly enough,
- * on the Alpha it is faster than the pointer versions (both 32 and 64
- * versions of BF_LONG) */
-
-#define BF_ENC(LL,R,S,P) \
-	LL^=P; \
-	LL^=(((	S[        (int)(R>>24L)      ] + \
-		S[0x0100+((int)(R>>16L)&0xff)])^ \
-		S[0x0200+((int)(R>> 8L)&0xff)])+ \
-		S[0x0300+((int)(R     )&0xff)])&0xffffffffL;
-#endif
diff --git a/crypto/bf/bf_ofb64.c b/crypto/bf/bf_ofb64.c
index 5d844ac760..f2a9ff6e41 100644
--- a/crypto/bf/bf_ofb64.c
+++ b/crypto/bf/bf_ofb64.c
@@ -56,20 +56,15 @@
  * [including the GNU Public Licence.]
  */
 
-#include "blowfish.h"
+#include <openssl/blowfish.h>
 #include "bf_locl.h"
 
 /* The input and output encrypted as though 64bit ofb mode is being
  * used.  The extra state information to record how much of the
  * 64bit block we have used is contained in *num;
  */
-void BF_ofb64_encrypt(in, out, length, schedule, ivec, num)
-unsigned char *in;
-unsigned char *out;
-long length;
-BF_KEY *schedule;
-unsigned char *ivec;
-int *num;
+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
+	     const BF_KEY *schedule, unsigned char *ivec, int *num)
 	{
 	register BF_LONG v0,v1,t;
 	register int n= *num;
diff --git a/crypto/bf/bf_opts.c b/crypto/bf/bf_opts.c
index 735d16b764..171dada2ca 100644
--- a/crypto/bf/bf_opts.c
+++ b/crypto/bf/bf_opts.c
@@ -59,19 +59,17 @@
 /* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
  * This is for machines with 64k code segment size restrictions. */
 
-#ifndef MSDOS
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
 #define TIMES
 #endif
 
 #include <stdio.h>
-#ifndef MSDOS
-#include <unistd.h>
-#else
-#include <io.h>
-extern void exit();
-#endif
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
 #include <signal.h>
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -79,15 +77,15 @@ extern void exit();
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
@@ -98,7 +96,7 @@ struct tms {
 #include <sys/param.h>
 #endif
 
-#include "blowfish.h"
+#include <openssl/blowfish.h>
 
 #define BF_DEFAULT_OPTIONS
 
@@ -127,11 +125,7 @@ struct tms {
 #ifndef HZ
 # ifndef CLK_TCK
 #  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
-#   ifndef VMS
-#    define HZ	100.0
-#   else /* VMS */
-#    define HZ	100.0
-#   endif
+#   define HZ	100.0
 #  else /* _BSD_CLK_TCK_ */
 #   define HZ ((double)_BSD_CLK_TCK_)
 #  endif
@@ -143,12 +137,7 @@ struct tms {
 #define BUFSIZE	((long)1024)
 long run=0;
 
-#ifndef NOPROTO
 double Time_F(int s);
-#else
-double Time_F();
-#endif
-
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi)
 #define SIGRETTYPE void
@@ -156,14 +145,8 @@ double Time_F();
 #define SIGRETTYPE int
 #endif
 
-#ifndef NOPROTO
 SIGRETTYPE sig_done(int sig);
-#else
-SIGRETTYPE sig_done();
-#endif
-
-SIGRETTYPE sig_done(sig)
-int sig;
+SIGRETTYPE sig_done(int sig)
 	{
 	signal(SIGALRM,sig_done);
 	run=0;
@@ -176,8 +159,7 @@ int sig;
 #define START	0
 #define STOP	1
 
-double Time_F(s)
-int s;
+double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -238,9 +220,7 @@ int s;
 	fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
 		tm[index]*8,1.0e6/tm[index]);
 
-int main(argc,argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	long count;
 	static unsigned char buf[BUFSIZE];
@@ -262,7 +242,7 @@ char **argv;
 		}
 
 #ifndef TIMES
-	fprintf(stderr,"To get the most acurate results, try to run this\n");
+	fprintf(stderr,"To get the most accurate results, try to run this\n");
 	fprintf(stderr,"program when this computer is idle.\n");
 #endif
 
@@ -342,7 +322,7 @@ char **argv;
 		break;
 		}
 	exit(0);
-#if defined(LINT) || defined(MSDOS)
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
 	return(0);
 #endif
 	}
diff --git a/crypto/bf/bf_pi.h b/crypto/bf/bf_pi.h
index 417b935538..9949513c68 100644
--- a/crypto/bf/bf_pi.h
+++ b/crypto/bf/bf_pi.h
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-static BF_KEY bf_init= {
+static const BF_KEY bf_init= {
 	{
 	0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L,
 	0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L,
diff --git a/crypto/bf/bf_skey.c b/crypto/bf/bf_skey.c
index 86574c0acc..3673cdee6e 100644
--- a/crypto/bf/bf_skey.c
+++ b/crypto/bf/bf_skey.c
@@ -58,21 +58,18 @@
 
 #include <stdio.h>
 #include <string.h>
-#include "blowfish.h"
+#include <openssl/blowfish.h>
 #include "bf_locl.h"
 #include "bf_pi.h"
 
-void BF_set_key(key,len,data)
-BF_KEY *key;
-int len;
-unsigned char *data;
+void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
 	{
 	int i;
 	BF_LONG *p,ri,in[2];
-	unsigned char *d,*end;
+	const unsigned char *d,*end;
 
 
-	memcpy((char *)key,(char *)&bf_init,sizeof(BF_KEY));
+	memcpy(key,&bf_init,sizeof(BF_KEY));
 	p=key->P;
 
 	if (len > ((BF_ROUNDS+2)*4)) len=(BF_ROUNDS+2)*4;
diff --git a/crypto/bf/bfs.cpp b/crypto/bf/bfs.cpp
index 272ed2f978..d74c457760 100644
--- a/crypto/bf/bfs.cpp
+++ b/crypto/bf/bfs.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "blowfish.h"
+#include <openssl/blowfish.h>
 
 void main(int argc,char *argv[])
 	{
diff --git a/crypto/bf/bfspeed.c b/crypto/bf/bfspeed.c
index 30db62b234..f346af64f3 100644
--- a/crypto/bf/bfspeed.c
+++ b/crypto/bf/bfspeed.c
@@ -59,19 +59,17 @@
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
 
-#ifndef MSDOS
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
 #define TIMES
 #endif
 
 #include <stdio.h>
-#ifndef MSDOS
-#include <unistd.h>
-#else
-#include <io.h>
-extern int exit();
-#endif
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
 #include <signal.h>
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -79,15 +77,15 @@ extern int exit();
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
@@ -98,16 +96,12 @@ struct tms {
 #include <sys/param.h>
 #endif
 
-#include "blowfish.h"
+#include <openssl/blowfish.h>
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
 #ifndef CLK_TCK
-#ifndef VMS
-#define HZ	100.0
-#else /* VMS */
 #define HZ	100.0
-#endif
 #else /* CLK_TCK */
 #define HZ ((double)CLK_TCK)
 #endif
@@ -116,12 +110,7 @@ struct tms {
 #define BUFSIZE	((long)1024)
 long run=0;
 
-#ifndef NOPROTO
 double Time_F(int s);
-#else
-double Time_F();
-#endif
-
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
 #define SIGRETTYPE void
@@ -129,14 +118,8 @@ double Time_F();
 #define SIGRETTYPE int
 #endif
 
-#ifndef NOPROTO
 SIGRETTYPE sig_done(int sig);
-#else
-SIGRETTYPE sig_done();
-#endif
-
-SIGRETTYPE sig_done(sig)
-int sig;
+SIGRETTYPE sig_done(int sig)
 	{
 	signal(SIGALRM,sig_done);
 	run=0;
@@ -149,8 +132,7 @@ int sig;
 #define START	0
 #define STOP	1
 
-double Time_F(s)
-int s;
+double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -186,9 +168,7 @@ int s;
 #endif
 	}
 
-int main(argc,argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	long count;
 	static unsigned char buf[BUFSIZE];
@@ -203,7 +183,7 @@ char **argv;
 #endif
 
 #ifndef TIMES
-	printf("To get the most acurate results, try to run this\n");
+	printf("To get the most accurate results, try to run this\n");
 	printf("program when this computer is idle.\n");
 #endif
 
@@ -288,7 +268,7 @@ char **argv;
 	printf("Blowfish raw ecb bytes per sec = %12.3f (%9.3fuS)\n",b,8.0e6/b);
 	printf("Blowfish cbc     bytes per sec = %12.3f (%9.3fuS)\n",c,8.0e6/c);
 	exit(0);
-#if defined(LINT) || defined(MSDOS)
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
 	return(0);
 #endif
 	}
diff --git a/crypto/bf/bftest.c b/crypto/bf/bftest.c
index 9266cf813a..24d526b14b 100644
--- a/crypto/bf/bftest.c
+++ b/crypto/bf/bftest.c
@@ -62,20 +62,34 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "blowfish.h"
 
-char *bf_key[2]={
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_BF
+int main(int argc, char *argv[])
+{
+    printf("No BF support\n");
+    return(0);
+}
+#else
+#include <openssl/blowfish.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+static char *bf_key[2]={
 	"abcdefghijklmnopqrstuvwxyz",
 	"Who is John Galt?"
 	};
 
 /* big endian */
-BF_LONG bf_plain[2][2]={
+static BF_LONG bf_plain[2][2]={
 	{0x424c4f57L,0x46495348L},
 	{0xfedcba98L,0x76543210L}
 	};
 
-BF_LONG bf_cipher[2][2]={
+static BF_LONG bf_cipher[2][2]={
 	{0x324ed0feL,0xf413a203L},
 	{0xcc91732bL,0x8022f684L}
 	};
@@ -216,16 +230,16 @@ static unsigned char ofb64_ok[]={
 	0x63,0xC2,0xCF,0x80,0xDA};
 
 #define KEY_TEST_NUM	25
-unsigned char key_test[KEY_TEST_NUM]={
+static unsigned char key_test[KEY_TEST_NUM]={
 	0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87,
 	0x78,0x69,0x5a,0x4b,0x3c,0x2d,0x1e,0x0f,
 	0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,
 	0x88};
 
-unsigned char key_data[8]=
+static unsigned char key_data[8]=
 	{0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10};
 
-unsigned char key_out[KEY_TEST_NUM][8]={
+static unsigned char key_out[KEY_TEST_NUM][8]={
 	{0xF9,0xAD,0x59,0x7C,0x49,0xDB,0x00,0x5E},
 	{0xE9,0x1D,0x21,0xC1,0xD9,0x61,0xA6,0xD6},
 	{0xE9,0xC2,0xB7,0x0A,0x1B,0xC6,0x5C,0xF3},
@@ -252,17 +266,9 @@ unsigned char key_out[KEY_TEST_NUM][8]={
 	{0x05,0x04,0x4B,0x62,0xFA,0x52,0xD0,0x80},
 	};
 
-#ifndef NOPROTO
 static int test(void );
 static int print_test_data(void );
-#else
-static int test();
-static int print_test_data();
-#endif
-
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int ret;
 
@@ -271,11 +277,11 @@ char *argv[];
 	else
 		ret=test();
 
-	exit(ret);
+	EXIT(ret);
 	return(0);
 	}
 
-static int print_test_data()
+static int print_test_data(void)
 	{
 	unsigned int i,j;
 
@@ -304,7 +310,7 @@ static int print_test_data()
 		printf("c=");
 		for (j=0; j<8; j++)
 			printf("%02X",key_out[i][j]);
-		printf(" k[%2d]=",i+1);
+		printf(" k[%2u]=",i+1);
 		for (j=0; j<i+1; j++)
 			printf("%02X",key_test[j]);
 		printf("\n");
@@ -342,7 +348,7 @@ static int print_test_data()
 	return(0);
 	}
 
-static int test()
+static int test(void)
 	{
 	unsigned char cbc_in[40],cbc_out[40],iv[8];
 	int i,n,err=0;
@@ -351,9 +357,16 @@ static int test()
 	unsigned char out[8]; 
 	BF_LONG len;
 
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(cbc_data, cbc_data, strlen(cbc_data));
+#endif
+
 	printf("testing blowfish in raw ecb mode\n");
 	for (n=0; n<2; n++)
 		{
+#ifdef CHARSET_EBCDIC
+		ebcdic2ascii(bf_key[n], bf_key[n], strlen(bf_key[n]));
+#endif
 		BF_set_key(&key,strlen(bf_key[n]),(unsigned char *)bf_key[n]);
 
 		data[0]=bf_plain[n][0];
@@ -364,11 +377,11 @@ static int test()
 			printf("BF_encrypt error encrypting\n");
 			printf("got     :");
 			for (i=0; i<2; i++)
-				printf("%08lX ",data[i]);
+				printf("%08lX ",(unsigned long)data[i]);
 			printf("\n");
 			printf("expected:");
 			for (i=0; i<2; i++)
-				printf("%08lX ",bf_cipher[n][i]);
+				printf("%08lX ",(unsigned long)bf_cipher[n][i]);
 			err=1;
 			printf("\n");
 			}
@@ -379,11 +392,11 @@ static int test()
 			printf("BF_encrypt error decrypting\n");
 			printf("got     :");
 			for (i=0; i<2; i++)
-				printf("%08lX ",data[i]);
+				printf("%08lX ",(unsigned long)data[i]);
 			printf("\n");
 			printf("expected:");
 			for (i=0; i<2; i++)
-				printf("%08lX ",bf_plain[n][i]);
+				printf("%08lX ",(unsigned long)bf_plain[n][i]);
 			printf("\n");
 			err=1;
 			}
@@ -431,7 +444,8 @@ static int test()
 		{
 		BF_set_key(&key,n,key_test);
 		BF_ecb_encrypt(key_data,out,&key,BF_ENCRYPT);
-		if (memcmp(out,&(key_out[n-1][0]),8) != 0)
+		/* mips-sgi-irix6.5-gcc  vv  -mabi=64 bug workaround */
+		if (memcmp(out,&(key_out[i=n-1][0]),8) != 0)
 			{
 			printf("blowfish setkey error\n");
 			err=1;
@@ -442,9 +456,9 @@ static int test()
 	len=strlen(cbc_data)+1;
 
 	BF_set_key(&key,16,cbc_key);
-	memset(cbc_in,0,40);
-	memset(cbc_out,0,40);
-	memcpy(iv,cbc_iv,8);
+	memset(cbc_in,0,sizeof cbc_in);
+	memset(cbc_out,0,sizeof cbc_out);
+	memcpy(iv,cbc_iv,sizeof iv);
 	BF_cbc_encrypt((unsigned char *)cbc_data,cbc_out,len,
 		&key,iv,BF_ENCRYPT);
 	if (memcmp(cbc_out,cbc_ok,32) != 0)
@@ -519,3 +533,4 @@ static int test()
 
 	return(err);
 	}
+#endif
diff --git a/crypto/bf/blowfish.h b/crypto/bf/blowfish.h
index c4a8085a29..cd49e85ab2 100644
--- a/crypto/bf/blowfish.h
+++ b/crypto/bf/blowfish.h
@@ -59,18 +59,41 @@
 #ifndef HEADER_BLOWFISH_H
 #define HEADER_BLOWFISH_H
 
+#include <openssl/e_os2.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
+#ifdef OPENSSL_NO_BF
+#error BF is disabled.
+#endif
+
 #define BF_ENCRYPT	1
 #define BF_DECRYPT	0
 
-/* If you make this 'unsigned int' the pointer variants will work on
- * the Alpha, otherwise they will not.  Strangly using the '8 byte'
- * BF_LONG and the default 'non-pointer' inner loop is the best configuration
- * for the Alpha */
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! BF_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! BF_LONG_LOG2 has to be defined along.                        !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#define BF_LONG unsigned long
+#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
 #define BF_LONG unsigned long
+#define BF_LONG_LOG2 3
+/*
+ * _CRAY note. I could declare short, but I have no idea what impact
+ * does it have on performance on none-T3E machines. I could declare
+ * int, but at least on C90 sizeof(int) can be chosen at compile time.
+ * So I've chosen long...
+ *					<appro@fy.chalmers.se>
+ */
+#else
+#define BF_LONG unsigned int
+#endif
 
 #define BF_ROUNDS	16
 #define BF_BLOCK	8
@@ -81,33 +104,21 @@ typedef struct bf_key_st
 	BF_LONG S[4*256];
 	} BF_KEY;
 
-#ifndef NOPROTO
  
-void BF_set_key(BF_KEY *key, int len, unsigned char *data);
-void BF_ecb_encrypt(unsigned char *in,unsigned char *out,BF_KEY *key,
-	int enc);
-void BF_encrypt(BF_LONG *data,BF_KEY *key);
-void BF_decrypt(BF_LONG *data,BF_KEY *key);
-void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
-	BF_KEY *ks, unsigned char *iv, int enc);
-void BF_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	BF_KEY *schedule, unsigned char *ivec, int *num, int enc);
-void BF_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	BF_KEY *schedule, unsigned char *ivec, int *num);
-char *BF_options(void);
+void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
 
-#else
-
-void BF_set_key();
-void BF_ecb_encrypt();
-void BF_encrypt();
-void BF_decrypt();
-void BF_cbc_encrypt();
-void BF_cfb64_encrypt();
-void BF_ofb64_encrypt();
-char *BF_options();
+void BF_encrypt(BF_LONG *data,const BF_KEY *key);
+void BF_decrypt(BF_LONG *data,const BF_KEY *key);
 
-#endif
+void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+	const BF_KEY *key, int enc);
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+	const BF_KEY *schedule, unsigned char *ivec, int enc);
+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
+	const BF_KEY *schedule, unsigned char *ivec, int *num, int enc);
+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
+	const BF_KEY *schedule, unsigned char *ivec, int *num);
+const char *BF_options(void);
 
 #ifdef  __cplusplus
 }
diff --git a/crypto/bio/.cvsignore b/crypto/bio/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/bio/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/bio/Makefile.ssl b/crypto/bio/Makefile.ssl
index 42e11e1c94..141a03ae1d 100644
--- a/crypto/bio/Makefile.ssl
+++ b/crypto/bio/Makefile.ssl
@@ -5,38 +5,41 @@
 DIR=	bio
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=bio
-ERRC=bio_err
 GENERAL=Makefile
 TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= bio_lib.c bio_cb.c $(ERRC).c \
+LIBSRC= bio_lib.c bio_cb.c bio_err.c \
 	bss_mem.c bss_null.c bss_fd.c \
 	bss_file.c bss_sock.c bss_conn.c \
 	bf_null.c bf_buff.c b_print.c b_dump.c \
-	b_sock.c bss_acpt.c bf_nbio.c
-LIBOBJ= bio_lib.o bio_cb.o $(ERRC).o \
+	b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c
+#	bf_lbuf.c
+LIBOBJ= bio_lib.o bio_cb.o bio_err.o \
 	bss_mem.o bss_null.o bss_fd.o \
 	bss_file.o bss_sock.o bss_conn.o \
 	bf_null.o bf_buff.o b_print.o b_dump.o \
-	b_sock.o bss_acpt.o bf_nbio.o
+	b_sock.o bss_acpt.o bf_nbio.o bss_log.o bss_bio.o
+#	bf_lbuf.o
 
 SRC= $(LIBSRC)
 
-EXHEADER= bio.h bss_file.c
-HEADER=	$(EXHEADER)
+EXHEADER= bio.h
+HEADER=	bss_file.c $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
@@ -47,24 +50,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
-	@for i in $(EXHEADER) bss_file.c ; \
+	@for i in $(EXHEADER); \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -76,17 +78,139 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+b_dump.o: ../../e_os.h ../../include/openssl/bio.h
+b_dump.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_dump.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+b_dump.o: ../cryptlib.h b_dump.c
+b_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+b_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+b_print.o: ../cryptlib.h b_print.c
+b_sock.o: ../../e_os.h ../../include/openssl/bio.h
+b_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+b_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+b_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+b_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+b_sock.o: ../cryptlib.h b_sock.c
+bf_buff.o: ../../e_os.h ../../include/openssl/bio.h
+bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_buff.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_buff.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_buff.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bf_buff.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_buff.o: ../cryptlib.h bf_buff.c
+bf_nbio.o: ../../e_os.h ../../include/openssl/bio.h
+bf_nbio.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_nbio.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_nbio.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_nbio.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bf_nbio.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bf_nbio.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_nbio.o: ../cryptlib.h bf_nbio.c
+bf_null.o: ../../e_os.h ../../include/openssl/bio.h
+bf_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bf_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bf_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bf_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bf_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bf_null.o: ../cryptlib.h bf_null.c
+bio_cb.o: ../../e_os.h ../../include/openssl/bio.h
+bio_cb.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bio_cb.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_cb.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_cb.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bio_cb.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_cb.o: ../cryptlib.h bio_cb.c
+bio_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+bio_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bio_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_err.o: bio_err.c
+bio_lib.o: ../../e_os.h ../../include/openssl/bio.h
+bio_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bio_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bio_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bio_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_lib.o: ../cryptlib.h bio_lib.c
+bss_acpt.o: ../../e_os.h ../../include/openssl/bio.h
+bss_acpt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_acpt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_acpt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_acpt.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_acpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_acpt.o: ../cryptlib.h bss_acpt.c
+bss_bio.o: ../../e_os.h ../../include/openssl/bio.h
+bss_bio.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bss_bio.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bss_bio.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bss_bio.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bss_bio.o: ../../include/openssl/symhacks.h bss_bio.c
+bss_conn.o: ../../e_os.h ../../include/openssl/bio.h
+bss_conn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_conn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_conn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_conn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_conn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_conn.o: ../cryptlib.h bss_conn.c
+bss_fd.o: ../../e_os.h ../../include/openssl/bio.h
+bss_fd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_fd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_fd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_fd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_fd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_fd.o: ../cryptlib.h bss_fd.c
+bss_file.o: ../../e_os.h ../../include/openssl/bio.h
+bss_file.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_file.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_file.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_file.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_file.o: ../cryptlib.h bss_file.c
+bss_log.o: ../../e_os.h ../../include/openssl/bio.h
+bss_log.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_log.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_log.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_log.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_log.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_log.o: ../cryptlib.h bss_log.c
+bss_mem.o: ../../e_os.h ../../include/openssl/bio.h
+bss_mem.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_mem.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_mem.o: ../cryptlib.h bss_mem.c
+bss_null.o: ../../e_os.h ../../include/openssl/bio.h
+bss_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_null.o: ../cryptlib.h bss_null.c
+bss_sock.o: ../../e_os.h ../../include/openssl/bio.h
+bss_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bss_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bss_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bss_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bss_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bss_sock.o: ../cryptlib.h bss_sock.c
diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c
index db84ad3d47..8397cfab6a 100644
--- a/crypto/bio/b_dump.c
+++ b/crypto/bio/b_dump.c
@@ -62,64 +62,91 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bio.h"
+#include <openssl/bio.h>
 
 #define TRUNCATE
 #define DUMP_WIDTH	16
+#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4))
 
-int BIO_dump(bio,s,len)
-BIO *bio;
-char *s;
-int len;
-{
-  int ret=0;
-  char buf[160+1],tmp[20];
-  int i,j,rows,trunc;
-  unsigned char ch;
-
-  trunc=0;
+int BIO_dump(BIO *bio, const char *s, int len)
+	{
+	return BIO_dump_indent(bio, s, len, 0);
+	}
 
+int BIO_dump_indent(BIO *bio, const char *s, int len, int indent)
+	{
+	int ret=0;
+	char buf[288+1],tmp[20],str[128+1];
+	int i,j,rows,trunc;
+	unsigned char ch;
+	int dump_width;
+	
+	trunc=0;
+	
 #ifdef TRUNCATE
-  for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--) 
-    trunc++;
+	for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--) 
+		trunc++;
 #endif
 
-  rows=(len/DUMP_WIDTH);
-  if ((rows*DUMP_WIDTH)<len)
-    rows++;
-  for(i=0;i<rows;i++) {
-    buf[0]='\0';	/* start with empty string */
-    sprintf(tmp,"%04x - ",i*DUMP_WIDTH);
-    strcpy(buf,tmp);
-    for(j=0;j<DUMP_WIDTH;j++) {
-      if (((i*DUMP_WIDTH)+j)>=len) {
-	strcat(buf,"   ");
-      } else {
-        ch=((unsigned char)*((char *)(s)+i*DUMP_WIDTH+j)) & 0xff;
-	sprintf(tmp,"%02x%c",ch,j==7?'-':' ');
-        strcat(buf,tmp);
-      }
-    }
-    strcat(buf,"  ");
-    for(j=0;j<DUMP_WIDTH;j++) {
-      if (((i*DUMP_WIDTH)+j)>=len)
-	break;
-      ch=((unsigned char)*((char *)(s)+i*DUMP_WIDTH+j)) & 0xff;
-      sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.');
-      strcat(buf,tmp);
-    }
-    strcat(buf,"\n");
-    /* if this is the last call then update the ddt_dump thing so that
-     * we will move the selection point in the debug window 
-     */
-    ret+=BIO_write(bio,(char *)buf,strlen(buf));
-  }
+	if (indent < 0)
+		indent = 0;
+	if (indent)
+		{
+		if (indent > 128) indent=128;
+		memset(str,' ',indent);
+		}
+	str[indent]='\0';
+	
+	dump_width=DUMP_WIDTH_LESS_INDENT(indent);
+	rows=(len/dump_width);
+	if ((rows*dump_width)<len)
+		rows++;
+	for(i=0;i<rows;i++)
+		{
+		buf[0]='\0';	/* start with empty string */
+		strcpy(buf,str);
+		sprintf(tmp,"%04x - ",i*dump_width);
+		strcat(buf,tmp);
+		for(j=0;j<dump_width;j++)
+			{
+			if (((i*dump_width)+j)>=len)
+				{
+				strcat(buf,"   ");
+				}
+			else
+				{
+				ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
+				sprintf(tmp,"%02x%c",ch,j==7?'-':' ');
+				strcat(buf,tmp);
+				}
+			}
+		strcat(buf,"  ");
+		for(j=0;j<dump_width;j++)
+			{
+			if (((i*dump_width)+j)>=len)
+				break;
+			ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
+#ifndef CHARSET_EBCDIC
+			sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.');
+#else
+			sprintf(tmp,"%c",((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
+				? os_toebcdic[ch]
+				: '.');
+#endif
+			strcat(buf,tmp);
+			}
+		strcat(buf,"\n");
+		/* if this is the last call then update the ddt_dump thing so that
+		 * we will move the selection point in the debug window 
+		 */
+		ret+=BIO_write(bio,(char *)buf,strlen(buf));
+		}
 #ifdef TRUNCATE
-  if (trunc > 0) {
-    sprintf(buf,"%04x - <SPACES/NULS>\n",len+trunc);
-    ret+=BIO_write(bio,(char *)buf,strlen(buf));
-  }
+	if (trunc > 0)
+		{
+		sprintf(buf,"%s%04x - <SPACES/NULS>\n",str,len+trunc);
+		ret+=BIO_write(bio,(char *)buf,strlen(buf));
+		}
 #endif
-  return(ret);
-}
-
+	return(ret);
+	}
diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c
index cdadeb839a..3f5d6a74bf 100644
--- a/crypto/bio/b_print.c
+++ b/crypto/bio/b_print.c
@@ -56,37 +56,774 @@
  * [including the GNU Public Licence.]
  */
 
+/* disable assert() unless BIO_DEBUG has been defined */
+#ifndef BIO_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+
 /* 
  * Stolen from tjh's ssl/ssl_trc.c stuff.
  */
 
 #include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+#include <limits.h>
 #include "cryptlib.h"
-#include "bio.h"
+#ifndef NO_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#include <openssl/bn.h>         /* To get BN_LLONG properly defined */
+#include <openssl/bio.h>
+
+#ifdef BN_LLONG
+# ifndef HAVE_LONG_LONG
+#  define HAVE_LONG_LONG 1
+# endif
+#endif
+
+/***************************************************************************/
+
+/*
+ * Copyright Patrick Powell 1995
+ * This code is based on code written by Patrick Powell <papowell@astart.com>
+ * It may be used for any purpose as long as this notice remains intact
+ * on all source code distributions.
+ */
+
+/*
+ * This code contains numerious changes and enhancements which were
+ * made by lots of contributors over the last years to Patrick Powell's
+ * original code:
+ *
+ * o Patrick Powell <papowell@astart.com>      (1995)
+ * o Brandon Long <blong@fiction.net>          (1996, for Mutt)
+ * o Thomas Roessler <roessler@guug.de>        (1998, for Mutt)
+ * o Michael Elkins <me@cs.hmc.edu>            (1998, for Mutt)
+ * o Andrew Tridgell <tridge@samba.org>        (1998, for Samba)
+ * o Luke Mewburn <lukem@netbsd.org>           (1999, for LukemFTP)
+ * o Ralf S. Engelschall <rse@engelschall.com> (1999, for Pth)
+ * o ...                                       (for OpenSSL)
+ */
+
+#ifdef HAVE_LONG_DOUBLE
+#define LDOUBLE long double
+#else
+#define LDOUBLE double
+#endif
+
+#if HAVE_LONG_LONG
+# if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
+# define LLONG _int64
+# else
+# define LLONG long long
+# endif
+#else
+#define LLONG long
+#endif
+
+static void fmtstr     (char **, char **, size_t *, size_t *,
+			const char *, int, int, int);
+static void fmtint     (char **, char **, size_t *, size_t *,
+			LLONG, int, int, int, int);
+static void fmtfp      (char **, char **, size_t *, size_t *,
+			LDOUBLE, int, int, int);
+static void doapr_outch (char **, char **, size_t *, size_t *, int);
+static void _dopr(char **sbuffer, char **buffer,
+		  size_t *maxlen, size_t *retlen, int *truncated,
+		  const char *format, va_list args);
+
+/* format read states */
+#define DP_S_DEFAULT    0
+#define DP_S_FLAGS      1
+#define DP_S_MIN        2
+#define DP_S_DOT        3
+#define DP_S_MAX        4
+#define DP_S_MOD        5
+#define DP_S_CONV       6
+#define DP_S_DONE       7
+
+/* format flags - Bits */
+#define DP_F_MINUS      (1 << 0)
+#define DP_F_PLUS       (1 << 1)
+#define DP_F_SPACE      (1 << 2)
+#define DP_F_NUM        (1 << 3)
+#define DP_F_ZERO       (1 << 4)
+#define DP_F_UP         (1 << 5)
+#define DP_F_UNSIGNED   (1 << 6)
+
+/* conversion flags */
+#define DP_C_SHORT      1
+#define DP_C_LONG       2
+#define DP_C_LDOUBLE    3
+#define DP_C_LLONG      4
+
+/* some handy macros */
+#define char_to_int(p) (p - '0')
+#define OSSL_MAX(p,q) ((p >= q) ? p : q)
+
+static void
+_dopr(
+    char **sbuffer,
+    char **buffer,
+    size_t *maxlen,
+    size_t *retlen,
+    int *truncated,
+    const char *format,
+    va_list args)
+{
+    char ch;
+    LLONG value;
+    LDOUBLE fvalue;
+    char *strvalue;
+    int min;
+    int max;
+    int state;
+    int flags;
+    int cflags;
+    size_t currlen;
+
+    state = DP_S_DEFAULT;
+    flags = currlen = cflags = min = 0;
+    max = -1;
+    ch = *format++;
+
+    while (state != DP_S_DONE) {
+        if (ch == '\0' || (buffer == NULL && currlen >= *maxlen))
+            state = DP_S_DONE;
+
+        switch (state) {
+        case DP_S_DEFAULT:
+            if (ch == '%')
+                state = DP_S_FLAGS;
+            else
+                doapr_outch(sbuffer,buffer, &currlen, maxlen, ch);
+            ch = *format++;
+            break;
+        case DP_S_FLAGS:
+            switch (ch) {
+            case '-':
+                flags |= DP_F_MINUS;
+                ch = *format++;
+                break;
+            case '+':
+                flags |= DP_F_PLUS;
+                ch = *format++;
+                break;
+            case ' ':
+                flags |= DP_F_SPACE;
+                ch = *format++;
+                break;
+            case '#':
+                flags |= DP_F_NUM;
+                ch = *format++;
+                break;
+            case '0':
+                flags |= DP_F_ZERO;
+                ch = *format++;
+                break;
+            default:
+                state = DP_S_MIN;
+                break;
+            }
+            break;
+        case DP_S_MIN:
+            if (isdigit((unsigned char)ch)) {
+                min = 10 * min + char_to_int(ch);
+                ch = *format++;
+            } else if (ch == '*') {
+                min = va_arg(args, int);
+                ch = *format++;
+                state = DP_S_DOT;
+            } else
+                state = DP_S_DOT;
+            break;
+        case DP_S_DOT:
+            if (ch == '.') {
+                state = DP_S_MAX;
+                ch = *format++;
+            } else
+                state = DP_S_MOD;
+            break;
+        case DP_S_MAX:
+            if (isdigit((unsigned char)ch)) {
+                if (max < 0)
+                    max = 0;
+                max = 10 * max + char_to_int(ch);
+                ch = *format++;
+            } else if (ch == '*') {
+                max = va_arg(args, int);
+                ch = *format++;
+                state = DP_S_MOD;
+            } else
+                state = DP_S_MOD;
+            break;
+        case DP_S_MOD:
+            switch (ch) {
+            case 'h':
+                cflags = DP_C_SHORT;
+                ch = *format++;
+                break;
+            case 'l':
+                if (*format == 'l') {
+                    cflags = DP_C_LLONG;
+                    format++;
+                } else
+                    cflags = DP_C_LONG;
+                ch = *format++;
+                break;
+            case 'q':
+                cflags = DP_C_LLONG;
+                ch = *format++;
+                break;
+            case 'L':
+                cflags = DP_C_LDOUBLE;
+                ch = *format++;
+                break;
+            default:
+                break;
+            }
+            state = DP_S_CONV;
+            break;
+        case DP_S_CONV:
+            switch (ch) {
+            case 'd':
+            case 'i':
+                switch (cflags) {
+                case DP_C_SHORT:
+                    value = (short int)va_arg(args, int);
+                    break;
+                case DP_C_LONG:
+                    value = va_arg(args, long int);
+                    break;
+                case DP_C_LLONG:
+                    value = va_arg(args, LLONG);
+                    break;
+                default:
+                    value = va_arg(args, int);
+                    break;
+                }
+                fmtint(sbuffer, buffer, &currlen, maxlen,
+                       value, 10, min, max, flags);
+                break;
+            case 'X':
+                flags |= DP_F_UP;
+                /* FALLTHROUGH */
+            case 'x':
+            case 'o':
+            case 'u':
+                flags |= DP_F_UNSIGNED;
+                switch (cflags) {
+                case DP_C_SHORT:
+                    value = (unsigned short int)va_arg(args, unsigned int);
+                    break;
+                case DP_C_LONG:
+                    value = (LLONG) va_arg(args,
+                        unsigned long int);
+                    break;
+                case DP_C_LLONG:
+                    value = va_arg(args, unsigned LLONG);
+                    break;
+                default:
+                    value = (LLONG) va_arg(args,
+                        unsigned int);
+                    break;
+                }
+                fmtint(sbuffer, buffer, &currlen, maxlen, value,
+                       ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
+                       min, max, flags);
+                break;
+            case 'f':
+                if (cflags == DP_C_LDOUBLE)
+                    fvalue = va_arg(args, LDOUBLE);
+                else
+                    fvalue = va_arg(args, double);
+                fmtfp(sbuffer, buffer, &currlen, maxlen,
+                      fvalue, min, max, flags);
+                break;
+            case 'E':
+                flags |= DP_F_UP;
+            case 'e':
+                if (cflags == DP_C_LDOUBLE)
+                    fvalue = va_arg(args, LDOUBLE);
+                else
+                    fvalue = va_arg(args, double);
+                break;
+            case 'G':
+                flags |= DP_F_UP;
+            case 'g':
+                if (cflags == DP_C_LDOUBLE)
+                    fvalue = va_arg(args, LDOUBLE);
+                else
+                    fvalue = va_arg(args, double);
+                break;
+            case 'c':
+                doapr_outch(sbuffer, buffer, &currlen, maxlen,
+                    va_arg(args, int));
+                break;
+            case 's':
+                strvalue = va_arg(args, char *);
+                if (max < 0) {
+		    if (buffer)
+			max = INT_MAX;
+		    else
+			max = *maxlen;
+		}
+                fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
+                       flags, min, max);
+                break;
+            case 'p':
+                value = (long)va_arg(args, void *);
+                fmtint(sbuffer, buffer, &currlen, maxlen,
+                    value, 16, min, max, flags);
+                break;
+            case 'n': /* XXX */
+                if (cflags == DP_C_SHORT) {
+                    short int *num;
+                    num = va_arg(args, short int *);
+                    *num = currlen;
+                } else if (cflags == DP_C_LONG) { /* XXX */
+                    long int *num;
+                    num = va_arg(args, long int *);
+                    *num = (long int) currlen;
+                } else if (cflags == DP_C_LLONG) { /* XXX */
+                    LLONG *num;
+                    num = va_arg(args, LLONG *);
+                    *num = (LLONG) currlen;
+                } else {
+                    int    *num;
+                    num = va_arg(args, int *);
+                    *num = currlen;
+                }
+                break;
+            case '%':
+                doapr_outch(sbuffer, buffer, &currlen, maxlen, ch);
+                break;
+            case 'w':
+                /* not supported yet, treat as next char */
+                ch = *format++;
+                break;
+            default:
+                /* unknown, skip */
+                break;
+            }
+            ch = *format++;
+            state = DP_S_DEFAULT;
+            flags = cflags = min = 0;
+            max = -1;
+            break;
+        case DP_S_DONE:
+            break;
+        default:
+            break;
+        }
+    }
+    *truncated = (currlen > *maxlen - 1);
+    if (*truncated)
+        currlen = *maxlen - 1;
+    doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0');
+    *retlen = currlen - 1;
+    return;
+}
+
+static void
+fmtstr(
+    char **sbuffer,
+    char **buffer,
+    size_t *currlen,
+    size_t *maxlen,
+    const char *value,
+    int flags,
+    int min,
+    int max)
+{
+    int padlen, strln;
+    int cnt = 0;
+
+    if (value == 0)
+        value = "<NULL>";
+    for (strln = 0; value[strln]; ++strln)
+        ;
+    padlen = min - strln;
+    if (padlen < 0)
+        padlen = 0;
+    if (flags & DP_F_MINUS)
+        padlen = -padlen;
+
+    while ((padlen > 0) && (cnt < max)) {
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        --padlen;
+        ++cnt;
+    }
+    while (*value && (cnt < max)) {
+        doapr_outch(sbuffer, buffer, currlen, maxlen, *value++);
+        ++cnt;
+    }
+    while ((padlen < 0) && (cnt < max)) {
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        ++padlen;
+        ++cnt;
+    }
+}
+
+static void
+fmtint(
+    char **sbuffer,
+    char **buffer,
+    size_t *currlen,
+    size_t *maxlen,
+    LLONG value,
+    int base,
+    int min,
+    int max,
+    int flags)
+{
+    int signvalue = 0;
+    unsigned LLONG uvalue;
+    char convert[DECIMAL_SIZE(value)+1];
+    int place = 0;
+    int spadlen = 0;
+    int zpadlen = 0;
+    int caps = 0;
+
+    if (max < 0)
+        max = 0;
+    uvalue = value;
+    if (!(flags & DP_F_UNSIGNED)) {
+        if (value < 0) {
+            signvalue = '-';
+            uvalue = -value;
+        } else if (flags & DP_F_PLUS)
+            signvalue = '+';
+        else if (flags & DP_F_SPACE)
+            signvalue = ' ';
+    }
+    if (flags & DP_F_UP)
+        caps = 1;
+    do {
+        convert[place++] =
+            (caps ? "0123456789ABCDEF" : "0123456789abcdef")
+            [uvalue % (unsigned) base];
+        uvalue = (uvalue / (unsigned) base);
+    } while (uvalue && (place < sizeof convert));
+    if (place == sizeof convert)
+        place--;
+    convert[place] = 0;
+
+    zpadlen = max - place;
+    spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0);
+    if (zpadlen < 0)
+        zpadlen = 0;
+    if (spadlen < 0)
+        spadlen = 0;
+    if (flags & DP_F_ZERO) {
+        zpadlen = OSSL_MAX(zpadlen, spadlen);
+        spadlen = 0;
+    }
+    if (flags & DP_F_MINUS)
+        spadlen = -spadlen;
+
+    /* spaces */
+    while (spadlen > 0) {
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        --spadlen;
+    }
+
+    /* sign */
+    if (signvalue)
+        doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+
+    /* zeros */
+    if (zpadlen > 0) {
+        while (zpadlen > 0) {
+            doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
+            --zpadlen;
+        }
+    }
+    /* digits */
+    while (place > 0)
+        doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]);
+
+    /* left justified spaces */
+    while (spadlen < 0) {
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        ++spadlen;
+    }
+    return;
+}
+
+static LDOUBLE
+abs_val(LDOUBLE value)
+{
+    LDOUBLE result = value;
+    if (value < 0)
+        result = -value;
+    return result;
+}
+
+static LDOUBLE
+pow10(int exp)
+{
+    LDOUBLE result = 1;
+    while (exp) {
+        result *= 10;
+        exp--;
+    }
+    return result;
+}
+
+static long
+roundv(LDOUBLE value)
+{
+    long intpart;
+    intpart = (long) value;
+    value = value - intpart;
+    if (value >= 0.5)
+        intpart++;
+    return intpart;
+}
+
+static void
+fmtfp(
+    char **sbuffer,
+    char **buffer,
+    size_t *currlen,
+    size_t *maxlen,
+    LDOUBLE fvalue,
+    int min,
+    int max,
+    int flags)
+{
+    int signvalue = 0;
+    LDOUBLE ufvalue;
+    char iconvert[20];
+    char fconvert[20];
+    int iplace = 0;
+    int fplace = 0;
+    int padlen = 0;
+    int zpadlen = 0;
+    int caps = 0;
+    long intpart;
+    long fracpart;
+
+    if (max < 0)
+        max = 6;
+    ufvalue = abs_val(fvalue);
+    if (fvalue < 0)
+        signvalue = '-';
+    else if (flags & DP_F_PLUS)
+        signvalue = '+';
+    else if (flags & DP_F_SPACE)
+        signvalue = ' ';
 
-int BIO_printf ( VAR_PLIST( BIO *, bio ) )
-VAR_ALIST
+    intpart = (long)ufvalue;
+
+    /* sorry, we only support 9 digits past the decimal because of our
+       conversion method */
+    if (max > 9)
+        max = 9;
+
+    /* we "cheat" by converting the fractional part to integer by
+       multiplying by a factor of 10 */
+    fracpart = roundv((pow10(max)) * (ufvalue - intpart));
+
+    if (fracpart >= pow10(max)) {
+        intpart++;
+        fracpart -= (long)pow10(max);
+    }
+
+    /* convert integer part */
+    do {
+        iconvert[iplace++] =
+            (caps ? "0123456789ABCDEF"
+              : "0123456789abcdef")[intpart % 10];
+        intpart = (intpart / 10);
+    } while (intpart && (iplace < sizeof iplace));
+    if (iplace == sizeof iplace)
+        iplace--;
+    iconvert[iplace] = 0;
+
+    /* convert fractional part */
+    do {
+        fconvert[fplace++] =
+            (caps ? "0123456789ABCDEF"
+              : "0123456789abcdef")[fracpart % 10];
+        fracpart = (fracpart / 10);
+    } while (fplace < max);
+    if (fplace == sizeof fplace)
+        fplace--;
+    fconvert[fplace] = 0;
+
+    /* -1 for decimal point, another -1 if we are printing a sign */
+    padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0);
+    zpadlen = max - fplace;
+    if (zpadlen < 0)
+        zpadlen = 0;
+    if (padlen < 0)
+        padlen = 0;
+    if (flags & DP_F_MINUS)
+        padlen = -padlen;
+
+    if ((flags & DP_F_ZERO) && (padlen > 0)) {
+        if (signvalue) {
+            doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+            --padlen;
+            signvalue = 0;
+        }
+        while (padlen > 0) {
+            doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
+            --padlen;
+        }
+    }
+    while (padlen > 0) {
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        --padlen;
+    }
+    if (signvalue)
+        doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue);
+
+    while (iplace > 0)
+        doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]);
+
+    /*
+     * Decimal point. This should probably use locale to find the correct
+     * char to print out.
+     */
+    if (max > 0) {
+        doapr_outch(sbuffer, buffer, currlen, maxlen, '.');
+
+        while (fplace > 0)
+            doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]);
+    }
+    while (zpadlen > 0) {
+        doapr_outch(sbuffer, buffer, currlen, maxlen, '0');
+        --zpadlen;
+    }
+
+    while (padlen < 0) {
+        doapr_outch(sbuffer, buffer, currlen, maxlen, ' ');
+        ++padlen;
+    }
+}
+
+static void
+doapr_outch(
+    char **sbuffer,
+    char **buffer,
+    size_t *currlen,
+    size_t *maxlen,
+    int c)
+{
+    /* If we haven't at least one buffer, someone has doe a big booboo */
+    assert(*sbuffer != NULL || buffer != NULL);
+
+    if (buffer) {
+	while (*currlen >= *maxlen) {
+	    if (*buffer == NULL) {
+		if (*maxlen == 0)
+		    *maxlen = 1024;
+		*buffer = OPENSSL_malloc(*maxlen);
+		if (*currlen > 0) {
+		    assert(*sbuffer != NULL);
+		    memcpy(*buffer, *sbuffer, *currlen);
+		}
+		*sbuffer = NULL;
+	    } else {
+		*maxlen += 1024;
+		*buffer = OPENSSL_realloc(*buffer, *maxlen);
+	    }
+	}
+	/* What to do if *buffer is NULL? */
+	assert(*sbuffer != NULL || *buffer != NULL);
+    }
+
+    if (*currlen < *maxlen) {
+	if (*sbuffer)
+	    (*sbuffer)[(*currlen)++] = (char)c;
+	else
+	    (*buffer)[(*currlen)++] = (char)c;
+    }
+
+    return;
+}
+
+/***************************************************************************/
+
+int BIO_printf (BIO *bio, const char *format, ...)
 	{
-	VAR_BDEFN(args, BIO *, bio);
-	char *format;
+	va_list args;
 	int ret;
-	MS_STATIC char hugebuf[1024*2]; /* 10k in one chunk is the limit */
 
-	VAR_INIT(args, BIO *, bio);
-	VAR_ARG(args, char *, format);
+	va_start(args, format);
 
-	hugebuf[0]='\0';
+	ret = BIO_vprintf(bio, format, args);
 
-/* no-one uses _doprnt anymore and it appears to be broken under SunOS 4.1.4 */
-#if 0 && defined(sun) && !defined(VAR_ANSI) /**/
-	_doprnt(hugebuf,format,args);
-#else /* !sun */
-	vsprintf(hugebuf,format,args);
-#endif /* sun */
+	va_end(args);
+	return(ret);
+	}
 
-	ret=BIO_write(bio,hugebuf,strlen(hugebuf));
+int BIO_vprintf (BIO *bio, const char *format, va_list args)
+	{
+	int ret;
+	size_t retlen;
+	char hugebuf[1024*2];	/* Was previously 10k, which is unreasonable
+				   in small-stack environments, like threads
+				   or DOS programs. */
+	char *hugebufp = hugebuf;
+	size_t hugebufsize = sizeof(hugebuf);
+	char *dynbuf = NULL;
+	int ignored;
 
-	VAR_END( args );
+	dynbuf = NULL;
+	CRYPTO_push_info("doapr()");
+	_dopr(&hugebufp, &dynbuf, &hugebufsize,
+		&retlen, &ignored, format, args);
+	if (dynbuf)
+		{
+		ret=BIO_write(bio, dynbuf, (int)retlen);
+		OPENSSL_free(dynbuf);
+		}
+	else
+		{
+		ret=BIO_write(bio, hugebuf, (int)retlen);
+		}
+	CRYPTO_pop_info();
 	return(ret);
 	}
 
+/* As snprintf is not available everywhere, we provide our own implementation.
+ * This function has nothing to do with BIOs, but it's closely related
+ * to BIO_printf, and we need *some* name prefix ...
+ * (XXX  the function should be renamed, but to what?) */
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+	{
+	va_list args;
+	int ret;
+
+	va_start(args, format);
+
+	ret = BIO_vsnprintf(buf, n, format, args);
+
+	va_end(args);
+	return(ret);
+	}
+
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+	{
+	size_t retlen;
+	int truncated;
+
+	_dopr(&buf, NULL, &n, &retlen, &truncated, format, args);
+
+	if (truncated)
+		/* In case of truncation, return -1 like traditional snprintf.
+		 * (Current drafts for ISO/IEC 9899 say snprintf should return
+		 * the number of characters that would have been written,
+		 * had the buffer been large enough.) */
+		return -1;
+	else
+		return (retlen <= INT_MAX) ? retlen : -1;
+	}
diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c
index 2c36150b9b..86f38172fb 100644
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@@ -56,35 +56,34 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_SOCK
+#ifndef OPENSSL_NO_SOCK
 
 #include <stdio.h>
 #include <stdlib.h>
 #include <errno.h>
 #define USE_SOCKETS
 #include "cryptlib.h"
-#include "bio.h"
+#include <openssl/bio.h>
 
-/*	BIOerr(BIO_F_WSASTARTUP,BIO_R_WSASTARTUP ); */
-
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
 #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
 #else
 #define SOCKET_PROTOCOL IPPROTO_TCP
 #endif
 
 #ifdef SO_MAXCONN
-#define MAX_LISTEN  SOMAXCONN
-#elif defined(SO_MAXCONN)
 #define MAX_LISTEN  SO_MAXCONN
+#elif defined(SOMAXCONN)
+#define MAX_LISTEN  SOMAXCONN
 #else
 #define MAX_LISTEN  32
 #endif
 
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
 static int wsa_init_done=0;
 #endif
 
+#if 0
 static unsigned long BIO_ghbn_hits=0L;
 static unsigned long BIO_ghbn_miss=0L;
 
@@ -95,60 +94,69 @@ static struct ghbn_cache_st
 	struct hostent *ent;
 	unsigned long order;
 	} ghbn_cache[GHBN_NUM];
+#endif
 
-#ifndef NOPROTO
-static int get_ip(char *str,unsigned char *ip);
+static int get_ip(const char *str,unsigned char *ip);
+#if 0
 static void ghbn_free(struct hostent *a);
 static struct hostent *ghbn_dup(struct hostent *a);
-#else
-static int get_ip();
-static void ghbn_free();
-static struct hostent *ghbn_dup();
 #endif
-
-int BIO_get_host_ip(str,ip)
-char *str;
-unsigned char *ip;
+int BIO_get_host_ip(const char *str, unsigned char *ip)
 	{
 	int i;
+	int err = 1;
+	int locked = 0;
 	struct hostent *he;
 
 	i=get_ip(str,ip);
-	if (i > 0) return(1);
 	if (i < 0)
 		{
 		BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_INVALID_IP_ADDRESS);
-		ERR_add_error_data(2,"host=",str);
-		return(0);
+		goto err;
 		}
-	else
-		{ /* do a gethostbyname */
-		if (!BIO_sock_init()) return(0);
 
-		he=BIO_gethostbyname(str);
-		if (he == NULL)
-			{
-			BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_BAD_HOSTNAME_LOOKUP);
-			ERR_add_error_data(2,"host=",str);
-			return(0);
-			}
+	/* At this point, we have something that is most probably correct
+	   in some way, so let's init the socket. */
+	if (BIO_sock_init() != 1)
+		return 0; /* don't generate another error code here */
 
-		/* cast to short because of win16 winsock definition */
-		if ((short)he->h_addrtype != AF_INET)
-			{
-			BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
-			ERR_add_error_data(2,"host=",str);
-			return(0);
-			}
-		for (i=0; i<4; i++)
-			ip[i]=he->h_addr_list[0][i];
+	/* If the string actually contained an IP address, we need not do
+	   anything more */
+	if (i > 0) return(1);
+
+	/* do a gethostbyname */
+	CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
+	locked = 1;
+	he=BIO_gethostbyname(str);
+	if (he == NULL)
+		{
+		BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_BAD_HOSTNAME_LOOKUP);
+		goto err;
 		}
-	return(1);
+
+	/* cast to short because of win16 winsock definition */
+	if ((short)he->h_addrtype != AF_INET)
+		{
+		BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
+		goto err;
+		}
+	for (i=0; i<4; i++)
+		ip[i]=he->h_addr_list[0][i];
+	err = 0;
+
+ err:
+	if (locked)
+		CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
+	if (err)
+		{
+		ERR_add_error_data(2,"host=",str);
+		return 0;
+		}
+	else
+		return 1;
 	}
 
-int BIO_get_port(str,port_ptr)
-char *str;
-unsigned short *port_ptr;
+int BIO_get_port(const char *str, unsigned short *port_ptr)
 	{
 	int i;
 	struct servent *s;
@@ -163,8 +171,19 @@ unsigned short *port_ptr;
 		*port_ptr=(unsigned short)i;
 	else
 		{
-		s=getservbyname(str,"tcp");
-		if (s == NULL)
+		CRYPTO_w_lock(CRYPTO_LOCK_GETSERVBYNAME);
+		/* Note: under VMS with SOCKETSHR, it seems like the first
+		 * parameter is 'char *', instead of 'const char *'
+		 */
+ 		s=getservbyname(
+#ifndef CONST_STRICT
+		    (char *)
+#endif
+		    str,"tcp");
+		if(s != NULL)
+			*port_ptr=ntohs((unsigned short)s->s_port);
+		CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME);
+		if(s == NULL)
 			{
 			if (strcmp(str,"http") == 0)
 				*port_ptr=80;
@@ -190,31 +209,31 @@ unsigned short *port_ptr;
 				ERR_add_error_data(3,"service='",str,"'");
 				return(0);
 				}
-			return(1);
 			}
-		*port_ptr=htons((unsigned short)s->s_port);
 		}
 	return(1);
 	}
 
-int BIO_sock_error(sock)
-int sock;
+int BIO_sock_error(int sock)
 	{
-	int j,i,size;
+	int j,i;
+	int size;
 		 
 	size=sizeof(int);
-
-	i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,&size);
+	/* Note: under Windows the third parameter is of type (char *)
+	 * whereas under other systems it is (void *) if you don't have
+	 * a cast it will choke the compiler: if you do have a cast then
+	 * you can either go for (char *) or (void *).
+	 */
+	i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(void *)&j,(void *)&size);
 	if (i < 0)
 		return(1);
 	else
 		return(j);
 	}
 
-long BIO_ghbn_ctrl(cmd,iarg,parg)
-int cmd;
-int iarg;
-char *parg;
+#if 0
+long BIO_ghbn_ctrl(int cmd, int iarg, char *parg)
 	{
 	int i;
 	char **p;
@@ -251,46 +270,49 @@ char *parg;
 		}
 	return(1);
 	}
+#endif
 
-static struct hostent *ghbn_dup(a)
-struct hostent *a;
+#if 0
+static struct hostent *ghbn_dup(struct hostent *a)
 	{
 	struct hostent *ret;
 	int i,j;
 
 	MemCheck_off();
-	ret=(struct hostent *)Malloc(sizeof(struct hostent));
+	ret=(struct hostent *)OPENSSL_malloc(sizeof(struct hostent));
 	if (ret == NULL) return(NULL);
 	memset(ret,0,sizeof(struct hostent));
 
 	for (i=0; a->h_aliases[i] != NULL; i++)
 		;
 	i++;
-	ret->h_aliases=(char **)Malloc(sizeof(char *)*i);
-	memset(ret->h_aliases,0,sizeof(char *)*i);
-	if (ret == NULL) goto err;
+	ret->h_aliases = (char **)OPENSSL_malloc(i*sizeof(char *));
+	if (ret->h_aliases == NULL)
+		goto err;
+	memset(ret->h_aliases, 0, i*sizeof(char *));
 
 	for (i=0; a->h_addr_list[i] != NULL; i++)
 		;
 	i++;
-	ret->h_addr_list=(char **)Malloc(sizeof(char *)*i);
-	memset(ret->h_addr_list,0,sizeof(char *)*i);
-	if (ret->h_addr_list == NULL) goto err;
+	ret->h_addr_list=(char **)OPENSSL_malloc(i*sizeof(char *));
+	if (ret->h_addr_list == NULL)
+		goto err;
+	memset(ret->h_addr_list, 0, i*sizeof(char *));
 
 	j=strlen(a->h_name)+1;
-	if ((ret->h_name=Malloc(j)) == NULL) goto err;
-	memcpy((char *)ret->h_name,a->h_name,j+1);
+	if ((ret->h_name=OPENSSL_malloc(j)) == NULL) goto err;
+	memcpy((char *)ret->h_name,a->h_name,j);
 	for (i=0; a->h_aliases[i] != NULL; i++)
 		{
 		j=strlen(a->h_aliases[i])+1;
-		if ((ret->h_aliases[i]=Malloc(j)) == NULL) goto err;
-		memcpy(ret->h_aliases[i],a->h_aliases[i],j+1);
+		if ((ret->h_aliases[i]=OPENSSL_malloc(j)) == NULL) goto err;
+		memcpy(ret->h_aliases[i],a->h_aliases[i],j);
 		}
 	ret->h_length=a->h_length;
 	ret->h_addrtype=a->h_addrtype;
 	for (i=0; a->h_addr_list[i] != NULL; i++)
 		{
-		if ((ret->h_addr_list[i]=Malloc(a->h_length)) == NULL)
+		if ((ret->h_addr_list[i]=OPENSSL_malloc(a->h_length)) == NULL)
 			goto err;
 		memcpy(ret->h_addr_list[i],a->h_addr_list[i],a->h_length);
 		}
@@ -305,37 +327,50 @@ err:
 	return(ret);
 	}
 
-static void ghbn_free(a)
-struct hostent *a;
+static void ghbn_free(struct hostent *a)
 	{
 	int i;
 
+	if(a == NULL)
+	    return;
+
 	if (a->h_aliases != NULL)
 		{
 		for (i=0; a->h_aliases[i] != NULL; i++)
-			Free(a->h_aliases[i]);
-		Free(a->h_aliases);
+			OPENSSL_free(a->h_aliases[i]);
+		OPENSSL_free(a->h_aliases);
 		}
 	if (a->h_addr_list != NULL)
 		{
 		for (i=0; a->h_addr_list[i] != NULL; i++)
-			Free(a->h_addr_list[i]);
-		Free(a->h_addr_list);
+			OPENSSL_free(a->h_addr_list[i]);
+		OPENSSL_free(a->h_addr_list);
 		}
-	if (a->h_name != NULL) Free((char *)a->h_name);
-	Free(a);
+	if (a->h_name != NULL) OPENSSL_free(a->h_name);
+	OPENSSL_free(a);
 	}
 
-struct hostent *BIO_gethostbyname(name)
-char *name;
+#endif
+
+struct hostent *BIO_gethostbyname(const char *name)
 	{
+#if 1
+	/* Caching gethostbyname() results forever is wrong,
+	 * so we have to let the true gethostbyname() worry about this */
+	return gethostbyname(name);
+#else
 	struct hostent *ret;
 	int i,lowi=0,j;
 	unsigned long low= (unsigned long)-1;
 
-/*	return(gethostbyname(name)); */
 
-	CRYPTO_w_lock(CRYPTO_LOCK_BIO_GETHOSTBYNAME);
+#  if 0
+	/* It doesn't make sense to use locking here: The function interface
+	 * is not thread-safe, because threads can never be sure when
+	 * some other thread destroys the data they were given a pointer to.
+	 */
+	CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
+#  endif
 	j=strlen(name);
 	if (j < 128)
 		{
@@ -359,17 +394,39 @@ char *name;
 	if (i == GHBN_NUM) /* no hit*/
 		{
 		BIO_ghbn_miss++;
-		ret=gethostbyname(name);
-
-		if (ret == NULL) return(NULL);
-		if (j > 128) return(ret); /* too big to cache */
+		/* Note: under VMS with SOCKETSHR, it seems like the first
+		 * parameter is 'char *', instead of 'const char *'
+		 */
+		ret=gethostbyname(
+#  ifndef CONST_STRICT
+		    (char *)
+#  endif
+		    name);
+
+		if (ret == NULL)
+			goto end;
+		if (j > 128) /* too big to cache */
+			{
+#  if 0
+			/* If we were trying to make this function thread-safe (which
+			 * is bound to fail), we'd have to give up in this case
+			 * (or allocate more memory). */
+			ret = NULL;
+#  endif
+			goto end;
+			}
 
 		/* else add to cache */
 		if (ghbn_cache[lowi].ent != NULL)
-			ghbn_free(ghbn_cache[lowi].ent);
+			ghbn_free(ghbn_cache[lowi].ent); /* XXX not thread-safe */
+		ghbn_cache[lowi].name[0] = '\0';
 
+		if((ret=ghbn_cache[lowi].ent=ghbn_dup(ret)) == NULL)
+			{
+			BIOerr(BIO_F_BIO_GETHOSTBYNAME,ERR_R_MALLOC_FAILURE);
+			goto end;
+			}
 		strncpy(ghbn_cache[lowi].name,name,128);
-		ghbn_cache[lowi].ent=ghbn_dup(ret);
 		ghbn_cache[lowi].order=BIO_ghbn_miss+BIO_ghbn_hits;
 		}
 	else
@@ -378,13 +435,18 @@ char *name;
 		ret= ghbn_cache[i].ent;
 		ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits;
 		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_BIO_GETHOSTBYNAME);
+end:
+#  if 0
+	CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
+#  endif
 	return(ret);
+#endif
 	}
 
-int BIO_sock_init()
+
+int BIO_sock_init(void)
 	{
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
 	static struct WSAData wsa_state;
 
 	if (!wsa_init_done)
@@ -404,40 +466,50 @@ int BIO_sock_init()
 			return(-1);
 			}
 		}
-#endif /* WINDOWS */
+#endif /* OPENSSL_SYS_WINDOWS */
+#ifdef WATT32
+	extern int _watt_do_exit;
+	_watt_do_exit = 0;    /* don't make sock_init() call exit() */
+	if (sock_init())
+		return (-1);
+#endif
 	return(1);
 	}
 
-void BIO_sock_cleanup()
+void BIO_sock_cleanup(void)
 	{
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
 	if (wsa_init_done)
 		{
 		wsa_init_done=0;
+#ifndef OPENSSL_SYS_WINCE
 		WSACancelBlockingCall();
+#endif
 		WSACleanup();
 		}
 #endif
 	}
 
-int BIO_socket_ioctl(fd,type,arg)
-int fd;
-long type;
-unsigned long *arg;
+#if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000
+
+int BIO_socket_ioctl(int fd, long type, unsigned long *arg)
 	{
 	int i;
 
+#ifdef __DJGPP__
+	i=ioctlsocket(fd,type,(char *)arg);
+#else
 	i=ioctlsocket(fd,type,arg);
+#endif /* __DJGPP__ */
 	if (i < 0)
 		SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error());
 	return(i);
 	}
+#endif /* __VMS_VER */
 
 /* The reason I have implemented this instead of using sscanf is because
  * Visual C 1.52c gives an unresolved external when linking a DLL :-( */
-static int get_ip(str,ip)
-char *str;
-unsigned char ip[4];
+static int get_ip(const char *str, unsigned char ip[4])
 	{
 	unsigned int tmp[4];
 	int num=0,c,ok=0;
@@ -451,16 +523,16 @@ unsigned char ip[4];
 			{
 			ok=1;
 			tmp[num]=tmp[num]*10+c-'0';
-			if (tmp[num] > 255) return(-1);
+			if (tmp[num] > 255) return(0);
 			}
 		else if (c == '.')
 			{
 			if (!ok) return(-1);
-			if (num == 3) break;
+			if (num == 3) return(0);
 			num++;
 			ok=0;
 			}
-		else if ((num == 3) && ok)
+		else if (c == '\0' && (num == 3) && ok)
 			break;
 		else
 			return(0);
@@ -472,20 +544,19 @@ unsigned char ip[4];
 	return(1);
 	}
 
-int BIO_get_accept_socket(host,bind_mode)
-char *host;
-int bind_mode;
+int BIO_get_accept_socket(char *host, int bind_mode)
 	{
 	int ret=0;
 	struct sockaddr_in server,client;
-	int s= -1,cs;
+	int s=INVALID_SOCKET,cs;
 	unsigned char ip[4];
-	short port;
-	char *str,*h,*p,*e;
+	unsigned short port;
+	char *str=NULL,*e;
+	const char *h,*p;
 	unsigned long l;
 	int err_num;
 
-	if (!BIO_sock_init()) return(INVALID_SOCKET);
+	if (BIO_sock_init() != 1) return(INVALID_SOCKET);
 
 	if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET);
 
@@ -511,17 +582,17 @@ int bind_mode;
 		h="*";
 		}
 
-	if (!BIO_get_port(p,&port)) return(INVALID_SOCKET);
+	if (!BIO_get_port(p,&port)) goto err;
 
 	memset((char *)&server,0,sizeof(server));
 	server.sin_family=AF_INET;
-	server.sin_port=htons((unsigned short)port);
+	server.sin_port=htons(port);
 
 	if (strcmp(h,"*") == 0)
 		server.sin_addr.s_addr=INADDR_ANY;
 	else
 		{
-		if (!BIO_get_host_ip(h,&(ip[0]))) return(INVALID_SOCKET);
+                if (!BIO_get_host_ip(h,&(ip[0]))) goto err;
 		l=(unsigned long)
 			((unsigned long)ip[0]<<24L)|
 			((unsigned long)ip[1]<<16L)|
@@ -591,7 +662,7 @@ again:
 		}
 	ret=1;
 err:
-	if (str != NULL) Free(str);
+	if (str != NULL) OPENSSL_free(str);
 	if ((ret == 0) && (s != INVALID_SOCKET))
 		{
 		closesocket(s);
@@ -600,22 +671,26 @@ err:
 	return(s);
 	}
 
-int BIO_accept(sock,addr)
-int sock;
-char **addr;
+int BIO_accept(int sock, char **addr)
 	{
 	int ret=INVALID_SOCKET;
 	static struct sockaddr_in from;
 	unsigned long l;
-	short port;
+	unsigned short port;
 	int len;
 	char *p;
 
 	memset((char *)&from,0,sizeof(from));
 	len=sizeof(from);
-	ret=accept(sock,(struct sockaddr *)&from,&len);
+	/* Note: under VMS with SOCKETSHR the fourth parameter is currently
+	 * of type (int *) whereas under other systems it is (void *) if
+	 * you don't have a cast it will choke the compiler: if you do
+	 * have a cast then you can either go for (int *) or (void *).
+	 */
+	ret=accept(sock,(struct sockaddr *)&from,(void *)&len);
 	if (ret == INVALID_SOCKET)
 		{
+		if(BIO_sock_should_retry(ret)) return -2;
 		SYSerr(SYS_F_ACCEPT,get_last_socket_error());
 		BIOerr(BIO_F_BIO_ACCEPT,BIO_R_ACCEPT_ERROR);
 		goto end;
@@ -627,7 +702,7 @@ char **addr;
 	port=ntohs(from.sin_port);
 	if (*addr == NULL)
 		{
-		if ((p=Malloc(24)) == NULL)
+		if ((p=OPENSSL_malloc(24)) == NULL)
 			{
 			BIOerr(BIO_F_BIO_ACCEPT,ERR_R_MALLOC_FAILURE);
 			goto end;
@@ -644,9 +719,7 @@ end:
 	return(ret);
 	}
 
-int BIO_set_tcp_ndelay(s,on)
-int s;
-int on;
+int BIO_set_tcp_ndelay(int s, int on)
 	{
 	int ret=0;
 #if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP))
@@ -666,9 +739,7 @@ int on;
 	}
 #endif
 
-int BIO_socket_nbio(s,mode)
-int s;
-int mode;
+int BIO_socket_nbio(int s, int mode)
 	{
 	int ret= -1;
 	unsigned long l;
diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c
index 7912b88473..1cecd70579 100644
--- a/crypto/bio/bf_buff.c
+++ b/crypto/bio/bf_buff.c
@@ -59,28 +59,17 @@
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "bio.h"
-#include "evp.h"
-
-#ifndef NOPROTO
-static int buffer_write(BIO *h,char *buf,int num);
-static int buffer_read(BIO *h,char *buf,int size);
-static int buffer_puts(BIO *h,char *str);
-static int buffer_gets(BIO *h,char *str,int size);
-static long buffer_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+#include <openssl/bio.h>
+
+static int buffer_write(BIO *h, const char *buf,int num);
+static int buffer_read(BIO *h, char *buf, int size);
+static int buffer_puts(BIO *h, const char *str);
+static int buffer_gets(BIO *h, char *str, int size);
+static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int buffer_new(BIO *h);
 static int buffer_free(BIO *data);
-#else
-static int buffer_write();
-static int buffer_read();
-static int buffer_puts();
-static int buffer_gets();
-static long buffer_ctrl();
-static int buffer_new();
-static int buffer_free();
-#endif
-
-#define DEFAULT_BUFFER_SIZE	1024
+static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+#define DEFAULT_BUFFER_SIZE	4096
 
 static BIO_METHOD methods_buffer=
 	{
@@ -93,24 +82,24 @@ static BIO_METHOD methods_buffer=
 	buffer_ctrl,
 	buffer_new,
 	buffer_free,
+	buffer_callback_ctrl,
 	};
 
-BIO_METHOD *BIO_f_buffer()
+BIO_METHOD *BIO_f_buffer(void)
 	{
 	return(&methods_buffer);
 	}
 
-static int buffer_new(bi)
-BIO *bi;
+static int buffer_new(BIO *bi)
 	{
 	BIO_F_BUFFER_CTX *ctx;
 
-	ctx=(BIO_F_BUFFER_CTX *)Malloc(sizeof(BIO_F_BUFFER_CTX));
+	ctx=(BIO_F_BUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_F_BUFFER_CTX));
 	if (ctx == NULL) return(0);
-	ctx->ibuf=(char *)Malloc(DEFAULT_BUFFER_SIZE);
-	if (ctx->ibuf == NULL) { Free(ctx); return(0); }
-	ctx->obuf=(char *)Malloc(DEFAULT_BUFFER_SIZE);
-	if (ctx->obuf == NULL) { Free(ctx->ibuf); Free(ctx); return(0); }
+	ctx->ibuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+	if (ctx->ibuf == NULL) { OPENSSL_free(ctx); return(0); }
+	ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+	if (ctx->obuf == NULL) { OPENSSL_free(ctx->ibuf); OPENSSL_free(ctx); return(0); }
 	ctx->ibuf_size=DEFAULT_BUFFER_SIZE;
 	ctx->obuf_size=DEFAULT_BUFFER_SIZE;
 	ctx->ibuf_len=0;
@@ -124,26 +113,22 @@ BIO *bi;
 	return(1);
 	}
 
-static int buffer_free(a)
-BIO *a;
+static int buffer_free(BIO *a)
 	{
 	BIO_F_BUFFER_CTX *b;
 
 	if (a == NULL) return(0);
 	b=(BIO_F_BUFFER_CTX *)a->ptr;
-	if (b->ibuf != NULL) Free(b->ibuf);
-	if (b->obuf != NULL) Free(b->obuf);
-	Free(a->ptr);
+	if (b->ibuf != NULL) OPENSSL_free(b->ibuf);
+	if (b->obuf != NULL) OPENSSL_free(b->obuf);
+	OPENSSL_free(a->ptr);
 	a->ptr=NULL;
 	a->init=0;
 	a->flags=0;
 	return(1);
 	}
 	
-static int buffer_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int buffer_read(BIO *b, char *out, int outl)
 	{
 	int i,num=0;
 	BIO_F_BUFFER_CTX *ctx;
@@ -209,10 +194,7 @@ start:
 	goto start;
 	}
 
-static int buffer_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int buffer_write(BIO *b, const char *in, int inl)
 	{
 	int i,num=0;
 	BIO_F_BUFFER_CTX *ctx;
@@ -285,11 +267,7 @@ start:
 	goto start;
 	}
 
-static long buffer_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
 	{
 	BIO *dbio;
 	BIO_F_BUFFER_CTX *ctx;
@@ -307,6 +285,7 @@ char *ptr;
 		ctx->ibuf_len=0;
 		ctx->obuf_off=0;
 		ctx->obuf_len=0;
+		if (b->next_bio == NULL) return(0);
 		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
 		break;
 	case BIO_CTRL_INFO:
@@ -323,19 +302,25 @@ char *ptr;
 	case BIO_CTRL_WPENDING:
 		ret=(long)ctx->obuf_len;
 		if (ret == 0)
+			{
+			if (b->next_bio == NULL) return(0);
 			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+			}
 		break;
 	case BIO_CTRL_PENDING:
 		ret=(long)ctx->ibuf_len;
 		if (ret == 0)
+			{
+			if (b->next_bio == NULL) return(0);
 			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+			}
 		break;
 	case BIO_C_SET_BUFF_READ_DATA:
 		if (num > ctx->ibuf_size)
 			{
-			p1=Malloc((int)num);
+			p1=OPENSSL_malloc((int)num);
 			if (p1 == NULL) goto malloc_error;
-			if (ctx->ibuf != NULL) Free(ctx->ibuf);
+			if (ctx->ibuf != NULL) OPENSSL_free(ctx->ibuf);
 			ctx->ibuf=p1;
 			}
 		ctx->ibuf_off=0;
@@ -367,21 +352,21 @@ char *ptr;
 		p2=ctx->obuf;
 		if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size))
 			{
-			p1=(char *)Malloc((int)num);
+			p1=(char *)OPENSSL_malloc((int)num);
 			if (p1 == NULL) goto malloc_error;
 			}
 		if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size))
 			{
-			p2=(char *)Malloc((int)num);
+			p2=(char *)OPENSSL_malloc((int)num);
 			if (p2 == NULL)
 				{
-				if (p1 != ctx->ibuf) Free(p1);
+				if (p1 != ctx->ibuf) OPENSSL_free(p1);
 				goto malloc_error;
 				}
 			}
 		if (ctx->ibuf != p1)
 			{
-			Free(ctx->ibuf);
+			OPENSSL_free(ctx->ibuf);
 			ctx->ibuf=p1;
 			ctx->ibuf_off=0;
 			ctx->ibuf_len=0;
@@ -389,7 +374,7 @@ char *ptr;
 			}
 		if (ctx->obuf != p2)
 			{
-			Free(ctx->obuf);
+			OPENSSL_free(ctx->obuf);
 			ctx->obuf=p2;
 			ctx->obuf_off=0;
 			ctx->obuf_len=0;
@@ -397,12 +382,14 @@ char *ptr;
 			}
 		break;
 	case BIO_C_DO_STATE_MACHINE:
+		if (b->next_bio == NULL) return(0);
 		BIO_clear_retry_flags(b);
 		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
 		BIO_copy_next_retry(b);
 		break;
 
 	case BIO_CTRL_FLUSH:
+		if (b->next_bio == NULL) return(0);
 		if (ctx->obuf_len <= 0)
 			{
 			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
@@ -432,6 +419,7 @@ fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len-ctx->obuf_
 				break;
 				}
 			}
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
 		break;
 	case BIO_CTRL_DUP:
 		dbio=(BIO *)ptr;
@@ -440,6 +428,7 @@ fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len-ctx->obuf_
 			ret=0;
 		break;
 	default:
+		if (b->next_bio == NULL) return(0);
 		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
 		break;
 		}
@@ -449,10 +438,21 @@ malloc_error:
 	return(0);
 	}
 
-static int buffer_gets(b,buf,size)
-BIO *b;
-char *buf;
-int size;
+static long buffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+	{
+	long ret=1;
+
+	if (b->next_bio == NULL) return(0);
+	switch (cmd)
+		{
+	default:
+		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+		break;
+		}
+	return(ret);
+	}
+
+static int buffer_gets(BIO *b, char *buf, int size)
 	{
 	BIO_F_BUFFER_CTX *ctx;
 	int num=0,i,flag;
@@ -482,7 +482,7 @@ int size;
 			size-=i;
 			ctx->ibuf_len-=i;
 			ctx->ibuf_off+=i;
-			if ((flag) || (i == size))
+			if (flag || size == 0)
 				{
 				*buf='\0';
 				return(num);
@@ -503,10 +503,8 @@ int size;
 		}
 	}
 
-static int buffer_puts(b,str)
-BIO *b;
-char *str;
+static int buffer_puts(BIO *b, const char *str)
 	{
-	return(BIO_write(b,str,strlen(str)));
+	return(buffer_write(b,str,strlen(str)));
 	}
 
diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c
new file mode 100644
index 0000000000..ec0f7eb0b7
--- /dev/null
+++ b/crypto/bio/bf_lbuf.c
@@ -0,0 +1,397 @@
+/* crypto/bio/bf_buff.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+
+static int linebuffer_write(BIO *h, const char *buf,int num);
+static int linebuffer_read(BIO *h, char *buf, int size);
+static int linebuffer_puts(BIO *h, const char *str);
+static int linebuffer_gets(BIO *h, char *str, int size);
+static long linebuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int linebuffer_new(BIO *h);
+static int linebuffer_free(BIO *data);
+static long linebuffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+
+/* A 10k maximum should be enough for most purposes */
+#define DEFAULT_LINEBUFFER_SIZE	1024*10
+
+/* #define DEBUG */
+
+static BIO_METHOD methods_linebuffer=
+	{
+	BIO_TYPE_LINEBUFFER,
+	"linebuffer",
+	linebuffer_write,
+	linebuffer_read,
+	linebuffer_puts,
+	linebuffer_gets,
+	linebuffer_ctrl,
+	linebuffer_new,
+	linebuffer_free,
+	linebuffer_callback_ctrl,
+	};
+
+BIO_METHOD *BIO_f_linebuffer(void)
+	{
+	return(&methods_linebuffer);
+	}
+
+typedef struct bio_linebuffer_ctx_struct
+	{
+	char *obuf;		/* the output char array */
+	int obuf_size;		/* how big is the output buffer */
+	int obuf_len;		/* how many bytes are in it */
+	} BIO_LINEBUFFER_CTX;
+
+static int linebuffer_new(BIO *bi)
+	{
+	BIO_LINEBUFFER_CTX *ctx;
+
+	ctx=(BIO_LINEBUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_LINEBUFFER_CTX));
+	if (ctx == NULL) return(0);
+	ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE);
+	if (ctx->obuf == NULL) { OPENSSL_free(ctx); return(0); }
+	ctx->obuf_size=DEFAULT_LINEBUFFER_SIZE;
+	ctx->obuf_len=0;
+
+	bi->init=1;
+	bi->ptr=(char *)ctx;
+	bi->flags=0;
+	return(1);
+	}
+
+static int linebuffer_free(BIO *a)
+	{
+	BIO_LINEBUFFER_CTX *b;
+
+	if (a == NULL) return(0);
+	b=(BIO_LINEBUFFER_CTX *)a->ptr;
+	if (b->obuf != NULL) OPENSSL_free(b->obuf);
+	OPENSSL_free(a->ptr);
+	a->ptr=NULL;
+	a->init=0;
+	a->flags=0;
+	return(1);
+	}
+	
+static int linebuffer_read(BIO *b, char *out, int outl)
+	{
+	int ret=0;
+ 
+	if (out == NULL) return(0);
+	if (b->next_bio == NULL) return(0);
+	ret=BIO_read(b->next_bio,out,outl);
+	BIO_clear_retry_flags(b);
+	BIO_copy_next_retry(b);
+	return(ret);
+	}
+
+static int linebuffer_write(BIO *b, const char *in, int inl)
+	{
+	int i,num=0,foundnl;
+	BIO_LINEBUFFER_CTX *ctx;
+
+	if ((in == NULL) || (inl <= 0)) return(0);
+	ctx=(BIO_LINEBUFFER_CTX *)b->ptr;
+	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+
+	BIO_clear_retry_flags(b);
+
+	do
+		{
+		const char *p;
+
+		for(p = in; p < in + inl && *p != '\n'; p++)
+			;
+		if (*p == '\n')
+			{
+			p++;
+			foundnl = 1;
+			}
+		else
+			foundnl = 0;
+
+		/* If a NL was found and we already have text in the save
+		   buffer, concatenate them and write */
+		while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len)
+			&& ctx->obuf_len > 0)
+			{
+			int orig_olen = ctx->obuf_len;
+			
+			i = ctx->obuf_size - ctx->obuf_len;
+			if (p - in > 0)
+				{
+				if (i >= p - in)
+					{
+					memcpy(&(ctx->obuf[ctx->obuf_len]),
+						in,p - in);
+					ctx->obuf_len += p - in;
+					inl -= p - in;
+					num += p - in;
+					in = p;
+					}
+				else
+					{
+					memcpy(&(ctx->obuf[ctx->obuf_len]),
+						in,i);
+					ctx->obuf_len += i;
+					inl -= i;
+					in += i;
+					num += i;
+					}
+				}
+
+#if 0
+BIO_write(b->next_bio, "<*<", 3);
+#endif
+			i=BIO_write(b->next_bio,
+				ctx->obuf, ctx->obuf_len);
+			if (i <= 0)
+				{
+				ctx->obuf_len = orig_olen;
+				BIO_copy_next_retry(b);
+
+#if 0
+BIO_write(b->next_bio, ">*>", 3);
+#endif
+				if (i < 0) return((num > 0)?num:i);
+				if (i == 0) return(num);
+				}
+#if 0
+BIO_write(b->next_bio, ">*>", 3);
+#endif
+			if (i < ctx->obuf_len)
+				memmove(ctx->obuf, ctx->obuf + i,
+					ctx->obuf_len - i);
+			ctx->obuf_len-=i;
+			}
+
+		/* Now that the save buffer is emptied, let's write the input
+		   buffer if a NL was found and there is anything to write. */
+		if ((foundnl || p - in > ctx->obuf_size) && p - in > 0)
+			{
+#if 0
+BIO_write(b->next_bio, "<*<", 3);
+#endif
+			i=BIO_write(b->next_bio,in,p - in);
+			if (i <= 0)
+				{
+				BIO_copy_next_retry(b);
+#if 0
+BIO_write(b->next_bio, ">*>", 3);
+#endif
+				if (i < 0) return((num > 0)?num:i);
+				if (i == 0) return(num);
+				}
+#if 0
+BIO_write(b->next_bio, ">*>", 3);
+#endif
+			num+=i;
+			in+=i;
+			inl-=i;
+			}
+		}
+	while(foundnl && inl > 0);
+	/* We've written as much as we can.  The rest of the input buffer, if
+	   any, is text that doesn't and with a NL and therefore needs to be
+	   saved for the next trip. */
+	if (inl > 0)
+		{
+		memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl);
+		ctx->obuf_len += inl;
+		num += inl;
+		}
+	return num;
+	}
+
+static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
+	{
+	BIO *dbio;
+	BIO_LINEBUFFER_CTX *ctx;
+	long ret=1;
+	char *p;
+	int r;
+	int obs;
+
+	ctx=(BIO_LINEBUFFER_CTX *)b->ptr;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		ctx->obuf_len=0;
+		if (b->next_bio == NULL) return(0);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_INFO:
+		ret=(long)ctx->obuf_len;
+		break;
+	case BIO_CTRL_WPENDING:
+		ret=(long)ctx->obuf_len;
+		if (ret == 0)
+			{
+			if (b->next_bio == NULL) return(0);
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+			}
+		break;
+	case BIO_C_SET_BUFF_SIZE:
+		obs=(int)num;
+		p=ctx->obuf;
+		if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size))
+			{
+			p=(char *)OPENSSL_malloc((int)num);
+			if (p == NULL)
+				goto malloc_error;
+			}
+		if (ctx->obuf != p)
+			{
+			if (ctx->obuf_len > obs)
+				{
+				ctx->obuf_len = obs;
+				}
+			memcpy(p, ctx->obuf, ctx->obuf_len);
+			OPENSSL_free(ctx->obuf);
+			ctx->obuf=p;
+			ctx->obuf_size=obs;
+			}
+		break;
+	case BIO_C_DO_STATE_MACHINE:
+		if (b->next_bio == NULL) return(0);
+		BIO_clear_retry_flags(b);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		BIO_copy_next_retry(b);
+		break;
+
+	case BIO_CTRL_FLUSH:
+		if (b->next_bio == NULL) return(0);
+		if (ctx->obuf_len <= 0)
+			{
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+			break;
+			}
+
+		for (;;)
+			{
+			BIO_clear_retry_flags(b);
+			if (ctx->obuf_len > 0)
+				{
+				r=BIO_write(b->next_bio,
+					ctx->obuf, ctx->obuf_len);
+#if 0
+fprintf(stderr,"FLUSH %3d -> %3d\n",ctx->obuf_len,r);
+#endif
+				BIO_copy_next_retry(b);
+				if (r <= 0) return((long)r);
+				if (r < ctx->obuf_len)
+					memmove(ctx->obuf, ctx->obuf + r,
+						ctx->obuf_len - r);
+				ctx->obuf_len-=r;
+				}
+			else
+				{
+				ctx->obuf_len=0;
+				ret=1;
+				break;
+				}
+			}
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_DUP:
+		dbio=(BIO *)ptr;
+		if (	!BIO_set_write_buffer_size(dbio,ctx->obuf_size))
+			ret=0;
+		break;
+	default:
+		if (b->next_bio == NULL) return(0);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+		}
+	return(ret);
+malloc_error:
+	BIOerr(BIO_F_LINEBUFFER_CTRL,ERR_R_MALLOC_FAILURE);
+	return(0);
+	}
+
+static long linebuffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+	{
+	long ret=1;
+
+	if (b->next_bio == NULL) return(0);
+	switch (cmd)
+		{
+	default:
+		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+		break;
+		}
+	return(ret);
+	}
+
+static int linebuffer_gets(BIO *b, char *buf, int size)
+	{
+	if (b->next_bio == NULL) return(0);
+	return(BIO_gets(b->next_bio,buf,size));
+	}
+
+static int linebuffer_puts(BIO *b, const char *str)
+	{
+	return(linebuffer_write(b,str,strlen(str)));
+	}
+
diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c
index 034b3024df..1ce2bfacc0 100644
--- a/crypto/bio/bf_nbio.c
+++ b/crypto/bio/bf_nbio.c
@@ -59,31 +59,20 @@
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "rand.h"
-#include "bio.h"
-#include "evp.h"
+#include <openssl/rand.h>
+#include <openssl/bio.h>
 
 /* BIO_put and BIO_get both add to the digest,
  * BIO_gets returns the digest */
 
-#ifndef NOPROTO
-static int nbiof_write(BIO *h,char *buf,int num);
+static int nbiof_write(BIO *h,const char *buf,int num);
 static int nbiof_read(BIO *h,char *buf,int size);
-static int nbiof_puts(BIO *h,char *str);
+static int nbiof_puts(BIO *h,const char *str);
 static int nbiof_gets(BIO *h,char *str,int size);
-static long nbiof_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static long nbiof_ctrl(BIO *h,int cmd,long arg1,void *arg2);
 static int nbiof_new(BIO *h);
 static int nbiof_free(BIO *data);
-#else
-static int nbiof_write();
-static int nbiof_read();
-static int nbiof_puts();
-static int nbiof_gets();
-static long nbiof_ctrl();
-static int nbiof_new();
-static int nbiof_free();
-#endif
-
+static long nbiof_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);
 typedef struct nbio_test_st
 	{
 	/* only set if we sent a 'should retry' error */
@@ -102,19 +91,19 @@ static BIO_METHOD methods_nbiof=
 	nbiof_ctrl,
 	nbiof_new,
 	nbiof_free,
+	nbiof_callback_ctrl,
 	};
 
-BIO_METHOD *BIO_f_nbio_test()
+BIO_METHOD *BIO_f_nbio_test(void)
 	{
 	return(&methods_nbiof);
 	}
 
-static int nbiof_new(bi)
-BIO *bi;
+static int nbiof_new(BIO *bi)
 	{
 	NBIO_TEST *nt;
 
-	nt=(NBIO_TEST *)Malloc(sizeof(NBIO_TEST));
+	if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0);
 	nt->lrn= -1;
 	nt->lwn= -1;
 	bi->ptr=(char *)nt;
@@ -123,22 +112,18 @@ BIO *bi;
 	return(1);
 	}
 
-static int nbiof_free(a)
-BIO *a;
+static int nbiof_free(BIO *a)
 	{
 	if (a == NULL) return(0);
 	if (a->ptr != NULL)
-		Free(a->ptr);
+		OPENSSL_free(a->ptr);
 	a->ptr=NULL;
 	a->init=0;
 	a->flags=0;
 	return(1);
 	}
 	
-static int nbiof_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int nbiof_read(BIO *b, char *out, int outl)
 	{
 	NBIO_TEST *nt;
 	int ret=0;
@@ -153,7 +138,7 @@ int outl;
 
 	BIO_clear_retry_flags(b);
 #if 0
-	RAND_bytes(&n,1);
+	RAND_pseudo_bytes(&n,1);
 	num=(n&0x07);
 
 	if (outl > num) outl=num;
@@ -173,10 +158,7 @@ int outl;
 	return(ret);
 	}
 
-static int nbiof_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int nbiof_write(BIO *b, const char *in, int inl)
 	{
 	NBIO_TEST *nt;
 	int ret=0;
@@ -197,7 +179,7 @@ int inl;
 		}
 	else
 		{
-		RAND_bytes(&n,1);
+		RAND_pseudo_bytes(&n,1);
 		num=(n&7);
 		}
 
@@ -221,11 +203,7 @@ int inl;
 	return(ret);
 	}
 
-static long nbiof_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)
 	{
 	long ret;
 
@@ -247,19 +225,28 @@ char *ptr;
 	return(ret);
 	}
 
-static int nbiof_gets(bp,buf,size)
-BIO *bp;
-char *buf;
-int size;
+static long nbiof_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+	{
+	long ret=1;
+
+	if (b->next_bio == NULL) return(0);
+	switch (cmd)
+		{
+	default:
+		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+		break;
+		}
+	return(ret);
+	}
+
+static int nbiof_gets(BIO *bp, char *buf, int size)
 	{
 	if (bp->next_bio == NULL) return(0);
 	return(BIO_gets(bp->next_bio,buf,size));
 	}
 
 
-static int nbiof_puts(bp,str)
-BIO *bp;
-char *str;
+static int nbiof_puts(BIO *bp, const char *str)
 	{
 	if (bp->next_bio == NULL) return(0);
 	return(BIO_puts(bp->next_bio,str));
diff --git a/crypto/bio/bf_null.c b/crypto/bio/bf_null.c
index a47a65741a..c1bf39a904 100644
--- a/crypto/bio/bf_null.c
+++ b/crypto/bio/bf_null.c
@@ -59,30 +59,19 @@
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "bio.h"
-#include "evp.h"
+#include <openssl/bio.h>
 
 /* BIO_put and BIO_get both add to the digest,
  * BIO_gets returns the digest */
 
-#ifndef NOPROTO
-static int nullf_write(BIO *h,char *buf,int num);
-static int nullf_read(BIO *h,char *buf,int size);
-static int nullf_puts(BIO *h,char *str);
-static int nullf_gets(BIO *h,char *str,int size);
-static long nullf_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int nullf_write(BIO *h, const char *buf, int num);
+static int nullf_read(BIO *h, char *buf, int size);
+static int nullf_puts(BIO *h, const char *str);
+static int nullf_gets(BIO *h, char *str, int size);
+static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int nullf_new(BIO *h);
 static int nullf_free(BIO *data);
-#else
-static int nullf_write();
-static int nullf_read();
-static int nullf_puts();
-static int nullf_gets();
-static long nullf_ctrl();
-static int nullf_new();
-static int nullf_free();
-#endif
-
+static long nullf_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
 static BIO_METHOD methods_nullf=
 	{
 	BIO_TYPE_NULL_FILTER,
@@ -94,15 +83,15 @@ static BIO_METHOD methods_nullf=
 	nullf_ctrl,
 	nullf_new,
 	nullf_free,
+	nullf_callback_ctrl,
 	};
 
-BIO_METHOD *BIO_f_null()
+BIO_METHOD *BIO_f_null(void)
 	{
 	return(&methods_nullf);
 	}
 
-static int nullf_new(bi)
-BIO *bi;
+static int nullf_new(BIO *bi)
 	{
 	bi->init=1;
 	bi->ptr=NULL;
@@ -110,8 +99,7 @@ BIO *bi;
 	return(1);
 	}
 
-static int nullf_free(a)
-BIO *a;
+static int nullf_free(BIO *a)
 	{
 	if (a == NULL) return(0);
 /*	a->ptr=NULL;
@@ -120,10 +108,7 @@ BIO *a;
 	return(1);
 	}
 	
-static int nullf_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int nullf_read(BIO *b, char *out, int outl)
 	{
 	int ret=0;
  
@@ -135,10 +120,7 @@ int outl;
 	return(ret);
 	}
 
-static int nullf_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int nullf_write(BIO *b, const char *in, int inl)
 	{
 	int ret=0;
 
@@ -150,11 +132,7 @@ int inl;
 	return(ret);
 	}
 
-static long nullf_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr)
 	{
 	long ret;
 
@@ -175,19 +153,28 @@ char *ptr;
 	return(ret);
 	}
 
-static int nullf_gets(bp,buf,size)
-BIO *bp;
-char *buf;
-int size;
+static long nullf_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+	{
+	long ret=1;
+
+	if (b->next_bio == NULL) return(0);
+	switch (cmd)
+		{
+	default:
+		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+		break;
+		}
+	return(ret);
+	}
+
+static int nullf_gets(BIO *bp, char *buf, int size)
 	{
 	if (bp->next_bio == NULL) return(0);
 	return(BIO_gets(bp->next_bio,buf,size));
 	}
 
 
-static int nullf_puts(bp,str)
-BIO *bp;
-char *str;
+static int nullf_puts(BIO *bp, const char *str)
 	{
 	if (bp->next_bio == NULL) return(0);
 	return(BIO_puts(bp->next_bio,str));
diff --git a/crypto/bio/bio.err b/crypto/bio/bio.err
deleted file mode 100644
index daef6430f8..0000000000
--- a/crypto/bio/bio.err
+++ /dev/null
@@ -1,53 +0,0 @@
-/* Error codes for the BIO functions. */
-
-/* Function codes. */
-#define BIO_F_ACPT_STATE				 100
-#define BIO_F_BIO_ACCEPT				 101
-#define BIO_F_BIO_BER_GET_HEADER			 102
-#define BIO_F_BIO_CTRL					 103
-#define BIO_F_BIO_GETS					 104
-#define BIO_F_BIO_GET_ACCEPT_SOCKET			 105
-#define BIO_F_BIO_GET_HOST_IP				 106
-#define BIO_F_BIO_GET_PORT				 107
-#define BIO_F_BIO_NEW					 108
-#define BIO_F_BIO_NEW_FILE				 109
-#define BIO_F_BIO_PUTS					 110
-#define BIO_F_BIO_READ					 111
-#define BIO_F_BIO_SOCK_INIT				 112
-#define BIO_F_BIO_WRITE					 113
-#define BIO_F_BUFFER_CTRL				 114
-#define BIO_F_CONN_STATE				 115
-#define BIO_F_FILE_CTRL					 116
-#define BIO_F_MEM_WRITE					 117
-#define BIO_F_SOCKS4A_STATE				 118
-#define BIO_F_SSL_NEW					 119
-#define BIO_F_WSASTARTUP				 120
-
-/* Reason codes. */
-#define BIO_R_ACCEPT_ERROR				 100
-#define BIO_R_BAD_FOPEN_MODE				 101
-#define BIO_R_BAD_HOSTNAME_LOOKUP			 102
-#define BIO_R_CONNECT_ERROR				 103
-#define BIO_R_ERROR_SETTING_NBIO			 104
-#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET	 105
-#define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET	 106
-#define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET		 107
-#define BIO_R_INVALID_IP_ADDRESS			 108
-#define BIO_R_KEEPALIVE					 109
-#define BIO_R_NBIO_CONNECT_ERROR			 110
-#define BIO_R_NO_ACCEPT_PORT_SPECIFIED			 111
-#define BIO_R_NO_HOSTHNAME_SPECIFIED			 112
-#define BIO_R_NO_PORT_DEFINED				 113
-#define BIO_R_NO_PORT_SPECIFIED				 114
-#define BIO_R_NULL_PARAMETER				 115
-#define BIO_R_SOCKS_ID_AND_IDENT_DID_NOT_MATCH		 116
-#define BIO_R_SOCKS_REJECTED_CONNECTION			 117
-#define BIO_R_SOCKS_UNABLE_TO_TALK_TO_IDENT_SERVER	 118
-#define BIO_R_SOCKS_UNKNOWN_ERROR			 119
-#define BIO_R_TAG_MISMATCH				 120
-#define BIO_R_UNABLE_TO_BIND_SOCKET			 121
-#define BIO_R_UNABLE_TO_CREATE_SOCKET			 122
-#define BIO_R_UNABLE_TO_LISTEN_SOCKET			 123
-#define BIO_R_UNINITALISED				 124
-#define BIO_R_UNSUPPORTED_METHOD			 125
-#define BIO_R_WSASTARTUP				 126
diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h
index 35db3dffb1..ecd2899918 100644
--- a/crypto/bio/bio.h
+++ b/crypto/bio/bio.h
@@ -59,12 +59,18 @@
 #ifndef HEADER_BIO_H
 #define HEADER_BIO_H
 
+#ifndef OPENSSL_NO_FP_API
+# include <stdio.h>
+#endif
+#include <stdarg.h>
+
+#include <openssl/crypto.h>
+#include <openssl/e_os2.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#include "crypto.h"
-
 /* These are the 'types' of BIOs */
 #define BIO_TYPE_NONE		0
 #define BIO_TYPE_MEM		(1|0x0400)
@@ -74,7 +80,7 @@ extern "C" {
 #define BIO_TYPE_SOCKET		(5|0x0400|0x0100)
 #define BIO_TYPE_NULL		(6|0x0400)
 #define BIO_TYPE_SSL		(7|0x0200)
-#define BIO_TYPE_MD		(8|0x0200)		/* pasive filter */
+#define BIO_TYPE_MD		(8|0x0200)		/* passive filter */
 #define BIO_TYPE_BUFFER		(9|0x0200)		/* filter */
 #define BIO_TYPE_CIPHER		(10|0x0200)		/* filter */
 #define BIO_TYPE_BASE64		(11|0x0200)		/* filter */
@@ -85,6 +91,8 @@ extern "C" {
 #define BIO_TYPE_NBIO_TEST	(16|0x0200)		/* server proxy BIO */
 #define BIO_TYPE_NULL_FILTER	(17|0x0200)
 #define BIO_TYPE_BER		(18|0x0200)		/* BER -> bin filter */
+#define BIO_TYPE_BIO		(19|0x0400)		/* (half a) BIO pair */
+#define BIO_TYPE_LINEBUFFER	(20|0x0200)		/* filter */
 
 #define BIO_TYPE_DESCRIPTOR	0x0100	/* socket, fd, connect or accept */
 #define BIO_TYPE_FILTER		0x0200
@@ -144,6 +152,11 @@ extern "C" {
 
 #define BIO_FLAGS_BASE64_NO_NL	0x100
 
+/* This is used with memory BIOs: it means we shouldn't free up or change the
+ * data in any way.
+ */
+#define BIO_FLAGS_MEM_RDONLY	0x200
+
 #define BIO_set_flags(b,f) ((b)->flags|=(f))
 #define BIO_get_flags(b) ((b)->flags)
 #define BIO_set_retry_special(b) \
@@ -160,14 +173,14 @@ extern "C" {
 #define BIO_get_retry_flags(b) \
 		((b)->flags&(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
 
-/* These shouldbe used by the application to tell why we should retry */
+/* These should be used by the application to tell why we should retry */
 #define BIO_should_read(a)		((a)->flags & BIO_FLAGS_READ)
 #define BIO_should_write(a)		((a)->flags & BIO_FLAGS_WRITE)
 #define BIO_should_io_special(a)	((a)->flags & BIO_FLAGS_IO_SPECIAL)
 #define BIO_retry_type(a)		((a)->flags & BIO_FLAGS_RWS)
 #define BIO_should_retry(a)		((a)->flags & BIO_FLAGS_SHOULD_RETRY)
 
-/* The next two are used in conjunction with the
+/* The next three are used in conjunction with the
  * BIO_should_io_special() condition.  After this returns true,
  * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO 
  * stack and return the 'reason' for the special and the offending BIO.
@@ -176,6 +189,8 @@ extern "C" {
 #define BIO_RR_SSL_X509_LOOKUP		0x01
 /* Returned from the connect BIO when a connect would have blocked */
 #define BIO_RR_CONNECT			0x02
+/* Returned from the accept BIO when an accept would have blocked */
+#define BIO_RR_ACCEPT			0x03
 
 /* These are passed by the BIO callback */
 #define BIO_CB_FREE	0x01
@@ -199,24 +214,29 @@ extern "C" {
 #define BIO_method_name(b)		((b)->method->name)
 #define BIO_method_type(b)		((b)->method->type)
 
-#ifndef WIN16
+typedef struct bio_st BIO;
+
+typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long);
+
+#ifndef OPENSSL_SYS_WIN16
 typedef struct bio_method_st
 	{
 	int type;
-	char *name;
-	int (*bwrite)();
-	int (*bread)();
-	int (*bputs)();
-	int (*bgets)();
-	long (*ctrl)();
-	int (*create)();
-	int (*destroy)();
+	const char *name;
+	int (*bwrite)(BIO *, const char *, int);
+	int (*bread)(BIO *, char *, int);
+	int (*bputs)(BIO *, const char *);
+	int (*bgets)(BIO *, char *, int);
+	long (*ctrl)(BIO *, int, long, void *);
+	int (*create)(BIO *);
+	int (*destroy)(BIO *);
+        long (*callback_ctrl)(BIO *, int, bio_info_cb *);
 	} BIO_METHOD;
 #else
 typedef struct bio_method_st
 	{
 	int type;
-	char *name;
+	const char *name;
 	int (_far *bwrite)();
 	int (_far *bread)();
 	int (_far *bputs)();
@@ -224,18 +244,15 @@ typedef struct bio_method_st
 	long (_far *ctrl)();
 	int (_far *create)();
 	int (_far *destroy)();
+	long (_fat *callback_ctrl)();
 	} BIO_METHOD;
 #endif
 
-typedef struct bio_st
+struct bio_st
 	{
 	BIO_METHOD *method;
-#ifndef NOPROTO
 	/* bio, mode, argp, argi, argl, ret */
-	long (*callback)(struct bio_st *,int,char *,int, long,long);
-#else
-	long (*callback)();
-#endif
+	long (*callback)(struct bio_st *,int,const char *,int, long,long);
 	char *cb_arg; /* first argument for the callback */
 
 	int init;
@@ -243,7 +260,7 @@ typedef struct bio_st
 	int flags;	/* extra storage */
 	int retry_reason;
 	int num;
-	char *ptr;
+	void *ptr;
 	struct bio_st *next_bio;	/* used by filter BIOs */
 	struct bio_st *prev_bio;	/* used by filter BIOs */
 	int references;
@@ -251,7 +268,9 @@ typedef struct bio_st
 	unsigned long num_write;
 
 	CRYPTO_EX_DATA ex_data;
-	} BIO;
+	};
+
+DECLARE_STACK_OF(BIO)
 
 typedef struct bio_f_buffer_ctx_struct
 	{
@@ -279,9 +298,6 @@ typedef struct bio_f_buffer_ctx_struct
 #define BIO_CONN_S_NBIO			8
 /*#define BIO_CONN_get_param_hostname	BIO_ctrl */
 
-#define BIO_number_read(b)	((b)->num_read)
-#define BIO_number_written(b)	((b)->num_write)
-
 #define BIO_C_SET_CONNECT			100
 #define BIO_C_DO_STATE_MACHINE			101
 #define BIO_C_SET_NBIO				102
@@ -319,16 +335,23 @@ typedef struct bio_f_buffer_ctx_struct
 #define BIO_C_GET_SOCKS				134
 #define BIO_C_SET_SOCKS				135
 
-#define BIO_set_app_data(s,arg)		BIO_set_ex_data(s,0,(char *)arg)
+#define BIO_C_SET_WRITE_BUF_SIZE		136/* for BIO_s_bio */
+#define BIO_C_GET_WRITE_BUF_SIZE		137
+#define BIO_C_MAKE_BIO_PAIR			138
+#define BIO_C_DESTROY_BIO_PAIR			139
+#define BIO_C_GET_WRITE_GUARANTEE		140
+#define BIO_C_GET_READ_REQUEST			141
+#define BIO_C_SHUTDOWN_WR			142
+#define BIO_C_NREAD0				143
+#define BIO_C_NREAD				144
+#define BIO_C_NWRITE0				145
+#define BIO_C_NWRITE				146
+#define BIO_C_RESET_READ_REQUEST		147
+
+
+#define BIO_set_app_data(s,arg)		BIO_set_ex_data(s,0,arg)
 #define BIO_get_app_data(s)		BIO_get_ex_data(s,0)
 
-int BIO_get_ex_num(BIO *bio);
-int BIO_set_ex_data(BIO *bio,int idx,char *data);
-char *BIO_get_ex_data(BIO *bio,int idx);
-void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)());
-int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(),
-	int (*dup_func)(), void (*free_func)());
-
 /* BIO_s_connect() and BIO_s_socks4a_connect() */
 #define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name)
 #define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port)
@@ -336,8 +359,8 @@ int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(),
 #define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
 #define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
 #define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
-#define BIO_get_conn_ip(b,ip) BIO_ptr_ctrl(b,BIO_C_SET_CONNECT,2)
-#define BIO_get_conn_int_port(b,port) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,port)
+#define BIO_get_conn_ip(b) 		 BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
+#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3)
 
 
 #define BIO_set_nbio(b,n)	BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
@@ -365,7 +388,7 @@ int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(),
 /* BIO_set_nbio(b,n) */
 #define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s))
 /* BIO *BIO_get_filter_bio(BIO *bio); */
-#define BIO_set_proxy_cb(b,cb) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(char *)(cb))
+#define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)()))
 #define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk)
 #define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool)
 
@@ -383,8 +406,17 @@ int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(),
 #define BIO_seek(b,ofs)	(int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
 #define BIO_tell(b)	(int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
 
+/* name is cast to lose const, but might be better to route through a function
+   so we can do it safely */
+#ifdef CONST_STRICT
+/* If you are wondering why this isn't defined, its because CONST_STRICT is
+ * purely a compile-time kludge to allow const to be checked.
+ */
+int BIO_read_filename(BIO *b,const char *name);
+#else
 #define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
-		BIO_CLOSE|BIO_FP_READ,name)
+		BIO_CLOSE|BIO_FP_READ,(char *)name)
+#endif
 #define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
 		BIO_CLOSE|BIO_FP_WRITE,name)
 #define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \
@@ -402,7 +434,7 @@ int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(),
 #define BIO_set_ssl_renegotiate_bytes(b,num) \
 	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
 #define BIO_get_num_renegotiates(b) \
-	BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
+	BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
 #define BIO_set_ssl_renegotiate_timeout(b,seconds) \
 	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
 
@@ -431,19 +463,42 @@ int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(),
 #define BIO_get_close(b)	(int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL)
 #define BIO_pending(b)		(int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
 #define BIO_wpending(b)		(int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)
+/* ...pending macros have inappropriate return type */
+size_t BIO_ctrl_pending(BIO *b);
+size_t BIO_ctrl_wpending(BIO *b);
 #define BIO_flush(b)		(int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)
-#define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0,(char *)cbp)
-#define BIO_set_info_callback(b,cb) (int)BIO_ctrl(b,BIO_CTRL_SET_CALLBACK,0,(char *)cb)
+#define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \
+						   cbp)
+#define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb)
 
 /* For the BIO_f_buffer() type */
 #define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)
 
-#ifdef NO_STDIO
-#define NO_FP_API
-#endif
-
-#ifndef NOPROTO
-#  if defined(WIN16) && defined(_WINDLL)
+/* For BIO_s_bio() */
+#define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
+#define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
+#define BIO_make_bio_pair(b1,b2)   (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
+#define BIO_destroy_bio_pair(b)    (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
+#define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)
+/* macros with inappropriate type -- but ...pending macros use int too: */
+#define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
+#define BIO_get_read_request(b)    (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
+size_t BIO_ctrl_get_write_guarantee(BIO *b);
+size_t BIO_ctrl_get_read_request(BIO *b);
+int BIO_ctrl_reset_read_request(BIO *b);
+
+/* These two aren't currently implemented */
+/* int BIO_get_ex_num(BIO *bio); */
+/* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */
+int BIO_set_ex_data(BIO *bio,int idx,void *data);
+void *BIO_get_ex_data(BIO *bio,int idx);
+int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+unsigned long BIO_number_read(BIO *bio);
+unsigned long BIO_number_written(BIO *bio);
+
+# ifndef OPENSSL_NO_FP_API
+#  if defined(OPENSSL_SYS_WIN16) && defined(_WINDLL)
 BIO_METHOD *BIO_s_file_internal(void);
 BIO *BIO_new_file_internal(char *filename, char *mode);
 BIO *BIO_new_fp_internal(FILE *stream, int close_flag);
@@ -452,65 +507,64 @@ BIO *BIO_new_fp_internal(FILE *stream, int close_flag);
 #    define BIO_new_fp	BIO_new_fp_internal
 #  else /* FP_API */
 BIO_METHOD *BIO_s_file(void );
-BIO *BIO_new_file(char *filename, char *mode);
+BIO *BIO_new_file(const char *filename, const char *mode);
 BIO *BIO_new_fp(FILE *stream, int close_flag);
 #    define BIO_s_file_internal		BIO_s_file
 #    define BIO_new_file_internal	BIO_new_file
 #    define BIO_new_fp_internal		BIO_s_file
 #  endif /* FP_API */
-#else
-#  if defined(WIN16) && defined(_WINDLL)
-BIO_METHOD *BIO_s_file_internal();
-BIO *BIO_new_file_internal();
-BIO *BIO_new_fp_internal();
-#    define BIO_s_file	BIO_s_file_internal
-#    define BIO_new_file	BIO_new_file_internal
-#    define BIO_new_fp	BIO_new_fp_internal
-#  else /* FP_API */
-BIO_METHOD *BIO_s_file();
-BIO *BIO_new_file();
-BIO *BIO_new_fp();
-#    define BIO_s_file_internal		BIO_s_file
-#    define BIO_new_file_internal	BIO_new_file
-#    define BIO_new_fp_internal		BIO_s_file
-#  endif /* FP_API */
-#endif
-
-#ifndef NOPROTO
+# endif
 BIO *	BIO_new(BIO_METHOD *type);
 int	BIO_set(BIO *a,BIO_METHOD *type);
 int	BIO_free(BIO *a);
-int	BIO_read(BIO *b, char *data, int len);
+void	BIO_vfree(BIO *a);
+int	BIO_read(BIO *b, void *data, int len);
 int	BIO_gets(BIO *bp,char *buf, int size);
-int	BIO_write(BIO *b, char *data, int len);
-int	BIO_puts(BIO *bp,char *buf);
-long	BIO_ctrl(BIO *bp,int cmd,long larg,char *parg);
+int	BIO_write(BIO *b, const void *data, int len);
+int	BIO_puts(BIO *bp,const char *buf);
+int	BIO_indent(BIO *b,int indent,int max);
+long	BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
+long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));
 char *	BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
 long	BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
 BIO *	BIO_push(BIO *b,BIO *append);
 BIO *	BIO_pop(BIO *b);
 void	BIO_free_all(BIO *a);
 BIO *	BIO_find_type(BIO *b,int bio_type);
+BIO *	BIO_next(BIO *b);
 BIO *	BIO_get_retry_BIO(BIO *bio, int *reason);
 int	BIO_get_retry_reason(BIO *bio);
 BIO *	BIO_dup_chain(BIO *in);
 
-#ifndef WIN16
-long BIO_debug_callback(BIO *bio,int cmd,char *argp,int argi,
+int BIO_nread0(BIO *bio, char **buf);
+int BIO_nread(BIO *bio, char **buf, int num);
+int BIO_nwrite0(BIO *bio, char **buf);
+int BIO_nwrite(BIO *bio, char **buf, int num);
+
+#ifndef OPENSSL_SYS_WIN16
+long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
 	long argl,long ret);
 #else
-long _far _loadds BIO_debug_callback(BIO *bio,int cmd,char *argp,int argi,
+long _far _loadds BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
 	long argl,long ret);
 #endif
 
 BIO_METHOD *BIO_s_mem(void);
+BIO *BIO_new_mem_buf(void *buf, int len);
 BIO_METHOD *BIO_s_socket(void);
 BIO_METHOD *BIO_s_connect(void);
 BIO_METHOD *BIO_s_accept(void);
 BIO_METHOD *BIO_s_fd(void);
+#ifndef OPENSSL_SYS_OS2
+BIO_METHOD *BIO_s_log(void);
+#endif
+BIO_METHOD *BIO_s_bio(void);
 BIO_METHOD *BIO_s_null(void);
 BIO_METHOD *BIO_f_null(void);
 BIO_METHOD *BIO_f_buffer(void);
+#ifdef OPENSSL_SYS_VMS
+BIO_METHOD *BIO_f_linebuffer(void);
+#endif
 BIO_METHOD *BIO_f_nbio_test(void);
 /* BIO_METHOD *BIO_f_ber(void); */
 
@@ -518,150 +572,56 @@ int BIO_sock_should_retry(int i);
 int BIO_sock_non_fatal_error(int error);
 int BIO_fd_should_retry(int i);
 int BIO_fd_non_fatal_error(int error);
-int BIO_dump(BIO *b,char *bytes,int len);
-
-struct hostent *BIO_gethostbyname(char *name);
+int BIO_dump(BIO *b,const char *bytes,int len);
+int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent);
+
+struct hostent *BIO_gethostbyname(const char *name);
+/* We might want a thread-safe interface too:
+ * struct hostent *BIO_gethostbyname_r(const char *name,
+ *     struct hostent *result, void *buffer, size_t buflen);
+ * or something similar (caller allocates a struct hostent,
+ * pointed to by "result", and additional buffer space for the various
+ * substructures; if the buffer does not suffice, NULL is returned
+ * and an appropriate error code is set).
+ */
 int BIO_sock_error(int sock);
 int BIO_socket_ioctl(int fd, long type, unsigned long *arg);
 int BIO_socket_nbio(int fd,int mode);
-int BIO_get_port(char *str, unsigned short *port_ptr);
-int BIO_get_host_ip(char *str, unsigned char *ip);
+int BIO_get_port(const char *str, unsigned short *port_ptr);
+int BIO_get_host_ip(const char *str, unsigned char *ip);
 int BIO_get_accept_socket(char *host_port,int mode);
 int BIO_accept(int sock,char **ip_port);
 int BIO_sock_init(void );
 void BIO_sock_cleanup(void);
 int BIO_set_tcp_ndelay(int sock,int turn_on);
 
-void ERR_load_BIO_strings(void );
-
 BIO *BIO_new_socket(int sock, int close_flag);
 BIO *BIO_new_fd(int fd, int close_flag);
 BIO *BIO_new_connect(char *host_port);
 BIO *BIO_new_accept(char *host_port);
 
-void BIO_copy_next_retry(BIO *b);
-
-long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);
-
-#else
-
-BIO *	BIO_new();
-int	BIO_set();
-int	BIO_free();
-int	BIO_read();
-int	BIO_gets();
-int	BIO_write();
-int	BIO_puts();
-char *	BIO_ptr_ctrl();
-long	BIO_ctrl();
-long	BIO_int_ctrl();
-BIO *	BIO_push();
-BIO *	BIO_pop();
-void	BIO_free_all();
-BIO *	BIO_find_type();
-BIO *	BIO_get_retry_BIO();
-int	BIO_get_retry_reason();
-BIO *	BIO_dup_chain();
-
-#ifndef WIN16
-long BIO_debug_callback();
-#else
-long _far _loadds BIO_debug_callback();
-#endif
-
-BIO_METHOD *BIO_s_mem();
-BIO_METHOD *BIO_s_socket();
-BIO_METHOD *BIO_s_connect();
-BIO_METHOD *BIO_s_accept();
-BIO_METHOD *BIO_s_fd();
-BIO_METHOD *BIO_s_null();
-BIO_METHOD *BIO_f_null();
-BIO_METHOD *BIO_f_buffer();
-BIO_METHOD *BIO_f_nbio_test();
-/* BIO_METHOD *BIO_f_ber(); */
-
-int BIO_sock_should_retry();
-int BIO_sock_non_fatal_error();
-int BIO_fd_should_retry();
-int BIO_fd_non_fatal_error();
-int BIO_dump();
-
-struct hostent *BIO_gethostbyname();
-int BIO_sock_error();
-int BIO_socket_ioctl();
-int BIO_socket_nbio();
-int BIO_get_port();
-int BIO_get_host_ip();
-int BIO_get_accept_socket();
-int BIO_accept();
-int BIO_sock_init();
-void BIO_sock_cleanup();
-int BIO_set_tcp_ndelay();
-
-void ERR_load_BIO_strings();
-
-BIO *BIO_new_socket();
-BIO *BIO_new_fd();
-BIO *BIO_new_connect();
-BIO *BIO_new_accept();
-
-void BIO_copy_next_retry();
-
-long BIO_ghbn_ctrl();
-
-#endif
-
-/* Tim Hudson's portable varargs stuff */
-
-#ifndef NOPROTO
-#define VAR_ANSI	/* select ANSI version by default */
-#endif
-
-#ifdef VAR_ANSI
-/* ANSI version of a "portable" macro set for variable length args */
-#ifndef __STDARG_H__ /**/
-#include <stdarg.h>
-#endif /**/
-
-#define VAR_PLIST(arg1type,arg1)    arg1type arg1, ...
-#define VAR_PLIST2(arg1type,arg1,arg2type,arg2) arg1type arg1,arg2type arg2,...
-#define VAR_ALIST
-#define VAR_BDEFN(args,arg1type,arg1)   va_list args
-#define VAR_BDEFN2(args,arg1type,arg1,arg2type,arg2)    va_list args
-#define VAR_INIT(args,arg1type,arg1)    va_start(args,arg1);
-#define VAR_INIT2(args,arg1type,arg1,arg2type,arg2) va_start(args,arg2);
-#define VAR_ARG(args,type,arg)	arg=va_arg(args,type)
-#define VAR_END(args)		va_end(args);
-
-#else
-
-/* K&R version of a "portable" macro set for variable length args */
-#ifndef __VARARGS_H__
-#include <varargs.h>
-#endif
+int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
+	BIO **bio2, size_t writebuf2);
+/* If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
+ * Otherwise returns 0 and sets *bio1 and *bio2 to NULL.
+ * Size 0 uses default value.
+ */
 
-#define VAR_PLIST(arg1type,arg1)	va_alist
-#define VAR_PLIST2(arg1type,arg1,arg2type,arg2) va_alist
-#define VAR_ALIST		va_dcl
-#define VAR_BDEFN(args,arg1type,arg1)	va_list args; arg1type arg1
-#define VAR_BDEFN2(args,arg1type,arg1,arg2type,arg2)    va_list args; \
-	arg1type arg1; arg2type arg2
-#define VAR_INIT(args,arg1type,arg1)	va_start(args); \
-	arg1=va_arg(args,arg1type);
-#define VAR_INIT2(args,arg1type,arg1,arg2type,arg2) va_start(args); \
-	arg1=va_arg(args,arg1type);	arg2=va_arg(args,arg2type);
-#define VAR_ARG(args,type,arg)		arg=va_arg(args,type)
-#define VAR_END(args)			va_end(args);
+void BIO_copy_next_retry(BIO *b);
 
-#endif
+/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/
 
-#ifndef NOPROTO
-int BIO_printf( VAR_PLIST( BIO *, bio ) );
-#else
-int BIO_printf();
-#endif
+int BIO_printf(BIO *bio, const char *format, ...);
+int BIO_vprintf(BIO *bio, const char *format, va_list args);
+int BIO_snprintf(char *buf, size_t n, const char *format, ...);
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args);
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_BIO_strings(void);
+
 /* Error codes for the BIO functions. */
 
 /* Function codes. */
@@ -669,54 +629,66 @@ int BIO_printf();
 #define BIO_F_BIO_ACCEPT				 101
 #define BIO_F_BIO_BER_GET_HEADER			 102
 #define BIO_F_BIO_CTRL					 103
+#define BIO_F_BIO_GETHOSTBYNAME				 120
 #define BIO_F_BIO_GETS					 104
 #define BIO_F_BIO_GET_ACCEPT_SOCKET			 105
 #define BIO_F_BIO_GET_HOST_IP				 106
 #define BIO_F_BIO_GET_PORT				 107
+#define BIO_F_BIO_MAKE_PAIR				 121
 #define BIO_F_BIO_NEW					 108
 #define BIO_F_BIO_NEW_FILE				 109
+#define BIO_F_BIO_NEW_MEM_BUF				 126
+#define BIO_F_BIO_NREAD					 123
+#define BIO_F_BIO_NREAD0				 124
+#define BIO_F_BIO_NWRITE				 125
+#define BIO_F_BIO_NWRITE0				 122
 #define BIO_F_BIO_PUTS					 110
 #define BIO_F_BIO_READ					 111
 #define BIO_F_BIO_SOCK_INIT				 112
 #define BIO_F_BIO_WRITE					 113
 #define BIO_F_BUFFER_CTRL				 114
+#define BIO_F_CONN_CTRL					 127
 #define BIO_F_CONN_STATE				 115
 #define BIO_F_FILE_CTRL					 116
+#define BIO_F_FILE_READ					 130
+#define BIO_F_LINEBUFFER_CTRL				 129
+#define BIO_F_MEM_READ					 128
 #define BIO_F_MEM_WRITE					 117
-#define BIO_F_SSL_NEW					 119
-#define BIO_F_WSASTARTUP				 120
+#define BIO_F_SSL_NEW					 118
+#define BIO_F_WSASTARTUP				 119
 
 /* Reason codes. */
 #define BIO_R_ACCEPT_ERROR				 100
 #define BIO_R_BAD_FOPEN_MODE				 101
 #define BIO_R_BAD_HOSTNAME_LOOKUP			 102
+#define BIO_R_BROKEN_PIPE				 124
 #define BIO_R_CONNECT_ERROR				 103
+#define BIO_R_EOF_ON_MEMORY_BIO				 127
 #define BIO_R_ERROR_SETTING_NBIO			 104
 #define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET	 105
 #define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET	 106
 #define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET		 107
+#define BIO_R_INVALID_ARGUMENT				 125
 #define BIO_R_INVALID_IP_ADDRESS			 108
+#define BIO_R_IN_USE					 123
 #define BIO_R_KEEPALIVE					 109
 #define BIO_R_NBIO_CONNECT_ERROR			 110
 #define BIO_R_NO_ACCEPT_PORT_SPECIFIED			 111
-#define BIO_R_NO_HOSTHNAME_SPECIFIED			 112
+#define BIO_R_NO_HOSTNAME_SPECIFIED			 112
 #define BIO_R_NO_PORT_DEFINED				 113
 #define BIO_R_NO_PORT_SPECIFIED				 114
+#define BIO_R_NO_SUCH_FILE				 128
 #define BIO_R_NULL_PARAMETER				 115
-#define BIO_R_SOCKS_ID_AND_IDENT_DID_NOT_MATCH		 116
-#define BIO_R_SOCKS_REJECTED_CONNECTION			 117
-#define BIO_R_SOCKS_UNABLE_TO_TALK_TO_IDENT_SERVER	 118
-#define BIO_R_SOCKS_UNKNOWN_ERROR			 119
-#define BIO_R_TAG_MISMATCH				 120
-#define BIO_R_UNABLE_TO_BIND_SOCKET			 121
-#define BIO_R_UNABLE_TO_CREATE_SOCKET			 122
-#define BIO_R_UNABLE_TO_LISTEN_SOCKET			 123
-#define BIO_R_UNINITALISED				 124
-#define BIO_R_UNSUPPORTED_METHOD			 125
-#define BIO_R_WSASTARTUP				 126
- 
+#define BIO_R_TAG_MISMATCH				 116
+#define BIO_R_UNABLE_TO_BIND_SOCKET			 117
+#define BIO_R_UNABLE_TO_CREATE_SOCKET			 118
+#define BIO_R_UNABLE_TO_LISTEN_SOCKET			 119
+#define BIO_R_UNINITIALIZED				 120
+#define BIO_R_UNSUPPORTED_METHOD			 121
+#define BIO_R_WRITE_TO_READ_ONLY_BIO			 126
+#define BIO_R_WSASTARTUP				 122
+
 #ifdef  __cplusplus
 }
 #endif
 #endif
-
diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c
index bc6ed9eda1..0ffa4d2136 100644
--- a/crypto/bio/bio_cb.c
+++ b/crypto/bio/bio_cb.c
@@ -60,16 +60,11 @@
 #include <string.h>
 #include <stdlib.h>
 #include "cryptlib.h"
-#include "bio.h"
-#include "err.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
 
-long MS_CALLBACK BIO_debug_callback(bio,cmd,argp,argi,argl,ret)
-BIO *bio;
-int cmd;
-char *argp;
-int argi;
-long argl;
-long ret;
+long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
+	     int argi, long argl, long ret)
 	{
 	BIO *b;
 	MS_STATIC char buf[256];
@@ -130,7 +125,7 @@ long ret;
 	b=(BIO *)bio->cb_arg;
 	if (b != NULL)
 		BIO_write(b,buf,strlen(buf));
-#if !defined(NO_STDIO) && !defined(WIN16)
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
 	else
 		fputs(buf,stderr);
 #endif
diff --git a/crypto/bio/bio_err.c b/crypto/bio/bio_err.c
index 01aac6e582..68a119d895 100644
--- a/crypto/bio/bio_err.c
+++ b/crypto/bio/bio_err.c
@@ -1,90 +1,103 @@
-/* lib/bio/bio_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/bio/bio_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "bio.h"
+#include <openssl/err.h>
+#include <openssl/bio.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA BIO_str_functs[]=
 	{
 {ERR_PACK(0,BIO_F_ACPT_STATE,0),	"ACPT_STATE"},
 {ERR_PACK(0,BIO_F_BIO_ACCEPT,0),	"BIO_accept"},
 {ERR_PACK(0,BIO_F_BIO_BER_GET_HEADER,0),	"BIO_BER_GET_HEADER"},
 {ERR_PACK(0,BIO_F_BIO_CTRL,0),	"BIO_ctrl"},
+{ERR_PACK(0,BIO_F_BIO_GETHOSTBYNAME,0),	"BIO_gethostbyname"},
 {ERR_PACK(0,BIO_F_BIO_GETS,0),	"BIO_gets"},
 {ERR_PACK(0,BIO_F_BIO_GET_ACCEPT_SOCKET,0),	"BIO_get_accept_socket"},
 {ERR_PACK(0,BIO_F_BIO_GET_HOST_IP,0),	"BIO_get_host_ip"},
 {ERR_PACK(0,BIO_F_BIO_GET_PORT,0),	"BIO_get_port"},
+{ERR_PACK(0,BIO_F_BIO_MAKE_PAIR,0),	"BIO_MAKE_PAIR"},
 {ERR_PACK(0,BIO_F_BIO_NEW,0),	"BIO_new"},
 {ERR_PACK(0,BIO_F_BIO_NEW_FILE,0),	"BIO_new_file"},
+{ERR_PACK(0,BIO_F_BIO_NEW_MEM_BUF,0),	"BIO_new_mem_buf"},
+{ERR_PACK(0,BIO_F_BIO_NREAD,0),	"BIO_nread"},
+{ERR_PACK(0,BIO_F_BIO_NREAD0,0),	"BIO_nread0"},
+{ERR_PACK(0,BIO_F_BIO_NWRITE,0),	"BIO_nwrite"},
+{ERR_PACK(0,BIO_F_BIO_NWRITE0,0),	"BIO_nwrite0"},
 {ERR_PACK(0,BIO_F_BIO_PUTS,0),	"BIO_puts"},
 {ERR_PACK(0,BIO_F_BIO_READ,0),	"BIO_read"},
 {ERR_PACK(0,BIO_F_BIO_SOCK_INIT,0),	"BIO_sock_init"},
 {ERR_PACK(0,BIO_F_BIO_WRITE,0),	"BIO_write"},
 {ERR_PACK(0,BIO_F_BUFFER_CTRL,0),	"BUFFER_CTRL"},
+{ERR_PACK(0,BIO_F_CONN_CTRL,0),	"CONN_CTRL"},
 {ERR_PACK(0,BIO_F_CONN_STATE,0),	"CONN_STATE"},
 {ERR_PACK(0,BIO_F_FILE_CTRL,0),	"FILE_CTRL"},
+{ERR_PACK(0,BIO_F_FILE_READ,0),	"FILE_READ"},
+{ERR_PACK(0,BIO_F_LINEBUFFER_CTRL,0),	"LINEBUFFER_CTRL"},
+{ERR_PACK(0,BIO_F_MEM_READ,0),	"MEM_READ"},
 {ERR_PACK(0,BIO_F_MEM_WRITE,0),	"MEM_WRITE"},
-{ERR_PACK(0,BIO_F_SOCKS4A_STATE,0),	"SOCKS4A_STATE"},
-{ERR_PACK(0,BIO_F_SSL_NEW,0),	"SSL_NEW"},
+{ERR_PACK(0,BIO_F_SSL_NEW,0),	"SSL_new"},
 {ERR_PACK(0,BIO_F_WSASTARTUP,0),	"WSASTARTUP"},
-{0,NULL},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA BIO_str_reasons[]=
@@ -92,43 +105,45 @@ static ERR_STRING_DATA BIO_str_reasons[]=
 {BIO_R_ACCEPT_ERROR                      ,"accept error"},
 {BIO_R_BAD_FOPEN_MODE                    ,"bad fopen mode"},
 {BIO_R_BAD_HOSTNAME_LOOKUP               ,"bad hostname lookup"},
+{BIO_R_BROKEN_PIPE                       ,"broken pipe"},
 {BIO_R_CONNECT_ERROR                     ,"connect error"},
+{BIO_R_EOF_ON_MEMORY_BIO                 ,"EOF on memory BIO"},
 {BIO_R_ERROR_SETTING_NBIO                ,"error setting nbio"},
 {BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET,"error setting nbio on accepted socket"},
 {BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET,"error setting nbio on accept socket"},
 {BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET ,"gethostbyname addr is not af inet"},
+{BIO_R_INVALID_ARGUMENT                  ,"invalid argument"},
 {BIO_R_INVALID_IP_ADDRESS                ,"invalid ip address"},
+{BIO_R_IN_USE                            ,"in use"},
 {BIO_R_KEEPALIVE                         ,"keepalive"},
 {BIO_R_NBIO_CONNECT_ERROR                ,"nbio connect error"},
 {BIO_R_NO_ACCEPT_PORT_SPECIFIED          ,"no accept port specified"},
-{BIO_R_NO_HOSTHNAME_SPECIFIED            ,"no hosthname specified"},
+{BIO_R_NO_HOSTNAME_SPECIFIED             ,"no hostname specified"},
 {BIO_R_NO_PORT_DEFINED                   ,"no port defined"},
 {BIO_R_NO_PORT_SPECIFIED                 ,"no port specified"},
+{BIO_R_NO_SUCH_FILE                      ,"no such file"},
 {BIO_R_NULL_PARAMETER                    ,"null parameter"},
-{BIO_R_SOCKS_ID_AND_IDENT_DID_NOT_MATCH  ,"socks id and ident did not match"},
-{BIO_R_SOCKS_REJECTED_CONNECTION         ,"socks rejected connection"},
-{BIO_R_SOCKS_UNABLE_TO_TALK_TO_IDENT_SERVER,"socks unable to talk to ident server"},
-{BIO_R_SOCKS_UNKNOWN_ERROR               ,"socks unknown error"},
 {BIO_R_TAG_MISMATCH                      ,"tag mismatch"},
 {BIO_R_UNABLE_TO_BIND_SOCKET             ,"unable to bind socket"},
 {BIO_R_UNABLE_TO_CREATE_SOCKET           ,"unable to create socket"},
 {BIO_R_UNABLE_TO_LISTEN_SOCKET           ,"unable to listen socket"},
-{BIO_R_UNINITALISED                      ,"uninitalised"},
+{BIO_R_UNINITIALIZED                     ,"uninitialized"},
 {BIO_R_UNSUPPORTED_METHOD                ,"unsupported method"},
-{BIO_R_WSASTARTUP                        ,"wsastartup"},
-{0,NULL},
+{BIO_R_WRITE_TO_READ_ONLY_BIO            ,"write to read only BIO"},
+{BIO_R_WSASTARTUP                        ,"WSAStartup"},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_BIO_strings()
+void ERR_load_BIO_strings(void)
 	{
 	static int init=1;
 
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_BIO,BIO_str_functs);
 		ERR_load_strings(ERR_LIB_BIO,BIO_str_reasons);
 #endif
diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c
index bee1f5d2e0..98ce395519 100644
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@@ -58,20 +58,16 @@
 
 #include <stdio.h>
 #include <errno.h>
-#include "crypto.h"
+#include <openssl/crypto.h>
 #include "cryptlib.h"
-#include "bio.h"
-#include "stack.h"
+#include <openssl/bio.h>
+#include <openssl/stack.h>
 
-static STACK *bio_meth=NULL;
-static int bio_meth_num=0;
-
-BIO *BIO_new(method)
-BIO_METHOD *method;
+BIO *BIO_new(BIO_METHOD *method)
 	{
 	BIO *ret=NULL;
 
-	ret=(BIO *)Malloc(sizeof(BIO));
+	ret=(BIO *)OPENSSL_malloc(sizeof(BIO));
 	if (ret == NULL)
 		{
 		BIOerr(BIO_F_BIO_NEW,ERR_R_MALLOC_FAILURE);
@@ -79,15 +75,13 @@ BIO_METHOD *method;
 		}
 	if (!BIO_set(ret,method))
 		{
-		Free(ret);
+		OPENSSL_free(ret);
 		ret=NULL;
 		}
 	return(ret);
 	}
 
-int BIO_set(bio,method)
-BIO *bio;
-BIO_METHOD *method;
+int BIO_set(BIO *bio, BIO_METHOD *method)
 	{
 	bio->method=method;
 	bio->callback=NULL;
@@ -103,15 +97,18 @@ BIO_METHOD *method;
 	bio->references=1;
 	bio->num_read=0L;
 	bio->num_write=0L;
-	CRYPTO_new_ex_data(bio_meth,(char *)bio,&bio->ex_data);
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
 	if (method->create != NULL)
 		if (!method->create(bio))
+			{
+			CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio,
+					&bio->ex_data);
 			return(0);
+			}
 	return(1);
 	}
 
-int BIO_free(a)
-BIO *a;
+int BIO_free(BIO *a)
 	{
 	int ret=0,i;
 
@@ -121,7 +118,7 @@ BIO *a;
 #ifdef REF_PRINT
 	REF_PRINT("BIO",a);
 #endif
-        if (i > 0) return(1);
+	if (i > 0) return(1);
 #ifdef REF_CHECK
 	if (i < 0)
 		{
@@ -133,18 +130,18 @@ BIO *a;
 		((i=(int)a->callback(a,BIO_CB_FREE,NULL,0,0L,1L)) <= 0))
 			return(i);
 
-	CRYPTO_free_ex_data(bio_meth,(char *)a,&a->ex_data);
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
 
 	if ((a->method == NULL) || (a->method->destroy == NULL)) return(1);
 	ret=a->method->destroy(a);
-	Free(a);
+	OPENSSL_free(a);
 	return(1);
 	}
 
-int BIO_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+void BIO_vfree(BIO *a)
+    { BIO_free(a); }
+
+int BIO_read(BIO *b, void *out, int outl)
 	{
 	int i;
 	long (*cb)();
@@ -162,7 +159,7 @@ int outl;
 
 	if (!b->init)
 		{
-		BIOerr(BIO_F_BIO_READ,BIO_R_UNINITALISED);
+		BIOerr(BIO_F_BIO_READ,BIO_R_UNINITIALIZED);
 		return(-2);
 		}
 
@@ -176,10 +173,7 @@ int outl;
 	return(i);
 	}
 
-int BIO_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+int BIO_write(BIO *b, const void *in, int inl)
 	{
 	int i;
 	long (*cb)();
@@ -200,7 +194,7 @@ int inl;
 
 	if (!b->init)
 		{
-		BIOerr(BIO_F_BIO_WRITE,BIO_R_UNINITALISED);
+		BIOerr(BIO_F_BIO_WRITE,BIO_R_UNINITIALIZED);
 		return(-2);
 		}
 
@@ -208,21 +202,13 @@ int inl;
 
 	if (i > 0) b->num_write+=(unsigned long)i;
 
-	/* This is evil and not thread safe.  If the BIO has been freed,
-	 * we must not call the callback.  The only way to be able to
-	 * determine this is the reference count which is now invalid since
-	 * the memory has been free()ed.
-	 */
-	if (b->references <= 0) abort();
-	if (cb != NULL) /* && (b->references >= 1)) */
+	if (cb != NULL)
 		i=(int)cb(b,BIO_CB_WRITE|BIO_CB_RETURN,in,inl,
 			0L,(long)i);
 	return(i);
 	}
 
-int BIO_puts(b,in)
-BIO *b;
-char *in;
+int BIO_puts(BIO *b, const char *in)
 	{
 	int i;
 	long (*cb)();
@@ -241,22 +227,21 @@ char *in;
 
 	if (!b->init)
 		{
-		BIOerr(BIO_F_BIO_PUTS,BIO_R_UNINITALISED);
+		BIOerr(BIO_F_BIO_PUTS,BIO_R_UNINITIALIZED);
 		return(-2);
 		}
 
 	i=b->method->bputs(b,in);
 
+	if (i > 0) b->num_write+=(unsigned long)i;
+
 	if (cb != NULL)
 		i=(int)cb(b,BIO_CB_PUTS|BIO_CB_RETURN,in,0,
 			0L,(long)i);
 	return(i);
 	}
 
-int BIO_gets(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+int BIO_gets(BIO *b, char *in, int inl)
 	{
 	int i;
 	long (*cb)();
@@ -275,7 +260,7 @@ int inl;
 
 	if (!b->init)
 		{
-		BIOerr(BIO_F_BIO_GETS,BIO_R_UNINITALISED);
+		BIOerr(BIO_F_BIO_GETS,BIO_R_UNINITIALIZED);
 		return(-2);
 		}
 
@@ -287,11 +272,19 @@ int inl;
 	return(i);
 	}
 
-long BIO_int_ctrl(b,cmd,larg,iarg)
-BIO *b;
-int cmd;
-long larg;
-int iarg;
+int BIO_indent(BIO *b,int indent,int max)
+	{
+	if(indent < 0)
+		indent=0;
+	if(indent > max)
+		indent=max;
+	while(indent--)
+		if(BIO_puts(b," ") != 1)
+			return 0;
+	return 1;
+	}
+
+long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg)
 	{
 	int i;
 
@@ -299,10 +292,7 @@ int iarg;
 	return(BIO_ctrl(b,cmd,larg,(char *)&i));
 	}
 
-char *BIO_ptr_ctrl(b,cmd,larg)
-BIO *b;
-int cmd;
-long larg;
+char *BIO_ptr_ctrl(BIO *b, int cmd, long larg)
 	{
 	char *p=NULL;
 
@@ -312,11 +302,7 @@ long larg;
 		return(p);
 	}
 
-long BIO_ctrl(b,cmd,larg,parg)
-BIO *b;
-int cmd;
-long larg;
-char *parg;
+long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
 	{
 	long ret;
 	long (*cb)();
@@ -343,9 +329,49 @@ char *parg;
 	return(ret);
 	}
 
+long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long))
+	{
+	long ret;
+	long (*cb)();
+
+	if (b == NULL) return(0);
+
+	if ((b->method == NULL) || (b->method->callback_ctrl == NULL))
+		{
+		BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD);
+		return(-2);
+		}
+
+	cb=b->callback;
+
+	if ((cb != NULL) &&
+		((ret=cb(b,BIO_CB_CTRL,(void *)&fp,cmd,0,1L)) <= 0))
+		return(ret);
+
+	ret=b->method->callback_ctrl(b,cmd,fp);
+
+	if (cb != NULL)
+		ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,(void *)&fp,cmd,
+			0,ret);
+	return(ret);
+	}
+
+/* It is unfortunate to duplicate in functions what the BIO_(w)pending macros
+ * do; but those macros have inappropriate return type, and for interfacing
+ * from other programming languages, C macros aren't much of a help anyway. */
+size_t BIO_ctrl_pending(BIO *bio)
+	{
+	return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL);
+	}
+
+size_t BIO_ctrl_wpending(BIO *bio)
+	{
+	return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL);
+	}
+
+
 /* put the 'bio' on the end of b's list of operators */
-BIO *BIO_push(b,bio)
-BIO *b,*bio;
+BIO *BIO_push(BIO *b, BIO *bio)
 	{
 	BIO *lb;
 
@@ -362,8 +388,7 @@ BIO *b,*bio;
 	}
 
 /* Remove the first and return the rest */
-BIO *BIO_pop(b)
-BIO *b;
+BIO *BIO_pop(BIO *b)
 	{
 	BIO *ret;
 
@@ -381,9 +406,7 @@ BIO *b;
 	return(ret);
 	}
 
-BIO *BIO_get_retry_BIO(bio,reason)
-BIO *bio;
-int *reason;
+BIO *BIO_get_retry_BIO(BIO *bio, int *reason)
 	{
 	BIO *b,*last;
 
@@ -399,18 +422,16 @@ int *reason;
 	return(last);
 	}
 
-int BIO_get_retry_reason(bio)
-BIO *bio;
+int BIO_get_retry_reason(BIO *bio)
 	{
 	return(bio->retry_reason);
 	}
 
-BIO *BIO_find_type(bio,type)
-BIO *bio;
-int type;
+BIO *BIO_find_type(BIO *bio, int type)
 	{
 	int mt,mask;
 
+	if(!bio) return NULL;
 	mask=type&0xff;
 	do	{
 		if (bio->method != NULL)
@@ -429,8 +450,13 @@ int type;
 	return(NULL);
 	}
 
-void BIO_free_all(bio)
-BIO *bio;
+BIO *BIO_next(BIO *b)
+	{
+	if(!b) return NULL;
+	return b->next_bio;
+	}
+
+void BIO_free_all(BIO *bio)
 	{
 	BIO *b;
 	int ref;
@@ -446,8 +472,7 @@ BIO *bio;
 		}
 	}
 
-BIO *BIO_dup_chain(in)
-BIO *in;
+BIO *BIO_dup_chain(BIO *in)
 	{
 	BIO *ret=NULL,*eoc=NULL,*bio,*new;
 
@@ -469,9 +494,10 @@ BIO *in;
 			goto err;
 			}
 
-	        /* copy app data */
-	        if (!CRYPTO_dup_ex_data(bio_meth,&new->ex_data,&bio->ex_data))
-	                goto err;
+		/* copy app data */
+		if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data,
+					&bio->ex_data))
+			goto err;
 
 		if (ret == NULL)
 			{
@@ -491,37 +517,39 @@ err:
 	return(NULL);	
 	}
 
-void BIO_copy_next_retry(b)
-BIO *b;
+void BIO_copy_next_retry(BIO *b)
 	{
 	BIO_set_flags(b,BIO_get_retry_flags(b->next_bio));
 	b->retry_reason=b->next_bio->retry_reason;
 	}
 
-int BIO_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
-long argl;
-char *argp;
-int (*new_func)();
-int (*dup_func)();
-void (*free_func)();
-        {
-        bio_meth_num++;
-        return(CRYPTO_get_ex_new_index(bio_meth_num-1,&bio_meth,
-                argl,argp,new_func,dup_func,free_func));
-        }
-
-int BIO_set_ex_data(bio,idx,data)
-BIO *bio;
-int idx;
-char *data;
+int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+	{
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp,
+				new_func, dup_func, free_func);
+	}
+
+int BIO_set_ex_data(BIO *bio, int idx, void *data)
 	{
 	return(CRYPTO_set_ex_data(&(bio->ex_data),idx,data));
 	}
 
-char *BIO_get_ex_data(bio,idx)
-BIO *bio;
-int idx;
+void *BIO_get_ex_data(BIO *bio, int idx)
 	{
 	return(CRYPTO_get_ex_data(&(bio->ex_data),idx));
 	}
 
+unsigned long BIO_number_read(BIO *bio)
+{
+	if(bio) return bio->num_read;
+	return 0;
+}
+
+unsigned long BIO_number_written(BIO *bio)
+{
+	if(bio) return bio->num_write;
+	return 0;
+}
+
+IMPLEMENT_STACK_OF(BIO)
diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c
index 872807d863..8ea1db158b 100644
--- a/crypto/bio/bss_acpt.c
+++ b/crypto/bio/bss_acpt.c
@@ -56,22 +56,25 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_SOCK
+#ifndef OPENSSL_NO_SOCK
 
 #include <stdio.h>
 #include <errno.h>
 #define USE_SOCKETS
 #include "cryptlib.h"
-#include "bio.h"
+#include <openssl/bio.h>
 
-/*	BIOerr(BIO_F_WSASTARTUP,BIO_R_WSASTARTUP ); */
-
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
 #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
 #else
 #define SOCKET_PROTOCOL IPPROTO_TCP
 #endif
 
+#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+
 typedef struct bio_accept_st
 	{
 	int state;
@@ -89,36 +92,17 @@ typedef struct bio_accept_st
 	BIO *bio_chain;
 	} BIO_ACCEPT;
 
-#ifndef NOPROTO
-static int acpt_write(BIO *h,char *buf,int num);
-static int acpt_read(BIO *h,char *buf,int size);
-static int acpt_puts(BIO *h,char *str);
-static long acpt_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int acpt_write(BIO *h, const char *buf, int num);
+static int acpt_read(BIO *h, char *buf, int size);
+static int acpt_puts(BIO *h, const char *str);
+static long acpt_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int acpt_new(BIO *h);
 static int acpt_free(BIO *data);
-#else
-static int acpt_write();
-static int acpt_read();
-static int acpt_puts();
-static long acpt_ctrl();
-static int acpt_new();
-static int acpt_free();
-#endif
-
-#ifndef NOPROTO
 static int acpt_state(BIO *b, BIO_ACCEPT *c);
 static void acpt_close_socket(BIO *data);
 BIO_ACCEPT *BIO_ACCEPT_new(void );
 void BIO_ACCEPT_free(BIO_ACCEPT *a);
 
-#else
-
-static int acpt_state();
-static void acpt_close_socket();
-BIO_ACCEPT *BIO_ACCEPT_new();
-void BIO_ACCEPT_free();
-#endif
-
 #define ACPT_S_BEFORE			1
 #define ACPT_S_GET_ACCEPT_SOCKET	2
 #define ACPT_S_OK			3
@@ -134,15 +118,15 @@ static BIO_METHOD methods_acceptp=
 	acpt_ctrl,
 	acpt_new,
 	acpt_free,
+	NULL,
 	};
 
-BIO_METHOD *BIO_s_accept()
+BIO_METHOD *BIO_s_accept(void)
 	{
 	return(&methods_acceptp);
 	}
 
-static int acpt_new(bi)
-BIO *bi;
+static int acpt_new(BIO *bi)
 	{
 	BIO_ACCEPT *ba;
 
@@ -157,11 +141,11 @@ BIO *bi;
 	return(1);
 	}
 
-BIO_ACCEPT *BIO_ACCEPT_new()
+BIO_ACCEPT *BIO_ACCEPT_new(void)
 	{
 	BIO_ACCEPT *ret;
 
-	if ((ret=(BIO_ACCEPT *)Malloc(sizeof(BIO_ACCEPT))) == NULL)
+	if ((ret=(BIO_ACCEPT *)OPENSSL_malloc(sizeof(BIO_ACCEPT))) == NULL)
 		return(NULL);
 
 	memset(ret,0,sizeof(BIO_ACCEPT));
@@ -170,17 +154,18 @@ BIO_ACCEPT *BIO_ACCEPT_new()
 	return(ret);
 	}
 
-void BIO_ACCEPT_free(a)
-BIO_ACCEPT *a;
+void BIO_ACCEPT_free(BIO_ACCEPT *a)
 	{
-	if (a->param_addr != NULL) Free(a->param_addr);
-	if (a->addr != NULL) Free(a->addr);
+	if(a == NULL)
+	    return;
+
+	if (a->param_addr != NULL) OPENSSL_free(a->param_addr);
+	if (a->addr != NULL) OPENSSL_free(a->addr);
 	if (a->bio_chain != NULL) BIO_free(a->bio_chain);
-	Free(a);
+	OPENSSL_free(a);
 	}
 
-static void acpt_close_socket(bio)
-BIO *bio;
+static void acpt_close_socket(BIO *bio)
 	{
 	BIO_ACCEPT *c;
 
@@ -194,8 +179,7 @@ BIO *bio;
 		}
 	}
 
-static int acpt_free(a)
-BIO *a;
+static int acpt_free(BIO *a)
 	{
 	BIO_ACCEPT *data;
 
@@ -213,9 +197,7 @@ BIO *a;
 	return(1);
 	}
 	
-static int acpt_state(b,c)
-BIO *b;
-BIO_ACCEPT *c;
+static int acpt_state(BIO *b, BIO_ACCEPT *c)
 	{
 	BIO *bio=NULL,*dbio;
 	int s= -1;
@@ -254,8 +236,20 @@ again:
 			c->state=ACPT_S_OK;
 			goto again;
 			}
+		BIO_clear_retry_flags(b);
+		b->retry_reason=0;
 		i=BIO_accept(c->accept_sock,&(c->addr));
+
+		/* -2 return means we should retry */
+		if(i == -2)
+			{
+			BIO_set_retry_special(b);
+			b->retry_reason=BIO_RR_ACCEPT;
+			return -1;
+			}
+
 		if (i < 0) return(i);
+
 		bio=BIO_new_socket(i,BIO_CLOSE);
 		if (bio == NULL) goto err;
 
@@ -306,15 +300,12 @@ err:
 
 	}
 
-static int acpt_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int acpt_read(BIO *b, char *out, int outl)
 	{
 	int ret=0;
 	BIO_ACCEPT *data;
 
-        BIO_clear_retry_flags(b);
+	BIO_clear_retry_flags(b);
 	data=(BIO_ACCEPT *)b->ptr;
 
 	while (b->next_bio == NULL)
@@ -328,10 +319,7 @@ int outl;
 	return(ret);
 	}
 
-static int acpt_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int acpt_write(BIO *b, const char *in, int inl)
 	{
 	int ret;
 	BIO_ACCEPT *data;
@@ -350,11 +338,7 @@ int inl;
 	return(ret);
 	}
 
-static long acpt_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
 	{
 	BIO *dbio;
 	int *ip;
@@ -383,7 +367,7 @@ char *ptr;
 				{
 				b->init=1;
 				if (data->param_addr != NULL)
-					Free(data->param_addr);
+					OPENSSL_free(data->param_addr);
 				data->param_addr=BUF_strdup(ptr);
 				}
 			else if (num == 1)
@@ -468,9 +452,7 @@ char *ptr;
 	return(ret);
 	}
 
-static int acpt_puts(bp,str)
-BIO *bp;
-char *str;
+static int acpt_puts(BIO *bp, const char *str)
 	{
 	int n,ret;
 
@@ -479,8 +461,7 @@ char *str;
 	return(ret);
 	}
 
-BIO *BIO_new_accept(str)
-char *str;
+BIO *BIO_new_accept(char *str)
 	{
 	BIO *ret;
 
diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c
new file mode 100644
index 0000000000..aa58dab046
--- /dev/null
+++ b/crypto/bio/bss_bio.c
@@ -0,0 +1,871 @@
+/* crypto/bio/bss_bio.c  -*- Mode: C; c-file-style: "eay" -*- */
+
+/* Special method for a BIO where the other endpoint is also a BIO
+ * of this kind, handled by the same thread (i.e. the "peer" is actually
+ * ourselves, wearing a different hat).
+ * Such "BIO pairs" are mainly for using the SSL library with I/O interfaces
+ * for which no specific BIO method is available.
+ * See ssl/ssltest.c for some hints on how this can be used. */
+
+/* BIO_DEBUG implies BIO_PAIR_DEBUG */
+#ifdef BIO_DEBUG
+# ifndef BIO_PAIR_DEBUG
+#  define BIO_PAIR_DEBUG
+# endif
+#endif
+
+/* disable assert() unless BIO_PAIR_DEBUG has been defined */
+#ifndef BIO_PAIR_DEBUG
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+
+#include <assert.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/crypto.h>
+
+#include "e_os.h"
+
+/* VxWorks defines SSIZE_MAX with an empty value causing compile errors */
+#if defined(OPENSSL_SYS_VXWORKS)
+# undef SSIZE_MAX
+#endif
+#ifndef SSIZE_MAX
+# define SSIZE_MAX INT_MAX
+#endif
+
+static int bio_new(BIO *bio);
+static int bio_free(BIO *bio);
+static int bio_read(BIO *bio, char *buf, int size);
+static int bio_write(BIO *bio, const char *buf, int num);
+static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr);
+static int bio_puts(BIO *bio, const char *str);
+
+static int bio_make_pair(BIO *bio1, BIO *bio2);
+static void bio_destroy_pair(BIO *bio);
+
+static BIO_METHOD methods_biop =
+{
+	BIO_TYPE_BIO,
+	"BIO pair",
+	bio_write,
+	bio_read,
+	bio_puts,
+	NULL /* no bio_gets */,
+	bio_ctrl,
+	bio_new,
+	bio_free,
+	NULL /* no bio_callback_ctrl */
+};
+
+BIO_METHOD *BIO_s_bio(void)
+	{
+	return &methods_biop;
+	}
+
+struct bio_bio_st
+{
+	BIO *peer;     /* NULL if buf == NULL.
+	                * If peer != NULL, then peer->ptr is also a bio_bio_st,
+	                * and its "peer" member points back to us.
+	                * peer != NULL iff init != 0 in the BIO. */
+	
+	/* This is for what we write (i.e. reading uses peer's struct): */
+	int closed;     /* valid iff peer != NULL */
+	size_t len;     /* valid iff buf != NULL; 0 if peer == NULL */
+	size_t offset;  /* valid iff buf != NULL; 0 if len == 0 */
+	size_t size;
+	char *buf;      /* "size" elements (if != NULL) */
+
+	size_t request; /* valid iff peer != NULL; 0 if len != 0,
+	                 * otherwise set by peer to number of bytes
+	                 * it (unsuccessfully) tried to read,
+	                 * never more than buffer space (size-len) warrants. */
+};
+
+static int bio_new(BIO *bio)
+	{
+	struct bio_bio_st *b;
+	
+	b = OPENSSL_malloc(sizeof *b);
+	if (b == NULL)
+		return 0;
+
+	b->peer = NULL;
+	b->size = 17*1024; /* enough for one TLS record (just a default) */
+	b->buf = NULL;
+
+	bio->ptr = b;
+	return 1;
+	}
+
+
+static int bio_free(BIO *bio)
+	{
+	struct bio_bio_st *b;
+
+	if (bio == NULL)
+		return 0;
+	b = bio->ptr;
+
+	assert(b != NULL);
+
+	if (b->peer)
+		bio_destroy_pair(bio);
+	
+	if (b->buf != NULL)
+		{
+		OPENSSL_free(b->buf);
+		}
+
+	OPENSSL_free(b);
+
+	return 1;
+	}
+
+
+
+static int bio_read(BIO *bio, char *buf, int size_)
+	{
+	size_t size = size_;
+	size_t rest;
+	struct bio_bio_st *b, *peer_b;
+
+	BIO_clear_retry_flags(bio);
+
+	if (!bio->init)
+		return 0;
+
+	b = bio->ptr;
+	assert(b != NULL);
+	assert(b->peer != NULL);
+	peer_b = b->peer->ptr;
+	assert(peer_b != NULL);
+	assert(peer_b->buf != NULL);
+
+	peer_b->request = 0; /* will be set in "retry_read" situation */
+
+	if (buf == NULL || size == 0)
+		return 0;
+
+	if (peer_b->len == 0)
+		{
+		if (peer_b->closed)
+			return 0; /* writer has closed, and no data is left */
+		else
+			{
+			BIO_set_retry_read(bio); /* buffer is empty */
+			if (size <= peer_b->size)
+				peer_b->request = size;
+			else
+				/* don't ask for more than the peer can
+				 * deliver in one write */
+				peer_b->request = peer_b->size;
+			return -1;
+			}
+		}
+
+	/* we can read */
+	if (peer_b->len < size)
+		size = peer_b->len;
+
+	/* now read "size" bytes */
+	
+	rest = size;
+	
+	assert(rest > 0);
+	do /* one or two iterations */
+		{
+		size_t chunk;
+		
+		assert(rest <= peer_b->len);
+		if (peer_b->offset + rest <= peer_b->size)
+			chunk = rest;
+		else
+			/* wrap around ring buffer */
+			chunk = peer_b->size - peer_b->offset;
+		assert(peer_b->offset + chunk <= peer_b->size);
+		
+		memcpy(buf, peer_b->buf + peer_b->offset, chunk);
+		
+		peer_b->len -= chunk;
+		if (peer_b->len)
+			{
+			peer_b->offset += chunk;
+			assert(peer_b->offset <= peer_b->size);
+			if (peer_b->offset == peer_b->size)
+				peer_b->offset = 0;
+			buf += chunk;
+			}
+		else
+			{
+			/* buffer now empty, no need to advance "buf" */
+			assert(chunk == rest);
+			peer_b->offset = 0;
+			}
+		rest -= chunk;
+		}
+	while (rest);
+	
+	return size;
+	}
+
+/* non-copying interface: provide pointer to available data in buffer
+ *    bio_nread0:  return number of available bytes
+ *    bio_nread:   also advance index
+ * (example usage:  bio_nread0(), read from buffer, bio_nread()
+ *  or just         bio_nread(), read from buffer)
+ */
+/* WARNING: The non-copying interface is largely untested as of yet
+ * and may contain bugs. */
+static ssize_t bio_nread0(BIO *bio, char **buf)
+	{
+	struct bio_bio_st *b, *peer_b;
+	ssize_t num;
+	
+	BIO_clear_retry_flags(bio);
+
+	if (!bio->init)
+		return 0;
+	
+	b = bio->ptr;
+	assert(b != NULL);
+	assert(b->peer != NULL);
+	peer_b = b->peer->ptr;
+	assert(peer_b != NULL);
+	assert(peer_b->buf != NULL);
+	
+	peer_b->request = 0;
+	
+	if (peer_b->len == 0)
+		{
+		char dummy;
+		
+		/* avoid code duplication -- nothing available for reading */
+		return bio_read(bio, &dummy, 1); /* returns 0 or -1 */
+		}
+
+	num = peer_b->len;
+	if (peer_b->size < peer_b->offset + num)
+		/* no ring buffer wrap-around for non-copying interface */
+		num = peer_b->size - peer_b->offset;
+	assert(num > 0);
+
+	if (buf != NULL)
+		*buf = peer_b->buf + peer_b->offset;
+	return num;
+	}
+
+static ssize_t bio_nread(BIO *bio, char **buf, size_t num_)
+	{
+	struct bio_bio_st *b, *peer_b;
+	ssize_t num, available;
+
+	if (num_ > SSIZE_MAX)
+		num = SSIZE_MAX;
+	else
+		num = (ssize_t)num_;
+
+	available = bio_nread0(bio, buf);
+	if (num > available)
+		num = available;
+	if (num <= 0)
+		return num;
+
+	b = bio->ptr;
+	peer_b = b->peer->ptr;
+
+	peer_b->len -= num;
+	if (peer_b->len) 
+		{
+		peer_b->offset += num;
+		assert(peer_b->offset <= peer_b->size);
+		if (peer_b->offset == peer_b->size)
+			peer_b->offset = 0;
+		}
+	else
+		peer_b->offset = 0;
+
+	return num;
+	}
+
+
+static int bio_write(BIO *bio, const char *buf, int num_)
+	{
+	size_t num = num_;
+	size_t rest;
+	struct bio_bio_st *b;
+
+	BIO_clear_retry_flags(bio);
+
+	if (!bio->init || buf == NULL || num == 0)
+		return 0;
+
+	b = bio->ptr;		
+	assert(b != NULL);
+	assert(b->peer != NULL);
+	assert(b->buf != NULL);
+
+	b->request = 0;
+	if (b->closed)
+		{
+		/* we already closed */
+		BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE);
+		return -1;
+		}
+
+	assert(b->len <= b->size);
+
+	if (b->len == b->size)
+		{
+		BIO_set_retry_write(bio); /* buffer is full */
+		return -1;
+		}
+
+	/* we can write */
+	if (num > b->size - b->len)
+		num = b->size - b->len;
+	
+	/* now write "num" bytes */
+
+	rest = num;
+	
+	assert(rest > 0);
+	do /* one or two iterations */
+		{
+		size_t write_offset;
+		size_t chunk;
+
+		assert(b->len + rest <= b->size);
+
+		write_offset = b->offset + b->len;
+		if (write_offset >= b->size)
+			write_offset -= b->size;
+		/* b->buf[write_offset] is the first byte we can write to. */
+
+		if (write_offset + rest <= b->size)
+			chunk = rest;
+		else
+			/* wrap around ring buffer */
+			chunk = b->size - write_offset;
+		
+		memcpy(b->buf + write_offset, buf, chunk);
+		
+		b->len += chunk;
+
+		assert(b->len <= b->size);
+		
+		rest -= chunk;
+		buf += chunk;
+		}
+	while (rest);
+
+	return num;
+	}
+
+/* non-copying interface: provide pointer to region to write to
+ *   bio_nwrite0:  check how much space is available
+ *   bio_nwrite:   also increase length
+ * (example usage:  bio_nwrite0(), write to buffer, bio_nwrite()
+ *  or just         bio_nwrite(), write to buffer)
+ */
+static ssize_t bio_nwrite0(BIO *bio, char **buf)
+	{
+	struct bio_bio_st *b;
+	size_t num;
+	size_t write_offset;
+
+	BIO_clear_retry_flags(bio);
+
+	if (!bio->init)
+		return 0;
+
+	b = bio->ptr;		
+	assert(b != NULL);
+	assert(b->peer != NULL);
+	assert(b->buf != NULL);
+
+	b->request = 0;
+	if (b->closed)
+		{
+		BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE);
+		return -1;
+		}
+
+	assert(b->len <= b->size);
+
+	if (b->len == b->size)
+		{
+		BIO_set_retry_write(bio);
+		return -1;
+		}
+
+	num = b->size - b->len;
+	write_offset = b->offset + b->len;
+	if (write_offset >= b->size)
+		write_offset -= b->size;
+	if (write_offset + num > b->size)
+		/* no ring buffer wrap-around for non-copying interface
+		 * (to fulfil the promise by BIO_ctrl_get_write_guarantee,
+		 * BIO_nwrite may have to be called twice) */
+		num = b->size - write_offset;
+
+	if (buf != NULL)
+		*buf = b->buf + write_offset;
+	assert(write_offset + num <= b->size);
+
+	return num;
+	}
+
+static ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_)
+	{
+	struct bio_bio_st *b;
+	ssize_t num, space;
+
+	if (num_ > SSIZE_MAX)
+		num = SSIZE_MAX;
+	else
+		num = (ssize_t)num_;
+
+	space = bio_nwrite0(bio, buf);
+	if (num > space)
+		num = space;
+	if (num <= 0)
+		return num;
+	b = bio->ptr;
+	assert(b != NULL);
+	b->len += num;
+	assert(b->len <= b->size);
+
+	return num;
+	}
+
+
+static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
+	{
+	long ret;
+	struct bio_bio_st *b = bio->ptr;
+	
+	assert(b != NULL);
+
+	switch (cmd)
+		{
+	/* specific CTRL codes */
+
+	case BIO_C_SET_WRITE_BUF_SIZE:
+		if (b->peer)
+			{
+			BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE);
+			ret = 0;
+			}
+		else if (num == 0)
+			{
+			BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT);
+			ret = 0;
+			}
+		else
+			{
+			size_t new_size = num;
+
+			if (b->size != new_size)
+				{
+				if (b->buf) 
+					{
+					OPENSSL_free(b->buf);
+					b->buf = NULL;
+					}
+				b->size = new_size;
+				}
+			ret = 1;
+			}
+		break;
+
+	case BIO_C_GET_WRITE_BUF_SIZE:
+		ret = (long) b->size;
+		break;
+
+	case BIO_C_MAKE_BIO_PAIR:
+		{
+		BIO *other_bio = ptr;
+		
+		if (bio_make_pair(bio, other_bio))
+			ret = 1;
+		else
+			ret = 0;
+		}
+		break;
+		
+	case BIO_C_DESTROY_BIO_PAIR:
+		/* Effects both BIOs in the pair -- call just once!
+		 * Or let BIO_free(bio1); BIO_free(bio2); do the job. */
+		bio_destroy_pair(bio);
+		ret = 1;
+		break;
+
+	case BIO_C_GET_WRITE_GUARANTEE:
+		/* How many bytes can the caller feed to the next write
+		 * without having to keep any? */
+		if (b->peer == NULL || b->closed)
+			ret = 0;
+		else
+			ret = (long) b->size - b->len;
+		break;
+
+	case BIO_C_GET_READ_REQUEST:
+		/* If the peer unsuccessfully tried to read, how many bytes
+		 * were requested?  (As with BIO_CTRL_PENDING, that number
+		 * can usually be treated as boolean.) */
+		ret = (long) b->request;
+		break;
+
+	case BIO_C_RESET_READ_REQUEST:
+		/* Reset request.  (Can be useful after read attempts
+		 * at the other side that are meant to be non-blocking,
+		 * e.g. when probing SSL_read to see if any data is
+		 * available.) */
+		b->request = 0;
+		ret = 1;
+		break;
+
+	case BIO_C_SHUTDOWN_WR:
+		/* similar to shutdown(..., SHUT_WR) */
+		b->closed = 1;
+		ret = 1;
+		break;
+
+	case BIO_C_NREAD0:
+		/* prepare for non-copying read */
+		ret = (long) bio_nread0(bio, ptr);
+		break;
+		
+	case BIO_C_NREAD:
+		/* non-copying read */
+		ret = (long) bio_nread(bio, ptr, (size_t) num);
+		break;
+		
+	case BIO_C_NWRITE0:
+		/* prepare for non-copying write */
+		ret = (long) bio_nwrite0(bio, ptr);
+		break;
+
+	case BIO_C_NWRITE:
+		/* non-copying write */
+		ret = (long) bio_nwrite(bio, ptr, (size_t) num);
+		break;
+		
+
+	/* standard CTRL codes follow */
+
+	case BIO_CTRL_RESET:
+		if (b->buf != NULL)
+			{
+			b->len = 0;
+			b->offset = 0;
+			}
+		ret = 0;
+		break;		
+
+	case BIO_CTRL_GET_CLOSE:
+		ret = bio->shutdown;
+		break;
+
+	case BIO_CTRL_SET_CLOSE:
+		bio->shutdown = (int) num;
+		ret = 1;
+		break;
+
+	case BIO_CTRL_PENDING:
+		if (b->peer != NULL)
+			{
+			struct bio_bio_st *peer_b = b->peer->ptr;
+			
+			ret = (long) peer_b->len;
+			}
+		else
+			ret = 0;
+		break;
+
+	case BIO_CTRL_WPENDING:
+		if (b->buf != NULL)
+			ret = (long) b->len;
+		else
+			ret = 0;
+		break;
+
+	case BIO_CTRL_DUP:
+		/* See BIO_dup_chain for circumstances we have to expect. */
+		{
+		BIO *other_bio = ptr;
+		struct bio_bio_st *other_b;
+		
+		assert(other_bio != NULL);
+		other_b = other_bio->ptr;
+		assert(other_b != NULL);
+		
+		assert(other_b->buf == NULL); /* other_bio is always fresh */
+
+		other_b->size = b->size;
+		}
+
+		ret = 1;
+		break;
+
+	case BIO_CTRL_FLUSH:
+		ret = 1;
+		break;
+
+	case BIO_CTRL_EOF:
+		{
+		BIO *other_bio = ptr;
+		
+		if (other_bio)
+			{
+			struct bio_bio_st *other_b = other_bio->ptr;
+			
+			assert(other_b != NULL);
+			ret = other_b->len == 0 && other_b->closed;
+			}
+		else
+			ret = 1;
+		}
+		break;
+
+	default:
+		ret = 0;
+		}
+	return ret;
+	}
+
+static int bio_puts(BIO *bio, const char *str)
+	{
+	return bio_write(bio, str, strlen(str));
+	}
+
+
+static int bio_make_pair(BIO *bio1, BIO *bio2)
+	{
+	struct bio_bio_st *b1, *b2;
+
+	assert(bio1 != NULL);
+	assert(bio2 != NULL);
+
+	b1 = bio1->ptr;
+	b2 = bio2->ptr;
+	
+	if (b1->peer != NULL || b2->peer != NULL)
+		{
+		BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE);
+		return 0;
+		}
+	
+	if (b1->buf == NULL)
+		{
+		b1->buf = OPENSSL_malloc(b1->size);
+		if (b1->buf == NULL)
+			{
+			BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+			return 0;
+			}
+		b1->len = 0;
+		b1->offset = 0;
+		}
+	
+	if (b2->buf == NULL)
+		{
+		b2->buf = OPENSSL_malloc(b2->size);
+		if (b2->buf == NULL)
+			{
+			BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+			return 0;
+			}
+		b2->len = 0;
+		b2->offset = 0;
+		}
+	
+	b1->peer = bio2;
+	b1->closed = 0;
+	b1->request = 0;
+	b2->peer = bio1;
+	b2->closed = 0;
+	b2->request = 0;
+
+	bio1->init = 1;
+	bio2->init = 1;
+
+	return 1;
+	}
+
+static void bio_destroy_pair(BIO *bio)
+	{
+	struct bio_bio_st *b = bio->ptr;
+
+	if (b != NULL)
+		{
+		BIO *peer_bio = b->peer;
+
+		if (peer_bio != NULL)
+			{
+			struct bio_bio_st *peer_b = peer_bio->ptr;
+
+			assert(peer_b != NULL);
+			assert(peer_b->peer == bio);
+
+			peer_b->peer = NULL;
+			peer_bio->init = 0;
+			assert(peer_b->buf != NULL);
+			peer_b->len = 0;
+			peer_b->offset = 0;
+			
+			b->peer = NULL;
+			bio->init = 0;
+			assert(b->buf != NULL);
+			b->len = 0;
+			b->offset = 0;
+			}
+		}
+	}
+ 
+
+/* Exported convenience functions */
+int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1,
+	BIO **bio2_p, size_t writebuf2)
+	 {
+	 BIO *bio1 = NULL, *bio2 = NULL;
+	 long r;
+	 int ret = 0;
+
+	 bio1 = BIO_new(BIO_s_bio());
+	 if (bio1 == NULL)
+		 goto err;
+	 bio2 = BIO_new(BIO_s_bio());
+	 if (bio2 == NULL)
+		 goto err;
+
+	 if (writebuf1)
+		 {
+		 r = BIO_set_write_buf_size(bio1, writebuf1);
+		 if (!r)
+			 goto err;
+		 }
+	 if (writebuf2)
+		 {
+		 r = BIO_set_write_buf_size(bio2, writebuf2);
+		 if (!r)
+			 goto err;
+		 }
+
+	 r = BIO_make_bio_pair(bio1, bio2);
+	 if (!r)
+		 goto err;
+	 ret = 1;
+
+ err:
+	 if (ret == 0)
+		 {
+		 if (bio1)
+			 {
+			 BIO_free(bio1);
+			 bio1 = NULL;
+			 }
+		 if (bio2)
+			 {
+			 BIO_free(bio2);
+			 bio2 = NULL;
+			 }
+		 }
+
+	 *bio1_p = bio1;
+	 *bio2_p = bio2;
+	 return ret;
+	 }
+
+size_t BIO_ctrl_get_write_guarantee(BIO *bio)
+	{
+	return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL);
+	}
+
+size_t BIO_ctrl_get_read_request(BIO *bio)
+	{
+	return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL);
+	}
+
+int BIO_ctrl_reset_read_request(BIO *bio)
+	{
+	return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0);
+	}
+
+
+/* BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now
+ * (conceivably some other BIOs could allow non-copying reads and writes too.)
+ */
+int BIO_nread0(BIO *bio, char **buf)
+	{
+	long ret;
+
+	if (!bio->init)
+		{
+		BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED);
+		return -2;
+		}
+
+	ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf);
+	if (ret > INT_MAX)
+		return INT_MAX;
+	else
+		return (int) ret;
+	}
+
+int BIO_nread(BIO *bio, char **buf, int num)
+	{
+	int ret;
+
+	if (!bio->init)
+		{
+		BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED);
+		return -2;
+		}
+
+	ret = (int) BIO_ctrl(bio, BIO_C_NREAD, num, buf);
+	if (ret > 0)
+		bio->num_read += ret;
+	return ret;
+	}
+
+int BIO_nwrite0(BIO *bio, char **buf)
+	{
+	long ret;
+
+	if (!bio->init)
+		{
+		BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED);
+		return -2;
+		}
+
+	ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf);
+	if (ret > INT_MAX)
+		return INT_MAX;
+	else
+		return (int) ret;
+	}
+
+int BIO_nwrite(BIO *bio, char **buf, int num)
+	{
+	int ret;
+
+	if (!bio->init)
+		{
+		BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED);
+		return -2;
+		}
+
+	ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf);
+	if (ret > 0)
+		bio->num_read += ret;
+	return ret;
+	}
diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c
index 3ec1388f2e..743db6ff94 100644
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@@ -56,22 +56,26 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_SOCK
+#ifndef OPENSSL_NO_SOCK
 
 #include <stdio.h>
 #include <errno.h>
 #define USE_SOCKETS
 #include "cryptlib.h"
-#include "bio.h"
+#include <openssl/bio.h>
 
-/*	BIOerr(BIO_F_WSASTARTUP,BIO_R_WSASTARTUP ); */
-
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
 #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
 #else
 #define SOCKET_PROTOCOL IPPROTO_TCP
 #endif
 
+#if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000)
+/* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */
+#undef FIONBIO
+#endif
+
+
 typedef struct bio_connect_st
 	{
 	int state;
@@ -86,46 +90,27 @@ typedef struct bio_connect_st
 	struct sockaddr_in them;
 
 	/* int socket; this will be kept in bio->num so that it is
-	 * compatable with the bss_sock bio */ 
+	 * compatible with the bss_sock bio */ 
 
 	/* called when the connection is initially made
 	 *  callback(BIO,state,ret);  The callback should return
-	 * 'ret'.  state is for compatablity with the ssl info_callback */
-	int (*info_callback)();
+	 * 'ret'.  state is for compatibility with the ssl info_callback */
+	int (*info_callback)(const BIO *bio,int state,int ret);
 	} BIO_CONNECT;
 
-#ifndef NOPROTO
-static int conn_write(BIO *h,char *buf,int num);
-static int conn_read(BIO *h,char *buf,int size);
-static int conn_puts(BIO *h,char *str);
-static long conn_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int conn_write(BIO *h, const char *buf, int num);
+static int conn_read(BIO *h, char *buf, int size);
+static int conn_puts(BIO *h, const char *str);
+static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int conn_new(BIO *h);
 static int conn_free(BIO *data);
-#else
-static int conn_write();
-static int conn_read();
-static int conn_puts();
-static long conn_ctrl();
-static int conn_new();
-static int conn_free();
-#endif
-
-#ifndef NOPROTO
+static long conn_callback_ctrl(BIO *h, int cmd, bio_info_cb *);
 
 static int conn_state(BIO *b, BIO_CONNECT *c);
 static void conn_close_socket(BIO *data);
 BIO_CONNECT *BIO_CONNECT_new(void );
 void BIO_CONNECT_free(BIO_CONNECT *a);
 
-#else
-
-static int conn_state();
-static void conn_close_socket();
-BIO_CONNECT *BIO_CONNECT_new();
-void BIO_CONNECT_free();
-
-#endif
-
 static BIO_METHOD methods_connectp=
 	{
 	BIO_TYPE_CONNECT,
@@ -137,11 +122,10 @@ static BIO_METHOD methods_connectp=
 	conn_ctrl,
 	conn_new,
 	conn_free,
+	conn_callback_ctrl,
 	};
 
-static int conn_state(b,c)
-BIO *b;
-BIO_CONNECT *c;
+static int conn_state(BIO *b, BIO_CONNECT *c)
 	{
 	int ret= -1,i;
 	unsigned long l;
@@ -159,7 +143,7 @@ BIO_CONNECT *c;
 			p=c->param_hostname;
 			if (p == NULL)
 				{
-				BIOerr(BIO_F_CONN_STATE,BIO_R_NO_HOSTHNAME_SPECIFIED);
+				BIOerr(BIO_F_CONN_STATE,BIO_R_NO_HOSTNAME_SPECIFIED);
 				goto exit_loop;
 				}
 			for ( ; *p != '\0'; p++)
@@ -181,7 +165,7 @@ BIO_CONNECT *c;
 							break;
 							}
 					if (c->param_port != NULL)
-						Free(c->param_port);
+						OPENSSL_free(c->param_port);
 					c->param_port=BUF_strdup(p);
 					}
 				}
@@ -204,7 +188,7 @@ BIO_CONNECT *c;
 		case BIO_CONN_S_GET_PORT:
 			if (c->param_port == NULL)
 				{
-				abort();
+				/* abort(); */
 				goto exit_loop;
 				}
 			else if (BIO_get_port(c->param_port,&c->port) <= 0)
@@ -252,7 +236,7 @@ BIO_CONNECT *c;
 				}
 			c->state=BIO_CONN_S_CONNECT;
 
-#ifdef SO_KEEPALIVE
+#if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
 			i=1;
 			i=setsockopt(b->num,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
 			if (i < 0)
@@ -315,7 +299,7 @@ BIO_CONNECT *c;
 			ret=1;
 			goto exit_loop;
 		default:
-			abort();
+			/* abort(); */
 			goto exit_loop;
 			}
 
@@ -334,11 +318,11 @@ end:
 	return(ret);
 	}
 
-BIO_CONNECT *BIO_CONNECT_new()
+BIO_CONNECT *BIO_CONNECT_new(void)
 	{
 	BIO_CONNECT *ret;
 
-	if ((ret=(BIO_CONNECT *)Malloc(sizeof(BIO_CONNECT))) == NULL)
+	if ((ret=(BIO_CONNECT *)OPENSSL_malloc(sizeof(BIO_CONNECT))) == NULL)
 		return(NULL);
 	ret->state=BIO_CONN_S_BEFORE;
 	ret->param_hostname=NULL;
@@ -354,23 +338,24 @@ BIO_CONNECT *BIO_CONNECT_new()
 	return(ret);
 	}
 
-void BIO_CONNECT_free(a)
-BIO_CONNECT *a;
+void BIO_CONNECT_free(BIO_CONNECT *a)
 	{
+	if(a == NULL)
+	    return;
+
 	if (a->param_hostname != NULL)
-		Free(a->param_hostname);
+		OPENSSL_free(a->param_hostname);
 	if (a->param_port != NULL)
-		Free(a->param_port);
-	Free(a);
+		OPENSSL_free(a->param_port);
+	OPENSSL_free(a);
 	}
 
-BIO_METHOD *BIO_s_connect()
+BIO_METHOD *BIO_s_connect(void)
 	{
 	return(&methods_connectp);
 	}
 
-static int conn_new(bi)
-BIO *bi;
+static int conn_new(BIO *bi)
 	{
 	bi->init=0;
 	bi->num=INVALID_SOCKET;
@@ -381,8 +366,7 @@ BIO *bi;
 		return(1);
 	}
 
-static void conn_close_socket(bio)
-BIO *bio;
+static void conn_close_socket(BIO *bio)
 	{
 	BIO_CONNECT *c;
 
@@ -397,8 +381,7 @@ BIO *bio;
 		}
 	}
 
-static int conn_free(a)
-BIO *a;
+static int conn_free(BIO *a)
 	{
 	BIO_CONNECT *data;
 
@@ -416,10 +399,7 @@ BIO *a;
 	return(1);
 	}
 	
-static int conn_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int conn_read(BIO *b, char *out, int outl)
 	{
 	int ret=0;
 	BIO_CONNECT *data;
@@ -446,10 +426,7 @@ int outl;
 	return(ret);
 	}
 
-static int conn_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int conn_write(BIO *b, const char *in, int inl)
 	{
 	int ret;
 	BIO_CONNECT *data;
@@ -472,15 +449,11 @@ int inl;
 	return(ret);
 	}
 
-static long conn_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
 	{
 	BIO *dbio;
 	int *ip;
-	char **pptr;
+	const char **pptr;
 	long ret=1;
 	BIO_CONNECT *data;
 
@@ -504,7 +477,7 @@ char *ptr;
 	case BIO_C_GET_CONNECT:
 		if (ptr != NULL)
 			{
-			pptr=(char **)ptr;
+			pptr=(const char **)ptr;
 			if (num == 0)
 				{
 				*pptr=data->param_hostname;
@@ -523,7 +496,7 @@ char *ptr;
 				*((int *)ptr)=data->port;
 				}
 			if ((!b->init) || (ptr == NULL))
-				*pptr="not initalised";
+				*pptr="not initialized";
 			ret=1;
 			}
 		break;
@@ -534,33 +507,34 @@ char *ptr;
 			if (num == 0)
 				{
 				if (data->param_hostname != NULL)
-					Free(data->param_hostname);
+					OPENSSL_free(data->param_hostname);
 				data->param_hostname=BUF_strdup(ptr);
 				}
 			else if (num == 1)
 				{
 				if (data->param_port != NULL)
-					Free(data->param_port);
+					OPENSSL_free(data->param_port);
 				data->param_port=BUF_strdup(ptr);
 				}
 			else if (num == 2)
 				{
 				char buf[16];
+				unsigned char *p = ptr;
 
 				sprintf(buf,"%d.%d.%d.%d",
-					ptr[0],ptr[1],ptr[2],ptr[3]);
+					p[0],p[1],p[2],p[3]);
 				if (data->param_hostname != NULL)
-					Free(data->param_hostname);
+					OPENSSL_free(data->param_hostname);
 				data->param_hostname=BUF_strdup(buf);
 				memcpy(&(data->ip[0]),ptr,4);
 				}
 			else if (num == 3)
 				{
-				char buf[16];
+				char buf[DECIMAL_SIZE(int)+1];
 
 				sprintf(buf,"%d",*(int *)ptr);
 				if (data->param_port != NULL)
-					Free(data->param_port);
+					OPENSSL_free(data->param_port);
 				data->param_port=BUF_strdup(buf);
 				data->port= *(int *)ptr;
 				}
@@ -593,16 +567,26 @@ char *ptr;
 	case BIO_CTRL_FLUSH:
 		break;
 	case BIO_CTRL_DUP:
+		{
 		dbio=(BIO *)ptr;
 		if (data->param_port)
 			BIO_set_conn_port(dbio,data->param_port);
 		if (data->param_hostname)
 			BIO_set_conn_hostname(dbio,data->param_hostname);
 		BIO_set_nbio(dbio,data->nbio);
-		BIO_set_info_callback(dbio,data->info_callback);
+		/* FIXME: the cast of the function seems unlikely to be a good idea */
+                (void)BIO_set_info_callback(dbio,(bio_info_cb *)data->info_callback);
+		}
 		break;
 	case BIO_CTRL_SET_CALLBACK:
-		data->info_callback=(int (*)())ptr;
+		{
+#if 0 /* FIXME: Should this be used?  -- Richard Levitte */
+		BIOerr(BIO_F_CONN_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		ret = -1;
+#else
+		ret=0;
+#endif
+		}
 		break;
 	case BIO_CTRL_GET_CALLBACK:
 		{
@@ -619,9 +603,28 @@ char *ptr;
 	return(ret);
 	}
 
-static int conn_puts(bp,str)
-BIO *bp;
-char *str;
+static long conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+	{
+	long ret=1;
+	BIO_CONNECT *data;
+
+	data=(BIO_CONNECT *)b->ptr;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_SET_CALLBACK:
+		{
+		data->info_callback=(int (*)(const struct bio_st *, int, int))fp;
+		}
+		break;
+	default:
+		ret=0;
+		break;
+		}
+	return(ret);
+	}
+
+static int conn_puts(BIO *bp, const char *str)
 	{
 	int n,ret;
 
@@ -630,8 +633,7 @@ char *str;
 	return(ret);
 	}
 
-BIO *BIO_new_connect(str)
-char *str;
+BIO *BIO_new_connect(char *str)
 	{
 	BIO *ret;
 
diff --git a/crypto/bio/bss_fd.c b/crypto/bio/bss_fd.c
index 686c4909a2..5e3e187de6 100644
--- a/crypto/bio/bss_fd.c
+++ b/crypto/bio/bss_fd.c
@@ -56,7 +56,227 @@
  * [including the GNU Public Licence.]
  */
 
-#define BIO_FD
-#include "bss_sock.c"
-#undef BIO_FD
+#include <stdio.h>
+#include <errno.h>
+#define USE_SOCKETS
+#include "cryptlib.h"
+#include <openssl/bio.h>
 
+static int fd_write(BIO *h, const char *buf, int num);
+static int fd_read(BIO *h, char *buf, int size);
+static int fd_puts(BIO *h, const char *str);
+static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int fd_new(BIO *h);
+static int fd_free(BIO *data);
+int BIO_fd_should_retry(int s);
+
+static BIO_METHOD methods_fdp=
+	{
+	BIO_TYPE_FD,"file descriptor",
+	fd_write,
+	fd_read,
+	fd_puts,
+	NULL, /* fd_gets, */
+	fd_ctrl,
+	fd_new,
+	fd_free,
+	NULL,
+	};
+
+BIO_METHOD *BIO_s_fd(void)
+	{
+	return(&methods_fdp);
+	}
+
+BIO *BIO_new_fd(int fd,int close_flag)
+	{
+	BIO *ret;
+	ret=BIO_new(BIO_s_fd());
+	if (ret == NULL) return(NULL);
+	BIO_set_fd(ret,fd,close_flag);
+	return(ret);
+	}
+
+static int fd_new(BIO *bi)
+	{
+	bi->init=0;
+	bi->num=0;
+	bi->ptr=NULL;
+	bi->flags=0;
+	return(1);
+	}
+
+static int fd_free(BIO *a)
+	{
+	if (a == NULL) return(0);
+	if (a->shutdown)
+		{
+		if (a->init)
+			{
+			close(a->num);
+			}
+		a->init=0;
+		a->flags=0;
+		}
+	return(1);
+	}
+	
+static int fd_read(BIO *b, char *out,int outl)
+	{
+	int ret=0;
+
+	if (out != NULL)
+		{
+		clear_sys_error();
+		ret=read(b->num,out,outl);
+		BIO_clear_retry_flags(b);
+		if (ret <= 0)
+			{
+			if (BIO_fd_should_retry(ret))
+				BIO_set_retry_read(b);
+			}
+		}
+	return(ret);
+	}
+
+static int fd_write(BIO *b, const char *in, int inl)
+	{
+	int ret;
+	clear_sys_error();
+	ret=write(b->num,in,inl);
+	BIO_clear_retry_flags(b);
+	if (ret <= 0)
+		{
+		if (BIO_fd_should_retry(ret))
+			BIO_set_retry_write(b);
+		}
+	return(ret);
+	}
+
+static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
+	{
+	long ret=1;
+	int *ip;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		num=0;
+	case BIO_C_FILE_SEEK:
+		ret=(long)lseek(b->num,num,0);
+		break;
+	case BIO_C_FILE_TELL:
+	case BIO_CTRL_INFO:
+		ret=(long)lseek(b->num,0,1);
+		break;
+	case BIO_C_SET_FD:
+		fd_free(b);
+		b->num= *((int *)ptr);
+		b->shutdown=(int)num;
+		b->init=1;
+		break;
+	case BIO_C_GET_FD:
+		if (b->init)
+			{
+			ip=(int *)ptr;
+			if (ip != NULL) *ip=b->num;
+			ret=b->num;
+			}
+		else
+			ret= -1;
+		break;
+	case BIO_CTRL_GET_CLOSE:
+		ret=b->shutdown;
+		break;
+	case BIO_CTRL_SET_CLOSE:
+		b->shutdown=(int)num;
+		break;
+	case BIO_CTRL_PENDING:
+	case BIO_CTRL_WPENDING:
+		ret=0;
+		break;
+	case BIO_CTRL_DUP:
+	case BIO_CTRL_FLUSH:
+		ret=1;
+		break;
+	default:
+		ret=0;
+		break;
+		}
+	return(ret);
+	}
+
+static int fd_puts(BIO *bp, const char *str)
+	{
+	int n,ret;
+
+	n=strlen(str);
+	ret=fd_write(bp,str,n);
+	return(ret);
+	}
+
+int BIO_fd_should_retry(int i)
+	{
+	int err;
+
+	if ((i == 0) || (i == -1))
+		{
+		err=get_last_sys_error();
+
+#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
+		if ((i == -1) && (err == 0))
+			return(1);
+#endif
+
+		return(BIO_fd_non_fatal_error(err));
+		}
+	return(0);
+	}
+
+int BIO_fd_non_fatal_error(int err)
+	{
+	switch (err)
+		{
+
+#ifdef EWOULDBLOCK
+# ifdef WSAEWOULDBLOCK
+#  if WSAEWOULDBLOCK != EWOULDBLOCK
+	case EWOULDBLOCK:
+#  endif
+# else
+	case EWOULDBLOCK:
+# endif
+#endif
+
+#if defined(ENOTCONN)
+	case ENOTCONN:
+#endif
+
+#ifdef EINTR
+	case EINTR:
+#endif
+
+#ifdef EAGAIN
+#if EWOULDBLOCK != EAGAIN
+	case EAGAIN:
+# endif
+#endif
+
+#ifdef EPROTO
+	case EPROTO:
+#endif
+
+#ifdef EINPROGRESS
+	case EINPROGRESS:
+#endif
+
+#ifdef EALREADY
+	case EALREADY:
+#endif
+		return(1);
+		/* break; */
+	default:
+		break;
+		}
+	return(0);
+	}
diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c
index 5068a7ca0d..826b361fa2 100644
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@@ -68,29 +68,18 @@
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "bio.h"
-#include "err.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
 
-#if !defined(NO_STDIO)
+#if !defined(OPENSSL_NO_STDIO)
 
-#ifndef NOPROTO
-static int MS_CALLBACK file_write(BIO *h,char *buf,int num);
-static int MS_CALLBACK file_read(BIO *h,char *buf,int size);
-static int MS_CALLBACK file_puts(BIO *h,char *str);
-static int MS_CALLBACK file_gets(BIO *h,char *str,int size);
-static long MS_CALLBACK file_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int MS_CALLBACK file_write(BIO *h, const char *buf, int num);
+static int MS_CALLBACK file_read(BIO *h, char *buf, int size);
+static int MS_CALLBACK file_puts(BIO *h, const char *str);
+static int MS_CALLBACK file_gets(BIO *h, char *str, int size);
+static long MS_CALLBACK file_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int MS_CALLBACK file_new(BIO *h);
 static int MS_CALLBACK file_free(BIO *data);
-#else
-static int MS_CALLBACK file_write();
-static int MS_CALLBACK file_read();
-static int MS_CALLBACK file_puts();
-static int MS_CALLBACK file_gets();
-static long MS_CALLBACK file_ctrl();
-static int MS_CALLBACK file_new();
-static int MS_CALLBACK file_free();
-#endif
-
 static BIO_METHOD methods_filep=
 	{
 	BIO_TYPE_FILE,
@@ -102,11 +91,10 @@ static BIO_METHOD methods_filep=
 	file_ctrl,
 	file_new,
 	file_free,
+	NULL,
 	};
 
-BIO *BIO_new_file(filename,mode)
-char *filename;
-char *mode;
+BIO *BIO_new_file(const char *filename, const char *mode)
 	{
 	BIO *ret;
 	FILE *file;
@@ -115,7 +103,10 @@ char *mode;
 		{
 		SYSerr(SYS_F_FOPEN,get_last_sys_error());
 		ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
-		BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
+		if (errno == ENOENT)
+			BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE);
+		else
+			BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
 		return(NULL);
 		}
 	if ((ret=BIO_new(BIO_s_file_internal())) == NULL)
@@ -125,9 +116,7 @@ char *mode;
 	return(ret);
 	}
 
-BIO *BIO_new_fp(stream,close_flag)
-FILE *stream;
-int close_flag;
+BIO *BIO_new_fp(FILE *stream, int close_flag)
 	{
 	BIO *ret;
 
@@ -138,13 +127,12 @@ int close_flag;
 	return(ret);
 	}
 
-BIO_METHOD *BIO_s_file()
+BIO_METHOD *BIO_s_file(void)
 	{
 	return(&methods_filep);
 	}
 
-static int MS_CALLBACK file_new(bi)
-BIO *bi;
+static int MS_CALLBACK file_new(BIO *bi)
 	{
 	bi->init=0;
 	bi->num=0;
@@ -152,8 +140,7 @@ BIO *bi;
 	return(1);
 	}
 
-static int MS_CALLBACK file_free(a)
-BIO *a;
+static int MS_CALLBACK file_free(BIO *a)
 	{
 	if (a == NULL) return(0);
 	if (a->shutdown)
@@ -168,24 +155,24 @@ BIO *a;
 	return(1);
 	}
 	
-static int MS_CALLBACK file_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int MS_CALLBACK file_read(BIO *b, char *out, int outl)
 	{
 	int ret=0;
 
 	if (b->init && (out != NULL))
 		{
 		ret=fread(out,1,(int)outl,(FILE *)b->ptr);
+		if(ret == 0 && ferror((FILE *)b->ptr))
+			{
+			SYSerr(SYS_F_FREAD,get_last_sys_error());
+			BIOerr(BIO_F_FILE_READ,ERR_R_SYS_LIB);
+			ret=-1;
+			}
 		}
 	return(ret);
 	}
 
-static int MS_CALLBACK file_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int MS_CALLBACK file_write(BIO *b, const char *in, int inl)
 	{
 	int ret=0;
 
@@ -194,18 +181,14 @@ int inl;
 		if (fwrite(in,(int)inl,1,(FILE *)b->ptr))
 			ret=inl;
 		/* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
-		/* acording to Tim Hudson <tjh@cryptsoft.com>, the commented
+		/* according to Tim Hudson <tjh@cryptsoft.com>, the commented
 		 * out version above can cause 'inl' write calls under
 		 * some stupid stdio implementations (VMS) */
 		}
 	return(ret);
 	}
 
-static long MS_CALLBACK file_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
 	{
 	long ret=1;
 	FILE *fp=(FILE *)b->ptr;
@@ -227,15 +210,20 @@ char *ptr;
 		break;
 	case BIO_C_SET_FILE_PTR:
 		file_free(b);
-		b->shutdown=(int)num;
+		b->shutdown=(int)num&BIO_CLOSE;
 		b->ptr=(char *)ptr;
 		b->init=1;
-#if defined(MSDOS) || defined(WINDOWS)
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS)
 		/* Set correct text/binary mode */
 		if (num & BIO_FP_TEXT)
 			_setmode(fileno((FILE *)ptr),_O_TEXT);
 		else
 			_setmode(fileno((FILE *)ptr),_O_BINARY);
+#elif defined(OPENSSL_SYS_OS2)
+		if (num & BIO_FP_TEXT)
+			setmode(fileno((FILE *)ptr), O_TEXT);
+		else
+			setmode(fileno((FILE *)ptr), O_BINARY);
 #endif
 		break;
 	case BIO_C_SET_FILENAME:
@@ -259,7 +247,7 @@ char *ptr;
 			ret=0;
 			break;
 			}
-#if defined(MSDOS) || defined(WINDOWS)
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS)
 		if (!(num & BIO_FP_TEXT))
 			strcat(p,"b");
 		else
@@ -309,10 +297,7 @@ char *ptr;
 	return(ret);
 	}
 
-static int MS_CALLBACK file_gets(bp,buf,size)
-BIO *bp;
-char *buf;
-int size;
+static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size)
 	{
 	int ret=0;
 
@@ -323,9 +308,7 @@ int size;
 	return(ret);
 	}
 
-static int MS_CALLBACK file_puts(bp,str)
-BIO *bp;
-char *str;
+static int MS_CALLBACK file_puts(BIO *bp, const char *str)
 	{
 	int n,ret;
 
@@ -334,7 +317,7 @@ char *str;
 	return(ret);
 	}
 
-#endif /* NO_STDIO */
+#endif /* OPENSSL_NO_STDIO */
 
 #endif /* HEADER_BSS_FILE_C */
 
diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c
new file mode 100644
index 0000000000..1eb678cac0
--- /dev/null
+++ b/crypto/bio/bss_log.c
@@ -0,0 +1,400 @@
+/* crypto/bio/bss_log.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+	Why BIO_s_log?
+
+	BIO_s_log is useful for system daemons (or services under NT).
+	It is one-way BIO, it sends all stuff to syslogd (on system that
+	commonly use that), or event log (on NT), or OPCOM (on OpenVMS).
+
+*/
+
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "cryptlib.h"
+
+#if defined(OPENSSL_SYS_WINCE)
+#elif defined(OPENSSL_SYS_WIN32)
+#  include <process.h>
+#elif defined(OPENSSL_SYS_VMS)
+#  include <opcdef.h>
+#  include <descrip.h>
+#  include <lib$routines.h>
+#  include <starlet.h>
+#elif defined(__ultrix)
+#  include <sys/syslog.h>
+#elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG)
+#  include <syslog.h>
+#endif
+
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+#ifndef NO_SYSLOG
+
+#if defined(OPENSSL_SYS_WIN32)
+#define LOG_EMERG	0
+#define LOG_ALERT	1
+#define LOG_CRIT	2
+#define LOG_ERR		3
+#define LOG_WARNING	4
+#define LOG_NOTICE	5
+#define LOG_INFO	6
+#define LOG_DEBUG	7
+
+#define LOG_DAEMON	(3<<3)
+#elif defined(OPENSSL_SYS_VMS)
+/* On VMS, we don't really care about these, but we need them to compile */
+#define LOG_EMERG	0
+#define LOG_ALERT	1
+#define LOG_CRIT	2
+#define LOG_ERR		3
+#define LOG_WARNING	4
+#define LOG_NOTICE	5
+#define LOG_INFO	6
+#define LOG_DEBUG	7
+
+#define LOG_DAEMON	OPC$M_NM_NTWORK
+#endif
+
+static int MS_CALLBACK slg_write(BIO *h, const char *buf, int num);
+static int MS_CALLBACK slg_puts(BIO *h, const char *str);
+static long MS_CALLBACK slg_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int MS_CALLBACK slg_new(BIO *h);
+static int MS_CALLBACK slg_free(BIO *data);
+static void xopenlog(BIO* bp, char* name, int level);
+static void xsyslog(BIO* bp, int priority, const char* string);
+static void xcloselog(BIO* bp);
+#ifdef OPENSSL_SYS_WIN32
+LONG	(WINAPI *go_for_advapi)()	= RegOpenKeyEx;
+HANDLE	(WINAPI *register_event_source)()	= NULL;
+BOOL	(WINAPI *deregister_event_source)()	= NULL;
+BOOL	(WINAPI *report_event)()	= NULL;
+#define DL_PROC(m,f)	(GetProcAddress( m, f ))
+#ifdef UNICODE
+#define DL_PROC_X(m,f) DL_PROC( m, f "W" )
+#else
+#define DL_PROC_X(m,f) DL_PROC( m, f "A" )
+#endif
+#endif
+
+static BIO_METHOD methods_slg=
+	{
+	BIO_TYPE_MEM,"syslog",
+	slg_write,
+	NULL,
+	slg_puts,
+	NULL,
+	slg_ctrl,
+	slg_new,
+	slg_free,
+	NULL,
+	};
+
+BIO_METHOD *BIO_s_log(void)
+	{
+	return(&methods_slg);
+	}
+
+static int MS_CALLBACK slg_new(BIO *bi)
+	{
+	bi->init=1;
+	bi->num=0;
+	bi->ptr=NULL;
+	xopenlog(bi, "application", LOG_DAEMON);
+	return(1);
+	}
+
+static int MS_CALLBACK slg_free(BIO *a)
+	{
+	if (a == NULL) return(0);
+	xcloselog(a);
+	return(1);
+	}
+	
+static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl)
+	{
+	int ret= inl;
+	char* buf;
+	char* pp;
+	int priority, i;
+	static struct
+		{
+		int strl;
+		char str[10];
+		int log_level;
+		}
+	mapping[] =
+		{
+		{ 6, "PANIC ", LOG_EMERG },
+		{ 6, "EMERG ", LOG_EMERG },
+		{ 4, "EMR ", LOG_EMERG },
+		{ 6, "ALERT ", LOG_ALERT },
+		{ 4, "ALR ", LOG_ALERT },
+		{ 5, "CRIT ", LOG_CRIT },
+		{ 4, "CRI ", LOG_CRIT },
+		{ 6, "ERROR ", LOG_ERR },
+		{ 4, "ERR ", LOG_ERR },
+		{ 8, "WARNING ", LOG_WARNING },
+		{ 5, "WARN ", LOG_WARNING },
+		{ 4, "WAR ", LOG_WARNING },
+		{ 7, "NOTICE ", LOG_NOTICE },
+		{ 5, "NOTE ", LOG_NOTICE },
+		{ 4, "NOT ", LOG_NOTICE },
+		{ 5, "INFO ", LOG_INFO },
+		{ 4, "INF ", LOG_INFO },
+		{ 6, "DEBUG ", LOG_DEBUG },
+		{ 4, "DBG ", LOG_DEBUG },
+		{ 0, "", LOG_ERR } /* The default */
+		};
+
+	if((buf= (char *)OPENSSL_malloc(inl+ 1)) == NULL){
+		return(0);
+	}
+	strncpy(buf, in, inl);
+	buf[inl]= '\0';
+
+	i = 0;
+	while(strncmp(buf, mapping[i].str, mapping[i].strl) != 0) i++;
+	priority = mapping[i].log_level;
+	pp = buf + mapping[i].strl;
+
+	xsyslog(b, priority, pp);
+
+	OPENSSL_free(buf);
+	return(ret);
+	}
+
+static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, void *ptr)
+	{
+	switch (cmd)
+		{
+	case BIO_CTRL_SET:
+		xcloselog(b);
+		xopenlog(b, ptr, num);
+		break;
+	default:
+		break;
+		}
+	return(0);
+	}
+
+static int MS_CALLBACK slg_puts(BIO *bp, const char *str)
+	{
+	int n,ret;
+
+	n=strlen(str);
+	ret=slg_write(bp,str,n);
+	return(ret);
+	}
+
+#if defined(OPENSSL_SYS_WIN32)
+
+static void xopenlog(BIO* bp, char* name, int level)
+{
+	if ( !register_event_source )
+		{
+		HANDLE	advapi;
+		if ( !(advapi = GetModuleHandle("advapi32")) )
+			return;
+		register_event_source = (HANDLE (WINAPI *)())DL_PROC_X(advapi,
+			"RegisterEventSource" );
+		deregister_event_source = (BOOL (WINAPI *)())DL_PROC(advapi,
+			"DeregisterEventSource");
+		report_event = (BOOL (WINAPI *)())DL_PROC_X(advapi,
+			"ReportEvent" );
+		if ( !(register_event_source && deregister_event_source &&
+				report_event) )
+			{
+			register_event_source = NULL;
+			deregister_event_source = NULL;
+			report_event = NULL;
+			return;
+			}
+		}
+	bp->ptr= (char *)register_event_source(NULL, name);
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+	LPCSTR lpszStrings[2];
+	WORD evtype= EVENTLOG_ERROR_TYPE;
+	int pid = _getpid();
+	char pidbuf[DECIMAL_SIZE(pid)+4];
+
+	switch (priority)
+		{
+	case LOG_EMERG:
+	case LOG_ALERT:
+	case LOG_CRIT:
+	case LOG_ERR:
+		evtype = EVENTLOG_ERROR_TYPE;
+		break;
+	case LOG_WARNING:
+		evtype = EVENTLOG_WARNING_TYPE;
+		break;
+	case LOG_NOTICE:
+	case LOG_INFO:
+	case LOG_DEBUG:
+		evtype = EVENTLOG_INFORMATION_TYPE;
+		break;
+	default:		/* Should never happen, but set it
+				   as error anyway. */
+		evtype = EVENTLOG_ERROR_TYPE;
+		break;
+		}
+
+	sprintf(pidbuf, "[%d] ", pid);
+	lpszStrings[0] = pidbuf;
+	lpszStrings[1] = string;
+
+	if(report_event && bp->ptr)
+		report_event(bp->ptr, evtype, 0, 1024, NULL, 2, 0,
+				lpszStrings, NULL);
+}
+	
+static void xcloselog(BIO* bp)
+{
+	if(deregister_event_source && bp->ptr)
+		deregister_event_source((HANDLE)(bp->ptr));
+	bp->ptr= NULL;
+}
+
+#elif defined(OPENSSL_SYS_VMS)
+
+static int VMS_OPC_target = LOG_DAEMON;
+
+static void xopenlog(BIO* bp, char* name, int level)
+{
+	VMS_OPC_target = level; 
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+	struct dsc$descriptor_s opc_dsc;
+	struct opcdef *opcdef_p;
+	char buf[10240];
+	unsigned int len;
+        struct dsc$descriptor_s buf_dsc;
+	$DESCRIPTOR(fao_cmd, "!AZ: !AZ");
+	char *priority_tag;
+
+	switch (priority)
+	  {
+	  case LOG_EMERG: priority_tag = "Emergency"; break;
+	  case LOG_ALERT: priority_tag = "Alert"; break;
+	  case LOG_CRIT: priority_tag = "Critical"; break;
+	  case LOG_ERR: priority_tag = "Error"; break;
+	  case LOG_WARNING: priority_tag = "Warning"; break;
+	  case LOG_NOTICE: priority_tag = "Notice"; break;
+	  case LOG_INFO: priority_tag = "Info"; break;
+	  case LOG_DEBUG: priority_tag = "DEBUG"; break;
+	  }
+
+	buf_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+	buf_dsc.dsc$b_class = DSC$K_CLASS_S;
+	buf_dsc.dsc$a_pointer = buf;
+	buf_dsc.dsc$w_length = sizeof(buf) - 1;
+
+	lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string);
+
+	/* we know there's an 8 byte header.  That's documented */
+	opcdef_p = (struct opcdef *) OPENSSL_malloc(8 + len);
+	opcdef_p->opc$b_ms_type = OPC$_RQ_RQST;
+	memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3);
+	opcdef_p->opc$l_ms_rqstid = 0;
+	memcpy(&opcdef_p->opc$l_ms_text, buf, len);
+
+	opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+	opc_dsc.dsc$b_class = DSC$K_CLASS_S;
+	opc_dsc.dsc$a_pointer = (char *)opcdef_p;
+	opc_dsc.dsc$w_length = len + 8;
+
+	sys$sndopr(opc_dsc, 0);
+
+	OPENSSL_free(opcdef_p);
+}
+
+static void xcloselog(BIO* bp)
+{
+}
+
+#else /* Unix/Watt32 */
+
+static void xopenlog(BIO* bp, char* name, int level)
+{
+#ifdef WATT32   /* djgpp/DOS */
+	openlog(name, LOG_PID|LOG_CONS|LOG_NDELAY, level);
+#else
+	openlog(name, LOG_PID|LOG_CONS, level);
+#endif
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+	syslog(priority, "%s", string);
+}
+
+static void xcloselog(BIO* bp)
+{
+	closelog();
+}
+
+#endif /* Unix */
+
+#endif /* NO_SYSLOG */
diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c
index 8a2efb938c..a4edb711ae 100644
--- a/crypto/bio/bss_mem.c
+++ b/crypto/bio/bss_mem.c
@@ -59,26 +59,15 @@
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "bio.h"
+#include <openssl/bio.h>
 
-#ifndef NOPROTO
-static int mem_write(BIO *h,char *buf,int num);
-static int mem_read(BIO *h,char *buf,int size);
-static int mem_puts(BIO *h,char *str);
-static int mem_gets(BIO *h,char *str,int size);
-static long mem_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int mem_write(BIO *h, const char *buf, int num);
+static int mem_read(BIO *h, char *buf, int size);
+static int mem_puts(BIO *h, const char *str);
+static int mem_gets(BIO *h, char *str, int size);
+static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int mem_new(BIO *h);
 static int mem_free(BIO *data);
-#else
-static int mem_write();
-static int mem_read();
-static int mem_puts();
-static int mem_gets();
-static long mem_ctrl();
-static int mem_new();
-static int mem_free();
-#endif
-
 static BIO_METHOD mem_method=
 	{
 	BIO_TYPE_MEM,
@@ -90,18 +79,38 @@ static BIO_METHOD mem_method=
 	mem_ctrl,
 	mem_new,
 	mem_free,
+	NULL,
 	};
 
 /* bio->num is used to hold the value to return on 'empty', if it is
  * 0, should_retry is not set */
 
-BIO_METHOD *BIO_s_mem()
+BIO_METHOD *BIO_s_mem(void)
 	{
 	return(&mem_method);
 	}
 
-static int mem_new(bi)
-BIO *bi;
+BIO *BIO_new_mem_buf(void *buf, int len)
+{
+	BIO *ret;
+	BUF_MEM *b;
+	if (!buf) {
+		BIOerr(BIO_F_BIO_NEW_MEM_BUF,BIO_R_NULL_PARAMETER);
+		return NULL;
+	}
+	if(len == -1) len = strlen(buf);
+	if(!(ret = BIO_new(BIO_s_mem())) ) return NULL;
+	b = (BUF_MEM *)ret->ptr;
+	b->data = buf;
+	b->length = len;
+	b->max = len;
+	ret->flags |= BIO_FLAGS_MEM_RDONLY;
+	/* Since this is static data retrying wont help */
+	ret->num = 0;
+	return ret;
+}
+
+static int mem_new(BIO *bi)
 	{
 	BUF_MEM *b;
 
@@ -114,25 +123,24 @@ BIO *bi;
 	return(1);
 	}
 
-static int mem_free(a)
-BIO *a;
+static int mem_free(BIO *a)
 	{
 	if (a == NULL) return(0);
 	if (a->shutdown)
 		{
 		if ((a->init) && (a->ptr != NULL))
 			{
-			BUF_MEM_free((BUF_MEM *)a->ptr);
+			BUF_MEM *b;
+			b = (BUF_MEM *)a->ptr;
+			if(a->flags & BIO_FLAGS_MEM_RDONLY) b->data = NULL;
+			BUF_MEM_free(b);
 			a->ptr=NULL;
 			}
 		}
 	return(1);
 	}
 	
-static int mem_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int mem_read(BIO *b, char *out, int outl)
 	{
 	int ret= -1;
 	BUF_MEM *bm;
@@ -142,29 +150,27 @@ int outl;
 	bm=(BUF_MEM *)b->ptr;
 	BIO_clear_retry_flags(b);
 	ret=(outl > bm->length)?bm->length:outl;
-	if ((out != NULL) && (ret > 0))
-		{
+	if ((out != NULL) && (ret > 0)) {
 		memcpy(out,bm->data,ret);
 		bm->length-=ret;
 		/* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */
-		from=(char *)&(bm->data[ret]);
-		to=(char *)&(bm->data[0]);
-		for (i=0; i<bm->length; i++)
-			to[i]=from[i];
+		if(b->flags & BIO_FLAGS_MEM_RDONLY) bm->data += ret;
+		else {
+			from=(char *)&(bm->data[ret]);
+			to=(char *)&(bm->data[0]);
+			for (i=0; i<bm->length; i++)
+				to[i]=from[i];
 		}
-	else if (bm->length == 0)
+	} else if (bm->length == 0)
 		{
-		if (b->num != 0)
+		ret = b->num;
+		if (ret != 0)
 			BIO_set_retry_read(b);
-		ret= b->num;
 		}
 	return(ret);
 	}
 
-static int mem_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int mem_write(BIO *b, const char *in, int inl)
 	{
 	int ret= -1;
 	int blen;
@@ -177,9 +183,14 @@ int inl;
 		goto end;
 		}
 
+	if(b->flags & BIO_FLAGS_MEM_RDONLY) {
+		BIOerr(BIO_F_MEM_WRITE,BIO_R_WRITE_TO_READ_ONLY_BIO);
+		goto end;
+	}
+
 	BIO_clear_retry_flags(b);
 	blen=bm->length;
-	if (BUF_MEM_grow(bm,blen+inl) != (blen+inl))
+	if (BUF_MEM_grow_clean(bm,blen+inl) != (blen+inl))
 		goto end;
 	memcpy(&(bm->data[blen]),in,inl);
 	ret=inl;
@@ -187,11 +198,7 @@ end:
 	return(ret);
 	}
 
-static long mem_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
 	{
 	long ret=1;
 	char **pptr;
@@ -202,8 +209,19 @@ char *ptr;
 		{
 	case BIO_CTRL_RESET:
 		if (bm->data != NULL)
-			memset(bm->data,0,bm->max);
-		bm->length=0;
+			{
+			/* For read only case reset to the start again */
+			if(b->flags & BIO_FLAGS_MEM_RDONLY) 
+				{
+				bm->data -= bm->max - bm->length;
+				bm->length = bm->max;
+				}
+			else
+				{
+				memset(bm->data,0,bm->max);
+				bm->length=0;
+				}
+			}
 		break;
 	case BIO_CTRL_EOF:
 		ret=(long)(bm->length == 0);
@@ -257,10 +275,7 @@ char *ptr;
 	return(ret);
 	}
 
-static int mem_gets(bp,buf,size)
-BIO *bp;
-char *buf;
-int size;
+static int mem_gets(BIO *bp, char *buf, int size)
 	{
 	int i,j;
 	int ret= -1;
@@ -269,7 +284,11 @@ int size;
 
 	BIO_clear_retry_flags(bp);
 	j=bm->length;
-	if (j <= 0) return(0);
+	if (j <= 0)
+		{
+		*buf='\0';
+		return 0;
+		}
 	p=bm->data;
 	for (i=0; i<j; i++)
 		{
@@ -290,9 +309,7 @@ int size;
 	return(ret);
 	}
 
-static int mem_puts(bp,str)
-BIO *bp;
-char *str;
+static int mem_puts(BIO *bp, const char *str)
 	{
 	int n,ret;
 
diff --git a/crypto/bio/bss_null.c b/crypto/bio/bss_null.c
index 0791a2471a..46b73339df 100644
--- a/crypto/bio/bss_null.c
+++ b/crypto/bio/bss_null.c
@@ -59,26 +59,15 @@
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "bio.h"
+#include <openssl/bio.h>
 
-#ifndef NOPROTO
-static int null_write(BIO *h,char *buf,int num);
-static int null_read(BIO *h,char *buf,int size);
-static int null_puts(BIO *h,char *str);
-static int null_gets(BIO *h,char *str,int size);
-static long null_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int null_write(BIO *h, const char *buf, int num);
+static int null_read(BIO *h, char *buf, int size);
+static int null_puts(BIO *h, const char *str);
+static int null_gets(BIO *h, char *str, int size);
+static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int null_new(BIO *h);
 static int null_free(BIO *data);
-#else
-static int null_write();
-static int null_read();
-static int null_puts();
-static int null_gets();
-static long null_ctrl();
-static int null_new();
-static int null_free();
-#endif
-
 static BIO_METHOD null_method=
 	{
 	BIO_TYPE_NULL,
@@ -90,15 +79,15 @@ static BIO_METHOD null_method=
 	null_ctrl,
 	null_new,
 	null_free,
+	NULL,
 	};
 
-BIO_METHOD *BIO_s_null()
+BIO_METHOD *BIO_s_null(void)
 	{
 	return(&null_method);
 	}
 
-static int null_new(bi)
-BIO *bi;
+static int null_new(BIO *bi)
 	{
 	bi->init=1;
 	bi->num=0;
@@ -106,34 +95,23 @@ BIO *bi;
 	return(1);
 	}
 
-static int null_free(a)
-BIO *a;
+static int null_free(BIO *a)
 	{
 	if (a == NULL) return(0);
 	return(1);
 	}
 	
-static int null_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int null_read(BIO *b, char *out, int outl)
 	{
 	return(0);
 	}
 
-static int null_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int null_write(BIO *b, const char *in, int inl)
 	{
 	return(inl);
 	}
 
-static long null_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long null_ctrl(BIO *b, int cmd, long num, void *ptr)
 	{
 	long ret=1;
 
@@ -159,17 +137,12 @@ char *ptr;
 	return(ret);
 	}
 
-static int null_gets(bp,buf,size)
-BIO *bp;
-char *buf;
-int size;
+static int null_gets(BIO *bp, char *buf, int size)
 	{
 	return(0);
 	}
 
-static int null_puts(bp,str)
-BIO *bp;
-char *str;
+static int null_puts(BIO *bp, const char *str)
 	{
 	if (str == NULL) return(0);
 	return(strlen(str));
diff --git a/crypto/bio/bss_rtcp.c b/crypto/bio/bss_rtcp.c
index 6eb434dee8..7dae485564 100644
--- a/crypto/bio/bss_rtcp.c
+++ b/crypto/bio/bss_rtcp.c
@@ -58,6 +58,7 @@
 
 /* Written by David L. Jones <jonesd@kcgl1.eng.ohio-state.edu>
  * Date:   22-JUL-1996
+ * Revised: 25-SEP-1997		Update for 0.8.1, BIO_CTRL_SET -> BIO_C_SET_FD
  */
 /* VMS */
 #include <stdio.h>
@@ -65,10 +66,11 @@
 #include <string.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "bio.h"
+#include <openssl/bio.h>
 
 #include <iodef.h>		/* VMS IO$_ definitions */
-extern int SYS$QIOW();
+#include <starlet.h>
+
 typedef unsigned short io_channel;
 /*************************************************************************/
 struct io_status { short status, count; long flags; };
@@ -86,11 +88,11 @@ struct rpc_ctx {
     struct rpc_msg msg;
 };
 
-static int rtcp_write(BIO *h,char *buf,int num);
+static int rtcp_write(BIO *h,const char *buf,int num);
 static int rtcp_read(BIO *h,char *buf,int size);
-static int rtcp_puts(BIO *h,char *str);
+static int rtcp_puts(BIO *h,const char *str);
 static int rtcp_gets(BIO *h,char *str,int size);
-static long rtcp_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static long rtcp_ctrl(BIO *h,int cmd,long arg1,void *arg2);
 static int rtcp_new(BIO *h);
 static int rtcp_free(BIO *data);
 
@@ -105,20 +107,27 @@ static BIO_METHOD rtcp_method=
 	rtcp_ctrl,
 	rtcp_new,
 	rtcp_free,
+	NULL,
 	};
 
-BIO_METHOD *BIO_s_rtcp()
+BIO_METHOD *BIO_s_rtcp(void)
 	{
 	return(&rtcp_method);
 	}
 /*****************************************************************************/
 /* Decnet I/O routines.
  */
+
+#ifdef __DECC
+#pragma message save
+#pragma message disable DOLLARID
+#endif
+
 static int get ( io_channel chan, char *buffer, int maxlen, int *length )
 {
     int status;
     struct io_status iosb;
-    status = SYS$QIOW ( 0, chan, IO$_READVBLK, &iosb, 0, 0,
+    status = sys$qiow ( 0, chan, IO$_READVBLK, &iosb, 0, 0,
 	buffer, maxlen, 0, 0, 0, 0 );
     if ( (status&1) == 1 ) status = iosb.status;
     if ( (status&1) == 1 ) *length = iosb.count;
@@ -129,40 +138,40 @@ static int put ( io_channel chan, char *buffer, int length )
 {
     int status;
     struct io_status iosb;
-    status = SYS$QIOW ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0,
+    status = sys$qiow ( 0, chan, IO$_WRITEVBLK, &iosb, 0, 0,
 	buffer, length, 0, 0, 0, 0 );
     if ( (status&1) == 1 ) status = iosb.status;
     return status;
 }
+
+#ifdef __DECC
+#pragma message restore
+#endif
+
 /***************************************************************************/
 
-static int rtcp_new(bi)
-BIO *bi;
+static int rtcp_new(BIO *bi)
 {
     struct rpc_ctx *ctx;
 	bi->init=1;
 	bi->num=0;
 	bi->flags = 0;
-	bi->ptr=Malloc(sizeof(struct rpc_ctx));
+	bi->ptr=OPENSSL_malloc(sizeof(struct rpc_ctx));
 	ctx = (struct rpc_ctx *) bi->ptr;
 	ctx->filled = 0;
 	ctx->pos = 0;
 	return(1);
 }
 
-static int rtcp_free(a)
-BIO *a;
+static int rtcp_free(BIO *a)
 {
 	if (a == NULL) return(0);
-	if ( a->ptr ) Free ( a->ptr );
+	if ( a->ptr ) OPENSSL_free ( a->ptr );
 	a->ptr = NULL;
 	return(1);
 }
 	
-static int rtcp_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int rtcp_read(BIO *b, char *out, int outl)
 {
     int status, length;
     struct rpc_ctx *ctx;
@@ -209,10 +218,7 @@ int outl;
     return length;
 }
 
-static int rtcp_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int rtcp_write(BIO *b, const char *in, int inl)
 {
     int status, i, segment, length;
     struct rpc_ctx *ctx;
@@ -241,11 +247,7 @@ int inl;
     return(i);
 }
 
-static long rtcp_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long rtcp_ctrl(BIO *b, int cmd, long num, void *ptr)
 	{
 	long ret=1;
 
@@ -255,7 +257,7 @@ char *ptr;
 	case BIO_CTRL_EOF:
 		ret = 1;
 		break;
-	case BIO_CTRL_SET:
+	case BIO_C_SET_FD:
 		b->num = num;
 		ret = 1;
 	 	break;
@@ -276,17 +278,12 @@ char *ptr;
 	return(ret);
 	}
 
-static int rtcp_gets(bp,buf,size)
-BIO *bp;
-char *buf;
-int size;
+static int rtcp_gets(BIO *bp, char *buf, int size)
 	{
 	return(0);
 	}
 
-static int rtcp_puts(bp,str)
-BIO *bp;
-char *str;
+static int rtcp_puts(BIO *bp, const char *str)
 {
     int length;
     if (str == NULL) return(0);
diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c
index a664377d39..2c1c405ec7 100644
--- a/crypto/bio/bss_sock.c
+++ b/crypto/bio/bss_sock.c
@@ -56,55 +56,28 @@
  * [including the GNU Public Licence.]
  */
 
-#if !defined(NO_SOCK) || defined(BIO_FD)
+#ifndef OPENSSL_NO_SOCK
 
 #include <stdio.h>
 #include <errno.h>
 #define USE_SOCKETS
 #include "cryptlib.h"
-#include "bio.h"
+#include <openssl/bio.h>
 
-#ifndef BIO_FD
-#ifndef NOPROTO
-static int sock_write(BIO *h,char *buf,int num);
-static int sock_read(BIO *h,char *buf,int size);
-static int sock_puts(BIO *h,char *str);
-static long sock_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+#ifdef WATT32
+#define sock_write SockWrite  /* Watt-32 uses same names */
+#define sock_read  SockRead
+#define sock_puts  SockPuts
+#endif
+
+static int sock_write(BIO *h, const char *buf, int num);
+static int sock_read(BIO *h, char *buf, int size);
+static int sock_puts(BIO *h, const char *str);
+static long sock_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int sock_new(BIO *h);
 static int sock_free(BIO *data);
 int BIO_sock_should_retry(int s);
-#else
-static int sock_write();
-static int sock_read();
-static int sock_puts();
-static long sock_ctrl();
-static int sock_new();
-static int sock_free();
-int BIO_sock_should_retry();
-#endif
-
-#else
-
-#ifndef NOPROTO
-static int fd_write(BIO *h,char *buf,int num);
-static int fd_read(BIO *h,char *buf,int size);
-static int fd_puts(BIO *h,char *str);
-static long fd_ctrl(BIO *h,int cmd,long arg1,char *arg2);
-static int fd_new(BIO *h);
-static int fd_free(BIO *data);
-int BIO_fd_should_retry(int s);
-#else
-static int fd_write();
-static int fd_read();
-static int fd_puts();
-static long fd_ctrl();
-static int fd_new();
-static int fd_free();
-int BIO_fd_should_retry();
-#endif
-#endif
 
-#ifndef BIO_FD
 static BIO_METHOD methods_sockp=
 	{
 	BIO_TYPE_SOCKET,
@@ -116,57 +89,25 @@ static BIO_METHOD methods_sockp=
 	sock_ctrl,
 	sock_new,
 	sock_free,
+	NULL,
 	};
 
-BIO_METHOD *BIO_s_socket()
+BIO_METHOD *BIO_s_socket(void)
 	{
 	return(&methods_sockp);
 	}
-#else
-static BIO_METHOD methods_fdp=
-	{
-	BIO_TYPE_FD,"file descriptor",
-	fd_write,
-	fd_read,
-	fd_puts,
-	NULL, /* fd_gets, */
-	fd_ctrl,
-	fd_new,
-	fd_free,
-	};
-
-BIO_METHOD *BIO_s_fd()
-	{
-	return(&methods_fdp);
-	}
-#endif
 
-#ifndef BIO_FD
-BIO *BIO_new_socket(fd,close_flag)
-#else
-BIO *BIO_new_fd(fd,close_flag)
-#endif
-int fd;
-int close_flag;
+BIO *BIO_new_socket(int fd, int close_flag)
 	{
 	BIO *ret;
 
-#ifndef BIO_FD
 	ret=BIO_new(BIO_s_socket());
-#else
-	ret=BIO_new(BIO_s_fd());
-#endif
 	if (ret == NULL) return(NULL);
 	BIO_set_fd(ret,fd,close_flag);
 	return(ret);
 	}
 
-#ifndef BIO_FD
-static int sock_new(bi)
-#else
-static int fd_new(bi)
-#endif
-BIO *bi;
+static int sock_new(BIO *bi)
 	{
 	bi->init=0;
 	bi->num=0;
@@ -175,25 +116,14 @@ BIO *bi;
 	return(1);
 	}
 
-#ifndef BIO_FD
-static int sock_free(a)
-#else
-static int fd_free(a)
-#endif
-BIO *a;
+static int sock_free(BIO *a)
 	{
 	if (a == NULL) return(0);
 	if (a->shutdown)
 		{
 		if (a->init)
 			{
-#ifndef BIO_FD
-			shutdown(a->num,2);
-			closesocket(a->num);
-#else			/* BIO_FD */
-			close(a->num);
-#endif
-
+			SHUTDOWN2(a->num);
 			}
 		a->init=0;
 		a->flags=0;
@@ -201,80 +131,40 @@ BIO *a;
 	return(1);
 	}
 	
-#ifndef BIO_FD
-static int sock_read(b,out,outl)
-#else
-static int fd_read(b,out,outl)
-#endif
-BIO *b;
-char *out;
-int outl;
+static int sock_read(BIO *b, char *out, int outl)
 	{
 	int ret=0;
 
 	if (out != NULL)
 		{
-#ifndef BIO_FD
 		clear_socket_error();
 		ret=readsocket(b->num,out,outl);
-#else
-		clear_sys_error();
-		ret=read(b->num,out,outl);
-#endif
 		BIO_clear_retry_flags(b);
 		if (ret <= 0)
 			{
-#ifndef BIO_FD
 			if (BIO_sock_should_retry(ret))
-#else
-			if (BIO_fd_should_retry(ret))
-#endif
 				BIO_set_retry_read(b);
 			}
 		}
 	return(ret);
 	}
 
-#ifndef BIO_FD
-static int sock_write(b,in,inl)
-#else
-static int fd_write(b,in,inl)
-#endif
-BIO *b;
-char *in;
-int inl;
+static int sock_write(BIO *b, const char *in, int inl)
 	{
 	int ret;
 	
-#ifndef BIO_FD
 	clear_socket_error();
 	ret=writesocket(b->num,in,inl);
-#else
-	clear_sys_error();
-	ret=write(b->num,in,inl);
-#endif
 	BIO_clear_retry_flags(b);
 	if (ret <= 0)
 		{
-#ifndef BIO_FD
 		if (BIO_sock_should_retry(ret))
-#else
-		if (BIO_fd_should_retry(ret))
-#endif
 			BIO_set_retry_write(b);
 		}
 	return(ret);
 	}
 
-#ifndef BIO_FD
-static long sock_ctrl(b,cmd,num,ptr)
-#else
-static long fd_ctrl(b,cmd,num,ptr)
-#endif
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
 	{
 	long ret=1;
 	int *ip;
@@ -284,26 +174,14 @@ char *ptr;
 	case BIO_CTRL_RESET:
 		num=0;
 	case BIO_C_FILE_SEEK:
-#ifdef BIO_FD
-		ret=(long)lseek(b->num,num,0);
-#else
 		ret=0;
-#endif
 		break;
 	case BIO_C_FILE_TELL:
 	case BIO_CTRL_INFO:
-#ifdef BIO_FD
-		ret=(long)lseek(b->num,0,1);
-#else
 		ret=0;
-#endif
 		break;
 	case BIO_C_SET_FD:
-#ifndef BIO_FD
 		sock_free(b);
-#else
-		fd_free(b);
-#endif
 		b->num= *((int *)ptr);
 		b->shutdown=(int)num;
 		b->init=1;
@@ -339,76 +217,38 @@ char *ptr;
 	return(ret);
 	}
 
-#ifdef undef
-static int sock_gets(bp,buf,size)
-BIO *bp;
-char *buf;
-int size;
-	{
-	return(-1);
-	}
-#endif
-
-#ifndef BIO_FD
-static int sock_puts(bp,str)
-#else
-static int fd_puts(bp,str)
-#endif
-BIO *bp;
-char *str;
+static int sock_puts(BIO *bp, const char *str)
 	{
 	int n,ret;
 
 	n=strlen(str);
-#ifndef BIO_FD
 	ret=sock_write(bp,str,n);
-#else
-	ret=fd_write(bp,str,n);
-#endif
 	return(ret);
 	}
 
-#ifndef BIO_FD
-int BIO_sock_should_retry(i)
-#else
-int BIO_fd_should_retry(i)
-#endif
-int i;
+int BIO_sock_should_retry(int i)
 	{
 	int err;
 
 	if ((i == 0) || (i == -1))
 		{
-#ifndef BIO_FD
 		err=get_last_socket_error();
-#else
-		err=get_last_sys_error();
-#endif
 
-#if defined(WINDOWS) /* more microsoft stupidity */
+#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
 		if ((i == -1) && (err == 0))
 			return(1);
 #endif
 
-#ifndef BIO_FD
 		return(BIO_sock_non_fatal_error(err));
-#else
-		return(BIO_fd_non_fatal_error(err));
-#endif
 		}
 	return(0);
 	}
 
-#ifndef BIO_FD
-int BIO_sock_non_fatal_error(err)
-#else
-int BIO_fd_non_fatal_error(err)
-#endif
-int err;
+int BIO_sock_non_fatal_error(int err)
 	{
 	switch (err)
 		{
-#if !defined(BIO_FD) && defined(WINDOWS)
+#if defined(OPENSSL_SYS_WINDOWS)
 # if defined(WSAEWOULDBLOCK)
 	case WSAEWOULDBLOCK:
 # endif
diff --git a/crypto/bio/cd b/crypto/bio/cd
deleted file mode 100644
index e69de29bb2..0000000000
--- a/crypto/bio/cd
+++ /dev/null
diff --git a/crypto/bio/fg b/crypto/bio/fg
deleted file mode 100644
index e69de29bb2..0000000000
--- a/crypto/bio/fg
+++ /dev/null
diff --git a/crypto/bio/grep b/crypto/bio/grep
deleted file mode 100644
index e69de29bb2..0000000000
--- a/crypto/bio/grep
+++ /dev/null
diff --git a/crypto/bio/vi b/crypto/bio/vi
deleted file mode 100644
index e69de29bb2..0000000000
--- a/crypto/bio/vi
+++ /dev/null
diff --git a/crypto/bn/.cvsignore b/crypto/bn/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/bn/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/bn/DSA b/crypto/bn/DSA
deleted file mode 100644
index 83f257c84f..0000000000
--- a/crypto/bn/DSA
+++ /dev/null
@@ -1,2 +0,0 @@
-DSA wants 64*32 to use word mont mul, but
-RSA wants to use full.
diff --git a/crypto/bn/Makefile.ssl b/crypto/bn/Makefile.ssl
index 0a365fca6a..d0b64585ed 100644
--- a/crypto/bn/Makefile.ssl
+++ b/crypto/bn/Makefile.ssl
@@ -5,11 +5,15 @@
 DIR=	bn
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+CPP=    $(CC) -E
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -19,22 +23,28 @@ BN_ASM=		bn_asm.o
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=bn
-ERRC=bn_err
+# We let the C compiler driver to take care of .s files. This is done in
+# order to be excused from maintaining a separate set of architecture
+# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+# gcc, then the driver will automatically translate it to -xarch=v8plus
+# and pass it down to assembler.
+AS=$(CC) -c
+ASFLAGS=$(CFLAGS)
+
 GENERAL=Makefile
 TEST=bntest.c exptest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_mul.c \
+LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
 	bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
-	bn_gcd.c bn_prime.c $(ERRC).c bn_sqr.c bn_asm.c bn_recp.c bn_mont.c \
-	bn_mpi.c bn_exp2.c
+	bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
+	bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c
 
-LIBOBJ=	bn_add.o bn_div.o bn_exp.o bn_lib.o bn_mul.o \
+LIBOBJ=	bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
 	bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
-	bn_gcd.o bn_prime.o $(ERRC).o bn_sqr.o $(BN_ASM) bn_recp.o bn_mont.o \
-	bn_mpi.o bn_exp2.o
+	bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
+	bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o
 
 SRC= $(LIBSRC)
 
@@ -48,24 +58,26 @@ top:
 
 all:	lib
 
-knuth: bn_knuth.c
-	cc -pg -I.. -I../../include bn_knuth.c -o knuth $(LIB) #../../../libefence.a
+bn_prime.h: bn_prime.pl
+	$(PERL) bn_prime.pl >bn_prime.h
 
-knuth.fast: bn_knuth.c
-	cc -pg -fast -I.. -I../../include bn_knuth.c -o knuth $(LIB) #../../../libefence.a
+divtest: divtest.c ../../libcrypto.a
+	cc -I../../include divtest.c -o divtest ../../libcrypto.a
 
+bnbug: bnbug.c ../../libcrypto.a top
+	cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 # elf
 asm/bn86-elf.o: asm/bn86unix.cpp
-	$(CPP) -DELF asm/bn86unix.cpp | as -o asm/bn86-elf.o
+	$(CPP) -DELF -x c asm/bn86unix.cpp | as -o asm/bn86-elf.o
 
 asm/co86-elf.o: asm/co86unix.cpp
-	$(CPP) -DELF asm/co86unix.cpp | as -o asm/co86-elf.o
+	$(CPP) -DELF -x c asm/co86unix.cpp | as -o asm/co86-elf.o
 
 # solaris
 asm/bn86-sol.o: asm/bn86unix.cpp
@@ -92,43 +104,60 @@ asm/bn86bsdi.o: asm/bn86unix.cpp
 asm/co86bsdi.o: asm/co86unix.cpp
 	$(CPP) -DBSDI asm/co86unix.cpp | sed 's/ :/:/' | as -o asm/co86bsdi.o
 
-asm/bn86unix.cpp:
-	(cd asm; perl bn-586.pl cpp >bn86unix.cpp )
+asm/bn86unix.cpp: asm/bn-586.pl ../perlasm/x86asm.pl
+	(cd asm; $(PERL) bn-586.pl cpp >bn86unix.cpp )
+
+asm/co86unix.cpp: asm/co-586.pl ../perlasm/x86asm.pl
+	(cd asm; $(PERL) co-586.pl cpp >co86unix.cpp )
+
+asm/sparcv8.o: asm/sparcv8.S
+
+asm/sparcv8plus.o: asm/sparcv8plus.S
 
-asm/co86unix.cpp:
-	(cd asm; perl co-586.pl cpp >co86unix.cpp )
+# Old GNU assembler doesn't understand V9 instructions, so we
+# hire /usr/ccs/bin/as to do the job. Note that option is called
+# *-gcc27, but even gcc 2>=8 users may experience similar problem
+# if they didn't bother to upgrade GNU assembler. Such users should
+# not choose this option, but be adviced to *remove* GNU assembler
+# or upgrade it.
+asm/sparcv8plus-gcc27.o: asm/sparcv8plus.S
+	$(CC) $(ASFLAGS) -E asm/sparcv8plus.S | \
+		/usr/ccs/bin/as -xarch=v8plus - -o asm/sparcv8plus-gcc27.o
 
-# MIPS 64 bit assember 
-asm/mips3.o: asm/mips3.s
-	/usr/bin/as -mips3 -O2 -o asm/mips3.o asm/mips3.s            
 
-# MIPS 32 bit assember
-asm/mips1.o: asm/mips1.s
-	/usr/bin/as -O2 -o asm/mips1.o asm/mips1.s
+asm/ia64.o:	asm/ia64.S
+
+# Some compiler drivers (most notably HP-UX and Intel C++) don't
+# understand .S extension:-( I wish I could pipe output from cc -E,
+# but it's too compiler driver/ABI dependent to cover with a single
+# rule...	<appro@fy.chalmers.se>
+asm/ia64-cpp.o:	asm/ia64.S
+	$(CC) $(ASFLAGS) -E asm/ia64.S > /tmp/ia64.$$$$.s &&	\
+	$(CC) $(ASFLAGS) -c -o asm/ia64-cpp.o /tmp/ia64.$$$$.s;	\
+	rm -f /tmp/ia64.$$$$.s
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 exptest:
-	/bin/rm -f exptest
+	rm -f exptest
 	gcc -I../../include -g2 -ggdb -o exptest exptest.c ../../libcrypto.a
 
 div:
-	/bin/rm -f a.out
+	rm -f a.out
 	gcc -I.. -g div.c ../../libcrypto.a
 
 tags:
@@ -140,18 +169,185 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).org # special case .org
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f asm/co86unix.cpp asm/bn86unix.cpp *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bn_add.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_add.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_add.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_add.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_add.o: ../cryptlib.h bn_add.c bn_lcl.h
+bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_asm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_asm.o: ../cryptlib.h bn_asm.c bn_lcl.h
+bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_blind.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_blind.o: ../cryptlib.h bn_blind.c bn_lcl.h
+bn_ctx.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_ctx.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_ctx.o: ../cryptlib.h bn_ctx.c bn_lcl.h
+bn_div.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_div.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_div.o: ../cryptlib.h bn_div.c bn_lcl.h
+bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+bn_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bn_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_err.o: ../../include/openssl/symhacks.h bn_err.c
+bn_exp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_exp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_exp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h
+bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_exp2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_exp2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_exp2.o: ../cryptlib.h bn_exp2.c bn_lcl.h
+bn_gcd.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_gcd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_gcd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_gcd.o: ../cryptlib.h bn_gcd.c bn_lcl.h
+bn_gf2m.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_gf2m.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_gf2m.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_gf2m.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_gf2m.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_gf2m.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_gf2m.o: ../cryptlib.h bn_gf2m.c bn_lcl.h
+bn_kron.o: ../../include/openssl/bn.h ../../include/openssl/e_os2.h
+bn_kron.o: ../../include/openssl/opensslconf.h bn_kron.c bn_lcl.h
+bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_lib.o: ../cryptlib.h bn_lcl.h bn_lib.c
+bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mod.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_mod.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_mod.o: ../cryptlib.h bn_lcl.h bn_mod.c
+bn_mont.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_mont.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_mont.o: ../cryptlib.h bn_lcl.h bn_mont.c
+bn_mpi.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mpi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mpi.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_mpi.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_mpi.o: ../cryptlib.h bn_lcl.h bn_mpi.c
+bn_mul.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_mul.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_mul.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_mul.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_mul.o: ../cryptlib.h bn_lcl.h bn_mul.c
+bn_nist.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_nist.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_nist.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_nist.o: ../cryptlib.h bn_lcl.h bn_nist.c
+bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_prime.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_prime.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bn_prime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_prime.o: ../cryptlib.h bn_lcl.h bn_prime.c bn_prime.h
+bn_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_print.o: ../cryptlib.h bn_lcl.h bn_print.c
+bn_rand.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_rand.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+bn_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_rand.o: ../cryptlib.h bn_lcl.h bn_rand.c
+bn_recp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_recp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_recp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_recp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_recp.o: ../cryptlib.h bn_lcl.h bn_recp.c
+bn_shift.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_shift.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_shift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_shift.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_shift.o: ../cryptlib.h bn_lcl.h bn_shift.c
+bn_sqr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_sqr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_sqr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_sqr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_sqr.o: ../cryptlib.h bn_lcl.h bn_sqr.c
+bn_sqrt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_sqrt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_sqrt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_sqrt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_sqrt.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_sqrt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_sqrt.o: ../cryptlib.h bn_lcl.h bn_sqrt.c
+bn_word.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+bn_word.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+bn_word.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bn_word.o: ../cryptlib.h bn_lcl.h bn_word.c
diff --git a/crypto/bn/alpha.s b/crypto/bn/alpha.s
deleted file mode 100644
index e69de29bb2..0000000000
--- a/crypto/bn/alpha.s
+++ /dev/null
diff --git a/crypto/bn/asm/.cvsignore b/crypto/bn/asm/.cvsignore
new file mode 100644
index 0000000000..bb16ec91c3
--- /dev/null
+++ b/crypto/bn/asm/.cvsignore
@@ -0,0 +1,2 @@
+bn86unix.cpp
+co86unix.cpp
diff --git a/crypto/bn/asm/README b/crypto/bn/asm/README
index d93fbff77f..b0f3a68a06 100644
--- a/crypto/bn/asm/README
+++ b/crypto/bn/asm/README
@@ -1,5 +1,7 @@
+<OBSOLETE>
+
 All assember in this directory are just version of the file
-crypto/bn/bn_mulw.c.
+crypto/bn/bn_asm.c.
 
 Quite a few of these files are just the assember output from gcc since on 
 quite a few machines they are 2 times faster than the system compiler.
@@ -15,16 +17,11 @@ On the 2 alpha C compilers I had access to, it was not possible to do
 were 64 bits).  So the hand assember gives access to the 128 bit result and
 a 2 times speedup :-).
 
-The x86xxxx.obj files are the assembled version of x86xxxx.asm files.
-I had such a hard time finding a macro assember for Microsoft, I decided to
-include the object file to save others the hassle :-).
+There are 3 versions of assember for the HP PA-RISC.
+
+pa-risc.s is the origional one which works fine and generated using gcc :-)
 
-I have also included uu encoded versions of the .obj incase they get
-trashed.
+pa-risc2W.s and pa-risc2.s are 64 and 32-bit PA-RISC 2.0 implementations
+by Chris Ruemmler from HP (with some help from the HP C compiler).
 
-There are 2 versions of assember for the HP PA-RISC.
-pa-risc.s is the origional one which works fine.
-pa-risc2.s is a new version that often generates warnings but if the
-tests pass, it gives performance that is over 2 times faster than
-pa-risc.s.
-Both were generated using gcc :-)
+</OBSOLETE>
diff --git a/crypto/bn/asm/a.out b/crypto/bn/asm/a.out
deleted file mode 100644
index cc5094ff45..0000000000
--- a/crypto/bn/asm/a.out
+++ /dev/null
diff --git a/crypto/bn/asm/alpha.s b/crypto/bn/asm/alpha.s
index cf0b69cff9..555ff0b92d 100644
--- a/crypto/bn/asm/alpha.s
+++ b/crypto/bn/asm/alpha.s
@@ -1,7 +1,7 @@
  # DEC Alpha assember
- # The bn_div64 is actually gcc output but the other parts are hand done.
+ # The bn_div_words is actually gcc output but the other parts are hand done.
  # Thanks to tzeruch@ceddec.com for sending me the gcc output for
- # bn_div64.
+ # bn_div_words.
  # I've gone back and re-done most of routines.
  # The key thing to remeber for the 164 CPU is that while a
  # multiply operation takes 8 cycles, another one can only be issued
@@ -328,11 +328,11 @@ $900:
  #
 .text
 	.align 3
-	.globl bn_div64
-	.ent bn_div64
-bn_div64:
+	.globl bn_div_words
+	.ent bn_div_words
+bn_div_words:
 	ldgp $29,0($27)
-bn_div64..ng:
+bn_div_words..ng:
 	lda $30,-48($30)
 	.frame $30,48,$26,0
 	stq $26,0($30)
@@ -453,7 +453,7 @@ $136:
 	ldq $13,40($30)
 	addq $30,48,$30
 	ret $31,($26),1
-	.end bn_div64
+	.end bn_div_words
 
 	.set noat
 	.text
@@ -694,567 +694,1868 @@ bn_mul_comba8:
 bn_mul_comba8..ng:
 	.frame $30,0,$26,0
 	.prologue 0
-
-	subq	$30,	16,	$30
-	ldq	$0,	0($17)
+	ldq	$1,	0($17)
+	ldq	$2,	0($18)
+	zapnot	$1,	15,	$7
+	srl	$2,	32,	$8
+	mulq	$8,	$7,	$22
+	srl	$1,	32,	$6
+	zapnot	$2,	15,	$5
+	mulq	$5,	$6,	$4
+	mulq	$7,	$5,	$24
+	addq	$22,	$4,	$22
+	cmpult	$22,	$4,	$1
+	mulq	$6,	$8,	$3
+	beq	$1,	$173
+	bis	$31,	1,	$1
+	sll	$1,	32,	$1
+	addq	$3,	$1,	$3
+$173:
+	sll	$22,	32,	$4
+	addq	$24,	$4,	$24
+	stq	$24,	0($16)
+	ldq	$2,	0($17)
+	ldq	$1,	8($18)
+	zapnot	$2,	15,	$7
+	srl	$1,	32,	$8
+	mulq	$8,	$7,	$25
+	zapnot	$1,	15,	$5
+	mulq	$7,	$5,	$0
+	srl	$2,	32,	$6
+	mulq	$5,	$6,	$23
+	mulq	$6,	$8,	$6
+	srl	$22,	32,	$1
+	cmpult	$24,	$4,	$2
+	addq	$3,	$1,	$3
+	addq	$2,	$3,	$22
+	addq	$25,	$23,	$25
+	cmpult	$25,	$23,	$1
+	bis	$31,	1,	$2
+	beq	$1,	$177
+	sll	$2,	32,	$1
+	addq	$6,	$1,	$6
+$177:
+	sll	$25,	32,	$23
 	ldq	$1,	0($18)
-	stq	$9,	0($30)
-	stq	$10,	8($30)
-	ldq	$2,	8($17)
-	ldq	$3,	8($18)
-	ldq	$4,	16($17)
-	ldq	$5,	16($18)
-	ldq	$6,	24($17)
-	ldq	$7,	24($18)
-	ldq	$8,	8($17)
-	ldq	$22,	8($18)
-	ldq	$23,	8($17)
-	ldq	$24,	8($18)
-	ldq	$25,	8($17)
-	ldq	$27,	8($18)
-	ldq	$28,	8($17)
-	ldq	$21,	8($18)
-	bis	$31,	$31,	$9
-	mulq	$0,	$1,	$20
-	umulh	$0,	$1,	$19
-	stq	$20,	0($16)
-	bis	$31,	$31,	$20
-	mulq	$0,	$3,	$10
-	umulh	$0,	$3,	$17
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$10
-	addq	$20,	$10,	$20
-	mulq	$2,	$1,	$18
-	umulh	$2,	$1,	$17
-	addq	$19,	$18,	$19
-	cmpult	$19,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$18
-	addq	$20,	$18,	$20
-	stq	$19,	8($16)
-	bis	$31,	$31,	$19
-	mulq	$0,	$5,	$10
-	umulh	$0,	$5,	$17
-	addq	$9,	$10,	$9
-	cmpult	$9,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$10
-	addq	$19,	$10,	$19
-	mulq	$2,	$3,	$18
-	umulh	$2,	$3,	$17
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$18
-	addq	$19,	$18,	$19
-	mulq	$4,	$1,	$10
-	umulh	$4,	$1,	$17
-	addq	$9,	$10,	$9
-	cmpult	$9,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$10
-	addq	$19,	$10,	$19
-	stq	$9,	16($16)
-	bis	$31,	$31,	$9
-	mulq	$0,	$7,	$18
-	umulh	$0,	$7,	$17
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$18
-	addq	$9,	$18,	$9
-	mulq	$2,	$5,	$10
-	umulh	$2,	$5,	$17
-	addq	$20,	$10,	$20
-	cmpult	$20,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$10
-	addq	$9,	$10,	$9
-	mulq	$4,	$3,	$18
-	umulh	$4,	$3,	$17
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$18
-	addq	$9,	$18,	$9
-	mulq	$6,	$1,	$10
-	umulh	$6,	$1,	$17
-	addq	$20,	$10,	$20
-	cmpult	$20,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$10
-	addq	$9,	$10,	$9
-	stq	$20,	24($16)
-	bis	$31,	$31,	$20
-	mulq	$0,	$22,	$18
-	umulh	$0,	$22,	$17
-	addq	$19,	$18,	$19
-	cmpult	$19,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$18
-	addq	$20,	$18,	$20
-	mulq	$2,	$7,	$10
-	umulh	$2,	$7,	$17
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$10
-	addq	$20,	$10,	$20
-	mulq	$4,	$5,	$18
-	umulh	$4,	$5,	$17
-	addq	$19,	$18,	$19
-	cmpult	$19,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$18
-	addq	$20,	$18,	$20
-	mulq	$6,	$3,	$10
-	umulh	$6,	$3,	$17
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$10
-	addq	$20,	$10,	$20
-	mulq	$8,	$1,	$18
-	umulh	$8,	$1,	$17
-	addq	$19,	$18,	$19
-	cmpult	$19,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$18
-	addq	$20,	$18,	$20
-	stq	$19,	32($16)
-	bis	$31,	$31,	$19
-	mulq	$0,	$24,	$10
-	umulh	$0,	$24,	$17
-	addq	$9,	$10,	$9
-	cmpult	$9,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$10
-	addq	$19,	$10,	$19
-	mulq	$2,	$22,	$18
-	umulh	$2,	$22,	$17
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$18
-	addq	$19,	$18,	$19
-	mulq	$4,	$7,	$10
-	umulh	$4,	$7,	$17
-	addq	$9,	$10,	$9
-	cmpult	$9,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$10
-	addq	$19,	$10,	$19
-	mulq	$6,	$5,	$18
-	umulh	$6,	$5,	$17
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$18
-	addq	$19,	$18,	$19
-	mulq	$8,	$3,	$10
-	umulh	$8,	$3,	$17
-	addq	$9,	$10,	$9
-	cmpult	$9,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$10
-	addq	$19,	$10,	$19
-	mulq	$23,	$1,	$18
-	umulh	$23,	$1,	$17
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$18
-	addq	$19,	$18,	$19
-	stq	$9,	40($16)
-	bis	$31,	$31,	$9
-	mulq	$0,	$27,	$10
-	umulh	$0,	$27,	$17
-	addq	$20,	$10,	$20
-	cmpult	$20,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$10
-	addq	$9,	$10,	$9
-	mulq	$2,	$24,	$18
-	umulh	$2,	$24,	$17
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$18
-	addq	$9,	$18,	$9
-	mulq	$4,	$22,	$10
-	umulh	$4,	$22,	$17
-	addq	$20,	$10,	$20
-	cmpult	$20,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$10
-	addq	$9,	$10,	$9
-	mulq	$6,	$7,	$18
-	umulh	$6,	$7,	$17
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$18
-	addq	$9,	$18,	$9
-	mulq	$8,	$5,	$10
-	umulh	$8,	$5,	$17
-	addq	$20,	$10,	$20
-	cmpult	$20,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$10
-	addq	$9,	$10,	$9
-	mulq	$23,	$3,	$18
-	umulh	$23,	$3,	$17
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$18
-	addq	$9,	$18,	$9
-	mulq	$25,	$1,	$10
-	umulh	$25,	$1,	$17
-	addq	$20,	$10,	$20
-	cmpult	$20,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$10
-	addq	$9,	$10,	$9
-	stq	$20,	48($16)
-	bis	$31,	$31,	$20
-	mulq	$0,	$21,	$18
-	umulh	$0,	$21,	$17
-	addq	$19,	$18,	$19
-	cmpult	$19,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$18
-	addq	$20,	$18,	$20
-	mulq	$2,	$27,	$10
-	umulh	$2,	$27,	$17
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$0
-	addq	$20,	$0,	$20
-	mulq	$4,	$24,	$10
-	umulh	$4,	$24,	$18
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$17
-	addq	$17,	$18,	$18
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$0
-	addq	$20,	$0,	$20
-	mulq	$6,	$22,	$10
-	umulh	$6,	$22,	$17
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$0
-	addq	$20,	$0,	$20
-	mulq	$8,	$7,	$10
-	umulh	$8,	$7,	$18
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$17
-	addq	$17,	$18,	$18
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$0
-	addq	$20,	$0,	$20
-	mulq	$23,	$5,	$10
-	umulh	$23,	$5,	$17
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$0
-	addq	$20,	$0,	$20
-	mulq	$25,	$3,	$10
-	umulh	$25,	$3,	$18
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$17
-	addq	$17,	$18,	$18
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$0
-	addq	$20,	$0,	$20
-	mulq	$28,	$1,	$10
-	umulh	$28,	$1,	$17
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$0
-	addq	$20,	$0,	$20
-	stq	$19,	56($16)
-	bis	$31,	$31,	$19
-	mulq	$2,	$21,	$10
-	umulh	$2,	$21,	$18
-	addq	$9,	$10,	$9
-	cmpult	$9,	$10,	$17
-	addq	$17,	$18,	$18
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$0
-	addq	$19,	$0,	$19
-	mulq	$4,	$27,	$1
-	umulh	$4,	$27,	$10
-	addq	$9,	$1,	$9
-	cmpult	$9,	$1,	$17
-	addq	$17,	$10,	$10
-	addq	$20,	$10,	$20
-	cmpult	$20,	$10,	$18
-	addq	$19,	$18,	$19
-	mulq	$6,	$24,	$0
-	umulh	$6,	$24,	$2
-	addq	$9,	$0,	$9
-	cmpult	$9,	$0,	$1
-	addq	$1,	$2,	$2
-	addq	$20,	$2,	$20
-	cmpult	$20,	$2,	$17
-	addq	$19,	$17,	$19
-	mulq	$8,	$22,	$10
-	umulh	$8,	$22,	$18
-	addq	$9,	$10,	$9
-	cmpult	$9,	$10,	$0
-	addq	$0,	$18,	$18
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$1
-	addq	$19,	$1,	$19
-	mulq	$23,	$7,	$2
-	umulh	$23,	$7,	$17
-	addq	$9,	$2,	$9
-	cmpult	$9,	$2,	$10
-	addq	$10,	$17,	$17
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$0
-	addq	$19,	$0,	$19
-	mulq	$25,	$5,	$18
-	umulh	$25,	$5,	$1
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$2
-	addq	$2,	$1,	$1
-	addq	$20,	$1,	$20
-	cmpult	$20,	$1,	$10
-	addq	$19,	$10,	$19
-	mulq	$28,	$3,	$17
-	umulh	$28,	$3,	$0
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$18
-	addq	$18,	$0,	$0
-	addq	$20,	$0,	$20
-	cmpult	$20,	$0,	$2
-	addq	$19,	$2,	$19
-	stq	$9,	64($16)
-	bis	$31,	$31,	$9
-	mulq	$4,	$21,	$1
-	umulh	$4,	$21,	$10
-	addq	$20,	$1,	$20
-	cmpult	$20,	$1,	$17
-	addq	$17,	$10,	$10
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$18
-	addq	$9,	$18,	$9
-	mulq	$6,	$27,	$0
-	umulh	$6,	$27,	$2
-	addq	$20,	$0,	$20
-	cmpult	$20,	$0,	$3
-	addq	$3,	$2,	$2
-	addq	$19,	$2,	$19
-	cmpult	$19,	$2,	$1
-	addq	$9,	$1,	$9
-	mulq	$8,	$24,	$17
-	umulh	$8,	$24,	$10
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$18
-	addq	$18,	$10,	$10
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$4
-	addq	$9,	$4,	$9
-	mulq	$23,	$22,	$0
-	umulh	$23,	$22,	$3
-	addq	$20,	$0,	$20
-	cmpult	$20,	$0,	$2
-	addq	$2,	$3,	$3
-	addq	$19,	$3,	$19
-	cmpult	$19,	$3,	$1
-	addq	$9,	$1,	$9
-	mulq	$25,	$7,	$17
-	umulh	$25,	$7,	$18
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$10
-	addq	$10,	$18,	$18
-	addq	$19,	$18,	$19
-	cmpult	$19,	$18,	$4
-	addq	$9,	$4,	$9
-	mulq	$28,	$5,	$0
-	umulh	$28,	$5,	$2
-	addq	$20,	$0,	$20
-	cmpult	$20,	$0,	$3
-	addq	$3,	$2,	$2
-	addq	$19,	$2,	$19
-	cmpult	$19,	$2,	$1
-	addq	$9,	$1,	$9
-	stq	$20,	72($16)
-	bis	$31,	$31,	$20
-	mulq	$6,	$21,	$17
-	umulh	$6,	$21,	$10
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$18
-	addq	$18,	$10,	$10
-	addq	$9,	$10,	$9
-	cmpult	$9,	$10,	$4
-	addq	$20,	$4,	$20
-	mulq	$8,	$27,	$0
-	umulh	$8,	$27,	$3
-	addq	$19,	$0,	$19
-	cmpult	$19,	$0,	$2
-	addq	$2,	$3,	$3
-	addq	$9,	$3,	$9
-	cmpult	$9,	$3,	$1
-	addq	$20,	$1,	$20
-	mulq	$23,	$24,	$5
-	umulh	$23,	$24,	$17
-	addq	$19,	$5,	$19
-	cmpult	$19,	$5,	$18
-	addq	$18,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$10
-	addq	$20,	$10,	$20
-	mulq	$25,	$22,	$4
-	umulh	$25,	$22,	$6
-	addq	$19,	$4,	$19
-	cmpult	$19,	$4,	$0
-	addq	$0,	$6,	$6
-	addq	$9,	$6,	$9
-	cmpult	$9,	$6,	$2
-	addq	$20,	$2,	$20
-	mulq	$28,	$7,	$3
-	umulh	$28,	$7,	$1
-	addq	$19,	$3,	$19
-	cmpult	$19,	$3,	$5
-	addq	$5,	$1,	$1
-	addq	$9,	$1,	$9
-	cmpult	$9,	$1,	$18
-	addq	$20,	$18,	$20
-	stq	$19,	80($16)
-	bis	$31,	$31,	$19
-	mulq	$8,	$21,	$17
-	umulh	$8,	$21,	$10
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$4
-	addq	$4,	$10,	$10
-	addq	$20,	$10,	$20
-	cmpult	$20,	$10,	$0
-	addq	$19,	$0,	$19
-	mulq	$23,	$27,	$6
-	umulh	$23,	$27,	$2
-	addq	$9,	$6,	$9
-	cmpult	$9,	$6,	$3
-	addq	$3,	$2,	$2
+	addq	$0,	$23,	$0
+	bis	$0,	$0,	$7
+	ldq	$3,	8($17)
+	addq	$22,	$7,	$22
+	srl	$1,	32,	$8
+	cmpult	$22,	$7,	$4
+	zapnot	$3,	15,	$7
+	mulq	$8,	$7,	$28
+	zapnot	$1,	15,	$5
+	mulq	$7,	$5,	$21
+	srl	$25,	32,	$1
+	cmpult	$0,	$23,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$4,	$6,	$24
+	srl	$3,	32,	$6
+	mulq	$5,	$6,	$2
+	mulq	$6,	$8,	$6
+	addq	$28,	$2,	$28
+	cmpult	$28,	$2,	$1
+	bis	$31,	1,	$2
+	beq	$1,	$181
+	sll	$2,	32,	$1
+	addq	$6,	$1,	$6
+$181:
+	sll	$28,	32,	$2
+	addq	$21,	$2,	$21
+	bis	$21,	$21,	$7
+	addq	$22,	$7,	$22
+	stq	$22,	8($16)
+	ldq	$3,	16($17)
+	ldq	$1,	0($18)
+	cmpult	$22,	$7,	$4
+	zapnot	$3,	15,	$7
+	srl	$1,	32,	$8
+	mulq	$8,	$7,	$22
+	zapnot	$1,	15,	$5
+	mulq	$7,	$5,	$20
+	srl	$28,	32,	$1
+	cmpult	$21,	$2,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$4,	$6,	$6
+	addq	$24,	$6,	$24
+	cmpult	$24,	$6,	$23
+	srl	$3,	32,	$6
+	mulq	$5,	$6,	$2
+	mulq	$6,	$8,	$6
+	addq	$22,	$2,	$22
+	cmpult	$22,	$2,	$1
+	bis	$31,	1,	$2
+	beq	$1,	$185
+	sll	$2,	32,	$1
+	addq	$6,	$1,	$6
+$185:
+	sll	$22,	32,	$2
+	ldq	$1,	8($18)
 	addq	$20,	$2,	$20
-	cmpult	$20,	$2,	$5
-	addq	$19,	$5,	$19
-	mulq	$25,	$24,	$1
-	umulh	$25,	$24,	$18
-	addq	$9,	$1,	$9
-	cmpult	$9,	$1,	$7
-	addq	$7,	$18,	$18
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$17
-	addq	$19,	$17,	$19
-	mulq	$28,	$22,	$4
-	umulh	$28,	$22,	$10
-	addq	$9,	$4,	$9
-	cmpult	$9,	$4,	$0
-	addq	$0,	$10,	$10
-	addq	$20,	$10,	$20
-	cmpult	$20,	$10,	$8
-	addq	$19,	$8,	$19
-	stq	$9,	88($16)
-	bis	$31,	$31,	$9
-	mulq	$23,	$21,	$6
-	umulh	$23,	$21,	$3
-	addq	$20,	$6,	$20
-	cmpult	$20,	$6,	$2
-	addq	$2,	$3,	$3
-	addq	$19,	$3,	$19
-	cmpult	$19,	$3,	$5
-	addq	$9,	$5,	$9
-	mulq	$25,	$27,	$1
-	umulh	$25,	$27,	$7
-	addq	$20,	$1,	$20
-	cmpult	$20,	$1,	$18
-	addq	$18,	$7,	$7
-	addq	$19,	$7,	$19
-	cmpult	$19,	$7,	$17
-	addq	$9,	$17,	$9
-	mulq	$28,	$24,	$4
-	umulh	$28,	$24,	$0
-	addq	$20,	$4,	$20
-	cmpult	$20,	$4,	$10
-	addq	$10,	$0,	$0
-	addq	$19,	$0,	$19
-	cmpult	$19,	$0,	$8
-	addq	$9,	$8,	$9
-	stq	$20,	96($16)
-	bis	$31,	$31,	$20
-	mulq	$25,	$21,	$22
-	umulh	$25,	$21,	$6
-	addq	$19,	$22,	$19
-	cmpult	$19,	$22,	$2
+	bis	$20,	$20,	$7
+	ldq	$4,	8($17)
+	addq	$24,	$7,	$24
+	srl	$1,	32,	$8
+	cmpult	$24,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$25
+	zapnot	$1,	15,	$5
+	mulq	$7,	$5,	$0
+	srl	$22,	32,	$1
+	cmpult	$20,	$2,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$23,	$6,	$23
+	cmpult	$23,	$6,	$22
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$5
+	bis	$31,	1,	$21
+	addq	$25,	$5,	$25
+	cmpult	$25,	$5,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$189
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$189:
+	sll	$25,	32,	$5
+	ldq	$2,	16($18)
+	addq	$0,	$5,	$0
+	bis	$0,	$0,	$7
+	ldq	$4,	0($17)
+	addq	$24,	$7,	$24
+	srl	$2,	32,	$8
+	cmpult	$24,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$28
+	srl	$25,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$0,	$5,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$23,	$6,	$23
+	cmpult	$23,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$2
+	addq	$1,	$22,	$22
+	addq	$28,	$25,	$28
+	cmpult	$28,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$193
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$193:
+	sll	$28,	32,	$25
+	addq	$2,	$25,	$2
+	bis	$2,	$2,	$7
+	addq	$24,	$7,	$24
+	stq	$24,	16($16)
+	ldq	$4,	0($17)
+	ldq	$5,	24($18)
+	cmpult	$24,	$7,	$3
+	zapnot	$4,	15,	$7
+	srl	$5,	32,	$8
+	mulq	$8,	$7,	$0
+	srl	$28,	32,	$1
+	cmpult	$2,	$25,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$23,	$6,	$23
+	cmpult	$23,	$6,	$1
+	srl	$4,	32,	$6
+	zapnot	$5,	15,	$5
+	mulq	$5,	$6,	$24
+	mulq	$7,	$5,	$2
+	addq	$1,	$22,	$22
+	addq	$0,	$24,	$0
+	cmpult	$0,	$24,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$197
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$197:
+	sll	$0,	32,	$24
+	ldq	$1,	16($18)
+	addq	$2,	$24,	$2
+	bis	$2,	$2,	$7
+	ldq	$4,	8($17)
+	addq	$23,	$7,	$23
+	srl	$1,	32,	$8
+	cmpult	$23,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$25
+	zapnot	$1,	15,	$5
+	mulq	$7,	$5,	$21
+	srl	$0,	32,	$1
+	cmpult	$2,	$24,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$22,	$6,	$22
+	cmpult	$22,	$6,	$24
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$5
+	bis	$31,	1,	$20
+	addq	$25,	$5,	$25
+	cmpult	$25,	$5,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$201
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$201:
+	sll	$25,	32,	$5
+	ldq	$2,	8($18)
+	addq	$21,	$5,	$21
+	bis	$21,	$21,	$7
+	ldq	$4,	16($17)
+	addq	$23,	$7,	$23
+	srl	$2,	32,	$8
+	cmpult	$23,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$28
+	srl	$25,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$21,	$5,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$22,	$6,	$22
+	cmpult	$22,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$24,	$24
+	addq	$28,	$25,	$28
+	cmpult	$28,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$205
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$205:
+	sll	$28,	32,	$25
+	ldq	$2,	0($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	24($17)
+	addq	$23,	$7,	$23
+	srl	$2,	32,	$8
+	cmpult	$23,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$0
+	srl	$28,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$22,	$6,	$22
+	cmpult	$22,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$2
+	addq	$1,	$24,	$24
+	addq	$0,	$25,	$0
+	cmpult	$0,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$209
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$209:
+	sll	$0,	32,	$25
+	addq	$2,	$25,	$2
+	bis	$2,	$2,	$7
+	addq	$23,	$7,	$23
+	stq	$23,	24($16)
+	ldq	$4,	32($17)
+	ldq	$5,	0($18)
+	cmpult	$23,	$7,	$3
+	zapnot	$4,	15,	$7
+	srl	$5,	32,	$8
+	mulq	$8,	$7,	$28
+	srl	$0,	32,	$1
+	cmpult	$2,	$25,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$22,	$6,	$22
+	cmpult	$22,	$6,	$1
+	srl	$4,	32,	$6
+	zapnot	$5,	15,	$5
+	mulq	$5,	$6,	$23
+	mulq	$7,	$5,	$2
+	addq	$1,	$24,	$24
+	addq	$28,	$23,	$28
+	cmpult	$28,	$23,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$213
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$213:
+	sll	$28,	32,	$23
+	ldq	$1,	8($18)
+	addq	$2,	$23,	$2
+	bis	$2,	$2,	$7
+	ldq	$4,	24($17)
+	addq	$22,	$7,	$22
+	srl	$1,	32,	$8
+	cmpult	$22,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$25
+	zapnot	$1,	15,	$5
+	mulq	$7,	$5,	$0
+	srl	$28,	32,	$1
+	cmpult	$2,	$23,	$2
+	addq	$6,	$1,	$6
 	addq	$2,	$6,	$6
-	addq	$9,	$6,	$9
-	cmpult	$9,	$6,	$3
-	addq	$20,	$3,	$20
-	mulq	$28,	$27,	$5
-	umulh	$28,	$27,	$23
-	addq	$19,	$5,	$19
-	cmpult	$19,	$5,	$1
+	addq	$3,	$6,	$6
+	addq	$24,	$6,	$24
+	cmpult	$24,	$6,	$23
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$5
+	bis	$31,	1,	$21
+	addq	$25,	$5,	$25
+	cmpult	$25,	$5,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$217
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$217:
+	sll	$25,	32,	$5
+	ldq	$2,	16($18)
+	addq	$0,	$5,	$0
+	bis	$0,	$0,	$7
+	ldq	$4,	16($17)
+	addq	$22,	$7,	$22
+	srl	$2,	32,	$8
+	cmpult	$22,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$28
+	srl	$25,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$0,	$5,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$24,	$6,	$24
+	cmpult	$24,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
 	addq	$1,	$23,	$23
-	addq	$9,	$23,	$9
-	cmpult	$9,	$23,	$18
-	addq	$20,	$18,	$20
-	stq	$19,	104($16)
-	bis	$31,	$31,	$19
-	mulq	$28,	$21,	$7
-	umulh	$28,	$21,	$17
-	addq	$9,	$7,	$9
-	cmpult	$9,	$7,	$4
-	addq	$4,	$17,	$17
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$10
-	addq	$19,	$10,	$19
-	stq	$9,	112($16)
-	stq	$20,	120($16)
-	ldq	$9,	0($30)
-	ldq	$10,	8($30)
-	addq	$30,	16,	$30
-	ret	$31,($26),1
+	addq	$28,	$25,	$28
+	cmpult	$28,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$221
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$221:
+	sll	$28,	32,	$25
+	ldq	$2,	24($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	8($17)
+	addq	$22,	$7,	$22
+	srl	$2,	32,	$8
+	cmpult	$22,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$0
+	srl	$28,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$24,	$6,	$24
+	cmpult	$24,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$23,	$23
+	addq	$0,	$25,	$0
+	cmpult	$0,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$225
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$225:
+	sll	$0,	32,	$25
+	ldq	$2,	32($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	0($17)
+	addq	$22,	$7,	$22
+	srl	$2,	32,	$8
+	cmpult	$22,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$28
+	srl	$0,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$24,	$6,	$24
+	cmpult	$24,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$2
+	addq	$1,	$23,	$23
+	addq	$28,	$25,	$28
+	cmpult	$28,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$229
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$229:
+	sll	$28,	32,	$25
+	addq	$2,	$25,	$2
+	bis	$2,	$2,	$7
+	addq	$22,	$7,	$22
+	stq	$22,	32($16)
+	ldq	$4,	0($17)
+	ldq	$5,	40($18)
+	cmpult	$22,	$7,	$3
+	zapnot	$4,	15,	$7
+	srl	$5,	32,	$8
+	mulq	$8,	$7,	$0
+	srl	$28,	32,	$1
+	cmpult	$2,	$25,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$24,	$6,	$24
+	cmpult	$24,	$6,	$1
+	srl	$4,	32,	$6
+	zapnot	$5,	15,	$5
+	mulq	$5,	$6,	$22
+	mulq	$7,	$5,	$2
+	addq	$1,	$23,	$23
+	addq	$0,	$22,	$0
+	cmpult	$0,	$22,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$233
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$233:
+	sll	$0,	32,	$22
+	ldq	$1,	32($18)
+	addq	$2,	$22,	$2
+	bis	$2,	$2,	$7
+	ldq	$4,	8($17)
+	addq	$24,	$7,	$24
+	srl	$1,	32,	$8
+	cmpult	$24,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$25
+	zapnot	$1,	15,	$5
+	mulq	$7,	$5,	$21
+	srl	$0,	32,	$1
+	cmpult	$2,	$22,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$23,	$6,	$23
+	cmpult	$23,	$6,	$22
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$5
+	bis	$31,	1,	$20
+	addq	$25,	$5,	$25
+	cmpult	$25,	$5,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$237
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$237:
+	sll	$25,	32,	$5
+	ldq	$2,	24($18)
+	addq	$21,	$5,	$21
+	bis	$21,	$21,	$7
+	ldq	$4,	16($17)
+	addq	$24,	$7,	$24
+	srl	$2,	32,	$8
+	cmpult	$24,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$28
+	srl	$25,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$21,	$5,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$23,	$6,	$23
+	cmpult	$23,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$22,	$22
+	addq	$28,	$25,	$28
+	cmpult	$28,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$241
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$241:
+	sll	$28,	32,	$25
+	ldq	$2,	16($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	24($17)
+	addq	$24,	$7,	$24
+	srl	$2,	32,	$8
+	cmpult	$24,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$0
+	srl	$28,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$23,	$6,	$23
+	cmpult	$23,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$22,	$22
+	addq	$0,	$25,	$0
+	cmpult	$0,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$245
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$245:
+	sll	$0,	32,	$25
+	ldq	$2,	8($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	32($17)
+	addq	$24,	$7,	$24
+	srl	$2,	32,	$8
+	cmpult	$24,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$28
+	srl	$0,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$23,	$6,	$23
+	cmpult	$23,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$22,	$22
+	addq	$28,	$25,	$28
+	cmpult	$28,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$249
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$249:
+	sll	$28,	32,	$25
+	ldq	$2,	0($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	40($17)
+	addq	$24,	$7,	$24
+	srl	$2,	32,	$8
+	cmpult	$24,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$0
+	srl	$28,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$23,	$6,	$23
+	cmpult	$23,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$2
+	addq	$1,	$22,	$22
+	addq	$0,	$25,	$0
+	cmpult	$0,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$253
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$253:
+	sll	$0,	32,	$25
+	addq	$2,	$25,	$2
+	bis	$2,	$2,	$7
+	addq	$24,	$7,	$24
+	stq	$24,	40($16)
+	ldq	$4,	48($17)
+	ldq	$5,	0($18)
+	cmpult	$24,	$7,	$3
+	zapnot	$4,	15,	$7
+	srl	$5,	32,	$8
+	mulq	$8,	$7,	$28
+	srl	$0,	32,	$1
+	cmpult	$2,	$25,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$23,	$6,	$23
+	cmpult	$23,	$6,	$1
+	srl	$4,	32,	$6
+	zapnot	$5,	15,	$5
+	mulq	$5,	$6,	$24
+	mulq	$7,	$5,	$2
+	addq	$1,	$22,	$22
+	addq	$28,	$24,	$28
+	cmpult	$28,	$24,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$257
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$257:
+	sll	$28,	32,	$24
+	ldq	$1,	8($18)
+	addq	$2,	$24,	$2
+	bis	$2,	$2,	$7
+	ldq	$4,	40($17)
+	addq	$23,	$7,	$23
+	srl	$1,	32,	$8
+	cmpult	$23,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$25
+	zapnot	$1,	15,	$5
+	mulq	$7,	$5,	$0
+	srl	$28,	32,	$1
+	cmpult	$2,	$24,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$22,	$6,	$22
+	cmpult	$22,	$6,	$24
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$5
+	bis	$31,	1,	$21
+	addq	$25,	$5,	$25
+	cmpult	$25,	$5,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$261
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$261:
+	sll	$25,	32,	$5
+	ldq	$2,	16($18)
+	addq	$0,	$5,	$0
+	bis	$0,	$0,	$7
+	ldq	$4,	32($17)
+	addq	$23,	$7,	$23
+	srl	$2,	32,	$8
+	cmpult	$23,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$28
+	srl	$25,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$0,	$5,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$22,	$6,	$22
+	cmpult	$22,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$24,	$24
+	addq	$28,	$25,	$28
+	cmpult	$28,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$265
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$265:
+	sll	$28,	32,	$25
+	ldq	$2,	24($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	24($17)
+	addq	$23,	$7,	$23
+	srl	$2,	32,	$8
+	cmpult	$23,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$0
+	srl	$28,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$22,	$6,	$22
+	cmpult	$22,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$24,	$24
+	addq	$0,	$25,	$0
+	cmpult	$0,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$269
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$269:
+	sll	$0,	32,	$25
+	ldq	$2,	32($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	16($17)
+	addq	$23,	$7,	$23
+	srl	$2,	32,	$8
+	cmpult	$23,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$28
+	srl	$0,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$22,	$6,	$22
+	cmpult	$22,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$24,	$24
+	addq	$28,	$25,	$28
+	cmpult	$28,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$273
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$273:
+	sll	$28,	32,	$25
+	ldq	$2,	40($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	8($17)
+	addq	$23,	$7,	$23
+	srl	$2,	32,	$8
+	cmpult	$23,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$0
+	srl	$28,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$22,	$6,	$22
+	cmpult	$22,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$24,	$24
+	addq	$0,	$25,	$0
+	cmpult	$0,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$277
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$277:
+	sll	$0,	32,	$25
+	ldq	$2,	48($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	0($17)
+	addq	$23,	$7,	$23
+	srl	$2,	32,	$8
+	cmpult	$23,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$28
+	srl	$0,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$22,	$6,	$22
+	cmpult	$22,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$2
+	addq	$1,	$24,	$24
+	addq	$28,	$25,	$28
+	cmpult	$28,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$281
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$281:
+	sll	$28,	32,	$25
+	addq	$2,	$25,	$2
+	bis	$2,	$2,	$7
+	addq	$23,	$7,	$23
+	stq	$23,	48($16)
+	ldq	$4,	0($17)
+	ldq	$5,	56($18)
+	cmpult	$23,	$7,	$3
+	zapnot	$4,	15,	$7
+	srl	$5,	32,	$8
+	mulq	$8,	$7,	$0
+	srl	$28,	32,	$1
+	cmpult	$2,	$25,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$22,	$6,	$22
+	cmpult	$22,	$6,	$1
+	srl	$4,	32,	$6
+	zapnot	$5,	15,	$5
+	mulq	$5,	$6,	$23
+	mulq	$7,	$5,	$2
+	addq	$1,	$24,	$24
+	addq	$0,	$23,	$0
+	cmpult	$0,	$23,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$285
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$285:
+	sll	$0,	32,	$23
+	ldq	$1,	48($18)
+	addq	$2,	$23,	$2
+	bis	$2,	$2,	$7
+	ldq	$4,	8($17)
+	addq	$22,	$7,	$22
+	srl	$1,	32,	$8
+	cmpult	$22,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$25
+	zapnot	$1,	15,	$5
+	mulq	$7,	$5,	$21
+	srl	$0,	32,	$1
+	cmpult	$2,	$23,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$24,	$6,	$24
+	cmpult	$24,	$6,	$23
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$5
+	bis	$31,	1,	$20
+	addq	$25,	$5,	$25
+	cmpult	$25,	$5,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$289
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$289:
+	sll	$25,	32,	$5
+	ldq	$2,	40($18)
+	addq	$21,	$5,	$21
+	bis	$21,	$21,	$7
+	ldq	$4,	16($17)
+	addq	$22,	$7,	$22
+	srl	$2,	32,	$8
+	cmpult	$22,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$28
+	srl	$25,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$21,	$5,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$24,	$6,	$24
+	cmpult	$24,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$23,	$23
+	addq	$28,	$25,	$28
+	cmpult	$28,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$293
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$293:
+	sll	$28,	32,	$25
+	ldq	$2,	32($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	24($17)
+	addq	$22,	$7,	$22
+	srl	$2,	32,	$8
+	cmpult	$22,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$0
+	srl	$28,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$24,	$6,	$24
+	cmpult	$24,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$23,	$23
+	addq	$0,	$25,	$0
+	cmpult	$0,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$297
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$297:
+	sll	$0,	32,	$25
+	ldq	$2,	24($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	32($17)
+	addq	$22,	$7,	$22
+	srl	$2,	32,	$8
+	cmpult	$22,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$28
+	srl	$0,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$24,	$6,	$24
+	cmpult	$24,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$23,	$23
+	addq	$28,	$25,	$28
+	cmpult	$28,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$301
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$301:
+	sll	$28,	32,	$25
+	ldq	$2,	16($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	40($17)
+	addq	$22,	$7,	$22
+	srl	$2,	32,	$8
+	cmpult	$22,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$0
+	srl	$28,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$24,	$6,	$24
+	cmpult	$24,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$23,	$23
+	addq	$0,	$25,	$0
+	cmpult	$0,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$305
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$305:
+	sll	$0,	32,	$25
+	ldq	$2,	8($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	48($17)
+	addq	$22,	$7,	$22
+	srl	$2,	32,	$8
+	cmpult	$22,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$28
+	srl	$0,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$24,	$6,	$24
+	cmpult	$24,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$23,	$23
+	addq	$28,	$25,	$28
+	cmpult	$28,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$309
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$309:
+	sll	$28,	32,	$25
+	ldq	$2,	0($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	56($17)
+	addq	$22,	$7,	$22
+	srl	$2,	32,	$8
+	cmpult	$22,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$0
+	srl	$28,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$24,	$6,	$24
+	cmpult	$24,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$2
+	addq	$1,	$23,	$23
+	addq	$0,	$25,	$0
+	cmpult	$0,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$313
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$313:
+	sll	$0,	32,	$25
+	addq	$2,	$25,	$2
+	bis	$2,	$2,	$7
+	addq	$22,	$7,	$22
+	stq	$22,	56($16)
+	ldq	$4,	56($17)
+	ldq	$5,	8($18)
+	cmpult	$22,	$7,	$3
+	zapnot	$4,	15,	$7
+	srl	$5,	32,	$8
+	mulq	$8,	$7,	$28
+	srl	$0,	32,	$1
+	cmpult	$2,	$25,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$24,	$6,	$24
+	cmpult	$24,	$6,	$1
+	srl	$4,	32,	$6
+	zapnot	$5,	15,	$5
+	mulq	$5,	$6,	$22
+	mulq	$7,	$5,	$2
+	addq	$1,	$23,	$23
+	addq	$28,	$22,	$28
+	cmpult	$28,	$22,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$317
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$317:
+	sll	$28,	32,	$22
+	ldq	$1,	16($18)
+	addq	$2,	$22,	$2
+	bis	$2,	$2,	$7
+	ldq	$4,	48($17)
+	addq	$24,	$7,	$24
+	srl	$1,	32,	$8
+	cmpult	$24,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$25
+	zapnot	$1,	15,	$5
+	mulq	$7,	$5,	$0
+	srl	$28,	32,	$1
+	cmpult	$2,	$22,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$23,	$6,	$23
+	cmpult	$23,	$6,	$22
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$5
+	bis	$31,	1,	$21
+	addq	$25,	$5,	$25
+	cmpult	$25,	$5,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$321
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$321:
+	sll	$25,	32,	$5
+	ldq	$2,	24($18)
+	addq	$0,	$5,	$0
+	bis	$0,	$0,	$7
+	ldq	$4,	40($17)
+	addq	$24,	$7,	$24
+	srl	$2,	32,	$8
+	cmpult	$24,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$28
+	srl	$25,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$0,	$5,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$23,	$6,	$23
+	cmpult	$23,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$22,	$22
+	addq	$28,	$25,	$28
+	cmpult	$28,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$325
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$325:
+	sll	$28,	32,	$25
+	ldq	$2,	32($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	32($17)
+	addq	$24,	$7,	$24
+	srl	$2,	32,	$8
+	cmpult	$24,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$0
+	srl	$28,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$23,	$6,	$23
+	cmpult	$23,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$22,	$22
+	addq	$0,	$25,	$0
+	cmpult	$0,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$329
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$329:
+	sll	$0,	32,	$25
+	ldq	$2,	40($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	24($17)
+	addq	$24,	$7,	$24
+	srl	$2,	32,	$8
+	cmpult	$24,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$28
+	srl	$0,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$23,	$6,	$23
+	cmpult	$23,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$22,	$22
+	addq	$28,	$25,	$28
+	cmpult	$28,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$333
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$333:
+	sll	$28,	32,	$25
+	ldq	$2,	48($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	16($17)
+	addq	$24,	$7,	$24
+	srl	$2,	32,	$8
+	cmpult	$24,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$0
+	srl	$28,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$23,	$6,	$23
+	cmpult	$23,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$22,	$22
+	addq	$0,	$25,	$0
+	cmpult	$0,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$337
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$337:
+	sll	$0,	32,	$25
+	ldq	$2,	56($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	8($17)
+	addq	$24,	$7,	$24
+	srl	$2,	32,	$8
+	cmpult	$24,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$28
+	srl	$0,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$23,	$6,	$23
+	cmpult	$23,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$2
+	addq	$1,	$22,	$22
+	addq	$28,	$25,	$28
+	cmpult	$28,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$341
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$341:
+	sll	$28,	32,	$25
+	addq	$2,	$25,	$2
+	bis	$2,	$2,	$7
+	addq	$24,	$7,	$24
+	stq	$24,	64($16)
+	ldq	$4,	16($17)
+	ldq	$5,	56($18)
+	cmpult	$24,	$7,	$3
+	zapnot	$4,	15,	$7
+	srl	$5,	32,	$8
+	mulq	$8,	$7,	$0
+	srl	$28,	32,	$1
+	cmpult	$2,	$25,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$23,	$6,	$23
+	cmpult	$23,	$6,	$1
+	srl	$4,	32,	$6
+	zapnot	$5,	15,	$5
+	mulq	$5,	$6,	$24
+	mulq	$7,	$5,	$2
+	addq	$1,	$22,	$22
+	addq	$0,	$24,	$0
+	cmpult	$0,	$24,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$345
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$345:
+	sll	$0,	32,	$24
+	ldq	$1,	48($18)
+	addq	$2,	$24,	$2
+	bis	$2,	$2,	$7
+	ldq	$4,	24($17)
+	addq	$23,	$7,	$23
+	srl	$1,	32,	$8
+	cmpult	$23,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$25
+	zapnot	$1,	15,	$5
+	mulq	$7,	$5,	$21
+	srl	$0,	32,	$1
+	cmpult	$2,	$24,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$22,	$6,	$22
+	cmpult	$22,	$6,	$24
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$5
+	bis	$31,	1,	$20
+	addq	$25,	$5,	$25
+	cmpult	$25,	$5,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$349
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$349:
+	sll	$25,	32,	$5
+	ldq	$2,	40($18)
+	addq	$21,	$5,	$21
+	bis	$21,	$21,	$7
+	ldq	$4,	32($17)
+	addq	$23,	$7,	$23
+	srl	$2,	32,	$8
+	cmpult	$23,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$28
+	srl	$25,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$21,	$5,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$22,	$6,	$22
+	cmpult	$22,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$24,	$24
+	addq	$28,	$25,	$28
+	cmpult	$28,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$353
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$353:
+	sll	$28,	32,	$25
+	ldq	$2,	32($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	40($17)
+	addq	$23,	$7,	$23
+	srl	$2,	32,	$8
+	cmpult	$23,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$0
+	srl	$28,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$22,	$6,	$22
+	cmpult	$22,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$24,	$24
+	addq	$0,	$25,	$0
+	cmpult	$0,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$357
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$357:
+	sll	$0,	32,	$25
+	ldq	$2,	24($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	48($17)
+	addq	$23,	$7,	$23
+	srl	$2,	32,	$8
+	cmpult	$23,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$28
+	srl	$0,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$22,	$6,	$22
+	cmpult	$22,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$24,	$24
+	addq	$28,	$25,	$28
+	cmpult	$28,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$361
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$361:
+	sll	$28,	32,	$25
+	ldq	$2,	16($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	56($17)
+	addq	$23,	$7,	$23
+	srl	$2,	32,	$8
+	cmpult	$23,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$0
+	srl	$28,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$22,	$6,	$22
+	cmpult	$22,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$2
+	addq	$1,	$24,	$24
+	addq	$0,	$25,	$0
+	cmpult	$0,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$365
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$365:
+	sll	$0,	32,	$25
+	addq	$2,	$25,	$2
+	bis	$2,	$2,	$7
+	addq	$23,	$7,	$23
+	stq	$23,	72($16)
+	ldq	$4,	56($17)
+	ldq	$5,	24($18)
+	cmpult	$23,	$7,	$3
+	zapnot	$4,	15,	$7
+	srl	$5,	32,	$8
+	mulq	$8,	$7,	$28
+	srl	$0,	32,	$1
+	cmpult	$2,	$25,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$22,	$6,	$22
+	cmpult	$22,	$6,	$1
+	srl	$4,	32,	$6
+	zapnot	$5,	15,	$5
+	mulq	$5,	$6,	$23
+	mulq	$7,	$5,	$2
+	addq	$1,	$24,	$24
+	addq	$28,	$23,	$28
+	cmpult	$28,	$23,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$369
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$369:
+	sll	$28,	32,	$23
+	ldq	$1,	32($18)
+	addq	$2,	$23,	$2
+	bis	$2,	$2,	$7
+	ldq	$4,	48($17)
+	addq	$22,	$7,	$22
+	srl	$1,	32,	$8
+	cmpult	$22,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$25
+	zapnot	$1,	15,	$5
+	mulq	$7,	$5,	$0
+	srl	$28,	32,	$1
+	cmpult	$2,	$23,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$24,	$6,	$24
+	cmpult	$24,	$6,	$23
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$5
+	bis	$31,	1,	$21
+	addq	$25,	$5,	$25
+	cmpult	$25,	$5,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$373
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$373:
+	sll	$25,	32,	$5
+	ldq	$2,	40($18)
+	addq	$0,	$5,	$0
+	bis	$0,	$0,	$7
+	ldq	$4,	40($17)
+	addq	$22,	$7,	$22
+	srl	$2,	32,	$8
+	cmpult	$22,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$28
+	srl	$25,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$0,	$5,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$24,	$6,	$24
+	cmpult	$24,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$23,	$23
+	addq	$28,	$25,	$28
+	cmpult	$28,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$377
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$377:
+	sll	$28,	32,	$25
+	ldq	$2,	48($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	32($17)
+	addq	$22,	$7,	$22
+	srl	$2,	32,	$8
+	cmpult	$22,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$0
+	srl	$28,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$24,	$6,	$24
+	cmpult	$24,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$23,	$23
+	addq	$0,	$25,	$0
+	cmpult	$0,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$381
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$381:
+	sll	$0,	32,	$25
+	ldq	$2,	56($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	24($17)
+	addq	$22,	$7,	$22
+	srl	$2,	32,	$8
+	cmpult	$22,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$28
+	srl	$0,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$24,	$6,	$24
+	cmpult	$24,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$2
+	addq	$1,	$23,	$23
+	addq	$28,	$25,	$28
+	cmpult	$28,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$385
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$385:
+	sll	$28,	32,	$25
+	addq	$2,	$25,	$2
+	bis	$2,	$2,	$7
+	addq	$22,	$7,	$22
+	stq	$22,	80($16)
+	ldq	$4,	32($17)
+	ldq	$5,	56($18)
+	cmpult	$22,	$7,	$3
+	zapnot	$4,	15,	$7
+	srl	$5,	32,	$8
+	mulq	$8,	$7,	$0
+	srl	$28,	32,	$1
+	cmpult	$2,	$25,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$24,	$6,	$24
+	cmpult	$24,	$6,	$1
+	srl	$4,	32,	$6
+	zapnot	$5,	15,	$5
+	mulq	$5,	$6,	$22
+	mulq	$7,	$5,	$2
+	addq	$1,	$23,	$23
+	addq	$0,	$22,	$0
+	cmpult	$0,	$22,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$389
+	sll	$21,	32,	$1
+	addq	$6,	$1,	$6
+$389:
+	sll	$0,	32,	$22
+	ldq	$1,	48($18)
+	addq	$2,	$22,	$2
+	bis	$2,	$2,	$7
+	ldq	$4,	40($17)
+	addq	$24,	$7,	$24
+	srl	$1,	32,	$8
+	cmpult	$24,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$25
+	zapnot	$1,	15,	$5
+	mulq	$7,	$5,	$21
+	srl	$0,	32,	$1
+	cmpult	$2,	$22,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$23,	$6,	$23
+	cmpult	$23,	$6,	$22
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$5
+	bis	$31,	1,	$20
+	addq	$25,	$5,	$25
+	cmpult	$25,	$5,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$393
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$393:
+	sll	$25,	32,	$5
+	ldq	$2,	40($18)
+	addq	$21,	$5,	$21
+	bis	$21,	$21,	$7
+	ldq	$4,	48($17)
+	addq	$24,	$7,	$24
+	srl	$2,	32,	$8
+	cmpult	$24,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$28
+	srl	$25,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$21,	$5,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$23,	$6,	$23
+	cmpult	$23,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$1,	$22,	$22
+	addq	$28,	$25,	$28
+	cmpult	$28,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$397
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$397:
+	sll	$28,	32,	$25
+	ldq	$2,	32($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	56($17)
+	addq	$24,	$7,	$24
+	srl	$2,	32,	$8
+	cmpult	$24,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$21
+	srl	$28,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$23,	$6,	$23
+	cmpult	$23,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$2
+	addq	$1,	$22,	$22
+	addq	$21,	$25,	$21
+	cmpult	$21,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$401
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$401:
+	sll	$21,	32,	$25
+	addq	$2,	$25,	$2
+	bis	$2,	$2,	$7
+	addq	$24,	$7,	$24
+	stq	$24,	88($16)
+	ldq	$4,	56($17)
+	ldq	$5,	40($18)
+	cmpult	$24,	$7,	$3
+	zapnot	$4,	15,	$7
+	srl	$5,	32,	$8
+	mulq	$8,	$7,	$0
+	srl	$21,	32,	$1
+	cmpult	$2,	$25,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$23,	$6,	$23
+	cmpult	$23,	$6,	$1
+	srl	$4,	32,	$6
+	zapnot	$5,	15,	$5
+	mulq	$5,	$6,	$24
+	mulq	$7,	$5,	$5
+	addq	$1,	$22,	$22
+	addq	$0,	$24,	$0
+	cmpult	$0,	$24,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$405
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$405:
+	sll	$0,	32,	$24
+	ldq	$2,	48($18)
+	addq	$5,	$24,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	48($17)
+	addq	$23,	$7,	$23
+	srl	$2,	32,	$8
+	cmpult	$23,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$28
+	srl	$0,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$24,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$22,	$6,	$22
+	cmpult	$22,	$6,	$24
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$5
+	addq	$28,	$25,	$28
+	cmpult	$28,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$409
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$409:
+	sll	$28,	32,	$25
+	ldq	$2,	56($18)
+	addq	$5,	$25,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	40($17)
+	addq	$23,	$7,	$23
+	srl	$2,	32,	$8
+	cmpult	$23,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$0
+	srl	$28,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$25,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$22,	$6,	$22
+	cmpult	$22,	$6,	$1
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$2
+	addq	$1,	$24,	$24
+	addq	$0,	$25,	$0
+	cmpult	$0,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$413
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$413:
+	sll	$0,	32,	$25
+	addq	$2,	$25,	$2
+	bis	$2,	$2,	$7
+	addq	$23,	$7,	$23
+	stq	$23,	96($16)
+	ldq	$4,	48($17)
+	ldq	$5,	56($18)
+	cmpult	$23,	$7,	$3
+	zapnot	$4,	15,	$7
+	srl	$5,	32,	$8
+	mulq	$8,	$7,	$28
+	srl	$0,	32,	$1
+	cmpult	$2,	$25,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$22,	$6,	$22
+	cmpult	$22,	$6,	$1
+	srl	$4,	32,	$6
+	zapnot	$5,	15,	$5
+	mulq	$5,	$6,	$23
+	mulq	$7,	$5,	$5
+	addq	$1,	$24,	$24
+	addq	$28,	$23,	$28
+	cmpult	$28,	$23,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$417
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$417:
+	sll	$28,	32,	$23
+	ldq	$2,	48($18)
+	addq	$5,	$23,	$5
+	bis	$5,	$5,	$7
+	ldq	$4,	56($17)
+	addq	$22,	$7,	$22
+	srl	$2,	32,	$8
+	cmpult	$22,	$7,	$3
+	zapnot	$4,	15,	$7
+	mulq	$8,	$7,	$0
+	srl	$28,	32,	$1
+	addq	$6,	$1,	$6
+	cmpult	$5,	$23,	$1
+	zapnot	$2,	15,	$5
+	addq	$1,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$24,	$6,	$24
+	cmpult	$24,	$6,	$23
+	srl	$4,	32,	$6
+	mulq	$5,	$6,	$25
+	mulq	$7,	$5,	$2
+	addq	$0,	$25,	$0
+	cmpult	$0,	$25,	$1
+	mulq	$6,	$8,	$6
+	beq	$1,	$421
+	sll	$20,	32,	$1
+	addq	$6,	$1,	$6
+$421:
+	sll	$0,	32,	$25
+	addq	$2,	$25,	$2
+	bis	$2,	$2,	$7
+	addq	$22,	$7,	$22
+	stq	$22,	104($16)
+	ldq	$4,	56($17)
+	ldq	$5,	56($18)
+	cmpult	$22,	$7,	$3
+	zapnot	$4,	15,	$7
+	srl	$5,	32,	$8
+	mulq	$8,	$7,	$28
+	srl	$0,	32,	$1
+	cmpult	$2,	$25,	$2
+	addq	$6,	$1,	$6
+	addq	$2,	$6,	$6
+	addq	$3,	$6,	$6
+	addq	$24,	$6,	$24
+	cmpult	$24,	$6,	$1
+	srl	$4,	32,	$6
+	zapnot	$5,	15,	$5
+	mulq	$5,	$6,	$22
+	mulq	$7,	$5,	$2
+	addq	$1,	$23,	$23
+	addq	$28,	$22,	$28
+	cmpult	$28,	$22,	$1
+	mulq	$6,	$8,	$3
+	beq	$1,	$425
+	sll	$20,	32,	$1
+	addq	$3,	$1,	$3
+$425:
+	sll	$28,	32,	$22
+	srl	$28,	32,	$1
+	addq	$2,	$22,	$2
+	addq	$3,	$1,	$3
+	bis	$2,	$2,	$7
+	addq	$24,	$7,	$24
+	cmpult	$7,	$22,	$1
+	cmpult	$24,	$7,	$2
+	addq	$1,	$3,	$6
+	addq	$2,	$6,	$6
+	stq	$24,	112($16)
+	addq	$23,	$6,	$23
+	stq	$23,	120($16)
+	ret	$31,	($26),	1
 	.end bn_mul_comba8
 	.text
 	.align 3
diff --git a/crypto/bn/asm/bn-586.pl b/crypto/bn/asm/bn-586.pl
index 7a03c67b5b..33f6125920 100644
--- a/crypto/bn/asm/bn-586.pl
+++ b/crypto/bn/asm/bn-586.pl
@@ -3,7 +3,7 @@
 push(@INC,"perlasm","../../perlasm");
 require "x86asm.pl";
 
-&asm_init($ARGV[0],"bn-586.pl");
+&asm_init($ARGV[0],$0);
 
 &bn_mul_add_words("bn_mul_add_words");
 &bn_mul_words("bn_mul_words");
@@ -11,6 +11,7 @@ require "x86asm.pl";
 &bn_div_words("bn_div_words");
 &bn_add_words("bn_add_words");
 &bn_sub_words("bn_sub_words");
+&bn_sub_part_words("bn_sub_part_words");
 
 &asm_finish();
 
@@ -300,7 +301,7 @@ sub bn_add_words
 		 &add($tmp1,$tmp2);
 		&adc($c,0);
 		 &dec($num) if ($i != 6);
-		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *a
+		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
 		 &jz(&label("aw_end")) if ($i != 6);
 		}
 	&set_label("aw_end",0);
@@ -372,7 +373,7 @@ sub bn_sub_words
 		 &sub($tmp1,$tmp2);
 		&adc($c,0);
 		 &dec($num) if ($i != 6);
-		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *a
+		&mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
 		 &jz(&label("aw_end")) if ($i != 6);
 		}
 	&set_label("aw_end",0);
@@ -382,3 +383,211 @@ sub bn_sub_words
 	&function_end($name);
 	}
 
+sub bn_sub_part_words
+	{
+	local($name)=@_;
+
+	&function_begin($name,"");
+
+	&comment("");
+	$a="esi";
+	$b="edi";
+	$c="eax";
+	$r="ebx";
+	$tmp1="ecx";
+	$tmp2="edx";
+	$num="ebp";
+
+	&mov($r,&wparam(0));	# get r
+	 &mov($a,&wparam(1));	# get a
+	&mov($b,&wparam(2));	# get b
+	 &mov($num,&wparam(3));	# get num
+	&xor($c,$c);		# clear carry
+	 &and($num,0xfffffff8);	# num / 8
+
+	&jz(&label("aw_finish"));
+
+	&set_label("aw_loop",0);
+	for ($i=0; $i<8; $i++)
+		{
+		&comment("Round $i");
+
+		&mov($tmp1,&DWP($i*4,$a,"",0)); 	# *a
+		 &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
+		&sub($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &sub($tmp1,$tmp2);
+		&adc($c,0);
+		 &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
+		}
+
+	&comment("");
+	&add($a,32);
+	 &add($b,32);
+	&add($r,32);
+	 &sub($num,8);
+	&jnz(&label("aw_loop"));
+
+	&set_label("aw_finish",0);
+	&mov($num,&wparam(3));	# get num
+	&and($num,7);
+	 &jz(&label("aw_end"));
+
+	for ($i=0; $i<7; $i++)
+		{
+		&comment("Tail Round $i");
+		&mov($tmp1,&DWP(0,$a,"",0));	# *a
+		 &mov($tmp2,&DWP(0,$b,"",0));# *b
+		&sub($tmp1,$c);
+		 &mov($c,0);
+		&adc($c,$c);
+		 &sub($tmp1,$tmp2);
+		&adc($c,0);
+		&mov(&DWP(0,$r,"",0),$tmp1);	# *r
+		&add($a, 4);
+		&add($b, 4);
+		&add($r, 4);
+		 &dec($num) if ($i != 6);
+		 &jz(&label("aw_end")) if ($i != 6);
+		}
+	&set_label("aw_end",0);
+
+	&cmp(&wparam(4),0);
+	&je(&label("pw_end"));
+
+	&mov($num,&wparam(4));	# get dl
+	&cmp($num,0);
+	&je(&label("pw_end"));
+	&jge(&label("pw_pos"));
+
+	&comment("pw_neg");
+	&mov($tmp2,0);
+	&sub($tmp2,$num);
+	&mov($num,$tmp2);
+	&and($num,0xfffffff8);	# num / 8
+	&jz(&label("pw_neg_finish"));
+
+	&set_label("pw_neg_loop",0);
+	for ($i=0; $i<8; $i++)
+	{
+	    &comment("dl<0 Round $i");
+
+	    &mov($tmp1,0);
+	    &mov($tmp2,&DWP($i*4,$b,"",0)); 	# *b
+	    &sub($tmp1,$c);
+	    &mov($c,0);
+	    &adc($c,$c);
+	    &sub($tmp1,$tmp2);
+	    &adc($c,0);
+	    &mov(&DWP($i*4,$r,"",0),$tmp1); 	# *r
+	}
+	    
+	&comment("");
+	&add($b,32);
+	&add($r,32);
+	&sub($num,8);
+	&jnz(&label("pw_neg_loop"));
+	    
+	&set_label("pw_neg_finish",0);
+	&mov($tmp2,&wparam(4));	# get dl
+	&mov($num,0);
+	&sub($num,$tmp2);
+	&and($num,7);
+	&jz(&label("pw_end"));
+	    
+	for ($i=0; $i<7; $i++)
+	{
+	    &comment("dl<0 Tail Round $i");
+	    &mov($tmp1,0);
+	    &mov($tmp2,&DWP($i*4,$b,"",0));# *b
+	    &sub($tmp1,$c);
+	    &mov($c,0);
+	    &adc($c,$c);
+	    &sub($tmp1,$tmp2);
+	    &adc($c,0);
+	    &dec($num) if ($i != 6);
+	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+	    &jz(&label("pw_end")) if ($i != 6);
+	}
+
+	&jmp(&label("pw_end"));
+	
+	&set_label("pw_pos",0);
+	
+	&and($num,0xfffffff8);	# num / 8
+	&jz(&label("pw_pos_finish"));
+
+	&set_label("pw_pos_loop",0);
+
+	for ($i=0; $i<8; $i++)
+	{
+	    &comment("dl>0 Round $i");
+
+	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+	    &sub($tmp1,$c);
+	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+	    &jnc(&label("pw_nc".$i));
+	}
+	    
+	&comment("");
+	&add($a,32);
+	&add($r,32);
+	&sub($num,8);
+	&jnz(&label("pw_pos_loop"));
+	    
+	&set_label("pw_pos_finish",0);
+	&mov($num,&wparam(4));	# get dl
+	&and($num,7);
+	&jz(&label("pw_end"));
+	    
+	for ($i=0; $i<7; $i++)
+	{
+	    &comment("dl>0 Tail Round $i");
+	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+	    &sub($tmp1,$c);
+	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+	    &jnc(&label("pw_tail_nc".$i));
+	    &dec($num) if ($i != 6);
+	    &jz(&label("pw_end")) if ($i != 6);
+	}
+	&mov($c,1);
+	&jmp(&label("pw_end"));
+
+	&set_label("pw_nc_loop",0);
+	for ($i=0; $i<8; $i++)
+	{
+	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+	    &set_label("pw_nc".$i,0);
+	}
+	    
+	&comment("");
+	&add($a,32);
+	&add($r,32);
+	&sub($num,8);
+	&jnz(&label("pw_nc_loop"));
+	    
+	&mov($num,&wparam(4));	# get dl
+	&and($num,7);
+	&jz(&label("pw_nc_end"));
+	    
+	for ($i=0; $i<7; $i++)
+	{
+	    &mov($tmp1,&DWP($i*4,$a,"",0));	# *a
+	    &mov(&DWP($i*4,$r,"",0),$tmp1);	# *r
+	    &set_label("pw_tail_nc".$i,0);
+	    &dec($num) if ($i != 6);
+	    &jz(&label("pw_nc_end")) if ($i != 6);
+	}
+
+	&set_label("pw_nc_end",0);
+	&mov($c,0);
+
+	&set_label("pw_end",0);
+
+#	&mov("eax",$c);		# $c is "eax"
+
+	&function_end($name);
+	}
+
diff --git a/crypto/bn/asm/bn-win32.asm b/crypto/bn/asm/bn-win32.asm
deleted file mode 100644
index 871bd88d77..0000000000
--- a/crypto/bn/asm/bn-win32.asm
+++ /dev/null
@@ -1,2122 +0,0 @@
-	; Don't even think of reading this code
-	; It was automatically generated by bn-586.pl
-	; Which is a perl program used to generate the x86 assember for
-	; any of elf, a.out, BSDI,Win32, or Solaris
-	; eric <eay@cryptsoft.com>
-	; 
-	TITLE	bn-586.asm
-        .386
-.model FLAT
-_TEXT	SEGMENT
-PUBLIC	_bn_mul_add_words
-
-_bn_mul_add_words PROC NEAR
-	push	ebp
-	push	ebx
-	push	esi
-	push	edi
-	; 
-	xor	esi,		esi
-	mov	edi,		DWORD PTR 20[esp]
-	mov	ecx,		DWORD PTR 28[esp]
-	mov	ebx,		DWORD PTR 24[esp]
-	and	ecx,		4294967288
-	mov	ebp,		DWORD PTR 32[esp]
-	push	ecx
-	jz	$L000maw_finish
-L001maw_loop:
-	mov	DWORD PTR [esp],ecx
-	; Round 0
-	mov	eax,		DWORD PTR [ebx]
-	mul	ebp
-	add	eax,		esi
-	mov	esi,		DWORD PTR [edi]
-	adc	edx,		0
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR [edi],eax
-	mov	esi,		edx
-	; Round 4
-	mov	eax,		DWORD PTR 4[ebx]
-	mul	ebp
-	add	eax,		esi
-	mov	esi,		DWORD PTR 4[edi]
-	adc	edx,		0
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR 4[edi],eax
-	mov	esi,		edx
-	; Round 8
-	mov	eax,		DWORD PTR 8[ebx]
-	mul	ebp
-	add	eax,		esi
-	mov	esi,		DWORD PTR 8[edi]
-	adc	edx,		0
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR 8[edi],eax
-	mov	esi,		edx
-	; Round 12
-	mov	eax,		DWORD PTR 12[ebx]
-	mul	ebp
-	add	eax,		esi
-	mov	esi,		DWORD PTR 12[edi]
-	adc	edx,		0
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR 12[edi],eax
-	mov	esi,		edx
-	; Round 16
-	mov	eax,		DWORD PTR 16[ebx]
-	mul	ebp
-	add	eax,		esi
-	mov	esi,		DWORD PTR 16[edi]
-	adc	edx,		0
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR 16[edi],eax
-	mov	esi,		edx
-	; Round 20
-	mov	eax,		DWORD PTR 20[ebx]
-	mul	ebp
-	add	eax,		esi
-	mov	esi,		DWORD PTR 20[edi]
-	adc	edx,		0
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR 20[edi],eax
-	mov	esi,		edx
-	; Round 24
-	mov	eax,		DWORD PTR 24[ebx]
-	mul	ebp
-	add	eax,		esi
-	mov	esi,		DWORD PTR 24[edi]
-	adc	edx,		0
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR 24[edi],eax
-	mov	esi,		edx
-	; Round 28
-	mov	eax,		DWORD PTR 28[ebx]
-	mul	ebp
-	add	eax,		esi
-	mov	esi,		DWORD PTR 28[edi]
-	adc	edx,		0
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR 28[edi],eax
-	mov	esi,		edx
-	; 
-	mov	ecx,		DWORD PTR [esp]
-	add	ebx,		32
-	add	edi,		32
-	sub	ecx,		8
-	jnz	L001maw_loop
-$L000maw_finish:
-	mov	ecx,		DWORD PTR 32[esp]
-	and	ecx,		7
-	jnz	$L002maw_finish2
-	jmp	$L003maw_end
-$L002maw_finish2:
-	; Tail Round 0
-	mov	eax,		DWORD PTR [ebx]
-	mul	ebp
-	add	eax,		esi
-	mov	esi,		DWORD PTR [edi]
-	adc	edx,		0
-	add	eax,		esi
-	adc	edx,		0
-	dec	ecx
-	mov	DWORD PTR [edi],eax
-	mov	esi,		edx
-	jz	$L003maw_end
-	; Tail Round 1
-	mov	eax,		DWORD PTR 4[ebx]
-	mul	ebp
-	add	eax,		esi
-	mov	esi,		DWORD PTR 4[edi]
-	adc	edx,		0
-	add	eax,		esi
-	adc	edx,		0
-	dec	ecx
-	mov	DWORD PTR 4[edi],eax
-	mov	esi,		edx
-	jz	$L003maw_end
-	; Tail Round 2
-	mov	eax,		DWORD PTR 8[ebx]
-	mul	ebp
-	add	eax,		esi
-	mov	esi,		DWORD PTR 8[edi]
-	adc	edx,		0
-	add	eax,		esi
-	adc	edx,		0
-	dec	ecx
-	mov	DWORD PTR 8[edi],eax
-	mov	esi,		edx
-	jz	$L003maw_end
-	; Tail Round 3
-	mov	eax,		DWORD PTR 12[ebx]
-	mul	ebp
-	add	eax,		esi
-	mov	esi,		DWORD PTR 12[edi]
-	adc	edx,		0
-	add	eax,		esi
-	adc	edx,		0
-	dec	ecx
-	mov	DWORD PTR 12[edi],eax
-	mov	esi,		edx
-	jz	$L003maw_end
-	; Tail Round 4
-	mov	eax,		DWORD PTR 16[ebx]
-	mul	ebp
-	add	eax,		esi
-	mov	esi,		DWORD PTR 16[edi]
-	adc	edx,		0
-	add	eax,		esi
-	adc	edx,		0
-	dec	ecx
-	mov	DWORD PTR 16[edi],eax
-	mov	esi,		edx
-	jz	$L003maw_end
-	; Tail Round 5
-	mov	eax,		DWORD PTR 20[ebx]
-	mul	ebp
-	add	eax,		esi
-	mov	esi,		DWORD PTR 20[edi]
-	adc	edx,		0
-	add	eax,		esi
-	adc	edx,		0
-	dec	ecx
-	mov	DWORD PTR 20[edi],eax
-	mov	esi,		edx
-	jz	$L003maw_end
-	; Tail Round 6
-	mov	eax,		DWORD PTR 24[ebx]
-	mul	ebp
-	add	eax,		esi
-	mov	esi,		DWORD PTR 24[edi]
-	adc	edx,		0
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR 24[edi],eax
-	mov	esi,		edx
-$L003maw_end:
-	mov	eax,		esi
-	pop	ecx
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-_bn_mul_add_words ENDP
-_TEXT	ENDS
-_TEXT	SEGMENT
-PUBLIC	_bn_mul_words
-
-_bn_mul_words PROC NEAR
-	push	ebp
-	push	ebx
-	push	esi
-	push	edi
-	; 
-	xor	esi,		esi
-	mov	edi,		DWORD PTR 20[esp]
-	mov	ebx,		DWORD PTR 24[esp]
-	mov	ebp,		DWORD PTR 28[esp]
-	mov	ecx,		DWORD PTR 32[esp]
-	and	ebp,		4294967288
-	jz	$L004mw_finish
-L005mw_loop:
-	; Round 0
-	mov	eax,		DWORD PTR [ebx]
-	mul	ecx
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR [edi],eax
-	mov	esi,		edx
-	; Round 4
-	mov	eax,		DWORD PTR 4[ebx]
-	mul	ecx
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR 4[edi],eax
-	mov	esi,		edx
-	; Round 8
-	mov	eax,		DWORD PTR 8[ebx]
-	mul	ecx
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR 8[edi],eax
-	mov	esi,		edx
-	; Round 12
-	mov	eax,		DWORD PTR 12[ebx]
-	mul	ecx
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR 12[edi],eax
-	mov	esi,		edx
-	; Round 16
-	mov	eax,		DWORD PTR 16[ebx]
-	mul	ecx
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR 16[edi],eax
-	mov	esi,		edx
-	; Round 20
-	mov	eax,		DWORD PTR 20[ebx]
-	mul	ecx
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR 20[edi],eax
-	mov	esi,		edx
-	; Round 24
-	mov	eax,		DWORD PTR 24[ebx]
-	mul	ecx
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR 24[edi],eax
-	mov	esi,		edx
-	; Round 28
-	mov	eax,		DWORD PTR 28[ebx]
-	mul	ecx
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR 28[edi],eax
-	mov	esi,		edx
-	; 
-	add	ebx,		32
-	add	edi,		32
-	sub	ebp,		8
-	jz	$L004mw_finish
-	jmp	L005mw_loop
-$L004mw_finish:
-	mov	ebp,		DWORD PTR 28[esp]
-	and	ebp,		7
-	jnz	$L006mw_finish2
-	jmp	$L007mw_end
-$L006mw_finish2:
-	; Tail Round 0
-	mov	eax,		DWORD PTR [ebx]
-	mul	ecx
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR [edi],eax
-	mov	esi,		edx
-	dec	ebp
-	jz	$L007mw_end
-	; Tail Round 1
-	mov	eax,		DWORD PTR 4[ebx]
-	mul	ecx
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR 4[edi],eax
-	mov	esi,		edx
-	dec	ebp
-	jz	$L007mw_end
-	; Tail Round 2
-	mov	eax,		DWORD PTR 8[ebx]
-	mul	ecx
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR 8[edi],eax
-	mov	esi,		edx
-	dec	ebp
-	jz	$L007mw_end
-	; Tail Round 3
-	mov	eax,		DWORD PTR 12[ebx]
-	mul	ecx
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR 12[edi],eax
-	mov	esi,		edx
-	dec	ebp
-	jz	$L007mw_end
-	; Tail Round 4
-	mov	eax,		DWORD PTR 16[ebx]
-	mul	ecx
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR 16[edi],eax
-	mov	esi,		edx
-	dec	ebp
-	jz	$L007mw_end
-	; Tail Round 5
-	mov	eax,		DWORD PTR 20[ebx]
-	mul	ecx
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR 20[edi],eax
-	mov	esi,		edx
-	dec	ebp
-	jz	$L007mw_end
-	; Tail Round 6
-	mov	eax,		DWORD PTR 24[ebx]
-	mul	ecx
-	add	eax,		esi
-	adc	edx,		0
-	mov	DWORD PTR 24[edi],eax
-	mov	esi,		edx
-$L007mw_end:
-	mov	eax,		esi
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-_bn_mul_words ENDP
-_TEXT	ENDS
-_TEXT	SEGMENT
-PUBLIC	_bn_sqr_words
-
-_bn_sqr_words PROC NEAR
-	push	ebp
-	push	ebx
-	push	esi
-	push	edi
-	; 
-	mov	esi,		DWORD PTR 20[esp]
-	mov	edi,		DWORD PTR 24[esp]
-	mov	ebx,		DWORD PTR 28[esp]
-	and	ebx,		4294967288
-	jz	$L008sw_finish
-L009sw_loop:
-	; Round 0
-	mov	eax,		DWORD PTR [edi]
-	mul	eax
-	mov	DWORD PTR [esi],eax
-	mov	DWORD PTR 4[esi],edx
-	; Round 4
-	mov	eax,		DWORD PTR 4[edi]
-	mul	eax
-	mov	DWORD PTR 8[esi],eax
-	mov	DWORD PTR 12[esi],edx
-	; Round 8
-	mov	eax,		DWORD PTR 8[edi]
-	mul	eax
-	mov	DWORD PTR 16[esi],eax
-	mov	DWORD PTR 20[esi],edx
-	; Round 12
-	mov	eax,		DWORD PTR 12[edi]
-	mul	eax
-	mov	DWORD PTR 24[esi],eax
-	mov	DWORD PTR 28[esi],edx
-	; Round 16
-	mov	eax,		DWORD PTR 16[edi]
-	mul	eax
-	mov	DWORD PTR 32[esi],eax
-	mov	DWORD PTR 36[esi],edx
-	; Round 20
-	mov	eax,		DWORD PTR 20[edi]
-	mul	eax
-	mov	DWORD PTR 40[esi],eax
-	mov	DWORD PTR 44[esi],edx
-	; Round 24
-	mov	eax,		DWORD PTR 24[edi]
-	mul	eax
-	mov	DWORD PTR 48[esi],eax
-	mov	DWORD PTR 52[esi],edx
-	; Round 28
-	mov	eax,		DWORD PTR 28[edi]
-	mul	eax
-	mov	DWORD PTR 56[esi],eax
-	mov	DWORD PTR 60[esi],edx
-	; 
-	add	edi,		32
-	add	esi,		64
-	sub	ebx,		8
-	jnz	L009sw_loop
-$L008sw_finish:
-	mov	ebx,		DWORD PTR 28[esp]
-	and	ebx,		7
-	jz	$L010sw_end
-	; Tail Round 0
-	mov	eax,		DWORD PTR [edi]
-	mul	eax
-	mov	DWORD PTR [esi],eax
-	dec	ebx
-	mov	DWORD PTR 4[esi],edx
-	jz	$L010sw_end
-	; Tail Round 1
-	mov	eax,		DWORD PTR 4[edi]
-	mul	eax
-	mov	DWORD PTR 8[esi],eax
-	dec	ebx
-	mov	DWORD PTR 12[esi],edx
-	jz	$L010sw_end
-	; Tail Round 2
-	mov	eax,		DWORD PTR 8[edi]
-	mul	eax
-	mov	DWORD PTR 16[esi],eax
-	dec	ebx
-	mov	DWORD PTR 20[esi],edx
-	jz	$L010sw_end
-	; Tail Round 3
-	mov	eax,		DWORD PTR 12[edi]
-	mul	eax
-	mov	DWORD PTR 24[esi],eax
-	dec	ebx
-	mov	DWORD PTR 28[esi],edx
-	jz	$L010sw_end
-	; Tail Round 4
-	mov	eax,		DWORD PTR 16[edi]
-	mul	eax
-	mov	DWORD PTR 32[esi],eax
-	dec	ebx
-	mov	DWORD PTR 36[esi],edx
-	jz	$L010sw_end
-	; Tail Round 5
-	mov	eax,		DWORD PTR 20[edi]
-	mul	eax
-	mov	DWORD PTR 40[esi],eax
-	dec	ebx
-	mov	DWORD PTR 44[esi],edx
-	jz	$L010sw_end
-	; Tail Round 6
-	mov	eax,		DWORD PTR 24[edi]
-	mul	eax
-	mov	DWORD PTR 48[esi],eax
-	mov	DWORD PTR 52[esi],edx
-$L010sw_end:
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-_bn_sqr_words ENDP
-_TEXT	ENDS
-_TEXT	SEGMENT
-PUBLIC	_bn_div_words
-
-_bn_div_words PROC NEAR
-	push	ebp
-	push	ebx
-	push	esi
-	push	edi
-	mov	edx,		DWORD PTR 20[esp]
-	mov	eax,		DWORD PTR 24[esp]
-	mov	ebx,		DWORD PTR 28[esp]
-	div	ebx
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-_bn_div_words ENDP
-_TEXT	ENDS
-_TEXT	SEGMENT
-PUBLIC	_bn_add_words
-
-_bn_add_words PROC NEAR
-	push	ebp
-	push	ebx
-	push	esi
-	push	edi
-	; 
-	mov	ebx,		DWORD PTR 20[esp]
-	mov	esi,		DWORD PTR 24[esp]
-	mov	edi,		DWORD PTR 28[esp]
-	mov	ebp,		DWORD PTR 32[esp]
-	xor	eax,		eax
-	and	ebp,		4294967288
-	jz	$L011aw_finish
-L012aw_loop:
-	; Round 0
-	mov	ecx,		DWORD PTR [esi]
-	mov	edx,		DWORD PTR [edi]
-	add	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	add	ecx,		edx
-	adc	eax,		0
-	mov	DWORD PTR [ebx],ecx
-	; Round 1
-	mov	ecx,		DWORD PTR 4[esi]
-	mov	edx,		DWORD PTR 4[edi]
-	add	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	add	ecx,		edx
-	adc	eax,		0
-	mov	DWORD PTR 4[ebx],ecx
-	; Round 2
-	mov	ecx,		DWORD PTR 8[esi]
-	mov	edx,		DWORD PTR 8[edi]
-	add	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	add	ecx,		edx
-	adc	eax,		0
-	mov	DWORD PTR 8[ebx],ecx
-	; Round 3
-	mov	ecx,		DWORD PTR 12[esi]
-	mov	edx,		DWORD PTR 12[edi]
-	add	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	add	ecx,		edx
-	adc	eax,		0
-	mov	DWORD PTR 12[ebx],ecx
-	; Round 4
-	mov	ecx,		DWORD PTR 16[esi]
-	mov	edx,		DWORD PTR 16[edi]
-	add	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	add	ecx,		edx
-	adc	eax,		0
-	mov	DWORD PTR 16[ebx],ecx
-	; Round 5
-	mov	ecx,		DWORD PTR 20[esi]
-	mov	edx,		DWORD PTR 20[edi]
-	add	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	add	ecx,		edx
-	adc	eax,		0
-	mov	DWORD PTR 20[ebx],ecx
-	; Round 6
-	mov	ecx,		DWORD PTR 24[esi]
-	mov	edx,		DWORD PTR 24[edi]
-	add	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	add	ecx,		edx
-	adc	eax,		0
-	mov	DWORD PTR 24[ebx],ecx
-	; Round 7
-	mov	ecx,		DWORD PTR 28[esi]
-	mov	edx,		DWORD PTR 28[edi]
-	add	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	add	ecx,		edx
-	adc	eax,		0
-	mov	DWORD PTR 28[ebx],ecx
-	; 
-	add	esi,		32
-	add	edi,		32
-	add	ebx,		32
-	sub	ebp,		8
-	jnz	L012aw_loop
-$L011aw_finish:
-	mov	ebp,		DWORD PTR 32[esp]
-	and	ebp,		7
-	jz	$L013aw_end
-	; Tail Round 0
-	mov	ecx,		DWORD PTR [esi]
-	mov	edx,		DWORD PTR [edi]
-	add	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	add	ecx,		edx
-	adc	eax,		0
-	dec	ebp
-	mov	DWORD PTR [ebx],ecx
-	jz	$L013aw_end
-	; Tail Round 1
-	mov	ecx,		DWORD PTR 4[esi]
-	mov	edx,		DWORD PTR 4[edi]
-	add	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	add	ecx,		edx
-	adc	eax,		0
-	dec	ebp
-	mov	DWORD PTR 4[ebx],ecx
-	jz	$L013aw_end
-	; Tail Round 2
-	mov	ecx,		DWORD PTR 8[esi]
-	mov	edx,		DWORD PTR 8[edi]
-	add	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	add	ecx,		edx
-	adc	eax,		0
-	dec	ebp
-	mov	DWORD PTR 8[ebx],ecx
-	jz	$L013aw_end
-	; Tail Round 3
-	mov	ecx,		DWORD PTR 12[esi]
-	mov	edx,		DWORD PTR 12[edi]
-	add	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	add	ecx,		edx
-	adc	eax,		0
-	dec	ebp
-	mov	DWORD PTR 12[ebx],ecx
-	jz	$L013aw_end
-	; Tail Round 4
-	mov	ecx,		DWORD PTR 16[esi]
-	mov	edx,		DWORD PTR 16[edi]
-	add	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	add	ecx,		edx
-	adc	eax,		0
-	dec	ebp
-	mov	DWORD PTR 16[ebx],ecx
-	jz	$L013aw_end
-	; Tail Round 5
-	mov	ecx,		DWORD PTR 20[esi]
-	mov	edx,		DWORD PTR 20[edi]
-	add	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	add	ecx,		edx
-	adc	eax,		0
-	dec	ebp
-	mov	DWORD PTR 20[ebx],ecx
-	jz	$L013aw_end
-	; Tail Round 6
-	mov	ecx,		DWORD PTR 24[esi]
-	mov	edx,		DWORD PTR 24[edi]
-	add	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	add	ecx,		edx
-	adc	eax,		0
-	mov	DWORD PTR 24[ebx],ecx
-$L013aw_end:
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-_bn_add_words ENDP
-_TEXT	ENDS
-_TEXT	SEGMENT
-PUBLIC	_bn_sub_words
-
-_bn_sub_words PROC NEAR
-	push	ebp
-	push	ebx
-	push	esi
-	push	edi
-	; 
-	mov	ebx,		DWORD PTR 20[esp]
-	mov	esi,		DWORD PTR 24[esp]
-	mov	edi,		DWORD PTR 28[esp]
-	mov	ebp,		DWORD PTR 32[esp]
-	xor	eax,		eax
-	and	ebp,		4294967288
-	jz	$L014aw_finish
-L015aw_loop:
-	; Round 0
-	mov	ecx,		DWORD PTR [esi]
-	mov	edx,		DWORD PTR [edi]
-	sub	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	sub	ecx,		edx
-	adc	eax,		0
-	mov	DWORD PTR [ebx],ecx
-	; Round 1
-	mov	ecx,		DWORD PTR 4[esi]
-	mov	edx,		DWORD PTR 4[edi]
-	sub	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	sub	ecx,		edx
-	adc	eax,		0
-	mov	DWORD PTR 4[ebx],ecx
-	; Round 2
-	mov	ecx,		DWORD PTR 8[esi]
-	mov	edx,		DWORD PTR 8[edi]
-	sub	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	sub	ecx,		edx
-	adc	eax,		0
-	mov	DWORD PTR 8[ebx],ecx
-	; Round 3
-	mov	ecx,		DWORD PTR 12[esi]
-	mov	edx,		DWORD PTR 12[edi]
-	sub	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	sub	ecx,		edx
-	adc	eax,		0
-	mov	DWORD PTR 12[ebx],ecx
-	; Round 4
-	mov	ecx,		DWORD PTR 16[esi]
-	mov	edx,		DWORD PTR 16[edi]
-	sub	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	sub	ecx,		edx
-	adc	eax,		0
-	mov	DWORD PTR 16[ebx],ecx
-	; Round 5
-	mov	ecx,		DWORD PTR 20[esi]
-	mov	edx,		DWORD PTR 20[edi]
-	sub	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	sub	ecx,		edx
-	adc	eax,		0
-	mov	DWORD PTR 20[ebx],ecx
-	; Round 6
-	mov	ecx,		DWORD PTR 24[esi]
-	mov	edx,		DWORD PTR 24[edi]
-	sub	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	sub	ecx,		edx
-	adc	eax,		0
-	mov	DWORD PTR 24[ebx],ecx
-	; Round 7
-	mov	ecx,		DWORD PTR 28[esi]
-	mov	edx,		DWORD PTR 28[edi]
-	sub	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	sub	ecx,		edx
-	adc	eax,		0
-	mov	DWORD PTR 28[ebx],ecx
-	; 
-	add	esi,		32
-	add	edi,		32
-	add	ebx,		32
-	sub	ebp,		8
-	jnz	L015aw_loop
-$L014aw_finish:
-	mov	ebp,		DWORD PTR 32[esp]
-	and	ebp,		7
-	jz	$L016aw_end
-	; Tail Round 0
-	mov	ecx,		DWORD PTR [esi]
-	mov	edx,		DWORD PTR [edi]
-	sub	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	sub	ecx,		edx
-	adc	eax,		0
-	dec	ebp
-	mov	DWORD PTR [ebx],ecx
-	jz	$L016aw_end
-	; Tail Round 1
-	mov	ecx,		DWORD PTR 4[esi]
-	mov	edx,		DWORD PTR 4[edi]
-	sub	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	sub	ecx,		edx
-	adc	eax,		0
-	dec	ebp
-	mov	DWORD PTR 4[ebx],ecx
-	jz	$L016aw_end
-	; Tail Round 2
-	mov	ecx,		DWORD PTR 8[esi]
-	mov	edx,		DWORD PTR 8[edi]
-	sub	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	sub	ecx,		edx
-	adc	eax,		0
-	dec	ebp
-	mov	DWORD PTR 8[ebx],ecx
-	jz	$L016aw_end
-	; Tail Round 3
-	mov	ecx,		DWORD PTR 12[esi]
-	mov	edx,		DWORD PTR 12[edi]
-	sub	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	sub	ecx,		edx
-	adc	eax,		0
-	dec	ebp
-	mov	DWORD PTR 12[ebx],ecx
-	jz	$L016aw_end
-	; Tail Round 4
-	mov	ecx,		DWORD PTR 16[esi]
-	mov	edx,		DWORD PTR 16[edi]
-	sub	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	sub	ecx,		edx
-	adc	eax,		0
-	dec	ebp
-	mov	DWORD PTR 16[ebx],ecx
-	jz	$L016aw_end
-	; Tail Round 5
-	mov	ecx,		DWORD PTR 20[esi]
-	mov	edx,		DWORD PTR 20[edi]
-	sub	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	sub	ecx,		edx
-	adc	eax,		0
-	dec	ebp
-	mov	DWORD PTR 20[ebx],ecx
-	jz	$L016aw_end
-	; Tail Round 6
-	mov	ecx,		DWORD PTR 24[esi]
-	mov	edx,		DWORD PTR 24[edi]
-	sub	ecx,		eax
-	mov	eax,		0
-	adc	eax,		eax
-	sub	ecx,		edx
-	adc	eax,		0
-	mov	DWORD PTR 24[ebx],ecx
-$L016aw_end:
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-_bn_sub_words ENDP
-_TEXT	ENDS
-_TEXT	SEGMENT
-PUBLIC	_bn_mul_comba8
-
-_bn_mul_comba8 PROC NEAR
-	push	esi
-	mov	esi,		DWORD PTR 12[esp]
-	push	edi
-	mov	edi,		DWORD PTR 20[esp]
-	push	ebp
-	push	ebx
-	xor	ebx,		ebx
-	mov	eax,		DWORD PTR [esi]
-	xor	ecx,		ecx
-	mov	edx,		DWORD PTR [edi]
-	; ################## Calculate word 0
-	xor	ebp,		ebp
-	; mul a[0]*b[0]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR [edi]
-	adc	ebp,		0
-	mov	DWORD PTR [eax],ebx
-	mov	eax,		DWORD PTR 4[esi]
-	; saved r[0]
-	; ################## Calculate word 1
-	xor	ebx,		ebx
-	; mul a[1]*b[0]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR [esi]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 4[edi]
-	adc	ebx,		0
-	; mul a[0]*b[1]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR [edi]
-	adc	ebx,		0
-	mov	DWORD PTR 4[eax],ecx
-	mov	eax,		DWORD PTR 8[esi]
-	; saved r[1]
-	; ################## Calculate word 2
-	xor	ecx,		ecx
-	; mul a[2]*b[0]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 4[esi]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 4[edi]
-	adc	ecx,		0
-	; mul a[1]*b[1]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR [esi]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 8[edi]
-	adc	ecx,		0
-	; mul a[0]*b[2]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR [edi]
-	adc	ecx,		0
-	mov	DWORD PTR 8[eax],ebp
-	mov	eax,		DWORD PTR 12[esi]
-	; saved r[2]
-	; ################## Calculate word 3
-	xor	ebp,		ebp
-	; mul a[3]*b[0]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 8[esi]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 4[edi]
-	adc	ebp,		0
-	; mul a[2]*b[1]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 4[esi]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 8[edi]
-	adc	ebp,		0
-	; mul a[1]*b[2]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR [esi]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 12[edi]
-	adc	ebp,		0
-	; mul a[0]*b[3]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR [edi]
-	adc	ebp,		0
-	mov	DWORD PTR 12[eax],ebx
-	mov	eax,		DWORD PTR 16[esi]
-	; saved r[3]
-	; ################## Calculate word 4
-	xor	ebx,		ebx
-	; mul a[4]*b[0]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 12[esi]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 4[edi]
-	adc	ebx,		0
-	; mul a[3]*b[1]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 8[esi]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 8[edi]
-	adc	ebx,		0
-	; mul a[2]*b[2]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 4[esi]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 12[edi]
-	adc	ebx,		0
-	; mul a[1]*b[3]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR [esi]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 16[edi]
-	adc	ebx,		0
-	; mul a[0]*b[4]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR [edi]
-	adc	ebx,		0
-	mov	DWORD PTR 16[eax],ecx
-	mov	eax,		DWORD PTR 20[esi]
-	; saved r[4]
-	; ################## Calculate word 5
-	xor	ecx,		ecx
-	; mul a[5]*b[0]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 16[esi]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 4[edi]
-	adc	ecx,		0
-	; mul a[4]*b[1]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 12[esi]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 8[edi]
-	adc	ecx,		0
-	; mul a[3]*b[2]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 8[esi]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 12[edi]
-	adc	ecx,		0
-	; mul a[2]*b[3]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 4[esi]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 16[edi]
-	adc	ecx,		0
-	; mul a[1]*b[4]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR [esi]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 20[edi]
-	adc	ecx,		0
-	; mul a[0]*b[5]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR [edi]
-	adc	ecx,		0
-	mov	DWORD PTR 20[eax],ebp
-	mov	eax,		DWORD PTR 24[esi]
-	; saved r[5]
-	; ################## Calculate word 6
-	xor	ebp,		ebp
-	; mul a[6]*b[0]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 20[esi]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 4[edi]
-	adc	ebp,		0
-	; mul a[5]*b[1]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 16[esi]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 8[edi]
-	adc	ebp,		0
-	; mul a[4]*b[2]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 12[esi]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 12[edi]
-	adc	ebp,		0
-	; mul a[3]*b[3]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 8[esi]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 16[edi]
-	adc	ebp,		0
-	; mul a[2]*b[4]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 4[esi]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 20[edi]
-	adc	ebp,		0
-	; mul a[1]*b[5]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR [esi]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 24[edi]
-	adc	ebp,		0
-	; mul a[0]*b[6]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR [edi]
-	adc	ebp,		0
-	mov	DWORD PTR 24[eax],ebx
-	mov	eax,		DWORD PTR 28[esi]
-	; saved r[6]
-	; ################## Calculate word 7
-	xor	ebx,		ebx
-	; mul a[7]*b[0]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 24[esi]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 4[edi]
-	adc	ebx,		0
-	; mul a[6]*b[1]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 20[esi]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 8[edi]
-	adc	ebx,		0
-	; mul a[5]*b[2]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 16[esi]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 12[edi]
-	adc	ebx,		0
-	; mul a[4]*b[3]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 12[esi]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 16[edi]
-	adc	ebx,		0
-	; mul a[3]*b[4]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 8[esi]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 20[edi]
-	adc	ebx,		0
-	; mul a[2]*b[5]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 4[esi]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 24[edi]
-	adc	ebx,		0
-	; mul a[1]*b[6]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR [esi]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 28[edi]
-	adc	ebx,		0
-	; mul a[0]*b[7]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 4[edi]
-	adc	ebx,		0
-	mov	DWORD PTR 28[eax],ecx
-	mov	eax,		DWORD PTR 28[esi]
-	; saved r[7]
-	; ################## Calculate word 8
-	xor	ecx,		ecx
-	; mul a[7]*b[1]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 24[esi]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 8[edi]
-	adc	ecx,		0
-	; mul a[6]*b[2]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 20[esi]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 12[edi]
-	adc	ecx,		0
-	; mul a[5]*b[3]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 16[esi]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 16[edi]
-	adc	ecx,		0
-	; mul a[4]*b[4]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 12[esi]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 20[edi]
-	adc	ecx,		0
-	; mul a[3]*b[5]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 8[esi]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 24[edi]
-	adc	ecx,		0
-	; mul a[2]*b[6]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 4[esi]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 28[edi]
-	adc	ecx,		0
-	; mul a[1]*b[7]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 8[edi]
-	adc	ecx,		0
-	mov	DWORD PTR 32[eax],ebp
-	mov	eax,		DWORD PTR 28[esi]
-	; saved r[8]
-	; ################## Calculate word 9
-	xor	ebp,		ebp
-	; mul a[7]*b[2]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 24[esi]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 12[edi]
-	adc	ebp,		0
-	; mul a[6]*b[3]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 20[esi]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 16[edi]
-	adc	ebp,		0
-	; mul a[5]*b[4]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 16[esi]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 20[edi]
-	adc	ebp,		0
-	; mul a[4]*b[5]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 12[esi]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 24[edi]
-	adc	ebp,		0
-	; mul a[3]*b[6]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 8[esi]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 28[edi]
-	adc	ebp,		0
-	; mul a[2]*b[7]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 12[edi]
-	adc	ebp,		0
-	mov	DWORD PTR 36[eax],ebx
-	mov	eax,		DWORD PTR 28[esi]
-	; saved r[9]
-	; ################## Calculate word 10
-	xor	ebx,		ebx
-	; mul a[7]*b[3]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 24[esi]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 16[edi]
-	adc	ebx,		0
-	; mul a[6]*b[4]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 20[esi]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 20[edi]
-	adc	ebx,		0
-	; mul a[5]*b[5]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 16[esi]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 24[edi]
-	adc	ebx,		0
-	; mul a[4]*b[6]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 12[esi]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 28[edi]
-	adc	ebx,		0
-	; mul a[3]*b[7]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 16[edi]
-	adc	ebx,		0
-	mov	DWORD PTR 40[eax],ecx
-	mov	eax,		DWORD PTR 28[esi]
-	; saved r[10]
-	; ################## Calculate word 11
-	xor	ecx,		ecx
-	; mul a[7]*b[4]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 24[esi]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 20[edi]
-	adc	ecx,		0
-	; mul a[6]*b[5]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 20[esi]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 24[edi]
-	adc	ecx,		0
-	; mul a[5]*b[6]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 16[esi]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 28[edi]
-	adc	ecx,		0
-	; mul a[4]*b[7]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 20[edi]
-	adc	ecx,		0
-	mov	DWORD PTR 44[eax],ebp
-	mov	eax,		DWORD PTR 28[esi]
-	; saved r[11]
-	; ################## Calculate word 12
-	xor	ebp,		ebp
-	; mul a[7]*b[5]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 24[esi]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 24[edi]
-	adc	ebp,		0
-	; mul a[6]*b[6]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 20[esi]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 28[edi]
-	adc	ebp,		0
-	; mul a[5]*b[7]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 24[edi]
-	adc	ebp,		0
-	mov	DWORD PTR 48[eax],ebx
-	mov	eax,		DWORD PTR 28[esi]
-	; saved r[12]
-	; ################## Calculate word 13
-	xor	ebx,		ebx
-	; mul a[7]*b[6]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 24[esi]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 28[edi]
-	adc	ebx,		0
-	; mul a[6]*b[7]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 28[edi]
-	adc	ebx,		0
-	mov	DWORD PTR 52[eax],ecx
-	mov	eax,		DWORD PTR 28[esi]
-	; saved r[13]
-	; ################## Calculate word 14
-	xor	ecx,		ecx
-	; mul a[7]*b[7]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	adc	ebx,		edx
-	adc	ecx,		0
-	mov	DWORD PTR 56[eax],ebp
-	; saved r[14]
-	; save r[15]
-	mov	DWORD PTR 60[eax],ebx
-	pop	ebx
-	pop	ebp
-	pop	edi
-	pop	esi
-	ret
-_bn_mul_comba8 ENDP
-_TEXT	ENDS
-_TEXT	SEGMENT
-PUBLIC	_bn_mul_comba4
-
-_bn_mul_comba4 PROC NEAR
-	push	esi
-	mov	esi,		DWORD PTR 12[esp]
-	push	edi
-	mov	edi,		DWORD PTR 20[esp]
-	push	ebp
-	push	ebx
-	xor	ebx,		ebx
-	mov	eax,		DWORD PTR [esi]
-	xor	ecx,		ecx
-	mov	edx,		DWORD PTR [edi]
-	; ################## Calculate word 0
-	xor	ebp,		ebp
-	; mul a[0]*b[0]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR [edi]
-	adc	ebp,		0
-	mov	DWORD PTR [eax],ebx
-	mov	eax,		DWORD PTR 4[esi]
-	; saved r[0]
-	; ################## Calculate word 1
-	xor	ebx,		ebx
-	; mul a[1]*b[0]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR [esi]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 4[edi]
-	adc	ebx,		0
-	; mul a[0]*b[1]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR [edi]
-	adc	ebx,		0
-	mov	DWORD PTR 4[eax],ecx
-	mov	eax,		DWORD PTR 8[esi]
-	; saved r[1]
-	; ################## Calculate word 2
-	xor	ecx,		ecx
-	; mul a[2]*b[0]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 4[esi]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 4[edi]
-	adc	ecx,		0
-	; mul a[1]*b[1]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR [esi]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 8[edi]
-	adc	ecx,		0
-	; mul a[0]*b[2]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR [edi]
-	adc	ecx,		0
-	mov	DWORD PTR 8[eax],ebp
-	mov	eax,		DWORD PTR 12[esi]
-	; saved r[2]
-	; ################## Calculate word 3
-	xor	ebp,		ebp
-	; mul a[3]*b[0]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 8[esi]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 4[edi]
-	adc	ebp,		0
-	; mul a[2]*b[1]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 4[esi]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 8[edi]
-	adc	ebp,		0
-	; mul a[1]*b[2]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR [esi]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 12[edi]
-	adc	ebp,		0
-	; mul a[0]*b[3]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 4[edi]
-	adc	ebp,		0
-	mov	DWORD PTR 12[eax],ebx
-	mov	eax,		DWORD PTR 12[esi]
-	; saved r[3]
-	; ################## Calculate word 4
-	xor	ebx,		ebx
-	; mul a[3]*b[1]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 8[esi]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 8[edi]
-	adc	ebx,		0
-	; mul a[2]*b[2]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 4[esi]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 12[edi]
-	adc	ebx,		0
-	; mul a[1]*b[3]
-	mul	edx
-	add	ecx,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 8[edi]
-	adc	ebx,		0
-	mov	DWORD PTR 16[eax],ecx
-	mov	eax,		DWORD PTR 12[esi]
-	; saved r[4]
-	; ################## Calculate word 5
-	xor	ecx,		ecx
-	; mul a[3]*b[2]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 8[esi]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 12[edi]
-	adc	ecx,		0
-	; mul a[2]*b[3]
-	mul	edx
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 12[edi]
-	adc	ecx,		0
-	mov	DWORD PTR 20[eax],ebp
-	mov	eax,		DWORD PTR 12[esi]
-	; saved r[5]
-	; ################## Calculate word 6
-	xor	ebp,		ebp
-	; mul a[3]*b[3]
-	mul	edx
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	adc	ecx,		edx
-	adc	ebp,		0
-	mov	DWORD PTR 24[eax],ebx
-	; saved r[6]
-	; save r[7]
-	mov	DWORD PTR 28[eax],ecx
-	pop	ebx
-	pop	ebp
-	pop	edi
-	pop	esi
-	ret
-_bn_mul_comba4 ENDP
-_TEXT	ENDS
-_TEXT	SEGMENT
-PUBLIC	_bn_sqr_comba8
-
-_bn_sqr_comba8 PROC NEAR
-	push	esi
-	push	edi
-	push	ebp
-	push	ebx
-	mov	edi,		DWORD PTR 20[esp]
-	mov	esi,		DWORD PTR 24[esp]
-	xor	ebx,		ebx
-	xor	ecx,		ecx
-	mov	eax,		DWORD PTR [esi]
-	; ############### Calculate word 0
-	xor	ebp,		ebp
-	; sqr a[0]*a[0]
-	mul	eax
-	add	ebx,		eax
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR [esi]
-	adc	ebp,		0
-	mov	DWORD PTR [edi],ebx
-	mov	eax,		DWORD PTR 4[esi]
-	; saved r[0]
-	; ############### Calculate word 1
-	xor	ebx,		ebx
-	; sqr a[1]*a[0]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebx,		0
-	add	ecx,		eax
-	adc	ebp,		edx
-	mov	eax,		DWORD PTR 8[esi]
-	adc	ebx,		0
-	mov	DWORD PTR 4[edi],ecx
-	mov	edx,		DWORD PTR [esi]
-	; saved r[1]
-	; ############### Calculate word 2
-	xor	ecx,		ecx
-	; sqr a[2]*a[0]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ecx,		0
-	add	ebp,		eax
-	adc	ebx,		edx
-	mov	eax,		DWORD PTR 4[esi]
-	adc	ecx,		0
-	; sqr a[1]*a[1]
-	mul	eax
-	add	ebp,		eax
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR [esi]
-	adc	ecx,		0
-	mov	DWORD PTR 8[edi],ebp
-	mov	eax,		DWORD PTR 12[esi]
-	; saved r[2]
-	; ############### Calculate word 3
-	xor	ebp,		ebp
-	; sqr a[3]*a[0]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebp,		0
-	add	ebx,		eax
-	adc	ecx,		edx
-	mov	eax,		DWORD PTR 8[esi]
-	adc	ebp,		0
-	mov	edx,		DWORD PTR 4[esi]
-	; sqr a[2]*a[1]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebp,		0
-	add	ebx,		eax
-	adc	ecx,		edx
-	mov	eax,		DWORD PTR 16[esi]
-	adc	ebp,		0
-	mov	DWORD PTR 12[edi],ebx
-	mov	edx,		DWORD PTR [esi]
-	; saved r[3]
-	; ############### Calculate word 4
-	xor	ebx,		ebx
-	; sqr a[4]*a[0]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebx,		0
-	add	ecx,		eax
-	adc	ebp,		edx
-	mov	eax,		DWORD PTR 12[esi]
-	adc	ebx,		0
-	mov	edx,		DWORD PTR 4[esi]
-	; sqr a[3]*a[1]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebx,		0
-	add	ecx,		eax
-	adc	ebp,		edx
-	mov	eax,		DWORD PTR 8[esi]
-	adc	ebx,		0
-	; sqr a[2]*a[2]
-	mul	eax
-	add	ecx,		eax
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR [esi]
-	adc	ebx,		0
-	mov	DWORD PTR 16[edi],ecx
-	mov	eax,		DWORD PTR 20[esi]
-	; saved r[4]
-	; ############### Calculate word 5
-	xor	ecx,		ecx
-	; sqr a[5]*a[0]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ecx,		0
-	add	ebp,		eax
-	adc	ebx,		edx
-	mov	eax,		DWORD PTR 16[esi]
-	adc	ecx,		0
-	mov	edx,		DWORD PTR 4[esi]
-	; sqr a[4]*a[1]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ecx,		0
-	add	ebp,		eax
-	adc	ebx,		edx
-	mov	eax,		DWORD PTR 12[esi]
-	adc	ecx,		0
-	mov	edx,		DWORD PTR 8[esi]
-	; sqr a[3]*a[2]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ecx,		0
-	add	ebp,		eax
-	adc	ebx,		edx
-	mov	eax,		DWORD PTR 24[esi]
-	adc	ecx,		0
-	mov	DWORD PTR 20[edi],ebp
-	mov	edx,		DWORD PTR [esi]
-	; saved r[5]
-	; ############### Calculate word 6
-	xor	ebp,		ebp
-	; sqr a[6]*a[0]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebp,		0
-	add	ebx,		eax
-	adc	ecx,		edx
-	mov	eax,		DWORD PTR 20[esi]
-	adc	ebp,		0
-	mov	edx,		DWORD PTR 4[esi]
-	; sqr a[5]*a[1]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebp,		0
-	add	ebx,		eax
-	adc	ecx,		edx
-	mov	eax,		DWORD PTR 16[esi]
-	adc	ebp,		0
-	mov	edx,		DWORD PTR 8[esi]
-	; sqr a[4]*a[2]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebp,		0
-	add	ebx,		eax
-	adc	ecx,		edx
-	mov	eax,		DWORD PTR 12[esi]
-	adc	ebp,		0
-	; sqr a[3]*a[3]
-	mul	eax
-	add	ebx,		eax
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR [esi]
-	adc	ebp,		0
-	mov	DWORD PTR 24[edi],ebx
-	mov	eax,		DWORD PTR 28[esi]
-	; saved r[6]
-	; ############### Calculate word 7
-	xor	ebx,		ebx
-	; sqr a[7]*a[0]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebx,		0
-	add	ecx,		eax
-	adc	ebp,		edx
-	mov	eax,		DWORD PTR 24[esi]
-	adc	ebx,		0
-	mov	edx,		DWORD PTR 4[esi]
-	; sqr a[6]*a[1]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebx,		0
-	add	ecx,		eax
-	adc	ebp,		edx
-	mov	eax,		DWORD PTR 20[esi]
-	adc	ebx,		0
-	mov	edx,		DWORD PTR 8[esi]
-	; sqr a[5]*a[2]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebx,		0
-	add	ecx,		eax
-	adc	ebp,		edx
-	mov	eax,		DWORD PTR 16[esi]
-	adc	ebx,		0
-	mov	edx,		DWORD PTR 12[esi]
-	; sqr a[4]*a[3]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebx,		0
-	add	ecx,		eax
-	adc	ebp,		edx
-	mov	eax,		DWORD PTR 28[esi]
-	adc	ebx,		0
-	mov	DWORD PTR 28[edi],ecx
-	mov	edx,		DWORD PTR 4[esi]
-	; saved r[7]
-	; ############### Calculate word 8
-	xor	ecx,		ecx
-	; sqr a[7]*a[1]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ecx,		0
-	add	ebp,		eax
-	adc	ebx,		edx
-	mov	eax,		DWORD PTR 24[esi]
-	adc	ecx,		0
-	mov	edx,		DWORD PTR 8[esi]
-	; sqr a[6]*a[2]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ecx,		0
-	add	ebp,		eax
-	adc	ebx,		edx
-	mov	eax,		DWORD PTR 20[esi]
-	adc	ecx,		0
-	mov	edx,		DWORD PTR 12[esi]
-	; sqr a[5]*a[3]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ecx,		0
-	add	ebp,		eax
-	adc	ebx,		edx
-	mov	eax,		DWORD PTR 16[esi]
-	adc	ecx,		0
-	; sqr a[4]*a[4]
-	mul	eax
-	add	ebp,		eax
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR 8[esi]
-	adc	ecx,		0
-	mov	DWORD PTR 32[edi],ebp
-	mov	eax,		DWORD PTR 28[esi]
-	; saved r[8]
-	; ############### Calculate word 9
-	xor	ebp,		ebp
-	; sqr a[7]*a[2]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebp,		0
-	add	ebx,		eax
-	adc	ecx,		edx
-	mov	eax,		DWORD PTR 24[esi]
-	adc	ebp,		0
-	mov	edx,		DWORD PTR 12[esi]
-	; sqr a[6]*a[3]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebp,		0
-	add	ebx,		eax
-	adc	ecx,		edx
-	mov	eax,		DWORD PTR 20[esi]
-	adc	ebp,		0
-	mov	edx,		DWORD PTR 16[esi]
-	; sqr a[5]*a[4]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebp,		0
-	add	ebx,		eax
-	adc	ecx,		edx
-	mov	eax,		DWORD PTR 28[esi]
-	adc	ebp,		0
-	mov	DWORD PTR 36[edi],ebx
-	mov	edx,		DWORD PTR 12[esi]
-	; saved r[9]
-	; ############### Calculate word 10
-	xor	ebx,		ebx
-	; sqr a[7]*a[3]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebx,		0
-	add	ecx,		eax
-	adc	ebp,		edx
-	mov	eax,		DWORD PTR 24[esi]
-	adc	ebx,		0
-	mov	edx,		DWORD PTR 16[esi]
-	; sqr a[6]*a[4]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebx,		0
-	add	ecx,		eax
-	adc	ebp,		edx
-	mov	eax,		DWORD PTR 20[esi]
-	adc	ebx,		0
-	; sqr a[5]*a[5]
-	mul	eax
-	add	ecx,		eax
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 16[esi]
-	adc	ebx,		0
-	mov	DWORD PTR 40[edi],ecx
-	mov	eax,		DWORD PTR 28[esi]
-	; saved r[10]
-	; ############### Calculate word 11
-	xor	ecx,		ecx
-	; sqr a[7]*a[4]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ecx,		0
-	add	ebp,		eax
-	adc	ebx,		edx
-	mov	eax,		DWORD PTR 24[esi]
-	adc	ecx,		0
-	mov	edx,		DWORD PTR 20[esi]
-	; sqr a[6]*a[5]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ecx,		0
-	add	ebp,		eax
-	adc	ebx,		edx
-	mov	eax,		DWORD PTR 28[esi]
-	adc	ecx,		0
-	mov	DWORD PTR 44[edi],ebp
-	mov	edx,		DWORD PTR 20[esi]
-	; saved r[11]
-	; ############### Calculate word 12
-	xor	ebp,		ebp
-	; sqr a[7]*a[5]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebp,		0
-	add	ebx,		eax
-	adc	ecx,		edx
-	mov	eax,		DWORD PTR 24[esi]
-	adc	ebp,		0
-	; sqr a[6]*a[6]
-	mul	eax
-	add	ebx,		eax
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR 24[esi]
-	adc	ebp,		0
-	mov	DWORD PTR 48[edi],ebx
-	mov	eax,		DWORD PTR 28[esi]
-	; saved r[12]
-	; ############### Calculate word 13
-	xor	ebx,		ebx
-	; sqr a[7]*a[6]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebx,		0
-	add	ecx,		eax
-	adc	ebp,		edx
-	mov	eax,		DWORD PTR 28[esi]
-	adc	ebx,		0
-	mov	DWORD PTR 52[edi],ecx
-	; saved r[13]
-	; ############### Calculate word 14
-	xor	ecx,		ecx
-	; sqr a[7]*a[7]
-	mul	eax
-	add	ebp,		eax
-	adc	ebx,		edx
-	adc	ecx,		0
-	mov	DWORD PTR 56[edi],ebp
-	; saved r[14]
-	mov	DWORD PTR 60[edi],ebx
-	pop	ebx
-	pop	ebp
-	pop	edi
-	pop	esi
-	ret
-_bn_sqr_comba8 ENDP
-_TEXT	ENDS
-_TEXT	SEGMENT
-PUBLIC	_bn_sqr_comba4
-
-_bn_sqr_comba4 PROC NEAR
-	push	esi
-	push	edi
-	push	ebp
-	push	ebx
-	mov	edi,		DWORD PTR 20[esp]
-	mov	esi,		DWORD PTR 24[esp]
-	xor	ebx,		ebx
-	xor	ecx,		ecx
-	mov	eax,		DWORD PTR [esi]
-	; ############### Calculate word 0
-	xor	ebp,		ebp
-	; sqr a[0]*a[0]
-	mul	eax
-	add	ebx,		eax
-	adc	ecx,		edx
-	mov	edx,		DWORD PTR [esi]
-	adc	ebp,		0
-	mov	DWORD PTR [edi],ebx
-	mov	eax,		DWORD PTR 4[esi]
-	; saved r[0]
-	; ############### Calculate word 1
-	xor	ebx,		ebx
-	; sqr a[1]*a[0]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebx,		0
-	add	ecx,		eax
-	adc	ebp,		edx
-	mov	eax,		DWORD PTR 8[esi]
-	adc	ebx,		0
-	mov	DWORD PTR 4[edi],ecx
-	mov	edx,		DWORD PTR [esi]
-	; saved r[1]
-	; ############### Calculate word 2
-	xor	ecx,		ecx
-	; sqr a[2]*a[0]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ecx,		0
-	add	ebp,		eax
-	adc	ebx,		edx
-	mov	eax,		DWORD PTR 4[esi]
-	adc	ecx,		0
-	; sqr a[1]*a[1]
-	mul	eax
-	add	ebp,		eax
-	adc	ebx,		edx
-	mov	edx,		DWORD PTR [esi]
-	adc	ecx,		0
-	mov	DWORD PTR 8[edi],ebp
-	mov	eax,		DWORD PTR 12[esi]
-	; saved r[2]
-	; ############### Calculate word 3
-	xor	ebp,		ebp
-	; sqr a[3]*a[0]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebp,		0
-	add	ebx,		eax
-	adc	ecx,		edx
-	mov	eax,		DWORD PTR 8[esi]
-	adc	ebp,		0
-	mov	edx,		DWORD PTR 4[esi]
-	; sqr a[2]*a[1]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebp,		0
-	add	ebx,		eax
-	adc	ecx,		edx
-	mov	eax,		DWORD PTR 12[esi]
-	adc	ebp,		0
-	mov	DWORD PTR 12[edi],ebx
-	mov	edx,		DWORD PTR 4[esi]
-	; saved r[3]
-	; ############### Calculate word 4
-	xor	ebx,		ebx
-	; sqr a[3]*a[1]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ebx,		0
-	add	ecx,		eax
-	adc	ebp,		edx
-	mov	eax,		DWORD PTR 8[esi]
-	adc	ebx,		0
-	; sqr a[2]*a[2]
-	mul	eax
-	add	ecx,		eax
-	adc	ebp,		edx
-	mov	edx,		DWORD PTR 8[esi]
-	adc	ebx,		0
-	mov	DWORD PTR 16[edi],ecx
-	mov	eax,		DWORD PTR 12[esi]
-	; saved r[4]
-	; ############### Calculate word 5
-	xor	ecx,		ecx
-	; sqr a[3]*a[2]
-	mul	edx
-	add	eax,		eax
-	adc	edx,		edx
-	adc	ecx,		0
-	add	ebp,		eax
-	adc	ebx,		edx
-	mov	eax,		DWORD PTR 12[esi]
-	adc	ecx,		0
-	mov	DWORD PTR 20[edi],ebp
-	; saved r[5]
-	; ############### Calculate word 6
-	xor	ebp,		ebp
-	; sqr a[3]*a[3]
-	mul	eax
-	add	ebx,		eax
-	adc	ecx,		edx
-	adc	ebp,		0
-	mov	DWORD PTR 24[edi],ebx
-	; saved r[6]
-	mov	DWORD PTR 28[edi],ecx
-	pop	ebx
-	pop	ebp
-	pop	edi
-	pop	esi
-	ret
-_bn_sqr_comba4 ENDP
-_TEXT	ENDS
-END
diff --git a/crypto/bn/asm/bn86unix.cpp b/crypto/bn/asm/bn86unix.cpp
deleted file mode 100644
index 639a3ac41c..0000000000
--- a/crypto/bn/asm/bn86unix.cpp
+++ /dev/null
@@ -1,2201 +0,0 @@
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-
-#if defined(OUT) || defined(BSDI)
-#define bn_mul_add_words _bn_mul_add_words
-#define bn_mul_words _bn_mul_words
-#define bn_sqr_words _bn_sqr_words
-#define bn_div_words _bn_div_words
-#define bn_add_words _bn_add_words
-#define bn_sub_words _bn_sub_words
-#define bn_mul_comba8 _bn_mul_comba8
-#define bn_mul_comba4 _bn_mul_comba4
-#define bn_sqr_comba8 _bn_sqr_comba8
-#define bn_sqr_comba4 _bn_sqr_comba4
-
-#endif
-
-#ifdef OUT
-#define OK	1
-#define ALIGN	4
-#endif
-
-#ifdef BSDI
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-/* Let the Assembler begin :-) */
-	/* Don't even think of reading this code */
-	/* It was automatically generated by bn-586.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, BSDI,Win32, or Solaris */
-	/* eric <eay@cryptsoft.com> */
-
-	.file	"bn-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl bn_mul_add_words
-	TYPE(bn_mul_add_words,@function)
-bn_mul_add_words:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	xorl	%esi,		%esi
-	movl	20(%esp),	%edi
-	movl	28(%esp),	%ecx
-	movl	24(%esp),	%ebx
-	andl	$4294967288,	%ecx
-	movl	32(%esp),	%ebp
-	pushl	%ecx
-	jz	.L000maw_finish
-.L001maw_loop:
-	movl	%ecx,		(%esp)
-	/* Round 0 */
-	movl	(%ebx),		%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	(%edi),		%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		(%edi)
-	movl	%edx,		%esi
-	/* Round 4 */
-	movl	4(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	4(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		4(%edi)
-	movl	%edx,		%esi
-	/* Round 8 */
-	movl	8(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	8(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		8(%edi)
-	movl	%edx,		%esi
-	/* Round 12 */
-	movl	12(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	12(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		12(%edi)
-	movl	%edx,		%esi
-	/* Round 16 */
-	movl	16(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	16(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		16(%edi)
-	movl	%edx,		%esi
-	/* Round 20 */
-	movl	20(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	20(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		20(%edi)
-	movl	%edx,		%esi
-	/* Round 24 */
-	movl	24(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	24(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		24(%edi)
-	movl	%edx,		%esi
-	/* Round 28 */
-	movl	28(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	28(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		28(%edi)
-	movl	%edx,		%esi
-
-	movl	(%esp),		%ecx
-	addl	$32,		%ebx
-	addl	$32,		%edi
-	subl	$8,		%ecx
-	jnz	.L001maw_loop
-.L000maw_finish:
-	movl	32(%esp),	%ecx
-	andl	$7,		%ecx
-	jnz	.L002maw_finish2
-	jmp	.L003maw_end
-.align ALIGN
-.L002maw_finish2:
-	/* Tail Round 0 */
-	movl	(%ebx),		%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	(%edi),		%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	decl	%ecx
-	movl	%eax,		(%edi)
-	movl	%edx,		%esi
-	jz	.L003maw_end
-	/* Tail Round 1 */
-	movl	4(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	4(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	decl	%ecx
-	movl	%eax,		4(%edi)
-	movl	%edx,		%esi
-	jz	.L003maw_end
-	/* Tail Round 2 */
-	movl	8(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	8(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	decl	%ecx
-	movl	%eax,		8(%edi)
-	movl	%edx,		%esi
-	jz	.L003maw_end
-	/* Tail Round 3 */
-	movl	12(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	12(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	decl	%ecx
-	movl	%eax,		12(%edi)
-	movl	%edx,		%esi
-	jz	.L003maw_end
-	/* Tail Round 4 */
-	movl	16(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	16(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	decl	%ecx
-	movl	%eax,		16(%edi)
-	movl	%edx,		%esi
-	jz	.L003maw_end
-	/* Tail Round 5 */
-	movl	20(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	20(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	decl	%ecx
-	movl	%eax,		20(%edi)
-	movl	%edx,		%esi
-	jz	.L003maw_end
-	/* Tail Round 6 */
-	movl	24(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	24(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		24(%edi)
-	movl	%edx,		%esi
-.L003maw_end:
-	movl	%esi,		%eax
-	popl	%ecx
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.bn_mul_add_words_end:
-	SIZE(bn_mul_add_words,.bn_mul_add_words_end-bn_mul_add_words)
-.ident	"bn_mul_add_words"
-.text
-	.align ALIGN
-.globl bn_mul_words
-	TYPE(bn_mul_words,@function)
-bn_mul_words:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	xorl	%esi,		%esi
-	movl	20(%esp),	%edi
-	movl	24(%esp),	%ebx
-	movl	28(%esp),	%ebp
-	movl	32(%esp),	%ecx
-	andl	$4294967288,	%ebp
-	jz	.L004mw_finish
-.L005mw_loop:
-	/* Round 0 */
-	movl	(%ebx),		%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		(%edi)
-	movl	%edx,		%esi
-	/* Round 4 */
-	movl	4(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		4(%edi)
-	movl	%edx,		%esi
-	/* Round 8 */
-	movl	8(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		8(%edi)
-	movl	%edx,		%esi
-	/* Round 12 */
-	movl	12(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		12(%edi)
-	movl	%edx,		%esi
-	/* Round 16 */
-	movl	16(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		16(%edi)
-	movl	%edx,		%esi
-	/* Round 20 */
-	movl	20(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		20(%edi)
-	movl	%edx,		%esi
-	/* Round 24 */
-	movl	24(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		24(%edi)
-	movl	%edx,		%esi
-	/* Round 28 */
-	movl	28(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		28(%edi)
-	movl	%edx,		%esi
-
-	addl	$32,		%ebx
-	addl	$32,		%edi
-	subl	$8,		%ebp
-	jz	.L004mw_finish
-	jmp	.L005mw_loop
-.L004mw_finish:
-	movl	28(%esp),	%ebp
-	andl	$7,		%ebp
-	jnz	.L006mw_finish2
-	jmp	.L007mw_end
-.align ALIGN
-.L006mw_finish2:
-	/* Tail Round 0 */
-	movl	(%ebx),		%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		(%edi)
-	movl	%edx,		%esi
-	decl	%ebp
-	jz	.L007mw_end
-	/* Tail Round 1 */
-	movl	4(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		4(%edi)
-	movl	%edx,		%esi
-	decl	%ebp
-	jz	.L007mw_end
-	/* Tail Round 2 */
-	movl	8(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		8(%edi)
-	movl	%edx,		%esi
-	decl	%ebp
-	jz	.L007mw_end
-	/* Tail Round 3 */
-	movl	12(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		12(%edi)
-	movl	%edx,		%esi
-	decl	%ebp
-	jz	.L007mw_end
-	/* Tail Round 4 */
-	movl	16(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		16(%edi)
-	movl	%edx,		%esi
-	decl	%ebp
-	jz	.L007mw_end
-	/* Tail Round 5 */
-	movl	20(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		20(%edi)
-	movl	%edx,		%esi
-	decl	%ebp
-	jz	.L007mw_end
-	/* Tail Round 6 */
-	movl	24(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		24(%edi)
-	movl	%edx,		%esi
-.L007mw_end:
-	movl	%esi,		%eax
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.bn_mul_words_end:
-	SIZE(bn_mul_words,.bn_mul_words_end-bn_mul_words)
-.ident	"bn_mul_words"
-.text
-	.align ALIGN
-.globl bn_sqr_words
-	TYPE(bn_sqr_words,@function)
-bn_sqr_words:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	movl	20(%esp),	%esi
-	movl	24(%esp),	%edi
-	movl	28(%esp),	%ebx
-	andl	$4294967288,	%ebx
-	jz	.L008sw_finish
-.L009sw_loop:
-	/* Round 0 */
-	movl	(%edi),		%eax
-	mull	%eax
-	movl	%eax,		(%esi)
-	movl	%edx,		4(%esi)
-	/* Round 4 */
-	movl	4(%edi),	%eax
-	mull	%eax
-	movl	%eax,		8(%esi)
-	movl	%edx,		12(%esi)
-	/* Round 8 */
-	movl	8(%edi),	%eax
-	mull	%eax
-	movl	%eax,		16(%esi)
-	movl	%edx,		20(%esi)
-	/* Round 12 */
-	movl	12(%edi),	%eax
-	mull	%eax
-	movl	%eax,		24(%esi)
-	movl	%edx,		28(%esi)
-	/* Round 16 */
-	movl	16(%edi),	%eax
-	mull	%eax
-	movl	%eax,		32(%esi)
-	movl	%edx,		36(%esi)
-	/* Round 20 */
-	movl	20(%edi),	%eax
-	mull	%eax
-	movl	%eax,		40(%esi)
-	movl	%edx,		44(%esi)
-	/* Round 24 */
-	movl	24(%edi),	%eax
-	mull	%eax
-	movl	%eax,		48(%esi)
-	movl	%edx,		52(%esi)
-	/* Round 28 */
-	movl	28(%edi),	%eax
-	mull	%eax
-	movl	%eax,		56(%esi)
-	movl	%edx,		60(%esi)
-
-	addl	$32,		%edi
-	addl	$64,		%esi
-	subl	$8,		%ebx
-	jnz	.L009sw_loop
-.L008sw_finish:
-	movl	28(%esp),	%ebx
-	andl	$7,		%ebx
-	jz	.L010sw_end
-	/* Tail Round 0 */
-	movl	(%edi),		%eax
-	mull	%eax
-	movl	%eax,		(%esi)
-	decl	%ebx
-	movl	%edx,		4(%esi)
-	jz	.L010sw_end
-	/* Tail Round 1 */
-	movl	4(%edi),	%eax
-	mull	%eax
-	movl	%eax,		8(%esi)
-	decl	%ebx
-	movl	%edx,		12(%esi)
-	jz	.L010sw_end
-	/* Tail Round 2 */
-	movl	8(%edi),	%eax
-	mull	%eax
-	movl	%eax,		16(%esi)
-	decl	%ebx
-	movl	%edx,		20(%esi)
-	jz	.L010sw_end
-	/* Tail Round 3 */
-	movl	12(%edi),	%eax
-	mull	%eax
-	movl	%eax,		24(%esi)
-	decl	%ebx
-	movl	%edx,		28(%esi)
-	jz	.L010sw_end
-	/* Tail Round 4 */
-	movl	16(%edi),	%eax
-	mull	%eax
-	movl	%eax,		32(%esi)
-	decl	%ebx
-	movl	%edx,		36(%esi)
-	jz	.L010sw_end
-	/* Tail Round 5 */
-	movl	20(%edi),	%eax
-	mull	%eax
-	movl	%eax,		40(%esi)
-	decl	%ebx
-	movl	%edx,		44(%esi)
-	jz	.L010sw_end
-	/* Tail Round 6 */
-	movl	24(%edi),	%eax
-	mull	%eax
-	movl	%eax,		48(%esi)
-	movl	%edx,		52(%esi)
-.L010sw_end:
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.bn_sqr_words_end:
-	SIZE(bn_sqr_words,.bn_sqr_words_end-bn_sqr_words)
-.ident	"bn_sqr_words"
-.text
-	.align ALIGN
-.globl bn_div_words
-	TYPE(bn_div_words,@function)
-bn_div_words:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-	movl	20(%esp),	%edx
-	movl	24(%esp),	%eax
-	movl	28(%esp),	%ebx
-	divl	%ebx
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.bn_div_words_end:
-	SIZE(bn_div_words,.bn_div_words_end-bn_div_words)
-.ident	"bn_div_words"
-.text
-	.align ALIGN
-.globl bn_add_words
-	TYPE(bn_add_words,@function)
-bn_add_words:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	movl	20(%esp),	%ebx
-	movl	24(%esp),	%esi
-	movl	28(%esp),	%edi
-	movl	32(%esp),	%ebp
-	xorl	%eax,		%eax
-	andl	$4294967288,	%ebp
-	jz	.L011aw_finish
-.L012aw_loop:
-	/* Round 0 */
-	movl	(%esi),		%ecx
-	movl	(%edi),		%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		(%ebx)
-	/* Round 1 */
-	movl	4(%esi),	%ecx
-	movl	4(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		4(%ebx)
-	/* Round 2 */
-	movl	8(%esi),	%ecx
-	movl	8(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		8(%ebx)
-	/* Round 3 */
-	movl	12(%esi),	%ecx
-	movl	12(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		12(%ebx)
-	/* Round 4 */
-	movl	16(%esi),	%ecx
-	movl	16(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		16(%ebx)
-	/* Round 5 */
-	movl	20(%esi),	%ecx
-	movl	20(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		20(%ebx)
-	/* Round 6 */
-	movl	24(%esi),	%ecx
-	movl	24(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		24(%ebx)
-	/* Round 7 */
-	movl	28(%esi),	%ecx
-	movl	28(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		28(%ebx)
-
-	addl	$32,		%esi
-	addl	$32,		%edi
-	addl	$32,		%ebx
-	subl	$8,		%ebp
-	jnz	.L012aw_loop
-.L011aw_finish:
-	movl	32(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L013aw_end
-	/* Tail Round 0 */
-	movl	(%esi),		%ecx
-	movl	(%edi),		%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		(%ebx)
-	jz	.L013aw_end
-	/* Tail Round 1 */
-	movl	4(%esi),	%ecx
-	movl	4(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		4(%ebx)
-	jz	.L013aw_end
-	/* Tail Round 2 */
-	movl	8(%esi),	%ecx
-	movl	8(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		8(%ebx)
-	jz	.L013aw_end
-	/* Tail Round 3 */
-	movl	12(%esi),	%ecx
-	movl	12(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		12(%ebx)
-	jz	.L013aw_end
-	/* Tail Round 4 */
-	movl	16(%esi),	%ecx
-	movl	16(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		16(%ebx)
-	jz	.L013aw_end
-	/* Tail Round 5 */
-	movl	20(%esi),	%ecx
-	movl	20(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		20(%ebx)
-	jz	.L013aw_end
-	/* Tail Round 6 */
-	movl	24(%esi),	%ecx
-	movl	24(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		24(%ebx)
-.L013aw_end:
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.bn_add_words_end:
-	SIZE(bn_add_words,.bn_add_words_end-bn_add_words)
-.ident	"bn_add_words"
-.text
-	.align ALIGN
-.globl bn_sub_words
-	TYPE(bn_sub_words,@function)
-bn_sub_words:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	movl	20(%esp),	%ebx
-	movl	24(%esp),	%esi
-	movl	28(%esp),	%edi
-	movl	32(%esp),	%ebp
-	xorl	%eax,		%eax
-	andl	$4294967288,	%ebp
-	jz	.L014aw_finish
-.L015aw_loop:
-	/* Round 0 */
-	movl	(%esi),		%ecx
-	movl	(%edi),		%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		(%ebx)
-	/* Round 1 */
-	movl	4(%esi),	%ecx
-	movl	4(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		4(%ebx)
-	/* Round 2 */
-	movl	8(%esi),	%ecx
-	movl	8(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		8(%ebx)
-	/* Round 3 */
-	movl	12(%esi),	%ecx
-	movl	12(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		12(%ebx)
-	/* Round 4 */
-	movl	16(%esi),	%ecx
-	movl	16(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		16(%ebx)
-	/* Round 5 */
-	movl	20(%esi),	%ecx
-	movl	20(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		20(%ebx)
-	/* Round 6 */
-	movl	24(%esi),	%ecx
-	movl	24(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		24(%ebx)
-	/* Round 7 */
-	movl	28(%esi),	%ecx
-	movl	28(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		28(%ebx)
-
-	addl	$32,		%esi
-	addl	$32,		%edi
-	addl	$32,		%ebx
-	subl	$8,		%ebp
-	jnz	.L015aw_loop
-.L014aw_finish:
-	movl	32(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L016aw_end
-	/* Tail Round 0 */
-	movl	(%esi),		%ecx
-	movl	(%edi),		%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		(%ebx)
-	jz	.L016aw_end
-	/* Tail Round 1 */
-	movl	4(%esi),	%ecx
-	movl	4(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		4(%ebx)
-	jz	.L016aw_end
-	/* Tail Round 2 */
-	movl	8(%esi),	%ecx
-	movl	8(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		8(%ebx)
-	jz	.L016aw_end
-	/* Tail Round 3 */
-	movl	12(%esi),	%ecx
-	movl	12(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		12(%ebx)
-	jz	.L016aw_end
-	/* Tail Round 4 */
-	movl	16(%esi),	%ecx
-	movl	16(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		16(%ebx)
-	jz	.L016aw_end
-	/* Tail Round 5 */
-	movl	20(%esi),	%ecx
-	movl	20(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		20(%ebx)
-	jz	.L016aw_end
-	/* Tail Round 6 */
-	movl	24(%esi),	%ecx
-	movl	24(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		24(%ebx)
-.L016aw_end:
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.bn_sub_words_end:
-	SIZE(bn_sub_words,.bn_sub_words_end-bn_sub_words)
-.ident	"bn_sub_words"
-.text
-	.align ALIGN
-.globl bn_mul_comba8
-	TYPE(bn_mul_comba8,@function)
-bn_mul_comba8:
-	pushl	%esi
-	movl	12(%esp),	%esi
-	pushl	%edi
-	movl	20(%esp),	%edi
-	pushl	%ebp
-	pushl	%ebx
-	xorl	%ebx,		%ebx
-	movl	(%esi),		%eax
-	xorl	%ecx,		%ecx
-	movl	(%edi),		%edx
-	/* ################## Calculate word 0 */
-	xorl	%ebp,		%ebp
-	/* mul a[0]*b[0] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	(%edi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		(%eax)
-	movl	4(%esi),	%eax
-	/* saved r[0] */
-	/* ################## Calculate word 1 */
-	xorl	%ebx,		%ebx
-	/* mul a[1]*b[0] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebp
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[0]*b[1] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	(%edi),		%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		4(%eax)
-	movl	8(%esi),	%eax
-	/* saved r[1] */
-	/* ################## Calculate word 2 */
-	xorl	%ecx,		%ecx
-	/* mul a[2]*b[0] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[1]*b[1] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[0]*b[2] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	(%edi),		%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		8(%eax)
-	movl	12(%esi),	%eax
-	/* saved r[2] */
-	/* ################## Calculate word 3 */
-	xorl	%ebp,		%ebp
-	/* mul a[3]*b[0] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[2]*b[1] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[1]*b[2] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ecx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[0]*b[3] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	(%edi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		12(%eax)
-	movl	16(%esi),	%eax
-	/* saved r[3] */
-	/* ################## Calculate word 4 */
-	xorl	%ebx,		%ebx
-	/* mul a[4]*b[0] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[3]*b[1] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[2]*b[2] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[1]*b[3] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebp
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[0]*b[4] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	(%edi),		%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		16(%eax)
-	movl	20(%esi),	%eax
-	/* saved r[4] */
-	/* ################## Calculate word 5 */
-	xorl	%ecx,		%ecx
-	/* mul a[5]*b[0] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[4]*b[1] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[3]*b[2] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[2]*b[3] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	16(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[1]*b[4] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[0]*b[5] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	(%edi),		%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		20(%eax)
-	movl	24(%esi),	%eax
-	/* saved r[5] */
-	/* ################## Calculate word 6 */
-	xorl	%ebp,		%ebp
-	/* mul a[6]*b[0] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[5]*b[1] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[4]*b[2] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[3]*b[3] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[2]*b[4] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[1]*b[5] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ecx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[0]*b[6] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	(%edi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		24(%eax)
-	movl	28(%esi),	%eax
-	/* saved r[6] */
-	/* ################## Calculate word 7 */
-	xorl	%ebx,		%ebx
-	/* mul a[7]*b[0] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[6]*b[1] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[5]*b[2] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[4]*b[3] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[3]*b[4] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	20(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[2]*b[5] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[1]*b[6] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebp
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[0]*b[7] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		28(%eax)
-	movl	28(%esi),	%eax
-	/* saved r[7] */
-	/* ################## Calculate word 8 */
-	xorl	%ecx,		%ecx
-	/* mul a[7]*b[1] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[6]*b[2] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[5]*b[3] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	16(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[4]*b[4] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[3]*b[5] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[2]*b[6] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	28(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[1]*b[7] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		32(%eax)
-	movl	28(%esi),	%eax
-	/* saved r[8] */
-	/* ################## Calculate word 9 */
-	xorl	%ebp,		%ebp
-	/* mul a[7]*b[2] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[6]*b[3] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[5]*b[4] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[4]*b[5] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[3]*b[6] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[2]*b[7] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		36(%eax)
-	movl	28(%esi),	%eax
-	/* saved r[9] */
-	/* ################## Calculate word 10 */
-	xorl	%ebx,		%ebx
-	/* mul a[7]*b[3] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[6]*b[4] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	20(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[5]*b[5] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[4]*b[6] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[3]*b[7] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		40(%eax)
-	movl	28(%esi),	%eax
-	/* saved r[10] */
-	/* ################## Calculate word 11 */
-	xorl	%ecx,		%ecx
-	/* mul a[7]*b[4] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[6]*b[5] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[5]*b[6] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	28(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[4]*b[7] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		44(%eax)
-	movl	28(%esi),	%eax
-	/* saved r[11] */
-	/* ################## Calculate word 12 */
-	xorl	%ebp,		%ebp
-	/* mul a[7]*b[5] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[6]*b[6] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[5]*b[7] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		48(%eax)
-	movl	28(%esi),	%eax
-	/* saved r[12] */
-	/* ################## Calculate word 13 */
-	xorl	%ebx,		%ebx
-	/* mul a[7]*b[6] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[6]*b[7] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		52(%eax)
-	movl	28(%esi),	%eax
-	/* saved r[13] */
-	/* ################## Calculate word 14 */
-	xorl	%ecx,		%ecx
-	/* mul a[7]*b[7] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	adcl	$0,		%ecx
-	movl	%ebp,		56(%eax)
-	/* saved r[14] */
-	/* save r[15] */
-	movl	%ebx,		60(%eax)
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.bn_mul_comba8_end:
-	SIZE(bn_mul_comba8,.bn_mul_comba8_end-bn_mul_comba8)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl bn_mul_comba4
-	TYPE(bn_mul_comba4,@function)
-bn_mul_comba4:
-	pushl	%esi
-	movl	12(%esp),	%esi
-	pushl	%edi
-	movl	20(%esp),	%edi
-	pushl	%ebp
-	pushl	%ebx
-	xorl	%ebx,		%ebx
-	movl	(%esi),		%eax
-	xorl	%ecx,		%ecx
-	movl	(%edi),		%edx
-	/* ################## Calculate word 0 */
-	xorl	%ebp,		%ebp
-	/* mul a[0]*b[0] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	(%edi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		(%eax)
-	movl	4(%esi),	%eax
-	/* saved r[0] */
-	/* ################## Calculate word 1 */
-	xorl	%ebx,		%ebx
-	/* mul a[1]*b[0] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebp
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[0]*b[1] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	(%edi),		%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		4(%eax)
-	movl	8(%esi),	%eax
-	/* saved r[1] */
-	/* ################## Calculate word 2 */
-	xorl	%ecx,		%ecx
-	/* mul a[2]*b[0] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[1]*b[1] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[0]*b[2] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	(%edi),		%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		8(%eax)
-	movl	12(%esi),	%eax
-	/* saved r[2] */
-	/* ################## Calculate word 3 */
-	xorl	%ebp,		%ebp
-	/* mul a[3]*b[0] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[2]*b[1] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[1]*b[2] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ecx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[0]*b[3] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		12(%eax)
-	movl	12(%esi),	%eax
-	/* saved r[3] */
-	/* ################## Calculate word 4 */
-	xorl	%ebx,		%ebx
-	/* mul a[3]*b[1] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[2]*b[2] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[1]*b[3] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		16(%eax)
-	movl	12(%esi),	%eax
-	/* saved r[4] */
-	/* ################## Calculate word 5 */
-	xorl	%ecx,		%ecx
-	/* mul a[3]*b[2] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[2]*b[3] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		20(%eax)
-	movl	12(%esi),	%eax
-	/* saved r[5] */
-	/* ################## Calculate word 6 */
-	xorl	%ebp,		%ebp
-	/* mul a[3]*b[3] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	adcl	$0,		%ebp
-	movl	%ebx,		24(%eax)
-	/* saved r[6] */
-	/* save r[7] */
-	movl	%ecx,		28(%eax)
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.bn_mul_comba4_end:
-	SIZE(bn_mul_comba4,.bn_mul_comba4_end-bn_mul_comba4)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl bn_sqr_comba8
-	TYPE(bn_sqr_comba8,@function)
-bn_sqr_comba8:
-	pushl	%esi
-	pushl	%edi
-	pushl	%ebp
-	pushl	%ebx
-	movl	20(%esp),	%edi
-	movl	24(%esp),	%esi
-	xorl	%ebx,		%ebx
-	xorl	%ecx,		%ecx
-	movl	(%esi),		%eax
-	/* ############### Calculate word 0 */
-	xorl	%ebp,		%ebp
-	/* sqr a[0]*a[0] */
-	mull	%eax
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	(%esi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		(%edi)
-	movl	4(%esi),	%eax
-	/* saved r[0] */
-	/* ############### Calculate word 1 */
-	xorl	%ebx,		%ebx
-	/* sqr a[1]*a[0] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	%ecx,		4(%edi)
-	movl	(%esi),		%edx
-	/* saved r[1] */
-	/* ############### Calculate word 2 */
-	xorl	%ecx,		%ecx
-	/* sqr a[2]*a[0] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	4(%esi),	%eax
-	adcl	$0,		%ecx
-	/* sqr a[1]*a[1] */
-	mull	%eax
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	(%esi),		%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		8(%edi)
-	movl	12(%esi),	%eax
-	/* saved r[2] */
-	/* ############### Calculate word 3 */
-	xorl	%ebp,		%ebp
-	/* sqr a[3]*a[0] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	4(%esi),	%edx
-	/* sqr a[2]*a[1] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	16(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	%ebx,		12(%edi)
-	movl	(%esi),		%edx
-	/* saved r[3] */
-	/* ############### Calculate word 4 */
-	xorl	%ebx,		%ebx
-	/* sqr a[4]*a[0] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	12(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	4(%esi),	%edx
-	/* sqr a[3]*a[1] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebx
-	/* sqr a[2]*a[2] */
-	mull	%eax
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	(%esi),		%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		16(%edi)
-	movl	20(%esi),	%eax
-	/* saved r[4] */
-	/* ############### Calculate word 5 */
-	xorl	%ecx,		%ecx
-	/* sqr a[5]*a[0] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	16(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	4(%esi),	%edx
-	/* sqr a[4]*a[1] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	12(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	8(%esi),	%edx
-	/* sqr a[3]*a[2] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	24(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	%ebp,		20(%edi)
-	movl	(%esi),		%edx
-	/* saved r[5] */
-	/* ############### Calculate word 6 */
-	xorl	%ebp,		%ebp
-	/* sqr a[6]*a[0] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	20(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	4(%esi),	%edx
-	/* sqr a[5]*a[1] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	16(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	8(%esi),	%edx
-	/* sqr a[4]*a[2] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	12(%esi),	%eax
-	adcl	$0,		%ebp
-	/* sqr a[3]*a[3] */
-	mull	%eax
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	(%esi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		24(%edi)
-	movl	28(%esi),	%eax
-	/* saved r[6] */
-	/* ############### Calculate word 7 */
-	xorl	%ebx,		%ebx
-	/* sqr a[7]*a[0] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	24(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	4(%esi),	%edx
-	/* sqr a[6]*a[1] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	20(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	8(%esi),	%edx
-	/* sqr a[5]*a[2] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	16(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	12(%esi),	%edx
-	/* sqr a[4]*a[3] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	28(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	%ecx,		28(%edi)
-	movl	4(%esi),	%edx
-	/* saved r[7] */
-	/* ############### Calculate word 8 */
-	xorl	%ecx,		%ecx
-	/* sqr a[7]*a[1] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	24(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	8(%esi),	%edx
-	/* sqr a[6]*a[2] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	20(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	12(%esi),	%edx
-	/* sqr a[5]*a[3] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	16(%esi),	%eax
-	adcl	$0,		%ecx
-	/* sqr a[4]*a[4] */
-	mull	%eax
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	8(%esi),	%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		32(%edi)
-	movl	28(%esi),	%eax
-	/* saved r[8] */
-	/* ############### Calculate word 9 */
-	xorl	%ebp,		%ebp
-	/* sqr a[7]*a[2] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	24(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	12(%esi),	%edx
-	/* sqr a[6]*a[3] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	20(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	16(%esi),	%edx
-	/* sqr a[5]*a[4] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	28(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	%ebx,		36(%edi)
-	movl	12(%esi),	%edx
-	/* saved r[9] */
-	/* ############### Calculate word 10 */
-	xorl	%ebx,		%ebx
-	/* sqr a[7]*a[3] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	24(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	16(%esi),	%edx
-	/* sqr a[6]*a[4] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	20(%esi),	%eax
-	adcl	$0,		%ebx
-	/* sqr a[5]*a[5] */
-	mull	%eax
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	16(%esi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		40(%edi)
-	movl	28(%esi),	%eax
-	/* saved r[10] */
-	/* ############### Calculate word 11 */
-	xorl	%ecx,		%ecx
-	/* sqr a[7]*a[4] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	24(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	20(%esi),	%edx
-	/* sqr a[6]*a[5] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	28(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	%ebp,		44(%edi)
-	movl	20(%esi),	%edx
-	/* saved r[11] */
-	/* ############### Calculate word 12 */
-	xorl	%ebp,		%ebp
-	/* sqr a[7]*a[5] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	24(%esi),	%eax
-	adcl	$0,		%ebp
-	/* sqr a[6]*a[6] */
-	mull	%eax
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	24(%esi),	%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		48(%edi)
-	movl	28(%esi),	%eax
-	/* saved r[12] */
-	/* ############### Calculate word 13 */
-	xorl	%ebx,		%ebx
-	/* sqr a[7]*a[6] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	28(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	%ecx,		52(%edi)
-	/* saved r[13] */
-	/* ############### Calculate word 14 */
-	xorl	%ecx,		%ecx
-	/* sqr a[7]*a[7] */
-	mull	%eax
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	adcl	$0,		%ecx
-	movl	%ebp,		56(%edi)
-	/* saved r[14] */
-	movl	%ebx,		60(%edi)
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.bn_sqr_comba8_end:
-	SIZE(bn_sqr_comba8,.bn_sqr_comba8_end-bn_sqr_comba8)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl bn_sqr_comba4
-	TYPE(bn_sqr_comba4,@function)
-bn_sqr_comba4:
-	pushl	%esi
-	pushl	%edi
-	pushl	%ebp
-	pushl	%ebx
-	movl	20(%esp),	%edi
-	movl	24(%esp),	%esi
-	xorl	%ebx,		%ebx
-	xorl	%ecx,		%ecx
-	movl	(%esi),		%eax
-	/* ############### Calculate word 0 */
-	xorl	%ebp,		%ebp
-	/* sqr a[0]*a[0] */
-	mull	%eax
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	(%esi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		(%edi)
-	movl	4(%esi),	%eax
-	/* saved r[0] */
-	/* ############### Calculate word 1 */
-	xorl	%ebx,		%ebx
-	/* sqr a[1]*a[0] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	%ecx,		4(%edi)
-	movl	(%esi),		%edx
-	/* saved r[1] */
-	/* ############### Calculate word 2 */
-	xorl	%ecx,		%ecx
-	/* sqr a[2]*a[0] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	4(%esi),	%eax
-	adcl	$0,		%ecx
-	/* sqr a[1]*a[1] */
-	mull	%eax
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	(%esi),		%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		8(%edi)
-	movl	12(%esi),	%eax
-	/* saved r[2] */
-	/* ############### Calculate word 3 */
-	xorl	%ebp,		%ebp
-	/* sqr a[3]*a[0] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	4(%esi),	%edx
-	/* sqr a[2]*a[1] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	12(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	%ebx,		12(%edi)
-	movl	4(%esi),	%edx
-	/* saved r[3] */
-	/* ############### Calculate word 4 */
-	xorl	%ebx,		%ebx
-	/* sqr a[3]*a[1] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebx
-	/* sqr a[2]*a[2] */
-	mull	%eax
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	8(%esi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		16(%edi)
-	movl	12(%esi),	%eax
-	/* saved r[4] */
-	/* ############### Calculate word 5 */
-	xorl	%ecx,		%ecx
-	/* sqr a[3]*a[2] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	12(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	%ebp,		20(%edi)
-	/* saved r[5] */
-	/* ############### Calculate word 6 */
-	xorl	%ebp,		%ebp
-	/* sqr a[3]*a[3] */
-	mull	%eax
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	adcl	$0,		%ebp
-	movl	%ebx,		24(%edi)
-	/* saved r[6] */
-	movl	%ecx,		28(%edi)
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.bn_sqr_comba4_end:
-	SIZE(bn_sqr_comba4,.bn_sqr_comba4_end-bn_sqr_comba4)
-.ident	"desasm.pl"
diff --git a/crypto/bn/asm/ca.pl b/crypto/bn/asm/ca.pl
index 181d1f007e..c1ce67a6b4 100644
--- a/crypto/bn/asm/ca.pl
+++ b/crypto/bn/asm/ca.pl
@@ -16,7 +16,7 @@ require "alpha/sqr_c4.pl";
 require "alpha/sqr_c8.pl";
 require "alpha/div.pl";
 
-&asm_init($ARGV[0],"bn-586.pl");
+&asm_init($ARGV[0],$0);
 
 &bn_mul_words("bn_mul_words");
 &bn_sqr_words("bn_sqr_words");
diff --git a/crypto/bn/asm/co-586.pl b/crypto/bn/asm/co-586.pl
index 0bcb5a6d47..5d962cb957 100644
--- a/crypto/bn/asm/co-586.pl
+++ b/crypto/bn/asm/co-586.pl
@@ -3,7 +3,7 @@
 push(@INC,"perlasm","../../perlasm");
 require "x86asm.pl";
 
-&asm_init($ARGV[0],"bn-586.pl");
+&asm_init($ARGV[0],$0);
 
 &bn_mul_comba("bn_mul_comba8",8);
 &bn_mul_comba("bn_mul_comba4",4);
diff --git a/crypto/bn/asm/co-alpha.pl b/crypto/bn/asm/co-alpha.pl
index 23869a4ef5..67dad3e3d5 100644
--- a/crypto/bn/asm/co-alpha.pl
+++ b/crypto/bn/asm/co-alpha.pl
@@ -6,7 +6,7 @@
 push(@INC,"perlasm","../../perlasm");
 require "alpha.pl";
 
-&asm_init($ARGV[0],"bn-586.pl");
+&asm_init($ARGV[0],$0);
 
 print &bn_sub_words("bn_sub_words");
 
diff --git a/crypto/bn/asm/co86unix.cpp b/crypto/bn/asm/co86unix.cpp
deleted file mode 100644
index fa80b14046..0000000000
--- a/crypto/bn/asm/co86unix.cpp
+++ /dev/null
@@ -1,1315 +0,0 @@
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-
-#if defined(OUT) || defined(BSDI)
-#define bn_mul_comba8 _bn_mul_comba8
-#define bn_mul_comba4 _bn_mul_comba4
-#define bn_sqr_comba8 _bn_sqr_comba8
-#define bn_sqr_comba4 _bn_sqr_comba4
-
-#endif
-
-#ifdef OUT
-#define OK	1
-#define ALIGN	4
-#endif
-
-#ifdef BSDI
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-/* Let the Assembler begin :-) */
-	/* Don't even think of reading this code */
-	/* It was automatically generated by bn-586.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, BSDI,Win32, or Solaris */
-	/* eric <eay@cryptsoft.com> */
-
-	.file	"bn-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl bn_mul_comba8
-	TYPE(bn_mul_comba8,@function)
-bn_mul_comba8:
-	pushl	%esi
-	movl	12(%esp),	%esi
-	pushl	%edi
-	movl	20(%esp),	%edi
-	pushl	%ebp
-	pushl	%ebx
-	xorl	%ebx,		%ebx
-	movl	(%esi),		%eax
-	xorl	%ecx,		%ecx
-	movl	(%edi),		%edx
-	/* ################## Calculate word 0 */
-	xorl	%ebp,		%ebp
-	/* mul a[0]*b[0] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	(%edi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		(%eax)
-	movl	4(%esi),	%eax
-	/* saved r[0] */
-	/* ################## Calculate word 1 */
-	xorl	%ebx,		%ebx
-	/* mul a[1]*b[0] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebp
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[0]*b[1] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	(%edi),		%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		4(%eax)
-	movl	8(%esi),	%eax
-	/* saved r[1] */
-	/* ################## Calculate word 2 */
-	xorl	%ecx,		%ecx
-	/* mul a[2]*b[0] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[1]*b[1] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[0]*b[2] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	(%edi),		%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		8(%eax)
-	movl	12(%esi),	%eax
-	/* saved r[2] */
-	/* ################## Calculate word 3 */
-	xorl	%ebp,		%ebp
-	/* mul a[3]*b[0] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[2]*b[1] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[1]*b[2] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ecx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[0]*b[3] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	(%edi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		12(%eax)
-	movl	16(%esi),	%eax
-	/* saved r[3] */
-	/* ################## Calculate word 4 */
-	xorl	%ebx,		%ebx
-	/* mul a[4]*b[0] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[3]*b[1] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[2]*b[2] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[1]*b[3] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebp
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[0]*b[4] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	(%edi),		%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		16(%eax)
-	movl	20(%esi),	%eax
-	/* saved r[4] */
-	/* ################## Calculate word 5 */
-	xorl	%ecx,		%ecx
-	/* mul a[5]*b[0] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[4]*b[1] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[3]*b[2] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[2]*b[3] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	16(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[1]*b[4] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[0]*b[5] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	(%edi),		%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		20(%eax)
-	movl	24(%esi),	%eax
-	/* saved r[5] */
-	/* ################## Calculate word 6 */
-	xorl	%ebp,		%ebp
-	/* mul a[6]*b[0] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[5]*b[1] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[4]*b[2] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[3]*b[3] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[2]*b[4] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[1]*b[5] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ecx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[0]*b[6] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	(%edi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		24(%eax)
-	movl	28(%esi),	%eax
-	/* saved r[6] */
-	/* ################## Calculate word 7 */
-	xorl	%ebx,		%ebx
-	/* mul a[7]*b[0] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[6]*b[1] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[5]*b[2] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[4]*b[3] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[3]*b[4] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	20(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[2]*b[5] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[1]*b[6] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebp
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[0]*b[7] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		28(%eax)
-	movl	28(%esi),	%eax
-	/* saved r[7] */
-	/* ################## Calculate word 8 */
-	xorl	%ecx,		%ecx
-	/* mul a[7]*b[1] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[6]*b[2] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[5]*b[3] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	16(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[4]*b[4] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[3]*b[5] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[2]*b[6] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	28(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[1]*b[7] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		32(%eax)
-	movl	28(%esi),	%eax
-	/* saved r[8] */
-	/* ################## Calculate word 9 */
-	xorl	%ebp,		%ebp
-	/* mul a[7]*b[2] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[6]*b[3] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[5]*b[4] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[4]*b[5] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[3]*b[6] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[2]*b[7] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		36(%eax)
-	movl	28(%esi),	%eax
-	/* saved r[9] */
-	/* ################## Calculate word 10 */
-	xorl	%ebx,		%ebx
-	/* mul a[7]*b[3] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[6]*b[4] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	20(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[5]*b[5] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[4]*b[6] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[3]*b[7] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		40(%eax)
-	movl	28(%esi),	%eax
-	/* saved r[10] */
-	/* ################## Calculate word 11 */
-	xorl	%ecx,		%ecx
-	/* mul a[7]*b[4] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[6]*b[5] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[5]*b[6] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	28(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[4]*b[7] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		44(%eax)
-	movl	28(%esi),	%eax
-	/* saved r[11] */
-	/* ################## Calculate word 12 */
-	xorl	%ebp,		%ebp
-	/* mul a[7]*b[5] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[6]*b[6] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[5]*b[7] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		48(%eax)
-	movl	28(%esi),	%eax
-	/* saved r[12] */
-	/* ################## Calculate word 13 */
-	xorl	%ebx,		%ebx
-	/* mul a[7]*b[6] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[6]*b[7] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		52(%eax)
-	movl	28(%esi),	%eax
-	/* saved r[13] */
-	/* ################## Calculate word 14 */
-	xorl	%ecx,		%ecx
-	/* mul a[7]*b[7] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	adcl	$0,		%ecx
-	movl	%ebp,		56(%eax)
-	/* saved r[14] */
-	/* save r[15] */
-	movl	%ebx,		60(%eax)
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.bn_mul_comba8_end:
-	SIZE(bn_mul_comba8,.bn_mul_comba8_end-bn_mul_comba8)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl bn_mul_comba4
-	TYPE(bn_mul_comba4,@function)
-bn_mul_comba4:
-	pushl	%esi
-	movl	12(%esp),	%esi
-	pushl	%edi
-	movl	20(%esp),	%edi
-	pushl	%ebp
-	pushl	%ebx
-	xorl	%ebx,		%ebx
-	movl	(%esi),		%eax
-	xorl	%ecx,		%ecx
-	movl	(%edi),		%edx
-	/* ################## Calculate word 0 */
-	xorl	%ebp,		%ebp
-	/* mul a[0]*b[0] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	(%edi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		(%eax)
-	movl	4(%esi),	%eax
-	/* saved r[0] */
-	/* ################## Calculate word 1 */
-	xorl	%ebx,		%ebx
-	/* mul a[1]*b[0] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebp
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[0]*b[1] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	(%edi),		%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		4(%eax)
-	movl	8(%esi),	%eax
-	/* saved r[1] */
-	/* ################## Calculate word 2 */
-	xorl	%ecx,		%ecx
-	/* mul a[2]*b[0] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[1]*b[1] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[0]*b[2] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	(%edi),		%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		8(%eax)
-	movl	12(%esi),	%eax
-	/* saved r[2] */
-	/* ################## Calculate word 3 */
-	xorl	%ebp,		%ebp
-	/* mul a[3]*b[0] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[2]*b[1] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[1]*b[2] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ecx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebp
-	/* mul a[0]*b[3] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		12(%eax)
-	movl	12(%esi),	%eax
-	/* saved r[3] */
-	/* ################## Calculate word 4 */
-	xorl	%ebx,		%ebx
-	/* mul a[3]*b[1] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[2]*b[2] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebx
-	/* mul a[1]*b[3] */
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		16(%eax)
-	movl	12(%esi),	%eax
-	/* saved r[4] */
-	/* ################## Calculate word 5 */
-	xorl	%ecx,		%ecx
-	/* mul a[3]*b[2] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ecx
-	/* mul a[2]*b[3] */
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		20(%eax)
-	movl	12(%esi),	%eax
-	/* saved r[5] */
-	/* ################## Calculate word 6 */
-	xorl	%ebp,		%ebp
-	/* mul a[3]*b[3] */
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	adcl	$0,		%ebp
-	movl	%ebx,		24(%eax)
-	/* saved r[6] */
-	/* save r[7] */
-	movl	%ecx,		28(%eax)
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.bn_mul_comba4_end:
-	SIZE(bn_mul_comba4,.bn_mul_comba4_end-bn_mul_comba4)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl bn_sqr_comba8
-	TYPE(bn_sqr_comba8,@function)
-bn_sqr_comba8:
-	pushl	%esi
-	pushl	%edi
-	pushl	%ebp
-	pushl	%ebx
-	movl	20(%esp),	%edi
-	movl	24(%esp),	%esi
-	xorl	%ebx,		%ebx
-	xorl	%ecx,		%ecx
-	movl	(%esi),		%eax
-	/* ############### Calculate word 0 */
-	xorl	%ebp,		%ebp
-	/* sqr a[0]*a[0] */
-	mull	%eax
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	(%esi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		(%edi)
-	movl	4(%esi),	%eax
-	/* saved r[0] */
-	/* ############### Calculate word 1 */
-	xorl	%ebx,		%ebx
-	/* sqr a[1]*a[0] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	%ecx,		4(%edi)
-	movl	(%esi),		%edx
-	/* saved r[1] */
-	/* ############### Calculate word 2 */
-	xorl	%ecx,		%ecx
-	/* sqr a[2]*a[0] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	4(%esi),	%eax
-	adcl	$0,		%ecx
-	/* sqr a[1]*a[1] */
-	mull	%eax
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	(%esi),		%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		8(%edi)
-	movl	12(%esi),	%eax
-	/* saved r[2] */
-	/* ############### Calculate word 3 */
-	xorl	%ebp,		%ebp
-	/* sqr a[3]*a[0] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	4(%esi),	%edx
-	/* sqr a[2]*a[1] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	16(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	%ebx,		12(%edi)
-	movl	(%esi),		%edx
-	/* saved r[3] */
-	/* ############### Calculate word 4 */
-	xorl	%ebx,		%ebx
-	/* sqr a[4]*a[0] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	12(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	4(%esi),	%edx
-	/* sqr a[3]*a[1] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebx
-	/* sqr a[2]*a[2] */
-	mull	%eax
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	(%esi),		%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		16(%edi)
-	movl	20(%esi),	%eax
-	/* saved r[4] */
-	/* ############### Calculate word 5 */
-	xorl	%ecx,		%ecx
-	/* sqr a[5]*a[0] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	16(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	4(%esi),	%edx
-	/* sqr a[4]*a[1] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	12(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	8(%esi),	%edx
-	/* sqr a[3]*a[2] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	24(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	%ebp,		20(%edi)
-	movl	(%esi),		%edx
-	/* saved r[5] */
-	/* ############### Calculate word 6 */
-	xorl	%ebp,		%ebp
-	/* sqr a[6]*a[0] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	20(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	4(%esi),	%edx
-	/* sqr a[5]*a[1] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	16(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	8(%esi),	%edx
-	/* sqr a[4]*a[2] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	12(%esi),	%eax
-	adcl	$0,		%ebp
-	/* sqr a[3]*a[3] */
-	mull	%eax
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	(%esi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		24(%edi)
-	movl	28(%esi),	%eax
-	/* saved r[6] */
-	/* ############### Calculate word 7 */
-	xorl	%ebx,		%ebx
-	/* sqr a[7]*a[0] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	24(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	4(%esi),	%edx
-	/* sqr a[6]*a[1] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	20(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	8(%esi),	%edx
-	/* sqr a[5]*a[2] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	16(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	12(%esi),	%edx
-	/* sqr a[4]*a[3] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	28(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	%ecx,		28(%edi)
-	movl	4(%esi),	%edx
-	/* saved r[7] */
-	/* ############### Calculate word 8 */
-	xorl	%ecx,		%ecx
-	/* sqr a[7]*a[1] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	24(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	8(%esi),	%edx
-	/* sqr a[6]*a[2] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	20(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	12(%esi),	%edx
-	/* sqr a[5]*a[3] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	16(%esi),	%eax
-	adcl	$0,		%ecx
-	/* sqr a[4]*a[4] */
-	mull	%eax
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	8(%esi),	%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		32(%edi)
-	movl	28(%esi),	%eax
-	/* saved r[8] */
-	/* ############### Calculate word 9 */
-	xorl	%ebp,		%ebp
-	/* sqr a[7]*a[2] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	24(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	12(%esi),	%edx
-	/* sqr a[6]*a[3] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	20(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	16(%esi),	%edx
-	/* sqr a[5]*a[4] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	28(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	%ebx,		36(%edi)
-	movl	12(%esi),	%edx
-	/* saved r[9] */
-	/* ############### Calculate word 10 */
-	xorl	%ebx,		%ebx
-	/* sqr a[7]*a[3] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	24(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	16(%esi),	%edx
-	/* sqr a[6]*a[4] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	20(%esi),	%eax
-	adcl	$0,		%ebx
-	/* sqr a[5]*a[5] */
-	mull	%eax
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	16(%esi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		40(%edi)
-	movl	28(%esi),	%eax
-	/* saved r[10] */
-	/* ############### Calculate word 11 */
-	xorl	%ecx,		%ecx
-	/* sqr a[7]*a[4] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	24(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	20(%esi),	%edx
-	/* sqr a[6]*a[5] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	28(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	%ebp,		44(%edi)
-	movl	20(%esi),	%edx
-	/* saved r[11] */
-	/* ############### Calculate word 12 */
-	xorl	%ebp,		%ebp
-	/* sqr a[7]*a[5] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	24(%esi),	%eax
-	adcl	$0,		%ebp
-	/* sqr a[6]*a[6] */
-	mull	%eax
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	24(%esi),	%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		48(%edi)
-	movl	28(%esi),	%eax
-	/* saved r[12] */
-	/* ############### Calculate word 13 */
-	xorl	%ebx,		%ebx
-	/* sqr a[7]*a[6] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	28(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	%ecx,		52(%edi)
-	/* saved r[13] */
-	/* ############### Calculate word 14 */
-	xorl	%ecx,		%ecx
-	/* sqr a[7]*a[7] */
-	mull	%eax
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	adcl	$0,		%ecx
-	movl	%ebp,		56(%edi)
-	/* saved r[14] */
-	movl	%ebx,		60(%edi)
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.bn_sqr_comba8_end:
-	SIZE(bn_sqr_comba8,.bn_sqr_comba8_end-bn_sqr_comba8)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl bn_sqr_comba4
-	TYPE(bn_sqr_comba4,@function)
-bn_sqr_comba4:
-	pushl	%esi
-	pushl	%edi
-	pushl	%ebp
-	pushl	%ebx
-	movl	20(%esp),	%edi
-	movl	24(%esp),	%esi
-	xorl	%ebx,		%ebx
-	xorl	%ecx,		%ecx
-	movl	(%esi),		%eax
-	/* ############### Calculate word 0 */
-	xorl	%ebp,		%ebp
-	/* sqr a[0]*a[0] */
-	mull	%eax
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	(%esi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		(%edi)
-	movl	4(%esi),	%eax
-	/* saved r[0] */
-	/* ############### Calculate word 1 */
-	xorl	%ebx,		%ebx
-	/* sqr a[1]*a[0] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	%ecx,		4(%edi)
-	movl	(%esi),		%edx
-	/* saved r[1] */
-	/* ############### Calculate word 2 */
-	xorl	%ecx,		%ecx
-	/* sqr a[2]*a[0] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	4(%esi),	%eax
-	adcl	$0,		%ecx
-	/* sqr a[1]*a[1] */
-	mull	%eax
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	(%esi),		%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		8(%edi)
-	movl	12(%esi),	%eax
-	/* saved r[2] */
-	/* ############### Calculate word 3 */
-	xorl	%ebp,		%ebp
-	/* sqr a[3]*a[0] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	4(%esi),	%edx
-	/* sqr a[2]*a[1] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	12(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	%ebx,		12(%edi)
-	movl	4(%esi),	%edx
-	/* saved r[3] */
-	/* ############### Calculate word 4 */
-	xorl	%ebx,		%ebx
-	/* sqr a[3]*a[1] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebx
-	/* sqr a[2]*a[2] */
-	mull	%eax
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	8(%esi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		16(%edi)
-	movl	12(%esi),	%eax
-	/* saved r[4] */
-	/* ############### Calculate word 5 */
-	xorl	%ecx,		%ecx
-	/* sqr a[3]*a[2] */
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	12(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	%ebp,		20(%edi)
-	/* saved r[5] */
-	/* ############### Calculate word 6 */
-	xorl	%ebp,		%ebp
-	/* sqr a[3]*a[3] */
-	mull	%eax
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	adcl	$0,		%ebp
-	movl	%ebx,		24(%edi)
-	/* saved r[6] */
-	movl	%ecx,		28(%edi)
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.bn_sqr_comba4_end:
-	SIZE(bn_sqr_comba4,.bn_sqr_comba4_end-bn_sqr_comba4)
-.ident	"desasm.pl"
diff --git a/crypto/bn/asm/elf.s b/crypto/bn/asm/elf.s
deleted file mode 100644
index 97ad1264db..0000000000
--- a/crypto/bn/asm/elf.s
+++ /dev/null
@@ -1,1269 +0,0 @@
-	# Don't even think of reading this code 
-	# It was automatically generated by bn-586.pl 
-	# Which is a perl program used to generate the x86 assember for 
-	# any of elf, a.out, BSDI,Win32, or Solaris 
-	# eric <eay@cryptsoft.com> 
-
-	.file	"bn-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align 16
-.globl bn_mul_comba8
-	.type	bn_mul_comba8,@function
-bn_mul_comba8:
-	pushl	%esi
-	movl	12(%esp),	%esi
-	pushl	%edi
-	movl	20(%esp),	%edi
-	pushl	%ebp
-	pushl	%ebx
-	xorl	%ebx,		%ebx
-	movl	(%esi),		%eax
-	xorl	%ecx,		%ecx
-	movl	(%edi),		%edx
-	# ################## Calculate word 0 
-	xorl	%ebp,		%ebp
-	# mul a[0]*b[0] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	(%edi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		(%eax)
-	movl	4(%esi),	%eax
-	# saved r[0] 
-	# ################## Calculate word 1 
-	xorl	%ebx,		%ebx
-	# mul a[1]*b[0] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebp
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[0]*b[1] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	(%edi),		%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		4(%eax)
-	movl	8(%esi),	%eax
-	# saved r[1] 
-	# ################## Calculate word 2 
-	xorl	%ecx,		%ecx
-	# mul a[2]*b[0] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[1]*b[1] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[0]*b[2] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	(%edi),		%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		8(%eax)
-	movl	12(%esi),	%eax
-	# saved r[2] 
-	# ################## Calculate word 3 
-	xorl	%ebp,		%ebp
-	# mul a[3]*b[0] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[2]*b[1] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[1]*b[2] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ecx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[0]*b[3] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	(%edi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		12(%eax)
-	movl	16(%esi),	%eax
-	# saved r[3] 
-	# ################## Calculate word 4 
-	xorl	%ebx,		%ebx
-	# mul a[4]*b[0] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[3]*b[1] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[2]*b[2] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[1]*b[3] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebp
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[0]*b[4] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	(%edi),		%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		16(%eax)
-	movl	20(%esi),	%eax
-	# saved r[4] 
-	# ################## Calculate word 5 
-	xorl	%ecx,		%ecx
-	# mul a[5]*b[0] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[4]*b[1] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[3]*b[2] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[2]*b[3] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	16(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[1]*b[4] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[0]*b[5] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	(%edi),		%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		20(%eax)
-	movl	24(%esi),	%eax
-	# saved r[5] 
-	# ################## Calculate word 6 
-	xorl	%ebp,		%ebp
-	# mul a[6]*b[0] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[5]*b[1] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[4]*b[2] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[3]*b[3] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[2]*b[4] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[1]*b[5] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ecx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[0]*b[6] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	(%edi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		24(%eax)
-	movl	28(%esi),	%eax
-	# saved r[6] 
-	# ################## Calculate word 7 
-	xorl	%ebx,		%ebx
-	# mul a[7]*b[0] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[6]*b[1] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[5]*b[2] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[4]*b[3] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[3]*b[4] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	20(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[2]*b[5] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[1]*b[6] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebp
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[0]*b[7] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		28(%eax)
-	movl	28(%esi),	%eax
-	# saved r[7] 
-	# ################## Calculate word 8 
-	xorl	%ecx,		%ecx
-	# mul a[7]*b[1] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[6]*b[2] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[5]*b[3] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	16(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[4]*b[4] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[3]*b[5] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[2]*b[6] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	28(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[1]*b[7] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		32(%eax)
-	movl	28(%esi),	%eax
-	# saved r[8] 
-	# ################## Calculate word 9 
-	xorl	%ebp,		%ebp
-	# mul a[7]*b[2] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[6]*b[3] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[5]*b[4] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[4]*b[5] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[3]*b[6] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[2]*b[7] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		36(%eax)
-	movl	28(%esi),	%eax
-	# saved r[9] 
-	# ################## Calculate word 10 
-	xorl	%ebx,		%ebx
-	# mul a[7]*b[3] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[6]*b[4] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	20(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[5]*b[5] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[4]*b[6] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[3]*b[7] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		40(%eax)
-	movl	28(%esi),	%eax
-	# saved r[10] 
-	# ################## Calculate word 11 
-	xorl	%ecx,		%ecx
-	# mul a[7]*b[4] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[6]*b[5] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[5]*b[6] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	28(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[4]*b[7] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		44(%eax)
-	movl	28(%esi),	%eax
-	# saved r[11] 
-	# ################## Calculate word 12 
-	xorl	%ebp,		%ebp
-	# mul a[7]*b[5] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[6]*b[6] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[5]*b[7] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		48(%eax)
-	movl	28(%esi),	%eax
-	# saved r[12] 
-	# ################## Calculate word 13 
-	xorl	%ebx,		%ebx
-	# mul a[7]*b[6] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[6]*b[7] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		52(%eax)
-	movl	28(%esi),	%eax
-	# saved r[13] 
-	# ################## Calculate word 14 
-	xorl	%ecx,		%ecx
-	# mul a[7]*b[7] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	adcl	$0,		%ecx
-	movl	%ebp,		56(%eax)
-	# saved r[14] 
-	# save r[15] 
-	movl	%ebx,		60(%eax)
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.bn_mul_comba8_end:
-	.size	bn_mul_comba8,.bn_mul_comba8_end-bn_mul_comba8
-.ident	"desasm.pl"
-.text
-	.align 16
-.globl bn_mul_comba4
-	.type	bn_mul_comba4,@function
-bn_mul_comba4:
-	pushl	%esi
-	movl	12(%esp),	%esi
-	pushl	%edi
-	movl	20(%esp),	%edi
-	pushl	%ebp
-	pushl	%ebx
-	xorl	%ebx,		%ebx
-	movl	(%esi),		%eax
-	xorl	%ecx,		%ecx
-	movl	(%edi),		%edx
-	# ################## Calculate word 0 
-	xorl	%ebp,		%ebp
-	# mul a[0]*b[0] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	(%edi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		(%eax)
-	movl	4(%esi),	%eax
-	# saved r[0] 
-	# ################## Calculate word 1 
-	xorl	%ebx,		%ebx
-	# mul a[1]*b[0] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebp
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[0]*b[1] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	(%edi),		%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		4(%eax)
-	movl	8(%esi),	%eax
-	# saved r[1] 
-	# ################## Calculate word 2 
-	xorl	%ecx,		%ecx
-	# mul a[2]*b[0] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[1]*b[1] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[0]*b[2] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	(%edi),		%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		8(%eax)
-	movl	12(%esi),	%eax
-	# saved r[2] 
-	# ################## Calculate word 3 
-	xorl	%ebp,		%ebp
-	# mul a[3]*b[0] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[2]*b[1] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[1]*b[2] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ecx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[0]*b[3] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		12(%eax)
-	movl	12(%esi),	%eax
-	# saved r[3] 
-	# ################## Calculate word 4 
-	xorl	%ebx,		%ebx
-	# mul a[3]*b[1] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[2]*b[2] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[1]*b[3] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		16(%eax)
-	movl	12(%esi),	%eax
-	# saved r[4] 
-	# ################## Calculate word 5 
-	xorl	%ecx,		%ecx
-	# mul a[3]*b[2] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[2]*b[3] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		20(%eax)
-	movl	12(%esi),	%eax
-	# saved r[5] 
-	# ################## Calculate word 6 
-	xorl	%ebp,		%ebp
-	# mul a[3]*b[3] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	adcl	$0,		%ebp
-	movl	%ebx,		24(%eax)
-	# saved r[6] 
-	# save r[7] 
-	movl	%ecx,		28(%eax)
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.bn_mul_comba4_end:
-	.size	bn_mul_comba4,.bn_mul_comba4_end-bn_mul_comba4
-.ident	"desasm.pl"
-.text
-	.align 16
-.globl bn_sqr_comba8
-	.type	bn_sqr_comba8,@function
-bn_sqr_comba8:
-	pushl	%esi
-	pushl	%edi
-	pushl	%ebp
-	pushl	%ebx
-	movl	20(%esp),	%edi
-	movl	24(%esp),	%esi
-	xorl	%ebx,		%ebx
-	xorl	%ecx,		%ecx
-	movl	(%esi),		%eax
-	# ############### Calculate word 0 
-	xorl	%ebp,		%ebp
-	# sqr a[0]*a[0] 
-	mull	%eax
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	(%esi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		(%edi)
-	movl	4(%esi),	%eax
-	# saved r[0] 
-	# ############### Calculate word 1 
-	xorl	%ebx,		%ebx
-	# sqr a[1]*a[0] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	%ecx,		4(%edi)
-	movl	(%esi),		%edx
-	# saved r[1] 
-	# ############### Calculate word 2 
-	xorl	%ecx,		%ecx
-	# sqr a[2]*a[0] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	4(%esi),	%eax
-	adcl	$0,		%ecx
-	# sqr a[1]*a[1] 
-	mull	%eax
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	(%esi),		%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		8(%edi)
-	movl	12(%esi),	%eax
-	# saved r[2] 
-	# ############### Calculate word 3 
-	xorl	%ebp,		%ebp
-	# sqr a[3]*a[0] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	4(%esi),	%edx
-	# sqr a[2]*a[1] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	16(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	%ebx,		12(%edi)
-	movl	(%esi),		%edx
-	# saved r[3] 
-	# ############### Calculate word 4 
-	xorl	%ebx,		%ebx
-	# sqr a[4]*a[0] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	12(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	4(%esi),	%edx
-	# sqr a[3]*a[1] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebx
-	# sqr a[2]*a[2] 
-	mull	%eax
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	(%esi),		%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		16(%edi)
-	movl	20(%esi),	%eax
-	# saved r[4] 
-	# ############### Calculate word 5 
-	xorl	%ecx,		%ecx
-	# sqr a[5]*a[0] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	16(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	4(%esi),	%edx
-	# sqr a[4]*a[1] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	12(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	8(%esi),	%edx
-	# sqr a[3]*a[2] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	24(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	%ebp,		20(%edi)
-	movl	(%esi),		%edx
-	# saved r[5] 
-	# ############### Calculate word 6 
-	xorl	%ebp,		%ebp
-	# sqr a[6]*a[0] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	20(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	4(%esi),	%edx
-	# sqr a[5]*a[1] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	16(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	8(%esi),	%edx
-	# sqr a[4]*a[2] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	12(%esi),	%eax
-	adcl	$0,		%ebp
-	# sqr a[3]*a[3] 
-	mull	%eax
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	(%esi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		24(%edi)
-	movl	28(%esi),	%eax
-	# saved r[6] 
-	# ############### Calculate word 7 
-	xorl	%ebx,		%ebx
-	# sqr a[7]*a[0] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	24(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	4(%esi),	%edx
-	# sqr a[6]*a[1] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	20(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	8(%esi),	%edx
-	# sqr a[5]*a[2] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	16(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	12(%esi),	%edx
-	# sqr a[4]*a[3] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	28(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	%ecx,		28(%edi)
-	movl	4(%esi),	%edx
-	# saved r[7] 
-	# ############### Calculate word 8 
-	xorl	%ecx,		%ecx
-	# sqr a[7]*a[1] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	24(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	8(%esi),	%edx
-	# sqr a[6]*a[2] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	20(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	12(%esi),	%edx
-	# sqr a[5]*a[3] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	16(%esi),	%eax
-	adcl	$0,		%ecx
-	# sqr a[4]*a[4] 
-	mull	%eax
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	8(%esi),	%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		32(%edi)
-	movl	28(%esi),	%eax
-	# saved r[8] 
-	# ############### Calculate word 9 
-	xorl	%ebp,		%ebp
-	# sqr a[7]*a[2] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	24(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	12(%esi),	%edx
-	# sqr a[6]*a[3] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	20(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	16(%esi),	%edx
-	# sqr a[5]*a[4] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	28(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	%ebx,		36(%edi)
-	movl	12(%esi),	%edx
-	# saved r[9] 
-	# ############### Calculate word 10 
-	xorl	%ebx,		%ebx
-	# sqr a[7]*a[3] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	24(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	16(%esi),	%edx
-	# sqr a[6]*a[4] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	20(%esi),	%eax
-	adcl	$0,		%ebx
-	# sqr a[5]*a[5] 
-	mull	%eax
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	16(%esi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		40(%edi)
-	movl	28(%esi),	%eax
-	# saved r[10] 
-	# ############### Calculate word 11 
-	xorl	%ecx,		%ecx
-	# sqr a[7]*a[4] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	24(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	20(%esi),	%edx
-	# sqr a[6]*a[5] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	28(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	%ebp,		44(%edi)
-	movl	20(%esi),	%edx
-	# saved r[11] 
-	# ############### Calculate word 12 
-	xorl	%ebp,		%ebp
-	# sqr a[7]*a[5] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	24(%esi),	%eax
-	adcl	$0,		%ebp
-	# sqr a[6]*a[6] 
-	mull	%eax
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	24(%esi),	%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		48(%edi)
-	movl	28(%esi),	%eax
-	# saved r[12] 
-	# ############### Calculate word 13 
-	xorl	%ebx,		%ebx
-	# sqr a[7]*a[6] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	28(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	%ecx,		52(%edi)
-	# saved r[13] 
-	# ############### Calculate word 14 
-	xorl	%ecx,		%ecx
-	# sqr a[7]*a[7] 
-	mull	%eax
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	adcl	$0,		%ecx
-	movl	%ebp,		56(%edi)
-	# saved r[14] 
-	movl	%ebx,		60(%edi)
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.bn_sqr_comba8_end:
-	.size	bn_sqr_comba8,.bn_sqr_comba8_end-bn_sqr_comba8
-.ident	"desasm.pl"
-.text
-	.align 16
-.globl bn_sqr_comba4
-	.type	bn_sqr_comba4,@function
-bn_sqr_comba4:
-	pushl	%esi
-	pushl	%edi
-	pushl	%ebp
-	pushl	%ebx
-	movl	20(%esp),	%edi
-	movl	24(%esp),	%esi
-	xorl	%ebx,		%ebx
-	xorl	%ecx,		%ecx
-	movl	(%esi),		%eax
-	# ############### Calculate word 0 
-	xorl	%ebp,		%ebp
-	# sqr a[0]*a[0] 
-	mull	%eax
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	(%esi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		(%edi)
-	movl	4(%esi),	%eax
-	# saved r[0] 
-	# ############### Calculate word 1 
-	xorl	%ebx,		%ebx
-	# sqr a[1]*a[0] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	%ecx,		4(%edi)
-	movl	(%esi),		%edx
-	# saved r[1] 
-	# ############### Calculate word 2 
-	xorl	%ecx,		%ecx
-	# sqr a[2]*a[0] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	4(%esi),	%eax
-	adcl	$0,		%ecx
-	# sqr a[1]*a[1] 
-	mull	%eax
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	(%esi),		%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		8(%edi)
-	movl	12(%esi),	%eax
-	# saved r[2] 
-	# ############### Calculate word 3 
-	xorl	%ebp,		%ebp
-	# sqr a[3]*a[0] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	4(%esi),	%edx
-	# sqr a[2]*a[1] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	12(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	%ebx,		12(%edi)
-	movl	4(%esi),	%edx
-	# saved r[3] 
-	# ############### Calculate word 4 
-	xorl	%ebx,		%ebx
-	# sqr a[3]*a[1] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebx
-	# sqr a[2]*a[2] 
-	mull	%eax
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	8(%esi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		16(%edi)
-	movl	12(%esi),	%eax
-	# saved r[4] 
-	# ############### Calculate word 5 
-	xorl	%ecx,		%ecx
-	# sqr a[3]*a[2] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	12(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	%ebp,		20(%edi)
-	# saved r[5] 
-	# ############### Calculate word 6 
-	xorl	%ebp,		%ebp
-	# sqr a[3]*a[3] 
-	mull	%eax
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	adcl	$0,		%ebp
-	movl	%ebx,		24(%edi)
-	# saved r[6] 
-	movl	%ecx,		28(%edi)
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.bn_sqr_comba4_end:
-	.size	bn_sqr_comba4,.bn_sqr_comba4_end-bn_sqr_comba4
-.ident	"desasm.pl"
diff --git a/crypto/bn/asm/f b/crypto/bn/asm/f
deleted file mode 100644
index a23fa159b2..0000000000
--- a/crypto/bn/asm/f
+++ /dev/null
@@ -1,500 +0,0 @@
-	.text
-	.align 3
-	.globl bn_sqr_comba8
-	.ent bn_sqr_comba8
-bn_sqr_comba8:
-bn_sqr_comba8..ng:
-	.frame $30,0,$26,0
-	.prologue 0
-
-	ldq	$0,	0($17)
-	ldq	$1,	8($17)
-	ldq	$2,	16($17)
-	ldq	$3,	24($17)
-	ldq	$4,	32($17)
-	ldq	$5,	40($17)
-	ldq	$6,	48($17)
-	ldq	$7,	56($17)
-	bis	$31,	$31,	$23
-	mulq	$0,	$0,	$8
-	umulh	$0,	$0,	$22
-	stq	$8,	0($16)
-	bis	$31,	$31,	$8
-	mulq	$1,	$0,	$24
-	umulh	$1,	$0,	$25
-	cmplt	$24,	$31,	$27
-	cmplt	$25,	$31,	$28
-	addq	$24,	$24,	$24
-	addq	$25,	$25,	$25
-	addq	$25,	$27,	$25
-	addq	$8,	$28,	$8
-	addq	$22,	$24,	$22
-	addq	$23,	$25,	$23
-	cmpult	$22,	$24,	$21
-	cmpult	$23,	$25,	$20
-	addq	$23,	$21,	$23
-	addq	$8,	$20,	$8
-	stq	$22,	8($16)
-	bis	$31,	$31,	$22
-	mulq	$1,	$1,	$19
-	umulh	$1,	$1,	$18
-	addq	$23,	$19,	$23
-	addq	$8,	$18,	$8
-	cmpult	$23,	$19,	$17
-	cmpult	$8,	$18,	$27
-	addq	$8,	$17,	$8
-	addq	$22,	$27,	$22
-	mulq	$2,	$0,	$28
-	umulh	$2,	$0,	$24
-	cmplt	$28,	$31,	$25
-	cmplt	$24,	$31,	$21
-	addq	$28,	$28,	$28
-	addq	$24,	$24,	$24
-	addq	$24,	$25,	$24
-	addq	$22,	$21,	$22
-	addq	$23,	$28,	$23
-	addq	$8,	$24,	$8
-	cmpult	$23,	$28,	$20
-	cmpult	$8,	$24,	$19
-	addq	$8,	$20,	$8
-	addq	$22,	$19,	$22
-	stq	$23,	16($16)
-	bis	$31,	$31,	$23
-	mulq	$2,	$1,	$18
-	umulh	$2,	$1,	$17
-	cmplt	$18,	$31,	$27
-	cmplt	$17,	$31,	$25
-	addq	$18,	$18,	$18
-	addq	$17,	$17,	$17
-	addq	$17,	$27,	$17
-	addq	$23,	$25,	$23
-	addq	$8,	$18,	$8
-	addq	$22,	$17,	$22
-	cmpult	$8,	$18,	$21
-	cmpult	$22,	$17,	$28
-	addq	$22,	$21,	$22
-	addq	$23,	$28,	$23
-	mulq	$3,	$0,	$24
-	umulh	$3,	$0,	$20
-	cmplt	$24,	$31,	$19
-	cmplt	$20,	$31,	$27
-	addq	$24,	$24,	$24
-	addq	$20,	$20,	$20
-	addq	$20,	$19,	$20
-	addq	$23,	$27,	$23
-	addq	$8,	$24,	$8
-	addq	$22,	$20,	$22
-	cmpult	$8,	$24,	$25
-	cmpult	$22,	$20,	$18
-	addq	$22,	$25,	$22
-	addq	$23,	$18,	$23
-	stq	$8,	24($16)
-	bis	$31,	$31,	$8
-	mulq	$2,	$2,	$17
-	umulh	$2,	$2,	$21
-	addq	$22,	$17,	$22
-	addq	$23,	$21,	$23
-	cmpult	$22,	$17,	$28
-	cmpult	$23,	$21,	$19
-	addq	$23,	$28,	$23
-	addq	$8,	$19,	$8
-	mulq	$3,	$1,	$27
-	umulh	$3,	$1,	$24
-	cmplt	$27,	$31,	$20
-	cmplt	$24,	$31,	$25
-	addq	$27,	$27,	$27
-	addq	$24,	$24,	$24
-	addq	$24,	$20,	$24
-	addq	$8,	$25,	$8
-	addq	$22,	$27,	$22
-	addq	$23,	$24,	$23
-	cmpult	$22,	$27,	$18
-	cmpult	$23,	$24,	$17
-	addq	$23,	$18,	$23
-	addq	$8,	$17,	$8
-	mulq	$4,	$0,	$21
-	umulh	$4,	$0,	$28
-	cmplt	$21,	$31,	$19
-	cmplt	$28,	$31,	$20
-	addq	$21,	$21,	$21
-	addq	$28,	$28,	$28
-	addq	$28,	$19,	$28
-	addq	$8,	$20,	$8
-	addq	$22,	$21,	$22
-	addq	$23,	$28,	$23
-	cmpult	$22,	$21,	$25
-	cmpult	$23,	$28,	$27
-	addq	$23,	$25,	$23
-	addq	$8,	$27,	$8
-	stq	$22,	32($16)
-	bis	$31,	$31,	$22
-	mulq	$3,	$2,	$24
-	umulh	$3,	$2,	$18
-	cmplt	$24,	$31,	$17
-	cmplt	$18,	$31,	$19
-	addq	$24,	$24,	$24
-	addq	$18,	$18,	$18
-	addq	$18,	$17,	$18
-	addq	$22,	$19,	$22
-	addq	$23,	$24,	$23
-	addq	$8,	$18,	$8
-	cmpult	$23,	$24,	$20
-	cmpult	$8,	$18,	$21
-	addq	$8,	$20,	$8
-	addq	$22,	$21,	$22
-	mulq	$4,	$1,	$28
-	umulh	$4,	$1,	$25
-	cmplt	$28,	$31,	$27
-	cmplt	$25,	$31,	$17
-	addq	$28,	$28,	$28
-	addq	$25,	$25,	$25
-	addq	$25,	$27,	$25
-	addq	$22,	$17,	$22
-	addq	$23,	$28,	$23
-	addq	$8,	$25,	$8
-	cmpult	$23,	$28,	$19
-	cmpult	$8,	$25,	$24
-	addq	$8,	$19,	$8
-	addq	$22,	$24,	$22
-	mulq	$5,	$0,	$18
-	umulh	$5,	$0,	$20
-	cmplt	$18,	$31,	$21
-	cmplt	$20,	$31,	$27
-	addq	$18,	$18,	$18
-	addq	$20,	$20,	$20
-	addq	$20,	$21,	$20
-	addq	$22,	$27,	$22
-	addq	$23,	$18,	$23
-	addq	$8,	$20,	$8
-	cmpult	$23,	$18,	$17
-	cmpult	$8,	$20,	$28
-	addq	$8,	$17,	$8
-	addq	$22,	$28,	$22
-	stq	$23,	40($16)
-	bis	$31,	$31,	$23
-	mulq	$3,	$3,	$25
-	umulh	$3,	$3,	$19
-	addq	$8,	$25,	$8
-	addq	$22,	$19,	$22
-	cmpult	$8,	$25,	$24
-	cmpult	$22,	$19,	$21
-	addq	$22,	$24,	$22
-	addq	$23,	$21,	$23
-	mulq	$4,	$2,	$27
-	umulh	$4,	$2,	$18
-	cmplt	$27,	$31,	$20
-	cmplt	$18,	$31,	$17
-	addq	$27,	$27,	$27
-	addq	$18,	$18,	$18
-	addq	$18,	$20,	$18
-	addq	$23,	$17,	$23
-	addq	$8,	$27,	$8
-	addq	$22,	$18,	$22
-	cmpult	$8,	$27,	$28
-	cmpult	$22,	$18,	$25
-	addq	$22,	$28,	$22
-	addq	$23,	$25,	$23
-	mulq	$5,	$1,	$19
-	umulh	$5,	$1,	$24
-	cmplt	$19,	$31,	$21
-	cmplt	$24,	$31,	$20
-	addq	$19,	$19,	$19
-	addq	$24,	$24,	$24
-	addq	$24,	$21,	$24
-	addq	$23,	$20,	$23
-	addq	$8,	$19,	$8
-	addq	$22,	$24,	$22
-	cmpult	$8,	$19,	$17
-	cmpult	$22,	$24,	$27
-	addq	$22,	$17,	$22
-	addq	$23,	$27,	$23
-	mulq	$6,	$0,	$18
-	umulh	$6,	$0,	$28
-	cmplt	$18,	$31,	$25
-	cmplt	$28,	$31,	$21
-	addq	$18,	$18,	$18
-	addq	$28,	$28,	$28
-	addq	$28,	$25,	$28
-	addq	$23,	$21,	$23
-	addq	$8,	$18,	$8
-	addq	$22,	$28,	$22
-	cmpult	$8,	$18,	$20
-	cmpult	$22,	$28,	$19
-	addq	$22,	$20,	$22
-	addq	$23,	$19,	$23
-	stq	$8,	48($16)
-	bis	$31,	$31,	$8
-	mulq	$4,	$3,	$24
-	umulh	$4,	$3,	$17
-	cmplt	$24,	$31,	$27
-	cmplt	$17,	$31,	$25
-	addq	$24,	$24,	$24
-	addq	$17,	$17,	$17
-	addq	$17,	$27,	$17
-	addq	$8,	$25,	$8
-	addq	$22,	$24,	$22
-	addq	$23,	$17,	$23
-	cmpult	$22,	$24,	$21
-	cmpult	$23,	$17,	$18
-	addq	$23,	$21,	$23
-	addq	$8,	$18,	$8
-	mulq	$5,	$2,	$28
-	umulh	$5,	$2,	$20
-	cmplt	$28,	$31,	$19
-	cmplt	$20,	$31,	$27
-	addq	$28,	$28,	$28
-	addq	$20,	$20,	$20
-	addq	$20,	$19,	$20
-	addq	$8,	$27,	$8
-	addq	$22,	$28,	$22
-	addq	$23,	$20,	$23
-	cmpult	$22,	$28,	$25
-	cmpult	$23,	$20,	$24
-	addq	$23,	$25,	$23
-	addq	$8,	$24,	$8
-	mulq	$6,	$1,	$17
-	umulh	$6,	$1,	$21
-	cmplt	$17,	$31,	$18
-	cmplt	$21,	$31,	$19
-	addq	$17,	$17,	$17
-	addq	$21,	$21,	$21
-	addq	$21,	$18,	$21
-	addq	$8,	$19,	$8
-	addq	$22,	$17,	$22
-	addq	$23,	$21,	$23
-	cmpult	$22,	$17,	$27
-	cmpult	$23,	$21,	$28
-	addq	$23,	$27,	$23
-	addq	$8,	$28,	$8
-	mulq	$7,	$0,	$20
-	umulh	$7,	$0,	$25
-	cmplt	$20,	$31,	$24
-	cmplt	$25,	$31,	$18
-	addq	$20,	$20,	$20
-	addq	$25,	$25,	$25
-	addq	$25,	$24,	$25
-	addq	$8,	$18,	$8
-	addq	$22,	$20,	$22
-	addq	$23,	$25,	$23
-	cmpult	$22,	$20,	$19
-	cmpult	$23,	$25,	$17
-	addq	$23,	$19,	$23
-	addq	$8,	$17,	$8
-	stq	$22,	56($16)
-	bis	$31,	$31,	$22
-	mulq	$4,	$4,	$21
-	umulh	$4,	$4,	$27
-	addq	$23,	$21,	$23
-	addq	$8,	$27,	$8
-	cmpult	$23,	$21,	$28
-	cmpult	$8,	$27,	$24
-	addq	$8,	$28,	$8
-	addq	$22,	$24,	$22
-	mulq	$5,	$3,	$18
-	umulh	$5,	$3,	$20
-	cmplt	$18,	$31,	$25
-	cmplt	$20,	$31,	$19
-	addq	$18,	$18,	$18
-	addq	$20,	$20,	$20
-	addq	$20,	$25,	$20
-	addq	$22,	$19,	$22
-	addq	$23,	$18,	$23
-	addq	$8,	$20,	$8
-	cmpult	$23,	$18,	$17
-	cmpult	$8,	$20,	$21
-	addq	$8,	$17,	$8
-	addq	$22,	$21,	$22
-	mulq	$6,	$2,	$27
-	umulh	$6,	$2,	$28
-	cmplt	$27,	$31,	$24
-	cmplt	$28,	$31,	$25
-	addq	$27,	$27,	$27
-	addq	$28,	$28,	$28
-	addq	$28,	$24,	$28
-	addq	$22,	$25,	$22
-	addq	$23,	$27,	$23
-	addq	$8,	$28,	$8
-	cmpult	$23,	$27,	$19
-	cmpult	$8,	$28,	$18
-	addq	$8,	$19,	$8
-	addq	$22,	$18,	$22
-	mulq	$7,	$1,	$20
-	umulh	$7,	$1,	$17
-	cmplt	$20,	$31,	$21
-	cmplt	$17,	$31,	$24
-	addq	$20,	$20,	$20
-	addq	$17,	$17,	$17
-	addq	$17,	$21,	$17
-	addq	$22,	$24,	$22
-	addq	$23,	$20,	$23
-	addq	$8,	$17,	$8
-	cmpult	$23,	$20,	$25
-	cmpult	$8,	$17,	$27
-	addq	$8,	$25,	$8
-	addq	$22,	$27,	$22
-	stq	$23,	64($16)
-	bis	$31,	$31,	$23
-	mulq	$5,	$4,	$28
-	umulh	$5,	$4,	$19
-	cmplt	$28,	$31,	$18
-	cmplt	$19,	$31,	$21
-	addq	$28,	$28,	$28
-	addq	$19,	$19,	$19
-	addq	$19,	$18,	$19
-	addq	$23,	$21,	$23
-	addq	$8,	$28,	$8
-	addq	$22,	$19,	$22
-	cmpult	$8,	$28,	$24
-	cmpult	$22,	$19,	$20
-	addq	$22,	$24,	$22
-	addq	$23,	$20,	$23
-	mulq	$6,	$3,	$17
-	umulh	$6,	$3,	$25
-	cmplt	$17,	$31,	$27
-	cmplt	$25,	$31,	$18
-	addq	$17,	$17,	$17
-	addq	$25,	$25,	$25
-	addq	$25,	$27,	$25
-	addq	$23,	$18,	$23
-	addq	$8,	$17,	$8
-	addq	$22,	$25,	$22
-	cmpult	$8,	$17,	$21
-	cmpult	$22,	$25,	$28
-	addq	$22,	$21,	$22
-	addq	$23,	$28,	$23
-	mulq	$7,	$2,	$19
-	umulh	$7,	$2,	$24
-	cmplt	$19,	$31,	$20
-	cmplt	$24,	$31,	$27
-	addq	$19,	$19,	$19
-	addq	$24,	$24,	$24
-	addq	$24,	$20,	$24
-	addq	$23,	$27,	$23
-	addq	$8,	$19,	$8
-	addq	$22,	$24,	$22
-	cmpult	$8,	$19,	$18
-	cmpult	$22,	$24,	$17
-	addq	$22,	$18,	$22
-	addq	$23,	$17,	$23
-	stq	$8,	72($16)
-	bis	$31,	$31,	$8
-	mulq	$5,	$5,	$25
-	umulh	$5,	$5,	$21
-	addq	$22,	$25,	$22
-	addq	$23,	$21,	$23
-	cmpult	$22,	$25,	$28
-	cmpult	$23,	$21,	$20
-	addq	$23,	$28,	$23
-	addq	$8,	$20,	$8
-	mulq	$6,	$4,	$27
-	umulh	$6,	$4,	$19
-	cmplt	$27,	$31,	$24
-	cmplt	$19,	$31,	$18
-	addq	$27,	$27,	$27
-	addq	$19,	$19,	$19
-	addq	$19,	$24,	$19
-	addq	$8,	$18,	$8
-	addq	$22,	$27,	$22
-	addq	$23,	$19,	$23
-	cmpult	$22,	$27,	$17
-	cmpult	$23,	$19,	$25
-	addq	$23,	$17,	$23
-	addq	$8,	$25,	$8
-	mulq	$7,	$3,	$21
-	umulh	$7,	$3,	$28
-	cmplt	$21,	$31,	$20
-	cmplt	$28,	$31,	$24
-	addq	$21,	$21,	$21
-	addq	$28,	$28,	$28
-	addq	$28,	$20,	$28
-	addq	$8,	$24,	$8
-	addq	$22,	$21,	$22
-	addq	$23,	$28,	$23
-	cmpult	$22,	$21,	$18
-	cmpult	$23,	$28,	$27
-	addq	$23,	$18,	$23
-	addq	$8,	$27,	$8
-	stq	$22,	80($16)
-	bis	$31,	$31,	$22
-	mulq	$6,	$5,	$19
-	umulh	$6,	$5,	$17
-	cmplt	$19,	$31,	$25
-	cmplt	$17,	$31,	$20
-	addq	$19,	$19,	$19
-	addq	$17,	$17,	$17
-	addq	$17,	$25,	$17
-	addq	$22,	$20,	$22
-	addq	$23,	$19,	$23
-	addq	$8,	$17,	$8
-	cmpult	$23,	$19,	$24
-	cmpult	$8,	$17,	$21
-	addq	$8,	$24,	$8
-	addq	$22,	$21,	$22
-	mulq	$7,	$4,	$28
-	umulh	$7,	$4,	$18
-	cmplt	$28,	$31,	$27
-	cmplt	$18,	$31,	$25
-	addq	$28,	$28,	$28
-	addq	$18,	$18,	$18
-	addq	$18,	$27,	$18
-	addq	$22,	$25,	$22
-	addq	$23,	$28,	$23
-	addq	$8,	$18,	$8
-	cmpult	$23,	$28,	$20
-	cmpult	$8,	$18,	$19
-	addq	$8,	$20,	$8
-	addq	$22,	$19,	$22
-	stq	$23,	88($16)
-	bis	$31,	$31,	$23
-	mulq	$6,	$6,	$17
-	umulh	$6,	$6,	$24
-	addq	$8,	$17,	$8
-	addq	$22,	$24,	$22
-	cmpult	$8,	$17,	$21
-	cmpult	$22,	$24,	$27
-	addq	$22,	$21,	$22
-	addq	$23,	$27,	$23
-	mulq	$7,	$5,	$25
-	umulh	$7,	$5,	$28
-	cmplt	$25,	$31,	$18
-	cmplt	$28,	$31,	$20
-	addq	$25,	$25,	$25
-	addq	$28,	$28,	$28
-	addq	$28,	$18,	$28
-	addq	$23,	$20,	$23
-	addq	$8,	$25,	$8
-	addq	$22,	$28,	$22
-	cmpult	$8,	$25,	$19
-	cmpult	$22,	$28,	$17
-	addq	$22,	$19,	$22
-	addq	$23,	$17,	$23
-	stq	$8,	96($16)
-	bis	$31,	$31,	$8
-	mulq	$7,	$6,	$24
-	umulh	$7,	$6,	$21
-	cmplt	$24,	$31,	$27
-	cmplt	$21,	$31,	$18
-	addq	$24,	$24,	$24
-	addq	$21,	$21,	$21
-	addq	$21,	$27,	$21
-	addq	$8,	$18,	$8
-	addq	$22,	$24,	$22
-	addq	$23,	$21,	$23
-	cmpult	$22,	$24,	$20
-	cmpult	$23,	$21,	$25
-	addq	$23,	$20,	$23
-	addq	$8,	$25,	$8
-	stq	$22,	104($16)
-	bis	$31,	$31,	$22
-	mulq	$7,	$7,	$28
-	umulh	$7,	$7,	$19
-	addq	$23,	$28,	$23
-	addq	$8,	$19,	$8
-	cmpult	$23,	$28,	$17
-	cmpult	$8,	$19,	$27
-	addq	$8,	$17,	$8
-	addq	$22,	$27,	$22
-	stq	$23,	112($16)
-	stq	$8,	120($16)
-	ret	$31,($26),1
-	.end bn_sqr_comba8
diff --git a/crypto/bn/asm/f.c b/crypto/bn/asm/f.c
deleted file mode 100644
index bfdccae4a0..0000000000
--- a/crypto/bn/asm/f.c
+++ /dev/null
@@ -1,8 +0,0 @@
-int abc(a,b,c,d,e,f,g,h,i,j)
-unsigned long a,b,c,d,e,f,g,h,i,j;
-	{
-	gg(g);
-	if (g)
-		gg(h);
-	gg(i);
-	}
diff --git a/crypto/bn/asm/f.elf b/crypto/bn/asm/f.elf
deleted file mode 100644
index 39d07b79e1..0000000000
--- a/crypto/bn/asm/f.elf
+++ /dev/null
@@ -1,2149 +0,0 @@
-	# Don't even think of reading this code 
-	# It was automatically generated by bn-586.pl 
-	# Which is a perl program used to generate the x86 assember for 
-	# any of elf, a.out, BSDI,Win32, or Solaris 
-	# eric <eay@cryptsoft.com> 
-
-	.file	"bn-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align 16
-.globl bn_mul_add_words
-	.type	bn_mul_add_words,@function
-bn_mul_add_words:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	xorl	%esi,		%esi
-	movl	20(%esp),	%edi
-	movl	28(%esp),	%ecx
-	movl	24(%esp),	%ebx
-	andl	$4294967288,	%ecx
-	movl	32(%esp),	%ebp
-	pushl	%ecx
-	jz	.L000maw_finish
-.L001maw_loop:
-	movl	%ecx,		(%esp)
-	# Round 0 
-	movl	(%ebx),		%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	(%edi),		%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		(%edi)
-	movl	%edx,		%esi
-	# Round 4 
-	movl	4(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	4(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		4(%edi)
-	movl	%edx,		%esi
-	# Round 8 
-	movl	8(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	8(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		8(%edi)
-	movl	%edx,		%esi
-	# Round 12 
-	movl	12(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	12(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		12(%edi)
-	movl	%edx,		%esi
-	# Round 16 
-	movl	16(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	16(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		16(%edi)
-	movl	%edx,		%esi
-	# Round 20 
-	movl	20(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	20(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		20(%edi)
-	movl	%edx,		%esi
-	# Round 24 
-	movl	24(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	24(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		24(%edi)
-	movl	%edx,		%esi
-	# Round 28 
-	movl	28(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	28(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		28(%edi)
-	movl	%edx,		%esi
-
-	movl	(%esp),		%ecx
-	addl	$32,		%ebx
-	addl	$32,		%edi
-	subl	$8,		%ecx
-	jnz	.L001maw_loop
-.L000maw_finish:
-	movl	32(%esp),	%ecx
-	andl	$7,		%ecx
-	jnz	.L002maw_finish2
-	jmp	.L003maw_end
-.align 16
-.L002maw_finish2:
-	# Tail Round 0 
-	movl	(%ebx),		%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	(%edi),		%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	decl	%ecx
-	movl	%eax,		(%edi)
-	movl	%edx,		%esi
-	jz	.L003maw_end
-	# Tail Round 1 
-	movl	4(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	4(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	decl	%ecx
-	movl	%eax,		4(%edi)
-	movl	%edx,		%esi
-	jz	.L003maw_end
-	# Tail Round 2 
-	movl	8(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	8(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	decl	%ecx
-	movl	%eax,		8(%edi)
-	movl	%edx,		%esi
-	jz	.L003maw_end
-	# Tail Round 3 
-	movl	12(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	12(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	decl	%ecx
-	movl	%eax,		12(%edi)
-	movl	%edx,		%esi
-	jz	.L003maw_end
-	# Tail Round 4 
-	movl	16(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	16(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	decl	%ecx
-	movl	%eax,		16(%edi)
-	movl	%edx,		%esi
-	jz	.L003maw_end
-	# Tail Round 5 
-	movl	20(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	20(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	decl	%ecx
-	movl	%eax,		20(%edi)
-	movl	%edx,		%esi
-	jz	.L003maw_end
-	# Tail Round 6 
-	movl	24(%ebx),	%eax
-	mull	%ebp
-	addl	%esi,		%eax
-	movl	24(%edi),	%esi
-	adcl	$0,		%edx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		24(%edi)
-	movl	%edx,		%esi
-.L003maw_end:
-	movl	%esi,		%eax
-	popl	%ecx
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.bn_mul_add_words_end:
-	.size	bn_mul_add_words,.bn_mul_add_words_end-bn_mul_add_words
-.ident	"bn_mul_add_words"
-.text
-	.align 16
-.globl bn_mul_words
-	.type	bn_mul_words,@function
-bn_mul_words:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	xorl	%esi,		%esi
-	movl	20(%esp),	%edi
-	movl	24(%esp),	%ebx
-	movl	28(%esp),	%ebp
-	movl	32(%esp),	%ecx
-	andl	$4294967288,	%ebp
-	jz	.L004mw_finish
-.L005mw_loop:
-	# Round 0 
-	movl	(%ebx),		%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		(%edi)
-	movl	%edx,		%esi
-	# Round 4 
-	movl	4(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		4(%edi)
-	movl	%edx,		%esi
-	# Round 8 
-	movl	8(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		8(%edi)
-	movl	%edx,		%esi
-	# Round 12 
-	movl	12(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		12(%edi)
-	movl	%edx,		%esi
-	# Round 16 
-	movl	16(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		16(%edi)
-	movl	%edx,		%esi
-	# Round 20 
-	movl	20(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		20(%edi)
-	movl	%edx,		%esi
-	# Round 24 
-	movl	24(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		24(%edi)
-	movl	%edx,		%esi
-	# Round 28 
-	movl	28(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		28(%edi)
-	movl	%edx,		%esi
-
-	addl	$32,		%ebx
-	addl	$32,		%edi
-	subl	$8,		%ebp
-	jz	.L004mw_finish
-	jmp	.L005mw_loop
-.L004mw_finish:
-	movl	28(%esp),	%ebp
-	andl	$7,		%ebp
-	jnz	.L006mw_finish2
-	jmp	.L007mw_end
-.align 16
-.L006mw_finish2:
-	# Tail Round 0 
-	movl	(%ebx),		%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		(%edi)
-	movl	%edx,		%esi
-	decl	%ebp
-	jz	.L007mw_end
-	# Tail Round 1 
-	movl	4(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		4(%edi)
-	movl	%edx,		%esi
-	decl	%ebp
-	jz	.L007mw_end
-	# Tail Round 2 
-	movl	8(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		8(%edi)
-	movl	%edx,		%esi
-	decl	%ebp
-	jz	.L007mw_end
-	# Tail Round 3 
-	movl	12(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		12(%edi)
-	movl	%edx,		%esi
-	decl	%ebp
-	jz	.L007mw_end
-	# Tail Round 4 
-	movl	16(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		16(%edi)
-	movl	%edx,		%esi
-	decl	%ebp
-	jz	.L007mw_end
-	# Tail Round 5 
-	movl	20(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		20(%edi)
-	movl	%edx,		%esi
-	decl	%ebp
-	jz	.L007mw_end
-	# Tail Round 6 
-	movl	24(%ebx),	%eax
-	mull	%ecx
-	addl	%esi,		%eax
-	adcl	$0,		%edx
-	movl	%eax,		24(%edi)
-	movl	%edx,		%esi
-.L007mw_end:
-	movl	%esi,		%eax
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.bn_mul_words_end:
-	.size	bn_mul_words,.bn_mul_words_end-bn_mul_words
-.ident	"bn_mul_words"
-.text
-	.align 16
-.globl bn_sqr_words
-	.type	bn_sqr_words,@function
-bn_sqr_words:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	movl	20(%esp),	%esi
-	movl	24(%esp),	%edi
-	movl	28(%esp),	%ebx
-	andl	$4294967288,	%ebx
-	jz	.L008sw_finish
-.L009sw_loop:
-	# Round 0 
-	movl	(%edi),		%eax
-	mull	%eax
-	movl	%eax,		(%esi)
-	movl	%edx,		4(%esi)
-	# Round 4 
-	movl	4(%edi),	%eax
-	mull	%eax
-	movl	%eax,		8(%esi)
-	movl	%edx,		12(%esi)
-	# Round 8 
-	movl	8(%edi),	%eax
-	mull	%eax
-	movl	%eax,		16(%esi)
-	movl	%edx,		20(%esi)
-	# Round 12 
-	movl	12(%edi),	%eax
-	mull	%eax
-	movl	%eax,		24(%esi)
-	movl	%edx,		28(%esi)
-	# Round 16 
-	movl	16(%edi),	%eax
-	mull	%eax
-	movl	%eax,		32(%esi)
-	movl	%edx,		36(%esi)
-	# Round 20 
-	movl	20(%edi),	%eax
-	mull	%eax
-	movl	%eax,		40(%esi)
-	movl	%edx,		44(%esi)
-	# Round 24 
-	movl	24(%edi),	%eax
-	mull	%eax
-	movl	%eax,		48(%esi)
-	movl	%edx,		52(%esi)
-	# Round 28 
-	movl	28(%edi),	%eax
-	mull	%eax
-	movl	%eax,		56(%esi)
-	movl	%edx,		60(%esi)
-
-	addl	$32,		%edi
-	addl	$64,		%esi
-	subl	$8,		%ebx
-	jnz	.L009sw_loop
-.L008sw_finish:
-	movl	28(%esp),	%ebx
-	andl	$7,		%ebx
-	jz	.L010sw_end
-	# Tail Round 0 
-	movl	(%edi),		%eax
-	mull	%eax
-	movl	%eax,		(%esi)
-	decl	%ebx
-	movl	%edx,		4(%esi)
-	jz	.L010sw_end
-	# Tail Round 1 
-	movl	4(%edi),	%eax
-	mull	%eax
-	movl	%eax,		8(%esi)
-	decl	%ebx
-	movl	%edx,		12(%esi)
-	jz	.L010sw_end
-	# Tail Round 2 
-	movl	8(%edi),	%eax
-	mull	%eax
-	movl	%eax,		16(%esi)
-	decl	%ebx
-	movl	%edx,		20(%esi)
-	jz	.L010sw_end
-	# Tail Round 3 
-	movl	12(%edi),	%eax
-	mull	%eax
-	movl	%eax,		24(%esi)
-	decl	%ebx
-	movl	%edx,		28(%esi)
-	jz	.L010sw_end
-	# Tail Round 4 
-	movl	16(%edi),	%eax
-	mull	%eax
-	movl	%eax,		32(%esi)
-	decl	%ebx
-	movl	%edx,		36(%esi)
-	jz	.L010sw_end
-	# Tail Round 5 
-	movl	20(%edi),	%eax
-	mull	%eax
-	movl	%eax,		40(%esi)
-	decl	%ebx
-	movl	%edx,		44(%esi)
-	jz	.L010sw_end
-	# Tail Round 6 
-	movl	24(%edi),	%eax
-	mull	%eax
-	movl	%eax,		48(%esi)
-	movl	%edx,		52(%esi)
-.L010sw_end:
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.bn_sqr_words_end:
-	.size	bn_sqr_words,.bn_sqr_words_end-bn_sqr_words
-.ident	"bn_sqr_words"
-.text
-	.align 16
-.globl bn_div64
-	.type	bn_div64,@function
-bn_div64:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-	movl	20(%esp),	%edx
-	movl	24(%esp),	%eax
-	movl	28(%esp),	%ebx
-	divl	%ebx
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.bn_div64_end:
-	.size	bn_div64,.bn_div64_end-bn_div64
-.ident	"bn_div64"
-.text
-	.align 16
-.globl bn_add_words
-	.type	bn_add_words,@function
-bn_add_words:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	movl	20(%esp),	%ebx
-	movl	24(%esp),	%esi
-	movl	28(%esp),	%edi
-	movl	32(%esp),	%ebp
-	xorl	%eax,		%eax
-	andl	$4294967288,	%ebp
-	jz	.L011aw_finish
-.L012aw_loop:
-	# Round 0 
-	movl	(%esi),		%ecx
-	movl	(%edi),		%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		(%ebx)
-	# Round 1 
-	movl	4(%esi),	%ecx
-	movl	4(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		4(%ebx)
-	# Round 2 
-	movl	8(%esi),	%ecx
-	movl	8(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		8(%ebx)
-	# Round 3 
-	movl	12(%esi),	%ecx
-	movl	12(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		12(%ebx)
-	# Round 4 
-	movl	16(%esi),	%ecx
-	movl	16(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		16(%ebx)
-	# Round 5 
-	movl	20(%esi),	%ecx
-	movl	20(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		20(%ebx)
-	# Round 6 
-	movl	24(%esi),	%ecx
-	movl	24(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		24(%ebx)
-	# Round 7 
-	movl	28(%esi),	%ecx
-	movl	28(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		28(%ebx)
-
-	addl	$32,		%esi
-	addl	$32,		%edi
-	addl	$32,		%ebx
-	subl	$8,		%ebp
-	jnz	.L012aw_loop
-.L011aw_finish:
-	movl	32(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L013aw_end
-	# Tail Round 0 
-	movl	(%esi),		%ecx
-	movl	(%edi),		%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		(%ebx)
-	jz	.L013aw_end
-	# Tail Round 1 
-	movl	4(%esi),	%ecx
-	movl	4(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		4(%ebx)
-	jz	.L013aw_end
-	# Tail Round 2 
-	movl	8(%esi),	%ecx
-	movl	8(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		8(%ebx)
-	jz	.L013aw_end
-	# Tail Round 3 
-	movl	12(%esi),	%ecx
-	movl	12(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		12(%ebx)
-	jz	.L013aw_end
-	# Tail Round 4 
-	movl	16(%esi),	%ecx
-	movl	16(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		16(%ebx)
-	jz	.L013aw_end
-	# Tail Round 5 
-	movl	20(%esi),	%ecx
-	movl	20(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		20(%ebx)
-	jz	.L013aw_end
-	# Tail Round 6 
-	movl	24(%esi),	%ecx
-	movl	24(%edi),	%edx
-	addl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	addl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		24(%ebx)
-.L013aw_end:
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.bn_add_words_end:
-	.size	bn_add_words,.bn_add_words_end-bn_add_words
-.ident	"bn_add_words"
-.text
-	.align 16
-.globl bn_sub_words
-	.type	bn_sub_words,@function
-bn_sub_words:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	movl	20(%esp),	%ebx
-	movl	24(%esp),	%esi
-	movl	28(%esp),	%edi
-	movl	32(%esp),	%ebp
-	xorl	%eax,		%eax
-	andl	$4294967288,	%ebp
-	jz	.L014aw_finish
-.L015aw_loop:
-	# Round 0 
-	movl	(%esi),		%ecx
-	movl	(%edi),		%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		(%ebx)
-	# Round 1 
-	movl	4(%esi),	%ecx
-	movl	4(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		4(%ebx)
-	# Round 2 
-	movl	8(%esi),	%ecx
-	movl	8(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		8(%ebx)
-	# Round 3 
-	movl	12(%esi),	%ecx
-	movl	12(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		12(%ebx)
-	# Round 4 
-	movl	16(%esi),	%ecx
-	movl	16(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		16(%ebx)
-	# Round 5 
-	movl	20(%esi),	%ecx
-	movl	20(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		20(%ebx)
-	# Round 6 
-	movl	24(%esi),	%ecx
-	movl	24(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		24(%ebx)
-	# Round 7 
-	movl	28(%esi),	%ecx
-	movl	28(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		28(%ebx)
-
-	addl	$32,		%esi
-	addl	$32,		%edi
-	addl	$32,		%ebx
-	subl	$8,		%ebp
-	jnz	.L015aw_loop
-.L014aw_finish:
-	movl	32(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L016aw_end
-	# Tail Round 0 
-	movl	(%esi),		%ecx
-	movl	(%edi),		%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		(%ebx)
-	jz	.L016aw_end
-	# Tail Round 1 
-	movl	4(%esi),	%ecx
-	movl	4(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		4(%ebx)
-	jz	.L016aw_end
-	# Tail Round 2 
-	movl	8(%esi),	%ecx
-	movl	8(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		8(%ebx)
-	jz	.L016aw_end
-	# Tail Round 3 
-	movl	12(%esi),	%ecx
-	movl	12(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		12(%ebx)
-	jz	.L016aw_end
-	# Tail Round 4 
-	movl	16(%esi),	%ecx
-	movl	16(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		16(%ebx)
-	jz	.L016aw_end
-	# Tail Round 5 
-	movl	20(%esi),	%ecx
-	movl	20(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	decl	%ebp
-	movl	%ecx,		20(%ebx)
-	jz	.L016aw_end
-	# Tail Round 6 
-	movl	24(%esi),	%ecx
-	movl	24(%edi),	%edx
-	subl	%eax,		%ecx
-	movl	$0,		%eax
-	adcl	%eax,		%eax
-	subl	%edx,		%ecx
-	adcl	$0,		%eax
-	movl	%ecx,		24(%ebx)
-.L016aw_end:
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.bn_sub_words_end:
-	.size	bn_sub_words,.bn_sub_words_end-bn_sub_words
-.ident	"bn_sub_words"
-.text
-	.align 16
-.globl bn_mul_comba8
-	.type	bn_mul_comba8,@function
-bn_mul_comba8:
-	pushl	%esi
-	movl	12(%esp),	%esi
-	pushl	%edi
-	movl	20(%esp),	%edi
-	pushl	%ebp
-	pushl	%ebx
-	xorl	%ebx,		%ebx
-	movl	(%esi),		%eax
-	xorl	%ecx,		%ecx
-	movl	(%edi),		%edx
-	# ################## Calculate word 0 
-	xorl	%ebp,		%ebp
-	# mul a[0]*b[0] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	(%edi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		(%eax)
-	movl	4(%esi),	%eax
-	# saved r[0] 
-	# ################## Calculate word 1 
-	xorl	%ebx,		%ebx
-	# mul a[1]*b[0] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebp
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[0]*b[1] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	(%edi),		%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		4(%eax)
-	movl	8(%esi),	%eax
-	# saved r[1] 
-	# ################## Calculate word 2 
-	xorl	%ecx,		%ecx
-	# mul a[2]*b[0] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[1]*b[1] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[0]*b[2] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	(%edi),		%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		8(%eax)
-	movl	12(%esi),	%eax
-	# saved r[2] 
-	# ################## Calculate word 3 
-	xorl	%ebp,		%ebp
-	# mul a[3]*b[0] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[2]*b[1] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[1]*b[2] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ecx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[0]*b[3] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	(%edi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		12(%eax)
-	movl	16(%esi),	%eax
-	# saved r[3] 
-	# ################## Calculate word 4 
-	xorl	%ebx,		%ebx
-	# mul a[4]*b[0] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[3]*b[1] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[2]*b[2] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[1]*b[3] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebp
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[0]*b[4] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	(%edi),		%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		16(%eax)
-	movl	20(%esi),	%eax
-	# saved r[4] 
-	# ################## Calculate word 5 
-	xorl	%ecx,		%ecx
-	# mul a[5]*b[0] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[4]*b[1] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[3]*b[2] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[2]*b[3] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	16(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[1]*b[4] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[0]*b[5] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	(%edi),		%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		20(%eax)
-	movl	24(%esi),	%eax
-	# saved r[5] 
-	# ################## Calculate word 6 
-	xorl	%ebp,		%ebp
-	# mul a[6]*b[0] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[5]*b[1] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[4]*b[2] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[3]*b[3] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[2]*b[4] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[1]*b[5] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ecx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[0]*b[6] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	(%edi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		24(%eax)
-	movl	28(%esi),	%eax
-	# saved r[6] 
-	# ################## Calculate word 7 
-	xorl	%ebx,		%ebx
-	# mul a[7]*b[0] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[6]*b[1] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[5]*b[2] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[4]*b[3] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[3]*b[4] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	20(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[2]*b[5] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[1]*b[6] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebp
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[0]*b[7] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		28(%eax)
-	movl	28(%esi),	%eax
-	# saved r[7] 
-	# ################## Calculate word 8 
-	xorl	%ecx,		%ecx
-	# mul a[7]*b[1] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[6]*b[2] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[5]*b[3] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	16(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[4]*b[4] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[3]*b[5] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[2]*b[6] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	28(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[1]*b[7] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		32(%eax)
-	movl	28(%esi),	%eax
-	# saved r[8] 
-	# ################## Calculate word 9 
-	xorl	%ebp,		%ebp
-	# mul a[7]*b[2] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[6]*b[3] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[5]*b[4] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[4]*b[5] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[3]*b[6] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[2]*b[7] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		36(%eax)
-	movl	28(%esi),	%eax
-	# saved r[9] 
-	# ################## Calculate word 10 
-	xorl	%ebx,		%ebx
-	# mul a[7]*b[3] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[6]*b[4] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	20(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[5]*b[5] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[4]*b[6] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	12(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[3]*b[7] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	16(%edi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		40(%eax)
-	movl	28(%esi),	%eax
-	# saved r[10] 
-	# ################## Calculate word 11 
-	xorl	%ecx,		%ecx
-	# mul a[7]*b[4] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[6]*b[5] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[5]*b[6] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	16(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	28(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[4]*b[7] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	20(%edi),	%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		44(%eax)
-	movl	28(%esi),	%eax
-	# saved r[11] 
-	# ################## Calculate word 12 
-	xorl	%ebp,		%ebp
-	# mul a[7]*b[5] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[6]*b[6] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[5]*b[7] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	24(%edi),	%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		48(%eax)
-	movl	28(%esi),	%eax
-	# saved r[12] 
-	# ################## Calculate word 13 
-	xorl	%ebx,		%ebx
-	# mul a[7]*b[6] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	24(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[6]*b[7] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	28(%edi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		52(%eax)
-	movl	28(%esi),	%eax
-	# saved r[13] 
-	# ################## Calculate word 14 
-	xorl	%ecx,		%ecx
-	# mul a[7]*b[7] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	adcl	$0,		%ecx
-	movl	%ebp,		56(%eax)
-	# saved r[14] 
-	# save r[15] 
-	movl	%ebx,		60(%eax)
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.bn_mul_comba8_end:
-	.size	bn_mul_comba8,.bn_mul_comba8_end-bn_mul_comba8
-.ident	"desasm.pl"
-.text
-	.align 16
-.globl bn_mul_comba4
-	.type	bn_mul_comba4,@function
-bn_mul_comba4:
-	pushl	%esi
-	movl	12(%esp),	%esi
-	pushl	%edi
-	movl	20(%esp),	%edi
-	pushl	%ebp
-	pushl	%ebx
-	xorl	%ebx,		%ebx
-	movl	(%esi),		%eax
-	xorl	%ecx,		%ecx
-	movl	(%edi),		%edx
-	# ################## Calculate word 0 
-	xorl	%ebp,		%ebp
-	# mul a[0]*b[0] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	(%edi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		(%eax)
-	movl	4(%esi),	%eax
-	# saved r[0] 
-	# ################## Calculate word 1 
-	xorl	%ebx,		%ebx
-	# mul a[1]*b[0] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebp
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[0]*b[1] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	(%edi),		%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		4(%eax)
-	movl	8(%esi),	%eax
-	# saved r[1] 
-	# ################## Calculate word 2 
-	xorl	%ecx,		%ecx
-	# mul a[2]*b[0] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[1]*b[1] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	(%esi),		%eax
-	adcl	%edx,		%ebx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[0]*b[2] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	(%edi),		%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		8(%eax)
-	movl	12(%esi),	%eax
-	# saved r[2] 
-	# ################## Calculate word 3 
-	xorl	%ebp,		%ebp
-	# mul a[3]*b[0] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[2]*b[1] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ecx
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[1]*b[2] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	(%esi),		%eax
-	adcl	%edx,		%ecx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebp
-	# mul a[0]*b[3] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	movl	4(%edi),	%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		12(%eax)
-	movl	12(%esi),	%eax
-	# saved r[3] 
-	# ################## Calculate word 4 
-	xorl	%ebx,		%ebx
-	# mul a[3]*b[1] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[2]*b[2] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	4(%esi),	%eax
-	adcl	%edx,		%ebp
-	movl	12(%edi),	%edx
-	adcl	$0,		%ebx
-	# mul a[1]*b[3] 
-	mull	%edx
-	addl	%eax,		%ecx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebp
-	movl	8(%edi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		16(%eax)
-	movl	12(%esi),	%eax
-	# saved r[4] 
-	# ################## Calculate word 5 
-	xorl	%ecx,		%ecx
-	# mul a[3]*b[2] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	8(%esi),	%eax
-	adcl	%edx,		%ebx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ecx
-	# mul a[2]*b[3] 
-	mull	%edx
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ebx
-	movl	12(%edi),	%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		20(%eax)
-	movl	12(%esi),	%eax
-	# saved r[5] 
-	# ################## Calculate word 6 
-	xorl	%ebp,		%ebp
-	# mul a[3]*b[3] 
-	mull	%edx
-	addl	%eax,		%ebx
-	movl	20(%esp),	%eax
-	adcl	%edx,		%ecx
-	adcl	$0,		%ebp
-	movl	%ebx,		24(%eax)
-	# saved r[6] 
-	# save r[7] 
-	movl	%ecx,		28(%eax)
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.bn_mul_comba4_end:
-	.size	bn_mul_comba4,.bn_mul_comba4_end-bn_mul_comba4
-.ident	"desasm.pl"
-.text
-	.align 16
-.globl bn_sqr_comba8
-	.type	bn_sqr_comba8,@function
-bn_sqr_comba8:
-	pushl	%esi
-	pushl	%edi
-	pushl	%ebp
-	pushl	%ebx
-	movl	20(%esp),	%edi
-	movl	24(%esp),	%esi
-	xorl	%ebx,		%ebx
-	xorl	%ecx,		%ecx
-	movl	(%esi),		%eax
-	# ############### Calculate word 0 
-	xorl	%ebp,		%ebp
-	# sqr a[0]*a[0] 
-	mull	%eax
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	(%esi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		(%edi)
-	movl	4(%esi),	%eax
-	# saved r[0] 
-	# ############### Calculate word 1 
-	xorl	%ebx,		%ebx
-	# sqr a[1]*a[0] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	%ecx,		4(%edi)
-	movl	(%esi),		%edx
-	# saved r[1] 
-	# ############### Calculate word 2 
-	xorl	%ecx,		%ecx
-	# sqr a[2]*a[0] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	4(%esi),	%eax
-	adcl	$0,		%ecx
-	# sqr a[1]*a[1] 
-	mull	%eax
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	(%esi),		%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		8(%edi)
-	movl	12(%esi),	%eax
-	# saved r[2] 
-	# ############### Calculate word 3 
-	xorl	%ebp,		%ebp
-	# sqr a[3]*a[0] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	4(%esi),	%edx
-	# sqr a[2]*a[1] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	16(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	%ebx,		12(%edi)
-	movl	(%esi),		%edx
-	# saved r[3] 
-	# ############### Calculate word 4 
-	xorl	%ebx,		%ebx
-	# sqr a[4]*a[0] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	12(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	4(%esi),	%edx
-	# sqr a[3]*a[1] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebx
-	# sqr a[2]*a[2] 
-	mull	%eax
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	(%esi),		%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		16(%edi)
-	movl	20(%esi),	%eax
-	# saved r[4] 
-	# ############### Calculate word 5 
-	xorl	%ecx,		%ecx
-	# sqr a[5]*a[0] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	16(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	4(%esi),	%edx
-	# sqr a[4]*a[1] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	12(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	8(%esi),	%edx
-	# sqr a[3]*a[2] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	24(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	%ebp,		20(%edi)
-	movl	(%esi),		%edx
-	# saved r[5] 
-	# ############### Calculate word 6 
-	xorl	%ebp,		%ebp
-	# sqr a[6]*a[0] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	20(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	4(%esi),	%edx
-	# sqr a[5]*a[1] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	16(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	8(%esi),	%edx
-	# sqr a[4]*a[2] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	12(%esi),	%eax
-	adcl	$0,		%ebp
-	# sqr a[3]*a[3] 
-	mull	%eax
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	(%esi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		24(%edi)
-	movl	28(%esi),	%eax
-	# saved r[6] 
-	# ############### Calculate word 7 
-	xorl	%ebx,		%ebx
-	# sqr a[7]*a[0] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	24(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	4(%esi),	%edx
-	# sqr a[6]*a[1] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	20(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	8(%esi),	%edx
-	# sqr a[5]*a[2] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	16(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	12(%esi),	%edx
-	# sqr a[4]*a[3] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	28(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	%ecx,		28(%edi)
-	movl	4(%esi),	%edx
-	# saved r[7] 
-	# ############### Calculate word 8 
-	xorl	%ecx,		%ecx
-	# sqr a[7]*a[1] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	24(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	8(%esi),	%edx
-	# sqr a[6]*a[2] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	20(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	12(%esi),	%edx
-	# sqr a[5]*a[3] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	16(%esi),	%eax
-	adcl	$0,		%ecx
-	# sqr a[4]*a[4] 
-	mull	%eax
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	8(%esi),	%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		32(%edi)
-	movl	28(%esi),	%eax
-	# saved r[8] 
-	# ############### Calculate word 9 
-	xorl	%ebp,		%ebp
-	# sqr a[7]*a[2] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	24(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	12(%esi),	%edx
-	# sqr a[6]*a[3] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	20(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	16(%esi),	%edx
-	# sqr a[5]*a[4] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	28(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	%ebx,		36(%edi)
-	movl	12(%esi),	%edx
-	# saved r[9] 
-	# ############### Calculate word 10 
-	xorl	%ebx,		%ebx
-	# sqr a[7]*a[3] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	24(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	16(%esi),	%edx
-	# sqr a[6]*a[4] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	20(%esi),	%eax
-	adcl	$0,		%ebx
-	# sqr a[5]*a[5] 
-	mull	%eax
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	16(%esi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		40(%edi)
-	movl	28(%esi),	%eax
-	# saved r[10] 
-	# ############### Calculate word 11 
-	xorl	%ecx,		%ecx
-	# sqr a[7]*a[4] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	24(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	20(%esi),	%edx
-	# sqr a[6]*a[5] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	28(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	%ebp,		44(%edi)
-	movl	20(%esi),	%edx
-	# saved r[11] 
-	# ############### Calculate word 12 
-	xorl	%ebp,		%ebp
-	# sqr a[7]*a[5] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	24(%esi),	%eax
-	adcl	$0,		%ebp
-	# sqr a[6]*a[6] 
-	mull	%eax
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	24(%esi),	%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		48(%edi)
-	movl	28(%esi),	%eax
-	# saved r[12] 
-	# ############### Calculate word 13 
-	xorl	%ebx,		%ebx
-	# sqr a[7]*a[6] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	28(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	%ecx,		52(%edi)
-	# saved r[13] 
-	# ############### Calculate word 14 
-	xorl	%ecx,		%ecx
-	# sqr a[7]*a[7] 
-	mull	%eax
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	adcl	$0,		%ecx
-	movl	%ebp,		56(%edi)
-	# saved r[14] 
-	movl	%ebx,		60(%edi)
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.bn_sqr_comba8_end:
-	.size	bn_sqr_comba8,.bn_sqr_comba8_end-bn_sqr_comba8
-.ident	"desasm.pl"
-.text
-	.align 16
-.globl bn_sqr_comba4
-	.type	bn_sqr_comba4,@function
-bn_sqr_comba4:
-	pushl	%esi
-	pushl	%edi
-	pushl	%ebp
-	pushl	%ebx
-	movl	20(%esp),	%edi
-	movl	24(%esp),	%esi
-	xorl	%ebx,		%ebx
-	xorl	%ecx,		%ecx
-	movl	(%esi),		%eax
-	# ############### Calculate word 0 
-	xorl	%ebp,		%ebp
-	# sqr a[0]*a[0] 
-	mull	%eax
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	(%esi),		%edx
-	adcl	$0,		%ebp
-	movl	%ebx,		(%edi)
-	movl	4(%esi),	%eax
-	# saved r[0] 
-	# ############### Calculate word 1 
-	xorl	%ebx,		%ebx
-	# sqr a[1]*a[0] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebx
-	movl	%ecx,		4(%edi)
-	movl	(%esi),		%edx
-	# saved r[1] 
-	# ############### Calculate word 2 
-	xorl	%ecx,		%ecx
-	# sqr a[2]*a[0] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	4(%esi),	%eax
-	adcl	$0,		%ecx
-	# sqr a[1]*a[1] 
-	mull	%eax
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	(%esi),		%edx
-	adcl	$0,		%ecx
-	movl	%ebp,		8(%edi)
-	movl	12(%esi),	%eax
-	# saved r[2] 
-	# ############### Calculate word 3 
-	xorl	%ebp,		%ebp
-	# sqr a[3]*a[0] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	4(%esi),	%edx
-	# sqr a[2]*a[1] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebp
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	movl	12(%esi),	%eax
-	adcl	$0,		%ebp
-	movl	%ebx,		12(%edi)
-	movl	4(%esi),	%edx
-	# saved r[3] 
-	# ############### Calculate word 4 
-	xorl	%ebx,		%ebx
-	# sqr a[3]*a[1] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ebx
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	8(%esi),	%eax
-	adcl	$0,		%ebx
-	# sqr a[2]*a[2] 
-	mull	%eax
-	addl	%eax,		%ecx
-	adcl	%edx,		%ebp
-	movl	8(%esi),	%edx
-	adcl	$0,		%ebx
-	movl	%ecx,		16(%edi)
-	movl	12(%esi),	%eax
-	# saved r[4] 
-	# ############### Calculate word 5 
-	xorl	%ecx,		%ecx
-	# sqr a[3]*a[2] 
-	mull	%edx
-	addl	%eax,		%eax
-	adcl	%edx,		%edx
-	adcl	$0,		%ecx
-	addl	%eax,		%ebp
-	adcl	%edx,		%ebx
-	movl	12(%esi),	%eax
-	adcl	$0,		%ecx
-	movl	%ebp,		20(%edi)
-	# saved r[5] 
-	# ############### Calculate word 6 
-	xorl	%ebp,		%ebp
-	# sqr a[3]*a[3] 
-	mull	%eax
-	addl	%eax,		%ebx
-	adcl	%edx,		%ecx
-	adcl	$0,		%ebp
-	movl	%ebx,		24(%edi)
-	# saved r[6] 
-	movl	%ecx,		28(%edi)
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.bn_sqr_comba4_end:
-	.size	bn_sqr_comba4,.bn_sqr_comba4_end-bn_sqr_comba4
-.ident	"desasm.pl"
diff --git a/crypto/bn/asm/f.s b/crypto/bn/asm/f.s
deleted file mode 100644
index 2f8f63c690..0000000000
--- a/crypto/bn/asm/f.s
+++ /dev/null
@@ -1,1773 +0,0 @@
-	# Don't even think of reading this code 
-	# It was automatically generated by bn-586.pl 
-	# Which is a perl program used to generate the alpha assember. 
-	# eric <eay@cryptsoft.com> 
-
- # DEC Alpha assember
- # Generated from perl scripts contains in SSLeay
-	.file	1 "bn-586.s"
-	.set noat
-	.text
-	.align 3
-	.globl bn_mul_words
-	.ent bn_mul_words
-bn_mul_words:
-bn_mul_words..ng:
-	.frame $30,0,$26,0
-	.prologue 0
-
-	subq	$18,	4,	$18
-	bis	$31,	$31,	$0
-	br	$100
-	blt	$18,	$100
-	ldq	$1,	0($17)
-	ldq	$2,	0($16)
-$101:
-	ldq	$3,	0($17)
-	mulq	$3,	$19,	$4
-	addq	$17,	8,	$17
-	umulh	$3,	$19,	$5
-	addq	$4,	$0,	$4
-	addq	$16,	8,	$16
-	subq	$18,	1,	$18
-	cmpult	$4,	$0,	$0
-	stq	$4,	-8($16)
-	addq	$5,	$0,	$0
-	bgt	$18,	$101
-	ret	$31,($26),1
-$100:
-	addq	$18,	4,	$18
-	bgt	$18,	$101
-$102:
-	ret	$31,($26),1
-	.end bn_mul_words
-	.text
-	.align 3
-	.globl bn_sqr_words
-	.ent bn_sqr_words
-bn_sqr_words:
-bn_sqr_words..ng:
-	.frame $30,0,$26,0
-	.prologue 0
-
-	subq	$18,	4,	$18
-	bis	$31,	$31,	$0
-	br	$103
-	blt	$18,	$103
-	ldq	$1,	0($17)
-	ldq	$2,	0($16)
-$104:
-	ldq	$3,	0($17)
-	mulq	$3,	$3,	$4
-	addq	$17,	8,	$17
-	addq	$16,	16,	$16
-	subq	$18,	1,	$18
-	umulh	$3,	$3,	$5
-	stq	$4,	-16($16)
-	stq	$5,	-8($16)
-	bgt	$18,	$104
-	ret	$31,($26),1
-$103:
-	addq	$18,	4,	$18
-	bgt	$18,	$104
-$105:
-	ret	$31,($26),1
-	.end bn_sqr_words
-	.text
-	.align 3
-	.globl bn_mul_add_words
-	.ent bn_mul_add_words
-bn_mul_add_words:
-bn_mul_add_words..ng:
-	.frame $30,0,$26,0
-	.prologue 0
-
-	subq	$18,	4,	$18
-	bis	$31,	$31,	$0
-	br	$106
-	blt	$18,	$106
-	ldq	$1,	0($17)
-	ldq	$2,	0($16)
-$107:
-	ldq	$3,	0($17)
-	ldq	$4,	0($16)
-	mulq	$3,	$19,	$5
-	subq	$18,	1,	$18
-	addq	$17,	8,	$17
-	umulh	$3,	$19,	$6
-	addq	$4,	$5,	$4
-	addq	$16,	8,	$16
-	cmpult	$4,	$5,	$7
-	addq	$4,	$0,	$4
-	addq	$6,	$7,	$6
-	cmpult	$4,	$0,	$0
-	stq	$4,	-8($16)
-	addq	$6,	$0,	$0
-	bgt	$18,	$107
-	ret	$31,($26),1
-$106:
-	addq	$18,	4,	$18
-	bgt	$18,	$107
-$108:
-	ret	$31,($26),1
-	.end bn_mul_add_words
-	.text
-	.align 3
-	.globl bn_add_words
-	.ent bn_add_words
-bn_add_words:
-bn_add_words..ng:
-	.frame $30,0,$26,0
-	.prologue 0
-
-	subq	$19,	4,	$19
-	bis	$31,	$31,	$0
-	br	$109
-	blt	$19,	$109
-	ldq	$1,	0($17)
-	ldq	$2,	0($18)
-$110:
-	ldq	$3,	8($17)
-	ldq	$4,	8($18)
-	ldq	$5,	16($17)
-	ldq	$6,	16($18)
-	ldq	$7,	24($17)
-	ldq	$8,	24($18)
-	addq	$1,	$2,	$22
-	cmpult	$22,	$2,	$23
-	addq	$22,	$0,	$22
-	cmpult	$22,	$0,	$0
-	addq	$0,	$23,	$0
-	addq	$3,	$4,	$25
-	cmpult	$25,	$4,	$24
-	addq	$25,	$0,	$25
-	cmpult	$25,	$0,	$0
-	addq	$0,	$24,	$0
-	addq	$5,	$6,	$28
-	cmpult	$28,	$6,	$27
-	addq	$28,	$0,	$28
-	cmpult	$28,	$0,	$0
-	addq	$0,	$27,	$0
-	addq	$7,	$8,	$20
-	cmpult	$20,	$8,	$21
-	addq	$20,	$0,	$20
-	cmpult	$20,	$0,	$0
-	addq	$0,	$21,	$0
-	stq	$22,	0($16)
-	stq	$25,	0($16)
-	stq	$28,	0($16)
-	stq	$20,	0($16)
-	subq	$19,	4,	$19
-	addq	$17,	32,	$17
-	addq	$18,	32,	$18
-	addq	$16,	32,	$16
-	blt	$19,	$109
-	ldq	$1,	0($17)
-	ldq	$2,	0($18)
-	br	$110
-$111:
-	ldq	$1,	0($17)
-	ldq	$2,	0($18)
-	addq	$1,	$2,	$3
-	cmpult	$3,	$2,	$23
-	addq	$3,	$0,	$3
-	cmpult	$3,	$0,	$0
-	addq	$0,	$23,	$0
-	stq	$3,	0($16)
-	addq	$17,	8,	$17
-	addq	$18,	8,	$18
-	addq	$16,	8,	$16
-	subq	$19,	1,	$19
-	bgt	$19,	$111
-	ret	$31,($26),1
-$109:
-	addq	$19,	4,	$19
-	bgt	$19,	$111
-$112:
-	ret	$31,($26),1
-	.end bn_add_words
-	.text
-	.align 3
-	.globl bn_sub_words
-	.ent bn_sub_words
-bn_sub_words:
-bn_sub_words..ng:
-	.frame $30,0,$26,0
-	.prologue 0
-
-	subq	$19,	4,	$19
-	bis	$31,	$31,	$0
-	blt	$19,	$113
-	ldq	$1,	0($17)
-	ldq	$2,	0($18)
-$114:
-	ldq	$3,	8($17)
-	cmpult	$1,	$2,	$4
-	ldq	$5,	8($18)
-	subq	$1,	$2,	$1
-	ldq	$6,	16($17)
-	cmpult	$1,	$0,	$2
-	ldq	$7,	16($18)
-	subq	$1,	$0,	$23
-	ldq	$8,	24($17)
-	addq	$2,	$4,	$0
-	cmpult	$3,	$5,	$24
-	subq	$3,	$5,	$3
-	ldq	$22,	24($18)
-	cmpult	$3,	$0,	$5
-	subq	$3,	$0,	$25
-	addq	$5,	$24,	$0
-	cmpult	$6,	$7,	$27
-	subq	$6,	$7,	$6
-	stq	$23,	0($16)
-	cmpult	$6,	$0,	$7
-	subq	$6,	$0,	$28
-	addq	$7,	$27,	$0
-	cmpult	$8,	$22,	$21
-	subq	$8,	$22,	$8
-	stq	$25,	8($16)
-	cmpult	$8,	$0,	$22
-	subq	$8,	$0,	$20
-	addq	$22,	$21,	$0
-	stq	$28,	16($16)
-	subq	$19,	4,	$19
-	stq	$20,	24($16)
-	addq	$17,	32,	$17
-	addq	$18,	32,	$18
-	addq	$16,	32,	$16
-	blt	$19,	$113
-	ldq	$1,	0($17)
-	ldq	$2,	0($18)
-	br	$114
-$115:
-	ldq	$1,	0($17)
-	ldq	$2,	0($18)
-	cmpult	$1,	$2,	$27
-	subq	$1,	$2,	$1
-	cmpult	$1,	$0,	$2
-	subq	$1,	$0,	$1
-	stq	$1,	0($16)
-	addq	$2,	$27,	$0
-	addq	$17,	8,	$17
-	addq	$18,	8,	$18
-	addq	$16,	8,	$16
-	subq	$19,	1,	$19
-	bgt	$19,	$115
-	ret	$31,($26),1
-$113:
-	addq	$19,	4,	$19
-	bgt	$19,	$115
-$116:
-	ret	$31,($26),1
-	.end bn_sub_words
- #
- # What follows was taken directly from the C compiler with a few
- # hacks to redo the lables.
- #
-.text
-	.align 3
-	.globl bn_div64
-	.ent bn_div64
-bn_div64:
-	ldgp $29,0($27)
-bn_div64..ng:
-	lda $30,-48($30)
-	.frame $30,48,$26,0
-	stq $26,0($30)
-	stq $9,8($30)
-	stq $10,16($30)
-	stq $11,24($30)
-	stq $12,32($30)
-	stq $13,40($30)
-	.mask 0x4003e00,-48
-	.prologue 1
-	bis $16,$16,$9
-	bis $17,$17,$10
-	bis $18,$18,$11
-	bis $31,$31,$13
-	bis $31,2,$12
-	bne $11,$9119
-	lda $0,-1
-	br $31,$9136
-	.align 4
-$9119:
-	bis $11,$11,$16
-	jsr $26,BN_num_bits_word
-	ldgp $29,0($26)
-	subq $0,64,$1
-	beq $1,$9120
-	bis $31,1,$1
-	sll $1,$0,$1
-	cmpule $9,$1,$1
-	bne $1,$9120
- #	lda $16,_IO_stderr_
- #	lda $17,$C32
- #	bis $0,$0,$18
- #	jsr $26,fprintf
- #	ldgp $29,0($26)
-	jsr $26,abort
-	ldgp $29,0($26)
-	.align 4
-$9120:
-	bis $31,64,$3
-	cmpult $9,$11,$2
-	subq $3,$0,$1
-	addl $1,$31,$0
-	subq $9,$11,$1
-	cmoveq $2,$1,$9
-	beq $0,$9122
-	zapnot $0,15,$2
-	subq $3,$0,$1
-	sll $11,$2,$11
-	sll $9,$2,$3
-	srl $10,$1,$1
-	sll $10,$2,$10
-	bis $3,$1,$9
-$9122:
-	srl $11,32,$5
-	zapnot $11,15,$6
-	lda $7,-1
-	.align 5
-$9123:
-	srl $9,32,$1
-	subq $1,$5,$1
-	bne $1,$9126
-	zapnot $7,15,$27
-	br $31,$9127
-	.align 4
-$9126:
-	bis $9,$9,$24
-	bis $5,$5,$25
-	divqu $24,$25,$27
-$9127:
-	srl $10,32,$4
-	.align 5
-$9128:
-	mulq $27,$5,$1
-	subq $9,$1,$3
-	zapnot $3,240,$1
-	bne $1,$9129
-	mulq $6,$27,$2
-	sll $3,32,$1
-	addq $1,$4,$1
-	cmpule $2,$1,$2
-	bne $2,$9129
-	subq $27,1,$27
-	br $31,$9128
-	.align 4
-$9129:
-	mulq $27,$6,$1
-	mulq $27,$5,$4
-	srl $1,32,$3
-	sll $1,32,$1
-	addq $4,$3,$4
-	cmpult $10,$1,$2
-	subq $10,$1,$10
-	addq $2,$4,$2
-	cmpult $9,$2,$1
-	bis $2,$2,$4
-	beq $1,$9134
-	addq $9,$11,$9
-	subq $27,1,$27
-$9134:
-	subl $12,1,$12
-	subq $9,$4,$9
-	beq $12,$9124
-	sll $27,32,$13
-	sll $9,32,$2
-	srl $10,32,$1
-	sll $10,32,$10
-	bis $2,$1,$9
-	br $31,$9123
-	.align 4
-$9124:
-	bis $13,$27,$0
-$9136:
-	ldq $26,0($30)
-	ldq $9,8($30)
-	ldq $10,16($30)
-	ldq $11,24($30)
-	ldq $12,32($30)
-	ldq $13,40($30)
-	addq $30,48,$30
-	ret $31,($26),1
-	.end bn_div64
-	.text
-	.align 3
-	.globl bn_mul_comba8
-	.ent bn_mul_comba8
-bn_mul_comba8:
-bn_mul_comba8..ng:
-	.frame $30,0,$26,0
-	.prologue 0
-
-	subq	$30,	16,	$30
-	ldq	$0,	0($17)
-	ldq	$1,	0($18)
-	stq	$9,	0($30)
-	stq	$10,	8($30)
-	ldq	$2,	8($17)
-	ldq	$3,	8($18)
-	ldq	$4,	16($17)
-	ldq	$5,	16($18)
-	ldq	$6,	24($17)
-	ldq	$7,	24($18)
-	ldq	$8,	8($17)
-	ldq	$22,	8($18)
-	ldq	$23,	8($17)
-	ldq	$24,	8($18)
-	ldq	$25,	8($17)
-	ldq	$27,	8($18)
-	ldq	$28,	8($17)
-	ldq	$21,	8($18)
-	bis	$31,	$31,	$9
-	mulq	$0,	$1,	$20
-	umulh	$0,	$1,	$19
-	stq	$20,	0($16)
-	bis	$31,	$31,	$10
-	mulq	$0,	$3,	$17
-	umulh	$0,	$3,	$18
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$20
-	addq	$20,	$18,	$18
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$17
-	addq	$10,	$17,	$10
-	mulq	$2,	$1,	$20
-	umulh	$2,	$1,	$18
-	addq	$19,	$20,	$19
-	cmpult	$19,	$20,	$17
-	addq	$17,	$18,	$18
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$20
-	addq	$10,	$20,	$10
-	stq	$19,	8($16)
-	bis	$31,	$31,	$17
-	mulq	$0,	$5,	$18
-	umulh	$0,	$5,	$20
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$19
-	addq	$19,	$20,	$20
-	addq	$10,	$20,	$10
-	cmpult	$10,	$20,	$18
-	addq	$17,	$18,	$17
-	mulq	$2,	$3,	$19
-	umulh	$2,	$3,	$20
-	addq	$9,	$19,	$9
-	cmpult	$9,	$19,	$18
-	addq	$18,	$20,	$20
-	addq	$10,	$20,	$10
-	cmpult	$10,	$20,	$19
-	addq	$17,	$19,	$17
-	mulq	$4,	$1,	$18
-	umulh	$4,	$1,	$20
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$19
-	addq	$19,	$20,	$20
-	addq	$10,	$20,	$10
-	cmpult	$10,	$20,	$18
-	addq	$17,	$18,	$17
-	stq	$9,	16($16)
-	bis	$31,	$31,	$19
-	mulq	$0,	$7,	$20
-	umulh	$0,	$7,	$18
-	addq	$10,	$20,	$10
-	cmpult	$10,	$20,	$9
-	addq	$9,	$18,	$18
-	addq	$17,	$18,	$17
-	cmpult	$17,	$18,	$20
-	addq	$19,	$20,	$19
-	mulq	$2,	$5,	$9
-	umulh	$2,	$5,	$18
-	addq	$10,	$9,	$10
-	cmpult	$10,	$9,	$20
-	addq	$20,	$18,	$18
-	addq	$17,	$18,	$17
-	cmpult	$17,	$18,	$9
-	addq	$19,	$9,	$19
-	mulq	$4,	$3,	$20
-	umulh	$4,	$3,	$18
-	addq	$10,	$20,	$10
-	cmpult	$10,	$20,	$9
-	addq	$9,	$18,	$18
-	addq	$17,	$18,	$17
-	cmpult	$17,	$18,	$20
-	addq	$19,	$20,	$19
-	mulq	$6,	$1,	$9
-	umulh	$6,	$1,	$18
-	addq	$10,	$9,	$10
-	cmpult	$10,	$9,	$20
-	addq	$20,	$18,	$18
-	addq	$17,	$18,	$17
-	cmpult	$17,	$18,	$9
-	addq	$19,	$9,	$19
-	stq	$10,	24($16)
-	bis	$31,	$31,	$20
-	mulq	$0,	$22,	$18
-	umulh	$0,	$22,	$9
-	addq	$17,	$18,	$17
-	cmpult	$17,	$18,	$10
-	addq	$10,	$9,	$9
-	addq	$19,	$9,	$19
-	cmpult	$19,	$9,	$18
-	addq	$20,	$18,	$20
-	mulq	$2,	$7,	$10
-	umulh	$2,	$7,	$9
-	addq	$17,	$10,	$17
-	cmpult	$17,	$10,	$18
-	addq	$18,	$9,	$9
-	addq	$19,	$9,	$19
-	cmpult	$19,	$9,	$10
-	addq	$20,	$10,	$20
-	mulq	$4,	$5,	$18
-	umulh	$4,	$5,	$9
-	addq	$17,	$18,	$17
-	cmpult	$17,	$18,	$10
-	addq	$10,	$9,	$9
-	addq	$19,	$9,	$19
-	cmpult	$19,	$9,	$18
-	addq	$20,	$18,	$20
-	mulq	$6,	$3,	$10
-	umulh	$6,	$3,	$9
-	addq	$17,	$10,	$17
-	cmpult	$17,	$10,	$18
-	addq	$18,	$9,	$9
-	addq	$19,	$9,	$19
-	cmpult	$19,	$9,	$10
-	addq	$20,	$10,	$20
-	mulq	$8,	$1,	$18
-	umulh	$8,	$1,	$9
-	addq	$17,	$18,	$17
-	cmpult	$17,	$18,	$10
-	addq	$10,	$9,	$9
-	addq	$19,	$9,	$19
-	cmpult	$19,	$9,	$18
-	addq	$20,	$18,	$20
-	stq	$17,	32($16)
-	bis	$31,	$31,	$10
-	mulq	$0,	$24,	$9
-	umulh	$0,	$24,	$18
-	addq	$19,	$9,	$19
-	cmpult	$19,	$9,	$17
-	addq	$17,	$18,	$18
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$9
-	addq	$10,	$9,	$10
-	mulq	$2,	$22,	$17
-	umulh	$2,	$22,	$18
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$9
-	addq	$9,	$18,	$18
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$17
-	addq	$10,	$17,	$10
-	mulq	$4,	$7,	$9
-	umulh	$4,	$7,	$18
-	addq	$19,	$9,	$19
-	cmpult	$19,	$9,	$17
-	addq	$17,	$18,	$18
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$9
-	addq	$10,	$9,	$10
-	mulq	$6,	$5,	$17
-	umulh	$6,	$5,	$18
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$9
-	addq	$9,	$18,	$18
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$17
-	addq	$10,	$17,	$10
-	mulq	$8,	$3,	$9
-	umulh	$8,	$3,	$18
-	addq	$19,	$9,	$19
-	cmpult	$19,	$9,	$17
-	addq	$17,	$18,	$18
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$9
-	addq	$10,	$9,	$10
-	mulq	$23,	$1,	$17
-	umulh	$23,	$1,	$18
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$9
-	addq	$9,	$18,	$18
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$17
-	addq	$10,	$17,	$10
-	stq	$19,	40($16)
-	bis	$31,	$31,	$9
-	mulq	$0,	$27,	$18
-	umulh	$0,	$27,	$17
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$19
-	addq	$19,	$17,	$17
-	addq	$10,	$17,	$10
-	cmpult	$10,	$17,	$18
-	addq	$9,	$18,	$9
-	mulq	$2,	$24,	$19
-	umulh	$2,	$24,	$17
-	addq	$20,	$19,	$20
-	cmpult	$20,	$19,	$18
-	addq	$18,	$17,	$17
-	addq	$10,	$17,	$10
-	cmpult	$10,	$17,	$19
-	addq	$9,	$19,	$9
-	mulq	$4,	$22,	$18
-	umulh	$4,	$22,	$17
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$19
-	addq	$19,	$17,	$17
-	addq	$10,	$17,	$10
-	cmpult	$10,	$17,	$18
-	addq	$9,	$18,	$9
-	mulq	$6,	$7,	$19
-	umulh	$6,	$7,	$17
-	addq	$20,	$19,	$20
-	cmpult	$20,	$19,	$18
-	addq	$18,	$17,	$17
-	addq	$10,	$17,	$10
-	cmpult	$10,	$17,	$19
-	addq	$9,	$19,	$9
-	mulq	$8,	$5,	$18
-	umulh	$8,	$5,	$17
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$19
-	addq	$19,	$17,	$17
-	addq	$10,	$17,	$10
-	cmpult	$10,	$17,	$18
-	addq	$9,	$18,	$9
-	mulq	$23,	$3,	$19
-	umulh	$23,	$3,	$17
-	addq	$20,	$19,	$20
-	cmpult	$20,	$19,	$18
-	addq	$18,	$17,	$17
-	addq	$10,	$17,	$10
-	cmpult	$10,	$17,	$19
-	addq	$9,	$19,	$9
-	mulq	$25,	$1,	$18
-	umulh	$25,	$1,	$17
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$19
-	addq	$19,	$17,	$17
-	addq	$10,	$17,	$10
-	cmpult	$10,	$17,	$18
-	addq	$9,	$18,	$9
-	stq	$20,	48($16)
-	bis	$31,	$31,	$19
-	mulq	$0,	$21,	$17
-	umulh	$0,	$21,	$18
-	addq	$10,	$17,	$10
-	cmpult	$10,	$17,	$20
-	addq	$20,	$18,	$18
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$17
-	addq	$19,	$17,	$19
-	mulq	$2,	$27,	$20
-	umulh	$2,	$27,	$18
-	addq	$10,	$20,	$10
-	cmpult	$10,	$20,	$17
-	addq	$17,	$18,	$18
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$0
-	addq	$19,	$0,	$19
-	mulq	$4,	$24,	$20
-	umulh	$4,	$24,	$17
-	addq	$10,	$20,	$10
-	cmpult	$10,	$20,	$18
-	addq	$18,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$0
-	addq	$19,	$0,	$19
-	mulq	$6,	$22,	$20
-	umulh	$6,	$22,	$18
-	addq	$10,	$20,	$10
-	cmpult	$10,	$20,	$17
-	addq	$17,	$18,	$18
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$0
-	addq	$19,	$0,	$19
-	mulq	$8,	$7,	$20
-	umulh	$8,	$7,	$17
-	addq	$10,	$20,	$10
-	cmpult	$10,	$20,	$18
-	addq	$18,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$0
-	addq	$19,	$0,	$19
-	mulq	$23,	$5,	$20
-	umulh	$23,	$5,	$18
-	addq	$10,	$20,	$10
-	cmpult	$10,	$20,	$17
-	addq	$17,	$18,	$18
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$0
-	addq	$19,	$0,	$19
-	mulq	$25,	$3,	$20
-	umulh	$25,	$3,	$17
-	addq	$10,	$20,	$10
-	cmpult	$10,	$20,	$18
-	addq	$18,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$0
-	addq	$19,	$0,	$19
-	mulq	$28,	$1,	$20
-	umulh	$28,	$1,	$18
-	addq	$10,	$20,	$10
-	cmpult	$10,	$20,	$17
-	addq	$17,	$18,	$18
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$0
-	addq	$19,	$0,	$19
-	stq	$10,	56($16)
-	bis	$31,	$31,	$20
-	mulq	$2,	$21,	$17
-	umulh	$2,	$21,	$18
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$0
-	addq	$0,	$18,	$18
-	addq	$19,	$18,	$19
-	cmpult	$19,	$18,	$1
-	addq	$20,	$1,	$20
-	mulq	$4,	$27,	$10
-	umulh	$4,	$27,	$17
-	addq	$9,	$10,	$9
-	cmpult	$9,	$10,	$0
-	addq	$0,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$18
-	addq	$20,	$18,	$20
-	mulq	$6,	$24,	$1
-	umulh	$6,	$24,	$2
-	addq	$9,	$1,	$9
-	cmpult	$9,	$1,	$10
-	addq	$10,	$2,	$2
-	addq	$19,	$2,	$19
-	cmpult	$19,	$2,	$0
-	addq	$20,	$0,	$20
-	mulq	$8,	$22,	$17
-	umulh	$8,	$22,	$18
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$1
-	addq	$1,	$18,	$18
-	addq	$19,	$18,	$19
-	cmpult	$19,	$18,	$10
-	addq	$20,	$10,	$20
-	mulq	$23,	$7,	$2
-	umulh	$23,	$7,	$0
-	addq	$9,	$2,	$9
-	cmpult	$9,	$2,	$17
-	addq	$17,	$0,	$0
-	addq	$19,	$0,	$19
-	cmpult	$19,	$0,	$1
-	addq	$20,	$1,	$20
-	mulq	$25,	$5,	$18
-	umulh	$25,	$5,	$10
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$2
-	addq	$2,	$10,	$10
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$17
-	addq	$20,	$17,	$20
-	mulq	$28,	$3,	$0
-	umulh	$28,	$3,	$1
-	addq	$9,	$0,	$9
-	cmpult	$9,	$0,	$18
-	addq	$18,	$1,	$1
-	addq	$19,	$1,	$19
-	cmpult	$19,	$1,	$2
-	addq	$20,	$2,	$20
-	stq	$9,	64($16)
-	bis	$31,	$31,	$10
-	mulq	$4,	$21,	$17
-	umulh	$4,	$21,	$0
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$18
-	addq	$18,	$0,	$0
-	addq	$20,	$0,	$20
-	cmpult	$20,	$0,	$1
-	addq	$10,	$1,	$10
-	mulq	$6,	$27,	$2
-	umulh	$6,	$27,	$3
-	addq	$19,	$2,	$19
-	cmpult	$19,	$2,	$9
-	addq	$9,	$3,	$3
-	addq	$20,	$3,	$20
-	cmpult	$20,	$3,	$17
-	addq	$10,	$17,	$10
-	mulq	$8,	$24,	$18
-	umulh	$8,	$24,	$0
-	addq	$19,	$18,	$19
-	cmpult	$19,	$18,	$1
-	addq	$1,	$0,	$0
-	addq	$20,	$0,	$20
-	cmpult	$20,	$0,	$4
-	addq	$10,	$4,	$10
-	mulq	$23,	$22,	$2
-	umulh	$23,	$22,	$9
-	addq	$19,	$2,	$19
-	cmpult	$19,	$2,	$3
-	addq	$3,	$9,	$9
-	addq	$20,	$9,	$20
-	cmpult	$20,	$9,	$17
-	addq	$10,	$17,	$10
-	mulq	$25,	$7,	$18
-	umulh	$25,	$7,	$1
-	addq	$19,	$18,	$19
-	cmpult	$19,	$18,	$0
-	addq	$0,	$1,	$1
-	addq	$20,	$1,	$20
-	cmpult	$20,	$1,	$4
-	addq	$10,	$4,	$10
-	mulq	$28,	$5,	$2
-	umulh	$28,	$5,	$3
-	addq	$19,	$2,	$19
-	cmpult	$19,	$2,	$9
-	addq	$9,	$3,	$3
-	addq	$20,	$3,	$20
-	cmpult	$20,	$3,	$17
-	addq	$10,	$17,	$10
-	stq	$19,	72($16)
-	bis	$31,	$31,	$18
-	mulq	$6,	$21,	$0
-	umulh	$6,	$21,	$1
-	addq	$20,	$0,	$20
-	cmpult	$20,	$0,	$4
-	addq	$4,	$1,	$1
-	addq	$10,	$1,	$10
-	cmpult	$10,	$1,	$2
-	addq	$18,	$2,	$18
-	mulq	$8,	$27,	$9
-	umulh	$8,	$27,	$3
-	addq	$20,	$9,	$20
-	cmpult	$20,	$9,	$17
-	addq	$17,	$3,	$3
-	addq	$10,	$3,	$10
-	cmpult	$10,	$3,	$5
-	addq	$18,	$5,	$18
-	mulq	$23,	$24,	$19
-	umulh	$23,	$24,	$0
-	addq	$20,	$19,	$20
-	cmpult	$20,	$19,	$4
-	addq	$4,	$0,	$0
-	addq	$10,	$0,	$10
-	cmpult	$10,	$0,	$1
-	addq	$18,	$1,	$18
-	mulq	$25,	$22,	$2
-	umulh	$25,	$22,	$6
-	addq	$20,	$2,	$20
-	cmpult	$20,	$2,	$9
-	addq	$9,	$6,	$6
-	addq	$10,	$6,	$10
-	cmpult	$10,	$6,	$17
-	addq	$18,	$17,	$18
-	mulq	$28,	$7,	$3
-	umulh	$28,	$7,	$5
-	addq	$20,	$3,	$20
-	cmpult	$20,	$3,	$19
-	addq	$19,	$5,	$5
-	addq	$10,	$5,	$10
-	cmpult	$10,	$5,	$4
-	addq	$18,	$4,	$18
-	stq	$20,	80($16)
-	bis	$31,	$31,	$0
-	mulq	$8,	$21,	$1
-	umulh	$8,	$21,	$2
-	addq	$10,	$1,	$10
-	cmpult	$10,	$1,	$9
-	addq	$9,	$2,	$2
-	addq	$18,	$2,	$18
-	cmpult	$18,	$2,	$6
-	addq	$0,	$6,	$0
-	mulq	$23,	$27,	$17
-	umulh	$23,	$27,	$3
-	addq	$10,	$17,	$10
-	cmpult	$10,	$17,	$19
-	addq	$19,	$3,	$3
-	addq	$18,	$3,	$18
-	cmpult	$18,	$3,	$5
-	addq	$0,	$5,	$0
-	mulq	$25,	$24,	$4
-	umulh	$25,	$24,	$7
-	addq	$10,	$4,	$10
-	cmpult	$10,	$4,	$20
-	addq	$20,	$7,	$7
-	addq	$18,	$7,	$18
-	cmpult	$18,	$7,	$1
-	addq	$0,	$1,	$0
-	mulq	$28,	$22,	$9
-	umulh	$28,	$22,	$2
-	addq	$10,	$9,	$10
-	cmpult	$10,	$9,	$6
-	addq	$6,	$2,	$2
-	addq	$18,	$2,	$18
-	cmpult	$18,	$2,	$8
-	addq	$0,	$8,	$0
-	stq	$10,	88($16)
-	bis	$31,	$31,	$17
-	mulq	$23,	$21,	$19
-	umulh	$23,	$21,	$3
-	addq	$18,	$19,	$18
-	cmpult	$18,	$19,	$5
-	addq	$5,	$3,	$3
-	addq	$0,	$3,	$0
-	cmpult	$0,	$3,	$4
-	addq	$17,	$4,	$17
-	mulq	$25,	$27,	$20
-	umulh	$25,	$27,	$7
-	addq	$18,	$20,	$18
-	cmpult	$18,	$20,	$1
-	addq	$1,	$7,	$7
-	addq	$0,	$7,	$0
-	cmpult	$0,	$7,	$9
-	addq	$17,	$9,	$17
-	mulq	$28,	$24,	$6
-	umulh	$28,	$24,	$2
-	addq	$18,	$6,	$18
-	cmpult	$18,	$6,	$8
-	addq	$8,	$2,	$2
-	addq	$0,	$2,	$0
-	cmpult	$0,	$2,	$22
-	addq	$17,	$22,	$17
-	stq	$18,	96($16)
-	bis	$31,	$31,	$10
-	mulq	$25,	$21,	$19
-	umulh	$25,	$21,	$5
-	addq	$0,	$19,	$0
-	cmpult	$0,	$19,	$3
-	addq	$3,	$5,	$5
-	addq	$17,	$5,	$17
-	cmpult	$17,	$5,	$4
-	addq	$10,	$4,	$10
-	mulq	$28,	$27,	$23
-	umulh	$28,	$27,	$20
-	addq	$0,	$23,	$0
-	cmpult	$0,	$23,	$1
-	addq	$1,	$20,	$20
-	addq	$17,	$20,	$17
-	cmpult	$17,	$20,	$7
-	addq	$10,	$7,	$10
-	stq	$0,	104($16)
-	bis	$31,	$31,	$9
-	mulq	$28,	$21,	$6
-	umulh	$28,	$21,	$8
-	addq	$17,	$6,	$17
-	cmpult	$17,	$6,	$2
-	addq	$2,	$8,	$8
-	addq	$10,	$8,	$10
-	cmpult	$10,	$8,	$22
-	addq	$9,	$22,	$9
-	stq	$17,	112($16)
-	stq	$10,	120($16)
-	ldq	$9,	0($30)
-	ldq	$10,	8($30)
-	addq	$30,	16,	$30
-	ret	$31,($26),1
-	.end bn_mul_comba8
-	.text
-	.align 3
-	.globl bn_mul_comba4
-	.ent bn_mul_comba4
-bn_mul_comba4:
-bn_mul_comba4..ng:
-	.frame $30,0,$26,0
-	.prologue 0
-
-	ldq	$0,	0($17)
-	ldq	$1,	0($18)
-	ldq	$2,	8($17)
-	ldq	$3,	8($18)
-	mulq	$0,	$1,	$4
-	ldq	$5,	16($17)
-	ldq	$6,	16($18)
-	umulh	$0,	$1,	$7
-	ldq	$8,	24($17)
-	ldq	$22,	24($18)
-	mulq	$0,	$3,	$23
-	stq	$4,	0($16)
-	bis	$31,	$31,	$24
-	mulq	$2,	$1,	$28
-	bis	$31,	$31,	$25
-	bis	$31,	$31,	
-	addq	$24,	$7,	$24
-	umulh	$0,	$3,	$21
-	cmpult	$24,	$7,	$20
-	addq	$24,	$23,	$24
-	addq	$25,	$20,	$25
-	umulh	$2,	$1,	$19
-	cmpult	$24,	$23,	$17
-	addq	$24,	$28,	$24
-	addq	$27,	$17,	$27
-	mulq	$0,	$6,	$18
-	cmpult	$24,	$28,	$4
-	addq	$25,	$4,	$25
-	stq	$24,	8($16)
-	addq	$25,	$27,	$24
-	bis	$31,	$31,	$25
-	addq	$24,	$21,	$24
-	bis	$31,	$31,	$27
-	mulq	$2,	$3,	$7
-	cmpult	$24,	$21,	$20
-	addq	$24,	$19,	$24
-	addq	$25,	$20,	$25
-	mulq	$5,	$1,	$23
-	cmpult	$24,	$19,	$17
-	addq	$24,	$7,	$24
-	addq	$27,	$17,	$27
-	umulh	$0,	$6,	$28
-	cmpult	$24,	$18,	$4
-	addq	$24,	$7,	$24
-	addq	$25,	$4,	$25
-	umulh	$2,	$3,	$21
-	cmpult	$24,	$7,	$20
-	addq	$24,	$23,	$24
-	addq	$27,	$20,	$27
-	umulh	$5,	$1,	$19
-	cmpult	$24,	$23,	$17
-	addq	$25,	$17,	$25
-	stq	$24,	16($16)
-	addq	$25,	$27,	$24
-	bis	$31,	$31,	$25
-	addq	$24,	$28,	$24
-	bis	$31,	$31,	$27
-	mulq	$0,	$22,	$18
-	cmpult	$24,	$28,	$4
-	addq	$24,	$21,	$24
-	addq	$25,	$4,	$25
-	mulq	$2,	$6,	$7
-	cmpult	$24,	$21,	$20
-	addq	$24,	$19,	$24
-	addq	$25,	$20,	$25
-	mulq	$5,	$3,	$23
-	cmpult	$24,	$19,	$17
-	addq	$24,	$18,	$24
-	addq	$25,	$17,	$25
-	mulq	$8,	$1,	$28
-	cmpult	$24,	$18,	$4
-	addq	$24,	$7,	$24
-	addq	$25,	$4,	$25
-	umulh	$0,	$22,	$21
-	cmpult	$24,	$7,	$20
-	addq	$24,	$23,	$24
-	addq	$25,	$20,	$25
-	umulh	$2,	$6,	$19
-	cmpult	$24,	$23,	$17
-	addq	$24,	$28,	$24
-	addq	$25,	$17,	$25
-	umulh	$5,	$3,	$18
-	cmpult	$24,	$28,	$4
-	addq	$25,	$4,	$25
-	stq	$24,	24($16)
-	addq	$25,	$27,	$24
-	bis	$31,	$31,	$25
-	addq	$24,	$21,	$24
-	bis	$31,	$31,	$27
-	umulh	$8,	$1,	$7
-	cmpult	$24,	$21,	$20
-	addq	$24,	$19,	$24
-	addq	$25,	$20,	$25
-	mulq	$2,	$22,	$23
-	cmpult	$24,	$19,	$17
-	addq	$24,	$18,	$24
-	addq	$25,	$17,	$25
-	mulq	$5,	$6,	$28
-	cmpult	$24,	$18,	$4
-	addq	$24,	$7,	$24
-	addq	$25,	$4,	$25
-	mulq	$8,	$3,	$21
-	cmpult	$24,	$7,	$20
-	addq	$24,	$23,	$24
-	addq	$25,	$20,	$25
-	umulh	$2,	$22,	$19
-	cmpult	$24,	$23,	$17
-	addq	$24,	$28,	$24
-	addq	$25,	$17,	$25
-	umulh	$5,	$6,	$18
-	cmpult	$24,	$28,	$4
-	addq	$24,	$21,	$24
-	addq	$25,	$4,	$25
-	umulh	$8,	$3,	$7
-	cmpult	$24,	$21,	$20
-	addq	$25,	$20,	$25
-	stq	$24,	32($16)
-	addq	$25,	$27,	$24
-	bis	$31,	$31,	$25
-	addq	$24,	$19,	$24
-	bis	$31,	$31,	$27
-	mulq	$5,	$22,	$23
-	cmpult	$24,	$19,	$17
-	addq	$24,	$18,	$24
-	addq	$25,	$17,	$25
-	mulq	$8,	$6,	$28
-	cmpult	$24,	$18,	$4
-	addq	$24,	$7,	$24
-	addq	$25,	$4,	$25
-	umulh	$5,	$22,	$21
-	cmpult	$24,	$7,	$20
-	addq	$24,	$23,	$24
-	addq	$25,	$20,	$25
-	umulh	$8,	$6,	$19
-	cmpult	$24,	$23,	$17
-	addq	$24,	$28,	$24
-	addq	$25,	$17,	$25
-	mulq	$8,	$22,	$18
-	cmpult	$24,	$28,	$4
-	addq	$25,	$4,	$25
-	stq	$24,	40($16)
-	addq	$25,	$27,	$24
-	bis	$31,	$31,	$25
-	addq	$24,	$21,	$24
-	bis	$31,	$31,	$27
-	umulh	$8,	$22,	$7
-	cmpult	$24,	$21,	$20
-	addq	$24,	$19,	$24
-	addq	$25,	$20,	$25
-	cmpult	$24,	$19,	$23
-	addq	$24,	$18,	$24
-	addq	$25,	$23,	$25
-	cmpult	$24,	$18,	$17
-	addq	$25,	$17,	$25
-	stq	$24,	48($16)
-	addq	$25,	$27,	$24
-	addq	$24,	$7,	$24
-	stq	$24,	56($16)
-	ret	$31,($26),1
-	.end bn_mul_comba4
-	.text
-	.align 3
-	.globl bn_sqr_comba4
-	.ent bn_sqr_comba4
-bn_sqr_comba4:
-bn_sqr_comba4..ng:
-	.frame $30,0,$26,0
-	.prologue 0
-
-	ldq	$0,	0($17)
-	ldq	$1,	8($17)
-	ldq	$2,	16($17)
-	ldq	$3,	24($17)
-	bis	$31,	$31,	$6
-	mulq	$0,	$0,	$4
-	umulh	$0,	$0,	$5
-	stq	$4,	0($16)
-	bis	$31,	$31,	$4
-	mulq	$0,	$1,	$7
-	umulh	$0,	$1,	$8
-	cmplt	$7,	$31,	$22
-	cmplt	$8,	$31,	$23
-	addq	$7,	$7,	$7
-	addq	$8,	$8,	$8
-	addq	$8,	$22,	$8
-	addq	$4,	$23,	$4
-	addq	$5,	$7,	$5
-	addq	$6,	$8,	$6
-	cmpult	$5,	$7,	$24
-	cmpult	$6,	$8,	$25
-	addq	$6,	$24,	$6
-	addq	$4,	$25,	$4
-	stq	$5,	8($16)
-	bis	$31,	$31,	$5
-	mulq	$1,	$1,	$27
-	umulh	$1,	$1,	$28
-	addq	$6,	$27,	$6
-	addq	$4,	$28,	$4
-	cmpult	$6,	$27,	$21
-	cmpult	$4,	$28,	$20
-	addq	$4,	$21,	$4
-	addq	$5,	$20,	$5
-	mulq	$2,	$0,	$19
-	umulh	$2,	$0,	$18
-	cmplt	$19,	$31,	$17
-	cmplt	$18,	$31,	$22
-	addq	$19,	$19,	$19
-	addq	$18,	$18,	$18
-	addq	$18,	$17,	$18
-	addq	$5,	$22,	$5
-	addq	$6,	$19,	$6
-	addq	$4,	$18,	$4
-	cmpult	$6,	$19,	$23
-	cmpult	$4,	$18,	$7
-	addq	$4,	$23,	$4
-	addq	$5,	$7,	$5
-	stq	$6,	16($16)
-	bis	$31,	$31,	$6
-	mulq	$3,	$0,	$8
-	umulh	$3,	$0,	$24
-	cmplt	$8,	$31,	$25
-	cmplt	$24,	$31,	$27
-	addq	$8,	$8,	$8
-	addq	$24,	$24,	$24
-	addq	$24,	$25,	$24
-	addq	$6,	$27,	$6
-	addq	$4,	$8,	$4
-	addq	$5,	$24,	$5
-	cmpult	$4,	$8,	$28
-	cmpult	$5,	$24,	$21
-	addq	$5,	$28,	$5
-	addq	$6,	$21,	$6
-	mulq	$2,	$1,	$20
-	umulh	$2,	$1,	$17
-	cmplt	$20,	$31,	$22
-	cmplt	$17,	$31,	$19
-	addq	$20,	$20,	$20
-	addq	$17,	$17,	$17
-	addq	$17,	$22,	$17
-	addq	$6,	$19,	$6
-	addq	$4,	$20,	$4
-	addq	$5,	$17,	$5
-	cmpult	$4,	$20,	$18
-	cmpult	$5,	$17,	$23
-	addq	$5,	$18,	$5
-	addq	$6,	$23,	$6
-	stq	$4,	24($16)
-	bis	$31,	$31,	$4
-	mulq	$2,	$2,	$7
-	umulh	$2,	$2,	$25
-	addq	$5,	$7,	$5
-	addq	$6,	$25,	$6
-	cmpult	$5,	$7,	$27
-	cmpult	$6,	$25,	$8
-	addq	$6,	$27,	$6
-	addq	$4,	$8,	$4
-	mulq	$3,	$1,	$24
-	umulh	$3,	$1,	$28
-	cmplt	$24,	$31,	$21
-	cmplt	$28,	$31,	$22
-	addq	$24,	$24,	$24
-	addq	$28,	$28,	$28
-	addq	$28,	$21,	$28
-	addq	$4,	$22,	$4
-	addq	$5,	$24,	$5
-	addq	$6,	$28,	$6
-	cmpult	$5,	$24,	$19
-	cmpult	$6,	$28,	$20
-	addq	$6,	$19,	$6
-	addq	$4,	$20,	$4
-	stq	$5,	32($16)
-	bis	$31,	$31,	$5
-	mulq	$3,	$2,	$17
-	umulh	$3,	$2,	$18
-	cmplt	$17,	$31,	$23
-	cmplt	$18,	$31,	$7
-	addq	$17,	$17,	$17
-	addq	$18,	$18,	$18
-	addq	$18,	$23,	$18
-	addq	$5,	$7,	$5
-	addq	$6,	$17,	$6
-	addq	$4,	$18,	$4
-	cmpult	$6,	$17,	$25
-	cmpult	$4,	$18,	$27
-	addq	$4,	$25,	$4
-	addq	$5,	$27,	$5
-	stq	$6,	40($16)
-	bis	$31,	$31,	$6
-	mulq	$3,	$3,	$8
-	umulh	$3,	$3,	$21
-	addq	$4,	$8,	$4
-	addq	$5,	$21,	$5
-	cmpult	$4,	$8,	$22
-	cmpult	$5,	$21,	$24
-	addq	$5,	$22,	$5
-	addq	$6,	$24,	$6
-	stq	$4,	48($16)
-	stq	$5,	56($16)
-	ret	$31,($26),1
-	.end bn_sqr_comba4
-	.text
-	.align 3
-	.globl bn_sqr_comba8
-	.ent bn_sqr_comba8
-bn_sqr_comba8:
-bn_sqr_comba8..ng:
-	.frame $30,0,$26,0
-	.prologue 0
-
-	ldq	$0,	0($17)
-	ldq	$1,	8($17)
-	ldq	$2,	16($17)
-	ldq	$3,	24($17)
-	ldq	$4,	32($17)
-	ldq	$5,	40($17)
-	ldq	$6,	48($17)
-	ldq	$7,	56($17)
-	bis	$31,	$31,	$23
-	mulq	$0,	$0,	$8
-	umulh	$0,	$0,	$22
-	stq	$8,	0($16)
-	bis	$31,	$31,	$8
-	mulq	$1,	$0,	$24
-	umulh	$1,	$0,	$25
-	cmplt	$24,	$31,	$27
-	cmplt	$25,	$31,	$28
-	addq	$24,	$24,	$24
-	addq	$25,	$25,	$25
-	addq	$25,	$27,	$25
-	addq	$8,	$28,	$8
-	addq	$22,	$24,	$22
-	addq	$23,	$25,	$23
-	cmpult	$22,	$24,	$21
-	cmpult	$23,	$25,	$20
-	addq	$23,	$21,	$23
-	addq	$8,	$20,	$8
-	stq	$22,	8($16)
-	bis	$31,	$31,	$22
-	mulq	$1,	$1,	$19
-	umulh	$1,	$1,	$18
-	addq	$23,	$19,	$23
-	addq	$8,	$18,	$8
-	cmpult	$23,	$19,	$17
-	cmpult	$8,	$18,	$27
-	addq	$8,	$17,	$8
-	addq	$22,	$27,	$22
-	mulq	$2,	$0,	$28
-	umulh	$2,	$0,	$24
-	cmplt	$28,	$31,	$25
-	cmplt	$24,	$31,	$21
-	addq	$28,	$28,	$28
-	addq	$24,	$24,	$24
-	addq	$24,	$25,	$24
-	addq	$22,	$21,	$22
-	addq	$23,	$28,	$23
-	addq	$8,	$24,	$8
-	cmpult	$23,	$28,	$20
-	cmpult	$8,	$24,	$19
-	addq	$8,	$20,	$8
-	addq	$22,	$19,	$22
-	stq	$23,	16($16)
-	bis	$31,	$31,	$23
-	mulq	$2,	$1,	$18
-	umulh	$2,	$1,	$17
-	cmplt	$18,	$31,	$27
-	cmplt	$17,	$31,	$25
-	addq	$18,	$18,	$18
-	addq	$17,	$17,	$17
-	addq	$17,	$27,	$17
-	addq	$23,	$25,	$23
-	addq	$8,	$18,	$8
-	addq	$22,	$17,	$22
-	cmpult	$8,	$18,	$21
-	cmpult	$22,	$17,	$28
-	addq	$22,	$21,	$22
-	addq	$23,	$28,	$23
-	mulq	$3,	$0,	$24
-	umulh	$3,	$0,	$20
-	cmplt	$24,	$31,	$19
-	cmplt	$20,	$31,	$27
-	addq	$24,	$24,	$24
-	addq	$20,	$20,	$20
-	addq	$20,	$19,	$20
-	addq	$23,	$27,	$23
-	addq	$8,	$24,	$8
-	addq	$22,	$20,	$22
-	cmpult	$8,	$24,	$25
-	cmpult	$22,	$20,	$18
-	addq	$22,	$25,	$22
-	addq	$23,	$18,	$23
-	stq	$8,	24($16)
-	bis	$31,	$31,	$8
-	mulq	$2,	$2,	$17
-	umulh	$2,	$2,	$21
-	addq	$22,	$17,	$22
-	addq	$23,	$21,	$23
-	cmpult	$22,	$17,	$28
-	cmpult	$23,	$21,	$19
-	addq	$23,	$28,	$23
-	addq	$8,	$19,	$8
-	mulq	$3,	$1,	$27
-	umulh	$3,	$1,	$24
-	cmplt	$27,	$31,	$20
-	cmplt	$24,	$31,	$25
-	addq	$27,	$27,	$27
-	addq	$24,	$24,	$24
-	addq	$24,	$20,	$24
-	addq	$8,	$25,	$8
-	addq	$22,	$27,	$22
-	addq	$23,	$24,	$23
-	cmpult	$22,	$27,	$18
-	cmpult	$23,	$24,	$17
-	addq	$23,	$18,	$23
-	addq	$8,	$17,	$8
-	mulq	$4,	$0,	$21
-	umulh	$4,	$0,	$28
-	cmplt	$21,	$31,	$19
-	cmplt	$28,	$31,	$20
-	addq	$21,	$21,	$21
-	addq	$28,	$28,	$28
-	addq	$28,	$19,	$28
-	addq	$8,	$20,	$8
-	addq	$22,	$21,	$22
-	addq	$23,	$28,	$23
-	cmpult	$22,	$21,	$25
-	cmpult	$23,	$28,	$27
-	addq	$23,	$25,	$23
-	addq	$8,	$27,	$8
-	stq	$22,	32($16)
-	bis	$31,	$31,	$22
-	mulq	$3,	$2,	$24
-	umulh	$3,	$2,	$18
-	cmplt	$24,	$31,	$17
-	cmplt	$18,	$31,	$19
-	addq	$24,	$24,	$24
-	addq	$18,	$18,	$18
-	addq	$18,	$17,	$18
-	addq	$22,	$19,	$22
-	addq	$23,	$24,	$23
-	addq	$8,	$18,	$8
-	cmpult	$23,	$24,	$20
-	cmpult	$8,	$18,	$21
-	addq	$8,	$20,	$8
-	addq	$22,	$21,	$22
-	mulq	$4,	$1,	$28
-	umulh	$4,	$1,	$25
-	cmplt	$28,	$31,	$27
-	cmplt	$25,	$31,	$17
-	addq	$28,	$28,	$28
-	addq	$25,	$25,	$25
-	addq	$25,	$27,	$25
-	addq	$22,	$17,	$22
-	addq	$23,	$28,	$23
-	addq	$8,	$25,	$8
-	cmpult	$23,	$28,	$19
-	cmpult	$8,	$25,	$24
-	addq	$8,	$19,	$8
-	addq	$22,	$24,	$22
-	mulq	$5,	$0,	$18
-	umulh	$5,	$0,	$20
-	cmplt	$18,	$31,	$21
-	cmplt	$20,	$31,	$27
-	addq	$18,	$18,	$18
-	addq	$20,	$20,	$20
-	addq	$20,	$21,	$20
-	addq	$22,	$27,	$22
-	addq	$23,	$18,	$23
-	addq	$8,	$20,	$8
-	cmpult	$23,	$18,	$17
-	cmpult	$8,	$20,	$28
-	addq	$8,	$17,	$8
-	addq	$22,	$28,	$22
-	stq	$23,	40($16)
-	bis	$31,	$31,	$23
-	mulq	$3,	$3,	$25
-	umulh	$3,	$3,	$19
-	addq	$8,	$25,	$8
-	addq	$22,	$19,	$22
-	cmpult	$8,	$25,	$24
-	cmpult	$22,	$19,	$21
-	addq	$22,	$24,	$22
-	addq	$23,	$21,	$23
-	mulq	$4,	$2,	$27
-	umulh	$4,	$2,	$18
-	cmplt	$27,	$31,	$20
-	cmplt	$18,	$31,	$17
-	addq	$27,	$27,	$27
-	addq	$18,	$18,	$18
-	addq	$18,	$20,	$18
-	addq	$23,	$17,	$23
-	addq	$8,	$27,	$8
-	addq	$22,	$18,	$22
-	cmpult	$8,	$27,	$28
-	cmpult	$22,	$18,	$25
-	addq	$22,	$28,	$22
-	addq	$23,	$25,	$23
-	mulq	$5,	$1,	$19
-	umulh	$5,	$1,	$24
-	cmplt	$19,	$31,	$21
-	cmplt	$24,	$31,	$20
-	addq	$19,	$19,	$19
-	addq	$24,	$24,	$24
-	addq	$24,	$21,	$24
-	addq	$23,	$20,	$23
-	addq	$8,	$19,	$8
-	addq	$22,	$24,	$22
-	cmpult	$8,	$19,	$17
-	cmpult	$22,	$24,	$27
-	addq	$22,	$17,	$22
-	addq	$23,	$27,	$23
-	mulq	$6,	$0,	$18
-	umulh	$6,	$0,	$28
-	cmplt	$18,	$31,	$25
-	cmplt	$28,	$31,	$21
-	addq	$18,	$18,	$18
-	addq	$28,	$28,	$28
-	addq	$28,	$25,	$28
-	addq	$23,	$21,	$23
-	addq	$8,	$18,	$8
-	addq	$22,	$28,	$22
-	cmpult	$8,	$18,	$20
-	cmpult	$22,	$28,	$19
-	addq	$22,	$20,	$22
-	addq	$23,	$19,	$23
-	stq	$8,	48($16)
-	bis	$31,	$31,	$8
-	mulq	$4,	$3,	$24
-	umulh	$4,	$3,	$17
-	cmplt	$24,	$31,	$27
-	cmplt	$17,	$31,	$25
-	addq	$24,	$24,	$24
-	addq	$17,	$17,	$17
-	addq	$17,	$27,	$17
-	addq	$8,	$25,	$8
-	addq	$22,	$24,	$22
-	addq	$23,	$17,	$23
-	cmpult	$22,	$24,	$21
-	cmpult	$23,	$17,	$18
-	addq	$23,	$21,	$23
-	addq	$8,	$18,	$8
-	mulq	$5,	$2,	$28
-	umulh	$5,	$2,	$20
-	cmplt	$28,	$31,	$19
-	cmplt	$20,	$31,	$27
-	addq	$28,	$28,	$28
-	addq	$20,	$20,	$20
-	addq	$20,	$19,	$20
-	addq	$8,	$27,	$8
-	addq	$22,	$28,	$22
-	addq	$23,	$20,	$23
-	cmpult	$22,	$28,	$25
-	cmpult	$23,	$20,	$24
-	addq	$23,	$25,	$23
-	addq	$8,	$24,	$8
-	mulq	$6,	$1,	$17
-	umulh	$6,	$1,	$21
-	cmplt	$17,	$31,	$18
-	cmplt	$21,	$31,	$19
-	addq	$17,	$17,	$17
-	addq	$21,	$21,	$21
-	addq	$21,	$18,	$21
-	addq	$8,	$19,	$8
-	addq	$22,	$17,	$22
-	addq	$23,	$21,	$23
-	cmpult	$22,	$17,	$27
-	cmpult	$23,	$21,	$28
-	addq	$23,	$27,	$23
-	addq	$8,	$28,	$8
-	mulq	$7,	$0,	$20
-	umulh	$7,	$0,	$25
-	cmplt	$20,	$31,	$24
-	cmplt	$25,	$31,	$18
-	addq	$20,	$20,	$20
-	addq	$25,	$25,	$25
-	addq	$25,	$24,	$25
-	addq	$8,	$18,	$8
-	addq	$22,	$20,	$22
-	addq	$23,	$25,	$23
-	cmpult	$22,	$20,	$19
-	cmpult	$23,	$25,	$17
-	addq	$23,	$19,	$23
-	addq	$8,	$17,	$8
-	stq	$22,	56($16)
-	bis	$31,	$31,	$22
-	mulq	$4,	$4,	$21
-	umulh	$4,	$4,	$27
-	addq	$23,	$21,	$23
-	addq	$8,	$27,	$8
-	cmpult	$23,	$21,	$28
-	cmpult	$8,	$27,	$24
-	addq	$8,	$28,	$8
-	addq	$22,	$24,	$22
-	mulq	$5,	$3,	$18
-	umulh	$5,	$3,	$20
-	cmplt	$18,	$31,	$25
-	cmplt	$20,	$31,	$19
-	addq	$18,	$18,	$18
-	addq	$20,	$20,	$20
-	addq	$20,	$25,	$20
-	addq	$22,	$19,	$22
-	addq	$23,	$18,	$23
-	addq	$8,	$20,	$8
-	cmpult	$23,	$18,	$17
-	cmpult	$8,	$20,	$21
-	addq	$8,	$17,	$8
-	addq	$22,	$21,	$22
-	mulq	$6,	$2,	$27
-	umulh	$6,	$2,	$28
-	cmplt	$27,	$31,	$24
-	cmplt	$28,	$31,	$25
-	addq	$27,	$27,	$27
-	addq	$28,	$28,	$28
-	addq	$28,	$24,	$28
-	addq	$22,	$25,	$22
-	addq	$23,	$27,	$23
-	addq	$8,	$28,	$8
-	cmpult	$23,	$27,	$19
-	cmpult	$8,	$28,	$18
-	addq	$8,	$19,	$8
-	addq	$22,	$18,	$22
-	mulq	$7,	$1,	$20
-	umulh	$7,	$1,	$17
-	cmplt	$20,	$31,	$21
-	cmplt	$17,	$31,	$24
-	addq	$20,	$20,	$20
-	addq	$17,	$17,	$17
-	addq	$17,	$21,	$17
-	addq	$22,	$24,	$22
-	addq	$23,	$20,	$23
-	addq	$8,	$17,	$8
-	cmpult	$23,	$20,	$25
-	cmpult	$8,	$17,	$27
-	addq	$8,	$25,	$8
-	addq	$22,	$27,	$22
-	stq	$23,	64($16)
-	bis	$31,	$31,	$23
-	mulq	$5,	$4,	$28
-	umulh	$5,	$4,	$19
-	cmplt	$28,	$31,	$18
-	cmplt	$19,	$31,	$21
-	addq	$28,	$28,	$28
-	addq	$19,	$19,	$19
-	addq	$19,	$18,	$19
-	addq	$23,	$21,	$23
-	addq	$8,	$28,	$8
-	addq	$22,	$19,	$22
-	cmpult	$8,	$28,	$24
-	cmpult	$22,	$19,	$20
-	addq	$22,	$24,	$22
-	addq	$23,	$20,	$23
-	mulq	$6,	$3,	$17
-	umulh	$6,	$3,	$25
-	cmplt	$17,	$31,	$27
-	cmplt	$25,	$31,	$18
-	addq	$17,	$17,	$17
-	addq	$25,	$25,	$25
-	addq	$25,	$27,	$25
-	addq	$23,	$18,	$23
-	addq	$8,	$17,	$8
-	addq	$22,	$25,	$22
-	cmpult	$8,	$17,	$21
-	cmpult	$22,	$25,	$28
-	addq	$22,	$21,	$22
-	addq	$23,	$28,	$23
-	mulq	$7,	$2,	$19
-	umulh	$7,	$2,	$24
-	cmplt	$19,	$31,	$20
-	cmplt	$24,	$31,	$27
-	addq	$19,	$19,	$19
-	addq	$24,	$24,	$24
-	addq	$24,	$20,	$24
-	addq	$23,	$27,	$23
-	addq	$8,	$19,	$8
-	addq	$22,	$24,	$22
-	cmpult	$8,	$19,	$18
-	cmpult	$22,	$24,	$17
-	addq	$22,	$18,	$22
-	addq	$23,	$17,	$23
-	stq	$8,	72($16)
-	bis	$31,	$31,	$8
-	mulq	$5,	$5,	$25
-	umulh	$5,	$5,	$21
-	addq	$22,	$25,	$22
-	addq	$23,	$21,	$23
-	cmpult	$22,	$25,	$28
-	cmpult	$23,	$21,	$20
-	addq	$23,	$28,	$23
-	addq	$8,	$20,	$8
-	mulq	$6,	$4,	$27
-	umulh	$6,	$4,	$19
-	cmplt	$27,	$31,	$24
-	cmplt	$19,	$31,	$18
-	addq	$27,	$27,	$27
-	addq	$19,	$19,	$19
-	addq	$19,	$24,	$19
-	addq	$8,	$18,	$8
-	addq	$22,	$27,	$22
-	addq	$23,	$19,	$23
-	cmpult	$22,	$27,	$17
-	cmpult	$23,	$19,	$25
-	addq	$23,	$17,	$23
-	addq	$8,	$25,	$8
-	mulq	$7,	$3,	$21
-	umulh	$7,	$3,	$28
-	cmplt	$21,	$31,	$20
-	cmplt	$28,	$31,	$24
-	addq	$21,	$21,	$21
-	addq	$28,	$28,	$28
-	addq	$28,	$20,	$28
-	addq	$8,	$24,	$8
-	addq	$22,	$21,	$22
-	addq	$23,	$28,	$23
-	cmpult	$22,	$21,	$18
-	cmpult	$23,	$28,	$27
-	addq	$23,	$18,	$23
-	addq	$8,	$27,	$8
-	stq	$22,	80($16)
-	bis	$31,	$31,	$22
-	mulq	$6,	$5,	$19
-	umulh	$6,	$5,	$17
-	cmplt	$19,	$31,	$25
-	cmplt	$17,	$31,	$20
-	addq	$19,	$19,	$19
-	addq	$17,	$17,	$17
-	addq	$17,	$25,	$17
-	addq	$22,	$20,	$22
-	addq	$23,	$19,	$23
-	addq	$8,	$17,	$8
-	cmpult	$23,	$19,	$24
-	cmpult	$8,	$17,	$21
-	addq	$8,	$24,	$8
-	addq	$22,	$21,	$22
-	mulq	$7,	$4,	$28
-	umulh	$7,	$4,	$18
-	cmplt	$28,	$31,	$27
-	cmplt	$18,	$31,	$25
-	addq	$28,	$28,	$28
-	addq	$18,	$18,	$18
-	addq	$18,	$27,	$18
-	addq	$22,	$25,	$22
-	addq	$23,	$28,	$23
-	addq	$8,	$18,	$8
-	cmpult	$23,	$28,	$20
-	cmpult	$8,	$18,	$19
-	addq	$8,	$20,	$8
-	addq	$22,	$19,	$22
-	stq	$23,	88($16)
-	bis	$31,	$31,	$23
-	mulq	$6,	$6,	$17
-	umulh	$6,	$6,	$24
-	addq	$8,	$17,	$8
-	addq	$22,	$24,	$22
-	cmpult	$8,	$17,	$21
-	cmpult	$22,	$24,	$27
-	addq	$22,	$21,	$22
-	addq	$23,	$27,	$23
-	mulq	$7,	$5,	$25
-	umulh	$7,	$5,	$28
-	cmplt	$25,	$31,	$18
-	cmplt	$28,	$31,	$20
-	addq	$25,	$25,	$25
-	addq	$28,	$28,	$28
-	addq	$28,	$18,	$28
-	addq	$23,	$20,	$23
-	addq	$8,	$25,	$8
-	addq	$22,	$28,	$22
-	cmpult	$8,	$25,	$19
-	cmpult	$22,	$28,	$17
-	addq	$22,	$19,	$22
-	addq	$23,	$17,	$23
-	stq	$8,	96($16)
-	bis	$31,	$31,	$8
-	mulq	$7,	$6,	$24
-	umulh	$7,	$6,	$21
-	cmplt	$24,	$31,	$27
-	cmplt	$21,	$31,	$18
-	addq	$24,	$24,	$24
-	addq	$21,	$21,	$21
-	addq	$21,	$27,	$21
-	addq	$8,	$18,	$8
-	addq	$22,	$24,	$22
-	addq	$23,	$21,	$23
-	cmpult	$22,	$24,	$20
-	cmpult	$23,	$21,	$25
-	addq	$23,	$20,	$23
-	addq	$8,	$25,	$8
-	stq	$22,	104($16)
-	bis	$31,	$31,	$22
-	mulq	$7,	$7,	$28
-	umulh	$7,	$7,	$19
-	addq	$23,	$28,	$23
-	addq	$8,	$19,	$8
-	cmpult	$23,	$28,	$17
-	cmpult	$8,	$19,	$27
-	addq	$8,	$17,	$8
-	addq	$22,	$27,	$22
-	stq	$23,	112($16)
-	stq	$8,	120($16)
-	ret	$31,($26),1
-	.end bn_sqr_comba8
diff --git a/crypto/bn/asm/ff b/crypto/bn/asm/ff
deleted file mode 100644
index 4af216889d..0000000000
--- a/crypto/bn/asm/ff
+++ /dev/null
@@ -1,724 +0,0 @@
-	.text
-	.align 3
-	.globl bn_mul_comba4
-	.ent bn_mul_comba4
-bn_mul_comba4:
-bn_mul_comba4..ng:
-	.frame $30,0,$26,0
-	.prologue 0
-
-	ldq	$0,	0($17)
-	ldq	$1,	0($18)
-	ldq	$2,	8($17)
-	ldq	$3,	8($18)
-	ldq	$4,	16($17)
-	ldq	$5,	16($18)
-	ldq	$6,	24($17)
-	ldq	$7,	24($18)
-	bis	$31,	$31,	$23
-	mulq	$0,	$1,	$8
-	umulh	$0,	$1,	$22
-	stq	$8,	0($16)
-	bis	$31,	$31,	$8
-	mulq	$0,	$3,	$24
-	umulh	$0,	$3,	$25
-	addq	$22,	$24,	$22
-	cmpult	$22,	$24,	$27
-	addq	$27,	$25,	$25
-	addq	$23,	$25,	$23
-	cmpult	$23,	$25,	$28
-	addq	$8,	$28,	$8
-	mulq	$2,	$1,	$21
-	umulh	$2,	$1,	$20
-	addq	$22,	$21,	$22
-	cmpult	$22,	$21,	$19
-	addq	$19,	$20,	$20
-	addq	$23,	$20,	$23
-	cmpult	$23,	$20,	$17
-	addq	$8,	$17,	$8
-	stq	$22,	8($16)
-	bis	$31,	$31,	$22
-	mulq	$2,	$3,	$18
-	umulh	$2,	$3,	$24
-	addq	$23,	$18,	$23
-	cmpult	$23,	$18,	$27
-	addq	$27,	$24,	$24
-	addq	$8,	$24,	$8
-	cmpult	$8,	$24,	$25
-	addq	$22,	$25,	$22
-	mulq	$0,	$5,	$28
-	umulh	$0,	$5,	$21
-	addq	$23,	$28,	$23
-	cmpult	$23,	$28,	$19
-	addq	$19,	$21,	$21
-	addq	$8,	$21,	$8
-	cmpult	$8,	$21,	$20
-	addq	$22,	$20,	$22
-	mulq	$4,	$1,	$17
-	umulh	$4,	$1,	$18
-	addq	$23,	$17,	$23
-	cmpult	$23,	$17,	$27
-	addq	$27,	$18,	$18
-	addq	$8,	$18,	$8
-	cmpult	$8,	$18,	$24
-	addq	$22,	$24,	$22
-	stq	$23,	16($16)
-	bis	$31,	$31,	$23
-	mulq	$0,	$7,	$25
-	umulh	$0,	$7,	$28
-	addq	$8,	$25,	$8
-	cmpult	$8,	$25,	$19
-	addq	$19,	$28,	$28
-	addq	$22,	$28,	$22
-	cmpult	$22,	$28,	$21
-	addq	$23,	$21,	$23
-	mulq	$2,	$5,	$20
-	umulh	$2,	$5,	$17
-	addq	$8,	$20,	$8
-	cmpult	$8,	$20,	$27
-	addq	$27,	$17,	$17
-	addq	$22,	$17,	$22
-	cmpult	$22,	$17,	$18
-	addq	$23,	$18,	$23
-	mulq	$4,	$3,	$24
-	umulh	$4,	$3,	$25
-	addq	$8,	$24,	$8
-	cmpult	$8,	$24,	$19
-	addq	$19,	$25,	$25
-	addq	$22,	$25,	$22
-	cmpult	$22,	$25,	$28
-	addq	$23,	$28,	$23
-	mulq	$6,	$1,	$21
-	umulh	$6,	$1,	$0
-	addq	$8,	$21,	$8
-	cmpult	$8,	$21,	$20
-	addq	$20,	$0,	$0
-	addq	$22,	$0,	$22
-	cmpult	$22,	$0,	$27
-	addq	$23,	$27,	$23
-	stq	$8,	24($16)
-	bis	$31,	$31,	$8
-	mulq	$2,	$7,	$17
-	umulh	$2,	$7,	$18
-	addq	$22,	$17,	$22
-	cmpult	$22,	$17,	$24
-	addq	$24,	$18,	$18
-	addq	$23,	$18,	$23
-	cmpult	$23,	$18,	$19
-	addq	$8,	$19,	$8
-	mulq	$4,	$5,	$25
-	umulh	$4,	$5,	$28
-	addq	$22,	$25,	$22
-	cmpult	$22,	$25,	$21
-	addq	$21,	$28,	$28
-	addq	$23,	$28,	$23
-	cmpult	$23,	$28,	$20
-	addq	$8,	$20,	$8
-	mulq	$6,	$3,	$0
-	umulh	$6,	$3,	$27
-	addq	$22,	$0,	$22
-	cmpult	$22,	$0,	$1
-	addq	$1,	$27,	$27
-	addq	$23,	$27,	$23
-	cmpult	$23,	$27,	$17
-	addq	$8,	$17,	$8
-	stq	$22,	32($16)
-	bis	$31,	$31,	$22
-	mulq	$4,	$7,	$24
-	umulh	$4,	$7,	$18
-	addq	$23,	$24,	$23
-	cmpult	$23,	$24,	$19
-	addq	$19,	$18,	$18
-	addq	$8,	$18,	$8
-	cmpult	$8,	$18,	$2
-	addq	$22,	$2,	$22
-	mulq	$6,	$5,	$25
-	umulh	$6,	$5,	$21
-	addq	$23,	$25,	$23
-	cmpult	$23,	$25,	$28
-	addq	$28,	$21,	$21
-	addq	$8,	$21,	$8
-	cmpult	$8,	$21,	$20
-	addq	$22,	$20,	$22
-	stq	$23,	40($16)
-	bis	$31,	$31,	$23
-	mulq	$6,	$7,	$0
-	umulh	$6,	$7,	$1
-	addq	$8,	$0,	$8
-	cmpult	$8,	$0,	$27
-	addq	$27,	$1,	$1
-	addq	$22,	$1,	$22
-	cmpult	$22,	$1,	$17
-	addq	$23,	$17,	$23
-	stq	$8,	48($16)
-	stq	$22,	56($16)
-	ret	$31,($26),1
-	.end bn_mul_comba4
-	.text
-	.align 3
-	.globl bn_mul_comba8
-	.ent bn_mul_comba8
-bn_mul_comba8:
-bn_mul_comba8..ng:
-	.frame $30,0,$26,0
-	.prologue 0
-
-	stq	$9,	8($30)
-	stq	$10,	16($30)
-	ldq	$0,	0($17)
-	ldq	$1,	0($18)
-	ldq	$2,	8($17)
-	ldq	$3,	8($18)
-	ldq	$4,	16($17)
-	ldq	$5,	16($18)
-	ldq	$6,	24($17)
-	ldq	$7,	24($18)
-	ldq	$8,	8($17)
-	ldq	$22,	8($18)
-	ldq	$23,	8($17)
-	ldq	$24,	8($18)
-	ldq	$25,	8($17)
-	ldq	$27,	8($18)
-	ldq	$28,	8($17)
-	ldq	$21,	8($18)
-	bis	$31,	$31,	$9
-	mulq	$0,	$1,	$20
-	umulh	$0,	$1,	$19
-	stq	$20,	0($16)
-	bis	$31,	$31,	$20
-	mulq	$0,	$3,	$10
-	umulh	$0,	$3,	$17
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$10
-	addq	$20,	$10,	$20
-	mulq	$2,	$1,	$18
-	umulh	$2,	$1,	$17
-	addq	$19,	$18,	$19
-	cmpult	$19,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$18
-	addq	$20,	$18,	$20
-	stq	$19,	8($16)
-	bis	$31,	$31,	$19
-	mulq	$0,	$5,	$10
-	umulh	$0,	$5,	$17
-	addq	$9,	$10,	$9
-	cmpult	$9,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$10
-	addq	$19,	$10,	$19
-	mulq	$2,	$3,	$18
-	umulh	$2,	$3,	$17
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$18
-	addq	$19,	$18,	$19
-	mulq	$4,	$1,	$10
-	umulh	$4,	$1,	$17
-	addq	$9,	$10,	$9
-	cmpult	$9,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$10
-	addq	$19,	$10,	$19
-	stq	$9,	16($16)
-	bis	$31,	$31,	$9
-	mulq	$0,	$7,	$18
-	umulh	$0,	$7,	$17
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$18
-	addq	$9,	$18,	$9
-	mulq	$2,	$5,	$10
-	umulh	$2,	$5,	$17
-	addq	$20,	$10,	$20
-	cmpult	$20,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$10
-	addq	$9,	$10,	$9
-	mulq	$4,	$3,	$18
-	umulh	$4,	$3,	$17
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$18
-	addq	$9,	$18,	$9
-	mulq	$6,	$1,	$10
-	umulh	$6,	$1,	$17
-	addq	$20,	$10,	$20
-	cmpult	$20,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$10
-	addq	$9,	$10,	$9
-	stq	$20,	24($16)
-	bis	$31,	$31,	$20
-	mulq	$0,	$22,	$18
-	umulh	$0,	$22,	$17
-	addq	$19,	$18,	$19
-	cmpult	$19,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$18
-	addq	$20,	$18,	$20
-	mulq	$2,	$7,	$10
-	umulh	$2,	$7,	$17
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$10
-	addq	$20,	$10,	$20
-	mulq	$4,	$5,	$18
-	umulh	$4,	$5,	$17
-	addq	$19,	$18,	$19
-	cmpult	$19,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$18
-	addq	$20,	$18,	$20
-	mulq	$6,	$3,	$10
-	umulh	$6,	$3,	$17
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$10
-	addq	$20,	$10,	$20
-	mulq	$8,	$1,	$18
-	umulh	$8,	$1,	$17
-	addq	$19,	$18,	$19
-	cmpult	$19,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$18
-	addq	$20,	$18,	$20
-	stq	$19,	32($16)
-	bis	$31,	$31,	$19
-	mulq	$0,	$24,	$10
-	umulh	$0,	$24,	$17
-	addq	$9,	$10,	$9
-	cmpult	$9,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$10
-	addq	$19,	$10,	$19
-	mulq	$2,	$22,	$18
-	umulh	$2,	$22,	$17
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$18
-	addq	$19,	$18,	$19
-	mulq	$4,	$7,	$10
-	umulh	$4,	$7,	$17
-	addq	$9,	$10,	$9
-	cmpult	$9,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$10
-	addq	$19,	$10,	$19
-	mulq	$6,	$5,	$18
-	umulh	$6,	$5,	$17
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$18
-	addq	$19,	$18,	$19
-	mulq	$8,	$3,	$10
-	umulh	$8,	$3,	$17
-	addq	$9,	$10,	$9
-	cmpult	$9,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$10
-	addq	$19,	$10,	$19
-	mulq	$23,	$1,	$18
-	umulh	$23,	$1,	$17
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$18
-	addq	$19,	$18,	$19
-	stq	$9,	40($16)
-	bis	$31,	$31,	$9
-	mulq	$0,	$27,	$10
-	umulh	$0,	$27,	$17
-	addq	$20,	$10,	$20
-	cmpult	$20,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$10
-	addq	$9,	$10,	$9
-	mulq	$2,	$24,	$18
-	umulh	$2,	$24,	$17
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$18
-	addq	$9,	$18,	$9
-	mulq	$4,	$22,	$10
-	umulh	$4,	$22,	$17
-	addq	$20,	$10,	$20
-	cmpult	$20,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$10
-	addq	$9,	$10,	$9
-	mulq	$6,	$7,	$18
-	umulh	$6,	$7,	$17
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$18
-	addq	$9,	$18,	$9
-	mulq	$8,	$5,	$10
-	umulh	$8,	$5,	$17
-	addq	$20,	$10,	$20
-	cmpult	$20,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$10
-	addq	$9,	$10,	$9
-	mulq	$23,	$3,	$18
-	umulh	$23,	$3,	$17
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$18
-	addq	$9,	$18,	$9
-	mulq	$25,	$1,	$10
-	umulh	$25,	$1,	$17
-	addq	$20,	$10,	$20
-	cmpult	$20,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$10
-	addq	$9,	$10,	$9
-	stq	$20,	48($16)
-	bis	$31,	$31,	$20
-	mulq	$0,	$21,	$18
-	umulh	$0,	$21,	$17
-	addq	$19,	$18,	$19
-	cmpult	$19,	$18,	$10
-	addq	$10,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$18
-	addq	$20,	$18,	$20
-	mulq	$2,	$27,	$10
-	umulh	$2,	$27,	$17
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$0
-	addq	$20,	$0,	$20
-	mulq	$4,	$24,	$10
-	umulh	$4,	$24,	$18
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$17
-	addq	$17,	$18,	$18
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$0
-	addq	$20,	$0,	$20
-	mulq	$6,	$22,	$10
-	umulh	$6,	$22,	$17
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$0
-	addq	$20,	$0,	$20
-	mulq	$8,	$7,	$10
-	umulh	$8,	$7,	$18
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$17
-	addq	$17,	$18,	$18
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$0
-	addq	$20,	$0,	$20
-	mulq	$23,	$5,	$10
-	umulh	$23,	$5,	$17
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$0
-	addq	$20,	$0,	$20
-	mulq	$25,	$3,	$10
-	umulh	$25,	$3,	$18
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$17
-	addq	$17,	$18,	$18
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$0
-	addq	$20,	$0,	$20
-	mulq	$28,	$1,	$10
-	umulh	$28,	$1,	$17
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$18
-	addq	$18,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$0
-	addq	$20,	$0,	$20
-	stq	$19,	56($16)
-	bis	$31,	$31,	$19
-	mulq	$2,	$21,	$10
-	umulh	$2,	$21,	$18
-	addq	$9,	$10,	$9
-	cmpult	$9,	$10,	$17
-	addq	$17,	$18,	$18
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$0
-	addq	$19,	$0,	$19
-	mulq	$4,	$27,	$1
-	umulh	$4,	$27,	$10
-	addq	$9,	$1,	$9
-	cmpult	$9,	$1,	$17
-	addq	$17,	$10,	$10
-	addq	$20,	$10,	$20
-	cmpult	$20,	$10,	$18
-	addq	$19,	$18,	$19
-	mulq	$6,	$24,	$0
-	umulh	$6,	$24,	$2
-	addq	$9,	$0,	$9
-	cmpult	$9,	$0,	$1
-	addq	$1,	$2,	$2
-	addq	$20,	$2,	$20
-	cmpult	$20,	$2,	$17
-	addq	$19,	$17,	$19
-	mulq	$8,	$22,	$10
-	umulh	$8,	$22,	$18
-	addq	$9,	$10,	$9
-	cmpult	$9,	$10,	$0
-	addq	$0,	$18,	$18
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$1
-	addq	$19,	$1,	$19
-	mulq	$23,	$7,	$2
-	umulh	$23,	$7,	$17
-	addq	$9,	$2,	$9
-	cmpult	$9,	$2,	$10
-	addq	$10,	$17,	$17
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$0
-	addq	$19,	$0,	$19
-	mulq	$25,	$5,	$18
-	umulh	$25,	$5,	$1
-	addq	$9,	$18,	$9
-	cmpult	$9,	$18,	$2
-	addq	$2,	$1,	$1
-	addq	$20,	$1,	$20
-	cmpult	$20,	$1,	$10
-	addq	$19,	$10,	$19
-	mulq	$28,	$3,	$17
-	umulh	$28,	$3,	$0
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$18
-	addq	$18,	$0,	$0
-	addq	$20,	$0,	$20
-	cmpult	$20,	$0,	$2
-	addq	$19,	$2,	$19
-	stq	$9,	64($16)
-	bis	$31,	$31,	$9
-	mulq	$4,	$21,	$1
-	umulh	$4,	$21,	$10
-	addq	$20,	$1,	$20
-	cmpult	$20,	$1,	$17
-	addq	$17,	$10,	$10
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$18
-	addq	$9,	$18,	$9
-	mulq	$6,	$27,	$0
-	umulh	$6,	$27,	$2
-	addq	$20,	$0,	$20
-	cmpult	$20,	$0,	$3
-	addq	$3,	$2,	$2
-	addq	$19,	$2,	$19
-	cmpult	$19,	$2,	$1
-	addq	$9,	$1,	$9
-	mulq	$8,	$24,	$17
-	umulh	$8,	$24,	$10
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$18
-	addq	$18,	$10,	$10
-	addq	$19,	$10,	$19
-	cmpult	$19,	$10,	$4
-	addq	$9,	$4,	$9
-	mulq	$23,	$22,	$0
-	umulh	$23,	$22,	$3
-	addq	$20,	$0,	$20
-	cmpult	$20,	$0,	$2
-	addq	$2,	$3,	$3
-	addq	$19,	$3,	$19
-	cmpult	$19,	$3,	$1
-	addq	$9,	$1,	$9
-	mulq	$25,	$7,	$17
-	umulh	$25,	$7,	$18
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$10
-	addq	$10,	$18,	$18
-	addq	$19,	$18,	$19
-	cmpult	$19,	$18,	$4
-	addq	$9,	$4,	$9
-	mulq	$28,	$5,	$0
-	umulh	$28,	$5,	$2
-	addq	$20,	$0,	$20
-	cmpult	$20,	$0,	$3
-	addq	$3,	$2,	$2
-	addq	$19,	$2,	$19
-	cmpult	$19,	$2,	$1
-	addq	$9,	$1,	$9
-	stq	$20,	72($16)
-	bis	$31,	$31,	$20
-	mulq	$6,	$21,	$17
-	umulh	$6,	$21,	$10
-	addq	$19,	$17,	$19
-	cmpult	$19,	$17,	$18
-	addq	$18,	$10,	$10
-	addq	$9,	$10,	$9
-	cmpult	$9,	$10,	$4
-	addq	$20,	$4,	$20
-	mulq	$8,	$27,	$0
-	umulh	$8,	$27,	$3
-	addq	$19,	$0,	$19
-	cmpult	$19,	$0,	$2
-	addq	$2,	$3,	$3
-	addq	$9,	$3,	$9
-	cmpult	$9,	$3,	$1
-	addq	$20,	$1,	$20
-	mulq	$23,	$24,	$5
-	umulh	$23,	$24,	$17
-	addq	$19,	$5,	$19
-	cmpult	$19,	$5,	$18
-	addq	$18,	$17,	$17
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$10
-	addq	$20,	$10,	$20
-	mulq	$25,	$22,	$4
-	umulh	$25,	$22,	$6
-	addq	$19,	$4,	$19
-	cmpult	$19,	$4,	$0
-	addq	$0,	$6,	$6
-	addq	$9,	$6,	$9
-	cmpult	$9,	$6,	$2
-	addq	$20,	$2,	$20
-	mulq	$28,	$7,	$3
-	umulh	$28,	$7,	$1
-	addq	$19,	$3,	$19
-	cmpult	$19,	$3,	$5
-	addq	$5,	$1,	$1
-	addq	$9,	$1,	$9
-	cmpult	$9,	$1,	$18
-	addq	$20,	$18,	$20
-	stq	$19,	80($16)
-	bis	$31,	$31,	$19
-	mulq	$8,	$21,	$17
-	umulh	$8,	$21,	$10
-	addq	$9,	$17,	$9
-	cmpult	$9,	$17,	$4
-	addq	$4,	$10,	$10
-	addq	$20,	$10,	$20
-	cmpult	$20,	$10,	$0
-	addq	$19,	$0,	$19
-	mulq	$23,	$27,	$6
-	umulh	$23,	$27,	$2
-	addq	$9,	$6,	$9
-	cmpult	$9,	$6,	$3
-	addq	$3,	$2,	$2
-	addq	$20,	$2,	$20
-	cmpult	$20,	$2,	$5
-	addq	$19,	$5,	$19
-	mulq	$25,	$24,	$1
-	umulh	$25,	$24,	$18
-	addq	$9,	$1,	$9
-	cmpult	$9,	$1,	$7
-	addq	$7,	$18,	$18
-	addq	$20,	$18,	$20
-	cmpult	$20,	$18,	$17
-	addq	$19,	$17,	$19
-	mulq	$28,	$22,	$4
-	umulh	$28,	$22,	$10
-	addq	$9,	$4,	$9
-	cmpult	$9,	$4,	$0
-	addq	$0,	$10,	$10
-	addq	$20,	$10,	$20
-	cmpult	$20,	$10,	$8
-	addq	$19,	$8,	$19
-	stq	$9,	88($16)
-	bis	$31,	$31,	$9
-	mulq	$23,	$21,	$6
-	umulh	$23,	$21,	$3
-	addq	$20,	$6,	$20
-	cmpult	$20,	$6,	$2
-	addq	$2,	$3,	$3
-	addq	$19,	$3,	$19
-	cmpult	$19,	$3,	$5
-	addq	$9,	$5,	$9
-	mulq	$25,	$27,	$1
-	umulh	$25,	$27,	$7
-	addq	$20,	$1,	$20
-	cmpult	$20,	$1,	$18
-	addq	$18,	$7,	$7
-	addq	$19,	$7,	$19
-	cmpult	$19,	$7,	$17
-	addq	$9,	$17,	$9
-	mulq	$28,	$24,	$4
-	umulh	$28,	$24,	$0
-	addq	$20,	$4,	$20
-	cmpult	$20,	$4,	$10
-	addq	$10,	$0,	$0
-	addq	$19,	$0,	$19
-	cmpult	$19,	$0,	$8
-	addq	$9,	$8,	$9
-	stq	$20,	96($16)
-	bis	$31,	$31,	$20
-	mulq	$25,	$21,	$22
-	umulh	$25,	$21,	$6
-	addq	$19,	$22,	$19
-	cmpult	$19,	$22,	$2
-	addq	$2,	$6,	$6
-	addq	$9,	$6,	$9
-	cmpult	$9,	$6,	$3
-	addq	$20,	$3,	$20
-	mulq	$28,	$27,	$5
-	umulh	$28,	$27,	$23
-	addq	$19,	$5,	$19
-	cmpult	$19,	$5,	$1
-	addq	$1,	$23,	$23
-	addq	$9,	$23,	$9
-	cmpult	$9,	$23,	$18
-	addq	$20,	$18,	$20
-	stq	$19,	104($16)
-	bis	$31,	$31,	$19
-	mulq	$28,	$21,	$7
-	umulh	$28,	$21,	$17
-	addq	$9,	$7,	$9
-	cmpult	$9,	$7,	$4
-	addq	$4,	$17,	$17
-	addq	$20,	$17,	$20
-	cmpult	$20,	$17,	$10
-	addq	$19,	$10,	$19
-	stq	$9,	112($16)
-	stq	$20,	120($16)
-	ldq	$9,	8($30)
-	ldq	$10,	16($30)
-	ret	$31,($26),1
-	.end bn_mul_comba8
diff --git a/crypto/bn/asm/ia64.S b/crypto/bn/asm/ia64.S
new file mode 100644
index 0000000000..ae56066310
--- /dev/null
+++ b/crypto/bn/asm/ia64.S
@@ -0,0 +1,1498 @@
+.explicit
+.text
+.ident	"ia64.S, Version 1.1"
+.ident	"IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+
+//
+// ====================================================================
+// Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+// project.
+//
+// Rights for redistribution and usage in source and binary forms are
+// granted according to the OpenSSL license. Warranty of any kind is
+// disclaimed.
+// ====================================================================
+//
+
+// Q.	How much faster does it get?
+// A.	Here is the output from 'openssl speed rsa dsa' for vanilla
+//	0.9.6a compiled with gcc version 2.96 20000731 (Red Hat
+//	Linux 7.1 2.96-81):
+//
+//	                  sign    verify    sign/s verify/s
+//	rsa  512 bits   0.0036s   0.0003s    275.3   2999.2
+//	rsa 1024 bits   0.0203s   0.0011s     49.3    894.1
+//	rsa 2048 bits   0.1331s   0.0040s      7.5    250.9
+//	rsa 4096 bits   0.9270s   0.0147s      1.1     68.1
+//	                  sign    verify    sign/s verify/s
+//	dsa  512 bits   0.0035s   0.0043s    288.3    234.8
+//	dsa 1024 bits   0.0111s   0.0135s     90.0     74.2
+//
+//	And here is similar output but for this assembler
+//	implementation:-)
+//
+//	                  sign    verify    sign/s verify/s
+//	rsa  512 bits   0.0021s   0.0001s    549.4   9638.5
+//	rsa 1024 bits   0.0055s   0.0002s    183.8   4481.1
+//	rsa 2048 bits   0.0244s   0.0006s     41.4   1726.3
+//	rsa 4096 bits   0.1295s   0.0018s      7.7    561.5
+//	                  sign    verify    sign/s verify/s
+//	dsa  512 bits   0.0012s   0.0013s    891.9    756.6
+//	dsa 1024 bits   0.0023s   0.0028s    440.4    376.2
+//	
+//	Yes, you may argue that it's not fair comparison as it's
+//	possible to craft the C implementation with BN_UMULT_HIGH
+//	inline assembler macro. But of course! Here is the output
+//	with the macro:
+//
+//	                  sign    verify    sign/s verify/s
+//	rsa  512 bits   0.0020s   0.0002s    495.0   6561.0
+//	rsa 1024 bits   0.0086s   0.0004s    116.2   2235.7
+//	rsa 2048 bits   0.0519s   0.0015s     19.3    667.3
+//	rsa 4096 bits   0.3464s   0.0053s      2.9    187.7
+//	                  sign    verify    sign/s verify/s
+//	dsa  512 bits   0.0016s   0.0020s    613.1    510.5
+//	dsa 1024 bits   0.0045s   0.0054s    221.0    183.9
+//
+//	My code is still way faster, huh:-) And I believe that even
+//	higher performance can be achieved. Note that as keys get
+//	longer, performance gain is larger. Why? According to the
+//	profiler there is another player in the field, namely
+//	BN_from_montgomery consuming larger and larger portion of CPU
+//	time as keysize decreases. I therefore consider putting effort
+//	to assembler implementation of the following routine:
+//
+//	void bn_mul_add_mont (BN_ULONG *rp,BN_ULONG *np,int nl,BN_ULONG n0)
+//	{
+//	int      i,j;
+//	BN_ULONG v;
+//
+//	for (i=0; i<nl; i++)
+//		{
+//		v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
+//		nrp++;
+//		rp++;
+//		if (((nrp[-1]+=v)&BN_MASK2) < v)
+//			for (j=0; ((++nrp[j])&BN_MASK2) == 0; j++) ;
+//		}
+//	}
+//
+//	It might as well be beneficial to implement even combaX
+//	variants, as it appears as it can literally unleash the
+//	performance (see comment section to bn_mul_comba8 below).
+//
+//	And finally for your reference the output for 0.9.6a compiled
+//	with SGIcc version 0.01.0-12 (keep in mind that for the moment
+//	of this writing it's not possible to convince SGIcc to use
+//	BN_UMULT_HIGH inline assembler macro, yet the code is fast,
+//	i.e. for a compiler generated one:-):
+//
+//	                  sign    verify    sign/s verify/s
+//	rsa  512 bits   0.0022s   0.0002s    452.7   5894.3
+//	rsa 1024 bits   0.0097s   0.0005s    102.7   2002.9
+//	rsa 2048 bits   0.0578s   0.0017s     17.3    600.2
+//	rsa 4096 bits   0.3838s   0.0061s      2.6    164.5
+//	                  sign    verify    sign/s verify/s
+//	dsa  512 bits   0.0018s   0.0022s    547.3    459.6
+//	dsa 1024 bits   0.0051s   0.0062s    196.6    161.3
+//
+//	Oh! Benchmarks were performed on 733MHz Lion-class Itanium
+//	system running Redhat Linux 7.1 (very special thanks to Ray
+//	McCaffity of Williams Communications for providing an account).
+//
+// Q.	What's the heck with 'rum 1<<5' at the end of every function?
+// A.	Well, by clearing the "upper FP registers written" bit of the
+//	User Mask I want to excuse the kernel from preserving upper
+//	(f32-f128) FP register bank over process context switch, thus
+//	minimizing bus bandwidth consumption during the switch (i.e.
+//	after PKI opration completes and the program is off doing
+//	something else like bulk symmetric encryption). Having said
+//	this, I also want to point out that it might be good idea
+//	to compile the whole toolkit (as well as majority of the
+//	programs for that matter) with -mfixed-range=f32-f127 command
+//	line option. No, it doesn't prevent the compiler from writing
+//	to upper bank, but at least discourages to do so. If you don't
+//	like the idea you have the option to compile the module with
+//	-Drum=nop.m in command line.
+//
+
+#if 1
+//
+// bn_[add|sub]_words routines.
+//
+// Loops are spinning in 2*(n+5) ticks on Itanuim (provided that the
+// data reside in L1 cache, i.e. 2 ticks away). It's possible to
+// compress the epilogue and get down to 2*n+6, but at the cost of
+// scalability (the neat feature of this implementation is that it
+// shall automagically spin in n+5 on "wider" IA-64 implementations:-)
+// I consider that the epilogue is short enough as it is to trade tiny
+// performance loss on Itanium for scalability.
+//
+// BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num)
+//
+.global	bn_add_words#
+.proc	bn_add_words#
+.align	64
+.skip	32	// makes the loop body aligned at 64-byte boundary
+bn_add_words:
+	.prologue
+	.fframe	0
+	.save	ar.pfs,r2
+{ .mii;	alloc		r2=ar.pfs,4,12,0,16
+	cmp4.le		p6,p0=r35,r0	};;
+{ .mfb;	mov		r8=r0			// return value
+(p6)	br.ret.spnt.many	b0	};;
+
+	.save	ar.lc,r3
+{ .mib;	sub		r10=r35,r0,1
+	mov		r3=ar.lc
+	brp.loop.imp	.L_bn_add_words_ctop,.L_bn_add_words_cend-16
+					}
+	.body
+{ .mib;	mov		r14=r32			// rp
+	mov		r9=pr		};;
+{ .mii;	mov		r15=r33			// ap
+	mov		ar.lc=r10
+	mov		ar.ec=6		}
+{ .mib;	mov		r16=r34			// bp
+	mov		pr.rot=1<<16	};;
+
+.L_bn_add_words_ctop:
+{ .mii;	(p16)	ld8		r32=[r16],8	  // b=*(bp++)
+	(p18)	add		r39=r37,r34
+	(p19)	cmp.ltu.unc	p56,p0=r40,r38	}
+{ .mfb;	(p0)	nop.m		0x0
+	(p0)	nop.f		0x0
+	(p0)	nop.b		0x0		}
+{ .mii;	(p16)	ld8		r35=[r15],8	  // a=*(ap++)
+	(p58)	cmp.eq.or	p57,p0=-1,r41	  // (p20)
+	(p58)	add		r41=1,r41	} // (p20)
+{ .mfb;	(p21)	st8		[r14]=r42,8	  // *(rp++)=r
+	(p0)	nop.f		0x0
+	br.ctop.sptk	.L_bn_add_words_ctop	};;
+.L_bn_add_words_cend:
+
+{ .mii;
+(p59)	add		r8=1,r8		// return value
+	mov		pr=r9,-1
+	mov		ar.lc=r3	}
+{ .mbb;	nop.b		0x0
+	br.ret.sptk.many	b0	};;
+.endp	bn_add_words#
+
+//
+// BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num)
+//
+.global	bn_sub_words#
+.proc	bn_sub_words#
+.align	64
+.skip	32	// makes the loop body aligned at 64-byte boundary
+bn_sub_words:
+	.prologue
+	.fframe	0
+	.save	ar.pfs,r2
+{ .mii;	alloc		r2=ar.pfs,4,12,0,16
+	cmp4.le		p6,p0=r35,r0	};;
+{ .mfb;	mov		r8=r0			// return value
+(p6)	br.ret.spnt.many	b0	};;
+
+	.save	ar.lc,r3
+{ .mib;	sub		r10=r35,r0,1
+	mov		r3=ar.lc
+	brp.loop.imp	.L_bn_sub_words_ctop,.L_bn_sub_words_cend-16
+					}
+	.body
+{ .mib;	mov		r14=r32			// rp
+	mov		r9=pr		};;
+{ .mii;	mov		r15=r33			// ap
+	mov		ar.lc=r10
+	mov		ar.ec=6		}
+{ .mib;	mov		r16=r34			// bp
+	mov		pr.rot=1<<16	};;
+
+.L_bn_sub_words_ctop:
+{ .mii;	(p16)	ld8		r32=[r16],8	  // b=*(bp++)
+	(p18)	sub		r39=r37,r34
+	(p19)	cmp.gtu.unc	p56,p0=r40,r38	}
+{ .mfb;	(p0)	nop.m		0x0
+	(p0)	nop.f		0x0
+	(p0)	nop.b		0x0		}
+{ .mii;	(p16)	ld8		r35=[r15],8	  // a=*(ap++)
+	(p58)	cmp.eq.or	p57,p0=0,r41	  // (p20)
+	(p58)	add		r41=-1,r41	} // (p20)
+{ .mbb;	(p21)	st8		[r14]=r42,8	  // *(rp++)=r
+	(p0)	nop.b		0x0
+	br.ctop.sptk	.L_bn_sub_words_ctop	};;
+.L_bn_sub_words_cend:
+
+{ .mii;
+(p59)	add		r8=1,r8		// return value
+	mov		pr=r9,-1
+	mov		ar.lc=r3	}
+{ .mbb;	nop.b		0x0
+	br.ret.sptk.many	b0	};;
+.endp	bn_sub_words#
+#endif
+
+#if 0
+#define XMA_TEMPTATION
+#endif
+
+#if 1
+//
+// BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+//
+.global	bn_mul_words#
+.proc	bn_mul_words#
+.align	64
+.skip	32	// makes the loop body aligned at 64-byte boundary
+bn_mul_words:
+	.prologue
+	.fframe	0
+	.save	ar.pfs,r2
+#ifdef XMA_TEMPTATION
+{ .mfi;	alloc		r2=ar.pfs,4,0,0,0	};;
+#else
+{ .mfi;	alloc		r2=ar.pfs,4,4,0,8	};;
+#endif
+{ .mib;	mov		r8=r0			// return value
+	cmp4.le		p6,p0=r34,r0
+(p6)	br.ret.spnt.many	b0		};;
+
+	.save	ar.lc,r3
+{ .mii;	sub	r10=r34,r0,1
+	mov	r3=ar.lc
+	mov	r9=pr			};;
+
+	.body
+{ .mib;	setf.sig	f8=r35	// w
+	mov		pr.rot=0x400001<<16
+			// ------^----- serves as (p48) at first (p26)
+	brp.loop.imp	.L_bn_mul_words_ctop,.L_bn_mul_words_cend-16
+					}
+
+#ifndef XMA_TEMPTATION
+
+{ .mii;	mov		r14=r32	// rp
+	mov		r15=r33	// ap
+	mov		ar.lc=r10	}
+{ .mii;	mov		r39=0	// serves as r33 at first (p26)
+	mov		ar.ec=12	};;
+
+// This loop spins in 2*(n+11) ticks. It's scheduled for data in L2
+// cache (i.e. 9 ticks away) as floating point load/store instructions
+// bypass L1 cache and L2 latency is actually best-case scenario for
+// ldf8. The loop is not scalable and shall run in 2*(n+11) even on
+// "wider" IA-64 implementations. It's a trade-off here. n+22 loop
+// would give us ~5% in *overall* performance improvement on "wider"
+// IA-64, but would hurt Itanium for about same because of longer
+// epilogue. As it's a matter of few percents in either case I've
+// chosen to trade the scalability for development time (you can see
+// this very instruction sequence in bn_mul_add_words loop which in
+// turn is scalable).
+.L_bn_mul_words_ctop:
+{ .mfi;	(p25)	getf.sig	r36=f49			// low
+	(p21)	xmpy.lu		f45=f37,f8
+	(p27)	cmp.ltu		p52,p48=r39,r38	}
+{ .mfi;	(p16)	ldf8		f32=[r15],8
+	(p21)	xmpy.hu		f38=f37,f8
+	(p0)	nop.i		0x0		};;
+{ .mii;	(p26)	getf.sig	r32=f43			// high
+	.pred.rel	"mutex",p48,p52
+	(p48)	add		r38=r37,r33		// (p26)
+	(p52)	add		r38=r37,r33,1	}	// (p26)
+{ .mfb;	(p27)	st8		[r14]=r39,8
+	(p0)	nop.f		0x0
+	br.ctop.sptk	.L_bn_mul_words_ctop	};;
+.L_bn_mul_words_cend:
+
+{ .mii;	nop.m		0x0
+.pred.rel	"mutex",p49,p53
+(p49)	add		r8=r34,r0
+(p53)	add		r8=r34,r0,1	}
+{ .mfb;	nop.m	0x0
+	nop.f	0x0
+	nop.b	0x0			}
+
+#else	// XMA_TEMPTATION
+
+	setf.sig	f37=r0	// serves as carry at (p18) tick
+	mov		ar.lc=r10
+	mov		ar.ec=5;;
+
+// Most of you examining this code very likely wonder why in the name
+// of Intel the following loop is commented out? Indeed, it looks so
+// neat that you find it hard to believe that it's something wrong
+// with it, right? The catch is that every iteration depends on the
+// result from previous one and the latter isn't available instantly.
+// The loop therefore spins at the latency of xma minus 1, or in other
+// words at 6*(n+4) ticks:-( Compare to the "production" loop above
+// that runs in 2*(n+11) where the low latency problem is worked around
+// by moving the dependency to one-tick latent interger ALU. Note that
+// "distance" between ldf8 and xma is not latency of ldf8, but the
+// *difference* between xma and ldf8 latencies.
+.L_bn_mul_words_ctop:
+{ .mfi;	(p16)	ldf8		f32=[r33],8
+	(p18)	xma.hu		f38=f34,f8,f39	}
+{ .mfb;	(p20)	stf8		[r32]=f37,8
+	(p18)	xma.lu		f35=f34,f8,f39
+	br.ctop.sptk	.L_bn_mul_words_ctop	};;
+.L_bn_mul_words_cend:
+
+	getf.sig	r8=f41		// the return value
+
+#endif	// XMA_TEMPTATION
+
+{ .mii;	nop.m		0x0
+	mov		pr=r9,-1
+	mov		ar.lc=r3	}
+{ .mfb;	rum		1<<5		// clear um.mfh
+	nop.f		0x0
+	br.ret.sptk.many	b0	};;
+.endp	bn_mul_words#
+#endif
+
+#if 1
+//
+// BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+//
+.global	bn_mul_add_words#
+.proc	bn_mul_add_words#
+.align	64
+//.skip	0	// makes the loop split at 64-byte boundary
+bn_mul_add_words:
+	.prologue
+	.fframe	0
+	.save	ar.pfs,r2
+{ .mii;	alloc		r2=ar.pfs,4,12,0,16
+	cmp4.le		p6,p0=r34,r0	};;
+{ .mfb;	mov		r8=r0			// return value
+(p6)	br.ret.spnt.many	b0	};;
+
+	.save	ar.lc,r3
+{ .mii;	sub	r10=r34,r0,1
+	mov	r3=ar.lc
+	mov	r9=pr			};;
+
+	.body
+{ .mib;	setf.sig	f8=r35	// w
+	mov		pr.rot=0x400001<<16
+			// ------^----- serves as (p48) at first (p26)
+	brp.loop.imp	.L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16
+					}
+{ .mii;	mov		r14=r32	// rp
+	mov		r15=r33	// ap
+	mov		ar.lc=r10	}
+{ .mii;	mov		r39=0	// serves as r33 at first (p26)
+	mov		r18=r32	// rp copy
+	mov		ar.ec=14	};;
+
+// This loop spins in 3*(n+13) ticks on Itanium and should spin in
+// 2*(n+13) on "wider" IA-64 implementations (to be verified with new
+// µ-architecture manuals as they become available). As usual it's
+// possible to compress the epilogue, down to 10 in this case, at the
+// cost of scalability. Compressed (and therefore non-scalable) loop
+// running at 3*(n+10) would buy you ~10% on Itanium but take ~35%
+// from "wider" IA-64 so let it be scalable! Special attention was
+// paid for having the loop body split at 64-byte boundary. ld8 is
+// scheduled for L1 cache as the data is more than likely there.
+// Indeed, bn_mul_words has put it there a moment ago:-)
+.L_bn_mul_add_words_ctop:
+{ .mfi;	(p25)	getf.sig	r36=f49			// low
+	(p21)	xmpy.lu		f45=f37,f8
+	(p27)	cmp.ltu		p52,p48=r39,r38	}
+{ .mfi;	(p16)	ldf8		f32=[r15],8
+	(p21)	xmpy.hu		f38=f37,f8
+	(p27)	add		r43=r43,r39	};;
+{ .mii;	(p26)	getf.sig	r32=f43			// high
+	.pred.rel	"mutex",p48,p52
+	(p48)	add		r38=r37,r33		// (p26)
+	(p52)	add		r38=r37,r33,1	}	// (p26)
+{ .mfb;	(p27)	cmp.ltu.unc	p56,p0=r43,r39
+	(p0)	nop.f		0x0
+	(p0)	nop.b		0x0		}
+{ .mii;	(p26)	ld8		r42=[r18],8
+	(p58)	cmp.eq.or	p57,p0=-1,r44
+	(p58)	add		r44=1,r44	}
+{ .mfb;	(p29)	st8		[r14]=r45,8
+	(p0)	nop.f		0x0
+	br.ctop.sptk	.L_bn_mul_add_words_ctop};;
+.L_bn_mul_add_words_cend:
+
+{ .mii;	nop.m		0x0
+.pred.rel	"mutex",p51,p55
+(p51)	add		r8=r36,r0
+(p55)	add		r8=r36,r0,1	}
+{ .mfb;	nop.m	0x0
+	nop.f	0x0
+	nop.b	0x0			};;
+{ .mii;
+(p59)	add		r8=1,r8
+	mov		pr=r9,-1
+	mov		ar.lc=r3	}
+{ .mfb;	rum		1<<5		// clear um.mfh
+	nop.f		0x0
+	br.ret.sptk.many	b0	};;
+.endp	bn_mul_add_words#
+#endif
+
+#if 1
+//
+// void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
+//
+.global	bn_sqr_words#
+.proc	bn_sqr_words#
+.align	64
+.skip	32	// makes the loop body aligned at 64-byte boundary 
+bn_sqr_words:
+	.prologue
+	.fframe	0
+	.save	ar.pfs,r2
+{ .mii;	alloc		r2=ar.pfs,3,0,0,0
+	sxt4		r34=r34		};;
+{ .mii;	cmp.le		p6,p0=r34,r0
+	mov		r8=r0		}	// return value
+{ .mfb;	nop.f		0x0
+(p6)	br.ret.spnt.many	b0	};;
+
+	.save	ar.lc,r3
+{ .mii;	sub	r10=r34,r0,1
+	mov	r3=ar.lc
+	mov	r9=pr			};;
+
+	.body
+{ .mib;
+	mov		pr.rot=1<<16
+	brp.loop.imp	.L_bn_sqr_words_ctop,.L_bn_sqr_words_cend-16
+					}
+{ .mii;	add		r34=8,r32
+	mov		ar.lc=r10
+	mov		ar.ec=18	};;
+
+// 2*(n+17) on Itanium, (n+17) on "wider" IA-64 implementations. It's
+// possible to compress the epilogue (I'm getting tired to write this
+// comment over and over) and get down to 2*n+16 at the cost of
+// scalability. The decision will very likely be reconsidered after the
+// benchmark program is profiled. I.e. if perfomance gain on Itanium
+// will appear larger than loss on "wider" IA-64, then the loop should
+// be explicitely split and the epilogue compressed.
+.L_bn_sqr_words_ctop:
+{ .mfi;	(p16)	ldf8		f32=[r33],8
+	(p25)	xmpy.lu		f42=f41,f41
+	(p0)	nop.i		0x0		}
+{ .mib;	(p33)	stf8		[r32]=f50,16
+	(p0)	nop.i		0x0
+	(p0)	nop.b		0x0		}
+{ .mfi;	(p0)	nop.m		0x0
+	(p25)	xmpy.hu		f52=f41,f41
+	(p0)	nop.i		0x0		}
+{ .mib;	(p33)	stf8		[r34]=f60,16
+	(p0)	nop.i		0x0
+	br.ctop.sptk	.L_bn_sqr_words_ctop	};;
+.L_bn_sqr_words_cend:
+
+{ .mii;	nop.m		0x0
+	mov		pr=r9,-1
+	mov		ar.lc=r3	}
+{ .mfb;	rum		1<<5		// clear um.mfh
+	nop.f		0x0
+	br.ret.sptk.many	b0	};;
+.endp	bn_sqr_words#
+#endif
+
+#if 1
+// Apparently we win nothing by implementing special bn_sqr_comba8.
+// Yes, it is possible to reduce the number of multiplications by
+// almost factor of two, but then the amount of additions would
+// increase by factor of two (as we would have to perform those
+// otherwise performed by xma ourselves). Normally we would trade
+// anyway as multiplications are way more expensive, but not this
+// time... Multiplication kernel is fully pipelined and as we drain
+// one 128-bit multiplication result per clock cycle multiplications
+// are effectively as inexpensive as additions. Special implementation
+// might become of interest for "wider" IA-64 implementation as you'll
+// be able to get through the multiplication phase faster (there won't
+// be any stall issues as discussed in the commentary section below and
+// you therefore will be able to employ all 4 FP units)... But these
+// Itanium days it's simply too hard to justify the effort so I just
+// drop down to bn_mul_comba8 code:-)
+//
+// void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+//
+.global	bn_sqr_comba8#
+.proc	bn_sqr_comba8#
+.align	64
+bn_sqr_comba8:
+	.prologue
+	.fframe	0
+	.save	ar.pfs,r2
+{ .mii;	alloc	r2=ar.pfs,2,1,0,0
+	mov	r34=r33
+	add	r14=8,r33		};;
+	.body
+{ .mii;	add	r17=8,r34
+	add	r15=16,r33
+	add	r18=16,r34		}
+{ .mfb;	add	r16=24,r33
+	br	.L_cheat_entry_point8	};;
+.endp	bn_sqr_comba8#
+#endif
+
+#if 1
+// I've estimated this routine to run in ~120 ticks, but in reality
+// (i.e. according to ar.itc) it takes ~160 ticks. Are those extra
+// cycles consumed for instructions fetch? Or did I misinterpret some
+// clause in Itanium µ-architecture manual? Comments are welcomed and
+// highly appreciated.
+//
+// However! It should be noted that even 160 ticks is darn good result
+// as it's over 10 (yes, ten, spelled as t-e-n) times faster than the
+// C version (compiled with gcc with inline assembler). I really
+// kicked compiler's butt here, didn't I? Yeah! This brings us to the
+// following statement. It's damn shame that this routine isn't called
+// very often nowadays! According to the profiler most CPU time is
+// consumed by bn_mul_add_words called from BN_from_montgomery. In
+// order to estimate what we're missing, I've compared the performance
+// of this routine against "traditional" implementation, i.e. against
+// following routine:
+//
+// void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+// {	r[ 8]=bn_mul_words(    &(r[0]),a,8,b[0]);
+//	r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]);
+//	r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]);
+//	r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]);
+//	r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]);
+//	r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]);
+//	r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]);
+//	r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
+// }
+//
+// The one below is over 8 times faster than the one above:-( Even
+// more reasons to "combafy" bn_mul_add_mont...
+//
+// And yes, this routine really made me wish there were an optimizing
+// assembler! It also feels like it deserves a dedication.
+//
+//	To my wife for being there and to my kids...
+//
+// void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+//
+#define	carry1	r14
+#define	carry2	r15
+#define	carry3	r34
+.global	bn_mul_comba8#
+.proc	bn_mul_comba8#
+.align	64
+bn_mul_comba8:
+	.prologue
+	.fframe	0
+	.save	ar.pfs,r2
+{ .mii;	alloc	r2=ar.pfs,3,0,0,0
+	add	r14=8,r33
+	add	r17=8,r34		}
+	.body
+{ .mii;	add	r15=16,r33
+	add	r18=16,r34
+	add	r16=24,r33		}
+.L_cheat_entry_point8:
+{ .mmi;	add	r19=24,r34
+
+	ldf8	f32=[r33],32		};;
+
+{ .mmi;	ldf8	f120=[r34],32
+	ldf8	f121=[r17],32		}
+{ .mmi;	ldf8	f122=[r18],32
+	ldf8	f123=[r19],32		};;
+{ .mmi;	ldf8	f124=[r34]
+	ldf8	f125=[r17]		}
+{ .mmi;	ldf8	f126=[r18]
+	ldf8	f127=[r19]		}
+
+{ .mmi;	ldf8	f33=[r14],32
+	ldf8	f34=[r15],32		}
+{ .mmi;	ldf8	f35=[r16],32;;
+	ldf8	f36=[r33]		}
+{ .mmi;	ldf8	f37=[r14]
+	ldf8	f38=[r15]		}
+{ .mfi;	ldf8	f39=[r16]
+// -------\ Entering multiplier's heaven /-------
+// ------------\                    /------------
+// -----------------\          /-----------------
+// ----------------------\/----------------------
+		xma.hu	f41=f32,f120,f0		}
+{ .mfi;		xma.lu	f40=f32,f120,f0		};; // (*)
+{ .mfi;		xma.hu	f51=f32,f121,f0		}
+{ .mfi;		xma.lu	f50=f32,f121,f0		};;
+{ .mfi;		xma.hu	f61=f32,f122,f0		}
+{ .mfi;		xma.lu	f60=f32,f122,f0		};;
+{ .mfi;		xma.hu	f71=f32,f123,f0		}
+{ .mfi;		xma.lu	f70=f32,f123,f0		};;
+{ .mfi;		xma.hu	f81=f32,f124,f0		}
+{ .mfi;		xma.lu	f80=f32,f124,f0		};;
+{ .mfi;		xma.hu	f91=f32,f125,f0		}
+{ .mfi;		xma.lu	f90=f32,f125,f0		};;
+{ .mfi;		xma.hu	f101=f32,f126,f0	}
+{ .mfi;		xma.lu	f100=f32,f126,f0	};;
+{ .mfi;		xma.hu	f111=f32,f127,f0	}
+{ .mfi;		xma.lu	f110=f32,f127,f0	};;//
+// (*)	You can argue that splitting at every second bundle would
+//	prevent "wider" IA-64 implementations from achieving the peak
+//	performance. Well, not really... The catch is that if you
+//	intend to keep 4 FP units busy by splitting at every fourth
+//	bundle and thus perform these 16 multiplications in 4 ticks,
+//	the first bundle *below* would stall because the result from
+//	the first xma bundle *above* won't be available for another 3
+//	ticks (if not more, being an optimist, I assume that "wider"
+//	implementation will have same latency:-). This stall will hold
+//	you back and the performance would be as if every second bundle
+//	were split *anyway*...
+{ .mfi;	getf.sig	r16=f40
+		xma.hu	f42=f33,f120,f41
+	add		r33=8,r32		}
+{ .mfi;		xma.lu	f41=f33,f120,f41	};;
+{ .mfi;	getf.sig	r24=f50
+		xma.hu	f52=f33,f121,f51	}
+{ .mfi;		xma.lu	f51=f33,f121,f51	};;
+{ .mfi;	st8		[r32]=r16,16
+		xma.hu	f62=f33,f122,f61	}
+{ .mfi;		xma.lu	f61=f33,f122,f61	};;
+{ .mfi;		xma.hu	f72=f33,f123,f71	}
+{ .mfi;		xma.lu	f71=f33,f123,f71	};;
+{ .mfi;		xma.hu	f82=f33,f124,f81	}
+{ .mfi;		xma.lu	f81=f33,f124,f81	};;
+{ .mfi;		xma.hu	f92=f33,f125,f91	}
+{ .mfi;		xma.lu	f91=f33,f125,f91	};;
+{ .mfi;		xma.hu	f102=f33,f126,f101	}
+{ .mfi;		xma.lu	f101=f33,f126,f101	};;
+{ .mfi;		xma.hu	f112=f33,f127,f111	}
+{ .mfi;		xma.lu	f111=f33,f127,f111	};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r25=f41
+		xma.hu	f43=f34,f120,f42	}
+{ .mfi;		xma.lu	f42=f34,f120,f42	};;
+{ .mfi;	getf.sig	r16=f60
+		xma.hu	f53=f34,f121,f52	}
+{ .mfi;		xma.lu	f52=f34,f121,f52	};;
+{ .mfi;	getf.sig	r17=f51
+		xma.hu	f63=f34,f122,f62
+	add		r25=r25,r24		}
+{ .mfi;		xma.lu	f62=f34,f122,f62
+	mov		carry1=0		};;
+{ .mfi;	cmp.ltu		p6,p0=r25,r24
+		xma.hu	f73=f34,f123,f72	}
+{ .mfi;		xma.lu	f72=f34,f123,f72	};;
+{ .mfi;	st8		[r33]=r25,16
+		xma.hu	f83=f34,f124,f82
+(p6)	add		carry1=1,carry1		}
+{ .mfi;		xma.lu	f82=f34,f124,f82	};;
+{ .mfi;		xma.hu	f93=f34,f125,f92	}
+{ .mfi;		xma.lu	f92=f34,f125,f92	};;
+{ .mfi;		xma.hu	f103=f34,f126,f102	}
+{ .mfi;		xma.lu	f102=f34,f126,f102	};;
+{ .mfi;		xma.hu	f113=f34,f127,f112	}
+{ .mfi;		xma.lu	f112=f34,f127,f112	};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r18=f42
+		xma.hu	f44=f35,f120,f43
+	add		r17=r17,r16		}
+{ .mfi;		xma.lu	f43=f35,f120,f43	};;
+{ .mfi;	getf.sig	r24=f70
+		xma.hu	f54=f35,f121,f53	}
+{ .mfi;	mov		carry2=0
+		xma.lu	f53=f35,f121,f53	};;
+{ .mfi;	getf.sig	r25=f61
+		xma.hu	f64=f35,f122,f63
+	cmp.ltu		p7,p0=r17,r16		}
+{ .mfi;	add		r18=r18,r17
+		xma.lu	f63=f35,f122,f63	};;
+{ .mfi;	getf.sig	r26=f52
+		xma.hu	f74=f35,f123,f73
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r18,r17
+		xma.lu	f73=f35,f123,f73
+	add		r18=r18,carry1		};;
+{ .mfi;
+		xma.hu	f84=f35,f124,f83
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r18,carry1
+		xma.lu	f83=f35,f124,f83	};;
+{ .mfi;	st8		[r32]=r18,16
+		xma.hu	f94=f35,f125,f93
+(p7)	add		carry2=1,carry2		}
+{ .mfi;		xma.lu	f93=f35,f125,f93	};;
+{ .mfi;		xma.hu	f104=f35,f126,f103	}
+{ .mfi;		xma.lu	f103=f35,f126,f103	};;
+{ .mfi;		xma.hu	f114=f35,f127,f113	}
+{ .mfi;	mov		carry1=0
+		xma.lu	f113=f35,f127,f113
+	add		r25=r25,r24		};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r27=f43
+		xma.hu	f45=f36,f120,f44
+	cmp.ltu		p6,p0=r25,r24		}
+{ .mfi;		xma.lu	f44=f36,f120,f44	
+	add		r26=r26,r25		};;
+{ .mfi;	getf.sig	r16=f80
+		xma.hu	f55=f36,f121,f54
+(p6)	add		carry1=1,carry1		}
+{ .mfi;		xma.lu	f54=f36,f121,f54	};;
+{ .mfi;	getf.sig	r17=f71
+		xma.hu	f65=f36,f122,f64
+	cmp.ltu		p6,p0=r26,r25		}
+{ .mfi;		xma.lu	f64=f36,f122,f64
+	add		r27=r27,r26		};;
+{ .mfi;	getf.sig	r18=f62
+		xma.hu	f75=f36,f123,f74
+(p6)	add		carry1=1,carry1		}
+{ .mfi;	cmp.ltu		p6,p0=r27,r26
+		xma.lu	f74=f36,f123,f74
+	add		r27=r27,carry2		};;
+{ .mfi;	getf.sig	r19=f53
+		xma.hu	f85=f36,f124,f84
+(p6)	add		carry1=1,carry1		}
+{ .mfi;		xma.lu	f84=f36,f124,f84
+	cmp.ltu		p6,p0=r27,carry2	};;
+{ .mfi;	st8		[r33]=r27,16
+		xma.hu	f95=f36,f125,f94
+(p6)	add		carry1=1,carry1		}
+{ .mfi;		xma.lu	f94=f36,f125,f94	};;
+{ .mfi;		xma.hu	f105=f36,f126,f104	}
+{ .mfi;	mov		carry2=0
+		xma.lu	f104=f36,f126,f104
+	add		r17=r17,r16		};;
+{ .mfi;		xma.hu	f115=f36,f127,f114
+	cmp.ltu		p7,p0=r17,r16		}
+{ .mfi;		xma.lu	f114=f36,f127,f114
+	add		r18=r18,r17		};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r20=f44
+		xma.hu	f46=f37,f120,f45
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r18,r17
+		xma.lu	f45=f37,f120,f45
+	add		r19=r19,r18		};;
+{ .mfi;	getf.sig	r24=f90
+		xma.hu	f56=f37,f121,f55	}
+{ .mfi;		xma.lu	f55=f37,f121,f55	};;
+{ .mfi;	getf.sig	r25=f81
+		xma.hu	f66=f37,f122,f65
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r19,r18
+		xma.lu	f65=f37,f122,f65
+	add		r20=r20,r19		};;
+{ .mfi;	getf.sig	r26=f72
+		xma.hu	f76=f37,f123,f75
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r20,r19
+		xma.lu	f75=f37,f123,f75
+	add		r20=r20,carry1		};;
+{ .mfi;	getf.sig	r27=f63
+		xma.hu	f86=f37,f124,f85
+(p7)	add		carry2=1,carry2		}
+{ .mfi;		xma.lu	f85=f37,f124,f85
+	cmp.ltu		p7,p0=r20,carry1	};;
+{ .mfi;	getf.sig	r28=f54
+		xma.hu	f96=f37,f125,f95
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	st8		[r32]=r20,16
+		xma.lu	f95=f37,f125,f95	};;
+{ .mfi;		xma.hu	f106=f37,f126,f105	}
+{ .mfi;	mov		carry1=0
+		xma.lu	f105=f37,f126,f105
+	add		r25=r25,r24		};;
+{ .mfi;		xma.hu	f116=f37,f127,f115
+	cmp.ltu		p6,p0=r25,r24		}
+{ .mfi;		xma.lu	f115=f37,f127,f115
+	add		r26=r26,r25		};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r29=f45
+		xma.hu	f47=f38,f120,f46
+(p6)	add		carry1=1,carry1		}
+{ .mfi;	cmp.ltu		p6,p0=r26,r25
+		xma.lu	f46=f38,f120,f46
+	add		r27=r27,r26		};;
+{ .mfi;	getf.sig	r16=f100
+		xma.hu	f57=f38,f121,f56
+(p6)	add		carry1=1,carry1		}
+{ .mfi;	cmp.ltu		p6,p0=r27,r26
+		xma.lu	f56=f38,f121,f56
+	add		r28=r28,r27		};;
+{ .mfi;	getf.sig	r17=f91
+		xma.hu	f67=f38,f122,f66
+(p6)	add		carry1=1,carry1		}
+{ .mfi;	cmp.ltu		p6,p0=r28,r27
+		xma.lu	f66=f38,f122,f66
+	add		r29=r29,r28		};;
+{ .mfi;	getf.sig	r18=f82
+		xma.hu	f77=f38,f123,f76
+(p6)	add		carry1=1,carry1		}
+{ .mfi;	cmp.ltu		p6,p0=r29,r28
+		xma.lu	f76=f38,f123,f76
+	add		r29=r29,carry2		};;
+{ .mfi;	getf.sig	r19=f73
+		xma.hu	f87=f38,f124,f86
+(p6)	add		carry1=1,carry1		}
+{ .mfi;		xma.lu	f86=f38,f124,f86
+	cmp.ltu		p6,p0=r29,carry2	};;
+{ .mfi;	getf.sig	r20=f64
+		xma.hu	f97=f38,f125,f96
+(p6)	add		carry1=1,carry1		}
+{ .mfi;	st8		[r33]=r29,16
+		xma.lu	f96=f38,f125,f96	};;
+{ .mfi;	getf.sig	r21=f55
+		xma.hu	f107=f38,f126,f106	}
+{ .mfi;	mov		carry2=0
+		xma.lu	f106=f38,f126,f106
+	add		r17=r17,r16		};;
+{ .mfi;		xma.hu	f117=f38,f127,f116
+	cmp.ltu		p7,p0=r17,r16		}
+{ .mfi;		xma.lu	f116=f38,f127,f116
+	add		r18=r18,r17		};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r22=f46
+		xma.hu	f48=f39,f120,f47
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r18,r17
+		xma.lu	f47=f39,f120,f47
+	add		r19=r19,r18		};;
+{ .mfi;	getf.sig	r24=f110
+		xma.hu	f58=f39,f121,f57
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r19,r18
+		xma.lu	f57=f39,f121,f57
+	add		r20=r20,r19		};;
+{ .mfi;	getf.sig	r25=f101
+		xma.hu	f68=f39,f122,f67
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r20,r19
+		xma.lu	f67=f39,f122,f67
+	add		r21=r21,r20		};;
+{ .mfi;	getf.sig	r26=f92
+		xma.hu	f78=f39,f123,f77
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r21,r20
+		xma.lu	f77=f39,f123,f77
+	add		r22=r22,r21		};;
+{ .mfi;	getf.sig	r27=f83
+		xma.hu	f88=f39,f124,f87
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	cmp.ltu		p7,p0=r22,r21
+		xma.lu	f87=f39,f124,f87
+	add		r22=r22,carry1		};;
+{ .mfi;	getf.sig	r28=f74
+		xma.hu	f98=f39,f125,f97
+(p7)	add		carry2=1,carry2		}
+{ .mfi;		xma.lu	f97=f39,f125,f97
+	cmp.ltu		p7,p0=r22,carry1	};;
+{ .mfi;	getf.sig	r29=f65
+		xma.hu	f108=f39,f126,f107
+(p7)	add		carry2=1,carry2		}
+{ .mfi;	st8		[r32]=r22,16
+		xma.lu	f107=f39,f126,f107	};;
+{ .mfi;	getf.sig	r30=f56
+		xma.hu	f118=f39,f127,f117	}
+{ .mfi;		xma.lu	f117=f39,f127,f117	};;//
+//-------------------------------------------------//
+// Leaving muliplier's heaven... Quite a ride, huh?
+
+{ .mii;	getf.sig	r31=f47
+	add		r25=r25,r24
+	mov		carry1=0		};;
+{ .mii;		getf.sig	r16=f111
+	cmp.ltu		p6,p0=r25,r24
+	add		r26=r26,r25		};;
+{ .mfb;		getf.sig	r17=f102	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,r25
+	add		r27=r27,r26		};;
+{ .mfb;	nop.m	0x0				}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r27,r26
+	add		r28=r28,r27		};;
+{ .mii;		getf.sig	r18=f93
+		add		r17=r17,r16
+		mov		carry3=0	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r28,r27
+	add		r29=r29,r28		};;
+{ .mii;		getf.sig	r19=f84
+		cmp.ltu		p7,p0=r17,r16	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r29,r28
+	add		r30=r30,r29		};;
+{ .mii;		getf.sig	r20=f75
+		add		r18=r18,r17	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r30,r29
+	add		r31=r31,r30		};;
+{ .mfb;		getf.sig	r21=f66		}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r18,r17
+		add		r19=r19,r18	}
+{ .mfb;	nop.m	0x0				}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r31,r30
+	add		r31=r31,carry2		};;
+{ .mfb;		getf.sig	r22=f57		}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r19,r18
+		add		r20=r20,r19	}
+{ .mfb;	nop.m	0x0				}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r31,carry2	};;
+{ .mfb;		getf.sig	r23=f48		}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r20,r19
+		add		r21=r21,r20	}
+{ .mii;
+(p6)	add		carry1=1,carry1		}
+{ .mfb;	st8		[r33]=r31,16		};;
+
+{ .mfb;	getf.sig	r24=f112		}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r21,r20
+		add		r22=r22,r21	};;
+{ .mfb;	getf.sig	r25=f103		}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r22,r21
+		add		r23=r23,r22	};;
+{ .mfb;	getf.sig	r26=f94			}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r23,r22
+		add		r23=r23,carry1	};;
+{ .mfb;	getf.sig	r27=f85			}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p8=r23,carry1};;
+{ .mii;	getf.sig	r28=f76
+	add		r25=r25,r24
+	mov		carry1=0		}
+{ .mii;		st8		[r32]=r23,16
+	(p7)	add		carry2=1,carry3
+	(p8)	add		carry2=0,carry3	};;
+
+{ .mfb;	nop.m	0x0				}
+{ .mii;	getf.sig	r29=f67
+	cmp.ltu		p6,p0=r25,r24
+	add		r26=r26,r25		};;
+{ .mfb;	getf.sig	r30=f58			}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,r25
+	add		r27=r27,r26		};;
+{ .mfb;		getf.sig	r16=f113	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r27,r26
+	add		r28=r28,r27		};;
+{ .mfb;		getf.sig	r17=f104	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r28,r27
+	add		r29=r29,r28		};;
+{ .mfb;		getf.sig	r18=f95		}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r29,r28
+	add		r30=r30,r29		};;
+{ .mii;		getf.sig	r19=f86
+		add		r17=r17,r16
+		mov		carry3=0	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r30,r29
+	add		r30=r30,carry2		};;
+{ .mii;		getf.sig	r20=f77
+		cmp.ltu		p7,p0=r17,r16
+		add		r18=r18,r17	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r30,carry2	};;
+{ .mfb;		getf.sig	r21=f68		}
+{ .mii;	st8		[r33]=r30,16
+(p6)	add		carry1=1,carry1		};;
+
+{ .mfb;	getf.sig	r24=f114		}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r18,r17
+		add		r19=r19,r18	};;
+{ .mfb;	getf.sig	r25=f105		}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r19,r18
+		add		r20=r20,r19	};;
+{ .mfb;	getf.sig	r26=f96			}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r20,r19
+		add		r21=r21,r20	};;
+{ .mfb;	getf.sig	r27=f87			}
+{ .mii;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p0=r21,r20
+		add		r21=r21,carry1	};;
+{ .mib;	getf.sig	r28=f78			
+	add		r25=r25,r24		}
+{ .mib;	(p7)	add		carry3=1,carry3
+		cmp.ltu		p7,p8=r21,carry1};;
+{ .mii;		st8		[r32]=r21,16
+	(p7)	add		carry2=1,carry3
+	(p8)	add		carry2=0,carry3	}
+
+{ .mii;	mov		carry1=0
+	cmp.ltu		p6,p0=r25,r24
+	add		r26=r26,r25		};;
+{ .mfb;		getf.sig	r16=f115	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,r25
+	add		r27=r27,r26		};;
+{ .mfb;		getf.sig	r17=f106	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r27,r26
+	add		r28=r28,r27		};;
+{ .mfb;		getf.sig	r18=f97		}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r28,r27
+	add		r28=r28,carry2		};;
+{ .mib;		getf.sig	r19=f88
+		add		r17=r17,r16	}
+{ .mib;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r28,carry2	};;
+{ .mii;	st8		[r33]=r28,16
+(p6)	add		carry1=1,carry1		}
+
+{ .mii;		mov		carry2=0
+		cmp.ltu		p7,p0=r17,r16
+		add		r18=r18,r17	};;
+{ .mfb;	getf.sig	r24=f116		}
+{ .mii;	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r18,r17
+		add		r19=r19,r18	};;
+{ .mfb;	getf.sig	r25=f107		}
+{ .mii;	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r19,r18
+		add		r19=r19,carry1	};;
+{ .mfb;	getf.sig	r26=f98			}
+{ .mii;	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r19,carry1};;
+{ .mii;		st8		[r32]=r19,16
+	(p7)	add		carry2=1,carry2	}
+
+{ .mfb;	add		r25=r25,r24		};;
+
+{ .mfb;		getf.sig	r16=f117	}
+{ .mii;	mov		carry1=0
+	cmp.ltu		p6,p0=r25,r24
+	add		r26=r26,r25		};;
+{ .mfb;		getf.sig	r17=f108	}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,r25
+	add		r26=r26,carry2		};;
+{ .mfb;	nop.m	0x0				}
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,carry2	};;
+{ .mii;	st8		[r33]=r26,16
+(p6)	add		carry1=1,carry1		}
+
+{ .mfb;		add		r17=r17,r16	};;
+{ .mfb;	getf.sig	r24=f118		}
+{ .mii;		mov		carry2=0
+		cmp.ltu		p7,p0=r17,r16
+		add		r17=r17,carry1	};;
+{ .mii;	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r17,carry1};;
+{ .mii;		st8		[r32]=r17
+	(p7)	add		carry2=1,carry2	};;
+{ .mfb;	add		r24=r24,carry2		};;
+{ .mib;	st8		[r33]=r24		}
+
+{ .mib;	rum		1<<5		// clear um.mfh
+	br.ret.sptk.many	b0	};;
+.endp	bn_mul_comba8#
+#undef	carry3
+#undef	carry2
+#undef	carry1
+#endif
+
+#if 1
+// It's possible to make it faster (see comment to bn_sqr_comba8), but
+// I reckon it doesn't worth the effort. Basically because the routine
+// (actually both of them) practically never called... So I just play
+// same trick as with bn_sqr_comba8.
+//
+// void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+//
+.global	bn_sqr_comba4#
+.proc	bn_sqr_comba4#
+.align	64
+bn_sqr_comba4:
+	.prologue
+	.fframe	0
+	.save	ar.pfs,r2
+{ .mii;	alloc	r2=ar.pfs,2,1,0,0
+	mov	r34=r33
+	add	r14=8,r33		};;
+	.body
+{ .mii;	add	r17=8,r34
+	add	r15=16,r33
+	add	r18=16,r34		}
+{ .mfb;	add	r16=24,r33
+	br	.L_cheat_entry_point4	};;
+.endp	bn_sqr_comba4#
+#endif
+
+#if 1
+// Runs in ~115 cycles and ~4.5 times faster than C. Well, whatever...
+//
+// void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+//
+#define	carry1	r14
+#define	carry2	r15
+.global	bn_mul_comba4#
+.proc	bn_mul_comba4#
+.align	64
+bn_mul_comba4:
+	.prologue
+	.fframe	0
+	.save	ar.pfs,r2
+{ .mii;	alloc	r2=ar.pfs,3,0,0,0
+	add	r14=8,r33
+	add	r17=8,r34		}
+	.body
+{ .mii;	add	r15=16,r33
+	add	r18=16,r34
+	add	r16=24,r33		};;
+.L_cheat_entry_point4:
+{ .mmi;	add	r19=24,r34
+
+	ldf8	f32=[r33]		}
+
+{ .mmi;	ldf8	f120=[r34]
+	ldf8	f121=[r17]		};;
+{ .mmi;	ldf8	f122=[r18]
+	ldf8	f123=[r19]		}
+
+{ .mmi;	ldf8	f33=[r14]
+	ldf8	f34=[r15]		}
+{ .mfi;	ldf8	f35=[r16]
+
+		xma.hu	f41=f32,f120,f0		}
+{ .mfi;		xma.lu	f40=f32,f120,f0		};;
+{ .mfi;		xma.hu	f51=f32,f121,f0		}
+{ .mfi;		xma.lu	f50=f32,f121,f0		};;
+{ .mfi;		xma.hu	f61=f32,f122,f0		}
+{ .mfi;		xma.lu	f60=f32,f122,f0		};;
+{ .mfi;		xma.hu	f71=f32,f123,f0		}
+{ .mfi;		xma.lu	f70=f32,f123,f0		};;//
+// Major stall takes place here, and 3 more places below. Result from
+// first xma is not available for another 3 ticks.
+{ .mfi;	getf.sig	r16=f40
+		xma.hu	f42=f33,f120,f41
+	add		r33=8,r32		}
+{ .mfi;		xma.lu	f41=f33,f120,f41	};;
+{ .mfi;	getf.sig	r24=f50
+		xma.hu	f52=f33,f121,f51	}
+{ .mfi;		xma.lu	f51=f33,f121,f51	};;
+{ .mfi;	st8		[r32]=r16,16
+		xma.hu	f62=f33,f122,f61	}
+{ .mfi;		xma.lu	f61=f33,f122,f61	};;
+{ .mfi;		xma.hu	f72=f33,f123,f71	}
+{ .mfi;		xma.lu	f71=f33,f123,f71	};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r25=f41
+		xma.hu	f43=f34,f120,f42	}
+{ .mfi;		xma.lu	f42=f34,f120,f42	};;
+{ .mfi;	getf.sig	r16=f60
+		xma.hu	f53=f34,f121,f52	}
+{ .mfi;		xma.lu	f52=f34,f121,f52	};;
+{ .mfi;	getf.sig	r17=f51
+		xma.hu	f63=f34,f122,f62
+	add		r25=r25,r24		}
+{ .mfi;	mov		carry1=0
+		xma.lu	f62=f34,f122,f62	};;
+{ .mfi;	st8		[r33]=r25,16
+		xma.hu	f73=f34,f123,f72
+	cmp.ltu		p6,p0=r25,r24		}
+{ .mfi;		xma.lu	f72=f34,f123,f72	};;//
+//-------------------------------------------------//
+{ .mfi;	getf.sig	r18=f42
+		xma.hu	f44=f35,f120,f43
+(p6)	add		carry1=1,carry1		}
+{ .mfi;	add		r17=r17,r16
+		xma.lu	f43=f35,f120,f43
+	mov		carry2=0		};;
+{ .mfi;	getf.sig	r24=f70
+		xma.hu	f54=f35,f121,f53
+	cmp.ltu		p7,p0=r17,r16		}
+{ .mfi;		xma.lu	f53=f35,f121,f53	};;
+{ .mfi;	getf.sig	r25=f61
+		xma.hu	f64=f35,f122,f63
+	add		r18=r18,r17		}
+{ .mfi;		xma.lu	f63=f35,f122,f63
+(p7)	add		carry2=1,carry2		};;
+{ .mfi;	getf.sig	r26=f52
+		xma.hu	f74=f35,f123,f73
+	cmp.ltu		p7,p0=r18,r17		}
+{ .mfi;		xma.lu	f73=f35,f123,f73
+	add		r18=r18,carry1		};;
+//-------------------------------------------------//
+{ .mii;	st8		[r32]=r18,16
+(p7)	add		carry2=1,carry2
+	cmp.ltu		p7,p0=r18,carry1	};;
+
+{ .mfi;	getf.sig	r27=f43	// last major stall
+(p7)	add		carry2=1,carry2		};;
+{ .mii;		getf.sig	r16=f71
+	add		r25=r25,r24
+	mov		carry1=0		};;
+{ .mii;		getf.sig	r17=f62	
+	cmp.ltu		p6,p0=r25,r24
+	add		r26=r26,r25		};;
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,r25
+	add		r27=r27,r26		};;
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r27,r26
+	add		r27=r27,carry2		};;
+{ .mii;		getf.sig	r18=f53
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r27,carry2	};;
+{ .mfi;	st8		[r33]=r27,16
+(p6)	add		carry1=1,carry1		}
+
+{ .mii;		getf.sig	r19=f44
+		add		r17=r17,r16
+		mov		carry2=0	};;
+{ .mii;	getf.sig	r24=f72
+		cmp.ltu		p7,p0=r17,r16
+		add		r18=r18,r17	};;
+{ .mii;	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r18,r17
+		add		r19=r19,r18	};;
+{ .mii;	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r19,r18
+		add		r19=r19,carry1	};;
+{ .mii;	getf.sig	r25=f63
+	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r19,carry1};;
+{ .mii;		st8		[r32]=r19,16
+	(p7)	add		carry2=1,carry2	}
+
+{ .mii;	getf.sig	r26=f54
+	add		r25=r25,r24
+	mov		carry1=0		};;
+{ .mii;		getf.sig	r16=f73
+	cmp.ltu		p6,p0=r25,r24
+	add		r26=r26,r25		};;
+{ .mii;
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,r25
+	add		r26=r26,carry2		};;
+{ .mii;		getf.sig	r17=f64
+(p6)	add		carry1=1,carry1
+	cmp.ltu		p6,p0=r26,carry2	};;
+{ .mii;	st8		[r33]=r26,16
+(p6)	add		carry1=1,carry1		}
+
+{ .mii;	getf.sig	r24=f74
+		add		r17=r17,r16	
+		mov		carry2=0	};;
+{ .mii;		cmp.ltu		p7,p0=r17,r16
+		add		r17=r17,carry1	};;
+
+{ .mii;	(p7)	add		carry2=1,carry2
+		cmp.ltu		p7,p0=r17,carry1};;
+{ .mii;		st8		[r32]=r17,16
+	(p7)	add		carry2=1,carry2	};;
+
+{ .mii;	add		r24=r24,carry2		};;
+{ .mii;	st8		[r33]=r24		}
+
+{ .mib;	rum		1<<5		// clear um.mfh
+	br.ret.sptk.many	b0	};;
+.endp	bn_mul_comba4#
+#undef	carry2
+#undef	carry1
+#endif
+
+#if 1
+//
+// BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+//
+// In the nutshell it's a port of my MIPS III/IV implementation.
+//
+#define	AT	r14
+#define	H	r16
+#define	HH	r20
+#define	L	r17
+#define	D	r18
+#define	DH	r22
+#define	I	r21
+
+#if 0
+// Some preprocessors (most notably HP-UX) apper to be allergic to
+// macros enclosed to parenthesis as these three will be.
+#define	cont	p16
+#define	break	p0	// p20
+#define	equ	p24
+#else
+cont=p16
+break=p0
+equ=p24
+#endif
+
+.global	abort#
+.global	bn_div_words#
+.proc	bn_div_words#
+.align	64
+bn_div_words:
+	.prologue
+	.fframe	0
+	.save	ar.pfs,r2
+	.save	b0,r3
+{ .mii;	alloc		r2=ar.pfs,3,5,0,8
+	mov		r3=b0
+	mov		r10=pr		};;
+{ .mmb;	cmp.eq		p6,p0=r34,r0
+	mov		r8=-1
+(p6)	br.ret.spnt.many	b0	};;
+
+	.body
+{ .mii;	mov		H=r32		// save h
+	mov		ar.ec=0		// don't rotate at exit
+	mov		pr.rot=0	}
+{ .mii;	mov		L=r33		// save l
+	mov		r36=r0		};;
+
+.L_divw_shift:	// -vv- note signed comparison
+{ .mfi;	(p0)	cmp.lt		p16,p0=r0,r34	// d
+	(p0)	shladd		r33=r34,1,r0	}
+{ .mfb;	(p0)	add		r35=1,r36
+	(p0)	nop.f		0x0
+(p16)	br.wtop.dpnt		.L_divw_shift	};;
+
+{ .mii;	mov		D=r34
+	shr.u		DH=r34,32
+	sub		r35=64,r36		};;
+{ .mii;	setf.sig	f7=DH
+	shr.u		AT=H,r35
+	mov		I=r36			};;
+{ .mib;	cmp.ne		p6,p0=r0,AT
+	shl		H=H,r36
+(p6)	br.call.spnt.clr	b0=abort	};;	// overflow, die...
+
+{ .mfi;	fcvt.xuf.s1	f7=f7
+	shr.u		AT=L,r35		};;
+{ .mii;	shl		L=L,r36
+	or		H=H,AT			};;
+
+{ .mii;	nop.m		0x0
+	cmp.leu		p6,p0=D,H;;
+(p6)	sub		H=H,D			}
+
+{ .mlx;	setf.sig	f14=D
+	movl		AT=0xffffffff		};;
+///////////////////////////////////////////////////////////
+{ .mii;	setf.sig	f6=H
+	shr.u		HH=H,32;;
+	cmp.eq		p6,p7=HH,DH		};;
+{ .mfb;
+(p6)	setf.sig	f8=AT
+(p7)	fcvt.xuf.s1	f6=f6
+(p7)	br.call.sptk	b6=.L_udiv64_32_b6	};;
+
+{ .mfi;	getf.sig	r33=f8				// q
+	xmpy.lu		f9=f8,f14		}
+{ .mfi;	xmpy.hu		f10=f8,f14
+	shrp		H=H,L,32		};;
+
+{ .mmi;	getf.sig	r35=f9				// tl
+	getf.sig	r31=f10			};;	// th
+
+.L_divw_1st_iter:
+{ .mii;	(p0)	add		r32=-1,r33
+	(p0)	cmp.eq		equ,cont=HH,r31		};;
+{ .mii;	(p0)	cmp.ltu		p8,p0=r35,D
+	(p0)	sub		r34=r35,D
+	(equ)	cmp.leu		break,cont=r35,H	};;
+{ .mib;	(cont)	cmp.leu		cont,break=HH,r31
+	(p8)	add		r31=-1,r31
+(cont)	br.wtop.spnt		.L_divw_1st_iter	};;
+///////////////////////////////////////////////////////////
+{ .mii;	sub		H=H,r35
+	shl		r8=r33,32
+	shl		L=L,32			};;
+///////////////////////////////////////////////////////////
+{ .mii;	setf.sig	f6=H
+	shr.u		HH=H,32;;
+	cmp.eq		p6,p7=HH,DH		};;
+{ .mfb;
+(p6)	setf.sig	f8=AT
+(p7)	fcvt.xuf.s1	f6=f6
+(p7)	br.call.sptk	b6=.L_udiv64_32_b6	};;
+
+{ .mfi;	getf.sig	r33=f8				// q
+	xmpy.lu		f9=f8,f14		}
+{ .mfi;	xmpy.hu		f10=f8,f14
+	shrp		H=H,L,32		};;
+
+{ .mmi;	getf.sig	r35=f9				// tl
+	getf.sig	r31=f10			};;	// th
+
+.L_divw_2nd_iter:
+{ .mii;	(p0)	add		r32=-1,r33
+	(p0)	cmp.eq		equ,cont=HH,r31		};;
+{ .mii;	(p0)	cmp.ltu		p8,p0=r35,D
+	(p0)	sub		r34=r35,D
+	(equ)	cmp.leu		break,cont=r35,H	};;
+{ .mib;	(cont)	cmp.leu		cont,break=HH,r31
+	(p8)	add		r31=-1,r31
+(cont)	br.wtop.spnt		.L_divw_2nd_iter	};;
+///////////////////////////////////////////////////////////
+{ .mii;	sub	H=H,r35
+	or	r8=r8,r33
+	mov	ar.pfs=r2		};;
+{ .mii;	shr.u	r9=H,I			// remainder if anybody wants it
+	mov	pr=r10,-1		}
+{ .mfb;	br.ret.sptk.many	b0	};;
+
+// Unsigned 64 by 32 (well, by 64 for the moment) bit integer division
+// procedure.
+//
+// inputs:	f6 = (double)a, f7 = (double)b
+// output:	f8 = (int)(a/b)
+// clobbered:	f8,f9,f10,f11,pred
+pred=p15
+// This procedure is essentially Intel code and therefore is
+// copyrighted to Intel Corporation (I suppose...). It's sligtly
+// modified for specific needs.
+.align	32
+.skip	16
+.L_udiv64_32_b6:
+	frcpa.s1	f8,pred=f6,f7;;		// [0]  y0 = 1 / b
+
+(pred)	fnma.s1		f9=f7,f8,f1		// [5]  e0 = 1 - b * y0
+(pred)	fmpy.s1		f10=f6,f8;;		// [5]  q0 = a * y0
+(pred)	fmpy.s1		f11=f9,f9		// [10] e1 = e0 * e0
+(pred)	fma.s1		f10=f9,f10,f10;;	// [10] q1 = q0 + e0 * q0
+(pred)	fma.s1		f8=f9,f8,f8	//;;	// [15] y1 = y0 + e0 * y0
+(pred)	fma.s1		f9=f11,f10,f10;;	// [15] q2 = q1 + e1 * q1
+(pred)	fma.s1		f8=f11,f8,f8	//;;	// [20] y2 = y1 + e1 * y1
+(pred)	fnma.s1		f10=f7,f9,f6;;		// [20] r2 = a - b * q2
+(pred)	fma.s1		f8=f10,f8,f9;;		// [25] q3 = q2 + r2 * y2
+
+	fcvt.fxu.trunc.s1	f8=f8		// [30] q = trunc(q3)
+	br.ret.sptk.many	b6;;
+.endp	bn_div_words#
+#endif
diff --git a/crypto/bn/asm/mips3.s b/crypto/bn/asm/mips3.s
index e8fdd50d16..dca4105c7d 100644
--- a/crypto/bn/asm/mips3.s
+++ b/crypto/bn/asm/mips3.s
@@ -1,544 +1,2201 @@
-/* This assember is for R4000 and above machines.  It takes advantage
- * of the 64 bit registers present on these CPUs.
- * Make sure that the SSLeay bignum library is compiled with
- * SIXTY_FOUR_BIT set and BN_LLONG undefined.
- * This must either be compiled with the system CC, or, if you use GNU gas,
- * cc -E mips3.s|gas -o mips3.o
+.rdata
+.asciiz	"mips3.s, Version 1.1"
+.asciiz	"MIPS III/IV ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+
+/*
+ * ====================================================================
+ * Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contributon to the OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is
+ * a drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c
+ * module. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * The module is designed to work with either of the "new" MIPS ABI(5),
+ * namely N32 or N64, offered by IRIX 6.x. It's not ment to work under
+ * IRIX 5.x not only because it doesn't support new ABIs but also
+ * because 5.x kernels put R4x00 CPU into 32-bit mode and all those
+ * 64-bit instructions (daddu, dmultu, etc.) found below gonna only
+ * cause illegal instruction exception:-(
+ *
+ * In addition the code depends on preprocessor flags set up by MIPSpro
+ * compiler driver (either as or cc) and therefore (probably?) can't be
+ * compiled by the GNU assembler. GNU C driver manages fine though...
+ * I mean as long as -mmips-as is specified or is the default option,
+ * because then it simply invokes /usr/bin/as which in turn takes
+ * perfect care of the preprocessor definitions. Another neat feature
+ * offered by the MIPSpro assembler is an optimization pass. This gave
+ * me the opportunity to have the code looking more regular as all those
+ * architecture dependent instruction rescheduling details were left to
+ * the assembler. Cool, huh?
+ *
+ * Performance improvement is astonishing! 'apps/openssl speed rsa dsa'
+ * goes way over 3 times faster!
+ *
+ *					<appro@fy.chalmers.se>
  */
+#include <asm.h>
+#include <regdef.h>
+
+#if _MIPS_ISA>=4
+#define	MOVNZ(cond,dst,src)	\
+	movn	dst,src,cond
+#else
+#define	MOVNZ(cond,dst,src)	\
+	.set	noreorder;	\
+	bnezl	cond,.+8;	\
+	move	dst,src;	\
 	.set	reorder
-	.set	noat
-
-#define R1	$1
-#define CC	$2
-#define	R2	$3
-#define R3	$8
-#define R4	$9
-#define L1	$10
-#define L2 	$11
-#define L3	$12
-#define L4 	$13
-#define H1 	$14
-#define H2	$15
-#define H3	$24
-#define H4	$25
-
-#define P1	$4
-#define P2	$5
-#define P3	$6
-#define P4	$7
-
-	.align	2
-	.ent	bn_mul_add_words
-	.globl	bn_mul_add_words
-.text
-bn_mul_add_words:
-	.frame	$sp,0,$31
-	.mask	0x00000000,0
-	.fmask	0x00000000,0
+#endif
 
-	#blt	P3,4,$lab34
-	
-	subu	R1,P3,4
-	move	CC,$0
-	bltz	R1,$lab34
-$lab2:	
-	ld	R1,0(P1)
-	 ld	L1,0(P2)
-	ld	R2,8(P1)
-	 ld	L2,8(P2)
-	ld	R3,16(P1)
-	 ld	L3,16(P2)
-	ld	R4,24(P1)
-	 ld	L4,24(P2)
-	dmultu	L1,P4
-	 daddu	R1,R1,CC
-	mflo	L1
-	 sltu	CC,R1,CC
-	daddu	R1,R1,L1
-	 mfhi	H1
-	sltu	L1,R1,L1
-	 sd	R1,0(P1)
-	daddu	CC,CC,L1
-	 dmultu	L2,P4
-	daddu	CC,H1,CC
-	mflo	L2
-	 daddu	R2,R2,CC
-	sltu	CC,R2,CC
-	 mfhi	H2
-	daddu	R2,R2,L2
-	 daddu	P2,P2,32
-	sltu	L2,R2,L2
-	 sd	R2,8(P1)
-	daddu	CC,CC,L2
-	 dmultu	L3,P4
-	daddu	CC,H2,CC
-	mflo	L3
-	 daddu	R3,R3,CC
-	sltu	CC,R3,CC
-	 mfhi	H3
-	daddu	R3,R3,L3
-	 daddu	P1,P1,32
-	sltu	L3,R3,L3
-	 sd	R3,-16(P1)
-	daddu	CC,CC,L3
-	 dmultu	L4,P4
-	daddu	CC,H3,CC
-	mflo	L4
-	 daddu	R4,R4,CC
-	sltu	CC,R4,CC
-	 mfhi	H4
-	daddu	R4,R4,L4
-	 subu	P3,P3,4
-	sltu	L4,R4,L4
-	daddu	CC,CC,L4
-	daddu	CC,H4,CC
-
-	subu	R1,P3,4
-	sd	R4,-8(P1)	# delay slot
-	bgez	R1,$lab2
-
-	bleu	P3,0,$lab3
-	.align	2
-$lab33: 
-	ld	L1,0(P2)
-	 ld	R1,0(P1)
-	dmultu	L1,P4
-	 daddu	R1,R1,CC
-	sltu	CC,R1,CC
-	 daddu	P1,P1,8
-	mflo	L1
-	 mfhi	H1
-	daddu	R1,R1,L1
-	 daddu	P2,P2,8
-	sltu	L1,R1,L1
-	 subu	P3,P3,1
-	daddu	CC,CC,L1
-	 sd	R1,-8(P1)
-	daddu	CC,H1,CC
-	 bgtz	P3,$lab33
-	j	$31
-	.align	2
-$lab3:
-	j	$31
-	.align	2
-$lab34:
-	bgt	P3,0,$lab33
-	j	$31
-	.end	bn_mul_add_words
-
-	.align	2
-	# Program Unit: bn_mul_words
-	.ent	bn_mul_words
-	.globl	bn_mul_words
 .text
-bn_mul_words:
-	.frame	$sp,0,$31
-	.mask	0x00000000,0
-	.fmask	0x00000000,0
-	
-	subu	P3,P3,4
-	move	CC,$0
-	bltz	P3,$lab45
-$lab44:	
-	ld	L1,0(P2)
-	 ld	L2,8(P2)
-	ld	L3,16(P2)
-	 ld	L4,24(P2)
-	dmultu	L1,P4
-	 subu	P3,P3,4
-	mflo	L1
-	 mfhi	H1
-	daddu	L1,L1,CC
-	 dmultu	L2,P4
-	sltu	CC,L1,CC
-	 sd	L1,0(P1)
-	daddu	CC,H1,CC
-	 mflo	L2
-	mfhi	H2
-	 daddu	L2,L2,CC
-	dmultu	L3,P4
-	 sltu	CC,L2,CC
-	sd	L2,8(P1)
-	 daddu	CC,H2,CC
-	mflo	L3
-	 mfhi	H3
-	daddu	L3,L3,CC
-	 dmultu	L4,P4
-	sltu	CC,L3,CC
-	 sd	L3,16(P1)
-	daddu	CC,H3,CC
-	 mflo	L4
-	mfhi	H4
-	 daddu	L4,L4,CC
-	daddu	P1,P1,32
-	 sltu	CC,L4,CC
-	daddu	P2,P2,32
-	 daddu	CC,H4,CC
-	sd	L4,-8(P1)
-
-	bgez	P3,$lab44
-	b	$lab45
-$lab46:
-	ld	L1,0(P2)
-	 daddu	P1,P1,8
-	dmultu	L1,P4
-	 daddu	P2,P2,8
-	mflo	L1
-	 mfhi	H1
-	daddu	L1,L1,CC
-	 subu	P3,P3,1
-	sltu	CC,L1,CC
-	 sd	L1,-8(P1)
-	daddu	CC,H1,CC
-	 bgtz	P3,$lab46
-	j	$31
-$lab45:
-	addu	P3,P3,4
-	bgtz	P3,$lab46
-	j	$31
-	.align	2
-	.end	bn_mul_words
-
-	# Program Unit: bn_sqr_words
-	.ent	bn_sqr_words
-	.globl	bn_sqr_words
-.text
-bn_sqr_words:
-	.frame	$sp,0,$31
-	.mask	0x00000000,0
-	.fmask	0x00000000,0
+
+.set	noat
+.set	reorder
+
+#define	MINUS4	v1
+
+.align	5
+LEAF(bn_mul_add_words)
+	.set	noreorder
+	bgtzl	a2,.L_bn_mul_add_words_proceed
+	ld	t0,0(a1)
+	jr	ra
+	move	v0,zero
+	.set	reorder
+
+.L_bn_mul_add_words_proceed:
+	li	MINUS4,-4
+	and	ta0,a2,MINUS4
+	move	v0,zero
+	beqz	ta0,.L_bn_mul_add_words_tail
+
+.L_bn_mul_add_words_loop:
+	dmultu	t0,a3
+	ld	t1,0(a0)
+	ld	t2,8(a1)
+	ld	t3,8(a0)
+	ld	ta0,16(a1)
+	ld	ta1,16(a0)
+	daddu	t1,v0
+	sltu	v0,t1,v0	/* All manuals say it "compares 32-bit
+				 * values", but it seems to work fine
+				 * even on 64-bit registers. */
+	mflo	AT
+	mfhi	t0
+	daddu	t1,AT
+	daddu	v0,t0
+	sltu	AT,t1,AT
+	sd	t1,0(a0)
+	daddu	v0,AT
+
+	dmultu	t2,a3
+	ld	ta2,24(a1)
+	ld	ta3,24(a0)
+	daddu	t3,v0
+	sltu	v0,t3,v0
+	mflo	AT
+	mfhi	t2
+	daddu	t3,AT
+	daddu	v0,t2
+	sltu	AT,t3,AT
+	sd	t3,8(a0)
+	daddu	v0,AT
+
+	dmultu	ta0,a3
+	subu	a2,4
+	PTR_ADD	a0,32
+	PTR_ADD	a1,32
+	daddu	ta1,v0
+	sltu	v0,ta1,v0
+	mflo	AT
+	mfhi	ta0
+	daddu	ta1,AT
+	daddu	v0,ta0
+	sltu	AT,ta1,AT
+	sd	ta1,-16(a0)
+	daddu	v0,AT
+
+
+	dmultu	ta2,a3
+	and	ta0,a2,MINUS4
+	daddu	ta3,v0
+	sltu	v0,ta3,v0
+	mflo	AT
+	mfhi	ta2
+	daddu	ta3,AT
+	daddu	v0,ta2
+	sltu	AT,ta3,AT
+	sd	ta3,-8(a0)
+	daddu	v0,AT
+	.set	noreorder
+	bgtzl	ta0,.L_bn_mul_add_words_loop
+	ld	t0,0(a1)
+
+	bnezl	a2,.L_bn_mul_add_words_tail
+	ld	t0,0(a1)
+	.set	reorder
+
+.L_bn_mul_add_words_return:
+	jr	ra
+
+.L_bn_mul_add_words_tail:
+	dmultu	t0,a3
+	ld	t1,0(a0)
+	subu	a2,1
+	daddu	t1,v0
+	sltu	v0,t1,v0
+	mflo	AT
+	mfhi	t0
+	daddu	t1,AT
+	daddu	v0,t0
+	sltu	AT,t1,AT
+	sd	t1,0(a0)
+	daddu	v0,AT
+	beqz	a2,.L_bn_mul_add_words_return
+
+	ld	t0,8(a1)
+	dmultu	t0,a3
+	ld	t1,8(a0)
+	subu	a2,1
+	daddu	t1,v0
+	sltu	v0,t1,v0
+	mflo	AT
+	mfhi	t0
+	daddu	t1,AT
+	daddu	v0,t0
+	sltu	AT,t1,AT
+	sd	t1,8(a0)
+	daddu	v0,AT
+	beqz	a2,.L_bn_mul_add_words_return
+
+	ld	t0,16(a1)
+	dmultu	t0,a3
+	ld	t1,16(a0)
+	daddu	t1,v0
+	sltu	v0,t1,v0
+	mflo	AT
+	mfhi	t0
+	daddu	t1,AT
+	daddu	v0,t0
+	sltu	AT,t1,AT
+	sd	t1,16(a0)
+	daddu	v0,AT
+	jr	ra
+END(bn_mul_add_words)
+
+.align	5
+LEAF(bn_mul_words)
+	.set	noreorder
+	bgtzl	a2,.L_bn_mul_words_proceed
+	ld	t0,0(a1)
+	jr	ra
+	move	v0,zero
+	.set	reorder
+
+.L_bn_mul_words_proceed:
+	li	MINUS4,-4
+	and	ta0,a2,MINUS4
+	move	v0,zero
+	beqz	ta0,.L_bn_mul_words_tail
+
+.L_bn_mul_words_loop:
+	dmultu	t0,a3
+	ld	t2,8(a1)
+	ld	ta0,16(a1)
+	ld	ta2,24(a1)
+	mflo	AT
+	mfhi	t0
+	daddu	v0,AT
+	sltu	t1,v0,AT
+	sd	v0,0(a0)
+	daddu	v0,t1,t0
+
+	dmultu	t2,a3
+	subu	a2,4
+	PTR_ADD	a0,32
+	PTR_ADD	a1,32
+	mflo	AT
+	mfhi	t2
+	daddu	v0,AT
+	sltu	t3,v0,AT
+	sd	v0,-24(a0)
+	daddu	v0,t3,t2
+
+	dmultu	ta0,a3
+	mflo	AT
+	mfhi	ta0
+	daddu	v0,AT
+	sltu	ta1,v0,AT
+	sd	v0,-16(a0)
+	daddu	v0,ta1,ta0
+
+
+	dmultu	ta2,a3
+	and	ta0,a2,MINUS4
+	mflo	AT
+	mfhi	ta2
+	daddu	v0,AT
+	sltu	ta3,v0,AT
+	sd	v0,-8(a0)
+	daddu	v0,ta3,ta2
+	.set	noreorder
+	bgtzl	ta0,.L_bn_mul_words_loop
+	ld	t0,0(a1)
+
+	bnezl	a2,.L_bn_mul_words_tail
+	ld	t0,0(a1)
+	.set	reorder
+
+.L_bn_mul_words_return:
+	jr	ra
+
+.L_bn_mul_words_tail:
+	dmultu	t0,a3
+	subu	a2,1
+	mflo	AT
+	mfhi	t0
+	daddu	v0,AT
+	sltu	t1,v0,AT
+	sd	v0,0(a0)
+	daddu	v0,t1,t0
+	beqz	a2,.L_bn_mul_words_return
+
+	ld	t0,8(a1)
+	dmultu	t0,a3
+	subu	a2,1
+	mflo	AT
+	mfhi	t0
+	daddu	v0,AT
+	sltu	t1,v0,AT
+	sd	v0,8(a0)
+	daddu	v0,t1,t0
+	beqz	a2,.L_bn_mul_words_return
+
+	ld	t0,16(a1)
+	dmultu	t0,a3
+	mflo	AT
+	mfhi	t0
+	daddu	v0,AT
+	sltu	t1,v0,AT
+	sd	v0,16(a0)
+	daddu	v0,t1,t0
+	jr	ra
+END(bn_mul_words)
+
+.align	5
+LEAF(bn_sqr_words)
+	.set	noreorder
+	bgtzl	a2,.L_bn_sqr_words_proceed
+	ld	t0,0(a1)
+	jr	ra
+	move	v0,zero
+	.set	reorder
+
+.L_bn_sqr_words_proceed:
+	li	MINUS4,-4
+	and	ta0,a2,MINUS4
+	move	v0,zero
+	beqz	ta0,.L_bn_sqr_words_tail
+
+.L_bn_sqr_words_loop:
+	dmultu	t0,t0
+	ld	t2,8(a1)
+	ld	ta0,16(a1)
+	ld	ta2,24(a1)
+	mflo	t1
+	mfhi	t0
+	sd	t1,0(a0)
+	sd	t0,8(a0)
+
+	dmultu	t2,t2
+	subu	a2,4
+	PTR_ADD	a0,64
+	PTR_ADD	a1,32
+	mflo	t3
+	mfhi	t2
+	sd	t3,-48(a0)
+	sd	t2,-40(a0)
+
+	dmultu	ta0,ta0
+	mflo	ta1
+	mfhi	ta0
+	sd	ta1,-32(a0)
+	sd	ta0,-24(a0)
+
+
+	dmultu	ta2,ta2
+	and	ta0,a2,MINUS4
+	mflo	ta3
+	mfhi	ta2
+	sd	ta3,-16(a0)
+	sd	ta2,-8(a0)
+
+	.set	noreorder
+	bgtzl	ta0,.L_bn_sqr_words_loop
+	ld	t0,0(a1)
+
+	bnezl	a2,.L_bn_sqr_words_tail
+	ld	t0,0(a1)
+	.set	reorder
+
+.L_bn_sqr_words_return:
+	move	v0,zero
+	jr	ra
+
+.L_bn_sqr_words_tail:
+	dmultu	t0,t0
+	subu	a2,1
+	mflo	t1
+	mfhi	t0
+	sd	t1,0(a0)
+	sd	t0,8(a0)
+	beqz	a2,.L_bn_sqr_words_return
+
+	ld	t0,8(a1)
+	dmultu	t0,t0
+	subu	a2,1
+	mflo	t1
+	mfhi	t0
+	sd	t1,16(a0)
+	sd	t0,24(a0)
+	beqz	a2,.L_bn_sqr_words_return
+
+	ld	t0,16(a1)
+	dmultu	t0,t0
+	mflo	t1
+	mfhi	t0
+	sd	t1,32(a0)
+	sd	t0,40(a0)
+	jr	ra
+END(bn_sqr_words)
+
+.align	5
+LEAF(bn_add_words)
+	.set	noreorder
+	bgtzl	a3,.L_bn_add_words_proceed
+	ld	t0,0(a1)
+	jr	ra
+	move	v0,zero
+	.set	reorder
+
+.L_bn_add_words_proceed:
+	li	MINUS4,-4
+	and	AT,a3,MINUS4
+	move	v0,zero
+	beqz	AT,.L_bn_add_words_tail
+
+.L_bn_add_words_loop:
+	ld	ta0,0(a2)
+	subu	a3,4
+	ld	t1,8(a1)
+	and	AT,a3,MINUS4
+	ld	t2,16(a1)
+	PTR_ADD	a2,32
+	ld	t3,24(a1)
+	PTR_ADD	a0,32
+	ld	ta1,-24(a2)
+	PTR_ADD	a1,32
+	ld	ta2,-16(a2)
+	ld	ta3,-8(a2)
+	daddu	ta0,t0
+	sltu	t8,ta0,t0
+	daddu	t0,ta0,v0
+	sltu	v0,t0,ta0
+	sd	t0,-32(a0)
+	daddu	v0,t8
+
+	daddu	ta1,t1
+	sltu	t9,ta1,t1
+	daddu	t1,ta1,v0
+	sltu	v0,t1,ta1
+	sd	t1,-24(a0)
+	daddu	v0,t9
+
+	daddu	ta2,t2
+	sltu	t8,ta2,t2
+	daddu	t2,ta2,v0
+	sltu	v0,t2,ta2
+	sd	t2,-16(a0)
+	daddu	v0,t8
 	
-	subu	P3,P3,4
- b $lab55
-	bltz	P3,$lab55
-$lab54:
-	ld	L1,0(P2)
-	 ld	L2,8(P2)
-	ld	L3,16(P2)
-	 ld	L4,24(P2)
-
-	dmultu	L1,L1
-	 subu	P3,P3,4
-	mflo	L1
-	 mfhi	H1
-	sd	L1,0(P1)
-	 sd	H1,8(P1)
-
-	dmultu	L2,L2
-	 daddu	P1,P1,32
-	mflo	L2
-	 mfhi	H2
-	sd	L2,-48(P1)
-	 sd	H2,-40(P1)
-
-	dmultu	L3,L3
-	 daddu	P2,P2,32
-	mflo	L3
-	 mfhi	H3
-	sd	L3,-32(P1)
-	 sd	H3,-24(P1)
-
-	dmultu	L4,L4
-
-	mflo	L4
-	 mfhi	H4
-	sd	L4,-16(P1)
-	 sd	H4,-8(P1)
-
-	bgtz	P3,$lab54
-	b	$lab55
-$lab56:	
-	ld	L1,0(P2)
-	daddu	P1,P1,16
-	dmultu	L1,L1
-	daddu	P2,P2,8
-	subu	P3,P3,1
-	mflo	L1
-	mfhi	H1
-	sd	L1,-16(P1)
-	sd	H1,-8(P1)
-
-	bgtz	P3,$lab56
-	j	$31
-$lab55:
-	daddu	P3,P3,4
-	bgtz	P3,$lab56
-	j	$31
-	.align	2
-	.end	bn_sqr_words
-
-	# Program Unit: bn_add_words
-	.ent	bn_add_words
-	.globl	bn_add_words
-.text
-bn_add_words: 	 # 0x590
-	.frame	$sp,0,$31
-	.mask	0x00000000,0
-	.fmask	0x00000000,0
+	daddu	ta3,t3
+	sltu	t9,ta3,t3
+	daddu	t3,ta3,v0
+	sltu	v0,t3,ta3
+	sd	t3,-8(a0)
+	daddu	v0,t9
 	
-	subu	P4,P4,4
-	move	CC,$0
-	bltz	P4,$lab65
-$lab64:	
-	ld	L1,0(P2)
-	ld	R1,0(P3)
-	ld	L2,8(P2)
-	ld	R2,8(P3)
-
-	daddu	L1,L1,CC
-	 ld	L3,16(P2)
-	sltu	CC,L1,CC
-	 daddu	L1,L1,R1
-	sltu	R1,L1,R1
-	 ld	R3,16(P3)
-	daddu	CC,CC,R1
-	 ld	L4,24(P2)
-
-	daddu	L2,L2,CC
-	 ld	R4,24(P3)
-	sltu	CC,L2,CC
-	 daddu	L2,L2,R2
-	sltu	R2,L2,R2
-	 sd	L1,0(P1)
-	daddu	CC,CC,R2
-	 daddu	P1,P1,32
-	daddu	L3,L3,CC
-	 sd	L2,-24(P1)
-
-	sltu	CC,L3,CC
-	 daddu	L3,L3,R3
-	sltu	R3,L3,R3
-	 daddu	P2,P2,32
-	daddu	CC,CC,R3
-
-	daddu	L4,L4,CC
-	 daddu	P3,P3,32
-	sltu	CC,L4,CC
-	 daddu	L4,L4,R4
-	sltu	R4,L4,R4
-	 subu	P4,P4,4
-	sd	L3,-16(P1)
-	 daddu	CC,CC,R4
-	sd	L4,-8(P1)
-
-	bgtz	P4,$lab64
-	b	$lab65
-$lab66:
-	ld	L1,0(P2)
-	 ld	R1,0(P3)
-	daddu	L1,L1,CC
-	 daddu	P1,P1,8
-	sltu	CC,L1,CC
-	 daddu	P2,P2,8
-	daddu	P3,P3,8
-	 daddu	L1,L1,R1
-	subu	P4,P4,1
-	 sltu	R1,L1,R1
-	sd	L1,-8(P1)
-	 daddu	CC,CC,R1
-
-	bgtz	P4,$lab66
-	j	$31
-$lab65:
-	addu	P4,P4,4
-	bgtz	P4,$lab66
-	j	$31
-	.end	bn_add_words
-
-#if 1
-	# Program Unit: bn_div64
-	.set	at
+	.set	noreorder
+	bgtzl	AT,.L_bn_add_words_loop
+	ld	t0,0(a1)
+
+	bnezl	a3,.L_bn_add_words_tail
+	ld	t0,0(a1)
 	.set	reorder
-	.text	
-	.align	2
-	.globl	bn_div64
- # 321		{
-	.ent	bn_div64
-bn_div64:
-	dsubu	$sp, 64
-	sd	$31, 56($sp)
-	sd	$16, 48($sp)
-	.mask	0x80010000, -56
-	.frame	$sp, 64, $31
-	move	$9, $4
-	move	$12, $5
-	move	$16, $6
- # 322		BN_ULONG dh,dl,q,ret=0,th,tl,t;
-	move	$31, $0
- # 323		int i,count=2;
-	li	$13, 2
- # 324	
- # 325		if (d == 0) return(BN_MASK2);
-	bne	$16, 0, $80
-	dli	$2, -1
-	b	$93
-$80:
- # 326	
- # 327		i=BN_num_bits_word(d);
-	move	$4, $16
-	sd	$31, 16($sp)
-	sd	$9, 24($sp)
-	sd	$12, 32($sp)
-	sd	$13, 40($sp)
-	.livereg	0x800ff0e,0xfff
-	jal	BN_num_bits_word
-	dli	$4, 64
-	ld	$31, 16($sp)
-	ld	$9, 24($sp)
-	ld	$12, 32($sp)
-	ld	$13, 40($sp)
-	move	$3, $2
- # 328		if ((i != BN_BITS2) && (h > (BN_ULONG)1<<i))
-	beq	$2, $4, $81
-	dli	$14, 1
-	dsll	$15, $14, $2
-	bleu	$9, $15, $81
- # 329			{
- # 330	#if !defined(NO_STDIO) && !defined(WIN16)
- # 331			fprintf(stderr,"Division would overflow (%d)\n",i);
- # 332	#endif
- # 333			abort();
-	sd	$3, 8($sp)
-	sd	$31, 16($sp)
-	sd	$9, 24($sp)
-	sd	$12, 32($sp)
-	sd	$13, 40($sp)
-	.livereg	0xff0e,0xfff
-	jal	abort
-	dli	$4, 64
-	ld	$3, 8($sp)
-	ld	$31, 16($sp)
-	ld	$9, 24($sp)
-	ld	$12, 32($sp)
-	ld	$13, 40($sp)
- # 334			}
-$81:
- # 335		i=BN_BITS2-i;
-	dsubu	$3, $4, $3
- # 336		if (h >= d) h-=d;
-	bltu	$9, $16, $82
-	dsubu	$9, $9, $16
-$82:
- # 337	
- # 338		if (i)
-	beq	$3, 0, $83
- # 339			{
- # 340			d<<=i;
-	dsll	$16, $16, $3
- # 341			h=(h<<i)|(l>>(BN_BITS2-i));
-	dsll	$24, $9, $3
-	dsubu	$25, $4, $3
-	dsrl	$14, $12, $25
-	or	$9, $24, $14
- # 342			l<<=i;
-	dsll	$12, $12, $3
- # 343			}
-$83:
- # 344		dh=(d&BN_MASK2h)>>BN_BITS4;
- # 345		dl=(d&BN_MASK2l);
-	and	$8, $16,0xFFFFFFFF00000000
-	dsrl	$8, $8, 32
-	# dli	$10,0xFFFFFFFF # Is this needed?
-	# and	$10, $16, $10
-	dsll	$10, $16, 32
-	dsrl	$10, $10, 32
-	dli	$6,0xFFFFFFFF00000000
-$84:
- # 346		for (;;)
- # 347			{
- # 348			if ((h>>BN_BITS4) == dh)
-	dsrl	$15, $9, 32
-	bne	$8, $15, $85
- # 349				q=BN_MASK2l;
-	dli	$5, 0xFFFFFFFF
-	b	$86
-$85:
- # 350			else
- # 351				q=h/dh;
-	ddivu	$5, $9, $8
-$86:
- # 352	
- # 353			for (;;)
- # 354				{
- # 355				t=(h-q*dh);
-	dmul	$4, $5, $8
-	dsubu	$2, $9, $4
-	move	$3, $2
- # 356				if ((t&BN_MASK2h) ||
- # 357					((dl*q) <= (
- # 358						(t<<BN_BITS4)+
- # 359						((l&BN_MASK2h)>>BN_BITS4))))
-	and	$25, $2, $6
-	bne	$25, $0, $87
-	dmul	$24, $10, $5
-	dsll	$14, $3, 32
-	and	$15, $12, $6
-	dsrl	$25, $15, 32
-	daddu	$15, $14, $25
-	bgtu	$24, $15, $88
-$87:
- # 360					break;
-	dmul	$3, $10, $5
-	b	$89
-$88:
- # 361				q--;
-	daddu	$5, $5, -1
- # 362				}
-	b	$86
-$89:
- # 363			th=q*dh;
- # 364			tl=q*dl;
- # 365			t=(tl>>BN_BITS4);
- # 366			tl=(tl<<BN_BITS4)&BN_MASK2h;
-	dsll	$14, $3, 32
-	and	$2, $14, $6
-	move	$11, $2
- # 367			th+=t;
-	dsrl	$25, $3, 32
-	daddu	$7, $4, $25
- # 368	
- # 369			if (l < tl) th++;
-	bgeu	$12, $2, $90
-	daddu	$7, $7, 1
-$90:
- # 370			l-=tl;
-	dsubu	$12, $12, $11
- # 371			if (h < th)
-	bgeu	$9, $7, $91
- # 372				{
- # 373				h+=d;
-	daddu	$9, $9, $16
- # 374				q--;
-	daddu	$5, $5, -1
- # 375				}
-$91:
- # 376			h-=th;
-	dsubu	$9, $9, $7
- # 377	
- # 378			if (--count == 0) break;
-	addu	$13, $13, -1
-	beq	$13, 0, $92
- # 379	
- # 380			ret=q<<BN_BITS4;
-	dsll	$31, $5, 32
- # 381			h=((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2;
-	dsll	$24, $9, 32
-	dsrl	$15, $12, 32
-	or	$9, $24, $15
- # 382			l=(l&BN_MASK2l)<<BN_BITS4;
-	and	$12, $12, 0xFFFFFFFF
-	dsll	$12, $12, 32
- # 383			}
-	b	$84
-$92:
- # 384		ret|=q;
-	or	$31, $31, $5
- # 385		return(ret);
-	move	$2, $31
-$93:
-	ld	$16, 48($sp)
-	ld	$31, 56($sp)
-	daddu	$sp, 64
-	j	$31
-	.end	bn_div64
-#endif
+
+.L_bn_add_words_return:
+	jr	ra
+
+.L_bn_add_words_tail:
+	ld	ta0,0(a2)
+	daddu	ta0,t0
+	subu	a3,1
+	sltu	t8,ta0,t0
+	daddu	t0,ta0,v0
+	sltu	v0,t0,ta0
+	sd	t0,0(a0)
+	daddu	v0,t8
+	beqz	a3,.L_bn_add_words_return
+
+	ld	t1,8(a1)
+	ld	ta1,8(a2)
+	daddu	ta1,t1
+	subu	a3,1
+	sltu	t9,ta1,t1
+	daddu	t1,ta1,v0
+	sltu	v0,t1,ta1
+	sd	t1,8(a0)
+	daddu	v0,t9
+	beqz	a3,.L_bn_add_words_return
+
+	ld	t2,16(a1)
+	ld	ta2,16(a2)
+	daddu	ta2,t2
+	sltu	t8,ta2,t2
+	daddu	t2,ta2,v0
+	sltu	v0,t2,ta2
+	sd	t2,16(a0)
+	daddu	v0,t8
+	jr	ra
+END(bn_add_words)
+
+.align	5
+LEAF(bn_sub_words)
+	.set	noreorder
+	bgtzl	a3,.L_bn_sub_words_proceed
+	ld	t0,0(a1)
+	jr	ra
+	move	v0,zero
+	.set	reorder
+
+.L_bn_sub_words_proceed:
+	li	MINUS4,-4
+	and	AT,a3,MINUS4
+	move	v0,zero
+	beqz	AT,.L_bn_sub_words_tail
+
+.L_bn_sub_words_loop:
+	ld	ta0,0(a2)
+	subu	a3,4
+	ld	t1,8(a1)
+	and	AT,a3,MINUS4
+	ld	t2,16(a1)
+	PTR_ADD	a2,32
+	ld	t3,24(a1)
+	PTR_ADD	a0,32
+	ld	ta1,-24(a2)
+	PTR_ADD	a1,32
+	ld	ta2,-16(a2)
+	ld	ta3,-8(a2)
+	sltu	t8,t0,ta0
+	dsubu	t0,ta0
+	dsubu	ta0,t0,v0
+	sd	ta0,-32(a0)
+	MOVNZ	(t0,v0,t8)
+
+	sltu	t9,t1,ta1
+	dsubu	t1,ta1
+	dsubu	ta1,t1,v0
+	sd	ta1,-24(a0)
+	MOVNZ	(t1,v0,t9)
+
+
+	sltu	t8,t2,ta2
+	dsubu	t2,ta2
+	dsubu	ta2,t2,v0
+	sd	ta2,-16(a0)
+	MOVNZ	(t2,v0,t8)
+
+	sltu	t9,t3,ta3
+	dsubu	t3,ta3
+	dsubu	ta3,t3,v0
+	sd	ta3,-8(a0)
+	MOVNZ	(t3,v0,t9)
+
+	.set	noreorder
+	bgtzl	AT,.L_bn_sub_words_loop
+	ld	t0,0(a1)
+
+	bnezl	a3,.L_bn_sub_words_tail
+	ld	t0,0(a1)
+	.set	reorder
+
+.L_bn_sub_words_return:
+	jr	ra
+
+.L_bn_sub_words_tail:
+	ld	ta0,0(a2)
+	subu	a3,1
+	sltu	t8,t0,ta0
+	dsubu	t0,ta0
+	dsubu	ta0,t0,v0
+	MOVNZ	(t0,v0,t8)
+	sd	ta0,0(a0)
+	beqz	a3,.L_bn_sub_words_return
+
+	ld	t1,8(a1)
+	subu	a3,1
+	ld	ta1,8(a2)
+	sltu	t9,t1,ta1
+	dsubu	t1,ta1
+	dsubu	ta1,t1,v0
+	MOVNZ	(t1,v0,t9)
+	sd	ta1,8(a0)
+	beqz	a3,.L_bn_sub_words_return
+
+	ld	t2,16(a1)
+	ld	ta2,16(a2)
+	sltu	t8,t2,ta2
+	dsubu	t2,ta2
+	dsubu	ta2,t2,v0
+	MOVNZ	(t2,v0,t8)
+	sd	ta2,16(a0)
+	jr	ra
+END(bn_sub_words)
+
+#undef	MINUS4
+
+.align 5
+LEAF(bn_div_3_words)
+	.set	reorder
+	move	a3,a0		/* we know that bn_div_words doesn't
+				 * touch a3, ta2, ta3 and preserves a2
+				 * so that we can save two arguments
+				 * and return address in registers
+				 * instead of stack:-)
+				 */
+	ld	a0,(a3)
+	move	ta2,a1
+	ld	a1,-8(a3)
+	bne	a0,a2,.L_bn_div_3_words_proceed
+	li	v0,-1
+	jr	ra
+.L_bn_div_3_words_proceed:
+	move	ta3,ra
+	bal	bn_div_words
+	move	ra,ta3
+	dmultu	ta2,v0
+	ld	t2,-16(a3)
+	move	ta0,zero
+	mfhi	t1
+	mflo	t0
+	sltu	t8,t1,v1
+.L_bn_div_3_words_inner_loop:
+	bnez	t8,.L_bn_div_3_words_inner_loop_done
+	sgeu	AT,t2,t0
+	seq	t9,t1,v1
+	and	AT,t9
+	sltu	t3,t0,ta2
+	daddu	v1,a2
+	dsubu	t1,t3
+	dsubu	t0,ta2
+	sltu	t8,t1,v1
+	sltu	ta0,v1,a2
+	or	t8,ta0
+	.set	noreorder
+	beqzl	AT,.L_bn_div_3_words_inner_loop
+	dsubu	v0,1
+	.set	reorder
+.L_bn_div_3_words_inner_loop_done:
+	jr	ra
+END(bn_div_3_words)
+
+.align	5
+LEAF(bn_div_words)
+	.set	noreorder
+	bnezl	a2,.L_bn_div_words_proceed
+	move	v1,zero
+	jr	ra
+	li	v0,-1		/* I'd rather signal div-by-zero
+				 * which can be done with 'break 7' */
+
+.L_bn_div_words_proceed:
+	bltz	a2,.L_bn_div_words_body
+	move	t9,v1
+	dsll	a2,1
+	bgtz	a2,.-4
+	addu	t9,1
+
+	.set	reorder
+	negu	t1,t9
+	li	t2,-1
+	dsll	t2,t1
+	and	t2,a0
+	dsrl	AT,a1,t1
+	.set	noreorder
+	bnezl	t2,.+8
+	break	6		/* signal overflow */
+	.set	reorder
+	dsll	a0,t9
+	dsll	a1,t9
+	or	a0,AT
+
+#define	QT	ta0
+#define	HH	ta1
+#define	DH	v1
+.L_bn_div_words_body:
+	dsrl	DH,a2,32
+	sgeu	AT,a0,a2
+	.set	noreorder
+	bnezl	AT,.+8
+	dsubu	a0,a2
+	.set	reorder
+
+	li	QT,-1
+	dsrl	HH,a0,32
+	dsrl	QT,32	/* q=0xffffffff */
+	beq	DH,HH,.L_bn_div_words_skip_div1
+	ddivu	zero,a0,DH
+	mflo	QT
+.L_bn_div_words_skip_div1:
+	dmultu	a2,QT
+	dsll	t3,a0,32
+	dsrl	AT,a1,32
+	or	t3,AT
+	mflo	t0
+	mfhi	t1
+.L_bn_div_words_inner_loop1:
+	sltu	t2,t3,t0
+	seq	t8,HH,t1
+	sltu	AT,HH,t1
+	and	t2,t8
+	sltu	v0,t0,a2
+	or	AT,t2
+	.set	noreorder
+	beqz	AT,.L_bn_div_words_inner_loop1_done
+	dsubu	t1,v0
+	dsubu	t0,a2
+	b	.L_bn_div_words_inner_loop1
+	dsubu	QT,1
+	.set	reorder
+.L_bn_div_words_inner_loop1_done:
+
+	dsll	a1,32
+	dsubu	a0,t3,t0
+	dsll	v0,QT,32
+
+	li	QT,-1
+	dsrl	HH,a0,32
+	dsrl	QT,32	/* q=0xffffffff */
+	beq	DH,HH,.L_bn_div_words_skip_div2
+	ddivu	zero,a0,DH
+	mflo	QT
+.L_bn_div_words_skip_div2:
+#undef	DH
+	dmultu	a2,QT
+	dsll	t3,a0,32
+	dsrl	AT,a1,32
+	or	t3,AT
+	mflo	t0
+	mfhi	t1
+.L_bn_div_words_inner_loop2:
+	sltu	t2,t3,t0
+	seq	t8,HH,t1
+	sltu	AT,HH,t1
+	and	t2,t8
+	sltu	v1,t0,a2
+	or	AT,t2
+	.set	noreorder
+	beqz	AT,.L_bn_div_words_inner_loop2_done
+	dsubu	t1,v1
+	dsubu	t0,a2
+	b	.L_bn_div_words_inner_loop2
+	dsubu	QT,1
+	.set	reorder
+.L_bn_div_words_inner_loop2_done:	
+#undef	HH
+
+	dsubu	a0,t3,t0
+	or	v0,QT
+	dsrl	v1,a0,t9	/* v1 contains remainder if anybody wants it */
+	dsrl	a2,t9		/* restore a2 */
+	jr	ra
+#undef	QT
+END(bn_div_words)
+
+#define	a_0	t0
+#define	a_1	t1
+#define	a_2	t2
+#define	a_3	t3
+#define	b_0	ta0
+#define	b_1	ta1
+#define	b_2	ta2
+#define	b_3	ta3
+
+#define	a_4	s0
+#define	a_5	s2
+#define	a_6	s4
+#define	a_7	a1	/* once we load a[7] we don't need a anymore */
+#define	b_4	s1
+#define	b_5	s3
+#define	b_6	s5
+#define	b_7	a2	/* once we load b[7] we don't need b anymore */
+
+#define	t_1	t8
+#define	t_2	t9
+
+#define	c_1	v0
+#define	c_2	v1
+#define	c_3	a3
+
+#define	FRAME_SIZE	48
+
+.align	5
+LEAF(bn_mul_comba8)
+	.set	noreorder
+	PTR_SUB	sp,FRAME_SIZE
+	.frame	sp,64,ra
+	.set	reorder
+	ld	a_0,0(a1)	/* If compiled with -mips3 option on
+				 * R5000 box assembler barks on this
+				 * line with "shouldn't have mult/div
+				 * as last instruction in bb (R10K
+				 * bug)" warning. If anybody out there
+				 * has a clue about how to circumvent
+				 * this do send me a note.
+				 *		<appro@fy.chalmers.se>
+				 */
+	ld	b_0,0(a2)
+	ld	a_1,8(a1)
+	ld	a_2,16(a1)
+	ld	a_3,24(a1)
+	ld	b_1,8(a2)
+	ld	b_2,16(a2)
+	ld	b_3,24(a2)
+	dmultu	a_0,b_0		/* mul_add_c(a[0],b[0],c1,c2,c3); */
+	sd	s0,0(sp)
+	sd	s1,8(sp)
+	sd	s2,16(sp)
+	sd	s3,24(sp)
+	sd	s4,32(sp)
+	sd	s5,40(sp)
+	mflo	c_1
+	mfhi	c_2
+
+	dmultu	a_0,b_1		/* mul_add_c(a[0],b[1],c2,c3,c1); */
+	ld	a_4,32(a1)
+	ld	a_5,40(a1)
+	ld	a_6,48(a1)
+	ld	a_7,56(a1)
+	ld	b_4,32(a2)
+	ld	b_5,40(a2)
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	c_3,t_2,AT
+	dmultu	a_1,b_0		/* mul_add_c(a[1],b[0],c2,c3,c1); */
+	ld	b_6,48(a2)
+	ld	b_7,56(a2)
+	sd	c_1,0(a0)	/* r[0]=c1; */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	sd	c_2,8(a0)	/* r[1]=c2; */
+
+	dmultu	a_2,b_0		/* mul_add_c(a[2],b[0],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	dmultu	a_1,b_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_0,b_2		/* mul_add_c(a[0],b[2],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,16(a0)	/* r[2]=c3; */
+
+	dmultu	a_0,b_3		/* mul_add_c(a[0],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_1,b_2		/* mul_add_c(a[1],b[2],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_2,b_1		/* mul_add_c(a[2],b[1],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_3,b_0		/* mul_add_c(a[3],b[0],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,24(a0)	/* r[3]=c1; */
+
+	dmultu	a_4,b_0		/* mul_add_c(a[4],b[0],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	dmultu	a_3,b_1		/* mul_add_c(a[3],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_2,b_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_1,b_3		/* mul_add_c(a[1],b[3],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_0,b_4		/* mul_add_c(a[0],b[4],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,32(a0)	/* r[4]=c2; */
+
+	dmultu	a_0,b_5		/* mul_add_c(a[0],b[5],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_1,b_4		/* mul_add_c(a[1],b[4],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_2,b_3		/* mul_add_c(a[2],b[3],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_3,b_2		/* mul_add_c(a[3],b[2],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_4,b_1		/* mul_add_c(a[4],b[1],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_5,b_0		/* mul_add_c(a[5],b[0],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,40(a0)	/* r[5]=c3; */
+
+	dmultu	a_6,b_0		/* mul_add_c(a[6],b[0],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_5,b_1		/* mul_add_c(a[5],b[1],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_4,b_2		/* mul_add_c(a[4],b[2],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_3,b_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_2,b_4		/* mul_add_c(a[2],b[4],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_1,b_5		/* mul_add_c(a[1],b[5],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_0,b_6		/* mul_add_c(a[0],b[6],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,48(a0)	/* r[6]=c1; */
+
+	dmultu	a_0,b_7		/* mul_add_c(a[0],b[7],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	dmultu	a_1,b_6		/* mul_add_c(a[1],b[6],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_2,b_5		/* mul_add_c(a[2],b[5],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_3,b_4		/* mul_add_c(a[3],b[4],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_4,b_3		/* mul_add_c(a[4],b[3],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_5,b_2		/* mul_add_c(a[5],b[2],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_6,b_1		/* mul_add_c(a[6],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_7,b_0		/* mul_add_c(a[7],b[0],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,56(a0)	/* r[7]=c2; */
+
+	dmultu	a_7,b_1		/* mul_add_c(a[7],b[1],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_6,b_2		/* mul_add_c(a[6],b[2],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_5,b_3		/* mul_add_c(a[5],b[3],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_4,b_4		/* mul_add_c(a[4],b[4],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_3,b_5		/* mul_add_c(a[3],b[5],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_2,b_6		/* mul_add_c(a[2],b[6],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_1,b_7		/* mul_add_c(a[1],b[7],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,64(a0)	/* r[8]=c3; */
+
+	dmultu	a_2,b_7		/* mul_add_c(a[2],b[7],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_3,b_6		/* mul_add_c(a[3],b[6],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_4,b_5		/* mul_add_c(a[4],b[5],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_5,b_4		/* mul_add_c(a[5],b[4],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_6,b_3		/* mul_add_c(a[6],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_7,b_2		/* mul_add_c(a[7],b[2],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,72(a0)	/* r[9]=c1; */
+
+	dmultu	a_7,b_3		/* mul_add_c(a[7],b[3],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	dmultu	a_6,b_4		/* mul_add_c(a[6],b[4],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_5,b_5		/* mul_add_c(a[5],b[5],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_4,b_6		/* mul_add_c(a[4],b[6],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_3,b_7		/* mul_add_c(a[3],b[7],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,80(a0)	/* r[10]=c2; */
+
+	dmultu	a_4,b_7		/* mul_add_c(a[4],b[7],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_5,b_6		/* mul_add_c(a[5],b[6],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_6,b_5		/* mul_add_c(a[6],b[5],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_7,b_4		/* mul_add_c(a[7],b[4],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,88(a0)	/* r[11]=c3; */
+
+	dmultu	a_7,b_5		/* mul_add_c(a[7],b[5],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_6,b_6		/* mul_add_c(a[6],b[6],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_5,b_7		/* mul_add_c(a[5],b[7],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,96(a0)	/* r[12]=c1; */
+
+	dmultu	a_6,b_7		/* mul_add_c(a[6],b[7],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	dmultu	a_7,b_6		/* mul_add_c(a[7],b[6],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,104(a0)	/* r[13]=c2; */
+
+	dmultu	a_7,b_7		/* mul_add_c(a[7],b[7],c3,c1,c2); */
+	ld	s0,0(sp)
+	ld	s1,8(sp)
+	ld	s2,16(sp)
+	ld	s3,24(sp)
+	ld	s4,32(sp)
+	ld	s5,40(sp)
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sd	c_3,112(a0)	/* r[14]=c3; */
+	sd	c_1,120(a0)	/* r[15]=c1; */
+
+	PTR_ADD	sp,FRAME_SIZE
+
+	jr	ra
+END(bn_mul_comba8)
+
+.align	5
+LEAF(bn_mul_comba4)
+	.set	reorder
+	ld	a_0,0(a1)
+	ld	b_0,0(a2)
+	ld	a_1,8(a1)
+	ld	a_2,16(a1)
+	dmultu	a_0,b_0		/* mul_add_c(a[0],b[0],c1,c2,c3); */
+	ld	a_3,24(a1)
+	ld	b_1,8(a2)
+	ld	b_2,16(a2)
+	ld	b_3,24(a2)
+	mflo	c_1
+	mfhi	c_2
+	sd	c_1,0(a0)
+
+	dmultu	a_0,b_1		/* mul_add_c(a[0],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	c_3,t_2,AT
+	dmultu	a_1,b_0		/* mul_add_c(a[1],b[0],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	sd	c_2,8(a0)
+
+	dmultu	a_2,b_0		/* mul_add_c(a[2],b[0],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	dmultu	a_1,b_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_0,b_2		/* mul_add_c(a[0],b[2],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,16(a0)
+
+	dmultu	a_0,b_3		/* mul_add_c(a[0],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	c_3,c_2,t_2
+	dmultu	a_1,b_2		/* mul_add_c(a[1],b[2],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_2,b_1		/* mul_add_c(a[2],b[1],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_3,b_0		/* mul_add_c(a[3],b[0],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,24(a0)
+
+	dmultu	a_3,b_1		/* mul_add_c(a[3],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	c_1,c_3,t_2
+	dmultu	a_2,b_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_1,b_3		/* mul_add_c(a[1],b[3],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,32(a0)
+
+	dmultu	a_2,b_3		/* mul_add_c(a[2],b[3],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	c_2,c_1,t_2
+	dmultu	a_3,b_2		/* mul_add_c(a[3],b[2],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,40(a0)
+
+	dmultu	a_3,b_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sd	c_1,48(a0)
+	sd	c_2,56(a0)
+
+	jr	ra
+END(bn_mul_comba4)
+
+#undef	a_4
+#undef	a_5
+#undef	a_6
+#undef	a_7
+#define	a_4	b_0
+#define	a_5	b_1
+#define	a_6	b_2
+#define	a_7	b_3
+
+.align	5
+LEAF(bn_sqr_comba8)
+	.set	reorder
+	ld	a_0,0(a1)
+	ld	a_1,8(a1)
+	ld	a_2,16(a1)
+	ld	a_3,24(a1)
+
+	dmultu	a_0,a_0		/* mul_add_c(a[0],b[0],c1,c2,c3); */
+	ld	a_4,32(a1)
+	ld	a_5,40(a1)
+	ld	a_6,48(a1)
+	ld	a_7,56(a1)
+	mflo	c_1
+	mfhi	c_2
+	sd	c_1,0(a0)
+
+	dmultu	a_0,a_1		/* mul_add_c2(a[0],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	slt	c_1,t_2,zero
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	c_3,t_2,AT
+	sd	c_2,8(a0)
+
+	dmultu	a_2,a_0		/* mul_add_c2(a[2],b[0],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	slt	c_2,t_2,zero
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_1,a_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,16(a0)
+
+	dmultu	a_0,a_3		/* mul_add_c2(a[0],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	slt	c_3,t_2,zero
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_1,a_2		/* mul_add_c2(a[1],b[2],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	slt	AT,t_2,zero
+	daddu	c_3,AT
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,24(a0)
+
+	dmultu	a_4,a_0		/* mul_add_c2(a[4],b[0],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	slt	c_1,t_2,zero
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_3,a_1		/* mul_add_c2(a[3],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	slt	AT,t_2,zero
+	daddu	c_1,AT
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_2,a_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,32(a0)
+
+	dmultu	a_0,a_5		/* mul_add_c2(a[0],b[5],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	slt	c_2,t_2,zero
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_1,a_4		/* mul_add_c2(a[1],b[4],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	slt	AT,t_2,zero
+	daddu	c_2,AT
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_2,a_3		/* mul_add_c2(a[2],b[3],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	slt	AT,t_2,zero
+	daddu	c_2,AT
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,40(a0)
+
+	dmultu	a_6,a_0		/* mul_add_c2(a[6],b[0],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	slt	c_3,t_2,zero
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_5,a_1		/* mul_add_c2(a[5],b[1],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	slt	AT,t_2,zero
+	daddu	c_3,AT
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_4,a_2		/* mul_add_c2(a[4],b[2],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	slt	AT,t_2,zero
+	daddu	c_3,AT
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_3,a_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,48(a0)
+
+	dmultu	a_0,a_7		/* mul_add_c2(a[0],b[7],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	slt	c_1,t_2,zero
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_1,a_6		/* mul_add_c2(a[1],b[6],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	slt	AT,t_2,zero
+	daddu	c_1,AT
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_2,a_5		/* mul_add_c2(a[2],b[5],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	slt	AT,t_2,zero
+	daddu	c_1,AT
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_3,a_4		/* mul_add_c2(a[3],b[4],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	slt	AT,t_2,zero
+	daddu	c_1,AT
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,56(a0)
+
+	dmultu	a_7,a_1		/* mul_add_c2(a[7],b[1],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	slt	c_2,t_2,zero
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_6,a_2		/* mul_add_c2(a[6],b[2],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	slt	AT,t_2,zero
+	daddu	c_2,AT
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_5,a_3		/* mul_add_c2(a[5],b[3],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	slt	AT,t_2,zero
+	daddu	c_2,AT
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_4,a_4		/* mul_add_c(a[4],b[4],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,64(a0)
+
+	dmultu	a_2,a_7		/* mul_add_c2(a[2],b[7],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	slt	c_3,t_2,zero
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_3,a_6		/* mul_add_c2(a[3],b[6],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	slt	AT,t_2,zero
+	daddu	c_3,AT
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_4,a_5		/* mul_add_c2(a[4],b[5],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	slt	AT,t_2,zero
+	daddu	c_3,AT
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,72(a0)
+
+	dmultu	a_7,a_3		/* mul_add_c2(a[7],b[3],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	slt	c_1,t_2,zero
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_6,a_4		/* mul_add_c2(a[6],b[4],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	slt	AT,t_2,zero
+	daddu	c_1,AT
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_5,a_5		/* mul_add_c(a[5],b[5],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,80(a0)
+
+	dmultu	a_4,a_7		/* mul_add_c2(a[4],b[7],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	slt	c_2,t_2,zero
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_5,a_6		/* mul_add_c2(a[5],b[6],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	slt	AT,t_2,zero
+	daddu	c_2,AT
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,88(a0)
+
+	dmultu	a_7,a_5		/* mul_add_c2(a[7],b[5],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	slt	c_3,t_2,zero
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_6,a_6		/* mul_add_c(a[6],b[6],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,96(a0)
+
+	dmultu	a_6,a_7		/* mul_add_c2(a[6],b[7],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	slt	c_1,t_2,zero
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,104(a0)
+
+	dmultu	a_7,a_7		/* mul_add_c(a[7],b[7],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sd	c_3,112(a0)
+	sd	c_1,120(a0)
+
+	jr	ra
+END(bn_sqr_comba8)
+
+.align	5
+LEAF(bn_sqr_comba4)
+	.set	reorder
+	ld	a_0,0(a1)
+	ld	a_1,8(a1)
+	ld	a_2,16(a1)
+	ld	a_3,24(a1)
+	dmultu	a_0,a_0		/* mul_add_c(a[0],b[0],c1,c2,c3); */
+	mflo	c_1
+	mfhi	c_2
+	sd	c_1,0(a0)
+
+	dmultu	a_0,a_1		/* mul_add_c2(a[0],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	slt	c_1,t_2,zero
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	c_3,t_2,AT
+	sd	c_2,8(a0)
+
+	dmultu	a_2,a_0		/* mul_add_c2(a[2],b[0],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	slt	c_2,t_2,zero
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	dmultu	a_1,a_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,16(a0)
+
+	dmultu	a_0,a_3		/* mul_add_c2(a[0],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	slt	c_3,t_2,zero
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	dmultu	a_1,a_2		/* mul_add_c(a2[1],b[2],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	slt	AT,t_2,zero
+	daddu	c_3,AT
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sltu	AT,c_2,t_2
+	daddu	c_3,AT
+	sd	c_1,24(a0)
+
+	dmultu	a_3,a_1		/* mul_add_c2(a[3],b[1],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	slt	c_1,t_2,zero
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	dmultu	a_2,a_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_2,t_1
+	sltu	AT,c_2,t_1
+	daddu	t_2,AT
+	daddu	c_3,t_2
+	sltu	AT,c_3,t_2
+	daddu	c_1,AT
+	sd	c_2,32(a0)
+
+	dmultu	a_2,a_3		/* mul_add_c2(a[2],b[3],c3,c1,c2); */
+	mflo	t_1
+	mfhi	t_2
+	slt	c_2,t_2,zero
+	dsll	t_2,1
+	slt	a2,t_1,zero
+	daddu	t_2,a2
+	dsll	t_1,1
+	daddu	c_3,t_1
+	sltu	AT,c_3,t_1
+	daddu	t_2,AT
+	daddu	c_1,t_2
+	sltu	AT,c_1,t_2
+	daddu	c_2,AT
+	sd	c_3,40(a0)
+
+	dmultu	a_3,a_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
+	mflo	t_1
+	mfhi	t_2
+	daddu	c_1,t_1
+	sltu	AT,c_1,t_1
+	daddu	t_2,AT
+	daddu	c_2,t_2
+	sd	c_1,48(a0)
+	sd	c_2,56(a0)
+
+	jr	ra
+END(bn_sqr_comba4)
diff --git a/crypto/bn/asm/pa-risc2.s b/crypto/bn/asm/pa-risc2.s
index c2725996a4..af9730d062 100644
--- a/crypto/bn/asm/pa-risc2.s
+++ b/crypto/bn/asm/pa-risc2.s
@@ -1,416 +1,1618 @@
-	.SPACE $PRIVATE$
-	.SUBSPA $DATA$,QUAD=1,ALIGN=8,ACCESS=31
-	.SUBSPA $BSS$,QUAD=1,ALIGN=8,ACCESS=31,ZERO,SORT=82
-	.SPACE $TEXT$
-	.SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=44
-	.SUBSPA $CODE$,QUAD=0,ALIGN=8,ACCESS=44,CODE_ONLY
-	.IMPORT $global$,DATA
-	.IMPORT $$dyncall,MILLICODE
-; gcc_compiled.:
-	.SPACE $TEXT$
-	.SUBSPA $CODE$
-
-	.align 4
-	.EXPORT bn_mul_add_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+;
+; PA-RISC 2.0 implementation of bn_asm code, based on the
+; 64-bit version of the code.  This code is effectively the
+; same as the 64-bit version except the register model is
+; slightly different given all values must be 32-bit between
+; function calls.  Thus the 64-bit return values are returned
+; in %ret0 and %ret1 vs just %ret0 as is done in 64-bit
+;
+;
+; This code is approximately 2x faster than the C version
+; for RSA/DSA.
+;
+; See http://devresource.hp.com/  for more details on the PA-RISC
+; architecture.  Also see the book "PA-RISC 2.0 Architecture"
+; by Gerry Kane for information on the instruction set architecture.
+;
+; Code written by Chris Ruemmler (with some help from the HP C
+; compiler).
+;
+; The code compiles with HP's assembler
+;
+
+	.level	2.0N
+	.space	$TEXT$
+	.subspa	$CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY
+
+;
+; Global Register definitions used for the routines.
+;
+; Some information about HP's runtime architecture for 32-bits.
+;
+; "Caller save" means the calling function must save the register
+; if it wants the register to be preserved.
+; "Callee save" means if a function uses the register, it must save
+; the value before using it.
+;
+; For the floating point registers 
+;
+;    "caller save" registers: fr4-fr11, fr22-fr31
+;    "callee save" registers: fr12-fr21
+;    "special" registers: fr0-fr3 (status and exception registers)
+;
+; For the integer registers
+;     value zero             :  r0
+;     "caller save" registers: r1,r19-r26
+;     "callee save" registers: r3-r18
+;     return register        :  r2  (rp)
+;     return values          ; r28,r29  (ret0,ret1)
+;     Stack pointer          ; r30  (sp) 
+;     millicode return ptr   ; r31  (also a caller save register)
+
+
+;
+; Arguments to the routines
+;
+r_ptr       .reg %r26
+a_ptr       .reg %r25
+b_ptr       .reg %r24
+num         .reg %r24
+n           .reg %r23
+
+;
+; Note that the "w" argument for bn_mul_add_words and bn_mul_words
+; is passed on the stack at a delta of -56 from the top of stack
+; as the routine is entered.
+;
+
+;
+; Globals used in some routines
+;
+
+top_overflow .reg %r23
+high_mask    .reg %r22    ; value 0xffffffff80000000L
+
+
+;------------------------------------------------------------------------------
+;
+; bn_mul_add_words
+;
+;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr, 
+;								int num, BN_ULONG w)
+;
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg3 = num
+; -56(sp) =  w
+;
+; Local register definitions
+;
+
+fm1          .reg %fr22
+fm           .reg %fr23
+ht_temp      .reg %fr24
+ht_temp_1    .reg %fr25
+lt_temp      .reg %fr26
+lt_temp_1    .reg %fr27
+fm1_1        .reg %fr28
+fm_1         .reg %fr29
+
+fw_h         .reg %fr7L
+fw_l         .reg %fr7R
+fw           .reg %fr7
+
+fht_0        .reg %fr8L
+flt_0        .reg %fr8R
+t_float_0    .reg %fr8
+
+fht_1        .reg %fr9L
+flt_1        .reg %fr9R
+t_float_1    .reg %fr9
+
+tmp_0        .reg %r31
+tmp_1        .reg %r21
+m_0          .reg %r20 
+m_1          .reg %r19 
+ht_0         .reg %r1  
+ht_1         .reg %r3
+lt_0         .reg %r4
+lt_1         .reg %r5
+m1_0         .reg %r6 
+m1_1         .reg %r7 
+rp_val       .reg %r8
+rp_val_1     .reg %r9
+
 bn_mul_add_words
-	.PROC
-	.CALLINFO FRAME=64,CALLS,SAVE_RP,ENTRY_GR=4
-	.ENTRY
-	stw %r2,-20(0,%r30)
-	stwm %r4,64(0,%r30)
-	copy %r24,%r31
-	stw %r3,-60(0,%r30)
-	ldi 0,%r20
-	ldo 12(%r26),%r2
-	stw %r23,-16(0,%r30)
-	copy %r25,%r3
-	ldo 12(%r3),%r1
-	fldws -16(0,%r30),%fr8L
-L$0010
-	copy %r20,%r25
-	ldi 0,%r24
-	fldws 0(0,%r3),%fr9L
-	ldw 0(0,%r26),%r19
-	xmpyu %fr8L,%fr9L,%fr9
-	fstds %fr9,-16(0,%r30)
-	copy %r19,%r23
-	ldw -16(0,%r30),%r28
-	ldw -12(0,%r30),%r29
-	ldi 0,%r22
-	add %r23,%r29,%r29
-	addc %r22,%r28,%r28
-	add %r25,%r29,%r29
-	addc %r24,%r28,%r28
-	copy %r28,%r21
-	ldi 0,%r20
-	copy %r21,%r20
-	addib,= -1,%r31,L$0011
-	stw %r29,0(0,%r26)
-	copy %r20,%r25
-	ldi 0,%r24
-	fldws -8(0,%r1),%fr9L
-	ldw -8(0,%r2),%r19
-	xmpyu %fr8L,%fr9L,%fr9
-	fstds %fr9,-16(0,%r30)
-	copy %r19,%r23
-	ldw -16(0,%r30),%r28
-	ldw -12(0,%r30),%r29
-	ldi 0,%r22
-	add %r23,%r29,%r29
-	addc %r22,%r28,%r28
-	add %r25,%r29,%r29
-	addc %r24,%r28,%r28
-	copy %r28,%r21
-	ldi 0,%r20
-	copy %r21,%r20
-	addib,= -1,%r31,L$0011
-	stw %r29,-8(0,%r2)
-	copy %r20,%r25
-	ldi 0,%r24
-	fldws -4(0,%r1),%fr9L
-	ldw -4(0,%r2),%r19
-	xmpyu %fr8L,%fr9L,%fr9
-	fstds %fr9,-16(0,%r30)
-	copy %r19,%r23
-	ldw -16(0,%r30),%r28
-	ldw -12(0,%r30),%r29
-	ldi 0,%r22
-	add %r23,%r29,%r29
-	addc %r22,%r28,%r28
-	add %r25,%r29,%r29
-	addc %r24,%r28,%r28
-	copy %r28,%r21
-	ldi 0,%r20
-	copy %r21,%r20
-	addib,= -1,%r31,L$0011
-	stw %r29,-4(0,%r2)
-	copy %r20,%r25
-	ldi 0,%r24
-	fldws 0(0,%r1),%fr9L
-	ldw 0(0,%r2),%r19
-	xmpyu %fr8L,%fr9L,%fr9
-	fstds %fr9,-16(0,%r30)
-	copy %r19,%r23
-	ldw -16(0,%r30),%r28
-	ldw -12(0,%r30),%r29
-	ldi 0,%r22
-	add %r23,%r29,%r29
-	addc %r22,%r28,%r28
-	add %r25,%r29,%r29
-	addc %r24,%r28,%r28
-	copy %r28,%r21
-	ldi 0,%r20
-	copy %r21,%r20
-	addib,= -1,%r31,L$0011
-	stw %r29,0(0,%r2)
-	ldo 16(%r1),%r1
-	ldo 16(%r3),%r3
-	ldo 16(%r2),%r2
-	bl L$0010,0
-	ldo 16(%r26),%r26
-L$0011
-	copy %r20,%r28
-	ldw -84(0,%r30),%r2
-	ldw -60(0,%r30),%r3
-	bv 0(%r2)
-	ldwm -64(0,%r30),%r4
-	.EXIT
-	.PROCEND
-	.align 4
-	.EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+	.export	bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN
+	.proc
+	.callinfo frame=128
+    .entry
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+	NOP                         ; Needed to make the loop 16-byte aligned
+	NOP                         ; needed to make the loop 16-byte aligned
+
+    STD     %r5,16(%sp)         ; save r5  
+	NOP
+    STD     %r6,24(%sp)         ; save r6  
+    STD     %r7,32(%sp)         ; save r7  
+
+    STD     %r8,40(%sp)         ; save r8  
+    STD     %r9,48(%sp)         ; save r9  
+    COPY    %r0,%ret1           ; return 0 by default
+    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
+
+    CMPIB,>= 0,num,bn_mul_add_words_exit  ; if (num <= 0) then exit
+	LDO     128(%sp),%sp        ; bump stack
+
+	;
+	; The loop is unrolled twice, so if there is only 1 number
+    ; then go straight to the cleanup code.
+	;
+	CMPIB,= 1,num,bn_mul_add_words_single_top
+	FLDD    -184(%sp),fw        ; (-56-128) load up w into fw (fw_h/fw_l)
+
+	;
+	; This loop is unrolled 2 times (64-byte aligned as well)
+	;
+	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
+    ; two 32-bit mutiplies can be issued per cycle.
+    ; 
+bn_mul_add_words_unroll2
+
+    FLDD    0(a_ptr),t_float_0       ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    FLDD    8(a_ptr),t_float_1       ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    LDD     0(r_ptr),rp_val          ; rp[0]
+    LDD     8(r_ptr),rp_val_1        ; rp[1]
+
+    XMPYU   fht_0,fw_l,fm1           ; m1[0] = fht_0*fw_l
+    XMPYU   fht_1,fw_l,fm1_1         ; m1[1] = fht_1*fw_l
+    FSTD    fm1,-16(%sp)             ; -16(sp) = m1[0]
+    FSTD    fm1_1,-48(%sp)           ; -48(sp) = m1[1]
+
+    XMPYU   flt_0,fw_h,fm            ; m[0] = flt_0*fw_h
+    XMPYU   flt_1,fw_h,fm_1          ; m[1] = flt_1*fw_h
+    FSTD    fm,-8(%sp)               ; -8(sp) = m[0]
+    FSTD    fm_1,-40(%sp)            ; -40(sp) = m[1]
+
+    XMPYU   fht_0,fw_h,ht_temp       ; ht_temp   = fht_0*fw_h
+    XMPYU   fht_1,fw_h,ht_temp_1     ; ht_temp_1 = fht_1*fw_h
+    FSTD    ht_temp,-24(%sp)         ; -24(sp)   = ht_temp
+    FSTD    ht_temp_1,-56(%sp)       ; -56(sp)   = ht_temp_1
+
+    XMPYU   flt_0,fw_l,lt_temp       ; lt_temp = lt*fw_l
+    XMPYU   flt_1,fw_l,lt_temp_1     ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)         ; -32(sp) = lt_temp 
+    FSTD    lt_temp_1,-64(%sp)       ; -64(sp) = lt_temp_1 
+
+    LDD     -8(%sp),m_0              ; m[0] 
+    LDD     -40(%sp),m_1             ; m[1]
+    LDD     -16(%sp),m1_0            ; m1[0]
+    LDD     -48(%sp),m1_1            ; m1[1]
+
+    LDD     -24(%sp),ht_0            ; ht[0]
+    LDD     -56(%sp),ht_1            ; ht[1]
+    ADD,L   m1_0,m_0,tmp_0           ; tmp_0 = m[0] + m1[0]; 
+    ADD,L   m1_1,m_1,tmp_1           ; tmp_1 = m[1] + m1[1]; 
+
+    LDD     -32(%sp),lt_0            
+    LDD     -64(%sp),lt_1            
+    CMPCLR,*>>= tmp_0,m1_0, %r0      ; if (m[0] < m1[0])
+    ADD,L   ht_0,top_overflow,ht_0   ; ht[0] += (1<<32)
+
+    CMPCLR,*>>= tmp_1,m1_1,%r0       ; if (m[1] < m1[1])
+    ADD,L   ht_1,top_overflow,ht_1   ; ht[1] += (1<<32)
+    EXTRD,U tmp_0,31,32,m_0          ; m[0]>>32  
+    DEPD,Z  tmp_0,31,32,m1_0         ; m1[0] = m[0]<<32 
+
+    EXTRD,U tmp_1,31,32,m_1          ; m[1]>>32  
+    DEPD,Z  tmp_1,31,32,m1_1         ; m1[1] = m[1]<<32 
+    ADD,L   ht_0,m_0,ht_0            ; ht[0]+= (m[0]>>32)
+    ADD,L   ht_1,m_1,ht_1            ; ht[1]+= (m[1]>>32)
+
+    ADD     lt_0,m1_0,lt_0           ; lt[0] = lt[0]+m1[0];
+	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+    ADD     lt_1,m1_1,lt_1           ; lt[1] = lt[1]+m1[1];
+    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
+
+    ADD    %ret1,lt_0,lt_0           ; lt[0] = lt[0] + c;
+	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+    ADD     lt_0,rp_val,lt_0         ; lt[0] = lt[0]+rp[0]
+    ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+
+	LDO    -2(num),num               ; num = num - 2;
+    ADD     ht_0,lt_1,lt_1           ; lt[1] = lt[1] + ht_0 (c);
+    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
+    STD     lt_0,0(r_ptr)            ; rp[0] = lt[0]
+
+    ADD     lt_1,rp_val_1,lt_1       ; lt[1] = lt[1]+rp[1]
+    ADD,DC  ht_1,%r0,%ret1           ; ht[1]++
+    LDO     16(a_ptr),a_ptr          ; a_ptr += 2
+
+    STD     lt_1,8(r_ptr)            ; rp[1] = lt[1]
+	CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do
+    LDO     16(r_ptr),r_ptr          ; r_ptr += 2
+
+    CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one
+
+	;
+	; Top of loop aligned on 64-byte boundary
+	;
+bn_mul_add_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    LDD     0(r_ptr),rp_val           ; rp[0]
+    LDO     8(a_ptr),a_ptr            ; a_ptr++
+    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+
+    LDD     -8(%sp),m_0               
+    LDD    -16(%sp),m1_0              ; m1 = temp1 
+    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
+    LDD     -24(%sp),ht_0             
+    LDD     -32(%sp),lt_0             
+
+    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,tmp_0           ; tmp_0 = lt+m1;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+    ADD     %ret1,tmp_0,lt_0          ; lt = lt + c;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+    ADD     lt_0,rp_val,lt_0          ; lt = lt+rp[0]
+    ADD,DC  ht_0,%r0,%ret1            ; ht++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+
+bn_mul_add_words_exit
+    .EXIT
+	
+    EXTRD,U %ret1,31,32,%ret0         ; for 32-bit, return in ret0/ret1
+    LDD     -80(%sp),%r9              ; restore r9  
+    LDD     -88(%sp),%r8              ; restore r8  
+    LDD     -96(%sp),%r7              ; restore r7  
+    LDD     -104(%sp),%r6             ; restore r6  
+    LDD     -112(%sp),%r5             ; restore r5  
+    LDD     -120(%sp),%r4             ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3             ; restore r3
+	.PROCEND	;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+;
+; arg0 = rp
+; arg1 = ap
+; arg3 = num
+; w on stack at -56(sp)
+
 bn_mul_words
-	.PROC
-	.CALLINFO FRAME=64,CALLS,SAVE_RP,ENTRY_GR=3
-	.ENTRY
-	stw %r2,-20(0,%r30)
-	copy %r25,%r2
-	stwm %r4,64(0,%r30)
-	copy %r24,%r19
-	ldi 0,%r28
-	stw %r23,-16(0,%r30)
-	ldo 12(%r26),%r31
-	ldo 12(%r2),%r29
-	fldws -16(0,%r30),%fr8L
-L$0026
-	fldws 0(0,%r2),%fr9L
-	xmpyu %fr8L,%fr9L,%fr9
-	fstds %fr9,-16(0,%r30)
-	copy %r28,%r21
-	ldi 0,%r20
-	ldw -16(0,%r30),%r24
-	ldw -12(0,%r30),%r25
-	add %r21,%r25,%r25
-	addc %r20,%r24,%r24
-	copy %r24,%r23
-	ldi 0,%r22
-	copy %r23,%r28
-	addib,= -1,%r19,L$0027
-	stw %r25,0(0,%r26)
-	fldws -8(0,%r29),%fr9L
-	xmpyu %fr8L,%fr9L,%fr9
-	fstds %fr9,-16(0,%r30)
-	copy %r28,%r21
-	ldi 0,%r20
-	ldw -16(0,%r30),%r24
-	ldw -12(0,%r30),%r25
-	add %r21,%r25,%r25
-	addc %r20,%r24,%r24
-	copy %r24,%r23
-	ldi 0,%r22
-	copy %r23,%r28
-	addib,= -1,%r19,L$0027
-	stw %r25,-8(0,%r31)
-	fldws -4(0,%r29),%fr9L
-	xmpyu %fr8L,%fr9L,%fr9
-	fstds %fr9,-16(0,%r30)
-	copy %r28,%r21
-	ldi 0,%r20
-	ldw -16(0,%r30),%r24
-	ldw -12(0,%r30),%r25
-	add %r21,%r25,%r25
-	addc %r20,%r24,%r24
-	copy %r24,%r23
-	ldi 0,%r22
-	copy %r23,%r28
-	addib,= -1,%r19,L$0027
-	stw %r25,-4(0,%r31)
-	fldws 0(0,%r29),%fr9L
-	xmpyu %fr8L,%fr9L,%fr9
-	fstds %fr9,-16(0,%r30)
-	copy %r28,%r21
-	ldi 0,%r20
-	ldw -16(0,%r30),%r24
-	ldw -12(0,%r30),%r25
-	add %r21,%r25,%r25
-	addc %r20,%r24,%r24
-	copy %r24,%r23
-	ldi 0,%r22
-	copy %r23,%r28
-	addib,= -1,%r19,L$0027
-	stw %r25,0(0,%r31)
-	ldo 16(%r29),%r29
-	ldo 16(%r2),%r2
-	ldo 16(%r31),%r31
-	bl L$0026,0
-	ldo 16(%r26),%r26
-L$0027
-	ldw -84(0,%r30),%r2
-	bv 0(%r2)
-	ldwm -64(0,%r30),%r4
-	.EXIT
-	.PROCEND
-	.align 4
-	.EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR
+	.proc
+	.callinfo frame=128
+    .entry
+	.EXPORT	bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+	NOP
+    STD     %r5,16(%sp)         ; save r5  
+
+    STD     %r6,24(%sp)         ; save r6  
+    STD     %r7,32(%sp)         ; save r7  
+    COPY    %r0,%ret1           ; return 0 by default
+    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
+
+    CMPIB,>= 0,num,bn_mul_words_exit
+	LDO     128(%sp),%sp    ; bump stack
+
+	;
+	; See if only 1 word to do, thus just do cleanup
+	;
+	CMPIB,= 1,num,bn_mul_words_single_top
+	FLDD    -184(%sp),fw        ; (-56-128) load up w into fw (fw_h/fw_l)
+
+	;
+	; This loop is unrolled 2 times (64-byte aligned as well)
+	;
+	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
+    ; two 32-bit mutiplies can be issued per cycle.
+    ; 
+bn_mul_words_unroll2
+
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    FLDD    8(a_ptr),t_float_1        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    XMPYU   fht_0,fw_l,fm1            ; m1[0] = fht_0*fw_l
+    XMPYU   fht_1,fw_l,fm1_1          ; m1[1] = ht*fw_l
+
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    FSTD    fm1_1,-48(%sp)            ; -48(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    XMPYU   flt_1,fw_h,fm_1           ; m = lt*fw_h
+
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    FSTD    fm_1,-40(%sp)             ; -40(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = fht_0*fw_h
+    XMPYU   fht_1,fw_h,ht_temp_1      ; ht_temp = ht*fw_h
+
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    FSTD    ht_temp_1,-56(%sp)        ; -56(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    XMPYU   flt_1,fw_l,lt_temp_1      ; lt_temp = lt*fw_l
+
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+    FSTD    lt_temp_1,-64(%sp)        ; -64(sp) = lt 
+    LDD     -8(%sp),m_0               
+    LDD     -40(%sp),m_1              
+
+    LDD    -16(%sp),m1_0              
+    LDD    -48(%sp),m1_1              
+    LDD     -24(%sp),ht_0             
+    LDD     -56(%sp),ht_1             
+
+    ADD,L   m1_0,m_0,tmp_0            ; tmp_0 = m + m1; 
+    ADD,L   m1_1,m_1,tmp_1            ; tmp_1 = m + m1; 
+    LDD     -32(%sp),lt_0             
+    LDD     -64(%sp),lt_1             
+
+    CMPCLR,*>>= tmp_0,m1_0, %r0       ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+    CMPCLR,*>>= tmp_1,m1_1,%r0        ; if (m < m1)
+    ADD,L   ht_1,top_overflow,ht_1    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+    EXTRD,U tmp_1,31,32,m_1           ; m>>32  
+    DEPD,Z  tmp_1,31,32,m1_1          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD,L   ht_1,m_1,ht_1             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,lt_0            ; lt = lt+m1;
+	ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     lt_1,m1_1,lt_1            ; lt = lt+m1;
+    ADD,DC  ht_1,%r0,ht_1             ; ht++
+    ADD    %ret1,lt_0,lt_0            ; lt = lt + c (ret1);
+	ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     ht_0,lt_1,lt_1            ; lt = lt + c (ht_0)
+    ADD,DC  ht_1,%r0,ht_1             ; ht++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+    STD     lt_1,8(r_ptr)             ; rp[1] = lt
+
+	COPY    ht_1,%ret1                ; carry = ht
+	LDO    -2(num),num                ; num = num - 2;
+    LDO     16(a_ptr),a_ptr           ; ap += 2
+	CMPIB,<= 2,num,bn_mul_words_unroll2
+    LDO     16(r_ptr),r_ptr           ; rp++
+
+    CMPIB,=,N 0,num,bn_mul_words_exit ; are we done?
+
+	;
+	; Top of loop aligned on 64-byte boundary
+	;
+bn_mul_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+
+    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+
+    LDD     -8(%sp),m_0               
+    LDD    -16(%sp),m1_0              
+    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
+    LDD     -24(%sp),ht_0             
+    LDD     -32(%sp),lt_0             
+
+    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,lt_0            ; lt= lt+m1;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     %ret1,lt_0,lt_0           ; lt = lt + c;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    COPY    ht_0,%ret1                ; copy carry
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+
+bn_mul_words_exit
+    .EXIT
+    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
+    LDD     -96(%sp),%r7              ; restore r7  
+    LDD     -104(%sp),%r6             ; restore r6  
+    LDD     -112(%sp),%r5             ; restore r5  
+    LDD     -120(%sp),%r4             ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3             ; restore r3
+	.PROCEND	
+
+;----------------------------------------------------------------------------
+;
+;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
+;
+; arg0 = rp
+; arg1 = ap
+; arg2 = num
+;
+
 bn_sqr_words
+	.proc
+	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+	.EXPORT	bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+	NOP
+    STD     %r5,16(%sp)         ; save r5  
+
+    CMPIB,>= 0,num,bn_sqr_words_exit
+	LDO     128(%sp),%sp       ; bump stack
+
+	;
+	; If only 1, the goto straight to cleanup
+	;
+	CMPIB,= 1,num,bn_sqr_words_single_top
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+
+	;
+	; This loop is unrolled 2 times (64-byte aligned as well)
+	;
+
+bn_sqr_words_unroll2
+    FLDD    0(a_ptr),t_float_0        ; a[0]
+    FLDD    8(a_ptr),t_float_1        ; a[1]
+    XMPYU   fht_0,flt_0,fm            ; m[0]
+    XMPYU   fht_1,flt_1,fm_1          ; m[1]
+
+    FSTD    fm,-24(%sp)               ; store m[0]
+    FSTD    fm_1,-56(%sp)             ; store m[1]
+    XMPYU   flt_0,flt_0,lt_temp       ; lt[0]
+    XMPYU   flt_1,flt_1,lt_temp_1     ; lt[1]
+
+    FSTD    lt_temp,-16(%sp)          ; store lt[0]
+    FSTD    lt_temp_1,-48(%sp)        ; store lt[1]
+    XMPYU   fht_0,fht_0,ht_temp       ; ht[0]
+    XMPYU   fht_1,fht_1,ht_temp_1     ; ht[1]
+
+    FSTD    ht_temp,-8(%sp)           ; store ht[0]
+    FSTD    ht_temp_1,-40(%sp)        ; store ht[1]
+    LDD     -24(%sp),m_0             
+    LDD     -56(%sp),m_1              
+
+    AND     m_0,high_mask,tmp_0       ; m[0] & Mask
+    AND     m_1,high_mask,tmp_1       ; m[1] & Mask
+    DEPD,Z  m_0,30,31,m_0             ; m[0] << 32+1
+    DEPD,Z  m_1,30,31,m_1             ; m[1] << 32+1
+
+    LDD     -16(%sp),lt_0        
+    LDD     -48(%sp),lt_1        
+    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m[0]&Mask >> 32-1
+    EXTRD,U tmp_1,32,33,tmp_1         ; tmp_1 = m[1]&Mask >> 32-1
+
+    LDD     -8(%sp),ht_0            
+    LDD     -40(%sp),ht_1           
+    ADD,L   ht_0,tmp_0,ht_0           ; ht[0] += tmp_0
+    ADD,L   ht_1,tmp_1,ht_1           ; ht[1] += tmp_1
+
+    ADD     lt_0,m_0,lt_0             ; lt = lt+m
+    ADD,DC  ht_0,%r0,ht_0             ; ht[0]++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt[0]
+    STD     ht_0,8(r_ptr)             ; rp[1] = ht[1]
+
+    ADD     lt_1,m_1,lt_1             ; lt = lt+m
+    ADD,DC  ht_1,%r0,ht_1             ; ht[1]++
+    STD     lt_1,16(r_ptr)            ; rp[2] = lt[1]
+    STD     ht_1,24(r_ptr)            ; rp[3] = ht[1]
+
+	LDO    -2(num),num                ; num = num - 2;
+    LDO     16(a_ptr),a_ptr           ; ap += 2
+	CMPIB,<= 2,num,bn_sqr_words_unroll2
+    LDO     32(r_ptr),r_ptr           ; rp += 4
+
+    CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done?
+
+	;
+	; Top of loop aligned on 64-byte boundary
+	;
+bn_sqr_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+
+    XMPYU   fht_0,flt_0,fm            ; m
+    FSTD    fm,-24(%sp)               ; store m
+
+    XMPYU   flt_0,flt_0,lt_temp       ; lt
+    FSTD    lt_temp,-16(%sp)          ; store lt
+
+    XMPYU   fht_0,fht_0,ht_temp       ; ht
+    FSTD    ht_temp,-8(%sp)           ; store ht
+
+    LDD     -24(%sp),m_0              ; load m
+    AND     m_0,high_mask,tmp_0       ; m & Mask
+    DEPD,Z  m_0,30,31,m_0             ; m << 32+1
+    LDD     -16(%sp),lt_0             ; lt
+
+    LDD     -8(%sp),ht_0              ; ht
+    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m&Mask >> 32-1
+    ADD     m_0,lt_0,lt_0             ; lt = lt+m
+    ADD,L   ht_0,tmp_0,ht_0           ; ht += tmp_0
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+    STD     ht_0,8(r_ptr)             ; rp[1] = ht
+
+bn_sqr_words_exit
+    .EXIT
+    LDD     -112(%sp),%r5       ; restore r5  
+    LDD     -120(%sp),%r4       ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3 
+	.PROCEND	;in=23,24,25,26,29;out=28;
+
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+;
+; arg0 = rp 
+; arg1 = ap
+; arg2 = bp 
+; arg3 = n
+
+t  .reg %r22
+b  .reg %r21
+l  .reg %r20
+
+bn_add_words
+	.proc
+    .entry
+	.callinfo
+	.EXPORT	bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+	.align 64
+
+    CMPIB,>= 0,n,bn_add_words_exit
+    COPY    %r0,%ret1           ; return 0 by default
+
+	;
+	; If 2 or more numbers do the loop
+	;
+	CMPIB,= 1,n,bn_add_words_single_top
+	NOP
+
+	;
+	; This loop is unrolled 2 times (64-byte aligned as well)
+	;
+bn_add_words_unroll2
+	LDD     0(a_ptr),t
+	LDD     0(b_ptr),b
+	ADD     t,%ret1,t                    ; t = t+c;
+	ADD,DC  %r0,%r0,%ret1                ; set c to carry
+	ADD     t,b,l                        ; l = t + b[0]
+	ADD,DC  %ret1,%r0,%ret1              ; c+= carry
+	STD     l,0(r_ptr)
+
+	LDD     8(a_ptr),t
+	LDD     8(b_ptr),b
+	ADD     t,%ret1,t                     ; t = t+c;
+	ADD,DC  %r0,%r0,%ret1                 ; set c to carry
+	ADD     t,b,l                         ; l = t + b[0]
+	ADD,DC  %ret1,%r0,%ret1               ; c+= carry
+	STD     l,8(r_ptr)
+
+	LDO     -2(n),n
+	LDO     16(a_ptr),a_ptr
+	LDO     16(b_ptr),b_ptr
+
+	CMPIB,<= 2,n,bn_add_words_unroll2
+	LDO     16(r_ptr),r_ptr
+
+    CMPIB,=,N 0,n,bn_add_words_exit ; are we done?
+
+bn_add_words_single_top
+	LDD     0(a_ptr),t
+	LDD     0(b_ptr),b
+
+	ADD     t,%ret1,t                 ; t = t+c;
+	ADD,DC  %r0,%r0,%ret1             ; set c to carry (could use CMPCLR??)
+	ADD     t,b,l                     ; l = t + b[0]
+	ADD,DC  %ret1,%r0,%ret1           ; c+= carry
+	STD     l,0(r_ptr)
+
+bn_add_words_exit
+    .EXIT
+    BVE     (%rp)
+    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
+	.PROCEND	;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+;
+; arg0 = rp 
+; arg1 = ap
+; arg2 = bp 
+; arg3 = n
+
+t1       .reg %r22
+t2       .reg %r21
+sub_tmp1 .reg %r20
+sub_tmp2 .reg %r19
+
+
+bn_sub_words
+	.proc
+	.callinfo 
+	.EXPORT	bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+	.align 64
+
+    CMPIB,>=  0,n,bn_sub_words_exit
+    COPY    %r0,%ret1           ; return 0 by default
+
+	;
+	; If 2 or more numbers do the loop
+	;
+	CMPIB,= 1,n,bn_sub_words_single_top
+	NOP
+
+	;
+	; This loop is unrolled 2 times (64-byte aligned as well)
+	;
+bn_sub_words_unroll2
+	LDD     0(a_ptr),t1
+	LDD     0(b_ptr),t2
+	SUB     t1,t2,sub_tmp1           ; t3 = t1-t2; 
+	SUB     sub_tmp1,%ret1,sub_tmp1  ; t3 = t3- c; 
+
+	CMPCLR,*>> t1,t2,sub_tmp2        ; clear if t1 > t2
+	LDO      1(%r0),sub_tmp2
+	
+	CMPCLR,*= t1,t2,%r0
+	COPY    sub_tmp2,%ret1
+	STD     sub_tmp1,0(r_ptr)
+
+	LDD     8(a_ptr),t1
+	LDD     8(b_ptr),t2
+	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
+	SUB     sub_tmp1,%ret1,sub_tmp1   ; t3 = t3- c; 
+	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
+	LDO      1(%r0),sub_tmp2
+	
+	CMPCLR,*= t1,t2,%r0
+	COPY    sub_tmp2,%ret1
+	STD     sub_tmp1,8(r_ptr)
+
+	LDO     -2(n),n
+	LDO     16(a_ptr),a_ptr
+	LDO     16(b_ptr),b_ptr
+
+	CMPIB,<= 2,n,bn_sub_words_unroll2
+	LDO     16(r_ptr),r_ptr
+
+    CMPIB,=,N 0,n,bn_sub_words_exit ; are we done?
+
+bn_sub_words_single_top
+	LDD     0(a_ptr),t1
+	LDD     0(b_ptr),t2
+	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
+	SUB     sub_tmp1,%ret1,sub_tmp1   ; t3 = t3- c; 
+	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
+	LDO      1(%r0),sub_tmp2
+	
+	CMPCLR,*= t1,t2,%r0
+	COPY    sub_tmp2,%ret1
+
+	STD     sub_tmp1,0(r_ptr)
+
+bn_sub_words_exit
+    .EXIT
+    BVE     (%rp)
+    EXTRD,U %ret1,31,32,%ret0           ; for 32-bit, return in ret0/ret1
+	.PROCEND	;in=23,24,25,26,29;out=28;
+
+;------------------------------------------------------------------------------
+;
+; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d)
+;
+; arg0 = h
+; arg1 = l
+; arg2 = d
+;
+; This is mainly just output from the HP C compiler.  
+;
+;------------------------------------------------------------------------------
+bn_div_words
 	.PROC
-	.CALLINFO FRAME=0,NO_CALLS
-	.ENTRY
-	ldo 28(%r26),%r19
-	ldo 12(%r25),%r28
-L$0042
-	fldws 0(0,%r25),%fr8L
-	fldws 0(0,%r25),%fr8R
-	xmpyu %fr8L,%fr8R,%fr8
-	fstds %fr8,-16(0,%r30)
-	ldw -16(0,%r30),%r22
-	ldw -12(0,%r30),%r23
-	stw %r23,0(0,%r26)
-	copy %r22,%r21
-	ldi 0,%r20
-	addib,= -1,%r24,L$0049
-	stw %r21,-24(0,%r19)
-	fldws -8(0,%r28),%fr8L
-	fldws -8(0,%r28),%fr8R
-	xmpyu %fr8L,%fr8R,%fr8
-	fstds %fr8,-16(0,%r30)
-	ldw -16(0,%r30),%r22
-	ldw -12(0,%r30),%r23
-	stw %r23,-20(0,%r19)
-	copy %r22,%r21
-	ldi 0,%r20
-	addib,= -1,%r24,L$0049
-	stw %r21,-16(0,%r19)
-	fldws -4(0,%r28),%fr8L
-	fldws -4(0,%r28),%fr8R
-	xmpyu %fr8L,%fr8R,%fr8
-	fstds %fr8,-16(0,%r30)
-	ldw -16(0,%r30),%r22
-	ldw -12(0,%r30),%r23
-	stw %r23,-12(0,%r19)
-	copy %r22,%r21
-	ldi 0,%r20
-	addib,= -1,%r24,L$0049
-	stw %r21,-8(0,%r19)
-	fldws 0(0,%r28),%fr8L
-	fldws 0(0,%r28),%fr8R
-	xmpyu %fr8L,%fr8R,%fr8
-	fstds %fr8,-16(0,%r30)
-	ldw -16(0,%r30),%r22
-	ldw -12(0,%r30),%r23
-	stw %r23,-4(0,%r19)
-	copy %r22,%r21
-	ldi 0,%r20
-	addib,= -1,%r24,L$0049
-	stw %r21,0(0,%r19)
-	ldo 16(%r28),%r28
-	ldo 16(%r25),%r25
-	ldo 32(%r19),%r19
-	bl L$0042,0
-	ldo 32(%r26),%r26
-L$0049
-	bv,n 0(%r2)
-	.EXIT
-	.PROCEND
-	.IMPORT BN_num_bits_word,CODE
-	.IMPORT fprintf,CODE
-	.IMPORT __iob,DATA
-	.SPACE $TEXT$
-	.SUBSPA $LIT$
-
-	.align 4
-L$C0000
-	.STRING "Division would overflow (%d)\x0a\x00"
-	.IMPORT abort,CODE
-	.SPACE $TEXT$
-	.SUBSPA $CODE$
-
-	.align 4
-	.EXPORT bn_div64,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR
-bn_div64
+	.EXPORT	bn_div_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR,LONG_RETURN
+	.IMPORT	BN_num_bits_word,CODE
+	.IMPORT	__iob,DATA
+	.IMPORT	fprintf,CODE
+	.IMPORT	abort,CODE
+	.IMPORT	$$div2U,MILLICODE
+	.CALLINFO CALLER,FRAME=144,ENTRY_GR=%r9,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
+        .ENTRY
+        STW     %r2,-20(%r30)   ;offset 0x8ec
+        STW,MA  %r3,192(%r30)   ;offset 0x8f0
+        STW     %r4,-188(%r30)  ;offset 0x8f4
+        DEPD    %r5,31,32,%r6   ;offset 0x8f8
+        STD     %r6,-184(%r30)  ;offset 0x8fc
+        DEPD    %r7,31,32,%r8   ;offset 0x900
+        STD     %r8,-176(%r30)  ;offset 0x904
+        STW     %r9,-168(%r30)  ;offset 0x908
+        LDD     -248(%r30),%r3  ;offset 0x90c
+        COPY    %r26,%r4        ;offset 0x910
+        COPY    %r24,%r5        ;offset 0x914
+        DEPD    %r25,31,32,%r4  ;offset 0x918
+        CMPB,*<>        %r3,%r0,$0006000C       ;offset 0x91c
+        DEPD    %r23,31,32,%r5  ;offset 0x920
+        MOVIB,TR        -1,%r29,$00060002       ;offset 0x924
+        EXTRD,U %r29,31,32,%r28 ;offset 0x928
+$0006002A
+        LDO     -1(%r29),%r29   ;offset 0x92c
+        SUB     %r23,%r7,%r23   ;offset 0x930
+$00060024
+        SUB     %r4,%r31,%r25   ;offset 0x934
+        AND     %r25,%r19,%r26  ;offset 0x938
+        CMPB,*<>,N      %r0,%r26,$00060046      ;offset 0x93c
+        DEPD,Z  %r25,31,32,%r20 ;offset 0x940
+        OR      %r20,%r24,%r21  ;offset 0x944
+        CMPB,*<<,N      %r21,%r23,$0006002A     ;offset 0x948
+        SUB     %r31,%r2,%r31   ;offset 0x94c
+$00060046
+$0006002E
+        DEPD,Z  %r23,31,32,%r25 ;offset 0x950
+        EXTRD,U %r23,31,32,%r26 ;offset 0x954
+        AND     %r25,%r19,%r24  ;offset 0x958
+        ADD,L   %r31,%r26,%r31  ;offset 0x95c
+        CMPCLR,*>>=     %r5,%r24,%r0    ;offset 0x960
+        LDO     1(%r31),%r31    ;offset 0x964
+$00060032
+        CMPB,*<<=,N     %r31,%r4,$00060036      ;offset 0x968
+        LDO     -1(%r29),%r29   ;offset 0x96c
+        ADD,L   %r4,%r3,%r4     ;offset 0x970
+$00060036
+        ADDIB,=,N       -1,%r8,$D0      ;offset 0x974
+        SUB     %r5,%r24,%r28   ;offset 0x978
+$0006003A
+        SUB     %r4,%r31,%r24   ;offset 0x97c
+        SHRPD   %r24,%r28,32,%r4        ;offset 0x980
+        DEPD,Z  %r29,31,32,%r9  ;offset 0x984
+        DEPD,Z  %r28,31,32,%r5  ;offset 0x988
+$0006001C
+        EXTRD,U %r4,31,32,%r31  ;offset 0x98c
+        CMPB,*<>,N      %r31,%r2,$00060020      ;offset 0x990
+        MOVB,TR %r6,%r29,$D1    ;offset 0x994
+        STD     %r29,-152(%r30) ;offset 0x998
+$0006000C
+        EXTRD,U %r3,31,32,%r25  ;offset 0x99c
+        COPY    %r3,%r26        ;offset 0x9a0
+        EXTRD,U %r3,31,32,%r9   ;offset 0x9a4
+        EXTRD,U %r4,31,32,%r8   ;offset 0x9a8
+        .CALL   ARGW0=GR,ARGW1=GR,RTNVAL=GR     ;in=25,26;out=28;
+        B,L     BN_num_bits_word,%r2    ;offset 0x9ac
+        EXTRD,U %r5,31,32,%r7   ;offset 0x9b0
+        LDI     64,%r20 ;offset 0x9b4
+        DEPD    %r7,31,32,%r5   ;offset 0x9b8
+        DEPD    %r8,31,32,%r4   ;offset 0x9bc
+        DEPD    %r9,31,32,%r3   ;offset 0x9c0
+        CMPB,=  %r28,%r20,$00060012     ;offset 0x9c4
+        COPY    %r28,%r24       ;offset 0x9c8
+        MTSARCM %r24    ;offset 0x9cc
+        DEPDI,Z -1,%sar,1,%r19  ;offset 0x9d0
+        CMPB,*>>,N      %r4,%r19,$D2    ;offset 0x9d4
+$00060012
+        SUBI    64,%r24,%r31    ;offset 0x9d8
+        CMPCLR,*<<      %r4,%r3,%r0     ;offset 0x9dc
+        SUB     %r4,%r3,%r4     ;offset 0x9e0
+$00060016
+        CMPB,=  %r31,%r0,$0006001A      ;offset 0x9e4
+        COPY    %r0,%r9 ;offset 0x9e8
+        MTSARCM %r31    ;offset 0x9ec
+        DEPD,Z  %r3,%sar,64,%r3 ;offset 0x9f0
+        SUBI    64,%r31,%r26    ;offset 0x9f4
+        MTSAR   %r26    ;offset 0x9f8
+        SHRPD   %r4,%r5,%sar,%r4        ;offset 0x9fc
+        MTSARCM %r31    ;offset 0xa00
+        DEPD,Z  %r5,%sar,64,%r5 ;offset 0xa04
+$0006001A
+        DEPDI,Z -1,31,32,%r19   ;offset 0xa08
+        AND     %r3,%r19,%r29   ;offset 0xa0c
+        EXTRD,U %r29,31,32,%r2  ;offset 0xa10
+        DEPDI,Z -1,63,32,%r6    ;offset 0xa14
+        MOVIB,TR        2,%r8,$0006001C ;offset 0xa18
+        EXTRD,U %r3,63,32,%r7   ;offset 0xa1c
+$D2
+        ADDIL   LR'__iob-$global$,%r27,%r1      ;offset 0xa20
+        LDIL    LR'C$7,%r21     ;offset 0xa24
+        LDO     RR'__iob-$global$+32(%r1),%r26  ;offset 0xa28
+        .CALL   ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR    ;in=24,25,26;out=28;
+        B,L     fprintf,%r2     ;offset 0xa2c
+        LDO     RR'C$7(%r21),%r25       ;offset 0xa30
+        .CALL           ;
+        B,L     abort,%r2       ;offset 0xa34
+        NOP             ;offset 0xa38
+        B       $D3     ;offset 0xa3c
+        LDW     -212(%r30),%r2  ;offset 0xa40
+$00060020
+        COPY    %r4,%r26        ;offset 0xa44
+        EXTRD,U %r4,31,32,%r25  ;offset 0xa48
+        COPY    %r2,%r24        ;offset 0xa4c
+        .CALL   ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL)
+        B,L     $$div2U,%r31    ;offset 0xa50
+        EXTRD,U %r2,31,32,%r23  ;offset 0xa54
+        DEPD    %r28,31,32,%r29 ;offset 0xa58
+$00060022
+        STD     %r29,-152(%r30) ;offset 0xa5c
+$D1
+        AND     %r5,%r19,%r24   ;offset 0xa60
+        EXTRD,U %r24,31,32,%r24 ;offset 0xa64
+        STW     %r2,-160(%r30)  ;offset 0xa68
+        STW     %r7,-128(%r30)  ;offset 0xa6c
+        FLDD    -152(%r30),%fr4 ;offset 0xa70
+        FLDD    -152(%r30),%fr7 ;offset 0xa74
+        FLDW    -160(%r30),%fr8L        ;offset 0xa78
+        FLDW    -128(%r30),%fr5L        ;offset 0xa7c
+        XMPYU   %fr8L,%fr7L,%fr10       ;offset 0xa80
+        FSTD    %fr10,-136(%r30)        ;offset 0xa84
+        XMPYU   %fr8L,%fr7R,%fr22       ;offset 0xa88
+        FSTD    %fr22,-144(%r30)        ;offset 0xa8c
+        XMPYU   %fr5L,%fr4L,%fr11       ;offset 0xa90
+        XMPYU   %fr5L,%fr4R,%fr23       ;offset 0xa94
+        FSTD    %fr11,-112(%r30)        ;offset 0xa98
+        FSTD    %fr23,-120(%r30)        ;offset 0xa9c
+        LDD     -136(%r30),%r28 ;offset 0xaa0
+        DEPD,Z  %r28,31,32,%r31 ;offset 0xaa4
+        LDD     -144(%r30),%r20 ;offset 0xaa8
+        ADD,L   %r20,%r31,%r31  ;offset 0xaac
+        LDD     -112(%r30),%r22 ;offset 0xab0
+        DEPD,Z  %r22,31,32,%r22 ;offset 0xab4
+        LDD     -120(%r30),%r21 ;offset 0xab8
+        B       $00060024       ;offset 0xabc
+        ADD,L   %r21,%r22,%r23  ;offset 0xac0
+$D0
+        OR      %r9,%r29,%r29   ;offset 0xac4
+$00060040
+        EXTRD,U %r29,31,32,%r28 ;offset 0xac8
+$00060002
+$L2
+        LDW     -212(%r30),%r2  ;offset 0xacc
+$D3
+        LDW     -168(%r30),%r9  ;offset 0xad0
+        LDD     -176(%r30),%r8  ;offset 0xad4
+        EXTRD,U %r8,31,32,%r7   ;offset 0xad8
+        LDD     -184(%r30),%r6  ;offset 0xadc
+        EXTRD,U %r6,31,32,%r5   ;offset 0xae0
+        LDW     -188(%r30),%r4  ;offset 0xae4
+        BVE     (%r2)   ;offset 0xae8
+        .EXIT
+        LDW,MB  -192(%r30),%r3  ;offset 0xaec
+	.PROCEND	;in=23,25;out=28,29;fpin=105,107;
+
+
+
+
+;----------------------------------------------------------------------------
+;
+; Registers to hold 64-bit values to manipulate.  The "L" part
+; of the register corresponds to the upper 32-bits, while the "R"
+; part corresponds to the lower 32-bits
+; 
+; Note, that when using b6 and b7, the code must save these before
+; using them because they are callee save registers 
+; 
+;
+; Floating point registers to use to save values that
+; are manipulated.  These don't collide with ftemp1-6 and
+; are all caller save registers
+;
+a0        .reg %fr22
+a0L       .reg %fr22L
+a0R       .reg %fr22R
+
+a1        .reg %fr23
+a1L       .reg %fr23L
+a1R       .reg %fr23R
+
+a2        .reg %fr24
+a2L       .reg %fr24L
+a2R       .reg %fr24R
+
+a3        .reg %fr25
+a3L       .reg %fr25L
+a3R       .reg %fr25R
+
+a4        .reg %fr26
+a4L       .reg %fr26L
+a4R       .reg %fr26R
+
+a5        .reg %fr27
+a5L       .reg %fr27L
+a5R       .reg %fr27R
+
+a6        .reg %fr28
+a6L       .reg %fr28L
+a6R       .reg %fr28R
+
+a7        .reg %fr29
+a7L       .reg %fr29L
+a7R       .reg %fr29R
+
+b0        .reg %fr30
+b0L       .reg %fr30L
+b0R       .reg %fr30R
+
+b1        .reg %fr31
+b1L       .reg %fr31L
+b1R       .reg %fr31R
+
+;
+; Temporary floating point variables, these are all caller save
+; registers
+;
+ftemp1    .reg %fr4
+ftemp2    .reg %fr5
+ftemp3    .reg %fr6
+ftemp4    .reg %fr7
+
+;
+; The B set of registers when used.
+;
+
+b2        .reg %fr8
+b2L       .reg %fr8L
+b2R       .reg %fr8R
+
+b3        .reg %fr9
+b3L       .reg %fr9L
+b3R       .reg %fr9R
+
+b4        .reg %fr10
+b4L       .reg %fr10L
+b4R       .reg %fr10R
+
+b5        .reg %fr11
+b5L       .reg %fr11L
+b5R       .reg %fr11R
+
+b6        .reg %fr12
+b6L       .reg %fr12L
+b6R       .reg %fr12R
+
+b7        .reg %fr13
+b7L       .reg %fr13L
+b7R       .reg %fr13R
+
+c1           .reg %r21   ; only reg
+temp1        .reg %r20   ; only reg
+temp2        .reg %r19   ; only reg
+temp3        .reg %r31   ; only reg
+
+m1           .reg %r28   
+c2           .reg %r23   
+high_one     .reg %r1
+ht           .reg %r6
+lt           .reg %r5
+m            .reg %r4
+c3           .reg %r3
+
+SQR_ADD_C  .macro  A0L,A0R,C1,C2,C3
+    XMPYU   A0L,A0R,ftemp1       ; m
+    FSTD    ftemp1,-24(%sp)      ; store m
+
+    XMPYU   A0R,A0R,ftemp2       ; lt
+    FSTD    ftemp2,-16(%sp)      ; store lt
+
+    XMPYU   A0L,A0L,ftemp3       ; ht
+    FSTD    ftemp3,-8(%sp)       ; store ht
+
+    LDD     -24(%sp),m           ; load m
+    AND     m,high_mask,temp2    ; m & Mask
+    DEPD,Z  m,30,31,temp3        ; m << 32+1
+    LDD     -16(%sp),lt          ; lt
+
+    LDD     -8(%sp),ht           ; ht
+    EXTRD,U temp2,32,33,temp1    ; temp1 = m&Mask >> 32-1
+    ADD     temp3,lt,lt          ; lt = lt+m
+    ADD,L   ht,temp1,ht          ; ht += temp1
+    ADD,DC  ht,%r0,ht            ; ht++
+
+    ADD     C1,lt,C1             ; c1=c1+lt
+    ADD,DC  ht,%r0,ht            ; ht++
+
+    ADD     C2,ht,C2             ; c2=c2+ht
+    ADD,DC  C3,%r0,C3            ; c3++
+.endm
+
+SQR_ADD_C2 .macro  A0L,A0R,A1L,A1R,C1,C2,C3
+    XMPYU   A0L,A1R,ftemp1          ; m1 = bl*ht
+    FSTD    ftemp1,-16(%sp)         ;
+    XMPYU   A0R,A1L,ftemp2          ; m = bh*lt
+    FSTD    ftemp2,-8(%sp)          ;
+    XMPYU   A0R,A1R,ftemp3          ; lt = bl*lt
+    FSTD    ftemp3,-32(%sp)
+    XMPYU   A0L,A1L,ftemp4          ; ht = bh*ht
+    FSTD    ftemp4,-24(%sp)         ;
+
+    LDD     -8(%sp),m               ; r21 = m
+    LDD     -16(%sp),m1             ; r19 = m1
+    ADD,L   m,m1,m                  ; m+m1
+
+    DEPD,Z  m,31,32,temp3           ; (m+m1<<32)
+    LDD     -24(%sp),ht             ; r24 = ht
+
+    CMPCLR,*>>= m,m1,%r0            ; if (m < m1)
+    ADD,L   ht,high_one,ht          ; ht+=high_one
+
+    EXTRD,U m,31,32,temp1           ; m >> 32
+    LDD     -32(%sp),lt             ; lt
+    ADD,L   ht,temp1,ht             ; ht+= m>>32
+    ADD     lt,temp3,lt             ; lt = lt+m1
+    ADD,DC  ht,%r0,ht               ; ht++
+
+    ADD     ht,ht,ht                ; ht=ht+ht;
+    ADD,DC  C3,%r0,C3               ; add in carry (c3++)
+
+    ADD     lt,lt,lt                ; lt=lt+lt;
+    ADD,DC  ht,%r0,ht               ; add in carry (ht++)
+
+    ADD     C1,lt,C1                ; c1=c1+lt
+    ADD,DC,*NUV ht,%r0,ht           ; add in carry (ht++)
+    LDO     1(C3),C3              ; bump c3 if overflow,nullify otherwise
+
+    ADD     C2,ht,C2                ; c2 = c2 + ht
+    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
+.endm
+
+;
+;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+; arg0 = r_ptr
+; arg1 = a_ptr
+;
+
+bn_sqr_comba8
 	.PROC
-	.CALLINFO FRAME=128,CALLS,SAVE_RP,ENTRY_GR=8
-	.ENTRY
-	stw %r2,-20(0,%r30)
-	stwm %r8,128(0,%r30)
-	stw %r7,-124(0,%r30)
-	stw %r4,-112(0,%r30)
-	stw %r3,-108(0,%r30)
-	copy %r26,%r3
-	copy %r25,%r4
-	stw %r6,-120(0,%r30)
-	ldi 0,%r7
-	stw %r5,-116(0,%r30)
-	movb,<> %r24,%r5,L$0051
-	ldi 2,%r6
-	bl L$0068,0
-	ldi -1,%r28
-L$0051
-	.CALL ARGW0=GR
-	bl BN_num_bits_word,%r2
-	copy %r5,%r26
-	copy %r28,%r24
-	ldi 32,%r19
-	comb,= %r19,%r24,L$0052
-	subi 31,%r24,%r19
-	mtsar %r19
-	zvdepi 1,32,%r19
-	comb,>>= %r19,%r3,L$0052
-	addil LR'__iob-$global$+32,%r27
-	ldo RR'__iob-$global$+32(%r1),%r26
-	ldil LR'L$C0000,%r25
-	.CALL ARGW0=GR,ARGW1=GR,ARGW2=GR
-	bl fprintf,%r2
-	ldo RR'L$C0000(%r25),%r25
-	.CALL 
-	bl abort,%r2
-	nop
-L$0052
-	comb,>> %r5,%r3,L$0053
-	subi 32,%r24,%r24
-	sub %r3,%r5,%r3
-L$0053
-	comib,= 0,%r24,L$0054
-	subi 31,%r24,%r19
-	mtsar %r19
-	zvdep %r5,32,%r5
-	zvdep %r3,32,%r21
-	subi 32,%r24,%r20
-	mtsar %r20
-	vshd 0,%r4,%r20
-	or %r21,%r20,%r3
-	mtsar %r19
-	zvdep %r4,32,%r4
-L$0054
-	extru %r5,15,16,%r23
-	extru %r5,31,16,%r28
-L$0055
-	extru %r3,15,16,%r19
-	comb,<> %r23,%r19,L$0058
-	copy %r3,%r26
-	bl L$0059,0
-	zdepi -1,31,16,%r29
-L$0058
-	.IMPORT $$divU,MILLICODE
-	bl $$divU,%r31
-	copy %r23,%r25
-L$0059
-	stw %r29,-16(0,%r30)
-	fldws -16(0,%r30),%fr10L
-	stw %r28,-16(0,%r30)
-	fldws -16(0,%r30),%fr10R
-	stw %r23,-16(0,%r30)
-	xmpyu %fr10L,%fr10R,%fr8
-	fldws -16(0,%r30),%fr10R
-	fstws %fr8R,-16(0,%r30)
-	xmpyu %fr10L,%fr10R,%fr9
-	ldw -16(0,%r30),%r8
-	fstws %fr9R,-16(0,%r30)
-	copy %r8,%r22
-	ldw -16(0,%r30),%r8
-	extru %r4,15,16,%r24
-	copy %r8,%r21
-L$0060
-	sub %r3,%r21,%r20
-	copy %r20,%r19
-	depi 0,31,16,%r19
-	comib,<> 0,%r19,L$0061
-	zdep %r20,15,16,%r19
-	addl %r19,%r24,%r19
-	comb,>>= %r19,%r22,L$0061
-	sub %r22,%r28,%r22
-	sub %r21,%r23,%r21
-	bl L$0060,0
-	ldo -1(%r29),%r29
-L$0061
-	stw %r29,-16(0,%r30)
-	fldws -16(0,%r30),%fr10L
-	stw %r28,-16(0,%r30)
-	fldws -16(0,%r30),%fr10R
-	xmpyu %fr10L,%fr10R,%fr8
-	fstws %fr8R,-16(0,%r30)
-	ldw -16(0,%r30),%r8
-	stw %r23,-16(0,%r30)
-	fldws -16(0,%r30),%fr10R
-	copy %r8,%r19
-	xmpyu %fr10L,%fr10R,%fr8
-	fstws %fr8R,-16(0,%r30)
-	extru %r19,15,16,%r20
-	ldw -16(0,%r30),%r8
-	zdep %r19,15,16,%r19
-	addl %r8,%r20,%r20
-	comclr,<<= %r19,%r4,0
-	addi 1,%r20,%r20
-	comb,<<= %r20,%r3,L$0066
-	sub %r4,%r19,%r4
-	addl %r3,%r5,%r3
-	ldo -1(%r29),%r29
-L$0066
-	addib,= -1,%r6,L$0056
-	sub %r3,%r20,%r3
-	zdep %r29,15,16,%r7
-	shd %r3,%r4,16,%r3
-	bl L$0055,0
-	zdep %r4,15,16,%r4
-L$0056
-	or %r7,%r29,%r28
-L$0068
-	ldw -148(0,%r30),%r2
-	ldw -124(0,%r30),%r7
-	ldw -120(0,%r30),%r6
-	ldw -116(0,%r30),%r5
-	ldw -112(0,%r30),%r4
-	ldw -108(0,%r30),%r3
-	bv 0(%r2)
-	ldwm -128(0,%r30),%r8
-	.EXIT
-	.PROCEND
+	.CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+	.EXPORT	bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .ENTRY
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+
+	;
+	; Zero out carries
+	;
+	COPY     %r0,c1
+	COPY     %r0,c2
+	COPY     %r0,c3
+
+	LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+	;
+	; Load up all of the values we are going to use
+	;
+    FLDD     0(a_ptr),a0       
+    FLDD     8(a_ptr),a1       
+    FLDD    16(a_ptr),a2       
+    FLDD    24(a_ptr),a3       
+    FLDD    32(a_ptr),a4       
+    FLDD    40(a_ptr),a5       
+    FLDD    48(a_ptr),a6       
+    FLDD    56(a_ptr),a7       
+
+	SQR_ADD_C a0L,a0R,c1,c2,c3
+	STD     c1,0(r_ptr)          ; r[0] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
+	STD     c2,8(r_ptr)          ; r[1] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C a1L,a1R,c3,c1,c2
+	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
+	STD     c3,16(r_ptr)            ; r[2] = c3;
+	COPY    %r0,c3
+
+	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
+	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
+	STD     c1,24(r_ptr)           ; r[3] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C a2L,a2R,c2,c3,c1
+	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
+	SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1
+	STD     c2,32(r_ptr)          ; r[4] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2
+	SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2
+	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
+	STD     c3,40(r_ptr)          ; r[5] = c3;
+	COPY    %r0,c3
+
+	SQR_ADD_C a3L,a3R,c1,c2,c3
+	SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3
+	SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3
+	SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3
+	STD     c1,48(r_ptr)          ; r[6] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1
+	SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1
+	SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1
+	SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1
+	STD     c2,56(r_ptr)          ; r[7] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C a4L,a4R,c3,c1,c2
+	SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2
+	SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2
+	SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2
+	STD     c3,64(r_ptr)          ; r[8] = c3;
+	COPY    %r0,c3
+
+	SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3
+	SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3
+	SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3
+	STD     c1,72(r_ptr)          ; r[9] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C a5L,a5R,c2,c3,c1
+	SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1
+	SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1
+	STD     c2,80(r_ptr)          ; r[10] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2
+	SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2
+	STD     c3,88(r_ptr)          ; r[11] = c3;
+	COPY    %r0,c3
+	
+	SQR_ADD_C a6L,a6R,c1,c2,c3
+	SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3
+	STD     c1,96(r_ptr)          ; r[12] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1
+	STD     c2,104(r_ptr)         ; r[13] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C a7L,a7R,c3,c1,c2
+	STD     c3, 112(r_ptr)       ; r[14] = c3
+	STD     c1, 120(r_ptr)       ; r[15] = c1
+
+    .EXIT
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+	.PROCEND	
+
+;-----------------------------------------------------------------------------
+;
+;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+; arg0 = r_ptr
+; arg1 = a_ptr
+;
+
+bn_sqr_comba4
+	.proc
+	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+	.EXPORT	bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+	.align 64
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+
+	;
+	; Zero out carries
+	;
+	COPY     %r0,c1
+	COPY     %r0,c2
+	COPY     %r0,c3
+
+	LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+	;
+	; Load up all of the values we are going to use
+	;
+    FLDD     0(a_ptr),a0       
+    FLDD     8(a_ptr),a1       
+    FLDD    16(a_ptr),a2       
+    FLDD    24(a_ptr),a3       
+    FLDD    32(a_ptr),a4       
+    FLDD    40(a_ptr),a5       
+    FLDD    48(a_ptr),a6       
+    FLDD    56(a_ptr),a7       
+
+	SQR_ADD_C a0L,a0R,c1,c2,c3
+
+	STD     c1,0(r_ptr)          ; r[0] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
+
+	STD     c2,8(r_ptr)          ; r[1] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C a1L,a1R,c3,c1,c2
+	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
+
+	STD     c3,16(r_ptr)            ; r[2] = c3;
+	COPY    %r0,c3
+
+	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
+	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
+
+	STD     c1,24(r_ptr)           ; r[3] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C a2L,a2R,c2,c3,c1
+	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
+
+	STD     c2,32(r_ptr)           ; r[4] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
+	STD     c3,40(r_ptr)           ; r[5] = c3;
+	COPY    %r0,c3
+
+	SQR_ADD_C a3L,a3R,c1,c2,c3
+	STD     c1,48(r_ptr)           ; r[6] = c1;
+	STD     c2,56(r_ptr)           ; r[7] = c2;
+
+    .EXIT
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+	.PROCEND	
+
+
+;---------------------------------------------------------------------------
+
+MUL_ADD_C  .macro  A0L,A0R,B0L,B0R,C1,C2,C3
+    XMPYU   A0L,B0R,ftemp1        ; m1 = bl*ht
+    FSTD    ftemp1,-16(%sp)       ;
+    XMPYU   A0R,B0L,ftemp2        ; m = bh*lt
+    FSTD    ftemp2,-8(%sp)        ;
+    XMPYU   A0R,B0R,ftemp3        ; lt = bl*lt
+    FSTD    ftemp3,-32(%sp)
+    XMPYU   A0L,B0L,ftemp4        ; ht = bh*ht
+    FSTD    ftemp4,-24(%sp)       ;
+
+    LDD     -8(%sp),m             ; r21 = m
+    LDD     -16(%sp),m1           ; r19 = m1
+    ADD,L   m,m1,m                ; m+m1
+
+    DEPD,Z  m,31,32,temp3         ; (m+m1<<32)
+    LDD     -24(%sp),ht           ; r24 = ht
+
+    CMPCLR,*>>= m,m1,%r0          ; if (m < m1)
+    ADD,L   ht,high_one,ht        ; ht+=high_one
+
+    EXTRD,U m,31,32,temp1         ; m >> 32
+    LDD     -32(%sp),lt           ; lt
+    ADD,L   ht,temp1,ht           ; ht+= m>>32
+    ADD     lt,temp3,lt           ; lt = lt+m1
+    ADD,DC  ht,%r0,ht             ; ht++
+
+    ADD     C1,lt,C1              ; c1=c1+lt
+    ADD,DC  ht,%r0,ht             ; bump c3 if overflow,nullify otherwise
+
+    ADD     C2,ht,C2              ; c2 = c2 + ht
+    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
+.endm
+
+
+;
+;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = b_ptr
+;
+
+bn_mul_comba8
+	.proc
+	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+	.EXPORT	bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+    FSTD    %fr12,32(%sp)       ; save r6
+    FSTD    %fr13,40(%sp)       ; save r7
+
+	;
+	; Zero out carries
+	;
+	COPY     %r0,c1
+	COPY     %r0,c2
+	COPY     %r0,c3
+
+	LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+	;
+	; Load up all of the values we are going to use
+	;
+    FLDD      0(a_ptr),a0       
+    FLDD      8(a_ptr),a1       
+    FLDD     16(a_ptr),a2       
+    FLDD     24(a_ptr),a3       
+    FLDD     32(a_ptr),a4       
+    FLDD     40(a_ptr),a5       
+    FLDD     48(a_ptr),a6       
+    FLDD     56(a_ptr),a7       
+
+    FLDD      0(b_ptr),b0       
+    FLDD      8(b_ptr),b1       
+    FLDD     16(b_ptr),b2       
+    FLDD     24(b_ptr),b3       
+    FLDD     32(b_ptr),b4       
+    FLDD     40(b_ptr),b5       
+    FLDD     48(b_ptr),b6       
+    FLDD     56(b_ptr),b7       
+
+	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
+	STD       c1,0(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
+	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
+	STD       c2,8(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
+	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
+	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
+	STD       c3,16(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
+	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
+	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
+	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
+	STD       c1,24(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1
+	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
+	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
+	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
+	MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1
+	STD       c2,32(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2
+	MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2
+	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
+	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
+	MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2
+	MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2
+	STD       c3,40(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3
+	MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3
+	MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3
+	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
+	MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3
+	MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3
+	MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3
+	STD       c1,48(r_ptr)
+	COPY      %r0,c1
+	
+	MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1
+	MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1
+	MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1
+	MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1
+	MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1
+	MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1
+	MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1
+	MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1
+	STD       c2,56(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2
+	MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2
+	MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2
+	MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2
+	MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2
+	MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2
+	MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2
+	STD       c3,64(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3
+	MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3
+	MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3
+	MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3
+	MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3
+	MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3
+	STD       c1,72(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1
+	MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1
+	MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1
+	MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1
+	MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1
+	STD       c2,80(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2
+	MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2
+	MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2
+	MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2
+	STD       c3,88(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3
+	MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3
+	MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3
+	STD       c1,96(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1
+	MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1
+	STD       c2,104(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2
+	STD       c3,112(r_ptr)
+	STD       c1,120(r_ptr)
+
+    .EXIT
+    FLDD    -88(%sp),%fr13 
+    FLDD    -96(%sp),%fr12 
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+	.PROCEND	
+
+;-----------------------------------------------------------------------------
+;
+;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = b_ptr
+;
+
+bn_mul_comba4
+	.proc
+	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+	.EXPORT	bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+    FSTD    %fr12,32(%sp)       ; save r6
+    FSTD    %fr13,40(%sp)       ; save r7
+
+	;
+	; Zero out carries
+	;
+	COPY     %r0,c1
+	COPY     %r0,c2
+	COPY     %r0,c3
+
+	LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+	;
+	; Load up all of the values we are going to use
+	;
+    FLDD      0(a_ptr),a0       
+    FLDD      8(a_ptr),a1       
+    FLDD     16(a_ptr),a2       
+    FLDD     24(a_ptr),a3       
+
+    FLDD      0(b_ptr),b0       
+    FLDD      8(b_ptr),b1       
+    FLDD     16(b_ptr),b2       
+    FLDD     24(b_ptr),b3       
+
+	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
+	STD       c1,0(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
+	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
+	STD       c2,8(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
+	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
+	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
+	STD       c3,16(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
+	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
+	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
+	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
+	STD       c1,24(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
+	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
+	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
+	STD       c2,32(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
+	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
+	STD       c3,40(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
+	STD       c1,48(r_ptr)
+	STD       c2,56(r_ptr)
+
+    .EXIT
+    FLDD    -88(%sp),%fr13 
+    FLDD    -96(%sp),%fr12 
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+	.PROCEND	
+
+
+	.SPACE	$TEXT$
+	.SUBSPA	$CODE$
+	.SPACE	$PRIVATE$,SORT=16
+	.IMPORT	$global$,DATA
+	.SPACE	$TEXT$
+	.SUBSPA	$CODE$
+	.SUBSPA	$LIT$,ACCESS=0x2c
+C$7
+	.ALIGN	8
+	.STRINGZ	"Division would overflow (%d)\n"
+	.END
diff --git a/crypto/bn/asm/pa-risc2.s.old b/crypto/bn/asm/pa-risc2.s.old
new file mode 100644
index 0000000000..c2725996a4
--- /dev/null
+++ b/crypto/bn/asm/pa-risc2.s.old
@@ -0,0 +1,416 @@
+	.SPACE $PRIVATE$
+	.SUBSPA $DATA$,QUAD=1,ALIGN=8,ACCESS=31
+	.SUBSPA $BSS$,QUAD=1,ALIGN=8,ACCESS=31,ZERO,SORT=82
+	.SPACE $TEXT$
+	.SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=44
+	.SUBSPA $CODE$,QUAD=0,ALIGN=8,ACCESS=44,CODE_ONLY
+	.IMPORT $global$,DATA
+	.IMPORT $$dyncall,MILLICODE
+; gcc_compiled.:
+	.SPACE $TEXT$
+	.SUBSPA $CODE$
+
+	.align 4
+	.EXPORT bn_mul_add_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+bn_mul_add_words
+	.PROC
+	.CALLINFO FRAME=64,CALLS,SAVE_RP,ENTRY_GR=4
+	.ENTRY
+	stw %r2,-20(0,%r30)
+	stwm %r4,64(0,%r30)
+	copy %r24,%r31
+	stw %r3,-60(0,%r30)
+	ldi 0,%r20
+	ldo 12(%r26),%r2
+	stw %r23,-16(0,%r30)
+	copy %r25,%r3
+	ldo 12(%r3),%r1
+	fldws -16(0,%r30),%fr8L
+L$0010
+	copy %r20,%r25
+	ldi 0,%r24
+	fldws 0(0,%r3),%fr9L
+	ldw 0(0,%r26),%r19
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r19,%r23
+	ldw -16(0,%r30),%r28
+	ldw -12(0,%r30),%r29
+	ldi 0,%r22
+	add %r23,%r29,%r29
+	addc %r22,%r28,%r28
+	add %r25,%r29,%r29
+	addc %r24,%r28,%r28
+	copy %r28,%r21
+	ldi 0,%r20
+	copy %r21,%r20
+	addib,= -1,%r31,L$0011
+	stw %r29,0(0,%r26)
+	copy %r20,%r25
+	ldi 0,%r24
+	fldws -8(0,%r1),%fr9L
+	ldw -8(0,%r2),%r19
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r19,%r23
+	ldw -16(0,%r30),%r28
+	ldw -12(0,%r30),%r29
+	ldi 0,%r22
+	add %r23,%r29,%r29
+	addc %r22,%r28,%r28
+	add %r25,%r29,%r29
+	addc %r24,%r28,%r28
+	copy %r28,%r21
+	ldi 0,%r20
+	copy %r21,%r20
+	addib,= -1,%r31,L$0011
+	stw %r29,-8(0,%r2)
+	copy %r20,%r25
+	ldi 0,%r24
+	fldws -4(0,%r1),%fr9L
+	ldw -4(0,%r2),%r19
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r19,%r23
+	ldw -16(0,%r30),%r28
+	ldw -12(0,%r30),%r29
+	ldi 0,%r22
+	add %r23,%r29,%r29
+	addc %r22,%r28,%r28
+	add %r25,%r29,%r29
+	addc %r24,%r28,%r28
+	copy %r28,%r21
+	ldi 0,%r20
+	copy %r21,%r20
+	addib,= -1,%r31,L$0011
+	stw %r29,-4(0,%r2)
+	copy %r20,%r25
+	ldi 0,%r24
+	fldws 0(0,%r1),%fr9L
+	ldw 0(0,%r2),%r19
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r19,%r23
+	ldw -16(0,%r30),%r28
+	ldw -12(0,%r30),%r29
+	ldi 0,%r22
+	add %r23,%r29,%r29
+	addc %r22,%r28,%r28
+	add %r25,%r29,%r29
+	addc %r24,%r28,%r28
+	copy %r28,%r21
+	ldi 0,%r20
+	copy %r21,%r20
+	addib,= -1,%r31,L$0011
+	stw %r29,0(0,%r2)
+	ldo 16(%r1),%r1
+	ldo 16(%r3),%r3
+	ldo 16(%r2),%r2
+	bl L$0010,0
+	ldo 16(%r26),%r26
+L$0011
+	copy %r20,%r28
+	ldw -84(0,%r30),%r2
+	ldw -60(0,%r30),%r3
+	bv 0(%r2)
+	ldwm -64(0,%r30),%r4
+	.EXIT
+	.PROCEND
+	.align 4
+	.EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR
+bn_mul_words
+	.PROC
+	.CALLINFO FRAME=64,CALLS,SAVE_RP,ENTRY_GR=3
+	.ENTRY
+	stw %r2,-20(0,%r30)
+	copy %r25,%r2
+	stwm %r4,64(0,%r30)
+	copy %r24,%r19
+	ldi 0,%r28
+	stw %r23,-16(0,%r30)
+	ldo 12(%r26),%r31
+	ldo 12(%r2),%r29
+	fldws -16(0,%r30),%fr8L
+L$0026
+	fldws 0(0,%r2),%fr9L
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r28,%r21
+	ldi 0,%r20
+	ldw -16(0,%r30),%r24
+	ldw -12(0,%r30),%r25
+	add %r21,%r25,%r25
+	addc %r20,%r24,%r24
+	copy %r24,%r23
+	ldi 0,%r22
+	copy %r23,%r28
+	addib,= -1,%r19,L$0027
+	stw %r25,0(0,%r26)
+	fldws -8(0,%r29),%fr9L
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r28,%r21
+	ldi 0,%r20
+	ldw -16(0,%r30),%r24
+	ldw -12(0,%r30),%r25
+	add %r21,%r25,%r25
+	addc %r20,%r24,%r24
+	copy %r24,%r23
+	ldi 0,%r22
+	copy %r23,%r28
+	addib,= -1,%r19,L$0027
+	stw %r25,-8(0,%r31)
+	fldws -4(0,%r29),%fr9L
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r28,%r21
+	ldi 0,%r20
+	ldw -16(0,%r30),%r24
+	ldw -12(0,%r30),%r25
+	add %r21,%r25,%r25
+	addc %r20,%r24,%r24
+	copy %r24,%r23
+	ldi 0,%r22
+	copy %r23,%r28
+	addib,= -1,%r19,L$0027
+	stw %r25,-4(0,%r31)
+	fldws 0(0,%r29),%fr9L
+	xmpyu %fr8L,%fr9L,%fr9
+	fstds %fr9,-16(0,%r30)
+	copy %r28,%r21
+	ldi 0,%r20
+	ldw -16(0,%r30),%r24
+	ldw -12(0,%r30),%r25
+	add %r21,%r25,%r25
+	addc %r20,%r24,%r24
+	copy %r24,%r23
+	ldi 0,%r22
+	copy %r23,%r28
+	addib,= -1,%r19,L$0027
+	stw %r25,0(0,%r31)
+	ldo 16(%r29),%r29
+	ldo 16(%r2),%r2
+	ldo 16(%r31),%r31
+	bl L$0026,0
+	ldo 16(%r26),%r26
+L$0027
+	ldw -84(0,%r30),%r2
+	bv 0(%r2)
+	ldwm -64(0,%r30),%r4
+	.EXIT
+	.PROCEND
+	.align 4
+	.EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR
+bn_sqr_words
+	.PROC
+	.CALLINFO FRAME=0,NO_CALLS
+	.ENTRY
+	ldo 28(%r26),%r19
+	ldo 12(%r25),%r28
+L$0042
+	fldws 0(0,%r25),%fr8L
+	fldws 0(0,%r25),%fr8R
+	xmpyu %fr8L,%fr8R,%fr8
+	fstds %fr8,-16(0,%r30)
+	ldw -16(0,%r30),%r22
+	ldw -12(0,%r30),%r23
+	stw %r23,0(0,%r26)
+	copy %r22,%r21
+	ldi 0,%r20
+	addib,= -1,%r24,L$0049
+	stw %r21,-24(0,%r19)
+	fldws -8(0,%r28),%fr8L
+	fldws -8(0,%r28),%fr8R
+	xmpyu %fr8L,%fr8R,%fr8
+	fstds %fr8,-16(0,%r30)
+	ldw -16(0,%r30),%r22
+	ldw -12(0,%r30),%r23
+	stw %r23,-20(0,%r19)
+	copy %r22,%r21
+	ldi 0,%r20
+	addib,= -1,%r24,L$0049
+	stw %r21,-16(0,%r19)
+	fldws -4(0,%r28),%fr8L
+	fldws -4(0,%r28),%fr8R
+	xmpyu %fr8L,%fr8R,%fr8
+	fstds %fr8,-16(0,%r30)
+	ldw -16(0,%r30),%r22
+	ldw -12(0,%r30),%r23
+	stw %r23,-12(0,%r19)
+	copy %r22,%r21
+	ldi 0,%r20
+	addib,= -1,%r24,L$0049
+	stw %r21,-8(0,%r19)
+	fldws 0(0,%r28),%fr8L
+	fldws 0(0,%r28),%fr8R
+	xmpyu %fr8L,%fr8R,%fr8
+	fstds %fr8,-16(0,%r30)
+	ldw -16(0,%r30),%r22
+	ldw -12(0,%r30),%r23
+	stw %r23,-4(0,%r19)
+	copy %r22,%r21
+	ldi 0,%r20
+	addib,= -1,%r24,L$0049
+	stw %r21,0(0,%r19)
+	ldo 16(%r28),%r28
+	ldo 16(%r25),%r25
+	ldo 32(%r19),%r19
+	bl L$0042,0
+	ldo 32(%r26),%r26
+L$0049
+	bv,n 0(%r2)
+	.EXIT
+	.PROCEND
+	.IMPORT BN_num_bits_word,CODE
+	.IMPORT fprintf,CODE
+	.IMPORT __iob,DATA
+	.SPACE $TEXT$
+	.SUBSPA $LIT$
+
+	.align 4
+L$C0000
+	.STRING "Division would overflow (%d)\x0a\x00"
+	.IMPORT abort,CODE
+	.SPACE $TEXT$
+	.SUBSPA $CODE$
+
+	.align 4
+	.EXPORT bn_div64,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR
+bn_div64
+	.PROC
+	.CALLINFO FRAME=128,CALLS,SAVE_RP,ENTRY_GR=8
+	.ENTRY
+	stw %r2,-20(0,%r30)
+	stwm %r8,128(0,%r30)
+	stw %r7,-124(0,%r30)
+	stw %r4,-112(0,%r30)
+	stw %r3,-108(0,%r30)
+	copy %r26,%r3
+	copy %r25,%r4
+	stw %r6,-120(0,%r30)
+	ldi 0,%r7
+	stw %r5,-116(0,%r30)
+	movb,<> %r24,%r5,L$0051
+	ldi 2,%r6
+	bl L$0068,0
+	ldi -1,%r28
+L$0051
+	.CALL ARGW0=GR
+	bl BN_num_bits_word,%r2
+	copy %r5,%r26
+	copy %r28,%r24
+	ldi 32,%r19
+	comb,= %r19,%r24,L$0052
+	subi 31,%r24,%r19
+	mtsar %r19
+	zvdepi 1,32,%r19
+	comb,>>= %r19,%r3,L$0052
+	addil LR'__iob-$global$+32,%r27
+	ldo RR'__iob-$global$+32(%r1),%r26
+	ldil LR'L$C0000,%r25
+	.CALL ARGW0=GR,ARGW1=GR,ARGW2=GR
+	bl fprintf,%r2
+	ldo RR'L$C0000(%r25),%r25
+	.CALL 
+	bl abort,%r2
+	nop
+L$0052
+	comb,>> %r5,%r3,L$0053
+	subi 32,%r24,%r24
+	sub %r3,%r5,%r3
+L$0053
+	comib,= 0,%r24,L$0054
+	subi 31,%r24,%r19
+	mtsar %r19
+	zvdep %r5,32,%r5
+	zvdep %r3,32,%r21
+	subi 32,%r24,%r20
+	mtsar %r20
+	vshd 0,%r4,%r20
+	or %r21,%r20,%r3
+	mtsar %r19
+	zvdep %r4,32,%r4
+L$0054
+	extru %r5,15,16,%r23
+	extru %r5,31,16,%r28
+L$0055
+	extru %r3,15,16,%r19
+	comb,<> %r23,%r19,L$0058
+	copy %r3,%r26
+	bl L$0059,0
+	zdepi -1,31,16,%r29
+L$0058
+	.IMPORT $$divU,MILLICODE
+	bl $$divU,%r31
+	copy %r23,%r25
+L$0059
+	stw %r29,-16(0,%r30)
+	fldws -16(0,%r30),%fr10L
+	stw %r28,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	stw %r23,-16(0,%r30)
+	xmpyu %fr10L,%fr10R,%fr8
+	fldws -16(0,%r30),%fr10R
+	fstws %fr8R,-16(0,%r30)
+	xmpyu %fr10L,%fr10R,%fr9
+	ldw -16(0,%r30),%r8
+	fstws %fr9R,-16(0,%r30)
+	copy %r8,%r22
+	ldw -16(0,%r30),%r8
+	extru %r4,15,16,%r24
+	copy %r8,%r21
+L$0060
+	sub %r3,%r21,%r20
+	copy %r20,%r19
+	depi 0,31,16,%r19
+	comib,<> 0,%r19,L$0061
+	zdep %r20,15,16,%r19
+	addl %r19,%r24,%r19
+	comb,>>= %r19,%r22,L$0061
+	sub %r22,%r28,%r22
+	sub %r21,%r23,%r21
+	bl L$0060,0
+	ldo -1(%r29),%r29
+L$0061
+	stw %r29,-16(0,%r30)
+	fldws -16(0,%r30),%fr10L
+	stw %r28,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	xmpyu %fr10L,%fr10R,%fr8
+	fstws %fr8R,-16(0,%r30)
+	ldw -16(0,%r30),%r8
+	stw %r23,-16(0,%r30)
+	fldws -16(0,%r30),%fr10R
+	copy %r8,%r19
+	xmpyu %fr10L,%fr10R,%fr8
+	fstws %fr8R,-16(0,%r30)
+	extru %r19,15,16,%r20
+	ldw -16(0,%r30),%r8
+	zdep %r19,15,16,%r19
+	addl %r8,%r20,%r20
+	comclr,<<= %r19,%r4,0
+	addi 1,%r20,%r20
+	comb,<<= %r20,%r3,L$0066
+	sub %r4,%r19,%r4
+	addl %r3,%r5,%r3
+	ldo -1(%r29),%r29
+L$0066
+	addib,= -1,%r6,L$0056
+	sub %r3,%r20,%r3
+	zdep %r29,15,16,%r7
+	shd %r3,%r4,16,%r3
+	bl L$0055,0
+	zdep %r4,15,16,%r4
+L$0056
+	or %r7,%r29,%r28
+L$0068
+	ldw -148(0,%r30),%r2
+	ldw -124(0,%r30),%r7
+	ldw -120(0,%r30),%r6
+	ldw -116(0,%r30),%r5
+	ldw -112(0,%r30),%r4
+	ldw -108(0,%r30),%r3
+	bv 0(%r2)
+	ldwm -128(0,%r30),%r8
+	.EXIT
+	.PROCEND
diff --git a/crypto/bn/asm/pa-risc2W.s b/crypto/bn/asm/pa-risc2W.s
new file mode 100644
index 0000000000..a99545754d
--- /dev/null
+++ b/crypto/bn/asm/pa-risc2W.s
@@ -0,0 +1,1605 @@
+;
+; PA-RISC 64-bit implementation of bn_asm code
+;
+; This code is approximately 2x faster than the C version
+; for RSA/DSA.
+;
+; See http://devresource.hp.com/  for more details on the PA-RISC
+; architecture.  Also see the book "PA-RISC 2.0 Architecture"
+; by Gerry Kane for information on the instruction set architecture.
+;
+; Code written by Chris Ruemmler (with some help from the HP C
+; compiler).
+;
+; The code compiles with HP's assembler
+;
+
+	.level	2.0W
+	.space	$TEXT$
+	.subspa	$CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY
+
+;
+; Global Register definitions used for the routines.
+;
+; Some information about HP's runtime architecture for 64-bits.
+;
+; "Caller save" means the calling function must save the register
+; if it wants the register to be preserved.
+; "Callee save" means if a function uses the register, it must save
+; the value before using it.
+;
+; For the floating point registers 
+;
+;    "caller save" registers: fr4-fr11, fr22-fr31
+;    "callee save" registers: fr12-fr21
+;    "special" registers: fr0-fr3 (status and exception registers)
+;
+; For the integer registers
+;     value zero             :  r0
+;     "caller save" registers: r1,r19-r26
+;     "callee save" registers: r3-r18
+;     return register        :  r2  (rp)
+;     return values          ; r28  (ret0,ret1)
+;     Stack pointer          ; r30  (sp) 
+;     global data pointer    ; r27  (dp)
+;     argument pointer       ; r29  (ap)
+;     millicode return ptr   ; r31  (also a caller save register)
+
+
+;
+; Arguments to the routines
+;
+r_ptr       .reg %r26
+a_ptr       .reg %r25
+b_ptr       .reg %r24
+num         .reg %r24
+w           .reg %r23
+n           .reg %r23
+
+
+;
+; Globals used in some routines
+;
+
+top_overflow .reg %r29
+high_mask    .reg %r22    ; value 0xffffffff80000000L
+
+
+;------------------------------------------------------------------------------
+;
+; bn_mul_add_words
+;
+;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr, 
+;								int num, BN_ULONG w)
+;
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = num
+; arg3 = w
+;
+; Local register definitions
+;
+
+fm1          .reg %fr22
+fm           .reg %fr23
+ht_temp      .reg %fr24
+ht_temp_1    .reg %fr25
+lt_temp      .reg %fr26
+lt_temp_1    .reg %fr27
+fm1_1        .reg %fr28
+fm_1         .reg %fr29
+
+fw_h         .reg %fr7L
+fw_l         .reg %fr7R
+fw           .reg %fr7
+
+fht_0        .reg %fr8L
+flt_0        .reg %fr8R
+t_float_0    .reg %fr8
+
+fht_1        .reg %fr9L
+flt_1        .reg %fr9R
+t_float_1    .reg %fr9
+
+tmp_0        .reg %r31
+tmp_1        .reg %r21
+m_0          .reg %r20 
+m_1          .reg %r19 
+ht_0         .reg %r1  
+ht_1         .reg %r3
+lt_0         .reg %r4
+lt_1         .reg %r5
+m1_0         .reg %r6 
+m1_1         .reg %r7 
+rp_val       .reg %r8
+rp_val_1     .reg %r9
+
+bn_mul_add_words
+	.export	bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN
+	.proc
+	.callinfo frame=128
+    .entry
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+	NOP                         ; Needed to make the loop 16-byte aligned
+	NOP                         ; Needed to make the loop 16-byte aligned
+
+    STD     %r5,16(%sp)         ; save r5  
+    STD     %r6,24(%sp)         ; save r6  
+    STD     %r7,32(%sp)         ; save r7  
+    STD     %r8,40(%sp)         ; save r8  
+
+    STD     %r9,48(%sp)         ; save r9  
+    COPY    %r0,%ret0           ; return 0 by default
+    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
+	STD     w,56(%sp)           ; store w on stack
+
+    CMPIB,>= 0,num,bn_mul_add_words_exit  ; if (num <= 0) then exit
+	LDO     128(%sp),%sp       ; bump stack
+
+	;
+	; The loop is unrolled twice, so if there is only 1 number
+    ; then go straight to the cleanup code.
+	;
+	CMPIB,= 1,num,bn_mul_add_words_single_top
+	FLDD    -72(%sp),fw     ; load up w into fp register fw (fw_h/fw_l)
+
+	;
+	; This loop is unrolled 2 times (64-byte aligned as well)
+	;
+	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
+    ; two 32-bit mutiplies can be issued per cycle.
+    ; 
+bn_mul_add_words_unroll2
+
+    FLDD    0(a_ptr),t_float_0       ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    FLDD    8(a_ptr),t_float_1       ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    LDD     0(r_ptr),rp_val          ; rp[0]
+    LDD     8(r_ptr),rp_val_1        ; rp[1]
+
+    XMPYU   fht_0,fw_l,fm1           ; m1[0] = fht_0*fw_l
+    XMPYU   fht_1,fw_l,fm1_1         ; m1[1] = fht_1*fw_l
+    FSTD    fm1,-16(%sp)             ; -16(sp) = m1[0]
+    FSTD    fm1_1,-48(%sp)           ; -48(sp) = m1[1]
+
+    XMPYU   flt_0,fw_h,fm            ; m[0] = flt_0*fw_h
+    XMPYU   flt_1,fw_h,fm_1          ; m[1] = flt_1*fw_h
+    FSTD    fm,-8(%sp)               ; -8(sp) = m[0]
+    FSTD    fm_1,-40(%sp)            ; -40(sp) = m[1]
+
+    XMPYU   fht_0,fw_h,ht_temp       ; ht_temp   = fht_0*fw_h
+    XMPYU   fht_1,fw_h,ht_temp_1     ; ht_temp_1 = fht_1*fw_h
+    FSTD    ht_temp,-24(%sp)         ; -24(sp)   = ht_temp
+    FSTD    ht_temp_1,-56(%sp)       ; -56(sp)   = ht_temp_1
+
+    XMPYU   flt_0,fw_l,lt_temp       ; lt_temp = lt*fw_l
+    XMPYU   flt_1,fw_l,lt_temp_1     ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)         ; -32(sp) = lt_temp 
+    FSTD    lt_temp_1,-64(%sp)       ; -64(sp) = lt_temp_1 
+
+    LDD     -8(%sp),m_0              ; m[0] 
+    LDD     -40(%sp),m_1             ; m[1]
+    LDD     -16(%sp),m1_0            ; m1[0]
+    LDD     -48(%sp),m1_1            ; m1[1]
+
+    LDD     -24(%sp),ht_0            ; ht[0]
+    LDD     -56(%sp),ht_1            ; ht[1]
+    ADD,L   m1_0,m_0,tmp_0           ; tmp_0 = m[0] + m1[0]; 
+    ADD,L   m1_1,m_1,tmp_1           ; tmp_1 = m[1] + m1[1]; 
+
+    LDD     -32(%sp),lt_0            
+    LDD     -64(%sp),lt_1            
+    CMPCLR,*>>= tmp_0,m1_0, %r0      ; if (m[0] < m1[0])
+    ADD,L   ht_0,top_overflow,ht_0   ; ht[0] += (1<<32)
+
+    CMPCLR,*>>= tmp_1,m1_1,%r0       ; if (m[1] < m1[1])
+    ADD,L   ht_1,top_overflow,ht_1   ; ht[1] += (1<<32)
+    EXTRD,U tmp_0,31,32,m_0          ; m[0]>>32  
+    DEPD,Z  tmp_0,31,32,m1_0         ; m1[0] = m[0]<<32 
+
+    EXTRD,U tmp_1,31,32,m_1          ; m[1]>>32  
+    DEPD,Z  tmp_1,31,32,m1_1         ; m1[1] = m[1]<<32 
+    ADD,L   ht_0,m_0,ht_0            ; ht[0]+= (m[0]>>32)
+    ADD,L   ht_1,m_1,ht_1            ; ht[1]+= (m[1]>>32)
+
+    ADD     lt_0,m1_0,lt_0           ; lt[0] = lt[0]+m1[0];
+	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+    ADD     lt_1,m1_1,lt_1           ; lt[1] = lt[1]+m1[1];
+    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
+
+    ADD    %ret0,lt_0,lt_0           ; lt[0] = lt[0] + c;
+	ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+    ADD     lt_0,rp_val,lt_0         ; lt[0] = lt[0]+rp[0]
+    ADD,DC  ht_0,%r0,ht_0            ; ht[0]++
+
+	LDO    -2(num),num               ; num = num - 2;
+    ADD     ht_0,lt_1,lt_1           ; lt[1] = lt[1] + ht_0 (c);
+    ADD,DC  ht_1,%r0,ht_1            ; ht[1]++
+    STD     lt_0,0(r_ptr)            ; rp[0] = lt[0]
+
+    ADD     lt_1,rp_val_1,lt_1       ; lt[1] = lt[1]+rp[1]
+    ADD,DC  ht_1,%r0,%ret0           ; ht[1]++
+    LDO     16(a_ptr),a_ptr          ; a_ptr += 2
+
+    STD     lt_1,8(r_ptr)            ; rp[1] = lt[1]
+	CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do
+    LDO     16(r_ptr),r_ptr          ; r_ptr += 2
+
+    CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one
+
+	;
+	; Top of loop aligned on 64-byte boundary
+	;
+bn_mul_add_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    LDD     0(r_ptr),rp_val           ; rp[0]
+    LDO     8(a_ptr),a_ptr            ; a_ptr++
+    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+
+    LDD     -8(%sp),m_0               
+    LDD    -16(%sp),m1_0              ; m1 = temp1 
+    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
+    LDD     -24(%sp),ht_0             
+    LDD     -32(%sp),lt_0             
+
+    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,tmp_0           ; tmp_0 = lt+m1;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+    ADD     %ret0,tmp_0,lt_0          ; lt = lt + c;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+    ADD     lt_0,rp_val,lt_0          ; lt = lt+rp[0]
+    ADD,DC  ht_0,%r0,%ret0            ; ht++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+
+bn_mul_add_words_exit
+    .EXIT
+    LDD     -80(%sp),%r9              ; restore r9  
+    LDD     -88(%sp),%r8              ; restore r8  
+    LDD     -96(%sp),%r7              ; restore r7  
+    LDD     -104(%sp),%r6             ; restore r6  
+    LDD     -112(%sp),%r5             ; restore r5  
+    LDD     -120(%sp),%r4             ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3             ; restore r3
+	.PROCEND	;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w)
+;
+; arg0 = rp
+; arg1 = ap
+; arg2 = num
+; arg3 = w
+
+bn_mul_words
+	.proc
+	.callinfo frame=128
+    .entry
+	.EXPORT	bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+    STD     %r5,16(%sp)         ; save r5  
+    STD     %r6,24(%sp)         ; save r6  
+
+    STD     %r7,32(%sp)         ; save r7  
+    COPY    %r0,%ret0           ; return 0 by default
+    DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32    
+	STD     w,56(%sp)           ; w on stack
+
+    CMPIB,>= 0,num,bn_mul_words_exit
+	LDO     128(%sp),%sp       ; bump stack
+
+	;
+	; See if only 1 word to do, thus just do cleanup
+	;
+	CMPIB,= 1,num,bn_mul_words_single_top
+	FLDD    -72(%sp),fw     ; load up w into fp register fw (fw_h/fw_l)
+
+	;
+	; This loop is unrolled 2 times (64-byte aligned as well)
+	;
+	; PA-RISC 2.0 chips have two fully pipelined multipliers, thus
+    ; two 32-bit mutiplies can be issued per cycle.
+    ; 
+bn_mul_words_unroll2
+
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    FLDD    8(a_ptr),t_float_1        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+    XMPYU   fht_0,fw_l,fm1            ; m1[0] = fht_0*fw_l
+    XMPYU   fht_1,fw_l,fm1_1          ; m1[1] = ht*fw_l
+
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    FSTD    fm1_1,-48(%sp)            ; -48(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    XMPYU   flt_1,fw_h,fm_1           ; m = lt*fw_h
+
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    FSTD    fm_1,-40(%sp)             ; -40(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = fht_0*fw_h
+    XMPYU   fht_1,fw_h,ht_temp_1      ; ht_temp = ht*fw_h
+
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    FSTD    ht_temp_1,-56(%sp)        ; -56(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    XMPYU   flt_1,fw_l,lt_temp_1      ; lt_temp = lt*fw_l
+
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+    FSTD    lt_temp_1,-64(%sp)        ; -64(sp) = lt 
+    LDD     -8(%sp),m_0               
+    LDD     -40(%sp),m_1              
+
+    LDD    -16(%sp),m1_0              
+    LDD    -48(%sp),m1_1              
+    LDD     -24(%sp),ht_0             
+    LDD     -56(%sp),ht_1             
+
+    ADD,L   m1_0,m_0,tmp_0            ; tmp_0 = m + m1; 
+    ADD,L   m1_1,m_1,tmp_1            ; tmp_1 = m + m1; 
+    LDD     -32(%sp),lt_0             
+    LDD     -64(%sp),lt_1             
+
+    CMPCLR,*>>= tmp_0,m1_0, %r0       ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+    CMPCLR,*>>= tmp_1,m1_1,%r0        ; if (m < m1)
+    ADD,L   ht_1,top_overflow,ht_1    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+    EXTRD,U tmp_1,31,32,m_1           ; m>>32  
+    DEPD,Z  tmp_1,31,32,m1_1          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD,L   ht_1,m_1,ht_1             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,lt_0            ; lt = lt+m1;
+	ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     lt_1,m1_1,lt_1            ; lt = lt+m1;
+    ADD,DC  ht_1,%r0,ht_1             ; ht++
+    ADD    %ret0,lt_0,lt_0            ; lt = lt + c (ret0);
+	ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     ht_0,lt_1,lt_1            ; lt = lt + c (ht_0)
+    ADD,DC  ht_1,%r0,ht_1             ; ht++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+    STD     lt_1,8(r_ptr)             ; rp[1] = lt
+
+	COPY    ht_1,%ret0                ; carry = ht
+	LDO    -2(num),num                ; num = num - 2;
+    LDO     16(a_ptr),a_ptr           ; ap += 2
+	CMPIB,<= 2,num,bn_mul_words_unroll2
+    LDO     16(r_ptr),r_ptr           ; rp++
+
+    CMPIB,=,N 0,num,bn_mul_words_exit ; are we done?
+
+	;
+	; Top of loop aligned on 64-byte boundary
+	;
+bn_mul_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+
+    XMPYU   fht_0,fw_l,fm1            ; m1 = ht*fw_l
+    FSTD    fm1,-16(%sp)              ; -16(sp) = m1
+    XMPYU   flt_0,fw_h,fm             ; m = lt*fw_h
+    FSTD    fm,-8(%sp)                ; -8(sp) = m
+    XMPYU   fht_0,fw_h,ht_temp        ; ht_temp = ht*fw_h
+    FSTD    ht_temp,-24(%sp)          ; -24(sp) = ht
+    XMPYU   flt_0,fw_l,lt_temp        ; lt_temp = lt*fw_l
+    FSTD    lt_temp,-32(%sp)          ; -32(sp) = lt 
+
+    LDD     -8(%sp),m_0               
+    LDD    -16(%sp),m1_0              
+    ADD,L   m_0,m1_0,tmp_0            ; tmp_0 = m + m1; 
+    LDD     -24(%sp),ht_0             
+    LDD     -32(%sp),lt_0             
+
+    CMPCLR,*>>= tmp_0,m1_0,%r0        ; if (m < m1)
+    ADD,L   ht_0,top_overflow,ht_0    ; ht += (1<<32)
+
+    EXTRD,U tmp_0,31,32,m_0           ; m>>32  
+    DEPD,Z  tmp_0,31,32,m1_0          ; m1 = m<<32 
+
+    ADD,L   ht_0,m_0,ht_0             ; ht+= (m>>32)
+    ADD     lt_0,m1_0,lt_0            ; lt= lt+m1;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    ADD     %ret0,lt_0,lt_0           ; lt = lt + c;
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    COPY    ht_0,%ret0                ; copy carry
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+
+bn_mul_words_exit
+    .EXIT
+    LDD     -96(%sp),%r7              ; restore r7  
+    LDD     -104(%sp),%r6             ; restore r6  
+    LDD     -112(%sp),%r5             ; restore r5  
+    LDD     -120(%sp),%r4             ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3             ; restore r3
+	.PROCEND	;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num)
+;
+; arg0 = rp
+; arg1 = ap
+; arg2 = num
+;
+
+bn_sqr_words
+	.proc
+	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+	.EXPORT	bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3  
+    STD     %r4,8(%sp)          ; save r4  
+	NOP
+    STD     %r5,16(%sp)         ; save r5  
+
+    CMPIB,>= 0,num,bn_sqr_words_exit
+	LDO     128(%sp),%sp       ; bump stack
+
+	;
+	; If only 1, the goto straight to cleanup
+	;
+	CMPIB,= 1,num,bn_sqr_words_single_top
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+
+	;
+	; This loop is unrolled 2 times (64-byte aligned as well)
+	;
+
+bn_sqr_words_unroll2
+    FLDD    0(a_ptr),t_float_0        ; a[0]
+    FLDD    8(a_ptr),t_float_1        ; a[1]
+    XMPYU   fht_0,flt_0,fm            ; m[0]
+    XMPYU   fht_1,flt_1,fm_1          ; m[1]
+
+    FSTD    fm,-24(%sp)               ; store m[0]
+    FSTD    fm_1,-56(%sp)             ; store m[1]
+    XMPYU   flt_0,flt_0,lt_temp       ; lt[0]
+    XMPYU   flt_1,flt_1,lt_temp_1     ; lt[1]
+
+    FSTD    lt_temp,-16(%sp)          ; store lt[0]
+    FSTD    lt_temp_1,-48(%sp)        ; store lt[1]
+    XMPYU   fht_0,fht_0,ht_temp       ; ht[0]
+    XMPYU   fht_1,fht_1,ht_temp_1     ; ht[1]
+
+    FSTD    ht_temp,-8(%sp)           ; store ht[0]
+    FSTD    ht_temp_1,-40(%sp)        ; store ht[1]
+    LDD     -24(%sp),m_0             
+    LDD     -56(%sp),m_1              
+
+    AND     m_0,high_mask,tmp_0       ; m[0] & Mask
+    AND     m_1,high_mask,tmp_1       ; m[1] & Mask
+    DEPD,Z  m_0,30,31,m_0             ; m[0] << 32+1
+    DEPD,Z  m_1,30,31,m_1             ; m[1] << 32+1
+
+    LDD     -16(%sp),lt_0        
+    LDD     -48(%sp),lt_1        
+    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m[0]&Mask >> 32-1
+    EXTRD,U tmp_1,32,33,tmp_1         ; tmp_1 = m[1]&Mask >> 32-1
+
+    LDD     -8(%sp),ht_0            
+    LDD     -40(%sp),ht_1           
+    ADD,L   ht_0,tmp_0,ht_0           ; ht[0] += tmp_0
+    ADD,L   ht_1,tmp_1,ht_1           ; ht[1] += tmp_1
+
+    ADD     lt_0,m_0,lt_0             ; lt = lt+m
+    ADD,DC  ht_0,%r0,ht_0             ; ht[0]++
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt[0]
+    STD     ht_0,8(r_ptr)             ; rp[1] = ht[1]
+
+    ADD     lt_1,m_1,lt_1             ; lt = lt+m
+    ADD,DC  ht_1,%r0,ht_1             ; ht[1]++
+    STD     lt_1,16(r_ptr)            ; rp[2] = lt[1]
+    STD     ht_1,24(r_ptr)            ; rp[3] = ht[1]
+
+	LDO    -2(num),num                ; num = num - 2;
+    LDO     16(a_ptr),a_ptr           ; ap += 2
+	CMPIB,<= 2,num,bn_sqr_words_unroll2
+    LDO     32(r_ptr),r_ptr           ; rp += 4
+
+    CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done?
+
+	;
+	; Top of loop aligned on 64-byte boundary
+	;
+bn_sqr_words_single_top
+    FLDD    0(a_ptr),t_float_0        ; load up 64-bit value (fr8L) ht(L)/lt(R)
+
+    XMPYU   fht_0,flt_0,fm            ; m
+    FSTD    fm,-24(%sp)               ; store m
+
+    XMPYU   flt_0,flt_0,lt_temp       ; lt
+    FSTD    lt_temp,-16(%sp)          ; store lt
+
+    XMPYU   fht_0,fht_0,ht_temp       ; ht
+    FSTD    ht_temp,-8(%sp)           ; store ht
+
+    LDD     -24(%sp),m_0              ; load m
+    AND     m_0,high_mask,tmp_0       ; m & Mask
+    DEPD,Z  m_0,30,31,m_0             ; m << 32+1
+    LDD     -16(%sp),lt_0             ; lt
+
+    LDD     -8(%sp),ht_0              ; ht
+    EXTRD,U tmp_0,32,33,tmp_0         ; tmp_0 = m&Mask >> 32-1
+    ADD     m_0,lt_0,lt_0             ; lt = lt+m
+    ADD,L   ht_0,tmp_0,ht_0           ; ht += tmp_0
+    ADD,DC  ht_0,%r0,ht_0             ; ht++
+
+    STD     lt_0,0(r_ptr)             ; rp[0] = lt
+    STD     ht_0,8(r_ptr)             ; rp[1] = ht
+
+bn_sqr_words_exit
+    .EXIT
+    LDD     -112(%sp),%r5       ; restore r5  
+    LDD     -120(%sp),%r4       ; restore r4  
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3 
+	.PROCEND	;in=23,24,25,26,29;out=28;
+
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+;
+; arg0 = rp 
+; arg1 = ap
+; arg2 = bp 
+; arg3 = n
+
+t  .reg %r22
+b  .reg %r21
+l  .reg %r20
+
+bn_add_words
+	.proc
+    .entry
+	.callinfo
+	.EXPORT	bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+	.align 64
+
+    CMPIB,>= 0,n,bn_add_words_exit
+    COPY    %r0,%ret0           ; return 0 by default
+
+	;
+	; If 2 or more numbers do the loop
+	;
+	CMPIB,= 1,n,bn_add_words_single_top
+	NOP
+
+	;
+	; This loop is unrolled 2 times (64-byte aligned as well)
+	;
+bn_add_words_unroll2
+	LDD     0(a_ptr),t
+	LDD     0(b_ptr),b
+	ADD     t,%ret0,t                    ; t = t+c;
+	ADD,DC  %r0,%r0,%ret0                ; set c to carry
+	ADD     t,b,l                        ; l = t + b[0]
+	ADD,DC  %ret0,%r0,%ret0              ; c+= carry
+	STD     l,0(r_ptr)
+
+	LDD     8(a_ptr),t
+	LDD     8(b_ptr),b
+	ADD     t,%ret0,t                     ; t = t+c;
+	ADD,DC  %r0,%r0,%ret0                 ; set c to carry
+	ADD     t,b,l                         ; l = t + b[0]
+	ADD,DC  %ret0,%r0,%ret0               ; c+= carry
+	STD     l,8(r_ptr)
+
+	LDO     -2(n),n
+	LDO     16(a_ptr),a_ptr
+	LDO     16(b_ptr),b_ptr
+
+	CMPIB,<= 2,n,bn_add_words_unroll2
+	LDO     16(r_ptr),r_ptr
+
+    CMPIB,=,N 0,n,bn_add_words_exit ; are we done?
+
+bn_add_words_single_top
+	LDD     0(a_ptr),t
+	LDD     0(b_ptr),b
+
+	ADD     t,%ret0,t                 ; t = t+c;
+	ADD,DC  %r0,%r0,%ret0             ; set c to carry (could use CMPCLR??)
+	ADD     t,b,l                     ; l = t + b[0]
+	ADD,DC  %ret0,%r0,%ret0           ; c+= carry
+	STD     l,0(r_ptr)
+
+bn_add_words_exit
+    .EXIT
+    BVE     (%rp)
+	NOP
+	.PROCEND	;in=23,24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+;
+; arg0 = rp 
+; arg1 = ap
+; arg2 = bp 
+; arg3 = n
+
+t1       .reg %r22
+t2       .reg %r21
+sub_tmp1 .reg %r20
+sub_tmp2 .reg %r19
+
+
+bn_sub_words
+	.proc
+	.callinfo 
+	.EXPORT	bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+	.align 64
+
+    CMPIB,>=  0,n,bn_sub_words_exit
+    COPY    %r0,%ret0           ; return 0 by default
+
+	;
+	; If 2 or more numbers do the loop
+	;
+	CMPIB,= 1,n,bn_sub_words_single_top
+	NOP
+
+	;
+	; This loop is unrolled 2 times (64-byte aligned as well)
+	;
+bn_sub_words_unroll2
+	LDD     0(a_ptr),t1
+	LDD     0(b_ptr),t2
+	SUB     t1,t2,sub_tmp1           ; t3 = t1-t2; 
+	SUB     sub_tmp1,%ret0,sub_tmp1  ; t3 = t3- c; 
+
+	CMPCLR,*>> t1,t2,sub_tmp2        ; clear if t1 > t2
+	LDO      1(%r0),sub_tmp2
+	
+	CMPCLR,*= t1,t2,%r0
+	COPY    sub_tmp2,%ret0
+	STD     sub_tmp1,0(r_ptr)
+
+	LDD     8(a_ptr),t1
+	LDD     8(b_ptr),t2
+	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
+	SUB     sub_tmp1,%ret0,sub_tmp1   ; t3 = t3- c; 
+	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
+	LDO      1(%r0),sub_tmp2
+	
+	CMPCLR,*= t1,t2,%r0
+	COPY    sub_tmp2,%ret0
+	STD     sub_tmp1,8(r_ptr)
+
+	LDO     -2(n),n
+	LDO     16(a_ptr),a_ptr
+	LDO     16(b_ptr),b_ptr
+
+	CMPIB,<= 2,n,bn_sub_words_unroll2
+	LDO     16(r_ptr),r_ptr
+
+    CMPIB,=,N 0,n,bn_sub_words_exit ; are we done?
+
+bn_sub_words_single_top
+	LDD     0(a_ptr),t1
+	LDD     0(b_ptr),t2
+	SUB     t1,t2,sub_tmp1            ; t3 = t1-t2; 
+	SUB     sub_tmp1,%ret0,sub_tmp1   ; t3 = t3- c; 
+	CMPCLR,*>> t1,t2,sub_tmp2         ; clear if t1 > t2
+	LDO      1(%r0),sub_tmp2
+	
+	CMPCLR,*= t1,t2,%r0
+	COPY    sub_tmp2,%ret0
+
+	STD     sub_tmp1,0(r_ptr)
+
+bn_sub_words_exit
+    .EXIT
+    BVE     (%rp)
+	NOP
+	.PROCEND	;in=23,24,25,26,29;out=28;
+
+;------------------------------------------------------------------------------
+;
+; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d)
+;
+; arg0 = h
+; arg1 = l
+; arg2 = d
+;
+; This is mainly just modified assembly from the compiler, thus the
+; lack of variable names.
+;
+;------------------------------------------------------------------------------
+bn_div_words
+	.proc
+	.callinfo CALLER,FRAME=272,ENTRY_GR=%r10,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
+	.EXPORT	bn_div_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+	.IMPORT	BN_num_bits_word,CODE,NO_RELOCATION
+	.IMPORT	__iob,DATA
+	.IMPORT	fprintf,CODE,NO_RELOCATION
+	.IMPORT	abort,CODE,NO_RELOCATION
+	.IMPORT	$$div2U,MILLICODE
+    .entry
+    STD     %r2,-16(%r30)   
+    STD,MA  %r3,352(%r30)   
+    STD     %r4,-344(%r30)  
+    STD     %r5,-336(%r30)  
+    STD     %r6,-328(%r30)  
+    STD     %r7,-320(%r30)  
+    STD     %r8,-312(%r30)  
+    STD     %r9,-304(%r30)  
+    STD     %r10,-296(%r30)
+
+    STD     %r27,-288(%r30)             ; save gp
+
+    COPY    %r24,%r3           ; save d 
+    COPY    %r26,%r4           ; save h (high 64-bits)
+    LDO      -1(%r0),%ret0     ; return -1 by default	
+
+    CMPB,*=  %r0,%arg2,$D3     ; if (d == 0)
+    COPY    %r25,%r5           ; save l (low 64-bits)
+
+    LDO     -48(%r30),%r29     ; create ap 
+    .CALL   ;in=26,29;out=28;
+    B,L     BN_num_bits_word,%r2 
+    COPY    %r3,%r26        
+    LDD     -288(%r30),%r27    ; restore gp 
+    LDI     64,%r21 
+
+    CMPB,=  %r21,%ret0,$00000012   ;if (i == 64) (forward) 
+    COPY    %ret0,%r24             ; i   
+    MTSARCM %r24    
+    DEPDI,Z -1,%sar,1,%r29  
+    CMPB,*<<,N %r29,%r4,bn_div_err_case ; if (h > 1<<i) (forward) 
+
+$00000012
+    SUBI    64,%r24,%r31                       ; i = 64 - i;
+    CMPCLR,*<< %r4,%r3,%r0                     ; if (h >= d)
+    SUB     %r4,%r3,%r4                        ; h -= d
+    CMPB,=  %r31,%r0,$0000001A                 ; if (i)
+    COPY    %r0,%r10                           ; ret = 0
+    MTSARCM %r31                               ; i to shift
+    DEPD,Z  %r3,%sar,64,%r3                    ; d <<= i;
+    SUBI    64,%r31,%r19                       ; 64 - i; redundent
+    MTSAR   %r19                               ; (64 -i) to shift
+    SHRPD   %r4,%r5,%sar,%r4                   ; l>> (64-i)
+    MTSARCM %r31                               ; i to shift
+    DEPD,Z  %r5,%sar,64,%r5                    ; l <<= i;
+
+$0000001A
+    DEPDI,Z -1,31,32,%r19                      
+    EXTRD,U %r3,31,32,%r6                      ; dh=(d&0xfff)>>32
+    EXTRD,U %r3,63,32,%r8                      ; dl = d&0xffffff
+    LDO     2(%r0),%r9
+    STD    %r3,-280(%r30)                      ; "d" to stack
+
+$0000001C
+    DEPDI,Z -1,63,32,%r29                      ; 
+    EXTRD,U %r4,31,32,%r31                     ; h >> 32
+    CMPB,*=,N  %r31,%r6,$D2     	       ; if ((h>>32) != dh)(forward) div
+    COPY    %r4,%r26       
+    EXTRD,U %r4,31,32,%r25 
+    COPY    %r6,%r24      
+    .CALL   ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL)
+    B,L     $$div2U,%r2     
+    EXTRD,U %r6,31,32,%r23  
+    DEPD    %r28,31,32,%r29 
+$D2
+    STD     %r29,-272(%r30)                   ; q
+    AND     %r5,%r19,%r24                   ; t & 0xffffffff00000000;
+    EXTRD,U %r24,31,32,%r24                 ; ??? 
+    FLDD    -272(%r30),%fr7                 ; q
+    FLDD    -280(%r30),%fr8                 ; d
+    XMPYU   %fr8L,%fr7L,%fr10  
+    FSTD    %fr10,-256(%r30)   
+    XMPYU   %fr8L,%fr7R,%fr22  
+    FSTD    %fr22,-264(%r30)   
+    XMPYU   %fr8R,%fr7L,%fr11 
+    XMPYU   %fr8R,%fr7R,%fr23
+    FSTD    %fr11,-232(%r30)
+    FSTD    %fr23,-240(%r30)
+    LDD     -256(%r30),%r28
+    DEPD,Z  %r28,31,32,%r2 
+    LDD     -264(%r30),%r20
+    ADD,L   %r20,%r2,%r31   
+    LDD     -232(%r30),%r22 
+    DEPD,Z  %r22,31,32,%r22 
+    LDD     -240(%r30),%r21 
+    B       $00000024       ; enter loop  
+    ADD,L   %r21,%r22,%r23 
+
+$0000002A
+    LDO     -1(%r29),%r29   
+    SUB     %r23,%r8,%r23   
+$00000024
+    SUB     %r4,%r31,%r25   
+    AND     %r25,%r19,%r26  
+    CMPB,*<>,N      %r0,%r26,$00000046  ; (forward)
+    DEPD,Z  %r25,31,32,%r20 
+    OR      %r20,%r24,%r21  
+    CMPB,*<<,N  %r21,%r23,$0000002A ;(backward) 
+    SUB     %r31,%r6,%r31   
+;-------------Break path---------------------
+
+$00000046
+    DEPD,Z  %r23,31,32,%r25              ;tl
+    EXTRD,U %r23,31,32,%r26              ;t
+    AND     %r25,%r19,%r24               ;tl = (tl<<32)&0xfffffff0000000L
+    ADD,L   %r31,%r26,%r31               ;th += t; 
+    CMPCLR,*>>=     %r5,%r24,%r0         ;if (l<tl)
+    LDO     1(%r31),%r31                 ; th++;
+    CMPB,*<<=,N     %r31,%r4,$00000036   ;if (n < th) (forward)
+    LDO     -1(%r29),%r29                ;q--; 
+    ADD,L   %r4,%r3,%r4                  ;h += d;
+$00000036
+    ADDIB,=,N       -1,%r9,$D1 ;if (--count == 0) break (forward) 
+    SUB     %r5,%r24,%r28                ; l -= tl;
+    SUB     %r4,%r31,%r24                ; h -= th;
+    SHRPD   %r24,%r28,32,%r4             ; h = ((h<<32)|(l>>32));
+    DEPD,Z  %r29,31,32,%r10              ; ret = q<<32
+    b      $0000001C
+    DEPD,Z  %r28,31,32,%r5               ; l = l << 32 
+
+$D1
+    OR      %r10,%r29,%r28           ; ret |= q
+$D3
+    LDD     -368(%r30),%r2  
+$D0
+    LDD     -296(%r30),%r10 
+    LDD     -304(%r30),%r9  
+    LDD     -312(%r30),%r8  
+    LDD     -320(%r30),%r7  
+    LDD     -328(%r30),%r6  
+    LDD     -336(%r30),%r5  
+    LDD     -344(%r30),%r4  
+    BVE     (%r2)   
+        .EXIT
+    LDD,MB  -352(%r30),%r3 
+
+bn_div_err_case
+    MFIA    %r6     
+    ADDIL   L'bn_div_words-bn_div_err_case,%r6,%r1 
+    LDO     R'bn_div_words-bn_div_err_case(%r1),%r6  
+    ADDIL   LT'__iob,%r27,%r1       
+    LDD     RT'__iob(%r1),%r26      
+    ADDIL   L'C$4-bn_div_words,%r6,%r1    
+    LDO     R'C$4-bn_div_words(%r1),%r25  
+    LDO     64(%r26),%r26   
+    .CALL           ;in=24,25,26,29;out=28;
+    B,L     fprintf,%r2    
+    LDO     -48(%r30),%r29 
+    LDD     -288(%r30),%r27
+    .CALL           ;in=29;
+    B,L     abort,%r2      
+    LDO     -48(%r30),%r29 
+    LDD     -288(%r30),%r27
+    B       $D0         
+    LDD     -368(%r30),%r2  
+	.PROCEND	;in=24,25,26,29;out=28;
+
+;----------------------------------------------------------------------------
+;
+; Registers to hold 64-bit values to manipulate.  The "L" part
+; of the register corresponds to the upper 32-bits, while the "R"
+; part corresponds to the lower 32-bits
+; 
+; Note, that when using b6 and b7, the code must save these before
+; using them because they are callee save registers 
+; 
+;
+; Floating point registers to use to save values that
+; are manipulated.  These don't collide with ftemp1-6 and
+; are all caller save registers
+;
+a0        .reg %fr22
+a0L       .reg %fr22L
+a0R       .reg %fr22R
+
+a1        .reg %fr23
+a1L       .reg %fr23L
+a1R       .reg %fr23R
+
+a2        .reg %fr24
+a2L       .reg %fr24L
+a2R       .reg %fr24R
+
+a3        .reg %fr25
+a3L       .reg %fr25L
+a3R       .reg %fr25R
+
+a4        .reg %fr26
+a4L       .reg %fr26L
+a4R       .reg %fr26R
+
+a5        .reg %fr27
+a5L       .reg %fr27L
+a5R       .reg %fr27R
+
+a6        .reg %fr28
+a6L       .reg %fr28L
+a6R       .reg %fr28R
+
+a7        .reg %fr29
+a7L       .reg %fr29L
+a7R       .reg %fr29R
+
+b0        .reg %fr30
+b0L       .reg %fr30L
+b0R       .reg %fr30R
+
+b1        .reg %fr31
+b1L       .reg %fr31L
+b1R       .reg %fr31R
+
+;
+; Temporary floating point variables, these are all caller save
+; registers
+;
+ftemp1    .reg %fr4
+ftemp2    .reg %fr5
+ftemp3    .reg %fr6
+ftemp4    .reg %fr7
+
+;
+; The B set of registers when used.
+;
+
+b2        .reg %fr8
+b2L       .reg %fr8L
+b2R       .reg %fr8R
+
+b3        .reg %fr9
+b3L       .reg %fr9L
+b3R       .reg %fr9R
+
+b4        .reg %fr10
+b4L       .reg %fr10L
+b4R       .reg %fr10R
+
+b5        .reg %fr11
+b5L       .reg %fr11L
+b5R       .reg %fr11R
+
+b6        .reg %fr12
+b6L       .reg %fr12L
+b6R       .reg %fr12R
+
+b7        .reg %fr13
+b7L       .reg %fr13L
+b7R       .reg %fr13R
+
+c1           .reg %r21   ; only reg
+temp1        .reg %r20   ; only reg
+temp2        .reg %r19   ; only reg
+temp3        .reg %r31   ; only reg
+
+m1           .reg %r28   
+c2           .reg %r23   
+high_one     .reg %r1
+ht           .reg %r6
+lt           .reg %r5
+m            .reg %r4
+c3           .reg %r3
+
+SQR_ADD_C  .macro  A0L,A0R,C1,C2,C3
+    XMPYU   A0L,A0R,ftemp1       ; m
+    FSTD    ftemp1,-24(%sp)      ; store m
+
+    XMPYU   A0R,A0R,ftemp2       ; lt
+    FSTD    ftemp2,-16(%sp)      ; store lt
+
+    XMPYU   A0L,A0L,ftemp3       ; ht
+    FSTD    ftemp3,-8(%sp)       ; store ht
+
+    LDD     -24(%sp),m           ; load m
+    AND     m,high_mask,temp2    ; m & Mask
+    DEPD,Z  m,30,31,temp3        ; m << 32+1
+    LDD     -16(%sp),lt          ; lt
+
+    LDD     -8(%sp),ht           ; ht
+    EXTRD,U temp2,32,33,temp1    ; temp1 = m&Mask >> 32-1
+    ADD     temp3,lt,lt          ; lt = lt+m
+    ADD,L   ht,temp1,ht          ; ht += temp1
+    ADD,DC  ht,%r0,ht            ; ht++
+
+    ADD     C1,lt,C1             ; c1=c1+lt
+    ADD,DC  ht,%r0,ht            ; ht++
+
+    ADD     C2,ht,C2             ; c2=c2+ht
+    ADD,DC  C3,%r0,C3            ; c3++
+.endm
+
+SQR_ADD_C2 .macro  A0L,A0R,A1L,A1R,C1,C2,C3
+    XMPYU   A0L,A1R,ftemp1          ; m1 = bl*ht
+    FSTD    ftemp1,-16(%sp)         ;
+    XMPYU   A0R,A1L,ftemp2          ; m = bh*lt
+    FSTD    ftemp2,-8(%sp)          ;
+    XMPYU   A0R,A1R,ftemp3          ; lt = bl*lt
+    FSTD    ftemp3,-32(%sp)
+    XMPYU   A0L,A1L,ftemp4          ; ht = bh*ht
+    FSTD    ftemp4,-24(%sp)         ;
+
+    LDD     -8(%sp),m               ; r21 = m
+    LDD     -16(%sp),m1             ; r19 = m1
+    ADD,L   m,m1,m                  ; m+m1
+
+    DEPD,Z  m,31,32,temp3           ; (m+m1<<32)
+    LDD     -24(%sp),ht             ; r24 = ht
+
+    CMPCLR,*>>= m,m1,%r0            ; if (m < m1)
+    ADD,L   ht,high_one,ht          ; ht+=high_one
+
+    EXTRD,U m,31,32,temp1           ; m >> 32
+    LDD     -32(%sp),lt             ; lt
+    ADD,L   ht,temp1,ht             ; ht+= m>>32
+    ADD     lt,temp3,lt             ; lt = lt+m1
+    ADD,DC  ht,%r0,ht               ; ht++
+
+    ADD     ht,ht,ht                ; ht=ht+ht;
+    ADD,DC  C3,%r0,C3               ; add in carry (c3++)
+
+    ADD     lt,lt,lt                ; lt=lt+lt;
+    ADD,DC  ht,%r0,ht               ; add in carry (ht++)
+
+    ADD     C1,lt,C1                ; c1=c1+lt
+    ADD,DC,*NUV ht,%r0,ht           ; add in carry (ht++)
+    LDO     1(C3),C3              ; bump c3 if overflow,nullify otherwise
+
+    ADD     C2,ht,C2                ; c2 = c2 + ht
+    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
+.endm
+
+;
+;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
+; arg0 = r_ptr
+; arg1 = a_ptr
+;
+
+bn_sqr_comba8
+	.PROC
+	.CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+	.EXPORT	bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .ENTRY
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+
+	;
+	; Zero out carries
+	;
+	COPY     %r0,c1
+	COPY     %r0,c2
+	COPY     %r0,c3
+
+	LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+	;
+	; Load up all of the values we are going to use
+	;
+    FLDD     0(a_ptr),a0       
+    FLDD     8(a_ptr),a1       
+    FLDD    16(a_ptr),a2       
+    FLDD    24(a_ptr),a3       
+    FLDD    32(a_ptr),a4       
+    FLDD    40(a_ptr),a5       
+    FLDD    48(a_ptr),a6       
+    FLDD    56(a_ptr),a7       
+
+	SQR_ADD_C a0L,a0R,c1,c2,c3
+	STD     c1,0(r_ptr)          ; r[0] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
+	STD     c2,8(r_ptr)          ; r[1] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C a1L,a1R,c3,c1,c2
+	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
+	STD     c3,16(r_ptr)            ; r[2] = c3;
+	COPY    %r0,c3
+
+	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
+	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
+	STD     c1,24(r_ptr)           ; r[3] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C a2L,a2R,c2,c3,c1
+	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
+	SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1
+	STD     c2,32(r_ptr)          ; r[4] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2
+	SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2
+	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
+	STD     c3,40(r_ptr)          ; r[5] = c3;
+	COPY    %r0,c3
+
+	SQR_ADD_C a3L,a3R,c1,c2,c3
+	SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3
+	SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3
+	SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3
+	STD     c1,48(r_ptr)          ; r[6] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1
+	SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1
+	SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1
+	SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1
+	STD     c2,56(r_ptr)          ; r[7] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C a4L,a4R,c3,c1,c2
+	SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2
+	SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2
+	SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2
+	STD     c3,64(r_ptr)          ; r[8] = c3;
+	COPY    %r0,c3
+
+	SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3
+	SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3
+	SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3
+	STD     c1,72(r_ptr)          ; r[9] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C a5L,a5R,c2,c3,c1
+	SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1
+	SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1
+	STD     c2,80(r_ptr)          ; r[10] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2
+	SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2
+	STD     c3,88(r_ptr)          ; r[11] = c3;
+	COPY    %r0,c3
+	
+	SQR_ADD_C a6L,a6R,c1,c2,c3
+	SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3
+	STD     c1,96(r_ptr)          ; r[12] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1
+	STD     c2,104(r_ptr)         ; r[13] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C a7L,a7R,c3,c1,c2
+	STD     c3, 112(r_ptr)       ; r[14] = c3
+	STD     c1, 120(r_ptr)       ; r[15] = c1
+
+    .EXIT
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+	.PROCEND	
+
+;-----------------------------------------------------------------------------
+;
+;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
+; arg0 = r_ptr
+; arg1 = a_ptr
+;
+
+bn_sqr_comba4
+	.proc
+	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+	.EXPORT	bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+	.align 64
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+
+	;
+	; Zero out carries
+	;
+	COPY     %r0,c1
+	COPY     %r0,c2
+	COPY     %r0,c3
+
+	LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z -1,32,33,high_mask   ; Create Mask 0xffffffff80000000L
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+	;
+	; Load up all of the values we are going to use
+	;
+    FLDD     0(a_ptr),a0       
+    FLDD     8(a_ptr),a1       
+    FLDD    16(a_ptr),a2       
+    FLDD    24(a_ptr),a3       
+    FLDD    32(a_ptr),a4       
+    FLDD    40(a_ptr),a5       
+    FLDD    48(a_ptr),a6       
+    FLDD    56(a_ptr),a7       
+
+	SQR_ADD_C a0L,a0R,c1,c2,c3
+
+	STD     c1,0(r_ptr)          ; r[0] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1
+
+	STD     c2,8(r_ptr)          ; r[1] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C a1L,a1R,c3,c1,c2
+	SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2
+
+	STD     c3,16(r_ptr)            ; r[2] = c3;
+	COPY    %r0,c3
+
+	SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3
+	SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3
+
+	STD     c1,24(r_ptr)           ; r[3] = c1;
+	COPY    %r0,c1
+
+	SQR_ADD_C a2L,a2R,c2,c3,c1
+	SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1
+
+	STD     c2,32(r_ptr)           ; r[4] = c2;
+	COPY    %r0,c2
+
+	SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2
+	STD     c3,40(r_ptr)           ; r[5] = c3;
+	COPY    %r0,c3
+
+	SQR_ADD_C a3L,a3R,c1,c2,c3
+	STD     c1,48(r_ptr)           ; r[6] = c1;
+	STD     c2,56(r_ptr)           ; r[7] = c2;
+
+    .EXIT
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+	.PROCEND	
+
+
+;---------------------------------------------------------------------------
+
+MUL_ADD_C  .macro  A0L,A0R,B0L,B0R,C1,C2,C3
+    XMPYU   A0L,B0R,ftemp1        ; m1 = bl*ht
+    FSTD    ftemp1,-16(%sp)       ;
+    XMPYU   A0R,B0L,ftemp2        ; m = bh*lt
+    FSTD    ftemp2,-8(%sp)        ;
+    XMPYU   A0R,B0R,ftemp3        ; lt = bl*lt
+    FSTD    ftemp3,-32(%sp)
+    XMPYU   A0L,B0L,ftemp4        ; ht = bh*ht
+    FSTD    ftemp4,-24(%sp)       ;
+
+    LDD     -8(%sp),m             ; r21 = m
+    LDD     -16(%sp),m1           ; r19 = m1
+    ADD,L   m,m1,m                ; m+m1
+
+    DEPD,Z  m,31,32,temp3         ; (m+m1<<32)
+    LDD     -24(%sp),ht           ; r24 = ht
+
+    CMPCLR,*>>= m,m1,%r0          ; if (m < m1)
+    ADD,L   ht,high_one,ht        ; ht+=high_one
+
+    EXTRD,U m,31,32,temp1         ; m >> 32
+    LDD     -32(%sp),lt           ; lt
+    ADD,L   ht,temp1,ht           ; ht+= m>>32
+    ADD     lt,temp3,lt           ; lt = lt+m1
+    ADD,DC  ht,%r0,ht             ; ht++
+
+    ADD     C1,lt,C1              ; c1=c1+lt
+    ADD,DC  ht,%r0,ht             ; bump c3 if overflow,nullify otherwise
+
+    ADD     C2,ht,C2              ; c2 = c2 + ht
+    ADD,DC  C3,%r0,C3             ; add in carry (c3++)
+.endm
+
+
+;
+;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = b_ptr
+;
+
+bn_mul_comba8
+	.proc
+	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+	.EXPORT	bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+    FSTD    %fr12,32(%sp)       ; save r6
+    FSTD    %fr13,40(%sp)       ; save r7
+
+	;
+	; Zero out carries
+	;
+	COPY     %r0,c1
+	COPY     %r0,c2
+	COPY     %r0,c3
+
+	LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+	;
+	; Load up all of the values we are going to use
+	;
+    FLDD      0(a_ptr),a0       
+    FLDD      8(a_ptr),a1       
+    FLDD     16(a_ptr),a2       
+    FLDD     24(a_ptr),a3       
+    FLDD     32(a_ptr),a4       
+    FLDD     40(a_ptr),a5       
+    FLDD     48(a_ptr),a6       
+    FLDD     56(a_ptr),a7       
+
+    FLDD      0(b_ptr),b0       
+    FLDD      8(b_ptr),b1       
+    FLDD     16(b_ptr),b2       
+    FLDD     24(b_ptr),b3       
+    FLDD     32(b_ptr),b4       
+    FLDD     40(b_ptr),b5       
+    FLDD     48(b_ptr),b6       
+    FLDD     56(b_ptr),b7       
+
+	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
+	STD       c1,0(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
+	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
+	STD       c2,8(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
+	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
+	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
+	STD       c3,16(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
+	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
+	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
+	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
+	STD       c1,24(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1
+	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
+	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
+	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
+	MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1
+	STD       c2,32(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2
+	MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2
+	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
+	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
+	MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2
+	MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2
+	STD       c3,40(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3
+	MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3
+	MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3
+	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
+	MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3
+	MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3
+	MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3
+	STD       c1,48(r_ptr)
+	COPY      %r0,c1
+	
+	MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1
+	MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1
+	MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1
+	MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1
+	MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1
+	MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1
+	MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1
+	MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1
+	STD       c2,56(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2
+	MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2
+	MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2
+	MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2
+	MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2
+	MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2
+	MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2
+	STD       c3,64(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3
+	MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3
+	MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3
+	MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3
+	MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3
+	MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3
+	STD       c1,72(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1
+	MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1
+	MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1
+	MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1
+	MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1
+	STD       c2,80(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2
+	MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2
+	MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2
+	MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2
+	STD       c3,88(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3
+	MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3
+	MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3
+	STD       c1,96(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1
+	MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1
+	STD       c2,104(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2
+	STD       c3,112(r_ptr)
+	STD       c1,120(r_ptr)
+
+    .EXIT
+    FLDD    -88(%sp),%fr13 
+    FLDD    -96(%sp),%fr12 
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+	.PROCEND	
+
+;-----------------------------------------------------------------------------
+;
+;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+; arg0 = r_ptr
+; arg1 = a_ptr
+; arg2 = b_ptr
+;
+
+bn_mul_comba4
+	.proc
+	.callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE
+	.EXPORT	bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN
+    .entry
+	.align 64
+
+    STD     %r3,0(%sp)          ; save r3
+    STD     %r4,8(%sp)          ; save r4
+    STD     %r5,16(%sp)         ; save r5
+    STD     %r6,24(%sp)         ; save r6
+    FSTD    %fr12,32(%sp)       ; save r6
+    FSTD    %fr13,40(%sp)       ; save r7
+
+	;
+	; Zero out carries
+	;
+	COPY     %r0,c1
+	COPY     %r0,c2
+	COPY     %r0,c3
+
+	LDO      128(%sp),%sp       ; bump stack
+    DEPDI,Z  1,31,1,high_one     ; Create Value  1 << 32
+
+	;
+	; Load up all of the values we are going to use
+	;
+    FLDD      0(a_ptr),a0       
+    FLDD      8(a_ptr),a1       
+    FLDD     16(a_ptr),a2       
+    FLDD     24(a_ptr),a3       
+
+    FLDD      0(b_ptr),b0       
+    FLDD      8(b_ptr),b1       
+    FLDD     16(b_ptr),b2       
+    FLDD     24(b_ptr),b3       
+
+	MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3
+	STD       c1,0(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1
+	MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1
+	STD       c2,8(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2
+	MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2
+	MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2
+	STD       c3,16(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3
+	MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3
+	MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3
+	MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3
+	STD       c1,24(r_ptr)
+	COPY      %r0,c1
+
+	MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1
+	MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1
+	MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1
+	STD       c2,32(r_ptr)
+	COPY      %r0,c2
+
+	MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2
+	MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2
+	STD       c3,40(r_ptr)
+	COPY      %r0,c3
+
+	MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3
+	STD       c1,48(r_ptr)
+	STD       c2,56(r_ptr)
+
+    .EXIT
+    FLDD    -88(%sp),%fr13 
+    FLDD    -96(%sp),%fr12 
+    LDD     -104(%sp),%r6        ; restore r6
+    LDD     -112(%sp),%r5        ; restore r5
+    LDD     -120(%sp),%r4        ; restore r4
+    BVE     (%rp)
+    LDD,MB  -128(%sp),%r3
+
+	.PROCEND	
+
+
+	.SPACE	$TEXT$
+	.SUBSPA	$CODE$
+	.SPACE	$PRIVATE$,SORT=16
+	.IMPORT	$global$,DATA
+	.SPACE	$TEXT$
+	.SUBSPA	$CODE$
+	.SUBSPA	$LIT$,ACCESS=0x2c
+C$4
+	.ALIGN	8
+	.STRINGZ	"Division would overflow (%d)\n"
+	.END
diff --git a/crypto/bn/asm/sparc.s b/crypto/bn/asm/sparc.s
deleted file mode 100644
index f9e533caa8..0000000000
--- a/crypto/bn/asm/sparc.s
+++ /dev/null
@@ -1,462 +0,0 @@
-	.file	"bn_mulw.c"
-gcc2_compiled.:
-.section	".text"
-	.align 4
-	.global bn_mul_add_words
-	.type	 bn_mul_add_words,#function
-	.proc	016
-bn_mul_add_words:
-	!#PROLOGUE# 0
-	save %sp,-112,%sp
-	!#PROLOGUE# 1
-	mov %i0,%o0
-	mov %i1,%o2
-	mov %i2,%g1
-	mov %i3,%o1
-	mov 0,%i4
-	add %o0,12,%g4
-	add %o2,12,%o7
-.LL2:
-	mov %i4,%i3
-	mov 0,%i2
-	ld [%o0],%g2
-	mov %g2,%i1
-	ld [%o2],%g2
-	mov 0,%i0
-	umul %o1,%g2,%g3
-	rd %y,%g2
-	addcc %g3,%i1,%g3
-	addx %g2,%i0,%g2
-	addcc %g3,%i3,%g3
-	addx %g2,%i2,%g2
-	st %g3,[%o0]
-	mov %g2,%i5
-	mov 0,%i4
-	addcc %g1,-1,%g1
-	be .LL3
-	mov %i5,%i4
-	mov %i4,%i3
-	mov 0,%i2
-	ld [%g4-8],%g2
-	mov %g2,%i1
-	ld [%o7-8],%g2
-	mov 0,%i0
-	umul %o1,%g2,%g3
-	rd %y,%g2
-	addcc %g3,%i1,%g3
-	addx %g2,%i0,%g2
-	addcc %g3,%i3,%g3
-	addx %g2,%i2,%g2
-	st %g3,[%g4-8]
-	mov %g2,%i5
-	mov 0,%i4
-	addcc %g1,-1,%g1
-	be .LL3
-	mov %i5,%i4
-	mov %i4,%i3
-	mov 0,%i2
-	ld [%g4-4],%g2
-	mov %g2,%i1
-	ld [%o7-4],%g2
-	mov 0,%i0
-	umul %o1,%g2,%g3
-	rd %y,%g2
-	addcc %g3,%i1,%g3
-	addx %g2,%i0,%g2
-	addcc %g3,%i3,%g3
-	addx %g2,%i2,%g2
-	st %g3,[%g4-4]
-	mov %g2,%i5
-	mov 0,%i4
-	addcc %g1,-1,%g1
-	be .LL3
-	mov %i5,%i4
-	mov %i4,%i3
-	mov 0,%i2
-	ld [%g4],%g2
-	mov %g2,%i1
-	ld [%o7],%g2
-	mov 0,%i0
-	umul %o1,%g2,%g3
-	rd %y,%g2
-	addcc %g3,%i1,%g3
-	addx %g2,%i0,%g2
-	addcc %g3,%i3,%g3
-	addx %g2,%i2,%g2
-	st %g3,[%g4]
-	mov %g2,%i5
-	mov 0,%i4
-	addcc %g1,-1,%g1
-	be .LL3
-	mov %i5,%i4
-	add %o7,16,%o7
-	add %o2,16,%o2
-	add %g4,16,%g4
-	b .LL2
-	add %o0,16,%o0
-.LL3:
-	ret
-	restore %g0,%i4,%o0
-.LLfe1:
-	.size	 bn_mul_add_words,.LLfe1-bn_mul_add_words
-	.align 4
-	.global bn_mul_words
-	.type	 bn_mul_words,#function
-	.proc	016
-bn_mul_words:
-	!#PROLOGUE# 0
-	save %sp,-112,%sp
-	!#PROLOGUE# 1
-	mov %i0,%o7
-	mov %i1,%o0
-	mov %i2,%i4
-	mov %i3,%g4
-	mov 0,%i0
-	add %o7,12,%g1
-	add %o0,12,%i5
-.LL18:
-	mov %i0,%g3
-	mov 0,%g2
-	ld [%o0],%i2
-	umul %g4,%i2,%i3
-	rd %y,%i2
-	addcc %i3,%g3,%i3
-	addx %i2,%g2,%i2
-	st %i3,[%o7]
-	mov %i2,%i1
-	mov 0,%i0
-	addcc %i4,-1,%i4
-	be .LL19
-	mov %i1,%i0
-	mov %i0,%g3
-	mov 0,%g2
-	ld [%i5-8],%i2
-	umul %g4,%i2,%i3
-	rd %y,%i2
-	addcc %i3,%g3,%i3
-	addx %i2,%g2,%i2
-	st %i3,[%g1-8]
-	mov %i2,%i1
-	mov 0,%i0
-	addcc %i4,-1,%i4
-	be .LL19
-	mov %i1,%i0
-	mov %i0,%g3
-	mov 0,%g2
-	ld [%i5-4],%i2
-	umul %g4,%i2,%i3
-	rd %y,%i2
-	addcc %i3,%g3,%i3
-	addx %i2,%g2,%i2
-	st %i3,[%g1-4]
-	mov %i2,%i1
-	mov 0,%i0
-	addcc %i4,-1,%i4
-	be .LL19
-	mov %i1,%i0
-	mov %i0,%g3
-	mov 0,%g2
-	ld [%i5],%i2
-	umul %g4,%i2,%i3
-	rd %y,%i2
-	addcc %i3,%g3,%i3
-	addx %i2,%g2,%i2
-	st %i3,[%g1]
-	mov %i2,%i1
-	mov 0,%i0
-	addcc %i4,-1,%i4
-	be .LL19
-	mov %i1,%i0
-	add %i5,16,%i5
-	add %o0,16,%o0
-	add %g1,16,%g1
-	b .LL18
-	add %o7,16,%o7
-.LL19:
-	ret
-	restore
-.LLfe2:
-	.size	 bn_mul_words,.LLfe2-bn_mul_words
-	.align 4
-	.global bn_sqr_words
-	.type	 bn_sqr_words,#function
-	.proc	020
-bn_sqr_words:
-	!#PROLOGUE# 0
-	!#PROLOGUE# 1
-	mov %o0,%g4
-	add %g4,28,%o3
-	add %o1,12,%g1
-.LL34:
-	ld [%o1],%o0
-	addcc %o2,-1,%o2
-	umul %o0,%o0,%o5
-	rd %y,%o4
-	st %o5,[%g4]
-	mov %o4,%g3
-	mov 0,%g2
-	be .LL35
-	st %g3,[%o3-24]
-	ld [%g1-8],%o0
-	addcc %o2,-1,%o2
-	umul %o0,%o0,%o5
-	rd %y,%o4
-	st %o5,[%o3-20]
-	mov %o4,%g3
-	mov 0,%g2
-	be .LL35
-	st %g3,[%o3-16]
-	ld [%g1-4],%o0
-	addcc %o2,-1,%o2
-	umul %o0,%o0,%o5
-	rd %y,%o4
-	st %o5,[%o3-12]
-	mov %o4,%g3
-	mov 0,%g2
-	be .LL35
-	st %g3,[%o3-8]
-	ld [%g1],%o0
-	addcc %o2,-1,%o2
-	umul %o0,%o0,%o5
-	rd %y,%o4
-	st %o5,[%o3-4]
-	mov %o4,%g3
-	mov 0,%g2
-	be .LL35
-	st %g3,[%o3]
-	add %g1,16,%g1
-	add %o1,16,%o1
-	add %o3,32,%o3
-	b .LL34
-	add %g4,32,%g4
-.LL35:
-	retl
-	nop
-.LLfe3:
-	.size	 bn_sqr_words,.LLfe3-bn_sqr_words
-	.align 4
-	.global bn_add_words
-	.type	 bn_add_words,#function
-	.proc	016
-bn_add_words:
-	!#PROLOGUE# 0
-	save %sp,-112,%sp
-	!#PROLOGUE# 1
-	mov %i0,%o2
-	mov %i1,%o3
-	mov %i2,%o4
-	mov %i3,%i5
-	mov 0,%o0
-	mov 0,%o1
-	add %o2,12,%o7
-	add %o4,12,%g4
-	b .LL42
-	add %o3,12,%g1
-.LL45:
-	add %i5,-1,%i5
-	mov %i4,%g3
-	ld [%g4-8],%i4
-	mov 0,%g2
-	mov %i4,%i1
-	mov 0,%i0
-	addcc %g3,%i1,%g3
-	addx %g2,%i0,%g2
-	addcc %o1,%g3,%o1
-	addx %o0,%g2,%o0
-	st %o1,[%o7-8]
-	mov %o0,%i3
-	mov 0,%i2
-	mov %i2,%o0
-	mov %i3,%o1
-	cmp %i5,0
-	ble .LL43
-	add %i5,-1,%i5
-	ld [%g1-4],%i4
-	mov %i4,%g3
-	ld [%g4-4],%i4
-	mov 0,%g2
-	mov %i4,%i1
-	mov 0,%i0
-	addcc %g3,%i1,%g3
-	addx %g2,%i0,%g2
-	addcc %o1,%g3,%o1
-	addx %o0,%g2,%o0
-	st %o1,[%o7-4]
-	mov %o0,%i3
-	mov 0,%i2
-	mov %i2,%o0
-	mov %i3,%o1
-	cmp %i5,0
-	ble .LL43
-	add %i5,-1,%i5
-	ld [%g1],%i4
-	mov %i4,%g3
-	ld [%g4],%i4
-	mov 0,%g2
-	mov %i4,%i1
-	mov 0,%i0
-	addcc %g3,%i1,%g3
-	addx %g2,%i0,%g2
-	addcc %o1,%g3,%o1
-	addx %o0,%g2,%o0
-	st %o1,[%o7]
-	mov %o0,%i3
-	mov 0,%i2
-	mov %i2,%o0
-	mov %i3,%o1
-	cmp %i5,0
-	ble .LL43
-	add %g1,16,%g1
-	add %o3,16,%o3
-	add %g4,16,%g4
-	add %o4,16,%o4
-	add %o7,16,%o7
-	add %o2,16,%o2
-.LL42:
-	ld [%o3],%i4
-	add %i5,-1,%i5
-	mov %i4,%g3
-	ld [%o4],%i4
-	mov 0,%g2
-	mov %i4,%i1
-	mov 0,%i0
-	addcc %g3,%i1,%g3
-	addx %g2,%i0,%g2
-	addcc %o1,%g3,%o1
-	addx %o0,%g2,%o0
-	st %o1,[%o2]
-	mov %o0,%i3
-	mov 0,%i2
-	mov %i2,%o0
-	mov %i3,%o1
-	cmp %i5,0
-	bg,a .LL45
-	ld [%g1-8],%i4
-.LL43:
-	ret
-	restore %g0,%o1,%o0
-.LLfe4:
-	.size	 bn_add_words,.LLfe4-bn_add_words
-.section	".rodata"
-	.align 8
-.LLC0:
-	.asciz	"Division would overflow (%d)\n"
-.section	".text"
-	.align 4
-	.global bn_div64
-	.type	 bn_div64,#function
-	.proc	016
-bn_div64:
-	!#PROLOGUE# 0
-	save %sp,-112,%sp
-	!#PROLOGUE# 1
-	mov 0,%l1
-	cmp %i2,0
-	bne .LL51
-	mov 2,%l0
-	b .LL68
-	mov -1,%i0
-.LL51:
-	call BN_num_bits_word,0
-	mov %i2,%o0
-	mov %o0,%o2
-	cmp %o2,32
-	be .LL52
-	mov 1,%o0
-	sll %o0,%o2,%o0
-	cmp %i0,%o0
-	bleu .LL69
-	mov 32,%o0
-	sethi %hi(__iob+32),%o0
-	or %o0,%lo(__iob+32),%o0
-	sethi %hi(.LLC0),%o1
-	call fprintf,0
-	or %o1,%lo(.LLC0),%o1
-	call abort,0
-	nop
-.LL52:
-	mov 32,%o0
-.LL69:
-	cmp %i0,%i2
-	blu .LL53
-	sub %o0,%o2,%o2
-	sub %i0,%i2,%i0
-.LL53:
-	cmp %o2,0
-	be .LL54
-	sll %i0,%o2,%o1
-	sll %i2,%o2,%i2
-	sub %o0,%o2,%o0
-	srl %i1,%o0,%o0
-	or %o1,%o0,%i0
-	sll %i1,%o2,%i1
-.LL54:
-	srl %i2,16,%g2
-	sethi %hi(65535),%o0
-	or %o0,%lo(65535),%o1
-	and %i2,%o1,%g3
-	mov %o0,%g4
-	sethi %hi(-65536),%o7
-	mov %o1,%g1
-.LL55:
-	srl %i0,16,%o0
-	cmp %o0,%g2
-	be .LL59
-	or %g4,%lo(65535),%o3
-	wr %g0,%g0,%y
-	nop
-	nop
-	nop
-	udiv %i0,%g2,%o3
-.LL59:
-	and %i1,%o7,%o0
-	srl %o0,16,%o5
-	smul %o3,%g3,%o4
-	smul %o3,%g2,%o2
-.LL60:
-	sub %i0,%o2,%o1
-	andcc %o1,%o7,%g0
-	bne .LL61
-	sll %o1,16,%o0
-	add %o0,%o5,%o0
-	cmp %o4,%o0
-	bleu .LL61
-	sub %o4,%g3,%o4
-	sub %o2,%g2,%o2
-	b .LL60
-	add %o3,-1,%o3
-.LL61:
-	smul %o3,%g2,%o2
-	smul %o3,%g3,%o0
-	srl %o0,16,%o1
-	sll %o0,16,%o0
-	and %o0,%o7,%o0
-	cmp %i1,%o0
-	bgeu .LL65
-	add %o2,%o1,%o2
-	add %o2,1,%o2
-.LL65:
-	cmp %i0,%o2
-	bgeu .LL66
-	sub %i1,%o0,%i1
-	add %i0,%i2,%i0
-	add %o3,-1,%o3
-.LL66:
-	addcc %l0,-1,%l0
-	be .LL56
-	sub %i0,%o2,%i0
-	sll %o3,16,%l1
-	sll %i0,16,%o0
-	srl %i1,16,%o1
-	or %o0,%o1,%i0
-	and %i1,%g1,%o0
-	b .LL55
-	sll %o0,16,%i1
-.LL56:
-	or %l1,%o3,%i0
-.LL68:
-	ret
-	restore
-.LLfe5:
-	.size	 bn_div64,.LLfe5-bn_div64
-	.ident	"GCC: (GNU) 2.7.2.3"
diff --git a/crypto/bn/asm/sparcv8.S b/crypto/bn/asm/sparcv8.S
new file mode 100644
index 0000000000..88c5dc480a
--- /dev/null
+++ b/crypto/bn/asm/sparcv8.S
@@ -0,0 +1,1458 @@
+.ident	"sparcv8.s, Version 1.4"
+.ident	"SPARC v8 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+
+/*
+ * ====================================================================
+ * Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contributon to OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is
+ * a drop-in SuperSPARC ISA replacement for crypto/bn/bn_asm.c
+ * module. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * See bn_asm.sparc.v8plus.S for more details.
+ */
+
+/*
+ * Revision history.
+ *
+ * 1.1	- new loop unrolling model(*);
+ * 1.2	- made gas friendly;
+ * 1.3	- fixed problem with /usr/ccs/lib/cpp;
+ * 1.4	- some retunes;
+ *
+ * (*)	see bn_asm.sparc.v8plus.S for details
+ */
+
+.section	".text",#alloc,#execinstr
+.file		"bn_asm.sparc.v8.S"
+
+.align	32
+
+.global bn_mul_add_words
+/*
+ * BN_ULONG bn_mul_add_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_add_words:
+	cmp	%o2,0
+	bg,a	.L_bn_mul_add_words_proceed
+	ld	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_mul_add_words_proceed:
+	andcc	%o2,-4,%g0
+	bz	.L_bn_mul_add_words_tail
+	clr	%o5
+
+.L_bn_mul_add_words_loop:
+	ld	[%o0],%o4
+	ld	[%o1+4],%g3
+	umul	%o3,%g2,%g2
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	st	%o4,[%o0]
+	addx	%g1,0,%o5
+
+	ld	[%o0+4],%o4
+	ld	[%o1+8],%g2
+	umul	%o3,%g3,%g3
+	dec	4,%o2
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g3,%o4
+	st	%o4,[%o0+4]
+	addx	%g1,0,%o5
+
+	ld	[%o0+8],%o4
+	ld	[%o1+12],%g3
+	umul	%o3,%g2,%g2
+	inc	16,%o1
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	st	%o4,[%o0+8]
+	addx	%g1,0,%o5
+
+	ld	[%o0+12],%o4
+	umul	%o3,%g3,%g3
+	inc	16,%o0
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g3,%o4
+	st	%o4,[%o0-4]
+	addx	%g1,0,%o5
+	andcc	%o2,-4,%g0
+	bnz,a	.L_bn_mul_add_words_loop
+	ld	[%o1],%g2
+
+	tst	%o2
+	bnz,a	.L_bn_mul_add_words_tail
+	ld	[%o1],%g2
+.L_bn_mul_add_words_return:
+	retl
+	mov	%o5,%o0
+	nop
+
+.L_bn_mul_add_words_tail:
+	ld	[%o0],%o4
+	umul	%o3,%g2,%g2
+	addcc	%o4,%o5,%o4
+	rd	%y,%g1
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	addx	%g1,0,%o5
+	deccc	%o2
+	bz	.L_bn_mul_add_words_return
+	st	%o4,[%o0]
+
+	ld	[%o1+4],%g2
+	ld	[%o0+4],%o4
+	umul	%o3,%g2,%g2
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	addx	%g1,0,%o5
+	deccc	%o2
+	bz	.L_bn_mul_add_words_return
+	st	%o4,[%o0+4]
+
+	ld	[%o1+8],%g2
+	ld	[%o0+8],%o4
+	umul	%o3,%g2,%g2
+	rd	%y,%g1
+	addcc	%o4,%o5,%o4
+	addx	%g1,0,%g1
+	addcc	%o4,%g2,%o4
+	st	%o4,[%o0+8]
+	retl
+	addx	%g1,0,%o0
+
+.type	bn_mul_add_words,#function
+.size	bn_mul_add_words,(.-bn_mul_add_words)
+
+.align	32
+
+.global bn_mul_words
+/*
+ * BN_ULONG bn_mul_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_words:
+	cmp	%o2,0
+	bg,a	.L_bn_mul_words_proceeed
+	ld	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_mul_words_proceeed:
+	andcc	%o2,-4,%g0
+	bz	.L_bn_mul_words_tail
+	clr	%o5
+
+.L_bn_mul_words_loop:
+	ld	[%o1+4],%g3
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	addx	%g1,0,%o5
+	st	%g2,[%o0]
+
+	ld	[%o1+8],%g2
+	umul	%o3,%g3,%g3
+	addcc	%g3,%o5,%g3
+	rd	%y,%g1
+	dec	4,%o2
+	addx	%g1,0,%o5
+	st	%g3,[%o0+4]
+
+	ld	[%o1+12],%g3
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	inc	16,%o1
+	st	%g2,[%o0+8]
+	addx	%g1,0,%o5
+
+	umul	%o3,%g3,%g3
+	addcc	%g3,%o5,%g3
+	rd	%y,%g1
+	inc	16,%o0
+	addx	%g1,0,%o5
+	st	%g3,[%o0-4]
+	andcc	%o2,-4,%g0
+	nop
+	bnz,a	.L_bn_mul_words_loop
+	ld	[%o1],%g2
+
+	tst	%o2
+	bnz,a	.L_bn_mul_words_tail
+	ld	[%o1],%g2
+.L_bn_mul_words_return:
+	retl
+	mov	%o5,%o0
+	nop
+
+.L_bn_mul_words_tail:
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	addx	%g1,0,%o5
+	deccc	%o2
+	bz	.L_bn_mul_words_return
+	st	%g2,[%o0]
+	nop
+
+	ld	[%o1+4],%g2
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	addx	%g1,0,%o5
+	deccc	%o2
+	bz	.L_bn_mul_words_return
+	st	%g2,[%o0+4]
+
+	ld	[%o1+8],%g2
+	umul	%o3,%g2,%g2
+	addcc	%g2,%o5,%g2
+	rd	%y,%g1
+	st	%g2,[%o0+8]
+	retl
+	addx	%g1,0,%o0
+
+.type	bn_mul_words,#function
+.size	bn_mul_words,(.-bn_mul_words)
+
+.align  32
+.global	bn_sqr_words
+/*
+ * void bn_sqr_words(r,a,n)
+ * BN_ULONG *r,*a;
+ * int n;
+ */
+bn_sqr_words:
+	cmp	%o2,0
+	bg,a	.L_bn_sqr_words_proceeed
+	ld	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_sqr_words_proceeed:
+	andcc	%o2,-4,%g0
+	bz	.L_bn_sqr_words_tail
+	clr	%o5
+
+.L_bn_sqr_words_loop:
+	ld	[%o1+4],%g3
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0]
+	rd	%y,%o5
+	st	%o5,[%o0+4]
+
+	ld	[%o1+8],%g2
+	umul	%g3,%g3,%o4
+	dec	4,%o2
+	st	%o4,[%o0+8]
+	rd	%y,%o5
+	st	%o5,[%o0+12]
+	nop
+
+	ld	[%o1+12],%g3
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0+16]
+	rd	%y,%o5
+	inc	16,%o1
+	st	%o5,[%o0+20]
+
+	umul	%g3,%g3,%o4
+	inc	32,%o0
+	st	%o4,[%o0-8]
+	rd	%y,%o5
+	st	%o5,[%o0-4]
+	andcc	%o2,-4,%g2
+	bnz,a	.L_bn_sqr_words_loop
+	ld	[%o1],%g2
+
+	tst	%o2
+	nop
+	bnz,a	.L_bn_sqr_words_tail
+	ld	[%o1],%g2
+.L_bn_sqr_words_return:
+	retl
+	clr	%o0
+
+.L_bn_sqr_words_tail:
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0]
+	deccc	%o2
+	rd	%y,%o5
+	bz	.L_bn_sqr_words_return
+	st	%o5,[%o0+4]
+
+	ld	[%o1+4],%g2
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0+8]
+	deccc	%o2
+	rd	%y,%o5
+	nop
+	bz	.L_bn_sqr_words_return
+	st	%o5,[%o0+12]
+
+	ld	[%o1+8],%g2
+	umul	%g2,%g2,%o4
+	st	%o4,[%o0+16]
+	rd	%y,%o5
+	st	%o5,[%o0+20]
+	retl
+	clr	%o0
+
+.type	bn_sqr_words,#function
+.size	bn_sqr_words,(.-bn_sqr_words)
+
+.align	32
+
+.global bn_div_words
+/*
+ * BN_ULONG bn_div_words(h,l,d)
+ * BN_ULONG h,l,d;
+ */
+bn_div_words:
+	wr	%o0,%y
+	udiv	%o1,%o2,%o0
+	retl
+	nop
+
+.type	bn_div_words,#function
+.size	bn_div_words,(.-bn_div_words)
+
+.align	32
+
+.global bn_add_words
+/*
+ * BN_ULONG bn_add_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_add_words:
+	cmp	%o3,0
+	bg,a	.L_bn_add_words_proceed
+	ld	[%o1],%o4
+	retl
+	clr	%o0
+
+.L_bn_add_words_proceed:
+	andcc	%o3,-4,%g0
+	bz	.L_bn_add_words_tail
+	clr	%g1
+	ba	.L_bn_add_words_warn_loop
+	addcc	%g0,0,%g0	! clear carry flag
+
+.L_bn_add_words_loop:
+	ld	[%o1],%o4
+.L_bn_add_words_warn_loop:
+	ld	[%o2],%o5
+	ld	[%o1+4],%g3
+	ld	[%o2+4],%g4
+	dec	4,%o3
+	addxcc	%o5,%o4,%o5
+	st	%o5,[%o0]
+
+	ld	[%o1+8],%o4
+	ld	[%o2+8],%o5
+	inc	16,%o1
+	addxcc	%g3,%g4,%g3
+	st	%g3,[%o0+4]
+	
+	ld	[%o1-4],%g3
+	ld	[%o2+12],%g4
+	inc	16,%o2
+	addxcc	%o5,%o4,%o5
+	st	%o5,[%o0+8]
+
+	inc	16,%o0
+	addxcc	%g3,%g4,%g3
+	st	%g3,[%o0-4]
+	addx	%g0,0,%g1
+	andcc	%o3,-4,%g0
+	bnz,a	.L_bn_add_words_loop
+	addcc	%g1,-1,%g0
+
+	tst	%o3
+	bnz,a	.L_bn_add_words_tail
+	ld	[%o1],%o4
+.L_bn_add_words_return:
+	retl
+	mov	%g1,%o0
+
+.L_bn_add_words_tail:
+	addcc	%g1,-1,%g0
+	ld	[%o2],%o5
+	addxcc	%o5,%o4,%o5
+	addx	%g0,0,%g1
+	deccc	%o3
+	bz	.L_bn_add_words_return
+	st	%o5,[%o0]
+
+	ld	[%o1+4],%o4
+	addcc	%g1,-1,%g0
+	ld	[%o2+4],%o5
+	addxcc	%o5,%o4,%o5
+	addx	%g0,0,%g1
+	deccc	%o3
+	bz	.L_bn_add_words_return
+	st	%o5,[%o0+4]
+
+	ld	[%o1+8],%o4
+	addcc	%g1,-1,%g0
+	ld	[%o2+8],%o5
+	addxcc	%o5,%o4,%o5
+	st	%o5,[%o0+8]
+	retl
+	addx	%g0,0,%o0
+
+.type	bn_add_words,#function
+.size	bn_add_words,(.-bn_add_words)
+
+.align	32
+
+.global bn_sub_words
+/*
+ * BN_ULONG bn_sub_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_sub_words:
+	cmp	%o3,0
+	bg,a	.L_bn_sub_words_proceed
+	ld	[%o1],%o4
+	retl
+	clr	%o0
+
+.L_bn_sub_words_proceed:
+	andcc	%o3,-4,%g0
+	bz	.L_bn_sub_words_tail
+	clr	%g1
+	ba	.L_bn_sub_words_warm_loop
+	addcc	%g0,0,%g0	! clear carry flag
+
+.L_bn_sub_words_loop:
+	ld	[%o1],%o4
+.L_bn_sub_words_warm_loop:
+	ld	[%o2],%o5
+	ld	[%o1+4],%g3
+	ld	[%o2+4],%g4
+	dec	4,%o3
+	subxcc	%o4,%o5,%o5
+	st	%o5,[%o0]
+
+	ld	[%o1+8],%o4
+	ld	[%o2+8],%o5
+	inc	16,%o1
+	subxcc	%g3,%g4,%g4
+	st	%g4,[%o0+4]
+	
+	ld	[%o1-4],%g3
+	ld	[%o2+12],%g4
+	inc	16,%o2
+	subxcc	%o4,%o5,%o5
+	st	%o5,[%o0+8]
+
+	inc	16,%o0
+	subxcc	%g3,%g4,%g4
+	st	%g4,[%o0-4]
+	addx	%g0,0,%g1
+	andcc	%o3,-4,%g0
+	bnz,a	.L_bn_sub_words_loop
+	addcc	%g1,-1,%g0
+
+	tst	%o3
+	nop
+	bnz,a	.L_bn_sub_words_tail
+	ld	[%o1],%o4
+.L_bn_sub_words_return:
+	retl
+	mov	%g1,%o0
+
+.L_bn_sub_words_tail:
+	addcc	%g1,-1,%g0
+	ld	[%o2],%o5
+	subxcc	%o4,%o5,%o5
+	addx	%g0,0,%g1
+	deccc	%o3
+	bz	.L_bn_sub_words_return
+	st	%o5,[%o0]
+	nop
+
+	ld	[%o1+4],%o4
+	addcc	%g1,-1,%g0
+	ld	[%o2+4],%o5
+	subxcc	%o4,%o5,%o5
+	addx	%g0,0,%g1
+	deccc	%o3
+	bz	.L_bn_sub_words_return
+	st	%o5,[%o0+4]
+
+	ld	[%o1+8],%o4
+	addcc	%g1,-1,%g0
+	ld	[%o2+8],%o5
+	subxcc	%o4,%o5,%o5
+	st	%o5,[%o0+8]
+	retl
+	addx	%g0,0,%o0
+
+.type	bn_sub_words,#function
+.size	bn_sub_words,(.-bn_sub_words)
+
+#define FRAME_SIZE	-96
+
+/*
+ * Here is register usage map for *all* routines below.
+ */
+#define t_1	%o0
+#define	t_2	%o1
+#define c_1	%o2
+#define c_2	%o3
+#define c_3	%o4
+
+#define ap(I)	[%i1+4*I]
+#define bp(I)	[%i2+4*I]
+#define rp(I)	[%i0+4*I]
+
+#define	a_0	%l0
+#define	a_1	%l1
+#define	a_2	%l2
+#define	a_3	%l3
+#define	a_4	%l4
+#define	a_5	%l5
+#define	a_6	%l6
+#define	a_7	%l7
+
+#define	b_0	%i3
+#define	b_1	%i4
+#define	b_2	%i5
+#define	b_3	%o5
+#define	b_4	%g1
+#define	b_5	%g2
+#define	b_6	%g3
+#define	b_7	%g4
+
+.align	32
+.global bn_mul_comba8
+/*
+ * void bn_mul_comba8(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba8:
+	save	%sp,FRAME_SIZE,%sp
+	ld	ap(0),a_0
+	ld	bp(0),b_0
+	umul	a_0,b_0,c_1	!=!mul_add_c(a[0],b[0],c1,c2,c3);
+	ld	bp(1),b_1
+	rd	%y,c_2
+	st	c_1,rp(0)	!r[0]=c1;
+
+	umul	a_0,b_1,t_1	!=!mul_add_c(a[0],b[1],c2,c3,c1);
+	ld	ap(1),a_1
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	%g0,t_2,c_3	!=
+	addx	%g0,%g0,c_1
+	ld	ap(2),a_2
+	umul	a_1,b_0,t_1	!mul_add_c(a[1],b[0],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	st	c_2,rp(1)	!r[1]=c2;
+	addx	c_1,%g0,c_1	!=
+
+	umul	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	%g0,%g0,c_2
+	ld	bp(2),b_2
+	umul	a_1,b_1,t_1	!mul_add_c(a[1],b[1],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	ld	bp(3),b_3
+	addx	c_2,%g0,c_2	!=
+	umul	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	st	c_3,rp(2)	!r[2]=c3;
+
+	umul	a_0,b_3,t_1	!mul_add_c(a[0],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3
+	umul	a_1,b_2,t_1	!=!mul_add_c(a[1],b[2],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	ld	ap(3),a_3
+	umul	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2		!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	ld	ap(4),a_4
+	umul	a_3,b_0,t_1	!mul_add_c(a[3],b[0],c1,c2,c3);!=
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(3)	!r[3]=c1;
+
+	umul	a_4,b_0,t_1	!mul_add_c(a[4],b[0],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	umul	a_3,b_1,t_1	!mul_add_c(a[3],b[1],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_2,b_2,t_1	!=!mul_add_c(a[2],b[2],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	ld	bp(4),b_4
+	umul	a_1,b_3,t_1	!mul_add_c(a[1],b[3],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	ld	bp(5),b_5
+	umul	a_0,b_4,t_1	!=!mul_add_c(a[0],b[4],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	st	c_2,rp(4)	!r[4]=c2;
+
+	umul	a_0,b_5,t_1	!mul_add_c(a[0],b[5],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	umul	a_1,b_4,t_1	!mul_add_c(a[1],b[4],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_2,b_3,t_1	!=!mul_add_c(a[2],b[3],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	umul	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	ld	ap(5),a_5
+	umul	a_4,b_1,t_1	!mul_add_c(a[4],b[1],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	ld	ap(6),a_6
+	addx	c_2,%g0,c_2	!=
+	umul	a_5,b_0,t_1	!mul_add_c(a[5],b[0],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	st	c_3,rp(5)	!r[5]=c3;
+
+	umul	a_6,b_0,t_1	!mul_add_c(a[6],b[0],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3
+	umul	a_5,b_1,t_1	!=!mul_add_c(a[5],b[1],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_4,b_2,t_1	!mul_add_c(a[4],b[2],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	umul	a_3,b_3,t_1	!mul_add_c(a[3],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2		!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_2,b_4,t_1	!mul_add_c(a[2],b[4],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	ld	bp(6),b_6
+	addx	c_3,%g0,c_3	!=
+	umul	a_1,b_5,t_1	!mul_add_c(a[1],b[5],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	ld	bp(7),b_7
+	umul	a_0,b_6,t_1	!mul_add_c(a[0],b[6],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	st	c_1,rp(6)	!r[6]=c1;
+	addx	c_3,%g0,c_3	!=
+
+	umul	a_0,b_7,t_1	!mul_add_c(a[0],b[7],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	%g0,%g0,c_1
+	umul	a_1,b_6,t_1	!mul_add_c(a[1],b[6],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_2,b_5,t_1	!mul_add_c(a[2],b[5],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_3,b_4,t_1	!=!mul_add_c(a[3],b[4],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	umul	a_4,b_3,t_1	!mul_add_c(a[4],b[3],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_5,b_2,t_1	!mul_add_c(a[5],b[2],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	ld	ap(7),a_7
+	umul	a_6,b_1,t_1	!=!mul_add_c(a[6],b[1],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	umul	a_7,b_0,t_1	!mul_add_c(a[7],b[0],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	st	c_2,rp(7)	!r[7]=c2;
+
+	umul	a_7,b_1,t_1	!mul_add_c(a[7],b[1],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	umul	a_6,b_2,t_1	!=!mul_add_c(a[6],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	umul	a_5,b_3,t_1	!mul_add_c(a[5],b[3],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	umul	a_4,b_4,t_1	!mul_add_c(a[4],b[4],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_3,b_5,t_1	!mul_add_c(a[3],b[5],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_2,b_6,t_1	!=!mul_add_c(a[2],b[6],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	umul	a_1,b_7,t_1	!mul_add_c(a[1],b[7],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!
+	addx	c_2,%g0,c_2
+	st	c_3,rp(8)	!r[8]=c3;
+
+	umul	a_2,b_7,t_1	!mul_add_c(a[2],b[7],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3
+	umul	a_3,b_6,t_1	!=!mul_add_c(a[3],b[6],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_4,b_5,t_1	!mul_add_c(a[4],b[5],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	umul	a_5,b_4,t_1	!mul_add_c(a[5],b[4],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2		!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_6,b_3,t_1	!mul_add_c(a[6],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_7,b_2,t_1	!=!mul_add_c(a[7],b[2],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(9)	!r[9]=c1;
+
+	umul	a_7,b_3,t_1	!mul_add_c(a[7],b[3],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	umul	a_6,b_4,t_1	!mul_add_c(a[6],b[4],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_5,b_5,t_1	!=!mul_add_c(a[5],b[5],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	umul	a_4,b_6,t_1	!mul_add_c(a[4],b[6],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_3,b_7,t_1	!mul_add_c(a[3],b[7],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	st	c_2,rp(10)	!r[10]=c2;
+
+	umul	a_4,b_7,t_1	!=!mul_add_c(a[4],b[7],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2	!=
+	umul	a_5,b_6,t_1	!mul_add_c(a[5],b[6],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	umul	a_6,b_5,t_1	!mul_add_c(a[6],b[5],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_7,b_4,t_1	!mul_add_c(a[7],b[4],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(11)	!r[11]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_7,b_5,t_1	!mul_add_c(a[7],b[5],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	%g0,%g0,c_3
+	umul	a_6,b_6,t_1	!mul_add_c(a[6],b[6],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2		!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_5,b_7,t_1	!mul_add_c(a[5],b[7],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	st	c_1,rp(12)	!r[12]=c1;
+	addx	c_3,%g0,c_3	!=
+
+	umul	a_6,b_7,t_1	!mul_add_c(a[6],b[7],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	%g0,%g0,c_1
+	umul	a_7,b_6,t_1	!mul_add_c(a[7],b[6],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	st	c_2,rp(13)	!r[13]=c2;
+
+	umul	a_7,b_7,t_1	!=!mul_add_c(a[7],b[7],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	nop			!=
+	st	c_3,rp(14)	!r[14]=c3;
+	st	c_1,rp(15)	!r[15]=c1;
+
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_mul_comba8,#function
+.size	bn_mul_comba8,(.-bn_mul_comba8)
+
+.align	32
+
+.global bn_mul_comba4
+/*
+ * void bn_mul_comba4(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba4:
+	save	%sp,FRAME_SIZE,%sp
+	ld	ap(0),a_0
+	ld	bp(0),b_0
+	umul	a_0,b_0,c_1	!=!mul_add_c(a[0],b[0],c1,c2,c3);
+	ld	bp(1),b_1
+	rd	%y,c_2
+	st	c_1,rp(0)	!r[0]=c1;
+
+	umul	a_0,b_1,t_1	!=!mul_add_c(a[0],b[1],c2,c3,c1);
+	ld	ap(1),a_1
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	%g0,t_2,c_3
+	addx	%g0,%g0,c_1
+	ld	ap(2),a_2
+	umul	a_1,b_0,t_1	!=!mul_add_c(a[1],b[0],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	st	c_2,rp(1)	!r[1]=c2;
+
+	umul	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	ld	bp(2),b_2
+	umul	a_1,b_1,t_1	!=!mul_add_c(a[1],b[1],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	ld	bp(3),b_3
+	umul	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	st	c_3,rp(2)	!r[2]=c3;
+
+	umul	a_0,b_3,t_1	!=!mul_add_c(a[0],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3	!=
+	umul	a_1,b_2,t_1	!mul_add_c(a[1],b[2],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	ld	ap(3),a_3
+	umul	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_3,b_0,t_1	!=!mul_add_c(a[3],b[0],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(3)	!r[3]=c1;
+
+	umul	a_3,b_1,t_1	!mul_add_c(a[3],b[1],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	umul	a_2,b_2,t_1	!mul_add_c(a[2],b[2],c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	umul	a_1,b_3,t_1	!=!mul_add_c(a[1],b[3],c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	st	c_2,rp(4)	!r[4]=c2;
+
+	umul	a_2,b_3,t_1	!mul_add_c(a[2],b[3],c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	umul	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(5)	!r[5]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_3,b_3,t_1	!mul_add_c(a[3],b[3],c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	st	c_1,rp(6)	!r[6]=c1;
+	st	c_2,rp(7)	!r[7]=c2;
+	
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_mul_comba4,#function
+.size	bn_mul_comba4,(.-bn_mul_comba4)
+
+.align	32
+
+.global bn_sqr_comba8
+bn_sqr_comba8:
+	save	%sp,FRAME_SIZE,%sp
+	ld	ap(0),a_0
+	ld	ap(1),a_1
+	umul	a_0,a_0,c_1	!=!sqr_add_c(a,0,c1,c2,c3);
+	rd	%y,c_2
+	st	c_1,rp(0)	!r[0]=c1;
+
+	ld	ap(2),a_2
+	umul	a_0,a_1,t_1	!=!sqr_add_c2(a,1,0,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	%g0,t_2,c_3
+	addx	%g0,%g0,c_1	!=
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3
+	st	c_2,rp(1)	!r[1]=c2;
+	addx	c_1,%g0,c_1	!=
+
+	umul	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	%g0,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	ld	ap(3),a_3
+	umul	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	st	c_3,rp(2)	!r[2]=c3;
+
+	umul	a_0,a_3,t_1	!=!sqr_add_c2(a,3,0,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3	!=
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	ld	ap(4),a_4
+	addx	c_3,%g0,c_3	!=
+	umul	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(3)	!r[3]=c1;
+
+	umul	a_4,a_0,t_1	!sqr_add_c2(a,4,0,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	ld	ap(5),a_5
+	umul	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	st	c_2,rp(4)	!r[4]=c2;
+	addx	c_1,%g0,c_1	!=
+
+	umul	a_0,a_5,t_1	!sqr_add_c2(a,5,0,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	%g0,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	umul	a_1,a_4,t_1	!sqr_add_c2(a,4,1,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	ld	ap(6),a_6
+	umul	a_2,a_3,t_1	!sqr_add_c2(a,3,2,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	st	c_3,rp(5)	!r[5]=c3;
+
+	umul	a_6,a_0,t_1	!sqr_add_c2(a,6,0,c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	%g0,%g0,c_3
+	addcc	c_1,t_1,c_1	!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_5,a_1,t_1	!sqr_add_c2(a,5,1,c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1	!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	umul	a_4,a_2,t_1	!sqr_add_c2(a,4,2,c1,c2,c3);
+	addcc	c_1,t_1,c_1	!=
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1	!=
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3
+	ld	ap(7),a_7
+	umul	a_3,a_3,t_1	!=!sqr_add_c(a,3,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(6)	!r[6]=c1;
+
+	umul	a_0,a_7,t_1	!sqr_add_c2(a,7,0,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_1,a_6,t_1	!sqr_add_c2(a,6,1,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_2,a_5,t_1	!sqr_add_c2(a,5,2,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_3,a_4,t_1	!sqr_add_c2(a,4,3,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	st	c_2,rp(7)	!r[7]=c2;
+
+	umul	a_7,a_1,t_1	!sqr_add_c2(a,7,1,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	addcc	c_3,t_1,c_3	!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_6,a_2,t_1	!sqr_add_c2(a,6,2,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	addcc	c_3,t_1,c_3	!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_5,a_3,t_1	!sqr_add_c2(a,5,3,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	addcc	c_3,t_1,c_3	!=
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_4,a_4,t_1	!sqr_add_c(a,4,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(8)	!r[8]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_2,a_7,t_1	!sqr_add_c2(a,7,2,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	%g0,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_3,a_6,t_1	!sqr_add_c2(a,6,3,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_4,a_5,t_1	!sqr_add_c2(a,5,4,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(9)	!r[9]=c1;
+
+	umul	a_7,a_3,t_1	!sqr_add_c2(a,7,3,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_6,a_4,t_1	!sqr_add_c2(a,6,4,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_5,a_5,t_1	!sqr_add_c(a,5,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	st	c_2,rp(10)	!r[10]=c2;
+
+	umul	a_4,a_7,t_1	!=!sqr_add_c2(a,7,4,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2	!=
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2
+	umul	a_5,a_6,t_1	!=!sqr_add_c2(a,6,5,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	c_2,%g0,c_2	!=
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(11)	!r[11]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_7,a_5,t_1	!sqr_add_c2(a,7,5,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	%g0,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_6,a_6,t_1	!sqr_add_c(a,6,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	st	c_1,rp(12)	!r[12]=c1;
+
+	umul	a_6,a_7,t_1	!sqr_add_c2(a,7,6,c2,c3,c1);
+	addcc	c_2,t_1,c_2	!=
+	rd	%y,t_2
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2	!=
+	addxcc	c_3,t_2,c_3
+	st	c_2,rp(13)	!r[13]=c2;
+	addx	c_1,%g0,c_1	!=
+
+	umul	a_7,a_7,t_1	!sqr_add_c(a,7,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1	!=
+	st	c_3,rp(14)	!r[14]=c3;
+	st	c_1,rp(15)	!r[15]=c1;
+
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_sqr_comba8,#function
+.size	bn_sqr_comba8,(.-bn_sqr_comba8)
+
+.align	32
+
+.global bn_sqr_comba4
+/*
+ * void bn_sqr_comba4(r,a)
+ * BN_ULONG *r,*a;
+ */
+bn_sqr_comba4:
+	save	%sp,FRAME_SIZE,%sp
+	ld	ap(0),a_0
+	umul	a_0,a_0,c_1	!sqr_add_c(a,0,c1,c2,c3);
+	ld	ap(1),a_1	!=
+	rd	%y,c_2
+	st	c_1,rp(0)	!r[0]=c1;
+
+	ld	ap(2),a_2
+	umul	a_0,a_1,t_1	!=!sqr_add_c2(a,1,0,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2
+	addxcc	%g0,t_2,c_3
+	addx	%g0,%g0,c_1	!=
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1	!=
+	st	c_2,rp(1)	!r[1]=c2;
+
+	umul	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2		!=
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1	!=
+	addx	c_2,%g0,c_2
+	ld	ap(3),a_3
+	umul	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
+	addcc	c_3,t_1,c_3	!=
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(2)	!r[2]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_0,a_3,t_1	!sqr_add_c2(a,3,0,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	%g0,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	umul	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	addx	c_3,%g0,c_3
+	addcc	c_1,t_1,c_1
+	addxcc	c_2,t_2,c_2
+	addx	c_3,%g0,c_3	!=
+	st	c_1,rp(3)	!r[3]=c1;
+
+	umul	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	%g0,%g0,c_1
+	addcc	c_2,t_1,c_2
+	addxcc	c_3,t_2,c_3	!=
+	addx	c_1,%g0,c_1
+	umul	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
+	addcc	c_2,t_1,c_2
+	rd	%y,t_2		!=
+	addxcc	c_3,t_2,c_3
+	addx	c_1,%g0,c_1
+	st	c_2,rp(4)	!r[4]=c2;
+
+	umul	a_2,a_3,t_1	!=!sqr_add_c2(a,3,2,c3,c1,c2);
+	addcc	c_3,t_1,c_3
+	rd	%y,t_2
+	addxcc	c_1,t_2,c_1
+	addx	%g0,%g0,c_2	!=
+	addcc	c_3,t_1,c_3
+	addxcc	c_1,t_2,c_1
+	st	c_3,rp(5)	!r[5]=c3;
+	addx	c_2,%g0,c_2	!=
+
+	umul	a_3,a_3,t_1	!sqr_add_c(a,3,c1,c2,c3);
+	addcc	c_1,t_1,c_1
+	rd	%y,t_2
+	addxcc	c_2,t_2,c_2	!=
+	st	c_1,rp(6)	!r[6]=c1;
+	st	c_2,rp(7)	!r[7]=c2;
+	
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_sqr_comba4,#function
+.size	bn_sqr_comba4,(.-bn_sqr_comba4)
+
+.align	32
diff --git a/crypto/bn/asm/sparcv8plus.S b/crypto/bn/asm/sparcv8plus.S
new file mode 100644
index 0000000000..0074dfdb75
--- /dev/null
+++ b/crypto/bn/asm/sparcv8plus.S
@@ -0,0 +1,1535 @@
+.ident	"sparcv8plus.s, Version 1.4"
+.ident	"SPARC v9 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+
+/*
+ * ====================================================================
+ * Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contributon to OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is
+ * a drop-in UltraSPARC ISA replacement for crypto/bn/bn_asm.c
+ * module. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * Questions-n-answers.
+ *
+ * Q. How to compile?
+ * A. With SC4.x/SC5.x:
+ *
+ *	cc -xarch=v8plus -c bn_asm.sparc.v8plus.S -o bn_asm.o
+ *
+ *    and with gcc:
+ *
+ *	gcc -mcpu=ultrasparc -c bn_asm.sparc.v8plus.S -o bn_asm.o
+ *
+ *    or if above fails (it does if you have gas installed):
+ *
+ *	gcc -E bn_asm.sparc.v8plus.S | as -xarch=v8plus /dev/fd/0 -o bn_asm.o
+ *
+ *    Quick-n-dirty way to fuse the module into the library.
+ *    Provided that the library is already configured and built
+ *    (in 0.9.2 case with no-asm option):
+ *
+ *	# cd crypto/bn
+ *	# cp /some/place/bn_asm.sparc.v8plus.S .
+ *	# cc -xarch=v8plus -c bn_asm.sparc.v8plus.S -o bn_asm.o
+ *	# make
+ *	# cd ../..
+ *	# make; make test
+ *
+ *    Quick-n-dirty way to get rid of it:
+ *
+ *	# cd crypto/bn
+ *	# touch bn_asm.c
+ *	# make
+ *	# cd ../..
+ *	# make; make test
+ *
+ * Q. V8plus achitecture? What kind of beast is that?
+ * A. Well, it's rather a programming model than an architecture...
+ *    It's actually v9-compliant, i.e. *any* UltraSPARC, CPU under
+ *    special conditions, namely when kernel doesn't preserve upper
+ *    32 bits of otherwise 64-bit registers during a context switch.
+ *
+ * Q. Why just UltraSPARC? What about SuperSPARC?
+ * A. Original release did target UltraSPARC only. Now SuperSPARC
+ *    version is provided along. Both version share bn_*comba[48]
+ *    implementations (see comment later in code for explanation).
+ *    But what's so special about this UltraSPARC implementation?
+ *    Why didn't I let compiler do the job? Trouble is that most of
+ *    available compilers (well, SC5.0 is the only exception) don't
+ *    attempt to take advantage of UltraSPARC's 64-bitness under
+ *    32-bit kernels even though it's perfectly possible (see next
+ *    question).
+ *
+ * Q. 64-bit registers under 32-bit kernels? Didn't you just say it
+ *    doesn't work?
+ * A. You can't adress *all* registers as 64-bit wide:-( The catch is
+ *    that you actually may rely upon %o0-%o5 and %g1-%g4 being fully
+ *    preserved if you're in a leaf function, i.e. such never calling
+ *    any other functions. All functions in this module are leaf and
+ *    10 registers is a handful. And as a matter of fact none-"comba"
+ *    routines don't require even that much and I could even afford to
+ *    not allocate own stack frame for 'em:-)
+ *
+ * Q. What about 64-bit kernels?
+ * A. What about 'em? Just kidding:-) Pure 64-bit version is currently
+ *    under evaluation and development...
+ *
+ * Q. What about shared libraries?
+ * A. What about 'em? Kidding again:-) Code does *not* contain any
+ *    code position dependencies and it's safe to include it into
+ *    shared library as is.
+ *
+ * Q. How much faster does it go?
+ * A. Do you have a good benchmark? In either case below is what I
+ *    experience with crypto/bn/expspeed.c test program:
+ *
+ *	v8plus module on U10/300MHz against bn_asm.c compiled with:
+ *
+ *	cc-5.0 -xarch=v8plus -xO5 -xdepend	+7-12%
+ *	cc-4.2 -xarch=v8plus -xO5 -xdepend	+25-35%
+ *	egcs-1.1.2 -mcpu=ultrasparc -O3		+35-45%
+ *
+ *	v8 module on SS10/60MHz against bn_asm.c compiled with:
+ *
+ *	cc-5.0 -xarch=v8 -xO5 -xdepend		+7-10%
+ *	cc-4.2 -xarch=v8 -xO5 -xdepend		+10%
+ *	egcs-1.1.2 -mv8 -O3			+35-45%
+ *
+ *    As you can see it's damn hard to beat the new Sun C compiler
+ *    and it's in first place GNU C users who will appreciate this
+ *    assembler implementation:-)	
+ */
+
+/*
+ * Revision history.
+ *
+ * 1.0	- initial release;
+ * 1.1	- new loop unrolling model(*);
+ *	- some more fine tuning;
+ * 1.2	- made gas friendly;
+ *	- updates to documentation concerning v9;
+ *	- new performance comparison matrix;
+ * 1.3	- fixed problem with /usr/ccs/lib/cpp;
+ * 1.4	- native V9 bn_*_comba[48] implementation (15% more efficient)
+ *	  resulting in slight overall performance kick;
+ *	- some retunes;
+ *	- support for GNU as added;
+ *
+ * (*)	Originally unrolled loop looked like this:
+ *	    for (;;) {
+ *		op(p+0); if (--n==0) break;
+ *		op(p+1); if (--n==0) break;
+ *		op(p+2); if (--n==0) break;
+ *		op(p+3); if (--n==0) break;
+ *		p+=4;
+ *	    }
+ *	I unroll according to following:
+ *	    while (n&~3) {
+ *		op(p+0); op(p+1); op(p+2); op(p+3);
+ *		p+=4; n=-4;
+ *	    }
+ *	    if (n) {
+ *		op(p+0); if (--n==0) return;
+ *		op(p+2); if (--n==0) return;
+ *		op(p+3); return;
+ *	    }
+ */
+
+/*
+ * GNU assembler can't stand stuw:-(
+ */
+#define stuw st
+
+.section	".text",#alloc,#execinstr
+.file		"bn_asm.sparc.v8plus.S"
+
+.align	32
+
+.global bn_mul_add_words
+/*
+ * BN_ULONG bn_mul_add_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_add_words:
+	brgz,a	%o2,.L_bn_mul_add_words_proceed
+	lduw	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_mul_add_words_proceed:
+	srl	%o3,%g0,%o3	! clruw	%o3
+	andcc	%o2,-4,%g0
+	bz,pn	%icc,.L_bn_mul_add_words_tail
+	clr	%o5
+
+.L_bn_mul_add_words_loop:	! wow! 32 aligned!
+	lduw	[%o0],%g1
+	lduw	[%o1+4],%g3
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	nop
+	add	%o4,%g2,%o4
+	stuw	%o4,[%o0]
+	srlx	%o4,32,%o5
+
+	lduw	[%o0+4],%g1
+	lduw	[%o1+8],%g2
+	mulx	%o3,%g3,%g3
+	add	%g1,%o5,%o4
+	dec	4,%o2
+	add	%o4,%g3,%o4
+	stuw	%o4,[%o0+4]
+	srlx	%o4,32,%o5
+
+	lduw	[%o0+8],%g1
+	lduw	[%o1+12],%g3
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	inc	16,%o1
+	add	%o4,%g2,%o4
+	stuw	%o4,[%o0+8]
+	srlx	%o4,32,%o5
+
+	lduw	[%o0+12],%g1
+	mulx	%o3,%g3,%g3
+	add	%g1,%o5,%o4
+	inc	16,%o0
+	add	%o4,%g3,%o4
+	andcc	%o2,-4,%g0
+	stuw	%o4,[%o0-4]
+	srlx	%o4,32,%o5
+	bnz,a,pt	%icc,.L_bn_mul_add_words_loop
+	lduw	[%o1],%g2
+
+	brnz,a,pn	%o2,.L_bn_mul_add_words_tail
+	lduw	[%o1],%g2
+.L_bn_mul_add_words_return:
+	retl
+	mov	%o5,%o0
+
+.L_bn_mul_add_words_tail:
+	lduw	[%o0],%g1
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	dec	%o2
+	add	%o4,%g2,%o4
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_mul_add_words_return
+	stuw	%o4,[%o0]
+
+	lduw	[%o1+4],%g2
+	lduw	[%o0+4],%g1
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	dec	%o2
+	add	%o4,%g2,%o4
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_mul_add_words_return
+	stuw	%o4,[%o0+4]
+
+	lduw	[%o1+8],%g2
+	lduw	[%o0+8],%g1
+	mulx	%o3,%g2,%g2
+	add	%g1,%o5,%o4
+	add	%o4,%g2,%o4
+	stuw	%o4,[%o0+8]
+	retl
+	srlx	%o4,32,%o0
+
+.type	bn_mul_add_words,#function
+.size	bn_mul_add_words,(.-bn_mul_add_words)
+
+.align	32
+
+.global bn_mul_words
+/*
+ * BN_ULONG bn_mul_words(rp,ap,num,w)
+ * BN_ULONG *rp,*ap;
+ * int num;
+ * BN_ULONG w;
+ */
+bn_mul_words:
+	brgz,a	%o2,.L_bn_mul_words_proceeed
+	lduw	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_mul_words_proceeed:
+	srl	%o3,%g0,%o3	! clruw	%o3
+	andcc	%o2,-4,%g0
+	bz,pn	%icc,.L_bn_mul_words_tail
+	clr	%o5
+
+.L_bn_mul_words_loop:		! wow! 32 aligned!
+	lduw	[%o1+4],%g3
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	nop
+	stuw	%o4,[%o0]
+	srlx	%o4,32,%o5
+
+	lduw	[%o1+8],%g2
+	mulx	%o3,%g3,%g3
+	add	%g3,%o5,%o4
+	dec	4,%o2
+	stuw	%o4,[%o0+4]
+	srlx	%o4,32,%o5
+
+	lduw	[%o1+12],%g3
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	inc	16,%o1
+	stuw	%o4,[%o0+8]
+	srlx	%o4,32,%o5
+
+	mulx	%o3,%g3,%g3
+	add	%g3,%o5,%o4
+	inc	16,%o0
+	stuw	%o4,[%o0-4]
+	srlx	%o4,32,%o5
+	andcc	%o2,-4,%g0
+	bnz,a,pt	%icc,.L_bn_mul_words_loop
+	lduw	[%o1],%g2
+	nop
+	nop
+
+	brnz,a,pn	%o2,.L_bn_mul_words_tail
+	lduw	[%o1],%g2
+.L_bn_mul_words_return:
+	retl
+	mov	%o5,%o0
+
+.L_bn_mul_words_tail:
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	dec	%o2
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_mul_words_return
+	stuw	%o4,[%o0]
+
+	lduw	[%o1+4],%g2
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	dec	%o2
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_mul_words_return
+	stuw	%o4,[%o0+4]
+
+	lduw	[%o1+8],%g2
+	mulx	%o3,%g2,%g2
+	add	%g2,%o5,%o4
+	stuw	%o4,[%o0+8]
+	retl
+	srlx	%o4,32,%o0
+
+.type	bn_mul_words,#function
+.size	bn_mul_words,(.-bn_mul_words)
+
+.align  32
+.global	bn_sqr_words
+/*
+ * void bn_sqr_words(r,a,n)
+ * BN_ULONG *r,*a;
+ * int n;
+ */
+bn_sqr_words:
+	brgz,a	%o2,.L_bn_sqr_words_proceeed
+	lduw	[%o1],%g2
+	retl
+	clr	%o0
+
+.L_bn_sqr_words_proceeed:
+	andcc	%o2,-4,%g0
+	nop
+	bz,pn	%icc,.L_bn_sqr_words_tail
+	nop
+
+.L_bn_sqr_words_loop:		! wow! 32 aligned!
+	lduw	[%o1+4],%g3
+	mulx	%g2,%g2,%o4
+	stuw	%o4,[%o0]
+	srlx	%o4,32,%o5
+	stuw	%o5,[%o0+4]
+	nop
+
+	lduw	[%o1+8],%g2
+	mulx	%g3,%g3,%o4
+	dec	4,%o2
+	stuw	%o4,[%o0+8]
+	srlx	%o4,32,%o5
+	stuw	%o5,[%o0+12]
+
+	lduw	[%o1+12],%g3
+	mulx	%g2,%g2,%o4
+	srlx	%o4,32,%o5
+	stuw	%o4,[%o0+16]
+	inc	16,%o1
+	stuw	%o5,[%o0+20]
+
+	mulx	%g3,%g3,%o4
+	inc	32,%o0
+	stuw	%o4,[%o0-8]
+	srlx	%o4,32,%o5
+	andcc	%o2,-4,%g2
+	stuw	%o5,[%o0-4]
+	bnz,a,pt	%icc,.L_bn_sqr_words_loop
+	lduw	[%o1],%g2
+	nop
+
+	brnz,a,pn	%o2,.L_bn_sqr_words_tail
+	lduw	[%o1],%g2
+.L_bn_sqr_words_return:
+	retl
+	clr	%o0
+
+.L_bn_sqr_words_tail:
+	mulx	%g2,%g2,%o4
+	dec	%o2
+	stuw	%o4,[%o0]
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_sqr_words_return
+	stuw	%o5,[%o0+4]
+
+	lduw	[%o1+4],%g2
+	mulx	%g2,%g2,%o4
+	dec	%o2
+	stuw	%o4,[%o0+8]
+	srlx	%o4,32,%o5
+	brz,pt	%o2,.L_bn_sqr_words_return
+	stuw	%o5,[%o0+12]
+
+	lduw	[%o1+8],%g2
+	mulx	%g2,%g2,%o4
+	srlx	%o4,32,%o5
+	stuw	%o4,[%o0+16]
+	stuw	%o5,[%o0+20]
+	retl
+	clr	%o0
+
+.type	bn_sqr_words,#function
+.size	bn_sqr_words,(.-bn_sqr_words)
+
+.align	32
+.global bn_div_words
+/*
+ * BN_ULONG bn_div_words(h,l,d)
+ * BN_ULONG h,l,d;
+ */
+bn_div_words:
+	sllx	%o0,32,%o0
+	or	%o0,%o1,%o0
+	udivx	%o0,%o2,%o0
+	retl
+	srl	%o0,%g0,%o0	! clruw	%o0
+
+.type	bn_div_words,#function
+.size	bn_div_words,(.-bn_div_words)
+
+.align	32
+
+.global bn_add_words
+/*
+ * BN_ULONG bn_add_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_add_words:
+	brgz,a	%o3,.L_bn_add_words_proceed
+	lduw	[%o1],%o4
+	retl
+	clr	%o0
+
+.L_bn_add_words_proceed:
+	andcc	%o3,-4,%g0
+	bz,pn	%icc,.L_bn_add_words_tail
+	addcc	%g0,0,%g0	! clear carry flag
+	nop
+
+.L_bn_add_words_loop:		! wow! 32 aligned!
+	dec	4,%o3
+	lduw	[%o2],%o5
+	lduw	[%o1+4],%g1
+	lduw	[%o2+4],%g2
+	lduw	[%o1+8],%g3
+	lduw	[%o2+8],%g4
+	addccc	%o5,%o4,%o5
+	stuw	%o5,[%o0]
+
+	lduw	[%o1+12],%o4
+	lduw	[%o2+12],%o5
+	inc	16,%o1
+	addccc	%g1,%g2,%g1
+	stuw	%g1,[%o0+4]
+	
+	inc	16,%o2
+	addccc	%g3,%g4,%g3
+	stuw	%g3,[%o0+8]
+
+	inc	16,%o0
+	addccc	%o5,%o4,%o5
+	stuw	%o5,[%o0-4]
+	and	%o3,-4,%g1
+	brnz,a,pt	%g1,.L_bn_add_words_loop
+	lduw	[%o1],%o4
+
+	brnz,a,pn	%o3,.L_bn_add_words_tail
+	lduw	[%o1],%o4
+.L_bn_add_words_return:
+	clr	%o0
+	retl
+	movcs	%icc,1,%o0
+	nop
+
+.L_bn_add_words_tail:
+	lduw	[%o2],%o5
+	dec	%o3
+	addccc	%o5,%o4,%o5
+	brz,pt	%o3,.L_bn_add_words_return
+	stuw	%o5,[%o0]
+
+	lduw	[%o1+4],%o4
+	lduw	[%o2+4],%o5
+	dec	%o3
+	addccc	%o5,%o4,%o5
+	brz,pt	%o3,.L_bn_add_words_return
+	stuw	%o5,[%o0+4]
+
+	lduw	[%o1+8],%o4
+	lduw	[%o2+8],%o5
+	addccc	%o5,%o4,%o5
+	stuw	%o5,[%o0+8]
+	clr	%o0
+	retl
+	movcs	%icc,1,%o0
+
+.type	bn_add_words,#function
+.size	bn_add_words,(.-bn_add_words)
+
+.global bn_sub_words
+/*
+ * BN_ULONG bn_sub_words(rp,ap,bp,n)
+ * BN_ULONG *rp,*ap,*bp;
+ * int n;
+ */
+bn_sub_words:
+	brgz,a	%o3,.L_bn_sub_words_proceed
+	lduw	[%o1],%o4
+	retl
+	clr	%o0
+
+.L_bn_sub_words_proceed:
+	andcc	%o3,-4,%g0
+	bz,pn	%icc,.L_bn_sub_words_tail
+	addcc	%g0,0,%g0	! clear carry flag
+	nop
+
+.L_bn_sub_words_loop:		! wow! 32 aligned!
+	dec	4,%o3
+	lduw	[%o2],%o5
+	lduw	[%o1+4],%g1
+	lduw	[%o2+4],%g2
+	lduw	[%o1+8],%g3
+	lduw	[%o2+8],%g4
+	subccc	%o4,%o5,%o5
+	stuw	%o5,[%o0]
+
+	lduw	[%o1+12],%o4
+	lduw	[%o2+12],%o5
+	inc	16,%o1
+	subccc	%g1,%g2,%g2
+	stuw	%g2,[%o0+4]
+
+	inc	16,%o2
+	subccc	%g3,%g4,%g4
+	stuw	%g4,[%o0+8]
+
+	inc	16,%o0
+	subccc	%o4,%o5,%o5
+	stuw	%o5,[%o0-4]
+	and	%o3,-4,%g1
+	brnz,a,pt	%g1,.L_bn_sub_words_loop
+	lduw	[%o1],%o4
+
+	brnz,a,pn	%o3,.L_bn_sub_words_tail
+	lduw	[%o1],%o4
+.L_bn_sub_words_return:
+	clr	%o0
+	retl
+	movcs	%icc,1,%o0
+	nop
+
+.L_bn_sub_words_tail:		! wow! 32 aligned!
+	lduw	[%o2],%o5
+	dec	%o3
+	subccc	%o4,%o5,%o5
+	brz,pt	%o3,.L_bn_sub_words_return
+	stuw	%o5,[%o0]
+
+	lduw	[%o1+4],%o4
+	lduw	[%o2+4],%o5
+	dec	%o3
+	subccc	%o4,%o5,%o5
+	brz,pt	%o3,.L_bn_sub_words_return
+	stuw	%o5,[%o0+4]
+
+	lduw	[%o1+8],%o4
+	lduw	[%o2+8],%o5
+	subccc	%o4,%o5,%o5
+	stuw	%o5,[%o0+8]
+	clr	%o0
+	retl
+	movcs	%icc,1,%o0
+
+.type	bn_sub_words,#function
+.size	bn_sub_words,(.-bn_sub_words)
+
+/*
+ * Code below depends on the fact that upper parts of the %l0-%l7
+ * and %i0-%i7 are zeroed by kernel after context switch. In
+ * previous versions this comment stated that "the trouble is that
+ * it's not feasible to implement the mumbo-jumbo in less V9
+ * instructions:-(" which apparently isn't true thanks to
+ * 'bcs,a %xcc,.+8; inc %rd' pair. But the performance improvement
+ * results not from the shorter code, but from elimination of
+ * multicycle none-pairable 'rd %y,%rd' instructions.
+ *
+ *							Andy.
+ */
+
+#define FRAME_SIZE	-96
+
+/*
+ * Here is register usage map for *all* routines below.
+ */
+#define t_1	%o0
+#define	t_2	%o1
+#define c_12	%o2
+#define c_3	%o3
+
+#define ap(I)	[%i1+4*I]
+#define bp(I)	[%i2+4*I]
+#define rp(I)	[%i0+4*I]
+
+#define	a_0	%l0
+#define	a_1	%l1
+#define	a_2	%l2
+#define	a_3	%l3
+#define	a_4	%l4
+#define	a_5	%l5
+#define	a_6	%l6
+#define	a_7	%l7
+
+#define	b_0	%i3
+#define	b_1	%i4
+#define	b_2	%i5
+#define	b_3	%o4
+#define	b_4	%o5
+#define	b_5	%o7
+#define	b_6	%g1
+#define	b_7	%g4
+
+.align	32
+.global bn_mul_comba8
+/*
+ * void bn_mul_comba8(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba8:
+	save	%sp,FRAME_SIZE,%sp
+	mov	1,t_2
+	lduw	ap(0),a_0
+	sllx	t_2,32,t_2
+	lduw	bp(0),b_0	!=
+	lduw	bp(1),b_1
+	mulx	a_0,b_0,t_1	!mul_add_c(a[0],b[0],c1,c2,c3);
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(0)	!=!r[0]=c1;
+
+	lduw	ap(1),a_1
+	mulx	a_0,b_1,t_1	!mul_add_c(a[0],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3		!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(2),a_2
+	mulx	a_1,b_0,t_1	!=!mul_add_c(a[1],b[0],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(1)	!r[1]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
+	addcc	c_12,t_1,c_12	!=
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	bp(2),b_2	!=
+	mulx	a_1,b_1,t_1	!mul_add_c(a[1],b[1],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	lduw	bp(3),b_3
+	mulx	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(2)	!r[2]=c3;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_0,b_3,t_1	!mul_add_c(a[0],b[3],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_1,b_2,t_1	!=!mul_add_c(a[1],b[2],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	lduw	ap(3),a_3
+	mulx	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
+	addcc	c_12,t_1,c_12	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(4),a_4
+	mulx	a_3,b_0,t_1	!=!mul_add_c(a[3],b[0],c1,c2,c3);!=
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(3)	!r[3]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_4,b_0,t_1	!mul_add_c(a[4],b[0],c2,c3,c1);
+	addcc	c_12,t_1,c_12	!=
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,b_1,t_1	!=!mul_add_c(a[3],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,b_2,t_1	!=!mul_add_c(a[2],b[2],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	bp(4),b_4	!=
+	mulx	a_1,b_3,t_1	!mul_add_c(a[1],b[3],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	lduw	bp(5),b_5
+	mulx	a_0,b_4,t_1	!mul_add_c(a[0],b[4],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(4)	!r[4]=c2;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_0,b_5,t_1	!mul_add_c(a[0],b[5],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_1,b_4,t_1	!mul_add_c(a[1],b[4],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_2,b_3,t_1	!mul_add_c(a[2],b[3],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	lduw	ap(5),a_5
+	mulx	a_4,b_1,t_1	!mul_add_c(a[4],b[1],c3,c1,c2);
+	addcc	c_12,t_1,c_12	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(6),a_6
+	mulx	a_5,b_0,t_1	!=!mul_add_c(a[5],b[0],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(5)	!r[5]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_6,b_0,t_1	!mul_add_c(a[6],b[0],c1,c2,c3);
+	addcc	c_12,t_1,c_12	!=
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,b_1,t_1	!=!mul_add_c(a[5],b[1],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_4,b_2,t_1	!=!mul_add_c(a[4],b[2],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,b_3,t_1	!=!mul_add_c(a[3],b[3],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,b_4,t_1	!=!mul_add_c(a[2],b[4],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	bp(6),b_6	!=
+	mulx	a_1,b_5,t_1	!mul_add_c(a[1],b[5],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	lduw	bp(7),b_7
+	mulx	a_0,b_6,t_1	!mul_add_c(a[0],b[6],c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(6)	!r[6]=c1;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_0,b_7,t_1	!mul_add_c(a[0],b[7],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_1,b_6,t_1	!mul_add_c(a[1],b[6],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_2,b_5,t_1	!mul_add_c(a[2],b[5],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_3,b_4,t_1	!mul_add_c(a[3],b[4],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_4,b_3,t_1	!mul_add_c(a[4],b[3],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_2,t_1	!mul_add_c(a[5],b[2],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	lduw	ap(7),a_7
+	mulx	a_6,b_1,t_1	!=!mul_add_c(a[6],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_7,b_0,t_1	!=!mul_add_c(a[7],b[0],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(7)	!r[7]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,b_1,t_1	!=!mul_add_c(a[7],b[1],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_6,b_2,t_1	!mul_add_c(a[6],b[2],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_5,b_3,t_1	!mul_add_c(a[5],b[3],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_4,b_4,t_1	!mul_add_c(a[4],b[4],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_3,b_5,t_1	!mul_add_c(a[3],b[5],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_2,b_6,t_1	!mul_add_c(a[2],b[6],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_1,b_7,t_1	!mul_add_c(a[1],b[7],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(8)	!r[8]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,b_7,t_1	!=!mul_add_c(a[2],b[7],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	mulx	a_3,b_6,t_1	!mul_add_c(a[3],b[6],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_4,b_5,t_1	!mul_add_c(a[4],b[5],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_4,t_1	!mul_add_c(a[5],b[4],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_6,b_3,t_1	!mul_add_c(a[6],b[3],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_7,b_2,t_1	!mul_add_c(a[7],b[2],c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(9)	!r[9]=c1;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_7,b_3,t_1	!mul_add_c(a[7],b[3],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_6,b_4,t_1	!mul_add_c(a[6],b[4],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_5,t_1	!mul_add_c(a[5],b[5],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_4,b_6,t_1	!mul_add_c(a[4],b[6],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_3,b_7,t_1	!mul_add_c(a[3],b[7],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(10)	!r[10]=c2;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_4,b_7,t_1	!mul_add_c(a[4],b[7],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_6,t_1	!mul_add_c(a[5],b[6],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_6,b_5,t_1	!mul_add_c(a[6],b[5],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_7,b_4,t_1	!mul_add_c(a[7],b[4],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(11)	!r[11]=c3;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_7,b_5,t_1	!mul_add_c(a[7],b[5],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_6,b_6,t_1	!mul_add_c(a[6],b[6],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_5,b_7,t_1	!mul_add_c(a[5],b[7],c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(12)	!r[12]=c1;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_6,b_7,t_1	!mul_add_c(a[6],b[7],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_7,b_6,t_1	!mul_add_c(a[7],b[6],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	st	t_1,rp(13)	!r[13]=c2;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_7,b_7,t_1	!mul_add_c(a[7],b[7],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(14)	!r[14]=c3;
+	stuw	c_12,rp(15)	!r[15]=c1;
+
+	ret
+	restore	%g0,%g0,%o0	!=
+
+.type	bn_mul_comba8,#function
+.size	bn_mul_comba8,(.-bn_mul_comba8)
+
+.align	32
+
+.global bn_mul_comba4
+/*
+ * void bn_mul_comba4(r,a,b)
+ * BN_ULONG *r,*a,*b;
+ */
+bn_mul_comba4:
+	save	%sp,FRAME_SIZE,%sp
+	lduw	ap(0),a_0
+	mov	1,t_2
+	lduw	bp(0),b_0
+	sllx	t_2,32,t_2	!=
+	lduw	bp(1),b_1
+	mulx	a_0,b_0,t_1	!mul_add_c(a[0],b[0],c1,c2,c3);
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(0)	!=!r[0]=c1;
+
+	lduw	ap(1),a_1
+	mulx	a_0,b_1,t_1	!mul_add_c(a[0],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3		!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(2),a_2
+	mulx	a_1,b_0,t_1	!=!mul_add_c(a[1],b[0],c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(1)	!r[1]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,b_0,t_1	!mul_add_c(a[2],b[0],c3,c1,c2);
+	addcc	c_12,t_1,c_12	!=
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	bp(2),b_2	!=
+	mulx	a_1,b_1,t_1	!mul_add_c(a[1],b[1],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3	!=
+	lduw	bp(3),b_3
+	mulx	a_0,b_2,t_1	!mul_add_c(a[0],b[2],c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(2)	!r[2]=c3;
+	or	c_12,c_3,c_12	!=
+
+	mulx	a_0,b_3,t_1	!mul_add_c(a[0],b[3],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	mulx	a_1,b_2,t_1	!mul_add_c(a[1],b[2],c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8	!=
+	add	c_3,t_2,c_3
+	lduw	ap(3),a_3
+	mulx	a_2,b_1,t_1	!mul_add_c(a[2],b[1],c1,c2,c3);
+	addcc	c_12,t_1,c_12	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,b_0,t_1	!mul_add_c(a[3],b[0],c1,c2,c3);!=
+	addcc	c_12,t_1,t_1	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(3)	!=!r[3]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_3,b_1,t_1	!mul_add_c(a[3],b[1],c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3		!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,b_2,t_1	!mul_add_c(a[2],b[2],c2,c3,c1);
+	addcc	c_12,t_1,c_12	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_1,b_3,t_1	!mul_add_c(a[1],b[3],c2,c3,c1);
+	addcc	c_12,t_1,t_1	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(4)	!=!r[4]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,b_3,t_1	!mul_add_c(a[2],b[3],c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3		!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,b_2,t_1	!mul_add_c(a[3],b[2],c3,c1,c2);
+	addcc	c_12,t_1,t_1	!=
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(5)	!=!r[5]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_3,b_3,t_1	!mul_add_c(a[3],b[3],c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	srlx	t_1,32,c_12	!=
+	stuw	t_1,rp(6)	!r[6]=c1;
+	stuw	c_12,rp(7)	!r[7]=c2;
+	
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_mul_comba4,#function
+.size	bn_mul_comba4,(.-bn_mul_comba4)
+
+.align	32
+
+.global bn_sqr_comba8
+bn_sqr_comba8:
+	save	%sp,FRAME_SIZE,%sp
+	mov	1,t_2
+	lduw	ap(0),a_0
+	sllx	t_2,32,t_2
+	lduw	ap(1),a_1
+	mulx	a_0,a_0,t_1	!sqr_add_c(a,0,c1,c2,c3);
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(0)	!r[0]=c1;
+
+	lduw	ap(2),a_2
+	mulx	a_0,a_1,t_1	!=!sqr_add_c2(a,1,0,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(1)	!r[1]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(3),a_3
+	mulx	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(2)	!r[2]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_0,a_3,t_1	!sqr_add_c2(a,3,0,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(4),a_4
+	mulx	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	st	t_1,rp(3)	!r[3]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_4,a_0,t_1	!sqr_add_c2(a,4,0,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(5),a_5
+	mulx	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(4)	!r[4]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_0,a_5,t_1	!sqr_add_c2(a,5,0,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_1,a_4,t_1	!sqr_add_c2(a,4,1,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(6),a_6
+	mulx	a_2,a_3,t_1	!sqr_add_c2(a,3,2,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(5)	!r[5]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_6,a_0,t_1	!sqr_add_c2(a,6,0,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,a_1,t_1	!sqr_add_c2(a,5,1,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_4,a_2,t_1	!sqr_add_c2(a,4,2,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(7),a_7
+	mulx	a_3,a_3,t_1	!=!sqr_add_c(a,3,c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(6)	!r[6]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_0,a_7,t_1	!sqr_add_c2(a,7,0,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_1,a_6,t_1	!sqr_add_c2(a,6,1,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,a_5,t_1	!sqr_add_c2(a,5,2,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,a_4,t_1	!sqr_add_c2(a,4,3,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(7)	!r[7]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,a_1,t_1	!sqr_add_c2(a,7,1,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_6,a_2,t_1	!sqr_add_c2(a,6,2,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,a_3,t_1	!sqr_add_c2(a,5,3,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_4,a_4,t_1	!sqr_add_c(a,4,c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(8)	!r[8]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,a_7,t_1	!sqr_add_c2(a,7,2,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_3,a_6,t_1	!sqr_add_c2(a,6,3,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_4,a_5,t_1	!sqr_add_c2(a,5,4,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(9)	!r[9]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,a_3,t_1	!sqr_add_c2(a,7,3,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_6,a_4,t_1	!sqr_add_c2(a,6,4,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,a_5,t_1	!sqr_add_c(a,5,c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(10)	!r[10]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_4,a_7,t_1	!sqr_add_c2(a,7,4,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_5,a_6,t_1	!sqr_add_c2(a,6,5,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(11)	!r[11]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,a_5,t_1	!sqr_add_c2(a,7,5,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_6,a_6,t_1	!sqr_add_c(a,6,c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(12)	!r[12]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_6,a_7,t_1	!sqr_add_c2(a,7,6,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(13)	!r[13]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_7,a_7,t_1	!sqr_add_c(a,7,c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(14)	!r[14]=c3;
+	stuw	c_12,rp(15)	!r[15]=c1;
+
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_sqr_comba8,#function
+.size	bn_sqr_comba8,(.-bn_sqr_comba8)
+
+.align	32
+
+.global bn_sqr_comba4
+/*
+ * void bn_sqr_comba4(r,a)
+ * BN_ULONG *r,*a;
+ */
+bn_sqr_comba4:
+	save	%sp,FRAME_SIZE,%sp
+	mov	1,t_2
+	lduw	ap(0),a_0
+	sllx	t_2,32,t_2
+	lduw	ap(1),a_1
+	mulx	a_0,a_0,t_1	!sqr_add_c(a,0,c1,c2,c3);
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(0)	!r[0]=c1;
+
+	lduw	ap(2),a_2
+	mulx	a_0,a_1,t_1	!sqr_add_c2(a,1,0,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(1)	!r[1]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,a_0,t_1	!sqr_add_c2(a,2,0,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	lduw	ap(3),a_3
+	mulx	a_1,a_1,t_1	!sqr_add_c(a,1,c3,c1,c2);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(2)	!r[2]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_0,a_3,t_1	!sqr_add_c2(a,3,0,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_1,a_2,t_1	!sqr_add_c2(a,2,1,c1,c2,c3);
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(3)	!r[3]=c1;
+	or	c_12,c_3,c_12
+
+	mulx	a_3,a_1,t_1	!sqr_add_c2(a,3,1,c2,c3,c1);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,c_12
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	mulx	a_2,a_2,t_1	!sqr_add_c(a,2,c2,c3,c1);
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(4)	!r[4]=c2;
+	or	c_12,c_3,c_12
+
+	mulx	a_2,a_3,t_1	!sqr_add_c2(a,3,2,c3,c1,c2);
+	addcc	c_12,t_1,c_12
+	clr	c_3
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	addcc	c_12,t_1,t_1
+	bcs,a	%xcc,.+8
+	add	c_3,t_2,c_3
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(5)	!r[5]=c3;
+	or	c_12,c_3,c_12
+
+	mulx	a_3,a_3,t_1	!sqr_add_c(a,3,c1,c2,c3);
+	addcc	c_12,t_1,t_1
+	srlx	t_1,32,c_12
+	stuw	t_1,rp(6)	!r[6]=c1;
+	stuw	c_12,rp(7)	!r[7]=c2;
+	
+	ret
+	restore	%g0,%g0,%o0
+
+.type	bn_sqr_comba4,#function
+.size	bn_sqr_comba4,(.-bn_sqr_comba4)
+
+.align	32
diff --git a/crypto/bn/asm/vms.mar b/crypto/bn/asm/vms.mar
new file mode 100644
index 0000000000..2a752489f5
--- /dev/null
+++ b/crypto/bn/asm/vms.mar
@@ -0,0 +1,6414 @@
+	.title	vax_bn_mul_add_words  unsigned multiply & add, 32*32+32+32=>64
+;
+; w.j.m. 15-jan-1999
+;
+; it's magic ...
+;
+; ULONG bn_mul_add_words(ULONG r[],ULONG a[],int n,ULONG w) {
+;	ULONG c = 0;
+;	int i;
+;	for(i = 0; i < n; i++) <c,r[i]> := r[i] + c + a[i] * w ;
+;	return c;
+; }
+
+r=4 ;(AP)
+a=8 ;(AP)
+n=12 ;(AP)	n	by value (input)
+w=16 ;(AP)	w	by value (input)
+
+
+	.psect	code,nowrt
+
+.entry	bn_mul_add_words,^m<r2,r3,r4,r5,r6>
+
+	moval	@r(ap),r2
+	moval	@a(ap),r3
+	movl	n(ap),r4	; assumed >0 by C code
+	movl	w(ap),r5
+	clrl	r6		; c
+
+0$:
+	emul	r5,(r3),(r2),r0		; w, a[], r[] considered signed
+
+	; fixup for "negative" r[]
+	tstl	(r2)
+	bgeq	10$
+	incl	r1
+10$:
+
+	; add in c
+	addl2	r6,r0
+	adwc	#0,r1
+
+	; combined fixup for "negative" w, a[]
+	tstl	r5
+	bgeq	20$
+	addl2	(r3),r1
+20$:
+	tstl	(r3)
+	bgeq	30$
+	addl2	r5,r1
+30$:
+
+	movl	r0,(r2)+		; store lo result in r[] & advance
+	addl	#4,r3			; advance a[]
+	movl	r1,r6			; store hi result => c
+
+	sobgtr	r4,0$
+
+	movl	r6,r0			; return c
+	ret
+
+	.title	vax_bn_mul_words  unsigned multiply & add, 32*32+32=>64
+;
+; w.j.m. 15-jan-1999
+;
+; it's magic ...
+;
+; ULONG bn_mul_words(ULONG r[],ULONG a[],int n,ULONG w) {
+;	ULONG c = 0;
+;	int i;
+;	for(i = 0; i < num; i++) <c,r[i]> := a[i] * w + c ;
+;	return(c);
+; }
+
+r=4 ;(AP)
+a=8 ;(AP)
+n=12 ;(AP)	n	by value (input)
+w=16 ;(AP)	w	by value (input)
+
+
+	.psect	code,nowrt
+
+.entry	bn_mul_words,^m<r2,r3,r4,r5,r6>
+
+	moval	@r(ap),r2	; r2 -> r[]
+	moval	@a(ap),r3	; r3 -> a[]
+	movl	n(ap),r4	; r4 = loop count (assumed >0 by C code)
+	movl	w(ap),r5	; r5 = w
+	clrl	r6		; r6 = c
+
+0$:
+	; <r1,r0> := w * a[] + c
+	emul	r5,(r3),r6,r0		; w, a[], c considered signed
+
+	; fixup for "negative" c
+	tstl	r6			; c
+	bgeq	10$
+	incl	r1
+10$:
+
+	; combined fixup for "negative" w, a[]
+	tstl	r5			; w
+	bgeq	20$
+	addl2	(r3),r1			; a[]
+20$:
+	tstl	(r3)			; a[]
+	bgeq	30$
+	addl2	r5,r1			; w
+30$:
+
+	movl	r0,(r2)+		; store lo result in r[] & advance
+	addl	#4,r3			; advance a[]
+	movl	r1,r6			; store hi result => c
+
+	sobgtr	r4,0$
+
+	movl	r6,r0			; return c
+	ret
+
+	.title	vax_bn_sqr_words  unsigned square, 32*32=>64
+;
+; w.j.m. 15-jan-1999
+;
+; it's magic ...
+;
+; void bn_sqr_words(ULONG r[],ULONG a[],int n) {
+;	int i;
+;	for(i = 0; i < n; i++) <r[2*i+1],r[2*i]> := a[i] * a[i] ;
+; }
+
+r=4 ;(AP)
+a=8 ;(AP)
+n=12 ;(AP)	n	by value (input)
+
+
+	.psect	code,nowrt
+
+.entry	bn_sqr_words,^m<r2,r3,r4,r5>
+
+	moval	@r(ap),r2	; r2 -> r[]
+	moval	@a(ap),r3	; r3 -> a[]
+	movl	n(ap),r4	; r4 = n (assumed >0 by C code)
+
+0$:
+	movl	(r3)+,r5		; r5 = a[] & advance
+
+	; <r1,r0> := a[] * a[]
+	emul	r5,r5,#0,r0		; a[] considered signed
+
+	; fixup for "negative" a[]
+	tstl	r5			; a[]
+	bgeq	30$
+	addl2	r5,r1			; a[]
+	addl2	r5,r1			; a[]
+30$:
+
+	movl	r0,(r2)+		; store lo result in r[] & advance
+	movl	r1,(r2)+		; store hi result in r[] & advance
+
+	sobgtr	r4,0$
+
+	movl	#1,r0			; return SS$_NORMAL
+	ret
+
+	.title	vax_bn_div_words  unsigned divide
+;
+; Richard Levitte 20-Nov-2000
+;
+; ULONG bn_div_words(ULONG h, ULONG l, ULONG d)
+; {
+;	return ((ULONG)((((ULLONG)h)<<32)|l) / (ULLONG)d);
+; }
+;
+; Using EDIV would be very easy, if it didn't do signed calculations.
+; Any time, any of the input numbers are signed, there are problems,
+; usually with integer overflow, at which point it returns useless
+; data (the quotient gets the value of l, and the remainder becomes 0).
+;
+; If it was just for the dividend, it would be very easy, just divide
+; it by 2 (unsigned), do the division, multiply the resulting quotient
+; and remainder by 2, add the bit that was dropped when dividing by 2
+; to the remainder, and do some adjustment so the remainder doesn't
+; end up larger than the divisor.  This method works as long as the
+; divisor is positive, so we'll keep that (with a small adjustment)
+; as the main method.
+; For some cases when the divisor is negative (from EDIV's point of
+; view, i.e. when the highest bit is set), dividing the dividend by
+; 2 isn't enough, it needs to be divided by 4.  Furthermore, the
+; divisor needs to be divided by 2 (unsigned) as well, to avoid more
+; problems with the sign.  In this case, a little extra fiddling with
+; the remainder is required.
+;
+; So, the simplest way to handle this is always to divide the dividend
+; by 4, and to divide the divisor by 2 if it's highest bit is set.
+; After EDIV has been used, the quotient gets multiplied by 4 if the
+; original divisor was positive, otherwise 2.  The remainder, oddly
+; enough, is *always* multiplied by 4.
+;
+; The routine ends with comparing the resulting remainder with the
+; original divisor and if the remainder is larger, subtract the
+; original divisor from it, and increase the quotient by 1.  This is
+; done until the remainder is smaller than the divisor.
+;
+; The complete algorithm looks like this:
+;
+; d'    = d
+; l'    = l & 3
+; [h,l] = [h,l] >> 2
+; [q,r] = floor([h,l] / d)	# This is the EDIV operation
+; if (q < 0) q = -q		# I doubt this is necessary any more
+;
+; r'    = r >> 30
+; if (d' >= 0) q = q << 1
+; q     = q << 1
+; r     = (r << 2) + l'
+;
+; if (d' < 0)
+;   {
+;     [r',r] = [r',r] - q
+;     while ([r',r] < 0)
+;       {
+;         [r',r] = [r',r] + d
+;         q = q - 1
+;       }
+;   }
+;
+; while ([r',r] >= d)
+;   {
+;     [r',r] = [r',r] - d
+;     q = q + 1
+;   }
+;
+; return q
+
+h=4 ;(AP)	h	by value (input)
+l=8 ;(AP)	l	by value (input)
+d=12 ;(AP)	d	by value (input)
+
+;lprim=r5
+;rprim=r6
+;dprim=r7
+
+
+	.psect	code,nowrt
+
+.entry	bn_div_words,^m<r2,r3,r4,r5,r6,r7>
+	movl	l(ap),r2
+	movl	h(ap),r3
+	movl	d(ap),r4
+
+	bicl3	#^XFFFFFFFC,r2,r5 ; l' = l & 3
+	bicl3	#^X00000003,r2,r2
+
+	bicl3	#^XFFFFFFFC,r3,r6
+	bicl3	#^X00000003,r3,r3
+        
+	addl	r6,r2
+	rotl	#-2,r2,r2	; l = l >> 2
+	rotl	#-2,r3,r3	; h = h >> 2
+                
+	movl	#0,r6
+	movl	r4,r7		; d' = d
+
+	tstl	r4
+	beql	666$		; Uh-oh, the divisor is 0...
+	bgtr	1$
+	rotl	#-1,r4,r4	; If d is negative, shift it right.
+	bicl2	#^X80000000,r4	; Since d is then a large number, the
+				; lowest bit is insignificant
+				; (contradict that, and I'll fix the problem!)
+1$:     
+	ediv	r4,r2,r2,r3	; Do the actual division
+
+	tstl	r2
+	bgeq	3$
+	mnegl	r2,r2		; if q < 0, negate it
+3$:     
+	tstl	r7
+	blss	4$
+	ashl	#1,r2,r2	; q = q << 1
+4$:     
+	ashl	#1,r2,r2	; q = q << 1
+	rotl	#2,r3,r3	; r = r << 2
+	bicl3	#^XFFFFFFFC,r3,r6 ; r' gets the high bits from r
+	bicl3	#^X00000003,r3,r3
+	addl	r5,r3		; r = r + l'
+
+	tstl	r7
+	bgeq	5$
+	bitl	#1,r7
+	beql	5$		; if d < 0 && d & 1
+	subl	r2,r3		;   [r',r] = [r',r] - q
+	sbwc	#0,r6
+45$:
+	bgeq	5$		;   while r < 0
+	decl	r2		;     q = q - 1
+	addl	r7,r3		;     [r',r] = [r',r] + d
+	adwc	#0,r6
+	brb	45$
+
+5$:
+	tstl	r6
+	bneq	6$
+	cmpl	r3,r7
+	blssu	42$		; while [r',r] >= d'
+6$:
+	subl	r7,r3		;   [r',r] = [r',r] - d
+	sbwc	#0,r6
+	incl	r2		;   q = q + 1
+	brb	5$	
+42$:
+;	movl	r3,r1
+	movl	r2,r0
+	ret
+666$:
+	movl	#^XFFFFFFFF,r0
+	ret
+
+	.title	vax_bn_add_words  unsigned add of two arrays
+;
+; Richard Levitte 20-Nov-2000
+;
+; ULONG bn_add_words(ULONG r[], ULONG a[], ULONG b[], int n) {
+;	ULONG c = 0;
+;	int i;
+;	for (i = 0; i < n; i++) <c,r[i]> = a[i] + b[i] + c;
+;	return(c);
+; }
+
+r=4 ;(AP)	r	by reference (output)
+a=8 ;(AP)	a	by reference (input)
+b=12 ;(AP)	b	by reference (input)
+n=16 ;(AP)	n	by value (input)
+
+
+	.psect	code,nowrt
+
+.entry	bn_add_words,^m<r2,r3,r4,r5,r6>
+
+	moval	@r(ap),r2
+	moval	@a(ap),r3
+	moval	@b(ap),r4
+	movl	n(ap),r5	; assumed >0 by C code
+	clrl	r0		; c
+
+	tstl	r5		; carry = 0
+	bleq	666$
+
+0$:
+	movl	(r3)+,r6	; carry untouched
+	adwc	(r4)+,r6	; carry used and touched
+	movl	r6,(r2)+	; carry untouched
+	sobgtr	r5,0$		; carry untouched
+
+	adwc	#0,r0
+666$:
+	ret
+
+	.title	vax_bn_sub_words  unsigned add of two arrays
+;
+; Richard Levitte 20-Nov-2000
+;
+; ULONG bn_sub_words(ULONG r[], ULONG a[], ULONG b[], int n) {
+;	ULONG c = 0;
+;	int i;
+;	for (i = 0; i < n; i++) <c,r[i]> = a[i] - b[i] - c;
+;	return(c);
+; }
+
+r=4 ;(AP)	r	by reference (output)
+a=8 ;(AP)	a	by reference (input)
+b=12 ;(AP)	b	by reference (input)
+n=16 ;(AP)	n	by value (input)
+
+
+	.psect	code,nowrt
+
+.entry	bn_sub_words,^m<r2,r3,r4,r5,r6>
+
+	moval	@r(ap),r2
+	moval	@a(ap),r3
+	moval	@b(ap),r4
+	movl	n(ap),r5	; assumed >0 by C code
+	clrl	r0		; c
+
+	tstl	r5		; carry = 0
+	bleq	666$
+
+0$:
+	movl	(r3)+,r6	; carry untouched
+	sbwc	(r4)+,r6	; carry used and touched
+	movl	r6,(r2)+	; carry untouched
+	sobgtr	r5,0$		; carry untouched
+
+	adwc	#0,r0
+666$:
+	ret
+
+
+;r=4 ;(AP)
+;a=8 ;(AP)
+;b=12 ;(AP)
+;n=16 ;(AP)	n	by value (input)
+
+	.psect	code,nowrt
+
+.entry	BN_MUL_COMBA8,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11>
+	movab	-924(sp),sp
+	clrq	r8
+
+	clrl	r10
+
+	movl	8(ap),r6
+	movzwl	2(r6),r3
+	movl	12(ap),r7
+	bicl3	#-65536,(r7),r2
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,(r6),-12(fp)
+	bicl3	#-65536,r3,-16(fp)
+	mull3	r0,-12(fp),-4(fp)
+	mull2	r2,-12(fp)
+	mull3	r2,-16(fp),-8(fp)
+	mull2	r0,-16(fp)
+	addl3	-4(fp),-8(fp),r0
+	bicl3	#0,r0,-4(fp)
+	cmpl	-4(fp),-8(fp)
+	bgequ	noname.45
+	addl2	#65536,-16(fp)
+noname.45:
+	movzwl	-2(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-16(fp)
+	bicl3	#-65536,-4(fp),r0
+	ashl	#16,r0,-8(fp)
+	addl3	-8(fp),-12(fp),r0
+	bicl3	#0,r0,-12(fp)
+	cmpl	-12(fp),-8(fp)
+	bgequ	noname.46
+	incl	-16(fp)
+noname.46:
+	movl	-12(fp),r1
+	movl	-16(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.47
+	incl	r2
+noname.47:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.48
+	incl	r10
+noname.48:
+
+	movl	4(ap),r11
+	movl	r9,(r11)
+
+	clrl	r9
+
+	movzwl	2(r6),r2
+	bicl3	#-65536,4(r7),r3
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,(r6),-28(fp)
+	bicl3	#-65536,r2,-32(fp)
+	mull3	r0,-28(fp),-20(fp)
+	mull2	r3,-28(fp)
+	mull3	r3,-32(fp),-24(fp)
+	mull2	r0,-32(fp)
+	addl3	-20(fp),-24(fp),r0
+	bicl3	#0,r0,-20(fp)
+	cmpl	-20(fp),-24(fp)
+	bgequ	noname.49
+	addl2	#65536,-32(fp)
+noname.49:
+	movzwl	-18(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-32(fp)
+	bicl3	#-65536,-20(fp),r0
+	ashl	#16,r0,-24(fp)
+	addl3	-24(fp),-28(fp),r0
+	bicl3	#0,r0,-28(fp)
+	cmpl	-28(fp),-24(fp)
+	bgequ	noname.50
+	incl	-32(fp)
+noname.50:
+	movl	-28(fp),r1
+	movl	-32(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.51
+	incl	r2
+noname.51:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.52
+	incl	r9
+noname.52:
+
+	movzwl	6(r6),r2
+	bicl3	#-65536,(r7),r3
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,4(r6),-44(fp)
+	bicl3	#-65536,r2,-48(fp)
+	mull3	r0,-44(fp),-36(fp)
+	mull2	r3,-44(fp)
+	mull3	r3,-48(fp),-40(fp)
+	mull2	r0,-48(fp)
+	addl3	-36(fp),-40(fp),r0
+	bicl3	#0,r0,-36(fp)
+	cmpl	-36(fp),-40(fp)
+	bgequ	noname.53
+	addl2	#65536,-48(fp)
+noname.53:
+	movzwl	-34(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-48(fp)
+	bicl3	#-65536,-36(fp),r0
+	ashl	#16,r0,-40(fp)
+	addl3	-40(fp),-44(fp),r0
+	bicl3	#0,r0,-44(fp)
+	cmpl	-44(fp),-40(fp)
+	bgequ	noname.54
+	incl	-48(fp)
+noname.54:
+	movl	-44(fp),r1
+	movl	-48(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.55
+	incl	r2
+noname.55:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.56
+	incl	r9
+noname.56:
+
+	movl	r8,4(r11)
+
+	clrl	r8
+
+	movzwl	10(r6),r2
+	bicl3	#-65536,(r7),r3
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,8(r6),-60(fp)
+	bicl3	#-65536,r2,-64(fp)
+	mull3	r0,-60(fp),-52(fp)
+	mull2	r3,-60(fp)
+	mull3	r3,-64(fp),-56(fp)
+	mull2	r0,-64(fp)
+	addl3	-52(fp),-56(fp),r0
+	bicl3	#0,r0,-52(fp)
+	cmpl	-52(fp),-56(fp)
+	bgequ	noname.57
+	addl2	#65536,-64(fp)
+noname.57:
+	movzwl	-50(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-64(fp)
+	bicl3	#-65536,-52(fp),r0
+	ashl	#16,r0,-56(fp)
+	addl3	-56(fp),-60(fp),r0
+	bicl3	#0,r0,-60(fp)
+	cmpl	-60(fp),-56(fp)
+	bgequ	noname.58
+	incl	-64(fp)
+noname.58:
+	movl	-60(fp),r1
+	movl	-64(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.59
+	incl	r2
+noname.59:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.60
+	incl	r8
+noname.60:
+
+	movzwl	6(r6),r2
+	bicl3	#-65536,4(r7),r3
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,4(r6),-76(fp)
+	bicl3	#-65536,r2,-80(fp)
+	mull3	r0,-76(fp),-68(fp)
+	mull2	r3,-76(fp)
+	mull3	r3,-80(fp),-72(fp)
+	mull2	r0,-80(fp)
+	addl3	-68(fp),-72(fp),r0
+	bicl3	#0,r0,-68(fp)
+	cmpl	-68(fp),-72(fp)
+	bgequ	noname.61
+	addl2	#65536,-80(fp)
+noname.61:
+	movzwl	-66(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-80(fp)
+	bicl3	#-65536,-68(fp),r0
+	ashl	#16,r0,-72(fp)
+	addl3	-72(fp),-76(fp),r0
+	bicl3	#0,r0,-76(fp)
+	cmpl	-76(fp),-72(fp)
+	bgequ	noname.62
+	incl	-80(fp)
+noname.62:
+	movl	-76(fp),r1
+	movl	-80(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.63
+	incl	r2
+noname.63:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.64
+	incl	r8
+noname.64:
+
+	movzwl	2(r6),r2
+	bicl3	#-65536,8(r7),r3
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,(r6),-92(fp)
+	bicl3	#-65536,r2,-96(fp)
+	mull3	r0,-92(fp),-84(fp)
+	mull2	r3,-92(fp)
+	mull3	r3,-96(fp),-88(fp)
+	mull2	r0,-96(fp)
+	addl3	-84(fp),-88(fp),r0
+	bicl3	#0,r0,-84(fp)
+	cmpl	-84(fp),-88(fp)
+	bgequ	noname.65
+	addl2	#65536,-96(fp)
+noname.65:
+	movzwl	-82(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-96(fp)
+	bicl3	#-65536,-84(fp),r0
+	ashl	#16,r0,-88(fp)
+	addl3	-88(fp),-92(fp),r0
+	bicl3	#0,r0,-92(fp)
+	cmpl	-92(fp),-88(fp)
+	bgequ	noname.66
+	incl	-96(fp)
+noname.66:
+	movl	-92(fp),r1
+	movl	-96(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.67
+	incl	r2
+noname.67:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.68
+	incl	r8
+noname.68:
+
+	movl	r10,8(r11)
+
+	clrl	r10
+
+	movzwl	2(r6),r2
+	bicl3	#-65536,12(r7),r3
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,(r6),-108(fp)
+	bicl3	#-65536,r2,-112(fp)
+	mull3	r0,-108(fp),-100(fp)
+	mull2	r3,-108(fp)
+	mull3	r3,-112(fp),-104(fp)
+	mull2	r0,-112(fp)
+	addl3	-100(fp),-104(fp),r0
+	bicl3	#0,r0,-100(fp)
+	cmpl	-100(fp),-104(fp)
+	bgequ	noname.69
+	addl2	#65536,-112(fp)
+noname.69:
+	movzwl	-98(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-112(fp)
+	bicl3	#-65536,-100(fp),r0
+	ashl	#16,r0,-104(fp)
+	addl3	-104(fp),-108(fp),r0
+	bicl3	#0,r0,-108(fp)
+	cmpl	-108(fp),-104(fp)
+	bgequ	noname.70
+	incl	-112(fp)
+noname.70:
+	movl	-108(fp),r1
+	movl	-112(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.71
+	incl	r2
+noname.71:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.72
+	incl	r10
+noname.72:
+
+	movzwl	6(r6),r2
+	bicl3	#-65536,8(r7),r3
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,4(r6),-124(fp)
+	bicl3	#-65536,r2,-128(fp)
+	mull3	r0,-124(fp),-116(fp)
+	mull2	r3,-124(fp)
+	mull3	r3,-128(fp),-120(fp)
+	mull2	r0,-128(fp)
+	addl3	-116(fp),-120(fp),r0
+	bicl3	#0,r0,-116(fp)
+	cmpl	-116(fp),-120(fp)
+	bgequ	noname.73
+	addl2	#65536,-128(fp)
+noname.73:
+	movzwl	-114(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-128(fp)
+	bicl3	#-65536,-116(fp),r0
+	ashl	#16,r0,-120(fp)
+	addl3	-120(fp),-124(fp),r0
+	bicl3	#0,r0,-124(fp)
+	cmpl	-124(fp),-120(fp)
+	bgequ	noname.74
+	incl	-128(fp)
+noname.74:
+	movl	-124(fp),r1
+	movl	-128(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.75
+	incl	r2
+noname.75:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.76
+	incl	r10
+noname.76:
+
+	movzwl	10(r6),r2
+	bicl3	#-65536,4(r7),r3
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,8(r6),-140(fp)
+	bicl3	#-65536,r2,-144(fp)
+	mull3	r0,-140(fp),-132(fp)
+	mull2	r3,-140(fp)
+	mull3	r3,-144(fp),-136(fp)
+	mull2	r0,-144(fp)
+	addl3	-132(fp),-136(fp),r0
+	bicl3	#0,r0,-132(fp)
+	cmpl	-132(fp),-136(fp)
+	bgequ	noname.77
+	addl2	#65536,-144(fp)
+noname.77:
+	movzwl	-130(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-144(fp)
+	bicl3	#-65536,-132(fp),r0
+	ashl	#16,r0,-136(fp)
+	addl3	-136(fp),-140(fp),r0
+	bicl3	#0,r0,-140(fp)
+	cmpl	-140(fp),-136(fp)
+	bgequ	noname.78
+	incl	-144(fp)
+noname.78:
+	movl	-140(fp),r1
+	movl	-144(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.79
+	incl	r2
+noname.79:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.80
+	incl	r10
+noname.80:
+
+	movzwl	14(r6),r2
+	bicl3	#-65536,(r7),r3
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,12(r6),-156(fp)
+	bicl3	#-65536,r2,-160(fp)
+	mull3	r0,-156(fp),-148(fp)
+	mull2	r3,-156(fp)
+	mull3	r3,-160(fp),-152(fp)
+	mull2	r0,-160(fp)
+	addl3	-148(fp),-152(fp),r0
+	bicl3	#0,r0,-148(fp)
+	cmpl	-148(fp),-152(fp)
+	bgequ	noname.81
+	addl2	#65536,-160(fp)
+noname.81:
+	movzwl	-146(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-160(fp)
+	bicl3	#-65536,-148(fp),r0
+	ashl	#16,r0,-152(fp)
+	addl3	-152(fp),-156(fp),r0
+	bicl3	#0,r0,-156(fp)
+	cmpl	-156(fp),-152(fp)
+	bgequ	noname.82
+	incl	-160(fp)
+noname.82:
+	movl	-156(fp),r1
+	movl	-160(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.83
+	incl	r2
+noname.83:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.84
+	incl	r10
+noname.84:
+
+	movl	r9,12(r11)
+
+	clrl	r9
+
+	movzwl	18(r6),r2
+	bicl3	#-65536,(r7),r3
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,16(r6),-172(fp)
+	bicl3	#-65536,r2,-176(fp)
+	mull3	r0,-172(fp),-164(fp)
+	mull2	r3,-172(fp)
+	mull3	r3,-176(fp),-168(fp)
+	mull2	r0,-176(fp)
+	addl3	-164(fp),-168(fp),r0
+	bicl3	#0,r0,-164(fp)
+	cmpl	-164(fp),-168(fp)
+	bgequ	noname.85
+	addl2	#65536,-176(fp)
+noname.85:
+	movzwl	-162(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-176(fp)
+	bicl3	#-65536,-164(fp),r0
+	ashl	#16,r0,-168(fp)
+	addl3	-168(fp),-172(fp),r0
+	bicl3	#0,r0,-172(fp)
+	cmpl	-172(fp),-168(fp)
+	bgequ	noname.86
+	incl	-176(fp)
+noname.86:
+	movl	-172(fp),r1
+	movl	-176(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.87
+	incl	r2
+noname.87:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.88
+	incl	r9
+noname.88:
+
+	movzwl	14(r6),r2
+	bicl3	#-65536,4(r7),r3
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,12(r6),-188(fp)
+	bicl3	#-65536,r2,-192(fp)
+	mull3	r0,-188(fp),-180(fp)
+	mull2	r3,-188(fp)
+	mull3	r3,-192(fp),-184(fp)
+	mull2	r0,-192(fp)
+	addl3	-180(fp),-184(fp),r0
+	bicl3	#0,r0,-180(fp)
+	cmpl	-180(fp),-184(fp)
+	bgequ	noname.89
+	addl2	#65536,-192(fp)
+noname.89:
+	movzwl	-178(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-192(fp)
+	bicl3	#-65536,-180(fp),r0
+	ashl	#16,r0,-184(fp)
+	addl3	-184(fp),-188(fp),r0
+	bicl3	#0,r0,-188(fp)
+	cmpl	-188(fp),-184(fp)
+	bgequ	noname.90
+	incl	-192(fp)
+noname.90:
+	movl	-188(fp),r1
+	movl	-192(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.91
+	incl	r2
+noname.91:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.92
+	incl	r9
+noname.92:
+
+	movzwl	10(r6),r2
+	bicl3	#-65536,8(r7),r3
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,8(r6),-204(fp)
+	bicl3	#-65536,r2,-208(fp)
+	mull3	r0,-204(fp),-196(fp)
+	mull2	r3,-204(fp)
+	mull3	r3,-208(fp),-200(fp)
+	mull2	r0,-208(fp)
+	addl3	-196(fp),-200(fp),r0
+	bicl3	#0,r0,-196(fp)
+	cmpl	-196(fp),-200(fp)
+	bgequ	noname.93
+	addl2	#65536,-208(fp)
+noname.93:
+	movzwl	-194(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-208(fp)
+	bicl3	#-65536,-196(fp),r0
+	ashl	#16,r0,-200(fp)
+	addl3	-200(fp),-204(fp),r0
+	bicl3	#0,r0,-204(fp)
+	cmpl	-204(fp),-200(fp)
+	bgequ	noname.94
+	incl	-208(fp)
+noname.94:
+	movl	-204(fp),r1
+	movl	-208(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.95
+	incl	r2
+noname.95:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.96
+	incl	r9
+noname.96:
+
+	movzwl	6(r6),r2
+	bicl3	#-65536,12(r7),r3
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,4(r6),-220(fp)
+	bicl3	#-65536,r2,-224(fp)
+	mull3	r0,-220(fp),-212(fp)
+	mull2	r3,-220(fp)
+	mull3	r3,-224(fp),-216(fp)
+	mull2	r0,-224(fp)
+	addl3	-212(fp),-216(fp),r0
+	bicl3	#0,r0,-212(fp)
+	cmpl	-212(fp),-216(fp)
+	bgequ	noname.97
+	addl2	#65536,-224(fp)
+noname.97:
+	movzwl	-210(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-224(fp)
+	bicl3	#-65536,-212(fp),r0
+	ashl	#16,r0,-216(fp)
+	addl3	-216(fp),-220(fp),r0
+	bicl3	#0,r0,-220(fp)
+	cmpl	-220(fp),-216(fp)
+	bgequ	noname.98
+	incl	-224(fp)
+noname.98:
+	movl	-220(fp),r1
+	movl	-224(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.99
+	incl	r2
+noname.99:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.100
+	incl	r9
+noname.100:
+
+	movzwl	2(r6),r2
+	bicl3	#-65536,16(r7),r3
+	movzwl	18(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,(r6),-236(fp)
+	bicl3	#-65536,r2,-240(fp)
+	mull3	r0,-236(fp),-228(fp)
+	mull2	r3,-236(fp)
+	mull3	r3,-240(fp),-232(fp)
+	mull2	r0,-240(fp)
+	addl3	-228(fp),-232(fp),r0
+	bicl3	#0,r0,-228(fp)
+	cmpl	-228(fp),-232(fp)
+	bgequ	noname.101
+	addl2	#65536,-240(fp)
+noname.101:
+	movzwl	-226(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-240(fp)
+	bicl3	#-65536,-228(fp),r0
+	ashl	#16,r0,-232(fp)
+	addl3	-232(fp),-236(fp),r0
+	bicl3	#0,r0,-236(fp)
+	cmpl	-236(fp),-232(fp)
+	bgequ	noname.102
+	incl	-240(fp)
+noname.102:
+	movl	-236(fp),r1
+	movl	-240(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.103
+	incl	r2
+noname.103:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.104
+	incl	r9
+noname.104:
+
+	movl	r8,16(r11)
+
+	clrl	r8
+
+	movzwl	2(r6),r2
+	bicl3	#-65536,20(r7),r3
+	movzwl	22(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,(r6),-252(fp)
+	bicl3	#-65536,r2,-256(fp)
+	mull3	r0,-252(fp),-244(fp)
+	mull2	r3,-252(fp)
+	mull3	r3,-256(fp),-248(fp)
+	mull2	r0,-256(fp)
+	addl3	-244(fp),-248(fp),r0
+	bicl3	#0,r0,-244(fp)
+	cmpl	-244(fp),-248(fp)
+	bgequ	noname.105
+	addl2	#65536,-256(fp)
+noname.105:
+	movzwl	-242(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-256(fp)
+	bicl3	#-65536,-244(fp),r0
+	ashl	#16,r0,-248(fp)
+	addl3	-248(fp),-252(fp),r0
+	bicl3	#0,r0,-252(fp)
+	cmpl	-252(fp),-248(fp)
+	bgequ	noname.106
+	incl	-256(fp)
+noname.106:
+	movl	-252(fp),r1
+	movl	-256(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.107
+	incl	r2
+noname.107:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.108
+	incl	r8
+noname.108:
+
+	movzwl	6(r6),r2
+	bicl3	#-65536,16(r7),r3
+	movzwl	18(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,4(r6),-268(fp)
+	bicl3	#-65536,r2,-272(fp)
+	mull3	r0,-268(fp),-260(fp)
+	mull2	r3,-268(fp)
+	mull3	r3,-272(fp),-264(fp)
+	mull2	r0,-272(fp)
+	addl3	-260(fp),-264(fp),r0
+	bicl3	#0,r0,-260(fp)
+	cmpl	-260(fp),-264(fp)
+	bgequ	noname.109
+	addl2	#65536,-272(fp)
+noname.109:
+	movzwl	-258(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-272(fp)
+	bicl3	#-65536,-260(fp),r0
+	ashl	#16,r0,-264(fp)
+	addl3	-264(fp),-268(fp),r0
+	bicl3	#0,r0,-268(fp)
+	cmpl	-268(fp),-264(fp)
+	bgequ	noname.110
+	incl	-272(fp)
+noname.110:
+	movl	-268(fp),r1
+	movl	-272(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.111
+	incl	r2
+noname.111:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.112
+	incl	r8
+noname.112:
+
+	movzwl	10(r6),r2
+	bicl3	#-65536,12(r7),r3
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,8(r6),-284(fp)
+	bicl3	#-65536,r2,-288(fp)
+	mull3	r0,-284(fp),-276(fp)
+	mull2	r3,-284(fp)
+	mull3	r3,-288(fp),-280(fp)
+	mull2	r0,-288(fp)
+	addl3	-276(fp),-280(fp),r0
+	bicl3	#0,r0,-276(fp)
+	cmpl	-276(fp),-280(fp)
+	bgequ	noname.113
+	addl2	#65536,-288(fp)
+noname.113:
+	movzwl	-274(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-288(fp)
+	bicl3	#-65536,-276(fp),r0
+	ashl	#16,r0,-280(fp)
+	addl3	-280(fp),-284(fp),r0
+	bicl3	#0,r0,-284(fp)
+	cmpl	-284(fp),-280(fp)
+	bgequ	noname.114
+	incl	-288(fp)
+noname.114:
+	movl	-284(fp),r1
+	movl	-288(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.115
+	incl	r2
+noname.115:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.116
+	incl	r8
+noname.116:
+
+	movzwl	14(r6),r2
+	bicl3	#-65536,8(r7),r3
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,12(r6),-300(fp)
+	bicl3	#-65536,r2,-304(fp)
+	mull3	r0,-300(fp),-292(fp)
+	mull2	r3,-300(fp)
+	mull3	r3,-304(fp),-296(fp)
+	mull2	r0,-304(fp)
+	addl3	-292(fp),-296(fp),r0
+	bicl3	#0,r0,-292(fp)
+	cmpl	-292(fp),-296(fp)
+	bgequ	noname.117
+	addl2	#65536,-304(fp)
+noname.117:
+	movzwl	-290(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-304(fp)
+	bicl3	#-65536,-292(fp),r0
+	ashl	#16,r0,-296(fp)
+	addl3	-296(fp),-300(fp),r0
+	bicl3	#0,r0,-300(fp)
+	cmpl	-300(fp),-296(fp)
+	bgequ	noname.118
+	incl	-304(fp)
+noname.118:
+	movl	-300(fp),r1
+	movl	-304(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.119
+	incl	r2
+noname.119:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.120
+	incl	r8
+noname.120:
+
+	movzwl	18(r6),r2
+	bicl3	#-65536,4(r7),r3
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,16(r6),-316(fp)
+	bicl3	#-65536,r2,-320(fp)
+	mull3	r0,-316(fp),-308(fp)
+	mull2	r3,-316(fp)
+	mull3	r3,-320(fp),-312(fp)
+	mull2	r0,-320(fp)
+	addl3	-308(fp),-312(fp),r0
+	bicl3	#0,r0,-308(fp)
+	cmpl	-308(fp),-312(fp)
+	bgequ	noname.121
+	addl2	#65536,-320(fp)
+noname.121:
+	movzwl	-306(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-320(fp)
+	bicl3	#-65536,-308(fp),r0
+	ashl	#16,r0,-312(fp)
+	addl3	-312(fp),-316(fp),r0
+	bicl3	#0,r0,-316(fp)
+	cmpl	-316(fp),-312(fp)
+	bgequ	noname.122
+	incl	-320(fp)
+noname.122:
+	movl	-316(fp),r1
+	movl	-320(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.123
+	incl	r2
+
+noname.123:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.124
+	incl	r8
+noname.124:
+
+	movzwl	22(r6),r2
+	bicl3	#-65536,(r7),r3
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,20(r6),-332(fp)
+	bicl3	#-65536,r2,-336(fp)
+	mull3	r0,-332(fp),-324(fp)
+	mull2	r3,-332(fp)
+	mull3	r3,-336(fp),-328(fp)
+	mull2	r0,-336(fp)
+	addl3	-324(fp),-328(fp),r0
+	bicl3	#0,r0,-324(fp)
+	cmpl	-324(fp),-328(fp)
+	bgequ	noname.125
+	addl2	#65536,-336(fp)
+noname.125:
+	movzwl	-322(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-336(fp)
+	bicl3	#-65536,-324(fp),r0
+	ashl	#16,r0,-328(fp)
+	addl3	-328(fp),-332(fp),r0
+	bicl3	#0,r0,-332(fp)
+	cmpl	-332(fp),-328(fp)
+	bgequ	noname.126
+	incl	-336(fp)
+noname.126:
+	movl	-332(fp),r1
+	movl	-336(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.127
+	incl	r2
+noname.127:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.128
+	incl	r8
+noname.128:
+
+	movl	r10,20(r11)
+
+	clrl	r10
+
+	movzwl	26(r6),r2
+	bicl3	#-65536,(r7),r3
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,24(r6),-348(fp)
+	bicl3	#-65536,r2,-352(fp)
+	mull3	r0,-348(fp),-340(fp)
+	mull2	r3,-348(fp)
+	mull3	r3,-352(fp),-344(fp)
+	mull2	r0,-352(fp)
+	addl3	-340(fp),-344(fp),r0
+	bicl3	#0,r0,-340(fp)
+	cmpl	-340(fp),-344(fp)
+	bgequ	noname.129
+	addl2	#65536,-352(fp)
+noname.129:
+	movzwl	-338(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-352(fp)
+	bicl3	#-65536,-340(fp),r0
+	ashl	#16,r0,-344(fp)
+	addl3	-344(fp),-348(fp),r0
+	bicl3	#0,r0,-348(fp)
+	cmpl	-348(fp),-344(fp)
+	bgequ	noname.130
+	incl	-352(fp)
+noname.130:
+	movl	-348(fp),r1
+	movl	-352(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.131
+	incl	r2
+noname.131:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.132
+	incl	r10
+noname.132:
+
+	movzwl	22(r6),r2
+	bicl3	#-65536,4(r7),r3
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,20(r6),-364(fp)
+	bicl3	#-65536,r2,-368(fp)
+	mull3	r0,-364(fp),-356(fp)
+	mull2	r3,-364(fp)
+	mull3	r3,-368(fp),-360(fp)
+	mull2	r0,-368(fp)
+	addl3	-356(fp),-360(fp),r0
+	bicl3	#0,r0,-356(fp)
+	cmpl	-356(fp),-360(fp)
+	bgequ	noname.133
+	addl2	#65536,-368(fp)
+noname.133:
+	movzwl	-354(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-368(fp)
+	bicl3	#-65536,-356(fp),r0
+	ashl	#16,r0,-360(fp)
+	addl3	-360(fp),-364(fp),r0
+	bicl3	#0,r0,-364(fp)
+	cmpl	-364(fp),-360(fp)
+	bgequ	noname.134
+	incl	-368(fp)
+noname.134:
+	movl	-364(fp),r1
+	movl	-368(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.135
+	incl	r2
+noname.135:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.136
+	incl	r10
+noname.136:
+
+	movzwl	18(r6),r2
+	bicl3	#-65536,8(r7),r3
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,16(r6),-380(fp)
+	bicl3	#-65536,r2,-384(fp)
+	mull3	r0,-380(fp),-372(fp)
+	mull2	r3,-380(fp)
+	mull3	r3,-384(fp),-376(fp)
+	mull2	r0,-384(fp)
+	addl3	-372(fp),-376(fp),r0
+	bicl3	#0,r0,-372(fp)
+	cmpl	-372(fp),-376(fp)
+	bgequ	noname.137
+	addl2	#65536,-384(fp)
+noname.137:
+	movzwl	-370(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-384(fp)
+	bicl3	#-65536,-372(fp),r0
+	ashl	#16,r0,-376(fp)
+	addl3	-376(fp),-380(fp),r0
+	bicl3	#0,r0,-380(fp)
+	cmpl	-380(fp),-376(fp)
+	bgequ	noname.138
+	incl	-384(fp)
+noname.138:
+	movl	-380(fp),r1
+	movl	-384(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.139
+	incl	r2
+noname.139:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.140
+	incl	r10
+noname.140:
+
+	movzwl	14(r6),r2
+	bicl3	#-65536,12(r7),r3
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,12(r6),-396(fp)
+	bicl3	#-65536,r2,-400(fp)
+	mull3	r0,-396(fp),-388(fp)
+	mull2	r3,-396(fp)
+	mull3	r3,-400(fp),-392(fp)
+	mull2	r0,-400(fp)
+	addl3	-388(fp),-392(fp),r0
+	bicl3	#0,r0,-388(fp)
+	cmpl	-388(fp),-392(fp)
+	bgequ	noname.141
+	addl2	#65536,-400(fp)
+noname.141:
+	movzwl	-386(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-400(fp)
+	bicl3	#-65536,-388(fp),r0
+	ashl	#16,r0,-392(fp)
+	addl3	-392(fp),-396(fp),r0
+	bicl3	#0,r0,-396(fp)
+	cmpl	-396(fp),-392(fp)
+	bgequ	noname.142
+	incl	-400(fp)
+noname.142:
+	movl	-396(fp),r1
+	movl	-400(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.143
+	incl	r2
+noname.143:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.144
+	incl	r10
+noname.144:
+
+	movzwl	10(r6),r2
+	bicl3	#-65536,16(r7),r3
+	movzwl	18(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,8(r6),-412(fp)
+	bicl3	#-65536,r2,-416(fp)
+	mull3	r0,-412(fp),-404(fp)
+	mull2	r3,-412(fp)
+	mull3	r3,-416(fp),-408(fp)
+	mull2	r0,-416(fp)
+	addl3	-404(fp),-408(fp),r0
+	bicl3	#0,r0,-404(fp)
+	cmpl	-404(fp),-408(fp)
+	bgequ	noname.145
+	addl2	#65536,-416(fp)
+noname.145:
+	movzwl	-402(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-416(fp)
+	bicl3	#-65536,-404(fp),r0
+	ashl	#16,r0,-408(fp)
+	addl3	-408(fp),-412(fp),r0
+	bicl3	#0,r0,-412(fp)
+	cmpl	-412(fp),-408(fp)
+	bgequ	noname.146
+	incl	-416(fp)
+noname.146:
+	movl	-412(fp),r1
+	movl	-416(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.147
+	incl	r2
+noname.147:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.148
+	incl	r10
+noname.148:
+
+	movzwl	6(r6),r2
+	bicl3	#-65536,20(r7),r3
+	movzwl	22(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,4(r6),-428(fp)
+	bicl3	#-65536,r2,-432(fp)
+	mull3	r0,-428(fp),-420(fp)
+	mull2	r3,-428(fp)
+	mull3	r3,-432(fp),-424(fp)
+	mull2	r0,-432(fp)
+	addl3	-420(fp),-424(fp),r0
+	bicl3	#0,r0,-420(fp)
+	cmpl	-420(fp),-424(fp)
+	bgequ	noname.149
+	addl2	#65536,-432(fp)
+noname.149:
+	movzwl	-418(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-432(fp)
+	bicl3	#-65536,-420(fp),r0
+	ashl	#16,r0,-424(fp)
+	addl3	-424(fp),-428(fp),r0
+	bicl3	#0,r0,-428(fp)
+	cmpl	-428(fp),-424(fp)
+	bgequ	noname.150
+	incl	-432(fp)
+noname.150:
+	movl	-428(fp),r1
+	movl	-432(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.151
+	incl	r2
+noname.151:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.152
+	incl	r10
+noname.152:
+
+	movzwl	2(r6),r2
+	bicl3	#-65536,24(r7),r3
+	movzwl	26(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,(r6),-444(fp)
+	bicl3	#-65536,r2,-448(fp)
+	mull3	r0,-444(fp),-436(fp)
+	mull2	r3,-444(fp)
+	mull3	r3,-448(fp),-440(fp)
+	mull2	r0,-448(fp)
+	addl3	-436(fp),-440(fp),r0
+	bicl3	#0,r0,-436(fp)
+	cmpl	-436(fp),-440(fp)
+	bgequ	noname.153
+	addl2	#65536,-448(fp)
+noname.153:
+	movzwl	-434(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-448(fp)
+	bicl3	#-65536,-436(fp),r0
+	ashl	#16,r0,-440(fp)
+	addl3	-440(fp),-444(fp),r0
+	bicl3	#0,r0,-444(fp)
+	cmpl	-444(fp),-440(fp)
+	bgequ	noname.154
+	incl	-448(fp)
+noname.154:
+	movl	-444(fp),r1
+	movl	-448(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.155
+	incl	r2
+noname.155:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.156
+	incl	r10
+noname.156:
+
+	movl	r9,24(r11)
+
+	clrl	r9
+
+	movzwl	2(r6),r2
+	bicl3	#-65536,28(r7),r3
+	movzwl	30(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,(r6),-460(fp)
+	bicl3	#-65536,r2,-464(fp)
+	mull3	r0,-460(fp),-452(fp)
+	mull2	r3,-460(fp)
+	mull3	r3,-464(fp),-456(fp)
+	mull2	r0,-464(fp)
+	addl3	-452(fp),-456(fp),r0
+	bicl3	#0,r0,-452(fp)
+	cmpl	-452(fp),-456(fp)
+	bgequ	noname.157
+	addl2	#65536,-464(fp)
+noname.157:
+	movzwl	-450(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-464(fp)
+	bicl3	#-65536,-452(fp),r0
+	ashl	#16,r0,-456(fp)
+	addl3	-456(fp),-460(fp),r0
+	bicl3	#0,r0,-460(fp)
+	cmpl	-460(fp),-456(fp)
+	bgequ	noname.158
+	incl	-464(fp)
+noname.158:
+	movl	-460(fp),r1
+	movl	-464(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.159
+	incl	r2
+noname.159:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.160
+	incl	r9
+noname.160:
+
+	movzwl	6(r6),r2
+	bicl3	#-65536,24(r7),r3
+	movzwl	26(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,4(r6),-476(fp)
+	bicl3	#-65536,r2,-480(fp)
+	mull3	r0,-476(fp),-468(fp)
+	mull2	r3,-476(fp)
+	mull3	r3,-480(fp),-472(fp)
+	mull2	r0,-480(fp)
+	addl3	-468(fp),-472(fp),r0
+	bicl3	#0,r0,-468(fp)
+	cmpl	-468(fp),-472(fp)
+	bgequ	noname.161
+	addl2	#65536,-480(fp)
+noname.161:
+	movzwl	-466(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-480(fp)
+	bicl3	#-65536,-468(fp),r0
+	ashl	#16,r0,-472(fp)
+	addl3	-472(fp),-476(fp),r0
+	bicl3	#0,r0,-476(fp)
+	cmpl	-476(fp),-472(fp)
+	bgequ	noname.162
+	incl	-480(fp)
+noname.162:
+	movl	-476(fp),r1
+	movl	-480(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.163
+	incl	r2
+noname.163:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.164
+	incl	r9
+noname.164:
+
+	movzwl	10(r6),r2
+	bicl3	#-65536,20(r7),r3
+	movzwl	22(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,8(r6),-492(fp)
+	bicl3	#-65536,r2,-496(fp)
+	mull3	r0,-492(fp),-484(fp)
+	mull2	r3,-492(fp)
+	mull3	r3,-496(fp),-488(fp)
+	mull2	r0,-496(fp)
+	addl3	-484(fp),-488(fp),r0
+	bicl3	#0,r0,-484(fp)
+	cmpl	-484(fp),-488(fp)
+	bgequ	noname.165
+	addl2	#65536,-496(fp)
+noname.165:
+	movzwl	-482(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-496(fp)
+	bicl3	#-65536,-484(fp),r0
+	ashl	#16,r0,-488(fp)
+	addl3	-488(fp),-492(fp),r0
+	bicl3	#0,r0,-492(fp)
+	cmpl	-492(fp),-488(fp)
+	bgequ	noname.166
+	incl	-496(fp)
+noname.166:
+	movl	-492(fp),r1
+	movl	-496(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.167
+	incl	r2
+noname.167:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.168
+	incl	r9
+noname.168:
+
+	movzwl	14(r6),r2
+	bicl3	#-65536,16(r7),r3
+	movzwl	18(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,12(r6),-508(fp)
+	bicl3	#-65536,r2,-512(fp)
+	mull3	r0,-508(fp),-500(fp)
+	mull2	r3,-508(fp)
+	mull3	r3,-512(fp),-504(fp)
+	mull2	r0,-512(fp)
+	addl3	-500(fp),-504(fp),r0
+	bicl3	#0,r0,-500(fp)
+	cmpl	-500(fp),-504(fp)
+	bgequ	noname.169
+	addl2	#65536,-512(fp)
+noname.169:
+	movzwl	-498(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-512(fp)
+	bicl3	#-65536,-500(fp),r0
+	ashl	#16,r0,-504(fp)
+	addl3	-504(fp),-508(fp),r0
+	bicl3	#0,r0,-508(fp)
+	cmpl	-508(fp),-504(fp)
+	bgequ	noname.170
+	incl	-512(fp)
+noname.170:
+	movl	-508(fp),r1
+	movl	-512(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.171
+	incl	r2
+noname.171:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.172
+	incl	r9
+noname.172:
+
+	movzwl	18(r6),r2
+	bicl3	#-65536,12(r7),r3
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,16(r6),-524(fp)
+	bicl3	#-65536,r2,-528(fp)
+	mull3	r0,-524(fp),-516(fp)
+	mull2	r3,-524(fp)
+	mull3	r3,-528(fp),-520(fp)
+	mull2	r0,-528(fp)
+	addl3	-516(fp),-520(fp),r0
+	bicl3	#0,r0,-516(fp)
+	cmpl	-516(fp),-520(fp)
+	bgequ	noname.173
+	addl2	#65536,-528(fp)
+noname.173:
+	movzwl	-514(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-528(fp)
+	bicl3	#-65536,-516(fp),r0
+	ashl	#16,r0,-520(fp)
+	addl3	-520(fp),-524(fp),r0
+	bicl3	#0,r0,-524(fp)
+	cmpl	-524(fp),-520(fp)
+	bgequ	noname.174
+	incl	-528(fp)
+noname.174:
+	movl	-524(fp),r1
+	movl	-528(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.175
+	incl	r2
+noname.175:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.176
+	incl	r9
+noname.176:
+
+	movzwl	22(r6),r2
+	bicl3	#-65536,8(r7),r3
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,20(r6),-540(fp)
+	bicl3	#-65536,r2,-544(fp)
+	mull3	r0,-540(fp),-532(fp)
+	mull2	r3,-540(fp)
+	mull3	r3,-544(fp),-536(fp)
+	mull2	r0,-544(fp)
+	addl3	-532(fp),-536(fp),r0
+	bicl3	#0,r0,-532(fp)
+	cmpl	-532(fp),-536(fp)
+	bgequ	noname.177
+	addl2	#65536,-544(fp)
+noname.177:
+	movzwl	-530(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-544(fp)
+	bicl3	#-65536,-532(fp),r0
+	ashl	#16,r0,-536(fp)
+	addl3	-536(fp),-540(fp),r0
+	bicl3	#0,r0,-540(fp)
+	cmpl	-540(fp),-536(fp)
+	bgequ	noname.178
+	incl	-544(fp)
+noname.178:
+	movl	-540(fp),r1
+	movl	-544(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.179
+	incl	r2
+noname.179:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.180
+	incl	r9
+noname.180:
+
+	movzwl	26(r6),r2
+	bicl3	#-65536,4(r7),r3
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,24(r6),-556(fp)
+	bicl3	#-65536,r2,-560(fp)
+	mull3	r0,-556(fp),-548(fp)
+	mull2	r3,-556(fp)
+	mull3	r3,-560(fp),-552(fp)
+	mull2	r0,-560(fp)
+	addl3	-548(fp),-552(fp),r0
+	bicl3	#0,r0,-548(fp)
+	cmpl	-548(fp),-552(fp)
+	bgequ	noname.181
+	addl2	#65536,-560(fp)
+noname.181:
+	movzwl	-546(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-560(fp)
+	bicl3	#-65536,-548(fp),r0
+	ashl	#16,r0,-552(fp)
+	addl3	-552(fp),-556(fp),r0
+	bicl3	#0,r0,-556(fp)
+	cmpl	-556(fp),-552(fp)
+	bgequ	noname.182
+	incl	-560(fp)
+noname.182:
+	movl	-556(fp),r1
+	movl	-560(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.183
+	incl	r2
+noname.183:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.184
+	incl	r9
+noname.184:
+
+	movzwl	30(r6),r2
+	bicl3	#-65536,(r7),r3
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,28(r6),-572(fp)
+	bicl3	#-65536,r2,-576(fp)
+	mull3	r0,-572(fp),-564(fp)
+	mull2	r3,-572(fp)
+	mull3	r3,-576(fp),-568(fp)
+	mull2	r0,-576(fp)
+	addl3	-564(fp),-568(fp),r0
+	bicl3	#0,r0,-564(fp)
+	cmpl	-564(fp),-568(fp)
+	bgequ	noname.185
+	addl2	#65536,-576(fp)
+noname.185:
+	movzwl	-562(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-576(fp)
+	bicl3	#-65536,-564(fp),r0
+	ashl	#16,r0,-568(fp)
+	addl3	-568(fp),-572(fp),r0
+	bicl3	#0,r0,-572(fp)
+	cmpl	-572(fp),-568(fp)
+	bgequ	noname.186
+	incl	-576(fp)
+noname.186:
+	movl	-572(fp),r1
+	movl	-576(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.187
+	incl	r2
+noname.187:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.188
+	incl	r9
+noname.188:
+
+	movl	r8,28(r11)
+
+	clrl	r8
+
+	movzwl	30(r6),r2
+	bicl3	#-65536,4(r7),r3
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,28(r6),-588(fp)
+	bicl3	#-65536,r2,-592(fp)
+	mull3	r0,-588(fp),-580(fp)
+	mull2	r3,-588(fp)
+	mull3	r3,-592(fp),-584(fp)
+	mull2	r0,-592(fp)
+	addl3	-580(fp),-584(fp),r0
+	bicl3	#0,r0,-580(fp)
+	cmpl	-580(fp),-584(fp)
+	bgequ	noname.189
+	addl2	#65536,-592(fp)
+noname.189:
+	movzwl	-578(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-592(fp)
+	bicl3	#-65536,-580(fp),r0
+	ashl	#16,r0,-584(fp)
+	addl3	-584(fp),-588(fp),r0
+	bicl3	#0,r0,-588(fp)
+	cmpl	-588(fp),-584(fp)
+	bgequ	noname.190
+	incl	-592(fp)
+noname.190:
+	movl	-588(fp),r1
+	movl	-592(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.191
+	incl	r2
+noname.191:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.192
+	incl	r8
+noname.192:
+
+	movzwl	26(r6),r2
+	bicl3	#-65536,8(r7),r3
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,24(r6),-604(fp)
+	bicl3	#-65536,r2,-608(fp)
+	mull3	r0,-604(fp),-596(fp)
+	mull2	r3,-604(fp)
+	mull3	r3,-608(fp),-600(fp)
+	mull2	r0,-608(fp)
+	addl3	-596(fp),-600(fp),r0
+	bicl3	#0,r0,-596(fp)
+	cmpl	-596(fp),-600(fp)
+	bgequ	noname.193
+	addl2	#65536,-608(fp)
+noname.193:
+	movzwl	-594(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-608(fp)
+	bicl3	#-65536,-596(fp),r0
+	ashl	#16,r0,-600(fp)
+	addl3	-600(fp),-604(fp),r0
+	bicl3	#0,r0,-604(fp)
+	cmpl	-604(fp),-600(fp)
+	bgequ	noname.194
+	incl	-608(fp)
+noname.194:
+	movl	-604(fp),r1
+	movl	-608(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.195
+	incl	r2
+noname.195:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.196
+	incl	r8
+noname.196:
+
+	movzwl	22(r6),r2
+	bicl3	#-65536,12(r7),r3
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,20(r6),-620(fp)
+	bicl3	#-65536,r2,-624(fp)
+	mull3	r0,-620(fp),-612(fp)
+	mull2	r3,-620(fp)
+	mull3	r3,-624(fp),-616(fp)
+	mull2	r0,-624(fp)
+	addl3	-612(fp),-616(fp),r0
+	bicl3	#0,r0,-612(fp)
+	cmpl	-612(fp),-616(fp)
+	bgequ	noname.197
+	addl2	#65536,-624(fp)
+noname.197:
+	movzwl	-610(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-624(fp)
+	bicl3	#-65536,-612(fp),r0
+	ashl	#16,r0,-616(fp)
+	addl3	-616(fp),-620(fp),r0
+	bicl3	#0,r0,-620(fp)
+	cmpl	-620(fp),-616(fp)
+	bgequ	noname.198
+	incl	-624(fp)
+noname.198:
+	movl	-620(fp),r1
+	movl	-624(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.199
+	incl	r2
+noname.199:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.200
+	incl	r8
+noname.200:
+
+	movzwl	18(r6),r2
+	bicl3	#-65536,16(r7),r3
+	movzwl	18(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,16(r6),-636(fp)
+	bicl3	#-65536,r2,-640(fp)
+	mull3	r0,-636(fp),-628(fp)
+	mull2	r3,-636(fp)
+	mull3	r3,-640(fp),-632(fp)
+	mull2	r0,-640(fp)
+	addl3	-628(fp),-632(fp),r0
+	bicl3	#0,r0,-628(fp)
+	cmpl	-628(fp),-632(fp)
+	bgequ	noname.201
+	addl2	#65536,-640(fp)
+noname.201:
+	movzwl	-626(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-640(fp)
+	bicl3	#-65536,-628(fp),r0
+	ashl	#16,r0,-632(fp)
+	addl3	-632(fp),-636(fp),r0
+	bicl3	#0,r0,-636(fp)
+	cmpl	-636(fp),-632(fp)
+	bgequ	noname.202
+	incl	-640(fp)
+noname.202:
+	movl	-636(fp),r1
+	movl	-640(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.203
+	incl	r2
+noname.203:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.204
+	incl	r8
+noname.204:
+
+	movzwl	14(r6),r2
+	bicl3	#-65536,20(r7),r3
+	movzwl	22(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,12(r6),-652(fp)
+	bicl3	#-65536,r2,-656(fp)
+	mull3	r0,-652(fp),-644(fp)
+	mull2	r3,-652(fp)
+	mull3	r3,-656(fp),-648(fp)
+	mull2	r0,-656(fp)
+	addl3	-644(fp),-648(fp),r0
+	bicl3	#0,r0,-644(fp)
+	cmpl	-644(fp),-648(fp)
+	bgequ	noname.205
+	addl2	#65536,-656(fp)
+noname.205:
+	movzwl	-642(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-656(fp)
+	bicl3	#-65536,-644(fp),r0
+	ashl	#16,r0,-648(fp)
+	addl3	-648(fp),-652(fp),r0
+	bicl3	#0,r0,-652(fp)
+	cmpl	-652(fp),-648(fp)
+	bgequ	noname.206
+	incl	-656(fp)
+noname.206:
+	movl	-652(fp),r1
+	movl	-656(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.207
+	incl	r2
+noname.207:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.208
+	incl	r8
+noname.208:
+
+	movzwl	10(r6),r2
+	bicl3	#-65536,24(r7),r3
+	movzwl	26(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,8(r6),-668(fp)
+	bicl3	#-65536,r2,-672(fp)
+	mull3	r0,-668(fp),-660(fp)
+	mull2	r3,-668(fp)
+	mull3	r3,-672(fp),-664(fp)
+	mull2	r0,-672(fp)
+	addl3	-660(fp),-664(fp),r0
+	bicl3	#0,r0,-660(fp)
+	cmpl	-660(fp),-664(fp)
+	bgequ	noname.209
+	addl2	#65536,-672(fp)
+noname.209:
+	movzwl	-658(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-672(fp)
+	bicl3	#-65536,-660(fp),r0
+	ashl	#16,r0,-664(fp)
+	addl3	-664(fp),-668(fp),r0
+	bicl3	#0,r0,-668(fp)
+	cmpl	-668(fp),-664(fp)
+	bgequ	noname.210
+	incl	-672(fp)
+noname.210:
+	movl	-668(fp),r1
+	movl	-672(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.211
+	incl	r2
+noname.211:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.212
+	incl	r8
+noname.212:
+
+	movzwl	6(r6),r2
+	bicl3	#-65536,28(r7),r3
+	movzwl	30(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,4(r6),-684(fp)
+	bicl3	#-65536,r2,-688(fp)
+	mull3	r0,-684(fp),-676(fp)
+	mull2	r3,-684(fp)
+	mull3	r3,-688(fp),-680(fp)
+	mull2	r0,-688(fp)
+	addl3	-676(fp),-680(fp),r0
+	bicl3	#0,r0,-676(fp)
+	cmpl	-676(fp),-680(fp)
+	bgequ	noname.213
+	addl2	#65536,-688(fp)
+noname.213:
+	movzwl	-674(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-688(fp)
+	bicl3	#-65536,-676(fp),r0
+	ashl	#16,r0,-680(fp)
+	addl3	-680(fp),-684(fp),r0
+	bicl3	#0,r0,-684(fp)
+	cmpl	-684(fp),-680(fp)
+	bgequ	noname.214
+	incl	-688(fp)
+noname.214:
+	movl	-684(fp),r1
+	movl	-688(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.215
+	incl	r2
+noname.215:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.216
+	incl	r8
+noname.216:
+
+	movl	r10,32(r11)
+
+	clrl	r10
+
+	movzwl	10(r6),r2
+	bicl3	#-65536,28(r7),r3
+	movzwl	30(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,8(r6),-700(fp)
+	bicl3	#-65536,r2,-704(fp)
+	mull3	r0,-700(fp),-692(fp)
+	mull2	r3,-700(fp)
+	mull3	r3,-704(fp),-696(fp)
+	mull2	r0,-704(fp)
+	addl3	-692(fp),-696(fp),r0
+	bicl3	#0,r0,-692(fp)
+	cmpl	-692(fp),-696(fp)
+	bgequ	noname.217
+	addl2	#65536,-704(fp)
+noname.217:
+	movzwl	-690(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-704(fp)
+	bicl3	#-65536,-692(fp),r0
+	ashl	#16,r0,-696(fp)
+	addl3	-696(fp),-700(fp),r0
+	bicl3	#0,r0,-700(fp)
+	cmpl	-700(fp),-696(fp)
+	bgequ	noname.218
+	incl	-704(fp)
+noname.218:
+	movl	-700(fp),r1
+	movl	-704(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.219
+	incl	r2
+noname.219:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.220
+	incl	r10
+noname.220:
+
+	movzwl	14(r6),r2
+	bicl3	#-65536,24(r7),r3
+	movzwl	26(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,12(r6),-716(fp)
+	bicl3	#-65536,r2,-720(fp)
+	mull3	r0,-716(fp),-708(fp)
+	mull2	r3,-716(fp)
+	mull3	r3,-720(fp),-712(fp)
+	mull2	r0,-720(fp)
+	addl3	-708(fp),-712(fp),r0
+	bicl3	#0,r0,-708(fp)
+	cmpl	-708(fp),-712(fp)
+	bgequ	noname.221
+	addl2	#65536,-720(fp)
+noname.221:
+	movzwl	-706(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-720(fp)
+	bicl3	#-65536,-708(fp),r0
+	ashl	#16,r0,-712(fp)
+	addl3	-712(fp),-716(fp),r0
+	bicl3	#0,r0,-716(fp)
+	cmpl	-716(fp),-712(fp)
+	bgequ	noname.222
+	incl	-720(fp)
+noname.222:
+	movl	-716(fp),r1
+	movl	-720(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.223
+	incl	r2
+noname.223:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.224
+	incl	r10
+noname.224:
+
+	movzwl	18(r6),r2
+	bicl3	#-65536,20(r7),r3
+	movzwl	22(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,16(r6),-732(fp)
+	bicl3	#-65536,r2,-736(fp)
+	mull3	r0,-732(fp),-724(fp)
+	mull2	r3,-732(fp)
+	mull3	r3,-736(fp),-728(fp)
+	mull2	r0,-736(fp)
+	addl3	-724(fp),-728(fp),r0
+	bicl3	#0,r0,-724(fp)
+	cmpl	-724(fp),-728(fp)
+	bgequ	noname.225
+	addl2	#65536,-736(fp)
+noname.225:
+	movzwl	-722(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-736(fp)
+	bicl3	#-65536,-724(fp),r0
+	ashl	#16,r0,-728(fp)
+	addl3	-728(fp),-732(fp),r0
+	bicl3	#0,r0,-732(fp)
+	cmpl	-732(fp),-728(fp)
+	bgequ	noname.226
+	incl	-736(fp)
+noname.226:
+	movl	-732(fp),r1
+	movl	-736(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.227
+	incl	r2
+noname.227:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.228
+	incl	r10
+noname.228:
+
+	movzwl	22(r6),r2
+	bicl3	#-65536,16(r7),r3
+	movzwl	18(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,20(r6),-748(fp)
+	bicl3	#-65536,r2,-752(fp)
+	mull3	r0,-748(fp),-740(fp)
+	mull2	r3,-748(fp)
+	mull3	r3,-752(fp),-744(fp)
+	mull2	r0,-752(fp)
+	addl3	-740(fp),-744(fp),r0
+	bicl3	#0,r0,-740(fp)
+	cmpl	-740(fp),-744(fp)
+	bgequ	noname.229
+	addl2	#65536,-752(fp)
+noname.229:
+	movzwl	-738(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-752(fp)
+	bicl3	#-65536,-740(fp),r0
+	ashl	#16,r0,-744(fp)
+	addl3	-744(fp),-748(fp),r0
+	bicl3	#0,r0,-748(fp)
+	cmpl	-748(fp),-744(fp)
+	bgequ	noname.230
+	incl	-752(fp)
+noname.230:
+	movl	-748(fp),r1
+	movl	-752(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.231
+	incl	r2
+noname.231:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.232
+	incl	r10
+noname.232:
+
+	movzwl	26(r6),r2
+	bicl3	#-65536,12(r7),r3
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,24(r6),-764(fp)
+	bicl3	#-65536,r2,-768(fp)
+	mull3	r0,-764(fp),-756(fp)
+	mull2	r3,-764(fp)
+	mull3	r3,-768(fp),-760(fp)
+	mull2	r0,-768(fp)
+	addl3	-756(fp),-760(fp),r0
+	bicl3	#0,r0,-756(fp)
+	cmpl	-756(fp),-760(fp)
+	bgequ	noname.233
+	addl2	#65536,-768(fp)
+noname.233:
+	movzwl	-754(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-768(fp)
+	bicl3	#-65536,-756(fp),r0
+	ashl	#16,r0,-760(fp)
+	addl3	-760(fp),-764(fp),r0
+	bicl3	#0,r0,-764(fp)
+	cmpl	-764(fp),-760(fp)
+	bgequ	noname.234
+	incl	-768(fp)
+noname.234:
+	movl	-764(fp),r1
+	movl	-768(fp),r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.235
+	incl	r2
+noname.235:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.236
+	incl	r10
+noname.236:
+
+	bicl3	#-65536,28(r6),r3
+	movzwl	30(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,8(r7),r2
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-772(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-776(fp)
+	mull2	r0,r4
+	addl3	-772(fp),-776(fp),r0
+	bicl3	#0,r0,-772(fp)
+	cmpl	-772(fp),-776(fp)
+	bgequ	noname.237
+	addl2	#65536,r4
+noname.237:
+	movzwl	-770(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-772(fp),r0
+	ashl	#16,r0,-776(fp)
+	addl2	-776(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-776(fp)
+	bgequ	noname.238
+	incl	r4
+noname.238:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.239
+	incl	r2
+noname.239:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.240
+	incl	r10
+noname.240:
+
+	movl	r9,36(r11)
+
+	clrl	r9
+
+	bicl3	#-65536,28(r6),r3
+	movzwl	30(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,12(r7),r2
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-780(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-784(fp)
+	mull2	r0,r4
+	addl3	-780(fp),-784(fp),r0
+	bicl3	#0,r0,-780(fp)
+	cmpl	-780(fp),-784(fp)
+	bgequ	noname.241
+	addl2	#65536,r4
+noname.241:
+	movzwl	-778(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-780(fp),r0
+	ashl	#16,r0,-784(fp)
+	addl2	-784(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-784(fp)
+	bgequ	noname.242
+	incl	r4
+noname.242:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.243
+	incl	r2
+noname.243:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.244
+	incl	r9
+noname.244:
+
+	bicl3	#-65536,24(r6),r3
+	movzwl	26(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,16(r7),r2
+	movzwl	18(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-788(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-792(fp)
+	mull2	r0,r4
+	addl3	-788(fp),-792(fp),r0
+	bicl3	#0,r0,-788(fp)
+	cmpl	-788(fp),-792(fp)
+	bgequ	noname.245
+	addl2	#65536,r4
+noname.245:
+	movzwl	-786(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-788(fp),r0
+	ashl	#16,r0,-792(fp)
+	addl2	-792(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-792(fp)
+	bgequ	noname.246
+	incl	r4
+noname.246:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.247
+	incl	r2
+noname.247:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.248
+	incl	r9
+noname.248:
+
+	bicl3	#-65536,20(r6),r3
+	movzwl	22(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,20(r7),r2
+	movzwl	22(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-796(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-800(fp)
+	mull2	r0,r4
+	addl3	-796(fp),-800(fp),r0
+	bicl3	#0,r0,-796(fp)
+	cmpl	-796(fp),-800(fp)
+	bgequ	noname.249
+	addl2	#65536,r4
+noname.249:
+	movzwl	-794(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-796(fp),r0
+	ashl	#16,r0,-800(fp)
+	addl2	-800(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-800(fp)
+	bgequ	noname.250
+	incl	r4
+noname.250:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.251
+	incl	r2
+noname.251:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.252
+	incl	r9
+noname.252:
+
+	bicl3	#-65536,16(r6),r3
+	movzwl	18(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,24(r7),r2
+	movzwl	26(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-804(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-808(fp)
+	mull2	r0,r4
+	addl3	-804(fp),-808(fp),r0
+	bicl3	#0,r0,-804(fp)
+	cmpl	-804(fp),-808(fp)
+	bgequ	noname.253
+	addl2	#65536,r4
+noname.253:
+	movzwl	-802(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-804(fp),r0
+	ashl	#16,r0,-808(fp)
+	addl2	-808(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-808(fp)
+	bgequ	noname.254
+	incl	r4
+noname.254:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.255
+	incl	r2
+noname.255:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.256
+	incl	r9
+noname.256:
+
+	bicl3	#-65536,12(r6),r3
+	movzwl	14(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,28(r7),r2
+	movzwl	30(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-812(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-816(fp)
+	mull2	r0,r4
+	addl3	-812(fp),-816(fp),r0
+	bicl3	#0,r0,-812(fp)
+	cmpl	-812(fp),-816(fp)
+	bgequ	noname.257
+	addl2	#65536,r4
+noname.257:
+	movzwl	-810(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-812(fp),r0
+	ashl	#16,r0,-816(fp)
+	addl2	-816(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-816(fp)
+	bgequ	noname.258
+	incl	r4
+noname.258:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.259
+	incl	r2
+noname.259:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.260
+	incl	r9
+noname.260:
+
+	movl	r8,40(r11)
+
+	clrl	r8
+
+	bicl3	#-65536,16(r6),r3
+	movzwl	18(r6),r2
+	bicl3	#-65536,28(r7),r1
+	movzwl	30(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r4
+	bicl3	#-65536,r2,-828(fp)
+	mull3	r0,r4,-820(fp)
+	mull2	r1,r4
+	mull3	r1,-828(fp),-824(fp)
+	mull2	r0,-828(fp)
+	addl3	-820(fp),-824(fp),r0
+	bicl3	#0,r0,-820(fp)
+	cmpl	-820(fp),-824(fp)
+	bgequ	noname.261
+	addl2	#65536,-828(fp)
+noname.261:
+	movzwl	-818(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-828(fp)
+	bicl3	#-65536,-820(fp),r0
+	ashl	#16,r0,-824(fp)
+	addl2	-824(fp),r4
+	bicl2	#0,r4
+	cmpl	r4,-824(fp)
+	bgequ	noname.262
+	incl	-828(fp)
+noname.262:
+	movl	r4,r1
+	movl	-828(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.263
+	incl	r2
+noname.263:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.264
+	incl	r8
+noname.264:
+
+	movzwl	22(r6),r2
+	bicl3	#-65536,24(r7),r3
+	movzwl	26(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,20(r6),-840(fp)
+	bicl3	#-65536,r2,-844(fp)
+	mull3	r0,-840(fp),-832(fp)
+	mull2	r3,-840(fp)
+	mull3	r3,-844(fp),-836(fp)
+	mull2	r0,-844(fp)
+	addl3	-832(fp),-836(fp),r0
+	bicl3	#0,r0,-832(fp)
+	cmpl	-832(fp),-836(fp)
+	bgequ	noname.265
+	addl2	#65536,-844(fp)
+noname.265:
+	movzwl	-830(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-844(fp)
+	bicl3	#-65536,-832(fp),r0
+	ashl	#16,r0,-836(fp)
+	addl3	-836(fp),-840(fp),r0
+	bicl3	#0,r0,-840(fp)
+	cmpl	-840(fp),-836(fp)
+	bgequ	noname.266
+	incl	-844(fp)
+noname.266:
+	movl	-840(fp),r1
+	movl	-844(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.267
+	incl	r2
+noname.267:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.268
+	incl	r8
+noname.268:
+
+	bicl3	#-65536,24(r6),r3
+	movzwl	26(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,20(r7),r2
+	movzwl	22(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-848(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-852(fp)
+	mull2	r0,r4
+	addl3	-848(fp),-852(fp),r0
+	bicl3	#0,r0,-848(fp)
+	cmpl	-848(fp),-852(fp)
+	bgequ	noname.269
+	addl2	#65536,r4
+noname.269:
+	movzwl	-846(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-848(fp),r0
+	ashl	#16,r0,-852(fp)
+	addl2	-852(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-852(fp)
+	bgequ	noname.270
+	incl	r4
+noname.270:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.271
+	incl	r2
+noname.271:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.272
+	incl	r8
+noname.272:
+
+	bicl3	#-65536,28(r6),r3
+	movzwl	30(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,16(r7),r2
+	movzwl	18(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-856(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-860(fp)
+	mull2	r0,r4
+	addl3	-856(fp),-860(fp),r0
+	bicl3	#0,r0,-856(fp)
+	cmpl	-856(fp),-860(fp)
+	bgequ	noname.273
+	addl2	#65536,r4
+noname.273:
+	movzwl	-854(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-856(fp),r0
+	ashl	#16,r0,-860(fp)
+	addl2	-860(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-860(fp)
+	bgequ	noname.274
+	incl	r4
+noname.274:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.275
+	incl	r2
+noname.275:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.276
+	incl	r8
+noname.276:
+
+	movl	r10,44(r11)
+
+	clrl	r10
+
+	bicl3	#-65536,28(r6),r3
+	movzwl	30(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,20(r7),r2
+	movzwl	22(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-864(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-868(fp)
+	mull2	r0,r4
+	addl3	-864(fp),-868(fp),r0
+	bicl3	#0,r0,-864(fp)
+	cmpl	-864(fp),-868(fp)
+	bgequ	noname.277
+	addl2	#65536,r4
+noname.277:
+	movzwl	-862(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-864(fp),r0
+	ashl	#16,r0,-868(fp)
+	addl2	-868(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-868(fp)
+	bgequ	noname.278
+	incl	r4
+noname.278:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.279
+	incl	r2
+noname.279:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.280
+	incl	r10
+noname.280:
+
+	bicl3	#-65536,24(r6),r3
+	movzwl	26(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,24(r7),r2
+	movzwl	26(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-872(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-876(fp)
+	mull2	r0,r4
+	addl3	-872(fp),-876(fp),r0
+	bicl3	#0,r0,-872(fp)
+	cmpl	-872(fp),-876(fp)
+	bgequ	noname.281
+	addl2	#65536,r4
+noname.281:
+	movzwl	-870(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-872(fp),r0
+	ashl	#16,r0,-876(fp)
+	addl2	-876(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-876(fp)
+	bgequ	noname.282
+	incl	r4
+noname.282:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.283
+	incl	r2
+noname.283:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.284
+	incl	r10
+noname.284:
+
+	bicl3	#-65536,20(r6),r3
+	movzwl	22(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,28(r7),r2
+	movzwl	30(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-880(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-884(fp)
+	mull2	r0,r4
+	addl3	-880(fp),-884(fp),r0
+	bicl3	#0,r0,-880(fp)
+	cmpl	-880(fp),-884(fp)
+	bgequ	noname.285
+	addl2	#65536,r4
+noname.285:
+	movzwl	-878(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-880(fp),r0
+	ashl	#16,r0,-884(fp)
+	addl2	-884(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-884(fp)
+	bgequ	noname.286
+	incl	r4
+noname.286:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.287
+	incl	r2
+noname.287:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.288
+	incl	r10
+noname.288:
+
+	movl	r9,48(r11)
+
+	clrl	r9
+
+	bicl3	#-65536,24(r6),r3
+	movzwl	26(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,28(r7),r2
+	movzwl	30(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-888(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-892(fp)
+	mull2	r0,r4
+	addl3	-888(fp),-892(fp),r0
+	bicl3	#0,r0,-888(fp)
+	cmpl	-888(fp),-892(fp)
+	bgequ	noname.289
+	addl2	#65536,r4
+noname.289:
+	movzwl	-886(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-888(fp),r0
+	ashl	#16,r0,-892(fp)
+	addl2	-892(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-892(fp)
+	bgequ	noname.290
+	incl	r4
+noname.290:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.291
+	incl	r2
+noname.291:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.292
+	incl	r9
+noname.292:
+
+	movzwl	30(r6),r2
+	bicl3	#-65536,24(r7),r3
+	movzwl	26(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,28(r6),-904(fp)
+	bicl3	#-65536,r2,-908(fp)
+	mull3	r0,-904(fp),-896(fp)
+	mull2	r3,-904(fp)
+	mull3	r3,-908(fp),-900(fp)
+	mull2	r0,-908(fp)
+	addl3	-896(fp),-900(fp),r0
+	bicl3	#0,r0,-896(fp)
+	cmpl	-896(fp),-900(fp)
+	bgequ	noname.293
+	addl2	#65536,-908(fp)
+noname.293:
+	movzwl	-894(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-908(fp)
+	bicl3	#-65536,-896(fp),r0
+	ashl	#16,r0,-900(fp)
+	addl3	-900(fp),-904(fp),r0
+	bicl3	#0,r0,-904(fp)
+	cmpl	-904(fp),-900(fp)
+	bgequ	noname.294
+	incl	-908(fp)
+noname.294:
+	movl	-904(fp),r1
+	movl	-908(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.295
+	incl	r2
+noname.295:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.296
+	incl	r9
+noname.296:
+
+	movl	r8,52(r11)
+
+	clrl	r8
+
+	movzwl	30(r6),r2
+	bicl3	#-65536,28(r7),r3
+	movzwl	30(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,28(r6),-920(fp)
+	bicl3	#-65536,r2,-924(fp)
+	mull3	r0,-920(fp),-912(fp)
+	mull2	r3,-920(fp)
+	mull3	r3,-924(fp),-916(fp)
+	mull2	r0,-924(fp)
+	addl3	-912(fp),-916(fp),r0
+	bicl3	#0,r0,-912(fp)
+	cmpl	-912(fp),-916(fp)
+	bgequ	noname.297
+	addl2	#65536,-924(fp)
+noname.297:
+	movzwl	-910(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-924(fp)
+	bicl3	#-65536,-912(fp),r0
+	ashl	#16,r0,-916(fp)
+	addl3	-916(fp),-920(fp),r0
+	bicl3	#0,r0,-920(fp)
+	cmpl	-920(fp),-916(fp)
+	bgequ	noname.298
+	incl	-924(fp)
+noname.298:
+	movl	-920(fp),r1
+	movl	-924(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.299
+	incl	r2
+noname.299:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.300
+	incl	r8
+noname.300:
+
+	movl	r10,56(r11)
+
+	movl	r9,60(r11)
+
+	ret	
+
+
+
+;r=4 ;(AP)
+;a=8 ;(AP)
+;b=12 ;(AP)
+;n=16 ;(AP)	n	by value (input)
+
+	.psect	code,nowrt
+
+.entry	BN_MUL_COMBA4,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10,r11>
+	movab	-156(sp),sp
+
+	clrq	r9
+
+	clrl	r8
+
+	movl	8(ap),r6
+	bicl3	#-65536,(r6),r3
+	movzwl	2(r6),r2
+	bicl2	#-65536,r2
+	movl	12(ap),r7
+	bicl3	#-65536,(r7),r1
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r2,r4
+	mull3	r0,r5,-4(fp)
+	mull2	r1,r5
+	mull3	r1,r4,-8(fp)
+	mull2	r0,r4
+	addl3	-4(fp),-8(fp),r0
+	bicl3	#0,r0,-4(fp)
+	cmpl	-4(fp),-8(fp)
+	bgequ	noname.303
+	addl2	#65536,r4
+noname.303:
+	movzwl	-2(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-4(fp),r0
+	ashl	#16,r0,-8(fp)
+	addl2	-8(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-8(fp)
+	bgequ	noname.304
+	incl	r4
+noname.304:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.305
+	incl	r2
+noname.305:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.306
+	incl	r8
+noname.306:
+
+	movl	4(ap),r11
+	movl	r10,(r11)
+
+	clrl	r10
+
+	bicl3	#-65536,(r6),r3
+	movzwl	2(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,4(r7),r2
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-12(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-16(fp)
+	mull2	r0,r4
+	addl3	-12(fp),-16(fp),r0
+	bicl3	#0,r0,-12(fp)
+	cmpl	-12(fp),-16(fp)
+	bgequ	noname.307
+	addl2	#65536,r4
+noname.307:
+	movzwl	-10(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-12(fp),r0
+	ashl	#16,r0,-16(fp)
+	addl2	-16(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-16(fp)
+	bgequ	noname.308
+	incl	r4
+noname.308:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.309
+	incl	r2
+noname.309:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.310
+	incl	r10
+noname.310:
+
+	bicl3	#-65536,4(r6),r3
+	movzwl	6(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,(r7),r2
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-20(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-24(fp)
+	mull2	r0,r4
+	addl3	-20(fp),-24(fp),r0
+	bicl3	#0,r0,-20(fp)
+	cmpl	-20(fp),-24(fp)
+	bgequ	noname.311
+	addl2	#65536,r4
+noname.311:
+	movzwl	-18(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-20(fp),r0
+	ashl	#16,r0,-24(fp)
+	addl2	-24(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-24(fp)
+	bgequ	noname.312
+	incl	r4
+noname.312:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.313
+	incl	r2
+noname.313:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.314
+	incl	r10
+noname.314:
+
+	movl	r9,4(r11)
+
+	clrl	r9
+
+	bicl3	#-65536,8(r6),r3
+	movzwl	10(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,(r7),r2
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-28(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-32(fp)
+	mull2	r0,r4
+	addl3	-28(fp),-32(fp),r0
+	bicl3	#0,r0,-28(fp)
+	cmpl	-28(fp),-32(fp)
+	bgequ	noname.315
+	addl2	#65536,r4
+noname.315:
+	movzwl	-26(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-28(fp),r0
+	ashl	#16,r0,-32(fp)
+	addl2	-32(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-32(fp)
+	bgequ	noname.316
+	incl	r4
+noname.316:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.317
+	incl	r2
+noname.317:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.318
+	incl	r9
+noname.318:
+
+	bicl3	#-65536,4(r6),r3
+	movzwl	6(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,4(r7),r2
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-36(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-40(fp)
+	mull2	r0,r4
+	addl3	-36(fp),-40(fp),r0
+	bicl3	#0,r0,-36(fp)
+	cmpl	-36(fp),-40(fp)
+	bgequ	noname.319
+	addl2	#65536,r4
+noname.319:
+	movzwl	-34(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-36(fp),r0
+	ashl	#16,r0,-40(fp)
+	addl2	-40(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-40(fp)
+	bgequ	noname.320
+	incl	r4
+noname.320:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.321
+	incl	r2
+noname.321:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.322
+	incl	r9
+noname.322:
+
+	bicl3	#-65536,(r6),r3
+	movzwl	2(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,8(r7),r2
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-44(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-48(fp)
+	mull2	r0,r4
+	addl3	-44(fp),-48(fp),r0
+	bicl3	#0,r0,-44(fp)
+	cmpl	-44(fp),-48(fp)
+	bgequ	noname.323
+	addl2	#65536,r4
+noname.323:
+	movzwl	-42(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-44(fp),r0
+	ashl	#16,r0,-48(fp)
+	addl2	-48(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-48(fp)
+	bgequ	noname.324
+	incl	r4
+noname.324:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.325
+	incl	r2
+noname.325:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.326
+	incl	r9
+noname.326:
+
+	movl	r8,8(r11)
+
+	clrl	r8
+
+	bicl3	#-65536,(r6),r3
+	movzwl	2(r6),r2
+	bicl3	#-65536,12(r7),r1
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r4
+	bicl3	#-65536,r2,-60(fp)
+	mull3	r0,r4,-52(fp)
+	mull2	r1,r4
+	mull3	r1,-60(fp),-56(fp)
+	mull2	r0,-60(fp)
+	addl3	-52(fp),-56(fp),r0
+	bicl3	#0,r0,-52(fp)
+	cmpl	-52(fp),-56(fp)
+	bgequ	noname.327
+	addl2	#65536,-60(fp)
+noname.327:
+	movzwl	-50(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-60(fp)
+	bicl3	#-65536,-52(fp),r0
+	ashl	#16,r0,-56(fp)
+	addl2	-56(fp),r4
+	bicl2	#0,r4
+	cmpl	r4,-56(fp)
+	bgequ	noname.328
+	incl	-60(fp)
+noname.328:
+	movl	r4,r1
+	movl	-60(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.329
+	incl	r2
+noname.329:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.330
+	incl	r8
+noname.330:
+
+	movzwl	6(r6),r2
+	bicl3	#-65536,8(r7),r3
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,4(r6),-72(fp)
+	bicl3	#-65536,r2,-76(fp)
+	mull3	r0,-72(fp),-64(fp)
+	mull2	r3,-72(fp)
+	mull3	r3,-76(fp),-68(fp)
+	mull2	r0,-76(fp)
+	addl3	-64(fp),-68(fp),r0
+	bicl3	#0,r0,-64(fp)
+	cmpl	-64(fp),-68(fp)
+	bgequ	noname.331
+	addl2	#65536,-76(fp)
+noname.331:
+	movzwl	-62(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-76(fp)
+	bicl3	#-65536,-64(fp),r0
+	ashl	#16,r0,-68(fp)
+	addl3	-68(fp),-72(fp),r0
+	bicl3	#0,r0,-72(fp)
+	cmpl	-72(fp),-68(fp)
+	bgequ	noname.332
+	incl	-76(fp)
+noname.332:
+	movl	-72(fp),r1
+	movl	-76(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.333
+	incl	r2
+noname.333:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.334
+	incl	r8
+noname.334:
+
+	bicl3	#-65536,8(r6),r3
+	movzwl	10(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,4(r7),r2
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-80(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-84(fp)
+	mull2	r0,r4
+	addl3	-80(fp),-84(fp),r0
+	bicl3	#0,r0,-80(fp)
+	cmpl	-80(fp),-84(fp)
+	bgequ	noname.335
+	addl2	#65536,r4
+noname.335:
+	movzwl	-78(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-80(fp),r0
+	ashl	#16,r0,-84(fp)
+	addl2	-84(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-84(fp)
+	bgequ	noname.336
+	incl	r4
+noname.336:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.337
+	incl	r2
+noname.337:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.338
+	incl	r8
+noname.338:
+
+	bicl3	#-65536,12(r6),r3
+	movzwl	14(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,(r7),r2
+	movzwl	2(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-88(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-92(fp)
+	mull2	r0,r4
+	addl3	-88(fp),-92(fp),r0
+	bicl3	#0,r0,-88(fp)
+	cmpl	-88(fp),-92(fp)
+	bgequ	noname.339
+	addl2	#65536,r4
+noname.339:
+	movzwl	-86(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-88(fp),r0
+	ashl	#16,r0,-92(fp)
+	addl2	-92(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-92(fp)
+	bgequ	noname.340
+	incl	r4
+noname.340:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.341
+	incl	r2
+noname.341:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.342
+	incl	r8
+noname.342:
+
+	movl	r10,12(r11)
+
+	clrl	r10
+
+	bicl3	#-65536,12(r6),r3
+	movzwl	14(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,4(r7),r2
+	movzwl	6(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-96(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-100(fp)
+	mull2	r0,r4
+	addl3	-96(fp),-100(fp),r0
+	bicl3	#0,r0,-96(fp)
+	cmpl	-96(fp),-100(fp)
+	bgequ	noname.343
+	addl2	#65536,r4
+noname.343:
+	movzwl	-94(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-96(fp),r0
+	ashl	#16,r0,-100(fp)
+	addl2	-100(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-100(fp)
+	bgequ	noname.344
+	incl	r4
+noname.344:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.345
+	incl	r2
+noname.345:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.346
+	incl	r10
+noname.346:
+
+	bicl3	#-65536,8(r6),r3
+	movzwl	10(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,8(r7),r2
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-104(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-108(fp)
+	mull2	r0,r4
+	addl3	-104(fp),-108(fp),r0
+	bicl3	#0,r0,-104(fp)
+	cmpl	-104(fp),-108(fp)
+	bgequ	noname.347
+	addl2	#65536,r4
+noname.347:
+	movzwl	-102(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-104(fp),r0
+	ashl	#16,r0,-108(fp)
+	addl2	-108(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-108(fp)
+	bgequ	noname.348
+	incl	r4
+noname.348:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.349
+	incl	r2
+noname.349:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.350
+	incl	r10
+noname.350:
+
+	bicl3	#-65536,4(r6),r3
+	movzwl	6(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,12(r7),r2
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-112(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-116(fp)
+	mull2	r0,r4
+	addl3	-112(fp),-116(fp),r0
+	bicl3	#0,r0,-112(fp)
+	cmpl	-112(fp),-116(fp)
+	bgequ	noname.351
+	addl2	#65536,r4
+noname.351:
+	movzwl	-110(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-112(fp),r0
+	ashl	#16,r0,-116(fp)
+	addl2	-116(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-116(fp)
+	bgequ	noname.352
+	incl	r4
+noname.352:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.353
+	incl	r2
+noname.353:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.354
+	incl	r10
+noname.354:
+
+	movl	r9,16(r11)
+
+	clrl	r9
+
+	bicl3	#-65536,8(r6),r3
+	movzwl	10(r6),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,12(r7),r2
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-120(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-124(fp)
+	mull2	r0,r4
+	addl3	-120(fp),-124(fp),r0
+	bicl3	#0,r0,-120(fp)
+	cmpl	-120(fp),-124(fp)
+	bgequ	noname.355
+	addl2	#65536,r4
+noname.355:
+	movzwl	-118(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-120(fp),r0
+	ashl	#16,r0,-124(fp)
+	addl2	-124(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-124(fp)
+	bgequ	noname.356
+	incl	r4
+noname.356:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.357
+	incl	r2
+noname.357:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.358
+	incl	r9
+noname.358:
+
+	movzwl	14(r6),r2
+	bicl3	#-65536,8(r7),r3
+	movzwl	10(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,12(r6),-136(fp)
+	bicl3	#-65536,r2,-140(fp)
+	mull3	r0,-136(fp),-128(fp)
+	mull2	r3,-136(fp)
+	mull3	r3,-140(fp),-132(fp)
+	mull2	r0,-140(fp)
+	addl3	-128(fp),-132(fp),r0
+	bicl3	#0,r0,-128(fp)
+	cmpl	-128(fp),-132(fp)
+	bgequ	noname.359
+	addl2	#65536,-140(fp)
+noname.359:
+	movzwl	-126(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-140(fp)
+	bicl3	#-65536,-128(fp),r0
+	ashl	#16,r0,-132(fp)
+	addl3	-132(fp),-136(fp),r0
+	bicl3	#0,r0,-136(fp)
+	cmpl	-136(fp),-132(fp)
+	bgequ	noname.360
+	incl	-140(fp)
+noname.360:
+	movl	-136(fp),r1
+	movl	-140(fp),r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.361
+	incl	r2
+noname.361:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.362
+	incl	r9
+noname.362:
+
+	movl	r8,20(r11)
+
+	clrl	r8
+
+	movzwl	14(r6),r2
+	bicl3	#-65536,12(r7),r3
+	movzwl	14(r7),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,12(r6),-152(fp)
+	bicl3	#-65536,r2,-156(fp)
+	mull3	r0,-152(fp),-144(fp)
+	mull2	r3,-152(fp)
+	mull3	r3,-156(fp),-148(fp)
+	mull2	r0,-156(fp)
+	addl3	-144(fp),-148(fp),r0
+	bicl3	#0,r0,-144(fp)
+	cmpl	-144(fp),-148(fp)
+	bgequ	noname.363
+	addl2	#65536,-156(fp)
+noname.363:
+	movzwl	-142(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-156(fp)
+	bicl3	#-65536,-144(fp),r0
+	ashl	#16,r0,-148(fp)
+	addl3	-148(fp),-152(fp),r0
+	bicl3	#0,r0,-152(fp)
+	cmpl	-152(fp),-148(fp)
+	bgequ	noname.364
+	incl	-156(fp)
+noname.364:
+	movl	-152(fp),r1
+	movl	-156(fp),r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.365
+	incl	r2
+noname.365:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.366
+	incl	r8
+noname.366:
+
+	movl	r10,24(r11)
+
+	movl	r9,28(r11)
+
+	ret	
+
+
+
+;r=4 ;(AP)
+;a=8 ;(AP)
+;b=12 ;(AP)
+;n=16 ;(AP)	n	by value (input)
+
+	.psect	code,nowrt
+
+.entry	BN_SQR_COMBA8,^m<r2,r3,r4,r5,r6,r7,r8,r9>
+	movab	-444(sp),sp
+
+	clrq	r8
+
+	clrl	r7
+
+	movl	8(ap),r4
+	movl	(r4),r3
+	bicl3	#-65536,r3,-4(fp)
+	extzv	#16,#16,r3,r0
+	bicl3	#-65536,r0,r3
+	movl	-4(fp),r0
+	mull3	r0,r3,-8(fp)
+	mull3	r0,r0,-4(fp)
+	mull2	r3,r3
+	bicl3	#32767,-8(fp),r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r3
+	bicl3	#-65536,-8(fp),r0
+	ashl	#17,r0,-8(fp)
+	addl3	-4(fp),-8(fp),r0
+	bicl3	#0,r0,-4(fp)
+	cmpl	-4(fp),-8(fp)
+	bgequ	noname.369
+	incl	r3
+noname.369:
+	movl	-4(fp),r1
+	movl	r3,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.370
+	incl	r2
+noname.370:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.371
+	incl	r7
+noname.371:
+
+	movl	r9,@4(ap)
+
+	clrl	r9
+
+	movzwl	6(r4),r2
+	bicl3	#-65536,(r4),r3
+	movzwl	2(r4),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,4(r4),-20(fp)
+	bicl3	#-65536,r2,-24(fp)
+	mull3	r0,-20(fp),-12(fp)
+	mull2	r3,-20(fp)
+	mull3	r3,-24(fp),-16(fp)
+	mull2	r0,-24(fp)
+	addl3	-12(fp),-16(fp),r0
+	bicl3	#0,r0,-12(fp)
+	cmpl	-12(fp),-16(fp)
+	bgequ	noname.372
+	addl2	#65536,-24(fp)
+noname.372:
+	movzwl	-10(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-24(fp)
+	bicl3	#-65536,-12(fp),r0
+	ashl	#16,r0,-16(fp)
+	addl3	-16(fp),-20(fp),r0
+	bicl3	#0,r0,-20(fp)
+	cmpl	-20(fp),-16(fp)
+	bgequ	noname.373
+	incl	-24(fp)
+noname.373:
+	movl	-20(fp),r3
+	movl	-24(fp),r2
+	bbc	#31,r2,noname.374
+	incl	r9
+noname.374:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.375
+	incl	r2
+noname.375:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.376
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.376
+	incl	r9
+noname.376:
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.377
+	incl	r9
+noname.377:
+
+	movl	4(ap),r0
+	movl	r8,4(r0)
+
+	clrl	r8
+
+	movl	8(ap),r4
+	movl	4(r4),r3
+	bicl3	#-65536,r3,-28(fp)
+	extzv	#16,#16,r3,r0
+	bicl3	#-65536,r0,r3
+	movl	-28(fp),r0
+	mull3	r0,r3,-32(fp)
+	mull3	r0,r0,-28(fp)
+	mull2	r3,r3
+	bicl3	#32767,-32(fp),r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r3
+	bicl3	#-65536,-32(fp),r0
+	ashl	#17,r0,-32(fp)
+	addl3	-28(fp),-32(fp),r0
+	bicl3	#0,r0,-28(fp)
+	cmpl	-28(fp),-32(fp)
+	bgequ	noname.378
+	incl	r3
+noname.378:
+	movl	-28(fp),r1
+	movl	r3,r2
+	addl2	r1,r7
+	bicl2	#0,r7
+	cmpl	r7,r1
+	bgequ	noname.379
+	incl	r2
+noname.379:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.380
+	incl	r8
+noname.380:
+
+	movzwl	10(r4),r2
+	bicl3	#-65536,(r4),r3
+	movzwl	2(r4),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,8(r4),-44(fp)
+	bicl3	#-65536,r2,-48(fp)
+	mull3	r0,-44(fp),-36(fp)
+	mull2	r3,-44(fp)
+	mull3	r3,-48(fp),-40(fp)
+	mull2	r0,-48(fp)
+	addl3	-36(fp),-40(fp),r0
+	bicl3	#0,r0,-36(fp)
+	cmpl	-36(fp),-40(fp)
+	bgequ	noname.381
+	addl2	#65536,-48(fp)
+noname.381:
+	movzwl	-34(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-48(fp)
+	bicl3	#-65536,-36(fp),r0
+	ashl	#16,r0,-40(fp)
+	addl3	-40(fp),-44(fp),r0
+	bicl3	#0,r0,-44(fp)
+	cmpl	-44(fp),-40(fp)
+	bgequ	noname.382
+	incl	-48(fp)
+noname.382:
+	movl	-44(fp),r3
+	movl	-48(fp),r2
+	bbc	#31,r2,noname.383
+	incl	r8
+noname.383:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.384
+	incl	r2
+noname.384:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r7
+	bicl2	#0,r7
+	cmpl	r7,r3
+	bgequ	noname.385
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.385
+	incl	r8
+noname.385:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.386
+	incl	r8
+noname.386:
+
+	movl	4(ap),r0
+	movl	r7,8(r0)
+
+	clrl	r7
+
+	movl	8(ap),r0
+	movzwl	14(r0),r2
+	bicl3	#-65536,(r0),r3
+	movzwl	2(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,12(r0),-60(fp)
+	bicl3	#-65536,r2,-64(fp)
+	mull3	r1,-60(fp),-52(fp)
+	mull2	r3,-60(fp)
+	mull3	r3,-64(fp),-56(fp)
+	mull2	r1,-64(fp)
+	addl3	-52(fp),-56(fp),r0
+	bicl3	#0,r0,-52(fp)
+	cmpl	-52(fp),-56(fp)
+	bgequ	noname.387
+	addl2	#65536,-64(fp)
+noname.387:
+	movzwl	-50(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-64(fp)
+	bicl3	#-65536,-52(fp),r0
+	ashl	#16,r0,-56(fp)
+	addl3	-56(fp),-60(fp),r0
+	bicl3	#0,r0,-60(fp)
+	cmpl	-60(fp),-56(fp)
+	bgequ	noname.388
+	incl	-64(fp)
+noname.388:
+	movl	-60(fp),r3
+	movl	-64(fp),r2
+	bbc	#31,r2,noname.389
+	incl	r7
+noname.389:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.390
+	incl	r2
+noname.390:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r9
+	bicl2	#0,r9
+	cmpl	r9,r3
+	bgequ	noname.391
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.391
+	incl	r7
+noname.391:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.392
+	incl	r7
+noname.392:
+
+	movl	8(ap),r0
+	movzwl	10(r0),r2
+	bicl3	#-65536,4(r0),r3
+	movzwl	6(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,8(r0),-76(fp)
+	bicl3	#-65536,r2,-80(fp)
+	mull3	r1,-76(fp),-68(fp)
+	mull2	r3,-76(fp)
+	mull3	r3,-80(fp),-72(fp)
+	mull2	r1,-80(fp)
+	addl3	-68(fp),-72(fp),r0
+	bicl3	#0,r0,-68(fp)
+	cmpl	-68(fp),-72(fp)
+	bgequ	noname.393
+	addl2	#65536,-80(fp)
+noname.393:
+	movzwl	-66(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-80(fp)
+	bicl3	#-65536,-68(fp),r0
+	ashl	#16,r0,-72(fp)
+	addl3	-72(fp),-76(fp),r0
+	bicl3	#0,r0,-76(fp)
+	cmpl	-76(fp),-72(fp)
+	bgequ	noname.394
+	incl	-80(fp)
+noname.394:
+	movl	-76(fp),r3
+	movl	-80(fp),r2
+	bbc	#31,r2,noname.395
+	incl	r7
+noname.395:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.396
+	incl	r2
+noname.396:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r9
+	bicl2	#0,r9
+	cmpl	r9,r3
+	bgequ	noname.397
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.397
+	incl	r7
+noname.397:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.398
+	incl	r7
+noname.398:
+
+	movl	4(ap),r0
+	movl	r9,12(r0)
+
+	clrl	r9
+
+	movl	8(ap),r2
+	movl	8(r2),r4
+	bicl3	#-65536,r4,-84(fp)
+	extzv	#16,#16,r4,r0
+	bicl3	#-65536,r0,r4
+	movl	-84(fp),r0
+	mull3	r0,r4,-88(fp)
+	mull3	r0,r0,-84(fp)
+	mull2	r4,r4
+	bicl3	#32767,-88(fp),r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r4
+	bicl3	#-65536,-88(fp),r0
+	ashl	#17,r0,-88(fp)
+	addl3	-84(fp),-88(fp),r0
+	bicl3	#0,r0,-84(fp)
+	cmpl	-84(fp),-88(fp)
+	bgequ	noname.399
+	incl	r4
+noname.399:
+	movl	-84(fp),r1
+	movl	r4,r3
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.400
+	incl	r3
+noname.400:
+	addl2	r3,r7
+	bicl2	#0,r7
+	cmpl	r7,r3
+	bgequ	noname.401
+	incl	r9
+noname.401:
+
+	movzwl	14(r2),r3
+	bicl3	#-65536,4(r2),r1
+	movzwl	6(r2),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,12(r2),-100(fp)
+	bicl3	#-65536,r3,-104(fp)
+	mull3	r0,-100(fp),-92(fp)
+	mull2	r1,-100(fp)
+	mull3	r1,-104(fp),-96(fp)
+	mull2	r0,-104(fp)
+	addl3	-92(fp),-96(fp),r0
+	bicl3	#0,r0,-92(fp)
+	cmpl	-92(fp),-96(fp)
+	bgequ	noname.402
+	addl2	#65536,-104(fp)
+noname.402:
+	movzwl	-90(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-104(fp)
+	bicl3	#-65536,-92(fp),r0
+	ashl	#16,r0,-96(fp)
+	addl3	-96(fp),-100(fp),r0
+	bicl3	#0,r0,-100(fp)
+	cmpl	-100(fp),-96(fp)
+	bgequ	noname.403
+	incl	-104(fp)
+noname.403:
+	movl	-100(fp),r3
+	movl	-104(fp),r2
+	bbc	#31,r2,noname.404
+	incl	r9
+noname.404:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.405
+	incl	r2
+noname.405:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.406
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.406
+	incl	r9
+noname.406:
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.407
+	incl	r9
+noname.407:
+
+	movl	8(ap),r0
+	movzwl	18(r0),r2
+	bicl3	#-65536,(r0),r3
+	movzwl	2(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,16(r0),-116(fp)
+	bicl3	#-65536,r2,-120(fp)
+	mull3	r1,-116(fp),-108(fp)
+	mull2	r3,-116(fp)
+	mull3	r3,-120(fp),-112(fp)
+	mull2	r1,-120(fp)
+	addl3	-108(fp),-112(fp),r0
+	bicl3	#0,r0,-108(fp)
+	cmpl	-108(fp),-112(fp)
+	bgequ	noname.408
+	addl2	#65536,-120(fp)
+noname.408:
+	movzwl	-106(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-120(fp)
+	bicl3	#-65536,-108(fp),r0
+	ashl	#16,r0,-112(fp)
+	addl3	-112(fp),-116(fp),r0
+	bicl3	#0,r0,-116(fp)
+	cmpl	-116(fp),-112(fp)
+	bgequ	noname.409
+	incl	-120(fp)
+noname.409:
+	movl	-116(fp),r3
+	movl	-120(fp),r2
+	bbc	#31,r2,noname.410
+	incl	r9
+noname.410:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.411
+	incl	r2
+noname.411:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.412
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.412
+	incl	r9
+noname.412:
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.413
+	incl	r9
+noname.413:
+
+	movl	4(ap),r0
+	movl	r8,16(r0)
+
+	clrl	r8
+
+	movl	8(ap),r0
+	movzwl	22(r0),r2
+	bicl3	#-65536,(r0),r3
+	movzwl	2(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,20(r0),-132(fp)
+	bicl3	#-65536,r2,-136(fp)
+	mull3	r1,-132(fp),-124(fp)
+	mull2	r3,-132(fp)
+	mull3	r3,-136(fp),-128(fp)
+	mull2	r1,-136(fp)
+	addl3	-124(fp),-128(fp),r0
+	bicl3	#0,r0,-124(fp)
+	cmpl	-124(fp),-128(fp)
+	bgequ	noname.414
+	addl2	#65536,-136(fp)
+noname.414:
+	movzwl	-122(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-136(fp)
+	bicl3	#-65536,-124(fp),r0
+	ashl	#16,r0,-128(fp)
+	addl3	-128(fp),-132(fp),r0
+	bicl3	#0,r0,-132(fp)
+	cmpl	-132(fp),-128(fp)
+	bgequ	noname.415
+	incl	-136(fp)
+noname.415:
+	movl	-132(fp),r3
+	movl	-136(fp),r2
+	bbc	#31,r2,noname.416
+	incl	r8
+noname.416:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.417
+	incl	r2
+noname.417:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r7
+	bicl2	#0,r7
+	cmpl	r7,r3
+	bgequ	noname.418
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.418
+	incl	r8
+noname.418:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.419
+	incl	r8
+noname.419:
+
+	movl	8(ap),r0
+	movzwl	18(r0),r2
+	bicl3	#-65536,4(r0),r3
+	movzwl	6(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,16(r0),-148(fp)
+	bicl3	#-65536,r2,-152(fp)
+	mull3	r1,-148(fp),-140(fp)
+	mull2	r3,-148(fp)
+	mull3	r3,-152(fp),-144(fp)
+	mull2	r1,-152(fp)
+	addl3	-140(fp),-144(fp),r0
+	bicl3	#0,r0,-140(fp)
+	cmpl	-140(fp),-144(fp)
+	bgequ	noname.420
+	addl2	#65536,-152(fp)
+noname.420:
+	movzwl	-138(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-152(fp)
+	bicl3	#-65536,-140(fp),r0
+	ashl	#16,r0,-144(fp)
+	addl3	-144(fp),-148(fp),r0
+	bicl3	#0,r0,-148(fp)
+	cmpl	-148(fp),-144(fp)
+	bgequ	noname.421
+	incl	-152(fp)
+noname.421:
+	movl	-148(fp),r3
+	movl	-152(fp),r2
+	bbc	#31,r2,noname.422
+	incl	r8
+noname.422:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.423
+	incl	r2
+noname.423:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r7
+	bicl2	#0,r7
+	cmpl	r7,r3
+	bgequ	noname.424
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.424
+	incl	r8
+noname.424:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.425
+	incl	r8
+noname.425:
+
+	movl	8(ap),r0
+	movzwl	14(r0),r2
+	bicl3	#-65536,8(r0),r3
+	movzwl	10(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,12(r0),-164(fp)
+	bicl3	#-65536,r2,-168(fp)
+	mull3	r1,-164(fp),-156(fp)
+	mull2	r3,-164(fp)
+	mull3	r3,-168(fp),-160(fp)
+	mull2	r1,-168(fp)
+	addl3	-156(fp),-160(fp),r0
+	bicl3	#0,r0,-156(fp)
+	cmpl	-156(fp),-160(fp)
+	bgequ	noname.426
+	addl2	#65536,-168(fp)
+noname.426:
+	movzwl	-154(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-168(fp)
+	bicl3	#-65536,-156(fp),r0
+	ashl	#16,r0,-160(fp)
+	addl3	-160(fp),-164(fp),r0
+	bicl3	#0,r0,-164(fp)
+	cmpl	-164(fp),-160(fp)
+	bgequ	noname.427
+	incl	-168(fp)
+noname.427:
+	movl	-164(fp),r3
+	movl	-168(fp),r2
+	bbc	#31,r2,noname.428
+	incl	r8
+noname.428:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.429
+	incl	r2
+noname.429:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r7
+	bicl2	#0,r7
+	cmpl	r7,r3
+	bgequ	noname.430
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.430
+	incl	r8
+noname.430:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.431
+	incl	r8
+noname.431:
+
+	movl	4(ap),r0
+	movl	r7,20(r0)
+
+	clrl	r7
+
+	movl	8(ap),r2
+	movl	12(r2),r4
+	bicl3	#-65536,r4,-172(fp)
+	extzv	#16,#16,r4,r0
+	bicl3	#-65536,r0,r4
+	movl	-172(fp),r0
+	mull3	r0,r4,-176(fp)
+	mull3	r0,r0,-172(fp)
+	mull2	r4,r4
+	bicl3	#32767,-176(fp),r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r4
+	bicl3	#-65536,-176(fp),r0
+	ashl	#17,r0,-176(fp)
+	addl3	-172(fp),-176(fp),r0
+	bicl3	#0,r0,-172(fp)
+	cmpl	-172(fp),-176(fp)
+	bgequ	noname.432
+	incl	r4
+noname.432:
+	movl	-172(fp),r1
+	movl	r4,r3
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.433
+	incl	r3
+noname.433:
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.434
+	incl	r7
+noname.434:
+
+	movzwl	18(r2),r3
+	bicl3	#-65536,8(r2),r1
+	movzwl	10(r2),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,16(r2),-188(fp)
+	bicl3	#-65536,r3,-192(fp)
+	mull3	r0,-188(fp),-180(fp)
+	mull2	r1,-188(fp)
+	mull3	r1,-192(fp),-184(fp)
+	mull2	r0,-192(fp)
+	addl3	-180(fp),-184(fp),r0
+	bicl3	#0,r0,-180(fp)
+	cmpl	-180(fp),-184(fp)
+	bgequ	noname.435
+	addl2	#65536,-192(fp)
+noname.435:
+	movzwl	-178(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-192(fp)
+	bicl3	#-65536,-180(fp),r0
+	ashl	#16,r0,-184(fp)
+	addl3	-184(fp),-188(fp),r0
+	bicl3	#0,r0,-188(fp)
+	cmpl	-188(fp),-184(fp)
+	bgequ	noname.436
+	incl	-192(fp)
+noname.436:
+	movl	-188(fp),r3
+	movl	-192(fp),r2
+	bbc	#31,r2,noname.437
+	incl	r7
+noname.437:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.438
+	incl	r2
+noname.438:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r9
+	bicl2	#0,r9
+	cmpl	r9,r3
+	bgequ	noname.439
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.439
+	incl	r7
+noname.439:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.440
+	incl	r7
+noname.440:
+
+	movl	8(ap),r0
+	movzwl	22(r0),r2
+	bicl3	#-65536,4(r0),r3
+	movzwl	6(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,20(r0),-204(fp)
+	bicl3	#-65536,r2,-208(fp)
+	mull3	r1,-204(fp),-196(fp)
+	mull2	r3,-204(fp)
+	mull3	r3,-208(fp),-200(fp)
+	mull2	r1,-208(fp)
+	addl3	-196(fp),-200(fp),r0
+	bicl3	#0,r0,-196(fp)
+	cmpl	-196(fp),-200(fp)
+	bgequ	noname.441
+	addl2	#65536,-208(fp)
+noname.441:
+	movzwl	-194(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-208(fp)
+	bicl3	#-65536,-196(fp),r0
+	ashl	#16,r0,-200(fp)
+	addl3	-200(fp),-204(fp),r0
+	bicl3	#0,r0,-204(fp)
+	cmpl	-204(fp),-200(fp)
+	bgequ	noname.442
+	incl	-208(fp)
+noname.442:
+	movl	-204(fp),r3
+	movl	-208(fp),r2
+	bbc	#31,r2,noname.443
+	incl	r7
+noname.443:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.444
+	incl	r2
+noname.444:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r9
+	bicl2	#0,r9
+	cmpl	r9,r3
+	bgequ	noname.445
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.445
+	incl	r7
+noname.445:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.446
+	incl	r7
+noname.446:
+
+	movl	8(ap),r0
+	movzwl	26(r0),r2
+	bicl3	#-65536,(r0),r3
+	movzwl	2(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,24(r0),-220(fp)
+	bicl3	#-65536,r2,-224(fp)
+	mull3	r1,-220(fp),-212(fp)
+	mull2	r3,-220(fp)
+	mull3	r3,-224(fp),-216(fp)
+	mull2	r1,-224(fp)
+	addl3	-212(fp),-216(fp),r0
+	bicl3	#0,r0,-212(fp)
+	cmpl	-212(fp),-216(fp)
+	bgequ	noname.447
+	addl2	#65536,-224(fp)
+noname.447:
+	movzwl	-210(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-224(fp)
+	bicl3	#-65536,-212(fp),r0
+	ashl	#16,r0,-216(fp)
+	addl3	-216(fp),-220(fp),r0
+	bicl3	#0,r0,-220(fp)
+	cmpl	-220(fp),-216(fp)
+	bgequ	noname.448
+	incl	-224(fp)
+noname.448:
+	movl	-220(fp),r3
+	movl	-224(fp),r2
+	bbc	#31,r2,noname.449
+	incl	r7
+noname.449:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.450
+	incl	r2
+noname.450:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r9
+	bicl2	#0,r9
+	cmpl	r9,r3
+	bgequ	noname.451
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.451
+	incl	r7
+noname.451:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.452
+	incl	r7
+noname.452:
+
+	movl	4(ap),r0
+	movl	r9,24(r0)
+
+	clrl	r9
+
+	movl	8(ap),r0
+	movzwl	30(r0),r2
+	bicl3	#-65536,(r0),r3
+	movzwl	2(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,28(r0),-236(fp)
+	bicl3	#-65536,r2,-240(fp)
+	mull3	r1,-236(fp),-228(fp)
+	mull2	r3,-236(fp)
+	mull3	r3,-240(fp),-232(fp)
+	mull2	r1,-240(fp)
+	addl3	-228(fp),-232(fp),r0
+	bicl3	#0,r0,-228(fp)
+	cmpl	-228(fp),-232(fp)
+	bgequ	noname.453
+	addl2	#65536,-240(fp)
+noname.453:
+	movzwl	-226(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-240(fp)
+	bicl3	#-65536,-228(fp),r0
+	ashl	#16,r0,-232(fp)
+	addl3	-232(fp),-236(fp),r0
+	bicl3	#0,r0,-236(fp)
+	cmpl	-236(fp),-232(fp)
+	bgequ	noname.454
+	incl	-240(fp)
+noname.454:
+	movl	-236(fp),r3
+	movl	-240(fp),r2
+	bbc	#31,r2,noname.455
+	incl	r9
+noname.455:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.456
+	incl	r2
+noname.456:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.457
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.457
+	incl	r9
+noname.457:
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.458
+	incl	r9
+noname.458:
+
+	movl	8(ap),r0
+	movzwl	26(r0),r2
+	bicl3	#-65536,4(r0),r3
+	movzwl	6(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,24(r0),-252(fp)
+	bicl3	#-65536,r2,-256(fp)
+	mull3	r1,-252(fp),-244(fp)
+	mull2	r3,-252(fp)
+	mull3	r3,-256(fp),-248(fp)
+	mull2	r1,-256(fp)
+	addl3	-244(fp),-248(fp),r0
+	bicl3	#0,r0,-244(fp)
+	cmpl	-244(fp),-248(fp)
+	bgequ	noname.459
+	addl2	#65536,-256(fp)
+noname.459:
+	movzwl	-242(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-256(fp)
+	bicl3	#-65536,-244(fp),r0
+	ashl	#16,r0,-248(fp)
+	addl3	-248(fp),-252(fp),r0
+	bicl3	#0,r0,-252(fp)
+	cmpl	-252(fp),-248(fp)
+	bgequ	noname.460
+	incl	-256(fp)
+noname.460:
+	movl	-252(fp),r3
+	movl	-256(fp),r2
+	bbc	#31,r2,noname.461
+	incl	r9
+noname.461:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.462
+	incl	r2
+noname.462:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.463
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.463
+	incl	r9
+noname.463:
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.464
+	incl	r9
+noname.464:
+
+	movl	8(ap),r0
+	movzwl	22(r0),r2
+	bicl3	#-65536,8(r0),r3
+	movzwl	10(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,20(r0),-268(fp)
+	bicl3	#-65536,r2,-272(fp)
+	mull3	r1,-268(fp),-260(fp)
+	mull2	r3,-268(fp)
+	mull3	r3,-272(fp),-264(fp)
+	mull2	r1,-272(fp)
+	addl3	-260(fp),-264(fp),r0
+	bicl3	#0,r0,-260(fp)
+	cmpl	-260(fp),-264(fp)
+	bgequ	noname.465
+	addl2	#65536,-272(fp)
+noname.465:
+	movzwl	-258(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-272(fp)
+	bicl3	#-65536,-260(fp),r0
+	ashl	#16,r0,-264(fp)
+	addl3	-264(fp),-268(fp),r0
+	bicl3	#0,r0,-268(fp)
+	cmpl	-268(fp),-264(fp)
+	bgequ	noname.466
+	incl	-272(fp)
+noname.466:
+	movl	-268(fp),r3
+	movl	-272(fp),r2
+	bbc	#31,r2,noname.467
+	incl	r9
+noname.467:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.468
+	incl	r2
+noname.468:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.469
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.469
+	incl	r9
+noname.469:
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.470
+	incl	r9
+noname.470:
+
+	movl	8(ap),r0
+	movzwl	18(r0),r2
+	bicl3	#-65536,12(r0),r3
+	movzwl	14(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,16(r0),-284(fp)
+	bicl3	#-65536,r2,-288(fp)
+	mull3	r1,-284(fp),-276(fp)
+	mull2	r3,-284(fp)
+	mull3	r3,-288(fp),-280(fp)
+	mull2	r1,-288(fp)
+	addl3	-276(fp),-280(fp),r0
+	bicl3	#0,r0,-276(fp)
+	cmpl	-276(fp),-280(fp)
+	bgequ	noname.471
+	addl2	#65536,-288(fp)
+noname.471:
+	movzwl	-274(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-288(fp)
+	bicl3	#-65536,-276(fp),r0
+	ashl	#16,r0,-280(fp)
+	addl3	-280(fp),-284(fp),r0
+	bicl3	#0,r0,-284(fp)
+	cmpl	-284(fp),-280(fp)
+	bgequ	noname.472
+	incl	-288(fp)
+noname.472:
+	movl	-284(fp),r3
+	movl	-288(fp),r2
+	bbc	#31,r2,noname.473
+	incl	r9
+noname.473:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.474
+	incl	r2
+noname.474:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.475
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.475
+	incl	r9
+noname.475:
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.476
+	incl	r9
+noname.476:
+
+	movl	4(ap),r0
+	movl	r8,28(r0)
+
+	clrl	r8
+
+	movl	8(ap),r3
+	movl	16(r3),r4
+	bicl3	#-65536,r4,r5
+	extzv	#16,#16,r4,r0
+	bicl3	#-65536,r0,r4
+	mull3	r5,r4,-292(fp)
+	mull2	r5,r5
+	mull2	r4,r4
+	bicl3	#32767,-292(fp),r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r4
+	bicl3	#-65536,-292(fp),r0
+	ashl	#17,r0,-292(fp)
+	addl2	-292(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-292(fp)
+	bgequ	noname.477
+	incl	r4
+noname.477:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r7
+	bicl2	#0,r7
+	cmpl	r7,r1
+	bgequ	noname.478
+	incl	r2
+noname.478:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.479
+	incl	r8
+noname.479:
+
+	bicl3	#-65536,20(r3),r4
+	movzwl	22(r3),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,12(r3),r2
+	movzwl	14(r3),r0
+	bicl2	#-65536,r0
+	movl	r4,r6
+	movl	r1,r5
+	mull3	r0,r6,-296(fp)
+	mull2	r2,r6
+	mull3	r2,r5,-300(fp)
+	mull2	r0,r5
+	addl3	-296(fp),-300(fp),r0
+	bicl3	#0,r0,-296(fp)
+	cmpl	-296(fp),-300(fp)
+	bgequ	noname.480
+	addl2	#65536,r5
+noname.480:
+	movzwl	-294(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r5
+	bicl3	#-65536,-296(fp),r0
+	ashl	#16,r0,-300(fp)
+	addl2	-300(fp),r6
+	bicl2	#0,r6
+	cmpl	r6,-300(fp)
+	bgequ	noname.481
+	incl	r5
+noname.481:
+	movl	r6,r3
+	movl	r5,r2
+	bbc	#31,r2,noname.482
+	incl	r8
+noname.482:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.483
+	incl	r2
+noname.483:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r7
+	bicl2	#0,r7
+	cmpl	r7,r3
+	bgequ	noname.484
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.484
+	incl	r8
+noname.484:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.485
+	incl	r8
+noname.485:
+
+	movl	8(ap),r0
+	bicl3	#-65536,24(r0),r3
+	movzwl	26(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,8(r0),r2
+	movzwl	10(r0),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-304(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-308(fp)
+	mull2	r0,r4
+	addl3	-304(fp),-308(fp),r0
+	bicl3	#0,r0,-304(fp)
+	cmpl	-304(fp),-308(fp)
+	bgequ	noname.486
+	addl2	#65536,r4
+noname.486:
+	movzwl	-302(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-304(fp),r0
+	ashl	#16,r0,-308(fp)
+	addl2	-308(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-308(fp)
+	bgequ	noname.487
+	incl	r4
+noname.487:
+	movl	r5,r3
+	movl	r4,r2
+	bbc	#31,r2,noname.488
+	incl	r8
+noname.488:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.489
+	incl	r2
+noname.489:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r7
+	bicl2	#0,r7
+	cmpl	r7,r3
+	bgequ	noname.490
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.490
+	incl	r8
+noname.490:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.491
+	incl	r8
+noname.491:
+
+	movl	8(ap),r0
+	bicl3	#-65536,28(r0),r3
+	movzwl	30(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,4(r0),r2
+	movzwl	6(r0),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-312(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-316(fp)
+	mull2	r0,r4
+	addl3	-312(fp),-316(fp),r0
+	bicl3	#0,r0,-312(fp)
+	cmpl	-312(fp),-316(fp)
+	bgequ	noname.492
+	addl2	#65536,r4
+noname.492:
+	movzwl	-310(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-312(fp),r0
+	ashl	#16,r0,-316(fp)
+	addl2	-316(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-316(fp)
+	bgequ	noname.493
+	incl	r4
+noname.493:
+	movl	r5,r3
+	movl	r4,r2
+	bbc	#31,r2,noname.494
+	incl	r8
+noname.494:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.495
+	incl	r2
+noname.495:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r7
+	bicl2	#0,r7
+	cmpl	r7,r3
+	bgequ	noname.496
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.496
+	incl	r8
+noname.496:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.497
+	incl	r8
+noname.497:
+
+	movl	4(ap),r0
+	movl	r7,32(r0)
+
+	clrl	r7
+
+	movl	8(ap),r0
+	bicl3	#-65536,28(r0),r3
+	movzwl	30(r0),r2
+	bicl3	#-65536,8(r0),r1
+	movzwl	10(r0),r0
+	bicl2	#-65536,r0
+	movl	r3,r4
+	bicl3	#-65536,r2,-328(fp)
+	mull3	r0,r4,-320(fp)
+	mull2	r1,r4
+	mull3	r1,-328(fp),-324(fp)
+	mull2	r0,-328(fp)
+	addl3	-320(fp),-324(fp),r0
+	bicl3	#0,r0,-320(fp)
+	cmpl	-320(fp),-324(fp)
+	bgequ	noname.498
+	addl2	#65536,-328(fp)
+noname.498:
+	movzwl	-318(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-328(fp)
+	bicl3	#-65536,-320(fp),r0
+	ashl	#16,r0,-324(fp)
+	addl2	-324(fp),r4
+	bicl2	#0,r4
+	cmpl	r4,-324(fp)
+	bgequ	noname.499
+	incl	-328(fp)
+noname.499:
+	movl	r4,r3
+	movl	-328(fp),r2
+	bbc	#31,r2,noname.500
+	incl	r7
+noname.500:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.501
+	incl	r2
+noname.501:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r9
+	bicl2	#0,r9
+	cmpl	r9,r3
+	bgequ	noname.502
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.502
+	incl	r7
+noname.502:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.503
+	incl	r7
+noname.503:
+
+	movl	8(ap),r0
+	movzwl	26(r0),r2
+	bicl3	#-65536,12(r0),r3
+	movzwl	14(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,24(r0),-340(fp)
+	bicl3	#-65536,r2,-344(fp)
+	mull3	r1,-340(fp),-332(fp)
+	mull2	r3,-340(fp)
+	mull3	r3,-344(fp),-336(fp)
+	mull2	r1,-344(fp)
+	addl3	-332(fp),-336(fp),r0
+	bicl3	#0,r0,-332(fp)
+	cmpl	-332(fp),-336(fp)
+	bgequ	noname.504
+	addl2	#65536,-344(fp)
+noname.504:
+	movzwl	-330(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-344(fp)
+	bicl3	#-65536,-332(fp),r0
+	ashl	#16,r0,-336(fp)
+	addl3	-336(fp),-340(fp),r0
+	bicl3	#0,r0,-340(fp)
+	cmpl	-340(fp),-336(fp)
+	bgequ	noname.505
+	incl	-344(fp)
+noname.505:
+	movl	-340(fp),r3
+	movl	-344(fp),r2
+	bbc	#31,r2,noname.506
+	incl	r7
+noname.506:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.507
+	incl	r2
+noname.507:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r9
+	bicl2	#0,r9
+	cmpl	r9,r3
+	bgequ	noname.508
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.508
+	incl	r7
+noname.508:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.509
+	incl	r7
+noname.509:
+
+	movl	8(ap),r0
+	movzwl	22(r0),r2
+	bicl3	#-65536,16(r0),r3
+	movzwl	18(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,20(r0),-356(fp)
+	bicl3	#-65536,r2,-360(fp)
+	mull3	r1,-356(fp),-348(fp)
+	mull2	r3,-356(fp)
+	mull3	r3,-360(fp),-352(fp)
+	mull2	r1,-360(fp)
+	addl3	-348(fp),-352(fp),r0
+	bicl3	#0,r0,-348(fp)
+	cmpl	-348(fp),-352(fp)
+	bgequ	noname.510
+	addl2	#65536,-360(fp)
+noname.510:
+	movzwl	-346(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-360(fp)
+	bicl3	#-65536,-348(fp),r0
+	ashl	#16,r0,-352(fp)
+	addl3	-352(fp),-356(fp),r0
+	bicl3	#0,r0,-356(fp)
+	cmpl	-356(fp),-352(fp)
+	bgequ	noname.511
+	incl	-360(fp)
+noname.511:
+	movl	-356(fp),r3
+	movl	-360(fp),r2
+	bbc	#31,r2,noname.512
+	incl	r7
+noname.512:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.513
+	incl	r2
+noname.513:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r9
+	bicl2	#0,r9
+	cmpl	r9,r3
+	bgequ	noname.514
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.514
+	incl	r7
+noname.514:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.515
+	incl	r7
+noname.515:
+
+	movl	4(ap),r0
+	movl	r9,36(r0)
+
+	clrl	r9
+
+	movl	8(ap),r3
+	movl	20(r3),r4
+	bicl3	#-65536,r4,-364(fp)
+	extzv	#16,#16,r4,r0
+	bicl3	#-65536,r0,r4
+	movl	-364(fp),r0
+	mull3	r0,r4,-368(fp)
+	mull3	r0,r0,-364(fp)
+	mull2	r4,r4
+	bicl3	#32767,-368(fp),r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r4
+	bicl3	#-65536,-368(fp),r0
+	ashl	#17,r0,-368(fp)
+	addl3	-364(fp),-368(fp),r0
+	bicl3	#0,r0,-364(fp)
+	cmpl	-364(fp),-368(fp)
+	bgequ	noname.516
+	incl	r4
+noname.516:
+	movl	-364(fp),r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.517
+	incl	r2
+noname.517:
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.518
+	incl	r9
+noname.518:
+
+	bicl3	#-65536,24(r3),r4
+	movzwl	26(r3),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,16(r3),r2
+	movzwl	18(r3),r0
+	bicl2	#-65536,r0
+	movl	r4,r6
+	movl	r1,r5
+	mull3	r0,r6,-372(fp)
+	mull2	r2,r6
+	mull3	r2,r5,-376(fp)
+	mull2	r0,r5
+	addl3	-372(fp),-376(fp),r0
+	bicl3	#0,r0,-372(fp)
+	cmpl	-372(fp),-376(fp)
+	bgequ	noname.519
+	addl2	#65536,r5
+noname.519:
+	movzwl	-370(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r5
+	bicl3	#-65536,-372(fp),r0
+	ashl	#16,r0,-376(fp)
+	addl2	-376(fp),r6
+	bicl2	#0,r6
+	cmpl	r6,-376(fp)
+	bgequ	noname.520
+	incl	r5
+noname.520:
+	movl	r6,r3
+	movl	r5,r2
+	bbc	#31,r2,noname.521
+	incl	r9
+noname.521:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.522
+	incl	r2
+noname.522:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.523
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.523
+	incl	r9
+noname.523:
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.524
+	incl	r9
+noname.524:
+
+	movl	8(ap),r0
+	bicl3	#-65536,28(r0),r3
+	movzwl	30(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,12(r0),r2
+	movzwl	14(r0),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-380(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-384(fp)
+	mull2	r0,r4
+	addl3	-380(fp),-384(fp),r0
+	bicl3	#0,r0,-380(fp)
+	cmpl	-380(fp),-384(fp)
+	bgequ	noname.525
+	addl2	#65536,r4
+noname.525:
+	movzwl	-378(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-380(fp),r0
+	ashl	#16,r0,-384(fp)
+	addl2	-384(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-384(fp)
+	bgequ	noname.526
+	incl	r4
+noname.526:
+	movl	r5,r3
+	movl	r4,r2
+	bbc	#31,r2,noname.527
+	incl	r9
+noname.527:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.528
+	incl	r2
+noname.528:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.529
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.529
+	incl	r9
+noname.529:
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.530
+	incl	r9
+noname.530:
+	movl	4(ap),r0
+	movl	r8,40(r0)
+
+	clrl	r8
+
+	movl	8(ap),r0
+	bicl3	#-65536,28(r0),r3
+	movzwl	30(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,16(r0),r2
+	movzwl	18(r0),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-388(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-392(fp)
+	mull2	r0,r4
+	addl3	-388(fp),-392(fp),r0
+	bicl3	#0,r0,-388(fp)
+	cmpl	-388(fp),-392(fp)
+	bgequ	noname.531
+	addl2	#65536,r4
+noname.531:
+	movzwl	-386(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-388(fp),r0
+	ashl	#16,r0,-392(fp)
+	addl2	-392(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-392(fp)
+	bgequ	noname.532
+	incl	r4
+noname.532:
+	movl	r5,r3
+	movl	r4,r2
+	bbc	#31,r2,noname.533
+	incl	r8
+noname.533:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.534
+	incl	r2
+noname.534:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r7
+	bicl2	#0,r7
+	cmpl	r7,r3
+	bgequ	noname.535
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.535
+	incl	r8
+noname.535:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.536
+	incl	r8
+noname.536:
+
+	movl	8(ap),r0
+	bicl3	#-65536,24(r0),r3
+	movzwl	26(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,20(r0),r2
+	movzwl	22(r0),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-396(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-400(fp)
+	mull2	r0,r4
+	addl3	-396(fp),-400(fp),r0
+	bicl3	#0,r0,-396(fp)
+	cmpl	-396(fp),-400(fp)
+	bgequ	noname.537
+	addl2	#65536,r4
+noname.537:
+	movzwl	-394(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-396(fp),r0
+	ashl	#16,r0,-400(fp)
+	addl2	-400(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-400(fp)
+	bgequ	noname.538
+	incl	r4
+noname.538:
+	movl	r5,r3
+	movl	r4,r2
+	bbc	#31,r2,noname.539
+	incl	r8
+noname.539:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.540
+	incl	r2
+noname.540:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r7
+	bicl2	#0,r7
+	cmpl	r7,r3
+	bgequ	noname.541
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.541
+	incl	r8
+noname.541:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.542
+	incl	r8
+noname.542:
+
+	movl	4(ap),r0
+	movl	r7,44(r0)
+
+	clrl	r7
+
+	movl	8(ap),r3
+	movl	24(r3),r4
+	bicl3	#-65536,r4,r5
+	extzv	#16,#16,r4,r0
+	bicl3	#-65536,r0,r4
+	mull3	r5,r4,-404(fp)
+	mull2	r5,r5
+	mull2	r4,r4
+	bicl3	#32767,-404(fp),r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r4
+	bicl3	#-65536,-404(fp),r0
+	ashl	#17,r0,-404(fp)
+	addl2	-404(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-404(fp)
+	bgequ	noname.543
+	incl	r4
+noname.543:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.544
+	incl	r2
+noname.544:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.545
+	incl	r7
+noname.545:
+
+	movzwl	30(r3),r2
+	bicl3	#-65536,20(r3),r1
+	movzwl	22(r3),r0
+	bicl2	#-65536,r0
+	bicl3	#-65536,28(r3),-416(fp)
+	bicl3	#-65536,r2,-420(fp)
+	mull3	r0,-416(fp),-408(fp)
+	mull2	r1,-416(fp)
+	mull3	r1,-420(fp),-412(fp)
+	mull2	r0,-420(fp)
+	addl3	-408(fp),-412(fp),r0
+	bicl3	#0,r0,-408(fp)
+	cmpl	-408(fp),-412(fp)
+	bgequ	noname.546
+	addl2	#65536,-420(fp)
+noname.546:
+	movzwl	-406(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-420(fp)
+	bicl3	#-65536,-408(fp),r0
+	ashl	#16,r0,-412(fp)
+	addl3	-412(fp),-416(fp),r0
+	bicl3	#0,r0,-416(fp)
+	cmpl	-416(fp),-412(fp)
+	bgequ	noname.547
+	incl	-420(fp)
+noname.547:
+	movl	-416(fp),r3
+	movl	-420(fp),r2
+	bbc	#31,r2,noname.548
+	incl	r7
+noname.548:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.549
+	incl	r2
+noname.549:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r9
+	bicl2	#0,r9
+	cmpl	r9,r3
+	bgequ	noname.550
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.550
+	incl	r7
+noname.550:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.551
+	incl	r7
+noname.551:
+
+	movl	4(ap),r0
+	movl	r9,48(r0)
+
+	clrl	r9
+
+	movl	8(ap),r0
+	movzwl	30(r0),r2
+	bicl3	#-65536,24(r0),r3
+	movzwl	26(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,28(r0),-432(fp)
+	bicl3	#-65536,r2,-436(fp)
+	mull3	r1,-432(fp),-424(fp)
+	mull2	r3,-432(fp)
+	mull3	r3,-436(fp),-428(fp)
+	mull2	r1,-436(fp)
+	addl3	-424(fp),-428(fp),r0
+	bicl3	#0,r0,-424(fp)
+	cmpl	-424(fp),-428(fp)
+	bgequ	noname.552
+	addl2	#65536,-436(fp)
+noname.552:
+	movzwl	-422(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,-436(fp)
+	bicl3	#-65536,-424(fp),r0
+	ashl	#16,r0,-428(fp)
+	addl3	-428(fp),-432(fp),r0
+	bicl3	#0,r0,-432(fp)
+	cmpl	-432(fp),-428(fp)
+	bgequ	noname.553
+	incl	-436(fp)
+noname.553:
+	movl	-432(fp),r3
+	movl	-436(fp),r2
+	bbc	#31,r2,noname.554
+	incl	r9
+noname.554:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.555
+	incl	r2
+noname.555:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.556
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.556
+	incl	r9
+noname.556:
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.557
+	incl	r9
+noname.557:
+
+	movl	4(ap),r4
+	movl	r8,52(r4)
+
+	clrl	r8
+
+	movl	8(ap),r0
+	movl	28(r0),r3
+	bicl3	#-65536,r3,-440(fp)
+	extzv	#16,#16,r3,r0
+	bicl3	#-65536,r0,r3
+	movl	-440(fp),r0
+	mull3	r0,r3,-444(fp)
+	mull3	r0,r0,-440(fp)
+	mull2	r3,r3
+	bicl3	#32767,-444(fp),r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r3
+	bicl3	#-65536,-444(fp),r0
+	ashl	#17,r0,-444(fp)
+	addl3	-440(fp),-444(fp),r0
+	bicl3	#0,r0,-440(fp)
+	cmpl	-440(fp),-444(fp)
+	bgequ	noname.558
+	incl	r3
+noname.558:
+	movl	-440(fp),r1
+	movl	r3,r2
+	addl2	r1,r7
+	bicl2	#0,r7
+	cmpl	r7,r1
+	bgequ	noname.559
+	incl	r2
+noname.559:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.560
+	incl	r8
+noname.560:
+
+	movl	r7,56(r4)
+
+	movl	r9,60(r4)
+
+	ret	
+
+
+
+;r=4 ;(AP)
+;a=8 ;(AP)
+;b=12 ;(AP)
+;n=16 ;(AP)	n	by value (input)
+
+	.psect	code,nowrt
+
+.entry	BN_SQR_COMBA4,^m<r2,r3,r4,r5,r6,r7,r8,r9,r10>
+	subl2	#44,sp
+
+	clrq	r8
+
+	clrl	r10
+
+	movl	8(ap),r5
+	movl	(r5),r3
+	bicl3	#-65536,r3,r4
+	extzv	#16,#16,r3,r0
+	bicl3	#-65536,r0,r3
+	mull3	r4,r3,-4(fp)
+	mull2	r4,r4
+	mull2	r3,r3
+	bicl3	#32767,-4(fp),r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r3
+	bicl3	#-65536,-4(fp),r0
+	ashl	#17,r0,-4(fp)
+	addl2	-4(fp),r4
+	bicl2	#0,r4
+	cmpl	r4,-4(fp)
+	bgequ	noname.563
+	incl	r3
+noname.563:
+	movl	r4,r1
+	movl	r3,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.564
+	incl	r2
+noname.564:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.565
+	incl	r10
+noname.565:
+
+	movl	r9,@4(ap)
+
+	clrl	r9
+
+	bicl3	#-65536,4(r5),r3
+	movzwl	6(r5),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,(r5),r2
+	movzwl	2(r5),r0
+	bicl2	#-65536,r0
+	movl	r3,r6
+	movl	r1,r4
+	mull3	r0,r6,-8(fp)
+	mull2	r2,r6
+	mull2	r4,r2
+	mull2	r0,r4
+	addl3	-8(fp),r2,r0
+	bicl3	#0,r0,-8(fp)
+	cmpl	-8(fp),r2
+	bgequ	noname.566
+	addl2	#65536,r4
+noname.566:
+	movzwl	-6(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-8(fp),r0
+	ashl	#16,r0,r1
+	addl2	r1,r6
+	bicl2	#0,r6
+	cmpl	r6,r1
+	bgequ	noname.567
+	incl	r4
+noname.567:
+	movl	r6,r3
+	movl	r4,r2
+	bbc	#31,r2,noname.568
+	incl	r9
+noname.568:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.569
+	incl	r2
+noname.569:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.570
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.570
+	incl	r9
+noname.570:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.571
+	incl	r9
+noname.571:
+
+	movl	4(ap),r0
+	movl	r8,4(r0)
+
+	clrl	r8
+
+	movl	8(ap),r4
+	movl	4(r4),r3
+	bicl3	#-65536,r3,r5
+	extzv	#16,#16,r3,r0
+	bicl3	#-65536,r0,r3
+	mull3	r5,r3,r1
+	mull2	r5,r5
+	mull2	r3,r3
+	bicl3	#32767,r1,r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r3
+	bicl2	#-65536,r1
+	ashl	#17,r1,r1
+	addl2	r1,r5
+	bicl2	#0,r5
+	cmpl	r5,r1
+	bgequ	noname.572
+	incl	r3
+noname.572:
+	movl	r5,r1
+	movl	r3,r2
+	addl2	r1,r10
+	bicl2	#0,r10
+	cmpl	r10,r1
+	bgequ	noname.573
+	incl	r2
+noname.573:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.574
+	incl	r8
+noname.574:
+
+	bicl3	#-65536,8(r4),r3
+	movzwl	10(r4),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,(r4),r2
+	movzwl	2(r4),r0
+	bicl2	#-65536,r0
+	movl	r3,r6
+	movl	r1,r5
+	mull3	r0,r6,r7
+	mull2	r2,r6
+	mull2	r5,r2
+	mull2	r0,r5
+	addl2	r2,r7
+	bicl2	#0,r7
+	cmpl	r7,r2
+	bgequ	noname.575
+	addl2	#65536,r5
+noname.575:
+	extzv	#16,#16,r7,r0
+	bicl2	#-65536,r0
+	addl2	r0,r5
+	bicl3	#-65536,r7,r0
+	ashl	#16,r0,r1
+	addl2	r1,r6
+	bicl2	#0,r6
+	cmpl	r6,r1
+	bgequ	noname.576
+	incl	r5
+noname.576:
+	movl	r6,r3
+	movl	r5,r2
+	bbc	#31,r2,noname.577
+	incl	r8
+noname.577:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.578
+	incl	r2
+noname.578:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r10
+	bicl2	#0,r10
+	cmpl	r10,r3
+	bgequ	noname.579
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.579
+	incl	r8
+noname.579:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.580
+	incl	r8
+noname.580:
+
+	movl	4(ap),r0
+	movl	r10,8(r0)
+
+	clrl	r10
+
+	movl	8(ap),r0
+	bicl3	#-65536,12(r0),r3
+	movzwl	14(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,(r0),r2
+	movzwl	2(r0),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,r6
+	mull2	r2,r5
+	mull3	r2,r4,-12(fp)
+	mull2	r0,r4
+	addl2	-12(fp),r6
+	bicl2	#0,r6
+	cmpl	r6,-12(fp)
+	bgequ	noname.581
+	addl2	#65536,r4
+noname.581:
+	extzv	#16,#16,r6,r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,r6,r0
+	ashl	#16,r0,-12(fp)
+	addl2	-12(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-12(fp)
+	bgequ	noname.582
+	incl	r4
+noname.582:
+	movl	r5,r3
+	movl	r4,r2
+	bbc	#31,r2,noname.583
+	incl	r10
+noname.583:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.584
+	incl	r2
+noname.584:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r9
+	bicl2	#0,r9
+	cmpl	r9,r3
+	bgequ	noname.585
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.585
+	incl	r10
+noname.585:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.586
+	incl	r10
+noname.586:
+
+	movl	8(ap),r0
+	bicl3	#-65536,8(r0),r3
+	movzwl	10(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,4(r0),r2
+	movzwl	6(r0),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-16(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-20(fp)
+	mull2	r0,r4
+	addl3	-16(fp),-20(fp),r0
+	bicl3	#0,r0,-16(fp)
+	cmpl	-16(fp),-20(fp)
+	bgequ	noname.587
+	addl2	#65536,r4
+noname.587:
+	movzwl	-14(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-16(fp),r0
+	ashl	#16,r0,-20(fp)
+	addl2	-20(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-20(fp)
+	bgequ	noname.588
+	incl	r4
+noname.588:
+	movl	r5,r3
+	movl	r4,r2
+	bbc	#31,r2,noname.589
+	incl	r10
+noname.589:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.590
+	incl	r2
+noname.590:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r9
+	bicl2	#0,r9
+	cmpl	r9,r3
+	bgequ	noname.591
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.591
+	incl	r10
+noname.591:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.592
+	incl	r10
+noname.592:
+	movl	4(ap),r0
+	movl	r9,12(r0)
+
+	clrl	r9
+
+	movl	8(ap),r3
+	movl	8(r3),r4
+	bicl3	#-65536,r4,r5
+	extzv	#16,#16,r4,r0
+	bicl3	#-65536,r0,r4
+	mull3	r5,r4,-24(fp)
+	mull2	r5,r5
+	mull2	r4,r4
+	bicl3	#32767,-24(fp),r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r4
+	bicl3	#-65536,-24(fp),r0
+	ashl	#17,r0,-24(fp)
+	addl2	-24(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-24(fp)
+	bgequ	noname.593
+	incl	r4
+noname.593:
+	movl	r5,r1
+	movl	r4,r2
+	addl2	r1,r8
+	bicl2	#0,r8
+	cmpl	r8,r1
+	bgequ	noname.594
+	incl	r2
+noname.594:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.595
+	incl	r9
+noname.595:
+
+	bicl3	#-65536,12(r3),r4
+	movzwl	14(r3),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,4(r3),r2
+	movzwl	6(r3),r0
+	bicl2	#-65536,r0
+	movl	r4,r6
+	movl	r1,r5
+	mull3	r0,r6,-28(fp)
+	mull2	r2,r6
+	mull3	r2,r5,-32(fp)
+	mull2	r0,r5
+	addl3	-28(fp),-32(fp),r0
+	bicl3	#0,r0,-28(fp)
+	cmpl	-28(fp),-32(fp)
+	bgequ	noname.596
+	addl2	#65536,r5
+noname.596:
+	movzwl	-26(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r5
+	bicl3	#-65536,-28(fp),r0
+	ashl	#16,r0,-32(fp)
+	addl2	-32(fp),r6
+	bicl2	#0,r6
+	cmpl	r6,-32(fp)
+	bgequ	noname.597
+	incl	r5
+noname.597:
+	movl	r6,r3
+	movl	r5,r2
+	bbc	#31,r2,noname.598
+	incl	r9
+noname.598:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.599
+	incl	r2
+noname.599:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r8
+	bicl2	#0,r8
+	cmpl	r8,r3
+	bgequ	noname.600
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.600
+	incl	r9
+noname.600:
+	addl2	r2,r10
+	bicl2	#0,r10
+	cmpl	r10,r2
+	bgequ	noname.601
+	incl	r9
+noname.601:
+
+	movl	4(ap),r0
+	movl	r8,16(r0)
+
+	clrl	r8
+
+	movl	8(ap),r0
+	bicl3	#-65536,12(r0),r3
+	movzwl	14(r0),r1
+	bicl2	#-65536,r1
+	bicl3	#-65536,8(r0),r2
+	movzwl	10(r0),r0
+	bicl2	#-65536,r0
+	movl	r3,r5
+	movl	r1,r4
+	mull3	r0,r5,-36(fp)
+	mull2	r2,r5
+	mull3	r2,r4,-40(fp)
+	mull2	r0,r4
+	addl3	-36(fp),-40(fp),r0
+	bicl3	#0,r0,-36(fp)
+	cmpl	-36(fp),-40(fp)
+	bgequ	noname.602
+	addl2	#65536,r4
+noname.602:
+	movzwl	-34(fp),r0
+	bicl2	#-65536,r0
+	addl2	r0,r4
+	bicl3	#-65536,-36(fp),r0
+	ashl	#16,r0,-40(fp)
+	addl2	-40(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-40(fp)
+	bgequ	noname.603
+	incl	r4
+noname.603:
+	movl	r5,r3
+	movl	r4,r2
+	bbc	#31,r2,noname.604
+	incl	r8
+noname.604:
+	addl2	r2,r2
+	bicl2	#0,r2
+	bbc	#31,r3,noname.605
+	incl	r2
+noname.605:
+	addl2	r3,r3
+	bicl2	#0,r3
+	addl2	r3,r10
+	bicl2	#0,r10
+	cmpl	r10,r3
+	bgequ	noname.606
+	incl	r2
+	bicl3	#0,r2,r0
+	bneq	noname.606
+	incl	r8
+noname.606:
+	addl2	r2,r9
+	bicl2	#0,r9
+	cmpl	r9,r2
+	bgequ	noname.607
+	incl	r8
+noname.607:
+
+	movl	4(ap),r4
+	movl	r10,20(r4)
+
+	clrl	r10
+
+	movl	8(ap),r0
+	movl	12(r0),r3
+	bicl3	#-65536,r3,r5
+	extzv	#16,#16,r3,r0
+	bicl3	#-65536,r0,r3
+	mull3	r5,r3,-44(fp)
+	mull2	r5,r5
+	mull2	r3,r3
+	bicl3	#32767,-44(fp),r0
+	extzv	#15,#17,r0,r0
+	addl2	r0,r3
+	bicl3	#-65536,-44(fp),r0
+	ashl	#17,r0,-44(fp)
+	addl2	-44(fp),r5
+	bicl2	#0,r5
+	cmpl	r5,-44(fp)
+	bgequ	noname.608
+	incl	r3
+noname.608:
+	movl	r5,r1
+	movl	r3,r2
+	addl2	r1,r9
+	bicl2	#0,r9
+	cmpl	r9,r1
+	bgequ	noname.609
+	incl	r2
+noname.609:
+	addl2	r2,r8
+	bicl2	#0,r8
+	cmpl	r8,r2
+	bgequ	noname.610
+	incl	r10
+noname.610:
+
+	movl	r9,24(r4)
+
+	movl	r8,28(r4)
+
+	ret	
+
+; For now, the code below doesn't work, so I end this prematurely.
+.end
diff --git a/crypto/bn/asm/x86-bsdi.s b/crypto/bn/asm/x86-bsdi.s
deleted file mode 100644
index ca6687648e..0000000000
--- a/crypto/bn/asm/x86-bsdi.s
+++ /dev/null
@@ -1,272 +0,0 @@
-	.file	"bn_mulw.c"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align 4
-.globl _bn_mul_add_word
-_bn_mul_add_word:
-	pushl %ebp
-	pushl %edi
-	pushl %esi
-	pushl %ebx
-
-	# ax		L(t)
-	# dx		H(t)
-	# bx		a
-	# cx		w
-	# di		r
-	# si		c
-	# bp		num
-	xorl %esi,%esi		# c=0
-	movl 20(%esp),%edi	# r => edi
-	movl 24(%esp),%ebx	# a => exb
-	movl 32(%esp),%ecx	# w => ecx
-	movl 28(%esp),%ebp	# num => ebp
-
-	shrl $2,%ebp		# num/4
-	je .L910
-
-#	.align 4
-.L110:
-	# Round 1
-	movl %ecx,%eax		# w => eax
-	mull (%ebx)		# w * *a 
-	addl (%edi),%eax	# *r+=L(t)
-	adcl $0,%edx		# H(t)+= carry
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,(%edi)	# *r+=L(t)
-	movl %edx,%esi		# c=H(t)
-
-	# Round 2
-	movl %ecx,%eax		# w => eax
-	mull 4(%ebx)		# w * *a 
-	addl 4(%edi),%eax	# *r+=L(t)
-	adcl $0,%edx		# H(t)+= carry
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,4(%edi)	# *r+=L(t)
-	movl %edx,%esi		# c=H(t)
-
-	# Round 3
-	movl %ecx,%eax		# w => eax
-	mull 8(%ebx)		# w * *a 
-	addl 8(%edi),%eax	# *r+=L(t)
-	adcl $0,%edx		# H(t)+=carry
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,8(%edi)	# *r+=L(t)
-	movl %edx,%esi		# c=H(t)
-
-	# Round 4
-	movl %ecx,%eax		# w => eax
-	mull 12(%ebx)		# w * *a 
-	addl 12(%edi),%eax	# *r+=L(t)
-	adcl $0,%edx		# H(t)+=carry
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,12(%edi)	# *r+=L(t)
-	movl %edx,%esi		# c=H(t)
-
-	addl $16,%ebx		# a+=4 (4 words)
-	addl $16,%edi		# r+=4 (4 words)
-
-	decl %ebp		# --num
-	je .L910
-	jmp .L110
-#	.align 4
-.L910:
-	movl 28(%esp),%ebp	# num => ebp
-	andl $3,%ebp
-	je .L111
-
-	# Round 1
-	movl %ecx,%eax		# w => eax
-	mull (%ebx)		# w * *a 
-	addl (%edi),%eax	# *r+=L(t)
-	adcl $0,%edx		# H(t)+=carry
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,(%edi)	# *r+=L(t)
-	movl %edx,%esi		# c=H(t)
-	decl %ebp		# --num
-	je .L111
-
-	# Round 2
-	movl %ecx,%eax		# w => eax
-	mull 4(%ebx)		# w * *a 
-	addl 4(%edi),%eax	# *r+=L(t)
-	adcl $0,%edx		# H(t)+=carry
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,4(%edi)	# *r+=L(t)
-	movl %edx,%esi		# c=H(t)
-	decl %ebp		# --num
-	je .L111
-
-	# Round 3
-	movl %ecx,%eax		# w => eax
-	mull 8(%ebx)		# w * *a 
-	addl 8(%edi),%eax	# *r+=L(t)
-	adcl $0,%edx		# H(t)+=carry
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,8(%edi)	# *r+=L(t)
-	movl %edx,%esi		# c=H(t)
-
-#	.align 4
-.L111:
-	movl %esi,%eax		# return(c)
-	popl %ebx
-	popl %esi
-	popl %edi
-	popl %ebp
-	ret
-.Lfe1:
-	.align 4
-.globl _bn_mul_word
-_bn_mul_word:
-	pushl %ebp
-	pushl %edi
-	pushl %esi
-	pushl %ebx
-
-	# ax		L(t)
-	# dx		H(t)
-	# bx		a
-	# cx		w
-	# di		r
-	# num		bp
-	# si		c
-	xorl %esi,%esi		# c=0
-	movl 20(%esp),%edi	# r => edi
-	movl 24(%esp),%ebx	# a => exb
-	movl 28(%esp),%ebp	# num => bp
-	movl 32(%esp),%ecx	# w => ecx
-
-#	.align 4
-.L210:
-	movl %ecx,%eax		# w => eax
-	mull (%ebx)		# w * *a 
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,(%edi)	# *r=L(t)
-	movl %edx,%esi		# c=H(t)
-	decl %ebp		# --num
-	je .L211
-
-	movl %ecx,%eax		# w => eax
-	mull 4(%ebx)		# w * *a 
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,4(%edi)	# *r=L(t)
-	movl %edx,%esi		# c=H(t)
-	decl %ebp		# --num
-	je .L211
-
-	movl %ecx,%eax		# w => eax
-	mull 8(%ebx)		# w * *a 
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,8(%edi)	# *r=L(t)
-	movl %edx,%esi		# c=H(t)
-	decl %ebp		# --num
-	je .L211
-
-	movl %ecx,%eax		# w => eax
-	mull 12(%ebx)		# w * *a 
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,12(%edi)	# *r=L(t)
-	movl %edx,%esi		# c=H(t)
-	decl %ebp		# --num
-	je .L211
-
-	addl $16,%ebx		# a+=4 (4 words)
-	addl $16,%edi		# r+=4 (4 words)
-
-	jmp .L210
-#	.align 4
-.L211:
-	movl %esi,%eax		# return(c)
-	popl %ebx
-	popl %esi
-	popl %edi
-	popl %ebp
-	ret
-.Lfe2:
-	.align 4
-.globl _bn_sqr_words
-_bn_sqr_words:
-	pushl %edi
-	pushl %esi
-	pushl %ebx
-	movl 16(%esp),%esi	# r
-	movl 20(%esp),%edi	# a
-	movl 24(%esp),%ebx	# n
-#	.align 4
-	shrl $2,%ebx
-	jz .L99
-.L28:
-	movl (%edi),%eax	# get a
-	mull %eax		# a*a
-	movl %eax,(%esi)	# put low into return addr
-	movl %edx,4(%esi)	# put high into return addr
-
-	movl 4(%edi),%eax	# get a
-	mull %eax		# a*a
-	movl %eax,8(%esi)	# put low into return addr
-	movl %edx,12(%esi)	# put high into return addr
-
-	movl 8(%edi),%eax	# get a
-	mull %eax		# a*a
-	movl %eax,16(%esi)	# put low into return addr
-	movl %edx,20(%esi)	# put high into return addr
-
-	movl 12(%edi),%eax	# get a
-	mull %eax		# a*a
-	movl %eax,24(%esi)	# put low into return addr
-	movl %edx,28(%esi)	# put high into return addr
-
-	addl $16,%edi
-	addl $32,%esi
-	decl %ebx		# n-=4;
-	jz .L99
-	jmp .L28
-#	.align 4
-.L99:
-	movl 24(%esp),%ebx	# n
-	andl $3,%ebx
-	jz .L29
-	movl (%edi),%eax	# get a
-	mull %eax		# a*a
-	movl %eax,(%esi)	# put low into return addr
-	movl %edx,4(%esi)	# put high into return addr
-	decl %ebx		# n--;
-	jz .L29
-	movl 4(%edi),%eax	# get a
-	mull %eax		# a*a
-	movl %eax,8(%esi)	# put low into return addr
-	movl %edx,12(%esi)	# put high into return addr
-	decl %ebx		# n--;
-	jz .L29
-	movl 8(%edi),%eax	# get a
-	mull %eax		# a*a
-	movl %eax,16(%esi)	# put low into return addr
-	movl %edx,20(%esi)	# put high into return addr
-
-.L29:
-	popl %ebx
-	popl %esi
-	popl %edi
-	ret
-.Lfe3:
-	.align 4
-.globl _bn_div64
-_bn_div64:
-	movl 4(%esp),%edx	# a
-	movl 8(%esp),%eax	# b
-	divl 12(%esp)		# ab/c
-	ret
-.Lfe4:
-	.ident	"GCC: (GNU) 2.6.3"
diff --git a/crypto/bn/asm/x86-lnx.s b/crypto/bn/asm/x86-lnx.s
deleted file mode 100644
index 5123867440..0000000000
--- a/crypto/bn/asm/x86-lnx.s
+++ /dev/null
@@ -1,282 +0,0 @@
-	.file	"bn_mulw.c"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align 16
-.globl bn_mul_add_word
-	.type	 bn_mul_add_word,@function
-bn_mul_add_word:
-	pushl %ebp
-	pushl %edi
-	pushl %esi
-	pushl %ebx
-
-	# ax		L(t)
-	# dx		H(t)
-	# bx		a
-	# cx		w
-	# di		r
-	# si		c
-	# bp		num
-	xorl %esi,%esi		# c=0
-	movl 20(%esp),%edi	# r => edi
-	movl 24(%esp),%ebx	# a => exb
-	movl 32(%esp),%ecx	# w => ecx
-	movl 28(%esp),%ebp	# num => ebp
-
-	shrl $2,%ebp		# num/4
-	je .L910
-
-	.align 4
-.L110:
-	# Round 1
-	movl %ecx,%eax		# w => eax
-	mull (%ebx)		# w * *a 
-	addl (%edi),%eax	# *r+=L(t)
-	adcl $0,%edx		# H(t)+= carry
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,(%edi)	# *r+=L(t)
-	movl %edx,%esi		# c=H(t)
-
-	# Round 2
-	movl %ecx,%eax		# w => eax
-	mull 4(%ebx)		# w * *a 
-	addl 4(%edi),%eax	# *r+=L(t)
-	adcl $0,%edx		# H(t)+= carry
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,4(%edi)	# *r+=L(t)
-	movl %edx,%esi		# c=H(t)
-
-	# Round 3
-	movl %ecx,%eax		# w => eax
-	mull 8(%ebx)		# w * *a 
-	addl 8(%edi),%eax	# *r+=L(t)
-	adcl $0,%edx		# H(t)+=carry
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,8(%edi)	# *r+=L(t)
-	movl %edx,%esi		# c=H(t)
-
-	# Round 4
-	movl %ecx,%eax		# w => eax
-	mull 12(%ebx)		# w * *a 
-	addl 12(%edi),%eax	# *r+=L(t)
-	adcl $0,%edx		# H(t)+=carry
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,12(%edi)	# *r+=L(t)
-	movl %edx,%esi		# c=H(t)
-
-	addl $16,%ebx		# a+=4 (4 words)
-	addl $16,%edi		# r+=4 (4 words)
-
-	decl %ebp		# --num
-	je .L910
-	jmp .L110
-	.align 4
-.L910:
-	movl 28(%esp),%ebp	# num => ebp
-	andl $3,%ebp
-	je .L111
-
-	# Round 1
-	movl %ecx,%eax		# w => eax
-	mull (%ebx)		# w * *a 
-	addl (%edi),%eax	# *r+=L(t)
-	adcl $0,%edx		# H(t)+=carry
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,(%edi)	# *r+=L(t)
-	movl %edx,%esi		# c=H(t)
-	decl %ebp		# --num
-	je .L111
-
-	# Round 2
-	movl %ecx,%eax		# w => eax
-	mull 4(%ebx)		# w * *a 
-	addl 4(%edi),%eax	# *r+=L(t)
-	adcl $0,%edx		# H(t)+=carry
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,4(%edi)	# *r+=L(t)
-	movl %edx,%esi		# c=H(t)
-	decl %ebp		# --num
-	je .L111
-
-	# Round 3
-	movl %ecx,%eax		# w => eax
-	mull 8(%ebx)		# w * *a 
-	addl 8(%edi),%eax	# *r+=L(t)
-	adcl $0,%edx		# H(t)+=carry
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,8(%edi)	# *r+=L(t)
-	movl %edx,%esi		# c=H(t)
-
-	.align 4
-.L111:
-	movl %esi,%eax		# return(c)
-	popl %ebx
-	popl %esi
-	popl %edi
-	popl %ebp
-	ret
-.Lfe1:
-	.size	 bn_mul_add_word,.Lfe1-bn_mul_add_word
-	.align 16
-.globl bn_mul_word
-	.type	 bn_mul_word,@function
-bn_mul_word:
-	pushl %ebp
-	pushl %edi
-	pushl %esi
-	pushl %ebx
-
-	# ax		L(t)
-	# dx		H(t)
-	# bx		a
-	# cx		w
-	# di		r
-	# num		bp
-	# si		c
-	xorl %esi,%esi		# c=0
-	movl 20(%esp),%edi	# r => edi
-	movl 24(%esp),%ebx	# a => exb
-	movl 28(%esp),%ebp	# num => bp
-	movl 32(%esp),%ecx	# w => ecx
-
-	.align 4
-.L210:
-	movl %ecx,%eax		# w => eax
-	mull (%ebx)		# w * *a 
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,(%edi)	# *r=L(t)
-	movl %edx,%esi		# c=H(t)
-	decl %ebp		# --num
-	je .L211
-
-	movl %ecx,%eax		# w => eax
-	mull 4(%ebx)		# w * *a 
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,4(%edi)	# *r=L(t)
-	movl %edx,%esi		# c=H(t)
-	decl %ebp		# --num
-	je .L211
-
-	movl %ecx,%eax		# w => eax
-	mull 8(%ebx)		# w * *a 
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,8(%edi)	# *r=L(t)
-	movl %edx,%esi		# c=H(t)
-	decl %ebp		# --num
-	je .L211
-
-	movl %ecx,%eax		# w => eax
-	mull 12(%ebx)		# w * *a 
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,12(%edi)	# *r=L(t)
-	movl %edx,%esi		# c=H(t)
-	decl %ebp		# --num
-	je .L211
-
-	addl $16,%ebx		# a+=4 (4 words)
-	addl $16,%edi		# r+=4 (4 words)
-
-	jmp .L210
-	.align 16
-.L211:
-	movl %esi,%eax		# return(c)
-	popl %ebx
-	popl %esi
-	popl %edi
-	popl %ebp
-	ret
-.Lfe2:
-	.size	 bn_mul_word,.Lfe2-bn_mul_word
-
-	.align 16
-.globl bn_sqr_words
-	.type	 bn_sqr_words,@function
-bn_sqr_words:
-	pushl %edi
-	pushl %esi
-	pushl %ebx
-	movl 16(%esp),%esi	# r
-	movl 20(%esp),%edi	# a
-	movl 24(%esp),%ebx	# n
-	.align 4
-	shrl $2,%ebx
-	jz .L99
-.L28:
-	movl (%edi),%eax	# get a
-	mull %eax		# a*a
-	movl %eax,(%esi)	# put low into return addr
-	movl %edx,4(%esi)	# put high into return addr
-
-	movl 4(%edi),%eax	# get a
-	mull %eax		# a*a
-	movl %eax,8(%esi)	# put low into return addr
-	movl %edx,12(%esi)	# put high into return addr
-
-	movl 8(%edi),%eax	# get a
-	mull %eax		# a*a
-	movl %eax,16(%esi)	# put low into return addr
-	movl %edx,20(%esi)	# put high into return addr
-
-	movl 12(%edi),%eax	# get a
-	mull %eax		# a*a
-	movl %eax,24(%esi)	# put low into return addr
-	movl %edx,28(%esi)	# put high into return addr
-
-	addl $16,%edi
-	addl $32,%esi
-	decl %ebx		# n-=4;
-	jz .L99
-	jmp .L28
-	.align 16
-.L99:
-	movl 24(%esp),%ebx	# n
-	andl $3,%ebx
-	jz .L29
-	movl (%edi),%eax	# get a
-	mull %eax		# a*a
-	movl %eax,(%esi)	# put low into return addr
-	movl %edx,4(%esi)	# put high into return addr
-	decl %ebx		# n--;
-	jz .L29
-	movl 4(%edi),%eax	# get a
-	mull %eax		# a*a
-	movl %eax,8(%esi)	# put low into return addr
-	movl %edx,12(%esi)	# put high into return addr
-	decl %ebx		# n--;
-	jz .L29
-	movl 8(%edi),%eax	# get a
-	mull %eax		# a*a
-	movl %eax,16(%esi)	# put low into return addr
-	movl %edx,20(%esi)	# put high into return addr
-
-.L29:
-	popl %ebx
-	popl %esi
-	popl %edi
-	ret
-.Lfe3:
-	.size	 bn_sqr_words,.Lfe3-bn_sqr_words
-
-	.align 16
-.globl bn_div64
-	.type	 bn_div64,@function
-bn_div64:
-	movl 4(%esp),%edx	# a
-	movl 8(%esp),%eax	# b
-	divl 12(%esp)		# ab/c
-	ret
-.Lfe4:
-	.size	 bn_div64,.Lfe4-bn_div64
-	.ident	"GCC: (GNU) 2.6.3"
diff --git a/crypto/bn/asm/x86-lnxa.s b/crypto/bn/asm/x86-lnxa.s
deleted file mode 100644
index 74855dc74d..0000000000
--- a/crypto/bn/asm/x86-lnxa.s
+++ /dev/null
@@ -1,282 +0,0 @@
-	.file	"bn_mulw.c"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align 4
-.globl _bn_mul_add_word
-	.type	 _bn_mul_add_word,@function
-_bn_mul_add_word:
-	pushl %ebp
-	pushl %edi
-	pushl %esi
-	pushl %ebx
-
-	# ax		L(t)
-	# dx		H(t)
-	# bx		a
-	# cx		w
-	# di		r
-	# si		c
-	# bp		num
-	xorl %esi,%esi		# c=0
-	movl 20(%esp),%edi	# r => edi
-	movl 24(%esp),%ebx	# a => exb
-	movl 32(%esp),%ecx	# w => ecx
-	movl 28(%esp),%ebp	# num => ebp
-
-	shrl $2,%ebp		# num/4
-	je .L910
-
-#	.align 4
-.L110:
-	# Round 1
-	movl %ecx,%eax		# w => eax
-	mull (%ebx)		# w * *a 
-	addl (%edi),%eax	# *r+=L(t)
-	adcl $0,%edx		# H(t)+= carry
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,(%edi)	# *r+=L(t)
-	movl %edx,%esi		# c=H(t)
-
-	# Round 2
-	movl %ecx,%eax		# w => eax
-	mull 4(%ebx)		# w * *a 
-	addl 4(%edi),%eax	# *r+=L(t)
-	adcl $0,%edx		# H(t)+= carry
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,4(%edi)	# *r+=L(t)
-	movl %edx,%esi		# c=H(t)
-
-	# Round 3
-	movl %ecx,%eax		# w => eax
-	mull 8(%ebx)		# w * *a 
-	addl 8(%edi),%eax	# *r+=L(t)
-	adcl $0,%edx		# H(t)+=carry
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,8(%edi)	# *r+=L(t)
-	movl %edx,%esi		# c=H(t)
-
-	# Round 4
-	movl %ecx,%eax		# w => eax
-	mull 12(%ebx)		# w * *a 
-	addl 12(%edi),%eax	# *r+=L(t)
-	adcl $0,%edx		# H(t)+=carry
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,12(%edi)	# *r+=L(t)
-	movl %edx,%esi		# c=H(t)
-
-	addl $16,%ebx		# a+=4 (4 words)
-	addl $16,%edi		# r+=4 (4 words)
-
-	decl %ebp		# --num
-	je .L910
-	jmp .L110
-#	.align 4
-.L910:
-	movl 28(%esp),%ebp	# num => ebp
-	andl $3,%ebp
-	je .L111
-
-	# Round 1
-	movl %ecx,%eax		# w => eax
-	mull (%ebx)		# w * *a 
-	addl (%edi),%eax	# *r+=L(t)
-	adcl $0,%edx		# H(t)+=carry
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,(%edi)	# *r+=L(t)
-	movl %edx,%esi		# c=H(t)
-	decl %ebp		# --num
-	je .L111
-
-	# Round 2
-	movl %ecx,%eax		# w => eax
-	mull 4(%ebx)		# w * *a 
-	addl 4(%edi),%eax	# *r+=L(t)
-	adcl $0,%edx		# H(t)+=carry
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,4(%edi)	# *r+=L(t)
-	movl %edx,%esi		# c=H(t)
-	decl %ebp		# --num
-	je .L111
-
-	# Round 3
-	movl %ecx,%eax		# w => eax
-	mull 8(%ebx)		# w * *a 
-	addl 8(%edi),%eax	# *r+=L(t)
-	adcl $0,%edx		# H(t)+=carry
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,8(%edi)	# *r+=L(t)
-	movl %edx,%esi		# c=H(t)
-
-#	.align 4
-.L111:
-	movl %esi,%eax		# return(c)
-	popl %ebx
-	popl %esi
-	popl %edi
-	popl %ebp
-	ret
-.Lfe1:
-	.size	 _bn_mul_add_word,.Lfe1-_bn_mul_add_word
-	.align 4
-.globl _bn_mul_word
-	.type	 _bn_mul_word,@function
-_bn_mul_word:
-	pushl %ebp
-	pushl %edi
-	pushl %esi
-	pushl %ebx
-
-	# ax		L(t)
-	# dx		H(t)
-	# bx		a
-	# cx		w
-	# di		r
-	# num		bp
-	# si		c
-	xorl %esi,%esi		# c=0
-	movl 20(%esp),%edi	# r => edi
-	movl 24(%esp),%ebx	# a => exb
-	movl 28(%esp),%ebp	# num => bp
-	movl 32(%esp),%ecx	# w => ecx
-
-#	.align 4
-.L210:
-	movl %ecx,%eax		# w => eax
-	mull (%ebx)		# w * *a 
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,(%edi)	# *r=L(t)
-	movl %edx,%esi		# c=H(t)
-	decl %ebp		# --num
-	je .L211
-
-	movl %ecx,%eax		# w => eax
-	mull 4(%ebx)		# w * *a 
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,4(%edi)	# *r=L(t)
-	movl %edx,%esi		# c=H(t)
-	decl %ebp		# --num
-	je .L211
-
-	movl %ecx,%eax		# w => eax
-	mull 8(%ebx)		# w * *a 
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,8(%edi)	# *r=L(t)
-	movl %edx,%esi		# c=H(t)
-	decl %ebp		# --num
-	je .L211
-
-	movl %ecx,%eax		# w => eax
-	mull 12(%ebx)		# w * *a 
-	addl %esi,%eax		# L(t)+=c
-	adcl $0,%edx		# H(t)+=carry
-	movl %eax,12(%edi)	# *r=L(t)
-	movl %edx,%esi		# c=H(t)
-	decl %ebp		# --num
-	je .L211
-
-	addl $16,%ebx		# a+=4 (4 words)
-	addl $16,%edi		# r+=4 (4 words)
-
-	jmp .L210
-#	.align 4
-.L211:
-	movl %esi,%eax		# return(c)
-	popl %ebx
-	popl %esi
-	popl %edi
-	popl %ebp
-	ret
-.Lfe2:
-	.size	 _bn_mul_word,.Lfe2-_bn_mul_word
-
-	.align 4
-.globl _bn_sqr_words
-	.type	 _bn_sqr_words,@function
-_bn_sqr_words:
-	pushl %edi
-	pushl %esi
-	pushl %ebx
-	movl 16(%esp),%esi	# r
-	movl 20(%esp),%edi	# a
-	movl 24(%esp),%ebx	# n
-#	.align 4
-	shrl $2,%ebx
-	jz .L99
-.L28:
-	movl (%edi),%eax	# get a
-	mull %eax		# a*a
-	movl %eax,(%esi)	# put low into return addr
-	movl %edx,4(%esi)	# put high into return addr
-
-	movl 4(%edi),%eax	# get a
-	mull %eax		# a*a
-	movl %eax,8(%esi)	# put low into return addr
-	movl %edx,12(%esi)	# put high into return addr
-
-	movl 8(%edi),%eax	# get a
-	mull %eax		# a*a
-	movl %eax,16(%esi)	# put low into return addr
-	movl %edx,20(%esi)	# put high into return addr
-
-	movl 12(%edi),%eax	# get a
-	mull %eax		# a*a
-	movl %eax,24(%esi)	# put low into return addr
-	movl %edx,28(%esi)	# put high into return addr
-
-	addl $16,%edi
-	addl $32,%esi
-	decl %ebx		# n-=4;
-	jz .L99
-	jmp .L28
-#	.align 4
-.L99:
-	movl 24(%esp),%ebx	# n
-	andl $3,%ebx
-	jz .L29
-	movl (%edi),%eax	# get a
-	mull %eax		# a*a
-	movl %eax,(%esi)	# put low into return addr
-	movl %edx,4(%esi)	# put high into return addr
-	decl %ebx		# n--;
-	jz .L29
-	movl 4(%edi),%eax	# get a
-	mull %eax		# a*a
-	movl %eax,8(%esi)	# put low into return addr
-	movl %edx,12(%esi)	# put high into return addr
-	decl %ebx		# n--;
-	jz .L29
-	movl 8(%edi),%eax	# get a
-	mull %eax		# a*a
-	movl %eax,16(%esi)	# put low into return addr
-	movl %edx,20(%esi)	# put high into return addr
-
-.L29:
-	popl %ebx
-	popl %esi
-	popl %edi
-	ret
-.Lfe3:
-	.size	 _bn_sqr_words,.Lfe3-_bn_sqr_words
-
-	.align 4
-.globl _bn_div64
-	.type	 _bn_div64,@function
-_bn_div64:
-	movl 4(%esp),%edx	# a
-	movl 8(%esp),%eax	# b
-	divl 12(%esp)		# ab/c
-	ret
-.Lfe4:
-	.size	 _bn_div64,.Lfe4-_bn_div64
-	.ident	"GCC: (GNU) 2.6.3"
diff --git a/crypto/bn/asm/x86-sol.s b/crypto/bn/asm/x86-sol.s
deleted file mode 100644
index c961e64fa0..0000000000
--- a/crypto/bn/asm/x86-sol.s
+++ /dev/null
@@ -1,224 +0,0 @@
-	.file	"bn_mulw.c"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align 16
-.globl bn_mul_add_word
-	.type	 bn_mul_add_word,@function
-bn_mul_add_word:
-	pushl %ebp
-	pushl %edi
-	pushl %esi
-	pushl %ebx
-
-	/ ax		L(t)
-	/ dx		H(t)
-	/ bx		a
-	/ cx		w
-	/ di		r
-	/ si		c
-	/ bp		num
-	xorl %esi,%esi		/ c=0
-	movl 20(%esp),%edi	/ r => edi
-	movl 24(%esp),%ebx	/ a => exb
-	movl 28(%esp),%ebp	/ num => ebp
-	movl 32(%esp),%ecx	/ w => ecx
-
-	.align 4
-.L110:
-	movl %ecx,%eax		/ w => eax
-	mull (%ebx)		/ w * *a 
-	addl (%edi),%eax	/ L(t)+= *r
-	adcl $0,%edx		/ H(t)+= carry
-	addl %esi,%eax		/ L(t)+=c
-	adcl $0,%edx		/ H(t)+=carry
-	movl %eax,(%edi)	/ *r=L(t)
-	movl %edx,%esi		/ c=H(t)
-	decl %ebp		/ --num
-	je .L111
-
-	movl %ecx,%eax		/ w => eax
-	mull 4(%ebx)		/ w * *a 
-	addl 4(%edi),%eax	/ L(t)+= *r
-	adcl $0,%edx		/ H(t)+= carry
-	addl %esi,%eax		/ L(t)+=c
-	adcl $0,%edx		/ H(t)+=carry
-	movl %eax,4(%edi)	/ *r=L(t)
-	movl %edx,%esi		/ c=H(t)
-	decl %ebp		/ --num
-	je .L111
-
-	movl %ecx,%eax		/ w => eax
-	mull 8(%ebx)		/ w * *a 
-	addl 8(%edi),%eax	/ L(t)+= *r
-	adcl $0,%edx		/ H(t)+= carry
-	addl %esi,%eax		/ L(t)+=c
-	adcl $0,%edx		/ H(t)+=carry
-	movl %eax,8(%edi)	/ *r=L(t)
-	movl %edx,%esi		/ c=H(t)
-	decl %ebp		/ --num
-	je .L111
-
-	movl %ecx,%eax		/ w => eax
-	mull 12(%ebx)		/ w * *a 
-	addl 12(%edi),%eax	/ L(t)+= *r
-	adcl $0,%edx		/ H(t)+= carry
-	addl %esi,%eax		/ L(t)+=c
-	adcl $0,%edx		/ H(t)+=carry
-	movl %eax,12(%edi)	/ *r=L(t)
-	movl %edx,%esi		/ c=H(t)
-	decl %ebp		/ --num
-	je .L111
-
-	addl $16,%ebx		/ a+=4 (4 words)
-	addl $16,%edi		/ r+=4 (4 words)
-
-	jmp .L110
-	.align 16
-.L111:
-	movl %esi,%eax		/ return(c)
-	popl %ebx
-	popl %esi
-	popl %edi
-	popl %ebp
-	ret
-.Lfe1:
-	.size	 bn_mul_add_word,.Lfe1-bn_mul_add_word
-	.align 16
-.globl bn_mul_word
-	.type	 bn_mul_word,@function
-bn_mul_word:
-	pushl %ebp
-	pushl %edi
-	pushl %esi
-	pushl %ebx
-
-	/ ax		L(t)
-	/ dx		H(t)
-	/ bx		a
-	/ cx		w
-	/ di		r
-	/ num		bp
-	/ si		c
-	xorl %esi,%esi		/ c=0
-	movl 20(%esp),%edi	/ r => edi
-	movl 24(%esp),%ebx	/ a => exb
-	movl 28(%esp),%ebp	/ num => ebp
-	movl 32(%esp),%ecx	/ w => ecx
-
-	.align 4
-.L210:
-	movl %ecx,%eax		/ w => eax
-	mull (%ebx)		/ w * *a 
-	addl %esi,%eax		/ L(t)+=c
-	adcl $0,%edx		/ H(t)+=carry
-	movl %eax,(%edi)	/ *r=L(t)
-	movl %edx,%esi		/ c=H(t)
-	decl %ebp		/ --num
-	je .L211
-
-	movl %ecx,%eax		/ w => eax
-	mull 4(%ebx)		/ w * *a 
-	addl %esi,%eax		/ L(t)+=c
-	adcl $0,%edx		/ H(t)+=carry
-	movl %eax,4(%edi)	/ *r=L(t)
-	movl %edx,%esi		/ c=H(t)
-	decl %ebp		/ --num
-	je .L211
-
-	movl %ecx,%eax		/ w => eax
-	mull 8(%ebx)		/ w * *a 
-	addl %esi,%eax		/ L(t)+=c
-	adcl $0,%edx		/ H(t)+=carry
-	movl %eax,8(%edi)	/ *r=L(t)
-	movl %edx,%esi		/ c=H(t)
-	decl %ebp		/ --num
-	je .L211
-
-	movl %ecx,%eax		/ w => eax
-	mull 12(%ebx)		/ w * *a 
-	addl %esi,%eax		/ L(t)+=c
-	adcl $0,%edx		/ H(t)+=carry
-	movl %eax,12(%edi)	/ *r=L(t)
-	movl %edx,%esi		/ c=H(t)
-	decl %ebp		/ --num
-	je .L211
-
-	addl $16,%ebx		/ a+=4 (4 words)
-	addl $16,%edi		/ r+=4 (4 words)
-
-	jmp .L210
-	.align 16
-.L211:
-	movl %esi,%eax		/ return(c)
-	popl %ebx
-	popl %esi
-	popl %edi
-	popl %ebp
-	ret
-.Lfe2:
-	.size	 bn_mul_word,.Lfe2-bn_mul_word
-
-	.align 16
-.globl bn_sqr_words
-	.type	 bn_sqr_words,@function
-bn_sqr_words:
-	pushl %edi
-	pushl %esi
-	pushl %ebx
-	movl 16(%esp),%esi	/ r
-	movl 20(%esp),%edi	/ a
-	movl 24(%esp),%ebx	/ n
-	.align 4
-.L28:
-	movl (%edi),%eax	/ get a
-	mull %eax		/ a*a
-	movl %eax,(%esi)	/ put low into return addr
-	movl %edx,4(%esi)	/ put high into return addr
-	decl %ebx		/ n--;
-	je .L29
-
-	movl 4(%edi),%eax	/ get a
-	mull %eax		/ a*a
-	movl %eax,8(%esi)	/ put low into return addr
-	movl %edx,12(%esi)	/ put high into return addr
-	decl %ebx		/ n--;
-	je .L29
-
-	movl 8(%edi),%eax	/ get a
-	mull %eax		/ a*a
-	movl %eax,16(%esi)	/ put low into return addr
-	movl %edx,20(%esi)	/ put high into return addr
-	decl %ebx		/ n--;
-	je .L29
-
-	movl 12(%edi),%eax	/ get a
-	mull %eax		/ a*a
-	movl %eax,24(%esi)	/ put low into return addr
-	movl %edx,28(%esi)	/ put high into return addr
-	decl %ebx		/ n--;
-	je .L29
-
-	addl $16,%edi
-	addl $32,%esi
-	jmp .L28
-	.align 16
-.L29:
-	popl %ebx
-	popl %esi
-	popl %edi
-	ret
-.Lfe3:
-	.size	 bn_sqr_words,.Lfe3-bn_sqr_words
-
-	.align 16
-.globl bn_div64
-	.type	 bn_div64,@function
-bn_div64:
-	movl 4(%esp),%edx	/ a
-	movl 8(%esp),%eax	/ b
-	divl 12(%esp)		/ ab/c
-	ret
-.Lfe4:
-	.size	 bn_div64,.Lfe4-bn_div64
-	.ident	"GCC: (GNU) 2.6.3"
diff --git a/crypto/bn/asm/x86.pl b/crypto/bn/asm/x86.pl
index bf869fd0ee..1bc4f1bb27 100644
--- a/crypto/bn/asm/x86.pl
+++ b/crypto/bn/asm/x86.pl
@@ -11,7 +11,7 @@ require("x86/add.pl");
 require("x86/sub.pl");
 require("x86/comba.pl");
 
-&asm_init($ARGV[0],"bn-586.pl");
+&asm_init($ARGV[0],$0);
 
 &bn_mul_add_words("bn_mul_add_words");
 &bn_mul_words("bn_mul_words");
diff --git a/crypto/bn/asm/x86nt32.asm b/crypto/bn/asm/x86nt32.asm
deleted file mode 100644
index 0198c2c583..0000000000
--- a/crypto/bn/asm/x86nt32.asm
+++ /dev/null
@@ -1,288 +0,0 @@
-	TITLE	bn_mulw.c
-	.386P
-.model FLAT
-PUBLIC	_bn_mul_add_word
-_TEXT	SEGMENT
-; File bn_mulw.c
-_bn_mul_add_word PROC NEAR
-	push	ebp
-	push	ebx
-	push	esi
-	push	edi
-	mov	edi,DWORD PTR 20[esp]   ; r
-	mov	ebx,DWORD PTR 24[esp]	; a
-	mov	ecx,DWORD PTR 32[esp]	; w
-	xor	esi,esi			; c=0
-
-	mov	ebp,DWORD PTR 28[esp]	; num
-	shr	ebp,2			; num/4
-	jz	$L666
-
-$L546:
-	; Round one
-	mov	eax,DWORD PTR [ebx]	; edx:eax = *a * w
-	mul	ecx
-	add	eax,DWORD PTR [edi]	; *r+=ax
-	adc	edx,0
-	add	eax,esi			; edx:eax += c
-	adc	edx,0
-	mov	DWORD PTR [edi],eax	; *r+=ax
-	mov	esi,edx			; c = overflow
-
-	; Round two
-	mov	eax,DWORD PTR 4[ebx]	; edx:eax = *a * w
-	mul	ecx
-	add	eax,DWORD PTR 4[edi]	; *r+=ax
-	adc	edx,0
-	add	eax,esi			; edx:eax += c
-	adc	edx,0
-	mov	DWORD PTR 4[edi],eax	; *r+=ax
-	mov	esi,edx			; c = overflow
-
-	; Round three
-	mov	eax,DWORD PTR 8[ebx]	; edx:eax = *a * w
-	mul	ecx
-	add	eax,DWORD PTR 8[edi]	; *r+=ax
-	adc	edx,0
-	add	eax,esi			; edx:eax += c
-	adc	edx,0
-	mov	DWORD PTR 8[edi],eax	; *r+=ax
-	mov	esi,edx			; c = overflow
-
-	; Round four
-	mov	eax,DWORD PTR 12[ebx]	; edx:eax = *a * w
-	mul	ecx
-	add	eax,DWORD PTR 12[edi]	; *r+=ax
-	adc	edx,0
-	add	eax,esi			; edx:eax += c
-	adc	edx,0
-	mov	DWORD PTR 12[edi],eax	; *r+=ax
-	mov	esi,edx			; c = overflow
-
-	add	ebx,16
-	add	edi,16
-
-	dec	ebp
-	jz	$L666
-	jmp	$L546
-$L666:
-	mov	ebp,DWORD PTR 28[esp]	; num
-	and	ebp,3			; num%4
-	jz	$L547
-
-	; Round one
-	mov	eax,DWORD PTR [ebx]	; edx:eax = *a * w
-	mul	ecx
-	add	eax,DWORD PTR [edi]	; *r+=ax
-	adc	edx,0
-	add	eax,esi			; edx:eax += c
-	adc	edx,0
-	mov	DWORD PTR [edi],eax	; *r+=ax
-	mov	esi,edx			; c = overflow
-	dec	ebp
-	jz	$L547
-	; Round two
-	mov	eax,DWORD PTR 4[ebx]	; edx:eax = *a * w
-	mul	ecx
-	add	eax,DWORD PTR 4[edi]	; *r+=ax
-	adc	edx,0
-	add	eax,esi			; edx:eax += c
-	adc	edx,0
-	mov	DWORD PTR 4[edi],eax	; *r+=ax
-	mov	esi,edx			; c = overflow
-	dec	ebp
-	jz	$L547
-	; Round three
-	mov	eax,DWORD PTR 8[ebx]	; edx:eax = *a * w
-	mul	ecx
-	add	eax,DWORD PTR 8[edi]	; *r+=ax
-	adc	edx,0
-	add	eax,esi			; edx:eax += c
-	adc	edx,0
-	mov	DWORD PTR 8[edi],eax	; *r+=ax
-	mov	esi,edx			; c = overflow
-
-$L547:
-	mov	eax,esi
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-_bn_mul_add_word ENDP
-_TEXT	ENDS
-PUBLIC	_bn_mul_word
-_TEXT	SEGMENT
-_bn_mul_word PROC NEAR
-	push	ebp
-	push	ebx
-	push	esi
-	push	edi
-
-	mov	edi,DWORD PTR 20[esp]	; r
-	mov	ebx,DWORD PTR 24[esp]	; a
-	mov	ebp,DWORD PTR 28[esp]	; num
-	mov	ecx,DWORD PTR 32[esp]	; w
-	xor	esi,esi			; c=0
-
-	shr	ebp,2			; num/4
-	jz	$L266
-
-$L593:
-	; Round one
-	mov	eax,DWORD PTR [ebx]	; edx:eax= w * *a 
-	mul	ecx
-	add	eax,esi			; edx:eax+=c
-	adc	edx,0
-	mov	DWORD PTR [edi],eax	; *r=eax
-	mov	esi,edx			; c=edx
-	; Round two
-	mov	eax,DWORD PTR 4[ebx]	; edx:eax= w * *a 
-	mul	ecx
-	add	eax,esi			; edx:eax+=c
-	adc	edx,0
-	mov	DWORD PTR 4[edi],eax	; *r=eax
-	mov	esi,edx			; c=edx
-	; Round three
-	mov	eax,DWORD PTR 8[ebx]	; edx:eax= w * *a 
-	mul	ecx
-	add	eax,esi			; edx:eax+=c
-	adc	edx,0
-	mov	DWORD PTR 8[edi],eax	; *r=eax
-	mov	esi,edx			; c=edx
-	; Round four
-	mov	eax,DWORD PTR 12[ebx]	; edx:eax= w * *a 
-	mul	ecx
-	add	eax,esi			; edx:eax+=c
-	adc	edx,0
-	mov	DWORD PTR 12[edi],eax	; *r=eax
-	mov	esi,edx			; c=edx
-
-	add	ebx,16
-	add	edi,16
-
-	dec	ebp
-	jz	$L266
-	jmp	$L593
-$L266:
-	mov	ebp,DWORD PTR 28[esp]	; num
-	and	ebp,3	
-	jz	$L601
-
-	; Round one
-	mov	eax,DWORD PTR [ebx]	; edx:eax= w * *a 
-	mul	ecx
-	add	eax,esi			; edx:eax+=c
-	adc	edx,0
-	mov	DWORD PTR [edi],eax	; *r=eax
-	mov	esi,edx			; c=edx
-	dec	ebp
-	jz	$L601
-	; Round two
-	mov	eax,DWORD PTR 4[ebx]	; edx:eax= w * *a 
-	mul	ecx
-	add	eax,esi			; edx:eax+=c
-	adc	edx,0
-	mov	DWORD PTR 4[edi],eax	; *r=eax
-	mov	esi,edx			; c=edx
-	dec	ebp
-	jz	$L601
-	; Round three
-	mov	eax,DWORD PTR 8[ebx]	; edx:eax= w * *a 
-	mul	ecx
-	add	eax,esi			; edx:eax+=c
-	adc	edx,0
-	mov	DWORD PTR 8[edi],eax	; *r=eax
-	mov	esi,edx			; c=edx
-
-$L601:
-	mov	eax,esi
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-_bn_mul_word ENDP
-_TEXT	ENDS
-PUBLIC	_bn_sqr_words
-_TEXT	SEGMENT
-_bn_sqr_words PROC NEAR
-	push	ebx
-	push	esi
-	push	edi
-	mov	esi,DWORD PTR 16[esp]	; r
-	mov	edi,DWORD PTR 20[esp]	; a
-	mov	ebx,DWORD PTR 24[esp]	; num
-	
-	shr	ebx,2			; num/4
-	jz	$L111
-$L640:
-	; Round 1
-	mov	eax, DWORD PTR [edi]
-	mul	eax			; *a * *a
-	mov	DWORD PTR [esi],eax
-	mov	DWORD PTR 4[esi],edx
-	; Round 2
-	mov	eax, DWORD PTR 4[edi]
-	mul	eax			; *a * *a
-	mov	DWORD PTR 8[esi],eax
-	mov	DWORD PTR 12[esi],edx
-	; Round 3
-	mov	eax, DWORD PTR 8[edi]
-	mul	eax			; *a * *a
-	mov	DWORD PTR 16[esi],eax
-	mov	DWORD PTR 20[esi],edx
-	; Round 4
-	mov	eax, DWORD PTR 12[edi]
-	mul	eax			; *a * *a
-	mov	DWORD PTR 24[esi],eax
-	mov	DWORD PTR 28[esi],edx
-
-	add	edi,16
-	add	esi,32
-
-	dec	ebx
-	jz	$L111
-	jmp	$L640
-$L111:
-	mov	ebx,DWORD PTR 24[esp]	; num
-	and	ebx,3			; num%3
-	jz	$L645
-
-	; Round 1
-	mov	eax, DWORD PTR [edi]
-	mul	eax			; *a * *a
-	mov	DWORD PTR [esi],eax
-	mov	DWORD PTR 4[esi],edx
-	dec	ebx
-	jz	$L645
-	; Round 2
-	mov	eax, DWORD PTR 4[edi]
-	mul	eax			; *a * *a
-	mov	DWORD PTR 8[esi],eax
-	mov	DWORD PTR 12[esi],edx
-	dec	ebx
-	jz	$L645
-	; Round 3
-	mov	eax, DWORD PTR 8[edi]
-	mul	eax			; *a * *a
-	mov	DWORD PTR 16[esi],eax
-	mov	DWORD PTR 20[esi],edx
-
-$L645:
-	pop	edi
-	pop	esi
-	pop	ebx
-	ret
-_bn_sqr_words ENDP
-_TEXT	ENDS
-PUBLIC	_bn_div64
-_TEXT	SEGMENT
-_bn_div64 PROC NEAR
-	mov	edx, DWORD PTR 4[esp]
-	mov	eax, DWORD PTR 8[esp]
-	div	DWORD PTR 12[esp]
-	ret
-_bn_div64 ENDP
-_TEXT	ENDS
-END
diff --git a/crypto/bn/asm/x86nt32.uu b/crypto/bn/asm/x86nt32.uu
deleted file mode 100644
index 99207987c1..0000000000
--- a/crypto/bn/asm/x86nt32.uu
+++ /dev/null
@@ -1,22 +0,0 @@
-begin 640 x86nt32.obj
-M3`$"`/H&DC-6`@``"P`````````N=&5X=```````````````\@$``&0`````
-M```````````````@`#!@+F1A=&$```#R`0````````````!6`@``````````
-M````````0``PP%535E>+?"04BUPD&(M,)"`S]HML)!S![0)T7(L#]^$#!X/2
-M``/&@](`B0>+\HM#!/?A`T<$@](``\:#T@")1P2+\HM#"/?A`T<(@](``\:#
-MT@")1PB+\HM##/?A`T<,@](``\:#T@")1PR+\H/#$(/'$$UT`NNDBVPD'(/E
-M`W1"BP/WX0,'@](``\:#T@")!XOR370MBT,$]^$#1P2#T@`#QH/2`(E'!(OR
-M3705BT,(]^$#1PB#T@`#QH/2`(E'"(ORB\9?7EM=PU535E>+?"04BUPD&(ML
-M)!R+3"0@,_;![0)T18L#]^$#QH/2`(D'B_*+0P3WX0/&@](`B4<$B_*+0PCW
-MX0/&@](`B4<(B_*+0PSWX0/&@](`B4<,B_*#PQ"#QQ!-=`+KNXML)!R#Y0-T
-M,8L#]^$#QH/2`(D'B_)-="&+0P3WX0/&@](`B4<$B_)-=`^+0PCWX0/&@](`
-MB4<(B_*+QE]>6UW#4U97BW0D$(M\)!2+7"08P>L"=#6+!_?@B0:)5@2+1P3W
-MX(E&"(E6#(M'"/?@B480B584BT<,]^")1AB)5AR#QQ"#QB!+=`+KRXM<)!B#
-MXP-T)8L']^")!HE6!$MT&8M'!/?@B48(B58,2W0+BT<(]^")1A")5A1?7EO#
-MBU0D!(M$)`CW="0,PRYF:6QE`````````/[_``!G`BY<8W)Y<'1O7&)N7&%S
-M;5QX.#9N=#,R+F%S;0```````````"YT97AT``````````$````#`?(!````
-M`````````````````"YD871A``````````(````#`0``````````````````
-M```````````$``````````$`(``"```````5````R0````$`(``"```````B
-M````:@$```$`(``"```````P````Y0$```$`(``"`#H```!?8FY?;75L7V%D
-L9%]W;W)D`%]B;E]M=6Q?=V]R9`!?8FY?<W%R7W=O<F1S`%]B;E]D:78V-```
-`
-end
diff --git a/crypto/bn/asm/x86w16.asm b/crypto/bn/asm/x86w16.asm
deleted file mode 100644
index 80a9ed6eef..0000000000
--- a/crypto/bn/asm/x86w16.asm
+++ /dev/null
@@ -1,297 +0,0 @@
-;	Static Name Aliases
-;
-	TITLE   bn_mulw.c
-	.8087
-F_TEXT	SEGMENT  WORD PUBLIC 'CODE'
-F_TEXT	ENDS
-_DATA	SEGMENT  WORD PUBLIC 'DATA'
-_DATA	ENDS
-_CONST	SEGMENT  WORD PUBLIC 'CONST'
-_CONST	ENDS
-_BSS	SEGMENT  WORD PUBLIC 'BSS'
-_BSS	ENDS
-DGROUP	GROUP	_CONST, _BSS, _DATA
-	ASSUME DS: DGROUP, SS: DGROUP
-F_TEXT      SEGMENT
-	ASSUME	CS: F_TEXT
-	PUBLIC	_bn_mul_add_words
-_bn_mul_add_words	PROC FAR
-; Line 58
-	push	bp
-	push	bx
-	push	si
-	push	di
-	push	ds
-	push	es
-	mov	bp,sp
-;	w = 26
-;	num = 24
-;	ap = 20
-;	rp = 16
-	xor	si,si			;c=0;
-	mov	di,WORD PTR [bp+16]	; load r
-	mov	ds,WORD PTR [bp+18]	; load r
-	mov	bx,WORD PTR [bp+20]	; load a
-	mov	es,WORD PTR [bp+22]	; load a
-	mov	cx,WORD PTR [bp+26]	; load w
-	mov	bp,WORD PTR [bp+24]	; load num
-
-	shr	bp,1	; div count by 4 and do groups of 4
-	shr	bp,1
-	je	$L555
-
-$L546:
-	mov	ax,cx
-	mul	WORD PTR es:[bx]	; w* *a
-	add	ax,WORD PTR ds:[di]	; + *r
-	adc	dx,0
-	adc	ax,si
-	adc	dx,0
-	mov	WORD PTR ds:[di],ax
-	mov	si,dx
-	;
-	mov	ax,cx
-	mul	WORD PTR es:[bx+2]	; w* *a
-	add	ax,WORD PTR ds:[di+2]	; + *r
-	adc	dx,0
-	adc	ax,si
-	adc	dx,0
-	mov	WORD PTR ds:[di+2],ax
-	mov	si,dx
-	;
-	mov	ax,cx
-	mul	WORD PTR es:[bx+4]	; w* *a
-	add	ax,WORD PTR ds:[di+4]	; + *r
-	adc	dx,0
-	adc	ax,si
-	adc	dx,0
-	mov	WORD PTR ds:[di+4],ax
-	mov	si,dx
-	;
-	mov	ax,cx
-	mul	WORD PTR es:[bx+6]	; w* *a
-	add	ax,WORD PTR ds:[di+6]	; + *r
-	adc	dx,0
-	adc	ax,si
-	adc	dx,0
-	mov	WORD PTR ds:[di+6],ax
-	mov	si,dx
-	;
-	add	bx,8
-	add	di,8
-	;
-	dec	bp
-	je	$L555
-	jmp	$L546
-;
-;
-$L555:
-	mov	bp,sp
-	mov	bp,WORD PTR [bp+24]	; load num
-	and	bp,3
-	dec	bp
-	js	$L547
-
-	mov	ax,cx
-	mul	WORD PTR es:[bx]	; w* *a
-	add	ax,WORD PTR ds:[di]	; + *r
-	adc	dx,0
-	adc	ax,si
-	adc	dx,0
-	mov	WORD PTR ds:[di],ax
-	mov	si,dx
-	dec	bp
-	js	$L547			; Note that we are now testing for -1
-	;
-	mov	ax,cx
-	mul	WORD PTR es:[bx+2]	; w* *a
-	add	ax,WORD PTR ds:[di+2]	; + *r
-	adc	dx,0
-	adc	ax,si
-	adc	dx,0
-	mov	WORD PTR ds:[di+2],ax
-	mov	si,dx
-	dec	bp
-	js	$L547
-	;
-	mov	ax,cx
-	mul	WORD PTR es:[bx+4]	; w* *a
-	add	ax,WORD PTR ds:[di+4]	; + *r
-	adc	dx,0
-	adc	ax,si
-	adc	dx,0
-	mov	WORD PTR ds:[di+4],ax
-	mov	si,dx
-$L547:
-	mov	ax,si
-	pop	es
-	pop	ds
-	pop	di
-	pop	si
-	pop	bx
-	pop	bp
-	ret	
-	nop	
-
-_bn_mul_add_words	ENDP
-	PUBLIC	_bn_mul_words
-_bn_mul_words	PROC FAR
-; Line 76
-	push	bp
-	push	bx
-	push	si
-	push	di
-	push	ds
-	push	es
-	xor	si,si
-	mov	bp,sp
-	mov	di,WORD PTR [bp+16]	; r
-	mov	ds,WORD PTR [bp+18]
-	mov	bx,WORD PTR [bp+20]	; a
-	mov	es,WORD PTR [bp+22]
-	mov	cx,WORD PTR [bp+26]	; w
-	mov	bp,WORD PTR [bp+24]	; num 
-$FC743:
-	mov	ax,cx
-	mul	WORD PTR es:[bx]
-	add	ax,si
-	adc	dx,0
-	mov	WORD PTR ds:[di],ax
-	mov	si,dx
-	dec	bp
-	je	$L764
-	;
-	mov	ax,cx
-	mul	WORD PTR es:[bx+2]
-	add	ax,si
-	adc	dx,0
-	mov	WORD PTR ds:[di+2],ax
-	mov	si,dx
-	dec	bp
-	je	$L764
-	;
-	mov	ax,cx
-	mul	WORD PTR es:[bx+4]
-	add	ax,si
-	adc	dx,0
-	mov	WORD PTR ds:[di+4],ax
-	mov	si,dx
-	dec	bp
-	je	$L764
-	;
-	mov	ax,cx
-	mul	WORD PTR es:[bx+6]
-	add	ax,si
-	adc	dx,0
-	mov	WORD PTR ds:[di+6],ax
-	mov	si,dx
-	dec	bp
-	je	$L764
-	;
-	add	bx,8
-	add	di,8
-	jmp	$FC743
-	nop
-$L764:
-	mov	ax,si
-	pop	es
-	pop	ds
-	pop	di
-	pop	si
-	pop	bx
-	pop	bp
-	ret	
-	nop	
-_bn_mul_words	ENDP
-	PUBLIC	_bn_sqr_words
-_bn_sqr_words	PROC FAR
-; Line 92
-	push	bp
-	push	bx
-	push	si
-	push	di
-	push	ds
-	push	es
-	mov	bp,sp
-	mov	si,WORD PTR [bp+16]
-	mov	ds,WORD PTR [bp+18]
-	mov	di,WORD PTR [bp+20]
-	mov	es,WORD PTR [bp+22]
-	mov	bx,WORD PTR [bp+24]
-
-	mov	bp,bx	; save a memory lookup later
-	shr	bx,1	; div count by 4 and do groups of 4
-	shr	bx,1
-	je	$L666
-
-$L765:
-	mov	ax,WORD PTR es:[di]
-	mul	ax
-	mov	WORD PTR ds:[si],ax
-	mov	WORD PTR ds:[si+2],dx
-	;
-	mov	ax,WORD PTR es:[di+2]
-	mul	ax
-	mov	WORD PTR ds:[si+4],ax
-	mov	WORD PTR ds:[si+6],dx
-	;
-	mov	ax,WORD PTR es:[di+4]
-	mul	ax
-	mov	WORD PTR ds:[si+8],ax
-	mov	WORD PTR ds:[si+10],dx
-	;
-	mov	ax,WORD PTR es:[di+6]
-	mul	ax
-	mov	WORD PTR ds:[si+12],ax
-	mov	WORD PTR ds:[si+14],dx
-	;
-	add	di,8
-	add	si,16
-	dec	bx
-	je	$L666
-	jmp	$L765
-$L666:
-	and	bp,3
-	dec	bp	; The copied value of bx (num)
-	js	$L645
-	;
-	mov	ax,WORD PTR es:[di]
-	mul	ax
-	mov	WORD PTR ds:[si],ax
-	mov	WORD PTR ds:[si+2],dx
-	dec	bp
-	js	$L645
-	;
-	mov	ax,WORD PTR es:[di+2]
-	mul	ax
-	mov	WORD PTR ds:[si+4],ax
-	mov	WORD PTR ds:[si+6],dx
-	dec	bp
-	js	$L645
-	;
-	mov	ax,WORD PTR es:[di+4]
-	mul	ax
-	mov	WORD PTR ds:[si+8],ax
-	mov	WORD PTR ds:[si+10],dx
-$L645:
-	pop	es
-	pop	ds
-	pop	di
-	pop	si
-	pop	bx
-	pop	bp
-	ret	
-
-_bn_sqr_words	ENDP
-	PUBLIC	_bn_div64
-_bn_div64	PROC FAR
-	push	bp
-	mov	bp,sp
-	mov	dx, WORD PTR [bp+6]
-	mov	ax, WORD PTR [bp+8]
-	div	WORD PTR [bp+10]
-	pop	bp
-	ret	
-_bn_div64	ENDP
-F_TEXT	ENDS
-END
diff --git a/crypto/bn/asm/x86w16.uu b/crypto/bn/asm/x86w16.uu
deleted file mode 100644
index 89c5e144b7..0000000000
--- a/crypto/bn/asm/x86w16.uu
+++ /dev/null
@@ -1,20 +0,0 @@
-begin 640 x86w16.obj
-M@!P`&BY<8W)Y<'1O7&)N7&%S;5QX.#9W,38N87-MQY8U```$7T)34P5?1$%4
-M009$1U)/55`&1E]415A4!4-/3E-4`T)34P5#3TY35`1$051!!$-/1$5EF`<`
-M2/`!!0H!&)@'`$@```,)`0R8!P!(```&"`$*F`<`2````@<!#YH(``3_`O\#
-M_P14D$4```$-7V)N7W-Q<E]W;W)D<U4!``E?8FY?9&EV-C3B`0`07V)N7VUU
-M;%]A9&1?=V]R9`````Q?8FY?;75L7W=O<F3<``#`B`0``*(!T:#T`0$``%53
-M5E<>!HOL,_:+?A".7A*+7A2.1A:+3AJ+;AC1[='M=&"+P2;W)P,%@](`$\:#
-MT@")!8ORB\$F]V<"`T4"@](`$\:#T@")10*+\HO!)O=G!`-%!(/2`!/&@](`
-MB44$B_*+P2;W9P8#10:#T@`3QH/2`(E%!HOR@\,(@\<(370"ZZ"+[(MN&(/E
-M`TUX18O!)O<G`P6#T@`3QH/2`(D%B_)->"^+P2;W9P(#10*#T@`3QH/2`(E%
-M`HOR37@6B\$F]V<$`T4$@](`$\:#T@")102+\HO&!Q]?7EM=RY!54U97'@8S
-M]HOLBWX0CEX2BUX4CD86BTX:BVX8B\$F]R<#QH/2`(D%B_)-=$*+P2;W9P(#
-MQH/2`(E%`HOR370OB\$F]V<$`\:#T@")102+\DUT'(O!)O=G!@/&@](`B44&
-MB_)-=`F#PPB#QPCKKI"+Q@<?7UY;7<N055-65QX&B^R+=A".7A*+?A2.1A:+
-M7AB+Z]'KT>MT.2:+!??@B02)5`(FBT4"]^")1`2)5`8FBT4$]^")1`B)5`HF
-MBT4&]^")1`R)5`Z#QPB#QA!+=`+KQX/E`TUX*":+!??@B02)5`)->!LFBT4"
-M]^")1`2)5`9->`PFBT4$]^")1`B)5`H''U]>6UW+58OLBU8&BT8(]W8*7<NZ
-%B@(``'0`
-`
-end
diff --git a/crypto/bn/asm/x86w32.asm b/crypto/bn/asm/x86w32.asm
deleted file mode 100644
index 957d71e3b1..0000000000
--- a/crypto/bn/asm/x86w32.asm
+++ /dev/null
@@ -1,360 +0,0 @@
-;	Static Name Aliases
-;
-	TITLE   bn_mulw.c
-	.386
-F_TEXT	SEGMENT  WORD USE16 PUBLIC 'CODE'
-F_TEXT	ENDS
-_DATA	SEGMENT  WORD USE16 PUBLIC 'DATA'
-_DATA	ENDS
-_CONST	SEGMENT  WORD USE16 PUBLIC 'CONST'
-_CONST	ENDS
-_BSS	SEGMENT  WORD USE16 PUBLIC 'BSS'
-_BSS	ENDS
-DGROUP	GROUP	_CONST, _BSS, _DATA
-	ASSUME DS: DGROUP, SS: DGROUP
-F_TEXT      SEGMENT
-	ASSUME	CS: F_TEXT
-	PUBLIC	_bn_mul_add_words
-_bn_mul_add_words	PROC FAR
-; Line 58
-	push	bp
-	push	bx
-	push	esi
-	push	di
-	push	ds
-	push	es
-	mov	bp,sp
-;	w = 28
-;	num = 26
-;	ap = 22
-;	rp = 18
-	xor	esi,esi			;c=0;
-	mov	di,WORD PTR [bp+18]	; load r
-	mov	ds,WORD PTR [bp+20]	; load r
-	mov	bx,WORD PTR [bp+22]	; load a
-	mov	es,WORD PTR [bp+24]	; load a
-	mov	ecx,DWORD PTR [bp+28]	; load w
-	mov	bp,WORD PTR [bp+26]	; load num
-	shr	bp,1	; div count by 4 and do groups of 4
-	shr	bp,1
-	je	$L555
-
-$L546:
-	mov	eax,ecx
-	mul	DWORD PTR es:[bx]	; w* *a
-	add	eax,DWORD PTR ds:[di]	; + *r
-	adc	edx,0
-	adc	eax,esi
-	adc	edx,0
-	mov	DWORD PTR ds:[di],eax
-	mov	esi,edx
-	;
-	mov	eax,ecx
-	mul	DWORD PTR es:[bx+4]	; w* *a
-	add	eax,DWORD PTR ds:[di+4]	; + *r
-	adc	edx,0
-	adc	eax,esi
-	adc	edx,0
-	mov	DWORD PTR ds:[di+4],eax
-	mov	esi,edx
-	;
-	mov	eax,ecx
-	mul	DWORD PTR es:[bx+8]	; w* *a
-	add	eax,DWORD PTR ds:[di+8]	; + *r
-	adc	edx,0
-	adc	eax,esi
-	adc	edx,0
-	mov	DWORD PTR ds:[di+8],eax
-	mov	esi,edx
-	;
-	mov	eax,ecx
-	mul	DWORD PTR es:[bx+12]	; w* *a
-	add	eax,DWORD PTR ds:[di+12]	; + *r
-	adc	edx,0
-	adc	eax,esi
-	adc	edx,0
-	mov	DWORD PTR ds:[di+12],eax
-	mov	esi,edx
-	;
-	add	bx,16
-	add	di,16
-	;
-	dec	bp
-	je	$L555
-	jmp	$L546
-;
-;
-$L555:
-	mov	bp,sp
-	mov	bp,WORD PTR [bp+26]	; load num
-	and	bp,3
-	dec	bp
-	js	$L547m
-
-	mov	eax,ecx
-	mul	DWORD PTR es:[bx]	; w* *a
-	add	eax,DWORD PTR ds:[di]	; + *r
-	adc	edx,0
-	adc	eax,esi
-	adc	edx,0
-	mov	DWORD PTR ds:[di],eax
-	mov	esi,edx
-	dec	bp
-	js	$L547m			; Note that we are now testing for -1
-	;
-	mov	eax,ecx
-	mul	DWORD PTR es:[bx+4]	; w* *a
-	add	eax,DWORD PTR ds:[di+4]	; + *r
-	adc	edx,0
-	adc	eax,esi
-	adc	edx,0
-	mov	DWORD PTR ds:[di+4],eax
-	mov	esi,edx
-	dec	bp
-	js	$L547m
-	;
-	mov	eax,ecx
-	mul	DWORD PTR es:[bx+8]	; w* *a
-	add	eax,DWORD PTR ds:[di+8]	; + *r
-	adc	edx,0
-	adc	eax,esi
-	adc	edx,0
-	mov	DWORD PTR ds:[di+8],eax
-	mov	esi,edx
-$L547m:
-	mov	eax,esi
-	mov	edx,esi
-	shr	edx,16
-	pop	es
-	pop	ds
-	pop	di
-	pop	esi
-	pop	bx
-	pop	bp
-	ret	
-	nop	
-_bn_mul_add_words	ENDP
-
-	PUBLIC	_bn_mul_words
-_bn_mul_words	PROC FAR
-; Line 76
-	push	bp
-	push	bx
-	push	esi
-	push	di
-	push	ds
-	push	es
-	xor	esi,esi
-	mov	bp,sp
-	mov	di,WORD PTR [bp+18]	; r
-	mov	ds,WORD PTR [bp+20]
-	mov	bx,WORD PTR [bp+22]	; a
-	mov	es,WORD PTR [bp+24]
-	mov	ecx,DWORD PTR [bp+28]	; w
-	mov	bp,WORD PTR [bp+26]	; num 
-
-$FC743:
-	mov	eax,ecx
-	mul	DWORD PTR es:[bx]
-	add	eax,esi
-	adc	edx,0
-	mov	DWORD PTR ds:[di],eax
-	mov	esi,edx
-	dec	bp
-	je	$L764
-	;
-	mov	eax,ecx
-	mul	DWORD PTR es:[bx+4]
-	add	eax,esi
-	adc	edx,0
-	mov	DWORD PTR ds:[di+4],eax
-	mov	esi,edx
-	dec	bp
-	je	$L764
-	;
-	mov	eax,ecx
-	mul	DWORD PTR es:[bx+8]
-	add	eax,esi
-	adc	edx,0
-	mov	DWORD PTR ds:[di+8],eax
-	mov	esi,edx
-	dec	bp
-	je	$L764
-	;
-	mov	eax,ecx
-	mul	DWORD PTR es:[bx+12]
-	add	eax,esi
-	adc	edx,0
-	mov	DWORD PTR ds:[di+12],eax
-	mov	esi,edx
-	dec	bp
-	je	$L764
-	;
-	add	bx,16
-	add	di,16
-	jmp	$FC743
-	nop
-$L764:
-	mov	eax,esi
-	mov	edx,esi
-	shr	edx,16
-	pop	es
-	pop	ds
-	pop	di
-	pop	esi
-	pop	bx
-	pop	bp
-	ret	
-	nop	
-_bn_mul_words	ENDP
-	PUBLIC	_bn_sqr_words
-_bn_sqr_words	PROC FAR
-; Line 92
-	push	bp
-	push	bx
-	push	si
-	push	di
-	push	ds
-	push	es
-	mov	bp,sp
-	mov	si,WORD PTR [bp+16]
-	mov	ds,WORD PTR [bp+18]
-	mov	di,WORD PTR [bp+20]
-	mov	es,WORD PTR [bp+22]
-	mov	bx,WORD PTR [bp+24]
-
-	mov	bp,bx	; save a memory lookup later
-	shr	bx,1	; div count by 4 and do groups of 4
-	shr	bx,1
-	je	$L666
-
-$L765:
-	mov	eax,DWORD PTR es:[di]
-	mul	eax
-	mov	DWORD PTR ds:[si],eax
-	mov	DWORD PTR ds:[si+4],edx
-	;
-	mov	eax,DWORD PTR es:[di+4]
-	mul	eax
-	mov	DWORD PTR ds:[si+8],eax
-	mov	DWORD PTR ds:[si+12],edx
-	;
-	mov	eax,DWORD PTR es:[di+8]
-	mul	eax
-	mov	DWORD PTR ds:[si+16],eax
-	mov	DWORD PTR ds:[si+20],edx
-	;
-	mov	eax,DWORD PTR es:[di+12]
-	mul	eax
-	mov	DWORD PTR ds:[si+24],eax
-	mov	DWORD PTR ds:[si+28],edx
-	;
-	add	di,16
-	add	si,32
-	dec	bx
-	je	$L666
-	jmp	$L765
-$L666:
-	and	bp,3
-	dec	bp	; The copied value of bx (num)
-	js	$L645
-	;
-	mov	eax,DWORD PTR es:[di]
-	mul	eax
-	mov	DWORD PTR ds:[si],eax
-	mov	DWORD PTR ds:[si+4],edx
-	dec	bp
-	js	$L645
-	;
-	mov	eax,DWORD PTR es:[di+4]
-	mul	eax
-	mov	DWORD PTR ds:[si+8],eax
-	mov	DWORD PTR ds:[si+12],edx
-	dec	bp
-	js	$L645
-	;
-	mov	eax,DWORD PTR es:[di+8]
-	mul	eax
-	mov	DWORD PTR ds:[si+16],eax
-	mov	DWORD PTR ds:[si+20],edx
-$L645:
-	pop	es
-	pop	ds
-	pop	di
-	pop	si
-	pop	bx
-	pop	bp
-	ret	
-_bn_sqr_words	ENDP
-
-	PUBLIC	_bn_div64
-_bn_div64	PROC FAR
-	push	bp
-	mov	bp,sp
-	mov	edx, DWORD PTR [bp+6]
-	mov	eax, DWORD PTR [bp+10]
-	div	DWORD PTR [bp+14]
-	mov	edx,eax
-	shr	edx,16
-	pop	bp
-	ret	
-_bn_div64	ENDP
-
-	PUBLIC	_bn_add_words
-_bn_add_words	PROC FAR
-; Line 58
-	push	bp
-	push	bx
-	push	esi
-	push	di
-	push	ds
-	push	es
-	mov	bp,sp
-;	w = 28
-;	num = 26
-;	ap = 22
-;	rp = 18
-	xor	esi,esi			;c=0;
-	mov	bx,WORD PTR [bp+18]	; load low r
-	mov	si,WORD PTR [bp+22]	; load a
-	mov	es,WORD PTR [bp+24]	; load a
-	mov	di,WORD PTR [bp+26]	; load b
-	mov	ds,WORD PTR [bp+28]	; load b
-
-	mov	dx,WORD PTR [bp+30]	; load num
-	xor	ecx,ecx
-	dec	dx
-	js	$L547a
-
-$L5477:
-	mov	eax,DWORD PTR es:[si]	; *a
-	add	eax,ecx
-	mov	ecx,0
-	adc	ecx,0
-	add	si,4			; a++
-	add	eax,DWORD PTR ds:[di]	; + *b
-	adc	ecx,0
-	mov	ds,WORD PTR [bp+20]
-	add	di,4
-	mov	DWORD PTR ds:[bx],eax
-	mov	ds,WORD PTR [bp+28]
-	add	bx,4
-	dec	dx
-	js	$L547a			; Note that we are now testing for -1
-	jmp	$L5477
-	;
-$L547a:
-	mov	eax,ecx
-	mov	edx,ecx
-	shr	edx,16
-	pop	es
-	pop	ds
-	pop	di
-	pop	esi
-	pop	bx
-	pop	bp
-	ret	
-	nop	
-_bn_add_words	ENDP
-F_TEXT	ENDS
-END
diff --git a/crypto/bn/asm/x86w32.uu b/crypto/bn/asm/x86w32.uu
deleted file mode 100644
index edcd84e25e..0000000000
--- a/crypto/bn/asm/x86w32.uu
+++ /dev/null
@@ -1,23 +0,0 @@
-begin 640 x86w32.obj
-M@!P`&BY<8W)Y<'1O7&)N7&%S;5QX.#9W,S(N87-MR98U```$7T)34P5?1$%4
-M009$1U)/55`&1E]415A4!4-/3E-4`T)34P5#3TY35`1$051!!$-/1$5EF`<`
-M2(`"!0H!AY@'`$@```,)`0R8!P!(```&"`$*F`<`2````@<!#YH(``3_`O\#
-M_P14D$4```$-7V)N7W-Q<E]W;W)D<[\!``E?8FY?9&EV-C1H`@`07V)N7VUU
-M;%]A9&1?=V]R9`````Q?8FY?;75L7W=O<F0B`0"(B`0``*(!T:"$`@$``%53
-M9E97'@:+[&8S]HM^$HY>%(M>%HY&&&:+3AR+;AK1[='M#X2``&:+P68F]R=F
-M`P5F@](`9A/&9H/2`&:)!6:+\F:+P68F]V<$9@-%!&:#T@!F$\9F@](`9HE%
-M!&:+\F:+P68F]V<(9@-%"&:#T@!F$\9F@](`9HE%"&:+\F:+P68F]V<,9@-%
-M#&:#T@!F$\9F@](`9HE%#&:+\H/#$(/'$$UT`NN`B^R+;AJ#Y0-->%UFB\%F
-M)O<G9@,%9H/2`&83QF:#T@!FB05FB_)->#]FB\%F)O=G!&8#101F@](`9A/&
-M9H/2`&:)101FB_)->!YFB\%F)O=G"&8#10AF@](`9A/&9H/2`&:)10AFB_)F
-MB\9FB]9FP>H0!Q]?9EY;7<N055-F5E<>!F8S]HOLBWX2CEX4BUX6CD889HM.
-M'(MN&F:+P68F]R=F`\9F@](`9HD%9HOR37149HO!9B;W9P1F`\9F@](`9HE%
-M!&:+\DUT.V:+P68F]V<(9@/&9H/2`&:)10AFB_)-=")FB\%F)O=G#&8#QF:#
-MT@!FB44,9HOR370)@\,0@\<0ZY:09HO&9HO69L'J$`<?7V9>6UW+D%535E<>
-M!HOLBW80CEX2BWX4CD86BUX8B^O1Z]'K=$EF)HL%9O?@9HD$9HE4!&8FBT4$
-M9O?@9HE$"&:)5`QF)HM%"&;WX&:)1!!FB5049B:+10QF]^!FB4089HE4'(/'
-M$(/&($MT`NNW@^4#37@T9B:+!6;WX&:)!&:)5`1->"-F)HM%!&;WX&:)1`AF
-MB50,37@09B:+10AF]^!FB4009HE4%`<?7UY;7<M5B^QFBU8&9HM&"F;W=@YF
-.B]!FP>H07<O`B@(``'0`
-`
-end
diff --git a/crypto/bn/bn.err b/crypto/bn/bn.err
deleted file mode 100644
index ba5c9bc97e..0000000000
--- a/crypto/bn/bn.err
+++ /dev/null
@@ -1,30 +0,0 @@
-/* Error codes for the BN functions. */
-
-/* Function codes. */
-#define BN_F_BN_BLINDING_CONVERT			 100
-#define BN_F_BN_BLINDING_INVERT				 101
-#define BN_F_BN_BLINDING_NEW				 102
-#define BN_F_BN_BLINDING_UPDATE				 103
-#define BN_F_BN_BN2DEC					 104
-#define BN_F_BN_BN2HEX					 105
-#define BN_F_BN_CTX_NEW					 106
-#define BN_F_BN_DIV					 107
-#define BN_F_BN_EXPAND2					 108
-#define BN_F_BN_MOD_EXP_MONT				 109
-#define BN_F_BN_MOD_INVERSE				 110
-#define BN_F_BN_MOD_MUL_RECIPROCAL			 111
-#define BN_F_BN_MPI2BN					 112
-#define BN_F_BN_NEW					 113
-#define BN_F_BN_RAND					 114
-#define BN_F_BN_USUB					 115
-
-/* Reason codes. */
-#define BN_R_ARG2_LT_ARG3				 100
-#define BN_R_BAD_RECIPROCAL				 101
-#define BN_R_CALLED_WITH_EVEN_MODULUS			 102
-#define BN_R_DIV_BY_ZERO				 103
-#define BN_R_ENCODING_ERROR				 104
-#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA		 105
-#define BN_R_INVALID_LENGTH				 106
-#define BN_R_NOT_INITALISED				 107
-#define BN_R_NO_INVERSE					 108
diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h
index 2c14a1d582..403add94b0 100644
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -1,4 +1,4 @@
-/* crypto/bn/bn.org */
+/* crypto/bn/bn.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -55,60 +55,58 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
  *
- * Always modify bn.org since bn.h is automatically generated from
- * it during SSLeay configuration.
+ * The Contribution is licensed pursuant to the Eric Young open source
+ * license provided above.
+ *
+ * The binary polynomial arithmetic software is originally written by 
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
  *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
  */
 
 #ifndef HEADER_BN_H
 #define HEADER_BN_H
 
+#include <openssl/e_os2.h>
+#ifndef OPENSSL_NO_FP_API
+#include <stdio.h> /* FILE */
+#endif
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#undef BN_LLONG
-
-#ifdef WIN32
-#define BN_LLONG /* This comment stops Configure mutilating things */
+#ifdef OPENSSL_SYS_VMS
+#undef BN_LLONG /* experimental, so far... */
 #endif
 
 #define BN_MUL_COMBA
 #define BN_SQR_COMBA
-#undef BN_RECURSION
-#define RECP_MUL_MOD
-#define MONT_MUL_MOD
+#define BN_RECURSION
 
 /* This next option uses the C libraries (2 word)/(1 word) function.
  * If it is not defined, I use my C version (which is slower).
  * The reason for this flag is that when the particular C compiler
  * library routine is used, and the library is linked with a different
  * compiler, the library is missing.  This mostly happens when the
- * library is built with gcc and then linked using nornal cc.  This would
- * be a common occurance because gcc normally produces code that is
+ * library is built with gcc and then linked using normal cc.  This would
+ * be a common occurrence because gcc normally produces code that is
  * 2 times faster than system compilers for the big number stuff.
  * For machines with only one compiler (or shared libraries), this should
  * be on.  Again this in only really a problem on machines
- * using "long long's", are 32bit, and are not using my assember code. */
-#if defined(MSDOS) || defined(WINDOWS) || defined(linux)
-#define BN_DIV2W
+ * using "long long's", are 32bit, and are not using my assembler code. */
+#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \
+    defined(OPENSSL_SYS_WIN32) || defined(linux)
+# ifndef BN_DIV2W
+#  define BN_DIV2W
+# endif
 #endif
 
-/* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
-
-
 /* assuming long is 64bit - this is the DEC Alpha
  * unsigned long long is only 64 bits :-(, don't define
  * BN_LLONG for the DEC Alpha */
@@ -134,12 +132,12 @@ extern "C" {
 
 /* This is where the long long data type is 64 bits, but long is 32.
  * For machines where there are 64bit registers, this is the mode to use.
- * IRIX, on R4000 and above should use this mode, along with the relevent
- * assember code :-).  Do NOT define BN_ULLONG.
+ * IRIX, on R4000 and above should use this mode, along with the relevant
+ * assembler code :-).  Do NOT define BN_LLONG.
  */
 #ifdef SIXTY_FOUR_BIT
 #undef BN_LLONG
-/* #define BN_ULLONG	unsigned long long */
+#undef BN_ULLONG
 #define BN_ULONG	unsigned long long
 #define BN_LONG		long long
 #define BN_BITS		128
@@ -151,14 +149,14 @@ extern "C" {
 #define BN_MASK2h	(0xffffffff00000000LL)
 #define BN_MASK2h1	(0xffffffff80000000LL)
 #define BN_TBIT		(0x8000000000000000LL)
-#define BN_DEC_CONV	(10000000000000000000LL)
+#define BN_DEC_CONV	(10000000000000000000ULL)
 #define BN_DEC_FMT1	"%llu"
 #define BN_DEC_FMT2	"%019llu"
 #define BN_DEC_NUM	19
 #endif
 
 #ifdef THIRTY_TWO_BIT
-#ifdef WIN32
+#if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__)
 #define BN_ULLONG	unsigned _int64
 #else
 #define BN_ULLONG	unsigned long long
@@ -169,7 +167,12 @@ extern "C" {
 #define BN_BYTES	4
 #define BN_BITS2	32
 #define BN_BITS4	16
+#ifdef OPENSSL_SYS_WIN32
+/* VC++ doesn't like the LL suffix */
+#define BN_MASK		(0xffffffffffffffffL)
+#else
 #define BN_MASK		(0xffffffffffffffffLL)
+#endif
 #define BN_MASK2	(0xffffffffL)
 #define BN_MASK2l	(0xffff)
 #define BN_MASK2h1	(0xffff8000L)
@@ -244,19 +247,13 @@ typedef struct bignum_st
 	BN_ULONG *d;	/* Pointer to an array of 'BN_BITS2' bit chunks. */
 	int top;	/* Index of last used d +1. */
 	/* The next are internal book keeping for bn_expand. */
-	int max;	/* Size of the d array. */
+	int dmax;	/* Size of the d array. */
 	int neg;	/* one if the number is negative */
 	int flags;
 	} BIGNUM;
 
-/* Used for temp variables */
-#define BN_CTX_NUM	12
-typedef struct bignum_ctx
-	{
-	int tos;
-	BIGNUM bn[BN_CTX_NUM+1];
-	int flags;
-	} BN_CTX;
+/* Used for temp variables (declaration hidden in bn_lcl.h) */
+typedef struct bignum_ctx BN_CTX;
 
 typedef struct bn_blinding_st
 	{
@@ -268,16 +265,15 @@ typedef struct bn_blinding_st
 
 /* Used for montgomery multiplication */
 typedef struct bn_mont_ctx_st
-        {
-	int use_word;	/* 0 for word form, 1 for long form */
-        int ri;         /* number of bits in R */
-        BIGNUM RR;     /* used to convert to montgomery form */
-        BIGNUM N;      /* The modulus */
-        BIGNUM Ni;     /* The inverse of N */
-	BN_ULONG n0;	/* word form of inverse, normally only one of
-			 * Ni or n0 is defined */
+	{
+	int ri;        /* number of bits in R */
+	BIGNUM RR;     /* used to convert to montgomery form */
+	BIGNUM N;      /* The modulus */
+	BIGNUM Ni;     /* R*(1/R mod N) - N*Ni = 1
+	                * (Ni is only stored for bignum algorithm) */
+	BN_ULONG n0;   /* least significant word of Ni */
 	int flags;
-        } BN_MONT_CTX;
+	} BN_MONT_CTX;
 
 /* Used for reciprocal division/mod functions
  * It cannot be shared between threads
@@ -291,127 +287,170 @@ typedef struct bn_recp_ctx_st
 	int flags;
 	} BN_RECP_CTX;
 
-#define BN_to_montgomery(r,a,mont,ctx)	BN_mod_mul_montgomery(\
-	r,a,&((mont)->RR),(mont),ctx)
-
-#define BN_prime_checks		(5)
+#define BN_prime_checks 0 /* default: select number of iterations
+			     based on the size of the number */
+
+/* number of Miller-Rabin iterations for an error rate  of less than 2^-80
+ * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook
+ * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996];
+ * original paper: Damgaard, Landrock, Pomerance: Average case error estimates
+ * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */
+#define BN_prime_checks_for_size(b) ((b) >= 1300 ?  2 : \
+                                (b) >=  850 ?  3 : \
+                                (b) >=  650 ?  4 : \
+                                (b) >=  550 ?  5 : \
+                                (b) >=  450 ?  6 : \
+                                (b) >=  400 ?  7 : \
+                                (b) >=  350 ?  8 : \
+                                (b) >=  300 ?  9 : \
+                                (b) >=  250 ? 12 : \
+                                (b) >=  200 ? 15 : \
+                                (b) >=  150 ? 18 : \
+                                /* b >= 100 */ 27)
 
 #define BN_num_bytes(a)	((BN_num_bits(a)+7)/8)
-#define BN_is_word(a,w)	(((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w)))
-#define BN_is_zero(a)	(((a)->top == 0) || BN_is_word(a,0))
-#define BN_is_one(a)	(BN_is_word((a),1))
-#define BN_is_odd(a)	(((a)->top > 0) && ((a)->d[0] & 1))
+
+/* Note that BN_abs_is_word does not work reliably for w == 0 */
+#define BN_abs_is_word(a,w) (((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w)))
+#define BN_is_zero(a)       (((a)->top == 0) || BN_abs_is_word(a,0))
+#define BN_is_one(a)        (BN_abs_is_word((a),1) && !(a)->neg)
+#define BN_is_word(a,w)     ((w) ? BN_abs_is_word((a),(w)) && !(a)->neg : \
+                                   BN_is_zero((a)))
+#define BN_is_odd(a)	    (((a)->top > 0) && ((a)->d[0] & 1))
+
 #define BN_one(a)	(BN_set_word((a),1))
 #define BN_zero(a)	(BN_set_word((a),0))
+/* BN_set_sign(BIGNUM *, int) sets the sign of a BIGNUM
+ * (0 for a non-negative value, 1 for negative) */
+#define BN_set_sign(a,b) ((a)->neg = (b))
+/* BN_get_sign(BIGNUM *) returns the sign of the BIGNUM */
+#define BN_get_sign(a)   ((a)->neg)
 
 /*#define BN_ascii2bn(a)	BN_hex2bn(a) */
 /*#define BN_bn2ascii(a)	BN_bn2hex(a) */
 
-#define bn_expand(n,b) ((((((b+BN_BITS2-1))/BN_BITS2)) <= (n)->max)?\
-	(n):bn_expand2((n),(b)/BN_BITS2+1))
-#define bn_wexpand(n,b) (((b) <= (n)->max)?(n):bn_expand2((n),(b)))
-
-#define bn_fix_top(a) \
-        { \
-        BN_ULONG *ftl; \
-	if ((a)->top > 0) \
-		{ \
-		for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
-		if (*(ftl--)) break; \
-		} \
-	}
-
-#ifndef NOPROTO
-BIGNUM *BN_value_one(void);
+const BIGNUM *BN_value_one(void);
 char *	BN_options(void);
 BN_CTX *BN_CTX_new(void);
 void	BN_CTX_init(BN_CTX *c);
 void	BN_CTX_free(BN_CTX *c);
+void	BN_CTX_start(BN_CTX *ctx);
+BIGNUM *BN_CTX_get(BN_CTX *ctx);
+void	BN_CTX_end(BN_CTX *ctx);
 int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
-int	BN_num_bits(BIGNUM *a);
+int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
+int	BN_rand_range(BIGNUM *rnd, BIGNUM *range);
+int	BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
+int	BN_num_bits(const BIGNUM *a);
 int	BN_num_bits_word(BN_ULONG);
 BIGNUM *BN_new(void);
 void	BN_init(BIGNUM *);
 void	BN_clear_free(BIGNUM *a);
-BIGNUM *BN_copy(BIGNUM *a, BIGNUM *b);
-BIGNUM *BN_bin2bn(unsigned char *s,int len,BIGNUM *ret);
-int	BN_bn2bin(BIGNUM *a, unsigned char *to);
-BIGNUM *BN_mpi2bn(unsigned char *s,int len,BIGNUM *ret);
-int	BN_bn2mpi(BIGNUM *a, unsigned char *to);
-int	BN_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b);
-int	BN_usub(BIGNUM *r, BIGNUM *a, BIGNUM *b);
-int	BN_uadd(BIGNUM *r, BIGNUM *a, BIGNUM *b);
-int	BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b);
-int	BN_mod(BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
-int	BN_div(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
-int	BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b,BN_CTX *ctx);
-int	BN_sqr(BIGNUM *r, BIGNUM *a,BN_CTX *ctx);
-BN_ULONG BN_mod_word(BIGNUM *a, BN_ULONG w);
+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
+/* BN_ncopy(): like BN_copy() but copies at most the first n BN_ULONGs */
+BIGNUM *BN_ncopy(BIGNUM *a, const BIGNUM *b, size_t n);
+void	BN_swap(BIGNUM *a, BIGNUM *b);
+BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret);
+int	BN_bn2bin(const BIGNUM *a, unsigned char *to);
+BIGNUM *BN_mpi2bn(const unsigned char *s,int len,BIGNUM *ret);
+int	BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+int	BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int	BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int	BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int	BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int	BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int	BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx);
+
+int	BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+	BN_CTX *ctx);
+#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
+int	BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
+int	BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
+int	BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
+int	BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
+int	BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
+int	BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+	const BIGNUM *m, BN_CTX *ctx);
+int	BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+int	BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+int	BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
+int	BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx);
+int	BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m);
+
+BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
 BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
 int	BN_mul_word(BIGNUM *a, BN_ULONG w);
 int	BN_add_word(BIGNUM *a, BN_ULONG w);
 int	BN_sub_word(BIGNUM *a, BN_ULONG w);
 int	BN_set_word(BIGNUM *a, BN_ULONG w);
-BN_ULONG BN_get_word(BIGNUM *a);
-int	BN_cmp(BIGNUM *a, BIGNUM *b);
+BN_ULONG BN_get_word(const BIGNUM *a);
+
+int	BN_cmp(const BIGNUM *a, const BIGNUM *b);
 void	BN_free(BIGNUM *a);
-int	BN_is_bit_set(BIGNUM *a, int n);
-int	BN_lshift(BIGNUM *r, BIGNUM *a, int n);
-int	BN_lshift1(BIGNUM *r, BIGNUM *a);
-int	BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p,BN_CTX *ctx);
-int	BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
-int	BN_mod_exp_mont(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx,
-		BN_MONT_CTX *m_ctx);
-int	BN_mod_exp2_mont(BIGNUM *r, BIGNUM *a1, BIGNUM *p1,BIGNUM *a2,
-		BIGNUM *p2,BIGNUM *m,BN_CTX *ctx,BN_MONT_CTX *m_ctx);
-int	BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p,
-	BIGNUM *m,BN_CTX *ctx);
+int	BN_is_bit_set(const BIGNUM *a, int n);
+int	BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+int	BN_lshift1(BIGNUM *r, const BIGNUM *a);
+int	BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx);
+
+int	BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *m,BN_CTX *ctx);
+int	BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int	BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
+	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int	BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
+	const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m,
+	BN_CTX *ctx,BN_MONT_CTX *m_ctx);
+int	BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *m,BN_CTX *ctx);
+
 int	BN_mask_bits(BIGNUM *a,int n);
-int	BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, BIGNUM *m,
-	BN_CTX *ctx);
-#ifndef WIN16
-int	BN_print_fp(FILE *fp, BIGNUM *a);
+#ifndef OPENSSL_NO_FP_API
+int	BN_print_fp(FILE *fp, const BIGNUM *a);
 #endif
 #ifdef HEADER_BIO_H
-int	BN_print(BIO *fp, BIGNUM *a);
+int	BN_print(BIO *fp, const BIGNUM *a);
 #else
-int	BN_print(char *fp, BIGNUM *a);
+int	BN_print(void *fp, const BIGNUM *a);
 #endif
-int	BN_reciprocal(BIGNUM *r, BIGNUM *m, int len, BN_CTX *ctx);
-int	BN_rshift(BIGNUM *r, BIGNUM *a, int n);
-int	BN_rshift1(BIGNUM *r, BIGNUM *a);
+int	BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
+int	BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
+int	BN_rshift1(BIGNUM *r, const BIGNUM *a);
 void	BN_clear(BIGNUM *a);
-BIGNUM *bn_expand2(BIGNUM *b, int bits);
-BIGNUM *BN_dup(BIGNUM *a);
-int	BN_ucmp(BIGNUM *a, BIGNUM *b);
+BIGNUM *BN_dup(const BIGNUM *a);
+int	BN_ucmp(const BIGNUM *a, const BIGNUM *b);
 int	BN_set_bit(BIGNUM *a, int n);
 int	BN_clear_bit(BIGNUM *a, int n);
-char *	BN_bn2hex(BIGNUM *a);
-char *	BN_bn2dec(BIGNUM *a);
-int 	BN_hex2bn(BIGNUM **a,char *str);
-int 	BN_dec2bn(BIGNUM **a,char *str);
-int	BN_gcd(BIGNUM *r,BIGNUM *in_a,BIGNUM *in_b,BN_CTX *ctx);
-BIGNUM *BN_mod_inverse(BIGNUM *ret,BIGNUM *a, BIGNUM *n,BN_CTX *ctx);
-BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int strong,BIGNUM *add,
-		BIGNUM *rem,void (*callback)(int,int,char *),char *cb_arg);
-int	BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(int,int,char *),
-		BN_CTX *ctx,char *cb_arg);
-void	ERR_load_BN_strings(void );
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
-BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
-void     bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
-BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
-BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
+char *	BN_bn2hex(const BIGNUM *a);
+char *	BN_bn2dec(const BIGNUM *a);
+int 	BN_hex2bn(BIGNUM **a, const char *str);
+int 	BN_dec2bn(BIGNUM **a, const char *str);
+int	BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx);
+int	BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */
+BIGNUM *BN_mod_inverse(BIGNUM *ret,
+	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+BIGNUM *BN_mod_sqrt(BIGNUM *ret,
+	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
+BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
+	const BIGNUM *add, const BIGNUM *rem,
+	void (*callback)(int,int,void *),void *cb_arg);
+int	BN_is_prime(const BIGNUM *p,int nchecks,
+	void (*callback)(int,int,void *),
+	BN_CTX *ctx,void *cb_arg);
+int	BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
+	void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
+	int do_trial_division);
 
 BN_MONT_CTX *BN_MONT_CTX_new(void );
 void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
-int BN_mod_mul_montgomery(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_MONT_CTX *mont,
-	BN_CTX *ctx);
-int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
+int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
+	BN_MONT_CTX *mont, BN_CTX *ctx);
+#define BN_to_montgomery(r,a,mont,ctx)	BN_mod_mul_montgomery(\
+	(r),(a),&((mont)->RR),(mont),(ctx))
+int BN_from_montgomery(BIGNUM *r,const BIGNUM *a,
+	BN_MONT_CTX *mont, BN_CTX *ctx);
 void BN_MONT_CTX_free(BN_MONT_CTX *mont);
-int BN_MONT_CTX_set(BN_MONT_CTX *mont,BIGNUM *modulus,BN_CTX *ctx);
+int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
 BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
 
 BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
@@ -423,142 +462,125 @@ int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
 void BN_set_params(int mul,int high,int low,int mont);
 int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */
 
-void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb);
-void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
-void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
-void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
-void bn_sqr_comba8(BN_ULONG *r,BN_ULONG *a);
-void bn_sqr_comba4(BN_ULONG *r,BN_ULONG *a);
-int bn_cmp_words(BN_ULONG *a,BN_ULONG *b,int n);
-void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,BN_ULONG *t);
-void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,
-	int tn, int n,BN_ULONG *t);
-void bn_sqr_recursive(BN_ULONG *r,BN_ULONG *a, int n2, BN_ULONG *t);
-void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
-
 void	BN_RECP_CTX_init(BN_RECP_CTX *recp);
 BN_RECP_CTX *BN_RECP_CTX_new(void);
 void	BN_RECP_CTX_free(BN_RECP_CTX *recp);
-int	BN_RECP_CTX_set(BN_RECP_CTX *recp,BIGNUM *rdiv,BN_CTX *ctx);
-int	BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y,
-		BN_RECP_CTX *recp,BN_CTX *ctx);
-int	BN_mod_exp_recp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
-int	BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m,
-		BN_RECP_CTX *recp, BN_CTX *ctx);
+int	BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx);
+int	BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+	BN_RECP_CTX *recp,BN_CTX *ctx);
+int	BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *m, BN_CTX *ctx);
+int	BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+	BN_RECP_CTX *recp, BN_CTX *ctx);
+
+/* Functions for arithmetic over binary polynomials represented by BIGNUMs. 
+ *
+ * The BIGNUM::neg property of BIGNUMs representing binary polynomials is
+ * ignored.
+ *
+ * Note that input arguments are not const so that their bit arrays can
+ * be expanded to the appropriate size if needed.
+ */
 
+int	BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); /*r = a + b*/
+#define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
+int	BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p); /*r=a mod p*/
+int	BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+	const BIGNUM *p, BN_CTX *ctx); /* r = (a * b) mod p */
+int	BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+	BN_CTX *ctx); /* r = (a * a) mod p */
+int	BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p,
+	BN_CTX *ctx); /* r = (1 / b) mod p */
+int	BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+	const BIGNUM *p, BN_CTX *ctx); /* r = (a / b) mod p */
+int	BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+	const BIGNUM *p, BN_CTX *ctx); /* r = (a ^ b) mod p */
+int	BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+	BN_CTX *ctx); /* r = sqrt(a) mod p */
+int	BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+	BN_CTX *ctx); /* r^2 + r = a mod p */
+#define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
+/* Some functions allow for representation of the irreducible polynomials
+ * as an unsigned int[], say p.  The irreducible f(t) is then of the form:
+ *     t^p[0] + t^p[1] + ... + t^p[k]
+ * where m = p[0] > p[1] > ... > p[k] = 0.
+ */
+int	BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[]);
+	/* r = a mod p */
+int	BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+	const unsigned int p[], BN_CTX *ctx); /* r = (a * b) mod p */
+int	BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[],
+	BN_CTX *ctx); /* r = (a * a) mod p */
+int	BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const unsigned int p[],
+	BN_CTX *ctx); /* r = (1 / b) mod p */
+int	BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+	const unsigned int p[], BN_CTX *ctx); /* r = (a / b) mod p */
+int	BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+	const unsigned int p[], BN_CTX *ctx); /* r = (a ^ b) mod p */
+int	BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
+	const unsigned int p[], BN_CTX *ctx); /* r = sqrt(a) mod p */
+int	BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
+	const unsigned int p[], BN_CTX *ctx); /* r^2 + r = a mod p */
+int	BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max);
+int	BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a);
+
+/* faster mod functions for the 'NIST primes' 
+ * 0 <= a < p^2 */
+int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+
+const BIGNUM *BN_get0_nist_prime_192(void);
+const BIGNUM *BN_get0_nist_prime_224(void);
+const BIGNUM *BN_get0_nist_prime_256(void);
+const BIGNUM *BN_get0_nist_prime_384(void);
+const BIGNUM *BN_get0_nist_prime_521(void);
+
+/* library internal functions */
+
+#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\
+	(a):bn_expand2((a),(bits)/BN_BITS2+1))
+#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words)))
+BIGNUM *bn_expand2(BIGNUM *a, int words);
+BIGNUM *bn_dup_expand(const BIGNUM *a, int words);
 
-#else
+#define bn_fix_top(a) \
+        { \
+        BN_ULONG *ftl; \
+	if ((a)->top > 0) \
+		{ \
+		for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
+		if (*(ftl--)) break; \
+		} \
+	}
 
-BIGNUM *BN_value_one();
-char *	BN_options();
-BN_CTX *BN_CTX_new();
-void	BN_CTX_init();
-void	BN_CTX_free();
-int     BN_rand();
-int	BN_num_bits();
-int	BN_num_bits_word();
-BIGNUM *BN_new();
-void	BN_init();
-void	BN_clear_free();
-BIGNUM *BN_copy();
-BIGNUM *BN_bin2bn();
-int	BN_bn2bin();
-BIGNUM *BN_mpi2bn();
-int	BN_bn2mpi();
-int	BN_sub();
-int	BN_usub();
-int	BN_uadd();
-int	BN_add();
-int	BN_mod();
-int	BN_div();
-int	BN_mul();
-int	BN_sqr();
-BN_ULONG BN_mod_word();
-BN_ULONG BN_div_word();
-int	BN_add_word();
-int	BN_sub_word();
-int	BN_mul_word();
-int	BN_set_word();
-unsigned long BN_get_word();
-int	BN_cmp();
-void	BN_free();
-int	BN_is_bit_set();
-int	BN_lshift();
-int	BN_lshift1();
-int	BN_exp();
-int	BN_mod_exp();
-int	BN_mod_exp_mont();
-int	BN_mod_exp_recp();
-int	BN_mod_exp_simple();
-int	BN_mask_bits();
-int	BN_mod_mul_reciprocal();
-int	BN_mod_mul();
-#ifndef WIN16
-int	BN_print_fp();
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
+void     bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
+BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num);
+
+#ifdef BN_DEBUG
+void bn_dump1(FILE *o, const char *a, const BN_ULONG *b,int n);
+# define bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \
+   fprintf(stderr,"\n");}
+# define bn_dump(a,n) bn_dump1(stderr,#a,a,n);
+#else
+# define bn_print(a)
+# define bn_dump(a,b)
 #endif
-int	BN_print();
-int	BN_reciprocal();
-int	BN_rshift();
-int	BN_rshift1();
-void	BN_clear();
-BIGNUM *bn_expand2();
-BIGNUM *BN_dup();
-int	BN_ucmp();
-int	BN_set_bit();
-int	BN_clear_bit();
-char *	BN_bn2hex();
-char *	BN_bn2dec();
-int 	BN_hex2bn();
-int 	BN_dec2bn();
-int	BN_gcd();
-BIGNUM *BN_mod_inverse();
-BIGNUM *BN_generate_prime();
-int	BN_is_prime();
-void	ERR_load_BN_strings();
-
-BN_ULONG bn_mul_add_words();
-BN_ULONG bn_mul_words();
-void     bn_sqr_words();
-BN_ULONG bn_div_words();
-BN_ULONG bn_add_words();
-BN_ULONG bn_sub_words();
-
-int BN_mod_mul_montgomery();
-int BN_from_montgomery();
-BN_MONT_CTX *BN_MONT_CTX_new();
-void BN_MONT_CTX_init();
-void BN_MONT_CTX_free();
-int BN_MONT_CTX_set();
-
-BN_BLINDING *BN_BLINDING_new();
-void BN_BLINDING_free();
-int BN_BLINDING_update();
-int BN_BLINDING_convert();
-int BN_BLINDING_invert();
-
-void bn_mul_normal();
-void bn_mul_comba8();
-void bn_mul_comba4();
-void bn_sqr_normal();
-void bn_sqr_comba8();
-void bn_sqr_comba4();
-int bn_cmp_words();
-void bn_mul_recursive();
-void bn_mul_part_recursive();
-void bn_sqr_recursive();
-void bn_mul_low_normal();
-
-void	BN_RECP_CTX_init();
-BN_RECP_CTX *BN_RECP_CTX_new();
-void	BN_RECP_CTX_free();
-int	BN_RECP_CTX_set();
-int	BN_mod_mul_reciprocal();
-int	BN_mod_exp_recp();
-int	BN_div_recp();
 
-#endif
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom);
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_BN_strings(void);
+
 /* Error codes for the BN functions. */
 
 /* Function codes. */
@@ -568,30 +590,51 @@ int	BN_div_recp();
 #define BN_F_BN_BLINDING_UPDATE				 103
 #define BN_F_BN_BN2DEC					 104
 #define BN_F_BN_BN2HEX					 105
+#define BN_F_BN_CTX_GET					 116
 #define BN_F_BN_CTX_NEW					 106
 #define BN_F_BN_DIV					 107
 #define BN_F_BN_EXPAND2					 108
+#define BN_F_BN_EXPAND_INTERNAL				 120
+#define BN_F_BN_GF2M_MOD				 126
+#define BN_F_BN_GF2M_MOD_DIV				 123
+#define BN_F_BN_GF2M_MOD_EXP				 127
+#define BN_F_BN_GF2M_MOD_MUL				 124
+#define BN_F_BN_GF2M_MOD_SOLVE_QUAD			 128
+#define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR			 129
+#define BN_F_BN_GF2M_MOD_SQR				 125
+#define BN_F_BN_MOD_EXP2_MONT				 118
 #define BN_F_BN_MOD_EXP_MONT				 109
+#define BN_F_BN_MOD_EXP_MONT_WORD			 117
 #define BN_F_BN_MOD_INVERSE				 110
+#define BN_F_BN_MOD_LSHIFT_QUICK			 119
 #define BN_F_BN_MOD_MUL_RECIPROCAL			 111
+#define BN_F_BN_MOD_SQRT				 121
 #define BN_F_BN_MPI2BN					 112
 #define BN_F_BN_NEW					 113
 #define BN_F_BN_RAND					 114
+#define BN_F_BN_RAND_RANGE				 122
 #define BN_F_BN_USUB					 115
 
 /* Reason codes. */
 #define BN_R_ARG2_LT_ARG3				 100
 #define BN_R_BAD_RECIPROCAL				 101
+#define BN_R_BIGNUM_TOO_LONG				 114
 #define BN_R_CALLED_WITH_EVEN_MODULUS			 102
 #define BN_R_DIV_BY_ZERO				 103
 #define BN_R_ENCODING_ERROR				 104
 #define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA		 105
+#define BN_R_INPUT_NOT_REDUCED				 110
 #define BN_R_INVALID_LENGTH				 106
-#define BN_R_NOT_INITALISED				 107
+#define BN_R_INVALID_RANGE				 115
+#define BN_R_NOT_A_SQUARE				 111
+#define BN_R_NOT_IMPLEMENTED				 116
+#define BN_R_NOT_INITIALIZED				 107
 #define BN_R_NO_INVERSE					 108
- 
+#define BN_R_P_IS_NOT_PRIME				 112
+#define BN_R_TOO_MANY_ITERATIONS			 113
+#define BN_R_TOO_MANY_TEMPORARY_VARIABLES		 109
+
 #ifdef  __cplusplus
 }
 #endif
 #endif
-
diff --git a/crypto/bn/bn.org b/crypto/bn/bn.org
deleted file mode 100644
index d8904d7efa..0000000000
--- a/crypto/bn/bn.org
+++ /dev/null
@@ -1,597 +0,0 @@
-/* crypto/bn/bn.org */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
- *
- * Always modify bn.org since bn.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-#ifndef HEADER_BN_H
-#define HEADER_BN_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#undef BN_LLONG
-
-#ifdef WIN32
-#define BN_LLONG /* This comment stops Configure mutilating things */
-#endif
-
-#define BN_MUL_COMBA
-#define BN_SQR_COMBA
-#define BN_RECURSION
-#define RECP_MUL_MOD
-#define MONT_MUL_MOD
-
-/* This next option uses the C libraries (2 word)/(1 word) function.
- * If it is not defined, I use my C version (which is slower).
- * The reason for this flag is that when the particular C compiler
- * library routine is used, and the library is linked with a different
- * compiler, the library is missing.  This mostly happens when the
- * library is built with gcc and then linked using nornal cc.  This would
- * be a common occurance because gcc normally produces code that is
- * 2 times faster than system compilers for the big number stuff.
- * For machines with only one compiler (or shared libraries), this should
- * be on.  Again this in only really a problem on machines
- * using "long long's", are 32bit, and are not using my assember code. */
-#if defined(MSDOS) || defined(WINDOWS) || defined(linux)
-#define BN_DIV2W
-#endif
-
-/* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
-
-
-/* assuming long is 64bit - this is the DEC Alpha
- * unsigned long long is only 64 bits :-(, don't define
- * BN_LLONG for the DEC Alpha */
-#ifdef SIXTY_FOUR_BIT_LONG
-#define BN_ULLONG	unsigned long long
-#define BN_ULONG	unsigned long
-#define BN_LONG		long
-#define BN_BITS		128
-#define BN_BYTES	8
-#define BN_BITS2	64
-#define BN_BITS4	32
-#define BN_MASK		(0xffffffffffffffffffffffffffffffffLL)
-#define BN_MASK2	(0xffffffffffffffffL)
-#define BN_MASK2l	(0xffffffffL)
-#define BN_MASK2h	(0xffffffff00000000L)
-#define BN_MASK2h1	(0xffffffff80000000L)
-#define BN_TBIT		(0x8000000000000000L)
-#define BN_DEC_CONV	(10000000000000000000UL)
-#define BN_DEC_FMT1	"%lu"
-#define BN_DEC_FMT2	"%019lu"
-#define BN_DEC_NUM	19
-#endif
-
-/* This is where the long long data type is 64 bits, but long is 32.
- * For machines where there are 64bit registers, this is the mode to use.
- * IRIX, on R4000 and above should use this mode, along with the relevent
- * assember code :-).  Do NOT define BN_ULLONG.
- */
-#ifdef SIXTY_FOUR_BIT
-#undef BN_LLONG
-/* #define BN_ULLONG	unsigned long long */
-#define BN_ULONG	unsigned long long
-#define BN_LONG		long long
-#define BN_BITS		128
-#define BN_BYTES	8
-#define BN_BITS2	64
-#define BN_BITS4	32
-#define BN_MASK2	(0xffffffffffffffffLL)
-#define BN_MASK2l	(0xffffffffL)
-#define BN_MASK2h	(0xffffffff00000000LL)
-#define BN_MASK2h1	(0xffffffff80000000LL)
-#define BN_TBIT		(0x8000000000000000LL)
-#define BN_DEC_CONV	(10000000000000000000LL)
-#define BN_DEC_FMT1	"%llu"
-#define BN_DEC_FMT2	"%019llu"
-#define BN_DEC_NUM	19
-#endif
-
-#ifdef THIRTY_TWO_BIT
-#ifdef WIN32
-#define BN_ULLONG	unsigned _int64
-#else
-#define BN_ULLONG	unsigned long long
-#endif
-#define BN_ULONG	unsigned long
-#define BN_LONG		long
-#define BN_BITS		64
-#define BN_BYTES	4
-#define BN_BITS2	32
-#define BN_BITS4	16
-#define BN_MASK		(0xffffffffffffffffLL)
-#define BN_MASK2	(0xffffffffL)
-#define BN_MASK2l	(0xffff)
-#define BN_MASK2h1	(0xffff8000L)
-#define BN_MASK2h	(0xffff0000L)
-#define BN_TBIT		(0x80000000L)
-#define BN_DEC_CONV	(1000000000L)
-#define BN_DEC_FMT1	"%lu"
-#define BN_DEC_FMT2	"%09lu"
-#define BN_DEC_NUM	9
-#endif
-
-#ifdef SIXTEEN_BIT
-#ifndef BN_DIV2W
-#define BN_DIV2W
-#endif
-#define BN_ULLONG	unsigned long
-#define BN_ULONG	unsigned short
-#define BN_LONG		short
-#define BN_BITS		32
-#define BN_BYTES	2
-#define BN_BITS2	16
-#define BN_BITS4	8
-#define BN_MASK		(0xffffffff)
-#define BN_MASK2	(0xffff)
-#define BN_MASK2l	(0xff)
-#define BN_MASK2h1	(0xff80)
-#define BN_MASK2h	(0xff00)
-#define BN_TBIT		(0x8000)
-#define BN_DEC_CONV	(100000)
-#define BN_DEC_FMT1	"%u"
-#define BN_DEC_FMT2	"%05u"
-#define BN_DEC_NUM	5
-#endif
-
-#ifdef EIGHT_BIT
-#ifndef BN_DIV2W
-#define BN_DIV2W
-#endif
-#define BN_ULLONG	unsigned short
-#define BN_ULONG	unsigned char
-#define BN_LONG		char
-#define BN_BITS		16
-#define BN_BYTES	1
-#define BN_BITS2	8
-#define BN_BITS4	4
-#define BN_MASK		(0xffff)
-#define BN_MASK2	(0xff)
-#define BN_MASK2l	(0xf)
-#define BN_MASK2h1	(0xf8)
-#define BN_MASK2h	(0xf0)
-#define BN_TBIT		(0x80)
-#define BN_DEC_CONV	(100)
-#define BN_DEC_FMT1	"%u"
-#define BN_DEC_FMT2	"%02u"
-#define BN_DEC_NUM	2
-#endif
-
-#define BN_DEFAULT_BITS	1280
-
-#ifdef BIGNUM
-#undef BIGNUM
-#endif
-
-#define BN_FLG_MALLOCED		0x01
-#define BN_FLG_STATIC_DATA	0x02
-#define BN_FLG_FREE		0x8000	/* used for debuging */
-#define BN_set_flags(b,n)	((b)->flags|=(n))
-#define BN_get_flags(b,n)	((b)->flags&(n))
-
-typedef struct bignum_st
-	{
-	BN_ULONG *d;	/* Pointer to an array of 'BN_BITS2' bit chunks. */
-	int top;	/* Index of last used d +1. */
-	/* The next are internal book keeping for bn_expand. */
-	int max;	/* Size of the d array. */
-	int neg;	/* one if the number is negative */
-	int flags;
-	} BIGNUM;
-
-/* Used for temp variables */
-#define BN_CTX_NUM	12
-typedef struct bignum_ctx
-	{
-	int tos;
-	BIGNUM bn[BN_CTX_NUM+1];
-	int flags;
-	} BN_CTX;
-
-typedef struct bn_blinding_st
-	{
-	int init;
-	BIGNUM *A;
-	BIGNUM *Ai;
-	BIGNUM *mod; /* just a reference */
-	} BN_BLINDING;
-
-/* Used for montgomery multiplication */
-typedef struct bn_mont_ctx_st
-        {
-	int use_word;	/* 0 for word form, 1 for long form */
-        int ri;         /* number of bits in R */
-        BIGNUM RR;     /* used to convert to montgomery form */
-        BIGNUM N;      /* The modulus */
-        BIGNUM Ni;     /* The inverse of N */
-	BN_ULONG n0;	/* word form of inverse, normally only one of
-			 * Ni or n0 is defined */
-	int flags;
-        } BN_MONT_CTX;
-
-/* Used for reciprocal division/mod functions
- * It cannot be shared between threads
- */
-typedef struct bn_recp_ctx_st
-	{
-	BIGNUM N;	/* the divisor */
-	BIGNUM Nr;	/* the reciprocal */
-	int num_bits;
-	int shift;
-	int flags;
-	} BN_RECP_CTX;
-
-#define BN_to_montgomery(r,a,mont,ctx)	BN_mod_mul_montgomery(\
-	r,a,&((mont)->RR),(mont),ctx)
-
-#define BN_prime_checks		(5)
-
-#define BN_num_bytes(a)	((BN_num_bits(a)+7)/8)
-#define BN_is_word(a,w)	(((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w)))
-#define BN_is_zero(a)	(((a)->top == 0) || BN_is_word(a,0))
-#define BN_is_one(a)	(BN_is_word((a),1))
-#define BN_is_odd(a)	(((a)->top > 0) && ((a)->d[0] & 1))
-#define BN_one(a)	(BN_set_word((a),1))
-#define BN_zero(a)	(BN_set_word((a),0))
-
-/*#define BN_ascii2bn(a)	BN_hex2bn(a) */
-/*#define BN_bn2ascii(a)	BN_bn2hex(a) */
-
-#define bn_expand(n,b) ((((((b+BN_BITS2-1))/BN_BITS2)) <= (n)->max)?\
-	(n):bn_expand2((n),(b)/BN_BITS2+1))
-#define bn_wexpand(n,b) (((b) <= (n)->max)?(n):bn_expand2((n),(b)))
-
-#define bn_fix_top(a) \
-        { \
-        BN_ULONG *ftl; \
-	if ((a)->top > 0) \
-		{ \
-		for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \
-		if (*(ftl--)) break; \
-		} \
-	}
-
-#ifndef NOPROTO
-BIGNUM *BN_value_one(void);
-char *	BN_options(void);
-BN_CTX *BN_CTX_new(void);
-void	BN_CTX_init(BN_CTX *c);
-void	BN_CTX_free(BN_CTX *c);
-int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
-int	BN_num_bits(BIGNUM *a);
-int	BN_num_bits_word(BN_ULONG);
-BIGNUM *BN_new(void);
-void	BN_init(BIGNUM *);
-void	BN_clear_free(BIGNUM *a);
-BIGNUM *BN_copy(BIGNUM *a, BIGNUM *b);
-BIGNUM *BN_bin2bn(unsigned char *s,int len,BIGNUM *ret);
-int	BN_bn2bin(BIGNUM *a, unsigned char *to);
-BIGNUM *BN_mpi2bn(unsigned char *s,int len,BIGNUM *ret);
-int	BN_bn2mpi(BIGNUM *a, unsigned char *to);
-int	BN_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b);
-int	BN_usub(BIGNUM *r, BIGNUM *a, BIGNUM *b);
-int	BN_uadd(BIGNUM *r, BIGNUM *a, BIGNUM *b);
-int	BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b);
-int	BN_mod(BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
-int	BN_div(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
-int	BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b,BN_CTX *ctx);
-int	BN_sqr(BIGNUM *r, BIGNUM *a,BN_CTX *ctx);
-BN_ULONG BN_mod_word(BIGNUM *a, BN_ULONG w);
-BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
-int	BN_mul_word(BIGNUM *a, BN_ULONG w);
-int	BN_add_word(BIGNUM *a, BN_ULONG w);
-int	BN_sub_word(BIGNUM *a, BN_ULONG w);
-int	BN_set_word(BIGNUM *a, BN_ULONG w);
-BN_ULONG BN_get_word(BIGNUM *a);
-int	BN_cmp(BIGNUM *a, BIGNUM *b);
-void	BN_free(BIGNUM *a);
-int	BN_is_bit_set(BIGNUM *a, int n);
-int	BN_lshift(BIGNUM *r, BIGNUM *a, int n);
-int	BN_lshift1(BIGNUM *r, BIGNUM *a);
-int	BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p,BN_CTX *ctx);
-int	BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
-int	BN_mod_exp_mont(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx,
-		BN_MONT_CTX *m_ctx);
-int	BN_mod_exp2_mont(BIGNUM *r, BIGNUM *a1, BIGNUM *p1,BIGNUM *a2,
-		BIGNUM *p2,BIGNUM *m,BN_CTX *ctx,BN_MONT_CTX *m_ctx);
-int	BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p,
-	BIGNUM *m,BN_CTX *ctx);
-int	BN_mask_bits(BIGNUM *a,int n);
-int	BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, BIGNUM *m,
-	BN_CTX *ctx);
-#ifndef WIN16
-int	BN_print_fp(FILE *fp, BIGNUM *a);
-#endif
-#ifdef HEADER_BIO_H
-int	BN_print(BIO *fp, BIGNUM *a);
-#else
-int	BN_print(char *fp, BIGNUM *a);
-#endif
-int	BN_reciprocal(BIGNUM *r, BIGNUM *m, int len, BN_CTX *ctx);
-int	BN_rshift(BIGNUM *r, BIGNUM *a, int n);
-int	BN_rshift1(BIGNUM *r, BIGNUM *a);
-void	BN_clear(BIGNUM *a);
-BIGNUM *bn_expand2(BIGNUM *b, int bits);
-BIGNUM *BN_dup(BIGNUM *a);
-int	BN_ucmp(BIGNUM *a, BIGNUM *b);
-int	BN_set_bit(BIGNUM *a, int n);
-int	BN_clear_bit(BIGNUM *a, int n);
-char *	BN_bn2hex(BIGNUM *a);
-char *	BN_bn2dec(BIGNUM *a);
-int 	BN_hex2bn(BIGNUM **a,char *str);
-int 	BN_dec2bn(BIGNUM **a,char *str);
-int	BN_gcd(BIGNUM *r,BIGNUM *in_a,BIGNUM *in_b,BN_CTX *ctx);
-BIGNUM *BN_mod_inverse(BIGNUM *ret,BIGNUM *a, BIGNUM *n,BN_CTX *ctx);
-BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int strong,BIGNUM *add,
-		BIGNUM *rem,void (*callback)(int,int,char *),char *cb_arg);
-int	BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(int,int,char *),
-		BN_CTX *ctx,char *cb_arg);
-void	ERR_load_BN_strings(void );
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
-BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
-void     bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
-BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
-BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
-BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num);
-
-BN_MONT_CTX *BN_MONT_CTX_new(void );
-void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
-int BN_mod_mul_montgomery(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_MONT_CTX *mont,
-	BN_CTX *ctx);
-int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
-void BN_MONT_CTX_free(BN_MONT_CTX *mont);
-int BN_MONT_CTX_set(BN_MONT_CTX *mont,BIGNUM *modulus,BN_CTX *ctx);
-BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
-
-BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
-void BN_BLINDING_free(BN_BLINDING *b);
-int BN_BLINDING_update(BN_BLINDING *b,BN_CTX *ctx);
-int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *r, BN_CTX *ctx);
-int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
-
-void BN_set_params(int mul,int high,int low,int mont);
-int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */
-
-void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb);
-void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
-void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
-void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
-void bn_sqr_comba8(BN_ULONG *r,BN_ULONG *a);
-void bn_sqr_comba4(BN_ULONG *r,BN_ULONG *a);
-int bn_cmp_words(BN_ULONG *a,BN_ULONG *b,int n);
-void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,BN_ULONG *t);
-void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,
-	int tn, int n,BN_ULONG *t);
-void bn_sqr_recursive(BN_ULONG *r,BN_ULONG *a, int n2, BN_ULONG *t);
-void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
-
-void	BN_RECP_CTX_init(BN_RECP_CTX *recp);
-BN_RECP_CTX *BN_RECP_CTX_new(void);
-void	BN_RECP_CTX_free(BN_RECP_CTX *recp);
-int	BN_RECP_CTX_set(BN_RECP_CTX *recp,BIGNUM *rdiv,BN_CTX *ctx);
-int	BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y,
-		BN_RECP_CTX *recp,BN_CTX *ctx);
-int	BN_mod_exp_recp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
-int	BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m,
-		BN_RECP_CTX *recp, BN_CTX *ctx);
-
-
-#else
-
-BIGNUM *BN_value_one();
-char *	BN_options();
-BN_CTX *BN_CTX_new();
-void	BN_CTX_init();
-void	BN_CTX_free();
-int     BN_rand();
-int	BN_num_bits();
-int	BN_num_bits_word();
-BIGNUM *BN_new();
-void	BN_init();
-void	BN_clear_free();
-BIGNUM *BN_copy();
-BIGNUM *BN_bin2bn();
-int	BN_bn2bin();
-BIGNUM *BN_mpi2bn();
-int	BN_bn2mpi();
-int	BN_sub();
-int	BN_usub();
-int	BN_uadd();
-int	BN_add();
-int	BN_mod();
-int	BN_div();
-int	BN_mul();
-int	BN_sqr();
-BN_ULONG BN_mod_word();
-BN_ULONG BN_div_word();
-int	BN_add_word();
-int	BN_sub_word();
-int	BN_mul_word();
-int	BN_set_word();
-unsigned long BN_get_word();
-int	BN_cmp();
-void	BN_free();
-int	BN_is_bit_set();
-int	BN_lshift();
-int	BN_lshift1();
-int	BN_exp();
-int	BN_mod_exp();
-int	BN_mod_exp_mont();
-int	BN_mod_exp_recp();
-int	BN_mod_exp_simple();
-int	BN_mask_bits();
-int	BN_mod_mul_reciprocal();
-int	BN_mod_mul();
-#ifndef WIN16
-int	BN_print_fp();
-#endif
-int	BN_print();
-int	BN_reciprocal();
-int	BN_rshift();
-int	BN_rshift1();
-void	BN_clear();
-BIGNUM *bn_expand2();
-BIGNUM *BN_dup();
-int	BN_ucmp();
-int	BN_set_bit();
-int	BN_clear_bit();
-char *	BN_bn2hex();
-char *	BN_bn2dec();
-int 	BN_hex2bn();
-int 	BN_dec2bn();
-int	BN_gcd();
-BIGNUM *BN_mod_inverse();
-BIGNUM *BN_generate_prime();
-int	BN_is_prime();
-void	ERR_load_BN_strings();
-
-BN_ULONG bn_mul_add_words();
-BN_ULONG bn_mul_words();
-void     bn_sqr_words();
-BN_ULONG bn_div_words();
-BN_ULONG bn_add_words();
-BN_ULONG bn_sub_words();
-
-int BN_mod_mul_montgomery();
-int BN_from_montgomery();
-BN_MONT_CTX *BN_MONT_CTX_new();
-void BN_MONT_CTX_init();
-void BN_MONT_CTX_free();
-int BN_MONT_CTX_set();
-
-BN_BLINDING *BN_BLINDING_new();
-void BN_BLINDING_free();
-int BN_BLINDING_update();
-int BN_BLINDING_convert();
-int BN_BLINDING_invert();
-
-void bn_mul_normal();
-void bn_mul_comba8();
-void bn_mul_comba4();
-void bn_sqr_normal();
-void bn_sqr_comba8();
-void bn_sqr_comba4();
-int bn_cmp_words();
-void bn_mul_recursive();
-void bn_mul_part_recursive();
-void bn_sqr_recursive();
-void bn_mul_low_normal();
-
-void	BN_RECP_CTX_init();
-BN_RECP_CTX *BN_RECP_CTX_new();
-void	BN_RECP_CTX_free();
-int	BN_RECP_CTX_set();
-int	BN_mod_mul_reciprocal();
-int	BN_mod_exp_recp();
-int	BN_div_recp();
-
-#endif
-
-/* BEGIN ERROR CODES */
-/* Error codes for the BN functions. */
-
-/* Function codes. */
-#define BN_F_BN_BLINDING_CONVERT			 100
-#define BN_F_BN_BLINDING_INVERT				 101
-#define BN_F_BN_BLINDING_NEW				 102
-#define BN_F_BN_BLINDING_UPDATE				 103
-#define BN_F_BN_BN2DEC					 104
-#define BN_F_BN_BN2HEX					 105
-#define BN_F_BN_CTX_NEW					 106
-#define BN_F_BN_DIV					 107
-#define BN_F_BN_EXPAND2					 108
-#define BN_F_BN_MOD_EXP_MONT				 109
-#define BN_F_BN_MOD_INVERSE				 110
-#define BN_F_BN_MOD_MUL_RECIPROCAL			 111
-#define BN_F_BN_MPI2BN					 112
-#define BN_F_BN_NEW					 113
-#define BN_F_BN_RAND					 114
-#define BN_F_BN_USUB					 115
-
-/* Reason codes. */
-#define BN_R_ARG2_LT_ARG3				 100
-#define BN_R_BAD_RECIPROCAL				 101
-#define BN_R_CALLED_WITH_EVEN_MODULUS			 102
-#define BN_R_DIV_BY_ZERO				 103
-#define BN_R_ENCODING_ERROR				 104
-#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA		 105
-#define BN_R_INVALID_LENGTH				 106
-#define BN_R_NOT_INITALISED				 107
-#define BN_R_NO_INVERSE					 108
- 
-#ifdef  __cplusplus
-}
-#endif
-#endif
-
diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c
index 27b781a367..6cba07e9f6 100644
--- a/crypto/bn/bn_add.c
+++ b/crypto/bn/bn_add.c
@@ -61,12 +61,10 @@
 #include "bn_lcl.h"
 
 /* r can == a or b */
-int BN_add(r, a, b)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *b;
+int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 	{
-	BIGNUM *tmp;
+	const BIGNUM *tmp;
+	int a_neg = a->neg;
 
 	bn_check_top(a);
 	bn_check_top(b);
@@ -76,10 +74,10 @@ BIGNUM *b;
 	 * -a +  b	b-a
 	 * -a + -b	-(a+b)
 	 */
-	if (a->neg ^ b->neg)
+	if (a_neg ^ b->neg)
 		{
 		/* only one is negative */
-		if (a->neg)
+		if (a_neg)
 			{ tmp=a; a=b; b=tmp; }
 
 		/* we are now a - b */
@@ -97,25 +95,21 @@ BIGNUM *b;
 		return(1);
 		}
 
-	if (a->neg) /* both are neg */
+	if (!BN_uadd(r,a,b)) return(0);
+	if (a_neg) /* both are neg */
 		r->neg=1;
 	else
 		r->neg=0;
-
-	if (!BN_uadd(r,a,b)) return(0);
 	return(1);
 	}
 
 /* unsigned add of b to a, r must be large enough */
-int BN_uadd(r,a,b)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *b;
+int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 	{
 	register int i;
 	int max,min;
 	BN_ULONG *ap,*bp,*rp,carry,t1;
-	BIGNUM *tmp;
+	const BIGNUM *tmp;
 
 	bn_check_top(a);
 	bn_check_top(b);
@@ -166,16 +160,14 @@ BIGNUM *b;
 			*(rp++)= *(ap++);
 		}
 	/* memcpy(rp,ap,sizeof(*ap)*(max-i));*/
+	r->neg = 0;
 	return(1);
 	}
 
 /* unsigned subtraction of b from a, a must be larger than b. */
-int BN_usub(r, a, b)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *b;
+int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 	{
-	int max,min,ret=1;
+	int max,min;
 	register BN_ULONG t1,t2,*ap,*bp,*rp;
 	int i,carry;
 #if defined(IRIX_CC_BUG) && !defined(LINT)
@@ -260,18 +252,16 @@ BIGNUM *b;
 #endif
 
 	r->top=max;
+	r->neg=0;
 	bn_fix_top(r);
 	return(1);
 	}
 
-int BN_sub(r, a, b)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *b;
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
 	{
 	int max;
 	int add=0,neg=0;
-	BIGNUM *tmp;
+	const BIGNUM *tmp;
 
 	bn_check_top(a);
 	bn_check_top(b);
diff --git a/crypto/bn/bn_asm.c b/crypto/bn/bn_asm.c
index c9eb0e9d05..be8aa3ffc5 100644
--- a/crypto/bn/bn_asm.c
+++ b/crypto/bn/bn_asm.c
@@ -56,107 +56,95 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef BN_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
 #include <stdio.h>
+#include <assert.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-#ifdef BN_LLONG 
+#if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
 
-BN_ULONG bn_mul_add_words(rp,ap,num,w)
-BN_ULONG *rp,*ap;
-int num;
-BN_ULONG w;
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
 	{
 	BN_ULONG c1=0;
 
-	bn_check_num(num);
+	assert(num >= 0);
 	if (num <= 0) return(c1);
 
-	for (;;)
+	while (num&~3)
 		{
 		mul_add(rp[0],ap[0],w,c1);
-		if (--num == 0) break;
 		mul_add(rp[1],ap[1],w,c1);
-		if (--num == 0) break;
 		mul_add(rp[2],ap[2],w,c1);
-		if (--num == 0) break;
 		mul_add(rp[3],ap[3],w,c1);
-		if (--num == 0) break;
-		ap+=4;
-		rp+=4;
+		ap+=4; rp+=4; num-=4;
+		}
+	if (num)
+		{
+		mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1;
+		mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1;
+		mul_add(rp[2],ap[2],w,c1); return c1;
 		}
 	
 	return(c1);
 	} 
 
-BN_ULONG bn_mul_words(rp,ap,num,w)
-BN_ULONG *rp,*ap;
-int num;
-BN_ULONG w;
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
 	{
 	BN_ULONG c1=0;
 
-	bn_check_num(num);
+	assert(num >= 0);
 	if (num <= 0) return(c1);
 
-	for (;;)
+	while (num&~3)
 		{
 		mul(rp[0],ap[0],w,c1);
-		if (--num == 0) break;
 		mul(rp[1],ap[1],w,c1);
-		if (--num == 0) break;
 		mul(rp[2],ap[2],w,c1);
-		if (--num == 0) break;
 		mul(rp[3],ap[3],w,c1);
-		if (--num == 0) break;
-		ap+=4;
-		rp+=4;
+		ap+=4; rp+=4; num-=4;
+		}
+	if (num)
+		{
+		mul(rp[0],ap[0],w,c1); if (--num == 0) return c1;
+		mul(rp[1],ap[1],w,c1); if (--num == 0) return c1;
+		mul(rp[2],ap[2],w,c1);
 		}
 	return(c1);
 	} 
 
-void bn_sqr_words(r,a,n)
-BN_ULONG *r,*a;
-int n;
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
         {
-	bn_check_num(n);
+	assert(n >= 0);
 	if (n <= 0) return;
-	for (;;)
+	while (n&~3)
 		{
-		BN_ULLONG t;
-
-		t=(BN_ULLONG)(a[0])*(a[0]);
-		r[0]=Lw(t); r[1]=Hw(t);
-		if (--n == 0) break;
-
-		t=(BN_ULLONG)(a[1])*(a[1]);
-		r[2]=Lw(t); r[3]=Hw(t);
-		if (--n == 0) break;
-
-		t=(BN_ULLONG)(a[2])*(a[2]);
-		r[4]=Lw(t); r[5]=Hw(t);
-		if (--n == 0) break;
-
-		t=(BN_ULLONG)(a[3])*(a[3]);
-		r[6]=Lw(t); r[7]=Hw(t);
-		if (--n == 0) break;
-
-		a+=4;
-		r+=8;
+		sqr(r[0],r[1],a[0]);
+		sqr(r[2],r[3],a[1]);
+		sqr(r[4],r[5],a[2]);
+		sqr(r[6],r[7],a[3]);
+		a+=4; r+=8; n-=4;
+		}
+	if (n)
+		{
+		sqr(r[0],r[1],a[0]); if (--n == 0) return;
+		sqr(r[2],r[3],a[1]); if (--n == 0) return;
+		sqr(r[4],r[5],a[2]);
 		}
 	}
 
-#else
+#else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
 
-BN_ULONG bn_mul_add_words(rp,ap,num,w)
-BN_ULONG *rp,*ap;
-int num;
-BN_ULONG w;
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
 	{
 	BN_ULONG c=0;
 	BN_ULONG bl,bh;
 
-	bn_check_num(num);
+	assert(num >= 0);
 	if (num <= 0) return((BN_ULONG)0);
 
 	bl=LBITS(w);
@@ -178,15 +166,12 @@ BN_ULONG w;
 	return(c);
 	} 
 
-BN_ULONG bn_mul_words(rp,ap,num,w)
-BN_ULONG *rp,*ap;
-int num;
-BN_ULONG w;
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
 	{
 	BN_ULONG carry=0;
 	BN_ULONG bl,bh;
 
-	bn_check_num(num);
+	assert(num >= 0);
 	if (num <= 0) return((BN_ULONG)0);
 
 	bl=LBITS(w);
@@ -208,11 +193,9 @@ BN_ULONG w;
 	return(carry);
 	} 
 
-void bn_sqr_words(r,a,n)
-BN_ULONG *r,*a;
-int n;
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
         {
-	bn_check_num(n);
+	assert(n >= 0);
 	if (n <= 0) return;
 	for (;;)
 		{
@@ -233,22 +216,20 @@ int n;
 		}
 	}
 
-#endif
+#endif /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
 
 #if defined(BN_LLONG) && defined(BN_DIV2W)
 
-BN_ULONG bn_div_words(h,l,d)
-BN_ULONG h,l,d;
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
 	{
 	return((BN_ULONG)(((((BN_ULLONG)h)<<BN_BITS2)|l)/(BN_ULLONG)d));
 	}
 
 #else
 
-/* Divide h-l by d and return the result. */
+/* Divide h,l by d and return the result. */
 /* I need to test this some more :-( */
-BN_ULONG bn_div_words(h,l,d)
-BN_ULONG h,l,d;
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
 	{
 	BN_ULONG dh,dl,q,ret=0,th,tl,t;
 	int i,count=2;
@@ -256,13 +237,8 @@ BN_ULONG h,l,d;
 	if (d == 0) return(BN_MASK2);
 
 	i=BN_num_bits_word(d);
-	if ((i != BN_BITS2) && (h > (BN_ULONG)1<<i))
-		{
-#if !defined(NO_STDIO) && !defined(WIN16)
-		fprintf(stderr,"Division would overflow (%d)\n",i);
-#endif
-		abort();
-		}
+	assert((i == BN_BITS2) || (h > (BN_ULONG)1<<i));
+
 	i=BN_BITS2-i;
 	if (h >= d) h-=d;
 
@@ -281,18 +257,20 @@ BN_ULONG h,l,d;
 		else
 			q=h/dh;
 
+		th=q*dh;
+		tl=dl*q;
 		for (;;)
 			{
-			t=(h-q*dh);
+			t=h-th;
 			if ((t&BN_MASK2h) ||
-				((dl*q) <= (
-					(t<<BN_BITS4)+
+				((tl) <= (
+					(t<<BN_BITS4)|
 					((l&BN_MASK2h)>>BN_BITS4))))
 				break;
 			q--;
+			th-=dh;
+			tl-=dl;
 			}
-		th=q*dh;
-		tl=q*dl;
 		t=(tl>>BN_BITS4);
 		tl=(tl<<BN_BITS4)&BN_MASK2h;
 		th+=t;
@@ -315,16 +293,14 @@ BN_ULONG h,l,d;
 	ret|=q;
 	return(ret);
 	}
-#endif
+#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */
 
 #ifdef BN_LLONG
-BN_ULONG bn_add_words(r,a,b,n)
-BN_ULONG *r,*a,*b;
-int n;
+BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
         {
 	BN_ULLONG ll=0;
 
-	bn_check_num(n);
+	assert(n >= 0);
 	if (n <= 0) return((BN_ULONG)0);
 
 	for (;;)
@@ -355,14 +331,12 @@ int n;
 		}
 	return((BN_ULONG)ll);
 	}
-#else
-BN_ULONG bn_add_words(r,a,b,n)
-BN_ULONG *r,*a,*b;
-int n;
+#else /* !BN_LLONG */
+BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
         {
 	BN_ULONG c,l,t;
 
-	bn_check_num(n);
+	assert(n >= 0);
 	if (n <= 0) return((BN_ULONG)0);
 
 	c=0;
@@ -406,16 +380,14 @@ int n;
 		}
 	return((BN_ULONG)c);
 	}
-#endif
+#endif /* !BN_LLONG */
 
-BN_ULONG bn_sub_words(r,a,b,n)
-BN_ULONG *r,*a,*b;
-int n;
+BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
         {
 	BN_ULONG t1,t2;
 	int c=0;
 
-	bn_check_num(n);
+	assert(n >= 0);
 	if (n <= 0) return((BN_ULONG)0);
 
 	for (;;)
@@ -447,13 +419,18 @@ int n;
 	return(c);
 	}
 
-#ifdef BN_COMBA
+#ifdef BN_MUL_COMBA
 
 #undef bn_mul_comba8
 #undef bn_mul_comba4
 #undef bn_sqr_comba8
 #undef bn_sqr_comba4
 
+/* mul_add_c(a,b,c0,c1,c2)  -- c+=a*b for three word number c=(c2,c1,c0) */
+/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
+/* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
+/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
+
 #ifdef BN_LLONG
 #define mul_add_c(a,b,c0,c1,c2) \
 	t=(BN_ULLONG)a*b; \
@@ -481,7 +458,39 @@ int n;
 
 #define sqr_add_c2(a,i,j,c0,c1,c2) \
 	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-#else
+
+#elif defined(BN_UMULT_HIGH)
+
+#define mul_add_c(a,b,c0,c1,c2)	{	\
+	BN_ULONG ta=(a),tb=(b);		\
+	t1 = ta * tb;			\
+	t2 = BN_UMULT_HIGH(ta,tb);	\
+	c0 += t1; t2 += (c0<t1)?1:0;	\
+	c1 += t2; c2 += (c1<t2)?1:0;	\
+	}
+
+#define mul_add_c2(a,b,c0,c1,c2) {	\
+	BN_ULONG ta=(a),tb=(b),t0;	\
+	t1 = BN_UMULT_HIGH(ta,tb);	\
+	t0 = ta * tb;			\
+	t2 = t1+t1; c2 += (t2<t1)?1:0;	\
+	t1 = t0+t0; t2 += (t1<t0)?1:0;	\
+	c0 += t1; t2 += (c0<t1)?1:0;	\
+	c1 += t2; c2 += (c1<t2)?1:0;	\
+	}
+
+#define sqr_add_c(a,i,c0,c1,c2)	{	\
+	BN_ULONG ta=(a)[i];		\
+	t1 = ta * ta;			\
+	t2 = BN_UMULT_HIGH(ta,ta);	\
+	c0 += t1; t2 += (c0<t1)?1:0;	\
+	c1 += t2; c2 += (c1<t2)?1:0;	\
+	}
+
+#define sqr_add_c2(a,i,j,c0,c1,c2)	\
+	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+#else /* !BN_LLONG */
 #define mul_add_c(a,b,c0,c1,c2) \
 	t1=LBITS(a); t2=HBITS(a); \
 	bl=LBITS(b); bh=HBITS(b); \
@@ -508,10 +517,9 @@ int n;
 
 #define sqr_add_c2(a,i,j,c0,c1,c2) \
 	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-#endif
+#endif /* !BN_LLONG */
 
-void bn_mul_comba8(r,a,b)
-BN_ULONG *r,*a,*b;
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
 	{
 #ifdef BN_LLONG
 	BN_ULLONG t;
@@ -620,8 +628,7 @@ BN_ULONG *r,*a,*b;
 	r[15]=c1;
 	}
 
-void bn_mul_comba4(r,a,b)
-BN_ULONG *r,*a,*b;
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
 	{
 #ifdef BN_LLONG
 	BN_ULLONG t;
@@ -666,8 +673,7 @@ BN_ULONG *r,*a,*b;
 	r[7]=c2;
 	}
 
-void bn_sqr_comba8(r,a)
-BN_ULONG *r,*a;
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
 	{
 #ifdef BN_LLONG
 	BN_ULLONG t,tt;
@@ -748,8 +754,7 @@ BN_ULONG *r,*a;
 	r[15]=c1;
 	}
 
-void bn_sqr_comba4(r,a)
-BN_ULONG *r,*a;
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
 	{
 #ifdef BN_LLONG
 	BN_ULLONG t,tt;
@@ -787,25 +792,24 @@ BN_ULONG *r,*a;
 	r[6]=c1;
 	r[7]=c2;
 	}
-#else
+#else /* !BN_MUL_COMBA */
 
 /* hmm... is it faster just to do a multiply? */
-void bn_sqr_comba4(r,a)
-BN_ULONG *r,*a;
+#undef bn_sqr_comba4
+void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
 	{
 	BN_ULONG t[8];
 	bn_sqr_normal(r,a,4,t);
 	}
 
-void bn_sqr_comba8(r,a)
-BN_ULONG *r,*a;
+#undef bn_sqr_comba8
+void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
 	{
 	BN_ULONG t[16];
 	bn_sqr_normal(r,a,8,t);
 	}
 
-void bn_mul_comba4(r,a,b)
-BN_ULONG *r,*a,*b;
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
 	{
 	r[4]=bn_mul_words(    &(r[0]),a,4,b[0]);
 	r[5]=bn_mul_add_words(&(r[1]),a,4,b[1]);
@@ -813,8 +817,7 @@ BN_ULONG *r,*a,*b;
 	r[7]=bn_mul_add_words(&(r[3]),a,4,b[3]);
 	}
 
-void bn_mul_comba8(r,a,b)
-BN_ULONG *r,*a,*b;
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
 	{
 	r[ 8]=bn_mul_words(    &(r[0]),a,8,b[0]);
 	r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]);
@@ -826,4 +829,4 @@ BN_ULONG *r,*a,*b;
 	r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
 	}
 
-#endif /* BN_COMBA */
+#endif /* !BN_MUL_COMBA */
diff --git a/crypto/bn/bn_bld.c b/crypto/bn/bn_bld.c
deleted file mode 100644
index 966db43962..0000000000
--- a/crypto/bn/bn_bld.c
+++ /dev/null
@@ -1,144 +0,0 @@
-/* crypto/bn/bn_bld.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-BN_BL_CTX *BN_BL_CTX_new()
-	{
-	BN_BL_CTX *ret;
-
-	if ((ret=(BN_BL_CTX *)Malloc(sizeof(BN_BL_CTX))) == NULL)
-		{
-		BNerr(BN_F_BN_BL_CTX_NEW,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	if ((ret->num=BN_new()) == NULL) goto err;
-	if ((ret->mod=BN_new()) == NULL) goto err;
-	ret->inum=NULL;
-	ret->count=16;
-	ret->count=1;
-	return(ret);
-	}
-
-int BN_BL_CTX_Init(a,mod)
-BN_BL_CTX *a;
-BIGNUM *mod;
-	{
-	int i;
-	BN_CTX *ctx;
-
-	if ((ctx=BN_CTX_new()) == NULL) goto m_err;
-
-	if (BN_copy(a->mod,mod) == NULL) goto err;
-	i=BN_num_bits(mod);
-	if (!BN_rand(a->num,i,1,0)) goto err;
-	
-	if (a->inum != NULL) BN_clear_free(a->inum);
-	a->inum=BN_mod_inverse(a->num,a->mod,ctx)
-	ret->count=16;
-	return(1);
-m_err:
-	BNerr(BN_F_BN_BL_CTX_INIT,ERR_R_MALLOC_FAILURE);
-err:
-	return(0);
-	}
-
-BN_BL_CTX *BN_BL_CTX_Update(a)
-BN_BL_CTX *a;
-	{
-	BN_CTX *ctx;
-	BN_BL_CTX *new;
-
-	if (--a->count > 0)
-		return(1);
-
-	new=BN_BL_CTX_new();
-	/* set/get lock */
-	if ((ctx=BN_CTX_new()) == NULL)
-		return(NULL);
-	new->inum=BN_new();
-
-	BN_mod_mul(new->num,a->num,a->num,a->mod,ctx);
-	BN_mod_mul(new->inum,a->inum,a->inum,a->mod,ctx);
-	BN_copy(new->mod,a->mod);
-	BN_BL_CTX_free(a);
-	return(new);
-	}
-
-void BN_BL_CTX_free(a)
-BN_BL_CTX *a;
-	{
-	int i;
-
-	if (a == NULL) return;
-
-	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_RSA);
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"BN_BL_CTX_free, bad reference count\n");
-		abort();
-		}
-#endif
-	if (a->num == NULL) BN_clear_free(a->num);
-	if (a->inum == NULL) BN_clear_free(a->inum);
-	if (a->mod == NULL) BN_clear_free(a->mod);
-	}
diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c
index 35be32b99a..2d287e6d1b 100644
--- a/crypto/bn/bn_blind.c
+++ b/crypto/bn/bn_blind.c
@@ -60,17 +60,14 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-BN_BLINDING *BN_BLINDING_new(A,Ai,mod)
-BIGNUM *A;
-BIGNUM *Ai;
-BIGNUM *mod;
+BN_BLINDING *BN_BLINDING_new(BIGNUM *A, BIGNUM *Ai, BIGNUM *mod)
 	{
 	BN_BLINDING *ret=NULL;
 
 	bn_check_top(Ai);
 	bn_check_top(mod);
 
-	if ((ret=(BN_BLINDING *)Malloc(sizeof(BN_BLINDING))) == NULL)
+	if ((ret=(BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL)
 		{
 		BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE);
 		return(NULL);
@@ -87,23 +84,23 @@ err:
 	return(NULL);
 	}
 
-void BN_BLINDING_free(r)
-BN_BLINDING *r;
+void BN_BLINDING_free(BN_BLINDING *r)
 	{
+	if(r == NULL)
+	    return;
+
 	if (r->A  != NULL) BN_free(r->A );
 	if (r->Ai != NULL) BN_free(r->Ai);
-	Free(r);
+	OPENSSL_free(r);
 	}
 
-int BN_BLINDING_update(b,ctx)
-BN_BLINDING *b;
-BN_CTX *ctx;
+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
 	{
 	int ret=0;
 
 	if ((b->A == NULL) || (b->Ai == NULL))
 		{
-		BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITALISED);
+		BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED);
 		goto err;
 		}
 		
@@ -115,32 +112,26 @@ err:
 	return(ret);
 	}
 
-int BN_BLINDING_convert(n,b,ctx)
-BIGNUM *n;
-BN_BLINDING *b;
-BN_CTX *ctx;
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
 	{
 	bn_check_top(n);
 
 	if ((b->A == NULL) || (b->Ai == NULL))
 		{
-		BNerr(BN_F_BN_BLINDING_CONVERT,BN_R_NOT_INITALISED);
+		BNerr(BN_F_BN_BLINDING_CONVERT,BN_R_NOT_INITIALIZED);
 		return(0);
 		}
 	return(BN_mod_mul(n,n,b->A,b->mod,ctx));
 	}
 
-int BN_BLINDING_invert(n,b,ctx)
-BIGNUM *n;
-BN_BLINDING *b;
-BN_CTX *ctx;
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
 	{
 	int ret;
 
 	bn_check_top(n);
 	if ((b->A == NULL) || (b->Ai == NULL))
 		{
-		BNerr(BN_F_BN_BLINDING_INVERT,BN_R_NOT_INITALISED);
+		BNerr(BN_F_BN_BLINDING_INVERT,BN_R_NOT_INITIALIZED);
 		return(0);
 		}
 	if ((ret=BN_mod_mul(n,n,b->Ai,b->mod,ctx)) >= 0)
diff --git a/crypto/bn/bn_comba.c b/crypto/bn/bn_comba.c
deleted file mode 100644
index 30357cf5fb..0000000000
--- a/crypto/bn/bn_comba.c
+++ /dev/null
@@ -1,349 +0,0 @@
-/* crypto/bn/bn_comba.c */
-#include <stdio.h>
-#include "bn_lcl.h"
-/* Auto generated from crypto/bn/comba.pl
- */
-
-#undef bn_mul_comba8
-#undef bn_mul_comba4
-#undef bn_sqr_comba8
-#undef bn_sqr_comba4
-
-#ifdef BN_LLONG
-#define mul_add_c(a,b,c0,c1,c2) \
-	t=(BN_ULLONG)a*b; \
-	t1=(BN_ULONG)Lw(t); \
-	t2=(BN_ULONG)Hw(t); \
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define mul_add_c2(a,b,c0,c1,c2) \
-	t=(BN_ULLONG)a*b; \
-	tt=(t+t)&BN_MASK; \
-	if (tt < t) c2++; \
-	t1=(BN_ULONG)Lw(tt); \
-	t2=(BN_ULONG)Hw(tt); \
-	c0=(c0+t1)&BN_MASK2;  \
-	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c(a,i,c0,c1,c2) \
-	t=(BN_ULLONG)a[i]*a[i]; \
-	t1=(BN_ULONG)Lw(t); \
-	t2=(BN_ULONG)Hw(t); \
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c2(a,i,j,c0,c1,c2) \
-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-#else
-#define mul_add_c(a,b,c0,c1,c2) \
-	t1=LBITS(a); t2=HBITS(a); \
-	bl=LBITS(b); bh=HBITS(b); \
-	mul64(t1,t2,bl,bh); \
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define mul_add_c2(a,b,c0,c1,c2) \
-	t1=LBITS(a); t2=HBITS(a); \
-	bl=LBITS(b); bh=HBITS(b); \
-	mul64(t1,t2,bl,bh); \
-	if (t2 & BN_TBIT) c2++; \
-	t2=(t2+t2)&BN_MASK2; \
-	if (t1 & BN_TBIT) t2++; \
-	t1=(t1+t1)&BN_MASK2; \
-	c0=(c0+t1)&BN_MASK2;  \
-	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c(a,i,c0,c1,c2) \
-	sqr64(t1,t2,(a)[i]); \
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c2(a,i,j,c0,c1,c2) \
-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-#endif
-
-void bn_mul_comba88(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
-void bn_mul_comba44(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
-void bn_sqr_comba88(BN_ULONG *r,BN_ULONG *a);
-void bn_sqr_comba44(BN_ULONG *r,BN_ULONG *a);
-
-void bn_mul_comba88(r,a,b)
-BN_ULONG *r,*a,*b;
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	mul_add_c(a[0],b[0],c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	mul_add_c(a[0],b[1],c2,c3,c1);
-	mul_add_c(a[1],b[0],c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	mul_add_c(a[2],b[0],c3,c1,c2);
-	mul_add_c(a[1],b[1],c3,c1,c2);
-	mul_add_c(a[0],b[2],c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	mul_add_c(a[0],b[3],c1,c2,c3);
-	mul_add_c(a[1],b[2],c1,c2,c3);
-	mul_add_c(a[2],b[1],c1,c2,c3);
-	mul_add_c(a[3],b[0],c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	mul_add_c(a[4],b[0],c2,c3,c1);
-	mul_add_c(a[3],b[1],c2,c3,c1);
-	mul_add_c(a[2],b[2],c2,c3,c1);
-	mul_add_c(a[1],b[3],c2,c3,c1);
-	mul_add_c(a[0],b[4],c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	mul_add_c(a[0],b[5],c3,c1,c2);
-	mul_add_c(a[1],b[4],c3,c1,c2);
-	mul_add_c(a[2],b[3],c3,c1,c2);
-	mul_add_c(a[3],b[2],c3,c1,c2);
-	mul_add_c(a[4],b[1],c3,c1,c2);
-	mul_add_c(a[5],b[0],c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	mul_add_c(a[6],b[0],c1,c2,c3);
-	mul_add_c(a[5],b[1],c1,c2,c3);
-	mul_add_c(a[4],b[2],c1,c2,c3);
-	mul_add_c(a[3],b[3],c1,c2,c3);
-	mul_add_c(a[2],b[4],c1,c2,c3);
-	mul_add_c(a[1],b[5],c1,c2,c3);
-	mul_add_c(a[0],b[6],c1,c2,c3);
-	r[6]=c1;
-	c1=0;
-	mul_add_c(a[0],b[7],c2,c3,c1);
-	mul_add_c(a[1],b[6],c2,c3,c1);
-	mul_add_c(a[2],b[5],c2,c3,c1);
-	mul_add_c(a[3],b[4],c2,c3,c1);
-	mul_add_c(a[4],b[3],c2,c3,c1);
-	mul_add_c(a[5],b[2],c2,c3,c1);
-	mul_add_c(a[6],b[1],c2,c3,c1);
-	mul_add_c(a[7],b[0],c2,c3,c1);
-	r[7]=c2;
-	c2=0;
-	mul_add_c(a[7],b[1],c3,c1,c2);
-	mul_add_c(a[6],b[2],c3,c1,c2);
-	mul_add_c(a[5],b[3],c3,c1,c2);
-	mul_add_c(a[4],b[4],c3,c1,c2);
-	mul_add_c(a[3],b[5],c3,c1,c2);
-	mul_add_c(a[2],b[6],c3,c1,c2);
-	mul_add_c(a[1],b[7],c3,c1,c2);
-	r[8]=c3;
-	c3=0;
-	mul_add_c(a[2],b[7],c1,c2,c3);
-	mul_add_c(a[3],b[6],c1,c2,c3);
-	mul_add_c(a[4],b[5],c1,c2,c3);
-	mul_add_c(a[5],b[4],c1,c2,c3);
-	mul_add_c(a[6],b[3],c1,c2,c3);
-	mul_add_c(a[7],b[2],c1,c2,c3);
-	r[9]=c1;
-	c1=0;
-	mul_add_c(a[7],b[3],c2,c3,c1);
-	mul_add_c(a[6],b[4],c2,c3,c1);
-	mul_add_c(a[5],b[5],c2,c3,c1);
-	mul_add_c(a[4],b[6],c2,c3,c1);
-	mul_add_c(a[3],b[7],c2,c3,c1);
-	r[10]=c2;
-	c2=0;
-	mul_add_c(a[4],b[7],c3,c1,c2);
-	mul_add_c(a[5],b[6],c3,c1,c2);
-	mul_add_c(a[6],b[5],c3,c1,c2);
-	mul_add_c(a[7],b[4],c3,c1,c2);
-	r[11]=c3;
-	c3=0;
-	mul_add_c(a[7],b[5],c1,c2,c3);
-	mul_add_c(a[6],b[6],c1,c2,c3);
-	mul_add_c(a[5],b[7],c1,c2,c3);
-	r[12]=c1;
-	c1=0;
-	mul_add_c(a[6],b[7],c2,c3,c1);
-	mul_add_c(a[7],b[6],c2,c3,c1);
-	r[13]=c2;
-	c2=0;
-	mul_add_c(a[7],b[7],c3,c1,c2);
-	r[14]=c3;
-	r[15]=c1;
-	}
-
-void bn_mul_comba44(r,a,b)
-BN_ULONG *r,*a,*b;
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	mul_add_c(a[0],b[0],c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	mul_add_c(a[0],b[1],c2,c3,c1);
-	mul_add_c(a[1],b[0],c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	mul_add_c(a[2],b[0],c3,c1,c2);
-	mul_add_c(a[1],b[1],c3,c1,c2);
-	mul_add_c(a[0],b[2],c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	mul_add_c(a[0],b[3],c1,c2,c3);
-	mul_add_c(a[1],b[2],c1,c2,c3);
-	mul_add_c(a[2],b[1],c1,c2,c3);
-	mul_add_c(a[3],b[0],c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	mul_add_c(a[3],b[1],c2,c3,c1);
-	mul_add_c(a[2],b[2],c2,c3,c1);
-	mul_add_c(a[1],b[3],c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	mul_add_c(a[2],b[3],c3,c1,c2);
-	mul_add_c(a[3],b[2],c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	mul_add_c(a[3],b[3],c1,c2,c3);
-	r[6]=c1;
-	r[7]=c2;
-	}
-
-void bn_sqr_comba88(r,a)
-BN_ULONG *r,*a;
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t,tt;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	sqr_add_c(a,0,c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	sqr_add_c2(a,1,0,c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	sqr_add_c(a,1,c3,c1,c2);
-	sqr_add_c2(a,2,0,c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	sqr_add_c2(a,3,0,c1,c2,c3);
-	sqr_add_c2(a,2,1,c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	sqr_add_c(a,2,c2,c3,c1);
-	sqr_add_c2(a,3,1,c2,c3,c1);
-	sqr_add_c2(a,4,0,c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	sqr_add_c2(a,5,0,c3,c1,c2);
-	sqr_add_c2(a,4,1,c3,c1,c2);
-	sqr_add_c2(a,3,2,c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	sqr_add_c(a,3,c1,c2,c3);
-	sqr_add_c2(a,4,2,c1,c2,c3);
-	sqr_add_c2(a,5,1,c1,c2,c3);
-	sqr_add_c2(a,6,0,c1,c2,c3);
-	r[6]=c1;
-	c1=0;
-	sqr_add_c2(a,7,0,c2,c3,c1);
-	sqr_add_c2(a,6,1,c2,c3,c1);
-	sqr_add_c2(a,5,2,c2,c3,c1);
-	sqr_add_c2(a,4,3,c2,c3,c1);
-	r[7]=c2;
-	c2=0;
-	sqr_add_c(a,4,c3,c1,c2);
-	sqr_add_c2(a,5,3,c3,c1,c2);
-	sqr_add_c2(a,6,2,c3,c1,c2);
-	sqr_add_c2(a,7,1,c3,c1,c2);
-	r[8]=c3;
-	c3=0;
-	sqr_add_c2(a,7,2,c1,c2,c3);
-	sqr_add_c2(a,6,3,c1,c2,c3);
-	sqr_add_c2(a,5,4,c1,c2,c3);
-	r[9]=c1;
-	c1=0;
-	sqr_add_c(a,5,c2,c3,c1);
-	sqr_add_c2(a,6,4,c2,c3,c1);
-	sqr_add_c2(a,7,3,c2,c3,c1);
-	r[10]=c2;
-	c2=0;
-	sqr_add_c2(a,7,4,c3,c1,c2);
-	sqr_add_c2(a,6,5,c3,c1,c2);
-	r[11]=c3;
-	c3=0;
-	sqr_add_c(a,6,c1,c2,c3);
-	sqr_add_c2(a,7,5,c1,c2,c3);
-	r[12]=c1;
-	c1=0;
-	sqr_add_c2(a,7,6,c2,c3,c1);
-	r[13]=c2;
-	c2=0;
-	sqr_add_c(a,7,c3,c1,c2);
-	r[14]=c3;
-	r[15]=c1;
-	}
-
-void bn_sqr_comba44(r,a)
-BN_ULONG *r,*a;
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t,tt;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	sqr_add_c(a,0,c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	sqr_add_c2(a,1,0,c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	sqr_add_c(a,1,c3,c1,c2);
-	sqr_add_c2(a,2,0,c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	sqr_add_c2(a,3,0,c1,c2,c3);
-	sqr_add_c2(a,2,1,c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	sqr_add_c(a,2,c2,c3,c1);
-	sqr_add_c2(a,3,1,c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	sqr_add_c2(a,3,2,c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	sqr_add_c(a,3,c1,c2,c3);
-	r[6]=c1;
-	r[7]=c2;
-	}
diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c
new file mode 100644
index 0000000000..7daf19eb84
--- /dev/null
+++ b/crypto/bn/bn_ctx.c
@@ -0,0 +1,155 @@
+/* crypto/bn/bn_ctx.c */
+/* Written by Ulf Moeller for the OpenSSL project. */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef BN_CTX_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <stdio.h>
+#include <assert.h>
+
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+
+BN_CTX *BN_CTX_new(void)
+	{
+	BN_CTX *ret;
+
+	ret=(BN_CTX *)OPENSSL_malloc(sizeof(BN_CTX));
+	if (ret == NULL)
+		{
+		BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+
+	BN_CTX_init(ret);
+	ret->flags=BN_FLG_MALLOCED;
+	return(ret);
+	}
+
+void BN_CTX_init(BN_CTX *ctx)
+	{
+#if 0 /* explicit version */
+	int i;
+	ctx->tos = 0;
+	ctx->flags = 0;
+	ctx->depth = 0;
+	ctx->too_many = 0;
+	for (i = 0; i < BN_CTX_NUM; i++)
+		BN_init(&(ctx->bn[i]));
+#else
+	memset(ctx, 0, sizeof *ctx);
+#endif
+	}
+
+void BN_CTX_free(BN_CTX *ctx)
+	{
+	int i;
+
+	if (ctx == NULL) return;
+	assert(ctx->depth == 0);
+
+	for (i=0; i < BN_CTX_NUM; i++)
+		BN_clear_free(&(ctx->bn[i]));
+	if (ctx->flags & BN_FLG_MALLOCED)
+		OPENSSL_free(ctx);
+	}
+
+void BN_CTX_start(BN_CTX *ctx)
+	{
+	if (ctx->depth < BN_CTX_NUM_POS)
+		ctx->pos[ctx->depth] = ctx->tos;
+	ctx->depth++;
+	}
+
+
+BIGNUM *BN_CTX_get(BN_CTX *ctx)
+	{
+	/* Note: If BN_CTX_get is ever changed to allocate BIGNUMs dynamically,
+	 * make sure that if BN_CTX_get fails once it will return NULL again
+	 * until BN_CTX_end is called.  (This is so that callers have to check
+	 * only the last return value.)
+	 */
+	if (ctx->depth > BN_CTX_NUM_POS || ctx->tos >= BN_CTX_NUM)
+		{
+		if (!ctx->too_many)
+			{
+			BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+			/* disable error code until BN_CTX_end is called: */
+			ctx->too_many = 1;
+			}
+		return NULL;
+		}
+	return (&(ctx->bn[ctx->tos++]));
+	}
+
+void BN_CTX_end(BN_CTX *ctx)
+	{
+	if (ctx == NULL) return;
+	assert(ctx->depth > 0);
+	if (ctx->depth == 0)
+		/* should never happen, but we can tolerate it if not in
+		 * debug mode (could be a 'goto err' in the calling function
+		 * before BN_CTX_start was reached) */
+		BN_CTX_start(ctx);
+
+	ctx->too_many = 0;
+	ctx->depth--;
+	if (ctx->depth < BN_CTX_NUM_POS)
+		ctx->tos = ctx->pos[ctx->depth];
+	}
diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
index c7bc04d0b4..f9a095e3b3 100644
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -57,19 +57,18 @@
  */
 
 #include <stdio.h>
+#include <openssl/bn.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
+
 /* The old slow way */
 #if 0
-int BN_div(dv, rem, m, d,ctx)
-BIGNUM *dv;
-BIGNUM *rem;
-BIGNUM *m;
-BIGNUM *d;
-BN_CTX *ctx;
+int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+	   BN_CTX *ctx)
 	{
 	int i,nm,nd;
+	int ret = 0;
 	BIGNUM *D;
 
 	bn_check_top(m);
@@ -88,14 +87,17 @@ BN_CTX *ctx;
 		return(1);
 		}
 
-	D= &(ctx->bn[ctx->tos]);
-	if (dv == NULL) dv= &(ctx->bn[ctx->tos+1]);
-	if (rem == NULL) rem= &(ctx->bn[ctx->tos+2]);
+	BN_CTX_start(ctx);
+	D = BN_CTX_get(ctx);
+	if (dv == NULL) dv = BN_CTX_get(ctx);
+	if (rem == NULL) rem = BN_CTX_get(ctx);
+	if (D == NULL || dv == NULL || rem == NULL)
+		goto end;
 
 	nd=BN_num_bits(d);
 	nm=BN_num_bits(m);
-	if (BN_copy(D,d) == NULL) return(0);
-	if (BN_copy(rem,m) == NULL) return(0);
+	if (BN_copy(D,d) == NULL) goto end;
+	if (BN_copy(rem,m) == NULL) goto end;
 
 	/* The next 2 are needed so we can do a dv->d[0]|=1 later
 	 * since BN_lshift1 will only work once there is a value :-) */
@@ -103,31 +105,65 @@ BN_CTX *ctx;
 	bn_wexpand(dv,1);
 	dv->top=1;
 
-	if (!BN_lshift(D,D,nm-nd)) return(0);
+	if (!BN_lshift(D,D,nm-nd)) goto end;
 	for (i=nm-nd; i>=0; i--)
 		{
-		if (!BN_lshift1(dv,dv)) return(0);
+		if (!BN_lshift1(dv,dv)) goto end;
 		if (BN_ucmp(rem,D) >= 0)
 			{
 			dv->d[0]|=1;
-			if (!BN_usub(rem,rem,D)) return(0);
+			if (!BN_usub(rem,rem,D)) goto end;
 			}
 /* CAN IMPROVE (and have now :=) */
-		if (!BN_rshift1(D,D)) return(0);
+		if (!BN_rshift1(D,D)) goto end;
 		}
 	rem->neg=BN_is_zero(rem)?0:m->neg;
 	dv->neg=m->neg^d->neg;
-	return(1);
+	ret = 1;
+ end:
+	BN_CTX_end(ctx);
+	return(ret);
 	}
 
 #else
 
-int BN_div(dv, rm, num, divisor,ctx)
-BIGNUM *dv;
-BIGNUM *rm;
-BIGNUM *num;
-BIGNUM *divisor;
-BN_CTX *ctx;
+#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \
+    && !defined(PEDANTIC) && !defined(BN_DIV3W)
+# if defined(__GNUC__) && __GNUC__>=2
+#  if defined(__i386) || defined (__i386__)
+   /*
+    * There were two reasons for implementing this template:
+    * - GNU C generates a call to a function (__udivdi3 to be exact)
+    *   in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
+    *   understand why...);
+    * - divl doesn't only calculate quotient, but also leaves
+    *   remainder in %edx which we can definitely use here:-)
+    *
+    *					<appro@fy.chalmers.se>
+    */
+#  define bn_div_words(n0,n1,d0)		\
+	({  asm volatile (			\
+		"divl	%4"			\
+		: "=a"(q), "=d"(rem)		\
+		: "a"(n1), "d"(n0), "g"(d0)	\
+		: "cc");			\
+	    q;					\
+	})
+#  define REMAINDER_IS_ALREADY_CALCULATED
+#  endif /* __<cpu> */
+# endif /* __GNUC__ */
+#endif /* OPENSSL_NO_ASM */
+
+
+/* BN_div computes  dv := num / divisor,  rounding towards zero, and sets up
+ * rm  such that  dv*divisor + rm = num  holds.
+ * Thus:
+ *     dv->neg == num->neg ^ divisor->neg  (unless the result is zero)
+ *     rm->neg == num->neg                 (unless the remainder is zero)
+ * If 'dv' or 'rm' is NULL, the respective value is not returned.
+ */
+int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
+	   BN_CTX *ctx)
 	{
 	int norm_shift,i,j,loop;
 	BIGNUM *tmp,wnum,*snum,*sdiv,*res;
@@ -152,20 +188,22 @@ BN_CTX *ctx;
 		return(1);
 		}
 
-	tmp= &(ctx->bn[ctx->tos]);
-	tmp->neg=0;
-	snum= &(ctx->bn[ctx->tos+1]);
-	sdiv= &(ctx->bn[ctx->tos+2]);
+	BN_CTX_start(ctx);
+	tmp=BN_CTX_get(ctx);
+	snum=BN_CTX_get(ctx);
+	sdiv=BN_CTX_get(ctx);
 	if (dv == NULL)
-		res= &(ctx->bn[ctx->tos+3]);
+		res=BN_CTX_get(ctx);
 	else	res=dv;
+	if (sdiv == NULL || res == NULL) goto err;
+	tmp->neg=0;
 
 	/* First we normalise the numbers */
 	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
-	BN_lshift(sdiv,divisor,norm_shift);
+	if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
 	sdiv->neg=0;
 	norm_shift+=BN_BITS2;
-	BN_lshift(snum,num,norm_shift);
+	if (!(BN_lshift(snum,num,norm_shift))) goto err;
 	snum->neg=0;
 	div_n=sdiv->top;
 	num_n=snum->top;
@@ -177,7 +215,7 @@ BN_CTX *ctx;
 	BN_init(&wnum);
 	wnum.d=	 &(snum->d[loop]);
 	wnum.top= div_n;
-	wnum.max= snum->max+1; /* a bit of a lie */
+	wnum.dmax= snum->dmax+1; /* a bit of a lie */
 
 	/* Get the top 2 words of sdiv */
 	/* i=sdiv->top; */
@@ -204,68 +242,92 @@ BN_CTX *ctx;
 		}
 	else
 		res->top--;
+	if (res->top == 0)
+		res->neg = 0;
 	resp--;
 
 	for (i=0; i<loop-1; i++)
 		{
-		BN_ULONG q,n0,n1;
-		BN_ULONG l0;
+		BN_ULONG q,l0;
+#if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
+		BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
+		q=bn_div_3_words(wnump,d1,d0);
+#else
+		BN_ULONG n0,n1,rem=0;
 
-		wnum.d--; wnum.top++;
 		n0=wnump[0];
 		n1=wnump[-1];
 		if (n0 == d0)
 			q=BN_MASK2;
-		else
-			q=bn_div_words(n0,n1,d0);
-		{
-#ifdef BN_LLONG
-		BN_ULLONG t1,t2,rem;
-		t1=((BN_ULLONG)n0<<BN_BITS2)|n1;
-		for (;;)
+		else 			/* n0 < d0 */
 			{
+#ifdef BN_LLONG
+			BN_ULLONG t2;
+
+#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
+			q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0);
+#else
+			q=bn_div_words(n0,n1,d0);
+#endif
+
+#ifndef REMAINDER_IS_ALREADY_CALCULATED
+			/*
+			 * rem doesn't have to be BN_ULLONG. The least we
+			 * know it's less that d0, isn't it?
+			 */
+			rem=(n1-q*d0)&BN_MASK2;
+#endif
 			t2=(BN_ULLONG)d1*q;
-			rem=t1-(BN_ULLONG)q*d0;
-			if ((rem>>BN_BITS2) ||
-				(t2 <= ((BN_ULLONG)(rem<<BN_BITS2)+wnump[-2])))
-				break;
-			q--;
-			}
+
+			for (;;)
+				{
+				if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))
+					break;
+				q--;
+				rem += d0;
+				if (rem < d0) break; /* don't let rem overflow */
+				t2 -= d1;
+				}
+#else /* !BN_LLONG */
+			BN_ULONG t2l,t2h,ql,qh;
+
+			q=bn_div_words(n0,n1,d0);
+#ifndef REMAINDER_IS_ALREADY_CALCULATED
+			rem=(n1-q*d0)&BN_MASK2;
+#endif
+
+#ifdef BN_UMULT_HIGH
+			t2l = d1 * q;
+			t2h = BN_UMULT_HIGH(d1,q);
 #else
-		BN_ULONG t1l,t1h,t2l,t2h,t3l,t3h,ql,qh,t3t;
-		t1h=n0;
-		t1l=n1;
-		for (;;)
-			{
 			t2l=LBITS(d1); t2h=HBITS(d1);
 			ql =LBITS(q);  qh =HBITS(q);
 			mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
+#endif
 
-			t3t=LBITS(d0); t3h=HBITS(d0);
-			mul64(t3t,t3h,ql,qh); /* t3=t1-(BN_ULLONG)q*d0; */
-			t3l=(t1l-t3t)&BN_MASK2;
-			if (t3l > t1l) t3h++;
-			t3h=(t1h-t3h)&BN_MASK2;
-
-			/*if ((t3>>BN_BITS2) ||
-				(t2 <= ((t3<<BN_BITS2)+wnump[-2])))
-				break; */
-			if (t3h) break;
-			if (t2h < t3l) break;
-			if ((t2h == t3l) && (t2l <= wnump[-2])) break;
-
-			q--;
+			for (;;)
+				{
+				if ((t2h < rem) ||
+					((t2h == rem) && (t2l <= wnump[-2])))
+					break;
+				q--;
+				rem += d0;
+				if (rem < d0) break; /* don't let rem overflow */
+				if (t2l < d1) t2h--; t2l -= d1;
+				}
+#endif /* !BN_LLONG */
 			}
-#endif
-		}
+#endif /* !BN_DIV3W */
+
 		l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
+		wnum.d--; wnum.top++;
 		tmp->d[div_n]=l0;
 		for (j=div_n+1; j>0; j--)
 			if (tmp->d[j-1]) break;
 		tmp->top=j;
 
 		j=wnum.top;
-		BN_sub(&wnum,&wnum,tmp);
+		if (!BN_sub(&wnum,&wnum,tmp)) goto err;
 
 		snum->top=snum->top+wnum.top-j;
 
@@ -273,7 +335,7 @@ BN_CTX *ctx;
 			{
 			q--;
 			j=wnum.top;
-			BN_add(&wnum,&wnum,sdiv);
+			if (!BN_add(&wnum,&wnum,sdiv)) goto err;
 			snum->top+=wnum.top-j;
 			}
 		*(resp--)=q;
@@ -281,48 +343,19 @@ BN_CTX *ctx;
 		}
 	if (rm != NULL)
 		{
+		/* Keep a copy of the neg flag in num because if rm==num
+		 * BN_rshift() will overwrite it.
+		 */
+		int neg = num->neg;
 		BN_rshift(rm,snum,norm_shift);
-		rm->neg=num->neg;
+		if (!BN_is_zero(rm))
+			rm->neg = neg;
 		}
+	BN_CTX_end(ctx);
 	return(1);
 err:
+	BN_CTX_end(ctx);
 	return(0);
 	}
 
 #endif
-
-/* rem != m */
-int BN_mod(rem, m, d,ctx)
-BIGNUM *rem;
-BIGNUM *m;
-BIGNUM *d;
-BN_CTX *ctx;
-	{
-#if 0 /* The old slow way */
-	int i,nm,nd;
-	BIGNUM *dv;
-
-	if (BN_ucmp(m,d) < 0)
-		return((BN_copy(rem,m) == NULL)?0:1);
-
-	dv= &(ctx->bn[ctx->tos]);
-
-	if (!BN_copy(rem,m)) return(0);
-
-	nm=BN_num_bits(rem);
-	nd=BN_num_bits(d);
-	if (!BN_lshift(dv,d,nm-nd)) return(0);
-	for (i=nm-nd; i>=0; i--)
-		{
-		if (BN_cmp(rem,dv) >= 0)
-			{
-			if (!BN_sub(rem,rem,dv)) return(0);
-			}
-		if (!BN_rshift1(dv,dv)) return(0);
-		}
-	return(1);
-#else
-	return(BN_div(NULL,rem,m,d,ctx));
-#endif
-	}
-
diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c
index 4c29c1ac55..bcc7ff97af 100644
--- a/crypto/bn/bn_err.c
+++ b/crypto/bn/bn_err.c
@@ -1,66 +1,69 @@
-/* lib/bn/bn_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/bn/bn_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "bn.h"
+#include <openssl/err.h>
+#include <openssl/bn.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA BN_str_functs[]=
 	{
 {ERR_PACK(0,BN_F_BN_BLINDING_CONVERT,0),	"BN_BLINDING_convert"},
@@ -69,43 +72,65 @@ static ERR_STRING_DATA BN_str_functs[]=
 {ERR_PACK(0,BN_F_BN_BLINDING_UPDATE,0),	"BN_BLINDING_update"},
 {ERR_PACK(0,BN_F_BN_BN2DEC,0),	"BN_bn2dec"},
 {ERR_PACK(0,BN_F_BN_BN2HEX,0),	"BN_bn2hex"},
+{ERR_PACK(0,BN_F_BN_CTX_GET,0),	"BN_CTX_get"},
 {ERR_PACK(0,BN_F_BN_CTX_NEW,0),	"BN_CTX_new"},
 {ERR_PACK(0,BN_F_BN_DIV,0),	"BN_div"},
 {ERR_PACK(0,BN_F_BN_EXPAND2,0),	"bn_expand2"},
+{ERR_PACK(0,BN_F_BN_EXPAND_INTERNAL,0),	"BN_EXPAND_INTERNAL"},
+{ERR_PACK(0,BN_F_BN_GF2M_MOD,0),	"BN_GF2m_mod"},
+{ERR_PACK(0,BN_F_BN_GF2M_MOD_DIV,0),	"BN_GF2m_mod_div"},
+{ERR_PACK(0,BN_F_BN_GF2M_MOD_EXP,0),	"BN_GF2m_mod_exp"},
+{ERR_PACK(0,BN_F_BN_GF2M_MOD_MUL,0),	"BN_GF2m_mod_mul"},
+{ERR_PACK(0,BN_F_BN_GF2M_MOD_SOLVE_QUAD,0),	"BN_GF2m_mod_solve_quad"},
+{ERR_PACK(0,BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR,0),	"BN_GF2m_mod_solve_quad_arr"},
+{ERR_PACK(0,BN_F_BN_GF2M_MOD_SQR,0),	"BN_GF2m_mod_sqr"},
+{ERR_PACK(0,BN_F_BN_MOD_EXP2_MONT,0),	"BN_mod_exp2_mont"},
 {ERR_PACK(0,BN_F_BN_MOD_EXP_MONT,0),	"BN_mod_exp_mont"},
+{ERR_PACK(0,BN_F_BN_MOD_EXP_MONT_WORD,0),	"BN_mod_exp_mont_word"},
 {ERR_PACK(0,BN_F_BN_MOD_INVERSE,0),	"BN_mod_inverse"},
+{ERR_PACK(0,BN_F_BN_MOD_LSHIFT_QUICK,0),	"BN_mod_lshift_quick"},
 {ERR_PACK(0,BN_F_BN_MOD_MUL_RECIPROCAL,0),	"BN_mod_mul_reciprocal"},
+{ERR_PACK(0,BN_F_BN_MOD_SQRT,0),	"BN_mod_sqrt"},
 {ERR_PACK(0,BN_F_BN_MPI2BN,0),	"BN_mpi2bn"},
 {ERR_PACK(0,BN_F_BN_NEW,0),	"BN_new"},
 {ERR_PACK(0,BN_F_BN_RAND,0),	"BN_rand"},
+{ERR_PACK(0,BN_F_BN_RAND_RANGE,0),	"BN_rand_range"},
 {ERR_PACK(0,BN_F_BN_USUB,0),	"BN_usub"},
-{0,NULL},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA BN_str_reasons[]=
 	{
 {BN_R_ARG2_LT_ARG3                       ,"arg2 lt arg3"},
 {BN_R_BAD_RECIPROCAL                     ,"bad reciprocal"},
+{BN_R_BIGNUM_TOO_LONG                    ,"bignum too long"},
 {BN_R_CALLED_WITH_EVEN_MODULUS           ,"called with even modulus"},
 {BN_R_DIV_BY_ZERO                        ,"div by zero"},
 {BN_R_ENCODING_ERROR                     ,"encoding error"},
 {BN_R_EXPAND_ON_STATIC_BIGNUM_DATA       ,"expand on static bignum data"},
+{BN_R_INPUT_NOT_REDUCED                  ,"input not reduced"},
 {BN_R_INVALID_LENGTH                     ,"invalid length"},
-{BN_R_NOT_INITALISED                     ,"not initalised"},
+{BN_R_INVALID_RANGE                      ,"invalid range"},
+{BN_R_NOT_A_SQUARE                       ,"not a square"},
+{BN_R_NOT_IMPLEMENTED                    ,"not implemented"},
+{BN_R_NOT_INITIALIZED                    ,"not initialized"},
 {BN_R_NO_INVERSE                         ,"no inverse"},
-{0,NULL},
+{BN_R_P_IS_NOT_PRIME                     ,"p is not prime"},
+{BN_R_TOO_MANY_ITERATIONS                ,"too many iterations"},
+{BN_R_TOO_MANY_TEMPORARY_VARIABLES       ,"too many temporary variables"},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_BN_strings()
+void ERR_load_BN_strings(void)
 	{
 	static int init=1;
 
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_BN,BN_str_functs);
 		ERR_load_strings(ERR_LIB_BN,BN_str_reasons);
 #endif
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 44f47e7eb2..afdfd580fb 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -55,115 +55,104 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
 
-#include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-#define TABLE_SIZE	16
-
-/* slow but works */
-int BN_mod_mul(ret, a, b, m, ctx)
-BIGNUM *ret;
-BIGNUM *a;
-BIGNUM *b;
-BIGNUM *m;
-BN_CTX *ctx;
-	{
-	BIGNUM *t;
-	int r=0;
-
-	bn_check_top(a);
-	bn_check_top(b);
-	bn_check_top(m);
-
-	t= &(ctx->bn[ctx->tos++]);
-	if (a == b)
-		{ if (!BN_sqr(t,a,ctx)) goto err; }
-	else
-		{ if (!BN_mul(t,a,b,ctx)) goto err; }
-	if (!BN_mod(ret,t,m,ctx)) goto err;
-	r=1;
-err:
-	ctx->tos--;
-	return(r);
-	}
+#define TABLE_SIZE	32
 
-#if 0
 /* this one works - simple but works */
-int BN_mod_exp(r,a,p,m,ctx)
-BIGNUM *r,*a,*p,*m;
-BN_CTX *ctx;
+int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 	{
 	int i,bits,ret=0;
-	BIGNUM *v,*tmp;
+	BIGNUM *v,*rr;
 
-	v= &(ctx->bn[ctx->tos++]);
-	tmp= &(ctx->bn[ctx->tos++]);
+	BN_CTX_start(ctx);
+	if ((r == a) || (r == p))
+		rr = BN_CTX_get(ctx);
+	else
+		rr = r;
+	if ((v = BN_CTX_get(ctx)) == NULL) goto err;
 
 	if (BN_copy(v,a) == NULL) goto err;
 	bits=BN_num_bits(p);
 
 	if (BN_is_odd(p))
-		{ if (BN_copy(r,a) == NULL) goto err; }
-	else	{ if (BN_one(r)) goto err; }
+		{ if (BN_copy(rr,a) == NULL) goto err; }
+	else	{ if (!BN_one(rr)) goto err; }
 
 	for (i=1; i<bits; i++)
 		{
-		if (!BN_sqr(tmp,v,ctx)) goto err;
-		if (!BN_mod(v,tmp,m,ctx)) goto err;
+		if (!BN_sqr(v,v,ctx)) goto err;
 		if (BN_is_bit_set(p,i))
 			{
-			if (!BN_mul(tmp,r,v,ctx)) goto err;
-			if (!BN_mod(r,tmp,m,ctx)) goto err;
+			if (!BN_mul(rr,rr,v,ctx)) goto err;
 			}
 		}
 	ret=1;
 err:
-	ctx->tos-=2;
+	if (r != rr) BN_copy(r,rr);
+	BN_CTX_end(ctx);
 	return(ret);
 	}
 
-#endif
 
-/* this one works - simple but works */
-int BN_exp(r,a,p,ctx)
-BIGNUM *r,*a,*p;
-BN_CTX *ctx;
-	{
-	int i,bits,ret=0;
-	BIGNUM *v,*tmp;
-
-	v= &(ctx->bn[ctx->tos++]);
-	tmp= &(ctx->bn[ctx->tos++]);
-
-	if (BN_copy(v,a) == NULL) goto err;
-	bits=BN_num_bits(p);
-
-	if (BN_is_odd(p))
-		{ if (BN_copy(r,a) == NULL) goto err; }
-	else	{ if (BN_one(r)) goto err; }
-
-	for (i=1; i<bits; i++)
-		{
-		if (!BN_sqr(tmp,v,ctx)) goto err;
-		if (BN_is_bit_set(p,i))
-			{
-			if (!BN_mul(tmp,r,v,ctx)) goto err;
-			}
-		}
-	ret=1;
-err:
-	ctx->tos-=2;
-	return(ret);
-	}
-
-int BN_mod_exp(r,a,p,m,ctx)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *p;
-BIGNUM *m;
-BN_CTX *ctx;
+int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+	       BN_CTX *ctx)
 	{
 	int ret;
 
@@ -171,6 +160,40 @@ BN_CTX *ctx;
 	bn_check_top(p);
 	bn_check_top(m);
 
+	/* For even modulus  m = 2^k*m_odd,  it might make sense to compute
+	 * a^p mod m_odd  and  a^p mod 2^k  separately (with Montgomery
+	 * exponentiation for the odd part), using appropriate exponent
+	 * reductions, and combine the results using the CRT.
+	 *
+	 * For now, we use Montgomery only if the modulus is odd; otherwise,
+	 * exponentiation using the reciprocal-based quick remaindering
+	 * algorithm is used.
+	 *
+	 * (Timing obtained with expspeed.c [computations  a^p mod m
+	 * where  a, p, m  are of the same length: 256, 512, 1024, 2048,
+	 * 4096, 8192 bits], compared to the running time of the
+	 * standard algorithm:
+	 *
+	 *   BN_mod_exp_mont   33 .. 40 %  [AMD K6-2, Linux, debug configuration]
+         *                     55 .. 77 %  [UltraSparc processor, but
+	 *                                  debug-solaris-sparcv8-gcc conf.]
+	 * 
+	 *   BN_mod_exp_recp   50 .. 70 %  [AMD K6-2, Linux, debug configuration]
+	 *                     62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc]
+	 *
+	 * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont
+	 * at 2048 and more bits, but at 512 and 1024 bits, it was
+	 * slower even than the standard algorithm!
+	 *
+	 * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations]
+	 * should be obtained when the new Montgomery reduction code
+	 * has been integrated into OpenSSL.)
+	 */
+
+#define MONT_MUL_MOD
+#define MONT_EXP_WORD
+#define RECP_MUL_MOD
+
 #ifdef MONT_MUL_MOD
 	/* I have finally been able to take out this pre-condition of
 	 * the top bit being set.  It was caused by an error in BN_div
@@ -179,7 +202,17 @@ BN_CTX *ctx;
 /*	if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
 
 	if (BN_is_odd(m))
-		{ ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL); }
+		{
+#  ifdef MONT_EXP_WORD
+		if (a->top == 1 && !a->neg)
+			{
+			BN_ULONG A = a->d[0];
+			ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL);
+			}
+		else
+#  endif
+			ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL);
+		}
 	else
 #endif
 #ifdef RECP_MUL_MOD
@@ -191,13 +224,9 @@ BN_CTX *ctx;
 	return(ret);
 	}
 
-/* #ifdef RECP_MUL_MOD */
-int BN_mod_exp_recp(r,a,p,m,ctx)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *p;
-BIGNUM *m;
-BN_CTX *ctx;
+
+int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		    const BIGNUM *m, BN_CTX *ctx)
 	{
 	int i,j,bits,ret=0,wstart,wend,window,wvalue;
 	int start=1,ts=0;
@@ -205,42 +234,55 @@ BN_CTX *ctx;
 	BIGNUM val[TABLE_SIZE];
 	BN_RECP_CTX recp;
 
-	aa= &(ctx->bn[ctx->tos++]);
 	bits=BN_num_bits(p);
 
 	if (bits == 0)
 		{
-		BN_one(r);
-		return(1);
+		ret = BN_one(r);
+		return ret;
 		}
+
+	BN_CTX_start(ctx);
+	if ((aa = BN_CTX_get(ctx)) == NULL) goto err;
+
 	BN_RECP_CTX_init(&recp);
-	if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err;
+	if (m->neg)
+		{
+		/* ignore sign of 'm' */
+		if (!BN_copy(aa, m)) goto err;
+		aa->neg = 0;
+		if (BN_RECP_CTX_set(&recp,aa,ctx) <= 0) goto err;
+		}
+	else
+		{
+		if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err;
+		}
 
 	BN_init(&(val[0]));
 	ts=1;
 
-	if (!BN_mod(&(val[0]),a,m,ctx)) goto err;		/* 1 */
-	if (!BN_mod_mul_reciprocal(aa,&(val[0]),&(val[0]),&recp,ctx))
-		goto err;				/* 2 */
-
-	if (bits <= 17) /* This is probably 3 or 0x10001, so just do singles */
-		window=1;
-	else if (bits >= 256)
-		window=5;	/* max size of window */
-	else if (bits >= 128)
-		window=4;
-	else
-		window=3;
-
-	j=1<<(window-1);
-	for (i=1; i<j; i++)
+	if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err;		/* 1 */
+	if (BN_is_zero(&(val[0])))
 		{
-		BN_init(&val[i]);
-		if (!BN_mod_mul_reciprocal(&(val[i]),&(val[i-1]),aa,&recp,ctx))
-			goto err;
+		ret = BN_zero(r);
+		goto err;
 		}
-	ts=i;
 
+	window = BN_window_bits_for_exponent_size(bits);
+	if (window > 1)
+		{
+		if (!BN_mod_mul_reciprocal(aa,&(val[0]),&(val[0]),&recp,ctx))
+			goto err;				/* 2 */
+		j=1<<(window-1);
+		for (i=1; i<j; i++)
+			{
+			BN_init(&val[i]);
+			if (!BN_mod_mul_reciprocal(&(val[i]),&(val[i-1]),aa,&recp,ctx))
+				goto err;
+			}
+		ts=i;
+		}
+		
 	start=1;	/* This is used to avoid multiplication etc
 			 * when there is only the value '1' in the
 			 * buffer. */
@@ -301,26 +343,21 @@ BN_CTX *ctx;
 		}
 	ret=1;
 err:
-	ctx->tos--;
+	BN_CTX_end(ctx);
 	for (i=0; i<ts; i++)
 		BN_clear_free(&(val[i]));
 	BN_RECP_CTX_free(&recp);
 	return(ret);
 	}
-/* #endif */
-
-/* #ifdef MONT_MUL_MOD */
-int BN_mod_exp_mont(rr,a,p,m,ctx,in_mont)
-BIGNUM *rr;
-BIGNUM *a;
-BIGNUM *p;
-BIGNUM *m;
-BN_CTX *ctx;
-BN_MONT_CTX *in_mont;
+
+
+int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+		    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
 	{
 	int i,j,bits,ret=0,wstart,wend,window,wvalue;
 	int start=1,ts=0;
-	BIGNUM *d,*aa,*r;
+	BIGNUM *d,*r;
+	const BIGNUM *aa;
 	BIGNUM val[TABLE_SIZE];
 	BN_MONT_CTX *mont=NULL;
 
@@ -333,23 +370,24 @@ BN_MONT_CTX *in_mont;
 		BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
 		return(0);
 		}
-	d= &(ctx->bn[ctx->tos++]);
-	r= &(ctx->bn[ctx->tos++]);
 	bits=BN_num_bits(p);
 	if (bits == 0)
 		{
-		BN_one(r);
-		return(1);
+		ret = BN_one(rr);
+		return ret;
 		}
 
+	BN_CTX_start(ctx);
+	d = BN_CTX_get(ctx);
+	r = BN_CTX_get(ctx);
+	if (d == NULL || r == NULL) goto err;
+
 	/* If this is not done, things will break in the montgomery
 	 * part */
 
-#if 1
 	if (in_mont != NULL)
 		mont=in_mont;
 	else
-#endif
 		{
 		if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
 		if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
@@ -357,33 +395,34 @@ BN_MONT_CTX *in_mont;
 
 	BN_init(&val[0]);
 	ts=1;
-	if (BN_ucmp(a,m) >= 0)
+	if (a->neg || BN_ucmp(a,m) >= 0)
 		{
-		BN_mod(&(val[0]),a,m,ctx);
+		if (!BN_nnmod(&(val[0]),a,m,ctx))
+			goto err;
 		aa= &(val[0]);
 		}
 	else
 		aa=a;
+	if (BN_is_zero(aa))
+		{
+		ret = BN_zero(rr);
+		goto err;
+		}
 	if (!BN_to_montgomery(&(val[0]),aa,mont,ctx)) goto err; /* 1 */
-	if (!BN_mod_mul_montgomery(d,&(val[0]),&(val[0]),mont,ctx)) goto err; /* 2 */
-
-	if (bits <= 20) /* This is probably 3 or 0x10001, so just do singles */
-		window=1;
-	else if (bits >= 256)
-		window=5;	/* max size of window */
-	else if (bits >= 128)
-		window=4;
-	else
-		window=3;
 
-	j=1<<(window-1);
-	for (i=1; i<j; i++)
+	window = BN_window_bits_for_exponent_size(bits);
+	if (window > 1)
 		{
-		BN_init(&(val[i]));
-		if (!BN_mod_mul_montgomery(&(val[i]),&(val[i-1]),d,mont,ctx))
-			goto err;
+		if (!BN_mod_mul_montgomery(d,&(val[0]),&(val[0]),mont,ctx)) goto err; /* 2 */
+		j=1<<(window-1);
+		for (i=1; i<j; i++)
+			{
+			BN_init(&(val[i]));
+			if (!BN_mod_mul_montgomery(&(val[i]),&(val[i-1]),d,mont,ctx))
+				goto err;
+			}
+		ts=i;
 		}
-	ts=i;
 
 	start=1;	/* This is used to avoid multiplication etc
 			 * when there is only the value '1' in the
@@ -392,7 +431,7 @@ BN_MONT_CTX *in_mont;
 	wstart=bits-1;	/* The top bit of the window */
 	wend=0;		/* The bottom bit of the window */
 
-        if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
+	if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
 	for (;;)
 		{
 		if (BN_is_bit_set(p,wstart) == 0)
@@ -444,62 +483,201 @@ BN_MONT_CTX *in_mont;
 		start=0;
 		if (wstart < 0) break;
 		}
-	BN_from_montgomery(rr,r,mont,ctx);
+	if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;
 	ret=1;
 err:
 	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
-	ctx->tos-=2;
+	BN_CTX_end(ctx);
 	for (i=0; i<ts; i++)
 		BN_clear_free(&(val[i]));
 	return(ret);
 	}
-/* #endif */
+
+int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
+                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+	{
+	BN_MONT_CTX *mont = NULL;
+	int b, bits, ret=0;
+	int r_is_one;
+	BN_ULONG w, next_w;
+	BIGNUM *d, *r, *t;
+	BIGNUM *swap_tmp;
+#define BN_MOD_MUL_WORD(r, w, m) \
+		(BN_mul_word(r, (w)) && \
+		(/* BN_ucmp(r, (m)) < 0 ? 1 :*/  \
+			(BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
+		/* BN_MOD_MUL_WORD is only used with 'w' large,
+		 * so the BN_ucmp test is probably more overhead
+		 * than always using BN_mod (which uses BN_copy if
+		 * a similar test returns true). */
+		/* We can use BN_mod and do not need BN_nnmod because our
+		 * accumulator is never negative (the result of BN_mod does
+		 * not depend on the sign of the modulus).
+		 */
+#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
+		(BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
+
+	bn_check_top(p);
+	bn_check_top(m);
+
+	if (m->top == 0 || !(m->d[0] & 1))
+		{
+		BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS);
+		return(0);
+		}
+	if (m->top == 1)
+		a %= m->d[0]; /* make sure that 'a' is reduced */
+
+	bits = BN_num_bits(p);
+	if (bits == 0)
+		{
+		ret = BN_one(rr);
+		return ret;
+		}
+	if (a == 0)
+		{
+		ret = BN_zero(rr);
+		return ret;
+		}
+
+	BN_CTX_start(ctx);
+	d = BN_CTX_get(ctx);
+	r = BN_CTX_get(ctx);
+	t = BN_CTX_get(ctx);
+	if (d == NULL || r == NULL || t == NULL) goto err;
+
+	if (in_mont != NULL)
+		mont=in_mont;
+	else
+		{
+		if ((mont = BN_MONT_CTX_new()) == NULL) goto err;
+		if (!BN_MONT_CTX_set(mont, m, ctx)) goto err;
+		}
+
+	r_is_one = 1; /* except for Montgomery factor */
+
+	/* bits-1 >= 0 */
+
+	/* The result is accumulated in the product r*w. */
+	w = a; /* bit 'bits-1' of 'p' is always set */
+	for (b = bits-2; b >= 0; b--)
+		{
+		/* First, square r*w. */
+		next_w = w*w;
+		if ((next_w/w) != w) /* overflow */
+			{
+			if (r_is_one)
+				{
+				if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
+				r_is_one = 0;
+				}
+			else
+				{
+				if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
+				}
+			next_w = 1;
+			}
+		w = next_w;
+		if (!r_is_one)
+			{
+			if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) goto err;
+			}
+
+		/* Second, multiply r*w by 'a' if exponent bit is set. */
+		if (BN_is_bit_set(p, b))
+			{
+			next_w = w*a;
+			if ((next_w/a) != w) /* overflow */
+				{
+				if (r_is_one)
+					{
+					if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
+					r_is_one = 0;
+					}
+				else
+					{
+					if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
+					}
+				next_w = a;
+				}
+			w = next_w;
+			}
+		}
+
+	/* Finally, set r:=r*w. */
+	if (w != 1)
+		{
+		if (r_is_one)
+			{
+			if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
+			r_is_one = 0;
+			}
+		else
+			{
+			if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
+			}
+		}
+
+	if (r_is_one) /* can happen only if a == 1*/
+		{
+		if (!BN_one(rr)) goto err;
+		}
+	else
+		{
+		if (!BN_from_montgomery(rr, r, mont, ctx)) goto err;
+		}
+	ret = 1;
+err:
+	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
+	BN_CTX_end(ctx);
+	return(ret);
+	}
+
 
 /* The old fallback, simple version :-) */
-int BN_mod_exp_simple(r,a,p,m,ctx)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *p;
-BIGNUM *m;
-BN_CTX *ctx;
+int BN_mod_exp_simple(BIGNUM *r,
+	const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+	BN_CTX *ctx)
 	{
 	int i,j,bits,ret=0,wstart,wend,window,wvalue,ts=0;
 	int start=1;
 	BIGNUM *d;
 	BIGNUM val[TABLE_SIZE];
 
-	d= &(ctx->bn[ctx->tos++]);
 	bits=BN_num_bits(p);
 
 	if (bits == 0)
 		{
-		BN_one(r);
-		return(1);
+		ret = BN_one(r);
+		return ret;
 		}
 
+	BN_CTX_start(ctx);
+	if ((d = BN_CTX_get(ctx)) == NULL) goto err;
+
 	BN_init(&(val[0]));
 	ts=1;
-	if (!BN_mod(&(val[0]),a,m,ctx)) goto err;		/* 1 */
-	if (!BN_mod_mul(d,&(val[0]),&(val[0]),m,ctx))
-		goto err;				/* 2 */
-
-	if (bits <= 17) /* This is probably 3 or 0x10001, so just do singles */
-		window=1;
-	else if (bits >= 256)
-		window=5;	/* max size of window */
-	else if (bits >= 128)
-		window=4;
-	else
-		window=3;
+	if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err;		/* 1 */
+	if (BN_is_zero(&(val[0])))
+		{
+		ret = BN_zero(r);
+		goto err;
+		}
 
-	j=1<<(window-1);
-	for (i=1; i<j; i++)
+	window = BN_window_bits_for_exponent_size(bits);
+	if (window > 1)
 		{
-		BN_init(&(val[i]));
-		if (!BN_mod_mul(&(val[i]),&(val[i-1]),d,m,ctx))
-			goto err;
+		if (!BN_mod_mul(d,&(val[0]),&(val[0]),m,ctx))
+			goto err;				/* 2 */
+		j=1<<(window-1);
+		for (i=1; i<j; i++)
+			{
+			BN_init(&(val[i]));
+			if (!BN_mod_mul(&(val[i]),&(val[i-1]),d,m,ctx))
+				goto err;
+			}
+		ts=i;
 		}
-	ts=i;
 
 	start=1;	/* This is used to avoid multiplication etc
 			 * when there is only the value '1' in the
@@ -561,7 +739,7 @@ BN_CTX *ctx;
 		}
 	ret=1;
 err:
-	ctx->tos--;
+	BN_CTX_end(ctx);
 	for (i=0; i<ts; i++)
 		BN_clear_free(&(val[i]));
 	return(ret);
diff --git a/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c
index eface739b3..73ccd58a83 100644
--- a/crypto/bn/bn_exp2.c
+++ b/crypto/bn/bn_exp2.c
@@ -1,34 +1,129 @@
+/* crypto/bn/bn_exp2.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-/* I've done some timing with different table sizes.
- * The main hassle is that even with bits set at 3, this requires
- * 63 BIGNUMs to store the pre-calculated values.
- *          512   1024 
- * bits=1  75.4%  79.4%
- * bits=2  61.2%  62.4%
- * bits=3  61.3%  59.3%
- * The lack of speed improvment is also a function of the pre-calculation
- * which could be removed.
- */
-#define EXP2_TABLE_BITS	2 /* 1  2  3  4  5  */
-#define EXP2_TABLE_SIZE	4 /* 2  4  8 16 32  */
-
-int BN_mod_exp2_mont(rr,a1,p1,a2,p2,m,ctx,in_mont)
-BIGNUM *rr;
-BIGNUM *a1;
-BIGNUM *p1;
-BIGNUM *a2;
-BIGNUM *p2;
-BIGNUM *m;
-BN_CTX *ctx;
-BN_MONT_CTX *in_mont;
+#define TABLE_SIZE	32
+
+int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
+	const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
+	BN_CTX *ctx, BN_MONT_CTX *in_mont)
 	{
-	int i,j,k,bits,bits1,bits2,ret=0,wstart,wend,window,xvalue,yvalue;
-	int start=1,ts=0,x,y;
-	BIGNUM *d,*aa1,*aa2,*r;
-	BIGNUM val[EXP2_TABLE_SIZE][EXP2_TABLE_SIZE];
+	int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2;
+	int r_is_one=1,ts1=0,ts2=0;
+	BIGNUM *d,*r;
+	const BIGNUM *a_mod_m;
+	BIGNUM val1[TABLE_SIZE], val2[TABLE_SIZE];
 	BN_MONT_CTX *mont=NULL;
 
 	bn_check_top(a1);
@@ -39,22 +134,23 @@ BN_MONT_CTX *in_mont;
 
 	if (!(m->d[0] & 1))
 		{
-		BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
+		BNerr(BN_F_BN_MOD_EXP2_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
 		return(0);
 		}
-	d= &(ctx->bn[ctx->tos++]);
-	r= &(ctx->bn[ctx->tos++]);
 	bits1=BN_num_bits(p1);
 	bits2=BN_num_bits(p2);
 	if ((bits1 == 0) && (bits2 == 0))
 		{
-		BN_one(r);
-		return(1);
+		ret = BN_one(rr);
+		return ret;
 		}
+	
 	bits=(bits1 > bits2)?bits1:bits2;
 
-	/* If this is not done, things will break in the montgomery
-	 * part */
+	BN_CTX_start(ctx);
+	d = BN_CTX_get(ctx);
+	r = BN_CTX_get(ctx);
+	if (d == NULL || r == NULL) goto err;
 
 	if (in_mont != NULL)
 		mont=in_mont;
@@ -64,139 +160,154 @@ BN_MONT_CTX *in_mont;
 		if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
 		}
 
-	BN_init(&(val[0][0]));
-	BN_init(&(val[1][1]));
-	BN_init(&(val[0][1]));
-	BN_init(&(val[1][0]));
-	ts=1;
-	if (BN_ucmp(a1,m) >= 0)
+	window1 = BN_window_bits_for_exponent_size(bits1);
+	window2 = BN_window_bits_for_exponent_size(bits2);
+
+	/*
+	 * Build table for a1:   val1[i] := a1^(2*i + 1) mod m  for i = 0 .. 2^(window1-1)
+	 */
+	BN_init(&val1[0]);
+	ts1=1;
+	if (a1->neg || BN_ucmp(a1,m) >= 0)
 		{
-		BN_mod(&(val[1][0]),a1,m,ctx);
-		aa1= &(val[1][0]);
+		if (!BN_mod(&(val1[0]),a1,m,ctx))
+			goto err;
+		a_mod_m = &(val1[0]);
 		}
 	else
-		aa1=a1;
-	if (BN_ucmp(a2,m) >= 0)
+		a_mod_m = a1;
+	if (BN_is_zero(a_mod_m))
 		{
-		BN_mod(&(val[0][1]),a2,m,ctx);
-		aa2= &(val[0][1]);
-		}
-	else
-		aa2=a2;
-	if (!BN_to_montgomery(&(val[1][0]),aa1,mont,ctx)) goto err;
-	if (!BN_to_montgomery(&(val[0][1]),aa2,mont,ctx)) goto err;
-	if (!BN_mod_mul_montgomery(&(val[1][1]),
-		&(val[1][0]),&(val[0][1]),mont,ctx))
+		ret = BN_zero(rr);
 		goto err;
+		}
 
-#if 0
-	if (bits <= 20) /* This is probably 3 or 0x10001, so just do singles */
-		window=1;
-	else if (bits > 250)
-		window=5;	/* max size of window */
-	else if (bits >= 120)
-		window=4;
-	else
-		window=3;
-#else
-	window=EXP2_TABLE_BITS;
-#endif
-
-	k=1<<window;
-	for (x=0; x<k; x++)
+	if (!BN_to_montgomery(&(val1[0]),a_mod_m,mont,ctx)) goto err;
+	if (window1 > 1)
 		{
-		if (x >= 2)
+		if (!BN_mod_mul_montgomery(d,&(val1[0]),&(val1[0]),mont,ctx)) goto err;
+
+		j=1<<(window1-1);
+		for (i=1; i<j; i++)
 			{
-			BN_init(&(val[x][0]));
-			BN_init(&(val[x][1]));
-			if (!BN_mod_mul_montgomery(&(val[x][0]),
-				&(val[1][0]),&(val[x-1][0]),mont,ctx)) goto err;
-			if (!BN_mod_mul_montgomery(&(val[x][1]),
-				&(val[1][0]),&(val[x-1][1]),mont,ctx)) goto err;
+			BN_init(&(val1[i]));
+			if (!BN_mod_mul_montgomery(&(val1[i]),&(val1[i-1]),d,mont,ctx))
+				goto err;
 			}
-		for (y=2; y<k; y++)
+		ts1=i;
+		}
+
+
+	/*
+	 * Build table for a2:   val2[i] := a2^(2*i + 1) mod m  for i = 0 .. 2^(window2-1)
+	 */
+	BN_init(&val2[0]);
+	ts2=1;
+	if (a2->neg || BN_ucmp(a2,m) >= 0)
+		{
+		if (!BN_mod(&(val2[0]),a2,m,ctx))
+			goto err;
+		a_mod_m = &(val2[0]);
+		}
+	else
+		a_mod_m = a2;
+	if (BN_is_zero(a_mod_m))
+		{
+		ret = BN_zero(rr);
+		goto err;
+		}
+	if (!BN_to_montgomery(&(val2[0]),a_mod_m,mont,ctx)) goto err;
+	if (window2 > 1)
+		{
+		if (!BN_mod_mul_montgomery(d,&(val2[0]),&(val2[0]),mont,ctx)) goto err;
+
+		j=1<<(window2-1);
+		for (i=1; i<j; i++)
 			{
-			BN_init(&(val[x][y]));
-			if (!BN_mod_mul_montgomery(&(val[x][y]),
-				&(val[x][y-1]),&(val[0][1]),mont,ctx))
+			BN_init(&(val2[i]));
+			if (!BN_mod_mul_montgomery(&(val2[i]),&(val2[i-1]),d,mont,ctx))
 				goto err;
 			}
+		ts2=i;
 		}
-	ts=k;
-
-	start=1;	/* This is used to avoid multiplication etc
-			 * when there is only the value '1' in the
-			 * buffer. */
-	xvalue=0;	/* The 'x value' of the window */
-	yvalue=0;	/* The 'y value' of the window */
-	wstart=bits-1;	/* The top bit of the window */
-	wend=0;		/* The bottom bit of the window */
-
-        if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
-	for (;;)
+
+
+	/* Now compute the power product, using independent windows. */
+	r_is_one=1;
+	wvalue1=0;  /* The 'value' of the first window */
+	wvalue2=0;  /* The 'value' of the second window */
+	wpos1=0;    /* If wvalue1 > 0, the bottom bit of the first window */
+	wpos2=0;    /* If wvalue2 > 0, the bottom bit of the second window */
+
+	if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
+	for (b=bits-1; b>=0; b--)
 		{
-		xvalue=BN_is_bit_set(p1,wstart);
-		yvalue=BN_is_bit_set(p2,wstart);
-		if (!(xvalue || yvalue))
+		if (!r_is_one)
 			{
-			if (!start)
+			if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
+				goto err;
+			}
+		
+		if (!wvalue1)
+			if (BN_is_bit_set(p1, b))
 				{
-				if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
-					goto err;
+				/* consider bits b-window1+1 .. b for this window */
+				i = b-window1+1;
+				while (!BN_is_bit_set(p1, i)) /* works for i<0 */
+					i++;
+				wpos1 = i;
+				wvalue1 = 1;
+				for (i = b-1; i >= wpos1; i--)
+					{
+					wvalue1 <<= 1;
+					if (BN_is_bit_set(p1, i))
+						wvalue1++;
+					}
 				}
-			wstart--;
-			if (wstart < 0) break;
-			continue;
-			}
-		/* We now have wstart on a 'set' bit, we now need to work out
-		 * how bit a window to do.  To do this we need to scan
-		 * forward until the last set bit before the end of the
-		 * window */
-		j=wstart;
-		/* xvalue=BN_is_bit_set(p1,wstart); already set */
-		/* yvalue=BN_is_bit_set(p1,wstart); already set */
-		wend=0;
-		for (i=1; i<window; i++)
-			{
-			if (wstart-i < 0) break;
-			xvalue+=xvalue;
-			xvalue|=BN_is_bit_set(p1,wstart-i);
-			yvalue+=yvalue;
-			yvalue|=BN_is_bit_set(p2,wstart-i);
-			}
-
-		/* i is the size of the current window */
-		/* add the 'bytes above' */
-		if (!start)
-			for (j=0; j<i; j++)
+		
+		if (!wvalue2)
+			if (BN_is_bit_set(p2, b))
 				{
-				if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
-					goto err;
+				/* consider bits b-window2+1 .. b for this window */
+				i = b-window2+1;
+				while (!BN_is_bit_set(p2, i))
+					i++;
+				wpos2 = i;
+				wvalue2 = 1;
+				for (i = b-1; i >= wpos2; i--)
+					{
+					wvalue2 <<= 1;
+					if (BN_is_bit_set(p2, i))
+						wvalue2++;
+					}
 				}
+
+		if (wvalue1 && b == wpos1)
+			{
+			/* wvalue1 is odd and < 2^window1 */
+			if (!BN_mod_mul_montgomery(r,r,&(val1[wvalue1>>1]),mont,ctx))
+				goto err;
+			wvalue1 = 0;
+			r_is_one = 0;
+			}
 		
-		/* wvalue will be an odd number < 2^window */
-		if (xvalue || yvalue)
+		if (wvalue2 && b == wpos2)
 			{
-			if (!BN_mod_mul_montgomery(r,r,&(val[xvalue][yvalue]),
-				mont,ctx)) goto err;
+			/* wvalue2 is odd and < 2^window2 */
+			if (!BN_mod_mul_montgomery(r,r,&(val2[wvalue2>>1]),mont,ctx))
+				goto err;
+			wvalue2 = 0;
+			r_is_one = 0;
 			}
-
-		/* move the 'window' down further */
-		wstart-=i;
-		start=0;
-		if (wstart < 0) break;
 		}
 	BN_from_montgomery(rr,r,mont,ctx);
 	ret=1;
 err:
 	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
-	ctx->tos-=2;
-	for (i=0; i<ts; i++)
-		{
-		for (j=0; j<ts; j++)
-			{
-			BN_clear_free(&(val[i][j]));
-			}
-		}
+	BN_CTX_end(ctx);
+	for (i=0; i<ts1; i++)
+		BN_clear_free(&(val1[i]));
+	for (i=0; i<ts2; i++)
+		BN_clear_free(&(val2[i]));
 	return(ret);
 	}
diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c
index c80cecdc8d..7649f63fd2 100644
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -55,20 +55,66 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
-#include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-#ifndef NOPROTO
 static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
-#else
-static BIGNUM *euclid();
-#endif
 
-int BN_gcd(r,in_a,in_b,ctx)
-BIGNUM *r,*in_a,*in_b;
-BN_CTX *ctx;
+int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
 	{
 	BIGNUM *a,*b,*t;
 	int ret=0;
@@ -76,11 +122,15 @@ BN_CTX *ctx;
 	bn_check_top(in_a);
 	bn_check_top(in_b);
 
-	a= &(ctx->bn[ctx->tos]);
-	b= &(ctx->bn[ctx->tos+1]);
+	BN_CTX_start(ctx);
+	a = BN_CTX_get(ctx);
+	b = BN_CTX_get(ctx);
+	if (a == NULL || b == NULL) goto err;
 
 	if (BN_copy(a,in_a) == NULL) goto err;
 	if (BN_copy(b,in_b) == NULL) goto err;
+	a->neg = 0;
+	b->neg = 0;
 
 	if (BN_cmp(a,b) < 0) { t=a; a=b; b=t; }
 	t=euclid(a,b);
@@ -89,11 +139,11 @@ BN_CTX *ctx;
 	if (BN_copy(r,t) == NULL) goto err;
 	ret=1;
 err:
+	BN_CTX_end(ctx);
 	return(ret);
 	}
 
-static BIGNUM *euclid(a,b)
-BIGNUM *a,*b;
+static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
 	{
 	BIGNUM *t;
 	int shifts=0;
@@ -101,10 +151,10 @@ BIGNUM *a,*b;
 	bn_check_top(a);
 	bn_check_top(b);
 
-	for (;;)
+	/* 0 <= b <= a */
+	while (!BN_is_zero(b))
 		{
-		if (BN_is_zero(b))
-			break;
+		/* 0 < b <= a */
 
 		if (BN_is_odd(a))
 			{
@@ -137,7 +187,9 @@ BIGNUM *a,*b;
 				shifts++;
 				}
 			}
+		/* 0 <= b <= a */
 		}
+
 	if (shifts)
 		{
 		if (!BN_lshift(a,a,shifts)) goto err;
@@ -147,61 +199,284 @@ err:
 	return(NULL);
 	}
 
+
 /* solves ax == 1 (mod n) */
-BIGNUM *BN_mod_inverse(in, a, n, ctx)
-BIGNUM *in;
-BIGNUM *a;
-BIGNUM *n;
-BN_CTX *ctx;
+BIGNUM *BN_mod_inverse(BIGNUM *in,
+	const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
 	{
-	BIGNUM *A,*B,*X,*Y,*M,*D,*R;
-	BIGNUM *T,*ret=NULL;
+	BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;
+	BIGNUM *ret=NULL;
 	int sign;
 
 	bn_check_top(a);
 	bn_check_top(n);
 
-	A= &(ctx->bn[ctx->tos]);
-	B= &(ctx->bn[ctx->tos+1]);
-	X= &(ctx->bn[ctx->tos+2]);
-	D= &(ctx->bn[ctx->tos+3]);
-	M= &(ctx->bn[ctx->tos+4]);
-	Y= &(ctx->bn[ctx->tos+5]);
-	ctx->tos+=6;
+	BN_CTX_start(ctx);
+	A = BN_CTX_get(ctx);
+	B = BN_CTX_get(ctx);
+	X = BN_CTX_get(ctx);
+	D = BN_CTX_get(ctx);
+	M = BN_CTX_get(ctx);
+	Y = BN_CTX_get(ctx);
+	T = BN_CTX_get(ctx);
+	if (T == NULL) goto err;
+
 	if (in == NULL)
 		R=BN_new();
 	else
 		R=in;
 	if (R == NULL) goto err;
 
-	BN_zero(X);
-	BN_one(Y);
-	if (BN_copy(A,a) == NULL) goto err;
-	if (BN_copy(B,n) == NULL) goto err;
-	sign=1;
+	BN_one(X);
+	BN_zero(Y);
+	if (BN_copy(B,a) == NULL) goto err;
+	if (BN_copy(A,n) == NULL) goto err;
+	A->neg = 0;
+	if (B->neg || (BN_ucmp(B, A) >= 0))
+		{
+		if (!BN_nnmod(B, B, A, ctx)) goto err;
+		}
+	sign = -1;
+	/* From  B = a mod |n|,  A = |n|  it follows that
+	 *
+	 *      0 <= B < A,
+	 *     -sign*X*a  ==  B   (mod |n|),
+	 *      sign*Y*a  ==  A   (mod |n|).
+	 */
+
+	if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048)))
+		{
+		/* Binary inversion algorithm; requires odd modulus.
+		 * This is faster than the general algorithm if the modulus
+		 * is sufficiently small (about 400 .. 500 bits on 32-bit
+		 * sytems, but much more on 64-bit systems) */
+		int shift;
+		
+		while (!BN_is_zero(B))
+			{
+			/*
+			 *      0 < B < |n|,
+			 *      0 < A <= |n|,
+			 * (1) -sign*X*a  ==  B   (mod |n|),
+			 * (2)  sign*Y*a  ==  A   (mod |n|)
+			 */
+
+			/* Now divide  B  by the maximum possible power of two in the integers,
+			 * and divide  X  by the same value mod |n|.
+			 * When we're done, (1) still holds. */
+			shift = 0;
+			while (!BN_is_bit_set(B, shift)) /* note that 0 < B */
+				{
+				shift++;
+				
+				if (BN_is_odd(X))
+					{
+					if (!BN_uadd(X, X, n)) goto err;
+					}
+				/* now X is even, so we can easily divide it by two */
+				if (!BN_rshift1(X, X)) goto err;
+				}
+			if (shift > 0)
+				{
+				if (!BN_rshift(B, B, shift)) goto err;
+				}
+
+
+			/* Same for  A  and  Y.  Afterwards, (2) still holds. */
+			shift = 0;
+			while (!BN_is_bit_set(A, shift)) /* note that 0 < A */
+				{
+				shift++;
+				
+				if (BN_is_odd(Y))
+					{
+					if (!BN_uadd(Y, Y, n)) goto err;
+					}
+				/* now Y is even */
+				if (!BN_rshift1(Y, Y)) goto err;
+				}
+			if (shift > 0)
+				{
+				if (!BN_rshift(A, A, shift)) goto err;
+				}
 
-	while (!BN_is_zero(B))
+			
+			/* We still have (1) and (2).
+			 * Both  A  and  B  are odd.
+			 * The following computations ensure that
+			 *
+			 *     0 <= B < |n|,
+			 *      0 < A < |n|,
+			 * (1) -sign*X*a  ==  B   (mod |n|),
+			 * (2)  sign*Y*a  ==  A   (mod |n|),
+			 *
+			 * and that either  A  or  B  is even in the next iteration.
+			 */
+			if (BN_ucmp(B, A) >= 0)
+				{
+				/* -sign*(X + Y)*a == B - A  (mod |n|) */
+				if (!BN_uadd(X, X, Y)) goto err;
+				/* NB: we could use BN_mod_add_quick(X, X, Y, n), but that
+				 * actually makes the algorithm slower */
+				if (!BN_usub(B, B, A)) goto err;
+				}
+			else
+				{
+				/*  sign*(X + Y)*a == A - B  (mod |n|) */
+				if (!BN_uadd(Y, Y, X)) goto err;
+				/* as above, BN_mod_add_quick(Y, Y, X, n) would slow things down */
+				if (!BN_usub(A, A, B)) goto err;
+				}
+			}
+		}
+	else
 		{
-		if (!BN_div(D,M,A,B,ctx)) goto err;
-		T=A;
-		A=B;
-		B=M;
-		/* T has a struct, M does not */
-
-		if (!BN_mul(T,D,X,ctx)) goto err;
-		if (!BN_add(T,T,Y)) goto err;
-		M=Y;
-		Y=X;
-		X=T;
-		sign= -sign;
+		/* general inversion algorithm */
+
+		while (!BN_is_zero(B))
+			{
+			BIGNUM *tmp;
+			
+			/*
+			 *      0 < B < A,
+			 * (*) -sign*X*a  ==  B   (mod |n|),
+			 *      sign*Y*a  ==  A   (mod |n|)
+			 */
+			
+			/* (D, M) := (A/B, A%B) ... */
+			if (BN_num_bits(A) == BN_num_bits(B))
+				{
+				if (!BN_one(D)) goto err;
+				if (!BN_sub(M,A,B)) goto err;
+				}
+			else if (BN_num_bits(A) == BN_num_bits(B) + 1)
+				{
+				/* A/B is 1, 2, or 3 */
+				if (!BN_lshift1(T,B)) goto err;
+				if (BN_ucmp(A,T) < 0)
+					{
+					/* A < 2*B, so D=1 */
+					if (!BN_one(D)) goto err;
+					if (!BN_sub(M,A,B)) goto err;
+					}
+				else
+					{
+					/* A >= 2*B, so D=2 or D=3 */
+					if (!BN_sub(M,A,T)) goto err;
+					if (!BN_add(D,T,B)) goto err; /* use D (:= 3*B) as temp */
+					if (BN_ucmp(A,D) < 0)
+						{
+						/* A < 3*B, so D=2 */
+						if (!BN_set_word(D,2)) goto err;
+						/* M (= A - 2*B) already has the correct value */
+						}
+					else
+						{
+						/* only D=3 remains */
+						if (!BN_set_word(D,3)) goto err;
+						/* currently  M = A - 2*B,  but we need  M = A - 3*B */
+						if (!BN_sub(M,M,B)) goto err;
+						}
+					}
+				}
+			else
+				{
+				if (!BN_div(D,M,A,B,ctx)) goto err;
+				}
+			
+			/* Now
+			 *      A = D*B + M;
+			 * thus we have
+			 * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
+			 */
+			
+			tmp=A; /* keep the BIGNUM object, the value does not matter */
+			
+			/* (A, B) := (B, A mod B) ... */
+			A=B;
+			B=M;
+			/* ... so we have  0 <= B < A  again */
+			
+			/* Since the former  M  is now  B  and the former  B  is now  A,
+			 * (**) translates into
+			 *       sign*Y*a  ==  D*A + B    (mod |n|),
+			 * i.e.
+			 *       sign*Y*a - D*A  ==  B    (mod |n|).
+			 * Similarly, (*) translates into
+			 *      -sign*X*a  ==  A          (mod |n|).
+			 *
+			 * Thus,
+			 *   sign*Y*a + D*sign*X*a  ==  B  (mod |n|),
+			 * i.e.
+			 *        sign*(Y + D*X)*a  ==  B  (mod |n|).
+			 *
+			 * So if we set  (X, Y, sign) := (Y + D*X, X, -sign),  we arrive back at
+			 *      -sign*X*a  ==  B   (mod |n|),
+			 *       sign*Y*a  ==  A   (mod |n|).
+			 * Note that  X  and  Y  stay non-negative all the time.
+			 */
+			
+			/* most of the time D is very small, so we can optimize tmp := D*X+Y */
+			if (BN_is_one(D))
+				{
+				if (!BN_add(tmp,X,Y)) goto err;
+				}
+			else
+				{
+				if (BN_is_word(D,2))
+					{
+					if (!BN_lshift1(tmp,X)) goto err;
+					}
+				else if (BN_is_word(D,4))
+					{
+					if (!BN_lshift(tmp,X,2)) goto err;
+					}
+				else if (D->top == 1)
+					{
+					if (!BN_copy(tmp,X)) goto err;
+					if (!BN_mul_word(tmp,D->d[0])) goto err;
+					}
+				else
+					{
+					if (!BN_mul(tmp,D,X,ctx)) goto err;
+					}
+				if (!BN_add(tmp,tmp,Y)) goto err;
+				}
+			
+			M=Y; /* keep the BIGNUM object, the value does not matter */
+			Y=X;
+			X=tmp;
+			sign = -sign;
+			}
 		}
+		
+	/*
+	 * The while loop (Euclid's algorithm) ends when
+	 *      A == gcd(a,n);
+	 * we have
+	 *       sign*Y*a  ==  A  (mod |n|),
+	 * where  Y  is non-negative.
+	 */
+
 	if (sign < 0)
 		{
 		if (!BN_sub(Y,n,Y)) goto err;
 		}
+	/* Now  Y*a  ==  A  (mod |n|).  */
+	
 
 	if (BN_is_one(A))
-		{ if (!BN_mod(R,Y,n,ctx)) goto err; }
+		{
+		/* Y*a == 1  (mod |n|) */
+		if (!Y->neg && BN_ucmp(Y,n) < 0)
+			{
+			if (!BN_copy(R,Y)) goto err;
+			}
+		else
+			{
+			if (!BN_nnmod(R,Y,n,ctx)) goto err;
+			}
+		}
 	else
 		{
 		BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE);
@@ -210,7 +485,6 @@ BN_CTX *ctx;
 	ret=R;
 err:
 	if ((ret == NULL) && (in == NULL)) BN_free(R);
-	ctx->tos-=6;
+	BN_CTX_end(ctx);
 	return(ret);
 	}
-
diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c
new file mode 100644
index 0000000000..6edd8ab22b
--- /dev/null
+++ b/crypto/bn/bn_gf2m.c
@@ -0,0 +1,996 @@
+/* crypto/bn/bn_gf2m.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * In addition, Sun covenants to all licensees who provide a reciprocal
+ * covenant with respect to their own patents if any, not to sue under
+ * current and future patent claims necessarily infringed by the making,
+ * using, practicing, selling, offering for sale and/or otherwise
+ * disposing of the ECC Code as delivered hereunder (or portions thereof),
+ * provided that such covenant shall not apply:
+ *  1) for code that a licensee deletes from the ECC Code;
+ *  2) separates from the ECC Code; or
+ *  3) for infringements caused by:
+ *       i) the modification of the ECC Code or
+ *      ii) the combination of the ECC Code with other software or
+ *          devices where such combination causes the infringement.
+ *
+ * The software is originally written by Sheueling Chang Shantz and
+ * Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+/* NOTE: This file is licensed pursuant to the OpenSSL license below
+ * and may be modified; but after modifications, the above covenant
+ * may no longer apply!  In such cases, the corresponding paragraph
+ * ["In addition, Sun covenants ... causes the infringement."] and
+ * this note can be edited out; but please keep the Sun copyright
+ * notice and attribution. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <assert.h>
+#include <limits.h>
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+/* Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should fail. */
+#define MAX_ITERATIONS 50
+
+static const BN_ULONG SQR_tb[16] =
+  {     0,     1,     4,     5,    16,    17,    20,    21,
+       64,    65,    68,    69,    80,    81,    84,    85 };
+/* Platform-specific macros to accelerate squaring. */
+#if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+#define SQR1(w) \
+    SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \
+    SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \
+    SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \
+    SQR_tb[(w) >> 36 & 0xF] <<  8 | SQR_tb[(w) >> 32 & 0xF]
+#define SQR0(w) \
+    SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \
+    SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \
+    SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >>  8 & 0xF] << 16 | \
+    SQR_tb[(w) >>  4 & 0xF] <<  8 | SQR_tb[(w)       & 0xF]
+#endif
+#ifdef THIRTY_TWO_BIT
+#define SQR1(w) \
+    SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \
+    SQR_tb[(w) >> 20 & 0xF] <<  8 | SQR_tb[(w) >> 16 & 0xF]
+#define SQR0(w) \
+    SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >>  8 & 0xF] << 16 | \
+    SQR_tb[(w) >>  4 & 0xF] <<  8 | SQR_tb[(w)       & 0xF]
+#endif
+#ifdef SIXTEEN_BIT
+#define SQR1(w) \
+    SQR_tb[(w) >> 12 & 0xF] <<  8 | SQR_tb[(w) >>  8 & 0xF]
+#define SQR0(w) \
+    SQR_tb[(w) >>  4 & 0xF] <<  8 | SQR_tb[(w)       & 0xF]
+#endif
+#ifdef EIGHT_BIT
+#define SQR1(w) \
+    SQR_tb[(w) >>  4 & 0xF]
+#define SQR0(w) \
+    SQR_tb[(w)       & 15]
+#endif
+
+/* Product of two polynomials a, b each with degree < BN_BITS2 - 1,
+ * result is a polynomial r with degree < 2 * BN_BITS - 1
+ * The caller MUST ensure that the variables have the right amount
+ * of space allocated.
+ */
+#ifdef EIGHT_BIT
+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
+	{
+	register BN_ULONG h, l, s;
+	BN_ULONG tab[4], top1b = a >> 7;
+	register BN_ULONG a1, a2;
+
+	a1 = a & (0x7F); a2 = a1 << 1;
+
+	tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2;
+
+	s = tab[b      & 0x3]; l  = s;
+	s = tab[b >> 2 & 0x3]; l ^= s << 2; h  = s >> 6;
+	s = tab[b >> 4 & 0x3]; l ^= s << 4; h ^= s >> 4;
+	s = tab[b >> 6      ]; l ^= s << 6; h ^= s >> 2;
+	
+	/* compensate for the top bit of a */
+
+	if (top1b & 01) { l ^= b << 7; h ^= b >> 1; } 
+
+	*r1 = h; *r0 = l;
+	} 
+#endif
+#ifdef SIXTEEN_BIT
+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
+	{
+	register BN_ULONG h, l, s;
+	BN_ULONG tab[4], top1b = a >> 15; 
+	register BN_ULONG a1, a2;
+
+	a1 = a & (0x7FFF); a2 = a1 << 1;
+
+	tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2;
+
+	s = tab[b      & 0x3]; l  = s;
+	s = tab[b >> 2 & 0x3]; l ^= s <<  2; h  = s >> 14;
+	s = tab[b >> 4 & 0x3]; l ^= s <<  4; h ^= s >> 12;
+	s = tab[b >> 6 & 0x3]; l ^= s <<  6; h ^= s >> 10;
+	s = tab[b >> 8 & 0x3]; l ^= s <<  8; h ^= s >>  8;
+	s = tab[b >>10 & 0x3]; l ^= s << 10; h ^= s >>  6;
+	s = tab[b >>12 & 0x3]; l ^= s << 12; h ^= s >>  4;
+	s = tab[b >>14      ]; l ^= s << 14; h ^= s >>  2;
+
+	/* compensate for the top bit of a */
+
+	if (top1b & 01) { l ^= b << 15; h ^= b >> 1; } 
+
+	*r1 = h; *r0 = l;
+	} 
+#endif
+#ifdef THIRTY_TWO_BIT
+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
+	{
+	register BN_ULONG h, l, s;
+	BN_ULONG tab[8], top2b = a >> 30; 
+	register BN_ULONG a1, a2, a4;
+
+	a1 = a & (0x3FFFFFFF); a2 = a1 << 1; a4 = a2 << 1;
+
+	tab[0] =  0; tab[1] = a1;    tab[2] = a2;    tab[3] = a1^a2;
+	tab[4] = a4; tab[5] = a1^a4; tab[6] = a2^a4; tab[7] = a1^a2^a4;
+
+	s = tab[b       & 0x7]; l  = s;
+	s = tab[b >>  3 & 0x7]; l ^= s <<  3; h  = s >> 29;
+	s = tab[b >>  6 & 0x7]; l ^= s <<  6; h ^= s >> 26;
+	s = tab[b >>  9 & 0x7]; l ^= s <<  9; h ^= s >> 23;
+	s = tab[b >> 12 & 0x7]; l ^= s << 12; h ^= s >> 20;
+	s = tab[b >> 15 & 0x7]; l ^= s << 15; h ^= s >> 17;
+	s = tab[b >> 18 & 0x7]; l ^= s << 18; h ^= s >> 14;
+	s = tab[b >> 21 & 0x7]; l ^= s << 21; h ^= s >> 11;
+	s = tab[b >> 24 & 0x7]; l ^= s << 24; h ^= s >>  8;
+	s = tab[b >> 27 & 0x7]; l ^= s << 27; h ^= s >>  5;
+	s = tab[b >> 30      ]; l ^= s << 30; h ^= s >>  2;
+
+	/* compensate for the top two bits of a */
+
+	if (top2b & 01) { l ^= b << 30; h ^= b >> 2; } 
+	if (top2b & 02) { l ^= b << 31; h ^= b >> 1; } 
+
+	*r1 = h; *r0 = l;
+	} 
+#endif
+#if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
+	{
+	register BN_ULONG h, l, s;
+	BN_ULONG tab[16], top3b = a >> 61;
+	register BN_ULONG a1, a2, a4, a8;
+
+	a1 = a & (0x1FFFFFFFFFFFFFFF); a2 = a1 << 1; a4 = a2 << 1; a8 = a4 << 1;
+
+	tab[ 0] = 0;     tab[ 1] = a1;       tab[ 2] = a2;       tab[ 3] = a1^a2;
+	tab[ 4] = a4;    tab[ 5] = a1^a4;    tab[ 6] = a2^a4;    tab[ 7] = a1^a2^a4;
+	tab[ 8] = a8;    tab[ 9] = a1^a8;    tab[10] = a2^a8;    tab[11] = a1^a2^a8;
+	tab[12] = a4^a8; tab[13] = a1^a4^a8; tab[14] = a2^a4^a8; tab[15] = a1^a2^a4^a8;
+
+	s = tab[b       & 0xF]; l  = s;
+	s = tab[b >>  4 & 0xF]; l ^= s <<  4; h  = s >> 60;
+	s = tab[b >>  8 & 0xF]; l ^= s <<  8; h ^= s >> 56;
+	s = tab[b >> 12 & 0xF]; l ^= s << 12; h ^= s >> 52;
+	s = tab[b >> 16 & 0xF]; l ^= s << 16; h ^= s >> 48;
+	s = tab[b >> 20 & 0xF]; l ^= s << 20; h ^= s >> 44;
+	s = tab[b >> 24 & 0xF]; l ^= s << 24; h ^= s >> 40;
+	s = tab[b >> 28 & 0xF]; l ^= s << 28; h ^= s >> 36;
+	s = tab[b >> 32 & 0xF]; l ^= s << 32; h ^= s >> 32;
+	s = tab[b >> 36 & 0xF]; l ^= s << 36; h ^= s >> 28;
+	s = tab[b >> 40 & 0xF]; l ^= s << 40; h ^= s >> 24;
+	s = tab[b >> 44 & 0xF]; l ^= s << 44; h ^= s >> 20;
+	s = tab[b >> 48 & 0xF]; l ^= s << 48; h ^= s >> 16;
+	s = tab[b >> 52 & 0xF]; l ^= s << 52; h ^= s >> 12;
+	s = tab[b >> 56 & 0xF]; l ^= s << 56; h ^= s >>  8;
+	s = tab[b >> 60      ]; l ^= s << 60; h ^= s >>  4;
+
+	/* compensate for the top three bits of a */
+
+	if (top3b & 01) { l ^= b << 61; h ^= b >> 3; } 
+	if (top3b & 02) { l ^= b << 62; h ^= b >> 2; } 
+	if (top3b & 04) { l ^= b << 63; h ^= b >> 1; } 
+
+	*r1 = h; *r0 = l;
+	} 
+#endif
+
+/* Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1,
+ * result is a polynomial r with degree < 4 * BN_BITS2 - 1
+ * The caller MUST ensure that the variables have the right amount
+ * of space allocated.
+ */
+static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0, const BN_ULONG b1, const BN_ULONG b0)
+	{
+	BN_ULONG m1, m0;
+	/* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */
+	bn_GF2m_mul_1x1(r+3, r+2, a1, b1);
+	bn_GF2m_mul_1x1(r+1, r, a0, b0);
+	bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1);
+	/* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */
+	r[2] ^= m1 ^ r[1] ^ r[3];  /* h0 ^= m1 ^ l1 ^ h1; */
+	r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0;  /* l1 ^= l0 ^ h0 ^ m0; */
+	}
+
+
+/* Add polynomials a and b and store result in r; r could be a or b, a and b 
+ * could be equal; r is the bitwise XOR of a and b.
+ */
+int	BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+	{
+	int i;
+	const BIGNUM *at, *bt;
+
+	if (a->top < b->top) { at = b; bt = a; }
+	else { at = a; bt = b; }
+
+	bn_wexpand(r, at->top);
+
+	for (i = 0; i < bt->top; i++)
+		{
+		r->d[i] = at->d[i] ^ bt->d[i];
+		}
+	for (; i < at->top; i++)
+		{
+		r->d[i] = at->d[i];
+		}
+	
+	r->top = at->top;
+	bn_fix_top(r);
+	
+	return 1;
+	}
+
+
+/* Some functions allow for representation of the irreducible polynomials
+ * as an int[], say p.  The irreducible f(t) is then of the form:
+ *     t^p[0] + t^p[1] + ... + t^p[k]
+ * where m = p[0] > p[1] > ... > p[k] = 0.
+ */
+
+
+/* Performs modular reduction of a and store result in r.  r could be a. */
+int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[])
+	{
+	int j, k;
+	int n, dN, d0, d1;
+	BN_ULONG zz, *z;
+	
+	/* Since the algorithm does reduction in the r value, if a != r, copy the
+	 * contents of a into r so we can do reduction in r. 
+	 */
+	if (a != r)
+		{
+		if (!bn_wexpand(r, a->top)) return 0;
+		for (j = 0; j < a->top; j++)
+			{
+			r->d[j] = a->d[j];
+			}
+		r->top = a->top;
+		}
+	z = r->d;
+
+	/* start reduction */
+	dN = p[0] / BN_BITS2;  
+	for (j = r->top - 1; j > dN;)
+		{
+		zz = z[j];
+		if (z[j] == 0) { j--; continue; }
+		z[j] = 0;
+
+		for (k = 1; p[k] > 0; k++)
+			{
+			/* reducing component t^p[k] */
+			n = p[0] - p[k];
+			d0 = n % BN_BITS2;  d1 = BN_BITS2 - d0;
+			n /= BN_BITS2; 
+			z[j-n] ^= (zz>>d0);
+			if (d0) z[j-n-1] ^= (zz<<d1);
+			}
+
+		/* reducing component t^0 */
+		n = dN;  
+		d0 = p[0] % BN_BITS2;
+		d1 = BN_BITS2 - d0;
+		z[j-n] ^= (zz >> d0);
+		if (d0) z[j-n-1] ^= (zz << d1);
+		}
+
+	/* final round of reduction */
+	while (j == dN)
+		{
+
+		d0 = p[0] % BN_BITS2;
+		zz = z[dN] >> d0;
+		if (zz == 0) break;
+		d1 = BN_BITS2 - d0;
+		
+		if (d0) z[dN] = (z[dN] << d1) >> d1; /* clear up the top d1 bits */
+		z[0] ^= zz; /* reduction t^0 component */
+
+		for (k = 1; p[k] > 0; k++)
+			{
+			BN_ULONG tmp_ulong;
+
+			/* reducing component t^p[k]*/
+			n = p[k] / BN_BITS2;   
+			d0 = p[k] % BN_BITS2;
+			d1 = BN_BITS2 - d0;
+			z[n] ^= (zz << d0);
+			tmp_ulong = zz >> d1;
+                        if (d0 && tmp_ulong)
+                                z[n+1] ^= tmp_ulong;
+			}
+
+		
+		}
+
+	bn_fix_top(r);
+	
+	return 1;
+	}
+
+/* Performs modular reduction of a by p and store result in r.  r could be a.
+ *
+ * This function calls down to the BN_GF2m_mod_arr implementation; this wrapper
+ * function is only provided for convenience; for best performance, use the 
+ * BN_GF2m_mod_arr function.
+ */
+int	BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
+	{
+	const int max = BN_num_bits(p);
+	unsigned int *arr=NULL, ret = 0;
+	if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
+	if (BN_GF2m_poly2arr(p, arr, max) > max)
+		{
+		BNerr(BN_F_BN_GF2M_MOD,BN_R_INVALID_LENGTH);
+		goto err;
+		}
+	ret = BN_GF2m_mod_arr(r, a, arr);
+  err:
+	if (arr) OPENSSL_free(arr);
+	return ret;
+	}
+
+
+/* Compute the product of two polynomials a and b, reduce modulo p, and store
+ * the result in r.  r could be a or b; a could be b.
+ */
+int	BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsigned int p[], BN_CTX *ctx)
+	{
+	int zlen, i, j, k, ret = 0;
+	BIGNUM *s;
+	BN_ULONG x1, x0, y1, y0, zz[4];
+	
+	if (a == b)
+		{
+		return BN_GF2m_mod_sqr_arr(r, a, p, ctx);
+		}
+	
+
+	BN_CTX_start(ctx);
+	if ((s = BN_CTX_get(ctx)) == NULL) goto err;
+	
+	zlen = a->top + b->top + 4;
+	if (!bn_wexpand(s, zlen)) goto err;
+	s->top = zlen;
+
+	for (i = 0; i < zlen; i++) s->d[i] = 0;
+
+	for (j = 0; j < b->top; j += 2)
+		{
+		y0 = b->d[j];
+		y1 = ((j+1) == b->top) ? 0 : b->d[j+1];
+		for (i = 0; i < a->top; i += 2)
+			{
+			x0 = a->d[i];
+			x1 = ((i+1) == a->top) ? 0 : a->d[i+1];
+			bn_GF2m_mul_2x2(zz, x1, x0, y1, y0);
+			for (k = 0; k < 4; k++) s->d[i+j+k] ^= zz[k];
+			}
+		}
+
+	bn_fix_top(s);
+	BN_GF2m_mod_arr(r, s, p);
+	ret = 1;
+
+  err:
+	BN_CTX_end(ctx);
+	return ret;
+	
+	}
+
+/* Compute the product of two polynomials a and b, reduce modulo p, and store
+ * the result in r.  r could be a or b; a could equal b.
+ *
+ * This function calls down to the BN_GF2m_mod_mul_arr implementation; this wrapper
+ * function is only provided for convenience; for best performance, use the 
+ * BN_GF2m_mod_mul_arr function.
+ */
+int	BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx)
+	{
+	const int max = BN_num_bits(p);
+	unsigned int *arr=NULL, ret = 0;
+	if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
+	if (BN_GF2m_poly2arr(p, arr, max) > max)
+		{
+		BNerr(BN_F_BN_GF2M_MOD_MUL,BN_R_INVALID_LENGTH);
+		goto err;
+		}
+	ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx);
+  err:
+	if (arr) OPENSSL_free(arr);
+	return ret;
+	}
+
+
+/* Square a, reduce the result mod p, and store it in a.  r could be a. */
+int	BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_CTX *ctx)
+	{
+	int i, ret = 0;
+	BIGNUM *s;
+	
+	BN_CTX_start(ctx);
+	if ((s = BN_CTX_get(ctx)) == NULL) return 0;
+	if (!bn_wexpand(s, 2 * a->top)) goto err;
+
+	for (i = a->top - 1; i >= 0; i--)
+		{
+		s->d[2*i+1] = SQR1(a->d[i]);
+		s->d[2*i  ] = SQR0(a->d[i]);
+		}
+
+	s->top = 2 * a->top;
+	bn_fix_top(s);
+	if (!BN_GF2m_mod_arr(r, s, p)) goto err;
+	ret = 1;
+  err:
+	BN_CTX_end(ctx);
+	return ret;
+	}
+
+/* Square a, reduce the result mod p, and store it in a.  r could be a.
+ *
+ * This function calls down to the BN_GF2m_mod_sqr_arr implementation; this wrapper
+ * function is only provided for convenience; for best performance, use the 
+ * BN_GF2m_mod_sqr_arr function.
+ */
+int	BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+	{
+	const int max = BN_num_bits(p);
+	unsigned int *arr=NULL, ret = 0;
+	if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
+	if (BN_GF2m_poly2arr(p, arr, max) > max)
+		{
+		BNerr(BN_F_BN_GF2M_MOD_SQR,BN_R_INVALID_LENGTH);
+		goto err;
+		}
+	ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx);
+  err:
+	if (arr) OPENSSL_free(arr);
+	return ret;
+	}
+
+
+/* Invert a, reduce modulo p, and store the result in r. r could be a. 
+ * Uses Modified Almost Inverse Algorithm (Algorithm 10) from
+ *     Hankerson, D., Hernandez, J.L., and Menezes, A.  "Software Implementation
+ *     of Elliptic Curve Cryptography Over Binary Fields".
+ */
+int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+	{
+	BIGNUM *b, *c, *u, *v, *tmp;
+	int ret = 0;
+
+	BN_CTX_start(ctx);
+	
+	b = BN_CTX_get(ctx);
+	c = BN_CTX_get(ctx);
+	u = BN_CTX_get(ctx);
+	v = BN_CTX_get(ctx);
+	if (v == NULL) goto err;
+
+	if (!BN_one(b)) goto err;
+	if (!BN_zero(c)) goto err;
+	if (!BN_GF2m_mod(u, a, p)) goto err;
+	if (!BN_copy(v, p)) goto err;
+
+	u->neg = 0; /* Need to set u->neg = 0 because BN_is_one(u) checks
+	             * the neg flag of the bignum.
+	             */
+
+	if (BN_is_zero(u)) goto err;
+
+	while (1)
+		{
+		while (!BN_is_odd(u))
+			{
+			if (!BN_rshift1(u, u)) goto err;
+			if (BN_is_odd(b))
+				{
+				if (!BN_GF2m_add(b, b, p)) goto err;
+				}
+			if (!BN_rshift1(b, b)) goto err;
+			}
+
+		if (BN_is_one(u)) break;
+
+		if (BN_num_bits(u) < BN_num_bits(v))
+			{
+			tmp = u; u = v; v = tmp;
+			tmp = b; b = c; c = tmp;
+			}
+		
+		if (!BN_GF2m_add(u, u, v)) goto err;
+		if (!BN_GF2m_add(b, b, c)) goto err;
+		}
+
+
+	if (!BN_copy(r, b)) goto err;
+	ret = 1;
+
+  err:
+  	BN_CTX_end(ctx);
+	return ret;
+	}
+
+/* Invert xx, reduce modulo p, and store the result in r. r could be xx. 
+ *
+ * This function calls down to the BN_GF2m_mod_inv implementation; this wrapper
+ * function is only provided for convenience; for best performance, use the 
+ * BN_GF2m_mod_inv function.
+ */
+int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const unsigned int p[], BN_CTX *ctx)
+	{
+	BIGNUM *field;
+	int ret = 0;
+
+	BN_CTX_start(ctx);
+	if ((field = BN_CTX_get(ctx)) == NULL) goto err;
+	if (!BN_GF2m_arr2poly(p, field)) goto err;
+	
+	ret = BN_GF2m_mod_inv(r, xx, field, ctx);
+
+  err:
+	BN_CTX_end(ctx);
+	return ret;
+	}
+
+
+#ifndef OPENSSL_SUN_GF2M_DIV
+/* Divide y by x, reduce modulo p, and store the result in r. r could be x 
+ * or y, x could equal y.
+ */
+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx)
+	{
+	BIGNUM *xinv = NULL;
+	int ret = 0;
+	
+	BN_CTX_start(ctx);
+	xinv = BN_CTX_get(ctx);
+	if (xinv == NULL) goto err;
+	
+	if (!BN_GF2m_mod_inv(xinv, x, p, ctx)) goto err;
+	if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx)) goto err;
+	ret = 1;
+
+  err:
+	BN_CTX_end(ctx);
+	return ret;
+	}
+#else
+/* Divide y by x, reduce modulo p, and store the result in r. r could be x 
+ * or y, x could equal y.
+ * Uses algorithm Modular_Division_GF(2^m) from 
+ *     Chang-Shantz, S.  "From Euclid's GCD to Montgomery Multiplication to 
+ *     the Great Divide".
+ */
+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx)
+	{
+	BIGNUM *a, *b, *u, *v;
+	int ret = 0;
+
+	BN_CTX_start(ctx);
+	
+	a = BN_CTX_get(ctx);
+	b = BN_CTX_get(ctx);
+	u = BN_CTX_get(ctx);
+	v = BN_CTX_get(ctx);
+	if (v == NULL) goto err;
+
+	/* reduce x and y mod p */
+	if (!BN_GF2m_mod(u, y, p)) goto err;
+	if (!BN_GF2m_mod(a, x, p)) goto err;
+	if (!BN_copy(b, p)) goto err;
+	if (!BN_zero(v)) goto err;
+	
+	a->neg = 0; /* Need to set a->neg = 0 because BN_is_one(a) checks
+	             * the neg flag of the bignum.
+	             */
+
+	while (!BN_is_odd(a))
+		{
+		if (!BN_rshift1(a, a)) goto err;
+		if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err;
+		if (!BN_rshift1(u, u)) goto err;
+		}
+
+	do
+		{
+		if (BN_GF2m_cmp(b, a) > 0)
+			{
+			if (!BN_GF2m_add(b, b, a)) goto err;
+			if (!BN_GF2m_add(v, v, u)) goto err;
+			do
+				{
+				if (!BN_rshift1(b, b)) goto err;
+				if (BN_is_odd(v)) if (!BN_GF2m_add(v, v, p)) goto err;
+				if (!BN_rshift1(v, v)) goto err;
+				} while (!BN_is_odd(b));
+			}
+		else if (BN_is_one(a))
+			break;
+		else
+			{
+			if (!BN_GF2m_add(a, a, b)) goto err;
+			if (!BN_GF2m_add(u, u, v)) goto err;
+			do
+				{
+				if (!BN_rshift1(a, a)) goto err;
+				if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err;
+				if (!BN_rshift1(u, u)) goto err;
+				} while (!BN_is_odd(a));
+			}
+		} while (1);
+
+	if (!BN_copy(r, u)) goto err;
+	ret = 1;
+
+  err:
+  	BN_CTX_end(ctx);
+	return ret;
+	}
+#endif
+
+/* Divide yy by xx, reduce modulo p, and store the result in r. r could be xx 
+ * or yy, xx could equal yy.
+ *
+ * This function calls down to the BN_GF2m_mod_div implementation; this wrapper
+ * function is only provided for convenience; for best performance, use the 
+ * BN_GF2m_mod_div function.
+ */
+int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, const unsigned int p[], BN_CTX *ctx)
+	{
+	BIGNUM *field;
+	int ret = 0;
+
+	BN_CTX_start(ctx);
+	if ((field = BN_CTX_get(ctx)) == NULL) goto err;
+	if (!BN_GF2m_arr2poly(p, field)) goto err;
+	
+	ret = BN_GF2m_mod_div(r, yy, xx, field, ctx);
+
+  err:
+	BN_CTX_end(ctx);
+	return ret;
+	}
+
+
+/* Compute the bth power of a, reduce modulo p, and store
+ * the result in r.  r could be a.
+ * Uses simple square-and-multiply algorithm A.5.1 from IEEE P1363.
+ */
+int	BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsigned int p[], BN_CTX *ctx)
+	{
+	int ret = 0, i, n;
+	BIGNUM *u;
+	
+	if (BN_is_zero(b))
+		{
+		return(BN_one(r));
+		}
+	
+
+	BN_CTX_start(ctx);
+	if ((u = BN_CTX_get(ctx)) == NULL) goto err;
+	
+	if (!BN_GF2m_mod_arr(u, a, p)) goto err;
+	
+	n = BN_num_bits(b) - 1;
+	for (i = n - 1; i >= 0; i--)
+		{
+		if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx)) goto err;
+		if (BN_is_bit_set(b, i))
+			{
+			if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx)) goto err;
+			}
+		}
+	if (!BN_copy(r, u)) goto err;
+
+	ret = 1;
+
+  err:
+	BN_CTX_end(ctx);
+	return ret;
+	}
+
+/* Compute the bth power of a, reduce modulo p, and store
+ * the result in r.  r could be a.
+ *
+ * This function calls down to the BN_GF2m_mod_exp_arr implementation; this wrapper
+ * function is only provided for convenience; for best performance, use the 
+ * BN_GF2m_mod_exp_arr function.
+ */
+int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx)
+	{
+	const int max = BN_num_bits(p);
+	unsigned int *arr=NULL, ret = 0;
+	if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
+	if (BN_GF2m_poly2arr(p, arr, max) > max)
+		{
+		BNerr(BN_F_BN_GF2M_MOD_EXP,BN_R_INVALID_LENGTH);
+		goto err;
+		}
+	ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx);
+  err:
+	if (arr) OPENSSL_free(arr);
+	return ret;
+	}
+
+/* Compute the square root of a, reduce modulo p, and store
+ * the result in r.  r could be a.
+ * Uses exponentiation as in algorithm A.4.1 from IEEE P1363.
+ */
+int	BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_CTX *ctx)
+	{
+	int ret = 0;
+	BIGNUM *u;
+	
+	BN_CTX_start(ctx);
+	if ((u = BN_CTX_get(ctx)) == NULL) goto err;
+	
+	if (!BN_zero(u)) goto err;
+	if (!BN_set_bit(u, p[0] - 1)) goto err;
+	ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx);
+
+  err:
+	BN_CTX_end(ctx);
+	return ret;
+	}
+
+/* Compute the square root of a, reduce modulo p, and store
+ * the result in r.  r could be a.
+ *
+ * This function calls down to the BN_GF2m_mod_sqrt_arr implementation; this wrapper
+ * function is only provided for convenience; for best performance, use the 
+ * BN_GF2m_mod_sqrt_arr function.
+ */
+int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+	{
+	const int max = BN_num_bits(p);
+	unsigned int *arr=NULL, ret = 0;
+	if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
+	if (BN_GF2m_poly2arr(p, arr, max) > max)
+		{
+		BNerr(BN_F_BN_GF2M_MOD_EXP,BN_R_INVALID_LENGTH);
+		goto err;
+		}
+	ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx);
+  err:
+	if (arr) OPENSSL_free(arr);
+	return ret;
+	}
+
+/* Find r such that r^2 + r = a mod p.  r could be a. If no r exists returns 0.
+ * Uses algorithms A.4.7 and A.4.6 from IEEE P1363.
+ */
+int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p[], BN_CTX *ctx)
+	{
+	int ret = 0, count = 0;
+	unsigned int j;
+	BIGNUM *a, *z, *rho, *w, *w2, *tmp;
+	
+	BN_CTX_start(ctx);
+	a = BN_CTX_get(ctx);
+	z = BN_CTX_get(ctx);
+	w = BN_CTX_get(ctx);
+	if (w == NULL) goto err;
+
+	if (!BN_GF2m_mod_arr(a, a_, p)) goto err;
+	
+	if (BN_is_zero(a))
+		{
+		ret = BN_zero(r);
+		goto err;
+		}
+
+	if (p[0] & 0x1) /* m is odd */
+		{
+		/* compute half-trace of a */
+		if (!BN_copy(z, a)) goto err;
+		for (j = 1; j <= (p[0] - 1) / 2; j++)
+			{
+			if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
+			if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
+			if (!BN_GF2m_add(z, z, a)) goto err;
+			}
+		
+		}
+	else /* m is even */
+		{
+		rho = BN_CTX_get(ctx);
+		w2 = BN_CTX_get(ctx);
+		tmp = BN_CTX_get(ctx);
+		if (tmp == NULL) goto err;
+		do
+			{
+			if (!BN_rand(rho, p[0], 0, 0)) goto err;
+			if (!BN_GF2m_mod_arr(rho, rho, p)) goto err;
+			if (!BN_zero(z)) goto err;
+			if (!BN_copy(w, rho)) goto err;
+			for (j = 1; j <= p[0] - 1; j++)
+				{
+				if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
+				if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx)) goto err;
+				if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx)) goto err;
+				if (!BN_GF2m_add(z, z, tmp)) goto err;
+				if (!BN_GF2m_add(w, w2, rho)) goto err;
+				}
+			count++;
+			} while (BN_is_zero(w) && (count < MAX_ITERATIONS));
+		if (BN_is_zero(w))
+			{
+			BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR,BN_R_TOO_MANY_ITERATIONS);
+			goto err;
+			}
+		}
+	
+	if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx)) goto err;
+	if (!BN_GF2m_add(w, z, w)) goto err;
+	if (BN_GF2m_cmp(w, a)) goto err;
+
+	if (!BN_copy(r, z)) goto err;
+
+	ret = 1;
+
+  err:
+	BN_CTX_end(ctx);
+	return ret;
+	}
+
+/* Find r such that r^2 + r = a mod p.  r could be a. If no r exists returns 0.
+ *
+ * This function calls down to the BN_GF2m_mod_solve_quad_arr implementation; this wrapper
+ * function is only provided for convenience; for best performance, use the 
+ * BN_GF2m_mod_solve_quad_arr function.
+ */
+int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+	{
+	const int max = BN_num_bits(p);
+	unsigned int *arr=NULL, ret = 0;
+	if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
+	if (BN_GF2m_poly2arr(p, arr, max) > max)
+		{
+		BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD,BN_R_INVALID_LENGTH);
+		goto err;
+		}
+	ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx);
+  err:
+	if (arr) OPENSSL_free(arr);
+	return ret;
+	}
+
+/* Convert the bit-string representation of a polynomial a into an array
+ * of integers corresponding to the bits with non-zero coefficient.
+ * Up to max elements of the array will be filled.  Return value is total
+ * number of coefficients that would be extracted if array was large enough.
+ */
+int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max)
+	{
+	int i, j, k;
+	BN_ULONG mask;
+
+	for (k = 0; k < max; k++) p[k] = 0;
+	k = 0;
+
+	for (i = a->top - 1; i >= 0; i--)
+		{
+		mask = BN_TBIT;
+		for (j = BN_BITS2 - 1; j >= 0; j--)
+			{
+			if (a->d[i] & mask) 
+				{
+				if (k < max) p[k] = BN_BITS2 * i + j;
+				k++;
+				}
+			mask >>= 1;
+			}
+		}
+
+	return k;
+	}
+
+/* Convert the coefficient array representation of a polynomial to a 
+ * bit-string.  The array must be terminated by 0.
+ */
+int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a)
+	{
+	int i;
+
+	BN_zero(a);
+	for (i = 0; p[i] > 0; i++)
+		{
+		BN_set_bit(a, p[i]);
+		}
+	BN_set_bit(a, 0);
+	
+	return 1;
+	}
+
diff --git a/crypto/bn/bn_kron.c b/crypto/bn/bn_kron.c
new file mode 100644
index 0000000000..49f75594ae
--- /dev/null
+++ b/crypto/bn/bn_kron.c
@@ -0,0 +1,182 @@
+/* crypto/bn/bn_kron.c */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "bn_lcl.h"
+
+
+/* least significant word */
+#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0])
+
+/* Returns -2 for errors because both -1 and 0 are valid results. */
+int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+	{
+	int i;
+	int ret = -2; /* avoid 'uninitialized' warning */
+	int err = 0;
+	BIGNUM *A, *B, *tmp;
+	/* In 'tab', only odd-indexed entries are relevant:
+	 * For any odd BIGNUM n,
+	 *     tab[BN_lsw(n) & 7]
+	 * is $(-1)^{(n^2-1)/8}$ (using TeX notation).
+	 * Note that the sign of n does not matter.
+	 */
+	static const int tab[8] = {0, 1, 0, -1, 0, -1, 0, 1};
+
+	BN_CTX_start(ctx);
+	A = BN_CTX_get(ctx);
+	B = BN_CTX_get(ctx);
+	if (B == NULL) goto end;
+	
+	err = !BN_copy(A, a);
+	if (err) goto end;
+	err = !BN_copy(B, b);
+	if (err) goto end;
+
+	/*
+	 * Kronecker symbol, imlemented according to Henri Cohen,
+	 * "A Course in Computational Algebraic Number Theory"
+	 * (algorithm 1.4.10).
+	 */
+
+	/* Cohen's step 1: */
+
+	if (BN_is_zero(B))
+		{
+		ret = BN_abs_is_word(A, 1);
+		goto end;
+ 		}
+	
+	/* Cohen's step 2: */
+
+	if (!BN_is_odd(A) && !BN_is_odd(B))
+		{
+		ret = 0;
+		goto end;
+		}
+
+	/* now  B  is non-zero */
+	i = 0;
+	while (!BN_is_bit_set(B, i))
+		i++;
+	err = !BN_rshift(B, B, i);
+	if (err) goto end;
+	if (i & 1)
+		{
+		/* i is odd */
+		/* (thus  B  was even, thus  A  must be odd!)  */
+
+		/* set 'ret' to $(-1)^{(A^2-1)/8}$ */
+		ret = tab[BN_lsw(A) & 7];
+		}
+	else
+		{
+		/* i is even */
+		ret = 1;
+		}
+	
+	if (B->neg)
+		{
+		B->neg = 0;
+		if (A->neg)
+			ret = -ret;
+		}
+
+	/* now  B  is positive and odd, so what remains to be done is
+	 * to compute the Jacobi symbol  (A/B)  and multiply it by 'ret' */
+
+	while (1)
+		{
+		/* Cohen's step 3: */
+
+		/*  B  is positive and odd */
+
+		if (BN_is_zero(A))
+			{
+			ret = BN_is_one(B) ? ret : 0;
+			goto end;
+			}
+
+		/* now  A  is non-zero */
+		i = 0;
+		while (!BN_is_bit_set(A, i))
+			i++;
+		err = !BN_rshift(A, A, i);
+		if (err) goto end;
+		if (i & 1)
+			{
+			/* i is odd */
+			/* multiply 'ret' by  $(-1)^{(B^2-1)/8}$ */
+			ret = ret * tab[BN_lsw(B) & 7];
+			}
+	
+		/* Cohen's step 4: */
+		/* multiply 'ret' by  $(-1)^{(A-1)(B-1)/4}$ */
+		if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2)
+			ret = -ret;
+		
+		/* (A, B) := (B mod |A|, |A|) */
+		err = !BN_nnmod(B, B, A, ctx);
+		if (err) goto end;
+		tmp = A; A = B; B = tmp;
+		tmp->neg = 0;
+		}
+	
+ end:
+	BN_CTX_end(ctx);
+	if (err)
+		return -2;
+	else
+		return ret;
+	}
diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h
index 70b0787d8f..1db940f4c5 100644
--- a/crypto/bn/bn_lcl.h
+++ b/crypto/bn/bn_lcl.h
@@ -55,31 +55,183 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #ifndef HEADER_BN_LCL_H
 #define HEADER_BN_LCL_H
 
-#include "bn.h"
+#include <openssl/bn.h>
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
+
+/* Used for temp variables */
+#define BN_CTX_NUM	32
+#define BN_CTX_NUM_POS	12
+struct bignum_ctx
+	{
+	int tos;
+	BIGNUM bn[BN_CTX_NUM];
+	int flags;
+	int depth;
+	int pos[BN_CTX_NUM_POS];
+	int too_many;
+	} /* BN_CTX */;
+
+
+/*
+ * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
+ *
+ *
+ * For window size 'w' (w >= 2) and a random 'b' bits exponent,
+ * the number of multiplications is a constant plus on average
+ *
+ *    2^(w-1) + (b-w)/(w+1);
+ *
+ * here  2^(w-1)  is for precomputing the table (we actually need
+ * entries only for windows that have the lowest bit set), and
+ * (b-w)/(w+1)  is an approximation for the expected number of
+ * w-bit windows, not counting the first one.
+ *
+ * Thus we should use
+ *
+ *    w >= 6  if        b > 671
+ *     w = 5  if  671 > b > 239
+ *     w = 4  if  239 > b >  79
+ *     w = 3  if   79 > b >  23
+ *    w <= 2  if   23 > b
+ *
+ * (with draws in between).  Very small exponents are often selected
+ * with low Hamming weight, so we use  w = 1  for b <= 23.
+ */
+#if 1
+#define BN_window_bits_for_exponent_size(b) \
+		((b) > 671 ? 6 : \
+		 (b) > 239 ? 5 : \
+		 (b) >  79 ? 4 : \
+		 (b) >  23 ? 3 : 1)
+#else
+/* Old SSLeay/OpenSSL table.
+ * Maximum window size was 5, so this table differs for b==1024;
+ * but it coincides for other interesting values (b==160, b==512).
+ */
+#define BN_window_bits_for_exponent_size(b) \
+		((b) > 255 ? 5 : \
+		 (b) > 127 ? 4 : \
+		 (b) >  17 ? 3 : 1)
+#endif	 
+
+
+
 /* Pentium pro 16,16,16,32,64 */
 /* Alpha       16,16,16,16.64 */
-#define BN_MULL_SIZE_NORMAL			(16) // 32
-#define BN_MUL_RECURSIVE_SIZE_NORMAL		(16) // 32 /* less than */
-#define BN_SQR_RECURSIVE_SIZE_NORMAL		(16) // 32
-#define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL	(32) // 32
-#define BN_MONT_CTX_SET_SIZE_WORD		(64) // 32
-
-#ifndef BN_MUL_COMBA
-#define bn_mul_comba8(r,a,b)	bn_mul_normal(r,a,8,b,8)
-#define bn_mul_comba4(r,a,b)	bn_mul_normal(r,a,4,b,4)
-/* This is probably faster than using the C code - I need to check */
-#define bn_sqr_comba8(r,a)	bn_mul_normal(r,a,8,a,8)
-#define bn_sqr_comba4(r,a)	bn_mul_normal(r,a,4,a,4)
-#endif
+#define BN_MULL_SIZE_NORMAL			(16) /* 32 */
+#define BN_MUL_RECURSIVE_SIZE_NORMAL		(16) /* 32 less than */
+#define BN_SQR_RECURSIVE_SIZE_NORMAL		(16) /* 32 */
+#define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL	(32) /* 32 */
+#define BN_MONT_CTX_SET_SIZE_WORD		(64) /* 32 */
+
+#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+/*
+ * BN_UMULT_HIGH section.
+ *
+ * No, I'm not trying to overwhelm you when stating that the
+ * product of N-bit numbers is 2*N bits wide:-) No, I don't expect
+ * you to be impressed when I say that if the compiler doesn't
+ * support 2*N integer type, then you have to replace every N*N
+ * multiplication with 4 (N/2)*(N/2) accompanied by some shifts
+ * and additions which unavoidably results in severe performance
+ * penalties. Of course provided that the hardware is capable of
+ * producing 2*N result... That's when you normally start
+ * considering assembler implementation. However! It should be
+ * pointed out that some CPUs (most notably Alpha, PowerPC and
+ * upcoming IA-64 family:-) provide *separate* instruction
+ * calculating the upper half of the product placing the result
+ * into a general purpose register. Now *if* the compiler supports
+ * inline assembler, then it's not impossible to implement the
+ * "bignum" routines (and have the compiler optimize 'em)
+ * exhibiting "native" performance in C. That's what BN_UMULT_HIGH
+ * macro is about:-)
+ *
+ *					<appro@fy.chalmers.se>
+ */
+# if defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
+#  if defined(__DECC)
+#   include <c_asm.h>
+#   define BN_UMULT_HIGH(a,b)	(BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b))
+#  elif defined(__GNUC__)
+#   define BN_UMULT_HIGH(a,b)	({	\
+	register BN_ULONG ret;		\
+	asm ("umulh	%1,%2,%0"	\
+	     : "=r"(ret)		\
+	     : "r"(a), "r"(b));		\
+	ret;			})
+#  endif	/* compiler */
+# elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG)
+#  if defined(__GNUC__)
+#   define BN_UMULT_HIGH(a,b)	({	\
+	register BN_ULONG ret;		\
+	asm ("mulhdu	%0,%1,%2"	\
+	     : "=r"(ret)		\
+	     : "r"(a), "r"(b));		\
+	ret;			})
+#  endif	/* compiler */
+# endif		/* cpu */
+#endif		/* OPENSSL_NO_ASM */
 
 /*************************************************************
  * Using the long long type
@@ -87,15 +239,22 @@ extern "C" {
 #define Lw(t)    (((BN_ULONG)(t))&BN_MASK2)
 #define Hw(t)    (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
 
-/* These are used for internal error checking and are not normally used */
+
+#define bn_clear_top2max(a) \
+	{ \
+	int      ind = (a)->dmax - (a)->top; \
+	BN_ULONG *ftl = &(a)->d[(a)->top-1]; \
+	for (; ind != 0; ind--) \
+		*(++ftl) = 0x0; \
+	}
+
+
+/* This is used for internal error checking and is not normally used */
 #ifdef BN_DEBUG
-#define bn_check_top(a) \
-	{ if (((a)->top < 0) || ((a)->top > (a)->max)) \
-		{ char *nullp=NULL; *nullp='z'; } }
-#define bn_check_num(a) if ((a) < 0) { char *nullp=NULL; *nullp='z'; }
+# include <assert.h>
+# define bn_check_top(a) assert ((a)->top >= 0 && (a)->top <= (a)->dmax);
 #else
-#define bn_check_top(a)
-#define bn_check_num(a)
+# define bn_check_top(a)
 #endif
 
 /* This macro is to add extra stuff for development checking */
@@ -129,8 +288,6 @@ extern "C" {
 	bn_set_max(r); \
 	}
 
-/* #define bn_expand(n,b) ((((b)/BN_BITS2) <= (n)->max)?(n):bn_expand2((n),(b))) */
-
 #ifdef BN_LLONG
 #define mul_add(r,a,w,c) { \
 	BN_ULLONG t; \
@@ -146,6 +303,43 @@ extern "C" {
 	(c)= Hw(t); \
 	}
 
+#define sqr(r0,r1,a) { \
+	BN_ULLONG t; \
+	t=(BN_ULLONG)(a)*(a); \
+	(r0)=Lw(t); \
+	(r1)=Hw(t); \
+	}
+
+#elif defined(BN_UMULT_HIGH)
+#define mul_add(r,a,w,c) {		\
+	BN_ULONG high,low,ret,tmp=(a);	\
+	ret =  (r);			\
+	high=  BN_UMULT_HIGH(w,tmp);	\
+	ret += (c);			\
+	low =  (w) * tmp;		\
+	(c) =  (ret<(c))?1:0;		\
+	(c) += high;			\
+	ret += low;			\
+	(c) += (ret<low)?1:0;		\
+	(r) =  ret;			\
+	}
+
+#define mul(r,a,w,c)	{		\
+	BN_ULONG high,low,ret,ta=(a);	\
+	low =  (w) * ta;		\
+	high=  BN_UMULT_HIGH(w,ta);	\
+	ret =  low + (c);		\
+	(c) =  high;			\
+	(c) += (ret<low)?1:0;		\
+	(r) =  ret;			\
+	}
+
+#define sqr(r0,r1,a)	{		\
+	BN_ULONG tmp=(a);		\
+	(r0) = tmp * tmp;		\
+	(r1) = BN_UMULT_HIGH(tmp,tmp);	\
+	}
+
 #else
 /*************************************************************
  * No long long type
@@ -223,44 +417,34 @@ extern "C" {
 	(c)=h&BN_MASK2; \
 	(r)=l&BN_MASK2; \
 	}
-
-#endif
-
-extern int bn_limit_bits;
-extern int bn_limit_num;        /* (1<<bn_limit_bits) */
-/* Recursive 'low' limit */
-extern int bn_limit_bits_low;
-extern int bn_limit_num_low;    /* (1<<bn_limit_bits_low) */
-/* Do modified 'high' part calculation' */
-extern int bn_limit_bits_high;
-extern int bn_limit_num_high;   /* (1<<bn_limit_bits_high) */
-extern int bn_limit_bits_mont;
-extern int bn_limit_num_mont;   /* (1<<bn_limit_bits_mont) */
-
-#ifndef NOPROTO
-
-BIGNUM *bn_expand2(BIGNUM *b, int bits);
-
-#ifdef X86_ASM
-void bn_add_words(BN_ULONG *r,BN_ULONG *a,int num);
-#endif
-
-#else
-
-BIGNUM *bn_expand2();
-#ifdef X86_ASM
-BN_ULONG bn_add_words();
-#endif
-
-#endif
+#endif /* !BN_LLONG */
+
+void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb);
+void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
+void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
+void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp);
+void bn_sqr_comba8(BN_ULONG *r,const BN_ULONG *a);
+void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a);
+int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n);
+int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
+	int cl, int dl);
+void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
+	int dna,int dnb,BN_ULONG *t);
+void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,
+	int n,int tna,int tnb,BN_ULONG *t);
+void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t);
+void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n);
+void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,
+	BN_ULONG *t);
+void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2,
+	BN_ULONG *t);
+BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+	int cl, int dl);
+BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+	int cl, int dl);
 
 #ifdef  __cplusplus
 }
 #endif
 
 #endif
-
-void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,BN_ULONG *t);
-void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2, BN_ULONG *t);
-
-
diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c
index 7ea216f919..bbcc62d831 100644
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@@ -56,11 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef BN_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <assert.h>
+#include <limits.h>
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-char *BN_version="Big Number part of SSLeay 0.9.1a 06-Jul-1998";
+const char *BN_version="Big Number" OPENSSL_VERSION_PTEXT;
 
 /* For a 32 bit machine
  * 2 -   4 ==  128
@@ -71,17 +78,16 @@ char *BN_version="Big Number part of SSLeay 0.9.1a 06-Jul-1998";
  * 7 - 128 == 4096
  * 8 - 256 == 8192
  */
-int bn_limit_bits=0;
-int bn_limit_num=8;        /* (1<<bn_limit_bits) */
-int bn_limit_bits_low=0;
-int bn_limit_num_low=8;    /* (1<<bn_limit_bits_low) */
-int bn_limit_bits_high=0;
-int bn_limit_num_high=8;   /* (1<<bn_limit_bits_high) */
-int bn_limit_bits_mont=0;
-int bn_limit_num_mont=8;   /* (1<<bn_limit_bits_mont) */
-
-void BN_set_params(mult,high,low,mont)
-int mult,high,low,mont;
+static int bn_limit_bits=0;
+static int bn_limit_num=8;        /* (1<<bn_limit_bits) */
+static int bn_limit_bits_low=0;
+static int bn_limit_num_low=8;    /* (1<<bn_limit_bits_low) */
+static int bn_limit_bits_high=0;
+static int bn_limit_num_high=8;   /* (1<<bn_limit_bits_high) */
+static int bn_limit_bits_mont=0;
+static int bn_limit_num_mont=8;   /* (1<<bn_limit_bits_mont) */
+
+void BN_set_params(int mult, int high, int low, int mont)
 	{
 	if (mult >= 0)
 		{
@@ -113,8 +119,7 @@ int mult,high,low,mont;
 		}
 	}
 
-int BN_get_params(which)
-int which;
+int BN_get_params(int which)
 	{
 	if      (which == 0) return(bn_limit_bits);
 	else if (which == 1) return(bn_limit_bits_high);
@@ -123,7 +128,7 @@ int which;
 	else return(0);
 	}
 
-BIGNUM *BN_value_one()
+const BIGNUM *BN_value_one(void)
 	{
 	static BN_ULONG data_one=1L;
 	static BIGNUM const_one={&data_one,1,1,0};
@@ -131,7 +136,7 @@ BIGNUM *BN_value_one()
 	return(&const_one);
 	}
 
-char *BN_options()
+char *BN_options(void)
 	{
 	static int init=0;
 	static char data[16];
@@ -150,10 +155,9 @@ char *BN_options()
 	return(data);
 	}
 
-int BN_num_bits_word(l)
-BN_ULONG l;
+int BN_num_bits_word(BN_ULONG l)
 	{
-	static char bits[256]={
+	static const char bits[256]={
 		0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
 		5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
 		6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
@@ -238,8 +242,7 @@ BN_ULONG l;
 		}
 	}
 
-int BN_num_bits(a)
-BIGNUM *a;
+int BN_num_bits(const BIGNUM *a)
 	{
 	BN_ULONG l;
 	int i;
@@ -248,57 +251,48 @@ BIGNUM *a;
 
 	if (a->top == 0) return(0);
 	l=a->d[a->top-1];
+	assert(l != 0);
 	i=(a->top-1)*BN_BITS2;
-	if (l == 0)
-		{
-#if !defined(NO_STDIO) && !defined(WIN16)
-		fprintf(stderr,"BAD TOP VALUE\n");
-#endif
-		abort();
-		}
 	return(i+BN_num_bits_word(l));
 	}
 
-void BN_clear_free(a)
-BIGNUM *a;
+void BN_clear_free(BIGNUM *a)
 	{
 	int i;
 
 	if (a == NULL) return;
 	if (a->d != NULL)
 		{
-		memset(a->d,0,a->max*sizeof(a->d[0]));
+		OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
 		if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
-			Free(a->d);
+			OPENSSL_free(a->d);
 		}
 	i=BN_get_flags(a,BN_FLG_MALLOCED);
-	memset(a,0,sizeof(BIGNUM));
+	OPENSSL_cleanse(a,sizeof(BIGNUM));
 	if (i)
-		Free(a);
+		OPENSSL_free(a);
 	}
 
-void BN_free(a)
-BIGNUM *a;
+void BN_free(BIGNUM *a)
 	{
 	if (a == NULL) return;
 	if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
-		Free(a->d);
+		OPENSSL_free(a->d);
 	a->flags|=BN_FLG_FREE; /* REMOVE? */
 	if (a->flags & BN_FLG_MALLOCED)
-		Free(a);
+		OPENSSL_free(a);
 	}
 
-void BN_init(a)
-BIGNUM *a;
+void BN_init(BIGNUM *a)
 	{
 	memset(a,0,sizeof(BIGNUM));
 	}
 
-BIGNUM *BN_new()
+BIGNUM *BN_new(void)
 	{
 	BIGNUM *ret;
 
-	if ((ret=(BIGNUM *)Malloc(sizeof(BIGNUM))) == NULL)
+	if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL)
 		{
 		BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
 		return(NULL);
@@ -306,157 +300,194 @@ BIGNUM *BN_new()
 	ret->flags=BN_FLG_MALLOCED;
 	ret->top=0;
 	ret->neg=0;
-	ret->max=0;
+	ret->dmax=0;
 	ret->d=NULL;
 	return(ret);
 	}
 
-
-BN_CTX *BN_CTX_new()
+/* This is used both by bn_expand2() and bn_dup_expand() */
+/* The caller MUST check that words > b->dmax before calling this */
+static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
 	{
-	BN_CTX *ret;
+	BN_ULONG *A,*a = NULL;
+	const BN_ULONG *B;
+	int i;
 
-	ret=(BN_CTX *)Malloc(sizeof(BN_CTX));
-	if (ret == NULL)
+	if (words > (INT_MAX/(4*BN_BITS2)))
 		{
-		BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
+		BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG);
+		return NULL;
+		}
+
+	bn_check_top(b);	
+	if (BN_get_flags(b,BN_FLG_STATIC_DATA))
+		{
+		BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
 		return(NULL);
 		}
+	a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*(words+1));
+	if (A == NULL)
+		{
+		BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+#if 1
+	B=b->d;
+	/* Check if the previous number needs to be copied */
+	if (B != NULL)
+		{
+		for (i=b->top>>2; i>0; i--,A+=4,B+=4)
+			{
+			/*
+			 * The fact that the loop is unrolled
+			 * 4-wise is a tribute to Intel. It's
+			 * the one that doesn't have enough
+			 * registers to accomodate more data.
+			 * I'd unroll it 8-wise otherwise:-)
+			 *
+			 *		<appro@fy.chalmers.se>
+			 */
+			BN_ULONG a0,a1,a2,a3;
+			a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
+			A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
+			}
+		switch (b->top&3)
+			{
+		case 3:	A[2]=B[2];
+		case 2:	A[1]=B[1];
+		case 1:	A[0]=B[0];
+		case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does
+		         * the switch table by doing a=top&3; a--; goto jump_table[a];
+		         * which fails for top== 0 */
+			;
+			}
+		}
 
-	BN_CTX_init(ret);
-	ret->flags=BN_FLG_MALLOCED;
-	return(ret);
+#else
+	memset(A,0,sizeof(BN_ULONG)*(words+1));
+	memcpy(A,b->d,sizeof(b->d[0])*b->top);
+#endif
+		
+	return(a);
 	}
 
-void BN_CTX_init(ctx)
-BN_CTX *ctx;
-	{
-	memset(ctx,0,sizeof(BN_CTX));
-	ctx->tos=0;
-	ctx->flags=0;
-	}
+/* This is an internal function that can be used instead of bn_expand2()
+ * when there is a need to copy BIGNUMs instead of only expanding the
+ * data part, while still expanding them.
+ * Especially useful when needing to expand BIGNUMs that are declared
+ * 'const' and should therefore not be changed.
+ * The reason to use this instead of a BN_dup() followed by a bn_expand2()
+ * is memory allocation overhead.  A BN_dup() followed by a bn_expand2()
+ * will allocate new memory for the BIGNUM data twice, and free it once,
+ * while bn_dup_expand() makes sure allocation is made only once.
+ */
 
-void BN_CTX_free(c)
-BN_CTX *c;
+BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
 	{
-	int i;
+	BIGNUM *r = NULL;
+
+	/* This function does not work if
+	 *      words <= b->dmax && top < words
+	 * because BN_dup() does not preserve 'dmax'!
+	 * (But bn_dup_expand() is not used anywhere yet.)
+	 */
+	
+	if (words > b->dmax)
+		{
+		BN_ULONG *a = bn_expand_internal(b, words);
+
+		if (a)
+			{
+			r = BN_new();
+			if (r)
+				{
+				r->top = b->top;
+				r->dmax = words;
+				r->neg = b->neg;
+				r->d = a;
+				}
+			else
+				{
+				/* r == NULL, BN_new failure */
+				OPENSSL_free(a);
+				}
+			}
+		/* If a == NULL, there was an error in allocation in
+		   bn_expand_internal(), and NULL should be returned */
+		}
+	else
+		{
+		r = BN_dup(b);
+		}
 
-	for (i=0; i<BN_CTX_NUM; i++)
-		BN_clear_free(&(c->bn[i]));
-	if (c->flags & BN_FLG_MALLOCED)
-		Free(c);
+	return r;
 	}
 
-BIGNUM *bn_expand2(b, words)
-BIGNUM *b;
-int words;
-	{
-	BN_ULONG *A,*B,*a;
-	int i,j;
+/* This is an internal function that should not be used in applications.
+ * It ensures that 'b' has enough room for a 'words' word number
+ * and initialises any unused part of b->d with leading zeros.
+ * It is mostly used by the various BIGNUM routines. If there is an error,
+ * NULL is returned. If not, 'b' is returned. */
 
-	bn_check_top(b);
+BIGNUM *bn_expand2(BIGNUM *b, int words)
+	{
+	BN_ULONG *A;
+	int i;
 
-	if (words > b->max)
+	if (words > b->dmax)
 		{
-		bn_check_top(b);	
-		if (BN_get_flags(b,BN_FLG_STATIC_DATA))
-			{
-			BNerr(BN_F_BN_EXPAND2,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
-			return(NULL);
-			}
-		a=A=(BN_ULONG *)Malloc(sizeof(BN_ULONG)*(words+1));
-		if (A == NULL)
+		BN_ULONG *a = bn_expand_internal(b, words);
+
+		if (a)
 			{
-			BNerr(BN_F_BN_EXPAND2,ERR_R_MALLOC_FAILURE);
-			return(NULL);
+			if (b->d)
+				OPENSSL_free(b->d);
+			b->d=a;
+			b->dmax=words;
 			}
-memset(A,0x5c,sizeof(BN_ULONG)*(words+1));
-#if 1
-		B=b->d;
-		if (B != NULL)
+		else
+			b = NULL;
+		}
+	
+	/* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */
+	if ((b != NULL) && (b->top < b->dmax))
+		{
+		A = &(b->d[b->top]);
+		for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8)
 			{
-			for (i=b->top&(~7); i>0; i-=8)
-				{
-				A[0]=B[0]; A[1]=B[1]; A[2]=B[2]; A[3]=B[3];
-				A[4]=B[4]; A[5]=B[5]; A[6]=B[6]; A[7]=B[7];
-				A+=8;
-				B+=8;
-				}
-			switch (b->top&7)
-				{
-			case 7:
-				A[6]=B[6];
-			case 6:
-				A[5]=B[5];
-			case 5:
-				A[4]=B[4];
-			case 4:
-				A[3]=B[3];
-			case 3:
-				A[2]=B[2];
-			case 2:
-				A[1]=B[1];
-			case 1:
-				A[0]=B[0];
-			case 0:
-				/* I need the 'case 0' entry for utrix cc.
-				 * If the optimiser is turned on, it does the
-				 * switch table by doing
-				 * a=top&7
-				 * a--;
-				 * goto jump_table[a];
-				 * If top is 0, this makes us jump to 0xffffffc 
-				 * which is rather bad :-(.
-				 * eric 23-Apr-1998
-				 */
-				;
-				}
-			B= &(b->d[b->top]);
-			j=b->max-8;
-			for (i=b->top; i<j; i+=8)
-				{
-				B[0]=0; B[1]=0; B[2]=0; B[3]=0;
-				B[4]=0; B[5]=0; B[6]=0; B[7]=0;
-				B+=8;
-				}
-			for (j+=8; i<j; i++)
-				{
-				B[0]=0;
-				B++;
-				}
-#else
-			memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
-#endif
-		
-/*		memset(&(p[b->max]),0,((words+1)-b->max)*sizeof(BN_ULONG)); */
-/*	{ int i; for (i=b->max; i<words+1; i++) p[i]=i;} */
-			Free(b->d);
+			A[0]=0; A[1]=0; A[2]=0; A[3]=0;
+			A[4]=0; A[5]=0; A[6]=0; A[7]=0;
 			}
-
-		b->d=a;
-		b->max=words;
+		for (i=(b->dmax - b->top)&7; i>0; i--,A++)
+			A[0]=0;
+		assert(A == &(b->d[b->dmax]));
 		}
-	return(b);
+		
+	return b;
 	}
 
-BIGNUM *BN_dup(a)
-BIGNUM *a;
+BIGNUM *BN_dup(const BIGNUM *a)
 	{
-	BIGNUM *r;
+	BIGNUM *r, *t;
+
+	if (a == NULL) return NULL;
 
 	bn_check_top(a);
 
-	r=BN_new();
-	if (r == NULL) return(NULL);
-	return((BIGNUM *)BN_copy(r,a));
+	t = BN_new();
+	if (t == NULL) return(NULL);
+	r = BN_copy(t, a);
+	/* now  r == t || r == NULL */
+	if (r == NULL)
+		BN_free(t);
+	return r;
 	}
 
-BIGNUM *BN_copy(a, b)
-BIGNUM *a;
-BIGNUM *b;
+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
 	{
 	int i;
-	BN_ULONG *A,*B;
+	BN_ULONG *A;
+	const BN_ULONG *B;
 
 	bn_check_top(b);
 
@@ -466,47 +497,18 @@ BIGNUM *b;
 #if 1
 	A=a->d;
 	B=b->d;
-	for (i=b->top&(~7); i>0; i-=8)
-		{
-		A[0]=B[0];
-		A[1]=B[1];
-		A[2]=B[2];
-		A[3]=B[3];
-		A[4]=B[4];
-		A[5]=B[5];
-		A[6]=B[6];
-		A[7]=B[7];
-		A+=8;
-		B+=8;
-		}
-	switch (b->top&7)
-		{
-	case 7:
-		A[6]=B[6];
-	case 6:
-		A[5]=B[5];
-	case 5:
-		A[4]=B[4];
-	case 4:
-		A[3]=B[3];
-	case 3:
-		A[2]=B[2];
-	case 2:
-		A[1]=B[1];
-	case 1:
-		A[0]=B[0];
-        case 0:
-		/* I need the 'case 0' entry for utrix cc.
-		 * If the optimiser is turned on, it does the
-		 * switch table by doing
-		 * a=top&7
-		 * a--;
-		 * goto jump_table[a];
-		 * If top is 0, this makes us jump to 0xffffffc which is
-		 * rather bad :-(.
-		 * eric 23-Apr-1998
-		 */
-		;
+	for (i=b->top>>2; i>0; i--,A+=4,B+=4)
+		{
+		BN_ULONG a0,a1,a2,a3;
+		a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
+		A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
+		}
+	switch (b->top&3)
+		{
+		case 3: A[2]=B[2];
+		case 2: A[1]=B[1];
+		case 1: A[0]=B[0];
+		case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */
 		}
 #else
 	memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
@@ -520,17 +522,89 @@ BIGNUM *b;
 	return(a);
 	}
 
-void BN_clear(a)
-BIGNUM *a;
+BIGNUM *BN_ncopy(BIGNUM *a, const BIGNUM *b, size_t n)
+	{
+	int i, min;
+	BN_ULONG *A;
+	const BN_ULONG *B;
+
+	bn_check_top(b);
+
+	if (a == b)
+		return a;
+
+	min = (b->top < (int)n)? b->top: (int)n;
+
+	if (!min)
+		{
+		BN_zero(a);
+		return a;
+		}
+
+	if (bn_wexpand(a, min) == NULL)
+		return NULL;
+
+	A=a->d;
+	B=b->d;
+	for (i=min>>2; i>0; i--, A+=4, B+=4)
+		{
+		BN_ULONG a0,a1,a2,a3;
+		a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
+		A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
+		}
+	switch (min&3)
+		{
+		case 3: A[2]=B[2];
+		case 2: A[1]=B[1];
+		case 1: A[0]=B[0];
+		case 0: ;
+		}
+	a->top = min;
+
+	a->neg = b->neg;
+	bn_fix_top(a);
+
+	return(a);
+	}
+
+void BN_swap(BIGNUM *a, BIGNUM *b)
+	{
+	int flags_old_a, flags_old_b;
+	BN_ULONG *tmp_d;
+	int tmp_top, tmp_dmax, tmp_neg;
+	
+	flags_old_a = a->flags;
+	flags_old_b = b->flags;
+
+	tmp_d = a->d;
+	tmp_top = a->top;
+	tmp_dmax = a->dmax;
+	tmp_neg = a->neg;
+	
+	a->d = b->d;
+	a->top = b->top;
+	a->dmax = b->dmax;
+	a->neg = b->neg;
+	
+	b->d = tmp_d;
+	b->top = tmp_top;
+	b->dmax = tmp_dmax;
+	b->neg = tmp_neg;
+	
+	a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
+	b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
+	}
+
+
+void BN_clear(BIGNUM *a)
 	{
 	if (a->d != NULL)
-		memset(a->d,0,a->max*sizeof(a->d[0]));
+		memset(a->d,0,a->dmax*sizeof(a->d[0]));
 	a->top=0;
 	a->neg=0;
 	}
 
-BN_ULONG BN_get_word(a)
-BIGNUM *a;
+BN_ULONG BN_get_word(const BIGNUM *a)
 	{
 	int i,n;
 	BN_ULONG ret=0;
@@ -543,15 +617,15 @@ BIGNUM *a;
 #ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
 		ret<<=BN_BITS4; /* stops the compiler complaining */
 		ret<<=BN_BITS4;
+#else
+		ret=0;
 #endif
 		ret|=a->d[i];
 		}
 	return(ret);
 	}
 
-int BN_set_word(a,w)
-BIGNUM *a;
-BN_ULONG w;
+int BN_set_word(BIGNUM *a, BN_ULONG w)
 	{
 	int i,n;
 	if (bn_expand(a,sizeof(BN_ULONG)*8) == NULL) return(0);
@@ -569,6 +643,8 @@ BN_ULONG w;
 #ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */
 		w>>=BN_BITS4;
 		w>>=BN_BITS4;
+#else
+		w=0;
 #endif
 		a->d[i]=(BN_ULONG)w&BN_MASK2;
 		if (a->d[i] != 0) a->top=i+1;
@@ -576,11 +652,7 @@ BN_ULONG w;
 	return(1);
 	}
 
-/* ignore negative */
-BIGNUM *BN_bin2bn(s, len, ret)
-unsigned char *s;
-int len;
-BIGNUM *ret;
+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
 	{
 	unsigned int i,m;
 	unsigned int n;
@@ -600,6 +672,7 @@ BIGNUM *ret;
 	i=((n-1)/BN_BYTES)+1;
 	m=((n-1)%(BN_BYTES));
 	ret->top=i;
+	ret->neg=0;
 	while (n-- > 0)
 		{
 		l=(l<<8L)| *(s++);
@@ -617,9 +690,7 @@ BIGNUM *ret;
 	}
 
 /* ignore negative */
-int BN_bn2bin(a, to)
-BIGNUM *a;
-unsigned char *to;
+int BN_bn2bin(const BIGNUM *a, unsigned char *to)
 	{
 	int n,i;
 	BN_ULONG l;
@@ -633,9 +704,7 @@ unsigned char *to;
 	return(n);
 	}
 
-int BN_ucmp(a, b)
-BIGNUM *a;
-BIGNUM *b;
+int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
 	{
 	int i;
 	BN_ULONG t1,t2,*ap,*bp;
@@ -657,9 +726,7 @@ BIGNUM *b;
 	return(0);
 	}
 
-int BN_cmp(a, b)
-BIGNUM *a;
-BIGNUM *b;
+int BN_cmp(const BIGNUM *a, const BIGNUM *b)
 	{
 	int i;
 	int gt,lt;
@@ -700,9 +767,7 @@ BIGNUM *b;
 	return(0);
 	}
 
-int BN_set_bit(a, n)
-BIGNUM *a;
-int n;
+int BN_set_bit(BIGNUM *a, int n)
 	{
 	int i,j,k;
 
@@ -716,13 +781,11 @@ int n;
 		a->top=i+1;
 		}
 
-	a->d[i]|=(1L<<j);
+	a->d[i]|=(((BN_ULONG)1)<<j);
 	return(1);
 	}
 
-int BN_clear_bit(a, n)
-BIGNUM *a;
-int n;
+int BN_clear_bit(BIGNUM *a, int n)
 	{
 	int i,j;
 
@@ -730,14 +793,12 @@ int n;
 	j=n%BN_BITS2;
 	if (a->top <= i) return(0);
 
-	a->d[i]&=(~(1L<<j));
+	a->d[i]&=(~(((BN_ULONG)1)<<j));
 	bn_fix_top(a);
 	return(1);
 	}
 
-int BN_is_bit_set(a, n)
-BIGNUM *a;
-int n;
+int BN_is_bit_set(const BIGNUM *a, int n)
 	{
 	int i,j;
 
@@ -748,9 +809,7 @@ int n;
 	return((a->d[i]&(((BN_ULONG)1)<<j))?1:0);
 	}
 
-int BN_mask_bits(a,n)
-BIGNUM *a;
-int n;
+int BN_mask_bits(BIGNUM *a, int n)
 	{
 	int b,w;
 
@@ -768,9 +827,7 @@ int n;
 	return(1);
 	}
 
-int bn_cmp_words(a,b,n)
-BN_ULONG *a,*b;
-int n;
+int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
 	{
 	int i;
 	BN_ULONG aa,bb;
@@ -787,3 +844,34 @@ int n;
 	return(0);
 	}
 
+/* Here follows a specialised variants of bn_cmp_words().  It has the
+   property of performing the operation on arrays of different sizes.
+   The sizes of those arrays is expressed through cl, which is the
+   common length ( basicall, min(len(a),len(b)) ), and dl, which is the
+   delta between the two lengths, calculated as len(a)-len(b).
+   All lengths are the number of BN_ULONGs...  */
+
+int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
+	int cl, int dl)
+	{
+	int n,i;
+	n = cl-1;
+
+	if (dl < 0)
+		{
+		for (i=dl; i<0; i++)
+			{
+			if (b[n-i] != 0)
+				return -1; /* a < b */
+			}
+		}
+	if (dl > 0)
+		{
+		for (i=dl; i>0; i--)
+			{
+			if (a[n+i] != 0)
+				return 1; /* a > b */
+			}
+		}
+	return bn_cmp_words(a,b,cl);
+	}
diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c
index c351aac14f..5cf82480d7 100644
--- a/crypto/bn/bn_mod.c
+++ b/crypto/bn/bn_mod.c
@@ -1,4 +1,59 @@
 /* crypto/bn/bn_mod.c */
+/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
+ * for the OpenSSL project. */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,42 +111,186 @@
  * [including the GNU Public Licence.]
  */
 
-#include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-/* rem != m */
-int BN_mod(rem, m, d,ctx)
-BIGNUM *rem;
-BIGNUM *m;
-BIGNUM *d;
-BN_CTX *ctx;
+
+#if 0 /* now just a #define */
+int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
+	{
+	return(BN_div(NULL,rem,m,d,ctx));
+	/* note that  rem->neg == m->neg  (unless the remainder is zero) */
+	}
+#endif
+
+
+int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
+	{
+	/* like BN_mod, but returns non-negative remainder
+	 * (i.e.,  0 <= r < |d|  always holds) */
+
+	if (!(BN_mod(r,m,d,ctx)))
+		return 0;
+	if (!r->neg)
+		return 1;
+	/* now   -|d| < r < 0,  so we have to set  r := r + |d| */
+	return (d->neg ? BN_sub : BN_add)(r, r, d);
+}
+
+
+int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
+	{
+	if (!BN_add(r, a, b)) return 0;
+	return BN_nnmod(r, r, m, ctx);
+	}
+
+
+/* BN_mod_add variant that may be used if both  a  and  b  are non-negative
+ * and less than  m */
+int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
+	{
+	if (!BN_add(r, a, b)) return 0;
+	if (BN_ucmp(r, m) >= 0)
+		return BN_usub(r, r, m);
+	return 1;
+	}
+
+
+int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
+	{
+	if (!BN_sub(r, a, b)) return 0;
+	return BN_nnmod(r, r, m, ctx);
+	}
+
+
+/* BN_mod_sub variant that may be used if both  a  and  b  are non-negative
+ * and less than  m */
+int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
+	{
+	if (!BN_sub(r, a, b)) return 0;
+	if (r->neg)
+		return BN_add(r, r, m);
+	return 1;
+	}
+
+
+/* slow but works */
+int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+	BN_CTX *ctx)
 	{
-#if 0 /* The old slow way */
-	int i,nm,nd;
-	BIGNUM *dv;
+	BIGNUM *t;
+	int ret=0;
+
+	bn_check_top(a);
+	bn_check_top(b);
+	bn_check_top(m);
+
+	BN_CTX_start(ctx);
+	if ((t = BN_CTX_get(ctx)) == NULL) goto err;
+	if (a == b)
+		{ if (!BN_sqr(t,a,ctx)) goto err; }
+	else
+		{ if (!BN_mul(t,a,b,ctx)) goto err; }
+	if (!BN_nnmod(r,t,m,ctx)) goto err;
+	ret=1;
+err:
+	BN_CTX_end(ctx);
+	return(ret);
+	}
 
-	if (BN_ucmp(m,d) < 0)
-		return((BN_copy(rem,m) == NULL)?0:1);
 
-	dv=ctx->bn[ctx->tos];
+int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
+	{
+	if (!BN_sqr(r, a, ctx)) return 0;
+	/* r->neg == 0,  thus we don't need BN_nnmod */
+	return BN_mod(r, r, m, ctx);
+	}
 
-	if (!BN_copy(rem,m)) return(0);
 
-	nm=BN_num_bits(rem);
-	nd=BN_num_bits(d);
-	if (!BN_lshift(dv,d,nm-nd)) return(0);
-	for (i=nm-nd; i>=0; i--)
+int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
+	{
+	if (!BN_lshift1(r, a)) return 0;
+	return BN_nnmod(r, r, m, ctx);
+	}
+
+
+/* BN_mod_lshift1 variant that may be used if  a  is non-negative
+ * and less than  m */
+int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
+	{
+	if (!BN_lshift1(r, a)) return 0;
+	if (BN_cmp(r, m) >= 0)
+		return BN_sub(r, r, m);
+	return 1;
+	}
+
+
+int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx)
+	{
+	BIGNUM *abs_m = NULL;
+	int ret;
+
+	if (!BN_nnmod(r, a, m, ctx)) return 0;
+
+	if (m->neg)
 		{
-		if (BN_cmp(rem,dv) >= 0)
+		abs_m = BN_dup(m);
+		if (abs_m == NULL) return 0;
+		abs_m->neg = 0;
+		}
+	
+	ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));
+
+	if (abs_m)
+		BN_free(abs_m);
+	return ret;
+	}
+
+
+/* BN_mod_lshift variant that may be used if  a  is non-negative
+ * and less than  m */
+int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)
+	{
+	if (r != a)
+		{
+		if (BN_copy(r, a) == NULL) return 0;
+		}
+
+	while (n > 0)
+		{
+		int max_shift;
+		
+		/* 0 < r < m */
+		max_shift = BN_num_bits(m) - BN_num_bits(r);
+		/* max_shift >= 0 */
+
+		if (max_shift < 0)
+			{
+			BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED);
+			return 0;
+			}
+
+		if (max_shift > n)
+			max_shift = n;
+
+		if (max_shift)
+			{
+			if (!BN_lshift(r, r, max_shift)) return 0;
+			n -= max_shift;
+			}
+		else
+			{
+			if (!BN_lshift1(r, r)) return 0;
+			--n;
+			}
+
+		/* BN_num_bits(r) <= BN_num_bits(m) */
+
+		if (BN_cmp(r, m) >= 0) 
 			{
-			if (!BN_sub(rem,rem,dv)) return(0);
+			if (!BN_sub(r, r, m)) return 0;
 			}
-		if (!BN_rshift1(dv,dv)) return(0);
 		}
-	return(1);
-#else
-	return(BN_div(NULL,rem,m,d,ctx));
-#endif
+	
+	return 1;
 	}
-
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index e0aa3c769d..c9ebdbaabe 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -56,38 +56,33 @@
  * [including the GNU Public Licence.]
  */
 
+/*
+ * Details about Montgomery multiplication algorithms can be found at
+ * http://security.ece.orst.edu/publications.html, e.g.
+ * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and
+ * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf
+ */
+
 #include <stdio.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-#define MONT_WORD
+#define MONT_WORD /* use the faster word-based algorithm */
 
-int BN_mod_mul_montgomery(r,a,b,mont,ctx)
-BIGNUM *r,*a,*b;
-BN_MONT_CTX *mont;
-BN_CTX *ctx;
+int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+			  BN_MONT_CTX *mont, BN_CTX *ctx)
 	{
-	BIGNUM *tmp,*tmp2;
+	BIGNUM *tmp;
+	int ret=0;
 
-        tmp= &(ctx->bn[ctx->tos]);
-        tmp2= &(ctx->bn[ctx->tos]);
-	ctx->tos+=2;
+	BN_CTX_start(ctx);
+	tmp = BN_CTX_get(ctx);
+	if (tmp == NULL) goto err;
 
 	bn_check_top(tmp);
-	bn_check_top(tmp2);
-
 	if (a == b)
 		{
-#if 0
-		bn_wexpand(tmp,a->top*2);
-		bn_wexpand(tmp2,a->top*4);
-		bn_sqr_recursive(tmp->d,a->d,a->top,tmp2->d);
-		tmp->top=a->top*2;
-		if (tmp->d[tmp->top-1] == 0)
-			tmp->top--;
-#else
 		if (!BN_sqr(tmp,a,ctx)) goto err;
-#endif
 		}
 	else
 		{
@@ -95,179 +90,155 @@ BN_CTX *ctx;
 		}
 	/* reduce from aRR to aR */
 	if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
-	ctx->tos-=2;
-	return(1);
+	ret=1;
 err:
-	return(0);
+	BN_CTX_end(ctx);
+	return(ret);
 	}
 
-int BN_from_montgomery(ret,a,mont,ctx)
-BIGNUM *ret;
-BIGNUM *a;
-BN_MONT_CTX *mont;
-BN_CTX *ctx;
+int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
+	     BN_CTX *ctx)
 	{
-#ifdef BN_RECURSION
-	if (mont->use_word)
-#endif
-		{
-		BIGNUM *n,*r;
-		BN_ULONG *ap,*np,*rp,n0,v,*nrp;
-		int al,nl,max,i,x,ri;
-		int retn=0;
+	int retn=0;
 
-		r= &(ctx->bn[ctx->tos]);
+#ifdef MONT_WORD
+	BIGNUM *n,*r;
+	BN_ULONG *ap,*np,*rp,n0,v,*nrp;
+	int al,nl,max,i,x,ri;
 
-		if (!BN_copy(r,a)) goto err1;
-		n= &(mont->N);
+	BN_CTX_start(ctx);
+	if ((r = BN_CTX_get(ctx)) == NULL) goto err;
 
-		ap=a->d;
-		/* mont->ri is the size of mont->N in bits/words */
-		al=ri=mont->ri/BN_BITS2;
+	if (!BN_copy(r,a)) goto err;
+	n= &(mont->N);
 
-		nl=n->top;
-		if ((al == 0) || (nl == 0)) { r->top=0; return(1); }
+	ap=a->d;
+	/* mont->ri is the size of mont->N in bits (rounded up
+	   to the word size) */
+	al=ri=mont->ri/BN_BITS2;
+	
+	nl=n->top;
+	if ((al == 0) || (nl == 0)) { r->top=0; return(1); }
 
-		max=(nl+al+1); /* allow for overflow (no?) XXX */
-		if (bn_wexpand(r,max) == NULL) goto err1;
-		if (bn_wexpand(ret,max) == NULL) goto err1;
+	max=(nl+al+1); /* allow for overflow (no?) XXX */
+	if (bn_wexpand(r,max) == NULL) goto err;
+	if (bn_wexpand(ret,max) == NULL) goto err;
 
-		r->neg=a->neg^n->neg;
-		np=n->d;
-		rp=r->d;
-		nrp= &(r->d[nl]);
+	r->neg=a->neg^n->neg;
+	np=n->d;
+	rp=r->d;
+	nrp= &(r->d[nl]);
 
-		/* clear the top words of T */
+	/* clear the top words of T */
 #if 1
-		for (i=r->top; i<max; i++) /* memset? XXX */
-			r->d[i]=0;
+	for (i=r->top; i<max; i++) /* memset? XXX */
+		r->d[i]=0;
 #else
-		memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); 
+	memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); 
 #endif
 
-		r->top=max;
-		n0=mont->n0;
+	r->top=max;
+	n0=mont->n0;
 
 #ifdef BN_COUNT
-printf("word BN_from_montgomery %d * %d\n",nl,nl);
+	fprintf(stderr,"word BN_from_montgomery %d * %d\n",nl,nl);
 #endif
-		for (i=0; i<nl; i++)
-			{
-			v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
-			nrp++;
-			rp++;
-			if (((nrp[-1]+=v)&BN_MASK2) >= v)
-				continue;
-			else
-				{
-				if (((++nrp[0])&BN_MASK2) != 0) continue;
-				if (((++nrp[1])&BN_MASK2) != 0) continue;
-				for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ;
-				}
-			}
-		bn_fix_top(r);
-
-		/* mont->ri will be a multiple of the word size */
-#if 0
-		BN_rshift(ret,r,mont->ri);
+	for (i=0; i<nl; i++)
+		{
+#ifdef __TANDEM
+                {
+                   long long t1;
+                   long long t2;
+                   long long t3;
+                   t1 = rp[0] * (n0 & 0177777);
+                   t2 = 037777600000l;
+                   t2 = n0 & t2;
+                   t3 = rp[0] & 0177777;
+                   t2 = (t3 * t2) & BN_MASK2;
+                   t1 = t1 + t2;
+                   v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1);
+                }
 #else
-		x=ri;
-		rp=ret->d;
-		ap= &(r->d[x]);
-		if (r->top < x)
-			al=0;
-		else
-			al=r->top-x;
-		ret->top=al;
-		al-=4;
-		for (i=0; i<al; i+=4)
-			{
-			BN_ULONG t1,t2,t3,t4;
-
-			t1=ap[i+0];
-			t2=ap[i+1];
-			t3=ap[i+2];
-			t4=ap[i+3];
-			rp[i+0]=t1;
-			rp[i+1]=t2;
-			rp[i+2]=t3;
-			rp[i+3]=t4;
-			}
-		al+=4;
-		for (; i<al; i++)
-			rp[i]=ap[i];
+		v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
 #endif
-
-		if (BN_ucmp(ret, &(mont->N)) >= 0)
+		nrp++;
+		rp++;
+		if (((nrp[-1]+=v)&BN_MASK2) >= v)
+			continue;
+		else
 			{
-			BN_usub(ret,ret,&(mont->N)); /* XXX */
+			if (((++nrp[0])&BN_MASK2) != 0) continue;
+			if (((++nrp[1])&BN_MASK2) != 0) continue;
+			for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ;
 			}
-		retn=1;
-err1:
-		return(retn);
 		}
-#ifdef BN_RECURSION
-	else /* bignum version */ 
+	bn_fix_top(r);
+	
+	/* mont->ri will be a multiple of the word size */
+#if 0
+	BN_rshift(ret,r,mont->ri);
+#else
+	ret->neg = r->neg;
+	x=ri;
+	rp=ret->d;
+	ap= &(r->d[x]);
+	if (r->top < x)
+		al=0;
+	else
+		al=r->top-x;
+	ret->top=al;
+	al-=4;
+	for (i=0; i<al; i+=4)
 		{
-		BIGNUM *t1,*t2,*t3;
-		int j,i;
-
-#ifdef BN_COUNT
-printf("number BN_from_montgomery\n");
-#endif
-
-		t1= &(ctx->bn[ctx->tos]);
-		t2= &(ctx->bn[ctx->tos+1]);
-		t3= &(ctx->bn[ctx->tos+2]);
-
-		i=mont->Ni.top;
-		bn_wexpand(ret,i); /* perhaps only i*2 */
-		bn_wexpand(t1,i*4); /* perhaps only i*2 */
-		bn_wexpand(t2,i*2); /* perhaps only i   */
-
-		bn_mul_low_recursive(t2->d,a->d,mont->Ni.d,i,t1->d);
-
-		BN_zero(t3);
-		BN_set_bit(t3,mont->N.top*BN_BITS2);
-		bn_sub_words(t3->d,t3->d,a->d,i);
-		bn_mul_high(ret->d,t2->d,mont->N.d,t3->d,i,t1->d);
-
-		/* hmm... if a is between i and 2*i, things are bad */
-		if (a->top > i)
-			{
-			j=bn_add_words(ret->d,ret->d,&(a->d[i]),i);
-			if (j) /* overflow */
-				bn_sub_words(ret->d,ret->d,mont->N.d,i);
-			}
-		ret->top=i;
-		bn_fix_top(ret);
-		if (a->d[0])
-			BN_add_word(ret,1); /* Always? */
-		else	/* Very very rare */
-			{
-			for (i=1; i<mont->N.top-1; i++)
-				{
-				if (a->d[i])
-					{
-					BN_add_word(ret,1); /* Always? */
-					break;
-					}
-				}
-			}
-
-		if (BN_ucmp(ret,&(mont->N)) >= 0)
-			BN_usub(ret,ret,&(mont->N));
-
-		return(1);
+		BN_ULONG t1,t2,t3,t4;
+		
+		t1=ap[i+0];
+		t2=ap[i+1];
+		t3=ap[i+2];
+		t4=ap[i+3];
+		rp[i+0]=t1;
+		rp[i+1]=t2;
+		rp[i+2]=t3;
+		rp[i+3]=t4;
 		}
+	al+=4;
+	for (; i<al; i++)
+		rp[i]=ap[i];
 #endif
+#else /* !MONT_WORD */ 
+	BIGNUM *t1,*t2;
+
+	BN_CTX_start(ctx);
+	t1 = BN_CTX_get(ctx);
+	t2 = BN_CTX_get(ctx);
+	if (t1 == NULL || t2 == NULL) goto err;
+	
+	if (!BN_copy(t1,a)) goto err;
+	BN_mask_bits(t1,mont->ri);
+
+	if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err;
+	BN_mask_bits(t2,mont->ri);
+
+	if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
+	if (!BN_add(t2,a,t1)) goto err;
+	if (!BN_rshift(ret,t2,mont->ri)) goto err;
+#endif /* MONT_WORD */
+
+	if (BN_ucmp(ret, &(mont->N)) >= 0)
+		{
+		if (!BN_usub(ret,ret,&(mont->N))) goto err;
+		}
+	retn=1;
+ err:
+	BN_CTX_end(ctx);
+	return(retn);
 	}
 
-BN_MONT_CTX *BN_MONT_CTX_new()
+BN_MONT_CTX *BN_MONT_CTX_new(void)
 	{
 	BN_MONT_CTX *ret;
 
-	if ((ret=(BN_MONT_CTX *)Malloc(sizeof(BN_MONT_CTX))) == NULL)
+	if ((ret=(BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL)
 		return(NULL);
 
 	BN_MONT_CTX_init(ret);
@@ -275,10 +246,8 @@ BN_MONT_CTX *BN_MONT_CTX_new()
 	return(ret);
 	}
 
-void BN_MONT_CTX_init(ctx)
-BN_MONT_CTX *ctx;
+void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
 	{
-	ctx->use_word=0;
 	ctx->ri=0;
 	BN_init(&(ctx->RR));
 	BN_init(&(ctx->N));
@@ -286,122 +255,93 @@ BN_MONT_CTX *ctx;
 	ctx->flags=0;
 	}
 
-void BN_MONT_CTX_free(mont)
-BN_MONT_CTX *mont;
+void BN_MONT_CTX_free(BN_MONT_CTX *mont)
 	{
+	if(mont == NULL)
+	    return;
+
 	BN_free(&(mont->RR));
 	BN_free(&(mont->N));
 	BN_free(&(mont->Ni));
 	if (mont->flags & BN_FLG_MALLOCED)
-		Free(mont);
+		OPENSSL_free(mont);
 	}
 
-int BN_MONT_CTX_set(mont,mod,ctx)
-BN_MONT_CTX *mont;
-BIGNUM *mod;
-BN_CTX *ctx;
+int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
 	{
 	BIGNUM Ri,*R;
 
 	BN_init(&Ri);
 	R= &(mont->RR);					/* grab RR as a temp */
 	BN_copy(&(mont->N),mod);			/* Set N */
+	mont->N.neg = 0;
 
-#ifdef BN_RECURSION
-	if (mont->N.top < BN_MONT_CTX_SET_SIZE_WORD)
-#endif
+#ifdef MONT_WORD
 		{
 		BIGNUM tmod;
 		BN_ULONG buf[2];
 
-		mont->use_word=1;
-
 		mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
-		BN_zero(R);
-		BN_set_bit(R,BN_BITS2);
-		/* I was bad, this modification of a passed variable was
-		 * breaking the multithreaded stuff :-(
-		 * z=mod->top;
-		 * mod->top=1; */
-
-		buf[0]=mod->d[0];
+		if (!(BN_zero(R))) goto err;
+		if (!(BN_set_bit(R,BN_BITS2))) goto err;	/* R */
+
+		buf[0]=mod->d[0]; /* tmod = N mod word size */
 		buf[1]=0;
 		tmod.d=buf;
 		tmod.top=1;
-		tmod.max=mod->max;
-		tmod.neg=mod->neg;
-
+		tmod.dmax=2;
+		tmod.neg=0;
+							/* Ri = R^-1 mod N*/
 		if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL)
 			goto err;
-		BN_lshift(&Ri,&Ri,BN_BITS2);			/* R*Ri */
+		if (!BN_lshift(&Ri,&Ri,BN_BITS2)) goto err; /* R*Ri */
 		if (!BN_is_zero(&Ri))
 			{
-#if 1
-			BN_sub_word(&Ri,1);
-#else
-			BN_usub(&Ri,&Ri,BN_value_one());	/* R*Ri - 1 */
-#endif
+			if (!BN_sub_word(&Ri,1)) goto err;
 			}
-		else
+		else /* if N mod word size == 1 */
 			{
-			/* This is not common..., 1 in BN_MASK2,
-			 * It happens when buf[0] was == 1.  So for 8 bit,
-			 * this is 1/256, 16bit, 1 in 2^16 etc.
-			 */
-			BN_set_word(&Ri,BN_MASK2);
+			if (!BN_set_word(&Ri,BN_MASK2)) goto err;  /* Ri-- (mod word size) */
 			}
-		BN_div(&Ri,NULL,&Ri,&tmod,ctx);
-		mont->n0=Ri.d[0];
+		if (!BN_div(&Ri,NULL,&Ri,&tmod,ctx)) goto err;
+		/* Ni = (R*Ri-1)/N,
+		 * keep only least significant word: */
+		mont->n0 = (Ri.top > 0) ? Ri.d[0] : 0;
 		BN_free(&Ri);
-		/* mod->top=z; */
 		}
-#ifdef BN_RECURSION
-	else
-		{
-		mont->use_word=0;
-		mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
-#if 1
-		BN_zero(R);
-		BN_set_bit(R,mont->ri);
-#else
-		BN_lshift(R,BN_value_one(),mont->ri);	/* R */
-#endif
-		if ((BN_mod_inverse(&Ri,R,mod,ctx)) == NULL)
+#else /* !MONT_WORD */
+		{ /* bignum version */
+		mont->ri=BN_num_bits(&mont->N);
+		if (!BN_zero(R)) goto err;
+		if (!BN_set_bit(R,mont->ri)) goto err;  /* R = 2^ri */
+		                                        /* Ri = R^-1 mod N*/
+		if ((BN_mod_inverse(&Ri,R,&mont->N,ctx)) == NULL)
 			goto err;
-		BN_lshift(&Ri,&Ri,mont->ri);		/* R*Ri */
-#if 1
-		BN_sub_word(&Ri,1);
-#else
-		BN_usub(&Ri,&Ri,BN_value_one());	/* R*Ri - 1 */
-#endif
-		BN_div(&(mont->Ni),NULL,&Ri,mod,ctx);
+		if (!BN_lshift(&Ri,&Ri,mont->ri)) goto err; /* R*Ri */
+		if (!BN_sub_word(&Ri,1)) goto err;
+							/* Ni = (R*Ri-1) / N */
+		if (!BN_div(&(mont->Ni),NULL,&Ri,&mont->N,ctx)) goto err;
 		BN_free(&Ri);
 		}
 #endif
 
 	/* setup RR for conversions */
-#if 1
-	BN_zero(&(mont->RR));
-	BN_set_bit(&(mont->RR),mont->ri*2);
-#else
-	BN_lshift(mont->RR,BN_value_one(),mont->ri*2);
-#endif
-	BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx);
+	if (!BN_zero(&(mont->RR))) goto err;
+	if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err;
+	if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err;
 
 	return(1);
 err:
 	return(0);
 	}
 
-BN_MONT_CTX *BN_MONT_CTX_copy(to, from)
-BN_MONT_CTX *to, *from;
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
 	{
 	if (to == from) return(to);
 
-	BN_copy(&(to->RR),&(from->RR));
-	BN_copy(&(to->N),&(from->N));
-	BN_copy(&(to->Ni),&(from->Ni));
-	to->use_word=from->use_word;
+	if (!BN_copy(&(to->RR),&(from->RR))) return NULL;
+	if (!BN_copy(&(to->N),&(from->N))) return NULL;
+	if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL;
 	to->ri=from->ri;
 	to->n0=from->n0;
 	return(to);
diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c
index 84b0317081..05fa9d1e9a 100644
--- a/crypto/bn/bn_mpi.c
+++ b/crypto/bn/bn_mpi.c
@@ -60,9 +60,7 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-int BN_bn2mpi(a,d)
-BIGNUM *a;
-unsigned char *d;
+int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
 	{
 	int bits;
 	int num=0;
@@ -90,10 +88,7 @@ unsigned char *d;
 	return(num+4+ext);
 	}
 
-BIGNUM *BN_mpi2bn(d,n,a)
-unsigned char *d;
-int n;
-BIGNUM *a;
+BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
 	{
 	long len;
 	int neg=0;
diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c
index fc7bf974fd..b03458d002 100644
--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
@@ -56,67 +56,392 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef BN_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
 #include <stdio.h>
+#include <assert.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
+#if defined(OPENSSL_NO_ASM) || !(defined(__i386) || defined(__i386__)) || defined(__DJGPP__) /* Assembler implementation exists only for x86 */
+/* Here follows specialised variants of bn_add_words() and
+   bn_sub_words().  They have the property performing operations on
+   arrays of different sizes.  The sizes of those arrays is expressed through
+   cl, which is the common length ( basicall, min(len(a),len(b)) ), and dl,
+   which is the delta between the two lengths, calculated as len(a)-len(b).
+   All lengths are the number of BN_ULONGs...  For the operations that require
+   a result array as parameter, it must have the length cl+abs(dl).
+   These functions should probably end up in bn_asm.c as soon as there are
+   assembler counterparts for the systems that use assembler files.  */
+
+BN_ULONG bn_sub_part_words(BN_ULONG *r,
+	const BN_ULONG *a, const BN_ULONG *b,
+	int cl, int dl)
+	{
+	BN_ULONG c, t;
+
+	assert(cl >= 0);
+	c = bn_sub_words(r, a, b, cl);
+
+	if (dl == 0)
+		return c;
+
+	r += cl;
+	a += cl;
+	b += cl;
+
+	if (dl < 0)
+		{
+#ifdef BN_COUNT
+		fprintf(stderr, "  bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c);
+#endif
+		for (;;)
+			{
+			t = b[0];
+			r[0] = (0-t-c)&BN_MASK2;
+			if (t != 0) c=1;
+			if (++dl >= 0) break;
+
+			t = b[1];
+			r[1] = (0-t-c)&BN_MASK2;
+			if (t != 0) c=1;
+			if (++dl >= 0) break;
+
+			t = b[2];
+			r[2] = (0-t-c)&BN_MASK2;
+			if (t != 0) c=1;
+			if (++dl >= 0) break;
+
+			t = b[3];
+			r[3] = (0-t-c)&BN_MASK2;
+			if (t != 0) c=1;
+			if (++dl >= 0) break;
+
+			b += 4;
+			r += 4;
+			}
+		}
+	else
+		{
+		int save_dl = dl;
+#ifdef BN_COUNT
+		fprintf(stderr, "  bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, dl, c);
+#endif
+		while(c)
+			{
+			t = a[0];
+			r[0] = (t-c)&BN_MASK2;
+			if (t != 0) c=0;
+			if (--dl <= 0) break;
+
+			t = a[1];
+			r[1] = (t-c)&BN_MASK2;
+			if (t != 0) c=0;
+			if (--dl <= 0) break;
+
+			t = a[2];
+			r[2] = (t-c)&BN_MASK2;
+			if (t != 0) c=0;
+			if (--dl <= 0) break;
+
+			t = a[3];
+			r[3] = (t-c)&BN_MASK2;
+			if (t != 0) c=0;
+			if (--dl <= 0) break;
+
+			save_dl = dl;
+			a += 4;
+			r += 4;
+			}
+		if (dl > 0)
+			{
+#ifdef BN_COUNT
+			fprintf(stderr, "  bn_sub_part_words %d + %d (dl > 0, c == 0)\n", cl, dl);
+#endif
+			if (save_dl > dl)
+				{
+				switch (save_dl - dl)
+					{
+				case 1:
+					r[1] = a[1];
+					if (--dl <= 0) break;
+				case 2:
+					r[2] = a[2];
+					if (--dl <= 0) break;
+				case 3:
+					r[3] = a[3];
+					if (--dl <= 0) break;
+					}
+				a += 4;
+				r += 4;
+				}
+			}
+		if (dl > 0)
+			{
+#ifdef BN_COUNT
+			fprintf(stderr, "  bn_sub_part_words %d + %d (dl > 0, copy)\n", cl, dl);
+#endif
+			for(;;)
+				{
+				r[0] = a[0];
+				if (--dl <= 0) break;
+				r[1] = a[1];
+				if (--dl <= 0) break;
+				r[2] = a[2];
+				if (--dl <= 0) break;
+				r[3] = a[3];
+				if (--dl <= 0) break;
+
+				a += 4;
+				r += 4;
+				}
+			}
+		}
+	return c;
+	}
+#endif
+
+BN_ULONG bn_add_part_words(BN_ULONG *r,
+	const BN_ULONG *a, const BN_ULONG *b,
+	int cl, int dl)
+	{
+	BN_ULONG c, l, t;
+
+	assert(cl >= 0);
+	c = bn_add_words(r, a, b, cl);
+
+	if (dl == 0)
+		return c;
+
+	r += cl;
+	a += cl;
+	b += cl;
+
+	if (dl < 0)
+		{
+		int save_dl = dl;
+#ifdef BN_COUNT
+		fprintf(stderr, "  bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c);
+#endif
+		while (c)
+			{
+			l=(c+b[0])&BN_MASK2;
+			c=(l < c);
+			r[0]=l;
+			if (++dl >= 0) break;
+
+			l=(c+b[1])&BN_MASK2;
+			c=(l < c);
+			r[1]=l;
+			if (++dl >= 0) break;
+
+			l=(c+b[2])&BN_MASK2;
+			c=(l < c);
+			r[2]=l;
+			if (++dl >= 0) break;
+
+			l=(c+b[3])&BN_MASK2;
+			c=(l < c);
+			r[3]=l;
+			if (++dl >= 0) break;
+
+			save_dl = dl;
+			b+=4;
+			r+=4;
+			}
+		if (dl < 0)
+			{
+#ifdef BN_COUNT
+			fprintf(stderr, "  bn_add_part_words %d + %d (dl < 0, c == 0)\n", cl, dl);
+#endif
+			if (save_dl < dl)
+				{
+				switch (dl - save_dl)
+					{
+				case 1:
+					r[1] = b[1];
+					if (++dl >= 0) break;
+				case 2:
+					r[2] = b[2];
+					if (++dl >= 0) break;
+				case 3:
+					r[3] = b[3];
+					if (++dl >= 0) break;
+					}
+				b += 4;
+				r += 4;
+				}
+			}
+		if (dl < 0)
+			{
+#ifdef BN_COUNT
+			fprintf(stderr, "  bn_add_part_words %d + %d (dl < 0, copy)\n", cl, dl);
+#endif
+			for(;;)
+				{
+				r[0] = b[0];
+				if (++dl >= 0) break;
+				r[1] = b[1];
+				if (++dl >= 0) break;
+				r[2] = b[2];
+				if (++dl >= 0) break;
+				r[3] = b[3];
+				if (++dl >= 0) break;
+
+				b += 4;
+				r += 4;
+				}
+			}
+		}
+	else
+		{
+		int save_dl = dl;
+#ifdef BN_COUNT
+		fprintf(stderr, "  bn_add_part_words %d + %d (dl > 0)\n", cl, dl);
+#endif
+		while (c)
+			{
+			t=(a[0]+c)&BN_MASK2;
+			c=(t < c);
+			r[0]=t;
+			if (--dl <= 0) break;
+
+			t=(a[1]+c)&BN_MASK2;
+			c=(t < c);
+			r[1]=t;
+			if (--dl <= 0) break;
+
+			t=(a[2]+c)&BN_MASK2;
+			c=(t < c);
+			r[2]=t;
+			if (--dl <= 0) break;
+
+			t=(a[3]+c)&BN_MASK2;
+			c=(t < c);
+			r[3]=t;
+			if (--dl <= 0) break;
+
+			save_dl = dl;
+			a+=4;
+			r+=4;
+			}
+#ifdef BN_COUNT
+		fprintf(stderr, "  bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, dl);
+#endif
+		if (dl > 0)
+			{
+			if (save_dl > dl)
+				{
+				switch (save_dl - dl)
+					{
+				case 1:
+					r[1] = a[1];
+					if (--dl <= 0) break;
+				case 2:
+					r[2] = a[2];
+					if (--dl <= 0) break;
+				case 3:
+					r[3] = a[3];
+					if (--dl <= 0) break;
+					}
+				a += 4;
+				r += 4;
+				}
+			}
+		if (dl > 0)
+			{
+#ifdef BN_COUNT
+			fprintf(stderr, "  bn_add_part_words %d + %d (dl > 0, copy)\n", cl, dl);
+#endif
+			for(;;)
+				{
+				r[0] = a[0];
+				if (--dl <= 0) break;
+				r[1] = a[1];
+				if (--dl <= 0) break;
+				r[2] = a[2];
+				if (--dl <= 0) break;
+				r[3] = a[3];
+				if (--dl <= 0) break;
+
+				a += 4;
+				r += 4;
+				}
+			}
+		}
+	return c;
+	}
+
 #ifdef BN_RECURSION
+/* Karatsuba recursive multiplication algorithm
+ * (cf. Knuth, The Art of Computer Programming, Vol. 2) */
+
 /* r is 2*n2 words in size,
  * a and b are both n2 words in size.
  * n2 must be a power of 2.
  * We multiply and return the result.
  * t must be 2*n2 words in size
- * We calulate
+ * We calculate
  * a[0]*b[0]
  * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
  * a[1]*b[1]
  */
-void bn_mul_recursive(r,a,b,n2,t)
-BN_ULONG *r,*a,*b;
-int n2;
-BN_ULONG *t;
+void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+	int dna, int dnb, BN_ULONG *t)
 	{
 	int n=n2/2,c1,c2;
+	int tna=n+dna, tnb=n+dnb;
 	unsigned int neg,zero;
 	BN_ULONG ln,lo,*p;
 
-#ifdef BN_COUNT
-printf(" bn_mul_recursive %d * %d\n",n2,n2);
-#endif
-#ifdef BN_MUL_COMBA
-/*	if (n2 == 4)
+# ifdef BN_COUNT
+	fprintf(stderr," bn_mul_recursive %d * %d\n",n2,n2);
+# endif
+# ifdef BN_MUL_COMBA
+#  if 0
+	if (n2 == 4)
 		{
 		bn_mul_comba4(r,a,b);
 		return;
 		}
-	else */ if (n2 == 8)
+#  endif
+	/* Only call bn_mul_comba 8 if n2 == 8 and the
+	 * two arrays are complete [steve]
+	 */
+	if (n2 == 8 && dna == 0 && dnb == 0)
 		{
 		bn_mul_comba8(r,a,b);
 		return; 
 		}
-#endif
+# endif /* BN_MUL_COMBA */
+	/* Else do normal multiply */
 	if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
 		{
-		/* This should not happen */
-		bn_mul_normal(r,a,n2,b,n2);
+		bn_mul_normal(r,a,n2+dna,b,n2+dnb);
+		if ((dna + dnb) < 0)
+			memset(&r[2*n2 + dna + dnb], 0,
+				sizeof(BN_ULONG) * -(dna + dnb));
 		return;
 		}
 	/* r=(a[0]-a[1])*(b[1]-b[0]) */
-	c1=bn_cmp_words(a,&(a[n]),n);
-	c2=bn_cmp_words(&(b[n]),b,n);
+	c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
+	c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
 	zero=neg=0;
 	switch (c1*3+c2)
 		{
 	case -4:
-		bn_sub_words(t,      &(a[n]),a,      n); /* - */
-		bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
+		bn_sub_part_words(t,      &(a[n]),a,      tna,tna-n); /* - */
+		bn_sub_part_words(&(t[n]),b,      &(b[n]),tnb,n-tnb); /* - */
 		break;
 	case -3:
 		zero=1;
 		break;
 	case -2:
-		bn_sub_words(t,      &(a[n]),a,      n); /* - */
-		bn_sub_words(&(t[n]),&(b[n]),b,      n); /* + */
+		bn_sub_part_words(t,      &(a[n]),a,      tna,tna-n); /* - */
+		bn_sub_part_words(&(t[n]),&(b[n]),b,      tnb,tnb-n); /* + */
 		neg=1;
 		break;
 	case -1:
@@ -125,21 +450,22 @@ printf(" bn_mul_recursive %d * %d\n",n2,n2);
 		zero=1;
 		break;
 	case 2:
-		bn_sub_words(t,      a,      &(a[n]),n); /* + */
-		bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
+		bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna); /* + */
+		bn_sub_part_words(&(t[n]),b,      &(b[n]),tnb,n-tnb); /* - */
 		neg=1;
 		break;
 	case 3:
 		zero=1;
 		break;
 	case 4:
-		bn_sub_words(t,      a,      &(a[n]),n);
-		bn_sub_words(&(t[n]),&(b[n]),b,      n);
+		bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna);
+		bn_sub_part_words(&(t[n]),&(b[n]),b,      tnb,tnb-n);
 		break;
 		}
 
-#ifdef BN_MUL_COMBA
-	if (n == 4)
+# ifdef BN_MUL_COMBA
+	if (n == 4 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba4 could take
+					       extra args to do this well */
 		{
 		if (!zero)
 			bn_mul_comba4(&(t[n2]),t,&(t[n]));
@@ -149,7 +475,9 @@ printf(" bn_mul_recursive %d * %d\n",n2,n2);
 		bn_mul_comba4(r,a,b);
 		bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n]));
 		}
-	else if (n == 8)
+	else if (n == 8 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba8 could
+						    take extra args to do this
+						    well */
 		{
 		if (!zero)
 			bn_mul_comba8(&(t[n2]),t,&(t[n]));
@@ -160,15 +488,15 @@ printf(" bn_mul_recursive %d * %d\n",n2,n2);
 		bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n]));
 		}
 	else
-#endif
+# endif /* BN_MUL_COMBA */
 		{
 		p= &(t[n2*2]);
 		if (!zero)
-			bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
+			bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p);
 		else
 			memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
-		bn_mul_recursive(r,a,b,n,p);
-		bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,p);
+		bn_mul_recursive(r,a,b,n,0,0,p);
+		bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,dna,dnb,p);
 		}
 
 	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
@@ -176,16 +504,16 @@ printf(" bn_mul_recursive %d * %d\n",n2,n2);
 	 * r[32] holds (b[1]*b[1])
 	 */
 
-	c1=bn_add_words(t,r,&(r[n2]),n2);
+	c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
 
 	if (neg) /* if t[32] is negative */
 		{
-		c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
+		c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
 		}
 	else
 		{
 		/* Might have a carry */
-		c1+=bn_add_words(&(t[n2]),&(t[n2]),t,n2);
+		c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
 		}
 
 	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
@@ -193,7 +521,7 @@ printf(" bn_mul_recursive %d * %d\n",n2,n2);
 	 * r[32] holds (b[1]*b[1])
 	 * c1 holds the carry bits
 	 */
-	c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
+	c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
 	if (c1)
 		{
 		p= &(r[n+n2]);
@@ -217,88 +545,128 @@ printf(" bn_mul_recursive %d * %d\n",n2,n2);
 
 /* n+tn is the word length
  * t needs to be n*4 is size, as does r */
-void bn_mul_part_recursive(r,a,b,tn,n,t)
-BN_ULONG *r,*a,*b;
-int tn,n;
-BN_ULONG *t;
+void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
+	     int tna, int tnb, BN_ULONG *t)
 	{
 	int i,j,n2=n*2;
-	unsigned int c1;
+	unsigned int c1,c2,neg,zero;
 	BN_ULONG ln,lo,*p;
 
-#ifdef BN_COUNT
-printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
-#endif
+# ifdef BN_COUNT
+	fprintf(stderr," bn_mul_part_recursive (%d+%d) * (%d+%d)\n",
+		tna, n, tnb, n);
+# endif
 	if (n < 8)
 		{
-		i=tn+n;
-		bn_mul_normal(r,a,i,b,i);
+		bn_mul_normal(r,a,n+tna,b,n+tnb);
 		return;
 		}
 
 	/* r=(a[0]-a[1])*(b[1]-b[0]) */
-	bn_sub_words(t,      a,      &(a[n]),n); /* + */
-	bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
-
-/*	if (n == 4)
+	c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
+	c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
+	zero=neg=0;
+	switch (c1*3+c2)
+		{
+	case -4:
+		bn_sub_part_words(t,      &(a[n]),a,      tna,tna-n); /* - */
+		bn_sub_part_words(&(t[n]),b,      &(b[n]),tnb,n-tnb); /* - */
+		break;
+	case -3:
+		zero=1;
+		/* break; */
+	case -2:
+		bn_sub_part_words(t,      &(a[n]),a,      tna,tna-n); /* - */
+		bn_sub_part_words(&(t[n]),&(b[n]),b,      tnb,tnb-n); /* + */
+		neg=1;
+		break;
+	case -1:
+	case 0:
+	case 1:
+		zero=1;
+		/* break; */
+	case 2:
+		bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna); /* + */
+		bn_sub_part_words(&(t[n]),b,      &(b[n]),tnb,n-tnb); /* - */
+		neg=1;
+		break;
+	case 3:
+		zero=1;
+		/* break; */
+	case 4:
+		bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna);
+		bn_sub_part_words(&(t[n]),&(b[n]),b,      tnb,tnb-n);
+		break;
+		}
+		/* The zero case isn't yet implemented here. The speedup
+		   would probably be negligible. */
+# if 0
+	if (n == 4)
 		{
 		bn_mul_comba4(&(t[n2]),t,&(t[n]));
 		bn_mul_comba4(r,a,b);
 		bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
 		memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
 		}
-	else */ if (n == 8)
+	else
+# endif
+	if (n == 8)
 		{
 		bn_mul_comba8(&(t[n2]),t,&(t[n]));
 		bn_mul_comba8(r,a,b);
-		bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
-		memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
+		bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb);
+		memset(&(r[n2+tna+tnb]),0,sizeof(BN_ULONG)*(n2-tna-tnb));
 		}
 	else
 		{
 		p= &(t[n2*2]);
-		bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
-		bn_mul_recursive(r,a,b,n,p);
+		bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p);
+		bn_mul_recursive(r,a,b,n,0,0,p);
 		i=n/2;
 		/* If there is only a bottom half to the number,
 		 * just do it */
-		j=tn-i;
+		if (tna > tnb)
+			j = tna - i;
+		else
+			j = tnb - i;
 		if (j == 0)
 			{
-			bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),i,p);
+			bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),
+				i,tna-i,tnb-i,p);
 			memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2));
 			}
 		else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */
 				{
 				bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]),
-					j,i,p);
-				memset(&(r[n2+tn*2]),0,
-					sizeof(BN_ULONG)*(n2-tn*2));
+					i,tna-i,tnb-i,p);
+				memset(&(r[n2+tna+tnb]),0,
+					sizeof(BN_ULONG)*(n2-tna-tnb));
 				}
 		else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
 			{
 			memset(&(r[n2]),0,sizeof(BN_ULONG)*n2);
-			if (tn < BN_MUL_RECURSIVE_SIZE_NORMAL)
+			if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL
+				&& tnb < BN_MUL_RECURSIVE_SIZE_NORMAL)
 				{
-				bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
+				bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb);
 				}
 			else
 				{
 				for (;;)
 					{
 					i/=2;
-					if (i < tn)
+					if (i < tna && i < tnb)
 						{
 						bn_mul_part_recursive(&(r[n2]),
 							&(a[n]),&(b[n]),
-							tn-i,i,p);
+							i,tna-i,tnb-i,p);
 						break;
 						}
-					else if (i == tn)
+					else if (i <= tna && i <= tnb)
 						{
 						bn_mul_recursive(&(r[n2]),
 							&(a[n]),&(b[n]),
-							i,p);
+							i,tna-i,tnb-i,p);
 						break;
 						}
 					}
@@ -311,15 +679,24 @@ printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
 	 * r[32] holds (b[1]*b[1])
 	 */
 
-	c1=bn_add_words(t,r,&(r[n2]),n2);
-	c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
+	c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
+
+	if (neg) /* if t[32] is negative */
+		{
+		c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
+		}
+	else
+		{
+		/* Might have a carry */
+		c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
+		}
 
 	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
 	 * r[10] holds (a[0]*b[0])
 	 * r[32] holds (b[1]*b[1])
 	 * c1 holds the carry bits
 	 */
-	c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
+	c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
 	if (c1)
 		{
 		p= &(r[n+n2]);
@@ -344,18 +721,16 @@ printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
 /* a and b must be the same size, which is n2.
  * r needs to be n2 words and t needs to be n2*2
  */
-void bn_mul_low_recursive(r,a,b,n2,t)
-BN_ULONG *r,*a,*b;
-int n2;
-BN_ULONG *t;
+void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+	     BN_ULONG *t)
 	{
 	int n=n2/2;
 
-#ifdef BN_COUNT
-printf(" bn_mul_low_recursive %d * %d\n",n2,n2);
-#endif
+# ifdef BN_COUNT
+	fprintf(stderr," bn_mul_low_recursive %d * %d\n",n2,n2);
+# endif
 
-	bn_mul_recursive(r,a,b,n,&(t[0]));
+	bn_mul_recursive(r,a,b,n,0,0,&(t[0]));
 	if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)
 		{
 		bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2]));
@@ -377,20 +752,18 @@ printf(" bn_mul_low_recursive %d * %d\n",n2,n2);
  * l is the low words of the output.
  * t needs to be n2*3
  */
-void bn_mul_high(r,a,b,l,n2,t)
-BN_ULONG *r,*a,*b,*l;
-int n2;
-BN_ULONG *t;
+void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
+	     BN_ULONG *t)
 	{
 	int i,n;
 	int c1,c2;
 	int neg,oneg,zero;
 	BN_ULONG ll,lc,*lp,*mp;
 
-#ifdef BN_COUNT
-printf(" bn_mul_high %d * %d\n",n2,n2);
-#endif
-	n=(n2+1)/2;
+# ifdef BN_COUNT
+	fprintf(stderr," bn_mul_high %d * %d\n",n2,n2);
+# endif
+	n=n2/2;
 
 	/* Calculate (al-ah)*(bh-bl) */
 	neg=zero=0;
@@ -432,17 +805,17 @@ printf(" bn_mul_high %d * %d\n",n2,n2);
 	oneg=neg;
 	/* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
 	/* r[10] = (a[1]*b[1]) */
-#ifdef BN_MUL_COMBA
+# ifdef BN_MUL_COMBA
 	if (n == 8)
 		{
 		bn_mul_comba8(&(t[0]),&(r[0]),&(r[n]));
 		bn_mul_comba8(r,&(a[n]),&(b[n]));
 		}
 	else
-#endif
+# endif
 		{
-		bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,&(t[n2]));
-		bn_mul_recursive(r,&(a[n]),&(b[n]),n,&(t[n2]));
+		bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,0,0,&(t[n2]));
+		bn_mul_recursive(r,&(a[n]),&(b[n]),n,0,0,&(t[n2]));
 		}
 
 	/* s0 == low(al*bl)
@@ -454,7 +827,7 @@ printf(" bn_mul_high %d * %d\n",n2,n2);
 	if (l != NULL)
 		{
 		lp= &(t[n2+n]);
-		c1=bn_add_words(lp,&(r[0]),&(l[0]),n);
+		c1=(int)(bn_add_words(lp,&(r[0]),&(l[0]),n));
 		}
 	else
 		{
@@ -463,7 +836,7 @@ printf(" bn_mul_high %d * %d\n",n2,n2);
 		}
 
 	if (neg)
-		neg=bn_sub_words(&(t[n2]),lp,&(t[0]),n);
+		neg=(int)(bn_sub_words(&(t[n2]),lp,&(t[0]),n));
 	else
 		{
 		bn_add_words(&(t[n2]),lp,&(t[0]),n);
@@ -498,25 +871,25 @@ printf(" bn_mul_high %d * %d\n",n2,n2);
 	if (l != NULL)
 		{
 		lp= &(t[n2]);
-		c1= bn_add_words(lp,&(t[n2+n]),&(l[0]),n);
+		c1= (int)(bn_add_words(lp,&(t[n2+n]),&(l[0]),n));
 		}
 	else
 		{
 		lp= &(t[n2+n]);
 		c1=0;
 		}
-	c1+=bn_add_words(&(t[n2]),lp,  &(r[0]),n);
+	c1+=(int)(bn_add_words(&(t[n2]),lp,  &(r[0]),n));
 	if (oneg)
-		c1-=bn_sub_words(&(t[n2]),&(t[n2]),&(t[0]),n);
+		c1-=(int)(bn_sub_words(&(t[n2]),&(t[n2]),&(t[0]),n));
 	else
-		c1+=bn_add_words(&(t[n2]),&(t[n2]),&(t[0]),n);
+		c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),&(t[0]),n));
 
-	c2 =bn_add_words(&(r[0]),&(r[0]),&(t[n2+n]),n);
-	c2+=bn_add_words(&(r[0]),&(r[0]),&(r[n]),n);
+	c2 =(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n2+n]),n));
+	c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(r[n]),n));
 	if (oneg)
-		c2-=bn_sub_words(&(r[0]),&(r[0]),&(t[n]),n);
+		c2-=(int)(bn_sub_words(&(r[0]),&(r[0]),&(t[n]),n));
 	else
-		c2+=bn_add_words(&(r[0]),&(r[0]),&(t[n]),n);
+		c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n]),n));
 	
 	if (c1 != 0) /* Add starting at r[0], could be +ve or -ve */
 		{
@@ -563,20 +936,23 @@ printf(" bn_mul_high %d * %d\n",n2,n2);
 			}
 		}
 	}
-#endif
+#endif /* BN_RECURSION */
 
-int BN_mul(r,a,b,ctx)
-BIGNUM *r,*a,*b;
-BN_CTX *ctx;
+int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
 	{
-	int top,i,j,k,al,bl;
-	BIGNUM *t;
-
-	t=NULL;
-	i=j=k=0;
+	int ret=0;
+	int top,al,bl;
+	BIGNUM *rr;
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+	int i;
+#endif
+#ifdef BN_RECURSION
+	BIGNUM *t=NULL;
+	int j=0,k;
+#endif
 
 #ifdef BN_COUNT
-printf("BN_mul %d * %d\n",a->top,b->top);
+	fprintf(stderr,"BN_mul %d * %d\n",a->top,b->top);
 #endif
 
 	bn_check_top(a);
@@ -585,127 +961,149 @@ printf("BN_mul %d * %d\n",a->top,b->top);
 
 	al=a->top;
 	bl=b->top;
-	r->neg=a->neg^b->neg;
 
 	if ((al == 0) || (bl == 0))
 		{
-		BN_zero(r);
+		if (!BN_zero(r)) goto err;
 		return(1);
 		}
 	top=al+bl;
+
+	BN_CTX_start(ctx);
+	if ((r == a) || (r == b))
+		{
+		if ((rr = BN_CTX_get(ctx)) == NULL) goto err;
+		}
+	else
+		rr = r;
+	rr->neg=a->neg^b->neg;
+
 #if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
-	if (al == bl)
+	i = al-bl;
+#endif
+#ifdef BN_MUL_COMBA
+	if (i == 0)
 		{
-#  ifdef BN_MUL_COMBA
-/*		if (al == 4)
+# if 0
+		if (al == 4)
 			{
-			if (bn_wexpand(r,8) == NULL) return(0);
-			r->top=8;
-			bn_mul_comba4(r->d,a->d,b->d);
+			if (bn_wexpand(rr,8) == NULL) goto err;
+			rr->top=8;
+			bn_mul_comba4(rr->d,a->d,b->d);
 			goto end;
 			}
-		else */ if (al == 8)
+# endif
+		if (al == 8)
 			{
-			if (bn_wexpand(r,16) == NULL) return(0);
-			r->top=16;
-			bn_mul_comba8(r->d,a->d,b->d);
+			if (bn_wexpand(rr,16) == NULL) goto err;
+			rr->top=16;
+			bn_mul_comba8(rr->d,a->d,b->d);
 			goto end;
 			}
-		else
-#  endif
+		}
+#endif /* BN_MUL_COMBA */
 #ifdef BN_RECURSION
-		if (al < BN_MULL_SIZE_NORMAL)
-#endif
+	if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL))
+		{
+		if (i >= -1 && i <= 1)
 			{
-			if (bn_wexpand(r,top) == NULL) return(0);
-			r->top=top;
-			bn_mul_normal(r->d,a->d,al,b->d,bl);
+			int sav_j =0;
+			/* Find out the power of two lower or equal
+			   to the longest of the two numbers */
+			if (i >= 0)
+				{
+				j = BN_num_bits_word((BN_ULONG)al);
+				}
+			if (i == -1)
+				{
+				j = BN_num_bits_word((BN_ULONG)bl);
+				}
+			sav_j = j;
+			j = 1<<(j-1);
+			assert(j <= al || j <= bl);
+			k = j+j;
+			t = BN_CTX_get(ctx);
+			if (al > j || bl > j)
+				{
+				bn_wexpand(t,k*4);
+				bn_wexpand(rr,k*4);
+				bn_mul_part_recursive(rr->d,a->d,b->d,
+					j,al-j,bl-j,t->d);
+				}
+			else	/* al <= j || bl <= j */
+				{
+				bn_wexpand(t,k*2);
+				bn_wexpand(rr,k*2);
+				bn_mul_recursive(rr->d,a->d,b->d,
+					j,al-j,bl-j,t->d);
+				}
+			rr->top=top;
 			goto end;
 			}
-#  ifdef BN_RECURSION
-		goto symetric;
-#  endif
-		}
-#endif
-#ifdef BN_RECURSION
-	else if ((al < BN_MULL_SIZE_NORMAL) || (bl < BN_MULL_SIZE_NORMAL))
-		{
-		if (bn_wexpand(r,top) == NULL) return(0);
-		r->top=top;
-		bn_mul_normal(r->d,a->d,al,b->d,bl);
-		goto end;
-		}
-	else
-		{
-		i=(al-bl);
-		if ((i ==  1) && !BN_get_flags(b,BN_FLG_STATIC_DATA))
+#if 0
+		if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
 			{
-			bn_wexpand(b,al);
-			b->d[bl]=0;
+			BIGNUM *tmp_bn = (BIGNUM *)b;
+			if (bn_wexpand(tmp_bn,al) == NULL) goto err;
+			tmp_bn->d[bl]=0;
 			bl++;
-			goto symetric;
+			i--;
 			}
-		else if ((i ==  -1) && !BN_get_flags(a,BN_FLG_STATIC_DATA))
+		else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
 			{
-			bn_wexpand(a,bl);
-			a->d[al]=0;
+			BIGNUM *tmp_bn = (BIGNUM *)a;
+			if (bn_wexpand(tmp_bn,bl) == NULL) goto err;
+			tmp_bn->d[al]=0;
 			al++;
-			goto symetric;
-			}
-		}
-#endif
-
-	/* asymetric and >= 4 */ 
-	if (bn_wexpand(r,top) == NULL) return(0);
-	r->top=top;
-	bn_mul_normal(r->d,a->d,al,b->d,bl);
-
-#ifdef BN_RECURSION
-	if (0)
-		{
-symetric:
-		/* symetric and > 4 */
-		/* 16 or larger */
-		j=BN_num_bits_word((BN_ULONG)al);
-		j=1<<(j-1);
-		k=j+j;
-		t= &(ctx->bn[ctx->tos]);
-		if (al == j) /* exact multiple */
-			{
-			bn_wexpand(t,k*2);
-			bn_wexpand(r,k*2);
-			bn_mul_recursive(r->d,a->d,b->d,al,t->d);
+			i++;
 			}
-		else
+		if (i == 0)
 			{
-			bn_wexpand(a,k);
-			bn_wexpand(b,k);
-			bn_wexpand(t,k*4);
-			bn_wexpand(r,k*4);
-			for (i=a->top; i<k; i++)
-				a->d[i]=0;
-			for (i=b->top; i<k; i++)
-				b->d[i]=0;
-			bn_mul_part_recursive(r->d,a->d,b->d,al-j,j,t->d);
+			/* symmetric and > 4 */
+			/* 16 or larger */
+			j=BN_num_bits_word((BN_ULONG)al);
+			j=1<<(j-1);
+			k=j+j;
+			t = BN_CTX_get(ctx);
+			if (al == j) /* exact multiple */
+				{
+				if (bn_wexpand(t,k*2) == NULL) goto err;
+				if (bn_wexpand(rr,k*2) == NULL) goto err;
+				bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
+				}
+			else
+				{
+				if (bn_wexpand(t,k*4) == NULL) goto err;
+				if (bn_wexpand(rr,k*4) == NULL) goto err;
+				bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
+				}
+			rr->top=top;
+			goto end;
 			}
-		r->top=top;
-		}
 #endif
+		}
+#endif /* BN_RECURSION */
+	if (bn_wexpand(rr,top) == NULL) goto err;
+	rr->top=top;
+	bn_mul_normal(rr->d,a->d,al,b->d,bl);
+
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
 end:
-	bn_fix_top(r);
-	return(1);
+#endif
+	bn_fix_top(rr);
+	if (r != rr) BN_copy(r,rr);
+	ret=1;
+err:
+	BN_CTX_end(ctx);
+	return(ret);
 	}
 
-void bn_mul_normal(r,a,na,b,nb)
-BN_ULONG *r,*a;
-int na;
-BN_ULONG *b;
-int nb;
+void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
 	{
 	BN_ULONG *rr;
 
 #ifdef BN_COUNT
-printf(" bn_mul_normal %d * %d\n",na,nb);
+	fprintf(stderr," bn_mul_normal %d * %d\n",na,nb);
 #endif
 
 	if (na < nb)
@@ -718,7 +1116,13 @@ printf(" bn_mul_normal %d * %d\n",na,nb);
 
 		}
 	rr= &(r[na]);
-	rr[0]=bn_mul_words(r,a,na,b[0]);
+	if (nb <= 0)
+		{
+		(void)bn_mul_words(r,a,na,0);
+		return;
+		}
+	else
+		rr[0]=bn_mul_words(r,a,na,b[0]);
 
 	for (;;)
 		{
@@ -736,12 +1140,10 @@ printf(" bn_mul_normal %d * %d\n",na,nb);
 		}
 	}
 
-void bn_mul_low_normal(r,a,b,n)
-BN_ULONG *r,*a,*b;
-int n;
+void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
 	{
 #ifdef BN_COUNT
-printf(" bn_mul_low_normal %d * %d\n",n,n);
+	fprintf(stderr," bn_mul_low_normal %d * %d\n",n,n);
 #endif
 	bn_mul_words(r,a,n,b[0]);
 
@@ -759,4 +1161,3 @@ printf(" bn_mul_low_normal %d * %d\n",n,n);
 		b+=4;
 		}
 	}
-
diff --git a/crypto/bn/bn_mulw.c b/crypto/bn/bn_mulw.c
deleted file mode 100644
index abfc7e4d6c..0000000000
--- a/crypto/bn/bn_mulw.c
+++ /dev/null
@@ -1,366 +0,0 @@
-/* crypto/bn/bn_mulw.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#ifdef BN_LLONG 
-
-BN_ULONG bn_mul_add_words(rp,ap,num,w)
-BN_ULONG *rp,*ap;
-int num;
-BN_ULONG w;
-	{
-	BN_ULONG c1=0;
-
-	for (;;)
-		{
-		mul_add(rp[0],ap[0],w,c1);
-		if (--num == 0) break;
-		mul_add(rp[1],ap[1],w,c1);
-		if (--num == 0) break;
-		mul_add(rp[2],ap[2],w,c1);
-		if (--num == 0) break;
-		mul_add(rp[3],ap[3],w,c1);
-		if (--num == 0) break;
-		ap+=4;
-		rp+=4;
-		}
-	
-	return(c1);
-	} 
-
-BN_ULONG bn_mul_words(rp,ap,num,w)
-BN_ULONG *rp,*ap;
-int num;
-BN_ULONG w;
-	{
-	BN_ULONG c1=0;
-
-	for (;;)
-		{
-		mul(rp[0],ap[0],w,c1);
-		if (--num == 0) break;
-		mul(rp[1],ap[1],w,c1);
-		if (--num == 0) break;
-		mul(rp[2],ap[2],w,c1);
-		if (--num == 0) break;
-		mul(rp[3],ap[3],w,c1);
-		if (--num == 0) break;
-		ap+=4;
-		rp+=4;
-		}
-	return(c1);
-	} 
-
-void bn_sqr_words(r,a,n)
-BN_ULONG *r,*a;
-int n;
-        {
-	for (;;)
-		{
-		BN_ULLONG t;
-
-		t=(BN_ULLONG)(a[0])*(a[0]);
-		r[0]=Lw(t); r[1]=Hw(t);
-		if (--n == 0) break;
-
-		t=(BN_ULLONG)(a[1])*(a[1]);
-		r[2]=Lw(t); r[3]=Hw(t);
-		if (--n == 0) break;
-
-		t=(BN_ULLONG)(a[2])*(a[2]);
-		r[4]=Lw(t); r[5]=Hw(t);
-		if (--n == 0) break;
-
-		t=(BN_ULLONG)(a[3])*(a[3]);
-		r[6]=Lw(t); r[7]=Hw(t);
-		if (--n == 0) break;
-
-		a+=4;
-		r+=8;
-		}
-	}
-
-BN_ULONG bn_add_words(r,a,b,n)
-BN_ULONG *r,*a,*b;
-int n;
-        {
-	BN_ULLONG ll;
-
-	ll=0;
-	for (;;)
-		{
-		ll+= (BN_ULLONG)a[0]+b[0];
-		r[0]=(BN_ULONG)ll&BN_MASK2;
-		ll>>=BN_BITS2;
-		if (--n <= 0) break;
-
-		ll+= (BN_ULLONG)a[1]+b[1];
-		r[1]=(BN_ULONG)ll&BN_MASK2;
-		ll>>=BN_BITS2;
-		if (--n <= 0) break;
-
-		ll+= (BN_ULLONG)a[2]+b[2];
-		r[2]=(BN_ULONG)ll&BN_MASK2;
-		ll>>=BN_BITS2;
-		if (--n <= 0) break;
-
-		ll+= (BN_ULLONG)a[3]+b[3];
-		r[3]=(BN_ULONG)ll&BN_MASK2;
-		ll>>=BN_BITS2;
-		if (--n <= 0) break;
-
-		a+=4;
-		b+=4;
-		r+=4;
-		}
-	return(ll&BN_MASK2);
-	}
-
-#else
-
-BN_ULONG bn_mul_add_words(rp,ap,num,w)
-BN_ULONG *rp,*ap;
-int num;
-BN_ULONG w;
-	{
-	BN_ULONG c=0;
-	BN_ULONG bl,bh;
-
-	bl=LBITS(w);
-	bh=HBITS(w);
-
-	for (;;)
-		{
-		mul_add(rp[0],ap[0],bl,bh,c);
-		if (--num == 0) break;
-		mul_add(rp[1],ap[1],bl,bh,c);
-		if (--num == 0) break;
-		mul_add(rp[2],ap[2],bl,bh,c);
-		if (--num == 0) break;
-		mul_add(rp[3],ap[3],bl,bh,c);
-		if (--num == 0) break;
-		ap+=4;
-		rp+=4;
-		}
-	return(c);
-	} 
-
-BN_ULONG bn_mul_words(rp,ap,num,w)
-BN_ULONG *rp,*ap;
-int num;
-BN_ULONG w;
-	{
-	BN_ULONG carry=0;
-	BN_ULONG bl,bh;
-
-	bl=LBITS(w);
-	bh=HBITS(w);
-
-	for (;;)
-		{
-		mul(rp[0],ap[0],bl,bh,carry);
-		if (--num == 0) break;
-		mul(rp[1],ap[1],bl,bh,carry);
-		if (--num == 0) break;
-		mul(rp[2],ap[2],bl,bh,carry);
-		if (--num == 0) break;
-		mul(rp[3],ap[3],bl,bh,carry);
-		if (--num == 0) break;
-		ap+=4;
-		rp+=4;
-		}
-	return(carry);
-	} 
-
-void bn_sqr_words(r,a,n)
-BN_ULONG *r,*a;
-int n;
-        {
-	for (;;)
-		{
-		sqr64(r[0],r[1],a[0]);
-		if (--n == 0) break;
-
-		sqr64(r[2],r[3],a[1]);
-		if (--n == 0) break;
-
-		sqr64(r[4],r[5],a[2]);
-		if (--n == 0) break;
-
-		sqr64(r[6],r[7],a[3]);
-		if (--n == 0) break;
-
-		a+=4;
-		r+=8;
-		}
-	}
-
-BN_ULONG bn_add_words(r,a,b,n)
-BN_ULONG *r,*a,*b;
-int n;
-        {
-	BN_ULONG t1,t2;
-	int carry,i;
-
-	carry=0;
-	for (i=0; i<n; i++)
-		{
-		t1= *(a++);
-		t2= *(b++);
-		if (carry)
-			{
-			carry=(t2 >= ((~t1)&BN_MASK2));
-			t2=(t1+t2+1)&BN_MASK2;
-			}
-		else
-			{
-			t2=(t1+t2)&BN_MASK2;
-			carry=(t2<t1);
-			}
-		*(r++)=t2;
-		}
-	return(carry);
-	}
-
-#endif
-
-#if defined(BN_LLONG) && defined(BN_DIV2W)
-
-BN_ULONG bn_div64(h,l,d)
-BN_ULONG h,l,d;
-	{
-	return((BN_ULONG)(((((BN_ULLONG)h)<<BN_BITS2)|l)/(BN_ULLONG)d));
-	}
-
-#else
-
-/* Divide h-l by d and return the result. */
-/* I need to test this some more :-( */
-BN_ULONG bn_div64(h,l,d)
-BN_ULONG h,l,d;
-	{
-	BN_ULONG dh,dl,q,ret=0,th,tl,t;
-	int i,count=2;
-
-	if (d == 0) return(BN_MASK2);
-
-	i=BN_num_bits_word(d);
-	if ((i != BN_BITS2) && (h > (BN_ULONG)1<<i))
-		{
-#if !defined(NO_STDIO) && !defined(WIN16)
-		fprintf(stderr,"Division would overflow (%d)\n",i);
-#endif
-		abort();
-		}
-	i=BN_BITS2-i;
-	if (h >= d) h-=d;
-
-	if (i)
-		{
-		d<<=i;
-		h=(h<<i)|(l>>(BN_BITS2-i));
-		l<<=i;
-		}
-	dh=(d&BN_MASK2h)>>BN_BITS4;
-	dl=(d&BN_MASK2l);
-	for (;;)
-		{
-		if ((h>>BN_BITS4) == dh)
-			q=BN_MASK2l;
-		else
-			q=h/dh;
-
-		for (;;)
-			{
-			t=(h-q*dh);
-			if ((t&BN_MASK2h) ||
-				((dl*q) <= (
-					(t<<BN_BITS4)+
-					((l&BN_MASK2h)>>BN_BITS4))))
-				break;
-			q--;
-			}
-		th=q*dh;
-		tl=q*dl;
-		t=(tl>>BN_BITS4);
-		tl=(tl<<BN_BITS4)&BN_MASK2h;
-		th+=t;
-
-		if (l < tl) th++;
-		l-=tl;
-		if (h < th)
-			{
-			h+=d;
-			q--;
-			}
-		h-=th;
-
-		if (--count == 0) break;
-
-		ret=q<<BN_BITS4;
-		h=((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2;
-		l=(l&BN_MASK2l)<<BN_BITS4;
-		}
-	ret|=q;
-	return(ret);
-	}
-#endif
-
diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c
new file mode 100644
index 0000000000..19bd540725
--- /dev/null
+++ b/crypto/bn/bn_nist.c
@@ -0,0 +1,843 @@
+/* crypto/bn/bn_nist.p */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "bn_lcl.h"
+#include "cryptlib.h"
+
+#define BN_NIST_192_TOP	(192+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_224_TOP	(224+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_256_TOP	(256+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_384_TOP	(384+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_521_TOP	(521+BN_BITS2-1)/BN_BITS2
+
+#if BN_BITS2 == 64
+const static BN_ULONG _nist_p_192[] = {0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFE,
+	0xFFFFFFFFFFFFFFFF};
+const static BN_ULONG _nist_p_224[] = {0x0000000000000001,0xFFFFFFFF00000000,
+	0xFFFFFFFFFFFFFFFF,0x00000000FFFFFFFF};
+const static BN_ULONG _nist_p_256[] = {0xFFFFFFFFFFFFFFFF,0x00000000FFFFFFFF,
+	0x0000000000000000,0xFFFFFFFF00000001};
+const static BN_ULONG _nist_p_384[] = {0x00000000FFFFFFFF,0xFFFFFFFF00000000,
+	0xFFFFFFFFFFFFFFFE,0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF,
+	0xFFFFFFFFFFFFFFFF};
+const static BN_ULONG _nist_p_521[] = {0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF,
+	0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF,
+	0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF,0xFFFFFFFFFFFFFFFF,
+	0x00000000000001FF};
+#elif BN_BITS2 == 32
+const static BN_ULONG _nist_p_192[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,
+	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF};
+const static BN_ULONG _nist_p_224[] = {0x00000001,0x00000000,0x00000000,
+	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF};
+const static BN_ULONG _nist_p_256[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
+	0x00000000,0x00000000,0x00000000,0x00000001,0xFFFFFFFF};
+const static BN_ULONG _nist_p_384[] = {0xFFFFFFFF,0x00000000,0x00000000,
+	0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
+	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF};
+const static BN_ULONG _nist_p_521[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
+	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
+	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
+	0xFFFFFFFF,0x000001FF};
+#elif BN_BITS2 == 16
+const static BN_ULONG _nist_p_192[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFE,
+	0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF};
+const static BN_ULONG _nist_p_224[] = {0x0001,0x0000,0x0000,0x0000,0x0000,
+	0x0000,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF};
+const static BN_ULONG _nist_p_256[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,
+	0xFFFF,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0001,0x0000,0xFFFF,
+	0xFFFF};
+const static BN_ULONG _nist_p_384[] = {0xFFFF,0xFFFF,0x0000,0x0000,0x0000,
+	0x0000,0xFFFF,0xFFFF,0xFFFE,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,
+	0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF};
+const static BN_ULONG _nist_p_521[] = {0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,
+	0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,
+	0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,
+	0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0xFFFF,0x01FF};
+#elif BN_BITS2 == 8
+const static BN_ULONG _nist_p_192[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0xFF};
+const static BN_ULONG _nist_p_224[] = {0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF};
+const static BN_ULONG _nist_p_256[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+	0x00,0x00,0x01,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF};
+const static BN_ULONG _nist_p_384[] = {0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
+	0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF};
+const static BN_ULONG _nist_p_521[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+	0xFF,0x01};
+#endif
+
+const BIGNUM *BN_get0_nist_prime_192(void)
+	{
+	static BIGNUM const_nist_192={(BN_ULONG *)_nist_p_192,BN_NIST_192_TOP,
+		BN_NIST_192_TOP, 0, BN_FLG_STATIC_DATA};
+	return &const_nist_192;
+	}
+
+const BIGNUM *BN_get0_nist_prime_224(void)
+	{
+	static BIGNUM const_nist_224={(BN_ULONG *)_nist_p_224,BN_NIST_224_TOP,
+		BN_NIST_224_TOP, 0, BN_FLG_STATIC_DATA};
+	return &const_nist_224;
+	}
+
+const BIGNUM *BN_get0_nist_prime_256(void)
+	{
+	static BIGNUM const_nist_256={(BN_ULONG *)_nist_p_256,BN_NIST_256_TOP,
+		BN_NIST_256_TOP, 0, BN_FLG_STATIC_DATA};
+	return &const_nist_256;
+	}
+
+const BIGNUM *BN_get0_nist_prime_384(void)
+	{
+	static BIGNUM const_nist_384={(BN_ULONG *)_nist_p_384,BN_NIST_384_TOP,
+		BN_NIST_384_TOP, 0, BN_FLG_STATIC_DATA};
+	return &const_nist_384;
+	}
+
+const BIGNUM *BN_get0_nist_prime_521(void)
+	{
+	static BIGNUM const_nist_521={(BN_ULONG *)_nist_p_521,BN_NIST_521_TOP,
+		BN_NIST_521_TOP, 0, BN_FLG_STATIC_DATA};
+	return &const_nist_521;
+	}
+
+/* some misc internal functions */
+static BN_ULONG _256_data[BN_NIST_256_TOP*6];
+static int _is_set_256_data = 0;
+static void _init_256_data(void);
+
+static BN_ULONG _384_data[BN_NIST_384_TOP*8];
+static int _is_set_384_data = 0;
+static void _init_384_data(void);
+
+#define BN_NIST_ADD_ONE(a)	while (!(++(*(a)))) ++(a);
+#define __buf_0			(BN_ULONG)0
+#define __buf_0_1		(BN_ULONG)0
+#define __buf_0_2		(BN_ULONG)0
+#if BN_BITS2 == 64
+#define BN_64_BIT_BUF(n)	BN_ULONG __buf_##n = (BN_ULONG)0;
+#define BN_CP_64_TO_BUF(n)	__buf_##n = (a)[(n)];
+#define BN_CP_64_FROM_BUF(a,n)	*(a)++ = __buf_##n;
+#define BN_CASE_64_BIT(n,a)	case (n): __buf_##n = (a)[(n)];
+#if	UINT_MAX == 4294967295UL
+#define	nist32	unsigned int
+#define BN_32_BIT_BUF(n)	nist32 __buf_##n = (nist32)0;
+#define BN_CP_32_TO_BUF(n)	__buf_##n = ((nist32 *)(a))[(n)];
+#define BN_CP_32_FROM_BUF(a,n)	*((nist32)(a))++ = __buf_##n;
+#define BN_CASE_32_BIT(n,a)	case (n): __buf_##n = ((nist32)(a))[(n)];
+#elif	ULONG_MAX == 4294967295UL
+#define	nist32	unsigned long
+#define BN_32_BIT_BUF(n)	nist32 __buf_##n = (nist32)0;
+#define BN_CP_32_TO_BUF(n)	__buf_##n = ((nist32 *)(a))[(n)];
+#define BN_CP_32_FROM_BUF(a,n)	*((nist32)(a))++ = __buf_##n;
+#define BN_CASE_32_BIT(n,a)	case (n): __buf_##n = ((nist32)(a))[(n)];
+#else
+#define	NO_32_BIT_TYPE
+#endif
+#elif BN_BITS2 == 32
+#define BN_64_BIT_BUF(n)	BN_ULONG __buf_##n##_1 = (BN_ULONG)0;\
+				BN_ULONG __buf_##n##_2 = (BN_ULONG)0;
+#define BN_CP_64_TO_BUF(n)	__buf_##n##_2 = (a)[2*(n)+1];\
+				__buf_##n##_1 = (a)[2*(n)];
+#define BN_CP_64_FROM_BUF(a,n)	*(a)++ = __buf_##n##_1;\
+				*(a)++ = __buf_##n##_2;
+#define BN_CASE_64_BIT(n,a)	case 2*(n)+1: __buf_##n##_2 = (a)[2*(n)+1];\
+				case 2*(n):   __buf_##n##_1 = (a)[2*(n)];
+				
+#define BN_32_BIT_BUF(n)	BN_ULONG __buf_##n = (BN_ULONG)0;
+#define BN_CP_32_TO_BUF(n)	__buf_##n = (a)[(n)];
+#define BN_CP_32_FROM_BUF(a,n)	*(a)++ = __buf_##n;
+#define BN_CASE_32_BIT(n,a)	case (n): __buf_##n = (a)[(n)];
+#elif BN_BITS2 == 16
+#define __buf_0_3		(BN_ULONG)0
+#define __buf_0_4		(BN_ULONG)0
+#define BN_64_BIT_BUF(n)	BN_ULONG __buf_##n##_1 = (BN_ULONG)0;\
+				BN_ULONG __buf_##n##_2 = (BN_ULONG)0;\
+				BN_ULONG __buf_##n##_3 = (BN_ULONG)0;\
+				BN_ULONG __buf_##n##_4 = (BN_ULONG)0;
+#define BN_CP_64_TO_BUF(n)	__buf_##n##_4 = (a)[4*(n)+3];\
+				__buf_##n##_3 = (a)[4*(n)+2];\
+				__buf_##n##_2 = (a)[4*(n)+1];\
+				__buf_##n##_1 = (a)[4*(n)];
+#define BN_CP_64_FROM_BUF(a,n)	*(a)++ = __buf_##n##_1;\
+				*(a)++ = __buf_##n##_2;\
+				*(a)++ = __buf_##n##_3;\
+				*(a)++ = __buf_##n##_4;
+#define BN_CASE_64_BIT(n,a)	case 4*(n)+3: __buf_##n##_4 = (a)[4*(n)+3];\
+				case 4*(n)+2: __buf_##n##_3 = (a)[4*(n)+2];\
+				case 4*(n)+1: __buf_##n##_2 = (a)[4*(n)+1];\
+				case 4*(n):   __buf_##n##_1 = (a)[4*(n)];
+#define BN_32_BIT_BUF(n)	BN_ULONG __buf_##n##_1 = (BN_ULONG)0;\
+				BN_ULONG __buf_##n##_2 = (BN_ULONG)0;
+#define BN_CP_32_TO_BUF(n)	__buf_##n##_1 = (a)[2*(n)];\
+				__buf_##n##_2 = (a)[2*(n)+1];
+#define BN_CP_32_FROM_BUF(a,n)	*(a)++ = __buf_##n##_1;\
+				*(a)++ = __buf_##n##_2;
+#define BN_CASE_32_BIT(n,a)	case 2*(n)+1: __buf_##n##_2 = (a)[2*(n)+1];\
+				case 2*(n):   __buf_##n##_1 = (a)[2*(n)];
+#elif BN_BITS2 == 8
+#define __buf_0_3		(BN_ULONG)0
+#define __buf_0_4		(BN_ULONG)0
+#define __buf_0_5		(BN_ULONG)0
+#define __buf_0_6		(BN_ULONG)0
+#define __buf_0_7		(BN_ULONG)0
+#define __buf_0_8		(BN_ULONG)0
+#define BN_64_BIT_BUF(n)	BN_ULONG __buf_##n##_1 = (BN_ULONG)0;\
+				BN_ULONG __buf_##n##_2 = (BN_ULONG)0;\
+				BN_ULONG __buf_##n##_3 = (BN_ULONG)0;\
+				BN_ULONG __buf_##n##_4 = (BN_ULONG)0;\
+				BN_ULONG __buf_##n##_5 = (BN_ULONG)0;\
+				BN_ULONG __buf_##n##_6 = (BN_ULONG)0;\
+				BN_ULONG __buf_##n##_7 = (BN_ULONG)0;\
+				BN_ULONG __buf_##n##_8 = (BN_ULONG)0;
+#define BN_CP_64_TO_BUF(n)	__buf_##n##_8 = (a)[8*(n)+7];\
+				__buf_##n##_7 = (a)[8*(n)+6];\
+				__buf_##n##_6 = (a)[8*(n)+5];\
+				__buf_##n##_5 = (a)[8*(n)+4];\
+				__buf_##n##_4 = (a)[8*(n)+3];\
+				__buf_##n##_3 = (a)[8*(n)+2];\
+				__buf_##n##_2 = (a)[8*(n)+1];\
+				__buf_##n##_1 = (a)[8*(n)];
+#define BN_CP_64_FROM_BUF(a,n)	*(a)++ = __buf_##n##_1;\
+				*(a)++ = __buf_##n##_2;\
+				*(a)++ = __buf_##n##_3;\
+				*(a)++ = __buf_##n##_4;\
+				*(a)++ = __buf_##n##_5;\
+				*(a)++ = __buf_##n##_6;\
+				*(a)++ = __buf_##n##_7;\
+				*(a)++ = __buf_##n##_8;
+#define BN_CASE_64_BIT(n,a)	case 8*(n)+7: __buf_##n##_8 = (a)[8*(n)+7];\
+				case 8*(n)+6: __buf_##n##_7 = (a)[8*(n)+6];\
+				case 8*(n)+5: __buf_##n##_6 = (a)[8*(n)+5];\
+				case 8*(n)+4: __buf_##n##_5 = (a)[8*(n)+4];\
+				case 8*(n)+3: __buf_##n##_4 = (a)[8*(n)+3];\
+				case 8*(n)+2: __buf_##n##_3 = (a)[8*(n)+2];\
+				case 8*(n)+1: __buf_##n##_2 = (a)[8*(n)+1];\
+				case 8*(n):   __buf_##n##_1 = (a)[8*(n)];
+#define BN_32_BIT_BUF(n)	BN_ULONG __buf_##n##_1 = (BN_ULONG)0;\
+				BN_ULONG __buf_##n##_2 = (BN_ULONG)0;\
+				BN_ULONG __buf_##n##_3 = (BN_ULONG)0;\
+				BN_ULONG __buf_##n##_4 = (BN_ULONG)0;
+#define BN_CP_32_TO_BUF(n)	__buf_##n##_1 = (a)[4*(n)];\
+				__buf_##n##_2 = (a)[4*(n)+1];\
+				__buf_##n##_3 = (a)[4*(n)+2];\
+				__buf_##n##_4 = (a)[4*(n)+3];
+#define BN_CP_32_FROM_BUF(a,n)	*(a)++ = __buf_##n##_1;\
+				*(a)++ = __buf_##n##_2;\
+				*(a)++ = __buf_##n##_3;\
+				*(a)++ = __buf_##n##_4;
+#define BN_CASE_32_BIT(n,a)	case 4*(n)+3: __buf_##n##_4 = (a)[4*(n)+3];\
+				case 4*(n)+2: __buf_##n##_3 = (a)[4*(n)+2];\
+				case 4*(n)+1: __buf_##n##_2 = (a)[4*(n)+1];\
+				case 4*(n):   __buf_##n##_1 = (a)[4*(n)];
+#endif
+
+
+#define BN_192_SET(d,a1,a2,a3) \
+	{\
+	register BN_ULONG *td = (d);\
+	BN_CP_64_FROM_BUF(td,a3); BN_CP_64_FROM_BUF(td,a2);\
+	BN_CP_64_FROM_BUF(td,a1);\
+	}
+
+int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+	BN_CTX *ctx)
+	{
+	int      top;
+	BN_ULONG carry = 0;
+	register BN_ULONG *r_d, *a_d;
+	BN_ULONG t_d[BN_NIST_192_TOP];
+	BN_64_BIT_BUF(3)  BN_64_BIT_BUF(4)
+	BN_64_BIT_BUF(5)
+
+	top = BN_ucmp(field, a);
+	if (top == 0)
+		return BN_zero(r);
+	else if (top > 0)
+		return (r == a)? 1 : (BN_copy(r ,a) != NULL);
+
+	if (r != a)
+		if (!BN_ncopy(r, a, BN_NIST_192_TOP))
+			return 0;
+
+	r_d = r->d;
+	a_d = a->d;
+	top = a->top-1;
+
+	switch (top)
+		{
+		BN_CASE_64_BIT(5, a_d)
+		BN_CASE_64_BIT(4, a_d)
+		BN_CASE_64_BIT(3, a_d)
+			break;
+		default: /* a->top == field->top */
+			return BN_usub(r, a, field);
+		}
+
+	BN_192_SET(t_d,0,3,3)
+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP))
+		++carry;
+
+	BN_192_SET(t_d,4,4,0)
+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP))
+		++carry;
+
+	BN_192_SET(t_d,5,5,5)
+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP))
+		++carry;
+
+	while (carry)
+		{
+		if (bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP))
+			--carry; 
+		}
+	r->top = BN_NIST_192_TOP;
+
+#if 1
+	bn_clear_top2max(r);
+#endif
+	bn_fix_top(r);
+
+	if (BN_ucmp(r, field) >= 0)
+		{
+		bn_sub_words(r_d, r_d, _nist_p_192, BN_NIST_192_TOP);
+		bn_fix_top(r);
+		}
+
+	return 1;
+	}
+
+#define BN_224_SET(d,a1,a2,a3,a4,a5,a6,a7) \
+	{\
+	register BN_ULONG *td = (d);\
+	BN_CP_32_FROM_BUF(td,a7); BN_CP_32_FROM_BUF(td,a6);\
+	BN_CP_32_FROM_BUF(td,a5); BN_CP_32_FROM_BUF(td,a4);\
+	BN_CP_32_FROM_BUF(td,a3); BN_CP_32_FROM_BUF(td,a2);\
+	BN_CP_32_FROM_BUF(td,a1);\
+	}
+
+int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+	BN_CTX *ctx)
+	{
+#ifndef NO_32_BIT_TYPE
+	int	tmp_int;
+	int	carry = 0;
+	BN_ULONG *r_d, *a_d;
+	BN_ULONG t_d[BN_NIST_224_TOP];
+	BN_32_BIT_BUF(7)  BN_32_BIT_BUF(8)
+	BN_32_BIT_BUF(9)  BN_32_BIT_BUF(10)
+	BN_32_BIT_BUF(11) BN_32_BIT_BUF(12)
+	BN_32_BIT_BUF(13)
+
+	tmp_int = BN_ucmp(field, a);
+	if (tmp_int == 0)
+		return BN_zero(r);
+	else if (tmp_int > 0)
+		return (r == a)? 1 : (BN_copy(r ,a) != NULL);
+
+	if (r != a)
+		if (!BN_ncopy(r, a, BN_NIST_224_TOP))
+			return 0;
+
+	r_d = r->d;
+	a_d = a->d;
+
+	tmp_int = a->top-1;
+
+	switch (tmp_int)
+		{
+		BN_CASE_32_BIT(13, a_d)
+		BN_CASE_32_BIT(12, a_d)
+		BN_CASE_32_BIT(11, a_d)
+		BN_CASE_32_BIT(10, a_d)
+		BN_CASE_32_BIT(9,  a_d)
+		BN_CASE_32_BIT(8,  a_d)
+		BN_CASE_32_BIT(7,  a_d)
+			break;
+		default: /* a->top == field->top */
+			return BN_usub(r, a, field);
+		}
+
+	BN_224_SET(t_d,10,9,8,7,0,0,0)
+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP))
+		++carry;
+	BN_224_SET(t_d,0,13,12,11,0,0,0)
+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP))
+		++carry;
+	BN_224_SET(t_d,13,12,11,10,9,8,7)
+	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP))
+		--carry;
+	BN_224_SET(t_d,0,0,0,0,13,12,11)
+	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP))
+		--carry;
+
+	if (carry > 0)
+		while (carry)
+			{
+			if (bn_sub_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP))
+				--carry;
+			}
+	else if (carry < 0)
+		while (carry)
+			{
+			if (bn_add_words(r_d,r_d,_nist_p_224,BN_NIST_224_TOP))
+				++carry;
+			}
+
+	r->top = BN_NIST_224_TOP;
+#if 1
+	bn_clear_top2max(r);
+#endif
+	bn_fix_top(r);
+
+	if (BN_ucmp(r, field) >= 0)
+		{
+		bn_sub_words(r_d, r_d, _nist_p_224, BN_NIST_224_TOP);
+		bn_fix_top(r);
+		}
+	return 1;
+#else
+	return 0;
+#endif
+	}
+
+static void _init_256_data(void)
+	{
+	int	i;
+	BN_ULONG *tmp1 = _256_data;
+	const BN_ULONG *tmp2 = tmp1;
+
+	memcpy(tmp1, _nist_p_256, BN_NIST_256_TOP * sizeof(BN_ULONG));
+	tmp1 += BN_NIST_256_TOP;
+
+	for (i=0; i<5; i++)
+		{
+		bn_add_words(tmp1, _nist_p_256, tmp2, BN_NIST_256_TOP);
+		tmp2  = tmp1;
+		tmp1 += BN_NIST_256_TOP;
+		}
+	_is_set_256_data = 1;
+	}
+
+#define BN_256_SET(d,a1,a2,a3,a4,a5,a6,a7,a8) \
+	{\
+	register BN_ULONG *td = (d);\
+	BN_CP_32_FROM_BUF(td,a8); BN_CP_32_FROM_BUF(td,a7);\
+	BN_CP_32_FROM_BUF(td,a6); BN_CP_32_FROM_BUF(td,a5);\
+	BN_CP_32_FROM_BUF(td,a4); BN_CP_32_FROM_BUF(td,a3);\
+	BN_CP_32_FROM_BUF(td,a2); BN_CP_32_FROM_BUF(td,a1);\
+	}
+
+int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+	BN_CTX *ctx)
+	{
+#ifndef NO_32_BIT_TYPE
+	int	tmp_int;
+	int	carry = 0;
+	register BN_ULONG *a_d, *r_d;
+	BN_ULONG t_d[BN_NIST_256_TOP];
+	BN_ULONG t_d2[BN_NIST_256_TOP];
+	BN_32_BIT_BUF(8)  BN_32_BIT_BUF(9)
+	BN_32_BIT_BUF(10) BN_32_BIT_BUF(11)
+	BN_32_BIT_BUF(12) BN_32_BIT_BUF(13)
+	BN_32_BIT_BUF(14) BN_32_BIT_BUF(15)
+
+	if (!_is_set_256_data)
+		{
+		CRYPTO_w_lock(CRYPTO_LOCK_BN);
+		
+		if (!_is_set_256_data)
+			_init_256_data();
+		
+		CRYPTO_w_unlock(CRYPTO_LOCK_BN);
+		}
+	
+	tmp_int = BN_ucmp(field, a);
+	if (tmp_int == 0)
+		return BN_zero(r);
+	else if (tmp_int > 0)
+		return (r == a)? 1 : (BN_copy(r ,a) != NULL);
+
+	if (r != a)
+		if (!BN_ncopy(r, a, BN_NIST_256_TOP))
+			return 0;
+
+	tmp_int = a->top-1;
+
+	a_d = a->d;
+	r_d = r->d;
+	switch (tmp_int)
+		{
+		BN_CASE_32_BIT(15, a_d)
+		BN_CASE_32_BIT(14, a_d)
+		BN_CASE_32_BIT(13, a_d)
+		BN_CASE_32_BIT(12, a_d)
+		BN_CASE_32_BIT(11, a_d)
+		BN_CASE_32_BIT(10, a_d)
+		BN_CASE_32_BIT(9,  a_d)
+		BN_CASE_32_BIT(8,  a_d)
+			break;
+		default: /* a->top == field->top */
+			return BN_usub(r, a, field);
+		}
+
+	/*S1*/
+	BN_256_SET(t_d,15,14,13,12,11,0,0,0)
+	/*S2*/
+	BN_256_SET(t_d2,0,15,14,13,12,0,0,0)
+	if (bn_add_words(t_d, t_d, t_d2, BN_NIST_256_TOP))
+		carry = 2;
+	/* left shift */
+		{
+		register BN_ULONG *ap,t,c;
+		ap = t_d;
+		c=0;
+		for (tmp_int=BN_NIST_256_TOP; tmp_int != 0; --tmp_int)
+			{
+			t= *ap;
+			*(ap++)=((t<<1)|c)&BN_MASK2;
+			c=(t & BN_TBIT)?1:0;
+			}
+		if (c)
+			++carry;
+		}
+
+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP))
+		++carry;
+	/*S3*/
+	BN_256_SET(t_d,15,14,0,0,0,10,9,8)
+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP))
+		++carry;
+	/*S4*/
+	BN_256_SET(t_d,8,13,15,14,13,11,10,9)
+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP))
+		++carry;
+	/*D1*/
+	BN_256_SET(t_d,10,8,0,0,0,13,12,11)
+	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP))
+		--carry;
+	/*D2*/
+	BN_256_SET(t_d,11,9,0,0,15,14,13,12)
+	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP))
+		--carry;
+	/*D3*/
+	BN_256_SET(t_d,12,0,10,9,8,15,14,13)
+	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP))
+		--carry;
+	/*D4*/
+	BN_256_SET(t_d,13,0,11,10,9,0,15,14)
+	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP))
+		--carry;
+	
+	if (carry)
+		{
+		if (carry > 0)
+			bn_sub_words(r_d, r_d, _256_data + BN_NIST_256_TOP *
+				--carry, BN_NIST_256_TOP);
+		else
+			{
+			carry = -carry;
+			bn_add_words(r_d, r_d, _256_data + BN_NIST_256_TOP *
+				--carry, BN_NIST_256_TOP);
+			}
+		}
+
+	r->top = BN_NIST_256_TOP;
+#if 1
+	bn_clear_top2max(r);
+#endif
+	bn_fix_top(r);
+
+	if (BN_ucmp(r, field) >= 0)
+		{
+		bn_sub_words(r_d, r_d, _nist_p_256, BN_NIST_256_TOP);
+		bn_fix_top(r);
+		}
+	return 1;
+#else
+	return 0;
+#endif
+	}
+
+static void _init_384_data(void)
+	{
+	int	i;
+	BN_ULONG *tmp1 = _384_data;
+	const BN_ULONG *tmp2 = tmp1;
+
+	memcpy(tmp1, _nist_p_384, BN_NIST_384_TOP * sizeof(BN_ULONG));
+	tmp1 += BN_NIST_384_TOP;
+
+	for (i=0; i<7; i++)
+		{
+		bn_add_words(tmp1, _nist_p_384, tmp2, BN_NIST_384_TOP);
+		tmp2  = tmp1;
+		tmp1 += BN_NIST_384_TOP;
+		}
+	_is_set_384_data = 1;
+	}
+
+#define BN_384_SET(d,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \
+	{\
+	register BN_ULONG *td = (d);\
+	BN_CP_32_FROM_BUF(td,a12); BN_CP_32_FROM_BUF(td,a11);\
+	BN_CP_32_FROM_BUF(td,a10); BN_CP_32_FROM_BUF(td,a9);\
+	BN_CP_32_FROM_BUF(td,a8);  BN_CP_32_FROM_BUF(td,a7);\
+	BN_CP_32_FROM_BUF(td,a6);  BN_CP_32_FROM_BUF(td,a5);\
+	BN_CP_32_FROM_BUF(td,a4);  BN_CP_32_FROM_BUF(td,a3);\
+	BN_CP_32_FROM_BUF(td,a2);  BN_CP_32_FROM_BUF(td,a1);\
+	}
+
+int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+	BN_CTX *ctx)
+	{
+#ifndef NO_32_BIT_TYPE
+	int	tmp_int;
+	int	carry = 0;
+	register BN_ULONG *r_d, *a_d;
+	BN_ULONG t_d[BN_NIST_384_TOP];
+	BN_32_BIT_BUF(12) BN_32_BIT_BUF(13)
+	BN_32_BIT_BUF(14) BN_32_BIT_BUF(15)
+	BN_32_BIT_BUF(16) BN_32_BIT_BUF(17)
+	BN_32_BIT_BUF(18) BN_32_BIT_BUF(19)
+	BN_32_BIT_BUF(20) BN_32_BIT_BUF(21)
+	BN_32_BIT_BUF(22) BN_32_BIT_BUF(23)
+
+	if (!_is_set_384_data)
+		{
+		CRYPTO_w_lock(CRYPTO_LOCK_BN);
+		
+		if (!_is_set_384_data)
+			_init_384_data();
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_BN);
+		}
+
+	tmp_int = BN_ucmp(field, a);
+	if (tmp_int == 0)
+		return BN_zero(r);
+	else if (tmp_int > 0)
+		return (r == a)? 1 : (BN_copy(r ,a) != NULL);
+
+	if (r != a)
+		if (!BN_ncopy(r, a, BN_NIST_384_TOP))
+			return 0;
+
+	r_d = r->d;
+	a_d = a->d;
+	tmp_int = a->top-1;
+
+	switch (tmp_int)
+		{
+		BN_CASE_32_BIT(23, a_d)
+		BN_CASE_32_BIT(22, a_d)
+		BN_CASE_32_BIT(21, a_d)
+		BN_CASE_32_BIT(20, a_d)
+		BN_CASE_32_BIT(19, a_d)
+		BN_CASE_32_BIT(18, a_d)
+		BN_CASE_32_BIT(17, a_d)
+		BN_CASE_32_BIT(16, a_d)
+		BN_CASE_32_BIT(15, a_d)
+		BN_CASE_32_BIT(14, a_d)
+		BN_CASE_32_BIT(13, a_d)
+		BN_CASE_32_BIT(12, a_d)
+			break;
+		default: /* a->top == field->top */
+			return BN_usub(r, a, field);
+		}
+
+	/*S1*/
+	BN_256_SET(t_d,0,0,0,0,0,23,22,21)
+		/* left shift */
+		{
+		register BN_ULONG *ap,t,c;
+		ap = t_d;
+		c=0;
+		for (tmp_int=BN_NIST_256_TOP; tmp_int != 0; --tmp_int)
+			{
+			t= *ap;
+			*(ap++)=((t<<1)|c)&BN_MASK2;
+			c=(t & BN_TBIT)?1:0;
+			}
+		}
+	if (bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), 
+		t_d, BN_NIST_256_TOP))
+		++carry;
+	/*S2*/
+	BN_384_SET(t_d,23,22,21,20,19,18,17,16,15,14,13,12)
+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP))
+		++carry;
+	/*S3*/
+	BN_384_SET(t_d,20,19,18,17,16,15,14,13,12,23,22,21)
+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP))
+		++carry;
+	/*S4*/
+	BN_384_SET(t_d,19,18,17,16,15,14,13,12,20,0,23,0)
+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP))
+		++carry;
+	/*S5*/
+	BN_256_SET(t_d,0,0,0,0,23,22,21,20)
+	if (bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), 
+		t_d, BN_NIST_256_TOP))
+		++carry;
+	/*S6*/
+	BN_384_SET(t_d,0,0,0,0,0,0,23,22,21,0,0,20)
+	if (bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP))
+		++carry;
+	/*D1*/
+	BN_384_SET(t_d,22,21,20,19,18,17,16,15,14,13,12,23)
+	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP))
+		--carry;
+	/*D2*/
+	BN_384_SET(t_d,0,0,0,0,0,0,0,23,22,21,20,0)
+	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP))
+		--carry;
+	/*D3*/
+	BN_384_SET(t_d,0,0,0,0,0,0,0,23,23,0,0,0)
+	if (bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP))
+		--carry;
+	
+	if (carry)
+		{
+		if (carry > 0)
+			bn_sub_words(r_d, r_d, _384_data + BN_NIST_384_TOP *
+				--carry, BN_NIST_384_TOP);
+		else
+			{
+			carry = -carry;
+			bn_add_words(r_d, r_d, _384_data + BN_NIST_384_TOP *
+				--carry, BN_NIST_384_TOP);
+			}
+		}
+
+	r->top = BN_NIST_384_TOP;
+#if 1
+	bn_clear_top2max(r);
+#endif
+	bn_fix_top(r);
+
+	if (BN_ucmp(r, field) >= 0)
+		{
+		bn_sub_words(r_d, r_d, _nist_p_384, BN_NIST_384_TOP);
+		bn_fix_top(r);
+		}
+	return 1;
+#else
+	return 0;
+#endif
+	}
+
+int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+	BN_CTX *ctx)
+	{
+#if BN_BITS2 == 64
+#define BN_NIST_521_TOP_MASK	(BN_ULONG)0x1FF
+#elif BN_BITS2 == 32
+#define BN_NIST_521_TOP_MASK	(BN_ULONG)0x1FF
+#elif BN_BITS2 == 16
+#define BN_NIST_521_TOP_MASK	(BN_ULONG)0x1FF
+#elif BN_BITS2 == 8
+#define BN_NIST_521_TOP_MASK	(BN_ULONG)0x1
+#endif
+	int	top, ret = 0;
+	BN_ULONG *r_d;
+	BIGNUM	*tmp;
+
+	/* check whether a reduction is necessary */
+	top = a->top;
+	if (top < BN_NIST_521_TOP  || ( top == BN_NIST_521_TOP &&
+           (!(a->d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK)))))
+		return (r == a)? 1 : (BN_copy(r ,a) != NULL);
+
+	BN_CTX_start(ctx);
+	tmp = BN_CTX_get(ctx);
+	if (!tmp)
+		goto err;
+
+	if (!BN_ncopy(tmp, a, BN_NIST_521_TOP))
+		return 0;
+	if (!BN_rshift(r, a, 521))
+		return 0;
+
+	if (tmp->top == BN_NIST_521_TOP)
+		tmp->d[BN_NIST_521_TOP-1]  &= BN_NIST_521_TOP_MASK;
+
+	if (!BN_uadd(r, tmp, r))
+		return 0;
+	top = r->top;
+	r_d = r->d;
+	if (top == BN_NIST_521_TOP  && 
+           (r_d[BN_NIST_521_TOP-1] & ~(BN_NIST_521_TOP_MASK)))
+		{
+		BN_NIST_ADD_ONE(r_d)
+		r_d[BN_NIST_521_TOP-1] &= BN_NIST_521_TOP_MASK; 
+		}
+	bn_fix_top(r);
+
+	ret = 1;
+err:
+	BN_CTX_end(ctx);
+	
+	return ret;
+	}
diff --git a/crypto/bn/bn_opts.c b/crypto/bn/bn_opts.c
deleted file mode 100644
index 86a03e2423..0000000000
--- a/crypto/bn/bn_opts.c
+++ /dev/null
@@ -1,342 +0,0 @@
-/* crypto/bn/expspeed.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* most of this code has been pilfered from my libdes speed.c program */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <signal.h>
-#include <string.h>
-#include "crypto.h"
-#include "tmdiff.h"
-#include "bn.h"
-#include "err.h"
-
-#define DEFAULT_SIZE	512
-#define DEFAULT_TIME	3
-
-int verbose=1;
-
-typedef struct parms_st
-	{
-	char *name;
-	void (*func)();
-	BIGNUM r;
-	BIGNUM a;
-	BIGNUM b;
-	BIGNUM c;
-	BIGNUM low;
-	BN_CTX *ctx;
-	BN_MONT_CTX *mont;
-	int w;
-	} PARMS;
-
-void do_mul_exp(int num,PARMS *p);
-void do_mul(int num,PARMS *p);
-void do_sqr(int num,PARMS *p);
-void do_mul_low(int num,PARMS *p);
-void do_mul_high(int num,PARMS *p);
-void do_from_montgomery(int num,PARMS *p);
-int time_it(int sec, PARMS *p);
-void do_it(int sec, PARMS *p);
-
-#define P_EXP	1
-#define P_MUL	2
-#define P_SQR	3
-#define P_MULL	4
-#define P_MULH	5
-#define P_MRED	6
-
-int main(argc,argv)
-int argc;
-char **argv;
-	{
-	PARMS p;
-	BN_MONT_CTX *mont;
-	int size=0,num;
-	char *name;
-	int type=P_EXP;
-
-	mont=BN_MONT_CTX_new();
-	p.mont=NULL;
-	p.ctx=BN_CTX_new();
-	BN_init(&p.r);
-	BN_init(&p.a);
-	BN_init(&p.b);
-	BN_init(&p.c);
-	BN_init(&p.low);
-	p.w=0;
-
-	for (;;)
-		{
-		if (argc > 1)
-			{
-			if (argv[1][0] == '-')
-				{
-				switch(argv[1][1])
-					{
-				case 'e': type=P_EXP; break;
-				case 'm': type=P_MUL; break;
-				case 's': type=P_SQR; break;
-				case 'l': type=P_MULL; break;
-				case 'h': type=P_MULH; break;
-				case 'r': type=P_MRED; break;
-				default:
-					fprintf(stderr,"options: -[emslhr]\n");
-					exit(1);
-					}
-				}
-			else
-				{
-				size=atoi(argv[1]);
-				}
-			argc--;
-			argv++;
-			}
-		else
-			break;
-		}
-	if (size == 0)
-		size=DEFAULT_SIZE;
-
-	printf("bit size:%5d\n",size);
-
-	BN_rand(&p.a,size,1,0);
-	BN_rand(&p.b,size,1,0);
-	BN_rand(&p.c,size,1,1);
-	BN_mod(&p.a,&p.a,&p.c,p.ctx);
-	BN_mod(&p.b,&p.b,&p.c,p.ctx);
-	p.w=(p.a.top+1)/2;
-
-	BN_mul(&p.low,&p.a,&p.b,p.ctx);
-	p.low.top=p.a.top;
-	
-	switch(type)
-		{
-	case P_EXP:
-		p.name="r=a^b%c";
-		p.func=do_mul_exp;
-		p.mont=mont;
-		break;
-	case P_MUL:
-		p.name="r=a*b";
-		p.func=do_mul;
-		break;
-	case P_SQR:
-		p.name="r=a*a";
-		p.func=do_sqr;
-		break;
-	case P_MULL:
-		p.name="r=low(a*b)";
-		p.func=do_mul_low;
-		break;
-	case P_MULH:
-		p.name="r=high(a*b)";
-		p.func=do_mul_high;
-		break;
-	case P_MRED:
-		p.name="r=montgomery_reduction(a)";
-		p.func=do_from_montgomery;
-		p.mont=mont;
-		break;
-	default:
-		fprintf(stderr,"options: -[emslhr]\n");
-		exit(1);
-		}
-
-	num=time_it(DEFAULT_TIME,&p);
-	do_it(num,&p);
-	}
-
-void do_it(num,p)
-int num;
-PARMS *p;
-	{
-	char *start,*end;
-	int i,j,number;
-	double d;
-
-	start=ms_time_new();
-	end=ms_time_new();
-
-	number=BN_num_bits_word((BN_ULONG)BN_num_bits(&(p->c)))-
-		BN_num_bits_word(BN_BITS2)+2;
-	for (i=number-1; i >=0; i--)
-		{
-		if (i == 1) continue;
-		BN_set_params(i,i,i,1);
-		if (p->mont != NULL)
-			BN_MONT_CTX_set(p->mont,&(p->c),p->ctx);
-
-		printf("Timing %5d (%2d bit) %2d %2d %2d %2d :",
-			(1<<i)*BN_BITS2,i,
-				BN_get_params(0),
-				BN_get_params(1),
-				BN_get_params(2),
-				BN_get_params(3));
-		fflush(stdout);
-
-		ms_time_get(start);
-		p->func(num,p);
-		ms_time_get(end);
-		d=ms_time_diff(start,end);
-		printf("%6.6f sec, or %d in %.4f seconds\n",
-			(double)d/num,num,d);
-		}
-	}
-
-int time_it(sec,p)
-int sec;
-PARMS *p;
-	{
-	char *start,*end;
-	int i,j;
-	double d;
-
-	if (p->mont != NULL)
-		BN_MONT_CTX_set(p->mont,&(p->c),p->ctx);
-
-	start=ms_time_new();
-	end=ms_time_new();
-
-	i=1;
-	for (;;)
-		{
-		if (verbose)
-			printf("timing %s for %d interations\n",p->name,i);
-
-		ms_time_get(start);
-		p->func(i,p);
-		ms_time_get(end);
-		d=ms_time_diff(start,end);
-
-		if 	(d < 0.01) i*=100;
-		else if (d < 0.1 ) i*=10;
-		else if (d > (double)sec) break;
-		else
-			{
-			i=(int)(1.0*i*sec/d);
-			break;
-			}
-		}
-	if (verbose)
-		printf("using %d interations\n",i);
-	return(i);
-	}
-
-void do_mul_exp(num,p)
-int num;
-PARMS *p;
-	{
-	int i;
-
-	for (i=0; i<num; i++)
-		BN_mod_exp_mont(&(p->r),&(p->a),&(p->b),&(p->c),
-			p->ctx,p->mont);
-	}
-
-void do_mul(num,p)
-int num;
-PARMS *p;
-	{
-	int i;
-
-	for (i=0; i<num; i++)
-		BN_mul(&(p->r),&(p->a),&(p->b),p->ctx);
-	}
-
-void do_sqr(num,p)
-int num;
-PARMS *p;
-	{
-	int i;
-
-	for (i=0; i<num; i++)
-			BN_sqr(&(p->r),&(p->a),p->ctx);
-	}
-
-void do_mul_low(num,p)
-int num;
-PARMS *p;
-	{
-	int i;
-	
-	for (i=0; i<num; i++)
-		BN_mul_low(&(p->r),&(p->a),&(p->b),p->w,p->ctx);
-	}
-
-void do_mul_high(num,p)
-int num;
-PARMS *p;
-	{
-	int i;
-
-	for (i=0; i<num; i++)
-		BN_mul_low(&(p->r),&(p->a),&(p->b),&(p->low),p->w,p->ctx);
-	}
-
-void do_from_montgomery(num,p)
-int num;
-PARMS *p;
-	{
-	int i;
-	
-	for (i=0; i<num; i++)
-		BN_from_montgomery(&(p->r),&(p->a),p->mont,p->ctx);
-	}
-
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index c4fb58ef9a..918b9237c6 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -55,47 +55,90 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
-#include "rand.h"
+#include <openssl/rand.h>
 
-/* The quick seive algorithm approach to weeding out primes is
+/* The quick sieve algorithm approach to weeding out primes is
  * Philip Zimmermann's, as implemented in PGP.  I have had a read of
  * his comments and implemented my own version.
  */
 #include "bn_prime.h"
 
-#ifndef NOPROTO
-static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx,BN_CTX *ctx2,
-	BN_MONT_CTX *mont);
+static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
+	const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont);
 static int probable_prime(BIGNUM *rnd, int bits);
 static int probable_prime_dh(BIGNUM *rnd, int bits,
-	BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);
-static int probable_prime_dh_strong(BIGNUM *rnd, int bits,
-	BIGNUM *add, BIGNUM *rem, BN_CTX *ctx);
-#else
-static int witness();
-static int probable_prime();
-static int probable_prime_dh();
-static int probable_prime_dh_strong();
-#endif
-
-BIGNUM *BN_generate_prime(ret,bits,strong,add,rem,callback,cb_arg)
-BIGNUM *ret;
-int bits;
-int strong;
-BIGNUM *add;
-BIGNUM *rem;
-void (*callback)(P_I_I_P); 
-char *cb_arg;
+	const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
+static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
+	const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
+
+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
+	const BIGNUM *add, const BIGNUM *rem,
+	void (*callback)(int,int,void *), void *cb_arg)
 	{
 	BIGNUM *rnd=NULL;
 	BIGNUM t;
+	int found=0;
 	int i,j,c1=0;
 	BN_CTX *ctx;
+	int checks = BN_prime_checks_for_size(bits);
 
 	ctx=BN_CTX_new();
 	if (ctx == NULL) goto err;
@@ -114,9 +157,9 @@ loop:
 		}
 	else
 		{
-		if (strong)
+		if (safe)
 			{
-			if (!probable_prime_dh_strong(rnd,bits,add,rem,ctx))
+			if (!probable_prime_dh_safe(rnd,bits,add,rem,ctx))
 				 goto err;
 			}
 		else
@@ -128,169 +171,185 @@ loop:
 	/* if (BN_mod_word(rnd,(BN_ULONG)3) == 1) goto loop; */
 	if (callback != NULL) callback(0,c1++,cb_arg);
 
-	if (!strong)
+	if (!safe)
 		{
-		i=BN_is_prime(rnd,BN_prime_checks,callback,ctx,cb_arg);
+		i=BN_is_prime_fasttest(rnd,checks,callback,ctx,cb_arg,0);
 		if (i == -1) goto err;
 		if (i == 0) goto loop;
 		}
 	else
 		{
-		/* for a strong prime generation,
+		/* for "safe prime" generation,
 		 * check that (p-1)/2 is prime.
 		 * Since a prime is odd, We just
 		 * need to divide by 2 */
 		if (!BN_rshift1(&t,rnd)) goto err;
 
-		for (i=0; i<BN_prime_checks; i++)
+		for (i=0; i<checks; i++)
 			{
-			j=BN_is_prime(rnd,1,callback,ctx,cb_arg);
+			j=BN_is_prime_fasttest(rnd,1,callback,ctx,cb_arg,0);
 			if (j == -1) goto err;
 			if (j == 0) goto loop;
 
-			j=BN_is_prime(&t,1,callback,ctx,cb_arg);
+			j=BN_is_prime_fasttest(&t,1,callback,ctx,cb_arg,0);
 			if (j == -1) goto err;
 			if (j == 0) goto loop;
 
 			if (callback != NULL) callback(2,c1-1,cb_arg);
-			/* We have a strong prime test pass */
+			/* We have a safe prime test pass */
 			}
 		}
 	/* we have a prime :-) */
-	ret=rnd;
+	found = 1;
 err:
-	if ((ret == NULL) && (rnd != NULL)) BN_free(rnd);
+	if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd);
 	BN_free(&t);
 	if (ctx != NULL) BN_CTX_free(ctx);
-	return(ret);
+	return(found ? rnd : NULL);
 	}
 
-int BN_is_prime(a,checks,callback,ctx_passed,cb_arg)
-BIGNUM *a;
-int checks;
-void (*callback)(P_I_I_P);
-BN_CTX *ctx_passed;
-char *cb_arg;
+int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *),
+	BN_CTX *ctx_passed, void *cb_arg)
 	{
-	int i,j,c2=0,ret= -1;
-	BIGNUM *check;
-	BN_CTX *ctx=NULL,*ctx2=NULL;
-	BN_MONT_CTX *mont=NULL;
+	return BN_is_prime_fasttest(a, checks, callback, ctx_passed, cb_arg, 0);
+	}
 
+int BN_is_prime_fasttest(const BIGNUM *a, int checks,
+		void (*callback)(int,int,void *),
+		BN_CTX *ctx_passed, void *cb_arg,
+		int do_trial_division)
+	{
+	int i, j, ret = -1;
+	int k;
+	BN_CTX *ctx = NULL;
+	BIGNUM *A1, *A1_odd, *check; /* taken from ctx */
+	BN_MONT_CTX *mont = NULL;
+	const BIGNUM *A = NULL;
+
+	if (BN_cmp(a, BN_value_one()) <= 0)
+		return 0;
+	
+	if (checks == BN_prime_checks)
+		checks = BN_prime_checks_for_size(BN_num_bits(a));
+
+	/* first look for small factors */
 	if (!BN_is_odd(a))
-		return(0);
+		return 0;
+	if (do_trial_division)
+		{
+		for (i = 1; i < NUMPRIMES; i++)
+			if (BN_mod_word(a, primes[i]) == 0) 
+				return 0;
+		if (callback != NULL) callback(1, -1, cb_arg);
+		}
+
 	if (ctx_passed != NULL)
-		ctx=ctx_passed;
+		ctx = ctx_passed;
 	else
-		if ((ctx=BN_CTX_new()) == NULL) goto err;
-
-	if ((ctx2=BN_CTX_new()) == NULL) goto err;
-	if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
-
-	check= &(ctx->bn[ctx->tos++]);
+		if ((ctx=BN_CTX_new()) == NULL)
+			goto err;
+	BN_CTX_start(ctx);
 
-	/* Setup the montgomery structure */
-	if (!BN_MONT_CTX_set(mont,a,ctx2)) goto err;
+	/* A := abs(a) */
+	if (a->neg)
+		{
+		BIGNUM *t;
+		if ((t = BN_CTX_get(ctx)) == NULL) goto err;
+		BN_copy(t, a);
+		t->neg = 0;
+		A = t;
+		}
+	else
+		A = a;
+	A1 = BN_CTX_get(ctx);
+	A1_odd = BN_CTX_get(ctx);
+	check = BN_CTX_get(ctx);
+	if (check == NULL) goto err;
+
+	/* compute A1 := A - 1 */
+	if (!BN_copy(A1, A))
+		goto err;
+	if (!BN_sub_word(A1, 1))
+		goto err;
+	if (BN_is_zero(A1))
+		{
+		ret = 0;
+		goto err;
+		}
 
-	for (i=0; i<checks; i++)
+	/* write  A1  as  A1_odd * 2^k */
+	k = 1;
+	while (!BN_is_bit_set(A1, k))
+		k++;
+	if (!BN_rshift(A1_odd, A1, k))
+		goto err;
+
+	/* Montgomery setup for computations mod A */
+	mont = BN_MONT_CTX_new();
+	if (mont == NULL)
+		goto err;
+	if (!BN_MONT_CTX_set(mont, A, ctx))
+		goto err;
+	
+	for (i = 0; i < checks; i++)
 		{
-		if (!BN_rand(check,BN_num_bits(a)-1,0,0)) goto err;
-		j=witness(check,a,ctx,ctx2,mont);
+		if (!BN_pseudo_rand_range(check, A1))
+			goto err;
+		if (!BN_add_word(check, 1))
+			goto err;
+		/* now 1 <= check < A */
+
+		j = witness(check, A, A1, A1_odd, k, ctx, mont);
 		if (j == -1) goto err;
 		if (j)
 			{
 			ret=0;
 			goto err;
 			}
-		if (callback != NULL) callback(1,c2++,cb_arg);
+		if (callback != NULL) callback(1,i,cb_arg);
 		}
 	ret=1;
 err:
-	ctx->tos--;
-	if ((ctx_passed == NULL) && (ctx != NULL))
-		BN_CTX_free(ctx);
-	if (ctx2 != NULL)
-		BN_CTX_free(ctx2);
-	if (mont != NULL) BN_MONT_CTX_free(mont);
-		
+	if (ctx != NULL)
+		{
+		BN_CTX_end(ctx);
+		if (ctx_passed == NULL)
+			BN_CTX_free(ctx);
+		}
+	if (mont != NULL)
+		BN_MONT_CTX_free(mont);
+
 	return(ret);
 	}
 
-#define RECP_MUL_MOD
-
-static int witness(a,n,ctx,ctx2,mont)
-BIGNUM *a;
-BIGNUM *n;
-BN_CTX *ctx,*ctx2;
-BN_MONT_CTX *mont;
+static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
+	const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont)
 	{
-	int k,i,ret= -1,good;
-	BIGNUM *d,*dd,*tmp,*d1,*d2,*n1;
-	BIGNUM *mont_one,*mont_n1,*mont_a;
-
-	d1= &(ctx->bn[ctx->tos]);
-	d2= &(ctx->bn[ctx->tos+1]);
-	n1= &(ctx->bn[ctx->tos+2]);
-	ctx->tos+=3;
-
-	mont_one= &(ctx2->bn[ctx2->tos]);
-	mont_n1= &(ctx2->bn[ctx2->tos+1]);
-	mont_a= &(ctx2->bn[ctx2->tos+2]);
-	ctx2->tos+=3;
-
-	d=d1;
-	dd=d2;
-	if (!BN_one(d)) goto err;
-	if (!BN_sub(n1,n,d)) goto err; /* n1=n-1; */
-	k=BN_num_bits(n1);
-
-	if (!BN_to_montgomery(mont_one,BN_value_one(),mont,ctx2)) goto err;
-	if (!BN_to_montgomery(mont_n1,n1,mont,ctx2)) goto err;
-	if (!BN_to_montgomery(mont_a,a,mont,ctx2)) goto err;
-
-	BN_copy(d,mont_one);
-	for (i=k-1; i>=0; i--)
+	if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */
+		return -1;
+	if (BN_is_one(w))
+		return 0; /* probably prime */
+	if (BN_cmp(w, a1) == 0)
+		return 0; /* w == -1 (mod a),  'a' is probably prime */
+	while (--k)
 		{
-		if (	(BN_cmp(d,mont_one) != 0) &&
-			(BN_cmp(d,mont_n1) != 0))
-			good=1;
-		else
-			good=0;
-
-		BN_mod_mul_montgomery(dd,d,d,mont,ctx2);
-		
-		if (good && (BN_cmp(dd,mont_one) == 0))
-			{
-			ret=1;
-			goto err;
-			}
-		if (BN_is_bit_set(n1,i))
-			{
-			BN_mod_mul_montgomery(d,dd,mont_a,mont,ctx2);
-			}
-		else
-			{
-			tmp=d;
-			d=dd;
-			dd=tmp;
-			}
+		if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */
+			return -1;
+		if (BN_is_one(w))
+			return 1; /* 'a' is composite, otherwise a previous 'w' would
+			           * have been == -1 (mod 'a') */
+		if (BN_cmp(w, a1) == 0)
+			return 0; /* w == -1 (mod a), 'a' is probably prime */
 		}
-	if (BN_cmp(d,mont_one) == 0)
-		i=0;
-	else	i=1;
-	ret=i;
-err:
-	ctx->tos-=3;
-	ctx2->tos-=3;
-	return(ret);
+	/* If we get here, 'w' is the (a-1)/2-th power of the original 'w',
+	 * and it is neither -1 nor +1 -- so 'a' cannot be prime */
+	return 1;
 	}
 
-static int probable_prime(rnd, bits)
-BIGNUM *rnd;
-int bits;
+static int probable_prime(BIGNUM *rnd, int bits)
 	{
 	int i;
-	MS_STATIC BN_ULONG mods[NUMPRIMES];
+	BN_ULONG mods[NUMPRIMES];
 	BN_ULONG delta,d;
 
 again:
@@ -308,7 +367,7 @@ again:
 			d=delta;
 			delta+=2;
 			/* perhaps need to check for overflow of
-			 * delta (but delta can be upto 2^32)
+			 * delta (but delta can be up to 2^32)
 			 * 21-May-98 eay - added overflow check */
 			if (delta < d) goto again;
 			goto loop;
@@ -318,17 +377,14 @@ again:
 	return(1);
 	}
 
-static int probable_prime_dh(rnd, bits, add, rem,ctx)
-BIGNUM *rnd;
-int bits;
-BIGNUM *add;
-BIGNUM *rem;
-BN_CTX *ctx;
+static int probable_prime_dh(BIGNUM *rnd, int bits,
+	const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx)
 	{
 	int i,ret=0;
 	BIGNUM *t1;
 
-	t1= &(ctx->bn[ctx->tos++]);
+	BN_CTX_start(ctx);
+	if ((t1 = BN_CTX_get(ctx)) == NULL) goto err;
 
 	if (!BN_rand(rnd,bits,0,1)) goto err;
 
@@ -346,7 +402,7 @@ BN_CTX *ctx;
 	loop: for (i=1; i<NUMPRIMES; i++)
 		{
 		/* check that rnd is a prime */
-		if (BN_mod_word(rnd,(BN_LONG)primes[i]) <= 1)
+		if (BN_mod_word(rnd,(BN_ULONG)primes[i]) <= 1)
 			{
 			if (!BN_add(rnd,rnd,add)) goto err;
 			goto loop;
@@ -354,24 +410,22 @@ BN_CTX *ctx;
 		}
 	ret=1;
 err:
-	ctx->tos--;
+	BN_CTX_end(ctx);
 	return(ret);
 	}
 
-static int probable_prime_dh_strong(p, bits, padd, rem,ctx)
-BIGNUM *p;
-int bits;
-BIGNUM *padd;
-BIGNUM *rem;
-BN_CTX *ctx;
+static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
+	const BIGNUM *rem, BN_CTX *ctx)
 	{
 	int i,ret=0;
-	BIGNUM *t1,*qadd=NULL,*q=NULL;
+	BIGNUM *t1,*qadd,*q;
 
 	bits--;
-	t1= &(ctx->bn[ctx->tos++]);
-	q= &(ctx->bn[ctx->tos++]);
-	qadd= &(ctx->bn[ctx->tos++]);
+	BN_CTX_start(ctx);
+	t1 = BN_CTX_get(ctx);
+	q = BN_CTX_get(ctx);
+	qadd = BN_CTX_get(ctx);
+	if (qadd == NULL) goto err;
 
 	if (!BN_rshift1(qadd,padd)) goto err;
 		
@@ -397,8 +451,8 @@ BN_CTX *ctx;
 		/* check that p and q are prime */
 		/* check that for p and q
 		 * gcd(p-1,primes) == 1 (except for 2) */
-		if (	(BN_mod_word(p,(BN_LONG)primes[i]) == 0) ||
-			(BN_mod_word(q,(BN_LONG)primes[i]) == 0))
+		if (	(BN_mod_word(p,(BN_ULONG)primes[i]) == 0) ||
+			(BN_mod_word(q,(BN_ULONG)primes[i]) == 0))
 			{
 			if (!BN_add(p,p,padd)) goto err;
 			if (!BN_add(q,q,qadd)) goto err;
@@ -407,75 +461,6 @@ BN_CTX *ctx;
 		}
 	ret=1;
 err:
-	ctx->tos-=3;
-	return(ret);
-	}
-
-#if 0
-static int witness(a, n,ctx)
-BIGNUM *a;
-BIGNUM *n;
-BN_CTX *ctx;
-	{
-	int k,i,nb,ret= -1;
-	BIGNUM *d,*dd,*tmp;
-	BIGNUM *d1,*d2,*x,*n1,*inv;
-
-	d1= &(ctx->bn[ctx->tos]);
-	d2= &(ctx->bn[ctx->tos+1]);
-	x=  &(ctx->bn[ctx->tos+2]);
-	n1= &(ctx->bn[ctx->tos+3]);
-	inv=&(ctx->bn[ctx->tos+4]);
-	ctx->tos+=5;
-
-	d=d1;
-	dd=d2;
-	if (!BN_one(d)) goto err;
-	if (!BN_sub(n1,n,d)) goto err; /* n1=n-1; */
-	k=BN_num_bits(n1);
-
-	/* i=BN_num_bits(n); */
-#ifdef RECP_MUL_MOD
-	nb=BN_reciprocal(inv,n,ctx); /**/
-	if (nb == -1) goto err;
-#endif
-
-	for (i=k-1; i>=0; i--)
-		{
-		if (BN_copy(x,d) == NULL) goto err;
-#ifndef RECP_MUL_MOD
-		if (!BN_mod_mul(dd,d,d,n,ctx)) goto err;
-#else
-		if (!BN_mod_mul_reciprocal(dd,d,d,n,inv,nb,ctx)) goto err;
-#endif
-		if (	BN_is_one(dd) &&
-			!BN_is_one(x) &&
-			(BN_cmp(x,n1) != 0))
-			{
-			ret=1;
-			goto err;
-			}
-		if (BN_is_bit_set(n1,i))
-			{
-#ifndef RECP_MUL_MOD
-			if (!BN_mod_mul(d,dd,a,n,ctx)) goto err;
-#else
-			if (!BN_mod_mul_reciprocal(d,dd,a,n,inv,nb,ctx)) goto err; 
-#endif
-			}
-		else
-			{
-			tmp=d;
-			d=dd;
-			dd=tmp;
-			}
-		}
-	if (BN_is_one(d))
-		i=0;
-	else	i=1;
-	ret=i;
-err:
-	ctx->tos-=5;
+	BN_CTX_end(ctx);
 	return(ret);
 	}
-#endif
diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h
index 6fce0210cd..b7cf9a9bfe 100644
--- a/crypto/bn/bn_prime.h
+++ b/crypto/bn/bn_prime.h
@@ -1,4 +1,4 @@
-/* crypto/bn/bn_prime.h */
+/* Auto generated by bn_prime.pl */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -61,7 +61,7 @@
 #else
 #define NUMPRIMES 54
 #endif
-static unsigned int primes[NUMPRIMES]=
+static const unsigned int primes[NUMPRIMES]=
 	{
 	   2,   3,   5,   7,  11,  13,  17,  19,
 	  23,  29,  31,  37,  41,  43,  47,  53,
diff --git a/crypto/bn/bn_prime.pl b/crypto/bn/bn_prime.pl
index 979385a334..9fc3765486 100644
--- a/crypto/bn/bn_prime.pl
+++ b/crypto/bn/bn_prime.pl
@@ -18,13 +18,74 @@ loop: while ($#primes < $num-1)
 	push(@primes,$p);
 	}
 
-print <<"EOF";
+# print <<"EOF";
+# /* Auto generated by bn_prime.pl */
+# /* Copyright (C) 1995-1997 Eric Young (eay\@mincom.oz.au).
+#  * All rights reserved.
+#  * Copyright remains Eric Young's, and as such any Copyright notices in
+#  * the code are not to be removed.
+#  * See the COPYRIGHT file in the SSLeay distribution for more details.
+#  */
+# 
+# EOF
+
+print <<\EOF;
 /* Auto generated by bn_prime.pl */
-/* Copyright (C) 1995-1997 Eric Young (eay\@mincom.oz.au).
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
- * See the COPYRIGHT file in the SSLeay distribution for more details.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
  */
 
 EOF
@@ -43,7 +104,7 @@ printf "#define NUMPRIMES %d\n",$num;
 printf "#else\n";
 printf "#define NUMPRIMES %d\n",$eight;
 printf "#endif\n";
-print "static unsigned int primes[NUMPRIMES]=\n\t{\n\t";
+print "static const unsigned int primes[NUMPRIMES]=\n\t{\n\t";
 $init=0;
 for ($i=0; $i <= $#primes; $i++)
 	{
diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c
index 2bcc11c852..5f46b1826c 100644
--- a/crypto/bn/bn_print.c
+++ b/crypto/bn/bn_print.c
@@ -59,20 +59,19 @@
 #include <stdio.h>
 #include <ctype.h>
 #include "cryptlib.h"
-#include "buffer.h"
+#include <openssl/buffer.h>
 #include "bn_lcl.h"
 
-static char *Hex="0123456789ABCDEF";
+static const char *Hex="0123456789ABCDEF";
 
-/* Must 'Free' the returned data */
-char *BN_bn2hex(a)
-BIGNUM *a;
+/* Must 'OPENSSL_free' the returned data */
+char *BN_bn2hex(const BIGNUM *a)
 	{
 	int i,j,v,z=0;
 	char *buf;
 	char *p;
 
-	buf=(char *)Malloc(a->top*BN_BYTES*2+2);
+	buf=(char *)OPENSSL_malloc(a->top*BN_BYTES*2+2);
 	if (buf == NULL)
 		{
 		BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE);
@@ -100,9 +99,8 @@ err:
 	return(buf);
 	}
 
-/* Must 'Free' the returned data */
-char *BN_bn2dec(a)
-BIGNUM *a;
+/* Must 'OPENSSL_free' the returned data */
+char *BN_bn2dec(const BIGNUM *a)
 	{
 	int i=0,num;
 	char *buf=NULL;
@@ -112,8 +110,8 @@ BIGNUM *a;
 
 	i=BN_num_bits(a)*3;
 	num=(i/10+i/1000+3)+1;
-	bn_data=(BN_ULONG *)Malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG));
-	buf=(char *)Malloc(num+3);
+	bn_data=(BN_ULONG *)OPENSSL_malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG));
+	buf=(char *)OPENSSL_malloc(num+3);
 	if ((buf == NULL) || (bn_data == NULL))
 		{
 		BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE);
@@ -139,7 +137,7 @@ BIGNUM *a;
 			}
 		lp--;
 		/* We now have a series of blocks, BN_DEC_NUM chars
-		 * in length, where the last one needs trucation.
+		 * in length, where the last one needs truncation.
 		 * The blocks need to be reversed in order. */
 		sprintf(p,BN_DEC_FMT1,*lp);
 		while (*p) p++;
@@ -151,14 +149,12 @@ BIGNUM *a;
 			}
 		}
 err:
-	if (bn_data != NULL) Free(bn_data);
+	if (bn_data != NULL) OPENSSL_free(bn_data);
 	if (t != NULL) BN_free(t);
 	return(buf);
 	}
 
-int BN_hex2bn(bn,a)
-BIGNUM **bn;
-char *a;
+int BN_hex2bn(BIGNUM **bn, const char *a)
 	{
 	BIGNUM *ret=NULL;
 	BN_ULONG l=0;
@@ -169,13 +165,13 @@ char *a;
 
 	if (*a == '-') { neg=1; a++; }
 
-	for (i=0; isxdigit(a[i]); i++)
+	for (i=0; isxdigit((unsigned char) a[i]); i++)
 		;
 
 	num=i+neg;
 	if (bn == NULL) return(num);
 
-	/* a is the start of the hex digets, and it is 'i' long */
+	/* a is the start of the hex digits, and it is 'i' long */
 	if (*bn == NULL)
 		{
 		if ((ret=BN_new()) == NULL) return(0);
@@ -189,7 +185,7 @@ char *a;
 	/* i is the number of hex digests; */
 	if (bn_expand(ret,i*4) == NULL) goto err;
 
-	j=i; /* least significate 'hex' */
+	j=i; /* least significant 'hex' */
 	m=0;
 	h=0;
 	while (j > 0)
@@ -224,9 +220,7 @@ err:
 	return(0);
 	}
 
-int BN_dec2bn(bn,a)
-BIGNUM **bn;
-char *a;
+int BN_dec2bn(BIGNUM **bn, const char *a)
 	{
 	BIGNUM *ret=NULL;
 	BN_ULONG l=0;
@@ -236,14 +230,14 @@ char *a;
 	if ((a == NULL) || (*a == '\0')) return(0);
 	if (*a == '-') { neg=1; a++; }
 
-	for (i=0; isdigit(a[i]); i++)
+	for (i=0; isdigit((unsigned char) a[i]); i++)
 		;
 
 	num=i+neg;
 	if (bn == NULL) return(num);
 
-	/* a is the start of the digets, and it is 'i' long.
-	 * We chop it into BN_DEC_NUM digets at a time */
+	/* a is the start of the digits, and it is 'i' long.
+	 * We chop it into BN_DEC_NUM digits at a time */
 	if (*bn == NULL)
 		{
 		if ((ret=BN_new()) == NULL) return(0);
@@ -283,12 +277,9 @@ err:
 	return(0);
 	}
 
-#ifndef NO_BIO
-
-#ifndef NO_FP_API
-int BN_print_fp(fp, a)
-FILE *fp;
-BIGNUM *a;
+#ifndef OPENSSL_NO_BIO
+#ifndef OPENSSL_NO_FP_API
+int BN_print_fp(FILE *fp, const BIGNUM *a)
 	{
 	BIO *b;
 	int ret;
@@ -302,9 +293,7 @@ BIGNUM *a;
 	}
 #endif
 
-int BN_print(bp, a)
-BIO *bp;
-BIGNUM *a;
+int BN_print(BIO *bp, const BIGNUM *a)
 	{
 	int i,j,v,z=0;
 	int ret=0;
@@ -329,5 +318,15 @@ BIGNUM *a;
 end:
 	return(ret);
 	}
+#endif
 
+#ifdef BN_DEBUG
+void bn_dump1(FILE *o, const char *a, const BN_ULONG *b,int n)
+	{
+	int i;
+	fprintf(o, "%s=", a);
+	for (i=n-1;i>=0;i--)
+		fprintf(o, "%08lX", b[i]); /* assumes 32-bit BN_ULONG */
+	fprintf(o, "\n");
+	}
 #endif
diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c
index 75b6b0493b..480817a4b6 100644
--- a/crypto/bn/bn_rand.c
+++ b/crypto/bn/bn_rand.c
@@ -55,28 +55,83 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
 #include "bn_lcl.h"
-#include "rand.h"
+#include <openssl/rand.h>
 
-int BN_rand(rnd, bits, top, bottom)
-BIGNUM *rnd;
-int bits;
-int top;
-int bottom;
+static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
 	{
 	unsigned char *buf=NULL;
 	int ret=0,bit,bytes,mask;
 	time_t tim;
 
+	if (bits == 0)
+		{
+		BN_zero(rnd);
+		return 1;
+		}
+
 	bytes=(bits+7)/8;
 	bit=(bits-1)%8;
-	mask=0xff<<bit;
+	mask=0xff<<(bit+1);
 
-	buf=(unsigned char *)Malloc(bytes);
+	buf=(unsigned char *)OPENSSL_malloc(bytes);
 	if (buf == NULL)
 		{
 		BNerr(BN_F_BN_RAND,ERR_R_MALLOC_FAILURE);
@@ -85,37 +140,166 @@ int bottom;
 
 	/* make a random number and set the top and bottom bits */
 	time(&tim);
-	RAND_seed((unsigned char *)&tim,sizeof(tim));
+	RAND_add(&tim,sizeof(tim),0);
 
-	RAND_bytes(buf,(int)bytes);
-	if (top)
+	if (pseudorand)
 		{
-		if (bit == 0)
+		if (RAND_pseudo_bytes(buf, bytes) == -1)
+			goto err;
+		}
+	else
+		{
+		if (RAND_bytes(buf, bytes) <= 0)
+			goto err;
+		}
+
+#if 1
+	if (pseudorand == 2)
+		{
+		/* generate patterns that are more likely to trigger BN
+		   library bugs */
+		int i;
+		unsigned char c;
+
+		for (i = 0; i < bytes; i++)
+			{
+			RAND_pseudo_bytes(&c, 1);
+			if (c >= 128 && i > 0)
+				buf[i] = buf[i-1];
+			else if (c < 42)
+				buf[i] = 0;
+			else if (c < 84)
+				buf[i] = 255;
+			}
+		}
+#endif
+
+	if (top != -1)
+		{
+		if (top)
 			{
-			buf[0]=1;
-			buf[1]|=0x80;
+			if (bit == 0)
+				{
+				buf[0]=1;
+				buf[1]|=0x80;
+				}
+			else
+				{
+				buf[0]|=(3<<(bit-1));
+				}
 			}
 		else
 			{
-			buf[0]|=(3<<(bit-1));
-			buf[0]&= ~(mask<<1);
+			buf[0]|=(1<<bit);
 			}
 		}
-	else
-		{
-		buf[0]|=(1<<bit);
-		buf[0]&= ~(mask<<1);
-		}
-	if (bottom) /* set bottom bits to whatever odd is */
+	buf[0] &= ~mask;
+	if (bottom) /* set bottom bit if requested */
 		buf[bytes-1]|=1;
 	if (!BN_bin2bn(buf,bytes,rnd)) goto err;
 	ret=1;
 err:
 	if (buf != NULL)
 		{
-		memset(buf,0,bytes);
-		Free(buf);
+		OPENSSL_cleanse(buf,bytes);
+		OPENSSL_free(buf);
 		}
 	return(ret);
 	}
 
+int     BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
+	{
+	return bnrand(0, rnd, bits, top, bottom);
+	}
+
+int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
+	{
+	return bnrand(1, rnd, bits, top, bottom);
+	}
+
+#if 1
+int     BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
+	{
+	return bnrand(2, rnd, bits, top, bottom);
+	}
+#endif
+
+
+/* random number r:  0 <= r < range */
+static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)
+	{
+	int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
+	int n;
+	int count = 100;
+
+	if (range->neg || BN_is_zero(range))
+		{
+		BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
+		return 0;
+		}
+
+	n = BN_num_bits(range); /* n > 0 */
+
+	/* BN_is_bit_set(range, n - 1) always holds */
+
+	if (n == 1)
+		{
+		if (!BN_zero(r)) return 0;
+		}
+	else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
+		{
+		/* range = 100..._2,
+		 * so  3*range (= 11..._2)  is exactly one bit longer than  range */
+		do
+			{
+			if (!bn_rand(r, n + 1, -1, 0)) return 0;
+			/* If  r < 3*range,  use  r := r MOD range
+			 * (which is either  r, r - range,  or  r - 2*range).
+			 * Otherwise, iterate once more.
+			 * Since  3*range = 11..._2, each iteration succeeds with
+			 * probability >= .75. */
+			if (BN_cmp(r ,range) >= 0)
+				{
+				if (!BN_sub(r, r, range)) return 0;
+				if (BN_cmp(r, range) >= 0)
+					if (!BN_sub(r, r, range)) return 0;
+				}
+
+			if (!--count)
+				{
+				BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+				return 0;
+				}
+			
+			}
+		while (BN_cmp(r, range) >= 0);
+		}
+	else
+		{
+		do
+			{
+			/* range = 11..._2  or  range = 101..._2 */
+			if (!bn_rand(r, n, -1, 0)) return 0;
+
+			if (!--count)
+				{
+				BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+				return 0;
+				}
+			}
+		while (BN_cmp(r, range) >= 0);
+		}
+
+	return 1;
+	}
+
+
+int	BN_rand_range(BIGNUM *r, BIGNUM *range)
+	{
+	return bn_rand_range(0, r, range);
+	}
+
+int	BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range)
+	{
+	return bn_rand_range(1, r, range);
+	}
diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c
index 97ca857ed1..ef5fdd4708 100644
--- a/crypto/bn/bn_recp.c
+++ b/crypto/bn/bn_recp.c
@@ -60,8 +60,7 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-void BN_RECP_CTX_init(recp)
-BN_RECP_CTX *recp;
+void BN_RECP_CTX_init(BN_RECP_CTX *recp)
 	{
 	BN_init(&(recp->N));
 	BN_init(&(recp->Nr));
@@ -69,11 +68,11 @@ BN_RECP_CTX *recp;
 	recp->flags=0;
 	}
 
-BN_RECP_CTX *BN_RECP_CTX_new()
+BN_RECP_CTX *BN_RECP_CTX_new(void)
 	{
 	BN_RECP_CTX *ret;
 
-	if ((ret=(BN_RECP_CTX *)Malloc(sizeof(BN_RECP_CTX))) == NULL)
+	if ((ret=(BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL)
 		return(NULL);
 
 	BN_RECP_CTX_init(ret);
@@ -81,82 +80,76 @@ BN_RECP_CTX *BN_RECP_CTX_new()
 	return(ret);
 	}
 
-void BN_RECP_CTX_free(recp)
-BN_RECP_CTX *recp;
+void BN_RECP_CTX_free(BN_RECP_CTX *recp)
 	{
+	if(recp == NULL)
+	    return;
+
 	BN_free(&(recp->N));
 	BN_free(&(recp->Nr));
 	if (recp->flags & BN_FLG_MALLOCED)
-		Free(recp);
+		OPENSSL_free(recp);
 	}
 
-int BN_RECP_CTX_set(recp,d,ctx)
-BN_RECP_CTX *recp;
-BIGNUM *d;
-BN_CTX *ctx;
+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
 	{
-	BN_copy(&(recp->N),d);
-	BN_zero(&(recp->Nr));
+	if (!BN_copy(&(recp->N),d)) return 0;
+	if (!BN_zero(&(recp->Nr))) return 0;
 	recp->num_bits=BN_num_bits(d);
 	recp->shift=0;
 	return(1);
 	}
 
-int BN_mod_mul_reciprocal(r, x, y, recp, ctx)
-BIGNUM *r;
-BIGNUM *x;
-BIGNUM *y;
-BN_RECP_CTX *recp;
-BN_CTX *ctx;
+int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+	BN_RECP_CTX *recp, BN_CTX *ctx)
 	{
 	int ret=0;
 	BIGNUM *a;
+	const BIGNUM *ca;
 
-	a= &(ctx->bn[ctx->tos++]);
+	BN_CTX_start(ctx);
+	if ((a = BN_CTX_get(ctx)) == NULL) goto err;
 	if (y != NULL)
 		{
 		if (x == y)
 			{ if (!BN_sqr(a,x,ctx)) goto err; }
 		else
 			{ if (!BN_mul(a,x,y,ctx)) goto err; }
+		ca = a;
 		}
 	else
-		a=x; /* Just do the mod */
+		ca=x; /* Just do the mod */
 
-	BN_div_recp(NULL,r,a,recp,ctx);
-	ret=1;
+	ret = BN_div_recp(NULL,r,ca,recp,ctx);
 err:
-	ctx->tos--;
+	BN_CTX_end(ctx);
 	return(ret);
 	}
 
-int BN_div_recp(dv,rem,m,recp,ctx)
-BIGNUM *dv;
-BIGNUM *rem;
-BIGNUM *m;
-BN_RECP_CTX *recp;
-BN_CTX *ctx;
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+	BN_RECP_CTX *recp, BN_CTX *ctx)
 	{
-	int i,j,tos,ret=0,ex;
+	int i,j,ret=0;
 	BIGNUM *a,*b,*d,*r;
 
-	tos=ctx->tos;
-	a= &(ctx->bn[ctx->tos++]);
-	b= &(ctx->bn[ctx->tos++]);
+	BN_CTX_start(ctx);
+	a=BN_CTX_get(ctx);
+	b=BN_CTX_get(ctx);
 	if (dv != NULL)
 		d=dv;
 	else
-		d= &(ctx->bn[ctx->tos++]);
+		d=BN_CTX_get(ctx);
 	if (rem != NULL)
 		r=rem;
 	else
-		r= &(ctx->bn[ctx->tos++]);
+		r=BN_CTX_get(ctx);
+	if (a == NULL || b == NULL || d == NULL || r == NULL) goto err;
 
 	if (BN_ucmp(m,&(recp->N)) < 0)
 		{
-		BN_zero(d);
-		BN_copy(r,m);
-		ctx->tos=tos;
+		if (!BN_zero(d)) return 0;
+		if (!BN_copy(r,m)) return 0;
+		BN_CTX_end(ctx);
 		return(1);
 		}
 
@@ -165,35 +158,34 @@ BN_CTX *ctx;
 	 * we need multiply ABCDEF by 3 digests of the reciprocal of ab
 	 *
 	 */
-	i=BN_num_bits(m);
-
-	j=recp->num_bits*2;
-	if (j > i)
-		{
-		i=j;
-		ex=0;
-		}
-	else
-		{
-		ex=(i-j)/2;
-		}
 
-	j=i/2;
+	/* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */
+	i=BN_num_bits(m);
+	j=recp->num_bits<<1;
+	if (j>i) i=j;
 
+	/* Nr := round(2^i / N) */
 	if (i != recp->shift)
 		recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N),
-			i,ctx);
+			i,ctx); /* BN_reciprocal returns i, or -1 for an error */
+	if (recp->shift == -1) goto err;
 
-	if (!BN_rshift(a,m,j-ex)) goto err;
+	/* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
+	 *    = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
+	 *   <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
+	 *    = |m/N|
+	 */
+	if (!BN_rshift(a,m,recp->num_bits)) goto err;
 	if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err;
-	if (!BN_rshift(d,b,j+ex)) goto err;
+	if (!BN_rshift(d,b,i-recp->num_bits)) goto err;
 	d->neg=0;
+
 	if (!BN_mul(b,&(recp->N),d,ctx)) goto err;
 	if (!BN_usub(r,m,b)) goto err;
 	r->neg=0;
 
-	j=0;
 #if 1
+	j=0;
 	while (BN_ucmp(r,&(recp->N)) >= 0)
 		{
 		if (j++ > 2)
@@ -210,7 +202,7 @@ BN_CTX *ctx;
 	d->neg=m->neg^recp->N.neg;
 	ret=1;
 err:
-	ctx->tos=tos;
+	BN_CTX_end(ctx);
 	return(ret);
 	} 
 
@@ -218,24 +210,21 @@ err:
  * We actually calculate with an extra word of precision, so
  * we can do faster division if the remainder is not required.
  */
-int BN_reciprocal(r,m,len,ctx)
-BIGNUM *r;
-BIGNUM *m;
-int len;
-BN_CTX *ctx;
+/* r := 2^len / m */
+int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
 	{
 	int ret= -1;
 	BIGNUM t;
 
 	BN_init(&t);
 
-	BN_zero(&t);
+	if (!BN_zero(&t)) goto err;
 	if (!BN_set_bit(&t,len)) goto err;
 
 	if (!BN_div(r,NULL,&t,m,ctx)) goto err;
+
 	ret=len;
 err:
 	BN_free(&t);
 	return(ret);
 	}
-
diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c
index 944bf1794b..70f785ea18 100644
--- a/crypto/bn/bn_shift.c
+++ b/crypto/bn/bn_shift.c
@@ -60,9 +60,7 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-int BN_lshift1(r, a)
-BIGNUM *r;
-BIGNUM *a;
+int BN_lshift1(BIGNUM *r, const BIGNUM *a)
 	{
 	register BN_ULONG *ap,*rp,t,c;
 	int i;
@@ -94,9 +92,7 @@ BIGNUM *a;
 	return(1);
 	}
 
-int BN_rshift1(r, a)
-BIGNUM *r;
-BIGNUM *a;
+int BN_rshift1(BIGNUM *r, const BIGNUM *a)
 	{
 	BN_ULONG *ap,*rp,t,c;
 	int i;
@@ -125,18 +121,15 @@ BIGNUM *a;
 	return(1);
 	}
 
-int BN_lshift(r, a, n)
-BIGNUM *r;
-BIGNUM *a;
-int n;
+int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
 	{
 	int i,nw,lb,rb;
 	BN_ULONG *t,*f;
 	BN_ULONG l;
 
 	r->neg=a->neg;
-	if (bn_wexpand(r,a->top+(n/BN_BITS2)+1) == NULL) return(0);
 	nw=n/BN_BITS2;
+	if (bn_wexpand(r,a->top+nw+1) == NULL) return(0);
 	lb=n%BN_BITS2;
 	rb=BN_BITS2-lb;
 	f=a->d;
@@ -160,10 +153,7 @@ int n;
 	return(1);
 	}
 
-int BN_rshift(r, a, n)
-BIGNUM *r;
-BIGNUM *a;
-int n;
+int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
 	{
 	int i,j,nw,lb,rb;
 	BN_ULONG *t,*f;
@@ -172,7 +162,7 @@ int n;
 	nw=n/BN_BITS2;
 	rb=n%BN_BITS2;
 	lb=BN_BITS2-rb;
-	if (nw > a->top)
+	if (nw > a->top || a->top == 0)
 		{
 		BN_zero(r);
 		return(1);
@@ -182,6 +172,11 @@ int n;
 		r->neg=a->neg;
 		if (bn_wexpand(r,a->top-nw+1) == NULL) return(0);
 		}
+	else
+		{
+		if (n == 0)
+			return 1; /* or the copying loop will go berserk */
+		}
 
 	f= &(a->d[nw]);
 	t=r->d;
diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c
index 19ec0ddf84..c1d0cca438 100644
--- a/crypto/bn/bn_sqr.c
+++ b/crypto/bn/bn_sqr.c
@@ -62,19 +62,16 @@
 
 /* r must not be a */
 /* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */
-int BN_sqr(r, a, ctx)
-BIGNUM *r;
-BIGNUM *a;
-BN_CTX *ctx;
+int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
 	{
 	int max,al;
-	BIGNUM *tmp;
+	int ret = 0;
+	BIGNUM *tmp,*rr;
 
 #ifdef BN_COUNT
-printf("BN_sqr %d * %d\n",a->top,a->top);
+	fprintf(stderr,"BN_sqr %d * %d\n",a->top,a->top);
 #endif
 	bn_check_top(a);
-	tmp= &(ctx->bn[ctx->tos]);
 
 	al=a->top;
 	if (al <= 0)
@@ -83,26 +80,30 @@ printf("BN_sqr %d * %d\n",a->top,a->top);
 		return(1);
 		}
 
+	BN_CTX_start(ctx);
+	rr=(a != r) ? r : BN_CTX_get(ctx);
+	tmp=BN_CTX_get(ctx);
+	if (tmp == NULL) goto err;
+
 	max=(al+al);
-	if (bn_wexpand(r,max+1) == NULL) return(0);
+	if (bn_wexpand(rr,max+1) == NULL) goto err;
 
-	r->neg=0;
 	if (al == 4)
 		{
 #ifndef BN_SQR_COMBA
 		BN_ULONG t[8];
-		bn_sqr_normal(r->d,a->d,4,t);
+		bn_sqr_normal(rr->d,a->d,4,t);
 #else
-		bn_sqr_comba4(r->d,a->d);
+		bn_sqr_comba4(rr->d,a->d);
 #endif
 		}
 	else if (al == 8)
 		{
 #ifndef BN_SQR_COMBA
 		BN_ULONG t[16];
-		bn_sqr_normal(r->d,a->d,8,t);
+		bn_sqr_normal(rr->d,a->d,8,t);
 #else
-		bn_sqr_comba8(r->d,a->d);
+		bn_sqr_comba8(rr->d,a->d);
 #endif
 		}
 	else 
@@ -111,33 +112,48 @@ printf("BN_sqr %d * %d\n",a->top,a->top);
 		if (al < BN_SQR_RECURSIVE_SIZE_NORMAL)
 			{
 			BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL*2];
-			bn_sqr_normal(r->d,a->d,al,t);
+			bn_sqr_normal(rr->d,a->d,al,t);
 			}
 		else
 			{
-			if (bn_wexpand(tmp,2*max+1) == NULL) return(0);
-			bn_sqr_recursive(r->d,a->d,al,tmp->d);
+			int j,k;
+
+			j=BN_num_bits_word((BN_ULONG)al);
+			j=1<<(j-1);
+			k=j+j;
+			if (al == j)
+				{
+				if (bn_wexpand(tmp,k*2) == NULL) goto err;
+				bn_sqr_recursive(rr->d,a->d,al,tmp->d);
+				}
+			else
+				{
+				if (bn_wexpand(tmp,max) == NULL) goto err;
+				bn_sqr_normal(rr->d,a->d,al,tmp->d);
+				}
 			}
 #else
-		if (bn_wexpand(tmp,max) == NULL) return(0);
-		bn_sqr_normal(r->d,a->d,al,tmp->d);
+		if (bn_wexpand(tmp,max) == NULL) goto err;
+		bn_sqr_normal(rr->d,a->d,al,tmp->d);
 #endif
 		}
 
-	r->top=max;
-	if ((max > 0) && (r->d[max-1] == 0)) r->top--;
-	return(1);
+	rr->top=max;
+	rr->neg=0;
+	if ((max > 0) && (rr->d[max-1] == 0)) rr->top--;
+	if (rr != r) BN_copy(r,rr);
+	ret = 1;
+ err:
+	BN_CTX_end(ctx);
+	return(ret);
 	}
 
 /* tmp must have 2*n words */
-void bn_sqr_normal(r, a, n, tmp)
-BN_ULONG *r;
-BN_ULONG *a;
-int n;
-BN_ULONG *tmp;
+void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
 	{
 	int i,j,max;
-	BN_ULONG *ap,*rp;
+	const BN_ULONG *ap;
+	BN_ULONG *rp;
 
 	max=n*2;
 	ap=a;
@@ -172,26 +188,23 @@ BN_ULONG *tmp;
 
 #ifdef BN_RECURSION
 /* r is 2*n words in size,
- * a and b are both n words in size.
+ * a and b are both n words in size.    (There's not actually a 'b' here ...)
  * n must be a power of 2.
  * We multiply and return the result.
  * t must be 2*n words in size
- * We calulate
+ * We calculate
  * a[0]*b[0]
  * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
  * a[1]*b[1]
  */
-void bn_sqr_recursive(r,a,n2,t)
-BN_ULONG *r,*a;
-int n2;
-BN_ULONG *t;
+void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
 	{
 	int n=n2/2;
 	int zero,c1;
 	BN_ULONG ln,lo,*p;
 
 #ifdef BN_COUNT
-printf(" bn_sqr_recursive %d * %d\n",n2,n2);
+	fprintf(stderr," bn_sqr_recursive %d * %d\n",n2,n2);
 #endif
 	if (n2 == 4)
 		{
@@ -232,7 +245,7 @@ printf(" bn_sqr_recursive %d * %d\n",n2,n2);
 	if (!zero)
 		bn_sqr_recursive(&(t[n2]),t,n,p);
 	else
-		memset(&(t[n2]),0,n*sizeof(BN_ULONG));
+		memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
 	bn_sqr_recursive(r,a,n,p);
 	bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
 
@@ -241,17 +254,17 @@ printf(" bn_sqr_recursive %d * %d\n",n2,n2);
 	 * r[32] holds (b[1]*b[1])
 	 */
 
-	c1=bn_add_words(t,r,&(r[n2]),n2);
+	c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
 
 	/* t[32] is negative */
-	c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
+	c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
 
 	/* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
 	 * r[10] holds (a[0]*a[0])
 	 * r[32] holds (a[1]*a[1])
 	 * c1 holds the carry bits
 	 */
-	c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
+	c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
 	if (c1)
 		{
 		p= &(r[n+n2]);
diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
new file mode 100644
index 0000000000..463d4a8139
--- /dev/null
+++ b/crypto/bn/bn_sqrt.c
@@ -0,0 +1,388 @@
+/* crypto/bn/bn_mod.c */
+/* Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
+ * and Bodo Moeller for the OpenSSL project. */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+
+BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) 
+/* Returns 'ret' such that
+ *      ret^2 == a (mod p),
+ * using the Tonelli/Shanks algorithm (cf. Henri Cohen, "A Course
+ * in Algebraic Computational Number Theory", algorithm 1.5.1).
+ * 'p' must be prime!
+ */
+	{
+	BIGNUM *ret = in;
+	int err = 1;
+	int r;
+	BIGNUM *A, *b, *q, *t, *x, *y;
+	int e, i, j;
+	
+	if (!BN_is_odd(p) || BN_abs_is_word(p, 1))
+		{
+		if (BN_abs_is_word(p, 2))
+			{
+			if (ret == NULL)
+				ret = BN_new();
+			if (ret == NULL)
+				goto end;
+			if (!BN_set_word(ret, BN_is_bit_set(a, 0)))
+				{
+				BN_free(ret);
+				return NULL;
+				}
+			return ret;
+			}
+
+		BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+		return(NULL);
+		}
+
+	if (BN_is_zero(a) || BN_is_one(a))
+		{
+		if (ret == NULL)
+			ret = BN_new();
+		if (ret == NULL)
+			goto end;
+		if (!BN_set_word(ret, BN_is_one(a)))
+			{
+			BN_free(ret);
+			return NULL;
+			}
+		return ret;
+		}
+
+	BN_CTX_start(ctx);
+	A = BN_CTX_get(ctx);
+	b = BN_CTX_get(ctx);
+	q = BN_CTX_get(ctx);
+	t = BN_CTX_get(ctx);
+	x = BN_CTX_get(ctx);
+	y = BN_CTX_get(ctx);
+	if (y == NULL) goto end;
+	
+	if (ret == NULL)
+		ret = BN_new();
+	if (ret == NULL) goto end;
+
+	/* A = a mod p */
+	if (!BN_nnmod(A, a, p, ctx)) goto end;
+
+	/* now write  |p| - 1  as  2^e*q  where  q  is odd */
+	e = 1;
+	while (!BN_is_bit_set(p, e))
+		e++;
+	/* we'll set  q  later (if needed) */
+
+	if (e == 1)
+		{
+		/* The easy case:  (|p|-1)/2  is odd, so 2 has an inverse
+		 * modulo  (|p|-1)/2,  and square roots can be computed
+		 * directly by modular exponentiation.
+		 * We have
+		 *     2 * (|p|+1)/4 == 1   (mod (|p|-1)/2),
+		 * so we can use exponent  (|p|+1)/4,  i.e.  (|p|-3)/4 + 1.
+		 */
+		if (!BN_rshift(q, p, 2)) goto end;
+		q->neg = 0;
+		if (!BN_add_word(q, 1)) goto end;
+		if (!BN_mod_exp(ret, A, q, p, ctx)) goto end;
+		err = 0;
+		goto vrfy;
+		}
+	
+	if (e == 2)
+		{
+		/* |p| == 5  (mod 8)
+		 *
+		 * In this case  2  is always a non-square since
+		 * Legendre(2,p) = (-1)^((p^2-1)/8)  for any odd prime.
+		 * So if  a  really is a square, then  2*a  is a non-square.
+		 * Thus for
+		 *      b := (2*a)^((|p|-5)/8),
+		 *      i := (2*a)*b^2
+		 * we have
+		 *     i^2 = (2*a)^((1 + (|p|-5)/4)*2)
+		 *         = (2*a)^((p-1)/2)
+		 *         = -1;
+		 * so if we set
+		 *      x := a*b*(i-1),
+		 * then
+		 *     x^2 = a^2 * b^2 * (i^2 - 2*i + 1)
+		 *         = a^2 * b^2 * (-2*i)
+		 *         = a*(-i)*(2*a*b^2)
+		 *         = a*(-i)*i
+		 *         = a.
+		 *
+		 * (This is due to A.O.L. Atkin, 
+		 * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,
+		 * November 1992.)
+		 */
+
+		/* t := 2*a */
+		if (!BN_mod_lshift1_quick(t, A, p)) goto end;
+
+		/* b := (2*a)^((|p|-5)/8) */
+		if (!BN_rshift(q, p, 3)) goto end;
+		q->neg = 0;
+		if (!BN_mod_exp(b, t, q, p, ctx)) goto end;
+
+		/* y := b^2 */
+		if (!BN_mod_sqr(y, b, p, ctx)) goto end;
+
+		/* t := (2*a)*b^2 - 1*/
+		if (!BN_mod_mul(t, t, y, p, ctx)) goto end;
+		if (!BN_sub_word(t, 1)) goto end;
+
+		/* x = a*b*t */
+		if (!BN_mod_mul(x, A, b, p, ctx)) goto end;
+		if (!BN_mod_mul(x, x, t, p, ctx)) goto end;
+
+		if (!BN_copy(ret, x)) goto end;
+		err = 0;
+		goto vrfy;
+		}
+	
+	/* e > 2, so we really have to use the Tonelli/Shanks algorithm.
+	 * First, find some  y  that is not a square. */
+	if (!BN_copy(q, p)) goto end; /* use 'q' as temp */
+	q->neg = 0;
+	i = 2;
+	do
+		{
+		/* For efficiency, try small numbers first;
+		 * if this fails, try random numbers.
+		 */
+		if (i < 22)
+			{
+			if (!BN_set_word(y, i)) goto end;
+			}
+		else
+			{
+			if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0)) goto end;
+			if (BN_ucmp(y, p) >= 0)
+				{
+				if (!(p->neg ? BN_add : BN_sub)(y, y, p)) goto end;
+				}
+			/* now 0 <= y < |p| */
+			if (BN_is_zero(y))
+				if (!BN_set_word(y, i)) goto end;
+			}
+		
+		r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */
+		if (r < -1) goto end;
+		if (r == 0)
+			{
+			/* m divides p */
+			BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+			goto end;
+			}
+		}
+	while (r == 1 && ++i < 82);
+	
+	if (r != -1)
+		{
+		/* Many rounds and still no non-square -- this is more likely
+		 * a bug than just bad luck.
+		 * Even if  p  is not prime, we should have found some  y
+		 * such that r == -1.
+		 */
+		BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS);
+		goto end;
+		}
+
+	/* Here's our actual 'q': */
+	if (!BN_rshift(q, q, e)) goto end;
+
+	/* Now that we have some non-square, we can find an element
+	 * of order  2^e  by computing its q'th power. */
+	if (!BN_mod_exp(y, y, q, p, ctx)) goto end;
+	if (BN_is_one(y))
+		{
+		BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+		goto end;
+		}
+
+	/* Now we know that (if  p  is indeed prime) there is an integer
+	 * k,  0 <= k < 2^e,  such that
+	 *
+	 *      a^q * y^k == 1   (mod p).
+	 *
+	 * As  a^q  is a square and  y  is not,  k  must be even.
+	 * q+1  is even, too, so there is an element
+	 *
+	 *     X := a^((q+1)/2) * y^(k/2),
+	 *
+	 * and it satisfies
+	 *
+	 *     X^2 = a^q * a     * y^k
+	 *         = a,
+	 *
+	 * so it is the square root that we are looking for.
+	 */
+	
+	/* t := (q-1)/2  (note that  q  is odd) */
+	if (!BN_rshift1(t, q)) goto end;
+	
+	/* x := a^((q-1)/2) */
+	if (BN_is_zero(t)) /* special case: p = 2^e + 1 */
+		{
+		if (!BN_nnmod(t, A, p, ctx)) goto end;
+		if (BN_is_zero(t))
+			{
+			/* special case: a == 0  (mod p) */
+			if (!BN_zero(ret)) goto end;
+			err = 0;
+			goto end;
+			}
+		else
+			if (!BN_one(x)) goto end;
+		}
+	else
+		{
+		if (!BN_mod_exp(x, A, t, p, ctx)) goto end;
+		if (BN_is_zero(x))
+			{
+			/* special case: a == 0  (mod p) */
+			if (!BN_zero(ret)) goto end;
+			err = 0;
+			goto end;
+			}
+		}
+
+	/* b := a*x^2  (= a^q) */
+	if (!BN_mod_sqr(b, x, p, ctx)) goto end;
+	if (!BN_mod_mul(b, b, A, p, ctx)) goto end;
+	
+	/* x := a*x    (= a^((q+1)/2)) */
+	if (!BN_mod_mul(x, x, A, p, ctx)) goto end;
+
+	while (1)
+		{
+		/* Now  b  is  a^q * y^k  for some even  k  (0 <= k < 2^E
+		 * where  E  refers to the original value of  e,  which we
+		 * don't keep in a variable),  and  x  is  a^((q+1)/2) * y^(k/2).
+		 *
+		 * We have  a*b = x^2,
+		 *    y^2^(e-1) = -1,
+		 *    b^2^(e-1) = 1.
+		 */
+
+		if (BN_is_one(b))
+			{
+			if (!BN_copy(ret, x)) goto end;
+			err = 0;
+			goto vrfy;
+			}
+
+
+		/* find smallest  i  such that  b^(2^i) = 1 */
+		i = 1;
+		if (!BN_mod_sqr(t, b, p, ctx)) goto end;
+		while (!BN_is_one(t))
+			{
+			i++;
+			if (i == e)
+				{
+				BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+				goto end;
+				}
+			if (!BN_mod_mul(t, t, t, p, ctx)) goto end;
+			}
+		
+
+		/* t := y^2^(e - i - 1) */
+		if (!BN_copy(t, y)) goto end;
+		for (j = e - i - 1; j > 0; j--)
+			{
+			if (!BN_mod_sqr(t, t, p, ctx)) goto end;
+			}
+		if (!BN_mod_mul(y, t, t, p, ctx)) goto end;
+		if (!BN_mod_mul(x, x, t, p, ctx)) goto end;
+		if (!BN_mod_mul(b, b, y, p, ctx)) goto end;
+		e = i;
+		}
+
+ vrfy:
+	if (!err)
+		{
+		/* verify the result -- the input might have been not a square
+		 * (test added in 0.9.8) */
+		
+		if (!BN_mod_sqr(x, ret, p, ctx))
+			err = 1;
+		
+		if (!err && 0 != BN_cmp(x, A))
+			{
+			BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+			err = 1;
+			}
+		}
+
+ end:
+	if (err)
+		{
+		if (ret != NULL && ret != in)
+			{
+			BN_clear_free(ret);
+			}
+		ret = NULL;
+		}
+	BN_CTX_end(ctx);
+	return ret;
+	}
diff --git a/crypto/bn/bn_word.c b/crypto/bn/bn_word.c
index 9c168e4f48..988e0ca7b3 100644
--- a/crypto/bn/bn_word.c
+++ b/crypto/bn/bn_word.c
@@ -60,9 +60,7 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-BN_ULONG BN_mod_word(a, w)
-BIGNUM *a;
-BN_ULONG w;
+BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
 	{
 #ifndef BN_LLONG
 	BN_ULONG ret=0;
@@ -85,9 +83,7 @@ BN_ULONG w;
 	return((BN_ULONG)ret);
 	}
 
-BN_ULONG BN_div_word(a, w)
-BIGNUM *a;
-BN_ULONG w;
+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
 	{
 	BN_ULONG ret;
 	int i;
@@ -109,9 +105,7 @@ BN_ULONG w;
 	return(ret);
 	}
 
-int BN_add_word(a, w)
-BIGNUM *a;
-BN_ULONG w;
+int BN_add_word(BIGNUM *a, BN_ULONG w)
 	{
 	BN_ULONG l;
 	int i;
@@ -121,7 +115,7 @@ BN_ULONG w;
 		a->neg=0;
 		i=BN_sub_word(a,w);
 		if (!BN_is_zero(a))
-			a->neg=1;
+			a->neg=!(a->neg);
 		return(i);
 		}
 	w&=BN_MASK2;
@@ -129,7 +123,10 @@ BN_ULONG w;
 	i=0;
 	for (;;)
 		{
-		l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
+		if (i >= a->top)
+			l=w;
+		else
+			l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
 		a->d[i]=l;
 		if (w > l)
 			w=1;
@@ -142,13 +139,11 @@ BN_ULONG w;
 	return(1);
 	}
 
-int BN_sub_word(a, w)
-BIGNUM *a;
-BN_ULONG w;
+int BN_sub_word(BIGNUM *a, BN_ULONG w)
 	{
 	int i;
 
-	if (a->neg)
+	if (BN_is_zero(a) || a->neg)
 		{
 		a->neg=0;
 		i=BN_add_word(a,w);
@@ -183,20 +178,23 @@ BN_ULONG w;
 	return(1);
 	}
 
-int BN_mul_word(a,w)
-BIGNUM *a;
-BN_ULONG w;
+int BN_mul_word(BIGNUM *a, BN_ULONG w)
 	{
 	BN_ULONG ll;
 
 	w&=BN_MASK2;
 	if (a->top)
 		{
-		ll=bn_mul_words(a->d,a->d,a->top,w);
-		if (ll)
+		if (w == 0)
+			BN_zero(a);
+		else
 			{
-			if (bn_wexpand(a,a->top+1) == NULL) return(0);
-			a->d[a->top++]=ll;
+			ll=bn_mul_words(a->d,a->d,a->top,w);
+			if (ll)
+				{
+				if (bn_wexpand(a,a->top+1) == NULL) return(0);
+				a->d[a->top++]=ll;
+				}
 			}
 		}
 	return(1);
diff --git a/crypto/bn/bnspeed.c b/crypto/bn/bnspeed.c
index 777212c1ba..b554ac8cf8 100644
--- a/crypto/bn/bnspeed.c
+++ b/crypto/bn/bnspeed.c
@@ -1,3 +1,5 @@
+/* unused */
+
 /* crypto/bn/bnspeed.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
@@ -66,14 +68,13 @@
 #include <stdlib.h>
 #include <signal.h>
 #include <string.h>
-#include "crypto.h"
-#include "err.h"
+#include <openssl/crypto.h>
+#include <openssl/err.h>
 
-#ifndef MSDOS
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
 #define TIMES
 #endif
 
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -81,15 +82,15 @@
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
@@ -100,18 +101,14 @@ struct tms {
 #include <sys/param.h>
 #endif
 
-#include "bn.h"
-#include "x509.h"
+#include <openssl/bn.h>
+#include <openssl/x509.h>
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
 # ifndef CLK_TCK
 #  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-#   ifndef VMS
-#    define HZ	100.0
-#   else /* VMS */
-#    define HZ	100.0
-#   endif
+#   define HZ	100.0
 #  else /* _BSD_CLK_TCK_ */
 #   define HZ ((double)_BSD_CLK_TCK_)
 #  endif
@@ -124,17 +121,11 @@ struct tms {
 #define BUFSIZE	((long)1024*8)
 int run=0;
 
-#ifndef NOPROTO
 static double Time_F(int s);
-#else
-static double Time_F();
-#endif
-
 #define START	0
 #define STOP	1
 
-static double Time_F(s)
-int s;
+static double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -176,9 +167,7 @@ static int sizes[NUM_SIZES]={128,256,512,1024,2048};
 
 void do_mul(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_CTX *ctx); 
 
-int main(argc,argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	BN_CTX *ctx;
 	BIGNUM a,b,c;
@@ -191,11 +180,7 @@ char **argv;
 	do_mul(&a,&b,&c,ctx);
 	}
 
-void do_mul(r,a,b,ctx)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *b;
-BN_CTX *ctx;
+void do_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
 	{
 	int i,j,k;
 	double tm;
diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c
index ec48bad738..d87ccf9c6a 100644
--- a/crypto/bn/bntest.c
+++ b/crypto/bn/bntest.c
@@ -55,28 +55,46 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the Eric Young open source
+ * license provided above.
+ *
+ * The binary polynomial arithmetic software is originally written by 
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
 
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+
 #include "e_os.h"
-#include "bio.h"
-#include "bn.h"
-#include "rand.h"
-#include "x509.h"
-#include "err.h"
 
-#ifdef WINDOWS
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+
+#ifdef OPENSSL_SYS_WINDOWS
 #include "../bio/bss_file.c"
 #endif
 
-#ifndef NOPROTO
+const int num0 = 100; /* number of tests */
+const int num1 = 50;  /* additional tests for some functions */
+const int num2 = 5;   /* number of tests for slow functions */
+
 int test_add(BIO *bp);
 int test_sub(BIO *bp);
 int test_lshift1(BIO *bp);
-int test_lshift(BIO *bp);
+int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_);
 int test_rshift1(BIO *bp);
-int test_rshift(BIO *bp);
+int test_rshift(BIO *bp,BN_CTX *ctx);
 int test_div(BIO *bp,BN_CTX *ctx);
 int test_div_recp(BIO *bp,BN_CTX *ctx);
 int test_mul(BIO *bp);
@@ -85,40 +103,48 @@ int test_mont(BIO *bp,BN_CTX *ctx);
 int test_mod(BIO *bp,BN_CTX *ctx);
 int test_mod_mul(BIO *bp,BN_CTX *ctx);
 int test_mod_exp(BIO *bp,BN_CTX *ctx);
+int test_exp(BIO *bp,BN_CTX *ctx);
+int test_gf2m_add(BIO *bp);
+int test_gf2m_mod(BIO *bp);
+int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx);
+int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx);
+int test_kron(BIO *bp,BN_CTX *ctx);
+int test_sqrt(BIO *bp,BN_CTX *ctx);
 int rand_neg(void);
-#else
-int test_add ();
-int test_sub ();
-int test_lshift1 ();
-int test_lshift ();
-int test_rshift1 ();
-int test_rshift ();
-int test_div ();
-int test_mul ();
-int test_sqr ();
-int test_mont ();
-int test_mod ();
-int test_mod_mul ();
-int test_mod_exp ();
-int rand_neg();
-#endif
-
 static int results=0;
 
-#ifdef NO_STDIO
+#ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #include "bss_file.c"
 #endif
 
-int main(argc,argv)
-int argc;
-char *argv[];
+static unsigned char lst[]="\xC6\x4F\x43\x04\x2A\xEA\xCA\x6E\x58\x36\x80\x5B\xE8\xC9"
+"\x9B\x04\x5D\x48\x36\xC2\xFD\x16\xC9\x64\xF0";
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+static void message(BIO *out, char *m)
+	{
+	fprintf(stderr, "test %s\n", m);
+	BIO_puts(out, "print \"test ");
+	BIO_puts(out, m);
+	BIO_puts(out, "\\n\"\n");
+	}
+
+int main(int argc, char *argv[])
 	{
 	BN_CTX *ctx;
 	BIO *out;
 	char *outfile=NULL;
 
-	srand((unsigned int)time(NULL));
+	results = 0;
+
+	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
 
 	argc--;
 	argv++;
@@ -137,10 +163,10 @@ char *argv[];
 
 
 	ctx=BN_CTX_new();
-	if (ctx == NULL) exit(1);
+	if (ctx == NULL) EXIT(1);
 
 	out=BIO_new(BIO_s_file());
-	if (out == NULL) exit(1);
+	if (out == NULL) EXIT(1);
 	if (outfile == NULL)
 		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
@@ -150,99 +176,152 @@ char *argv[];
 		if (!BIO_write_filename(out,outfile))
 			{
 			perror(outfile);
-			exit(1);
+			EXIT(1);
 			}
 		}
 
 	if (!results)
 		BIO_puts(out,"obase=16\nibase=16\n");
 
-	fprintf(stderr,"test BN_add\n");
+	message(out,"BN_add");
 	if (!test_add(out)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
-	fprintf(stderr,"test BN_sub\n");
+	message(out,"BN_sub");
 	if (!test_sub(out)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
-	fprintf(stderr,"test BN_lshift1\n");
+	message(out,"BN_lshift1");
 	if (!test_lshift1(out)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
+
+	message(out,"BN_lshift (fixed)");
+	if (!test_lshift(out,ctx,BN_bin2bn(lst,sizeof(lst)-1,NULL)))
+	    goto err;
+	BIO_flush(out);
 
-	fprintf(stderr,"test BN_lshift\n");
-	if (!test_lshift(out)) goto err;
-	fflush(stdout);
+	message(out,"BN_lshift");
+	if (!test_lshift(out,ctx,NULL)) goto err;
+	BIO_flush(out);
 
-	fprintf(stderr,"test BN_rshift1\n");
+	message(out,"BN_rshift1");
 	if (!test_rshift1(out)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
-	fprintf(stderr,"test BN_rshift\n");
-	if (!test_rshift(out)) goto err;
-	fflush(stdout);
+	message(out,"BN_rshift");
+	if (!test_rshift(out,ctx)) goto err;
+	BIO_flush(out);
 
-	fprintf(stderr,"test BN_sqr\n");
+	message(out,"BN_sqr");
 	if (!test_sqr(out,ctx)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
-	fprintf(stderr,"test BN_mul\n");
+	message(out,"BN_mul");
 	if (!test_mul(out)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
-	fprintf(stderr,"test BN_div\n");
+	message(out,"BN_div");
 	if (!test_div(out,ctx)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
-	fprintf(stderr,"test BN_div_recp\n");
+	message(out,"BN_div_recp");
 	if (!test_div_recp(out,ctx)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
-	fprintf(stderr,"test BN_mod\n");
+	message(out,"BN_mod");
 	if (!test_mod(out,ctx)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
-	fprintf(stderr,"test BN_mod_mul\n");
+	message(out,"BN_mod_mul");
 	if (!test_mod_mul(out,ctx)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
 
-/*
-	fprintf(stderr,"test BN_mont\n");
+	message(out,"BN_mont");
 	if (!test_mont(out,ctx)) goto err;
-	fflush(stdout);
-*/
-	fprintf(stderr,"test BN_mod_exp\n");
+	BIO_flush(out);
+
+	message(out,"BN_mod_exp");
 	if (!test_mod_exp(out,ctx)) goto err;
-	fflush(stdout);
+	BIO_flush(out);
+
+	message(out,"BN_exp");
+	if (!test_exp(out,ctx)) goto err;
+	BIO_flush(out);
+
+	message(out,"BN_kronecker");
+	if (!test_kron(out,ctx)) goto err;
+	BIO_flush(out);
+
+	message(out,"BN_mod_sqrt");
+	if (!test_sqrt(out,ctx)) goto err;
+	BIO_flush(out);
+
+	message(out,"BN_GF2m_add");
+	if (!test_gf2m_add(out)) goto err;
+	BIO_flush(out);
+
+	message(out,"BN_GF2m_mod");
+	if (!test_gf2m_mod(out)) goto err;
+	BIO_flush(out);
+
+	message(out,"BN_GF2m_mod_mul");
+	if (!test_gf2m_mod_mul(out,ctx)) goto err;
+	BIO_flush(out);
+
+	message(out,"BN_GF2m_mod_sqr");
+	if (!test_gf2m_mod_sqr(out,ctx)) goto err;
+	BIO_flush(out);
+
+	message(out,"BN_GF2m_mod_inv");
+	if (!test_gf2m_mod_inv(out,ctx)) goto err;
+	BIO_flush(out);
+
+	message(out,"BN_GF2m_mod_div");
+	if (!test_gf2m_mod_div(out,ctx)) goto err;
+	BIO_flush(out);
+
+	message(out,"BN_GF2m_mod_exp");
+	if (!test_gf2m_mod_exp(out,ctx)) goto err;
+	BIO_flush(out);
+
+	message(out,"BN_GF2m_mod_sqrt");
+	if (!test_gf2m_mod_sqrt(out,ctx)) goto err;
+	BIO_flush(out);
+
+	message(out,"BN_GF2m_mod_solve_quad");
+	if (!test_gf2m_mod_solve_quad(out,ctx)) goto err;
+	BIO_flush(out);
+
+	BN_CTX_free(ctx);
+	BIO_free(out);
 
 /**/
-	exit(0);
+	EXIT(0);
 err:
+	BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
+	                      * the failure, see test_bn in test/Makefile.ssl*/
+	BIO_flush(out);
 	ERR_load_crypto_strings();
-	ERR_print_errors(out);
-	exit(1);
+	ERR_print_errors_fp(stderr);
+	EXIT(1);
 	return(1);
 	}
 
-int test_add(bp)
-BIO *bp;
+int test_add(BIO *bp)
 	{
 	BIGNUM a,b,c;
 	int i;
-	int j;
 
 	BN_init(&a);
 	BN_init(&b);
 	BN_init(&c);
 
-	BN_rand(&a,512,0,0);
-	for (i=0; i<100; i++)
+	BN_bntest_rand(&a,512,0,0);
+	for (i=0; i<num0; i++)
 		{
-		BN_rand(&b,450+i,0,0);
+		BN_bntest_rand(&b,450+i,0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
-		if (bp == NULL)
-			for (j=0; j<10000; j++)
-				BN_add(&c,&a,&b);
 		BN_add(&c,&a,&b);
 		if (bp != NULL)
 			{
@@ -256,6 +335,15 @@ BIO *bp;
 			BN_print(bp,&c);
 			BIO_puts(bp,"\n");
 			}
+		a.neg=!a.neg;
+		b.neg=!b.neg;
+		BN_add(&c,&c,&b);
+		BN_add(&c,&c,&a);
+		if(!BN_is_zero(&c))
+		    {
+		    fprintf(stderr,"Add test failed!\n");
+		    return 0;
+		    }
 		}
 	BN_free(&a);
 	BN_free(&b);
@@ -263,26 +351,30 @@ BIO *bp;
 	return(1);
 	}
 
-int test_sub(bp)
-BIO *bp;
+int test_sub(BIO *bp)
 	{
 	BIGNUM a,b,c;
 	int i;
-	int j;
 
 	BN_init(&a);
 	BN_init(&b);
 	BN_init(&c);
 
-	BN_rand(&a,512,0,0);
-	for (i=0; i<100; i++)
+	for (i=0; i<num0+num1; i++)
 		{
-		BN_rand(&b,400+i,0,0);
-		a.neg=rand_neg();
-		b.neg=rand_neg();
-		if (bp == NULL)
-			for (j=0; j<10000; j++)
-				BN_sub(&c,&a,&b);
+		if (i < num1)
+			{
+			BN_bntest_rand(&a,512,0,0);
+			BN_copy(&b,&a);
+			if (BN_set_bit(&a,i)==0) return(0);
+			BN_add_word(&b,i);
+			}
+		else
+			{
+			BN_bntest_rand(&b,400+i-num1,0,0);
+			a.neg=rand_neg();
+			b.neg=rand_neg();
+			}
 		BN_sub(&c,&a,&b);
 		if (bp != NULL)
 			{
@@ -296,6 +388,13 @@ BIO *bp;
 			BN_print(bp,&c);
 			BIO_puts(bp,"\n");
 			}
+		BN_add(&c,&c,&b);
+		BN_sub(&c,&c,&a);
+		if(!BN_is_zero(&c))
+		    {
+		    fprintf(stderr,"Subtract test failed!\n");
+		    return 0;
+		    }
 		}
 	BN_free(&a);
 	BN_free(&b);
@@ -303,28 +402,30 @@ BIO *bp;
 	return(1);
 	}
 
-int test_div(bp,ctx)
-BIO *bp;
-BN_CTX *ctx;
+int test_div(BIO *bp, BN_CTX *ctx)
 	{
-	BIGNUM a,b,c,d;
+	BIGNUM a,b,c,d,e;
 	int i;
-	int j;
 
 	BN_init(&a);
 	BN_init(&b);
 	BN_init(&c);
 	BN_init(&d);
+	BN_init(&e);
 
-	BN_rand(&a,400,0,0);
-	for (i=0; i<100; i++)
+	for (i=0; i<num0+num1; i++)
 		{
-		BN_rand(&b,50+i,0,0);
+		if (i < num1)
+			{
+			BN_bntest_rand(&a,400,0,0);
+			BN_copy(&b,&a);
+			BN_lshift(&a,&a,i);
+			BN_add_word(&a,i);
+			}
+		else
+			BN_bntest_rand(&b,50+3*(i-num1),0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
-		if (bp == NULL)
-			for (j=0; j<100; j++)
-				BN_div(&d,&c,&a,&b,ctx);
 		BN_div(&d,&c,&a,&b,ctx);
 		if (bp != NULL)
 			{
@@ -348,39 +449,50 @@ BN_CTX *ctx;
 			BN_print(bp,&c);
 			BIO_puts(bp,"\n");
 			}
+		BN_mul(&e,&d,&b,ctx);
+		BN_add(&d,&e,&c);
+		BN_sub(&d,&d,&a);
+		if(!BN_is_zero(&d))
+		    {
+		    fprintf(stderr,"Division test failed!\n");
+		    return 0;
+		    }
 		}
 	BN_free(&a);
 	BN_free(&b);
 	BN_free(&c);
 	BN_free(&d);
+	BN_free(&e);
 	return(1);
 	}
 
-int test_div_recp(bp,ctx)
-BIO *bp;
-BN_CTX *ctx;
+int test_div_recp(BIO *bp, BN_CTX *ctx)
 	{
-	BIGNUM a,b,c,d;
+	BIGNUM a,b,c,d,e;
 	BN_RECP_CTX recp;
 	int i;
-	int j;
 
 	BN_RECP_CTX_init(&recp);
 	BN_init(&a);
 	BN_init(&b);
 	BN_init(&c);
 	BN_init(&d);
+	BN_init(&e);
 
-	BN_rand(&a,400,0,0);
-	for (i=0; i<100; i++)
+	for (i=0; i<num0+num1; i++)
 		{
-		BN_rand(&b,50+i,0,0);
+		if (i < num1)
+			{
+			BN_bntest_rand(&a,400,0,0);
+			BN_copy(&b,&a);
+			BN_lshift(&a,&a,i);
+			BN_add_word(&a,i);
+			}
+		else
+			BN_bntest_rand(&b,50+3*(i-num1),0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
 		BN_RECP_CTX_set(&recp,&b,ctx);
-		if (bp == NULL)
-			for (j=0; j<100; j++)
-				BN_div_recp(&d,&c,&a,&recp,ctx);
 		BN_div_recp(&d,&c,&a,&recp,ctx);
 		if (bp != NULL)
 			{
@@ -404,40 +516,56 @@ BN_CTX *ctx;
 			BN_print(bp,&c);
 			BIO_puts(bp,"\n");
 			}
+		BN_mul(&e,&d,&b,ctx);
+		BN_add(&d,&e,&c);
+		BN_sub(&d,&d,&a);
+		if(!BN_is_zero(&d))
+		    {
+		    fprintf(stderr,"Reciprocal division test failed!\n");
+		    fprintf(stderr,"a=");
+		    BN_print_fp(stderr,&a);
+		    fprintf(stderr,"\nb=");
+		    BN_print_fp(stderr,&b);
+		    fprintf(stderr,"\n");
+		    return 0;
+		    }
 		}
 	BN_free(&a);
 	BN_free(&b);
 	BN_free(&c);
 	BN_free(&d);
+	BN_free(&e);
 	BN_RECP_CTX_free(&recp);
 	return(1);
 	}
 
-int test_mul(bp)
-BIO *bp;
+int test_mul(BIO *bp)
 	{
-	BIGNUM a,b,c;
+	BIGNUM a,b,c,d,e;
 	int i;
-	int j;
-	BN_CTX ctx;
+	BN_CTX *ctx;
 
-	BN_CTX_init(&ctx);
+	ctx = BN_CTX_new();
+	if (ctx == NULL) EXIT(1);
+	
 	BN_init(&a);
 	BN_init(&b);
 	BN_init(&c);
+	BN_init(&d);
+	BN_init(&e);
 
-	BN_rand(&a,200,0,0);
-	for (i=0; i<100; i++)
+	for (i=0; i<num0+num1; i++)
 		{
-		BN_rand(&b,250+i,0,0);
-		BN_rand(&b,200,0,0);
+		if (i <= num1)
+			{
+			BN_bntest_rand(&a,100,0,0);
+			BN_bntest_rand(&b,100,0,0);
+			}
+		else
+			BN_bntest_rand(&b,i-num1,0,0);
 		a.neg=rand_neg();
 		b.neg=rand_neg();
-		if (bp == NULL)
-			for (j=0; j<100; j++)
-				BN_mul(&c,&a,&b,&ctx);
-		BN_mul(&c,&a,&b,&ctx);
-/*bn_do(&c,&a,&b,ctx); */
+		BN_mul(&c,&a,&b,ctx);
 		if (bp != NULL)
 			{
 			if (!results)
@@ -450,32 +578,37 @@ BIO *bp;
 			BN_print(bp,&c);
 			BIO_puts(bp,"\n");
 			}
+		BN_div(&d,&e,&c,&a,ctx);
+		BN_sub(&d,&d,&b);
+		if(!BN_is_zero(&d) || !BN_is_zero(&e))
+		    {
+		    fprintf(stderr,"Multiplication test failed!\n");
+		    return 0;
+		    }
 		}
 	BN_free(&a);
 	BN_free(&b);
 	BN_free(&c);
-	BN_CTX_free(&ctx);
+	BN_free(&d);
+	BN_free(&e);
+	BN_CTX_free(ctx);
 	return(1);
 	}
 
-int test_sqr(bp,ctx)
-BIO *bp;
-BN_CTX *ctx;
+int test_sqr(BIO *bp, BN_CTX *ctx)
 	{
-	BIGNUM a,c;
+	BIGNUM a,c,d,e;
 	int i;
-	int j;
 
 	BN_init(&a);
 	BN_init(&c);
+	BN_init(&d);
+	BN_init(&e);
 
-	for (i=0; i<40; i++)
+	for (i=0; i<num0; i++)
 		{
-		BN_rand(&a,40+i*10,0,0);
+		BN_bntest_rand(&a,40+i*10,0,0);
 		a.neg=rand_neg();
-		if (bp == NULL)
-			for (j=0; j<100; j++)
-				BN_sqr(&c,&a,ctx);
 		BN_sqr(&c,&a,ctx);
 		if (bp != NULL)
 			{
@@ -489,44 +622,55 @@ BN_CTX *ctx;
 			BN_print(bp,&c);
 			BIO_puts(bp,"\n");
 			}
+		BN_div(&d,&e,&c,&a,ctx);
+		BN_sub(&d,&d,&a);
+		if(!BN_is_zero(&d) || !BN_is_zero(&e))
+		    {
+		    fprintf(stderr,"Square test failed!\n");
+		    return 0;
+		    }
 		}
 	BN_free(&a);
 	BN_free(&c);
+	BN_free(&d);
+	BN_free(&e);
 	return(1);
 	}
 
-int test_mont(bp,ctx)
-BIO *bp;
-BN_CTX *ctx;
+int test_mont(BIO *bp, BN_CTX *ctx)
 	{
-	BIGNUM a,b,c,A,B;
+	BIGNUM a,b,c,d,A,B;
 	BIGNUM n;
 	int i;
-	int j;
 	BN_MONT_CTX *mont;
 
 	BN_init(&a);
 	BN_init(&b);
 	BN_init(&c);
+	BN_init(&d);
 	BN_init(&A);
 	BN_init(&B);
 	BN_init(&n);
 
 	mont=BN_MONT_CTX_new();
 
-	BN_rand(&a,100,0,0); /**/
-	BN_rand(&b,100,0,0); /**/
-	for (i=0; i<10; i++)
+	BN_bntest_rand(&a,100,0,0); /**/
+	BN_bntest_rand(&b,100,0,0); /**/
+	for (i=0; i<num2; i++)
 		{
-		BN_rand(&n,(100%BN_BITS2+1)*BN_BITS2*i*BN_BITS2,0,1); /**/
+		int bits = (200*(i+1))/num2;
+
+		if (bits == 0)
+			continue;
+		BN_bntest_rand(&n,bits,0,1);
 		BN_MONT_CTX_set(mont,&n,ctx);
 
+		BN_nnmod(&a,&a,&n,ctx);
+		BN_nnmod(&b,&b,&n,ctx);
+
 		BN_to_montgomery(&A,&a,mont,ctx);
 		BN_to_montgomery(&B,&b,mont,ctx);
 
-		if (bp == NULL)
-			for (j=0; j<100; j++)
-				BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
 		BN_mod_mul_montgomery(&c,&A,&B,mont,ctx);/**/
 		BN_from_montgomery(&A,&c,mont,ctx);/**/
 		if (bp != NULL)
@@ -549,35 +693,42 @@ BN_num_bits(mont->N));
 			BN_print(bp,&A);
 			BIO_puts(bp,"\n");
 			}
+		BN_mod_mul(&d,&a,&b,&n,ctx);
+		BN_sub(&d,&d,&A);
+		if(!BN_is_zero(&d))
+		    {
+		    fprintf(stderr,"Montgomery multiplication test failed!\n");
+		    return 0;
+		    }
 		}
 	BN_MONT_CTX_free(mont);
 	BN_free(&a);
 	BN_free(&b);
 	BN_free(&c);
+	BN_free(&d);
+	BN_free(&A);
+	BN_free(&B);
+	BN_free(&n);
 	return(1);
 	}
 
-int test_mod(bp,ctx)
-BIO *bp;
-BN_CTX *ctx;
+int test_mod(BIO *bp, BN_CTX *ctx)
 	{
-	BIGNUM *a,*b,*c;
+	BIGNUM *a,*b,*c,*d,*e;
 	int i;
-	int j;
 
 	a=BN_new();
 	b=BN_new();
 	c=BN_new();
+	d=BN_new();
+	e=BN_new();
 
-	BN_rand(a,1024,0,0); /**/
-	for (i=0; i<20; i++)
+	BN_bntest_rand(a,1024,0,0); /**/
+	for (i=0; i<num0; i++)
 		{
-		BN_rand(b,450+i*10,0,0); /**/
+		BN_bntest_rand(b,450+i*10,0,0); /**/
 		a->neg=rand_neg();
 		b->neg=rand_neg();
-		if (bp == NULL)
-			for (j=0; j<100; j++)
-				BN_mod(c,a,b,ctx);/**/
 		BN_mod(c,a,b,ctx);/**/
 		if (bp != NULL)
 			{
@@ -591,19 +742,26 @@ BN_CTX *ctx;
 			BN_print(bp,c);
 			BIO_puts(bp,"\n");
 			}
+		BN_div(d,e,a,b,ctx);
+		BN_sub(e,e,c);
+		if(!BN_is_zero(e))
+		    {
+		    fprintf(stderr,"Modulo test failed!\n");
+		    return 0;
+		    }
 		}
 	BN_free(a);
 	BN_free(b);
 	BN_free(c);
+	BN_free(d);
+	BN_free(e);
 	return(1);
 	}
 
-int test_mod_mul(bp,ctx)
-BIO *bp;
-BN_CTX *ctx;
+int test_mod_mul(BIO *bp, BN_CTX *ctx)
 	{
 	BIGNUM *a,*b,*c,*d,*e;
-	int i;
+	int i,j;
 
 	a=BN_new();
 	b=BN_new();
@@ -611,17 +769,14 @@ BN_CTX *ctx;
 	d=BN_new();
 	e=BN_new();
 
-	BN_rand(c,1024,0,0); /**/
-	for (i=0; i<10; i++)
+	for (j=0; j<3; j++) {
+	BN_bntest_rand(c,1024,0,0); /**/
+	for (i=0; i<num0; i++)
 		{
-		BN_rand(a,475+i*10,0,0); /**/
-		BN_rand(b,425+i*10,0,0); /**/
+		BN_bntest_rand(a,475+i*10,0,0); /**/
+		BN_bntest_rand(b,425+i*11,0,0); /**/
 		a->neg=rand_neg();
 		b->neg=rand_neg();
-	/*	if (bp == NULL)
-			for (j=0; j<100; j++)
-				BN_mod_mul(d,a,b,c,ctx);*/ /**/
-
 		if (!BN_mod_mul(e,a,b,c,ctx))
 			{
 			unsigned long l;
@@ -629,7 +784,7 @@ BN_CTX *ctx;
 			while ((l=ERR_get_error()))
 				fprintf(stderr,"ERROR:%s\n",
 					ERR_error_string(l,NULL));
-			exit(1);
+			EXIT(1);
 			}
 		if (bp != NULL)
 			{
@@ -640,12 +795,32 @@ BN_CTX *ctx;
 				BN_print(bp,b);
 				BIO_puts(bp," % ");
 				BN_print(bp,c);
+				if ((a->neg ^ b->neg) && !BN_is_zero(e))
+					{
+					/* If  (a*b) % c  is negative,  c  must be added
+					 * in order to obtain the normalized remainder
+					 * (new with OpenSSL 0.9.7, previous versions of
+					 * BN_mod_mul could generate negative results)
+					 */
+					BIO_puts(bp," + ");
+					BN_print(bp,c);
+					}
 				BIO_puts(bp," - ");
 				}
 			BN_print(bp,e);
 			BIO_puts(bp,"\n");
 			}
+		BN_mul(d,a,b,ctx);
+		BN_sub(d,d,e);
+		BN_div(a,b,d,c,ctx);
+		if(!BN_is_zero(b))
+		    {
+		    fprintf(stderr,"Modulo multiply test failed!\n");
+		    ERR_print_errors_fp(stderr);
+		    return 0;
+		    }
 		}
+	}
 	BN_free(a);
 	BN_free(b);
 	BN_free(c);
@@ -654,9 +829,7 @@ BN_CTX *ctx;
 	return(1);
 	}
 
-int test_mod_exp(bp,ctx)
-BIO *bp;
-BN_CTX *ctx;
+int test_mod_exp(BIO *bp, BN_CTX *ctx)
 	{
 	BIGNUM *a,*b,*c,*d,*e;
 	int i;
@@ -667,11 +840,11 @@ BN_CTX *ctx;
 	d=BN_new();
 	e=BN_new();
 
-	BN_rand(c,30,0,1); /* must be odd for montgomery */
-	for (i=0; i<6; i++)
+	BN_bntest_rand(c,30,0,1); /* must be odd for montgomery */
+	for (i=0; i<num2; i++)
 		{
-		BN_rand(a,20+i*5,0,0); /**/
-		BN_rand(b,2+i,0,0); /**/
+		BN_bntest_rand(a,20+i*5,0,0); /**/
+		BN_bntest_rand(b,2+i,0,0); /**/
 
 		if (!BN_mod_exp(d,a,b,c,ctx))
 			return(00);
@@ -690,6 +863,14 @@ BN_CTX *ctx;
 			BN_print(bp,d);
 			BIO_puts(bp,"\n");
 			}
+		BN_exp(e,a,b,ctx);
+		BN_sub(e,e,d);
+		BN_div(a,b,e,c,ctx);
+		if(!BN_is_zero(b))
+		    {
+		    fprintf(stderr,"Modulo exponentiation test failed!\n");
+		    return 0;
+		    }
 		}
 	BN_free(a);
 	BN_free(b);
@@ -699,20 +880,827 @@ BN_CTX *ctx;
 	return(1);
 	}
 
-int test_lshift(bp)
-BIO *bp;
+int test_exp(BIO *bp, BN_CTX *ctx)
 	{
-	BIGNUM *a,*b,*c;
+	BIGNUM *a,*b,*d,*e,*one;
 	int i;
 
 	a=BN_new();
 	b=BN_new();
+	d=BN_new();
+	e=BN_new();
+	one=BN_new();
+	BN_one(one);
+
+	for (i=0; i<num2; i++)
+		{
+		BN_bntest_rand(a,20+i*5,0,0); /**/
+		BN_bntest_rand(b,2+i,0,0); /**/
+
+		if (!BN_exp(d,a,b,ctx))
+			return(00);
+
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,a);
+				BIO_puts(bp," ^ ");
+				BN_print(bp,b);
+				BIO_puts(bp," - ");
+				}
+			BN_print(bp,d);
+			BIO_puts(bp,"\n");
+			}
+		BN_one(e);
+		for( ; !BN_is_zero(b) ; BN_sub(b,b,one))
+		    BN_mul(e,e,a,ctx);
+		BN_sub(e,e,d);
+		if(!BN_is_zero(e))
+		    {
+		    fprintf(stderr,"Exponentiation test failed!\n");
+		    return 0;
+		    }
+		}
+	BN_free(a);
+	BN_free(b);
+	BN_free(d);
+	BN_free(e);
+	BN_free(one);
+	return(1);
+	}
+
+int test_gf2m_add(BIO *bp)
+	{
+	BIGNUM a,b,c;
+	int i, ret = 0;
+
+	BN_init(&a);
+	BN_init(&b);
+	BN_init(&c);
+
+	for (i=0; i<num0; i++)
+		{
+		BN_rand(&a,512,0,0);
+		BN_copy(&b, BN_value_one());
+		a.neg=rand_neg();
+		b.neg=rand_neg();
+		BN_GF2m_add(&c,&a,&b);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+		if (bp != NULL)
+			{
+			if (!results)
+				{
+				BN_print(bp,&a);
+				BIO_puts(bp," ^ ");
+				BN_print(bp,&b);
+				BIO_puts(bp," = ");
+				}
+			BN_print(bp,&c);
+			BIO_puts(bp,"\n");
+			}
+#endif
+		/* Test that two added values have the correct parity. */
+		if((BN_is_odd(&a) && BN_is_odd(&c)) || (!BN_is_odd(&a) && !BN_is_odd(&c)))
+			{
+		    fprintf(stderr,"GF(2^m) addition test (a) failed!\n");
+			goto err;
+			}
+		BN_GF2m_add(&c,&c,&c);
+		/* Test that c + c = 0. */
+		if(!BN_is_zero(&c))
+		    {
+		    fprintf(stderr,"GF(2^m) addition test (b) failed!\n");
+			goto err;
+		    }
+		}
+	ret = 1;
+  err:
+	BN_free(&a);
+	BN_free(&b);
+	BN_free(&c);
+	return ret;
+	}
+
+int test_gf2m_mod(BIO *bp)
+	{
+	BIGNUM *a,*b[2],*c,*d,*e;
+	int i, j, ret = 0;
+	unsigned int p0[] = {163,7,6,3,0};
+	unsigned int p1[] = {193,15,0};
+
+	a=BN_new();
+	b[0]=BN_new();
+	b[1]=BN_new();
 	c=BN_new();
+	d=BN_new();
+	e=BN_new();
+
+	BN_GF2m_arr2poly(p0, b[0]);
+	BN_GF2m_arr2poly(p1, b[1]);
+
+	for (i=0; i<num0; i++)
+		{
+		BN_bntest_rand(a, 1024, 0, 0);
+		for (j=0; j < 2; j++)
+			{
+			BN_GF2m_mod(c, a, b[j]);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+			if (bp != NULL)
+				{
+				if (!results)
+					{
+					BN_print(bp,a);
+					BIO_puts(bp," % ");
+					BN_print(bp,b[j]);
+					BIO_puts(bp," - ");
+					BN_print(bp,c);
+					BIO_puts(bp,"\n");
+					}
+				}
+#endif
+			BN_GF2m_add(d, a, c);
+			BN_GF2m_mod(e, d, b[j]);
+			/* Test that a + (a mod p) mod p == 0. */
+			if(!BN_is_zero(e))
+				{
+				fprintf(stderr,"GF(2^m) modulo test failed!\n");
+				goto err;
+				}
+			}
+		}
+	ret = 1;
+  err:
+	BN_free(a);
+	BN_free(b[0]);
+	BN_free(b[1]);
+	BN_free(c);
+	BN_free(d);
+	BN_free(e);
+	return ret;
+	}
+
+int test_gf2m_mod_mul(BIO *bp,BN_CTX *ctx)
+	{
+	BIGNUM *a,*b[2],*c,*d,*e,*f,*g,*h;
+	int i, j, ret = 0;
+	unsigned int p0[] = {163,7,6,3,0};
+	unsigned int p1[] = {193,15,0};
+
+	a=BN_new();
+	b[0]=BN_new();
+	b[1]=BN_new();
+	c=BN_new();
+	d=BN_new();
+	e=BN_new();
+	f=BN_new();
+	g=BN_new();
+	h=BN_new();
+
+	BN_GF2m_arr2poly(p0, b[0]);
+	BN_GF2m_arr2poly(p1, b[1]);
+
+	for (i=0; i<num0; i++)
+		{
+		BN_bntest_rand(a, 1024, 0, 0);
+		BN_bntest_rand(c, 1024, 0, 0);
+		BN_bntest_rand(d, 1024, 0, 0);
+		for (j=0; j < 2; j++)
+			{
+			BN_GF2m_mod_mul(e, a, c, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+			if (bp != NULL)
+				{
+				if (!results)
+					{
+					BN_print(bp,a);
+					BIO_puts(bp," * ");
+					BN_print(bp,c);
+					BIO_puts(bp," % ");
+					BN_print(bp,b[j]);
+					BIO_puts(bp," - ");
+					BN_print(bp,e);
+					BIO_puts(bp,"\n");
+					}
+				}
+#endif
+			BN_GF2m_add(f, a, d);
+			BN_GF2m_mod_mul(g, f, c, b[j], ctx);
+			BN_GF2m_mod_mul(h, d, c, b[j], ctx);
+			BN_GF2m_add(f, e, g);
+			BN_GF2m_add(f, f, h);
+			/* Test that (a+d)*c = a*c + d*c. */
+			if(!BN_is_zero(f))
+				{
+				fprintf(stderr,"GF(2^m) modular multiplication test failed!\n");
+				goto err;
+				}
+			}
+		}
+	ret = 1;
+  err:
+	BN_free(a);
+	BN_free(b[0]);
+	BN_free(b[1]);
+	BN_free(c);
+	BN_free(d);
+	BN_free(e);
+	BN_free(f);
+	BN_free(g);
+	BN_free(h);
+	return ret;
+	}
+
+int test_gf2m_mod_sqr(BIO *bp,BN_CTX *ctx)
+	{
+	BIGNUM *a,*b[2],*c,*d;
+	int i, j, ret = 0;
+	unsigned int p0[] = {163,7,6,3,0};
+	unsigned int p1[] = {193,15,0};
+
+	a=BN_new();
+	b[0]=BN_new();
+	b[1]=BN_new();
+	c=BN_new();
+	d=BN_new();
+
+	BN_GF2m_arr2poly(p0, b[0]);
+	BN_GF2m_arr2poly(p1, b[1]);
+
+	for (i=0; i<num0; i++)
+		{
+		BN_bntest_rand(a, 1024, 0, 0);
+		for (j=0; j < 2; j++)
+			{
+			BN_GF2m_mod_sqr(c, a, b[j], ctx);
+			BN_copy(d, a);
+			BN_GF2m_mod_mul(d, a, d, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+			if (bp != NULL)
+				{
+				if (!results)
+					{
+					BN_print(bp,a);
+					BIO_puts(bp," ^ 2 % ");
+					BN_print(bp,b[j]);
+					BIO_puts(bp, " = ");
+					BN_print(bp,c);
+					BIO_puts(bp,"; a * a = ");
+					BN_print(bp,d);
+					BIO_puts(bp,"\n");
+					}
+				}
+#endif
+			BN_GF2m_add(d, c, d);
+			/* Test that a*a = a^2. */
+			if(!BN_is_zero(d))
+				{
+				fprintf(stderr,"GF(2^m) modular squaring test failed!\n");
+				goto err;
+				}
+			}
+		}
+	ret = 1;
+  err:
+	BN_free(a);
+	BN_free(b[0]);
+	BN_free(b[1]);
+	BN_free(c);
+	BN_free(d);
+	return ret;
+	}
+
+int test_gf2m_mod_inv(BIO *bp,BN_CTX *ctx)
+	{
+	BIGNUM *a,*b[2],*c,*d;
+	int i, j, ret = 0;
+	unsigned int p0[] = {163,7,6,3,0};
+	unsigned int p1[] = {193,15,0};
+
+	a=BN_new();
+	b[0]=BN_new();
+	b[1]=BN_new();
+	c=BN_new();
+	d=BN_new();
+
+	BN_GF2m_arr2poly(p0, b[0]);
+	BN_GF2m_arr2poly(p1, b[1]);
+
+	for (i=0; i<num0; i++)
+		{
+		BN_bntest_rand(a, 512, 0, 0); 
+		for (j=0; j < 2; j++)
+			{
+			BN_GF2m_mod_inv(c, a, b[j], ctx);
+			BN_GF2m_mod_mul(d, a, c, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+			if (bp != NULL)
+				{
+				if (!results)
+					{
+					BN_print(bp,a);
+					BIO_puts(bp, " * ");
+					BN_print(bp,c);
+					BIO_puts(bp," - 1 % ");
+					BN_print(bp,b[j]);
+					BIO_puts(bp,"\n");
+					}
+				}
+#endif
+			/* Test that ((1/a)*a) = 1. */
+			if(!BN_is_one(d))
+				{
+				fprintf(stderr,"GF(2^m) modular inversion test failed!\n");
+				goto err;
+				}
+			}
+		}
+	ret = 1;
+  err:
+	BN_free(a);
+	BN_free(b[0]);
+	BN_free(b[1]);
+	BN_free(c);
+	BN_free(d);
+	return ret;
+	}
+
+int test_gf2m_mod_div(BIO *bp,BN_CTX *ctx)
+	{
+	BIGNUM *a,*b[2],*c,*d,*e,*f;
+	int i, j, ret = 0;
+	unsigned int p0[] = {163,7,6,3,0};
+	unsigned int p1[] = {193,15,0};
+
+	a=BN_new();
+	b[0]=BN_new();
+	b[1]=BN_new();
+	c=BN_new();
+	d=BN_new();
+	e=BN_new();
+	f=BN_new();
+
+	BN_GF2m_arr2poly(p0, b[0]);
+	BN_GF2m_arr2poly(p1, b[1]);
+
+	for (i=0; i<num0; i++)
+		{
+		BN_bntest_rand(a, 512, 0, 0); 
+		BN_bntest_rand(c, 512, 0, 0);
+		for (j=0; j < 2; j++)
+			{
+			BN_GF2m_mod_div(d, a, c, b[j], ctx);
+			BN_GF2m_mod_mul(e, d, c, b[j], ctx);
+			BN_GF2m_mod_div(f, a, e, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+			if (bp != NULL)
+				{
+				if (!results)
+					{
+					BN_print(bp,a);
+					BIO_puts(bp, " = ");
+					BN_print(bp,c);
+					BIO_puts(bp," * ");
+					BN_print(bp,d);
+					BIO_puts(bp, " % ");
+					BN_print(bp,b[j]);
+					BIO_puts(bp,"\n");
+					}
+				}
+#endif
+			/* Test that ((a/c)*c)/a = 1. */
+			if(!BN_is_one(f))
+				{
+				fprintf(stderr,"GF(2^m) modular division test failed!\n");
+				goto err;
+				}
+			}
+		}
+	ret = 1;
+  err:
+	BN_free(a);
+	BN_free(b[0]);
+	BN_free(b[1]);
+	BN_free(c);
+	BN_free(d);
+	BN_free(e);
+	BN_free(f);
+	return ret;
+	}
+
+int test_gf2m_mod_exp(BIO *bp,BN_CTX *ctx)
+	{
+	BIGNUM *a,*b[2],*c,*d,*e,*f;
+	int i, j, ret = 0;
+	unsigned int p0[] = {163,7,6,3,0};
+	unsigned int p1[] = {193,15,0};
+
+	a=BN_new();
+	b[0]=BN_new();
+	b[1]=BN_new();
+	c=BN_new();
+	d=BN_new();
+	e=BN_new();
+	f=BN_new();
+
+	BN_GF2m_arr2poly(p0, b[0]);
+	BN_GF2m_arr2poly(p1, b[1]);
+
+	for (i=0; i<num0; i++)
+		{
+		BN_bntest_rand(a, 512, 0, 0);
+		BN_bntest_rand(c, 512, 0, 0);
+		BN_bntest_rand(d, 512, 0, 0);
+		for (j=0; j < 2; j++)
+			{
+			BN_GF2m_mod_exp(e, a, c, b[j], ctx);
+			BN_GF2m_mod_exp(f, a, d, b[j], ctx);
+			BN_GF2m_mod_mul(e, e, f, b[j], ctx);
+			BN_add(f, c, d);
+			BN_GF2m_mod_exp(f, a, f, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+			if (bp != NULL)
+				{
+				if (!results)
+					{
+					BN_print(bp,a);
+					BIO_puts(bp, " ^ (");
+					BN_print(bp,c);
+					BIO_puts(bp," + ");
+					BN_print(bp,d);
+					BIO_puts(bp, ") = ");
+					BN_print(bp,e);
+					BIO_puts(bp, "; - ");
+					BN_print(bp,f);
+					BIO_puts(bp, " % ");
+					BN_print(bp,b[j]);
+					BIO_puts(bp,"\n");
+					}
+				}
+#endif
+			BN_GF2m_add(f, e, f);
+			/* Test that a^(c+d)=a^c*a^d. */
+			if(!BN_is_zero(f))
+				{
+				fprintf(stderr,"GF(2^m) modular exponentiation test failed!\n");
+				goto err;
+				}
+			}
+		}
+	ret = 1;
+  err:
+	BN_free(a);
+	BN_free(b[0]);
+	BN_free(b[1]);
+	BN_free(c);
+	BN_free(d);
+	BN_free(e);
+	BN_free(f);
+	return ret;
+	}
+
+int test_gf2m_mod_sqrt(BIO *bp,BN_CTX *ctx)
+	{
+	BIGNUM *a,*b[2],*c,*d,*e,*f;
+	int i, j, ret = 0;
+	unsigned int p0[] = {163,7,6,3,0};
+	unsigned int p1[] = {193,15,0};
+
+	a=BN_new();
+	b[0]=BN_new();
+	b[1]=BN_new();
+	c=BN_new();
+	d=BN_new();
+	e=BN_new();
+	f=BN_new();
+
+	BN_GF2m_arr2poly(p0, b[0]);
+	BN_GF2m_arr2poly(p1, b[1]);
+
+	for (i=0; i<num0; i++)
+		{
+		BN_bntest_rand(a, 512, 0, 0);
+		for (j=0; j < 2; j++)
+			{
+			BN_GF2m_mod(c, a, b[j]);
+			BN_GF2m_mod_sqrt(d, a, b[j], ctx);
+			BN_GF2m_mod_sqr(e, d, b[j], ctx);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+			if (bp != NULL)
+				{
+				if (!results)
+					{
+					BN_print(bp,d);
+					BIO_puts(bp, " ^ 2 - ");
+					BN_print(bp,a);
+					BIO_puts(bp,"\n");
+					}
+				}
+#endif
+			BN_GF2m_add(f, c, e);
+			/* Test that d^2 = a, where d = sqrt(a). */
+			if(!BN_is_zero(f))
+				{
+				fprintf(stderr,"GF(2^m) modular square root test failed!\n");
+				goto err;
+				}
+			}
+		}
+	ret = 1;
+  err:
+	BN_free(a);
+	BN_free(b[0]);
+	BN_free(b[1]);
+	BN_free(c);
+	BN_free(d);
+	BN_free(e);
+	BN_free(f);
+	return ret;
+	}
+
+int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx)
+	{
+	BIGNUM *a,*b[2],*c,*d,*e;
+	int i, j, s = 0, t, ret = 0;
+	unsigned int p0[] = {163,7,6,3,0};
+	unsigned int p1[] = {193,15,0};
+
+	a=BN_new();
+	b[0]=BN_new();
+	b[1]=BN_new();
+	c=BN_new();
+	d=BN_new();
+	e=BN_new();
+
+	BN_GF2m_arr2poly(p0, b[0]);
+	BN_GF2m_arr2poly(p1, b[1]);
+
+	for (i=0; i<num0; i++)
+		{
+		BN_bntest_rand(a, 512, 0, 0);
+		for (j=0; j < 2; j++)
+			{
+			t = BN_GF2m_mod_solve_quad(c, a, b[j], ctx);
+			if (t)
+				{
+				s++;
+				BN_GF2m_mod_sqr(d, c, b[j], ctx);
+				BN_GF2m_add(d, c, d);
+				BN_GF2m_mod(e, a, b[j]);
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+				if (bp != NULL)
+					{
+					if (!results)
+						{
+						BN_print(bp,c);
+						BIO_puts(bp, " is root of z^2 + z = ");
+						BN_print(bp,a);
+						BIO_puts(bp, " % ");
+						BN_print(bp,b[j]);
+						BIO_puts(bp, "\n");
+						}
+					}
+#endif
+				BN_GF2m_add(e, e, d);
+				/* Test that solution of quadratic c satisfies c^2 + c = a. */
+				if(!BN_is_zero(e))
+					{
+					fprintf(stderr,"GF(2^m) modular solve quadratic test failed!\n");
+					goto err;
+					}
+
+				}
+			else 
+				{
+#if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */
+				if (bp != NULL)
+					{
+					if (!results)
+						{
+						BIO_puts(bp, "There are no roots of z^2 + z = ");
+						BN_print(bp,a);
+						BIO_puts(bp, " % ");
+						BN_print(bp,b[j]);
+						BIO_puts(bp, "\n");
+						}
+					}
+#endif
+				}
+			}
+		}
+	if (s == 0)
+		{	
+		fprintf(stderr,"All %i tests of GF(2^m) modular solve quadratic resulted in no roots;\n", num0);
+		fprintf(stderr,"this is very unlikely and probably indicates an error.\n");
+		goto err;
+		}
+	ret = 1;
+  err:
+	BN_free(a);
+	BN_free(b[0]);
+	BN_free(b[1]);
+	BN_free(c);
+	BN_free(d);
+	BN_free(e);
+	return ret;
+	}
+
+static void genprime_cb(int p, int n, void *arg)
+	{
+	char c='*';
+
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
+	putc(c, stderr);
+	fflush(stderr);
+	(void)n;
+	(void)arg;
+	}
+
+int test_kron(BIO *bp, BN_CTX *ctx)
+	{
+	BIGNUM *a,*b,*r,*t;
+	int i;
+	int legendre, kronecker;
+	int ret = 0;
+
+	a = BN_new();
+	b = BN_new();
+	r = BN_new();
+	t = BN_new();
+	if (a == NULL || b == NULL || r == NULL || t == NULL) goto err;
+	
+	/* We test BN_kronecker(a, b, ctx) just for  b  odd (Jacobi symbol).
+	 * In this case we know that if  b  is prime, then BN_kronecker(a, b, ctx)
+	 * is congruent to $a^{(b-1)/2}$, modulo $b$ (Legendre symbol).
+	 * So we generate a random prime  b  and compare these values
+	 * for a number of random  a's.  (That is, we run the Solovay-Strassen
+	 * primality test to confirm that  b  is prime, except that we
+	 * don't want to test whether  b  is prime but whether BN_kronecker
+	 * works.) */
+
+	if (!BN_generate_prime(b, 512, 0, NULL, NULL, genprime_cb, NULL)) goto err;
+	b->neg = rand_neg();
+	putc('\n', stderr);
+
+	for (i = 0; i < num0; i++)
+		{
+		if (!BN_bntest_rand(a, 512, 0, 0)) goto err;
+		a->neg = rand_neg();
+
+		/* t := (|b|-1)/2  (note that b is odd) */
+		if (!BN_copy(t, b)) goto err;
+		t->neg = 0;
+		if (!BN_sub_word(t, 1)) goto err;
+		if (!BN_rshift1(t, t)) goto err;
+		/* r := a^t mod b */
+		b->neg=0;
+		
+		if (!BN_mod_exp_recp(r, a, t, b, ctx)) goto err;
+		b->neg=1;
+
+		if (BN_is_word(r, 1))
+			legendre = 1;
+		else if (BN_is_zero(r))
+			legendre = 0;
+		else
+			{
+			if (!BN_add_word(r, 1)) goto err;
+			if (0 != BN_ucmp(r, b))
+				{
+				fprintf(stderr, "Legendre symbol computation failed\n");
+				goto err;
+				}
+			legendre = -1;
+			}
+		
+		kronecker = BN_kronecker(a, b, ctx);
+		if (kronecker < -1) goto err;
+		/* we actually need BN_kronecker(a, |b|) */
+		if (a->neg && b->neg)
+			kronecker = -kronecker;
+		
+		if (legendre != kronecker)
+			{
+			fprintf(stderr, "legendre != kronecker; a = ");
+			BN_print_fp(stderr, a);
+			fprintf(stderr, ", b = ");
+			BN_print_fp(stderr, b);
+			fprintf(stderr, "\n");
+			goto err;
+			}
+
+		putc('.', stderr);
+		fflush(stderr);
+		}
+
+	putc('\n', stderr);
+	fflush(stderr);
+	ret = 1;
+ err:
+	if (a != NULL) BN_free(a);
+	if (b != NULL) BN_free(b);
+	if (r != NULL) BN_free(r);
+	if (t != NULL) BN_free(t);
+	return ret;
+	}
+
+int test_sqrt(BIO *bp, BN_CTX *ctx)
+	{
+	BIGNUM *a,*p,*r;
+	int i, j;
+	int ret = 0;
+
+	a = BN_new();
+	p = BN_new();
+	r = BN_new();
+	if (a == NULL || p == NULL || r == NULL) goto err;
+	
+	for (i = 0; i < 16; i++)
+		{
+		if (i < 8)
+			{
+			unsigned primes[8] = { 2, 3, 5, 7, 11, 13, 17, 19 };
+			
+			if (!BN_set_word(p, primes[i])) goto err;
+			}
+		else
+			{
+			if (!BN_set_word(a, 32)) goto err;
+			if (!BN_set_word(r, 2*i + 1)) goto err;
+		
+			if (!BN_generate_prime(p, 256, 0, a, r, genprime_cb, NULL)) goto err;
+			putc('\n', stderr);
+			}
+		p->neg = rand_neg();
+
+		for (j = 0; j < num2; j++)
+			{
+			/* construct 'a' such that it is a square modulo p,
+			 * but in general not a proper square and not reduced modulo p */
+			if (!BN_bntest_rand(r, 256, 0, 3)) goto err;
+			if (!BN_nnmod(r, r, p, ctx)) goto err;
+			if (!BN_mod_sqr(r, r, p, ctx)) goto err;
+			if (!BN_bntest_rand(a, 256, 0, 3)) goto err;
+			if (!BN_nnmod(a, a, p, ctx)) goto err;
+			if (!BN_mod_sqr(a, a, p, ctx)) goto err;
+			if (!BN_mul(a, a, r, ctx)) goto err;
+			if (rand_neg())
+				if (!BN_sub(a, a, p)) goto err;
+
+			if (!BN_mod_sqrt(r, a, p, ctx)) goto err;
+			if (!BN_mod_sqr(r, r, p, ctx)) goto err;
+
+			if (!BN_nnmod(a, a, p, ctx)) goto err;
+
+			if (BN_cmp(a, r) != 0)
+				{
+				fprintf(stderr, "BN_mod_sqrt failed: a = ");
+				BN_print_fp(stderr, a);
+				fprintf(stderr, ", r = ");
+				BN_print_fp(stderr, r);
+				fprintf(stderr, ", p = ");
+				BN_print_fp(stderr, p);
+				fprintf(stderr, "\n");
+				goto err;
+				}
+
+			putc('.', stderr);
+			fflush(stderr);
+			}
+		
+		putc('\n', stderr);
+		fflush(stderr);
+		}
+	ret = 1;
+ err:
+	if (a != NULL) BN_free(a);
+	if (p != NULL) BN_free(p);
+	if (r != NULL) BN_free(r);
+	return ret;
+	}
+
+int test_lshift(BIO *bp,BN_CTX *ctx,BIGNUM *a_)
+	{
+	BIGNUM *a,*b,*c,*d;
+	int i;
+
+	b=BN_new();
+	c=BN_new();
+	d=BN_new();
 	BN_one(c);
 
-	BN_rand(a,200,0,0); /**/
-	a->neg=rand_neg();
-	for (i=0; i<70; i++)
+	if(a_)
+	    a=a_;
+	else
+	    {
+	    a=BN_new();
+	    BN_bntest_rand(a,200,0,0); /**/
+	    a->neg=rand_neg();
+	    }
+	for (i=0; i<num0; i++)
 		{
 		BN_lshift(b,a,i+1);
 		BN_add(c,c,c);
@@ -728,25 +1716,42 @@ BIO *bp;
 			BN_print(bp,b);
 			BIO_puts(bp,"\n");
 			}
+		BN_mul(d,a,c,ctx);
+		BN_sub(d,d,b);
+		if(!BN_is_zero(d))
+		    {
+		    fprintf(stderr,"Left shift test failed!\n");
+		    fprintf(stderr,"a=");
+		    BN_print_fp(stderr,a);
+		    fprintf(stderr,"\nb=");
+		    BN_print_fp(stderr,b);
+		    fprintf(stderr,"\nc=");
+		    BN_print_fp(stderr,c);
+		    fprintf(stderr,"\nd=");
+		    BN_print_fp(stderr,d);
+		    fprintf(stderr,"\n");
+		    return 0;
+		    }
 		}
 	BN_free(a);
 	BN_free(b);
 	BN_free(c);
+	BN_free(d);
 	return(1);
 	}
 
-int test_lshift1(bp)
-BIO *bp;
+int test_lshift1(BIO *bp)
 	{
-	BIGNUM *a,*b;
+	BIGNUM *a,*b,*c;
 	int i;
 
 	a=BN_new();
 	b=BN_new();
+	c=BN_new();
 
-	BN_rand(a,200,0,0); /**/
+	BN_bntest_rand(a,200,0,0); /**/
 	a->neg=rand_neg();
-	for (i=0; i<70; i++)
+	for (i=0; i<num0; i++)
 		{
 		BN_lshift1(b,a);
 		if (bp != NULL)
@@ -760,27 +1765,37 @@ BIO *bp;
 			BN_print(bp,b);
 			BIO_puts(bp,"\n");
 			}
+		BN_add(c,a,a);
+		BN_sub(a,b,c);
+		if(!BN_is_zero(a))
+		    {
+		    fprintf(stderr,"Left shift one test failed!\n");
+		    return 0;
+		    }
+		
 		BN_copy(a,b);
 		}
 	BN_free(a);
 	BN_free(b);
+	BN_free(c);
 	return(1);
 	}
 
-int test_rshift(bp)
-BIO *bp;
+int test_rshift(BIO *bp,BN_CTX *ctx)
 	{
-	BIGNUM *a,*b,*c;
+	BIGNUM *a,*b,*c,*d,*e;
 	int i;
 
 	a=BN_new();
 	b=BN_new();
 	c=BN_new();
+	d=BN_new();
+	e=BN_new();
 	BN_one(c);
 
-	BN_rand(a,200,0,0); /**/
+	BN_bntest_rand(a,200,0,0); /**/
 	a->neg=rand_neg();
-	for (i=0; i<70; i++)
+	for (i=0; i<num0; i++)
 		{
 		BN_rshift(b,a,i+1);
 		BN_add(c,c,c);
@@ -796,25 +1811,34 @@ BIO *bp;
 			BN_print(bp,b);
 			BIO_puts(bp,"\n");
 			}
+		BN_div(d,e,a,c,ctx);
+		BN_sub(d,d,b);
+		if(!BN_is_zero(d))
+		    {
+		    fprintf(stderr,"Right shift test failed!\n");
+		    return 0;
+		    }
 		}
 	BN_free(a);
 	BN_free(b);
 	BN_free(c);
+	BN_free(d);
+	BN_free(e);
 	return(1);
 	}
 
-int test_rshift1(bp)
-BIO *bp;
+int test_rshift1(BIO *bp)
 	{
-	BIGNUM *a,*b;
+	BIGNUM *a,*b,*c;
 	int i;
 
 	a=BN_new();
 	b=BN_new();
+	c=BN_new();
 
-	BN_rand(a,200,0,0); /**/
+	BN_bntest_rand(a,200,0,0); /**/
 	a->neg=rand_neg();
-	for (i=0; i<70; i++)
+	for (i=0; i<num0; i++)
 		{
 		BN_rshift1(b,a);
 		if (bp != NULL)
@@ -828,14 +1852,22 @@ BIO *bp;
 			BN_print(bp,b);
 			BIO_puts(bp,"\n");
 			}
+		BN_sub(c,a,b);
+		BN_sub(c,c,b);
+		if(!BN_is_zero(c) && !BN_abs_is_word(c, 1))
+		    {
+		    fprintf(stderr,"Right shift one test failed!\n");
+		    return 0;
+		    }
 		BN_copy(a,b);
 		}
 	BN_free(a);
 	BN_free(b);
+	BN_free(c);
 	return(1);
 	}
 
-int rand_neg()
+int rand_neg(void)
 	{
 	static unsigned int neg=0;
 	static int sign[8]={0,0,0,1,1,0,1,1};
diff --git a/crypto/bn/comba.pl b/crypto/bn/comba.pl
deleted file mode 100644
index 211a8b45c7..0000000000
--- a/crypto/bn/comba.pl
+++ /dev/null
@@ -1,285 +0,0 @@
-#!/usr/local/bin/perl
-
-$num=8;
-$num2=8/2;
-
-print <<"EOF";
-/* crypto/bn/bn_comba.c */
-#include <stdio.h>
-#include "bn_lcl.h"
-/* Auto generated from crypto/bn/comba.pl
- */
-
-#undef bn_mul_comba8
-#undef bn_mul_comba4
-#undef bn_sqr_comba8
-#undef bn_sqr_comba4
-
-#ifdef BN_LLONG
-#define mul_add_c(a,b,c0,c1,c2) \\
-	t=(BN_ULLONG)a*b; \\
-	t1=(BN_ULONG)Lw(t); \\
-	t2=(BN_ULONG)Hw(t); \\
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define mul_add_c2(a,b,c0,c1,c2) \\
-	t=(BN_ULLONG)a*b; \\
-	tt=(t+t)&BN_MASK; \\
-	if (tt < t) c2++; \\
-	t1=(BN_ULONG)Lw(tt); \\
-	t2=(BN_ULONG)Hw(tt); \\
-	c0=(c0+t1)&BN_MASK2;  \\
-	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \\
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c(a,i,c0,c1,c2) \\
-	t=(BN_ULLONG)a[i]*a[i]; \\
-	t1=(BN_ULONG)Lw(t); \\
-	t2=(BN_ULONG)Hw(t); \\
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c2(a,i,j,c0,c1,c2) \\
-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-#else
-#define mul_add_c(a,b,c0,c1,c2) \\
-	t1=LBITS(a); t2=HBITS(a); \\
-	bl=LBITS(b); bh=HBITS(b); \\
-	mul64(t1,t2,bl,bh); \\
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define mul_add_c2(a,b,c0,c1,c2) \\
-	t1=LBITS(a); t2=HBITS(a); \\
-	bl=LBITS(b); bh=HBITS(b); \\
-	mul64(t1,t2,bl,bh); \\
-	if (t2 & BN_TBIT) c2++; \\
-	t2=(t2+t2)&BN_MASK2; \\
-	if (t1 & BN_TBIT) t2++; \\
-	t1=(t1+t1)&BN_MASK2; \\
-	c0=(c0+t1)&BN_MASK2;  \\
-	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \\
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c(a,i,c0,c1,c2) \\
-	sqr64(t1,t2,(a)[i]); \\
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c2(a,i,j,c0,c1,c2) \\
-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-#endif
-
-void bn_mul_comba${num}(r,a,b)
-BN_ULONG *r,*a,*b;
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-EOF
-$ret=&combas_mul("r","a","b",$num,"c1","c2","c3");
-printf <<"EOF";
-	}
-
-void bn_mul_comba${num2}(r,a,b)
-BN_ULONG *r,*a,*b;
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-EOF
-$ret=&combas_mul("r","a","b",$num2,"c1","c2","c3");
-printf <<"EOF";
-	}
-
-void bn_sqr_comba${num}(r,a)
-BN_ULONG *r,*a;
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t,tt;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-EOF
-$ret=&combas_sqr("r","a",$num,"c1","c2","c3");
-printf <<"EOF";
-	}
-
-void bn_sqr_comba${num2}(r,a)
-BN_ULONG *r,*a;
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t,tt;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-EOF
-$ret=&combas_sqr("r","a",$num2,"c1","c2","c3");
-printf <<"EOF";
-	}
-EOF
-
-sub bn_str
-	{
-	local($var,$val)=@_;
-	print "\t$var=$val;\n";
-	}
-
-sub bn_ary
-	{
-	local($var,$idx)=@_;
-	return("${var}[$idx]");
-	}
-
-sub bn_clr
-	{
-	local($var)=@_;
-
-	print "\t$var=0;\n";
-	}
-
-sub bn_mad
-	{
-	local($a,$b,$c0,$c1,$c2,$num)=@_;
-
-	if ($num == 2)
-		{ printf("\tmul_add_c2($a,$b,$c0,$c1,$c2);\n"); }
-	else
-		{ printf("\tmul_add_c($a,$b,$c0,$c1,$c2);\n"); }
-	}
-
-sub bn_sad
-	{
-	local($a,$i,$j,$c0,$c1,$c2,$num)=@_;
-
-	if ($num == 2)
-		{ printf("\tsqr_add_c2($a,$i,$j,$c0,$c1,$c2);\n"); }
-	else
-		{ printf("\tsqr_add_c($a,$i,$c0,$c1,$c2);\n"); }
-	}
-
-sub combas_mul
-	{
-	local($r,$a,$b,$num,$c0,$c1,$c2)=@_;
-	local($i,$as,$ae,$bs,$be,$ai,$bi);
-	local($tot,$end);
-
-	$as=0;
-	$ae=0;
-	$bs=0;
-	$be=0;
-	$tot=$num+$num-1;
-	&bn_clr($c0);
-	&bn_clr($c1);
-	for ($i=0; $i<$tot; $i++)
-		{
-		$ai=$as;
-		$bi=$bs;
-		$end=$be+1;
-		@numa=@numb=();
-
-#print "($as $ae) ($bs $be) $bs -> $end [$i $num]\n";
-		for ($j=$bs; $j<$end; $j++)
-			{
-			push(@numa,$ai);
-			push(@numb,$bi);
-			$ai--;
-			$bi++;
-			}
-
-		if ($i & 1)
-			{
-			@numa=reverse(@numa);
-			@numb=reverse(@numb);
-			}
-
-		&bn_clr($c2);
-		for ($j=0; $j<=$#numa; $j++)
-			{
-			&bn_mad(&bn_ary($a,$numa[$j]),
-				&bn_ary($b,$numb[$j]),$c0,$c1,$c2,1);
-			}
-		&bn_str(&bn_ary($r,$i),$c0);
-		($c0,$c1,$c2)=($c1,$c2,$c0);
-
-		$as++ if ($i < ($num-1));
-		$ae++ if ($i >= ($num-1));
-
-		$bs++ if ($i >= ($num-1));
-		$be++ if ($i < ($num-1));
-		}
-	&bn_str(&bn_ary($r,$i),$c0);
-	}
-
-sub combas_sqr
-	{
-	local($r,$a,$num,$c0,$c1,$c2)=@_;
-	local($i,$as,$ae,$bs,$be,$ai,$bi);
-	local($b,$tot,$end,$half);
-
-	$b=$a;
-	$as=0;
-	$ae=0;
-	$bs=0;
-	$be=0;
-	$tot=$num+$num-1;
-	&bn_clr($c0);
-	&bn_clr($c1);
-	for ($i=0; $i<$tot; $i++)
-		{
-		$ai=$as;
-		$bi=$bs;
-		$end=$be+1;
-		@numa=@numb=();
-
-#print "($as $ae) ($bs $be) $bs -> $end [$i $num]\n";
-		for ($j=$bs; $j<$end; $j++)
-			{
-			push(@numa,$ai);
-			push(@numb,$bi);
-			$ai--;
-			$bi++;
-			last if ($ai < $bi);
-			}
-		if (!($i & 1))
-			{
-			@numa=reverse(@numa);
-			@numb=reverse(@numb);
-			}
-
-		&bn_clr($c2);
-		for ($j=0; $j <= $#numa; $j++)
-			{
-			if ($numa[$j] == $numb[$j])
-				{&bn_sad($a,$numa[$j],$numb[$j],$c0,$c1,$c2,1);}
-			else
-				{&bn_sad($a,$numa[$j],$numb[$j],$c0,$c1,$c2,2);}
-			}
-		&bn_str(&bn_ary($r,$i),$c0);
-		($c0,$c1,$c2)=($c1,$c2,$c0);
-
-		$as++ if ($i < ($num-1));
-		$ae++ if ($i >= ($num-1));
-
-		$bs++ if ($i >= ($num-1));
-		$be++ if ($i < ($num-1));
-		}
-	&bn_str(&bn_ary($r,$i),$c0);
-	}
diff --git a/crypto/bn/d.c b/crypto/bn/d.c
deleted file mode 100644
index f738b5025e..0000000000
--- a/crypto/bn/d.c
+++ /dev/null
@@ -1,72 +0,0 @@
-#include <stdio.h>
-#include "bio.h"
-#include "bn_lcl.h"
-
-#define SIZE_A (100*4+4)
-#define SIZE_B (13*4)
-
-main(argc,argv)
-int argc;
-char *argv[];
-	{
-	BN_CTX ctx;
-	BN_RECP_CTX recp;
-	BIGNUM a,b,dd,d,r,rr,t,l;
-	int i;
-
-	MemCheck_start();
-	MemCheck_on();
-	BN_CTX_init(&ctx);
-	BN_RECP_CTX_init(&recp);
-
-	BN_init(&r);
-	BN_init(&rr);
-	BN_init(&d);
-	BN_init(&dd);
-	BN_init(&a);
-	BN_init(&b);
-
-	{
-	BN_rand(&a,SIZE_A,0,0);
-	BN_rand(&b,SIZE_B,0,0);
-
-	a.neg=1;
-	BN_RECP_CTX_set(&recp,&b,&ctx);
-
-	BN_print_fp(stdout,&a); printf(" a\n");
-	BN_print_fp(stdout,&b); printf(" b\n");
-
-	BN_print_fp(stdout,&recp.N); printf(" N\n");
-	BN_print_fp(stdout,&recp.Nr); printf(" Nr num_bits=%d\n",recp.num_bits);
-
-	BN_div_recp(&r,&d,&a,&recp,&ctx);
-
-for (i=0; i<300; i++)
-	BN_div(&rr,&dd,&a,&b,&ctx);
-
-	BN_print_fp(stdout,&r); printf(" div recp\n");
-	BN_print_fp(stdout,&rr); printf(" div\n");
-	BN_print_fp(stdout,&d); printf(" rem recp\n");
-	BN_print_fp(stdout,&dd); printf(" rem\n");
-	}
-	BN_CTX_free(&ctx);
-	BN_RECP_CTX_free(&recp);
-
-	BN_free(&r);
-	BN_free(&rr);
-	BN_free(&d);
-	BN_free(&dd);
-	BN_free(&a);
-	BN_free(&b);
-
-	{
-	BIO *out;
-
-	if ((out=BIO_new(BIO_s_file())) != NULL)
-		BIO_set_fp(out,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
-
-        CRYPTO_mem_leaks(out);
-	BIO_free(out);
-	}
-
-	}
diff --git a/crypto/bn/divtest.c b/crypto/bn/divtest.c
new file mode 100644
index 0000000000..d3fc688f33
--- /dev/null
+++ b/crypto/bn/divtest.c
@@ -0,0 +1,41 @@
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+
+static int Rand(n)
+{
+    unsigned char x[2];
+    RAND_pseudo_bytes(x,2);
+    return (x[0] + 2*x[1]);
+}
+
+static void bug(char *m, BIGNUM *a, BIGNUM *b)
+{
+    printf("%s!\na=",m);
+    BN_print_fp(stdout, a);
+    printf("\nb=");
+    BN_print_fp(stdout, b);
+    printf("\n");
+    fflush(stdout);
+}
+
+main()
+{
+    BIGNUM *a=BN_new(), *b=BN_new(), *c=BN_new(), *d=BN_new(),
+	*C=BN_new(), *D=BN_new();
+    BN_RECP_CTX *recp=BN_RECP_CTX_new();
+    BN_CTX *ctx=BN_CTX_new();
+
+    for(;;) {
+	BN_pseudo_rand(a,Rand(),0,0);
+	BN_pseudo_rand(b,Rand(),0,0);
+	if (BN_is_zero(b)) continue;
+
+	BN_RECP_CTX_set(recp,b,ctx);
+	if (BN_div(C,D,a,b,ctx) != 1)
+	    bug("BN_div failed",a,b);
+	if (BN_div_recp(c,d,a,recp,ctx) != 1)
+	    bug("BN_div_recp failed",a,b);
+	else if (BN_cmp(c,C) != 0 || BN_cmp(c,C) != 0)
+	    bug("mismatch",a,b);
+    }
+}
diff --git a/crypto/bn/exp.c b/crypto/bn/exp.c
index 2427116564..4865b0ef74 100644
--- a/crypto/bn/exp.c
+++ b/crypto/bn/exp.c
@@ -1,5 +1,7 @@
+/* unused */
+
 #include <stdio.h>
-#include "tmdiff.h"
+#include <openssl/tmdiff.h>
 #include "bn_lcl.h"
 
 #define SIZE	256
@@ -43,12 +45,12 @@ char *argv[];
 		ms_time_get(start);
 		for (i=0; i<num; i++)
 			{
-			//bn_mull(&r,&a,&b,&ctx);
-			//BN_sqr(&r,&a,&ctx);
+			/* bn_mull(&r,&a,&b,&ctx); */
+			/* BN_sqr(&r,&a,&ctx); */
 			BN_mod_exp_mont(&r,&a,&b,&c,&ctx,&mont);
 			}
 		ms_time_get(end);
-		d=ms_time_diff(start,end) *50/33 /**/;
+		d=ms_time_diff(start,end)/* *50/33 */;
 		printf("%5d bit:%6.2f %6d %6.4f %4d m_set(%5.4f)\n",size,
 			d,num,d/num,(int)((d/num)*mod),md/10.0);
 		num/=8;
diff --git a/crypto/bn/expspeed.c b/crypto/bn/expspeed.c
index fe00373246..07a1bcf51c 100644
--- a/crypto/bn/expspeed.c
+++ b/crypto/bn/expspeed.c
@@ -1,3 +1,5 @@
+/* unused */
+
 /* crypto/bn/expspeed.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
@@ -59,6 +61,31 @@
 /* most of this code has been pilfered from my libdes speed.c program */
 
 #define BASENUM	5000
+#define NUM_START 0
+
+
+/* determine timings for modexp, modmul, modsqr, gcd, Kronecker symbol,
+ * modular inverse, or modular square roots */
+#define TEST_EXP
+#undef TEST_MUL
+#undef TEST_SQR
+#undef TEST_GCD
+#undef TEST_KRON
+#undef TEST_INV
+#undef TEST_SQRT
+#define P_MOD_64 9 /* least significant 6 bits for prime to be used for BN_sqrt timings */
+
+#if defined(TEST_EXP) + defined(TEST_MUL) + defined(TEST_SQR) + defined(TEST_GCD) + defined(TEST_KRON) + defined(TEST_INV) +defined(TEST_SQRT) != 1
+#  error "choose one test"
+#endif
+
+#if defined(TEST_INV) || defined(TEST_SQRT)
+#  define C_PRIME
+static void genprime_cb(int p, int n, void *arg);
+#endif
+
+
+
 #undef PROG
 #define PROG bnspeed_main
 
@@ -66,14 +93,14 @@
 #include <stdlib.h>
 #include <signal.h>
 #include <string.h>
-#include "crypto.h"
-#include "err.h"
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
 
-#ifndef MSDOS
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
 #define TIMES
 #endif
 
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -81,15 +108,15 @@
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
@@ -100,18 +127,14 @@ struct tms {
 #include <sys/param.h>
 #endif
 
-#include "bn.h"
-#include "x509.h"
+#include <openssl/bn.h>
+#include <openssl/x509.h>
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
 # ifndef CLK_TCK
 #  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-#   ifndef VMS
-#    define HZ	100.0
-#   else /* VMS */
-#    define HZ	100.0
-#   endif
+#   define HZ	100.0
 #  else /* _BSD_CLK_TCK_ */
 #   define HZ ((double)_BSD_CLK_TCK_)
 #  endif
@@ -124,17 +147,11 @@ struct tms {
 #define BUFSIZE	((long)1024*8)
 int run=0;
 
-#ifndef NOPROTO
 static double Time_F(int s);
-#else
-static double Time_F();
-#endif
-
 #define START	0
 #define STOP	1
 
-static double Time_F(s)
-int s;
+static double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -170,62 +187,167 @@ int s;
 #endif
 	}
 
-#define NUM_SIZES	6
-static int sizes[NUM_SIZES]={256,512,1024,2048,4096,8192};
-static int mul_c[NUM_SIZES]={8*8*8*8*8,8*8*8*8,8*8*8,8*8,8,1};
+#define NUM_SIZES	7
+#if NUM_START > NUM_SIZES
+#   error "NUM_START > NUM_SIZES"
+#endif
+static int sizes[NUM_SIZES]={128,256,512,1024,2048,4096,8192};
+static int mul_c[NUM_SIZES]={8*8*8*8*8*8,8*8*8*8*8,8*8*8*8,8*8*8,8*8,8,1};
 /*static int sizes[NUM_SIZES]={59,179,299,419,539}; */
 
+#define RAND_SEED(string) { const char str[] = string; RAND_seed(string, sizeof str); }
+
 void do_mul_exp(BIGNUM *r,BIGNUM *a,BIGNUM *b,BIGNUM *c,BN_CTX *ctx); 
 
-int main(argc,argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	BN_CTX *ctx;
 	BIGNUM *a,*b,*c,*r;
 
+#if 1
+	if (!CRYPTO_set_mem_debug_functions(0,0,0,0,0))
+		abort();
+#endif
+
 	ctx=BN_CTX_new();
 	a=BN_new();
 	b=BN_new();
 	c=BN_new();
 	r=BN_new();
 
+	while (!RAND_status())
+		/* not enough bits */
+		RAND_SEED("I demand a manual recount!");
+
 	do_mul_exp(r,a,b,c,ctx);
+	return 0;
 	}
 
-void do_mul_exp(r,a,b,c,ctx)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *b;
-BIGNUM *c;
-BN_CTX *ctx;
+void do_mul_exp(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *c, BN_CTX *ctx)
 	{
 	int i,k;
 	double tm;
 	long num;
-	BN_MONT_CTX m;
-
-	memset(&m,0,sizeof(m));
 
 	num=BASENUM;
-	for (i=0; i<NUM_SIZES; i++)
+	for (i=NUM_START; i<NUM_SIZES; i++)
 		{
-		BN_rand(a,sizes[i],1,0);
-		BN_rand(b,sizes[i],1,0);
-		BN_rand(c,sizes[i],1,1);
-		BN_mod(a,a,c,ctx);
-		BN_mod(b,b,c,ctx);
-
-		BN_MONT_CTX_set(&m,c,ctx);
+#ifdef C_PRIME
+#  ifdef TEST_SQRT
+		if (!BN_set_word(a, 64)) goto err;
+		if (!BN_set_word(b, P_MOD_64)) goto err;
+#    define ADD a
+#    define REM b
+#  else
+#    define ADD NULL
+#    define REM NULL
+#  endif
+		if (!BN_generate_prime(c,sizes[i],0,ADD,REM,genprime_cb,NULL)) goto err;
+		putc('\n', stderr);
+		fflush(stderr);
+#endif
 
-		Time_F(START);
 		for (k=0; k<num; k++)
-			BN_mod_exp_mont(r,a,b,c,ctx,&m);
+			{
+			if (k%50 == 0) /* Average over num/50 different choices of random numbers. */
+				{
+				if (!BN_pseudo_rand(a,sizes[i],1,0)) goto err;
+
+				if (!BN_pseudo_rand(b,sizes[i],1,0)) goto err;
+
+#ifndef C_PRIME
+				if (!BN_pseudo_rand(c,sizes[i],1,1)) goto err;
+#endif
+
+#ifdef TEST_SQRT				
+				if (!BN_mod_sqr(a,a,c,ctx)) goto err;
+				if (!BN_mod_sqr(b,b,c,ctx)) goto err;
+#else
+				if (!BN_nnmod(a,a,c,ctx)) goto err;
+				if (!BN_nnmod(b,b,c,ctx)) goto err;
+#endif
+
+				if (k == 0)
+					Time_F(START);
+				}
+
+#if defined(TEST_EXP)
+			if (!BN_mod_exp(r,a,b,c,ctx)) goto err;
+#elif defined(TEST_MUL)
+			{
+			int i = 0;
+			for (i = 0; i < 50; i++)
+				if (!BN_mod_mul(r,a,b,c,ctx)) goto err;
+			}
+#elif defined(TEST_SQR)
+			{
+			int i = 0;
+			for (i = 0; i < 50; i++)
+				{
+				if (!BN_mod_sqr(r,a,c,ctx)) goto err;
+				if (!BN_mod_sqr(r,b,c,ctx)) goto err;
+				}
+			}
+#elif defined(TEST_GCD)
+			if (!BN_gcd(r,a,b,ctx)) goto err;
+			if (!BN_gcd(r,b,c,ctx)) goto err;
+			if (!BN_gcd(r,c,a,ctx)) goto err;
+#elif defined(TEST_KRON)
+			if (-2 == BN_kronecker(a,b,ctx)) goto err;
+			if (-2 == BN_kronecker(b,c,ctx)) goto err;
+			if (-2 == BN_kronecker(c,a,ctx)) goto err;
+#elif defined(TEST_INV)
+			if (!BN_mod_inverse(r,a,c,ctx)) goto err;
+			if (!BN_mod_inverse(r,b,c,ctx)) goto err;
+#else /* TEST_SQRT */
+			if (!BN_mod_sqrt(r,a,c,ctx)) goto err;
+			if (!BN_mod_sqrt(r,b,c,ctx)) goto err;
+#endif
+			}
 		tm=Time_F(STOP);
-		printf("mul %4d ^ %4d %% %d -> %8.3fms %5.1f\n",sizes[i],sizes[i],sizes[i],tm*1000.0/num,tm*mul_c[i]/num);
+		printf(
+#if defined(TEST_EXP)
+			"modexp %4d ^ %4d %% %4d"
+#elif defined(TEST_MUL)
+			"50*modmul %4d %4d %4d"
+#elif defined(TEST_SQR)
+			"100*modsqr %4d %4d %4d"
+#elif defined(TEST_GCD)
+			"3*gcd %4d %4d %4d"
+#elif defined(TEST_KRON)
+			"3*kronecker %4d %4d %4d"
+#elif defined(TEST_INV)
+			"2*inv %4d %4d mod %4d"
+#else /* TEST_SQRT */
+			"2*sqrt [prime == %d (mod 64)] %4d %4d mod %4d"
+#endif
+			" -> %8.3fms %5.1f (%ld)\n",
+#ifdef TEST_SQRT
+			P_MOD_64,
+#endif
+			sizes[i],sizes[i],sizes[i],tm*1000.0/num,tm*mul_c[i]/num, num);
 		num/=7;
 		if (num <= 0) num=1;
 		}
+	return;
 
+ err:
+	ERR_print_errors_fp(stderr);
 	}
 
+
+#ifdef C_PRIME
+static void genprime_cb(int p, int n, void *arg)
+	{
+	char c='*';
+
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
+	putc(c, stderr);
+	fflush(stderr);
+	(void)n;
+	(void)arg;
+	}
+#endif
diff --git a/crypto/bn/exptest.c b/crypto/bn/exptest.c
index 1ec61c2c87..621e6a9eee 100644
--- a/crypto/bn/exptest.c
+++ b/crypto/bn/exptest.c
@@ -59,32 +59,40 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "bio.h"
-#include "bn.h"
-#include "rand.h"
-#include "err.h"
-#ifdef WINDOWS
+
+#include "../e_os.h"
+
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#ifdef OPENSSL_SYS_WINDOWS
 #include "../bio/bss_file.c"
 #endif
 
 #define NUM_BITS	(BN_BITS*2)
 
-int main(argc,argv)
-int argc;
-char *argv[];
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+int main(int argc, char *argv[])
 	{
 	BN_CTX *ctx;
 	BIO *out=NULL;
 	int i,ret;
 	unsigned char c;
-	BIGNUM *r_mont,*r_recp,*a,*b,*m;
+	BIGNUM *r_mont,*r_recp,*r_simple,*a,*b,*m;
+
+	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_rand may fail, and we don't
+	                                       * even check its return value
+	                                       * (which we should) */
 
 	ERR_load_BN_strings();
 
 	ctx=BN_CTX_new();
-	if (ctx == NULL) exit(1);
+	if (ctx == NULL) EXIT(1);
 	r_mont=BN_new();
 	r_recp=BN_new();
+	r_simple=BN_new();
 	a=BN_new();
 	b=BN_new();
 	m=BN_new();
@@ -94,7 +102,7 @@ char *argv[];
 
 	out=BIO_new(BIO_s_file());
 
-	if (out == NULL) exit(1);
+	if (out == NULL) EXIT(1);
 	BIO_set_fp(out,stdout,BIO_NOCLOSE);
 
 	for (i=0; i<200; i++)
@@ -119,7 +127,7 @@ char *argv[];
 			{
 			printf("BN_mod_exp_mont() problems\n");
 			ERR_print_errors(out);
-			exit(1);
+			EXIT(1);
 			}
 
 		ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
@@ -127,33 +135,56 @@ char *argv[];
 			{
 			printf("BN_mod_exp_recp() problems\n");
 			ERR_print_errors(out);
-			exit(1);
+			EXIT(1);
+			}
+
+		ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
+		if (ret <= 0)
+			{
+			printf("BN_mod_exp_simple() problems\n");
+			ERR_print_errors(out);
+			EXIT(1);
 			}
-		
-		if (BN_cmp(r_mont,r_recp) != 0)
+
+		if (BN_cmp(r_simple, r_mont) == 0
+		    && BN_cmp(r_simple,r_recp) == 0)
 			{
-			printf("\nmont and recp results differ\n");
+			printf(".");
+			fflush(stdout);
+			}
+		else
+		  	{
+			if (BN_cmp(r_simple,r_mont) != 0)
+				printf("\nsimple and mont results differ\n");
+			if (BN_cmp(r_simple,r_recp) != 0)
+				printf("\nsimple and recp results differ\n");
+
 			printf("a (%3d) = ",BN_num_bits(a));   BN_print(out,a);
 			printf("\nb (%3d) = ",BN_num_bits(b)); BN_print(out,b);
 			printf("\nm (%3d) = ",BN_num_bits(m)); BN_print(out,m);
+			printf("\nsimple   =");	BN_print(out,r_simple);
 			printf("\nrecp     =");	BN_print(out,r_recp);
 			printf("\nmont     ="); BN_print(out,r_mont);
 			printf("\n");
-			exit(1);
-			}
-		else
-			{
-			printf(".");
-			fflush(stdout);
+			EXIT(1);
 			}
 		}
+	BN_free(r_mont);
+	BN_free(r_recp);
+	BN_free(r_simple);
+	BN_free(a);
+	BN_free(b);
+	BN_free(m);
+	BN_CTX_free(ctx);
+	ERR_remove_state(0);
 	CRYPTO_mem_leaks(out);
+	BIO_free(out);
 	printf(" done\n");
-	exit(0);
+	EXIT(0);
 err:
 	ERR_load_crypto_strings();
 	ERR_print_errors(out);
-	exit(1);
+	EXIT(1);
 	return(1);
 	}
 
diff --git a/crypto/bn/m.pl b/crypto/bn/m.pl
deleted file mode 100644
index f69b036666..0000000000
--- a/crypto/bn/m.pl
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/usr/local/bin/perl
-
-
-for ($i=0; $i<256; $i++)
-	{
-	for ($j=0; $j<256; $j++)
-		{
-		$a0=$i&0x0f;
-		$a1=($i>>4)&0x0f;
-		$b0=$j&0x0f;
-		$b1=($j>>4)&0x0f;
-
-		$a0b0=$a0*$b0;
-		$a1b1=$a1*$b1;
-
-		$a01=$a0-$a1;
-		$b10=$b1-$b0;
-		$a01b10=$a01*$b10;
-
-		if ($a01b10 < 0)
-			{
-			$neg=1;
-			$a01b10= -$a01b10;
-			}
-		$t=($a0b0>>4)+($a0b0&0x0f)+($a1b1&0x0f);
-		if ($neg)
-			{ $t-=($a01b10&0x0f); }
-		else	{ $t+=($a01b10&0x0f); }
-		printf("%02X %s%02X %02X\n",$a1b1,($neg)?"-":" ",$a01b10,$a0b0)
-			if ($t < 0)
-		}
-	}
diff --git a/crypto/bn/new b/crypto/bn/new
deleted file mode 100644
index 285d506f19..0000000000
--- a/crypto/bn/new
+++ /dev/null
@@ -1,23 +0,0 @@
-void BN_RECP_CTX_init(BN_RECP_CTX *recp);
-BN_RECP_CTX *BN_RECP_CTX_new();
-void BN_RECP_CTX_free(BN_RECP_CTX *recp);
-int BN_RECP_CTX_set(BN_RECP_CTX *recp,BIGNUM *div,BN_CTX *ctx);
-
-int BN_mod_exp_recp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,
-	BN_RECP_CTX *recp,BN_CTX *ctx);
-
-int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d,
-	BN_RECP_CTX *recp, BN_CTX *ctx);
-int BN_mod_recp(BIGNUM *rem, BIGNUM *m, BIGNUM *d,
-	BN_RECP_CTX *recp, BN_CTX *ctx);
-int BN_mod_mul_recp(BIGNUM *ret,BIGNUM *a,BIGNUM *b,BIGNUM *m
-
-int BN_mod_exp_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *p,
-	BN_MONT_CTX *m_ctx,BN_CTX *ctx);
-int BN_mod_exp2_montgomery(BIGNUM *r, BIGNUM *a1, BIGNUM *p1,BIGNUM *a2,
-                BIGNUM *p2,BN_MONT_CTX *m_ctx,BN_CTX *ctx);
-
-
-bn_div64 -> bn_div_words
-
-
diff --git a/crypto/bn/old/b_sqr.c b/crypto/bn/old/b_sqr.c
deleted file mode 100644
index e1a61b8471..0000000000
--- a/crypto/bn/old/b_sqr.c
+++ /dev/null
@@ -1,205 +0,0 @@
-/* crypto/bn/bn_mul.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-static int bn_mm(BIGNUM *m,BIGNUM *A,BIGNUM *B, BIGNUM *sk,BN_CTX *ctx);
-
-/* r must be different to a and b */
-/* int BN_mmul(r, a, b) */
-int BN_mul(r, a, b)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *b;
-	{
-	BN_ULONG *ap,*bp,*rp;
-	BIGNUM *sk;
-	int i,n,ret;
-	int max,al,bl;
-	BN_CTX ctx;
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-	al=a->top;
-	bl=b->top;
-	if ((al == 0) || (bl == 0))
-		{
-		r->top=0;
-		return(1);
-		}
-#ifdef BN_MUL_DEBUG
-printf("BN_mul(%d,%d)\n",a->top,b->top);
-#endif
-
-	if (	(bn_limit_bits > 0) &&
-		(bl > bn_limit_num) && (al > bn_limit_num))
-		{
-		n=(BN_num_bits_word(al|bl)-bn_limit_bits);
-		n*=2;
-		sk=(BIGNUM *)Malloc(sizeof(BIGNUM)*n);
-		memset(sk,0,sizeof(BIGNUM)*n);
-		memset(&ctx,0,sizeof(ctx));
-
-		ret=bn_mm(r,a,b,&(sk[0]),&ctx);
-		for (i=0; i<n; i+=2)
-			{
-			BN_clear_free(&sk[i]);
-			BN_clear_free(&sk[i+1]);
-			}
-		Free(sk);
-		return(ret);
-		}
-
-	max=(al+bl);
-	if (bn_wexpand(r,max) == NULL) return(0);
-	r->top=max;
-	r->neg=a->neg^b->neg;
-	ap=a->d;
-	bp=b->d;
-	rp=r->d;
-
-	rp[al]=bn_mul_words(rp,ap,al,*(bp++));
-	rp++;
-	for (i=1; i<bl; i++)
-		{
-		rp[al]=bn_mul_add_words(rp,ap,al,*(bp++));
-		rp++;
-		}
-	if ((max > 0) && (r->d[max-1] == 0)) r->top--;
-	return(1);
-	}
-
-
-#define ahal	(sk[0])
-#define blbh	(sk[1])
-
-/* r must be different to a and b */
-int bn_mm(m, A, B, sk,ctx)
-BIGNUM *m,*A,*B;
-BIGNUM *sk;
-BN_CTX *ctx;
-	{
-	int n,num,sqr=0;
-	int an,bn;
-	BIGNUM ah,al,bh,bl;
-
-	an=A->top;
-	bn=B->top;
-#ifdef BN_MUL_DEBUG
-printf("bn_mm(%d,%d)\n",A->top,B->top);
-#endif
-
-	if (A == B) sqr=1;
-	num=(an>bn)?an:bn;
-	n=(num+1)/2;
-	/* Are going to now chop things into 'num' word chunks. */
-
-	BN_init(&ah);
-	BN_init(&al);
-	BN_init(&bh);
-	BN_init(&bl);
-
-	bn_set_low (&al,A,n);
-	bn_set_high(&ah,A,n);
-	bn_set_low (&bl,B,n);
-	bn_set_high(&bh,B,n);
-
-	BN_sub(&ahal,&ah,&al);
-	BN_sub(&blbh,&bl,&bh);
-
-	if (num <= (bn_limit_num+bn_limit_num))
-		{
-		BN_mul(m,&ahal,&blbh);
-		if (sqr)
-			{
-			BN_sqr(&ahal,&al,ctx);
-			BN_sqr(&blbh,&ah,ctx);
-			}
-		else
-			{
-			BN_mul(&ahal,&al,&bl);
-			BN_mul(&blbh,&ah,&bh);
-			}
-		}
-	else
-		{
-		bn_mm(m,&ahal,&blbh,&(sk[2]),ctx);
-		bn_mm(&ahal,&al,&bl,&(sk[2]),ctx);
-		bn_mm(&blbh,&ah,&bh,&(sk[2]),ctx);
-		}
-
-	BN_add(m,m,&ahal);
-	BN_add(m,m,&blbh);
-
-	BN_lshift(m,m,n*BN_BITS2);
-	BN_lshift(&blbh,&blbh,n*BN_BITS2*2);
-
-	BN_add(m,m,&ahal);
-	BN_add(m,m,&blbh);
-
-	m->neg=A->neg^B->neg;
-	return(1);
-	}
-#undef ahal	(sk[0])
-#undef blbh	(sk[1])
-
-#include "bn_low.c"
-#include "bn_high.c"
diff --git a/crypto/bn/old/bn_high.c b/crypto/bn/old/bn_high.c
deleted file mode 100644
index 90268fb31a..0000000000
--- a/crypto/bn/old/bn_high.c
+++ /dev/null
@@ -1,137 +0,0 @@
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#undef BN_MUL_HIGH_DEBUG
-
-#ifdef BN_MUL_HIGH_DEBUG
-#define debug_BN_print(a,b,c) BN_print_fp(a,b); printf(c);
-#else
-#define debug_BN_print(a,b,c)
-#endif
-
-int BN_mul_high(BIGNUM *r,BIGNUM *a,BIGNUM *b,BIGNUM *low, int words);
-
-#undef t1
-#undef t2
-
-int BN_mul_high(r,a,b,low,words)
-BIGNUM *r,*a,*b,*low;
-int words;
-	{
-	int w2,borrow=0,full=0;
-	BIGNUM t1,t2,t3,h,ah,al,bh,bl,m,s0,s1;
-	BN_ULONG ul1,ul2;
-	
-	BN_mul(r,a,b);
-	BN_rshift(r,r,words*BN_BITS2);
-	return(1);
-
-	w2=(words+1)/2;
-
-#ifdef BN_MUL_HIGH_DEBUG
-fprintf(stdout,"words=%d w2=%d\n",words,w2);
-#endif
-debug_BN_print(stdout,a," a\n");
-debug_BN_print(stdout,b," b\n");
-debug_BN_print(stdout,low," low\n");
-	BN_init(&al); BN_init(&ah);
-	BN_init(&bl); BN_init(&bh);
-	BN_init(&t1); BN_init(&t2); BN_init(&t3);
-	BN_init(&s0); BN_init(&s1);
-	BN_init(&h); BN_init(&m);
-
-	bn_set_low (&al,a,w2);
-	bn_set_high(&ah,a,w2);
-	bn_set_low (&bl,b,w2);
-	bn_set_high(&bh,b,w2);
-
-	bn_set_low(&s0,low,w2);
-	bn_set_high(&s1,low,w2);
-
-debug_BN_print(stdout,&al," al\n");
-debug_BN_print(stdout,&ah," ah\n");
-debug_BN_print(stdout,&bl," bl\n");
-debug_BN_print(stdout,&bh," bh\n");
-debug_BN_print(stdout,&s0," s0\n");
-debug_BN_print(stdout,&s1," s1\n");
-
-	/* Calculate (al-ah)*(bh-bl) */
-	BN_sub(&t1,&al,&ah);
-	BN_sub(&t2,&bh,&bl);
-	BN_mul(&m,&t1,&t2);
-
-	/* Calculate ah*bh */
-	BN_mul(&h,&ah,&bh);
-
-	/* s0 == low(al*bl)
-	 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
-	 * We know s0 and s1 so the only unknown is high(al*bl)
-	 * high(al*bl) == s1 - low(ah*bh+(al-ah)*(bh-bl)+s0)
-	 */
-	BN_add(&m,&m,&h);
-	BN_add(&t2,&m,&s0);
-
-debug_BN_print(stdout,&t2," middle value\n");
-
-	/* Quick and dirty mask off of high words */
-	if (w2 < t2.top) t2.top=w2;
-#if 0
-	bn_set_low(&t3,&t2,w2);
-#endif
-
-debug_BN_print(stdout,&t2," low middle value\n");
-	BN_sub(&t1,&s1,&t2);
-
-	if (t1.neg)
-		{
-debug_BN_print(stdout,&t1," before\n");
-		BN_zero(&t2);
-		BN_set_bit(&t2,w2*BN_BITS2);
-		BN_add(&t1,&t2,&t1);
-		/* BN_mask_bits(&t1,w2*BN_BITS2); */
-		/* if (words < t1.top) t1.top=words; */
-debug_BN_print(stdout,&t1," after\n");
-		borrow=1;
-		}
-
-/* XXXXX SPEED THIS UP */
-	/* al*bl == high(al*bl)<<words+s0 */
-	BN_lshift(&t1,&t1,w2*BN_BITS2);
-	BN_add(&t1,&t1,&s0);
-	if (w2*2 < t1.top) t1.top=w2*2; /* This should not happen? */
-	
-	/* We now have
-	 * al*bl			- t1
-	 * (al-ah)*(bh-bl)+ah*bh	- m
-	 * ah*bh			- h
-	 */
-#if 0
-	BN_add(&m,&m,&t1);
-debug_BN_print(stdout,&t1," s10\n");
-debug_BN_print(stdout,&m," s21\n");
-debug_BN_print(stdout,&h," s32\n");
-	BN_lshift(&m,&m,w2*BN_BITS2);
-	BN_lshift(&h,&h,w2*2*BN_BITS2);
-	BN_add(r,&m,&t1);
-	BN_add(r,r,&h);
-	BN_rshift(r,r,w2*2*BN_BITS2);
-#else
-	BN_add(&m,&m,&t1); 		/* Do a cmp then +1 if needed? */
-	bn_set_high(&t3,&t1,w2);
-	BN_add(&m,&m,&t3);
-	bn_set_high(&t3,&m,w2);
-	BN_add(r,&h,&t3);
-#endif
-
-#ifdef BN_MUL_HIGH_DEBUG
-printf("carry=%d\n",borrow);
-#endif
-debug_BN_print(stdout,r," ret\n");
-	BN_free(&t1); BN_free(&t2);
-	BN_free(&m); BN_free(&h);
-	return(1);
-	}
-
-
-
diff --git a/crypto/bn/old/bn_ka.c b/crypto/bn/old/bn_ka.c
deleted file mode 100644
index b49a52aa73..0000000000
--- a/crypto/bn/old/bn_ka.c
+++ /dev/null
@@ -1,578 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <strings.h>
-#include "bn_lcl.h"
-
-/* r is 2*n2 words in size,
- * a and b are both n2 words in size.
- * n2 must be a power of 2.
- * We multiply and return the result.
- * t must be 2*n2 words in size
- * We calulate
- * a[0]*b[0]
- * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
- * a[1]*b[1]
- */
-void bn_mul_recursive(r,a,b,n2,t)
-BN_ULONG *r,*a,*b;
-int n2;
-BN_ULONG *t;
-	{
-	int n=n2/2;
-	int neg,zero,c1,c2;
-	BN_ULONG ln,lo,*p;
-
-#ifdef BN_COUNT
-printf(" bn_mul_recursive %d * %d\n",n2,n2);
-#endif
-	if (n2 <= 8)
-		{
-		if (n2 == 8)
-			bn_mul_comba8(r,a,b);
-		else
-			bn_mul_normal(r,a,n2,b,n2);
-		return;
-		}
-
-	if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
-		{
-		/* This should not happen */
-		/*abort(); */
-		bn_mul_normal(r,a,n2,b,n2);
-		return;
-		}
-	/* r=(a[0]-a[1])*(b[1]-b[0]) */
-	c1=bn_cmp_words(a,&(a[n]),n);
-	c2=bn_cmp_words(&(b[n]),b,n);
-	zero=neg=0;
-	switch (c1*3+c2)
-		{
-	case -4:
-		bn_sub_words(t,      &(a[n]),a,      n); /* - */
-		bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
-		break;
-	case -3:
-		zero=1;
-		break;
-	case -2:
-		bn_sub_words(t,      &(a[n]),a,      n); /* - */
-		bn_sub_words(&(t[n]),&(b[n]),b,      n); /* + */
-		neg=1;
-		break;
-	case -1:
-	case 0:
-	case 1:
-		zero=1;
-		break;
-	case 2:
-		bn_sub_words(t,      a,      &(a[n]),n); /* + */
-		bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
-		neg=1;
-		break;
-	case 3:
-		zero=1;
-		break;
-	case 4:
-		bn_sub_words(t,      a,      &(a[n]),n);
-		bn_sub_words(&(t[n]),&(b[n]),b,      n);
-		break;
-		}
-
-	if (n == 8)
-		{
-		if (!zero)
-			bn_mul_comba8(&(t[n2]),t,&(t[n]));
-		else
-			memset(&(t[n2]),0,8*sizeof(BN_ULONG));
-		
-		bn_mul_comba8(r,a,b);
-		bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n]));
-		}
-	else
-		{
-		p= &(t[n2*2]);
-		if (!zero)
-			bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
-		else
-			memset(&(t[n2]),0,n*sizeof(BN_ULONG));
-		bn_mul_recursive(r,a,b,n,p);
-		bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,p);
-		}
-
-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
-	 * r[10] holds (a[0]*b[0])
-	 * r[32] holds (b[1]*b[1])
-	 */
-
-	c1=bn_add_words(t,r,&(r[n2]),n2);
-
-	if (neg) /* if t[32] is negative */
-		{
-		c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
-		}
-	else
-		{
-		/* Might have a carry */
-		c1+=bn_add_words(&(t[n2]),&(t[n2]),t,n2);
-		}
-
-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
-	 * r[10] holds (a[0]*b[0])
-	 * r[32] holds (b[1]*b[1])
-	 * c1 holds the carry bits
-	 */
-	c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
-	if (c1)
-		{
-		p= &(r[n+n2]);
-		lo= *p;
-		ln=(lo+c1)&BN_MASK2;
-		*p=ln;
-
-		/* The overflow will stop before we over write
-		 * words we should not overwrite */
-		if (ln < c1)
-			{
-			do	{
-				p++;
-				lo= *p;
-				ln=(lo+1)&BN_MASK2;
-				*p=ln;
-				} while (ln == 0);
-			}
-		}
-	}
-
-/* n+tn is the word length
- * t needs to be n*4 is size, as does r */
-void bn_mul_part_recursive(r,a,b,tn,n,t)
-BN_ULONG *r,*a,*b;
-int tn,n;
-BN_ULONG *t;
-	{
-	int n2=n*2,i,j;
-	int c1;
-	BN_ULONG ln,lo,*p;
-
-#ifdef BN_COUNT
-printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
-#endif
-	if (n < 8)
-		{
-		i=tn+n;
-		bn_mul_normal(r,a,i,b,i);
-		return;
-		}
-
-	/* r=(a[0]-a[1])*(b[1]-b[0]) */
-	bn_sub_words(t,      a,      &(a[n]),n); /* + */
-	bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
-
-	if (n == 8)
-		{
-		bn_mul_comba8(&(t[n2]),t,&(t[n]));
-		bn_mul_comba8(r,a,b);
-		bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
-		memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
-		}
-	else
-		{
-		p= &(t[n2*2]);
-		bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
-		bn_mul_recursive(r,a,b,n,p);
-		i=n/2;
-		/* If there is only a bottom half to the number,
-		 * just do it */
-		j=tn-i;
-		if (j == 0)
-			{
-			bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),i,p);
-			memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2));
-			}
-		else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */
-				{
-				bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]),
-					j,i,p);
-				memset(&(r[n2+tn*2]),0,
-					sizeof(BN_ULONG)*(n2-tn*2));
-				}
-		else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
-			{
-			memset(&(r[n2]),0,sizeof(BN_ULONG)*(tn*2));
-			for (;;)
-				{
-				i/=2;
-				if (i < tn)
-					{
-					bn_mul_part_recursive(&(r[n2]),
-						&(a[n]),&(b[n]),
-						tn-i,i,p);
-					break;
-					}
-				else if (i == tn)
-					{
-					bn_mul_recursive(&(r[n2]),
-						&(a[n]),&(b[n]),
-						i,p);
-					break;
-					}
-				}
-			}
-		}
-
-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
-	 * r[10] holds (a[0]*b[0])
-	 * r[32] holds (b[1]*b[1])
-	 */
-
-	c1=bn_add_words(t,r,&(r[n2]),n2);
-	c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
-
-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
-	 * r[10] holds (a[0]*b[0])
-	 * r[32] holds (b[1]*b[1])
-	 * c1 holds the carry bits
-	 */
-	c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
-	if (c1)
-		{
-		p= &(r[n+n2]);
-		lo= *p;
-		ln=(lo+c1)&BN_MASK2;
-		*p=ln;
-
-		/* The overflow will stop before we over write
-		 * words we should not overwrite */
-		if (ln < c1)
-			{
-			do	{
-				p++;
-				lo= *p;
-				ln=(lo+1)&BN_MASK2;
-				*p=ln;
-				} while (ln == 0);
-			}
-		}
-	}
-
-/* r is 2*n words in size,
- * a and b are both n words in size.
- * n must be a power of 2.
- * We multiply and return the result.
- * t must be 2*n words in size
- * We calulate
- * a[0]*b[0]
- * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
- * a[1]*b[1]
- */
-void bn_sqr_recursive(r,a,n2,t)
-BN_ULONG *r,*a;
-int n2;
-BN_ULONG *t;
-	{
-	int n=n2/2;
-	int zero,c1;
-	BN_ULONG ln,lo,*p;
-
-#ifdef BN_COUNT
-printf(" bn_sqr_recursive %d * %d\n",n2,n2);
-#endif
-	if (n2 == 4)
-		{
-		bn_sqr_comba4(r,a);
-		return;
-		}
-	else if (n2 == 8)
-		{
-		bn_sqr_comba8(r,a);
-		return;
-		}
-	if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL)
-		{
-		bn_sqr_normal(r,a,n2,t);
-		return;
-		abort();
-		}
-	/* r=(a[0]-a[1])*(a[1]-a[0]) */
-	c1=bn_cmp_words(a,&(a[n]),n);
-	zero=0;
-	if (c1 > 0)
-		bn_sub_words(t,a,&(a[n]),n);
-	else if (c1 < 0)
-		bn_sub_words(t,&(a[n]),a,n);
-	else
-		zero=1;
-
-	/* The result will always be negative unless it is zero */
-
-	if (n == 8)
-		{
-		if (!zero)
-			bn_sqr_comba8(&(t[n2]),t);
-		else
-			memset(&(t[n2]),0,8*sizeof(BN_ULONG));
-		
-		bn_sqr_comba8(r,a);
-		bn_sqr_comba8(&(r[n2]),&(a[n]));
-		}
-	else
-		{
-		p= &(t[n2*2]);
-		if (!zero)
-			bn_sqr_recursive(&(t[n2]),t,n,p);
-		else
-			memset(&(t[n2]),0,n*sizeof(BN_ULONG));
-		bn_sqr_recursive(r,a,n,p);
-		bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
-		}
-
-	/* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
-	 * r[10] holds (a[0]*b[0])
-	 * r[32] holds (b[1]*b[1])
-	 */
-
-	c1=bn_add_words(t,r,&(r[n2]),n2);
-
-	/* t[32] is negative */
-	c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
-
-	/* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
-	 * r[10] holds (a[0]*a[0])
-	 * r[32] holds (a[1]*a[1])
-	 * c1 holds the carry bits
-	 */
-	c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
-	if (c1)
-		{
-		p= &(r[n+n2]);
-		lo= *p;
-		ln=(lo+c1)&BN_MASK2;
-		*p=ln;
-
-		/* The overflow will stop before we over write
-		 * words we should not overwrite */
-		if (ln < c1)
-			{
-			do	{
-				p++;
-				lo= *p;
-				ln=(lo+1)&BN_MASK2;
-				*p=ln;
-				} while (ln == 0);
-			}
-		}
-	}
-
-#if 1
-/* a and b must be the same size, which is n2.
- * r needs to be n2 words and t needs to be n2*2
- */
-void bn_mul_low_recursive(r,a,b,n2,t)
-BN_ULONG *r,*a,*b;
-int n2;
-BN_ULONG *t;
-	{
-	int n=n2/2;
-
-#ifdef BN_COUNT
-printf(" bn_mul_low_recursive %d * %d\n",n2,n2);
-#endif
-
-	bn_mul_recursive(r,a,b,n,&(t[0]));
-	if (n > BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)
-		{
-		bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2]));
-		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
-		bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2]));
-		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
-		}
-	else
-		{
-		bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n);
-		bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n);
-		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
-		bn_add_words(&(r[n]),&(r[n]),&(t[n]),n);
-		}
-	}
-
-/* a and b must be the same size, which is n2.
- * r needs to be n2 words and t needs to be n2*2
- * l is the low words of the output.
- * t needs to be n2*3
- */
-void bn_mul_high(r,a,b,l,n2,t)
-BN_ULONG *r,*a,*b,*l;
-int n2;
-BN_ULONG *t;
-	{
-	int j,i,n,c1,c2;
-	int neg,oneg,zero;
-	BN_ULONG ll,lc,*lp,*mp;
-
-#ifdef BN_COUNT
-printf(" bn_mul_high %d * %d\n",n2,n2);
-#endif
-	n=(n2+1)/2;
-
-	/* Calculate (al-ah)*(bh-bl) */
-	neg=zero=0;
-	c1=bn_cmp_words(&(a[0]),&(a[n]),n);
-	c2=bn_cmp_words(&(b[n]),&(b[0]),n);
-	switch (c1*3+c2)
-		{
-	case -4:
-		bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
-		bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
-		break;
-	case -3:
-		zero=1;
-		break;
-	case -2:
-		bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
-		bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
-		neg=1;
-		break;
-	case -1:
-	case 0:
-	case 1:
-		zero=1;
-		break;
-	case 2:
-		bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
-		bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
-		neg=1;
-		break;
-	case 3:
-		zero=1;
-		break;
-	case 4:
-		bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
-		bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
-		break;
-		}
-		
-	oneg=neg;
-	/* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
-	bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,&(t[n2]));
-	/* r[10] = (a[1]*b[1]) */
-	bn_mul_recursive(r,&(a[n]),&(b[n]),n,&(t[n2]));
-
-	/* s0 == low(al*bl)
-	 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
-	 * We know s0 and s1 so the only unknown is high(al*bl)
-	 * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
-	 * high(al*bl) == s1 - (r[0]+l[0]+t[0])
-	 */
-	if (l != NULL)
-		{
-		lp= &(t[n2+n]);
-		c1=bn_add_words(lp,&(r[0]),&(l[0]),n);
-		}
-	else
-		{
-		c1=0;
-		lp= &(r[0]);
-		}
-
-	if (neg)
-		neg=bn_sub_words(&(t[n2]),lp,&(t[0]),n);
-	else
-		{
-		bn_add_words(&(t[n2]),lp,&(t[0]),n);
-		neg=0;
-		}
-
-	if (l != NULL)
-		{
-		bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n);
-		}
-	else
-		{
-		lp= &(t[n2+n]);
-		mp= &(t[n2]);
-		for (i=0; i<n; i++)
-			lp[i]=((~mp[i])+1)&BN_MASK2;
-		}
-
-	/* s[0] = low(al*bl)
-	 * t[3] = high(al*bl)
-	 * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign
-	 * r[10] = (a[1]*b[1])
-	 */
-	/* R[10] = al*bl
-	 * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0])
-	 * R[32] = ah*bh
-	 */
-	/* R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
-	 * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
-	 * R[3]=r[1]+(carry/borrow)
-	 */
-	if (l != NULL)
-		{
-		lp= &(t[n2]);
-		c1= bn_add_words(lp,&(t[n2+n]),&(l[0]),n);
-		}
-	else
-		{
-		lp= &(t[n2+n]);
-		c1=0;
-		}
-	c1+=bn_add_words(&(t[n2]),lp,  &(r[0]),n);
-	if (oneg)
-		c1-=bn_sub_words(&(t[n2]),&(t[n2]),&(t[0]),n);
-	else
-		c1+=bn_add_words(&(t[n2]),&(t[n2]),&(t[0]),n);
-
-	c2 =bn_add_words(&(r[0]),&(r[0]),&(t[n2+n]),n);
-	c2+=bn_add_words(&(r[0]),&(r[0]),&(r[n]),n);
-	if (oneg)
-		c2-=bn_sub_words(&(r[0]),&(r[0]),&(t[n]),n);
-	else
-		c2+=bn_add_words(&(r[0]),&(r[0]),&(t[n]),n);
-	
-	if (c1 != 0) /* Add starting at r[0], could be +ve or -ve */
-		{
-		i=0;
-		if (c1 > 0)
-			{
-			lc=c1;
-			do	{
-				ll=(r[i]+lc)&BN_MASK2;
-				r[i++]=ll;
-				lc=(lc > ll);
-				} while (lc);
-			}
-		else
-			{
-			lc= -c1;
-			do	{
-				ll=r[i];
-				r[i++]=(ll-lc)&BN_MASK2;
-				lc=(lc > ll);
-				} while (lc);
-			}
-		}
-	if (c2 != 0) /* Add starting at r[1] */
-		{
-		i=n;
-		if (c2 > 0)
-			{
-			lc=c2;
-			do	{
-				ll=(r[i]+lc)&BN_MASK2;
-				r[i++]=ll;
-				lc=(lc > ll);
-				} while (lc);
-			}
-		else
-			{
-			lc= -c2;
-			do	{
-				ll=r[i];
-				r[i++]=(ll-lc)&BN_MASK2;
-				lc=(lc > ll);
-				} while (lc);
-			}
-		}
-	}
-#endif
diff --git a/crypto/bn/old/bn_low.c b/crypto/bn/old/bn_low.c
deleted file mode 100644
index 217c8c2f96..0000000000
--- a/crypto/bn/old/bn_low.c
+++ /dev/null
@@ -1,201 +0,0 @@
-/* crypto/bn/bn_mul.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-static int bn_mm_low(BIGNUM *m,BIGNUM *A,BIGNUM *B, int num,
-		BIGNUM *sk,BN_CTX *ctx);
-int BN_mul_low(BIGNUM *r, BIGNUM *a, BIGNUM *b,int words);
-
-/* r must be different to a and b */
-int BN_mul_low(r, a, b, num)
-BIGNUM *r;
-BIGNUM *a;
-BIGNUM *b;
-int num;
-	{
-	BN_ULONG *ap,*bp,*rp;
-	BIGNUM *sk;
-	int j,i,n,ret;
-	int max,al,bl;
-	BN_CTX ctx;
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-#ifdef BN_MUL_DEBUG
-printf("BN_mul_low(%d,%d,%d)\n",a->top,b->top,num);
-#endif
-
-	al=a->top;
-	bl=b->top;
-	if ((al == 0) || (bl == 0))
-		{
-		r->top=0;
-		return(1);
-		}
-
-	if ((bn_limit_bits_low > 0) && (num > bn_limit_num_low))
-		{
-		n=BN_num_bits_word(num*2)-bn_limit_bits_low;
-		n*=2;
-		sk=(BIGNUM *)Malloc(sizeof(BIGNUM)*n);
-		memset(sk,0,sizeof(BIGNUM)*n);
-		memset(&ctx,0,sizeof(ctx));
-
-		ret=bn_mm_low(r,a,b,num,&(sk[0]),&ctx);
-		for (i=0; i<n; i+=2)
-			{
-			BN_clear_free(&sk[i]);
-			BN_clear_free(&sk[i+1]);
-			}
-		Free(sk);
-		return(ret);
-		}
-
-	max=(al+bl);
-	if (bn_wexpand(r,max) == NULL) return(0);
-	r->neg=a->neg^b->neg;
-	ap=a->d;
-	bp=b->d;
-	rp=r->d;
-	r->top=(max > num)?num:max;
-
-	rp[al]=bn_mul_words(rp,ap,al,*(bp++));
-	rp++;
-	j=bl;
-	for (i=1; i<j; i++)
-		{
-		if (al >= num--)
-			{
-			al--;
-			if (al <= 0) break;
-			}
-		rp[al]=bn_mul_add_words(rp,ap,al,*(bp++));
-		rp++;
-		}
-	
-	while ((r->top > 0) && (r->d[r->top-1] == 0))
-		r->top--;
-	return(1);
-	}
-
-
-#define t1	(sk[0])
-#define t2	(sk[1])
-
-/* r must be different to a and b */
-int bn_mm_low(m, A, B, num, sk,ctx)
-BIGNUM *m,*A,*B;
-int num;
-BIGNUM *sk;
-BN_CTX *ctx;
-	{
-	int n; /* ,sqr=0; */
-	int an,bn;
-	BIGNUM ah,al,bh,bl;
-
-	bn_wexpand(m,num+3);
-	an=A->top;
-	bn=B->top;
-
-#ifdef BN_MUL_DEBUG
-printf("bn_mm_low(%d,%d,%d)\n",A->top,B->top,num);
-#endif
-
-	n=(num+1)/2;
-
-	BN_init(&ah); BN_init(&al); BN_init(&bh); BN_init(&bl);
-
-	bn_set_low( &al,A,n);
-	bn_set_high(&ah,A,n);
-	bn_set_low( &bl,B,n);
-	bn_set_high(&bh,B,n);
-
-	if (num <= (bn_limit_num_low+bn_limit_num_low))
-		{
-		BN_mul(m,&al,&bl);
-		BN_mul_low(&t1,&al,&bh,n);
-		BN_mul_low(&t2,&ah,&bl,n);
-		}
-	else
-		{
-		bn_mm(m  ,&al,&bl,&(sk[2]),ctx);
-		bn_mm_low(&t1,&al,&bh,n,&(sk[2]),ctx);
-		bn_mm_low(&t2,&ah,&bl,n,&(sk[2]),ctx);
-		}
-
-	BN_add(&t1,&t1,&t2);
-
-	/* We will now do an evil hack instead of
-	 * BN_lshift(&t1,&t1,n*BN_BITS2);
-	 * BN_add(m,m,&t1);
-	 * BN_mask_bits(m,num*BN_BITS2);
-	 */
-	bn_set_high(&ah,m,n); ah.max=num+2;
-	BN_add(&ah,&ah,&t1);
-	m->top=num;
-
-	m->neg=A->neg^B->neg;
-	return(1);
-	}
-
-#undef t1	(sk[0])
-#undef t2	(sk[1])
diff --git a/crypto/bn/old/bn_m.c b/crypto/bn/old/bn_m.c
deleted file mode 100644
index 1cf51e8e2a..0000000000
--- a/crypto/bn/old/bn_m.c
+++ /dev/null
@@ -1,142 +0,0 @@
-/* crypto/bn/bn_m.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-/*#include "cryptlib.h"*/
-#include "bn_lcl.h"
-
-#define limit_bits 5			/* 2^5, or 32 words */
-#define limit_num (1<<limit_bits)
-
-int BN_m(r,a,b)
-BIGNUM *r,*a,*b;
-	{
-	BIGNUM *sk;
-	int i,n;
-
-	n=(BN_num_bits_word(a->top|b->top)-limit_bits);
-	n*=2;
-	sk=(BIGNUM *)malloc(sizeof(BIGNUM)*n);
-	for (i=0; i<n; i++)
-		BN_init(&(sk[i]));
-
-	return(BN_mm(r,a,b,&(sk[0])));
-	}
-
-#define ahal	(sk[0])
-#define blbh	(sk[1])
-
-/* r must be different to a and b */
-int BN_mm(m, A, B, sk)
-BIGNUM *m,*A,*B;
-BIGNUM *sk;
-	{
-	int i,num,anum,bnum;
-	int an,bn;
-	BIGNUM ah,al,bh,bl;
-
-	an=A->top;
-	bn=B->top;
-	if ((an <= limit_num) || (bn <= limit_num))
-		{
-		return(BN_mul(m,A,B));
-		}
-
-	anum=(an>bn)?an:bn;
-	num=(anum)/2;
-
-	/* Are going to now chop things into 'num' word chunks. */
-	bnum=num*BN_BITS2;
-
-	BN_init(&ahal);
-	BN_init(&blbh);
-	BN_init(&ah);
-	BN_init(&al);
-	BN_init(&bh);
-	BN_init(&bl);
-
-	al.top=num;
-	al.d=A->d;
-	ah.top=A->top-num;
-	ah.d= &(A->d[num]);
-
-	bl.top=num;
-	bl.d=B->d;
-	bh.top=B->top-num;
-	bh.d= &(B->d[num]);
-
-	BN_sub(&ahal,&ah,&al);
-	BN_sub(&blbh,&bl,&bh);
-
-	BN_mm(m,&ahal,&blbh,&(sk[2]));
-	BN_mm(&ahal,&al,&bl,&(sk[2]));
-	BN_mm(&blbh,&ah,&bh,&(sk[2]));
-
-	BN_add(m,m,&ahal);
-	BN_add(m,m,&blbh);
-
-	BN_lshift(m,m,bnum);
-	BN_add(m,m,&ahal);
-
-	BN_lshift(&blbh,&blbh,bnum*2);
-	BN_add(m,m,&blbh);
-
-	m->neg=A->neg^B->neg;
-	return(1);
-	}
-
diff --git a/crypto/bn/old/bn_wmul.c b/crypto/bn/old/bn_wmul.c
deleted file mode 100644
index e3ce107921..0000000000
--- a/crypto/bn/old/bn_wmul.c
+++ /dev/null
@@ -1,181 +0,0 @@
-#include <stdio.h>
-#include "bn_lcl.h"
-
-#if 1
-
-int bn_mull(BIGNUM *r,BIGNUM *a,BIGNUM *b, BN_CTX *ctx);
-
-int bn_mull(r,a,b,ctx)
-BIGNUM *r,*a,*b;
-BN_CTX *ctx;
-	{
-	int top,i,j,k,al,bl;
-	BIGNUM *t;
-
-#ifdef BN_COUNT
-printf("bn_mull %d * %d\n",a->top,b->top);
-#endif
-
-	bn_check_top(a);
-	bn_check_top(b);
-	bn_check_top(r);
-
-	al=a->top;
-	bl=b->top;
-	r->neg=a->neg^b->neg;
-
-	top=al+bl;
-	if ((al < 4) || (bl < 4))
-		{
-		if (bn_wexpand(r,top) == NULL) return(0);
-		r->top=top;
-		bn_mul_normal(r->d,a->d,al,b->d,bl);
-		goto end;
-		}
-	else if (al == bl) /* A good start, they are the same size */
-		goto symetric;
-	else
-		{
-		i=(al-bl);
-		if ((i ==  1) && !BN_get_flags(b,BN_FLG_STATIC_DATA))
-			{
-			bn_wexpand(b,al);
-			b->d[bl]=0;
-			bl++;
-			goto symetric;
-			}
-		else if ((i ==  -1) && !BN_get_flags(a,BN_FLG_STATIC_DATA))
-			{
-			bn_wexpand(a,bl);
-			a->d[al]=0;
-			al++;
-			goto symetric;
-			}
-		}
-
-	/* asymetric and >= 4 */ 
-	if (bn_wexpand(r,top) == NULL) return(0);
-	r->top=top;
-	bn_mul_normal(r->d,a->d,al,b->d,bl);
-
-	if (0)
-		{
-		/* symetric and > 4 */
-symetric:
-		if (al == 4)
-			{
-			if (bn_wexpand(r,al*2) == NULL) return(0);
-			r->top=top;
-			bn_mul_comba4(r->d,a->d,b->d);
-			goto end;
-			}
-		if (al == 8)
-			{
-			if (bn_wexpand(r,al*2) == NULL) return(0);
-			r->top=top;
-			bn_mul_comba8(r->d,a->d,b->d);
-			goto end;
-			}
-		if (al <= BN_MULL_NORMAL_SIZE)
-			{
-			if (bn_wexpand(r,al*2) == NULL) return(0);
-			r->top=top;
-			bn_mul_normal(r->d,a->d,al,b->d,bl);
-			goto end;
-			}
-		/* 16 or larger */
-		j=BN_num_bits_word((BN_ULONG)al);
-		j=1<<(j-1);
-		k=j+j;
-		t= &(ctx->bn[ctx->tos]);
-		if (al == j) /* exact multiple */
-			{
-			bn_wexpand(t,k*2);
-			bn_wexpand(r,k*2);
-			bn_mul_recursive(r->d,a->d,b->d,al,t->d);
-			}
-		else
-			{
-			bn_wexpand(a,k);
-			bn_wexpand(b,k);
-			bn_wexpand(t,k*4);
-			bn_wexpand(r,k*4);
-			for (i=a->top; i<k; i++)
-				a->d[i]=0;
-			for (i=b->top; i<k; i++)
-				b->d[i]=0;
-			bn_mul_part_recursive(r->d,a->d,b->d,al-j,j,t->d);
-			}
-		r->top=top;
-		}
-end:
-	bn_fix_top(r);
-	return(1);
-	}
-#endif
-
-void bn_mul_normal(r,a,na,b,nb)
-BN_ULONG *r,*a;
-int na;
-BN_ULONG *b;
-int nb;
-	{
-	BN_ULONG *rr;
-
-#ifdef BN_COUNT
-printf(" bn_mul_normal %d * %d\n",na,nb);
-#endif
-
-	if (na < nb)
-		{
-		int itmp;
-		BN_ULONG *ltmp;
-
-		itmp=na; na=nb; nb=itmp;
-		ltmp=a;   a=b;   b=ltmp;
-
-		}
-	rr= &(r[na]);
-	rr[0]=bn_mul_words(r,a,na,b[0]);
-
-	for (;;)
-		{
-		if (--nb <= 0) return;
-		rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]);
-		if (--nb <= 0) return;
-		rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]);
-		if (--nb <= 0) return;
-		rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]);
-		if (--nb <= 0) return;
-		rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]);
-		rr+=4;
-		r+=4;
-		b+=4;
-		}
-	}
-
-#if 1
-void bn_mul_low_normal(r,a,b,n)
-BN_ULONG *r,*a,*b;
-int n;
-	{
-#ifdef BN_COUNT
-printf(" bn_mul_low_normal %d * %d\n",n,n);
-#endif
-	bn_mul_words(r,a,n,b[0]);
-
-	for (;;)
-		{
-		if (--n <= 0) return;
-		bn_mul_add_words(&(r[1]),a,n,b[1]);
-		if (--n <= 0) return;
-		bn_mul_add_words(&(r[2]),a,n,b[2]);
-		if (--n <= 0) return;
-		bn_mul_add_words(&(r[3]),a,n,b[3]);
-		if (--n <= 0) return;
-		bn_mul_add_words(&(r[4]),a,n,b[4]);
-		r+=4;
-		b+=4;
-		}
-	}
-#endif
diff --git a/crypto/bn/old/build b/crypto/bn/old/build
deleted file mode 100755
index 8cd99e5f17..0000000000
--- a/crypto/bn/old/build
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh -x
-
-gcc -g -I../../include test.c -L../.. -lcrypto
diff --git a/crypto/bn/old/info b/crypto/bn/old/info
deleted file mode 100644
index 5ac99c3b23..0000000000
--- a/crypto/bn/old/info
+++ /dev/null
@@ -1,22 +0,0 @@
-Given A1A0 * B1B0 == S3S2S1S0
-
-S0=     low(A0*B0)
-S1=     low( (A1-A0)*(B0-B1)) +low( A1*B1) +high(A0*B0)
-S2=     high((A1-A0)*(B0-B1)) +high(A1*B1) +low( A1*B1)
-S3=     high(A1*B1);
-
-Assume we know S1 and S0, and can calulate A1*B1 and high((A1-A0)*(B0-B1))
-
-k0=	S0 == low(A0*B0)
-k1=	S1
-k2=	low( A1*B1)
-k3=	high(A1*B1)
-k4=	high((A1-A0)*(B0-B1))
-
-k1=	low((A1-A0)*(B0-B1)) +k2 +high(A0*B0)
-S2=	k4 +k3 +k2
-S3=	k3
-
-S1-k2= low((A1-A0)*(B0-B1)) +high(A0*B0)
-
-We potentially have a carry or a borrow from S1
diff --git a/crypto/bn/old/test.works b/crypto/bn/old/test.works
deleted file mode 100644
index 127c7b415d..0000000000
--- a/crypto/bn/old/test.works
+++ /dev/null
@@ -1,205 +0,0 @@
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#define SIZE	128
-
-#define BN_MONT_CTX_set		bn_mcs
-#define BN_from_montgomery	bn_fm
-#define BN_mod_mul_montgomery	bn_mmm
-#undef BN_to_montgomery
-#define BN_to_montgomery(r,a,mont,ctx)	bn_mmm(\
-	r,a,(mont)->RR,(mont),ctx)
-
-main()
-	{
-	BIGNUM prime,a,b,r,A,B,R;
-	BN_MONT_CTX *mont;
-	BN_CTX *ctx;
-	int i;
-
-	ctx=BN_CTX_new();
-	BN_init(&prime);
-	BN_init(&a); BN_init(&b); BN_init(&r);
-	BN_init(&A); BN_init(&B); BN_init(&R);
-
-	BN_generate_prime(&prime,SIZE,0,NULL,NULL,NULL,NULL);
-	BN_rand(&A,SIZE,1,0);
-	BN_rand(&B,SIZE,1,0);
-	BN_mod(&A,&A,&prime,ctx);
-	BN_mod(&B,&B,&prime,ctx);
-
-	mont=BN_MONT_CTX_new();
-	BN_MONT_CTX_set(mont,&prime,ctx);
-
-	BN_to_montgomery(&a,&A,mont,ctx);
-	BN_to_montgomery(&b,&B,mont,ctx);
-
-	BN_mul(&r,&a,&b);
-	BN_print_fp(stdout,&r); printf("\n");
-	BN_from_montgomery(&r,&r,mont,ctx);
-	BN_print_fp(stdout,&r); printf("\n");
-	BN_from_montgomery(&r,&r,mont,ctx);
-	BN_print_fp(stdout,&r); printf("\n");
-
-	BN_mod_mul(&R,&A,&B,&prime,ctx);
-
-	BN_print_fp(stdout,&a); printf("\n");
-	BN_print_fp(stdout,&b); printf("\n");
-	BN_print_fp(stdout,&prime); printf("\n");
-	BN_print_fp(stdout,&r); printf("\n\n");
-
-	BN_print_fp(stdout,&A); printf("\n");
-	BN_print_fp(stdout,&B); printf("\n");
-	BN_print_fp(stdout,&prime); printf("\n");
-	BN_print_fp(stdout,&R); printf("\n\n");
-
-	BN_mul(&r,&a,&b);
-	BN_print_fp(stdout,&r); printf(" <- BA*DC\n");
-	BN_copy(&A,&r);
-	i=SIZE/2;
-	BN_mask_bits(&A,i*2);
-//	BN_print_fp(stdout,&A); printf(" <- low(BA*DC)\n");
-	bn_do_lower(&r,&a,&b,&A,i);
-//	BN_print_fp(stdout,&r); printf(" <- low(BA*DC)\n");
-	}
-
-int bn_mul_low(r,a,b,low,i)
-BIGNUM *r,*a,*b,*low;
-int i;
-	{
-	int w;
-	BIGNUM Kh,Km,t1,t2,h,ah,al,bh,bl,l,m,s0,s1;
-
-	BN_init(&Kh); BN_init(&Km); BN_init(&t1); BN_init(&t2); BN_init(&l);
-	BN_init(&ah); BN_init(&al); BN_init(&bh); BN_init(&bl); BN_init(&h);
-	BN_init(&m); BN_init(&s0); BN_init(&s1);
-
-	BN_copy(&al,a); BN_mask_bits(&al,i); BN_rshift(&ah,a,i);
-	BN_copy(&bl,b); BN_mask_bits(&bl,i); BN_rshift(&bh,b,i);
-
-
-	BN_sub(&t1,&al,&ah);
-	BN_sub(&t2,&bh,&bl);
-	BN_mul(&m,&t1,&t2);
-	BN_mul(&h,&ah,&bh);
-
-	BN_copy(&s0,low); BN_mask_bits(&s0,i);
-	BN_rshift(&s1,low,i);
-
-	BN_add(&t1,&h,&m);
-	BN_add(&t1,&t1,&s0);
-
-	BN_copy(&t2,&t1); BN_mask_bits(&t2,i);
-	BN_sub(&t1,&s1,&t2);
-	BN_lshift(&t1,&t1,i);
-	BN_add(&t1,&t1,&s0);
-	if (t1.neg)
-		{
-		BN_lshift(&t2,BN_value_one(),i*2);
-		BN_add(&t1,&t2,&t1);
-		BN_mask_bits(&t1,i*2);
-		}
-	
-	BN_free(&Kh); BN_free(&Km); BN_free(&t1); BN_free(&t2);
-	BN_free(&ah); BN_free(&al); BN_free(&bh); BN_free(&bl);
-	}
-
-int BN_mod_mul_montgomery(r,a,b,mont,ctx)
-BIGNUM *r,*a,*b;
-BN_MONT_CTX *mont;
-BN_CTX *ctx;
-	{
-	BIGNUM *tmp;
-
-        tmp= &(ctx->bn[ctx->tos++]);
-
-	if (a == b)
-		{
-		if (!BN_sqr(tmp,a,ctx)) goto err;
-		}
-	else
-		{
-		if (!BN_mul(tmp,a,b)) goto err;
-		}
-	/* reduce from aRR to aR */
-	if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
-	ctx->tos--;
-	return(1);
-err:
-	return(0);
-	}
-
-int BN_from_montgomery(r,a,mont,ctx)
-BIGNUM *r;
-BIGNUM *a;
-BN_MONT_CTX *mont;
-BN_CTX *ctx;
-	{
-	BIGNUM z1;
-	BIGNUM *t1,*t2;
-	BN_ULONG *ap,*bp,*rp;
-	int j,i,bl,al;
-
-	BN_init(&z1);
-	t1= &(ctx->bn[ctx->tos]);
-	t2= &(ctx->bn[ctx->tos+1]);
-
-	if (!BN_copy(t1,a)) goto err;
-	/* can cheat */
-	BN_mask_bits(t1,mont->ri);
-	if (!BN_mul(t2,t1,mont->Ni)) goto err;
-	BN_mask_bits(t2,mont->ri);
-
-	if (!BN_mul(t1,t2,mont->N)) goto err;
-	if (!BN_add(t2,t1,a)) goto err;
-
-	/* At this point, t2 has the bottom ri bits set to zero.
-	 * This means that the bottom ri bits == the 1^ri minus the bottom
-	 * ri bits of a.
-	 * This means that only the bits above 'ri' in a need to be added,
-	 * and XXXXXXXXXXXXXXXXXXXXXXXX
-	 */
-BN_print_fp(stdout,t2); printf("\n");
-	BN_rshift(r,t2,mont->ri);
-
-	if (BN_ucmp(r,mont->N) >= 0)
-		bn_qsub(r,r,mont->N);
-
-	return(1);
-err:
-	return(0);
-	}
-
-int BN_MONT_CTX_set(mont,mod,ctx)
-BN_MONT_CTX *mont;
-BIGNUM *mod;
-BN_CTX *ctx;
-	{
-	BIGNUM *Ri=NULL,*R=NULL;
-
-	if (mont->RR == NULL) mont->RR=BN_new();
-	if (mont->N == NULL)  mont->N=BN_new();
-
-	R=mont->RR;					/* grab RR as a temp */
-	BN_copy(mont->N,mod);				/* Set N */
-
-	mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
-	BN_lshift(R,BN_value_one(),mont->ri);			/* R */
-	if ((Ri=BN_mod_inverse(NULL,R,mod,ctx)) == NULL) goto err;/* Ri */
-	BN_lshift(Ri,Ri,mont->ri);				/* R*Ri */
-	bn_qsub(Ri,Ri,BN_value_one());				/* R*Ri - 1 */
-	BN_div(Ri,NULL,Ri,mod,ctx);
-	if (mont->Ni != NULL) BN_free(mont->Ni);
-	mont->Ni=Ri;					/* Ni=(R*Ri-1)/N */
-
-	/* setup RR for conversions */
-	BN_lshift(mont->RR,BN_value_one(),mont->ri*2);
-	BN_mod(mont->RR,mont->RR,mont->N,ctx);
-
-	return(1);
-err:
-	return(0);
-	}
-
-
diff --git a/crypto/bn/stuff/bn_knuth.c b/crypto/bn/stuff/bn_knuth.c
deleted file mode 100644
index 9a3f4130ed..0000000000
--- a/crypto/bn/stuff/bn_knuth.c
+++ /dev/null
@@ -1,378 +0,0 @@
-/* crypto/bn/bn_knuth.c */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn.h"
-
-/* This is just a test implementation, it has not been modified for
- * speed and it still has memory leaks. */
-
-int BN_mask_bits(BIGNUM *a,int n);
-
-#undef DEBUG
-#define MAIN
-
-/* r must be different to a and b
- * Toom-Cook multiplication algorithm, taken from
- * The Art Of Computer Programming, Volume 2, Donald Knuth
- */
-
-#define	CODE1		((BIGNUM *)0x01)
-#define	CODE2		((BIGNUM *)0x02)
-#define	CODE3		((BIGNUM *)0x03)
-#define MAXK		(30+1)
-
-#define C3	3
-#define C4	4
-#define C5	5
-#define C6	6
-#define C7	7
-#define C8	8
-#define C9	9
-#define C10	10
-#define DONE	11
-
-int new_total=0;
-int Free_total=0;
-int max=0,max_total=0;
-
-BIGNUM *LBN_new(void );
-BIGNUM *LBN_dup(BIGNUM *a);
-void LBN_free(BIGNUM *a);
-
-int BN_mul_knuth(w, a, b)
-BIGNUM *w;
-BIGNUM *a;
-BIGNUM *b;
-	{
-	int ret=1;
-	int i,j,n,an,bn,y,z;
-	BIGNUM *U[MAXK],*V[MAXK],*T[MAXK];
-	BIGNUM *C[(MAXK*2*3)];
-	BIGNUM *W[(MAXK*2)],*t1,*t2,*t3,*t4;
-	int Utos,Vtos,Ctos,Wtos,Ttos;
-	unsigned int k,Q,R;
-	unsigned int q[MAXK];
-	unsigned int r[MAXK];
-	int state;
-
-	/* C1 */
-	Utos=Vtos=Ctos=Wtos=Ttos=0;
-	k=1;
-	q[0]=q[1]=64;
-	r[0]=r[1]=4;
-	Q=6;
-	R=2;
-
-	if (!bn_expand(w,BN_BITS2*2)) goto err;
-	an=BN_num_bits(a);
-	bn=BN_num_bits(b);
-	n=(an > bn)?an:bn;
-	while ((q[k-1]+q[k]) < n)
-		{
-		k++;
-		Q+=R;
-		i=R+1;
-		if ((i*i) <= Q) R=i;
-		q[k]=(1<<Q);
-		r[k]=(1<<R);
-		}
-#ifdef DEBUG
-	printf("k   =");
-	for (i=0; i<=k; i++) printf("%7d",i);
-	printf("\nq[k]=");
-	for (i=0; i<=k; i++) printf("%7d",q[i]);
-	printf("\nr[k]=");
-	for (i=0; i<=k; i++) printf("%7d",r[i]);
-	printf("\n");
-#endif
-
-	/* C2 */
-	C[Ctos++]=CODE1;
-	if ((t1=LBN_dup(a)) == NULL) goto err;
-	C[Ctos++]=t1;
-	if ((t1=LBN_dup(b)) == NULL) goto err;
-	C[Ctos++]=t1;
-
-	state=C3;
-	for (;;)
-		{
-#ifdef DEBUG
-		printf("state=C%d, Ctos=%d Wtos=%d\n",state,Ctos,Wtos);
-#endif
-		switch (state)
-			{
-			int lr,lq,lp;
-		case C3:
-			k--;
-			if (k == 0)
-				{
-				t1=C[--Ctos];
-				t2=C[--Ctos];
-#ifdef DEBUG
-				printf("Ctos=%d poped %d\n",Ctos,2);
-#endif
-				if ((t2->top == 0) || (t1->top == 0))
-					w->top=0;
-				else
-					BN_mul(w,t1,t2);
-
-				LBN_free(t1); /* FREE */
-				LBN_free(t2); /* FREE */
-				state=C10;
-				}
-			else
-				{
-				lr=r[k];
-				lq=q[k];
-				lp=q[k-1]+q[k];
-				state=C4;
-				}
-			break;
-		case C4:
-			for (z=0; z<2; z++) /* do for u and v */
-				{
-				/* break the item at C[Ctos-1] 
-				 * into lr+1 parts of lq bits each
-				 * for j=0; j<=2r; j++
-				 */
-				t1=C[--Ctos]; /* pop off u */
-#ifdef DEBUG
-				printf("Ctos=%d poped %d\n",Ctos,1);
-#endif
-				if ((t2=LBN_dup(t1)) == NULL) goto err;
-				BN_mask_bits(t2,lq);
-				T[Ttos++]=t2;
-#ifdef DEBUG
-				printf("C4 r=0 bits=%d\n",BN_num_bits(t2));
-#endif
-				for (i=1; i<=lr; i++)
-					{
-					if (!BN_rshift(t1,t1,lq)) goto err;
-					if ((t2=LBN_dup(t1)) == NULL) goto err;
-					BN_mask_bits(t2,lq);
-					T[Ttos++]=t2;
-#ifdef DEBUG
-					printf("C4 r=%d bits=%d\n",i,
-						BN_num_bits(t2));
-#endif
-					}
-				LBN_free(t1);
-
-				if ((t2=LBN_new()) == NULL) goto err;
-				if ((t3=LBN_new()) == NULL) goto err;
-				for (j=0; j<=2*lr; j++)
-					{
-					if ((t1=LBN_new()) == NULL) goto err;
-
-					if (!BN_set_word(t3,j)) goto err;
-					for (i=lr; i>=0; i--)
-						{
-						if (!BN_mul(t2,t1,t3)) goto err;
-						if (!BN_add(t1,t2,T[i])) goto err;
-						}
-					/* t1 is U(j) */
-					if (z == 0)
-						U[Utos++]=t1;
-					else
-						V[Vtos++]=t1;
-					}
-				LBN_free(t2);
-				LBN_free(t3);
-				while (Ttos) LBN_free(T[--Ttos]);
-				}
-#ifdef DEBUG
-			for (i=0; i<Utos; i++)
-				printf("U[%2d]=%4d bits\n",i,BN_num_bits(U[i]));
-			for (i=0; i<Vtos; i++)
-				printf("V[%2d]=%4d bits\n",i,BN_num_bits(V[i]));
-#endif
-			/* C5 */
-#ifdef DEBUG
-			printf("PUSH CODE2 and %d CODE3 onto stack\n",2*lr);
-#endif
-			C[Ctos++]=CODE2;
-			for (i=2*lr; i>0; i--)
-				{
-				C[Ctos++]=V[i];
-				C[Ctos++]=U[i];
-				C[Ctos++]=CODE3;
-				}
-			C[Ctos++]=V[0];
-			C[Ctos++]=U[0];
-#ifdef DEBUG
-				printf("Ctos=%d pushed %d\n",Ctos,2*lr*3+3);
-#endif
-			Vtos=Utos=0;
-			state=C3;
-			break;
-		case C6:
-			if ((t1=LBN_dup(w)) == NULL) goto err;
-			W[Wtos++]=t1;
-#ifdef DEBUG
-			printf("put %d bit number onto w\n",BN_num_bits(t1));
-#endif
-			state=C3;
-			break;
-		case C7:
-			lr=r[k];
-			lq=q[k];
-			lp=q[k]+q[k-1];
-			z=Wtos-2*lr-1;
-			for (j=1; j<=2*lr; j++)
-				{
-				for (i=2*lr; i>=j; i--)
-					{
-					if (!BN_sub(W[z+i],W[z+i],W[z+i-1])) goto err;
-					BN_div_word(W[z+i],j);
-					}
-				}
-			state=C8;
-			break;
-		case C8:
-			y=2*lr-1;
-			if ((t1=LBN_new()) == NULL) goto err;
-			if ((t3=LBN_new()) == NULL) goto err;
-
-			for (j=y; j>0; j--)
-				{
-				if (!BN_set_word(t3,j)) goto err;
-				for (i=j; i<=y; i++)
-					{
-					if (!BN_mul(t1,W[z+i+1],t3)) goto err;
-					if (!BN_sub(W[z+i],W[z+i],t1)) goto err;
-					}
-				}
-			LBN_free(t1);
-			LBN_free(t3);
-			state=C9;
-			break;
-		case C9:
-			BN_zero(w);
-#ifdef DEBUG
-			printf("lq=%d\n",lq);
-#endif
-			for (i=lr*2; i>=0; i--)
-				{
-				BN_lshift(w,w,lq);
-				BN_add(w,w,W[z+i]);
-				}
-			for (i=0; i<=lr*2; i++)
-				LBN_free(W[--Wtos]);
-			state=C10;
-			break;
-		case C10:
-			k++;
-			t1=C[--Ctos];
-#ifdef DEBUG
-			printf("Ctos=%d poped %d\n",Ctos,1);
-			printf("code= CODE%d\n",t1);
-#endif
-			if (t1 == CODE3)
-				state=C6;
-			else if (t1 == CODE2)
-				{
-				if ((t2=LBN_dup(w)) == NULL) goto err;
-				W[Wtos++]=t2;
-				state=C7;
-				}
-			else if (t1 == CODE1)
-				{
-				state=DONE;
-				}
-			else
-				{
-				printf("BAD ERROR\n");
-				goto err;
-				}
-			break;
-		default:
-			printf("bad state\n");
-			goto err;
-			break;
-			}
-		if (state == DONE) break;
-		}
-	ret=1;
-err:
-	if (ret == 0) printf("ERROR\n");
-	return(ret);
-	}
-
-#ifdef MAIN
-main()
-	{
-	BIGNUM *a,*b,*r;
-	int i;
-
-	if ((a=LBN_new()) == NULL) goto err;
-	if ((b=LBN_new()) == NULL) goto err;
-	if ((r=LBN_new()) == NULL) goto err;
-
-	if (!BN_rand(a,1024*2,0,0)) goto err;
-	if (!BN_rand(b,1024*2,0,0)) goto err;
-
-	for (i=0; i<10; i++)
-		{
-		if (!BN_mul_knuth(r,a,b)) goto err; /**/
-		/*if (!BN_mul(r,a,b)) goto err; /**/
-		}
-BN_print(stdout,a); printf(" * ");
-BN_print(stdout,b); printf(" =\n");
-BN_print(stdout,r); printf("\n");
-
-printf("BN_new() =%d\nBN_free()=%d max=%d\n",new_total,Free_total,max);
-
-
-	exit(0);
-err:
-	ERR_load_crypto_strings();
-	ERR_print_errors(stderr);
-	exit(1);
-	}
-#endif
-
-int BN_mask_bits(a,n)
-BIGNUM *a;
-int n;
-	{
-	int b,w;
-
-	w=n/BN_BITS2;
-	b=n%BN_BITS2;
-	if (w >= a->top) return(0);
-	if (b == 0)
-		a->top=w;
-	else
-		{
-		a->top=w+1;
-		a->d[w]&= ~(BN_MASK2<<b);
-		}
-	return(1);
-	}
-
-BIGNUM *LBN_dup(a)
-BIGNUM *a;
-	{
-	new_total++;
-	max_total++;
-	if (max_total > max) max=max_total;
-	return(BN_dup(a));
-	}
-
-BIGNUM *LBN_new()
-	{
-	new_total++;
-	max_total++;
-	if (max_total > max) max=max_total;
-	return(BN_new());
-	}
-
-void LBN_free(a)
-BIGNUM *a;
-	{
-	max_total--;
-	if (max_total > max) max=max_total;
-	Free_total++;
-	BN_free(a);
-	}
diff --git a/crypto/bn/stuff/div.c b/crypto/bn/stuff/div.c
deleted file mode 100644
index 3d6e08622d..0000000000
--- a/crypto/bn/stuff/div.c
+++ /dev/null
@@ -1,340 +0,0 @@
-/* crypto/bn/div.c */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn.h"
-
-BN_ULONG bn_div_2word();
-
-int BN_div2(dv, rm, num, div,ctx)
-BIGNUM *dv;
-BIGNUM *rm;
-BIGNUM *num;
-BIGNUM *div;
-BN_CTX *ctx;
-	{
-	int norm_shift,i,j,nm,nd,loop;
-	BIGNUM *tmp,wnum,*snum,*sdiv,*res;
-	BN_ULONG *resp,*wnump;
-	BN_ULONG d0,d1;
-	int num_n,div_n;
-
-#ifdef DEBUG
-BN_print(stdout,num); printf(" number\n");
-BN_print(stdout,div); printf(" divisor\n");
-#endif
-	if (BN_is_zero(num))
-		{
-		BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
-		return(0);
-		}
-
-	if (BN_cmp(num,div) < 0)
-		{
-		if (rm != NULL)
-			{ if (BN_copy(rm,num) == NULL) return(0); }
-		if (dv != NULL) BN_zero(dv);
-		return(1);
-		}
-
-	tmp=ctx->bn[ctx->tos]; 
-	snum=ctx->bn[ctx->tos+1];
-	sdiv=ctx->bn[ctx->tos+2];
-	if (dv == NULL)
-		res=ctx->bn[ctx->tos+3];
-	else	res=dv;
-
-	/* First we normalise the numbers */
-	norm_shift=BN_BITS2-((BN_num_bits(div))%BN_BITS2);
-	BN_lshift(sdiv,div,norm_shift);
-	norm_shift+=BN_BITS2;
-	BN_lshift(snum,num,norm_shift);
-	div_n=sdiv->top;
-	num_n=snum->top;
-	loop=num_n-div_n;
-#ifdef DEBUG
-BN_print(stdout,snum); printf(" shifted num, forget last word\n");
-BN_print(stdout,sdiv); printf(" shifted div\n");
-#endif
-
-	/* Lets setup a 'win'dow into snum
-	 * This is the part that corresponds to the current
-	 * 'area' being divided */
-	wnum.d=	 &(snum->d[loop]);
-	wnum.top= div_n;
-	wnum.max= snum->max; /* a bit of a lie */
-	wnum.neg= 0;
-
-	/* Get the top 2 words of sdiv */
-	i=sdiv->top;
-	d0=sdiv->d[div_n-1];
-	d1=sdiv->d[div_n-2];
-
-	/* pointer to the 'top' of snum */
-	wnump= &(snum->d[num_n-1]);
-
-	/* Setup to 'res' */
-	res->neg=0;
-	res->top=loop;
-	resp= &(res->d[loop-1]);
-	bn_expand(res,(loop+1)*BN_BITS2);
-
-	/* space for temp */
-	bn_expand(tmp,(div_n+1)*BN_BITS2);
-
-#ifdef DEBUG
-printf("wnum="); BN_print(stdout,&wnum); printf(" initial sub check\n");
-printf("div ="); BN_print(stdout,sdiv); printf(" loop=%d\n",loop);
-#endif
-	if (BN_cmp(&wnum,sdiv) >= 0)
-		{
-		BN_sub(&wnum,&wnum,sdiv);
-		*resp=1;
-		res->d[res->top-1]=1;
-		}
-	else
-		res->top--;
-	resp--;
-#ifdef DEBUG
-BN_print(stdout,res); printf(" initial result\n");
-BN_print(stdout,&wnum); printf(" wnum\n");
-#endif
-
-	for (i=0; i<loop-1; i++)
-		{
-		BN_ULONG q,n0;
-		BN_ULLONG t1,t2,t3;
-		BN_ULONG l0;
-
-		wnum.d--;
-		wnum.top++;
-
-#ifdef DEBUG
-BN_print(stderr,&wnum); printf(" to divide\n");
-#endif
-
-		q=0;
-		n0=wnump[0];
-		t1=((BN_ULLONG)n0<<BN_BITS2)|wnump[-1];
-		if (n0 == d0)
-			q=BN_MASK2;
-		else
-			{
-			t2=(t1/d0);
-			q=(t2&BN_MASK2);
-#ifdef DEBUG
-printf("t1=%08X / d0=%08X = %X (%X)\n",t1,d0,q,t2);
-#endif
-			}
-		for (;;)
-			{
-			t2=(BN_ULLONG)d1*q;
-			t3=t1-(BN_ULLONG)q*d0;
-#ifdef DEBUG
-printf("d1*q= %X    n01-q*d0 = %X\n",t2,t3);
-#endif
-			if ((t3>>BN_BITS2) ||
-				(t2 <= ((t3<<BN_BITS2)+wnump[-2])))
-				break;
-#ifdef DEBUG
-printf("reduce q\n");
-#endif
-			q--;
-			}
-		l0=bn_mul_word(tmp->d,sdiv->d,div_n,q);
-		if (l0)
-			tmp->d[div_n]=l0;
-		else
-			tmp->d[div_n]=0;
-		for (j=div_n+1; j>0; j--)
-			if (tmp->d[j-1]) break;
-		tmp->top=j;
-
-#ifdef DEBUG
-printf("q=%08X\n",q);
-BN_print(stdout,&wnum); printf(" number\n");
-BN_print(stdout,tmp); printf(" subtract\n");
-
-BN_print(stdout,snum); printf(" shifted number before\n");
-BN_print(stdout,&wnum); printf(" wnum before\n");
-#endif
-		j=wnum.top;
-		BN_sub(&wnum,&wnum,tmp);
-		snum->top=snum->top+wnum.top-j;
-
-#ifdef DEBUG
-BN_print(stdout,&wnum); printf(" wnum after\n");
-BN_print(stdout,snum); printf(" shifted number after\n");
-#endif
-
-		if (wnum.neg)
-			{
-			q--;
-			j=wnum.top;
-			BN_add(&wnum,&wnum,sdiv);
-			snum->top+=wnum.top-j;
-			fprintf(stderr,"addback\n");
-#ifdef DEBUG
-BN_print(stdout,snum); printf("after addback************************:\n");
-#endif
-			}
-		*(resp--)=q;
-#ifdef DEBUG
-BN_print(stdout,res); printf(" result\n");
-#endif
-		wnump--;
-		}
-	if (rm != NULL)
-		BN_rshift(rm,snum,norm_shift);
-	return(1);
-	}
-
-main()
-	{
-	BIGNUM *a,*b,*c,*d;
-	BIGNUM *cc,*dd;
-	BN_CTX *ctx;
-	int i,x;
-
-	a=BN_new();
-	b=BN_new();
-	c=BN_new();
-	d=BN_new();
-	cc=BN_new();
-	dd=BN_new();
-	ctx=BN_CTX_new();
-
-for (i=0; i<10240; i++)
-	{
-	BN_rand(a,80,0,0);
-	BN_rand(b,60,0,0);
-	
-	BN_div2(d,c,a,b,ctx);
-	BN_div(dd,cc,a,b,ctx);
-	if ((BN_cmp(d,dd) != 0) || (BN_cmp(c,cc) != 0))
-		{
-		BN_print(stderr,a); fprintf(stderr," / ");
-		BN_print(stderr,b); fprintf(stderr," d=");
-		BN_print(stderr,d); fprintf(stderr," r= ");
-		BN_print(stderr,c); fprintf(stderr,"\nd=");
-		BN_print(stderr,dd); fprintf(stderr," r= ");
-		BN_print(stderr,cc); fprintf(stderr,"\n");
-		}
-
-	}
-
-#ifdef undef
-/*
-	BN_rand(a,600,0,0);
-	BN_rand(b,400,0,0);
-	for (i=0; i<2000000; i++)
-		{
-		BN_div2(d,c,a,b,ctx);
-		}
-*/
-/*	for (i=0;;) */
-/*	for (i=0; i<0xffffffff; i++)
-		{
-		BN_ULONG rr,r,a,b,c;
-		BN_ULLONG l;
-
-		a=rand()&BN_MASK2;
-		b=rand()&BN_MASK2;
-		for (;;)
-			{
-			c=rand()&BN_MASK2;
-			if (c) break;
-			}
-/*		for (x=1; x<256*256; x++) */
-			{
-			c=x;
-			a=i>>8;
-			b=i&0xff;
-			a&= ~(0xFFFFFF<<(BN_num_bits_word(c)));
-
-			r=bn_div_2word(a,b,c);
-
-			rr=(BN_ULONG)((((BN_ULLONG)a<<BN_BITS2)|b)/c);
-
-			if ((i & 0xfffff) == 0) fprintf(stderr,"%d\n",i,r,rr); 
-/*if (x == 255)
-	fprintf(stderr,"%6d/%3d = %4d %4d\n",(a<<8)|b,c,r,rr); */
-			if (rr != r)
-				{
-				fprintf(stderr,"%8d %02X%02X / %02X = %02X %02X\n",
-					i,a,b,c,rr,r);
-				abort();
-				}
-			}
-		}
-#endif
-	}
-
-/* Divide h-l by d and return the result. */
-BN_ULONG bn_div_2word(l,h,d)
-BN_ULONG l,h,d;
-	{
-	BN_ULONG dh,dl,q,ret=0,th,tl,t,top;
-	int i,count=2;
-
-	if (d == 0) return(-1);
-
-	i=BN_num_bits_word(d);
-	if ((i != BN_BITS2) && (h > 1<<i))
-		{
-		fprintf(stderr,"Division would overflow\n");
-		abort();
-		}
-	i=BN_BITS2-i;
-	if (h >= d) h-=d;
-
-	if (i)
-		{
-		d<<=i;
-		h=(h<<i)|(l>>(BN_BITS2-i));
-		l<<=i;
-		}
-	dh=(d&BN_MASK2h)>>BN_BITS4;
-	dl=(d&BN_MASK2l);
-	for (;;)
-		{
-		if ((h>>BN_BITS4) == dh)
-			q=BN_MASK2l;
-		else
-			q=h/dh;
-
-		for (;;)
-			{
-			t=(h-q*dh);
-			if ((t&BN_MASK2h) ||
-				((dl*q) <= (
-					(t<<BN_BITS4)+
-					((l&BN_MASK2h)>>BN_BITS4))))
-				break;
-			q--;
-			}
-		th=q*dh;
-		tl=q*dl;
-		t=(tl>>BN_BITS4);
-		tl=(tl<<BN_BITS4)&BN_MASK2h;
-		th+=t;
-
-		if (l < tl) th++;
-		l-=tl;
-		if (h < th)
-			{
-			fprintf(stderr,"add back\n");
-			h+=d;
-			q--;
-			}
-		h-=th;
-
-		if (--count == 0) break;
-
-		ret=q<<BN_BITS4;
-		h=((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2;
-		l=(l&BN_MASK2l)<<BN_BITS4;
-		}
-	ret|=q;
-	return(ret);
-	}
diff --git a/crypto/bn/stuff/mont.doc b/crypto/bn/stuff/mont.doc
deleted file mode 100644
index 55d1d79312..0000000000
--- a/crypto/bn/stuff/mont.doc
+++ /dev/null
@@ -1,17 +0,0 @@
-All numbers (a) are stored aR mod N (except abRR)
-
-RR = REDC(R*R)	/* RR mod N */
-
-
-convert a -> aR
-convert b -> bR
-
-	{
-	abRR = aR * bR
-	abR = REDC(abRR); /* mod N */
-	}
-
-ab = REDC(abR);   /* mod N */
-
-
-REDC strips off a multiplicaion by R mod N
diff --git a/crypto/bn/stuff/wei_mulw.c b/crypto/bn/stuff/wei_mulw.c
deleted file mode 100644
index 7f8a1e58fe..0000000000
--- a/crypto/bn/stuff/wei_mulw.c
+++ /dev/null
@@ -1,410 +0,0 @@
-/* crypto/bn/wei_mulw.c */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn.h"
-#include "bn_lcl.h"
-
-BN_ULONG bn_add_word(BN_ULONG *a,BN_ULONG c,int num);
-BN_ULONG bn_add_words(BN_ULONG *ret,BN_ULONG *a,BN_ULONG *b,int num);
-BN_ULONG bn_sub_words(BN_ULONG *ret,BN_ULONG *a,BN_ULONG *b,int num);
-
-void BN_mul_4words(BN_ULONG *ret,BN_ULONG a0,BN_ULONG a1,
-	BN_ULONG b0,BN_ULONG b1);
-
-void pr(a,n,s)
-BN_ULONG *a;
-int n;
-	{
-	while (n--)
-		fprintf(stdout,"%02X",a[n]);
-	fprintf(stdout,"%s",s);
-	}
-
-
-BN_ULONG bn_add_word(a,w,num)
-BN_ULONG *a;
-BN_ULONG w;
-int num;
-	{
-	BN_ULONG t;
-
-#ifdef DEBUG
-{ BN_ULONG *aa=a; int i; for (i=num; i>0; i--) fprintf(stdout,"%02X",aa[i-1]);
-fprintf(stdout," + %X - ",w); i=num;
-#endif
-	
-loop:
-	t= *a;
-	t=(t+w)&BN_MASK2;
-	*(a++)=t;
-	w=(t < w);
-	if (w && --num) goto loop;
-
-#ifdef DEBUG
-for (; i>0; i--) fprintf(stdout,"%02X",aa[i-1]);
-fprintf(stdout,"\n");
-}
-#endif
-
-	return(w);
-	}
-
-BN_ULONG bn_add_words(r,a,b,num)
-BN_ULONG *r;
-BN_ULONG *a;
-BN_ULONG *b;
-int num;
-	{
-#if defined(BN_LLONG)
-	BN_ULLONG t;
-	BN_ULONG c=0;
-	int i;
-
-	if (num&1) abort();
-
-	for (i=0; i<num; i+=2)
-		{
-		t=(BN_ULLONG)a[i]+b[i]+c;
-		r[i+0]=L(t);
-		t=(BN_ULLONG) H(t)+a[i+1]+b[i+1];
-		r[i+1]=L(t);
-		c=H(t);
-		}
-	return(c);
-#else
-	BN_ULONG c=0,t1,t2;
-
-	for ( ; num; num--)
-		{
-		t1= *(a++);
-		t2= *(b++);
-
-		if (c)
-			{
-			c=(t2 >= ((~t1)&BN_MASK2));
-			(*r++)=(t1+t2+1)&BN_MASK2;
-			}
-		else
-			{
-			t2=(t1+t2)&BN_MASK2;
-			c=(t2 < t1);
-			(*r++)=t2;
-			}
-		}
-	return(c);
-#endif
-	}
-
-BN_ULONG bn_sub_words(r,a,b,num)
-BN_ULONG *r;
-BN_ULONG *a;
-BN_ULONG *b;
-int num;
-	{
-#if defined(BN_LLONG)
-	BN_ULLONG t;
-	BN_ULONG c=0;
-	int i;
-
-	if (num&1) abort();
-
-	for (i=0; i<num; i+=2)
-		{
-		t=(BN_ULLONG)a[i]-b[i]-c;
-		r[i+0]=L(t);
-		t=(BN_ULLONG)a[i+1]-b[i+1]-(0-H(t))&BN_MASK2;
-		r[i+1]=L(t);
-		c=H(t);
-		}
-	return(c);
-#else
-	BN_ULONG c=0,t1,t2;
-
-	for ( ; num; num--)
-		{
-		t1= *(a++);
-		t2= *(b++);
-
-		if (c)
-			{
-			c=(t1 <= t2);
-			t1=(t1-t2-1);
-			}
-		else
-			{
-			c=(t1 < t2);
-			t1=(t1-t2);
-			}
-		(*r++)=t1&BN_MASK2;
-		}
-	return(c);
-#endif
-	}
-
-
-/* ret[3,2,1,0] = a1,a0 * b1,b0 */
-void BN_mul_4words(ret,a0,a1,b0,b1)
-BN_ULONG *ret;
-BN_ULONG a0,a1,b0,b1;
-	{
-	BN_ULONG s,u;
-	BN_ULLONG fix,a0b0,a1b1,tmp;
-
-	if (a1 >= a0)
-		{
-		s=(a1-a0);
-		u=(b0-b1);
-		fix=(BN_ULLONG)s*u;
-		if (b0 >= b1) s=0;
-		}
-	else
-		{
-		BN_ULONG u;
-
-		if (b0 > b1)
-			{
-			s=(b0-b1);
-			u=(a1-a0);
-			fix=(BN_ULLONG)s*u;
-			}
-		else
-			{
-			u=(a0-a1);
-			s=(b1-b0);
-			fix=(BN_ULLONG)s*u;
-			s=0;
-			}
-		}
-	
-	a0b0=(BN_ULLONG)a0*b0;
-	ret[0]=L(a0b0);
-
-	a1b1=(BN_ULLONG)a1*b1;
-	tmp=(BN_ULLONG) H(a0b0) + L(a0b0) + L(fix) + L(a1b1);
-	ret[1]=L(tmp);
-
-	tmp=(BN_ULLONG) a1b1 + H(tmp) + H(a0b0) + H(fix) + H(a1b1) - s;
-	ret[2]=L(tmp);
-	ret[3]=H(tmp);
-	}
-
-/* ret[3,2,1,0] += a1,a0 * b1,b0 */
-BN_ULONG BN_mul_add_4words(ret,a0,a1,b0,b1)
-BN_ULONG *ret;
-BN_ULONG a0,a1,b0,b1;
-	{
-	BN_ULONG s,u;
-	BN_ULLONG fix,a0b0,a1b1,tmp;
-
-#ifdef DEBUG
-fprintf(stdout,"%02X%02X%02X%02X",ret[3],ret[2],ret[1],ret[0]);
-fprintf(stdout," + ( %02X%02X * %02X%02X ) - ",a1,a0,b1,b0);
-#endif
-	if (a1 >= a0)
-		{
-		s=(a1-a0);
-		u=(b0-b1);
-		fix=(BN_ULLONG)s*u;
-		if (b0 >= b1) s=0;
-		}
-	else
-		{
-		if (b0 > b1)
-			{
-			s=(b0-b1);
-			u=(a1-a0);
-			fix=(BN_ULLONG)s*u;
-			}
-		else
-			{
-			u=(a0-a1);
-			s=(b1-b0);
-			fix=(BN_ULLONG)s*u;
-			s=0;
-			}
-		}
-	
-	a0b0=(BN_ULLONG)a0*b0;
-	tmp=a0b0+ret[0];
-	ret[0]=L(tmp);
-
-	a1b1=(BN_ULLONG)a1*b1;
-	tmp=(BN_ULLONG) H(tmp) + L(a0b0) + L(fix) + L(a1b1) + ret[1];
-	ret[1]=L(tmp);
-
-	tmp=(BN_ULLONG) H(tmp) + L(a1b1) + H(a0b0) +
-		H(fix) + H(a1b1) -s + ret[2];
-	ret[2]=L(tmp);
-
-	tmp=(BN_ULLONG) H(tmp) + H(a1b1) + ret[3];
-	ret[3]=L(tmp);
-#ifdef DEBUG
-fprintf(stdout,"%02X%02X%02X%02X%02X\n",H(tmp),ret[3],ret[2],ret[1],ret[0]);
-#endif
-	return(H(tmp));
-	}
-
-/* ret[3,2,1,0] += a1,a0 * a1,a0 */
-void BN_sqr_4words(ret,a0,a1)
-BN_ULONG *ret;
-BN_ULONG a0,a1;
-	{
-	BN_ULONG s,u;
-	BN_ULLONG tmp,tmp2;
-
-	tmp=(BN_ULLONG)a0*a0;
-	ret[0]=L(tmp);
-
-	tmp2=(BN_ULLONG)a0*a1;
-	tmp=(BN_ULLONG)H(tmp)+L(tmp2)*2;
-	ret[1]=L(tmp);
-
-	tmp=(BN_ULLONG)a1*a1+H(tmp)+H(tmp2)*2;
-	ret[2]=L(tmp);
-	ret[3]=L(tmp);
-	}
-
-#define N0	(0)
-#define N1	(half)
-#define N2	(num)
-#define N3	(num+half)
-
-#define word_cmp(r,a,b,num) \
-	{ \
-	int n=num; \
-\
-	(r)=0; \
-	while (n--) \
-		{ \
-		if ((a)[(n)] > (b)[(n)]) \
-			{ (r)=1; break; } \
-		else if ((a)[(n)] < (b)[(n)]) \
-			{ (r)= -1; break; } \
-		} \
-	}
-
-
-/* (a->top == b->top) && (a->top >= 2) && !(a->top & 1) */
-void bn_recursize_mul(r,t,a,b,num)
-BN_ULONG *r,*t,*a,*b;
-int num;
-	{
-	if ((num < 2) || (num&1))
-		abort();
-
-/* fprintf(stderr,"num=%d half=%d\n",num,num/2);*/
-	if (num == 2)
-		BN_mul_4words(r,a[0],a[1],b[0],b[1]);
-	else if (num == 4)
-		{
-		BN_ULONG c,tmp;
-
-		BN_mul_4words(&(r[0]),a[0],a[1],b[0],b[1]);
-		BN_mul_4words(&(r[4]),a[2],a[3],b[2],b[3]);
-
-		c =BN_mul_add_4words(&(r[2]),a[0],a[1],b[2],b[3]);
-		c+=BN_mul_add_4words(&(r[2]),a[2],a[3],b[0],b[1]);
-
-		bn_add_word(&(r[6]),c,2);
-		}
-	else
-		{
-		int half=num/2;
-		int carry,cmp_a,cmp_b;
-
-		word_cmp(cmp_a,&(a[0]),&(a[half]),half);
-		word_cmp(cmp_b,&(b[0]),&(b[half]),half);
-
-		switch (cmp_a*2+cmp_a+cmp_b)
-			{
-		case -4:
-			bn_sub_words(&(t[N0]),&(a[N1]),&(a[N0]),half);
-			bn_sub_words(&(t[N1]),&(b[N0]),&(b[N1]),half);
-			bn_recursize_mul(&(r[N1]),&(t[N2]),
-				&(t[N0]),&(t[N1]),half);
-			bn_sub_words(&(r[N2]),&(r[N2]),&(t[N0]),half);
-			carry= -1;
-			break;
-		case -2:
-			bn_sub_words(&(t[N0]),&(a[N1]),&(a[N0]),half);
-			bn_sub_words(&(t[N1]),&(b[N0]),&(b[N1]),half);
-			bn_recursize_mul(&(r[N1]),&(t[N2]),
-				&(t[N0]),&(t[N1]),half);
-			carry=0;
-			break;
-		case 2:
-			bn_sub_words(&(t[N0]),&(a[N0]),&(a[N1]),half);
-			bn_sub_words(&(t[N1]),&(b[N1]),&(b[N0]),half);
-			bn_recursize_mul(&(r[N1]),&(t[N2]),
-				&(t[N0]),&(t[N1]),half);
-			carry=0;
-			break;
-		case 4:
-			bn_sub_words(&(t[N0]),&(a[N1]),&(a[N0]),half);
-			bn_sub_words(&(t[N1]),&(b[N0]),&(b[N1]),half);
-			bn_recursize_mul(&(r[N1]),&(t[N2]),
-				&(t[N0]),&(t[N1]),half);
-			bn_sub_words(&(r[N2]),&(r[N2]),&(t[N1]),half);
-			carry= -1;
-			break;
-		default:
-			memset(&(r[N1]),0,sizeof(BN_ULONG)*num);
-			break;
-			}
-		
-		bn_recursize_mul(&(t[N0]),&(t[N2]),&(a[N0]),&(b[N0]),half);
-#ifdef DEBUG
-	pr(a,half," * ");
-	pr(b,half," - ");
-	pr(t,num," - 0\n");
-#endif
-		memcpy(&(r[N0]),&(t[N0]),half*sizeof(BN_ULONG));
-		if (bn_add_words(&(r[N1]),&(r[N1]),&(t[N1]),half))
-			{ bn_add_word(&(t[N1]),1,half); }
-
-		carry+=bn_add_words(&(r[N1]),&(r[N1]),&(t[N0]),num);
-
-		bn_recursize_mul(&(t[N0]),&(t[N2]),&(a[N1]),&(b[N1]),half);
-
-		carry+=bn_add_words(&(r[N1]),&(r[N1]),&(t[N0]),num);
-		carry+=bn_add_words(&(r[N2]),&(r[N2]),&(t[N0]),half);
-		memcpy(&(r[N3]),&(t[N1]),half*sizeof(BN_ULONG));
-
-		bn_add_word(&(r[N3]),carry,half);
-		}
-	}
-
-main()
-	{
-	BIGNUM *a,*b,*r,*t;
-	int i,j;
-
-	a=BN_new();
-	b=BN_new();
-	r=BN_new();
-	t=BN_new();
-
-#define BITS 1024
-	bn_expand(r,BITS*2);
-	bn_expand(t,BITS*2);
-	fprintf(stdout,"obase=16\n");
-	fprintf(stdout,"ibase=16\n");
-	for (i=0; i<10; i++)
-		{
-		BN_rand(a,BITS,0,0);
-		BN_rand(b,BITS,0,0);
-		r->top=(BITS*2)/BN_BITS2;
-		memset(r->d,0,sizeof(r->top)*sizeof(BN_ULONG));
-		memset(t->d,0,sizeof(r->top)*sizeof(BN_ULONG));
-		for (j=0; j<1000; j++)
-			{
-
-/*			BN_mul(r,a,b); /**/
-			bn_recursize_mul(r->d,t->d,a->d,b->d,a->top); /**/
-			}
-		BN_print(stdout,a); fprintf(stdout," * ");
-		BN_print(stdout,b); fprintf(stdout," - ");
-		BN_print(stdout,r); fprintf(stdout,"\n");
-		}
-	}
diff --git a/crypto/bn/test.c b/crypto/bn/test.c
deleted file mode 100644
index e23f21583f..0000000000
--- a/crypto/bn/test.c
+++ /dev/null
@@ -1,252 +0,0 @@
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn_lcl.h"
-
-#define SIZE	32
-
-#define BN_MONT_CTX_set		bn_mcs
-#define BN_from_montgomery	bn_fm
-#define BN_mod_mul_montgomery	bn_mmm
-#undef BN_to_montgomery
-#define BN_to_montgomery(r,a,mont,ctx)	bn_mmm(\
-	r,a,(mont)->RR,(mont),ctx)
-
-main()
-	{
-	BIGNUM prime,a,b,r,A,B,R;
-	BN_MONT_CTX *mont;
-	BN_CTX *ctx;
-	int i;
-
-	ctx=BN_CTX_new();
-	BN_init(&prime);
-	BN_init(&a); BN_init(&b); BN_init(&r);
-	BN_init(&A); BN_init(&B); BN_init(&R);
-
-	BN_generate_prime(&prime,SIZE,0,NULL,NULL,NULL,NULL);
-	BN_rand(&A,SIZE,1,0);
-	BN_rand(&B,SIZE,1,0);
-	BN_mod(&A,&A,&prime,ctx);
-	BN_mod(&B,&B,&prime,ctx);
-
-	i=A.top;
-	BN_mul(&R,&A,&B,ctx);
-	BN_mask_bits(&R,i*BN_BITS2);
-
-
-	BN_print_fp(stdout,&A); printf(" <- a\n");
-	BN_print_fp(stdout,&B); printf(" <- b\n");
-	BN_mul_high(&r,&A,&B,&R,i);
-	BN_print_fp(stdout,&r); printf(" <- high(BA*DC)\n");
-
-	BN_mask_bits(&A,i*32);
-	BN_mask_bits(&B,i*32);
-
-	BN_mul(&R,&A,&B);
-	BN_rshift(&R,&R,i*32);
-	BN_print_fp(stdout,&R); printf(" <- norm BA*DC\n");
-	BN_sub(&R,&R,&r);
-	BN_print_fp(stdout,&R); printf(" <- diff\n");
-	}
-
-#if 0
-int bn_mul_high(r,a,b,low,words)
-BIGNUM *r,*a,*b,*low;
-int words;
-	{
-	int i;
-	BIGNUM t1,t2,t3,h,ah,al,bh,bl,m,s0,s1;
-
-	BN_init(&al); BN_init(&ah);
-	BN_init(&bl); BN_init(&bh);
-	BN_init(&t1); BN_init(&t2); BN_init(&t3);
-	BN_init(&s0); BN_init(&s1);
-	BN_init(&h); BN_init(&m);
-
-	i=a->top;
-	if (i >= words)
-		{
-		al.top=words;
-		ah.top=a->top-words;
-		ah.d= &(a->d[ah.top]);
-		}
-	else
-		al.top=i;
-	al.d=a->d;
-
-	i=b->top;
-	if (i >= words)
-		{
-		bl.top=words;
-		bh.top=i-words;
-		bh.d= &(b->d[bh.top]);
-		}
-	else
-		bl.top=i;
-	bl.d=b->d;
-
-	i=low->top;
-	if (i >= words)
-		{
-		s0.top=words;
-		s1.top=i-words;
-		s1.d= &(low->d[s1.top]);
-		}
-	else
-		s0.top=i;
-	s0.d=low->d;
-
-al.max=al.top; ah.max=ah.top;
-bl.max=bl.top; bh.max=bh.top;
-s0.max=bl.top; s1.max=bh.top;
-
-	/* Calculate (al-ah)*(bh-bl) */
-	BN_sub(&t1,&al,&ah);
-	BN_sub(&t2,&bh,&bl);
-	BN_mul(&m,&t1,&t2);
-
-	/* Calculate ah*bh */
-	BN_mul(&h,&ah,&bh);
-
-	/* s0 == low(al*bl)
-	 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
-	 * We know s0 and s1 so the only unknown is high(al*bl)
-	 * high(al*bl) == s1 - low(ah*bh+(al-ah)*(bh-bl)+s0)
-	 */
-	BN_add(&m,&m,&h);
-	BN_add(&t2,&m,&s0);
-	/* Quick and dirty mask off of high words */
-	t3.d=t2.d;
-	t3.top=(t2.top > words)?words:t2.top;
-	t3.neg=t2.neg;
-t3.max=t3.top;
-// BN_print_fp(stdout,&s1); printf(" s1\n");
-// BN_print_fp(stdout,&t2); printf(" middle value\n");
-// BN_print_fp(stdout,&t3); printf(" low middle value\n");
-	BN_sub(&t1,&s1,&t3);
-
-	if (t1.neg)
-		{
-//printf("neg fixup\n"); //BN_print_fp(stdout,&t1); printf(" before\n");
-		BN_lshift(&t2,BN_value_one(),words*32);
-		BN_add(&t1,&t2,&t1);
-		BN_mask_bits(&t1,words*32);
-// BN_print_fp(stdout,&t1); printf(" after\n");
-		}
-	/* al*bl == high(al*bl)<<words+s0 */
-	BN_lshift(&t1,&t1,words*32);
-	BN_add(&t1,&t1,&s0);
-	
-	/* We now have
-	 * al*bl			- t1
-	 * (al-ah)*(bh-bl)+ah*bh	- m
-	 * ah*bh			- h
-	 */
-	BN_copy(r,&t1);
-	BN_mask_bits(r,words*32*2);
-
-	/*BN_lshift(&m,&m,words*/
-
-	BN_free(&t1); BN_free(&t2);
-	BN_free(&m); BN_free(&h);
-	}
-
-int BN_mod_mul_montgomery(r,a,b,mont,ctx)
-BIGNUM *r,*a,*b;
-BN_MONT_CTX *mont;
-BN_CTX *ctx;
-	{
-	BIGNUM *tmp;
-
-        tmp= &(ctx->bn[ctx->tos++]);
-
-	if (a == b)
-		{
-		if (!BN_sqr(tmp,a,ctx)) goto err;
-		}
-	else
-		{
-		if (!BN_mul(tmp,a,b)) goto err;
-		}
-	/* reduce from aRR to aR */
-	if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
-	ctx->tos--;
-	return(1);
-err:
-	return(0);
-	}
-
-int BN_from_montgomery(r,a,mont,ctx)
-BIGNUM *r;
-BIGNUM *a;
-BN_MONT_CTX *mont;
-BN_CTX *ctx;
-	{
-	BIGNUM z1;
-	BIGNUM *t1,*t2;
-	BN_ULONG *ap,*bp,*rp;
-	int j,i,bl,al;
-
-	BN_init(&z1);
-	t1= &(ctx->bn[ctx->tos]);
-	t2= &(ctx->bn[ctx->tos+1]);
-
-	if (!BN_copy(t1,a)) goto err;
-	/* can cheat */
-	BN_mask_bits(t1,mont->ri);
-	if (!BN_mul(t2,t1,mont->Ni)) goto err;
-	BN_mask_bits(t2,mont->ri);
-
-	if (!BN_mul(t1,t2,mont->N)) goto err;
-	if (!BN_add(t2,t1,a)) goto err;
-
-	/* At this point, t2 has the bottom ri bits set to zero.
-	 * This means that the bottom ri bits == the 1^ri minus the bottom
-	 * ri bits of a.
-	 * This means that only the bits above 'ri' in a need to be added,
-	 * and XXXXXXXXXXXXXXXXXXXXXXXX
-	 */
-BN_print_fp(stdout,t2); printf("\n");
-	BN_rshift(r,t2,mont->ri);
-
-	if (BN_ucmp(r,mont->N) >= 0)
-		BN_usub(r,r,mont->N);
-
-	return(1);
-err:
-	return(0);
-	}
-
-int BN_MONT_CTX_set(mont,mod,ctx)
-BN_MONT_CTX *mont;
-BIGNUM *mod;
-BN_CTX *ctx;
-	{
-	BIGNUM *Ri=NULL,*R=NULL;
-
-	if (mont->RR == NULL) mont->RR=BN_new();
-	if (mont->N == NULL)  mont->N=BN_new();
-
-	R=mont->RR;					/* grab RR as a temp */
-	BN_copy(mont->N,mod);				/* Set N */
-
-	mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
-	BN_lshift(R,BN_value_one(),mont->ri);			/* R */
-	if ((Ri=BN_mod_inverse(NULL,R,mod,ctx)) == NULL) goto err;/* Ri */
-	BN_lshift(Ri,Ri,mont->ri);				/* R*Ri */
-	BN_usub(Ri,Ri,BN_value_one());				/* R*Ri - 1 */
-	BN_div(Ri,NULL,Ri,mod,ctx);
-	if (mont->Ni != NULL) BN_free(mont->Ni);
-	mont->Ni=Ri;					/* Ni=(R*Ri-1)/N */
-
-	/* setup RR for conversions */
-	BN_lshift(mont->RR,BN_value_one(),mont->ri*2);
-	BN_mod(mont->RR,mont->RR,mont->N,ctx);
-
-	return(1);
-err:
-	return(0);
-	}
-
-
-#endif
diff --git a/crypto/bn/vms-helper.c b/crypto/bn/vms-helper.c
new file mode 100644
index 0000000000..4b63149bf3
--- /dev/null
+++ b/crypto/bn/vms-helper.c
@@ -0,0 +1,68 @@
+/* vms-helper.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include "bn_lcl.h"
+
+bn_div_words_abort(int i)
+{
+#ifdef BN_DEBUG
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
+	fprintf(stderr,"Division would overflow (%d)\n",i);
+#endif
+	abort();
+#endif
+}
diff --git a/crypto/buffer/.cvsignore b/crypto/buffer/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/buffer/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/buffer/Makefile.ssl b/crypto/buffer/Makefile.ssl
index a5f150e523..e8b6c9693a 100644
--- a/crypto/buffer/Makefile.ssl
+++ b/crypto/buffer/Makefile.ssl
@@ -5,25 +5,26 @@
 DIR=	buffer
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=buffer
-ERRC=buf_err
 GENERAL=Makefile
 TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= buffer.c $(ERRC).c
-LIBOBJ= buffer.o $(ERRC).o
+LIBSRC= buffer.c buf_err.c
+LIBOBJ= buffer.o buf_err.o
 
 SRC= $(LIBSRC)
 
@@ -39,24 +40,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -68,17 +68,27 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+buf_err.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+buf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+buf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+buf_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+buf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+buf_err.o: ../../include/openssl/symhacks.h buf_err.c
+buffer.o: ../../e_os.h ../../include/openssl/bio.h
+buffer.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+buffer.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+buffer.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+buffer.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+buffer.o: ../cryptlib.h buffer.c
diff --git a/crypto/buffer/buf_err.c b/crypto/buffer/buf_err.c
index 433cf3a0a4..5eee653e14 100644
--- a/crypto/buffer/buf_err.c
+++ b/crypto/buffer/buf_err.c
@@ -1,86 +1,94 @@
-/* lib/buf/buf_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/buffer/buf_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
  */
+
 #include <stdio.h>
-#include "err.h"
-#include "buffer.h"
+#include <openssl/err.h>
+#include <openssl/buffer.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA BUF_str_functs[]=
 	{
 {ERR_PACK(0,BUF_F_BUF_MEM_GROW,0),	"BUF_MEM_grow"},
 {ERR_PACK(0,BUF_F_BUF_MEM_NEW,0),	"BUF_MEM_new"},
 {ERR_PACK(0,BUF_F_BUF_STRDUP,0),	"BUF_strdup"},
-{ERR_PACK(0,BUF_F_PXYCLNT_READ,0),	"PXYCLNT_READ"},
-{0,NULL},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA BUF_str_reasons[]=
+	{
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_BUF_strings()
+void ERR_load_BUF_strings(void)
 	{
 	static int init=1;
 
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_BUF,BUF_str_functs);
+		ERR_load_strings(ERR_LIB_BUF,BUF_str_reasons);
 #endif
 
 		}
diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c
index 7e8af9e2fa..d96487e7db 100644
--- a/crypto/buffer/buffer.c
+++ b/crypto/buffer/buffer.c
@@ -58,13 +58,13 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
+#include <openssl/buffer.h>
 
-BUF_MEM *BUF_MEM_new()
+BUF_MEM *BUF_MEM_new(void)
 	{
 	BUF_MEM *ret;
 
-	ret=(BUF_MEM *)Malloc(sizeof(BUF_MEM));
+	ret=OPENSSL_malloc(sizeof(BUF_MEM));
 	if (ret == NULL)
 		{
 		BUFerr(BUF_F_BUF_MEM_NEW,ERR_R_MALLOC_FAILURE);
@@ -76,20 +76,20 @@ BUF_MEM *BUF_MEM_new()
 	return(ret);
 	}
 
-void BUF_MEM_free(a)
-BUF_MEM *a;
+void BUF_MEM_free(BUF_MEM *a)
 	{
+	if(a == NULL)
+	    return;
+
 	if (a->data != NULL)
 		{
 		memset(a->data,0,(unsigned int)a->max);
-		Free(a->data);
+		OPENSSL_free(a->data);
 		}
-	Free(a);
+	OPENSSL_free(a);
 	}
 
-int BUF_MEM_grow(str, len)
-BUF_MEM *str;
-int len;
+int BUF_MEM_grow(BUF_MEM *str, int len)
 	{
 	char *ret;
 	unsigned int n;
@@ -101,15 +101,15 @@ int len;
 		}
 	if (str->max >= len)
 		{
-		memset(&(str->data[str->length]),0,len-str->length);
+		memset(&str->data[str->length],0,len-str->length);
 		str->length=len;
 		return(len);
 		}
 	n=(len+3)/3*4;
 	if (str->data == NULL)
-		ret=(char *)Malloc(n);
+		ret=OPENSSL_malloc(n);
 	else
-		ret=(char *)Realloc(str->data,n);
+		ret=OPENSSL_realloc(str->data,n);
 	if (ret == NULL)
 		{
 		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
@@ -118,14 +118,51 @@ int len;
 	else
 		{
 		str->data=ret;
+		str->max=n;
+		memset(&str->data[str->length],0,len-str->length);
+		str->length=len;
+		}
+	return(len);
+	}
+
+int BUF_MEM_grow_clean(BUF_MEM *str, int len)
+	{
+	char *ret;
+	unsigned int n;
+
+	if (str->length >= len)
+		{
+		memset(&str->data[len],0,str->length-len);
+		str->length=len;
+		return(len);
+		}
+	if (str->max >= len)
+		{
+		memset(&str->data[str->length],0,len-str->length);
 		str->length=len;
+		return(len);
+		}
+	n=(len+3)/3*4;
+	if (str->data == NULL)
+		ret=OPENSSL_malloc(n);
+	else
+		ret=OPENSSL_realloc_clean(str->data,str->max,n);
+	if (ret == NULL)
+		{
+		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
+		len=0;
+		}
+	else
+		{
+		str->data=ret;
 		str->max=n;
+		memset(&str->data[str->length],0,len-str->length);
+		str->length=len;
 		}
 	return(len);
 	}
 
-char *BUF_strdup(str)
-char *str;
+char *BUF_strdup(const char *str)
 	{
 	char *ret;
 	int n;
@@ -133,7 +170,7 @@ char *str;
 	if (str == NULL) return(NULL);
 
 	n=strlen(str);
-	ret=Malloc(n+1);
+	ret=OPENSSL_malloc(n+1);
 	if (ret == NULL) 
 		{
 		BUFerr(BUF_F_BUF_STRDUP,ERR_R_MALLOC_FAILURE);
@@ -143,3 +180,23 @@ char *str;
 	return(ret);
 	}
 
+size_t BUF_strlcpy(char *dst, const char *src, size_t size)
+	{
+	size_t l = 0;
+	for(; size > 1 && *src; size--)
+		{
+		*dst++ = *src++;
+		l++;
+		}
+	if (size)
+		*dst = '\0';
+	return l + strlen(src);
+	}
+
+size_t BUF_strlcat(char *dst, const char *src, size_t size)
+	{
+	size_t l = 0;
+	for(; size > 0 && *dst; size--, dst++)
+		l++;
+	return l + BUF_strlcpy(dst, src, size);
+	}
diff --git a/crypto/buffer/buffer.err b/crypto/buffer/buffer.err
deleted file mode 100644
index 62b775e637..0000000000
--- a/crypto/buffer/buffer.err
+++ /dev/null
@@ -1,9 +0,0 @@
-/* Error codes for the BUF functions. */
-
-/* Function codes. */
-#define BUF_F_BUF_MEM_GROW				 100
-#define BUF_F_BUF_MEM_NEW				 101
-#define BUF_F_BUF_STRDUP				 102
-#define BUF_F_PXYCLNT_READ				 103
-
-/* Reason codes. */
diff --git a/crypto/buffer/buffer.h b/crypto/buffer/buffer.h
index 417548c04a..465dc34f3f 100644
--- a/crypto/buffer/buffer.h
+++ b/crypto/buffer/buffer.h
@@ -63,6 +63,9 @@
 extern "C" {
 #endif
 
+#include <stddef.h>
+#include <sys/types.h>
+
 typedef struct buf_mem_st
 	{
 	int length;	/* current number of bytes */
@@ -70,38 +73,33 @@ typedef struct buf_mem_st
 	int max;	/* size of buffer */
 	} BUF_MEM;
 
-#ifndef NOPROTO
 BUF_MEM *BUF_MEM_new(void);
 void	BUF_MEM_free(BUF_MEM *a);
 int	BUF_MEM_grow(BUF_MEM *str, int len);
-char *	BUF_strdup(char *str);
-
-void ERR_load_BUF_strings(void );
-
-#else
+int	BUF_MEM_grow_clean(BUF_MEM *str, int len);
+char *	BUF_strdup(const char *str);
 
-BUF_MEM *BUF_MEM_new();
-void	BUF_MEM_free();
-int	BUF_MEM_grow();
-char *	BUF_strdup();
+/* safe string functions */
+size_t BUF_strlcpy(char *dst,const char *src,size_t siz);
+size_t BUF_strlcat(char *dst,const char *src,size_t siz);
 
-void ERR_load_BUF_strings();
-
-#endif
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_BUF_strings(void);
+
 /* Error codes for the BUF functions. */
 
 /* Function codes. */
 #define BUF_F_BUF_MEM_GROW				 100
 #define BUF_F_BUF_MEM_NEW				 101
 #define BUF_F_BUF_STRDUP				 102
-#define BUF_F_PXYCLNT_READ				 103
 
 /* Reason codes. */
- 
+
 #ifdef  __cplusplus
 }
 #endif
 #endif
-
diff --git a/crypto/cast/.cvsignore b/crypto/cast/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/cast/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/cast/Makefile.ssl b/crypto/cast/Makefile.ssl
index c59982e783..c18d86845e 100644
--- a/crypto/cast/Makefile.ssl
+++ b/crypto/cast/Makefile.ssl
@@ -8,9 +8,12 @@ CC=	cc
 CPP=	$(CC) -E
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -45,12 +48,12 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 # elf
 asm/cx86-elf.o: asm/cx86unix.cpp
-	$(CPP) -DELF asm/cx86unix.cpp | as -o asm/cx86-elf.o
+	$(CPP) -DELF -x c asm/cx86unix.cpp | as -o asm/cx86-elf.o
 
 # solaris
 asm/cx86-sol.o: asm/cx86unix.cpp
@@ -66,24 +69,23 @@ asm/cx86-out.o: asm/cx86unix.cpp
 asm/cx86bsdi.o: asm/cx86unix.cpp
 	$(CPP) -DBSDI asm/cx86unix.cpp | sed 's/ :/:/' | as -o asm/cx86bsdi.o
 
-asm/cx86unix.cpp:
-	(cd asm; perl cast-586.pl cpp >cx86unix.cpp)
+asm/cx86unix.cpp: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+	(cd asm; $(PERL) cast-586.pl cpp $(PROCESSOR) >cx86unix.cpp)
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -95,15 +97,29 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f asm/cx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+c_cfb64.o: ../../e_os.h ../../include/openssl/cast.h
+c_cfb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_cfb64.o: c_cfb64.c cast_lcl.h
+c_ecb.o: ../../e_os.h ../../include/openssl/cast.h
+c_ecb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_ecb.o: ../../include/openssl/opensslv.h c_ecb.c cast_lcl.h
+c_enc.o: ../../e_os.h ../../include/openssl/cast.h
+c_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_enc.o: c_enc.c cast_lcl.h
+c_ofb64.o: ../../e_os.h ../../include/openssl/cast.h
+c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_ofb64.o: c_ofb64.c cast_lcl.h
+c_skey.o: ../../e_os.h ../../include/openssl/cast.h
+c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_skey.o: c_skey.c cast_lcl.h cast_s.h
diff --git a/crypto/cast/Makefile.uni b/crypto/cast/Makefile.uni
deleted file mode 100644
index 780073e75b..0000000000
--- a/crypto/cast/Makefile.uni
+++ /dev/null
@@ -1,123 +0,0 @@
-# Targets
-# make          - twidle the options yourself :-)
-# make cc       - standard cc options
-# make gcc      - standard gcc options
-# make x86-elf  - linux-elf etc
-# make x86-out  - linux-a.out, FreeBSD etc
-# make x86-solaris
-# make x86-bdsi
-
-# There are 3 possible performance options, experiment :-)
-#OPTS= -DBF_PTR
-#OPTS= -DBF_PTR2
-OPTS=
-
-DIR=    cast
-TOP=    .
-CC=     gcc
-CFLAG=	-O3 -fomit-frame-pointer
-
-CPP=    $(CC) -E
-INCLUDES=
-INSTALLTOP=/usr/local/lib
-MAKE=           make
-MAKEDEPEND=     makedepend
-MAKEFILE=       Makefile.uni
-AR=             ar r
-
-CAST_ENC=c_enc.o
-# or use
-#CAST_ENC=asm/cx86-elf.o
-#CAST_ENC=asm/cx86-out.o
-#CAST_ENC=asm/cx86-sol.o
-#CAST_ENC=asm/cx86bdsi.o
-
-CFLAGS= $(OPTS) $(INCLUDES) $(CFLAG) -DFULL_TEST
-
-GENERAL=Makefile
-TEST=casttest
-APP1=cast_spd
-APP2=castopts
-APPS=$(APP1) $(APP2)
-
-LIB=libcast.a
-LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c
-LIBOBJ=c_skey.o c_ecb.o $(CAST_ENC) c_cfb64.o c_ofb64.o
-
-SRC= $(LIBSRC)
-
-EXHEADER= cast.h
-HEADER= cast_lcl.h $(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-all:    $(LIB) $(TEST) $(APPS)
-
-$(LIB):    $(LIBOBJ)
-	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/ranlib.sh $(LIB)
-# elf
-asm/cx86-elf.o: asm/cx86unix.cpp
-	$(CPP) -DELF asm/cx86unix.cpp | as -o asm/cx86-elf.o
-
-# solaris
-asm/cx86-sol.o: asm/cx86unix.cpp
-	$(CC) -E -DSOL asm/cx86unix.cpp | sed 's/^#.*//' > asm/cx86-sol.s
-	as -o asm/cx86-sol.o asm/cx86-sol.s
-	rm -f asm/cx86-sol.s
-
-# a.out
-asm/cx86-out.o: asm/cx86unix.cpp
-	$(CPP) -DOUT asm/cx86unix.cpp | as -o asm/cx86-out.o
-
-# bsdi
-asm/cx86bsdi.o: asm/cx86unix.cpp
-	$(CPP) -DBSDI asm/cx86unix.cpp | as -o asm/cx86bsdi.o
-
-asm/cx86unix.cpp:
-	(cd asm; perl cast-586.pl cpp >cx86unix.cpp)
-
-test:	$(TEST)
-	./$(TEST)
-
-$(TEST): $(TEST).c $(LIB)
-	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
-
-$(APP1): $(APP1).c $(LIB)
-	$(CC) -o $(APP1) $(CFLAGS) $(APP1).c $(LIB)
-
-$(APP2): $(APP2).c $(LIB)
-	$(CC) -o $(APP2) $(CFLAGS) $(APP2).c $(LIB)
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
-
-dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-cc:
-	$(MAKE) CC="cc" CFLAG="-O" all
-
-gcc:
-	$(MAKE) CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
-
-x86-elf:
-	$(MAKE) CAST_ENC="asm/cx86-elf.o" CFLAG="-DELF $(CFLAGS)" all
-
-x86-out:
-	$(MAKE) CAST_ENC="asm/cx86-out.o" CFLAG="-DOUT $(CFLAGS)" all
-
-x86-solaris:
-	$(MAKE) CAST_ENC="asm/cx86-sol.o" CFLAG="-DSOL $(CFLAGS)" all
-
-x86-bdsi:
-	$(MAKE) CAST_ENC="asm/cx86-bdsi.o" CFLAG="-DBDSI $(CFLAGS)" all
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/cast/asm/.cvsignore b/crypto/cast/asm/.cvsignore
new file mode 100644
index 0000000000..ed39ad9fc6
--- /dev/null
+++ b/crypto/cast/asm/.cvsignore
@@ -0,0 +1 @@
+cx86unix.cpp
diff --git a/crypto/cast/asm/c-win32.asm b/crypto/cast/asm/c-win32.asm
deleted file mode 100644
index a1d8a2671a..0000000000
--- a/crypto/cast/asm/c-win32.asm
+++ /dev/null
@@ -1,940 +0,0 @@
-	; Don't even think of reading this code
-	; It was automatically generated by cast-586.pl
-	; Which is a perl program used to generate the x86 assember for
-	; any of elf, a.out, BSDI,Win32, or Solaris
-	; eric <eay@cryptsoft.com>
-	; 
-	TITLE	cast-586.asm
-        .486
-.model FLAT
-_TEXT	SEGMENT
-PUBLIC	_CAST_encrypt
-EXTERN	_CAST_S_table0:DWORD
-EXTERN	_CAST_S_table1:DWORD
-EXTERN	_CAST_S_table2:DWORD
-EXTERN	_CAST_S_table3:DWORD
-
-_CAST_encrypt PROC NEAR
-	; 
-	push	ebp
-	push	ebx
-	mov	ebx,		DWORD PTR 12[esp]
-	mov	ebp,		DWORD PTR 16[esp]
-	push	esi
-	push	edi
-	; Load the 2 words
-	mov	edi,		DWORD PTR [ebx]
-	mov	esi,		DWORD PTR 4[ebx]
-	xor	eax,		eax
-	; round 0
-	mov	edx,		DWORD PTR [ebp]
-	mov	ecx,		DWORD PTR 4[ebp]
-	add	edx,		esi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	xor	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	sub	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	add	ecx,		ebx
-	xor	edi,		ecx
-	; round 1
-	mov	edx,		DWORD PTR 8[ebp]
-	mov	ecx,		DWORD PTR 12[ebp]
-	xor	edx,		edi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	sub	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	add	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	xor	ecx,		ebx
-	xor	esi,		ecx
-	; round 2
-	mov	edx,		DWORD PTR 16[ebp]
-	mov	ecx,		DWORD PTR 20[ebp]
-	sub	edx,		esi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	add	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	xor	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	sub	ecx,		ebx
-	xor	edi,		ecx
-	; round 3
-	mov	edx,		DWORD PTR 24[ebp]
-	mov	ecx,		DWORD PTR 28[ebp]
-	add	edx,		edi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	xor	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	sub	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	add	ecx,		ebx
-	xor	esi,		ecx
-	; round 4
-	mov	edx,		DWORD PTR 32[ebp]
-	mov	ecx,		DWORD PTR 36[ebp]
-	xor	edx,		esi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	sub	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	add	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	xor	ecx,		ebx
-	xor	edi,		ecx
-	; round 5
-	mov	edx,		DWORD PTR 40[ebp]
-	mov	ecx,		DWORD PTR 44[ebp]
-	sub	edx,		edi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	add	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	xor	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	sub	ecx,		ebx
-	xor	esi,		ecx
-	; round 6
-	mov	edx,		DWORD PTR 48[ebp]
-	mov	ecx,		DWORD PTR 52[ebp]
-	add	edx,		esi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	xor	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	sub	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	add	ecx,		ebx
-	xor	edi,		ecx
-	; round 7
-	mov	edx,		DWORD PTR 56[ebp]
-	mov	ecx,		DWORD PTR 60[ebp]
-	xor	edx,		edi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	sub	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	add	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	xor	ecx,		ebx
-	xor	esi,		ecx
-	; round 8
-	mov	edx,		DWORD PTR 64[ebp]
-	mov	ecx,		DWORD PTR 68[ebp]
-	sub	edx,		esi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	add	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	xor	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	sub	ecx,		ebx
-	xor	edi,		ecx
-	; round 9
-	mov	edx,		DWORD PTR 72[ebp]
-	mov	ecx,		DWORD PTR 76[ebp]
-	add	edx,		edi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	xor	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	sub	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	add	ecx,		ebx
-	xor	esi,		ecx
-	; round 10
-	mov	edx,		DWORD PTR 80[ebp]
-	mov	ecx,		DWORD PTR 84[ebp]
-	xor	edx,		esi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	sub	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	add	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	xor	ecx,		ebx
-	xor	edi,		ecx
-	; round 11
-	mov	edx,		DWORD PTR 88[ebp]
-	mov	ecx,		DWORD PTR 92[ebp]
-	sub	edx,		edi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	add	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	xor	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	sub	ecx,		ebx
-	xor	esi,		ecx
-	; round 12
-	mov	edx,		DWORD PTR 96[ebp]
-	mov	ecx,		DWORD PTR 100[ebp]
-	add	edx,		esi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	xor	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	sub	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	add	ecx,		ebx
-	xor	edi,		ecx
-	; round 13
-	mov	edx,		DWORD PTR 104[ebp]
-	mov	ecx,		DWORD PTR 108[ebp]
-	xor	edx,		edi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	sub	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	add	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	xor	ecx,		ebx
-	xor	esi,		ecx
-	; round 14
-	mov	edx,		DWORD PTR 112[ebp]
-	mov	ecx,		DWORD PTR 116[ebp]
-	sub	edx,		esi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	add	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	xor	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	sub	ecx,		ebx
-	xor	edi,		ecx
-	; round 15
-	mov	edx,		DWORD PTR 120[ebp]
-	mov	ecx,		DWORD PTR 124[ebp]
-	add	edx,		edi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	xor	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	sub	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	add	ecx,		ebx
-	mov	eax,		DWORD PTR 20[esp]
-	xor	esi,		ecx
-	nop
-	mov	DWORD PTR 4[eax],edi
-	mov	DWORD PTR [eax],esi
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-_CAST_encrypt ENDP
-_TEXT	ENDS
-_TEXT	SEGMENT
-PUBLIC	_CAST_decrypt
-EXTERN	_CAST_S_table0:DWORD
-EXTERN	_CAST_S_table1:DWORD
-EXTERN	_CAST_S_table2:DWORD
-EXTERN	_CAST_S_table3:DWORD
-
-_CAST_decrypt PROC NEAR
-	; 
-	push	ebp
-	push	ebx
-	mov	ebx,		DWORD PTR 12[esp]
-	mov	ebp,		DWORD PTR 16[esp]
-	push	esi
-	push	edi
-	; Load the 2 words
-	mov	edi,		DWORD PTR [ebx]
-	mov	esi,		DWORD PTR 4[ebx]
-	xor	eax,		eax
-	; round 15
-	mov	edx,		DWORD PTR 120[ebp]
-	mov	ecx,		DWORD PTR 124[ebp]
-	add	edx,		esi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	xor	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	sub	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	add	ecx,		ebx
-	xor	edi,		ecx
-	; round 14
-	mov	edx,		DWORD PTR 112[ebp]
-	mov	ecx,		DWORD PTR 116[ebp]
-	sub	edx,		edi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	add	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	xor	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	sub	ecx,		ebx
-	xor	esi,		ecx
-	; round 13
-	mov	edx,		DWORD PTR 104[ebp]
-	mov	ecx,		DWORD PTR 108[ebp]
-	xor	edx,		esi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	sub	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	add	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	xor	ecx,		ebx
-	xor	edi,		ecx
-	; round 12
-	mov	edx,		DWORD PTR 96[ebp]
-	mov	ecx,		DWORD PTR 100[ebp]
-	add	edx,		edi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	xor	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	sub	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	add	ecx,		ebx
-	xor	esi,		ecx
-	; round 11
-	mov	edx,		DWORD PTR 88[ebp]
-	mov	ecx,		DWORD PTR 92[ebp]
-	sub	edx,		esi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	add	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	xor	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	sub	ecx,		ebx
-	xor	edi,		ecx
-	; round 10
-	mov	edx,		DWORD PTR 80[ebp]
-	mov	ecx,		DWORD PTR 84[ebp]
-	xor	edx,		edi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	sub	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	add	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	xor	ecx,		ebx
-	xor	esi,		ecx
-	; round 9
-	mov	edx,		DWORD PTR 72[ebp]
-	mov	ecx,		DWORD PTR 76[ebp]
-	add	edx,		esi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	xor	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	sub	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	add	ecx,		ebx
-	xor	edi,		ecx
-	; round 8
-	mov	edx,		DWORD PTR 64[ebp]
-	mov	ecx,		DWORD PTR 68[ebp]
-	sub	edx,		edi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	add	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	xor	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	sub	ecx,		ebx
-	xor	esi,		ecx
-	; round 7
-	mov	edx,		DWORD PTR 56[ebp]
-	mov	ecx,		DWORD PTR 60[ebp]
-	xor	edx,		esi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	sub	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	add	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	xor	ecx,		ebx
-	xor	edi,		ecx
-	; round 6
-	mov	edx,		DWORD PTR 48[ebp]
-	mov	ecx,		DWORD PTR 52[ebp]
-	add	edx,		edi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	xor	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	sub	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	add	ecx,		ebx
-	xor	esi,		ecx
-	; round 5
-	mov	edx,		DWORD PTR 40[ebp]
-	mov	ecx,		DWORD PTR 44[ebp]
-	sub	edx,		esi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	add	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	xor	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	sub	ecx,		ebx
-	xor	edi,		ecx
-	; round 4
-	mov	edx,		DWORD PTR 32[ebp]
-	mov	ecx,		DWORD PTR 36[ebp]
-	xor	edx,		edi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	sub	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	add	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	xor	ecx,		ebx
-	xor	esi,		ecx
-	; round 3
-	mov	edx,		DWORD PTR 24[ebp]
-	mov	ecx,		DWORD PTR 28[ebp]
-	add	edx,		esi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	xor	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	sub	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	add	ecx,		ebx
-	xor	edi,		ecx
-	; round 2
-	mov	edx,		DWORD PTR 16[ebp]
-	mov	ecx,		DWORD PTR 20[ebp]
-	sub	edx,		edi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	add	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	xor	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	sub	ecx,		ebx
-	xor	esi,		ecx
-	; round 1
-	mov	edx,		DWORD PTR 8[ebp]
-	mov	ecx,		DWORD PTR 12[ebp]
-	xor	edx,		esi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	sub	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	add	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	xor	ecx,		ebx
-	xor	edi,		ecx
-	; round 0
-	mov	edx,		DWORD PTR [ebp]
-	mov	ecx,		DWORD PTR 4[ebp]
-	add	edx,		edi
-	rol	edx,		cl
-	mov	ebx,		edx
-	xor	ecx,		ecx
-	mov	cl,		dh
-	and	ebx,		255
-	shr	edx,		16
-	xor	eax,		eax
-	mov	al,		dh
-	and	edx,		255
-	mov	ecx,		DWORD PTR _CAST_S_table0[ecx*4]
-	mov	ebx,		DWORD PTR _CAST_S_table1[ebx*4]
-	xor	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table2[eax*4]
-	sub	ecx,		ebx
-	mov	ebx,		DWORD PTR _CAST_S_table3[edx*4]
-	add	ecx,		ebx
-	mov	eax,		DWORD PTR 20[esp]
-	xor	esi,		ecx
-	nop
-	mov	DWORD PTR 4[eax],edi
-	mov	DWORD PTR [eax],esi
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-_CAST_decrypt ENDP
-_TEXT	ENDS
-_TEXT	SEGMENT
-PUBLIC	_CAST_cbc_encrypt
-
-_CAST_cbc_encrypt PROC NEAR
-	; 
-	push	ebp
-	push	ebx
-	push	esi
-	push	edi
-	mov	ebp,		DWORD PTR 28[esp]
-	; getting iv ptr from parameter 4
-	mov	ebx,		DWORD PTR 36[esp]
-	mov	esi,		DWORD PTR [ebx]
-	mov	edi,		DWORD PTR 4[ebx]
-	push	edi
-	push	esi
-	push	edi
-	push	esi
-	mov	ebx,		esp
-	mov	esi,		DWORD PTR 36[esp]
-	mov	edi,		DWORD PTR 40[esp]
-	; getting encrypt flag from parameter 5
-	mov	ecx,		DWORD PTR 56[esp]
-	; get and push parameter 3
-	mov	eax,		DWORD PTR 48[esp]
-	push	eax
-	push	ebx
-	cmp	ecx,		0
-	jz	$L000decrypt
-	and	ebp,		4294967288
-	mov	eax,		DWORD PTR 8[esp]
-	mov	ebx,		DWORD PTR 12[esp]
-	jz	$L001encrypt_finish
-L002encrypt_loop:
-	mov	ecx,		DWORD PTR [esi]
-	mov	edx,		DWORD PTR 4[esi]
-	xor	eax,		ecx
-	xor	ebx,		edx
-	bswap	eax
-	bswap	ebx
-	mov	DWORD PTR 8[esp],eax
-	mov	DWORD PTR 12[esp],ebx
-	call	_CAST_encrypt
-	mov	eax,		DWORD PTR 8[esp]
-	mov	ebx,		DWORD PTR 12[esp]
-	bswap	eax
-	bswap	ebx
-	mov	DWORD PTR [edi],eax
-	mov	DWORD PTR 4[edi],ebx
-	add	esi,		8
-	add	edi,		8
-	sub	ebp,		8
-	jnz	L002encrypt_loop
-$L001encrypt_finish:
-	mov	ebp,		DWORD PTR 52[esp]
-	and	ebp,		7
-	jz	$L003finish
-	xor	ecx,		ecx
-	xor	edx,		edx
-	mov	ebp,		DWORD PTR $L004cbc_enc_jmp_table[ebp*4]
-	jmp	 ebp
-L005ej7:
-	xor	edx,		edx
-	mov	dh,		BYTE PTR 6[esi]
-	shl	edx,		8
-L006ej6:
-	mov	dh,		BYTE PTR 5[esi]
-L007ej5:
-	mov	dl,		BYTE PTR 4[esi]
-L008ej4:
-	mov	ecx,		DWORD PTR [esi]
-	jmp	$L009ejend
-L010ej3:
-	mov	ch,		BYTE PTR 2[esi]
-	xor	ecx,		ecx
-	shl	ecx,		8
-L011ej2:
-	mov	ch,		BYTE PTR 1[esi]
-L012ej1:
-	mov	cl,		BYTE PTR [esi]
-$L009ejend:
-	xor	eax,		ecx
-	xor	ebx,		edx
-	bswap	eax
-	bswap	ebx
-	mov	DWORD PTR 8[esp],eax
-	mov	DWORD PTR 12[esp],ebx
-	call	_CAST_encrypt
-	mov	eax,		DWORD PTR 8[esp]
-	mov	ebx,		DWORD PTR 12[esp]
-	bswap	eax
-	bswap	ebx
-	mov	DWORD PTR [edi],eax
-	mov	DWORD PTR 4[edi],ebx
-	jmp	$L003finish
-$L000decrypt:
-	and	ebp,		4294967288
-	mov	eax,		DWORD PTR 16[esp]
-	mov	ebx,		DWORD PTR 20[esp]
-	jz	$L013decrypt_finish
-L014decrypt_loop:
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-	bswap	eax
-	bswap	ebx
-	mov	DWORD PTR 8[esp],eax
-	mov	DWORD PTR 12[esp],ebx
-	call	_CAST_decrypt
-	mov	eax,		DWORD PTR 8[esp]
-	mov	ebx,		DWORD PTR 12[esp]
-	bswap	eax
-	bswap	ebx
-	mov	ecx,		DWORD PTR 16[esp]
-	mov	edx,		DWORD PTR 20[esp]
-	xor	ecx,		eax
-	xor	edx,		ebx
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-	mov	DWORD PTR [edi],ecx
-	mov	DWORD PTR 4[edi],edx
-	mov	DWORD PTR 16[esp],eax
-	mov	DWORD PTR 20[esp],ebx
-	add	esi,		8
-	add	edi,		8
-	sub	ebp,		8
-	jnz	L014decrypt_loop
-$L013decrypt_finish:
-	mov	ebp,		DWORD PTR 52[esp]
-	and	ebp,		7
-	jz	$L003finish
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-	bswap	eax
-	bswap	ebx
-	mov	DWORD PTR 8[esp],eax
-	mov	DWORD PTR 12[esp],ebx
-	call	_CAST_decrypt
-	mov	eax,		DWORD PTR 8[esp]
-	mov	ebx,		DWORD PTR 12[esp]
-	bswap	eax
-	bswap	ebx
-	mov	ecx,		DWORD PTR 16[esp]
-	mov	edx,		DWORD PTR 20[esp]
-	xor	ecx,		eax
-	xor	edx,		ebx
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-L015dj7:
-	ror	edx,		16
-	mov	BYTE PTR 6[edi],dl
-	shr	edx,		16
-L016dj6:
-	mov	BYTE PTR 5[edi],dh
-L017dj5:
-	mov	BYTE PTR 4[edi],dl
-L018dj4:
-	mov	DWORD PTR [edi],ecx
-	jmp	$L019djend
-L020dj3:
-	ror	ecx,		16
-	mov	BYTE PTR 2[edi],cl
-	shl	ecx,		16
-L021dj2:
-	mov	BYTE PTR 1[esi],ch
-L022dj1:
-	mov	BYTE PTR [esi],	cl
-$L019djend:
-	jmp	$L003finish
-$L003finish:
-	mov	ecx,		DWORD PTR 60[esp]
-	add	esp,		24
-	mov	DWORD PTR [ecx],eax
-	mov	DWORD PTR 4[ecx],ebx
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-$L004cbc_enc_jmp_table:
-	DD	0
-	DD	L012ej1
-	DD	L011ej2
-	DD	L010ej3
-	DD	L008ej4
-	DD	L007ej5
-	DD	L006ej6
-	DD	L005ej7
-L023cbc_dec_jmp_table:
-	DD	0
-	DD	L022dj1
-	DD	L021dj2
-	DD	L020dj3
-	DD	L018dj4
-	DD	L017dj5
-	DD	L016dj6
-	DD	L015dj7
-_CAST_cbc_encrypt ENDP
-_TEXT	ENDS
-END
diff --git a/crypto/cast/asm/cast-586.pl b/crypto/cast/asm/cast-586.pl
index d6b6f19bea..6be0bfe572 100644
--- a/crypto/cast/asm/cast-586.pl
+++ b/crypto/cast/asm/cast-586.pl
@@ -7,7 +7,7 @@ push(@INC,"perlasm","../../perlasm");
 require "x86asm.pl";
 require "cbc.pl";
 
-&asm_init($ARGV[0],"cast-586.pl");
+&asm_init($ARGV[0],"cast-586.pl",$ARGV[$#ARGV] eq "386");
 
 $CAST_ROUNDS=16;
 $L="edi";
@@ -32,136 +32,145 @@ $S4="CAST_S_table3";
 
 &asm_finish();
 
-sub CAST_encrypt
-	{
-	local($name,$enc)=@_;
+sub CAST_encrypt {
+    local($name,$enc)=@_;
 
-	local($win_ex)=<<"EOF";
+    local($win_ex)=<<"EOF";
 EXTERN	_CAST_S_table0:DWORD
 EXTERN	_CAST_S_table1:DWORD
 EXTERN	_CAST_S_table2:DWORD
 EXTERN	_CAST_S_table3:DWORD
 EOF
-	&main'external_label(
-		"CAST_S_table0",
-		"CAST_S_table1",
-		"CAST_S_table2",
-		"CAST_S_table3",
-		);
-
-	&function_begin_B($name,$win_ex);
-
-	&comment("");
-
-	&push("ebp");
-	&push("ebx");
-	&mov($tmp2,&wparam(0));
-	&mov($K,&wparam(1));
-	&push("esi");
-	&push("edi");
-
-	&comment("Load the 2 words");
-	&mov($L,&DWP(0,$tmp2,"",0));
-	&mov($R,&DWP(4,$tmp2,"",0));
-
-	&xor(	$tmp3,	$tmp3);
-
-	# encrypting part
-
-	if ($enc)
-		{
-		&E_CAST( 0,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 1,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 2,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 3,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 4,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 5,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 6,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 7,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 8,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 9,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST(10,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST(11,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST(12,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST(13,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST(14,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST(15,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4,1);
-		}
-	else
-		{
-		&E_CAST(15,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST(14,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST(13,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST(12,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST(11,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST(10,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 9,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 8,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 7,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 6,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 5,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 4,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 3,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 2,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 1,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
-		&E_CAST( 0,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4,1);
-		}
-
-	&nop();
-	&mov(&DWP(4,$tmp3,"",0),$L);
-	&mov(&DWP(0,$tmp3,"",0),$R);
-	&function_end($name);
-	}
-
-sub E_CAST
-	{
-	local($i,$S,$L,$R,$K,$OP1,$OP2,$OP3,$tmp1,$tmp2,$tmp3,$tmp4,$lst)=@_;
-	# Ri needs to have 16 pre added.
-
-	&comment("round $i");
-	&mov(	$tmp4,		&DWP($i*8,$K,"",1));
-
-	&mov(	$tmp1,		&DWP($i*8+4,$K,"",1));# must be word
-	&$OP1(	$tmp4,		$R);
-
-	&rotl(	$tmp4,		&LB($tmp1));
-
-	if ($ppro)
-		{
-		&mov(	$tmp2,		$tmp4);		# B
-		&xor(	$tmp1,		$tmp1);
-
-		&movb(	&LB($tmp1),	&HB($tmp4));	# A
-		&and(	$tmp2,		0xff);
-
-		&shr(	$tmp4,		16); 		#
-		&xor(	$tmp3,		$tmp3);
-		}
-	else
-		{
-		&mov(	$tmp2,		$tmp4);		# B
-		&movb(	&LB($tmp1),	&HB($tmp4));	# A	# BAD BAD BAD
-
-		&shr(	$tmp4,		16); 		#
-		&and(	$tmp2,		0xff);
-		}
-
-	&movb(	&LB($tmp3),	&HB($tmp4));	# C	# BAD BAD BAD
-	&and(	$tmp4,		0xff);		# D
-
-	&mov(	$tmp1,		&DWP($S1,"",$tmp1,4));
-	&mov(	$tmp2,		&DWP($S2,"",$tmp2,4));
-
-	&$OP2(	$tmp1,		$tmp2);
-	&mov(	$tmp2,		&DWP($S3,"",$tmp3,4));
-
-	&$OP3(	$tmp1,		$tmp2);
-	&mov(	$tmp2,		&DWP($S4,"",$tmp4,4));
-
-	&$OP1(	$tmp1,		$tmp2);
-	 &mov($tmp3,&wparam(0)) if $lst;
-	 # XXX
-
-	&xor(	$L,		$tmp1);
-	 # XXX
-	}
+    &main::external_label(
+			  "CAST_S_table0",
+			  "CAST_S_table1",
+			  "CAST_S_table2",
+			  "CAST_S_table3",
+			  );
+
+    &function_begin_B($name,$win_ex);
+
+    &comment("");
+
+    &push("ebp");
+    &push("ebx");
+    &mov($tmp2,&wparam(0));
+    &mov($K,&wparam(1));
+    &push("esi");
+    &push("edi");
+
+    &comment("Load the 2 words");
+    &mov($L,&DWP(0,$tmp2,"",0));
+    &mov($R,&DWP(4,$tmp2,"",0));
+
+    &comment('Get short key flag');
+    &mov($tmp3,&DWP(128,$K,"",0));
+    if($enc) {
+	&push($tmp3);
+    } else {
+	&or($tmp3,$tmp3);
+	&jnz(&label('cast_dec_skip'));
+    }
+
+    &xor($tmp3,	$tmp3);
+
+    # encrypting part
+
+    if ($enc) {
+	&E_CAST( 0,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 1,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 2,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 3,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 4,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 5,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 6,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 7,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 8,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 9,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(10,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(11,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&comment('test short key flag');
+	&pop($tmp4);
+	&or($tmp4,$tmp4);
+	&jnz(&label('cast_enc_done'));
+	&E_CAST(12,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(13,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(14,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(15,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+    } else {
+	&E_CAST(15,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(14,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(13,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(12,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&set_label('cast_dec_skip');
+	&E_CAST(11,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST(10,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 9,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 8,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 7,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 6,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 5,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 4,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 3,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 2,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 1,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4);
+	&E_CAST( 0,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4);
+    }
+
+    &set_label('cast_enc_done') if $enc;
+# Why the nop? - Ben 17/1/99
+    &nop();
+    &mov($tmp3,&wparam(0));
+    &mov(&DWP(4,$tmp3,"",0),$L);
+    &mov(&DWP(0,$tmp3,"",0),$R);
+    &function_end($name);
+}
+
+sub E_CAST {
+    local($i,$S,$L,$R,$K,$OP1,$OP2,$OP3,$tmp1,$tmp2,$tmp3,$tmp4)=@_;
+    # Ri needs to have 16 pre added.
+
+    &comment("round $i");
+    &mov(	$tmp4,		&DWP($i*8,$K,"",1));
+
+    &mov(	$tmp1,		&DWP($i*8+4,$K,"",1));
+    &$OP1(	$tmp4,		$R);
+
+    &rotl(	$tmp4,		&LB($tmp1));
+
+    if ($ppro) {
+	&mov(	$tmp2,		$tmp4);		# B
+	&xor(	$tmp1,		$tmp1);
+	
+	&movb(	&LB($tmp1),	&HB($tmp4));	# A
+	&and(	$tmp2,		0xff);
+
+	&shr(	$tmp4,		16); 		#
+	&xor(	$tmp3,		$tmp3);
+    } else {
+	&mov(	$tmp2,		$tmp4);		# B
+	&movb(	&LB($tmp1),	&HB($tmp4));	# A	# BAD BAD BAD
+	
+	&shr(	$tmp4,		16); 		#
+	&and(	$tmp2,		0xff);
+    }
+
+    &movb(	&LB($tmp3),	&HB($tmp4));	# C	# BAD BAD BAD
+    &and(	$tmp4,		0xff);		# D
+
+    &mov(	$tmp1,		&DWP($S1,"",$tmp1,4));
+    &mov(	$tmp2,		&DWP($S2,"",$tmp2,4));
+
+    &$OP2(	$tmp1,		$tmp2);
+    &mov(	$tmp2,		&DWP($S3,"",$tmp3,4));
+
+    &$OP3(	$tmp1,		$tmp2);
+    &mov(	$tmp2,		&DWP($S4,"",$tmp4,4));
+
+    &$OP1(	$tmp1,		$tmp2);
+    # XXX
+
+    &xor(	$L,		$tmp1);
+    # XXX
+}
+
diff --git a/crypto/cast/asm/cx86unix.cpp b/crypto/cast/asm/cx86unix.cpp
deleted file mode 100644
index 035692a5af..0000000000
--- a/crypto/cast/asm/cx86unix.cpp
+++ /dev/null
@@ -1,1010 +0,0 @@
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-
-#if defined(OUT) || defined(BSDI)
-#define CAST_S_table0 _CAST_S_table0
-#define CAST_S_table1 _CAST_S_table1
-#define CAST_S_table2 _CAST_S_table2
-#define CAST_S_table3 _CAST_S_table3
-#define CAST_encrypt _CAST_encrypt
-#define CAST_S_table0 _CAST_S_table0
-#define CAST_S_table1 _CAST_S_table1
-#define CAST_S_table2 _CAST_S_table2
-#define CAST_S_table3 _CAST_S_table3
-#define CAST_decrypt _CAST_decrypt
-#define CAST_cbc_encrypt _CAST_cbc_encrypt
-
-#endif
-
-#ifdef OUT
-#define OK	1
-#define ALIGN	4
-#endif
-
-#ifdef BSDI
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-/* Let the Assembler begin :-) */
-	/* Don't even think of reading this code */
-	/* It was automatically generated by cast-586.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, BSDI,Win32, or Solaris */
-	/* eric <eay@cryptsoft.com> */
-
-	.file	"cast-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl CAST_encrypt
-	TYPE(CAST_encrypt,@function)
-CAST_encrypt:
-
-	pushl	%ebp
-	pushl	%ebx
-	movl	12(%esp),	%ebx
-	movl	16(%esp),	%ebp
-	pushl	%esi
-	pushl	%edi
-	/* Load the 2 words */
-	movl	(%ebx),		%edi
-	movl	4(%ebx),	%esi
-	xorl	%eax,		%eax
-	/* round 0 */
-	movl	(%ebp),		%edx
-	movl	4(%ebp),	%ecx
-	addl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 1 */
-	movl	8(%ebp),	%edx
-	movl	12(%ebp),	%ecx
-	xorl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	xorl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 2 */
-	movl	16(%ebp),	%edx
-	movl	20(%ebp),	%ecx
-	subl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	subl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 3 */
-	movl	24(%ebp),	%edx
-	movl	28(%ebp),	%ecx
-	addl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 4 */
-	movl	32(%ebp),	%edx
-	movl	36(%ebp),	%ecx
-	xorl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	xorl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 5 */
-	movl	40(%ebp),	%edx
-	movl	44(%ebp),	%ecx
-	subl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	subl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 6 */
-	movl	48(%ebp),	%edx
-	movl	52(%ebp),	%ecx
-	addl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 7 */
-	movl	56(%ebp),	%edx
-	movl	60(%ebp),	%ecx
-	xorl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	xorl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 8 */
-	movl	64(%ebp),	%edx
-	movl	68(%ebp),	%ecx
-	subl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	subl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 9 */
-	movl	72(%ebp),	%edx
-	movl	76(%ebp),	%ecx
-	addl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 10 */
-	movl	80(%ebp),	%edx
-	movl	84(%ebp),	%ecx
-	xorl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	xorl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 11 */
-	movl	88(%ebp),	%edx
-	movl	92(%ebp),	%ecx
-	subl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	subl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 12 */
-	movl	96(%ebp),	%edx
-	movl	100(%ebp),	%ecx
-	addl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 13 */
-	movl	104(%ebp),	%edx
-	movl	108(%ebp),	%ecx
-	xorl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	xorl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 14 */
-	movl	112(%ebp),	%edx
-	movl	116(%ebp),	%ecx
-	subl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	subl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 15 */
-	movl	120(%ebp),	%edx
-	movl	124(%ebp),	%ecx
-	addl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	20(%esp),	%eax
-	xorl	%ecx,		%esi
-	nop
-	movl	%edi,		4(%eax)
-	movl	%esi,		(%eax)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.CAST_encrypt_end:
-	SIZE(CAST_encrypt,.CAST_encrypt_end-CAST_encrypt)
-.ident	"CAST_encrypt"
-.text
-	.align ALIGN
-.globl CAST_decrypt
-	TYPE(CAST_decrypt,@function)
-CAST_decrypt:
-
-	pushl	%ebp
-	pushl	%ebx
-	movl	12(%esp),	%ebx
-	movl	16(%esp),	%ebp
-	pushl	%esi
-	pushl	%edi
-	/* Load the 2 words */
-	movl	(%ebx),		%edi
-	movl	4(%ebx),	%esi
-	xorl	%eax,		%eax
-	/* round 15 */
-	movl	120(%ebp),	%edx
-	movl	124(%ebp),	%ecx
-	addl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 14 */
-	movl	112(%ebp),	%edx
-	movl	116(%ebp),	%ecx
-	subl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	subl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 13 */
-	movl	104(%ebp),	%edx
-	movl	108(%ebp),	%ecx
-	xorl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	xorl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 12 */
-	movl	96(%ebp),	%edx
-	movl	100(%ebp),	%ecx
-	addl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 11 */
-	movl	88(%ebp),	%edx
-	movl	92(%ebp),	%ecx
-	subl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	subl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 10 */
-	movl	80(%ebp),	%edx
-	movl	84(%ebp),	%ecx
-	xorl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	xorl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 9 */
-	movl	72(%ebp),	%edx
-	movl	76(%ebp),	%ecx
-	addl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 8 */
-	movl	64(%ebp),	%edx
-	movl	68(%ebp),	%ecx
-	subl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	subl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 7 */
-	movl	56(%ebp),	%edx
-	movl	60(%ebp),	%ecx
-	xorl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	xorl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 6 */
-	movl	48(%ebp),	%edx
-	movl	52(%ebp),	%ecx
-	addl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 5 */
-	movl	40(%ebp),	%edx
-	movl	44(%ebp),	%ecx
-	subl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	subl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 4 */
-	movl	32(%ebp),	%edx
-	movl	36(%ebp),	%ecx
-	xorl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	xorl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 3 */
-	movl	24(%ebp),	%edx
-	movl	28(%ebp),	%ecx
-	addl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 2 */
-	movl	16(%ebp),	%edx
-	movl	20(%ebp),	%ecx
-	subl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	subl	%ebx,		%ecx
-	xorl	%ecx,		%esi
-	/* round 1 */
-	movl	8(%ebp),	%edx
-	movl	12(%ebp),	%ecx
-	xorl	%esi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	addl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	xorl	%ebx,		%ecx
-	xorl	%ecx,		%edi
-	/* round 0 */
-	movl	(%ebp),		%edx
-	movl	4(%ebp),	%ecx
-	addl	%edi,		%edx
-	roll	%cl,		%edx
-	movl	%edx,		%ebx
-	xorl	%ecx,		%ecx
-	movb	%dh,		%cl
-	andl	$255,		%ebx
-	shrl	$16,		%edx
-	xorl	%eax,		%eax
-	movb	%dh,		%al
-	andl	$255,		%edx
-	movl	CAST_S_table0(,%ecx,4),%ecx
-	movl	CAST_S_table1(,%ebx,4),%ebx
-	xorl	%ebx,		%ecx
-	movl	CAST_S_table2(,%eax,4),%ebx
-	subl	%ebx,		%ecx
-	movl	CAST_S_table3(,%edx,4),%ebx
-	addl	%ebx,		%ecx
-	movl	20(%esp),	%eax
-	xorl	%ecx,		%esi
-	nop
-	movl	%edi,		4(%eax)
-	movl	%esi,		(%eax)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.CAST_decrypt_end:
-	SIZE(CAST_decrypt,.CAST_decrypt_end-CAST_decrypt)
-.ident	"CAST_decrypt"
-.text
-	.align ALIGN
-.globl CAST_cbc_encrypt
-	TYPE(CAST_cbc_encrypt,@function)
-CAST_cbc_encrypt:
-
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	28(%esp),	%ebp
-	/* getting iv ptr from parameter 4 */
-	movl	36(%esp),	%ebx
-	movl	(%ebx),		%esi
-	movl	4(%ebx),	%edi
-	pushl	%edi
-	pushl	%esi
-	pushl	%edi
-	pushl	%esi
-	movl	%esp,		%ebx
-	movl	36(%esp),	%esi
-	movl	40(%esp),	%edi
-	/* getting encrypt flag from parameter 5 */
-	movl	56(%esp),	%ecx
-	/* get and push parameter 3 */
-	movl	48(%esp),	%eax
-	pushl	%eax
-	pushl	%ebx
-	cmpl	$0,		%ecx
-	jz	.L000decrypt
-	andl	$4294967288,	%ebp
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-	jz	.L001encrypt_finish
-.L002encrypt_loop:
-	movl	(%esi),		%ecx
-	movl	4(%esi),	%edx
-	xorl	%ecx,		%eax
-	xorl	%edx,		%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	CAST_encrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		(%edi)
-	movl	%ebx,		4(%edi)
-	addl	$8,		%esi
-	addl	$8,		%edi
-	subl	$8,		%ebp
-	jnz	.L002encrypt_loop
-.L001encrypt_finish:
-	movl	52(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L003finish
-	xorl	%ecx,		%ecx
-	xorl	%edx,		%edx
-	movl	.L004cbc_enc_jmp_table(,%ebp,4),%ebp
-	jmp	*%ebp
-.L005ej7:
-	xorl	%edx,		%edx
-	movb	6(%esi),	%dh
-	sall	$8,		%edx
-.L006ej6:
-	movb	5(%esi),	%dh
-.L007ej5:
-	movb	4(%esi),	%dl
-.L008ej4:
-	movl	(%esi),		%ecx
-	jmp	.L009ejend
-.L010ej3:
-	movb	2(%esi),	%ch
-	xorl	%ecx,		%ecx
-	sall	$8,		%ecx
-.L011ej2:
-	movb	1(%esi),	%ch
-.L012ej1:
-	movb	(%esi),		%cl
-.L009ejend:
-	xorl	%ecx,		%eax
-	xorl	%edx,		%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	CAST_encrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		(%edi)
-	movl	%ebx,		4(%edi)
-	jmp	.L003finish
-.align ALIGN
-.L000decrypt:
-	andl	$4294967288,	%ebp
-	movl	16(%esp),	%eax
-	movl	20(%esp),	%ebx
-	jz	.L013decrypt_finish
-.L014decrypt_loop:
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	CAST_decrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	16(%esp),	%ecx
-	movl	20(%esp),	%edx
-	xorl	%eax,		%ecx
-	xorl	%ebx,		%edx
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%ecx,		(%edi)
-	movl	%edx,		4(%edi)
-	movl	%eax,		16(%esp)
-	movl	%ebx,		20(%esp)
-	addl	$8,		%esi
-	addl	$8,		%edi
-	subl	$8,		%ebp
-	jnz	.L014decrypt_loop
-.L013decrypt_finish:
-	movl	52(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L003finish
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	CAST_decrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-.byte 15
-.byte 200		/* bswapl  %eax */
-.byte 15
-.byte 203		/* bswapl  %ebx */
-	movl	16(%esp),	%ecx
-	movl	20(%esp),	%edx
-	xorl	%eax,		%ecx
-	xorl	%ebx,		%edx
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-.L015dj7:
-	rorl	$16,		%edx
-	movb	%dl,		6(%edi)
-	shrl	$16,		%edx
-.L016dj6:
-	movb	%dh,		5(%edi)
-.L017dj5:
-	movb	%dl,		4(%edi)
-.L018dj4:
-	movl	%ecx,		(%edi)
-	jmp	.L019djend
-.L020dj3:
-	rorl	$16,		%ecx
-	movb	%cl,		2(%edi)
-	sall	$16,		%ecx
-.L021dj2:
-	movb	%ch,		1(%esi)
-.L022dj1:
-	movb	%cl,		(%esi)
-.L019djend:
-	jmp	.L003finish
-.align ALIGN
-.L003finish:
-	movl	60(%esp),	%ecx
-	addl	$24,		%esp
-	movl	%eax,		(%ecx)
-	movl	%ebx,		4(%ecx)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.align ALIGN
-.L004cbc_enc_jmp_table:
-	.long 0
-	.long .L012ej1
-	.long .L011ej2
-	.long .L010ej3
-	.long .L008ej4
-	.long .L007ej5
-	.long .L006ej6
-	.long .L005ej7
-.align ALIGN
-.L023cbc_dec_jmp_table:
-	.long 0
-	.long .L022dj1
-	.long .L021dj2
-	.long .L020dj3
-	.long .L018dj4
-	.long .L017dj5
-	.long .L016dj6
-	.long .L015dj7
-.CAST_cbc_encrypt_end:
-	SIZE(CAST_cbc_encrypt,.CAST_cbc_encrypt_end-CAST_cbc_encrypt)
-.ident	"desasm.pl"
diff --git a/crypto/cast/c_cfb64.c b/crypto/cast/c_cfb64.c
index c46c375f75..514c005c32 100644
--- a/crypto/cast/c_cfb64.c
+++ b/crypto/cast/c_cfb64.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#include "cast.h"
+#include <openssl/cast.h>
 #include "cast_lcl.h"
 
 /* The input and output encrypted as though 64bit cfb mode is being
@@ -64,14 +64,9 @@
  * 64bit block we have used is contained in *num;
  */
 
-void CAST_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt)
-unsigned char *in;
-unsigned char *out;
-long length;
-CAST_KEY *schedule;
-unsigned char *ivec;
-int *num;
-int encrypt;
+void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+			long length, CAST_KEY *schedule, unsigned char *ivec,
+			int *num, int enc)
 	{
 	register CAST_LONG v0,v1,t;
 	register int n= *num;
@@ -79,8 +74,8 @@ int encrypt;
 	CAST_LONG ti[2];
 	unsigned char *iv,c,cc;
 
-	iv=(unsigned char *)ivec;
-	if (encrypt)
+	iv=ivec;
+	if (enc)
 		{
 		while (l--)
 			{
@@ -89,10 +84,10 @@ int encrypt;
 				n2l(iv,v0); ti[0]=v0;
 				n2l(iv,v1); ti[1]=v1;
 				CAST_encrypt((CAST_LONG *)ti,schedule);
-				iv=(unsigned char *)ivec;
+				iv=ivec;
 				t=ti[0]; l2n(t,iv);
 				t=ti[1]; l2n(t,iv);
-				iv=(unsigned char *)ivec;
+				iv=ivec;
 				}
 			c= *(in++)^iv[n];
 			*(out++)=c;
@@ -109,10 +104,10 @@ int encrypt;
 				n2l(iv,v0); ti[0]=v0;
 				n2l(iv,v1); ti[1]=v1;
 				CAST_encrypt((CAST_LONG *)ti,schedule);
-				iv=(unsigned char *)ivec;
+				iv=ivec;
 				t=ti[0]; l2n(t,iv);
 				t=ti[1]; l2n(t,iv);
-				iv=(unsigned char *)ivec;
+				iv=ivec;
 				}
 			cc= *(in++);
 			c=iv[n];
diff --git a/crypto/cast/c_ecb.c b/crypto/cast/c_ecb.c
index fe34bd17e7..0b3da9ad87 100644
--- a/crypto/cast/c_ecb.c
+++ b/crypto/cast/c_ecb.c
@@ -56,22 +56,20 @@
  * [including the GNU Public Licence.]
  */
 
-#include "cast.h"
+#include <openssl/cast.h>
 #include "cast_lcl.h"
+#include <openssl/opensslv.h>
 
-char *CAST_version="CAST part of SSLeay 0.9.1a 06-Jul-1998";
+const char *CAST_version="CAST" OPENSSL_VERSION_PTEXT;
 
-void CAST_ecb_encrypt(in, out, ks, encrypt)
-unsigned char *in;
-unsigned char *out;
-CAST_KEY *ks;
-int encrypt;
+void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
+		      CAST_KEY *ks, int enc)
 	{
 	CAST_LONG l,d[2];
 
 	n2l(in,l); d[0]=l;
 	n2l(in,l); d[1]=l;
-	if (encrypt)
+	if (enc)
 		CAST_encrypt(d,ks);
 	else
 		CAST_decrypt(d,ks);
diff --git a/crypto/cast/c_enc.c b/crypto/cast/c_enc.c
index d998dd4953..0fe2cffecc 100644
--- a/crypto/cast/c_enc.c
+++ b/crypto/cast/c_enc.c
@@ -56,12 +56,10 @@
  * [including the GNU Public Licence.]
  */
 
-#include "cast.h"
+#include <openssl/cast.h>
 #include "cast_lcl.h"
 
-void CAST_encrypt(data,key)
-CAST_LONG *data;
-CAST_KEY *key;
+void CAST_encrypt(CAST_LONG *data, CAST_KEY *key)
 	{
 	register CAST_LONG l,r,*k,t;
 
@@ -81,18 +79,19 @@ CAST_KEY *key;
 	E_CAST( 9,k,r,l,+,^,-);
 	E_CAST(10,k,l,r,^,-,+);
 	E_CAST(11,k,r,l,-,+,^);
-	E_CAST(12,k,l,r,+,^,-);
-	E_CAST(13,k,r,l,^,-,+);
-	E_CAST(14,k,l,r,-,+,^);
-	E_CAST(15,k,r,l,+,^,-);
+	if(!key->short_key)
+	    {
+	    E_CAST(12,k,l,r,+,^,-);
+	    E_CAST(13,k,r,l,^,-,+);
+	    E_CAST(14,k,l,r,-,+,^);
+	    E_CAST(15,k,r,l,+,^,-);
+	    }
 
 	data[1]=l&0xffffffffL;
 	data[0]=r&0xffffffffL;
 	}
 
-void CAST_decrypt(data,key)
-CAST_LONG *data;
-CAST_KEY *key;
+void CAST_decrypt(CAST_LONG *data, CAST_KEY *key)
 	{
 	register CAST_LONG l,r,*k,t;
 
@@ -100,10 +99,13 @@ CAST_KEY *key;
 	l=data[0];
 	r=data[1];
 
-	E_CAST(15,k,l,r,+,^,-);
-	E_CAST(14,k,r,l,-,+,^);
-	E_CAST(13,k,l,r,^,-,+);
-	E_CAST(12,k,r,l,+,^,-);
+	if(!key->short_key)
+	    {
+	    E_CAST(15,k,l,r,+,^,-);
+	    E_CAST(14,k,r,l,-,+,^);
+	    E_CAST(13,k,l,r,^,-,+);
+	    E_CAST(12,k,r,l,+,^,-);
+	    }
 	E_CAST(11,k,l,r,-,+,^);
 	E_CAST(10,k,r,l,^,-,+);
 	E_CAST( 9,k,l,r,+,^,-);
@@ -121,20 +123,15 @@ CAST_KEY *key;
 	data[0]=r&0xffffffffL;
 	}
 
-void CAST_cbc_encrypt(in, out, length, ks, iv, encrypt)
-unsigned char *in;
-unsigned char *out;
-long length;
-CAST_KEY *ks;
-unsigned char *iv;
-int encrypt;
+void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+	     CAST_KEY *ks, unsigned char *iv, int enc)
 	{
 	register CAST_LONG tin0,tin1;
 	register CAST_LONG tout0,tout1,xor0,xor1;
 	register long l=length;
 	CAST_LONG tin[2];
 
-	if (encrypt)
+	if (enc)
 		{
 		n2l(iv,tout0);
 		n2l(iv,tout1);
diff --git a/crypto/cast/c_ofb64.c b/crypto/cast/c_ofb64.c
index 2aad2d6d96..fd0469a62f 100644
--- a/crypto/cast/c_ofb64.c
+++ b/crypto/cast/c_ofb64.c
@@ -56,20 +56,16 @@
  * [including the GNU Public Licence.]
  */
 
-#include "cast.h"
+#include <openssl/cast.h>
 #include "cast_lcl.h"
 
 /* The input and output encrypted as though 64bit ofb mode is being
  * used.  The extra state information to record how much of the
  * 64bit block we have used is contained in *num;
  */
-void CAST_ofb64_encrypt(in, out, length, schedule, ivec, num)
-unsigned char *in;
-unsigned char *out;
-long length;
-CAST_KEY *schedule;
-unsigned char *ivec;
-int *num;
+void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+			long length, CAST_KEY *schedule, unsigned char *ivec,
+			int *num)
 	{
 	register CAST_LONG v0,v1,t;
 	register int n= *num;
@@ -80,7 +76,7 @@ int *num;
 	unsigned char *iv;
 	int save=0;
 
-	iv=(unsigned char *)ivec;
+	iv=ivec;
 	n2l(iv,v0);
 	n2l(iv,v1);
 	ti[0]=v0;
@@ -105,7 +101,7 @@ int *num;
 		{
 		v0=ti[0];
 		v1=ti[1];
-		iv=(unsigned char *)ivec;
+		iv=ivec;
 		l2n(v0,iv);
 		l2n(v1,iv);
 		}
diff --git a/crypto/cast/c_skey.c b/crypto/cast/c_skey.c
index 2fc3363dcd..76e40005c9 100644
--- a/crypto/cast/c_skey.c
+++ b/crypto/cast/c_skey.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#include "cast.h"
+#include <openssl/cast.h>
 #include "cast_lcl.h"
 #include "cast_s.h"
 
@@ -72,10 +72,7 @@
 #define S6 CAST_S_table6
 #define S7 CAST_S_table7
 
-void CAST_set_key(key,len,data)
-CAST_KEY *key;
-int len;
-unsigned char *data;
+void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
 	{
 	CAST_LONG x[16];
 	CAST_LONG z[16];
@@ -88,6 +85,10 @@ unsigned char *data;
 	if (len > 16) len=16;
 	for (i=0; i<len; i++)
 		x[i]=data[i];
+	if(len <= 10)
+	    key->short_key=1;
+	else
+	    key->short_key=0;
 
 	K= &k[0];
 	X[0]=((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL;
diff --git a/crypto/cast/cast.h b/crypto/cast/cast.h
index 528cb7c824..b28e4e4f3b 100644
--- a/crypto/cast/cast.h
+++ b/crypto/cast/cast.h
@@ -63,6 +63,10 @@
 extern "C" {
 #endif
 
+#ifdef OPENSSL_NO_CAST
+#error CAST is disabled.
+#endif
+
 #define CAST_ENCRYPT	1
 #define CAST_DECRYPT	0
 
@@ -74,33 +78,23 @@ extern "C" {
 typedef struct cast_key_st
 	{
 	CAST_LONG data[32];
+	int short_key;	/* Use reduced rounds for short key */
 	} CAST_KEY;
 
-#ifndef NOPROTO
  
-void CAST_set_key(CAST_KEY *key, int len, unsigned char *data);
-void CAST_ecb_encrypt(unsigned char *in,unsigned char *out,CAST_KEY *key,
-	int enc);
+void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
+void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key,
+		      int enc);
 void CAST_encrypt(CAST_LONG *data,CAST_KEY *key);
 void CAST_decrypt(CAST_LONG *data,CAST_KEY *key);
-void CAST_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
-	CAST_KEY *ks, unsigned char *iv, int enc);
-void CAST_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	CAST_KEY *schedule, unsigned char *ivec, int *num, int enc);
-void CAST_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	CAST_KEY *schedule, unsigned char *ivec, int *num);
-
-#else
-
-void CAST_set_key();
-void CAST_ecb_encrypt();
-void CAST_encrypt();
-void CAST_decrypt();
-void CAST_cbc_encrypt();
-void CAST_cfb64_encrypt();
-void CAST_ofb64_encrypt();
-
-#endif
+void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+		      CAST_KEY *ks, unsigned char *iv, int enc);
+void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+			long length, CAST_KEY *schedule, unsigned char *ivec,
+			int *num, int enc);
+void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, 
+			long length, CAST_KEY *schedule, unsigned char *ivec,
+			int *num);
 
 #ifdef  __cplusplus
 }
diff --git a/crypto/cast/cast_lcl.h b/crypto/cast/cast_lcl.h
index 6587952a96..37f41cc6a4 100644
--- a/crypto/cast/cast_lcl.h
+++ b/crypto/cast/cast_lcl.h
@@ -56,10 +56,19 @@
  * [including the GNU Public Licence.]
  */
 
-#ifdef WIN32
+
+#include "e_os.h"
+
+#ifdef OPENSSL_SYS_WIN32
 #include <stdlib.h>
 #endif
 
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
 #undef c2l
 #define c2l(c,l)	(l =((unsigned long)(*((c)++)))    , \
 			 l|=((unsigned long)(*((c)++)))<< 8L, \
@@ -148,7 +157,7 @@
                          *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
                          *((c)++)=(unsigned char)(((l)     )&0xff))
 
-#if defined(WIN32)
+#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
 #define ROTL(a,n)     (_lrotl(a,n))
 #else
 #define ROTL(a,n)     ((((a)<<(n))&0xffffffffL)|((a)>>(32-(n))))
@@ -213,12 +222,11 @@
 	}
 #endif
 
-extern CAST_LONG CAST_S_table0[256];
-extern CAST_LONG CAST_S_table1[256];
-extern CAST_LONG CAST_S_table2[256];
-extern CAST_LONG CAST_S_table3[256];
-extern CAST_LONG CAST_S_table4[256];
-extern CAST_LONG CAST_S_table5[256];
-extern CAST_LONG CAST_S_table6[256];
-extern CAST_LONG CAST_S_table7[256];
-
+OPENSSL_EXTERN const CAST_LONG CAST_S_table0[256];
+OPENSSL_EXTERN const CAST_LONG CAST_S_table1[256];
+OPENSSL_EXTERN const CAST_LONG CAST_S_table2[256];
+OPENSSL_EXTERN const CAST_LONG CAST_S_table3[256];
+OPENSSL_EXTERN const CAST_LONG CAST_S_table4[256];
+OPENSSL_EXTERN const CAST_LONG CAST_S_table5[256];
+OPENSSL_EXTERN const CAST_LONG CAST_S_table6[256];
+OPENSSL_EXTERN const CAST_LONG CAST_S_table7[256];
diff --git a/crypto/cast/cast_s.h b/crypto/cast/cast_s.h
index 8fe0152149..c483fd5e43 100644
--- a/crypto/cast/cast_s.h
+++ b/crypto/cast/cast_s.h
@@ -55,7 +55,7 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
-CAST_LONG CAST_S_table0[256]={
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table0[256]={
 	0x30fb40d4,0x9fa0ff0b,0x6beccd2f,0x3f258c7a,
 	0x1e213f2f,0x9c004dd3,0x6003e540,0xcf9fc949,
 	0xbfd4af27,0x88bbbdb5,0xe2034090,0x98d09675,
@@ -121,7 +121,7 @@ CAST_LONG CAST_S_table0[256]={
 	0x1a69e783,0x02cc4843,0xa2f7c579,0x429ef47d,
 	0x427b169c,0x5ac9f049,0xdd8f0f00,0x5c8165bf,
 	};
-CAST_LONG CAST_S_table1[256]={
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table1[256]={
 	0x1f201094,0xef0ba75b,0x69e3cf7e,0x393f4380,
 	0xfe61cf7a,0xeec5207a,0x55889c94,0x72fc0651,
 	0xada7ef79,0x4e1d7235,0xd55a63ce,0xde0436ba,
@@ -187,7 +187,7 @@ CAST_LONG CAST_S_table1[256]={
 	0x43d79572,0x7e6dd07c,0x06dfdf1e,0x6c6cc4ef,
 	0x7160a539,0x73bfbe70,0x83877605,0x4523ecf1,
 	};
-CAST_LONG CAST_S_table2[256]={
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table2[256]={
 	0x8defc240,0x25fa5d9f,0xeb903dbf,0xe810c907,
 	0x47607fff,0x369fe44b,0x8c1fc644,0xaececa90,
 	0xbeb1f9bf,0xeefbcaea,0xe8cf1950,0x51df07ae,
@@ -253,7 +253,7 @@ CAST_LONG CAST_S_table2[256]={
 	0xf7baefd5,0x4142ed9c,0xa4315c11,0x83323ec5,
 	0xdfef4636,0xa133c501,0xe9d3531c,0xee353783,
 	};
-CAST_LONG CAST_S_table3[256]={
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table3[256]={
 	0x9db30420,0x1fb6e9de,0xa7be7bef,0xd273a298,
 	0x4a4f7bdb,0x64ad8c57,0x85510443,0xfa020ed1,
 	0x7e287aff,0xe60fb663,0x095f35a1,0x79ebf120,
@@ -319,7 +319,7 @@ CAST_LONG CAST_S_table3[256]={
 	0x7ae5290c,0x3cb9536b,0x851e20fe,0x9833557e,
 	0x13ecf0b0,0xd3ffb372,0x3f85c5c1,0x0aef7ed2,
 	};
-CAST_LONG CAST_S_table4[256]={
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table4[256]={
 	0x7ec90c04,0x2c6e74b9,0x9b0e66df,0xa6337911,
 	0xb86a7fff,0x1dd358f5,0x44dd9d44,0x1731167f,
 	0x08fbf1fa,0xe7f511cc,0xd2051b00,0x735aba00,
@@ -385,7 +385,7 @@ CAST_LONG CAST_S_table4[256]={
 	0xe822fe15,0x88570983,0x750e6249,0xda627e55,
 	0x5e76ffa8,0xb1534546,0x6d47de08,0xefe9e7d4,
 	};
-CAST_LONG CAST_S_table5[256]={
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table5[256]={
 	0xf6fa8f9d,0x2cac6ce1,0x4ca34867,0xe2337f7c,
 	0x95db08e7,0x016843b4,0xeced5cbc,0x325553ac,
 	0xbf9f0960,0xdfa1e2ed,0x83f0579d,0x63ed86b9,
@@ -451,7 +451,7 @@ CAST_LONG CAST_S_table5[256]={
 	0xa2d762cf,0x49c92f54,0x38b5f331,0x7128a454,
 	0x48392905,0xa65b1db8,0x851c97bd,0xd675cf2f,
 	};
-CAST_LONG CAST_S_table6[256]={
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table6[256]={
 	0x85e04019,0x332bf567,0x662dbfff,0xcfc65693,
 	0x2a8d7f6f,0xab9bc912,0xde6008a1,0x2028da1f,
 	0x0227bce7,0x4d642916,0x18fac300,0x50f18b82,
@@ -517,7 +517,7 @@ CAST_LONG CAST_S_table6[256]={
 	0x518f36b2,0x84b1d370,0x0fedce83,0x878ddada,
 	0xf2a279c7,0x94e01be8,0x90716f4b,0x954b8aa3,
 	};
-CAST_LONG CAST_S_table7[256]={
+OPENSSL_GLOBAL const CAST_LONG CAST_S_table7[256]={
 	0xe216300d,0xbbddfffc,0xa7ebdabd,0x35648095,
 	0x7789f8b7,0xe6c1121b,0x0e241600,0x052ce8b5,
 	0x11a9cfb0,0xe5952f11,0xece7990a,0x9386d174,
diff --git a/crypto/cast/cast_spd.c b/crypto/cast/cast_spd.c
index 885b1df23d..76abf50d98 100644
--- a/crypto/cast/cast_spd.c
+++ b/crypto/cast/cast_spd.c
@@ -59,19 +59,17 @@
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
 
-#ifndef MSDOS
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
 #define TIMES
 #endif
 
 #include <stdio.h>
-#ifndef MSDOS
-#include <unistd.h>
-#else
-#include <io.h>
-extern int exit();
-#endif
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
 #include <signal.h>
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -79,15 +77,15 @@ extern int exit();
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
@@ -98,16 +96,12 @@ struct tms {
 #include <sys/param.h>
 #endif
 
-#include "cast.h"
+#include <openssl/cast.h>
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
 #ifndef CLK_TCK
-#ifndef VMS
-#define HZ	100.0
-#else /* VMS */
 #define HZ	100.0
-#endif
 #else /* CLK_TCK */
 #define HZ ((double)CLK_TCK)
 #endif
@@ -116,12 +110,7 @@ struct tms {
 #define BUFSIZE	((long)1024)
 long run=0;
 
-#ifndef NOPROTO
 double Time_F(int s);
-#else
-double Time_F();
-#endif
-
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
 #define SIGRETTYPE void
@@ -129,14 +118,8 @@ double Time_F();
 #define SIGRETTYPE int
 #endif
 
-#ifndef NOPROTO
 SIGRETTYPE sig_done(int sig);
-#else
-SIGRETTYPE sig_done();
-#endif
-
-SIGRETTYPE sig_done(sig)
-int sig;
+SIGRETTYPE sig_done(int sig)
 	{
 	signal(SIGALRM,sig_done);
 	run=0;
@@ -149,8 +132,7 @@ int sig;
 #define START	0
 #define STOP	1
 
-double Time_F(s)
-int s;
+double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -186,9 +168,7 @@ int s;
 #endif
 	}
 
-int main(argc,argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	long count;
 	static unsigned char buf[BUFSIZE];
@@ -203,7 +183,7 @@ char **argv;
 #endif
 
 #ifndef TIMES
-	printf("To get the most acurate results, try to run this\n");
+	printf("To get the most accurate results, try to run this\n");
 	printf("program when this computer is idle.\n");
 #endif
 
@@ -288,7 +268,7 @@ char **argv;
 	printf("CAST raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
 	printf("CAST cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
 	exit(0);
-#if defined(LINT) || defined(MSDOS)
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
 	return(0);
 #endif
 	}
diff --git a/crypto/cast/castopts.c b/crypto/cast/castopts.c
index 8635b46a02..1b858d153b 100644
--- a/crypto/cast/castopts.c
+++ b/crypto/cast/castopts.c
@@ -59,19 +59,17 @@
 /* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
  * This is for machines with 64k code segment size restrictions. */
 
-#ifndef MSDOS
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC))
 #define TIMES
 #endif
 
 #include <stdio.h>
-#ifndef MSDOS
-#include <unistd.h>
-#else
-#include <io.h>
-extern void exit();
-#endif
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
 #include <signal.h>
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -79,15 +77,15 @@ extern void exit();
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
@@ -98,7 +96,7 @@ struct tms {
 #include <sys/param.h>
 #endif
 
-#include "cast.h"
+#include <openssl/cast.h>
 
 #define CAST_DEFAULT_OPTIONS
 
@@ -137,11 +135,7 @@ struct tms {
 #ifndef HZ
 # ifndef CLK_TCK
 #  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
-#   ifndef VMS
-#    define HZ	100.0
-#   else /* VMS */
-#    define HZ	100.0
-#   endif
+#   define HZ	100.0
 #  else /* _BSD_CLK_TCK_ */
 #   define HZ ((double)_BSD_CLK_TCK_)
 #  endif
@@ -153,12 +147,7 @@ struct tms {
 #define BUFSIZE	((long)1024)
 long run=0;
 
-#ifndef NOPROTO
 double Time_F(int s);
-#else
-double Time_F();
-#endif
-
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi)
 #define SIGRETTYPE void
@@ -166,14 +155,8 @@ double Time_F();
 #define SIGRETTYPE int
 #endif
 
-#ifndef NOPROTO
 SIGRETTYPE sig_done(int sig);
-#else
-SIGRETTYPE sig_done();
-#endif
-
-SIGRETTYPE sig_done(sig)
-int sig;
+SIGRETTYPE sig_done(int sig)
 	{
 	signal(SIGALRM,sig_done);
 	run=0;
@@ -186,8 +169,7 @@ int sig;
 #define START	0
 #define STOP	1
 
-double Time_F(s)
-int s;
+double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -248,9 +230,7 @@ int s;
 	fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
 		tm[index]*8,1.0e6/tm[index]);
 
-int main(argc,argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	long count;
 	static unsigned char buf[BUFSIZE];
@@ -272,7 +252,7 @@ char **argv;
 		}
 
 #ifndef TIMES
-	fprintf(stderr,"To get the most acurate results, try to run this\n");
+	fprintf(stderr,"To get the most accurate results, try to run this\n");
 	fprintf(stderr,"program when this computer is idle.\n");
 #endif
 
@@ -352,7 +332,7 @@ char **argv;
 		break;
 		}
 	exit(0);
-#if defined(LINT) || defined(MSDOS)
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
 	return(0);
 #endif
 	}
diff --git a/crypto/cast/casts.cpp b/crypto/cast/casts.cpp
index bac7be2c9c..8d7bd468d2 100644
--- a/crypto/cast/casts.cpp
+++ b/crypto/cast/casts.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "cast.h"
+#include <openssl/cast.h>
 
 void main(int argc,char *argv[])
 	{
diff --git a/crypto/cast/casttest.c b/crypto/cast/casttest.c
index 8b009bc249..83e5a16c73 100644
--- a/crypto/cast/casttest.c
+++ b/crypto/cast/casttest.c
@@ -59,36 +59,46 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "cast.h"
 
-/* #define FULL_TEST */
+#include "../e_os.h"
 
-unsigned char k[16]={
+#ifdef OPENSSL_NO_CAST
+int main(int argc, char *argv[])
+{
+    printf("No CAST support\n");
+    return(0);
+}
+#else
+#include <openssl/cast.h>
+
+#define FULL_TEST
+
+static unsigned char k[16]={
 	0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
 	0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A
 	};
 
-unsigned char in[8]={ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
+static unsigned char in[8]={ 0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF};
 
-int k_len[3]={16,10};
-unsigned char c[3][8]={
+static int k_len[3]={16,10,5};
+static unsigned char c[3][8]={
 	{0x23,0x8B,0x4F,0xE5,0x84,0x7E,0x44,0xB2},
 	{0xEB,0x6A,0x71,0x1A,0x2C,0x02,0x27,0x1B},
 	{0x7A,0xC8,0x16,0xD1,0x6E,0x9B,0x30,0x2E},
 	};
-unsigned char out[80];
+static unsigned char out[80];
 
-unsigned char in_a[16]={
+static unsigned char in_a[16]={
 	0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
 	0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A};
-unsigned char in_b[16]={
+static unsigned char in_b[16]={
 	0x01,0x23,0x45,0x67,0x12,0x34,0x56,0x78,
 	0x23,0x45,0x67,0x89,0x34,0x56,0x78,0x9A};
 
-unsigned char c_a[16]={
+static unsigned char c_a[16]={
 	0xEE,0xA9,0xD0,0xA2,0x49,0xFD,0x3B,0xA6,
 	0xB3,0x43,0x6F,0xB8,0x9D,0x6D,0xCA,0x92};
-unsigned char c_b[16]={
+static unsigned char c_b[16]={
 	0xB2,0xC9,0x5E,0xB0,0x0C,0x31,0xAD,0x71,
 	0x80,0xAC,0x05,0xB8,0xE8,0x3D,0x69,0x6E};
 
@@ -120,104 +130,103 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
 	}; 
 #endif
 
-int main(argc,argv)
-int argc;
-char *argv[];
-	{
+int main(int argc, char *argv[])
+    {
 #ifdef FULL_TEST
-	long l;
-	CAST_KEY key_b;
+    long l;
+    CAST_KEY key_b;
 #endif
-	int i,z,err=0;
-	CAST_KEY key;
+    int i,z,err=0;
+    CAST_KEY key;
 
-	for (z=0; z<1; z++)
-		{
+    for (z=0; z<3; z++)
+	{
 	CAST_set_key(&key,k_len[z],k);
 
 	CAST_ecb_encrypt(in,out,&key,CAST_ENCRYPT);
 	if (memcmp(out,&(c[z][0]),8) != 0)
-		{
-		printf("ecb cast error encrypting\n");
-		printf("got     :");
-		for (i=0; i<8; i++)
-			printf("%02X ",out[i]);
-		printf("\n");
-		printf("expected:");
-		for (i=0; i<8; i++)
-			printf("%02X ",c[z][i]);
-		err=20;
-		printf("\n");
-		}
+	    {
+	    printf("ecb cast error encrypting for keysize %d\n",k_len[z]*8);
+	    printf("got     :");
+	    for (i=0; i<8; i++)
+		printf("%02X ",out[i]);
+	    printf("\n");
+	    printf("expected:");
+	    for (i=0; i<8; i++)
+		printf("%02X ",c[z][i]);
+	    err=20;
+	    printf("\n");
+	    }
 
 	CAST_ecb_encrypt(out,out,&key,CAST_DECRYPT);
 	if (memcmp(out,in,8) != 0)
-		{
-		printf("ecb cast error decrypting\n");
-		printf("got     :");
-		for (i=0; i<8; i++)
-			printf("%02X ",out[i]);
-		printf("\n");
-		printf("expected:");
-		for (i=0; i<8; i++)
-			printf("%02X ",in[i]);
-		printf("\n");
-		err=3;
-		}
+	    {
+	    printf("ecb cast error decrypting for keysize %d\n",k_len[z]*8);
+	    printf("got     :");
+	    for (i=0; i<8; i++)
+		printf("%02X ",out[i]);
+	    printf("\n");
+	    printf("expected:");
+	    for (i=0; i<8; i++)
+		printf("%02X ",in[i]);
+	    printf("\n");
+	    err=3;
+	    }
 	}
-	if (err == 0) printf("ecb cast5 ok\n");
+    if (err == 0)
+	printf("ecb cast5 ok\n");
 
 #ifdef FULL_TEST
-	{
-	unsigned char out_a[16],out_b[16];
-	static char *hex="0123456789ABCDEF";
-
-	printf("This test will take some time....");
-	fflush(stdout);
-	memcpy(out_a,in_a,sizeof(in_a));
-	memcpy(out_b,in_b,sizeof(in_b));
-	i=1;
-
-	for (l=0; l<1000000L; l++)
-		{
-		CAST_set_key(&key_b,16,out_b);
-		CAST_ecb_encrypt(&(out_a[0]),&(out_a[0]),&key_b,CAST_ENCRYPT);
-		CAST_ecb_encrypt(&(out_a[8]),&(out_a[8]),&key_b,CAST_ENCRYPT);
-		CAST_set_key(&key,16,out_a);
-		CAST_ecb_encrypt(&(out_b[0]),&(out_b[0]),&key,CAST_ENCRYPT);
-		CAST_ecb_encrypt(&(out_b[8]),&(out_b[8]),&key,CAST_ENCRYPT);
-		if ((l & 0xffff) == 0xffff)
-			{
-			printf("%c",hex[i&0x0f]);
-			fflush(stdout);
-			i++;
-			}
-		}
-
-	if (	(memcmp(out_a,c_a,sizeof(c_a)) != 0) ||
+      {
+      unsigned char out_a[16],out_b[16];
+      static char *hex="0123456789ABCDEF";
+      
+      printf("This test will take some time....");
+      fflush(stdout);
+      memcpy(out_a,in_a,sizeof(in_a));
+      memcpy(out_b,in_b,sizeof(in_b));
+      i=1;
+
+      for (l=0; l<1000000L; l++)
+	  {
+	  CAST_set_key(&key_b,16,out_b);
+	  CAST_ecb_encrypt(&(out_a[0]),&(out_a[0]),&key_b,CAST_ENCRYPT);
+	  CAST_ecb_encrypt(&(out_a[8]),&(out_a[8]),&key_b,CAST_ENCRYPT);
+	  CAST_set_key(&key,16,out_a);
+	  CAST_ecb_encrypt(&(out_b[0]),&(out_b[0]),&key,CAST_ENCRYPT);
+	  CAST_ecb_encrypt(&(out_b[8]),&(out_b[8]),&key,CAST_ENCRYPT);
+	  if ((l & 0xffff) == 0xffff)
+	      {
+	      printf("%c",hex[i&0x0f]);
+	      fflush(stdout);
+	      i++;
+	      }
+	  }
+
+      if (	(memcmp(out_a,c_a,sizeof(c_a)) != 0) ||
 		(memcmp(out_b,c_b,sizeof(c_b)) != 0))
-		{
-		printf("\n");
-		printf("Error\n");
-
-		printf("A out =");
-		for (i=0; i<16; i++) printf("%02X ",out_a[i]);
-		printf("\nactual=");
-		for (i=0; i<16; i++) printf("%02X ",c_a[i]);
-		printf("\n");
-
-		printf("B out =");
-		for (i=0; i<16; i++) printf("%02X ",out_b[i]);
-		printf("\nactual=");
-		for (i=0; i<16; i++) printf("%02X ",c_b[i]);
-		printf("\n");
-		}
-	else
-		printf(" ok\n");
-	}
+	  {
+	  printf("\n");
+	  printf("Error\n");
+
+	  printf("A out =");
+	  for (i=0; i<16; i++) printf("%02X ",out_a[i]);
+	  printf("\nactual=");
+	  for (i=0; i<16; i++) printf("%02X ",c_a[i]);
+	  printf("\n");
+
+	  printf("B out =");
+	  for (i=0; i<16; i++) printf("%02X ",out_b[i]);
+	  printf("\nactual=");
+	  for (i=0; i<16; i++) printf("%02X ",c_b[i]);
+	  printf("\n");
+	  }
+      else
+	  printf(" ok\n");
+      }
 #endif
 
-	exit(err);
-	return(err);
-	}
-
+    EXIT(err);
+    return(err);
+    }
+#endif
diff --git a/crypto/comp/.cvsignore b/crypto/comp/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/comp/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/comp/Makefile.ssl b/crypto/comp/Makefile.ssl
index 8673626c94..f60c7a1afc 100644
--- a/crypto/comp/Makefile.ssl
+++ b/crypto/comp/Makefile.ssl
@@ -5,27 +5,28 @@
 DIR=	comp
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=comp
-ERRC=comp_err
 GENERAL=Makefile
 TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= comp_lib.c \
+LIBSRC= comp_lib.c comp_err.c \
 	c_rle.c c_zlib.c
 
-LIBOBJ=	comp_lib.o \
+LIBOBJ=	comp_lib.o comp_err.o \
 	c_rle.o c_zlib.o
 
 SRC= $(LIBSRC)
@@ -42,24 +43,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -71,17 +71,44 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+c_rle.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_rle.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+c_rle.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+c_rle.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_rle.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_rle.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+c_rle.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h c_rle.c
+c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+c_zlib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+c_zlib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_zlib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_zlib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+c_zlib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+c_zlib.o: c_zlib.c
+comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h
+comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+comp_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+comp_err.o: ../../include/openssl/opensslconf.h
+comp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+comp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+comp_err.o: comp_err.c
+comp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+comp_lib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+comp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+comp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+comp_lib.o: ../../include/openssl/opensslconf.h
+comp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+comp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+comp_lib.o: ../../include/openssl/symhacks.h comp_lib.c
diff --git a/crypto/comp/c_rle.c b/crypto/comp/c_rle.c
index b8b9b3e1bc..efd366fa22 100644
--- a/crypto/comp/c_rle.c
+++ b/crypto/comp/c_rle.c
@@ -1,8 +1,8 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "objects.h"
-#include "comp.h"
+#include <openssl/objects.h>
+#include <openssl/comp.h>
 
 static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,
 	unsigned int olen, unsigned char *in, unsigned int ilen);
@@ -17,19 +17,16 @@ static COMP_METHOD rle_method={
 	rle_compress_block,
 	rle_expand_block,
 	NULL,
+	NULL,
 	};
 
-COMP_METHOD *COMP_rle()
+COMP_METHOD *COMP_rle(void)
 	{
 	return(&rle_method);
 	}
 
-static int rle_compress_block(ctx,out,olen,in,ilen)
-COMP_CTX *ctx;
-unsigned char *out;
-unsigned int olen;
-unsigned char *in;
-unsigned int ilen;
+static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,
+	     unsigned int olen, unsigned char *in, unsigned int ilen)
 	{
 	/* int i; */
 
@@ -44,12 +41,8 @@ unsigned int ilen;
 	return(ilen+1);
 	}
 
-static int rle_expand_block(ctx,out,olen,in,ilen)
-COMP_CTX *ctx;
-unsigned char *out;
-unsigned int olen;
-unsigned char *in;
-unsigned int ilen;
+static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
+	     unsigned int olen, unsigned char *in, unsigned int ilen)
 	{
 	int i;
 
diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c
index 35ab0c63dc..8c0876151a 100644
--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
@@ -1,16 +1,15 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "objects.h"
-#include "comp.h"
+#include <openssl/objects.h>
+#include <openssl/comp.h>
 
 COMP_METHOD *COMP_zlib(void );
 
-#ifndef ZLIB
-
-static COMP_METHOD zlib_method={
+static COMP_METHOD zlib_method_nozlib={
 	NID_undef,
-	"(null)",
+	"(undef)",
+	NULL,
 	NULL,
 	NULL,
 	NULL,
@@ -18,6 +17,8 @@ static COMP_METHOD zlib_method={
 	NULL,
 	};
 
+#ifndef ZLIB
+#undef ZLIB_SHARED
 #else
 
 #include <zlib.h>
@@ -38,14 +39,58 @@ static COMP_METHOD zlib_method={
 	zlib_compress_block,
 	zlib_expand_block,
 	NULL,
+	NULL,
 	};
 
-static int zlib_compress_block(ctx,out,olen,in,ilen)
-COMP_CTX *ctx;
-unsigned char *out;
-unsigned int olen;
-unsigned char *in;
-unsigned int ilen;
+/* 
+ * When OpenSSL is built on Windows, we do not want to require that
+ * the ZLIB.DLL be available in order for the OpenSSL DLLs to
+ * work.  Therefore, all ZLIB routines are loaded at run time
+ * and we do not link to a .LIB file.
+ */
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+# include <windows.h>
+
+# define Z_CALLCONV _stdcall
+# define ZLIB_SHARED
+#else
+# define Z_CALLCONV
+#endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */
+
+#ifdef ZLIB_SHARED
+#include <openssl/dso.h>
+
+/* Prototypes for built in stubs */
+static int stub_compress(Bytef *dest,uLongf *destLen,
+	const Bytef *source, uLong sourceLen);
+static int stub_inflateEnd(z_streamp strm);
+static int stub_inflate(z_streamp strm, int flush);
+static int stub_inflateInit_(z_streamp strm, const char * version,
+	int stream_size);
+
+/* Function pointers */
+typedef int (Z_CALLCONV *compress_ft)(Bytef *dest,uLongf *destLen,
+	const Bytef *source, uLong sourceLen);
+typedef int (Z_CALLCONV *inflateEnd_ft)(z_streamp strm);
+typedef int (Z_CALLCONV *inflate_ft)(z_streamp strm, int flush);
+typedef int (Z_CALLCONV *inflateInit__ft)(z_streamp strm,
+	const char * version, int stream_size);
+static compress_ft	p_compress=NULL;
+static inflateEnd_ft	p_inflateEnd=NULL;
+static inflate_ft	p_inflate=NULL;
+static inflateInit__ft	p_inflateInit_=NULL;
+
+static int zlib_loaded = 0;     /* only attempt to init func pts once */
+static DSO *zlib_dso = NULL;
+
+#define compress                stub_compress
+#define inflateEnd              stub_inflateEnd
+#define inflate                 stub_inflate
+#define inflateInit_            stub_inflateInit_
+#endif /* ZLIB_SHARED */
+
+static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
+	     unsigned int olen, unsigned char *in, unsigned int ilen)
 	{
 	unsigned long l;
 	int i;
@@ -70,16 +115,15 @@ unsigned int ilen;
 		memcpy(&(out[1]),in,ilen);
 		l=ilen+1;
 		}
-fprintf(stderr,"compress(%4d)->%4d %s\n",ilen,(int)l,(clear)?"clear":"zlib");
+#ifdef DEBUG_ZLIB
+	fprintf(stderr,"compress(%4d)->%4d %s\n",
+		ilen,(int)l,(clear)?"clear":"zlib");
+#endif
 	return((int)l);
 	}
 
-static int zlib_expand_block(ctx,out,olen,in,ilen)
-COMP_CTX *ctx;
-unsigned char *out;
-unsigned int olen;
-unsigned char *in;
-unsigned int ilen;
+static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
+	     unsigned int olen, unsigned char *in, unsigned int ilen)
 	{
 	unsigned long l;
 	int i;
@@ -96,15 +140,15 @@ unsigned int ilen;
 		memcpy(out,&(in[1]),ilen-1);
 		l=ilen-1;
 		}
-        fprintf(stderr,"expand  (%4d)->%4d %s\n",ilen,(int)l,in[0]?"zlib":"clear");
+#ifdef DEBUG_ZLIB
+        fprintf(stderr,"expand  (%4d)->%4d %s\n",
+		ilen,(int)l,in[0]?"zlib":"clear");
+#endif
 	return((int)l);
 	}
 
-static int zz_uncompress (dest, destLen, source, sourceLen)
-    Bytef *dest;
-    uLongf *destLen;
-    const Bytef *source;
-    uLong sourceLen;
+static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source,
+	     uLong sourceLen)
 {
     z_stream stream;
     int err;
@@ -137,8 +181,80 @@ static int zz_uncompress (dest, destLen, source, sourceLen)
 
 #endif
 
-COMP_METHOD *COMP_zlib()
+COMP_METHOD *COMP_zlib(void)
 	{
-	return(&zlib_method);
+	COMP_METHOD *meth = &zlib_method_nozlib;
+
+#ifdef ZLIB_SHARED
+	if (!zlib_loaded)
+		{
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+		zlib_dso = DSO_load(NULL, "ZLIB", NULL, 0);
+#else
+		zlib_dso = DSO_load(NULL, "z", NULL, 0);
+#endif
+		if (zlib_dso != NULL)
+			{
+			p_compress
+				= (compress_ft) DSO_bind_func(zlib_dso,
+					"compress");
+			p_inflateEnd
+				= (inflateEnd_ft) DSO_bind_func(zlib_dso,
+					"inflateEnd");
+			p_inflate
+				= (inflate_ft) DSO_bind_func(zlib_dso,
+					"inflate");
+			p_inflateInit_
+				= (inflateInit__ft) DSO_bind_func(zlib_dso,
+					"inflateInit_");
+			zlib_loaded++;
+			}
+		}
+
+#endif
+#if defined(ZLIB) || defined(ZLIB_SHARED)
+	meth = &zlib_method;
+#endif
+
+	return(meth);
+	}
+
+#ifdef ZLIB_SHARED
+/* Stubs for each function to be dynamicly loaded */
+static int 
+stub_compress(Bytef *dest,uLongf *destLen,const Bytef *source, uLong sourceLen)
+	{
+	if (p_compress)
+		return(p_compress(dest,destLen,source,sourceLen));
+	else
+		return(Z_MEM_ERROR);
+	}
+
+static int
+stub_inflateEnd(z_streamp strm)
+	{
+	if ( p_inflateEnd )
+		return(p_inflateEnd(strm));
+	else
+		return(Z_MEM_ERROR);
+	}
+
+static int
+stub_inflate(z_streamp strm, int flush)
+	{
+	if ( p_inflate )
+		return(p_inflate(strm,flush));
+	else
+		return(Z_MEM_ERROR);
+	}
+
+static int
+stub_inflateInit_(z_streamp strm, const char * version, int stream_size)
+	{
+	if ( p_inflateInit_ )
+		return(p_inflateInit_(strm,version,stream_size));
+	else
+		return(Z_MEM_ERROR);
 	}
 
+#endif /* ZLIB_SHARED */
diff --git a/crypto/comp/comp.err b/crypto/comp/comp.err
deleted file mode 100644
index e69de29bb2..0000000000
--- a/crypto/comp/comp.err
+++ /dev/null
diff --git a/crypto/comp/comp.h b/crypto/comp/comp.h
index 00af0622b9..ab48b78ae9 100644
--- a/crypto/comp/comp.h
+++ b/crypto/comp/comp.h
@@ -2,21 +2,22 @@
 #ifndef HEADER_COMP_H
 #define HEADER_COMP_H
 
+#include <openssl/crypto.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#include "crypto.h"
-
 typedef struct comp_method_st
 	{
 	int type;		/* NID for compression library */
-	char *name;		/* A text string to identify the library */
+	const char *name;	/* A text string to identify the library */
 	int (*init)();
 	void (*finish)();
 	int (*compress)();
 	int (*expand)();
 	long (*ctrl)();
+	long (*callback_ctrl)();
 	} COMP_METHOD;
 
 typedef struct comp_ctx_st
@@ -30,7 +31,6 @@ typedef struct comp_ctx_st
 	CRYPTO_EX_DATA	ex_data;
 	} COMP_CTX;
 
-#ifndef NOPROTO
 
 COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);
 void COMP_CTX_free(COMP_CTX *ctx);
@@ -39,26 +39,21 @@ int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
 int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
 	unsigned char *in, int ilen);
 COMP_METHOD *COMP_rle(void );
-#ifdef ZLIB
 COMP_METHOD *COMP_zlib(void );
-#endif
 
-#else
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_COMP_strings(void);
 
-COMP_CTX *COMP_CTX_new();
-void COMP_CTX_free();
-int COMP_compress_block();
-int COMP_expand_block();
-COMP_METHOD *COMP_rle();
-#ifdef ZLIB
-COMP_METHOD *COMP_zlib();
-#endif
+/* Error codes for the COMP functions. */
+
+/* Function codes. */
+
+/* Reason codes. */
 
-#endif
-/* BEGIN ERROR CODES */
- 
 #ifdef  __cplusplus
 }
 #endif
 #endif
-
diff --git a/crypto/comp/comp_err.c b/crypto/comp/comp_err.c
index 7b68fc1b9d..1652b8c2c4 100644
--- a/crypto/comp/comp_err.c
+++ b/crypto/comp/comp_err.c
@@ -1,76 +1,91 @@
-/* lib//_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/comp/comp_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
  */
+
 #include <stdio.h>
-#include "err.h"
-#include "comp.h"
+#include <openssl/err.h>
+#include <openssl/comp.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA COMP_str_functs[]=
+	{
+{0,NULL}
+	};
+
+static ERR_STRING_DATA COMP_str_reasons[]=
+	{
+{0,NULL}
+	};
+
 #endif
 
-void ERR_load__strings()
+void ERR_load_COMP_strings(void)
 	{
 	static int init=1;
 
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(ERR_LIB_COMP,COMP_str_functs);
+		ERR_load_strings(ERR_LIB_COMP,COMP_str_reasons);
 #endif
 
 		}
diff --git a/crypto/comp/comp_lib.c b/crypto/comp/comp_lib.c
index 8ce06951af..beb98ce8cc 100644
--- a/crypto/comp/comp_lib.c
+++ b/crypto/comp/comp_lib.c
@@ -1,15 +1,14 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "objects.h"
-#include "comp.h"
+#include <openssl/objects.h>
+#include <openssl/comp.h>
 
-COMP_CTX *COMP_CTX_new(meth)
-COMP_METHOD *meth;
+COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)
 	{
 	COMP_CTX *ret;
 
-	if ((ret=(COMP_CTX *)Malloc(sizeof(COMP_CTX))) == NULL)
+	if ((ret=(COMP_CTX *)OPENSSL_malloc(sizeof(COMP_CTX))) == NULL)
 		{
 		/* ZZZZZZZZZZZZZZZZ */
 		return(NULL);
@@ -18,7 +17,7 @@ COMP_METHOD *meth;
 	ret->meth=meth;
 	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
-		Free(ret);
+		OPENSSL_free(ret);
 		ret=NULL;
 		}
 #if 0
@@ -28,23 +27,21 @@ COMP_METHOD *meth;
 	return(ret);
 	}
 
-void COMP_CTX_free(ctx)
-COMP_CTX *ctx;
+void COMP_CTX_free(COMP_CTX *ctx)
 	{
 	/* CRYPTO_free_ex_data(rsa_meth,(char *)ctx,&ctx->ex_data); */
 
+	if(ctx == NULL)
+	    return;
+
 	if (ctx->meth->finish != NULL)
 		ctx->meth->finish(ctx);
 
-	Free(ctx);
+	OPENSSL_free(ctx);
 	}
 
-int COMP_compress_block(ctx,out,olen,in,ilen)
-COMP_CTX *ctx;
-unsigned char *out;
-int olen;
-unsigned char *in;
-int ilen;
+int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
+	     unsigned char *in, int ilen)
 	{
 	int ret;
 	if (ctx->meth->compress == NULL)
@@ -61,12 +58,8 @@ int ilen;
 	return(ret);
 	}
 
-int COMP_expand_block(ctx,out,olen,in,ilen)
-COMP_CTX *ctx;
-unsigned char *out;
-int olen;
-unsigned char *in;
-int ilen;
+int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
+	     unsigned char *in, int ilen)
 	{
 	int ret;
 
diff --git a/crypto/conf/.cvsignore b/crypto/conf/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/conf/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/conf/Makefile.ssl b/crypto/conf/Makefile.ssl
index 00e917aa44..15b8a15810 100644
--- a/crypto/conf/Makefile.ssl
+++ b/crypto/conf/Makefile.ssl
@@ -5,31 +5,34 @@
 DIR=	conf
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=conf
-ERRC=conf_err
 GENERAL=Makefile
 TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= conf.c $(ERRC).c
+LIBSRC= conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c \
+	 conf_mall.c conf_sap.c
 
-LIBOBJ=	conf.o $(ERRC).o
+LIBOBJ=	conf_err.o conf_lib.o conf_api.o conf_def.o conf_mod.o \
+	conf_mall.o conf_sap.o
 
 SRC= $(LIBSRC)
 
-EXHEADER= conf.h
-HEADER=	conf_lcl.h $(EXHEADER)
+EXHEADER= conf.h conf_api.h
+HEADER=	conf_def.h $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
@@ -40,24 +43,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -69,17 +71,118 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+conf_api.o: ../../e_os.h ../../include/openssl/bio.h
+conf_api.o: ../../include/openssl/conf.h ../../include/openssl/conf_api.h
+conf_api.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+conf_api.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_api.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_api.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+conf_api.o: ../../include/openssl/symhacks.h conf_api.c
+conf_def.o: ../../e_os.h ../../include/openssl/bio.h
+conf_def.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+conf_def.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
+conf_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_def.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+conf_def.o: ../../include/openssl/symhacks.h ../cryptlib.h conf_def.c
+conf_def.o: conf_def.h
+conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+conf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+conf_err.o: ../../include/openssl/opensslconf.h
+conf_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+conf_err.o: ../../include/openssl/symhacks.h conf_err.c
+conf_lib.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+conf_lib.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
+conf_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+conf_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+conf_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+conf_lib.o: ../../include/openssl/symhacks.h conf_lib.c
+conf_mall.o: ../../e_os.h ../../include/openssl/aes.h
+conf_mall.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+conf_mall.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+conf_mall.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+conf_mall.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf_mall.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+conf_mall.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+conf_mall.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+conf_mall.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+conf_mall.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+conf_mall.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+conf_mall.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+conf_mall.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+conf_mall.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+conf_mall.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+conf_mall.o: ../../include/openssl/opensslconf.h
+conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+conf_mall.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+conf_mall.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+conf_mall.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+conf_mall.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+conf_mall.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+conf_mall.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+conf_mall.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_mall.c
+conf_mod.o: ../../e_os.h ../../include/openssl/aes.h
+conf_mod.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+conf_mod.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+conf_mod.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+conf_mod.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf_mod.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+conf_mod.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+conf_mod.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+conf_mod.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+conf_mod.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+conf_mod.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+conf_mod.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+conf_mod.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+conf_mod.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+conf_mod.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+conf_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_mod.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+conf_mod.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+conf_mod.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+conf_mod.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+conf_mod.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+conf_mod.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+conf_mod.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+conf_mod.o: ../cryptlib.h conf_mod.c
+conf_sap.o: ../../e_os.h ../../include/openssl/aes.h
+conf_sap.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+conf_sap.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+conf_sap.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+conf_sap.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+conf_sap.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+conf_sap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+conf_sap.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+conf_sap.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+conf_sap.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+conf_sap.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+conf_sap.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+conf_sap.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+conf_sap.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+conf_sap.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+conf_sap.o: ../../include/openssl/opensslconf.h
+conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+conf_sap.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+conf_sap.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+conf_sap.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+conf_sap.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+conf_sap.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+conf_sap.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_sap.c
diff --git a/crypto/conf/README b/crypto/conf/README
new file mode 100644
index 0000000000..ca58d0240f
--- /dev/null
+++ b/crypto/conf/README
@@ -0,0 +1,78 @@
+WARNING WARNING WARNING!!!
+
+This stuff is experimental, may change radically or be deleted altogether
+before OpenSSL 0.9.7 release. You have been warned!
+
+Configuration modules. These are a set of modules which can perform
+various configuration functions.
+
+Currently the routines should be called at most once when an application
+starts up: that is before it starts any threads.
+
+The routines read a configuration file set up like this:
+
+-----
+#default section
+openssl_init=init_section
+
+[init_section]
+
+module1=value1
+#Second instance of module1
+module1.1=valueX
+module2=value2
+module3=dso_literal
+module4=dso_section
+
+[dso_section]
+
+path=/some/path/to/some/dso.so
+other_stuff=other_value
+----
+
+When this file is loaded a configuration module with the specified
+string (module* in the above example) is looked up and its init
+function called as:
+
+int conf_init_func(CONF_IMODULE *md, CONF *cnf);
+
+The function can then take whatever action is appropriate, for example
+further lookups based on the value. Multiple instances of the same 
+config module can be loaded.
+
+When the application closes down the modules are cleaned up by calling
+an optional finish function:
+
+void conf_finish_func(CONF_IMODULE *md);
+
+The finish functions are called in reverse order: that is the last module
+loaded is the first one cleaned up.
+
+If no module exists with a given name then an attempt is made to load
+a DSO with the supplied name. This might mean that "module3" attempts
+to load a DSO called libmodule3.so or module3.dll for example. An explicit
+DSO name can be given by including a separate section as in the module4 example
+above.
+
+The DSO is expected to at least contain an initialization function:
+
+int OPENSSL_init(CONF_IMODULE *md, CONF *cnf);
+
+and may also include a finish function:
+
+void OPENSSL_finish(CONF_IMODULE *md);
+
+Static modules can also be added using,
+
+int CONF_module_add(char *name, dso_mod_init_func *ifunc, dso_mod_finish_func *ffunc);
+
+where "name" is the name in the configuration file this function corresponds to.
+
+A set of builtin modules (currently only an ASN1 non functional test module) can be 
+added by calling OPENSSL_load_builtin_modules(). 
+
+The function OPENSSL_config() is intended as a simple configuration function that
+any application can call to perform various default configuration tasks. It uses the
+file openssl.cnf in the usual locations.
+
+
diff --git a/crypto/conf/cnf_save.c b/crypto/conf/cnf_save.c
index c9018de10e..1439487526 100644
--- a/crypto/conf/cnf_save.c
+++ b/crypto/conf/cnf_save.c
@@ -57,28 +57,28 @@
  */
 
 #include <stdio.h>
-#include "conf.h"
+#include <openssl/conf.h>
 
-void print_conf(CONF_VALUE *cv);
+static void print_conf(CONF_VALUE *cv);
+static IMPLEMENT_LHASH_DOALL_FN(print_conf, CONF_VALUE *);
 
 main()
 	{
 	LHASH *conf;
 	long l;
 
-	conf=CONF_load(NULL,"../../apps/ssleay.cnf",&l);
+	conf=CONF_load(NULL,"../../apps/openssl.cnf",&l);
 	if (conf == NULL)
 		{
 		fprintf(stderr,"error loading config, line %ld\n",l);
 		exit(1);
 		}
 
-	lh_doall(conf,print_conf);
+	lh_doall(conf,LHASH_DOALL_FN(print_conf));
 	}
 
 
-void print_conf(cv)
-CONF_VALUE *cv;
+static void print_conf(CONF_VALUE *cv)
 	{
 	int i;
 	CONF_VALUE *v;
diff --git a/crypto/conf/conf.c b/crypto/conf/conf.c
deleted file mode 100644
index f5114ea69e..0000000000
--- a/crypto/conf/conf.c
+++ /dev/null
@@ -1,740 +0,0 @@
-/* crypto/conf/conf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include "stack.h"
-#include "lhash.h"
-#include "conf.h"
-#include "buffer.h"
-#include "err.h"
-
-#include "conf_lcl.h"
-
-#ifndef NOPROTO
-static void value_free_hash(CONF_VALUE *a, LHASH *conf);
-static void value_free_stack(CONF_VALUE *a,LHASH *conf);
-static unsigned long hash(CONF_VALUE *v);
-static int cmp(CONF_VALUE *a,CONF_VALUE *b);
-static char *eat_ws(char *p);
-static char *eat_alpha_numeric(char *p);
-static void clear_comments(char *p);
-static int str_copy(LHASH *conf,char *section,char **to, char *from);
-static char *scan_quote(char *p);
-static CONF_VALUE *new_section(LHASH *conf,char *section);
-static CONF_VALUE *get_section(LHASH *conf,char *section);
-#else
-static void value_free_hash();
-static void value_free_stack();
-static unsigned long hash();
-static int cmp();
-static char *eat_ws();
-static char *eat_alpha_numeric();
-static void clear_comments();
-static int str_copy();
-static char *scan_quote();
-static CONF_VALUE *new_section();
-static CONF_VALUE *get_section();
-#endif
-
-#define scan_esc(p)	((((p)[1] == '\0')?(p++):(p+=2)),p)
-
-char *CONF_version="CONF part of SSLeay 0.9.1a 06-Jul-1998";
-
-LHASH *CONF_load(h,file,line)
-LHASH *h;
-char *file;
-long *line;
-	{
-	LHASH *ret=NULL;
-	FILE *in=NULL;
-#define BUFSIZE	512
-	char btmp[16];
-	int bufnum=0,i,ii;
-	BUF_MEM *buff=NULL;
-	char *s,*p,*end;
-	int again,n;
-	long eline=0;
-	CONF_VALUE *v=NULL,*vv,*tv;
-	CONF_VALUE *sv=NULL;
-	char *section=NULL,*buf;
-	STACK *section_sk=NULL,*ts;
-	char *start,*psection,*pname;
-
-	if ((buff=BUF_MEM_new()) == NULL)
-		{
-		CONFerr(CONF_F_CONF_LOAD,ERR_R_BUF_LIB);
-		goto err;
-		}
-
-	in=fopen(file,"rb");
-	if (in == NULL)
-		{
-		SYSerr(SYS_F_FOPEN,get_last_sys_error());
-		ERR_set_error_data(BUF_strdup(file),
-			ERR_TXT_MALLOCED|ERR_TXT_STRING);
-		CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
-		goto err;
-		}
-
-	section=(char *)Malloc(10);
-	if (section == NULL)
-		{
-		CONFerr(CONF_F_CONF_LOAD,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	strcpy(section,"default");
-
-	if (h == NULL)
-		{
-		if ((ret=lh_new(hash,cmp)) == NULL)
-			{
-			CONFerr(CONF_F_CONF_LOAD,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	else
-		ret=h;
-
-	sv=new_section(ret,section);
-	if (sv == NULL)
-		{
-		CONFerr(CONF_F_CONF_LOAD,CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
-		goto err;
-		}
-	section_sk=(STACK *)sv->value;
-
-	bufnum=0;
-	for (;;)
-		{
-		again=0;
-		if (!BUF_MEM_grow(buff,bufnum+BUFSIZE))
-			{
-			CONFerr(CONF_F_CONF_LOAD,ERR_R_BUF_LIB);
-			goto err;
-			}
-		p= &(buff->data[bufnum]);
-		*p='\0';
-		fgets(p,BUFSIZE-1,in);
-		p[BUFSIZE-1]='\0';
-		ii=i=strlen(p);
-		if (i == 0) break;
-		while (i > 0)
-			{
-			if ((p[i-1] != '\r') && (p[i-1] != '\n'))
-				break;
-			else
-				i--;
-			}
-		/* we removed some trailing stuff so there is a new
-		 * line on the end. */
-		if (i == ii)
-			again=1; /* long line */
-		else
-			{
-			p[i]='\0';
-			eline++; /* another input line */
-			}
-
-		/* we now have a line with trailing \r\n removed */
-
-		/* i is the number of bytes */
-		bufnum+=i;
-
-		v=NULL;
-		/* check for line continuation */
-		if (bufnum >= 1)
-			{
-			/* If we have bytes and the last char '\\' and
-			 * second last char is not '\\' */
-			p= &(buff->data[bufnum-1]);
-			if (	IS_ESC(p[0]) &&
-				((bufnum <= 1) || !IS_ESC(p[-1])))
-				{
-				bufnum--;
-				again=1;
-				}
-			}
-		if (again) continue;
-		bufnum=0;
-		buf=buff->data;
-
-		clear_comments(buf);
-		n=strlen(buf);
-		s=eat_ws(buf);
-		if (IS_EOF(*s)) continue; /* blank line */
-		if (*s == '[')
-			{
-			char *ss;
-
-			s++;
-			start=eat_ws(s);
-			ss=start;
-again:
-			end=eat_alpha_numeric(ss);
-			p=eat_ws(end);
-			if (*p != ']')
-				{
-				if (*p != '\0')
-					{
-					ss=p;
-					goto again;
-					}
-				CONFerr(CONF_F_CONF_LOAD,CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
-				goto err;
-				}
-			*end='\0';
-			if (!str_copy(ret,NULL,&section,start)) goto err;
-			if ((sv=get_section(ret,section)) == NULL)
-				sv=new_section(ret,section);
-			if (sv == NULL)
-				{
-				CONFerr(CONF_F_CONF_LOAD,CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
-				goto err;
-				}
-			section_sk=(STACK *)sv->value;
-			continue;
-			}
-		else
-			{
-			pname=s;
-			psection=NULL;
-			end=eat_alpha_numeric(s);
-			if ((end[0] == ':') && (end[1] == ':'))
-				{
-				*end='\0';
-				end+=2;
-				psection=pname;
-				pname=end;
-				end=eat_alpha_numeric(end);
-				}
-			p=eat_ws(end);
-			if (*p != '=')
-				{
-				CONFerr(CONF_F_CONF_LOAD,CONF_R_MISSING_EQUAL_SIGN);
-				goto err;
-				}
-			*end='\0';
-			p++;
-			start=eat_ws(p);
-			while (!IS_EOF(*p))
-				p++;
-			p--;
-			while ((p != start) && (IS_WS(*p)))
-				p--;
-			p++;
-			*p='\0';
-
-			if ((v=(CONF_VALUE *)Malloc(sizeof(CONF_VALUE))) == NULL)
-				{
-				CONFerr(CONF_F_CONF_LOAD,ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			if (psection == NULL) psection=section;
-			v->name=(char *)Malloc(strlen(pname)+1);
-			v->value=NULL;
-			if (v->name == NULL)
-				{
-				CONFerr(CONF_F_CONF_LOAD,ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			strcpy(v->name,pname);
-			if (!str_copy(ret,psection,&(v->value),start)) goto err;
-
-			if (strcmp(psection,section) != 0)
-				{
-				if ((tv=get_section(ret,psection))
-					== NULL)
-					tv=new_section(ret,psection);
-				if (tv == NULL)
-					{
-					CONFerr(CONF_F_CONF_LOAD,CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
-					goto err;
-					}
-				ts=(STACK *)tv->value;
-				}
-			else
-				{
-				tv=sv;
-				ts=section_sk;
-				}
-			v->section=tv->section;	
-			if (!sk_push(ts,(char *)v))
-				{
-				CONFerr(CONF_F_CONF_LOAD,ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			vv=(CONF_VALUE *)lh_insert(ret,(char *)v);
-			if (vv != NULL)
-				{
-				sk_delete_ptr(ts,(char *)vv);
-				Free(vv->name);
-				Free(vv->value);
-				Free(vv);
-				}
-			v=NULL;
-			}
-		}
-	if (buff != NULL) BUF_MEM_free(buff);
-	if (section != NULL) Free(section);
-	if (in != NULL) fclose(in);
-	return(ret);
-err:
-	if (buff != NULL) BUF_MEM_free(buff);
-	if (section != NULL) Free(section);
-	if (line != NULL) *line=eline;
-	sprintf(btmp,"%ld",eline);
-	ERR_add_error_data(2,"line ",btmp);
-	if (in != NULL) fclose(in);
-	if ((h != ret) && (ret != NULL)) CONF_free(ret);
-	if (v != NULL)
-		{
-		if (v->name != NULL) Free(v->name);
-		if (v->value != NULL) Free(v->value);
-		if (v != NULL) Free(v);
-		}
-	return(NULL);
-	}
-		
-char *CONF_get_string(conf,section,name)
-LHASH *conf;
-char *section;
-char *name;
-	{
-	CONF_VALUE *v,vv;
-	char *p;
-
-	if (name == NULL) return(NULL);
-	if (conf != NULL)
-		{
-		if (section != NULL)
-			{
-			vv.name=name;
-			vv.section=section;
-			v=(CONF_VALUE *)lh_retrieve(conf,(char *)&vv);
-			if (v != NULL) return(v->value);
-			if (strcmp(section,"ENV") == 0)
-				{
-				p=Getenv(name);
-				if (p != NULL) return(p);
-				}
-			}
-		vv.section="default";
-		vv.name=name;
-		v=(CONF_VALUE *)lh_retrieve(conf,(char *)&vv);
-		if (v != NULL)
-			return(v->value);
-		else
-			return(NULL);
-		}
-	else
-		return(Getenv(name));
-	}
-
-static CONF_VALUE *get_section(conf,section)
-LHASH *conf;
-char *section;
-	{
-	CONF_VALUE *v,vv;
-
-	if ((conf == NULL) || (section == NULL)) return(NULL);
-	vv.name=NULL;
-	vv.section=section;
-	v=(CONF_VALUE *)lh_retrieve(conf,(char *)&vv);
-	return(v);
-	}
-
-STACK *CONF_get_section(conf,section)
-LHASH *conf;
-char *section;
-	{
-	CONF_VALUE *v;
-
-	v=get_section(conf,section);
-	if (v != NULL)
-		return((STACK *)v->value);
-	else
-		return(NULL);
-	}
-
-long CONF_get_number(conf,section,name)
-LHASH *conf;
-char *section;
-char *name;
-	{
-	char *str;
-	long ret=0;
-
-	str=CONF_get_string(conf,section,name);
-	if (str == NULL) return(0);
-	for (;;)
-		{
-		if (IS_NUMER(*str))
-			ret=ret*10+(*str -'0');
-		else
-			return(ret);
-		str++;
-		}
-	}
-
-void CONF_free(conf)
-LHASH *conf;
-	{
-	if (conf == NULL) return;
-
-	conf->down_load=0; 	/* evil thing to make sure the 'Free()'
-				 * works as expected */
-	lh_doall_arg(conf,(void (*)())value_free_hash,(char *)conf);
-
-	/* We now have only 'section' entries in the hash table.
-	 * Due to problems with */
-
-	lh_doall_arg(conf,(void (*)())value_free_stack,(char *)conf);
-	lh_free(conf);
-	}
-
-static void value_free_hash(a,conf)
-CONF_VALUE *a;
-LHASH *conf;
-	{
-	if (a->name != NULL)
-		{
-		a=(CONF_VALUE *)lh_delete(conf,(char *)a);
-		}
-	}
-
-static void value_free_stack(a,conf)
-CONF_VALUE *a;
-LHASH *conf;
-	{
-	CONF_VALUE *vv;
-	STACK *sk;
-	int i;
-
-	if (a->name != NULL) return;
-
-	sk=(STACK *)a->value;
-	for (i=sk_num(sk)-1; i>=0; i--)
-		{
-		vv=(CONF_VALUE *)sk_value(sk,i);
-		Free(vv->value);
-		Free(vv->name);
-		Free(vv);
-		}
-	if (sk != NULL) sk_free(sk);
-	Free(a->section);
-	Free(a);
-	}
-
-static void clear_comments(p)
-char *p;
-	{
-	char *to;
-
-	to=p;
-	for (;;)
-		{
-		if (IS_COMMENT(*p))
-			{
-			*p='\0';
-			return;
-			}
-		if (IS_QUOTE(*p))
-			{
-			p=scan_quote(p);
-			continue;
-			}
-		if (IS_ESC(*p))
-			{
-			p=scan_esc(p);
-			continue;
-			}
-		if (IS_EOF(*p))
-			return;
-		else
-			p++;
-		}
-	}
-
-static int str_copy(conf,section,pto,from)
-LHASH *conf;
-char *section;
-char **pto,*from;
-	{
-	int q,r,rr=0,to=0,len=0;
-	char *s,*e,*rp,*p,*rrp,*np,*cp,v;
-	BUF_MEM *buf;
-
-	if ((buf=BUF_MEM_new()) == NULL) return(0);
-
-	len=strlen(from)+1;
-	if (!BUF_MEM_grow(buf,len)) goto err;
-
-	for (;;)
-		{
-		if (IS_QUOTE(*from))
-			{
-			q= *from;
-			from++;
-			while ((*from != '\0') && (*from != q))
-				{
-				if (*from == '\\')
-					{
-					from++;
-					if (*from == '\0') break;
-					}
-				buf->data[to++]= *(from++);
-				}
-			}
-		else if (*from == '\\')
-			{
-			from++;
-			v= *(from++);
-			if (v == '\0') break;
-			else if (v == 'r') v='\r';
-			else if (v == 'n') v='\n';
-			else if (v == 'b') v='\b';
-			else if (v == 't') v='\t';
-			buf->data[to++]= v;
-			}
-		else if (*from == '\0')
-			break;
-		else if (*from == '$')
-			{
-			/* try to expand it */
-			rrp=NULL;
-			s= &(from[1]);
-			if (*s == '{')
-				q='}';
-			else if (*s == '(')
-				q=')';
-			else q=0;
-
-			if (q) s++;
-			cp=section;
-			e=np=s;
-			while (IS_ALPHA_NUMERIC(*e))
-				e++;
-			if ((e[0] == ':') && (e[1] == ':'))
-				{
-				cp=np;
-				rrp=e;
-				rr= *e;
-				*rrp='\0';
-				e+=2;
-				np=e;
-				while (IS_ALPHA_NUMERIC(*e))
-					e++;
-				}
-			r= *e;
-			*e='\0';
-			rp=e;
-			if (q)
-				{
-				if (r != q)
-					{
-					CONFerr(CONF_F_STR_COPY,CONF_R_NO_CLOSE_BRACE);
-					goto err;
-					}
-				e++;
-				}
-			/* So at this point we have
-			 * ns which is the start of the name string which is
-			 *   '\0' terminated. 
-			 * cs which is the start of the section string which is
-			 *   '\0' terminated.
-			 * e is the 'next point after'.
-			 * r and s are the chars replaced by the '\0'
-			 * rp and sp is where 'r' and 's' came from.
-			 */
-			p=CONF_get_string(conf,cp,np);
-			if (rrp != NULL) *rrp=rr;
-			*rp=r;
-			if (p == NULL)
-				{
-				CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE);
-				goto err;
-				}
-			BUF_MEM_grow(buf,(strlen(p)+len-(e-from)));
-			while (*p)
-				buf->data[to++]= *(p++);
-			from=e;
-			}
-		else
-			buf->data[to++]= *(from++);
-		}
-	buf->data[to]='\0';
-	if (*pto != NULL) Free(*pto);
-	*pto=buf->data;
-	Free(buf);
-	return(1);
-err:
-	if (buf != NULL) BUF_MEM_free(buf);
-	return(0);
-	}
-
-static char *eat_ws(p)
-char *p;
-	{
-	while (IS_WS(*p) && (!IS_EOF(*p)))
-		p++;
-	return(p);
-	}
-
-static char *eat_alpha_numeric(p)
-char *p;
-	{
-	for (;;)
-		{
-		if (IS_ESC(*p))
-			{
-			p=scan_esc(p);
-			continue;
-			}
-		if (!IS_ALPHA_NUMERIC_PUNCT(*p))
-			return(p);
-		p++;
-		}
-	}
-
-static unsigned long hash(v)
-CONF_VALUE *v;
-	{
-	return((lh_strhash(v->section)<<2)^lh_strhash(v->name));
-	}
-
-static int cmp(a,b)
-CONF_VALUE *a,*b;
-	{
-	int i;
-
-	if (a->section != b->section)
-		{
-		i=strcmp(a->section,b->section);
-		if (i) return(i);
-		}
-
-	if ((a->name != NULL) && (b->name != NULL))
-		{
-		i=strcmp(a->name,b->name);
-		return(i);
-		}
-	else if (a->name == b->name)
-		return(0);
-	else
-		return((a->name == NULL)?-1:1);
-	}
-
-static char *scan_quote(p)
-char *p;
-	{
-	int q= *p;
-
-	p++;
-	while (!(IS_EOF(*p)) && (*p != q))
-		{
-		if (IS_ESC(*p))
-			{
-			p++;
-			if (IS_EOF(*p)) return(p);
-			}
-		p++;
-		}
-	if (*p == q) p++;
-	return(p);
-	}
-
-static CONF_VALUE *new_section(conf,section)
-LHASH *conf;
-char *section;
-	{
-	STACK *sk=NULL;
-	int ok=0,i;
-	CONF_VALUE *v=NULL,*vv;
-
-	if ((sk=sk_new_null()) == NULL)
-		goto err;
-	if ((v=(CONF_VALUE *)Malloc(sizeof(CONF_VALUE))) == NULL)
-		goto err;
-	i=strlen(section)+1;
-	if ((v->section=(char *)Malloc(i)) == NULL)
-		goto err;
-
-	memcpy(v->section,section,i);
-	v->name=NULL;
-	v->value=(char *)sk;
-	
-	vv=(CONF_VALUE *)lh_insert(conf,(char *)v);
-	if (vv != NULL)
-		{
-#if !defined(NO_STDIO) && !defined(WIN16)
-		fprintf(stderr,"internal fault\n");
-#endif
-		abort();
-		}
-	ok=1;
-err:
-	if (!ok)
-		{
-		if (sk != NULL) sk_free(sk);
-		if (v != NULL) Free(v);
-		v=NULL;
-		}
-	return(v);
-	}
diff --git a/crypto/conf/conf.err b/crypto/conf/conf.err
deleted file mode 100644
index 933d3d692a..0000000000
--- a/crypto/conf/conf.err
+++ /dev/null
@@ -1,12 +0,0 @@
-/* Error codes for the CONF functions. */
-
-/* Function codes. */
-#define CONF_F_CONF_LOAD				 100
-#define CONF_F_STR_COPY					 101
-
-/* Reason codes. */
-#define CONF_R_MISSING_CLOSE_SQUARE_BRACKET		 100
-#define CONF_R_MISSING_EQUAL_SIGN			 101
-#define CONF_R_NO_CLOSE_BRACE				 102
-#define CONF_R_UNABLE_TO_CREATE_NEW_SECTION		 103
-#define CONF_R_VARIABLE_HAS_NO_VALUE			 104
diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h
index 1446226a16..48695a0642 100644
--- a/crypto/conf/conf.h
+++ b/crypto/conf/conf.h
@@ -59,13 +59,18 @@
 #ifndef  HEADER_CONF_H
 #define HEADER_CONF_H
 
+#include <openssl/bio.h>
+#include <openssl/lhash.h>
+#include <openssl/stack.h>
+#include <openssl/safestack.h>
+#include <openssl/e_os2.h>
+
+#include <openssl/ossl_typ.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#include "stack.h"
-#include "lhash.h"
-
 typedef struct
 	{
 	char *section;
@@ -73,42 +78,174 @@ typedef struct
 	char *value;
 	} CONF_VALUE;
 
-#ifndef NOPROTO
+DECLARE_STACK_OF(CONF_VALUE)
+DECLARE_STACK_OF(CONF_MODULE)
+DECLARE_STACK_OF(CONF_IMODULE)
+
+struct conf_st;
+struct conf_method_st;
+typedef struct conf_method_st CONF_METHOD;
+
+struct conf_method_st
+	{
+	const char *name;
+	CONF *(*create)(CONF_METHOD *meth);
+	int (*init)(CONF *conf);
+	int (*destroy)(CONF *conf);
+	int (*destroy_data)(CONF *conf);
+	int (*load_bio)(CONF *conf, BIO *bp, long *eline);
+	int (*dump)(const CONF *conf, BIO *bp);
+	int (*is_number)(const CONF *conf, char c);
+	int (*to_int)(const CONF *conf, char c);
+	int (*load)(CONF *conf, const char *name, long *eline);
+	};
+
+/* Module definitions */
 
-LHASH *CONF_load(LHASH *conf,char *file,long *eline);
-STACK *CONF_get_section(LHASH *conf,char *section);
-char *CONF_get_string(LHASH *conf,char *group,char *name);
-long CONF_get_number(LHASH *conf,char *group,char *name);
+typedef struct conf_imodule_st CONF_IMODULE;
+typedef struct conf_module_st CONF_MODULE;
+
+/* DSO module function typedefs */
+typedef int conf_init_func(CONF_IMODULE *md, const CONF *cnf);
+typedef void conf_finish_func(CONF_IMODULE *md);
+
+#define	CONF_MFLAGS_IGNORE_ERRORS	0x1
+#define CONF_MFLAGS_IGNORE_RETURN_CODES	0x2
+#define CONF_MFLAGS_SILENT		0x4
+#define CONF_MFLAGS_NO_DSO		0x8
+#define CONF_MFLAGS_IGNORE_MISSING_FILE	0x10
+
+int CONF_set_default_method(CONF_METHOD *meth);
+void CONF_set_nconf(CONF *conf,LHASH *hash);
+LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
+#ifndef OPENSSL_NO_FP_API
+LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline);
+#endif
+LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline);
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section);
+char *CONF_get_string(LHASH *conf,const char *group,const char *name);
+long CONF_get_number(LHASH *conf,const char *group,const char *name);
 void CONF_free(LHASH *conf);
-void ERR_load_CONF_strings(void );
+int CONF_dump_fp(LHASH *conf, FILE *out);
+int CONF_dump_bio(LHASH *conf, BIO *out);
 
-#else
+void OPENSSL_config(const char *config_name);
+void OPENSSL_no_config(void);
+
+/* New conf code.  The semantics are different from the functions above.
+   If that wasn't the case, the above functions would have been replaced */
+
+struct conf_st
+	{
+	CONF_METHOD *meth;
+	void *meth_data;
+	LHASH *data;
+	};
 
-LHASH *CONF_load();
-STACK *CONF_get_section();
-char *CONF_get_string();
-long CONF_get_number();
-void CONF_free();
-void ERR_load_CONF_strings();
+CONF *NCONF_new(CONF_METHOD *meth);
+CONF_METHOD *NCONF_default(void);
+CONF_METHOD *NCONF_WIN32(void);
+#if 0 /* Just to give you an idea of what I have in mind */
+CONF_METHOD *NCONF_XML(void);
+#endif
+void NCONF_free(CONF *conf);
+void NCONF_free_data(CONF *conf);
 
+int NCONF_load(CONF *conf,const char *file,long *eline);
+#ifndef OPENSSL_NO_FP_API
+int NCONF_load_fp(CONF *conf, FILE *fp,long *eline);
 #endif
+int NCONF_load_bio(CONF *conf, BIO *bp,long *eline);
+STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section);
+char *NCONF_get_string(const CONF *conf,const char *group,const char *name);
+int NCONF_get_number_e(const CONF *conf,const char *group,const char *name,
+		       long *result);
+int NCONF_dump_fp(const CONF *conf, FILE *out);
+int NCONF_dump_bio(const CONF *conf, BIO *out);
+
+#if 0 /* The following function has no error checking,
+	 and should therefore be avoided */
+long NCONF_get_number(CONF *conf,char *group,char *name);
+#else
+#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
+#endif
+  
+/* Module functions */
+
+int CONF_modules_load(const CONF *cnf, const char *appname,
+		      unsigned long flags);
+int CONF_modules_load_file(const char *filename, const char *appname,
+			   unsigned long flags);
+void CONF_modules_unload(int all);
+void CONF_modules_finish(void);
+void CONF_modules_free(void);
+int CONF_module_add(const char *name, conf_init_func *ifunc,
+		    conf_finish_func *ffunc);
+
+const char *CONF_imodule_get_name(const CONF_IMODULE *md);
+const char *CONF_imodule_get_value(const CONF_IMODULE *md);
+void *CONF_imodule_get_usr_data(const CONF_IMODULE *md);
+void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data);
+CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md);
+unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md);
+void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags);
+void *CONF_module_get_usr_data(CONF_MODULE *pmod);
+void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data);
+
+char *CONF_get1_default_config_file(void);
+
+int CONF_parse_list(const char *list, int sep, int nospc,
+	int (*list_cb)(const char *elem, int len, void *usr), void *arg);
+
+void OPENSSL_load_builtin_modules(void);
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_CONF_strings(void);
+
 /* Error codes for the CONF functions. */
 
 /* Function codes. */
+#define CONF_F_CONF_DUMP_FP				 104
 #define CONF_F_CONF_LOAD				 100
+#define CONF_F_CONF_LOAD_BIO				 102
+#define CONF_F_CONF_LOAD_FP				 103
+#define CONF_F_CONF_MODULES_LOAD			 116
+#define CONF_F_MODULE_INIT				 115
+#define CONF_F_MODULE_LOAD_DSO				 117
+#define CONF_F_MODULE_RUN				 118
+#define CONF_F_NCONF_DUMP_BIO				 105
+#define CONF_F_NCONF_DUMP_FP				 106
+#define CONF_F_NCONF_GET_NUMBER				 107
+#define CONF_F_NCONF_GET_NUMBER_E			 112
+#define CONF_F_NCONF_GET_SECTION			 108
+#define CONF_F_NCONF_GET_STRING				 109
+#define CONF_F_NCONF_LOAD				 113
+#define CONF_F_NCONF_LOAD_BIO				 110
+#define CONF_F_NCONF_LOAD_FP				 114
+#define CONF_F_NCONF_NEW				 111
 #define CONF_F_STR_COPY					 101
 
 /* Reason codes. */
+#define CONF_R_ERROR_LOADING_DSO			 110
 #define CONF_R_MISSING_CLOSE_SQUARE_BRACKET		 100
 #define CONF_R_MISSING_EQUAL_SIGN			 101
+#define CONF_R_MISSING_FINISH_FUNCTION			 111
+#define CONF_R_MISSING_INIT_FUNCTION			 112
+#define CONF_R_MODULE_INITIALIZATION_ERROR		 109
 #define CONF_R_NO_CLOSE_BRACE				 102
+#define CONF_R_NO_CONF					 105
+#define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE		 106
+#define CONF_R_NO_SECTION				 107
+#define CONF_R_NO_SUCH_FILE				 114
+#define CONF_R_NO_VALUE					 108
 #define CONF_R_UNABLE_TO_CREATE_NEW_SECTION		 103
+#define CONF_R_UNKNOWN_MODULE_NAME			 113
 #define CONF_R_VARIABLE_HAS_NO_VALUE			 104
- 
+
 #ifdef  __cplusplus
 }
 #endif
 #endif
-
diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
new file mode 100644
index 0000000000..0032baa711
--- /dev/null
+++ b/crypto/conf/conf_api.c
@@ -0,0 +1,308 @@
+/* conf_api.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Part of the code in here was originally in conf.c, which is now removed */
+
+#ifndef CONF_DEBUG
+# undef NDEBUG /* avoid conflicting definitions */
+# define NDEBUG
+#endif
+
+#include <assert.h>
+#include <string.h>
+#include <openssl/conf.h>
+#include <openssl/conf_api.h>
+#include "e_os.h"
+
+static void value_free_hash(CONF_VALUE *a, LHASH *conf);
+static void value_free_stack(CONF_VALUE *a,LHASH *conf);
+static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE *, LHASH *)
+static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_stack, CONF_VALUE *, LHASH *)
+/* We don't use function pointer casting or wrapper functions - but cast each
+ * callback parameter inside the callback functions. */
+/* static unsigned long hash(CONF_VALUE *v); */
+static unsigned long hash(const void *v_void);
+/* static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b); */
+static int cmp_conf(const void *a_void,const void *b_void);
+
+/* Up until OpenSSL 0.9.5a, this was get_section */
+CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)
+	{
+	CONF_VALUE *v,vv;
+
+	if ((conf == NULL) || (section == NULL)) return(NULL);
+	vv.name=NULL;
+	vv.section=(char *)section;
+	v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
+	return(v);
+	}
+
+/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
+STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
+					       const char *section)
+	{
+	CONF_VALUE *v;
+
+	v=_CONF_get_section(conf,section);
+	if (v != NULL)
+		return((STACK_OF(CONF_VALUE) *)v->value);
+	else
+		return(NULL);
+	}
+
+int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value)
+	{
+	CONF_VALUE *v = NULL;
+	STACK_OF(CONF_VALUE) *ts;
+
+	ts = (STACK_OF(CONF_VALUE) *)section->value;
+
+	value->section=section->section;	
+	if (!sk_CONF_VALUE_push(ts,value))
+		{
+		return 0;
+		}
+
+	v = (CONF_VALUE *)lh_insert(conf->data, value);
+	if (v != NULL)
+		{
+		sk_CONF_VALUE_delete_ptr(ts,v);
+		OPENSSL_free(v->name);
+		OPENSSL_free(v->value);
+		OPENSSL_free(v);
+		}
+	return 1;
+	}
+
+char *_CONF_get_string(const CONF *conf, const char *section, const char *name)
+	{
+	CONF_VALUE *v,vv;
+	char *p;
+
+	if (name == NULL) return(NULL);
+	if (conf != NULL)
+		{
+		if (section != NULL)
+			{
+			vv.name=(char *)name;
+			vv.section=(char *)section;
+			v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
+			if (v != NULL) return(v->value);
+			if (strcmp(section,"ENV") == 0)
+				{
+				p=Getenv(name);
+				if (p != NULL) return(p);
+				}
+			}
+		vv.section="default";
+		vv.name=(char *)name;
+		v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
+		if (v != NULL)
+			return(v->value);
+		else
+			return(NULL);
+		}
+	else
+		return(Getenv(name));
+	}
+
+#if 0 /* There's no way to provide error checking with this function, so
+	 force implementors of the higher levels to get a string and read
+	 the number themselves. */
+long _CONF_get_number(CONF *conf, char *section, char *name)
+	{
+	char *str;
+	long ret=0;
+
+	str=_CONF_get_string(conf,section,name);
+	if (str == NULL) return(0);
+	for (;;)
+		{
+		if (conf->meth->is_number(conf, *str))
+			ret=ret*10+conf->meth->to_int(conf, *str);
+		else
+			return(ret);
+		str++;
+		}
+	}
+#endif
+
+int _CONF_new_data(CONF *conf)
+	{
+	if (conf == NULL)
+		{
+		return 0;
+		}
+	if (conf->data == NULL)
+		if ((conf->data = lh_new(hash, cmp_conf)) == NULL)
+			{
+			return 0;
+			}
+	return 1;
+	}
+
+void _CONF_free_data(CONF *conf)
+	{
+	if (conf == NULL || conf->data == NULL) return;
+
+	conf->data->down_load=0; /* evil thing to make sure the 'OPENSSL_free()'
+				  * works as expected */
+	lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_hash),
+			conf->data);
+
+	/* We now have only 'section' entries in the hash table.
+	 * Due to problems with */
+
+	lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_stack),
+			conf->data);
+	lh_free(conf->data);
+	}
+
+static void value_free_hash(CONF_VALUE *a, LHASH *conf)
+	{
+	if (a->name != NULL)
+		{
+		a=(CONF_VALUE *)lh_delete(conf,a);
+		}
+	}
+
+static void value_free_stack(CONF_VALUE *a, LHASH *conf)
+	{
+	CONF_VALUE *vv;
+	STACK *sk;
+	int i;
+
+	if (a->name != NULL) return;
+
+	sk=(STACK *)a->value;
+	for (i=sk_num(sk)-1; i>=0; i--)
+		{
+		vv=(CONF_VALUE *)sk_value(sk,i);
+		OPENSSL_free(vv->value);
+		OPENSSL_free(vv->name);
+		OPENSSL_free(vv);
+		}
+	if (sk != NULL) sk_free(sk);
+	OPENSSL_free(a->section);
+	OPENSSL_free(a);
+	}
+
+/* static unsigned long hash(CONF_VALUE *v) */
+static unsigned long hash(const void *v_void)
+	{
+	CONF_VALUE *v = (CONF_VALUE *)v_void;
+	return((lh_strhash(v->section)<<2)^lh_strhash(v->name));
+	}
+
+/* static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b) */
+static int cmp_conf(const void *a_void,const  void *b_void)
+	{
+	int i;
+	CONF_VALUE *a = (CONF_VALUE *)a_void;
+	CONF_VALUE *b = (CONF_VALUE *)b_void;
+
+	if (a->section != b->section)
+		{
+		i=strcmp(a->section,b->section);
+		if (i) return(i);
+		}
+
+	if ((a->name != NULL) && (b->name != NULL))
+		{
+		i=strcmp(a->name,b->name);
+		return(i);
+		}
+	else if (a->name == b->name)
+		return(0);
+	else
+		return((a->name == NULL)?-1:1);
+	}
+
+/* Up until OpenSSL 0.9.5a, this was new_section */
+CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
+	{
+	STACK *sk=NULL;
+	int ok=0,i;
+	CONF_VALUE *v=NULL,*vv;
+
+	if ((sk=sk_new_null()) == NULL)
+		goto err;
+	if ((v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL)
+		goto err;
+	i=strlen(section)+1;
+	if ((v->section=(char *)OPENSSL_malloc(i)) == NULL)
+		goto err;
+
+	memcpy(v->section,section,i);
+	v->name=NULL;
+	v->value=(char *)sk;
+	
+	vv=(CONF_VALUE *)lh_insert(conf->data,v);
+	assert(vv == NULL);
+	ok=1;
+err:
+	if (!ok)
+		{
+		if (sk != NULL) sk_free(sk);
+		if (v != NULL) OPENSSL_free(v);
+		v=NULL;
+		}
+	return(v);
+	}
+
+IMPLEMENT_STACK_OF(CONF_VALUE)
diff --git a/perl/xstmp.c b/crypto/conf/conf_api.h
index aa18959017..87a954aff6 100644
--- a/perl/xstmp.c
+++ b/crypto/conf/conf_api.h
@@ -1,4 +1,4 @@
-/* perl/xstmp.c */
+/* conf_api.h */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -55,48 +55,35 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
-/*
- * This file was generated automatically by xsubpp version 1.9402 from the 
- * contents of SSLeay.xs. Do not edit this file, edit SSLeay.xs instead.
- *
- *	ANY CHANGES MADE HERE WILL BE LOST! 
- *
- */
 
-#line 1 "SSLeay.xs"
-#ifdef __cplusplus
+#ifndef  HEADER_CONF_API_H
+#define HEADER_CONF_API_H
+
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+
+#ifdef  __cplusplus
 extern "C" {
 #endif
-#include "EXTERN.h"
-#include "perl.h"
-#include "XSUB.h"
-#ifdef __cplusplus
-}
-#endif
 
-typedef struct datum_st
-	{
-	char *dptr;
-	int dsize;
-	} datum;
+/* Up until OpenSSL 0.9.5a, this was new_section */
+CONF_VALUE *_CONF_new_section(CONF *conf, const char *section);
+/* Up until OpenSSL 0.9.5a, this was get_section */
+CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section);
+/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
+STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
+					       const char *section);
 
-#include "crypto.h"
-#include "buffer.h"
-#include "bio.h"
-#include "evp.h"
-#include "err.h"
-#include "x509.h"
-#include "ssl.h"
+int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value);
+char *_CONF_get_string(const CONF *conf, const char *section,
+		       const char *name);
+long _CONF_get_number(const CONF *conf, const char *section, const char *name);
 
-#if 0
-#define pr_name(name)		printf("%s\n",name)
-#define pr_name_d(name,p2)	printf("%s %d\n",name,p2)
-#define pr_name_dd(name,p2,p3)	printf("%s %d %d\n",name,p2,p3)
-#else
-#define pr_name(name)
-#define pr_name_d(name,p2)
-#define pr_name_dd(name,p2,p3)
-#endif
+int _CONF_new_data(CONF *conf);
+void _CONF_free_data(CONF *conf);
 
-#include "callback.c"
+#ifdef  __cplusplus
+}
+#endif
+#endif
 
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
new file mode 100644
index 0000000000..57d2739ae0
--- /dev/null
+++ b/crypto/conf/conf_def.c
@@ -0,0 +1,740 @@
+/* crypto/conf/conf.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Part of the code in here was originally in conf.c, which is now removed */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/stack.h>
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+#include <openssl/conf_api.h>
+#include "conf_def.h"
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include "cryptlib.h"
+
+static char *eat_ws(CONF *conf, char *p);
+static char *eat_alpha_numeric(CONF *conf, char *p);
+static void clear_comments(CONF *conf, char *p);
+static int str_copy(CONF *conf,char *section,char **to, char *from);
+static char *scan_quote(CONF *conf, char *p);
+static char *scan_dquote(CONF *conf, char *p);
+#define scan_esc(conf,p)	(((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2)))
+
+static CONF *def_create(CONF_METHOD *meth);
+static int def_init_default(CONF *conf);
+static int def_init_WIN32(CONF *conf);
+static int def_destroy(CONF *conf);
+static int def_destroy_data(CONF *conf);
+static int def_load(CONF *conf, const char *name, long *eline);
+static int def_load_bio(CONF *conf, BIO *bp, long *eline);
+static int def_dump(const CONF *conf, BIO *bp);
+static int def_is_number(const CONF *conf, char c);
+static int def_to_int(const CONF *conf, char c);
+
+const char *CONF_def_version="CONF_def" OPENSSL_VERSION_PTEXT;
+
+static CONF_METHOD default_method = {
+	"OpenSSL default",
+	def_create,
+	def_init_default,
+	def_destroy,
+	def_destroy_data,
+	def_load_bio,
+	def_dump,
+	def_is_number,
+	def_to_int,
+	def_load
+	};
+
+static CONF_METHOD WIN32_method = {
+	"WIN32",
+	def_create,
+	def_init_WIN32,
+	def_destroy,
+	def_destroy_data,
+	def_load_bio,
+	def_dump,
+	def_is_number,
+	def_to_int,
+	def_load
+	};
+
+CONF_METHOD *NCONF_default()
+	{
+	return &default_method;
+	}
+CONF_METHOD *NCONF_WIN32()
+	{
+	return &WIN32_method;
+	}
+
+static CONF *def_create(CONF_METHOD *meth)
+	{
+	CONF *ret;
+
+	ret = (CONF *)OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *));
+	if (ret)
+		if (meth->init(ret) == 0)
+			{
+			OPENSSL_free(ret);
+			ret = NULL;
+			}
+	return ret;
+	}
+	
+static int def_init_default(CONF *conf)
+	{
+	if (conf == NULL)
+		return 0;
+
+	conf->meth = &default_method;
+	conf->meth_data = (void *)CONF_type_default;
+	conf->data = NULL;
+
+	return 1;
+	}
+
+static int def_init_WIN32(CONF *conf)
+	{
+	if (conf == NULL)
+		return 0;
+
+	conf->meth = &WIN32_method;
+	conf->meth_data = (void *)CONF_type_win32;
+	conf->data = NULL;
+
+	return 1;
+	}
+
+static int def_destroy(CONF *conf)
+	{
+	if (def_destroy_data(conf))
+		{
+		OPENSSL_free(conf);
+		return 1;
+		}
+	return 0;
+	}
+
+static int def_destroy_data(CONF *conf)
+	{
+	if (conf == NULL)
+		return 0;
+	_CONF_free_data(conf);
+	return 1;
+	}
+
+static int def_load(CONF *conf, const char *name, long *line)
+	{
+	int ret;
+	BIO *in=NULL;
+
+#ifdef OPENSSL_SYS_VMS
+	in=BIO_new_file(name, "r");
+#else
+	in=BIO_new_file(name, "rb");
+#endif
+	if (in == NULL)
+		{
+		if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE)
+			CONFerr(CONF_F_CONF_LOAD,CONF_R_NO_SUCH_FILE);
+		else
+			CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
+		return 0;
+		}
+
+	ret = def_load_bio(conf, in, line);
+	BIO_free(in);
+
+	return ret;
+	}
+
+static int def_load_bio(CONF *conf, BIO *in, long *line)
+	{
+/* The macro BUFSIZE conflicts with a system macro in VxWorks */
+#define CONFBUFSIZE	512
+	int bufnum=0,i,ii;
+	BUF_MEM *buff=NULL;
+	char *s,*p,*end;
+	int again,n;
+	long eline=0;
+	char btmp[DECIMAL_SIZE(eline)+1];
+	CONF_VALUE *v=NULL,*tv;
+	CONF_VALUE *sv=NULL;
+	char *section=NULL,*buf;
+	STACK_OF(CONF_VALUE) *section_sk=NULL,*ts;
+	char *start,*psection,*pname;
+	void *h = (void *)(conf->data);
+
+	if ((buff=BUF_MEM_new()) == NULL)
+		{
+		CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
+		goto err;
+		}
+
+	section=(char *)OPENSSL_malloc(10);
+	if (section == NULL)
+		{
+		CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	strcpy(section,"default");
+
+	if (_CONF_new_data(conf) == 0)
+		{
+		CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	sv=_CONF_new_section(conf,section);
+	if (sv == NULL)
+		{
+		CONFerr(CONF_F_CONF_LOAD_BIO,
+					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+		goto err;
+		}
+	section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+
+	bufnum=0;
+	again=0;
+	for (;;)
+		{
+		if (!BUF_MEM_grow(buff,bufnum+CONFBUFSIZE))
+			{
+			CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
+			goto err;
+			}
+		p= &(buff->data[bufnum]);
+		*p='\0';
+		BIO_gets(in, p, CONFBUFSIZE-1);
+		p[CONFBUFSIZE-1]='\0';
+		ii=i=strlen(p);
+		if (i == 0 && !again) break;
+		again=0;
+		while (i > 0)
+			{
+			if ((p[i-1] != '\r') && (p[i-1] != '\n'))
+				break;
+			else
+				i--;
+			}
+		/* we removed some trailing stuff so there is a new
+		 * line on the end. */
+		if (ii && i == ii)
+			again=1; /* long line */
+		else
+			{
+			p[i]='\0';
+			eline++; /* another input line */
+			}
+
+		/* we now have a line with trailing \r\n removed */
+
+		/* i is the number of bytes */
+		bufnum+=i;
+
+		v=NULL;
+		/* check for line continuation */
+		if (bufnum >= 1)
+			{
+			/* If we have bytes and the last char '\\' and
+			 * second last char is not '\\' */
+			p= &(buff->data[bufnum-1]);
+			if (IS_ESC(conf,p[0]) &&
+				((bufnum <= 1) || !IS_ESC(conf,p[-1])))
+				{
+				bufnum--;
+				again=1;
+				}
+			}
+		if (again) continue;
+		bufnum=0;
+		buf=buff->data;
+
+		clear_comments(conf, buf);
+		n=strlen(buf);
+		s=eat_ws(conf, buf);
+		if (IS_EOF(conf,*s)) continue; /* blank line */
+		if (*s == '[')
+			{
+			char *ss;
+
+			s++;
+			start=eat_ws(conf, s);
+			ss=start;
+again:
+			end=eat_alpha_numeric(conf, ss);
+			p=eat_ws(conf, end);
+			if (*p != ']')
+				{
+				if (*p != '\0')
+					{
+					ss=p;
+					goto again;
+					}
+				CONFerr(CONF_F_CONF_LOAD_BIO,
+					CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
+				goto err;
+				}
+			*end='\0';
+			if (!str_copy(conf,NULL,&section,start)) goto err;
+			if ((sv=_CONF_get_section(conf,section)) == NULL)
+				sv=_CONF_new_section(conf,section);
+			if (sv == NULL)
+				{
+				CONFerr(CONF_F_CONF_LOAD_BIO,
+					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+				goto err;
+				}
+			section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+			continue;
+			}
+		else
+			{
+			pname=s;
+			psection=NULL;
+			end=eat_alpha_numeric(conf, s);
+			if ((end[0] == ':') && (end[1] == ':'))
+				{
+				*end='\0';
+				end+=2;
+				psection=pname;
+				pname=end;
+				end=eat_alpha_numeric(conf, end);
+				}
+			p=eat_ws(conf, end);
+			if (*p != '=')
+				{
+				CONFerr(CONF_F_CONF_LOAD_BIO,
+						CONF_R_MISSING_EQUAL_SIGN);
+				goto err;
+				}
+			*end='\0';
+			p++;
+			start=eat_ws(conf, p);
+			while (!IS_EOF(conf,*p))
+				p++;
+			p--;
+			while ((p != start) && (IS_WS(conf,*p)))
+				p--;
+			p++;
+			*p='\0';
+
+			if (!(v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))))
+				{
+				CONFerr(CONF_F_CONF_LOAD_BIO,
+							ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
+			if (psection == NULL) psection=section;
+			v->name=(char *)OPENSSL_malloc(strlen(pname)+1);
+			v->value=NULL;
+			if (v->name == NULL)
+				{
+				CONFerr(CONF_F_CONF_LOAD_BIO,
+							ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
+			strcpy(v->name,pname);
+			if (!str_copy(conf,psection,&(v->value),start)) goto err;
+
+			if (strcmp(psection,section) != 0)
+				{
+				if ((tv=_CONF_get_section(conf,psection))
+					== NULL)
+					tv=_CONF_new_section(conf,psection);
+				if (tv == NULL)
+					{
+					CONFerr(CONF_F_CONF_LOAD_BIO,
+					   CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+					goto err;
+					}
+				ts=(STACK_OF(CONF_VALUE) *)tv->value;
+				}
+			else
+				{
+				tv=sv;
+				ts=section_sk;
+				}
+#if 1
+			if (_CONF_add_string(conf, tv, v) == 0)
+				{
+				CONFerr(CONF_F_CONF_LOAD_BIO,
+							ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
+#else
+			v->section=tv->section;	
+			if (!sk_CONF_VALUE_push(ts,v))
+				{
+				CONFerr(CONF_F_CONF_LOAD_BIO,
+							ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
+			vv=(CONF_VALUE *)lh_insert(conf->data,v);
+			if (vv != NULL)
+				{
+				sk_CONF_VALUE_delete_ptr(ts,vv);
+				OPENSSL_free(vv->name);
+				OPENSSL_free(vv->value);
+				OPENSSL_free(vv);
+				}
+#endif
+			v=NULL;
+			}
+		}
+	if (buff != NULL) BUF_MEM_free(buff);
+	if (section != NULL) OPENSSL_free(section);
+	return(1);
+err:
+	if (buff != NULL) BUF_MEM_free(buff);
+	if (section != NULL) OPENSSL_free(section);
+	if (line != NULL) *line=eline;
+	sprintf(btmp,"%ld",eline);
+	ERR_add_error_data(2,"line ",btmp);
+	if ((h != conf->data) && (conf->data != NULL))
+		{
+		CONF_free(conf->data);
+		conf->data=NULL;
+		}
+	if (v != NULL)
+		{
+		if (v->name != NULL) OPENSSL_free(v->name);
+		if (v->value != NULL) OPENSSL_free(v->value);
+		if (v != NULL) OPENSSL_free(v);
+		}
+	return(0);
+	}
+
+static void clear_comments(CONF *conf, char *p)
+	{
+	char *to;
+
+	to=p;
+	for (;;)
+		{
+		if (IS_FCOMMENT(conf,*p))
+			{
+			*p='\0';
+			return;
+			}
+		if (!IS_WS(conf,*p))
+			{
+			break;
+			}
+		p++;
+		}
+
+	for (;;)
+		{
+		if (IS_COMMENT(conf,*p))
+			{
+			*p='\0';
+			return;
+			}
+		if (IS_DQUOTE(conf,*p))
+			{
+			p=scan_dquote(conf, p);
+			continue;
+			}
+		if (IS_QUOTE(conf,*p))
+			{
+			p=scan_quote(conf, p);
+			continue;
+			}
+		if (IS_ESC(conf,*p))
+			{
+			p=scan_esc(conf,p);
+			continue;
+			}
+		if (IS_EOF(conf,*p))
+			return;
+		else
+			p++;
+		}
+	}
+
+static int str_copy(CONF *conf, char *section, char **pto, char *from)
+	{
+	int q,r,rr=0,to=0,len=0;
+	char *s,*e,*rp,*p,*rrp,*np,*cp,v;
+	BUF_MEM *buf;
+
+	if ((buf=BUF_MEM_new()) == NULL) return(0);
+
+	len=strlen(from)+1;
+	if (!BUF_MEM_grow(buf,len)) goto err;
+
+	for (;;)
+		{
+		if (IS_QUOTE(conf,*from))
+			{
+			q= *from;
+			from++;
+			while (!IS_EOF(conf,*from) && (*from != q))
+				{
+				if (IS_ESC(conf,*from))
+					{
+					from++;
+					if (IS_EOF(conf,*from)) break;
+					}
+				buf->data[to++]= *(from++);
+				}
+			if (*from == q) from++;
+			}
+		else if (IS_DQUOTE(conf,*from))
+			{
+			q= *from;
+			from++;
+			while (!IS_EOF(conf,*from))
+				{
+				if (*from == q)
+					{
+					if (*(from+1) == q)
+						{
+						from++;
+						}
+					else
+						{
+						break;
+						}
+					}
+				buf->data[to++]= *(from++);
+				}
+			if (*from == q) from++;
+			}
+		else if (IS_ESC(conf,*from))
+			{
+			from++;
+			v= *(from++);
+			if (IS_EOF(conf,v)) break;
+			else if (v == 'r') v='\r';
+			else if (v == 'n') v='\n';
+			else if (v == 'b') v='\b';
+			else if (v == 't') v='\t';
+			buf->data[to++]= v;
+			}
+		else if (IS_EOF(conf,*from))
+			break;
+		else if (*from == '$')
+			{
+			/* try to expand it */
+			rrp=NULL;
+			s= &(from[1]);
+			if (*s == '{')
+				q='}';
+			else if (*s == '(')
+				q=')';
+			else q=0;
+
+			if (q) s++;
+			cp=section;
+			e=np=s;
+			while (IS_ALPHA_NUMERIC(conf,*e))
+				e++;
+			if ((e[0] == ':') && (e[1] == ':'))
+				{
+				cp=np;
+				rrp=e;
+				rr= *e;
+				*rrp='\0';
+				e+=2;
+				np=e;
+				while (IS_ALPHA_NUMERIC(conf,*e))
+					e++;
+				}
+			r= *e;
+			*e='\0';
+			rp=e;
+			if (q)
+				{
+				if (r != q)
+					{
+					CONFerr(CONF_F_STR_COPY,CONF_R_NO_CLOSE_BRACE);
+					goto err;
+					}
+				e++;
+				}
+			/* So at this point we have
+			 * ns which is the start of the name string which is
+			 *   '\0' terminated. 
+			 * cs which is the start of the section string which is
+			 *   '\0' terminated.
+			 * e is the 'next point after'.
+			 * r and s are the chars replaced by the '\0'
+			 * rp and sp is where 'r' and 's' came from.
+			 */
+			p=_CONF_get_string(conf,cp,np);
+			if (rrp != NULL) *rrp=rr;
+			*rp=r;
+			if (p == NULL)
+				{
+				CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE);
+				goto err;
+				}
+			BUF_MEM_grow_clean(buf,(strlen(p)+len-(e-from)));
+			while (*p)
+				buf->data[to++]= *(p++);
+			from=e;
+			}
+		else
+			buf->data[to++]= *(from++);
+		}
+	buf->data[to]='\0';
+	if (*pto != NULL) OPENSSL_free(*pto);
+	*pto=buf->data;
+	OPENSSL_free(buf);
+	return(1);
+err:
+	if (buf != NULL) BUF_MEM_free(buf);
+	return(0);
+	}
+
+static char *eat_ws(CONF *conf, char *p)
+	{
+	while (IS_WS(conf,*p) && (!IS_EOF(conf,*p)))
+		p++;
+	return(p);
+	}
+
+static char *eat_alpha_numeric(CONF *conf, char *p)
+	{
+	for (;;)
+		{
+		if (IS_ESC(conf,*p))
+			{
+			p=scan_esc(conf,p);
+			continue;
+			}
+		if (!IS_ALPHA_NUMERIC_PUNCT(conf,*p))
+			return(p);
+		p++;
+		}
+	}
+
+static char *scan_quote(CONF *conf, char *p)
+	{
+	int q= *p;
+
+	p++;
+	while (!(IS_EOF(conf,*p)) && (*p != q))
+		{
+		if (IS_ESC(conf,*p))
+			{
+			p++;
+			if (IS_EOF(conf,*p)) return(p);
+			}
+		p++;
+		}
+	if (*p == q) p++;
+	return(p);
+	}
+
+
+static char *scan_dquote(CONF *conf, char *p)
+	{
+	int q= *p;
+
+	p++;
+	while (!(IS_EOF(conf,*p)))
+		{
+		if (*p == q)
+			{
+			if (*(p+1) == q)
+				{
+				p++;
+				}
+			else
+				{
+				break;
+				}
+			}
+		p++;
+		}
+	if (*p == q) p++;
+	return(p);
+	}
+
+static void dump_value(CONF_VALUE *a, BIO *out)
+	{
+	if (a->name)
+		BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value);
+	else
+		BIO_printf(out, "[[%s]]\n", a->section);
+	}
+
+static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE *, BIO *)
+
+static int def_dump(const CONF *conf, BIO *out)
+	{
+	lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), out);
+	return 1;
+	}
+
+static int def_is_number(const CONF *conf, char c)
+	{
+	return IS_NUMBER(conf,c);
+	}
+
+static int def_to_int(const CONF *conf, char c)
+	{
+	return c - '0';
+	}
+
diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h
new file mode 100644
index 0000000000..92a7d8ad77
--- /dev/null
+++ b/crypto/conf/conf_def.h
@@ -0,0 +1,180 @@
+/* crypto/conf/conf_def.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* THIS FILE WAS AUTOMAGICALLY GENERATED!
+   Please modify and use keysets.pl to regenerate it. */
+
+#define CONF_NUMBER		1
+#define CONF_UPPER		2
+#define CONF_LOWER		4
+#define CONF_UNDER		256
+#define CONF_PUNCTUATION	512
+#define CONF_WS			16
+#define CONF_ESC		32
+#define CONF_QUOTE		64
+#define CONF_DQUOTE		1024
+#define CONF_COMMENT		128
+#define CONF_FCOMMENT		2048
+#define CONF_EOF		8
+#define CONF_HIGHBIT		4096
+#define CONF_ALPHA		(CONF_UPPER|CONF_LOWER)
+#define CONF_ALPHA_NUMERIC	(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
+					CONF_PUNCTUATION)
+
+#define KEYTYPES(c)		((unsigned short *)((c)->meth_data))
+#ifndef CHARSET_EBCDIC
+#define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
+#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
+#define IS_EOF(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_EOF)
+#define IS_ESC(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_ESC)
+#define IS_NUMBER(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
+#define IS_WS(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_WS)
+#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
+#define IS_ALPHA_NUMERIC_PUNCT(c,a) \
+				(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
+#define IS_QUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
+#define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
+#define IS_HIGHBIT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
+
+#else /*CHARSET_EBCDIC*/
+
+#define IS_COMMENT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
+#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
+#define IS_EOF(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
+#define IS_ESC(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
+#define IS_NUMBER(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
+#define IS_WS(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
+#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
+#define IS_ALPHA_NUMERIC_PUNCT(c,a) \
+				(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
+#define IS_QUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
+#define IS_DQUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
+#define IS_HIGHBIT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
+#endif /*CHARSET_EBCDIC*/
+
+static unsigned short CONF_type_default[256]={
+	0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
+	0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,
+	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
+	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
+	0x0010,0x0200,0x0040,0x0080,0x0000,0x0200,0x0200,0x0040,
+	0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200,
+	0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,
+	0x0001,0x0001,0x0000,0x0200,0x0000,0x0000,0x0000,0x0200,
+	0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
+	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
+	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
+	0x0002,0x0002,0x0002,0x0000,0x0020,0x0000,0x0200,0x0100,
+	0x0040,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
+	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
+	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
+	0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	};
+
+static unsigned short CONF_type_win32[256]={
+	0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
+	0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,
+	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
+	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
+	0x0010,0x0200,0x0400,0x0000,0x0000,0x0200,0x0200,0x0000,
+	0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200,
+	0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,
+	0x0001,0x0001,0x0000,0x0A00,0x0000,0x0000,0x0000,0x0200,
+	0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
+	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
+	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
+	0x0002,0x0002,0x0002,0x0000,0x0000,0x0000,0x0200,0x0100,
+	0x0000,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
+	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
+	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
+	0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+	};
+
diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c
index c6929b99c5..ee07bfe9d9 100644
--- a/crypto/conf/conf_err.c
+++ b/crypto/conf/conf_err.c
@@ -1,93 +1,123 @@
-/* lib/conf/conf_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/conf/conf_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "conf.h"
+#include <openssl/err.h>
+#include <openssl/conf.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA CONF_str_functs[]=
 	{
+{ERR_PACK(0,CONF_F_CONF_DUMP_FP,0),	"CONF_dump_fp"},
 {ERR_PACK(0,CONF_F_CONF_LOAD,0),	"CONF_load"},
+{ERR_PACK(0,CONF_F_CONF_LOAD_BIO,0),	"CONF_load_bio"},
+{ERR_PACK(0,CONF_F_CONF_LOAD_FP,0),	"CONF_load_fp"},
+{ERR_PACK(0,CONF_F_CONF_MODULES_LOAD,0),	"CONF_modules_load"},
+{ERR_PACK(0,CONF_F_MODULE_INIT,0),	"MODULE_INIT"},
+{ERR_PACK(0,CONF_F_MODULE_LOAD_DSO,0),	"MODULE_LOAD_DSO"},
+{ERR_PACK(0,CONF_F_MODULE_RUN,0),	"MODULE_RUN"},
+{ERR_PACK(0,CONF_F_NCONF_DUMP_BIO,0),	"NCONF_dump_bio"},
+{ERR_PACK(0,CONF_F_NCONF_DUMP_FP,0),	"NCONF_dump_fp"},
+{ERR_PACK(0,CONF_F_NCONF_GET_NUMBER,0),	"NCONF_get_number"},
+{ERR_PACK(0,CONF_F_NCONF_GET_NUMBER_E,0),	"NCONF_get_number_e"},
+{ERR_PACK(0,CONF_F_NCONF_GET_SECTION,0),	"NCONF_get_section"},
+{ERR_PACK(0,CONF_F_NCONF_GET_STRING,0),	"NCONF_get_string"},
+{ERR_PACK(0,CONF_F_NCONF_LOAD,0),	"NCONF_load"},
+{ERR_PACK(0,CONF_F_NCONF_LOAD_BIO,0),	"NCONF_load_bio"},
+{ERR_PACK(0,CONF_F_NCONF_LOAD_FP,0),	"NCONF_load_fp"},
+{ERR_PACK(0,CONF_F_NCONF_NEW,0),	"NCONF_new"},
 {ERR_PACK(0,CONF_F_STR_COPY,0),	"STR_COPY"},
-{0,NULL},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA CONF_str_reasons[]=
 	{
+{CONF_R_ERROR_LOADING_DSO                ,"error loading dso"},
 {CONF_R_MISSING_CLOSE_SQUARE_BRACKET     ,"missing close square bracket"},
 {CONF_R_MISSING_EQUAL_SIGN               ,"missing equal sign"},
+{CONF_R_MISSING_FINISH_FUNCTION          ,"missing finish function"},
+{CONF_R_MISSING_INIT_FUNCTION            ,"missing init function"},
+{CONF_R_MODULE_INITIALIZATION_ERROR      ,"module initialization error"},
 {CONF_R_NO_CLOSE_BRACE                   ,"no close brace"},
+{CONF_R_NO_CONF                          ,"no conf"},
+{CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE  ,"no conf or environment variable"},
+{CONF_R_NO_SECTION                       ,"no section"},
+{CONF_R_NO_SUCH_FILE                     ,"no such file"},
+{CONF_R_NO_VALUE                         ,"no value"},
 {CONF_R_UNABLE_TO_CREATE_NEW_SECTION     ,"unable to create new section"},
+{CONF_R_UNKNOWN_MODULE_NAME              ,"unknown module name"},
 {CONF_R_VARIABLE_HAS_NO_VALUE            ,"variable has no value"},
-{0,NULL},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_CONF_strings()
+void ERR_load_CONF_strings(void)
 	{
 	static int init=1;
 
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_CONF,CONF_str_functs);
 		ERR_load_strings(ERR_LIB_CONF,CONF_str_reasons);
 #endif
diff --git a/crypto/conf/conf_lcl.h b/crypto/conf/conf_lcl.h
deleted file mode 100644
index 4e5644ed79..0000000000
--- a/crypto/conf/conf_lcl.h
+++ /dev/null
@@ -1,102 +0,0 @@
-/* crypto/conf/conf_lcl.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#define CONF_NUMBER		1
-#define CONF_UPPER		2
-#define CONF_LOWER		4
-#define CONF_UNDER		256
-#define CONF_PUNCTUATION	512
-#define CONF_WS			16
-#define CONF_ESC		32
-#define CONF_QUOTE		64
-#define CONF_COMMENT		128
-#define CONF_EOF		8
-#define CONF_ALPHA		(CONF_UPPER|CONF_LOWER)
-#define CONF_ALPHA_NUMERIC	(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
-#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
-					CONF_PUNCTUATION)
-
-#define IS_COMMENT(a)		(CONF_COMMENT&(CONF_type[(a)&0x7f]))
-#define IS_EOF(a)		((a) == '\0')
-#define IS_ESC(a)		((a) == '\\')
-#define IS_NUMER(a)		(CONF_type[(a)&0x7f]&CONF_NUMBER)
-#define IS_WS(a)		(CONF_type[(a)&0x7f]&CONF_WS)
-#define IS_ALPHA_NUMERIC(a)	(CONF_type[(a)&0x7f]&CONF_ALPHA_NUMERIC)
-#define IS_ALPHA_NUMERIC_PUNCT(a) \
-				(CONF_type[(a)&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
-#define IS_QUOTE(a)		(CONF_type[(a)&0x7f]&CONF_QUOTE)
-
-static unsigned short CONF_type[128]={
-	0x008,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
-	0x000,0x010,0x010,0x000,0x000,0x010,0x000,0x000,
-	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
-	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
-	0x010,0x200,0x040,0x080,0x000,0x200,0x200,0x040,
-	0x000,0x000,0x200,0x200,0x200,0x200,0x200,0x200,
-	0x001,0x001,0x001,0x001,0x001,0x001,0x001,0x001,
-	0x001,0x001,0x000,0x200,0x000,0x000,0x000,0x200,
-	0x200,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
-	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
-	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
-	0x002,0x002,0x002,0x000,0x020,0x000,0x200,0x100,
-	0x040,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
-	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
-	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
-	0x004,0x004,0x004,0x000,0x200,0x000,0x200,0x000,
-	};
-
diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
new file mode 100644
index 0000000000..6a3cf109dd
--- /dev/null
+++ b/crypto/conf/conf_lib.c
@@ -0,0 +1,401 @@
+/* conf_lib.c */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/conf.h>
+#include <openssl/conf_api.h>
+#include <openssl/lhash.h>
+
+const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT;
+
+static CONF_METHOD *default_CONF_method=NULL;
+
+/* Init a 'CONF' structure from an old LHASH */
+
+void CONF_set_nconf(CONF *conf, LHASH *hash)
+	{
+	if (default_CONF_method == NULL)
+		default_CONF_method = NCONF_default();
+
+	default_CONF_method->init(conf);
+	conf->data = hash;
+	}
+
+/* The following section contains the "CONF classic" functions,
+   rewritten in terms of the new CONF interface. */
+
+int CONF_set_default_method(CONF_METHOD *meth)
+	{
+	default_CONF_method = meth;
+	return 1;
+	}
+
+LHASH *CONF_load(LHASH *conf, const char *file, long *eline)
+	{
+	LHASH *ltmp;
+	BIO *in=NULL;
+
+#ifdef OPENSSL_SYS_VMS
+	in=BIO_new_file(file, "r");
+#else
+	in=BIO_new_file(file, "rb");
+#endif
+	if (in == NULL)
+		{
+		CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
+		return NULL;
+		}
+
+	ltmp = CONF_load_bio(conf, in, eline);
+	BIO_free(in);
+
+	return ltmp;
+	}
+
+#ifndef OPENSSL_NO_FP_API
+LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline)
+	{
+	BIO *btmp;
+	LHASH *ltmp;
+	if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+		CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB);
+		return NULL;
+	}
+	ltmp = CONF_load_bio(conf, btmp, eline);
+	BIO_free(btmp);
+	return ltmp;
+	}
+#endif
+
+LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
+	{
+	CONF ctmp;
+	int ret;
+
+	CONF_set_nconf(&ctmp, conf);
+
+	ret = NCONF_load_bio(&ctmp, bp, eline);
+	if (ret)
+		return ctmp.data;
+	return NULL;
+	}
+
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section)
+	{
+	if (conf == NULL)
+		{
+		return NULL;
+		}
+	else
+		{
+		CONF ctmp;
+		CONF_set_nconf(&ctmp, conf);
+		return NCONF_get_section(&ctmp, section);
+		}
+	}
+
+char *CONF_get_string(LHASH *conf,const char *group,const char *name)
+	{
+	if (conf == NULL)
+		{
+		return NCONF_get_string(NULL, group, name);
+		}
+	else
+		{
+		CONF ctmp;
+		CONF_set_nconf(&ctmp, conf);
+		return NCONF_get_string(&ctmp, group, name);
+		}
+	}
+
+long CONF_get_number(LHASH *conf,const char *group,const char *name)
+	{
+	int status;
+	long result = 0;
+
+	if (conf == NULL)
+		{
+		status = NCONF_get_number_e(NULL, group, name, &result);
+		}
+	else
+		{
+		CONF ctmp;
+		CONF_set_nconf(&ctmp, conf);
+		status = NCONF_get_number_e(&ctmp, group, name, &result);
+		}
+
+	if (status == 0)
+		{
+		/* This function does not believe in errors... */
+		ERR_get_error();
+		}
+	return result;
+	}
+
+void CONF_free(LHASH *conf)
+	{
+	CONF ctmp;
+	CONF_set_nconf(&ctmp, conf);
+	NCONF_free_data(&ctmp);
+	}
+
+#ifndef OPENSSL_NO_FP_API
+int CONF_dump_fp(LHASH *conf, FILE *out)
+	{
+	BIO *btmp;
+	int ret;
+
+	if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
+		CONFerr(CONF_F_CONF_DUMP_FP,ERR_R_BUF_LIB);
+		return 0;
+	}
+	ret = CONF_dump_bio(conf, btmp);
+	BIO_free(btmp);
+	return ret;
+	}
+#endif
+
+int CONF_dump_bio(LHASH *conf, BIO *out)
+	{
+	CONF ctmp;
+	CONF_set_nconf(&ctmp, conf);
+	return NCONF_dump_bio(&ctmp, out);
+	}
+
+/* The following section contains the "New CONF" functions.  They are
+   completely centralised around a new CONF structure that may contain
+   basically anything, but at least a method pointer and a table of data.
+   These functions are also written in terms of the bridge functions used
+   by the "CONF classic" functions, for consistency.  */
+
+CONF *NCONF_new(CONF_METHOD *meth)
+	{
+	CONF *ret;
+
+	if (meth == NULL)
+		meth = NCONF_default();
+
+	ret = meth->create(meth);
+	if (ret == NULL)
+		{
+		CONFerr(CONF_F_NCONF_NEW,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+
+	return ret;
+	}
+
+void NCONF_free(CONF *conf)
+	{
+	if (conf == NULL)
+		return;
+	conf->meth->destroy(conf);
+	}
+
+void NCONF_free_data(CONF *conf)
+	{
+	if (conf == NULL)
+		return;
+	conf->meth->destroy_data(conf);
+	}
+
+int NCONF_load(CONF *conf, const char *file, long *eline)
+	{
+	if (conf == NULL)
+		{
+		CONFerr(CONF_F_NCONF_LOAD,CONF_R_NO_CONF);
+		return 0;
+		}
+
+	return conf->meth->load(conf, file, eline);
+	}
+
+#ifndef OPENSSL_NO_FP_API
+int NCONF_load_fp(CONF *conf, FILE *fp,long *eline)
+	{
+	BIO *btmp;
+	int ret;
+	if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE)))
+		{
+		CONFerr(CONF_F_NCONF_LOAD_FP,ERR_R_BUF_LIB);
+		return 0;
+		}
+	ret = NCONF_load_bio(conf, btmp, eline);
+	BIO_free(btmp);
+	return ret;
+	}
+#endif
+
+int NCONF_load_bio(CONF *conf, BIO *bp,long *eline)
+	{
+	if (conf == NULL)
+		{
+		CONFerr(CONF_F_NCONF_LOAD_BIO,CONF_R_NO_CONF);
+		return 0;
+		}
+
+	return conf->meth->load_bio(conf, bp, eline);
+	}
+
+STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section)
+	{
+	if (conf == NULL)
+		{
+		CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_CONF);
+		return NULL;
+		}
+
+	if (section == NULL)
+		{
+		CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_SECTION);
+		return NULL;
+		}
+
+	return _CONF_get_section_values(conf, section);
+	}
+
+char *NCONF_get_string(const CONF *conf,const char *group,const char *name)
+	{
+	char *s = _CONF_get_string(conf, group, name);
+
+        /* Since we may get a value from an environment variable even
+           if conf is NULL, let's check the value first */
+        if (s) return s;
+
+	if (conf == NULL)
+		{
+		CONFerr(CONF_F_NCONF_GET_STRING,
+                        CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
+		return NULL;
+		}
+	CONFerr(CONF_F_NCONF_GET_STRING,
+		CONF_R_NO_VALUE);
+	ERR_add_error_data(4,"group=",group," name=",name);
+	return NULL;
+	}
+
+int NCONF_get_number_e(const CONF *conf,const char *group,const char *name,
+		       long *result)
+	{
+	char *str;
+
+	if (result == NULL)
+		{
+		CONFerr(CONF_F_NCONF_GET_NUMBER_E,ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+
+	str = NCONF_get_string(conf,group,name);
+
+	if (str == NULL)
+		return 0;
+
+	for (*result = 0;conf->meth->is_number(conf, *str);)
+		{
+		*result = (*result)*10 + conf->meth->to_int(conf, *str);
+		str++;
+		}
+
+	return 1;
+	}
+
+#ifndef OPENSSL_NO_FP_API
+int NCONF_dump_fp(const CONF *conf, FILE *out)
+	{
+	BIO *btmp;
+	int ret;
+	if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
+		CONFerr(CONF_F_NCONF_DUMP_FP,ERR_R_BUF_LIB);
+		return 0;
+	}
+	ret = NCONF_dump_bio(conf, btmp);
+	BIO_free(btmp);
+	return ret;
+	}
+#endif
+
+int NCONF_dump_bio(const CONF *conf, BIO *out)
+	{
+	if (conf == NULL)
+		{
+		CONFerr(CONF_F_NCONF_DUMP_BIO,CONF_R_NO_CONF);
+		return 0;
+		}
+
+	return conf->meth->dump(conf, out);
+	}
+
+
+/* This function should be avoided */
+#if 0
+long NCONF_get_number(CONF *conf,char *group,char *name)
+	{
+	int status;
+	long ret=0;
+
+	status = NCONF_get_number_e(conf, group, name, &ret);
+	if (status == 0)
+		{
+		/* This function does not believe in errors... */
+		ERR_get_error();
+		}
+	return ret;
+	}
+#endif
diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c
new file mode 100644
index 0000000000..d702af689b
--- /dev/null
+++ b/crypto/conf/conf_mall.c
@@ -0,0 +1,76 @@
+/* conf_mall.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/engine.h>
+
+/* Load all OpenSSL builtin modules */
+
+void OPENSSL_load_builtin_modules(void)
+	{
+	/* Add builtin modules here */
+	ASN1_add_oid_module();
+	ENGINE_add_conf_module();
+	}
+
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
new file mode 100644
index 0000000000..edcc08921c
--- /dev/null
+++ b/crypto/conf/conf_mod.c
@@ -0,0 +1,616 @@
+/* conf_mod.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+
+
+#define DSO_mod_init_name "OPENSSL_init"
+#define DSO_mod_finish_name "OPENSSL_finish"
+
+
+/* This structure contains a data about supported modules.
+ * entries in this table correspond to either dynamic or
+ * static modules.
+ */
+
+struct conf_module_st
+	{
+	/* DSO of this module or NULL if static */
+	DSO *dso;
+	/* Name of the module */
+	char *name;
+	/* Init function */
+	conf_init_func *init; 
+	/* Finish function */
+	conf_finish_func *finish;
+	/* Number of successfully initialized modules */
+	int links;
+	void *usr_data;
+	};
+
+
+/* This structure contains information about modules that have been
+ * successfully initialized. There may be more than one entry for a
+ * given module.
+ */
+
+struct conf_imodule_st
+	{
+	CONF_MODULE *pmod;
+	char *name;
+	char *value;
+	unsigned long flags;
+	void *usr_data;
+	};
+
+static STACK_OF(CONF_MODULE) *supported_modules = NULL;
+static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
+
+static void module_free(CONF_MODULE *md);
+static void module_finish(CONF_IMODULE *imod);
+static int module_run(const CONF *cnf, char *name, char *value,
+					  unsigned long flags);
+static CONF_MODULE *module_add(DSO *dso, const char *name,
+			conf_init_func *ifunc, conf_finish_func *ffunc);
+static CONF_MODULE *module_find(char *name);
+static int module_init(CONF_MODULE *pmod, char *name, char *value,
+					   const CONF *cnf);
+static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
+									unsigned long flags);
+
+/* Main function: load modules from a CONF structure */
+
+int CONF_modules_load(const CONF *cnf, const char *appname,
+		      unsigned long flags)
+	{
+	STACK_OF(CONF_VALUE) *values;
+	CONF_VALUE *vl;
+	char *vsection;
+
+	int ret, i;
+
+	if (!cnf)
+		return 1;
+
+	if (appname == NULL)
+		appname = "openssl_conf";
+
+	vsection = NCONF_get_string(cnf, NULL, appname); 
+
+	if (!vsection)
+		{
+		ERR_clear_error();
+		return 1;
+		}
+
+	values = NCONF_get_section(cnf, vsection);
+
+	if (!values)
+		return 0;
+
+	for (i = 0; i < sk_CONF_VALUE_num(values); i++)
+		{
+		vl = sk_CONF_VALUE_value(values, i);
+		ret = module_run(cnf, vl->name, vl->value, flags);
+		if (ret <= 0)
+			if(!(flags & CONF_MFLAGS_IGNORE_ERRORS))
+				return ret;
+		}
+
+	return 1;
+
+	}
+
+int CONF_modules_load_file(const char *filename, const char *appname,
+			   unsigned long flags)
+	{
+	char *file = NULL;
+	CONF *conf = NULL;
+	int ret = 0;
+	conf = NCONF_new(NULL);
+	if (!conf)
+		goto err;
+
+	if (filename == NULL)
+		{
+		file = CONF_get1_default_config_file();
+		if (!file)
+			goto err;
+		}
+	else
+		file = (char *)filename;
+
+	if (NCONF_load(conf, file, NULL) <= 0)
+		{
+		if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
+		  (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE))
+			{
+			ERR_clear_error();
+			ret = 1;
+			}
+		goto err;
+		}
+
+	ret = CONF_modules_load(conf, appname, flags);
+
+	err:
+	if (filename == NULL)
+		OPENSSL_free(file);
+	NCONF_free(conf);
+
+	return ret;
+	}
+
+static int module_run(const CONF *cnf, char *name, char *value,
+		      unsigned long flags)
+	{
+	CONF_MODULE *md;
+	int ret;
+
+	md = module_find(name);
+
+	/* Module not found: try to load DSO */
+	if (!md && !(flags & CONF_MFLAGS_NO_DSO))
+		md = module_load_dso(cnf, name, value, flags);
+
+	if (!md)
+		{
+		if (!(flags & CONF_MFLAGS_SILENT))
+			{
+			CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME);
+			ERR_add_error_data(2, "module=", name);
+			}
+		return -1;
+		}
+
+	ret = module_init(md, name, value, cnf);
+
+	if (ret <= 0)
+		{
+		if (!(flags & CONF_MFLAGS_SILENT))
+			{
+			char rcode[DECIMAL_SIZE(ret)+1];
+			CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
+			sprintf(rcode, "%-8d", ret);
+			ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
+			}
+		}
+
+	return ret;
+	}
+
+/* Load a module from a DSO */
+static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
+				    unsigned long flags)
+	{
+	DSO *dso = NULL;
+	conf_init_func *ifunc;
+	conf_finish_func *ffunc;
+	char *path = NULL;
+	int errcode = 0;
+	CONF_MODULE *md;
+	/* Look for alternative path in module section */
+	path = NCONF_get_string(cnf, value, "path");
+	if (!path)
+		{
+		ERR_get_error();
+		path = name;
+		}
+	dso = DSO_load(NULL, path, NULL, 0);
+	if (!dso)
+		{
+		errcode = CONF_R_ERROR_LOADING_DSO;
+		goto err;
+		}
+        ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
+	if (!ifunc)
+		{
+		errcode = CONF_R_MISSING_INIT_FUNCTION;
+		goto err;
+		}
+        ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
+	/* All OK, add module */
+	md = module_add(dso, name, ifunc, ffunc);
+
+	if (!md)
+		goto err;
+
+	return md;
+
+	err:
+	if (dso)
+		DSO_free(dso);
+	CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);
+	ERR_add_error_data(4, "module=", name, ", path=", path);
+	return NULL;
+	}
+
+/* add module to list */
+static CONF_MODULE *module_add(DSO *dso, const char *name,
+			       conf_init_func *ifunc, conf_finish_func *ffunc)
+	{
+	CONF_MODULE *tmod = NULL;
+	if (supported_modules == NULL)
+		supported_modules = sk_CONF_MODULE_new_null();
+	if (supported_modules == NULL)
+		return NULL;
+	tmod = OPENSSL_malloc(sizeof(CONF_MODULE));
+	if (tmod == NULL)
+		return NULL;
+
+	tmod->dso = dso;
+	tmod->name = BUF_strdup(name);
+	tmod->init = ifunc;
+	tmod->finish = ffunc;
+	tmod->links = 0;
+
+	if (!sk_CONF_MODULE_push(supported_modules, tmod))
+		{
+		OPENSSL_free(tmod);
+		return NULL;
+		}
+
+	return tmod;
+	}
+
+/* Find a module from the list. We allow module names of the
+ * form modname.XXXX to just search for modname to allow the
+ * same module to be initialized more than once.
+ */
+
+static CONF_MODULE *module_find(char *name)
+	{
+	CONF_MODULE *tmod;
+	int i, nchar;
+	char *p;
+	p = strrchr(name, '.');
+
+	if (p)
+		nchar = p - name;
+	else 
+		nchar = strlen(name);
+
+	for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++)
+		{
+		tmod = sk_CONF_MODULE_value(supported_modules, i);
+		if (!strncmp(tmod->name, name, nchar))
+			return tmod;
+		}
+
+	return NULL;
+
+	}
+
+/* initialize a module */
+static int module_init(CONF_MODULE *pmod, char *name, char *value,
+		       const CONF *cnf)
+	{
+	int ret = 1;
+	int init_called = 0;
+	CONF_IMODULE *imod = NULL;
+
+	/* Otherwise add initialized module to list */
+	imod = OPENSSL_malloc(sizeof(CONF_IMODULE));
+	if (!imod)
+		goto err;
+
+	imod->pmod = pmod;
+	imod->name = BUF_strdup(name);
+	imod->value = BUF_strdup(value);
+	imod->usr_data = NULL;
+
+	if (!imod->name || !imod->value)
+		goto memerr;
+
+	/* Try to initialize module */
+	if(pmod->init)
+		{
+		ret = pmod->init(imod, cnf);
+		init_called = 1;
+		/* Error occurred, exit */
+		if (ret <= 0)
+			goto err;
+		}
+
+	if (initialized_modules == NULL)
+		{
+		initialized_modules = sk_CONF_IMODULE_new_null();
+		if (!initialized_modules)
+			{
+			CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		}
+
+	if (!sk_CONF_IMODULE_push(initialized_modules, imod))
+		{
+		CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	pmod->links++;
+
+	return ret;
+
+	err:
+
+	/* We've started the module so we'd better finish it */
+	if (pmod->finish && init_called)
+		pmod->finish(imod);
+
+	memerr:
+	if (imod)
+		{
+		if (imod->name)
+			OPENSSL_free(imod->name);
+		if (imod->value)
+			OPENSSL_free(imod->value);
+		OPENSSL_free(imod);
+		}
+
+	return -1;
+
+	}
+
+/* Unload any dynamic modules that have a link count of zero:
+ * i.e. have no active initialized modules. If 'all' is set
+ * then all modules are unloaded including static ones.
+ */
+
+void CONF_modules_unload(int all)
+	{
+	int i;
+	CONF_MODULE *md;
+	CONF_modules_finish();
+	/* unload modules in reverse order */
+	for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--)
+		{
+		md = sk_CONF_MODULE_value(supported_modules, i);
+		/* If static or in use and 'all' not set ignore it */
+		if (((md->links > 0) || !md->dso) && !all)
+			continue;
+		/* Since we're working in reverse this is OK */
+		sk_CONF_MODULE_delete(supported_modules, i);
+		module_free(md);
+		}
+	if (sk_CONF_MODULE_num(supported_modules) == 0)
+		{
+		sk_CONF_MODULE_free(supported_modules);
+		supported_modules = NULL;
+		}
+	}
+
+/* unload a single module */
+static void module_free(CONF_MODULE *md)
+	{
+	if (md->dso)
+		DSO_free(md->dso);
+	OPENSSL_free(md->name);
+	OPENSSL_free(md);
+	}
+
+/* finish and free up all modules instances */
+
+void CONF_modules_finish(void)
+	{
+	CONF_IMODULE *imod;
+	while (sk_CONF_IMODULE_num(initialized_modules) > 0)
+		{
+		imod = sk_CONF_IMODULE_pop(initialized_modules);
+		module_finish(imod);
+		}
+	sk_CONF_IMODULE_free(initialized_modules);
+	initialized_modules = NULL;
+	}
+
+/* finish a module instance */
+
+static void module_finish(CONF_IMODULE *imod)
+	{
+	if (imod->pmod->finish)
+		imod->pmod->finish(imod);
+	imod->pmod->links--;
+	OPENSSL_free(imod->name);
+	OPENSSL_free(imod->value);
+	OPENSSL_free(imod);
+	}
+
+/* Add a static module to OpenSSL */
+
+int CONF_module_add(const char *name, conf_init_func *ifunc, 
+		    conf_finish_func *ffunc)
+	{
+	if (module_add(NULL, name, ifunc, ffunc))
+		return 1;
+	else
+		return 0;
+	}
+
+void CONF_modules_free(void)
+	{
+	CONF_modules_finish();
+	CONF_modules_unload(1);
+	}
+
+/* Utility functions */
+
+const char *CONF_imodule_get_name(const CONF_IMODULE *md)
+	{
+	return md->name;
+	}
+
+const char *CONF_imodule_get_value(const CONF_IMODULE *md)
+	{
+	return md->value;
+	}
+
+void *CONF_imodule_get_usr_data(const CONF_IMODULE *md)
+	{
+	return md->usr_data;
+	}
+
+void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data)
+	{
+	md->usr_data = usr_data;
+	}
+
+CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md)
+	{
+	return md->pmod;
+	}
+
+unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md)
+	{
+	return md->flags;
+	}
+
+void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags)
+	{
+	md->flags = flags;
+	}
+
+void *CONF_module_get_usr_data(CONF_MODULE *pmod)
+	{
+	return pmod->usr_data;
+	}
+
+void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
+	{
+	pmod->usr_data = usr_data;
+	}
+
+/* Return default config file name */
+
+char *CONF_get1_default_config_file(void)
+	{
+	char *file;
+	int len;
+
+	file = getenv("OPENSSL_CONF");
+	if (file) 
+		return BUF_strdup(file);
+
+	len = strlen(X509_get_default_cert_area());
+#ifndef OPENSSL_SYS_VMS
+	len++;
+#endif
+	len += strlen(OPENSSL_CONF);
+
+	file = OPENSSL_malloc(len + 1);
+
+	if (!file)
+		return NULL;
+	strcpy(file,X509_get_default_cert_area());
+#ifndef OPENSSL_SYS_VMS
+	strcat(file,"/");
+#endif
+	strcat(file,OPENSSL_CONF);
+
+	return file;
+	}
+
+/* This function takes a list separated by 'sep' and calls the
+ * callback function giving the start and length of each member
+ * optionally stripping leading and trailing whitespace. This can
+ * be used to parse comma separated lists for example.
+ */
+
+int CONF_parse_list(const char *list, int sep, int nospc,
+	int (*list_cb)(const char *elem, int len, void *usr), void *arg)
+	{
+	int ret;
+	const char *lstart, *tmpend, *p;
+	lstart = list;
+
+	for(;;)
+		{
+		if (nospc)
+			{
+			while(*lstart && isspace((unsigned char)*lstart))
+				lstart++;
+			}
+		p = strchr(lstart, sep);
+		if (p == lstart || !*lstart)
+			ret = list_cb(NULL, 0, arg);
+		else
+			{
+			if (p)
+				tmpend = p - 1;
+			else 
+				tmpend = lstart + strlen(lstart) - 1;
+			if (nospc)
+				{
+				while(isspace((unsigned char)*tmpend))
+					tmpend--;
+				}
+			ret = list_cb(lstart, tmpend - lstart + 1, arg);
+			}
+		if (ret <= 0)
+			return ret;
+		if (p == NULL)
+			return 1;
+		lstart = p + 1;
+		}
+	}
+
diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
new file mode 100644
index 0000000000..97fb174303
--- /dev/null
+++ b/crypto/conf/conf_sap.c
@@ -0,0 +1,107 @@
+/* conf_sap.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/engine.h>
+
+/* This is the automatic configuration loader: it is called automatically by
+ * OpenSSL when any of a number of standard initialisation functions are called,
+ * unless this is overridden by calling OPENSSL_no_config()
+ */
+
+static int openssl_configured = 0;
+
+void OPENSSL_config(const char *config_name)
+	{
+	if (openssl_configured)
+		return;
+
+	OPENSSL_load_builtin_modules();
+	/* Need to load ENGINEs */
+	ENGINE_load_builtin_engines();
+	/* Add others here? */
+
+
+	ERR_clear_error();
+	if (CONF_modules_load_file(NULL, NULL,
+					CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0)
+		{
+		BIO *bio_err;
+		ERR_load_crypto_strings();
+		if ((bio_err=BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL)
+			{
+			BIO_printf(bio_err,"Auto configuration failed\n");
+			ERR_print_errors(bio_err);
+			BIO_free(bio_err);
+			}
+		exit(1);
+		}
+
+	return;
+	}
+
+void OPENSSL_no_config()
+	{
+	openssl_configured = 1;
+	}
diff --git a/crypto/conf/keysets.pl b/crypto/conf/keysets.pl
index 1aed0c80c4..50ed67fa52 100644
--- a/crypto/conf/keysets.pl
+++ b/crypto/conf/keysets.pl
@@ -3,14 +3,18 @@
 $NUMBER=0x01;
 $UPPER=0x02;
 $LOWER=0x04;
-$EOF=0x08;
+$UNDER=0x100;
+$PUNCTUATION=0x200;
 $WS=0x10;
 $ESC=0x20;
 $QUOTE=0x40;
+$DQUOTE=0x400;
 $COMMENT=0x80;
-$UNDER=0x100;
+$FCOMMENT=0x800;
+$EOF=0x08;
+$HIGHBIT=0x1000;
 
-foreach (0 .. 127)
+foreach (0 .. 255)
 	{
 	$v=0;
 	$c=sprintf("%c",$_);
@@ -18,44 +22,164 @@ foreach (0 .. 127)
 	$v|=$UPPER	if ($c =~ /[A-Z]/);
 	$v|=$LOWER	if ($c =~ /[a-z]/);
 	$v|=$UNDER	if ($c =~ /_/);
-	$v|=$WS		if ($c =~ / \t\r\n/);
+	$v|=$PUNCTUATION if ($c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/);
+	$v|=$WS		if ($c =~ /[ \t\r\n]/);
 	$v|=$ESC	if ($c =~ /\\/);
-	$v|=$QUOTE	if ($c =~ /['`"]/);
+	$v|=$QUOTE	if ($c =~ /['`"]/); # for emacs: "`'}/)
 	$v|=$COMMENT	if ($c =~ /\#/);
 	$v|=$EOF	if ($c =~ /\0/);
+	$v|=$HIGHBIT	if ($c =~/[\x80-\xff]/);
+
+	push(@V_def,$v);
+	}
+
+foreach (0 .. 255)
+	{
+	$v=0;
+	$c=sprintf("%c",$_);
+	$v|=$NUMBER	if ($c =~ /[0-9]/);
+	$v|=$UPPER	if ($c =~ /[A-Z]/);
+	$v|=$LOWER	if ($c =~ /[a-z]/);
+	$v|=$UNDER	if ($c =~ /_/);
+	$v|=$PUNCTUATION if ($c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/);
+	$v|=$WS		if ($c =~ /[ \t\r\n]/);
+	$v|=$DQUOTE	if ($c =~ /["]/); # for emacs: "}/)
+	$v|=$FCOMMENT	if ($c =~ /;/);
+	$v|=$EOF	if ($c =~ /\0/);
+	$v|=$HIGHBIT	if ($c =~/[\x80-\xff]/);
 
-	push(@V,$v);
+	push(@V_w32,$v);
 	}
 
 print <<"EOF";
+/* crypto/conf/conf_def.h */
+/* Copyright (C) 1995-1998 Eric Young (eay\@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay\@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh\@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay\@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh\@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* THIS FILE WAS AUTOMAGICALLY GENERATED!
+   Please modify and use keysets.pl to regenerate it. */
+
 #define CONF_NUMBER		$NUMBER
 #define CONF_UPPER		$UPPER
 #define CONF_LOWER		$LOWER
-#define CONF_EOF		$EOF
+#define CONF_UNDER		$UNDER
+#define CONF_PUNCTUATION	$PUNCTUATION
 #define CONF_WS			$WS
 #define CONF_ESC		$ESC
 #define CONF_QUOTE		$QUOTE
+#define CONF_DQUOTE		$DQUOTE
 #define CONF_COMMENT		$COMMENT
+#define CONF_FCOMMENT		$FCOMMENT
+#define CONF_EOF		$EOF
+#define CONF_HIGHBIT		$HIGHBIT
 #define CONF_ALPHA		(CONF_UPPER|CONF_LOWER)
 #define CONF_ALPHA_NUMERIC	(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
-#define CONF_UNDER		$UNDER
+#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \\
+					CONF_PUNCTUATION)
+
+#define KEYTYPES(c)		((unsigned short *)((c)->meth_data))
+#ifndef CHARSET_EBCDIC
+#define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
+#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
+#define IS_EOF(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_EOF)
+#define IS_ESC(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_ESC)
+#define IS_NUMBER(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
+#define IS_WS(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_WS)
+#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
+#define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
+				(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
+#define IS_QUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
+#define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
+#define IS_HIGHBIT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
 
-#define IS_COMMENT(a)		(CONF_COMMENT&(CONF_type[(a)&0x7f]))
-#define IS_EOF(a)		((a) == '\\0')
-#define IS_ESC(a)		((a) == '\\\\')
-#define IS_NUMER(a)		(CONF_type[(a)&0x7f]&CONF_NUMBER)
-#define IS_WS(a)		(CONF_type[(a)&0x7f]&CONF_WS)
-#define IS_ALPHA_NUMERIC(a)	(CONF_type[(a)&0x7f]&CONF_ALPHA_NUMERIC)
-#define IS_QUOTE(a)		(CONF_type[(a)&0x7f]&CONF_QUOTE)
+#else /*CHARSET_EBCDIC*/
+
+#define IS_COMMENT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
+#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
+#define IS_EOF(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
+#define IS_ESC(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
+#define IS_NUMBER(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
+#define IS_WS(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
+#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
+#define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
+				(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
+#define IS_QUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
+#define IS_DQUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
+#define IS_HIGHBIT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
+#endif /*CHARSET_EBCDIC*/
 
 EOF
 
-print "static unsigned short CONF_type[128]={";
+print "static unsigned short CONF_type_default[256]={";
+
+for ($i=0; $i<256; $i++)
+	{
+	print "\n\t" if ($i % 8) == 0;
+	printf "0x%04X,",$V_def[$i];
+	}
+
+print "\n\t};\n\n";
+
+print "static unsigned short CONF_type_win32[256]={";
 
-for ($i=0; $i<128; $i++)
+for ($i=0; $i<256; $i++)
 	{
 	print "\n\t" if ($i % 8) == 0;
-	printf "0x%03X,",$V[$i];
+	printf "0x%04X,",$V_w32[$i];
 	}
 
-print "\n\t};\n";
+print "\n\t};\n\n";
diff --git a/crypto/conf/test.c b/crypto/conf/test.c
index 899ee2a067..7fab85053e 100644
--- a/crypto/conf/test.c
+++ b/crypto/conf/test.c
@@ -58,7 +58,8 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "conf.h"
+#include <openssl/conf.h>
+#include <openssl/err.h>
 
 main()
 	{
@@ -66,7 +67,10 @@ main()
 	long eline;
 	char *s,*s2;
 
-	conf=CONF_load(NULL,"ssleay.conf",&eline);
+#ifdef USE_WIN32
+	CONF_set_default_method(CONF_WIN32);
+#endif
+	conf=CONF_load(NULL,"ssleay.cnf",&eline);
 	if (conf == NULL)
 		{
 		ERR_load_crypto_strings();
@@ -87,5 +91,8 @@ main()
 	s=CONF_get_string(conf,"s_client","cipher1");
 	printf("s_client:cipher1=%s\n",(s == NULL)?"NULL":s);
 
+	printf("---------------------------- DUMP ------------------------\n");
+	CONF_dump_fp(conf, stdout);
+
 	exit(0);
 	}
diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c
index 27652fca40..1b4a1cb4d4 100644
--- a/crypto/cpt_err.c
+++ b/crypto/cpt_err.c
@@ -1,85 +1,101 @@
-/* lib/crypto/crypto_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/cpt_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
  */
+
 #include <stdio.h>
-#include "err.h"
-#include "crypto.h"
+#include <openssl/err.h>
+#include <openssl/crypto.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA CRYPTO_str_functs[]=
 	{
 {ERR_PACK(0,CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,0),	"CRYPTO_get_ex_new_index"},
+{ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,0),	"CRYPTO_get_new_dynlockid"},
 {ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_LOCKID,0),	"CRYPTO_get_new_lockid"},
 {ERR_PACK(0,CRYPTO_F_CRYPTO_SET_EX_DATA,0),	"CRYPTO_set_ex_data"},
-{0,NULL},
+{ERR_PACK(0,CRYPTO_F_DEF_ADD_INDEX,0),	"DEF_ADD_INDEX"},
+{ERR_PACK(0,CRYPTO_F_DEF_GET_CLASS,0),	"DEF_GET_CLASS"},
+{ERR_PACK(0,CRYPTO_F_INT_DUP_EX_DATA,0),	"INT_DUP_EX_DATA"},
+{ERR_PACK(0,CRYPTO_F_INT_FREE_EX_DATA,0),	"INT_FREE_EX_DATA"},
+{ERR_PACK(0,CRYPTO_F_INT_NEW_EX_DATA,0),	"INT_NEW_EX_DATA"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA CRYPTO_str_reasons[]=
+	{
+{CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK     ,"no dynlock create callback"},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_CRYPTO_strings()
+void ERR_load_CRYPTO_strings(void)
 	{
 	static int init=1;
 
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_functs);
+		ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_reasons);
 #endif
 
 		}
diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index 3614e3fc5d..38e2a53394 100644
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -1,4 +1,57 @@
 /* crypto/cryptlib.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -55,23 +108,31 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
 #include <stdio.h>
 #include <string.h>
 #include "cryptlib.h"
-#include "crypto.h"
-#include "date.h"
+#include <openssl/crypto.h>
+#include <openssl/safestack.h>
 
-#if defined(WIN32) || defined(WIN16)
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
 static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
 #endif
 
+DECLARE_STACK_OF(CRYPTO_dynlock)
+IMPLEMENT_STACK_OF(CRYPTO_dynlock)
+
 /* real #defines in crypto.h, keep these upto date */
-static char* lock_names[CRYPTO_NUM_LOCKS] =
+static const char* lock_names[CRYPTO_NUM_LOCKS] =
 	{
 	"<<ERROR>>",
 	"err",
-	"err_hash",
+	"ex_data",
 	"x509",
 	"x509_info",
 	"x509_pkey",
@@ -84,39 +145,64 @@ static char* lock_names[CRYPTO_NUM_LOCKS] =
 	"ssl_ctx",
 	"ssl_cert",
 	"ssl_session",
+	"ssl_sess_cert",
 	"ssl",
+	"ssl_method",
 	"rand",
+	"rand2",
 	"debug_malloc",
 	"BIO",
-	"bio_gethostbyname",
+	"gethostbyname",
+	"getservbyname",
+	"readdir",
 	"RSA_blinding",
+	"dh",
+	"debug_malloc2",
+	"dso",
+	"dynlock",
+	"engine",
+	"ui",
+	"ecdsa",
+	"ec",
+	"ecdh",
+	"bn",
+#if CRYPTO_NUM_LOCKS != 36
+# error "Inconsistency between crypto.h and cryptlib.c"
+#endif
 	};
 
+/* This is for applications to allocate new type names in the non-dynamic
+   array of lock names.  These are numbered with positive numbers.  */
 static STACK *app_locks=NULL;
 
-#ifndef NOPROTO
+/* For applications that want a more dynamic way of handling threads, the
+   following stack is used.  These are externally numbered with negative
+   numbers.  */
+static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL;
+
+
 static void (MS_FAR *locking_callback)(int mode,int type,
-	char *file,int line)=NULL;
+	const char *file,int line)=NULL;
 static int (MS_FAR *add_lock_callback)(int *pointer,int amount,
-	int type,char *file,int line)=NULL;
+	int type,const char *file,int line)=NULL;
 static unsigned long (MS_FAR *id_callback)(void)=NULL;
-#else
-static void (MS_FAR *locking_callback)()=NULL;
-static int (MS_FAR *add_lock_callback)()=NULL;
-static unsigned long (MS_FAR *id_callback)()=NULL;
-#endif
+static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback)
+	(const char *file,int line)=NULL;
+static void (MS_FAR *dynlock_lock_callback)(int mode,
+	struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL;
+static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l,
+	const char *file,int line)=NULL;
 
-int CRYPTO_get_new_lockid(name)
-char *name;
+int CRYPTO_get_new_lockid(char *name)
 	{
 	char *str;
 	int i;
 
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
 	/* A hack to make Visual C++ 5.0 work correctly when linking as
 	 * a DLL using /MT. Without this, the application cannot use
 	 * and floating point printf's.
 	 * It also seems to be needed for Visual C 1.5 (win16) */
-#if defined(WIN32) || defined(WIN16)
 	SSLeay_MSVC5_hack=(double)name[0]*(double)name[1];
 #endif
 
@@ -126,59 +212,221 @@ char *name;
 		return(0);
 		}
 	if ((str=BUF_strdup(name)) == NULL)
+		{
+		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
 		return(0);
+		}
 	i=sk_push(app_locks,str);
 	if (!i)
-		Free(str);
+		OPENSSL_free(str);
 	else
 		i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */
 	return(i);
 	}
 
-void (*CRYPTO_get_locking_callback(P_V))(P_I_I_P_I)
+int CRYPTO_num_locks(void)
+	{
+	return CRYPTO_NUM_LOCKS;
+	}
+
+int CRYPTO_get_new_dynlockid(void)
+	{
+	int i = 0;
+	CRYPTO_dynlock *pointer = NULL;
+
+	if (dynlock_create_callback == NULL)
+		{
+		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK);
+		return(0);
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+	if ((dyn_locks == NULL)
+		&& ((dyn_locks=sk_CRYPTO_dynlock_new_null()) == NULL))
+		{
+		CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+	pointer = (CRYPTO_dynlock *)OPENSSL_malloc(sizeof(CRYPTO_dynlock));
+	if (pointer == NULL)
+		{
+		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	pointer->references = 1;
+	pointer->data = dynlock_create_callback(__FILE__,__LINE__);
+	if (pointer->data == NULL)
+		{
+		OPENSSL_free(pointer);
+		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+
+	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+	/* First, try to find an existing empty slot */
+	i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
+	/* If there was none, push, thereby creating a new one */
+	if (i == -1)
+		i=sk_CRYPTO_dynlock_push(dyn_locks,pointer);
+	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+	if (!i)
+		{
+		dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
+		OPENSSL_free(pointer);
+		}
+	else
+		i += 1; /* to avoid 0 */
+	return -i;
+	}
+
+void CRYPTO_destroy_dynlockid(int i)
+	{
+	CRYPTO_dynlock *pointer = NULL;
+	if (i)
+		i = -i-1;
+	if (dynlock_destroy_callback == NULL)
+		return;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+
+	if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks))
+		{
+		CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+		return;
+		}
+	pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
+	if (pointer != NULL)
+		{
+		--pointer->references;
+#ifdef REF_CHECK
+		if (pointer->references < 0)
+			{
+			fprintf(stderr,"CRYPTO_destroy_dynlockid, bad reference count\n");
+			abort();
+			}
+		else
+#endif
+			if (pointer->references <= 0)
+				{
+				sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
+				}
+			else
+				pointer = NULL;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+	if (pointer)
+		{
+		dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
+		OPENSSL_free(pointer);
+		}
+	}
+
+struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i)
+	{
+	CRYPTO_dynlock *pointer = NULL;
+	if (i)
+		i = -i-1;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+
+	if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks))
+		pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
+	if (pointer)
+		pointer->references++;
+
+	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+	if (pointer)
+		return pointer->data;
+	return NULL;
+	}
+
+struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))
+	(const char *file,int line)
+	{
+	return(dynlock_create_callback);
+	}
+
+void (*CRYPTO_get_dynlock_lock_callback(void))(int mode,
+	struct CRYPTO_dynlock_value *l, const char *file,int line)
+	{
+	return(dynlock_lock_callback);
+	}
+
+void (*CRYPTO_get_dynlock_destroy_callback(void))
+	(struct CRYPTO_dynlock_value *l, const char *file,int line)
+	{
+	return(dynlock_destroy_callback);
+	}
+
+void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func)
+	(const char *file, int line))
+	{
+	dynlock_create_callback=func;
+	}
+
+void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode,
+	struct CRYPTO_dynlock_value *l, const char *file, int line))
+	{
+	dynlock_lock_callback=func;
+	}
+
+void CRYPTO_set_dynlock_destroy_callback(void (*func)
+	(struct CRYPTO_dynlock_value *l, const char *file, int line))
+	{
+	dynlock_destroy_callback=func;
+	}
+
+
+void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
+		int line)
 	{
 	return(locking_callback);
 	}
 
-int (*CRYPTO_get_add_lock_callback(P_V))(P_IP_I_I_P_I)
+int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
+					  const char *file,int line)
 	{
 	return(add_lock_callback);
 	}
 
-void CRYPTO_set_locking_callback(func)
-void (*func)(P_I_I_P_I);
+void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
+					      const char *file,int line))
 	{
 	locking_callback=func;
 	}
 
-void CRYPTO_set_add_lock_callback(func)
-int (*func)(P_IP_I_I_P_I);
+void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
+					      const char *file,int line))
 	{
 	add_lock_callback=func;
 	}
 
-unsigned long (*CRYPTO_get_id_callback(P_V))(P_V)
+unsigned long (*CRYPTO_get_id_callback(void))(void)
 	{
 	return(id_callback);
 	}
 
-void CRYPTO_set_id_callback(func)
-unsigned long (*func)(P_V);
+void CRYPTO_set_id_callback(unsigned long (*func)(void))
 	{
 	id_callback=func;
 	}
 
-unsigned long CRYPTO_thread_id()
+unsigned long CRYPTO_thread_id(void)
 	{
 	unsigned long ret=0;
 
 	if (id_callback == NULL)
 		{
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
 		ret=(unsigned long)GetCurrentTask();
-#elif defined(WIN32)
+#elif defined(OPENSSL_SYS_WIN32)
 		ret=(unsigned long)GetCurrentThreadId();
-#elif defined(MSDOS)
+#elif defined(GETPID_IS_MEANINGLESS)
 		ret=1L;
 #else
 		ret=(unsigned long)getpid();
@@ -189,11 +437,7 @@ unsigned long CRYPTO_thread_id()
 	return(ret);
 	}
 
-void CRYPTO_lock(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
+void CRYPTO_lock(int mode, int type, const char *file, int line)
 	{
 #ifdef LOCK_DEBUG
 		{
@@ -218,18 +462,27 @@ int line;
 			CRYPTO_get_lock_name(type), file, line);
 		}
 #endif
-	if (locking_callback != NULL)
-		locking_callback(mode,type,file,line);
+	if (type < 0)
+		{
+		struct CRYPTO_dynlock_value *pointer
+			= CRYPTO_get_dynlock_value(type);
+
+		if (pointer && dynlock_lock_callback)
+			{
+			dynlock_lock_callback(mode, pointer, file, line);
+			}
+
+		CRYPTO_destroy_dynlockid(type);
+		}
+	else
+		if (locking_callback != NULL)
+			locking_callback(mode,type,file,line);
 	}
 
-int CRYPTO_add_lock(pointer,amount,type,file,line)
-int *pointer;
-int amount;
-int type;
-char *file;
-int line;
+int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
+	     int line)
 	{
-	int ret;
+	int ret = 0;
 
 	if (add_lock_callback != NULL)
 		{
@@ -245,7 +498,6 @@ int line;
 			CRYPTO_get_lock_name(type),
 			file,line);
 #endif
-		*pointer=ret;
 		}
 	else
 		{
@@ -265,29 +517,26 @@ int line;
 	return(ret);
 	}
 
-char *CRYPTO_get_lock_name(type)
-int type;
+const char *CRYPTO_get_lock_name(int type)
 	{
 	if (type < 0)
-		return("ERROR");
+		return("dynamic");
 	else if (type < CRYPTO_NUM_LOCKS)
 		return(lock_names[type]);
-	else if (type-CRYPTO_NUM_LOCKS >= sk_num(app_locks))
+	else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks))
 		return("ERROR");
 	else
 		return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
 	}
 
 #ifdef _DLL
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 
 /* All we really need to do is remove the 'error' state when a thread
  * detaches */
 
-BOOL WINAPI DLLEntryPoint(hinstDLL,fdwReason,lpvReserved)
-HINSTANCE hinstDLL;
-DWORD fdwReason;
-LPVOID lpvReserved;
+BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason,
+	     LPVOID lpvReserved)
 	{
 	switch(fdwReason)
 		{
@@ -306,3 +555,11 @@ LPVOID lpvReserved;
 #endif
 
 #endif
+
+void OpenSSLDie(const char *file,int line,const char *assertion)
+	{
+	fprintf(stderr,
+		"%s(%d): OpenSSL internal error, assertion failed: %s\n",
+		file,line,assertion);
+	abort();
+	}
diff --git a/crypto/cryptlib.h b/crypto/cryptlib.h
index 7208f9e4e9..0d6b9d59f0 100644
--- a/crypto/cryptlib.h
+++ b/crypto/cryptlib.h
@@ -62,37 +62,37 @@
 #include <stdlib.h>
 #include <string.h>
 
+#include "e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/buffer.h> 
+#include <openssl/bio.h> 
+#include <openssl/err.h>
+#include <openssl/opensslconf.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-/* #ifdef FLAT_INC */
-
-#include "e_os.h"
-#include "crypto.h"
-#include "buffer.h" 
-#include "bio.h" 
-#include "err.h"
-
-/*
+#ifndef OPENSSL_SYS_VMS
+#define X509_CERT_AREA		OPENSSLDIR
+#define X509_CERT_DIR		OPENSSLDIR "/certs"
+#define X509_CERT_FILE		OPENSSLDIR "/cert.pem"
+#define X509_PRIVATE_DIR	OPENSSLDIR "/private"
 #else
-
-#include "../e_os.h"
-#include "crypto.h"
-#include "buffer/buffer.h"
-#include "bio/bio.h"
-#include "err/err.h"
+#define X509_CERT_AREA		"SSLROOT:[000000]"
+#define X509_CERT_DIR		"SSLCERTS:"
+#define X509_CERT_FILE		"SSLCERTS:cert.pem"
+#define X509_PRIVATE_DIR        "SSLPRIVATE:"
 #endif
-*/
-
-#define X509_CERT_AREA		"/usr/local/ssl"
-#define X509_CERT_DIR		"/usr/local/ssl/certs"
-#define X509_CERT_FILE		"/usr/local/ssl/cert.pem"
-#define X509_PRIVATE_DIR        "/usr/local/ssl/private"
 
 #define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
 #define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
 
+/* size of string representations */
+#define DECIMAL_SIZE(type)	((sizeof(type)*8+2)/3+1)
+#define HEX_SIZE(type)		(sizeof(type)*2)
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com
new file mode 100644
index 0000000000..ced978cf14
--- /dev/null
+++ b/crypto/crypto-lib.com
@@ -0,0 +1,1285 @@
+$!
+$!  CRYPTO-LIB.COM
+$!  Written By:  Robert Byer
+$!               Vice-President
+$!               A-Com Computing, Inc.
+$!               byer@mail.all-net.net
+$!
+$!  Changes by Richard Levitte <richard@levitte.org>
+$!
+$!  This command files compiles and creates the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" 
+$!  library for OpenSSL.  The "xxx" denotes the machine architecture of AXP
+$!  or VAX.
+$!
+$!  It was re-written so it would try to determine what "C" compiler to use 
+$!  or you can specify which "C" compiler to use.
+$!
+$!  Specify the following as P1 to build just that part or ALL to just
+$!  build everything.
+$!
+$!    		LIBRARY    To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
+$!    		APPS       To just compile the [.xxx.EXE.CRYPTO]*.EXE
+$!		ALL	   To do both LIBRARY and APPS
+$!
+$!  Specify DEBUG or NODEBUG as P2 to compile with or without debugger
+$!  information.
+$!
+$!  Specify which compiler at P3 to try to compile under.
+$!
+$!	   VAXC	 For VAX C.
+$!	   DECC	 For DEC C.
+$!	   GNUC	 For GNU C.
+$!
+$!  If you don't speficy a compiler, it will try to determine which
+$!  "C" compiler to use.
+$!
+$!  P4, if defined, sets a TCP/IP library to use, through one of the following
+$!  keywords:
+$!
+$!	UCX		for UCX
+$!	TCPIP		for TCPIP (post UCX)
+$!	SOCKETSHR	for SOCKETSHR+NETLIB
+$!
+$!  P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$!
+$!  P6, if defined, sets a choice of crypto methods to compile.
+$!  WARNING: this should only be done to recompile some part of an already
+$!  fully compiled library.
+$!
+$!
+$! Define A TCP/IP Library That We Will Need To Link To.
+$! (That Is, If We Need To Link To One.)
+$!
+$ TCPIP_LIB = ""
+$!
+$! Check Which Architecture We Are Using.
+$!
+$ IF (F$GETSYI("CPU").GE.128)
+$ THEN
+$!
+$!  The Architecture Is AXP
+$!
+$   ARCH := AXP
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  The Architecture Is VAX.
+$!
+$   ARCH := VAX
+$!
+$! End The Architecture Check.
+$!
+$ ENDIF
+$!
+$! Define The Different Encryption Types.
+$!
+$ ENCRYPT_TYPES = "Basic,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ -
+		  "DES,RC2,RC4,RC5,IDEA,BF,CAST,"+ -
+		  "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,"+ -
+		  "BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,"+ -
+		  "EVP,EVP_2,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
+		  "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5"
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
+$! Initialise logical names and such
+$!
+$ GOSUB INITIALISE
+$!
+$! Tell The User What Kind of Machine We Run On.
+$!
+$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$!
+$! Define The OBJ Directory.
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.CRYPTO]
+$!
+$! Check To See If The Architecture Specific OBJ Directory Exists.
+$!
+$ IF (F$PARSE(OBJ_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIR 'OBJ_DIR'
+$!
+$! End The Architecture Specific OBJ Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The EXE Directory.
+$!
+$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]
+$!
+$! Check To See If The Architecture Specific Directory Exists.
+$!
+$ IF (F$PARSE(EXE_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIRECTORY 'EXE_DIR'
+$!
+$! End The Architecture Specific Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The Library Name.
+$!
+$ LIB_NAME := 'EXE_DIR'LIBCRYPTO.OLB
+$!
+$! Define The CRYPTO-LIB We Are To Use.
+$!
+$ CRYPTO_LIB := 'EXE_DIR'LIBCRYPTO.OLB
+$!
+$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library...
+$!
+$ IF (F$SEARCH(LIB_NAME).EQS."")
+$ THEN
+$!
+$! Guess Not, Create The Library.
+$!
+$   LIBRARY/CREATE/OBJECT 'LIB_NAME'
+$!
+$! End The Library Check.
+$!
+$ ENDIF
+$!
+$! Build our options file for the application
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Define The Different Encryption "library" Strings.
+$!
+$ APPS_DES = "DES/DES,CBC3_ENC"
+$ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
+$
+$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,tmdiff,cpt_err,ebcdic,uid,o_time"
+$ LIB_MD2 = "md2_dgst,md2_one"
+$ LIB_MD4 = "md4_dgst,md4_one"
+$ LIB_MD5 = "md5_dgst,md5_one"
+$ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one"
+$ LIB_MDC2 = "mdc2dgst,mdc2_one"
+$ LIB_HMAC = "hmac"
+$ LIB_RIPEMD = "rmd_dgst,rmd_one"
+$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -
+	"ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ -
+	"enc_read,enc_writ,ofb64enc,"+ -
+	"ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
+	"des_enc,fcrypt_b,"+ -
+	"fcrypt,xcbc_enc,rpc_enc,cbc_cksm,"+ -
+	"ede_cbcm_enc,des_old,des_old2,read2pwd"
+$ LIB_RC2 = "rc2_ecb,rc2_skey,rc2_cbc,rc2cfb64,rc2ofb64"
+$ LIB_RC4 = "rc4_skey,rc4_enc"
+$ LIB_RC5 = "rc5_skey,rc5_ecb,rc5_enc,rc5cfb64,rc5ofb64"
+$ LIB_IDEA = "i_cbc,i_cfb64,i_ofb64,i_ecb,i_skey"
+$ LIB_BF = "bf_skey,bf_ecb,bf_enc,bf_cfb64,bf_ofb64"
+$ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64"
+$ LIB_BN_ASM = "[.asm]vms.mar,vms-helper"
+$ IF F$TRNLNM("OPENSSL_NO_ASM").OR.ARCH.EQS."AXP" THEN LIB_BN_ASM = "bn_asm"
+$ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
+	"bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
+	"bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -
+	"bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist"
+$ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_recp,ecp_nist,ec_cvt,ec_mult,"+ -
+	"ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ -
+	"ec2_smpl,ec2_mult"
+$ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ -
+	"rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ -
+	"rsa_asn1"
+$ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,dsa_err,dsa_ossl"
+$ LIB_ECDSA = "ecs_lib,ecs_asn1,ecs_ossl,ecs_sign,ecs_vrf,ecs_err"
+$ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err"
+$ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err"
+$ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ -
+	"dso_openssl,dso_win32,dso_vms"
+$ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ -
+	"eng_table,eng_pkey,eng_fat,eng_all,"+ -
+	"tb_rsa,tb_dsa,tb_ecdsa,tb_dh,tb_rand,tb_cipher,tb_digest,tb_ecdh,"+ -
+	"eng_openssl,eng_dyn,eng_cnf,eng_cryptodev"
+$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,aes_ctr"
+$ LIB_BUFFER = "buffer,buf_err"
+$ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
+	"bss_mem,bss_null,bss_fd,"+ -
+	"bss_file,bss_sock,bss_conn,"+ -
+	"bf_null,bf_buff,b_print,b_dump,"+ -
+	"b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log,"+ -
+	"bf_lbuf"
+$ LIB_STACK = "stack"
+$ LIB_LHASH = "lhash,lh_stats"
+$ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ -
+	"rand_vms"
+$ LIB_ERR = "err,err_all,err_prn"
+$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err"
+$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ -
+	"e_des,e_bf,e_idea,e_des3,"+ -
+	"e_rc4,e_aes,names,"+ -
+	"e_xcbc_d,e_rc2,e_cast,e_rc5"
+$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1," + -
+	"m_dss,m_dss1,m_mdc2,m_ripemd,m_ecdsa,"+ -
+	"p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ -
+	"bio_md,bio_b64,bio_enc,evp_err,e_null,"+ -
+	"c_all,c_allc,c_alld,evp_lib,bio_ok,"+-
+	"evp_pkey,evp_pbe,p5_crpt,p5_crpt2"
+$ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
+	"a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,"+ -
+	"a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ -
+	"x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,x_bignum,"+ -
+	"x_long,x_name,x_x509,x_x509a,x_crl,x_info,x_spki,nsseq,"+ -
+	"d2i_pu,d2i_pr,i2d_pu,i2d_pr"
+$ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ -
+	"tasn_new,tasn_fre,tasn_enc,tasn_dec,tasn_utl,tasn_typ,"+ -
+	"f_int,f_string,n_pkey,"+ -
+	"f_enum,a_hdr,x_pkey,a_bool,x_exten,"+ -
+	"asn1_gen,asn1_par,asn1_lib,asn1_err,a_meth,a_bytes,a_strnid,"+ -
+	"evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid"
+$ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ -
+	"pem_x509,pem_xaux,pem_oth,pem_pk8,pem_pkey"
+$ LIB_X509 = "x509_def,x509_d2,x509_r2x,x509_cmp,"+ -
+	"x509_obj,x509_req,x509spki,x509_vfy,"+ -
+	"x509_set,x509cset,x509rset,x509_err,"+ -
+	"x509name,x509_v3,x509_ext,x509_att,"+ -
+	"x509type,x509_lu,x_all,x509_txt,"+ -
+	"x509_trs,by_file,by_dir"
+$ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ -
+	"v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ -
+	"v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ -
+	"v3_ocsp,v3_akeya"
+$ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap"
+$ LIB_TXT_DB = "txt_db"
+$ LIB_PKCS7 = "pk7_asn1,pk7_lib,pkcs7err,pk7_doit,pk7_smime,pk7_attr,"+ -
+	"pk7_mime"
+$ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ -
+	"p12_init,p12_key,p12_kiss,p12_mutl,"+ -
+	"p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e"
+$ LIB_COMP = "comp_lib,comp_err,"+ -
+	"c_rle,c_zlib"
+$ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ -
+	"ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err"
+$ LIB_UI_COMPAT = ",ui_compat"
+$ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util"+LIB_UI_COMPAT
+$ LIB_KRB5 = "krb5_asn"
+$!
+$! Setup exceptional compilations
+$!
+$ COMPILEWITH_CC3 = ",bss_rtcp,"
+$ COMPILEWITH_CC4 = ",a_utctm,bss_log,o_time,"
+$ COMPILEWITH_CC5 = ",md2_dgst,md4_dgst,md5_dgst,mdc2dgst," + -
+                    "sha_dgst,sha1dgst,rmd_dgst,bf_enc,"
+$!
+$! Figure Out What Other Modules We Are To Build.
+$!
+$ BUILD_SET:
+$!
+$! Define A Module Counter.
+$!
+$ MODULE_COUNTER = 0
+$!
+$! Top Of The Loop.
+$!
+$ MODULE_NEXT:
+$!
+$! Extract The Module Name From The Encryption List.
+$!
+$ MODULE_NAME = F$ELEMENT(MODULE_COUNTER,",",ENCRYPT_TYPES)
+$ IF MODULE_NAME.EQS."Basic" THEN MODULE_NAME = ""
+$ MODULE_NAME1 = MODULE_NAME
+$!
+$! Check To See If We Are At The End Of The Module List.
+$!
+$ IF (MODULE_NAME.EQS.",") 
+$ THEN 
+$!
+$!  We Are At The End Of The Module List, Go To MODULE_DONE.
+$!
+$   GOTO MODULE_DONE
+$!
+$! End The Module List Check.
+$!
+$ ENDIF
+$!
+$! Increment The Moudle Counter.
+$!
+$ MODULE_COUNTER = MODULE_COUNTER + 1
+$!
+$! Create The Library and Apps Module Names.
+$!
+$ LIB_MODULE = "LIB_" + MODULE_NAME
+$ APPS_MODULE = "APPS_" + MODULE_NAME
+$ IF (MODULE_NAME.EQS."ASN1_2")
+$ THEN
+$   MODULE_NAME = "ASN1"
+$ ENDIF
+$ IF (MODULE_NAME.EQS."EVP_2")
+$ THEN
+$   MODULE_NAME = "EVP"
+$ ENDIF
+$!
+$! Set state (can be LIB and APPS)
+$!
+$ STATE = "LIB"
+$ IF BUILDALL .EQS. "APPS" THEN STATE = "APPS"
+$!
+$! Check if the library module name actually is defined
+$!
+$ IF F$TYPE('LIB_MODULE') .EQS. ""
+$ THEN
+$   WRITE SYS$ERROR ""
+$   WRITE SYS$ERROR "The module ",MODULE_NAME," does not exist.  Continuing..."
+$   WRITE SYS$ERROR ""
+$   GOTO MODULE_NEXT
+$ ENDIF
+$!
+$! Top Of The Module Loop.
+$!
+$ MODULE_AGAIN:
+$!
+$! Tell The User What Module We Are Building.
+$!
+$ IF (MODULE_NAME1.NES."") 
+$ THEN
+$   IF STATE .EQS. "LIB"
+$   THEN
+$     WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Library Files. (",BUILDALL,",",STATE,")"
+$   ELSE IF F$TYPE('APPS_MODULE') .NES. ""
+$     THEN
+$       WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Applications. (",BUILDALL,",",STATE,")"
+$     ENDIF
+$   ENDIF
+$ ENDIF
+$!
+$!  Define A File Counter And Set It To "0".
+$!
+$ FILE_COUNTER = 0
+$ APPLICATION = ""
+$ APPLICATION_COUNTER = 0
+$!
+$! Top Of The File Loop.
+$!
+$ NEXT_FILE:
+$!
+$! Look in the LIB_MODULE is we're in state LIB
+$!
+$ IF STATE .EQS. "LIB"
+$ THEN
+$!
+$!   O.K, Extract The File Name From The File List.
+$!
+$   FILE_NAME = F$ELEMENT(FILE_COUNTER,",",'LIB_MODULE')
+$!
+$!   else
+$!
+$ ELSE
+$   FILE_NAME = ","
+$!
+$   IF F$TYPE('APPS_MODULE') .NES. ""
+$   THEN
+$!
+$!     Extract The File Name From The File List.
+$!     This part is a bit more complicated.
+$!
+$     IF APPLICATION .EQS. ""
+$     THEN
+$       APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE')
+$       APPLICATION_COUNTER = APPLICATION_COUNTER + 1
+$       APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION)
+$       APPLICATION = F$ELEMENT(0,"/",APPLICATION)
+$       FILE_COUNTER = 0
+$     ENDIF
+$
+$!     WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*"
+$!     SHOW SYMBOL APPLICATION*
+$!
+$     IF APPLICATION .NES. ";"
+$     THEN
+$       FILE_NAME = F$ELEMENT(FILE_COUNTER,",",APPLICATION_OBJECTS)
+$       IF FILE_NAME .EQS. ","
+$       THEN
+$         APPLICATION = ""
+$         GOTO NEXT_FILE
+$       ENDIF
+$     ENDIF
+$   ENDIF
+$ ENDIF
+$!
+$! Check To See If We Are At The End Of The File List.
+$!
+$ IF (FILE_NAME.EQS.",") 
+$ THEN 
+$!
+$!  We Are At The End Of The File List, Change State Or Goto FILE_DONE.
+$!
+$   IF STATE .EQS. "LIB" .AND. BUILDALL .NES. "LIBRARY"
+$   THEN
+$     STATE = "APPS"
+$     GOTO MODULE_AGAIN
+$   ELSE
+$     GOTO FILE_DONE
+$   ENDIF
+$!
+$! End The File List Check.
+$!
+$ ENDIF
+$!
+$! Increment The Counter.
+$!
+$ FILE_COUNTER = FILE_COUNTER + 1
+$!
+$! Create The Source File Name.
+$!
+$ TMP_FILE_NAME = F$ELEMENT(1,"]",FILE_NAME)
+$ IF TMP_FILE_NAME .EQS. "]" THEN TMP_FILE_NAME = FILE_NAME
+$ IF F$ELEMENT(0,".",TMP_FILE_NAME) .EQS. TMP_FILE_NAME THEN -
+	FILE_NAME = FILE_NAME + ".c"
+$ IF (MODULE_NAME.NES."")
+$ THEN
+$   SOURCE_FILE = "SYS$DISK:[." + MODULE_NAME+ "]" + FILE_NAME
+$ ELSE
+$   SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME
+$ ENDIF
+$ SOURCE_FILE = SOURCE_FILE - "]["
+$!
+$! Create The Object File Name.
+$!
+$ OBJECT_FILE = OBJ_DIR + F$PARSE(FILE_NAME,,,"NAME","SYNTAX_ONLY") + ".OBJ"
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$! Check To See If The File We Want To Compile Is Actually There.
+$!
+$ IF (F$SEARCH(SOURCE_FILE).EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Doesn't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Doesn't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   GOTO EXIT
+$!
+$! End The File Exist Check.
+$!
+$ ENDIF
+$!
+$! Tell The User We Are Compiling The File.
+$!
+$ IF (MODULE_NAME.EQS."")
+$ THEN
+$   WRITE SYS$OUTPUT "Compiling The ",FILE_NAME," File.  (",BUILDALL,",",STATE,")"
+$ ENDIF
+$ IF (MODULE_NAME.NES."")
+$ THEN 
+$   WRITE SYS$OUTPUT "	",FILE_NAME,""
+$ ENDIF
+$!
+$! Compile The File.
+$!
+$ ON ERROR THEN GOTO NEXT_FILE
+$ FILE_NAME0 = F$ELEMENT(0,".",FILE_NAME)
+$ IF FILE_NAME - ".mar" .NES. FILE_NAME
+$ THEN
+$   MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ELSE
+$   IF COMPILEWITH_CC3 - FILE_NAME0 .NES. COMPILEWITH_CC3
+$   THEN
+$     CC3/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$   ELSE
+$     IF COMPILEWITH_CC4 - FILE_NAME0 .NES. COMPILEWITH_CC4
+$     THEN
+$       CC4/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$     ELSE
+$       IF COMPILEWITH_CC5 - FILE_NAME0 .NES. COMPILEWITH_CC5
+$       THEN
+$         CC5/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$       ELSE
+$         CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$       ENDIF
+$     ENDIF
+$   ENDIF
+$ ENDIF
+$ IF STATE .EQS. "LIB"
+$ THEN 
+$!
+$!   Add It To The Library.
+$!
+$   LIBRARY/REPLACE 'LIB_NAME' 'OBJECT_FILE'
+$!
+$!   Time To Clean Up The Object File.
+$!
+$   DELETE 'OBJECT_FILE';*
+$ ENDIF
+$!
+$! Go Back And Do It Again.
+$!
+$ GOTO NEXT_FILE
+$!
+$! All Done With This Library Part.
+$!
+$ FILE_DONE:
+$!
+$! Time To Build Some Applications
+$!
+$ IF F$TYPE('APPS_MODULE') .NES. "" .AND. BUILDALL .NES. "LIBRARY"
+$ THEN
+$   APPLICATION_COUNTER = 0
+$ NEXT_APPLICATION:
+$   APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE')
+$   IF APPLICATION .EQS. ";" THEN GOTO APPLICATION_DONE
+$
+$   APPLICATION_COUNTER = APPLICATION_COUNTER + 1
+$   APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION)
+$   APPLICATION = F$ELEMENT(0,"/",APPLICATION)
+$
+$!   WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*"
+$!   SHOW SYMBOL APPLICATION*
+$!
+$! Tell the user what happens
+$!
+$   WRITE SYS$OUTPUT "	",APPLICATION,".exe"
+$!
+$! Link The Program.
+$!
+$   ON ERROR THEN GOTO NEXT_APPLICATION
+$!
+$! Check To See If We Are To Link With A Specific TCP/IP Library.
+$!
+$   IF (TCPIP_LIB.NES."")
+$   THEN
+$!
+$!    Link With A TCP/IP Library.
+$!
+$     LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE -
+          'OBJ_DIR''APPLICATION_OBJECTS', -
+	  'CRYPTO_LIB'/LIBRARY, -
+          'TCPIP_LIB','OPT_FILE'/OPTION
+$!
+$! Else...
+$!
+$   ELSE
+$!
+$!    Don't Link With A TCP/IP Library.
+$!
+$     LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR''APPLICATION'.EXE -
+          'OBJ_DIR''APPLICATION_OBJECTS',-
+	  'CRYPTO_LIB'/LIBRARY, -
+          'OPT_FILE'/OPTION
+$!
+$! End The TCP/IP Library Check.
+$!
+$   ENDIF
+$   GOTO NEXT_APPLICATION
+$  APPLICATION_DONE:
+$ ENDIF
+$!
+$! Go Back And Get The Next Module.
+$!
+$ GOTO MODULE_NEXT
+$!
+$! All Done With This Module.
+$!
+$ MODULE_DONE:
+$!
+$! Tell The User That We Are All Done.
+$!
+$ WRITE SYS$OUTPUT "All Done..."
+$ EXIT:
+$ GOSUB CLEANUP
+$ EXIT
+$!
+$! Check For The Link Option FIle.
+$!
+$ CHECK_OPT_FILE:
+$!
+$! Check To See If We Need To Make A VAX C Option File.
+$!
+$ IF (COMPILER.EQS."VAXC")
+$ THEN
+$!
+$!  Check To See If We Already Have A VAX C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A VAX C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable VAX C Runtime Library.
+!
+SYS$SHARE:VAXCRTL.EXE/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The VAXC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A GNU C Option File.
+$!
+$ IF (COMPILER.EQS."GNUC")
+$ THEN
+$!
+$!  Check To See If We Already Have A GNU C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A GNU C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable C Runtime Library.
+!
+GNU_CC:[000000]GCCLIB/LIBRARY
+SYS$SHARE:VAXCRTL/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A DEC C Option File.
+$!
+$ IF (COMPILER.EQS."DECC")
+$ THEN
+$!
+$!  Check To See If We Already Have A DEC C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!
+$     IF ARCH .EQS. "VAX"
+$     THEN
+$!
+$!      We Need A DEC C Linker Option File For VAX.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable DEC C Runtime Library.
+!
+SYS$SHARE:DECC$SHR.EXE/SHARE
+$EOD
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Create The AXP Linker Option File.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File For AXP To Link Agianst 
+! The Sharable C Runtime Library.
+!
+SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
+SYS$SHARE:CMA$OPEN_RTL/SHARE
+$EOD
+$!
+$!    End The VAX/AXP DEC C Option File Check.
+$!
+$     ENDIF
+$!
+$!  End The Option File Search.
+$!
+$   ENDIF
+$!
+$! End The DEC C Check.
+$!
+$ ENDIF
+$!
+$!  Tell The User What Linker Option File We Are Using.
+$!
+$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."	
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$!
+$! Check The User's Options.
+$!
+$ CHECK_OPTIONS:
+$!
+$! Check To See If P1 Is Blank.
+$!
+$ IF (P1.EQS."ALL")
+$ THEN
+$!
+$!   P1 Is Blank, So Build Everything.
+$!
+$    BUILDALL = "TRUE"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Else, Check To See If P1 Has A Valid Arguement.
+$!
+$   IF (P1.EQS."LIBRARY").OR.(P1.EQS."APPS")
+$   THEN
+$!
+$!    A Valid Arguement.
+$!
+$     BUILDALL = P1
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User We Don't Know What They Want.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything."
+$     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.SSL]LIBCRYPTO.OLB Library."
+$     WRITE SYS$OUTPUT "    APPS     :  To Compile Just The [.xxx.EXE.SSL]*.EXE Programs."
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "        AXP  :  Alpha Architecture."
+$     WRITE SYS$OUTPUT "        VAX  :  VAX Architecture."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P1 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P2 Is Blank.
+$!
+$ IF (P2.EQS."NODEBUG")
+$ THEN
+$!
+$!   P2 Is NODEBUG, So Compile Without The Debugger Information.
+$!
+$    DEBUGGER = "NODEBUG"
+$    TRACEBACK = "NOTRACEBACK" 
+$    GCC_OPTIMIZE = "OPTIMIZE"
+$    CC_OPTIMIZE = "OPTIMIZE"
+$    MACRO_OPTIMIZE = "OPTIMIZE"
+$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$ ELSE
+$!
+$!  Check To See If We Are To Compile With Debugger Information.
+$!
+$   IF (P2.EQS."DEBUG")
+$   THEN
+$!
+$!    Compile With Debugger Information.
+$!
+$     DEBUGGER = "DEBUG"
+$     TRACEBACK = "TRACEBACK"
+$     GCC_OPTIMIZE = "NOOPTIMIZE"
+$     CC_OPTIMIZE = "NOOPTIMIZE"
+$     MACRO_OPTIMIZE = "NOOPTIMIZE"
+$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
+$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
+$   ELSE 
+$!
+$!    They Entered An Invalid Option..
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "     DEBUG   :  Compile With The Debugger Information."
+$     WRITE SYS$OUTPUT "     NODEBUG :  Compile Without The Debugger Information."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P2 Check.
+$!
+$ ENDIF
+$!
+$! Special Threads For OpenVMS v7.1 Or Later
+$!
+$! Written By:  Richard Levitte
+$!              richard@levitte.org
+$!
+$!
+$! Check To See If We Have A Option For P5.
+$!
+$ IF (P5.EQS."")
+$ THEN
+$!
+$!  Get The Version Of VMS We Are Using.
+$!
+$   ISSEVEN :=
+$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
+$!
+$!  Check To See If The VMS Version Is v7.1 Or Later.
+$!
+$   IF (TMP.GE.71)
+$   THEN
+$!
+$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
+$!
+$     ISSEVEN := ,PTHREAD_USE_D4
+$!
+$!  End The VMS Version Check.
+$!
+$   ENDIF
+$!
+$! End The P5 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P3 Is Blank.
+$!
+$ IF (P3.EQS."")
+$ THEN
+$!
+$!  O.K., The User Didn't Specify A Compiler, Let's Try To
+$!  Find Out Which One To Use.
+$!
+$!  Check To See If We Have GNU C.
+$!
+$   IF (F$TRNLNM("GNU_CC").NES."")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     P3 = "GNUC"
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Check To See If We Have VAXC Or DECC.
+$!
+$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     THEN 
+$!
+$!      Looks Like DECC, Set To Use DECC.
+$!
+$       P3 = "DECC"
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Looks Like VAXC, Set To Use VAXC.
+$!
+$       P3 = "VAXC"
+$!
+$!    End The VAXC Compiler Check.
+$!
+$     ENDIF
+$!
+$!  End The DECC & VAXC Compiler Check.
+$!
+$   ENDIF
+$!
+$!  End The Compiler Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Have A Option For P4.
+$!
+$ IF (P4.EQS."")
+$ THEN
+$!
+$!  Find out what socket library we have available
+$!
+$   IF F$PARSE("SOCKETSHR:") .NES. ""
+$   THEN
+$!
+$!    We have SOCKETSHR, and it is my opinion that it's the best to use.
+$!
+$     P4 = "SOCKETSHR"
+$!
+$!    Tell the user
+$!
+$     WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
+$!
+$!    Else, let's look for something else
+$!
+$   ELSE
+$!
+$!    Like UCX (the reason to do this before Multinet is that the UCX
+$!    emulation is easier to use...)
+$!
+$     IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
+	 .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
+	 .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
+$     THEN
+$!
+$!	Last resort: a UCX or UCX-compatible library
+$!
+$	P4 = "UCX"
+$!
+$!      Tell the user
+$!
+$       WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
+$!
+$!	That was all...
+$!
+$     ENDIF
+$   ENDIF
+$ ENDIF
+$!
+$! Set Up Initial CC Definitions, Possibly With User Ones
+$!
+$ CCDEFS = "TCPIP_TYPE_''P4',DSO_VMS"
+$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
+$ CCEXTRAFLAGS = ""
+$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
+	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
+$!
+$!  Check To See If The User Entered A Valid Paramter.
+$!
+$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
+$ THEN
+$!
+$!    Check To See If The User Wanted DECC.
+$!
+$   IF (P3.EQS."DECC")
+$   THEN
+$!
+$!    Looks Like DECC, Set To Use DECC.
+$!
+$     COMPILER = "DECC"
+$!
+$!    Tell The User We Are Using DECC.
+$!
+$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$!    Use DECC...
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
+	 THEN CC = "CC/DECC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+           "/NOLIST/PREFIX=ALL" + -
+	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP])" + -
+	   CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$!
+$!  End DECC Check.
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use VAXC.
+$!
+$   IF (P3.EQS."VAXC")
+$   THEN
+$!
+$!    Looks Like VAXC, Set To Use VAXC.
+$!
+$     COMPILER = "VAXC"
+$!
+$!    Tell The User We Are Using VAX C.
+$!
+$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$!    Compile Using VAXC.
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."AXP"
+$     THEN
+$	WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$	EXIT
+$     ENDIF
+$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+	   CCEXTRAFLAGS
+$     CCDEFS = """VAXC""," + CCDEFS
+$!
+$!    Define <sys> As SYS$COMMON:[SYSLIB]
+$!
+$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$!
+$!  End VAXC Check
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use GNU C.
+$!
+$   IF (P3.EQS."GNUC")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     COMPILER = "GNUC"
+$!
+$!    Tell The User We Are Using GNUC.
+$!
+$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$!    Use GNU C...
+$!
+$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+	   CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$!
+$!  End The GNU C Check.
+$!
+$   ENDIF
+$!
+$!  Set up default defines
+$!
+$   CCDEFS = """FLAT_INC=1""," + CCDEFS
+$!
+$!  Finish up the definition of CC.
+$!
+$   IF COMPILER .EQS. "DECC"
+$   THEN
+$     IF CCDISABLEWARNINGS .EQS. ""
+$     THEN
+$       CC4DISABLEWARNINGS = "DOLLARID"
+$     ELSE
+$       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
+$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$     ENDIF
+$     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$   ELSE
+$     CCDISABLEWARNINGS = ""
+$     CC4DISABLEWARNINGS = ""
+$   ENDIF
+$   CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
+$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$   IF ARCH .EQS. "VAX" .AND. COMPILER .EQS. "DECC" .AND. P2 .NES. "DEBUG"
+$   THEN
+$     CC5 = CC + "/OPTIMIZE=NODISJOINT"
+$   ELSE
+$     CC5 = CC + "/NOOPTIMIZE"
+$   ENDIF
+$   CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
+$!
+$!  Show user the result
+$!
+$   WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
+$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
+$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$!
+$! End The Valid Arguement Check.
+$!
+$ ENDIF
+$!
+$! Build a MACRO command for the architecture at hand
+$!
+$ IF ARCH .EQS. "VAX" THEN MACRO = "MACRO/''DEBUGGER'"
+$ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
+$!
+$!  Show user the result
+$!
+$   WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
+$!
+$! Time to check the contents, and to make sure we get the correct library.
+$!
+$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" -
+     .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE"
+$ THEN
+$!
+$!  Check to see if SOCKETSHR was chosen
+$!
+$   IF P4.EQS."SOCKETSHR"
+$   THEN
+$!
+$!    Set the library to use SOCKETSHR
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$!
+$!    Done with SOCKETSHR
+$!
+$   ENDIF
+$!
+$!  Check to see if MULTINET was chosen
+$!
+$   IF P4.EQS."MULTINET"
+$   THEN
+$!
+$!    Set the library to use UCX emulation.
+$!
+$     P4 = "UCX"
+$!
+$!    Done with MULTINET
+$!
+$   ENDIF
+$!
+$!  Check to see if UCX was chosen
+$!
+$   IF P4.EQS."UCX"
+$   THEN
+$!
+$!    Set the library to use UCX.
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
+$     THEN
+$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$     ELSE
+$       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
+	  TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+$     ENDIF
+$!
+$!    Done with UCX
+$!
+$   ENDIF
+$!
+$!  Check to see if TCPIP was chosen
+$!
+$   IF P4.EQS."TCPIP"
+$   THEN
+$!
+$!    Set the library to use TCPIP (post UCX).
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$!
+$!    Done with TCPIP
+$!
+$   ENDIF
+$!
+$!  Check to see if NONE was chosen
+$!
+$   IF P4.EQS."NONE"
+$   THEN
+$!
+$!    Do not use a TCPIP library.
+$!
+$     TCPIP_LIB = ""
+$!
+$!    Done with TCPIP
+$!
+$   ENDIF
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P4," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
+$   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
+$   WRITE SYS$OUTPUT "    TCPIP      :  To link with TCPIP (post UCX) TCP/IP library."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$!
+$!  Done with TCP/IP libraries
+$!
+$ ENDIF
+$!
+$! Check if the user wanted to compile just a subset of all the encryption
+$! methods.
+$!
+$ IF P6 .NES. ""
+$ THEN
+$   ENCRYPT_TYPES = P6
+$ ENDIF
+$!
+$!  Time To RETURN...
+$!
+$ RETURN
+$!
+$ INITIALISE:
+$!
+$! Save old value of the logical name OPENSSL
+$!
+$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
+$!
+$! Save directory information
+$!
+$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
+$ __HERE = F$EDIT(__HERE,"UPCASE")
+$ __TOP = __HERE - "CRYPTO]"
+$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
+$!
+$! Set up the logical name OPENSSL to point at the include directory
+$!
+$ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$!
+$! Done
+$!
+$ RETURN
+$!
+$ CLEANUP:
+$!
+$! Restore the logical name OPENSSL if it had a value
+$!
+$ IF __SAVE_OPENSSL .EQS. ""
+$ THEN
+$   DEASSIGN OPENSSL
+$ ELSE
+$   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
+$ ENDIF
+$!
+$! Done
+$!
+$ RETURN
diff --git a/crypto/crypto.c b/crypto/crypto.c
deleted file mode 100644
index 7f89c5a608..0000000000
--- a/crypto/crypto.c
+++ /dev/null
@@ -1,565 +0,0 @@
-/* crypto/crypto.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* If you are happy to use the assmbler version of bn/bn_mulw.c, define
- * BN_ASM */
-#ifndef BN_ASM
-#undef BN_ASM
-#define X86_ASM
-#endif
-
-#ifndef DES_ASM
-#undef DES_ASM
-#endif
-
-#ifndef BF_ASM
-#undef BF_ASM
-#endif
-
-/* The following defines are only to break the compiles into chunks.
- * If you wish to not compile some sections, use the 'NO_XXX' macros
- */
-#ifndef CRYPTO_SUBSET
-/* Define all subset symbols. */
-#define CRYPTO_LIB_SUBSET
-#define CRYPTO_ASN1_SUBSET
-#define CRYPTO_BN_SUBSET
-#define CRYPTO_BUFFER_SUBSET
-#define CRYPTO_BIO_SUBSET
-#define CRYPTO_CONF_SUBSET
-#define CRYPTO_DES_SUBSET
-#define CRYPTO_DH_SUBSET
-#define CRYPTO_DSA_SUBSET
-#define CRYPTO_ERROR_SUBSET
-#define CRYPTO_EVP_SUBSET
-#define CRYPTO_IDEA_SUBSET
-#define CRYPTO_LHASH_SUBSET
-#define CRYPTO_MD_SUBSET
-#define CRYPTO_MDC2_SUBSET
-#define CRYPTO_METH_SUBSET
-#define CRYPTO_OBJECTS_SUBSET
-#define CRYPTO_PEM_SUBSET
-#define CRYPTO_RAND_SUBSET
-#define CRYPTO_RC_SUBSET
-#define CRYPTO_BLOWFISH_SUBSET
-#define CRYPTO_CAST_SUBSET
-#define CRYPTO_RSA_SUBSET
-#define CRYPTO_SHA_SUBSET
-#define CRYPTO_HMAC_SUBSET
-#define CRYPTO_SHA1_SUBSET
-#define CRYPTO_STACK_SUBSET
-#define CRYPTO_TXT_DB_SUBSET
-#define CRYPTO_X509_SUBSET
-#define CRYPTO_PKCS7_SUBSET
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#define USE_SOCKETS
-#include "../e_os.h"
-
-#include "buffer.h"
-#include "bio.h"
-#include "stack.h"
-#include "lhash.h"
-
-#include "err.h"
-
-#include "bn.h"
-#include "evp.h"
-
-#include "rand.h"
-#include "conf.h"
-#include "txt_db.h"
-
-#include "x509.h"
-#include "pkcs7.h"
-#include "pem.h"
-#include "asn1.h"
-#include "objects.h"
-
-#ifdef CRYPTO_LIB_SUBSET
-#include "cryptlib.c"
-#include "mem.c"
-#include "cversion.c"
-#endif
-
-#ifdef CRYPTO_ASN1_SUBSET
-#include "asn1/a_meth.c"
-#include "asn1/a_bitstr.c"
-#include "asn1/a_d2i_fp.c"
-#include "asn1/a_dup.c"
-#include "asn1/a_hdr.c"
-#include "asn1/a_i2d_fp.c"
-#include "asn1/a_int.c"
-#include "asn1/a_bool.c"
-#include "asn1/a_bytes.c"
-#include "asn1/a_object.c"
-#include "asn1/a_octet.c"
-#include "asn1/a_print.c"
-#include "asn1/a_set.c"
-#include "asn1/a_sign.c"
-#include "asn1/a_type.c"
-#include "asn1/a_utctm.c"
-#include "asn1/a_verify.c"
-#include "asn1/a_digest.c"
-#include "asn1/asn1_err.c"
-#include "asn1/asn1_lib.c"
-#include "asn1/asn1_par.c"
-#ifndef NO_DH
-#include "asn1/d2i_dhp.c"
-#include "asn1/i2d_dhp.c"
-#endif
-#ifndef NO_DSA
-#include "asn1/d2i_dsap.c"
-#include "asn1/i2d_dsap.c"
-#include "asn1/d2i_s_pr.c"
-#include "asn1/i2d_s_pr.c"
-#include "asn1/d2i_s_pu.c"
-#include "asn1/i2d_s_pu.c"
-#endif
-#ifndef NO_RSA
-#include "asn1/d2i_r_pr.c"
-#include "asn1/i2d_r_pr.c"
-#include "asn1/d2i_r_pu.c"
-#include "asn1/i2d_r_pu.c"
-#include "asn1/n_pkey.c"
-#endif
-#include "asn1/d2i_pr.c"
-#include "asn1/d2i_pu.c"
-#include "asn1/i2d_pr.c"
-#include "asn1/i2d_pu.c"
-#include "asn1/f_int.c"
-#include "asn1/f_string.c"
-#include "asn1/p7_dgst.c"
-#include "asn1/p7_enc.c"
-#include "asn1/p7_enc_c.c"
-#include "asn1/p7_evp.c"
-#include "asn1/p7_i_s.c"
-#include "asn1/p7_lib.c"
-#include "asn1/p7_recip.c"
-#include "asn1/p7_s_e.c"
-#include "asn1/p7_signd.c"
-#include "asn1/p7_signi.c"
-#include "asn1/t_pkey.c"
-#include "asn1/t_req.c"
-#include "asn1/t_x509.c"
-#include "asn1/x_algor.c"
-#include "asn1/x_attrib.c"
-#include "asn1/x_exten.c"
-#include "asn1/x_cinf.c"
-#include "asn1/x_crl.c"
-#include "asn1/x_info.c"
-#include "asn1/x_name.c"
-#include "asn1/x_pkey.c"
-#include "asn1/x_pubkey.c"
-#include "asn1/x_req.c"
-#include "asn1/x_sig.c"
-#include "asn1/x_spki.c"
-#include "asn1/x_val.c"
-#include "asn1/x_x509.c"
-#endif
-
-#ifdef CRYPTO_BN_SUBSET
-#include "bn/bn_add.c"
-#include "bn/bn_div.c"
-#include "bn/bn_exp.c"
-#include "bn/bn_mont.c"
-#include "bn/bn_recp.c"
-#include "bn/bn_gcd.c"
-#include "bn/bn_lib.c"
-#include "bn/bn_mod.c"
-#include "bn/bn_mul.c"
-#ifndef BN_ASM
-#include "bn/bn_mulw.c"
-#endif
-#include "bn/bn_prime.c"
-#include "bn/bn_rand.c"
-#include "bn/bn_shift.c"
-#include "bn/bn_sqr.c"
-#include "bn/bn_sub.c"
-#include "bn/bn_word.c"
-#include "bn/bn_print.c"
-#include "bn/bn_err.c"
-#include "bn/bn_blind.c"
-#endif
-
-#ifdef CRYPTO_BIO_SUBSET
-#include "bio/bf_buff.c"
-#include "bio/bf_null.c"
-#include "bio/bf_nbio.c"
-#include "bio/bio_cb.c"
-#include "bio/bio_lib.c"
-#include "bio/bss_fd.c"
-#include "bio/bss_file.c"
-#include "bio/bss_mem.c"
-#include "bio/bss_null.c"
-#ifdef VMS
-#include "bio/bss_rtcp.c"
-#endif
-#include "bio/bss_sock.c"
-#include "bio/bss_conn.c"
-#include "bio/bss_acpt.c"
-#include "bio/b_sock.c"
-#include "bio/b_print.c"
-#include "bio/b_dump.c"
-#include "bio/bio_err.c"
-#endif
-
-#ifdef CRYPTO_BUFFER_SUBSET
-#include "buffer/buf_err.c"
-#include "buffer/buffer.c"
-#endif
-
-#ifdef CRYPTO_CONF_SUBSET
-#include "conf/conf.c"
-#include "conf/conf_err.c"
-#endif
-
-#ifdef CRYPTO_DES_SUBSET
-#include "des/read_pwd.c"
-#ifndef NO_DES
-#ifndef DES_ASM
-#include "des/fcrypt_b.c"
-#include "des/des_enc.c"
-#endif
-#include "des/cbc_cksm.c"
-#include "des/xcbc_enc.c"
-#include "des/cbc_enc.c"
-#include "des/cfb64ede.c"
-#include "des/cfb64enc.c"
-#include "des/cfb_enc.c"
-#include "des/ecb3_enc.c"
-#include "des/ecb_enc.c"
-#include "des/enc_read.c"
-#include "des/enc_writ.c"
-#include "des/fcrypt.c"
-#include "des/ofb64ede.c"
-#include "des/ofb64enc.c"
-#include "des/ofb_enc.c"
-#include "des/pcbc_enc.c"
-#include "des/qud_cksm.c"
-#include "des/rand_key.c"
-#include "des/read2pwd.c"
-#include "des/rpc_enc.c"
-#include "des/set_key.c"
-#include "des/str2key.c"
-#include "des/supp.c"
-#endif
-#endif
-
-#ifdef CRYPTO_DH_SUBSET
-#ifndef NO_DH
-#include "dh/dh_check.c"
-#include "dh/dh_err.c"
-#include "dh/dh_gen.c"
-#include "dh/dh_key.c"
-#include "dh/dh_lib.c"
-#endif
-#endif
-
-#ifdef CRYPTO_DSA_SUBSET
-#ifndef NO_DSA
-#include "dsa/dsa_gen.c"
-#include "dsa/dsa_key.c"
-#include "dsa/dsa_lib.c"
-#include "dsa/dsa_sign.c"
-#include "dsa/dsa_vrf.c"
-#include "dsa/dsa_err.c"
-#endif
-#endif
-
-#ifdef CRYPTO_ERROR_SUBSET
-#include "err/err.c"
-#include "err/err_all.c"
-#include "err/err_prn.c"
-#endif
-
-#ifdef CRYPTO_EVP_SUBSET
-#include "evp/bio_md.c"
-#include "evp/bio_b64.c"
-#include "evp/bio_enc.c"
-#include "evp/c_all.c"
-#include "evp/digest.c"
-#ifndef NO_DES
-#include "evp/e_cbc_3d.c"
-#include "evp/e_cfb_3d.c"
-#include "evp/e_ecb_3d.c"
-#include "evp/e_ofb_3d.c"
-#include "evp/e_cbc_d.c"
-#include "evp/e_cfb_d.c"
-#include "evp/e_xcbc_d.c"
-#include "evp/e_ecb_d.c"
-#include "evp/e_ofb_d.c"
-#endif
-#ifndef NO_IDEA
-#include "evp/e_cbc_i.c"
-#include "evp/e_cfb_i.c"
-#include "evp/e_ecb_i.c"
-#include "evp/e_ofb_i.c"
-#endif
-#ifndef NO_RC2
-#include "evp/e_cbc_r2.c"
-#include "evp/e_cfb_r2.c"
-#include "evp/e_ecb_r2.c"
-#include "evp/e_ofb_r2.c"
-#endif
-#ifndef NO_BLOWFISH
-#include "evp/e_cbc_bf.c"
-#include "evp/e_cfb_bf.c"
-#include "evp/e_ecb_bf.c"
-#include "evp/e_ofb_bf.c"
-#endif
-#ifndef NO_CAST
-#include "evp/e_cbc_c.c"
-#include "evp/e_cfb_c.c"
-#include "evp/e_ecb_c.c"
-#include "evp/e_ofb_c.c"
-#endif
-#ifndef NO_RC4
-#include "evp/e_rc4.c"
-#endif
-#include "evp/names.c"
-#include "evp/e_null.c"
-#include "evp/encode.c"
-#include "evp/evp_enc.c"
-#include "evp/evp_err.c"
-#include "evp/evp_key.c"
-#include "evp/m_null.c"
-#include "evp/p_lib.c"
-#ifndef NO_RSA
-#include "evp/p_open.c"
-#include "evp/p_seal.c"
-#endif
-#include "evp/p_sign.c"
-#include "evp/p_verify.c"
-#endif
-
-#ifdef CRYPTO_IDEA_SUBSET
-#ifndef NO_IDEA
-#include "idea/i_cbc.c"
-#include "idea/i_cfb64.c"
-#include "idea/i_ecb.c"
-#include "idea/i_ofb64.c"
-#include "idea/i_skey.c"
-#endif
-#endif
-
-#ifdef CRYPTO_BLOWFISH_SUBSET
-#ifndef NO_BLOWFISH
-#include "bf/bf_cfb64.c"
-#include "bf/bf_ecb.c"
-#ifndef BF_ASM
-#include "bf/bf_enc.c"
-#endif
-#include "bf/bf_ofb64.c"
-#include "bf/bf_skey.c"
-#endif
-#endif
-
-#ifdef CRYPTO_CAST_SUBSET
-#ifndef NO_CAST
-#include "cast/c_cfb64.c"
-#include "cast/c_ecb.c"
-#ifndef CAST_ASM
-#include "cast/c_enc.c"
-#endif
-#include "cast/c_ofb64.c"
-#include "cast/c_skey.c"
-#endif
-#endif
-
-#ifdef CRYPTO_LHASH_SUBSET
-#include "lhash/lh_stats.c"
-#include "lhash/lhash.c"
-#endif
-
-#ifdef CRYPTO_MD_SUBSET
-#ifndef NO_MD2
-#include "md2/md2_dgst.c"
-#include "md2/md2_one.c"
-#include "evp/m_md2.c"
-#endif
-#ifndef NO_MD5
-#include "md5/md5_dgst.c"
-#include "md5/md5_one.c"
-#include "evp/m_md5.c"
-#endif
-#endif
-
-#ifdef CRYPTO_MDC2_SUBSET
-#ifndef NO_MDC2
-#include "mdc2/mdc2dgst.c"
-#include "mdc2/mdc2_one.c"
-#include "evp/m_mdc2.c"
-#endif
-#endif
-
-#ifdef CRYPTO_OBJECTS_SUBSET
-#include "objects/obj_dat.c"
-#include "objects/obj_err.c"
-#include "objects/obj_lib.c"
-#endif
-
-#ifdef CRYPTO_PEM_SUBSET
-#include "pem/pem_err.c"
-#include "pem/pem_info.c"
-#include "pem/pem_lib.c"
-#include "pem/pem_all.c"
-#ifndef NO_RSA
-#include "pem/pem_seal.c"
-#include "pem/pem_sign.c"
-#endif
-#endif
-
-#ifdef CRYPTO_RAND_SUBSET
-#include "rand/md_rand.c"
-#include "rand/randfile.c"
-#endif
-
-#ifdef CRYPTO_RC_SUBSET
-#ifndef NO_RC2
-#include "rc2/rc2_cbc.c"
-#include "rc2/rc2_ecb.c"
-#include "rc2/rc2_skey.c"
-#include "rc2/rc2cfb64.c"
-#include "rc2/rc2ofb64.c"
-#endif
-#ifndef NO_RC4
-#include "rc4/rc4_skey.c"
-#ifndef RC4_ASM
-#include "rc4/rc4_enc.c"
-#endif
-#endif
-#endif
-
-#ifdef CRYPTO_HMAC_SUBSET
-#include "hmac/hmac.c"
-#endif
-
-#ifdef CRYPTO_RSA_SUBSET
-#ifndef NO_RSA
-#include "rsa/rsa_eay.c"
-#include "rsa/rsa_err.c"
-#include "rsa/rsa_gen.c"
-#include "rsa/rsa_lib.c"
-#include "rsa/rsa_sign.c"
-#include "rsa/rsa_saos.c"
-#endif
-#endif
-
-#ifdef CRYPTO_SHA1_SUBSET
-#ifndef NO_SHA1
-#include "sha/sha1_one.c"
-#include "sha/sha1dgst.c"
-#include "evp/m_dss1.c"
-#include "evp/m_sha1.c"
-#endif
-#endif
-
-#ifdef CRYPTO_SHA_SUBSET
-#ifndef NO_SHA
-#include "evp/m_dss.c"
-#include "sha/sha_dgst.c"
-#include "sha/sha_one.c"
-#include "evp/m_sha.c"
-#endif
-#endif
-
-#ifdef CRYPTO_STACK_SUBSET
-#include "stack/stack.c"
-#endif
-
-#ifdef CRYPTO_TXT_DB_SUBSET
-#include "txt_db/txt_db.c"
-#endif
-
-#ifdef CRYPTO_X509_SUBSET
-#include "x509/x509_cmp.c"
-#include "x509/x509_d2.c"
-#include "x509/x509_def.c"
-#include "x509/x509_err.c"
-#include "x509/x509_ext.c"
-#include "x509/x509_lu.c"
-#include "x509/x509_obj.c"
-#include "x509/x509_r2x.c"
-#include "x509/x509_req.c"
-#include "x509/x509_set.c"
-#include "x509/x509_v3.c"
-#include "x509/x509_vfy.c"
-#include "x509/x509name.c"
-#include "x509/x509pack.c"
-#include "x509/x509rset.c"
-#include "x509/x509type.c"
-#include "x509/x_all.c"
-#include "x509/x509_txt.c"
-#include "x509/by_dir.c"
-#include "x509/by_file.c"
-#include "x509/v3_net.c"
-#include "x509/v3_x509.c"
-#endif
-
-
-#ifdef CRYPTO_PKCS7_SUBSET /* I have an explicit removal of 7 lines */
-#include "pkcs7/pk7_lib.c"
-#include "pkcs7/pkcs7err.c"
-#include "pkcs7/pk7_doit.c"
-#endif /* CRYPTO_PKCS7_SUBSET */
-
diff --git a/crypto/crypto.err b/crypto/crypto.err
deleted file mode 100644
index 4ea3385e73..0000000000
--- a/crypto/crypto.err
+++ /dev/null
@@ -1,8 +0,0 @@
-/* Error codes for the CRYPTO functions. */
-
-/* Function codes. */
-#define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX		 100
-#define CRYPTO_F_CRYPTO_GET_NEW_LOCKID			 101
-#define CRYPTO_F_CRYPTO_SET_EX_DATA			 102
-
-/* Reason codes. */
diff --git a/crypto/crypto.h b/crypto/crypto.h
index 306bc0267e..60effb4152 100644
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -1,4 +1,57 @@
 /* crypto/crypto.h */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -55,32 +108,54 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
 #ifndef HEADER_CRYPTO_H
 #define HEADER_CRYPTO_H
 
+#include <stdlib.h>
+
+#ifndef OPENSSL_NO_FP_API
+#include <stdio.h>
+#endif
+
+#include <openssl/stack.h>
+#include <openssl/safestack.h>
+#include <openssl/opensslv.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+/* Resolve problems on some operating systems with symbol names that clash
+   one way or another */
+#include <openssl/symhacks.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#include "stack.h"
-
+/* Backward compatibility to SSLeay */
 /* This is more to be used to check the correct DLL is being used
  * in the MS world. */
-#define SSLEAY_VERSION_NUMBER	0x0911	/* Version 0.5.1c would be 0513 */
-
+#define SSLEAY_VERSION_NUMBER	OPENSSL_VERSION_NUMBER
 #define SSLEAY_VERSION		0
 /* #define SSLEAY_OPTIONS	1 no longer supported */
 #define SSLEAY_CFLAGS		2
 #define SSLEAY_BUILT_ON		3
 #define SSLEAY_PLATFORM		4
+#define SSLEAY_DIR		5
 
 /* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock
  * names in cryptlib.c
  */
 
 #define	CRYPTO_LOCK_ERR			1
-#define	CRYPTO_LOCK_ERR_HASH		2
+#define	CRYPTO_LOCK_EX_DATA		2
 #define	CRYPTO_LOCK_X509		3
 #define	CRYPTO_LOCK_X509_INFO		4
 #define	CRYPTO_LOCK_X509_PKEY		5
@@ -89,24 +164,39 @@ extern "C" {
 #define CRYPTO_LOCK_DSA			8
 #define CRYPTO_LOCK_RSA			9
 #define CRYPTO_LOCK_EVP_PKEY		10
-#define	CRYPTO_LOCK_X509_STORE		11
-#define	CRYPTO_LOCK_SSL_CTX		12
-#define	CRYPTO_LOCK_SSL_CERT		13
-#define	CRYPTO_LOCK_SSL_SESSION		14
-#define	CRYPTO_LOCK_SSL			15
-#define	CRYPTO_LOCK_RAND		16
-#define	CRYPTO_LOCK_MALLOC		17
-#define	CRYPTO_LOCK_BIO			18
-#define	CRYPTO_LOCK_BIO_GETHOSTBYNAME	19
-#define CRYPTO_LOCK_RSA_BLINDING	20
-#define	CRYPTO_NUM_LOCKS		21
+#define CRYPTO_LOCK_X509_STORE		11
+#define CRYPTO_LOCK_SSL_CTX		12
+#define CRYPTO_LOCK_SSL_CERT		13
+#define CRYPTO_LOCK_SSL_SESSION		14
+#define CRYPTO_LOCK_SSL_SESS_CERT	15
+#define CRYPTO_LOCK_SSL			16
+#define CRYPTO_LOCK_SSL_METHOD		17
+#define CRYPTO_LOCK_RAND		18
+#define CRYPTO_LOCK_RAND2		19
+#define CRYPTO_LOCK_MALLOC		20
+#define CRYPTO_LOCK_BIO			21
+#define CRYPTO_LOCK_GETHOSTBYNAME	22
+#define CRYPTO_LOCK_GETSERVBYNAME	23
+#define CRYPTO_LOCK_READDIR		24
+#define CRYPTO_LOCK_RSA_BLINDING	25
+#define CRYPTO_LOCK_DH			26
+#define CRYPTO_LOCK_MALLOC2		27
+#define CRYPTO_LOCK_DSO			28
+#define CRYPTO_LOCK_DYNLOCK		29
+#define CRYPTO_LOCK_ENGINE		30
+#define CRYPTO_LOCK_UI			31
+#define CRYPTO_LOCK_ECDSA               32
+#define CRYPTO_LOCK_EC			33
+#define CRYPTO_LOCK_ECDH		34
+#define CRYPTO_LOCK_BN  		35
+#define CRYPTO_NUM_LOCKS		36
 
 #define CRYPTO_LOCK		1
 #define CRYPTO_UNLOCK		2
 #define CRYPTO_READ		4
 #define CRYPTO_WRITE		8
 
-#ifndef NO_LOCKING
+#ifndef OPENSSL_NO_LOCKING
 #ifndef CRYPTO_w_lock
 #define CRYPTO_w_lock(type)	\
 	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
@@ -121,12 +211,23 @@ extern "C" {
 #endif
 #else
 #define CRYPTO_w_lock(a)
-#define	CRYPTO_w_unlock(a)
+#define CRYPTO_w_unlock(a)
 #define CRYPTO_r_lock(a)
 #define CRYPTO_r_unlock(a)
 #define CRYPTO_add(a,b,c)	((*(a))+=(b))
 #endif
 
+/* Some applications as well as some parts of OpenSSL need to allocate
+   and deallocate locks in a dynamic fashion.  The following typedef
+   makes this possible in a type-safe manner.  */
+/* struct CRYPTO_dynlock_value has to be defined by the application. */
+typedef struct
+	{
+	int references;
+	struct CRYPTO_dynlock_value *data;
+	} CRYPTO_dynlock;
+
+
 /* The following can be used to detect memory leaks in the SSLeay library.
  * It used, it turns on malloc checking */
 
@@ -135,14 +236,16 @@ extern "C" {
 #define CRYPTO_MEM_CHECK_ENABLE	0x2	/* a bit */
 #define CRYPTO_MEM_CHECK_DISABLE 0x3	/* an enume */
 
-/*
-typedef struct crypto_mem_st
-	{
-	char *(*malloc_func)();
-	char *(*realloc_func)();
-	void (*free_func)();
-	} CRYPTO_MEM_FUNC;
-*/
+/* The following are bit values to turn on or off options connected to the
+ * malloc checking functionality */
+
+/* Adds time to the memory checking information */
+#define V_CRYPTO_MDEBUG_TIME	0x1 /* a bit */
+/* Adds thread number to the memory checking information */
+#define V_CRYPTO_MDEBUG_THREAD	0x2 /* a bit */
+
+#define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD)
+
 
 /* predec of the BIO type */
 typedef struct bio_st BIO_dummy;
@@ -153,24 +256,30 @@ typedef struct crypto_ex_data_st
 	int dummy; /* gcc is screwing up this data structure :-( */
 	} CRYPTO_EX_DATA;
 
+/* Called when a new object is created */
+typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+					int idx, long argl, void *argp);
+/* Called when an object is free()ed */
+typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+					int idx, long argl, void *argp);
+/* Called when we need to dup an object */
+typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, 
+					int idx, long argl, void *argp);
+
 /* This stuff is basically class callback functions
- * The current classes are SSL_CTX, SSL, SSL_SESION, and a few more */
+ * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */
+
 typedef struct crypto_ex_data_func_st
 	{
 	long argl;	/* Arbitary long */
-	char *argp;	/* Arbitary char * */
-	/* Called when a new object is created */
-	int (*new_func)(/*char *obj,
-			char *item,int index,long argl,char *argp*/);
-	/* Called when this object is free()ed */
-	void (*free_func)(/*char *obj,
-			char *item,int index,long argl,char *argp*/);
-
-	/* Called when we need to dup this one */
-	int (*dup_func)(/*char *obj_to,char *obj_from,
-			char **new,int index,long argl,char *argp*/);
+	void *argp;	/* Arbitary void * */
+	CRYPTO_EX_new *new_func;
+	CRYPTO_EX_free *free_func;
+	CRYPTO_EX_dup *dup_func;
 	} CRYPTO_EX_DATA_FUNCS;
 
+DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS)
+
 /* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA
  * entry.
  */
@@ -181,167 +290,236 @@ typedef struct crypto_ex_data_func_st
 #define CRYPTO_EX_INDEX_SSL_SESSION	3
 #define CRYPTO_EX_INDEX_X509_STORE	4
 #define CRYPTO_EX_INDEX_X509_STORE_CTX	5
-
-/* Use this for win32 DLL's */
+#define CRYPTO_EX_INDEX_RSA		6
+#define CRYPTO_EX_INDEX_DSA		7
+#define CRYPTO_EX_INDEX_DH		8
+#define CRYPTO_EX_INDEX_ENGINE		9
+#define CRYPTO_EX_INDEX_X509		10
+#define CRYPTO_EX_INDEX_UI		11
+#define CRYPTO_EX_INDEX_ECDSA		12
+#define CRYPTO_EX_INDEX_ECDH		13
+
+/* Dynamically assigned indexes start from this value (don't use directly, use
+ * via CRYPTO_ex_data_new_class). */
+#define CRYPTO_EX_INDEX_USER		100
+
+
+/* This is the default callbacks, but we can have others as well:
+ * this is needed in Win32 where the application malloc and the
+ * library malloc may not be the same.
+ */
 #define CRYPTO_malloc_init()	CRYPTO_set_mem_functions(\
-	(char *(*)())malloc,\
-	(char *(*)())realloc,\
-	(void (*)())free)
+	malloc, realloc, free)
+
+#if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD
+# ifndef CRYPTO_MDEBUG /* avoid duplicate #define */
+#  define CRYPTO_MDEBUG
+# endif
+#endif
+
+/* Set standard debugging functions (not done by default
+ * unless CRYPTO_MDEBUG is defined) */
+#define CRYPTO_malloc_debug_init()	do {\
+	CRYPTO_set_mem_debug_functions(\
+		CRYPTO_dbg_malloc,\
+		CRYPTO_dbg_realloc,\
+		CRYPTO_dbg_free,\
+		CRYPTO_dbg_set_options,\
+		CRYPTO_dbg_get_options);\
+	} while(0)
 
-#ifdef CRYPTO_MDEBUG
+int CRYPTO_mem_ctrl(int mode);
+int CRYPTO_is_mem_check_on(void);
+
+/* for applications */
 #define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON)
 #define MemCheck_stop()	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF)
+
+/* for library-internal use */
 #define MemCheck_on()	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE)
 #define MemCheck_off()	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE)
-#define Malloc(num)	CRYPTO_dbg_malloc((int)num,__FILE__,__LINE__)
-#define Realloc(addr,num) \
-	CRYPTO_dbg_realloc((char *)addr,(int)num,__FILE__,__LINE__)
-#define Remalloc(addr,num) \
-	CRYPTO_dbg_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
-#define FreeFunc	CRYPTO_dbg_free
-#define Free(addr)	CRYPTO_dbg_free((char *)(addr))
-#define Malloc_locked(num) CRYPTO_malloc_locked((int)num)
-#define Free_locked(addr) CRYPTO_free_locked((char *)(addr))
-#else
-#define MemCheck_start()
-#define MemCheck_stop()
-#define MemCheck_on()
-#define MemCheck_off()
-#define Remalloc	CRYPTO_remalloc
-#if defined(WIN32) || defined(MFUNC)
-#define Malloc		CRYPTO_malloc
-#define Realloc(a,n)	CRYPTO_realloc((char *)(a),(n))
-#define FreeFunc	CRYPTO_free
-#define Free(addr)	CRYPTO_free((char *)(addr))
-#define Malloc_locked	CRYPTO_malloc_locked
-#define Free_locked(addr) CRYPTO_free_locked((char *)(addr))
-#else
-#define Malloc		malloc
-#define Realloc		realloc
-#define FreeFunc	free
-#define Free(addr)	free((char *)(addr))
-#define Malloc_locked	malloc
-#define Free_locked(addr) free((char *)(addr))
-#endif /* WIN32 || MFUNC */
-#endif /* MDEBUG */
-
-/* Case insensiteve linking causes problems.... */
-#ifdef WIN16
-#define ERR_load_CRYPTO_strings	ERR_load_CRYPTOlib_strings
-#endif
+#define is_MemCheck_on() CRYPTO_is_mem_check_on()
+
+#define OPENSSL_malloc(num)	CRYPTO_malloc((int)num,__FILE__,__LINE__)
+#define OPENSSL_realloc(addr,num) \
+	CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
+#define OPENSSL_realloc_clean(addr,old_num,num) \
+	CRYPTO_realloc_clean(addr,old_num,num,__FILE__,__LINE__)
+#define OPENSSL_remalloc(addr,num) \
+	CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__)
+#define OPENSSL_freeFunc	CRYPTO_free
+#define OPENSSL_free(addr)	CRYPTO_free(addr)
+
+#define OPENSSL_malloc_locked(num) \
+	CRYPTO_malloc_locked((int)num,__FILE__,__LINE__)
+#define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr)
 
-#ifndef NOPROTO
 
-char *SSLeay_version(int type);
+const char *SSLeay_version(int type);
 unsigned long SSLeay(void);
 
-int CRYPTO_get_ex_new_index(int idx,STACK **sk,long argl,char *argp,
-	int (*new_func)(),int (*dup_func)(),void (*free_func)());
-int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad,int idx,char *val);
-char *CRYPTO_get_ex_data(CRYPTO_EX_DATA *ad,int idx);
-int CRYPTO_dup_ex_data(STACK *meth,CRYPTO_EX_DATA *from,CRYPTO_EX_DATA *to);
-void CRYPTO_free_ex_data(STACK *meth,char *obj,CRYPTO_EX_DATA *ad);
-void CRYPTO_new_ex_data(STACK *meth, char *obj, CRYPTO_EX_DATA *ad);
+int OPENSSL_issetugid(void);
+
+/* An opaque type representing an implementation of "ex_data" support */
+typedef struct st_CRYPTO_EX_DATA_IMPL	CRYPTO_EX_DATA_IMPL;
+/* Return an opaque pointer to the current "ex_data" implementation */
+const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void);
+/* Sets the "ex_data" implementation to be used (if it's not too late) */
+int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i);
+/* Get a new "ex_data" class, and return the corresponding "class_index" */
+int CRYPTO_ex_data_new_class(void);
+/* Within a given class, get/register a new index */
+int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
+		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+		CRYPTO_EX_free *free_func);
+/* Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a given
+ * class (invokes whatever per-class callbacks are applicable) */
+int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+		CRYPTO_EX_DATA *from);
+void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+/* Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular index
+ * (relative to the class type involved) */
+int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
+void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad,int idx);
+/* This function cleans up all "ex_data" state. It mustn't be called under
+ * potential race-conditions. */
+void CRYPTO_cleanup_all_ex_data(void);
 
-int CRYPTO_mem_ctrl(int mode);
 int CRYPTO_get_new_lockid(char *name);
-void CRYPTO_lock(int mode, int type,char *file,int line);
-void CRYPTO_set_locking_callback(void (*func)(int mode,int type,char *file,
-		int line));
-void (*CRYPTO_get_locking_callback(void))(int mode,int type,char *file,
+
+int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */
+void CRYPTO_lock(int mode, int type,const char *file,int line);
+void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
+					      const char *file,int line));
+void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
 		int line);
-void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,
-		int type,char *file, int line));
-int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,
-		int type,char *file,int line);
+void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
+					      const char *file, int line));
+int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
+					  const char *file,int line);
 void CRYPTO_set_id_callback(unsigned long (*func)(void));
 unsigned long (*CRYPTO_get_id_callback(void))(void);
 unsigned long CRYPTO_thread_id(void);
-char *CRYPTO_get_lock_name(int type);
-int CRYPTO_add_lock(int *pointer,int amount,int type, char *file,int line);
-
-void CRYPTO_set_mem_functions(char *(*m)(),char *(*r)(), void (*free_func)());
-void CRYPTO_get_mem_functions(char *(**m)(),char *(**r)(), void (**f)());
-void CRYPTO_set_locked_mem_functions(char *(*m)(), void (*free_func)());
-void CRYPTO_get_locked_mem_functions(char *(**m)(), void (**f)());
-
-char *CRYPTO_malloc_locked(int num);
-void CRYPTO_free_locked(char *);
-char *CRYPTO_malloc(int num);
-void CRYPTO_free(char *);
-char *CRYPTO_realloc(char *addr,int num);
-char *CRYPTO_remalloc(char *addr,int num);
-
-char *CRYPTO_dbg_malloc(int num,char *file,int line);
-char *CRYPTO_dbg_realloc(char *addr,int num,char *file,int line);
-void CRYPTO_dbg_free(char *);
-char *CRYPTO_dbg_remalloc(char *addr,int num,char *file,int line);
-#ifndef NO_FP_API
+const char *CRYPTO_get_lock_name(int type);
+int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file,
+		    int line);
+
+int CRYPTO_get_new_dynlockid(void);
+void CRYPTO_destroy_dynlockid(int i);
+struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i);
+void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*dyn_create_function)(const char *file, int line));
+void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line));
+void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)(struct CRYPTO_dynlock_value *l, const char *file, int line));
+struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))(const char *file,int line);
+void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, struct CRYPTO_dynlock_value *l, const char *file,int line);
+void (*CRYPTO_get_dynlock_destroy_callback(void))(struct CRYPTO_dynlock_value *l, const char *file,int line);
+
+/* CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions --
+ * call the latter last if you need different functions */
+int CRYPTO_set_mem_functions(void *(*m)(size_t),void *(*r)(void *,size_t), void (*f)(void *));
+int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*free_func)(void *));
+int CRYPTO_set_mem_ex_functions(void *(*m)(size_t,const char *,int),
+                                void *(*r)(void *,size_t,const char *,int),
+                                void (*f)(void *));
+int CRYPTO_set_locked_mem_ex_functions(void *(*m)(size_t,const char *,int),
+                                       void (*free_func)(void *));
+int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
+				   void (*r)(void *,void *,int,const char *,int,int),
+				   void (*f)(void *,int),
+				   void (*so)(long),
+				   long (*go)(void));
+void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *));
+void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *));
+void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int),
+                                 void *(**r)(void *, size_t,const char *,int),
+                                 void (**f)(void *));
+void CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t,const char *,int),
+                                        void (**f)(void *));
+void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
+				    void (**r)(void *,void *,int,const char *,int,int),
+				    void (**f)(void *,int),
+				    void (**so)(long),
+				    long (**go)(void));
+
+void *CRYPTO_malloc_locked(int num, const char *file, int line);
+void CRYPTO_free_locked(void *);
+void *CRYPTO_malloc(int num, const char *file, int line);
+void CRYPTO_free(void *);
+void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
+void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
+			   int line);
+void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);
+
+void OPENSSL_cleanse(void *ptr, size_t len);
+
+void CRYPTO_set_mem_debug_options(long bits);
+long CRYPTO_get_mem_debug_options(void);
+
+#define CRYPTO_push_info(info) \
+        CRYPTO_push_info_(info, __FILE__, __LINE__);
+int CRYPTO_push_info_(const char *info, const char *file, int line);
+int CRYPTO_pop_info(void);
+int CRYPTO_remove_all_info(void);
+
+
+/* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;
+ * used as default in CRYPTO_MDEBUG compilations): */
+/* The last argument has the following significance:
+ *
+ * 0:	called before the actual memory allocation has taken place
+ * 1:	called after the actual memory allocation has taken place
+ */
+void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p);
+void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p);
+void CRYPTO_dbg_free(void *addr,int before_p);
+/* Tell the debugging code about options.  By default, the following values
+ * apply:
+ *
+ * 0:                           Clear all options.
+ * V_CRYPTO_MDEBUG_TIME (1):    Set the "Show Time" option.
+ * V_CRYPTO_MDEBUG_THREAD (2):  Set the "Show Thread Number" option.
+ * V_CRYPTO_MDEBUG_ALL (3):     1 + 2
+ */
+void CRYPTO_dbg_set_options(long bits);
+long CRYPTO_dbg_get_options(void);
+
+
+#ifndef OPENSSL_NO_FP_API
 void CRYPTO_mem_leaks_fp(FILE *);
 #endif
 void CRYPTO_mem_leaks(struct bio_st *bio);
 /* unsigned long order, char *file, int line, int num_bytes, char *addr */
-void CRYPTO_mem_leaks_cb(void (*cb)());
-
-void ERR_load_CRYPTO_strings(void );
-
-#else 
-
-int CRYPTO_get_ex_new_index();
-int CRYPTO_set_ex_data();
-char *CRYPTO_get_ex_data();
-int CRYPTO_dup_ex_data();
-void CRYPTO_free_ex_data();
-void CRYPTO_new_ex_data();
-
-int CRYPTO_mem_ctrl();
-char *SSLeay_version();
-unsigned long SSLeay();
-
-int CRYPTO_get_new_lockid();
-void CRYPTO_lock();
-void CRYPTO_set_locking_callback();
-void (*CRYPTO_get_locking_callback())();
-void CRYPTO_set_add_lock_callback();
-int (*CRYPTO_get_add_lock_callback())();
-void CRYPTO_set_id_callback();
-unsigned long (*CRYPTO_get_id_callback())();
-unsigned long CRYPTO_thread_id();
-char *CRYPTO_get_lock_name();
-int CRYPTO_add_lock();
-
-void CRYPTO_set_mem_functions();
-void CRYPTO_get_mem_functions();
-char *CRYPTO_malloc();
-char *CRYPTO_realloc();
-void CRYPTO_free();
-char *CRYPTO_remalloc();
-char *CRYPTO_dbg_remalloc();
-char *CRYPTO_dbg_malloc();
-char *CRYPTO_dbg_realloc();
-void CRYPTO_dbg_free();
-#ifndef NO_FP_API
-void CRYPTO_mem_leaks_fp();
-#endif
-void CRYPTO_mem_leaks();
-void CRYPTO_mem_leaks_cb();
-
-void ERR_load_CRYPTO_strings();
+typedef void *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *);
+void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb);
 
-#endif
+/* die if we have to */
+void OpenSSLDie(const char *file,int line,const char *assertion);
+#define OPENSSL_assert(e)	((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_CRYPTO_strings(void);
+
 /* Error codes for the CRYPTO functions. */
 
 /* Function codes. */
 #define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX		 100
+#define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID		 103
 #define CRYPTO_F_CRYPTO_GET_NEW_LOCKID			 101
 #define CRYPTO_F_CRYPTO_SET_EX_DATA			 102
+#define CRYPTO_F_DEF_ADD_INDEX				 104
+#define CRYPTO_F_DEF_GET_CLASS				 105
+#define CRYPTO_F_INT_DUP_EX_DATA			 106
+#define CRYPTO_F_INT_FREE_EX_DATA			 107
+#define CRYPTO_F_INT_NEW_EX_DATA			 108
 
 /* Reason codes. */
- 
+#define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK		 100
+
 #ifdef  __cplusplus
 }
 #endif
 #endif
-
diff --git a/crypto/cversion.c b/crypto/cversion.c
index 03d716a581..8ecfba7b16 100644
--- a/crypto/cversion.c
+++ b/crypto/cversion.c
@@ -59,51 +59,59 @@
 #include <stdio.h>
 #include <string.h>
 #include "cryptlib.h"
-#include "crypto.h"
-#include "date.h"
+#include <openssl/crypto.h>
 
-char *SSLeay_version(t)
-int t;
+#include "buildinf.h"
+
+const char *SSLeay_version(int t)
 	{
 	if (t == SSLEAY_VERSION)
-		return("SSLeay 0.9.1a 06-Jul-1998");
+		return OPENSSL_VERSION_TEXT;
 	if (t == SSLEAY_BUILT_ON)
 		{
 #ifdef DATE
-		static char buf[sizeof(DATE)+10];
+		static char buf[sizeof(DATE)+11];
 
-		sprintf(buf,"built on %s",DATE);
-        	return(buf);
+		sprintf(buf,"built on: %s",DATE);
+		return(buf);
 #else
-		return("build date not available");
+		return("built on: date not available");
 #endif
 		}
 	if (t == SSLEAY_CFLAGS)
 		{
 #ifdef CFLAGS
-		static char buf[sizeof(CFLAGS)+10];
+		static char buf[sizeof(CFLAGS)+11];
 
-		sprintf(buf,"C flags:%s",CFLAGS);
+		sprintf(buf,"compiler: %s",CFLAGS);
 		return(buf);
 #else
-		return("C flags not available");
+		return("compiler: information not available");
 #endif
 		}
 	if (t == SSLEAY_PLATFORM)
 		{
 #ifdef PLATFORM
-		static char buf[sizeof(PLATFORM)+10];
+		static char buf[sizeof(PLATFORM)+11];
 
-		sprintf(buf,"Platform:%s",PLATFORM);
+		sprintf(buf,"platform: %s", PLATFORM);
 		return(buf);
 #else
-		return("Platform information not available");
+		return("platform: information not available");
+#endif
+		}
+	if (t == SSLEAY_DIR)
+		{
+#ifdef OPENSSLDIR
+		return "OPENSSLDIR: \"" OPENSSLDIR "\"";
+#else
+		return "OPENSSLDIR: N/A";
 #endif
 		}
 	return("not available");
 	}
 
-unsigned long SSLeay()
+unsigned long SSLeay(void)
 	{
 	return(SSLEAY_VERSION_NUMBER);
 	}
diff --git a/crypto/date.h b/crypto/date.h
deleted file mode 100644
index ea0b79a3ba..0000000000
--- a/crypto/date.h
+++ /dev/null
@@ -1 +0,0 @@
-#define DATE	"Wed Jul 22 12:21:22 EST 1998"
diff --git a/crypto/des/.cvsignore b/crypto/des/.cvsignore
new file mode 100644
index 0000000000..45c30cc686
--- /dev/null
+++ b/crypto/des/.cvsignore
@@ -0,0 +1,3 @@
+lib
+Makefile.save
+des
diff --git a/crypto/des/DES.pod b/crypto/des/DES.pod
deleted file mode 100644
index 8a739e7ca0..0000000000
--- a/crypto/des/DES.pod
+++ /dev/null
@@ -1,16 +0,0 @@
-crypt	<= 	crypt(buf,salt)
-key	<=	set_odd_parity(key)
-int	<=	is_weak_key(key)
-keysched<=	set_key(key)
-key	<=	ecb_encrypt(string8,ks,enc)
-key	<=	ecb3_encrypt(input,ks1,ks2,enc)
-string	<=	cbc_encrypt(input,ks,ivec,enc)			=> ivec 
-string	<=	cbc3_encrypt(input,ks1,ks2,ivec1,ivec2,enc)	=> ivec1&ivec2 
-ck1,ck2	<=	cbc_cksum(input,ks,ivec)			=> ivec
-string	<=	pcbc_encrypt(input,ks,ivec,enc)			=> ivec 
-string	<=	ofb_encrypt(input,numbits,ks,ivec)		=> ivec
-string	<=	cfb_encrypt(input,numbits,ks,ivec,enc)		=> ivec
-key	<=	random_key()
-key	<=	string_to_key(string)
-key1,key2<=	string_to_2keys(string)
-
diff --git a/crypto/des/FILES b/crypto/des/FILES0
index 4c7ea2de7a..4c7ea2de7a 100644
--- a/crypto/des/FILES
+++ b/crypto/des/FILES0
diff --git a/crypto/des/MODES.DES b/crypto/des/MODES.DES
deleted file mode 100644
index 0cbc44f51d..0000000000
--- a/crypto/des/MODES.DES
+++ /dev/null
@@ -1,84 +0,0 @@
-Modes of DES
-Quite a bit of the following information has been taken from
-	AS 2805.5.2
-	Australian Standard
-	Electronic funds transfer - Requirements for interfaces,
-	Part 5.2: Modes of operation for an n-bit block cipher algorithm
-	Appendix A
-
-There are several different modes in which DES can be used, they are
-as follows.
-
-Electronic Codebook Mode (ECB) (des_ecb_encrypt())
-- 64 bits are enciphered at a time.
-- The order of the blocks can be rearranged without detection.
-- The same plaintext block always produces the same ciphertext block
-  (for the same key) making it vulnerable to a 'dictionary attack'.
-- An error will only affect one ciphertext block.
-
-Cipher Block Chaining Mode (CBC) (des_cbc_encrypt())
-- a multiple of 64 bits are enciphered at a time.
-- The CBC mode produces the same ciphertext whenever the same
-  plaintext is encrypted using the same key and starting variable.
-- The chaining operation makes the ciphertext blocks dependent on the
-  current and all preceding plaintext blocks and therefore blocks can not
-  be rearranged.
-- The use of different starting variables prevents the same plaintext
-  enciphering to the same ciphertext.
-- An error will affect the current and the following ciphertext blocks.
-
-Cipher Feedback Mode (CFB) (des_cfb_encrypt())
-- a number of bits (j) <= 64 are enciphered at a time.
-- The CFB mode produces the same ciphertext whenever the same
-  plaintext is encrypted using the same key and starting variable.
-- The chaining operation makes the ciphertext variables dependent on the
-  current and all preceding variables and therefore j-bit variables are
-  chained together and con not be rearranged.
-- The use of different starting variables prevents the same plaintext
-  enciphering to the same ciphertext.
-- The strength of the CFB mode depends on the size of k (maximal if
-  j == k).  In my implementation this is always the case.
-- Selection of a small value for j will require more cycles through
-  the encipherment algorithm per unit of plaintext and thus cause
-  greater processing overheads.
-- Only multiples of j bits can be enciphered.
-- An error will affect the current and the following ciphertext variables.
-
-Output Feedback Mode (OFB) (des_ofb_encrypt())
-- a number of bits (j) <= 64 are enciphered at a time.
-- The OFB mode produces the same ciphertext whenever the same
-  plaintext enciphered using the same key and starting variable.  More
-  over, in the OFB mode the same key stream is produced when the same
-  key and start variable are used.  Consequently, for security reasons
-  a specific start variable should be used only once for a given key.
-- The absence of chaining makes the OFB more vulnerable to specific attacks.
-- The use of different start variables values prevents the same
-  plaintext enciphering to the same ciphertext, by producing different
-  key streams.
-- Selection of a small value for j will require more cycles through
-  the encipherment algorithm per unit of plaintext and thus cause
-  greater processing overheads.
-- Only multiples of j bits can be enciphered.
-- OFB mode of operation does not extend ciphertext errors in the
-  resultant plaintext output.  Every bit error in the ciphertext causes
-  only one bit to be in error in the deciphered plaintext.
-- OFB mode is not self-synchronising.  If the two operation of
-  encipherment and decipherment get out of synchronism, the system needs
-  to be re-initialised.
-- Each re-initialisation should use a value of the start variable
-different from the start variable values used before with the same
-key.  The reason for this is that an identical bit stream would be
-produced each time from the same parameters.  This would be
-susceptible to a 'known plaintext' attack.
-
-Triple ECB Mode (des_ecb3_encrypt())
-- Encrypt with key1, decrypt with key2 and encrypt with key1 again.
-- As for ECB encryption but increases the effective key length to 112 bits.
-- If both keys are the same it is equivalent to encrypting once with
-  just one key.
-
-Triple CBC Mode (des_3cbc_encrypt())
-- Encrypt with key1, decrypt with key2 and encrypt with key1 again.
-- As for CBC encryption but increases the effective key length to 112 bits.
-- If both keys are the same it is equivalent to encrypting once with
-  just one key.
diff --git a/crypto/des/Makefile.PL b/crypto/des/Makefile.PL
deleted file mode 100644
index b54a24387c..0000000000
--- a/crypto/des/Makefile.PL
+++ /dev/null
@@ -1,14 +0,0 @@
-use ExtUtils::MakeMaker;
-# See lib/ExtUtils/MakeMaker.pm for details of how to influence
-# the contents of the Makefile being created.
-&writeMakefile(
-	'potential_libs' => '',   # e.g., '-lm' 
-	'INC' => '',     # e.g., '-I/usr/include/other' 
-	'DISTNAME' => 'DES',
-	'VERSION' => '0.1',
-	'DEFINE' => '-DPERL5',
-	'OBJECT' => 'DES.o cbc_cksm.o cbc_enc.o ecb_enc.o pcbc_enc.o \
-	rand_key.o set_key.o str2key.o \
-	enc_read.o enc_writ.o fcrypt.o cfb_enc.o \
-	ecb3_enc.o ofb_enc.o cbc3_enc.o des_enc.o',
-	);
diff --git a/crypto/des/Makefile.lit b/crypto/des/Makefile.lit
deleted file mode 100644
index c09f6969da..0000000000
--- a/crypto/des/Makefile.lit
+++ /dev/null
@@ -1,250 +0,0 @@
-# You must select the correct terminal control system to be used to
-# turn character echo off when reading passwords.  There a 5 systems
-# SGTTY   - the old BSD system
-# TERMIO  - most system V boxes
-# TERMIOS - SGI (ala IRIX).
-# VMS     - the DEC operating system
-# MSDOS   - we all know what it is :-)
-# read_pwd.c makes a reasonable guess at what is correct.
-
-# Targets
-# make          - twidle the options yourself :-)
-# make cc       - standard cc options
-# make gcc      - standard gcc options
-# make x86-elf  - linux-elf etc
-# make x86-out  - linux-a.out, FreeBSD etc
-# make x86-solaris
-# make x86-bdsi
-
-# If you are on a DEC Alpha, edit des.h and change the DES_LONG
-# define to 'unsigned int'.  I have seen this give a %20 speedup.
-
-OPTS0= -DLIBDES_LIT -DRAND -DTERMIO #-DNOCONST
-
-# Version 1.94 has changed the strings_to_key function so that it is
-# now compatible with MITs when the string is longer than 8 characters.
-# If you wish to keep the old version, uncomment the following line.
-# This will affect the -E/-D options on des(1).
-#OPTS1= -DOLD_STR_TO_KEY
-
-# There are 4 possible performance options
-# -DDES_PTR
-# -DDES_RISC1
-# -DDES_RISC2 (only one of DES_RISC1 and DES_RISC2)
-# -DDES_UNROLL
-# after the initial build, run 'des_opts' to see which options are best
-# for your platform.  There are some listed in options.txt
-#OPTS2= -DDES_PTR 
-#OPTS3= -DDES_RISC1 # or DES_RISC2
-#OPTS4= -DDES_UNROLL
-
-OPTS= $(OPTS0) $(OPTS1) $(OPTS2) $(OPTS3) $(OPTS4)
-
-MAKE=make -f Makefile
-#CC=cc
-#CFLAG= -O
-
-CC=gcc
-#CFLAG= -O4 -funroll-loops -fomit-frame-pointer
-CFLAG= -O3 -fomit-frame-pointer
-
-CFLAGS=$(OPTS) $(CFLAG)
-CPP=$(CC) -E
-AS=as
-
-# Assember version of des_encrypt*().
-DES_ENC=des_enc.o fcrypt_b.o		# normal C version
-#DES_ENC=asm/dx86-elf.o	asm/yx86-elf.o	# elf format x86
-#DES_ENC=asm/dx86-out.o	asm/yx86-out.o	# a.out format x86
-#DES_ENC=asm/dx86-sol.o	asm/yx86-sol.o	# solaris format x86 
-#DES_ENC=asm/dx86bsdi.o	asm/yx86basi.o	# bsdi format x86 
-
-LIBDIR=/usr/local/lib
-BINDIR=/usr/local/bin
-INCDIR=/usr/local/include
-MANDIR=/usr/local/man
-MAN1=1
-MAN3=3
-SHELL=/bin/sh
-OBJ_LIT=cbc_enc.o ecb_enc.o $(DES_ENC) fcrypt.o set_key.o
-OBJ_FULL=cbc_cksm.o $(OBJ_LIT) pcbc_enc.o \
-	xcbc_enc.o qud_cksm.o \
-	cfb64ede.o cfb64enc.o cfb_enc.o ecb3_enc.o \
-	enc_read.o enc_writ.o ofb64ede.o ofb64enc.o ofb_enc.o  \
-	rand_key.o read_pwd.o read2pwd.o rpc_enc.o  str2key.o supp.o
-
-GENERAL_LIT=COPYRIGHT INSTALL README VERSION Makefile des_crypt.man \
-	des.doc options.txt asm
-GENERAL_FULL=$(GENERAL_LIT) FILES Imakefile times vms.com KERBEROS MODES.DES \
-	des.man DES.pm DES.pod DES.xs Makefile.PL dess.cpp des3s.cpp \
-	Makefile.uni typemap t Makefile.ssl makefile.bc Makefile.lit \
-	des.org des_locl.org
-TESTING_LIT=	destest speed des_opts
-TESTING_FULL=	rpw $(TESTING_LIT)
-TESTING_SRC_LIT=destest.c speed.c des_opts.c
-TESTING_SRC_FULL=rpw.c $(TESTING_SRC_LIT)
-HEADERS_LIT=des_ver.h des.h des_locl.h podd.h sk.h spr.h
-HEADERS_FULL= $(HEADERS_LIT) rpc_des.h
-LIBDES_LIT=cbc_enc.c ecb_enc.c fcrypt.c set_key.c des_enc.c fcrypt_b.c
-LIBDES_FULL= cbc_cksm.c pcbc_enc.c qud_cksm.c \
-	cfb64ede.c cfb64enc.c cfb_enc.c ecb3_enc.c \
-	enc_read.c enc_writ.c ofb64ede.c ofb64enc.c ofb_enc.c  \
-	rand_key.c rpc_enc.c  str2key.c  supp.c \
-	xcbc_enc.c $(LIBDES_LIT) read_pwd.c read2pwd.c
-
-PERL=	des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
-
-OBJ=	$(OBJ_LIT)
-GENERAL=$(GENERAL_LIT)
-TESTING=$(TESTING_LIT)
-TESTING_SRC=$(TESTING_SRC_LIT)
-HEADERS=$(HEADERS_LIT)
-LIBDES=	$(LIBDES_LIT)
-
-ALL=	$(GENERAL) $(TESTING_SRC) $(LIBDES) $(PERL) $(HEADERS)
-
-DLIB=	libdes.a
-
-all: $(DLIB) $(TESTING)
-
-cc:
-	$(MAKE) CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all
-
-gcc:
-	$(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all
-
-x86-elf:
-	$(MAKE) DES_ENC='asm/dx86-elf.o asm/yx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
-
-x86-out:
-	$(MAKE) DES_ENC='asm/dx86-out.o asm/yx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
-
-x86-solaris:
-	$(MAKE) DES_ENC='asm/dx86-sol.o asm/yx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
-
-x86-bsdi:
-	$(MAKE) DES_ENC='asm/dx86bsdi.o asm/yx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
-
-# elf
-asm/dx86-elf.o: asm/dx86unix.cpp
-	$(CPP) -DELF asm/dx86unix.cpp | $(AS) -o asm/dx86-elf.o
-
-asm/yx86-elf.o: asm/yx86unix.cpp
-	$(CPP) -DELF asm/yx86unix.cpp | $(AS) -o asm/yx86-elf.o
-
-# solaris
-asm/dx86-sol.o: asm/dx86unix.cpp
-	$(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
-	as -o asm/dx86-sol.o asm/dx86-sol.s
-	rm -f asm/dx86-sol.s
-
-asm/yx86-sol.o: asm/yx86unix.cpp
-	$(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
-	as -o asm/yx86-sol.o asm/yx86-sol.s
-	rm -f asm/yx86-sol.s
-
-# a.out
-asm/dx86-out.o: asm/dx86unix.cpp
-	$(CPP) -DOUT asm/dx86unix.cpp | $(AS) -o asm/dx86-out.o
-
-asm/yx86-out.o: asm/yx86unix.cpp
-	$(CPP) -DOUT asm/yx86unix.cpp | $(AS) -o asm/yx86-out.o
-
-# bsdi
-asm/dx86bsdi.o: asm/dx86unix.cpp
-	$(CPP) -DBSDI asm/dx86unix.cpp | $(AS) -o asm/dx86bsdi.o
-
-asm/yx86bsdi.o: asm/yx86unix.cpp
-	$(CPP) -DBSDI asm/yx86unix.cpp | $(AS) -o asm/yx86bsdi.o
-
-asm/dx86unix.cpp:
-	(cd asm; perl des-586.pl cpp >dx86unix.cpp)
-
-asm/yx86unix.cpp:
-	(cd asm; perl crypt586.pl cpp >yx86unix.cpp)
-
-test:	all
-	./destest
-
-$(DLIB): $(OBJ)
-	/bin/rm -f $(DLIB)
-	ar cr $(DLIB) $(OBJ)
-	-if test -s /bin/ranlib; then /bin/ranlib $(DLIB); \
-	else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(DLIB); \
-	else exit 0; fi; fi
-
-des_opts: des_opts.o $(DLIB)
-	$(CC) $(CFLAGS) -o des_opts des_opts.o $(DLIB)
-
-destest: destest.o $(DLIB)
-	$(CC) $(CFLAGS) -o destest destest.o $(DLIB)
-
-rpw: rpw.o $(DLIB)
-	$(CC) $(CFLAGS) -o rpw rpw.o $(DLIB)
-
-speed: speed.o $(DLIB)
-	$(CC) $(CFLAGS) -o speed speed.o $(DLIB)
-
-des: des.o $(DLIB)
-	$(CC) $(CFLAGS) -o des des.o $(DLIB)
-
-tags:
-	ctags $(TESTING_SRC) $(LIBDES)
-
-tar_lit:
-	/bin/mv Makefile Makefile.tmp
-	/bin/cp Makefile.lit Makefile
-	tar chf libdes-l.tar $(LIBDES_LIT) $(HEADERS_LIT) \
-		$(GENERAL_LIT) $(TESTING_SRC_LIT)
-	/bin/rm -f Makefile
-	/bin/mv Makefile.tmp Makefile
-
-tar:
-	tar chf libdes.tar $(ALL)
-
-shar:
-	shar $(ALL) >libdes.shar
-
-depend:
-	makedepend $(LIBDES) $(TESTING_SRC)
-
-clean:
-	/bin/rm -f *.o tags core $(TESTING) $(DLIB) .nfs* *.old *.bak asm/*.o 
-
-dclean:
-	sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new
-	mv -f Makefile.new Makefile
-
-# Eric is probably going to choke when he next looks at this --tjh
-install:
-	if test $(INSTALLTOP); then \
-	    echo SSL style install; \
-	    cp $(DLIB) $(INSTALLTOP)/lib; \
-	    if test -s /bin/ranlib; then \
-	        /bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \
-	    else \
-		if test -s /usr/bin/ranlib; then \
-		/usr/bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \
-	    fi; fi; \
-	    chmod 644 $(INSTALLTOP)/lib/$(DLIB); \
-	    cp des.h $(INSTALLTOP)/include; \
-	    chmod 644 $(INSTALLTOP)/include/des.h; \
-	else \
-	    echo Standalone install; \
-	    cp $(DLIB) $(LIBDIR)/$(DLIB); \
-	    if test -s /bin/ranlib; then \
-	      /bin/ranlib $(LIBDIR)/$(DLIB); \
-	    else \
-	      if test -s /usr/bin/ranlib; then \
-		/usr/bin/ranlib $(LIBDIR)/$(DLIB); \
-	      fi; \
-	    fi; \
-	    chmod 644 $(LIBDIR)/$(DLIB); \
-	    cp des_crypt.man $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
-	    chmod 644 $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
-	    cp des.man $(MANDIR)/man$(MAN1)/des.$(MAN1); \
-	    chmod 644 $(MANDIR)/man$(MAN1)/des.$(MAN1); \
-	    cp des.h $(INCDIR)/des.h; \
-	    chmod 644 $(INCDIR)/des.h; \
-	fi
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/des/Makefile.ssl b/crypto/des/Makefile.ssl
index 9ca1b872be..ebf0806b64 100644
--- a/crypto/des/Makefile.ssl
+++ b/crypto/des/Makefile.ssl
@@ -6,20 +6,24 @@ DIR=	des
 TOP=	../..
 CC=	cc
 CPP=	$(CC) -E
-INCLUDES=
+INCLUDES=-I$(TOP) -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
+RANLIB=		ranlib
 DES_ENC=	des_enc.o fcrypt_b.o
 # or use
 #DES_ENC=	dx86-elf.o yx86-elf.o
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-GENERAL=Makefile des.org des_locl.org
+GENERAL=Makefile
 TEST=destest.c
 APPS=
 
@@ -27,22 +31,24 @@ LIB=$(TOP)/libcrypto.a
 LIBSRC=	cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
 	ecb3_enc.c ecb_enc.c  enc_read.c enc_writ.c \
 	fcrypt.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
-	qud_cksm.c rand_key.c read_pwd.c rpc_enc.c  set_key.c  \
-	des_enc.c fcrypt_b.c read2pwd.c \
-	fcrypt.c xcbc_enc.c \
-	str2key.c  cfb64ede.c ofb64ede.c supp.c
+	qud_cksm.c rand_key.c rpc_enc.c  set_key.c  \
+	des_enc.c fcrypt_b.c \
+	xcbc_enc.c \
+	str2key.c  cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c \
+	read2pwd.c
 
 LIBOBJ= set_key.o  ecb_enc.o  cbc_enc.o \
 	ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o  ofb64ede.o \
 	enc_read.o enc_writ.o ofb64enc.o \
 	ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \
-	${DES_ENC} read2pwd.o \
-	fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o  cbc_cksm.o supp.o
+	${DES_ENC} \
+	fcrypt.o xcbc_enc.o rpc_enc.o  cbc_cksm.o \
+	ede_cbcm_enc.o des_old.o des_old2.o read2pwd.o
 
 SRC= $(LIBSRC)
 
-EXHEADER= des.h
-HEADER=	des_locl.h rpc_des.h podd.h sk.h spr.h des_ver.h $(EXHEADER)
+EXHEADER= des.h des_old.h
+HEADER=	des_locl.h rpc_des.h spr.h des_ver.h $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
@@ -53,15 +59,18 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
+des: des.o cbc3_enc.o lib
+	$(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB)
+
 # elf
 asm/dx86-elf.o: asm/dx86unix.cpp
-	$(CPP) -DELF asm/dx86unix.cpp | as -o asm/dx86-elf.o
+	$(CPP) -DELF -x c asm/dx86unix.cpp | as -o asm/dx86-elf.o
 
 asm/yx86-elf.o: asm/yx86unix.cpp
-	$(CPP) -DELF asm/yx86unix.cpp | as -o asm/yx86-elf.o
+	$(CPP) -DELF -x c asm/yx86unix.cpp | as -o asm/yx86-elf.o
 
 # solaris
 asm/dx86-sol.o: asm/dx86unix.cpp
@@ -88,33 +97,28 @@ asm/dx86bsdi.o: asm/dx86unix.cpp
 asm/yx86bsdi.o: asm/yx86unix.cpp
 	$(CPP) -DBSDI asm/yx86unix.cpp | sed 's/ :/:/' | as -o asm/yx86bsdi.o
 
-asm/dx86unix.cpp:
-	(cd asm; perl des-586.pl cpp >dx86unix.cpp)
+asm/dx86unix.cpp: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+	(cd asm; $(PERL) des-586.pl cpp >dx86unix.cpp)
 
-asm/yx86unix.cpp:
-	(cd asm; perl crypt586.pl cpp >yx86unix.cpp)
+asm/yx86unix.cpp: asm/crypt586.pl ../perlasm/x86asm.pl
+	(cd asm; $(PERL) crypt586.pl cpp >yx86unix.cpp)
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile
-	/bin/rm -f des.doc
-	/bin/rm -fr asm/perlasm
-	$(TOP)/util/point.sh ../../perlasm asm/perlasm
-	$(TOP)/util/point.sh ../../doc/des.doc des.doc
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install: installs
 
 installs:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -126,15 +130,196 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f asm/dx86unix.cpp asm/yx86unix.cpp *.o asm/*.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+cbc_cksm.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cbc_cksm.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cbc_cksm.o: ../../include/openssl/opensslconf.h
+cbc_cksm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+cbc_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cbc_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cbc_cksm.o: cbc_cksm.c des_locl.h
+cbc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cbc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cbc_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cbc_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cbc_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+cbc_enc.o: ../../include/openssl/ui_compat.h cbc_enc.c des_locl.h ncbc_enc.c
+cfb64ede.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cfb64ede.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cfb64ede.o: ../../include/openssl/opensslconf.h
+cfb64ede.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+cfb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cfb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cfb64ede.o: cfb64ede.c des_locl.h
+cfb64enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cfb64enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cfb64enc.o: ../../include/openssl/opensslconf.h
+cfb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+cfb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cfb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+cfb64enc.o: cfb64enc.c des_locl.h
+cfb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+cfb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+cfb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cfb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cfb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+cfb_enc.o: ../../include/openssl/ui_compat.h cfb_enc.c des_locl.h
+des_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+des_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+des_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+des_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+des_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+des_enc.o: ../../include/openssl/ui_compat.h des_enc.c des_locl.h ncbc_enc.c
+des_old.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+des_old.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+des_old.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+des_old.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+des_old.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+des_old.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+des_old.o: ../../include/openssl/ui_compat.h des_old.c
+des_old2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+des_old2.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+des_old2.o: ../../include/openssl/opensslconf.h
+des_old2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+des_old2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+des_old2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+des_old2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+des_old2.o: des_old2.c
+ecb3_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ecb3_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ecb3_enc.o: ../../include/openssl/opensslconf.h
+ecb3_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ecb3_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ecb3_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ecb3_enc.o: des_locl.h ecb3_enc.c
+ecb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ecb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ecb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c
+ecb_enc.o: spr.h
+ede_cbcm_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ede_cbcm_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ede_cbcm_enc.o: ../../include/openssl/opensslconf.h
+ede_cbcm_enc.o: ../../include/openssl/opensslv.h
+ede_cbcm_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ede_cbcm_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ede_cbcm_enc.o: ../../include/openssl/ui_compat.h des_locl.h ede_cbcm_enc.c
+enc_read.o: ../../e_os.h ../../include/openssl/bio.h
+enc_read.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+enc_read.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+enc_read.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+enc_read.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+enc_read.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+enc_read.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+enc_read.o: ../cryptlib.h des_locl.h enc_read.c
+enc_writ.o: ../../e_os.h ../../include/openssl/bio.h
+enc_writ.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+enc_writ.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+enc_writ.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+enc_writ.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+enc_writ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+enc_writ.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+enc_writ.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+enc_writ.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+enc_writ.o: ../cryptlib.h des_locl.h enc_writ.c
+fcrypt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fcrypt.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+fcrypt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+fcrypt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+fcrypt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+fcrypt.o: ../../include/openssl/ui_compat.h des_locl.h fcrypt.c
+fcrypt_b.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+fcrypt_b.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+fcrypt_b.o: ../../include/openssl/opensslconf.h
+fcrypt_b.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+fcrypt_b.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+fcrypt_b.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+fcrypt_b.o: des_locl.h fcrypt_b.c
+ofb64ede.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ofb64ede.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ofb64ede.o: ../../include/openssl/opensslconf.h
+ofb64ede.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ofb64ede.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ofb64ede.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ofb64ede.o: des_locl.h ofb64ede.c
+ofb64enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ofb64enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ofb64enc.o: ../../include/openssl/opensslconf.h
+ofb64enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ofb64enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ofb64enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ofb64enc.o: des_locl.h ofb64enc.c
+ofb_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ofb_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+ofb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ofb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ofb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ofb_enc.o: ../../include/openssl/ui_compat.h des_locl.h ofb_enc.c
+pcbc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pcbc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+pcbc_enc.o: ../../include/openssl/opensslconf.h
+pcbc_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+pcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pcbc_enc.o: des_locl.h pcbc_enc.c
+qud_cksm.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+qud_cksm.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+qud_cksm.o: ../../include/openssl/opensslconf.h
+qud_cksm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+qud_cksm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+qud_cksm.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+qud_cksm.o: des_locl.h qud_cksm.c
+rand_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+rand_key.o: ../../include/openssl/opensslconf.h
+rand_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+rand_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_key.o: rand_key.c
+read2pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+read2pwd.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+read2pwd.o: ../../include/openssl/opensslconf.h
+read2pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+read2pwd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+read2pwd.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+read2pwd.o: read2pwd.c
+rpc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rpc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+rpc_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rpc_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rpc_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+rpc_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h rpc_des.h
+rpc_enc.o: rpc_enc.c
+set_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+set_key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+set_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+set_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+set_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+set_key.o: ../../include/openssl/ui_compat.h des_locl.h set_key.c
+str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+str2key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+str2key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+str2key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+str2key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+str2key.o: ../../include/openssl/ui_compat.h des_locl.h str2key.c
+xcbc_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+xcbc_enc.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+xcbc_enc.o: ../../include/openssl/opensslconf.h
+xcbc_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+xcbc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+xcbc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+xcbc_enc.o: des_locl.h xcbc_enc.c
diff --git a/crypto/des/Makefile.uni b/crypto/des/Makefile.uni
deleted file mode 100644
index 8f1759748a..0000000000
--- a/crypto/des/Makefile.uni
+++ /dev/null
@@ -1,263 +0,0 @@
-# You must select the correct terminal control system to be used to
-# turn character echo off when reading passwords.  There a 5 systems
-# SGTTY   - the old BSD system
-# TERMIO  - most system V boxes
-# TERMIOS - SGI (ala IRIX).
-# VMS     - the DEC operating system
-# MSDOS   - we all know what it is :-)
-# read_pwd.c makes a reasonable guess at what is correct.
-
-# Targets
-# make          - twidle the options yourself :-)
-# make cc       - standard cc options
-# make gcc      - standard gcc options
-# make x86-elf  - linux-elf etc
-# make x86-out  - linux-a.out, FreeBSD etc
-# make x86-solaris
-# make x86-bdsi
-
-# If you are on a DEC Alpha, edit des.h and change the DES_LONG
-# define to 'unsigned int'.  I have seen this give a %20 speedup.
-
-OPTS0= -DRAND -DTERMIO #-DNOCONST
-
-# Version 1.94 has changed the strings_to_key function so that it is
-# now compatible with MITs when the string is longer than 8 characters.
-# If you wish to keep the old version, uncomment the following line.
-# This will affect the -E/-D options on des(1).
-#OPTS1= -DOLD_STR_TO_KEY
-
-# There are 4 possible performance options
-# -DDES_PTR
-# -DDES_RISC1
-# -DDES_RISC2 (only one of DES_RISC1 and DES_RISC2)
-# -DDES_UNROLL
-# after the initial build, run 'des_opts' to see which options are best
-# for your platform.  There are some listed in options.txt
-#OPTS2= -DDES_PTR 
-#OPTS3= -DDES_RISC1 # or DES_RISC2
-#OPTS4= -DDES_UNROLL
-
-OPTS= $(OPTS0) $(OPTS1) $(OPTS2) $(OPTS3) $(OPTS4)
-
-MAKE=make -f Makefile
-#CC=cc
-#CFLAG= -O
-
-CC=gcc
-#CFLAG= -O4 -funroll-loops -fomit-frame-pointer
-CFLAG= -O3 -fomit-frame-pointer
-
-CFLAGS=$(OPTS) $(CFLAG)
-CPP=$(CC) -E
-AS=as
-
-# Assember version of des_encrypt*().
-DES_ENC=des_enc.o fcrypt_b.o		# normal C version
-#DES_ENC=asm/dx86-elf.o	asm/yx86-elf.o	# elf format x86
-#DES_ENC=asm/dx86-out.o	asm/yx86-out.o	# a.out format x86
-#DES_ENC=asm/dx86-sol.o	asm/yx86-sol.o	# solaris format x86 
-#DES_ENC=asm/dx86bsdi.o	asm/yx86basi.o	# bsdi format x86 
-
-LIBDIR=/usr/local/lib
-BINDIR=/usr/local/bin
-INCDIR=/usr/local/include
-MANDIR=/usr/local/man
-MAN1=1
-MAN3=3
-SHELL=/bin/sh
-OBJ_LIT=cbc_enc.o ecb_enc.o $(DES_ENC) fcrypt.o set_key.o
-OBJ_FULL=cbc_cksm.o $(OBJ_LIT) pcbc_enc.o \
-	xcbc_enc.o qud_cksm.o cbc3_enc.o \
-	cfb64ede.o cfb64enc.o cfb_enc.o ecb3_enc.o \
-	enc_read.o enc_writ.o ofb64ede.o ofb64enc.o ofb_enc.o  \
-	rand_key.o read_pwd.o read2pwd.o rpc_enc.o  str2key.o supp.o
-
-GENERAL_LIT=COPYRIGHT INSTALL README VERSION Makefile des_crypt.man \
-	des.doc options.txt asm
-GENERAL_FULL=$(GENERAL_LIT) FILES Imakefile times vms.com KERBEROS MODES.DES \
-	des.man DES.pm DES.pod DES.xs Makefile.PL dess.cpp des3s.cpp \
-	Makefile.uni typemap t Makefile.ssl makefile.bc Makefile.lit \
-	des.org des_locl.org
-TESTING_LIT=	destest speed des_opts
-TESTING_FULL=	rpw des $(TESTING_LIT)
-TESTING_SRC_LIT=destest.c speed.c des_opts.c
-TESTING_SRC_FULL=rpw.c des.c $(TESTING_SRC_LIT)
-HEADERS_LIT=des_ver.h des.h des_locl.h podd.h sk.h spr.h
-HEADERS_FULL= $(HEADERS_LIT) rpc_des.h
-LIBDES_LIT=cbc_enc.c ecb_enc.c fcrypt.c set_key.c des_enc.c fcrypt_b.c
-LIBDES_FULL= cbc_cksm.c pcbc_enc.c qud_cksm.c cbc3_enc.c \
-	cfb64ede.c cfb64enc.c cfb_enc.c ecb3_enc.c \
-	enc_read.c enc_writ.c ofb64ede.c ofb64enc.c ofb_enc.c  \
-	rand_key.c rpc_enc.c  str2key.c  supp.c \
-	xcbc_enc.c $(LIBDES_LIT) read_pwd.c read2pwd.c
-
-PERL=	des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
-
-OBJ=	$(OBJ_FULL)
-GENERAL=$(GENERAL_FULL)
-TESTING=$(TESTING_FULL)
-TESTING_SRC=$(TESTING_SRC_FULL)
-HEADERS=$(HEADERS_FULL)
-LIBDES=	$(LIBDES_FULL)
-
-ALL=	$(GENERAL) $(TESTING_SRC) $(LIBDES) $(PERL) $(HEADERS)
-
-DLIB=	libdes.a
-
-all: $(DLIB) $(TESTING)
-
-cc:
-	$(MAKE) CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all
-
-gcc:
-	$(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all
-
-x86-elf:
-	$(MAKE) DES_ENC='asm/dx86-elf.o asm/yx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
-
-x86-out:
-	$(MAKE) DES_ENC='asm/dx86-out.o asm/yx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
-
-x86-solaris:
-	$(MAKE) DES_ENC='asm/dx86-sol.o asm/yx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
-
-x86-bsdi:
-	$(MAKE) DES_ENC='asm/dx86bsdi.o asm/yx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
-
-# elf
-asm/dx86-elf.o: asm/dx86unix.cpp
-	$(CPP) -DELF asm/dx86unix.cpp | $(AS) -o asm/dx86-elf.o
-
-asm/yx86-elf.o: asm/yx86unix.cpp
-	$(CPP) -DELF asm/yx86unix.cpp | $(AS) -o asm/yx86-elf.o
-
-# solaris
-asm/dx86-sol.o: asm/dx86unix.cpp
-	$(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
-	as -o asm/dx86-sol.o asm/dx86-sol.s
-	rm -f asm/dx86-sol.s
-
-asm/yx86-sol.o: asm/yx86unix.cpp
-	$(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
-	as -o asm/yx86-sol.o asm/yx86-sol.s
-	rm -f asm/yx86-sol.s
-
-# a.out
-asm/dx86-out.o: asm/dx86unix.cpp
-	$(CPP) -DOUT asm/dx86unix.cpp | $(AS) -o asm/dx86-out.o
-
-asm/yx86-out.o: asm/yx86unix.cpp
-	$(CPP) -DOUT asm/yx86unix.cpp | $(AS) -o asm/yx86-out.o
-
-# bsdi
-asm/dx86bsdi.o: asm/dx86unix.cpp
-	$(CPP) -DBSDI asm/dx86unix.cpp | $(AS) -o asm/dx86bsdi.o
-
-asm/yx86bsdi.o: asm/yx86unix.cpp
-	$(CPP) -DBSDI asm/yx86unix.cpp | $(AS) -o asm/yx86bsdi.o
-
-asm/dx86unix.cpp:
-	(cd asm; perl des-586.pl cpp >dx86unix.cpp)
-
-asm/yx86unix.cpp:
-	(cd asm; perl crypt586.pl cpp >yx86unix.cpp)
-
-test:	all
-	./destest
-
-$(DLIB): $(OBJ)
-	/bin/rm -f $(DLIB)
-	ar cr $(DLIB) $(OBJ)
-	-if test -s /bin/ranlib; then /bin/ranlib $(DLIB); \
-	else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(DLIB); \
-	else exit 0; fi; fi
-
-des_opts: des_opts.o $(DLIB)
-	$(CC) $(CFLAGS) -o des_opts des_opts.o $(DLIB)
-
-destest: destest.o $(DLIB)
-	$(CC) $(CFLAGS) -o destest destest.o $(DLIB)
-
-rpw: rpw.o $(DLIB)
-	$(CC) $(CFLAGS) -o rpw rpw.o $(DLIB)
-
-speed: speed.o $(DLIB)
-	$(CC) $(CFLAGS) -o speed speed.o $(DLIB)
-
-des: des.o $(DLIB)
-	$(CC) $(CFLAGS) -o des des.o $(DLIB)
-
-tags:
-	ctags $(TESTING_SRC) $(LIBDES)
-
-tar_lit:
-	/bin/mv Makefile Makefile.tmp
-	/bin/cp Makefile.lit Makefile
-	for i in $(HEADERS_LIT) $(LIBDES_LIT) $(GENERAL_LIT) $(TESTING_SRC_LIT) ;\
-	do \
-		n="$$n des/$$i"; \
-	done; \
-	( cd .. ; tar chf - $$n )| gzip > libdes-l.tgz
-	/bin/rm -f Makefile
-	/bin/mv Makefile.tmp Makefile
-
-tar:
-	mv Makefile Makefile.tmp
-	/bin/cp Makefile.uni Makefile
-	for i in $(ALL) ;\
-	do \
-		n="$$n des/$$i"; \
-	done; \
-	( cd .. ; tar chf - $$n )| gzip > libdes.tgz
-	/bin/rm -f Makefile
-	/bin/mv Makefile.tmp Makefile
-
-shar:
-	shar $(ALL) >libdes.shar
-
-depend:
-	makedepend $(LIBDES) $(TESTING_SRC)
-
-clean:
-	/bin/rm -f *.o tags core $(TESTING) $(DLIB) .nfs* *.old *.bak asm/*.o 
-
-dclean:
-	sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new
-	mv -f Makefile.new Makefile
-
-# Eric is probably going to choke when he next looks at this --tjh
-install: des
-	if test $(INSTALLTOP); then \
-	    echo SSL style install; \
-	    cp $(DLIB) $(INSTALLTOP)/lib; \
-	    if test -s /bin/ranlib; then \
-	        /bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \
-	    else \
-		if test -s /usr/bin/ranlib; then \
-		/usr/bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \
-	    fi; fi; \
-	    chmod 644 $(INSTALLTOP)/lib/$(DLIB); \
-	    cp des.h $(INSTALLTOP)/include; \
-	    chmod 644 $(INSTALLTOP)/include/des.h; \
-	else \
-	    echo Standalone install; \
-	    cp $(DLIB) $(LIBDIR)/$(DLIB); \
-	    if test -s /bin/ranlib; then \
-	      /bin/ranlib $(LIBDIR)/$(DLIB); \
-	    else \
-	      if test -s /usr/bin/ranlib; then \
-		/usr/bin/ranlib $(LIBDIR)/$(DLIB); \
-	      fi; \
-	    fi; \
-	    chmod 644 $(LIBDIR)/$(DLIB); \
-	    cp des $(BINDIR)/des; \
-	    chmod 711 $(BINDIR)/des; \
-	    cp des_crypt.man $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
-	    chmod 644 $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
-	    cp des.man $(MANDIR)/man$(MAN1)/des.$(MAN1); \
-	    chmod 644 $(MANDIR)/man$(MAN1)/des.$(MAN1); \
-	    cp des.h $(INCDIR)/des.h; \
-	    chmod 644 $(INCDIR)/des.h; \
-	fi
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/des/PC1 b/crypto/des/PC1
deleted file mode 100644
index efb8348b72..0000000000
--- a/crypto/des/PC1
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/usr/local/bin/perl
-
-@PC1=(  57,49,41,33,25,17, 9,
-	 1,58,50,42,34,26,18,
-	10, 2,59,51,43,35,27,
-	19,11, 3,60,52,44,36,
-	"-","-","-","-",
-	63,55,47,39,31,23,15,
-	 7,62,54,46,38,30,22,
-	14, 6,61,53,45,37,29,
-	21,13, 5,28,20,12, 4,
-	"-","-","-","-",
-	);
-
-foreach (@PC1)
-	{
-	if ($_ ne "-")
-		{
-		$_--;
-		$_=int($_/8)*8+7-($_%8);
-		printf "%2d  ",$_;
-		}
-	else
-		{ print "--  "; }
-	print "\n" if (((++$i) % 8) == 0);
-	print "\n" if ((($i) % 32) == 0);
-	}
-
diff --git a/crypto/des/PC2 b/crypto/des/PC2
deleted file mode 100644
index 2d560270ec..0000000000
--- a/crypto/des/PC2
+++ /dev/null
@@ -1,57 +0,0 @@
-#!/usr/local/bin/perl
-
-@PC2_C=(14,17,11,24, 1, 5,
-	 3,28,15, 6,21,10,
-	23,19,12, 4,26, 8,
-	16, 7,27,20,13, 2,
-	);
-
-@PC2_D=(41,52,31,37,47,55,
-	30,40,51,45,33,48,
-	44,49,39,56,34,53,
-	46,42,50,36,29,32,
-	);
-
-foreach (@PC2_C) {
-	if ($_ ne "-")
-		{
-		$_--;
-		printf "%2d  ",$_; }
-	else { print "--  "; }
-	$C{$_}=1;
-	print "\n" if (((++$i) % 8) == 0);
-	}
-$i=0;
-print "\n";
-foreach (@PC2_D) {
-	if ($_ ne "-")
-		{
-		$_-=29;
-		printf "%2d  ",$_; }
-	else { print "--  "; }
-	$D{$_}=1;
-	print "\n" if (((++$i) % 8) == 0); }
-
-print "\n";
-foreach $i (0 .. 27)
-	{
-	$_=$C{$i};
-	if ($_ ne "-") {printf "%2d ",$_;}
-	else { print "--  "; }
-	print "\n" if (((++$i) % 8) == 0);
-	}
-print "\n";
-
-print "\n";
-foreach $i (0 .. 27)
-	{
-	$_=$D{$i};
-	if ($_ ne "-") {printf "%2d  ",$_;}
-	else { print "--  "; }
-	print "\n" if (((++$i) % 8) == 0);
-	}
-print "\n";
-sub numsort
-	{
-	$a-$b;
-	}
diff --git a/crypto/des/asm/.cvsignore b/crypto/des/asm/.cvsignore
new file mode 100644
index 0000000000..f300536224
--- /dev/null
+++ b/crypto/des/asm/.cvsignore
@@ -0,0 +1,2 @@
+dx86unix.cpp
+yx86unix.cpp
diff --git a/crypto/des/asm/c-win32.asm b/crypto/des/asm/c-win32.asm
deleted file mode 100644
index b7460b8ef7..0000000000
--- a/crypto/des/asm/c-win32.asm
+++ /dev/null
@@ -1,929 +0,0 @@
-	; Don't even think of reading this code
-	; It was automatically generated by crypt.pl
-	; Which is a perl program used to generate the x86 assember for
-	; any of elf, a.out, Win32, or Solaris
-	; It can be found in SSLeay 0.6.5+ or in libdes 3.26+
-	; eric <eay@cryptsoft.com>
-	; The inner loop instruction sequence and the IP/FP modifications
-	; are from Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
-	; 
-	TITLE	dx86xxxx.asm
-        .386
-.model FLAT
-_TEXT	SEGMENT
-PUBLIC	_fcrypt_body
-EXTRN	_des_SPtrans:DWORD
-_fcrypt_body PROC NEAR
-	push	ebp
-	push	ebx
-	push	esi
-	push	edi
-	; 
-	; Load the 2 words
-	xor	edi,		edi
-	xor	esi,		esi
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	DWORD PTR 36[esp],25
-L000start:
-	; 
-	; Round 0
-	mov	eax,		DWORD PTR 28[esp]
-	mov	edx,		esi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 32[esp]
-	xor	edx,		esi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR [ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 4[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 1
-	mov	eax,		DWORD PTR 28[esp]
-	mov	edx,		edi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 32[esp]
-	xor	edx,		edi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 8[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 12[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 2
-	mov	eax,		DWORD PTR 28[esp]
-	mov	edx,		esi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 32[esp]
-	xor	edx,		esi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 16[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 20[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 3
-	mov	eax,		DWORD PTR 28[esp]
-	mov	edx,		edi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 32[esp]
-	xor	edx,		edi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 24[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 28[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 4
-	mov	eax,		DWORD PTR 28[esp]
-	mov	edx,		esi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 32[esp]
-	xor	edx,		esi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 32[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 36[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 5
-	mov	eax,		DWORD PTR 28[esp]
-	mov	edx,		edi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 32[esp]
-	xor	edx,		edi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 40[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 44[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 6
-	mov	eax,		DWORD PTR 28[esp]
-	mov	edx,		esi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 32[esp]
-	xor	edx,		esi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 48[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 52[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 7
-	mov	eax,		DWORD PTR 28[esp]
-	mov	edx,		edi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 32[esp]
-	xor	edx,		edi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 56[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 60[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 8
-	mov	eax,		DWORD PTR 28[esp]
-	mov	edx,		esi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 32[esp]
-	xor	edx,		esi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 64[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 68[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 9
-	mov	eax,		DWORD PTR 28[esp]
-	mov	edx,		edi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 32[esp]
-	xor	edx,		edi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 72[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 76[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 10
-	mov	eax,		DWORD PTR 28[esp]
-	mov	edx,		esi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 32[esp]
-	xor	edx,		esi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 80[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 84[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 11
-	mov	eax,		DWORD PTR 28[esp]
-	mov	edx,		edi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 32[esp]
-	xor	edx,		edi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 88[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 92[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 12
-	mov	eax,		DWORD PTR 28[esp]
-	mov	edx,		esi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 32[esp]
-	xor	edx,		esi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 96[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 100[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 13
-	mov	eax,		DWORD PTR 28[esp]
-	mov	edx,		edi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 32[esp]
-	xor	edx,		edi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 104[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 108[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 14
-	mov	eax,		DWORD PTR 28[esp]
-	mov	edx,		esi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 32[esp]
-	xor	edx,		esi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 112[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 116[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 15
-	mov	eax,		DWORD PTR 28[esp]
-	mov	edx,		edi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 32[esp]
-	xor	edx,		edi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 120[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 124[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	mov	eax,		edi
-	dec	DWORD PTR 36[esp]
-	mov	edi,		esi
-	mov	esi,		eax
-	jnz	L000start
-	; 
-	; FP
-	mov	edx,		DWORD PTR 20[esp]
-	ror	edi,		1
-	mov	eax,		esi
-	xor	esi,		edi
-	and	esi,		0aaaaaaaah
-	xor	eax,		esi
-	xor	edi,		esi
-	; 
-	rol	eax,		23
-	mov	esi,		eax
-	xor	eax,		edi
-	and	eax,		003fc03fch
-	xor	esi,		eax
-	xor	edi,		eax
-	; 
-	rol	esi,		10
-	mov	eax,		esi
-	xor	esi,		edi
-	and	esi,		033333333h
-	xor	eax,		esi
-	xor	edi,		esi
-	; 
-	rol	edi,		18
-	mov	esi,		edi
-	xor	edi,		eax
-	and	edi,		0fff0000fh
-	xor	esi,		edi
-	xor	eax,		edi
-	; 
-	rol	esi,		12
-	mov	edi,		esi
-	xor	esi,		eax
-	and	esi,		0f0f0f0f0h
-	xor	edi,		esi
-	xor	eax,		esi
-	; 
-	ror	eax,		4
-	mov	DWORD PTR [edx],eax
-	mov	DWORD PTR 4[edx],edi
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-_fcrypt_body ENDP
-_TEXT	ENDS
-END
diff --git a/crypto/des/asm/c-win32.uu b/crypto/des/asm/c-win32.uu
deleted file mode 100644
index 09d5d7dd33..0000000000
--- a/crypto/des/asm/c-win32.uu
+++ /dev/null
@@ -1,99 +0,0 @@
-begin 640 c-win32.obj
-M3`$"`/4&DC,,$```"0`````````N=&5X=```````````````J`H``&0````,
-M"P```````(`````@`#!@+F1A=&$```"H"@`````````````,$```````````
-M````````0``PP%535E<S_S/VBVPD&,=$)"09````BT0D'(O6P>H0BTPD(#/6
-M(\(CT8O8P>,0B\K!X1`SPS/1BUT`,\.+300SQC/6,]$E_/S\_#/;@>+/S\_/
-M,\F*V(K,P<H$BZL`````BMHS_8NI``(``#/]BL[!Z!"+JP`!```S_8K<P>H0
-MBZD``P``,_V+;"08BLXE_P```('B_P```(N;``8``#/[BYD`!P``,_N+F``$
-M```S^XN:``4``#/[BT0D'(O7P>H0BTPD(#/7(\(CT8O8P>,0B\K!X1`SPS/1
-MBUT(,\.+30PSQS/7,]$E_/S\_#/;@>+/S\_/,\F*V(K,P<H$BZL`````BMHS
-M]8NI``(``#/UBL[!Z!"+JP`!```S]8K<P>H0BZD``P``,_6+;"08BLXE_P``
-M`('B_P```(N;``8``#/SBYD`!P``,_.+F``$```S\XN:``4``#/SBT0D'(O6
-MP>H0BTPD(#/6(\(CT8O8P>,0B\K!X1`SPS/1BUT0,\.+310SQC/6,]$E_/S\
-M_#/;@>+/S\_/,\F*V(K,P<H$BZL`````BMHS_8NI``(``#/]BL[!Z!"+JP`!
-M```S_8K<P>H0BZD``P``,_V+;"08BLXE_P```('B_P```(N;``8``#/[BYD`
-M!P``,_N+F``$```S^XN:``4``#/[BT0D'(O7P>H0BTPD(#/7(\(CT8O8P>,0
-MB\K!X1`SPS/1BUT8,\.+31PSQS/7,]$E_/S\_#/;@>+/S\_/,\F*V(K,P<H$
-MBZL`````BMHS]8NI``(``#/UBL[!Z!"+JP`!```S]8K<P>H0BZD``P``,_6+
-M;"08BLXE_P```('B_P```(N;``8``#/SBYD`!P``,_.+F``$```S\XN:``4`
-M`#/SBT0D'(O6P>H0BTPD(#/6(\(CT8O8P>,0B\K!X1`SPS/1BUT@,\.+320S
-MQC/6,]$E_/S\_#/;@>+/S\_/,\F*V(K,P<H$BZL`````BMHS_8NI``(``#/]
-MBL[!Z!"+JP`!```S_8K<P>H0BZD``P``,_V+;"08BLXE_P```('B_P```(N;
-M``8``#/[BYD`!P``,_N+F``$```S^XN:``4``#/[BT0D'(O7P>H0BTPD(#/7
-M(\(CT8O8P>,0B\K!X1`SPS/1BUTH,\.+32PSQS/7,]$E_/S\_#/;@>+/S\_/
-M,\F*V(K,P<H$BZL`````BMHS]8NI``(``#/UBL[!Z!"+JP`!```S]8K<P>H0
-MBZD``P``,_6+;"08BLXE_P```('B_P```(N;``8``#/SBYD`!P``,_.+F``$
-M```S\XN:``4``#/SBT0D'(O6P>H0BTPD(#/6(\(CT8O8P>,0B\K!X1`SPS/1
-MBUTP,\.+330SQC/6,]$E_/S\_#/;@>+/S\_/,\F*V(K,P<H$BZL`````BMHS
-M_8NI``(``#/]BL[!Z!"+JP`!```S_8K<P>H0BZD``P``,_V+;"08BLXE_P``
-M`('B_P```(N;``8``#/[BYD`!P``,_N+F``$```S^XN:``4``#/[BT0D'(O7
-MP>H0BTPD(#/7(\(CT8O8P>,0B\K!X1`SPS/1BUTX,\.+33PSQS/7,]$E_/S\
-M_#/;@>+/S\_/,\F*V(K,P<H$BZL`````BMHS]8NI``(``#/UBL[!Z!"+JP`!
-M```S]8K<P>H0BZD``P``,_6+;"08BLXE_P```('B_P```(N;``8``#/SBYD`
-M!P``,_.+F``$```S\XN:``4``#/SBT0D'(O6P>H0BTPD(#/6(\(CT8O8P>,0
-MB\K!X1`SPS/1BUU`,\.+340SQC/6,]$E_/S\_#/;@>+/S\_/,\F*V(K,P<H$
-MBZL`````BMHS_8NI``(``#/]BL[!Z!"+JP`!```S_8K<P>H0BZD``P``,_V+
-M;"08BLXE_P```('B_P```(N;``8``#/[BYD`!P``,_N+F``$```S^XN:``4`
-M`#/[BT0D'(O7P>H0BTPD(#/7(\(CT8O8P>,0B\K!X1`SPS/1BUU(,\.+34PS
-MQS/7,]$E_/S\_#/;@>+/S\_/,\F*V(K,P<H$BZL`````BMHS]8NI``(``#/U
-MBL[!Z!"+JP`!```S]8K<P>H0BZD``P``,_6+;"08BLXE_P```('B_P```(N;
-M``8``#/SBYD`!P``,_.+F``$```S\XN:``4``#/SBT0D'(O6P>H0BTPD(#/6
-M(\(CT8O8P>,0B\K!X1`SPS/1BUU0,\.+350SQC/6,]$E_/S\_#/;@>+/S\_/
-M,\F*V(K,P<H$BZL`````BMHS_8NI``(``#/]BL[!Z!"+JP`!```S_8K<P>H0
-MBZD``P``,_V+;"08BLXE_P```('B_P```(N;``8``#/[BYD`!P``,_N+F``$
-M```S^XN:``4``#/[BT0D'(O7P>H0BTPD(#/7(\(CT8O8P>,0B\K!X1`SPS/1
-MBUU8,\.+35PSQS/7,]$E_/S\_#/;@>+/S\_/,\F*V(K,P<H$BZL`````BMHS
-M]8NI``(``#/UBL[!Z!"+JP`!```S]8K<P>H0BZD``P``,_6+;"08BLXE_P``
-M`('B_P```(N;``8``#/SBYD`!P``,_.+F``$```S\XN:``4``#/SBT0D'(O6
-MP>H0BTPD(#/6(\(CT8O8P>,0B\K!X1`SPS/1BUU@,\.+360SQC/6,]$E_/S\
-M_#/;@>+/S\_/,\F*V(K,P<H$BZL`````BMHS_8NI``(``#/]BL[!Z!"+JP`!
-M```S_8K<P>H0BZD``P``,_V+;"08BLXE_P```('B_P```(N;``8``#/[BYD`
-M!P``,_N+F``$```S^XN:``4``#/[BT0D'(O7P>H0BTPD(#/7(\(CT8O8P>,0
-MB\K!X1`SPS/1BUUH,\.+36PSQS/7,]$E_/S\_#/;@>+/S\_/,\F*V(K,P<H$
-MBZL`````BMHS]8NI``(``#/UBL[!Z!"+JP`!```S]8K<P>H0BZD``P``,_6+
-M;"08BLXE_P```('B_P```(N;``8``#/SBYD`!P``,_.+F``$```S\XN:``4`
-M`#/SBT0D'(O6P>H0BTPD(#/6(\(CT8O8P>,0B\K!X1`SPS/1BUUP,\.+370S
-MQC/6,]$E_/S\_#/;@>+/S\_/,\F*V(K,P<H$BZL`````BMHS_8NI``(``#/]
-MBL[!Z!"+JP`!```S_8K<P>H0BZD``P``,_V+;"08BLXE_P```('B_P```(N;
-M``8``#/[BYD`!P``,_N+F``$```S^XN:``4``#/[BT0D'(O7P>H0BTPD(#/7
-M(\(CT8O8P>,0B\K!X1`SPS/1BUUX,\.+37PSQS/7,]$E_/S\_#/;@>+/S\_/
-M,\F*V(K,P<H$BZL`````BMHS]8NI``(``#/UBL[!Z!"+JP`!```S]8K<P>H0
-MBZD``P``,_6+;"08BLXE_P```('B_P```(N;``8``#/SBYD`!P``,_.+F``$
-M```S\XN:``4``#/SB\?_3"0DB_Z+\`^%T/7__XM4)!31SXO&,_>!YJJJJJHS
-MQC/^P<`7B_`SQR7\`_P#,_`S^,'&"HO&,_>!YC,S,S,SQC/^P<<2B_<S^('G
-M#P#P_S/W,\?!Q@R+_C/P@>;P\/#P,_XSQL'(!(D"B7H$7UY;7<-;````!P``
-M``8`90````<````&`'(````'````!@!_````!P````8`F`````<````&`*``
-M```'````!@"H````!P````8`L`````<````&`/T````'````!@`'`0``!P``
-M``8`%`$```<````&`"$!```'````!@`Z`0``!P````8`0@$```<````&`$H!
-M```'````!@!2`0``!P````8`GP$```<````&`*D!```'````!@"V`0``!P``
-M``8`PP$```<````&`-P!```'````!@#D`0``!P````8`[`$```<````&`/0!
-M```'````!@!!`@``!P````8`2P(```<````&`%@"```'````!@!E`@``!P``
-M``8`?@(```<````&`(8"```'````!@".`@``!P````8`E@(```<````&`.,"
-M```'````!@#M`@``!P````8`^@(```<````&``<#```'````!@`@`P``!P``
-M``8`*`,```<````&`#`#```'````!@`X`P``!P````8`A0,```<````&`(\#
-M```'````!@"<`P``!P````8`J0,```<````&`,(#```'````!@#*`P``!P``
-M``8`T@,```<````&`-H#```'````!@`G!```!P````8`,00```<````&`#X$
-M```'````!@!+!```!P````8`9`0```<````&`&P$```'````!@!T!```!P``
-M``8`?`0```<````&`,D$```'````!@#3!```!P````8`X`0```<````&`.T$
-M```'````!@`&!0``!P````8`#@4```<````&`!8%```'````!@`>!0``!P``
-M``8`:P4```<````&`'4%```'````!@""!0``!P````8`CP4```<````&`*@%
-M```'````!@"P!0``!P````8`N`4```<````&`,`%```'````!@`-!@``!P``
-M``8`%P8```<````&`"0&```'````!@`Q!@``!P````8`2@8```<````&`%(&
-M```'````!@!:!@``!P````8`8@8```<````&`*\&```'````!@"Y!@``!P``
-M``8`Q@8```<````&`-,&```'````!@#L!@``!P````8`]`8```<````&`/P&
-M```'````!@`$!P``!P````8`40<```<````&`%L'```'````!@!H!P``!P``
-M``8`=0<```<````&`(X'```'````!@"6!P``!P````8`G@<```<````&`*8'
-M```'````!@#S!P``!P````8`_0<```<````&``H(```'````!@`7"```!P``
-M``8`,`@```<````&`#@(```'````!@!`"```!P````8`2`@```<````&`)4(
-M```'````!@"?"```!P````8`K`@```<````&`+D(```'````!@#2"```!P``
-M``8`V@@```<````&`.((```'````!@#J"```!P````8`-PD```<````&`$$)
-M```'````!@!."0``!P````8`6PD```<````&`'0)```'````!@!\"0``!P``
-M``8`A`D```<````&`(P)```'````!@#9"0``!P````8`XPD```<````&`/`)
-M```'````!@#]"0``!P````8`%@H```<````&`!X*```'````!@`F"@``!P``
-M``8`+@H```<````&`"YF:6QE`````````/[_``!G`BY<8W)Y<'1O7&1E<UQA
-M<VU<8RUW:6XS,BYA<VT``````````"YT97AT``````````$````#`:@*``"`
-M`````````````````"YD871A``````````(````#`0``````````````````
-M```````````$```````````````"```````1``````````$`(``"`!X```!?
-99&5S7U-0=')A;G,`7V9C<GEP=%]B;V1Y````
-`
-end
diff --git a/crypto/des/asm/crypt.pl b/crypto/des/asm/crypt.pl
deleted file mode 100644
index 0a7dce00b4..0000000000
--- a/crypto/des/asm/crypt.pl
+++ /dev/null
@@ -1,240 +0,0 @@
-#!/usr/local/bin/perl
-#

-# The inner loop instruction sequence and the IP/FP modifications are from

-# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>

-# I've added the stuff needed for crypt() but I've not worried about making

-# things perfect.

-#

-

-$prog="crypt.pl";

-

-# base code is in microsft

-# op dest, source

-# format.

-#

-

-require "desboth.pl";

-

-if (	($ARGV[0] eq "elf"))

-	{ require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "a.out"))

-	{ $aout=1; require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "sol"))

-	{ $sol=1; require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "cpp"))

-	{ $cpp=1; require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "win32"))

-	{ require "x86ms.pl"; }

-else

-	{

-	print STDERR <<"EOF";

-Pick one target type from

-	elf	- linux, FreeBSD etc

-	a.out	- old linux

-	sol	- x86 solaris

-	cpp	- format so x86unix.cpp can be used

-	win32	- Windows 95/Windows NT

-EOF

-	exit(1);

-	}

-

-&comment("Don't even think of reading this code");

-&comment("It was automatically generated by $prog");

-&comment("Which is a perl program used to generate the x86 assember for");

-&comment("any of elf, a.out, Win32, or Solaris");

-&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+");

-&comment("eric <eay\@cryptsoft.com>");

-&comment("The inner loop instruction sequence and the IP/FP modifications");

-&comment("are from Svend Olaf Mikkelsen <svolaf\@inet.uni-c.dk>");

-

-&comment("");

-

-&file("dx86xxxx");

-

-$L="edi";

-$R="esi";

-

-&fcrypt_body("fcrypt_body");

-

-&file_end();

-

-sub fcrypt_body

-	{

-	local($name,$do_ip)=@_;

-

-	&function_begin($name,3,"EXTRN   _des_SPtrans:DWORD");

-

-	&comment("");

-	&comment("Load the 2 words");

-	$ks="ebp";

-

-	&xor(	$L,	$L);

-	&xor(	$R,	$R);

-	&mov($ks,&wparam(1));

-

-	&mov(&wtmp(1),	25);

-

-	&set_label("start");

-	for ($i=0; $i<16; $i+=2)

-		{

-		&comment("");

-		&comment("Round $i");

-		&D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");

-

-		&comment("");

-		&comment("Round ".sprintf("%d",$i+1));

-		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");

-		}

-	&mov("eax",	$L);

-	&dec(&wtmp(1));

-	&mov($L,	$R);

-	&mov($R,	"eax");

-	&jnz(&label("start"));

-

-	&comment("");

-	&comment("FP");

-	&mov("edx",&wparam(0));

-

-	&FP_new($R,$L,"eax",3);

-	&mov(&DWP(0,"edx","",0),"eax");

-	&mov(&DWP(4,"edx","",0),$L);

-

-	&function_end($name);

-	}

-

-sub D_ENCRYPT

-	{

-	local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;

-

-	&mov(	$u,		&wparam(2));			# 2

-	&mov(	$t,		$R);

-	&shr(	$t,		16);				# 1

-	&mov(	$tmp2,		&wparam(3));			# 2

-	&xor(	$t,		$R);				# 1

-

-	&and(	$u,		$t);				# 2

-	&and(	$t,		$tmp2);				# 2

-

-	&mov(	$tmp1,		$u);

-	&shl(	$tmp1,		16); 				# 1

-	&mov(	$tmp2,		$t);

-	&shl(	$tmp2,		16); 				# 1

-	&xor(	$u,		$tmp1);				# 2

-	&xor(	$t,		$tmp2);				# 2

-	&mov(	$tmp1,		&DWP(&n2a($S*4),$ks,"",0));	# 2

-	&xor(	$u,		$tmp1);

-	&mov(	$tmp2,		&DWP(&n2a(($S+1)*4),$ks,"",0));	# 2

-	&xor(	$u,		$R);

-	&xor(	$t,		$R);

-	&xor(	$t,		$tmp2);

-

-	&and(	$u,		"0xfcfcfcfc"	);		# 2

-	&xor(	$tmp1,		$tmp1);				# 1

-	&and(	$t,		"0xcfcfcfcf"	);		# 2

-	&xor(	$tmp2,		$tmp2);	

-	&movb(	&LB($tmp1),	&LB($u)	);

-	&movb(	&LB($tmp2),	&HB($u)	);

-	&rotr(	$t,		4		);

-	&mov(	$ks,		&DWP("      $desSP",$tmp1,"",0));

-	&movb(	&LB($tmp1),	&LB($t)	);

-	&xor(	$L,		$ks);

-	&mov(	$ks,		&DWP("0x200+$desSP",$tmp2,"",0));

-	&xor(	$L,		$ks);

-	&movb(	&LB($tmp2),	&HB($t)	);

-	&shr(	$u,		16);

-	&mov(	$ks,		&DWP("0x100+$desSP",$tmp1,"",0));

-	&xor(	$L,		$ks); 

-	&movb(	&LB($tmp1),	&HB($u)	);

-	&shr(	$t,		16);

-	&mov(	$ks,		&DWP("0x300+$desSP",$tmp2,"",0));

-	&xor(	$L,		$ks);

-	&mov(	$ks,		&DWP(24,"esp","",0));

-	&movb(	&LB($tmp2),	&HB($t)	);

-	&and(	$u,		"0xff"	);

-	&and(	$t,		"0xff"	);

-	&mov(	$tmp1,		&DWP("0x600+$desSP",$tmp1,"",0));

-	&xor(	$L,		$tmp1);

-	&mov(	$tmp1,		&DWP("0x700+$desSP",$tmp2,"",0));

-	&xor(	$L,		$tmp1);

-	&mov(	$tmp1,		&DWP("0x400+$desSP",$u,"",0));

-	&xor(	$L,		$tmp1);

-	&mov(	$tmp1,		&DWP("0x500+$desSP",$t,"",0));

-	&xor(	$L,		$tmp1);

-	}

-

-sub n2a

-	{

-	sprintf("%d",$_[0]);

-	}

-

-# now has a side affect of rotating $a by $shift

-sub R_PERM_OP

-	{

-	local($a,$b,$tt,$shift,$mask,$last)=@_;

-

-	&rotl(	$a,		$shift		) if ($shift != 0);

-	&mov(	$tt,		$a		);

-	&xor(	$a,		$b		);

-	&and(	$a,		$mask		);

-	if ($notlast eq $b)

-		{

-		&xor(	$b,		$a		);

-		&xor(	$tt,		$a		);

-		}

-	else

-		{

-		&xor(	$tt,		$a		);

-		&xor(	$b,		$a		);

-		}

-	&comment("");

-	}

-

-sub IP_new

-	{

-	local($l,$r,$tt,$lr)=@_;

-

-	&R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);

-	&R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);

-	&R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);

-	&R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);

-	&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);

-	

-	if ($lr != 3)

-		{

-		if (($lr-3) < 0)

-			{ &rotr($tt,	3-$lr); }

-		else	{ &rotl($tt,	$lr-3); }

-		}

-	if ($lr != 2)

-		{

-		if (($lr-2) < 0)

-			{ &rotr($r,	2-$lr); }

-		else	{ &rotl($r,	$lr-2); }

-		}

-	}

-

-sub FP_new

-	{

-	local($l,$r,$tt,$lr)=@_;

-

-	if ($lr != 2)

-		{

-		if (($lr-2) < 0)

-			{ &rotl($r,	2-$lr); }

-		else	{ &rotr($r,	$lr-2); }

-		}

-	if ($lr != 3)

-		{

-		if (($lr-3) < 0)

-			{ &rotl($l,	3-$lr); }

-		else	{ &rotr($l,	$lr-3); }

-		}

-

-	&R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);

-	&R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);

-	&R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);

-	&R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);

-	&R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);

-	&rotr($tt	, 4);

-	}

-

diff --git a/crypto/des/asm/crypt586.pl b/crypto/des/asm/crypt586.pl
index b310d922a1..3d41d82f69 100644
--- a/crypto/des/asm/crypt586.pl
+++ b/crypto/des/asm/crypt586.pl
@@ -14,7 +14,7 @@ require "x86asm.pl";
 $L="edi";
 $R="esi";
 
-&external_label("des_SPtrans");
+&external_label("DES_SPtrans");
 &fcrypt_body("fcrypt_body");
 &asm_finish();
 
@@ -22,7 +22,7 @@ sub fcrypt_body
 	{
 	local($name,$do_ip)=@_;
 
-	&function_begin($name,"EXTRN   _des_SPtrans:DWORD");
+	&function_begin($name,"EXTRN   _DES_SPtrans:DWORD");
 
 	&comment("");
 	&comment("Load the 2 words");
@@ -32,18 +32,18 @@ sub fcrypt_body
 	&xor(	$R,	$R);
 	&mov($ks,&wparam(1));
 
-	&push(25); # add a variable
+	&push(&DWC(25)); # add a variable
 
 	&set_label("start");
 	for ($i=0; $i<16; $i+=2)
 		{
 		&comment("");
 		&comment("Round $i");
-		&D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		&D_ENCRYPT($i,$L,$R,$i*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx");
 
 		&comment("");
 		&comment("Round ".sprintf("%d",$i+1));
-		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx");
 		}
 	 &mov("ebx",	&swtmp(0));
 	&mov("eax",	$L);
diff --git a/crypto/des/asm/cx86-cpp.s b/crypto/des/asm/cx86-cpp.s
deleted file mode 100644
index e5165fadf9..0000000000
--- a/crypto/des/asm/cx86-cpp.s
+++ /dev/null
@@ -1,932 +0,0 @@
-	/* Don't even think of reading this code */
-	/* It was automatically generated by crypt.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, Win32, or Solaris */
-	/* It can be found in SSLeay 0.6.5+ or in libdes 3.26+ */
-	/* eric <eay@cryptsoft.com> */
-	/* The inner loop instruction sequence and the IP/FP modifications */
-	/* are from Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> */
-
-	.file	"dx86xxxx.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl fcrypt_body
-	TYPE(fcrypt_body,@function)
-fcrypt_body:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	/* Load the 2 words */
-	xorl	%edi,		%edi
-	xorl	%esi,		%esi
-	movl	24(%esp),	%ebp
-	movl	$25,		-8(%esp)
-.align ALIGN
-.L000start:
-
-	/* Round 0 */
-	movl	28(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	32(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	(%ebp),		%ebx
-	xorl	%ebx,		%eax
-	movl	4(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 1 */
-	movl	28(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	32(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	8(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	12(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 2 */
-	movl	28(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	32(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	16(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	20(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 3 */
-	movl	28(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	32(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	24(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	28(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 4 */
-	movl	28(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	32(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	32(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	36(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 5 */
-	movl	28(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	32(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	40(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	44(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 6 */
-	movl	28(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	32(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	48(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	52(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 7 */
-	movl	28(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	32(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	56(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	60(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 8 */
-	movl	28(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	32(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	64(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	68(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 9 */
-	movl	28(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	32(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	72(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	76(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 10 */
-	movl	28(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	32(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	80(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	84(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 11 */
-	movl	28(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	32(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	88(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	92(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 12 */
-	movl	28(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	32(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	96(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	100(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 13 */
-	movl	28(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	32(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	104(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	108(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 14 */
-	movl	28(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	32(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	112(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	116(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 15 */
-	movl	28(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	32(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	120(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	124(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-	movl	%edi,		%eax
-	decl	-8(%esp)
-	movl	%esi,		%edi
-	movl	%eax,		%esi
-	jnz	.L000start
-
-	/* FP */
-	movl	20(%esp),	%edx
-	rorl	$1,		%edi
-	movl	%esi,		%eax
-	xorl	%edi,		%esi
-	andl	$0xaaaaaaaa,	%esi
-	xorl	%esi,		%eax
-	xorl	%esi,		%edi
-
-	roll	$23,		%eax
-	movl	%eax,		%esi
-	xorl	%edi,		%eax
-	andl	$0x03fc03fc,	%eax
-	xorl	%eax,		%esi
-	xorl	%eax,		%edi
-
-	roll	$10,		%esi
-	movl	%esi,		%eax
-	xorl	%edi,		%esi
-	andl	$0x33333333,	%esi
-	xorl	%esi,		%eax
-	xorl	%esi,		%edi
-
-	roll	$18,		%edi
-	movl	%edi,		%esi
-	xorl	%eax,		%edi
-	andl	$0xfff0000f,	%edi
-	xorl	%edi,		%esi
-	xorl	%edi,		%eax
-
-	roll	$12,		%esi
-	movl	%esi,		%edi
-	xorl	%eax,		%esi
-	andl	$0xf0f0f0f0,	%esi
-	xorl	%esi,		%edi
-	xorl	%esi,		%eax
-
-	rorl	$4,		%eax
-	movl	%eax,		(%edx)
-	movl	%edi,		4(%edx)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.fcrypt_body_end:
-	SIZE(fcrypt_body,.fcrypt_body_end-fcrypt_body)
-.ident	"desasm.pl"
diff --git a/crypto/des/asm/cx86unix.cpp b/crypto/des/asm/cx86unix.cpp
deleted file mode 100644
index 90f87c95ef..0000000000
--- a/crypto/des/asm/cx86unix.cpp
+++ /dev/null
@@ -1,35 +0,0 @@
-
-#define TYPE(a,b)	.type	a,b
-#define SIZE(a,b)	.size	a,b
-
-#ifdef OUT
-#define OK		1
-#define des_SPtrans	_des_SPtrans
-#define fcrypt_body	_fcrypt_body
-#define ALIGN		4
-#endif
-
-#ifdef BSDI
-#define OK		1
-#define des_SPtrans	_des_SPtrans
-#define fcrypt_body	_fcrypt_body
-#define ALIGN		4
-#undef SIZE
-#undef TYPE
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK		1
-#define ALIGN		16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-#include "cx86-cpp.s" 
-
diff --git a/crypto/des/asm/d-win32.asm b/crypto/des/asm/d-win32.asm
deleted file mode 100644
index 9e3dc9cd87..0000000000
--- a/crypto/des/asm/d-win32.asm
+++ /dev/null
@@ -1,3132 +0,0 @@
-	; Don't even think of reading this code
-	; It was automatically generated by des-586.pl
-	; Which is a perl program used to generate the x86 assember for
-	; any of elf, a.out, BSDI,Win32, or Solaris
-	; eric <eay@cryptsoft.com>
-	; 
-	TITLE	des-586.asm
-        .386
-.model FLAT
-_TEXT	SEGMENT
-PUBLIC	_des_encrypt
-EXTRN   _des_SPtrans:DWORD
-_des_encrypt PROC NEAR
-	push	esi
-	push	edi
-	; 
-	; Load the 2 words
-	mov	esi,		DWORD PTR 12[esp]
-	xor	ecx,		ecx
-	push	ebx
-	push	ebp
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 28[esp]
-	mov	edi,		DWORD PTR 4[esi]
-	; 
-	; IP
-	rol	eax,		4
-	mov	esi,		eax
-	xor	eax,		edi
-	and	eax,		0f0f0f0f0h
-	xor	esi,		eax
-	xor	edi,		eax
-	; 
-	rol	edi,		20
-	mov	eax,		edi
-	xor	edi,		esi
-	and	edi,		0fff0000fh
-	xor	eax,		edi
-	xor	esi,		edi
-	; 
-	rol	eax,		14
-	mov	edi,		eax
-	xor	eax,		esi
-	and	eax,		033333333h
-	xor	edi,		eax
-	xor	esi,		eax
-	; 
-	rol	esi,		22
-	mov	eax,		esi
-	xor	esi,		edi
-	and	esi,		003fc03fch
-	xor	eax,		esi
-	xor	edi,		esi
-	; 
-	rol	eax,		9
-	mov	esi,		eax
-	xor	eax,		edi
-	and	eax,		0aaaaaaaah
-	xor	esi,		eax
-	xor	edi,		eax
-	; 
-	rol	edi,		1
-	mov	ebp,		DWORD PTR 24[esp]
-	cmp	ebx,		0
-	je	$L000start_decrypt
-	; 
-	; Round 0
-	mov	eax,		DWORD PTR [ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 4[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 1
-	mov	eax,		DWORD PTR 8[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 12[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 2
-	mov	eax,		DWORD PTR 16[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 20[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 3
-	mov	eax,		DWORD PTR 24[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 28[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 4
-	mov	eax,		DWORD PTR 32[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 36[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 5
-	mov	eax,		DWORD PTR 40[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 44[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 6
-	mov	eax,		DWORD PTR 48[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 52[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 7
-	mov	eax,		DWORD PTR 56[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 60[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 8
-	mov	eax,		DWORD PTR 64[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 68[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 9
-	mov	eax,		DWORD PTR 72[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 76[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 10
-	mov	eax,		DWORD PTR 80[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 84[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 11
-	mov	eax,		DWORD PTR 88[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 92[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 12
-	mov	eax,		DWORD PTR 96[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 100[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 13
-	mov	eax,		DWORD PTR 104[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 108[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 14
-	mov	eax,		DWORD PTR 112[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 116[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 15
-	mov	eax,		DWORD PTR 120[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 124[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	jmp	$L001end
-$L000start_decrypt:
-	; 
-	; Round 15
-	mov	eax,		DWORD PTR 120[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 124[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 14
-	mov	eax,		DWORD PTR 112[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 116[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 13
-	mov	eax,		DWORD PTR 104[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 108[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 12
-	mov	eax,		DWORD PTR 96[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 100[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 11
-	mov	eax,		DWORD PTR 88[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 92[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 10
-	mov	eax,		DWORD PTR 80[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 84[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 9
-	mov	eax,		DWORD PTR 72[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 76[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 8
-	mov	eax,		DWORD PTR 64[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 68[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 7
-	mov	eax,		DWORD PTR 56[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 60[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 6
-	mov	eax,		DWORD PTR 48[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 52[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 5
-	mov	eax,		DWORD PTR 40[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 44[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 4
-	mov	eax,		DWORD PTR 32[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 36[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 3
-	mov	eax,		DWORD PTR 24[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 28[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 2
-	mov	eax,		DWORD PTR 16[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 20[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 1
-	mov	eax,		DWORD PTR 8[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 12[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 0
-	mov	eax,		DWORD PTR [ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 4[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-$L001end:
-	; 
-	; FP
-	mov	edx,		DWORD PTR 20[esp]
-	ror	esi,		1
-	mov	eax,		edi
-	xor	edi,		esi
-	and	edi,		0aaaaaaaah
-	xor	eax,		edi
-	xor	esi,		edi
-	; 
-	rol	eax,		23
-	mov	edi,		eax
-	xor	eax,		esi
-	and	eax,		003fc03fch
-	xor	edi,		eax
-	xor	esi,		eax
-	; 
-	rol	edi,		10
-	mov	eax,		edi
-	xor	edi,		esi
-	and	edi,		033333333h
-	xor	eax,		edi
-	xor	esi,		edi
-	; 
-	rol	esi,		18
-	mov	edi,		esi
-	xor	esi,		eax
-	and	esi,		0fff0000fh
-	xor	edi,		esi
-	xor	eax,		esi
-	; 
-	rol	edi,		12
-	mov	esi,		edi
-	xor	edi,		eax
-	and	edi,		0f0f0f0f0h
-	xor	esi,		edi
-	xor	eax,		edi
-	; 
-	ror	eax,		4
-	mov	DWORD PTR [edx],eax
-	mov	DWORD PTR 4[edx],esi
-	pop	ebp
-	pop	ebx
-	pop	edi
-	pop	esi
-	ret
-_des_encrypt ENDP
-_TEXT	ENDS
-_TEXT	SEGMENT
-PUBLIC	_des_encrypt2
-EXTRN   _des_SPtrans:DWORD
-_des_encrypt2 PROC NEAR
-	push	esi
-	push	edi
-	; 
-	; Load the 2 words
-	mov	eax,		DWORD PTR 12[esp]
-	xor	ecx,		ecx
-	push	ebx
-	push	ebp
-	mov	esi,		DWORD PTR [eax]
-	mov	ebx,		DWORD PTR 28[esp]
-	rol	esi,		3
-	mov	edi,		DWORD PTR 4[eax]
-	rol	edi,		3
-	mov	ebp,		DWORD PTR 24[esp]
-	cmp	ebx,		0
-	je	$L002start_decrypt
-	; 
-	; Round 0
-	mov	eax,		DWORD PTR [ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 4[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 1
-	mov	eax,		DWORD PTR 8[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 12[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 2
-	mov	eax,		DWORD PTR 16[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 20[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 3
-	mov	eax,		DWORD PTR 24[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 28[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 4
-	mov	eax,		DWORD PTR 32[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 36[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 5
-	mov	eax,		DWORD PTR 40[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 44[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 6
-	mov	eax,		DWORD PTR 48[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 52[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 7
-	mov	eax,		DWORD PTR 56[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 60[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 8
-	mov	eax,		DWORD PTR 64[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 68[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 9
-	mov	eax,		DWORD PTR 72[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 76[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 10
-	mov	eax,		DWORD PTR 80[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 84[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 11
-	mov	eax,		DWORD PTR 88[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 92[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 12
-	mov	eax,		DWORD PTR 96[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 100[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 13
-	mov	eax,		DWORD PTR 104[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 108[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 14
-	mov	eax,		DWORD PTR 112[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 116[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 15
-	mov	eax,		DWORD PTR 120[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 124[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	jmp	$L003end
-$L002start_decrypt:
-	; 
-	; Round 15
-	mov	eax,		DWORD PTR 120[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 124[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 14
-	mov	eax,		DWORD PTR 112[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 116[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 13
-	mov	eax,		DWORD PTR 104[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 108[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 12
-	mov	eax,		DWORD PTR 96[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 100[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 11
-	mov	eax,		DWORD PTR 88[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 92[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 10
-	mov	eax,		DWORD PTR 80[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 84[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 9
-	mov	eax,		DWORD PTR 72[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 76[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 8
-	mov	eax,		DWORD PTR 64[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 68[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 7
-	mov	eax,		DWORD PTR 56[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 60[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 6
-	mov	eax,		DWORD PTR 48[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 52[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 5
-	mov	eax,		DWORD PTR 40[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 44[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 4
-	mov	eax,		DWORD PTR 32[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 36[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 3
-	mov	eax,		DWORD PTR 24[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 28[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 2
-	mov	eax,		DWORD PTR 16[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 20[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 1
-	mov	eax,		DWORD PTR 8[ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 12[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 0
-	mov	eax,		DWORD PTR [ebp]
-	xor	ebx,		ebx
-	mov	edx,		DWORD PTR 4[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	and	eax,		0fcfcfcfch
-	and	edx,		0cfcfcfcfh
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-$L003end:
-	; 
-	; Fixup
-	ror	edi,		3
-	mov	eax,		DWORD PTR 20[esp]
-	ror	esi,		3
-	mov	DWORD PTR [eax],edi
-	mov	DWORD PTR 4[eax],esi
-	pop	ebp
-	pop	ebx
-	pop	edi
-	pop	esi
-	ret
-_des_encrypt2 ENDP
-_TEXT	ENDS
-_TEXT	SEGMENT
-PUBLIC	_des_encrypt3
-
-_des_encrypt3 PROC NEAR
-	push	ebx
-	mov	ebx,		DWORD PTR 8[esp]
-	push	ebp
-	push	esi
-	push	edi
-	; 
-	; Load the data words
-	mov	edi,		DWORD PTR [ebx]
-	mov	esi,		DWORD PTR 4[ebx]
-	sub	esp,		12
-	; 
-	; IP
-	rol	edi,		4
-	mov	edx,		edi
-	xor	edi,		esi
-	and	edi,		0f0f0f0f0h
-	xor	edx,		edi
-	xor	esi,		edi
-	; 
-	rol	esi,		20
-	mov	edi,		esi
-	xor	esi,		edx
-	and	esi,		0fff0000fh
-	xor	edi,		esi
-	xor	edx,		esi
-	; 
-	rol	edi,		14
-	mov	esi,		edi
-	xor	edi,		edx
-	and	edi,		033333333h
-	xor	esi,		edi
-	xor	edx,		edi
-	; 
-	rol	edx,		22
-	mov	edi,		edx
-	xor	edx,		esi
-	and	edx,		003fc03fch
-	xor	edi,		edx
-	xor	esi,		edx
-	; 
-	rol	edi,		9
-	mov	edx,		edi
-	xor	edi,		esi
-	and	edi,		0aaaaaaaah
-	xor	edx,		edi
-	xor	esi,		edi
-	; 
-	ror	edx,		3
-	ror	esi,		2
-	mov	DWORD PTR 4[ebx],esi
-	mov	eax,		DWORD PTR 36[esp]
-	mov	DWORD PTR [ebx],edx
-	mov	edi,		DWORD PTR 40[esp]
-	mov	esi,		DWORD PTR 44[esp]
-	mov	DWORD PTR 8[esp],1
-	mov	DWORD PTR 4[esp],eax
-	mov	DWORD PTR [esp],ebx
-	call	_des_encrypt2
-	mov	DWORD PTR 8[esp],0
-	mov	DWORD PTR 4[esp],edi
-	mov	DWORD PTR [esp],ebx
-	call	_des_encrypt2
-	mov	DWORD PTR 8[esp],1
-	mov	DWORD PTR 4[esp],esi
-	mov	DWORD PTR [esp],ebx
-	call	_des_encrypt2
-	add	esp,		12
-	mov	edi,		DWORD PTR [ebx]
-	mov	esi,		DWORD PTR 4[ebx]
-	; 
-	; FP
-	rol	esi,		2
-	rol	edi,		3
-	mov	eax,		edi
-	xor	edi,		esi
-	and	edi,		0aaaaaaaah
-	xor	eax,		edi
-	xor	esi,		edi
-	; 
-	rol	eax,		23
-	mov	edi,		eax
-	xor	eax,		esi
-	and	eax,		003fc03fch
-	xor	edi,		eax
-	xor	esi,		eax
-	; 
-	rol	edi,		10
-	mov	eax,		edi
-	xor	edi,		esi
-	and	edi,		033333333h
-	xor	eax,		edi
-	xor	esi,		edi
-	; 
-	rol	esi,		18
-	mov	edi,		esi
-	xor	esi,		eax
-	and	esi,		0fff0000fh
-	xor	edi,		esi
-	xor	eax,		esi
-	; 
-	rol	edi,		12
-	mov	esi,		edi
-	xor	edi,		eax
-	and	edi,		0f0f0f0f0h
-	xor	esi,		edi
-	xor	eax,		edi
-	; 
-	ror	eax,		4
-	mov	DWORD PTR [ebx],eax
-	mov	DWORD PTR 4[ebx],esi
-	pop	edi
-	pop	esi
-	pop	ebp
-	pop	ebx
-	ret
-_des_encrypt3 ENDP
-_TEXT	ENDS
-_TEXT	SEGMENT
-PUBLIC	_des_decrypt3
-
-_des_decrypt3 PROC NEAR
-	push	ebx
-	mov	ebx,		DWORD PTR 8[esp]
-	push	ebp
-	push	esi
-	push	edi
-	; 
-	; Load the data words
-	mov	edi,		DWORD PTR [ebx]
-	mov	esi,		DWORD PTR 4[ebx]
-	sub	esp,		12
-	; 
-	; IP
-	rol	edi,		4
-	mov	edx,		edi
-	xor	edi,		esi
-	and	edi,		0f0f0f0f0h
-	xor	edx,		edi
-	xor	esi,		edi
-	; 
-	rol	esi,		20
-	mov	edi,		esi
-	xor	esi,		edx
-	and	esi,		0fff0000fh
-	xor	edi,		esi
-	xor	edx,		esi
-	; 
-	rol	edi,		14
-	mov	esi,		edi
-	xor	edi,		edx
-	and	edi,		033333333h
-	xor	esi,		edi
-	xor	edx,		edi
-	; 
-	rol	edx,		22
-	mov	edi,		edx
-	xor	edx,		esi
-	and	edx,		003fc03fch
-	xor	edi,		edx
-	xor	esi,		edx
-	; 
-	rol	edi,		9
-	mov	edx,		edi
-	xor	edi,		esi
-	and	edi,		0aaaaaaaah
-	xor	edx,		edi
-	xor	esi,		edi
-	; 
-	ror	edx,		3
-	ror	esi,		2
-	mov	DWORD PTR 4[ebx],esi
-	mov	esi,		DWORD PTR 36[esp]
-	mov	DWORD PTR [ebx],edx
-	mov	edi,		DWORD PTR 40[esp]
-	mov	eax,		DWORD PTR 44[esp]
-	mov	DWORD PTR 8[esp],0
-	mov	DWORD PTR 4[esp],eax
-	mov	DWORD PTR [esp],ebx
-	call	_des_encrypt2
-	mov	DWORD PTR 8[esp],1
-	mov	DWORD PTR 4[esp],edi
-	mov	DWORD PTR [esp],ebx
-	call	_des_encrypt2
-	mov	DWORD PTR 8[esp],0
-	mov	DWORD PTR 4[esp],esi
-	mov	DWORD PTR [esp],ebx
-	call	_des_encrypt2
-	add	esp,		12
-	mov	edi,		DWORD PTR [ebx]
-	mov	esi,		DWORD PTR 4[ebx]
-	; 
-	; FP
-	rol	esi,		2
-	rol	edi,		3
-	mov	eax,		edi
-	xor	edi,		esi
-	and	edi,		0aaaaaaaah
-	xor	eax,		edi
-	xor	esi,		edi
-	; 
-	rol	eax,		23
-	mov	edi,		eax
-	xor	eax,		esi
-	and	eax,		003fc03fch
-	xor	edi,		eax
-	xor	esi,		eax
-	; 
-	rol	edi,		10
-	mov	eax,		edi
-	xor	edi,		esi
-	and	edi,		033333333h
-	xor	eax,		edi
-	xor	esi,		edi
-	; 
-	rol	esi,		18
-	mov	edi,		esi
-	xor	esi,		eax
-	and	esi,		0fff0000fh
-	xor	edi,		esi
-	xor	eax,		esi
-	; 
-	rol	edi,		12
-	mov	esi,		edi
-	xor	edi,		eax
-	and	edi,		0f0f0f0f0h
-	xor	esi,		edi
-	xor	eax,		edi
-	; 
-	ror	eax,		4
-	mov	DWORD PTR [ebx],eax
-	mov	DWORD PTR 4[ebx],esi
-	pop	edi
-	pop	esi
-	pop	ebp
-	pop	ebx
-	ret
-_des_decrypt3 ENDP
-_TEXT	ENDS
-_TEXT	SEGMENT
-PUBLIC	_des_ncbc_encrypt
-
-_des_ncbc_encrypt PROC NEAR
-	; 
-	push	ebp
-	push	ebx
-	push	esi
-	push	edi
-	mov	ebp,		DWORD PTR 28[esp]
-	; getting iv ptr from parameter 4
-	mov	ebx,		DWORD PTR 36[esp]
-	mov	esi,		DWORD PTR [ebx]
-	mov	edi,		DWORD PTR 4[ebx]
-	push	edi
-	push	esi
-	push	edi
-	push	esi
-	mov	ebx,		esp
-	mov	esi,		DWORD PTR 36[esp]
-	mov	edi,		DWORD PTR 40[esp]
-	; getting encrypt flag from parameter 5
-	mov	ecx,		DWORD PTR 56[esp]
-	; get and push parameter 5
-	push	ecx
-	; get and push parameter 3
-	mov	eax,		DWORD PTR 52[esp]
-	push	eax
-	push	ebx
-	cmp	ecx,		0
-	jz	$L004decrypt
-	and	ebp,		4294967288
-	mov	eax,		DWORD PTR 12[esp]
-	mov	ebx,		DWORD PTR 16[esp]
-	jz	$L005encrypt_finish
-L006encrypt_loop:
-	mov	ecx,		DWORD PTR [esi]
-	mov	edx,		DWORD PTR 4[esi]
-	xor	eax,		ecx
-	xor	ebx,		edx
-	mov	DWORD PTR 12[esp],eax
-	mov	DWORD PTR 16[esp],ebx
-	call	_des_encrypt
-	mov	eax,		DWORD PTR 12[esp]
-	mov	ebx,		DWORD PTR 16[esp]
-	mov	DWORD PTR [edi],eax
-	mov	DWORD PTR 4[edi],ebx
-	add	esi,		8
-	add	edi,		8
-	sub	ebp,		8
-	jnz	L006encrypt_loop
-$L005encrypt_finish:
-	mov	ebp,		DWORD PTR 56[esp]
-	and	ebp,		7
-	jz	$L007finish
-	xor	ecx,		ecx
-	xor	edx,		edx
-	mov	ebp,		DWORD PTR $L008cbc_enc_jmp_table[ebp*4]
-	jmp	 ebp
-L009ej7:
-	mov	dh,		BYTE PTR 6[esi]
-	shl	edx,		8
-L010ej6:
-	mov	dh,		BYTE PTR 5[esi]
-L011ej5:
-	mov	dl,		BYTE PTR 4[esi]
-L012ej4:
-	mov	ecx,		DWORD PTR [esi]
-	jmp	$L013ejend
-L014ej3:
-	mov	ch,		BYTE PTR 2[esi]
-	shl	ecx,		8
-L015ej2:
-	mov	ch,		BYTE PTR 1[esi]
-L016ej1:
-	mov	cl,		BYTE PTR [esi]
-$L013ejend:
-	xor	eax,		ecx
-	xor	ebx,		edx
-	mov	DWORD PTR 12[esp],eax
-	mov	DWORD PTR 16[esp],ebx
-	call	_des_encrypt
-	mov	eax,		DWORD PTR 12[esp]
-	mov	ebx,		DWORD PTR 16[esp]
-	mov	DWORD PTR [edi],eax
-	mov	DWORD PTR 4[edi],ebx
-	jmp	$L007finish
-$L004decrypt:
-	and	ebp,		4294967288
-	mov	eax,		DWORD PTR 20[esp]
-	mov	ebx,		DWORD PTR 24[esp]
-	jz	$L017decrypt_finish
-L018decrypt_loop:
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-	mov	DWORD PTR 12[esp],eax
-	mov	DWORD PTR 16[esp],ebx
-	call	_des_encrypt
-	mov	eax,		DWORD PTR 12[esp]
-	mov	ebx,		DWORD PTR 16[esp]
-	mov	ecx,		DWORD PTR 20[esp]
-	mov	edx,		DWORD PTR 24[esp]
-	xor	ecx,		eax
-	xor	edx,		ebx
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-	mov	DWORD PTR [edi],ecx
-	mov	DWORD PTR 4[edi],edx
-	mov	DWORD PTR 20[esp],eax
-	mov	DWORD PTR 24[esp],ebx
-	add	esi,		8
-	add	edi,		8
-	sub	ebp,		8
-	jnz	L018decrypt_loop
-$L017decrypt_finish:
-	mov	ebp,		DWORD PTR 56[esp]
-	and	ebp,		7
-	jz	$L007finish
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-	mov	DWORD PTR 12[esp],eax
-	mov	DWORD PTR 16[esp],ebx
-	call	_des_encrypt
-	mov	eax,		DWORD PTR 12[esp]
-	mov	ebx,		DWORD PTR 16[esp]
-	mov	ecx,		DWORD PTR 20[esp]
-	mov	edx,		DWORD PTR 24[esp]
-	xor	ecx,		eax
-	xor	edx,		ebx
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-L019dj7:
-	ror	edx,		16
-	mov	BYTE PTR 6[edi],dl
-	shr	edx,		16
-L020dj6:
-	mov	BYTE PTR 5[edi],dh
-L021dj5:
-	mov	BYTE PTR 4[edi],dl
-L022dj4:
-	mov	DWORD PTR [edi],ecx
-	jmp	$L023djend
-L024dj3:
-	ror	ecx,		16
-	mov	BYTE PTR 2[edi],cl
-	shl	ecx,		16
-L025dj2:
-	mov	BYTE PTR 1[esi],ch
-L026dj1:
-	mov	BYTE PTR [esi],	cl
-$L023djend:
-	jmp	$L007finish
-$L007finish:
-	mov	ecx,		DWORD PTR 64[esp]
-	add	esp,		28
-	mov	DWORD PTR [ecx],eax
-	mov	DWORD PTR 4[ecx],ebx
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-$L008cbc_enc_jmp_table:
-	DD	0
-	DD	L016ej1
-	DD	L015ej2
-	DD	L014ej3
-	DD	L012ej4
-	DD	L011ej5
-	DD	L010ej6
-	DD	L009ej7
-L027cbc_dec_jmp_table:
-	DD	0
-	DD	L026dj1
-	DD	L025dj2
-	DD	L024dj3
-	DD	L022dj4
-	DD	L021dj5
-	DD	L020dj6
-	DD	L019dj7
-_des_ncbc_encrypt ENDP
-_TEXT	ENDS
-_TEXT	SEGMENT
-PUBLIC	_des_ede3_cbc_encrypt
-
-_des_ede3_cbc_encrypt PROC NEAR
-	; 
-	push	ebp
-	push	ebx
-	push	esi
-	push	edi
-	mov	ebp,		DWORD PTR 28[esp]
-	; getting iv ptr from parameter 6
-	mov	ebx,		DWORD PTR 44[esp]
-	mov	esi,		DWORD PTR [ebx]
-	mov	edi,		DWORD PTR 4[ebx]
-	push	edi
-	push	esi
-	push	edi
-	push	esi
-	mov	ebx,		esp
-	mov	esi,		DWORD PTR 36[esp]
-	mov	edi,		DWORD PTR 40[esp]
-	; getting encrypt flag from parameter 7
-	mov	ecx,		DWORD PTR 64[esp]
-	; get and push parameter 5
-	mov	eax,		DWORD PTR 56[esp]
-	push	eax
-	; get and push parameter 4
-	mov	eax,		DWORD PTR 56[esp]
-	push	eax
-	; get and push parameter 3
-	mov	eax,		DWORD PTR 56[esp]
-	push	eax
-	push	ebx
-	cmp	ecx,		0
-	jz	$L028decrypt
-	and	ebp,		4294967288
-	mov	eax,		DWORD PTR 16[esp]
-	mov	ebx,		DWORD PTR 20[esp]
-	jz	$L029encrypt_finish
-L030encrypt_loop:
-	mov	ecx,		DWORD PTR [esi]
-	mov	edx,		DWORD PTR 4[esi]
-	xor	eax,		ecx
-	xor	ebx,		edx
-	mov	DWORD PTR 16[esp],eax
-	mov	DWORD PTR 20[esp],ebx
-	call	_des_encrypt3
-	mov	eax,		DWORD PTR 16[esp]
-	mov	ebx,		DWORD PTR 20[esp]
-	mov	DWORD PTR [edi],eax
-	mov	DWORD PTR 4[edi],ebx
-	add	esi,		8
-	add	edi,		8
-	sub	ebp,		8
-	jnz	L030encrypt_loop
-$L029encrypt_finish:
-	mov	ebp,		DWORD PTR 60[esp]
-	and	ebp,		7
-	jz	$L031finish
-	xor	ecx,		ecx
-	xor	edx,		edx
-	mov	ebp,		DWORD PTR $L032cbc_enc_jmp_table[ebp*4]
-	jmp	 ebp
-L033ej7:
-	mov	dh,		BYTE PTR 6[esi]
-	shl	edx,		8
-L034ej6:
-	mov	dh,		BYTE PTR 5[esi]
-L035ej5:
-	mov	dl,		BYTE PTR 4[esi]
-L036ej4:
-	mov	ecx,		DWORD PTR [esi]
-	jmp	$L037ejend
-L038ej3:
-	mov	ch,		BYTE PTR 2[esi]
-	shl	ecx,		8
-L039ej2:
-	mov	ch,		BYTE PTR 1[esi]
-L040ej1:
-	mov	cl,		BYTE PTR [esi]
-$L037ejend:
-	xor	eax,		ecx
-	xor	ebx,		edx
-	mov	DWORD PTR 16[esp],eax
-	mov	DWORD PTR 20[esp],ebx
-	call	_des_encrypt3
-	mov	eax,		DWORD PTR 16[esp]
-	mov	ebx,		DWORD PTR 20[esp]
-	mov	DWORD PTR [edi],eax
-	mov	DWORD PTR 4[edi],ebx
-	jmp	$L031finish
-$L028decrypt:
-	and	ebp,		4294967288
-	mov	eax,		DWORD PTR 24[esp]
-	mov	ebx,		DWORD PTR 28[esp]
-	jz	$L041decrypt_finish
-L042decrypt_loop:
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-	mov	DWORD PTR 16[esp],eax
-	mov	DWORD PTR 20[esp],ebx
-	call	_des_decrypt3
-	mov	eax,		DWORD PTR 16[esp]
-	mov	ebx,		DWORD PTR 20[esp]
-	mov	ecx,		DWORD PTR 24[esp]
-	mov	edx,		DWORD PTR 28[esp]
-	xor	ecx,		eax
-	xor	edx,		ebx
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-	mov	DWORD PTR [edi],ecx
-	mov	DWORD PTR 4[edi],edx
-	mov	DWORD PTR 24[esp],eax
-	mov	DWORD PTR 28[esp],ebx
-	add	esi,		8
-	add	edi,		8
-	sub	ebp,		8
-	jnz	L042decrypt_loop
-$L041decrypt_finish:
-	mov	ebp,		DWORD PTR 60[esp]
-	and	ebp,		7
-	jz	$L031finish
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-	mov	DWORD PTR 16[esp],eax
-	mov	DWORD PTR 20[esp],ebx
-	call	_des_decrypt3
-	mov	eax,		DWORD PTR 16[esp]
-	mov	ebx,		DWORD PTR 20[esp]
-	mov	ecx,		DWORD PTR 24[esp]
-	mov	edx,		DWORD PTR 28[esp]
-	xor	ecx,		eax
-	xor	edx,		ebx
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-L043dj7:
-	ror	edx,		16
-	mov	BYTE PTR 6[edi],dl
-	shr	edx,		16
-L044dj6:
-	mov	BYTE PTR 5[edi],dh
-L045dj5:
-	mov	BYTE PTR 4[edi],dl
-L046dj4:
-	mov	DWORD PTR [edi],ecx
-	jmp	$L047djend
-L048dj3:
-	ror	ecx,		16
-	mov	BYTE PTR 2[edi],cl
-	shl	ecx,		16
-L049dj2:
-	mov	BYTE PTR 1[esi],ch
-L050dj1:
-	mov	BYTE PTR [esi],	cl
-$L047djend:
-	jmp	$L031finish
-$L031finish:
-	mov	ecx,		DWORD PTR 76[esp]
-	add	esp,		32
-	mov	DWORD PTR [ecx],eax
-	mov	DWORD PTR 4[ecx],ebx
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-$L032cbc_enc_jmp_table:
-	DD	0
-	DD	L040ej1
-	DD	L039ej2
-	DD	L038ej3
-	DD	L036ej4
-	DD	L035ej5
-	DD	L034ej6
-	DD	L033ej7
-L051cbc_dec_jmp_table:
-	DD	0
-	DD	L050dj1
-	DD	L049dj2
-	DD	L048dj3
-	DD	L046dj4
-	DD	L045dj5
-	DD	L044dj6
-	DD	L043dj7
-_des_ede3_cbc_encrypt ENDP
-_TEXT	ENDS
-END
diff --git a/crypto/des/asm/d-win32.uu b/crypto/des/asm/d-win32.uu
deleted file mode 100644
index 70d63838f1..0000000000
--- a/crypto/des/asm/d-win32.uu
+++ /dev/null
@@ -1,319 +0,0 @@
-begin 640 d-win32.obj
-M3`$"`/4&DC-`-@``#``````````N=&5X=```````````````W"$``&0```!`
-M(@`````````"```@`#!@+F1A=&$```#<(0````````````!`-@``````````
-M````````0``PP%535E>+="04,\F+!HM<)!R+?@3!P`2+\#/')?#P\/`S\#/X
-MP<<4B\<S_H'G#P#P_S/',_?!P`Z+^#/&)3,S,S,S^#/PP<86B\8S]X'F_`/\
-M`S/&,_[!P`F+\#/'):JJJJHS\#/XT<>#^P"+;"08#X2U!P``BT4`,]N+500S
-MQC/6)?S\_/R!XL_/S\^*V(K,P<H$BZL`````BMHS_8NI``(``#/]BL[!Z!"+
-MJP`!```S_8K<P>H0BZD``P``,_V+;"08BLXE_P```('B_P```(N;``8``#/[
-MBYD`!P``,_N+F``$```S^XN:``4``#/[BT4(,]N+50PSQS/7)?S\_/R!XL_/
-MS\^*V(K,P<H$BZL`````BMHS]8NI``(``#/UBL[!Z!"+JP`!```S]8K<P>H0
-MBZD``P``,_6+;"08BLXE_P```('B_P```(N;``8``#/SBYD`!P``,_.+F``$
-M```S\XN:``4``#/SBT40,]N+510SQC/6)?S\_/R!XL_/S\^*V(K,P<H$BZL`
-M````BMHS_8NI``(``#/]BL[!Z!"+JP`!```S_8K<P>H0BZD``P``,_V+;"08
-MBLXE_P```('B_P```(N;``8``#/[BYD`!P``,_N+F``$```S^XN:``4``#/[
-MBT48,]N+51PSQS/7)?S\_/R!XL_/S\^*V(K,P<H$BZL`````BMHS]8NI``(`
-M`#/UBL[!Z!"+JP`!```S]8K<P>H0BZD``P``,_6+;"08BLXE_P```('B_P``
-M`(N;``8``#/SBYD`!P``,_.+F``$```S\XN:``4``#/SBT4@,]N+520SQC/6
-M)?S\_/R!XL_/S\^*V(K,P<H$BZL`````BMHS_8NI``(``#/]BL[!Z!"+JP`!
-M```S_8K<P>H0BZD``P``,_V+;"08BLXE_P```('B_P```(N;``8``#/[BYD`
-M!P``,_N+F``$```S^XN:``4``#/[BT4H,]N+52PSQS/7)?S\_/R!XL_/S\^*
-MV(K,P<H$BZL`````BMHS]8NI``(``#/UBL[!Z!"+JP`!```S]8K<P>H0BZD`
-M`P``,_6+;"08BLXE_P```('B_P```(N;``8``#/SBYD`!P``,_.+F``$```S
-M\XN:``4``#/SBT4P,]N+530SQC/6)?S\_/R!XL_/S\^*V(K,P<H$BZL`````
-MBMHS_8NI``(``#/]BL[!Z!"+JP`!```S_8K<P>H0BZD``P``,_V+;"08BLXE
-M_P```('B_P```(N;``8``#/[BYD`!P``,_N+F``$```S^XN:``4``#/[BT4X
-M,]N+53PSQS/7)?S\_/R!XL_/S\^*V(K,P<H$BZL`````BMHS]8NI``(``#/U
-MBL[!Z!"+JP`!```S]8K<P>H0BZD``P``,_6+;"08BLXE_P```('B_P```(N;
-M``8``#/SBYD`!P``,_.+F``$```S\XN:``4``#/SBT5`,]N+540SQC/6)?S\
-M_/R!XL_/S\^*V(K,P<H$BZL`````BMHS_8NI``(``#/]BL[!Z!"+JP`!```S
-M_8K<P>H0BZD``P``,_V+;"08BLXE_P```('B_P```(N;``8``#/[BYD`!P``
-M,_N+F``$```S^XN:``4``#/[BT5(,]N+54PSQS/7)?S\_/R!XL_/S\^*V(K,
-MP<H$BZL`````BMHS]8NI``(``#/UBL[!Z!"+JP`!```S]8K<P>H0BZD``P``
-M,_6+;"08BLXE_P```('B_P```(N;``8``#/SBYD`!P``,_.+F``$```S\XN:
-M``4``#/SBT50,]N+550SQC/6)?S\_/R!XL_/S\^*V(K,P<H$BZL`````BMHS
-M_8NI``(``#/]BL[!Z!"+JP`!```S_8K<P>H0BZD``P``,_V+;"08BLXE_P``
-M`('B_P```(N;``8``#/[BYD`!P``,_N+F``$```S^XN:``4``#/[BT58,]N+
-M55PSQS/7)?S\_/R!XL_/S\^*V(K,P<H$BZL`````BMHS]8NI``(``#/UBL[!
-MZ!"+JP`!```S]8K<P>H0BZD``P``,_6+;"08BLXE_P```('B_P```(N;``8`
-M`#/SBYD`!P``,_.+F``$```S\XN:``4``#/SBT5@,]N+560SQC/6)?S\_/R!
-MXL_/S\^*V(K,P<H$BZL`````BMHS_8NI``(``#/]BL[!Z!"+JP`!```S_8K<
-MP>H0BZD``P``,_V+;"08BLXE_P```('B_P```(N;``8``#/[BYD`!P``,_N+
-MF``$```S^XN:``4``#/[BT5H,]N+56PSQS/7)?S\_/R!XL_/S\^*V(K,P<H$
-MBZL`````BMHS]8NI``(``#/UBL[!Z!"+JP`!```S]8K<P>H0BZD``P``,_6+
-M;"08BLXE_P```('B_P```(N;``8``#/SBYD`!P``,_.+F``$```S\XN:``4`
-M`#/SBT5P,]N+570SQC/6)?S\_/R!XL_/S\^*V(K,P<H$BZL`````BMHS_8NI
-M``(``#/]BL[!Z!"+JP`!```S_8K<P>H0BZD``P``,_V+;"08BLXE_P```('B
-M_P```(N;``8``#/[BYD`!P``,_N+F``$```S^XN:``4``#/[BT5X,]N+57PS
-MQS/7)?S\_/R!XL_/S\^*V(K,P<H$BZL`````BMHS]8NI``(``#/UBL[!Z!"+
-MJP`!```S]8K<P>H0BZD``P``,_6+;"08BLXE_P```('B_P```(N;``8``#/S
-MBYD`!P``,_.+F``$```S\XN:``4``#/SZ;`'``"+17@SVXM5?#/&,]8E_/S\
-M_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]
-MBMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_````BYL`!@``,_N+F0`'```S
-M^XN8``0``#/[BYH`!0``,_N+17`SVXM5=#/',]<E_/S\_('BS\_/SXK8BLS!
-MR@2+JP````"*VC/UBZD``@``,_6*SL'H$(NK``$``#/UBMS!ZA"+J0`#```S
-M]8ML)!B*SB7_````@>+_````BYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`
-M!0``,_.+16@SVXM5;#/&,]8E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]
-MBZD``@``,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````
-M@>+_````BYL`!@``,_N+F0`'```S^XN8``0``#/[BYH`!0``,_N+16`SVXM5
-M9#/',]<E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/UBZD``@``,_6*SL'H
-M$(NK``$``#/UBMS!ZA"+J0`#```S]8ML)!B*SB7_````@>+_````BYL`!@``
-M,_.+F0`'```S\XN8``0``#/SBYH`!0``,_.+15@SVXM57#/&,]8E_/S\_('B
-MS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]BMS!
-MZA"+J0`#```S_8ML)!B*SB7_````@>+_````BYL`!@``,_N+F0`'```S^XN8
-M``0``#/[BYH`!0``,_N+15`SVXM55#/',]<E_/S\_('BS\_/SXK8BLS!R@2+
-MJP````"*VC/UBZD``@``,_6*SL'H$(NK``$``#/UBMS!ZA"+J0`#```S]8ML
-M)!B*SB7_````@>+_````BYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`!0``
-M,_.+14@SVXM53#/&,]8E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD`
-M`@``,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_
-M````BYL`!@``,_N+F0`'```S^XN8``0``#/[BYH`!0``,_N+14`SVXM51#/'
-M,]<E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/UBZD``@``,_6*SL'H$(NK
-M``$``#/UBMS!ZA"+J0`#```S]8ML)!B*SB7_````@>+_````BYL`!@``,_.+
-MF0`'```S\XN8``0``#/SBYH`!0``,_.+13@SVXM5/#/&,]8E_/S\_('BS\_/
-MSXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]BMS!ZA"+
-MJ0`#```S_8ML)!B*SB7_````@>+_````BYL`!@``,_N+F0`'```S^XN8``0`
-M`#/[BYH`!0``,_N+13`SVXM5-#/',]<E_/S\_('BS\_/SXK8BLS!R@2+JP``
-M``"*VC/UBZD``@``,_6*SL'H$(NK``$``#/UBMS!ZA"+J0`#```S]8ML)!B*
-MSB7_````@>+_````BYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`!0``,_.+
-M12@SVXM5+#/&,]8E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``
-M,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_````
-MBYL`!@``,_N+F0`'```S^XN8``0``#/[BYH`!0``,_N+12`SVXM5)#/',]<E
-M_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/UBZD``@``,_6*SL'H$(NK``$`
-M`#/UBMS!ZA"+J0`#```S]8ML)!B*SB7_````@>+_````BYL`!@``,_.+F0`'
-M```S\XN8``0``#/SBYH`!0``,_.+11@SVXM5'#/&,]8E_/S\_('BS\_/SXK8
-MBLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#
-M```S_8ML)!B*SB7_````@>+_````BYL`!@``,_N+F0`'```S^XN8``0``#/[
-MBYH`!0``,_N+11`SVXM5%#/',]<E_/S\_('BS\_/SXK8BLS!R@2+JP````"*
-MVC/UBZD``@``,_6*SL'H$(NK``$``#/UBMS!ZA"+J0`#```S]8ML)!B*SB7_
-M````@>+_````BYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`!0``,_.+10@S
-MVXM5##/&,]8E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*
-MSL'H$(NK``$``#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_````BYL`
-M!@``,_N+F0`'```S^XN8``0``#/[BYH`!0``,_N+10`SVXM5!#/',]<E_/S\
-M_('BS\_/SXK8BLS!R@2+JP````"*VC/UBZD``@``,_6*SL'H$(NK``$``#/U
-MBMS!ZA"+J0`#```S]8ML)!B*SB7_````@>+_````BYL`!@``,_.+F0`'```S
-M\XN8``0``#/SBYH`!0``,_.+5"04T<Z+QS/^@>>JJJJJ,\<S]\'`%XOX,\8E
-M_`/\`S/X,_#!QPJ+QS/^@><S,S,S,\<S]\'&$HO^,_"!Y@\`\/\S_C/&P<<,
-MB_<S^('G\/#P\#/W,\?!R`2)`HER!%]>6UW#55-65XM$)!0SR8LPBUPD','&
-M`XMX!,''`X/[`(ML)!@/A+4'``"+10`SVXM5!#/&,]8E_/S\_('BS\_/SXK8
-MBLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#
-M```S_8ML)!B*SB7_````@>+_````BYL`!@``,_N+F0`'```S^XN8``0``#/[
-MBYH`!0``,_N+10@SVXM5##/',]<E_/S\_('BS\_/SXK8BLS!R@2+JP````"*
-MVC/UBZD``@``,_6*SL'H$(NK``$``#/UBMS!ZA"+J0`#```S]8ML)!B*SB7_
-M````@>+_````BYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`!0``,_.+11`S
-MVXM5%#/&,]8E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*
-MSL'H$(NK``$``#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_````BYL`
-M!@``,_N+F0`'```S^XN8``0``#/[BYH`!0``,_N+11@SVXM5'#/',]<E_/S\
-M_('BS\_/SXK8BLS!R@2+JP````"*VC/UBZD``@``,_6*SL'H$(NK``$``#/U
-MBMS!ZA"+J0`#```S]8ML)!B*SB7_````@>+_````BYL`!@``,_.+F0`'```S
-M\XN8``0``#/SBYH`!0``,_.+12`SVXM5)#/&,]8E_/S\_('BS\_/SXK8BLS!
-MR@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#```S
-M_8ML)!B*SB7_````@>+_````BYL`!@``,_N+F0`'```S^XN8``0``#/[BYH`
-M!0``,_N+12@SVXM5+#/',]<E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/U
-MBZD``@``,_6*SL'H$(NK``$``#/UBMS!ZA"+J0`#```S]8ML)!B*SB7_````
-M@>+_````BYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`!0``,_.+13`SVXM5
-M-#/&,]8E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H
-M$(NK``$``#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_````BYL`!@``
-M,_N+F0`'```S^XN8``0``#/[BYH`!0``,_N+13@SVXM5/#/',]<E_/S\_('B
-MS\_/SXK8BLS!R@2+JP````"*VC/UBZD``@``,_6*SL'H$(NK``$``#/UBMS!
-MZA"+J0`#```S]8ML)!B*SB7_````@>+_````BYL`!@``,_.+F0`'```S\XN8
-M``0``#/SBYH`!0``,_.+14`SVXM51#/&,]8E_/S\_('BS\_/SXK8BLS!R@2+
-MJP````"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#```S_8ML
-M)!B*SB7_````@>+_````BYL`!@``,_N+F0`'```S^XN8``0``#/[BYH`!0``
-M,_N+14@SVXM53#/',]<E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/UBZD`
-M`@``,_6*SL'H$(NK``$``#/UBMS!ZA"+J0`#```S]8ML)!B*SB7_````@>+_
-M````BYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`!0``,_.+15`SVXM55#/&
-M,]8E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK
-M``$``#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_````BYL`!@``,_N+
-MF0`'```S^XN8``0``#/[BYH`!0``,_N+15@SVXM57#/',]<E_/S\_('BS\_/
-MSXK8BLS!R@2+JP````"*VC/UBZD``@``,_6*SL'H$(NK``$``#/UBMS!ZA"+
-MJ0`#```S]8ML)!B*SB7_````@>+_````BYL`!@``,_.+F0`'```S\XN8``0`
-M`#/SBYH`!0``,_.+16`SVXM59#/&,]8E_/S\_('BS\_/SXK8BLS!R@2+JP``
-M``"*VC/]BZD``@``,_V*SL'H$(NK``$``#/]BMS!ZA"+J0`#```S_8ML)!B*
-MSB7_````@>+_````BYL`!@``,_N+F0`'```S^XN8``0``#/[BYH`!0``,_N+
-M16@SVXM5;#/',]<E_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/UBZD``@``
-M,_6*SL'H$(NK``$``#/UBMS!ZA"+J0`#```S]8ML)!B*SB7_````@>+_````
-MBYL`!@``,_.+F0`'```S\XN8``0``#/SBYH`!0``,_.+17`SVXM5=#/&,]8E
-M_/S\_('BS\_/SXK8BLS!R@2+JP````"*VC/]BZD``@``,_V*SL'H$(NK``$`
-M`#/]BMS!ZA"+J0`#```S_8ML)!B*SB7_````@>+_````BYL`!@``,_N+F0`'
-M```S^XN8``0``#/[BYH`!0``,_N+17@SVXM5?#/',]<E_/S\_('BS\_/SXK8
-MBLS!R@2+JP````"*VC/UBZD``@``,_6*SL'H$(NK``$``#/UBMS!ZA"+J0`#
-M```S]8ML)!B*SB7_````@>+_````BYL`!@``,_.+F0`'```S\XN8``0``#/S
-MBYH`!0``,_/IL`<``(M%>#/;BU5\,\8SUB7\_/S\@>+/S\_/BMB*S,'*!(NK
-M`````(K:,_V+J0`"```S_8K.P>@0BZL``0``,_V*W,'J$(NI``,``#/]BVPD
-M&(K.)?\```"!XO\```"+FP`&```S^XN9``<``#/[BY@`!```,_N+F@`%```S
-M^XM%<#/;BU5T,\<SUR7\_/S\@>+/S\_/BMB*S,'*!(NK`````(K:,_6+J0`"
-M```S]8K.P>@0BZL``0``,_6*W,'J$(NI``,``#/UBVPD&(K.)?\```"!XO\`
-M``"+FP`&```S\XN9``<``#/SBY@`!```,_.+F@`%```S\XM%:#/;BU5L,\8S
-MUB7\_/S\@>+/S\_/BMB*S,'*!(NK`````(K:,_V+J0`"```S_8K.P>@0BZL`
-M`0``,_V*W,'J$(NI``,``#/]BVPD&(K.)?\```"!XO\```"+FP`&```S^XN9
-M``<``#/[BY@`!```,_N+F@`%```S^XM%8#/;BU5D,\<SUR7\_/S\@>+/S\_/
-MBMB*S,'*!(NK`````(K:,_6+J0`"```S]8K.P>@0BZL``0``,_6*W,'J$(NI
-M``,``#/UBVPD&(K.)?\```"!XO\```"+FP`&```S\XN9``<``#/SBY@`!```
-M,_.+F@`%```S\XM%6#/;BU5<,\8SUB7\_/S\@>+/S\_/BMB*S,'*!(NK````
-M`(K:,_V+J0`"```S_8K.P>@0BZL``0``,_V*W,'J$(NI``,``#/]BVPD&(K.
-M)?\```"!XO\```"+FP`&```S^XN9``<``#/[BY@`!```,_N+F@`%```S^XM%
-M4#/;BU54,\<SUR7\_/S\@>+/S\_/BMB*S,'*!(NK`````(K:,_6+J0`"```S
-M]8K.P>@0BZL``0``,_6*W,'J$(NI``,``#/UBVPD&(K.)?\```"!XO\```"+
-MFP`&```S\XN9``<``#/SBY@`!```,_.+F@`%```S\XM%2#/;BU5,,\8SUB7\
-M_/S\@>+/S\_/BMB*S,'*!(NK`````(K:,_V+J0`"```S_8K.P>@0BZL``0``
-M,_V*W,'J$(NI``,``#/]BVPD&(K.)?\```"!XO\```"+FP`&```S^XN9``<`
-M`#/[BY@`!```,_N+F@`%```S^XM%0#/;BU5$,\<SUR7\_/S\@>+/S\_/BMB*
-MS,'*!(NK`````(K:,_6+J0`"```S]8K.P>@0BZL``0``,_6*W,'J$(NI``,`
-M`#/UBVPD&(K.)?\```"!XO\```"+FP`&```S\XN9``<``#/SBY@`!```,_.+
-MF@`%```S\XM%.#/;BU4\,\8SUB7\_/S\@>+/S\_/BMB*S,'*!(NK`````(K:
-M,_V+J0`"```S_8K.P>@0BZL``0``,_V*W,'J$(NI``,``#/]BVPD&(K.)?\`
-M``"!XO\```"+FP`&```S^XN9``<``#/[BY@`!```,_N+F@`%```S^XM%,#/;
-MBU4T,\<SUR7\_/S\@>+/S\_/BMB*S,'*!(NK`````(K:,_6+J0`"```S]8K.
-MP>@0BZL``0``,_6*W,'J$(NI``,``#/UBVPD&(K.)?\```"!XO\```"+FP`&
-M```S\XN9``<``#/SBY@`!```,_.+F@`%```S\XM%*#/;BU4L,\8SUB7\_/S\
-M@>+/S\_/BMB*S,'*!(NK`````(K:,_V+J0`"```S_8K.P>@0BZL``0``,_V*
-MW,'J$(NI``,``#/]BVPD&(K.)?\```"!XO\```"+FP`&```S^XN9``<``#/[
-MBY@`!```,_N+F@`%```S^XM%(#/;BU4D,\<SUR7\_/S\@>+/S\_/BMB*S,'*
-M!(NK`````(K:,_6+J0`"```S]8K.P>@0BZL``0``,_6*W,'J$(NI``,``#/U
-MBVPD&(K.)?\```"!XO\```"+FP`&```S\XN9``<``#/SBY@`!```,_.+F@`%
-M```S\XM%&#/;BU4<,\8SUB7\_/S\@>+/S\_/BMB*S,'*!(NK`````(K:,_V+
-MJ0`"```S_8K.P>@0BZL``0``,_V*W,'J$(NI``,``#/]BVPD&(K.)?\```"!
-MXO\```"+FP`&```S^XN9``<``#/[BY@`!```,_N+F@`%```S^XM%$#/;BU44
-M,\<SUR7\_/S\@>+/S\_/BMB*S,'*!(NK`````(K:,_6+J0`"```S]8K.P>@0
-MBZL``0``,_6*W,'J$(NI``,``#/UBVPD&(K.)?\```"!XO\```"+FP`&```S
-M\XN9``<``#/SBY@`!```,_.+F@`%```S\XM%"#/;BU4,,\8SUB7\_/S\@>+/
-MS\_/BMB*S,'*!(NK`````(K:,_V+J0`"```S_8K.P>@0BZL``0``,_V*W,'J
-M$(NI``,``#/]BVPD&(K.)?\```"!XO\```"+FP`&```S^XN9``<``#/[BY@`
-M!```,_N+F@`%```S^XM%`#/;BU4$,\<SUR7\_/S\@>+/S\_/BMB*S,'*!(NK
-M`````(K:,_6+J0`"```S]8K.P>@0BZL``0``,_6*W,'J$(NI``,``#/UBVPD
-M&(K.)?\```"!XO\```"+FP`&```S\XN9``<``#/SBY@`!```,_.+F@`%```S
-M\\'/`XM$)!3!S@.).(EP!%]>6UW#55-65XM<)!2+.XMS!,''!(O7,_Z!Y_#P
-M\/`SUS/WP<84B_XS\H'F#P#P_S/^,];!QPZ+]S/Z@><S,S,S,_<SU\'"%HOZ
-M,]:!XOP#_`,S^C/RP<<)B]<S_H'GJJJJJC/7,_?!R@/!S@*)<P2+1"08B1.+
-M?"0<BW0D(&H!4%/HW^___VH`5U/HUN___VH!5E/HS>___XL[@\0DBW,$P<8"
-MP<<#B\<S_H'GJJJJJC/',_?!P!>+^#/&)?P#_`,S^#/PP<<*B\<S_H'G,S,S
-M,S/',_?!QA*+_C/P@>8/`/#_,_XSQL''#(OW,_B!Y_#P\/`S]S/'P<@$B0.)
-M<P1?7EM=PU535E>+7"04BSN+<P3!QP2+US/^@>?P\/#P,]<S]\'&%(O^,_*!
-MY@\`\/\S_C/6P<<.B_<S^H'G,S,S,S/W,]?!PA:+^C/6@>+\`_P#,_HS\L''
-M"8O7,_Z!YZJJJJHSUS/WP<H#P<X"B7,$BW0D&(D3BWPD'(M$)"!J`%!3Z-_N
-M__]J`5=3Z-;N__]J`%93Z,WN__^+.X/$)(MS!,'&`L''`XO',_Z!YZJJJJHS
-MQS/WP<`7B_@SQB7\`_P#,_@S\,''"HO',_Z!YS,S,S,SQS/WP<82B_XS\('F
-M#P#P_S/^,\;!QPR+]S/X@>?P\/#P,_<SQ\'(!(D#B7,$7UY;7<.4````!P``
-M``8`G@````<````&`*L````'````!@"X````!P````8`T0````<````&`-D`
-M```'````!@#A````!P````8`Z0````<````&``\!```'````!@`9`0``!P``
-M``8`)@$```<````&`#,!```'````!@!,`0``!P````8`5`$```<````&`%P!
-M```'````!@!D`0``!P````8`B@$```<````&`)0!```'````!@"A`0``!P``
-M``8`K@$```<````&`,<!```'````!@#/`0``!P````8`UP$```<````&`-\!
-M```'````!@`%`@``!P````8`#P(```<````&`!P"```'````!@`I`@``!P``
-M``8`0@(```<````&`$H"```'````!@!2`@``!P````8`6@(```<````&`(`"
-M```'````!@"*`@``!P````8`EP(```<````&`*0"```'````!@"]`@``!P``
-M``8`Q0(```<````&`,T"```'````!@#5`@``!P````8`^P(```<````&``4#
-M```'````!@`2`P``!P````8`'P,```<````&`#@#```'````!@!``P``!P``
-M``8`2`,```<````&`%`#```'````!@!V`P``!P````8`@`,```<````&`(T#
-M```'````!@":`P``!P````8`LP,```<````&`+L#```'````!@##`P``!P``
-M``8`RP,```<````&`/$#```'````!@#[`P``!P````8`"`0```<````&`!4$
-M```'````!@`N!```!P````8`-@0```<````&`#X$```'````!@!&!```!P``
-M``8`;`0```<````&`'8$```'````!@"#!```!P````8`D`0```<````&`*D$
-M```'````!@"Q!```!P````8`N00```<````&`,$$```'````!@#G!```!P``
-M``8`\00```<````&`/X$```'````!@`+!0``!P````8`)`4```<````&`"P%
-M```'````!@`T!0``!P````8`/`4```<````&`&(%```'````!@!L!0``!P``
-M``8`>04```<````&`(8%```'````!@"?!0``!P````8`IP4```<````&`*\%
-M```'````!@"W!0``!P````8`W04```<````&`.<%```'````!@#T!0``!P``
-M``8``08```<````&`!H&```'````!@`B!@``!P````8`*@8```<````&`#(&
-M```'````!@!8!@``!P````8`8@8```<````&`&\&```'````!@!\!@``!P``
-M``8`E08```<````&`)T&```'````!@"E!@``!P````8`K08```<````&`-,&
-M```'````!@#=!@``!P````8`Z@8```<````&`/<&```'````!@`0!P``!P``
-M``8`&`<```<````&`"`'```'````!@`H!P``!P````8`3@<```<````&`%@'
-M```'````!@!E!P``!P````8`<@<```<````&`(L'```'````!@"3!P``!P``
-M``8`FP<```<````&`*,'```'````!@#)!P``!P````8`TP<```<````&`.`'
-M```'````!@#M!P``!P````8`!@@```<````&``X(```'````!@`6"```!P``
-M``8`'@@```<````&`$D(```'````!@!3"```!P````8`8`@```<````&`&T(
-M```'````!@"&"```!P````8`C@@```<````&`)8(```'````!@">"```!P``
-M``8`Q`@```<````&`,X(```'````!@#;"```!P````8`Z`@```<````&``$)
-M```'````!@`)"0``!P````8`$0D```<````&`!D)```'````!@`_"0``!P``
-M``8`20D```<````&`%8)```'````!@!C"0``!P````8`?`D```<````&`(0)
-M```'````!@","0``!P````8`E`D```<````&`+H)```'````!@#$"0``!P``
-M``8`T0D```<````&`-X)```'````!@#W"0``!P````8`_PD```<````&``<*
-M```'````!@`/"@``!P````8`-0H```<````&`#\*```'````!@!,"@``!P``
-M``8`60H```<````&`'(*```'````!@!Z"@``!P````8`@@H```<````&`(H*
-M```'````!@"P"@``!P````8`N@H```<````&`,<*```'````!@#4"@``!P``
-M``8`[0H```<````&`/4*```'````!@#]"@``!P````8`!0L```<````&`"L+
-M```'````!@`U"P``!P````8`0@L```<````&`$\+```'````!@!H"P``!P``
-M``8`<`L```<````&`'@+```'````!@"`"P``!P````8`I@L```<````&`+`+
-M```'````!@"]"P``!P````8`R@L```<````&`.,+```'````!@#K"P``!P``
-M``8`\PL```<````&`/L+```'````!@`A#```!P````8`*PP```<````&`#@,
-M```'````!@!%#```!P````8`7@P```<````&`&8,```'````!@!N#```!P``
-M``8`=@P```<````&`)P,```'````!@"F#```!P````8`LPP```<````&`,`,
-M```'````!@#9#```!P````8`X0P```<````&`.D,```'````!@#Q#```!P``
-M``8`%PT```<````&`"$-```'````!@`N#0``!P````8`.PT```<````&`%0-
-M```'````!@!<#0``!P````8`9`T```<````&`&P-```'````!@"2#0``!P``
-M``8`G`T```<````&`*D-```'````!@"V#0``!P````8`SPT```<````&`-<-
-M```'````!@#?#0``!P````8`YPT```<````&``T.```'````!@`7#@``!P``
-M``8`)`X```<````&`#$.```'````!@!*#@``!P````8`4@X```<````&`%H.
-M```'````!@!B#@``!P````8`B`X```<````&`)(.```'````!@"?#@``!P``
-M``8`K`X```<````&`,4.```'````!@#-#@``!P````8`U0X```<````&`-T.
-M```'````!@`##P``!P````8`#0\```<````&`!H/```'````!@`G#P``!P``
-M``8`0`\```<````&`$@/```'````!@!0#P``!P````8`6`\```<````&`'X/
-M```'````!@"(#P``!P````8`E0\```<````&`*(/```'````!@"[#P``!P``
-M``8`PP\```<````&`,L/```'````!@#3#P``!P````8`@Q````<````&`(T0
-M```'````!@":$```!P````8`IQ````<````&`,`0```'````!@#($```!P``
-M``8`T!````<````&`-@0```'````!@#^$```!P````8`"!$```<````&`!41
-M```'````!@`B$0``!P````8`.Q$```<````&`$,1```'````!@!+$0``!P``
-M``8`4Q$```<````&`'D1```'````!@"#$0``!P````8`D!$```<````&`)T1
-M```'````!@"V$0``!P````8`OA$```<````&`,81```'````!@#.$0``!P``
-M``8`]!$```<````&`/X1```'````!@`+$@``!P````8`&!(```<````&`#$2
-M```'````!@`Y$@``!P````8`01(```<````&`$D2```'````!@!O$@``!P``
-M``8`>1(```<````&`(82```'````!@"3$@``!P````8`K!(```<````&`+02
-M```'````!@"\$@``!P````8`Q!(```<````&`.H2```'````!@#T$@``!P``
-M``8``1,```<````&``X3```'````!@`G$P``!P````8`+Q,```<````&`#<3
-M```'````!@`_$P``!P````8`91,```<````&`&\3```'````!@!\$P``!P``
-M``8`B1,```<````&`*(3```'````!@"J$P``!P````8`LA,```<````&`+H3
-M```'````!@#@$P``!P````8`ZA,```<````&`/<3```'````!@`$%```!P``
-M``8`'10```<````&`"44```'````!@`M%```!P````8`-10```<````&`%L4
-M```'````!@!E%```!P````8`<A0```<````&`'\4```'````!@"8%```!P``
-M``8`H!0```<````&`*@4```'````!@"P%```!P````8`UA0```<````&`.`4
-M```'````!@#M%```!P````8`^A0```<````&`!,5```'````!@`;%0``!P``
-M``8`(Q4```<````&`"L5```'````!@!1%0``!P````8`6Q4```<````&`&@5
-M```'````!@!U%0``!P````8`CA4```<````&`)85```'````!@">%0``!P``
-M``8`IA4```<````&`,P5```'````!@#6%0``!P````8`XQ4```<````&`/`5
-M```'````!@`)%@``!P````8`$18```<````&`!D6```'````!@`A%@``!P``
-M``8`1Q8```<````&`%$6```'````!@!>%@``!P````8`:Q8```<````&`(06
-M```'````!@",%@``!P````8`E!8```<````&`)P6```'````!@#"%@``!P``
-M``8`S!8```<````&`-D6```'````!@#F%@``!P````8`_Q8```<````&``<7
-M```'````!@`/%P``!P````8`%Q<```<````&`#T7```'````!@!'%P``!P``
-M``8`5!<```<````&`&$7```'````!@!Z%P``!P````8`@A<```<````&`(H7
-M```'````!@"2%P``!P````8`N!<```<````&`,(7```'````!@#/%P``!P``
-M``8`W!<```<````&`/47```'````!@#]%P``!P````8`!1@```<````&``T8
-M```'````!@`X&```!P````8`0A@```<````&`$\8```'````!@!<&```!P``
-M``8`=1@```<````&`'T8```'````!@"%&```!P````8`C1@```<````&`+,8
-M```'````!@"]&```!P````8`RA@```<````&`-<8```'````!@#P&```!P``
-M``8`^!@```<````&```9```'````!@`(&0``!P````8`+AD```<````&`#@9
-M```'````!@!%&0``!P````8`4AD```<````&`&L9```'````!@!S&0``!P``
-M``8`>QD```<````&`(,9```'````!@"I&0``!P````8`LQD```<````&`,`9
-M```'````!@#-&0``!P````8`YAD```<````&`.X9```'````!@#V&0``!P``
-M``8`_AD```<````&`"0:```'````!@`N&@``!P````8`.QH```<````&`$@:
-M```'````!@!A&@``!P````8`:1H```<````&`'$:```'````!@!Y&@``!P``
-M``8`GQH```<````&`*D:```'````!@"V&@``!P````8`PQH```<````&`-P:
-M```'````!@#D&@``!P````8`[!H```<````&`/0:```'````!@`:&P``!P``
-M``8`)!L```<````&`#$;```'````!@`^&P``!P````8`5QL```<````&`%\;
-M```'````!@!G&P``!P````8`;QL```<````&`)4;```'````!@"?&P``!P``
-M``8`K!L```<````&`+D;```'````!@#2&P``!P````8`VAL```<````&`.(;
-M```'````!@#J&P``!P````8`$!P```<````&`!H<```'````!@`G'```!P``
-M``8`-!P```<````&`$T<```'````!@!5'```!P````8`71P```<````&`&4<
-M```'````!@"+'```!P````8`E1P```<````&`*(<```'````!@"O'```!P``
-M``8`R!P```<````&`-`<```'````!@#8'```!P````8`X!P```<````&``8=
-M```'````!@`0'0``!P````8`'1T```<````&`"H=```'````!@!#'0``!P``
-M``8`2QT```<````&`%,=```'````!@!;'0``!P````8`@1T```<````&`(L=
-M```'````!@"8'0``!P````8`I1T```<````&`+X=```'````!@#&'0``!P``
-M``8`SAT```<````&`-8=```'````!@#\'0``!P````8`!AX```<````&`!,>
-M```'````!@`@'@``!P````8`.1X```<````&`$$>```'````!@!)'@``!P``
-M``8`41X```<````&`'<>```'````!@"!'@``!P````8`CAX```<````&`)L>
-M```'````!@"T'@``!P````8`O!X```<````&`,0>```'````!@#,'@``!P``
-M``8`\AX```<````&`/P>```'````!@`)'P``!P````8`%A\```<````&`"\?
-M```'````!@`W'P``!P````8`/Q\```<````&`$<?```'````!@!M'P``!P``
-M``8`=Q\```<````&`(0?```'````!@"1'P``!P````8`JA\```<````&`+(?
-M```'````!@"Z'P``!P````8`PA\```<````&`"YF:6QE`````````/[_``!G
-M`BY<8W)Y<'1O7&1E<UQA<VU<9"UW:6XS,BYA<VT``````````"YT97AT````
-M``````$````#`=PA`````@```````````````"YD871A``````````(````#
-M`0`````````````````````````````$```````````````"```````1````
-M``````$`(``"```````>````/1````$`(``"```````L````W!\```$`(``"
-M```````Z````W"````$`(``"`$@```!?9&5S7U-0=')A;G,`7V1E<U]E;F-R
-M>7!T`%]D97-?96YC<GEP=#(`7V1E<U]E;F-R>7!T,P!?9&5S7V1E8W)Y<'0S
-!````
-`
-end
diff --git a/crypto/des/asm/des-586.pl b/crypto/des/asm/des-586.pl
index 642e464adf..0d08e8a3a9 100644
--- a/crypto/des/asm/des-586.pl
+++ b/crypto/des/asm/des-586.pl
@@ -19,21 +19,21 @@ require "desboth.pl";
 $L="edi";
 $R="esi";
 
-&external_label("des_SPtrans");
-&des_encrypt("des_encrypt",1);
-&des_encrypt("des_encrypt2",0);
-&des_encrypt3("des_encrypt3",1);
-&des_encrypt3("des_decrypt3",0);
-&cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1);
-&cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5);
+&external_label("DES_SPtrans");
+&DES_encrypt("DES_encrypt1",1);
+&DES_encrypt("DES_encrypt2",0);
+&DES_encrypt3("DES_encrypt3",1);
+&DES_encrypt3("DES_decrypt3",0);
+&cbc("DES_ncbc_encrypt","DES_encrypt1","DES_encrypt1",0,4,5,3,5,-1);
+&cbc("DES_ede3_cbc_encrypt","DES_encrypt3","DES_decrypt3",0,6,7,3,4,5);
 
 &asm_finish();
 
-sub des_encrypt
+sub DES_encrypt
 	{
 	local($name,$do_ip)=@_;
 
-	&function_begin_B($name,"EXTRN   _des_SPtrans:DWORD");
+	&function_begin_B($name,"EXTRN   _DES_SPtrans:DWORD");
 
 	&push("esi");
 	&push("edi");
@@ -80,11 +80,11 @@ sub des_encrypt
 		{
 		&comment("");
 		&comment("Round $i");
-		&D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		&D_ENCRYPT($i,$L,$R,$i*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx");
 
 		&comment("");
 		&comment("Round ".sprintf("%d",$i+1));
-		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx");
 		}
 	&jmp(&label("end"));
 
@@ -94,10 +94,10 @@ sub des_encrypt
 		{
 		&comment("");
 		&comment("Round $i");
-		&D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		&D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx");
 		&comment("");
 		&comment("Round ".sprintf("%d",$i-1));
-		&D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");
+		&D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx");
 		}
 
 	&set_label("end");
@@ -187,6 +187,8 @@ sub R_PERM_OP
 	&mov(	$tt,		$a		);
 	&xor(	$a,		$b		);
 	&and(	$a,		$mask		);
+	# This can never succeed, and besides it is difficult to see what the
+	# idea was - Ben 13 Feb 99
 	if (!$last eq $b)
 		{
 		&xor(	$b,		$a		);
diff --git a/crypto/des/asm/des-som2.pl b/crypto/des/asm/des-som2.pl
deleted file mode 100644
index b5dbc9737b..0000000000
--- a/crypto/des/asm/des-som2.pl
+++ /dev/null
@@ -1,308 +0,0 @@
-#!/usr/local/bin/perl
-#

-# The inner loop instruction sequence and the IP/FP modifications are from

-# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>

-#

-

-$prog="des-som2.pl";

-

-# base code is in microsft

-# op dest, source

-# format.

-#

-

-require "desboth.pl";

-

-if (	($ARGV[0] eq "elf"))

-	{ require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "a.out"))

-	{ $aout=1; require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "sol"))

-	{ $sol=1; require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "cpp"))

-	{ $cpp=1; require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "win32"))

-	{ require "x86ms.pl"; }

-else

-	{

-	print STDERR <<"EOF";

-Pick one target type from

-	elf	- linux, FreeBSD etc

-	a.out	- old linux

-	sol	- x86 solaris

-	cpp	- format so x86unix.cpp can be used

-	win32	- Windows 95/Windows NT

-EOF

-	exit(1);

-	}

-

-&comment("Don't even think of reading this code");

-&comment("It was automatically generated by $prog");

-&comment("Which is a perl program used to generate the x86 assember for");

-&comment("any of elf, a.out, Win32, or Solaris");

-&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+");

-&comment("eric <eay\@cryptsoft.com>");

-&comment("The inner loop instruction sequence and the IP/FP modifications");

-&comment("are from Svend Olaf Mikkelsen <svolaf\@inet.uni-c.dk>");

-

-&comment("");

-

-&file("dx86xxxx");

-

-$L="edi";

-$R="esi";

-

-&des_encrypt("des_encrypt",1);

-&des_encrypt("des_encrypt2",0);

-

-&des_encrypt3("des_encrypt3",1);

-&des_encrypt3("des_decrypt3",0);

-

-&file_end();

-

-sub des_encrypt

-	{

-	local($name,$do_ip)=@_;

-

-	&function_begin($name,3,"EXTRN   _des_SPtrans:DWORD");

-

-	&comment("");

-	&comment("Load the 2 words");

-	&mov("eax",&wparam(0));

-	&mov($R,&DWP(0,"eax","",0));

-	&mov($L,&DWP(4,"eax","",0));

-

-	if ($do_ip)

-		{

-		&comment("");

-		&comment("IP");

-		&IP_new($R,$L,"eax",3);

-#		&comment("");

-#		&comment("fixup rotate");

-#		&rotl($R,3);

-#		&rotl($L,3);

-		}

-	else

-		{

-		&comment("");

-		&comment("fixup rotate");

-		&rotl($R,3);

-		&rotl($L,3);

-		}

-

-	&comment("");

-	&comment("load counter, key_schedule and enc flag");

-

-	# encrypting part

-

-	$ks="ebp";

-#	&xor(	"ebx",		"ebx"		);

-	&mov("eax",&wparam(2));	# get encrypt flag

-	&xor(	"ecx",		"ecx"		);

-	&cmp("eax","0");

-	&mov(	$ks,		&wparam(1)	);

-	&je(&label("start_decrypt"));

-

-	for ($i=0; $i<16; $i+=2)

-		{

-		&comment("");

-		&comment("Round $i");

-		&D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");

-

-		&comment("");

-		&comment("Round ".sprintf("%d",$i+1));

-		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");

-		}

-	&jmp(&label("end"));

-

-	&set_label("start_decrypt");

-

-	for ($i=15; $i>0; $i-=2)

-		{

-		&comment("");

-		&comment("Round $i");

-		&D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");

-		&comment("");

-		&comment("Round ".sprintf("%d",$i-1));

-		&D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");

-		}

-

-	&set_label("end");

-

-	if ($do_ip)

-		{

-#		&comment("");

-#		&comment("Fixup");

-#		&rotr($L,3);		# r

-#		&rotr($R,3);		# l

-		&comment("");

-		&comment("FP");

-		&FP_new($R,$L,"eax",3);

-		}

-	else

-		{

-		&comment("");

-		&comment("Fixup");

-		&rotr($L,3);		# r

-		&rotr($R,3);		# l

-		}

-

-	&mov("eax",&wparam(0));

-	&mov(&DWP(0,"eax","",0),$L);

-	&mov(&DWP(4,"eax","",0),$R);

-

-	&function_end($name);

-	}

-

-sub D_ENCRYPT

-	{

-	local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;

-

-	&mov(	$u,		&DWP(&n2a($S*4),$ks,"",0));

-	&xor(	$tmp1,		$tmp1);

-	&mov(	$t,		&DWP(&n2a(($S+1)*4),$ks,"",0));

-	&xor(	$u,		$R);

-	&xor(	$t,		$R);

-	&and(	$u,		"0xfcfcfcfc"	);

-	&and(	$t,		"0xcfcfcfcf"	);

-	&movb(	&LB($tmp1),	&LB($u)	);

-	&movb(	&LB($tmp2),	&HB($u)	);

-	&rotr(	$t,		4		);

-	&mov(	$ks,		&DWP("      $desSP",$tmp1,"",0));

-	&movb(	&LB($tmp1),	&LB($t)	);

-	&xor(	$L,		$ks);

-	&mov(	$ks,		&DWP("0x200+$desSP",$tmp2,"",0));

-	&xor(	$L,		$ks); ######

-	&movb(	&LB($tmp2),	&HB($t)	);

-	&shr(	$u,		16);

-	&mov(	$ks,		&DWP("0x100+$desSP",$tmp1,"",0));

-	&xor(	$L,		$ks); ######

-	&movb(	&LB($tmp1),	&HB($u)	);

-	&shr(	$t,		16);

-	&mov(	$ks,		&DWP("0x300+$desSP",$tmp2,"",0));

-	&xor(	$L,		$ks);

-	&mov(	$ks,		&DWP(24,"esp","",0)); ####

-	&movb(	&LB($tmp2),	&HB($t)	);

-	&and(	$u,		"0xff"	);

-	&and(	$t,		"0xff"	);

-	&mov(	$tmp1,		&DWP("0x600+$desSP",$tmp1,"",0));

-	&xor(	$L,		$tmp1);

-	&mov(	$tmp1,		&DWP("0x700+$desSP",$tmp2,"",0));

-	&xor(	$L,		$tmp1);

-	&mov(	$tmp1,		&DWP("0x400+$desSP",$u,"",0));

-	&xor(	$L,		$tmp1);

-	&mov(	$tmp1,		&DWP("0x500+$desSP",$t,"",0));

-	&xor(	$L,		$tmp1);

-	}

-

-sub PERM_OP

-	{

-	local($a,$b,$tt,$shift,$mask)=@_;

-

-	&mov(	$tt,		$a		);

-	&shr(	$tt,		$shift		);

-	&xor(	$tt,		$b		);

-	&and(	$tt,		$mask		);

-	&xor(	$b,		$tt		);

-	&shl(	$tt,		$shift		);

-	&xor(	$a,		$tt		);

-	}

-

-sub IP

-	{

-	local($l,$r,$tt)=@_;

-

-	&PERM_OP($r,$l,$tt, 4,"0x0f0f0f0f");

-	&PERM_OP($l,$r,$tt,16,"0x0000ffff");

-	&PERM_OP($r,$l,$tt, 2,"0x33333333");

-	&PERM_OP($l,$r,$tt, 8,"0x00ff00ff");

-	&PERM_OP($r,$l,$tt, 1,"0x55555555");

-	}

-

-sub FP

-	{

-	local($l,$r,$tt)=@_;

-

-	&PERM_OP($l,$r,$tt, 1,"0x55555555");

-        &PERM_OP($r,$l,$tt, 8,"0x00ff00ff");

-        &PERM_OP($l,$r,$tt, 2,"0x33333333");

-        &PERM_OP($r,$l,$tt,16,"0x0000ffff");

-        &PERM_OP($l,$r,$tt, 4,"0x0f0f0f0f");

-	}

-

-sub n2a

-	{

-	sprintf("%d",$_[0]);

-	}

-

-# now has a side affect of rotating $a by $shift

-sub R_PERM_OP

-	{

-	local($a,$b,$tt,$shift,$mask,$last)=@_;

-

-	&rotl(	$a,		$shift		) if ($shift != 0);

-	&mov(	$tt,		$b		);

-	&xor(	$tt,		$a		);

-	&and(	$tt,		$mask		);

-	if ($last eq $b)

-		{

-		&xor(	$a,		$tt		);

-		&xor(	$b,		$tt		);

-		}

-	else

-		{

-		&xor(	$b,		$tt		);

-		&xor(	$a,		$tt		);

-		}

-	&comment("");

-	}

-

-sub IP_new

-	{

-	local($l,$r,$tt,$lr)=@_;

-

-	&R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);

-	&R_PERM_OP($r,$l,$tt,20,"0xfff0000f",$l);

-	&R_PERM_OP($r,$l,$tt,14,"0x33333333",$r);

-	&R_PERM_OP($l,$r,$tt,22,"0x03fc03fc",$r);

-	&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);

-	

-	if ($lr != 3)

-		{

-		if (($lr-3) < 0)

-			{ &rotr($l,	3-$lr); }

-		else	{ &rotl($l,	$lr-3); }

-		}

-	if ($lr != 2)

-		{

-		if (($lr-2) < 0)

-			{ &rotr($r,	2-$lr); }

-		else	{ &rotl($r,	$lr-2); }

-		}

-	}

-

-sub FP_new

-	{

-	local($r,$l,$tt,$lr)=@_;

-

-	if ($lr != 2)

-		{

-		if (($lr-2) < 0)

-			{ &rotl($r,	2-$lr); }

-		else	{ &rotr($r,	$lr-2); }

-		}

-	if ($lr != 3)

-		{

-		if (($lr-3) < 0)

-			{ &rotl($l,	3-$lr); }

-		else	{ &rotr($l,	$lr-3); }

-		}

-

-	&R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);

-	&R_PERM_OP($l,$r,$tt,23,"0x03fc03fc",$r);

-	&R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);

-	&R_PERM_OP($r,$l,$tt,18,"0xfff0000f",$l);

-	&R_PERM_OP($r,$l,$tt,12,"0xf0f0f0f0",$r);

-	&rotr($l	, 4);

-	}

-

diff --git a/crypto/des/asm/des-som3.pl b/crypto/des/asm/des-som3.pl
deleted file mode 100644
index 3f353955da..0000000000
--- a/crypto/des/asm/des-som3.pl
+++ /dev/null
@@ -1,266 +0,0 @@
-#!/usr/local/bin/perl
-#

-# The inner loop instruction sequence and the IP/FP modifications are from

-# Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>

-#

-

-$prog="des-som3.pl";

-

-# base code is in microsft

-# op dest, source

-# format.

-#

-

-require "desboth.pl";

-

-if (	($ARGV[0] eq "elf"))

-	{ require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "a.out"))

-	{ $aout=1; require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "sol"))

-	{ $sol=1; require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "cpp"))

-	{ $cpp=1; require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "win32"))

-	{ require "x86ms.pl"; }

-else

-	{

-	print STDERR <<"EOF";

-Pick one target type from

-	elf	- linux, FreeBSD etc

-	a.out	- old linux

-	sol	- x86 solaris

-	cpp	- format so x86unix.cpp can be used

-	win32	- Windows 95/Windows NT

-EOF

-	exit(1);

-	}

-

-&comment("Don't even think of reading this code");

-&comment("It was automatically generated by $prog");

-&comment("Which is a perl program used to generate the x86 assember for");

-&comment("any of elf, a.out, Win32, or Solaris");

-&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+");

-&comment("eric <eay\@cryptsoft.com>");

-&comment("The inner loop instruction sequence and the IP/FP modifications");

-&comment("are from Svend Olaf Mikkelsen <svolaf\@inet.uni-c.dk>");

-

-&comment("");

-

-&file("dx86xxxx");

-

-$L="edi";

-$R="esi";

-

-&des_encrypt("des_encrypt",1);

-&des_encrypt("des_encrypt2",0);

-

-&des_encrypt3("des_encrypt3",1);

-&des_encrypt3("des_decrypt3",0);

-

-&file_end();

-

-sub des_encrypt

-	{

-	local($name,$do_ip)=@_;

-

-	&function_begin($name,3,EXTRN   _des_SPtrans:DWORD");

-

-	&comment("");

-	&comment("Load the 2 words");

-	$ks="ebp";

-

-	if ($do_ip)

-		{

-		&mov($R,&wparam(0));

-		 &xor(	"ecx",		"ecx"		);

-		&mov("eax",&DWP(0,$R,"",0));

-		 &mov("ebx",&wparam(2));	# get encrypt flag

-		&mov($L,&DWP(4,$R,"",0));

-		&comment("");

-		&comment("IP");

-		&IP_new("eax",$L,$R,3);

-		}

-	else

-		{

-		&mov("eax",&wparam(0));

-		 &xor(	"ecx",		"ecx"		);

-		&mov($R,&DWP(0,"eax","",0));

-		 &mov("ebx",&wparam(2));	# get encrypt flag

-		&rotl($R,3);

-		&mov($L,&DWP(4,"eax","",0));

-		&rotl($L,3);

-		}

-

-	&cmp("ebx","0");

-	&mov(	$ks,		&wparam(1)	);

-	&je(&label("start_decrypt"));

-

-	for ($i=0; $i<16; $i+=2)

-		{

-		&comment("");

-		&comment("Round $i");

-		&D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");

-

-		&comment("");

-		&comment("Round ".sprintf("%d",$i+1));

-		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");

-		}

-	&jmp(&label("end"));

-

-	&set_label("start_decrypt");

-

-	for ($i=15; $i>0; $i-=2)

-		{

-		&comment("");

-		&comment("Round $i");

-		&D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");

-		&comment("");

-		&comment("Round ".sprintf("%d",$i-1));

-		&D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");

-		}

-

-	&set_label("end");

-

-	if ($do_ip)

-		{

-		&comment("");

-		&comment("FP");

-		&mov("edx",&wparam(0));

-		&FP_new($L,$R,"eax",3);

-

-		&mov(&DWP(0,"edx","",0),"eax");

-		&mov(&DWP(4,"edx","",0),$R);

-		}

-	else

-		{

-		&comment("");

-		&comment("Fixup");

-		&rotr($L,3);		# r

-		 &mov("eax",&wparam(0));

-		&rotr($R,3);		# l

-		 &mov(&DWP(0,"eax","",0),$L);

-		 &mov(&DWP(4,"eax","",0),$R);

-		}

-

-

-	&function_end($name);

-	}

-

-sub D_ENCRYPT

-	{

-	local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;

-

-	&mov(	$u,		&DWP(&n2a($S*4),$ks,"",0));

-	&xor(	$tmp1,		$tmp1);

-	&mov(	$t,		&DWP(&n2a(($S+1)*4),$ks,"",0));

-	&xor(	$u,		$R);

-	&xor(	$t,		$R);

-	&and(	$u,		"0xfcfcfcfc"	);

-	&and(	$t,		"0xcfcfcfcf"	);

-	&movb(	&LB($tmp1),	&LB($u)	);

-	&movb(	&LB($tmp2),	&HB($u)	);

-	&rotr(	$t,		4		);

-	&mov(	$ks,		&DWP("      $desSP",$tmp1,"",0));

-	&movb(	&LB($tmp1),	&LB($t)	);

-	&xor(	$L,		$ks);

-	&mov(	$ks,		&DWP("0x200+$desSP",$tmp2,"",0));

-	&xor(	$L,		$ks); ######

-	&movb(	&LB($tmp2),	&HB($t)	);

-	&shr(	$u,		16);

-	&mov(	$ks,		&DWP("0x100+$desSP",$tmp1,"",0));

-	&xor(	$L,		$ks); ######

-	&movb(	&LB($tmp1),	&HB($u)	);

-	&shr(	$t,		16);

-	&mov(	$ks,		&DWP("0x300+$desSP",$tmp2,"",0));

-	&xor(	$L,		$ks);

-	&mov(	$ks,		&DWP(24,"esp","",0)); ####

-	&movb(	&LB($tmp2),	&HB($t)	);

-	&and(	$u,		"0xff"	);

-	&and(	$t,		"0xff"	);

-	&mov(	$tmp1,		&DWP("0x600+$desSP",$tmp1,"",0));

-	&xor(	$L,		$tmp1);

-	&mov(	$tmp1,		&DWP("0x700+$desSP",$tmp2,"",0));

-	&xor(	$L,		$tmp1);

-	&mov(	$tmp1,		&DWP("0x400+$desSP",$u,"",0));

-	&xor(	$L,		$tmp1);

-	&mov(	$tmp1,		&DWP("0x500+$desSP",$t,"",0));

-	&xor(	$L,		$tmp1);

-	}

-

-sub n2a

-	{

-	sprintf("%d",$_[0]);

-	}

-

-# now has a side affect of rotating $a by $shift

-sub R_PERM_OP

-	{

-	local($a,$b,$tt,$shift,$mask,$last)=@_;

-

-	&rotl(	$a,		$shift		) if ($shift != 0);

-	&mov(	$tt,		$a		);

-	&xor(	$a,		$b		);

-	&and(	$a,		$mask		);

-	if ($notlast eq $b)

-		{

-		&xor(	$b,		$a		);

-		&xor(	$tt,		$a		);

-		}

-	else

-		{

-		&xor(	$tt,		$a		);

-		&xor(	$b,		$a		);

-		}

-	&comment("");

-	}

-

-sub IP_new

-	{

-	local($l,$r,$tt,$lr)=@_;

-

-	&R_PERM_OP($l,$r,$tt, 4,"0xf0f0f0f0",$l);

-	&R_PERM_OP($r,$tt,$l,20,"0xfff0000f",$l);

-	&R_PERM_OP($l,$tt,$r,14,"0x33333333",$r);

-	&R_PERM_OP($tt,$r,$l,22,"0x03fc03fc",$r);

-	&R_PERM_OP($l,$r,$tt, 9,"0xaaaaaaaa",$r);

-	

-	if ($lr != 3)

-		{

-		if (($lr-3) < 0)

-			{ &rotr($tt,	3-$lr); }

-		else	{ &rotl($tt,	$lr-3); }

-		}

-	if ($lr != 2)

-		{

-		if (($lr-2) < 0)

-			{ &rotr($r,	2-$lr); }

-		else	{ &rotl($r,	$lr-2); }

-		}

-	}

-

-sub FP_new

-	{

-	local($l,$r,$tt,$lr)=@_;

-

-	if ($lr != 2)

-		{

-		if (($lr-2) < 0)

-			{ &rotl($r,	2-$lr); }

-		else	{ &rotr($r,	$lr-2); }

-		}

-	if ($lr != 3)

-		{

-		if (($lr-3) < 0)

-			{ &rotl($l,	3-$lr); }

-		else	{ &rotr($l,	$lr-3); }

-		}

-

-	&R_PERM_OP($l,$r,$tt, 0,"0xaaaaaaaa",$r);

-	&R_PERM_OP($tt,$r,$l,23,"0x03fc03fc",$r);

-	&R_PERM_OP($l,$r,$tt,10,"0x33333333",$l);

-	&R_PERM_OP($r,$tt,$l,18,"0xfff0000f",$l);

-	&R_PERM_OP($l,$tt,$r,12,"0xf0f0f0f0",$r);

-	&rotr($tt	, 4);

-	}

-

diff --git a/crypto/des/asm/des586.pl b/crypto/des/asm/des586.pl
deleted file mode 100644
index 59c42d1394..0000000000
--- a/crypto/des/asm/des586.pl
+++ /dev/null
@@ -1,210 +0,0 @@
-#!/usr/local/bin/perl
-

-$prog="des586.pl";

-

-# base code is in microsft

-# op dest, source

-# format.

-#

-

-# WILL NOT WORK ANYMORE WITH desboth.pl

-require "desboth.pl";

-

-if (	($ARGV[0] eq "elf"))

-	{ require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "a.out"))

-	{ $aout=1; require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "sol"))

-	{ $sol=1; require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "cpp"))

-	{ $cpp=1; require "x86unix.pl"; }

-elsif (	($ARGV[0] eq "win32"))

-	{ require "x86ms.pl"; }

-else

-	{

-	print STDERR <<"EOF";

-Pick one target type from

-	elf	- linux, FreeBSD etc

-	a.out	- old linux

-	sol	- x86 solaris

-	cpp	- format so x86unix.cpp can be used

-	win32	- Windows 95/Windows NT

-EOF

-	exit(1);

-	}

-

-&comment("Don't even think of reading this code");

-&comment("It was automatically generated by $prog");

-&comment("Which is a perl program used to generate the x86 assember for");

-&comment("any of elf, a.out, Win32, or Solaris");

-&comment("It can be found in SSLeay 0.6.5+ or in libdes 3.26+");

-&comment("eric <eay\@cryptsoft.com>");

-&comment("");

-

-&file("dx86xxxx");

-

-$L="edi";

-$R="esi";

-

-&des_encrypt("des_encrypt",1);

-&des_encrypt("des_encrypt2",0);

-

-&des_encrypt3("des_encrypt3",1);

-&des_encrypt3("des_decrypt3",0);

-

-&file_end();

-

-sub des_encrypt

-	{

-	local($name,$do_ip)=@_;

-

-	&function_begin($name,3,"EXTRN   _des_SPtrans:DWORD");

-

-	&comment("");

-	&comment("Load the 2 words");

-	&mov("eax",&wparam(0));

-	&mov($R,&DWP(0,"eax","",0));

-	&mov($L,&DWP(4,"eax","",0));

-

-	if ($do_ip)

-		{

-		&comment("");

-		&comment("IP");

-		&IP($R,$L,"eax");

-		}

-

-	&comment("");

-	&comment("fixup rotate");

-	&rotl($R,3);

-	&rotl($L,3);

-

-	&comment("");

-	&comment("load counter, key_schedule and enc flag");

-

-	# encrypting part

-

-	$ks="ebp";

-	&xor(	"ebx",		"ebx"		);

-	&mov("eax",&wparam(2));	# get encrypt flag

-	&xor(	"ecx",		"ecx"		);

-	&cmp("eax","0");

-	&mov(	$ks,		&wparam(1)	);

-	&je(&label("start_decrypt"));

-

-	for ($i=0; $i<16; $i+=2)

-		{

-		&comment("");

-		&comment("Round $i");

-		&D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");

-

-		&comment("");

-		&comment("Round ".sprintf("%d",$i+1));

-		&D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");

-		}

-	&jmp(&label("end"));

-

-	&set_label("start_decrypt");

-

-	for ($i=15; $i>0; $i-=2)

-		{

-		&comment("");

-		&comment("Round $i");

-		&D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");

-		&comment("");

-		&comment("Round ".sprintf("%d",$i-1));

-		&D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx");

-		}

-

-	&set_label("end");

-

-	&comment("");

-	&comment("Fixup");

-	&rotr($L,3);		# r

-	&rotr($R,3);		# l

-

-	if ($do_ip)

-		{

-		&comment("");

-		&comment("FP");

-		&FP($R,$L,"eax");

-		}

-

-	&mov("eax",&wparam(0));

-	&mov(&DWP(0,"eax","",0),$L);

-	&mov(&DWP(4,"eax","",0),$R);

-

-	&function_end($name);

-	}

-

-sub D_ENCRYPT

-	{

-	local($r,$L,$R,$S,$ks,$desSP,$u,$tmp1,$tmp2,$t)=@_;

-

-	 &mov(	$t,		&DWP(&n2a(($S+1)*4),$ks,"",0));

-	&mov(	$u,		&DWP(&n2a($S*4),$ks,"",0));

-	 &xor(	$t,		$R);

-	&xor(	$u,		$R);

-	 &rotr(	$t,		4		);

-	&and(	$u,		"0xfcfcfcfc"	);

-	 &and(	$t,		"0xfcfcfcfc"	);

-	&movb(	&LB($tmp1),	&LB($u)	);

-	&movb(	&LB($tmp2),	&HB($u)	);

-	&xor(	$L,		&DWP("      $desSP",$tmp1,"",0));

-	&shr(	$u,		16);

-	&xor(	$L,		&DWP("0x200+$desSP",$tmp2,"",0));

-	&movb(	&LB($tmp1),	&LB($u)	);

-	&movb(	&LB($tmp2),	&HB($u)	);

-	&xor(	$L,		&DWP("0x400+$desSP",$tmp1,"",0));

-	&mov(	$u,		&DWP("0x600+$desSP",$tmp2,"",0));

-

-	 &movb(	&LB($tmp1),	&LB($t)	);

-	 &movb(	&LB($tmp2),	&HB($t)	);

-	 &xor(	$L,		&DWP("0x100+$desSP",$tmp1,"",0));

-	 &shr(	$t,		16);

-	 &xor(	$u,		&DWP("0x300+$desSP",$tmp2,"",0));

-	 &movb(	&LB($tmp1),	&LB($t)	);

-	 &movb(	&LB($tmp2),	&HB($t)	);

-	 &xor(	$L,		&DWP("0x500+$desSP",$tmp1,"",0));

-	 &xor(	$u,		&DWP("0x700+$desSP",$tmp2,"",0));

-	 &xor(  $L,	$u);

-	}

-

-sub PERM_OP

-	{

-	local($a,$b,$tt,$shift,$mask)=@_;

-

-	&mov(	$tt,		$a		);

-	&shr(	$tt,		$shift		);

-	&xor(	$tt,		$b		);

-	&and(	$tt,		$mask		);

-	&xor(	$b,		$tt		);

-	&shl(	$tt,		$shift		);

-	&xor(	$a,		$tt		);

-	}

-

-sub IP

-	{

-	local($l,$r,$tt)=@_;

-

-	&PERM_OP($r,$l,$tt, 4,"0x0f0f0f0f");

-	&PERM_OP($l,$r,$tt,16,"0x0000ffff");

-	&PERM_OP($r,$l,$tt, 2,"0x33333333");

-	&PERM_OP($l,$r,$tt, 8,"0x00ff00ff");

-	&PERM_OP($r,$l,$tt, 1,"0x55555555");

-	}

-

-sub FP

-	{

-	local($l,$r,$tt)=@_;

-

-	&PERM_OP($l,$r,$tt, 1,"0x55555555");

-        &PERM_OP($r,$l,$tt, 8,"0x00ff00ff");

-        &PERM_OP($l,$r,$tt, 2,"0x33333333");

-        &PERM_OP($r,$l,$tt,16,"0x0000ffff");

-        &PERM_OP($l,$r,$tt, 4,"0x0f0f0f0f");

-	}

-

-sub n2a

-	{

-	sprintf("%d",$_[0]);

-	}

diff --git a/crypto/des/asm/des686.pl b/crypto/des/asm/des686.pl
index 77dc5b51cd..d3ad5d5edd 100644
--- a/crypto/des/asm/des686.pl
+++ b/crypto/des/asm/des686.pl
@@ -46,19 +46,19 @@ EOF
 $L="edi";
 $R="esi";
 
-&des_encrypt("des_encrypt",1);
-&des_encrypt("des_encrypt2",0);
+&DES_encrypt("DES_encrypt1",1);
+&DES_encrypt("DES_encrypt2",0);
 
-&des_encrypt3("des_encrypt3",1);
-&des_encrypt3("des_decrypt3",0);
+&DES_encrypt3("DES_encrypt3",1);
+&DES_encrypt3("DES_decrypt3",0);
 
 &file_end();
 
-sub des_encrypt
+sub DES_encrypt
 	{
 	local($name,$do_ip)=@_;
 
-	&function_begin($name,"EXTRN   _des_SPtrans:DWORD");
+	&function_begin($name,"EXTRN   _DES_SPtrans:DWORD");
 
 	&comment("");
 	&comment("Load the 2 words");
@@ -94,11 +94,11 @@ sub des_encrypt
 		{
 		&comment("");
 		&comment("Round $i");
-		&D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+		&D_ENCRYPT($L,$R,$i*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx");
 
 		&comment("");
 		&comment("Round ".sprintf("%d",$i+1));
-		&D_ENCRYPT($R,$L,($i+1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+		&D_ENCRYPT($R,$L,($i+1)*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx");
 		}
 	&jmp(&label("end"));
 
@@ -108,10 +108,10 @@ sub des_encrypt
 		{
 		&comment("");
 		&comment("Round $i");
-		&D_ENCRYPT($L,$R,$i*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+		&D_ENCRYPT($L,$R,$i*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx");
 		&comment("");
 		&comment("Round ".sprintf("%d",$i-1));
-		&D_ENCRYPT($R,$L,($i-1)*2,"ebp","des_SPtrans","ecx","edx","eax","ebx");
+		&D_ENCRYPT($R,$L,($i-1)*2,"ebp","DES_SPtrans","ecx","edx","eax","ebx");
 		}
 
 	&set_label("end");
diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl
index 288984d135..eec00886e4 100644
--- a/crypto/des/asm/desboth.pl
+++ b/crypto/des/asm/desboth.pl
@@ -3,7 +3,7 @@
 $L="edi";
 $R="esi";
 
-sub des_encrypt3
+sub DES_encrypt3
 	{
 	local($name,$enc)=@_;
 
@@ -44,18 +44,18 @@ sub des_encrypt3
 		 &mov("edi",&wparam(2));
 		 &mov("eax",&wparam(3));
 		}
-	&mov(&swtmp(2),	(($enc)?"1":"0"));
+	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
 	&mov(&swtmp(1),	"eax");
 	&mov(&swtmp(0),	"ebx");
-	&call("des_encrypt2");
-	&mov(&swtmp(2),	(($enc)?"0":"1"));
+	&call("DES_encrypt2");
+	&mov(&swtmp(2),	(DWC(($enc)?"0":"1")));
 	&mov(&swtmp(1),	"edi");
 	&mov(&swtmp(0),	"ebx");
-	&call("des_encrypt2");
-	&mov(&swtmp(2),	(($enc)?"1":"0"));
+	&call("DES_encrypt2");
+	&mov(&swtmp(2),	(DWC(($enc)?"1":"0")));
 	&mov(&swtmp(1),	"esi");
 	&mov(&swtmp(0),	"ebx");
-	&call("des_encrypt2");
+	&call("DES_encrypt2");
 
 	&stack_pop(3);
 	&mov($L,&DWP(0,"ebx","",0));
diff --git a/crypto/des/asm/dx86-cpp.s b/crypto/des/asm/dx86-cpp.s
deleted file mode 100644
index 675bdeba68..0000000000
--- a/crypto/des/asm/dx86-cpp.s
+++ /dev/null
@@ -1,2780 +0,0 @@
-	/* Don't even think of reading this code */
-	/* It was automatically generated by des-som2.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, Win32, or Solaris */
-	/* It can be found in SSLeay 0.6.5+ or in libdes 3.26+ */
-	/* eric <eay@cryptsoft.com> */
-	/* The inner loop instruction sequence and the IP/FP modifications */
-	/* are from Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> */
-
-	.file	"dx86xxxx.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl des_encrypt
-	TYPE(des_encrypt,@function)
-des_encrypt:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	/* Load the 2 words */
-	movl	20(%esp),	%esi
-	xorl	%ecx,		%ecx
-	movl	(%esi),		%eax
-	movl	28(%esp),	%ebx
-	movl	4(%esi),	%edi
-
-	/* IP */
-	roll	$4,		%eax
-	movl	%eax,		%esi
-	xorl	%edi,		%eax
-	andl	$0xf0f0f0f0,	%eax
-	xorl	%eax,		%esi
-	xorl	%eax,		%edi
-
-	roll	$20,		%edi
-	movl	%edi,		%eax
-	xorl	%esi,		%edi
-	andl	$0xfff0000f,	%edi
-	xorl	%edi,		%eax
-	xorl	%edi,		%esi
-
-	roll	$14,		%eax
-	movl	%eax,		%edi
-	xorl	%esi,		%eax
-	andl	$0x33333333,	%eax
-	xorl	%eax,		%edi
-	xorl	%eax,		%esi
-
-	roll	$22,		%esi
-	movl	%esi,		%eax
-	xorl	%edi,		%esi
-	andl	$0x03fc03fc,	%esi
-	xorl	%esi,		%eax
-	xorl	%esi,		%edi
-
-	roll	$9,		%eax
-	movl	%eax,		%esi
-	xorl	%edi,		%eax
-	andl	$0xaaaaaaaa,	%eax
-	xorl	%eax,		%esi
-	xorl	%eax,		%edi
-
-	roll	$1,		%edi
-	cmpl	$0,		%ebx
-	movl	24(%esp),	%ebp
-	je	.L000start_decrypt
-
-	/* Round 0 */
-	movl	(%ebp),		%eax
-	xorl	%ebx,		%ebx
-	movl	4(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 1 */
-	movl	8(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	12(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 2 */
-	movl	16(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	20(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 3 */
-	movl	24(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	28(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 4 */
-	movl	32(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	36(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 5 */
-	movl	40(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	44(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 6 */
-	movl	48(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	52(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 7 */
-	movl	56(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	60(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 8 */
-	movl	64(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	68(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 9 */
-	movl	72(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	76(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 10 */
-	movl	80(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	84(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 11 */
-	movl	88(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	92(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 12 */
-	movl	96(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	100(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 13 */
-	movl	104(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	108(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 14 */
-	movl	112(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	116(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 15 */
-	movl	120(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	124(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-	jmp	.L001end
-.align ALIGN
-.L000start_decrypt:
-
-	/* Round 15 */
-	movl	120(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	124(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 14 */
-	movl	112(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	116(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 13 */
-	movl	104(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	108(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 12 */
-	movl	96(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	100(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 11 */
-	movl	88(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	92(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 10 */
-	movl	80(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	84(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 9 */
-	movl	72(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	76(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 8 */
-	movl	64(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	68(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 7 */
-	movl	56(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	60(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 6 */
-	movl	48(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	52(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 5 */
-	movl	40(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	44(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 4 */
-	movl	32(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	36(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 3 */
-	movl	24(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	28(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 2 */
-	movl	16(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	20(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 1 */
-	movl	8(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	12(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 0 */
-	movl	(%ebp),		%eax
-	xorl	%ebx,		%ebx
-	movl	4(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-.align ALIGN
-.L001end:
-
-	/* FP */
-	movl	20(%esp),	%edx
-	rorl	$1,		%esi
-	movl	%edi,		%eax
-	xorl	%esi,		%edi
-	andl	$0xaaaaaaaa,	%edi
-	xorl	%edi,		%eax
-	xorl	%edi,		%esi
-
-	roll	$23,		%eax
-	movl	%eax,		%edi
-	xorl	%esi,		%eax
-	andl	$0x03fc03fc,	%eax
-	xorl	%eax,		%edi
-	xorl	%eax,		%esi
-
-	roll	$10,		%edi
-	movl	%edi,		%eax
-	xorl	%esi,		%edi
-	andl	$0x33333333,	%edi
-	xorl	%edi,		%eax
-	xorl	%edi,		%esi
-
-	roll	$18,		%esi
-	movl	%esi,		%edi
-	xorl	%eax,		%esi
-	andl	$0xfff0000f,	%esi
-	xorl	%esi,		%edi
-	xorl	%esi,		%eax
-
-	roll	$12,		%edi
-	movl	%edi,		%esi
-	xorl	%eax,		%edi
-	andl	$0xf0f0f0f0,	%edi
-	xorl	%edi,		%esi
-	xorl	%edi,		%eax
-
-	rorl	$4,		%eax
-	movl	%eax,		(%edx)
-	movl	%esi,		4(%edx)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.des_encrypt_end:
-	SIZE(des_encrypt,.des_encrypt_end-des_encrypt)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl des_encrypt2
-	TYPE(des_encrypt2,@function)
-des_encrypt2:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	/* Load the 2 words */
-	movl	20(%esp),	%eax
-	xorl	%ecx,		%ecx
-	movl	(%eax),		%esi
-	movl	28(%esp),	%ebx
-	roll	$3,		%esi
-	movl	4(%eax),	%edi
-	roll	$3,		%edi
-	cmpl	$0,		%ebx
-	movl	24(%esp),	%ebp
-	je	.L002start_decrypt
-
-	/* Round 0 */
-	movl	(%ebp),		%eax
-	xorl	%ebx,		%ebx
-	movl	4(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 1 */
-	movl	8(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	12(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 2 */
-	movl	16(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	20(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 3 */
-	movl	24(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	28(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 4 */
-	movl	32(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	36(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 5 */
-	movl	40(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	44(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 6 */
-	movl	48(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	52(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 7 */
-	movl	56(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	60(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 8 */
-	movl	64(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	68(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 9 */
-	movl	72(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	76(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 10 */
-	movl	80(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	84(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 11 */
-	movl	88(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	92(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 12 */
-	movl	96(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	100(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 13 */
-	movl	104(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	108(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 14 */
-	movl	112(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	116(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 15 */
-	movl	120(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	124(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-	jmp	.L003end
-.align ALIGN
-.L002start_decrypt:
-
-	/* Round 15 */
-	movl	120(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	124(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 14 */
-	movl	112(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	116(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 13 */
-	movl	104(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	108(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 12 */
-	movl	96(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	100(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 11 */
-	movl	88(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	92(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 10 */
-	movl	80(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	84(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 9 */
-	movl	72(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	76(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 8 */
-	movl	64(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	68(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 7 */
-	movl	56(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	60(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 6 */
-	movl	48(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	52(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 5 */
-	movl	40(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	44(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 4 */
-	movl	32(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	36(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 3 */
-	movl	24(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	28(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 2 */
-	movl	16(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	20(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 1 */
-	movl	8(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	12(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 0 */
-	movl	(%ebp),		%eax
-	xorl	%ebx,		%ebx
-	movl	4(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-.align ALIGN
-.L003end:
-
-	/* Fixup */
-	rorl	$3,		%edi
-	movl	20(%esp),	%eax
-	rorl	$3,		%esi
-	movl	%edi,		(%eax)
-	movl	%esi,		4(%eax)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.des_encrypt2_end:
-	SIZE(des_encrypt2,.des_encrypt2_end-des_encrypt2)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl des_encrypt3
-	TYPE(des_encrypt3,@function)
-des_encrypt3:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	/* Load the data words */
-	movl	20(%esp),	%ebx
-	movl	(%ebx),		%edi
-	movl	4(%ebx),	%esi
-
-	/* IP */
-	roll	$4,		%edi
-	movl	%edi,		%edx
-	xorl	%esi,		%edi
-	andl	$0xf0f0f0f0,	%edi
-	xorl	%edi,		%edx
-	xorl	%edi,		%esi
-
-	roll	$20,		%esi
-	movl	%esi,		%edi
-	xorl	%edx,		%esi
-	andl	$0xfff0000f,	%esi
-	xorl	%esi,		%edi
-	xorl	%esi,		%edx
-
-	roll	$14,		%edi
-	movl	%edi,		%esi
-	xorl	%edx,		%edi
-	andl	$0x33333333,	%edi
-	xorl	%edi,		%esi
-	xorl	%edi,		%edx
-
-	roll	$22,		%edx
-	movl	%edx,		%edi
-	xorl	%esi,		%edx
-	andl	$0x03fc03fc,	%edx
-	xorl	%edx,		%edi
-	xorl	%edx,		%esi
-
-	roll	$9,		%edi
-	movl	%edi,		%edx
-	xorl	%esi,		%edi
-	andl	$0xaaaaaaaa,	%edi
-	xorl	%edi,		%edx
-	xorl	%edi,		%esi
-
-	rorl	$3,		%edx
-	rorl	$2,		%esi
-	movl	%esi,		4(%ebx)
-	movl	24(%esp),	%eax
-	movl	%edx,		(%ebx)
-	movl	28(%esp),	%edi
-	movl	32(%esp),	%esi
-	pushl	$1
-	pushl	%eax
-	pushl	%ebx
-	call	des_encrypt2
-	pushl	$0
-	pushl	%edi
-	pushl	%ebx
-	call	des_encrypt2
-	pushl	$1
-	pushl	%esi
-	pushl	%ebx
-	call	des_encrypt2
-	movl	(%ebx),		%edi
-	addl	$36,		%esp
-	movl	4(%ebx),	%esi
-
-	/* FP */
-	roll	$2,		%esi
-	roll	$3,		%edi
-	movl	%edi,		%eax
-	xorl	%esi,		%edi
-	andl	$0xaaaaaaaa,	%edi
-	xorl	%edi,		%eax
-	xorl	%edi,		%esi
-
-	roll	$23,		%eax
-	movl	%eax,		%edi
-	xorl	%esi,		%eax
-	andl	$0x03fc03fc,	%eax
-	xorl	%eax,		%edi
-	xorl	%eax,		%esi
-
-	roll	$10,		%edi
-	movl	%edi,		%eax
-	xorl	%esi,		%edi
-	andl	$0x33333333,	%edi
-	xorl	%edi,		%eax
-	xorl	%edi,		%esi
-
-	roll	$18,		%esi
-	movl	%esi,		%edi
-	xorl	%eax,		%esi
-	andl	$0xfff0000f,	%esi
-	xorl	%esi,		%edi
-	xorl	%esi,		%eax
-
-	roll	$12,		%edi
-	movl	%edi,		%esi
-	xorl	%eax,		%edi
-	andl	$0xf0f0f0f0,	%edi
-	xorl	%edi,		%esi
-	xorl	%edi,		%eax
-
-	rorl	$4,		%eax
-	movl	%eax,		(%ebx)
-	movl	%esi,		4(%ebx)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.des_encrypt3_end:
-	SIZE(des_encrypt3,.des_encrypt3_end-des_encrypt3)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl des_decrypt3
-	TYPE(des_decrypt3,@function)
-des_decrypt3:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	/* Load the data words */
-	movl	20(%esp),	%ebx
-	movl	(%ebx),		%edi
-	movl	4(%ebx),	%esi
-
-	/* IP */
-	roll	$4,		%edi
-	movl	%edi,		%edx
-	xorl	%esi,		%edi
-	andl	$0xf0f0f0f0,	%edi
-	xorl	%edi,		%edx
-	xorl	%edi,		%esi
-
-	roll	$20,		%esi
-	movl	%esi,		%edi
-	xorl	%edx,		%esi
-	andl	$0xfff0000f,	%esi
-	xorl	%esi,		%edi
-	xorl	%esi,		%edx
-
-	roll	$14,		%edi
-	movl	%edi,		%esi
-	xorl	%edx,		%edi
-	andl	$0x33333333,	%edi
-	xorl	%edi,		%esi
-	xorl	%edi,		%edx
-
-	roll	$22,		%edx
-	movl	%edx,		%edi
-	xorl	%esi,		%edx
-	andl	$0x03fc03fc,	%edx
-	xorl	%edx,		%edi
-	xorl	%edx,		%esi
-
-	roll	$9,		%edi
-	movl	%edi,		%edx
-	xorl	%esi,		%edi
-	andl	$0xaaaaaaaa,	%edi
-	xorl	%edi,		%edx
-	xorl	%edi,		%esi
-
-	rorl	$3,		%edx
-	rorl	$2,		%esi
-	movl	%esi,		4(%ebx)
-	movl	24(%esp),	%esi
-	movl	%edx,		(%ebx)
-	movl	28(%esp),	%edi
-	movl	32(%esp),	%eax
-	pushl	$0
-	pushl	%eax
-	pushl	%ebx
-	call	des_encrypt2
-	pushl	$1
-	pushl	%edi
-	pushl	%ebx
-	call	des_encrypt2
-	pushl	$0
-	pushl	%esi
-	pushl	%ebx
-	call	des_encrypt2
-	movl	(%ebx),		%edi
-	addl	$36,		%esp
-	movl	4(%ebx),	%esi
-
-	/* FP */
-	roll	$2,		%esi
-	roll	$3,		%edi
-	movl	%edi,		%eax
-	xorl	%esi,		%edi
-	andl	$0xaaaaaaaa,	%edi
-	xorl	%edi,		%eax
-	xorl	%edi,		%esi
-
-	roll	$23,		%eax
-	movl	%eax,		%edi
-	xorl	%esi,		%eax
-	andl	$0x03fc03fc,	%eax
-	xorl	%eax,		%edi
-	xorl	%eax,		%esi
-
-	roll	$10,		%edi
-	movl	%edi,		%eax
-	xorl	%esi,		%edi
-	andl	$0x33333333,	%edi
-	xorl	%edi,		%eax
-	xorl	%edi,		%esi
-
-	roll	$18,		%esi
-	movl	%esi,		%edi
-	xorl	%eax,		%esi
-	andl	$0xfff0000f,	%esi
-	xorl	%esi,		%edi
-	xorl	%esi,		%eax
-
-	roll	$12,		%edi
-	movl	%edi,		%esi
-	xorl	%eax,		%edi
-	andl	$0xf0f0f0f0,	%edi
-	xorl	%edi,		%esi
-	xorl	%edi,		%eax
-
-	rorl	$4,		%eax
-	movl	%eax,		(%ebx)
-	movl	%esi,		4(%ebx)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.des_decrypt3_end:
-	SIZE(des_decrypt3,.des_decrypt3_end-des_decrypt3)
-.ident	"desasm.pl"
diff --git a/crypto/des/asm/dx86unix.cpp b/crypto/des/asm/dx86unix.cpp
deleted file mode 100644
index 6fca9afa16..0000000000
--- a/crypto/des/asm/dx86unix.cpp
+++ /dev/null
@@ -1,3202 +0,0 @@
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-
-#if defined(OUT) || defined(BSDI)
-#define des_SPtrans _des_SPtrans
-#define des_encrypt _des_encrypt
-#define des_encrypt2 _des_encrypt2
-#define des_encrypt3 _des_encrypt3
-#define des_decrypt3 _des_decrypt3
-#define des_ncbc_encrypt _des_ncbc_encrypt
-#define des_ede3_cbc_encrypt _des_ede3_cbc_encrypt
-
-#endif
-
-#ifdef OUT
-#define OK	1
-#define ALIGN	4
-#endif
-
-#ifdef BSDI
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-/* Let the Assembler begin :-) */
-	/* Don't even think of reading this code */
-	/* It was automatically generated by des-586.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, BSDI,Win32, or Solaris */
-	/* eric <eay@cryptsoft.com> */
-
-	.file	"des-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl des_encrypt
-	TYPE(des_encrypt,@function)
-des_encrypt:
-	pushl	%esi
-	pushl	%edi
-
-	/* Load the 2 words */
-	movl	12(%esp),	%esi
-	xorl	%ecx,		%ecx
-	pushl	%ebx
-	pushl	%ebp
-	movl	(%esi),		%eax
-	movl	28(%esp),	%ebx
-	movl	4(%esi),	%edi
-
-	/* IP */
-	roll	$4,		%eax
-	movl	%eax,		%esi
-	xorl	%edi,		%eax
-	andl	$0xf0f0f0f0,	%eax
-	xorl	%eax,		%esi
-	xorl	%eax,		%edi
-
-	roll	$20,		%edi
-	movl	%edi,		%eax
-	xorl	%esi,		%edi
-	andl	$0xfff0000f,	%edi
-	xorl	%edi,		%eax
-	xorl	%edi,		%esi
-
-	roll	$14,		%eax
-	movl	%eax,		%edi
-	xorl	%esi,		%eax
-	andl	$0x33333333,	%eax
-	xorl	%eax,		%edi
-	xorl	%eax,		%esi
-
-	roll	$22,		%esi
-	movl	%esi,		%eax
-	xorl	%edi,		%esi
-	andl	$0x03fc03fc,	%esi
-	xorl	%esi,		%eax
-	xorl	%esi,		%edi
-
-	roll	$9,		%eax
-	movl	%eax,		%esi
-	xorl	%edi,		%eax
-	andl	$0xaaaaaaaa,	%eax
-	xorl	%eax,		%esi
-	xorl	%eax,		%edi
-
-.byte 209
-.byte 199		/* roll $1 %edi */
-	movl	24(%esp),	%ebp
-	cmpl	$0,		%ebx
-	je	.L000start_decrypt
-
-	/* Round 0 */
-	movl	(%ebp),		%eax
-	xorl	%ebx,		%ebx
-	movl	4(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 1 */
-	movl	8(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	12(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 2 */
-	movl	16(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	20(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 3 */
-	movl	24(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	28(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 4 */
-	movl	32(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	36(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 5 */
-	movl	40(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	44(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 6 */
-	movl	48(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	52(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 7 */
-	movl	56(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	60(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 8 */
-	movl	64(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	68(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 9 */
-	movl	72(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	76(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 10 */
-	movl	80(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	84(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 11 */
-	movl	88(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	92(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 12 */
-	movl	96(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	100(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 13 */
-	movl	104(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	108(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 14 */
-	movl	112(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	116(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 15 */
-	movl	120(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	124(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-	jmp	.L001end
-.L000start_decrypt:
-
-	/* Round 15 */
-	movl	120(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	124(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 14 */
-	movl	112(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	116(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 13 */
-	movl	104(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	108(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 12 */
-	movl	96(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	100(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 11 */
-	movl	88(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	92(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 10 */
-	movl	80(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	84(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 9 */
-	movl	72(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	76(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 8 */
-	movl	64(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	68(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 7 */
-	movl	56(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	60(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 6 */
-	movl	48(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	52(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 5 */
-	movl	40(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	44(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 4 */
-	movl	32(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	36(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 3 */
-	movl	24(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	28(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 2 */
-	movl	16(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	20(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 1 */
-	movl	8(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	12(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 0 */
-	movl	(%ebp),		%eax
-	xorl	%ebx,		%ebx
-	movl	4(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-.L001end:
-
-	/* FP */
-	movl	20(%esp),	%edx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	movl	%edi,		%eax
-	xorl	%esi,		%edi
-	andl	$0xaaaaaaaa,	%edi
-	xorl	%edi,		%eax
-	xorl	%edi,		%esi
-
-	roll	$23,		%eax
-	movl	%eax,		%edi
-	xorl	%esi,		%eax
-	andl	$0x03fc03fc,	%eax
-	xorl	%eax,		%edi
-	xorl	%eax,		%esi
-
-	roll	$10,		%edi
-	movl	%edi,		%eax
-	xorl	%esi,		%edi
-	andl	$0x33333333,	%edi
-	xorl	%edi,		%eax
-	xorl	%edi,		%esi
-
-	roll	$18,		%esi
-	movl	%esi,		%edi
-	xorl	%eax,		%esi
-	andl	$0xfff0000f,	%esi
-	xorl	%esi,		%edi
-	xorl	%esi,		%eax
-
-	roll	$12,		%edi
-	movl	%edi,		%esi
-	xorl	%eax,		%edi
-	andl	$0xf0f0f0f0,	%edi
-	xorl	%edi,		%esi
-	xorl	%edi,		%eax
-
-	rorl	$4,		%eax
-	movl	%eax,		(%edx)
-	movl	%esi,		4(%edx)
-	popl	%ebp
-	popl	%ebx
-	popl	%edi
-	popl	%esi
-	ret
-.des_encrypt_end:
-	SIZE(des_encrypt,.des_encrypt_end-des_encrypt)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl des_encrypt2
-	TYPE(des_encrypt2,@function)
-des_encrypt2:
-	pushl	%esi
-	pushl	%edi
-
-	/* Load the 2 words */
-	movl	12(%esp),	%eax
-	xorl	%ecx,		%ecx
-	pushl	%ebx
-	pushl	%ebp
-	movl	(%eax),		%esi
-	movl	28(%esp),	%ebx
-	roll	$3,		%esi
-	movl	4(%eax),	%edi
-	roll	$3,		%edi
-	movl	24(%esp),	%ebp
-	cmpl	$0,		%ebx
-	je	.L002start_decrypt
-
-	/* Round 0 */
-	movl	(%ebp),		%eax
-	xorl	%ebx,		%ebx
-	movl	4(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 1 */
-	movl	8(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	12(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 2 */
-	movl	16(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	20(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 3 */
-	movl	24(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	28(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 4 */
-	movl	32(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	36(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 5 */
-	movl	40(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	44(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 6 */
-	movl	48(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	52(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 7 */
-	movl	56(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	60(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 8 */
-	movl	64(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	68(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 9 */
-	movl	72(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	76(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 10 */
-	movl	80(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	84(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 11 */
-	movl	88(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	92(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 12 */
-	movl	96(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	100(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 13 */
-	movl	104(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	108(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 14 */
-	movl	112(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	116(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 15 */
-	movl	120(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	124(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-	jmp	.L003end
-.L002start_decrypt:
-
-	/* Round 15 */
-	movl	120(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	124(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 14 */
-	movl	112(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	116(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 13 */
-	movl	104(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	108(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 12 */
-	movl	96(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	100(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 11 */
-	movl	88(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	92(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 10 */
-	movl	80(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	84(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 9 */
-	movl	72(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	76(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 8 */
-	movl	64(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	68(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 7 */
-	movl	56(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	60(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 6 */
-	movl	48(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	52(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 5 */
-	movl	40(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	44(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 4 */
-	movl	32(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	36(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 3 */
-	movl	24(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	28(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 2 */
-	movl	16(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	20(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 1 */
-	movl	8(%ebp),	%eax
-	xorl	%ebx,		%ebx
-	movl	12(%ebp),	%edx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 0 */
-	movl	(%ebp),		%eax
-	xorl	%ebx,		%ebx
-	movl	4(%ebp),	%edx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	andl	$0xcfcfcfcf,	%edx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-.L003end:
-
-	/* Fixup */
-	rorl	$3,		%edi
-	movl	20(%esp),	%eax
-	rorl	$3,		%esi
-	movl	%edi,		(%eax)
-	movl	%esi,		4(%eax)
-	popl	%ebp
-	popl	%ebx
-	popl	%edi
-	popl	%esi
-	ret
-.des_encrypt2_end:
-	SIZE(des_encrypt2,.des_encrypt2_end-des_encrypt2)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl des_encrypt3
-	TYPE(des_encrypt3,@function)
-des_encrypt3:
-	pushl	%ebx
-	movl	8(%esp),	%ebx
-	pushl	%ebp
-	pushl	%esi
-	pushl	%edi
-
-	/* Load the data words */
-	movl	(%ebx),		%edi
-	movl	4(%ebx),	%esi
-	subl	$12,		%esp
-
-	/* IP */
-	roll	$4,		%edi
-	movl	%edi,		%edx
-	xorl	%esi,		%edi
-	andl	$0xf0f0f0f0,	%edi
-	xorl	%edi,		%edx
-	xorl	%edi,		%esi
-
-	roll	$20,		%esi
-	movl	%esi,		%edi
-	xorl	%edx,		%esi
-	andl	$0xfff0000f,	%esi
-	xorl	%esi,		%edi
-	xorl	%esi,		%edx
-
-	roll	$14,		%edi
-	movl	%edi,		%esi
-	xorl	%edx,		%edi
-	andl	$0x33333333,	%edi
-	xorl	%edi,		%esi
-	xorl	%edi,		%edx
-
-	roll	$22,		%edx
-	movl	%edx,		%edi
-	xorl	%esi,		%edx
-	andl	$0x03fc03fc,	%edx
-	xorl	%edx,		%edi
-	xorl	%edx,		%esi
-
-	roll	$9,		%edi
-	movl	%edi,		%edx
-	xorl	%esi,		%edi
-	andl	$0xaaaaaaaa,	%edi
-	xorl	%edi,		%edx
-	xorl	%edi,		%esi
-
-	rorl	$3,		%edx
-	rorl	$2,		%esi
-	movl	%esi,		4(%ebx)
-	movl	36(%esp),	%eax
-	movl	%edx,		(%ebx)
-	movl	40(%esp),	%edi
-	movl	44(%esp),	%esi
-	movl	$1,		8(%esp)
-	movl	%eax,		4(%esp)
-	movl	%ebx,		(%esp)
-	call	des_encrypt2
-	movl	$0,		8(%esp)
-	movl	%edi,		4(%esp)
-	movl	%ebx,		(%esp)
-	call	des_encrypt2
-	movl	$1,		8(%esp)
-	movl	%esi,		4(%esp)
-	movl	%ebx,		(%esp)
-	call	des_encrypt2
-	addl	$12,		%esp
-	movl	(%ebx),		%edi
-	movl	4(%ebx),	%esi
-
-	/* FP */
-	roll	$2,		%esi
-	roll	$3,		%edi
-	movl	%edi,		%eax
-	xorl	%esi,		%edi
-	andl	$0xaaaaaaaa,	%edi
-	xorl	%edi,		%eax
-	xorl	%edi,		%esi
-
-	roll	$23,		%eax
-	movl	%eax,		%edi
-	xorl	%esi,		%eax
-	andl	$0x03fc03fc,	%eax
-	xorl	%eax,		%edi
-	xorl	%eax,		%esi
-
-	roll	$10,		%edi
-	movl	%edi,		%eax
-	xorl	%esi,		%edi
-	andl	$0x33333333,	%edi
-	xorl	%edi,		%eax
-	xorl	%edi,		%esi
-
-	roll	$18,		%esi
-	movl	%esi,		%edi
-	xorl	%eax,		%esi
-	andl	$0xfff0000f,	%esi
-	xorl	%esi,		%edi
-	xorl	%esi,		%eax
-
-	roll	$12,		%edi
-	movl	%edi,		%esi
-	xorl	%eax,		%edi
-	andl	$0xf0f0f0f0,	%edi
-	xorl	%edi,		%esi
-	xorl	%edi,		%eax
-
-	rorl	$4,		%eax
-	movl	%eax,		(%ebx)
-	movl	%esi,		4(%ebx)
-	popl	%edi
-	popl	%esi
-	popl	%ebp
-	popl	%ebx
-	ret
-.des_encrypt3_end:
-	SIZE(des_encrypt3,.des_encrypt3_end-des_encrypt3)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl des_decrypt3
-	TYPE(des_decrypt3,@function)
-des_decrypt3:
-	pushl	%ebx
-	movl	8(%esp),	%ebx
-	pushl	%ebp
-	pushl	%esi
-	pushl	%edi
-
-	/* Load the data words */
-	movl	(%ebx),		%edi
-	movl	4(%ebx),	%esi
-	subl	$12,		%esp
-
-	/* IP */
-	roll	$4,		%edi
-	movl	%edi,		%edx
-	xorl	%esi,		%edi
-	andl	$0xf0f0f0f0,	%edi
-	xorl	%edi,		%edx
-	xorl	%edi,		%esi
-
-	roll	$20,		%esi
-	movl	%esi,		%edi
-	xorl	%edx,		%esi
-	andl	$0xfff0000f,	%esi
-	xorl	%esi,		%edi
-	xorl	%esi,		%edx
-
-	roll	$14,		%edi
-	movl	%edi,		%esi
-	xorl	%edx,		%edi
-	andl	$0x33333333,	%edi
-	xorl	%edi,		%esi
-	xorl	%edi,		%edx
-
-	roll	$22,		%edx
-	movl	%edx,		%edi
-	xorl	%esi,		%edx
-	andl	$0x03fc03fc,	%edx
-	xorl	%edx,		%edi
-	xorl	%edx,		%esi
-
-	roll	$9,		%edi
-	movl	%edi,		%edx
-	xorl	%esi,		%edi
-	andl	$0xaaaaaaaa,	%edi
-	xorl	%edi,		%edx
-	xorl	%edi,		%esi
-
-	rorl	$3,		%edx
-	rorl	$2,		%esi
-	movl	%esi,		4(%ebx)
-	movl	36(%esp),	%esi
-	movl	%edx,		(%ebx)
-	movl	40(%esp),	%edi
-	movl	44(%esp),	%eax
-	movl	$0,		8(%esp)
-	movl	%eax,		4(%esp)
-	movl	%ebx,		(%esp)
-	call	des_encrypt2
-	movl	$1,		8(%esp)
-	movl	%edi,		4(%esp)
-	movl	%ebx,		(%esp)
-	call	des_encrypt2
-	movl	$0,		8(%esp)
-	movl	%esi,		4(%esp)
-	movl	%ebx,		(%esp)
-	call	des_encrypt2
-	addl	$12,		%esp
-	movl	(%ebx),		%edi
-	movl	4(%ebx),	%esi
-
-	/* FP */
-	roll	$2,		%esi
-	roll	$3,		%edi
-	movl	%edi,		%eax
-	xorl	%esi,		%edi
-	andl	$0xaaaaaaaa,	%edi
-	xorl	%edi,		%eax
-	xorl	%edi,		%esi
-
-	roll	$23,		%eax
-	movl	%eax,		%edi
-	xorl	%esi,		%eax
-	andl	$0x03fc03fc,	%eax
-	xorl	%eax,		%edi
-	xorl	%eax,		%esi
-
-	roll	$10,		%edi
-	movl	%edi,		%eax
-	xorl	%esi,		%edi
-	andl	$0x33333333,	%edi
-	xorl	%edi,		%eax
-	xorl	%edi,		%esi
-
-	roll	$18,		%esi
-	movl	%esi,		%edi
-	xorl	%eax,		%esi
-	andl	$0xfff0000f,	%esi
-	xorl	%esi,		%edi
-	xorl	%esi,		%eax
-
-	roll	$12,		%edi
-	movl	%edi,		%esi
-	xorl	%eax,		%edi
-	andl	$0xf0f0f0f0,	%edi
-	xorl	%edi,		%esi
-	xorl	%edi,		%eax
-
-	rorl	$4,		%eax
-	movl	%eax,		(%ebx)
-	movl	%esi,		4(%ebx)
-	popl	%edi
-	popl	%esi
-	popl	%ebp
-	popl	%ebx
-	ret
-.des_decrypt3_end:
-	SIZE(des_decrypt3,.des_decrypt3_end-des_decrypt3)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl des_ncbc_encrypt
-	TYPE(des_ncbc_encrypt,@function)
-des_ncbc_encrypt:
-
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	28(%esp),	%ebp
-	/* getting iv ptr from parameter 4 */
-	movl	36(%esp),	%ebx
-	movl	(%ebx),		%esi
-	movl	4(%ebx),	%edi
-	pushl	%edi
-	pushl	%esi
-	pushl	%edi
-	pushl	%esi
-	movl	%esp,		%ebx
-	movl	36(%esp),	%esi
-	movl	40(%esp),	%edi
-	/* getting encrypt flag from parameter 5 */
-	movl	56(%esp),	%ecx
-	/* get and push parameter 5 */
-	pushl	%ecx
-	/* get and push parameter 3 */
-	movl	52(%esp),	%eax
-	pushl	%eax
-	pushl	%ebx
-	cmpl	$0,		%ecx
-	jz	.L004decrypt
-	andl	$4294967288,	%ebp
-	movl	12(%esp),	%eax
-	movl	16(%esp),	%ebx
-	jz	.L005encrypt_finish
-.L006encrypt_loop:
-	movl	(%esi),		%ecx
-	movl	4(%esi),	%edx
-	xorl	%ecx,		%eax
-	xorl	%edx,		%ebx
-	movl	%eax,		12(%esp)
-	movl	%ebx,		16(%esp)
-	call	des_encrypt
-	movl	12(%esp),	%eax
-	movl	16(%esp),	%ebx
-	movl	%eax,		(%edi)
-	movl	%ebx,		4(%edi)
-	addl	$8,		%esi
-	addl	$8,		%edi
-	subl	$8,		%ebp
-	jnz	.L006encrypt_loop
-.L005encrypt_finish:
-	movl	56(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L007finish
-	xorl	%ecx,		%ecx
-	xorl	%edx,		%edx
-	movl	.L008cbc_enc_jmp_table(,%ebp,4),%ebp
-	jmp	*%ebp
-.L009ej7:
-	movb	6(%esi),	%dh
-	sall	$8,		%edx
-.L010ej6:
-	movb	5(%esi),	%dh
-.L011ej5:
-	movb	4(%esi),	%dl
-.L012ej4:
-	movl	(%esi),		%ecx
-	jmp	.L013ejend
-.L014ej3:
-	movb	2(%esi),	%ch
-	sall	$8,		%ecx
-.L015ej2:
-	movb	1(%esi),	%ch
-.L016ej1:
-	movb	(%esi),		%cl
-.L013ejend:
-	xorl	%ecx,		%eax
-	xorl	%edx,		%ebx
-	movl	%eax,		12(%esp)
-	movl	%ebx,		16(%esp)
-	call	des_encrypt
-	movl	12(%esp),	%eax
-	movl	16(%esp),	%ebx
-	movl	%eax,		(%edi)
-	movl	%ebx,		4(%edi)
-	jmp	.L007finish
-.align ALIGN
-.L004decrypt:
-	andl	$4294967288,	%ebp
-	movl	20(%esp),	%eax
-	movl	24(%esp),	%ebx
-	jz	.L017decrypt_finish
-.L018decrypt_loop:
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%eax,		12(%esp)
-	movl	%ebx,		16(%esp)
-	call	des_encrypt
-	movl	12(%esp),	%eax
-	movl	16(%esp),	%ebx
-	movl	20(%esp),	%ecx
-	movl	24(%esp),	%edx
-	xorl	%eax,		%ecx
-	xorl	%ebx,		%edx
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%ecx,		(%edi)
-	movl	%edx,		4(%edi)
-	movl	%eax,		20(%esp)
-	movl	%ebx,		24(%esp)
-	addl	$8,		%esi
-	addl	$8,		%edi
-	subl	$8,		%ebp
-	jnz	.L018decrypt_loop
-.L017decrypt_finish:
-	movl	56(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L007finish
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%eax,		12(%esp)
-	movl	%ebx,		16(%esp)
-	call	des_encrypt
-	movl	12(%esp),	%eax
-	movl	16(%esp),	%ebx
-	movl	20(%esp),	%ecx
-	movl	24(%esp),	%edx
-	xorl	%eax,		%ecx
-	xorl	%ebx,		%edx
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-.L019dj7:
-	rorl	$16,		%edx
-	movb	%dl,		6(%edi)
-	shrl	$16,		%edx
-.L020dj6:
-	movb	%dh,		5(%edi)
-.L021dj5:
-	movb	%dl,		4(%edi)
-.L022dj4:
-	movl	%ecx,		(%edi)
-	jmp	.L023djend
-.L024dj3:
-	rorl	$16,		%ecx
-	movb	%cl,		2(%edi)
-	sall	$16,		%ecx
-.L025dj2:
-	movb	%ch,		1(%esi)
-.L026dj1:
-	movb	%cl,		(%esi)
-.L023djend:
-	jmp	.L007finish
-.align ALIGN
-.L007finish:
-	movl	64(%esp),	%ecx
-	addl	$28,		%esp
-	movl	%eax,		(%ecx)
-	movl	%ebx,		4(%ecx)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.align ALIGN
-.L008cbc_enc_jmp_table:
-	.long 0
-	.long .L016ej1
-	.long .L015ej2
-	.long .L014ej3
-	.long .L012ej4
-	.long .L011ej5
-	.long .L010ej6
-	.long .L009ej7
-.align ALIGN
-.L027cbc_dec_jmp_table:
-	.long 0
-	.long .L026dj1
-	.long .L025dj2
-	.long .L024dj3
-	.long .L022dj4
-	.long .L021dj5
-	.long .L020dj6
-	.long .L019dj7
-.des_ncbc_encrypt_end:
-	SIZE(des_ncbc_encrypt,.des_ncbc_encrypt_end-des_ncbc_encrypt)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl des_ede3_cbc_encrypt
-	TYPE(des_ede3_cbc_encrypt,@function)
-des_ede3_cbc_encrypt:
-
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	28(%esp),	%ebp
-	/* getting iv ptr from parameter 6 */
-	movl	44(%esp),	%ebx
-	movl	(%ebx),		%esi
-	movl	4(%ebx),	%edi
-	pushl	%edi
-	pushl	%esi
-	pushl	%edi
-	pushl	%esi
-	movl	%esp,		%ebx
-	movl	36(%esp),	%esi
-	movl	40(%esp),	%edi
-	/* getting encrypt flag from parameter 7 */
-	movl	64(%esp),	%ecx
-	/* get and push parameter 5 */
-	movl	56(%esp),	%eax
-	pushl	%eax
-	/* get and push parameter 4 */
-	movl	56(%esp),	%eax
-	pushl	%eax
-	/* get and push parameter 3 */
-	movl	56(%esp),	%eax
-	pushl	%eax
-	pushl	%ebx
-	cmpl	$0,		%ecx
-	jz	.L028decrypt
-	andl	$4294967288,	%ebp
-	movl	16(%esp),	%eax
-	movl	20(%esp),	%ebx
-	jz	.L029encrypt_finish
-.L030encrypt_loop:
-	movl	(%esi),		%ecx
-	movl	4(%esi),	%edx
-	xorl	%ecx,		%eax
-	xorl	%edx,		%ebx
-	movl	%eax,		16(%esp)
-	movl	%ebx,		20(%esp)
-	call	des_encrypt3
-	movl	16(%esp),	%eax
-	movl	20(%esp),	%ebx
-	movl	%eax,		(%edi)
-	movl	%ebx,		4(%edi)
-	addl	$8,		%esi
-	addl	$8,		%edi
-	subl	$8,		%ebp
-	jnz	.L030encrypt_loop
-.L029encrypt_finish:
-	movl	60(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L031finish
-	xorl	%ecx,		%ecx
-	xorl	%edx,		%edx
-	movl	.L032cbc_enc_jmp_table(,%ebp,4),%ebp
-	jmp	*%ebp
-.L033ej7:
-	movb	6(%esi),	%dh
-	sall	$8,		%edx
-.L034ej6:
-	movb	5(%esi),	%dh
-.L035ej5:
-	movb	4(%esi),	%dl
-.L036ej4:
-	movl	(%esi),		%ecx
-	jmp	.L037ejend
-.L038ej3:
-	movb	2(%esi),	%ch
-	sall	$8,		%ecx
-.L039ej2:
-	movb	1(%esi),	%ch
-.L040ej1:
-	movb	(%esi),		%cl
-.L037ejend:
-	xorl	%ecx,		%eax
-	xorl	%edx,		%ebx
-	movl	%eax,		16(%esp)
-	movl	%ebx,		20(%esp)
-	call	des_encrypt3
-	movl	16(%esp),	%eax
-	movl	20(%esp),	%ebx
-	movl	%eax,		(%edi)
-	movl	%ebx,		4(%edi)
-	jmp	.L031finish
-.align ALIGN
-.L028decrypt:
-	andl	$4294967288,	%ebp
-	movl	24(%esp),	%eax
-	movl	28(%esp),	%ebx
-	jz	.L041decrypt_finish
-.L042decrypt_loop:
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%eax,		16(%esp)
-	movl	%ebx,		20(%esp)
-	call	des_decrypt3
-	movl	16(%esp),	%eax
-	movl	20(%esp),	%ebx
-	movl	24(%esp),	%ecx
-	movl	28(%esp),	%edx
-	xorl	%eax,		%ecx
-	xorl	%ebx,		%edx
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%ecx,		(%edi)
-	movl	%edx,		4(%edi)
-	movl	%eax,		24(%esp)
-	movl	%ebx,		28(%esp)
-	addl	$8,		%esi
-	addl	$8,		%edi
-	subl	$8,		%ebp
-	jnz	.L042decrypt_loop
-.L041decrypt_finish:
-	movl	60(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L031finish
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%eax,		16(%esp)
-	movl	%ebx,		20(%esp)
-	call	des_decrypt3
-	movl	16(%esp),	%eax
-	movl	20(%esp),	%ebx
-	movl	24(%esp),	%ecx
-	movl	28(%esp),	%edx
-	xorl	%eax,		%ecx
-	xorl	%ebx,		%edx
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-.L043dj7:
-	rorl	$16,		%edx
-	movb	%dl,		6(%edi)
-	shrl	$16,		%edx
-.L044dj6:
-	movb	%dh,		5(%edi)
-.L045dj5:
-	movb	%dl,		4(%edi)
-.L046dj4:
-	movl	%ecx,		(%edi)
-	jmp	.L047djend
-.L048dj3:
-	rorl	$16,		%ecx
-	movb	%cl,		2(%edi)
-	sall	$16,		%ecx
-.L049dj2:
-	movb	%ch,		1(%esi)
-.L050dj1:
-	movb	%cl,		(%esi)
-.L047djend:
-	jmp	.L031finish
-.align ALIGN
-.L031finish:
-	movl	76(%esp),	%ecx
-	addl	$32,		%esp
-	movl	%eax,		(%ecx)
-	movl	%ebx,		4(%ecx)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.align ALIGN
-.L032cbc_enc_jmp_table:
-	.long 0
-	.long .L040ej1
-	.long .L039ej2
-	.long .L038ej3
-	.long .L036ej4
-	.long .L035ej5
-	.long .L034ej6
-	.long .L033ej7
-.align ALIGN
-.L051cbc_dec_jmp_table:
-	.long 0
-	.long .L050dj1
-	.long .L049dj2
-	.long .L048dj3
-	.long .L046dj4
-	.long .L045dj5
-	.long .L044dj6
-	.long .L043dj7
-.des_ede3_cbc_encrypt_end:
-	SIZE(des_ede3_cbc_encrypt,.des_ede3_cbc_encrypt_end-des_ede3_cbc_encrypt)
-.ident	"desasm.pl"
diff --git a/crypto/des/asm/f.cpp b/crypto/des/asm/f.cpp
deleted file mode 100644
index 4fa46f2a54..0000000000
--- a/crypto/des/asm/f.cpp
+++ /dev/null
@@ -1,6 +0,0 @@
-#define abc	def
-#define dbc:	ghi:
-
-
-abc
-dbc:
diff --git a/crypto/des/asm/readme b/crypto/des/asm/readme
index f8529d9307..1beafe253b 100644
--- a/crypto/des/asm/readme
+++ b/crypto/des/asm/readme
@@ -8,7 +8,7 @@ assembler for the inner DES routines in libdes :-).
 
 The file to implement in assembler is des_enc.c.  Replace the following
 4 functions
-des_encrypt(DES_LONG data[2],des_key_schedule ks, int encrypt);
+des_encrypt1(DES_LONG data[2],des_key_schedule ks, int encrypt);
 des_encrypt2(DES_LONG data[2],des_key_schedule ks, int encrypt);
 des_encrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
 des_decrypt3(DES_LONG data[2],des_key_schedule ks1,ks2,ks3);
diff --git a/crypto/des/asm/y-win32.asm b/crypto/des/asm/y-win32.asm
deleted file mode 100644
index af5c102422..0000000000
--- a/crypto/des/asm/y-win32.asm
+++ /dev/null
@@ -1,929 +0,0 @@
-	; Don't even think of reading this code
-	; It was automatically generated by crypt586.pl
-	; Which is a perl program used to generate the x86 assember for
-	; any of elf, a.out, BSDI,Win32, or Solaris
-	; eric <eay@cryptsoft.com>
-	; 
-	TITLE	crypt586.asm
-        .386
-.model FLAT
-_TEXT	SEGMENT
-PUBLIC	_fcrypt_body
-EXTRN   _des_SPtrans:DWORD
-_fcrypt_body PROC NEAR
-	push	ebp
-	push	ebx
-	push	esi
-	push	edi
-	; 
-	; Load the 2 words
-	xor	edi,		edi
-	xor	esi,		esi
-	mov	ebp,		DWORD PTR 24[esp]
-	push	25
-L000start:
-	; 
-	; Round 0
-	mov	eax,		DWORD PTR 32[esp]
-	mov	edx,		esi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 36[esp]
-	xor	edx,		esi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR [ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 4[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 1
-	mov	eax,		DWORD PTR 32[esp]
-	mov	edx,		edi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 36[esp]
-	xor	edx,		edi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 8[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 12[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 2
-	mov	eax,		DWORD PTR 32[esp]
-	mov	edx,		esi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 36[esp]
-	xor	edx,		esi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 16[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 20[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 3
-	mov	eax,		DWORD PTR 32[esp]
-	mov	edx,		edi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 36[esp]
-	xor	edx,		edi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 24[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 28[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 4
-	mov	eax,		DWORD PTR 32[esp]
-	mov	edx,		esi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 36[esp]
-	xor	edx,		esi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 32[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 36[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 5
-	mov	eax,		DWORD PTR 32[esp]
-	mov	edx,		edi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 36[esp]
-	xor	edx,		edi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 40[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 44[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 6
-	mov	eax,		DWORD PTR 32[esp]
-	mov	edx,		esi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 36[esp]
-	xor	edx,		esi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 48[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 52[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 7
-	mov	eax,		DWORD PTR 32[esp]
-	mov	edx,		edi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 36[esp]
-	xor	edx,		edi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 56[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 60[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 8
-	mov	eax,		DWORD PTR 32[esp]
-	mov	edx,		esi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 36[esp]
-	xor	edx,		esi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 64[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 68[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 9
-	mov	eax,		DWORD PTR 32[esp]
-	mov	edx,		edi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 36[esp]
-	xor	edx,		edi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 72[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 76[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 10
-	mov	eax,		DWORD PTR 32[esp]
-	mov	edx,		esi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 36[esp]
-	xor	edx,		esi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 80[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 84[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 11
-	mov	eax,		DWORD PTR 32[esp]
-	mov	edx,		edi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 36[esp]
-	xor	edx,		edi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 88[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 92[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 12
-	mov	eax,		DWORD PTR 32[esp]
-	mov	edx,		esi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 36[esp]
-	xor	edx,		esi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 96[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 100[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 13
-	mov	eax,		DWORD PTR 32[esp]
-	mov	edx,		edi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 36[esp]
-	xor	edx,		edi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 104[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 108[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	; 
-	; Round 14
-	mov	eax,		DWORD PTR 32[esp]
-	mov	edx,		esi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 36[esp]
-	xor	edx,		esi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 112[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 116[ebp]
-	xor	eax,		esi
-	xor	edx,		esi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	edi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	edi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	edi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	edi,		ebx
-	; 
-	; Round 15
-	mov	eax,		DWORD PTR 32[esp]
-	mov	edx,		edi
-	shr	edx,		16
-	mov	ecx,		DWORD PTR 36[esp]
-	xor	edx,		edi
-	and	eax,		edx
-	and	edx,		ecx
-	mov	ebx,		eax
-	shl	ebx,		16
-	mov	ecx,		edx
-	shl	ecx,		16
-	xor	eax,		ebx
-	xor	edx,		ecx
-	mov	ebx,		DWORD PTR 120[ebp]
-	xor	eax,		ebx
-	mov	ecx,		DWORD PTR 124[ebp]
-	xor	eax,		edi
-	xor	edx,		edi
-	xor	edx,		ecx
-	and	eax,		0fcfcfcfch
-	xor	ebx,		ebx
-	and	edx,		0cfcfcfcfh
-	xor	ecx,		ecx
-	mov	bl,		al
-	mov	cl,		ah
-	ror	edx,		4
-	mov	ebp,		DWORD PTR _des_SPtrans[ebx]
-	mov	bl,		dl
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR _des_SPtrans[0200h+ecx]
-	xor	esi,		ebp
-	mov	cl,		dh
-	shr	eax,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0100h+ebx]
-	xor	esi,		ebp
-	mov	bl,		ah
-	shr	edx,		16
-	mov	ebp,		DWORD PTR _des_SPtrans[0300h+ecx]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	mov	cl,		dh
-	and	eax,		0ffh
-	and	edx,		0ffh
-	mov	ebx,		DWORD PTR _des_SPtrans[0600h+ebx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0700h+ecx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0400h+eax]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR _des_SPtrans[0500h+edx]
-	xor	esi,		ebx
-	mov	ebx,		DWORD PTR [esp]
-	mov	eax,		edi
-	dec	ebx
-	mov	edi,		esi
-	mov	esi,		eax
-	mov	DWORD PTR [esp],ebx
-	jnz	L000start
-	; 
-	; FP
-	mov	edx,		DWORD PTR 24[esp]
-	ror	edi,		1
-	mov	eax,		esi
-	xor	esi,		edi
-	and	esi,		0aaaaaaaah
-	xor	eax,		esi
-	xor	edi,		esi
-	; 
-	rol	eax,		23
-	mov	esi,		eax
-	xor	eax,		edi
-	and	eax,		003fc03fch
-	xor	esi,		eax
-	xor	edi,		eax
-	; 
-	rol	esi,		10
-	mov	eax,		esi
-	xor	esi,		edi
-	and	esi,		033333333h
-	xor	eax,		esi
-	xor	edi,		esi
-	; 
-	rol	edi,		18
-	mov	esi,		edi
-	xor	edi,		eax
-	and	edi,		0fff0000fh
-	xor	esi,		edi
-	xor	eax,		edi
-	; 
-	rol	esi,		12
-	mov	edi,		esi
-	xor	esi,		eax
-	and	esi,		0f0f0f0f0h
-	xor	edi,		esi
-	xor	eax,		esi
-	; 
-	ror	eax,		4
-	mov	DWORD PTR [edx],eax
-	mov	DWORD PTR 4[edx],edi
-	pop	ecx
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-_fcrypt_body ENDP
-_TEXT	ENDS
-END
diff --git a/crypto/des/asm/yx86unix.cpp b/crypto/des/asm/yx86unix.cpp
deleted file mode 100644
index 8719e38607..0000000000
--- a/crypto/des/asm/yx86unix.cpp
+++ /dev/null
@@ -1,976 +0,0 @@
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-
-#if defined(OUT) || defined(BSDI)
-#define des_SPtrans _des_SPtrans
-#define fcrypt_body _fcrypt_body
-
-#endif
-
-#ifdef OUT
-#define OK	1
-#define ALIGN	4
-#endif
-
-#ifdef BSDI
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-/* Let the Assembler begin :-) */
-	/* Don't even think of reading this code */
-	/* It was automatically generated by crypt586.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, BSDI,Win32, or Solaris */
-	/* eric <eay@cryptsoft.com> */
-
-	.file	"crypt586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl fcrypt_body
-	TYPE(fcrypt_body,@function)
-fcrypt_body:
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-
-
-	/* Load the 2 words */
-	xorl	%edi,		%edi
-	xorl	%esi,		%esi
-	movl	24(%esp),	%ebp
-	pushl	$25
-.L000start:
-
-	/* Round 0 */
-	movl	32(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	(%ebp),		%ebx
-	xorl	%ebx,		%eax
-	movl	4(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 1 */
-	movl	32(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	8(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	12(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 2 */
-	movl	32(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	16(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	20(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 3 */
-	movl	32(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	24(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	28(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 4 */
-	movl	32(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	32(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	36(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 5 */
-	movl	32(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	40(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	44(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 6 */
-	movl	32(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	48(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	52(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 7 */
-	movl	32(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	56(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	60(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 8 */
-	movl	32(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	64(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	68(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 9 */
-	movl	32(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	72(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	76(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 10 */
-	movl	32(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	80(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	84(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 11 */
-	movl	32(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	88(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	92(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 12 */
-	movl	32(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	96(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	100(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 13 */
-	movl	32(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	104(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	108(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-
-	/* Round 14 */
-	movl	32(%esp),	%eax
-	movl	%esi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%esi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	112(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	116(%ebp),	%ecx
-	xorl	%esi,		%eax
-	xorl	%esi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%edi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%edi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%edi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%edi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%edi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%edi
-
-	/* Round 15 */
-	movl	32(%esp),	%eax
-	movl	%edi,		%edx
-	shrl	$16,		%edx
-	movl	36(%esp),	%ecx
-	xorl	%edi,		%edx
-	andl	%edx,		%eax
-	andl	%ecx,		%edx
-	movl	%eax,		%ebx
-	sall	$16,		%ebx
-	movl	%edx,		%ecx
-	sall	$16,		%ecx
-	xorl	%ebx,		%eax
-	xorl	%ecx,		%edx
-	movl	120(%ebp),	%ebx
-	xorl	%ebx,		%eax
-	movl	124(%ebp),	%ecx
-	xorl	%edi,		%eax
-	xorl	%edi,		%edx
-	xorl	%ecx,		%edx
-	andl	$0xfcfcfcfc,	%eax
-	xorl	%ebx,		%ebx
-	andl	$0xcfcfcfcf,	%edx
-	xorl	%ecx,		%ecx
-	movb	%al,		%bl
-	movb	%ah,		%cl
-	rorl	$4,		%edx
-	movl	      des_SPtrans(%ebx),%ebp
-	movb	%dl,		%bl
-	xorl	%ebp,		%esi
-	movl	0x200+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movb	%dh,		%cl
-	shrl	$16,		%eax
-	movl	0x100+des_SPtrans(%ebx),%ebp
-	xorl	%ebp,		%esi
-	movb	%ah,		%bl
-	shrl	$16,		%edx
-	movl	0x300+des_SPtrans(%ecx),%ebp
-	xorl	%ebp,		%esi
-	movl	28(%esp),	%ebp
-	movb	%dh,		%cl
-	andl	$0xff,		%eax
-	andl	$0xff,		%edx
-	movl	0x600+des_SPtrans(%ebx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x700+des_SPtrans(%ecx),%ebx
-	xorl	%ebx,		%esi
-	movl	0x400+des_SPtrans(%eax),%ebx
-	xorl	%ebx,		%esi
-	movl	0x500+des_SPtrans(%edx),%ebx
-	xorl	%ebx,		%esi
-	movl	(%esp),		%ebx
-	movl	%edi,		%eax
-	decl	%ebx
-	movl	%esi,		%edi
-	movl	%eax,		%esi
-	movl	%ebx,		(%esp)
-	jnz	.L000start
-
-	/* FP */
-	movl	24(%esp),	%edx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	movl	%esi,		%eax
-	xorl	%edi,		%esi
-	andl	$0xaaaaaaaa,	%esi
-	xorl	%esi,		%eax
-	xorl	%esi,		%edi
-
-	roll	$23,		%eax
-	movl	%eax,		%esi
-	xorl	%edi,		%eax
-	andl	$0x03fc03fc,	%eax
-	xorl	%eax,		%esi
-	xorl	%eax,		%edi
-
-	roll	$10,		%esi
-	movl	%esi,		%eax
-	xorl	%edi,		%esi
-	andl	$0x33333333,	%esi
-	xorl	%esi,		%eax
-	xorl	%esi,		%edi
-
-	roll	$18,		%edi
-	movl	%edi,		%esi
-	xorl	%eax,		%edi
-	andl	$0xfff0000f,	%edi
-	xorl	%edi,		%esi
-	xorl	%edi,		%eax
-
-	roll	$12,		%esi
-	movl	%esi,		%edi
-	xorl	%eax,		%esi
-	andl	$0xf0f0f0f0,	%esi
-	xorl	%esi,		%edi
-	xorl	%esi,		%eax
-
-	rorl	$4,		%eax
-	movl	%eax,		(%edx)
-	movl	%edi,		4(%edx)
-	popl	%ecx
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.fcrypt_body_end:
-	SIZE(fcrypt_body,.fcrypt_body_end-fcrypt_body)
-.ident	"fcrypt_body"
diff --git a/crypto/des/cbc3_enc.c b/crypto/des/cbc3_enc.c
index 92a78b05d6..b5db4e14f7 100644
--- a/crypto/des/cbc3_enc.c
+++ b/crypto/des/cbc3_enc.c
@@ -58,42 +58,42 @@
 
 #include "des_locl.h"
 
-/* HAS BUGS? DON'T USE - this is only present for use in des.c */
-void des_3cbc_encrypt(input, output, length, ks1, ks2, iv1, iv2, enc)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule ks1;
-des_key_schedule ks2;
-des_cblock (*iv1);
-des_cblock (*iv2);
-int enc;
+/* HAS BUGS! DON'T USE - this is only present for use in des.c */
+void DES_3cbc_encrypt(DES_cblock *input, DES_cblock *output, long length,
+	     DES_key_schedule ks1, DES_key_schedule ks2, DES_cblock *iv1,
+	     DES_cblock *iv2, int enc)
 	{
 	int off=((int)length-1)/8;
 	long l8=((length+7)/8)*8;
-	des_cblock niv1,niv2;
+	DES_cblock niv1,niv2;
 
 	if (enc == DES_ENCRYPT)
 		{
-		des_cbc_encrypt(input,output,length,ks1,iv1,enc);
-		if (length >= sizeof(des_cblock))
-			memcpy(niv1,output[off],sizeof(des_cblock));
-		des_cbc_encrypt(output,output,l8,ks2,iv1,!enc);
-		des_cbc_encrypt(output,output,l8,ks1,iv2, enc);
-		if (length >= sizeof(des_cblock))
-			memcpy(niv2,output[off],sizeof(des_cblock));
+		DES_cbc_encrypt((unsigned char*)input,
+				(unsigned char*)output,length,&ks1,iv1,enc);
+		if (length >= sizeof(DES_cblock))
+			memcpy(niv1,output[off],sizeof(DES_cblock));
+		DES_cbc_encrypt((unsigned char*)output,
+				(unsigned char*)output,l8,&ks2,iv1,!enc);
+		DES_cbc_encrypt((unsigned char*)output,
+				(unsigned char*)output,l8,&ks1,iv2,enc);
+		if (length >= sizeof(DES_cblock))
+			memcpy(niv2,output[off],sizeof(DES_cblock));
 		}
 	else
 		{
-		if (length >= sizeof(des_cblock))
-			memcpy(niv2,input[off],sizeof(des_cblock));
-		des_cbc_encrypt(input,output,l8,ks1,iv2,enc);
-		des_cbc_encrypt(output,output,l8,ks2,iv1,!enc);
-		if (length >= sizeof(des_cblock))
-			memcpy(niv1,output[off],sizeof(des_cblock));
-		des_cbc_encrypt(output,output,length,ks1,iv1, enc);
+		if (length >= sizeof(DES_cblock))
+			memcpy(niv2,input[off],sizeof(DES_cblock));
+		DES_cbc_encrypt((unsigned char*)input,
+				(unsigned char*)output,l8,&ks1,iv2,enc);
+		DES_cbc_encrypt((unsigned char*)output,
+				(unsigned char*)output,l8,&ks2,iv1,!enc);
+		if (length >= sizeof(DES_cblock))
+			memcpy(niv1,output[off],sizeof(DES_cblock));
+		DES_cbc_encrypt((unsigned char*)output,
+				(unsigned char*)output,length,&ks1,iv1,enc);
 		}
-	memcpy(*iv1,niv1,sizeof(des_cblock));
-	memcpy(*iv2,niv2,sizeof(des_cblock));
+	memcpy(*iv1,niv1,sizeof(DES_cblock));
+	memcpy(*iv2,niv2,sizeof(DES_cblock));
 	}
 
diff --git a/crypto/des/cbc_cksm.c b/crypto/des/cbc_cksm.c
index edfdec8a0f..6c5305b99d 100644
--- a/crypto/des/cbc_cksm.c
+++ b/crypto/des/cbc_cksm.c
@@ -58,21 +58,15 @@
 
 #include "des_locl.h"
 
-DES_LONG des_cbc_cksum(input, output, length, schedule, ivec)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
+DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output,
+		       long length, DES_key_schedule *schedule,
+		       const_DES_cblock *ivec)
 	{
 	register DES_LONG tout0,tout1,tin0,tin1;
 	register long l=length;
 	DES_LONG tin[2];
-	unsigned char *in,*out,*iv;
-
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	iv=(unsigned char *)ivec;
+	unsigned char *out = &(*output)[0];
+	const unsigned char *iv = &(*ivec)[0];
 
 	c2l(iv,tout0);
 	c2l(iv,tout1);
@@ -88,7 +82,7 @@ des_cblock (*ivec);
 			
 		tin0^=tout0; tin[0]=tin0;
 		tin1^=tout1; tin[1]=tin1;
-		des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+		DES_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
 		/* fix 15/10/91 eay - thanks to keithr@sco.COM */
 		tout0=tin[0];
 		tout1=tin[1];
diff --git a/crypto/des/cbc_enc.c b/crypto/des/cbc_enc.c
index a84a53633c..677903ae4e 100644
--- a/crypto/des/cbc_enc.c
+++ b/crypto/des/cbc_enc.c
@@ -56,80 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-#include "des_locl.h"
-
-void des_cbc_encrypt(input, output, length, schedule, ivec, enc)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-int enc;
-	{
-	register DES_LONG tin0,tin1;
-	register DES_LONG tout0,tout1,xor0,xor1;
-	register unsigned char *in,*out;
-	register long l=length;
-	DES_LONG tin[2];
-	unsigned char *iv;
-
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	iv=(unsigned char *)ivec;
-
-	if (enc)
-		{
-		c2l(iv,tout0);
-		c2l(iv,tout1);
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-			tin0^=tout0; tin[0]=tin0;
-			tin1^=tout1; tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
-			tout0=tin[0]; l2c(tout0,out);
-			tout1=tin[1]; l2c(tout1,out);
-			}
-		if (l != -8)
-			{
-			c2ln(in,tin0,tin1,l+8);
-			tin0^=tout0; tin[0]=tin0;
-			tin1^=tout1; tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
-			tout0=tin[0]; l2c(tout0,out);
-			tout1=tin[1]; l2c(tout1,out);
-			}
-		}
-	else
-		{
-		c2l(iv,xor0);
-		c2l(iv,xor1);
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0); tin[0]=tin0;
-			c2l(in,tin1); tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2c(tout0,out);
-			l2c(tout1,out);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		if (l != -8)
-			{
-			c2l(in,tin0); tin[0]=tin0;
-			c2l(in,tin1); tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2cn(tout0,tout1,out,l+8);
-		/*	xor0=tin0;
-			xor1=tin1; */
-			}
-		}
-	tin0=tin1=tout0=tout1=xor0=xor1=0;
-	tin[0]=tin[1]=0;
-	}
+#define CBC_ENC_C__DONT_UPDATE_IV
 
+#include "ncbc_enc.c" /* des_cbc_encrypt */
diff --git a/crypto/des/cfb64ede.c b/crypto/des/cfb64ede.c
index 80b8a9eaaa..60c1aa08db 100644
--- a/crypto/des/cfb64ede.c
+++ b/crypto/des/cfb64ede.c
@@ -63,14 +63,10 @@
  * 64bit block we have used is contained in *num;
  */
 
-void des_ede3_cfb64_encrypt(in, out, length, ks1,ks2,ks3, ivec, num, enc)
-unsigned char *in;
-unsigned char *out;
-long length;
-des_key_schedule ks1,ks2,ks3;
-des_cblock (*ivec);
-int *num;
-int enc;
+void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+			    long length, DES_key_schedule *ks1,
+			    DES_key_schedule *ks2, DES_key_schedule *ks3,
+			    DES_cblock *ivec, int *num, int enc)
 	{
 	register DES_LONG v0,v1;
 	register long l=length;
@@ -78,7 +74,7 @@ int enc;
 	DES_LONG ti[2];
 	unsigned char *iv,c,cc;
 
-	iv=(unsigned char *)ivec;
+	iv=&(*ivec)[0];
 	if (enc)
 		{
 		while (l--)
@@ -90,14 +86,14 @@ int enc;
 
 				ti[0]=v0;
 				ti[1]=v1;
-				des_encrypt3((DES_LONG *)ti,ks1,ks2,ks3);
+				DES_encrypt3(ti,ks1,ks2,ks3);
 				v0=ti[0];
 				v1=ti[1];
 
-				iv=(unsigned char *)ivec;
+				iv = &(*ivec)[0];
 				l2c(v0,iv);
 				l2c(v1,iv);
-				iv=(unsigned char *)ivec;
+				iv = &(*ivec)[0];
 				}
 			c= *(in++)^iv[n];
 			*(out++)=c;
@@ -116,14 +112,14 @@ int enc;
 
 				ti[0]=v0;
 				ti[1]=v1;
-				des_encrypt3((DES_LONG *)ti,ks1,ks2,ks3);
+				DES_encrypt3(ti,ks1,ks2,ks3);
 				v0=ti[0];
 				v1=ti[1];
 
-				iv=(unsigned char *)ivec;
+				iv = &(*ivec)[0];
 				l2c(v0,iv);
 				l2c(v1,iv);
-				iv=(unsigned char *)ivec;
+				iv = &(*ivec)[0];
 				}
 			cc= *(in++);
 			c=iv[n];
@@ -137,15 +133,10 @@ int enc;
 	}
 
 #ifdef undef /* MACRO */
-void des_ede2_cfb64_encrypt(in, out, length, ks1,ks2, ivec, num, enc)
-unsigned char *in;
-unsigned char *out;
-long length;
-des_key_schedule ks1,ks2;
-des_cblock (*ivec);
-int *num;
-int enc;
+void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	     DES_key_schedule ks1, DES_key_schedule ks2, DES_cblock (*ivec),
+	     int *num, int enc)
 	{
-	des_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc);
+	DES_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc);
 	}
 #endif
diff --git a/crypto/des/cfb64enc.c b/crypto/des/cfb64enc.c
index 403da479df..5ec8683e40 100644
--- a/crypto/des/cfb64enc.c
+++ b/crypto/des/cfb64enc.c
@@ -63,14 +63,9 @@
  * 64bit block we have used is contained in *num;
  */
 
-void des_cfb64_encrypt(in, out, length, schedule, ivec, num, enc)
-unsigned char *in;
-unsigned char *out;
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-int *num;
-int enc;
+void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+		       long length, DES_key_schedule *schedule,
+		       DES_cblock *ivec, int *num, int enc)
 	{
 	register DES_LONG v0,v1;
 	register long l=length;
@@ -78,7 +73,7 @@ int enc;
 	DES_LONG ti[2];
 	unsigned char *iv,c,cc;
 
-	iv=(unsigned char *)ivec;
+	iv = &(*ivec)[0];
 	if (enc)
 		{
 		while (l--)
@@ -87,12 +82,11 @@ int enc;
 				{
 				c2l(iv,v0); ti[0]=v0;
 				c2l(iv,v1); ti[1]=v1;
-				des_encrypt((DES_LONG *)ti,
-					schedule,DES_ENCRYPT);
-				iv=(unsigned char *)ivec;
+				DES_encrypt1(ti,schedule,DES_ENCRYPT);
+				iv = &(*ivec)[0];
 				v0=ti[0]; l2c(v0,iv);
 				v0=ti[1]; l2c(v0,iv);
-				iv=(unsigned char *)ivec;
+				iv = &(*ivec)[0];
 				}
 			c= *(in++)^iv[n];
 			*(out++)=c;
@@ -108,12 +102,11 @@ int enc;
 				{
 				c2l(iv,v0); ti[0]=v0;
 				c2l(iv,v1); ti[1]=v1;
-				des_encrypt((DES_LONG *)ti,
-					schedule,DES_ENCRYPT);
-				iv=(unsigned char *)ivec;
+				DES_encrypt1(ti,schedule,DES_ENCRYPT);
+				iv = &(*ivec)[0];
 				v0=ti[0]; l2c(v0,iv);
 				v0=ti[1]; l2c(v0,iv);
-				iv=(unsigned char *)ivec;
+				iv = &(*ivec)[0];
 				}
 			cc= *(in++);
 			c=iv[n];
diff --git a/crypto/des/cfb_enc.c b/crypto/des/cfb_enc.c
index 342e785691..17bf77ca9e 100644
--- a/crypto/des/cfb_enc.c
+++ b/crypto/des/cfb_enc.c
@@ -64,14 +64,8 @@
  * the second.  The second 12 bits will come from the 3rd and half the 4th
  * byte.
  */
-void des_cfb_encrypt(in, out, numbits, length, schedule, ivec, enc)
-unsigned char *in;
-unsigned char *out;
-int numbits;
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-int enc;
+void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+		     long length, DES_key_schedule *schedule, DES_cblock *ivec, int enc)
 	{
 	register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
 	register DES_LONG mask0,mask1;
@@ -96,7 +90,7 @@ int enc;
 		mask1=0x00000000L;
 		}
 
-	iv=(unsigned char *)ivec;
+	iv = &(*ivec)[0];
 	c2l(iv,v0);
 	c2l(iv,v1);
 	if (enc)
@@ -106,7 +100,7 @@ int enc;
 			l-=n;
 			ti[0]=v0;
 			ti[1]=v1;
-			des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+			DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
 			c2ln(in,d0,d1,n);
 			in+=n;
 			d0=(d0^ti[0])&mask0;
@@ -138,7 +132,7 @@ int enc;
 			l-=n;
 			ti[0]=v0;
 			ti[1]=v1;
-			des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+			DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
 			c2ln(in,d0,d1,n);
 			in+=n;
 			/* 30-08-94 - eay - changed because l>>32 and
@@ -163,7 +157,7 @@ int enc;
 			out+=n;
 			}
 		}
-	iv=(unsigned char *)ivec;
+	iv = &(*ivec)[0];
 	l2c(v0,iv);
 	l2c(v1,iv);
 	v0=v1=d0=d1=ti[0]=ti[1]=0;
diff --git a/crypto/des/des b/crypto/des/des
deleted file mode 100644
index 7ec53b8060..0000000000
--- a/crypto/des/des
+++ /dev/null
@@ -1,305 +0,0 @@
-/* crypto/des/des.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@mincom.oz.au).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@mincom.oz.au).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@mincom.oz.au)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@mincom.oz.au)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
- *
- * Always modify des.org since des.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-#ifndef HEADER_DES_H
-#define HEADER_DES_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#include <stdio.h>
-
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned long
-#endif
-
-typedef unsigned char des_cblock[8];
-typedef struct des_ks_struct
-	{
-	union	{
-		des_cblock _;
-		/* make sure things are correct size on machines with
-		 * 8 byte longs */
-		DES_LONG pad[2];
-		} ks;
-#undef _
-#define _	ks._
-	} des_key_schedule[16];
-
-#define DES_KEY_SZ 	(sizeof(des_cblock))
-#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
-
-#define DES_ENCRYPT	1
-#define DES_DECRYPT	0
-
-#define DES_CBC_MODE	0
-#define DES_PCBC_MODE	1
-
-#define des_ecb2_encrypt(i,o,k1,k2,e) \
-	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
-	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
-	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
-	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-#define C_Block des_cblock
-#define Key_schedule des_key_schedule
-#ifdef KERBEROS
-#define ENCRYPT DES_ENCRYPT
-#define DECRYPT DES_DECRYPT
-#endif
-#define KEY_SZ DES_KEY_SZ
-#define string_to_key des_string_to_key
-#define read_pw_string des_read_pw_string
-#define random_key des_random_key
-#define pcbc_encrypt des_pcbc_encrypt
-#define set_key des_set_key
-#define key_sched des_key_sched
-#define ecb_encrypt des_ecb_encrypt
-#define cbc_encrypt des_cbc_encrypt
-#define ncbc_encrypt des_ncbc_encrypt
-#define xcbc_encrypt des_xcbc_encrypt
-#define cbc_cksum des_cbc_cksum
-#define quad_cksum des_quad_cksum
-
-/* For compatibility with the MIT lib - eay 20/05/92 */
-typedef des_key_schedule bit_64;
-#define des_fixup_key_parity des_set_odd_parity
-#define des_check_key_parity check_parity
-
-extern int des_check_key;	/* defaults to false */
-extern int des_rw_mode;		/* defaults to DES_PCBC_MODE */
-
-/* The next line is used to disable full ANSI prototypes, if your
- * compiler has problems with the prototypes, make sure this line always
- * evaluates to true :-) */
-#if defined(MSDOS) || defined(__STDC__)
-#undef NOPROTO
-#endif
-#ifndef NOPROTO
-char *des_options(void);
-void des_ecb3_encrypt(des_cblock *input,des_cblock *output,
-	des_key_schedule ks1,des_key_schedule ks2,
-	des_key_schedule ks3, int enc);
-DES_LONG des_cbc_cksum(des_cblock *input,des_cblock *output,
-	long length,des_key_schedule schedule,des_cblock *ivec);
-void des_cbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,int enc);
-void des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,int enc);
-void des_xcbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,
-	des_cblock *inw,des_cblock *outw,int enc);
-void des_3cbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule sk1,des_key_schedule sk2,
-	des_cblock *ivec1,des_cblock *ivec2,int enc);
-void des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
-	long length,des_key_schedule schedule,des_cblock *ivec,int enc);
-void des_ecb_encrypt(des_cblock *input,des_cblock *output,
-	des_key_schedule ks,int enc);
-void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc);
-void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
-void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
-	des_key_schedule ks2, des_key_schedule ks3);
-void des_decrypt3(DES_LONG *data, des_key_schedule ks1,
-	des_key_schedule ks2, des_key_schedule ks3);
-void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, 
-	long length, des_key_schedule ks1, des_key_schedule ks2, 
-	des_key_schedule ks3, des_cblock *ivec, int enc);
-void des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, des_key_schedule ks1, des_key_schedule ks2,
-	des_key_schedule ks3, des_cblock *ivec, int *num, int enc);
-void des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, des_key_schedule ks1, des_key_schedule ks2,
-	des_key_schedule ks3, des_cblock *ivec, int *num);
-
-void des_xwhite_in2out(des_cblock (*des_key), des_cblock (*in_white),
-	des_cblock (*out_white));
-
-int des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
-	des_cblock *iv);
-int des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
-	des_cblock *iv);
-char *des_fcrypt(const char *buf,const char *salt, char *ret);
-#ifdef PERL5
-char *des_crypt(const char *buf,const char *salt);
-#else
-/* some stupid compilers complain because I have declared char instead
- * of const char */
-#ifdef HEADER_DES_LOCL_H
-char *crypt(const char *buf,const char *salt);
-#else
-char *crypt();
-#endif
-#endif
-void des_ofb_encrypt(unsigned char *in,unsigned char *out,
-	int numbits,long length,des_key_schedule schedule,des_cblock *ivec);
-void des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,int enc);
-DES_LONG des_quad_cksum(des_cblock *input,des_cblock *output,
-	long length,int out_count,des_cblock *seed);
-void des_random_seed(des_cblock key);
-void des_random_key(des_cblock ret);
-int des_read_password(des_cblock *key,char *prompt,int verify);
-int des_read_2passwords(des_cblock *key1,des_cblock *key2,
-	char *prompt,int verify);
-int des_read_pw_string(char *buf,int length,char *prompt,int verify);
-void des_set_odd_parity(des_cblock *key);
-int des_is_weak_key(des_cblock *key);
-int des_set_key(des_cblock *key,des_key_schedule schedule);
-int des_key_sched(des_cblock *key,des_key_schedule schedule);
-void des_string_to_key(char *str,des_cblock *key);
-void des_string_to_2keys(char *str,des_cblock *key1,des_cblock *key2);
-void des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	des_key_schedule schedule, des_cblock *ivec, int *num, int enc);
-void des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	des_key_schedule schedule, des_cblock *ivec, int *num);
-int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify);
-
-/* Extra functions from Mark Murray <mark@grondar.za> */
-void des_cblock_print_file(des_cblock *cb, FILE *fp);
-/* The following functions are not in the normal unix build or the
- * SSLeay build.  When using the SSLeay build, use RAND_seed()
- * and RAND_bytes() instead. */
-int des_new_random_key(des_cblock *key);
-void des_init_random_number_generator(des_cblock *key);
-void des_set_random_generator_seed(des_cblock *key);
-void des_set_sequence_number(des_cblock new_sequence_number);
-void des_generate_random_block(des_cblock *block);
-
-#else
-
-char *des_options();
-void des_ecb3_encrypt();
-DES_LONG des_cbc_cksum();
-void des_cbc_encrypt();
-void des_ncbc_encrypt();
-void des_xcbc_encrypt();
-void des_3cbc_encrypt();
-void des_cfb_encrypt();
-void des_ede3_cfb64_encrypt();
-void des_ede3_ofb64_encrypt();
-void des_ecb_encrypt();
-void des_encrypt();
-void des_encrypt2();
-void des_encrypt3();
-void des_decrypt3();
-void des_ede3_cbc_encrypt();
-int des_enc_read();
-int des_enc_write();
-char *des_fcrypt();
-#ifdef PERL5
-char *des_crypt();
-#else
-char *crypt();
-#endif
-void des_ofb_encrypt();
-void des_pcbc_encrypt();
-DES_LONG des_quad_cksum();
-void des_random_seed();
-void des_random_key();
-int des_read_password();
-int des_read_2passwords();
-int des_read_pw_string();
-void des_set_odd_parity();
-int des_is_weak_key();
-int des_set_key();
-int des_key_sched();
-void des_string_to_key();
-void des_string_to_2keys();
-void des_cfb64_encrypt();
-void des_ofb64_encrypt();
-int des_read_pw();
-void des_xwhite_in2out();
-
-/* Extra functions from Mark Murray <mark@grondar.za> */
-void des_cblock_print_file();
-/* The following functions are not in the normal unix build or the
- * SSLeay build.  When using the SSLeay build, use RAND_seed()
- * and RAND_bytes() instead. */
-#ifdef FreeBSD
-int des_new_random_key();
-void des_init_random_number_generator();
-void des_set_random_generator_seed();
-void des_set_sequence_number();
-void des_generate_random_block();
-#endif
-
-#endif
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/des/des-lib.com b/crypto/des/des-lib.com
new file mode 100644
index 0000000000..fc2c35a1ce
--- /dev/null
+++ b/crypto/des/des-lib.com
@@ -0,0 +1,1003 @@
+$!
+$!  DES-LIB.COM
+$!  Written By:  Robert Byer
+$!               Vice-President
+$!               A-Com Computing, Inc.
+$!               byer@mail.all-net.net
+$!
+$!  Changes by Richard Levitte <richard@levitte.org>
+$!
+$!  This command files compiles and creates the 
+$!  "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" library.  The "xxx" denotes the machine 
+$!  architecture of AXP or VAX.
+$!
+$!  It was re-written to try to determine which "C" compiler to try to use
+$!  or the user can specify a compiler in P3.
+$!
+$!  Specify one of the following to build just that part, specify "ALL" to
+$!  just build everything.
+$!
+$!         ALL       To Just Build "Everything".
+$!         LIBRARY   To Just Build The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library.
+$!         DESTEST   To Just Build The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program.
+$!         SPEED     To Just Build The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program.
+$!         RPW       To Just Build The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program.
+$!         DES       To Just Build The [.xxx.EXE.CRYPTO.DES]DES.EXE Program.
+$!         DES_OPTS  To Just Build The [.xxx.EXE.CRYPTO.DES]DES_OPTS.EXE Program.
+$!
+$!  Specify either DEBUG or NODEBUG as P2 to compile with or without
+$!  debugging information.
+$!
+$!  Specify which compiler at P3 to try to compile under.
+$!
+$!	   VAXC	 For VAX C.
+$!	   DECC	 For DEC C.
+$!	   GNUC	 For GNU C.
+$!
+$!  If you don't speficy a compiler, it will try to determine which
+$!  "C" compiler to try to use.
+$!
+$!  P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$!
+$!
+$! Make sure we know what architecture we run on.
+$!
+$!
+$! Check Which Architecture We Are Using.
+$!
+$ IF (F$GETSYI("CPU").GE.128)
+$ THEN
+$!
+$!  The Architecture Is AXP.
+$!
+$   ARCH := AXP
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  The Architecture Is VAX.
+$!
+$   ARCH := VAX
+$!
+$! End The Architecture Check.
+$!
+$ ENDIF
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
+$! Tell The User What Kind of Machine We Run On.
+$!
+$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$!
+$! Define The OBJ Directory Name.
+$!
+$ OBJ_DIR := SYS$DISK:[--.'ARCH'.OBJ.CRYPTO.DES]
+$!
+$! Check To See If The Architecture Specific OBJ Directory Exists.
+$!
+$ IF (F$PARSE(OBJ_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIR 'OBJ_DIR'
+$!
+$! End The Architecture Specific OBJ Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The EXE Directory Name.
+$!
+$ EXE_DIR :== SYS$DISK:[--.'ARCH'.EXE.CRYPTO.DES]
+$!
+$! Check To See If The Architecture Specific Directory Exists.
+$!
+$ IF (F$PARSE(EXE_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIR 'EXE_DIR'
+$!
+$! End The Architecture Specific Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The Library Name.
+$!
+$ LIB_NAME := 'EXE_DIR'LIBDES.OLB
+$!
+$! Check To See What We Are To Do.
+$!
+$ IF (BUILDALL.EQS."TRUE")
+$ THEN
+$!
+$!  Since Nothing Special Was Specified, Do Everything.
+$!
+$   GOSUB LIBRARY
+$   GOSUB DESTEST
+$   GOSUB SPEED
+$   GOSUB RPW
+$   GOSUB DES
+$   GOSUB DES_OPTS
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!    Build Just What The User Wants Us To Build.
+$!
+$     GOSUB 'BUILDALL'
+$!
+$! End The BUILDALL Check.
+$!
+$ ENDIF
+$!
+$! Time To EXIT.
+$!
+$ EXIT
+$ LIBRARY:
+$!
+$! Tell The User That We Are Compiling.
+$!
+$ WRITE SYS$OUTPUT "Compiling The ",LIB_NAME," Files."
+$!
+$! Check To See If We Already Have A "[.xxx.EXE.CRYPTO.DES]LIBDES.OLB" Library...
+$!
+$ IF (F$SEARCH(LIB_NAME).EQS."")
+$ THEN
+$!
+$! Guess Not, Create The Library.
+$!
+$   LIBRARY/CREATE/OBJECT 'LIB_NAME'
+$!
+$! End The Library Exist Check.
+$!
+$ ENDIF
+$!
+$! Define The DES Library Files.
+$!
+$ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -
+		"ecb3_enc,cfb64enc,cfb64ede,cfb_enc,ofb64ede,"+ -
+		"enc_read,enc_writ,ofb64enc,"+ -
+		"ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ -
+		"des_enc,fcrypt_b,read2pwd,"+ -
+		"fcrypt,xcbc_enc,read_pwd,rpc_enc,cbc_cksm,supp"
+$!
+$!  Define A File Counter And Set It To "0".
+$!
+$ FILE_COUNTER = 0
+$!
+$! Top Of The File Loop.
+$!
+$ NEXT_FILE:
+$!
+$! O.K, Extract The File Name From The File List.
+$!
+$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_DES)
+$!
+$! Check To See If We Are At The End Of The File List.
+$!
+$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE
+$!
+$! Increment The Counter.
+$!
+$ FILE_COUNTER = FILE_COUNTER + 1
+$!
+$! Create The Source File Name.
+$!
+$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
+$!
+$!  Tell The User We Are Compiling The Source File.
+$!
+$ WRITE SYS$OUTPUT "	",FILE_NAME,".C"
+$!
+$! Create The Object File Name.
+$!
+$ OBJECT_FILE = OBJ_DIR + FILE_NAME + "." + ARCH + "OBJ"
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH(SOURCE_FILE).EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The File Exists Check.
+$!
+$ ENDIF
+$!
+$! Compile The File.
+$!
+$ ON ERROR THEN GOTO NEXT_FILE
+$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$!
+$! Add It To The Library.
+$!
+$ LIBRARY/REPLACE/OBJECT 'LIB_NAME' 'OBJECT_FILE'
+$!
+$! Time To Clean Up The Object File.
+$!
+$ DELETE 'OBJECT_FILE';*
+$!
+$! Go Back And Do It Again.
+$!
+$ GOTO NEXT_FILE
+$!
+$! All Done With This Library Part.
+$!
+$ FILE_DONE:
+$!
+$! Tell The User That We Are All Done.
+$!
+$ WRITE SYS$OUTPUT "Library ",LIB_NAME," Built."
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The DESTEST Program.
+$!
+$ DESTEST:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]DESTEST.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File DESTEST.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The DESTEST.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DESTEST.EXE"
+$!
+$! Compile The DESTEST Program.
+$!
+$ CC/OBJECT='OBJ_DIR'DESTEST.OBJ SYS$DISK:[]DESTEST.C
+$!
+$! Link The DESTEST Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DESTEST.EXE -
+      'OBJ_DIR'DESTEST.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The SPEED Program.
+$!
+$ SPEED:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]SPEED.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File SPEED.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The SPEED.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"SPEED.EXE"
+$!
+$! Compile The SPEED Program.
+$!
+$ CC/OBJECT='OBJ_DIR'SPEED.OBJ SYS$DISK:[]SPEED.C
+$!
+$! Link The SPEED Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'SPEED.EXE -
+      'OBJ_DIR'SPEED.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The RPW Program.
+$!
+$ RPW:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]RPW.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File RPW.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The RPW.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"RPW.EXE"
+$!
+$! Compile The RPW Program.
+$!
+$ CC/OBJECT='OBJ_DIR'RPW.OBJ SYS$DISK:[]RPW.C
+$!
+$! Link The RPW Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'RPW.EXE -
+      'OBJ_DIR'RPW.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The DES Program.
+$!
+$ DES:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]DES.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File DES.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The DES.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES.EXE"
+$!
+$! Compile The DES Program.
+$!
+$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]DES.C
+$ CC/OBJECT='OBJ_DIR'DES.OBJ SYS$DISK:[]CBC3_ENC.C
+$!
+$! Link The DES Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES.EXE -
+      'OBJ_DIR'DES.OBJ,'OBJ_DIR'CBC3_ENC.OBJ,-
+      'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$!
+$!  Compile The DES_OPTS Program.
+$!
+$ DES_OPTS:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]DES_OPTS.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File DES_OPTS.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The DES_OPTS.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building ",EXE_DIR,"DES_OPTS.EXE"
+$!
+$! Compile The DES_OPTS Program.
+$!
+$ CC/OBJECT='OBJ_DIR'DES_OPTS.OBJ SYS$DISK:[]DES_OPTS.C
+$!
+$! Link The DES_OPTS Program.
+$!
+$ LINK/'DEBUGGER'/'TRACEBACK'/CONTIGUOUS/EXE='EXE_DIR'DES_OPTS.EXE -
+      'OBJ_DIR'DES_OPTS.OBJ,'LIB_NAME'/LIBRARY,'OPT_FILE'/OPTION
+$!
+$! All Done, Time To Return.
+$!
+$ RETURN
+$ EXIT
+$!
+$! Check For The Link Option FIle.
+$!
+$ CHECK_OPT_FILE:
+$!
+$! Check To See If We Need To Make A VAX C Option File.
+$!
+$ IF (COMPILER.EQS."VAXC")
+$ THEN
+$!
+$!  Check To See If We Already Have A VAX C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A VAX C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable VAX C Runtime Library.
+!
+SYS$SHARE:VAXCRTL.EXE/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The VAXC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A GNU C Option File.
+$!
+$ IF (COMPILER.EQS."GNUC")
+$ THEN
+$!
+$!  Check To See If We Already Have A GNU C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A GNU C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable C Runtime Library.
+!
+GNU_CC:[000000]GCCLIB/LIBRARY
+SYS$SHARE:VAXCRTL/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A DEC C Option File.
+$!
+$ IF (COMPILER.EQS."DECC")
+$ THEN
+$!
+$!  Check To See If We Already Have A DEC C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!
+$     IF (F$GETSYI("CPU").LT.128)
+$     THEN
+$!
+$!      We Need A DEC C Linker Option File For VAX.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable DEC C Runtime Library.
+!
+SYS$SHARE:DECC$SHR.EXE/SHARE
+$EOD
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Create The AXP Linker Option File.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File For AXP To Link Agianst 
+! The Sharable C Runtime Library.
+!
+SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
+SYS$SHARE:CMA$OPEN_RTL/SHARE
+$EOD
+$!
+$!    End The VAX/AXP DEC C Option File Check.
+$!
+$     ENDIF
+$!
+$!  End The Option File Search.
+$!
+$   ENDIF
+$!
+$! End The DEC C Check.
+$!
+$ ENDIF
+$!
+$!  Tell The User What Linker Option File We Are Using.
+$!
+$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."	
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$!
+$! Library Check.
+$!
+$ LIB_CHECK:
+$!
+$!  Look For The Library LIBDES.OLB.
+$!
+$ IF (F$SEARCH(LIB_NAME).EQS."")
+$ THEN
+$!
+$!    Tell The User We Can't Find The [.xxx.CRYPTO.DES]LIBDES.OLB Library.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "Can't Find The Library ",LIB_NAME,"."
+$   WRITE SYS$OUTPUT "We Can't Link Without It."
+$   WRITE SYS$OUTPUT ""
+$!
+$!    Since We Can't Link Without It, Exit.
+$!
+$   EXIT
+$ ENDIF
+$!
+$! Time To Return.
+$!
+$ RETURN
+$!
+$! Check The User's Options.
+$!
+$ CHECK_OPTIONS:
+$!
+$! Check To See If We Are To "Just Build Everything".
+$!
+$ IF (P1.EQS."ALL")
+$ THEN
+$!
+$!   P1 Is "ALL", So Build Everything.
+$!
+$    BUILDALL = "TRUE"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Else, Check To See If P1 Has A Valid Arguement.
+$!
+$   IF (P1.EQS."LIBRARY").OR.(P1.EQS."DESTEST").OR.(P1.EQS."SPEED") -
+       .OR.(P1.EQS."RPW").OR.(P1.EQS."DES").OR.(P1.EQS."DES_OPTS")
+$   THEN
+$!
+$!    A Valid Arguement.
+$!
+$     BUILDALL = P1
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User We Don't Know What They Want.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything.
+$     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.CRYPTO.DES]LIBDES.OLB Library."
+$     WRITE SYS$OUTPUT "    DESTEST  :  To Compile Just The [.xxx.EXE.CRYPTO.DES]DESTEST.EXE Program."
+$     WRITE SYS$OUTPUT "    SPEED    :  To Compile Just The [.xxx.EXE.CRYPTO.DES]SPEED.EXE Program."
+$     WRITE SYS$OUTPUT "    RPW      :  To Compile Just The [.xxx.EXE.CRYPTO.DES]RPW.EXE Program."
+$     WRITE SYS$OUTPUT "    DES      :  To Compile Just The [.xxx.EXE.CRYPTO.DES]DES.EXE Program."
+$     WRITE SYS$OUTPUT "    DES_OPTS :  To Compile Just The [.xxx.EXE.CRYTPO.DES]DES_OPTS.EXE Program."
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT " Where 'xxx' Stands For: "
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "        AXP  :  Alpha Architecture."
+$     WRITE SYS$OUTPUT "        VAX  :  VAX Architecture."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P1 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Are To Compile Without Debugger Information.
+$!
+$ IF (P2.EQS."NODEBUG")
+$ THEN
+$!
+$!   P2 Is Blank, So Compile Without Debugger Information.
+$!
+$    DEBUGGER  = "NODEBUG"
+$    TRACEBACK = "NOTRACEBACK" 
+$    GCC_OPTIMIZE = "OPTIMIZE"
+$    CC_OPTIMIZE = "OPTIMIZE"
+$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Check To See If We Are To Compile With Debugger Information.
+$!
+$   IF (P2.EQS."DEBUG")
+$   THEN
+$!
+$!    Compile With Debugger Information.
+$!
+$     DEBUGGER  = "DEBUG"
+$     TRACEBACK = "TRACEBACK"
+$     GCC_OPTIMIZE = "NOOPTIMIZE"
+$     CC_OPTIMIZE = "NOOPTIMIZE"
+$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
+$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User Entered An Invalid Option..
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    DEBUG    :  Compile With The Debugger Information."
+$     WRITE SYS$OUTPUT "    NODEBUG  :  Compile Without The Debugger Information."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P2 Check.
+$!
+$ ENDIF
+$!
+$! Special Threads For OpenVMS v7.1 Or Later.
+$!
+$! Written By:  Richard Levitte
+$!              richard@levitte.org
+$!
+$!
+$! Check To See If We Have A Option For P4.
+$!
+$ IF (P4.EQS."")
+$ THEN
+$!
+$!  Get The Version Of VMS We Are Using.
+$!
+$   ISSEVEN := ""
+$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
+$!
+$!  Check To See If The VMS Version Is v7.1 Or Later.
+$!
+$   IF (TMP.GE.71)
+$   THEN
+$!
+$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
+$!
+$     ISSEVEN := ,PTHREAD_USE_D4
+$!
+$!  End The VMS Version Check.
+$!
+$   ENDIF
+$!
+$! End The P4 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P3 Is Blank.
+$!
+$ IF (P3.EQS."")
+$ THEN
+$!
+$!  O.K., The User Didn't Specify A Compiler, Let's Try To
+$!  Find Out Which One To Use.
+$!
+$!  Check To See If We Have GNU C.
+$!
+$   IF (F$TRNLNM("GNU_CC").NES."")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     P3 = "GNUC"
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Check To See If We Have VAXC Or DECC.
+$!
+$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     THEN 
+$!
+$!      Looks Like DECC, Set To Use DECC.
+$!
+$       P3 = "DECC"
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Looks Like VAXC, Set To Use VAXC.
+$!
+$       P3 = "VAXC"
+$!
+$!    End The VAXC Compiler Check.
+$!
+$     ENDIF
+$!
+$!  End The DECC & VAXC Compiler Check.
+$!
+$   ENDIF
+$!
+$!  End The Compiler Check.
+$!
+$ ENDIF
+$!
+$! Set Up Initial CC Definitions, Possibly With User Ones
+$!
+$ CCDEFS = ""
+$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = USER_CCDEFS
+$ CCEXTRAFLAGS = ""
+$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
+$ CCDISABLEWARNINGS = ""
+$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
+	CCDISABLEWARNINGS = USER_CCDISABLEWARNINGS
+$!
+$!  Check To See If The User Entered A Valid Paramter.
+$!
+$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
+$ THEN
+$!
+$!    Check To See If The User Wanted DECC.
+$!
+$   IF (P3.EQS."DECC")
+$   THEN
+$!
+$!    Looks Like DECC, Set To Use DECC.
+$!
+$     COMPILER = "DECC"
+$!
+$!    Tell The User We Are Using DECC.
+$!
+$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$!    Use DECC...
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
+	 THEN CC = "CC/DECC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+           "/NOLIST/PREFIX=ALL" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$!
+$!  End DECC Check.
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use VAXC.
+$!
+$   IF (P3.EQS."VAXC")
+$   THEN
+$!
+$!    Looks Like VAXC, Set To Use VAXC.
+$!
+$     COMPILER = "VAXC"
+$!
+$!    Tell The User We Are Using VAX C.
+$!
+$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$!    Compile Using VAXC.
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."AXP"
+$     THEN
+$	WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$	EXIT
+$     ENDIF
+$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
+$     CCDEFS = """VAXC""," + CCDEFS
+$!
+$!    Define <sys> As SYS$COMMON:[SYSLIB]
+$!
+$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$!
+$!  End VAXC Check
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use GNU C.
+$!
+$   IF (P3.EQS."GNUC")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     COMPILER = "GNUC"
+$!
+$!    Tell The User We Are Using GNUC.
+$!
+$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$!    Use GNU C...
+$!
+$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$!
+$!  End The GNU C Check.
+$!
+$   ENDIF
+$!
+$!  Set up default defines
+$!
+$   CCDEFS = """FLAT_INC=1""," + CCDEFS
+$!
+$!  Finish up the definition of CC.
+$!
+$   IF COMPILER .EQS. "DECC"
+$   THEN
+$     IF CCDISABLEWARNINGS .EQS. ""
+$     THEN
+$       CC4DISABLEWARNINGS = "DOLLARID"
+$     ELSE
+$       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
+$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$     ENDIF
+$     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$   ELSE
+$     CCDISABLEWARNINGS = ""
+$     CC4DISABLEWARNINGS = ""
+$   ENDIF
+$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$!
+$!  Show user the result
+$!
+$   WRITE SYS$OUTPUT "Main Compiling Command: ",CC
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
+$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
+$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$!
+$! End The P3 Check.
+$!
+$ ENDIF
+$!
+$!  Time To RETURN...
+$!
+$ RETURN
diff --git a/crypto/des/des.c b/crypto/des/des.c
index c1e5005474..343135ff9e 100644
--- a/crypto/des/des.c
+++ b/crypto/des/des.c
@@ -58,17 +58,26 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#ifndef MSDOS
+#include <string.h>
+#include <openssl/opensslconf.h>
+#ifndef OPENSSL_SYS_MSDOS
+#ifndef OPENSSL_SYS_VMS
+#include OPENSSL_UNISTD
+#else /* OPENSSL_SYS_VMS */
+#ifdef __DECC
 #include <unistd.h>
-#else
+#else /* not __DECC */
+#include <math.h>
+#endif /* __DECC */
+#endif /* OPENSSL_SYS_VMS */
+#else /* OPENSSL_SYS_MSDOS */
 #include <io.h>
-#define RAND
 #endif
 
 #include <time.h>
 #include "des_ver.h"
 
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 #include <types.h>
 #include <stat.h>
 #else
@@ -77,21 +86,10 @@
 #endif
 #include <sys/stat.h>
 #endif
-#if defined(NOCONST)
-#define const
-#endif
-#include "des.h"
-
-#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
-#include <string.h>
-#endif
-
-#ifdef RAND
-#define random rand
-#define srandom(s) srand(s)
-#endif
+#include <openssl/des.h>
+#include <openssl/rand.h>
+#include <openssl/ui_compat.h>
 
-#ifndef NOPROTO
 void usage(void);
 void doencryption(void);
 int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp);
@@ -99,21 +97,10 @@ void uufwriteEnd(FILE *fp);
 int uufread(unsigned char *out,int size,unsigned int num,FILE *fp);
 int uuencode(unsigned char *in,int num,unsigned char *out);
 int uudecode(unsigned char *in,int num,unsigned char *out);
-void des_3cbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule sk1,des_key_schedule sk2,
-	des_cblock *ivec1,des_cblock *ivec2,int enc);
-#else
-void usage();
-void doencryption();
-int uufwrite();
-void uufwriteEnd();
-int uufread();
-int uuencode();
-int uudecode();
-void des_3cbc_encrypt();
-#endif
-
-#ifdef VMS
+void DES_3cbc_encrypt(DES_cblock *input,DES_cblock *output,long length,
+	DES_key_schedule sk1,DES_key_schedule sk2,
+	DES_cblock *ivec1,DES_cblock *ivec2,int enc);
+#ifdef OPENSSL_SYS_VMS
 #define EXIT(a) exit(a&0x10000000L)
 #else
 #define EXIT(a) exit(a)
@@ -133,14 +120,12 @@ int uubufnum=0;
 #define OUTUUBUF	(65*100)
 unsigned char b[OUTUUBUF];
 unsigned char bb[300];
-des_cblock cksum={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+DES_cblock cksum={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
 char cksumname[200]="";
 
 int vflag,cflag,eflag,dflag,kflag,bflag,fflag,sflag,uflag,flag3,hflag,error;
 
-int main(argc, argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	int i;
 	struct stat ins,outs;
@@ -168,12 +153,14 @@ char **argv;
 				case 'c':
 					cflag=1;
 					strncpy(cksumname,p,200);
+					cksumname[sizeof(cksumname)-1]='\0';
 					p+=strlen(cksumname);
 					break;
 				case 'C':
 					cflag=1;
 					longk=1;
 					strncpy(cksumname,p,200);
+					cksumname[sizeof(cksumname)-1]='\0';
 					p+=strlen(cksumname);
 					break;
 				case 'e':
@@ -205,6 +192,7 @@ char **argv;
 				case 'u':
 					uflag=1;
 					strncpy(uuname,p,200);
+					uuname[sizeof(uuname)-1]='\0';
 					p+=strlen(uuname);
 					break;
 				case 'h':
@@ -274,12 +262,12 @@ char **argv;
 #endif			
 	if (	(in != NULL) &&
 		(out != NULL) &&
-#ifndef MSDOS
+#ifndef OPENSSL_SYS_MSDOS
 		(stat(in,&ins) != -1) &&
 		(stat(out,&outs) != -1) &&
 		(ins.st_dev == outs.st_dev) &&
 		(ins.st_ino == outs.st_ino))
-#else /* MSDOS */
+#else /* OPENSSL_SYS_MSDOS */
 		(strcmp(in,out) == 0))
 #endif
 			{
@@ -314,7 +302,7 @@ char **argv;
 		EXIT(5);
 		}
 
-#ifdef MSDOS
+#ifdef OPENSSL_SYS_MSDOS
 	/* This should set the file to binary mode. */
 	{
 #include <fcntl.h>
@@ -331,33 +319,33 @@ char **argv;
 	EXIT(0);
 	}
 
-void usage()
+void usage(void)
 	{
 	char **u;
 	static const char *Usage[]={
 "des <options> [input-file [output-file]]",
 "options:",
 "-v         : des(1) version number",
-"-e         : encrypt using sunOS compatible user key to DES key conversion.",
+"-e         : encrypt using SunOS compatible user key to DES key conversion.",
 "-E         : encrypt ",
-"-d         : decrypt using sunOS compatible user key to DES key conversion.",
+"-d         : decrypt using SunOS compatible user key to DES key conversion.",
 "-D         : decrypt ",
-"-c[ckname] : generate a cbc_cksum using sunOS compatible user key to",
+"-c[ckname] : generate a cbc_cksum using SunOS compatible user key to",
 "             DES key conversion and output to ckname (stdout default,",
 "             stderr if data being output on stdout).  The checksum is",
 "             generated before encryption and after decryption if used",
 "             in conjunction with -[eEdD].",
 "-C[ckname] : generate a cbc_cksum as for -c but compatible with -[ED].",
 "-k key     : use key 'key'",
-"-h         : the key that is entered will be a hexidecimal number",
+"-h         : the key that is entered will be a hexadecimal number",
 "             that is used directly as the des key",
 "-u[uuname] : input file is uudecoded if -[dD] or output uuencoded data if -[eE]",
 "             (uuname is the filename to put in the uuencode header).",
-"-b         : encrypt using DES in ecb encryption mode, the defaut is cbc mode.",
-"-3         : encrypt using tripple DES encryption.  This uses 2 keys",
+"-b         : encrypt using DES in ecb encryption mode, the default is cbc mode.",
+"-3         : encrypt using triple DES encryption.  This uses 2 keys",
 "             generated from the input key.  If the input key is less",
-"             than 8 characters long, this is equivelent to normal",
-"             encryption.  Default is tripple cbc, -b makes it tripple ecb.",
+"             than 8 characters long, this is equivalent to normal",
+"             encryption.  Default is triple cbc, -b makes it triple ecb.",
 NULL
 };
 	for (u=(char **)Usage; *u; u++)
@@ -369,31 +357,29 @@ NULL
 	EXIT(1);
 	}
 
-void doencryption()
+void doencryption(void)
 	{
 #ifdef _LIBC
-	extern int srandom();
-	extern int random();
 	extern unsigned long time();
 #endif
 
 	register int i;
-	des_key_schedule ks,ks2;
-	unsigned char iv[8],iv2[8];
+	DES_key_schedule ks,ks2;
+	DES_cblock iv,iv2;
 	char *p;
 	int num=0,j,k,l,rem,ll,len,last,ex=0;
-	des_cblock kk,k2;
+	DES_cblock kk,k2;
 	FILE *O;
 	int Exit=0;
-#ifndef MSDOS
+#ifndef OPENSSL_SYS_MSDOS
 	static unsigned char buf[BUFSIZE+8],obuf[BUFSIZE+8];
 #else
 	static unsigned char *buf=NULL,*obuf=NULL;
 
 	if (buf == NULL)
 		{
-		if (    (( buf=(unsigned char *)Malloc(BUFSIZE+8)) == NULL) ||
-			((obuf=(unsigned char *)Malloc(BUFSIZE+8)) == NULL))
+		if (    (( buf=OPENSSL_malloc(BUFSIZE+8)) == NULL) ||
+			((obuf=OPENSSL_malloc(BUFSIZE+8)) == NULL))
 			{
 			fputs("Not enough memory\n",stderr);
 			Exit=10;
@@ -440,19 +426,19 @@ void doencryption()
 			else
 				k2[i-8]=k;
 			}
-		des_set_key((C_Block *)k2,ks2);
-		memset(k2,0,sizeof(k2));
+		DES_set_key_unchecked(&k2,&ks2);
+		OPENSSL_cleanse(k2,sizeof(k2));
 		}
 	else if (longk || flag3)
 		{
 		if (flag3)
 			{
-			des_string_to_2keys(key,(C_Block *)kk,(C_Block *)k2);
-			des_set_key((C_Block *)k2,ks2);
-			memset(k2,0,sizeof(k2));
+			DES_string_to_2keys(key,&kk,&k2);
+			DES_set_key_unchecked(&k2,&ks2);
+			OPENSSL_cleanse(k2,sizeof(k2));
 			}
 		else
-			des_string_to_key(key,(C_Block *)kk);
+			DES_string_to_key(key,&kk);
 		}
 	else
 		for (i=0; i<KEYSIZ; i++)
@@ -470,9 +456,9 @@ void doencryption()
 				kk[i]=key[i]|0x80;
 			}
 
-	des_set_key((C_Block *)kk,ks);
-	memset(key,0,sizeof(key));
-	memset(kk,0,sizeof(kk));
+	DES_set_key_unchecked(&kk,&ks);
+	OPENSSL_cleanse(key,sizeof(key));
+	OPENSSL_cleanse(kk,sizeof(kk));
 	/* woops - A bug that does not showup under unix :-( */
 	memset(iv,0,sizeof(iv));
 	memset(iv2,0,sizeof(iv2));
@@ -498,9 +484,8 @@ void doencryption()
 			len=l-rem;
 			if (feof(DES_IN))
 				{
-				srandom((unsigned int)time(NULL));
 				for (i=7-rem; i>0; i--)
-					buf[l++]=random()&0xff;
+					RAND_pseudo_bytes(buf + l++, 1);
 				buf[l++]=rem;
 				ex=1;
 				len+=rem;
@@ -510,8 +495,8 @@ void doencryption()
 
 			if (cflag)
 				{
-				des_cbc_cksum((C_Block *)buf,(C_Block *)cksum,
-					(long)len,ks,(C_Block *)cksum);
+				DES_cbc_cksum(buf,&cksum,
+					(long)len,&ks,&cksum);
 				if (!eflag)
 					{
 					if (feof(DES_IN)) break;
@@ -521,34 +506,34 @@ void doencryption()
 
 			if (bflag && !flag3)
 				for (i=0; i<l; i+=8)
-					des_ecb_encrypt(
-						(des_cblock *)&(buf[i]),
-						(des_cblock *)&(obuf[i]),
-						ks,do_encrypt);
+					DES_ecb_encrypt(
+						(DES_cblock *)&(buf[i]),
+						(DES_cblock *)&(obuf[i]),
+						&ks,do_encrypt);
 			else if (flag3 && bflag)
 				for (i=0; i<l; i+=8)
-					des_ecb2_encrypt(
-						(des_cblock *)&(buf[i]),
-						(des_cblock *)&(obuf[i]),
-						ks,ks2,do_encrypt);
+					DES_ecb2_encrypt(
+						(DES_cblock *)&(buf[i]),
+						(DES_cblock *)&(obuf[i]),
+						&ks,&ks2,do_encrypt);
 			else if (flag3 && !bflag)
 				{
 				char tmpbuf[8];
 
 				if (rem) memcpy(tmpbuf,&(buf[l]),
 					(unsigned int)rem);
-				des_3cbc_encrypt(
-					(des_cblock *)buf,(des_cblock *)obuf,
-					(long)l,ks,ks2,(des_cblock *)iv,
-					(des_cblock *)iv2,do_encrypt);
+				DES_3cbc_encrypt(
+					(DES_cblock *)buf,(DES_cblock *)obuf,
+					(long)l,ks,ks2,&iv,
+					&iv2,do_encrypt);
 				if (rem) memcpy(&(buf[l]),tmpbuf,
 					(unsigned int)rem);
 				}
 			else
 				{
-				des_cbc_encrypt(
-					(des_cblock *)buf,(des_cblock *)obuf,
-					(long)l,ks,(des_cblock *)iv,do_encrypt);
+				DES_cbc_encrypt(
+					buf,obuf,
+					(long)l,&ks,&iv,do_encrypt);
 				if (l >= 8) memcpy(iv,&(obuf[l-8]),8);
 				}
 			if (rem) memcpy(buf,&(buf[l]),(unsigned int)rem);
@@ -600,28 +585,28 @@ void doencryption()
 
 			if (bflag && !flag3)
 				for (i=0; i<l; i+=8)
-					des_ecb_encrypt(
-						(des_cblock *)&(buf[i]),
-						(des_cblock *)&(obuf[i]),
-						ks,do_encrypt);
+					DES_ecb_encrypt(
+						(DES_cblock *)&(buf[i]),
+						(DES_cblock *)&(obuf[i]),
+						&ks,do_encrypt);
 			else if (flag3 && bflag)
 				for (i=0; i<l; i+=8)
-					des_ecb2_encrypt(
-						(des_cblock *)&(buf[i]),
-						(des_cblock *)&(obuf[i]),
-						ks,ks2,do_encrypt);
+					DES_ecb2_encrypt(
+						(DES_cblock *)&(buf[i]),
+						(DES_cblock *)&(obuf[i]),
+						&ks,&ks2,do_encrypt);
 			else if (flag3 && !bflag)
 				{
-				des_3cbc_encrypt(
-					(des_cblock *)buf,(des_cblock *)obuf,
-					(long)l,ks,ks2,(des_cblock *)iv,
-					(des_cblock *)iv2,do_encrypt);
+				DES_3cbc_encrypt(
+					(DES_cblock *)buf,(DES_cblock *)obuf,
+					(long)l,ks,ks2,&iv,
+					&iv2,do_encrypt);
 				}
 			else
 				{
-				des_cbc_encrypt(
-					(des_cblock *)buf,(des_cblock *)obuf,
-				 	(long)l,ks,(des_cblock *)iv,do_encrypt);
+				DES_cbc_encrypt(
+					buf,obuf,
+				 	(long)l,&ks,&iv,do_encrypt);
 				if (l >= 8) memcpy(iv,&(buf[l-8]),8);
 				}
 
@@ -646,9 +631,9 @@ void doencryption()
 				l=l-8+last;
 				}
 			i=0;
-			if (cflag) des_cbc_cksum((C_Block *)obuf,
-				(C_Block *)cksum,(long)l/8*8,ks,
-				(C_Block *)cksum);
+			if (cflag) DES_cbc_cksum(obuf,
+				(DES_cblock *)cksum,(long)l/8*8,&ks,
+				(DES_cblock *)cksum);
 			while (i != l)
 				{
 				j=fwrite(obuf,1,(unsigned int)l-i,DES_OUT);
@@ -681,30 +666,23 @@ void doencryption()
 		if (l) fclose(CKSUM_OUT);
 		}
 problems:
-	memset(buf,0,sizeof(buf));
-	memset(obuf,0,sizeof(obuf));
-	memset(ks,0,sizeof(ks));
-	memset(ks2,0,sizeof(ks2));
-	memset(iv,0,sizeof(iv));
-	memset(iv2,0,sizeof(iv2));
-	memset(kk,0,sizeof(kk));
-	memset(k2,0,sizeof(k2));
-	memset(uubuf,0,sizeof(uubuf));
-	memset(b,0,sizeof(b));
-	memset(bb,0,sizeof(bb));
-	memset(cksum,0,sizeof(cksum));
+	OPENSSL_cleanse(buf,sizeof(buf));
+	OPENSSL_cleanse(obuf,sizeof(obuf));
+	OPENSSL_cleanse(&ks,sizeof(ks));
+	OPENSSL_cleanse(&ks2,sizeof(ks2));
+	OPENSSL_cleanse(iv,sizeof(iv));
+	OPENSSL_cleanse(iv2,sizeof(iv2));
+	OPENSSL_cleanse(kk,sizeof(kk));
+	OPENSSL_cleanse(k2,sizeof(k2));
+	OPENSSL_cleanse(uubuf,sizeof(uubuf));
+	OPENSSL_cleanse(b,sizeof(b));
+	OPENSSL_cleanse(bb,sizeof(bb));
+	OPENSSL_cleanse(cksum,sizeof(cksum));
 	if (Exit) EXIT(Exit);
 	}
 
-int uufwrite(data, size, num, fp)
-unsigned char *data;
-int size;
-unsigned int num;
-FILE *fp;
-      
-     /* We ignore this parameter but it should be > ~50 I believe */
-   
-    
+/*    We ignore this parameter but it should be > ~50 I believe    */
+int uufwrite(unsigned char *data, int size, unsigned int num, FILE *fp)
 	{
 	int i,j,left,rem,ret=num;
 	static int start=1;
@@ -757,8 +735,7 @@ FILE *fp;
 	return(ret);
 	}
 
-void uufwriteEnd(fp)
-FILE *fp;
+void uufwriteEnd(FILE *fp)
 	{
 	int j;
 	static const char *end=" \nend\n";
@@ -774,11 +751,8 @@ FILE *fp;
 	fwrite(end,1,strlen(end),fp);
 	}
 
-int uufread(out, size, num, fp)
-unsigned char *out;
-int size; /* should always be > ~ 60; I actually ignore this parameter :-) */
-unsigned int num;
-FILE *fp;
+/* int size:  should always be > ~ 60; I actually ignore this parameter :-)    */
+int uufread(unsigned char *out, int size, unsigned int num, FILE *fp)
 	{
 	int i,j,tot;
 	static int done=0;
@@ -850,10 +824,7 @@ FILE *fp;
                     *((c)++)=(unsigned char)(((l)    )&0xff))
 
 
-int uuencode(in, num, out)
-unsigned char *in;
-int num;
-unsigned char *out;
+int uuencode(unsigned char *in, int num, unsigned char *out)
 	{
 	int j,i,n,tot=0;
 	DES_LONG l;
@@ -883,10 +854,7 @@ unsigned char *out;
 	return(tot);
 	}
 
-int uudecode(in, num, out)
-unsigned char *in;
-int num;
-unsigned char *out;
+int uudecode(unsigned char *in, int num, unsigned char *out)
 	{
 	int j,i,k;
 	unsigned int n=0,space=0;
diff --git a/crypto/des/des.h b/crypto/des/des.h
index 4d7610c8ed..4cb9d84fdf 100644
--- a/crypto/des/des.h
+++ b/crypto/des/des.h
@@ -1,4 +1,4 @@
-/* crypto/des/des.org */
+/* crypto/des/des.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,245 +56,182 @@
  * [including the GNU Public Licence.]
  */
 
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
- *
- * Always modify des.org since des.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
 #ifndef HEADER_DES_H
 #define HEADER_DES_H
 
-#ifdef  __cplusplus
-extern "C" {
+#ifdef OPENSSL_NO_DES
+#error DES is disabled.
 #endif
 
-#include <stdio.h>
+#include <openssl/opensslconf.h> /* DES_LONG */
+#include <openssl/e_os2.h>	/* OPENSSL_EXTERN */
 
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned long
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
 #endif
 
-typedef unsigned char des_cblock[8];
-typedef struct des_ks_struct
-	{
-	union	{
-		des_cblock _;
-		/* make sure things are correct size on machines with
-		 * 8 byte longs */
-		DES_LONG pad[2];
-		} ks;
-#undef _
-#define _	ks._
-	int weak_key;
-	} des_key_schedule[16];
-
-#define DES_KEY_SZ 	(sizeof(des_cblock))
-#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
-
-#define DES_ENCRYPT	1
-#define DES_DECRYPT	0
-
-#define DES_CBC_MODE	0
-#define DES_PCBC_MODE	1
-
-#define des_ecb2_encrypt(i,o,k1,k2,e) \
-	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
-	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
-	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
-	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-#define C_Block des_cblock
-#define Key_schedule des_key_schedule
-#ifdef KERBEROS
-#define ENCRYPT DES_ENCRYPT
-#define DECRYPT DES_DECRYPT
+#ifdef  __cplusplus
+extern "C" {
 #endif
-#define KEY_SZ DES_KEY_SZ
-#define string_to_key des_string_to_key
-#define read_pw_string des_read_pw_string
-#define random_key des_random_key
-#define pcbc_encrypt des_pcbc_encrypt
-#define set_key des_set_key
-#define key_sched des_key_sched
-#define ecb_encrypt des_ecb_encrypt
-#define cbc_encrypt des_cbc_encrypt
-#define ncbc_encrypt des_ncbc_encrypt
-#define xcbc_encrypt des_xcbc_encrypt
-#define cbc_cksum des_cbc_cksum
-#define quad_cksum des_quad_cksum
 
-/* For compatibility with the MIT lib - eay 20/05/92 */
-typedef des_key_schedule bit_64;
-#define des_fixup_key_parity des_set_odd_parity
-#define des_check_key_parity check_parity
+typedef unsigned char DES_cblock[8];
+typedef /* const */ unsigned char const_DES_cblock[8];
+/* With "const", gcc 2.8.1 on Solaris thinks that DES_cblock *
+ * and const_DES_cblock * are incompatible pointer types. */
 
-extern int des_check_key;	/* defaults to false */
-extern int des_rw_mode;		/* defaults to DES_PCBC_MODE */
-extern int des_set_weak_key_flag; /* set the weak key flag */
-
-/* The next line is used to disable full ANSI prototypes, if your
- * compiler has problems with the prototypes, make sure this line always
- * evaluates to true :-) */
-#if defined(MSDOS) || defined(__STDC__)
-#undef NOPROTO
+typedef struct DES_ks
+    {
+    union
+	{
+	DES_cblock cblock;
+	/* make sure things are correct size on machines with
+	 * 8 byte longs */
+	DES_LONG deslong[2];
+	} ks[16];
+    } DES_key_schedule;
+
+#ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT
+# ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT
+#  define OPENSSL_ENABLE_OLD_DES_SUPPORT
+# endif
 #endif
-#ifndef NOPROTO
-char *des_options(void);
-void des_ecb3_encrypt(des_cblock *input,des_cblock *output,
-	des_key_schedule ks1,des_key_schedule ks2,
-	des_key_schedule ks3, int enc);
-DES_LONG des_cbc_cksum(des_cblock *input,des_cblock *output,
-	long length,des_key_schedule schedule,des_cblock *ivec);
-void des_cbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,int enc);
-void des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,int enc);
-void des_xcbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,
-	des_cblock *inw,des_cblock *outw,int enc);
-void des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
-	long length,des_key_schedule schedule,des_cblock *ivec,int enc);
-void des_ecb_encrypt(des_cblock *input,des_cblock *output,
-	des_key_schedule ks,int enc);
-void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc);
-void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
-void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
-	des_key_schedule ks2, des_key_schedule ks3);
-void des_decrypt3(DES_LONG *data, des_key_schedule ks1,
-	des_key_schedule ks2, des_key_schedule ks3);
-void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, 
-	long length, des_key_schedule ks1, des_key_schedule ks2, 
-	des_key_schedule ks3, des_cblock *ivec, int enc);
-void des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, des_key_schedule ks1, des_key_schedule ks2,
-	des_key_schedule ks3, des_cblock *ivec, int *num, int enc);
-void des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, des_key_schedule ks1, des_key_schedule ks2,
-	des_key_schedule ks3, des_cblock *ivec, int *num);
 
-void des_xwhite_in2out(des_cblock (*des_key), des_cblock (*in_white),
-	des_cblock (*out_white));
-
-int des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
-	des_cblock *iv);
-int des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
-	des_cblock *iv);
-char *des_fcrypt(const char *buf,const char *salt, char *ret);
-#ifdef PERL5
-char *des_crypt(const char *buf,const char *salt);
-#else
-/* some stupid compilers complain because I have declared char instead
- * of const char */
-#ifdef HEADER_DES_LOCL_H
-char *crypt(const char *buf,const char *salt);
-#else
-char *crypt();
-#endif
+#ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT
+# include <openssl/des_old.h>
 #endif
-void des_ofb_encrypt(unsigned char *in,unsigned char *out,
-	int numbits,long length,des_key_schedule schedule,des_cblock *ivec);
-void des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,int enc);
-DES_LONG des_quad_cksum(des_cblock *input,des_cblock *output,
-	long length,int out_count,des_cblock *seed);
-void des_random_seed(des_cblock key);
-void des_random_key(des_cblock ret);
-int des_read_password(des_cblock *key,char *prompt,int verify);
-int des_read_2passwords(des_cblock *key1,des_cblock *key2,
-	char *prompt,int verify);
-int des_read_pw_string(char *buf,int length,char *prompt,int verify);
-void des_set_odd_parity(des_cblock *key);
-int des_is_weak_key(des_cblock *key);
-int des_set_key(des_cblock *key,des_key_schedule schedule);
-int des_key_sched(des_cblock *key,des_key_schedule schedule);
-void des_string_to_key(char *str,des_cblock *key);
-void des_string_to_2keys(char *str,des_cblock *key1,des_cblock *key2);
-void des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	des_key_schedule schedule, des_cblock *ivec, int *num, int enc);
-void des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	des_key_schedule schedule, des_cblock *ivec, int *num);
-int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify);
 
-/* Extra functions from Mark Murray <mark@grondar.za> */
-void des_cblock_print_file(des_cblock *cb, FILE *fp);
-/* The following functions are not in the normal unix build or the
- * SSLeay build.  When using the SSLeay build, use RAND_seed()
- * and RAND_bytes() instead. */
-int des_new_random_key(des_cblock *key);
-void des_init_random_number_generator(des_cblock *key);
-void des_set_random_generator_seed(des_cblock *key);
-void des_set_sequence_number(des_cblock new_sequence_number);
-void des_generate_random_block(des_cblock *block);
+#define DES_KEY_SZ 	(sizeof(DES_cblock))
+#define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))
 
-#else
-
-char *des_options();
-void des_ecb3_encrypt();
-DES_LONG des_cbc_cksum();
-void des_cbc_encrypt();
-void des_ncbc_encrypt();
-void des_xcbc_encrypt();
-void des_cfb_encrypt();
-void des_ede3_cfb64_encrypt();
-void des_ede3_ofb64_encrypt();
-void des_ecb_encrypt();
-void des_encrypt();
-void des_encrypt2();
-void des_encrypt3();
-void des_decrypt3();
-void des_ede3_cbc_encrypt();
-int des_enc_read();
-int des_enc_write();
-char *des_fcrypt();
-#ifdef PERL5
-char *des_crypt();
-#else
-char *crypt();
-#endif
-void des_ofb_encrypt();
-void des_pcbc_encrypt();
-DES_LONG des_quad_cksum();
-void des_random_seed();
-void des_random_key();
-int des_read_password();
-int des_read_2passwords();
-int des_read_pw_string();
-void des_set_odd_parity();
-int des_is_weak_key();
-int des_set_key();
-int des_key_sched();
-void des_string_to_key();
-void des_string_to_2keys();
-void des_cfb64_encrypt();
-void des_ofb64_encrypt();
-int des_read_pw();
-void des_xwhite_in2out();
+#define DES_ENCRYPT	1
+#define DES_DECRYPT	0
 
-/* Extra functions from Mark Murray <mark@grondar.za> */
-void des_cblock_print_file();
-/* The following functions are not in the normal unix build or the
- * SSLeay build.  When using the SSLeay build, use RAND_seed()
- * and RAND_bytes() instead. */
-#ifdef FreeBSD
-int des_new_random_key();
-void des_init_random_number_generator();
-void des_set_random_generator_seed();
-void des_set_sequence_number();
-void des_generate_random_block();
-#endif
+#define DES_CBC_MODE	0
+#define DES_PCBC_MODE	1
 
-#endif
+#define DES_ecb2_encrypt(i,o,k1,k2,e) \
+	DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+#define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+	DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+#define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+	DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+#define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+	DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+OPENSSL_DECLARE_GLOBAL(int,DES_check_key);	/* defaults to false */
+#define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key)
+OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode);	/* defaults to DES_PCBC_MODE */
+#define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode)
+
+const char *DES_options(void);
+void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+		      DES_key_schedule *ks1,DES_key_schedule *ks2,
+		      DES_key_schedule *ks3, int enc);
+DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output,
+		       long length,DES_key_schedule *schedule,
+		       const_DES_cblock *ivec);
+/* DES_cbc_encrypt does not update the IV!  Use DES_ncbc_encrypt instead. */
+void DES_cbc_encrypt(const unsigned char *input,unsigned char *output,
+		     long length,DES_key_schedule *schedule,DES_cblock *ivec,
+		     int enc);
+void DES_ncbc_encrypt(const unsigned char *input,unsigned char *output,
+		      long length,DES_key_schedule *schedule,DES_cblock *ivec,
+		      int enc);
+void DES_xcbc_encrypt(const unsigned char *input,unsigned char *output,
+		      long length,DES_key_schedule *schedule,DES_cblock *ivec,
+		      const_DES_cblock *inw,const_DES_cblock *outw,int enc);
+void DES_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
+		     long length,DES_key_schedule *schedule,DES_cblock *ivec,
+		     int enc);
+void DES_ecb_encrypt(const_DES_cblock *input,DES_cblock *output,
+		     DES_key_schedule *ks,int enc);
+
+/* 	This is the DES encryption function that gets called by just about
+	every other DES routine in the library.  You should not use this
+	function except to implement 'modes' of DES.  I say this because the
+	functions that call this routine do the conversion from 'char *' to
+	long, and this needs to be done to make sure 'non-aligned' memory
+	access do not occur.  The characters are loaded 'little endian'.
+	Data is a pointer to 2 unsigned long's and ks is the
+	DES_key_schedule to use.  enc, is non zero specifies encryption,
+	zero if decryption. */
+void DES_encrypt1(DES_LONG *data,DES_key_schedule *ks, int enc);
+
+/* 	This functions is the same as DES_encrypt1() except that the DES
+	initial permutation (IP) and final permutation (FP) have been left
+	out.  As for DES_encrypt1(), you should not use this function.
+	It is used by the routines in the library that implement triple DES.
+	IP() DES_encrypt2() DES_encrypt2() DES_encrypt2() FP() is the same
+	as DES_encrypt1() DES_encrypt1() DES_encrypt1() except faster :-). */
+void DES_encrypt2(DES_LONG *data,DES_key_schedule *ks, int enc);
+
+void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
+		  DES_key_schedule *ks2, DES_key_schedule *ks3);
+void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
+		  DES_key_schedule *ks2, DES_key_schedule *ks3);
+void DES_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output, 
+			  long length,
+			  DES_key_schedule *ks1,DES_key_schedule *ks2,
+			  DES_key_schedule *ks3,DES_cblock *ivec,int enc);
+void DES_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out,
+			   long length,
+			   DES_key_schedule *ks1,DES_key_schedule *ks2,
+			   DES_key_schedule *ks3,
+			   DES_cblock *ivec1,DES_cblock *ivec2,
+			   int enc);
+void DES_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out,
+			    long length,DES_key_schedule *ks1,
+			    DES_key_schedule *ks2,DES_key_schedule *ks3,
+			    DES_cblock *ivec,int *num,int enc);
+void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out,
+			    long length,DES_key_schedule *ks1,
+			    DES_key_schedule *ks2,DES_key_schedule *ks3,
+			    DES_cblock *ivec,int *num);
+
+void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white,
+		       DES_cblock *out_white);
+
+int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched,
+		 DES_cblock *iv);
+int DES_enc_write(int fd,const void *buf,int len,DES_key_schedule *sched,
+		  DES_cblock *iv);
+char *DES_fcrypt(const char *buf,const char *salt, char *ret);
+char *DES_crypt(const char *buf,const char *salt);
+void DES_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
+		     long length,DES_key_schedule *schedule,DES_cblock *ivec);
+void DES_pcbc_encrypt(const unsigned char *input,unsigned char *output,
+		      long length,DES_key_schedule *schedule,DES_cblock *ivec,
+		      int enc);
+DES_LONG DES_quad_cksum(const unsigned char *input,DES_cblock output[],
+			long length,int out_count,DES_cblock *seed);
+int DES_random_key(DES_cblock *ret);
+void DES_set_odd_parity(DES_cblock *key);
+int DES_check_key_parity(const_DES_cblock *key);
+int DES_is_weak_key(const_DES_cblock *key);
+/* DES_set_key (= set_key = DES_key_sched = key_sched) calls
+ * DES_set_key_checked if global variable DES_check_key is set,
+ * DES_set_key_unchecked otherwise. */
+int DES_set_key(const_DES_cblock *key,DES_key_schedule *schedule);
+int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
+int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
+void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
+void DES_string_to_key(const char *str,DES_cblock *key);
+void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);
+void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,
+		       DES_key_schedule *schedule,DES_cblock *ivec,int *num,
+		       int enc);
+void DES_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,
+		       DES_key_schedule *schedule,DES_cblock *ivec,int *num);
+
+int DES_read_password(DES_cblock *key, const char *prompt, int verify);
+int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,
+	int verify);
+
+#define DES_fixup_key_parity DES_set_odd_parity
 
 #ifdef  __cplusplus
 }
diff --git a/crypto/des/des.org b/crypto/des/des.org
deleted file mode 100644
index 4d7610c8ed..0000000000
--- a/crypto/des/des.org
+++ /dev/null
@@ -1,303 +0,0 @@
-/* crypto/des/des.org */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
- *
- * Always modify des.org since des.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-#ifndef HEADER_DES_H
-#define HEADER_DES_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#include <stdio.h>
-
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned long
-#endif
-
-typedef unsigned char des_cblock[8];
-typedef struct des_ks_struct
-	{
-	union	{
-		des_cblock _;
-		/* make sure things are correct size on machines with
-		 * 8 byte longs */
-		DES_LONG pad[2];
-		} ks;
-#undef _
-#define _	ks._
-	int weak_key;
-	} des_key_schedule[16];
-
-#define DES_KEY_SZ 	(sizeof(des_cblock))
-#define DES_SCHEDULE_SZ (sizeof(des_key_schedule))
-
-#define DES_ENCRYPT	1
-#define DES_DECRYPT	0
-
-#define DES_CBC_MODE	0
-#define DES_PCBC_MODE	1
-
-#define des_ecb2_encrypt(i,o,k1,k2,e) \
-	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
-
-#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
-	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
-
-#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
-	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
-
-#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
-	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
-
-#define C_Block des_cblock
-#define Key_schedule des_key_schedule
-#ifdef KERBEROS
-#define ENCRYPT DES_ENCRYPT
-#define DECRYPT DES_DECRYPT
-#endif
-#define KEY_SZ DES_KEY_SZ
-#define string_to_key des_string_to_key
-#define read_pw_string des_read_pw_string
-#define random_key des_random_key
-#define pcbc_encrypt des_pcbc_encrypt
-#define set_key des_set_key
-#define key_sched des_key_sched
-#define ecb_encrypt des_ecb_encrypt
-#define cbc_encrypt des_cbc_encrypt
-#define ncbc_encrypt des_ncbc_encrypt
-#define xcbc_encrypt des_xcbc_encrypt
-#define cbc_cksum des_cbc_cksum
-#define quad_cksum des_quad_cksum
-
-/* For compatibility with the MIT lib - eay 20/05/92 */
-typedef des_key_schedule bit_64;
-#define des_fixup_key_parity des_set_odd_parity
-#define des_check_key_parity check_parity
-
-extern int des_check_key;	/* defaults to false */
-extern int des_rw_mode;		/* defaults to DES_PCBC_MODE */
-extern int des_set_weak_key_flag; /* set the weak key flag */
-
-/* The next line is used to disable full ANSI prototypes, if your
- * compiler has problems with the prototypes, make sure this line always
- * evaluates to true :-) */
-#if defined(MSDOS) || defined(__STDC__)
-#undef NOPROTO
-#endif
-#ifndef NOPROTO
-char *des_options(void);
-void des_ecb3_encrypt(des_cblock *input,des_cblock *output,
-	des_key_schedule ks1,des_key_schedule ks2,
-	des_key_schedule ks3, int enc);
-DES_LONG des_cbc_cksum(des_cblock *input,des_cblock *output,
-	long length,des_key_schedule schedule,des_cblock *ivec);
-void des_cbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,int enc);
-void des_ncbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,int enc);
-void des_xcbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,
-	des_cblock *inw,des_cblock *outw,int enc);
-void des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
-	long length,des_key_schedule schedule,des_cblock *ivec,int enc);
-void des_ecb_encrypt(des_cblock *input,des_cblock *output,
-	des_key_schedule ks,int enc);
-void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc);
-void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc);
-void des_encrypt3(DES_LONG *data, des_key_schedule ks1,
-	des_key_schedule ks2, des_key_schedule ks3);
-void des_decrypt3(DES_LONG *data, des_key_schedule ks1,
-	des_key_schedule ks2, des_key_schedule ks3);
-void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, 
-	long length, des_key_schedule ks1, des_key_schedule ks2, 
-	des_key_schedule ks3, des_cblock *ivec, int enc);
-void des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, des_key_schedule ks1, des_key_schedule ks2,
-	des_key_schedule ks3, des_cblock *ivec, int *num, int enc);
-void des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, des_key_schedule ks1, des_key_schedule ks2,
-	des_key_schedule ks3, des_cblock *ivec, int *num);
-
-void des_xwhite_in2out(des_cblock (*des_key), des_cblock (*in_white),
-	des_cblock (*out_white));
-
-int des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
-	des_cblock *iv);
-int des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
-	des_cblock *iv);
-char *des_fcrypt(const char *buf,const char *salt, char *ret);
-#ifdef PERL5
-char *des_crypt(const char *buf,const char *salt);
-#else
-/* some stupid compilers complain because I have declared char instead
- * of const char */
-#ifdef HEADER_DES_LOCL_H
-char *crypt(const char *buf,const char *salt);
-#else
-char *crypt();
-#endif
-#endif
-void des_ofb_encrypt(unsigned char *in,unsigned char *out,
-	int numbits,long length,des_key_schedule schedule,des_cblock *ivec);
-void des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length,
-	des_key_schedule schedule,des_cblock *ivec,int enc);
-DES_LONG des_quad_cksum(des_cblock *input,des_cblock *output,
-	long length,int out_count,des_cblock *seed);
-void des_random_seed(des_cblock key);
-void des_random_key(des_cblock ret);
-int des_read_password(des_cblock *key,char *prompt,int verify);
-int des_read_2passwords(des_cblock *key1,des_cblock *key2,
-	char *prompt,int verify);
-int des_read_pw_string(char *buf,int length,char *prompt,int verify);
-void des_set_odd_parity(des_cblock *key);
-int des_is_weak_key(des_cblock *key);
-int des_set_key(des_cblock *key,des_key_schedule schedule);
-int des_key_sched(des_cblock *key,des_key_schedule schedule);
-void des_string_to_key(char *str,des_cblock *key);
-void des_string_to_2keys(char *str,des_cblock *key1,des_cblock *key2);
-void des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	des_key_schedule schedule, des_cblock *ivec, int *num, int enc);
-void des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	des_key_schedule schedule, des_cblock *ivec, int *num);
-int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify);
-
-/* Extra functions from Mark Murray <mark@grondar.za> */
-void des_cblock_print_file(des_cblock *cb, FILE *fp);
-/* The following functions are not in the normal unix build or the
- * SSLeay build.  When using the SSLeay build, use RAND_seed()
- * and RAND_bytes() instead. */
-int des_new_random_key(des_cblock *key);
-void des_init_random_number_generator(des_cblock *key);
-void des_set_random_generator_seed(des_cblock *key);
-void des_set_sequence_number(des_cblock new_sequence_number);
-void des_generate_random_block(des_cblock *block);
-
-#else
-
-char *des_options();
-void des_ecb3_encrypt();
-DES_LONG des_cbc_cksum();
-void des_cbc_encrypt();
-void des_ncbc_encrypt();
-void des_xcbc_encrypt();
-void des_cfb_encrypt();
-void des_ede3_cfb64_encrypt();
-void des_ede3_ofb64_encrypt();
-void des_ecb_encrypt();
-void des_encrypt();
-void des_encrypt2();
-void des_encrypt3();
-void des_decrypt3();
-void des_ede3_cbc_encrypt();
-int des_enc_read();
-int des_enc_write();
-char *des_fcrypt();
-#ifdef PERL5
-char *des_crypt();
-#else
-char *crypt();
-#endif
-void des_ofb_encrypt();
-void des_pcbc_encrypt();
-DES_LONG des_quad_cksum();
-void des_random_seed();
-void des_random_key();
-int des_read_password();
-int des_read_2passwords();
-int des_read_pw_string();
-void des_set_odd_parity();
-int des_is_weak_key();
-int des_set_key();
-int des_key_sched();
-void des_string_to_key();
-void des_string_to_2keys();
-void des_cfb64_encrypt();
-void des_ofb64_encrypt();
-int des_read_pw();
-void des_xwhite_in2out();
-
-/* Extra functions from Mark Murray <mark@grondar.za> */
-void des_cblock_print_file();
-/* The following functions are not in the normal unix build or the
- * SSLeay build.  When using the SSLeay build, use RAND_seed()
- * and RAND_bytes() instead. */
-#ifdef FreeBSD
-int des_new_random_key();
-void des_init_random_number_generator();
-void des_set_random_generator_seed();
-void des_set_sequence_number();
-void des_generate_random_block();
-#endif
-
-#endif
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/des/des.pl b/crypto/des/des.pl
deleted file mode 100644
index 8a3f7e3ed6..0000000000
--- a/crypto/des/des.pl
+++ /dev/null
@@ -1,552 +0,0 @@
-#!/usr/local/bin/perl
-# des.pl - eric young 22/11/1991 eay@cryptsoft.com
-#
-# Copyright (C) 1993 Eric Young
-#
-# 11 April 1996 - patched to circumvent Perl 5 (through 5.002) problem
-#                 with sign-extension on right shift operations.
-#                 Ed Kubaitis - ejk@uiuc.edu
-#
-# eay - 92/08/31 - I think I have fixed all problems for 64bit
-# versions of perl but I could be wrong since I have not tested it yet :-).
-#
-# This is an implementation of DES in perl.
-# The two routines (des_set_key and des_ecb_encrypt)
-# take 8 byte objects as arguments.
-#
-# des_set_key takes an 8 byte string as a key and returns a key schedule
-# for use in calls to des_ecb_encrypt.
-# des_ecb_encrypt takes three arguments, the first is a key schedule
-# (make sure to pass it by reference with the *), the second is 1
-# to encrypt, 0 to decrypt.  The third argument is an 8 byte object
-# to encrypt.  The function returns an 8 byte object that has been
-# DES encrypted.
-#
-# example:
-# require 'des.pl'
-#
-# $key =pack("C8",0x12,0x23,0x45,0x67,0x89,0xab,0xcd,0xef);
-# @ks=  &des_set_key($key);
-#
-# $outbytes= &des_ecb_encrypt(*ks,1,$data);
-# @enc =unpack("C8",$outbytes);
-#
-                 
-package des;
-
-eval("use integer;") if (int($]) > 4);
-
-# The following 8 arrays are used in des_set_key
-@skb0=(
-# for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 
-0x00000000,0x00000010,0x20000000,0x20000010,
-0x00010000,0x00010010,0x20010000,0x20010010,
-0x00000800,0x00000810,0x20000800,0x20000810,
-0x00010800,0x00010810,0x20010800,0x20010810,
-0x00000020,0x00000030,0x20000020,0x20000030,
-0x00010020,0x00010030,0x20010020,0x20010030,
-0x00000820,0x00000830,0x20000820,0x20000830,
-0x00010820,0x00010830,0x20010820,0x20010830,
-0x00080000,0x00080010,0x20080000,0x20080010,
-0x00090000,0x00090010,0x20090000,0x20090010,
-0x00080800,0x00080810,0x20080800,0x20080810,
-0x00090800,0x00090810,0x20090800,0x20090810,
-0x00080020,0x00080030,0x20080020,0x20080030,
-0x00090020,0x00090030,0x20090020,0x20090030,
-0x00080820,0x00080830,0x20080820,0x20080830,
-0x00090820,0x00090830,0x20090820,0x20090830,
-);
-@skb1=(
-# for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 
-0x00000000,0x02000000,0x00002000,0x02002000,
-0x00200000,0x02200000,0x00202000,0x02202000,
-0x00000004,0x02000004,0x00002004,0x02002004,
-0x00200004,0x02200004,0x00202004,0x02202004,
-0x00000400,0x02000400,0x00002400,0x02002400,
-0x00200400,0x02200400,0x00202400,0x02202400,
-0x00000404,0x02000404,0x00002404,0x02002404,
-0x00200404,0x02200404,0x00202404,0x02202404,
-0x10000000,0x12000000,0x10002000,0x12002000,
-0x10200000,0x12200000,0x10202000,0x12202000,
-0x10000004,0x12000004,0x10002004,0x12002004,
-0x10200004,0x12200004,0x10202004,0x12202004,
-0x10000400,0x12000400,0x10002400,0x12002400,
-0x10200400,0x12200400,0x10202400,0x12202400,
-0x10000404,0x12000404,0x10002404,0x12002404,
-0x10200404,0x12200404,0x10202404,0x12202404,
-);
-@skb2=(
-# for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 
-0x00000000,0x00000001,0x00040000,0x00040001,
-0x01000000,0x01000001,0x01040000,0x01040001,
-0x00000002,0x00000003,0x00040002,0x00040003,
-0x01000002,0x01000003,0x01040002,0x01040003,
-0x00000200,0x00000201,0x00040200,0x00040201,
-0x01000200,0x01000201,0x01040200,0x01040201,
-0x00000202,0x00000203,0x00040202,0x00040203,
-0x01000202,0x01000203,0x01040202,0x01040203,
-0x08000000,0x08000001,0x08040000,0x08040001,
-0x09000000,0x09000001,0x09040000,0x09040001,
-0x08000002,0x08000003,0x08040002,0x08040003,
-0x09000002,0x09000003,0x09040002,0x09040003,
-0x08000200,0x08000201,0x08040200,0x08040201,
-0x09000200,0x09000201,0x09040200,0x09040201,
-0x08000202,0x08000203,0x08040202,0x08040203,
-0x09000202,0x09000203,0x09040202,0x09040203,
-);
-@skb3=(
-# for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 
-0x00000000,0x00100000,0x00000100,0x00100100,
-0x00000008,0x00100008,0x00000108,0x00100108,
-0x00001000,0x00101000,0x00001100,0x00101100,
-0x00001008,0x00101008,0x00001108,0x00101108,
-0x04000000,0x04100000,0x04000100,0x04100100,
-0x04000008,0x04100008,0x04000108,0x04100108,
-0x04001000,0x04101000,0x04001100,0x04101100,
-0x04001008,0x04101008,0x04001108,0x04101108,
-0x00020000,0x00120000,0x00020100,0x00120100,
-0x00020008,0x00120008,0x00020108,0x00120108,
-0x00021000,0x00121000,0x00021100,0x00121100,
-0x00021008,0x00121008,0x00021108,0x00121108,
-0x04020000,0x04120000,0x04020100,0x04120100,
-0x04020008,0x04120008,0x04020108,0x04120108,
-0x04021000,0x04121000,0x04021100,0x04121100,
-0x04021008,0x04121008,0x04021108,0x04121108,
-);
-@skb4=(
-# for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 
-0x00000000,0x10000000,0x00010000,0x10010000,
-0x00000004,0x10000004,0x00010004,0x10010004,
-0x20000000,0x30000000,0x20010000,0x30010000,
-0x20000004,0x30000004,0x20010004,0x30010004,
-0x00100000,0x10100000,0x00110000,0x10110000,
-0x00100004,0x10100004,0x00110004,0x10110004,
-0x20100000,0x30100000,0x20110000,0x30110000,
-0x20100004,0x30100004,0x20110004,0x30110004,
-0x00001000,0x10001000,0x00011000,0x10011000,
-0x00001004,0x10001004,0x00011004,0x10011004,
-0x20001000,0x30001000,0x20011000,0x30011000,
-0x20001004,0x30001004,0x20011004,0x30011004,
-0x00101000,0x10101000,0x00111000,0x10111000,
-0x00101004,0x10101004,0x00111004,0x10111004,
-0x20101000,0x30101000,0x20111000,0x30111000,
-0x20101004,0x30101004,0x20111004,0x30111004,
-);
-@skb5=(
-# for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 
-0x00000000,0x08000000,0x00000008,0x08000008,
-0x00000400,0x08000400,0x00000408,0x08000408,
-0x00020000,0x08020000,0x00020008,0x08020008,
-0x00020400,0x08020400,0x00020408,0x08020408,
-0x00000001,0x08000001,0x00000009,0x08000009,
-0x00000401,0x08000401,0x00000409,0x08000409,
-0x00020001,0x08020001,0x00020009,0x08020009,
-0x00020401,0x08020401,0x00020409,0x08020409,
-0x02000000,0x0A000000,0x02000008,0x0A000008,
-0x02000400,0x0A000400,0x02000408,0x0A000408,
-0x02020000,0x0A020000,0x02020008,0x0A020008,
-0x02020400,0x0A020400,0x02020408,0x0A020408,
-0x02000001,0x0A000001,0x02000009,0x0A000009,
-0x02000401,0x0A000401,0x02000409,0x0A000409,
-0x02020001,0x0A020001,0x02020009,0x0A020009,
-0x02020401,0x0A020401,0x02020409,0x0A020409,
-);
-@skb6=(
-# for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 
-0x00000000,0x00000100,0x00080000,0x00080100,
-0x01000000,0x01000100,0x01080000,0x01080100,
-0x00000010,0x00000110,0x00080010,0x00080110,
-0x01000010,0x01000110,0x01080010,0x01080110,
-0x00200000,0x00200100,0x00280000,0x00280100,
-0x01200000,0x01200100,0x01280000,0x01280100,
-0x00200010,0x00200110,0x00280010,0x00280110,
-0x01200010,0x01200110,0x01280010,0x01280110,
-0x00000200,0x00000300,0x00080200,0x00080300,
-0x01000200,0x01000300,0x01080200,0x01080300,
-0x00000210,0x00000310,0x00080210,0x00080310,
-0x01000210,0x01000310,0x01080210,0x01080310,
-0x00200200,0x00200300,0x00280200,0x00280300,
-0x01200200,0x01200300,0x01280200,0x01280300,
-0x00200210,0x00200310,0x00280210,0x00280310,
-0x01200210,0x01200310,0x01280210,0x01280310,
-);
-@skb7=(
-# for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 
-0x00000000,0x04000000,0x00040000,0x04040000,
-0x00000002,0x04000002,0x00040002,0x04040002,
-0x00002000,0x04002000,0x00042000,0x04042000,
-0x00002002,0x04002002,0x00042002,0x04042002,
-0x00000020,0x04000020,0x00040020,0x04040020,
-0x00000022,0x04000022,0x00040022,0x04040022,
-0x00002020,0x04002020,0x00042020,0x04042020,
-0x00002022,0x04002022,0x00042022,0x04042022,
-0x00000800,0x04000800,0x00040800,0x04040800,
-0x00000802,0x04000802,0x00040802,0x04040802,
-0x00002800,0x04002800,0x00042800,0x04042800,
-0x00002802,0x04002802,0x00042802,0x04042802,
-0x00000820,0x04000820,0x00040820,0x04040820,
-0x00000822,0x04000822,0x00040822,0x04040822,
-0x00002820,0x04002820,0x00042820,0x04042820,
-0x00002822,0x04002822,0x00042822,0x04042822,
-);
-
-@shifts2=(0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0);
-
-# used in ecb_encrypt
-@SP0=(
-0x00410100, 0x00010000, 0x40400000, 0x40410100,
-0x00400000, 0x40010100, 0x40010000, 0x40400000,
-0x40010100, 0x00410100, 0x00410000, 0x40000100,
-0x40400100, 0x00400000, 0x00000000, 0x40010000,
-0x00010000, 0x40000000, 0x00400100, 0x00010100,
-0x40410100, 0x00410000, 0x40000100, 0x00400100,
-0x40000000, 0x00000100, 0x00010100, 0x40410000,
-0x00000100, 0x40400100, 0x40410000, 0x00000000,
-0x00000000, 0x40410100, 0x00400100, 0x40010000,
-0x00410100, 0x00010000, 0x40000100, 0x00400100,
-0x40410000, 0x00000100, 0x00010100, 0x40400000,
-0x40010100, 0x40000000, 0x40400000, 0x00410000,
-0x40410100, 0x00010100, 0x00410000, 0x40400100,
-0x00400000, 0x40000100, 0x40010000, 0x00000000,
-0x00010000, 0x00400000, 0x40400100, 0x00410100,
-0x40000000, 0x40410000, 0x00000100, 0x40010100,
-);
-@SP1=(
-0x08021002, 0x00000000, 0x00021000, 0x08020000,
-0x08000002, 0x00001002, 0x08001000, 0x00021000,
-0x00001000, 0x08020002, 0x00000002, 0x08001000,
-0x00020002, 0x08021000, 0x08020000, 0x00000002,
-0x00020000, 0x08001002, 0x08020002, 0x00001000,
-0x00021002, 0x08000000, 0x00000000, 0x00020002,
-0x08001002, 0x00021002, 0x08021000, 0x08000002,
-0x08000000, 0x00020000, 0x00001002, 0x08021002,
-0x00020002, 0x08021000, 0x08001000, 0x00021002,
-0x08021002, 0x00020002, 0x08000002, 0x00000000,
-0x08000000, 0x00001002, 0x00020000, 0x08020002,
-0x00001000, 0x08000000, 0x00021002, 0x08001002,
-0x08021000, 0x00001000, 0x00000000, 0x08000002,
-0x00000002, 0x08021002, 0x00021000, 0x08020000,
-0x08020002, 0x00020000, 0x00001002, 0x08001000,
-0x08001002, 0x00000002, 0x08020000, 0x00021000,
-);
-@SP2=(
-0x20800000, 0x00808020, 0x00000020, 0x20800020,
-0x20008000, 0x00800000, 0x20800020, 0x00008020,
-0x00800020, 0x00008000, 0x00808000, 0x20000000,
-0x20808020, 0x20000020, 0x20000000, 0x20808000,
-0x00000000, 0x20008000, 0x00808020, 0x00000020,
-0x20000020, 0x20808020, 0x00008000, 0x20800000,
-0x20808000, 0x00800020, 0x20008020, 0x00808000,
-0x00008020, 0x00000000, 0x00800000, 0x20008020,
-0x00808020, 0x00000020, 0x20000000, 0x00008000,
-0x20000020, 0x20008000, 0x00808000, 0x20800020,
-0x00000000, 0x00808020, 0x00008020, 0x20808000,
-0x20008000, 0x00800000, 0x20808020, 0x20000000,
-0x20008020, 0x20800000, 0x00800000, 0x20808020,
-0x00008000, 0x00800020, 0x20800020, 0x00008020,
-0x00800020, 0x00000000, 0x20808000, 0x20000020,
-0x20800000, 0x20008020, 0x00000020, 0x00808000,
-);
-@SP3=(
-0x00080201, 0x02000200, 0x00000001, 0x02080201,
-0x00000000, 0x02080000, 0x02000201, 0x00080001,
-0x02080200, 0x02000001, 0x02000000, 0x00000201,
-0x02000001, 0x00080201, 0x00080000, 0x02000000,
-0x02080001, 0x00080200, 0x00000200, 0x00000001,
-0x00080200, 0x02000201, 0x02080000, 0x00000200,
-0x00000201, 0x00000000, 0x00080001, 0x02080200,
-0x02000200, 0x02080001, 0x02080201, 0x00080000,
-0x02080001, 0x00000201, 0x00080000, 0x02000001,
-0x00080200, 0x02000200, 0x00000001, 0x02080000,
-0x02000201, 0x00000000, 0x00000200, 0x00080001,
-0x00000000, 0x02080001, 0x02080200, 0x00000200,
-0x02000000, 0x02080201, 0x00080201, 0x00080000,
-0x02080201, 0x00000001, 0x02000200, 0x00080201,
-0x00080001, 0x00080200, 0x02080000, 0x02000201,
-0x00000201, 0x02000000, 0x02000001, 0x02080200,
-);
-@SP4=(
-0x01000000, 0x00002000, 0x00000080, 0x01002084,
-0x01002004, 0x01000080, 0x00002084, 0x01002000,
-0x00002000, 0x00000004, 0x01000004, 0x00002080,
-0x01000084, 0x01002004, 0x01002080, 0x00000000,
-0x00002080, 0x01000000, 0x00002004, 0x00000084,
-0x01000080, 0x00002084, 0x00000000, 0x01000004,
-0x00000004, 0x01000084, 0x01002084, 0x00002004,
-0x01002000, 0x00000080, 0x00000084, 0x01002080,
-0x01002080, 0x01000084, 0x00002004, 0x01002000,
-0x00002000, 0x00000004, 0x01000004, 0x01000080,
-0x01000000, 0x00002080, 0x01002084, 0x00000000,
-0x00002084, 0x01000000, 0x00000080, 0x00002004,
-0x01000084, 0x00000080, 0x00000000, 0x01002084,
-0x01002004, 0x01002080, 0x00000084, 0x00002000,
-0x00002080, 0x01002004, 0x01000080, 0x00000084,
-0x00000004, 0x00002084, 0x01002000, 0x01000004,
-);
-@SP5=(
-0x10000008, 0x00040008, 0x00000000, 0x10040400,
-0x00040008, 0x00000400, 0x10000408, 0x00040000,
-0x00000408, 0x10040408, 0x00040400, 0x10000000,
-0x10000400, 0x10000008, 0x10040000, 0x00040408,
-0x00040000, 0x10000408, 0x10040008, 0x00000000,
-0x00000400, 0x00000008, 0x10040400, 0x10040008,
-0x10040408, 0x10040000, 0x10000000, 0x00000408,
-0x00000008, 0x00040400, 0x00040408, 0x10000400,
-0x00000408, 0x10000000, 0x10000400, 0x00040408,
-0x10040400, 0x00040008, 0x00000000, 0x10000400,
-0x10000000, 0x00000400, 0x10040008, 0x00040000,
-0x00040008, 0x10040408, 0x00040400, 0x00000008,
-0x10040408, 0x00040400, 0x00040000, 0x10000408,
-0x10000008, 0x10040000, 0x00040408, 0x00000000,
-0x00000400, 0x10000008, 0x10000408, 0x10040400,
-0x10040000, 0x00000408, 0x00000008, 0x10040008,
-);
-@SP6=(
-0x00000800, 0x00000040, 0x00200040, 0x80200000,
-0x80200840, 0x80000800, 0x00000840, 0x00000000,
-0x00200000, 0x80200040, 0x80000040, 0x00200800,
-0x80000000, 0x00200840, 0x00200800, 0x80000040,
-0x80200040, 0x00000800, 0x80000800, 0x80200840,
-0x00000000, 0x00200040, 0x80200000, 0x00000840,
-0x80200800, 0x80000840, 0x00200840, 0x80000000,
-0x80000840, 0x80200800, 0x00000040, 0x00200000,
-0x80000840, 0x00200800, 0x80200800, 0x80000040,
-0x00000800, 0x00000040, 0x00200000, 0x80200800,
-0x80200040, 0x80000840, 0x00000840, 0x00000000,
-0x00000040, 0x80200000, 0x80000000, 0x00200040,
-0x00000000, 0x80200040, 0x00200040, 0x00000840,
-0x80000040, 0x00000800, 0x80200840, 0x00200000,
-0x00200840, 0x80000000, 0x80000800, 0x80200840,
-0x80200000, 0x00200840, 0x00200800, 0x80000800,
-);
-@SP7=(
-0x04100010, 0x04104000, 0x00004010, 0x00000000,
-0x04004000, 0x00100010, 0x04100000, 0x04104010,
-0x00000010, 0x04000000, 0x00104000, 0x00004010,
-0x00104010, 0x04004010, 0x04000010, 0x04100000,
-0x00004000, 0x00104010, 0x00100010, 0x04004000,
-0x04104010, 0x04000010, 0x00000000, 0x00104000,
-0x04000000, 0x00100000, 0x04004010, 0x04100010,
-0x00100000, 0x00004000, 0x04104000, 0x00000010,
-0x00100000, 0x00004000, 0x04000010, 0x04104010,
-0x00004010, 0x04000000, 0x00000000, 0x00104000,
-0x04100010, 0x04004010, 0x04004000, 0x00100010,
-0x04104000, 0x00000010, 0x00100010, 0x04004000,
-0x04104010, 0x00100000, 0x04100000, 0x04000010,
-0x00104000, 0x00004010, 0x04004010, 0x04100000,
-0x00000010, 0x04104000, 0x00104010, 0x00000000,
-0x04000000, 0x04100010, 0x00004000, 0x00104010,
-);
-
-sub main'des_set_key
-	{
-	local($param)=@_;
-	local(@key);
-	local($c,$d,$i,$s,$t);
-	local(@ks)=();
-
-	# Get the bytes in the order we want.
-	@key=unpack("C8",$param);
-
-	$c=	($key[0]    )|
-		($key[1]<< 8)|
-		($key[2]<<16)|
-		($key[3]<<24);
-	$d=	($key[4]    )|
-		($key[5]<< 8)|
-		($key[6]<<16)|
-		($key[7]<<24);
-
-	&doPC1(*c,*d);
-
-	for $i (@shifts2)
-		{
-		if ($i)
-			{
-			$c=($c>>2)|($c<<26);
-			$d=($d>>2)|($d<<26);
-			}
-		else
-			{
-			$c=($c>>1)|($c<<27);
-			$d=($d>>1)|($d<<27);
-			}
-		$c&=0x0fffffff;
-		$d&=0x0fffffff;
-		$s=	$skb0[ ($c    )&0x3f                 ]|
-			$skb1[(($c>> 6)&0x03)|(($c>> 7)&0x3c)]|
-			$skb2[(($c>>13)&0x0f)|(($c>>14)&0x30)]|
-			$skb3[(($c>>20)&0x01)|(($c>>21)&0x06) |
-					     (($c>>22)&0x38)];
-		$t=     $skb4[ ($d    )&0x3f                ]|
-			$skb5[(($d>> 7)&0x03)|(($d>> 8)&0x3c)]|
-			$skb6[ ($d>>15)&0x3f                 ]|
-			$skb7[(($d>>21)&0x0f)|(($d>>22)&0x30)];
-		push(@ks,(($t<<16)|($s&0x0000ffff))&0xffffffff);
-		$s=      (($s>>16)&0x0000ffff)|($t&0xffff0000) ;
-		push(@ks,(($s<<4)|(($s>>28)&0xf))&0xffffffff);
-		}
-	@ks;
-	}
-
-sub doPC1
-	{
-	local(*a,*b)=@_;
-	local($t);
-
-	$t=(($b>>4)^$a)&0x0f0f0f0f;
-	$b^=($t<<4); $a^=$t;
-	# do $a first 
-	$t=(($a<<18)^$a)&0xcccc0000;
-	$a=$a^$t^(($t>>18)&0x00003fff);
-	$t=(($a<<17)^$a)&0xaaaa0000;
-	$a=$a^$t^(($t>>17)&0x00007fff);
-	$t=(($a<< 8)^$a)&0x00ff0000;
-	$a=$a^$t^(($t>> 8)&0x00ffffff);
-	$t=(($a<<17)^$a)&0xaaaa0000;
-	$a=$a^$t^(($t>>17)&0x00007fff);
-
-	# now do $b
-	$t=(($b<<24)^$b)&0xff000000;
-	$b=$b^$t^(($t>>24)&0x000000ff);
-	$t=(($b<< 8)^$b)&0x00ff0000;
-	$b=$b^$t^(($t>> 8)&0x00ffffff);
-	$t=(($b<<14)^$b)&0x33330000;
-	$b=$b^$t^(($t>>14)&0x0003ffff);
-	$b=(($b&0x00aa00aa)<<7)|(($b&0x55005500)>>7)|($b&0xaa55aa55);
-	$b=(($b>>8)&0x00ffffff)|((($a&0xf0000000)>>4)&0x0fffffff);
-	$a&=0x0fffffff;
-	}
-
-sub doIP
-	{
-	local(*a,*b)=@_;
-	local($t);
-
-	$t=(($b>> 4)^$a)&0x0f0f0f0f;
-	$b^=($t<< 4); $a^=$t;
-	$t=(($a>>16)^$b)&0x0000ffff;
-	$a^=($t<<16); $b^=$t;
-	$t=(($b>> 2)^$a)&0x33333333;
-	$b^=($t<< 2); $a^=$t;
-	$t=(($a>> 8)^$b)&0x00ff00ff;
-	$a^=($t<< 8); $b^=$t;
-	$t=(($b>> 1)^$a)&0x55555555;
-	$b^=($t<< 1); $a^=$t;
-	$t=$a;
-	$a=$b&0xffffffff;
-	$b=$t&0xffffffff;
-	}
-
-sub doFP
-	{
-	local(*a,*b)=@_;
-	local($t);
-
-	$t=(($b>> 1)^$a)&0x55555555;
-	$b^=($t<< 1); $a^=$t;
-	$t=(($a>> 8)^$b)&0x00ff00ff;
-	$a^=($t<< 8); $b^=$t;
-	$t=(($b>> 2)^$a)&0x33333333;
-	$b^=($t<< 2); $a^=$t;
-	$t=(($a>>16)^$b)&0x0000ffff;
-	$a^=($t<<16); $b^=$t;
-	$t=(($b>> 4)^$a)&0x0f0f0f0f;
-	$b^=($t<< 4); $a^=$t;
-	$a&=0xffffffff;
-	$b&=0xffffffff;
-	}
-
-sub main'des_ecb_encrypt
-	{
-	local(*ks,$encrypt,$in)=@_;
-	local($l,$r,$i,$t,$u,@input);
-	
-	@input=unpack("C8",$in);
-	# Get the bytes in the order we want.
-	$l=	($input[0]    )|
-		($input[1]<< 8)|
-		($input[2]<<16)|
-		($input[3]<<24);
-	$r=	($input[4]    )|
-		($input[5]<< 8)|
-		($input[6]<<16)|
-		($input[7]<<24);
-
-	$l&=0xffffffff;
-	$r&=0xffffffff;
-	&doIP(*l,*r);
-	if ($encrypt)
-		{
-		for ($i=0; $i<32; $i+=4)
-			{
-			$t=((($r&0x7fffffff)<<1)|(($r>>31)&0x00000001));
-			$u=$t^$ks[$i  ];
-			$t=$t^$ks[$i+1];
-			$t2=(($t&0x0000000f)<<28);
-
-			$t=((($t>>4)&0x0fffffff)|(($t&0x0000000f)<<28));
-			$l^=	$SP1[ $t     &0x3f]|
-				$SP3[($t>> 8)&0x3f]|
-				$SP5[($t>>16)&0x3f]|
-				$SP7[($t>>24)&0x3f]|
-				$SP0[ $u     &0x3f]|
-				$SP2[($u>> 8)&0x3f]|
-				$SP4[($u>>16)&0x3f]|
-				$SP6[($u>>24)&0x3f];
-
-			$t=(($l<<1)|(($l>>31)&0x1))&0xffffffff;
-			$u=$t^$ks[$i+2];
-			$t=$t^$ks[$i+3];
-			$t=((($t>>4)&0x0fffffff)|($t<<28))&0xffffffff;
-			$r^=	$SP1[ $t     &0x3f]|
-				$SP3[($t>> 8)&0x3f]|
-				$SP5[($t>>16)&0x3f]|
-				$SP7[($t>>24)&0x3f]|
-				$SP0[ $u     &0x3f]|
-				$SP2[($u>> 8)&0x3f]|
-				$SP4[($u>>16)&0x3f]|
-				$SP6[($u>>24)&0x3f];
-			}
-		}
-	else	
-		{
-		for ($i=30; $i>0; $i-=4)
-			{
-			$t=(($r<<1)|(($r>>31)&0x1))&0xffffffff;
-			$u=$t^$ks[$i  ];
-			$t=$t^$ks[$i+1];
-			$t=((($t>>4)&0x0fffffff)|($t<<28))&0xffffffff;
-			$l^=	$SP1[ $t     &0x3f]|
-				$SP3[($t>> 8)&0x3f]|
-				$SP5[($t>>16)&0x3f]|
-				$SP7[($t>>24)&0x3f]|
-				$SP0[ $u     &0x3f]|
-				$SP2[($u>> 8)&0x3f]|
-				$SP4[($u>>16)&0x3f]|
-				$SP6[($u>>24)&0x3f];
-
-			$t=(($l<<1)|(($l>>31)&0x1))&0xffffffff;
-			$u=$t^$ks[$i-2];
-			$t=$t^$ks[$i-1];
-			$t=((($t>>4)&0x0fffffff)|($t<<28))&0xffffffff;
-			$r^=	$SP1[ $t     &0x3f]|
-				$SP3[($t>> 8)&0x3f]|
-				$SP5[($t>>16)&0x3f]|
-				$SP7[($t>>24)&0x3f]|
-				$SP0[ $u     &0x3f]|
-				$SP2[($u>> 8)&0x3f]|
-				$SP4[($u>>16)&0x3f]|
-				$SP6[($u>>24)&0x3f];
-			}
-		}
-	&doFP(*l,*r);
-	pack("C8",$l&0xff, 
-	          ($l>> 8)&0x00ffffff,
-	          ($l>>16)&0x0000ffff,
-		  ($l>>24)&0x000000ff,
-		  $r&0xff,
-	          ($r>> 8)&0x00ffffff,
-	          ($r>>16)&0x0000ffff,
-		  ($r>>24)&0x000000ff);
-	}
diff --git a/crypto/des/des.man b/crypto/des/des.pod
index 7e06a1851a..bf479e83d2 100644
--- a/crypto/des/des.man
+++ b/crypto/des/des.pod
@@ -1,186 +1,217 @@
-.TH DES 1 
-.SH NAME
+=pod
+
+=head1 NAME
+
 des - encrypt or decrypt data using Data Encryption Standard
-.SH SYNOPSIS
-.B des
+
+=head1 SYNOPSIS
+
+B<des>
 (
-.B \-e
+B<-e>
 |
-.B \-E
+B<-E>
 ) | (
-.B \-d
+B<-d>
 |
-.B \-D
+B<-D>
 ) | (
-.B \-\fR[\fPcC\fR][\fPckname\fR]\fP
+B<->[B<cC>][B<ckname>]
 ) |
 [
-.B \-b3hfs
+B<-b3hfs>
 ] [
-.B \-k
-.I key
+B<-k>
+I<key>
 ]
 ] [
-.B \-u\fR[\fIuuname\fR]
+B<-u>[I<uuname>]
 [
-.I input-file
+I<input-file>
 [
-.I output-file
+I<output-file>
 ] ]
-.SH DESCRIPTION
-.B des
+
+=head1 NOTE
+
+This page describes the B<des> stand-alone program, not the B<openssl des>
+command.
+
+=head1 DESCRIPTION
+
+B<des>
 encrypts and decrypts data using the
 Data Encryption Standard algorithm.
 One of
-.B \-e, \-E
+B<-e>, B<-E>
 (for encrypt) or
-.B \-d, \-D
+B<-d>, B<-D>
 (for decrypt) must be specified.
 It is also possible to use
-.B \-c
+B<-c>
 or
-.B \-C
+B<-C>
 in conjunction or instead of the a encrypt/decrypt option to generate
 a 16 character hexadecimal checksum, generated via the
-.I des_cbc_cksum.
-.LP
+I<des_cbc_cksum>.
+
 Two standard encryption modes are supported by the
-.B des
+B<des>
 program, Cipher Block Chaining (the default) and Electronic Code Book
 (specified with
-.B \-b
-).
-.LP
+B<-b>).
+
 The key used for the DES
 algorithm is obtained by prompting the user unless the
-.B `\-k
-.I key'
+B<-k>
+I<key>
 option is given.
 If the key is an argument to the
-.B des
+B<des>
 command, it is potentially visible to users executing
-.BR ps (1)
+ps(1)
 or a derivative.  To minimise this possibility,
-.B des
+B<des>
 takes care to destroy the key argument immediately upon entry.
 If your shell keeps a history file be careful to make sure it is not
 world readable.
-.LP
-Since this program attempts to maintain compatability with sunOS's
+
+Since this program attempts to maintain compatibility with sunOS's
 des(1) command, there are 2 different methods used to convert the user
 supplied key to a des key.
 Whenever and one or more of
-.B \-E, \-D, \-C
+B<-E>, B<-D>, B<-C>
 or
-.B \-3
+B<-3>
 options are used, the key conversion procedure will not be compatible
 with the sunOS des(1) version but will use all the user supplied
 character to generate the des key.
-.B des
+B<des>
 command reads from standard input unless
-.I input-file
+I<input-file>
 is specified and writes to standard output unless
-.I output-file
+I<output-file>
 is given.
-.SH OPTIONS
-.TP
-.B \-b
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-b>
+
 Select ECB
 (eight bytes at a time) encryption mode.
-.TP
-.B \-3
+
+=item B<-3>
+
 Encrypt using triple encryption.
 By default triple cbc encryption is used but if the
-.B \-b
-option is used then triple ecb encryption is performed.
+B<-b>
+option is used then triple ECB encryption is performed.
 If the key is less than 8 characters long, the flag has no effect.
-.TP
-.B \-e
+
+=item B<-e>
+
 Encrypt data using an 8 byte key in a manner compatible with sunOS
 des(1).
-.TP
-.B \-E
+
+=item B<-E>
+
 Encrypt data using a key of nearly unlimited length (1024 bytes).
 This will product a more secure encryption.
-.TP
-.B \-d
-Decrypt data that was encrypted with the \-e option.
-.TP
-.B \-D
-Decrypt data that was encrypted with the \-E option.
-.TP
-.B \-c
+
+=item B<-d>
+
+Decrypt data that was encrypted with the B<-e> option.
+
+=item B<-D>
+
+Decrypt data that was encrypted with the B<-E> option.
+
+=item B<-c>
+
 Generate a 16 character hexadecimal cbc checksum and output this to
 stderr.
 If a filename was specified after the
-.B \-c
+B<-c>
 option, the checksum is output to that file.
 The checksum is generated using a key generated in a sunOS compatible
 manner.
-.TP
-.B \-C
+
+=item B<-C>
+
 A cbc checksum is generated in the same manner as described for the
-.B \-c
+B<-c>
 option but the DES key is generated in the same manner as used for the
-.B \-E
+B<-E>
 and
-.B \-D
+B<-D>
 options
-.TP
-.B \-f
+
+=item B<-f>
+
 Does nothing - allowed for compatibility with sunOS des(1) command.
-.TP
-.B \-s
+
+=item B<-s>
+
 Does nothing - allowed for compatibility with sunOS des(1) command.
-.TP
-.B "\-k \fIkey\fP"
+
+=item B<-k> I<key>
+
 Use the encryption 
-.I key
+I<key>
 specified.
-.TP
-.B "\-h"
+
+=item B<-h>
+
 The
-.I key
+I<key>
 is assumed to be a 16 character hexadecimal number.
 If the
-.B "\-3"
+B<-3>
 option is used the key is assumed to be a 32 character hexadecimal
 number.
-.TP
-.B \-u
+
+=item B<-u>
+
 This flag is used to read and write uuencoded files.  If decrypting,
 the input file is assumed to contain uuencoded, DES encrypted data.
-If encrypting, the characters following the -u are used as the name of
+If encrypting, the characters following the B<-u> are used as the name of
 the uuencoded file to embed in the begin line of the uuencoded
-output.  If there is no name specified after the -u, the name text.des
+output.  If there is no name specified after the B<-u>, the name text.des
 will be embedded in the header.
-.SH SEE ALSO
-.B ps (1)
-.B des_crypt(3)
-.SH BUGS
-.LP
+
+=head1 SEE ALSO
+
+ps(1),
+L<des_crypt(3)|des_crypt(3)>
+
+=head1 BUGS
+
 The problem with using the
-.B -e
+B<-e>
 option is the short key length.
 It would be better to use a real 56-bit key rather than an
 ASCII-based 56-bit pattern.  Knowing that the key was derived from ASCII
 radically reduces the time necessary for a brute-force cryptographic attack.
 My attempt to remove this problem is to add an alternative text-key to
 DES-key function.  This alternative function (accessed via
-.B -E, -D, -S
+B<-E>, B<-D>, B<-S>
 and
-.B -3
-)
+B<-3>)
 uses DES to help generate the key.
-.LP
-Be carefully when using the -u option.  Doing des -ud <filename> will
-not decrypt filename (the -u option will gobble the d option).
-.LP
+
+Be carefully when using the B<-u> option.  Doing B<des -ud> I<filename> will
+not decrypt filename (the B<-u> option will gobble the B<-d> option).
+
 The VMS operating system operates in a world where files are always a
 multiple of 512 bytes.  This causes problems when encrypted data is
-send from unix to VMS since a 88 byte file will suddenly be padded
-with 424 null bytes.  To get around this problem, use the -u option
+send from Unix to VMS since a 88 byte file will suddenly be padded
+with 424 null bytes.  To get around this problem, use the B<-u> option
 to uuencode the data before it is send to the VMS system.
-.SH AUTHOR
-.LP
+
+=head1 AUTHOR
+
 Eric Young (eay@cryptsoft.com)
+
+=cut
diff --git a/crypto/des/des3s.cpp b/crypto/des/des3s.cpp
index 9aff6494d9..02d527c057 100644
--- a/crypto/des/des3s.cpp
+++ b/crypto/des/des3s.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "des.h"
+#include <openssl/des.h>
 
 void main(int argc,char *argv[])
 	{
diff --git a/crypto/des/des_crypt.man b/crypto/des/des_crypt.man
deleted file mode 100644
index 0ecc416877..0000000000
--- a/crypto/des/des_crypt.man
+++ /dev/null
@@ -1,508 +0,0 @@
-.TH DES_CRYPT 3 
-.SH NAME
-des_read_password, des_read_2password,
-des_string_to_key, des_string_to_2key, des_read_pw_string,
-des_random_key, des_set_key,
-des_key_sched, des_ecb_encrypt, des_ecb3_encrypt, des_cbc_encrypt,
-des_3cbc_encrypt,
-des_pcbc_encrypt, des_cfb_encrypt, des_ofb_encrypt,
-des_cbc_cksum, des_quad_cksum,
-des_enc_read, des_enc_write, des_set_odd_parity,
-des_is_weak_key, crypt \- (non USA) DES encryption
-.SH SYNOPSIS
-.nf
-.nj
-.ft B
-#include <des.h>
-.PP
-.B int des_read_password(key,prompt,verify)
-des_cblock *key;
-char *prompt;
-int verify;
-.PP
-.B int des_read_2password(key1,key2,prompt,verify)
-des_cblock *key1,*key2;
-char *prompt;
-int verify;
-.PP
-.B int des_string_to_key(str,key)
-char *str;
-des_cblock *key;
-.PP
-.B int des_string_to_2keys(str,key1,key2)
-char *str;
-des_cblock *key1,*key2;
-.PP
-.B int des_read_pw_string(buf,length,prompt,verify)
-char *buf;
-int length;
-char *prompt;
-int verify;
-.PP
-.B int des_random_key(key)
-des_cblock *key;
-.PP
-.B int des_set_key(key,schedule)
-des_cblock *key;
-des_key_schedule schedule;
-.PP
-.B int des_key_sched(key,schedule)
-des_cblock *key;
-des_key_schedule schedule;
-.PP
-.B int des_ecb_encrypt(input,output,schedule,encrypt)
-des_cblock *input;
-des_cblock *output;
-des_key_schedule schedule;
-int encrypt;
-.PP
-.B int des_ecb3_encrypt(input,output,ks1,ks2,encrypt)
-des_cblock *input;
-des_cblock *output;
-des_key_schedule ks1,ks2;
-int encrypt;
-.PP
-.B int des_cbc_encrypt(input,output,length,schedule,ivec,encrypt)
-des_cblock *input;
-des_cblock *output;
-long length;
-des_key_schedule schedule;
-des_cblock *ivec;
-int encrypt;
-.PP
-.B int des_3cbc_encrypt(input,output,length,sk1,sk2,ivec1,ivec2,encrypt)
-des_cblock *input;
-des_cblock *output;
-long length;
-des_key_schedule sk1;
-des_key_schedule sk2;
-des_cblock *ivec1;
-des_cblock *ivec2;
-int encrypt;
-.PP
-.B int des_pcbc_encrypt(input,output,length,schedule,ivec,encrypt)
-des_cblock *input;
-des_cblock *output;
-long length;
-des_key_schedule schedule;
-des_cblock *ivec;
-int encrypt;
-.PP
-.B int des_cfb_encrypt(input,output,numbits,length,schedule,ivec,encrypt)
-unsigned char *input;
-unsigned char *output;
-int numbits;
-long length;
-des_key_schedule schedule;
-des_cblock *ivec;
-int encrypt;
-.PP
-.B int des_ofb_encrypt(input,output,numbits,length,schedule,ivec)
-unsigned char *input,*output;
-int numbits;
-long length;
-des_key_schedule schedule;
-des_cblock *ivec;
-.PP
-.B unsigned long des_cbc_cksum(input,output,length,schedule,ivec)
-des_cblock *input;
-des_cblock *output;
-long length;
-des_key_schedule schedule;
-des_cblock *ivec;
-.PP
-.B unsigned long des_quad_cksum(input,output,length,out_count,seed)
-des_cblock *input;
-des_cblock *output;
-long length;
-int out_count;
-des_cblock *seed;
-.PP
-.B int des_check_key;
-.PP
-.B int des_enc_read(fd,buf,len,sched,iv)
-int fd;
-char *buf;
-int len;
-des_key_schedule sched;
-des_cblock *iv;
-.PP
-.B int des_enc_write(fd,buf,len,sched,iv)
-int fd;
-char *buf;
-int len;
-des_key_schedule sched;
-des_cblock *iv;
-.PP
-.B extern int des_rw_mode;
-.PP
-.B void des_set_odd_parity(key)
-des_cblock *key;
-.PP
-.B int des_is_weak_key(key)
-des_cblock *key;
-.PP
-.B char *crypt(passwd,salt)
-char *passwd;
-char *salt;
-.PP
-.fi
-.SH DESCRIPTION
-This library contains a fast implementation of the DES encryption
-algorithm.
-.PP
-There are two phases to the use of DES encryption.
-The first is the generation of a
-.I des_key_schedule
-from a key,
-the second is the actual encryption.
-A des key is of type
-.I des_cblock.
-This type is made from 8 characters with odd parity.
-The least significant bit in the character is the parity bit.
-The key schedule is an expanded form of the key; it is used to speed the
-encryption process.
-.PP
-.I des_read_password
-writes the string specified by prompt to the standard output,
-turns off echo and reads an input string from standard input
-until terminated with a newline.
-If verify is non-zero, it prompts and reads the input again and verifies
-that both entered passwords are the same.
-The entered string is converted into a des key by using the
-.I des_string_to_key
-routine.
-The new key is placed in the
-.I des_cblock
-that was passed (by reference) to the routine.
-If there were no errors,
-.I des_read_password
-returns 0,
--1 is returned if there was a terminal error and 1 is returned for
-any other error.
-.PP
-.I des_read_2password
-operates in the same way as
-.I des_read_password
-except that it generates 2 keys by using the
-.I des_string_to_2key
-function.
-.PP
-.I des_read_pw_string
-is called by
-.I des_read_password
-to read and verify a string from a terminal device.
-The string is returned in
-.I buf.
-The size of
-.I buf
-is passed to the routine via the
-.I length
-parameter.
-.PP
-.I des_string_to_key
-converts a string into a valid des key.
-.PP
-.I des_string_to_2key
-converts a string into 2 valid des keys.
-This routine is best suited for used to generate keys for use with
-.I des_ecb3_encrypt.
-.PP
-.I des_random_key
-returns a random key that is made of a combination of process id,
-time and an increasing counter.
-.PP
-Before a des key can be used it is converted into a
-.I des_key_schedule
-via the
-.I des_set_key
-routine.
-If the
-.I des_check_key
-flag is non-zero,
-.I des_set_key
-will check that the key passed is of odd parity and is not a week or
-semi-weak key.
-If the parity is wrong,
-then -1 is returned.
-If the key is a weak key,
-then -2 is returned.
-If an error is returned,
-the key schedule is not generated.
-.PP
-.I des_key_sched
-is another name for the
-.I des_set_key
-function.
-.PP
-The following routines mostly operate on an input and output stream of
-.I des_cblock's.
-.PP
-.I des_ecb_encrypt
-is the basic DES encryption routine that encrypts or decrypts a single 8-byte
-.I des_cblock
-in
-.I electronic code book
-mode.
-It always transforms the input data, pointed to by
-.I input,
-into the output data,
-pointed to by the
-.I output
-argument.
-If the
-.I encrypt
-argument is non-zero (DES_ENCRYPT),
-the
-.I input
-(cleartext) is encrypted in to the
-.I output
-(ciphertext) using the key_schedule specified by the
-.I schedule
-argument,
-previously set via
-.I des_set_key.
-If
-.I encrypt
-is zero (DES_DECRYPT),
-the
-.I input
-(now ciphertext)
-is decrypted into the
-.I output
-(now cleartext).
-Input and output may overlap.
-No meaningful value is returned.
-.PP
-.I des_ecb3_encrypt
-encrypts/decrypts the
-.I input
-block by using triple ecb DES encryption.
-This involves encrypting the input with 
-.I ks1,
-decryption with the key schedule
-.I ks2,
-and then encryption with the first again.
-This routine greatly reduces the chances of brute force breaking of
-DES and has the advantage of if
-.I ks1
-and
-.I ks2
-are the same, it is equivalent to just encryption using ecb mode and
-.I ks1
-as the key.
-.PP
-.I des_cbc_encrypt
-encrypts/decrypts using the
-.I cipher-block-chaining
-mode of DES.
-If the
-.I encrypt
-argument is non-zero,
-the routine cipher-block-chain encrypts the cleartext data pointed to by the
-.I input
-argument into the ciphertext pointed to by the
-.I output
-argument,
-using the key schedule provided by the
-.I schedule
-argument,
-and initialisation vector provided by the
-.I ivec
-argument.
-If the
-.I length
-argument is not an integral multiple of eight bytes, 
-the last block is copied to a temporary area and zero filled.
-The output is always
-an integral multiple of eight bytes.
-To make multiple cbc encrypt calls on a large amount of data appear to
-be one 
-.I des_cbc_encrypt
-call, the
-.I ivec
-of subsequent calls should be the last 8 bytes of the output.
-.PP
-.I des_3cbc_encrypt
-encrypts/decrypts the
-.I input
-block by using triple cbc DES encryption.
-This involves encrypting the input with key schedule
-.I ks1,
-decryption with the key schedule
-.I ks2,
-and then encryption with the first again.
-2 initialisation vectors are required,
-.I ivec1
-and
-.I ivec2.
-Unlike
-.I des_cbc_encrypt,
-these initialisation vectors are modified by the subroutine.
-This routine greatly reduces the chances of brute force breaking of
-DES and has the advantage of if
-.I ks1
-and
-.I ks2
-are the same, it is equivalent to just encryption using cbc mode and
-.I ks1
-as the key.
-.PP
-.I des_pcbc_encrypt
-encrypt/decrypts using a modified block chaining mode.
-It provides better error propagation characteristics than cbc
-encryption.
-.PP
-.I des_cfb_encrypt
-encrypt/decrypts using cipher feedback mode.  This method takes an
-array of characters as input and outputs and array of characters.  It
-does not require any padding to 8 character groups.  Note: the ivec
-variable is changed and the new changed value needs to be passed to
-the next call to this function.  Since this function runs a complete
-DES ecb encryption per numbits, this function is only suggested for
-use when sending small numbers of characters.
-.PP
-.I des_ofb_encrypt
-encrypt using output feedback mode.  This method takes an
-array of characters as input and outputs and array of characters.  It
-does not require any padding to 8 character groups.  Note: the ivec
-variable is changed and the new changed value needs to be passed to
-the next call to this function.  Since this function runs a complete
-DES ecb encryption per numbits, this function is only suggested for
-use when sending small numbers of characters.
-.PP
-.I des_cbc_cksum
-produces an 8 byte checksum based on the input stream (via cbc encryption).
-The last 4 bytes of the checksum is returned and the complete 8 bytes is
-placed in
-.I output.
-.PP
-.I des_quad_cksum
-returns a 4 byte checksum from the input bytes.
-The algorithm can be iterated over the input,
-depending on
-.I out_count,
-1, 2, 3 or 4 times.
-If
-.I output
-is non-NULL,
-the 8 bytes generated by each pass are written into
-.I output.
-.PP
-.I des_enc_write
-is used to write
-.I len
-bytes
-to file descriptor
-.I fd
-from buffer
-.I buf.
-The data is encrypted via
-.I pcbc_encrypt
-(default) using
-.I sched
-for the key and
-.I iv
-as a starting vector.
-The actual data send down
-.I fd
-consists of 4 bytes (in network byte order) containing the length of the
-following encrypted data.  The encrypted data then follows, padded with random
-data out to a multiple of 8 bytes.
-.PP
-.I des_enc_read
-is used to read
-.I len
-bytes
-from file descriptor
-.I fd
-into buffer
-.I buf.
-The data being read from
-.I fd
-is assumed to have come from
-.I des_enc_write
-and is decrypted using
-.I sched
-for the key schedule and
-.I iv
-for the initial vector.
-The
-.I des_enc_read/des_enc_write
-pair can be used to read/write to files, pipes and sockets.
-I have used them in implementing a version of rlogin in which all
-data is encrypted.
-.PP
-.I des_rw_mode
-is used to specify the encryption mode to use with 
-.I des_enc_read
-and 
-.I des_end_write.
-If set to
-.I DES_PCBC_MODE
-(the default), des_pcbc_encrypt is used.
-If set to
-.I DES_CBC_MODE
-des_cbc_encrypt is used.
-These two routines and the variable are not part of the normal MIT library.
-.PP
-.I des_set_odd_parity
-sets the parity of the passed
-.I key
-to odd.  This routine is not part of the standard MIT library.
-.PP
-.I des_is_weak_key
-returns 1 is the passed key is a weak key (pick again :-),
-0 if it is ok.
-This routine is not part of the standard MIT library.
-.PP
-.I crypt
-is a replacement for the normal system crypt.
-It is much faster than the system crypt.
-.PP
-.SH FILES
-/usr/include/des.h
-.br
-/usr/lib/libdes.a
-.PP
-The encryption routines have been tested on 16bit, 32bit and 64bit
-machines of various endian and even works under VMS.
-.PP
-.SH BUGS
-.PP
-If you think this manual is sparse,
-read the des_crypt(3) manual from the MIT kerberos (or bones outside
-of the USA) distribution.
-.PP
-.I des_cfb_encrypt
-and
-.I des_ofb_encrypt
-operates on input of 8 bits.  What this means is that if you set
-numbits to 12, and length to 2, the first 12 bits will come from the 1st
-input byte and the low half of the second input byte.  The second 12
-bits will have the low 8 bits taken from the 3rd input byte and the
-top 4 bits taken from the 4th input byte.  The same holds for output.
-This function has been implemented this way because most people will
-be using a multiple of 8 and because once you get into pulling bytes input
-bytes apart things get ugly!
-.PP
-.I des_read_pw_string
-is the most machine/OS dependent function and normally generates the
-most problems when porting this code.
-.PP
-.I des_string_to_key
-is probably different from the MIT version since there are lots
-of fun ways to implement one-way encryption of a text string.
-.PP
-The routines are optimised for 32 bit machines and so are not efficient
-on IBM PCs.
-.PP
-NOTE: extensive work has been done on this library since this document
-was origionally written.  Please try to read des.doc from the libdes
-distribution since it is far more upto date and documents more of the
-functions.  Libdes is now also being shipped as part of SSLeay, a
-general cryptographic library that amonst other things implements
-netscapes SSL protocoll.  The most recent version can be found in
-SSLeay distributions.
-.SH AUTHOR
-Eric Young (eay@cryptsoft.com)
diff --git a/crypto/des/des_enc.c b/crypto/des/des_enc.c
index e4db09299e..1c37ab96d3 100644
--- a/crypto/des/des_enc.c
+++ b/crypto/des/des_enc.c
@@ -58,14 +58,11 @@
 
 #include "des_locl.h"
 
-void des_encrypt(data, ks, enc)
-DES_LONG *data;
-des_key_schedule ks;
-int enc;
+void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
 	{
 	register DES_LONG l,r,t,u;
 #ifdef DES_PTR
-	register unsigned char *des_SP=(unsigned char *)des_SPtrans;
+	register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
 #endif
 #ifndef DES_UNROLL
 	register int i;
@@ -78,7 +75,7 @@ int enc;
 	IP(r,l);
 	/* Things have been modified so that the initial rotate is
 	 * done outside the loop.  This required the
-	 * des_SPtrans values in sp.h to be rotated 1 bit to the right.
+	 * DES_SPtrans values in sp.h to be rotated 1 bit to the right.
 	 * One perl script later and things have a 5% speed up on a sparc2.
 	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
 	 * for pointing this out. */
@@ -87,7 +84,7 @@ int enc;
 	r=ROTATE(r,29)&0xffffffffL;
 	l=ROTATE(l,29)&0xffffffffL;
 
-	s=(DES_LONG *)ks;
+	s=ks->ks->deslong;
 	/* I don't know if it is worth the effort of loop unrolling the
 	 * inner loop */
 	if (enc)
@@ -159,14 +156,11 @@ int enc;
 	l=r=t=u=0;
 	}
 
-void des_encrypt2(data, ks, enc)
-DES_LONG *data;
-des_key_schedule ks;
-int enc;
+void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
 	{
 	register DES_LONG l,r,t,u;
 #ifdef DES_PTR
-	register unsigned char *des_SP=(unsigned char *)des_SPtrans;
+	register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
 #endif
 #ifndef DES_UNROLL
 	register int i;
@@ -178,7 +172,7 @@ int enc;
 
 	/* Things have been modified so that the initial rotate is
 	 * done outside the loop.  This required the
-	 * des_SPtrans values in sp.h to be rotated 1 bit to the right.
+	 * DES_SPtrans values in sp.h to be rotated 1 bit to the right.
 	 * One perl script later and things have a 5% speed up on a sparc2.
 	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
 	 * for pointing this out. */
@@ -186,7 +180,7 @@ int enc;
 	r=ROTATE(r,29)&0xffffffffL;
 	l=ROTATE(l,29)&0xffffffffL;
 
-	s=(DES_LONG *)ks;
+	s=ks->ks->deslong;
 	/* I don't know if it is worth the effort of loop unrolling the
 	 * inner loop */
 	if (enc)
@@ -253,11 +247,8 @@ int enc;
 	l=r=t=u=0;
 	}
 
-void des_encrypt3(data,ks1,ks2,ks3)
-DES_LONG *data;
-des_key_schedule ks1;
-des_key_schedule ks2;
-des_key_schedule ks3;
+void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
+		  DES_key_schedule *ks2, DES_key_schedule *ks3)
 	{
 	register DES_LONG l,r;
 
@@ -266,9 +257,9 @@ des_key_schedule ks3;
 	IP(l,r);
 	data[0]=l;
 	data[1]=r;
-	des_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT);
-	des_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT);
-	des_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT);
+	DES_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT);
+	DES_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT);
+	DES_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT);
 	l=data[0];
 	r=data[1];
 	FP(r,l);
@@ -276,11 +267,8 @@ des_key_schedule ks3;
 	data[1]=r;
 	}
 
-void des_decrypt3(data,ks1,ks2,ks3)
-DES_LONG *data;
-des_key_schedule ks1;
-des_key_schedule ks2;
-des_key_schedule ks3;
+void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
+		  DES_key_schedule *ks2, DES_key_schedule *ks3)
 	{
 	register DES_LONG l,r;
 
@@ -289,9 +277,9 @@ des_key_schedule ks3;
 	IP(l,r);
 	data[0]=l;
 	data[1]=r;
-	des_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT);
-	des_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT);
-	des_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT);
+	DES_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT);
+	DES_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT);
+	DES_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT);
 	l=data[0];
 	r=data[1];
 	FP(r,l);
@@ -301,108 +289,25 @@ des_key_schedule ks3;
 
 #ifndef DES_DEFAULT_OPTIONS
 
-void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-int enc;
-	{
-	register DES_LONG tin0,tin1;
-	register DES_LONG tout0,tout1,xor0,xor1;
-	register unsigned char *in,*out;
-	register long l=length;
-	DES_LONG tin[2];
-	unsigned char *iv;
-
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	iv=(unsigned char *)ivec;
-
-	if (enc)
-		{
-		c2l(iv,tout0);
-		c2l(iv,tout1);
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-			tin0^=tout0; tin[0]=tin0;
-			tin1^=tout1; tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
-			tout0=tin[0]; l2c(tout0,out);
-			tout1=tin[1]; l2c(tout1,out);
-			}
-		if (l != -8)
-			{
-			c2ln(in,tin0,tin1,l+8);
-			tin0^=tout0; tin[0]=tin0;
-			tin1^=tout1; tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
-			tout0=tin[0]; l2c(tout0,out);
-			tout1=tin[1]; l2c(tout1,out);
-			}
-		iv=(unsigned char *)ivec;
-		l2c(tout0,iv);
-		l2c(tout1,iv);
-		}
-	else
-		{
-		c2l(iv,xor0);
-		c2l(iv,xor1);
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0); tin[0]=tin0;
-			c2l(in,tin1); tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2c(tout0,out);
-			l2c(tout1,out);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		if (l != -8)
-			{
-			c2l(in,tin0); tin[0]=tin0;
-			c2l(in,tin1); tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2cn(tout0,tout1,out,l+8);
-			xor0=tin0;
-			xor1=tin1;
-			}
-
-		iv=(unsigned char *)ivec;
-		l2c(xor0,iv);
-		l2c(xor1,iv);
-		}
-	tin0=tin1=tout0=tout1=xor0=xor1=0;
-	tin[0]=tin[1]=0;
-	}
+#undef CBC_ENC_C__DONT_UPDATE_IV
+#include "ncbc_enc.c" /* DES_ncbc_encrypt */
 
-void des_ede3_cbc_encrypt(input, output, length, ks1, ks2, ks3, ivec, enc)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule ks1;
-des_key_schedule ks2;
-des_key_schedule ks3;
-des_cblock (*ivec);
-int enc;
+void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
+			  long length, DES_key_schedule *ks1,
+			  DES_key_schedule *ks2, DES_key_schedule *ks3,
+			  DES_cblock *ivec, int enc)
 	{
 	register DES_LONG tin0,tin1;
 	register DES_LONG tout0,tout1,xor0,xor1;
-	register unsigned char *in,*out;
+	register const unsigned char *in;
+	unsigned char *out;
 	register long l=length;
 	DES_LONG tin[2];
 	unsigned char *iv;
 
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	iv=(unsigned char *)ivec;
+	in=input;
+	out=output;
+	iv = &(*ivec)[0];
 
 	if (enc)
 		{
@@ -417,7 +322,7 @@ int enc;
 
 			tin[0]=tin0;
 			tin[1]=tin1;
-			des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
 			tout0=tin[0];
 			tout1=tin[1];
 
@@ -432,14 +337,14 @@ int enc;
 
 			tin[0]=tin0;
 			tin[1]=tin1;
-			des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
 			tout0=tin[0];
 			tout1=tin[1];
 
 			l2c(tout0,out);
 			l2c(tout1,out);
 			}
-		iv=(unsigned char *)ivec;
+		iv = &(*ivec)[0];
 		l2c(tout0,iv);
 		l2c(tout1,iv);
 		}
@@ -459,7 +364,7 @@ int enc;
 
 			tin[0]=tin0;
 			tin[1]=tin1;
-			des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
 			tout0=tin[0];
 			tout1=tin[1];
 
@@ -480,7 +385,7 @@ int enc;
 
 			tin[0]=tin0;
 			tin[1]=tin1;
-			des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
+			DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
 			tout0=tin[0];
 			tout1=tin[1];
 		
@@ -491,7 +396,7 @@ int enc;
 			xor1=t1;
 			}
 
-		iv=(unsigned char *)ivec;
+		iv = &(*ivec)[0];
 		l2c(xor0,iv);
 		l2c(xor1,iv);
 		}
diff --git a/crypto/des/des_locl.h b/crypto/des/des_locl.h
index 67ef3e7900..9e033f7c2e 100644
--- a/crypto/des/des_locl.h
+++ b/crypto/des/des_locl.h
@@ -1,4 +1,4 @@
-/* crypto/des/des_locl.org */
+/* crypto/des/des_locl.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,140 +56,43 @@
  * [including the GNU Public Licence.]
  */
 
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * Always modify des_locl.org since des_locl.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
 #ifndef HEADER_DES_LOCL_H
 #define HEADER_DES_LOCL_H
 
-#if defined(WIN32) || defined(WIN16)
-#ifndef MSDOS
-#define MSDOS
+#include <openssl/e_os2.h>
+
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
+#ifndef OPENSSL_SYS_MSDOS
+#define OPENSSL_SYS_MSDOS
 #endif
 #endif
 
 #include <stdio.h>
 #include <stdlib.h>
-#ifndef MSDOS
-#include <unistd.h>
-#endif
-#include "des.h"
-
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
+#include <string.h>
 
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#ifndef OPENSSL_SYS_MSDOS
+#if !defined(OPENSSL_SYS_VMS) || defined(__DECC)
+#ifdef OPENSSL_UNISTD
+# include OPENSSL_UNISTD
+#else
+# include <unistd.h>
 #endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#undef DES_UNROLL
+#include <math.h>
 #endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )		/* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )	/* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )	/* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )		/* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )		/* HP-PA */
-  /* Unknown */
-#elif defined( __aux )		/* 68K */
-  /* Unknown */
-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )		/* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( i386 )		/* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
 #endif
+#include <openssl/des.h>
 
-#endif /* DES_DEFAULT_OPTIONS */
-
-#ifdef MSDOS		/* Visual C++ 2.1 (Windows NT/95) */
+#ifdef OPENSSL_SYS_MSDOS		/* Visual C++ 2.1 (Windows NT/95) */
 #include <stdlib.h>
 #include <errno.h>
 #include <time.h>
 #include <io.h>
-#ifndef RAND
-#define RAND
-#endif
-#undef NOPROTO
 #endif
 
-#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
-#include <string.h>
-#endif
-
-#ifndef RAND
-#define RAND
-#endif
-
-#ifdef linux
-#undef RAND
-#endif
-
-#ifdef MSDOS
-#define getpid() 2
-#define RAND
-#undef NOPROTO
-#endif
-
-#if defined(NOCONST)
-#define const
-#endif
-
-#ifdef __STDC__
-#undef NOPROTO
-#endif
-
-#ifdef RAND
-#define srandom(s) srand(s)
-#define random rand
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
 #endif
 
 #define ITERATIONS 16
@@ -254,7 +157,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 				} \
 			}
 
-#if defined(WIN32)
+#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
 #define	ROTATE(a,n)	(_lrotr(a,n))
 #else
 #define	ROTATE(a,n)	(((a)>>(n))+((a)<<(32-(n))))
@@ -281,14 +184,14 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 #endif
 
 /* The changes to this macro may help or hinder, depending on the
- * compiler and the achitecture.  gcc2 always seems to do well :-).
+ * compiler and the architecture.  gcc2 always seems to do well :-).
  * Inspired by Dana How <how@isl.stanford.edu>
  * DO NOT use the alternative version on machines with 8 byte longs.
  * It does not seem to work on the Alpha, even when DES_LONG is 4
  * bytes, probably an issue of accessing non-word aligned objects :-( */
 #ifdef DES_PTR
 
-/* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there
+/* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there
  * is no reason to not xor all the sub items together.  This potentially
  * saves a register since things can be xored directly into L */
 
@@ -302,24 +205,24 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 	u2&=0xfc; \
 	t=ROTATE(t,4); \
 	u>>=16L; \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP      +u1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \
+	LL^= *(const DES_LONG *)(des_SP      +u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
 	u3=(int)(u>>8L); \
 	u1=(int)u&0xfc; \
 	u3&=0xfc; \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+u1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+u3); \
+	LL^= *(const DES_LONG *)(des_SP+0x400+u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x600+u3); \
 	u2=(int)t>>8L; \
 	u1=(int)t&0xfc; \
 	u2&=0xfc; \
 	t>>=16L; \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \
+	LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
 	u3=(int)t>>8L; \
 	u1=(int)t&0xfc; \
 	u3&=0xfc; \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+u1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+u3); }
+	LL^= *(const DES_LONG *)(des_SP+0x500+u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x700+u3); }
 #endif
 #ifdef DES_RISC2
 #define D_ENCRYPT(LL,R,S) { \
@@ -329,39 +232,39 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 	u1=(int)u&0xfc; \
 	u2&=0xfc; \
 	t=ROTATE(t,4); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP      +u1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \
+	LL^= *(const DES_LONG *)(des_SP      +u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x200+u2); \
 	s1=(int)(u>>16L); \
 	s2=(int)(u>>24L); \
 	s1&=0xfc; \
 	s2&=0xfc; \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+s1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+s2); \
+	LL^= *(const DES_LONG *)(des_SP+0x400+s1); \
+	LL^= *(const DES_LONG *)(des_SP+0x600+s2); \
 	u2=(int)t>>8L; \
 	u1=(int)t&0xfc; \
 	u2&=0xfc; \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \
+	LL^= *(const DES_LONG *)(des_SP+0x100+u1); \
+	LL^= *(const DES_LONG *)(des_SP+0x300+u2); \
 	s1=(int)(t>>16L); \
 	s2=(int)(t>>24L); \
 	s1&=0xfc; \
 	s2&=0xfc; \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+s1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+s2); }
+	LL^= *(const DES_LONG *)(des_SP+0x500+s1); \
+	LL^= *(const DES_LONG *)(des_SP+0x700+s2); }
 #endif
 #else
 #define D_ENCRYPT(LL,R,S) { \
 	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
 	t=ROTATE(t,4); \
 	LL^= \
-	*(DES_LONG *)((unsigned char *)des_SP      +((u     )&0xfc))^ \
-	*(DES_LONG *)((unsigned char *)des_SP+0x200+((u>> 8L)&0xfc))^ \
-	*(DES_LONG *)((unsigned char *)des_SP+0x400+((u>>16L)&0xfc))^ \
-	*(DES_LONG *)((unsigned char *)des_SP+0x600+((u>>24L)&0xfc))^ \
-	*(DES_LONG *)((unsigned char *)des_SP+0x100+((t     )&0xfc))^ \
-	*(DES_LONG *)((unsigned char *)des_SP+0x300+((t>> 8L)&0xfc))^ \
-	*(DES_LONG *)((unsigned char *)des_SP+0x500+((t>>16L)&0xfc))^ \
-	*(DES_LONG *)((unsigned char *)des_SP+0x700+((t>>24L)&0xfc)); }
+	*(const DES_LONG *)(des_SP      +((u     )&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x200+((u>> 8L)&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x400+((u>>16L)&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x600+((u>>24L)&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x100+((t     )&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x300+((t>> 8L)&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x500+((t>>16L)&0xfc))^ \
+	*(const DES_LONG *)(des_SP+0x700+((t>>24L)&0xfc)); }
 #endif
 
 #else /* original version */
@@ -377,24 +280,24 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 	u1=(int)u&0x3f; \
 	u2&=0x3f; \
 	u>>=16L; \
-	LL^=des_SPtrans[0][u1]; \
-	LL^=des_SPtrans[2][u2]; \
+	LL^=DES_SPtrans[0][u1]; \
+	LL^=DES_SPtrans[2][u2]; \
 	u3=(int)u>>8L; \
 	u1=(int)u&0x3f; \
 	u3&=0x3f; \
-	LL^=des_SPtrans[4][u1]; \
-	LL^=des_SPtrans[6][u3]; \
+	LL^=DES_SPtrans[4][u1]; \
+	LL^=DES_SPtrans[6][u3]; \
 	u2=(int)t>>8L; \
 	u1=(int)t&0x3f; \
 	u2&=0x3f; \
 	t>>=16L; \
-	LL^=des_SPtrans[1][u1]; \
-	LL^=des_SPtrans[3][u2]; \
+	LL^=DES_SPtrans[1][u1]; \
+	LL^=DES_SPtrans[3][u2]; \
 	u3=(int)t>>8L; \
 	u1=(int)t&0x3f; \
 	u3&=0x3f; \
-	LL^=des_SPtrans[5][u1]; \
-	LL^=des_SPtrans[7][u3]; }
+	LL^=DES_SPtrans[5][u1]; \
+	LL^=DES_SPtrans[7][u3]; }
 #endif
 #ifdef DES_RISC2
 #define D_ENCRYPT(LL,R,S) {\
@@ -405,25 +308,25 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 	u2=(int)u>>8L; \
 	u1=(int)u&0x3f; \
 	u2&=0x3f; \
-	LL^=des_SPtrans[0][u1]; \
-	LL^=des_SPtrans[2][u2]; \
+	LL^=DES_SPtrans[0][u1]; \
+	LL^=DES_SPtrans[2][u2]; \
 	s1=(int)u>>16L; \
 	s2=(int)u>>24L; \
 	s1&=0x3f; \
 	s2&=0x3f; \
-	LL^=des_SPtrans[4][s1]; \
-	LL^=des_SPtrans[6][s2]; \
+	LL^=DES_SPtrans[4][s1]; \
+	LL^=DES_SPtrans[6][s2]; \
 	u2=(int)t>>8L; \
 	u1=(int)t&0x3f; \
 	u2&=0x3f; \
-	LL^=des_SPtrans[1][u1]; \
-	LL^=des_SPtrans[3][u2]; \
+	LL^=DES_SPtrans[1][u1]; \
+	LL^=DES_SPtrans[3][u2]; \
 	s1=(int)t>>16; \
 	s2=(int)t>>24L; \
 	s1&=0x3f; \
 	s2&=0x3f; \
-	LL^=des_SPtrans[5][s1]; \
-	LL^=des_SPtrans[7][s2]; }
+	LL^=DES_SPtrans[5][s1]; \
+	LL^=DES_SPtrans[7][s2]; }
 #endif
 
 #else
@@ -432,14 +335,14 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
 	t=ROTATE(t,4); \
 	LL^=\
-		des_SPtrans[0][(u>> 2L)&0x3f]^ \
-		des_SPtrans[2][(u>>10L)&0x3f]^ \
-		des_SPtrans[4][(u>>18L)&0x3f]^ \
-		des_SPtrans[6][(u>>26L)&0x3f]^ \
-		des_SPtrans[1][(t>> 2L)&0x3f]^ \
-		des_SPtrans[3][(t>>10L)&0x3f]^ \
-		des_SPtrans[5][(t>>18L)&0x3f]^ \
-		des_SPtrans[7][(t>>26L)&0x3f]; }
+		DES_SPtrans[0][(u>> 2L)&0x3f]^ \
+		DES_SPtrans[2][(u>>10L)&0x3f]^ \
+		DES_SPtrans[4][(u>>18L)&0x3f]^ \
+		DES_SPtrans[6][(u>>26L)&0x3f]^ \
+		DES_SPtrans[1][(t>> 2L)&0x3f]^ \
+		DES_SPtrans[3][(t>>10L)&0x3f]^ \
+		DES_SPtrans[5][(t>>18L)&0x3f]^ \
+		DES_SPtrans[7][(t>>26L)&0x3f]; }
 #endif
 #endif
 
@@ -504,13 +407,8 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
 	}
 
-extern const DES_LONG des_SPtrans[8][64];
-
-#ifndef NOPROTO
-void fcrypt_body(DES_LONG *out,des_key_schedule ks,
-	DES_LONG Eswap0, DES_LONG Eswap1);
-#else
-void fcrypt_body();
-#endif
+OPENSSL_EXTERN const DES_LONG DES_SPtrans[8][64];
 
+void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,
+		 DES_LONG Eswap0, DES_LONG Eswap1);
 #endif
diff --git a/crypto/des/des_locl.org b/crypto/des/des_locl.org
deleted file mode 100644
index 67ef3e7900..0000000000
--- a/crypto/des/des_locl.org
+++ /dev/null
@@ -1,516 +0,0 @@
-/* crypto/des/des_locl.org */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * Always modify des_locl.org since des_locl.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-#ifndef HEADER_DES_LOCL_H
-#define HEADER_DES_LOCL_H
-
-#if defined(WIN32) || defined(WIN16)
-#ifndef MSDOS
-#define MSDOS
-#endif
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#ifndef MSDOS
-#include <unistd.h>
-#endif
-#include "des.h"
-
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#undef DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )		/* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )	/* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )	/* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )		/* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )		/* HP-PA */
-  /* Unknown */
-#elif defined( __aux )		/* 68K */
-  /* Unknown */
-#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )		/* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( i386 )		/* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-
-#ifdef MSDOS		/* Visual C++ 2.1 (Windows NT/95) */
-#include <stdlib.h>
-#include <errno.h>
-#include <time.h>
-#include <io.h>
-#ifndef RAND
-#define RAND
-#endif
-#undef NOPROTO
-#endif
-
-#if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS)
-#include <string.h>
-#endif
-
-#ifndef RAND
-#define RAND
-#endif
-
-#ifdef linux
-#undef RAND
-#endif
-
-#ifdef MSDOS
-#define getpid() 2
-#define RAND
-#undef NOPROTO
-#endif
-
-#if defined(NOCONST)
-#define const
-#endif
-
-#ifdef __STDC__
-#undef NOPROTO
-#endif
-
-#ifdef RAND
-#define srandom(s) srand(s)
-#define random rand
-#endif
-
-#define ITERATIONS 16
-#define HALF_ITERATIONS 8
-
-/* used in des_read and des_write */
-#define MAXWRITE	(1024*16)
-#define BSIZE		(MAXWRITE+4)
-
-#define c2l(c,l)	(l =((DES_LONG)(*((c)++)))    , \
-			 l|=((DES_LONG)(*((c)++)))<< 8L, \
-			 l|=((DES_LONG)(*((c)++)))<<16L, \
-			 l|=((DES_LONG)(*((c)++)))<<24L)
-
-/* NOTE - c is not incremented as per c2l */
-#define c2ln(c,l1,l2,n)	{ \
-			c+=n; \
-			l1=l2=0; \
-			switch (n) { \
-			case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
-			case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
-			case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
-			case 5: l2|=((DES_LONG)(*(--(c))));     \
-			case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
-			case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
-			case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
-			case 1: l1|=((DES_LONG)(*(--(c))));     \
-				} \
-			}
-
-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)     )&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>24L)&0xff))
-
-/* replacements for htonl and ntohl since I have no idea what to do
- * when faced with machines with 8 byte longs. */
-#define HDRSIZE 4
-
-#define n2l(c,l)	(l =((DES_LONG)(*((c)++)))<<24L, \
-			 l|=((DES_LONG)(*((c)++)))<<16L, \
-			 l|=((DES_LONG)(*((c)++)))<< 8L, \
-			 l|=((DES_LONG)(*((c)++))))
-
-#define l2n(l,c)	(*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
-			 *((c)++)=(unsigned char)(((l)     )&0xff))
-
-/* NOTE - c is not incremented as per l2c */
-#define l2cn(l1,l2,c,n)	{ \
-			c+=n; \
-			switch (n) { \
-			case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
-			case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
-			case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
-			case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
-			case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
-			case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
-			case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
-			case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
-				} \
-			}
-
-#if defined(WIN32)
-#define	ROTATE(a,n)	(_lrotr(a,n))
-#else
-#define	ROTATE(a,n)	(((a)>>(n))+((a)<<(32-(n))))
-#endif
-
-/* Don't worry about the LOAD_DATA() stuff, that is used by
- * fcrypt() to add it's little bit to the front */
-
-#ifdef DES_FCRYPT
-
-#define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
-	{ DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }
-
-#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
-	t=R^(R>>16L); \
-	u=t&E0; t&=E1; \
-	tmp=(u<<16); u^=R^s[S  ]; u^=tmp; \
-	tmp=(t<<16); t^=R^s[S+1]; t^=tmp
-#else
-#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
-#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
-	u=R^s[S  ]; \
-	t=R^s[S+1]
-#endif
-
-/* The changes to this macro may help or hinder, depending on the
- * compiler and the achitecture.  gcc2 always seems to do well :-).
- * Inspired by Dana How <how@isl.stanford.edu>
- * DO NOT use the alternative version on machines with 8 byte longs.
- * It does not seem to work on the Alpha, even when DES_LONG is 4
- * bytes, probably an issue of accessing non-word aligned objects :-( */
-#ifdef DES_PTR
-
-/* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there
- * is no reason to not xor all the sub items together.  This potentially
- * saves a register since things can be xored directly into L */
-
-#if defined(DES_RISC1) || defined(DES_RISC2)
-#ifdef DES_RISC1
-#define D_ENCRYPT(LL,R,S) { \
-	unsigned int u1,u2,u3; \
-	LOAD_DATA(R,S,u,t,E0,E1,u1); \
-	u2=(int)u>>8L; \
-	u1=(int)u&0xfc; \
-	u2&=0xfc; \
-	t=ROTATE(t,4); \
-	u>>=16L; \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP      +u1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \
-	u3=(int)(u>>8L); \
-	u1=(int)u&0xfc; \
-	u3&=0xfc; \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+u1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+u3); \
-	u2=(int)t>>8L; \
-	u1=(int)t&0xfc; \
-	u2&=0xfc; \
-	t>>=16L; \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \
-	u3=(int)t>>8L; \
-	u1=(int)t&0xfc; \
-	u3&=0xfc; \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+u1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+u3); }
-#endif
-#ifdef DES_RISC2
-#define D_ENCRYPT(LL,R,S) { \
-	unsigned int u1,u2,s1,s2; \
-	LOAD_DATA(R,S,u,t,E0,E1,u1); \
-	u2=(int)u>>8L; \
-	u1=(int)u&0xfc; \
-	u2&=0xfc; \
-	t=ROTATE(t,4); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP      +u1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x200+u2); \
-	s1=(int)(u>>16L); \
-	s2=(int)(u>>24L); \
-	s1&=0xfc; \
-	s2&=0xfc; \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x400+s1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x600+s2); \
-	u2=(int)t>>8L; \
-	u1=(int)t&0xfc; \
-	u2&=0xfc; \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x100+u1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x300+u2); \
-	s1=(int)(t>>16L); \
-	s2=(int)(t>>24L); \
-	s1&=0xfc; \
-	s2&=0xfc; \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x500+s1); \
-	LL^= *(DES_LONG *)((unsigned char *)des_SP+0x700+s2); }
-#endif
-#else
-#define D_ENCRYPT(LL,R,S) { \
-	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
-	t=ROTATE(t,4); \
-	LL^= \
-	*(DES_LONG *)((unsigned char *)des_SP      +((u     )&0xfc))^ \
-	*(DES_LONG *)((unsigned char *)des_SP+0x200+((u>> 8L)&0xfc))^ \
-	*(DES_LONG *)((unsigned char *)des_SP+0x400+((u>>16L)&0xfc))^ \
-	*(DES_LONG *)((unsigned char *)des_SP+0x600+((u>>24L)&0xfc))^ \
-	*(DES_LONG *)((unsigned char *)des_SP+0x100+((t     )&0xfc))^ \
-	*(DES_LONG *)((unsigned char *)des_SP+0x300+((t>> 8L)&0xfc))^ \
-	*(DES_LONG *)((unsigned char *)des_SP+0x500+((t>>16L)&0xfc))^ \
-	*(DES_LONG *)((unsigned char *)des_SP+0x700+((t>>24L)&0xfc)); }
-#endif
-
-#else /* original version */
-
-#if defined(DES_RISC1) || defined(DES_RISC2)
-#ifdef DES_RISC1
-#define D_ENCRYPT(LL,R,S) {\
-	unsigned int u1,u2,u3; \
-	LOAD_DATA(R,S,u,t,E0,E1,u1); \
-	u>>=2L; \
-	t=ROTATE(t,6); \
-	u2=(int)u>>8L; \
-	u1=(int)u&0x3f; \
-	u2&=0x3f; \
-	u>>=16L; \
-	LL^=des_SPtrans[0][u1]; \
-	LL^=des_SPtrans[2][u2]; \
-	u3=(int)u>>8L; \
-	u1=(int)u&0x3f; \
-	u3&=0x3f; \
-	LL^=des_SPtrans[4][u1]; \
-	LL^=des_SPtrans[6][u3]; \
-	u2=(int)t>>8L; \
-	u1=(int)t&0x3f; \
-	u2&=0x3f; \
-	t>>=16L; \
-	LL^=des_SPtrans[1][u1]; \
-	LL^=des_SPtrans[3][u2]; \
-	u3=(int)t>>8L; \
-	u1=(int)t&0x3f; \
-	u3&=0x3f; \
-	LL^=des_SPtrans[5][u1]; \
-	LL^=des_SPtrans[7][u3]; }
-#endif
-#ifdef DES_RISC2
-#define D_ENCRYPT(LL,R,S) {\
-	unsigned int u1,u2,s1,s2; \
-	LOAD_DATA(R,S,u,t,E0,E1,u1); \
-	u>>=2L; \
-	t=ROTATE(t,6); \
-	u2=(int)u>>8L; \
-	u1=(int)u&0x3f; \
-	u2&=0x3f; \
-	LL^=des_SPtrans[0][u1]; \
-	LL^=des_SPtrans[2][u2]; \
-	s1=(int)u>>16L; \
-	s2=(int)u>>24L; \
-	s1&=0x3f; \
-	s2&=0x3f; \
-	LL^=des_SPtrans[4][s1]; \
-	LL^=des_SPtrans[6][s2]; \
-	u2=(int)t>>8L; \
-	u1=(int)t&0x3f; \
-	u2&=0x3f; \
-	LL^=des_SPtrans[1][u1]; \
-	LL^=des_SPtrans[3][u2]; \
-	s1=(int)t>>16; \
-	s2=(int)t>>24L; \
-	s1&=0x3f; \
-	s2&=0x3f; \
-	LL^=des_SPtrans[5][s1]; \
-	LL^=des_SPtrans[7][s2]; }
-#endif
-
-#else
-
-#define D_ENCRYPT(LL,R,S) {\
-	LOAD_DATA_tmp(R,S,u,t,E0,E1); \
-	t=ROTATE(t,4); \
-	LL^=\
-		des_SPtrans[0][(u>> 2L)&0x3f]^ \
-		des_SPtrans[2][(u>>10L)&0x3f]^ \
-		des_SPtrans[4][(u>>18L)&0x3f]^ \
-		des_SPtrans[6][(u>>26L)&0x3f]^ \
-		des_SPtrans[1][(t>> 2L)&0x3f]^ \
-		des_SPtrans[3][(t>>10L)&0x3f]^ \
-		des_SPtrans[5][(t>>18L)&0x3f]^ \
-		des_SPtrans[7][(t>>26L)&0x3f]; }
-#endif
-#endif
-
-	/* IP and FP
-	 * The problem is more of a geometric problem that random bit fiddling.
-	 0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6
-	 8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4
-	16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2
-	24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0
-
-	32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7
-	40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5
-	48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3
-	56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1
-
-	The output has been subject to swaps of the form
-	0 1 -> 3 1 but the odd and even bits have been put into
-	2 3    2 0
-	different words.  The main trick is to remember that
-	t=((l>>size)^r)&(mask);
-	r^=t;
-	l^=(t<<size);
-	can be used to swap and move bits between words.
-
-	So l =  0  1  2  3  r = 16 17 18 19
-	        4  5  6  7      20 21 22 23
-	        8  9 10 11      24 25 26 27
-	       12 13 14 15      28 29 30 31
-	becomes (for size == 2 and mask == 0x3333)
-	   t =   2^16  3^17 -- --   l =  0  1 16 17  r =  2  3 18 19
-		 6^20  7^21 -- --        4  5 20 21       6  7 22 23
-		10^24 11^25 -- --        8  9 24 25      10 11 24 25
-		14^28 15^29 -- --       12 13 28 29      14 15 28 29
-
-	Thanks for hints from Richard Outerbridge - he told me IP&FP
-	could be done in 15 xor, 10 shifts and 5 ands.
-	When I finally started to think of the problem in 2D
-	I first got ~42 operations without xors.  When I remembered
-	how to use xors :-) I got it to its final state.
-	*/
-#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
-	(b)^=(t),\
-	(a)^=((t)<<(n)))
-
-#define IP(l,r) \
-	{ \
-	register DES_LONG tt; \
-	PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
-	PERM_OP(l,r,tt,16,0x0000ffffL); \
-	PERM_OP(r,l,tt, 2,0x33333333L); \
-	PERM_OP(l,r,tt, 8,0x00ff00ffL); \
-	PERM_OP(r,l,tt, 1,0x55555555L); \
-	}
-
-#define FP(l,r) \
-	{ \
-	register DES_LONG tt; \
-	PERM_OP(l,r,tt, 1,0x55555555L); \
-	PERM_OP(r,l,tt, 8,0x00ff00ffL); \
-	PERM_OP(l,r,tt, 2,0x33333333L); \
-	PERM_OP(r,l,tt,16,0x0000ffffL); \
-	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
-	}
-
-extern const DES_LONG des_SPtrans[8][64];
-
-#ifndef NOPROTO
-void fcrypt_body(DES_LONG *out,des_key_schedule ks,
-	DES_LONG Eswap0, DES_LONG Eswap1);
-#else
-void fcrypt_body();
-#endif
-
-#endif
diff --git a/crypto/des/des_old.c b/crypto/des/des_old.c
new file mode 100644
index 0000000000..7e4cd7180d
--- /dev/null
+++ b/crypto/des/des_old.c
@@ -0,0 +1,271 @@
+/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
+
+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ *
+ * The function names in here are deprecated and are only present to
+ * provide an interface compatible with libdes.  OpenSSL now provides
+ * functions where "des_" has been replaced with "DES_" in the names,
+ * to make it possible to make incompatible changes that are needed
+ * for C type security and other stuff.
+ *
+ * Please consider starting to use the DES_ functions rather than the
+ * des_ ones.  The des_ functions will dissapear completely before
+ * OpenSSL 1.0!
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define OPENSSL_DES_LIBDES_COMPATIBILITY
+#include <openssl/des.h>
+#include <openssl/rand.h>
+
+const char *_ossl_old_des_options(void)
+	{
+	return DES_options();
+	}
+void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+	des_key_schedule ks1,des_key_schedule ks2,
+	des_key_schedule ks3, int enc)
+	{
+	DES_ecb3_encrypt((const_DES_cblock *)input, output,
+		(DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+		(DES_key_schedule *)ks3, enc);
+	}
+DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+	long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec)
+	{
+	return DES_cbc_cksum((unsigned char *)input, output, length,
+		(DES_key_schedule *)schedule, ivec);
+	}
+void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+	des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
+	{
+	DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
+		length, (DES_key_schedule *)schedule, ivec, enc);
+	}
+void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+	des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
+	{
+	DES_ncbc_encrypt((unsigned char *)input, (unsigned char *)output,
+		length, (DES_key_schedule *)schedule, ivec, enc);
+	}
+void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+	des_key_schedule schedule,_ossl_old_des_cblock *ivec,
+	_ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc)
+	{
+	DES_xcbc_encrypt((unsigned char *)input, (unsigned char *)output,
+		length, (DES_key_schedule *)schedule, ivec, inw, outw, enc);
+	}
+void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
+	long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
+	{
+	DES_cfb_encrypt(in, out, numbits, length,
+		(DES_key_schedule *)schedule, ivec, enc);
+	}
+void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+	des_key_schedule ks,int enc)
+	{
+	DES_ecb_encrypt(input, output, (DES_key_schedule *)ks, enc);
+	}
+void _ossl_old_des_encrypt(DES_LONG *data,des_key_schedule ks, int enc)
+	{
+	DES_encrypt1(data, (DES_key_schedule *)ks, enc);
+	}
+void _ossl_old_des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc)
+	{
+	DES_encrypt2(data, (DES_key_schedule *)ks, enc);
+	}
+void _ossl_old_des_encrypt3(DES_LONG *data, des_key_schedule ks1,
+	des_key_schedule ks2, des_key_schedule ks3)
+	{
+	DES_encrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+		(DES_key_schedule *)ks3);
+	}
+void _ossl_old_des_decrypt3(DES_LONG *data, des_key_schedule ks1,
+	des_key_schedule ks2, des_key_schedule ks3)
+	{
+	DES_decrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+		(DES_key_schedule *)ks3);
+	}
+void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, 
+	long length, des_key_schedule ks1, des_key_schedule ks2, 
+	des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc)
+	{
+	DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
+		length, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+		(DES_key_schedule *)ks3, ivec, enc);
+	}
+void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
+	long length, des_key_schedule ks1, des_key_schedule ks2,
+	des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc)
+	{
+	DES_ede3_cfb64_encrypt(in, out, length,
+		(DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+		(DES_key_schedule *)ks3, ivec, num, enc);
+	}
+void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
+	long length, des_key_schedule ks1, des_key_schedule ks2,
+	des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num)
+	{
+	DES_ede3_ofb64_encrypt(in, out, length,
+		(DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+		(DES_key_schedule *)ks3, ivec, num);
+	}
+
+void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),
+	_ossl_old_des_cblock (*out_white))
+	{
+	DES_xwhite_in2out(des_key, in_white, out_white);
+	}
+
+int _ossl_old_des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
+	_ossl_old_des_cblock *iv)
+	{
+	return DES_enc_read(fd, buf, len, (DES_key_schedule *)sched, iv);
+	}
+int _ossl_old_des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
+	_ossl_old_des_cblock *iv)
+	{
+	return DES_enc_write(fd, buf, len, (DES_key_schedule *)sched, iv);
+	}
+char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret)
+	{
+	return DES_fcrypt(buf, salt, ret);
+	}
+char *_ossl_old_des_crypt(const char *buf,const char *salt)
+	{
+	return DES_crypt(buf, salt);
+	}
+char *_ossl_old_crypt(const char *buf,const char *salt)
+	{
+	return DES_crypt(buf, salt);
+	}
+void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out,
+	int numbits,long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec)
+	{
+	DES_ofb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule,
+		ivec);
+	}
+void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+	des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
+	{
+	DES_pcbc_encrypt((unsigned char *)input, (unsigned char *)output,
+		length, (DES_key_schedule *)schedule, ivec, enc);
+	}
+DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+	long length,int out_count,_ossl_old_des_cblock *seed)
+	{
+	return DES_quad_cksum((unsigned char *)input, output, length,
+		out_count, seed);
+	}
+void _ossl_old_des_random_seed(_ossl_old_des_cblock key)
+	{
+	RAND_seed(key, sizeof(_ossl_old_des_cblock));
+	}
+void _ossl_old_des_random_key(_ossl_old_des_cblock ret)
+	{
+	DES_random_key((DES_cblock *)ret);
+	}
+int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt,
+				int verify)
+	{
+	return DES_read_password(key, prompt, verify);
+	}
+int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, _ossl_old_des_cblock *key2,
+	const char *prompt, int verify)
+	{
+	return DES_read_2passwords(key1, key2, prompt, verify);
+	}
+void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key)
+	{
+	DES_set_odd_parity(key);
+	}
+int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key)
+	{
+	return DES_is_weak_key(key);
+	}
+int _ossl_old_des_set_key(_ossl_old_des_cblock *key,des_key_schedule schedule)
+	{
+	return DES_set_key(key, (DES_key_schedule *)schedule);
+	}
+int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,des_key_schedule schedule)
+	{
+	return DES_key_sched(key, (DES_key_schedule *)schedule);
+	}
+void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key)
+	{
+	DES_string_to_key(str, key);
+	}
+void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2)
+	{
+	DES_string_to_2keys(str, key1, key2);
+	}
+void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc)
+	{
+	DES_cfb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
+		ivec, num, enc);
+	}
+void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num)
+	{
+	DES_ofb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
+		ivec, num);
+	}
diff --git a/crypto/des/des_old.h b/crypto/des/des_old.h
new file mode 100644
index 0000000000..1d8bf65101
--- /dev/null
+++ b/crypto/des/des_old.h
@@ -0,0 +1,441 @@
+/* crypto/des/des_old.h -*- mode:C; c-file-style: "eay" -*- */
+
+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ *
+ * The function names in here are deprecated and are only present to
+ * provide an interface compatible with openssl 0.9.6 and older as
+ * well as libdes.  OpenSSL now provides functions where "des_" has
+ * been replaced with "DES_" in the names, to make it possible to
+ * make incompatible changes that are needed for C type security and
+ * other stuff.
+ *
+ * This include files has two compatibility modes:
+ *
+ *   - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API
+ *     that is compatible with libdes and SSLeay.
+ *   - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an
+ *     API that is compatible with OpenSSL 0.9.5x to 0.9.6x.
+ *
+ * Note that these modes break earlier snapshots of OpenSSL, where
+ * libdes compatibility was the only available mode or (later on) the
+ * prefered compatibility mode.  However, after much consideration
+ * (and more or less violent discussions with external parties), it
+ * was concluded that OpenSSL should be compatible with earlier versions
+ * of itself before anything else.  Also, in all honesty, libdes is
+ * an old beast that shouldn't really be used any more.
+ *
+ * Please consider starting to use the DES_ functions rather than the
+ * des_ ones.  The des_ functions will disappear completely before
+ * OpenSSL 1.0!
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_DES_OLD_H
+#define HEADER_DES_OLD_H
+
+#ifdef OPENSSL_NO_DES
+#error DES is disabled.
+#endif
+
+#ifndef HEADER_DES_H
+#error You must include des.h, not des_old.h directly.
+#endif
+
+#ifdef _KERBEROS_DES_H
+#error <openssl/des_old.h> replaces <kerberos/des.h>.
+#endif
+
+#include <openssl/opensslconf.h> /* DES_LONG */
+#include <openssl/e_os2.h>	/* OPENSSL_EXTERN */
+#include <openssl/symhacks.h>
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef unsigned char _ossl_old_des_cblock[8];
+typedef struct _ossl_old_des_ks_struct
+	{
+	union	{
+		_ossl_old_des_cblock _;
+		/* make sure things are correct size on machines with
+		 * 8 byte longs */
+		DES_LONG pad[2];
+		} ks;
+	} _ossl_old_des_key_schedule[16];
+
+#ifndef OPENSSL_DES_LIBDES_COMPATIBILITY
+#define des_cblock DES_cblock
+#define const_des_cblock const_DES_cblock
+#define des_key_schedule DES_key_schedule
+#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
+	DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e))
+#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
+	DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e))
+#define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\
+	DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e))
+#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
+	DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e))
+#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
+	DES_ede3_ofb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n))
+#define des_options()\
+	DES_options()
+#define des_cbc_cksum(i,o,l,k,iv)\
+	DES_cbc_cksum((i),(o),(l),&(k),(iv))
+#define des_cbc_encrypt(i,o,l,k,iv,e)\
+	DES_cbc_encrypt((i),(o),(l),&(k),(iv),(e))
+#define des_ncbc_encrypt(i,o,l,k,iv,e)\
+	DES_ncbc_encrypt((i),(o),(l),&(k),(iv),(e))
+#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
+	DES_xcbc_encrypt((i),(o),(l),&(k),(iv),(inw),(outw),(e))
+#define des_cfb_encrypt(i,o,n,l,k,iv,e)\
+	DES_cfb_encrypt((i),(o),(n),(l),&(k),(iv),(e))
+#define des_ecb_encrypt(i,o,k,e)\
+	DES_ecb_encrypt((i),(o),&(k),(e))
+#define des_encrypt1(d,k,e)\
+	DES_encrypt1((d),&(k),(e))
+#define des_encrypt2(d,k,e)\
+	DES_encrypt2((d),&(k),(e))
+#define des_encrypt3(d,k1,k2,k3)\
+	DES_encrypt3((d),&(k1),&(k2),&(k3))
+#define des_decrypt3(d,k1,k2,k3)\
+	DES_decrypt3((d),&(k1),&(k2),&(k3))
+#define des_xwhite_in2out(k,i,o)\
+	DES_xwhite_in2out((k),(i),(o))
+#define des_enc_read(f,b,l,k,iv)\
+	DES_enc_read((f),(b),(l),&(k),(iv))
+#define des_enc_write(f,b,l,k,iv)\
+	DES_enc_write((f),(b),(l),&(k),(iv))
+#define des_fcrypt(b,s,r)\
+	DES_fcrypt((b),(s),(r))
+#define des_crypt(b,s)\
+	DES_crypt((b),(s))
+#if 0
+#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__OpenBSD__)
+#define crypt(b,s)\
+	DES_crypt((b),(s))
+#endif
+#endif
+#define des_ofb_encrypt(i,o,n,l,k,iv)\
+	DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv))
+#define des_pcbc_encrypt(i,o,l,k,iv,e)\
+	DES_pcbc_encrypt((i),(o),(l),&(k),(iv),(e))
+#define des_quad_cksum(i,o,l,c,s)\
+	DES_quad_cksum((i),(o),(l),(c),(s))
+#define des_random_seed(k)\
+	_ossl_096_des_random_seed((k))
+#define des_random_key(r)\
+	DES_random_key((r))
+#define des_read_password(k,p,v) \
+	DES_read_password((k),(p),(v))
+#define des_read_2passwords(k1,k2,p,v) \
+	DES_read_2passwords((k1),(k2),(p),(v))
+#define des_set_odd_parity(k)\
+	DES_set_odd_parity((k))
+#define des_check_key_parity(k)\
+	DES_check_key_parity((k))
+#define des_is_weak_key(k)\
+	DES_is_weak_key((k))
+#define des_set_key(k,ks)\
+	DES_set_key((k),&(ks))
+#define des_key_sched(k,ks)\
+	DES_key_sched((k),&(ks))
+#define des_set_key_checked(k,ks)\
+	DES_set_key_checked((k),&(ks))
+#define des_set_key_unchecked(k,ks)\
+	DES_set_key_unchecked((k),&(ks))
+#define des_string_to_key(s,k)\
+	DES_string_to_key((s),(k))
+#define des_string_to_2keys(s,k1,k2)\
+	DES_string_to_2keys((s),(k1),(k2))
+#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
+	DES_cfb64_encrypt((i),(o),(l),&(ks),(iv),(n),(e))
+#define des_ofb64_encrypt(i,o,l,ks,iv,n)\
+	DES_ofb64_encrypt((i),(o),(l),&(ks),(iv),(n))
+		
+
+#define des_ecb2_encrypt(i,o,k1,k2,e) \
+	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+#define des_check_key DES_check_key
+#define des_rw_mode DES_rw_mode
+#else /* libdes compatibility */
+/* Map all symbol names to _ossl_old_des_* form, so we avoid all
+   clashes with libdes */
+#define des_cblock _ossl_old_des_cblock
+#define des_key_schedule _ossl_old_des_key_schedule
+#define des_ecb3_encrypt(i,o,k1,k2,k3,e)\
+	_ossl_old_des_ecb3_encrypt((i),(o),(k1),(k2),(k3),(e))
+#define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\
+	_ossl_old_des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(e))
+#define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\
+	_ossl_old_des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n),(e))
+#define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\
+	_ossl_old_des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k3),(iv),(n))
+#define des_options()\
+	_ossl_old_des_options()
+#define des_cbc_cksum(i,o,l,k,iv)\
+	_ossl_old_des_cbc_cksum((i),(o),(l),(k),(iv))
+#define des_cbc_encrypt(i,o,l,k,iv,e)\
+	_ossl_old_des_cbc_encrypt((i),(o),(l),(k),(iv),(e))
+#define des_ncbc_encrypt(i,o,l,k,iv,e)\
+	_ossl_old_des_ncbc_encrypt((i),(o),(l),(k),(iv),(e))
+#define des_xcbc_encrypt(i,o,l,k,iv,inw,outw,e)\
+	_ossl_old_des_xcbc_encrypt((i),(o),(l),(k),(iv),(inw),(outw),(e))
+#define des_cfb_encrypt(i,o,n,l,k,iv,e)\
+	_ossl_old_des_cfb_encrypt((i),(o),(n),(l),(k),(iv),(e))
+#define des_ecb_encrypt(i,o,k,e)\
+	_ossl_old_des_ecb_encrypt((i),(o),(k),(e))
+#define des_encrypt(d,k,e)\
+	_ossl_old_des_encrypt((d),(k),(e))
+#define des_encrypt2(d,k,e)\
+	_ossl_old_des_encrypt2((d),(k),(e))
+#define des_encrypt3(d,k1,k2,k3)\
+	_ossl_old_des_encrypt3((d),(k1),(k2),(k3))
+#define des_decrypt3(d,k1,k2,k3)\
+	_ossl_old_des_decrypt3((d),(k1),(k2),(k3))
+#define des_xwhite_in2out(k,i,o)\
+	_ossl_old_des_xwhite_in2out((k),(i),(o))
+#define des_enc_read(f,b,l,k,iv)\
+	_ossl_old_des_enc_read((f),(b),(l),(k),(iv))
+#define des_enc_write(f,b,l,k,iv)\
+	_ossl_old_des_enc_write((f),(b),(l),(k),(iv))
+#define des_fcrypt(b,s,r)\
+	_ossl_old_des_fcrypt((b),(s),(r))
+#define des_crypt(b,s)\
+	_ossl_old_des_crypt((b),(s))
+#if 0
+#define crypt(b,s)\
+	_ossl_old_crypt((b),(s))
+#endif
+#define des_ofb_encrypt(i,o,n,l,k,iv)\
+	_ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv))
+#define des_pcbc_encrypt(i,o,l,k,iv,e)\
+	_ossl_old_des_pcbc_encrypt((i),(o),(l),(k),(iv),(e))
+#define des_quad_cksum(i,o,l,c,s)\
+	_ossl_old_des_quad_cksum((i),(o),(l),(c),(s))
+#define des_random_seed(k)\
+	_ossl_old_des_random_seed((k))
+#define des_random_key(r)\
+	_ossl_old_des_random_key((r))
+#define des_read_password(k,p,v) \
+	_ossl_old_des_read_password((k),(p),(v))
+#define des_read_2passwords(k1,k2,p,v) \
+	_ossl_old_des_read_2passwords((k1),(k2),(p),(v))
+#define des_set_odd_parity(k)\
+	_ossl_old_des_set_odd_parity((k))
+#define des_is_weak_key(k)\
+	_ossl_old_des_is_weak_key((k))
+#define des_set_key(k,ks)\
+	_ossl_old_des_set_key((k),(ks))
+#define des_key_sched(k,ks)\
+	_ossl_old_des_key_sched((k),(ks))
+#define des_string_to_key(s,k)\
+	_ossl_old_des_string_to_key((s),(k))
+#define des_string_to_2keys(s,k1,k2)\
+	_ossl_old_des_string_to_2keys((s),(k1),(k2))
+#define des_cfb64_encrypt(i,o,l,ks,iv,n,e)\
+	_ossl_old_des_cfb64_encrypt((i),(o),(l),(ks),(iv),(n),(e))
+#define des_ofb64_encrypt(i,o,l,ks,iv,n)\
+	_ossl_old_des_ofb64_encrypt((i),(o),(l),(ks),(iv),(n))
+		
+
+#define des_ecb2_encrypt(i,o,k1,k2,e) \
+	des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+#define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+	des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+#define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+	des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+#define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+	des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+#define des_check_key DES_check_key
+#define des_rw_mode DES_rw_mode
+#endif
+
+const char *_ossl_old_des_options(void);
+void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+	_ossl_old_des_key_schedule ks1,_ossl_old_des_key_schedule ks2,
+	_ossl_old_des_key_schedule ks3, int enc);
+DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+	long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec);
+void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
+void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
+void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,
+	_ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc);
+void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
+	long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
+void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+	_ossl_old_des_key_schedule ks,int enc);
+void _ossl_old_des_encrypt(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc);
+void _ossl_old_des_encrypt2(DES_LONG *data,_ossl_old_des_key_schedule ks, int enc);
+void _ossl_old_des_encrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
+	_ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);
+void _ossl_old_des_decrypt3(DES_LONG *data, _ossl_old_des_key_schedule ks1,
+	_ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3);
+void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, 
+	long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2, 
+	_ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc);
+void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
+	long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,
+	_ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc);
+void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
+	long length, _ossl_old_des_key_schedule ks1, _ossl_old_des_key_schedule ks2,
+	_ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num);
+
+void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),
+	_ossl_old_des_cblock (*out_white));
+
+int _ossl_old_des_enc_read(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,
+	_ossl_old_des_cblock *iv);
+int _ossl_old_des_enc_write(int fd,char *buf,int len,_ossl_old_des_key_schedule sched,
+	_ossl_old_des_cblock *iv);
+char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret);
+char *_ossl_old_des_crypt(const char *buf,const char *salt);
+#if !defined(PERL5) && !defined(NeXT)
+char *_ossl_old_crypt(const char *buf,const char *salt);
+#endif
+void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out,
+	int numbits,long length,_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec);
+void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
+	_ossl_old_des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc);
+DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
+	long length,int out_count,_ossl_old_des_cblock *seed);
+void _ossl_old_des_random_seed(_ossl_old_des_cblock key);
+void _ossl_old_des_random_key(_ossl_old_des_cblock ret);
+int _ossl_old_des_read_password(_ossl_old_des_cblock *key,const char *prompt,int verify);
+int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2,
+	const char *prompt,int verify);
+void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key);
+int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key);
+int _ossl_old_des_set_key(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule);
+int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,_ossl_old_des_key_schedule schedule);
+void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key);
+void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2);
+void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	_ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc);
+void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
+	_ossl_old_des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num);
+
+void _ossl_096_des_random_seed(des_cblock *key);
+
+/* The following definitions provide compatibility with the MIT Kerberos
+ * library. The _ossl_old_des_key_schedule structure is not binary compatible. */
+
+#define _KERBEROS_DES_H
+
+#define KRBDES_ENCRYPT DES_ENCRYPT
+#define KRBDES_DECRYPT DES_DECRYPT
+
+#ifdef KERBEROS
+#  define ENCRYPT DES_ENCRYPT
+#  define DECRYPT DES_DECRYPT
+#endif
+
+#ifndef NCOMPAT
+#  define C_Block des_cblock
+#  define Key_schedule des_key_schedule
+#  define KEY_SZ DES_KEY_SZ
+#  define string_to_key des_string_to_key
+#  define read_pw_string des_read_pw_string
+#  define random_key des_random_key
+#  define pcbc_encrypt des_pcbc_encrypt
+#  define set_key des_set_key
+#  define key_sched des_key_sched
+#  define ecb_encrypt des_ecb_encrypt
+#  define cbc_encrypt des_cbc_encrypt
+#  define ncbc_encrypt des_ncbc_encrypt
+#  define xcbc_encrypt des_xcbc_encrypt
+#  define cbc_cksum des_cbc_cksum
+#  define quad_cksum des_quad_cksum
+#  define check_parity des_check_key_parity
+#endif
+
+#define des_fixup_key_parity DES_fixup_key_parity
+
+#ifdef  __cplusplus
+}
+#endif
+
+/* for DES_read_pw_string et al */
+#include <openssl/ui_compat.h>
+
+#endif
diff --git a/crypto/des/des_old2.c b/crypto/des/des_old2.c
new file mode 100644
index 0000000000..c8fa3ee135
--- /dev/null
+++ b/crypto/des/des_old2.c
@@ -0,0 +1,82 @@
+/* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
+
+/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ *
+ * The function names in here are deprecated and are only present to
+ * provide an interface compatible with OpenSSL 0.9.6c.  OpenSSL now
+ * provides functions where "des_" has been replaced with "DES_" in
+ * the names, to make it possible to make incompatible changes that
+ * are needed for C type security and other stuff.
+ *
+ * Please consider starting to use the DES_ functions rather than the
+ * des_ ones.  The des_ functions will dissapear completely before
+ * OpenSSL 1.0!
+ *
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+ */
+
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#undef OPENSSL_DES_LIBDES_COMPATIBILITY
+#include <openssl/des.h>
+#include <openssl/rand.h>
+
+void _ossl_096_des_random_seed(DES_cblock *key)
+	{
+	RAND_seed(key, sizeof(DES_cblock));
+	}
diff --git a/crypto/des/des_opts.c b/crypto/des/des_opts.c
index 29d9461d29..79278b920e 100644
--- a/crypto/des/des_opts.c
+++ b/crypto/des/des_opts.c
@@ -59,19 +59,19 @@
 /* define PART1, PART2, PART3 or PART4 to build only with a few of the options.
  * This is for machines with 64k code segment size restrictions. */
 
-#ifndef MSDOS
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
 #define TIMES
 #endif
 
 #include <stdio.h>
-#ifndef MSDOS
-#include <unistd.h>
+#ifndef OPENSSL_SYS_MSDOS
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD
 #else
 #include <io.h>
 extern void exit();
 #endif
 #include <signal.h>
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -79,26 +79,27 @@ extern void exit();
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
 
+
 #if defined(sun) || defined(__ultrix)
 #define _POSIX_SOURCE
 #include <limits.h>
 #include <sys/param.h>
 #endif
 
-#include "des.h"
+#include <openssl/des.h>
 #include "spr.h"
 
 #define DES_DEFAULT_OPTIONS
@@ -117,10 +118,10 @@ struct tms {
 #undef DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#define des_encrypt  des_encrypt_u4_cisc_idx
-#define des_encrypt2 des_encrypt2_u4_cisc_idx
-#define des_encrypt3 des_encrypt3_u4_cisc_idx
-#define des_decrypt3 des_decrypt3_u4_cisc_idx
+#define DES_encrypt1 des_encrypt_u4_cisc_idx
+#define DES_encrypt2 des_encrypt2_u4_cisc_idx
+#define DES_encrypt3 des_encrypt3_u4_cisc_idx
+#define DES_decrypt3 des_decrypt3_u4_cisc_idx
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -129,14 +130,14 @@ struct tms {
 #undef DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_cisc_idx
-#define des_encrypt2 des_encrypt2_u16_cisc_idx
-#define des_encrypt3 des_encrypt3_u16_cisc_idx
-#define des_decrypt3 des_decrypt3_u16_cisc_idx
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_cisc_idx
+#define DES_encrypt2 des_encrypt2_u16_cisc_idx
+#define DES_encrypt3 des_encrypt3_u16_cisc_idx
+#define DES_decrypt3 des_decrypt3_u16_cisc_idx
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -145,14 +146,14 @@ struct tms {
 #undef DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt  des_encrypt_u4_risc1_idx
-#define des_encrypt2 des_encrypt2_u4_risc1_idx
-#define des_encrypt3 des_encrypt3_u4_risc1_idx
-#define des_decrypt3 des_decrypt3_u4_risc1_idx
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u4_risc1_idx
+#define DES_encrypt2 des_encrypt2_u4_risc1_idx
+#define DES_encrypt3 des_encrypt3_u4_risc1_idx
+#define DES_decrypt3 des_decrypt3_u4_risc1_idx
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -165,14 +166,14 @@ struct tms {
 #define DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt  des_encrypt_u4_risc2_idx
-#define des_encrypt2 des_encrypt2_u4_risc2_idx
-#define des_encrypt3 des_encrypt3_u4_risc2_idx
-#define des_decrypt3 des_decrypt3_u4_risc2_idx
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u4_risc2_idx
+#define DES_encrypt2 des_encrypt2_u4_risc2_idx
+#define DES_encrypt3 des_encrypt3_u4_risc2_idx
+#define DES_decrypt3 des_decrypt3_u4_risc2_idx
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -181,14 +182,14 @@ struct tms {
 #undef DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_risc1_idx
-#define des_encrypt2 des_encrypt2_u16_risc1_idx
-#define des_encrypt3 des_encrypt3_u16_risc1_idx
-#define des_decrypt3 des_decrypt3_u16_risc1_idx
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_risc1_idx
+#define DES_encrypt2 des_encrypt2_u16_risc1_idx
+#define DES_encrypt3 des_encrypt3_u16_risc1_idx
+#define DES_decrypt3 des_decrypt3_u16_risc1_idx
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -197,14 +198,14 @@ struct tms {
 #define DES_RISC2
 #undef DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_risc2_idx
-#define des_encrypt2 des_encrypt2_u16_risc2_idx
-#define des_encrypt3 des_encrypt3_u16_risc2_idx
-#define des_decrypt3 des_decrypt3_u16_risc2_idx
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_risc2_idx
+#define DES_encrypt2 des_encrypt2_u16_risc2_idx
+#define DES_encrypt3 des_encrypt3_u16_risc2_idx
+#define DES_decrypt3 des_decrypt3_u16_risc2_idx
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -217,14 +218,14 @@ struct tms {
 #undef DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt  des_encrypt_u4_cisc_ptr
-#define des_encrypt2 des_encrypt2_u4_cisc_ptr
-#define des_encrypt3 des_encrypt3_u4_cisc_ptr
-#define des_decrypt3 des_decrypt3_u4_cisc_ptr
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u4_cisc_ptr
+#define DES_encrypt2 des_encrypt2_u4_cisc_ptr
+#define DES_encrypt3 des_encrypt3_u4_cisc_ptr
+#define DES_decrypt3 des_decrypt3_u4_cisc_ptr
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -233,14 +234,14 @@ struct tms {
 #undef DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_cisc_ptr
-#define des_encrypt2 des_encrypt2_u16_cisc_ptr
-#define des_encrypt3 des_encrypt3_u16_cisc_ptr
-#define des_decrypt3 des_decrypt3_u16_cisc_ptr
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_cisc_ptr
+#define DES_encrypt2 des_encrypt2_u16_cisc_ptr
+#define DES_encrypt3 des_encrypt3_u16_cisc_ptr
+#define DES_decrypt3 des_decrypt3_u16_cisc_ptr
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -249,14 +250,14 @@ struct tms {
 #undef DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt  des_encrypt_u4_risc1_ptr
-#define des_encrypt2 des_encrypt2_u4_risc1_ptr
-#define des_encrypt3 des_encrypt3_u4_risc1_ptr
-#define des_decrypt3 des_decrypt3_u4_risc1_ptr
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u4_risc1_ptr
+#define DES_encrypt2 des_encrypt2_u4_risc1_ptr
+#define DES_encrypt3 des_encrypt3_u4_risc1_ptr
+#define DES_decrypt3 des_decrypt3_u4_risc1_ptr
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -269,14 +270,14 @@ struct tms {
 #define DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt  des_encrypt_u4_risc2_ptr
-#define des_encrypt2 des_encrypt2_u4_risc2_ptr
-#define des_encrypt3 des_encrypt3_u4_risc2_ptr
-#define des_decrypt3 des_decrypt3_u4_risc2_ptr
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u4_risc2_ptr
+#define DES_encrypt2 des_encrypt2_u4_risc2_ptr
+#define DES_encrypt3 des_encrypt3_u4_risc2_ptr
+#define DES_decrypt3 des_decrypt3_u4_risc2_ptr
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -285,14 +286,14 @@ struct tms {
 #undef DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_risc1_ptr
-#define des_encrypt2 des_encrypt2_u16_risc1_ptr
-#define des_encrypt3 des_encrypt3_u16_risc1_ptr
-#define des_decrypt3 des_decrypt3_u16_risc1_ptr
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_risc1_ptr
+#define DES_encrypt2 des_encrypt2_u16_risc1_ptr
+#define DES_encrypt3 des_encrypt3_u16_risc1_ptr
+#define DES_decrypt3 des_decrypt3_u16_risc1_ptr
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -301,14 +302,14 @@ struct tms {
 #define DES_RISC2
 #define DES_PTR
 #undef D_ENCRYPT
-#undef des_encrypt
-#undef des_encrypt2
-#undef des_encrypt3
-#undef des_decrypt3
-#define des_encrypt  des_encrypt_u16_risc2_ptr
-#define des_encrypt2 des_encrypt2_u16_risc2_ptr
-#define des_encrypt3 des_encrypt3_u16_risc2_ptr
-#define des_decrypt3 des_decrypt3_u16_risc2_ptr
+#undef DES_encrypt1
+#undef DES_encrypt2
+#undef DES_encrypt3
+#undef DES_decrypt3
+#define DES_encrypt1 des_encrypt_u16_risc2_ptr
+#define DES_encrypt2 des_encrypt2_u16_risc2_ptr
+#define DES_encrypt3 des_encrypt3_u16_risc2_ptr
+#define DES_decrypt3 des_decrypt3_u16_risc2_ptr
 #undef HEADER_DES_LOCL_H
 #include "des_enc.c"
 
@@ -318,11 +319,7 @@ struct tms {
 #ifndef HZ
 # ifndef CLK_TCK
 #  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
-#   ifndef VMS
-#    define HZ	100.0
-#   else /* VMS */
-#    define HZ	100.0
-#   endif
+#   define HZ	100.0
 #  else /* _BSD_CLK_TCK_ */
 #   define HZ ((double)_BSD_CLK_TCK_)
 #  endif
@@ -334,12 +331,7 @@ struct tms {
 #define BUFSIZE	((long)1024)
 long run=0;
 
-#ifndef NOPROTO
 double Time_F(int s);
-#else
-double Time_F();
-#endif
-
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi)
 #define SIGRETTYPE void
@@ -347,14 +339,8 @@ double Time_F();
 #define SIGRETTYPE int
 #endif
 
-#ifndef NOPROTO
 SIGRETTYPE sig_done(int sig);
-#else
-SIGRETTYPE sig_done();
-#endif
-
-SIGRETTYPE sig_done(sig)
-int sig;
+SIGRETTYPE sig_done(int sig)
 	{
 	signal(SIGALRM,sig_done);
 	run=0;
@@ -367,8 +353,7 @@ int sig;
 #define START	0
 #define STOP	1
 
-double Time_F(s)
-int s;
+double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -416,7 +401,7 @@ int s;
 	for (count=0,run=1; COND(cb); count++) \
 		{ \
 		unsigned long d[2]; \
-		func(d,&(sch[0]),DES_ENCRYPT); \
+		func(d,&sch,DES_ENCRYPT); \
 		} \
 	tm[index]=Time_F(STOP); \
 	fprintf(stderr,"%ld %s's in %.2f second\n",count,name,tm[index]); \
@@ -426,16 +411,14 @@ int s;
 	fprintf(stderr,"%s bytes per sec = %12.2f (%5.1fuS)\n",name, \
 		tm[index]*8,1.0e6/tm[index]);
 
-int main(argc,argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	long count;
 	static unsigned char buf[BUFSIZE];
-	static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
-	static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
-	static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
-	des_key_schedule sch,sch2,sch3;
+	static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+	static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+	static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+	DES_key_schedule sch,sch2,sch3;
 	double d,tm[16],max=0;
 	int rank[16];
 	char *str[16];
@@ -451,17 +434,17 @@ char **argv;
 		}
 
 #ifndef TIMES
-	fprintf(stderr,"To get the most acurate results, try to run this\n");
+	fprintf(stderr,"To get the most accurate results, try to run this\n");
 	fprintf(stderr,"program when this computer is idle.\n");
 #endif
 
-	des_set_key((C_Block *)key,sch);
-	des_set_key((C_Block *)key2,sch2);
-	des_set_key((C_Block *)key3,sch3);
+	DES_set_key_unchecked(&key,&sch);
+	DES_set_key_unchecked(&key2,&sch2);
+	DES_set_key_unchecked(&key3,&sch3);
 
 #ifndef SIGALRM
 	fprintf(stderr,"First we calculate the approximate speed ...\n");
-	des_set_key((C_Block *)key,sch);
+	DES_set_key_unchecked(&key,sch);
 	count=10;
 	do	{
 		long i;
@@ -470,7 +453,7 @@ char **argv;
 		count*=2;
 		Time_F(START);
 		for (i=count; i; i--)
-			des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+			DES_encrypt1(data,&(sch[0]),DES_ENCRYPT);
 		d=Time_F(STOP);
 		} while (d < 3.0);
 	ca=count;
@@ -615,7 +598,7 @@ char **argv;
 		break;
 		}
 	exit(0);
-#if defined(LINT) || defined(MSDOS)
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
 	return(0);
 #endif
 	}
diff --git a/crypto/des/des_ver.h b/crypto/des/des_ver.h
index 7041a9271d..379bbadda2 100644
--- a/crypto/des/des_ver.h
+++ b/crypto/des/des_ver.h
@@ -56,5 +56,16 @@
  * [including the GNU Public Licence.]
  */
 
-extern char *DES_version;	/* SSLeay version string */
-extern char *libdes_version;	/* old libdes version string */
+#include <openssl/e_os2.h>
+
+#ifdef OPENSSL_BUILD_SHLIBCRYPTO
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
+
+/* The following macros make sure the names are different from libdes names */
+#define DES_version OSSL_DES_version
+#define libdes_version OSSL_libdes_version
+
+OPENSSL_EXTERN const char *OSSL_DES_version;	/* SSLeay version string */
+OPENSSL_EXTERN const char *OSSL_libdes_version;	/* old libdes version string */
diff --git a/crypto/des/dess.cpp b/crypto/des/dess.cpp
index 7fb5987314..5549bab90a 100644
--- a/crypto/des/dess.cpp
+++ b/crypto/des/dess.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "des.h"
+#include <openssl/des.h>
 
 void main(int argc,char *argv[])
 	{
@@ -45,19 +45,19 @@ void main(int argc,char *argv[])
 		{
 		for (i=0; i<1000; i++) /**/
 			{
-			des_encrypt(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
 			GetTSC(s1);
-			des_encrypt(&data[0],key,1);
-			des_encrypt(&data[0],key,1);
-			des_encrypt(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
 			GetTSC(e1);
 			GetTSC(s2);
-			des_encrypt(&data[0],key,1);
-			des_encrypt(&data[0],key,1);
-			des_encrypt(&data[0],key,1);
-			des_encrypt(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
 			GetTSC(e2);
-			des_encrypt(&data[0],key,1);
+			des_encrypt1(&data[0],key,1);
 			}
 
 		printf("des %d %d (%d)\n",
diff --git a/crypto/des/destest.c b/crypto/des/destest.c
index 5700608b9b..7799e6e4bf 100644
--- a/crypto/des/destest.c
+++ b/crypto/des/destest.c
@@ -56,25 +56,35 @@
  * [including the GNU Public Licence.]
  */
 
-#if defined(WIN32) || defined(WIN16) || defined(WINDOWS)
-#ifndef MSDOS
-#define MSDOS
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <openssl/e_os2.h>
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_WINDOWS)
+#ifndef OPENSSL_SYS_MSDOS
+#define OPENSSL_SYS_MSDOS
 #endif
 #endif
 
-#include <stdio.h>
-#include <stdlib.h>
-#ifndef MSDOS
-#include <unistd.h>
+#ifndef OPENSSL_SYS_MSDOS
+#if !defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VMS_DECC)
+#include OPENSSL_UNISTD
+#endif
 #else
 #include <io.h>
 #endif
 #include <string.h>
-#include "des.h"
 
-#if defined(PERL5) || defined(__FreeBSD__)
+#ifdef OPENSSL_NO_DES
+int main(int argc, char *argv[])
+{
+    printf("No DES support\n");
+    return(0);
+}
+#else
+#include <openssl/des.h>
+
 #define crypt(c,s) (des_crypt((c),(s)))
-#endif
 
 /* tisk tisk - the test keys don't all have odd parity :-( */
 /* test data */
@@ -223,13 +233,13 @@ static unsigned char cipher_ecb2[NUM_TESTS-1][8]={
 	{0x08,0xD7,0xB4,0xFB,0x62,0x9D,0x08,0x85}};
 
 static unsigned char cbc_key [8]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
-static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
+static unsigned char cbc2_key[8]={0xf1,0xe0,0xd3,0xc2,0xb5,0xa4,0x97,0x86};
 static unsigned char cbc3_key[8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
 static unsigned char cbc_iv  [8]={0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10};
 /* Changed the following text constant to binary so it will work on ebcdic
  * machines :-) */
 /* static char cbc_data[40]="7654321 Now is the time for \0001"; */
-static char cbc_data[40]={
+static unsigned char cbc_data[40]={
 	0x37,0x36,0x35,0x34,0x33,0x32,0x31,0x20,
 	0x4E,0x6F,0x77,0x20,0x69,0x73,0x20,0x74,
 	0x68,0x65,0x20,0x74,0x69,0x6D,0x65,0x20,
@@ -243,12 +253,24 @@ static unsigned char cbc_ok[32]={
 	0x46,0x8e,0x91,0x15,0x78,0x88,0xba,0x68,
 	0x1d,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
 
+#ifdef SCREW_THE_PARITY
+#error "SCREW_THE_PARITY is not ment to be defined."
+#error "Original vectors are preserved for reference only."
+static unsigned char cbc2_key[8]={0xf0,0xe1,0xd2,0xc3,0xb4,0xa5,0x96,0x87};
 static unsigned char xcbc_ok[32]={
 	0x86,0x74,0x81,0x0D,0x61,0xA4,0xA5,0x48,
 	0xB9,0x93,0x03,0xE1,0xB8,0xBB,0xBD,0xBD,
 	0x64,0x30,0x0B,0xB9,0x06,0x65,0x81,0x76,
 	0x04,0x1D,0x77,0x62,0x17,0xCA,0x2B,0xD2,
 	};
+#else
+static unsigned char xcbc_ok[32]={
+	0x84,0x6B,0x29,0x14,0x85,0x1E,0x9A,0x29,
+	0x54,0x73,0x2F,0x8A,0xA0,0xA6,0x11,0xC1,
+	0x15,0xCD,0xC2,0xD7,0x95,0x1B,0x10,0x53,
+	0xA6,0x3C,0x5E,0x03,0xB2,0x1A,0xA3,0xC4,
+	};
+#endif
 
 static unsigned char cbc3_ok[32]={
 	0x3F,0xE3,0x01,0xC9,0x62,0xAC,0x01,0xD0,
@@ -298,49 +320,95 @@ static unsigned char ofb_cipher[24]=
 	0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3
 	};
 
-DES_LONG cbc_cksum_ret=0xB462FEF7L;
-unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
+static DES_LONG cbc_cksum_ret=0xB462FEF7L;
+static unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
 
-#ifndef NOPROTO
 static char *pt(unsigned char *p);
 static int cfb_test(int bits, unsigned char *cfb_cipher);
 static int cfb64_test(unsigned char *cfb_cipher);
 static int ede_cfb64_test(unsigned char *cfb_cipher);
-#else
-static char *pt();
-static int cfb_test();
-static int cfb64_test();
-static int ede_cfb64_test();
-#endif
-
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int i,j,err=0;
-	des_cblock in,out,outin,iv3;
+	des_cblock in,out,outin,iv3,iv2;
 	des_key_schedule ks,ks2,ks3;
 	unsigned char cbc_in[40];
 	unsigned char cbc_out[40];
 	DES_LONG cs;
-	unsigned char qret[4][4],cret[8];
-	DES_LONG lqret[4];
+	unsigned char cret[8];
+#ifdef _CRAY
+        struct {
+            int a:32;
+            int b:32;
+        } lqret[2];
+#else
+        DES_LONG lqret[4];
+#endif
 	int num;
 	char *str;
 
+#ifndef OPENSSL_NO_DESCBCM
+	printf("Doing cbcm\n");
+	if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
+		{
+		printf("Key error %d\n",j);
+		err=1;
+		}
+	if ((j=DES_set_key_checked(&cbc2_key,&ks2)) != 0)
+		{
+		printf("Key error %d\n",j);
+		err=1;
+		}
+	if ((j=DES_set_key_checked(&cbc3_key,&ks3)) != 0)
+		{
+		printf("Key error %d\n",j);
+		err=1;
+		}
+	memset(cbc_out,0,40);
+	memset(cbc_in,0,40);
+	i=strlen((char *)cbc_data)+1;
+	/* i=((i+7)/8)*8; */
+	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+	memset(iv2,'\0',sizeof iv2);
+
+	DES_ede3_cbcm_encrypt(cbc_data,cbc_out,16L,&ks,&ks2,&ks3,&iv3,&iv2,
+			      DES_ENCRYPT);
+	DES_ede3_cbcm_encrypt(&cbc_data[16],&cbc_out[16],i-16,&ks,&ks2,&ks3,
+			      &iv3,&iv2,DES_ENCRYPT);
+	/*	if (memcmp(cbc_out,cbc3_ok,
+		(unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
+		{
+		printf("des_ede3_cbc_encrypt encrypt error\n");
+		err=1;
+		}
+	*/
+	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
+	memset(iv2,'\0',sizeof iv2);
+	DES_ede3_cbcm_encrypt(cbc_out,cbc_in,i,&ks,&ks2,&ks3,&iv3,&iv2,DES_DECRYPT);
+	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
+		{
+		int n;
+
+		printf("des_ede3_cbcm_encrypt decrypt error\n");
+		for(n=0 ; n < i ; ++n)
+		    printf(" %02x",cbc_data[n]);
+		printf("\n");
+		for(n=0 ; n < i ; ++n)
+		    printf(" %02x",cbc_in[n]);
+		printf("\n");
+		err=1;
+		}
+#endif
+
 	printf("Doing ecb\n");
 	for (i=0; i<NUM_TESTS; i++)
 		{
-		if ((j=des_key_sched((C_Block *)(key_data[i]),ks)) != 0)
-			{
-			printf("Key error %2d:%d\n",i+1,j);
-			err=1;
-			}
+		DES_set_key_unchecked(&key_data[i],&ks);
 		memcpy(in,plain_data[i],8);
 		memset(out,0,8);
 		memset(outin,0,8);
-		des_ecb_encrypt((C_Block *)in,(C_Block *)out,ks,DES_ENCRYPT);
-		des_ecb_encrypt((C_Block *)out,(C_Block *)outin,ks,DES_DECRYPT);
+		des_ecb_encrypt(&in,&out,ks,DES_ENCRYPT);
+		des_ecb_encrypt(&out,&outin,ks,DES_DECRYPT);
 
 		if (memcmp(out,cipher_data[i],8) != 0)
 			{
@@ -361,28 +429,14 @@ char *argv[];
 	printf("Doing ede ecb\n");
 	for (i=0; i<(NUM_TESTS-1); i++)
 		{
-		if ((j=des_key_sched((C_Block *)(key_data[i]),ks)) != 0)
-			{
-			err=1;
-			printf("Key error %2d:%d\n",i+1,j);
-			}
-		if ((j=des_key_sched((C_Block *)(key_data[i+1]),ks2)) != 0)
-			{
-			printf("Key error %2d:%d\n",i+2,j);
-			err=1;
-			}
-		if ((j=des_key_sched((C_Block *)(key_data[i+2]),ks3)) != 0)
-			{
-			printf("Key error %2d:%d\n",i+3,j);
-			err=1;
-			}
+		DES_set_key_unchecked(&key_data[i],&ks);
+		DES_set_key_unchecked(&key_data[i+1],&ks2);
+		DES_set_key_unchecked(&key_data[i+2],&ks3);
 		memcpy(in,plain_data[i],8);
 		memset(out,0,8);
 		memset(outin,0,8);
-		des_ecb2_encrypt((C_Block *)in,(C_Block *)out,ks,ks2,
-			DES_ENCRYPT);
-		des_ecb2_encrypt((C_Block *)out,(C_Block *)outin,ks,ks2,
-			DES_DECRYPT);
+		des_ecb2_encrypt(&in,&out,ks,ks2,DES_ENCRYPT);
+		des_ecb2_encrypt(&out,&outin,ks,ks2,DES_DECRYPT);
 
 		if (memcmp(out,cipher_ecb2[i],8) != 0)
 			{
@@ -401,7 +455,7 @@ char *argv[];
 #endif
 
 	printf("Doing cbc\n");
-	if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
+	if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
@@ -409,16 +463,17 @@ char *argv[];
 	memset(cbc_out,0,40);
 	memset(cbc_in,0,40);
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	des_ncbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
-		(long)strlen((char *)cbc_data)+1,ks,
-		(C_Block *)iv3,DES_ENCRYPT);
+	des_ncbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
+			 &iv3,DES_ENCRYPT);
 	if (memcmp(cbc_out,cbc_ok,32) != 0)
+		{
 		printf("cbc_encrypt encrypt error\n");
+		err=1;
+		}
 
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	des_ncbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
-		(long)strlen((char *)cbc_data)+1,ks,
-		(C_Block *)iv3,DES_DECRYPT);
+	des_ncbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
+			 &iv3,DES_DECRYPT);
 	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)) != 0)
 		{
 		printf("cbc_encrypt decrypt error\n");
@@ -427,7 +482,7 @@ char *argv[];
 
 #ifndef LIBDES_LIT
 	printf("Doing desx cbc\n");
-	if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
+	if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
@@ -435,19 +490,16 @@ char *argv[];
 	memset(cbc_out,0,40);
 	memset(cbc_in,0,40);
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	des_xcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
-		(long)strlen((char *)cbc_data)+1,ks,
-		(C_Block *)iv3,
-		(C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_ENCRYPT);
+	des_xcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
+			 &iv3,&cbc2_key,&cbc3_key, DES_ENCRYPT);
 	if (memcmp(cbc_out,xcbc_ok,32) != 0)
 		{
 		printf("des_xcbc_encrypt encrypt error\n");
+		err=1;
 		}
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	des_xcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
-		(long)strlen((char *)cbc_data)+1,ks,
-		(C_Block *)iv3,
-		(C_Block *)cbc2_key, (C_Block *)cbc3_key, DES_DECRYPT);
+	des_xcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,
+			 &iv3,&cbc2_key,&cbc3_key, DES_DECRYPT);
 	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
 		{
 		printf("des_xcbc_encrypt decrypt error\n");
@@ -456,17 +508,17 @@ char *argv[];
 #endif
 
 	printf("Doing ede cbc\n");
-	if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
+	if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
 		}
-	if ((j=des_key_sched((C_Block *)cbc2_key,ks2)) != 0)
+	if ((j=DES_set_key_checked(&cbc2_key,&ks2)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
 		}
-	if ((j=des_key_sched((C_Block *)cbc3_key,ks3)) != 0)
+	if ((j=DES_set_key_checked(&cbc3_key,&ks3)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
@@ -477,46 +529,60 @@ char *argv[];
 	/* i=((i+7)/8)*8; */
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
 
-	des_ede3_cbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
-		16L,ks,ks2,ks3,(C_Block *)iv3,DES_ENCRYPT);
-	des_ede3_cbc_encrypt((C_Block *)&(cbc_data[16]),
-		(C_Block *)&(cbc_out[16]),
-		(long)i-16,ks,ks2,ks3,(C_Block *)iv3,DES_ENCRYPT);
+	des_ede3_cbc_encrypt(cbc_data,cbc_out,16L,ks,ks2,ks3,&iv3,
+			     DES_ENCRYPT);
+	des_ede3_cbc_encrypt(&(cbc_data[16]),&(cbc_out[16]),i-16,ks,ks2,ks3,
+			     &iv3,DES_ENCRYPT);
 	if (memcmp(cbc_out,cbc3_ok,
 		(unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0)
 		{
+		int n;
+
 		printf("des_ede3_cbc_encrypt encrypt error\n");
+		for(n=0 ; n < i ; ++n)
+		    printf(" %02x",cbc_out[n]);
+		printf("\n");
+		for(n=0 ; n < i ; ++n)
+		    printf(" %02x",cbc3_ok[n]);
+		printf("\n");
 		err=1;
 		}
 
 	memcpy(iv3,cbc_iv,sizeof(cbc_iv));
-	des_ede3_cbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
-		(long)i,ks,ks2,ks3,(C_Block *)iv3,DES_DECRYPT);
-	if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
+	des_ede3_cbc_encrypt(cbc_out,cbc_in,i,ks,ks2,ks3,&iv3,DES_DECRYPT);
+	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
 		{
+		int n;
+
 		printf("des_ede3_cbc_encrypt decrypt error\n");
+		for(n=0 ; n < i ; ++n)
+		    printf(" %02x",cbc_data[n]);
+		printf("\n");
+		for(n=0 ; n < i ; ++n)
+		    printf(" %02x",cbc_in[n]);
+		printf("\n");
 		err=1;
 		}
 
 #ifndef LIBDES_LIT
 	printf("Doing pcbc\n");
-	if ((j=des_key_sched((C_Block *)cbc_key,ks)) != 0)
+	if ((j=DES_set_key_checked(&cbc_key,&ks)) != 0)
 		{
 		printf("Key error %d\n",j);
 		err=1;
 		}
 	memset(cbc_out,0,40);
 	memset(cbc_in,0,40);
-	des_pcbc_encrypt((C_Block *)cbc_data,(C_Block *)cbc_out,
-		(long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,DES_ENCRYPT);
+	des_pcbc_encrypt(cbc_data,cbc_out,strlen((char *)cbc_data)+1,ks,
+			 &cbc_iv,DES_ENCRYPT);
 	if (memcmp(cbc_out,pcbc_ok,32) != 0)
 		{
 		printf("pcbc_encrypt encrypt error\n");
 		err=1;
 		}
-	des_pcbc_encrypt((C_Block *)cbc_out,(C_Block *)cbc_in,
-		(long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,DES_DECRYPT);
-	if (memcmp(cbc_in,cbc_data,strlen(cbc_data)+1) != 0)
+	des_pcbc_encrypt(cbc_out,cbc_in,strlen((char *)cbc_data)+1,ks,&cbc_iv,
+			 DES_DECRYPT);
+	if (memcmp(cbc_in,cbc_data,strlen((char *)cbc_data)+1) != 0)
 		{
 		printf("pcbc_encrypt decrypt error\n");
 		err=1;
@@ -540,7 +606,7 @@ char *argv[];
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
 	for (i=0; i<sizeof(plain); i++)
 		des_cfb_encrypt(&(plain[i]),&(cfb_buf1[i]),
-			8,(long)1,ks,(C_Block *)cfb_tmp,DES_ENCRYPT);
+			8,1,ks,&cfb_tmp,DES_ENCRYPT);
 	if (memcmp(cfb_cipher8,cfb_buf1,sizeof(plain)) != 0)
 		{
 		printf("cfb_encrypt small encrypt error\n");
@@ -550,7 +616,7 @@ char *argv[];
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
 	for (i=0; i<sizeof(plain); i++)
 		des_cfb_encrypt(&(cfb_buf1[i]),&(cfb_buf2[i]),
-			8,(long)1,ks,(C_Block *)cfb_tmp,DES_DECRYPT);
+			8,1,ks,&cfb_tmp,DES_DECRYPT);
 	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
 		{
 		printf("cfb_encrypt small decrypt error\n");
@@ -563,10 +629,9 @@ char *argv[];
 	printf("done\n");
 
 	printf("Doing ofb\n");
-	des_key_sched((C_Block *)ofb_key,ks);
+	DES_set_key_checked(&ofb_key,&ks);
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
-	des_ofb_encrypt(plain,ofb_buf1,64,(long)sizeof(plain)/8,ks,
-		(C_Block *)ofb_tmp);
+	des_ofb_encrypt(plain,ofb_buf1,64,sizeof(plain)/8,ks,&ofb_tmp);
 	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
 		{
 		printf("ofb_encrypt encrypt error\n");
@@ -579,8 +644,7 @@ ofb_buf1[8+4], ofb_cipher[8+5], ofb_cipher[8+6], ofb_cipher[8+7]);
 		err=1;
 		}
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
-	des_ofb_encrypt(ofb_buf1,ofb_buf2,64,(long)sizeof(ofb_buf1)/8,ks,
-		(C_Block *)ofb_tmp);
+	des_ofb_encrypt(ofb_buf1,ofb_buf2,64,sizeof(ofb_buf1)/8,ks,&ofb_tmp);
 	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
 		{
 		printf("ofb_encrypt decrypt error\n");
@@ -594,15 +658,15 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 
 	printf("Doing ofb64\n");
-	des_key_sched((C_Block *)ofb_key,ks);
+	DES_set_key_checked(&ofb_key,&ks);
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
 	memset(ofb_buf1,0,sizeof(ofb_buf1));
 	memset(ofb_buf2,0,sizeof(ofb_buf1));
 	num=0;
 	for (i=0; i<sizeof(plain); i++)
 		{
-		des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,
-			(C_Block *)ofb_tmp,&num);
+		des_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,&ofb_tmp,
+				  &num);
 		}
 	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
 		{
@@ -611,8 +675,8 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
 	num=0;
-	des_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks,
-		(C_Block *)ofb_tmp,&num);
+	des_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,&ofb_tmp,
+			  &num);
 	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
 		{
 		printf("ofb64_encrypt decrypt error\n");
@@ -620,15 +684,15 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 
 	printf("Doing ede_ofb64\n");
-	des_key_sched((C_Block *)ofb_key,ks);
+	DES_set_key_checked(&ofb_key,&ks);
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
 	memset(ofb_buf1,0,sizeof(ofb_buf1));
 	memset(ofb_buf2,0,sizeof(ofb_buf1));
 	num=0;
 	for (i=0; i<sizeof(plain); i++)
 		{
-		des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,ks,
-			(C_Block *)ofb_tmp,&num);
+		des_ede3_ofb64_encrypt(&(plain[i]),&(ofb_buf1[i]),1,ks,ks,
+				       ks,&ofb_tmp,&num);
 		}
 	if (memcmp(ofb_cipher,ofb_buf1,sizeof(ofb_buf1)) != 0)
 		{
@@ -637,8 +701,8 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 	memcpy(ofb_tmp,ofb_iv,sizeof(ofb_iv));
 	num=0;
-	des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,(long)sizeof(ofb_buf1),ks,
-		ks,ks,(C_Block *)ofb_tmp,&num);
+	des_ede3_ofb64_encrypt(ofb_buf1,ofb_buf2,sizeof(ofb_buf1),ks,ks,ks,
+			       &ofb_tmp,&num);
 	if (memcmp(plain,ofb_buf2,sizeof(ofb_buf2)) != 0)
 		{
 		printf("ede_ofb64_encrypt decrypt error\n");
@@ -646,9 +710,8 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 
 	printf("Doing cbc_cksum\n");
-	des_key_sched((C_Block *)cbc_key,ks);
-	cs=des_cbc_cksum((C_Block *)cbc_data,(C_Block *)cret,
-		(long)strlen(cbc_data),ks,(C_Block *)cbc_iv);
+	DES_set_key_checked(&cbc_key,&ks);
+	cs=des_cbc_cksum(cbc_data,&cret,strlen((char *)cbc_data),ks,&cbc_iv);
 	if (cs != cbc_cksum_ret)
 		{
 		printf("bad return value (%08lX), should be %08lX\n",
@@ -662,80 +725,82 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		}
 
 	printf("Doing quad_cksum\n");
-	cs=quad_cksum((C_Block *)cbc_data,(C_Block *)qret,
-		(long)strlen(cbc_data),2,(C_Block *)cbc_iv);
-
-	{ /* Big-endian fix */
-	static DES_LONG l=1;
-	static unsigned char *c=(unsigned char *)&l;
-	DES_LONG ll;
-
-	j=sizeof(lqret[0])-4;
-	for (i=0; i<4; i++)
+	cs=des_quad_cksum(cbc_data,(des_cblock *)lqret,
+		(long)strlen((char *)cbc_data),2,(des_cblock *)cbc_iv);
+	if (cs != 0x70d7a63aL)
+		{
+		printf("quad_cksum error, ret %08lx should be 70d7a63a\n",
+			(unsigned long)cs);
+		err=1;
+		}
+#ifdef _CRAY
+	if (lqret[0].a != 0x327eba8dL)
 		{
-		lqret[i]=0;
-		memcpy(&(lqret[i]),&(qret[i][0]),4);
-		if (!c[0] && (j > 0))
-			lqret[i]=lqret[i]>>(j*8); /* For Cray */
+		printf("quad_cksum error, out[0] %08lx is not %08lx\n",
+			(unsigned long)lqret[0].a,0x327eba8dUL);
+		err=1;
 		}
-
-	if (!c[0])
+	if (lqret[0].b != 0x201a49ccL)
 		{
-		ll=lqret[0]^lqret[3];
-		lqret[0]^=ll;
-		lqret[3]^=ll;
-		ll=lqret[1]^lqret[2];
-		lqret[1]^=ll;
-		lqret[2]^=ll;
+		printf("quad_cksum error, out[1] %08lx is not %08lx\n",
+			(unsigned long)lqret[0].b,0x201a49ccUL);
+		err=1;
 		}
-	}
-	if (cs != 0x70d7a63aL)
+	if (lqret[1].a != 0x70d7a63aL)
 		{
-		printf("quad_cksum error, ret %08lx should be 70d7a63a\n",
-			(unsigned long)cs);
+		printf("quad_cksum error, out[2] %08lx is not %08lx\n",
+			(unsigned long)lqret[1].a,0x70d7a63aUL);
 		err=1;
 		}
+	if (lqret[1].b != 0x501c2c26L)
+		{
+		printf("quad_cksum error, out[3] %08lx is not %08lx\n",
+			(unsigned long)lqret[1].b,0x501c2c26UL);
+		err=1;
+		}
+#else
 	if (lqret[0] != 0x327eba8dL)
 		{
 		printf("quad_cksum error, out[0] %08lx is not %08lx\n",
-			(unsigned long)lqret[0],0x327eba8dL);
+			(unsigned long)lqret[0],0x327eba8dUL);
 		err=1;
 		}
 	if (lqret[1] != 0x201a49ccL)
 		{
 		printf("quad_cksum error, out[1] %08lx is not %08lx\n",
-			(unsigned long)lqret[1],0x201a49ccL);
+			(unsigned long)lqret[1],0x201a49ccUL);
 		err=1;
 		}
 	if (lqret[2] != 0x70d7a63aL)
 		{
 		printf("quad_cksum error, out[2] %08lx is not %08lx\n",
-			(unsigned long)lqret[2],0x70d7a63aL);
+			(unsigned long)lqret[2],0x70d7a63aUL);
 		err=1;
 		}
 	if (lqret[3] != 0x501c2c26L)
 		{
 		printf("quad_cksum error, out[3] %08lx is not %08lx\n",
-			(unsigned long)lqret[3],0x501c2c26L);
+			(unsigned long)lqret[3],0x501c2c26UL);
 		err=1;
 		}
 #endif
+#endif
 
 	printf("input word alignment test");
 	for (i=0; i<4; i++)
 		{
 		printf(" %d",i);
-		des_ncbc_encrypt((C_Block *)&(cbc_out[i]),(C_Block *)cbc_in,
-			(long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,
-			DES_ENCRYPT);
+		des_ncbc_encrypt(&(cbc_out[i]),cbc_in,
+				 strlen((char *)cbc_data)+1,ks,
+				 &cbc_iv,DES_ENCRYPT);
 		}
 	printf("\noutput word alignment test");
 	for (i=0; i<4; i++)
 		{
 		printf(" %d",i);
-		des_ncbc_encrypt((C_Block *)cbc_out,(C_Block *)&(cbc_in[i]),
-			(long)strlen(cbc_data)+1,ks,(C_Block *)cbc_iv,
-			DES_ENCRYPT);
+		des_ncbc_encrypt(cbc_out,&(cbc_in[i]),
+				 strlen((char *)cbc_data)+1,ks,
+				 &cbc_iv,DES_ENCRYPT);
 		}
 	printf("\n");
 	printf("fast crypt test ");
@@ -752,12 +817,10 @@ plain[8+4], plain[8+5], plain[8+6], plain[8+7]);
 		err=1;
 		}
 	printf("\n");
-	exit(err);
-	return(0);
+	return(err);
 	}
 
-static char *pt(p)
-unsigned char *p;
+static char *pt(unsigned char *p)
 	{
 	static char bufs[10][20];
 	static int bnum=0;
@@ -778,17 +841,15 @@ unsigned char *p;
 
 #ifndef LIBDES_LIT
 
-static int cfb_test(bits, cfb_cipher)
-int bits;
-unsigned char *cfb_cipher;
+static int cfb_test(int bits, unsigned char *cfb_cipher)
 	{
 	des_key_schedule ks;
 	int i,err=0;
 
-	des_key_sched((C_Block *)cfb_key,ks);
+	DES_set_key_checked(&cfb_key,&ks);
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
-	des_cfb_encrypt(plain,cfb_buf1,bits,(long)sizeof(plain),ks,
-		(C_Block *)cfb_tmp,DES_ENCRYPT);
+	des_cfb_encrypt(plain,cfb_buf1,bits,sizeof(plain),ks,&cfb_tmp,
+			DES_ENCRYPT);
 	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
 		{
 		err=1;
@@ -797,8 +858,8 @@ unsigned char *cfb_cipher;
 			printf("%s\n",pt(&(cfb_buf1[i])));
 		}
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
-	des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,(long)sizeof(plain),ks,
-		(C_Block *)cfb_tmp,DES_DECRYPT);
+	des_cfb_encrypt(cfb_buf1,cfb_buf2,bits,sizeof(plain),ks,&cfb_tmp,
+			DES_DECRYPT);
 	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
 		{
 		err=1;
@@ -809,20 +870,17 @@ unsigned char *cfb_cipher;
 	return(err);
 	}
 
-static int cfb64_test(cfb_cipher)
-unsigned char *cfb_cipher;
+static int cfb64_test(unsigned char *cfb_cipher)
 	{
 	des_key_schedule ks;
 	int err=0,i,n;
 
-	des_key_sched((C_Block *)cfb_key,ks);
+	DES_set_key_checked(&cfb_key,&ks);
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
 	n=0;
-	des_cfb64_encrypt(plain,cfb_buf1,(long)12,ks,
-		(C_Block *)cfb_tmp,&n,DES_ENCRYPT);
-	des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
-		(long)sizeof(plain)-12,ks,
-		(C_Block *)cfb_tmp,&n,DES_ENCRYPT);
+	des_cfb64_encrypt(plain,cfb_buf1,12,ks,&cfb_tmp,&n,DES_ENCRYPT);
+	des_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),sizeof(plain)-12,ks,
+			  &cfb_tmp,&n,DES_ENCRYPT);
 	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
 		{
 		err=1;
@@ -832,11 +890,9 @@ unsigned char *cfb_cipher;
 		}
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
 	n=0;
-	des_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,
-		(C_Block *)cfb_tmp,&n,DES_DECRYPT);
+	des_cfb64_encrypt(cfb_buf1,cfb_buf2,17,ks,&cfb_tmp,&n,DES_DECRYPT);
 	des_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
-		(long)sizeof(plain)-17,ks,
-		(C_Block *)cfb_tmp,&n,DES_DECRYPT);
+			  sizeof(plain)-17,ks,&cfb_tmp,&n,DES_DECRYPT);
 	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
 		{
 		err=1;
@@ -847,20 +903,19 @@ unsigned char *cfb_cipher;
 	return(err);
 	}
 
-static int ede_cfb64_test(cfb_cipher)
-unsigned char *cfb_cipher;
+static int ede_cfb64_test(unsigned char *cfb_cipher)
 	{
 	des_key_schedule ks;
 	int err=0,i,n;
 
-	des_key_sched((C_Block *)cfb_key,ks);
+	DES_set_key_checked(&cfb_key,&ks);
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
 	n=0;
-	des_ede3_cfb64_encrypt(plain,cfb_buf1,(long)12,ks,ks,ks,
-		(C_Block *)cfb_tmp,&n,DES_ENCRYPT);
+	des_ede3_cfb64_encrypt(plain,cfb_buf1,12,ks,ks,ks,&cfb_tmp,&n,
+			       DES_ENCRYPT);
 	des_ede3_cfb64_encrypt(&(plain[12]),&(cfb_buf1[12]),
-		(long)sizeof(plain)-12,ks,ks,ks,
-		(C_Block *)cfb_tmp,&n,DES_ENCRYPT);
+			       sizeof(plain)-12,ks,ks,ks,
+			       &cfb_tmp,&n,DES_ENCRYPT);
 	if (memcmp(cfb_cipher,cfb_buf1,sizeof(plain)) != 0)
 		{
 		err=1;
@@ -871,10 +926,10 @@ unsigned char *cfb_cipher;
 	memcpy(cfb_tmp,cfb_iv,sizeof(cfb_iv));
 	n=0;
 	des_ede3_cfb64_encrypt(cfb_buf1,cfb_buf2,(long)17,ks,ks,ks,
-		(C_Block *)cfb_tmp,&n,DES_DECRYPT);
+			       &cfb_tmp,&n,DES_DECRYPT);
 	des_ede3_cfb64_encrypt(&(cfb_buf1[17]),&(cfb_buf2[17]),
-		(long)sizeof(plain)-17,ks,ks,ks,
-		(C_Block *)cfb_tmp,&n,DES_DECRYPT);
+			       sizeof(plain)-17,ks,ks,ks,
+			       &cfb_tmp,&n,DES_DECRYPT);
 	if (memcmp(plain,cfb_buf2,sizeof(plain)) != 0)
 		{
 		err=1;
@@ -886,4 +941,4 @@ unsigned char *cfb_cipher;
 	}
 
 #endif
-
+#endif
diff --git a/crypto/des/doIP b/crypto/des/doIP
deleted file mode 100644
index 18cf231303..0000000000
--- a/crypto/des/doIP
+++ /dev/null
@@ -1,46 +0,0 @@
-#!/usr/local/bin/perl
-
-@l=(
-	 0, 1, 2, 3, 4, 5, 6, 7,
-	 8, 9,10,11,12,13,14,15,
-	16,17,18,19,20,21,22,23,
-	24,25,26,27,28,29,30,31
-	);
-@r=(
-	32,33,34,35,36,37,38,39,
-	40,41,42,43,44,45,46,47,
-	48,49,50,51,52,53,54,55,
-	56,57,58,59,60,61,62,63
-	);
-
-require 'shifts.pl';
-
-sub PERM_OP
-	{
-	local(*a,*b,*t,$n,$m)=@_;
-
-	@z=&shift(*a,-$n);
-	@z=&xor(*b,*z);
-	@z=&and(*z,$m);
-	@b=&xor(*b,*z);
-	@z=&shift(*z,$n);
-	@a=&xor(*a,*z);
-	}
-
-
-@L=@l;
-@R=@r;
-&PERM_OP(*R,*L,*T,4,0x0f0f0f0f);
-&PERM_OP(*L,*R,*T,16,0x0000ffff);
-&PERM_OP(*R,*L,*T,2,0x33333333);
-&PERM_OP(*L,*R,*T,8,0x00ff00ff);
-&PERM_OP(*R,*L,*T,1,0x55555555);
-	&printit(@L);
-	&printit(@R);
-&PERM_OP(*R,*L,*T,1,0x55555555);
-&PERM_OP(*L,*R,*T,8,0x00ff00ff);
-&PERM_OP(*R,*L,*T,2,0x33333333);
-&PERM_OP(*L,*R,*T,16,0x0000ffff);
-&PERM_OP(*R,*L,*T,4,0x0f0f0f0f);
-	&printit(@L);
-	&printit(@R);
diff --git a/crypto/des/doPC1 b/crypto/des/doPC1
deleted file mode 100644
index 096afd8c46..0000000000
--- a/crypto/des/doPC1
+++ /dev/null
@@ -1,110 +0,0 @@
-#!/usr/local/bin/perl
-
-@l=(
-	 0, 1, 2, 3, 4, 5, 6, 7,
-	 8, 9,10,11,12,13,14,15,
-	16,17,18,19,20,21,22,23,
-	24,25,26,27,28,29,30,31
-	);
-@r=(
-	32,33,34,35,36,37,38,39,
-	40,41,42,43,44,45,46,47,
-	48,49,50,51,52,53,54,55,
-	56,57,58,59,60,61,62,63
-	);
-
-require 'shifts.pl';
-
-sub PERM_OP
-	{
-	local(*a,*b,*t,$n,$m)=@_;
-
-	@z=&shift(*a,-$n);
-	@z=&xor(*b,*z);
-	@z=&and(*z,$m);
-	@b=&xor(*b,*z);
-	@z=&shift(*z,$n);
-	@a=&xor(*a,*z);
-	}
-
-sub HPERM_OP2
-	{
-	local(*a,*t,$n,$m)=@_;
-	local(@x,@y,$i);
-
-	@z=&shift(*a,16-$n);
-	@z=&xor(*a,*z);
-	@z=&and(*z,$m);
-	@a=&xor(*a,*z);
-	@z=&shift(*z,$n-16);
-	@a=&xor(*a,*z);
-	}
-
-sub HPERM_OP
-        {
-        local(*a,*t,$n,$m)=@_;
-        local(@x,@y,$i);
-
-        for ($i=0; $i<16; $i++)
-                {
-                $x[$i]=$a[$i];
-                $y[$i]=$a[16+$i];
-                }
-        @z=&shift(*x,-$n);
-        @z=&xor(*y,*z);
-        @z=&and(*z,$m);
-        @y=&xor(*y,*z);
-        @z=&shift(*z,$n);
-        @x=&xor(*x,*z);
-        for ($i=0; $i<16; $i++)
-                {
-                $a[$i]=$x[$i];
-                $a[16+$i]=$y[$i];
-                }
-        }
-
-@L=@l;
-@R=@r;
-
-	print "---\n"; &printit(@R);
-&PERM_OP(*R,*L,*T,4,0x0f0f0f0f);
-	print "---\n"; &printit(@R);
-&HPERM_OP2(*L,*T,-2,0xcccc0000);
-&HPERM_OP2(*R,*T,-2,0xcccc0000);
-	print "---\n"; &printit(@R);
-&PERM_OP(*R,*L,*T,1,0x55555555);
-	print "---\n"; &printit(@R);
-&PERM_OP(*L,*R,*T,8,0x00ff00ff);
-	print "---\n"; &printit(@R);
-&PERM_OP(*R,*L,*T,1,0x55555555);
-	print "---\n"; &printit(@R);
-#	&printit(@L);
-	&printit(@R);
-print <<"EOF";
-==============================
-63  55  47  39  31  23  15   7  
-62  54  46  38  30  22  14   6  
-61  53  45  37  29  21  13   5  
-60  52  44  36  --  --  --  --  
-
-57  49  41  33  25  17   9   1  
-58  50  42  34  26  18  10   2  
-59  51  43  35  27  19  11   3  
-28  20  12   4  --  --  --  --  
-EOF
-exit(1);
-@A=&and(*R,0x000000ff);
-@A=&shift(*A,16);
-@B=&and(*R,0x0000ff00);
-@C=&and(*R,0x00ff0000);
-@C=&shift(*C,-16);
-@D=&and(*L,0xf0000000);
-@D=&shift(*D,-4);
-@A=&or(*A,*B);
-@B=&or(*D,*C);
-@R=&or(*A,*B);
-@L=&and(*L,0x0fffffff);
-
-	&printit(@L);
-	&printit(@R);
-
diff --git a/crypto/des/doPC2 b/crypto/des/doPC2
deleted file mode 100644
index fa5cf74cf7..0000000000
--- a/crypto/des/doPC2
+++ /dev/null
@@ -1,94 +0,0 @@
-#!/usr/local/bin/perl
-
-@PC2_C=(14,17,11,24, 1, 5,
-	 3,28,15, 6,21,10,
-	23,19,12, 4,26, 8,
-	16, 7,27,20,13, 2,
-	);
-
-@PC2_D=(41,52,31,37,47,55,
-	30,40,51,45,33,48,
-	44,49,39,56,34,53,
-	46,42,50,36,29,32,
-	);
-
-$i=0;
-foreach (@PC2_C) {
-	$_--;
-#	printf "%2d,",$_;
-	$C{$_}=$i;
-	++$i;
-#	print "\n" if ((($i) % 8) == 0);
-	}
-$i=0;
-#print "\n";
-foreach (@PC2_D) {
-	$_-=28;
-	$_--;
-#	printf "%2d,",$_;
-	$D{$_}=$i;
-	$i++;
-#	print "\n" if ((($i) % 8) == 0);
-	}
-
-#print "\n";
-foreach $i (0 .. 27)
-	{
-	$_=$C{$i};
-#	printf "%2d,",$_;
-	$i++;
-#	print "\n" if ((($i) % 8) == 0);
-	}
-#print "\n";
-
-#print "\n";
-foreach $i (0 .. 27)
-	{
-	$_=$D{$i};
-#	printf "%2d,",$_;
-	$i++;
-#	print "\n" if ((($i) % 8) == 0);
-	}
-#print "\n";
-
-print "static ulong skb[8][64]={\n";
-&doit("C",*C, 0, 1, 2, 3, 4, 5);
-&doit("C",*C, 6, 7, 9,10,11,12);
-&doit("C",*C,13,14,15,16,18,19);
-&doit("C",*C,20,22,23,25,26,27);
-
-&doit("D",*D, 0, 1, 2, 3, 4, 5);
-&doit("D",*D, 7, 8,10,11,12,13);
-&doit("D",*D,15,16,17,18,19,20);
-&doit("D",*D,21,22,23,24,26,27);
-print "};\n";
-
-sub doit
-	{
-	local($l,*A,@b)=@_;
-	local(@out);
-
-	printf("/* for $l bits (numbered as per FIPS 46) %d %d %d %d %d %d */\n",
-		$b[0]+1, $b[1]+1, $b[2]+1, $b[3]+1, $b[4]+1, $b[5]+1);
-	for ($i=0; $i<64; $i++)
-		{
-		$out[$i]=0;
-		$j=1;
-#print "\n";
-		for ($k=0; $k<6; $k++)
-			{
-			$l=$A{$b[$k]};
-#print"$l - ";
-			if ((1<<$k) & $i)
-				{
-				$ll=int($l/6)*8+($l%6);
-				$out[$i]|=1<<($ll);
-				}
-			}
-		$pp=$out[$i];
-		$pp=($pp&0xff0000ff)|   (($pp&0x00ff0000)>>8)|
-					(($pp&0x0000ff00)<<8);
-		printf("0x%08X,",$pp);
-		print "\n" if (($i+1) % 4 == 0);
-		}
-	}
diff --git a/crypto/des/ecb3_enc.c b/crypto/des/ecb3_enc.c
index 140f6b5285..c3437bc606 100644
--- a/crypto/des/ecb3_enc.c
+++ b/crypto/des/ecb3_enc.c
@@ -58,28 +58,24 @@
 
 #include "des_locl.h"
 
-void des_ecb3_encrypt(input, output, ks1, ks2, ks3, enc)
-des_cblock (*input);
-des_cblock (*output);
-des_key_schedule ks1;
-des_key_schedule ks2;
-des_key_schedule ks3;
-int enc;
+void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+		      DES_key_schedule *ks1, DES_key_schedule *ks2,
+		      DES_key_schedule *ks3,
+	     int enc)
 	{
 	register DES_LONG l0,l1;
-	register unsigned char *in,*out;
 	DES_LONG ll[2];
+	const unsigned char *in = &(*input)[0];
+	unsigned char *out = &(*output)[0];
 
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
 	c2l(in,l0);
 	c2l(in,l1);
 	ll[0]=l0;
 	ll[1]=l1;
 	if (enc)
-		des_encrypt3(ll,ks1,ks2,ks3);
+		DES_encrypt3(ll,ks1,ks2,ks3);
 	else
-		des_decrypt3(ll,ks1,ks2,ks3);
+		DES_decrypt3(ll,ks1,ks2,ks3);
 	l0=ll[0];
 	l1=ll[1];
 	l2c(l0,out);
diff --git a/crypto/des/ecb_enc.c b/crypto/des/ecb_enc.c
index 2f99ae5ddc..1b70f68806 100644
--- a/crypto/des/ecb_enc.c
+++ b/crypto/des/ecb_enc.c
@@ -57,21 +57,22 @@
  */
 
 #include "des_locl.h"
+#include "des_ver.h"
 #include "spr.h"
+#include <openssl/opensslv.h>
 
-char *libdes_version="libdes v 3.24 - 20-Apr-1996 - eay";
-char *DES_version="DES part of SSLeay 0.9.1a 06-Jul-1998";
+OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT;
+OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT;
 
-char *des_options()
+const char *DES_options(void)
 	{
 	static int init=1;
 	static char buf[32];
 
 	if (init)
 		{
-		char *ptr,*unroll,*risc,*size;
+		const char *ptr,*unroll,*risc,*size;
 
-		init=0;
 #ifdef DES_PTR
 		ptr="ptr";
 #else
@@ -97,28 +98,24 @@ char *des_options()
 		else
 			size="long";
 		sprintf(buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,size);
+		init=0;
 		}
 	return(buf);
 	}
 		
 
-void des_ecb_encrypt(input, output, ks, enc)
-des_cblock (*input);
-des_cblock (*output);
-des_key_schedule ks;
-int enc;
+void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
+		     DES_key_schedule *ks, int enc)
 	{
 	register DES_LONG l;
-	register unsigned char *in,*out;
 	DES_LONG ll[2];
+	const unsigned char *in = &(*input)[0];
+	unsigned char *out = &(*output)[0];
 
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
 	c2l(in,l); ll[0]=l;
 	c2l(in,l); ll[1]=l;
-	des_encrypt(ll,ks,enc);
+	DES_encrypt1(ll,ks,enc);
 	l=ll[0]; l2c(l,out);
 	l=ll[1]; l2c(l,out);
 	l=ll[0]=ll[1]=0;
 	}
-
diff --git a/crypto/des/ede_cbcm_enc.c b/crypto/des/ede_cbcm_enc.c
new file mode 100644
index 0000000000..fa45aa272b
--- /dev/null
+++ b/crypto/des/ede_cbcm_enc.c
@@ -0,0 +1,197 @@
+/* ede_cbcm_enc.c */
+/* Written by Ben Laurie <ben@algroup.co.uk> for the OpenSSL
+ * project 13 Feb 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+
+This is an implementation of Triple DES Cipher Block Chaining with Output
+Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom).
+
+Note that there is a known attack on this by Biham and Knudsen but it takes
+a lot of work:
+
+http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz
+
+*/
+
+#ifndef OPENSSL_NO_DESCBCM
+#include "des_locl.h"
+
+void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
+	     long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
+	     DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2,
+	     int enc)
+    {
+    register DES_LONG tin0,tin1;
+    register DES_LONG tout0,tout1,xor0,xor1,m0,m1;
+    register long l=length;
+    DES_LONG tin[2];
+    unsigned char *iv1,*iv2;
+
+    iv1 = &(*ivec1)[0];
+    iv2 = &(*ivec2)[0];
+
+    if (enc)
+	{
+	c2l(iv1,m0);
+	c2l(iv1,m1);
+	c2l(iv2,tout0);
+	c2l(iv2,tout1);
+	for (l-=8; l>=-7; l-=8)
+	    {
+	    tin[0]=m0;
+	    tin[1]=m1;
+	    DES_encrypt1(tin,ks3,1);
+	    m0=tin[0];
+	    m1=tin[1];
+
+	    if(l < 0)
+		{
+		c2ln(in,tin0,tin1,l+8);
+		}
+	    else
+		{
+		c2l(in,tin0);
+		c2l(in,tin1);
+		}
+	    tin0^=tout0;
+	    tin1^=tout1;
+
+	    tin[0]=tin0;
+	    tin[1]=tin1;
+	    DES_encrypt1(tin,ks1,1);
+	    tin[0]^=m0;
+	    tin[1]^=m1;
+	    DES_encrypt1(tin,ks2,0);
+	    tin[0]^=m0;
+	    tin[1]^=m1;
+	    DES_encrypt1(tin,ks1,1);
+	    tout0=tin[0];
+	    tout1=tin[1];
+
+	    l2c(tout0,out);
+	    l2c(tout1,out);
+	    }
+	iv1=&(*ivec1)[0];
+	l2c(m0,iv1);
+	l2c(m1,iv1);
+
+	iv2=&(*ivec2)[0];
+	l2c(tout0,iv2);
+	l2c(tout1,iv2);
+	}
+    else
+	{
+	register DES_LONG t0,t1;
+
+	c2l(iv1,m0);
+	c2l(iv1,m1);
+	c2l(iv2,xor0);
+	c2l(iv2,xor1);
+	for (l-=8; l>=-7; l-=8)
+	    {
+	    tin[0]=m0;
+	    tin[1]=m1;
+	    DES_encrypt1(tin,ks3,1);
+	    m0=tin[0];
+	    m1=tin[1];
+
+	    c2l(in,tin0);
+	    c2l(in,tin1);
+
+	    t0=tin0;
+	    t1=tin1;
+
+	    tin[0]=tin0;
+	    tin[1]=tin1;
+	    DES_encrypt1(tin,ks1,0);
+	    tin[0]^=m0;
+	    tin[1]^=m1;
+	    DES_encrypt1(tin,ks2,1);
+	    tin[0]^=m0;
+	    tin[1]^=m1;
+	    DES_encrypt1(tin,ks1,0);
+	    tout0=tin[0];
+	    tout1=tin[1];
+
+	    tout0^=xor0;
+	    tout1^=xor1;
+	    if(l < 0)
+		{
+		l2cn(tout0,tout1,out,l+8);
+		}
+	    else
+		{
+		l2c(tout0,out);
+		l2c(tout1,out);
+		}
+	    xor0=t0;
+	    xor1=t1;
+	    }
+
+	iv1=&(*ivec1)[0];
+	l2c(m0,iv1);
+	l2c(m1,iv1);
+
+	iv2=&(*ivec2)[0];
+	l2c(xor0,iv2);
+	l2c(xor1,iv2);
+	}
+    tin0=tin1=tout0=tout1=xor0=xor1=0;
+    tin[0]=tin[1]=0;
+    }
+#endif
diff --git a/crypto/des/ede_enc.c b/crypto/des/ede_enc.c
deleted file mode 100644
index 9f75dd1037..0000000000
--- a/crypto/des/ede_enc.c
+++ /dev/null
@@ -1,190 +0,0 @@
-/* crypto/des/ede_enc.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "des_locl.h"
-
-void des_ede3_cbc_encrypt(input, output, length, ks1, ks2, ks3, ivec, enc)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule ks1;
-des_key_schedule ks2;
-des_key_schedule ks3;
-des_cblock (*ivec);
-int enc;
-	{
-	register DES_LONG tin0,tin1;
-	register DES_LONG tout0,tout1,xor0,xor1;
-	register unsigned char *in,*out;
-	register long l=length;
-	DES_LONG tin[2];
-	unsigned char *iv;
-
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	iv=(unsigned char *)ivec;
-
-	if (enc)
-		{
-		c2l(iv,tout0);
-		c2l(iv,tout1);
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-			tin0^=tout0;
-			tin1^=tout1;
-
-			tin[0]=tin0;
-			tin[1]=tin1;
-			des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
-			tout0=tin[0];
-			tout1=tin[1];
-
-			l2c(tout0,out);
-			l2c(tout1,out);
-			}
-		if (l != -8)
-			{
-			c2ln(in,tin0,tin1,l+8);
-			tin0^=tout0;
-			tin1^=tout1;
-
-			tin[0]=tin0;
-			tin[1]=tin1;
-			des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
-			tout0=tin[0];
-			tout1=tin[1];
-
-			l2c(tout0,out);
-			l2c(tout1,out);
-			}
-		iv=(unsigned char *)ivec;
-		l2c(tout0,iv);
-		l2c(tout1,iv);
-		}
-	else
-		{
-		register DES_LONG t0,t1;
-
-		c2l(iv,xor0);
-		c2l(iv,xor1);
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-
-			t0=tin0;
-			t1=tin1;
-
-			tin[0]=tin0;
-			tin[1]=tin1;
-			des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
-			tout0=tin[0];
-			tout1=tin[1];
-
-			tout0^=xor0;
-			tout1^=xor1;
-			l2c(tout0,out);
-			l2c(tout1,out);
-			xor0=t0;
-			xor1=t1;
-			}
-		if (l != -8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-			
-			t0=tin0;
-			t1=tin1;
-
-			tin[0]=tin0;
-			tin[1]=tin1;
-			des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
-			tout0=tin[0];
-			tout1=tin[1];
-		
-			tout0^=xor0;
-			tout1^=xor1;
-			l2cn(tout0,tout1,out,l+8);
-			xor0=t0;
-			xor1=t1;
-			}
-
-		iv=(unsigned char *)ivec;
-		l2c(xor0,iv);
-		l2c(xor1,iv);
-		}
-	tin0=tin1=tout0=tout1=xor0=xor1=0;
-	tin[0]=tin[1]=0;
-	}
-
-#ifdef undef /* MACRO */
-void des_ede2_cbc_encrypt(input, output, length, ks1, ks2, ivec, enc)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule ks1;
-des_key_schedule ks2;
-des_cblock (*ivec);
-int enc;
-	{
-	des_ede3_cbc_encrypt(input,output,length,ks1,ks2,ks1,ivec,enc);
-	}
-#endif
-
diff --git a/crypto/des/enc_read.c b/crypto/des/enc_read.c
index e08a904d75..c70fb686b8 100644
--- a/crypto/des/enc_read.c
+++ b/crypto/des/enc_read.c
@@ -58,18 +58,34 @@
 
 #include <stdio.h>
 #include <errno.h>
+#include "cryptlib.h"
 #include "des_locl.h"
 
 /* This has some uglies in it but it works - even over sockets. */
 /*extern int errno;*/
-int des_rw_mode=DES_PCBC_MODE;
-
-int des_enc_read(fd, buf, len, sched, iv)
-int fd;
-char *buf;
-int len;
-des_key_schedule sched;
-des_cblock (*iv);
+OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode)=DES_PCBC_MODE;
+
+
+/*
+ * WARNINGS:
+ *
+ *  -  The data format used by DES_enc_write() and DES_enc_read()
+ *     has a cryptographic weakness: When asked to write more
+ *     than MAXWRITE bytes, DES_enc_write will split the data
+ *     into several chunks that are all encrypted
+ *     using the same IV.  So don't use these functions unless you
+ *     are sure you know what you do (in which case you might
+ *     not want to use them anyway).
+ *
+ *  -  This code cannot handle non-blocking sockets.
+ *
+ *  -  This function uses an internal state and thus cannot be
+ *     used on multiple files.
+ */
+
+
+int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
+		 DES_cblock *iv)
 	{
 	/* data to be unencrypted */
 	int net_num=0;
@@ -77,27 +93,27 @@ des_cblock (*iv);
 	/* extra unencrypted data 
 	 * for when a block of 100 comes in but is des_read one byte at
 	 * a time. */
-	static char *unnet=NULL;
+	static unsigned char *unnet=NULL;
 	static int unnet_start=0;
 	static int unnet_left=0;
-	static char *tmpbuf=NULL;
+	static unsigned char *tmpbuf=NULL;
 	int i;
 	long num=0,rnum;
 	unsigned char *p;
 
 	if (tmpbuf == NULL)
 		{
-		tmpbuf=(char *)malloc(BSIZE);
+		tmpbuf=OPENSSL_malloc(BSIZE);
 		if (tmpbuf == NULL) return(-1);
 		}
 	if (net == NULL)
 		{
-		net=(unsigned char *)malloc(BSIZE);
+		net=OPENSSL_malloc(BSIZE);
 		if (net == NULL) return(-1);
 		}
 	if (unnet == NULL)
 		{
-		unnet=(char *)malloc(BSIZE);
+		unnet=OPENSSL_malloc(BSIZE);
 		if (unnet == NULL) return(-1);
 		}
 	/* left over data from last decrypt */
@@ -109,7 +125,7 @@ des_cblock (*iv);
 			 * with the number of bytes we have - should always
 			 * check the return value */
 			memcpy(buf,&(unnet[unnet_start]),
-				(unsigned int)unnet_left);
+			       unnet_left);
 			/* eay 26/08/92 I had the next 2 lines
 			 * reversed :-( */
 			i=unnet_left;
@@ -117,7 +133,7 @@ des_cblock (*iv);
 			}
 		else
 			{
-			memcpy(buf,&(unnet[unnet_start]),(unsigned int)len);
+			memcpy(buf,&(unnet[unnet_start]),len);
 			unnet_start+=len;
 			unnet_left-=len;
 			i=len;
@@ -131,7 +147,7 @@ des_cblock (*iv);
 	/* first - get the length */
 	while (net_num < HDRSIZE) 
 		{
-		i=read(fd,&(net[net_num]),(unsigned int)HDRSIZE-net_num);
+		i=read(fd,(void *)&(net[net_num]),HDRSIZE-net_num);
 #ifdef EINTR
 		if ((i == -1) && (errno == EINTR)) continue;
 #endif
@@ -153,7 +169,7 @@ des_cblock (*iv);
 	net_num=0;
 	while (net_num < rnum)
 		{
-		i=read(fd,&(net[net_num]),(unsigned int)rnum-net_num);
+		i=read(fd,(void *)&(net[net_num]),rnum-net_num);
 #ifdef EINTR
 		if ((i == -1) && (errno == EINTR)) continue;
 #endif
@@ -164,15 +180,13 @@ des_cblock (*iv);
 	/* Check if there will be data left over. */
 	if (len < num)
 		{
-		if (des_rw_mode & DES_PCBC_MODE)
-			des_pcbc_encrypt((des_cblock *)net,(des_cblock *)unnet,
-				num,sched,iv,DES_DECRYPT);
+		if (DES_rw_mode & DES_PCBC_MODE)
+			DES_pcbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);
 		else
-			des_cbc_encrypt((des_cblock *)net,(des_cblock *)unnet,
-				num,sched,iv,DES_DECRYPT);
-		memcpy(buf,unnet,(unsigned int)len);
+			DES_cbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);
+		memcpy(buf,unnet,len);
 		unnet_start=len;
-		unnet_left=(int)num-len;
+		unnet_left=num-len;
 
 		/* The following line is done because we return num
 		 * as the number of bytes read. */
@@ -188,31 +202,27 @@ des_cblock (*iv);
 		if (len < rnum)
 			{
 
-			if (des_rw_mode & DES_PCBC_MODE)
-				des_pcbc_encrypt((des_cblock *)net,
-					(des_cblock *)tmpbuf,
-					num,sched,iv,DES_DECRYPT);
+			if (DES_rw_mode & DES_PCBC_MODE)
+				DES_pcbc_encrypt(net,tmpbuf,num,sched,iv,
+						 DES_DECRYPT);
 			else
-				des_cbc_encrypt((des_cblock *)net,
-					(des_cblock *)tmpbuf,
-					num,sched,iv,DES_DECRYPT);
+				DES_cbc_encrypt(net,tmpbuf,num,sched,iv,
+						DES_DECRYPT);
 
 			/* eay 26/08/92 fix a bug that returned more
 			 * bytes than you asked for (returned len bytes :-( */
-			memcpy(buf,tmpbuf,(unsigned int)num);
+			memcpy(buf,tmpbuf,num);
 			}
 		else
 			{
-			if (des_rw_mode & DES_PCBC_MODE)
-				des_pcbc_encrypt((des_cblock *)net,
-					(des_cblock *)buf,num,sched,iv,
-					DES_DECRYPT);
+			if (DES_rw_mode & DES_PCBC_MODE)
+				DES_pcbc_encrypt(net,buf,num,sched,iv,
+						 DES_DECRYPT);
 			else
-				des_cbc_encrypt((des_cblock *)net,
-					(des_cblock *)buf,num,sched,iv,
-					DES_DECRYPT);
+				DES_cbc_encrypt(net,buf,num,sched,iv,
+						DES_DECRYPT);
 			}
 		}
-	return((int)num);
+	return num;
 	}
 
diff --git a/crypto/des/enc_writ.c b/crypto/des/enc_writ.c
index 29a7330fb0..af5b8c2349 100644
--- a/crypto/des/enc_writ.c
+++ b/crypto/des/enc_writ.c
@@ -58,32 +58,44 @@
 
 #include <errno.h>
 #include <time.h>
+#include <stdio.h>
+#include "cryptlib.h"
 #include "des_locl.h"
+#include <openssl/rand.h>
 
-int des_enc_write(fd, buf, len, sched, iv)
-int fd;
-char *buf;
-int len;
-des_key_schedule sched;
-des_cblock (*iv);
+/*
+ * WARNINGS:
+ *
+ *  -  The data format used by DES_enc_write() and DES_enc_read()
+ *     has a cryptographic weakness: When asked to write more
+ *     than MAXWRITE bytes, DES_enc_write will split the data
+ *     into several chunks that are all encrypted
+ *     using the same IV.  So don't use these functions unless you
+ *     are sure you know what you do (in which case you might
+ *     not want to use them anyway).
+ *
+ *  -  This code cannot handle non-blocking sockets.
+ */
+
+int DES_enc_write(int fd, const void *_buf, int len,
+		  DES_key_schedule *sched, DES_cblock *iv)
 	{
 #ifdef _LIBC
-	extern int srandom();
 	extern unsigned long time();
-	extern int random();
 	extern int write();
 #endif
-
+	const unsigned char *buf=_buf;
 	long rnum;
 	int i,j,k,outnum;
-	static char *outbuf=NULL;
-	char shortbuf[8];
-	char *p;
+	static unsigned char *outbuf=NULL;
+	unsigned char shortbuf[8];
+	unsigned char *p;
+	const unsigned char *cp;
 	static int start=1;
 
 	if (outbuf == NULL)
 		{
-		outbuf=(char *)malloc(BSIZE+HDRSIZE);
+		outbuf=OPENSSL_malloc(BSIZE+HDRSIZE);
 		if (outbuf == NULL) return(-1);
 		}
 	/* If we are sending less than 8 bytes, the same char will look
@@ -91,7 +103,6 @@ des_cblock (*iv);
 	if (start)
 		{
 		start=0;
-		srandom((unsigned int)time(NULL));
 		}
 
 	/* lets recurse if we want to send the data in small chunks */
@@ -100,7 +111,7 @@ des_cblock (*iv);
 		j=0;
 		for (i=0; i<len; i+=k)
 			{
-			k=des_enc_write(fd,&(buf[i]),
+			k=DES_enc_write(fd,&(buf[i]),
 				((len-i) > MAXWRITE)?MAXWRITE:(len-i),sched,iv);
 			if (k < 0)
 				return(k);
@@ -117,40 +128,40 @@ des_cblock (*iv);
 	/* pad short strings */
 	if (len < 8)
 		{
-		p=shortbuf;
-		memcpy(shortbuf,buf,(unsigned int)len);
-		for (i=len; i<8; i++)
-			shortbuf[i]=random();
+		cp=shortbuf;
+		memcpy(shortbuf,buf,len);
+		RAND_pseudo_bytes(shortbuf+len, 8-len);
 		rnum=8;
 		}
 	else
 		{
-		p=buf;
+		cp=buf;
 		rnum=((len+7)/8*8); /* round up to nearest eight */
 		}
 
-	if (des_rw_mode & DES_PCBC_MODE)
-		des_pcbc_encrypt((des_cblock *)p,
-			(des_cblock *)&(outbuf[HDRSIZE]),
-			(long)((len<8)?8:len),sched,iv,DES_ENCRYPT); 
+	if (DES_rw_mode & DES_PCBC_MODE)
+		DES_pcbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,
+				 DES_ENCRYPT); 
 	else
-		des_cbc_encrypt((des_cblock *)p,
-			(des_cblock *)&(outbuf[HDRSIZE]),
-			(long)((len<8)?8:len),sched,iv,DES_ENCRYPT); 
+		DES_cbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,
+				DES_ENCRYPT); 
 
 	/* output */
-	outnum=(int)rnum+HDRSIZE;
+	outnum=rnum+HDRSIZE;
 
 	for (j=0; j<outnum; j+=i)
 		{
 		/* eay 26/08/92 I was not doing writing from where we
-		 * got upto. */
-		i=write(fd,&(outbuf[j]),(unsigned int)(outnum-j));
+		 * got up to. */
+		i=write(fd,(void *)&(outbuf[j]),outnum-j);
 		if (i == -1)
 			{
+#ifdef EINTR
 			if (errno == EINTR)
 				i=0;
-			else 	/* This is really a bad error - very bad
+			else
+#endif
+			        /* This is really a bad error - very bad
 				 * It will stuff-up both ends. */
 				return(-1);
 			}
diff --git a/crypto/des/fcrypt.c b/crypto/des/fcrypt.c
index 645e66a9ae..2758c32656 100644
--- a/crypto/des/fcrypt.c
+++ b/crypto/des/fcrypt.c
@@ -1,9 +1,16 @@
 /* NOCW */
 #include <stdio.h>
+#ifdef _OSD_POSIX
+#ifndef CHARSET_EBCDIC
+#define CHARSET_EBCDIC 1
+#endif
+#endif
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
 
-/* This version of crypt has been developed from my MIT compatable
+/* This version of crypt has been developed from my MIT compatible
  * DES library.
- * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
  * Eric Young (eay@cryptsoft.com)
  */
 
@@ -11,7 +18,7 @@
  * I have included directive PARA for shared memory computers.
  * I have included a directive LONGCRYPT to using this routine to cipher
  * passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN
- * definition is the maximum of lenght of password and can changed. I have
+ * definition is the maximum of length of password and can changed. I have
  * defined 24.
  */
 
@@ -51,48 +58,54 @@ static unsigned const char cov_2char[64]={
 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
 };
 
-#ifndef NOPROTO
-void fcrypt_body(DES_LONG *out,des_key_schedule ks,
-	DES_LONG Eswap0, DES_LONG Eswap1);
+void fcrypt_body(DES_LONG *out,DES_key_schedule *ks,
+		 DES_LONG Eswap0, DES_LONG Eswap1);
 
-#if defined(PERL5) || defined(__FreeBSD__)
-char *des_crypt(const char *buf,const char *salt);
-#else
-char *crypt(const char *buf,const char *salt);
-#endif
-#else
-void fcrypt_body();
-#if defined(PERL5) || defined(__FreeBSD__)
-char *des_crypt();
-#else
-char *crypt();
-#endif
-#endif
-
-#if defined(PERL5) || defined(__FreeBSD__)
-char *des_crypt(buf,salt)
-#else
-char *crypt(buf,salt)
-#endif
-const char *buf;
-const char *salt;
+char *DES_crypt(const char *buf, const char *salt)
 	{
 	static char buff[14];
 
-	return(des_fcrypt(buf,salt,buff));
+#ifndef CHARSET_EBCDIC
+	return(DES_fcrypt(buf,salt,buff));
+#else
+	char e_salt[2+1];
+	char e_buf[32+1];	/* replace 32 by 8 ? */
+	char *ret;
+
+	/* Copy at most 2 chars of salt */
+	if ((e_salt[0] = salt[0]) != '\0')
+	    e_salt[1] = salt[1];
+
+	/* Copy at most 32 chars of password */
+	strncpy (e_buf, buf, sizeof(e_buf));
+
+	/* Make sure we have a delimiter */
+	e_salt[sizeof(e_salt)-1] = e_buf[sizeof(e_buf)-1] = '\0';
+
+	/* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */
+	ebcdic2ascii(e_salt, e_salt, sizeof e_salt);
+
+	/* Convert the cleartext password to ASCII */
+	ebcdic2ascii(e_buf, e_buf, sizeof e_buf);
+
+	/* Encrypt it (from/to ASCII) */
+	ret = DES_fcrypt(e_buf,e_salt,buff);
+
+	/* Convert the result back to EBCDIC */
+	ascii2ebcdic(ret, ret, strlen(ret));
+	
+	return ret;
+#endif
 	}
 
 
-char *des_fcrypt(buf,salt,ret)
-const char *buf;
-const char *salt;
-char *ret;
+char *DES_fcrypt(const char *buf, const char *salt, char *ret)
 	{
 	unsigned int i,j,x,y;
 	DES_LONG Eswap0,Eswap1;
 	DES_LONG out[2],ll;
-	des_cblock key;
-	des_key_schedule ks;
+	DES_cblock key;
+	DES_key_schedule ks;
 	unsigned char bb[9];
 	unsigned char *b=bb;
 	unsigned char c,u;
@@ -103,12 +116,19 @@ char *ret;
 	 * returns *\0XXXXXXXXX
 	 * The \0 makes the string look like * so the pwd "*" would
 	 * crypt to "*".  This was found when replacing the crypt in
-	 * our shared libraries.  People found that the disbled
-	 * accounts effectivly had no passwd :-(. */
+	 * our shared libraries.  People found that the disabled
+	 * accounts effectively had no passwd :-(. */
+#ifndef CHARSET_EBCDIC
 	x=ret[0]=((salt[0] == '\0')?'A':salt[0]);
 	Eswap0=con_salt[x]<<2;
 	x=ret[1]=((salt[1] == '\0')?'A':salt[1]);
 	Eswap1=con_salt[x]<<6;
+#else
+	x=ret[0]=((salt[0] == '\0')?os_toascii['A']:salt[0]);
+	Eswap0=con_salt[x]<<2;
+	x=ret[1]=((salt[1] == '\0')?os_toascii['A']:salt[1]);
+	Eswap1=con_salt[x]<<6;
+#endif
 
 /* EAY
 r=strlen(buf);
@@ -123,8 +143,8 @@ r=(r+7)/8;
 	for (; i<8; i++)
 		key[i]=0;
 
-	des_set_key((des_cblock *)(key),ks);
-	fcrypt_body(&(out[0]),ks,Eswap0,Eswap1);
+	DES_set_key_unchecked(&key,&ks);
+	fcrypt_body(&(out[0]),&ks,Eswap0,Eswap1);
 
 	ll=out[0]; l2c(ll,b);
 	ll=out[1]; l2c(ll,b);
diff --git a/crypto/des/fcrypt_b.c b/crypto/des/fcrypt_b.c
index 1544634bc1..1390138787 100644
--- a/crypto/des/fcrypt_b.c
+++ b/crypto/des/fcrypt_b.c
@@ -58,7 +58,7 @@
 
 #include <stdio.h>
 
-/* This version of crypt has been developed from my MIT compatable
+/* This version of crypt has been developed from my MIT compatible
  * DES library.
  * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
  * Eric Young (eay@cryptsoft.com)
@@ -77,15 +77,12 @@
 #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
 	(a)=(a)^(t)^(t>>(16-(n))))\
 
-void fcrypt_body(out, ks, Eswap0, Eswap1)
-DES_LONG *out;
-des_key_schedule ks;
-DES_LONG Eswap0;
-DES_LONG Eswap1;
+void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0,
+		 DES_LONG Eswap1)
 	{
 	register DES_LONG l,r,t,u;
 #ifdef DES_PTR
-	register unsigned char *des_SP=(unsigned char *)des_SPtrans;
+	register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
 #endif
 	register DES_LONG *s;
 	register int j;
@@ -100,7 +97,7 @@ DES_LONG Eswap1;
 
 	for (j=0; j<25; j++)
 		{
-#ifdef DES_UNROLL
+#ifndef DES_UNROLL
 		register int i;
 
 		for (i=0; i<32; i+=8)
diff --git a/crypto/des/ncbc_enc.c b/crypto/des/ncbc_enc.c
index 1d1a368c22..fda23d522f 100644
--- a/crypto/des/ncbc_enc.c
+++ b/crypto/des/ncbc_enc.c
@@ -1,4 +1,9 @@
 /* crypto/des/ncbc_enc.c */
+/*
+ * #included by:
+ *    cbc_enc.c  (DES_cbc_encrypt)
+ *    des_enc.c  (DES_ncbc_encrypt)
+ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -58,24 +63,21 @@
 
 #include "des_locl.h"
 
-void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-int enc;
+#ifdef CBC_ENC_C__DONT_UPDATE_IV
+void DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+		     DES_key_schedule *_schedule, DES_cblock *ivec, int enc)
+#else
+void DES_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+		     DES_key_schedule *_schedule, DES_cblock *ivec, int enc)
+#endif
 	{
 	register DES_LONG tin0,tin1;
 	register DES_LONG tout0,tout1,xor0,xor1;
-	register unsigned char *in,*out;
 	register long l=length;
 	DES_LONG tin[2];
 	unsigned char *iv;
 
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	iv=(unsigned char *)ivec;
+	iv = &(*ivec)[0];
 
 	if (enc)
 		{
@@ -87,7 +89,7 @@ int enc;
 			c2l(in,tin1);
 			tin0^=tout0; tin[0]=tin0;
 			tin1^=tout1; tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			DES_encrypt1((DES_LONG *)tin,_schedule,DES_ENCRYPT);
 			tout0=tin[0]; l2c(tout0,out);
 			tout1=tin[1]; l2c(tout1,out);
 			}
@@ -96,13 +98,15 @@ int enc;
 			c2ln(in,tin0,tin1,l+8);
 			tin0^=tout0; tin[0]=tin0;
 			tin1^=tout1; tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			DES_encrypt1((DES_LONG *)tin,_schedule,DES_ENCRYPT);
 			tout0=tin[0]; l2c(tout0,out);
 			tout1=tin[1]; l2c(tout1,out);
 			}
-		iv=(unsigned char *)ivec;
+#ifndef CBC_ENC_C__DONT_UPDATE_IV
+		iv = &(*ivec)[0];
 		l2c(tout0,iv);
 		l2c(tout1,iv);
+#endif
 		}
 	else
 		{
@@ -112,7 +116,7 @@ int enc;
 			{
 			c2l(in,tin0); tin[0]=tin0;
 			c2l(in,tin1); tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			DES_encrypt1((DES_LONG *)tin,_schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			l2c(tout0,out);
@@ -120,11 +124,25 @@ int enc;
 			xor0=tin0;
 			xor1=tin1;
 			}
-		iv=(unsigned char *)ivec;
+		if (l != -8)
+			{
+			c2l(in,tin0); tin[0]=tin0;
+			c2l(in,tin1); tin[1]=tin1;
+			DES_encrypt1((DES_LONG *)tin,_schedule,DES_DECRYPT);
+			tout0=tin[0]^xor0;
+			tout1=tin[1]^xor1;
+			l2cn(tout0,tout1,out,l+8);
+#ifndef CBC_ENC_C__DONT_UPDATE_IV
+			xor0=tin0;
+			xor1=tin1;
+#endif
+			}
+#ifndef CBC_ENC_C__DONT_UPDATE_IV 
+		iv = &(*ivec)[0];
 		l2c(xor0,iv);
 		l2c(xor1,iv);
+#endif
 		}
 	tin0=tin1=tout0=tout1=xor0=xor1=0;
 	tin[0]=tin[1]=0;
 	}
-
diff --git a/crypto/des/ofb64ede.c b/crypto/des/ofb64ede.c
index 4b1b0199f1..26bbf9a6a7 100644
--- a/crypto/des/ofb64ede.c
+++ b/crypto/des/ofb64ede.c
@@ -62,24 +62,22 @@
  * used.  The extra state information to record how much of the
  * 64bit block we have used is contained in *num;
  */
-void des_ede3_ofb64_encrypt(in, out, length, k1,k2,k3, ivec, num)
-register unsigned char *in;
-register unsigned char *out;
-long length;
-des_key_schedule k1,k2,k3;
-des_cblock (*ivec);
-int *num;
+void DES_ede3_ofb64_encrypt(register const unsigned char *in,
+			    register unsigned char *out, long length,
+			    DES_key_schedule *k1, DES_key_schedule *k2,
+			    DES_key_schedule *k3, DES_cblock *ivec,
+			    int *num)
 	{
 	register DES_LONG v0,v1;
 	register int n= *num;
 	register long l=length;
-	des_cblock d;
+	DES_cblock d;
 	register char *dp;
 	DES_LONG ti[2];
 	unsigned char *iv;
 	int save=0;
 
-	iv=(unsigned char *)ivec;
+	iv = &(*ivec)[0];
 	c2l(iv,v0);
 	c2l(iv,v1);
 	ti[0]=v0;
@@ -93,7 +91,7 @@ int *num;
 			{
 			/* ti[0]=v0; */
 			/* ti[1]=v1; */
-			des_encrypt3((DES_LONG *)ti,k1,k2,k3);
+			DES_encrypt3(ti,k1,k2,k3);
 			v0=ti[0];
 			v1=ti[1];
 
@@ -109,7 +107,7 @@ int *num;
 		{
 /*		v0=ti[0];
 		v1=ti[1];*/
-		iv=(unsigned char *)ivec;
+		iv = &(*ivec)[0];
 		l2c(v0,iv);
 		l2c(v1,iv);
 		}
@@ -118,14 +116,10 @@ int *num;
 	}
 
 #ifdef undef /* MACRO */
-void des_ede2_ofb64_encrypt(in, out, length, k1,k2, ivec, num)
-register unsigned char *in;
-register unsigned char *out;
-long length;
-des_key_schedule k1,k2;
-des_cblock (*ivec);
-int *num;
+void DES_ede2_ofb64_encrypt(register unsigned char *in,
+	     register unsigned char *out, long length, DES_key_schedule k1,
+	     DES_key_schedule k2, DES_cblock (*ivec), int *num)
 	{
-	des_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num);
+	DES_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num);
 	}
 #endif
diff --git a/crypto/des/ofb64enc.c b/crypto/des/ofb64enc.c
index ea7e612697..8ca3d49dea 100644
--- a/crypto/des/ofb64enc.c
+++ b/crypto/des/ofb64enc.c
@@ -62,37 +62,33 @@
  * used.  The extra state information to record how much of the
  * 64bit block we have used is contained in *num;
  */
-void des_ofb64_encrypt(in, out, length, schedule, ivec, num)
-register unsigned char *in;
-register unsigned char *out;
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-int *num;
+void DES_ofb64_encrypt(register const unsigned char *in,
+		       register unsigned char *out, long length,
+		       DES_key_schedule *schedule, DES_cblock *ivec, int *num)
 	{
 	register DES_LONG v0,v1,t;
 	register int n= *num;
 	register long l=length;
-	des_cblock d;
-	register char *dp;
+	DES_cblock d;
+	register unsigned char *dp;
 	DES_LONG ti[2];
 	unsigned char *iv;
 	int save=0;
 
-	iv=(unsigned char *)ivec;
+	iv = &(*ivec)[0];
 	c2l(iv,v0);
 	c2l(iv,v1);
 	ti[0]=v0;
 	ti[1]=v1;
-	dp=(char *)d;
+	dp=d;
 	l2c(v0,dp);
 	l2c(v1,dp);
 	while (l--)
 		{
 		if (n == 0)
 			{
-			des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
-			dp=(char *)d;
+			DES_encrypt1(ti,schedule,DES_ENCRYPT);
+			dp=d;
 			t=ti[0]; l2c(t,dp);
 			t=ti[1]; l2c(t,dp);
 			save++;
@@ -104,7 +100,7 @@ int *num;
 		{
 		v0=ti[0];
 		v1=ti[1];
-		iv=(unsigned char *)ivec;
+		iv = &(*ivec)[0];
 		l2c(v0,iv);
 		l2c(v1,iv);
 		}
diff --git a/crypto/des/ofb_enc.c b/crypto/des/ofb_enc.c
index 4db0cdbd60..e887a3c6f4 100644
--- a/crypto/des/ofb_enc.c
+++ b/crypto/des/ofb_enc.c
@@ -64,13 +64,9 @@
  * the second.  The second 12 bits will come from the 3rd and half the 4th
  * byte.
  */
-void des_ofb_encrypt(in, out, numbits, length, schedule, ivec)
-unsigned char *in;
-unsigned char *out;
-int numbits;
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
+void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+		     long length, DES_key_schedule *schedule,
+		     DES_cblock *ivec)
 	{
 	register DES_LONG d0,d1,vv0,vv1,v0,v1,n=(numbits+7)/8;
 	register DES_LONG mask0,mask1;
@@ -97,7 +93,7 @@ des_cblock (*ivec);
 		mask1=0x00000000L;
 		}
 
-	iv=(unsigned char *)ivec;
+	iv = &(*ivec)[0];
 	c2l(iv,v0);
 	c2l(iv,v1);
 	ti[0]=v0;
@@ -106,7 +102,7 @@ des_cblock (*ivec);
 		{
 		ti[0]=v0;
 		ti[1]=v1;
-		des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT);
+		DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
 		vv0=ti[0];
 		vv1=ti[1];
 		c2ln(in,d0,d1,n);
@@ -131,7 +127,7 @@ des_cblock (*ivec);
 			v1=((v1>>num)|(vv0<<(32-num)))&0xffffffffL;
 			}
 		}
-	iv=(unsigned char *)ivec;
+	iv = &(*ivec)[0];
 	l2c(v0,iv);
 	l2c(v1,iv);
 	v0=v1=d0=d1=ti[0]=ti[1]=vv0=vv1=0;
diff --git a/crypto/des/pcbc_enc.c b/crypto/des/pcbc_enc.c
index 4513207d90..17a40f9520 100644
--- a/crypto/des/pcbc_enc.c
+++ b/crypto/des/pcbc_enc.c
@@ -58,21 +58,18 @@
 
 #include "des_locl.h"
 
-void des_pcbc_encrypt(input, output, length, schedule, ivec, enc)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-int enc;
+void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+		      long length, DES_key_schedule *schedule,
+		      DES_cblock *ivec, int enc)
 	{
 	register DES_LONG sin0,sin1,xor0,xor1,tout0,tout1;
 	DES_LONG tin[2];
-	unsigned char *in,*out,*iv;
+	const unsigned char *in;
+	unsigned char *out,*iv;
 
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	iv=(unsigned char *)ivec;
+	in=input;
+	out=output;
+	iv = &(*ivec)[0];
 
 	if (enc)
 		{
@@ -89,7 +86,7 @@ int enc;
 				c2ln(in,sin0,sin1,length);
 			tin[0]=sin0^xor0;
 			tin[1]=sin1^xor1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			DES_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
 			tout0=tin[0];
 			tout1=tin[1];
 			xor0=sin0^tout0;
@@ -107,7 +104,7 @@ int enc;
 			c2l(in,sin1);
 			tin[0]=sin0;
 			tin[1]=sin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			DES_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0;
 			tout1=tin[1]^xor1;
 			if (length >= 8)
diff --git a/crypto/des/podd.h b/crypto/des/podd.h
deleted file mode 100644
index 1b2bfe0843..0000000000
--- a/crypto/des/podd.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/* crypto/des/podd.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-static const unsigned char odd_parity[256]={
-  1,  1,  2,  2,  4,  4,  7,  7,  8,  8, 11, 11, 13, 13, 14, 14,
- 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
- 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
- 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
- 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
- 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
- 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
-112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
-128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
-145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
-161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
-176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
-193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
-208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
-224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
-241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
diff --git a/crypto/des/qud_cksm.c b/crypto/des/qud_cksm.c
index 8526abf334..dac201227e 100644
--- a/crypto/des/qud_cksm.c
+++ b/crypto/des/qud_cksm.c
@@ -73,28 +73,32 @@
 /* Got the value MIT uses via brute force :-) 2/10/90 eay */
 #define NOISE	((DES_LONG)83653421L)
 
-DES_LONG des_quad_cksum(input, output, length, out_count, seed)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-int out_count;
-des_cblock (*seed);
+DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
+	     long length, int out_count, DES_cblock *seed)
 	{
 	DES_LONG z0,z1,t0,t1;
 	int i;
 	long l;
-	unsigned char *cp;
-	unsigned char *lp;
+	const unsigned char *cp;
+#ifdef _CRAY
+	struct lp_st { int a:32; int b:32; } *lp;
+#else
+	DES_LONG *lp;
+#endif
 
 	if (out_count < 1) out_count=1;
-	lp=(unsigned char *)output;
+#ifdef _CRAY
+	lp = (struct lp_st *) &(output[0])[0];
+#else
+	lp = (DES_LONG *) &(output[0])[0];
+#endif
 
 	z0=Q_B0((*seed)[0])|Q_B1((*seed)[1])|Q_B2((*seed)[2])|Q_B3((*seed)[3]);
 	z1=Q_B0((*seed)[4])|Q_B1((*seed)[5])|Q_B2((*seed)[6])|Q_B3((*seed)[7]);
 
 	for (i=0; ((i<4)&&(i<out_count)); i++)
 		{
-		cp=(unsigned char *)input;
+		cp=input;
 		l=length;
 		while (l > 0)
 			{
@@ -118,25 +122,16 @@ des_cblock (*seed);
 			}
 		if (lp != NULL)
 			{
-			/* I believe I finally have things worked out.
-			 * The MIT library assumes that the checksum
-			 * is one huge number and it is returned in a
-			 * host dependant byte order.
-			 */
-			static DES_LONG ltmp=1;
-			static unsigned char *c=(unsigned char *)&ltmp;
-
-			if (c[0])
-				{
-				l2c(z0,lp);
-				l2c(z1,lp);
-				}
-			else
-				{
-				lp=output[out_count-i-1];
-				l2n(z1,lp);
-				l2n(z0,lp);
-				}
+			/* The MIT library assumes that the checksum is
+			 * composed of 2*out_count 32 bit ints */
+#ifdef _CRAY
+			(*lp).a = z0;
+			(*lp).b = z1;
+			lp++;
+#else
+			*lp++ = z0;
+			*lp++ = z1;
+#endif
 			}
 		}
 	return(z0);
diff --git a/crypto/des/rand_key.c b/crypto/des/rand_key.c
index 8c30bd029a..2398165568 100644
--- a/crypto/des/rand_key.c
+++ b/crypto/des/rand_key.c
@@ -1,118 +1,68 @@
 /* crypto/des/rand_key.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
 
-#include "des_locl.h"
-#include <time.h>
+#include <openssl/des.h>
+#include <openssl/rand.h>
 
-static int seed=0;
-static des_cblock init;
-
-void des_random_seed(key)
-des_cblock key;
-	{
-	memcpy(init,key,sizeof(des_cblock));
-	seed=1;
-	}
-
-void des_random_key(ret)
-unsigned char *ret;
+int DES_random_key(DES_cblock *ret)
 	{
-	des_key_schedule ks;
-	static DES_LONG c=0;
-	static unsigned short pid=0;
-	static des_cblock data={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef};
-	des_cblock key;
-	unsigned char *p;
-	DES_LONG t;
-	int i;
-
-#ifdef MSDOS
-	pid=1;
-#else
-	if (!pid) pid=getpid();
-#endif
-	p=key;
-	if (seed)
+	do
 		{
-		for (i=0; i<8; i++)
-			{
-			data[i] ^= init[i];
-			init[i]=0;
-			}
-		seed=0;
-		}
-	t=(DES_LONG)time(NULL);
-	l2c(t,p);
-	t=(DES_LONG)((pid)|((c++)<<16));
-	l2c(t,p);
-
-	des_set_odd_parity((des_cblock *)data);
-	des_set_key((des_cblock *)data,ks);
-	des_cbc_cksum((des_cblock *)key,(des_cblock *)key,
-		(long)sizeof(key),ks,(des_cblock *)data);
-
-	des_set_odd_parity((des_cblock *)key);
-	des_set_key((des_cblock *)key,ks);
-	des_cbc_cksum((des_cblock *)key,(des_cblock *)data,
-		(long)sizeof(key),ks,(des_cblock *)key);
-
-	memcpy(ret,data,sizeof(key));
-	memset(key,0,sizeof(key));
-	memset(ks,0,sizeof(ks));
-	t=0;
+		if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
+			return (0);
+		} while (DES_is_weak_key(ret));
+	DES_set_odd_parity(ret);
+	return (1);
 	}
diff --git a/crypto/des/ranlib.sh b/crypto/des/ranlib.sh
deleted file mode 100644
index 543f712c6b..0000000000
--- a/crypto/des/ranlib.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-
-cwd=`pwd`
-cd /tmp
-
-if [ -s /bin/ranlib ] ; then 
-	RL=/bin/ranlib
-else if [ -s /usr/bin/ranlib ] ; then
-	RL=/usr/bin/ranlib
-fi
-fi
-
-if [ "x$RL" != "x" ]
-then
-	case "$1" in
-		/*)  
-		$RL "$1"
-		;;
-		*)
-		$RL "$cwd/$1"
-		;;
-	esac
-fi
diff --git a/crypto/des/read2pwd.c b/crypto/des/read2pwd.c
index a0d53793e4..3a63c4016c 100644
--- a/crypto/des/read2pwd.c
+++ b/crypto/des/read2pwd.c
@@ -1,4 +1,57 @@
 /* crypto/des/read2pwd.c */
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,35 +109,31 @@
  * [including the GNU Public Licence.]
  */
 
-#include "des_locl.h"
+#include <string.h>
+#include <openssl/des.h>
+#include <openssl/ui.h>
 
-int des_read_password(key, prompt, verify)
-des_cblock (*key);
-char *prompt;
-int verify;
+int DES_read_password(DES_cblock *key, const char *prompt, int verify)
 	{
 	int ok;
 	char buf[BUFSIZ],buff[BUFSIZ];
 
-	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
-		des_string_to_key(buf,key);
-	memset(buf,0,BUFSIZ);
-	memset(buff,0,BUFSIZ);
+	if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+		DES_string_to_key(buf,key);
+	OPENSSL_cleanse(buf,BUFSIZ);
+	OPENSSL_cleanse(buff,BUFSIZ);
 	return(ok);
 	}
 
-int des_read_2passwords(key1, key2, prompt, verify)
-des_cblock (*key1);
-des_cblock (*key2);
-char *prompt;
-int verify;
+int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,
+	     int verify)
 	{
 	int ok;
 	char buf[BUFSIZ],buff[BUFSIZ];
 
-	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
-		des_string_to_2keys(buf,key1,key2);
-	memset(buf,0,BUFSIZ);
-	memset(buff,0,BUFSIZ);
+	if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+		DES_string_to_2keys(buf,key1,key2);
+	OPENSSL_cleanse(buf,BUFSIZ);
+	OPENSSL_cleanse(buff,BUFSIZ);
 	return(ok);
 	}
diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c
index 99920f2f86..ce5fa00a37 100644
--- a/crypto/des/read_pwd.c
+++ b/crypto/des/read_pwd.c
@@ -56,20 +56,57 @@
  * [including the GNU Public Licence.]
  */
 
+#include <openssl/e_os2.h>
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WIN32)
+#ifdef OPENSSL_UNISTD
+# include OPENSSL_UNISTD
+#else
+# include <unistd.h>
+#endif
+/* If unistd.h defines _POSIX_VERSION, we conclude that we
+ * are on a POSIX system and have sigaction and termios. */
+#if defined(_POSIX_VERSION)
+
+# define SIGACTION
+# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
+# define TERMIOS
+# endif
+
+#endif
+#endif
+
 /* #define SIGACTION */ /* Define this if you have sigaction() */
+
 #ifdef WIN16TTY
-#undef WIN16
+#undef OPENSSL_SYS_WIN16
 #undef _WINDOWS
 #include <graph.h>
 #endif
 
 /* 06-Apr-92 Luke Brennan    Support for VMS */
 #include "des_locl.h"
+#include "cryptlib.h"
 #include <signal.h>
+#include <stdio.h>
 #include <string.h>
 #include <setjmp.h>
 #include <errno.h>
 
+#ifdef OPENSSL_SYS_VMS			/* prototypes for sys$whatever */
+#include <starlet.h>
+#ifdef __DECC
+#pragma message disable DOLLARID
+#endif
+#endif
+
+#ifdef WIN_CONSOLE_BUG
+#include <windows.h>
+#ifndef OPENSSL_SYS_WINCE
+#include <wincon.h>
+#endif
+#endif
+
+
 /* There are 5 types of terminal interface supported,
  * TERMIO, TERMIOS, VMS, MSDOS and SGTTY
  */
@@ -92,12 +129,18 @@
 #undef  SGTTY
 #endif
 
-#if !defined(TERMIO) && !defined(TERMIOS) && !defined(VMS) && !defined(MSDOS)
+#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) && !defined(MAC_OS_pre_X) && !defined(MAC_OS_GUSI_SOURCE)
 #undef  TERMIOS
 #undef  TERMIO
 #define SGTTY
 #endif
 
+#if defined(OPENSSL_SYS_VXWORKS)
+#undef TERMIOS
+#undef TERMIO
+#undef SGTTY
+#endif
+
 #ifdef TERMIOS
 #include <termios.h>
 #define TTY_STRUCT		struct termios
@@ -122,16 +165,16 @@
 #define TTY_set(tty,data)	ioctl(tty,TIOCSETP,data)
 #endif
 
-#if !defined(_LIBC) && !defined(MSDOS) && !defined(VMS)
+#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(MAC_OS_pre_X)
 #include <sys/ioctl.h>
 #endif
 
-#ifdef MSDOS
+#if defined(OPENSSL_SYS_MSDOS) && !defined(__CYGWIN32__) && !defined(OPENSSL_SYS_WINCE)
 #include <conio.h>
 #define fgets(a,b,c) noecho_fgets(a,b,c)
 #endif
 
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 #include <ssdef.h>
 #include <iodef.h>
 #include <ttdef.h>
@@ -143,57 +186,65 @@ struct IOSB {
 	};
 #endif
 
+#if defined(MAC_OS_pre_X) || defined(MAC_OS_GUSI_SOURCE)
+/*
+ * This one needs work. As a matter of fact the code is unoperational
+ * and this is only a trick to get it compiled.
+ *					<appro@fy.chalmers.se>
+ */
+#define TTY_STRUCT int
+#endif
+
 #ifndef NX509_SIG
 #define NX509_SIG 32
 #endif
 
-#ifndef NOPROTO
 static void read_till_nl(FILE *);
 static void recsig(int);
 static void pushsig(void);
 static void popsig(void);
-#if defined(MSDOS) && !defined(WIN16)
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16)
 static int noecho_fgets(char *buf, int size, FILE *tty);
 #endif
-#else
-static void read_till_nl();
-static void recsig();
-static void pushsig();
-static void popsig();
-#if defined(MSDOS) && !defined(WIN16)
-static int noecho_fgets();
-#endif
-#endif
-
 #ifdef SIGACTION
  static struct sigaction savsig[NX509_SIG];
 #else
-# ifndef NOPROTO
   static void (*savsig[NX509_SIG])(int );
-# else
-  static void (*savsig[NX509_SIG])();
-# endif
 #endif
 static jmp_buf save;
 
-int des_read_pw_string(buf, length, prompt, verify)
-char *buf;
-int length;
-char *prompt;
-int verify;
+int des_read_pw_string(char *buf, int length, const char *prompt,
+	     int verify)
 	{
 	char buff[BUFSIZ];
 	int ret;
 
 	ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
-	memset(buff,0,BUFSIZ);
+	OPENSSL_cleanse(buff,BUFSIZ);
 	return(ret);
 	}
 
-#ifndef WIN16
+#ifdef OPENSSL_SYS_WINCE
+
+int des_read_pw(char *buf, char *buff, int size, const char *prompt, int verify)
+	{ 
+	memset(buf,0,size);
+	memset(buff,0,size);
+	return(0);
+	}
+
+#elif defined(OPENSSL_SYS_WIN16)
+
+int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify)
+	{ 
+	memset(buf,0,size);
+	memset(buff,0,size);
+	return(0);
+	}
+
+#else /* !OPENSSL_SYS_WINCE && !OPENSSL_SYS_WIN16 */
 
-static void read_till_nl(in)
-FILE *in;
+static void read_till_nl(FILE *in)
 	{
 #define SIZE 4
 	char buf[SIZE+1];
@@ -205,41 +256,54 @@ FILE *in;
 
 
 /* return 0 if ok, 1 (or -1) otherwise */
-int des_read_pw(buf, buff, size, prompt, verify)
-char *buf;
-char *buff;
-int size;
-char *prompt;
-int verify;
+int des_read_pw(char *buf, char *buff, int size, const char *prompt,
+	     int verify)
 	{
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 	struct IOSB iosb;
 	$DESCRIPTOR(terminal,"TT");
 	long tty_orig[3], tty_new[3];
 	long status;
 	unsigned short channel = 0;
 #else
-#ifndef MSDOS
+#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
 	TTY_STRUCT tty_orig,tty_new;
 #endif
 #endif
-	int number=5;
-	int ok=0;
-	int ps=0;
-	int is_a_tty=1;
-
-	FILE *tty=NULL;
+	int number;
+	int ok;
+	/* statics are simply to avoid warnings about longjmp clobbering
+	   things */
+	static int ps;
+	int is_a_tty;
+	static FILE *tty;
 	char *p;
 
-#ifndef MSDOS
-	if ((tty=fopen("/dev/tty","r")) == NULL)
-		tty=stdin;
-#else /* MSDOS */
+	if (setjmp(save))
+		{
+		ok=0;
+		goto error;
+		}
+
+	number=5;
+	ok=0;
+	ps=0;
+	is_a_tty=1;
+	tty=NULL;
+
+#ifdef OPENSSL_SYS_MSDOS
 	if ((tty=fopen("con","r")) == NULL)
 		tty=stdin;
-#endif /* MSDOS */
+#elif defined(MAC_OS_pre_X) || defined(OPENSSL_SYS_VXWORKS)
+	tty=stdin;
+#else
+#ifndef OPENSSL_SYS_MPE
+	if ((tty=fopen("/dev/tty","r")) == NULL)
+#endif
+		tty=stdin;
+#endif
 
-#if defined(TTY_get) && !defined(VMS)
+#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
 	if (TTY_get(fileno(tty),&tty_orig) == -1)
 		{
 #ifdef ENOTTY
@@ -258,20 +322,15 @@ int verify;
 		}
 	memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
 #endif
-#ifdef VMS
-	status = SYS$ASSIGN(&terminal,&channel,0,0);
+#ifdef OPENSSL_SYS_VMS
+	status = sys$assign(&terminal,&channel,0,0);
 	if (status != SS$_NORMAL)
 		return(-1);
-	status=SYS$QIOW(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0);
+	status=sys$qiow(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0);
 	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
 		return(-1);
 #endif
 
-	if (setjmp(save))
-		{
-		ok=0;
-		goto error;
-		}
 	pushsig();
 	ps=1;
 
@@ -279,15 +338,19 @@ int verify;
 	tty_new.TTY_FLAGS &= ~ECHO;
 #endif
 
-#if defined(TTY_set) && !defined(VMS)
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
 	if (is_a_tty && (TTY_set(fileno(tty),&tty_new) == -1))
+#ifdef OPENSSL_SYS_MPE 
+		; /* MPE lies -- echo really has been disabled */
+#else
 		return(-1);
 #endif
-#ifdef VMS
+#endif
+#ifdef OPENSSL_SYS_VMS
 	tty_new[0] = tty_orig[0];
 	tty_new[1] = tty_orig[1] | TT$M_NOECHO;
 	tty_new[2] = tty_orig[2];
-	status = SYS$QIOW(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
+	status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
 	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
 		return(-1);
 #endif
@@ -329,46 +392,36 @@ int verify;
 
 error:
 	fprintf(stderr,"\n");
-#ifdef DEBUG
+#if 0
 	perror("fgets(tty)");
 #endif
 	/* What can we do if there is an error? */
-#if defined(TTY_set) && !defined(VMS) 
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
 	if (ps >= 2) TTY_set(fileno(tty),&tty_orig);
 #endif
-#ifdef VMS
+#ifdef OPENSSL_SYS_VMS
 	if (ps >= 2)
-		status = SYS$QIOW(0,channel,IO$_SETMODE,&iosb,0,0
+		status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0
 			,tty_orig,12,0,0,0,0);
 #endif
 	
 	if (ps >= 1) popsig();
 	if (stdin != tty) fclose(tty);
-#ifdef VMS
-	status = SYS$DASSGN(channel);
+#ifdef OPENSSL_SYS_VMS
+	status = sys$dassgn(channel);
 #endif
 	return(!ok);
 	}
 
-#else /* WIN16 */
-
-int des_read_pw(buf, buff, size, prompt, verify)
-char *buf;
-char *buff;
-int size;
-char *prompt;
-int verify;
-	{ 
-	memset(buf,0,size);
-	memset(buff,0,size);
-	return(0);
-	}
-
-#endif
-
-static void pushsig()
+static void pushsig(void)
 	{
 	int i;
+#ifdef SIGACTION
+	struct sigaction sa;
+
+	memset(&sa,0,sizeof sa);
+	sa.sa_handler=recsig;
+#endif
 
 	for (i=1; i<NX509_SIG; i++)
 		{
@@ -381,7 +434,7 @@ static void pushsig()
 			continue;
 #endif
 #ifdef SIGACTION
-		sigaction(i,NULL,&savsig[i]);
+		sigaction(i,&sa,&savsig[i]);
 #else
 		savsig[i]=signal(i,recsig);
 #endif
@@ -392,7 +445,7 @@ static void pushsig()
 #endif
 	}
 
-static void popsig()
+static void popsig(void)
 	{
 	int i;
 
@@ -414,8 +467,7 @@ static void popsig()
 		}
 	}
 
-static void recsig(i)
-int i;
+static void recsig(int i)
 	{
 	longjmp(save,1);
 #ifdef LINT
@@ -423,11 +475,8 @@ int i;
 #endif
 	}
 
-#if defined(MSDOS) && !defined(WIN16)
-static int noecho_fgets(buf,size,tty)
-char *buf;
-int size;
-FILE *tty;
+#ifdef OPENSSL_SYS_MSDOS
+static int noecho_fgets(char *buf, int size, FILE *tty)
 	{
 	int i;
 	char *p;
@@ -454,6 +503,19 @@ FILE *tty;
 			break;
 			}
 		}
+#ifdef WIN_CONSOLE_BUG
+/* Win95 has several evil console bugs: one of these is that the
+ * last character read using getch() is passed to the next read: this is
+ * usually a CR so this can be trouble. No STDIO fix seems to work but
+ * flushing the console appears to do the trick.
+ */
+		{
+			HANDLE inh;
+			inh = GetStdHandle(STD_INPUT_HANDLE);
+			FlushConsoleInputBuffer(inh);
+		}
+#endif
 	return(strlen(buf));
 	}
 #endif
+#endif /* !OPENSSL_SYS_WINCE && !WIN16 */
diff --git a/crypto/des/rpc_enc.c b/crypto/des/rpc_enc.c
index 7c1da1f538..d937d08da5 100644
--- a/crypto/des/rpc_enc.c
+++ b/crypto/des/rpc_enc.c
@@ -60,32 +60,23 @@
 #include "des_locl.h"
 #include "des_ver.h"
 
-#ifndef NOPROTO
 int _des_crypt(char *buf,int len,struct desparams *desp);
-#else
-int _des_crypt();
-#endif
-
-int _des_crypt(buf, len, desp)
-char *buf;
-int len;
-struct desparams *desp;
+int _des_crypt(char *buf, int len, struct desparams *desp)
 	{
-	des_key_schedule ks;
+	DES_key_schedule ks;
 	int enc;
 
-	des_set_key((des_cblock *)desp->des_key,ks);
+	DES_set_key_unchecked(&desp->des_key,&ks);
 	enc=(desp->des_dir == ENCRYPT)?DES_ENCRYPT:DES_DECRYPT;
 
 	if (desp->des_mode == CBC)
-		des_ecb_encrypt((des_cblock *)desp->UDES.UDES_buf,
-				(des_cblock *)desp->UDES.UDES_buf,ks,enc);
+		DES_ecb_encrypt((const_DES_cblock *)desp->UDES.UDES_buf,
+				(DES_cblock *)desp->UDES.UDES_buf,&ks,
+				enc);
 	else
 		{
-		des_ncbc_encrypt((des_cblock *)desp->UDES.UDES_buf,
-				(des_cblock *)desp->UDES.UDES_buf,
-				(long)len,ks,
-				(des_cblock *)desp->des_ivec,enc);
+		DES_ncbc_encrypt(desp->UDES.UDES_buf,desp->UDES.UDES_buf,
+				len,&ks,&desp->des_ivec,enc);
 #ifdef undef
 		/* len will always be %8 if called from common_crypt
 		 * in secure_rpc.
diff --git a/crypto/des/rpw.c b/crypto/des/rpw.c
index 6447ed9cf0..8a9473c4f9 100644
--- a/crypto/des/rpw.c
+++ b/crypto/des/rpw.c
@@ -57,17 +57,15 @@
  */
 
 #include <stdio.h>
-#include "des.h"
+#include <openssl/des.h>
 
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
-	des_cblock k,k1;
+	DES_cblock k,k1;
 	int i;
 
 	printf("read passwd\n");
-	if ((i=des_read_password((C_Block *)k,"Enter password:",0)) == 0)
+	if ((i=des_read_password(&k,"Enter password:",0)) == 0)
 		{
 		printf("password = ");
 		for (i=0; i<8; i++)
@@ -77,7 +75,7 @@ char *argv[];
 		printf("error %d\n",i);
 	printf("\n");
 	printf("read 2passwds and verify\n");
-	if ((i=des_read_2passwords((C_Block *)k,(C_Block *)k1,
+	if ((i=des_read_2passwords(&k,&k1,
 		"Enter verified password:",1)) == 0)
 		{
 		printf("password1 = ");
diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c
index fe966fd255..143008ed9c 100644
--- a/crypto/des/set_key.c
+++ b/crypto/des/set_key.c
@@ -64,19 +64,28 @@
  * 1.0 First working version
  */
 #include "des_locl.h"
-#include "podd.h"
-#include "sk.h"
 
-#ifndef NOPROTO
-static int check_parity(des_cblock (*key));
-#else
-static int check_parity();
-#endif
+OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key);	/* defaults to false */
 
-int des_check_key=0;
+static const unsigned char odd_parity[256]={
+  1,  1,  2,  2,  4,  4,  7,  7,  8,  8, 11, 11, 13, 13, 14, 14,
+ 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
+ 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
+ 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
+ 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
+ 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
+ 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
+112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
+128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
+145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
+161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
+176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
+193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
+208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
+224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
+241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
 
-void des_set_odd_parity(key)
-des_cblock (*key);
+void DES_set_odd_parity(DES_cblock *key)
 	{
 	int i;
 
@@ -84,8 +93,7 @@ des_cblock (*key);
 		(*key)[i]=odd_parity[(*key)[i]];
 	}
 
-static int check_parity(key)
-des_cblock (*key);
+int DES_check_key_parity(const_DES_cblock *key)
 	{
 	int i;
 
@@ -107,7 +115,7 @@ des_cblock (*key);
  * (and actual cblock values).
  */
 #define NUM_WEAK_KEY	16
-static des_cblock weak_keys[NUM_WEAK_KEY]={
+static DES_cblock weak_keys[NUM_WEAK_KEY]={
 	/* weak keys */
 	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
 	{0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
@@ -127,19 +135,18 @@ static des_cblock weak_keys[NUM_WEAK_KEY]={
 	{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
 	{0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};
 
-int des_is_weak_key(key)
-des_cblock (*key);
+int DES_is_weak_key(const_DES_cblock *key)
 	{
 	int i;
 
 	for (i=0; i<NUM_WEAK_KEY; i++)
-		/* Added == 0 to comparision, I obviously don't run
+		/* Added == 0 to comparison, I obviously don't run
 		 * this section very often :-(, thanks to
 		 * engineering@MorningStar.Com for the fix
 		 * eay 93/06/29
 		 * Another problem, I was comparing only the first 4
 		 * bytes, 97/03/18 */
-		if (memcmp(weak_keys[i],key,sizeof(des_cblock)) == 0) return(1);
+		if (memcmp(weak_keys[i],key,sizeof(DES_cblock)) == 0) return(1);
 	return(0);
 	}
 
@@ -153,49 +160,199 @@ des_cblock (*key);
 #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
 	(a)=(a)^(t)^(t>>(16-(n))))
 
+static const DES_LONG des_skb[8][64]={
+	{
+	/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+	0x00000000L,0x00000010L,0x20000000L,0x20000010L,
+	0x00010000L,0x00010010L,0x20010000L,0x20010010L,
+	0x00000800L,0x00000810L,0x20000800L,0x20000810L,
+	0x00010800L,0x00010810L,0x20010800L,0x20010810L,
+	0x00000020L,0x00000030L,0x20000020L,0x20000030L,
+	0x00010020L,0x00010030L,0x20010020L,0x20010030L,
+	0x00000820L,0x00000830L,0x20000820L,0x20000830L,
+	0x00010820L,0x00010830L,0x20010820L,0x20010830L,
+	0x00080000L,0x00080010L,0x20080000L,0x20080010L,
+	0x00090000L,0x00090010L,0x20090000L,0x20090010L,
+	0x00080800L,0x00080810L,0x20080800L,0x20080810L,
+	0x00090800L,0x00090810L,0x20090800L,0x20090810L,
+	0x00080020L,0x00080030L,0x20080020L,0x20080030L,
+	0x00090020L,0x00090030L,0x20090020L,0x20090030L,
+	0x00080820L,0x00080830L,0x20080820L,0x20080830L,
+	0x00090820L,0x00090830L,0x20090820L,0x20090830L,
+	},{
+	/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
+	0x00000000L,0x02000000L,0x00002000L,0x02002000L,
+	0x00200000L,0x02200000L,0x00202000L,0x02202000L,
+	0x00000004L,0x02000004L,0x00002004L,0x02002004L,
+	0x00200004L,0x02200004L,0x00202004L,0x02202004L,
+	0x00000400L,0x02000400L,0x00002400L,0x02002400L,
+	0x00200400L,0x02200400L,0x00202400L,0x02202400L,
+	0x00000404L,0x02000404L,0x00002404L,0x02002404L,
+	0x00200404L,0x02200404L,0x00202404L,0x02202404L,
+	0x10000000L,0x12000000L,0x10002000L,0x12002000L,
+	0x10200000L,0x12200000L,0x10202000L,0x12202000L,
+	0x10000004L,0x12000004L,0x10002004L,0x12002004L,
+	0x10200004L,0x12200004L,0x10202004L,0x12202004L,
+	0x10000400L,0x12000400L,0x10002400L,0x12002400L,
+	0x10200400L,0x12200400L,0x10202400L,0x12202400L,
+	0x10000404L,0x12000404L,0x10002404L,0x12002404L,
+	0x10200404L,0x12200404L,0x10202404L,0x12202404L,
+	},{
+	/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
+	0x00000000L,0x00000001L,0x00040000L,0x00040001L,
+	0x01000000L,0x01000001L,0x01040000L,0x01040001L,
+	0x00000002L,0x00000003L,0x00040002L,0x00040003L,
+	0x01000002L,0x01000003L,0x01040002L,0x01040003L,
+	0x00000200L,0x00000201L,0x00040200L,0x00040201L,
+	0x01000200L,0x01000201L,0x01040200L,0x01040201L,
+	0x00000202L,0x00000203L,0x00040202L,0x00040203L,
+	0x01000202L,0x01000203L,0x01040202L,0x01040203L,
+	0x08000000L,0x08000001L,0x08040000L,0x08040001L,
+	0x09000000L,0x09000001L,0x09040000L,0x09040001L,
+	0x08000002L,0x08000003L,0x08040002L,0x08040003L,
+	0x09000002L,0x09000003L,0x09040002L,0x09040003L,
+	0x08000200L,0x08000201L,0x08040200L,0x08040201L,
+	0x09000200L,0x09000201L,0x09040200L,0x09040201L,
+	0x08000202L,0x08000203L,0x08040202L,0x08040203L,
+	0x09000202L,0x09000203L,0x09040202L,0x09040203L,
+	},{
+	/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
+	0x00000000L,0x00100000L,0x00000100L,0x00100100L,
+	0x00000008L,0x00100008L,0x00000108L,0x00100108L,
+	0x00001000L,0x00101000L,0x00001100L,0x00101100L,
+	0x00001008L,0x00101008L,0x00001108L,0x00101108L,
+	0x04000000L,0x04100000L,0x04000100L,0x04100100L,
+	0x04000008L,0x04100008L,0x04000108L,0x04100108L,
+	0x04001000L,0x04101000L,0x04001100L,0x04101100L,
+	0x04001008L,0x04101008L,0x04001108L,0x04101108L,
+	0x00020000L,0x00120000L,0x00020100L,0x00120100L,
+	0x00020008L,0x00120008L,0x00020108L,0x00120108L,
+	0x00021000L,0x00121000L,0x00021100L,0x00121100L,
+	0x00021008L,0x00121008L,0x00021108L,0x00121108L,
+	0x04020000L,0x04120000L,0x04020100L,0x04120100L,
+	0x04020008L,0x04120008L,0x04020108L,0x04120108L,
+	0x04021000L,0x04121000L,0x04021100L,0x04121100L,
+	0x04021008L,0x04121008L,0x04021108L,0x04121108L,
+	},{
+	/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+	0x00000000L,0x10000000L,0x00010000L,0x10010000L,
+	0x00000004L,0x10000004L,0x00010004L,0x10010004L,
+	0x20000000L,0x30000000L,0x20010000L,0x30010000L,
+	0x20000004L,0x30000004L,0x20010004L,0x30010004L,
+	0x00100000L,0x10100000L,0x00110000L,0x10110000L,
+	0x00100004L,0x10100004L,0x00110004L,0x10110004L,
+	0x20100000L,0x30100000L,0x20110000L,0x30110000L,
+	0x20100004L,0x30100004L,0x20110004L,0x30110004L,
+	0x00001000L,0x10001000L,0x00011000L,0x10011000L,
+	0x00001004L,0x10001004L,0x00011004L,0x10011004L,
+	0x20001000L,0x30001000L,0x20011000L,0x30011000L,
+	0x20001004L,0x30001004L,0x20011004L,0x30011004L,
+	0x00101000L,0x10101000L,0x00111000L,0x10111000L,
+	0x00101004L,0x10101004L,0x00111004L,0x10111004L,
+	0x20101000L,0x30101000L,0x20111000L,0x30111000L,
+	0x20101004L,0x30101004L,0x20111004L,0x30111004L,
+	},{
+	/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
+	0x00000000L,0x08000000L,0x00000008L,0x08000008L,
+	0x00000400L,0x08000400L,0x00000408L,0x08000408L,
+	0x00020000L,0x08020000L,0x00020008L,0x08020008L,
+	0x00020400L,0x08020400L,0x00020408L,0x08020408L,
+	0x00000001L,0x08000001L,0x00000009L,0x08000009L,
+	0x00000401L,0x08000401L,0x00000409L,0x08000409L,
+	0x00020001L,0x08020001L,0x00020009L,0x08020009L,
+	0x00020401L,0x08020401L,0x00020409L,0x08020409L,
+	0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
+	0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
+	0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
+	0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
+	0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
+	0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
+	0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
+	0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
+	},{
+	/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
+	0x00000000L,0x00000100L,0x00080000L,0x00080100L,
+	0x01000000L,0x01000100L,0x01080000L,0x01080100L,
+	0x00000010L,0x00000110L,0x00080010L,0x00080110L,
+	0x01000010L,0x01000110L,0x01080010L,0x01080110L,
+	0x00200000L,0x00200100L,0x00280000L,0x00280100L,
+	0x01200000L,0x01200100L,0x01280000L,0x01280100L,
+	0x00200010L,0x00200110L,0x00280010L,0x00280110L,
+	0x01200010L,0x01200110L,0x01280010L,0x01280110L,
+	0x00000200L,0x00000300L,0x00080200L,0x00080300L,
+	0x01000200L,0x01000300L,0x01080200L,0x01080300L,
+	0x00000210L,0x00000310L,0x00080210L,0x00080310L,
+	0x01000210L,0x01000310L,0x01080210L,0x01080310L,
+	0x00200200L,0x00200300L,0x00280200L,0x00280300L,
+	0x01200200L,0x01200300L,0x01280200L,0x01280300L,
+	0x00200210L,0x00200310L,0x00280210L,0x00280310L,
+	0x01200210L,0x01200310L,0x01280210L,0x01280310L,
+	},{
+	/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
+	0x00000000L,0x04000000L,0x00040000L,0x04040000L,
+	0x00000002L,0x04000002L,0x00040002L,0x04040002L,
+	0x00002000L,0x04002000L,0x00042000L,0x04042000L,
+	0x00002002L,0x04002002L,0x00042002L,0x04042002L,
+	0x00000020L,0x04000020L,0x00040020L,0x04040020L,
+	0x00000022L,0x04000022L,0x00040022L,0x04040022L,
+	0x00002020L,0x04002020L,0x00042020L,0x04042020L,
+	0x00002022L,0x04002022L,0x00042022L,0x04042022L,
+	0x00000800L,0x04000800L,0x00040800L,0x04040800L,
+	0x00000802L,0x04000802L,0x00040802L,0x04040802L,
+	0x00002800L,0x04002800L,0x00042800L,0x04042800L,
+	0x00002802L,0x04002802L,0x00042802L,0x04042802L,
+	0x00000820L,0x04000820L,0x00040820L,0x04040820L,
+	0x00000822L,0x04000822L,0x00040822L,0x04040822L,
+	0x00002820L,0x04002820L,0x00042820L,0x04042820L,
+	0x00002822L,0x04002822L,0x00042822L,0x04042822L,
+	}};
+
+int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
+	{
+	if (DES_check_key)
+		{
+		return DES_set_key_checked(key, schedule);
+		}
+	else
+		{
+		DES_set_key_unchecked(key, schedule);
+		return 0;
+		}
+	}
+
 /* return 0 if key parity is odd (correct),
  * return -1 if key parity error,
  * return -2 if illegal weak key.
  */
-int des_set_key(key, schedule)
-des_cblock (*key);
-des_key_schedule schedule;
+int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
+	{
+	if (!DES_check_key_parity(key))
+		return(-1);
+	if (DES_is_weak_key(key))
+		return(-2);
+	DES_set_key_unchecked(key, schedule);
+	return 0;
+	}
+
+void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
 	{
 	static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
 	register DES_LONG c,d,t,s,t2;
-	register unsigned char *in;
+	register const unsigned char *in;
 	register DES_LONG *k;
 	register int i;
 
-	if (des_check_key)
-		{
-		if (!check_parity(key))
-			return(-1);
-
-		if (des_is_weak_key(key))
-			return(-2);
-		}
-
-	k=(DES_LONG *)schedule;
-	in=(unsigned char *)key;
+#ifdef OPENBSD_DEV_CRYPTO
+	memcpy(schedule->key,key,sizeof schedule->key);
+	schedule->session=NULL;
+#endif
+	k = &schedule->ks->deslong[0];
+	in = &(*key)[0];
 
 	c2l(in,c);
 	c2l(in,d);
 
-	/* do PC1 in 60 simple operations */ 
-/*	PERM_OP(d,c,t,4,0x0f0f0f0fL);
-	HPERM_OP(c,t,-2, 0xcccc0000L);
-	HPERM_OP(c,t,-1, 0xaaaa0000L);
-	HPERM_OP(c,t, 8, 0x00ff0000L);
-	HPERM_OP(c,t,-1, 0xaaaa0000L);
-	HPERM_OP(d,t,-8, 0xff000000L);
-	HPERM_OP(d,t, 8, 0x00ff0000L);
-	HPERM_OP(d,t, 2, 0x33330000L);
-	d=((d&0x00aa00aaL)<<7L)|((d&0x55005500L)>>7L)|(d&0xaa55aa55L);
-	d=(d>>8)|((c&0xf0000000L)>>4);
-	c&=0x0fffffffL; */
-
-	/* I now do it in 47 simple operations :-)
+	/* do PC1 in 47 simple operations :-)
 	 * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
 	 * for the inspiration. :-) */
 	PERM_OP (d,c,t,4,0x0f0f0f0fL);
@@ -219,9 +376,9 @@ des_key_schedule schedule;
 		/* could be a few less shifts but I am to lazy at this
 		 * point in time to investigate */
 		s=	des_skb[0][ (c    )&0x3f                ]|
-			des_skb[1][((c>> 6)&0x03)|((c>> 7L)&0x3c)]|
-			des_skb[2][((c>>13)&0x0f)|((c>>14L)&0x30)]|
-			des_skb[3][((c>>20)&0x01)|((c>>21L)&0x06) |
+			des_skb[1][((c>> 6L)&0x03)|((c>> 7L)&0x3c)]|
+			des_skb[2][((c>>13L)&0x0f)|((c>>14L)&0x30)]|
+			des_skb[3][((c>>20L)&0x01)|((c>>21L)&0x06) |
 						  ((c>>22L)&0x38)];
 		t=	des_skb[4][ (d    )&0x3f                ]|
 			des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]|
@@ -235,12 +392,16 @@ des_key_schedule schedule;
 		t2=((s>>16L)|(t&0xffff0000L));
 		*(k++)=ROTATE(t2,26)&0xffffffffL;
 		}
-	return(0);
 	}
 
-int des_key_sched(key, schedule)
-des_cblock (*key);
-des_key_schedule schedule;
+int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)
+	{
+	return(DES_set_key(key,schedule));
+	}
+/*
+#undef des_fixup_key_parity
+void des_fixup_key_parity(des_cblock *key)
 	{
-	return(des_set_key(key,schedule));
+	des_set_odd_parity(key);
 	}
+*/
diff --git a/crypto/des/shifts.pl b/crypto/des/shifts.pl
deleted file mode 100644
index ba686d8ef5..0000000000
--- a/crypto/des/shifts.pl
+++ /dev/null
@@ -1,198 +0,0 @@
-#!/usr/local/bin/perl
-
-sub lab_shift
-	{
-	local(*a,$n)=@_;
-	local(@r,$i,$j,$k,$d,@z);
-
-	@r=&shift(*a,$n);
-	foreach $i (0 .. 31)
-		{
-		@z=split(/\^/,$r[$i]);
-		for ($j=0; $j <= $#z; $j++)
-			{
-			($d)=($z[$j] =~ /^(..)/);
-			($k)=($z[$j] =~ /\[(.*)\]$/);
-			$k.=",$n" if ($k ne "");
-			$k="$n"	  if ($k eq "");
-			$d="$d[$k]";
-			$z[$j]=$d;
-			}
-		$r[$i]=join('^',@z);
-		}
-	return(@r);
-	}
-
-sub shift
-	{
-	local(*a,$n)=@_;
-	local(@f);
-
-	if ($n > 0)
-		{
-		@f=&shiftl(*a,$n);
-		}
-	else
-		{
-		@f=&shiftr(*a,-$n);
-		}
-	return(@f);
-	}
-
-sub rotate
-	{
-	local(*a,$n)=@_;
-	local(@f);
-
-	if ($n > 0)
-		{ @f=&rotatel(*a,$n); }
-	else
-		{ @f=&rotater(*a,-$n); }
-	return(@f);
-	}
-
-sub rotater
-	{
-	local(*a,$n)=@_;
-	local(@f,@g);
-
-	@f=&shiftr(*a,$n);
-	@g=&shiftl(*a,32-$n);
-	$#f=31;
-	$#g=31;
-	return(&or(*f,*g));
-	}
-
-sub rotatel
-	{
-	local(*a,$n)=@_;
-	local(@f,@g);
-
-	@f=&shiftl(*a,$n);
-	@g=&shiftr(*a,32-$n);
-	$#f=31;
-	$#g=31;
-	return(&or(*f,*g));
-	}
-
-sub shiftr
-	{
-	local(*a,$n)=@_;
-	local(@r,$i);
-
-	$#r=31;
-	foreach $i (0 .. 31)
-		{
-		if (($i+$n) > 31)
-			{
-			$r[$i]="--";
-			}
-		else
-			{
-			$r[$i]=$a[$i+$n];
-			}
-		}
-	return(@r);
-	}
-
-sub shiftl
-	{
-	local(*a,$n)=@_;
-	local(@r,$i);
-
-	$#r=31;
-	foreach $i (0 .. 31)
-		{
-		if ($i < $n)
-			{
-			$r[$i]="--";
-			}
-		else
-			{
-			$r[$i]=$a[$i-$n];
-			}
-		}
-	return(@r);
-	}
-
-sub printit
-	{
-	local(@a)=@_;
-	local($i);
-
-	foreach $i (0 .. 31)
-		{
-		printf "%2s  ",$a[$i];
-		print "\n" if (($i%8) == 7);
-		}
-	print "\n";
-	}
-
-sub xor
-	{
-	local(*a,*b)=@_;
-	local(@r,$i);
-
-	$#r=31;
-	foreach $i (0 .. 31)
-		{
-		$r[$i]=&compress($a[$i].'^'.$b[$i]);
-#		$r[$i]=$a[$i]."^".$b[$i];
-		}
-	return(@r);
-	}
-
-sub and
-	{
-	local(*a,$m)=@_;
-	local(@r,$i);
-
-	$#r=31;
-	foreach $i (0 .. 31)
-		{
-		$r[$i]=(($m & (1<<$i))?($a[$i]):('--'));
-		}
-	return(@r);
-	}
-
-sub or
-	{
-	local(*a,*b)=@_;
-	local(@r,$i);
-
-	$#r=31;
-	foreach $i (0 .. 31)
-		{
-		$r[$i]='--'   if (($a[$i] eq '--') && ($b[$i] eq '--'));
-		$r[$i]=$a[$i] if (($a[$i] ne '--') && ($b[$i] eq '--'));
-		$r[$i]=$b[$i] if (($a[$i] eq '--') && ($b[$i] ne '--'));
-		$r[$i]='++'   if (($a[$i] ne '--') && ($b[$i] ne '--'));
-		}
-	return(@r);
-	}
-
-sub compress
-	{
-	local($s)=@_;
-	local($_,$i,@a,%a,$r);
-
-	$s =~ s/\^\^/\^/g;
-	$s =~ s/^\^//;
-	$s =~ s/\^$//;
-	@a=split(/\^/,$s);
-
-	while ($#a >= 0)
-		{
-		$_=shift(@a);
-		next unless /\d/;
-		$a{$_}++;
-		}
-	foreach $i (sort keys %a)
-		{
-		next if ($a{$i}%2 == 0);
-		$r.="$i^";
-		}
-	chop($r);
-	return($r);
-	}
-1;
diff --git a/crypto/des/sk.h b/crypto/des/sk.h
deleted file mode 100644
index f2ade88c7c..0000000000
--- a/crypto/des/sk.h
+++ /dev/null
@@ -1,204 +0,0 @@
-/* crypto/des/sk.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-static const DES_LONG des_skb[8][64]={
-{
-/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
-0x00000000L,0x00000010L,0x20000000L,0x20000010L,
-0x00010000L,0x00010010L,0x20010000L,0x20010010L,
-0x00000800L,0x00000810L,0x20000800L,0x20000810L,
-0x00010800L,0x00010810L,0x20010800L,0x20010810L,
-0x00000020L,0x00000030L,0x20000020L,0x20000030L,
-0x00010020L,0x00010030L,0x20010020L,0x20010030L,
-0x00000820L,0x00000830L,0x20000820L,0x20000830L,
-0x00010820L,0x00010830L,0x20010820L,0x20010830L,
-0x00080000L,0x00080010L,0x20080000L,0x20080010L,
-0x00090000L,0x00090010L,0x20090000L,0x20090010L,
-0x00080800L,0x00080810L,0x20080800L,0x20080810L,
-0x00090800L,0x00090810L,0x20090800L,0x20090810L,
-0x00080020L,0x00080030L,0x20080020L,0x20080030L,
-0x00090020L,0x00090030L,0x20090020L,0x20090030L,
-0x00080820L,0x00080830L,0x20080820L,0x20080830L,
-0x00090820L,0x00090830L,0x20090820L,0x20090830L,
-},{
-/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
-0x00000000L,0x02000000L,0x00002000L,0x02002000L,
-0x00200000L,0x02200000L,0x00202000L,0x02202000L,
-0x00000004L,0x02000004L,0x00002004L,0x02002004L,
-0x00200004L,0x02200004L,0x00202004L,0x02202004L,
-0x00000400L,0x02000400L,0x00002400L,0x02002400L,
-0x00200400L,0x02200400L,0x00202400L,0x02202400L,
-0x00000404L,0x02000404L,0x00002404L,0x02002404L,
-0x00200404L,0x02200404L,0x00202404L,0x02202404L,
-0x10000000L,0x12000000L,0x10002000L,0x12002000L,
-0x10200000L,0x12200000L,0x10202000L,0x12202000L,
-0x10000004L,0x12000004L,0x10002004L,0x12002004L,
-0x10200004L,0x12200004L,0x10202004L,0x12202004L,
-0x10000400L,0x12000400L,0x10002400L,0x12002400L,
-0x10200400L,0x12200400L,0x10202400L,0x12202400L,
-0x10000404L,0x12000404L,0x10002404L,0x12002404L,
-0x10200404L,0x12200404L,0x10202404L,0x12202404L,
-},{
-/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
-0x00000000L,0x00000001L,0x00040000L,0x00040001L,
-0x01000000L,0x01000001L,0x01040000L,0x01040001L,
-0x00000002L,0x00000003L,0x00040002L,0x00040003L,
-0x01000002L,0x01000003L,0x01040002L,0x01040003L,
-0x00000200L,0x00000201L,0x00040200L,0x00040201L,
-0x01000200L,0x01000201L,0x01040200L,0x01040201L,
-0x00000202L,0x00000203L,0x00040202L,0x00040203L,
-0x01000202L,0x01000203L,0x01040202L,0x01040203L,
-0x08000000L,0x08000001L,0x08040000L,0x08040001L,
-0x09000000L,0x09000001L,0x09040000L,0x09040001L,
-0x08000002L,0x08000003L,0x08040002L,0x08040003L,
-0x09000002L,0x09000003L,0x09040002L,0x09040003L,
-0x08000200L,0x08000201L,0x08040200L,0x08040201L,
-0x09000200L,0x09000201L,0x09040200L,0x09040201L,
-0x08000202L,0x08000203L,0x08040202L,0x08040203L,
-0x09000202L,0x09000203L,0x09040202L,0x09040203L,
-},{
-/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
-0x00000000L,0x00100000L,0x00000100L,0x00100100L,
-0x00000008L,0x00100008L,0x00000108L,0x00100108L,
-0x00001000L,0x00101000L,0x00001100L,0x00101100L,
-0x00001008L,0x00101008L,0x00001108L,0x00101108L,
-0x04000000L,0x04100000L,0x04000100L,0x04100100L,
-0x04000008L,0x04100008L,0x04000108L,0x04100108L,
-0x04001000L,0x04101000L,0x04001100L,0x04101100L,
-0x04001008L,0x04101008L,0x04001108L,0x04101108L,
-0x00020000L,0x00120000L,0x00020100L,0x00120100L,
-0x00020008L,0x00120008L,0x00020108L,0x00120108L,
-0x00021000L,0x00121000L,0x00021100L,0x00121100L,
-0x00021008L,0x00121008L,0x00021108L,0x00121108L,
-0x04020000L,0x04120000L,0x04020100L,0x04120100L,
-0x04020008L,0x04120008L,0x04020108L,0x04120108L,
-0x04021000L,0x04121000L,0x04021100L,0x04121100L,
-0x04021008L,0x04121008L,0x04021108L,0x04121108L,
-},{
-/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
-0x00000000L,0x10000000L,0x00010000L,0x10010000L,
-0x00000004L,0x10000004L,0x00010004L,0x10010004L,
-0x20000000L,0x30000000L,0x20010000L,0x30010000L,
-0x20000004L,0x30000004L,0x20010004L,0x30010004L,
-0x00100000L,0x10100000L,0x00110000L,0x10110000L,
-0x00100004L,0x10100004L,0x00110004L,0x10110004L,
-0x20100000L,0x30100000L,0x20110000L,0x30110000L,
-0x20100004L,0x30100004L,0x20110004L,0x30110004L,
-0x00001000L,0x10001000L,0x00011000L,0x10011000L,
-0x00001004L,0x10001004L,0x00011004L,0x10011004L,
-0x20001000L,0x30001000L,0x20011000L,0x30011000L,
-0x20001004L,0x30001004L,0x20011004L,0x30011004L,
-0x00101000L,0x10101000L,0x00111000L,0x10111000L,
-0x00101004L,0x10101004L,0x00111004L,0x10111004L,
-0x20101000L,0x30101000L,0x20111000L,0x30111000L,
-0x20101004L,0x30101004L,0x20111004L,0x30111004L,
-},{
-/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
-0x00000000L,0x08000000L,0x00000008L,0x08000008L,
-0x00000400L,0x08000400L,0x00000408L,0x08000408L,
-0x00020000L,0x08020000L,0x00020008L,0x08020008L,
-0x00020400L,0x08020400L,0x00020408L,0x08020408L,
-0x00000001L,0x08000001L,0x00000009L,0x08000009L,
-0x00000401L,0x08000401L,0x00000409L,0x08000409L,
-0x00020001L,0x08020001L,0x00020009L,0x08020009L,
-0x00020401L,0x08020401L,0x00020409L,0x08020409L,
-0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
-0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
-0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
-0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
-0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
-0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
-0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
-0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
-},{
-/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
-0x00000000L,0x00000100L,0x00080000L,0x00080100L,
-0x01000000L,0x01000100L,0x01080000L,0x01080100L,
-0x00000010L,0x00000110L,0x00080010L,0x00080110L,
-0x01000010L,0x01000110L,0x01080010L,0x01080110L,
-0x00200000L,0x00200100L,0x00280000L,0x00280100L,
-0x01200000L,0x01200100L,0x01280000L,0x01280100L,
-0x00200010L,0x00200110L,0x00280010L,0x00280110L,
-0x01200010L,0x01200110L,0x01280010L,0x01280110L,
-0x00000200L,0x00000300L,0x00080200L,0x00080300L,
-0x01000200L,0x01000300L,0x01080200L,0x01080300L,
-0x00000210L,0x00000310L,0x00080210L,0x00080310L,
-0x01000210L,0x01000310L,0x01080210L,0x01080310L,
-0x00200200L,0x00200300L,0x00280200L,0x00280300L,
-0x01200200L,0x01200300L,0x01280200L,0x01280300L,
-0x00200210L,0x00200310L,0x00280210L,0x00280310L,
-0x01200210L,0x01200310L,0x01280210L,0x01280310L,
-},{
-/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
-0x00000000L,0x04000000L,0x00040000L,0x04040000L,
-0x00000002L,0x04000002L,0x00040002L,0x04040002L,
-0x00002000L,0x04002000L,0x00042000L,0x04042000L,
-0x00002002L,0x04002002L,0x00042002L,0x04042002L,
-0x00000020L,0x04000020L,0x00040020L,0x04040020L,
-0x00000022L,0x04000022L,0x00040022L,0x04040022L,
-0x00002020L,0x04002020L,0x00042020L,0x04042020L,
-0x00002022L,0x04002022L,0x00042022L,0x04042022L,
-0x00000800L,0x04000800L,0x00040800L,0x04040800L,
-0x00000802L,0x04000802L,0x00040802L,0x04040802L,
-0x00002800L,0x04002800L,0x00042800L,0x04042800L,
-0x00002802L,0x04002802L,0x00042802L,0x04042802L,
-0x00000820L,0x04000820L,0x00040820L,0x04040820L,
-0x00000822L,0x04000822L,0x00040822L,0x04040822L,
-0x00002820L,0x04002820L,0x00042820L,0x04042820L,
-0x00002822L,0x04002822L,0x00042822L,0x04042822L,
-}};
diff --git a/crypto/des/speed.c b/crypto/des/speed.c
index bac078e054..48fc1d49fc 100644
--- a/crypto/des/speed.c
+++ b/crypto/des/speed.c
@@ -59,19 +59,17 @@
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
 
-#ifndef MSDOS
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
 #define TIMES
 #endif
 
 #include <stdio.h>
-#ifndef MSDOS
-#include <unistd.h>
-#else
-#include <io.h>
-extern int exit();
-#endif
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
 #include <signal.h>
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -79,15 +77,15 @@ extern int exit();
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
@@ -98,17 +96,13 @@ struct tms {
 #include <sys/param.h>
 #endif
 
-#include "des.h"
+#include <openssl/des.h>
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
 # ifndef CLK_TCK
 #  ifndef _BSD_CLK_TCK_ /* FreeBSD fix */
-#   ifndef VMS
-#    define HZ	100.0
-#   else /* VMS */
-#    define HZ	100.0
-#   endif
+#   define HZ	100.0
 #  else /* _BSD_CLK_TCK_ */
 #   define HZ ((double)_BSD_CLK_TCK_)
 #  endif
@@ -120,12 +114,7 @@ struct tms {
 #define BUFSIZE	((long)1024)
 long run=0;
 
-#ifndef NOPROTO
 double Time_F(int s);
-#else
-double Time_F();
-#endif
-
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
 #define SIGRETTYPE void
@@ -133,14 +122,8 @@ double Time_F();
 #define SIGRETTYPE int
 #endif
 
-#ifndef NOPROTO
 SIGRETTYPE sig_done(int sig);
-#else
-SIGRETTYPE sig_done();
-#endif
-
-SIGRETTYPE sig_done(sig)
-int sig;
+SIGRETTYPE sig_done(int sig)
 	{
 	signal(SIGALRM,sig_done);
 	run=0;
@@ -153,8 +136,7 @@ int sig;
 #define START	0
 #define STOP	1
 
-double Time_F(s)
-int s;
+double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -190,32 +172,30 @@ int s;
 #endif
 	}
 
-int main(argc,argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	long count;
 	static unsigned char buf[BUFSIZE];
-	static des_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
-	static des_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
-	static des_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
-	des_key_schedule sch,sch2,sch3;
+	static DES_cblock key ={0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0};
+	static DES_cblock key2={0x34,0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12};
+	static DES_cblock key3={0x56,0x78,0x9a,0xbc,0xde,0xf0,0x12,0x34};
+	DES_key_schedule sch,sch2,sch3;
 	double a,b,c,d,e;
 #ifndef SIGALRM
 	long ca,cb,cc,cd,ce;
 #endif
 
 #ifndef TIMES
-	printf("To get the most acurate results, try to run this\n");
+	printf("To get the most accurate results, try to run this\n");
 	printf("program when this computer is idle.\n");
 #endif
 
-	des_set_key((C_Block *)key2,sch2);
-	des_set_key((C_Block *)key3,sch3);
+	DES_set_key_unchecked(&key2,&sch2);
+	DES_set_key_unchecked(&key3,&sch3);
 
 #ifndef SIGALRM
 	printf("First we calculate the approximate speed ...\n");
-	des_set_key((C_Block *)key,sch);
+	DES_set_key_unchecked(&key,&sch);
 	count=10;
 	do	{
 		long i;
@@ -224,7 +204,7 @@ char **argv;
 		count*=2;
 		Time_F(START);
 		for (i=count; i; i--)
-			des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+			DES_encrypt1(data,&sch,DES_ENCRYPT);
 		d=Time_F(STOP);
 		} while (d < 3.0);
 	ca=count;
@@ -245,63 +225,63 @@ char **argv;
 
 	Time_F(START);
 	for (count=0,run=1; COND(ca); count++)
-		des_set_key((C_Block *)key,sch);
+		DES_set_key_unchecked(&key,&sch);
 	d=Time_F(STOP);
 	printf("%ld set_key's in %.2f seconds\n",count,d);
 	a=((double)COUNT(ca))/d;
 
 #ifdef SIGALRM
-	printf("Doing des_encrypt's for 10 seconds\n");
+	printf("Doing DES_encrypt's for 10 seconds\n");
 	alarm(10);
 #else
-	printf("Doing des_encrypt %ld times\n",cb);
+	printf("Doing DES_encrypt %ld times\n",cb);
 #endif
 	Time_F(START);
 	for (count=0,run=1; COND(cb); count++)
 		{
 		DES_LONG data[2];
 
-		des_encrypt(data,&(sch[0]),DES_ENCRYPT);
+		DES_encrypt1(data,&sch,DES_ENCRYPT);
 		}
 	d=Time_F(STOP);
-	printf("%ld des_encrypt's in %.2f second\n",count,d);
+	printf("%ld DES_encrypt's in %.2f second\n",count,d);
 	b=((double)COUNT(cb)*8)/d;
 
 #ifdef SIGALRM
-	printf("Doing des_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+	printf("Doing DES_cbc_encrypt on %ld byte blocks for 10 seconds\n",
 		BUFSIZE);
 	alarm(10);
 #else
-	printf("Doing des_cbc_encrypt %ld times on %ld byte blocks\n",cc,
+	printf("Doing DES_cbc_encrypt %ld times on %ld byte blocks\n",cc,
 		BUFSIZE);
 #endif
 	Time_F(START);
 	for (count=0,run=1; COND(cc); count++)
-		des_ncbc_encrypt((C_Block *)buf,(C_Block *)buf,BUFSIZE,&(sch[0]),
-			(C_Block *)&(key[0]),DES_ENCRYPT);
+		DES_ncbc_encrypt(buf,buf,BUFSIZE,&sch,
+			&key,DES_ENCRYPT);
 	d=Time_F(STOP);
-	printf("%ld des_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+	printf("%ld DES_cbc_encrypt's of %ld byte blocks in %.2f second\n",
 		count,BUFSIZE,d);
 	c=((double)COUNT(cc)*BUFSIZE)/d;
 
 #ifdef SIGALRM
-	printf("Doing des_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n",
+	printf("Doing DES_ede_cbc_encrypt on %ld byte blocks for 10 seconds\n",
 		BUFSIZE);
 	alarm(10);
 #else
-	printf("Doing des_ede_cbc_encrypt %ld times on %ld byte blocks\n",cd,
+	printf("Doing DES_ede_cbc_encrypt %ld times on %ld byte blocks\n",cd,
 		BUFSIZE);
 #endif
 	Time_F(START);
 	for (count=0,run=1; COND(cd); count++)
-		des_ede3_cbc_encrypt((C_Block *)buf,(C_Block *)buf,BUFSIZE,
-			&(sch[0]),
-			&(sch2[0]),
-			&(sch3[0]),
-			(C_Block *)&(key[0]),
+		DES_ede3_cbc_encrypt(buf,buf,BUFSIZE,
+			&sch,
+			&sch2,
+			&sch3,
+			&key,
 			DES_ENCRYPT);
 	d=Time_F(STOP);
-	printf("%ld des_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n",
+	printf("%ld DES_ede_cbc_encrypt's of %ld byte blocks in %.2f second\n",
 		count,BUFSIZE,d);
 	d=((double)COUNT(cd)*BUFSIZE)/d;
 
@@ -324,7 +304,7 @@ char **argv;
 	printf("DES ede cbc bytes  per sec = %12.2f (%9.3fuS)\n",d,8.0e6/d);
 	printf("crypt              per sec = %12.2f (%9.3fuS)\n",e,1.0e6/e);
 	exit(0);
-#if defined(LINT) || defined(MSDOS)
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
 	return(0);
 #endif
 	}
diff --git a/crypto/des/spr.h b/crypto/des/spr.h
index 81813f9f7a..b91936a5a5 100644
--- a/crypto/des/spr.h
+++ b/crypto/des/spr.h
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-const DES_LONG des_SPtrans[8][64]={
+OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64]={
 {
 /* nibble 0 */
 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
diff --git a/crypto/des/str2key.c b/crypto/des/str2key.c
index 3365c1bcf3..0373db469c 100644
--- a/crypto/des/str2key.c
+++ b/crypto/des/str2key.c
@@ -58,13 +58,9 @@
 
 #include "des_locl.h"
 
-extern int des_check_key;
-
-void des_string_to_key(str, key)
-char *str;
-des_cblock (*key);
+void DES_string_to_key(const char *str, DES_cblock *key)
 	{
-	des_key_schedule ks;
+	DES_key_schedule ks;
 	int i,length;
 	register unsigned char j;
 
@@ -89,23 +85,22 @@ des_cblock (*key);
 			}
 		}
 #endif
-	des_set_odd_parity((des_cblock *)key);
-	i=des_check_key;
-	des_check_key=0;
-	des_set_key((des_cblock *)key,ks);
-	des_check_key=i;
-	des_cbc_cksum((des_cblock *)str,(des_cblock *)key,(long)length,ks,
-		(des_cblock *)key);
-	memset(ks,0,sizeof(ks));
-	des_set_odd_parity((des_cblock *)key);
+	DES_set_odd_parity(key);
+#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
+	if(DES_is_weak_key(key))
+	    (*key)[7] ^= 0xF0;
+	DES_set_key(key,&ks);
+#else
+	DES_set_key_unchecked(key,&ks);
+#endif
+	DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key);
+	OPENSSL_cleanse(&ks,sizeof(ks));
+	DES_set_odd_parity(key);
 	}
 
-void des_string_to_2keys(str, key1, key2)
-char *str;
-des_cblock (*key1);
-des_cblock (*key2);
+void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
 	{
-	des_key_schedule ks;
+	DES_key_schedule ks;
 	int i,length;
 	register unsigned char j;
 
@@ -154,18 +149,25 @@ des_cblock (*key2);
 		}
 	if (length <= 8) memcpy(key2,key1,8);
 #endif
-	des_set_odd_parity((des_cblock *)key1);
-	des_set_odd_parity((des_cblock *)key2);
-	i=des_check_key;
-	des_check_key=0;
-	des_set_key((des_cblock *)key1,ks);
-	des_cbc_cksum((des_cblock *)str,(des_cblock *)key1,(long)length,ks,
-		(des_cblock *)key1);
-	des_set_key((des_cblock *)key2,ks);
-	des_cbc_cksum((des_cblock *)str,(des_cblock *)key2,(long)length,ks,
-		(des_cblock *)key2);
-	des_check_key=i;
-	memset(ks,0,sizeof(ks));
-	des_set_odd_parity(key1);
-	des_set_odd_parity(key2);
+	DES_set_odd_parity(key1);
+	DES_set_odd_parity(key2);
+#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
+	if(DES_is_weak_key(key1))
+	    (*key1)[7] ^= 0xF0;
+	DES_set_key(key1,&ks);
+#else
+	DES_set_key_unchecked(key1,&ks);
+#endif
+	DES_cbc_cksum((const unsigned char*)str,key1,length,&ks,key1);
+#ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
+	if(DES_is_weak_key(key2))
+	    (*key2)[7] ^= 0xF0;
+	DES_set_key(key2,&ks);
+#else
+	DES_set_key_unchecked(key2,&ks);
+#endif
+	DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2);
+	OPENSSL_cleanse(&ks,sizeof(ks));
+	DES_set_odd_parity(key1);
+	DES_set_odd_parity(key2);
 	}
diff --git a/crypto/des/testdes.pl b/crypto/des/testdes.pl
deleted file mode 100644
index 01a165a963..0000000000
--- a/crypto/des/testdes.pl
+++ /dev/null
@@ -1,167 +0,0 @@
-#!/usr/local/bin/perl
-
-# des.pl tesing code
-
-require 'des.pl';
-
-$num_tests=34;
-@key_data=(
-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
-	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
-	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
-	0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57,
-	0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E,
-	0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86,
-	0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
-	0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
-	0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE,
-	0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6,
-	0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE,
-	0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16,
-	0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F,
-	0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46,
-	0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E,
-	0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76,
-	0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07,
-	0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F,
-	0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7,
-	0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF,
-	0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6,
-	0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF,
-	0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
-	0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E,
-	0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE,
-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
-	0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
-	);
-
-@plain_data=(
-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
-	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
-	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
-	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
-	0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42,
-	0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA,
-	0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72,
-	0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A,
-	0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2,
-	0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A,
-	0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2,
-	0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A,
-	0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02,
-	0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A,
-	0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32,
-	0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA,
-	0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62,
-	0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2,
-	0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA,
-	0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92,
-	0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A,
-	0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2,
-	0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A,
-	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
-	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
-	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF);
-
-@cipher_data=(
-	0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7,
-	0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58,
-	0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B,
-	0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33,
-	0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D,
-	0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD,
-	0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7,
-	0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4,
-	0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B,
-	0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71,
-	0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A,
-	0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A,
-	0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95,
-	0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B,
-	0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09,
-	0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A,
-	0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F,
-	0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88,
-	0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77,
-	0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A,
-	0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56,
-	0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56,
-	0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56,
-	0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC,
-	0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A,
-	0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41,
-	0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93,
-	0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00,
-	0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06,
-	0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7,
-	0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51,
-	0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE,
-	0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D,
-	0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2);
-
-print "Doing ecb tests\n";
-for ($i=0; $i<$num_tests; $i++)
-	{
-	printf "Doing test $i\n";
-	$key =pack("C8",splice(@key_data   ,0,8));
-	$data=pack("C8",splice(@plain_data ,0,8));
-	$res =pack("C8",splice(@cipher_data,0,8));
-
-	@ks=  &des_set_key($key);
-	$out1= &des_ecb_encrypt(*ks,1,$data);
-	$out2= &des_ecb_encrypt(*ks,0,$out1);
-	$out3= &des_ecb_encrypt(*ks,0,$res);
-	&eprint("encryption failure",$res,$out1)
-		if ($out1 ne $res);
-	&eprint("encryption/decryption failure",$data,$out2)
-		if ($out2 ne $data);
-	&eprint("decryption failure",$data,$out3)
-		if ($data ne $out3);
-	}
-print "Done\n";
-
-print "doing speed test over 30 seconds\n";
-$SIG{'ALRM'}='done';
-sub done {$done=1;}
-$done=0;
-
-$count=0;
-$d=pack("C8",0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef);
-@ks=  &des_set_key($d);
-alarm(30);
-$start=(times)[0];
-while (!$done)
-	{
-	$count++;
-	$d=&des_ecb_encrypt(*ks,1,$d);
-	}
-$end=(times)[0];
-$t=$end-$start;
-printf "$count DESs in %.2f seconds is %.2f DESs/sec or %.2f bytes/sec\n",
-	1.0*$t,1.0*$count/$t,$count*8.0/$t;
-
-sub eprint
-	{
-	local($s,$c,$e)=@_;
-	local(@k);
-
-	@k=unpack("C8",$c);
-	printf "%02x%02x%02x%02x %02x%02x%02x%02x - ",unpack("C8",$c);
-	printf "%02x%02x%02x%02x %02x%02x%02x%02x :",unpack("C8",$e);
-	print " $s\n";
-	}
diff --git a/crypto/des/vms.com b/crypto/des/vms.com
deleted file mode 100755
index 62ca1fbda4..0000000000
--- a/crypto/des/vms.com
+++ /dev/null
@@ -1,90 +0,0 @@
-$! --- VMS.com ---
-$!
-$ GoSub defines
-$ GoSub linker_options
-$ If (P1 .nes. "")
-$ Then 
-$   GoSub 'P1'
-$ Else
-$   GoSub lib
-$   GoSub destest
-$   GoSub rpw
-$   GoSub speed
-$   GoSub des
-$ EndIF
-$!
-$ Exit
-$!
-$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-$!
-$DEFINES:
-$ OPT_FILE := "VAX_LINKER_OPTIONS.OPT"
-$!
-$ CC_OPTS := "/NODebug/OPTimize/NOWarn"
-$!
-$ LINK_OPTS := "/NODebug/NOTraceback/Contiguous"
-$!
-$ OBJS  = "cbc_cksm.obj,cbc_enc.obj,ecb_enc.obj,pcbc_enc.obj," + -
-          "qud_cksm.obj,rand_key.obj,read_pwd.obj,set_key.obj,"      + -
-          "str2key.obj,enc_read.obj,enc_writ.obj,fcrypt.obj,"           + -
-	  "cfb_enc.obj,ecb3_enc.obj,ofb_enc.obj"
-	   
-	   
-$!
-$ LIBDES = "cbc_cksm.c,cbc_enc.c,ecb_enc.c,enc_read.c,"           + -
-           "enc_writ.c,pcbc_enc.c,qud_cksm.c,rand_key.c,"         + -
-           "read_pwd.c,set_key.c,str2key.c,fcrypt.c,"                + -
-	   "cfb_enc.c,ecb3_enc.c,ofb_enc.c"
-$ Return
-$!
-$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-$!
-$LINKER_OPTIONS:
-$ If (f$search(OPT_FILE) .eqs. "")
-$ Then
-$   Create 'OPT_FILE'
-$DECK
-! Default system options file to link against the sharable C runtime library
-!
-Sys$Share:VAXcRTL.exe/Share
-$EOD
-$ EndIF
-$ Return
-$!
-$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-$!
-$LIB:
-$ CC 'CC_OPTS' 'LIBDES'
-$ If (f$search("LIBDES.OLB") .nes. "")
-$ Then Library /Object /Replace libdes 'OBJS'
-$ Else Library /Create /Object  libdes 'OBJS'
-$ EndIF
-$ Return
-$!
-$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-$!
-$DESTEST:
-$ CC 'CC_OPTS' destest
-$ Link 'link_opts' /Exec=destest destest.obj,libdes/LIBRARY,'opt_file'/Option
-$ Return
-$!
-$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-$!
-$RPW:
-$ CC 'CC_OPTS' rpw
-$ Link 'link_opts' /Exec=rpw  rpw.obj,libdes/LIBRARY,'opt_file'/Option
-$ Return
-$!
-$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-$!
-$SPEED:
-$ CC 'CC_OPTS' speed
-$ Link 'link_opts' /Exec=speed speed.obj,libdes/LIBRARY,'opt_file'/Option
-$ Return
-$!
-$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-$!
-$DES:
-$ CC 'CC_OPTS' des
-$ Link 'link_opts' /Exec=des des.obj,libdes/LIBRARY,'opt_file'/Option
-$ Return
diff --git a/crypto/des/xcbc_enc.c b/crypto/des/xcbc_enc.c
index 031589bf50..47246eb466 100644
--- a/crypto/des/xcbc_enc.c
+++ b/crypto/des/xcbc_enc.c
@@ -79,18 +79,14 @@ static unsigned char desx_white_in2out[256]={
 0xA7,0x1C,0xC9,0x09,0x69,0x9A,0x83,0xCF,0x29,0x39,0xB9,0xE9,0x4C,0xFF,0x43,0xAB,
 	};
 
-void des_xwhite_in2out(des_key,in_white,out_white)
-des_cblock (*des_key);
-des_cblock (*in_white);
-des_cblock (*out_white);
+void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white,
+	     DES_cblock *out_white)
 	{
-	unsigned char *key,*in,*out;
 	int out0,out1;
 	int i;
-
-	key=(unsigned char *)des_key;
-	in=(unsigned char *)in_white;
-	out=(unsigned char *)out_white;
+	const unsigned char *key = &(*des_key)[0];
+	const unsigned char *in = &(*in_white)[0];
+	unsigned char *out = &(*out_white)[0];
 
 	out[0]=out[1]=out[2]=out[3]=out[4]=out[5]=out[6]=out[7]=0;
 	out0=out1=0;
@@ -111,34 +107,27 @@ des_cblock (*out_white);
 		}
 	}
 
-void des_xcbc_encrypt(input, output, length, schedule, ivec, inw,outw,enc)
-des_cblock (*input);
-des_cblock (*output);
-long length;
-des_key_schedule schedule;
-des_cblock (*ivec);
-des_cblock (*inw);
-des_cblock (*outw);
-int enc;
+void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out,
+		      long length, DES_key_schedule *schedule,
+		      DES_cblock *ivec, const_DES_cblock *inw,
+		      const_DES_cblock *outw, int enc)
 	{
 	register DES_LONG tin0,tin1;
 	register DES_LONG tout0,tout1,xor0,xor1;
 	register DES_LONG inW0,inW1,outW0,outW1;
-	register unsigned char *in,*out;
+	register const unsigned char *in2;
 	register long l=length;
 	DES_LONG tin[2];
 	unsigned char *iv;
 
-	in=(unsigned char *)inw;
-	c2l(in,inW0);
-	c2l(in,inW1);
-	in=(unsigned char *)outw;
-	c2l(in,outW0);
-	c2l(in,outW1);
+	in2 = &(*inw)[0];
+	c2l(in2,inW0);
+	c2l(in2,inW1);
+	in2 = &(*outw)[0];
+	c2l(in2,outW0);
+	c2l(in2,outW1);
 
-	in=(unsigned char *)input;
-	out=(unsigned char *)output;
-	iv=(unsigned char *)ivec;
+	iv = &(*ivec)[0];
 
 	if (enc)
 		{
@@ -150,7 +139,7 @@ int enc;
 			c2l(in,tin1);
 			tin0^=tout0^inW0; tin[0]=tin0;
 			tin1^=tout1^inW1; tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			DES_encrypt1(tin,schedule,DES_ENCRYPT);
 			tout0=tin[0]^outW0; l2c(tout0,out);
 			tout1=tin[1]^outW1; l2c(tout1,out);
 			}
@@ -159,11 +148,11 @@ int enc;
 			c2ln(in,tin0,tin1,l+8);
 			tin0^=tout0^inW0; tin[0]=tin0;
 			tin1^=tout1^inW1; tin[1]=tin1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT);
+			DES_encrypt1(tin,schedule,DES_ENCRYPT);
 			tout0=tin[0]^outW0; l2c(tout0,out);
 			tout1=tin[1]^outW1; l2c(tout1,out);
 			}
-		iv=(unsigned char *)ivec;
+		iv = &(*ivec)[0];
 		l2c(tout0,iv);
 		l2c(tout1,iv);
 		}
@@ -175,7 +164,7 @@ int enc;
 			{
 			c2l(in,tin0); tin[0]=tin0^outW0;
 			c2l(in,tin1); tin[1]=tin1^outW1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			DES_encrypt1(tin,schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0^inW0;
 			tout1=tin[1]^xor1^inW1;
 			l2c(tout0,out);
@@ -187,7 +176,7 @@ int enc;
 			{
 			c2l(in,tin0); tin[0]=tin0^outW0;
 			c2l(in,tin1); tin[1]=tin1^outW1;
-			des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT);
+			DES_encrypt1(tin,schedule,DES_DECRYPT);
 			tout0=tin[0]^xor0^inW0;
 			tout1=tin[1]^xor1^inW1;
 			l2cn(tout0,tout1,out,l+8);
@@ -195,7 +184,7 @@ int enc;
 			xor1=tin1;
 			}
 
-		iv=(unsigned char *)ivec;
+		iv = &(*ivec)[0];
 		l2c(xor0,iv);
 		l2c(xor1,iv);
 		}
diff --git a/crypto/dh/.cvsignore b/crypto/dh/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/dh/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/dh/Makefile.ssl b/crypto/dh/Makefile.ssl
index dfa7e4525d..e1cb248db5 100644
--- a/crypto/dh/Makefile.ssl
+++ b/crypto/dh/Makefile.ssl
@@ -5,25 +5,26 @@
 DIR=	dh
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=dh
-ERRC=dh_err
 GENERAL=Makefile
 TEST= dhtest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= dh_gen.c dh_key.c dh_lib.c dh_check.c $(ERRC).c
-LIBOBJ= dh_gen.o dh_key.o dh_lib.o dh_check.o $(ERRC).o
+LIBSRC= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
+LIBOBJ= dh_asn1.o dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o
 
 SRC= $(LIBSRC)
 
@@ -39,24 +40,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -68,17 +68,71 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+dh_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+dh_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dh_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+dh_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+dh_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_asn1.c
+dh_check.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_check.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_check.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_check.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_check.o: ../../include/openssl/opensslconf.h
+dh_check.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_check.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_check.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_check.c
+dh_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dh_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dh_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dh_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dh_err.o: ../../include/openssl/symhacks.h dh_err.c
+dh_gen.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dh_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dh_gen.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h
+dh_gen.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dh_gen.o: ../cryptlib.h dh_gen.c
+dh_key.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_key.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_key.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dh_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+dh_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+dh_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dh_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dh_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dh_key.o: ../../include/openssl/ui.h ../cryptlib.h dh_key.c
+dh_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dh_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dh_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dh_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+dh_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+dh_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dh_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dh_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dh_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dh_lib.o: ../../include/openssl/ui.h ../cryptlib.h dh_lib.c
diff --git a/crypto/dh/dh.err b/crypto/dh/dh.err
deleted file mode 100644
index a4fe746985..0000000000
--- a/crypto/dh/dh.err
+++ /dev/null
@@ -1,12 +0,0 @@
-/* Error codes for the DH functions. */
-
-/* Function codes. */
-#define DH_F_DHPARAMS_PRINT				 100
-#define DH_F_DHPARAMS_PRINT_FP				 101
-#define DH_F_DH_COMPUTE_KEY				 102
-#define DH_F_DH_GENERATE_KEY				 103
-#define DH_F_DH_GENERATE_PARAMETERS			 104
-#define DH_F_DH_NEW					 105
-
-/* Reason codes. */
-#define DH_R_NO_PRIVATE_VALUE				 100
diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
index 8d60ae5c52..05851f8429 100644
--- a/crypto/dh/dh.h
+++ b/crypto/dh/dh.h
@@ -59,17 +59,41 @@
 #ifndef HEADER_DH_H
 #define HEADER_DH_H
 
+#ifdef OPENSSL_NO_DH
+#error DH is disabled.
+#endif
+
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include <openssl/ossl_typ.h>
+	
+#define DH_FLAG_CACHE_MONT_P	0x01
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#ifndef HEADER_BN_H
-#define BIGNUM 		char
-#endif
+typedef struct dh_st DH;
 
-#define DH_FLAG_CACHE_MONT_P	0x01
+typedef struct dh_method {
+	const char *name;
+	/* Methods here */
+	int (*generate_key)(DH *dh);
+	int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh);
+	int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a,
+				const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+				BN_MONT_CTX *m_ctx); /* Can be null */
 
-typedef struct dh_st
+	int (*init)(DH *dh);
+	int (*finish)(DH *dh);
+	int flags;
+	char *app_data;
+} DH_METHOD;
+
+struct dh_st
 	{
 	/* This first argument is used to pick up errors when
 	 * a DH is passed instead of a EVP_PKEY */
@@ -77,13 +101,24 @@ typedef struct dh_st
 	int version;
 	BIGNUM *p;
 	BIGNUM *g;
-	int length; /* optional */
-	BIGNUM *pub_key;	/* y */
+	long length; /* optional */
+	BIGNUM *pub_key;	/* g^x */
 	BIGNUM *priv_key;	/* x */
 
 	int flags;
 	char *method_mont_p;
-	} DH;
+	/* Place holders if we want to do X9.42 DH */
+	BIGNUM *q;
+	BIGNUM *j;
+	unsigned char *seed;
+	int seedlen;
+	BIGNUM *counter;
+
+	int references;
+	CRYPTO_EX_DATA ex_data;
+	const DH_METHOD *meth;
+	ENGINE *engine;
+	};
 
 #define DH_GENERATOR_2		2
 /* #define DH_GENERATOR_3	3 */
@@ -91,10 +126,14 @@ typedef struct dh_st
 
 /* DH_check error codes */
 #define DH_CHECK_P_NOT_PRIME		0x01
-#define DH_CHECK_P_NOT_STRONG_PRIME	0x02
+#define DH_CHECK_P_NOT_SAFE_PRIME	0x02
 #define DH_UNABLE_TO_CHECK_GENERATOR	0x04
 #define DH_NOT_SUITABLE_GENERATOR	0x08
 
+/* primes p where (p-1)/2 is prime too are called "safe"; we define
+   this for backward compatibility: */
+#define DH_CHECK_P_NOT_STRONG_PRIME	DH_CHECK_P_NOT_SAFE_PRIME
+
 #define DHparams_dup(x) (DH *)ASN1_dup((int (*)())i2d_DHparams, \
 		(char *(*)())d2i_DHparams,(char *)(x))
 #define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
@@ -103,50 +142,51 @@ typedef struct dh_st
 		(unsigned char *)(x))
 #define d2i_DHparams_bio(bp,x) (DH *)ASN1_d2i_bio((char *(*)())DH_new, \
 		(char *(*)())d2i_DHparams,(bp),(unsigned char **)(x))
+#ifdef  __cplusplus
+#define i2d_DHparams_bio(bp,x) ASN1_i2d_bio((int (*)())i2d_DHparams,(bp), \
+		(unsigned char *)(x))
+#else
 #define i2d_DHparams_bio(bp,x) ASN1_i2d_bio(i2d_DHparams,(bp), \
 		(unsigned char *)(x))
+#endif
+
+const DH_METHOD *DH_OpenSSL(void);
+
+void DH_set_default_method(const DH_METHOD *meth);
+const DH_METHOD *DH_get_default_method(void);
+int DH_set_method(DH *dh, const DH_METHOD *meth);
+DH *DH_new_method(ENGINE *engine);
 
-#ifndef NOPROTO
 DH *	DH_new(void);
 void	DH_free(DH *dh);
-int	DH_size(DH *dh);
+int	DH_up_ref(DH *dh);
+int	DH_size(const DH *dh);
+int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int DH_set_ex_data(DH *d, int idx, void *arg);
+void *DH_get_ex_data(DH *d, int idx);
 DH *	DH_generate_parameters(int prime_len,int generator,
-		void (*callback)(int,int,char *),char *cb_arg);
-int	DH_check(DH *dh,int *codes);
+		void (*callback)(int,int,void *),void *cb_arg);
+int	DH_check(const DH *dh,int *codes);
 int	DH_generate_key(DH *dh);
-int	DH_compute_key(unsigned char *key,BIGNUM *pub_key,DH *dh);
-DH *	d2i_DHparams(DH **a,unsigned char **pp, long length);
-int	i2d_DHparams(DH *a,unsigned char **pp);
-#ifndef NO_FP_API
-int	DHparams_print_fp(FILE *fp, DH *x);
+int	DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
+DH *	d2i_DHparams(DH **a,const unsigned char **pp, long length);
+int	i2d_DHparams(const DH *a,unsigned char **pp);
+#ifndef OPENSSL_NO_FP_API
+int	DHparams_print_fp(FILE *fp, const DH *x);
 #endif
-#ifdef HEADER_BIO_H
-int	DHparams_print(BIO *bp, DH *x);
+#ifndef OPENSSL_NO_BIO
+int	DHparams_print(BIO *bp, const DH *x);
 #else
-int	DHparams_print(char *bp, DH *x);
-#endif
-void	ERR_load_DH_strings(void );
-
-#else
-
-DH *	DH_new();
-void	DH_free();
-int	DH_size();
-DH *	DH_generate_parameters();
-int	DH_check();
-int	DH_generate_key();
-int	DH_compute_key();
-DH *	d2i_DHparams();
-int	i2d_DHparams();
-#ifndef NO_FP_API
-int	DHparams_print_fp();
-#endif
-int	DHparams_print();
-void	ERR_load_DH_strings();
-
+int	DHparams_print(char *bp, const DH *x);
 #endif
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_DH_strings(void);
+
 /* Error codes for the DH functions. */
 
 /* Function codes. */
@@ -155,13 +195,13 @@ void	ERR_load_DH_strings();
 #define DH_F_DH_COMPUTE_KEY				 102
 #define DH_F_DH_GENERATE_KEY				 103
 #define DH_F_DH_GENERATE_PARAMETERS			 104
-#define DH_F_DH_NEW					 105
+#define DH_F_DH_NEW_METHOD				 105
 
 /* Reason codes. */
+#define DH_R_BAD_GENERATOR				 101
 #define DH_R_NO_PRIVATE_VALUE				 100
- 
+
 #ifdef  __cplusplus
 }
 #endif
 #endif
-
diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c
new file mode 100644
index 0000000000..769b5b68c5
--- /dev/null
+++ b/crypto/dh/dh_asn1.c
@@ -0,0 +1,87 @@
+/* dh_asn1.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/objects.h>
+#include <openssl/asn1t.h>
+
+/* Override the default free and new methods */
+static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	if(operation == ASN1_OP_NEW_PRE) {
+		*pval = (ASN1_VALUE *)DH_new();
+		if(*pval) return 2;
+		return 0;
+	} else if(operation == ASN1_OP_FREE_PRE) {
+		DH_free((DH *)*pval);
+		*pval = NULL;
+		return 2;
+	}
+	return 1;
+}
+
+ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
+	ASN1_SIMPLE(DH, p, BIGNUM),
+	ASN1_SIMPLE(DH, g, BIGNUM),
+	ASN1_OPT(DH, length, ZLONG),
+} ASN1_SEQUENCE_END_cb(DH, DHparams)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index 65602e494f..f0373f7d68 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -58,10 +58,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "dh.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
 
-/* Check that p is a strong prime and
+/* Check that p is a safe prime and
  * if g is 2, 3 or 5, check that is is a suitable generator
  * where
  * for 2, p mod 24 == 11
@@ -70,9 +70,7 @@
  * should hold.
  */
 
-int DH_check(dh,ret)
-DH *dh;
-int *ret;
+int DH_check(const DH *dh, int *ret)
 	{
 	int ok=0;
 	BN_CTX *ctx=NULL;
@@ -90,11 +88,13 @@ int *ret;
 		l=BN_mod_word(dh->p,24);
 		if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;
 		}
-/*	else if (BN_is_word(dh->g,DH_GENERATOR_3))
+#if 0
+	else if (BN_is_word(dh->g,DH_GENERATOR_3))
 		{
 		l=BN_mod_word(dh->p,12);
 		if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;
-		}*/
+		}
+#endif
 	else if (BN_is_word(dh->g,DH_GENERATOR_5))
 		{
 		l=BN_mod_word(dh->p,10);
@@ -110,7 +110,7 @@ int *ret;
 		{
 		if (!BN_rshift1(q,dh->p)) goto err;
 		if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL))
-			*ret|=DH_CHECK_P_NOT_STRONG_PRIME;
+			*ret|=DH_CHECK_P_NOT_SAFE_PRIME;
 		}
 	ok=1;
 err:
diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
index 83ad45fb04..d837950aec 100644
--- a/crypto/dh/dh_err.c
+++ b/crypto/dh/dh_err.c
@@ -1,66 +1,69 @@
-/* lib/dh/dh_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/dh/dh_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "dh.h"
+#include <openssl/err.h>
+#include <openssl/dh.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA DH_str_functs[]=
 	{
 {ERR_PACK(0,DH_F_DHPARAMS_PRINT,0),	"DHparams_print"},
@@ -68,26 +71,27 @@ static ERR_STRING_DATA DH_str_functs[]=
 {ERR_PACK(0,DH_F_DH_COMPUTE_KEY,0),	"DH_compute_key"},
 {ERR_PACK(0,DH_F_DH_GENERATE_KEY,0),	"DH_generate_key"},
 {ERR_PACK(0,DH_F_DH_GENERATE_PARAMETERS,0),	"DH_generate_parameters"},
-{ERR_PACK(0,DH_F_DH_NEW,0),	"DH_new"},
-{0,NULL},
+{ERR_PACK(0,DH_F_DH_NEW_METHOD,0),	"DH_new_method"},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA DH_str_reasons[]=
 	{
+{DH_R_BAD_GENERATOR                      ,"bad generator"},
 {DH_R_NO_PRIVATE_VALUE                   ,"no private value"},
-{0,NULL},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_DH_strings()
+void ERR_load_DH_strings(void)
 	{
 	static int init=1;
 
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_DH,DH_str_functs);
 		ERR_load_strings(ERR_LIB_DH,DH_str_reasons);
 #endif
diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
index 466f2bf06f..06f78b35ab 100644
--- a/crypto/dh/dh_gen.c
+++ b/crypto/dh/dh_gen.c
@@ -58,8 +58,8 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "dh.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
 
 /* We generate DH parameters as follows
  * find a prime q which is prime_len/2 bits long.
@@ -72,22 +72,22 @@
  * Having said all that,
  * there is another special case method for the generators 2, 3 and 5.
  * for 2, p mod 24 == 11
- * for 3, p mod 12 == 5  <<<<< does not work for strong primes.
+ * for 3, p mod 12 == 5  <<<<< does not work for safe primes.
  * for 5, p mod 10 == 3 or 7
  *
  * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the
  * special generators and for answering some of my questions.
  *
  * I've implemented the second simple method :-).
- * Since DH should be using a strong prime (both p and q are prime),
+ * Since DH should be using a safe prime (both p and q are prime),
  * this generator function can take a very very long time to run.
  */
-
-DH *DH_generate_parameters(prime_len,generator,callback,cb_arg)
-int prime_len;
-int generator;
-void (*callback)(P_I_I_P);
-char *cb_arg;
+/* Actually there is no reason to insist that 'generator' be a generator.
+ * It's just as OK (and in some sense better) to use a generator of the
+ * order-q subgroup.
+ */
+DH *DH_generate_parameters(int prime_len, int generator,
+	     void (*callback)(int,int,void *), void *cb_arg)
 	{
 	BIGNUM *p=NULL,*t1,*t2;
 	DH *ret=NULL;
@@ -95,36 +95,51 @@ char *cb_arg;
 	BN_CTX *ctx=NULL;
 
 	ret=DH_new();
+	if (ret == NULL) goto err;
 	ctx=BN_CTX_new();
 	if (ctx == NULL) goto err;
-	t1= &(ctx->bn[0]);
-	t2= &(ctx->bn[1]);
-	ctx->tos=2;
+	BN_CTX_start(ctx);
+	t1 = BN_CTX_get(ctx);
+	t2 = BN_CTX_get(ctx);
+	if (t1 == NULL || t2 == NULL) goto err;
 	
+	if (generator <= 1)
+		{
+		DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR);
+		goto err;
+		}
 	if (generator == DH_GENERATOR_2)
 		{
-		BN_set_word(t1,24);
-		BN_set_word(t2,11);
+		if (!BN_set_word(t1,24)) goto err;
+		if (!BN_set_word(t2,11)) goto err;
 		g=2;
 		}
-#ifdef undef  /* does not work for strong primes */
+#if 0 /* does not work for safe primes */
 	else if (generator == DH_GENERATOR_3)
 		{
-		BN_set_word(t1,12);
-		BN_set_word(t2,5);
+		if (!BN_set_word(t1,12)) goto err;
+		if (!BN_set_word(t2,5)) goto err;
 		g=3;
 		}
 #endif
 	else if (generator == DH_GENERATOR_5)
 		{
-		BN_set_word(t1,10);
-		BN_set_word(t2,3);
+		if (!BN_set_word(t1,10)) goto err;
+		if (!BN_set_word(t2,3)) goto err;
 		/* BN_set_word(t3,7); just have to miss
 		 * out on these ones :-( */
 		g=5;
 		}
 	else
+		{
+		/* in the general case, don't worry if 'generator' is a
+		 * generator or not: since we are using safe primes,
+		 * it will generate either an order-q or an order-2q group,
+		 * which both is OK */
+		if (!BN_set_word(t1,2)) goto err;
+		if (!BN_set_word(t2,1)) goto err;
 		g=generator;
+		}
 	
 	p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
 	if (p == NULL) goto err;
@@ -140,7 +155,11 @@ err:
 		ok=0;
 		}
 
-	if (ctx != NULL) BN_CTX_free(ctx);
+	if (ctx != NULL)
+		{
+		BN_CTX_end(ctx);
+		BN_CTX_free(ctx);
+		}
 	if (!ok && (ret != NULL))
 		{
 		DH_free(ret);
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index fa2c96082b..1a0efca2c4 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -58,32 +58,63 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "rand.h"
-#include "dh.h"
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/dh.h>
+#include <openssl/engine.h>
 
-int DH_generate_key(dh)
-DH *dh;
+static int generate_key(DH *dh);
+static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+			const BIGNUM *a, const BIGNUM *p,
+			const BIGNUM *m, BN_CTX *ctx,
+			BN_MONT_CTX *m_ctx);
+static int dh_init(DH *dh);
+static int dh_finish(DH *dh);
+
+int DH_generate_key(DH *dh)
+	{
+	return dh->meth->generate_key(dh);
+	}
+
+int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+	{
+	return dh->meth->compute_key(key, pub_key, dh);
+	}
+
+static DH_METHOD dh_ossl = {
+"OpenSSL DH Method",
+generate_key,
+compute_key,
+dh_bn_mod_exp,
+dh_init,
+dh_finish,
+0,
+NULL
+};
+
+const DH_METHOD *DH_OpenSSL(void)
+{
+	return &dh_ossl;
+}
+
+static int generate_key(DH *dh)
 	{
 	int ok=0;
-	unsigned int i;
-	BN_CTX ctx;
+	int generate_new_key=0;
+	unsigned l;
+	BN_CTX *ctx;
 	BN_MONT_CTX *mont;
 	BIGNUM *pub_key=NULL,*priv_key=NULL;
 
-	BN_CTX_init(&ctx);
+	ctx = BN_CTX_new();
+	if (ctx == NULL) goto err;
 
 	if (dh->priv_key == NULL)
 		{
-		i=dh->length;
-		if (i == 0)
-			{
-			/* Make the number p-1 bits long */
-			i=BN_num_bits(dh->p)-1;
-			}
 		priv_key=BN_new();
 		if (priv_key == NULL) goto err;
-		if (!BN_rand(priv_key,i,0,0)) goto err;
+		generate_new_key=1;
 		}
 	else
 		priv_key=dh->priv_key;
@@ -100,11 +131,17 @@ DH *dh;
 		{
 		if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
 			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
-				dh->p,&ctx)) goto err;
+				dh->p,ctx)) goto err;
 		}
 	mont=(BN_MONT_CTX *)dh->method_mont_p;
 
-	if (!BN_mod_exp_mont(pub_key,dh->g,priv_key,dh->p,&ctx,mont)) goto err;
+	if (generate_new_key)
+		{
+		l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
+		if (!BN_rand(priv_key, l, 0, 0)) goto err;
+		}
+	if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont))
+		goto err;
 		
 	dh->pub_key=pub_key;
 	dh->priv_key=priv_key;
@@ -115,22 +152,21 @@ err:
 
 	if ((pub_key != NULL)  && (dh->pub_key == NULL))  BN_free(pub_key);
 	if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
-	BN_CTX_free(&ctx);
+	BN_CTX_free(ctx);
 	return(ok);
 	}
 
-int DH_compute_key(key,pub_key,dh)
-unsigned char *key;
-BIGNUM *pub_key;
-DH *dh;
+static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 	{
-	BN_CTX ctx;
+	BN_CTX *ctx;
 	BN_MONT_CTX *mont;
 	BIGNUM *tmp;
 	int ret= -1;
 
-	BN_CTX_init(&ctx);
-	tmp= &(ctx.bn[ctx.tos++]);
+	ctx = BN_CTX_new();
+	if (ctx == NULL) goto err;
+	BN_CTX_start(ctx);
+	tmp = BN_CTX_get(ctx);
 	
 	if (dh->priv_key == NULL)
 		{
@@ -141,11 +177,11 @@ DH *dh;
 		{
 		if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
 			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
-				dh->p,&ctx)) goto err;
+				dh->p,ctx)) goto err;
 		}
 
 	mont=(BN_MONT_CTX *)dh->method_mont_p;
-	if (!BN_mod_exp_mont(tmp,pub_key,dh->priv_key,dh->p,&ctx,mont))
+	if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
 		{
 		DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
 		goto err;
@@ -153,6 +189,35 @@ DH *dh;
 
 	ret=BN_bn2bin(tmp,key);
 err:
-	BN_CTX_free(&ctx);
+	BN_CTX_end(ctx);
+	BN_CTX_free(ctx);
 	return(ret);
 	}
+
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+			const BIGNUM *a, const BIGNUM *p,
+			const BIGNUM *m, BN_CTX *ctx,
+			BN_MONT_CTX *m_ctx)
+	{
+	if (a->top == 1)
+		{
+		BN_ULONG A = a->d[0];
+		return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
+		}
+	else
+		return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx);
+	}
+
+
+static int dh_init(DH *dh)
+	{
+	dh->flags |= DH_FLAG_CACHE_MONT_P;
+	return(1);
+	}
+
+static int dh_finish(DH *dh)
+	{
+	if(dh->method_mont_p)
+		BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p);
+	return(1);
+	}
diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c
index 1b4bb4ea2b..ba5fd41057 100644
--- a/crypto/dh/dh_lib.c
+++ b/crypto/dh/dh_lib.c
@@ -58,21 +58,84 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "dh.h"
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/engine.h>
 
-char *DH_version="Diffie-Hellman part of SSLeay 0.9.1a 06-Jul-1998";
+const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 
-DH *DH_new()
+static const DH_METHOD *default_DH_method = NULL;
+
+void DH_set_default_method(const DH_METHOD *meth)
+	{
+	default_DH_method = meth;
+	}
+
+const DH_METHOD *DH_get_default_method(void)
+	{
+	if(!default_DH_method)
+		default_DH_method = DH_OpenSSL();
+	return default_DH_method;
+	}
+
+int DH_set_method(DH *dh, const DH_METHOD *meth)
+	{
+	/* NB: The caller is specifically setting a method, so it's not up to us
+	 * to deal with which ENGINE it comes from. */
+        const DH_METHOD *mtmp;
+        mtmp = dh->meth;
+        if (mtmp->finish) mtmp->finish(dh);
+	if (dh->engine)
+		{
+		ENGINE_finish(dh->engine);
+		dh->engine = NULL;
+		}
+        dh->meth = meth;
+        if (meth->init) meth->init(dh);
+        return 1;
+	}
+
+DH *DH_new(void)
+	{
+	return DH_new_method(NULL);
+	}
+
+DH *DH_new_method(ENGINE *engine)
 	{
 	DH *ret;
 
-	ret=(DH *)Malloc(sizeof(DH));
+	ret=(DH *)OPENSSL_malloc(sizeof(DH));
 	if (ret == NULL)
 		{
-		DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE);
+		DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE);
 		return(NULL);
 		}
+
+	ret->meth = DH_get_default_method();
+	if (engine)
+		{
+		if (!ENGINE_init(engine))
+			{
+			DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
+			OPENSSL_free(ret);
+			return NULL;
+			}
+		ret->engine = engine;
+		}
+	else
+		ret->engine = ENGINE_get_default_DH();
+	if(ret->engine)
+		{
+		ret->meth = ENGINE_get_DH(ret->engine);
+		if(!ret->meth)
+			{
+			DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB);
+			ENGINE_finish(ret->engine);
+			OPENSSL_free(ret);
+			return NULL;
+			}
+		}
+
 	ret->pad=0;
 	ret->version=0;
 	ret->p=NULL;
@@ -80,25 +143,95 @@ DH *DH_new()
 	ret->length=0;
 	ret->pub_key=NULL;
 	ret->priv_key=NULL;
-	ret->flags=DH_FLAG_CACHE_MONT_P;
+	ret->q=NULL;
+	ret->j=NULL;
+	ret->seed = NULL;
+	ret->seedlen = 0;
+	ret->counter = NULL;
 	ret->method_mont_p=NULL;
+	ret->references = 1;
+	ret->flags=ret->meth->flags;
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
+	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+		{
+		if (ret->engine)
+			ENGINE_finish(ret->engine);
+		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
+		OPENSSL_free(ret);
+		ret=NULL;
+		}
 	return(ret);
 	}
 
-void DH_free(r)
-DH *r;
+void DH_free(DH *r)
 	{
+	int i;
+	if(r == NULL) return;
+	i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
+#ifdef REF_PRINT
+	REF_PRINT("DH",r);
+#endif
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"DH_free, bad reference count\n");
+		abort();
+	}
+#endif
+
+	if (r->meth->finish)
+		r->meth->finish(r);
+	if (r->engine)
+		ENGINE_finish(r->engine);
+
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
+
 	if (r->p != NULL) BN_clear_free(r->p);
 	if (r->g != NULL) BN_clear_free(r->g);
+	if (r->q != NULL) BN_clear_free(r->q);
+	if (r->j != NULL) BN_clear_free(r->j);
+	if (r->seed) OPENSSL_free(r->seed);
+	if (r->counter != NULL) BN_clear_free(r->counter);
 	if (r->pub_key != NULL) BN_clear_free(r->pub_key);
 	if (r->priv_key != NULL) BN_clear_free(r->priv_key);
-	if (r->method_mont_p != NULL)
-		BN_MONT_CTX_free((BN_MONT_CTX *)r->method_mont_p);
-	Free(r);
+	OPENSSL_free(r);
+	}
+
+int DH_up_ref(DH *r)
+	{
+	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH);
+#ifdef REF_PRINT
+	REF_PRINT("DH",r);
+#endif
+#ifdef REF_CHECK
+	if (i < 2)
+		{
+		fprintf(stderr, "DH_up, bad reference count\n");
+		abort();
+		}
+#endif
+	return ((i > 1) ? 1 : 0);
+	}
+
+int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp,
+				new_func, dup_func, free_func);
+        }
+
+int DH_set_ex_data(DH *d, int idx, void *arg)
+	{
+	return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
+	}
+
+void *DH_get_ex_data(DH *d, int idx)
+	{
+	return(CRYPTO_get_ex_data(&d->ex_data,idx));
 	}
 
-int DH_size(dh)
-DH *dh;
+int DH_size(const DH *dh)
 	{
 	return(BN_num_bytes(dh->p));
 	}
diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c
index e8e1695edd..27237741da 100644
--- a/crypto/dh/dhtest.c
+++ b/crypto/dh/dhtest.c
@@ -59,53 +59,77 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#ifdef WINDOWS
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_SYS_WINDOWS
 #include "../bio/bss_file.c" 
 #endif
-#include "crypto.h"
-#include "bio.h"
-#include "bn.h"
-#include "dh.h"
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+
+#ifdef OPENSSL_NO_DH
+int main(int argc, char *argv[])
+{
+    printf("No DH support\n");
+    return(0);
+}
+#else
+#include <openssl/dh.h>
 
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
 #define MS_CALLBACK	_far _loadds
 #else
 #define MS_CALLBACK
 #endif
 
-#ifndef NOPROTO
-static void MS_CALLBACK cb(int p, int n, char *arg);
-#else
-static void MS_CALLBACK cb();
-#endif
-
-#ifdef NO_STDIO
+static void MS_CALLBACK cb(int p, int n, void *arg);
+#ifdef OPENSSL_NO_STDIO
 #define APPS_WIN16
 #include "bss_file.c"
 #endif
 
-BIO *out=NULL;
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
 
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
-	DH *a,*b;
+	DH *a;
+	DH *b=NULL;
 	char buf[12];
 	unsigned char *abuf=NULL,*bbuf=NULL;
 	int i,alen,blen,aout,bout,ret=1;
+	BIO *out;
+
+	CRYPTO_malloc_debug_init();
+	CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 	CRYPTO_malloc_init();
 #endif
 
+	RAND_seed(rnd_seed, sizeof rnd_seed);
+
 	out=BIO_new(BIO_s_file());
-	if (out == NULL) exit(1);
+	if (out == NULL) EXIT(1);
 	BIO_set_fp(out,stdout,BIO_NOCLOSE);
 
-	a=DH_generate_parameters(64,DH_GENERATOR_5,cb,(char *)out);
+	a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
 	if (a == NULL) goto err;
 
+	if (!DH_check(a, &i)) goto err;
+	if (i & DH_CHECK_P_NOT_PRIME)
+		BIO_puts(out, "p value is not prime\n");
+	if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+		BIO_puts(out, "p value is not a safe prime\n");
+	if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+		BIO_puts(out, "unable to check the generator value\n");
+	if (i & DH_NOT_SUITABLE_GENERATOR)
+		BIO_puts(out, "the g value is not a generator\n");
+
 	BIO_puts(out,"\np    =");
 	BN_print(out,a->p);
 	BIO_puts(out,"\ng    =");
@@ -134,7 +158,7 @@ char *argv[];
 	BIO_puts(out,"\n");
 
 	alen=DH_size(a);
-	abuf=(unsigned char *)Malloc(alen);
+	abuf=(unsigned char *)OPENSSL_malloc(alen);
 	aout=DH_compute_key(abuf,b->pub_key,a);
 
 	BIO_puts(out,"key1 =");
@@ -146,7 +170,7 @@ char *argv[];
 	BIO_puts(out,"\n");
 
 	blen=DH_size(b);
-	bbuf=(unsigned char *)Malloc(blen);
+	bbuf=(unsigned char *)OPENSSL_malloc(blen);
 	bout=DH_compute_key(bbuf,a->pub_key,b);
 
 	BIO_puts(out,"key2 =");
@@ -164,16 +188,21 @@ char *argv[];
 	else
 		ret=0;
 err:
-	if (abuf != NULL) Free(abuf);
-	if (bbuf != NULL) Free(bbuf);
-	exit(ret);
+	ERR_print_errors_fp(stderr);
+
+	if (abuf != NULL) OPENSSL_free(abuf);
+	if (bbuf != NULL) OPENSSL_free(bbuf);
+	if(b != NULL) DH_free(b);
+	if(a != NULL) DH_free(a);
+	BIO_free(out);
+	CRYPTO_cleanup_all_ex_data();
+	ERR_remove_state(0);
+	CRYPTO_mem_leaks_fp(stderr);
+	EXIT(ret);
 	return(ret);
 	}
 
-static void MS_CALLBACK cb(p, n,arg)
-int p;
-int n;
-char *arg;
+static void MS_CALLBACK cb(int p, int n, void *arg)
 	{
 	char c='*';
 
@@ -182,8 +211,9 @@ char *arg;
 	if (p == 2) c='*';
 	if (p == 3) c='\n';
 	BIO_write((BIO *)arg,&c,1);
-	BIO_flush((BIO *)arg);
+	(void)BIO_flush((BIO *)arg);
 #ifdef LINT
 	p=n;
 #endif
 	}
+#endif
diff --git a/crypto/dh/p1024.c b/crypto/dh/p1024.c
index 0c50c24cfb..368ceca4eb 100644
--- a/crypto/dh/p1024.c
+++ b/crypto/dh/p1024.c
@@ -57,10 +57,10 @@
  */
 
 #include <stdio.h>
-#include "bn.h"
-#include "asn1.h"
-#include "dh.h"
-#include "pem.h"
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/pem.h>
 
 unsigned char data[]={0x97,0xF6,0x42,0x61,0xCA,0xB5,0x05,0xDD,
 	0x28,0x28,0xE1,0x3F,0x1D,0x68,0xB6,0xD3,
diff --git a/crypto/dh/p192.c b/crypto/dh/p192.c
index 881908169a..7bdf40410e 100644
--- a/crypto/dh/p192.c
+++ b/crypto/dh/p192.c
@@ -57,10 +57,10 @@
  */
 
 #include <stdio.h>
-#include "bn.h"
-#include "asn1.h"
-#include "dh.h"
-#include "pem.h"
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/pem.h>
 
 unsigned char data[]={
 0xD4,0xA0,0xBA,0x02,0x50,0xB6,0xFD,0x2E,
diff --git a/crypto/dh/p512.c b/crypto/dh/p512.c
index cc84e8e50e..a9b6aa83f0 100644
--- a/crypto/dh/p512.c
+++ b/crypto/dh/p512.c
@@ -57,10 +57,10 @@
  */
 
 #include <stdio.h>
-#include "bn.h"
-#include "asn1.h"
-#include "dh.h"
-#include "pem.h"
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/dh.h>
+#include <openssl/pem.h>
 
 unsigned char data[]={
 0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,
diff --git a/crypto/dsa/.cvsignore b/crypto/dsa/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/dsa/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/dsa/Makefile.ssl b/crypto/dsa/Makefile.ssl
index 2cc4ddb39e..306a3f2001 100644
--- a/crypto/dsa/Makefile.ssl
+++ b/crypto/dsa/Makefile.ssl
@@ -5,25 +5,28 @@
 DIR=	dsa
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=dsa
-ERRC=dsa_err
 GENERAL=Makefile
 TEST=dsatest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_vrf.c dsa_sign.c $(ERRC).c
-LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_vrf.o dsa_sign.o $(ERRC).o
+LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
+	dsa_err.c dsa_ossl.c
+LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
+	dsa_err.o dsa_ossl.o
 
 SRC= $(LIBSRC)
 
@@ -39,24 +42,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -68,17 +70,113 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+dsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_asn1.o: ../../include/openssl/opensslconf.h
+dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_asn1.c
+dsa_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+dsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_err.o: dsa_err.c
+dsa_gen.o: ../../e_os.h ../../include/openssl/aes.h
+dsa_gen.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+dsa_gen.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+dsa_gen.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+dsa_gen.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+dsa_gen.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+dsa_gen.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+dsa_gen.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+dsa_gen.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+dsa_gen.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_gen.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+dsa_gen.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+dsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+dsa_gen.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dsa_gen.o: ../../include/openssl/ui_compat.h ../cryptlib.h dsa_gen.c
+dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+dsa_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_key.o: ../cryptlib.h dsa_key.c
+dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+dsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+dsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dsa_lib.o: ../cryptlib.h dsa_lib.c
+dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_ossl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+dsa_ossl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+dsa_ossl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_ossl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dsa_ossl.o: ../cryptlib.h dsa_ossl.c
+dsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+dsa_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+dsa_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+dsa_sign.o: ../cryptlib.h dsa_sign.c
+dsa_vrf.o: ../../e_os.h ../../include/openssl/asn1.h
+dsa_vrf.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+dsa_vrf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+dsa_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+dsa_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+dsa_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+dsa_vrf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_vrf.o: ../../include/openssl/ui.h ../cryptlib.h dsa_vrf.c
diff --git a/crypto/dsa/dsa.err b/crypto/dsa/dsa.err
deleted file mode 100644
index 1131e9fa74..0000000000
--- a/crypto/dsa/dsa.err
+++ /dev/null
@@ -1,15 +0,0 @@
-/* Error codes for the DSA functions. */
-
-/* Function codes. */
-#define DSA_F_DSAPARAMS_PRINT				 100
-#define DSA_F_DSAPARAMS_PRINT_FP			 101
-#define DSA_F_DSA_IS_PRIME				 102
-#define DSA_F_DSA_NEW					 103
-#define DSA_F_DSA_PRINT					 104
-#define DSA_F_DSA_PRINT_FP				 105
-#define DSA_F_DSA_SIGN					 106
-#define DSA_F_DSA_SIGN_SETUP				 107
-#define DSA_F_DSA_VERIFY				 108
-
-/* Reason codes. */
-#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 100
diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h
index a231c199b7..9b3baadf2c 100644
--- a/crypto/dsa/dsa.h
+++ b/crypto/dsa/dsa.h
@@ -65,20 +65,59 @@
 #ifndef HEADER_DSA_H
 #define HEADER_DSA_H
 
+#ifdef OPENSSL_NO_DSA
+#error DSA is disabled.
+#endif
+
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include <openssl/ossl_typ.h>
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+
+#define DSA_FLAG_CACHE_MONT_P	0x01
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#include "bn.h"
+typedef struct dsa_st DSA;
 
-#define DSA_FLAG_CACHE_MONT_P	0x01
+typedef struct DSA_SIG_st
+	{
+	BIGNUM *r;
+	BIGNUM *s;
+	} DSA_SIG;
+
+typedef struct dsa_method {
+	const char *name;
+	DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa);
+	int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+								BIGNUM **rp);
+	int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
+							DSA_SIG *sig, DSA *dsa);
+	int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+			BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+			BN_MONT_CTX *in_mont);
+	int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+				const BIGNUM *m, BN_CTX *ctx,
+				BN_MONT_CTX *m_ctx); /* Can be null */
+	int (*init)(DSA *dsa);
+	int (*finish)(DSA *dsa);
+	int flags;
+	char *app_data;
+} DSA_METHOD;
 
-typedef struct dsa_st
+struct dsa_st
 	{
 	/* This first variable is used to pick up errors where
 	 * a DSA is passed instead of of a EVP_PKEY */
 	int pad;
-	int version;
+	long version;
 	int write_params;
 	BIGNUM *p;
 	BIGNUM *q;	/* == 20 */
@@ -93,9 +132,12 @@ typedef struct dsa_st
 	int flags;
 	/* Normally used to cache montgomery values */
 	char *method_mont_p;
-
 	int references;
-	} DSA;
+	CRYPTO_EX_DATA ex_data;
+	const DSA_METHOD *meth;
+	/* functional reference if 'meth' is ENGINE-provided */
+	ENGINE *engine;
+	};
 
 #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \
 		(char *(*)())d2i_DSAparams,(char *)(x))
@@ -108,93 +150,101 @@ typedef struct dsa_st
 #define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio(i2d_DSAparams,(bp), \
 		(unsigned char *)(x))
 
-#ifndef NOPROTO
+
+DSA_SIG * DSA_SIG_new(void);
+void	DSA_SIG_free(DSA_SIG *a);
+int	i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
+DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
+
+DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa);
+int	DSA_do_verify(const unsigned char *dgst,int dgst_len,
+		      DSA_SIG *sig,DSA *dsa);
+
+const DSA_METHOD *DSA_OpenSSL(void);
+
+void	DSA_set_default_method(const DSA_METHOD *);
+const DSA_METHOD *DSA_get_default_method(void);
+int	DSA_set_method(DSA *dsa, const DSA_METHOD *);
 
 DSA *	DSA_new(void);
-int	DSA_size(DSA *);
+DSA *	DSA_new_method(ENGINE *engine);
+void	DSA_free (DSA *r);
+/* "up" the DSA object's reference count */
+int	DSA_up_ref(DSA *r);
+int	DSA_size(const DSA *);
 	/* next 4 return -1 on error */
 int	DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp);
-int	DSA_sign(int type,unsigned char *dgst,int dlen,
+int	DSA_sign(int type,const unsigned char *dgst,int dlen,
 		unsigned char *sig, unsigned int *siglen, DSA *dsa);
-int	DSA_verify(int type,unsigned char *dgst,int dgst_len,
-		unsigned char *sigbuf, int siglen, DSA *dsa);
-void	DSA_free (DSA *r);
-
-void	ERR_load_DSA_strings(void );
-
-DSA *	d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
-DSA *	d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
-DSA * 	d2i_DSAparams(DSA **a, unsigned char **pp, long length);
-DSA *	DSA_generate_parameters(int bits, unsigned char *seed,int seed_len,
+int	DSA_verify(int type,const unsigned char *dgst,int dgst_len,
+		const unsigned char *sigbuf, int siglen, DSA *dsa);
+int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int DSA_set_ex_data(DSA *d, int idx, void *arg);
+void *DSA_get_ex_data(DSA *d, int idx);
+
+DSA *	d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
+DSA *	d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
+DSA * 	d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
+DSA *	DSA_generate_parameters(int bits,
+		unsigned char *seed,int seed_len,
 		int *counter_ret, unsigned long *h_ret,void
-		(*callback)(),char *cb_arg);
+		(*callback)(int, int, void *),void *cb_arg);
 int	DSA_generate_key(DSA *a);
-int	i2d_DSAPublicKey(DSA *a, unsigned char **pp);
-int 	i2d_DSAPrivateKey(DSA *a, unsigned char **pp);
-int	i2d_DSAparams(DSA *a,unsigned char **pp);
+int	i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+int 	i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+int	i2d_DSAparams(const DSA *a,unsigned char **pp);
 
-#ifdef HEADER_BIO_H
-int	DSAparams_print(BIO *bp, DSA *x);
-int	DSA_print(BIO *bp, DSA *x, int off);
+#ifndef OPENSSL_NO_BIO
+int	DSAparams_print(BIO *bp, const DSA *x);
+int	DSA_print(BIO *bp, const DSA *x, int off);
 #endif
-#ifndef NO_FP_API
-int	DSAparams_print_fp(FILE *fp, DSA *x);
-int	DSA_print_fp(FILE *bp, DSA *x, int off);
+#ifndef OPENSSL_NO_FP_API
+int	DSAparams_print_fp(FILE *fp, const DSA *x);
+int	DSA_print_fp(FILE *bp, const DSA *x, int off);
 #endif
 
-int DSA_is_prime(BIGNUM *q,void (*callback)(),char *cb_arg);
-
-#else
-
-DSA *	DSA_new();
-int	DSA_size();
-int	DSA_sign_setup();
-int	DSA_sign();
-int	DSA_verify();
-void	DSA_free ();
-
-void	ERR_load_DSA_strings();
-
-DSA *	d2i_DSAPublicKey();
-DSA *	d2i_DSAPrivateKey();
-DSA * 	d2i_DSAparams();
-DSA *	DSA_generate_parameters();
-int	DSA_generate_key();
-int	i2d_DSAPublicKey();
-int 	i2d_DSAPrivateKey();
-int	i2d_DSAparams();
-
-int	DSA_is_prime();
-
-int	DSAparams_print();
-int	DSA_print();
-
-#ifndef NO_FP_API
-int	DSAparams_print_fp();
-int	DSA_print_fp();
-#endif
+#define DSS_prime_checks 50
+/* Primality test according to FIPS PUB 186[-1], Appendix 2.1:
+ * 50 rounds of Rabin-Miller */
+#define DSA_is_prime(n, callback, cb_arg) \
+	BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
 
+#ifndef OPENSSL_NO_DH
+/* Convert DSA structure (key or just parameters) into DH structure
+ * (be careful to avoid small subgroup attacks when using this!) */
+DH *DSA_dup_DH(const DSA *r);
 #endif
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_DSA_strings(void);
+
 /* Error codes for the DSA functions. */
 
 /* Function codes. */
+#define DSA_F_D2I_DSA_SIG				 110
 #define DSA_F_DSAPARAMS_PRINT				 100
 #define DSA_F_DSAPARAMS_PRINT_FP			 101
-#define DSA_F_DSA_IS_PRIME				 102
-#define DSA_F_DSA_NEW					 103
+#define DSA_F_DSA_DO_SIGN				 112
+#define DSA_F_DSA_DO_VERIFY				 113
+#define DSA_F_DSA_NEW_METHOD				 103
 #define DSA_F_DSA_PRINT					 104
 #define DSA_F_DSA_PRINT_FP				 105
 #define DSA_F_DSA_SIGN					 106
 #define DSA_F_DSA_SIGN_SETUP				 107
+#define DSA_F_DSA_SIG_NEW				 109
 #define DSA_F_DSA_VERIFY				 108
+#define DSA_F_I2D_DSA_SIG				 111
+#define DSA_F_SIG_CB					 114
 
 /* Reason codes. */
 #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 100
- 
+#define DSA_R_MISSING_PARAMETERS			 101
+
 #ifdef  __cplusplus
 }
 #endif
 #endif
-
diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
new file mode 100644
index 0000000000..23fce555aa
--- /dev/null
+++ b/crypto/dsa/dsa_asn1.c
@@ -0,0 +1,140 @@
+/* dsa_asn1.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dsa.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+/* Override the default new methods */
+static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	if(operation == ASN1_OP_NEW_PRE) {
+		DSA_SIG *sig;
+		sig = OPENSSL_malloc(sizeof(DSA_SIG));
+		sig->r = NULL;
+		sig->s = NULL;
+		*pval = (ASN1_VALUE *)sig;
+		if(sig) return 2;
+		DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	return 1;
+}
+
+ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
+	ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
+	ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
+} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)
+
+/* Override the default free and new methods */
+static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	if(operation == ASN1_OP_NEW_PRE) {
+		*pval = (ASN1_VALUE *)DSA_new();
+		if(*pval) return 2;
+		return 0;
+	} else if(operation == ASN1_OP_FREE_PRE) {
+		DSA_free((DSA *)*pval);
+		*pval = NULL;
+		return 2;
+	}
+	return 1;
+}
+
+ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
+	ASN1_SIMPLE(DSA, version, LONG),
+	ASN1_SIMPLE(DSA, p, BIGNUM),
+	ASN1_SIMPLE(DSA, q, BIGNUM),
+	ASN1_SIMPLE(DSA, g, BIGNUM),
+	ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+	ASN1_SIMPLE(DSA, priv_key, BIGNUM)
+} ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey)
+
+ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
+	ASN1_SIMPLE(DSA, p, BIGNUM),
+	ASN1_SIMPLE(DSA, q, BIGNUM),
+	ASN1_SIMPLE(DSA, g, BIGNUM),
+} ASN1_SEQUENCE_END_cb(DSA, DSAparams)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
+
+/* DSA public key is a bit trickier... its effectively a CHOICE type
+ * decided by a field called write_params which can either write out
+ * just the public key as an INTEGER or the parameters and public key
+ * in a SEQUENCE
+ */
+
+ASN1_SEQUENCE(dsa_pub_internal) = {
+	ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+	ASN1_SIMPLE(DSA, p, BIGNUM),
+	ASN1_SIMPLE(DSA, q, BIGNUM),
+	ASN1_SIMPLE(DSA, g, BIGNUM)
+} ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal)
+
+ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
+	ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+	ASN1_EX_COMBINE(0, 0, dsa_pub_internal)
+} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
diff --git a/crypto/dsa/dsa_err.c b/crypto/dsa/dsa_err.c
index 4cb58a8951..79aa4ff526 100644
--- a/crypto/dsa/dsa_err.c
+++ b/crypto/dsa/dsa_err.c
@@ -1,96 +1,105 @@
-/* lib/dsa/dsa_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/dsa/dsa_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "dsa.h"
+#include <openssl/err.h>
+#include <openssl/dsa.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA DSA_str_functs[]=
 	{
+{ERR_PACK(0,DSA_F_D2I_DSA_SIG,0),	"d2i_DSA_SIG"},
 {ERR_PACK(0,DSA_F_DSAPARAMS_PRINT,0),	"DSAparams_print"},
 {ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0),	"DSAparams_print_fp"},
-{ERR_PACK(0,DSA_F_DSA_IS_PRIME,0),	"DSA_is_prime"},
-{ERR_PACK(0,DSA_F_DSA_NEW,0),	"DSA_new"},
+{ERR_PACK(0,DSA_F_DSA_DO_SIGN,0),	"DSA_do_sign"},
+{ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0),	"DSA_do_verify"},
+{ERR_PACK(0,DSA_F_DSA_NEW_METHOD,0),	"DSA_new_method"},
 {ERR_PACK(0,DSA_F_DSA_PRINT,0),	"DSA_print"},
 {ERR_PACK(0,DSA_F_DSA_PRINT_FP,0),	"DSA_print_fp"},
 {ERR_PACK(0,DSA_F_DSA_SIGN,0),	"DSA_sign"},
 {ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0),	"DSA_sign_setup"},
+{ERR_PACK(0,DSA_F_DSA_SIG_NEW,0),	"DSA_SIG_new"},
 {ERR_PACK(0,DSA_F_DSA_VERIFY,0),	"DSA_verify"},
-{0,NULL},
+{ERR_PACK(0,DSA_F_I2D_DSA_SIG,0),	"i2d_DSA_SIG"},
+{ERR_PACK(0,DSA_F_SIG_CB,0),	"SIG_CB"},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA DSA_str_reasons[]=
 	{
 {DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       ,"data too large for key size"},
-{0,NULL},
+{DSA_R_MISSING_PARAMETERS                ,"missing parameters"},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_DSA_strings()
+void ERR_load_DSA_strings(void)
 	{
 	static int init=1;
 
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_DSA,DSA_str_functs);
 		ERR_load_strings(ERR_LIB_DSA,DSA_str_reasons);
 #endif
diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c
index 8202b80292..dc9c249310 100644
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@@ -59,28 +59,32 @@
 #undef GENUINE_DSA
 
 #ifdef GENUINE_DSA
-#define HASH    SHA
+/* Parameter generation follows the original release of FIPS PUB 186,
+ * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
+#define HASH    EVP_sha()
 #else
-#define HASH    SHA1
+/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
+ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
+ * FIPS PUB 180-1) */
+#define HASH    EVP_sha1()
 #endif 
 
+#ifndef OPENSSL_NO_SHA
+
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#include "sha.h"
-#include "bn.h"
-#include "dsa.h"
-#include "rand.h"
-
-DSA *DSA_generate_parameters(bits,seed_in,seed_len,counter_ret,h_ret,callback,
-	cb_arg)
-int bits;
-unsigned char *seed_in;
-int seed_len;
-int *counter_ret;
-unsigned long *h_ret;
-void (*callback)();
-char *cb_arg;
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+
+DSA *DSA_generate_parameters(int bits,
+		unsigned char *seed_in, int seed_len,
+		int *counter_ret, unsigned long *h_ret,
+		void (*callback)(int, int, void *),
+		void *cb_arg)
 	{
 	int ok=0;
 	unsigned char seed[SHA_DIGEST_LENGTH];
@@ -91,47 +95,63 @@ char *cb_arg;
 	BN_MONT_CTX *mont=NULL;
 	int k,n=0,i,b,m=0;
 	int counter=0;
-	BN_CTX *ctx=NULL,*ctx2=NULL;
+	int r=0;
+	BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL;
 	unsigned int h=2;
 	DSA *ret=NULL;
 
 	if (bits < 512) bits=512;
 	bits=(bits+63)/64*64;
 
+	if (seed_len < 20)
+		seed_in = NULL; /* seed buffer too small -- ignore */
+	if (seed_len > 20) 
+		seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
+		                * but our internal buffers are restricted to 160 bits*/
 	if ((seed_in != NULL) && (seed_len == 20))
 		memcpy(seed,seed_in,seed_len);
 
 	if ((ctx=BN_CTX_new()) == NULL) goto err;
 	if ((ctx2=BN_CTX_new()) == NULL) goto err;
+	if ((ctx3=BN_CTX_new()) == NULL) goto err;
 	if ((ret=DSA_new()) == NULL) goto err;
 
 	if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
 
-	r0= &(ctx2->bn[0]);
-	g= &(ctx2->bn[1]);
-	W= &(ctx2->bn[2]);
-	q= &(ctx2->bn[3]);
-	X= &(ctx2->bn[4]);
-	c= &(ctx2->bn[5]);
-	p= &(ctx2->bn[6]);
-	test= &(ctx2->bn[7]);
+	BN_CTX_start(ctx2);
+	r0 = BN_CTX_get(ctx2);
+	g = BN_CTX_get(ctx2);
+	W = BN_CTX_get(ctx2);
+	q = BN_CTX_get(ctx2);
+	X = BN_CTX_get(ctx2);
+	c = BN_CTX_get(ctx2);
+	p = BN_CTX_get(ctx2);
+	test = BN_CTX_get(ctx2);
 
 	BN_lshift(test,BN_value_one(),bits-1);
 
 	for (;;)
 		{
-		for (;;)
+		for (;;) /* find q */
 			{
+			int seed_is_random;
+
 			/* step 1 */
 			if (callback != NULL) callback(0,m++,cb_arg);
 
 			if (!seed_len)
-				RAND_bytes(seed,SHA_DIGEST_LENGTH);
+				{
+				RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH);
+				seed_is_random = 1;
+				}
 			else
-				seed_len=0;
-
+				{
+				seed_is_random = 0;
+				seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
+				}
 			memcpy(buf,seed,SHA_DIGEST_LENGTH);
 			memcpy(buf2,seed,SHA_DIGEST_LENGTH);
+			/* precompute "SEED + 1" for step 7: */
 			for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
 				{
 				buf[i]++;
@@ -139,18 +159,23 @@ char *cb_arg;
 				}
 
 			/* step 2 */
-			HASH(seed,SHA_DIGEST_LENGTH,md);
-			HASH(buf,SHA_DIGEST_LENGTH,buf2);
+			EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
+			EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL);
 			for (i=0; i<SHA_DIGEST_LENGTH; i++)
 				md[i]^=buf2[i];
 
 			/* step 3 */
 			md[0]|=0x80;
 			md[SHA_DIGEST_LENGTH-1]|=0x01;
-			if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) abort();
+			if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
 
 			/* step 4 */
-			if (DSA_is_prime(q,callback,cb_arg) > 0) break;
+			r = BN_is_prime_fasttest(q, DSS_prime_checks, callback, ctx3, cb_arg, seed_is_random);
+			if (r > 0)
+				break;
+			if (r != 0)
+				goto err;
+
 			/* do a callback call */
 			/* step 5 */
 			}
@@ -160,26 +185,33 @@ char *cb_arg;
 
 		/* step 6 */
 		counter=0;
+		/* "offset = 2" */
 
 		n=(bits-1)/160;
 		b=(bits-1)-n*160;
 
 		for (;;)
 			{
+			if (callback != NULL && counter != 0)
+				callback(0,counter,cb_arg);
+
 			/* step 7 */
 			BN_zero(W);
+			/* now 'buf' contains "SEED + offset - 1" */
 			for (k=0; k<=n; k++)
 				{
+				/* obtain "SEED + offset + k" by incrementing: */
 				for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
 					{
 					buf[i]++;
 					if (buf[i] != 0) break;
 					}
 
-				HASH(buf,SHA_DIGEST_LENGTH,md);
+				EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
 
 				/* step 8 */
-				if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) abort();
+				if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
+					goto err;
 				BN_lshift(r0,r0,160*k);
 				BN_add(W,W,r0);
 				}
@@ -199,26 +231,28 @@ char *cb_arg;
 			if (BN_cmp(p,test) >= 0)
 				{
 				/* step 11 */
-				if (DSA_is_prime(p,callback,cb_arg) > 0)
-					goto end;
+				r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1);
+				if (r > 0)
+						goto end; /* found it */
+				if (r != 0)
+					goto err;
 				}
 
 			/* step 13 */
 			counter++;
+			/* "offset = offset + n + 1" */
 
 			/* step 14 */
 			if (counter >= 4096) break;
-
-			if (callback != NULL) callback(0,counter,cb_arg);
 			}
 		}
 end:
 	if (callback != NULL) callback(2,1,cb_arg);
 
-	/* We now need to gernerate g */
+	/* We now need to generate g */
 	/* Set r0=(p-1)/q */
-        BN_sub(test,p,BN_value_one());
-        BN_div(r0,NULL,test,q,ctx);
+	BN_sub(test,p,BN_value_one());
+	BN_div(r0,NULL,test,q,ctx);
 
 	BN_set_word(test,h);
 	BN_MONT_CTX_set(mont,p,ctx);
@@ -250,91 +284,13 @@ err:
 		if (h_ret != NULL) *h_ret=h;
 		}
 	if (ctx != NULL) BN_CTX_free(ctx);
-	if (ctx != NULL) BN_CTX_free(ctx2);
-	if (mont != NULL) BN_MONT_CTX_free(mont);
-	return(ok?ret:NULL);
-	}
-
-int DSA_is_prime(w, callback,cb_arg)
-BIGNUM *w;
-void (*callback)();
-char *cb_arg;
-	{
-	int ok= -1,j,i,n;
-	BN_CTX *ctx=NULL,*ctx2=NULL;
-	BIGNUM *w_1,*b,*m,*z,*tmp,*mont_1;
-	int a;
-	BN_MONT_CTX *mont=NULL;
-
-	if (!BN_is_bit_set(w,0)) return(0);
-
-	if ((ctx=BN_CTX_new()) == NULL) goto err;
-	if ((ctx2=BN_CTX_new()) == NULL) goto err;
-	if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
-
-	m=   &(ctx2->bn[2]);
-	b=   &(ctx2->bn[3]);
-	z=   &(ctx2->bn[4]);
-	w_1= &(ctx2->bn[5]);
-	tmp= &(ctx2->bn[6]);
-	mont_1= &(ctx2->bn[7]);
-
-	/* step 1 */
-	n=50;
-
-	/* step 2 */
-	if (!BN_sub(w_1,w,BN_value_one())) goto err;
-	for (a=1; !BN_is_bit_set(w_1,a); a++)
-		;
-	if (!BN_rshift(m,w_1,a)) goto err;
-
-	BN_MONT_CTX_set(mont,w,ctx);
-	BN_to_montgomery(mont_1,BN_value_one(),mont,ctx);
-	BN_to_montgomery(w_1,w_1,mont,ctx);
-	for (i=1; i < n; i++)
+	if (ctx2 != NULL)
 		{
-		/* step 3 */
-		BN_rand(b,BN_num_bits(w)-2/*-1*/,0,0);
-		/* BN_set_word(b,0x10001L); */
-
-		/* step 4 */
-		j=0;
-		if (!BN_mod_exp_mont(z,b,m,w,ctx,mont)) goto err;
-
-		if (!BN_to_montgomery(z,z,mont,ctx)) goto err;
-
-		/* step 5 */
-		for (;;)
-			{
-			if (((j == 0) && (BN_cmp(z,mont_1) == 0)) ||
-				(BN_cmp(z,w_1) == 0))
-				break;
-
-			/* step 6 */
-			if ((j > 0) && (BN_cmp(z,mont_1) == 0))
-				{
-				ok=0;
-				goto err;
-				}
-
-			j++;
-			if (j >= a)
-				{
-				ok=0;
-				goto err;
-				}
-
-			if (!BN_mod_mul_montgomery(z,z,z,mont,ctx)) goto err;
-			if (callback != NULL) callback(1,j,cb_arg);
-			}
+		BN_CTX_end(ctx2);
+		BN_CTX_free(ctx2);
 		}
-
-	ok=1;
-err:
-	if (ok == -1) DSAerr(DSA_F_DSA_IS_PRIME,ERR_R_BN_LIB);
-	BN_CTX_free(ctx);
-	BN_CTX_free(ctx2);
-	
-	return(ok);
+	if (ctx3 != NULL) BN_CTX_free(ctx3);
+	if (mont != NULL) BN_MONT_CTX_free(mont);
+	return(ok?ret:NULL);
 	}
-
+#endif
diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index d51ed9395f..ef87c3e637 100644
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -56,19 +56,17 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_SHA
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#include "sha.h"
-#include "bn.h"
-#include "dsa.h"
-#include "rand.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
 
-int DSA_generate_key(dsa)
-DSA *dsa;
+int DSA_generate_key(DSA *dsa)
 	{
 	int ok=0;
-	unsigned int i;
 	BN_CTX *ctx=NULL;
 	BIGNUM *pub_key=NULL,*priv_key=NULL;
 
@@ -81,14 +79,9 @@ DSA *dsa;
 	else
 		priv_key=dsa->priv_key;
 
-	i=BN_num_bits(dsa->q);
-	for (;;)
-		{
-		BN_rand(priv_key,i,1,0);
-		if (BN_cmp(priv_key,dsa->q) >= 0)
-			BN_sub(priv_key,priv_key,dsa->q);
-		if (!BN_is_zero(priv_key)) break;
-		}
+	do
+		if (!BN_rand_range(priv_key,dsa->q)) goto err;
+	while (BN_is_zero(priv_key));
 
 	if (dsa->pub_key == NULL)
 		{
@@ -109,4 +102,4 @@ err:
 	if (ctx != NULL) BN_CTX_free(ctx);
 	return(ok);
 	}
-
+#endif
diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c
index bfa9ca28d7..579f73f869 100644
--- a/crypto/dsa/dsa_lib.c
+++ b/crypto/dsa/dsa_lib.c
@@ -56,33 +56,95 @@
  * [including the GNU Public Licence.]
  */
 
-/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "dsa.h"
-#include "asn1.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/asn1.h>
+#include <openssl/engine.h>
 
-char *DSA_version="\0DSA part of SSLeay 0.9.1a 06-Jul-1998";
+const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
 
-DSA *DSA_new()
+static const DSA_METHOD *default_DSA_method = NULL;
+
+void DSA_set_default_method(const DSA_METHOD *meth)
+	{
+	default_DSA_method = meth;
+	}
+
+const DSA_METHOD *DSA_get_default_method(void)
+	{
+	if(!default_DSA_method)
+		default_DSA_method = DSA_OpenSSL();
+	return default_DSA_method;
+	}
+
+DSA *DSA_new(void)
+	{
+	return DSA_new_method(NULL);
+	}
+
+int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
+	{
+	/* NB: The caller is specifically setting a method, so it's not up to us
+	 * to deal with which ENGINE it comes from. */
+        const DSA_METHOD *mtmp;
+        mtmp = dsa->meth;
+        if (mtmp->finish) mtmp->finish(dsa);
+	if (dsa->engine)
+		{
+		ENGINE_finish(dsa->engine);
+		dsa->engine = NULL;
+		}
+        dsa->meth = meth;
+        if (meth->init) meth->init(dsa);
+        return 1;
+	}
+
+DSA *DSA_new_method(ENGINE *engine)
 	{
 	DSA *ret;
 
-	ret=(DSA *)Malloc(sizeof(DSA));
+	ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
 	if (ret == NULL)
 		{
-		DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE);
+		DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
 		return(NULL);
 		}
+	ret->meth = DSA_get_default_method();
+	if (engine)
+		{
+		if (!ENGINE_init(engine))
+			{
+			DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+			OPENSSL_free(ret);
+			return NULL;
+			}
+		ret->engine = engine;
+		}
+	else
+		ret->engine = ENGINE_get_default_DSA();
+	if(ret->engine)
+		{
+		ret->meth = ENGINE_get_DSA(ret->engine);
+		if(!ret->meth)
+			{
+			DSAerr(DSA_F_DSA_NEW_METHOD,
+				ERR_R_ENGINE_LIB);
+			ENGINE_finish(ret->engine);
+			OPENSSL_free(ret);
+			return NULL;
+			}
+		}
+
 	ret->pad=0;
 	ret->version=0;
 	ret->write_params=1;
 	ret->p=NULL;
 	ret->q=NULL;
 	ret->g=NULL;
-	ret->flags=DSA_FLAG_CACHE_MONT_P;
 
 	ret->pub_key=NULL;
 	ret->priv_key=NULL;
@@ -92,11 +154,21 @@ DSA *DSA_new()
 	ret->method_mont_p=NULL;
 
 	ret->references=1;
+	ret->flags=ret->meth->flags;
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
+	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+		{
+		if (ret->engine)
+			ENGINE_finish(ret->engine);
+		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
+		OPENSSL_free(ret);
+		ret=NULL;
+		}
+	
 	return(ret);
 	}
 
-void DSA_free(r)
-DSA *r;
+void DSA_free(DSA *r)
 	{
 	int i;
 
@@ -115,6 +187,13 @@ DSA *r;
 		}
 #endif
 
+	if(r->meth->finish)
+		r->meth->finish(r);
+	if(r->engine)
+		ENGINE_finish(r->engine);
+
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
+
 	if (r->p != NULL) BN_clear_free(r->p);
 	if (r->q != NULL) BN_clear_free(r->q);
 	if (r->g != NULL) BN_clear_free(r->g);
@@ -122,17 +201,33 @@ DSA *r;
 	if (r->priv_key != NULL) BN_clear_free(r->priv_key);
 	if (r->kinv != NULL) BN_clear_free(r->kinv);
 	if (r->r != NULL) BN_clear_free(r->r);
-	if (r->method_mont_p != NULL)
-		BN_MONT_CTX_free((BN_MONT_CTX *)r->method_mont_p);
-	Free(r);
+	OPENSSL_free(r);
+	}
+
+int DSA_up_ref(DSA *r)
+	{
+	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
+#ifdef REF_PRINT
+	REF_PRINT("DSA",r);
+#endif
+#ifdef REF_CHECK
+	if (i < 2)
+		{
+		fprintf(stderr, "DSA_up_ref, bad reference count\n");
+		abort();
+		}
+#endif
+	return ((i > 1) ? 1 : 0);
 	}
 
-int DSA_size(r)
-DSA *r;
+int DSA_size(const DSA *r)
 	{
 	int ret,i;
 	ASN1_INTEGER bs;
-	unsigned char buf[4];
+	unsigned char buf[4];	/* 4 bytes looks really small.
+				   However, i2d_ASN1_INTEGER() will not look
+				   beyond the first byte, as long as the second
+				   parameter is NULL. */
 
 	i=BN_num_bits(r->q);
 	bs.length=(i+7)/8;
@@ -147,3 +242,57 @@ DSA *r;
 	return(ret);
 	}
 
+int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
+				new_func, dup_func, free_func);
+        }
+
+int DSA_set_ex_data(DSA *d, int idx, void *arg)
+	{
+	return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
+	}
+
+void *DSA_get_ex_data(DSA *d, int idx)
+	{
+	return(CRYPTO_get_ex_data(&d->ex_data,idx));
+	}
+
+#ifndef OPENSSL_NO_DH
+DH *DSA_dup_DH(const DSA *r)
+	{
+	/* DSA has p, q, g, optional pub_key, optional priv_key.
+	 * DH has p, optional length, g, optional pub_key, optional priv_key.
+	 */ 
+
+	DH *ret = NULL;
+
+	if (r == NULL)
+		goto err;
+	ret = DH_new();
+	if (ret == NULL)
+		goto err;
+	if (r->p != NULL) 
+		if ((ret->p = BN_dup(r->p)) == NULL)
+			goto err;
+	if (r->q != NULL)
+		ret->length = BN_num_bits(r->q);
+	if (r->g != NULL)
+		if ((ret->g = BN_dup(r->g)) == NULL)
+			goto err;
+	if (r->pub_key != NULL)
+		if ((ret->pub_key = BN_dup(r->pub_key)) == NULL)
+			goto err;
+	if (r->priv_key != NULL)
+		if ((ret->priv_key = BN_dup(r->priv_key)) == NULL)
+			goto err;
+
+	return ret;
+
+ err:
+	if (ret != NULL)
+		DH_free(ret);
+	return NULL;
+	}
+#endif
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
new file mode 100644
index 0000000000..fc35dfe1f6
--- /dev/null
+++ b/crypto/dsa/dsa_ossl.c
@@ -0,0 +1,346 @@
+/* crypto/dsa/dsa_ossl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/asn1.h>
+#include <openssl/engine.h>
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
+static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+		  DSA *dsa);
+static int dsa_init(DSA *dsa);
+static int dsa_finish(DSA *dsa);
+static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+		BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *in_mont);
+static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+				const BIGNUM *m, BN_CTX *ctx,
+				BN_MONT_CTX *m_ctx);
+
+static DSA_METHOD openssl_dsa_meth = {
+"OpenSSL DSA method",
+dsa_do_sign,
+dsa_sign_setup,
+dsa_do_verify,
+dsa_mod_exp,
+dsa_bn_mod_exp,
+dsa_init,
+dsa_finish,
+0,
+NULL
+};
+
+const DSA_METHOD *DSA_OpenSSL(void)
+{
+	return &openssl_dsa_meth;
+}
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+	{
+	BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
+	BIGNUM m;
+	BIGNUM xr;
+	BN_CTX *ctx=NULL;
+	int i,reason=ERR_R_BN_LIB;
+	DSA_SIG *ret=NULL;
+
+	if (!dsa->p || !dsa->q || !dsa->g)
+		{
+		reason=DSA_R_MISSING_PARAMETERS;
+		goto err;
+		}
+	BN_init(&m);
+	BN_init(&xr);
+	s=BN_new();
+	if (s == NULL) goto err;
+
+	i=BN_num_bytes(dsa->q); /* should be 20 */
+	if ((dlen > i) || (dlen > 50))
+		{
+		reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
+		goto err;
+		}
+
+	ctx=BN_CTX_new();
+	if (ctx == NULL) goto err;
+
+	if ((dsa->kinv == NULL) || (dsa->r == NULL))
+		{
+		if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
+		}
+	else
+		{
+		kinv=dsa->kinv;
+		dsa->kinv=NULL;
+		r=dsa->r;
+		dsa->r=NULL;
+		}
+
+	if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
+
+	/* Compute  s = inv(k) (m + xr) mod q */
+	if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
+	if (!BN_add(s, &xr, &m)) goto err;		/* s = m + xr */
+	if (BN_cmp(s,dsa->q) > 0)
+		BN_sub(s,s,dsa->q);
+	if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
+
+	ret=DSA_SIG_new();
+	if (ret == NULL) goto err;
+	ret->r = r;
+	ret->s = s;
+	
+err:
+	if (!ret)
+		{
+		DSAerr(DSA_F_DSA_DO_SIGN,reason);
+		BN_free(r);
+		BN_free(s);
+		}
+	if (ctx != NULL) BN_CTX_free(ctx);
+	BN_clear_free(&m);
+	BN_clear_free(&xr);
+	if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
+	    BN_clear_free(kinv);
+	return(ret);
+	}
+
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+	{
+	BN_CTX *ctx;
+	BIGNUM k,*kinv=NULL,*r=NULL;
+	int ret=0;
+
+	if (!dsa->p || !dsa->q || !dsa->g)
+		{
+		DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
+		return 0;
+		}
+	if (ctx_in == NULL)
+		{
+		if ((ctx=BN_CTX_new()) == NULL) goto err;
+		}
+	else
+		ctx=ctx_in;
+
+	BN_init(&k);
+	if ((r=BN_new()) == NULL) goto err;
+	kinv=NULL;
+
+	/* Get random k */
+	do
+		if (!BN_rand_range(&k, dsa->q)) goto err;
+	while (BN_is_zero(&k));
+
+	if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+		{
+		if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
+				dsa->p,ctx)) goto err;
+		}
+
+	/* Compute r = (g^k mod p) mod q */
+	if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
+		(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
+	if (!BN_mod(r,r,dsa->q,ctx)) goto err;
+
+	/* Compute  part of 's = inv(k) (m + xr) mod q' */
+	if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
+
+	if (*kinvp != NULL) BN_clear_free(*kinvp);
+	*kinvp=kinv;
+	kinv=NULL;
+	if (*rp != NULL) BN_clear_free(*rp);
+	*rp=r;
+	ret=1;
+err:
+	if (!ret)
+		{
+		DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
+		if (kinv != NULL) BN_clear_free(kinv);
+		if (r != NULL) BN_clear_free(r);
+		}
+	if (ctx_in == NULL) BN_CTX_free(ctx);
+	if (kinv != NULL) BN_clear_free(kinv);
+	BN_clear_free(&k);
+	return(ret);
+	}
+
+static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+		  DSA *dsa)
+	{
+	BN_CTX *ctx;
+	BIGNUM u1,u2,t1;
+	BN_MONT_CTX *mont=NULL;
+	int ret = -1;
+	if (!dsa->p || !dsa->q || !dsa->g)
+		{
+		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
+		return -1;
+		}
+
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
+	BN_init(&u1);
+	BN_init(&u2);
+	BN_init(&t1);
+
+	if (BN_is_zero(sig->r) || BN_get_sign(sig->r) ||
+	    BN_ucmp(sig->r, dsa->q) >= 0)
+		{
+		ret = 0;
+		goto err;
+		}
+	if (BN_is_zero(sig->s) || BN_get_sign(sig->s) ||
+	    BN_ucmp(sig->s, dsa->q) >= 0)
+		{
+		ret = 0;
+		goto err;
+		}
+
+	/* Calculate W = inv(S) mod Q
+	 * save W in u2 */
+	if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
+
+	/* save M in u1 */
+	if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
+
+	/* u1 = M * w mod q */
+	if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
+
+	/* u2 = r * w mod q */
+	if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
+
+	if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
+		{
+		if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
+				dsa->p,ctx)) goto err;
+		}
+	mont=(BN_MONT_CTX *)dsa->method_mont_p;
+
+#if 0
+	{
+	BIGNUM t2;
+
+	BN_init(&t2);
+	/* v = ( g^u1 * y^u2 mod p ) mod q */
+	/* let t1 = g ^ u1 mod p */
+	if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err;
+	/* let t2 = y ^ u2 mod p */
+	if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err;
+	/* let u1 = t1 * t2 mod p */
+	if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
+	BN_free(&t2);
+	}
+	/* let u1 = u1 mod q */
+	if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err;
+#else
+	{
+	if (!dsa->meth->dsa_mod_exp(dsa, &t1,dsa->g,&u1,dsa->pub_key,&u2,
+						dsa->p,ctx,mont)) goto err;
+	/* BN_copy(&u1,&t1); */
+	/* let u1 = u1 mod q */
+	if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
+	}
+#endif
+	/* V is now in u1.  If the signature is correct, it will be
+	 * equal to R. */
+	ret=(BN_ucmp(&u1, sig->r) == 0);
+
+	err:
+	if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
+	if (ctx != NULL) BN_CTX_free(ctx);
+	BN_free(&u1);
+	BN_free(&u2);
+	BN_free(&t1);
+	return(ret);
+	}
+
+static int dsa_init(DSA *dsa)
+{
+	dsa->flags|=DSA_FLAG_CACHE_MONT_P;
+	return(1);
+}
+
+static int dsa_finish(DSA *dsa)
+{
+	if(dsa->method_mont_p)
+		BN_MONT_CTX_free((BN_MONT_CTX *)dsa->method_mont_p);
+	return(1);
+}
+
+static int dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+		BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *in_mont)
+{
+	return BN_mod_exp2_mont(rr, a1, p1, a2, p2, m, ctx, in_mont);
+}
+	
+static int dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+				const BIGNUM *m, BN_CTX *ctx,
+				BN_MONT_CTX *m_ctx)
+{
+	return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
+}
diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c
index c4df4e5b75..e9469ca62f 100644
--- a/crypto/dsa/dsa_sign.c
+++ b/crypto/dsa/dsa_sign.c
@@ -56,165 +56,38 @@
  * [including the GNU Public Licence.]
  */
 
-/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "dsa.h"
-#include "rand.h"
-#include "asn1.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/asn1.h>
+#include <openssl/engine.h>
 
-/* data has already been hashed (probably with SHA or SHA-1). */
-/*	DSAerr(DSA_F_DSA_SIGN,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); */
-
-int DSA_sign(type,dgst,dlen,sig,siglen,dsa)
-int type;
-unsigned char *dgst;
-int dlen;
-unsigned char *sig;	/* out */
-unsigned int *siglen;	/* out */
-DSA *dsa;
+DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 	{
-	BIGNUM *kinv=NULL,*r=NULL;
-	BIGNUM m;
-	BIGNUM xr,s;
-	BN_CTX *ctx=NULL;
-	unsigned char *p;
-	int i,len=0,ret=0,reason=ERR_R_BN_LIB;
-        ASN1_INTEGER rbs,sbs;
-	MS_STATIC unsigned char rbuf[50]; /* assuming r is 20 bytes +extra */
-	MS_STATIC unsigned char sbuf[50]; /* assuming s is 20 bytes +extra */
-
-	BN_init(&m);
-	BN_init(&xr);
-	BN_init(&s);
-
-	i=BN_num_bytes(dsa->q); /* should be 20 */
-	if ((dlen > i) || (dlen > 50))
-		{
-		reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
-		goto err;
-		}
-
-	ctx=BN_CTX_new();
-	if (ctx == NULL) goto err;
-
-	if ((dsa->kinv == NULL) || (dsa->r == NULL))
-		{
-		if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
-		}
-	else
-		{
-		kinv=dsa->kinv;
-		dsa->kinv=NULL;
-		r=dsa->r;
-		dsa->r=NULL;
-		}
-
-	if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
-
-	/* Compute  s = inv(k) (m + xr) mod q */
-	if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
-	if (!BN_add(&s, &xr, &m)) goto err;		/* s = m + xr */
-	if (BN_cmp(&s,dsa->q) > 0)
-		BN_sub(&s,&s,dsa->q);
-	if (!BN_mod_mul(&s,&s,kinv,dsa->q,ctx)) goto err;
-
-	/*
-	 * Now create a ASN.1 sequence of the integers R and S.
-	 */
-	rbs.data=rbuf;
-	sbs.data=sbuf;
-	rbs.type = V_ASN1_INTEGER;
-	sbs.type = V_ASN1_INTEGER;
-	rbs.length=BN_bn2bin(r,rbs.data);
-	sbs.length=BN_bn2bin(&s,sbs.data);
-
-	len =i2d_ASN1_INTEGER(&rbs,NULL);
-	len+=i2d_ASN1_INTEGER(&sbs,NULL);
-
-	p=sig;
-	ASN1_put_object(&p,1,len,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-	i2d_ASN1_INTEGER(&rbs,&p);
-	i2d_ASN1_INTEGER(&sbs,&p);
-	*siglen=(p-sig);
-	ret=1;
-err:
-	if (!ret) DSAerr(DSA_F_DSA_SIGN,reason);
-		
-#if 1 /* do the right thing :-) */
-	if (kinv != NULL) BN_clear_free(kinv);
-	if (r != NULL) BN_clear_free(r);
-#endif
-	if (ctx != NULL) BN_CTX_free(ctx);
-	BN_clear_free(&m);
-	BN_clear_free(&xr);
-	BN_clear_free(&s);
-	return(ret);
+	return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
 	}
 
-int DSA_sign_setup(dsa,ctx_in,kinvp,rp)
-DSA *dsa;
-BN_CTX *ctx_in;
-BIGNUM **kinvp;
-BIGNUM **rp;
+int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
+	     unsigned int *siglen, DSA *dsa)
 	{
-	BN_CTX *ctx;
-	BIGNUM k,*kinv=NULL,*r=NULL;
-	int ret=0;
-
-	if (ctx_in == NULL)
-		{
-		if ((ctx=BN_CTX_new()) == NULL) goto err;
-		}
-	else
-		ctx=ctx_in;
-
-	BN_init(&k);
-	if ((r=BN_new()) == NULL) goto err;
-	kinv=NULL;
-
-	/* Get random k */
-	for (;;)
+	DSA_SIG *s;
+	s=DSA_do_sign(dgst,dlen,dsa);
+	if (s == NULL)
 		{
-		if (!BN_rand(&k, BN_num_bits(dsa->q), 1, 0)) goto err;
-		if (BN_cmp(&k,dsa->q) >= 0)
-			BN_sub(&k,&k,dsa->q);
-		if (!BN_is_zero(&k)) break;
+		*siglen=0;
+		return(0);
 		}
+	*siglen=i2d_DSA_SIG(s,&sig);
+	DSA_SIG_free(s);
+	return(1);
+	}
 
-	if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
-		{
-		if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
-			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
-				dsa->p,ctx)) goto err;
-		}
-
-	/* Compute r = (g^k mod p) mod q */
-	if (!BN_mod_exp_mont(r,dsa->g,&k,dsa->p,ctx,
-		(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
-	if (!BN_mod(r,r,dsa->q,ctx)) goto err;
-
-	/* Compute  part of 's = inv(k) (m + xr) mod q' */
-	if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
-
-	if (*kinvp != NULL) BN_clear_free(*kinvp);
-	*kinvp=kinv;
-	kinv=NULL;
-	if (*rp != NULL) BN_clear_free(*rp);
-	*rp=r;
-	ret=1;
-err:
-	if (!ret)
-		{
-		DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
-		if (kinv != NULL) BN_clear_free(kinv);
-		if (r != NULL) BN_clear_free(r);
-		}
-	if (ctx_in == NULL) BN_CTX_free(ctx);
-	if (kinv != NULL) BN_clear_free(kinv);
-	BN_clear_free(&k);
-	return(ret);
+int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+	{
+	return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
 	}
 
diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c
index 71cefbeaa4..066c6b5b28 100644
--- a/crypto/dsa/dsa_vrf.c
+++ b/crypto/dsa/dsa_vrf.c
@@ -56,120 +56,40 @@
  * [including the GNU Public Licence.]
  */
 
-/* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
+/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "dsa.h"
-#include "rand.h"
-#include "asn1.h"
-#include "asn1_mac.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/rand.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/engine.h>
+
+int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+		  DSA *dsa)
+	{
+	return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+	}
 
 /* data has already been hashed (probably with SHA or SHA-1). */
 /* returns
- *	 1: correct signature
- *	 0: incorrect signature
- *	-1: error
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
  */
-int DSA_verify(type,dgst,dgst_len,sigbuf,siglen, dsa)
-int type;
-unsigned char *dgst;
-int dgst_len;
-unsigned char *sigbuf;
-int siglen;
-DSA *dsa;
-	{
-	/* The next 3 are used by the M_ASN1 macros */
-	long length=siglen;
-	ASN1_CTX c;
-	unsigned char **pp= &sigbuf;
-	BN_CTX *ctx;
-	BIGNUM r,u1,u2,t1;
-	ASN1_INTEGER *bs=NULL;
-	BN_MONT_CTX *mont=NULL;
-	int ret = -1;
-
-	if ((ctx=BN_CTX_new()) == NULL) goto err;
-	if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
-
-	BN_init(&u1);
-	BN_init(&u2);
-	BN_init(&r);
-	BN_init(&t1);
-
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-        if ((BN_bin2bn(bs->data,bs->length,&r)) == NULL) goto err_bn;
-        M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER);
-        if ((BN_bin2bn(bs->data,bs->length,&u1)) == NULL) goto err_bn;
-	if (!asn1_Finish(&c)) goto err;
-
-	/* Calculate W = inv(S) mod Q
-	 * save W in u2 */
-	if ((BN_mod_inverse(&u2,&u1,dsa->q,ctx)) == NULL) goto err_bn;
-
-	/* save M in u1 */
-	if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err_bn;
-
-	/* u1 = M * w mod q */
-	if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err_bn;
-
-	/* u2 = r * w mod q */
-	if (!BN_mod_mul(&u2,&r,&u2,dsa->q,ctx)) goto err_bn;
-
-	if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
-		{
-		if ((dsa->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
-			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mont_p,
-				dsa->p,ctx)) goto err;
-		}
-	mont=(BN_MONT_CTX *)dsa->method_mont_p;
-
-#if 0
+int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+	     const unsigned char *sigbuf, int siglen, DSA *dsa)
 	{
-	BIGNUM t2;
+	DSA_SIG *s;
+	int ret=-1;
 
-	BN_init(&t2);
-	/* v = ( g^u1 * y^u2 mod p ) mod q */
-	/* let t1 = g ^ u1 mod p */
-	if (!BN_mod_exp_mont(&t1,dsa->g,&u1,dsa->p,ctx,mont)) goto err_bn;
-	/* let t2 = y ^ u2 mod p */
-	if (!BN_mod_exp_mont(&t2,dsa->pub_key,&u2,dsa->p,ctx,mont)) goto err_bn;
-	/* let u1 = t1 * t2 mod p */
-	if (!BN_mod_mul(&u1,&t1,&t2,dsa->p,ctx)) goto err_bn;
-	BN_free(&t2);
-	}
-	/* let u1 = u1 mod q */
-	if (!BN_mod(&u1,&u1,dsa->q,ctx)) goto err_bn;
-#else
-	{
-	if (!BN_mod_exp2_mont(&t1,dsa->g,&u1,dsa->pub_key,&u2,dsa->p,ctx,mont))
-		goto err_bn;
-	/* BN_copy(&u1,&t1); */
-	/* let u1 = u1 mod q */
-	if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err_bn;
-	}
-#endif
-	/* V is now in u1.  If the signature is correct, it will be
-	 * equal to R. */
-	ret=(BN_ucmp(&u1, &r) == 0);
-	if (0)
-		{
-err: /* ASN1 error */
-		DSAerr(DSA_F_DSA_VERIFY,c.error);
-		}
-	if (0)
-		{
-err_bn: /* BN error */
-		DSAerr(DSA_F_DSA_VERIFY,ERR_R_BN_LIB);
-		}
-	if (ctx != NULL) BN_CTX_free(ctx);
-	BN_free(&r);
-	BN_free(&u1);
-	BN_free(&u2);
-	BN_free(&t1);
-	if (bs != NULL) ASN1_BIT_STRING_free(bs);
+	s = DSA_SIG_new();
+	if (s == NULL) return(ret);
+	if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
+	ret=DSA_do_verify(dgst,dgst_len,s,dsa);
+err:
+	DSA_SIG_free(s);
 	return(ret);
 	}
diff --git a/crypto/dsa/dsagen.c b/crypto/dsa/dsagen.c
index 20335de250..a0b0976640 100644
--- a/crypto/dsa/dsagen.c
+++ b/crypto/dsa/dsagen.c
@@ -57,7 +57,7 @@
  */
 
 #include <stdio.h>
-#include "dsa.h"
+#include <openssl/dsa.h>
 
 #define TEST
 #define GENUINE_DSA
@@ -77,8 +77,7 @@ unsigned char seed[20]={
 	0xe0,0x42,0x7d,LAST_VALUE};
 #endif
 
-int cb(p,n)
-int p,n;
+int cb(int p, int n)
 	{
 	char c='*';
 
diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c
index 39bb712c4a..1ab90cfd7e 100644
--- a/crypto/dsa/dsatest.c
+++ b/crypto/dsa/dsatest.c
@@ -61,27 +61,37 @@
 #include <string.h>
 #include <sys/types.h>
 #include <sys/stat.h>
-#include "crypto.h"
-#include "rand.h"
-#include "bio.h"
-#include "err.h"
-#include "dsa.h"
-#ifdef WINDOWS
+
+#include "../e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/engine.h>
+#ifdef OPENSSL_SYS_WINDOWS
 #include "../bio/bss_file.c"
 #endif
 
-#ifdef WIN16
+#ifdef OPENSSL_NO_DSA
+int main(int argc, char *argv[])
+{
+    printf("No DSA support\n");
+    return(0);
+}
+#else
+#include <openssl/dsa.h>
+
+#ifdef OPENSSL_SYS_WIN16
 #define MS_CALLBACK     _far _loadds
 #else
 #define MS_CALLBACK
 #endif
 
-#ifndef NOPROTO
-static void MS_CALLBACK dsa_cb(int p, int n, char *arg);
-#else
-static void MS_CALLBACK dsa_cb();
-#endif
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg);
 
+/* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to
+ * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */
 static unsigned char seed[20]={
 	0xd5,0x01,0x4e,0x4b,0x60,0xef,0x2b,0xa8,0xb6,0x21,0x1b,0x40,
 	0x62,0xba,0x32,0x24,0xe0,0x42,0x7d,0xd3,
@@ -115,24 +125,34 @@ static unsigned char out_g[]={
 	0xc5,0x72,0xaf,0x53,0xe6,0xd7,0x88,0x02,
 	};
 
+static const unsigned char str1[]="12345678901234567890";
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
 static BIO *bio_err=NULL;
 
-int main(argc, argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	DSA *dsa=NULL;
 	int counter,ret=0,i,j;
 	unsigned char buf[256];
 	unsigned long h;
+	unsigned char sig[256];
+	unsigned int siglen;
 
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
+	CRYPTO_malloc_debug_init();
+	CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+	ERR_load_crypto_strings();
+	RAND_seed(rnd_seed, sizeof rnd_seed);
+
 	BIO_printf(bio_err,"test generation of DSA parameters\n");
-	BIO_printf(bio_err,"expect '.*' followed by 5 lines of '.'s and '+'s\n");
-	dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,
-		(char *)bio_err);
+
+	dsa=DSA_generate_parameters(512,seed,20,&counter,&h,dsa_cb,bio_err);
 
 	BIO_printf(bio_err,"seed\n");
 	for (i=0; i<20; i+=4)
@@ -178,21 +198,34 @@ char **argv;
 		BIO_printf(bio_err,"g value is wrong\n");
 		goto end;
 		}
-
-	ret=1;
+	DSA_generate_key(dsa);
+	DSA_sign(0, str1, 20, sig, &siglen, dsa);
+	if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
+		ret=1;
 end:
 	if (!ret)
 		ERR_print_errors(bio_err);
-	if (bio_err != NULL) BIO_free(bio_err);
 	if (dsa != NULL) DSA_free(dsa);
-	exit(!ret);
+	CRYPTO_cleanup_all_ex_data();
+	ERR_remove_state(0);
+	ERR_free_strings();
+	CRYPTO_mem_leaks(bio_err);
+	if (bio_err != NULL)
+		{
+		BIO_free(bio_err);
+		bio_err = NULL;
+		}
+	EXIT(!ret);
 	return(0);
 	}
 
-static void MS_CALLBACK dsa_cb(p, n, arg)
-int p;
-int n;
-char *arg;
+static int cb_exit(int ec)
+	{
+	EXIT(ec);
+	return(0);		/* To keep some compilers quiet */
+	}
+
+static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
 	{
 	char c='*';
 	static int ok=0,num=0;
@@ -201,14 +234,13 @@ char *arg;
 	if (p == 1) c='+';
 	if (p == 2) { c='*'; ok++; }
 	if (p == 3) c='\n';
-	BIO_write((BIO *)arg,&c,1);
-	BIO_flush((BIO *)arg);
+	BIO_write(arg,&c,1);
+	(void)BIO_flush(arg);
 
 	if (!ok && (p == 0) && (num > 1))
 		{
 		BIO_printf((BIO *)arg,"error in dsatest\n");
-		exit(1);
+		cb_exit(1);
 		}
 	}
-
-
+#endif
diff --git a/crypto/dsa/f b/crypto/dsa/f
deleted file mode 100644
index 36865a7f5d..0000000000
--- a/crypto/dsa/f
+++ /dev/null
@@ -1,6 +0,0 @@
-	if ((dsa->method_mod_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P))
-		{
-		if ((dsa->method_mod_p=(char *)BN_MONT_CTX_new()) != NULL)
-			if (!BN_MONT_CTX_set((BN_MONT_CTX *)dsa->method_mod_p,
-				dsa->p,ctx)) goto err;
-		}
diff --git a/crypto/dso/.cvsignore b/crypto/dso/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/dso/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/dso/Makefile.ssl b/crypto/dso/Makefile.ssl
new file mode 100644
index 0000000000..3d00363bb6
--- /dev/null
+++ b/crypto/dso/Makefile.ssl
@@ -0,0 +1,142 @@
+#
+# SSLeay/crypto/dso/Makefile
+#
+
+DIR=	dso
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= dso_dl.c dso_dlfcn.c dso_err.c dso_lib.c dso_null.c \
+	dso_openssl.c dso_win32.c dso_vms.c
+LIBOBJ= dso_dl.o dso_dlfcn.o dso_err.o dso_lib.o dso_null.o \
+	dso_openssl.o dso_win32.o dso_vms.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= dso.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB) || echo Never mind.
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+dso_dl.o: ../../e_os.h ../../include/openssl/bio.h
+dso_dl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_dl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_dl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_dl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_dl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_dl.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_dl.c
+dso_dlfcn.o: ../../e_os.h ../../include/openssl/bio.h
+dso_dlfcn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_dlfcn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_dlfcn.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_dlfcn.o: ../../include/openssl/opensslconf.h
+dso_dlfcn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dso_dlfcn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_dlfcn.o: ../cryptlib.h dso_dlfcn.c
+dso_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+dso_err.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_err.o: ../../include/openssl/symhacks.h dso_err.c
+dso_lib.o: ../../e_os.h ../../include/openssl/bio.h
+dso_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_lib.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_lib.c
+dso_null.o: ../../e_os.h ../../include/openssl/bio.h
+dso_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_null.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_null.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_null.o: ../../include/openssl/opensslconf.h
+dso_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dso_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_null.o: ../cryptlib.h dso_null.c
+dso_openssl.o: ../../e_os.h ../../include/openssl/bio.h
+dso_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_openssl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_openssl.o: ../../include/openssl/opensslconf.h
+dso_openssl.o: ../../include/openssl/opensslv.h
+dso_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_openssl.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_openssl.c
+dso_vms.o: ../../e_os.h ../../include/openssl/bio.h
+dso_vms.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_vms.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_vms.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_vms.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+dso_vms.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+dso_vms.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_vms.c
+dso_win32.o: ../../e_os.h ../../include/openssl/bio.h
+dso_win32.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+dso_win32.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+dso_win32.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+dso_win32.o: ../../include/openssl/opensslconf.h
+dso_win32.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+dso_win32.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dso_win32.o: ../cryptlib.h dso_win32.c
diff --git a/crypto/dso/README b/crypto/dso/README
new file mode 100644
index 0000000000..d0bc9a89fb
--- /dev/null
+++ b/crypto/dso/README
@@ -0,0 +1,22 @@
+NOTES
+-----
+
+I've checked out HPUX (well, version 11 at least) and shl_t is
+a pointer type so it's safe to use in the way it has been in
+dso_dl.c. On the other hand, HPUX11 support dlfcn too and
+according to their man page, prefer developers to move to that.
+I'll leave Richard's changes there as I guess dso_dl is needed
+for HPUX10.20.
+
+There is now a callback scheme in place where filename conversion can
+(a) be turned off altogether through the use of the
+    DSO_FLAG_NO_NAME_TRANSLATION flag,
+(b) be handled by default using the default DSO_METHOD's converter
+(c) overriden per-DSO by setting the override callback
+(d) a mix of (b) and (c) - eg. implement an override callback that;
+    (i) checks if we're win32 (if(strstr(dso->meth->name, "win32")....)
+        and if so, convert "blah" into "blah32.dll" (the default is
+	otherwise to make it "blah.dll").
+    (ii) default to the normal behaviour - we're not on win32, eg.
+         finish with (return dso->meth->dso_name_converter(dso,NULL)).
+
diff --git a/crypto/dso/dso.h b/crypto/dso/dso.h
new file mode 100644
index 0000000000..9a1cdabf39
--- /dev/null
+++ b/crypto/dso/dso.h
@@ -0,0 +1,359 @@
+/* dso.h -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_DSO_H
+#define HEADER_DSO_H
+
+#include <openssl/crypto.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* These values are used as commands to DSO_ctrl() */
+#define DSO_CTRL_GET_FLAGS	1
+#define DSO_CTRL_SET_FLAGS	2
+#define DSO_CTRL_OR_FLAGS	3
+
+/* By default, DSO_load() will translate the provided filename into a form
+ * typical for the platform (more specifically the DSO_METHOD) using the
+ * dso_name_converter function of the method. Eg. win32 will transform "blah"
+ * into "blah.dll", and dlfcn will transform it into "libblah.so". The
+ * behaviour can be overriden by setting the name_converter callback in the DSO
+ * object (using DSO_set_name_converter()). This callback could even utilise
+ * the DSO_METHOD's converter too if it only wants to override behaviour for
+ * one or two possible DSO methods. However, the following flag can be set in a
+ * DSO to prevent *any* native name-translation at all - eg. if the caller has
+ * prompted the user for a path to a driver library so the filename should be
+ * interpreted as-is. */
+#define DSO_FLAG_NO_NAME_TRANSLATION		0x01
+/* An extra flag to give if only the extension should be added as
+ * translation.  This is obviously only of importance on Unix and
+ * other operating systems where the translation also may prefix
+ * the name with something, like 'lib', and ignored everywhere else.
+ * This flag is also ignored if DSO_FLAG_NO_NAME_TRANSLATION is used
+ * at the same time. */
+#define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY	0x02
+
+/* The following flag controls the translation of symbol names to upper
+ * case.  This is currently only being implemented for OpenVMS.
+ */
+#define DSO_FLAG_UPCASE_SYMBOL			0x10
+
+
+typedef void (*DSO_FUNC_TYPE)(void);
+
+typedef struct dso_st DSO;
+
+/* The function prototype used for method functions (or caller-provided
+ * callbacks) that transform filenames. They are passed a DSO structure pointer
+ * (or NULL if they are to be used independantly of a DSO object) and a
+ * filename to transform. They should either return NULL (if there is an error
+ * condition) or a newly allocated string containing the transformed form that
+ * the caller will need to free with OPENSSL_free() when done. */
+typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);
+/* The function prototype used for method functions (or caller-provided
+ * callbacks) that merge two file specifications. They are passed a
+ * DSO structure pointer (or NULL if they are to be used independantly of
+ * a DSO object) and two file specifications to merge. They should
+ * either return NULL (if there is an error condition) or a newly allocated
+ * string containing the result of merging that the caller will need
+ * to free with OPENSSL_free() when done.
+ * Here, merging means that bits and pieces are taken from each of the
+ * file specifications and added together in whatever fashion that is
+ * sensible for the DSO method in question.  The only rule that really
+ * applies is that if the two specification contain pieces of the same
+ * type, the copy from the string string takes priority.  One could see
+ * it as the first specification is the one given by the user and the
+ * second being a bunch of defaults to add on if they're missing in the
+ * first. */
+typedef char* (*DSO_MERGER_FUNC)(DSO *, const char *, const char *);
+
+typedef struct dso_meth_st
+	{
+	const char *name;
+	/* Loads a shared library, NB: new DSO_METHODs must ensure that a
+	 * successful load populates the loaded_filename field, and likewise a
+	 * successful unload OPENSSL_frees and NULLs it out. */
+	int (*dso_load)(DSO *dso);
+	/* Unloads a shared library */
+	int (*dso_unload)(DSO *dso);
+	/* Binds a variable */
+	void *(*dso_bind_var)(DSO *dso, const char *symname);
+	/* Binds a function - assumes a return type of DSO_FUNC_TYPE.
+	 * This should be cast to the real function prototype by the
+	 * caller. Platforms that don't have compatible representations
+	 * for different prototypes (this is possible within ANSI C)
+	 * are highly unlikely to have shared libraries at all, let
+	 * alone a DSO_METHOD implemented for them. */
+	DSO_FUNC_TYPE (*dso_bind_func)(DSO *dso, const char *symname);
+
+/* I don't think this would actually be used in any circumstances. */
+#if 0
+	/* Unbinds a variable */
+	int (*dso_unbind_var)(DSO *dso, char *symname, void *symptr);
+	/* Unbinds a function */
+	int (*dso_unbind_func)(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+#endif
+	/* The generic (yuck) "ctrl()" function. NB: Negative return
+	 * values (rather than zero) indicate errors. */
+	long (*dso_ctrl)(DSO *dso, int cmd, long larg, void *parg);
+	/* The default DSO_METHOD-specific function for converting filenames to
+	 * a canonical native form. */
+	DSO_NAME_CONVERTER_FUNC dso_name_converter;
+	/* The default DSO_METHOD-specific function for converting filenames to
+	 * a canonical native form. */
+	DSO_MERGER_FUNC dso_merger;
+
+	/* [De]Initialisation handlers. */
+	int (*init)(DSO *dso);
+	int (*finish)(DSO *dso);
+	} DSO_METHOD;
+
+/**********************************************************************/
+/* The low-level handle type used to refer to a loaded shared library */
+
+struct dso_st
+	{
+	DSO_METHOD *meth;
+	/* Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS
+	 * doesn't use anything but will need to cache the filename
+	 * for use in the dso_bind handler. All in all, let each
+	 * method control its own destiny. "Handles" and such go in
+	 * a STACK. */
+	STACK *meth_data;
+	int references;
+	int flags;
+	/* For use by applications etc ... use this for your bits'n'pieces,
+	 * don't touch meth_data! */
+	CRYPTO_EX_DATA ex_data;
+	/* If this callback function pointer is set to non-NULL, then it will
+	 * be used in DSO_load() in place of meth->dso_name_converter. NB: This
+	 * should normally set using DSO_set_name_converter(). */
+	DSO_NAME_CONVERTER_FUNC name_converter;
+	/* If this callback function pointer is set to non-NULL, then it will
+	 * be used in DSO_load() in place of meth->dso_merger. NB: This
+	 * should normally set using DSO_set_merger(). */
+	DSO_MERGER_FUNC merger;
+	/* This is populated with (a copy of) the platform-independant
+	 * filename used for this DSO. */
+	char *filename;
+	/* This is populated with (a copy of) the translated filename by which
+	 * the DSO was actually loaded. It is NULL iff the DSO is not currently
+	 * loaded. NB: This is here because the filename translation process
+	 * may involve a callback being invoked more than once not only to
+	 * convert to a platform-specific form, but also to try different
+	 * filenames in the process of trying to perform a load. As such, this
+	 * variable can be used to indicate (a) whether this DSO structure
+	 * corresponds to a loaded library or not, and (b) the filename with
+	 * which it was actually loaded. */
+	char *loaded_filename;
+	};
+
+
+DSO *	DSO_new(void);
+DSO *	DSO_new_method(DSO_METHOD *method);
+int	DSO_free(DSO *dso);
+int	DSO_flags(DSO *dso);
+int	DSO_up_ref(DSO *dso);
+long	DSO_ctrl(DSO *dso, int cmd, long larg, void *parg);
+
+/* This function sets the DSO's name_converter callback. If it is non-NULL,
+ * then it will be used instead of the associated DSO_METHOD's function. If
+ * oldcb is non-NULL then it is set to the function pointer value being
+ * replaced. Return value is non-zero for success. */
+int	DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
+				DSO_NAME_CONVERTER_FUNC *oldcb);
+/* These functions can be used to get/set the platform-independant filename
+ * used for a DSO. NB: set will fail if the DSO is already loaded. */
+const char *DSO_get_filename(DSO *dso);
+int	DSO_set_filename(DSO *dso, const char *filename);
+/* This function will invoke the DSO's name_converter callback to translate a
+ * filename, or if the callback isn't set it will instead use the DSO_METHOD's
+ * converter. If "filename" is NULL, the "filename" in the DSO itself will be
+ * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is
+ * simply duplicated. NB: This function is usually called from within a
+ * DSO_METHOD during the processing of a DSO_load() call, and is exposed so that
+ * caller-created DSO_METHODs can do the same thing. A non-NULL return value
+ * will need to be OPENSSL_free()'d. */
+char	*DSO_convert_filename(DSO *dso, const char *filename);
+/* This function will invoke the DSO's merger callback to merge two file
+ * specifications, or if the callback isn't set it will instead use the
+ * DSO_METHOD's merger.  A non-NULL return value will need to be
+ * OPENSSL_free()'d. */
+char	*DSO_merge(DSO *dso, const char *filespec1, const char *filespec2);
+/* If the DSO is currently loaded, this returns the filename that it was loaded
+ * under, otherwise it returns NULL. So it is also useful as a test as to
+ * whether the DSO is currently loaded. NB: This will not necessarily return
+ * the same value as DSO_convert_filename(dso, dso->filename), because the
+ * DSO_METHOD's load function may have tried a variety of filenames (with
+ * and/or without the aid of the converters) before settling on the one it
+ * actually loaded. */
+const char *DSO_get_loaded_filename(DSO *dso);
+
+void	DSO_set_default_method(DSO_METHOD *meth);
+DSO_METHOD *DSO_get_default_method(void);
+DSO_METHOD *DSO_get_method(DSO *dso);
+DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth);
+
+/* The all-singing all-dancing load function, you normally pass NULL
+ * for the first and third parameters. Use DSO_up and DSO_free for
+ * subsequent reference count handling. Any flags passed in will be set
+ * in the constructed DSO after its init() function but before the
+ * load operation. If 'dso' is non-NULL, 'flags' is ignored. */
+DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags);
+
+/* This function binds to a variable inside a shared library. */
+void *DSO_bind_var(DSO *dso, const char *symname);
+
+/* This function binds to a function inside a shared library. */
+DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname);
+
+/* This method is the default, but will beg, borrow, or steal whatever
+ * method should be the default on any particular platform (including
+ * DSO_METH_null() if necessary). */
+DSO_METHOD *DSO_METHOD_openssl(void);
+
+/* This method is defined for all platforms - if a platform has no
+ * DSO support then this will be the only method! */
+DSO_METHOD *DSO_METHOD_null(void);
+
+/* If DSO_DLFCN is defined, the standard dlfcn.h-style functions
+ * (dlopen, dlclose, dlsym, etc) will be used and incorporated into
+ * this method. If not, this method will return NULL. */
+DSO_METHOD *DSO_METHOD_dlfcn(void);
+
+/* If DSO_DL is defined, the standard dl.h-style functions (shl_load, 
+ * shl_unload, shl_findsym, etc) will be used and incorporated into
+ * this method. If not, this method will return NULL. */
+DSO_METHOD *DSO_METHOD_dl(void);
+
+/* If WIN32 is defined, use DLLs. If not, return NULL. */
+DSO_METHOD *DSO_METHOD_win32(void);
+
+/* If VMS is defined, use shared images. If not, return NULL. */
+DSO_METHOD *DSO_METHOD_vms(void);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_DSO_strings(void);
+
+/* Error codes for the DSO functions. */
+
+/* Function codes. */
+#define DSO_F_DLFCN_BIND_FUNC				 100
+#define DSO_F_DLFCN_BIND_VAR				 101
+#define DSO_F_DLFCN_LOAD				 102
+#define DSO_F_DLFCN_MERGER				 130
+#define DSO_F_DLFCN_NAME_CONVERTER			 123
+#define DSO_F_DLFCN_UNLOAD				 103
+#define DSO_F_DL_BIND_FUNC				 104
+#define DSO_F_DL_BIND_VAR				 105
+#define DSO_F_DL_LOAD					 106
+#define DSO_F_DL_MERGER					 131
+#define DSO_F_DL_NAME_CONVERTER				 124
+#define DSO_F_DL_UNLOAD					 107
+#define DSO_F_DSO_BIND_FUNC				 108
+#define DSO_F_DSO_BIND_VAR				 109
+#define DSO_F_DSO_CONVERT_FILENAME			 126
+#define DSO_F_DSO_CTRL					 110
+#define DSO_F_DSO_FREE					 111
+#define DSO_F_DSO_GET_FILENAME				 127
+#define DSO_F_DSO_GET_LOADED_FILENAME			 128
+#define DSO_F_DSO_LOAD					 112
+#define DSO_F_DSO_MERGE					 132
+#define DSO_F_DSO_NEW_METHOD				 113
+#define DSO_F_DSO_SET_FILENAME				 129
+#define DSO_F_DSO_SET_NAME_CONVERTER			 122
+#define DSO_F_DSO_UP_REF				 114
+#define DSO_F_VMS_BIND_VAR				 115
+#define DSO_F_VMS_LOAD					 116
+#define DSO_F_VMS_MERGER				 133
+#define DSO_F_VMS_UNLOAD				 117
+#define DSO_F_WIN32_BIND_FUNC				 118
+#define DSO_F_WIN32_BIND_VAR				 119
+#define DSO_F_WIN32_LOAD				 120
+#define DSO_F_WIN32_MERGER				 134
+#define DSO_F_WIN32_NAME_CONVERTER			 125
+#define DSO_F_WIN32_UNLOAD				 121
+
+/* Reason codes. */
+#define DSO_R_CTRL_FAILED				 100
+#define DSO_R_DSO_ALREADY_LOADED			 110
+#define DSO_R_EMPTY_FILE_STRUCTURE			 113
+#define DSO_R_FAILURE					 114
+#define DSO_R_FILENAME_TOO_BIG				 101
+#define DSO_R_FINISH_FAILED				 102
+#define DSO_R_INCORRECT_FILE_SYNTAX			 115
+#define DSO_R_LOAD_FAILED				 103
+#define DSO_R_NAME_TRANSLATION_FAILED			 109
+#define DSO_R_NO_FILENAME				 111
+#define DSO_R_NO_FILE_SPECIFICATION			 116
+#define DSO_R_NULL_HANDLE				 104
+#define DSO_R_SET_FILENAME_FAILED			 112
+#define DSO_R_STACK_ERROR				 105
+#define DSO_R_SYM_FAILURE				 106
+#define DSO_R_UNLOAD_FAILED				 107
+#define DSO_R_UNSUPPORTED				 108
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c
new file mode 100644
index 0000000000..32a8d41bf7
--- /dev/null
+++ b/crypto/dso/dso_dl.c
@@ -0,0 +1,352 @@
+/* dso_dl.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+#ifndef DSO_DL
+DSO_METHOD *DSO_METHOD_dl(void)
+       {
+       return NULL;
+       }
+#else
+
+#include <dl.h>
+
+/* Part of the hack in "dl_load" ... */
+#define DSO_MAX_TRANSLATED_SIZE 256
+
+static int dl_load(DSO *dso);
+static int dl_unload(DSO *dso);
+static void *dl_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname);
+#if 0
+static int dl_unbind_var(DSO *dso, char *symname, void *symptr);
+static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+static int dl_init(DSO *dso);
+static int dl_finish(DSO *dso);
+static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg);
+#endif
+static char *dl_name_converter(DSO *dso, const char *filename);
+static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2);
+
+static DSO_METHOD dso_meth_dl = {
+	"OpenSSL 'dl' shared library method",
+	dl_load,
+	dl_unload,
+	dl_bind_var,
+	dl_bind_func,
+/* For now, "unbind" doesn't exist */
+#if 0
+	NULL, /* unbind_var */
+	NULL, /* unbind_func */
+#endif
+	NULL, /* ctrl */
+	dl_name_converter,
+	dl_merger,
+	NULL, /* init */
+	NULL  /* finish */
+	};
+
+DSO_METHOD *DSO_METHOD_dl(void)
+	{
+	return(&dso_meth_dl);
+	}
+
+/* For this DSO_METHOD, our meth_data STACK will contain;
+ * (i) the handle (shl_t) returned from shl_load().
+ * NB: I checked on HPUX11 and shl_t is itself a pointer
+ * type so the cast is safe.
+ */
+
+static int dl_load(DSO *dso)
+	{
+	shl_t ptr = NULL;
+	/* We don't do any fancy retries or anything, just take the method's
+	 * (or DSO's if it has the callback set) best translation of the
+	 * platform-independant filename and try once with that. */
+	char *filename= DSO_convert_filename(dso, NULL);
+
+	if(filename == NULL)
+		{
+		DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME);
+		goto err;
+		}
+	ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, NULL);
+	if(ptr == NULL)
+		{
+		DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);
+		ERR_add_error_data(4, "filename(", filename, "): ",
+			strerror(errno));
+		goto err;
+		}
+	if(!sk_push(dso->meth_data, (char *)ptr))
+		{
+		DSOerr(DSO_F_DL_LOAD,DSO_R_STACK_ERROR);
+		goto err;
+		}
+	/* Success, stick the converted filename we've loaded under into the DSO
+	 * (it also serves as the indicator that we are currently loaded). */
+	dso->loaded_filename = filename;
+	return(1);
+err:
+	/* Cleanup! */
+	if(filename != NULL)
+		OPENSSL_free(filename);
+	if(ptr != NULL)
+		shl_unload(ptr);
+	return(0);
+	}
+
+static int dl_unload(DSO *dso)
+	{
+	shl_t ptr;
+	if(dso == NULL)
+		{
+		DSOerr(DSO_F_DL_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
+		return(0);
+		}
+	if(sk_num(dso->meth_data) < 1)
+		return(1);
+	/* Is this statement legal? */
+	ptr = (shl_t)sk_pop(dso->meth_data);
+	if(ptr == NULL)
+		{
+		DSOerr(DSO_F_DL_UNLOAD,DSO_R_NULL_HANDLE);
+		/* Should push the value back onto the stack in
+		 * case of a retry. */
+		sk_push(dso->meth_data, (char *)ptr);
+		return(0);
+		}
+	shl_unload(ptr);
+	return(1);
+	}
+
+static void *dl_bind_var(DSO *dso, const char *symname)
+	{
+	shl_t ptr;
+	void *sym;
+
+	if((dso == NULL) || (symname == NULL))
+		{
+		DSOerr(DSO_F_DL_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
+		return(NULL);
+		}
+	if(sk_num(dso->meth_data) < 1)
+		{
+		DSOerr(DSO_F_DL_BIND_VAR,DSO_R_STACK_ERROR);
+		return(NULL);
+		}
+	ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+	if(ptr == NULL)
+		{
+		DSOerr(DSO_F_DL_BIND_VAR,DSO_R_NULL_HANDLE);
+		return(NULL);
+		}
+	if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
+		{
+		DSOerr(DSO_F_DL_BIND_VAR,DSO_R_SYM_FAILURE);
+		ERR_add_error_data(4, "symname(", symname, "): ",
+			strerror(errno));
+		return(NULL);
+		}
+	return(sym);
+	}
+
+static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
+	{
+	shl_t ptr;
+	void *sym;
+
+	if((dso == NULL) || (symname == NULL))
+		{
+		DSOerr(DSO_F_DL_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
+		return(NULL);
+		}
+	if(sk_num(dso->meth_data) < 1)
+		{
+		DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_STACK_ERROR);
+		return(NULL);
+		}
+	ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+	if(ptr == NULL)
+		{
+		DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_NULL_HANDLE);
+		return(NULL);
+		}
+	if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
+		{
+		DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_SYM_FAILURE);
+		ERR_add_error_data(4, "symname(", symname, "): ",
+			strerror(errno));
+		return(NULL);
+		}
+	return((DSO_FUNC_TYPE)sym);
+	}
+
+static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2)
+	{
+	char *merged;
+
+	if(!filespec1 && !filespec2)
+		{
+		DSOerr(DSO_F_DL_MERGER,
+				ERR_R_PASSED_NULL_PARAMETER);
+		return(NULL);
+		}
+	/* If the first file specification is a rooted path, it rules.
+	   same goes if the second file specification is missing. */
+	if (!filespec2 || filespec1[0] == '/')
+		{
+		merged = OPENSSL_malloc(strlen(filespec1) + 1);
+		if(!merged)
+			{
+			DSOerr(DSO_F_DL_MERGER,
+				ERR_R_MALLOC_FAILURE);
+			return(NULL);
+			}
+		strcpy(merged, filespec1);
+		}
+	/* If the first file specification is missing, the second one rules. */
+	else if (!filespec1)
+		{
+		merged = OPENSSL_malloc(strlen(filespec2) + 1);
+		if(!merged)
+			{
+			DSOerr(DSO_F_DL_MERGER,
+				ERR_R_MALLOC_FAILURE);
+			return(NULL);
+			}
+		strcpy(merged, filespec2);
+		}
+	else
+		/* This part isn't as trivial as it looks.  It assumes that
+		   the second file specification really is a directory, and
+		   makes no checks whatsoever.  Therefore, the result becomes
+		   the concatenation of filespec2 followed by a slash followed
+		   by filespec1. */
+		{
+		int spec2len, len;
+
+		spec2len = (filespec2 ? strlen(filespec2) : 0);
+		len = spec2len + (filespec1 ? strlen(filespec1) : 0);
+
+		if(filespec2 && filespec2[spec2len - 1] == '/')
+			{
+			spec2len--;
+			len--;
+			}
+		merged = OPENSSL_malloc(len + 2);
+		if(!merged)
+			{
+			DSOerr(DSO_F_DL_MERGER,
+				ERR_R_MALLOC_FAILURE);
+			return(NULL);
+			}
+		strcpy(merged, filespec2);
+		merged[spec2len] = '/';
+		strcpy(&merged[spec2len + 1], filespec1);
+		}
+	return(merged);
+	}
+
+/* This function is identical to the one in dso_dlfcn.c, but as it is highly
+ * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at the
+ * same time, there's no great duplicating the code. Figuring out an elegant 
+ * way to share one copy of the code would be more difficult and would not
+ * leave the implementations independant. */
+#if defined(__hpux)
+static const char extension[] = ".sl";
+#else
+static const char extension[] = ".so";
+#endif
+static char *dl_name_converter(DSO *dso, const char *filename)
+	{
+	char *translated;
+	int len, rsize, transform;
+
+	len = strlen(filename);
+	rsize = len + 1;
+	transform = (strstr(filename, "/") == NULL);
+		{
+		/* We will convert this to "%s.s?" or "lib%s.s?" */
+		rsize += strlen(extension);/* The length of ".s?" */
+		if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+			rsize += 3; /* The length of "lib" */
+		}
+	translated = OPENSSL_malloc(rsize);
+	if(translated == NULL)
+		{
+		DSOerr(DSO_F_DL_NAME_CONVERTER,
+				DSO_R_NAME_TRANSLATION_FAILED); 
+		return(NULL);   
+		}
+	if(transform)
+		{
+		if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+			sprintf(translated, "lib%s%s", filename, extension);
+		else
+			sprintf(translated, "%s%s", filename, extension);
+		}
+	else
+		sprintf(translated, "%s", filename);
+	return(translated);
+	}
+
+#endif /* DSO_DL */
diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c
new file mode 100644
index 0000000000..de88b2fd16
--- /dev/null
+++ b/crypto/dso/dso_dlfcn.c
@@ -0,0 +1,359 @@
+/* dso_dlfcn.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+#ifndef DSO_DLFCN
+DSO_METHOD *DSO_METHOD_dlfcn(void)
+	{
+	return NULL;
+	}
+#else
+
+#ifdef HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+/* Part of the hack in "dlfcn_load" ... */
+#define DSO_MAX_TRANSLATED_SIZE 256
+
+static int dlfcn_load(DSO *dso);
+static int dlfcn_unload(DSO *dso);
+static void *dlfcn_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname);
+#if 0
+static int dlfcn_unbind(DSO *dso, char *symname, void *symptr);
+static int dlfcn_init(DSO *dso);
+static int dlfcn_finish(DSO *dso);
+static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg);
+#endif
+static char *dlfcn_name_converter(DSO *dso, const char *filename);
+static char *dlfcn_merger(DSO *dso, const char *filespec1,
+	const char *filespec2);
+
+static DSO_METHOD dso_meth_dlfcn = {
+	"OpenSSL 'dlfcn' shared library method",
+	dlfcn_load,
+	dlfcn_unload,
+	dlfcn_bind_var,
+	dlfcn_bind_func,
+/* For now, "unbind" doesn't exist */
+#if 0
+	NULL, /* unbind_var */
+	NULL, /* unbind_func */
+#endif
+	NULL, /* ctrl */
+	dlfcn_name_converter,
+	dlfcn_merger,
+	NULL, /* init */
+	NULL  /* finish */
+	};
+
+DSO_METHOD *DSO_METHOD_dlfcn(void)
+	{
+	return(&dso_meth_dlfcn);
+	}
+
+/* Prior to using the dlopen() function, we should decide on the flag
+ * we send. There's a few different ways of doing this and it's a
+ * messy venn-diagram to match up which platforms support what. So
+ * as we don't have autoconf yet, I'm implementing a hack that could
+ * be hacked further relatively easily to deal with cases as we find
+ * them. Initially this is to cope with OpenBSD. */
+#if defined(__OpenBSD__) || defined(__NetBSD__)
+#	ifdef DL_LAZY
+#		define DLOPEN_FLAG DL_LAZY
+#	else
+#		ifdef RTLD_NOW
+#			define DLOPEN_FLAG RTLD_NOW
+#		else
+#			define DLOPEN_FLAG 0
+#		endif
+#	endif
+#else
+#	define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
+#endif
+
+/* For this DSO_METHOD, our meth_data STACK will contain;
+ * (i) the handle (void*) returned from dlopen().
+ */
+
+static int dlfcn_load(DSO *dso)
+	{
+	void *ptr = NULL;
+	/* See applicable comments in dso_dl.c */
+	char *filename = DSO_convert_filename(dso, NULL);
+
+	if(filename == NULL)
+		{
+		DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME);
+		goto err;
+		}
+	ptr = dlopen(filename, DLOPEN_FLAG);
+	if(ptr == NULL)
+		{
+		DSOerr(DSO_F_DLFCN_LOAD,DSO_R_LOAD_FAILED);
+		ERR_add_error_data(4, "filename(", filename, "): ", dlerror());
+		goto err;
+		}
+	if(!sk_push(dso->meth_data, (char *)ptr))
+		{
+		DSOerr(DSO_F_DLFCN_LOAD,DSO_R_STACK_ERROR);
+		goto err;
+		}
+	/* Success */
+	dso->loaded_filename = filename;
+	return(1);
+err:
+	/* Cleanup! */
+	if(filename != NULL)
+		OPENSSL_free(filename);
+	if(ptr != NULL)
+		dlclose(ptr);
+	return(0);
+}
+
+static int dlfcn_unload(DSO *dso)
+	{
+	void *ptr;
+	if(dso == NULL)
+		{
+		DSOerr(DSO_F_DLFCN_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
+		return(0);
+		}
+	if(sk_num(dso->meth_data) < 1)
+		return(1);
+	ptr = (void *)sk_pop(dso->meth_data);
+	if(ptr == NULL)
+		{
+		DSOerr(DSO_F_DLFCN_UNLOAD,DSO_R_NULL_HANDLE);
+		/* Should push the value back onto the stack in
+		 * case of a retry. */
+		sk_push(dso->meth_data, (char *)ptr);
+		return(0);
+		}
+	/* For now I'm not aware of any errors associated with dlclose() */
+	dlclose(ptr);
+	return(1);
+	}
+
+static void *dlfcn_bind_var(DSO *dso, const char *symname)
+	{
+	void *ptr, *sym;
+
+	if((dso == NULL) || (symname == NULL))
+		{
+		DSOerr(DSO_F_DLFCN_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
+		return(NULL);
+		}
+	if(sk_num(dso->meth_data) < 1)
+		{
+		DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_STACK_ERROR);
+		return(NULL);
+		}
+	ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+	if(ptr == NULL)
+		{
+		DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_NULL_HANDLE);
+		return(NULL);
+		}
+	sym = dlsym(ptr, symname);
+	if(sym == NULL)
+		{
+		DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_SYM_FAILURE);
+		ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
+		return(NULL);
+		}
+	return(sym);
+	}
+
+static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
+	{
+	void *ptr;
+	DSO_FUNC_TYPE sym;
+
+	if((dso == NULL) || (symname == NULL))
+		{
+		DSOerr(DSO_F_DLFCN_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
+		return(NULL);
+		}
+	if(sk_num(dso->meth_data) < 1)
+		{
+		DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_STACK_ERROR);
+		return(NULL);
+		}
+	ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+	if(ptr == NULL)
+		{
+		DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);
+		return(NULL);
+		}
+	sym = (DSO_FUNC_TYPE)dlsym(ptr, symname);
+	if(sym == NULL)
+		{
+		DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);
+		ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
+		return(NULL);
+		}
+	return(sym);
+	}
+
+static char *dlfcn_merger(DSO *dso, const char *filespec1,
+	const char *filespec2)
+	{
+	char *merged;
+
+	if(!filespec1 && !filespec2)
+		{
+		DSOerr(DSO_F_DLFCN_MERGER,
+				ERR_R_PASSED_NULL_PARAMETER);
+		return(NULL);
+		}
+	/* If the first file specification is a rooted path, it rules.
+	   same goes if the second file specification is missing. */
+	if (!filespec2 || filespec1[0] == '/')
+		{
+		merged = OPENSSL_malloc(strlen(filespec1) + 1);
+		if(!merged)
+			{
+			DSOerr(DSO_F_DLFCN_MERGER,
+				ERR_R_MALLOC_FAILURE);
+			return(NULL);
+			}
+		strcpy(merged, filespec1);
+		}
+	/* If the first file specification is missing, the second one rules. */
+	else if (!filespec1)
+		{
+		merged = OPENSSL_malloc(strlen(filespec2) + 1);
+		if(!merged)
+			{
+			DSOerr(DSO_F_DLFCN_MERGER,
+				ERR_R_MALLOC_FAILURE);
+			return(NULL);
+			}
+		strcpy(merged, filespec2);
+		}
+	else
+		/* This part isn't as trivial as it looks.  It assumes that
+		   the second file specification really is a directory, and
+		   makes no checks whatsoever.  Therefore, the result becomes
+		   the concatenation of filespec2 followed by a slash followed
+		   by filespec1. */
+		{
+		int spec2len, len;
+
+		spec2len = (filespec2 ? strlen(filespec2) : 0);
+		len = spec2len + (filespec1 ? strlen(filespec1) : 0);
+
+		if(filespec2 && filespec2[spec2len - 1] == '/')
+			{
+			spec2len--;
+			len--;
+			}
+		merged = OPENSSL_malloc(len + 2);
+		if(!merged)
+			{
+			DSOerr(DSO_F_DLFCN_MERGER,
+				ERR_R_MALLOC_FAILURE);
+			return(NULL);
+			}
+		strcpy(merged, filespec2);
+		merged[spec2len] = '/';
+		strcpy(&merged[spec2len + 1], filespec1);
+		}
+	return(merged);
+	}
+
+static char *dlfcn_name_converter(DSO *dso, const char *filename)
+	{
+	char *translated;
+	int len, rsize, transform;
+
+	len = strlen(filename);
+	rsize = len + 1;
+	transform = (strstr(filename, "/") == NULL);
+	if(transform)
+		{
+		/* We will convert this to "%s.so" or "lib%s.so" */
+		rsize += 3;	/* The length of ".so" */
+		if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+			rsize += 3; /* The length of "lib" */
+		}
+	translated = OPENSSL_malloc(rsize);
+	if(translated == NULL)
+		{
+		DSOerr(DSO_F_DLFCN_NAME_CONVERTER,
+				DSO_R_NAME_TRANSLATION_FAILED);
+		return(NULL);
+		}
+	if(transform)
+		{
+		if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+			sprintf(translated, "lib%s.so", filename);
+		else
+			sprintf(translated, "%s.so", filename);
+		}
+	else
+		sprintf(translated, "%s", filename);
+	return(translated);
+	}
+
+#endif /* DSO_DLFCN */
diff --git a/crypto/dso/dso_err.c b/crypto/dso/dso_err.c
new file mode 100644
index 0000000000..ac783e2796
--- /dev/null
+++ b/crypto/dso/dso_err.c
@@ -0,0 +1,144 @@
+/* crypto/dso/dso_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/dso.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA DSO_str_functs[]=
+	{
+{ERR_PACK(0,DSO_F_DLFCN_BIND_FUNC,0),	"DLFCN_BIND_FUNC"},
+{ERR_PACK(0,DSO_F_DLFCN_BIND_VAR,0),	"DLFCN_BIND_VAR"},
+{ERR_PACK(0,DSO_F_DLFCN_LOAD,0),	"DLFCN_LOAD"},
+{ERR_PACK(0,DSO_F_DLFCN_MERGER,0),	"DLFCN_MERGER"},
+{ERR_PACK(0,DSO_F_DLFCN_NAME_CONVERTER,0),	"DLFCN_NAME_CONVERTER"},
+{ERR_PACK(0,DSO_F_DLFCN_UNLOAD,0),	"DLFCN_UNLOAD"},
+{ERR_PACK(0,DSO_F_DL_BIND_FUNC,0),	"DL_BIND_FUNC"},
+{ERR_PACK(0,DSO_F_DL_BIND_VAR,0),	"DL_BIND_VAR"},
+{ERR_PACK(0,DSO_F_DL_LOAD,0),	"DL_LOAD"},
+{ERR_PACK(0,DSO_F_DL_MERGER,0),	"DL_MERGER"},
+{ERR_PACK(0,DSO_F_DL_NAME_CONVERTER,0),	"DL_NAME_CONVERTER"},
+{ERR_PACK(0,DSO_F_DL_UNLOAD,0),	"DL_UNLOAD"},
+{ERR_PACK(0,DSO_F_DSO_BIND_FUNC,0),	"DSO_bind_func"},
+{ERR_PACK(0,DSO_F_DSO_BIND_VAR,0),	"DSO_bind_var"},
+{ERR_PACK(0,DSO_F_DSO_CONVERT_FILENAME,0),	"DSO_convert_filename"},
+{ERR_PACK(0,DSO_F_DSO_CTRL,0),	"DSO_ctrl"},
+{ERR_PACK(0,DSO_F_DSO_FREE,0),	"DSO_free"},
+{ERR_PACK(0,DSO_F_DSO_GET_FILENAME,0),	"DSO_get_filename"},
+{ERR_PACK(0,DSO_F_DSO_GET_LOADED_FILENAME,0),	"DSO_get_loaded_filename"},
+{ERR_PACK(0,DSO_F_DSO_LOAD,0),	"DSO_load"},
+{ERR_PACK(0,DSO_F_DSO_MERGE,0),	"DSO_merge"},
+{ERR_PACK(0,DSO_F_DSO_NEW_METHOD,0),	"DSO_new_method"},
+{ERR_PACK(0,DSO_F_DSO_SET_FILENAME,0),	"DSO_set_filename"},
+{ERR_PACK(0,DSO_F_DSO_SET_NAME_CONVERTER,0),	"DSO_set_name_converter"},
+{ERR_PACK(0,DSO_F_DSO_UP_REF,0),	"DSO_up_ref"},
+{ERR_PACK(0,DSO_F_VMS_BIND_VAR,0),	"VMS_BIND_VAR"},
+{ERR_PACK(0,DSO_F_VMS_LOAD,0),	"VMS_LOAD"},
+{ERR_PACK(0,DSO_F_VMS_MERGER,0),	"VMS_MERGER"},
+{ERR_PACK(0,DSO_F_VMS_UNLOAD,0),	"VMS_UNLOAD"},
+{ERR_PACK(0,DSO_F_WIN32_BIND_FUNC,0),	"WIN32_BIND_FUNC"},
+{ERR_PACK(0,DSO_F_WIN32_BIND_VAR,0),	"WIN32_BIND_VAR"},
+{ERR_PACK(0,DSO_F_WIN32_LOAD,0),	"WIN32_LOAD"},
+{ERR_PACK(0,DSO_F_WIN32_MERGER,0),	"WIN32_MERGER"},
+{ERR_PACK(0,DSO_F_WIN32_NAME_CONVERTER,0),	"WIN32_NAME_CONVERTER"},
+{ERR_PACK(0,DSO_F_WIN32_UNLOAD,0),	"WIN32_UNLOAD"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA DSO_str_reasons[]=
+	{
+{DSO_R_CTRL_FAILED                       ,"control command failed"},
+{DSO_R_DSO_ALREADY_LOADED                ,"dso already loaded"},
+{DSO_R_EMPTY_FILE_STRUCTURE              ,"empty file structure"},
+{DSO_R_FAILURE                           ,"failure"},
+{DSO_R_FILENAME_TOO_BIG                  ,"filename too big"},
+{DSO_R_FINISH_FAILED                     ,"cleanup method function failed"},
+{DSO_R_INCORRECT_FILE_SYNTAX             ,"incorrect file syntax"},
+{DSO_R_LOAD_FAILED                       ,"could not load the shared library"},
+{DSO_R_NAME_TRANSLATION_FAILED           ,"name translation failed"},
+{DSO_R_NO_FILENAME                       ,"no filename"},
+{DSO_R_NO_FILE_SPECIFICATION             ,"no file specification"},
+{DSO_R_NULL_HANDLE                       ,"a null shared library handle was used"},
+{DSO_R_SET_FILENAME_FAILED               ,"set filename failed"},
+{DSO_R_STACK_ERROR                       ,"the meth_data stack is corrupt"},
+{DSO_R_SYM_FAILURE                       ,"could not bind to the requested symbol name"},
+{DSO_R_UNLOAD_FAILED                     ,"could not unload the shared library"},
+{DSO_R_UNSUPPORTED                       ,"functionality not supported"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_DSO_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(ERR_LIB_DSO,DSO_str_functs);
+		ERR_load_strings(ERR_LIB_DSO,DSO_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c
new file mode 100644
index 0000000000..1045d1dd19
--- /dev/null
+++ b/crypto/dso/dso_lib.c
@@ -0,0 +1,466 @@
+/* dso_lib.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+static DSO_METHOD *default_DSO_meth = NULL;
+
+DSO *DSO_new(void)
+	{
+	return(DSO_new_method(NULL));
+	}
+
+void DSO_set_default_method(DSO_METHOD *meth)
+	{
+	default_DSO_meth = meth;
+	}
+
+DSO_METHOD *DSO_get_default_method(void)
+	{
+	return(default_DSO_meth);
+	}
+
+DSO_METHOD *DSO_get_method(DSO *dso)
+	{
+	return(dso->meth);
+	}
+
+DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth)
+	{
+	DSO_METHOD *mtmp;
+	mtmp = dso->meth;
+	dso->meth = meth;
+	return(mtmp);
+	}
+
+DSO *DSO_new_method(DSO_METHOD *meth)
+	{
+	DSO *ret;
+
+	if(default_DSO_meth == NULL)
+		/* We default to DSO_METH_openssl() which in turn defaults
+		 * to stealing the "best available" method. Will fallback
+		 * to DSO_METH_null() in the worst case. */
+		default_DSO_meth = DSO_METHOD_openssl();
+	ret = (DSO *)OPENSSL_malloc(sizeof(DSO));
+	if(ret == NULL)
+		{
+		DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+	memset(ret, 0, sizeof(DSO));
+	ret->meth_data = sk_new_null();
+	if(ret->meth_data == NULL)
+		{
+		/* sk_new doesn't generate any errors so we do */
+		DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+		OPENSSL_free(ret);
+		return(NULL);
+		}
+	if(meth == NULL)
+		ret->meth = default_DSO_meth;
+	else
+		ret->meth = meth;
+	ret->references = 1;
+	if((ret->meth->init != NULL) && !ret->meth->init(ret))
+		{
+		OPENSSL_free(ret);
+		ret=NULL;
+		}
+	return(ret);
+	}
+
+int DSO_free(DSO *dso)
+	{
+        int i;
+ 
+	if(dso == NULL)
+		{
+		DSOerr(DSO_F_DSO_FREE,ERR_R_PASSED_NULL_PARAMETER);
+		return(0);
+		}
+ 
+	i=CRYPTO_add(&dso->references,-1,CRYPTO_LOCK_DSO);
+#ifdef REF_PRINT
+	REF_PRINT("DSO",dso);
+#endif
+	if(i > 0) return(1);
+#ifdef REF_CHECK
+	if(i < 0)
+		{
+		fprintf(stderr,"DSO_free, bad reference count\n");
+		abort();
+		}
+#endif
+
+	if((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso))
+		{
+		DSOerr(DSO_F_DSO_FREE,DSO_R_UNLOAD_FAILED);
+		return(0);
+		}
+ 
+	if((dso->meth->finish != NULL) && !dso->meth->finish(dso))
+		{
+		DSOerr(DSO_F_DSO_FREE,DSO_R_FINISH_FAILED);
+		return(0);
+		}
+	
+	sk_free(dso->meth_data);
+	if(dso->filename != NULL)
+		OPENSSL_free(dso->filename);
+	if(dso->loaded_filename != NULL)
+		OPENSSL_free(dso->loaded_filename);
+ 
+	OPENSSL_free(dso);
+	return(1);
+	}
+
+int DSO_flags(DSO *dso)
+	{
+	return((dso == NULL) ? 0 : dso->flags);
+	}
+
+
+int DSO_up_ref(DSO *dso)
+	{
+	if (dso == NULL)
+		{
+		DSOerr(DSO_F_DSO_UP_REF,ERR_R_PASSED_NULL_PARAMETER);
+		return(0);
+		}
+
+	CRYPTO_add(&dso->references,1,CRYPTO_LOCK_DSO);
+	return(1);
+	}
+
+DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags)
+	{
+	DSO *ret;
+	int allocated = 0;
+
+	if(dso == NULL)
+		{
+		ret = DSO_new_method(meth);
+		if(ret == NULL)
+			{
+			DSOerr(DSO_F_DSO_LOAD,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		allocated = 1;
+		/* Pass the provided flags to the new DSO object */
+		if(DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0)
+			{
+			DSOerr(DSO_F_DSO_LOAD,DSO_R_CTRL_FAILED);
+			goto err;
+			}
+		}
+	else
+		ret = dso;
+	/* Don't load if we're currently already loaded */
+	if(ret->filename != NULL)
+		{
+		DSOerr(DSO_F_DSO_LOAD,DSO_R_DSO_ALREADY_LOADED);
+		goto err;
+		}
+	/* filename can only be NULL if we were passed a dso that already has
+	 * one set. */
+	if(filename != NULL)
+		if(!DSO_set_filename(ret, filename))
+			{
+			DSOerr(DSO_F_DSO_LOAD,DSO_R_SET_FILENAME_FAILED);
+			goto err;
+			}
+	filename = ret->filename;
+	if(filename == NULL)
+		{
+		DSOerr(DSO_F_DSO_LOAD,DSO_R_NO_FILENAME);
+		goto err;
+		}
+	if(ret->meth->dso_load == NULL)
+		{
+		DSOerr(DSO_F_DSO_LOAD,DSO_R_UNSUPPORTED);
+		goto err;
+		}
+	if(!ret->meth->dso_load(ret))
+		{
+		DSOerr(DSO_F_DSO_LOAD,DSO_R_LOAD_FAILED);
+		goto err;
+		}
+	/* Load succeeded */
+	return(ret);
+err:
+	if(allocated)
+		DSO_free(ret);
+	return(NULL);
+	}
+
+void *DSO_bind_var(DSO *dso, const char *symname)
+	{
+	void *ret = NULL;
+
+	if((dso == NULL) || (symname == NULL))
+		{
+		DSOerr(DSO_F_DSO_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
+		return(NULL);
+		}
+	if(dso->meth->dso_bind_var == NULL)
+		{
+		DSOerr(DSO_F_DSO_BIND_VAR,DSO_R_UNSUPPORTED);
+		return(NULL);
+		}
+	if((ret = dso->meth->dso_bind_var(dso, symname)) == NULL)
+		{
+		DSOerr(DSO_F_DSO_BIND_VAR,DSO_R_SYM_FAILURE);
+		return(NULL);
+		}
+	/* Success */
+	return(ret);
+	}
+
+DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname)
+	{
+	DSO_FUNC_TYPE ret = NULL;
+
+	if((dso == NULL) || (symname == NULL))
+		{
+		DSOerr(DSO_F_DSO_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
+		return(NULL);
+		}
+	if(dso->meth->dso_bind_func == NULL)
+		{
+		DSOerr(DSO_F_DSO_BIND_FUNC,DSO_R_UNSUPPORTED);
+		return(NULL);
+		}
+	if((ret = dso->meth->dso_bind_func(dso, symname)) == NULL)
+		{
+		DSOerr(DSO_F_DSO_BIND_FUNC,DSO_R_SYM_FAILURE);
+		return(NULL);
+		}
+	/* Success */
+	return(ret);
+	}
+
+/* I don't really like these *_ctrl functions very much to be perfectly
+ * honest. For one thing, I think I have to return a negative value for
+ * any error because possible DSO_ctrl() commands may return values
+ * such as "size"s that can legitimately be zero (making the standard
+ * "if(DSO_cmd(...))" form that works almost everywhere else fail at
+ * odd times. I'd prefer "output" values to be passed by reference and
+ * the return value as success/failure like usual ... but we conform
+ * when we must... :-) */
+long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)
+	{
+	if(dso == NULL)
+		{
+		DSOerr(DSO_F_DSO_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+		return(-1);
+		}
+	/* We should intercept certain generic commands and only pass control
+	 * to the method-specific ctrl() function if it's something we don't
+	 * handle. */
+	switch(cmd)
+		{
+	case DSO_CTRL_GET_FLAGS:
+		return dso->flags;
+	case DSO_CTRL_SET_FLAGS:
+		dso->flags = (int)larg;
+		return(0);
+	case DSO_CTRL_OR_FLAGS:
+		dso->flags |= (int)larg;
+		return(0);
+	default:
+		break;
+		}
+	if((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL))
+		{
+		DSOerr(DSO_F_DSO_CTRL,DSO_R_UNSUPPORTED);
+		return(-1);
+		}
+	return(dso->meth->dso_ctrl(dso,cmd,larg,parg));
+	}
+
+int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
+			DSO_NAME_CONVERTER_FUNC *oldcb)
+	{
+	if(dso == NULL)
+		{
+		DSOerr(DSO_F_DSO_SET_NAME_CONVERTER,
+				ERR_R_PASSED_NULL_PARAMETER);
+		return(0);
+		}
+	if(oldcb)
+		*oldcb = dso->name_converter;
+	dso->name_converter = cb;
+	return(1);
+	}
+
+const char *DSO_get_filename(DSO *dso)
+	{
+	if(dso == NULL)
+		{
+		DSOerr(DSO_F_DSO_GET_FILENAME,ERR_R_PASSED_NULL_PARAMETER);
+		return(NULL);
+		}
+	return(dso->filename);
+	}
+
+int DSO_set_filename(DSO *dso, const char *filename)
+	{
+	char *copied;
+
+	if((dso == NULL) || (filename == NULL))
+		{
+		DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_PASSED_NULL_PARAMETER);
+		return(0);
+		}
+	if(dso->loaded_filename)
+		{
+		DSOerr(DSO_F_DSO_SET_FILENAME,DSO_R_DSO_ALREADY_LOADED);
+		return(0);
+		}
+	/* We'll duplicate filename */
+	copied = OPENSSL_malloc(strlen(filename) + 1);
+	if(copied == NULL)
+		{
+		DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	strcpy(copied, filename);
+	if(dso->filename)
+		OPENSSL_free(dso->filename);
+	dso->filename = copied;
+	return(1);
+	}
+
+char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2)
+	{
+	char *result = NULL;
+
+	if(dso == NULL || filespec1 == NULL)
+		{
+		DSOerr(DSO_F_DSO_MERGE,ERR_R_PASSED_NULL_PARAMETER);
+		return(NULL);
+		}
+	if(filespec1 == NULL)
+		filespec1 = dso->filename;
+	if(filespec1 == NULL)
+		{
+		DSOerr(DSO_F_DSO_MERGE,DSO_R_NO_FILE_SPECIFICATION);
+		return(NULL);
+		}
+	if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0)
+		{
+		if(dso->merger != NULL)
+			result = dso->merger(dso, filespec1, filespec2);
+		else if(dso->meth->dso_merger != NULL)
+			result = dso->meth->dso_merger(dso,
+				filespec1, filespec2);
+		}
+	return(result);
+	}
+
+char *DSO_convert_filename(DSO *dso, const char *filename)
+	{
+	char *result = NULL;
+
+	if(dso == NULL)
+		{
+		DSOerr(DSO_F_DSO_CONVERT_FILENAME,ERR_R_PASSED_NULL_PARAMETER);
+		return(NULL);
+		}
+	if(filename == NULL)
+		filename = dso->filename;
+	if(filename == NULL)
+		{
+		DSOerr(DSO_F_DSO_CONVERT_FILENAME,DSO_R_NO_FILENAME);
+		return(NULL);
+		}
+	if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0)
+		{
+		if(dso->name_converter != NULL)
+			result = dso->name_converter(dso, filename);
+		else if(dso->meth->dso_name_converter != NULL)
+			result = dso->meth->dso_name_converter(dso, filename);
+		}
+	if(result == NULL)
+		{
+		result = OPENSSL_malloc(strlen(filename) + 1);
+		if(result == NULL)
+			{
+			DSOerr(DSO_F_DSO_CONVERT_FILENAME,
+					ERR_R_MALLOC_FAILURE);
+			return(NULL);
+			}
+		strcpy(result, filename);
+		}
+	return(result);
+	}
+
+const char *DSO_get_loaded_filename(DSO *dso)
+	{
+	if(dso == NULL)
+		{
+		DSOerr(DSO_F_DSO_GET_LOADED_FILENAME,
+				ERR_R_PASSED_NULL_PARAMETER);
+		return(NULL);
+		}
+	return(dso->loaded_filename);
+	}
diff --git a/crypto/dso/dso_null.c b/crypto/dso/dso_null.c
new file mode 100644
index 0000000000..fa13a7cb0f
--- /dev/null
+++ b/crypto/dso/dso_null.c
@@ -0,0 +1,86 @@
+/* dso_null.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* This "NULL" method is provided as the fallback for systems that have
+ * no appropriate support for "shared-libraries". */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+static DSO_METHOD dso_meth_null = {
+	"NULL shared library method",
+	NULL, /* load */
+	NULL, /* unload */
+	NULL, /* bind_var */
+	NULL, /* bind_func */
+/* For now, "unbind" doesn't exist */
+#if 0
+	NULL, /* unbind_var */
+	NULL, /* unbind_func */
+#endif
+	NULL, /* ctrl */
+	NULL, /* init */
+	NULL  /* finish */
+	};
+
+DSO_METHOD *DSO_METHOD_null(void)
+	{
+	return(&dso_meth_null);
+	}
+
diff --git a/crypto/dso/dso_openssl.c b/crypto/dso/dso_openssl.c
new file mode 100644
index 0000000000..a4395ebffe
--- /dev/null
+++ b/crypto/dso/dso_openssl.c
@@ -0,0 +1,81 @@
+/* dso_openssl.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+/* We just pinch the method from an appropriate "default" method. */
+
+DSO_METHOD *DSO_METHOD_openssl(void)
+	{
+#ifdef DEF_DSO_METHOD
+	return(DEF_DSO_METHOD());
+#elif defined(DSO_DLFCN)
+	return(DSO_METHOD_dlfcn());
+#elif defined(DSO_DL)
+	return(DSO_METHOD_dl());
+#elif defined(DSO_WIN32)
+	return(DSO_METHOD_win32());
+#elif defined(DSO_VMS)
+	return(DSO_METHOD_vms());
+#else
+	return(DSO_METHOD_null());
+#endif
+	}
+
diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c
new file mode 100644
index 0000000000..7ce9230201
--- /dev/null
+++ b/crypto/dso/dso_vms.c
@@ -0,0 +1,504 @@
+/* dso_vms.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+#ifdef OPENSSL_SYS_VMS
+#pragma message disable DOLLARID
+#include <rms.h>
+#include <lib$routines.h>
+#include <stsdef.h>
+#include <descrip.h>
+#include <starlet.h>
+#endif
+
+#ifndef OPENSSL_SYS_VMS
+DSO_METHOD *DSO_METHOD_vms(void)
+	{
+	return NULL;
+	}
+#else
+#pragma message disable DOLLARID
+
+static int vms_load(DSO *dso);
+static int vms_unload(DSO *dso);
+static void *vms_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname);
+#if 0
+static int vms_unbind_var(DSO *dso, char *symname, void *symptr);
+static int vms_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+static int vms_init(DSO *dso);
+static int vms_finish(DSO *dso);
+static long vms_ctrl(DSO *dso, int cmd, long larg, void *parg);
+#endif
+static char *vms_name_converter(DSO *dso, const char *filename);
+static char *vms_merger(DSO *dso, const char *filespec1,
+	const char *filespec2);
+
+static DSO_METHOD dso_meth_vms = {
+	"OpenSSL 'VMS' shared library method",
+	vms_load,
+	NULL, /* unload */
+	vms_bind_var,
+	vms_bind_func,
+/* For now, "unbind" doesn't exist */
+#if 0
+	NULL, /* unbind_var */
+	NULL, /* unbind_func */
+#endif
+	NULL, /* ctrl */
+	vms_name_converter,
+	vms_merger,
+	NULL, /* init */
+	NULL  /* finish */
+	};
+
+/* On VMS, the only "handle" is the file name.  LIB$FIND_IMAGE_SYMBOL depends
+ * on the reference to the file name being the same for all calls regarding
+ * one shared image, so we'll just store it in an instance of the following
+ * structure and put a pointer to that instance in the meth_data stack.
+ */
+typedef struct dso_internal_st
+	{
+	/* This should contain the name only, no directory,
+	 * no extension, nothing but a name. */
+	struct dsc$descriptor_s filename_dsc;
+	char filename[FILENAME_MAX+1];
+	/* This contains whatever is not in filename, if needed.
+	 * Normally not defined. */
+	struct dsc$descriptor_s imagename_dsc;
+	char imagename[FILENAME_MAX+1];
+	} DSO_VMS_INTERNAL;
+
+
+DSO_METHOD *DSO_METHOD_vms(void)
+	{
+	return(&dso_meth_vms);
+	}
+
+static int vms_load(DSO *dso)
+	{
+	void *ptr = NULL;
+	/* See applicable comments in dso_dl.c */
+	char *filename = DSO_convert_filename(dso, NULL);
+	DSO_VMS_INTERNAL *p;
+	const char *sp1, *sp2;	/* Search result */
+
+	if(filename == NULL)
+		{
+		DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME);
+		goto err;
+		}
+
+	/* A file specification may look like this:
+	 *
+	 *	node::dev:[dir-spec]name.type;ver
+	 *
+	 * or (for compatibility with TOPS-20):
+	 *
+	 *	node::dev:<dir-spec>name.type;ver
+	 *
+	 * and the dir-spec uses '.' as separator.  Also, a dir-spec
+	 * may consist of several parts, with mixed use of [] and <>:
+	 *
+	 *	[dir1.]<dir2>
+	 *
+	 * We need to split the file specification into the name and
+	 * the rest (both before and after the name itself).
+	 */
+	/* Start with trying to find the end of a dir-spec, and save the
+	   position of the byte after in sp1 */
+	sp1 = strrchr(filename, ']');
+	sp2 = strrchr(filename, '>');
+	if (sp1 == NULL) sp1 = sp2;
+	if (sp2 != NULL && sp2 > sp1) sp1 = sp2;
+	if (sp1 == NULL) sp1 = strrchr(filename, ':');
+	if (sp1 == NULL)
+		sp1 = filename;
+	else
+		sp1++;		/* The byte after the found character */
+	/* Now, let's see if there's a type, and save the position in sp2 */
+	sp2 = strchr(sp1, '.');
+	/* If we found it, that's where we'll cut.  Otherwise, look for a
+	   version number and save the position in sp2 */
+	if (sp2 == NULL) sp2 = strchr(sp1, ';');
+	/* If there was still nothing to find, set sp2 to point at the end of
+	   the string */
+	if (sp2 == NULL) sp2 = sp1 + strlen(sp1);
+
+	/* Check that we won't get buffer overflows */
+	if (sp2 - sp1 > FILENAME_MAX
+		|| (sp1 - filename) + strlen(sp2) > FILENAME_MAX)
+		{
+		DSOerr(DSO_F_VMS_LOAD,DSO_R_FILENAME_TOO_BIG);
+		goto err;
+		}
+
+	p = (DSO_VMS_INTERNAL *)OPENSSL_malloc(sizeof(DSO_VMS_INTERNAL));
+	if(p == NULL)
+		{
+		DSOerr(DSO_F_VMS_LOAD,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	strncpy(p->filename, sp1, sp2-sp1);
+	p->filename[sp2-sp1] = '\0';
+
+	strncpy(p->imagename, filename, sp1-filename);
+	p->imagename[sp1-filename] = '\0';
+	strcat(p->imagename, sp2);
+
+	p->filename_dsc.dsc$w_length = strlen(p->filename);
+	p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+	p->filename_dsc.dsc$b_class = DSC$K_CLASS_S;
+	p->filename_dsc.dsc$a_pointer = p->filename;
+	p->imagename_dsc.dsc$w_length = strlen(p->imagename);
+	p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+	p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S;
+	p->imagename_dsc.dsc$a_pointer = p->imagename;
+
+	if(!sk_push(dso->meth_data, (char *)p))
+		{
+		DSOerr(DSO_F_VMS_LOAD,DSO_R_STACK_ERROR);
+		goto err;
+		}
+
+	/* Success (for now, we lie.  We actually do not know...) */
+	dso->loaded_filename = filename;
+	return(1);
+err:
+	/* Cleanup! */
+	if(p != NULL)
+		OPENSSL_free(p);
+	if(filename != NULL)
+		OPENSSL_free(filename);
+	return(0);
+	}
+
+/* Note that this doesn't actually unload the shared image, as there is no
+ * such thing in VMS.  Next time it get loaded again, a new copy will
+ * actually be loaded.
+ */
+static int vms_unload(DSO *dso)
+	{
+	DSO_VMS_INTERNAL *p;
+	if(dso == NULL)
+		{
+		DSOerr(DSO_F_VMS_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
+		return(0);
+		}
+	if(sk_num(dso->meth_data) < 1)
+		return(1);
+	p = (DSO_VMS_INTERNAL *)sk_pop(dso->meth_data);
+	if(p == NULL)
+		{
+		DSOerr(DSO_F_VMS_UNLOAD,DSO_R_NULL_HANDLE);
+		return(0);
+		}
+	/* Cleanup */
+	OPENSSL_free(p);
+	return(1);
+	}
+
+/* We must do this in a separate function because of the way the exception
+   handler works (it makes this function return */
+static int do_find_symbol(DSO_VMS_INTERNAL *ptr,
+	struct dsc$descriptor_s *symname_dsc, void **sym,
+	unsigned long flags)
+	{
+	/* Make sure that signals are caught and returned instead of
+	   aborting the program.  The exception handler gets unestablished
+	   automatically on return from this function.  */
+	lib$establish(lib$sig_to_ret);
+
+	if(ptr->imagename_dsc.dsc$w_length)
+		return lib$find_image_symbol(&ptr->filename_dsc,
+			symname_dsc, sym,
+			&ptr->imagename_dsc, flags);
+	else
+		return lib$find_image_symbol(&ptr->filename_dsc,
+			symname_dsc, sym,
+			0, flags);
+	}
+
+void vms_bind_sym(DSO *dso, const char *symname, void **sym)
+	{
+	DSO_VMS_INTERNAL *ptr;
+	int status;
+#if 0
+	int flags = (1<<4); /* LIB$M_FIS_MIXEDCASE, but this symbol isn't
+                               defined in VMS older than 7.0 or so */
+#else
+	int flags = 0;
+#endif
+	struct dsc$descriptor_s symname_dsc;
+	*sym = NULL;
+
+	symname_dsc.dsc$w_length = strlen(symname);
+	symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+	symname_dsc.dsc$b_class = DSC$K_CLASS_S;
+	symname_dsc.dsc$a_pointer = (char *)symname; /* The cast is needed */
+
+	if((dso == NULL) || (symname == NULL))
+		{
+		DSOerr(DSO_F_VMS_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
+		return;
+		}
+	if(sk_num(dso->meth_data) < 1)
+		{
+		DSOerr(DSO_F_VMS_BIND_VAR,DSO_R_STACK_ERROR);
+		return;
+		}
+	ptr = (DSO_VMS_INTERNAL *)sk_value(dso->meth_data,
+		sk_num(dso->meth_data) - 1);
+	if(ptr == NULL)
+		{
+		DSOerr(DSO_F_VMS_BIND_VAR,DSO_R_NULL_HANDLE);
+		return;
+		}
+
+	if(dso->flags & DSO_FLAG_UPCASE_SYMBOL) flags = 0;
+
+	status = do_find_symbol(ptr, &symname_dsc, sym, flags);
+
+	if(!$VMS_STATUS_SUCCESS(status))
+		{
+		unsigned short length;
+		char errstring[257];
+		struct dsc$descriptor_s errstring_dsc;
+
+		errstring_dsc.dsc$w_length = sizeof(errstring);
+		errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+		errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
+		errstring_dsc.dsc$a_pointer = errstring;
+
+		*sym = NULL;
+
+		status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
+
+		if (!$VMS_STATUS_SUCCESS(status))
+			lib$signal(status); /* This is really bad.  Abort!  */
+		else
+			{
+			errstring[length] = '\0';
+
+			DSOerr(DSO_F_VMS_BIND_VAR,DSO_R_SYM_FAILURE);
+			if (ptr->imagename_dsc.dsc$w_length)
+				ERR_add_error_data(9,
+					"Symbol ", symname,
+					" in ", ptr->filename,
+					" (", ptr->imagename, ")",
+					": ", errstring);
+			else
+				ERR_add_error_data(6,
+					"Symbol ", symname,
+					" in ", ptr->filename,
+					": ", errstring);
+			}
+		return;
+		}
+	return;
+	}
+
+static void *vms_bind_var(DSO *dso, const char *symname)
+	{
+	void *sym = 0;
+	vms_bind_sym(dso, symname, &sym);
+	return sym;
+	}
+
+static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname)
+	{
+	DSO_FUNC_TYPE sym = 0;
+	vms_bind_sym(dso, symname, (void **)&sym);
+	return sym;
+	}
+
+static char *vms_merger(DSO *dso, const char *filespec1, const char *filespec2)
+	{
+	int status;
+	int filespec1len, filespec2len;
+	struct FAB fab;
+#ifdef NAML$C_MAXRSS
+	struct NAML nam;
+	char esa[NAML$C_MAXRSS];
+#else
+	struct NAM nam;
+	char esa[NAM$C_MAXRSS];
+#endif
+	char *merged;
+
+	if (!filespec1) filespec1 = "";
+	if (!filespec2) filespec2 = "";
+	filespec1len = strlen(filespec1);
+	filespec2len = strlen(filespec2);
+
+	fab = cc$rms_fab;
+#ifdef NAML$C_MAXRSS
+	nam = cc$rms_naml;
+#else
+	nam = cc$rms_nam;
+#endif
+
+	fab.fab$l_fna = (char *)filespec1;
+	fab.fab$b_fns = filespec1len;
+	fab.fab$l_dna = (char *)filespec2;
+	fab.fab$b_dns = filespec2len;
+#ifdef NAML$C_MAXRSS
+	if (filespec1len > NAM$C_MAXRSS)
+		{
+		fab.fab$l_fna = 0;
+		fab.fab$b_fns = 0;
+		nam.naml$l_long_filename = (char *)filespec1;
+		nam.naml$l_long_filename_size = filespec1len;
+		}
+	if (filespec2len > NAM$C_MAXRSS)
+		{
+		fab.fab$l_dna = 0;
+		fab.fab$b_dns = 0;
+		nam.naml$l_long_defname = (char *)filespec2;
+		nam.naml$l_long_defname_size = filespec2len;
+		}
+	nam.naml$l_esa = esa;
+	nam.naml$b_ess = NAM$C_MAXRSS;
+	nam.naml$l_long_expand = esa;
+	nam.naml$l_long_expand_alloc = sizeof(esa);
+	nam.naml$b_nop = NAM$M_SYNCHK | NAM$M_PWD;
+	nam.naml$v_no_short_upcase = 1;
+	fab.fab$l_naml = &nam;
+#else
+	nam.nam$l_esa = esa;
+	nam.nam$b_ess = NAM$C_MAXRSS;
+	nam.nam$b_nop = NAM$M_SYNCHK | NAM$M_PWD;
+	fab.fab$l_nam = &nam;
+#endif
+
+	status = sys$parse(&fab, 0, 0);
+
+	if(!$VMS_STATUS_SUCCESS(status))
+		{
+		unsigned short length;
+		char errstring[257];
+		struct dsc$descriptor_s errstring_dsc;
+
+		errstring_dsc.dsc$w_length = sizeof(errstring);
+		errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+		errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
+		errstring_dsc.dsc$a_pointer = errstring;
+
+		status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
+
+		if (!$VMS_STATUS_SUCCESS(status))
+			lib$signal(status); /* This is really bad.  Abort!  */
+		else
+			{
+			errstring[length] = '\0';
+
+			DSOerr(DSO_F_VMS_MERGER,DSO_R_FAILURE);
+			ERR_add_error_data(7,
+					   "filespec \"", filespec1, "\", ",
+					   "defaults \"", filespec2, "\": ",
+					   errstring);
+			}
+		return(NULL);
+		}
+#ifdef NAML$C_MAXRSS
+	if (nam.naml$l_long_expand_size)
+		{
+		merged = OPENSSL_malloc(nam.naml$l_long_expand_size + 1);
+		if(!merged)
+			goto malloc_err;
+		strncpy(merged, nam.naml$l_long_expand,
+			nam.naml$l_long_expand_size);
+		merged[nam.naml$l_long_expand_size] = '\0';
+		}
+	else
+		{
+		merged = OPENSSL_malloc(nam.naml$b_esl + 1);
+		if(!merged)
+			goto malloc_err;
+		strncpy(merged, nam.naml$l_esa,
+			nam.naml$b_esl);
+		merged[nam.naml$b_esl] = '\0';
+		}
+#else
+	merged = OPENSSL_malloc(nam.nam$b_esl + 1);
+	if(!merged)
+		goto malloc_err;
+	strncpy(merged, nam.nam$l_esa,
+		nam.nam$b_esl);
+	merged[nam.nam$b_esl] = '\0';
+#endif
+	return(merged);
+ malloc_err:
+	DSOerr(DSO_F_VMS_MERGER,
+		ERR_R_MALLOC_FAILURE);
+	}
+
+static char *vms_name_converter(DSO *dso, const char *filename)
+	{
+        int len = strlen(filename);
+        char *not_translated = OPENSSL_malloc(len+1);
+        strcpy(not_translated,filename);
+	return(not_translated);
+	}
+
+#endif /* OPENSSL_SYS_VMS */
diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c
new file mode 100644
index 0000000000..02e051595a
--- /dev/null
+++ b/crypto/dso/dso_win32.c
@@ -0,0 +1,597 @@
+/* dso_win32.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "cryptlib.h"
+#include <openssl/dso.h>
+
+#if !defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE)
+DSO_METHOD *DSO_METHOD_win32(void)
+	{
+	return NULL;
+	}
+#else
+
+/* Part of the hack in "win32_load" ... */
+#define DSO_MAX_TRANSLATED_SIZE 256
+
+static int win32_load(DSO *dso);
+static int win32_unload(DSO *dso);
+static void *win32_bind_var(DSO *dso, const char *symname);
+static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname);
+#if 0
+static int win32_unbind_var(DSO *dso, char *symname, void *symptr);
+static int win32_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
+static int win32_init(DSO *dso);
+static int win32_finish(DSO *dso);
+static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg);
+#endif
+static char *win32_name_converter(DSO *dso, const char *filename);
+static char *win32_merger(DSO *dso, const char *filespec1,
+	const char *filespec2);
+
+static const char *openssl_strnchr(const char *string, int c, size_t len);
+
+static DSO_METHOD dso_meth_win32 = {
+	"OpenSSL 'win32' shared library method",
+	win32_load,
+	win32_unload,
+	win32_bind_var,
+	win32_bind_func,
+/* For now, "unbind" doesn't exist */
+#if 0
+	NULL, /* unbind_var */
+	NULL, /* unbind_func */
+#endif
+	NULL, /* ctrl */
+	win32_name_converter,
+	win32_merger,
+	NULL, /* init */
+	NULL  /* finish */
+	};
+
+DSO_METHOD *DSO_METHOD_win32(void)
+	{
+	return(&dso_meth_win32);
+	}
+
+/* For this DSO_METHOD, our meth_data STACK will contain;
+ * (i) a pointer to the handle (HINSTANCE) returned from
+ *     LoadLibrary(), and copied.
+ */
+
+static int win32_load(DSO *dso)
+	{
+	HINSTANCE h = NULL, *p = NULL;
+	/* See applicable comments from dso_dl.c */
+	char *filename = DSO_convert_filename(dso, NULL);
+
+	if(filename == NULL)
+		{
+		DSOerr(DSO_F_WIN32_LOAD,DSO_R_NO_FILENAME);
+		goto err;
+		}
+	h = LoadLibrary(filename);
+	if(h == NULL)
+		{
+		DSOerr(DSO_F_WIN32_LOAD,DSO_R_LOAD_FAILED);
+		ERR_add_error_data(3, "filename(", filename, ")");
+		goto err;
+		}
+	p = (HINSTANCE *)OPENSSL_malloc(sizeof(HINSTANCE));
+	if(p == NULL)
+		{
+		DSOerr(DSO_F_WIN32_LOAD,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	*p = h;
+	if(!sk_push(dso->meth_data, (char *)p))
+		{
+		DSOerr(DSO_F_WIN32_LOAD,DSO_R_STACK_ERROR);
+		goto err;
+		}
+	/* Success */
+	dso->loaded_filename = filename;
+	return(1);
+err:
+	/* Cleanup !*/
+	if(filename != NULL)
+		OPENSSL_free(filename);
+	if(p != NULL)
+		OPENSSL_free(p);
+	if(h != NULL)
+		FreeLibrary(h);
+	return(0);
+	}
+
+static int win32_unload(DSO *dso)
+	{
+	HINSTANCE *p;
+	if(dso == NULL)
+		{
+		DSOerr(DSO_F_WIN32_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
+		return(0);
+		}
+	if(sk_num(dso->meth_data) < 1)
+		return(1);
+	p = (HINSTANCE *)sk_pop(dso->meth_data);
+	if(p == NULL)
+		{
+		DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_NULL_HANDLE);
+		return(0);
+		}
+	if(!FreeLibrary(*p))
+		{
+		DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_UNLOAD_FAILED);
+		/* We should push the value back onto the stack in
+		 * case of a retry. */
+		sk_push(dso->meth_data, (char *)p);
+		return(0);
+		}
+	/* Cleanup */
+	OPENSSL_free(p);
+	return(1);
+	}
+
+/* Using GetProcAddress for variables? TODO: Check this out in
+ * the Win32 API docs, there's probably a variant for variables. */
+static void *win32_bind_var(DSO *dso, const char *symname)
+	{
+	HINSTANCE *ptr;
+	void *sym;
+
+	if((dso == NULL) || (symname == NULL))
+		{
+		DSOerr(DSO_F_WIN32_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
+		return(NULL);
+		}
+	if(sk_num(dso->meth_data) < 1)
+		{
+		DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_STACK_ERROR);
+		return(NULL);
+		}
+	ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+	if(ptr == NULL)
+		{
+		DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_NULL_HANDLE);
+		return(NULL);
+		}
+	sym = GetProcAddress(*ptr, symname);
+	if(sym == NULL)
+		{
+		DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_SYM_FAILURE);
+		ERR_add_error_data(3, "symname(", symname, ")");
+		return(NULL);
+		}
+	return(sym);
+	}
+
+static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname)
+	{
+	HINSTANCE *ptr;
+	void *sym;
+
+	if((dso == NULL) || (symname == NULL))
+		{
+		DSOerr(DSO_F_WIN32_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
+		return(NULL);
+		}
+	if(sk_num(dso->meth_data) < 1)
+		{
+		DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_STACK_ERROR);
+		return(NULL);
+		}
+	ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+	if(ptr == NULL)
+		{
+		DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_NULL_HANDLE);
+		return(NULL);
+		}
+	sym = GetProcAddress(*ptr, symname);
+	if(sym == NULL)
+		{
+		DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_SYM_FAILURE);
+		ERR_add_error_data(3, "symname(", symname, ")");
+		return(NULL);
+		}
+	return((DSO_FUNC_TYPE)sym);
+	}
+
+struct file_st
+	{
+	const char *node; int nodelen;
+	const char *device; int devicelen;
+	const char *predir; int predirlen;
+	const char *dir; int dirlen;
+	const char *file; int filelen;
+	};
+
+static struct file_st *win32_splitter(DSO *dso, const char *filename,
+	int assume_last_is_dir)
+	{
+	struct file_st *result = NULL;
+	enum { IN_NODE, IN_DEVICE, IN_FILE } position;
+	const char *start = filename;
+
+	if (!filename)
+		{
+		DSOerr(DSO_F_WIN32_MERGER,DSO_R_NO_FILENAME);
+		/*goto err;*/
+		return(NULL);
+		}
+
+	result = OPENSSL_malloc(sizeof(struct file_st));
+	if(result == NULL)
+		{
+		DSOerr(DSO_F_WIN32_MERGER,
+			ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+
+	memset(result, 0, sizeof(struct file_st));
+	position = IN_DEVICE;
+
+	if(filename[0] == '\\' && filename[1] == '\\'
+		|| filename[0] == '/' && filename[1] == '/')
+		{
+		position = IN_NODE;
+		filename += 2;
+		start = filename;
+		result->node = start;
+		}
+
+	do
+		{
+		switch(filename[0])
+			{
+		case ':':
+			if(position != IN_DEVICE)
+				{
+				DSOerr(DSO_F_WIN32_MERGER,
+					DSO_R_INCORRECT_FILE_SYNTAX);
+				/*goto err;*/
+				return(NULL);
+				}
+			result->device = start;
+			result->devicelen = filename - start;
+			position = IN_FILE;
+			start = ++filename;
+			result->dir = start;
+			break;
+		case '\\':
+		case '/':
+			if(position == IN_NODE)
+				{
+				result->nodelen = filename - start;
+				position = IN_FILE;
+				start = ++filename;
+				result->dir = start;
+				}
+			else
+				{
+				filename++;
+				result->dirlen += filename - start;
+				}
+			break;
+		case '\0':
+			if(position == IN_NODE)
+				{
+				result->nodelen = filename - start;
+				}
+			else
+				{
+				if(filename - start > 0)
+					{
+					if (assume_last_is_dir)
+						{
+						result->devicelen += filename - start;
+						}
+					else
+						{
+						result->file = start;
+						result->filelen = filename - start;
+						}
+					}
+				}
+			break;
+		default:
+			filename++;
+			break;
+			}
+		}
+	while(*filename);
+
+	if(!result->nodelen) result->node = NULL;
+	if(!result->devicelen) result->device = NULL;
+	if(!result->dirlen) result->dir = NULL;
+	if(!result->filelen) result->file = NULL;
+
+	return(result);
+	}
+
+static char *win32_joiner(DSO *dso, const struct file_st *file_split)
+	{
+	int len = 0, offset = 0;
+	char *result = NULL;
+	const char *start;
+
+	if(!file_split)
+		{
+		DSOerr(DSO_F_WIN32_MERGER,
+				ERR_R_PASSED_NULL_PARAMETER);
+		return(NULL);
+		}
+	if(file_split->node)
+		{
+		len += 2 + file_split->nodelen;	/* 2 for starting \\ */
+		if(file_split->predir || file_split->dir || file_split->file)
+			len++;	/* 1 for ending \ */
+		}
+	else if(file_split->device)
+		{
+		len += file_split->devicelen + 1; /* 1 for ending : */
+		}
+	len += file_split->predirlen;
+	if(file_split->predir && (file_split->dir || file_split->file))
+		{
+		len++;	/* 1 for ending \ */
+		}
+	len += file_split->dirlen;
+	if(file_split->dir && file_split->file)
+		{
+		len++;	/* 1 for ending \ */
+		}
+	len += file_split->filelen;
+
+	if(!len)
+		{
+		DSOerr(DSO_F_WIN32_MERGER, DSO_R_EMPTY_FILE_STRUCTURE);
+		return(NULL);
+		}
+
+	result = OPENSSL_malloc(len + 1);
+	if (!result)
+		{
+		DSOerr(DSO_F_WIN32_MERGER,
+			ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+
+	if(file_split->node)
+		{
+		strcpy(&result[offset], "\\\\"); offset += 2;
+		strncpy(&result[offset], file_split->node,
+			file_split->nodelen); offset += file_split->nodelen;
+		if(file_split->predir || file_split->dir || file_split->file)
+			{
+			result[offset] = '\\'; offset++;
+			}
+		}
+	else if(file_split->device)
+		{
+		strncpy(&result[offset], file_split->device,
+			file_split->devicelen); offset += file_split->devicelen;
+		result[offset] = ':'; offset++;
+		}
+	start = file_split->predir;
+	while(file_split->predirlen > (start - file_split->predir))
+		{
+		const char *end = openssl_strnchr(start, '/',
+			file_split->predirlen - (start - file_split->predir));
+		if(!end)
+			end = start
+				+ file_split->predirlen
+				- (start - file_split->predir);
+		strncpy(&result[offset], start,
+			end - start); offset += end - start;
+		result[offset] = '\\'; offset++;
+		start = end + 1;
+		}
+	if(file_split->predir && (file_split->dir || file_split->file))
+		{
+		result[offset] = '\\'; offset++;
+		}
+	start = file_split->dir;
+	while(file_split->dirlen > (start - file_split->dir))
+		{
+		const char *end = openssl_strnchr(start, '/',
+			file_split->dirlen - (start - file_split->dir));
+		if(!end)
+			end = start
+				+ file_split->dirlen
+				- (start - file_split->dir);
+		strncpy(&result[offset], start,
+			end - start); offset += end - start;
+		result[offset] = '\\'; offset++;
+		start = end + 1;
+		}
+	if(file_split->dir && file_split->file)
+		{
+		result[offset] = '\\'; offset++;
+		}
+	strncpy(&result[offset], file_split->file,
+		file_split->filelen); offset += file_split->filelen;
+	result[offset] = '\0';
+	return(result);
+	}
+
+static char *win32_merger(DSO *dso, const char *filespec1, const char *filespec2)
+	{
+	char *merged = NULL;
+	struct file_st *filespec1_split = NULL;
+	struct file_st *filespec2_split = NULL;
+
+	if(!filespec1 && !filespec2)
+		{
+		DSOerr(DSO_F_WIN32_MERGER,
+				ERR_R_PASSED_NULL_PARAMETER);
+		return(NULL);
+		}
+	if (!filespec2)
+		{
+		merged = OPENSSL_malloc(strlen(filespec1) + 1);
+		if(!merged)
+			{
+			DSOerr(DSO_F_WIN32_MERGER,
+				ERR_R_MALLOC_FAILURE);
+			return(NULL);
+			}
+		strcpy(merged, filespec1);
+		}
+	else if (!filespec1)
+		{
+		merged = OPENSSL_malloc(strlen(filespec2) + 1);
+		if(!merged)
+			{
+			DSOerr(DSO_F_WIN32_MERGER,
+				ERR_R_MALLOC_FAILURE);
+			return(NULL);
+			}
+		strcpy(merged, filespec2);
+		}
+	else
+		{
+		filespec1_split = win32_splitter(dso, filespec1, 1);
+		if (!filespec1_split)
+			{
+			DSOerr(DSO_F_WIN32_MERGER,
+				ERR_R_MALLOC_FAILURE);
+			return(NULL);
+			}
+		filespec2_split = win32_splitter(dso, filespec2, 0);
+		if (!filespec1_split)
+			{
+			DSOerr(DSO_F_WIN32_MERGER,
+				ERR_R_MALLOC_FAILURE);
+			OPENSSL_free(filespec1_split);
+			return(NULL);
+			}
+
+		/* Fill in into filespec1_split */
+		if (!filespec1_split->node && !filespec1_split->device)
+			{
+			filespec1_split->node = filespec2_split->node;
+			filespec1_split->nodelen = filespec2_split->nodelen;
+			filespec1_split->device = filespec2_split->device;
+			filespec1_split->devicelen = filespec2_split->devicelen;
+			}
+		if (!filespec1_split->dir)
+			{
+			filespec1_split->dir = filespec2_split->dir;
+			filespec1_split->dirlen = filespec2_split->dirlen;
+			}
+		else if (filespec1_split->dir[0] != '\\'
+			&& filespec1_split->dir[0] != '/')
+			{
+			filespec1_split->predir = filespec2_split->dir;
+			filespec1_split->predirlen = filespec2_split->dirlen;
+			}
+		if (!filespec1_split->file)
+			{
+			filespec1_split->file = filespec2_split->file;
+			filespec1_split->filelen = filespec2_split->filelen;
+			}
+
+		merged = win32_joiner(dso, filespec1_split);
+		}
+	return(merged);
+	}
+
+static char *win32_name_converter(DSO *dso, const char *filename)
+	{
+	char *translated;
+	int len, transform;
+
+	len = strlen(filename);
+	transform = ((strstr(filename, "/") == NULL) &&
+			(strstr(filename, "\\") == NULL) &&
+			(strstr(filename, ":") == NULL));
+	if(transform)
+		/* We will convert this to "%s.dll" */
+		translated = OPENSSL_malloc(len + 5);
+	else
+		/* We will simply duplicate filename */
+		translated = OPENSSL_malloc(len + 1);
+	if(translated == NULL)
+		{
+		DSOerr(DSO_F_WIN32_NAME_CONVERTER,
+				DSO_R_NAME_TRANSLATION_FAILED); 
+		return(NULL);   
+		}
+	if(transform)
+		sprintf(translated, "%s.dll", filename);
+	else
+		sprintf(translated, "%s", filename);
+	return(translated);
+	}
+
+static const char *openssl_strnchr(const char *string, int c, size_t len)
+	{
+	size_t i;
+	const char *p;
+	for (i = 0, p = string; i < len && *p; i++, p++)
+		{
+		if (*p == c)
+			return p;
+		}
+	return NULL;
+	}
+
+
+#endif /* OPENSSL_SYS_WIN32 */
diff --git a/crypto/ebcdic.c b/crypto/ebcdic.c
new file mode 100644
index 0000000000..d1bece87f7
--- /dev/null
+++ b/crypto/ebcdic.c
@@ -0,0 +1,218 @@
+/* crypto/ebcdic.c */
+
+#ifdef CHARSET_EBCDIC
+#include "ebcdic.h"
+/*      Initial Port for  Apache-1.3     by <Martin.Kraemer@Mch.SNI.De>
+ *      Adapted for       OpenSSL-0.9.4  by <Martin.Kraemer@Mch.SNI.De>
+ */
+
+#ifdef _OSD_POSIX
+/*
+    "BS2000 OSD" is a POSIX subsystem on a main frame.
+    It is made by Siemens AG, Germany, for their BS2000 mainframe machines.
+    Within the POSIX subsystem, the same character set was chosen as in
+    "native BS2000", namely EBCDIC. (EDF04)
+
+    The name "ASCII" in these routines is misleading: actually, conversion
+    is not between EBCDIC and ASCII, but EBCDIC(EDF04) and ISO-8859.1;
+    that means that (western european) national characters are preserved.
+
+    This table is identical to the one used by rsh/rcp/ftp and other POSIX tools.
+*/
+
+/* Here's the bijective ebcdic-to-ascii table: */
+const unsigned char os_toascii[256] = {
+/*00*/ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f,
+       0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /*................*/
+/*10*/ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97,
+       0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /*................*/
+/*20*/ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b,
+       0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /*................*/
+/*30*/ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04,
+       0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /*................*/
+/*40*/ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5,
+       0xe7, 0xf1, 0x60, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* .........`.<(+|*/
+/*50*/ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef,
+       0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x9f, /*&.........!$*);.*/
+/*60*/ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5,
+       0xc7, 0xd1, 0x5e, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /*-/........^,%_>?*/
+/*70*/ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf,
+       0xcc, 0xa8, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /*..........:#@'="*/
+/*80*/ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+       0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /*.abcdefghi......*/
+/*90*/ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+       0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /*.jklmnopqr......*/
+/*a0*/ 0xb5, 0xaf, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
+       0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0xdd, 0xde, 0xae, /*..stuvwxyz......*/
+/*b0*/ 0xa2, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc,
+       0xbd, 0xbe, 0xac, 0x5b, 0x5c, 0x5d, 0xb4, 0xd7, /*...........[\]..*/
+/*c0*/ 0xf9, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+       0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /*.ABCDEFGHI......*/
+/*d0*/ 0xa6, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
+       0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xdb, 0xfa, 0xff, /*.JKLMNOPQR......*/
+/*e0*/ 0xd9, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58,
+       0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /*..STUVWXYZ......*/
+/*f0*/ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+       0x38, 0x39, 0xb3, 0x7b, 0xdc, 0x7d, 0xda, 0x7e  /*0123456789.{.}.~*/
+};
+
+
+/* The ascii-to-ebcdic table: */
+const unsigned char os_toebcdic[256] = {
+/*00*/  0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f,
+	0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,  /*................*/
+/*10*/  0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26,
+	0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f,  /*................*/
+/*20*/  0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d,
+	0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61,  /* !"#$%&'()*+,-./ */
+/*30*/  0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+	0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f,  /*0123456789:;<=>?*/
+/*40*/  0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+	0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6,  /*@ABCDEFGHIJKLMNO*/
+/*50*/  0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6,
+	0xe7, 0xe8, 0xe9, 0xbb, 0xbc, 0xbd, 0x6a, 0x6d,  /*PQRSTUVWXYZ[\]^_*/
+/*60*/  0x4a, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+	0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96,  /*`abcdefghijklmno*/
+/*70*/  0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6,
+	0xa7, 0xa8, 0xa9, 0xfb, 0x4f, 0xfd, 0xff, 0x07,  /*pqrstuvwxyz{|}~.*/
+/*80*/  0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08,
+	0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14,  /*................*/
+/*90*/  0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17,
+	0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0x5f,  /*................*/
+/*a0*/  0x41, 0xaa, 0xb0, 0xb1, 0x9f, 0xb2, 0xd0, 0xb5,
+	0x79, 0xb4, 0x9a, 0x8a, 0xba, 0xca, 0xaf, 0xa1,  /*................*/
+/*b0*/  0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3,
+	0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab,  /*................*/
+/*c0*/  0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68,
+	0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77,  /*................*/
+/*d0*/  0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf,
+	0x80, 0xe0, 0xfe, 0xdd, 0xfc, 0xad, 0xae, 0x59,  /*................*/
+/*e0*/  0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48,
+	0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57,  /*................*/
+/*f0*/  0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1,
+	0x70, 0xc0, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf   /*................*/
+};
+
+#else  /*_OSD_POSIX*/
+
+/*
+This code does basic character mapping for IBM's TPF and OS/390 operating systems.
+It is a modified version of the BS2000 table.
+
+Bijective EBCDIC (character set IBM-1047) to US-ASCII table:
+This table is bijective - there are no ambigous or duplicate characters.
+*/
+const unsigned char os_toascii[256] = {
+    0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f:           */
+    0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+    0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, /* 10-1f:           */
+    0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+    0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, /* 20-2f:           */
+    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */
+    0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, /* 30-3f:           */
+    0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */
+    0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, /* 40-4f:           */
+    0xe7, 0xf1, 0xa2, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /*  ...........<(+| */
+    0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, /* 50-5f:           */
+    0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x5e, /* &.........!$*);^ */
+    0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, /* 60-6f:           */
+    0xc7, 0xd1, 0xa6, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /* -/.........,%_>? */
+    0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, /* 70-7f:           */
+    0xcc, 0x60, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* .........`:#@'=" */
+    0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, /* 80-8f:           */
+    0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */
+    0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, /* 90-9f:           */
+    0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */
+    0xb5, 0x7e, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, /* a0-af:           */
+    0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0x5b, 0xde, 0xae, /* .~stuvwxyz...[.. */
+    0xac, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, /* b0-bf:           */
+    0xbd, 0xbe, 0xdd, 0xa8, 0xaf, 0x5d, 0xb4, 0xd7, /* .............].. */
+    0x7b, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, /* c0-cf:           */
+    0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* {ABCDEFGHI...... */
+    0x7d, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, /* d0-df:           */
+    0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xf9, 0xfa, 0xff, /* }JKLMNOPQR...... */
+    0x5c, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, /* e0-ef:           */
+    0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* \.STUVWXYZ...... */
+    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* f0-ff:           */
+    0x38, 0x39, 0xb3, 0xdb, 0xdc, 0xd9, 0xda, 0x9f  /* 0123456789...... */
+};
+
+
+/*
+The US-ASCII to EBCDIC (character set IBM-1047) table:
+This table is bijective (no ambiguous or duplicate characters)
+*/
+const unsigned char os_toebcdic[256] = {
+    0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, /* 00-0f:           */
+    0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+    0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, /* 10-1f:           */
+    0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+    0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, /* 20-2f:           */
+    0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /*  !"#$%&'()*+,-./ */
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, /* 30-3f:           */
+    0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */
+    0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, /* 40-4f:           */
+    0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */
+    0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, /* 50-5f:           */
+    0xe7, 0xe8, 0xe9, 0xad, 0xe0, 0xbd, 0x5f, 0x6d, /* PQRSTUVWXYZ[\]^_ */
+    0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 60-6f:           */
+    0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */
+    0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, /* 70-7f:           */
+    0xa7, 0xa8, 0xa9, 0xc0, 0x4f, 0xd0, 0xa1, 0x07, /* pqrstuvwxyz{|}~. */
+    0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, /* 80-8f:           */
+    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */
+    0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, /* 90-9f:           */
+    0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0xff, /* ................ */
+    0x41, 0xaa, 0x4a, 0xb1, 0x9f, 0xb2, 0x6a, 0xb5, /* a0-af:           */
+    0xbb, 0xb4, 0x9a, 0x8a, 0xb0, 0xca, 0xaf, 0xbc, /* ................ */
+    0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, /* b0-bf:           */
+    0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */
+    0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, /* c0-cf:           */
+    0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */
+    0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, /* d0-df:           */
+    0x80, 0xfd, 0xfe, 0xfb, 0xfc, 0xba, 0xae, 0x59, /* ................ */
+    0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, /* e0-ef:           */
+    0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */
+    0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, /* f0-ff:           */
+    0x70, 0xdd, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf  /* ................ */
+};
+#endif /*_OSD_POSIX*/
+
+/* Translate a memory block from EBCDIC (host charset) to ASCII (net charset)
+ * dest and srce may be identical, or separate memory blocks, but
+ * should not overlap. These functions intentionally have an interface
+ * compatible to memcpy(3).
+ */
+
+void *
+ebcdic2ascii(void *dest, const void *srce, size_t count)
+{
+    unsigned char *udest = dest;
+    const unsigned char *usrce = srce;
+
+    while (count-- != 0) {
+        *udest++ = os_toascii[*usrce++];
+    }
+
+    return dest;
+}
+
+void *
+ascii2ebcdic(void *dest, const void *srce, size_t count)
+{
+    unsigned char *udest = dest;
+    const unsigned char *usrce = srce;
+
+    while (count-- != 0) {
+        *udest++ = os_toebcdic[*usrce++];
+    }
+
+    return dest;
+}
+
+#else /*CHARSET_EBCDIC*/
+#include <openssl/e_os2.h>
+#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX)
+static void *dummy=&dummy;
+#endif
+#endif
diff --git a/crypto/ebcdic.h b/crypto/ebcdic.h
new file mode 100644
index 0000000000..6d65afcf9e
--- /dev/null
+++ b/crypto/ebcdic.h
@@ -0,0 +1,19 @@
+/* crypto/ebcdic.h */
+
+#ifndef HEADER_EBCDIC_H
+#define HEADER_EBCDIC_H
+
+#include <sys/types.h>
+
+/* Avoid name clashes with other applications */
+#define os_toascii   _openssl_os_toascii
+#define os_toebcdic  _openssl_os_toebcdic
+#define ebcdic2ascii _openssl_ebcdic2ascii
+#define ascii2ebcdic _openssl_ascii2ebcdic
+
+extern const unsigned char os_toascii[256];
+extern const unsigned char os_toebcdic[256];
+void *ebcdic2ascii(void *dest, const void *srce, size_t count);
+void *ascii2ebcdic(void *dest, const void *srce, size_t count);
+
+#endif
diff --git a/crypto/ec/.cvsignore b/crypto/ec/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/ec/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/ec/Makefile.ssl b/crypto/ec/Makefile.ssl
new file mode 100644
index 0000000000..16997c6125
--- /dev/null
+++ b/crypto/ec/Makefile.ssl
@@ -0,0 +1,206 @@
+#
+# crypto/ec/Makefile
+#
+
+DIR=	ec
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=ectest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=	ec_lib.c ecp_smpl.c ecp_mont.c ecp_recp.c ecp_nist.c ec_cvt.c ec_mult.c\
+	ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c\
+	ec2_smpl.c ec2_smpt.c ec2_mult.c
+
+LIBOBJ=	ec_lib.o ecp_smpl.o ecp_mont.o ecp_recp.o ecp_nist.o ec_cvt.o ec_mult.o\
+	ec_err.o ec_curve.o ec_check.o ec_print.o ec_asn1.o ec_key.o\
+	ec2_smpl.o ec2_mult.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ec.h
+HEADER=	ec_lcl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB) || echo Never mind.
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ec2_mult.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec2_mult.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec2_mult.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec2_mult.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec2_mult.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec2_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec2_mult.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec2_mult.o: ../../include/openssl/symhacks.h ec2_mult.c ec_lcl.h
+ec2_smpl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec2_smpl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec2_smpl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec2_smpl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec2_smpl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec2_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec2_smpl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec2_smpl.o: ../../include/openssl/symhacks.h ec2_smpl.c ec2_smpt.c ec_lcl.h
+ec2_smpt.o: ec2_smpt.c
+ec_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+ec_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ec_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ec_asn1.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ec_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+ec_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ec_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_asn1.o: ../../include/openssl/symhacks.h ec_asn1.c ec_lcl.h
+ec_check.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_check.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_check.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_check.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec_check.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_check.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_check.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_check.o: ../../include/openssl/symhacks.h ec_check.c ec_lcl.h
+ec_curve.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_curve.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_curve.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_curve.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec_curve.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_curve.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_curve.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_curve.o: ../../include/openssl/symhacks.h ec_curve.c ec_lcl.h
+ec_cvt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_cvt.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_cvt.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_cvt.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec_cvt.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_cvt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_cvt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_cvt.o: ../../include/openssl/symhacks.h ec_cvt.c ec_lcl.h
+ec_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ec_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ec_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ec_err.o: ec_err.c
+ec_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_key.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_key.o: ../../include/openssl/symhacks.h ec_key.c ec_lcl.h
+ec_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_lib.o: ../../include/openssl/symhacks.h ec_lcl.h ec_lib.c
+ec_mult.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_mult.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_mult.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_mult.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec_mult.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_mult.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_mult.o: ../../include/openssl/symhacks.h ec_lcl.h ec_mult.c
+ec_print.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_print.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_print.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_print.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_print.o: ../../include/openssl/symhacks.h ec_lcl.h ec_print.c
+ecp_mont.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecp_mont.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ecp_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecp_mont.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ecp_mont.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ecp_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecp_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecp_mont.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_mont.c
+ecp_nist.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecp_nist.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ecp_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecp_nist.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ecp_nist.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ecp_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecp_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecp_nist.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_nist.c
+ecp_recp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecp_recp.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ecp_recp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecp_recp.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ecp_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecp_recp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecp_recp.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_recp.c
+ecp_smpl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecp_smpl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ecp_smpl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecp_smpl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ecp_smpl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ecp_smpl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecp_smpl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecp_smpl.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_smpl.c
diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h
new file mode 100644
index 0000000000..53fb8cfc57
--- /dev/null
+++ b/crypto/ec/ec.h
@@ -0,0 +1,497 @@
+/* crypto/ec/ec.h */
+/*
+ * Originally written by Bodo Moeller for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by 
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#ifndef HEADER_EC_H
+#define HEADER_EC_H
+
+#ifdef OPENSSL_NO_EC
+#error EC is disabled.
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/symhacks.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+typedef enum {
+	/* values as defined in X9.62 (ECDSA) and elsewhere */
+	POINT_CONVERSION_COMPRESSED = 2,
+	POINT_CONVERSION_UNCOMPRESSED = 4,
+	POINT_CONVERSION_HYBRID = 6
+} point_conversion_form_t;
+
+
+typedef struct ec_method_st EC_METHOD;
+
+typedef struct ec_group_st
+	/*
+	 EC_METHOD *meth;
+	 -- field definition
+	 -- curve coefficients
+	 -- optional generator with associated information (order, cofactor)
+	 -- optional extra data (TODO: precomputed table for fast computation of multiples of generator)
+	 -- ASN1 stuff
+	*/
+	EC_GROUP;
+
+typedef struct ec_point_st EC_POINT;
+
+
+/* EC_METHODs for curves over GF(p).
+ * EC_GFp_simple_method provides the basis for the optimized methods.
+ */
+const EC_METHOD *EC_GFp_simple_method(void);
+const EC_METHOD *EC_GFp_mont_method(void);
+const EC_METHOD *EC_GFp_nist_method(void);
+#if 0
+const EC_METHOD *EC_GFp_recp_method(void); /* TODO */
+#endif
+
+/* EC_METHOD for curves over GF(2^m).
+ */
+const EC_METHOD *EC_GF2m_simple_method(void);
+
+
+EC_GROUP *EC_GROUP_new(const EC_METHOD *);
+void EC_GROUP_free(EC_GROUP *);
+void EC_GROUP_clear_free(EC_GROUP *);
+int EC_GROUP_copy(EC_GROUP *, const EC_GROUP *);
+EC_GROUP *EC_GROUP_dup(const EC_GROUP *);
+
+const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *);
+int EC_METHOD_get_field_type(const EC_METHOD *);
+
+int EC_GROUP_set_generator(EC_GROUP *, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
+EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *);
+int EC_GROUP_get_order(const EC_GROUP *, BIGNUM *order, BN_CTX *);
+int EC_GROUP_get_cofactor(const EC_GROUP *, BIGNUM *cofactor, BN_CTX *);
+
+void EC_GROUP_set_nid(EC_GROUP *, int); /* curve name */
+int EC_GROUP_get_nid(const EC_GROUP *);
+
+void EC_GROUP_set_asn1_flag(EC_GROUP *, int flag);
+int EC_GROUP_get_asn1_flag(const EC_GROUP *);
+
+void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t);
+point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
+
+unsigned char *EC_GROUP_get0_seed(const EC_GROUP *);
+size_t EC_GROUP_get_seed_len(const EC_GROUP *);
+size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
+
+int EC_GROUP_set_curve_GFp(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int EC_GROUP_get_curve_GFp(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
+int EC_GROUP_set_curve_GF2m(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int EC_GROUP_get_curve_GF2m(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
+
+int EC_GROUP_get_degree(const EC_GROUP *);
+
+/* EC_GROUP_check() returns 1 if 'group' defines a valid group, 0 otherwise */
+int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
+/* EC_GROUP_check_discriminant() returns 1 if the discriminant of the
+ * elliptic curve is not zero, 0 otherwise */
+int EC_GROUP_check_discriminant(const EC_GROUP *, BN_CTX *);
+
+/* EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*()
+ * after choosing an appropriate EC_METHOD */
+EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+
+/* EC_GROUP_new_by_nid() creates a EC_GROUP structure specified by a NID */
+EC_GROUP *EC_GROUP_new_by_nid(int nid);
+/* handling of internal curves */
+typedef struct { 
+	int nid;
+	const char *comment;
+	} EC_builtin_curve;
+/* EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number 
+ * of all available curves or zero if a error occurred. 
+ * In case r ist not zero nitems EC_builtin_curve structures 
+ * are filled with the data of the first nitems internal groups */
+size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
+
+
+/* EC_POINT functions */
+
+EC_POINT *EC_POINT_new(const EC_GROUP *);
+void EC_POINT_free(EC_POINT *);
+void EC_POINT_clear_free(EC_POINT *);
+int EC_POINT_copy(EC_POINT *, const EC_POINT *);
+EC_POINT *EC_POINT_dup(const EC_POINT *, const EC_GROUP *);
+ 
+const EC_METHOD *EC_POINT_method_of(const EC_POINT *);
+
+int EC_POINT_set_to_infinity(const EC_GROUP *, EC_POINT *);
+int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+	const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
+int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
+	BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
+int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+	const BIGNUM *x, const BIGNUM *y, BN_CTX *);
+int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
+	BIGNUM *x, BIGNUM *y, BN_CTX *);
+int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+	const BIGNUM *x, int y_bit, BN_CTX *);
+
+int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *, EC_POINT *,
+	const BIGNUM *x, const BIGNUM *y, BN_CTX *);
+int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *, const EC_POINT *,
+	BIGNUM *x, BIGNUM *y, BN_CTX *);
+int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *, EC_POINT *,
+	const BIGNUM *x, int y_bit, BN_CTX *);
+
+size_t EC_POINT_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
+        unsigned char *buf, size_t len, BN_CTX *);
+int EC_POINT_oct2point(const EC_GROUP *, EC_POINT *,
+        const unsigned char *buf, size_t len, BN_CTX *);
+
+/* other interfaces to point2oct/oct2point: */
+BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,
+	point_conversion_form_t form, BIGNUM *, BN_CTX *);
+EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *,
+	EC_POINT *, BN_CTX *);
+char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *,
+	point_conversion_form_t form, BN_CTX *);
+EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,
+	EC_POINT *, BN_CTX *);
+
+int EC_POINT_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+int EC_POINT_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
+int EC_POINT_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
+
+int EC_POINT_is_at_infinity(const EC_GROUP *, const EC_POINT *);
+int EC_POINT_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+int EC_POINT_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+
+int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
+
+
+int EC_POINTs_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, size_t num, const EC_POINT *[], const BIGNUM *[], BN_CTX *);
+int EC_POINT_mul(const EC_GROUP *, EC_POINT *r, const BIGNUM *, const EC_POINT *, const BIGNUM *, BN_CTX *);
+int EC_GROUP_precompute_mult(EC_GROUP *, BN_CTX *);
+
+
+
+/* ASN1 stuff */
+
+/* EC_GROUP_get_basis_type() returns the NID of the basis type
+ * used to represent the field elements */
+int EC_GROUP_get_basis_type(const EC_GROUP *);
+int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
+int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, 
+	unsigned int *k2, unsigned int *k3);
+
+#define OPENSSL_EC_NAMED_CURVE	0x001
+
+typedef struct ecpk_parameters_st ECPKPARAMETERS;
+
+EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len);
+int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);
+
+#define d2i_ECPKParameters_bio(bp,x) (EC_GROUP *)ASN1_d2i_bio(NULL, \
+                (char *(*)())d2i_ECPKParameters,(bp),(unsigned char **)(x))
+#define i2d_ECPKParameters_bio(bp,x) ASN1_i2d_bio(i2d_ECPKParameters,(bp), \
+		(unsigned char *)(x))
+#define d2i_ECPKParameters_fp(fp,x) (EC_GROUP *)ASN1_d2i_fp(NULL, \
+                (char *(*)())d2i_ECPKParameters,(fp),(unsigned char **)(x))
+#define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \
+		(unsigned char *)(x))
+
+#ifndef OPENSSL_NO_BIO
+int     ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
+#endif
+#ifndef OPENSSL_NO_FP_API
+int     ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
+#endif
+
+/* the EC_KEY stuff */
+typedef struct ec_key_st EC_KEY;
+
+typedef struct ec_key_meth_data_st {
+	int (*init)(EC_KEY *);
+	void (*finish)(EC_KEY *);
+	} EC_KEY_METH_DATA;
+
+struct ec_key_st {
+	int version;
+
+	EC_GROUP *group;
+
+	EC_POINT *pub_key;
+	BIGNUM	 *priv_key;
+
+	unsigned int enc_flag;
+	point_conversion_form_t conv_form;
+
+	int 	references;
+
+	EC_KEY_METH_DATA *meth_data;
+	}/* EC_KEY */;
+/* some values for the encoding_flag */
+#define EC_PKEY_NO_PARAMETERS	0x001
+#define EC_PKEY_NO_PUBKEY	0x002
+
+EC_KEY *EC_KEY_new(void);
+void EC_KEY_free(EC_KEY *);
+EC_KEY *EC_KEY_copy(EC_KEY *, const EC_KEY *);
+EC_KEY *EC_KEY_dup(const EC_KEY *);
+int EC_KEY_up_ref(EC_KEY *);
+
+/* EC_KEY_generate_key() creates a ec private (public) key */
+int EC_KEY_generate_key(EC_KEY *);
+/* EC_KEY_check_key() */
+int EC_KEY_check_key(const EC_KEY *);
+
+/* de- and encode functions for the SEC1 ECPrivateKey */
+EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len);
+int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out);
+/* de- and encode functions for the elliptic curve parameters */
+EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len);
+int i2d_ECParameters(EC_KEY *a, unsigned char **out);
+
+EC_KEY *ECPublicKey_set_octet_string(EC_KEY **a, const unsigned char **in, 
+					long len);
+int ECPublicKey_get_octet_string(EC_KEY *a, unsigned char **out);
+
+#ifndef OPENSSL_NO_BIO
+int	ECParameters_print(BIO *bp, const EC_KEY *x);
+int	EC_KEY_print(BIO *bp, const EC_KEY *x, int off);
+#endif
+#ifndef OPENSSL_NO_FP_API
+int	ECParameters_print_fp(FILE *fp, const EC_KEY *x);
+int	EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off);
+#endif
+
+#define ECParameters_dup(x) (EC_KEY *)ASN1_dup((int (*)())i2d_ECParameters,\
+		(char *(*)())d2i_ECParameters,(char *)(x))
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_EC_strings(void);
+
+/* Error codes for the EC functions. */
+
+/* Function codes. */
+#define EC_F_COMPUTE_WNAF				 143
+#define EC_F_D2I_ECPARAMETERS				 144
+#define EC_F_D2I_ECPKPARAMETERS				 145
+#define EC_F_D2I_ECPRIVATEKEY				 146
+#define EC_F_ECPARAMETERS_PRINT				 147
+#define EC_F_ECPARAMETERS_PRINT_FP			 148
+#define EC_F_ECPKPARAMETERS_PRINT			 149
+#define EC_F_ECPKPARAMETERS_PRINT_FP			 150
+#define EC_F_ECPUBLICKEY_GET_OCTET			 151
+#define EC_F_ECPUBLICKEY_SET_OCTET			 152
+#define EC_F_ECP_NIST_MOD_192				 203
+#define EC_F_ECP_NIST_MOD_224				 204
+#define EC_F_ECP_NIST_MOD_256				 205
+#define EC_F_ECP_NIST_MOD_521				 206
+#define EC_F_EC_ASN1_GROUP2CURVE			 153
+#define EC_F_EC_ASN1_GROUP2FIELDID			 154
+#define EC_F_EC_ASN1_GROUP2PARAMETERS			 155
+#define EC_F_EC_ASN1_GROUP2PKPARAMETERS			 156
+#define EC_F_EC_ASN1_PARAMETERS2GROUP			 157
+#define EC_F_EC_ASN1_PKPARAMETERS2GROUP			 158
+#define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT	 159
+#define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE		 195
+#define EC_F_EC_GF2M_SIMPLE_OCT2POINT			 160
+#define EC_F_EC_GF2M_SIMPLE_POINT2OCT			 161
+#define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162
+#define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163
+#define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES	 164
+#define EC_F_EC_GFP_MONT_FIELD_DECODE			 133
+#define EC_F_EC_GFP_MONT_FIELD_ENCODE			 134
+#define EC_F_EC_GFP_MONT_FIELD_MUL			 131
+#define EC_F_EC_GFP_MONT_FIELD_SQR			 132
+#define EC_F_EC_GFP_NIST_FIELD_MUL			 200
+#define EC_F_EC_GFP_NIST_FIELD_SQR			 201
+#define EC_F_EC_GFP_NIST_GROUP_SET_CURVE_GFP		 202
+#define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT	 165
+#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE		 166
+#define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP		 100
+#define EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR		 101
+#define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE			 102
+#define EC_F_EC_GFP_SIMPLE_OCT2POINT			 103
+#define EC_F_EC_GFP_SIMPLE_POINT2OCT			 104
+#define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE		 137
+#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES	 167
+#define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP 105
+#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES	 168
+#define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP 128
+#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES	 169
+#define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP 129
+#define EC_F_EC_GROUP_CHECK				 170
+#define EC_F_EC_GROUP_CHECK_DISCRIMINANT		 171
+#define EC_F_EC_GROUP_COPY				 106
+#define EC_F_EC_GROUP_GET0_GENERATOR			 139
+#define EC_F_EC_GROUP_GET_COFACTOR			 140
+#define EC_F_EC_GROUP_GET_CURVE_GF2M			 172
+#define EC_F_EC_GROUP_GET_CURVE_GFP			 130
+#define EC_F_EC_GROUP_GET_DEGREE			 173
+#define EC_F_EC_GROUP_GET_EXTRA_DATA			 107
+#define EC_F_EC_GROUP_GET_ORDER				 141
+#define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS		 193
+#define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS		 194
+#define EC_F_EC_GROUP_GROUP2NID				 147
+#define EC_F_EC_GROUP_NEW				 108
+#define EC_F_EC_GROUP_NEW_BY_NID			 174
+#define EC_F_EC_GROUP_NEW_FROM_DATA			 175
+#define EC_F_EC_GROUP_PRECOMPUTE_MULT			 142
+#define EC_F_EC_GROUP_SET_CURVE_GF2M			 176
+#define EC_F_EC_GROUP_SET_CURVE_GFP			 109
+#define EC_F_EC_GROUP_SET_EXTRA_DATA			 110
+#define EC_F_EC_GROUP_SET_GENERATOR			 111
+#define EC_F_EC_KEY_CHECK_KEY				 177
+#define EC_F_EC_KEY_COPY				 178
+#define EC_F_EC_KEY_GENERATE_KEY			 179
+#define EC_F_EC_KEY_PRINT				 180
+#define EC_F_EC_KEY_PRINT_FP				 181
+#define EC_F_EC_NEW					 182
+#define EC_F_EC_POINTS_MAKE_AFFINE			 136
+#define EC_F_EC_POINTS_MUL				 138
+#define EC_F_EC_POINT_ADD				 112
+#define EC_F_EC_POINT_CMP				 113
+#define EC_F_EC_POINT_COPY				 114
+#define EC_F_EC_POINT_DBL				 115
+#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M	 183
+#define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP	 116
+#define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP	 117
+#define EC_F_EC_POINT_IS_AT_INFINITY			 118
+#define EC_F_EC_POINT_IS_ON_CURVE			 119
+#define EC_F_EC_POINT_MAKE_AFFINE			 120
+#define EC_F_EC_POINT_MUL				 184
+#define EC_F_EC_POINT_NEW				 121
+#define EC_F_EC_POINT_OCT2POINT				 122
+#define EC_F_EC_POINT_POINT2OCT				 123
+#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M	 185
+#define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP	 124
+#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M	 186
+#define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP	 125
+#define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP	 126
+#define EC_F_EC_POINT_SET_TO_INFINITY			 127
+#define EC_F_EC_WNAF_MUL				 187
+#define EC_F_EC_WNAF_PRECOMPUTE_MULT			 188
+#define EC_F_GFP_MONT_GROUP_SET_CURVE			 189
+#define EC_F_GFP_MONT_GROUP_SET_CURVE_GFP		 135
+#define EC_F_I2D_ECPARAMETERS				 190
+#define EC_F_I2D_ECPKPARAMETERS				 191
+#define EC_F_I2D_ECPRIVATEKEY				 192
+
+/* Reason codes. */
+#define EC_R_ASN1_ERROR					 115
+#define EC_R_ASN1_UNKNOWN_FIELD				 116
+#define EC_R_BUFFER_TOO_SMALL				 100
+#define EC_R_D2I_ECPKPARAMETERS_FAILURE			 117
+#define EC_R_DISCRIMINANT_IS_ZERO			 118
+#define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE		 119
+#define EC_R_GROUP2PKPARAMETERS_FAILURE			 120
+#define EC_R_I2D_ECPKPARAMETERS_FAILURE			 121
+#define EC_R_INCOMPATIBLE_OBJECTS			 101
+#define EC_R_INTERNAL_ERROR				 132
+#define EC_R_INVALID_ARGUMENT				 112
+#define EC_R_INVALID_COMPRESSED_POINT			 110
+#define EC_R_INVALID_COMPRESSION_BIT			 109
+#define EC_R_INVALID_ENCODING				 102
+#define EC_R_INVALID_FIELD				 103
+#define EC_R_INVALID_FORM				 104
+#define EC_R_INVALID_GROUP_ORDER			 122
+#define EC_R_INVALID_PRIVATE_KEY			 123
+#define EC_R_MISSING_PARAMETERS				 124
+#define EC_R_MISSING_PRIVATE_KEY			 125
+#define EC_R_NOT_A_NIST_PRIME			         135
+#define EC_R_NOT_A_SUPPORTED_NIST_PRIME	                 136
+#define EC_R_NOT_IMPLEMENTED				 126
+#define EC_R_NOT_INITIALIZED				 111
+#define EC_R_NO_FIELD_MOD				 133
+#define EC_R_NO_SUCH_EXTRA_DATA				 105
+#define EC_R_PASSED_NULL_PARAMETER			 134
+#define EC_R_PKPARAMETERS2GROUP_FAILURE			 127
+#define EC_R_POINT_AT_INFINITY				 106
+#define EC_R_POINT_IS_NOT_ON_CURVE			 107
+#define EC_R_SLOT_FULL					 108
+#define EC_R_UNDEFINED_GENERATOR			 113
+#define EC_R_UNDEFINED_ORDER				 128
+#define EC_R_UNKNOWN_GROUP				 129
+#define EC_R_UNKNOWN_ORDER				 114
+#define EC_R_UNSUPPORTED_FIELD				 131
+#define EC_R_WRONG_ORDER				 130
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c
new file mode 100644
index 0000000000..eefb41a157
--- /dev/null
+++ b/crypto/ec/ec2_mult.c
@@ -0,0 +1,375 @@
+/* crypto/ec/ec2_mult.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The software is originally written by Sheueling Chang Shantz and
+ * Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/err.h>
+
+#include "ec_lcl.h"
+
+
+/* Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective 
+ * coordinates.
+ * Uses algorithm Mdouble in appendix of 
+ *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
+ *     GF(2^m) without precomputation".
+ * modified to not require precomputation of c=b^{2^{m-1}}.
+ */
+static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx)
+	{
+	BIGNUM *t1;
+	int ret = 0;
+	
+	/* Since Mdouble is static we can guarantee that ctx != NULL. */
+	BN_CTX_start(ctx);
+	t1 = BN_CTX_get(ctx);
+	if (t1 == NULL) goto err;
+
+	if (!group->meth->field_sqr(group, x, x, ctx)) goto err;
+	if (!group->meth->field_sqr(group, t1, z, ctx)) goto err;
+	if (!group->meth->field_mul(group, z, x, t1, ctx)) goto err;
+	if (!group->meth->field_sqr(group, x, x, ctx)) goto err;
+	if (!group->meth->field_sqr(group, t1, t1, ctx)) goto err;
+	if (!group->meth->field_mul(group, t1, &group->b, t1, ctx)) goto err;
+	if (!BN_GF2m_add(x, x, t1)) goto err;
+
+	ret = 1;
+
+ err:
+	BN_CTX_end(ctx);
+	return ret;
+	}
+
+/* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery 
+ * projective coordinates.
+ * Uses algorithm Madd in appendix of 
+ *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
+ *     GF(2^m) without precomputation".
+ */
+static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1, 
+	const BIGNUM *x2, const BIGNUM *z2, BN_CTX *ctx)
+	{
+	BIGNUM *t1, *t2;
+	int ret = 0;
+	
+	/* Since Madd is static we can guarantee that ctx != NULL. */
+	BN_CTX_start(ctx);
+	t1 = BN_CTX_get(ctx);
+	t2 = BN_CTX_get(ctx);
+	if (t2 == NULL) goto err;
+
+	if (!BN_copy(t1, x)) goto err;
+	if (!group->meth->field_mul(group, x1, x1, z2, ctx)) goto err;
+	if (!group->meth->field_mul(group, z1, z1, x2, ctx)) goto err;
+	if (!group->meth->field_mul(group, t2, x1, z1, ctx)) goto err;
+	if (!BN_GF2m_add(z1, z1, x1)) goto err;
+	if (!group->meth->field_sqr(group, z1, z1, ctx)) goto err;
+	if (!group->meth->field_mul(group, x1, z1, t1, ctx)) goto err;
+	if (!BN_GF2m_add(x1, x1, t2)) goto err;
+
+	ret = 1;
+
+ err:
+	BN_CTX_end(ctx);
+	return ret;
+	}
+
+/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) 
+ * using Montgomery point multiplication algorithm Mxy() in appendix of 
+ *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
+ *     GF(2^m) without precomputation".
+ * Returns:
+ *     0 on error
+ *     1 if return value should be the point at infinity
+ *     2 otherwise
+ */
+static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIGNUM *x1, 
+	BIGNUM *z1, BIGNUM *x2, BIGNUM *z2, BN_CTX *ctx)
+	{
+	BIGNUM *t3, *t4, *t5;
+	int ret = 0;
+	
+	if (BN_is_zero(z1))
+		{
+		if (!BN_zero(x2)) return 0;
+		if (!BN_zero(z2)) return 0;
+		return 1;
+		}
+	
+	if (BN_is_zero(z2))
+		{
+		if (!BN_copy(x2, x)) return 0;
+		if (!BN_GF2m_add(z2, x, y)) return 0;
+		return 2;
+		}
+		
+	/* Since Mxy is static we can guarantee that ctx != NULL. */
+	BN_CTX_start(ctx);
+	t3 = BN_CTX_get(ctx);
+	t4 = BN_CTX_get(ctx);
+	t5 = BN_CTX_get(ctx);
+	if (t5 == NULL) goto err;
+
+	if (!BN_one(t5)) goto err;
+
+	if (!group->meth->field_mul(group, t3, z1, z2, ctx)) goto err;
+
+	if (!group->meth->field_mul(group, z1, z1, x, ctx)) goto err;
+	if (!BN_GF2m_add(z1, z1, x1)) goto err;
+	if (!group->meth->field_mul(group, z2, z2, x, ctx)) goto err;
+	if (!group->meth->field_mul(group, x1, z2, x1, ctx)) goto err;
+	if (!BN_GF2m_add(z2, z2, x2)) goto err;
+
+	if (!group->meth->field_mul(group, z2, z2, z1, ctx)) goto err;
+	if (!group->meth->field_sqr(group, t4, x, ctx)) goto err;
+	if (!BN_GF2m_add(t4, t4, y)) goto err;
+	if (!group->meth->field_mul(group, t4, t4, t3, ctx)) goto err;
+	if (!BN_GF2m_add(t4, t4, z2)) goto err;
+
+	if (!group->meth->field_mul(group, t3, t3, x, ctx)) goto err;
+	if (!group->meth->field_div(group, t3, t5, t3, ctx)) goto err;
+	if (!group->meth->field_mul(group, t4, t3, t4, ctx)) goto err;
+	if (!group->meth->field_mul(group, x2, x1, t3, ctx)) goto err;
+	if (!BN_GF2m_add(z2, x2, x)) goto err;
+
+	if (!group->meth->field_mul(group, z2, z2, t4, ctx)) goto err;
+	if (!BN_GF2m_add(z2, z2, y)) goto err;
+
+	ret = 2;
+
+ err:
+	BN_CTX_end(ctx);
+	return ret;
+	}
+
+/* Computes scalar*point and stores the result in r.
+ * point can not equal r.
+ * Uses algorithm 2P of
+ *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
+ *     GF(2^m) without precomputation".
+ */
+static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+	const EC_POINT *point, BN_CTX *ctx)
+	{
+	BIGNUM *x1, *x2, *z1, *z2;
+	int ret = 0, i, j;
+	BN_ULONG mask;
+
+	if (r == point)
+		{
+		ECerr(EC_F_EC_POINT_MUL, EC_R_INVALID_ARGUMENT);
+		return 0;
+		}
+	
+	/* if result should be point at infinity */
+	if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) || 
+		EC_POINT_is_at_infinity(group, point))
+		{
+		return EC_POINT_set_to_infinity(group, r);
+		}
+
+	/* only support affine coordinates */
+	if (!point->Z_is_one) return 0;
+
+	/* Since point_multiply is static we can guarantee that ctx != NULL. */
+	BN_CTX_start(ctx);
+	x1 = BN_CTX_get(ctx);
+	z1 = BN_CTX_get(ctx);
+	if (z1 == NULL) goto err;
+
+	x2 = &r->X;
+	z2 = &r->Y;
+
+	if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */
+	if (!BN_one(z1)) goto err; /* z1 = 1 */
+	if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */
+	if (!group->meth->field_sqr(group, x2, z2, ctx)) goto err;
+	if (!BN_GF2m_add(x2, x2, &group->b)) goto err; /* x2 = x^4 + b */
+
+	/* find top most bit and go one past it */
+	i = scalar->top - 1; j = BN_BITS2 - 1;
+	mask = BN_TBIT;
+	while (!(scalar->d[i] & mask)) { mask >>= 1; j--; }
+	mask >>= 1; j--;
+	/* if top most bit was at word break, go to next word */
+	if (!mask) 
+		{
+		i--; j = BN_BITS2 - 1;
+		mask = BN_TBIT;
+		}
+
+	for (; i >= 0; i--)
+		{
+		for (; j >= 0; j--)
+			{
+			if (scalar->d[i] & mask)
+				{
+				if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err;
+				if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err;
+				}
+			else
+				{
+				if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
+				if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
+				}
+			mask >>= 1;
+			}
+		j = BN_BITS2 - 1;
+		mask = BN_TBIT;
+		}
+
+	/* convert out of "projective" coordinates */
+	i = gf2m_Mxy(group, &point->X, &point->Y, x1, z1, x2, z2, ctx);
+	if (i == 0) goto err;
+	else if (i == 1) 
+		{
+		if (!EC_POINT_set_to_infinity(group, r)) goto err;
+		}
+	else
+		{
+		if (!BN_one(&r->Z)) goto err;
+		r->Z_is_one = 1;
+		}
+
+	/* GF(2^m) field elements should always have BIGNUM::neg = 0 */
+	BN_set_sign(&r->X, 0);
+	BN_set_sign(&r->Y, 0);
+
+	ret = 1;
+
+ err:
+	BN_CTX_end(ctx);
+	return ret;
+	}
+
+
+/* Computes the sum
+ *     scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1]
+ * gracefully ignoring NULL scalar values.
+ */
+int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+	size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
+	{
+	BN_CTX *new_ctx = NULL;
+	int ret = 0, i;
+	EC_POINT *p=NULL;
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	/* This implementation is more efficient than the wNAF implementation for 2
+	 * or fewer points.  Use the ec_wNAF_mul implementation for 3 or more points.
+	 */
+	if ((scalar && (num > 1)) || (num > 2))
+		{
+		ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
+		goto err;
+		}
+
+	if ((p = EC_POINT_new(group)) == NULL) goto err;
+
+	if (!EC_POINT_set_to_infinity(group, r)) goto err;
+
+	if (scalar)
+		{
+		if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err;
+		if (BN_get_sign(scalar)) 
+			if (!group->meth->invert(group, p, ctx)) goto err;
+		if (!group->meth->add(group, r, r, p, ctx)) goto err;
+		}
+
+	for (i = 0; i < num; i++)
+		{
+		if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err;
+		if (BN_get_sign(scalars[i]))
+			if (!group->meth->invert(group, p, ctx)) goto err;
+		if (!group->meth->add(group, r, r, p, ctx)) goto err;
+		}
+
+	ret = 1;
+
+  err:
+	if (p) EC_POINT_free(p);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+/* Precomputation for point multiplication. */	
+int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+	{
+	/* There is no precomputation to do for Montgomery scalar multiplication but
+	 * since this implementation falls back to the wNAF multiplication for more than
+	 * two points, call the wNAF implementation's precompute.
+	 */
+	return ec_wNAF_precompute_mult(group, ctx);
+	}
diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c
new file mode 100644
index 0000000000..1bc440eed1
--- /dev/null
+++ b/crypto/ec/ec2_smpl.c
@@ -0,0 +1,974 @@
+/* crypto/ec/ec2_smpl.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The software is originally written by Sheueling Chang Shantz and
+ * Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/err.h>
+
+#include "ec_lcl.h"
+
+
+const EC_METHOD *EC_GF2m_simple_method(void)
+	{
+	static const EC_METHOD ret = {
+		NID_X9_62_characteristic_two_field,
+		ec_GF2m_simple_group_init,
+		ec_GF2m_simple_group_finish,
+		ec_GF2m_simple_group_clear_finish,
+		ec_GF2m_simple_group_copy,
+		ec_GF2m_simple_group_set_curve,
+		ec_GF2m_simple_group_get_curve,
+		ec_GF2m_simple_group_get_degree,
+		ec_GF2m_simple_group_check_discriminant,
+		ec_GF2m_simple_point_init,
+		ec_GF2m_simple_point_finish,
+		ec_GF2m_simple_point_clear_finish,
+		ec_GF2m_simple_point_copy,
+		ec_GF2m_simple_point_set_to_infinity,
+		0 /* set_Jprojective_coordinates_GFp */,
+		0 /* get_Jprojective_coordinates_GFp */,
+		ec_GF2m_simple_point_set_affine_coordinates,
+		ec_GF2m_simple_point_get_affine_coordinates,
+		ec_GF2m_simple_set_compressed_coordinates,
+		ec_GF2m_simple_point2oct,
+		ec_GF2m_simple_oct2point,
+		ec_GF2m_simple_add,
+		ec_GF2m_simple_dbl,
+		ec_GF2m_simple_invert,
+		ec_GF2m_simple_mul,
+		ec_GF2m_precompute_mult,
+		ec_GF2m_simple_is_at_infinity,
+		ec_GF2m_simple_is_on_curve,
+		ec_GF2m_simple_cmp,
+		ec_GF2m_simple_make_affine,
+		ec_GF2m_simple_points_make_affine,
+		ec_GF2m_simple_field_mul,
+		ec_GF2m_simple_field_sqr,
+		ec_GF2m_simple_field_div,
+		0 /* field_encode */,
+		0 /* field_decode */,
+		0 /* field_set_to_one */ };
+
+	return &ret;
+	}
+
+
+/* Initialize a GF(2^m)-based EC_GROUP structure.
+ * Note that all other members are handled by EC_GROUP_new.
+ */
+int ec_GF2m_simple_group_init(EC_GROUP *group)
+	{
+	BN_init(&group->field);
+	BN_init(&group->a);
+	BN_init(&group->b);
+	return 1;
+	}
+
+
+/* Free a GF(2^m)-based EC_GROUP structure.
+ * Note that all other members are handled by EC_GROUP_free.
+ */
+void ec_GF2m_simple_group_finish(EC_GROUP *group)
+	{
+	BN_free(&group->field);
+	BN_free(&group->a);
+	BN_free(&group->b);
+	}
+
+
+/* Clear and free a GF(2^m)-based EC_GROUP structure.
+ * Note that all other members are handled by EC_GROUP_clear_free.
+ */
+void ec_GF2m_simple_group_clear_finish(EC_GROUP *group)
+	{
+	BN_clear_free(&group->field);
+	BN_clear_free(&group->a);
+	BN_clear_free(&group->b);
+	group->poly[0] = 0;
+	group->poly[1] = 0;
+	group->poly[2] = 0;
+	group->poly[3] = 0;
+	group->poly[4] = 0;
+	}
+
+
+/* Copy a GF(2^m)-based EC_GROUP structure.
+ * Note that all other members are handled by EC_GROUP_copy.
+ */
+int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+	{
+	int i;
+	if (!BN_copy(&dest->field, &src->field)) return 0;
+	if (!BN_copy(&dest->a, &src->a)) return 0;
+	if (!BN_copy(&dest->b, &src->b)) return 0;
+	dest->poly[0] = src->poly[0];
+	dest->poly[1] = src->poly[1];
+	dest->poly[2] = src->poly[2];
+	dest->poly[3] = src->poly[3];
+	dest->poly[4] = src->poly[4];
+	bn_wexpand(&dest->a, (dest->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+	bn_wexpand(&dest->b, (dest->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+	for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0;
+	for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0;
+	return 1;
+	}
+
+
+/* Set the curve parameters of an EC_GROUP structure. */
+int ec_GF2m_simple_group_set_curve(EC_GROUP *group,
+	const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+	{
+	int ret = 0, i;
+
+	/* group->field */
+	if (!BN_copy(&group->field, p)) goto err;
+	i = BN_GF2m_poly2arr(&group->field, group->poly, 5);
+	if ((i != 5) && (i != 3))
+		{
+		ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
+		goto err;
+		}
+
+	/* group->a */
+	if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) goto err;
+	bn_wexpand(&group->a, (group->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+	for (i = group->a.top; i < group->a.dmax; i++) group->a.d[i] = 0;
+	
+	/* group->b */
+	if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) goto err;
+	bn_wexpand(&group->b, (group->poly[0] + BN_BITS2 - 1) / BN_BITS2);
+	for (i = group->b.top; i < group->b.dmax; i++) group->b.d[i] = 0;
+		
+	ret = 1;
+  err:
+	return ret;
+	}
+
+
+/* Get the curve parameters of an EC_GROUP structure.
+ * If p, a, or b are NULL then there values will not be set but the method will return with success.
+ */
+int ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+	{
+	int ret = 0;
+	
+	if (p != NULL)
+		{
+		if (!BN_copy(p, &group->field)) return 0;
+		}
+
+	if (a != NULL)
+		{
+		if (!BN_copy(a, &group->a)) goto err;
+		}
+
+	if (b != NULL)
+		{
+		if (!BN_copy(b, &group->b)) goto err;
+		}
+	
+	ret = 1;
+	
+  err:
+	return ret;
+	}
+
+
+/* Gets the degree of the field.  For a curve over GF(2^m) this is the value m. */
+int ec_GF2m_simple_group_get_degree(const EC_GROUP *group)
+	{
+	return BN_num_bits(&group->field)-1;
+	}
+
+
+/* Checks the discriminant of the curve.
+ * y^2 + x*y = x^3 + a*x^2 + b is an elliptic curve <=> b != 0 (mod p) 
+ */
+int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
+	{
+	int ret = 0;
+	BIGNUM *b;
+	BN_CTX *new_ctx = NULL;
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			{
+			ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		}
+	BN_CTX_start(ctx);
+	b = BN_CTX_get(ctx);
+	if (b == NULL) goto err;
+
+	if (!BN_GF2m_mod_arr(b, &group->b, group->poly)) goto err;
+	
+	/* check the discriminant:
+	 * y^2 + x*y = x^3 + a*x^2 + b is an elliptic curve <=> b != 0 (mod p) 
+	 */
+	if (BN_is_zero(b)) goto err;
+
+	ret = 1;
+
+err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+/* Initializes an EC_POINT. */
+int ec_GF2m_simple_point_init(EC_POINT *point)
+	{
+	BN_init(&point->X);
+	BN_init(&point->Y);
+	BN_init(&point->Z);
+	return 1;
+	}
+
+
+/* Frees an EC_POINT. */
+void ec_GF2m_simple_point_finish(EC_POINT *point)
+	{
+	BN_free(&point->X);
+	BN_free(&point->Y);
+	BN_free(&point->Z);
+	}
+
+
+/* Clears and frees an EC_POINT. */
+void ec_GF2m_simple_point_clear_finish(EC_POINT *point)
+	{
+	BN_clear_free(&point->X);
+	BN_clear_free(&point->Y);
+	BN_clear_free(&point->Z);
+	point->Z_is_one = 0;
+	}
+
+
+/* Copy the contents of one EC_POINT into another.  Assumes dest is initialized. */
+int ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
+	{
+	if (!BN_copy(&dest->X, &src->X)) return 0;
+	if (!BN_copy(&dest->Y, &src->Y)) return 0;
+	if (!BN_copy(&dest->Z, &src->Z)) return 0;
+	dest->Z_is_one = src->Z_is_one;
+
+	return 1;
+	}
+
+
+/* Set an EC_POINT to the point at infinity.  
+ * A point at infinity is represented by having Z=0.
+ */
+int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
+	{
+	point->Z_is_one = 0;
+	return (BN_zero(&point->Z));
+	}
+
+
+/* Set the coordinates of an EC_POINT using affine coordinates. 
+ * Note that the simple implementation only uses affine coordinates.
+ */
+int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,
+	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
+	{
+	int ret = 0;	
+	if (x == NULL || y == NULL)
+		{
+		ECerr(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+
+	if (!BN_copy(&point->X, x)) goto err;
+	BN_set_sign(&point->X, 0);
+	if (!BN_copy(&point->Y, y)) goto err;
+	BN_set_sign(&point->Y, 0);
+	if (!BN_copy(&point->Z, BN_value_one())) goto err;
+	BN_set_sign(&point->Z, 0);
+	point->Z_is_one = 1;
+	ret = 1;
+
+  err:
+	return ret;
+	}
+
+
+/* Gets the affine coordinates of an EC_POINT. 
+ * Note that the simple implementation only uses affine coordinates.
+ */
+int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
+	BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
+	{
+	int ret = 0;
+
+	if (EC_POINT_is_at_infinity(group, point))
+		{
+		ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY);
+		return 0;
+		}
+
+	if (BN_cmp(&point->Z, BN_value_one())) 
+		{
+		ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (x != NULL)
+		{
+		if (!BN_copy(x, &point->X)) goto err;
+		BN_set_sign(x, 0);
+		}
+	if (y != NULL)
+		{
+		if (!BN_copy(y, &point->Y)) goto err;
+		BN_set_sign(y, 0);
+		}
+	ret = 1;
+		
+ err:
+	return ret;
+	}
+
+
+/* Include patented algorithms. */
+#include "ec2_smpt.c"
+
+
+/* Converts an EC_POINT to an octet string.  
+ * If buf is NULL, the encoded length will be returned.
+ * If the length len of buf is smaller than required an error will be returned.
+ *
+ * The point compression section of this function is patented by Certicom Corp. 
+ * under US Patent 6,141,420.  Point compression is disabled by default and can 
+ * be enabled by defining the preprocessor macro OPENSSL_EC_BIN_PT_COMP at 
+ * Configure-time.
+ */
+size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
+	unsigned char *buf, size_t len, BN_CTX *ctx)
+	{
+	size_t ret;
+	BN_CTX *new_ctx = NULL;
+	int used_ctx = 0;
+	BIGNUM *x, *y, *yxi;
+	size_t field_len, i, skip;
+
+#ifndef OPENSSL_EC_BIN_PT_COMP
+	if ((form == POINT_CONVERSION_COMPRESSED) || (form == POINT_CONVERSION_HYBRID)) 
+		{
+		ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_DISABLED);
+		goto err;
+		}
+#endif
+
+	if ((form != POINT_CONVERSION_COMPRESSED)
+		&& (form != POINT_CONVERSION_UNCOMPRESSED)
+		&& (form != POINT_CONVERSION_HYBRID))
+		{
+		ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
+		goto err;
+		}
+
+	if (EC_POINT_is_at_infinity(group, point))
+		{
+		/* encodes to a single 0 octet */
+		if (buf != NULL)
+			{
+			if (len < 1)
+				{
+				ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+				return 0;
+				}
+			buf[0] = 0;
+			}
+		return 1;
+		}
+
+
+	/* ret := required output buffer length */
+	field_len = (EC_GROUP_get_degree(group) + 7) / 8;
+	ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
+
+	/* if 'buf' is NULL, just return required length */
+	if (buf != NULL)
+		{
+		if (len < ret)
+			{
+			ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+			goto err;
+			}
+
+		if (ctx == NULL)
+			{
+			ctx = new_ctx = BN_CTX_new();
+			if (ctx == NULL)
+				return 0;
+			}
+
+		BN_CTX_start(ctx);
+		used_ctx = 1;
+		x = BN_CTX_get(ctx);
+		y = BN_CTX_get(ctx);
+		yxi = BN_CTX_get(ctx);
+		if (yxi == NULL) goto err;
+
+		if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
+
+		buf[0] = form;
+#ifdef OPENSSL_EC_BIN_PT_COMP
+		if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x))
+			{
+			if (!group->meth->field_div(group, yxi, y, x, ctx)) goto err;
+			if (BN_is_odd(yxi)) buf[0]++;
+			}
+#endif
+
+		i = 1;
+		
+		skip = field_len - BN_num_bytes(x);
+		if (skip > field_len)
+			{
+			ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+			goto err;
+			}
+		while (skip > 0)
+			{
+			buf[i++] = 0;
+			skip--;
+			}
+		skip = BN_bn2bin(x, buf + i);
+		i += skip;
+		if (i != 1 + field_len)
+			{
+			ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+			goto err;
+			}
+
+		if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID)
+			{
+			skip = field_len - BN_num_bytes(y);
+			if (skip > field_len)
+				{
+				ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+				goto err;
+				}
+			while (skip > 0)
+				{
+				buf[i++] = 0;
+				skip--;
+				}
+			skip = BN_bn2bin(y, buf + i);
+			i += skip;
+			}
+
+		if (i != ret)
+			{
+			ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+			goto err;
+			}
+		}
+	
+	if (used_ctx)
+		BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+
+ err:
+	if (used_ctx)
+		BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return 0;
+	}
+
+
+/* Converts an octet string representation to an EC_POINT. 
+ * Note that the simple implementation only uses affine coordinates.
+ */
+int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
+	const unsigned char *buf, size_t len, BN_CTX *ctx)
+	{
+	point_conversion_form_t form;
+	int y_bit;
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *x, *y, *yxi;
+	size_t field_len, enc_len;
+	int ret = 0;
+
+	if (len == 0)
+		{
+		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
+		return 0;
+		}
+	form = buf[0];
+	y_bit = form & 1;
+	form = form & ~1;
+	if ((form != 0)	&& (form != POINT_CONVERSION_COMPRESSED)
+		&& (form != POINT_CONVERSION_UNCOMPRESSED)
+		&& (form != POINT_CONVERSION_HYBRID))
+		{
+		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+		return 0;
+		}
+	if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit)
+		{
+		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+		return 0;
+		}
+
+	if (form == 0)
+		{
+		if (len != 1)
+			{
+			ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+			return 0;
+			}
+
+		return EC_POINT_set_to_infinity(group, point);
+		}
+	
+	field_len = (EC_GROUP_get_degree(group) + 7) / 8;
+	enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
+
+	if (len != enc_len)
+		{
+		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+		return 0;
+		}
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	BN_CTX_start(ctx);
+	x = BN_CTX_get(ctx);
+	y = BN_CTX_get(ctx);
+	yxi = BN_CTX_get(ctx);
+	if (yxi == NULL) goto err;
+
+	if (!BN_bin2bn(buf + 1, field_len, x)) goto err;
+	if (BN_ucmp(x, &group->field) >= 0)
+		{
+		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+		goto err;
+		}
+
+	if (form == POINT_CONVERSION_COMPRESSED)
+		{
+		if (!EC_POINT_set_compressed_coordinates_GF2m(group, point, x, y_bit, ctx)) goto err;
+		}
+	else
+		{
+		if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err;
+		if (BN_ucmp(y, &group->field) >= 0)
+			{
+			ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+			goto err;
+			}
+		if (form == POINT_CONVERSION_HYBRID)
+			{
+			if (!group->meth->field_div(group, yxi, y, x, ctx)) goto err;
+			if (y_bit != BN_is_odd(yxi))
+				{
+				ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+				goto err;
+				}
+			}
+
+		if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
+		}
+	
+	if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
+		{
+		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
+		goto err;
+		}
+
+	ret = 1;
+	
+ err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+/* Computes a + b and stores the result in r.  r could be a or b, a could be b.
+ * Uses algorithm A.10.2 of IEEE P1363.
+ */
+int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
+	{
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t;
+	int ret = 0;
+	
+	if (EC_POINT_is_at_infinity(group, a))
+		{
+		if (!EC_POINT_copy(r, b)) return 0;
+		return 1;
+		}
+
+	if (EC_POINT_is_at_infinity(group, b))
+		{
+		if (!EC_POINT_copy(r, a)) return 0;
+		return 1;
+		}
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	BN_CTX_start(ctx);
+	x0 = BN_CTX_get(ctx);
+	y0 = BN_CTX_get(ctx);
+	x1 = BN_CTX_get(ctx);
+	y1 = BN_CTX_get(ctx);
+	x2 = BN_CTX_get(ctx);
+	y2 = BN_CTX_get(ctx);
+	s = BN_CTX_get(ctx);
+	t = BN_CTX_get(ctx);
+	if (t == NULL) goto err;
+
+	if (a->Z_is_one) 
+		{
+		if (!BN_copy(x0, &a->X)) goto err;
+		if (!BN_copy(y0, &a->Y)) goto err;
+		}
+	else
+		{
+		if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx)) goto err;
+		}
+	if (b->Z_is_one) 
+		{
+		if (!BN_copy(x1, &b->X)) goto err;
+		if (!BN_copy(y1, &b->Y)) goto err;
+		}
+	else
+		{
+		if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx)) goto err;
+		}
+
+
+	if (BN_GF2m_cmp(x0, x1))
+		{
+		if (!BN_GF2m_add(t, x0, x1)) goto err;
+		if (!BN_GF2m_add(s, y0, y1)) goto err;
+		if (!group->meth->field_div(group, s, s, t, ctx)) goto err;
+		if (!group->meth->field_sqr(group, x2, s, ctx)) goto err;
+		if (!BN_GF2m_add(x2, x2, &group->a)) goto err;
+		if (!BN_GF2m_add(x2, x2, s)) goto err;
+		if (!BN_GF2m_add(x2, x2, t)) goto err;
+		}
+	else
+		{
+		if (BN_GF2m_cmp(y0, y1) || BN_is_zero(x1))
+			{
+			if (!EC_POINT_set_to_infinity(group, r)) goto err;
+			ret = 1;
+			goto err;
+			}
+		if (!group->meth->field_div(group, s, y1, x1, ctx)) goto err;
+		if (!BN_GF2m_add(s, s, x1)) goto err;
+		
+		if (!group->meth->field_sqr(group, x2, s, ctx)) goto err;
+		if (!BN_GF2m_add(x2, x2, s)) goto err;
+		if (!BN_GF2m_add(x2, x2, &group->a)) goto err;
+		}
+
+	if (!BN_GF2m_add(y2, x1, x2)) goto err;
+	if (!group->meth->field_mul(group, y2, y2, s, ctx)) goto err;
+	if (!BN_GF2m_add(y2, y2, x2)) goto err;
+	if (!BN_GF2m_add(y2, y2, y1)) goto err;
+
+	if (!EC_POINT_set_affine_coordinates_GF2m(group, r, x2, y2, ctx)) goto err;
+
+	ret = 1;
+
+ err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+/* Computes 2 * a and stores the result in r.  r could be a.
+ * Uses algorithm A.10.2 of IEEE P1363.
+ */
+int ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
+	{
+	return ec_GF2m_simple_add(group, r, a, a, ctx);
+	}
+
+
+int ec_GF2m_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+	{
+	if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y))
+		/* point is its own inverse */
+		return 1;
+	
+	if (!EC_POINT_make_affine(group, point, ctx)) return 0;
+	return BN_GF2m_add(&point->Y, &point->X, &point->Y);
+	}
+
+
+/* Indicates whether the given point is the point at infinity. */
+int ec_GF2m_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
+	{
+	return BN_is_zero(&point->Z);
+	}
+
+
+/* Determines whether the given EC_POINT is an actual point on the curve defined
+ * in the EC_GROUP.  A point is valid if it satisfies the Weierstrass equation:
+ *      y^2 + x*y = x^3 + a*x^2 + b.
+ */
+int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
+	{
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *rh, *lh, *tmp1;
+	int ret = -1;
+
+	if (EC_POINT_is_at_infinity(group, point))
+		return 1;
+	
+	/* only support affine coordinates */
+	if (!point->Z_is_one) goto err;
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return -1;
+		}
+
+	BN_CTX_start(ctx);
+	rh = BN_CTX_get(ctx);
+	lh = BN_CTX_get(ctx);
+	tmp1 = BN_CTX_get(ctx);
+	if (tmp1 == NULL) goto err;
+
+	/* We have a curve defined by a Weierstrass equation
+	 *      y^2 + x*y = x^3 + a*x^2 + b.
+	 * To test this, we add up the right-hand side in 'rh'
+	 * and the left-hand side in 'lh'.
+	 */
+
+	/* rh := X^3 */
+	if (!group->meth->field_sqr(group, tmp1, &point->X, ctx)) goto err;
+	if (!group->meth->field_mul(group, rh, tmp1, &point->X, ctx)) goto err;
+
+	/* rh := rh + a*X^2 */
+	if (!group->meth->field_mul(group, tmp1, tmp1, &group->a, ctx)) goto err;
+	if (!BN_GF2m_add(rh, rh, tmp1)) goto err;
+
+	/* rh := rh + b */
+	if (!BN_GF2m_add(rh, rh, &group->b)) goto err;
+
+	/* lh := Y^2 */
+	if (!group->meth->field_sqr(group, lh, &point->Y, ctx)) goto err;
+
+	/* lh := lh + x*y */
+	if (!group->meth->field_mul(group, tmp1, &point->X, &point->Y, ctx)) goto err;
+	if (!BN_GF2m_add(lh, lh, tmp1)) goto err;
+
+	ret = (0 == BN_GF2m_cmp(lh, rh));
+
+ err:
+	if (ctx) BN_CTX_end(ctx);
+	if (new_ctx) BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+/* Indicates whether two points are equal.
+ * Return values:
+ *  -1   error
+ *   0   equal (in affine coordinates)
+ *   1   not equal
+ */
+int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
+	{
+	BIGNUM *aX, *aY, *bX, *bY;
+	BN_CTX *new_ctx = NULL;
+	int ret = -1;
+
+	if (EC_POINT_is_at_infinity(group, a))
+		{
+		return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
+		}
+	
+	if (a->Z_is_one && b->Z_is_one)
+		{
+		return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;
+		}
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return -1;
+		}
+
+	BN_CTX_start(ctx);
+	aX = BN_CTX_get(ctx);
+	aY = BN_CTX_get(ctx);
+	bX = BN_CTX_get(ctx);
+	bY = BN_CTX_get(ctx);
+	if (bY == NULL) goto err;
+
+	if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx)) goto err;
+	if (!EC_POINT_get_affine_coordinates_GF2m(group, b, bX, bY, ctx)) goto err;
+	ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1;
+
+  err:	
+	if (ctx) BN_CTX_end(ctx);
+	if (new_ctx) BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+/* Forces the given EC_POINT to internally use affine coordinates. */
+int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+	{
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *x, *y;
+	int ret = 0;
+
+	if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
+		return 1;
+	
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	BN_CTX_start(ctx);
+	x = BN_CTX_get(ctx);
+	y = BN_CTX_get(ctx);
+	if (y == NULL) goto err;
+	
+	if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
+	if (!BN_copy(&point->X, x)) goto err;
+	if (!BN_copy(&point->Y, y)) goto err;
+	if (!BN_one(&point->Z)) goto err;
+	
+	ret = 1;		
+
+  err:
+	if (ctx) BN_CTX_end(ctx);
+	if (new_ctx) BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+/* Forces each of the EC_POINTs in the given array to use affine coordinates. */
+int ec_GF2m_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
+	{
+	size_t i;
+
+	for (i = 0; i < num; i++)
+		{
+		if (!group->meth->make_affine(group, points[i], ctx)) return 0;
+		}
+
+	return 1;
+	}
+
+
+/* Wrapper to simple binary polynomial field multiplication implementation. */
+int ec_GF2m_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+	{
+	return BN_GF2m_mod_mul_arr(r, a, b, group->poly, ctx);
+	}
+
+
+/* Wrapper to simple binary polynomial field squaring implementation. */
+int ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+	{
+	return BN_GF2m_mod_sqr_arr(r, a, group->poly, ctx);
+	}
+
+
+/* Wrapper to simple binary polynomial field division implementation. */
+int ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+	{
+	return BN_GF2m_mod_div(r, a, b, &group->field, ctx);
+	}
diff --git a/crypto/ec/ec2_smpt.c b/crypto/ec/ec2_smpt.c
new file mode 100644
index 0000000000..1b014e5d96
--- /dev/null
+++ b/crypto/ec/ec2_smpt.c
@@ -0,0 +1,125 @@
+/* crypto/ec/ec2_smpt.c */
+/* This code was originally written by Douglas Stebila 
+ * <dstebila@student.math.uwaterloo.ca> for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+/* Calaculates and sets the affine coordinates of an EC_POINT from the given
+ * compressed coordinates.  Uses algorithm 2.3.4 of SEC 1. 
+ * Note that the simple implementation only uses affine coordinates.
+ *
+ * This algorithm is patented by Certicom Corp. under US Patent 6,141,420.
+ * This function is disabled by default and can be enabled by defining the 
+ * preprocessor macro OPENSSL_EC_BIN_PT_COMP at Configure-time.
+ */
+int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
+	const BIGNUM *x_, int y_bit, BN_CTX *ctx)
+	{
+#ifndef OPENSSL_EC_BIN_PT_COMP	
+	ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_DISABLED);
+	return 0;
+#else
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *tmp, *x, *y, *z;
+	int ret = 0, z0;
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	y_bit = (y_bit != 0) ? 1 : 0;
+
+	BN_CTX_start(ctx);
+	tmp = BN_CTX_get(ctx);
+	x = BN_CTX_get(ctx);
+	y = BN_CTX_get(ctx);
+	z = BN_CTX_get(ctx);
+	if (z == NULL) goto err;
+
+	if (!BN_GF2m_mod_arr(x, x_, group->poly)) goto err;
+	if (BN_is_zero(x))
+		{
+		if (!BN_GF2m_mod_sqrt_arr(y, &group->b, group->poly, ctx)) goto err;
+		}
+	else
+		{
+		if (!group->meth->field_sqr(group, tmp, x, ctx)) goto err;
+		if (!group->meth->field_div(group, tmp, &group->b, tmp, ctx)) goto err;
+		if (!BN_GF2m_add(tmp, &group->a, tmp)) goto err;
+		if (!BN_GF2m_add(tmp, x, tmp)) goto err;
+		if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx)) goto err;
+		z0 = (BN_is_odd(z)) ? 1 : 0;
+		if (!group->meth->field_mul(group, y, x, z, ctx)) goto err;
+		if (z0 != y_bit)
+			{
+			if (!BN_GF2m_add(y, y, x)) goto err;
+			}
+		}
+
+	if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
+
+	ret = 1;
+
+ err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+#endif
+	}
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
new file mode 100644
index 0000000000..63d33a5f56
--- /dev/null
+++ b/crypto/ec/ec_asn1.c
@@ -0,0 +1,1459 @@
+/* crypto/ec/ec_asn1.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include "ec_lcl.h"
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+
+
+int EC_GROUP_get_basis_type(const EC_GROUP *group)
+	{
+	int i=0;
+
+	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
+		NID_X9_62_characteristic_two_field)
+		/* everything else is currently not supported */
+		return 0;
+
+	while (group->poly[i] != 0)
+		i++;
+
+	if (i == 4)
+		return NID_X9_62_ppBasis;
+	else if (i == 2)
+		return NID_X9_62_tpBasis;
+	else
+		/* everything else is currently not supported */
+		return 0;
+	}
+
+int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k)
+	{
+	if (group == NULL)
+		return 0;
+
+	if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve
+	    || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0)))
+		{
+		ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+
+	if (k)
+		*k = group->poly[1];
+
+	return 1;
+	}
+
+int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
+	unsigned int *k2, unsigned int *k3)
+	{
+	if (group == NULL)
+		return 0;
+
+	if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve
+	    || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0)))
+		{
+		ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+
+	if (k1)
+		*k1 = group->poly[3];
+	if (k2)
+		*k2 = group->poly[2];
+	if (k3)
+		*k3 = group->poly[1];
+
+	return 1;
+	}
+
+
+
+/* some structures needed for the asn1 encoding */
+typedef struct x9_62_fieldid_st {
+        ASN1_OBJECT *fieldType;
+        ASN1_TYPE   *parameters;
+        } X9_62_FIELDID;
+
+typedef struct x9_62_characteristic_two_st {
+	long m;
+	ASN1_OBJECT  *basis;
+	ASN1_TYPE    *parameters;
+	} X9_62_CHARACTERISTIC_TWO;
+
+typedef struct x9_62_pentanomial_st {
+	long k1;
+	long k2;
+	long k3;
+	} X9_62_PENTANOMIAL;
+
+typedef struct x9_62_curve_st {
+        ASN1_OCTET_STRING *a;
+        ASN1_OCTET_STRING *b;
+        ASN1_BIT_STRING   *seed;
+        } X9_62_CURVE;
+
+typedef struct ec_parameters_st {
+        long              version;
+        X9_62_FIELDID     *fieldID;
+        X9_62_CURVE       *curve;
+        ASN1_OCTET_STRING *base;
+        ASN1_INTEGER      *order;
+        ASN1_INTEGER      *cofactor;
+        } ECPARAMETERS;
+
+struct ecpk_parameters_st {
+	int	type;
+	union {
+		ASN1_OBJECT  *named_curve;
+		ECPARAMETERS *parameters;
+		ASN1_NULL    *implicitlyCA;
+	} value;
+	}/* ECPKPARAMETERS */;
+
+/* SEC1 ECPrivateKey */
+typedef struct ec_privatekey_st {
+	long              version;
+	ASN1_OCTET_STRING *privateKey;
+        ECPKPARAMETERS    *parameters;
+	ASN1_BIT_STRING   *publicKey;
+	} EC_PRIVATEKEY;
+
+/* the OpenSSL asn1 definitions */
+
+ASN1_SEQUENCE(X9_62_FIELDID) = {
+	ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT),
+	ASN1_SIMPLE(X9_62_FIELDID, parameters, ASN1_ANY)
+} ASN1_SEQUENCE_END(X9_62_FIELDID)
+
+DECLARE_ASN1_FUNCTIONS_const(X9_62_FIELDID)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_FIELDID, X9_62_FIELDID)
+IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_FIELDID)
+
+ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = {
+	ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG),
+	ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, basis, ASN1_OBJECT),
+	ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, parameters, ASN1_ANY)
+} ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
+
+DECLARE_ASN1_FUNCTIONS_const(X9_62_CHARACTERISTIC_TWO)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_CHARACTERISTIC_TWO, X9_62_CHARACTERISTIC_TWO)
+IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_CHARACTERISTIC_TWO)
+
+ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {
+	ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG),
+	ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG),
+	ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG)
+} ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
+
+DECLARE_ASN1_FUNCTIONS_const(X9_62_PENTANOMIAL)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_PENTANOMIAL, X9_62_PENTANOMIAL)
+IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_PENTANOMIAL)
+
+ASN1_SEQUENCE(X9_62_CURVE) = {
+	ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING),
+	ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(X9_62_CURVE)
+
+DECLARE_ASN1_FUNCTIONS_const(X9_62_CURVE)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(X9_62_CURVE, X9_62_CURVE)
+IMPLEMENT_ASN1_FUNCTIONS_const(X9_62_CURVE)
+
+ASN1_SEQUENCE(ECPARAMETERS) = {
+	ASN1_SIMPLE(ECPARAMETERS, version, LONG),
+	ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID),
+	ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE),
+	ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER),
+	ASN1_SIMPLE(ECPARAMETERS, cofactor, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(ECPARAMETERS)
+
+DECLARE_ASN1_FUNCTIONS_const(ECPARAMETERS)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPARAMETERS, ECPARAMETERS)
+IMPLEMENT_ASN1_FUNCTIONS_const(ECPARAMETERS)
+
+ASN1_CHOICE(ECPKPARAMETERS) = {
+	ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT),
+	ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS),
+	ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL)
+} ASN1_CHOICE_END(ECPKPARAMETERS)
+
+DECLARE_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS)
+IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
+
+ASN1_SEQUENCE(EC_PRIVATEKEY) = {
+	ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG),
+	ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
+	ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0),
+	ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
+} ASN1_SEQUENCE_END(EC_PRIVATEKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(EC_PRIVATEKEY, EC_PRIVATEKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
+
+/* some declarations of internal function */
+
+/* ec_asn1_group2field() creates a X9_62_FIELDID object from a 
+ * EC_GROUP object */
+static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *, X9_62_FIELDID *);
+/* ec_asn1_group2curve() creates a X9_62_CURVE object from a 
+ * EC_GROUP object */
+static X9_62_CURVE *ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *);
+/* ec_asn1_parameters2group() creates a EC_GROUP object from a
+ * ECPARAMETERS object */
+static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *); 
+/* ec_asn1_group2parameters() creates a ECPARAMETERS object from a 
+ * EC_GROUP object */
+static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *,ECPARAMETERS *);
+/* ec_asn1_pkparameters2group() creates a EC_GROUP object from a
+ * ECPKPARAMETERS object */
+static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *); 
+/* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a 
+ * EC_GROUP object */
+static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *, 
+	ECPKPARAMETERS *);
+
+
+/* the function definitions */
+
+static X9_62_FIELDID *ec_asn1_group2field(const EC_GROUP *group, 
+                                          X9_62_FIELDID *field)
+	{
+	int			ok=0, nid;
+	X9_62_FIELDID		*ret = NULL;
+	X9_62_CHARACTERISTIC_TWO *char_two = NULL;
+	X9_62_PENTANOMIAL	*penta = NULL;
+	BIGNUM			*tmp = NULL;
+	unsigned char		*buffer = NULL;
+	unsigned char		*pp;
+	size_t			buf_len = 0;
+	
+	if (field == NULL)
+		{
+		if ((ret = X9_62_FIELDID_new()) == NULL)
+			{
+			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+			return NULL;
+			}
+		}
+	else
+		{	
+		ret = field;
+		/* clear the old values */
+		if (ret->fieldType != NULL)
+			ASN1_OBJECT_free(ret->fieldType);
+		if (ret->parameters != NULL)
+			ASN1_TYPE_free(ret->parameters);
+		}
+
+	nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
+	/* set OID for the field */
+	if ((ret->fieldType = OBJ_nid2obj(nid)) == NULL)
+		{
+		ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
+		goto err;
+		}
+
+	if ((ret->parameters = ASN1_TYPE_new()) == NULL)
+			{
+			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+
+	if (nid == NID_X9_62_prime_field)
+		{
+		if ((tmp = BN_new()) == NULL) 
+			{
+			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		/* the parameters are specified by the prime number p */
+		ret->parameters->type = V_ASN1_INTEGER;
+		if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL))
+			{
+			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
+			goto err;
+			}
+		/* set the prime number */
+		ret->parameters->value.integer = BN_to_ASN1_INTEGER(tmp, NULL);
+		if (ret->parameters->value.integer == NULL)
+			{
+			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
+			goto err;
+			}
+		}
+	else	/* nid == NID_X9_62_characteristic_two_field */
+		{
+		int		field_type;
+
+		char_two = X9_62_CHARACTERISTIC_TWO_new();
+		if (char_two == NULL)
+			{
+			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+	
+		char_two->m = (long)EC_GROUP_get_degree(group);
+
+		field_type = EC_GROUP_get_basis_type(group);
+
+		if (field_type == 0)
+			{
+			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
+			goto err;
+			}
+		/* set base type OID */
+		if ((char_two->basis = OBJ_nid2obj(field_type)) == NULL)
+			{
+			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
+			goto err;
+			}
+
+		if (field_type == NID_X9_62_tpBasis)
+			{
+			unsigned int k;
+
+			if (!EC_GROUP_get_trinomial_basis(group, &k))
+				goto err;
+
+			char_two->parameters->type = V_ASN1_INTEGER;
+			char_two->parameters->value.integer = 
+				ASN1_INTEGER_new();
+			if (char_two->parameters->value.integer == NULL)
+				{
+				ECerr(EC_F_EC_ASN1_GROUP2FIELDID,
+					ERR_R_ASN1_LIB);
+				goto err;
+				}
+			if (!ASN1_INTEGER_set(char_two->parameters->value.integer, (long)k))
+				{
+				ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS,
+					ERR_R_ASN1_LIB);
+				goto err;
+				}
+			}
+		else if (field_type == NID_X9_62_ppBasis)
+			{
+			unsigned int k1, k2, k3;
+
+			if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))
+				goto err;
+
+			penta = X9_62_PENTANOMIAL_new();
+			/* set k? values */
+			penta->k1 = (long)k1;
+			penta->k2 = (long)k2;
+			penta->k3 = (long)k3;
+			/* get the length of the encoded structure */
+			buf_len = i2d_X9_62_PENTANOMIAL(penta, NULL);
+			if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
+				{
+				ECerr(EC_F_EC_ASN1_GROUP2FIELDID,
+					ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
+			pp = buffer;
+			i2d_X9_62_PENTANOMIAL(penta, &pp);
+			/* set the encoded pentanomial */
+			char_two->parameters->type=V_ASN1_SEQUENCE;
+			char_two->parameters->value.sequence=ASN1_STRING_new();
+			ASN1_STRING_set(char_two->parameters->value.sequence,
+				buffer, buf_len);
+
+			OPENSSL_free(buffer);
+			buffer = NULL;
+			}
+		else /* field_type == NID_X9_62_onBasis */
+			{
+			/* for ONB the parameters are (asn1) NULL */
+			char_two->parameters->type = V_ASN1_NULL;
+			}
+		/* encoded the X9_62_CHARACTERISTIC_TWO structure */
+		buf_len = i2d_X9_62_CHARACTERISTIC_TWO(char_two, NULL);
+
+		if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
+			{
+			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		pp = buffer;
+		i2d_X9_62_CHARACTERISTIC_TWO(char_two, &pp);
+		/* set the encoded parameters */
+		ret->parameters->type = V_ASN1_SEQUENCE;
+		ret->parameters->value.sequence = ASN1_STRING_new();
+		ASN1_STRING_set(ret->parameters->value.sequence,
+				buffer, buf_len);
+		}
+
+	ok = 1;
+
+err :	if (!ok)
+	{
+		if (ret && !field)
+			X9_62_FIELDID_free(ret);
+		ret = NULL;
+	}
+	if (tmp)
+		BN_free(tmp);
+	if (char_two)
+		X9_62_CHARACTERISTIC_TWO_free(char_two);
+	if (penta)
+		X9_62_PENTANOMIAL_free(penta);
+	if (buffer)
+		OPENSSL_free(buffer);
+	return(ret);
+}
+
+static X9_62_CURVE *ec_asn1_group2curve(const EC_GROUP *group, 
+                                        X9_62_CURVE *curve)
+	{
+	int           ok=0, nid;
+	X9_62_CURVE   *ret=NULL;
+	BIGNUM        *tmp_1=NULL,
+	              *tmp_2=NULL;
+	unsigned char *buffer_1=NULL,
+	              *buffer_2=NULL,
+	              *a_buf=NULL,
+	              *b_buf=NULL;
+	size_t        len_1, len_2;
+	unsigned char char_zero = 0;
+
+	if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL)
+		{
+		ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	if (curve == NULL)
+		{
+		if ((ret = X9_62_CURVE_new()) == NULL)
+			{
+			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		}
+	else
+		{
+		ret = curve;
+		if (ret->a)
+			ASN1_OCTET_STRING_free(ret->a);
+		if (ret->b)
+			ASN1_OCTET_STRING_free(ret->b);
+		if (ret->seed)
+			ASN1_BIT_STRING_free(ret->seed);
+		}
+
+	nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
+
+	/* get a and b */
+	if (nid == NID_X9_62_prime_field)
+		{
+		if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL))
+			{
+			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
+			goto err;
+			}
+		}
+	else	/* nid == NID_X9_62_characteristic_two_field */
+		{
+		if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL))
+			{
+			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
+			goto err;
+			}
+		}
+
+	len_1 = (size_t)BN_num_bytes(tmp_1);
+	len_2 = (size_t)BN_num_bytes(tmp_2);
+
+	if (len_1 == 0)
+		{
+		/* len_1 == 0 => a == 0 */
+		a_buf = &char_zero;
+		len_1 = 1;
+		}
+	else
+		{
+		if ((buffer_1 = OPENSSL_malloc(len_1)) == NULL)
+			{
+			ECerr(EC_F_EC_ASN1_GROUP2CURVE,
+			      ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		if ( (len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0)
+			{
+			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
+			goto err;
+			}
+		a_buf = buffer_1;
+		}
+
+	if (len_2 == 0)
+		{
+		/* len_2 == 0 => b == 0 */
+		b_buf = &char_zero;
+		len_2 = 1;
+		}
+	else
+		{
+		if ((buffer_2 = OPENSSL_malloc(len_2)) == NULL)
+			{
+			ECerr(EC_F_EC_ASN1_GROUP2CURVE,
+			      ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		if ( (len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0)
+			{
+			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
+			goto err;
+			}
+		b_buf = buffer_2;
+		}
+	
+	/* set a and b */
+	if ((ret->a = M_ASN1_OCTET_STRING_new()) == NULL || 
+	    (ret->b = M_ASN1_OCTET_STRING_new()) == NULL )
+		{
+		ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	if (!M_ASN1_OCTET_STRING_set(ret->a, a_buf, len_1) ||
+	    !M_ASN1_OCTET_STRING_set(ret->b, b_buf, len_2))
+		{
+		ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
+		goto err;
+		}
+	
+	/* set the seed (optional) */
+	if (group->seed)
+		{	
+		if ((ret->seed = ASN1_BIT_STRING_new()) == NULL) goto err;
+		if (!ASN1_BIT_STRING_set(ret->seed, group->seed, 
+		                         (int)group->seed_len))
+			{
+			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
+			goto err;
+			}
+		}
+	else
+		ret->seed = NULL;
+
+	ok = 1;
+
+err :	if (!ok)
+		{
+		if (ret && !curve)
+			X9_62_CURVE_free(ret);
+		ret = NULL;
+		}
+	if (buffer_1)
+		OPENSSL_free(buffer_1);
+	if (buffer_2)
+		OPENSSL_free(buffer_2);
+	if (tmp_1)
+		BN_free(tmp_1);
+	if (tmp_2)
+		BN_free(tmp_2);
+	return(ret);
+	}
+
+static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group,
+                                              ECPARAMETERS *param)
+	{
+	int	ok=0;
+	size_t  len=0;
+	ECPARAMETERS   *ret=NULL;
+	BIGNUM	       *tmp=NULL;
+	unsigned char  *buffer=NULL;
+	const EC_POINT *point=NULL;
+	point_conversion_form_t form;
+
+	if ((tmp = BN_new()) == NULL)
+		{
+		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	if (param == NULL)
+	{
+		if ((ret = ECPARAMETERS_new()) == NULL)
+			{
+			ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, 
+			      ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+	}
+	else
+		ret = param;
+
+	/* set the version (always one) */
+	ret->version = (long)0x1;
+
+	/* set the fieldID */
+	ret->fieldID = ec_asn1_group2field(group, ret->fieldID);
+	if (ret->fieldID == NULL)
+		{
+		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+		goto err;
+		}
+
+	/* set the curve */
+	ret->curve = ec_asn1_group2curve(group, ret->curve);
+	if (ret->curve == NULL)
+		{
+		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+		goto err;
+		}
+
+	/* set the base point */
+	if ((point = EC_GROUP_get0_generator(group)) == NULL)
+		{
+		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR);
+		goto err;
+		}
+
+	form = EC_GROUP_get_point_conversion_form(group);
+
+	len = EC_POINT_point2oct(group, point, form, NULL, len, NULL);
+	if (len == 0)
+		{
+		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+		goto err;
+		}
+	if ((buffer = OPENSSL_malloc(len)) == NULL)
+		{
+		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL))
+		{
+		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+		goto err;
+		}
+	if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL)
+		{
+		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	if (!ASN1_OCTET_STRING_set(ret->base, buffer, len))
+		{
+		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
+		goto err;
+		}
+
+	/* set the order */
+	if (!EC_GROUP_get_order(group, tmp, NULL))
+		{
+		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+		goto err;
+		}
+	ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
+	if (ret->order == NULL)
+		{
+		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
+		goto err;
+		}
+
+	/* set the cofactor */
+	if (!EC_GROUP_get_cofactor(group, tmp, NULL))
+		{
+		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+		goto err;
+		}
+	ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
+	if (ret->cofactor == NULL)
+		{
+		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
+		goto err;
+		}
+
+	ok = 1;
+
+err :	if(!ok)
+		{
+		if (ret && !param)
+			ECPARAMETERS_free(ret);
+		ret = NULL;
+		}
+	if (tmp)
+		BN_free(tmp);
+	if (buffer)
+		OPENSSL_free(buffer);
+	return(ret);
+	}
+
+ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group, 
+                                           ECPKPARAMETERS *params)
+	{
+	int            ok = 1, tmp;
+	ECPKPARAMETERS *ret = params;
+
+	if (ret == NULL)
+		{
+		if ((ret = ECPKPARAMETERS_new()) == NULL)
+			{
+			ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS, 
+			      ERR_R_MALLOC_FAILURE);
+			return NULL;
+			}
+		}
+	else
+		{
+		if (ret->type == 0 && ret->value.named_curve)
+			ASN1_OBJECT_free(ret->value.named_curve);
+		else if (ret->type == 1 && ret->value.parameters)
+			ECPARAMETERS_free(ret->value.parameters);
+		}
+
+	if (EC_GROUP_get_asn1_flag(group))
+		{
+		/* use the asn1 OID to describe the
+		 * the elliptic curve parameters
+		 */
+		tmp = EC_GROUP_get_nid(group);
+		if (tmp)
+			{
+			ret->type = 0;
+			if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
+				ok = 0;
+			}
+		else
+			/* we don't kmow the nid => ERROR */
+			ok = 0;
+		}
+	else
+		{	
+		/* use the ECPARAMETERS structure */
+		ret->type = 1;
+		if ((ret->value.parameters = ec_asn1_group2parameters(
+		     group, NULL)) == NULL)
+			ok = 0;
+		}
+
+	if (!ok)
+		{
+		ECPKPARAMETERS_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
+	{
+	int			ok = 0, tmp;
+	EC_GROUP		*ret = NULL;
+	BIGNUM			*p = NULL, *a = NULL, *b = NULL;
+	EC_POINT		*point=NULL;
+	X9_62_CHARACTERISTIC_TWO *char_two = NULL;
+	X9_62_PENTANOMIAL	*penta = NULL;
+	unsigned char		*pp;
+
+	if (!params->fieldID || !params->fieldID->fieldType || 
+	    !params->fieldID->parameters)
+		{
+		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+		goto err;
+		}
+
+	/* now extract the curve parameters a and b */
+	if (!params->curve || !params->curve->a || 
+	    !params->curve->a->data || !params->curve->b ||
+	    !params->curve->b->data)
+		{
+		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+		goto err;
+		}
+	a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);
+	if (a == NULL)
+		{
+		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
+		goto err;
+		}
+	b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);
+	if (b == NULL)
+		{
+		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
+		goto err;
+		}
+
+	/* get the field parameters */
+	tmp = OBJ_obj2nid(params->fieldID->fieldType);
+
+	if (tmp == NID_X9_62_characteristic_two_field)
+		{
+		ASN1_TYPE *parameters = params->fieldID->parameters;
+
+		if (parameters->type !=  V_ASN1_SEQUENCE)
+			{
+			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+			goto err;
+			}
+
+		if ((p = BN_new()) == NULL)
+			{
+			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, 
+			      ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+
+		/* extract the X9_62_CHARACTERISTIC_TWO object */
+		pp = M_ASN1_STRING_data(parameters->value.sequence);
+		char_two = d2i_X9_62_CHARACTERISTIC_TWO(NULL, 
+			(const unsigned char **) &pp,
+			M_ASN1_STRING_length(parameters->value.sequence));
+		if (char_two == NULL)
+			{
+			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
+			goto err;
+			}
+		/* get the base type */
+		tmp = OBJ_obj2nid(char_two->basis);
+
+		if (tmp ==  NID_X9_62_tpBasis)
+			{
+			long tmp_long;
+
+			if (char_two->parameters->type != V_ASN1_INTEGER ||
+				char_two->parameters->value.integer == NULL)
+				{
+				ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP,
+					EC_R_ASN1_ERROR);
+				goto err;
+				}
+
+			tmp_long = ASN1_INTEGER_get(char_two->parameters->value.integer);
+			/* create the polynomial */
+			if (!BN_set_bit(p, (int)char_two->m)) goto err;
+			if (!BN_set_bit(p, (int)tmp_long)) goto err;
+			if (!BN_set_bit(p, 0)) goto err;
+			}
+		else if (tmp == NID_X9_62_ppBasis)
+			{
+			if (char_two->parameters->type != V_ASN1_SEQUENCE ||
+				char_two->parameters->value.sequence == NULL)
+				{
+				ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP,
+					EC_R_ASN1_ERROR);
+				goto err;
+				}
+			/* extract the pentanomial data */
+			pp = M_ASN1_STRING_data(
+				char_two->parameters->value.sequence);
+			penta = d2i_X9_62_PENTANOMIAL(NULL,
+				(const unsigned char **) &pp,
+				M_ASN1_STRING_length(
+				char_two->parameters->value.sequence));
+			if (penta == NULL)
+				{
+				ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP,
+					ERR_R_ASN1_LIB);
+				goto err;
+				}
+			/* create the polynomial */
+			if (!BN_set_bit(p, (int)char_two->m)) goto err;
+			if (!BN_set_bit(p, (int)penta->k1)) goto err;
+			if (!BN_set_bit(p, (int)penta->k2)) goto err;
+			if (!BN_set_bit(p, (int)penta->k3)) goto err;
+			if (!BN_set_bit(p, 0)) goto err;
+			}
+		else if (tmp == NID_X9_62_onBasis)
+			{
+			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP,
+				EC_R_NOT_IMPLEMENTED);
+			goto err;
+			}
+		else /* error */
+			{
+			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+			goto err;
+			}
+
+		/* create the EC_GROUP structure */
+		ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
+		if (ret == NULL)
+			{
+			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
+			goto err;
+			}
+		}
+	else if (tmp == NID_X9_62_prime_field)
+		{
+		/* we have a curve over a prime field */
+		/* extract the prime number */
+		if (params->fieldID->parameters->type != V_ASN1_INTEGER ||
+		    !params->fieldID->parameters->value.integer)
+			{
+			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+			goto err;
+			}
+		p = ASN1_INTEGER_to_BN(params->fieldID->parameters->value.integer, NULL);
+		if (p == NULL)
+			{
+			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
+			goto err;
+			}
+		/* create the EC_GROUP structure */
+		ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
+		if (ret == NULL)
+			{
+			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
+			goto err;
+			}
+		}
+
+	/* extract seed (optional) */
+	if (params->curve->seed != NULL)
+		{
+		if (ret->seed != NULL)
+			OPENSSL_free(ret->seed);
+		if (!(ret->seed = OPENSSL_malloc(params->curve->seed->length)))
+			{
+			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, 
+			      ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		memcpy(ret->seed, params->curve->seed->data, 
+		       params->curve->seed->length);
+		ret->seed_len = params->curve->seed->length;
+		}
+
+	/* extract the order, cofactor and generator */
+	if (!params->order || !params->cofactor || !params->base ||
+	    !params->base->data)
+		{
+		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+		goto err;
+		}
+
+	if ((point = EC_POINT_new(ret)) == NULL) goto err;
+
+	a = ASN1_INTEGER_to_BN(params->order, a);
+	b = ASN1_INTEGER_to_BN(params->cofactor, b);
+	if (!a || !b)
+		{
+		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
+		goto err;
+		}
+
+	if (!EC_POINT_oct2point(ret, point, params->base->data, 
+		                params->base->length, NULL))
+		{
+		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
+		goto err;
+		}
+
+	/* set the point conversion form */
+	EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t)
+				(params->base->data[0] & ~0x01));
+
+	if (!EC_GROUP_set_generator(ret, point, a, b))
+		{
+		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
+		goto err;
+		}
+
+	ok = 1;
+
+err:	if (!ok)
+		{
+		if (ret) 
+			EC_GROUP_clear_free(ret);
+		ret = NULL;
+		}
+
+	if (p)	
+		BN_free(p);
+	if (a)	
+		BN_free(a);
+	if (b)	
+		BN_free(b);
+	if (point)	
+		EC_POINT_free(point);
+	if (char_two)
+		X9_62_CHARACTERISTIC_TWO_free(char_two);
+	if (penta)
+		X9_62_PENTANOMIAL_free(penta);
+	return(ret);
+}
+
+EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *params)
+	{
+	EC_GROUP *ret=NULL;
+	int      tmp=0;
+
+	if (params == NULL)
+		{
+		ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, 
+		      EC_R_MISSING_PARAMETERS);
+		return NULL;
+		}
+
+	if (params->type == 0)
+		{ /* the curve is given by an OID */
+		tmp = OBJ_obj2nid(params->value.named_curve);
+		if ((ret = EC_GROUP_new_by_nid(tmp)) == NULL)
+			{
+			ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, 
+			      EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
+			return NULL;
+			}
+		EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);
+		}
+	else if (params->type == 1)
+		{ /* the parameters are given by a ECPARAMETERS
+		   * structure */
+		ret = ec_asn1_parameters2group(params->value.parameters);
+		if (!ret)
+			{
+			ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB);
+			return NULL;
+			}
+		EC_GROUP_set_asn1_flag(ret, 0x0);
+		}
+	else if (params->type == 2)
+		{ /* implicitlyCA */
+		return NULL;
+		}
+	else
+		{
+		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+		return NULL;
+		}
+
+	return ret;
+	}
+
+/* EC_GROUP <-> DER encoding of ECPKPARAMETERS */
+
+EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
+	{
+	EC_GROUP	*group  = NULL;
+	ECPKPARAMETERS	*params = NULL;
+
+	if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL)
+		{
+		ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);
+		ECPKPARAMETERS_free(params);
+		return NULL;
+		}
+	
+	if ((group = ec_asn1_pkparameters2group(params)) == NULL)
+		{
+		ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);
+		return NULL; 
+		}
+
+	
+	if (a && *a)
+		EC_GROUP_clear_free(*a);
+	if (a)
+		*a = group;
+
+	ECPKPARAMETERS_free(params);
+	return(group);
+	}
+
+int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out)
+	{
+	int		ret=0;
+	ECPKPARAMETERS	*tmp = ec_asn1_group2pkparameters(a, NULL);
+	if (tmp == NULL)
+		{
+		ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE);
+		return 0;
+		}
+	if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0)
+		{
+		ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE);
+		ECPKPARAMETERS_free(tmp);
+		return 0;
+		}	
+	ECPKPARAMETERS_free(tmp);
+	return(ret);
+	}
+
+/* some EC_KEY functions */
+
+EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
+	{
+	int             ok=0;
+	EC_KEY          *ret=NULL;
+	EC_PRIVATEKEY   *priv_key=NULL;
+
+	if ((priv_key = EC_PRIVATEKEY_new()) == NULL)
+		{
+		ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+		return NULL;
+		}
+
+	if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL)
+		{
+		ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+		EC_PRIVATEKEY_free(priv_key);
+		return NULL;
+		}
+
+	if (a == NULL || *a == NULL)
+		{
+		if ((ret = EC_KEY_new()) == NULL)	
+			{
+			ECerr(EC_F_D2I_ECPRIVATEKEY,
+                                 ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		if (a)
+			*a = ret;
+		}
+	else
+		ret = *a;
+
+	if (priv_key->parameters)
+		{
+		if (ret->group)
+			EC_GROUP_clear_free(ret->group);
+		ret->group = ec_asn1_pkparameters2group(priv_key->parameters);
+		}
+
+	if (ret->group == NULL)
+		{
+		ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+		goto err;
+		}
+
+	ret->version = priv_key->version;
+
+	if (priv_key->privateKey)
+		{
+		ret->priv_key = BN_bin2bn(
+			M_ASN1_STRING_data(priv_key->privateKey),
+			M_ASN1_STRING_length(priv_key->privateKey),
+			ret->priv_key);
+		if (ret->priv_key == NULL)
+			{
+			ECerr(EC_F_D2I_ECPRIVATEKEY,
+                              ERR_R_BN_LIB);
+			goto err;
+			}
+		}
+	else
+		{
+		ECerr(EC_F_D2I_ECPRIVATEKEY, 
+                      EC_R_MISSING_PRIVATE_KEY);
+		goto err;
+		}
+
+	if (priv_key->publicKey)
+		{
+		if (ret->pub_key)
+			EC_POINT_clear_free(ret->pub_key);
+		ret->pub_key = EC_POINT_new(ret->group);
+		if (ret->pub_key == NULL)
+			{
+			ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+			goto err;
+			}
+		if (!EC_POINT_oct2point(ret->group, ret->pub_key,
+			M_ASN1_STRING_data(priv_key->publicKey),
+			M_ASN1_STRING_length(priv_key->publicKey), NULL))
+			{
+			ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+			goto err;
+			}
+		}
+
+	ok = 1;
+err:
+	if (!ok)
+		{
+		if (ret)
+			EC_KEY_free(ret);
+		ret = NULL;
+		}
+
+	if (priv_key)
+		EC_PRIVATEKEY_free(priv_key);
+
+	return(ret);
+	}
+
+int	i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
+	{
+	int             ret=0, ok=0;
+	unsigned char   *buffer=NULL;
+	size_t          buf_len=0, tmp_len;
+	EC_PRIVATEKEY   *priv_key=NULL;
+
+	if (a == NULL || a->group == NULL || a->priv_key == NULL)
+		{
+		ECerr(EC_F_I2D_ECPRIVATEKEY,
+                      ERR_R_PASSED_NULL_PARAMETER);
+		goto err;
+		}
+
+	if ((priv_key = EC_PRIVATEKEY_new()) == NULL)
+		{
+		ECerr(EC_F_I2D_ECPRIVATEKEY,
+                      ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	priv_key->version = a->version;
+
+	buf_len = (size_t)BN_num_bytes(a->priv_key);
+	buffer = OPENSSL_malloc(buf_len);
+	if (buffer == NULL)
+		{
+		ECerr(EC_F_I2D_ECPRIVATEKEY,
+                      ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	
+	if (!BN_bn2bin(a->priv_key, buffer))
+		{
+		ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB);
+		goto err;
+		}
+
+	if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len))
+		{
+		ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
+		goto err;
+		}	
+
+	if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS))
+		{
+		if ((priv_key->parameters = ec_asn1_group2pkparameters(
+			a->group, priv_key->parameters)) == NULL)
+			{
+			ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+			goto err;
+			}
+		}
+
+	if (!(a->enc_flag & EC_PKEY_NO_PUBKEY))
+		{
+		priv_key->publicKey = M_ASN1_BIT_STRING_new();
+		if (priv_key->publicKey == NULL)
+			{
+			ECerr(EC_F_I2D_ECPRIVATEKEY,
+				ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+
+		tmp_len = EC_POINT_point2oct(a->group, a->pub_key, 
+				a->conv_form, NULL, 0, NULL);
+
+		if (tmp_len > buf_len)
+			buffer = OPENSSL_realloc(buffer, tmp_len);
+		if (buffer == NULL)
+			{
+			ECerr(EC_F_I2D_ECPRIVATEKEY,
+				ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+
+		buf_len = tmp_len;
+
+		if (!EC_POINT_point2oct(a->group, a->pub_key, 
+			a->conv_form, buffer, buf_len, NULL))
+			{
+			ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+			goto err;
+			}
+
+		if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer, 
+				buf_len))
+			{
+			ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
+			goto err;
+			}
+		}
+
+	if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0)
+		{
+		ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+		goto err;
+		}
+	ok=1;
+err:
+	if (buffer)
+		OPENSSL_free(buffer);
+	if (priv_key)
+		EC_PRIVATEKEY_free(priv_key);
+	return(ok?ret:0);
+	}
+
+int i2d_ECParameters(EC_KEY *a, unsigned char **out)
+	{
+	if (a == NULL)
+		{
+		ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	return i2d_ECPKParameters(a->group, out);
+	}
+
+EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
+	{
+	EC_GROUP *group;
+	EC_KEY   *ret;
+
+	if (in == NULL || *in == NULL)
+		{
+		ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
+		return NULL;
+		}
+
+	group = d2i_ECPKParameters(NULL, in, len);
+
+	if (group == NULL)
+		{
+		ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
+		return NULL;
+		}
+
+	if (a == NULL || *a == NULL)
+		{
+		if ((ret = EC_KEY_new()) == NULL)
+			{
+			ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+			return NULL;
+			}
+		if (a)
+			*a = ret;
+		}
+	else
+		ret = *a;
+
+	if (ret->group)
+		EC_GROUP_clear_free(ret->group);
+
+	ret->group = group;
+	
+	return ret;
+	}
+
+EC_KEY *ECPublicKey_set_octet_string(EC_KEY **a, const unsigned char **in, 
+					long len)
+	{
+	EC_KEY *ret=NULL;
+
+	if (a == NULL || (*a) == NULL || (*a)->group == NULL)
+		{
+		/* sorry, but a EC_GROUP-structur is necessary
+                 * to set the public key */
+		ECerr(EC_F_ECPUBLICKEY_SET_OCTET, ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	ret = *a;
+	if (ret->pub_key == NULL && 
+		(ret->pub_key = EC_POINT_new(ret->group)) == NULL)
+		{
+		ECerr(EC_F_ECPUBLICKEY_SET_OCTET, ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
+	if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL))
+		{
+		ECerr(EC_F_ECPUBLICKEY_SET_OCTET, ERR_R_EC_LIB);
+		return 0;
+		}
+	/* save the point conversion form */
+	ret->conv_form = (point_conversion_form_t)(*in[0] & ~0x01);
+	return ret;
+	}
+
+int ECPublicKey_get_octet_string(EC_KEY *a, unsigned char **out)
+	{
+        size_t  buf_len=0;
+
+        if (a == NULL) 
+		{
+		ECerr(EC_F_ECPUBLICKEY_GET_OCTET, ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+
+        buf_len = EC_POINT_point2oct(a->group, a->pub_key, 
+                              a->conv_form, NULL, 0, NULL);
+
+	if (out == NULL || buf_len == 0)
+	/* out == NULL => just return the length of the octet string */
+		return buf_len;
+
+	if (*out == NULL)
+		if ((*out = OPENSSL_malloc(buf_len)) == NULL)
+			{
+			ECerr(EC_F_ECPUBLICKEY_GET_OCTET, 
+				ERR_R_MALLOC_FAILURE);
+			return 0;
+			}
+        if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form,
+				*out, buf_len, NULL))
+		{
+		ECerr(EC_F_ECPUBLICKEY_GET_OCTET, ERR_R_EC_LIB);
+		OPENSSL_free(*out);
+		*out = NULL;
+		return 0;
+		}
+	return buf_len;
+	}
diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c
new file mode 100644
index 0000000000..f22c5641a8
--- /dev/null
+++ b/crypto/ec/ec_check.c
@@ -0,0 +1,122 @@
+/* crypto/ec/ec_check.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "ec_lcl.h"
+#include <openssl/err.h>
+
+int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
+	{
+	int ret = 0;
+	BIGNUM *order;
+	BN_CTX *new_ctx = NULL;
+	EC_POINT *point = NULL;
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			{
+			ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		}
+	BN_CTX_start(ctx);
+	if ((order = BN_CTX_get(ctx)) == NULL) goto err;
+
+	/* check the discriminant */
+	if (!EC_GROUP_check_discriminant(group, ctx))
+		{
+		ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO);
+		goto err;
+		}
+
+	/* check the generator */
+	if (group->generator == NULL)
+		{
+		ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
+		goto err;
+		}
+	if (!EC_POINT_is_on_curve(group, group->generator, ctx))
+		{
+		ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
+		goto err;
+		}
+
+	/* check the order of the generator */
+	if ((point = EC_POINT_new(group)) == NULL) goto err;
+	if (!EC_GROUP_get_order(group, order, ctx)) goto err; 
+	if (BN_is_zero(order))
+		{
+		ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER);
+		goto err;
+		}
+	
+	if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx)) goto err;
+	if (!EC_POINT_is_at_infinity(group, point))
+		{
+		ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER);
+		goto err;
+		}
+
+	ret = 1;
+
+err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	if (point)
+		EC_POINT_free(point);
+	return ret;
+	}
diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
new file mode 100644
index 0000000000..cb7776346d
--- /dev/null
+++ b/crypto/ec/ec_curve.c
@@ -0,0 +1,1213 @@
+/* crypto/ec/ec_curve.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by 
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include "ec_lcl.h"
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+
+typedef struct ec_curve_data_st {
+	int	field_type;	/* either NID_X9_62_prime_field or
+				 * NID_X9_62_characteristic_two_field */
+	const char *p;		/* either a prime number or a polynomial */
+	const char *a;
+	const char *b;
+	const char *x;		/* the x coordinate of the generator */
+	const char *y;		/* the y coordinate of the generator */
+	const char *order;	/* the order of the group generated by the
+				 * generator */
+	const BN_ULONG cofactor;/* the cofactor */
+	const unsigned char *seed;/* the seed (optional) */
+	size_t	seed_len;
+	const char *comment;	/* a short (less than 80 characters)
+				 * description of the curve */
+} EC_CURVE_DATA;
+
+/* the nist prime curves */
+static const unsigned char _EC_NIST_PRIME_192_SEED[] = {
+	0x30,0x45,0xAE,0x6F,0xC8,0x42,0x2F,0x64,0xED,0x57,
+	0x95,0x28,0xD3,0x81,0x20,0xEA,0xE1,0x21,0x96,0xD5};
+static const EC_CURVE_DATA _EC_NIST_PRIME_192 = {
+	NID_X9_62_prime_field,
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+	"64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
+	"188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
+	"07192b95ffc8da78631011ed6b24cdd573f977a11e794811",
+	"FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",1,
+	_EC_NIST_PRIME_192_SEED, 20,
+	"192 bit prime curve from the X9.62 draft"
+	};
+
+static const unsigned char _EC_NIST_PRIME_224_SEED[] = {
+	0xBD,0x71,0x34,0x47,0x99,0xD5,0xC7,0xFC,0xDC,0x45,
+	0xB5,0x9F,0xA3,0xB9,0xAB,0x8F,0x6A,0x94,0x8B,0xC5};
+static const EC_CURVE_DATA _EC_NIST_PRIME_224 = {
+	NID_X9_62_prime_field,
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
+	"B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
+	"B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
+	"bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",1,
+	_EC_NIST_PRIME_224_SEED, 20,
+	"SECG/NIST recommended curve over a 224 bit prime field"
+	};
+
+static const unsigned char _EC_NIST_PRIME_384_SEED[] = {
+	0xA3,0x35,0x92,0x6A,0xA3,0x19,0xA2,0x7A,0x1D,0x00,
+	0x89,0x6A,0x67,0x73,0xA4,0x82,0x7A,0xCD,0xAC,0x73};
+static const EC_CURVE_DATA _EC_NIST_PRIME_384 = {
+	NID_X9_62_prime_field,
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF"
+	"FFF0000000000000000FFFFFFFF",
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF"
+	"FFF0000000000000000FFFFFFFC",
+	"B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC6563"
+	"98D8A2ED19D2A85C8EDD3EC2AEF",
+	"AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F"
+	"25DBF55296C3A545E3872760AB7",
+	"3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b"
+	"1ce1d7e819d7a431d7c90ea0e5f",
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0"
+	"DB248B0A77AECEC196ACCC52973",1,
+	_EC_NIST_PRIME_384_SEED, 20,
+	"SECG/NIST recommended curve over a 384 bit prime field"
+	};
+
+static const unsigned char _EC_NIST_PRIME_521_SEED[] = {
+	0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC,
+	0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA};
+static const EC_CURVE_DATA _EC_NIST_PRIME_521 = {
+	NID_X9_62_prime_field,
+	"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+	"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
+	"051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156"
+	"193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
+	"C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14"
+	"B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
+	"011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c9"
+	"7ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
+	"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51"
+	"868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",1,
+	_EC_NIST_PRIME_521_SEED, 20,
+	"SECG/NIST recommended curve over a 521 bit prime field"
+	};
+/* the x9.62 prime curves (minus the nist prime curves) */
+static const unsigned char _EC_X9_62_PRIME_192V2_SEED[] = {
+	0x31,0xA9,0x2E,0xE2,0x02,0x9F,0xD1,0x0D,0x90,0x1B,
+	0x11,0x3E,0x99,0x07,0x10,0xF0,0xD2,0x1A,0xC6,0xB6};
+static const EC_CURVE_DATA _EC_X9_62_PRIME_192V2 = {
+	NID_X9_62_prime_field,
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+	"CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
+	"EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
+	"6574d11d69b6ec7a672bb82a083df2f2b0847de970b2de15",
+	"FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",1,
+	_EC_X9_62_PRIME_192V2_SEED, 20,
+	"192 bit prime curve from the X9.62 draft"
+	};
+
+static const unsigned char _EC_X9_62_PRIME_192V3_SEED[] = {
+	0xC4,0x69,0x68,0x44,0x35,0xDE,0xB3,0x78,0xC4,0xB6,
+	0x5C,0xA9,0x59,0x1E,0x2A,0x57,0x63,0x05,0x9A,0x2E};
+static const EC_CURVE_DATA _EC_X9_62_PRIME_192V3 = {
+	NID_X9_62_prime_field,
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+	"22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
+	"7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
+	"38a90f22637337334b49dcb66a6dc8f9978aca7648a943b0",
+	"FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",1,
+	_EC_X9_62_PRIME_192V3_SEED, 20,
+	"192 bit prime curve from the X9.62 draft"
+	};
+
+static const unsigned char _EC_X9_62_PRIME_239V1_SEED[] = {
+	0xE4,0x3B,0xB4,0x60,0xF0,0xB8,0x0C,0xC0,0xC0,0xB0,
+	0x75,0x79,0x8E,0x94,0x80,0x60,0xF8,0x32,0x1B,0x7D};
+static const EC_CURVE_DATA _EC_X9_62_PRIME_239V1 = {
+	NID_X9_62_prime_field,
+	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
+	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+	"6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
+	"0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
+	"7debe8e4e90a5dae6e4054ca530ba04654b36818ce226b39fccb7b02f1ae",
+	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",1,
+	_EC_X9_62_PRIME_239V1_SEED, 20,
+	"239 bit prime curve from the X9.62 draft"
+	};
+
+static const unsigned char _EC_X9_62_PRIME_239V2_SEED[] = {
+	0xE8,0xB4,0x01,0x16,0x04,0x09,0x53,0x03,0xCA,0x3B,
+	0x80,0x99,0x98,0x2B,0xE0,0x9F,0xCB,0x9A,0xE6,0x16};
+static const EC_CURVE_DATA _EC_X9_62_PRIME_239V2 = {
+	NID_X9_62_prime_field,
+	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
+	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+	"617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
+	"38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
+	"5b0125e4dbea0ec7206da0fc01d9b081329fb555de6ef460237dff8be4ba",
+	"7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",1,
+	_EC_X9_62_PRIME_239V2_SEED, 20,
+	"239 bit prime curve from the X9.62 draft"
+	};
+
+static const unsigned char _EC_X9_62_PRIME_239V3_SEED[] = {
+	0x7D,0x73,0x74,0x16,0x8F,0xFE,0x34,0x71,0xB6,0x0A,
+	0x85,0x76,0x86,0xA1,0x94,0x75,0xD3,0xBF,0xA2,0xFF};
+static const EC_CURVE_DATA _EC_X9_62_PRIME_239V3 = {
+	NID_X9_62_prime_field,
+	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
+	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+	"255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
+	"6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
+	"1607e6898f390c06bc1d552bad226f3b6fcfe48b6e818499af18e3ed6cf3",
+	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",1,
+	_EC_X9_62_PRIME_239V3_SEED, 20,
+	"239 bit prime curve from the X9.62 draft"
+	};
+
+static const unsigned char _EC_X9_62_PRIME_256V1_SEED[] = {
+	0xC4,0x9D,0x36,0x08,0x86,0xE7,0x04,0x93,0x6A,0x66,
+	0x78,0xE1,0x13,0x9D,0x26,0xB7,0x81,0x9F,0x7E,0x90};
+static const EC_CURVE_DATA _EC_X9_62_PRIME_256V1 = {
+	NID_X9_62_prime_field,
+	"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
+	"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
+	"5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
+	"6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
+	"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
+	"FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",1,
+	_EC_X9_62_PRIME_256V1_SEED, 20,
+	"256 bit prime curve from the X9.62 draft"
+	};
+/* the secg prime curves (minus the nist and x9.62 prime curves) */
+static const unsigned char _EC_SECG_PRIME_112R1_SEED[] = {
+	0x00,0xF5,0x0B,0x02,0x8E,0x4D,0x69,0x6E,0x67,0x68,
+	0x75,0x61,0x51,0x75,0x29,0x04,0x72,0x78,0x3F,0xB1};
+static const EC_CURVE_DATA _EC_SECG_PRIME_112R1 = {
+	NID_X9_62_prime_field,
+	"DB7C2ABF62E35E668076BEAD208B",
+	"DB7C2ABF62E35E668076BEAD2088",
+	"659EF8BA043916EEDE8911702B22",
+	"09487239995A5EE76B55F9C2F098",
+	"a89ce5af8724c0a23e0e0ff77500",
+	"DB7C2ABF62E35E7628DFAC6561C5",1,
+	_EC_SECG_PRIME_112R1_SEED, 20,
+	"SECG/WTLS recommended curve over a 112 bit prime field"
+	};
+
+static const unsigned char _EC_SECG_PRIME_112R2_SEED[] = {
+	0x00,0x27,0x57,0xA1,0x11,0x4D,0x69,0x6E,0x67,0x68,
+	0x75,0x61,0x51,0x75,0x53,0x16,0xC0,0x5E,0x0B,0xD4};
+static const EC_CURVE_DATA _EC_SECG_PRIME_112R2 = {
+	NID_X9_62_prime_field,
+	"DB7C2ABF62E35E668076BEAD208B",
+	"6127C24C05F38A0AAAF65C0EF02C",
+	"51DEF1815DB5ED74FCC34C85D709",
+	"4BA30AB5E892B4E1649DD0928643",
+	"adcd46f5882e3747def36e956e97",
+	"36DF0AAFD8B8D7597CA10520D04B",4, 
+	_EC_SECG_PRIME_112R2_SEED, 20,
+	"SECG recommended curve over a 112 bit prime field"
+	};
+
+static const unsigned char _EC_SECG_PRIME_128R1_SEED[] = {
+	0x00,0x0E,0x0D,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,
+	0x51,0x75,0x0C,0xC0,0x3A,0x44,0x73,0xD0,0x36,0x79};
+static const EC_CURVE_DATA _EC_SECG_PRIME_128R1 = {
+	NID_X9_62_prime_field,
+	"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
+	"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
+	"E87579C11079F43DD824993C2CEE5ED3",
+	"161FF7528B899B2D0C28607CA52C5B86",
+	"cf5ac8395bafeb13c02da292dded7a83",
+	"FFFFFFFE0000000075A30D1B9038A115",1,
+	_EC_SECG_PRIME_128R1_SEED, 20,
+	"SECG recommended curve over a 128 bit prime field"
+	};
+
+static const unsigned char _EC_SECG_PRIME_128R2_SEED[] = {
+	0x00,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,
+	0x12,0xD8,0xF0,0x34,0x31,0xFC,0xE6,0x3B,0x88,0xF4};
+static const EC_CURVE_DATA _EC_SECG_PRIME_128R2 = {
+	NID_X9_62_prime_field,
+	"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
+	"D6031998D1B3BBFEBF59CC9BBFF9AEE1",
+	"5EEEFCA380D02919DC2C6558BB6D8A5D",
+	"7B6AA5D85E572983E6FB32A7CDEBC140",
+	"27b6916a894d3aee7106fe805fc34b44",
+	"3FFFFFFF7FFFFFFFBE0024720613B5A3",4,
+	_EC_SECG_PRIME_128R2_SEED, 20,
+	"SECG recommended curve over a 128 bit prime field"
+	};
+
+static const EC_CURVE_DATA _EC_SECG_PRIME_160K1 = {
+	NID_X9_62_prime_field,
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
+	"0",
+	"7",
+	"3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
+	"938cf935318fdced6bc28286531733c3f03c4fee",
+	"0100000000000000000001B8FA16DFAB9ACA16B6B3",1,
+	NULL, 0,
+	"SECG recommended curve over a 160 bit prime field"
+	};
+
+static const unsigned char _EC_SECG_PRIME_160R1_SEED[] = {
+	0x10,0x53,0xCD,0xE4,0x2C,0x14,0xD6,0x96,0xE6,0x76,
+	0x87,0x56,0x15,0x17,0x53,0x3B,0xF3,0xF8,0x33,0x45};
+static const EC_CURVE_DATA _EC_SECG_PRIME_160R1 = {
+	NID_X9_62_prime_field,
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
+	"1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
+	"4A96B5688EF573284664698968C38BB913CBFC82",
+	"23a628553168947d59dcc912042351377ac5fb32",
+	"0100000000000000000001F4C8F927AED3CA752257",1,
+	_EC_SECG_PRIME_160R1_SEED, 20,
+	"SECG recommended curve over a 160 bit prime field"
+	};
+
+static const unsigned char _EC_SECG_PRIME_160R2_SEED[] = {
+	0xB9,0x9B,0x99,0xB0,0x99,0xB3,0x23,0xE0,0x27,0x09,
+	0xA4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x51};
+static const EC_CURVE_DATA _EC_SECG_PRIME_160R2 = {
+	NID_X9_62_prime_field,
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
+	"B4E134D3FB59EB8BAB57274904664D5AF50388BA",
+	"52DCB034293A117E1F4FF11B30F7199D3144CE6D",
+	"feaffef2e331f296e071fa0df9982cfea7d43f2e",
+	"0100000000000000000000351EE786A818F3A1A16B",1,
+	_EC_SECG_PRIME_160R2_SEED, 20,
+	"SECG/WTLS recommended curve over a 160 bit prime field"
+	};
+
+static const EC_CURVE_DATA _EC_SECG_PRIME_192K1 = {
+	NID_X9_62_prime_field,
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
+	"0",
+	"3",
+	"DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
+	"9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d",
+	"FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",1,
+	NULL, 20,
+	"SECG recommended curve over a 192 bit prime field"
+	};
+
+static const EC_CURVE_DATA _EC_SECG_PRIME_224K1 = {
+	NID_X9_62_prime_field,
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
+	"0",
+	"5",
+	"A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
+	"7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5",
+	"010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",1,
+	NULL, 20,
+	"SECG recommended curve over a 224 bit prime field"
+	};
+
+static const EC_CURVE_DATA _EC_SECG_PRIME_256K1 = {
+	NID_X9_62_prime_field,
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
+	"0",
+	"7",
+	"79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
+	"483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8",
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",1,
+	NULL, 20,
+	"SECG recommended curve over a 256 bit prime field"
+	};
+
+/* some wap/wtls curves */
+static const EC_CURVE_DATA _EC_WTLS_8 = {
+	NID_X9_62_prime_field,
+	"FFFFFFFFFFFFFFFFFFFFFFFFFDE7",
+	"0",
+	"3",
+	"1",
+	"2",
+	"0100000000000001ECEA551AD837E9",1,
+	NULL, 20,
+	"112 bit prime curve from the WTLS standard"
+	};
+
+static const EC_CURVE_DATA _EC_WTLS_9 = {
+	NID_X9_62_prime_field,
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC808F",
+	"0",
+	"3",
+	"1",
+	"2",
+	"0100000000000000000001CDC98AE0E2DE574ABF33",1,
+	NULL, 20,
+	"160 bit prime curve from the WTLS standard"
+	};
+
+static const EC_CURVE_DATA _EC_WTLS_12 = {
+	NID_X9_62_prime_field,
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
+	"B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
+	"B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
+	"bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
+	"FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1,
+	NULL, 0,
+	"224 bit prime curve from the WTLS standard"
+	};
+
+/* characteristic two curves */
+static const unsigned char _EC_SECG_CHAR2_113R1_SEED[] = {
+	0x10,0xE7,0x23,0xAB,0x14,0xD6,0x96,0xE6,0x76,0x87,
+	0x56,0x15,0x17,0x56,0xFE,0xBF,0x8F,0xCB,0x49,0xA9};
+static const EC_CURVE_DATA _EC_SECG_CHAR2_113R1 = {
+	NID_X9_62_characteristic_two_field,
+	"020000000000000000000000000201",
+	"003088250CA6E7C7FE649CE85820F7",
+	"00E8BEE4D3E2260744188BE0E9C723",
+	"009D73616F35F4AB1407D73562C10F",
+	"00A52830277958EE84D1315ED31886",
+	"0100000000000000D9CCEC8A39E56F", 2,
+	_EC_SECG_CHAR2_113R1_SEED, 20,
+	"SECG recommended curve over a 113 bit binary field"
+	};
+
+static const unsigned char _EC_SECG_CHAR2_113R2_SEED[] = {
+	0x10,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE,
+	0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x5D};
+static const EC_CURVE_DATA _EC_SECG_CHAR2_113R2 = {
+	NID_X9_62_characteristic_two_field,
+	"020000000000000000000000000201",
+	"00689918DBEC7E5A0DD6DFC0AA55C7",
+	"0095E9A9EC9B297BD4BF36E059184F",
+	"01A57A6A7B26CA5EF52FCDB8164797",
+	"00B3ADC94ED1FE674C06E695BABA1D",
+	"010000000000000108789B2496AF93", 2,
+	_EC_SECG_CHAR2_113R2_SEED, 20,
+	"SECG recommended curve over a 113 bit binary field"
+	};
+
+static const unsigned char _EC_SECG_CHAR2_131R1_SEED[] = {
+	0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,0x98,
+	0x5B,0xD3,0xAD,0xBA,0xDA,0x21,0xB4,0x3A,0x97,0xE2};
+static const EC_CURVE_DATA _EC_SECG_CHAR2_131R1 = {
+	NID_X9_62_characteristic_two_field,
+	"080000000000000000000000000000010D",
+	"07A11B09A76B562144418FF3FF8C2570B8",
+	"0217C05610884B63B9C6C7291678F9D341",
+	"0081BAF91FDF9833C40F9C181343638399",
+	"078C6E7EA38C001F73C8134B1B4EF9E150",
+	"0400000000000000023123953A9464B54D", 2,
+	_EC_SECG_CHAR2_131R1_SEED, 20,
+	"SECG/WTLS recommended curve over a 131 bit binary field"
+	};
+
+static const unsigned char _EC_SECG_CHAR2_131R2_SEED[] = {
+	0x98,0x5B,0xD3,0xAD,0xBA,0xD4,0xD6,0x96,0xE6,0x76,
+	0x87,0x56,0x15,0x17,0x5A,0x21,0xB4,0x3A,0x97,0xE3};
+static const EC_CURVE_DATA _EC_SECG_CHAR2_131R2 = {
+	NID_X9_62_characteristic_two_field,
+	"080000000000000000000000000000010D",
+	"03E5A88919D7CAFCBF415F07C2176573B2",
+	"04B8266A46C55657AC734CE38F018F2192",
+	"0356DCD8F2F95031AD652D23951BB366A8",
+	"0648F06D867940A5366D9E265DE9EB240F",
+	"0400000000000000016954A233049BA98F", 2,
+	_EC_SECG_CHAR2_131R2_SEED, 20,
+	"SECG recommended curve over a 131 bit binary field"
+	};
+
+static const EC_CURVE_DATA _EC_SECG_CHAR2_163K1 = {
+	NID_X9_62_characteristic_two_field,
+	"0800000000000000000000000000000000000000C9",
+	"1",
+	"1",
+	"02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
+	"0289070FB05D38FF58321F2E800536D538CCDAA3D9",
+	"04000000000000000000020108A2E0CC0D99F8A5EF", 2,
+	NULL, 0,
+	"SECG/NIST/WTLS recommended curve over a 163 bit binary field"
+	};
+
+static const unsigned char _EC_SECG_CHAR2_163R1_SEED[] = {
+	0x24,0xB7,0xB1,0x37,0xC8,0xA1,0x4D,0x69,0x6E,0x67,
+	0x68,0x75,0x61,0x51,0x75,0x6F,0xD0,0xDA,0x2E,0x5C};
+static const EC_CURVE_DATA _EC_SECG_CHAR2_163R1 = {
+	NID_X9_62_characteristic_two_field,
+	"0800000000000000000000000000000000000000C9",
+	"07B6882CAAEFA84F9554FF8428BD88E246D2782AE2",
+	"0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9",
+	"0369979697AB43897789566789567F787A7876A654",
+	"00435EDB42EFAFB2989D51FEFCE3C80988F41FF883",
+	"03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", 2,
+	_EC_SECG_CHAR2_163R1_SEED, 20,
+	"SECG recommended curve over a 163 bit binary field"
+	};
+
+static const unsigned char _EC_SECG_CHAR2_163R2_SEED[] = {
+	0x85,0xE2,0x5B,0xFE,0x5C,0x86,0x22,0x6C,0xDB,0x12,
+	0x01,0x6F,0x75,0x53,0xF9,0xD0,0xE6,0x93,0xA2,0x68};
+static const EC_CURVE_DATA _EC_SECG_CHAR2_163R2 ={
+	NID_X9_62_characteristic_two_field,
+	"0800000000000000000000000000000000000000C9",
+	"1",
+	"020A601907B8C953CA1481EB10512F78744A3205FD",
+	"03F0EBA16286A2D57EA0991168D4994637E8343E36",
+	"00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
+	"040000000000000000000292FE77E70C12A4234C33", 2,
+	_EC_SECG_CHAR2_163R2_SEED, 20,
+	"SECG/NIST recommended curve over a 163 bit binary field"
+	};
+
+static const unsigned char _EC_SECG_CHAR2_193R1_SEED[] = {
+	0x10,0x3F,0xAE,0xC7,0x4D,0x69,0x6E,0x67,0x68,0x75,
+	0x61,0x51,0x75,0x77,0x7F,0xC5,0xB1,0x91,0xEF,0x30};
+static const EC_CURVE_DATA _EC_SECG_CHAR2_193R1 = {
+	NID_X9_62_characteristic_two_field,
+	"02000000000000000000000000000000000000000000008001",
+	"0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01",
+	"00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814",
+	"01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1",
+	"0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05",
+	"01000000000000000000000000C7F34A778F443ACC920EBA49", 2,
+	_EC_SECG_CHAR2_193R1_SEED, 20,
+	"SECG recommended curve over a 193 bit binary field"
+	};
+
+static const unsigned char _EC_SECG_CHAR2_193R2_SEED[] = {
+	0x10,0xB7,0xB4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,
+	0x17,0x51,0x37,0xC8,0xA1,0x6F,0xD0,0xDA,0x22,0x11};
+static const EC_CURVE_DATA _EC_SECG_CHAR2_193R2 = {
+	NID_X9_62_characteristic_two_field,
+	"02000000000000000000000000000000000000000000008001",
+	"0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B",
+	"00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE",
+	"00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F",
+	"01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C",
+	"010000000000000000000000015AAB561B005413CCD4EE99D5", 2,
+	_EC_SECG_CHAR2_193R2_SEED, 20,
+	"SECG recommended curve over a 193 bit binary field"
+	};
+
+static const EC_CURVE_DATA _EC_SECG_CHAR2_233K1 = {
+	NID_X9_62_characteristic_two_field,
+	"020000000000000000000000000000000000000004000000000000000001",
+	"0",
+	"1",
+	"017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
+	"01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
+	"008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", 4,
+	NULL, 0,
+	"SECG/NIST/WTLS recommended curve over a 233 bit binary field"
+	};
+
+static const unsigned char _EC_SECG_CHAR2_233R1_SEED[] = {
+	0x74,0xD5,0x9F,0xF0,0x7F,0x6B,0x41,0x3D,0x0E,0xA1,
+	0x4B,0x34,0x4B,0x20,0xA2,0xDB,0x04,0x9B,0x50,0xC3};
+static const EC_CURVE_DATA _EC_SECG_CHAR2_233R1 = {
+	NID_X9_62_characteristic_two_field,
+	"020000000000000000000000000000000000000004000000000000000001",
+	"000000000000000000000000000000000000000000000000000000000001",
+	"0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
+	"00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
+	"01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
+	"01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 2,
+	_EC_SECG_CHAR2_233R1_SEED, 20,
+	"SECG/NIST/WTLS recommended curve over a 233 bit binary field"
+	};
+
+static const EC_CURVE_DATA _EC_SECG_CHAR2_239K1 = {
+	NID_X9_62_characteristic_two_field,
+	"800000000000000000004000000000000000000000000000000000000001",
+	"0",
+	"1",
+	"29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC",
+	"76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA",
+	"2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", 4,
+	NULL, 0,
+	"SECG recommended curve over a 239 bit binary field"
+	};
+
+static const EC_CURVE_DATA _EC_SECG_CHAR2_283K1 = {
+	NID_X9_62_characteristic_two_field,
+	"080000000000000000000000000000000000000000000000000000000000000000001"
+	"0A1",
+	"0",
+	"1",
+	"0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492"
+	"836",
+	"01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2"
+	"259",
+	"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163"
+	"C61", 4,
+	NULL, 20,
+	"SECG/NIST recommended curve over a 283 bit binary field"
+	};
+
+static const unsigned char _EC_SECG_CHAR2_283R1_SEED[] = {
+	0x77,0xE2,0xB0,0x73,0x70,0xEB,0x0F,0x83,0x2A,0x6D,
+	0xD5,0xB6,0x2D,0xFC,0x88,0xCD,0x06,0xBB,0x84,0xBE};
+static const EC_CURVE_DATA _EC_SECG_CHAR2_283R1 = {
+	NID_X9_62_characteristic_two_field,
+	"080000000000000000000000000000000000000000000000000000000000000000001"
+	"0A1",
+	"000000000000000000000000000000000000000000000000000000000000000000000"
+	"001",
+	"027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A"
+	"2F5",
+	"05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12"
+	"053",
+	"03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE811"
+	"2F4",
+	"03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB"
+	"307", 2,
+	_EC_SECG_CHAR2_283R1_SEED, 20,
+	"SECG/NIST recommended curve over a 283 bit binary field"
+	};
+
+static const EC_CURVE_DATA _EC_SECG_CHAR2_409K1 = {
+	NID_X9_62_characteristic_two_field,
+	"020000000000000000000000000000000000000000000000000000000000000000000"
+	"00000000000008000000000000000000001",
+	"0",
+	"1",
+	"0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C4601"
+	"89EB5AAAA62EE222EB1B35540CFE9023746",
+	"01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6"
+	"C42E9C55215AA9CA27A5863EC48D8E0286B",
+	"007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400"
+	"EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", 4,
+	NULL, 0,
+	"SECG/NIST recommended curve over a 409 bit binary field"
+	};
+
+static const unsigned char _EC_SECG_CHAR2_409R1_SEED[] = {
+	0x40,0x99,0xB5,0xA4,0x57,0xF9,0xD6,0x9F,0x79,0x21,
+	0x3D,0x09,0x4C,0x4B,0xCD,0x4D,0x42,0x62,0x21,0x0B};
+static const EC_CURVE_DATA _EC_SECG_CHAR2_409R1 = {
+	NID_X9_62_characteristic_two_field,
+	"020000000000000000000000000000000000000000000000000000000000000000000"
+	"00000000000008000000000000000000001",
+	"000000000000000000000000000000000000000000000000000000000000000000000"
+	"00000000000000000000000000000000001",
+	"0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A19"
+	"7B272822F6CD57A55AA4F50AE317B13545F",
+	"015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255"
+	"A868A1180515603AEAB60794E54BB7996A7",
+	"0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514"
+	"F1FDF4B4F40D2181B3681C364BA0273C706",
+	"010000000000000000000000000000000000000000000000000001E2AAD6A612F3330"
+	"7BE5FA47C3C9E052F838164CD37D9A21173", 2,
+	_EC_SECG_CHAR2_409R1_SEED, 20,
+	"SECG/NIST recommended curve over a 409 bit binary field"
+	};
+
+static const EC_CURVE_DATA _EC_SECG_CHAR2_571K1 = {
+	NID_X9_62_characteristic_two_field,
+	"800000000000000000000000000000000000000000000000000000000000000000000"
+	"000000000000000000000000000000000000000000000000000000000000000000000"
+	"00425",
+	"0",
+	"1",
+	"026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA443709"
+	"58493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A0"
+	"1C8972",
+	"0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D497"
+	"9C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143E"
+	"F1C7A3",
+	"020000000000000000000000000000000000000000000000000000000000000000000"
+	"000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F63"
+	"7C1001", 4,
+	NULL, 0,
+	"SECG/NIST recommended curve over a 571 bit binary field"
+	};
+
+static const unsigned char _EC_SECG_CHAR2_571R1_SEED[] = {
+	0x2A,0xA0,0x58,0xF7,0x3A,0x0E,0x33,0xAB,0x48,0x6B,
+	0x0F,0x61,0x04,0x10,0xC5,0x3A,0x7F,0x13,0x23,0x10};
+static const EC_CURVE_DATA _EC_SECG_CHAR2_571R1 = {
+	NID_X9_62_characteristic_two_field,
+	"800000000000000000000000000000000000000000000000000000000000000000000"
+	"000000000000000000000000000000000000000000000000000000000000000000000"
+	"00425",
+	"000000000000000000000000000000000000000000000000000000000000000000000"
+	"000000000000000000000000000000000000000000000000000000000000000000000"
+	"000001",
+	"02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFA"
+	"BBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F29"
+	"55727A",
+	"0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53"
+	"950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8E"
+	"EC2D19",
+	"037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423"
+	"E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B"
+	"8AC15B",
+	"03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+	"FFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2F"
+	"E84E47", 2,
+	_EC_SECG_CHAR2_571R1_SEED, 20,
+	"SECG/NIST recommended curve over a 571 bit binary field"
+	};
+
+static const unsigned char _EC_X9_62_CHAR2_163V1_SEED[] = {
+	0xD2,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE,
+	0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x54};
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V1 = {
+	NID_X9_62_characteristic_two_field,
+	"080000000000000000000000000000000000000107",
+	"072546B5435234A422E0789675F432C89435DE5242",
+	"00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9",
+	"07AF69989546103D79329FCC3D74880F33BBE803CB",
+	"01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F",
+	"0400000000000000000001E60FC8821CC74DAEAFC1", 2,
+	_EC_X9_62_CHAR2_163V1_SEED, 20,
+	"163 bit binary curve from the X9.62 draft"
+	};
+
+static const unsigned char _EC_X9_62_CHAR2_163V2_SEED[] = {
+	0x53,0x81,0x4C,0x05,0x0D,0x44,0xD6,0x96,0xE6,0x76,
+	0x87,0x56,0x15,0x17,0x58,0x0C,0xA4,0xE2,0x9F,0xFD};
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V2 = {
+	NID_X9_62_characteristic_two_field,
+ 	"080000000000000000000000000000000000000107",
+	"0108B39E77C4B108BED981ED0E890E117C511CF072",
+	"0667ACEB38AF4E488C407433FFAE4F1C811638DF20",
+	"0024266E4EB5106D0A964D92C4860E2671DB9B6CC5",
+	"079F684DDF6684C5CD258B3890021B2386DFD19FC5",
+	"03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 2,
+	_EC_X9_62_CHAR2_163V2_SEED, 20,
+	"163 bit binary curve from the X9.62 draft"
+	};
+
+static const unsigned char _EC_X9_62_CHAR2_163V3_SEED[] = {
+	0x50,0xCB,0xF1,0xD9,0x5C,0xA9,0x4D,0x69,0x6E,0x67,
+	0x68,0x75,0x61,0x51,0x75,0xF1,0x6A,0x36,0xA3,0xB8};
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V3 = {
+	NID_X9_62_characteristic_two_field,
+	"080000000000000000000000000000000000000107",
+	"07A526C63D3E25A256A007699F5447E32AE456B50E",
+	"03F7061798EB99E238FD6F1BF95B48FEEB4854252B",
+	"02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB",
+	"05B935590C155E17EA48EB3FF3718B893DF59A05D0",
+	"03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 2,
+	_EC_X9_62_CHAR2_163V3_SEED, 20,
+	"163 bit binary curve from the X9.62 draft"
+	};
+
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_176V1 = {
+	NID_X9_62_characteristic_two_field,
+	"0100000000000000000000000000000000080000000007",
+	"E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B",
+	"5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2",
+	"8D16C2866798B600F9F08BB4A8E860F3298CE04A5798",
+	"6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C",
+	"00010092537397ECA4F6145799D62B0A19CE06FE26AD", 0xFF6E,
+	NULL, 0,
+	"176 bit binary curve from the X9.62 draft"
+	};
+
+static const unsigned char _EC_X9_62_CHAR2_191V1_SEED[] = {
+	0x4E,0x13,0xCA,0x54,0x27,0x44,0xD6,0x96,0xE6,0x76,
+	0x87,0x56,0x15,0x17,0x55,0x2F,0x27,0x9A,0x8C,0x84};
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V1 = {
+	NID_X9_62_characteristic_two_field,
+	"800000000000000000000000000000000000000000000201",
+	"2866537B676752636A68F56554E12640276B649EF7526267",
+	"2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC",
+	"36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D",
+	"765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB",
+	"40000000000000000000000004A20E90C39067C893BBB9A5", 2,
+	_EC_X9_62_CHAR2_191V1_SEED, 20,
+	"191 bit binary curve from the X9.62 draft"
+	};
+
+static const unsigned char _EC_X9_62_CHAR2_191V2_SEED[] = {
+	0x08,0x71,0xEF,0x2F,0xEF,0x24,0xD6,0x96,0xE6,0x76,
+	0x87,0x56,0x15,0x17,0x58,0xBE,0xE0,0xD9,0x5C,0x15};
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V2 = {
+	NID_X9_62_characteristic_two_field,
+	"800000000000000000000000000000000000000000000201",
+	"401028774D7777C7B7666D1366EA432071274F89FF01E718",
+	"0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01",
+	"3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10",
+	"17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A",
+	"20000000000000000000000050508CB89F652824E06B8173", 4,
+	_EC_X9_62_CHAR2_191V2_SEED, 20,
+	"191 bit binary curve from the X9.62 draft"
+	};
+
+static const unsigned char _EC_X9_62_CHAR2_191V3_SEED[] = {
+	0xE0,0x53,0x51,0x2D,0xC6,0x84,0xD6,0x96,0xE6,0x76,
+	0x87,0x56,0x15,0x17,0x50,0x67,0xAE,0x78,0x6D,0x1F};
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V3 = {
+	NID_X9_62_characteristic_two_field,
+	"800000000000000000000000000000000000000000000201",
+	"6C01074756099122221056911C77D77E77A777E7E7E77FCB",
+	"71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8",
+	"375D4CE24FDE434489DE8746E71786015009E66E38A926DD",
+	"545A39176196575D985999366E6AD34CE0A77CD7127B06BE",
+	"155555555555555555555555610C0B196812BFB6288A3EA3", 6,
+	_EC_X9_62_CHAR2_191V3_SEED, 20,
+	"191 bit binary curve from the X9.62 draft"
+	};
+
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_208W1 = {
+	NID_X9_62_characteristic_two_field,
+	"010000000000000000000000000000000800000000000000000007",
+	"0000000000000000000000000000000000000000000000000000",
+	"C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E",
+	"89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A",
+	"0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3",
+	"000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 0xFE48,
+	NULL, 0,
+	"208 bit binary curve from the X9.62 draft"
+	};
+
+static const unsigned char _EC_X9_62_CHAR2_239V1_SEED[] = {
+	0xD3,0x4B,0x9A,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,
+	0x51,0x75,0xCA,0x71,0xB9,0x20,0xBF,0xEF,0xB0,0x5D};
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V1 = {
+	NID_X9_62_characteristic_two_field,
+	"800000000000000000000000000000000000000000000000001000000001",
+	"32010857077C5431123A46B808906756F543423E8D27877578125778AC76",
+	"790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16",
+	"57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D",
+	"61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305",
+	"2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 4,
+	_EC_X9_62_CHAR2_239V1_SEED, 20,
+	"239 bit binary curve from the X9.62 draft"
+	};
+
+static const unsigned char _EC_X9_62_CHAR2_239V2_SEED[] = {
+	0x2A,0xA6,0x98,0x2F,0xDF,0xA4,0xD6,0x96,0xE6,0x76,
+	0x87,0x56,0x15,0x17,0x5D,0x26,0x67,0x27,0x27,0x7D};
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V2 = {
+	NID_X9_62_characteristic_two_field,
+	"800000000000000000000000000000000000000000000000001000000001",
+	"4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F",
+	"5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B",
+	"28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205",
+	"5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833",
+	"1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 6,
+	_EC_X9_62_CHAR2_239V2_SEED, 20,
+	"239 bit binary curve from the X9.62 draft"
+	};
+
+static const unsigned char _EC_X9_62_CHAR2_239V3_SEED[] = {
+	0x9E,0x07,0x6F,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,
+	0x51,0x75,0xE1,0x1E,0x9F,0xDD,0x77,0xF9,0x20,0x41};
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V3 = {
+	NID_X9_62_characteristic_two_field,
+	"800000000000000000000000000000000000000000000000001000000001",
+	"01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F",
+	"6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40",
+	"70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92",
+	"2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461",
+	"0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 0xA,
+	_EC_X9_62_CHAR2_239V3_SEED, 20,
+	"239 bit binary curve from the X9.62 draft"
+	};
+
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_272W1 = {
+	NID_X9_62_characteristic_two_field,
+	"010000000000000000000000000000000000000000000000000000010000000000000"
+	"B",
+	"91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20",
+	"7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7",
+	"6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D",
+	"10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23",
+	"000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521",
+	0xFF06,
+	NULL, 0,
+	"272 bit binary curve from the X9.62 draft"
+	};
+
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_304W1 = {
+	NID_X9_62_characteristic_two_field,
+	"010000000000000000000000000000000000000000000000000000000000000000000"
+	"000000807",
+	"FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A039"
+	"6C8E681",
+	"BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E558"
+	"27340BE",
+	"197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F7"
+	"40A2614",
+	"E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1"
+	"B92C03B",
+	"000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164"
+	"443051D", 0xFE2E,
+	NULL, 0,
+	"304 bit binary curve from the X9.62 draft"
+	};
+
+static const unsigned char _EC_X9_62_CHAR2_359V1_SEED[] = {
+	0x2B,0x35,0x49,0x20,0xB7,0x24,0xD6,0x96,0xE6,0x76,
+	0x87,0x56,0x15,0x17,0x58,0x5B,0xA1,0x33,0x2D,0xC6};
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_359V1 = {
+	NID_X9_62_characteristic_two_field,
+	"800000000000000000000000000000000000000000000000000000000000000000000"
+	"000100000000000000001",
+	"5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05"
+	"656FB549016A96656A557",
+	"2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC34562608968"
+	"7742B6329E70680231988",
+	"3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE9"
+	"8E8E707C07A2239B1B097",
+	"53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E"
+	"4AE2DE211305A407104BD",
+	"01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB9"
+	"64FE7719E74F490758D3B", 0x4C,
+	_EC_X9_62_CHAR2_359V1_SEED, 20,
+	"359 bit binary curve from the X9.62 draft"
+	};
+
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_368W1 = {
+	NID_X9_62_characteristic_two_field,
+	"010000000000000000000000000000000000000000000000000000000000000000000"
+	"0002000000000000000000007",
+	"E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62"
+	"F0AB7519CCD2A1A906AE30D",
+	"FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112"
+	"D84D164F444F8F74786046A",
+	"1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E78"
+	"9E927BE216F02E1FB136A5F",
+	"7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855"
+	"ADAA81E2A0750B80FDA2310",
+	"00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E90"
+	"9AE40A6F131E9CFCE5BD967", 0xFF70,
+	NULL, 0,
+	"368 bit binary curve from the X9.62 draft"
+	};
+
+static const EC_CURVE_DATA _EC_X9_62_CHAR2_431R1 = {
+	NID_X9_62_characteristic_two_field,
+	"800000000000000000000000000000000000000000000000000000000000000000000"
+	"000000001000000000000000000000000000001",
+	"1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0E"
+	"B9906D0957F6C6FEACD615468DF104DE296CD8F",
+	"10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B6"
+	"26D4E50A8DD731B107A9962381FB5D807BF2618",
+	"120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C2"
+	"1E7C5EFE965361F6C2999C0C247B0DBD70CE6B7",
+	"20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6"
+	"ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760",
+	"0340340340340340340340340340340340340340340340340340340323C313FAB5058"
+	"9703B5EC68D3587FEC60D161CC149C1AD4A91", 0x2760,
+	NULL, 0,
+	"431 bit binary curve from the X9.62 draft"
+	};
+
+static const EC_CURVE_DATA _EC_WTLS_1 = {
+	NID_X9_62_characteristic_two_field,
+	"020000000000000000000000000201",
+	"1",
+	"1",
+	"01667979A40BA497E5D5C270780617",
+	"00F44B4AF1ECC2630E08785CEBCC15",
+	"00FFFFFFFFFFFFFFFDBF91AF6DEA73", 2,
+	NULL, 0,
+	"113 bit binary curve from the WTLS standard"
+	};
+
+typedef struct _ec_list_element_st {
+	int	nid;
+	const EC_CURVE_DATA *data;
+	} ec_list_element;
+
+static const ec_list_element curve_list[] = {
+	/* prime field curves */	
+	/* secg curves */
+	{ NID_secp112r1, &_EC_SECG_PRIME_112R1},
+	{ NID_secp112r2, &_EC_SECG_PRIME_112R2},
+	{ NID_secp128r1, &_EC_SECG_PRIME_128R1},
+	{ NID_secp128r2, &_EC_SECG_PRIME_128R2},
+	{ NID_secp160k1, &_EC_SECG_PRIME_160K1},
+	{ NID_secp160r1, &_EC_SECG_PRIME_160R1},
+	{ NID_secp160r2, &_EC_SECG_PRIME_160R2},
+	{ NID_secp192k1, &_EC_SECG_PRIME_192K1},
+	{ NID_secp224k1, &_EC_SECG_PRIME_224K1},
+	{ NID_secp224r1, &_EC_NIST_PRIME_224},
+	{ NID_secp256k1, &_EC_SECG_PRIME_256K1},
+	{ NID_secp384r1, &_EC_NIST_PRIME_384},
+	{ NID_secp521r1, &_EC_NIST_PRIME_521},
+	/* X9.62 curves */
+	{ NID_X9_62_prime192v1,  &_EC_NIST_PRIME_192},
+	{ NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2},
+	{ NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3},
+	{ NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1},
+	{ NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2},
+	{ NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3},
+	{ NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1},
+	/* characteristic two field curves */
+	/* secg curves */
+	{ NID_sect113r1, &_EC_SECG_CHAR2_113R1},
+	{ NID_sect113r2, &_EC_SECG_CHAR2_113R2},
+	{ NID_sect131r1, &_EC_SECG_CHAR2_131R1},
+	{ NID_sect131r2, &_EC_SECG_CHAR2_131R2},
+	{ NID_sect163k1, &_EC_SECG_CHAR2_163K1},
+	{ NID_sect163r1, &_EC_SECG_CHAR2_163R1},
+	{ NID_sect163r2, &_EC_SECG_CHAR2_163R2},
+	{ NID_sect193r1, &_EC_SECG_CHAR2_193R1},
+	{ NID_sect193r2, &_EC_SECG_CHAR2_193R2},
+	{ NID_sect233k1, &_EC_SECG_CHAR2_233K1},
+	{ NID_sect233r1, &_EC_SECG_CHAR2_233R1},
+	{ NID_sect239k1, &_EC_SECG_CHAR2_239K1},
+	{ NID_sect283k1, &_EC_SECG_CHAR2_283K1},
+	{ NID_sect283r1, &_EC_SECG_CHAR2_283R1},
+	{ NID_sect409k1, &_EC_SECG_CHAR2_409K1},
+	{ NID_sect409r1, &_EC_SECG_CHAR2_409R1},
+	{ NID_sect571k1, &_EC_SECG_CHAR2_571K1},
+	{ NID_sect571r1, &_EC_SECG_CHAR2_571R1},
+	/* X9.62 curves */
+	{ NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1},
+	{ NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2},
+	{ NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3},
+	{ NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1},
+	{ NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1},
+	{ NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2},
+	{ NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3},
+	{ NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1},
+	{ NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1},
+	{ NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2},
+	{ NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3},
+	{ NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1},
+	{ NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1},
+	{ NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1},
+	{ NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1},
+	{ NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1},
+	/* the WAP/WTLS curves */
+	{ NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1},
+	{ NID_wap_wsg_idm_ecid_wtls3, &_EC_SECG_CHAR2_163K1},
+	{ NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1},
+	{ NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1},
+	{ NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1},
+	{ NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2},
+	{ NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8},
+	{ NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9 },
+	{ NID_wap_wsg_idm_ecid_wtls10, &_EC_SECG_CHAR2_233K1},
+	{ NID_wap_wsg_idm_ecid_wtls11, &_EC_SECG_CHAR2_233R1},
+	{ NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12},
+};
+
+static size_t curve_list_length = sizeof(curve_list)/sizeof(ec_list_element);
+
+static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)
+	{
+	EC_GROUP *group=NULL;
+	EC_POINT *P=NULL;
+	BN_CTX	 *ctx=NULL;
+	BIGNUM 	 *p=NULL, *a=NULL, *b=NULL, *x=NULL, *y=NULL, *order=NULL;
+	int	 ok=0;
+
+	if ((ctx = BN_CTX_new()) == NULL)
+		{
+		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || 
+		(b = BN_new()) == NULL || (x = BN_new()) == NULL ||
+		(y = BN_new()) == NULL || (order = BN_new()) == NULL)
+		{
+		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	
+	if (!BN_hex2bn(&p, data->p) || !BN_hex2bn(&a, data->a)
+		|| !BN_hex2bn(&b, data->b))
+		{
+		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+		goto err;
+		}
+
+	if (data->field_type == NID_X9_62_prime_field)
+		{
+		if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL)
+			{
+			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+			goto err;
+			}
+		}
+		else
+		{ /* field_type == NID_X9_62_characteristic_two_field */
+		if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL)
+			{
+			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+			goto err;
+			}
+		}
+
+	if ((P = EC_POINT_new(group)) == NULL)
+		{
+		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+		goto err;
+		}
+	
+	if (!BN_hex2bn(&x, data->x) || !BN_hex2bn(&y, data->y))
+		{
+		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+		goto err;
+		}
+	if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx))
+		{
+		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+		goto err;
+		}
+	if (!BN_hex2bn(&order, data->order) || !BN_set_word(x, data->cofactor))
+		{
+		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+		goto err;
+		}
+	if (!EC_GROUP_set_generator(group, P, order, x))
+		{
+		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+		goto err;
+		}
+	if (data->seed)
+		{
+		if (!EC_GROUP_set_seed(group, data->seed, data->seed_len))
+			{
+			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+			goto err;
+			}
+		}
+	ok=1;
+err:
+	if (!ok)
+		{
+		EC_GROUP_free(group);
+		group = NULL;
+		}
+	if (P)
+		EC_POINT_free(P);
+	if (ctx)
+		BN_CTX_free(ctx);
+	if (p)
+		BN_free(p);
+	if (a)
+		BN_free(a);
+	if (b)
+		BN_free(b);
+	if (order)
+		BN_free(order);
+	if (x)
+		BN_free(x);
+	if (y)
+		BN_free(y);
+	return group;
+	}
+
+EC_GROUP *EC_GROUP_new_by_nid(int nid)
+	{
+	size_t i;
+	EC_GROUP *ret = NULL;
+
+	if (nid <= 0)
+		return NULL;
+
+	for (i=0; i<curve_list_length; i++)
+		if (curve_list[i].nid == nid)
+			{
+			ret = ec_group_new_from_data(curve_list[i].data);
+			break;
+			}
+
+	if (ret == NULL)
+		{
+		ECerr(EC_F_EC_GROUP_NEW_BY_NID, EC_R_UNKNOWN_GROUP);
+		return NULL;
+		}
+
+	EC_GROUP_set_nid(ret, nid);
+
+	return ret;
+	}
+
+size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
+	{
+	size_t	i, min;
+
+	if (r == NULL || nitems == 0)
+		return curve_list_length;
+
+	min = nitems < curve_list_length ? nitems : curve_list_length;
+
+	for (i = 0; i < min; i++)
+		{
+		r[i].nid = curve_list[i].nid;
+		r[i].comment = curve_list[i].data->comment;
+		}
+
+	return curve_list_length;
+	}
diff --git a/crypto/ec/ec_cvt.c b/crypto/ec/ec_cvt.c
new file mode 100644
index 0000000000..d45640bab9
--- /dev/null
+++ b/crypto/ec/ec_cvt.c
@@ -0,0 +1,144 @@
+/* crypto/ec/ec_cvt.c */
+/*
+ * Originally written by Bodo Moeller for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <openssl/err.h>
+#include "ec_lcl.h"
+
+
+EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+	{
+	const EC_METHOD *meth;
+	EC_GROUP *ret;
+
+	meth = EC_GFp_nist_method();
+	
+	ret = EC_GROUP_new(meth);
+	if (ret == NULL)
+		return NULL;
+
+	if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx))
+		{
+		unsigned long err;
+		  
+		err = ERR_peek_last_error();
+
+		if (!(ERR_GET_LIB(err) == ERR_LIB_EC &&
+			((ERR_GET_REASON(err) == EC_R_NOT_A_NIST_PRIME) ||
+			 (ERR_GET_REASON(err) == EC_R_NOT_A_SUPPORTED_NIST_PRIME))))
+			{
+			/* real error */
+			
+			EC_GROUP_clear_free(ret);
+			return NULL;
+			}
+			
+		
+		/* not an actual error, we just cannot use EC_GFp_nist_method */
+
+		ERR_clear_error();
+
+		EC_GROUP_clear_free(ret);
+		meth = EC_GFp_mont_method();
+
+		ret = EC_GROUP_new(meth);
+		if (ret == NULL)
+			return NULL;
+
+		if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx))
+			{
+			EC_GROUP_clear_free(ret);
+			return NULL;
+			}
+		}
+
+	return ret;
+	}
+
+
+EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+	{
+	const EC_METHOD *meth;
+	EC_GROUP *ret;
+	
+	meth = EC_GF2m_simple_method();
+	
+	ret = EC_GROUP_new(meth);
+	if (ret == NULL)
+		return NULL;
+
+	if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx))
+		{
+		EC_GROUP_clear_free(ret);
+		return NULL;
+		}
+
+	return ret;
+	}
diff --git a/crypto/ec/ec_err.c b/crypto/ec/ec_err.c
new file mode 100644
index 0000000000..58ae9d682d
--- /dev/null
+++ b/crypto/ec/ec_err.c
@@ -0,0 +1,233 @@
+/* crypto/ec/ec_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ec.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA EC_str_functs[]=
+	{
+{ERR_PACK(0,EC_F_COMPUTE_WNAF,0),	"COMPUTE_WNAF"},
+{ERR_PACK(0,EC_F_D2I_ECPARAMETERS,0),	"d2i_ECParameters"},
+{ERR_PACK(0,EC_F_D2I_ECPKPARAMETERS,0),	"d2i_ECPKParameters"},
+{ERR_PACK(0,EC_F_D2I_ECPRIVATEKEY,0),	"d2i_ECPrivateKey"},
+{ERR_PACK(0,EC_F_ECPARAMETERS_PRINT,0),	"ECParameters_print"},
+{ERR_PACK(0,EC_F_ECPARAMETERS_PRINT_FP,0),	"ECParameters_print_fp"},
+{ERR_PACK(0,EC_F_ECPKPARAMETERS_PRINT,0),	"ECPKParameters_print"},
+{ERR_PACK(0,EC_F_ECPKPARAMETERS_PRINT_FP,0),	"ECPKParameters_print_fp"},
+{ERR_PACK(0,EC_F_ECPUBLICKEY_GET_OCTET,0),	"ECPUBLICKEY_GET_OCTET"},
+{ERR_PACK(0,EC_F_ECPUBLICKEY_SET_OCTET,0),	"ECPUBLICKEY_SET_OCTET"},
+{ERR_PACK(0,EC_F_ECP_NIST_MOD_192,0),	"ECP_NIST_MOD_192"},
+{ERR_PACK(0,EC_F_ECP_NIST_MOD_224,0),	"ECP_NIST_MOD_224"},
+{ERR_PACK(0,EC_F_ECP_NIST_MOD_256,0),	"ECP_NIST_MOD_256"},
+{ERR_PACK(0,EC_F_ECP_NIST_MOD_521,0),	"ECP_NIST_MOD_521"},
+{ERR_PACK(0,EC_F_EC_ASN1_GROUP2CURVE,0),	"EC_ASN1_GROUP2CURVE"},
+{ERR_PACK(0,EC_F_EC_ASN1_GROUP2FIELDID,0),	"EC_ASN1_GROUP2FIELDID"},
+{ERR_PACK(0,EC_F_EC_ASN1_GROUP2PARAMETERS,0),	"EC_ASN1_GROUP2PARAMETERS"},
+{ERR_PACK(0,EC_F_EC_ASN1_GROUP2PKPARAMETERS,0),	"EC_ASN1_GROUP2PKPARAMETERS"},
+{ERR_PACK(0,EC_F_EC_ASN1_PARAMETERS2GROUP,0),	"EC_ASN1_PARAMETERS2GROUP"},
+{ERR_PACK(0,EC_F_EC_ASN1_PKPARAMETERS2GROUP,0),	"EC_ASN1_PKPARAMETERS2GROUP"},
+{ERR_PACK(0,EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT,0),	"ec_GF2m_simple_group_check_discriminant"},
+{ERR_PACK(0,EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE,0),	"ec_GF2m_simple_group_set_curve"},
+{ERR_PACK(0,EC_F_EC_GF2M_SIMPLE_OCT2POINT,0),	"ec_GF2m_simple_oct2point"},
+{ERR_PACK(0,EC_F_EC_GF2M_SIMPLE_POINT2OCT,0),	"ec_GF2m_simple_point2oct"},
+{ERR_PACK(0,EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES,0),	"ec_GF2m_simple_point_get_affine_coordinates"},
+{ERR_PACK(0,EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES,0),	"ec_GF2m_simple_point_set_affine_coordinates"},
+{ERR_PACK(0,EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES,0),	"ec_GF2m_simple_set_compressed_coordinates"},
+{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_DECODE,0),	"ec_GFp_mont_field_decode"},
+{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_ENCODE,0),	"ec_GFp_mont_field_encode"},
+{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_MUL,0),	"ec_GFp_mont_field_mul"},
+{ERR_PACK(0,EC_F_EC_GFP_MONT_FIELD_SQR,0),	"ec_GFp_mont_field_sqr"},
+{ERR_PACK(0,EC_F_EC_GFP_NIST_FIELD_MUL,0),	"ec_GFp_nist_field_mul"},
+{ERR_PACK(0,EC_F_EC_GFP_NIST_FIELD_SQR,0),	"ec_GFp_nist_field_sqr"},
+{ERR_PACK(0,EC_F_EC_GFP_NIST_GROUP_SET_CURVE_GFP,0),	"EC_GFP_NIST_GROUP_SET_CURVE_GFP"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT,0),	"ec_GFp_simple_group_check_discriminant"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE,0),	"ec_GFp_simple_group_set_curve"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP,0),	"EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR,0),	"EC_GFP_SIMPLE_GROUP_SET_GENERATOR"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_MAKE_AFFINE,0),	"ec_GFp_simple_make_affine"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_OCT2POINT,0),	"ec_GFp_simple_oct2point"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT2OCT,0),	"ec_GFp_simple_point2oct"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE,0),	"ec_GFp_simple_points_make_affine"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES,0),	"ec_GFp_simple_point_get_affine_coordinates"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP,0),	"EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES,0),	"ec_GFp_simple_point_set_affine_coordinates"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP,0),	"EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,0),	"ec_GFp_simple_set_compressed_coordinates"},
+{ERR_PACK(0,EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP,0),	"EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP"},
+{ERR_PACK(0,EC_F_EC_GROUP_CHECK,0),	"EC_GROUP_check"},
+{ERR_PACK(0,EC_F_EC_GROUP_CHECK_DISCRIMINANT,0),	"EC_GROUP_check_discriminant"},
+{ERR_PACK(0,EC_F_EC_GROUP_COPY,0),	"EC_GROUP_copy"},
+{ERR_PACK(0,EC_F_EC_GROUP_GET0_GENERATOR,0),	"EC_GROUP_get0_generator"},
+{ERR_PACK(0,EC_F_EC_GROUP_GET_COFACTOR,0),	"EC_GROUP_get_cofactor"},
+{ERR_PACK(0,EC_F_EC_GROUP_GET_CURVE_GF2M,0),	"EC_GROUP_get_curve_GF2m"},
+{ERR_PACK(0,EC_F_EC_GROUP_GET_CURVE_GFP,0),	"EC_GROUP_get_curve_GFp"},
+{ERR_PACK(0,EC_F_EC_GROUP_GET_DEGREE,0),	"EC_GROUP_get_degree"},
+{ERR_PACK(0,EC_F_EC_GROUP_GET_EXTRA_DATA,0),	"EC_GROUP_get_extra_data"},
+{ERR_PACK(0,EC_F_EC_GROUP_GET_ORDER,0),	"EC_GROUP_get_order"},
+{ERR_PACK(0,EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS,0),	"EC_GROUP_get_pentanomial_basis"},
+{ERR_PACK(0,EC_F_EC_GROUP_GET_TRINOMIAL_BASIS,0),	"EC_GROUP_get_trinomial_basis"},
+{ERR_PACK(0,EC_F_EC_GROUP_GROUP2NID,0),	"EC_GROUP_GROUP2NID"},
+{ERR_PACK(0,EC_F_EC_GROUP_NEW,0),	"EC_GROUP_new"},
+{ERR_PACK(0,EC_F_EC_GROUP_NEW_BY_NID,0),	"EC_GROUP_new_by_nid"},
+{ERR_PACK(0,EC_F_EC_GROUP_NEW_FROM_DATA,0),	"EC_GROUP_NEW_FROM_DATA"},
+{ERR_PACK(0,EC_F_EC_GROUP_PRECOMPUTE_MULT,0),	"EC_GROUP_precompute_mult"},
+{ERR_PACK(0,EC_F_EC_GROUP_SET_CURVE_GF2M,0),	"EC_GROUP_set_curve_GF2m"},
+{ERR_PACK(0,EC_F_EC_GROUP_SET_CURVE_GFP,0),	"EC_GROUP_set_curve_GFp"},
+{ERR_PACK(0,EC_F_EC_GROUP_SET_EXTRA_DATA,0),	"EC_GROUP_set_extra_data"},
+{ERR_PACK(0,EC_F_EC_GROUP_SET_GENERATOR,0),	"EC_GROUP_set_generator"},
+{ERR_PACK(0,EC_F_EC_KEY_CHECK_KEY,0),	"EC_KEY_check_key"},
+{ERR_PACK(0,EC_F_EC_KEY_COPY,0),	"EC_KEY_copy"},
+{ERR_PACK(0,EC_F_EC_KEY_GENERATE_KEY,0),	"EC_KEY_generate_key"},
+{ERR_PACK(0,EC_F_EC_KEY_PRINT,0),	"EC_KEY_print"},
+{ERR_PACK(0,EC_F_EC_KEY_PRINT_FP,0),	"EC_KEY_print_fp"},
+{ERR_PACK(0,EC_F_EC_NEW,0),	"EC_NEW"},
+{ERR_PACK(0,EC_F_EC_POINTS_MAKE_AFFINE,0),	"EC_POINTs_make_affine"},
+{ERR_PACK(0,EC_F_EC_POINTS_MUL,0),	"EC_POINTs_mul"},
+{ERR_PACK(0,EC_F_EC_POINT_ADD,0),	"EC_POINT_add"},
+{ERR_PACK(0,EC_F_EC_POINT_CMP,0),	"EC_POINT_cmp"},
+{ERR_PACK(0,EC_F_EC_POINT_COPY,0),	"EC_POINT_copy"},
+{ERR_PACK(0,EC_F_EC_POINT_DBL,0),	"EC_POINT_dbl"},
+{ERR_PACK(0,EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,0),	"EC_POINT_get_affine_coordinates_GF2m"},
+{ERR_PACK(0,EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,0),	"EC_POINT_get_affine_coordinates_GFp"},
+{ERR_PACK(0,EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,0),	"EC_POINT_get_Jprojective_coordinates_GFp"},
+{ERR_PACK(0,EC_F_EC_POINT_IS_AT_INFINITY,0),	"EC_POINT_is_at_infinity"},
+{ERR_PACK(0,EC_F_EC_POINT_IS_ON_CURVE,0),	"EC_POINT_is_on_curve"},
+{ERR_PACK(0,EC_F_EC_POINT_MAKE_AFFINE,0),	"EC_POINT_make_affine"},
+{ERR_PACK(0,EC_F_EC_POINT_MUL,0),	"EC_POINT_mul"},
+{ERR_PACK(0,EC_F_EC_POINT_NEW,0),	"EC_POINT_new"},
+{ERR_PACK(0,EC_F_EC_POINT_OCT2POINT,0),	"EC_POINT_oct2point"},
+{ERR_PACK(0,EC_F_EC_POINT_POINT2OCT,0),	"EC_POINT_point2oct"},
+{ERR_PACK(0,EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,0),	"EC_POINT_set_affine_coordinates_GF2m"},
+{ERR_PACK(0,EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,0),	"EC_POINT_set_affine_coordinates_GFp"},
+{ERR_PACK(0,EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M,0),	"EC_POINT_set_compressed_coordinates_GF2m"},
+{ERR_PACK(0,EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,0),	"EC_POINT_set_compressed_coordinates_GFp"},
+{ERR_PACK(0,EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,0),	"EC_POINT_set_Jprojective_coordinates_GFp"},
+{ERR_PACK(0,EC_F_EC_POINT_SET_TO_INFINITY,0),	"EC_POINT_set_to_infinity"},
+{ERR_PACK(0,EC_F_EC_WNAF_MUL,0),	"ec_wNAF_mul"},
+{ERR_PACK(0,EC_F_EC_WNAF_PRECOMPUTE_MULT,0),	"ec_wNAF_precompute_mult"},
+{ERR_PACK(0,EC_F_GFP_MONT_GROUP_SET_CURVE,0),	"GFP_MONT_GROUP_SET_CURVE"},
+{ERR_PACK(0,EC_F_GFP_MONT_GROUP_SET_CURVE_GFP,0),	"GFP_MONT_GROUP_SET_CURVE_GFP"},
+{ERR_PACK(0,EC_F_I2D_ECPARAMETERS,0),	"i2d_ECParameters"},
+{ERR_PACK(0,EC_F_I2D_ECPKPARAMETERS,0),	"i2d_ECPKParameters"},
+{ERR_PACK(0,EC_F_I2D_ECPRIVATEKEY,0),	"i2d_ECPrivateKey"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA EC_str_reasons[]=
+	{
+{EC_R_ASN1_ERROR                         ,"asn1 error"},
+{EC_R_ASN1_UNKNOWN_FIELD                 ,"asn1 unknown field"},
+{EC_R_BUFFER_TOO_SMALL                   ,"buffer too small"},
+{EC_R_D2I_ECPKPARAMETERS_FAILURE         ,"d2i ecpkparameters failure"},
+{EC_R_DISCRIMINANT_IS_ZERO               ,"discriminant is zero"},
+{EC_R_EC_GROUP_NEW_BY_NAME_FAILURE       ,"ec group new by name failure"},
+{EC_R_GROUP2PKPARAMETERS_FAILURE         ,"group2pkparameters failure"},
+{EC_R_I2D_ECPKPARAMETERS_FAILURE         ,"i2d ecpkparameters failure"},
+{EC_R_INCOMPATIBLE_OBJECTS               ,"incompatible objects"},
+{EC_R_INTERNAL_ERROR                     ,"internal error"},
+{EC_R_INVALID_ARGUMENT                   ,"invalid argument"},
+{EC_R_INVALID_COMPRESSED_POINT           ,"invalid compressed point"},
+{EC_R_INVALID_COMPRESSION_BIT            ,"invalid compression bit"},
+{EC_R_INVALID_ENCODING                   ,"invalid encoding"},
+{EC_R_INVALID_FIELD                      ,"invalid field"},
+{EC_R_INVALID_FORM                       ,"invalid form"},
+{EC_R_INVALID_GROUP_ORDER                ,"invalid group order"},
+{EC_R_INVALID_PRIVATE_KEY                ,"invalid private key"},
+{EC_R_MISSING_PARAMETERS                 ,"missing parameters"},
+{EC_R_MISSING_PRIVATE_KEY                ,"missing private key"},
+{EC_R_NOT_A_NIST_PRIME                   ,"not a NIST prime"},
+{EC_R_NOT_A_SUPPORTED_NIST_PRIME         ,"not a supported NIST prime"},
+{EC_R_NOT_IMPLEMENTED                    ,"not implemented"},
+{EC_R_NOT_INITIALIZED                    ,"not initialized"},
+{EC_R_NO_FIELD_MOD                       ,"no field mod"},
+{EC_R_NO_SUCH_EXTRA_DATA                 ,"no such extra data"},
+{EC_R_PASSED_NULL_PARAMETER              ,"passed null parameter"},
+{EC_R_PKPARAMETERS2GROUP_FAILURE         ,"pkparameters2group failure"},
+{EC_R_POINT_AT_INFINITY                  ,"point at infinity"},
+{EC_R_POINT_IS_NOT_ON_CURVE              ,"point is not on curve"},
+{EC_R_SLOT_FULL                          ,"slot full"},
+{EC_R_UNDEFINED_GENERATOR                ,"undefined generator"},
+{EC_R_UNDEFINED_ORDER                    ,"undefined order"},
+{EC_R_UNKNOWN_GROUP                      ,"unknown group"},
+{EC_R_UNKNOWN_ORDER                      ,"unknown order"},
+{EC_R_UNSUPPORTED_FIELD                  ,"unsupported field"},
+{EC_R_WRONG_ORDER                        ,"wrong order"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_EC_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(ERR_LIB_EC,EC_str_functs);
+		ERR_load_strings(ERR_LIB_EC,EC_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
new file mode 100644
index 0000000000..d7758c91d3
--- /dev/null
+++ b/crypto/ec/ec_key.c
@@ -0,0 +1,377 @@
+/* crypto/ec/ec_key.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Portions originally developed by SUN MICROSYSTEMS, INC., and 
+ * contributed to the OpenSSL project.
+ */
+
+#include <string.h>
+#include "ec_lcl.h"
+#include <openssl/err.h>
+#include <string.h>
+
+EC_KEY *EC_KEY_new(void)
+	{
+	EC_KEY *ret;
+
+	ret=(EC_KEY *)OPENSSL_malloc(sizeof(EC_KEY));
+	if (ret == NULL)
+		{
+		ECerr(EC_F_EC_NEW, ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+
+	ret->version = 1;	
+	ret->group   = NULL;
+	ret->pub_key = NULL;
+	ret->priv_key= NULL;
+	ret->enc_flag= 0; 
+	ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
+	ret->references= 1;
+	ret->meth_data = NULL;
+	return(ret);
+	}
+
+
+void EC_KEY_free(EC_KEY *r)
+	{
+	int i;
+
+	if (r == NULL) return;
+
+	i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_EC);
+#ifdef REF_PRINT
+	REF_PRINT("EC_KEY",r);
+#endif
+	if (i > 0) return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"EC_KEY_free, bad reference count\n");
+		abort();
+		}
+#endif
+
+	if (r->group    != NULL) 
+		EC_GROUP_free(r->group);
+	if (r->pub_key  != NULL)
+		EC_POINT_free(r->pub_key);
+	if (r->priv_key != NULL)
+		BN_clear_free(r->priv_key);
+
+	if (r->meth_data && r->meth_data->finish)
+		r->meth_data->finish(r);
+
+	OPENSSL_cleanse((void *)r, sizeof(EC_KEY));
+
+	OPENSSL_free(r);
+	}
+
+EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
+	{
+	if (dest == NULL || src == NULL)
+		{
+		ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);
+		return NULL;
+		}
+	/* copy the parameters */
+	if (src->group)
+		{
+		const EC_METHOD *meth = EC_GROUP_method_of(src->group);
+		/* clear the old group */
+		if (dest->group)
+			EC_GROUP_free(dest->group);
+		dest->group = EC_GROUP_new(meth);
+		if (dest->group == NULL)
+			return NULL;
+		if (!EC_GROUP_copy(dest->group, src->group))
+			return NULL;
+		}
+	/*  copy the public key */
+	if (src->pub_key && src->group)
+		{
+		if (dest->pub_key)
+			EC_POINT_free(dest->pub_key);
+		dest->pub_key = EC_POINT_new(src->group);
+		if (dest->pub_key == NULL)
+			return NULL;
+		if (!EC_POINT_copy(dest->pub_key, src->pub_key))
+			return NULL;
+		}
+	/* copy the private key */
+	if (src->priv_key)
+		{
+		if (dest->priv_key == NULL)
+			{
+			dest->priv_key = BN_new();
+			if (dest->priv_key == NULL)
+				return NULL;
+			}
+		if (!BN_copy(dest->priv_key, src->priv_key))
+			return NULL;
+		}
+	/* copy the rest */
+	dest->enc_flag  = src->enc_flag;
+	dest->conv_form = src->conv_form;
+	dest->version   = src->version;
+
+	return dest;
+	}
+
+EC_KEY *EC_KEY_dup(const EC_KEY *eckey)
+	{
+	EC_KEY *ret = NULL;
+	int	ok = 1;
+
+	ret = EC_KEY_new();
+	if (ret == NULL)
+		return NULL;
+	/* copy the parameters */
+	if (eckey->group)
+		{
+		ret->group = EC_GROUP_dup(eckey->group);
+		if (ret->group == NULL)
+			ok = 0;
+		}
+	/*  copy the public key */
+	if (eckey->pub_key && eckey->group)
+		{
+		ret->pub_key = EC_POINT_dup(eckey->pub_key, eckey->group);
+		if (ret->pub_key == NULL)
+			ok = 0;
+		}
+	/* copy the private key */
+	if (eckey->priv_key)
+		{
+		ret->priv_key = BN_dup(ret->priv_key);
+		if (ret->priv_key == NULL)
+			ok = 0;
+		}
+	/* copy the rest */
+	ret->enc_flag  = eckey->enc_flag;
+	ret->conv_form = eckey->conv_form;
+	ret->version   = eckey->version;
+
+	if (!ok)
+		{
+		EC_KEY_free(ret);
+		ret = NULL;
+		}
+
+	return ret;
+	}
+
+int EC_KEY_up_ref(EC_KEY *r)
+	{
+	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC);
+#ifdef REF_PRINT
+	REF_PRINT("EC_KEY",r);
+#endif
+#ifdef REF_CHECK
+	if (i < 2)
+		{
+		fprintf(stderr, "EC_KEY_up, bad reference count\n");
+		abort();
+		}
+#endif
+	return ((i > 1) ? 1 : 0);
+	}
+
+int EC_KEY_generate_key(EC_KEY *eckey)
+	{	
+	int	ok = 0;
+	BN_CTX	*ctx = NULL;
+	BIGNUM	*priv_key = NULL, *order = NULL;
+	EC_POINT *pub_key = NULL;
+
+	if (!eckey || !eckey->group)
+		{
+		ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+
+	if ((order = BN_new()) == NULL) goto err;
+	if ((ctx = BN_CTX_new()) == NULL) goto err;
+
+	if (eckey->priv_key == NULL)
+		{
+		priv_key = BN_new();
+		if (priv_key == NULL)
+			goto err;
+		}
+	else
+		priv_key = eckey->priv_key;
+
+	if (!EC_GROUP_get_order(eckey->group, order, ctx))
+		goto err;
+
+	do
+		if (!BN_rand_range(priv_key, order))
+			goto err;
+	while (BN_is_zero(priv_key));
+
+	if (eckey->pub_key == NULL)
+		{
+		pub_key = EC_POINT_new(eckey->group);
+		if (pub_key == NULL)
+			goto err;
+		}
+	else
+		pub_key = eckey->pub_key;
+
+	if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx))
+		goto err;
+
+	eckey->priv_key = priv_key;
+	eckey->pub_key  = pub_key;
+
+	ok=1;
+
+err:	
+	if (order)
+		BN_free(order);
+	if (pub_key  != NULL && eckey->pub_key  == NULL)
+		EC_POINT_free(pub_key);
+	if (priv_key != NULL && eckey->priv_key == NULL)
+		BN_free(priv_key);
+	if (ctx != NULL)
+		BN_CTX_free(ctx);
+	return(ok);
+	}
+
+int EC_KEY_check_key(const EC_KEY *eckey)
+	{
+	int	ok   = 0;
+	BN_CTX	*ctx = NULL;
+	BIGNUM	*order  = NULL;
+	EC_POINT *point = NULL;
+
+	if (!eckey || !eckey->group || !eckey->pub_key)
+		{
+		ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	
+	if ((ctx = BN_CTX_new()) == NULL)
+		goto err;
+	if ((order = BN_new()) == NULL)
+		goto err;
+	if ((point = EC_POINT_new(eckey->group)) == NULL)
+		goto err;
+
+	/* testing whether the pub_key is on the elliptic curve */
+	if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx))
+		{
+		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
+		goto err;
+		}
+	/* testing whether pub_key * order is the point at infinity */
+	if (!EC_GROUP_get_order(eckey->group, order, ctx))
+		{
+		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
+		goto err;
+		}
+	if (!EC_POINT_copy(point, eckey->pub_key))
+		{
+		ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
+		goto err;
+		}
+	if (!EC_POINT_mul(eckey->group, point, order, NULL, NULL, ctx))
+		{
+		ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
+		goto err;
+		}
+	if (!EC_POINT_is_at_infinity(eckey->group, point))
+		{
+		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
+		goto err;
+		}
+	/* in case the priv_key is present : 
+	 * check if generator * priv_key == pub_key 
+	 */
+	if (eckey->priv_key)
+		{
+		if (BN_cmp(eckey->priv_key, order) >= 0)
+			{
+			ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
+			goto err;
+			}
+		if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,
+			NULL, NULL, ctx))
+			{
+			ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
+			goto err;
+			}
+		if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, 
+			ctx) != 0)
+			{
+			ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
+			goto err;
+			}
+		}
+	ok = 1;
+err:
+	if (ctx   != NULL)
+		BN_CTX_free(ctx);
+	if (order != NULL)
+		BN_free(order);
+	if (point != NULL)
+		EC_POINT_free(point);
+	return(ok);
+	}
diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h
new file mode 100644
index 0000000000..a96d0df1a4
--- /dev/null
+++ b/crypto/ec/ec_lcl.h
@@ -0,0 +1,365 @@
+/* crypto/ec/ec_lcl.h */
+/*
+ * Originally written by Bodo Moeller for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by 
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+
+#include <stdlib.h>
+
+#include <openssl/obj_mac.h>
+#include <openssl/ec.h>
+
+
+/* Structure details are not part of the exported interface,
+ * so all this may change in future versions. */
+
+struct ec_method_st {
+	/* used by EC_METHOD_get_field_type: */
+	int field_type; /* a NID */
+
+	/* used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free, EC_GROUP_copy: */
+	int (*group_init)(EC_GROUP *);
+	void (*group_finish)(EC_GROUP *);
+	void (*group_clear_finish)(EC_GROUP *);
+	int (*group_copy)(EC_GROUP *, const EC_GROUP *);
+
+	/* used by EC_GROUP_set_curve_GFp, EC_GROUP_get_curve_GFp, */
+	/* EC_GROUP_set_curve_GF2m, and EC_GROUP_get_curve_GF2m: */
+	int (*group_set_curve)(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+	int (*group_get_curve)(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
+
+	/* used by EC_GROUP_get_degree: */
+	int (*group_get_degree)(const EC_GROUP *);
+
+	/* used by EC_GROUP_check: */
+	int (*group_check_discriminant)(const EC_GROUP *, BN_CTX *);
+
+	/* used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free, EC_POINT_copy: */
+	int (*point_init)(EC_POINT *);
+	void (*point_finish)(EC_POINT *);
+	void (*point_clear_finish)(EC_POINT *);
+	int (*point_copy)(EC_POINT *, const EC_POINT *);
+
+	/* used by EC_POINT_set_to_infinity,
+	 * EC_POINT_set_Jprojective_coordinates_GFp,
+	 * EC_POINT_get_Jprojective_coordinates_GFp,
+	 * EC_POINT_set_affine_coordinates_GFp,     ..._GF2m,
+	 * EC_POINT_get_affine_coordinates_GFp,     ..._GF2m,
+	 * EC_POINT_set_compressed_coordinates_GFp, ..._GF2m:
+	 */
+	int (*point_set_to_infinity)(const EC_GROUP *, EC_POINT *);
+	int (*point_set_Jprojective_coordinates_GFp)(const EC_GROUP *, EC_POINT *,
+		const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
+	int (*point_get_Jprojective_coordinates_GFp)(const EC_GROUP *, const EC_POINT *,
+		BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
+	int (*point_set_affine_coordinates)(const EC_GROUP *, EC_POINT *,
+		const BIGNUM *x, const BIGNUM *y, BN_CTX *);
+	int (*point_get_affine_coordinates)(const EC_GROUP *, const EC_POINT *,
+		BIGNUM *x, BIGNUM *y, BN_CTX *);
+	int (*point_set_compressed_coordinates)(const EC_GROUP *, EC_POINT *,
+		const BIGNUM *x, int y_bit, BN_CTX *);
+
+	/* used by EC_POINT_point2oct, EC_POINT_oct2point: */
+	size_t (*point2oct)(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
+	        unsigned char *buf, size_t len, BN_CTX *);
+	int (*oct2point)(const EC_GROUP *, EC_POINT *,
+	        const unsigned char *buf, size_t len, BN_CTX *);
+
+	/* used by EC_POINT_add, EC_POINT_dbl, ECP_POINT_invert: */
+	int (*add)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+	int (*dbl)(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
+	int (*invert)(const EC_GROUP *, EC_POINT *, BN_CTX *);
+
+	/* used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult: */
+	int (*mul)(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+		size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
+	int (*precompute_mult)(EC_GROUP *group, BN_CTX *);
+
+	/* used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp: */
+	int (*is_at_infinity)(const EC_GROUP *, const EC_POINT *);
+	int (*is_on_curve)(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+	int (*point_cmp)(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+
+	/* used by EC_POINT_make_affine, EC_POINTs_make_affine: */
+	int (*make_affine)(const EC_GROUP *, EC_POINT *, BN_CTX *);
+	int (*points_make_affine)(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
+
+
+	/* internal functions */
+
+	/* 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and 'dbl' so that
+	 * the same implementations of point operations can be used with different
+	 * optimized implementations of expensive field operations: */
+	int (*field_mul)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+	int (*field_sqr)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+	int (*field_div)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+
+	int (*field_encode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. to Montgomery */
+	int (*field_decode)(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *); /* e.g. from Montgomery */
+	int (*field_set_to_one)(const EC_GROUP *, BIGNUM *r, BN_CTX *);
+} /* EC_METHOD */;
+
+
+struct ec_group_st {
+	const EC_METHOD *meth;
+
+	EC_POINT *generator; /* optional */
+	BIGNUM order, cofactor;
+
+	int curve_name;/* optional NID for named curve */
+	int asn1_flag; /* flag to control the asn1 encoding */
+	point_conversion_form_t asn1_form;
+
+	unsigned char *seed; /* optional seed for parameters (appears in ASN1) */
+	size_t seed_len;
+
+	void *extra_data;
+	void *(*extra_data_dup_func)(void *);
+	void (*extra_data_free_func)(void *);
+	void (*extra_data_clear_free_func)(void *);
+
+	/* The following members are handled by the method functions,
+	 * even if they appear generic */
+	
+	BIGNUM field; /* Field specification.
+	               * For curves over GF(p), this is the modulus;
+	               * for curves over GF(2^m), this is the 
+	               * irreducible polynomial defining the field.
+	               */
+
+	unsigned int poly[5]; /* Field specification for curves over GF(2^m).
+	                       * The irreducible f(t) is then of the form:
+	                       *     t^poly[0] + t^poly[1] + ... + t^poly[k]
+	                       * where m = poly[0] > poly[1] > ... > poly[k] = 0.
+	                       */
+
+	BIGNUM a, b; /* Curve coefficients.
+	              * (Here the assumption is that BIGNUMs can be used
+	              * or abused for all kinds of fields, not just GF(p).)
+	              * For characteristic  > 3,  the curve is defined
+	              * by a Weierstrass equation of the form
+	              *     y^2 = x^3 + a*x + b.
+	              * For characteristic  2,  the curve is defined by
+	              * an equation of the form
+	              *     y^2 + x*y = x^3 + a*x^2 + b.
+	              */
+
+	int a_is_minus3; /* enable optimized point arithmetics for special case */
+
+	void *field_data1; /* method-specific (e.g., Montgomery structure) */
+	void *field_data2; /* method-specific */
+	int (*field_mod_func)(BIGNUM *, const BIGNUM *, const BIGNUM *,	BN_CTX *); /* method-specific */
+} /* EC_GROUP */;
+
+
+/* Basically a 'mixin' for extra data, but available for EC_GROUPs only
+ * (with visibility limited to 'package' level for now).
+ * We use the function pointers as index for retrieval; this obviates
+ * global ex_data-style index tables.
+ * (Currently, we have one slot only, but is is possible to extend this
+ * if necessary.) */
+int EC_GROUP_set_extra_data(EC_GROUP *, void *extra_data, void *(*extra_data_dup_func)(void *),
+	void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *));
+void *EC_GROUP_get_extra_data(const EC_GROUP *, void *(*extra_data_dup_func)(void *),
+	void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *));
+void EC_GROUP_free_extra_data(EC_GROUP *);
+void EC_GROUP_clear_free_extra_data(EC_GROUP *);
+
+
+
+struct ec_point_st {
+	const EC_METHOD *meth;
+
+	/* All members except 'meth' are handled by the method functions,
+	 * even if they appear generic */
+
+	BIGNUM X;
+	BIGNUM Y;
+	BIGNUM Z; /* Jacobian projective coordinates:
+	           * (X, Y, Z)  represents  (X/Z^2, Y/Z^3)  if  Z != 0 */
+	int Z_is_one; /* enable optimized point arithmetics for special case */
+} /* EC_POINT */;
+
+
+
+/* method functions in ec_mult.c */
+int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+	size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
+int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *);
+
+/* method functions in ecp_smpl.c */
+int ec_GFp_simple_group_init(EC_GROUP *);
+void ec_GFp_simple_group_finish(EC_GROUP *);
+void ec_GFp_simple_group_clear_finish(EC_GROUP *);
+int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_group_get_degree(const EC_GROUP *);
+int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
+int ec_GFp_simple_point_init(EC_POINT *);
+void ec_GFp_simple_point_finish(EC_POINT *);
+void ec_GFp_simple_point_clear_finish(EC_POINT *);
+int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *);
+int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
+int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *, EC_POINT *,
+	const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *);
+int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *, const EC_POINT *,
+	BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *);
+int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
+	const BIGNUM *x, const BIGNUM *y, BN_CTX *);
+int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *,
+	BIGNUM *x, BIGNUM *y, BN_CTX *);
+int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
+	const BIGNUM *x, int y_bit, BN_CTX *);
+size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
+	unsigned char *buf, size_t len, BN_CTX *);
+int ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *,
+	const unsigned char *buf, size_t len, BN_CTX *);
+int ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+int ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
+int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
+int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
+int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+
+
+/* method functions in ecp_mont.c */
+int ec_GFp_mont_group_init(EC_GROUP *);
+int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+void ec_GFp_mont_group_finish(EC_GROUP *);
+void ec_GFp_mont_group_clear_finish(EC_GROUP *);
+int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *);
+
+
+/* method functions in ecp_recp.c */
+int ec_GFp_recp_group_init(EC_GROUP *);
+int ec_GFp_recp_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+void ec_GFp_recp_group_finish(EC_GROUP *);
+void ec_GFp_recp_group_clear_finish(EC_GROUP *);
+int ec_GFp_recp_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GFp_recp_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_recp_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+
+
+/* method functions in ecp_nist.c */
+int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+
+
+/* method functions in ec2_smpl.c */
+int ec_GF2m_simple_group_init(EC_GROUP *);
+void ec_GF2m_simple_group_finish(EC_GROUP *);
+void ec_GF2m_simple_group_clear_finish(EC_GROUP *);
+int ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *);
+int ec_GF2m_simple_group_get_degree(const EC_GROUP *);
+int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
+int ec_GF2m_simple_point_init(EC_POINT *);
+void ec_GF2m_simple_point_finish(EC_POINT *);
+void ec_GF2m_simple_point_clear_finish(EC_POINT *);
+int ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *);
+int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
+int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
+	const BIGNUM *x, const BIGNUM *y, BN_CTX *);
+int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *, const EC_POINT *,
+	BIGNUM *x, BIGNUM *y, BN_CTX *);
+int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
+	const BIGNUM *x, int y_bit, BN_CTX *);
+size_t ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *, point_conversion_form_t form,
+	unsigned char *buf, size_t len, BN_CTX *);
+int ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *,
+	const unsigned char *buf, size_t len, BN_CTX *);
+int ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+int ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
+int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
+int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b, BN_CTX *);
+int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
+int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+
+
+/* method functions in ec2_mult.c */
+int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+	size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
+int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
new file mode 100644
index 0000000000..2cc0dc0ec1
--- /dev/null
+++ b/crypto/ec/ec_lib.c
@@ -0,0 +1,958 @@
+/* crypto/ec/ec_lib.c */
+/*
+ * Originally written by Bodo Moeller for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Binary polynomial ECC support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/opensslv.h>
+
+#include "ec_lcl.h"
+
+static const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT;
+
+
+/* functions for EC_GROUP objects */
+
+EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
+	{
+	EC_GROUP *ret;
+
+	if (meth == NULL)
+		{
+		ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER);
+		return NULL;
+		}
+	if (meth->group_init == 0)
+		{
+		ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return NULL;
+		}
+
+	ret = OPENSSL_malloc(sizeof *ret);
+	if (ret == NULL)
+		{
+		ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
+		return NULL;
+		}
+
+	ret->meth = meth;
+
+	ret->extra_data = NULL;
+	ret->extra_data_dup_func = 0;
+	ret->extra_data_free_func = 0;
+	ret->extra_data_clear_free_func = 0;
+
+	ret->generator = NULL;
+	BN_init(&ret->order);
+	BN_init(&ret->cofactor);
+
+	ret->curve_name = 0;	
+	ret->asn1_flag  = 0;
+	ret->asn1_form  = POINT_CONVERSION_UNCOMPRESSED;
+
+	ret->seed = NULL;
+	ret->seed_len = 0;
+
+	if (!meth->group_init(ret))
+		{
+		OPENSSL_free(ret);
+		return NULL;
+		}
+	
+	return ret;
+	}
+
+
+void EC_GROUP_free(EC_GROUP *group)
+	{
+	if (!group) return;
+
+	if (group->meth->group_finish != 0)
+		group->meth->group_finish(group);
+
+	EC_GROUP_free_extra_data(group);
+
+	if (group->generator != NULL)
+		EC_POINT_free(group->generator);
+	BN_free(&group->order);
+	BN_free(&group->cofactor);
+
+	if (group->seed)
+		OPENSSL_free(group->seed);
+
+	OPENSSL_free(group);
+	}
+ 
+
+void EC_GROUP_clear_free(EC_GROUP *group)
+	{
+	if (!group) return;
+
+	if (group->meth->group_clear_finish != 0)
+		group->meth->group_clear_finish(group);
+	else if (group->meth != NULL && group->meth->group_finish != 0)
+		group->meth->group_finish(group);
+
+	EC_GROUP_clear_free_extra_data(group);
+
+	if (group->generator != NULL)
+		EC_POINT_clear_free(group->generator);
+	BN_clear_free(&group->order);
+	BN_clear_free(&group->cofactor);
+
+	if (group->seed)
+		{
+		OPENSSL_cleanse(group->seed, group->seed_len);
+		OPENSSL_free(group->seed);
+		}
+
+	OPENSSL_cleanse(group, sizeof *group);
+	OPENSSL_free(group);
+	}
+
+
+int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
+	{
+	if (dest->meth->group_copy == 0)
+		{
+		ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (dest->meth != src->meth)
+		{
+		ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	if (dest == src)
+		return 1;
+	
+	EC_GROUP_clear_free_extra_data(dest);
+	if (src->extra_data_dup_func)
+		{
+		if (src->extra_data != NULL)
+			{
+			dest->extra_data = src->extra_data_dup_func(src->extra_data);
+			if (dest->extra_data == NULL)
+				return 0;
+			}
+
+		dest->extra_data_dup_func = src->extra_data_dup_func;
+		dest->extra_data_free_func = src->extra_data_free_func;
+		dest->extra_data_clear_free_func = src->extra_data_clear_free_func;
+		}
+
+	if (src->generator != NULL)
+		{
+		if (dest->generator == NULL)
+			{
+			dest->generator = EC_POINT_new(dest);
+			if (dest->generator == NULL) return 0;
+			}
+		if (!EC_POINT_copy(dest->generator, src->generator)) return 0;
+		}
+	else
+		{
+		/* src->generator == NULL */
+		if (dest->generator != NULL)
+			{
+			EC_POINT_clear_free(dest->generator);
+			dest->generator = NULL;
+			}
+		}
+
+	if (!BN_copy(&dest->order, &src->order)) return 0;
+	if (!BN_copy(&dest->cofactor, &src->cofactor)) return 0;
+
+	dest->curve_name = src->curve_name;
+	dest->asn1_flag  = src->asn1_flag;
+	dest->asn1_form  = src->asn1_form;
+
+	if (src->seed)
+		{
+		if (dest->seed)
+			OPENSSL_free(dest->seed);
+		dest->seed = OPENSSL_malloc(src->seed_len);
+		if (dest->seed == NULL)
+			return 0;
+		if (!memcpy(dest->seed, src->seed, src->seed_len))
+			return 0;
+		dest->seed_len = src->seed_len;
+		}
+	else
+		{
+		if (dest->seed)
+			OPENSSL_free(dest->seed);
+		dest->seed = NULL;
+		dest->seed_len = 0;
+		}
+	
+
+	return dest->meth->group_copy(dest, src);
+	}
+
+
+EC_GROUP *EC_GROUP_dup(const EC_GROUP *a)
+	{
+	EC_GROUP *t = NULL;
+	int ok = 0;
+
+	if (a == NULL) return NULL;
+
+	if ((t = EC_GROUP_new(a->meth)) == NULL) return(NULL);
+	if (!EC_GROUP_copy(t, a)) goto err;
+
+	ok = 1;
+
+  err:	
+	if (!ok)
+		{
+		if (t) EC_GROUP_free(t);
+		return NULL;
+		}
+	else return t;
+	}
+
+
+const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group)
+	{
+	return group->meth;
+	}
+
+
+int EC_METHOD_get_field_type(const EC_METHOD *meth)
+        {
+        return meth->field_type;
+        }
+
+
+int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor)
+	{
+	if (generator == NULL)
+		{
+		ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);
+		return 0   ;
+		}
+
+	if (group->generator == NULL)
+		{
+		group->generator = EC_POINT_new(group);
+		if (group->generator == NULL) return 0;
+		}
+	if (!EC_POINT_copy(group->generator, generator)) return 0;
+
+	if (order != NULL)
+		{ if (!BN_copy(&group->order, order)) return 0; }	
+	else
+		{ if (!BN_zero(&group->order)) return 0; }	
+
+	if (cofactor != NULL)
+		{ if (!BN_copy(&group->cofactor, cofactor)) return 0; }	
+	else
+		{ if (!BN_zero(&group->cofactor)) return 0; }	
+
+	return 1;
+	}
+
+
+EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)
+	{
+	return group->generator;
+	}
+
+
+int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
+	{
+	if (!BN_copy(order, &group->order))
+		return 0;
+
+	return !BN_is_zero(order);
+	}
+
+
+int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx)
+	{
+	if (!BN_copy(cofactor, &group->cofactor))
+		return 0;
+
+	return !BN_is_zero(&group->cofactor);
+	}
+
+
+void EC_GROUP_set_nid(EC_GROUP *group, int nid)
+	{
+	group->curve_name = nid;
+	}
+
+
+int EC_GROUP_get_nid(const EC_GROUP *group)
+	{
+	return group->curve_name;
+	}
+
+
+void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag)
+	{
+	group->asn1_flag = flag;
+	}
+
+
+int EC_GROUP_get_asn1_flag(const EC_GROUP *group)
+	{
+	return group->asn1_flag;
+	}
+
+
+void EC_GROUP_set_point_conversion_form(EC_GROUP *group, 
+                                        point_conversion_form_t form)
+	{
+	group->asn1_form = form;
+	}
+
+
+point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group)
+	{
+	return group->asn1_form;
+	}
+
+
+size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len)
+	{
+	if (group->seed)
+		{
+		OPENSSL_free(group->seed);
+		group->seed = NULL;
+		group->seed_len = 0;
+		}
+
+	if (!len || !p)
+		return 1;
+
+	if ((group->seed = OPENSSL_malloc(len)) == NULL)
+		return 0;
+	memcpy(group->seed, p, len);
+	group->seed_len = len;
+
+	return len;
+	}
+
+
+unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group)
+	{
+	return group->seed;
+	}
+
+
+size_t EC_GROUP_get_seed_len(const EC_GROUP *group)
+	{
+	return group->seed_len;
+	}
+
+
+int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+	{
+	if (group->meth->group_set_curve == 0)
+		{
+		ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	return group->meth->group_set_curve(group, p, a, b, ctx);
+	}
+
+
+int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+	{
+	if (group->meth->group_get_curve == 0)
+		{
+		ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	return group->meth->group_get_curve(group, p, a, b, ctx);
+	}
+
+
+int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+	{
+	if (group->meth->group_set_curve == 0)
+		{
+		ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	return group->meth->group_set_curve(group, p, a, b, ctx);
+	}
+
+
+int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+	{
+	if (group->meth->group_get_curve == 0)
+		{
+		ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	return group->meth->group_get_curve(group, p, a, b, ctx);
+	}
+
+
+int EC_GROUP_get_degree(const EC_GROUP *group)
+	{
+	if (group->meth->group_get_degree == 0)
+		{
+		ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	return group->meth->group_get_degree(group);
+	}
+
+
+int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
+	{
+	if (group->meth->group_check_discriminant == 0)
+		{
+		ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	return group->meth->group_check_discriminant(group, ctx);
+	}
+
+
+/* this has 'package' visibility */
+int EC_GROUP_set_extra_data(EC_GROUP *group, void *extra_data, void *(*extra_data_dup_func)(void *),
+	void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *))
+	{
+	if ((group->extra_data != NULL)
+		|| (group->extra_data_dup_func != 0)
+		|| (group->extra_data_free_func != 0)
+		|| (group->extra_data_clear_free_func != 0))
+		{
+		ECerr(EC_F_EC_GROUP_SET_EXTRA_DATA, EC_R_SLOT_FULL);
+		return 0;
+		}
+
+	group->extra_data = extra_data;
+	group->extra_data_dup_func = extra_data_dup_func;
+	group->extra_data_free_func = extra_data_free_func;
+	group->extra_data_clear_free_func = extra_data_clear_free_func;
+	return 1;
+	}
+
+
+/* this has 'package' visibility */
+void *EC_GROUP_get_extra_data(const EC_GROUP *group, void *(*extra_data_dup_func)(void *),
+	void (*extra_data_free_func)(void *), void (*extra_data_clear_free_func)(void *))
+	{
+	if ((group->extra_data_dup_func != extra_data_dup_func)
+		|| (group->extra_data_free_func != extra_data_free_func)
+		|| (group->extra_data_clear_free_func != extra_data_clear_free_func))
+		{
+		ECerr(EC_F_EC_GROUP_GET_EXTRA_DATA, EC_R_NO_SUCH_EXTRA_DATA);
+		return NULL;
+		}
+
+	return group->extra_data;
+	}
+
+
+/* this has 'package' visibility */
+void EC_GROUP_free_extra_data(EC_GROUP *group)
+	{
+	if (group->extra_data_free_func)
+		group->extra_data_free_func(group->extra_data);
+	group->extra_data = NULL;
+	group->extra_data_dup_func = 0;
+	group->extra_data_free_func = 0;
+	group->extra_data_clear_free_func = 0;
+	}
+
+
+/* this has 'package' visibility */
+void EC_GROUP_clear_free_extra_data(EC_GROUP *group)
+	{
+	if (group->extra_data_clear_free_func)
+		group->extra_data_clear_free_func(group->extra_data);
+	else if (group->extra_data_free_func)
+		group->extra_data_free_func(group->extra_data);
+	group->extra_data = NULL;
+	group->extra_data_dup_func = 0;
+	group->extra_data_free_func = 0;
+	group->extra_data_clear_free_func = 0;
+	}
+
+
+/* functions for EC_POINT objects */
+
+EC_POINT *EC_POINT_new(const EC_GROUP *group)
+	{
+	EC_POINT *ret;
+
+	if (group == NULL)
+		{
+		ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);
+		return NULL;
+		}
+	if (group->meth->point_init == 0)
+		{
+		ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return NULL;
+		}
+
+	ret = OPENSSL_malloc(sizeof *ret);
+	if (ret == NULL)
+		{
+		ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
+		return NULL;
+		}
+
+	ret->meth = group->meth;
+	
+	if (!ret->meth->point_init(ret))
+		{
+		OPENSSL_free(ret);
+		return NULL;
+		}
+	
+	return ret;
+	}
+
+
+void EC_POINT_free(EC_POINT *point)
+	{
+	if (!point) return;
+
+	if (point->meth->point_finish != 0)
+		point->meth->point_finish(point);
+	OPENSSL_free(point);
+	}
+ 
+
+void EC_POINT_clear_free(EC_POINT *point)
+	{
+	if (!point) return;
+
+	if (point->meth->point_clear_finish != 0)
+		point->meth->point_clear_finish(point);
+	else if (point->meth != NULL && point->meth->point_finish != 0)
+		point->meth->point_finish(point);
+	OPENSSL_cleanse(point, sizeof *point);
+	OPENSSL_free(point);
+	}
+
+
+int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)
+	{
+	if (dest->meth->point_copy == 0)
+		{
+		ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (dest->meth != src->meth)
+		{
+		ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	if (dest == src)
+		return 1;
+	return dest->meth->point_copy(dest, src);
+	}
+
+
+EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group)
+	{
+	EC_POINT *t;
+	int r;
+
+	if (a == NULL) return NULL;
+
+	t = EC_POINT_new(group);
+	if (t == NULL) return(NULL);
+	r = EC_POINT_copy(t, a);
+	if (!r)
+		{
+		EC_POINT_free(t);
+		return NULL;
+		}
+	else return t;
+	}
+
+
+const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)
+	{
+	return point->meth;
+	}
+
+
+int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
+	{
+	if (group->meth->point_set_to_infinity == 0)
+		{
+		ECerr(EC_F_EC_POINT_SET_TO_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->point_set_to_infinity(group, point);
+	}
+
+
+int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
+	const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
+	{
+	if (group->meth->point_set_Jprojective_coordinates_GFp == 0)
+		{
+		ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
+	}
+
+
+int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
+	BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
+	{
+	if (group->meth->point_get_Jprojective_coordinates_GFp == 0)
+		{
+		ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
+	}
+
+
+int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
+	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
+	{
+	if (group->meth->point_set_affine_coordinates == 0)
+		{
+		ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
+	}
+
+
+int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
+	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
+	{
+	if (group->meth->point_set_affine_coordinates == 0)
+		{
+		ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
+	}
+
+
+int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
+	BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
+	{
+	if (group->meth->point_get_affine_coordinates == 0)
+		{
+		ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
+	}
+
+
+int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point,
+	BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
+	{
+	if (group->meth->point_get_affine_coordinates == 0)
+		{
+		ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
+	}
+
+
+int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
+	const BIGNUM *x, int y_bit, BN_CTX *ctx)
+	{
+	if (group->meth->point_set_compressed_coordinates == 0)
+		{
+		ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx);
+	}
+
+
+int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
+	const BIGNUM *x, int y_bit, BN_CTX *ctx)
+	{
+	if (group->meth->point_set_compressed_coordinates == 0)
+		{
+		ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx);
+	}
+
+
+size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
+        unsigned char *buf, size_t len, BN_CTX *ctx)
+	{
+	if (group->meth->point2oct == 0)
+		{
+		ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->point2oct(group, point, form, buf, len, ctx);
+	}
+
+
+int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
+        const unsigned char *buf, size_t len, BN_CTX *ctx)
+	{
+	if (group->meth->oct2point == 0)
+		{
+		ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->oct2point(group, point, buf, len, ctx);
+	}
+
+
+int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
+	{
+	if (group->meth->add == 0)
+		{
+		ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if ((group->meth != r->meth) || (r->meth != a->meth) || (a->meth != b->meth))
+		{
+		ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->add(group, r, a, b, ctx);
+	}
+
+
+int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
+	{
+	if (group->meth->dbl == 0)
+		{
+		ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if ((group->meth != r->meth) || (r->meth != a->meth))
+		{
+		ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->dbl(group, r, a, ctx);
+	}
+
+
+int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
+	{
+	if (group->meth->dbl == 0)
+		{
+		ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != a->meth)
+		{
+		ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->invert(group, a, ctx);
+	}
+
+
+int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
+	{
+	if (group->meth->is_at_infinity == 0)
+		{
+		ECerr(EC_F_EC_POINT_IS_AT_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->is_at_infinity(group, point);
+	}
+
+
+int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
+	{
+	if (group->meth->is_on_curve == 0)
+		{
+		ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->is_on_curve(group, point, ctx);
+	}
+
+
+int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
+	{
+	if (group->meth->point_cmp == 0)
+		{
+		ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if ((group->meth != a->meth) || (a->meth != b->meth))
+		{
+		ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->point_cmp(group, a, b, ctx);
+	}
+
+
+int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+	{
+	if (group->meth->make_affine == 0)
+		{
+		ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	if (group->meth != point->meth)
+		{
+		ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
+		return 0;
+		}
+	return group->meth->make_affine(group, point, ctx);
+	}
+
+
+int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
+	{
+	size_t i;
+
+	if (group->meth->points_make_affine == 0)
+		{
+		ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return 0;
+		}
+	for (i = 0; i < num; i++)
+		{
+		if (group->meth != points[i]->meth)
+			{
+			ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
+			return 0;
+			}
+		}
+	return group->meth->points_make_affine(group, num, points, ctx);
+	}
diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
new file mode 100644
index 0000000000..f5312aa23a
--- /dev/null
+++ b/crypto/ec/ec_mult.c
@@ -0,0 +1,531 @@
+/* crypto/ec/ec_mult.c */
+/*
+ * Originally written by Bodo Moeller for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Portions of this software developed by SUN MICROSYSTEMS, INC.,
+ * and contributed to the OpenSSL project.
+ */
+
+#include <openssl/err.h>
+
+#include "ec_lcl.h"
+
+
+/* TODO: optional precomputation of multiples of the generator */
+
+
+
+/*
+ * wNAF-based interleaving multi-exponentation method
+ * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp>)
+ */
+
+
+/* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
+ * This is an array  r[]  of values that are either zero or odd with an
+ * absolute value less than  2^w  satisfying
+ *     scalar = \sum_j r[j]*2^j
+ * where at most one of any  w+1  consecutive digits is non-zero
+ * with the exception that the most significant digit may be only
+ * w-1 zeros away from that next non-zero digit.
+ */
+static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
+	{
+	int window_val;
+	int ok = 0;
+	signed char *r = NULL;
+	int sign = 1;
+	int bit, next_bit, mask;
+	size_t len = 0, j;
+	
+	if (w <= 0 || w > 7) /* 'signed char' can represent integers with absolute values less than 2^7 */
+		{
+		ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+		goto err;
+		}
+	bit = 1 << w; /* at most 128 */
+	next_bit = bit << 1; /* at most 256 */
+	mask = next_bit - 1; /* at most 255 */
+
+	if (BN_get_sign(scalar))
+		{
+		sign = -1;
+		}
+
+	len = BN_num_bits(scalar);
+	r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation */
+	if (r == NULL) goto err;
+
+	if (scalar->d == NULL || scalar->top == 0)
+		{
+		ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+		goto err;
+		}
+	window_val = scalar->d[0] & mask;
+	j = 0;
+	while ((window_val != 0) || (j + w + 1 < len)) /* if j+w+1 >= len, window_val will not increase */
+		{
+		int digit = 0;
+
+		/* 0 <= window_val <= 2^(w+1) */
+
+		if (window_val & 1)
+			{
+			/* 0 < window_val < 2^(w+1) */
+
+			if (window_val & bit)
+				{
+				digit = window_val - next_bit; /* -2^w < digit < 0 */
+
+#if 1 /* modified wNAF */
+				if (j + w + 1 >= len)
+					{
+					/* special case for generating modified wNAFs:
+					 * no new bits will be added into window_val,
+					 * so using a positive digit here will decrease
+					 * the total length of the representation */
+					
+					digit = window_val & (mask >> 1); /* 0 < digit < 2^w */
+					}
+#endif
+				}
+			else
+				{
+				digit = window_val; /* 0 < digit < 2^w */
+				}
+			
+			if (digit <= -bit || digit >= bit || !(digit & 1))
+				{
+				ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+				goto err;
+				}
+
+			window_val -= digit;
+
+			/* now window_val is 0 or 2^(w+1) in standard wNAF generation;
+			 * for modified window NAFs, it may also be 2^w
+			 */
+			if (window_val != 0 && window_val != next_bit && window_val != bit)
+				{
+				ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+				goto err;
+				}
+			}
+
+		r[j++] = sign * digit;
+
+		window_val >>= 1;
+		window_val += bit * BN_is_bit_set(scalar, j + w);
+
+		if (window_val > next_bit)
+			{
+			ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+			goto err;
+			}
+		}
+
+	if (j > len + 1)
+		{
+		ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+		goto err;
+		}
+	len = j;
+	ok = 1;
+
+ err:
+	if (!ok)
+		{
+		OPENSSL_free(r);
+		r = NULL;
+		}
+	if (ok)
+		*ret_len = len;
+	return r;
+	}
+
+
+/* TODO: table should be optimised for the wNAF-based implementation,
+ *       sometimes smaller windows will give better performance
+ *       (thus the boundaries should be increased)
+ */
+#define EC_window_bits_for_scalar_size(b) \
+		((b) >= 2000 ? 6 : \
+		 (b) >=  800 ? 5 : \
+		 (b) >=  300 ? 4 : \
+		 (b) >=   70 ? 3 : \
+		 (b) >=   20 ? 2 : \
+		  1)
+
+/* Compute
+ *      \sum scalars[i]*points[i],
+ * also including
+ *      scalar*generator
+ * in the addition if scalar != NULL
+ */
+int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+	size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
+	{
+	BN_CTX *new_ctx = NULL;
+	EC_POINT *generator = NULL;
+	EC_POINT *tmp = NULL;
+	size_t totalnum;
+	size_t i, j;
+	int k;
+	int r_is_inverted = 0;
+	int r_is_at_infinity = 1;
+	size_t *wsize = NULL; /* individual window sizes */
+	signed char **wNAF = NULL; /* individual wNAFs */
+	size_t *wNAF_len = NULL;
+	size_t max_len = 0;
+	size_t num_val;
+	EC_POINT **val = NULL; /* precomputation */
+	EC_POINT **v;
+	EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' */
+	int ret = 0;
+	
+	if (scalar != NULL)
+		{
+		generator = EC_GROUP_get0_generator(group);
+		if (generator == NULL)
+			{
+			ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR);
+			return 0;
+			}
+		}
+	
+	for (i = 0; i < num; i++)
+		{
+		if (group->meth != points[i]->meth)
+			{
+			ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+			return 0;
+			}
+		}
+
+	totalnum = num + (scalar != NULL);
+
+	wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]);
+	wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]);
+	wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]);
+	if (wNAF != NULL)
+		{
+		wNAF[0] = NULL; /* preliminary pivot */
+		}
+	if (wsize == NULL || wNAF_len == NULL || wNAF == NULL) goto err;
+
+	/* num_val := total number of points to precompute */
+	num_val = 0;
+	for (i = 0; i < totalnum; i++)
+		{
+		size_t bits;
+
+		bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar);
+		wsize[i] = EC_window_bits_for_scalar_size(bits);
+		num_val += 1u << (wsize[i] - 1);
+		}
+
+	/* all precomputed points go into a single array 'val',
+	 * 'val_sub[i]' is a pointer to the subarray for the i-th point */
+	val = OPENSSL_malloc((num_val + 1) * sizeof val[0]);
+	if (val == NULL) goto err;
+	val[num_val] = NULL; /* pivot element */
+
+	val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]);
+	if (val_sub == NULL) goto err;
+
+	/* allocate points for precomputation */
+	v = val;
+	for (i = 0; i < totalnum; i++)
+		{
+		val_sub[i] = v;
+		for (j = 0; j < (1u << (wsize[i] - 1)); j++)
+			{
+			*v = EC_POINT_new(group);
+			if (*v == NULL) goto err;
+			v++;
+			}
+		}
+	if (!(v == val + num_val))
+		{
+		ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+		goto err;
+		}
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			goto err;
+		}
+	
+	tmp = EC_POINT_new(group);
+	if (tmp == NULL) goto err;
+
+	/* prepare precomputed values:
+	 *    val_sub[i][0] :=     points[i]
+	 *    val_sub[i][1] := 3 * points[i]
+	 *    val_sub[i][2] := 5 * points[i]
+	 *    ...
+	 */
+	for (i = 0; i < totalnum; i++)
+		{
+		if (i < num)
+			{
+			if (!EC_POINT_copy(val_sub[i][0], points[i])) goto err;
+			}
+		else
+			{
+			if (!EC_POINT_copy(val_sub[i][0], generator)) goto err;
+			}
+
+		if (wsize[i] > 1)
+			{
+			if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) goto err;
+			for (j = 1; j < (1u << (wsize[i] - 1)); j++)
+				{
+				if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err;
+				}
+			}
+
+		wNAF[i + 1] = NULL; /* make sure we always have a pivot */
+		wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]);
+		if (wNAF[i] == NULL) goto err;
+		if (wNAF_len[i] > max_len)
+			max_len = wNAF_len[i];
+		}
+
+#if 1 /* optional; EC_window_bits_for_scalar_size assumes we do this step */
+	if (!EC_POINTs_make_affine(group, num_val, val, ctx)) goto err;
+#endif
+
+	r_is_at_infinity = 1;
+
+	for (k = max_len - 1; k >= 0; k--)
+		{
+		if (!r_is_at_infinity)
+			{
+			if (!EC_POINT_dbl(group, r, r, ctx)) goto err;
+			}
+		
+		for (i = 0; i < totalnum; i++)
+			{
+			if (wNAF_len[i] > (size_t)k)
+				{
+				int digit = wNAF[i][k];
+				int is_neg;
+
+				if (digit) 
+					{
+					is_neg = digit < 0;
+
+					if (is_neg)
+						digit = -digit;
+
+					if (is_neg != r_is_inverted)
+						{
+						if (!r_is_at_infinity)
+							{
+							if (!EC_POINT_invert(group, r, ctx)) goto err;
+							}
+						r_is_inverted = !r_is_inverted;
+						}
+
+					/* digit > 0 */
+
+					if (r_is_at_infinity)
+						{
+						if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) goto err;
+						r_is_at_infinity = 0;
+						}
+					else
+						{
+						if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx)) goto err;
+						}
+					}
+				}
+			}
+		}
+
+	if (r_is_at_infinity)
+		{
+		if (!EC_POINT_set_to_infinity(group, r)) goto err;
+		}
+	else
+		{
+		if (r_is_inverted)
+			if (!EC_POINT_invert(group, r, ctx)) goto err;
+		}
+	
+	ret = 1;
+
+ err:
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	if (tmp != NULL)
+		EC_POINT_free(tmp);
+	if (wsize != NULL)
+		OPENSSL_free(wsize);
+	if (wNAF_len != NULL)
+		OPENSSL_free(wNAF_len);
+	if (wNAF != NULL)
+		{
+		signed char **w;
+		
+		for (w = wNAF; *w != NULL; w++)
+			OPENSSL_free(*w);
+		
+		OPENSSL_free(wNAF);
+		}
+	if (val != NULL)
+		{
+		for (v = val; *v != NULL; v++)
+			EC_POINT_clear_free(*v);
+
+		OPENSSL_free(val);
+		}
+	if (val_sub != NULL)
+		{
+		OPENSSL_free(val_sub);
+		}
+	return ret;
+	}
+
+
+/* Generic multiplication method.
+ * If group->meth does not provide a multiplication method, default to ec_wNAF_mul;
+ * otherwise use the group->meth's multiplication.
+ */
+int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+	size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
+	{
+	if (group->meth->mul == 0)
+		return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
+	else
+		return group->meth->mul(group, r, scalar, num, points, scalars, ctx);
+	}
+
+
+int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar, const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)
+	{
+	const EC_POINT *points[1];
+	const BIGNUM *scalars[1];
+
+	points[0] = point;
+	scalars[0] = p_scalar;
+
+	return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx);
+	}
+
+
+int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+	{
+	const EC_POINT *generator;
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *order;
+	int ret = 0;
+
+	generator = EC_GROUP_get0_generator(group);
+	if (generator == NULL)
+		{
+		ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR);
+		return 0;
+		}
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+	
+	BN_CTX_start(ctx);
+	order = BN_CTX_get(ctx);
+	if (order == NULL) goto err;
+	
+	if (!EC_GROUP_get_order(group, order, ctx)) return 0;
+	if (BN_is_zero(order))
+		{
+		ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER);
+		goto err;
+		}
+
+	/* TODO */
+
+	ret = 1;
+	
+ err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+/* Generic multiplicaiton precomputation method.
+ * If group->meth does not provide a multiplication method, default to ec_wNAF_mul and do its
+ * precomputation; otherwise use the group->meth's precomputation if it exists.
+ */
+int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+	{
+	if (group->meth->mul == 0)
+		return ec_wNAF_precompute_mult(group, ctx);
+	else if (group->meth->precompute_mult != 0)
+		return group->meth->precompute_mult(group, ctx);
+	else
+		return 1;
+	}
diff --git a/crypto/ec/ec_print.c b/crypto/ec/ec_print.c
new file mode 100644
index 0000000000..f7c8a303ac
--- /dev/null
+++ b/crypto/ec/ec_print.c
@@ -0,0 +1,195 @@
+/* crypto/ec/ec_print.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "ec_lcl.h"
+
+BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, 
+                          const EC_POINT *point, 
+                          point_conversion_form_t form,
+                          BIGNUM *ret,
+                          BN_CTX *ctx)
+	{
+	size_t        buf_len=0;
+	unsigned char *buf;
+
+	buf_len = EC_POINT_point2oct(group, point, form,
+                                     NULL, 0, ctx);
+	if (buf_len == 0)
+		return NULL;
+
+	if ((buf = OPENSSL_malloc(buf_len)) == NULL)
+		return NULL;
+
+	if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx))
+		{
+		OPENSSL_free(buf);
+		return NULL;
+		}
+
+	ret = BN_bin2bn(buf, buf_len, ret);
+
+	OPENSSL_free(buf);
+
+	return ret;
+}
+
+EC_POINT *EC_POINT_bn2point(const EC_GROUP *group,
+                            const BIGNUM *bn,
+                            EC_POINT *point, 
+                            BN_CTX *ctx)
+	{
+	size_t        buf_len=0;
+	unsigned char *buf;
+	EC_POINT      *ret;
+
+	if ((buf_len = BN_num_bytes(bn)) == 0) return NULL;
+	buf = OPENSSL_malloc(buf_len);
+	if (buf == NULL)
+		return NULL;
+
+	if (!BN_bn2bin(bn, buf)) 
+		{
+		OPENSSL_free(buf);
+		return NULL;
+		}
+
+	if (point == NULL)
+		{
+		if ((ret = EC_POINT_new(group)) == NULL)
+			{
+			OPENSSL_free(buf);
+			return NULL;
+			}
+		}
+	else
+		ret = point;
+
+	if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx))
+		{
+		if (point == NULL)
+			EC_POINT_clear_free(ret);
+		OPENSSL_free(buf);
+		return NULL;
+		}
+
+	OPENSSL_free(buf);
+	return ret;
+	}
+
+static const char *HEX_DIGITS = "0123456789ABCDEF";
+
+/* the return value must be freed (using OPENSSL_free()) */
+char *EC_POINT_point2hex(const EC_GROUP *group,
+                         const EC_POINT *point,
+                         point_conversion_form_t form,
+                         BN_CTX *ctx)
+	{
+	char          *ret, *p;
+	size_t        buf_len=0,i;
+	unsigned char *buf, *pbuf;
+
+	buf_len = EC_POINT_point2oct(group, point, form,
+                                     NULL, 0, ctx);
+	if (buf_len == 0)
+		return NULL;
+
+	if ((buf = OPENSSL_malloc(buf_len)) == NULL)
+		return NULL;
+
+	if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx))
+		{
+		OPENSSL_free(buf);
+		return NULL;
+		}
+
+	ret = (char *)OPENSSL_malloc(buf_len*2+2);
+	if (ret == NULL)
+		{
+		OPENSSL_free(buf);
+		return NULL;
+		}
+	p = ret;
+	pbuf = buf;
+	for (i=buf_len; i > 0; i--)
+		{
+			int v = (int) *(pbuf++);
+			*(p++)=HEX_DIGITS[v>>4];
+			*(p++)=HEX_DIGITS[v&0x0F];
+		}
+	*p='\0';
+
+	OPENSSL_free(buf);
+
+	return ret;
+	}
+
+EC_POINT *EC_POINT_hex2point(const EC_GROUP *group,
+                             const char *buf,
+                             EC_POINT *point,
+                             BN_CTX *ctx)
+	{
+	EC_POINT *ret=NULL;
+	BIGNUM   *tmp_bn=NULL;
+
+	if (!BN_hex2bn(&tmp_bn, buf))
+		return NULL;
+
+	ret = EC_POINT_bn2point(group, tmp_bn, point, ctx);
+
+	BN_clear_free(tmp_bn);
+
+	return ret;
+	}
diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c
new file mode 100644
index 0000000000..36f8236864
--- /dev/null
+++ b/crypto/ec/ecp_mont.c
@@ -0,0 +1,314 @@
+/* crypto/ec/ecp_mont.c */
+/*
+ * Originally written by Bodo Moeller for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Portions of this software developed by SUN MICROSYSTEMS, INC.,
+ * and contributed to the OpenSSL project.
+ */
+
+#include <openssl/err.h>
+
+#include "ec_lcl.h"
+
+
+const EC_METHOD *EC_GFp_mont_method(void)
+	{
+	static const EC_METHOD ret = {
+		NID_X9_62_prime_field,
+		ec_GFp_mont_group_init,
+		ec_GFp_mont_group_finish,
+		ec_GFp_mont_group_clear_finish,
+		ec_GFp_mont_group_copy,
+		ec_GFp_mont_group_set_curve,
+		ec_GFp_simple_group_get_curve,
+		ec_GFp_simple_group_get_degree,
+		ec_GFp_simple_group_check_discriminant,
+		ec_GFp_simple_point_init,
+		ec_GFp_simple_point_finish,
+		ec_GFp_simple_point_clear_finish,
+		ec_GFp_simple_point_copy,
+		ec_GFp_simple_point_set_to_infinity,
+		ec_GFp_simple_set_Jprojective_coordinates_GFp,
+		ec_GFp_simple_get_Jprojective_coordinates_GFp,
+		ec_GFp_simple_point_set_affine_coordinates,
+		ec_GFp_simple_point_get_affine_coordinates,
+		ec_GFp_simple_set_compressed_coordinates,
+		ec_GFp_simple_point2oct,
+		ec_GFp_simple_oct2point,
+		ec_GFp_simple_add,
+		ec_GFp_simple_dbl,
+		ec_GFp_simple_invert,
+		0 /* mul */,
+		0 /* precompute_mult */,
+		ec_GFp_simple_is_at_infinity,
+		ec_GFp_simple_is_on_curve,
+		ec_GFp_simple_cmp,
+		ec_GFp_simple_make_affine,
+		ec_GFp_simple_points_make_affine,
+		ec_GFp_mont_field_mul,
+		ec_GFp_mont_field_sqr,
+		0 /* field_div */,
+		ec_GFp_mont_field_encode,
+		ec_GFp_mont_field_decode,
+		ec_GFp_mont_field_set_to_one };
+
+	return &ret;
+	}
+
+
+int ec_GFp_mont_group_init(EC_GROUP *group)
+	{
+	int ok;
+
+	ok = ec_GFp_simple_group_init(group);
+	group->field_data1 = NULL;
+	group->field_data2 = NULL;
+	return ok;
+	}
+
+
+void ec_GFp_mont_group_finish(EC_GROUP *group)
+	{
+	if (group->field_data1 != NULL)
+		{
+		BN_MONT_CTX_free(group->field_data1);
+		group->field_data1 = NULL;
+		}
+	if (group->field_data2 != NULL)
+		{
+		BN_free(group->field_data2);
+		group->field_data2 = NULL;
+		}
+	ec_GFp_simple_group_finish(group);
+	}
+
+
+void ec_GFp_mont_group_clear_finish(EC_GROUP *group)
+	{
+	if (group->field_data1 != NULL)
+		{
+		BN_MONT_CTX_free(group->field_data1);
+		group->field_data1 = NULL;
+		}
+	if (group->field_data2 != NULL)
+		{
+		BN_clear_free(group->field_data2);
+		group->field_data2 = NULL;
+		}
+	ec_GFp_simple_group_clear_finish(group);
+	}
+
+
+int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+	{
+	if (dest->field_data1 != NULL)
+		{
+		BN_MONT_CTX_free(dest->field_data1);
+		dest->field_data1 = NULL;
+		}
+	if (dest->field_data2 != NULL)
+		{
+		BN_clear_free(dest->field_data2);
+		dest->field_data2 = NULL;
+		}
+
+	if (!ec_GFp_simple_group_copy(dest, src)) return 0;
+
+	if (src->field_data1 != NULL)
+		{
+		dest->field_data1 = BN_MONT_CTX_new();
+		if (dest->field_data1 == NULL) return 0;
+		if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1)) goto err;
+		}
+	if (src->field_data2 != NULL)
+		{
+		dest->field_data2 = BN_dup(src->field_data2);
+		if (dest->field_data2 == NULL) goto err;
+		}
+
+	return 1;
+
+ err:
+	if (dest->field_data1 != NULL)
+		{
+		BN_MONT_CTX_free(dest->field_data1);
+		dest->field_data1 = NULL;
+		}
+	return 0;	
+	}
+
+
+int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+	{
+	BN_CTX *new_ctx = NULL;
+	BN_MONT_CTX *mont = NULL;
+	BIGNUM *one = NULL;
+	int ret = 0;
+
+	if (group->field_data1 != NULL)
+		{
+		BN_MONT_CTX_free(group->field_data1);
+		group->field_data1 = NULL;
+		}
+	if (group->field_data2 != NULL)
+		{
+		BN_free(group->field_data2);
+		group->field_data2 = NULL;
+		}
+	
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	mont = BN_MONT_CTX_new();
+	if (mont == NULL) goto err;
+	if (!BN_MONT_CTX_set(mont, p, ctx))
+		{
+		ECerr(EC_F_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB);
+		goto err;
+		}
+	one = BN_new();
+	if (one == NULL) goto err;
+	if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) goto err;
+
+	group->field_data1 = mont;
+	mont = NULL;
+	group->field_data2 = one;
+	one = NULL;
+
+	ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
+
+	if (!ret)
+		{
+		BN_MONT_CTX_free(group->field_data1);
+		group->field_data1 = NULL;
+		BN_free(group->field_data2);
+		group->field_data2 = NULL;
+		}
+
+ err:
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	if (mont != NULL)
+		BN_MONT_CTX_free(mont);
+	return ret;
+	}
+
+
+int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+	{
+	if (group->field_data1 == NULL)
+		{
+		ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED);
+		return 0;
+		}
+
+	return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx);
+	}
+
+
+int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+	{
+	if (group->field_data1 == NULL)
+		{
+		ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED);
+		return 0;
+		}
+
+	return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx);
+	}
+
+
+int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+	{
+	if (group->field_data1 == NULL)
+		{
+		ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED);
+		return 0;
+		}
+
+	return BN_to_montgomery(r, a, (BN_MONT_CTX *)group->field_data1, ctx);
+	}
+
+
+int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+	{
+	if (group->field_data1 == NULL)
+		{
+		ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);
+		return 0;
+		}
+
+	return BN_from_montgomery(r, a, group->field_data1, ctx);
+	}
+
+
+int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx)
+	{
+	if (group->field_data2 == NULL)
+		{
+		ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);
+		return 0;
+		}
+
+	if (!BN_copy(r, group->field_data2)) return 0;
+	return 1;
+	}
diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c
new file mode 100644
index 0000000000..559cb5c418
--- /dev/null
+++ b/crypto/ec/ecp_nist.c
@@ -0,0 +1,241 @@
+/* crypto/ec/ecp_nist.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Portions of this software developed by SUN MICROSYSTEMS, INC.,
+ * and contributed to the OpenSSL project.
+ */
+
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include "ec_lcl.h"
+
+const EC_METHOD *EC_GFp_nist_method(void)
+	{
+	static const EC_METHOD ret = {
+		NID_X9_62_prime_field,
+		ec_GFp_simple_group_init,
+		ec_GFp_simple_group_finish,
+		ec_GFp_simple_group_clear_finish,
+		ec_GFp_simple_group_copy,
+		ec_GFp_nist_group_set_curve,
+		ec_GFp_simple_group_get_curve,
+		ec_GFp_simple_group_get_degree,
+		ec_GFp_simple_group_check_discriminant,
+		ec_GFp_simple_point_init,
+		ec_GFp_simple_point_finish,
+		ec_GFp_simple_point_clear_finish,
+		ec_GFp_simple_point_copy,
+		ec_GFp_simple_point_set_to_infinity,
+		ec_GFp_simple_set_Jprojective_coordinates_GFp,
+		ec_GFp_simple_get_Jprojective_coordinates_GFp,
+		ec_GFp_simple_point_set_affine_coordinates,
+		ec_GFp_simple_point_get_affine_coordinates,
+		ec_GFp_simple_set_compressed_coordinates,
+		ec_GFp_simple_point2oct,
+		ec_GFp_simple_oct2point,
+		ec_GFp_simple_add,
+		ec_GFp_simple_dbl,
+		ec_GFp_simple_invert,
+		0 /* mul */,
+		0 /* precompute_mult */,
+		ec_GFp_simple_is_at_infinity,
+		ec_GFp_simple_is_on_curve,
+		ec_GFp_simple_cmp,
+		ec_GFp_simple_make_affine,
+		ec_GFp_simple_points_make_affine,
+		ec_GFp_nist_field_mul,
+		ec_GFp_nist_field_sqr,
+		0 /* field_div */,
+		0 /* field_encode */,
+		0 /* field_decode */,
+		0 /* field_set_to_one */ };
+
+	return &ret;
+	}
+
+#if BN_BITS2 == 64 && UINT_MAX != 4294967295UL && ULONG_MAX != 4294967295UL
+#define	NO_32_BIT_TYPE
+#endif
+
+
+int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+	const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+	{
+	int ret = 0;
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *tmp_bn;
+	
+	if (ctx == NULL)
+		if ((ctx = new_ctx = BN_CTX_new()) == NULL) return 0;
+
+	BN_CTX_start(ctx);
+	if ((tmp_bn = BN_CTX_get(ctx)) == NULL) goto err;
+
+	if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0)
+		group->field_mod_func = BN_nist_mod_192;
+	else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0)
+		{
+#if !defined(NO_32_BIT_TYPE) || defined(OPENSSL_NO_ASM)
+		group->field_mod_func = BN_nist_mod_224;
+#else
+		ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE_GFP, EC_R_NOT_A_SUPPORTED_NIST_PRIME);
+		goto err;
+#endif
+		}
+	else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0)
+		{
+#if !defined(NO_32_BIT_TYPE) || defined(OPENSSL_NO_ASM)
+		group->field_mod_func = BN_nist_mod_256;
+#else
+		ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE_GFP, EC_R_NOT_A_SUPPORTED_NIST_PRIME);
+		goto err;
+#endif
+		}
+	else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0)
+		{
+#if !defined(NO_32_BIT_TYPE) || defined(OPENSSL_NO_ASM)
+		group->field_mod_func = BN_nist_mod_384;
+#else
+		ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE_GFP, EC_R_NOT_A_SUPPORTED_NIST_PRIME);
+		goto err;
+#endif
+		}
+	else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0)
+		/* this one works in the NO_32_BIT_TYPE case */
+		group->field_mod_func = BN_nist_mod_521;
+	else
+		{
+		ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE_GFP, EC_R_NOT_A_NIST_PRIME);
+		goto err;
+		}
+
+	/* group->field */
+	if (!BN_copy(&group->field, p)) goto err;
+	BN_set_sign(&group->field, 0);
+
+	/* group->a */
+	if (!group->field_mod_func(&group->a, a, p, ctx)) goto err;
+
+	/* group->b */
+	if (!group->field_mod_func(&group->b, b, p, ctx)) goto err;
+
+	/* group->a_is_minus3 */
+	if (!BN_add_word(tmp_bn, 3)) goto err;
+	group->a_is_minus3 = (0 == BN_cmp(tmp_bn, &group->field));
+
+	ret = 1;
+
+ err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+	const BIGNUM *b, BN_CTX *ctx)
+	{
+	int	ret=0;
+	BN_CTX	*ctx_new=NULL;
+
+	if (!group || !r || !a || !b)
+		{
+		ECerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER);
+		goto err;
+		}
+	if (!ctx)
+		if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err;
+
+	if (!BN_mul(r, a, b, ctx)) goto err;
+	if (!group->field_mod_func(r, r, &group->field, ctx))
+		goto err;
+
+	ret=1;
+err:
+	if (ctx_new)
+		BN_CTX_free(ctx_new);
+	return ret;
+	}
+
+
+int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+	BN_CTX *ctx)
+	{
+	int	ret=0;
+	BN_CTX	*ctx_new=NULL;
+
+	if (!group || !r || !a)
+		{
+		ECerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER);
+		goto err;
+		}
+	if (!ctx)
+		if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err;
+
+	if (!BN_sqr(r, a, ctx)) goto err;
+	if (!group->field_mod_func(r, r, &group->field, ctx))
+		goto err;
+
+	ret=1;
+err:
+	if (ctx_new)
+		BN_CTX_free(ctx_new);
+	return ret;
+	}
diff --git a/crypto/ec/ecp_recp.c b/crypto/ec/ecp_recp.c
new file mode 100644
index 0000000000..bf456dbc47
--- /dev/null
+++ b/crypto/ec/ecp_recp.c
@@ -0,0 +1,143 @@
+/* crypto/ec/ecp_recp.c */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Portions of this software developed by SUN MICROSYSTEMS, INC.,
+ * and contributed to the OpenSSL project.
+ */
+
+#include "ec_lcl.h"
+
+#if 0
+const EC_METHOD *EC_GFp_recp_method(void)
+	{
+	static const EC_METHOD ret = {
+		ec_GFp_recp_group_init,
+		ec_GFp_recp_group_finish,
+		ec_GFp_recp_group_clear_finish,
+		ec_GFp_recp_group_copy,
+		ec_GFp_recp_group_set_curve,
+		ec_GFp_simple_group_get_curve,
+		ec_GFp_simple_group_get_degree,
+		ec_GFp_simple_group_set_generator,
+		ec_GFp_simple_group_get0_generator,
+		ec_GFp_simple_group_get_order,
+		ec_GFp_simple_group_get_cofactor,
+		ec_GFp_simple_group_check_discriminant,
+		ec_GFp_simple_point_init,
+		ec_GFp_simple_point_finish,
+		ec_GFp_simple_point_clear_finish,
+		ec_GFp_simple_point_copy,
+		ec_GFp_simple_point_set_to_infinity,
+		ec_GFp_simple_set_Jprojective_coordinates_GFp,
+		ec_GFp_simple_get_Jprojective_coordinates_GFp,
+		ec_GFp_simple_point_set_affine_coordinates,
+		ec_GFp_simple_point_get_affine_coordinates,
+		ec_GFp_simple_set_compressed_coordinates,
+		ec_GFp_simple_point2oct,
+		ec_GFp_simple_oct2point,
+		ec_GFp_simple_add,
+		ec_GFp_simple_dbl,
+		ec_GFp_simple_invert,
+		0 /* mul */,
+		0 /* precompute_mult */,
+		ec_GFp_simple_is_at_infinity,
+		ec_GFp_simple_is_on_curve,
+		ec_GFp_simple_cmp,
+		ec_GFp_simple_make_affine,
+		ec_GFp_simple_points_make_affine,
+		ec_GFp_recp_field_mul,
+		ec_GFp_recp_field_sqr,
+		0 /* field_div */,
+		0 /* field_encode */,
+		0 /* field_decode */,
+		0 /* field_set_to_one */ };
+
+	return &ret;
+	}
+#endif
+
+int ec_GFp_recp_group_init(EC_GROUP *group)
+	{
+	int ok;
+
+	ok = ec_GFp_simple_group_init(group);
+	group->field_data1 = NULL;
+	return ok;
+	}
+
+
+int ec_GFp_recp_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+/* TODO */
+
+
+void ec_GFp_recp_group_finish(EC_GROUP *group);
+/* TODO */
+
+
+void ec_GFp_recp_group_clear_finish(EC_GROUP *group);
+/* TODO */
+
+
+int ec_GFp_recp_group_copy(EC_GROUP *dest, const EC_GROUP *src);
+/* TODO */
+
+
+int ec_GFp_recp_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+/* TODO */
+
+
+int ec_GFp_recp_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
+/* TODO */
diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c
new file mode 100644
index 0000000000..267134af4b
--- /dev/null
+++ b/crypto/ec/ecp_smpl.c
@@ -0,0 +1,1721 @@
+/* crypto/ec/ecp_smpl.c */
+/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
+ * for the OpenSSL project. 
+ * Includes code written by Bodo Moeller for the OpenSSL project.
+*/
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * Portions of this software developed by SUN MICROSYSTEMS, INC.,
+ * and contributed to the OpenSSL project.
+ */
+
+#include <openssl/err.h>
+#include <openssl/symhacks.h>
+
+#include "ec_lcl.h"
+
+const EC_METHOD *EC_GFp_simple_method(void)
+	{
+	static const EC_METHOD ret = {
+		NID_X9_62_prime_field,
+		ec_GFp_simple_group_init,
+		ec_GFp_simple_group_finish,
+		ec_GFp_simple_group_clear_finish,
+		ec_GFp_simple_group_copy,
+		ec_GFp_simple_group_set_curve,
+		ec_GFp_simple_group_get_curve,
+		ec_GFp_simple_group_get_degree,
+		ec_GFp_simple_group_check_discriminant,
+		ec_GFp_simple_point_init,
+		ec_GFp_simple_point_finish,
+		ec_GFp_simple_point_clear_finish,
+		ec_GFp_simple_point_copy,
+		ec_GFp_simple_point_set_to_infinity,
+		ec_GFp_simple_set_Jprojective_coordinates_GFp,
+		ec_GFp_simple_get_Jprojective_coordinates_GFp,
+		ec_GFp_simple_point_set_affine_coordinates,
+		ec_GFp_simple_point_get_affine_coordinates,
+		ec_GFp_simple_set_compressed_coordinates,
+		ec_GFp_simple_point2oct,
+		ec_GFp_simple_oct2point,
+		ec_GFp_simple_add,
+		ec_GFp_simple_dbl,
+		ec_GFp_simple_invert,
+		0 /* mul */,
+		0 /* precompute_mult */,
+		ec_GFp_simple_is_at_infinity,
+		ec_GFp_simple_is_on_curve,
+		ec_GFp_simple_cmp,
+		ec_GFp_simple_make_affine,
+		ec_GFp_simple_points_make_affine,
+		ec_GFp_simple_field_mul,
+		ec_GFp_simple_field_sqr,
+		0 /* field_div */,
+		0 /* field_encode */,
+		0 /* field_decode */,
+		0 /* field_set_to_one */ };
+
+	return &ret;
+	}
+
+
+/* Most method functions in this file are designed to work with
+ * non-trivial representations of field elements if necessary
+ * (see ecp_mont.c): while standard modular addition and subtraction
+ * are used, the field_mul and field_sqr methods will be used for
+ * multiplication, and field_encode and field_decode (if defined)
+ * will be used for converting between representations.
+
+ * Functions ec_GFp_simple_points_make_affine() and
+ * ec_GFp_simple_point_get_affine_coordinates() specifically assume
+ * that if a non-trivial representation is used, it is a Montgomery
+ * representation (i.e. 'encoding' means multiplying by some factor R).
+ */
+
+
+int ec_GFp_simple_group_init(EC_GROUP *group)
+	{
+	BN_init(&group->field);
+	BN_init(&group->a);
+	BN_init(&group->b);
+	group->a_is_minus3 = 0;
+	return 1;
+	}
+
+
+void ec_GFp_simple_group_finish(EC_GROUP *group)
+	{
+	BN_free(&group->field);
+	BN_free(&group->a);
+	BN_free(&group->b);
+	}
+
+
+void ec_GFp_simple_group_clear_finish(EC_GROUP *group)
+	{
+	BN_clear_free(&group->field);
+	BN_clear_free(&group->a);
+	BN_clear_free(&group->b);
+	}
+
+
+int ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+	{
+	if (!BN_copy(&dest->field, &src->field)) return 0;
+	if (!BN_copy(&dest->a, &src->a)) return 0;
+	if (!BN_copy(&dest->b, &src->b)) return 0;
+
+	dest->a_is_minus3 = src->a_is_minus3;
+
+	return 1;
+	}
+
+
+int ec_GFp_simple_group_set_curve(EC_GROUP *group,
+	const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+	{
+	int ret = 0;
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *tmp_a;
+	
+	/* p must be a prime > 3 */
+	if (BN_num_bits(p) <= 2 || !BN_is_odd(p))
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD);
+		return 0;
+		}
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	BN_CTX_start(ctx);
+	tmp_a = BN_CTX_get(ctx);
+	if (tmp_a == NULL) goto err;
+
+	/* group->field */
+	if (!BN_copy(&group->field, p)) goto err;
+	BN_set_sign(&group->field, 0);
+
+	/* group->a */
+	if (!BN_nnmod(tmp_a, a, p, ctx)) goto err;
+	if (group->meth->field_encode)
+		{ if (!group->meth->field_encode(group, &group->a, tmp_a, ctx)) goto err; }	
+	else
+		if (!BN_copy(&group->a, tmp_a)) goto err;
+	
+	/* group->b */
+	if (!BN_nnmod(&group->b, b, p, ctx)) goto err;
+	if (group->meth->field_encode)
+		if (!group->meth->field_encode(group, &group->b, &group->b, ctx)) goto err;
+	
+	/* group->a_is_minus3 */
+	if (!BN_add_word(tmp_a, 3)) goto err;
+	group->a_is_minus3 = (0 == BN_cmp(tmp_a, &group->field));
+
+	ret = 1;
+
+ err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+	{
+	int ret = 0;
+	BN_CTX *new_ctx = NULL;
+	
+	if (p != NULL)
+		{
+		if (!BN_copy(p, &group->field)) return 0;
+		}
+
+	if (a != NULL || b != NULL)
+		{
+		if (group->meth->field_decode)
+			{
+			if (ctx == NULL)
+				{
+				ctx = new_ctx = BN_CTX_new();
+				if (ctx == NULL)
+					return 0;
+				}
+			if (a != NULL)
+				{
+				if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err;
+				}
+			if (b != NULL)
+				{
+				if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err;
+				}
+			}
+		else
+			{
+			if (a != NULL)
+				{
+				if (!BN_copy(a, &group->a)) goto err;
+				}
+			if (b != NULL)
+				{
+				if (!BN_copy(b, &group->b)) goto err;
+				}
+			}
+		}
+	
+	ret = 1;
+	
+ err:
+	if (new_ctx)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_simple_group_get_degree(const EC_GROUP *group)
+	{
+	return BN_num_bits(&group->field);
+	}
+
+
+int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
+	{
+	int ret = 0;
+	BIGNUM *a,*b,*order,*tmp_1,*tmp_2;
+	const BIGNUM *p = &group->field;
+	BN_CTX *new_ctx = NULL;
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			{
+			ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		}
+	BN_CTX_start(ctx);
+	a = BN_CTX_get(ctx);
+	b = BN_CTX_get(ctx);
+	tmp_1 = BN_CTX_get(ctx);
+	tmp_2 = BN_CTX_get(ctx);
+	order = BN_CTX_get(ctx);
+	if (order == NULL) goto err;
+
+	if (group->meth->field_decode)
+		{
+		if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err;
+		if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err;
+		}
+	else
+		{
+		if (!BN_copy(a, &group->a)) goto err;
+		if (!BN_copy(b, &group->b)) goto err;
+		}
+	
+	/* check the discriminant:
+	 * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p) 
+         * 0 =< a, b < p */
+	if (BN_is_zero(a))
+		{
+		if (BN_is_zero(b)) goto err;
+		}
+	else if (!BN_is_zero(b))
+		{
+		if (!BN_mod_sqr(tmp_1, a, p, ctx)) goto err;
+		if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx)) goto err;
+		if (!BN_lshift(tmp_1, tmp_2, 2)) goto err;
+		/* tmp_1 = 4*a^3 */
+
+		if (!BN_mod_sqr(tmp_2, b, p, ctx)) goto err;
+		if (!BN_mul_word(tmp_2, 27)) goto err;
+		/* tmp_2 = 27*b^2 */
+
+		if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx)) goto err;
+		if (BN_is_zero(a)) goto err;
+		}
+	ret = 1;
+
+err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_simple_point_init(EC_POINT *point)
+	{
+	BN_init(&point->X);
+	BN_init(&point->Y);
+	BN_init(&point->Z);
+	point->Z_is_one = 0;
+
+	return 1;
+	}
+
+
+void ec_GFp_simple_point_finish(EC_POINT *point)
+	{
+	BN_free(&point->X);
+	BN_free(&point->Y);
+	BN_free(&point->Z);
+	}
+
+
+void ec_GFp_simple_point_clear_finish(EC_POINT *point)
+	{
+	BN_clear_free(&point->X);
+	BN_clear_free(&point->Y);
+	BN_clear_free(&point->Z);
+	point->Z_is_one = 0;
+	}
+
+
+int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
+	{
+	if (!BN_copy(&dest->X, &src->X)) return 0;
+	if (!BN_copy(&dest->Y, &src->Y)) return 0;
+	if (!BN_copy(&dest->Z, &src->Z)) return 0;
+	dest->Z_is_one = src->Z_is_one;
+
+	return 1;
+	}
+
+
+int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
+	{
+	point->Z_is_one = 0;
+	return (BN_zero(&point->Z));
+	}
+
+
+int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
+	const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
+	{
+	BN_CTX *new_ctx = NULL;
+	int ret = 0;
+	
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	if (x != NULL)
+		{
+		if (!BN_nnmod(&point->X, x, &group->field, ctx)) goto err;
+		if (group->meth->field_encode)
+			{
+			if (!group->meth->field_encode(group, &point->X, &point->X, ctx)) goto err;
+			}
+		}
+	
+	if (y != NULL)
+		{
+		if (!BN_nnmod(&point->Y, y, &group->field, ctx)) goto err;
+		if (group->meth->field_encode)
+			{
+			if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx)) goto err;
+			}
+		}
+	
+	if (z != NULL)
+		{
+		int Z_is_one;
+
+		if (!BN_nnmod(&point->Z, z, &group->field, ctx)) goto err;
+		Z_is_one = BN_is_one(&point->Z);
+		if (group->meth->field_encode)
+			{
+			if (Z_is_one && (group->meth->field_set_to_one != 0))
+				{
+				if (!group->meth->field_set_to_one(group, &point->Z, ctx)) goto err;
+				}
+			else
+				{
+				if (!group->meth->field_encode(group, &point->Z, &point->Z, ctx)) goto err;
+				}
+			}
+		point->Z_is_one = Z_is_one;
+		}
+	
+	ret = 1;
+	
+ err:
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
+	BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
+	{
+	BN_CTX *new_ctx = NULL;
+	int ret = 0;
+	
+	if (group->meth->field_decode != 0)
+		{
+		if (ctx == NULL)
+			{
+			ctx = new_ctx = BN_CTX_new();
+			if (ctx == NULL)
+				return 0;
+			}
+
+		if (x != NULL)
+			{
+			if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err;
+			}
+		if (y != NULL)
+			{
+			if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err;
+			}
+		if (z != NULL)
+			{
+			if (!group->meth->field_decode(group, z, &point->Z, ctx)) goto err;
+			}
+		}
+	else	
+		{
+		if (x != NULL)
+			{
+			if (!BN_copy(x, &point->X)) goto err;
+			}
+		if (y != NULL)
+			{
+			if (!BN_copy(y, &point->Y)) goto err;
+			}
+		if (z != NULL)
+			{
+			if (!BN_copy(z, &point->Z)) goto err;
+			}
+		}
+	
+	ret = 1;
+
+ err:
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,
+	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
+	{
+	if (x == NULL || y == NULL)
+		{
+		/* unlike for projective coordinates, we do not tolerate this */
+		ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+
+	return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, BN_value_one(), ctx);
+	}
+
+
+int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
+	BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
+	{
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *Z, *Z_1, *Z_2, *Z_3;
+	const BIGNUM *Z_;
+	int ret = 0;
+
+	if (EC_POINT_is_at_infinity(group, point))
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY);
+		return 0;
+		}
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	BN_CTX_start(ctx);
+	Z = BN_CTX_get(ctx);
+	Z_1 = BN_CTX_get(ctx);
+	Z_2 = BN_CTX_get(ctx);
+	Z_3 = BN_CTX_get(ctx);
+	if (Z_3 == NULL) goto err;
+
+	/* transform  (X, Y, Z)  into  (x, y) := (X/Z^2, Y/Z^3) */
+	
+	if (group->meth->field_decode)
+		{
+		if (!group->meth->field_decode(group, Z, &point->Z, ctx)) goto err;
+		Z_ = Z;
+		}
+	else
+		{
+		Z_ = &point->Z;
+		}
+	
+	if (BN_is_one(Z_))
+		{
+		if (group->meth->field_decode)
+			{
+			if (x != NULL)
+				{
+				if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err;
+				}
+			if (y != NULL)
+				{
+				if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err;
+				}
+			}
+		else
+			{
+			if (x != NULL)
+				{
+				if (!BN_copy(x, &point->X)) goto err;
+				}
+			if (y != NULL)
+				{
+				if (!BN_copy(y, &point->Y)) goto err;
+				}
+			}
+		}
+	else
+		{
+		if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx))
+			{
+			ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_BN_LIB);
+			goto err;
+			}
+		
+		if (group->meth->field_encode == 0)
+			{
+			/* field_sqr works on standard representation */
+			if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) goto err;
+			}
+		else
+			{
+			if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) goto err;
+			}
+	
+		if (x != NULL)
+			{
+			/* in the Montgomery case, field_mul will cancel out Montgomery factor in X: */
+			if (!group->meth->field_mul(group, x, &point->X, Z_2, ctx)) goto err;
+			}
+
+		if (y != NULL)
+			{
+			if (group->meth->field_encode == 0)
+				{
+				/* field_mul works on standard representation */
+				if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) goto err;
+				}
+			else
+				{
+				if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) goto err;
+				}
+
+			/* in the Montgomery case, field_mul will cancel out Montgomery factor in Y: */
+			if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx)) goto err;
+			}
+		}
+
+	ret = 1;
+
+ err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
+	const BIGNUM *x_, int y_bit, BN_CTX *ctx)
+	{
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *tmp1, *tmp2, *x, *y;
+	int ret = 0;
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	y_bit = (y_bit != 0);
+
+	BN_CTX_start(ctx);
+	tmp1 = BN_CTX_get(ctx);
+	tmp2 = BN_CTX_get(ctx);
+	x = BN_CTX_get(ctx);
+	y = BN_CTX_get(ctx);
+	if (y == NULL) goto err;
+
+	/* Recover y.  We have a Weierstrass equation
+	 *     y^2 = x^3 + a*x + b,
+	 * so  y  is one of the square roots of  x^3 + a*x + b.
+	 */
+
+	/* tmp1 := x^3 */
+	if (!BN_nnmod(x, x_, &group->field,ctx)) goto err;
+	if (group->meth->field_decode == 0)
+		{
+		/* field_{sqr,mul} work on standard representation */
+		if (!group->meth->field_sqr(group, tmp2, x_, ctx)) goto err;
+		if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx)) goto err;
+		}
+	else
+		{
+		if (!BN_mod_sqr(tmp2, x_, &group->field, ctx)) goto err;
+		if (!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx)) goto err;
+		}
+	
+	/* tmp1 := tmp1 + a*x */
+	if (group->a_is_minus3)
+		{
+		if (!BN_mod_lshift1_quick(tmp2, x, &group->field)) goto err;
+		if (!BN_mod_add_quick(tmp2, tmp2, x, &group->field)) goto err;
+		if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
+		}
+	else
+		{
+		if (group->meth->field_decode)
+			{
+			if (!group->meth->field_decode(group, tmp2, &group->a, ctx)) goto err;
+			if (!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx)) goto err;
+			}
+		else
+			{
+			/* field_mul works on standard representation */
+			if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx)) goto err;
+			}
+		
+		if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
+		}
+	
+	/* tmp1 := tmp1 + b */
+	if (group->meth->field_decode)
+		{
+		if (!group->meth->field_decode(group, tmp2, &group->b, ctx)) goto err;
+		if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
+		}
+	else
+		{
+		if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field)) goto err;
+		}
+	
+	if (!BN_mod_sqrt(y, tmp1, &group->field, ctx))
+		{
+		unsigned long err = ERR_peek_error();
+		
+		if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE)
+			{
+			(void)ERR_get_error();
+			ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
+			}
+		else
+			ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB);
+		goto err;
+		}
+
+	if (y_bit != BN_is_odd(y))
+		{
+		if (BN_is_zero(y))
+			{
+			int kron;
+
+			kron = BN_kronecker(x, &group->field, ctx);
+			if (kron == -2) goto err;
+
+			if (kron == 1)
+				ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSION_BIT);
+			else
+				/* BN_mod_sqrt() should have cought this error (not a square) */
+				ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
+			goto err;
+			}
+		if (!BN_usub(y, &group->field, y)) goto err;
+		}
+	if (y_bit != BN_is_odd(y))
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_INTERNAL_ERROR);
+		goto err;
+		}
+
+	if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
+
+	ret = 1;
+
+ err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
+	unsigned char *buf, size_t len, BN_CTX *ctx)
+	{
+	size_t ret;
+	BN_CTX *new_ctx = NULL;
+	int used_ctx = 0;
+	BIGNUM *x, *y;
+	size_t field_len, i, skip;
+
+	if ((form != POINT_CONVERSION_COMPRESSED)
+		&& (form != POINT_CONVERSION_UNCOMPRESSED)
+		&& (form != POINT_CONVERSION_HYBRID))
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
+		goto err;
+		}
+
+	if (EC_POINT_is_at_infinity(group, point))
+		{
+		/* encodes to a single 0 octet */
+		if (buf != NULL)
+			{
+			if (len < 1)
+				{
+				ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+				return 0;
+				}
+			buf[0] = 0;
+			}
+		return 1;
+		}
+
+
+	/* ret := required output buffer length */
+	field_len = BN_num_bytes(&group->field);
+	ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
+
+	/* if 'buf' is NULL, just return required length */
+	if (buf != NULL)
+		{
+		if (len < ret)
+			{
+			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+			goto err;
+			}
+
+		if (ctx == NULL)
+			{
+			ctx = new_ctx = BN_CTX_new();
+			if (ctx == NULL)
+				return 0;
+			}
+
+		BN_CTX_start(ctx);
+		used_ctx = 1;
+		x = BN_CTX_get(ctx);
+		y = BN_CTX_get(ctx);
+		if (y == NULL) goto err;
+
+		if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
+
+		if ((form == POINT_CONVERSION_COMPRESSED || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y))
+			buf[0] = form + 1;
+		else
+			buf[0] = form;
+	
+		i = 1;
+		
+		skip = field_len - BN_num_bytes(x);
+		if (skip > field_len)
+			{
+			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+			goto err;
+			}
+		while (skip > 0)
+			{
+			buf[i++] = 0;
+			skip--;
+			}
+		skip = BN_bn2bin(x, buf + i);
+		i += skip;
+		if (i != 1 + field_len)
+			{
+			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+			goto err;
+			}
+
+		if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID)
+			{
+			skip = field_len - BN_num_bytes(y);
+			if (skip > field_len)
+				{
+				ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+				goto err;
+				}
+			while (skip > 0)
+				{
+				buf[i++] = 0;
+				skip--;
+				}
+			skip = BN_bn2bin(y, buf + i);
+			i += skip;
+			}
+
+		if (i != ret)
+			{
+			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+			goto err;
+			}
+		}
+	
+	if (used_ctx)
+		BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+
+ err:
+	if (used_ctx)
+		BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return 0;
+	}
+
+
+int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
+	const unsigned char *buf, size_t len, BN_CTX *ctx)
+	{
+	point_conversion_form_t form;
+	int y_bit;
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *x, *y;
+	size_t field_len, enc_len;
+	int ret = 0;
+
+	if (len == 0)
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
+		return 0;
+		}
+	form = buf[0];
+	y_bit = form & 1;
+	form = form & ~1;
+	if ((form != 0)	&& (form != POINT_CONVERSION_COMPRESSED)
+		&& (form != POINT_CONVERSION_UNCOMPRESSED)
+		&& (form != POINT_CONVERSION_HYBRID))
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+		return 0;
+		}
+	if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit)
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+		return 0;
+		}
+
+	if (form == 0)
+		{
+		if (len != 1)
+			{
+			ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+			return 0;
+			}
+
+		return EC_POINT_set_to_infinity(group, point);
+		}
+	
+	field_len = BN_num_bytes(&group->field);
+	enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
+
+	if (len != enc_len)
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+		return 0;
+		}
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	BN_CTX_start(ctx);
+	x = BN_CTX_get(ctx);
+	y = BN_CTX_get(ctx);
+	if (y == NULL) goto err;
+
+	if (!BN_bin2bn(buf + 1, field_len, x)) goto err;
+	if (BN_ucmp(x, &group->field) >= 0)
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+		goto err;
+		}
+
+	if (form == POINT_CONVERSION_COMPRESSED)
+		{
+		if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx)) goto err;
+		}
+	else
+		{
+		if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err;
+		if (BN_ucmp(y, &group->field) >= 0)
+			{
+			ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+			goto err;
+			}
+		if (form == POINT_CONVERSION_HYBRID)
+			{
+			if (y_bit != BN_is_odd(y))
+				{
+				ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+				goto err;
+				}
+			}
+
+		if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
+		}
+	
+	if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
+		goto err;
+		}
+
+	ret = 1;
+	
+ err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
+	{
+	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
+	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+	const BIGNUM *p;
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6;
+	int ret = 0;
+	
+	if (a == b)
+		return EC_POINT_dbl(group, r, a, ctx);
+	if (EC_POINT_is_at_infinity(group, a))
+		return EC_POINT_copy(r, b);
+	if (EC_POINT_is_at_infinity(group, b))
+		return EC_POINT_copy(r, a);
+	
+	field_mul = group->meth->field_mul;
+	field_sqr = group->meth->field_sqr;
+	p = &group->field;
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	BN_CTX_start(ctx);
+	n0 = BN_CTX_get(ctx);
+	n1 = BN_CTX_get(ctx);
+	n2 = BN_CTX_get(ctx);
+	n3 = BN_CTX_get(ctx);
+	n4 = BN_CTX_get(ctx);
+	n5 = BN_CTX_get(ctx);
+	n6 = BN_CTX_get(ctx);
+	if (n6 == NULL) goto end;
+
+	/* Note that in this function we must not read components of 'a' or 'b'
+	 * once we have written the corresponding components of 'r'.
+	 * ('r' might be one of 'a' or 'b'.)
+	 */
+
+	/* n1, n2 */
+	if (b->Z_is_one)
+		{
+		if (!BN_copy(n1, &a->X)) goto end;
+		if (!BN_copy(n2, &a->Y)) goto end;
+		/* n1 = X_a */
+		/* n2 = Y_a */
+		}
+	else
+		{
+		if (!field_sqr(group, n0, &b->Z, ctx)) goto end;
+		if (!field_mul(group, n1, &a->X, n0, ctx)) goto end;
+		/* n1 = X_a * Z_b^2 */
+
+		if (!field_mul(group, n0, n0, &b->Z, ctx)) goto end;
+		if (!field_mul(group, n2, &a->Y, n0, ctx)) goto end;
+		/* n2 = Y_a * Z_b^3 */
+		}
+
+	/* n3, n4 */
+	if (a->Z_is_one)
+		{
+		if (!BN_copy(n3, &b->X)) goto end;
+		if (!BN_copy(n4, &b->Y)) goto end;
+		/* n3 = X_b */
+		/* n4 = Y_b */
+		}
+	else
+		{
+		if (!field_sqr(group, n0, &a->Z, ctx)) goto end;
+		if (!field_mul(group, n3, &b->X, n0, ctx)) goto end;
+		/* n3 = X_b * Z_a^2 */
+
+		if (!field_mul(group, n0, n0, &a->Z, ctx)) goto end;
+		if (!field_mul(group, n4, &b->Y, n0, ctx)) goto end;
+		/* n4 = Y_b * Z_a^3 */
+		}
+
+	/* n5, n6 */
+	if (!BN_mod_sub_quick(n5, n1, n3, p)) goto end;
+	if (!BN_mod_sub_quick(n6, n2, n4, p)) goto end;
+	/* n5 = n1 - n3 */
+	/* n6 = n2 - n4 */
+
+	if (BN_is_zero(n5))
+		{
+		if (BN_is_zero(n6))
+			{
+			/* a is the same point as b */
+			BN_CTX_end(ctx);
+			ret = EC_POINT_dbl(group, r, a, ctx);
+			ctx = NULL;
+			goto end;
+			}
+		else
+			{
+			/* a is the inverse of b */
+			if (!BN_zero(&r->Z)) goto end;
+			r->Z_is_one = 0;
+			ret = 1;
+			goto end;
+			}
+		}
+
+	/* 'n7', 'n8' */
+	if (!BN_mod_add_quick(n1, n1, n3, p)) goto end;
+	if (!BN_mod_add_quick(n2, n2, n4, p)) goto end;
+	/* 'n7' = n1 + n3 */
+	/* 'n8' = n2 + n4 */
+
+	/* Z_r */
+	if (a->Z_is_one && b->Z_is_one)
+		{
+		if (!BN_copy(&r->Z, n5)) goto end;
+		}
+	else
+		{
+		if (a->Z_is_one)
+			{ if (!BN_copy(n0, &b->Z)) goto end; }
+		else if (b->Z_is_one)
+			{ if (!BN_copy(n0, &a->Z)) goto end; }
+		else
+			{ if (!field_mul(group, n0, &a->Z, &b->Z, ctx)) goto end; }
+		if (!field_mul(group, &r->Z, n0, n5, ctx)) goto end;
+		}
+	r->Z_is_one = 0;
+	/* Z_r = Z_a * Z_b * n5 */
+
+	/* X_r */
+	if (!field_sqr(group, n0, n6, ctx)) goto end;
+	if (!field_sqr(group, n4, n5, ctx)) goto end;
+	if (!field_mul(group, n3, n1, n4, ctx)) goto end;
+	if (!BN_mod_sub_quick(&r->X, n0, n3, p)) goto end;
+	/* X_r = n6^2 - n5^2 * 'n7' */
+	
+	/* 'n9' */
+	if (!BN_mod_lshift1_quick(n0, &r->X, p)) goto end;
+	if (!BN_mod_sub_quick(n0, n3, n0, p)) goto end;
+	/* n9 = n5^2 * 'n7' - 2 * X_r */
+
+	/* Y_r */
+	if (!field_mul(group, n0, n0, n6, ctx)) goto end;
+	if (!field_mul(group, n5, n4, n5, ctx)) goto end; /* now n5 is n5^3 */
+	if (!field_mul(group, n1, n2, n5, ctx)) goto end;
+	if (!BN_mod_sub_quick(n0, n0, n1, p)) goto end;
+	if (BN_is_odd(n0))
+		if (!BN_add(n0, n0, p)) goto end;
+	/* now  0 <= n0 < 2*p,  and n0 is even */
+	if (!BN_rshift1(&r->Y, n0)) goto end;
+	/* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */
+
+	ret = 1;
+
+ end:
+	if (ctx) /* otherwise we already called BN_CTX_end */
+		BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
+	{
+	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
+	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+	const BIGNUM *p;
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *n0, *n1, *n2, *n3;
+	int ret = 0;
+	
+	if (EC_POINT_is_at_infinity(group, a))
+		{
+		if (!BN_zero(&r->Z)) return 0;
+		r->Z_is_one = 0;
+		return 1;
+		}
+
+	field_mul = group->meth->field_mul;
+	field_sqr = group->meth->field_sqr;
+	p = &group->field;
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	BN_CTX_start(ctx);
+	n0 = BN_CTX_get(ctx);
+	n1 = BN_CTX_get(ctx);
+	n2 = BN_CTX_get(ctx);
+	n3 = BN_CTX_get(ctx);
+	if (n3 == NULL) goto err;
+
+	/* Note that in this function we must not read components of 'a'
+	 * once we have written the corresponding components of 'r'.
+	 * ('r' might the same as 'a'.)
+	 */
+
+	/* n1 */
+	if (a->Z_is_one)
+		{
+		if (!field_sqr(group, n0, &a->X, ctx)) goto err;
+		if (!BN_mod_lshift1_quick(n1, n0, p)) goto err;
+		if (!BN_mod_add_quick(n0, n0, n1, p)) goto err;
+		if (!BN_mod_add_quick(n1, n0, &group->a, p)) goto err;
+		/* n1 = 3 * X_a^2 + a_curve */
+		}
+	else if (group->a_is_minus3)
+		{
+		if (!field_sqr(group, n1, &a->Z, ctx)) goto err;
+		if (!BN_mod_add_quick(n0, &a->X, n1, p)) goto err;
+		if (!BN_mod_sub_quick(n2, &a->X, n1, p)) goto err;
+		if (!field_mul(group, n1, n0, n2, ctx)) goto err;
+		if (!BN_mod_lshift1_quick(n0, n1, p)) goto err;
+		if (!BN_mod_add_quick(n1, n0, n1, p)) goto err;
+		/* n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
+		 *    = 3 * X_a^2 - 3 * Z_a^4 */
+		}
+	else
+		{
+		if (!field_sqr(group, n0, &a->X, ctx)) goto err;
+		if (!BN_mod_lshift1_quick(n1, n0, p)) goto err;
+		if (!BN_mod_add_quick(n0, n0, n1, p)) goto err;
+		if (!field_sqr(group, n1, &a->Z, ctx)) goto err;
+		if (!field_sqr(group, n1, n1, ctx)) goto err;
+		if (!field_mul(group, n1, n1, &group->a, ctx)) goto err;
+		if (!BN_mod_add_quick(n1, n1, n0, p)) goto err;
+		/* n1 = 3 * X_a^2 + a_curve * Z_a^4 */
+		}
+
+	/* Z_r */
+	if (a->Z_is_one)
+		{
+		if (!BN_copy(n0, &a->Y)) goto err;
+		}
+	else
+		{
+		if (!field_mul(group, n0, &a->Y, &a->Z, ctx)) goto err;
+		}
+	if (!BN_mod_lshift1_quick(&r->Z, n0, p)) goto err;
+	r->Z_is_one = 0;
+	/* Z_r = 2 * Y_a * Z_a */
+
+	/* n2 */
+	if (!field_sqr(group, n3, &a->Y, ctx)) goto err;
+	if (!field_mul(group, n2, &a->X, n3, ctx)) goto err;
+	if (!BN_mod_lshift_quick(n2, n2, 2, p)) goto err;
+	/* n2 = 4 * X_a * Y_a^2 */
+
+	/* X_r */
+	if (!BN_mod_lshift1_quick(n0, n2, p)) goto err;
+	if (!field_sqr(group, &r->X, n1, ctx)) goto err;
+	if (!BN_mod_sub_quick(&r->X, &r->X, n0, p)) goto err;
+	/* X_r = n1^2 - 2 * n2 */
+	
+	/* n3 */
+	if (!field_sqr(group, n0, n3, ctx)) goto err;
+	if (!BN_mod_lshift_quick(n3, n0, 3, p)) goto err;
+	/* n3 = 8 * Y_a^4 */
+	
+	/* Y_r */
+	if (!BN_mod_sub_quick(n0, n2, &r->X, p)) goto err;
+	if (!field_mul(group, n0, n1, n0, ctx)) goto err;
+	if (!BN_mod_sub_quick(&r->Y, n0, n3, p)) goto err;
+	/* Y_r = n1 * (n2 - X_r) - n3 */
+
+	ret = 1;
+
+ err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+	{
+	if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y))
+		/* point is its own inverse */
+		return 1;
+	
+	return BN_usub(&point->Y, &group->field, &point->Y);
+	}
+
+
+int ec_GFp_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
+	{
+	return BN_is_zero(&point->Z);
+	}
+
+
+int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
+	{
+	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
+	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+	const BIGNUM *p;
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *rh, *tmp1, *tmp2, *Z4, *Z6;
+	int ret = -1;
+
+	if (EC_POINT_is_at_infinity(group, point))
+		return 1;
+	
+	field_mul = group->meth->field_mul;
+	field_sqr = group->meth->field_sqr;
+	p = &group->field;
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return -1;
+		}
+
+	BN_CTX_start(ctx);
+	rh = BN_CTX_get(ctx);
+	tmp1 = BN_CTX_get(ctx);
+	tmp2 = BN_CTX_get(ctx);
+	Z4 = BN_CTX_get(ctx);
+	Z6 = BN_CTX_get(ctx);
+	if (Z6 == NULL) goto err;
+
+	/* We have a curve defined by a Weierstrass equation
+	 *      y^2 = x^3 + a*x + b.
+	 * The point to consider is given in Jacobian projective coordinates
+	 * where  (X, Y, Z)  represents  (x, y) = (X/Z^2, Y/Z^3).
+	 * Substituting this and multiplying by  Z^6  transforms the above equation into
+	 *      Y^2 = X^3 + a*X*Z^4 + b*Z^6.
+	 * To test this, we add up the right-hand side in 'rh'.
+	 */
+
+	/* rh := X^3 */
+	if (!field_sqr(group, rh, &point->X, ctx)) goto err;
+	if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;
+
+	if (!point->Z_is_one)
+		{
+		if (!field_sqr(group, tmp1, &point->Z, ctx)) goto err;
+		if (!field_sqr(group, Z4, tmp1, ctx)) goto err;
+		if (!field_mul(group, Z6, Z4, tmp1, ctx)) goto err;
+
+		/* rh := rh + a*X*Z^4 */
+		if (!field_mul(group, tmp1, &point->X, Z4, ctx)) goto err;
+		if (group->a_is_minus3)
+			{
+			if (!BN_mod_lshift1_quick(tmp2, tmp1, p)) goto err;
+			if (!BN_mod_add_quick(tmp2, tmp2, tmp1, p)) goto err;
+			if (!BN_mod_sub_quick(rh, rh, tmp2, p)) goto err;
+			}
+		else
+			{
+			if (!field_mul(group, tmp2, tmp1, &group->a, ctx)) goto err;
+			if (!BN_mod_add_quick(rh, rh, tmp2, p)) goto err;
+			}
+
+		/* rh := rh + b*Z^6 */
+		if (!field_mul(group, tmp1, &group->b, Z6, ctx)) goto err;
+		if (!BN_mod_add_quick(rh, rh, tmp1, p)) goto err;
+		}
+	else
+		{
+		/* point->Z_is_one */
+
+		/* rh := rh + a*X */
+		if (group->a_is_minus3)
+			{
+			if (!BN_mod_lshift1_quick(tmp2, &point->X, p)) goto err;
+			if (!BN_mod_add_quick(tmp2, tmp2, &point->X, p)) goto err;
+			if (!BN_mod_sub_quick(rh, rh, tmp2, p)) goto err;
+			}
+		else
+			{
+			if (!field_mul(group, tmp2, &point->X, &group->a, ctx)) goto err;
+			if (!BN_mod_add_quick(rh, rh, tmp2, p)) goto err;
+			}
+
+		/* rh := rh + b */
+		if (!BN_mod_add_quick(rh, rh, &group->b, p)) goto err;
+		}
+
+	/* 'lh' := Y^2 */
+	if (!field_sqr(group, tmp1, &point->Y, ctx)) goto err;
+
+	ret = (0 == BN_cmp(tmp1, rh));
+
+ err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
+	{
+	/* return values:
+	 *  -1   error
+	 *   0   equal (in affine coordinates)
+	 *   1   not equal
+	 */
+
+	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
+	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *tmp1, *tmp2, *Za23, *Zb23;
+	const BIGNUM *tmp1_, *tmp2_;
+	int ret = -1;
+	
+	if (EC_POINT_is_at_infinity(group, a))
+		{
+		return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
+		}
+	
+	if (a->Z_is_one && b->Z_is_one)
+		{
+		return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;
+		}
+
+	field_mul = group->meth->field_mul;
+	field_sqr = group->meth->field_sqr;
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return -1;
+		}
+
+	BN_CTX_start(ctx);
+	tmp1 = BN_CTX_get(ctx);
+	tmp2 = BN_CTX_get(ctx);
+	Za23 = BN_CTX_get(ctx);
+	Zb23 = BN_CTX_get(ctx);
+	if (Zb23 == NULL) goto end;
+
+	/* We have to decide whether
+	 *     (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3),
+	 * or equivalently, whether
+	 *     (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3).
+	 */
+
+	if (!b->Z_is_one)
+		{
+		if (!field_sqr(group, Zb23, &b->Z, ctx)) goto end;
+		if (!field_mul(group, tmp1, &a->X, Zb23, ctx)) goto end;
+		tmp1_ = tmp1;
+		}
+	else
+		tmp1_ = &a->X;
+	if (!a->Z_is_one)
+		{
+		if (!field_sqr(group, Za23, &a->Z, ctx)) goto end;
+		if (!field_mul(group, tmp2, &b->X, Za23, ctx)) goto end;
+		tmp2_ = tmp2;
+		}
+	else
+		tmp2_ = &b->X;
+	
+	/* compare  X_a*Z_b^2  with  X_b*Z_a^2 */
+	if (BN_cmp(tmp1_, tmp2_) != 0)
+		{
+		ret = 1; /* points differ */
+		goto end;
+		}
+
+
+	if (!b->Z_is_one)
+		{
+		if (!field_mul(group, Zb23, Zb23, &b->Z, ctx)) goto end;
+		if (!field_mul(group, tmp1, &a->Y, Zb23, ctx)) goto end;
+		/* tmp1_ = tmp1 */
+		}
+	else
+		tmp1_ = &a->Y;
+	if (!a->Z_is_one)
+		{
+		if (!field_mul(group, Za23, Za23, &a->Z, ctx)) goto end;
+		if (!field_mul(group, tmp2, &b->Y, Za23, ctx)) goto end;
+		/* tmp2_ = tmp2 */
+		}
+	else
+		tmp2_ = &b->Y;
+
+	/* compare  Y_a*Z_b^3  with  Y_b*Z_a^3 */
+	if (BN_cmp(tmp1_, tmp2_) != 0)
+		{
+		ret = 1; /* points differ */
+		goto end;
+		}
+
+	/* points are equal */
+	ret = 0;
+
+ end:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+	{
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *x, *y;
+	int ret = 0;
+
+	if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
+		return 1;
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	BN_CTX_start(ctx);
+	x = BN_CTX_get(ctx);
+	y = BN_CTX_get(ctx);
+	if (y == NULL) goto err;
+
+	if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
+	if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
+	if (!point->Z_is_one)
+		{
+		ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR);
+		goto err;
+		}
+	
+	ret = 1;
+
+ err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	return ret;
+	}
+
+
+int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
+	{
+	BN_CTX *new_ctx = NULL;
+	BIGNUM *tmp0, *tmp1;
+	size_t pow2 = 0;
+	BIGNUM **heap = NULL;
+	size_t i;
+	int ret = 0;
+
+	if (num == 0)
+		return 1;
+
+	if (ctx == NULL)
+		{
+		ctx = new_ctx = BN_CTX_new();
+		if (ctx == NULL)
+			return 0;
+		}
+
+	BN_CTX_start(ctx);
+	tmp0 = BN_CTX_get(ctx);
+	tmp1 = BN_CTX_get(ctx);
+	if (tmp0  == NULL || tmp1 == NULL) goto err;
+
+	/* Before converting the individual points, compute inverses of all Z values.
+	 * Modular inversion is rather slow, but luckily we can do with a single
+	 * explicit inversion, plus about 3 multiplications per input value.
+	 */
+
+	pow2 = 1;
+	while (num > pow2)
+		pow2 <<= 1;
+	/* Now pow2 is the smallest power of 2 satifsying pow2 >= num.
+	 * We need twice that. */
+	pow2 <<= 1;
+
+	heap = OPENSSL_malloc(pow2 * sizeof heap[0]);
+	if (heap == NULL) goto err;
+	
+	/* The array is used as a binary tree, exactly as in heapsort:
+	 *
+	 *                               heap[1]
+	 *                 heap[2]                     heap[3]
+	 *          heap[4]       heap[5]       heap[6]       heap[7]
+	 *   heap[8]heap[9] heap[10]heap[11] heap[12]heap[13] heap[14] heap[15]
+	 *
+	 * We put the Z's in the last line;
+	 * then we set each other node to the product of its two child-nodes (where
+	 * empty or 0 entries are treated as ones);
+	 * then we invert heap[1];
+	 * then we invert each other node by replacing it by the product of its
+	 * parent (after inversion) and its sibling (before inversion).
+	 */
+	heap[0] = NULL;
+	for (i = pow2/2 - 1; i > 0; i--)
+		heap[i] = NULL;
+	for (i = 0; i < num; i++)
+		heap[pow2/2 + i] = &points[i]->Z;
+	for (i = pow2/2 + num; i < pow2; i++)
+		heap[i] = NULL;
+	
+	/* set each node to the product of its children */
+	for (i = pow2/2 - 1; i > 0; i--)
+		{
+		heap[i] = BN_new();
+		if (heap[i] == NULL) goto err;
+		
+		if (heap[2*i] != NULL)
+			{
+			if ((heap[2*i + 1] == NULL) || BN_is_zero(heap[2*i + 1]))
+				{
+				if (!BN_copy(heap[i], heap[2*i])) goto err;
+				}
+			else
+				{
+				if (BN_is_zero(heap[2*i]))
+					{
+					if (!BN_copy(heap[i], heap[2*i + 1])) goto err;
+					}
+				else
+					{
+					if (!group->meth->field_mul(group, heap[i],
+						heap[2*i], heap[2*i + 1], ctx)) goto err;
+					}
+				}
+			}
+		}
+
+	/* invert heap[1] */
+	if (!BN_is_zero(heap[1]))
+		{
+		if (!BN_mod_inverse(heap[1], heap[1], &group->field, ctx))
+			{
+			ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
+			goto err;
+			}
+		}
+	if (group->meth->field_encode != 0)
+		{
+		/* in the Montgomery case, we just turned  R*H  (representing H)
+		 * into  1/(R*H),  but we need  R*(1/H)  (representing 1/H);
+		 * i.e. we have need to multiply by the Montgomery factor twice */
+		if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;
+		if (!group->meth->field_encode(group, heap[1], heap[1], ctx)) goto err;
+		}
+
+	/* set other heap[i]'s to their inverses */
+	for (i = 2; i < pow2/2 + num; i += 2)
+		{
+		/* i is even */
+		if ((heap[i + 1] != NULL) && !BN_is_zero(heap[i + 1]))
+			{
+			if (!group->meth->field_mul(group, tmp0, heap[i/2], heap[i + 1], ctx)) goto err;
+			if (!group->meth->field_mul(group, tmp1, heap[i/2], heap[i], ctx)) goto err;
+			if (!BN_copy(heap[i], tmp0)) goto err;
+			if (!BN_copy(heap[i + 1], tmp1)) goto err;
+			}
+		else
+			{
+			if (!BN_copy(heap[i], heap[i/2])) goto err;
+			}
+		}
+
+	/* we have replaced all non-zero Z's by their inverses, now fix up all the points */
+	for (i = 0; i < num; i++)
+		{
+		EC_POINT *p = points[i];
+		
+		if (!BN_is_zero(&p->Z))
+			{
+			/* turn  (X, Y, 1/Z)  into  (X/Z^2, Y/Z^3, 1) */
+
+			if (!group->meth->field_sqr(group, tmp1, &p->Z, ctx)) goto err;
+			if (!group->meth->field_mul(group, &p->X, &p->X, tmp1, ctx)) goto err;
+
+			if (!group->meth->field_mul(group, tmp1, tmp1, &p->Z, ctx)) goto err;
+			if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp1, ctx)) goto err;
+		
+			if (group->meth->field_set_to_one != 0)
+				{
+				if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err;
+				}
+			else
+				{
+				if (!BN_one(&p->Z)) goto err;
+				}
+			p->Z_is_one = 1;
+			}
+		}
+
+	ret = 1;
+		
+ err:
+	BN_CTX_end(ctx);
+	if (new_ctx != NULL)
+		BN_CTX_free(new_ctx);
+	if (heap != NULL)
+		{
+		/* heap[pow2/2] .. heap[pow2-1] have not been allocated locally! */
+		for (i = pow2/2 - 1; i > 0; i--)
+			{
+			if (heap[i] != NULL)
+				BN_clear_free(heap[i]);
+			}
+		OPENSSL_free(heap);
+		}
+	return ret;
+	}
+
+
+int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+	{
+	return BN_mod_mul(r, a, b, &group->field, ctx);
+	}
+
+
+int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+	{
+	return BN_mod_sqr(r, a, &group->field, ctx);
+	}
diff --git a/crypto/ec/ectest.c b/crypto/ec/ectest.c
new file mode 100644
index 0000000000..d7e606db71
--- /dev/null
+++ b/crypto/ec/ectest.c
@@ -0,0 +1,1238 @@
+/* crypto/ec/ectest.c */
+/*
+ * Originally written by Bodo Moeller for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by 
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef FLAT_INC
+#include "e_os.h"
+#else
+#include "../e_os.h"
+#endif
+#include <string.h>
+#include <time.h>
+
+
+#ifdef OPENSSL_NO_EC
+int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); return 0; }
+#else
+
+
+#include <openssl/ec.h>
+#include <openssl/engine.h>
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/objects.h>
+
+#define ABORT do { \
+	fflush(stdout); \
+	fprintf(stderr, "%s:%d: ABORT\n", __FILE__, __LINE__); \
+	ERR_print_errors_fp(stderr); \
+	EXIT(1); \
+} while (0)
+
+void prime_field_tests(void);
+void char2_field_tests(void);
+void internal_curve_test(void);
+
+#if 0
+static void timings(EC_GROUP *group, int multi, BN_CTX *ctx)
+	{
+	clock_t clck;
+	int i, j;
+	BIGNUM *s;
+	BIGNUM *r[10], *r0[10];
+	EC_POINT *P;
+		
+	s = BN_new();
+	if (s == NULL) ABORT;
+
+	fprintf(stdout, "Timings for %d-bit field, ", EC_GROUP_get_degree(group));
+	if (!EC_GROUP_get_order(group, s, ctx)) ABORT;
+	fprintf(stdout, "%d-bit scalars ", (int)BN_num_bits(s));
+	fflush(stdout);
+
+	P = EC_POINT_new(group);
+	if (P == NULL) ABORT;
+	EC_POINT_copy(P, EC_GROUP_get0_generator(group));
+
+	for (i = 0; i < 10; i++)
+		{
+		if ((r[i] = BN_new()) == NULL) ABORT;
+		if (!BN_pseudo_rand(r[i], BN_num_bits(s), 0, 0)) ABORT;
+		if (multi)
+			{
+			if ((r0[i] = BN_new()) == NULL) ABORT;
+			if (!BN_pseudo_rand(r0[i], BN_num_bits(s), 0, 0)) ABORT;
+			}
+		}
+
+	clck = clock();
+	for (i = 0; i < 10; i++)
+		{
+		for (j = 0; j < 10; j++)
+			{
+			if (!EC_POINT_mul(group, P, r[i], multi ? P : NULL, multi ? r0[i] : NULL, ctx)) ABORT;
+			}
+		}
+	fprintf(stdout, "\n");
+	
+	clck = clock() - clck;
+
+#ifdef CLOCKS_PER_SEC
+	/* "To determine the time in seconds, the value returned
+	 * by the clock function should be divided by the value
+	 * of the macro CLOCKS_PER_SEC."
+	 *                                       -- ISO/IEC 9899 */
+#	define UNIT "s"
+#else
+	/* "`CLOCKS_PER_SEC' undeclared (first use this function)"
+	 *                            -- cc on NeXTstep/OpenStep */
+#	define UNIT "units"
+#	define CLOCKS_PER_SEC 1
+#endif
+
+	fprintf(stdout, "%i %s in %.2f " UNIT "\n", i*j,
+		multi ? "s*P+t*Q operations" : "point multiplications",
+		(double)clck/CLOCKS_PER_SEC);
+	fprintf(stdout, "average: %.4f " UNIT "\n", (double)clck/(CLOCKS_PER_SEC*i*j));
+
+	EC_POINT_free(P);
+	BN_free(s);
+	for (i = 0; i < 10; i++)
+		{
+		BN_free(r[i]);
+		if (multi) BN_free(r0[i]);
+		}
+	}
+#endif
+
+void prime_field_tests()
+	{	
+	BN_CTX *ctx = NULL;
+	BIGNUM *p, *a, *b;
+	EC_GROUP *group;
+	EC_GROUP *P_192 = NULL, *P_224 = NULL, *P_256 = NULL, *P_384 = NULL, *P_521 = NULL;
+	EC_POINT *P, *Q, *R;
+	BIGNUM *x, *y, *z;
+	unsigned char buf[100];
+	size_t i, len;
+	int k;
+	
+#if 1 /* optional */
+	ctx = BN_CTX_new();
+	if (!ctx) ABORT;
+#endif
+
+	p = BN_new();
+	a = BN_new();
+	b = BN_new();
+	if (!p || !a || !b) ABORT;
+
+	if (!BN_hex2bn(&p, "17")) ABORT;
+	if (!BN_hex2bn(&a, "1")) ABORT;
+	if (!BN_hex2bn(&b, "1")) ABORT;
+	
+	group = EC_GROUP_new(EC_GFp_mont_method()); /* applications should use EC_GROUP_new_curve_GFp
+	                                             * so that the library gets to choose the EC_METHOD */
+	if (!group) ABORT;
+
+	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+	{
+		EC_GROUP *tmp;
+		tmp = EC_GROUP_new(EC_GROUP_method_of(group));
+		if (!tmp) ABORT;
+		if (!EC_GROUP_copy(tmp, group));
+		EC_GROUP_free(group);
+		group = tmp;
+	}
+	
+	if (!EC_GROUP_get_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+	fprintf(stdout, "Curve defined by Weierstrass equation\n     y^2 = x^3 + a*x + b  (mod 0x");
+	BN_print_fp(stdout, p);
+	fprintf(stdout, ")\n     a = 0x");
+	BN_print_fp(stdout, a);
+	fprintf(stdout, "\n     b = 0x");
+	BN_print_fp(stdout, b);
+	fprintf(stdout, "\n");
+
+	P = EC_POINT_new(group);
+	Q = EC_POINT_new(group);
+	R = EC_POINT_new(group);
+	if (!P || !Q || !R) ABORT;
+	
+	if (!EC_POINT_set_to_infinity(group, P)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+	buf[0] = 0;
+	if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT;
+
+	if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+	x = BN_new();
+	y = BN_new();
+	z = BN_new();
+	if (!x || !y || !z) ABORT;
+
+	if (!BN_hex2bn(&x, "D")) ABORT;
+	if (!EC_POINT_set_compressed_coordinates_GFp(group, Q, x, 1, ctx)) ABORT;
+	if (!EC_POINT_is_on_curve(group, Q, ctx))
+		{
+		if (!EC_POINT_get_affine_coordinates_GFp(group, Q, x, y, ctx)) ABORT;
+		fprintf(stderr, "Point is not on curve: x = 0x");
+		BN_print_fp(stderr, x);
+		fprintf(stderr, ", y = 0x");
+		BN_print_fp(stderr, y);
+		fprintf(stderr, "\n");
+		ABORT;
+		}
+
+	fprintf(stdout, "A cyclic subgroup:\n");
+	k = 100;
+	do
+		{
+		if (k-- == 0) ABORT;
+
+		if (EC_POINT_is_at_infinity(group, P))
+			fprintf(stdout, "     point at infinity\n");
+		else
+			{
+			if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+
+			fprintf(stdout, "     x = 0x");
+			BN_print_fp(stdout, x);
+			fprintf(stdout, ", y = 0x");
+			BN_print_fp(stdout, y);
+			fprintf(stdout, "\n");
+			}
+		
+		if (!EC_POINT_copy(R, P)) ABORT;
+		if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
+
+#if 0 /* optional */
+		{
+			EC_POINT *points[3];
+		
+			points[0] = R;
+			points[1] = Q;
+			points[2] = P;
+			if (!EC_POINTs_make_affine(group, 2, points, ctx)) ABORT;
+		}
+#endif
+
+		}
+	while (!EC_POINT_is_at_infinity(group, P));
+
+	if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);
+	if (len == 0) ABORT;
+	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+	fprintf(stdout, "Generator as octect string, compressed form:\n     ");
+	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+	
+	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);
+	if (len == 0) ABORT;
+	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+	fprintf(stdout, "\nGenerator as octect string, uncompressed form:\n     ");
+	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+	
+	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);
+	if (len == 0) ABORT;
+	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+	fprintf(stdout, "\nGenerator as octect string, hybrid form:\n     ");
+	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+	
+	if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx)) ABORT;
+	fprintf(stdout, "\nA representation of the inverse of that generator in\nJacobian projective coordinates:\n     X = 0x");
+	BN_print_fp(stdout, x);
+	fprintf(stdout, ", Y = 0x");
+	BN_print_fp(stdout, y);
+	fprintf(stdout, ", Z = 0x");
+	BN_print_fp(stdout, z);
+	fprintf(stdout, "\n");
+
+	if (!EC_POINT_invert(group, P, ctx)) ABORT;
+	if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
+
+
+	/* Curve P-192 (FIPS PUB 186-2, App. 6) */
+	
+	if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF")) ABORT;
+	if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
+	if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC")) ABORT;
+	if (!BN_hex2bn(&b, "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1")) ABORT;
+	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+	if (!BN_hex2bn(&x, "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012")) ABORT;
+	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831")) ABORT;
+	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+	fprintf(stdout, "\nNIST curve P-192 -- Generator:\n     x = 0x");
+	BN_print_fp(stdout, x);
+	fprintf(stdout, "\n     y = 0x");
+	BN_print_fp(stdout, y);
+	fprintf(stdout, "\n");
+	/* G_y value taken from the standard: */
+	if (!BN_hex2bn(&z, "07192B95FFC8DA78631011ED6B24CDD573F977A11E794811")) ABORT;
+	if (0 != BN_cmp(y, z)) ABORT;
+
+	fprintf(stdout, "verify degree ...");
+	if (EC_GROUP_get_degree(group) != 192) ABORT;
+	fprintf(stdout, " ok\n");
+	
+	fprintf(stdout, "verify group order ...");
+	fflush(stdout);
+	if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
+	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+	fprintf(stdout, ".");
+	fflush(stdout);
+	if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
+	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+	fprintf(stdout, " ok\n");
+
+	if (!(P_192 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+	if (!EC_GROUP_copy(P_192, group)) ABORT;
+
+
+	/* Curve P-224 (FIPS PUB 186-2, App. 6) */
+	
+	if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001")) ABORT;
+	if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
+	if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE")) ABORT;
+	if (!BN_hex2bn(&b, "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4")) ABORT;
+	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+	if (!BN_hex2bn(&x, "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21")) ABORT;
+	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
+	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D")) ABORT;
+	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+	fprintf(stdout, "\nNIST curve P-224 -- Generator:\n     x = 0x");
+	BN_print_fp(stdout, x);
+	fprintf(stdout, "\n     y = 0x");
+	BN_print_fp(stdout, y);
+	fprintf(stdout, "\n");
+	/* G_y value taken from the standard: */
+	if (!BN_hex2bn(&z, "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34")) ABORT;
+	if (0 != BN_cmp(y, z)) ABORT;
+	
+	fprintf(stdout, "verify degree ...");
+	if (EC_GROUP_get_degree(group) != 224) ABORT;
+	fprintf(stdout, " ok\n");
+	
+	fprintf(stdout, "verify group order ...");
+	fflush(stdout);
+	if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
+	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+	fprintf(stdout, ".");
+	fflush(stdout);
+	if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
+	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+	fprintf(stdout, " ok\n");
+
+	if (!(P_224 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+	if (!EC_GROUP_copy(P_224, group)) ABORT;
+
+
+	/* Curve P-256 (FIPS PUB 186-2, App. 6) */
+	
+	if (!BN_hex2bn(&p, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
+	if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
+	if (!BN_hex2bn(&a, "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
+	if (!BN_hex2bn(&b, "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B")) ABORT;
+	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+	if (!BN_hex2bn(&x, "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296")) ABORT;
+	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (!BN_hex2bn(&z, "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E"
+		"84F3B9CAC2FC632551")) ABORT;
+	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+	fprintf(stdout, "\nNIST curve P-256 -- Generator:\n     x = 0x");
+	BN_print_fp(stdout, x);
+	fprintf(stdout, "\n     y = 0x");
+	BN_print_fp(stdout, y);
+	fprintf(stdout, "\n");
+	/* G_y value taken from the standard: */
+	if (!BN_hex2bn(&z, "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5")) ABORT;
+	if (0 != BN_cmp(y, z)) ABORT;
+	
+	fprintf(stdout, "verify degree ...");
+	if (EC_GROUP_get_degree(group) != 256) ABORT;
+	fprintf(stdout, " ok\n");
+	
+	fprintf(stdout, "verify group order ...");
+	fflush(stdout);
+	if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
+	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+	fprintf(stdout, ".");
+	fflush(stdout);
+	if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
+	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+	fprintf(stdout, " ok\n");
+
+	if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+	if (!EC_GROUP_copy(P_256, group)) ABORT;
+
+
+	/* Curve P-384 (FIPS PUB 186-2, App. 6) */
+	
+	if (!BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF")) ABORT;
+	if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
+	if (!BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC")) ABORT;
+	if (!BN_hex2bn(&b, "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141"
+		"120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF")) ABORT;
+	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+	if (!BN_hex2bn(&x, "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B"
+		"9859F741E082542A385502F25DBF55296C3A545E3872760AB7")) ABORT;
+	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 1, ctx)) ABORT;
+	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (!BN_hex2bn(&z, "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973")) ABORT;
+	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+	fprintf(stdout, "\nNIST curve P-384 -- Generator:\n     x = 0x");
+	BN_print_fp(stdout, x);
+	fprintf(stdout, "\n     y = 0x");
+	BN_print_fp(stdout, y);
+	fprintf(stdout, "\n");
+	/* G_y value taken from the standard: */
+	if (!BN_hex2bn(&z, "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A14"
+		"7CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F")) ABORT;
+	if (0 != BN_cmp(y, z)) ABORT;
+	
+	fprintf(stdout, "verify degree ...");
+	if (EC_GROUP_get_degree(group) != 384) ABORT;
+	fprintf(stdout, " ok\n");
+	
+	fprintf(stdout, "verify group order ...");
+	fflush(stdout);
+	if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
+	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+	fprintf(stdout, ".");
+	fflush(stdout);
+	if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
+	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+	fprintf(stdout, " ok\n");
+
+	if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+	if (!EC_GROUP_copy(P_384, group)) ABORT;
+
+
+	/* Curve P-521 (FIPS PUB 186-2, App. 6) */
+	
+	if (!BN_hex2bn(&p, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFFFFFFFFFFFF")) ABORT;
+	if (1 != BN_is_prime(p, BN_prime_checks, 0, ctx, NULL)) ABORT;
+	if (!BN_hex2bn(&a, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFFFFFFFFFFFC")) ABORT;
+	if (!BN_hex2bn(&b, "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B"
+		"315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573"
+		"DF883D2C34F1EF451FD46B503F00")) ABORT;
+	if (!EC_GROUP_set_curve_GFp(group, p, a, b, ctx)) ABORT;
+
+	if (!BN_hex2bn(&x, "C6858E06B70404E9CD9E3ECB662395B4429C648139053F"
+		"B521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B"
+		"3C1856A429BF97E7E31C2E5BD66")) ABORT;
+	if (!EC_POINT_set_compressed_coordinates_GFp(group, P, x, 0, ctx)) ABORT;
+	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (!BN_hex2bn(&z, "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+		"FFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5"
+		"C9B8899C47AEBB6FB71E91386409")) ABORT;
+	if (!EC_GROUP_set_generator(group, P, z, BN_value_one())) ABORT;
+
+	if (!EC_POINT_get_affine_coordinates_GFp(group, P, x, y, ctx)) ABORT;
+	fprintf(stdout, "\nNIST curve P-521 -- Generator:\n     x = 0x");
+	BN_print_fp(stdout, x);
+	fprintf(stdout, "\n     y = 0x");
+	BN_print_fp(stdout, y);
+	fprintf(stdout, "\n");
+	/* G_y value taken from the standard: */
+	if (!BN_hex2bn(&z, "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579"
+		"B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C"
+		"7086A272C24088BE94769FD16650")) ABORT;
+	if (0 != BN_cmp(y, z)) ABORT;
+	
+	fprintf(stdout, "verify degree ...");
+	if (EC_GROUP_get_degree(group) != 521) ABORT;
+	fprintf(stdout, " ok\n");
+	
+	fprintf(stdout, "verify group order ...");
+	fflush(stdout);
+	if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
+	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+	fprintf(stdout, ".");
+	fflush(stdout);
+	if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
+	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+	fprintf(stdout, " ok\n");
+
+	if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
+	if (!EC_GROUP_copy(P_521, group)) ABORT;
+
+
+	/* more tests using the last curve */
+
+	if (!EC_POINT_copy(Q, P)) ABORT;
+	if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+	if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
+	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
+
+	if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
+	if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
+
+	{
+		const EC_POINT *points[3];
+		const BIGNUM *scalars[3];
+	
+		if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+		points[0] = Q;
+		points[1] = Q;
+		points[2] = Q;
+
+		if (!BN_add(y, z, BN_value_one())) ABORT;
+		if (BN_is_odd(y)) ABORT;
+		if (!BN_rshift1(y, y)) ABORT;
+		scalars[0] = y; /* (group order + 1)/2,  so  y*Q + y*Q = Q */
+		scalars[1] = y;
+
+		fprintf(stdout, "combined multiplication ...");
+		fflush(stdout);
+
+		/* z is still the group order */
+		if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
+		if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT;
+		if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
+		if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT;
+
+		fprintf(stdout, ".");
+		fflush(stdout);
+
+		if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;
+		if (!BN_add(z, z, y)) ABORT;
+		BN_set_sign(z, 1);
+		scalars[0] = y;
+		scalars[1] = z; /* z = -(order + y) */
+
+		if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
+		if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+		fprintf(stdout, ".");
+		fflush(stdout);
+
+		if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT;
+		if (!BN_add(z, x, y)) ABORT;
+		BN_set_sign(z, 1);
+		scalars[0] = x;
+		scalars[1] = y;
+		scalars[2] = z; /* z = -(x+y) */
+
+		if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) ABORT;
+		if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+		fprintf(stdout, " ok\n\n");
+	}
+
+
+#if 0
+	timings(P_192, 0, ctx);
+	timings(P_192, 1, ctx);
+	timings(P_224, 0, ctx);
+	timings(P_224, 1, ctx);
+	timings(P_256, 0, ctx);
+	timings(P_256, 1, ctx);
+	timings(P_384, 0, ctx);
+	timings(P_384, 1, ctx);
+	timings(P_521, 0, ctx);
+	timings(P_521, 1, ctx);
+#endif
+
+
+	if (ctx)
+		BN_CTX_free(ctx);
+	BN_free(p); BN_free(a);	BN_free(b);
+	EC_GROUP_free(group);
+	EC_POINT_free(P);
+	EC_POINT_free(Q);
+	EC_POINT_free(R);
+	BN_free(x); BN_free(y); BN_free(z);
+
+	if (P_192) EC_GROUP_free(P_192);
+	if (P_224) EC_GROUP_free(P_224);
+	if (P_256) EC_GROUP_free(P_256);
+	if (P_384) EC_GROUP_free(P_384);
+	if (P_521) EC_GROUP_free(P_521);
+
+	}
+
+/* Change test based on whether binary point compression is enabled or not. */
+#ifdef OPENSSL_EC_BIN_PT_COMP
+#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+	if (!BN_hex2bn(&x, _x)) ABORT; \
+	if (!EC_POINT_set_compressed_coordinates_GF2m(group, P, x, _y_bit, ctx)) ABORT; \
+	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
+	if (!BN_hex2bn(&z, _order)) ABORT; \
+	if (!BN_hex2bn(&cof, _cof)) ABORT; \
+	if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
+	if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
+	fprintf(stdout, "\n%s -- Generator:\n     x = 0x", _name); \
+	BN_print_fp(stdout, x); \
+	fprintf(stdout, "\n     y = 0x"); \
+	BN_print_fp(stdout, y); \
+	fprintf(stdout, "\n"); \
+	/* G_y value taken from the standard: */ \
+	if (!BN_hex2bn(&z, _y)) ABORT; \
+	if (0 != BN_cmp(y, z)) ABORT;
+#else 
+#define CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+	if (!BN_hex2bn(&x, _x)) ABORT; \
+	if (!BN_hex2bn(&y, _y)) ABORT; \
+	if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT; \
+	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT; \
+	if (!BN_hex2bn(&z, _order)) ABORT; \
+	if (!BN_hex2bn(&cof, _cof)) ABORT; \
+	if (!EC_GROUP_set_generator(group, P, z, cof)) ABORT; \
+	fprintf(stdout, "\n%s -- Generator:\n     x = 0x", _name); \
+	BN_print_fp(stdout, x); \
+	fprintf(stdout, "\n     y = 0x"); \
+	BN_print_fp(stdout, y); \
+	fprintf(stdout, "\n");
+#endif
+
+#define CHAR2_CURVE_TEST(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+	if (!BN_hex2bn(&p, _p)) ABORT; \
+	if (!BN_hex2bn(&a, _a)) ABORT; \
+	if (!BN_hex2bn(&b, _b)) ABORT; \
+	if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT; \
+	CHAR2_CURVE_TEST_INTERNAL(_name, _p, _a, _b, _x, _y, _y_bit, _order, _cof, _degree, _variable) \
+	fprintf(stdout, "verify degree ..."); \
+	if (EC_GROUP_get_degree(group) != _degree) ABORT; \
+	fprintf(stdout, " ok\n"); \
+	fprintf(stdout, "verify group order ..."); \
+	fflush(stdout); \
+	if (!EC_GROUP_get_order(group, z, ctx)) ABORT; \
+	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; \
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \
+	fprintf(stdout, "."); \
+	fflush(stdout); \
+	if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; \
+	if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; \
+	if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \
+	fprintf(stdout, " ok\n"); \
+	if (!(_variable = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; \
+	if (!EC_GROUP_copy(_variable, group)) ABORT;
+
+void char2_field_tests()
+	{	
+	BN_CTX *ctx = NULL;
+	BIGNUM *p, *a, *b;
+	EC_GROUP *group;
+	EC_GROUP *C2_K163 = NULL, *C2_K233 = NULL, *C2_K283 = NULL, *C2_K409 = NULL, *C2_K571 = NULL;
+	EC_GROUP *C2_B163 = NULL, *C2_B233 = NULL, *C2_B283 = NULL, *C2_B409 = NULL, *C2_B571 = NULL;
+	EC_POINT *P, *Q, *R;
+	BIGNUM *x, *y, *z, *cof;
+	unsigned char buf[100];
+	size_t i, len;
+	int k;
+	
+#if 1 /* optional */
+	ctx = BN_CTX_new();
+	if (!ctx) ABORT;
+#endif
+
+	p = BN_new();
+	a = BN_new();
+	b = BN_new();
+	if (!p || !a || !b) ABORT;
+
+	if (!BN_hex2bn(&p, "13")) ABORT;
+	if (!BN_hex2bn(&a, "3")) ABORT;
+	if (!BN_hex2bn(&b, "1")) ABORT;
+	
+	group = EC_GROUP_new(EC_GF2m_simple_method()); /* applications should use EC_GROUP_new_curve_GF2m
+	                                                * so that the library gets to choose the EC_METHOD */
+	if (!group) ABORT;
+	if (!EC_GROUP_set_curve_GF2m(group, p, a, b, ctx)) ABORT;
+
+	{
+		EC_GROUP *tmp;
+		tmp = EC_GROUP_new(EC_GROUP_method_of(group));
+		if (!tmp) ABORT;
+		if (!EC_GROUP_copy(tmp, group));
+		EC_GROUP_free(group);
+		group = tmp;
+	}
+	
+	if (!EC_GROUP_get_curve_GF2m(group, p, a, b, ctx)) ABORT;
+
+	fprintf(stdout, "Curve defined by Weierstrass equation\n     y^2 + x*y = x^3 + a*x^2 + b  (mod 0x");
+	BN_print_fp(stdout, p);
+	fprintf(stdout, ")\n     a = 0x");
+	BN_print_fp(stdout, a);
+	fprintf(stdout, "\n     b = 0x");
+	BN_print_fp(stdout, b);
+	fprintf(stdout, "\n(0x... means binary polynomial)\n");
+
+	P = EC_POINT_new(group);
+	Q = EC_POINT_new(group);
+	R = EC_POINT_new(group);
+	if (!P || !Q || !R) ABORT;
+	
+	if (!EC_POINT_set_to_infinity(group, P)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+	buf[0] = 0;
+	if (!EC_POINT_oct2point(group, Q, buf, 1, ctx)) ABORT;
+
+	if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+	x = BN_new();
+	y = BN_new();
+	z = BN_new();
+	cof = BN_new();
+	if (!x || !y || !z || !cof) ABORT;
+
+	if (!BN_hex2bn(&x, "6")) ABORT;
+/* Change test based on whether binary point compression is enabled or not. */
+#ifdef OPENSSL_EC_BIN_PT_COMP
+	if (!EC_POINT_set_compressed_coordinates_GF2m(group, Q, x, 1, ctx)) ABORT;
+#else
+	if (!BN_hex2bn(&y, "8")) ABORT;
+	if (!EC_POINT_set_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT;
+#endif
+	if (!EC_POINT_is_on_curve(group, Q, ctx))
+		{
+/* Change test based on whether binary point compression is enabled or not. */
+#ifdef OPENSSL_EC_BIN_PT_COMP
+		if (!EC_POINT_get_affine_coordinates_GF2m(group, Q, x, y, ctx)) ABORT;
+#endif
+		fprintf(stderr, "Point is not on curve: x = 0x");
+		BN_print_fp(stderr, x);
+		fprintf(stderr, ", y = 0x");
+		BN_print_fp(stderr, y);
+		fprintf(stderr, "\n");
+		ABORT;
+		}
+
+	fprintf(stdout, "A cyclic subgroup:\n");
+	k = 100;
+	do
+		{
+		if (k-- == 0) ABORT;
+
+		if (EC_POINT_is_at_infinity(group, P))
+			fprintf(stdout, "     point at infinity\n");
+		else
+			{
+			if (!EC_POINT_get_affine_coordinates_GF2m(group, P, x, y, ctx)) ABORT;
+
+			fprintf(stdout, "     x = 0x");
+			BN_print_fp(stdout, x);
+			fprintf(stdout, ", y = 0x");
+			BN_print_fp(stdout, y);
+			fprintf(stdout, "\n");
+			}
+		
+		if (!EC_POINT_copy(R, P)) ABORT;
+		if (!EC_POINT_add(group, P, P, Q, ctx)) ABORT;
+		}
+	while (!EC_POINT_is_at_infinity(group, P));
+
+	if (!EC_POINT_add(group, P, Q, R, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+/* Change test based on whether binary point compression is enabled or not. */
+#ifdef OPENSSL_EC_BIN_PT_COMP
+	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf, sizeof buf, ctx);
+	if (len == 0) ABORT;
+	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+	fprintf(stdout, "Generator as octet string, compressed form:\n     ");
+	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+#endif
+	
+	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);
+	if (len == 0) ABORT;
+	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+	fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n     ");
+	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+	
+/* Change test based on whether binary point compression is enabled or not. */
+#ifdef OPENSSL_EC_BIN_PT_COMP
+	len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);
+	if (len == 0) ABORT;
+	if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
+	if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
+	fprintf(stdout, "\nGenerator as octet string, hybrid form:\n     ");
+	for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
+#endif
+
+	fprintf(stdout, "\n");
+	
+	if (!EC_POINT_invert(group, P, ctx)) ABORT;
+	if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
+
+
+	/* Curve K-163 (FIPS PUB 186-2, App. 6) */
+	CHAR2_CURVE_TEST
+		(
+		"NIST curve K-163",
+		"0800000000000000000000000000000000000000C9",
+		"1",
+		"1",
+		"02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
+		"0289070FB05D38FF58321F2E800536D538CCDAA3D9",
+		1,
+		"04000000000000000000020108A2E0CC0D99F8A5EF",
+		"2",
+		163,
+		C2_K163
+		);
+
+	/* Curve B-163 (FIPS PUB 186-2, App. 6) */
+	CHAR2_CURVE_TEST
+		(
+		"NIST curve B-163",
+		"0800000000000000000000000000000000000000C9",
+		"1",
+		"020A601907B8C953CA1481EB10512F78744A3205FD",
+		"03F0EBA16286A2D57EA0991168D4994637E8343E36",
+		"00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
+		1,
+		"040000000000000000000292FE77E70C12A4234C33",
+		"2",
+		163,
+		C2_B163
+		);
+
+	/* Curve K-233 (FIPS PUB 186-2, App. 6) */
+	CHAR2_CURVE_TEST
+		(
+		"NIST curve K-233",
+		"020000000000000000000000000000000000000004000000000000000001",
+		"0",
+		"1",
+		"017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
+		"01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
+		0,
+		"008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF",
+		"4",
+		233,
+		C2_K233
+		);
+
+	/* Curve B-233 (FIPS PUB 186-2, App. 6) */
+	CHAR2_CURVE_TEST
+		(
+		"NIST curve B-233",
+		"020000000000000000000000000000000000000004000000000000000001",
+		"000000000000000000000000000000000000000000000000000000000001",
+		"0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
+		"00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
+		"01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
+		1,
+		"01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7",
+		"2",
+		233,
+		C2_B233
+		);
+
+	/* Curve K-283 (FIPS PUB 186-2, App. 6) */
+	CHAR2_CURVE_TEST
+		(
+		"NIST curve K-283",
+		"0800000000000000000000000000000000000000000000000000000000000000000010A1",
+		"0",
+		"1",
+		"0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492836",
+		"01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2259",
+		0,
+		"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163C61",
+		"4",
+		283,
+		C2_K283
+		);
+
+	/* Curve B-283 (FIPS PUB 186-2, App. 6) */
+	CHAR2_CURVE_TEST
+		(
+		"NIST curve B-283",
+		"0800000000000000000000000000000000000000000000000000000000000000000010A1",
+		"000000000000000000000000000000000000000000000000000000000000000000000001",
+		"027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A2F5",
+		"05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12053",
+		"03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE8112F4",
+		1,
+		"03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB307",
+		"2",
+		283,
+		C2_B283
+		);
+
+	/* Curve K-409 (FIPS PUB 186-2, App. 6) */
+	CHAR2_CURVE_TEST
+		(
+		"NIST curve K-409",
+		"02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+		"0",
+		"1",
+		"0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C460189EB5AAAA62EE222EB1B35540CFE9023746",
+		"01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6C42E9C55215AA9CA27A5863EC48D8E0286B",
+		1,
+		"007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF",
+		"4",
+		409,
+		C2_K409
+		);
+
+	/* Curve B-409 (FIPS PUB 186-2, App. 6) */
+	CHAR2_CURVE_TEST
+		(
+		"NIST curve B-409",
+		"02000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000001",
+		"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+		"0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A197B272822F6CD57A55AA4F50AE317B13545F",
+		"015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255A868A1180515603AEAB60794E54BB7996A7",
+		"0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514F1FDF4B4F40D2181B3681C364BA0273C706",
+		1,
+		"010000000000000000000000000000000000000000000000000001E2AAD6A612F33307BE5FA47C3C9E052F838164CD37D9A21173",
+		"2",
+		409,
+		C2_B409
+		);
+
+	/* Curve K-571 (FIPS PUB 186-2, App. 6) */
+	CHAR2_CURVE_TEST
+		(
+		"NIST curve K-571",
+		"80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+		"0",
+		"1",
+		"026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA44370958493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A01C8972",
+		"0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D4979C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143EF1C7A3",
+		0,
+		"020000000000000000000000000000000000000000000000000000000000000000000000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F637C1001",
+		"4",
+		571,
+		C2_K571
+		);
+
+	/* Curve B-571 (FIPS PUB 186-2, App. 6) */
+	CHAR2_CURVE_TEST
+		(
+		"NIST curve B-571",
+		"80000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000425",
+		"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001",
+		"02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFABBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F2955727A",
+		"0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8EEC2D19",
+		"037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B8AC15B",
+		1,
+		"03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2FE84E47",
+		"2",
+		571,
+		C2_B571
+		);
+
+	/* more tests using the last curve */
+
+	if (!EC_POINT_copy(Q, P)) ABORT;
+	if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+	if (!EC_POINT_dbl(group, P, P, ctx)) ABORT;
+	if (!EC_POINT_is_on_curve(group, P, ctx)) ABORT;
+	if (!EC_POINT_invert(group, Q, ctx)) ABORT; /* P = -2Q */
+
+	if (!EC_POINT_add(group, R, P, Q, ctx)) ABORT;
+	if (!EC_POINT_add(group, R, R, Q, ctx)) ABORT;
+	if (!EC_POINT_is_at_infinity(group, R)) ABORT; /* R = P + 2Q */
+
+	{
+		const EC_POINT *points[3];
+		const BIGNUM *scalars[3];
+	
+		if (EC_POINT_is_at_infinity(group, Q)) ABORT;
+		points[0] = Q;
+		points[1] = Q;
+		points[2] = Q;
+
+		if (!BN_add(y, z, BN_value_one())) ABORT;
+		if (BN_is_odd(y)) ABORT;
+		if (!BN_rshift1(y, y)) ABORT;
+		scalars[0] = y; /* (group order + 1)/2,  so  y*Q + y*Q = Q */
+		scalars[1] = y;
+
+		fprintf(stdout, "combined multiplication ...");
+		fflush(stdout);
+
+		/* z is still the group order */
+		if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
+		if (!EC_POINTs_mul(group, R, z, 2, points, scalars, ctx)) ABORT;
+		if (0 != EC_POINT_cmp(group, P, R, ctx)) ABORT;
+		if (0 != EC_POINT_cmp(group, R, Q, ctx)) ABORT;
+
+		fprintf(stdout, ".");
+		fflush(stdout);
+
+		if (!BN_pseudo_rand(y, BN_num_bits(y), 0, 0)) ABORT;
+		if (!BN_add(z, z, y)) ABORT;
+		BN_set_sign(z, 1);
+		scalars[0] = y;
+		scalars[1] = z; /* z = -(order + y) */
+
+		if (!EC_POINTs_mul(group, P, NULL, 2, points, scalars, ctx)) ABORT;
+		if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+		fprintf(stdout, ".");
+		fflush(stdout);
+
+		if (!BN_pseudo_rand(x, BN_num_bits(y) - 1, 0, 0)) ABORT;
+		if (!BN_add(z, x, y)) ABORT;
+		BN_set_sign(z, 1);
+		scalars[0] = x;
+		scalars[1] = y;
+		scalars[2] = z; /* z = -(x+y) */
+
+		if (!EC_POINTs_mul(group, P, NULL, 3, points, scalars, ctx)) ABORT;
+		if (!EC_POINT_is_at_infinity(group, P)) ABORT;
+
+		fprintf(stdout, " ok\n\n");
+	}
+
+
+#if 0
+	timings(C2_K163, 0, ctx);
+	timings(C2_K163, 1, ctx);
+	timings(C2_B163, 0, ctx);
+	timings(C2_B163, 1, ctx);
+	timings(C2_K233, 0, ctx);
+	timings(C2_K233, 1, ctx);
+	timings(C2_B233, 0, ctx);
+	timings(C2_B233, 1, ctx);
+	timings(C2_K283, 0, ctx);
+	timings(C2_K283, 1, ctx);
+	timings(C2_B283, 0, ctx);
+	timings(C2_B283, 1, ctx);
+	timings(C2_K409, 0, ctx);
+	timings(C2_K409, 1, ctx);
+	timings(C2_B409, 0, ctx);
+	timings(C2_B409, 1, ctx);
+	timings(C2_K571, 0, ctx);
+	timings(C2_K571, 1, ctx);
+	timings(C2_B571, 0, ctx);
+	timings(C2_B571, 1, ctx);
+#endif
+
+
+	if (ctx)
+		BN_CTX_free(ctx);
+	BN_free(p); BN_free(a);	BN_free(b);
+	EC_GROUP_free(group);
+	EC_POINT_free(P);
+	EC_POINT_free(Q);
+	EC_POINT_free(R);
+	BN_free(x); BN_free(y); BN_free(z); BN_free(cof);
+
+	if (C2_K163) EC_GROUP_free(C2_K163);
+	if (C2_B163) EC_GROUP_free(C2_B163);
+	if (C2_K233) EC_GROUP_free(C2_K233);
+	if (C2_B233) EC_GROUP_free(C2_B233);
+	if (C2_K283) EC_GROUP_free(C2_K283);
+	if (C2_B283) EC_GROUP_free(C2_B283);
+	if (C2_K409) EC_GROUP_free(C2_K409);
+	if (C2_B409) EC_GROUP_free(C2_B409);
+	if (C2_K571) EC_GROUP_free(C2_K571);
+	if (C2_B571) EC_GROUP_free(C2_B571);
+
+	}
+
+void internal_curve_test(void)
+	{
+	EC_builtin_curve *curves = NULL;
+	size_t crv_len = 0, n = 0;
+	int    ok = 1;
+
+	crv_len = EC_get_builtin_curves(NULL, 0);
+
+	curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
+
+	if (curves == NULL)
+		return;
+
+	if (!EC_get_builtin_curves(curves, crv_len))
+		{
+		OPENSSL_free(curves);
+		return;
+		}
+
+	fprintf(stdout, "testing internal curves: ");
+		
+	for (n = 0; n < crv_len; n++)
+		{
+		EC_GROUP *group = NULL;
+		int nid = curves[n].nid;
+		if ((group = EC_GROUP_new_by_nid(nid)) == NULL)
+			{
+			ok = 0;
+			fprintf(stdout, "\nEC_GROUP_new_by_nid() failed with"
+				" curve %s\n", OBJ_nid2sn(nid));
+			/* try next curve */
+			continue;
+			}
+		if (!EC_GROUP_check(group, NULL))
+			{
+			ok = 0;
+			fprintf(stdout, "\nEC_GROUP_check() failed with"
+				" curve %s\n", OBJ_nid2sn(nid));
+			EC_GROUP_free(group);
+			/* try the next curve */
+			continue;
+			}
+		fprintf(stdout, ".");
+		fflush(stdout);
+		EC_GROUP_free(group);
+		}
+	if (ok)
+		fprintf(stdout, " ok\n");
+	else
+		fprintf(stdout, " failed\n");
+	OPENSSL_free(curves);
+	return;
+	}
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+int main(int argc, char *argv[])
+	{	
+	
+	/* enable memory leak checking unless explicitly disabled */
+	if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+		{
+		CRYPTO_malloc_debug_init();
+		CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+		}
+	else
+		{
+		/* OPENSSL_DEBUG_MEMORY=off */
+		CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+		}
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+	ERR_load_crypto_strings();
+
+	RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime may fail */
+
+	prime_field_tests();
+	puts("");
+	char2_field_tests();
+	/* test the internal curves */
+	internal_curve_test();
+
+	ENGINE_cleanup();
+	CRYPTO_cleanup_all_ex_data();
+	ERR_free_strings();
+	ERR_remove_state(0);
+	CRYPTO_mem_leaks_fp(stderr);
+	
+	return 0;
+	}
+#endif
diff --git a/crypto/ecdh/.cvsignore b/crypto/ecdh/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/ecdh/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/ecdh/Makefile.ssl b/crypto/ecdh/Makefile.ssl
new file mode 100644
index 0000000000..eb2e7605e8
--- /dev/null
+++ b/crypto/ecdh/Makefile.ssl
@@ -0,0 +1,123 @@
+#
+# crypto/ecdh/Makefile
+#
+
+DIR=	ecdh
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g -Wall
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=ecdhtest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=	ech_lib.c ech_ossl.c ech_key.c ech_err.c
+
+LIBOBJ=	ech_lib.o ech_ossl.o ech_key.o ech_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ecdh.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB) || echo Never mind.
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ech_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ech_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ech_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ech_err.o: ../../include/openssl/ecdh.h ../../include/openssl/err.h
+ech_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ech_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ech_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ech_err.o: ../../include/openssl/symhacks.h ech_err.c
+ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ech_key.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ech_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ech_key.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ech_key.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+ech_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdh.h
+ech_key.o: ech_key.c
+ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ech_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ech_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ech_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ech_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+ech_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ech_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ech_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+ech_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ech_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdh.h
+ech_lib.o: ech_lib.c
+ech_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ech_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ech_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ech_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ech_ossl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ech_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ech_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ech_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ech_ossl.o: ecdh.h ech_ossl.c
diff --git a/crypto/ecdh/ecdh.h b/crypto/ecdh/ecdh.h
new file mode 100644
index 0000000000..1ab131cde9
--- /dev/null
+++ b/crypto/ecdh/ecdh.h
@@ -0,0 +1,151 @@
+/* crypto/ecdh/ecdh.h */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_ECDH_H
+#define HEADER_ECDH_H
+
+#ifdef OPENSSL_NO_ECDH
+#error ECDH is disabled.
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/ossl_typ.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct ecdh_method 
+{
+	const char *name;
+	int (*compute_key)(unsigned char *key,const EC_POINT *pub_key, EC_KEY *ecdh);
+#if 0
+	int (*init)(EC_KEY *eckey);
+	int (*finish)(EC_KEY *eckey);
+#endif
+	int flags;
+	char *app_data;
+} ECDH_METHOD;
+
+typedef struct ecdh_data_st {
+	/* EC_KEY_METH_DATA part */
+	int (*init)(EC_KEY *);
+	void (*finish)(EC_KEY *);
+	/* method specific part */
+	ENGINE	*engine;
+	int	flags;
+	const ECDH_METHOD *meth;
+	CRYPTO_EX_DATA ex_data;
+} ECDH_DATA; 
+
+/* ECDH_DATA functions */
+ECDH_DATA *ECDH_DATA_new(void);
+ECDH_DATA *ECDH_DATA_new_method(ENGINE *);
+void ECDH_DATA_free(ECDH_DATA *);
+
+ECDH_DATA *ecdh_check(EC_KEY *);
+
+
+const ECDH_METHOD *ECDH_OpenSSL(void);
+
+void	  ECDH_set_default_method(const ECDH_METHOD *);
+const ECDH_METHOD *ECDH_get_default_method(void);
+int 	  ECDH_set_method(EC_KEY *, const ECDH_METHOD *);
+
+int	  ECDH_size(const EC_KEY *);
+int ECDH_compute_key(unsigned char *key,const EC_POINT *pub_key, EC_KEY *ecdh);
+
+
+int 	  ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new 
+		*new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int 	  ECDH_set_ex_data(EC_KEY *d, int idx, void *arg);
+void 	  *ECDH_get_ex_data(EC_KEY *d, int idx);
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_ECDH_strings(void);
+
+/* Error codes for the ECDH functions. */
+
+/* Function codes. */
+#define ECDH_F_ECDH_COMPUTE_KEY				 100
+#define ECDH_F_ECDH_DATA_NEW				 101
+
+/* Reason codes. */
+#define ECDH_R_NO_PRIVATE_VALUE				 100
+#define ECDH_R_POINT_ARITHMETIC_FAILURE			 101
+#define ECDH_R_SHA1_DIGEST_FAILED			 102
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c
new file mode 100644
index 0000000000..8af35322bb
--- /dev/null
+++ b/crypto/ecdh/ecdhtest.c
@@ -0,0 +1,356 @@
+/* crypto/ecdh/ecdhtest.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_SYS_WINDOWS
+#include "../bio/bss_file.c" 
+#endif
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+
+#ifdef OPENSSL_NO_ECDH
+int main(int argc, char *argv[])
+{
+    printf("No ECDH support\n");
+    return(0);
+}
+#else
+#include <openssl/ecdh.h>
+
+#ifdef OPENSSL_SYS_WIN16
+#define MS_CALLBACK	_far _loadds
+#else
+#define MS_CALLBACK
+#endif
+
+#if 0
+static void MS_CALLBACK cb(int p, int n, void *arg);
+#endif
+
+#ifdef OPENSSL_NO_STDIO
+#define APPS_WIN16
+#include "bss_file.c"
+#endif
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+int test_ecdh_curve(int , char *, BN_CTX *, BIO *);
+
+int test_ecdh_curve(int nid, char *text, BN_CTX *ctx, BIO *out)
+	{
+	EC_KEY *a=NULL;
+	EC_KEY *b=NULL;
+	BIGNUM *x_a=NULL, *y_a=NULL,
+	       *x_b=NULL, *y_b=NULL;
+	char buf[12];
+	unsigned char *abuf=NULL,*bbuf=NULL;
+	int i,alen,blen,aout,bout,ret=0;
+
+	if ((a=EC_KEY_new()) == NULL) goto err;
+	if ((a->group=EC_GROUP_new_by_nid(nid)) == NULL) goto err;
+
+	if ((b=EC_KEY_new()) == NULL) goto err;
+	b->group = a->group;
+
+	if ((x_a=BN_new()) == NULL) goto err;
+	if ((y_a=BN_new()) == NULL) goto err;
+	if ((x_b=BN_new()) == NULL) goto err;
+	if ((y_b=BN_new()) == NULL) goto err;
+
+	BIO_puts(out,"Testing key generation with ");
+	BIO_puts(out,text);
+#ifdef NOISY
+	BIO_puts(out,"\n");
+#else
+	BIO_flush(out);
+#endif
+
+	if (!EC_KEY_generate_key(a)) goto err;
+	
+	if (EC_METHOD_get_field_type(EC_GROUP_method_of(a->group)) == NID_X9_62_prime_field) 
+		{
+		if (!EC_POINT_get_affine_coordinates_GFp(a->group, a->pub_key, x_a, y_a, ctx)) goto err;
+		}
+	else
+		{
+		if (!EC_POINT_get_affine_coordinates_GF2m(a->group, a->pub_key, x_a, y_a, ctx)) goto err;
+		}
+#ifdef NOISY
+	BIO_puts(out,"  pri 1=");
+	BN_print(out,a->priv_key);
+	BIO_puts(out,"\n  pub 1=");
+	BN_print(out,x_a);
+	BIO_puts(out,",");
+	BN_print(out,y_a);
+	BIO_puts(out,"\n");
+#else
+	BIO_printf(out," .");
+	BIO_flush(out);
+#endif
+
+	if (!EC_KEY_generate_key(b)) goto err;
+
+	if (EC_METHOD_get_field_type(EC_GROUP_method_of(b->group)) == NID_X9_62_prime_field) 
+		{
+		if (!EC_POINT_get_affine_coordinates_GFp(b->group, b->pub_key, x_b, y_b, ctx)) goto err;
+		}
+	else
+		{
+		if (!EC_POINT_get_affine_coordinates_GF2m(a->group, b->pub_key, x_b, y_b, ctx)) goto err;
+		}
+
+#ifdef NOISY
+	BIO_puts(out,"  pri 2=");
+	BN_print(out,b->priv_key);
+	BIO_puts(out,"\n  pub 2=");
+	BN_print(out,x_b);
+	BIO_puts(out,",");
+	BN_print(out,y_b);
+	BIO_puts(out,"\n");
+#else
+	BIO_printf(out,".");
+	BIO_flush(out);
+#endif
+
+	alen=ECDH_size(a);
+	abuf=(unsigned char *)OPENSSL_malloc(alen);
+	aout=ECDH_compute_key(abuf,b->pub_key,a);
+
+#ifdef NOISY
+	BIO_puts(out,"  key1 =");
+	for (i=0; i<aout; i++)
+		{
+		sprintf(buf,"%02X",abuf[i]);
+		BIO_puts(out,buf);
+		}
+	BIO_puts(out,"\n");
+#else
+	BIO_printf(out,".");
+	BIO_flush(out);
+#endif
+
+	blen=ECDH_size(b);
+	bbuf=(unsigned char *)OPENSSL_malloc(blen);
+	bout=ECDH_compute_key(bbuf,a->pub_key,b);
+
+#ifdef NOISY
+	BIO_puts(out,"  key2 =");
+	for (i=0; i<bout; i++)
+		{
+		sprintf(buf,"%02X",bbuf[i]);
+		BIO_puts(out,buf);
+		}
+	BIO_puts(out,"\n");
+#else
+	BIO_printf(out,".");
+	BIO_flush(out);
+#endif
+
+	if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
+		{
+#ifndef NOISY
+		BIO_printf(out, " failed\n\n");
+		BIO_printf(out, "key a:\n");
+		BIO_printf(out, "private key: ");
+		BN_print(out, a->priv_key);
+		BIO_printf(out, "\n");
+		BIO_printf(out, "public key (x,y): ");
+		BN_print(out, x_a);
+		BIO_printf(out, ",");
+		BN_print(out, y_a);
+		BIO_printf(out, "\nkey b:\n");
+		BIO_printf(out, "private key: ");
+		BN_print(out, b->priv_key);
+		BIO_printf(out, "\n");
+		BIO_printf(out, "public key (x,y): ");
+		BN_print(out, x_b);
+		BIO_printf(out, ",");
+		BN_print(out, y_b);
+		BIO_printf(out, "\n");
+		BIO_printf(out, "generated key a: ");
+		for (i=0; i<bout; i++)
+			{
+			sprintf(buf, "%02X", bbuf[i]);
+			BIO_puts(out, buf);
+			}
+		BIO_printf(out, "\n");
+		BIO_printf(out, "generated key b: ");
+		for (i=0; i<aout; i++)
+			{
+			sprintf(buf, "%02X", abuf[i]);
+			BIO_puts(out,buf);
+			}
+		BIO_printf(out, "\n");
+#endif
+		fprintf(stderr,"Error in ECDH routines\n");
+		ret=0;
+		}
+	else
+		{
+#ifndef NOISY
+		BIO_printf(out, " ok\n");
+#endif
+		ret=1;
+		}
+err:
+	ERR_print_errors_fp(stderr);
+
+	if (abuf != NULL) OPENSSL_free(abuf);
+	if (bbuf != NULL) OPENSSL_free(bbuf);
+	if (x_a) BN_free(x_a);
+	if (y_a) BN_free(y_a);
+	if (x_b) BN_free(x_b);
+	if (y_b) BN_free(y_b);
+	if (a->group) EC_GROUP_free(a->group);
+	a->group = b->group = NULL;
+	if (b) EC_KEY_free(b);
+	if (a) EC_KEY_free(a);
+	return(ret);
+	}
+
+int main(int argc, char *argv[])
+	{
+	BN_CTX *ctx=NULL;
+	int ret=1;
+	BIO *out;
+
+	CRYPTO_malloc_debug_init();
+	CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+#ifdef OPENSSL_SYS_WIN32
+	CRYPTO_malloc_init();
+#endif
+
+	RAND_seed(rnd_seed, sizeof rnd_seed);
+
+	out=BIO_new(BIO_s_file());
+	if (out == NULL) EXIT(1);
+	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
+
+	/* NIST PRIME CURVES TESTS */
+	if (!test_ecdh_curve(NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err;
+	/* NIST BINARY CURVES TESTS */
+	if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_sect233k1, "NIST Binary-Curve K-233", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_sect233r1, "NIST Binary-Curve B-233", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_sect283k1, "NIST Binary-Curve K-283", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_sect283r1, "NIST Binary-Curve B-283", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_sect409k1, "NIST Binary-Curve K-409", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out)) goto err;
+	if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) goto err;
+
+	ret = 0;
+
+err:
+	ERR_print_errors_fp(stderr);
+	if (ctx) BN_CTX_free(ctx);
+	BIO_free(out);
+	CRYPTO_cleanup_all_ex_data();
+	ERR_remove_state(0);
+	CRYPTO_mem_leaks_fp(stderr);
+	EXIT(ret);
+	return(ret);
+	}
+
+#if 0
+static void MS_CALLBACK cb(int p, int n, void *arg)
+	{
+	char c='*';
+
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
+	BIO_write((BIO *)arg,&c,1);
+	(void)BIO_flush((BIO *)arg);
+#ifdef LINT
+	p=n;
+#endif
+	}
+#endif
+#endif
diff --git a/crypto/ecdh/ech_err.c b/crypto/ecdh/ech_err.c
new file mode 100644
index 0000000000..819b8abf4d
--- /dev/null
+++ b/crypto/ecdh/ech_err.c
@@ -0,0 +1,97 @@
+/* crypto/ecdh/ech_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ecdh.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ECDH_str_functs[]=
+	{
+{ERR_PACK(0,ECDH_F_ECDH_COMPUTE_KEY,0),	"ECDH_compute_key"},
+{ERR_PACK(0,ECDH_F_ECDH_DATA_NEW,0),	"ECDH_DATA_new"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA ECDH_str_reasons[]=
+	{
+{ECDH_R_NO_PRIVATE_VALUE                 ,"no private value"},
+{ECDH_R_POINT_ARITHMETIC_FAILURE         ,"point arithmetic failure"},
+{ECDH_R_SHA1_DIGEST_FAILED               ,"sha1 digest failed"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_ECDH_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(ERR_LIB_ECDH,ECDH_str_functs);
+		ERR_load_strings(ERR_LIB_ECDH,ECDH_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/ecdh/ech_key.c b/crypto/ecdh/ech_key.c
new file mode 100644
index 0000000000..f000b8c8ad
--- /dev/null
+++ b/crypto/ecdh/ech_key.c
@@ -0,0 +1,79 @@
+/* crypto/ecdh/ecdh_key.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "ecdh.h"
+#include <openssl/engine.h>
+
+int ECDH_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY *eckey)
+{
+	ECDH_DATA *ecdh = ecdh_check(eckey);
+	if (ecdh == NULL)
+		return 0;
+	return ecdh->meth->compute_key(key, pub_key, eckey);
+}
diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c
new file mode 100644
index 0000000000..59526f33bd
--- /dev/null
+++ b/crypto/ecdh/ech_lib.c
@@ -0,0 +1,235 @@
+/* crypto/ecdh/ech_lib.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "ecdh.h"
+#include <string.h>
+#include <openssl/engine.h>
+
+const char *ECDH_version="ECDH" OPENSSL_VERSION_PTEXT;
+
+static void ecdh_finish(EC_KEY *);
+
+static const ECDH_METHOD *default_ECDH_method = NULL;
+
+void ECDH_set_default_method(const ECDH_METHOD *meth)
+	{
+	default_ECDH_method = meth;
+	}
+
+const ECDH_METHOD *ECDH_get_default_method(void)
+	{
+	if(!default_ECDH_method) 
+		default_ECDH_method = ECDH_OpenSSL();
+	return default_ECDH_method;
+	}
+
+int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
+	{
+	const ECDH_METHOD *mtmp;
+	ECDH_DATA *ecdh;
+
+	ecdh = ecdh_check(eckey);
+
+	if (ecdh == NULL)
+		return 0;
+
+        mtmp = ecdh->meth;
+#if 0
+        if (mtmp->finish)
+		mtmp->finish(eckey);
+#endif
+	if (ecdh->engine)
+		{
+		ENGINE_finish(ecdh->engine);
+		ecdh->engine = NULL;
+		}
+        ecdh->meth = meth;
+#if 0
+        if (meth->init) 
+		meth->init(eckey);
+#endif
+        return 1;
+	}
+
+ECDH_DATA *ECDH_DATA_new(void)
+	{
+	return ECDH_DATA_new_method(NULL);
+	}
+
+ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine)
+	{
+	ECDH_DATA *ret;
+
+	ret=(ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA));
+	if (ret == NULL)
+		{
+		ECDHerr(ECDH_F_ECDH_DATA_NEW, ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+
+	ret->init = NULL;
+	ret->finish = ecdh_finish;
+
+	ret->meth = ECDH_get_default_method();
+	ret->engine = engine;
+	if (!ret->engine)
+		ret->engine = ENGINE_get_default_ECDH();
+	if (ret->engine)
+		{
+		ret->meth = ENGINE_get_ECDH(ret->engine);
+		if (!ret->meth)
+			{
+			ECDHerr(ECDH_F_ECDH_DATA_NEW, ERR_R_ENGINE_LIB);
+			ENGINE_finish(ret->engine);
+			OPENSSL_free(ret);
+			return NULL;
+			}
+		}
+
+	ret->flags = ret->meth->flags;
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
+#if 0
+	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+		{
+		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
+		OPENSSL_free(ret);
+		ret=NULL;
+		}
+#endif	
+	return(ret);
+	}
+
+void ECDH_DATA_free(ECDH_DATA *r)
+	{
+#if 0
+	if (r->meth->finish)
+		r->meth->finish(r);
+#endif
+	if (r->engine)
+		ENGINE_finish(r->engine);
+
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data);
+
+	OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA));
+
+	OPENSSL_free(r);
+	}
+
+ECDH_DATA *ecdh_check(EC_KEY *key)
+	{
+	if (key->meth_data)
+		{
+		if (key->meth_data->finish != ecdh_finish)
+			{
+			key->meth_data->finish(key);
+			key->meth_data = (EC_KEY_METH_DATA *)ECDH_DATA_new();
+			}
+		}
+	else
+		key->meth_data = (EC_KEY_METH_DATA *)ECDH_DATA_new();
+	return (ECDH_DATA *)key->meth_data;
+	}
+
+static void ecdh_finish(EC_KEY *key)
+	{
+	if (key->meth_data && key->meth_data->finish == ecdh_finish)
+		ECDH_DATA_free((ECDH_DATA *)key->meth_data);
+	}
+
+
+int ECDH_size(const EC_KEY *ecdh)
+	{
+	return 20;
+	}
+
+
+int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+	{
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp,
+				new_func, dup_func, free_func);
+	}
+
+int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg)
+	{
+	ECDH_DATA *ecdh;
+	ecdh = ecdh_check(d);
+	if (ecdh == NULL)
+		return 0;
+	return(CRYPTO_set_ex_data(&ecdh->ex_data,idx,arg));
+	}
+
+void *ECDH_get_ex_data(EC_KEY *d, int idx)
+	{
+	ECDH_DATA *ecdh;
+	ecdh = ecdh_check(d);
+	if (ecdh == NULL)
+		return NULL;
+	return(CRYPTO_get_ex_data(&ecdh->ex_data,idx));
+	}
diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c
new file mode 100644
index 0000000000..182e825b74
--- /dev/null
+++ b/crypto/ecdh/ech_ossl.c
@@ -0,0 +1,174 @@
+/* crypto/ecdh/ech_ossl.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH software is originally written by Douglas Stebila of
+ * Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include "ecdh.h"
+#include <openssl/err.h>
+#include <openssl/sha.h>
+#include <openssl/obj_mac.h>
+
+static int ecdh_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY *ecdh);
+
+static ECDH_METHOD openssl_ecdh_meth = {
+	"OpenSSL ECDH method",
+	ecdh_compute_key,
+#if 0
+	NULL, /* init     */
+	NULL, /* finish   */
+#endif
+	0,    /* flags    */
+	NULL  /* app_data */
+};
+
+const ECDH_METHOD *ECDH_OpenSSL(void)
+	{
+	return &openssl_ecdh_meth;
+	}
+
+
+/* This implementation is based on the following primitives in the IEEE 1363 standard:
+ *  - ECKAS-DH1
+ *  - ECSVDP-DH
+ *  - KDF1 with SHA-1
+ */
+static int ecdh_compute_key(unsigned char *key, const EC_POINT *pub_key, EC_KEY *ecdh)
+	{
+	BN_CTX *ctx;
+	EC_POINT *tmp=NULL;
+	BIGNUM *x=NULL, *y=NULL;
+	int ret= -1, len;
+	unsigned char *buf=NULL;
+
+	if ((ctx = BN_CTX_new()) == NULL) goto err;
+	BN_CTX_start(ctx);
+	x = BN_CTX_get(ctx);
+	y = BN_CTX_get(ctx);
+	
+	if (ecdh->priv_key == NULL)
+		{
+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
+		goto err;
+		}
+
+	if ((tmp=EC_POINT_new(ecdh->group)) == NULL)
+		{
+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	if (!EC_POINT_mul(ecdh->group, tmp, NULL, pub_key, ecdh->priv_key, ctx)) 
+		{
+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
+		goto err;
+		}
+		
+	if (EC_METHOD_get_field_type(EC_GROUP_method_of(ecdh->group)) == NID_X9_62_prime_field) 
+		{
+		if (!EC_POINT_get_affine_coordinates_GFp(ecdh->group, tmp, x, y, ctx)) 
+			{
+			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
+			goto err;
+			}
+		}
+	else
+		{
+		if (!EC_POINT_get_affine_coordinates_GF2m(ecdh->group, tmp, x, y, ctx)) 
+			{
+			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
+			goto err;
+			}
+		}
+
+	if ((buf = (unsigned char *)OPENSSL_malloc(sizeof(unsigned char) * BN_num_bytes(x))) == NULL) 
+		{
+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	
+	if ((len = BN_bn2bin(x,buf)) <= 0)
+		{
+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
+		goto err;
+		}
+
+	if ((SHA1(buf, len, key) == NULL))
+		{
+		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_SHA1_DIGEST_FAILED);
+		goto err;
+		}
+	
+	ret = 20;
+
+err:
+	if (tmp) EC_POINT_free(tmp);
+	if (ctx) BN_CTX_end(ctx);
+	if (ctx) BN_CTX_free(ctx);
+	if (buf) OPENSSL_free(buf);
+	return(ret);
+	}
diff --git a/crypto/ecdsa/.cvsignore b/crypto/ecdsa/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/ecdsa/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/ecdsa/Makefile.ssl b/crypto/ecdsa/Makefile.ssl
new file mode 100644
index 0000000000..3bdc55efb5
--- /dev/null
+++ b/crypto/ecdsa/Makefile.ssl
@@ -0,0 +1,142 @@
+#
+# crypto/ecdsa/Makefile
+#
+
+DIR=	ecdsa
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g -Wall
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=ecdsatest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=	ecs_lib.c ecs_asn1.c ecs_ossl.c ecs_sign.c ecs_vrf.c ecs_err.c
+
+LIBOBJ=	ecs_lib.o ecs_asn1.o ecs_ossl.o ecs_sign.o ecs_vrf.o ecs_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ecdsa.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB) || echo Never mind.
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ecs_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+ecs_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ecs_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ecs_asn1.o: ../../include/openssl/ec.h ../../include/openssl/err.h
+ecs_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ecs_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecs_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecs_asn1.o: ../../include/openssl/symhacks.h ecdsa.h ecs_asn1.c
+ecs_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecs_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ecs_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ecs_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ecs_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecs_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecs_err.o: ../../include/openssl/symhacks.h ecs_err.c
+ecs_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecs_lib.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ecs_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ecs_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ecs_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+ecs_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ecs_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecs_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+ecs_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecs_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdsa.h
+ecs_lib.o: ecs_lib.c
+ecs_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecs_ossl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ecs_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_ossl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ecs_ossl.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ecs_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecs_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecs_ossl.o: ../../include/openssl/symhacks.h ecdsa.h ecs_ossl.c
+ecs_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecs_sign.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ecs_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ecs_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ecs_sign.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+ecs_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ecs_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecs_sign.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecs_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdsa.h
+ecs_sign.o: ecs_sign.c
+ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecs_vrf.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ecs_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecs_vrf.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecdsa.h
+ecs_vrf.o: ecs_vrf.c
diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h
new file mode 100644
index 0000000000..d72d0b1363
--- /dev/null
+++ b/crypto/ecdsa/ecdsa.h
@@ -0,0 +1,169 @@
+/* crypto/ecdsa/ecdsa.h */
+/* ====================================================================
+ * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_ECDSA_H
+#define HEADER_ECDSA_H
+
+#ifdef OPENSSL_NO_ECDSA
+#error ECDSA is disabled.
+#endif
+
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/ossl_typ.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct ECDSA_SIG_st
+{
+	BIGNUM *r;
+	BIGNUM *s;
+} ECDSA_SIG;
+
+typedef struct ecdsa_method 
+{
+	const char *name;
+	ECDSA_SIG *(*ecdsa_do_sign)(const unsigned char *dgst, int dgst_len, 
+			EC_KEY *eckey);
+	int (*ecdsa_sign_setup)(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, 
+			BIGNUM **r);
+	int (*ecdsa_do_verify)(const unsigned char *dgst, int dgst_len, 
+			ECDSA_SIG *sig, EC_KEY *eckey);
+#if 0
+	int (*init)(EC_KEY *eckey);
+	int (*finish)(EC_KEY *eckey);
+#endif
+	int flags;
+	char *app_data;
+} ECDSA_METHOD;
+
+typedef struct ecdsa_data_st {
+	/* EC_KEY_METH_DATA part */
+	int (*init)(EC_KEY *);
+	void (*finish)(EC_KEY *);
+	/* method specific part */
+	BIGNUM	*kinv;	/* signing pre-calc */
+	BIGNUM	*r;	/* signing pre-calc */
+	ENGINE	*engine;
+	int	flags;
+	const ECDSA_METHOD *meth;
+	CRYPTO_EX_DATA ex_data;
+} ECDSA_DATA; 
+
+/* signature functions */
+ECDSA_SIG *ECDSA_SIG_new(void);
+void	  ECDSA_SIG_free(ECDSA_SIG *a);
+int	  i2d_ECDSA_SIG(const ECDSA_SIG *a, unsigned char **pp);
+ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **v, const unsigned char **pp, long length);
+
+/* ECDSA_DATA functions */
+ECDSA_DATA *ECDSA_DATA_new(void);
+ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *);
+void ECDSA_DATA_free(ECDSA_DATA *);
+
+ECDSA_DATA *ecdsa_check(EC_KEY *);
+
+ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, EC_KEY *);
+int	  ECDSA_do_verify(const unsigned char *dgst, int dgst_len, ECDSA_SIG 
+		*sig, EC_KEY* eckey);
+
+const ECDSA_METHOD *ECDSA_OpenSSL(void);
+
+void	  ECDSA_set_default_method(const ECDSA_METHOD *);
+const ECDSA_METHOD *ECDSA_get_default_method(void);
+int 	  ECDSA_set_method(EC_KEY *, const ECDSA_METHOD *);
+
+int	  ECDSA_size(const EC_KEY *);
+int 	  ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, 
+		BIGNUM **rp);
+int	  ECDSA_sign(int type, const unsigned char *dgst, int dgst_len, 
+		unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
+int 	  ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, 
+		const unsigned char *sig, int sig_len, EC_KEY *eckey);
+
+
+int 	  ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new 
+		*new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int 	  ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg);
+void 	  *ECDSA_get_ex_data(EC_KEY *d, int idx);
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_ECDSA_strings(void);
+
+/* Error codes for the ECDSA functions. */
+
+/* Function codes. */
+#define ECDSA_F_ECDSA_DATA_NEW				 100
+#define ECDSA_F_ECDSA_DO_SIGN				 101
+#define ECDSA_F_ECDSA_DO_VERIFY				 102
+#define ECDSA_F_ECDSA_SIGN_SETUP			 103
+
+/* Reason codes. */
+#define ECDSA_R_BAD_SIGNATURE				 100
+#define ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 101
+#define ECDSA_R_ERR_EC_LIB				 102
+#define ECDSA_R_MISSING_PARAMETERS			 103
+#define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED		 104
+#define ECDSA_R_SIGNATURE_MALLOC_FAILED			 105
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c
new file mode 100644
index 0000000000..3f284125a2
--- /dev/null
+++ b/crypto/ecdsa/ecdsatest.c
@@ -0,0 +1,482 @@
+/* crypto/ecdsa/ecdsatest.c */
+/*
+ * Written by Nils Larsch for the OpenSSL project.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * The elliptic curve binary polynomial software is originally written by 
+ * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef OPENSSL_NO_ECDSA
+int main(int argc, char * argv[])
+	{
+	puts("Elliptic curves are disabled.");
+	return 0;
+	}
+#else
+
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/ecdsa.h>
+#include <openssl/engine.h>
+#include <openssl/err.h>
+
+static const char rnd_seed[] = "string to make the random number generator "
+	"think it has entropy";
+
+/* declaration of the test functions */
+int x9_62_tests(BIO *);
+int x9_62_test_internal(BIO *out, int nid, const char *r, const char *s);
+int test_builtin(BIO *);
+
+/* functions to change the RAND_METHOD */
+int change_rand(void);
+int restore_rand(void);
+int fbytes(unsigned char *buf, int num);
+
+RAND_METHOD	fake_rand;
+const RAND_METHOD *old_rand;
+
+int change_rand(void)
+	{
+	/* save old rand method */
+	if ((old_rand = RAND_get_rand_method()) == NULL)
+		return 0;
+
+	fake_rand.seed    = old_rand->seed;
+	fake_rand.cleanup = old_rand->cleanup;
+	fake_rand.add     = old_rand->add;
+	fake_rand.status  = old_rand->status;
+	/* use own random function */
+	fake_rand.bytes      = fbytes;
+	fake_rand.pseudorand = fbytes;
+	/* set new RAND_METHOD */
+	if (!RAND_set_rand_method(&fake_rand))
+		return 0;
+	return 1;
+	}
+
+int restore_rand(void)
+	{
+	if (!RAND_set_rand_method(old_rand))
+		return 0;
+	else
+		return 1;
+	}
+
+static int fbytes_counter = 0;
+static const char *numbers[8] = {
+	"651056770906015076056810763456358567190100156695615665659",
+	"6140507067065001063065065565667405560006161556565665656654",
+	"8763001015071075675010661307616710783570106710677817767166"
+	"71676178726717",
+	"7000000175690566466555057817571571075705015757757057795755"
+	"55657156756655",
+	"1275552191113212300012030439187146164646146646466749494799",
+	"1542725565216523985789236956265265265235675811949404040041",
+	"1456427555219115346513212300075341203043918714616464614664"
+	"64667494947990",
+	"1712787255652165239672857892369562652652652356758119494040"
+	"40041670216363"};
+
+int fbytes(unsigned char *buf, int num)
+	{
+	int	ret;
+	BIGNUM	*tmp = NULL;
+
+	if (fbytes_counter >= 8)
+		return 0;
+	tmp = BN_new();
+	if (!tmp)
+		return 0;
+	if (!BN_dec2bn(&tmp, numbers[fbytes_counter]))
+		{
+		BN_free(tmp);
+		return 0;
+		}
+	fbytes_counter ++;
+	ret = BN_bn2bin(tmp, buf);	
+	if (ret == 0 || ret != num)
+		ret = 0;
+	else
+		ret = 1;
+	if (tmp)
+		BN_free(tmp);
+	return ret;
+	}
+
+/* some tests from the X9.62 draft */
+int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in)
+	{
+	int	ret = 0;
+	const char message[] = "abc";
+	unsigned char digest[20];
+	unsigned int  dgst_len = 0;
+	EVP_MD_CTX md_ctx;
+	EC_KEY    *key = NULL;
+	ECDSA_SIG *signature = NULL;
+	BIGNUM    *r = NULL, *s = NULL;
+
+	EVP_MD_CTX_init(&md_ctx);
+	/* get the message digest */
+	EVP_DigestInit(&md_ctx, EVP_ecdsa());
+	EVP_DigestUpdate(&md_ctx, (const void*)message, 3);
+	EVP_DigestFinal(&md_ctx, digest, &dgst_len);
+
+	BIO_printf(out, "testing %s: ", OBJ_nid2sn(nid));
+	/* create the key */
+	if ((key = EC_KEY_new()) == NULL)
+		goto x962_int_err;
+	if ((key->group = EC_GROUP_new_by_nid(nid)) == NULL)
+		goto x962_int_err;
+	if (!EC_KEY_generate_key(key))
+		goto x962_int_err;
+	BIO_printf(out, ".");
+	BIO_flush(out);
+	/* create the signature */
+	signature = ECDSA_do_sign(digest, 20, key);
+	if (signature == NULL)
+		goto x962_int_err;
+	BIO_printf(out, ".");
+	BIO_flush(out);
+	/* compare the created signature with the expected signature */
+	if ((r = BN_new()) == NULL || (s = BN_new()) == NULL)
+		goto x962_int_err;
+	if (!BN_dec2bn(&r, r_in) ||
+	    !BN_dec2bn(&s, s_in))
+		goto x962_int_err;
+	if (BN_cmp(signature->r ,r) || BN_cmp(signature->s, s))
+		goto x962_int_err;
+	BIO_printf(out, ".");
+	BIO_flush(out);
+	/* verify the signature */
+	if (ECDSA_do_verify(digest, 20, signature, key) != 1)
+		goto x962_int_err;
+	BIO_printf(out, ".");
+	BIO_flush(out);
+
+	BIO_printf(out, " ok\n");
+	ret = 1;
+x962_int_err:
+	if (!ret)
+		BIO_printf(out, " failed\n");
+	if (key)
+		EC_KEY_free(key);
+	if (signature)
+		ECDSA_SIG_free(signature);
+	if (r)
+		BN_free(r);
+	if (s)
+		BN_free(s);
+	EVP_MD_CTX_cleanup(&md_ctx);
+	return ret;
+	}
+
+int x9_62_tests(BIO *out)
+	{
+	int ret = 0;
+
+	BIO_printf(out, "some tests from X9.62:\n");
+
+	/* set own rand method */
+	if (!change_rand())
+		goto x962_err;
+
+	if (!x9_62_test_internal(out, NID_X9_62_prime192v1,
+		"3342403536405981729393488334694600415596881826869351677613",
+		"5735822328888155254683894997897571951568553642892029982342"))
+		goto x962_err;
+	if (!x9_62_test_internal(out, NID_X9_62_prime239v1,
+		"3086361431751678114926225473006680188549593787585317781474"
+		"62058306432176",
+		"3238135532097973577080787768312505059318910517550078427819"
+		"78505179448783"))
+		goto x962_err;
+	if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1,
+		"87194383164871543355722284926904419997237591535066528048",
+		"308992691965804947361541664549085895292153777025772063598"))
+		goto x962_err;
+	if (!x9_62_test_internal(out, NID_X9_62_c2tnb239v1,
+		"2159633321041961198501834003903461262881815148684178964245"
+		"5876922391552",
+		"1970303740007316867383349976549972270528498040721988191026"
+		"49413465737174"))
+		goto x962_err;
+
+	ret = 1;
+x962_err:
+	if (!restore_rand())
+		ret = 0;
+	return ret;
+	}
+
+int test_builtin(BIO *out)
+	{
+	EC_builtin_curve *curves = NULL;
+	size_t		crv_len = 0, n = 0;
+	EC_KEY		*eckey = NULL, *wrong_eckey = NULL;
+	unsigned char	digest[20], wrong_digest[20];
+	unsigned char	*signature; 
+	unsigned int	sig_len;
+	int		nid, ret =  0;
+	
+	/* fill digest values with some random data */
+	if (!RAND_pseudo_bytes(digest, 20) ||
+	    !RAND_pseudo_bytes(wrong_digest, 20))
+		{
+		BIO_printf(out, "ERROR: unable to get random data\n");
+		goto builtin_err;
+		}
+
+	/* create and verify a ecdsa signature with every availble curve
+	 * (with ) */
+	BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() "
+		"with some internal curves:\n");
+
+	/* get a list of all internal curves */
+	crv_len = EC_get_builtin_curves(NULL, 0);
+
+	curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len);
+
+	if (curves == NULL)
+		{
+		BIO_printf(out, "malloc error\n");
+		goto builtin_err;
+		}
+	
+	if (!EC_get_builtin_curves(curves, crv_len))
+		{
+		BIO_printf(out, "unable to get internal curves\n");
+		goto builtin_err;
+		}
+
+	/* now create and verify a signature for every curve */
+	for (n = 0; n < crv_len; n++)
+		{
+		nid = curves[n].nid;
+		/* create new ecdsa key (== EC_KEY) */
+		if ((eckey = EC_KEY_new()) == NULL)
+			goto builtin_err;
+		if ((eckey->group = EC_GROUP_new_by_nid(nid)) == NULL)
+			goto builtin_err;
+		if (EC_GROUP_get_degree(eckey->group) < 160)
+			/* drop the curve */ 
+			{
+			EC_KEY_free(eckey);
+			eckey = NULL;
+			continue;
+			}
+		BIO_printf(out, "%s: ", OBJ_nid2sn(nid));
+		/* create key */
+		if (!EC_KEY_generate_key(eckey))
+			{
+			BIO_printf(out, " failed\n");
+			goto builtin_err;
+			}
+		/* create second key */
+		if ((wrong_eckey = EC_KEY_new()) == NULL)
+			goto builtin_err;
+		if ((wrong_eckey->group = EC_GROUP_new_by_nid(nid)) == NULL)
+			goto builtin_err;
+		if (!EC_KEY_generate_key(wrong_eckey))
+			{
+			BIO_printf(out, " failed\n");
+			goto builtin_err;
+			}
+
+		BIO_printf(out, ".");
+		BIO_flush(out);
+		/* check key */
+		if (!EC_KEY_check_key(eckey))
+			{
+			BIO_printf(out, " failed\n");
+			goto builtin_err;
+			}
+		BIO_printf(out, ".");
+		BIO_flush(out);
+		/* create signature */
+		sig_len = ECDSA_size(eckey);
+		if ((signature = OPENSSL_malloc(sig_len)) == NULL)
+			goto builtin_err;
+                if (!ECDSA_sign(0, digest, 20, signature, &sig_len, eckey))
+			{
+			BIO_printf(out, " failed\n");
+			goto builtin_err;
+			}
+		BIO_printf(out, ".");
+		BIO_flush(out);
+		/* verify signature */
+		if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
+			{
+			BIO_printf(out, " failed\n");
+			goto builtin_err;
+			}
+		BIO_printf(out, ".");
+		BIO_flush(out);
+		/* verify signature with the wrong key */
+		if (ECDSA_verify(0, digest, 20, signature, sig_len, 
+			wrong_eckey) == 1)
+			{
+			BIO_printf(out, " failed\n");
+			goto builtin_err;
+			}
+		BIO_printf(out, ".");
+		BIO_flush(out);
+		/* wrong digest */
+		if (ECDSA_verify(0, wrong_digest, 20, signature, sig_len,
+			eckey) == 1)
+			{
+			BIO_printf(out, " failed\n");
+			goto builtin_err;
+			}
+		BIO_printf(out, ".");
+		BIO_flush(out);
+		/* modify signature */
+		signature[((int)signature[0])%sig_len] ^= 
+			signature[((int)signature[1])%sig_len];
+		if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)
+			{
+			BIO_printf(out, " failed\n");
+			goto builtin_err;
+			}
+		BIO_printf(out, ".");
+		BIO_flush(out);
+		
+		BIO_printf(out, " ok\n");
+		/* cleanup */
+		OPENSSL_free(signature);
+		signature = NULL;
+		EC_KEY_free(eckey);
+		eckey = NULL;
+		EC_KEY_free(wrong_eckey);
+		wrong_eckey = NULL;
+		}
+
+	ret = 1;	
+builtin_err:
+	if (eckey)
+		EC_KEY_free(eckey);
+	if (wrong_eckey)
+		EC_KEY_free(wrong_eckey);
+	if (signature);
+		OPENSSL_free(signature);
+	if (curves)
+		OPENSSL_free(curves);
+
+	return ret;
+	}
+
+int main(void)
+	{
+	int 	ret = 0;
+	BIO	*out;
+
+	out = BIO_new_fp(stdout, BIO_NOCLOSE);
+	
+	/* enable memory leak checking unless explicitly disabled */
+	if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && 
+		(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+		{
+		CRYPTO_malloc_debug_init();
+		CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+		}
+	else
+		{
+		/* OPENSSL_DEBUG_MEMORY=off */
+		CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+		}
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+	ERR_load_crypto_strings();
+
+	/* initialize the prng */
+	RAND_seed(rnd_seed, sizeof(rnd_seed));
+
+	/* the tests */
+	if (!x9_62_tests(out))  goto err;
+	if (!test_builtin(out)) goto err;
+	
+	ret = 1;
+err:	
+	if (!ret) 	
+		BIO_printf(out, "\nECDSA test failed\n");
+	else 
+		BIO_printf(out, "\nECDSA test passed\n");
+	if (!ret)
+		ERR_print_errors(out);
+	CRYPTO_cleanup_all_ex_data();
+	ERR_remove_state(0);
+	ERR_free_strings();
+	CRYPTO_mem_leaks(out);
+	if (out != NULL)
+		BIO_free(out);
+	return(0);
+	}	
+#endif
diff --git a/crypto/ecdsa/ecs_asn1.c b/crypto/ecdsa/ecs_asn1.c
new file mode 100644
index 0000000000..e9e1c2b51e
--- /dev/null
+++ b/crypto/ecdsa/ecs_asn1.c
@@ -0,0 +1,67 @@
+/* crypto/ecdsa/ecs_asn1.c */
+/* ====================================================================
+ * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "ecdsa.h"
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+
+ASN1_SEQUENCE(ECDSA_SIG) = {
+	ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM),
+	ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM)
+} ASN1_SEQUENCE_END(ECDSA_SIG)
+
+DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG)
+IMPLEMENT_ASN1_FUNCTIONS_const(ECDSA_SIG)
diff --git a/crypto/ecdsa/ecs_err.c b/crypto/ecdsa/ecs_err.c
new file mode 100644
index 0000000000..75c789448c
--- /dev/null
+++ b/crypto/ecdsa/ecs_err.c
@@ -0,0 +1,102 @@
+/* crypto/ecdsa/ecs_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ecdsa.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ECDSA_str_functs[]=
+	{
+{ERR_PACK(0,ECDSA_F_ECDSA_DATA_NEW,0),	"ECDSA_DATA_new"},
+{ERR_PACK(0,ECDSA_F_ECDSA_DO_SIGN,0),	"ECDSA_do_sign"},
+{ERR_PACK(0,ECDSA_F_ECDSA_DO_VERIFY,0),	"ECDSA_do_verify"},
+{ERR_PACK(0,ECDSA_F_ECDSA_SIGN_SETUP,0),	"ECDSA_sign_setup"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA ECDSA_str_reasons[]=
+	{
+{ECDSA_R_BAD_SIGNATURE                   ,"bad signature"},
+{ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE     ,"data too large for key size"},
+{ECDSA_R_ERR_EC_LIB                      ,"err ec lib"},
+{ECDSA_R_MISSING_PARAMETERS              ,"missing parameters"},
+{ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED ,"random number generation failed"},
+{ECDSA_R_SIGNATURE_MALLOC_FAILED         ,"signature malloc failed"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_ECDSA_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(ERR_LIB_ECDSA,ECDSA_str_functs);
+		ERR_load_strings(ERR_LIB_ECDSA,ECDSA_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c
new file mode 100644
index 0000000000..9465dee625
--- /dev/null
+++ b/crypto/ecdsa/ecs_lib.c
@@ -0,0 +1,252 @@
+/* crypto/ecdsa/ecs_lib.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include "ecdsa.h"
+#include <openssl/engine.h>
+
+const char *ECDSA_version="ECDSA" OPENSSL_VERSION_PTEXT;
+
+static void ecdsa_finish(EC_KEY *);
+
+static const ECDSA_METHOD *default_ECDSA_method = NULL;
+
+void ECDSA_set_default_method(const ECDSA_METHOD *meth)
+{
+	default_ECDSA_method = meth;
+}
+
+const ECDSA_METHOD *ECDSA_get_default_method(void)
+{
+	if(!default_ECDSA_method) 
+		default_ECDSA_method = ECDSA_OpenSSL();
+	return default_ECDSA_method;
+}
+
+int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
+{
+        const ECDSA_METHOD *mtmp;
+	ECDSA_DATA *ecdsa;
+
+	ecdsa = ecdsa_check(eckey);
+
+	if (ecdsa == NULL)
+		return 0;
+
+        mtmp = ecdsa->meth;
+#if 0
+        if (mtmp->finish)
+		mtmp->finish(eckey);
+#endif
+	if (ecdsa->engine)
+	{
+		ENGINE_finish(ecdsa->engine);
+		ecdsa->engine = NULL;
+	}
+        ecdsa->meth = meth;
+#if 0
+        if (meth->init) 
+		meth->init(eckey);
+#endif
+        return 1;
+}
+
+ECDSA_DATA *ECDSA_DATA_new(void)
+{
+	return ECDSA_DATA_new_method(NULL);
+}
+
+ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine)
+{
+	ECDSA_DATA *ret;
+
+	ret=(ECDSA_DATA *)OPENSSL_malloc(sizeof(ECDSA_DATA));
+	if (ret == NULL)
+	{
+		ECDSAerr(ECDSA_F_ECDSA_DATA_NEW, ERR_R_MALLOC_FAILURE);
+		return(NULL);
+	}
+
+	ret->init = NULL;
+	ret->finish = ecdsa_finish;
+
+	ret->kinv = NULL;
+	ret->r    = NULL;
+
+	ret->meth = ECDSA_get_default_method();
+	ret->engine = engine;
+	if (!ret->engine)
+		ret->engine = ENGINE_get_default_ECDSA();
+	if (ret->engine)
+	{
+		ret->meth = ENGINE_get_ECDSA(ret->engine);
+		if (!ret->meth)
+		{
+			ECDSAerr(ECDSA_F_ECDSA_DATA_NEW, ERR_R_ENGINE_LIB);
+			ENGINE_finish(ret->engine);
+			OPENSSL_free(ret);
+			return NULL;
+		}
+	}
+
+	ret->flags = ret->meth->flags;
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data);
+#if 0
+	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+	{
+		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data);
+		OPENSSL_free(ret);
+		ret=NULL;
+	}
+#endif	
+	return(ret);
+}
+
+void ECDSA_DATA_free(ECDSA_DATA *r)
+{
+	if (r->kinv)
+		BN_clear_free(r->kinv);
+	if (r->r)
+		BN_clear_free(r->r);
+
+#if 0
+	if (r->meth->finish)
+		r->meth->finish(r);
+#endif
+	if (r->engine)
+		ENGINE_finish(r->engine);
+
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data);
+
+	OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA));
+
+	OPENSSL_free(r);
+}
+
+ECDSA_DATA *ecdsa_check(EC_KEY *key)
+{
+	if (key->meth_data)
+	{
+		if (key->meth_data->finish != ecdsa_finish)
+		{
+			key->meth_data->finish(key);
+			key->meth_data = (EC_KEY_METH_DATA *)ECDSA_DATA_new();
+		}
+	}
+	else
+		key->meth_data = (EC_KEY_METH_DATA *)ECDSA_DATA_new();
+	return (ECDSA_DATA *)key->meth_data;
+}
+
+static void ecdsa_finish(EC_KEY *key)
+{
+	if (key->meth_data && key->meth_data->finish == ecdsa_finish)
+		ECDSA_DATA_free((ECDSA_DATA *)key->meth_data);
+}
+
+int ECDSA_size(const EC_KEY *r)
+{
+	int ret,i;
+	ASN1_INTEGER bs;
+	BIGNUM	*order=NULL;
+	unsigned char buf[4];
+
+	if (r == NULL || r->group == NULL)
+		return 0;
+	if ((order = BN_new()) == NULL) return 0;
+	if (!EC_GROUP_get_order(r->group,order,NULL))
+	{
+		BN_clear_free(order);
+		return 0;
+	} 
+	i=BN_num_bits(order);
+	bs.length=(i+7)/8;
+	bs.data=buf;
+	bs.type=V_ASN1_INTEGER;
+	/* If the top bit is set the asn1 encoding is 1 larger. */
+	buf[0]=0xff;	
+
+	i=i2d_ASN1_INTEGER(&bs,NULL);
+	i+=i; /* r and s */
+	ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
+	BN_clear_free(order);
+	return(ret);
+}
+
+
+int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp,
+				new_func, dup_func, free_func);
+}
+
+int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg)
+{
+	ECDSA_DATA *ecdsa;
+	ecdsa = ecdsa_check(d);
+	if (ecdsa == NULL)
+		return 0;
+	return(CRYPTO_set_ex_data(&ecdsa->ex_data,idx,arg));
+}
+
+void *ECDSA_get_ex_data(EC_KEY *d, int idx)
+{
+	ECDSA_DATA *ecdsa;
+	ecdsa = ecdsa_check(d);
+	if (ecdsa == NULL)
+		return NULL;
+	return(CRYPTO_get_ex_data(&ecdsa->ex_data,idx));
+}
diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c
new file mode 100644
index 0000000000..215da3892a
--- /dev/null
+++ b/crypto/ecdsa/ecs_ossl.c
@@ -0,0 +1,452 @@
+/* crypto/ecdsa/ecs_ossl.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "ecdsa.h"
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+
+static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, 
+		EC_KEY *eckey);
+static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, 
+		BIGNUM **rp);
+static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, 
+		ECDSA_SIG *sig, EC_KEY *eckey);
+
+static ECDSA_METHOD openssl_ecdsa_meth = {
+	"OpenSSL ECDSA method",
+	ecdsa_do_sign,
+	ecdsa_sign_setup,
+	ecdsa_do_verify,
+#if 0
+	NULL, /* init     */
+	NULL, /* finish   */
+#endif
+	0,    /* flags    */
+	NULL  /* app_data */
+};
+
+const ECDSA_METHOD *ECDSA_OpenSSL(void)
+{
+	return &openssl_ecdsa_meth;
+}
+
+static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+		BIGNUM **rp)
+{
+	BN_CTX   *ctx = NULL;
+	BIGNUM	 k,*kinv=NULL,*r=NULL,*order=NULL,*X=NULL;
+	EC_POINT *tmp_point=NULL;
+	int 	 ret = 0;
+	if (!eckey  || !eckey->group || !eckey->pub_key || !eckey->priv_key)
+	{
+		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+	}
+	if (ctx_in == NULL) 
+	{
+		if ((ctx=BN_CTX_new()) == NULL)
+		{
+		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	}
+	else
+		ctx=ctx_in;
+
+	if ((r = BN_new()) == NULL)
+	{
+		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+		goto err;	
+	}
+	if ((order = BN_new()) == NULL)
+	{
+		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+		goto err;	
+	}
+	if ((X = BN_new()) == NULL)
+	{
+		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+		goto err;	
+	}
+	if ((tmp_point = EC_POINT_new(eckey->group)) == NULL)
+	{
+		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+		goto err;
+	}
+	if (!EC_GROUP_get_order(eckey->group,order,ctx))
+	{
+		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+		goto err;
+	}
+	
+	do
+	{
+		/* get random k */	
+		BN_init(&k);
+		do
+			if (!BN_rand_range(&k,order))
+			{
+				ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
+				 ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);	
+				goto err;
+			}
+		while (BN_is_zero(&k));
+
+		/* compute r the x-coordinate of generator * k */
+		if (!EC_POINT_mul(eckey->group, tmp_point, &k, NULL, NULL, ctx))
+		{
+			ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+			goto err;
+		}
+		if (EC_METHOD_get_field_type(EC_GROUP_method_of(eckey->group))
+			== NID_X9_62_prime_field)
+		{
+			if (!EC_POINT_get_affine_coordinates_GFp(eckey->group,
+				tmp_point, X, NULL, ctx))
+			{
+				ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
+					ERR_R_EC_LIB);
+				goto err;
+			}
+		}
+		else /* NID_X9_62_characteristic_two_field */
+		{
+			if (!EC_POINT_get_affine_coordinates_GF2m(eckey->group,
+				tmp_point, X, NULL, ctx))
+			{
+				ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
+					ERR_R_EC_LIB);
+				goto err;
+			}
+		}
+		if (!BN_nnmod(r,X,order,ctx))
+		{
+			ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+			goto err;
+		}
+	}
+	while (BN_is_zero(r));
+
+	/* compute the inverse of k */
+	if ((kinv = BN_mod_inverse(NULL,&k,order,ctx)) == NULL)
+	{
+		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+		goto err;	
+	}
+
+	if (*rp == NULL)
+		BN_clear_free(*rp);
+	*rp = r;
+	if (*kinvp == NULL) 
+		BN_clear_free(*kinvp);
+	*kinvp = kinv;
+	kinv = NULL;
+	ret = 1;
+err:
+	if (!ret)
+	{
+		if (kinv != NULL) BN_clear_free(kinv);
+		if (r != NULL) BN_clear_free(r);
+	}
+	if (ctx_in == NULL) 
+		BN_CTX_free(ctx);
+	if (kinv != NULL)
+		BN_clear_free(kinv);
+	if (order != NULL)
+		BN_clear_free(order);
+	if (tmp_point != NULL) 
+		EC_POINT_free(tmp_point);
+	if (X)	BN_clear_free(X);
+	BN_clear_free(&k);
+	return(ret);
+}
+
+
+static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, 
+		EC_KEY *eckey)
+{
+	BIGNUM *kinv=NULL,*r=NULL,*s=NULL,*m=NULL,*tmp=NULL,*order=NULL;
+	BIGNUM xr;
+	BN_CTX *ctx=NULL;
+	ECDSA_SIG *ret=NULL;
+	ECDSA_DATA *ecdsa;
+
+	ecdsa = ecdsa_check(eckey);
+
+	if (!eckey || !eckey->group || !eckey->pub_key || !eckey->priv_key 
+		|| !ecdsa)
+	{
+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
+		goto err;
+	}
+	BN_init(&xr);
+
+	if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
+		(tmp = BN_new()) == NULL || (m = BN_new()) == NULL ||
+		(s = BN_new()) == NULL )
+	{
+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+
+	if (!EC_GROUP_get_order(eckey->group,order,ctx))
+	{
+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+		goto err;
+	}
+	if (dgst_len > BN_num_bytes(order))
+	{
+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
+			ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+		goto err;
+	}
+
+	if (BN_bin2bn(dgst,dgst_len,m) == NULL)
+	{
+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+		goto err;
+	}
+	do
+	{
+		if (ecdsa->kinv == NULL || ecdsa->r == NULL)
+		{
+			if (!ECDSA_sign_setup(eckey,ctx,&kinv,&r))
+			{
+				ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
+					ERR_R_ECDSA_LIB);
+				goto err;
+			}
+		}
+		else
+		{
+			kinv = ecdsa->kinv;
+			ecdsa->kinv = NULL;
+			r = ecdsa->r;
+			ecdsa->r = NULL;
+		}
+
+		if (!BN_mod_mul(tmp,eckey->priv_key,r,order,ctx))
+		{
+			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+			goto err;
+		}
+		if (!BN_add(s,tmp,m))
+		{
+			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+			goto err;
+		}
+		if (BN_cmp(s,order) > 0)
+			BN_sub(s,s,order);
+		if (!BN_mod_mul(s,s,kinv,order,ctx))
+		{
+			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+			goto err;
+		}
+	}
+	while (BN_is_zero(s));
+
+	if ((ret = ECDSA_SIG_new()) == NULL)
+	{
+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+	if (BN_copy(ret->r, r) == NULL || BN_copy(ret->s, s) == NULL)
+	{
+		ECDSA_SIG_free(ret);
+		ret = NULL;
+		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+	}
+	
+err:
+	if (r)
+		BN_clear_free(r);
+	if (s)
+		BN_clear_free(s);
+	if (ctx)
+		BN_CTX_free(ctx);
+	if (m)
+		BN_clear_free(m);
+	if (tmp)
+		BN_clear_free(tmp);
+	if (order)
+		BN_clear_free(order);
+	if (kinv)
+		BN_clear_free(kinv);
+	return(ret);
+}
+
+static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
+		ECDSA_SIG *sig, EC_KEY *eckey)
+{
+	BN_CTX *ctx;
+	BIGNUM *order=NULL,*u1=NULL,*u2=NULL,*m=NULL,*X=NULL;
+	EC_POINT *point=NULL;
+	int ret = -1;
+	if (!eckey || !eckey->group || !eckey->pub_key || !sig)
+	{
+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
+		return -1;
+	}
+
+	if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
+		(u1 = BN_new()) == NULL || (u2 = BN_new()) == NULL ||
+		(m  = BN_new()) == NULL || (X  = BN_new()) == NULL)
+	{
+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+	if (!EC_GROUP_get_order(eckey->group, order, ctx))
+	{
+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+		goto err;
+	}
+
+	if (BN_is_zero(sig->r) || BN_get_sign(sig->r) ||
+	    BN_ucmp(sig->r, order) >= 0)
+	{
+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE);
+		ret = 0;
+		goto err;
+	}
+	if (BN_is_zero(sig->s) || BN_get_sign(sig->s) ||
+	    BN_ucmp(sig->s, order) >= 0)
+	{
+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE);
+		ret = 0;
+		goto err;
+	}
+
+	/* calculate tmp1 = inv(S) mod order */
+	if ((BN_mod_inverse(u2,sig->s,order,ctx)) == NULL)
+	{
+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+		goto err;
+	}
+	/* digest -> m */
+	if (BN_bin2bn(dgst,dgst_len,m) == NULL)
+	{
+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+		goto err;
+	}
+	/* u1 = m * tmp mod order */
+	if (!BN_mod_mul(u1,m,u2,order,ctx))
+	{
+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+		goto err;
+	}
+	/* u2 = r * w mod q */
+	if (!BN_mod_mul(u2,sig->r,u2,order,ctx))
+	{
+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+		goto err;
+	}
+
+	if ((point = EC_POINT_new(eckey->group)) == NULL)
+	{
+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+	if (!EC_POINT_mul(eckey->group, point, u1, eckey->pub_key, u2, ctx))
+	{
+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+		goto err;
+	}
+	if (EC_METHOD_get_field_type(EC_GROUP_method_of(eckey->group))
+		== NID_X9_62_prime_field) 
+	{
+		if (!EC_POINT_get_affine_coordinates_GFp(eckey->group,
+			point, X, NULL, ctx))
+		{
+			ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+			goto err;
+		}
+	}
+	else /* NID_X9_62_characteristic_two_field */
+	{
+		if (!EC_POINT_get_affine_coordinates_GF2m(eckey->group,
+			point, X, NULL, ctx))
+		{
+			ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+			goto err;
+		}
+	}
+	
+	if (!BN_nnmod(u1,X,order,ctx))
+	{
+		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+		goto err;
+	}
+
+	/*  is now in u1.  If the signature is correct, it will be
+	 * equal to R. */
+	ret = (BN_ucmp(u1,sig->r) == 0);
+
+	err:
+	if (ctx)
+		BN_CTX_free(ctx);
+	if (u1)
+		BN_clear_free(u1);
+	if (u2)
+		BN_clear_free(u2);
+	if (m)
+		BN_clear_free(m);
+	if (X)
+		BN_clear_free(X);
+	if (order)
+		BN_clear_free(order);
+	if (point)
+		EC_POINT_free(point);
+	return(ret);
+}
diff --git a/crypto/ecdsa/ecs_sign.c b/crypto/ecdsa/ecs_sign.c
new file mode 100644
index 0000000000..215da1211a
--- /dev/null
+++ b/crypto/ecdsa/ecs_sign.c
@@ -0,0 +1,89 @@
+/* crypto/ecdsa/ecdsa_sign.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "ecdsa.h"
+#include <openssl/engine.h>
+
+ECDSA_SIG * ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
+{
+	ECDSA_DATA *ecdsa = ecdsa_check(eckey);
+	if (ecdsa == NULL)
+		return NULL;
+	return ecdsa->meth->ecdsa_do_sign(dgst, dlen, eckey);
+}
+
+int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char 
+		*sig, unsigned int *siglen, EC_KEY *eckey)
+{
+	ECDSA_SIG *s;
+	s=ECDSA_do_sign(dgst,dlen,eckey);
+	if (s == NULL)
+	{
+		*siglen=0;
+		return(0);
+	}
+	*siglen=i2d_ECDSA_SIG(s,&sig);
+	ECDSA_SIG_free(s);
+	return(1);
+}
+
+int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, 
+		BIGNUM **rp)
+{
+	ECDSA_DATA *ecdsa = ecdsa_check(eckey);
+	if (ecdsa == NULL)
+		return 0;
+	return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); 
+}
diff --git a/crypto/ecdsa/ecs_vrf.c b/crypto/ecdsa/ecs_vrf.c
new file mode 100644
index 0000000000..269671bec8
--- /dev/null
+++ b/crypto/ecdsa/ecs_vrf.c
@@ -0,0 +1,91 @@
+/* crypto/ecdsa/ecdsa_vrf.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "ecdsa.h"
+#include <openssl/engine.h>
+
+/* returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, 
+		ECDSA_SIG *sig, EC_KEY *eckey)
+	{
+	ECDSA_DATA *ecdsa = ecdsa_check(eckey);
+	if (ecdsa == NULL)
+		return 0;
+	return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey);
+	}
+
+/* returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
+		const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
+ 	{
+	ECDSA_SIG *s;
+	int ret=-1;
+
+	s = ECDSA_SIG_new();
+	if (s == NULL) return(ret);
+	if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err;
+	ret=ECDSA_do_verify(dgst, dgst_len, s, eckey);
+err:
+	ECDSA_SIG_free(s);
+	return(ret);
+	}
diff --git a/crypto/engine/.cvsignore b/crypto/engine/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/engine/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/engine/Makefile.ssl b/crypto/engine/Makefile.ssl
new file mode 100644
index 0000000000..a124654b0d
--- /dev/null
+++ b/crypto/engine/Makefile.ssl
@@ -0,0 +1,458 @@
+#
+# OpenSSL/crypto/engine/Makefile
+#
+
+DIR=	engine
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST= enginetest.c
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
+	eng_table.c eng_pkey.c eng_fat.c eng_all.c \
+	tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_rand.c tb_cipher.c tb_digest.c tb_ecdh.c \
+	eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c
+LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
+	eng_table.o eng_pkey.o eng_fat.o eng_all.o \
+	tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_rand.o tb_cipher.o tb_digest.o tb_ecdh.o \
+	eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= engine.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+eng_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_all.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+eng_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+eng_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+eng_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_all.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_all.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_all.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_all.o: eng_all.c eng_int.h
+eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_cnf.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+eng_cnf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+eng_cnf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+eng_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+eng_cnf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_cnf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_cnf.o: ../../include/openssl/ui.h ../cryptlib.h eng_cnf.c
+eng_cryptodev.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+eng_cryptodev.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+eng_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+eng_cryptodev.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+eng_cryptodev.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_cryptodev.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+eng_cryptodev.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+eng_cryptodev.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eng_cryptodev.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+eng_cryptodev.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+eng_cryptodev.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+eng_cryptodev.o: ../../include/openssl/obj_mac.h
+eng_cryptodev.o: ../../include/openssl/objects.h
+eng_cryptodev.o: ../../include/openssl/opensslconf.h
+eng_cryptodev.o: ../../include/openssl/opensslv.h
+eng_cryptodev.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_cryptodev.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+eng_cryptodev.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+eng_cryptodev.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_cryptodev.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+eng_cryptodev.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_cryptodev.o: ../../include/openssl/ui_compat.h eng_cryptodev.c
+eng_ctrl.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_ctrl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_ctrl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_ctrl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_ctrl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+eng_ctrl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+eng_ctrl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_ctrl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_ctrl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_ctrl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_ctrl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_ctrl.o: ../cryptlib.h eng_ctrl.c eng_int.h
+eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_dyn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_dyn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_dyn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+eng_dyn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+eng_dyn.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+eng_dyn.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_dyn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_dyn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_dyn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_dyn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_dyn.o: ../../include/openssl/ui.h ../cryptlib.h eng_dyn.c eng_int.h
+eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+eng_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+eng_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+eng_err.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_err.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_err.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_err.o: eng_err.c
+eng_fat.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_fat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_fat.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h
+eng_fat.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+eng_fat.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_fat.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+eng_fat.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+eng_fat.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+eng_fat.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+eng_fat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+eng_fat.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+eng_fat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_fat.o: ../../include/openssl/ui.h ../cryptlib.h eng_fat.c eng_int.h
+eng_init.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_init.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_init.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_init.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+eng_init.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+eng_init.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_init.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_init.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_init.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_init.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_init.o: ../cryptlib.h eng_init.c eng_int.h
+eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+eng_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+eng_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_lib.o: ../cryptlib.h eng_int.h eng_lib.c
+eng_list.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_list.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_list.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_list.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_list.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+eng_list.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+eng_list.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_list.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_list.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_list.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_list.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_list.o: ../cryptlib.h eng_int.h eng_list.c
+eng_openssl.o: ../../e_os.h ../../include/openssl/aes.h
+eng_openssl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_openssl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+eng_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+eng_openssl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+eng_openssl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+eng_openssl.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+eng_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+eng_openssl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+eng_openssl.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_openssl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+eng_openssl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+eng_openssl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+eng_openssl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+eng_openssl.o: ../../include/openssl/objects.h
+eng_openssl.o: ../../include/openssl/opensslconf.h
+eng_openssl.o: ../../include/openssl/opensslv.h
+eng_openssl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+eng_openssl.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+eng_openssl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+eng_openssl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+eng_openssl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+eng_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_openssl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_openssl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+eng_openssl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_openssl.o: ../cryptlib.h eng_openssl.c
+eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
+eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+eng_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+eng_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+eng_pkey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+eng_pkey.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+eng_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+eng_pkey.o: ../cryptlib.h eng_int.h eng_pkey.c
+eng_table.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+eng_table.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+eng_table.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+eng_table.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+eng_table.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+eng_table.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+eng_table.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+eng_table.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eng_table.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+eng_table.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+eng_table.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+eng_table.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_table.o: ../../include/openssl/opensslconf.h
+eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_table.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+eng_table.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+eng_table.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+eng_table.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_table.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_table.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+eng_table.o: eng_int.h eng_table.c
+tb_cipher.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_cipher.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_cipher.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_cipher.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_cipher.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tb_cipher.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+tb_cipher.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_cipher.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+tb_cipher.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+tb_cipher.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+tb_cipher.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_cipher.o: ../../include/openssl/opensslconf.h
+tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_cipher.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_cipher.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_cipher.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_cipher.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_cipher.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_cipher.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_cipher.o: eng_int.h tb_cipher.c
+tb_dh.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_dh.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_dh.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_dh.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_dh.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_dh.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_dh.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tb_dh.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+tb_dh.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_dh.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+tb_dh.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+tb_dh.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+tb_dh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_dh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+tb_dh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+tb_dh.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+tb_dh.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+tb_dh.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+tb_dh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_dh.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+tb_dh.o: ../../include/openssl/ui_compat.h eng_int.h tb_dh.c
+tb_digest.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_digest.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_digest.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_digest.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_digest.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tb_digest.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+tb_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_digest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+tb_digest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+tb_digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+tb_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_digest.o: ../../include/openssl/opensslconf.h
+tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_digest.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_digest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_digest.o: eng_int.h tb_digest.c
+tb_dsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_dsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_dsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_dsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_dsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_dsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_dsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tb_dsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+tb_dsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_dsa.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+tb_dsa.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+tb_dsa.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+tb_dsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_dsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+tb_dsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+tb_dsa.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+tb_dsa.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+tb_dsa.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+tb_dsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_dsa.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+tb_dsa.o: ../../include/openssl/ui_compat.h eng_int.h tb_dsa.c
+tb_ecdh.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_ecdh.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_ecdh.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_ecdh.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_ecdh.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_ecdh.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_ecdh.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tb_ecdh.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+tb_ecdh.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_ecdh.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+tb_ecdh.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+tb_ecdh.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+tb_ecdh.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_ecdh.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+tb_ecdh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+tb_ecdh.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+tb_ecdh.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+tb_ecdh.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+tb_ecdh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_ecdh.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+tb_ecdh.o: ../../include/openssl/ui_compat.h eng_int.h tb_ecdh.c
+tb_ecdsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_ecdsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_ecdsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_ecdsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tb_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+tb_ecdsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_ecdsa.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+tb_ecdsa.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+tb_ecdsa.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+tb_ecdsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_ecdsa.o: ../../include/openssl/opensslconf.h
+tb_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+tb_ecdsa.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+tb_ecdsa.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+tb_ecdsa.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+tb_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+tb_ecdsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+tb_ecdsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+tb_ecdsa.o: eng_int.h tb_ecdsa.c
+tb_rand.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_rand.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_rand.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_rand.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_rand.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_rand.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tb_rand.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+tb_rand.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_rand.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+tb_rand.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+tb_rand.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+tb_rand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+tb_rand.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+tb_rand.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+tb_rand.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+tb_rand.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+tb_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_rand.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+tb_rand.o: ../../include/openssl/ui_compat.h eng_int.h tb_rand.c
+tb_rsa.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+tb_rsa.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+tb_rsa.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+tb_rsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+tb_rsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+tb_rsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+tb_rsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+tb_rsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+tb_rsa.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+tb_rsa.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+tb_rsa.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+tb_rsa.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+tb_rsa.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+tb_rsa.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+tb_rsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+tb_rsa.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+tb_rsa.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+tb_rsa.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+tb_rsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+tb_rsa.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+tb_rsa.o: ../../include/openssl/ui_compat.h eng_int.h tb_rsa.c
diff --git a/crypto/engine/README b/crypto/engine/README
new file mode 100644
index 0000000000..6b69b70f57
--- /dev/null
+++ b/crypto/engine/README
@@ -0,0 +1,211 @@
+Notes: 2001-09-24
+-----------------
+
+This "description" (if one chooses to call it that) needed some major updating
+so here goes. This update addresses a change being made at the same time to
+OpenSSL, and it pretty much completely restructures the underlying mechanics of
+the "ENGINE" code. So it serves a double purpose of being a "ENGINE internals
+for masochists" document *and* a rather extensive commit log message. (I'd get
+lynched for sticking all this in CHANGES or the commit mails :-).
+
+ENGINE_TABLE underlies this restructuring, as described in the internal header
+"eng_int.h", implemented in eng_table.c, and used in each of the "class" files;
+tb_rsa.c, tb_dsa.c, etc.
+
+However, "EVP_CIPHER" underlies the motivation and design of ENGINE_TABLE so
+I'll mention a bit about that first. EVP_CIPHER (and most of this applies
+equally to EVP_MD for digests) is both a "method" and a algorithm/mode
+identifier that, in the current API, "lingers". These cipher description +
+implementation structures can be defined or obtained directly by applications,
+or can be loaded "en masse" into EVP storage so that they can be catalogued and
+searched in various ways, ie. two ways of encrypting with the "des_cbc"
+algorithm/mode pair are;
+
+(i) directly;
+     const EVP_CIPHER *cipher = EVP_des_cbc();
+     EVP_EncryptInit(&ctx, cipher, key, iv);
+     [ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...]
+
+(ii) indirectly; 
+     OpenSSL_add_all_ciphers();
+     cipher = EVP_get_cipherbyname("des_cbc");
+     EVP_EncryptInit(&ctx, cipher, key, iv);
+     [ ... etc ... ]
+
+The latter is more generally used because it also allows ciphers/digests to be
+looked up based on other identifiers which can be useful for automatic cipher
+selection, eg. in SSL/TLS, or by user-controllable configuration.
+
+The important point about this is that EVP_CIPHER definitions and structures are
+passed around with impunity and there is no safe way, without requiring massive
+rewrites of many applications, to assume that EVP_CIPHERs can be reference
+counted. One an EVP_CIPHER is exposed to the caller, neither it nor anything it
+comes from can "safely" be destroyed. Unless of course the way of getting to
+such ciphers is via entirely distinct API calls that didn't exist before.
+However existing API usage cannot be made to understand when an EVP_CIPHER
+pointer, that has been passed to the caller, is no longer being used.
+
+The other problem with the existing API w.r.t. to hooking EVP_CIPHER support
+into ENGINE is storage - the OBJ_NAME-based storage used by EVP to register
+ciphers simultaneously registers cipher *types* and cipher *implementations* -
+they are effectively the same thing, an "EVP_CIPHER" pointer. The problem with
+hooking in ENGINEs is that multiple ENGINEs may implement the same ciphers. The
+solution is necessarily that ENGINE-provided ciphers simply are not registered,
+stored, or exposed to the caller in the same manner as existing ciphers. This is
+especially necessary considering the fact ENGINE uses reference counts to allow
+for cleanup, modularity, and DSO support - yet EVP_CIPHERs, as exposed to
+callers in the current API, support no such controls.
+
+Another sticking point for integrating cipher support into ENGINE is linkage.
+Already there is a problem with the way ENGINE supports RSA, DSA, etc whereby
+they are available *because* they're part of a giant ENGINE called "openssl".
+Ie. all implementations *have* to come from an ENGINE, but we get round that by
+having a giant ENGINE with all the software support encapsulated. This creates
+linker hassles if nothing else - linking a 1-line application that calls 2 basic
+RSA functions (eg. "RSA_free(RSA_new());") will result in large quantities of
+ENGINE code being linked in *and* because of that DSA, DH, and RAND also. If we
+continue with this approach for EVP_CIPHER support (even if it *was* possible)
+we would lose our ability to link selectively by selectively loading certain
+implementations of certain functionality. Touching any part of any kind of
+crypto would result in massive static linkage of everything else. So the
+solution is to change the way ENGINE feeds existing "classes", ie. how the
+hooking to ENGINE works from RSA, DSA, DH, RAND, as well as adding new hooking
+for EVP_CIPHER, and EVP_MD.
+
+The way this is now being done is by mostly reverting back to how things used to
+work prior to ENGINE :-). Ie. RSA now has a "RSA_METHOD" pointer again - this
+was previously replaced by an "ENGINE" pointer and all RSA code that required
+the RSA_METHOD would call ENGINE_get_RSA() each time on its ENGINE handle to
+temporarily get and use the ENGINE's RSA implementation. Apart from being more
+efficient, switching back to each RSA having an RSA_METHOD pointer also allows
+us to conceivably operate with *no* ENGINE. As we'll see, this removes any need
+for a fallback ENGINE that encapsulates default implementations - we can simply
+have our RSA structure pointing its RSA_METHOD pointer to the software
+implementation and have its ENGINE pointer set to NULL.
+
+A look at the EVP_CIPHER hooking is most explanatory, the RSA, DSA (etc) cases
+turn out to be degenerate forms of the same thing. The EVP storage of ciphers,
+and the existing EVP API functions that return "software" implementations and
+descriptions remain untouched. However, the storage takes more meaning in terms
+of "cipher description" and less meaning in terms of "implementation". When an
+EVP_CIPHER_CTX is actually initialised with an EVP_CIPHER method and is about to
+begin en/decryption, the hooking to ENGINE comes into play. What happens is that
+cipher-specific ENGINE code is asked for an ENGINE pointer (a functional
+reference) for any ENGINE that is registered to perform the algo/mode that the
+provided EVP_CIPHER structure represents. Under normal circumstances, that
+ENGINE code will return NULL because no ENGINEs will have had any cipher
+implementations *registered*. As such, a NULL ENGINE pointer is stored in the
+EVP_CIPHER_CTX context, and the EVP_CIPHER structure is left hooked into the
+context and so is used as the implementation. Pretty much how things work now
+except we'd have a redundant ENGINE pointer set to NULL and doing nothing.
+
+Conversely, if an ENGINE *has* been registered to perform the algorithm/mode
+combination represented by the provided EVP_CIPHER, then a functional reference
+to that ENGINE will be returned to the EVP_CIPHER_CTX during initialisation.
+That functional reference will be stored in the context (and released on
+cleanup) - and having that reference provides a *safe* way to use an EVP_CIPHER
+definition that is private to the ENGINE. Ie. the EVP_CIPHER provided by the
+application will actually be replaced by an EVP_CIPHER from the registered
+ENGINE - it will support the same algorithm/mode as the original but will be a
+completely different implementation. Because this EVP_CIPHER isn't stored in the
+EVP storage, nor is it returned to applications from traditional API functions,
+there is no associated problem with it not having reference counts. And of
+course, when one of these "private" cipher implementations is hooked into
+EVP_CIPHER_CTX, it is done whilst the EVP_CIPHER_CTX holds a functional
+reference to the ENGINE that owns it, thus the use of the ENGINE's EVP_CIPHER is
+safe.
+
+The "cipher-specific ENGINE code" I mentioned is implemented in tb_cipher.c but
+in essence it is simply an instantiation of "ENGINE_TABLE" code for use by
+EVP_CIPHER code. tb_digest.c is virtually identical but, of course, it is for
+use by EVP_MD code. Ditto for tb_rsa.c, tb_dsa.c, etc. These instantiations of
+ENGINE_TABLE essentially provide linker-separation of the classes so that even
+if ENGINEs implement *all* possible algorithms, an application using only
+EVP_CIPHER code will link at most code relating to EVP_CIPHER, tb_cipher.c, core
+ENGINE code that is independant of class, and of course the ENGINE
+implementation that the application loaded. It will *not* however link any
+class-specific ENGINE code for digests, RSA, etc nor will it bleed over into
+other APIs, such as the RSA/DSA/etc library code.
+
+ENGINE_TABLE is a little more complicated than may seem necessary but this is
+mostly to avoid a lot of "init()"-thrashing on ENGINEs (that may have to load
+DSOs, and other expensive setup that shouldn't be thrashed unnecessarily) *and*
+to duplicate "default" behaviour. Basically an ENGINE_TABLE instantiation, for
+example tb_cipher.c, implements a hash-table keyed by integer "nid" values.
+These nids provide the uniquenness of an algorithm/mode - and each nid will hash
+to a potentially NULL "ENGINE_PILE". An ENGINE_PILE is essentially a list of
+pointers to ENGINEs that implement that particular 'nid'. Each "pile" uses some
+caching tricks such that requests on that 'nid' will be cached and all future
+requests will return immediately (well, at least with minimal operation) unless
+a change is made to the pile, eg. perhaps an ENGINE was unloaded. The reason is
+that an application could have support for 10 ENGINEs statically linked
+in, and the machine in question may not have any of the hardware those 10
+ENGINEs support. If each of those ENGINEs has a "des_cbc" implementation, we
+want to avoid every EVP_CIPHER_CTX setup from trying (and failing) to initialise
+each of those 10 ENGINEs. Instead, the first such request will try to do that
+and will either return (and cache) a NULL ENGINE pointer or will return a
+functional reference to the first that successfully initialised. In the latter
+case it will also cache an extra functional reference to the ENGINE as a
+"default" for that 'nid'. The caching is acknowledged by a 'uptodate' variable
+that is unset only if un/registration takes place on that pile. Ie. if
+implementations of "des_cbc" are added or removed. This behaviour can be
+tweaked; the ENGINE_TABLE_FLAG_NOINIT value can be passed to
+ENGINE_set_table_flags(), in which case the only ENGINEs that tb_cipher.c will
+try to initialise from the "pile" will be those that are already initialised
+(ie. it's simply an increment of the functional reference count, and no real
+"initialisation" will take place).
+
+RSA, DSA, DH, and RAND all have their own ENGINE_TABLE code as well, and the
+difference is that they all use an implicit 'nid' of 1. Whereas EVP_CIPHERs are
+actually qualitatively different depending on 'nid' (the "des_cbc" EVP_CIPHER is
+not an interoperable implementation of "aes_256_cbc"), RSA_METHODs are
+necessarily interoperable and don't have different flavours, only different
+implementations. In other words, the ENGINE_TABLE for RSA will either be empty,
+or will have a single ENGING_PILE hashed to by the 'nid' 1 and that pile
+represents ENGINEs that implement the single "type" of RSA there is.
+
+Cleanup - the registration and unregistration may pose questions about how
+cleanup works with the ENGINE_PILE doing all this caching nonsense (ie. when the
+application or EVP_CIPHER code releases its last reference to an ENGINE, the
+ENGINE_PILE code may still have references and thus those ENGINEs will stay
+hooked in forever). The way this is handled is via "unregistration". With these
+new ENGINE changes, an abstract ENGINE can be loaded and initialised, but that
+is an algorithm-agnostic process. Even if initialised, it will not have
+registered any of its implementations (to do so would link all class "table"
+code despite the fact the application may use only ciphers, for example). This
+is deliberately a distinct step. Moreover, registration and unregistration has
+nothing to do with whether an ENGINE is *functional* or not (ie. you can even
+register an ENGINE and its implementations without it being operational, you may
+not even have the drivers to make it operate). What actually happens with
+respect to cleanup is managed inside eng_lib.c with the "engine_cleanup_***"
+functions. These functions are internal-only and each part of ENGINE code that
+could require cleanup will, upon performing its first allocation, register a
+callback with the "engine_cleanup" code. The other part of this that makes it
+tick is that the ENGINE_TABLE instantiations (tb_***.c) use NULL as their
+initialised state. So if RSA code asks for an ENGINE and no ENGINE has
+registered an implementation, the code will simply return NULL and the tb_rsa.c
+state will be unchanged. Thus, no cleanup is required unless registration takes
+place. ENGINE_cleanup() will simply iterate across a list of registered cleanup
+callbacks calling each in turn, and will then internally delete its own storage
+(a STACK). When a cleanup callback is next registered (eg. if the cleanup() is
+part of a gracefull restart and the application wants to cleanup all state then
+start again), the internal STACK storage will be freshly allocated. This is much
+the same as the situation in the ENGINE_TABLE instantiations ... NULL is the
+initialised state, so only modification operations (not queries) will cause that
+code to have to register a cleanup.
+
+What else? The bignum callbacks and associated ENGINE functions have been
+removed for two obvious reasons; (i) there was no way to generalise them to the
+mechanism now used by RSA/DSA/..., because there's no such thing as a BIGNUM
+method, and (ii) because of (i), there was no meaningful way for library or
+application code to automatically hook and use ENGINE supplied bignum functions
+anyway. Also, ENGINE_cpy() has been removed (although an internal-only version
+exists) - the idea of providing an ENGINE_cpy() function probably wasn't a good
+one and now certainly doesn't make sense in any generalised way. Some of the
+RSA, DSA, DH, and RAND functions that were fiddled during the original ENGINE
+changes have now, as a consequence, been reverted back. This is because the
+hooking of ENGINE is now automatic (and passive, it can interally use a NULL
+ENGINE pointer to simply ignore ENGINE from then on).
+
+Hell, that should be enough for now ... comments welcome: geoff@openssl.org
+
diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
new file mode 100644
index 0000000000..6bb7e93bb2
--- /dev/null
+++ b/crypto/engine/eng_all.c
@@ -0,0 +1,115 @@
+/* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/err.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+void ENGINE_load_builtin_engines(void)
+	{
+	/* There's no longer any need for an "openssl" ENGINE unless, one day,
+	 * it is the *only* way for standard builtin implementations to be be
+	 * accessed (ie. it would be possible to statically link binaries with
+	 * *no* builtin implementations). */
+#if 0
+	ENGINE_load_openssl();
+#endif
+	ENGINE_load_dynamic();
+#ifndef OPENSSL_NO_STATIC_ENGINE
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_CSWIFT
+	ENGINE_load_cswift();
+#endif
+#ifndef OPENSSL_NO_HW_NCIPHER
+	ENGINE_load_chil();
+#endif
+#ifndef OPENSSL_NO_HW_ATALLA
+	ENGINE_load_atalla();
+#endif
+#ifndef OPENSSL_NO_HW_NURON
+	ENGINE_load_nuron();
+#endif
+#ifndef OPENSSL_NO_HW_UBSEC
+	ENGINE_load_ubsec();
+#endif
+#ifndef OPENSSL_NO_HW_AEP
+	ENGINE_load_aep();
+#endif
+#ifndef OPENSSL_NO_HW_SUREWARE
+	ENGINE_load_sureware();
+#endif
+#ifndef OPENSSL_NO_HW_4758_CCA
+	ENGINE_load_4758cca();
+#endif
+#endif
+#ifdef __OpenBSD__
+	ENGINE_load_cryptodev();
+#endif
+#endif
+	}
+
+#ifdef __OpenBSD__
+void ENGINE_setup_openbsd(void) {
+	static int openbsd_default_loaded = 0;
+	if (!openbsd_default_loaded) {
+		ENGINE_load_cryptodev();
+		ENGINE_register_all_complete();
+	}
+	openbsd_default_loaded=1;
+}
+#endif
diff --git a/crypto/engine/eng_cnf.c b/crypto/engine/eng_cnf.c
new file mode 100644
index 0000000000..cdf670901a
--- /dev/null
+++ b/crypto/engine/eng_cnf.c
@@ -0,0 +1,242 @@
+/* eng_cnf.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/engine.h>
+
+/* #define ENGINE_CONF_DEBUG */
+
+/* ENGINE config module */
+
+static char *skip_dot(char *name)
+	{
+	char *p;
+	p = strchr(name, '.');
+	if (p)
+		return p + 1;
+	return name;
+	}
+
+static STACK_OF(ENGINE) *initialized_engines = NULL;
+
+static int int_engine_init(ENGINE *e)
+	{
+	if (!ENGINE_init(e))
+		return 0;
+	if (!initialized_engines)
+		initialized_engines = sk_ENGINE_new_null();
+	if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e))
+		{
+		ENGINE_finish(e);
+		return 0;
+		}
+	return 1;
+	}
+	
+
+static int int_engine_configure(char *name, char *value, const CONF *cnf)
+	{
+	int i;
+	int ret = 0;
+	long do_init = -1;
+	STACK_OF(CONF_VALUE) *ecmds;
+	CONF_VALUE *ecmd;
+	char *ctrlname, *ctrlvalue;
+	ENGINE *e = NULL;
+	name = skip_dot(name);
+#ifdef ENGINE_CONF_DEBUG
+	fprintf(stderr, "Configuring engine %s\n", name);
+#endif
+	/* Value is a section containing ENGINE commands */
+	ecmds = NCONF_get_section(cnf, value);
+
+	if (!ecmds)
+		{
+		ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_SECTION_ERROR);
+		return 0;
+		}
+
+	for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++)
+		{
+		ecmd = sk_CONF_VALUE_value(ecmds, i);
+		ctrlname = skip_dot(ecmd->name);
+		ctrlvalue = ecmd->value;
+#ifdef ENGINE_CONF_DEBUG
+	fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname, ctrlvalue);
+#endif
+
+		/* First handle some special pseudo ctrls */
+
+		/* Override engine name to use */
+		if (!strcmp(ctrlname, "engine_id"))
+			name = ctrlvalue;
+		/* Load a dynamic ENGINE */
+		else if (!strcmp(ctrlname, "dynamic_path"))
+			{
+			e = ENGINE_by_id("dynamic");
+			if (!e)
+				goto err;
+			if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
+				goto err;
+			if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
+				goto err;
+			if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
+				goto err;
+			}
+		/* ... add other pseudos here ... */
+		else
+			{
+			/* At this point we need an ENGINE structural reference
+			 * if we don't already have one.
+			 */
+			if (!e)
+				{
+				e = ENGINE_by_id(name);
+				if (!e)
+					return 0;
+				}
+			/* Allow "EMPTY" to mean no value: this allows a valid
+			 * "value" to be passed to ctrls of type NO_INPUT
+		 	 */
+			if (!strcmp(ctrlvalue, "EMPTY"))
+				ctrlvalue = NULL;
+			else if (!strcmp(ctrlname, "init"))
+				{
+				if (!NCONF_get_number_e(cnf, value, "init", &do_init))
+					goto err;
+				if (do_init == 1)
+					{
+					if (!int_engine_init(e))
+						goto err;
+					}
+				else if (do_init != 0)
+					{
+					ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_INVALID_INIT_VALUE);
+					goto err;
+					}
+				}
+			else if (!strcmp(ctrlname, "default_algorithms"))
+				{
+				if (!ENGINE_set_default_string(e, ctrlvalue))
+					goto err;
+				}
+			else if (!ENGINE_ctrl_cmd_string(e,
+					ctrlname, ctrlvalue, 0))
+				return 0;
+			}
+
+
+
+		}
+	if (e && (do_init == -1) && !int_engine_init(e))
+		goto err;
+	ret = 1;
+	err:
+	if (e)
+		ENGINE_free(e);
+	return ret;
+	}
+
+
+static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
+	{
+	STACK_OF(CONF_VALUE) *elist;
+	CONF_VALUE *cval;
+	int i;
+#ifdef ENGINE_CONF_DEBUG
+	fprintf(stderr, "Called engine module: name %s, value %s\n",
+			CONF_imodule_get_name(md), CONF_imodule_get_value(md));
+#endif
+	/* Value is a section containing ENGINEs to configure */
+	elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
+
+	if (!elist)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_MODULE_INIT, ENGINE_R_ENGINES_SECTION_ERROR);
+		return 0;
+		}
+
+	for (i = 0; i < sk_CONF_VALUE_num(elist); i++)
+		{
+		cval = sk_CONF_VALUE_value(elist, i);
+		if (!int_engine_configure(cval->name, cval->value, cnf))
+			return 0;
+		}
+
+	return 1;
+	}
+
+static void int_engine_module_finish(CONF_IMODULE *md)
+	{
+	ENGINE *e;
+	while ((e = sk_ENGINE_pop(initialized_engines)))
+		ENGINE_finish(e);
+	sk_ENGINE_free(initialized_engines);
+	initialized_engines = NULL;
+	}
+	
+
+void ENGINE_add_conf_module(void)
+	{
+	CONF_module_add("engines",
+			int_engine_module_init,
+			int_engine_module_finish);
+	}
diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c
new file mode 100644
index 0000000000..be7ed6bb3f
--- /dev/null
+++ b/crypto/engine/eng_cryptodev.c
@@ -0,0 +1,1130 @@
+/*
+ * Copyright (c) 2002 Bob Beck <beck@openbsd.org>
+ * Copyright (c) 2002 Theo de Raadt
+ * Copyright (c) 2002 Markus Friedl
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the author nor the names of contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <openssl/objects.h>
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+
+#ifndef __OpenBSD__
+
+void
+ENGINE_load_cryptodev(void)
+{
+	/* This is a NOP unless __OpenBSD__ is defined */
+	return;
+}
+
+#else /* __OpenBSD__ */
+
+#include <sys/types.h>
+#include <sys/param.h>
+
+#if OpenBSD < 200112
+
+void
+ENGINE_load_cryptodev(void)
+{
+	/* This is a NOP unless we have release 3.0 (released december 2001) */
+	return;
+}
+
+#else /* OpenBSD 3.0 or above */
+
+#include <crypto/cryptodev.h>
+#include <sys/ioctl.h>
+#include <errno.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <stdarg.h>
+#include <syslog.h>
+#include <errno.h>
+#include <string.h>
+
+struct dev_crypto_state {
+	struct session_op d_sess;
+	int d_fd;
+};
+
+static u_int32_t cryptodev_asymfeat = 0;
+
+static int get_asym_dev_crypto(void);
+static int open_dev_crypto(void);
+static int get_dev_crypto(void);
+static int cryptodev_max_iv(int cipher);
+static int cryptodev_key_length_valid(int cipher, int len);
+static int cipher_nid_to_cryptodev(int nid);
+static int get_cryptodev_ciphers(const int **cnids);
+static int get_cryptodev_digests(const int **cnids);
+static int cryptodev_usable_ciphers(const int **nids);
+static int cryptodev_usable_digests(const int **nids);
+static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+    const unsigned char *in, unsigned int inl);
+static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc);
+static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
+static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+    const int **nids, int nid);
+static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+    const int **nids, int nid);
+static int bn2crparam(const BIGNUM *a, struct crparam *crp);
+static int crparam2bn(struct crparam *crp, BIGNUM *a);
+static void zapparams(struct crypt_kop *kop);
+static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
+    int slen, BIGNUM *s);
+
+static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
+    RSA *rsa);
+static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+    BN_CTX *ctx, BN_MONT_CTX *mont);
+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
+    int dlen, DSA *dsa);
+static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
+    DSA_SIG *sig, DSA *dsa);
+static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+    BN_MONT_CTX *m_ctx);
+static int cryptodev_dh_compute_key(unsigned char *key,
+    const BIGNUM *pub_key, DH *dh);
+static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
+    void (*f)());
+void ENGINE_load_cryptodev(void);
+
+static const ENGINE_CMD_DEFN cryptodev_defns[] = {
+	{ 0, NULL, NULL, 0 }
+};
+
+static struct {
+	int	id;
+	int	nid;
+	int	ivmax;
+	int	keylen;
+} ciphers[] = {
+	{ CRYPTO_DES_CBC,		NID_des_cbc,		8,	 8, },
+	{ CRYPTO_3DES_CBC,		NID_des_ede3_cbc,	8,	24, },
+	{ CRYPTO_AES_CBC,		NID_aes_128_cbc,	16,	16, },
+	{ CRYPTO_BLF_CBC,		NID_bf_cbc,		8,	16, },
+	{ CRYPTO_CAST_CBC,		NID_cast5_cbc,		8,	16, },
+	{ CRYPTO_SKIPJACK_CBC,		NID_undef,		0,	 0, },
+	{ 0,				NID_undef,		0,	 0, },
+};
+
+static struct {
+	int	id;
+	int	nid;
+} digests[] = {
+	{ CRYPTO_SHA1_HMAC,		NID_hmacWithSHA1,	},
+	{ CRYPTO_RIPEMD160_HMAC,	NID_ripemd160,		},
+	{ CRYPTO_MD5_KPDK,		NID_undef,		},
+	{ CRYPTO_SHA1_KPDK,		NID_undef,		},
+	{ CRYPTO_MD5,			NID_md5,		},
+	{ CRYPTO_SHA1,			NID_undef,		},
+	{ 0,				NID_undef,		},
+};
+
+/*
+ * Return a fd if /dev/crypto seems usable, 0 otherwise.
+ */
+static int
+open_dev_crypto(void)
+{
+	static int fd = -1;
+
+	if (fd == -1) {
+		if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
+			return (-1);
+		/* close on exec */
+		if (fcntl(fd, F_SETFD, 1) == -1) {
+			close(fd);
+			fd = -1;
+			return (-1);
+		}
+	}
+	return (fd);
+}
+
+static int
+get_dev_crypto(void)
+{
+	int fd, retfd;
+
+	if ((fd = open_dev_crypto()) == -1)
+		return (-1);
+	if (ioctl(fd, CRIOGET, &retfd) == -1)
+		return (-1);
+
+	/* close on exec */
+	if (fcntl(retfd, F_SETFD, 1) == -1) {
+		close(retfd);
+		return (-1);
+	}
+	return (retfd);
+}
+
+/* Caching version for asym operations */
+static int
+get_asym_dev_crypto(void)
+{
+	static int fd = -1;
+
+	if (fd == -1)
+		fd = get_dev_crypto();
+	return fd;
+}
+
+/*
+ * XXXX this needs to be set for each alg - and determined from
+ * a running card.
+ */
+static int
+cryptodev_max_iv(int cipher)
+{
+	int i;
+
+	for (i = 0; ciphers[i].id; i++)
+		if (ciphers[i].id == cipher)
+			return (ciphers[i].ivmax);
+	return (0);
+}
+
+/*
+ * XXXX this needs to be set for each alg - and determined from
+ * a running card. For now, fake it out - but most of these
+ * for real devices should return 1 for the supported key
+ * sizes the device can handle.
+ */
+static int
+cryptodev_key_length_valid(int cipher, int len)
+{
+	int i;
+
+	for (i = 0; ciphers[i].id; i++)
+		if (ciphers[i].id == cipher)
+			return (ciphers[i].keylen == len);
+	return (0);
+}
+
+/* convert libcrypto nids to cryptodev */
+static int
+cipher_nid_to_cryptodev(int nid)
+{
+	int i;
+
+	for (i = 0; ciphers[i].id; i++)
+		if (ciphers[i].nid == nid)
+			return (ciphers[i].id);
+	return (0);
+}
+
+/*
+ * Find out what ciphers /dev/crypto will let us have a session for.
+ * XXX note, that some of these openssl doesn't deal with yet!
+ * returning them here is harmless, as long as we return NULL
+ * when asked for a handler in the cryptodev_engine_ciphers routine
+ */
+static int
+get_cryptodev_ciphers(const int **cnids)
+{
+	static int nids[CRYPTO_ALGORITHM_MAX];
+	struct session_op sess;
+	int fd, i, count = 0;
+
+	if ((fd = get_dev_crypto()) < 0) {
+		*nids = NULL;
+		return (0);
+	}
+	memset(&sess, 0, sizeof(sess));
+	sess.key = (caddr_t)"123456781234567812345678";
+
+	for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+		if (ciphers[i].nid == NID_undef)
+			continue;
+		sess.cipher = ciphers[i].id;
+		sess.keylen = ciphers[i].keylen;
+		sess.mac = 0;
+		if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+		    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+			nids[count++] = ciphers[i].nid;
+	}
+	close(fd);
+
+	if (count > 0)
+		*cnids = nids;
+	else
+		*cnids = NULL;
+	return (count);
+}
+
+/*
+ * Find out what digests /dev/crypto will let us have a session for.
+ * XXX note, that some of these openssl doesn't deal with yet!
+ * returning them here is harmless, as long as we return NULL
+ * when asked for a handler in the cryptodev_engine_digests routine
+ */
+static int
+get_cryptodev_digests(const int **cnids)
+{
+	static int nids[CRYPTO_ALGORITHM_MAX];
+	struct session_op sess;
+	int fd, i, count = 0;
+
+	if ((fd = get_dev_crypto()) < 0) {
+		*nids = NULL;
+		return (0);
+	}
+	memset(&sess, 0, sizeof(sess));
+	for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+		if (digests[i].nid == NID_undef)
+			continue;
+		sess.mac = digests[i].id;
+		sess.cipher = 0;
+		if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+		    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+			nids[count++] = digests[i].nid;
+	}
+	close(fd);
+
+	if (count > 0)
+		*cnids = nids;
+	else
+		*cnids = NULL;
+	return (count);
+}
+
+/*
+ * Find the useable ciphers|digests from dev/crypto - this is the first
+ * thing called by the engine init crud which determines what it
+ * can use for ciphers from this engine. We want to return
+ * only what we can do, anythine else is handled by software.
+ *
+ * If we can't initialize the device to do anything useful for
+ * any reason, we want to return a NULL array, and 0 length,
+ * which forces everything to be done is software. By putting
+ * the initalization of the device in here, we ensure we can
+ * use this engine as the default, and if for whatever reason
+ * /dev/crypto won't do what we want it will just be done in
+ * software
+ *
+ * This can (should) be greatly expanded to perhaps take into
+ * account speed of the device, and what we want to do.
+ * (although the disabling of particular alg's could be controlled
+ * by the device driver with sysctl's.) - this is where we
+ * want most of the decisions made about what we actually want
+ * to use from /dev/crypto.
+ */
+static int
+cryptodev_usable_ciphers(const int **nids)
+{
+	return (get_cryptodev_ciphers(nids));
+}
+
+static int
+cryptodev_usable_digests(const int **nids)
+{
+	/*
+	 * XXXX just disable all digests for now, because it sucks.
+	 * we need a better way to decide this - i.e. I may not
+	 * want digests on slow cards like hifn on fast machines,
+	 * but might want them on slow or loaded machines, etc.
+	 * will also want them when using crypto cards that don't
+	 * suck moose gonads - would be nice to be able to decide something
+	 * as reasonable default without having hackery that's card dependent.
+	 * of course, the default should probably be just do everything,
+	 * with perhaps a sysctl to turn algoritms off (or have them off
+	 * by default) on cards that generally suck like the hifn.
+	 */
+	*nids = NULL;
+	return (0);
+}
+
+static int
+cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+    const unsigned char *in, unsigned int inl)
+{
+	struct crypt_op cryp;
+	struct dev_crypto_state *state = ctx->cipher_data;
+	struct session_op *sess = &state->d_sess;
+	void *iiv;
+	unsigned char save_iv[EVP_MAX_IV_LENGTH];
+
+	if (state->d_fd < 0)
+		return (0);
+	if (!inl)
+		return (1);
+	if ((inl % ctx->cipher->block_size) != 0)
+		return (0);
+
+	memset(&cryp, 0, sizeof(cryp));
+
+	cryp.ses = sess->ses;
+	cryp.flags = 0;
+	cryp.len = inl;
+	cryp.src = (caddr_t) in;
+	cryp.dst = (caddr_t) out;
+	cryp.mac = 0;
+
+	cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+
+	if (ctx->cipher->iv_len) {
+		cryp.iv = (caddr_t) ctx->iv;
+		if (!ctx->encrypt) {
+			iiv = (void *) in + inl - ctx->cipher->iv_len;
+			memcpy(save_iv, iiv, ctx->cipher->iv_len);
+		}
+	} else
+		cryp.iv = NULL;
+
+	if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
+		/* XXX need better errror handling
+		 * this can fail for a number of different reasons.
+		 */
+		return (0);
+	}
+
+	if (ctx->cipher->iv_len) {
+		if (ctx->encrypt)
+			iiv = (void *) out + inl - ctx->cipher->iv_len;
+		else
+			iiv = save_iv;
+		memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
+	}
+	return (1);
+}
+
+static int
+cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc)
+{
+	struct dev_crypto_state *state = ctx->cipher_data;
+	struct session_op *sess = &state->d_sess;
+	int cipher;
+
+	if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
+		return (0);
+
+	if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
+		return (0);
+
+	if (!cryptodev_key_length_valid(cipher, ctx->key_len))
+		return (0);
+
+	memset(sess, 0, sizeof(struct session_op));
+
+	if ((state->d_fd = get_dev_crypto()) < 0)
+		return (0);
+
+	sess->key = (unsigned char *)key;
+	sess->keylen = ctx->key_len;
+	sess->cipher = cipher;
+
+	if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
+		close(state->d_fd);
+		state->d_fd = -1;
+		return (0);
+	}
+	return (1);
+}
+
+/*
+ * free anything we allocated earlier when initting a
+ * session, and close the session.
+ */
+static int
+cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+{
+	int ret = 0;
+	struct dev_crypto_state *state = ctx->cipher_data;
+	struct session_op *sess = &state->d_sess;
+
+	if (state->d_fd < 0)
+		return (0);
+
+	/* XXX if this ioctl fails, someting's wrong. the invoker
+	 * may have called us with a bogus ctx, or we could
+	 * have a device that for whatever reason just doesn't
+	 * want to play ball - it's not clear what's right
+	 * here - should this be an error? should it just
+	 * increase a counter, hmm. For right now, we return
+	 * 0 - I don't believe that to be "right". we could
+	 * call the gorpy openssl lib error handlers that
+	 * print messages to users of the library. hmm..
+	 */
+
+	if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
+		ret = 0;
+	} else {
+		ret = 1;
+	}
+	close(state->d_fd);
+	state->d_fd = -1;
+
+	return (ret);
+}
+
+/*
+ * libcrypto EVP stuff - this is how we get wired to EVP so the engine
+ * gets called when libcrypto requests a cipher NID.
+ */
+
+/* DES CBC EVP */
+const EVP_CIPHER cryptodev_des_cbc = {
+	NID_des_cbc,
+	8, 8, 8,
+	EVP_CIPH_CBC_MODE,
+	cryptodev_init_key,
+	cryptodev_cipher,
+	cryptodev_cleanup,
+	sizeof(struct dev_crypto_state),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	NULL
+};
+
+/* 3DES CBC EVP */
+const EVP_CIPHER cryptodev_3des_cbc = {
+	NID_des_ede3_cbc,
+	8, 24, 8,
+	EVP_CIPH_CBC_MODE,
+	cryptodev_init_key,
+	cryptodev_cipher,
+	cryptodev_cleanup,
+	sizeof(struct dev_crypto_state),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	NULL
+};
+
+const EVP_CIPHER cryptodev_bf_cbc = {
+	NID_bf_cbc,
+	8, 16, 8,
+	EVP_CIPH_CBC_MODE,
+	cryptodev_init_key,
+	cryptodev_cipher,
+	cryptodev_cleanup,
+	sizeof(struct dev_crypto_state),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	NULL
+};
+
+const EVP_CIPHER cryptodev_cast_cbc = {
+	NID_cast5_cbc,
+	8, 16, 8,
+	EVP_CIPH_CBC_MODE,
+	cryptodev_init_key,
+	cryptodev_cipher,
+	cryptodev_cleanup,
+	sizeof(struct dev_crypto_state),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	NULL
+};
+
+const EVP_CIPHER cryptodev_aes_cbc = {
+	NID_aes_128_cbc,
+	16, 16, 16,
+	EVP_CIPH_CBC_MODE,
+	cryptodev_init_key,
+	cryptodev_cipher,
+	cryptodev_cleanup,
+	sizeof(struct dev_crypto_state),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	NULL
+};
+
+/*
+ * Registered by the ENGINE when used to find out how to deal with
+ * a particular NID in the ENGINE. this says what we'll do at the
+ * top level - note, that list is restricted by what we answer with
+ */
+static int
+cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+    const int **nids, int nid)
+{
+	if (!cipher)
+		return (cryptodev_usable_ciphers(nids));
+
+	switch (nid) {
+	case NID_des_ede3_cbc:
+		*cipher = &cryptodev_3des_cbc;
+		break;
+	case NID_des_cbc:
+		*cipher = &cryptodev_des_cbc;
+		break;
+	case NID_bf_cbc:
+		*cipher = &cryptodev_bf_cbc;
+		break;
+	case NID_cast5_cbc:
+		*cipher = &cryptodev_cast_cbc;
+		break;
+	case NID_aes_128_cbc:
+		*cipher = &cryptodev_aes_cbc;
+		break;
+	default:
+		*cipher = NULL;
+		break;
+	}
+	return (*cipher != NULL);
+}
+
+static int
+cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
+    const int **nids, int nid)
+{
+	if (!digest)
+		return (cryptodev_usable_digests(nids));
+
+	switch (nid) {
+	case NID_md5:
+		*digest = NULL; /* need to make a clean md5 critter */
+		break;
+	default:
+		*digest = NULL;
+		break;
+	}
+	return (*digest != NULL);
+}
+
+/*
+ * Convert a BIGNUM to the representation that /dev/crypto needs.
+ * Upon completion of use, the caller is responsible for freeing
+ * crp->crp_p.
+ */
+static int
+bn2crparam(const BIGNUM *a, struct crparam *crp)
+{
+	int i, j, k;
+	ssize_t words, bytes, bits;
+	u_char *b;
+
+	crp->crp_p = NULL;
+	crp->crp_nbits = 0;
+
+	bits = BN_num_bits(a);
+	bytes = (bits + 7) / 8;
+
+	b = malloc(bytes);
+	if (b == NULL)
+		return (1);
+
+	crp->crp_p = b;
+	crp->crp_nbits = bits;
+
+	for (i = 0, j = 0; i < a->top; i++) {
+		for (k = 0; k < BN_BITS2 / 8; k++) {
+			if ((j + k) >= bytes)
+				return (0);
+			b[j + k] = a->d[i] >> (k * 8);
+		}
+		j += BN_BITS2 / 8;
+	}
+	return (0);
+}
+
+/* Convert a /dev/crypto parameter to a BIGNUM */
+static int
+crparam2bn(struct crparam *crp, BIGNUM *a)
+{
+	u_int8_t *pd;
+	int i, bytes;
+
+	bytes = (crp->crp_nbits + 7) / 8;
+
+	if (bytes == 0)
+		return (-1);
+
+	if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
+		return (-1);
+
+	for (i = 0; i < bytes; i++)
+		pd[i] = crp->crp_p[bytes - i - 1];
+
+	BN_bin2bn(pd, bytes, a);
+	free(pd);
+
+	return (0);
+}
+
+static void
+zapparams(struct crypt_kop *kop)
+{
+	int i;
+
+	for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {
+		if (kop->crk_param[i].crp_p)
+			free(kop->crk_param[i].crp_p);
+		kop->crk_param[i].crp_p = NULL;
+		kop->crk_param[i].crp_nbits = 0;
+	}
+}
+
+static int
+cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
+{
+	int fd, ret = -1;
+
+	if ((fd = get_asym_dev_crypto()) < 0)
+		return (ret);
+
+	if (r) {
+		kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
+		kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
+		kop->crk_oparams++;
+	}
+	if (s) {
+		kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
+		kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
+		kop->crk_oparams++;
+	}
+
+	if (ioctl(fd, CIOCKEY, kop) == 0) {
+		if (r)
+			crparam2bn(&kop->crk_param[kop->crk_iparams], r);
+		if (s)
+			crparam2bn(&kop->crk_param[kop->crk_iparams+1], s);
+		ret = 0;
+	}
+
+	return (ret);
+}
+
+static int
+cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+	struct crypt_kop kop;
+	int ret = 1;
+
+	/* Currently, we know we can do mod exp iff we can do any
+	 * asymmetric operations at all.
+	 */
+	if (cryptodev_asymfeat == 0) {
+		ret = BN_mod_exp(r, a, p, m, ctx);
+		return (ret);
+	}
+
+	memset(&kop, 0, sizeof kop);
+	kop.crk_op = CRK_MOD_EXP;
+
+	/* inputs: a^p % m */
+	if (bn2crparam(a, &kop.crk_param[0]))
+		goto err;
+	if (bn2crparam(p, &kop.crk_param[1]))
+		goto err;
+	if (bn2crparam(m, &kop.crk_param[2]))
+		goto err;
+	kop.crk_iparams = 3;
+
+	if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL) == -1) {
+		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+		ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+	}
+err:
+	zapparams(&kop);
+	return (ret);
+}
+
+static int
+cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+{
+	int r;
+	BN_CTX *ctx;
+
+	ctx = BN_CTX_new();
+	r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
+	BN_CTX_free(ctx);
+	return (r);
+}
+
+static int
+cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+{
+	struct crypt_kop kop;
+	int ret = 1;
+
+	if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+		/* XXX 0 means failure?? */
+		return (0);
+	}
+
+	memset(&kop, 0, sizeof kop);
+	kop.crk_op = CRK_MOD_EXP_CRT;
+	/* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+	if (bn2crparam(rsa->p, &kop.crk_param[0]))
+		goto err;
+	if (bn2crparam(rsa->q, &kop.crk_param[1]))
+		goto err;
+	if (bn2crparam(I, &kop.crk_param[2]))
+		goto err;
+	if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
+		goto err;
+	if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
+		goto err;
+	if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
+		goto err;
+	kop.crk_iparams = 6;
+
+	if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL) == -1) {
+		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+		ret = (*meth->rsa_mod_exp)(r0, I, rsa);
+	}
+err:
+	zapparams(&kop);
+	return (ret);
+}
+
+static RSA_METHOD cryptodev_rsa = {
+	"cryptodev RSA method",
+	NULL,				/* rsa_pub_enc */
+	NULL,				/* rsa_pub_dec */
+	NULL,				/* rsa_priv_enc */
+	NULL,				/* rsa_priv_dec */
+	NULL,
+	NULL,
+	NULL,				/* init */
+	NULL,				/* finish */
+	0,				/* flags */
+	NULL,				/* app_data */
+	NULL,				/* rsa_sign */
+	NULL				/* rsa_verify */
+};
+
+static int
+cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+	return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+}
+
+static int
+cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
+    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+    BN_CTX *ctx, BN_MONT_CTX *mont)
+{
+	BIGNUM t2;
+	int ret = 0;
+
+	BN_init(&t2);
+
+	/* v = ( g^u1 * y^u2 mod p ) mod q */
+	/* let t1 = g ^ u1 mod p */
+	ret = 0;
+
+	if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
+		goto err;
+
+	/* let t2 = y ^ u2 mod p */
+	if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
+		goto err;
+	/* let u1 = t1 * t2 mod p */
+	if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
+		goto err;
+
+	BN_copy(t1,u1);
+
+	ret = 1;
+err:
+	BN_free(&t2);
+	return(ret);
+}
+
+static DSA_SIG *
+cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+{
+	struct crypt_kop kop;
+	BIGNUM *r = NULL, *s = NULL;
+	DSA_SIG *dsaret = NULL;
+
+	if ((r = BN_new()) == NULL)
+		goto err;
+	if ((s = BN_new()) == NULL) {
+		BN_free(r);
+		goto err;
+	}
+
+	printf("bar\n");
+	memset(&kop, 0, sizeof kop);
+	kop.crk_op = CRK_DSA_SIGN;
+
+	/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+	kop.crk_param[0].crp_p = (caddr_t)dgst;
+	kop.crk_param[0].crp_nbits = dlen * 8;
+	if (bn2crparam(dsa->p, &kop.crk_param[1]))
+		goto err;
+	if (bn2crparam(dsa->q, &kop.crk_param[2]))
+		goto err;
+	if (bn2crparam(dsa->g, &kop.crk_param[3]))
+		goto err;
+	if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
+		goto err;
+	kop.crk_iparams = 5;
+
+	if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
+	    BN_num_bytes(dsa->q), s) == 0) {
+		dsaret = DSA_SIG_new();
+		dsaret->r = r;
+		dsaret->s = s;
+	} else {
+		const DSA_METHOD *meth = DSA_OpenSSL();
+		BN_free(r);
+		BN_free(s);
+		dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
+	}
+err:
+	kop.crk_param[0].crp_p = NULL;
+	zapparams(&kop);
+	return (dsaret);
+}
+
+static int
+cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
+    DSA_SIG *sig, DSA *dsa)
+{
+	struct crypt_kop kop;
+	int dsaret = 1;
+
+	memset(&kop, 0, sizeof kop);
+	kop.crk_op = CRK_DSA_VERIFY;
+
+	/* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
+	kop.crk_param[0].crp_p = (caddr_t)dgst;
+	kop.crk_param[0].crp_nbits = dlen * 8;
+	if (bn2crparam(dsa->p, &kop.crk_param[1]))
+		goto err;
+	if (bn2crparam(dsa->q, &kop.crk_param[2]))
+		goto err;
+	if (bn2crparam(dsa->g, &kop.crk_param[3]))
+		goto err;
+	if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
+		goto err;
+	if (bn2crparam(sig->r, &kop.crk_param[5]))
+		goto err;
+	if (bn2crparam(sig->s, &kop.crk_param[6]))
+		goto err;
+	kop.crk_iparams = 7;
+
+	if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+		dsaret = kop.crk_status;
+	} else {
+		const DSA_METHOD *meth = DSA_OpenSSL();
+
+		dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
+	}
+err:
+	kop.crk_param[0].crp_p = NULL;
+	zapparams(&kop);
+	return (dsaret);
+}
+
+static DSA_METHOD cryptodev_dsa = {
+	"cryptodev DSA method",
+	NULL,
+	NULL,				/* dsa_sign_setup */
+	NULL,
+	NULL,				/* dsa_mod_exp */
+	NULL,
+	NULL,				/* init */
+	NULL,				/* finish */
+	0,	/* flags */
+	NULL	/* app_data */
+};
+
+static int
+cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+    BN_MONT_CTX *m_ctx)
+{
+	return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+}
+
+static int
+cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+	struct crypt_kop kop;
+	int dhret = 1;
+	int fd, keylen;
+
+	if ((fd = get_asym_dev_crypto()) < 0) {
+		const DH_METHOD *meth = DH_OpenSSL();
+
+		return ((meth->compute_key)(key, pub_key, dh));
+	}
+
+	keylen = BN_num_bits(dh->p);
+
+	memset(&kop, 0, sizeof kop);
+	kop.crk_op = CRK_DH_COMPUTE_KEY;
+
+	/* inputs: dh->priv_key pub_key dh->p key */
+	if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
+		goto err;
+	if (bn2crparam(pub_key, &kop.crk_param[1]))
+		goto err;
+	if (bn2crparam(dh->p, &kop.crk_param[2]))
+		goto err;
+	kop.crk_iparams = 3;
+
+	kop.crk_param[3].crp_p = key;
+	kop.crk_param[3].crp_nbits = keylen * 8;
+	kop.crk_oparams = 1;
+
+	if (ioctl(fd, CIOCKEY, &kop) == -1) {
+		const DH_METHOD *meth = DH_OpenSSL();
+
+		dhret = (meth->compute_key)(key, pub_key, dh);
+	}
+err:
+	kop.crk_param[3].crp_p = NULL;
+	zapparams(&kop);
+	return (dhret);
+}
+
+static DH_METHOD cryptodev_dh = {
+	"cryptodev DH method",
+	NULL,				/* cryptodev_dh_generate_key */
+	NULL,
+	NULL,
+	NULL,
+	NULL,
+	0,	/* flags */
+	NULL	/* app_data */
+};
+
+/*
+ * ctrl right now is just a wrapper that doesn't do much
+ * but I expect we'll want some options soon.
+ */
+static int
+cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+{
+	struct syslog_data sd = SYSLOG_DATA_INIT;
+
+	switch (cmd) {
+	default:
+		syslog_r(LOG_ERR, &sd,
+		    "cryptodev_ctrl: unknown command %d", cmd);
+		break;
+	}
+	return (1);
+}
+
+void
+ENGINE_load_cryptodev(void)
+{
+	ENGINE *engine = ENGINE_new();
+	int fd;
+
+	if (engine == NULL)
+		return;
+	if ((fd = get_dev_crypto()) < 0)
+		return;
+
+	/*
+	 * find out what asymmetric crypto algorithms we support
+	 */
+	if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
+		close(fd);
+		return;
+	}
+	close(fd);
+
+	if (!ENGINE_set_id(engine, "cryptodev") ||
+	    !ENGINE_set_name(engine, "OpenBSD cryptodev engine") ||
+	    !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+	    !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
+	    !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
+	    !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
+		ENGINE_free(engine);
+		return;
+	}
+
+	if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
+		const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
+
+		cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
+		cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
+		cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
+		cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
+		cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
+		cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
+		if (cryptodev_asymfeat & CRF_MOD_EXP) {
+			cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
+			if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
+				cryptodev_rsa.rsa_mod_exp =
+				    cryptodev_rsa_mod_exp;
+			else
+				cryptodev_rsa.rsa_mod_exp =
+				    cryptodev_rsa_nocrt_mod_exp;
+		}
+	}
+
+	if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
+		const DSA_METHOD *meth = DSA_OpenSSL();
+
+		memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+		if (cryptodev_asymfeat & CRF_DSA_SIGN)
+			cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+		if (cryptodev_asymfeat & CRF_MOD_EXP) {
+			cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
+			cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
+		}
+		if (cryptodev_asymfeat & CRF_DSA_VERIFY)
+			cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
+	}
+
+	if (ENGINE_set_DH(engine, &cryptodev_dh)){
+		const DH_METHOD *dh_meth = DH_OpenSSL();
+
+		cryptodev_dh.generate_key = dh_meth->generate_key;
+		cryptodev_dh.compute_key = dh_meth->compute_key;
+		cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
+		if (cryptodev_asymfeat & CRF_MOD_EXP) {
+			cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
+			if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
+				cryptodev_dh.compute_key =
+				    cryptodev_dh_compute_key;
+		}
+	}
+
+	ENGINE_add(engine);
+	ENGINE_free(engine);
+	ERR_clear_error();
+}
+
+#endif /* OpenBSD 3.0 or above */
+#endif /* __OpenBSD__ */
diff --git a/crypto/engine/eng_ctrl.c b/crypto/engine/eng_ctrl.c
new file mode 100644
index 0000000000..ad3858395b
--- /dev/null
+++ b/crypto/engine/eng_ctrl.c
@@ -0,0 +1,387 @@
+/* crypto/engine/eng_ctrl.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+
+/* When querying a ENGINE-specific control command's 'description', this string
+ * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */
+static const char *int_no_description = "";
+
+/* These internal functions handle 'CMD'-related control commands when the
+ * ENGINE in question has asked us to take care of it (ie. the ENGINE did not
+ * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */
+
+static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn)
+	{
+	if((defn->cmd_num == 0) || (defn->cmd_name == NULL))
+		return 1;
+	return 0;
+	}
+
+static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s)
+	{
+	int idx = 0;
+	while(!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0))
+		{
+		idx++;
+		defn++;
+		}
+	if(int_ctrl_cmd_is_null(defn))
+		/* The given name wasn't found */
+		return -1;
+	return idx;
+	}
+
+static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)
+	{
+	int idx = 0;
+	/* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
+	 * our searches don't need to take any longer than necessary. */
+	while(!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num))
+		{
+		idx++;
+		defn++;
+		}
+	if(defn->cmd_num == num)
+		return idx;
+	/* The given cmd_num wasn't found */
+	return -1;
+	}
+
+static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)())
+	{
+	int idx;
+	char *s = (char *)p;
+	/* Take care of the easy one first (eg. it requires no searches) */
+	if(cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE)
+		{
+		if((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))
+			return 0;
+		return e->cmd_defns->cmd_num;
+		}
+	/* One or two commands require that "p" be a valid string buffer */
+	if((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
+			(cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
+			(cmd == ENGINE_CTRL_GET_DESC_FROM_CMD))
+		{
+		if(s == NULL)
+			{
+			ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
+				ERR_R_PASSED_NULL_PARAMETER);
+			return -1;
+			}
+		}
+	/* Now handle cmd_name -> cmd_num conversion */
+	if(cmd == ENGINE_CTRL_GET_CMD_FROM_NAME)
+		{
+		if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_name(
+						e->cmd_defns, s)) < 0))
+			{
+			ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
+				ENGINE_R_INVALID_CMD_NAME);
+			return -1;
+			}
+		return e->cmd_defns[idx].cmd_num;
+		}
+	/* For the rest of the commands, the 'long' argument must specify a
+	 * valie command number - so we need to conduct a search. */
+	if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns,
+					(unsigned int)i)) < 0))
+		{
+		ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
+			ENGINE_R_INVALID_CMD_NUMBER);
+		return -1;
+		}
+	/* Now the logic splits depending on command type */
+	switch(cmd)
+		{
+	case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
+		idx++;
+		if(int_ctrl_cmd_is_null(e->cmd_defns + idx))
+			/* end-of-list */
+			return 0;
+		else
+			return e->cmd_defns[idx].cmd_num;
+	case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
+		return strlen(e->cmd_defns[idx].cmd_name);
+	case ENGINE_CTRL_GET_NAME_FROM_CMD:
+		return sprintf(s, "%s", e->cmd_defns[idx].cmd_name);
+	case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
+		if(e->cmd_defns[idx].cmd_desc)
+			return strlen(e->cmd_defns[idx].cmd_desc);
+		return strlen(int_no_description);
+	case ENGINE_CTRL_GET_DESC_FROM_CMD:
+		if(e->cmd_defns[idx].cmd_desc)
+			return sprintf(s, "%s", e->cmd_defns[idx].cmd_desc);
+		return sprintf(s, "%s", int_no_description);
+	case ENGINE_CTRL_GET_CMD_FLAGS:
+		return e->cmd_defns[idx].cmd_flags;
+		}
+	/* Shouldn't really be here ... */
+	ENGINEerr(ENGINE_F_INT_CTRL_HELPER,ENGINE_R_INTERNAL_LIST_ERROR);
+	return -1;
+	}
+
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+	{
+	int ctrl_exists, ref_exists;
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	ref_exists = ((e->struct_ref > 0) ? 1 : 0);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
+	if(!ref_exists)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
+		return 0;
+		}
+	/* Intercept any "root-level" commands before trying to hand them on to
+	 * ctrl() handlers. */
+	switch(cmd)
+		{
+	case ENGINE_CTRL_HAS_CTRL_FUNCTION:
+		return ctrl_exists;
+	case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
+	case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
+	case ENGINE_CTRL_GET_CMD_FROM_NAME:
+	case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
+	case ENGINE_CTRL_GET_NAME_FROM_CMD:
+	case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
+	case ENGINE_CTRL_GET_DESC_FROM_CMD:
+	case ENGINE_CTRL_GET_CMD_FLAGS:
+		if(ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
+			return int_ctrl_helper(e,cmd,i,p,f);
+		if(!ctrl_exists)
+			{
+			ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
+			/* For these cmd-related functions, failure is indicated
+			 * by a -1 return value (because 0 is used as a valid
+			 * return in some places). */
+			return -1;
+			}
+	default:
+		break;
+		}
+	/* Anything else requires a ctrl() handler to exist. */
+	if(!ctrl_exists)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
+		return 0;
+		}
+	return e->ctrl(e, cmd, i, p, f);
+	}
+
+int ENGINE_cmd_is_executable(ENGINE *e, int cmd)
+	{
+	int flags;
+	if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,
+			ENGINE_R_INVALID_CMD_NUMBER);
+		return 0;
+		}
+	if(!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
+			!(flags & ENGINE_CMD_FLAG_NUMERIC) &&
+			!(flags & ENGINE_CMD_FLAG_STRING))
+		return 0;
+	return 1;
+	}
+
+int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+        long i, void *p, void (*f)(), int cmd_optional)
+        {
+	int num;
+
+	if((e == NULL) || (cmd_name == NULL))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
+					ENGINE_CTRL_GET_CMD_FROM_NAME,
+					0, (void *)cmd_name, NULL)) <= 0))
+		{
+		/* If the command didn't *have* to be supported, we fake
+		 * success. This allows certain settings to be specified for
+		 * multiple ENGINEs and only require a change of ENGINE id
+		 * (without having to selectively apply settings). Eg. changing
+		 * from a hardware device back to the regular software ENGINE
+		 * without editing the config file, etc. */
+		if(cmd_optional)
+			{
+			ERR_clear_error();
+			return 1;
+			}
+		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD,
+			ENGINE_R_INVALID_CMD_NAME);
+		return 0;
+		}
+	/* Force the result of the control command to 0 or 1, for the reasons
+	 * mentioned before. */
+        if (ENGINE_ctrl(e, num, i, p, f))
+                return 1;
+        return 0;
+        }
+
+int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+				int cmd_optional)
+	{
+	int num, flags;
+	long l;
+	char *ptr;
+	if((e == NULL) || (cmd_name == NULL))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
+					ENGINE_CTRL_GET_CMD_FROM_NAME,
+					0, (void *)cmd_name, NULL)) <= 0))
+		{
+		/* If the command didn't *have* to be supported, we fake
+		 * success. This allows certain settings to be specified for
+		 * multiple ENGINEs and only require a change of ENGINE id
+		 * (without having to selectively apply settings). Eg. changing
+		 * from a hardware device back to the regular software ENGINE
+		 * without editing the config file, etc. */
+		if(cmd_optional)
+			{
+			ERR_clear_error();
+			return 1;
+			}
+		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+			ENGINE_R_INVALID_CMD_NAME);
+		return 0;
+		}
+	if(!ENGINE_cmd_is_executable(e, num))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+			ENGINE_R_CMD_NOT_EXECUTABLE);
+		return 0;
+		}
+	if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0)
+		{
+		/* Shouldn't happen, given that ENGINE_cmd_is_executable()
+		 * returned success. */
+		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+			ENGINE_R_INTERNAL_LIST_ERROR);
+		return 0;
+		}
+	/* If the command takes no input, there must be no input. And vice
+	 * versa. */
+	if(flags & ENGINE_CMD_FLAG_NO_INPUT)
+		{
+		if(arg != NULL)
+			{
+			ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+				ENGINE_R_COMMAND_TAKES_NO_INPUT);
+			return 0;
+			}
+		/* We deliberately force the result of ENGINE_ctrl() to 0 or 1
+		 * rather than returning it as "return data". This is to ensure
+		 * usage of these commands is consistent across applications and
+		 * that certain applications don't understand it one way, and
+		 * others another. */
+		if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
+			return 1;
+		return 0;
+		}
+	/* So, we require input */
+	if(arg == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+			ENGINE_R_COMMAND_TAKES_INPUT);
+		return 0;
+		}
+	/* If it takes string input, that's easy */
+	if(flags & ENGINE_CMD_FLAG_STRING)
+		{
+		/* Same explanation as above */
+		if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL))
+			return 1;
+		return 0;
+		}
+	/* If it doesn't take numeric either, then it is unsupported for use in
+	 * a config-setting situation, which is what this function is for. This
+	 * should never happen though, because ENGINE_cmd_is_executable() was
+	 * used. */
+	if(!(flags & ENGINE_CMD_FLAG_NUMERIC))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+			ENGINE_R_INTERNAL_LIST_ERROR);
+		return 0;
+		}
+	l = strtol(arg, &ptr, 10);
+	if((arg == ptr) || (*ptr != '\0'))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+			ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
+		return 0;
+		}
+	/* Force the result of the control command to 0 or 1, for the reasons
+	 * mentioned before. */
+	if(ENGINE_ctrl(e, num, l, NULL, NULL))
+		return 1;
+	return 0;
+	}
diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c
new file mode 100644
index 0000000000..61ae230570
--- /dev/null
+++ b/crypto/engine/eng_dyn.c
@@ -0,0 +1,552 @@
+/* crypto/engine/eng_dyn.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+#include <openssl/dso.h>
+
+/* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader
+ * should implement the hook-up functions with the following prototypes. */
+
+/* Our ENGINE handlers */
+static int dynamic_init(ENGINE *e);
+static int dynamic_finish(ENGINE *e);
+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+/* Predeclare our context type */
+typedef struct st_dynamic_data_ctx dynamic_data_ctx;
+/* The implementation for the important control command */
+static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx);
+
+#define DYNAMIC_CMD_SO_PATH		ENGINE_CMD_BASE
+#define DYNAMIC_CMD_NO_VCHECK		(ENGINE_CMD_BASE + 1)
+#define DYNAMIC_CMD_ID			(ENGINE_CMD_BASE + 2)
+#define DYNAMIC_CMD_LIST_ADD		(ENGINE_CMD_BASE + 3)
+#define DYNAMIC_CMD_DIR_LOAD		(ENGINE_CMD_BASE + 4)
+#define DYNAMIC_CMD_DIR_ADD		(ENGINE_CMD_BASE + 5)
+#define DYNAMIC_CMD_LOAD		(ENGINE_CMD_BASE + 6)
+
+/* The constants used when creating the ENGINE */
+static const char *engine_dynamic_id = "dynamic";
+static const char *engine_dynamic_name = "Dynamic engine loading support";
+static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
+	{DYNAMIC_CMD_SO_PATH,
+		"SO_PATH",
+		"Specifies the path to the new ENGINE shared library",
+		ENGINE_CMD_FLAG_STRING},
+	{DYNAMIC_CMD_NO_VCHECK,
+		"NO_VCHECK",
+		"Specifies to continue even if version checking fails (boolean)",
+		ENGINE_CMD_FLAG_NUMERIC},
+	{DYNAMIC_CMD_ID,
+		"ID",
+		"Specifies an ENGINE id name for loading",
+		ENGINE_CMD_FLAG_STRING},
+	{DYNAMIC_CMD_LIST_ADD,
+		"LIST_ADD",
+		"Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
+		ENGINE_CMD_FLAG_NUMERIC},
+	{DYNAMIC_CMD_DIR_LOAD,
+		"DIR_LOAD",
+		"Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)",
+		ENGINE_CMD_FLAG_NUMERIC},
+	{DYNAMIC_CMD_DIR_ADD,
+		"DIR_ADD",
+		"Adds a directory from which ENGINEs can be loaded",
+		ENGINE_CMD_FLAG_STRING},
+	{DYNAMIC_CMD_LOAD,
+		"LOAD",
+		"Load up the ENGINE specified by other settings",
+		ENGINE_CMD_FLAG_NO_INPUT},
+	{0, NULL, NULL, 0}
+	};
+static const ENGINE_CMD_DEFN dynamic_cmd_defns_empty[] = {
+	{0, NULL, NULL, 0}
+	};
+
+/* Loading code stores state inside the ENGINE structure via the "ex_data"
+ * element. We load all our state into a single structure and use that as a
+ * single context in the "ex_data" stack. */
+struct st_dynamic_data_ctx
+	{
+	/* The DSO object we load that supplies the ENGINE code */
+	DSO *dynamic_dso;
+	/* The function pointer to the version checking shared library function */
+	dynamic_v_check_fn v_check;
+	/* The function pointer to the engine-binding shared library function */
+	dynamic_bind_engine bind_engine;
+	/* The default name/path for loading the shared library */
+	const char *DYNAMIC_LIBNAME;
+	/* Whether to continue loading on a version check failure */
+	int no_vcheck;
+	/* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
+	const char *engine_id;
+	/* If non-zero, a successfully loaded ENGINE should be added to the internal
+	 * ENGINE list. If 2, the add must succeed or the entire load should fail. */
+	int list_add_value;
+	/* The symbol name for the version checking function */
+	const char *DYNAMIC_F1;
+	/* The symbol name for the "initialise ENGINE structure" function */
+	const char *DYNAMIC_F2;
+	/* Whether to never use 'dirs', use 'dirs' as a fallback, or only use
+	 * 'dirs' for loading. Default is to use 'dirs' as a fallback. */
+	int dir_load;
+	/* A stack of directories from which ENGINEs could be loaded */
+	STACK *dirs;
+	};
+
+/* This is the "ex_data" index we obtain and reserve for use with our context
+ * structure. */
+static int dynamic_ex_data_idx = -1;
+
+static void int_free_str(void *s) { OPENSSL_free(s); }
+/* Because our ex_data element may or may not get allocated depending on whether
+ * a "first-use" occurs before the ENGINE is freed, we have a memory leak
+ * problem to solve. We can't declare a "new" handler for the ex_data as we
+ * don't want a dynamic_data_ctx in *all* ENGINE structures of all types (this
+ * is a bug in the design of CRYPTO_EX_DATA). As such, we just declare a "free"
+ * handler and that will get called if an ENGINE is being destroyed and there
+ * was an ex_data element corresponding to our context type. */
+static void dynamic_data_ctx_free_func(void *parent, void *ptr,
+			CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
+	{
+	if(ptr)
+		{
+		dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
+		if(ctx->dynamic_dso)
+			DSO_free(ctx->dynamic_dso);
+		if(ctx->DYNAMIC_LIBNAME)
+			OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);
+		if(ctx->engine_id)
+			OPENSSL_free((void*)ctx->engine_id);
+		if(ctx->dirs)
+			sk_pop_free(ctx->dirs, int_free_str);
+		OPENSSL_free(ctx);
+		}
+	}
+
+/* Construct the per-ENGINE context. We create it blindly and then use a lock to
+ * check for a race - if so, all but one of the threads "racing" will have
+ * wasted their time. The alternative involves creating everything inside the
+ * lock which is far worse. */
+static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
+	{
+	dynamic_data_ctx *c;
+	c = OPENSSL_malloc(sizeof(dynamic_data_ctx));
+	if(!c)
+		{
+		ENGINEerr(ENGINE_F_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
+	memset(c, 0, sizeof(dynamic_data_ctx));
+	c->dynamic_dso = NULL;
+	c->v_check = NULL;
+	c->bind_engine = NULL;
+	c->DYNAMIC_LIBNAME = NULL;
+	c->no_vcheck = 0;
+	c->engine_id = NULL;
+	c->list_add_value = 0;
+	c->DYNAMIC_F1 = "v_check";
+	c->DYNAMIC_F2 = "bind_engine";
+	c->dir_load = 1;
+	c->dirs = sk_new_null();
+	if(!c->dirs)
+		{
+		ENGINEerr(ENGINE_F_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);
+		OPENSSL_free(c);
+		return 0;
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	if((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
+				dynamic_ex_data_idx)) == NULL)
+		{
+		/* Good, we're the first */
+		ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
+		*ctx = c;
+		c = NULL;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	/* If we lost the race to set the context, c is non-NULL and *ctx is the
+	 * context of the thread that won. */
+	if(c)
+		OPENSSL_free(c);
+	return 1;
+	}
+
+/* This function retrieves the context structure from an ENGINE's "ex_data", or
+ * if it doesn't exist yet, sets it up. */
+static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e)
+	{
+	dynamic_data_ctx *ctx;
+	if(dynamic_ex_data_idx < 0)
+		{
+		/* Create and register the ENGINE ex_data, and associate our
+		 * "free" function with it to ensure any allocated contexts get
+		 * freed when an ENGINE goes underground. */
+		int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,
+					dynamic_data_ctx_free_func);
+		if(new_idx == -1)
+			{
+			ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX,ENGINE_R_NO_INDEX);
+			return NULL;
+			}
+		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+		/* Avoid a race by checking again inside this lock */
+		if(dynamic_ex_data_idx < 0)
+			{
+			/* Good, someone didn't beat us to it */
+			dynamic_ex_data_idx = new_idx;
+			new_idx = -1;
+			}
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		/* In theory we could "give back" the index here if
+		 * (new_idx>-1), but it's not possible and wouldn't gain us much
+		 * if it were. */
+		}
+	ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);
+	/* Check if the context needs to be created */
+	if((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))
+		/* "set_data" will set errors if necessary */
+		return NULL;
+	return ctx;
+	}
+
+static ENGINE *engine_dynamic(void)
+	{
+	ENGINE *ret = ENGINE_new();
+	if(!ret)
+		return NULL;
+	if(!ENGINE_set_id(ret, engine_dynamic_id) ||
+			!ENGINE_set_name(ret, engine_dynamic_name) ||
+			!ENGINE_set_init_function(ret, dynamic_init) ||
+			!ENGINE_set_finish_function(ret, dynamic_finish) ||
+			!ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||
+			!ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) ||
+			!ENGINE_set_cmd_defns(ret, dynamic_cmd_defns))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_dynamic(void)
+	{
+	ENGINE *toadd = engine_dynamic();
+	if(!toadd) return;
+	ENGINE_add(toadd);
+	/* If the "add" worked, it gets a structural reference. So either way,
+	 * we release our just-created reference. */
+	ENGINE_free(toadd);
+	/* If the "add" didn't work, it was probably a conflict because it was
+	 * already added (eg. someone calling ENGINE_load_blah then calling
+	 * ENGINE_load_builtin_engines() perhaps). */
+	ERR_clear_error();
+	}
+
+static int dynamic_init(ENGINE *e)
+	{
+	/* We always return failure - the "dyanamic" engine itself can't be used
+	 * for anything. */
+	return 0;
+	}
+
+static int dynamic_finish(ENGINE *e)
+	{
+	/* This should never be called on account of "dynamic_init" always
+	 * failing. */
+	return 0;
+	}
+
+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+	{
+	dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
+	int initialised;
+	
+	if(!ctx)
+		{
+		ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_NOT_LOADED);
+		return 0;
+		}
+	initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1);
+	/* All our control commands require the ENGINE to be uninitialised */
+	if(initialised)
+		{
+		ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
+			ENGINE_R_ALREADY_LOADED);
+		return 0;
+		}
+	switch(cmd)
+		{
+	case DYNAMIC_CMD_SO_PATH:
+		/* a NULL 'p' or a string of zero-length is the same thing */
+		if(p && (strlen((const char *)p) < 1))
+			p = NULL;
+		if(ctx->DYNAMIC_LIBNAME)
+			OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);
+		if(p)
+			ctx->DYNAMIC_LIBNAME = BUF_strdup(p);
+		else
+			ctx->DYNAMIC_LIBNAME = NULL;
+		return (ctx->DYNAMIC_LIBNAME ? 1 : 0);
+	case DYNAMIC_CMD_NO_VCHECK:
+		ctx->no_vcheck = ((i == 0) ? 0 : 1);
+		return 1;
+	case DYNAMIC_CMD_ID:
+		/* a NULL 'p' or a string of zero-length is the same thing */
+		if(p && (strlen((const char *)p) < 1))
+			p = NULL;
+		if(ctx->engine_id)
+			OPENSSL_free((void*)ctx->engine_id);
+		if(p)
+			ctx->engine_id = BUF_strdup(p);
+		else
+			ctx->engine_id = NULL;
+		return (ctx->engine_id ? 1 : 0);
+	case DYNAMIC_CMD_LIST_ADD:
+		if((i < 0) || (i > 2))
+			{
+			ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
+				ENGINE_R_INVALID_ARGUMENT);
+			return 0;
+			}
+		ctx->list_add_value = (int)i;
+		return 1;
+	case DYNAMIC_CMD_LOAD:
+		return dynamic_load(e, ctx);
+	case DYNAMIC_CMD_DIR_LOAD:
+		if((i < 0) || (i > 2))
+			{
+			ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
+				ENGINE_R_INVALID_ARGUMENT);
+			return 0;
+			}
+		ctx->dir_load = (int)i;
+		return 1;
+	case DYNAMIC_CMD_DIR_ADD:
+		/* a NULL 'p' or a string of zero-length is the same thing */
+		if(!p || (strlen((const char *)p) < 1))
+			{
+			ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
+				ENGINE_R_INVALID_ARGUMENT);
+			return 0;
+			}
+		{
+		char *tmp_str = BUF_strdup(p);
+		if(!tmp_str)
+			{
+			ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
+				ERR_R_MALLOC_FAILURE);
+			return 0;
+			}
+		sk_insert(ctx->dirs, tmp_str, -1);
+		}
+		return 1;
+	default:
+		break;
+		}
+	ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+	return 0;
+	}
+
+static int int_load(dynamic_data_ctx *ctx)
+	{
+	int num, loop;
+	/* Unless told not to, try a direct load */
+	if((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso,
+				ctx->DYNAMIC_LIBNAME, NULL, 0)) != NULL)
+		return 1;
+	/* If we're not allowed to use 'dirs' or we have none, fail */
+	if(!ctx->dir_load || ((num = sk_num(ctx->dirs)) < 1))
+		return 0;
+	for(loop = 0; loop < num; loop++)
+		{
+		const char *s = sk_value(ctx->dirs, loop);
+		char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s);
+		if(!merge)
+			return 0;
+		if(DSO_load(ctx->dynamic_dso, merge, NULL, 0))
+			{
+			/* Found what we're looking for */
+			OPENSSL_free(merge);
+			return 1;
+			}
+		OPENSSL_free(merge);
+		}
+	return 0;
+	}
+
+static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
+	{
+	ENGINE cpy;
+	dynamic_fns fns;
+
+	if(!ctx->dynamic_dso)
+		ctx->dynamic_dso = DSO_new();
+	if(!ctx->DYNAMIC_LIBNAME)
+		{
+		if(!ctx->engine_id)
+			return 0;
+		ctx->DYNAMIC_LIBNAME =
+			DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id);
+		}
+	if(!int_load(ctx))
+		{
+		ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+			ENGINE_R_DSO_NOT_FOUND);
+		DSO_free(ctx->dynamic_dso);
+		ctx->dynamic_dso = NULL;
+		return 0;
+		}
+	/* We have to find a bind function otherwise it'll always end badly */
+	if(!(ctx->bind_engine = (dynamic_bind_engine)DSO_bind_func(
+					ctx->dynamic_dso, ctx->DYNAMIC_F2)))
+		{
+		ctx->bind_engine = NULL;
+		DSO_free(ctx->dynamic_dso);
+		ctx->dynamic_dso = NULL;
+		ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+			ENGINE_R_DSO_FAILURE);
+		return 0;
+		}
+	/* Do we perform version checking? */
+	if(!ctx->no_vcheck)
+		{
+		unsigned long vcheck_res = 0;
+		/* Now we try to find a version checking function and decide how
+		 * to cope with failure if/when it fails. */
+		ctx->v_check = (dynamic_v_check_fn)DSO_bind_func(
+				ctx->dynamic_dso, ctx->DYNAMIC_F1);
+		if(ctx->v_check)
+			vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);
+		/* We fail if the version checker veto'd the load *or* if it is
+		 * deferring to us (by returning its version) and we think it is
+		 * too old. */
+		if(vcheck_res < OSSL_DYNAMIC_OLDEST)
+			{
+			/* Fail */
+			ctx->bind_engine = NULL;
+			ctx->v_check = NULL;
+			DSO_free(ctx->dynamic_dso);
+			ctx->dynamic_dso = NULL;
+			ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+				ENGINE_R_VERSION_INCOMPATIBILITY);
+			return 0;
+			}
+		}
+	/* First binary copy the ENGINE structure so that we can roll back if
+	 * the hand-over fails */
+	memcpy(&cpy, e, sizeof(ENGINE));
+	/* Provide the ERR, "ex_data", memory, and locking callbacks so the
+	 * loaded library uses our state rather than its own. FIXME: As noted in
+	 * engine.h, much of this would be simplified if each area of code
+	 * provided its own "summary" structure of all related callbacks. It
+	 * would also increase opaqueness. */
+	fns.static_state = ENGINE_get_static_state();
+	fns.err_fns = ERR_get_implementation();
+	fns.ex_data_fns = CRYPTO_get_ex_data_implementation();
+	CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb,
+				&fns.mem_fns.realloc_cb,
+				&fns.mem_fns.free_cb);
+	fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback();
+	fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback();
+	fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback();
+	fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback();
+	fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback();
+	/* Now that we've loaded the dynamic engine, make sure no "dynamic"
+	 * ENGINE elements will show through. */
+	engine_set_all_null(e);
+
+	/* Try to bind the ENGINE onto our own ENGINE structure */
+	if(!ctx->bind_engine(e, ctx->engine_id, &fns))
+		{
+		ctx->bind_engine = NULL;
+		ctx->v_check = NULL;
+		DSO_free(ctx->dynamic_dso);
+		ctx->dynamic_dso = NULL;
+		ENGINEerr(ENGINE_F_DYNAMIC_LOAD,ENGINE_R_INIT_FAILED);
+		/* Copy the original ENGINE structure back */
+		memcpy(e, &cpy, sizeof(ENGINE));
+		return 0;
+		}
+	/* Do we try to add this ENGINE to the internal list too? */
+	if(ctx->list_add_value > 0)
+		{
+		if(!ENGINE_add(e))
+			{
+			/* Do we tolerate this or fail? */
+			if(ctx->list_add_value > 1)
+				{
+				/* Fail - NB: By this time, it's too late to
+				 * rollback, and trying to do so allows the
+				 * bind_engine() code to have created leaks. We
+				 * just have to fail where we are, after the
+				 * ENGINE has changed. */
+				ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+					ENGINE_R_CONFLICTING_ENGINE_ID);
+				return 0;
+				}
+			/* Tolerate */
+			ERR_clear_error();
+			}
+		}
+	return 1;
+	}
diff --git a/crypto/engine/eng_err.c b/crypto/engine/eng_err.c
new file mode 100644
index 0000000000..814d95ee32
--- /dev/null
+++ b/crypto/engine/eng_err.c
@@ -0,0 +1,166 @@
+/* crypto/engine/eng_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/engine.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ENGINE_str_functs[]=
+	{
+{ERR_PACK(0,ENGINE_F_DYNAMIC_CTRL,0),	"DYNAMIC_CTRL"},
+{ERR_PACK(0,ENGINE_F_DYNAMIC_GET_DATA_CTX,0),	"DYNAMIC_GET_DATA_CTX"},
+{ERR_PACK(0,ENGINE_F_DYNAMIC_LOAD,0),	"DYNAMIC_LOAD"},
+{ERR_PACK(0,ENGINE_F_ENGINE_ADD,0),	"ENGINE_add"},
+{ERR_PACK(0,ENGINE_F_ENGINE_BY_ID,0),	"ENGINE_by_id"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,0),	"ENGINE_cmd_is_executable"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CTRL,0),	"ENGINE_ctrl"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD,0),	"ENGINE_ctrl_cmd"},
+{ERR_PACK(0,ENGINE_F_ENGINE_CTRL_CMD_STRING,0),	"ENGINE_ctrl_cmd_string"},
+{ERR_PACK(0,ENGINE_F_ENGINE_FINISH,0),	"ENGINE_finish"},
+{ERR_PACK(0,ENGINE_F_ENGINE_FREE,0),	"ENGINE_free"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_CIPHER,0),	"ENGINE_get_cipher"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_DEFAULT_TYPE,0),	"ENGINE_GET_DEFAULT_TYPE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_DIGEST,0),	"ENGINE_get_digest"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_NEXT,0),	"ENGINE_get_next"},
+{ERR_PACK(0,ENGINE_F_ENGINE_GET_PREV,0),	"ENGINE_get_prev"},
+{ERR_PACK(0,ENGINE_F_ENGINE_INIT,0),	"ENGINE_init"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LIST_ADD,0),	"ENGINE_LIST_ADD"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LIST_REMOVE,0),	"ENGINE_LIST_REMOVE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,0),	"ENGINE_load_private_key"},
+{ERR_PACK(0,ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,0),	"ENGINE_load_public_key"},
+{ERR_PACK(0,ENGINE_F_ENGINE_MODULE_INIT,0),	"ENGINE_MODULE_INIT"},
+{ERR_PACK(0,ENGINE_F_ENGINE_NEW,0),	"ENGINE_new"},
+{ERR_PACK(0,ENGINE_F_ENGINE_REMOVE,0),	"ENGINE_remove"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_STRING,0),	"ENGINE_set_default_string"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_DEFAULT_TYPE,0),	"ENGINE_SET_DEFAULT_TYPE"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_ID,0),	"ENGINE_set_id"},
+{ERR_PACK(0,ENGINE_F_ENGINE_SET_NAME,0),	"ENGINE_set_name"},
+{ERR_PACK(0,ENGINE_F_ENGINE_TABLE_REGISTER,0),	"ENGINE_TABLE_REGISTER"},
+{ERR_PACK(0,ENGINE_F_ENGINE_UNLOAD_KEY,0),	"ENGINE_UNLOAD_KEY"},
+{ERR_PACK(0,ENGINE_F_ENGINE_UP_REF,0),	"ENGINE_up_ref"},
+{ERR_PACK(0,ENGINE_F_INT_CTRL_HELPER,0),	"INT_CTRL_HELPER"},
+{ERR_PACK(0,ENGINE_F_INT_ENGINE_CONFIGURE,0),	"INT_ENGINE_CONFIGURE"},
+{ERR_PACK(0,ENGINE_F_LOG_MESSAGE,0),	"LOG_MESSAGE"},
+{ERR_PACK(0,ENGINE_F_SET_DATA_CTX,0),	"SET_DATA_CTX"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA ENGINE_str_reasons[]=
+	{
+{ENGINE_R_ALREADY_LOADED                 ,"already loaded"},
+{ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER       ,"argument is not a number"},
+{ENGINE_R_CMD_NOT_EXECUTABLE             ,"cmd not executable"},
+{ENGINE_R_COMMAND_TAKES_INPUT            ,"command takes input"},
+{ENGINE_R_COMMAND_TAKES_NO_INPUT         ,"command takes no input"},
+{ENGINE_R_CONFLICTING_ENGINE_ID          ,"conflicting engine id"},
+{ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
+{ENGINE_R_DH_NOT_IMPLEMENTED             ,"dh not implemented"},
+{ENGINE_R_DSA_NOT_IMPLEMENTED            ,"dsa not implemented"},
+{ENGINE_R_DSO_FAILURE                    ,"DSO failure"},
+{ENGINE_R_DSO_NOT_FOUND                  ,"dso not found"},
+{ENGINE_R_ENGINES_SECTION_ERROR          ,"engines section error"},
+{ENGINE_R_ENGINE_IS_NOT_IN_LIST          ,"engine is not in the list"},
+{ENGINE_R_ENGINE_SECTION_ERROR           ,"engine section error"},
+{ENGINE_R_FAILED_LOADING_PRIVATE_KEY     ,"failed loading private key"},
+{ENGINE_R_FAILED_LOADING_PUBLIC_KEY      ,"failed loading public key"},
+{ENGINE_R_FINISH_FAILED                  ,"finish failed"},
+{ENGINE_R_GET_HANDLE_FAILED              ,"could not obtain hardware handle"},
+{ENGINE_R_ID_OR_NAME_MISSING             ,"'id' or 'name' missing"},
+{ENGINE_R_INIT_FAILED                    ,"init failed"},
+{ENGINE_R_INTERNAL_LIST_ERROR            ,"internal list error"},
+{ENGINE_R_INVALID_ARGUMENT               ,"invalid argument"},
+{ENGINE_R_INVALID_CMD_NAME               ,"invalid cmd name"},
+{ENGINE_R_INVALID_CMD_NUMBER             ,"invalid cmd number"},
+{ENGINE_R_INVALID_INIT_VALUE             ,"invalid init value"},
+{ENGINE_R_INVALID_STRING                 ,"invalid string"},
+{ENGINE_R_NOT_INITIALISED                ,"not initialised"},
+{ENGINE_R_NOT_LOADED                     ,"not loaded"},
+{ENGINE_R_NO_CONTROL_FUNCTION            ,"no control function"},
+{ENGINE_R_NO_INDEX                       ,"no index"},
+{ENGINE_R_NO_LOAD_FUNCTION               ,"no load function"},
+{ENGINE_R_NO_REFERENCE                   ,"no reference"},
+{ENGINE_R_NO_SUCH_ENGINE                 ,"no such engine"},
+{ENGINE_R_NO_UNLOAD_FUNCTION             ,"no unload function"},
+{ENGINE_R_PROVIDE_PARAMETERS             ,"provide parameters"},
+{ENGINE_R_RSA_NOT_IMPLEMENTED            ,"rsa not implemented"},
+{ENGINE_R_UNIMPLEMENTED_CIPHER           ,"unimplemented cipher"},
+{ENGINE_R_UNIMPLEMENTED_DIGEST           ,"unimplemented digest"},
+{ENGINE_R_VERSION_INCOMPATIBILITY        ,"version incompatibility"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_ENGINE_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_functs);
+		ERR_load_strings(ERR_LIB_ENGINE,ENGINE_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c
new file mode 100644
index 0000000000..c0d03ccbfe
--- /dev/null
+++ b/crypto/engine/eng_fat.c
@@ -0,0 +1,170 @@
+/* crypto/engine/eng_fat.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+#include <openssl/conf.h>
+
+int ENGINE_set_default(ENGINE *e, unsigned int flags)
+	{
+	if((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))
+		return 0;
+	if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
+		return 0;
+#ifndef OPENSSL_NO_RSA
+	if((flags & ENGINE_METHOD_RSA) & !ENGINE_set_default_RSA(e))
+		return 0;
+#endif
+#ifndef OPENSSL_NO_DSA
+	if((flags & ENGINE_METHOD_DSA) & !ENGINE_set_default_DSA(e))
+		return 0;
+#endif
+#ifndef OPENSSL_NO_DH
+	if((flags & ENGINE_METHOD_DH) & !ENGINE_set_default_DH(e))
+		return 0;
+#endif
+#ifndef OPENSSL_NO_ECDH
+	if((flags & ENGINE_METHOD_ECDH) & !ENGINE_set_default_ECDH(e))
+		return 0;
+#endif
+#ifndef OPENSSL_NO_ECDSA
+	if((flags & ENGINE_METHOD_ECDSA) & !ENGINE_set_default_ECDSA(e))
+		return 0;
+#endif
+	if((flags & ENGINE_METHOD_RAND) & !ENGINE_set_default_RAND(e))
+		return 0;
+	return 1;
+	}
+
+/* Set default algorithms using a string */
+
+static int int_def_cb(const char *alg, int len, void *arg)
+	{
+	unsigned int *pflags = arg;
+	if (!strncmp(alg, "ALL", len))
+		*pflags |= ENGINE_METHOD_ALL;
+	else if (!strncmp(alg, "RSA", len))
+		*pflags |= ENGINE_METHOD_RSA;
+	else if (!strncmp(alg, "DSA", len))
+		*pflags |= ENGINE_METHOD_DSA;
+	else if (!strncmp(alg, "ECDH", len))
+		*pflags |= ENGINE_METHOD_ECDH;
+	else if (!strncmp(alg, "ECDSA", len))
+		*pflags |= ENGINE_METHOD_ECDSA;
+	else if (!strncmp(alg, "DH", len))
+		*pflags |= ENGINE_METHOD_DH;
+	else if (!strncmp(alg, "RAND", len))
+		*pflags |= ENGINE_METHOD_RAND;
+	else if (!strncmp(alg, "CIPHERS", len))
+		*pflags |= ENGINE_METHOD_CIPHERS;
+	else if (!strncmp(alg, "DIGESTS", len))
+		*pflags |= ENGINE_METHOD_DIGESTS;
+	else
+		return 0;
+	return 1;
+	}
+
+
+int ENGINE_set_default_string(ENGINE *e, const char *list)
+	{
+	unsigned int flags = 0;
+	if (!CONF_parse_list(list, ',', 1, int_def_cb, &flags))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
+					ENGINE_R_INVALID_STRING);
+		ERR_add_error_data(2, "str=",list);
+		return 0;
+		}
+	return ENGINE_set_default(e, flags);
+	}
+
+int ENGINE_register_complete(ENGINE *e)
+	{
+	ENGINE_register_ciphers(e);
+	ENGINE_register_digests(e);
+#ifndef OPENSSL_NO_RSA
+	ENGINE_register_RSA(e);
+#endif
+#ifndef OPENSSL_NO_DSA
+	ENGINE_register_DSA(e);
+#endif
+#ifndef OPENSSL_NO_DH
+	ENGINE_register_DH(e);
+#endif
+#ifndef OPENSSL_NO_ECDH
+	ENGINE_register_ECDH(e);
+#endif
+#ifndef OPENSSL_NO_ECDSA
+	ENGINE_register_ECDSA(e);
+#endif
+	ENGINE_register_RAND(e);
+	return 1;
+	}
+
+int ENGINE_register_all_complete(void)
+	{
+	ENGINE *e;
+
+	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+		ENGINE_register_complete(e);
+	return 1;
+	}
diff --git a/crypto/engine/eng_init.c b/crypto/engine/eng_init.c
new file mode 100644
index 0000000000..170c1791b3
--- /dev/null
+++ b/crypto/engine/eng_init.c
@@ -0,0 +1,157 @@
+/* crypto/engine/eng_init.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+
+/* Initialise a engine type for use (or up its functional reference count
+ * if it's already in use). This version is only used internally. */
+int engine_unlocked_init(ENGINE *e)
+	{
+	int to_return = 1;
+
+	if((e->funct_ref == 0) && e->init)
+		/* This is the first functional reference and the engine
+		 * requires initialisation so we do it now. */
+		to_return = e->init(e);
+	if(to_return)
+		{
+		/* OK, we return a functional reference which is also a
+		 * structural reference. */
+		e->struct_ref++;
+		e->funct_ref++;
+		engine_ref_debug(e, 0, 1)
+		engine_ref_debug(e, 1, 1)
+		}
+	return to_return;
+	}
+
+/* Free a functional reference to a engine type. This version is only used
+ * internally. */
+int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
+	{
+	int to_return = 1;
+
+	/* Reduce the functional reference count here so if it's the terminating
+	 * case, we can release the lock safely and call the finish() handler
+	 * without risk of a race. We get a race if we leave the count until
+	 * after and something else is calling "finish" at the same time -
+	 * there's a chance that both threads will together take the count from
+	 * 2 to 0 without either calling finish(). */
+	e->funct_ref--;
+	engine_ref_debug(e, 1, -1);
+	if((e->funct_ref == 0) && e->finish)
+		{
+		if(unlock_for_handlers)
+			CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		to_return = e->finish(e);
+		if(unlock_for_handlers)
+			CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+		if(!to_return)
+			return 0;
+		}
+#ifdef REF_CHECK
+	if(e->funct_ref < 0)
+		{
+		fprintf(stderr,"ENGINE_finish, bad functional reference count\n");
+		abort();
+		}
+#endif
+	/* Release the structural reference too */
+	if(!engine_free_util(e, 0))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
+		return 0;
+		}
+	return to_return;
+	}
+
+/* The API (locked) version of "init" */
+int ENGINE_init(ENGINE *e)
+	{
+	int ret;
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	ret = engine_unlocked_init(e);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	return ret;
+	}
+
+/* The API (locked) version of "finish" */
+int ENGINE_finish(ENGINE *e)
+	{
+	int to_return = 1;
+
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	to_return = engine_unlocked_finish(e, 1);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	if(!to_return)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
+		return 0;
+		}
+	return to_return;
+	}
diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h
new file mode 100644
index 0000000000..2c82861ebb
--- /dev/null
+++ b/crypto/engine/eng_int.h
@@ -0,0 +1,192 @@
+/* crypto/engine/eng_int.h */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#ifndef HEADER_ENGINE_INT_H
+#define HEADER_ENGINE_INT_H
+
+/* Take public definitions from engine.h */
+#include <openssl/engine.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* If we compile with this symbol defined, then both reference counts in the
+ * ENGINE structure will be monitored with a line of output on stderr for each
+ * change. This prints the engine's pointer address (truncated to unsigned int),
+ * "struct" or "funct" to indicate the reference type, the before and after
+ * reference count, and the file:line-number pair. The "engine_ref_debug"
+ * statements must come *after* the change. */
+#ifdef ENGINE_REF_COUNT_DEBUG
+
+#define engine_ref_debug(e, isfunct, diff) \
+	fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \
+		(unsigned int)(e), (isfunct ? "funct" : "struct"), \
+		((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
+		((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
+		(__FILE__), (__LINE__));
+
+#else
+
+#define engine_ref_debug(e, isfunct, diff)
+
+#endif
+
+/* Any code that will need cleanup operations should use these functions to
+ * register callbacks. ENGINE_cleanup() will call all registered callbacks in
+ * order. NB: both the "add" functions assume CRYPTO_LOCK_ENGINE to already be
+ * held (in "write" mode). */
+typedef void (ENGINE_CLEANUP_CB)(void);
+typedef struct st_engine_cleanup_item
+	{
+	ENGINE_CLEANUP_CB *cb;
+	} ENGINE_CLEANUP_ITEM;
+DECLARE_STACK_OF(ENGINE_CLEANUP_ITEM)
+void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
+void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
+
+/* We need stacks of ENGINEs for use in eng_table.c */
+DECLARE_STACK_OF(ENGINE)
+
+/* If this symbol is defined then engine_table_select(), the function that is
+ * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults and
+ * functional references (etc), will display debugging summaries to stderr. */
+/* #define ENGINE_TABLE_DEBUG */
+
+/* This represents an implementation table. Dependent code should instantiate it
+ * as a (ENGINE_TABLE *) pointer value set initially to NULL. */
+typedef struct st_engine_table ENGINE_TABLE;
+int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
+		ENGINE *e, const int *nids, int num_nids, int setdefault);
+void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e);
+void engine_table_cleanup(ENGINE_TABLE **table);
+#ifndef ENGINE_TABLE_DEBUG
+ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
+#else
+ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l);
+#define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
+#endif
+
+/* Internal versions of API functions that have control over locking. These are
+ * used between C files when functionality needs to be shared but the caller may
+ * already be controlling of the CRYPTO_LOCK_ENGINE lock. */
+int engine_unlocked_init(ENGINE *e);
+int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);
+int engine_free_util(ENGINE *e, int locked);
+
+/* This function will reset all "set"able values in an ENGINE to NULL. This
+ * won't touch reference counts or ex_data, but is equivalent to calling all the
+ * ENGINE_set_***() functions with a NULL value. */
+void engine_set_all_null(ENGINE *e);
+
+/* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed
+ * in engine.h. */
+
+/* This is a structure for storing implementations of various crypto
+ * algorithms and functions. */
+struct engine_st
+	{
+	const char *id;
+	const char *name;
+	const RSA_METHOD *rsa_meth;
+	const DSA_METHOD *dsa_meth;
+	const DH_METHOD *dh_meth;
+	const ECDH_METHOD *ecdh_meth;
+	const ECDSA_METHOD *ecdsa_meth;
+	const RAND_METHOD *rand_meth;
+	/* Cipher handling is via this callback */
+	ENGINE_CIPHERS_PTR ciphers;
+	/* Digest handling is via this callback */
+	ENGINE_DIGESTS_PTR digests;
+
+
+	ENGINE_GEN_INT_FUNC_PTR	destroy;
+
+	ENGINE_GEN_INT_FUNC_PTR init;
+	ENGINE_GEN_INT_FUNC_PTR finish;
+	ENGINE_CTRL_FUNC_PTR ctrl;
+	ENGINE_LOAD_KEY_PTR load_privkey;
+	ENGINE_LOAD_KEY_PTR load_pubkey;
+
+	const ENGINE_CMD_DEFN *cmd_defns;
+	int flags;
+	/* reference count on the structure itself */
+	int struct_ref;
+	/* reference count on usability of the engine type. NB: This
+	 * controls the loading and initialisation of any functionlity
+	 * required by this engine, whereas the previous count is
+	 * simply to cope with (de)allocation of this structure. Hence,
+	 * running_ref <= struct_ref at all times. */
+	int funct_ref;
+	/* A place to store per-ENGINE data */
+	CRYPTO_EX_DATA ex_data;
+	/* Used to maintain the linked-list of engines. */
+	struct engine_st *prev;
+	struct engine_st *next;
+	};
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* HEADER_ENGINE_INT_H */
diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
new file mode 100644
index 0000000000..999061a8ed
--- /dev/null
+++ b/crypto/engine/eng_lib.c
@@ -0,0 +1,331 @@
+/* crypto/engine/eng_lib.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/rand.h> /* FIXME: This shouldn't be needed */
+#include <openssl/engine.h>
+
+/* The "new"/"free" stuff first */
+
+ENGINE *ENGINE_new(void)
+	{
+	ENGINE *ret;
+
+	ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));
+	if(ret == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
+		return NULL;
+		}
+	memset(ret, 0, sizeof(ENGINE));
+	ret->struct_ref = 1;
+	engine_ref_debug(ret, 0, 1)
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
+	return ret;
+	}
+
+/* Placed here (close proximity to ENGINE_new) so that modifications to the
+ * elements of the ENGINE structure are more likely to be caught and changed
+ * here. */
+void engine_set_all_null(ENGINE *e)
+	{
+	e->id = NULL;
+	e->name = NULL;
+	e->rsa_meth = NULL;
+	e->dsa_meth = NULL;
+	e->dh_meth = NULL;
+	e->rand_meth = NULL;
+	e->ciphers = NULL;
+	e->digests = NULL;
+	e->destroy = NULL;
+	e->init = NULL;
+	e->finish = NULL;
+	e->ctrl = NULL;
+	e->load_privkey = NULL;
+	e->load_pubkey = NULL;
+	e->cmd_defns = NULL;
+	e->flags = 0;
+	}
+
+int engine_free_util(ENGINE *e, int locked)
+	{
+	int i;
+
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_FREE,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	if(locked)
+		i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);
+	else
+		i = --e->struct_ref;
+	engine_ref_debug(e, 0, -1)
+	if (i > 0) return 1;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"ENGINE_free, bad structural reference count\n");
+		abort();
+		}
+#endif
+	/* Give the ENGINE a chance to do any structural cleanup corresponding
+	 * to allocation it did in its constructor (eg. unload error strings) */
+	if(e->destroy)
+		e->destroy(e);
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
+	OPENSSL_free(e);
+	return 1;
+	}
+
+int ENGINE_free(ENGINE *e)
+	{
+	return engine_free_util(e, 1);
+	}
+
+/* Cleanup stuff */
+
+/* ENGINE_cleanup() is coded such that anything that does work that will need
+ * cleanup can register a "cleanup" callback here. That way we don't get linker
+ * bloat by referring to all *possible* cleanups, but any linker bloat into code
+ * "X" will cause X's cleanup function to end up here. */
+static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL;
+static int int_cleanup_check(int create)
+	{
+	if(cleanup_stack) return 1;
+	if(!create) return 0;
+	cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null();
+	return (cleanup_stack ? 1 : 0);
+	}
+static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
+	{
+	ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(
+					ENGINE_CLEANUP_ITEM));
+	if(!item) return NULL;
+	item->cb = cb;
+	return item;
+	}
+void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
+	{
+	ENGINE_CLEANUP_ITEM *item;
+	if(!int_cleanup_check(1)) return;
+	item = int_cleanup_item(cb);
+	if(item)
+		sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0);
+	}
+void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
+	{
+	ENGINE_CLEANUP_ITEM *item;
+	if(!int_cleanup_check(1)) return;
+	item = int_cleanup_item(cb);
+	if(item)
+		sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
+	}
+/* The API function that performs all cleanup */
+static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item)
+	{
+	(*(item->cb))();
+	OPENSSL_free(item);
+	}
+void ENGINE_cleanup(void)
+	{
+	if(int_cleanup_check(0))
+		{
+		sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,
+			engine_cleanup_cb_free);
+		cleanup_stack = NULL;
+		}
+	/* FIXME: This should be handled (somehow) through RAND, eg. by it
+	 * registering a cleanup callback. */
+	RAND_set_rand_method(NULL);
+	}
+
+/* Now the "ex_data" support */
+
+int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+		CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+	{
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp,
+			new_func, dup_func, free_func);
+	}
+
+int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
+	{
+	return(CRYPTO_set_ex_data(&e->ex_data, idx, arg));
+	}
+
+void *ENGINE_get_ex_data(const ENGINE *e, int idx)
+	{
+	return(CRYPTO_get_ex_data(&e->ex_data, idx));
+	}
+
+/* Functions to get/set an ENGINE's elements - mainly to avoid exposing the
+ * ENGINE structure itself. */
+
+int ENGINE_set_id(ENGINE *e, const char *id)
+	{
+	if(id == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_SET_ID,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	e->id = id;
+	return 1;
+	}
+
+int ENGINE_set_name(ENGINE *e, const char *name)
+	{
+	if(name == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_SET_NAME,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	e->name = name;
+	return 1;
+	}
+
+int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f)
+	{
+	e->destroy = destroy_f;
+	return 1;
+	}
+
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
+	{
+	e->init = init_f;
+	return 1;
+	}
+
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
+	{
+	e->finish = finish_f;
+	return 1;
+	}
+
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
+	{
+	e->ctrl = ctrl_f;
+	return 1;
+	}
+
+int ENGINE_set_flags(ENGINE *e, int flags)
+	{
+	e->flags = flags;
+	return 1;
+	}
+
+int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns)
+	{
+	e->cmd_defns = defns;
+	return 1;
+	}
+
+const char *ENGINE_get_id(const ENGINE *e)
+	{
+	return e->id;
+	}
+
+const char *ENGINE_get_name(const ENGINE *e)
+	{
+	return e->name;
+	}
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e)
+	{
+	return e->destroy;
+	}
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e)
+	{
+	return e->init;
+	}
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e)
+	{
+	return e->finish;
+	}
+
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e)
+	{
+	return e->ctrl;
+	}
+
+int ENGINE_get_flags(const ENGINE *e)
+	{
+	return e->flags;
+	}
+
+const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e)
+	{
+	return e->cmd_defns;
+	}
+
+/* eng_lib.o is pretty much linked into anything that touches ENGINE already, so
+ * put the "static_state" hack here. */
+
+static int internal_static_hack = 0;
+
+void *ENGINE_get_static_state(void)
+	{
+	return &internal_static_hack;
+	}
diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
new file mode 100644
index 0000000000..55b646da24
--- /dev/null
+++ b/crypto/engine/eng_list.c
@@ -0,0 +1,429 @@
+/* crypto/engine/eng_list.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+
+/* The linked-list of pointers to engine types. engine_list_head
+ * incorporates an implicit structural reference but engine_list_tail
+ * does not - the latter is a computational niceity and only points
+ * to something that is already pointed to by its predecessor in the
+ * list (or engine_list_head itself). In the same way, the use of the
+ * "prev" pointer in each ENGINE is to save excessive list iteration,
+ * it doesn't correspond to an extra structural reference. Hence,
+ * engine_list_head, and each non-null "next" pointer account for
+ * the list itself assuming exactly 1 structural reference on each
+ * list member. */
+static ENGINE *engine_list_head = NULL;
+static ENGINE *engine_list_tail = NULL;
+
+/* This cleanup function is only needed internally. If it should be called, we
+ * register it with the "ENGINE_cleanup()" stack to be called during cleanup. */
+
+static void engine_list_cleanup(void)
+	{
+	ENGINE *iterator = engine_list_head;
+
+	while(iterator != NULL)
+		{
+		ENGINE_remove(iterator);
+		iterator = engine_list_head;
+		}
+	return;
+	}
+
+/* These static functions starting with a lower case "engine_" always
+ * take place when CRYPTO_LOCK_ENGINE has been locked up. */
+static int engine_list_add(ENGINE *e)
+	{
+	int conflict = 0;
+	ENGINE *iterator = NULL;
+
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	iterator = engine_list_head;
+	while(iterator && !conflict)
+		{
+		conflict = (strcmp(iterator->id, e->id) == 0);
+		iterator = iterator->next;
+		}
+	if(conflict)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+			ENGINE_R_CONFLICTING_ENGINE_ID);
+		return 0;
+		}
+	if(engine_list_head == NULL)
+		{
+		/* We are adding to an empty list. */
+		if(engine_list_tail)
+			{
+			ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+				ENGINE_R_INTERNAL_LIST_ERROR);
+			return 0;
+			}
+		engine_list_head = e;
+		e->prev = NULL;
+		/* The first time the list allocates, we should register the
+		 * cleanup. */
+		engine_cleanup_add_last(engine_list_cleanup);
+		}
+	else
+		{
+		/* We are adding to the tail of an existing list. */
+		if((engine_list_tail == NULL) ||
+				(engine_list_tail->next != NULL))
+			{
+			ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
+				ENGINE_R_INTERNAL_LIST_ERROR);
+			return 0;
+			}
+		engine_list_tail->next = e;
+		e->prev = engine_list_tail;
+		}
+	/* Having the engine in the list assumes a structural
+	 * reference. */
+	e->struct_ref++;
+	engine_ref_debug(e, 0, 1)
+	/* However it came to be, e is the last item in the list. */
+	engine_list_tail = e;
+	e->next = NULL;
+	return 1;
+	}
+
+static int engine_list_remove(ENGINE *e)
+	{
+	ENGINE *iterator;
+
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	/* We need to check that e is in our linked list! */
+	iterator = engine_list_head;
+	while(iterator && (iterator != e))
+		iterator = iterator->next;
+	if(iterator == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
+			ENGINE_R_ENGINE_IS_NOT_IN_LIST);
+		return 0;
+		}
+	/* un-link e from the chain. */
+	if(e->next)
+		e->next->prev = e->prev;
+	if(e->prev)
+		e->prev->next = e->next;
+	/* Correct our head/tail if necessary. */
+	if(engine_list_head == e)
+		engine_list_head = e->next;
+	if(engine_list_tail == e)
+		engine_list_tail = e->prev;
+	engine_free_util(e, 0);
+	return 1;
+	}
+
+/* Get the first/last "ENGINE" type available. */
+ENGINE *ENGINE_get_first(void)
+	{
+	ENGINE *ret;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	ret = engine_list_head;
+	if(ret)
+		{
+		ret->struct_ref++;
+		engine_ref_debug(ret, 0, 1)
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	return ret;
+	}
+
+ENGINE *ENGINE_get_last(void)
+	{
+	ENGINE *ret;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	ret = engine_list_tail;
+	if(ret)
+		{
+		ret->struct_ref++;
+		engine_ref_debug(ret, 0, 1)
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	return ret;
+	}
+
+/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
+ENGINE *ENGINE_get_next(ENGINE *e)
+	{
+	ENGINE *ret = NULL;
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_GET_NEXT,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	ret = e->next;
+	if(ret)
+		{
+		/* Return a valid structural refernce to the next ENGINE */
+		ret->struct_ref++;
+		engine_ref_debug(ret, 0, 1)
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	/* Release the structural reference to the previous ENGINE */
+	ENGINE_free(e);
+	return ret;
+	}
+
+ENGINE *ENGINE_get_prev(ENGINE *e)
+	{
+	ENGINE *ret = NULL;
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_GET_PREV,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	ret = e->prev;
+	if(ret)
+		{
+		/* Return a valid structural reference to the next ENGINE */
+		ret->struct_ref++;
+		engine_ref_debug(ret, 0, 1)
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	/* Release the structural reference to the previous ENGINE */
+	ENGINE_free(e);
+	return ret;
+	}
+
+/* Add another "ENGINE" type into the list. */
+int ENGINE_add(ENGINE *e)
+	{
+	int to_return = 1;
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_ADD,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	if((e->id == NULL) || (e->name == NULL))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_ADD,
+			ENGINE_R_ID_OR_NAME_MISSING);
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	if(!engine_list_add(e))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_ADD,
+			ENGINE_R_INTERNAL_LIST_ERROR);
+		to_return = 0;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	return to_return;
+	}
+
+/* Remove an existing "ENGINE" type from the array. */
+int ENGINE_remove(ENGINE *e)
+	{
+	int to_return = 1;
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_REMOVE,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	if(!engine_list_remove(e))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_REMOVE,
+			ENGINE_R_INTERNAL_LIST_ERROR);
+		to_return = 0;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	return to_return;
+	}
+
+static void engine_cpy(ENGINE *dest, const ENGINE *src)
+	{
+	dest->id = src->id;
+	dest->name = src->name;
+#ifndef OPENSSL_NO_RSA
+	dest->rsa_meth = src->rsa_meth;
+#endif
+#ifndef OPENSSL_NO_DSA
+	dest->dsa_meth = src->dsa_meth;
+#endif
+#ifndef OPENSSL_NO_DH
+	dest->dh_meth = src->dh_meth;
+#endif
+#ifndef OPENSSL_NO_ECDH
+	dest->ecdh_meth = src->ecdh_meth;
+#endif
+#ifndef OPENSSL_NO_ECDSA
+	dest->ecdsa_meth = src->ecdsa_meth;
+#endif
+	dest->rand_meth = src->rand_meth;
+	dest->ciphers = src->ciphers;
+	dest->digests = src->digests;
+	dest->destroy = src->destroy;
+	dest->init = src->init;
+	dest->finish = src->finish;
+	dest->ctrl = src->ctrl;
+	dest->load_privkey = src->load_privkey;
+	dest->load_pubkey = src->load_pubkey;
+	dest->cmd_defns = src->cmd_defns;
+	dest->flags = src->flags;
+	}
+
+ENGINE *ENGINE_by_id(const char *id)
+	{
+	ENGINE *iterator;
+	char *load_dir = NULL;
+	if(id == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_BY_ID,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return NULL;
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	iterator = engine_list_head;
+	while(iterator && (strcmp(id, iterator->id) != 0))
+		iterator = iterator->next;
+	if(iterator)
+		{
+		/* We need to return a structural reference. If this is an
+		 * ENGINE type that returns copies, make a duplicate - otherwise
+		 * increment the existing ENGINE's reference count. */
+		if(iterator->flags & ENGINE_FLAGS_BY_ID_COPY)
+			{
+			ENGINE *cp = ENGINE_new();
+			if(!cp)
+				iterator = NULL;
+			else
+				{
+				engine_cpy(cp, iterator);
+				iterator = cp;
+				}
+			}
+		else
+			{
+			iterator->struct_ref++;
+			engine_ref_debug(iterator, 0, 1)
+			}
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+#if 0
+	if(iterator == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_BY_ID,
+			ENGINE_R_NO_SUCH_ENGINE);
+		ERR_add_error_data(2, "id=", id);
+		}
+	return iterator;
+#else
+	/* EEK! Experimental code starts */
+	if(iterator) return iterator;
+#ifdef OPENSSL_SYS_VMS
+	if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
+#else
+	if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = OPENSSLDIR "/engines";
+#endif
+	iterator = ENGINE_by_id("dynamic");
+	if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
+			!ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
+			!ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
+				load_dir, 0) ||
+			!ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
+		goto notfound;
+	return iterator;
+notfound:
+	ENGINEerr(ENGINE_F_ENGINE_BY_ID,ENGINE_R_NO_SUCH_ENGINE);
+	ERR_add_error_data(2, "id=", id);
+	return NULL;
+	/* EEK! Experimental code ends */
+#endif
+	}
+
+int ENGINE_up_ref(ENGINE *e)
+	{
+	if (e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_UP_REF,ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	CRYPTO_add(&e->struct_ref,1,CRYPTO_LOCK_ENGINE);
+	return 1;
+	}
diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
new file mode 100644
index 0000000000..09d281c19d
--- /dev/null
+++ b/crypto/engine/eng_openssl.c
@@ -0,0 +1,372 @@
+/* crypto/engine/eng_openssl.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/engine.h>
+#include <openssl/dso.h>
+#include <openssl/pem.h>
+#include <openssl/evp.h>
+
+/* This testing gunk is implemented (and explained) lower down. It also assumes
+ * the application explicitly calls "ENGINE_load_openssl()" because this is no
+ * longer automatic in ENGINE_load_builtin_engines(). */
+#define TEST_ENG_OPENSSL_RC4
+#define TEST_ENG_OPENSSL_PKEY
+/* #define TEST_ENG_OPENSSL_RC4_OTHERS */
+#define TEST_ENG_OPENSSL_RC4_P_INIT
+/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
+#define TEST_ENG_OPENSSL_SHA
+/* #define TEST_ENG_OPENSSL_SHA_OTHERS */
+/* #define TEST_ENG_OPENSSL_SHA_P_INIT */
+/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
+/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
+
+/* Now check what of those algorithms are actually enabled */
+#ifdef OPENSSL_NO_RC4
+#undef TEST_ENG_OPENSSL_RC4
+#undef TEST_ENG_OPENSSL_RC4_OTHERS
+#undef TEST_ENG_OPENSSL_RC4_P_INIT
+#undef TEST_ENG_OPENSSL_RC4_P_CIPHER
+#endif
+#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1)
+#undef TEST_ENG_OPENSSL_SHA
+#undef TEST_ENG_OPENSSL_SHA_OTHERS
+#undef TEST_ENG_OPENSSL_SHA_P_INIT
+#undef TEST_ENG_OPENSSL_SHA_P_UPDATE
+#undef TEST_ENG_OPENSSL_SHA_P_FINAL 
+#endif
+
+#ifdef TEST_ENG_OPENSSL_RC4
+static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+				const int **nids, int nid);
+#endif
+#ifdef TEST_ENG_OPENSSL_SHA
+static int openssl_digests(ENGINE *e, const EVP_MD **digest,
+				const int **nids, int nid);
+#endif
+
+#ifdef TEST_ENG_OPENSSL_PKEY
+static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data);
+#endif
+
+/* The constants used when creating the ENGINE */
+static const char *engine_openssl_id = "openssl";
+static const char *engine_openssl_name = "Software engine support";
+
+/* This internal function is used by ENGINE_openssl() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+	{
+	if(!ENGINE_set_id(e, engine_openssl_id)
+			|| !ENGINE_set_name(e, engine_openssl_name)
+#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
+#ifndef OPENSSL_NO_RSA
+			|| !ENGINE_set_RSA(e, RSA_get_default_method())
+#endif
+#ifndef OPENSSL_NO_DSA
+			|| !ENGINE_set_DSA(e, DSA_get_default_method())
+#endif
+#ifndef OPENSSL_NO_ECDH
+			|| !ENGINE_set_ECDH(e, ECDH_OpenSSL())
+#endif
+#ifndef OPENSSL_NO_ECDSA
+			|| !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
+#endif
+#ifndef OPENSSL_NO_DH
+			|| !ENGINE_set_DH(e, DH_get_default_method())
+#endif
+			|| !ENGINE_set_RAND(e, RAND_SSLeay())
+#ifdef TEST_ENG_OPENSSL_RC4
+			|| !ENGINE_set_ciphers(e, openssl_ciphers)
+#endif
+#ifdef TEST_ENG_OPENSSL_SHA
+			|| !ENGINE_set_digests(e, openssl_digests)
+#endif
+#endif
+#ifdef TEST_ENG_OPENSSL_PKEY
+			|| !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
+#endif
+			)
+		return 0;
+	/* If we add errors to this ENGINE, ensure the error handling is setup here */
+	/* openssl_load_error_strings(); */
+	return 1;
+	}
+
+static ENGINE *engine_openssl(void)
+	{
+	ENGINE *ret = ENGINE_new();
+	if(!ret)
+		return NULL;
+	if(!bind_helper(ret))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_openssl(void)
+	{
+	ENGINE *toadd = engine_openssl();
+	if(!toadd) return;
+	ENGINE_add(toadd);
+	/* If the "add" worked, it gets a structural reference. So either way,
+	 * we release our just-created reference. */
+	ENGINE_free(toadd);
+	ERR_clear_error();
+	}
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+	{
+	if(id && (strcmp(id, engine_openssl_id) != 0))
+		return 0;
+	if(!bind_helper(e))
+		return 0;
+	return 1;
+	}
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
+#ifdef TEST_ENG_OPENSSL_RC4
+/* This section of code compiles an "alternative implementation" of two modes of
+ * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
+ * should under normal circumstances go via this support rather than the default
+ * EVP support. There are other symbols to tweak the testing;
+ *    TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
+ *        we're asked for a cipher we don't support (should not happen).
+ *    TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
+ *        the "init_key" handler is called.
+ *    TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
+ */
+#include <openssl/rc4.h>
+#define TEST_RC4_KEY_SIZE		16
+static int test_cipher_nids[] = {NID_rc4,NID_rc4_40};
+static int test_cipher_nids_number = 2;
+typedef struct {
+	unsigned char key[TEST_RC4_KEY_SIZE];
+	RC4_KEY ks;
+	} TEST_RC4_KEY;
+#define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data)
+static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			const unsigned char *iv, int enc)
+	{
+#ifdef TEST_ENG_OPENSSL_RC4_P_INIT
+	fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
+#endif
+	memcpy(&test(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx));
+	RC4_set_key(&test(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
+		test(ctx)->key);
+	return 1;
+	}
+static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+		      const unsigned char *in, unsigned int inl)
+	{
+#ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
+	fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
+#endif
+	RC4(&test(ctx)->ks,inl,in,out);
+	return 1;
+	}
+static const EVP_CIPHER test_r4_cipher=
+	{
+	NID_rc4,
+	1,TEST_RC4_KEY_SIZE,0,
+	EVP_CIPH_VARIABLE_LENGTH,
+	test_rc4_init_key,
+	test_rc4_cipher,
+	NULL,
+	sizeof(TEST_RC4_KEY),
+	NULL,
+	NULL,
+	NULL
+	};
+static const EVP_CIPHER test_r4_40_cipher=
+	{
+	NID_rc4_40,
+	1,5 /* 40 bit */,0,
+	EVP_CIPH_VARIABLE_LENGTH,
+	test_rc4_init_key,
+	test_rc4_cipher,
+	NULL,
+	sizeof(TEST_RC4_KEY),
+	NULL, 
+	NULL,
+	NULL
+	};
+static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+			const int **nids, int nid)
+	{
+	if(!cipher)
+		{
+		/* We are returning a list of supported nids */
+		*nids = test_cipher_nids;
+		return test_cipher_nids_number;
+		}
+	/* We are being asked for a specific cipher */
+	if(nid == NID_rc4)
+		*cipher = &test_r4_cipher;
+	else if(nid == NID_rc4_40)
+		*cipher = &test_r4_40_cipher;
+	else
+		{
+#ifdef TEST_ENG_OPENSSL_RC4_OTHERS
+		fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
+				"nid %d\n", nid);
+#endif
+		*cipher = NULL;
+		return 0;
+		}
+	return 1;
+	}
+#endif
+
+#ifdef TEST_ENG_OPENSSL_SHA
+/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
+#include <openssl/sha.h>
+static int test_digest_nids[] = {NID_sha1};
+static int test_digest_nids_number = 1;
+static int test_sha1_init(EVP_MD_CTX *ctx)
+	{
+#ifdef TEST_ENG_OPENSSL_SHA_P_INIT
+	fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
+#endif
+	return SHA1_Init(ctx->md_data);
+	}
+static int test_sha1_update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{
+#ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
+	fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
+#endif
+	return SHA1_Update(ctx->md_data,data,count);
+	}
+static int test_sha1_final(EVP_MD_CTX *ctx,unsigned char *md)
+	{
+#ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
+	fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
+#endif
+	return SHA1_Final(md,ctx->md_data);
+	}
+static const EVP_MD test_sha_md=
+	{
+	NID_sha1,
+	NID_sha1WithRSAEncryption,
+	SHA_DIGEST_LENGTH,
+	0,
+	test_sha1_init,
+	test_sha1_update,
+	test_sha1_final,
+	NULL,
+	NULL,
+	EVP_PKEY_RSA_method,
+	SHA_CBLOCK,
+	sizeof(EVP_MD *)+sizeof(SHA_CTX),
+	};
+static int openssl_digests(ENGINE *e, const EVP_MD **digest,
+			const int **nids, int nid)
+	{
+	if(!digest)
+		{
+		/* We are returning a list of supported nids */
+		*nids = test_digest_nids;
+		return test_digest_nids_number;
+		}
+	/* We are being asked for a specific digest */
+	if(nid == NID_sha1)
+		*digest = &test_sha_md;
+	else
+		{
+#ifdef TEST_ENG_OPENSSL_SHA_OTHERS
+		fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
+				"nid %d\n", nid);
+#endif
+		*digest = NULL;
+		return 0;
+		}
+	return 1;
+	}
+#endif
+
+#ifdef TEST_ENG_OPENSSL_PKEY
+static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data)
+	{
+	BIO *in;
+	EVP_PKEY *key;
+	fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", key_id);
+	in = BIO_new_file(key_id, "r");
+	if (!in)
+		return NULL;
+	key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
+	BIO_free(in);
+	return key;
+	}
+#endif
diff --git a/crypto/engine/eng_pkey.c b/crypto/engine/eng_pkey.c
new file mode 100644
index 0000000000..8c69171511
--- /dev/null
+++ b/crypto/engine/eng_pkey.c
@@ -0,0 +1,157 @@
+/* crypto/engine/eng_pkey.c */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include "eng_int.h"
+#include <openssl/engine.h>
+
+/* Basic get/set stuff */
+
+int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f)
+	{
+	e->load_privkey = loadpriv_f;
+	return 1;
+	}
+
+int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
+	{
+	e->load_pubkey = loadpub_f;
+	return 1;
+	}
+
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
+	{
+	return e->load_privkey;
+	}
+
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)
+	{
+	return e->load_pubkey;
+	}
+
+/* API functions to load public/private keys */
+
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data)
+	{
+	EVP_PKEY *pkey;
+
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	if(e->funct_ref == 0)
+		{
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+			ENGINE_R_NOT_INITIALISED);
+		return 0;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	if (!e->load_privkey)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+			ENGINE_R_NO_LOAD_FUNCTION);
+		return 0;
+		}
+	pkey = e->load_privkey(e, key_id, ui_method, callback_data);
+	if (!pkey)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+			ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+		return 0;
+		}
+	return pkey;
+	}
+
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data)
+	{
+	EVP_PKEY *pkey;
+
+	if(e == NULL)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+			ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	if(e->funct_ref == 0)
+		{
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+			ENGINE_R_NOT_INITIALISED);
+		return 0;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	if (!e->load_pubkey)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+			ENGINE_R_NO_LOAD_FUNCTION);
+		return 0;
+		}
+	pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
+	if (!pkey)
+		{
+		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+			ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+		return 0;
+		}
+	return pkey;
+	}
diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c
new file mode 100644
index 0000000000..c69a84a8bf
--- /dev/null
+++ b/crypto/engine/eng_table.c
@@ -0,0 +1,361 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* This is the type of item in the 'implementation' table. Each 'nid' hashes to
+ * a (potentially NULL) ENGINE_PILE structure which contains a stack of ENGINE*
+ * pointers. These pointers aren't references, because they're inserted and
+ * removed during ENGINE creation and ENGINE destruction. They point to ENGINEs
+ * that *exist* (ie. have a structural reference count greater than zero) rather
+ * than ENGINEs that are *functional*. Each pointer in those stacks are to
+ * ENGINEs that implements the algorithm corresponding to each 'nid'. */
+
+/* The type of the items in the table */
+typedef struct st_engine_pile
+	{
+	/* The 'nid' of the algorithm/mode this ENGINE_PILE structure represents
+	 * */
+	int nid;
+	/* A stack of ENGINE pointers for ENGINEs that support this
+	 * algorithm/mode. In the event that 'funct' is NULL, the first entry in
+	 * this stack that initialises will be set as 'funct' and assumed as the
+	 * default for operations of this type. */
+	STACK_OF(ENGINE) *sk;
+	/* The default ENGINE to perform this algorithm/mode. */
+	ENGINE *funct;
+	/* This value optimises engine_table_select(). If it is called it sets
+	 * this value to 1. Any changes to this ENGINE_PILE resets it to zero.
+	 * As such, no ENGINE_init() thrashing is done unless ENGINEs
+	 * continually register (and/or unregister). */
+	int uptodate;
+	} ENGINE_PILE;
+
+/* The type of the hash table of ENGINE_PILE structures such that each are
+ * unique and keyed by the 'nid' value. */
+struct st_engine_table
+	{
+	LHASH piles;
+	}; /* ENGINE_TABLE */
+
+/* This value stores global options controlling behaviour of (mostly) the
+ * engine_table_select() function. It's a bitmask of flag values of the form
+ * ENGINE_TABLE_FLAG_*** (as defined in engine.h) and is controlled by the
+ * ENGINE_[get|set]_table_flags() function. */
+static unsigned int table_flags = 0;
+
+/* API function manipulating 'table_flags' */
+unsigned int ENGINE_get_table_flags(void)
+	{
+	return table_flags;
+	}
+void ENGINE_set_table_flags(unsigned int flags)
+	{
+	table_flags = flags;
+	}
+
+/* Internal functions for the "piles" hash table */
+static unsigned long engine_pile_hash(const ENGINE_PILE *c)
+	{
+	return c->nid;
+	}
+static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
+	{
+	return a->nid - b->nid;
+	}
+static IMPLEMENT_LHASH_HASH_FN(engine_pile_hash, const ENGINE_PILE *)
+static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *)
+static int int_table_check(ENGINE_TABLE **t, int create)
+	{
+	LHASH *lh;
+	if(*t)
+		return 1;
+	if(!create)
+		return 0;
+	if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash),
+			LHASH_COMP_FN(engine_pile_cmp))) == NULL)
+		return 0;
+	*t = (ENGINE_TABLE *)lh;
+	return 1;
+	}
+
+/* Privately exposed (via eng_int.h) functions for adding and/or removing
+ * ENGINEs from the implementation table */
+int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
+		ENGINE *e, const int *nids, int num_nids, int setdefault)
+	{
+	int ret = 0, added = 0;
+	ENGINE_PILE tmplate, *fnd;
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	if(!(*table))
+		added = 1;
+	if(!int_table_check(table, 1))
+		goto end;
+	if(added)
+		/* The cleanup callback needs to be added */
+		engine_cleanup_add_first(cleanup);
+	while(num_nids--)
+		{
+		tmplate.nid = *nids;
+		fnd = lh_retrieve(&(*table)->piles, &tmplate);
+		if(!fnd)
+			{
+			fnd = OPENSSL_malloc(sizeof(ENGINE_PILE));
+			if(!fnd)
+				goto end;
+			fnd->uptodate = 1;
+			fnd->nid = *nids;
+			fnd->sk = sk_ENGINE_new_null();
+			if(!fnd->sk)
+				{
+				OPENSSL_free(fnd);
+				goto end;
+				}
+			fnd->funct= NULL;
+			lh_insert(&(*table)->piles, fnd);
+			}
+		/* A registration shouldn't add duplciate entries */
+		sk_ENGINE_delete_ptr(fnd->sk, e);
+		/* if 'setdefault', this ENGINE goes to the head of the list */
+		if(!sk_ENGINE_push(fnd->sk, e))
+			goto end;
+		/* "touch" this ENGINE_PILE */
+		fnd->uptodate = 0;
+		if(setdefault)
+			{
+			if(!engine_unlocked_init(e))
+				{
+				ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER,
+						ENGINE_R_INIT_FAILED);
+				goto end;
+				}
+			if(fnd->funct)
+				engine_unlocked_finish(fnd->funct, 0);
+			fnd->funct = e;
+			}
+		nids++;
+		}
+	ret = 1;
+end:
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	return ret;
+	}
+static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
+	{
+	int n;
+	/* Iterate the 'c->sk' stack removing any occurance of 'e' */
+	while((n = sk_ENGINE_find(pile->sk, e)) >= 0)
+		{
+		sk_ENGINE_delete(pile->sk, n);
+		/* "touch" this ENGINE_CIPHER */
+		pile->uptodate = 0;
+		}
+	if(pile->funct == e)
+		{
+		engine_unlocked_finish(e, 0);
+		pile->funct = NULL;
+		}
+	}
+static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb,ENGINE_PILE *,ENGINE *)
+void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
+	{
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	if(int_table_check(table, 0))
+		lh_doall_arg(&(*table)->piles,
+			LHASH_DOALL_ARG_FN(int_unregister_cb), e);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	}
+
+static void int_cleanup_cb(ENGINE_PILE *p)
+	{
+	sk_ENGINE_free(p->sk);
+	if(p->funct)
+		engine_unlocked_finish(p->funct, 0);
+	OPENSSL_free(p);
+	}
+static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb,ENGINE_PILE *)
+void engine_table_cleanup(ENGINE_TABLE **table)
+	{
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	if(*table)
+		{
+		lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb));
+		lh_free(&(*table)->piles);
+		*table = NULL;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	}
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given cipher 'nid' */
+#ifndef ENGINE_TABLE_DEBUG
+ENGINE *engine_table_select(ENGINE_TABLE **table, int nid)
+#else
+ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l)
+#endif
+	{
+	ENGINE *ret = NULL;
+	ENGINE_PILE tmplate, *fnd=NULL;
+	int initres, loop = 0;
+
+	/* If 'engine_ciphers' is NULL, then it's absolutely *sure* that no
+	 * ENGINEs have registered any implementations! */
+	if(!(*table))
+		{
+#ifdef ENGINE_TABLE_DEBUG
+		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
+			"registered for anything!\n", f, l, nid);
+#endif
+		return NULL;
+		}
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	/* Check again inside the lock otherwise we could race against cleanup
+	 * operations. But don't worry about a fprintf(stderr). */
+	if(!int_table_check(table, 0))
+		goto end;
+	tmplate.nid = nid;
+	fnd = lh_retrieve(&(*table)->piles, &tmplate);
+	if(!fnd)
+		goto end;
+	if(fnd->funct && engine_unlocked_init(fnd->funct))
+		{
+#ifdef ENGINE_TABLE_DEBUG
+		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
+			"ENGINE '%s' cached\n", f, l, nid, fnd->funct->id);
+#endif
+		ret = fnd->funct;
+		goto end;
+		}
+	if(fnd->uptodate)
+		{
+		ret = fnd->funct;
+		goto end;
+		}
+trynext:
+	ret = sk_ENGINE_value(fnd->sk, loop++);
+	if(!ret)
+		{
+#ifdef ENGINE_TABLE_DEBUG
+		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
+				"registered implementations would initialise\n",
+				f, l, nid);
+#endif
+		goto end;
+		}
+#if 0
+	/* Don't need to get a reference if we hold the lock. If the locking has
+	 * to change in future, that would be different ... */
+	ret->struct_ref++; engine_ref_debug(ret, 0, 1)
+#endif
+	/* Try and initialise the ENGINE if it's already functional *or* if the
+	 * ENGINE_TABLE_FLAG_NOINIT flag is not set. */
+	if((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))
+		initres = engine_unlocked_init(ret);
+	else
+		initres = 0;
+#if 0
+	/* Release the structural reference */
+	ret->struct_ref--; engine_ref_debug(ret, 0, -1);
+#endif
+	if(initres)
+		{
+		/* If we didn't have a default (functional reference) for this
+		 * 'nid' (or we had one but for whatever reason we're now
+		 * initialising a different one), use this opportunity to set
+		 * 'funct'. */
+		if((fnd->funct != ret) && engine_unlocked_init(ret))
+			{
+			/* If there was a previous default we release it. */
+			if(fnd->funct)
+				engine_unlocked_finish(fnd->funct, 0);
+			/* We got an extra functional reference for the
+			 * per-'nid' default */
+			fnd->funct = ret;
+#ifdef ENGINE_TABLE_DEBUG
+			fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, "
+				"setting default to '%s'\n", f, l, nid, ret->id);
+#endif
+			}
+#ifdef ENGINE_TABLE_DEBUG
+		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
+				"newly initialised '%s'\n", f, l, nid, ret->id);
+#endif
+		goto end;
+		}
+	goto trynext;
+end:
+	/* Whatever happened - we should "untouch" our uptodate file seeing as
+	 * we have tried our best to find a functional reference for 'nid'. If
+	 * it failed, it is unlikely to succeed again until some future
+	 * registrations (or unregistrations) have taken place that affect that
+	 * 'nid'. */
+	if(fnd)
+		fnd->uptodate = 1;
+#ifdef ENGINE_TABLE_DEBUG
+	if(ret)
+		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
+				"ENGINE '%s'\n", f, l, nid, ret->id);
+	else
+		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
+				"'no matching ENGINE'\n", f, l, nid);
+#endif
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	/* Whatever happened, any failed init()s are not failures in this
+	 * context, so clear our error state. */
+	ERR_clear_error();
+	return ret;
+	}
diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h
new file mode 100644
index 0000000000..8ed684c0ea
--- /dev/null
+++ b/crypto/engine/engine.h
@@ -0,0 +1,772 @@
+/* openssl/engine.h */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#ifndef HEADER_ENGINE_H
+#define HEADER_ENGINE_H
+
+#include <openssl/opensslconf.h>
+#include <openssl/ossl_typ.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
+#endif
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#ifndef OPENSSL_NO_ECDH
+#include <openssl/ecdh.h>
+#endif
+#ifndef OPENSSL_NO_ECDSA
+#include <openssl/ecdsa.h>
+#endif
+#include <openssl/rand.h>
+#include <openssl/ui.h>
+#include <openssl/symhacks.h>
+#include <openssl/err.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Fixups for missing algorithms */
+#ifdef OPENSSL_NO_RSA
+typedef void RSA_METHOD;
+#endif
+#ifdef OPENSSL_NO_DSA
+typedef void DSA_METHOD;
+#endif
+#ifdef OPENSSL_NO_DH
+typedef void DH_METHOD;
+#endif
+#ifdef OPENSSL_NO_ECDH
+typedef void ECDH_METHOD;
+#endif
+#ifdef OPENSSL_NO_ECDSA
+typedef void ECDSA_METHOD;
+#endif
+
+/* These flags are used to control combinations of algorithm (methods)
+ * by bitwise "OR"ing. */
+#define ENGINE_METHOD_RSA		(unsigned int)0x0001
+#define ENGINE_METHOD_DSA		(unsigned int)0x0002
+#define ENGINE_METHOD_DH		(unsigned int)0x0004
+#define ENGINE_METHOD_RAND		(unsigned int)0x0008
+#define ENGINE_METHOD_ECDH		(unsigned int)0x0010
+#define ENGINE_METHOD_ECDSA		(unsigned int)0x0020
+#define ENGINE_METHOD_CIPHERS		(unsigned int)0x0040
+#define ENGINE_METHOD_DIGESTS		(unsigned int)0x0080
+/* Obvious all-or-nothing cases. */
+#define ENGINE_METHOD_ALL		(unsigned int)0xFFFF
+#define ENGINE_METHOD_NONE		(unsigned int)0x0000
+
+/* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
+ * internally to control registration of ENGINE implementations, and can be set
+ * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
+ * initialise registered ENGINEs if they are not already initialised. */
+#define ENGINE_TABLE_FLAG_NOINIT	(unsigned int)0x0001
+
+/* ENGINE flags that can be set by ENGINE_set_flags(). */
+/* #define ENGINE_FLAGS_MALLOCED	0x0001 */ /* Not used */
+
+/* This flag is for ENGINEs that wish to handle the various 'CMD'-related
+ * control commands on their own. Without this flag, ENGINE_ctrl() handles these
+ * control commands on behalf of the ENGINE using their "cmd_defns" data. */
+#define ENGINE_FLAGS_MANUAL_CMD_CTRL	(int)0x0002
+
+/* This flag is for ENGINEs who return new duplicate structures when found via
+ * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl()
+ * commands are called in sequence as part of some stateful process like
+ * key-generation setup and execution), it can set this flag - then each attempt
+ * to obtain the ENGINE will result in it being copied into a new structure.
+ * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments
+ * the existing ENGINE's structural reference count. */
+#define ENGINE_FLAGS_BY_ID_COPY		(int)0x0004
+
+/* ENGINEs can support their own command types, and these flags are used in
+ * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each
+ * command expects. Currently only numeric and string input is supported. If a
+ * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options,
+ * then it is regarded as an "internal" control command - and not for use in
+ * config setting situations. As such, they're not available to the
+ * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to
+ * this list of 'command types' should be reflected carefully in
+ * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */
+
+/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */
+#define ENGINE_CMD_FLAG_NUMERIC		(unsigned int)0x0001
+/* accepts string input (cast from 'void*' to 'const char *', 4th parameter to
+ * ENGINE_ctrl) */
+#define ENGINE_CMD_FLAG_STRING		(unsigned int)0x0002
+/* Indicates that the control command takes *no* input. Ie. the control command
+ * is unparameterised. */
+#define ENGINE_CMD_FLAG_NO_INPUT	(unsigned int)0x0004
+/* Indicates that the control command is internal. This control command won't
+ * be shown in any output, and is only usable through the ENGINE_ctrl_cmd()
+ * function. */
+#define ENGINE_CMD_FLAG_INTERNAL	(unsigned int)0x0008
+
+/* NB: These 3 control commands are deprecated and should not be used. ENGINEs
+ * relying on these commands should compile conditional support for
+ * compatibility (eg. if these symbols are defined) but should also migrate the
+ * same functionality to their own ENGINE-specific control functions that can be
+ * "discovered" by calling applications. The fact these control commands
+ * wouldn't be "executable" (ie. usable by text-based config) doesn't change the
+ * fact that application code can find and use them without requiring per-ENGINE
+ * hacking. */
+
+/* These flags are used to tell the ctrl function what should be done.
+ * All command numbers are shared between all engines, even if some don't
+ * make sense to some engines.  In such a case, they do nothing but return
+ * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */
+#define ENGINE_CTRL_SET_LOGSTREAM		1
+#define ENGINE_CTRL_SET_PASSWORD_CALLBACK	2
+#define ENGINE_CTRL_HUP				3 /* Close and reinitialise any
+						     handles/connections etc. */
+#define ENGINE_CTRL_SET_USER_INTERFACE          4 /* Alternative to callback */
+#define ENGINE_CTRL_SET_CALLBACK_DATA           5 /* User-specific data, used
+                                                     when calling the password
+                                                     callback and the user
+                                                     interface */
+
+/* These control commands allow an application to deal with an arbitrary engine
+ * in a dynamic way. Warn: Negative return values indicate errors FOR THESE
+ * COMMANDS because zero is used to indicate 'end-of-list'. Other commands,
+ * including ENGINE-specific command types, return zero for an error.
+ *
+ * An ENGINE can choose to implement these ctrl functions, and can internally
+ * manage things however it chooses - it does so by setting the
+ * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the
+ * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns
+ * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl()
+ * handler need only implement its own commands - the above "meta" commands will
+ * be taken care of. */
+
+/* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then
+ * all the remaining control commands will return failure, so it is worth
+ * checking this first if the caller is trying to "discover" the engine's
+ * capabilities and doesn't want errors generated unnecessarily. */
+#define ENGINE_CTRL_HAS_CTRL_FUNCTION		10
+/* Returns a positive command number for the first command supported by the
+ * engine. Returns zero if no ctrl commands are supported. */
+#define ENGINE_CTRL_GET_FIRST_CMD_TYPE		11
+/* The 'long' argument specifies a command implemented by the engine, and the
+ * return value is the next command supported, or zero if there are no more. */
+#define ENGINE_CTRL_GET_NEXT_CMD_TYPE		12
+/* The 'void*' argument is a command name (cast from 'const char *'), and the
+ * return value is the command that corresponds to it. */
+#define ENGINE_CTRL_GET_CMD_FROM_NAME		13
+/* The next two allow a command to be converted into its corresponding string
+ * form. In each case, the 'long' argument supplies the command. In the NAME_LEN
+ * case, the return value is the length of the command name (not counting a
+ * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer
+ * large enough, and it will be populated with the name of the command (WITH a
+ * trailing EOL). */
+#define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD	14
+#define ENGINE_CTRL_GET_NAME_FROM_CMD		15
+/* The next two are similar but give a "short description" of a command. */
+#define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD	16
+#define ENGINE_CTRL_GET_DESC_FROM_CMD		17
+/* With this command, the return value is the OR'd combination of
+ * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given
+ * engine-specific ctrl command expects. */
+#define ENGINE_CTRL_GET_CMD_FLAGS		18
+
+/* ENGINE implementations should start the numbering of their own control
+ * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */
+#define ENGINE_CMD_BASE		200
+
+/* NB: These 2 nCipher "chil" control commands are deprecated, and their
+ * functionality is now available through ENGINE-specific control commands
+ * (exposed through the above-mentioned 'CMD'-handling). Code using these 2
+ * commands should be migrated to the more general command handling before these
+ * are removed. */
+
+/* Flags specific to the nCipher "chil" engine */
+#define ENGINE_CTRL_CHIL_SET_FORKCHECK		100
+	/* Depending on the value of the (long)i argument, this sets or
+	 * unsets the SimpleForkCheck flag in the CHIL API to enable or
+	 * disable checking and workarounds for applications that fork().
+	 */
+#define ENGINE_CTRL_CHIL_NO_LOCKING		101
+	/* This prevents the initialisation function from providing mutex
+	 * callbacks to the nCipher library. */
+
+/* If an ENGINE supports its own specific control commands and wishes the
+ * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its
+ * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries
+ * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that
+ * supports the stated commands (ie. the "cmd_num" entries as described by the
+ * array). NB: The array must be ordered in increasing order of cmd_num.
+ * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set
+ * to zero and/or cmd_name set to NULL. */
+typedef struct ENGINE_CMD_DEFN_st
+	{
+	unsigned int cmd_num; /* The command number */
+	const char *cmd_name; /* The command name itself */
+	const char *cmd_desc; /* A short description of the command */
+	unsigned int cmd_flags; /* The input the command expects */
+	} ENGINE_CMD_DEFN;
+
+/* Generic function pointer */
+typedef int (*ENGINE_GEN_FUNC_PTR)();
+/* Generic function pointer taking no arguments */
+typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *);
+/* Specific control function pointer */
+typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)());
+/* Generic load_key function pointer */
+typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
+	UI_METHOD *ui_method, void *callback_data);
+/* These callback types are for an ENGINE's handler for cipher and digest logic.
+ * These handlers have these prototypes;
+ *   int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
+ *   int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
+ * Looking at how to implement these handlers in the case of cipher support, if
+ * the framework wants the EVP_CIPHER for 'nid', it will call;
+ *   foo(e, &p_evp_cipher, NULL, nid);    (return zero for failure)
+ * If the framework wants a list of supported 'nid's, it will call;
+ *   foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error)
+ */
+/* Returns to a pointer to the array of supported cipher 'nid's. If the second
+ * parameter is non-NULL it is set to the size of the returned array. */
+typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int);
+typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int);
+
+/* STRUCTURE functions ... all of these functions deal with pointers to ENGINE
+ * structures where the pointers have a "structural reference". This means that
+ * their reference is to allowed access to the structure but it does not imply
+ * that the structure is functional. To simply increment or decrement the
+ * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not
+ * required when iterating using ENGINE_get_next as it will automatically
+ * decrement the structural reference count of the "current" ENGINE and
+ * increment the structural reference count of the ENGINE it returns (unless it
+ * is NULL). */
+
+/* Get the first/last "ENGINE" type available. */
+ENGINE *ENGINE_get_first(void);
+ENGINE *ENGINE_get_last(void);
+/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
+ENGINE *ENGINE_get_next(ENGINE *e);
+ENGINE *ENGINE_get_prev(ENGINE *e);
+/* Add another "ENGINE" type into the array. */
+int ENGINE_add(ENGINE *e);
+/* Remove an existing "ENGINE" type from the array. */
+int ENGINE_remove(ENGINE *e);
+/* Retrieve an engine from the list by its unique "id" value. */
+ENGINE *ENGINE_by_id(const char *id);
+/* Add all the built-in engines. */
+void ENGINE_load_openssl(void);
+void ENGINE_load_dynamic(void);
+#ifndef OPENSSL_NO_STATIC_ENGINE
+void ENGINE_load_cswift(void);
+void ENGINE_load_chil(void);
+void ENGINE_load_atalla(void);
+void ENGINE_load_nuron(void);
+void ENGINE_load_ubsec(void);
+void ENGINE_load_aep(void);
+void ENGINE_load_sureware(void);
+void ENGINE_load_4758cca(void);
+#endif
+void ENGINE_load_cryptodev(void);
+void ENGINE_load_builtin_engines(void);
+
+/* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
+ * "registry" handling. */
+unsigned int ENGINE_get_table_flags(void);
+void ENGINE_set_table_flags(unsigned int flags);
+
+/* Manage registration of ENGINEs per "table". For each type, there are 3
+ * functions;
+ *   ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
+ *   ENGINE_unregister_***(e) - unregister the implementation from 'e'
+ *   ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
+ * Cleanup is automatically registered from each table when required, so
+ * ENGINE_cleanup() will reverse any "register" operations. */
+
+int ENGINE_register_RSA(ENGINE *e);
+void ENGINE_unregister_RSA(ENGINE *e);
+void ENGINE_register_all_RSA(void);
+
+int ENGINE_register_DSA(ENGINE *e);
+void ENGINE_unregister_DSA(ENGINE *e);
+void ENGINE_register_all_DSA(void);
+
+int ENGINE_register_ECDH(ENGINE *e);
+void ENGINE_unregister_ECDH(ENGINE *e);
+void ENGINE_register_all_ECDH(void);
+
+int ENGINE_register_ECDSA(ENGINE *e);
+void ENGINE_unregister_ECDSA(ENGINE *e);
+void ENGINE_register_all_ECDSA(void);
+
+int ENGINE_register_DH(ENGINE *e);
+void ENGINE_unregister_DH(ENGINE *e);
+void ENGINE_register_all_DH(void);
+
+int ENGINE_register_RAND(ENGINE *e);
+void ENGINE_unregister_RAND(ENGINE *e);
+void ENGINE_register_all_RAND(void);
+
+int ENGINE_register_ciphers(ENGINE *e);
+void ENGINE_unregister_ciphers(ENGINE *e);
+void ENGINE_register_all_ciphers(void);
+
+int ENGINE_register_digests(ENGINE *e);
+void ENGINE_unregister_digests(ENGINE *e);
+void ENGINE_register_all_digests(void);
+
+/* These functions register all support from the above categories. Note, use of
+ * these functions can result in static linkage of code your application may not
+ * need. If you only need a subset of functionality, consider using more
+ * selective initialisation. */
+int ENGINE_register_complete(ENGINE *e);
+int ENGINE_register_all_complete(void);
+
+/* Send parametrised control commands to the engine. The possibilities to send
+ * down an integer, a pointer to data or a function pointer are provided. Any of
+ * the parameters may or may not be NULL, depending on the command number. In
+ * actuality, this function only requires a structural (rather than functional)
+ * reference to an engine, but many control commands may require the engine be
+ * functional. The caller should be aware of trying commands that require an
+ * operational ENGINE, and only use functional references in such situations. */
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+
+/* This function tests if an ENGINE-specific command is usable as a "setting".
+ * Eg. in an application's config file that gets processed through
+ * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to
+ * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */
+int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
+
+/* This function works like ENGINE_ctrl() with the exception of taking a
+ * command name instead of a command number, and can handle optional commands.
+ * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to
+ * use the cmd_name and cmd_optional. */
+int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+        long i, void *p, void (*f)(), int cmd_optional);
+
+/* This function passes a command-name and argument to an ENGINE. The cmd_name
+ * is converted to a command number and the control command is called using
+ * 'arg' as an argument (unless the ENGINE doesn't support such a command, in
+ * which case no control command is called). The command is checked for input
+ * flags, and if necessary the argument will be converted to a numeric value. If
+ * cmd_optional is non-zero, then if the ENGINE doesn't support the given
+ * cmd_name the return value will be success anyway. This function is intended
+ * for applications to use so that users (or config files) can supply
+ * engine-specific config data to the ENGINE at run-time to control behaviour of
+ * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl()
+ * functions that return data, deal with binary data, or that are otherwise
+ * supposed to be used directly through ENGINE_ctrl() in application code. Any
+ * "return" data from an ENGINE_ctrl() operation in this function will be lost -
+ * the return value is interpreted as failure if the return value is zero,
+ * success otherwise, and this function returns a boolean value as a result. In
+ * other words, vendors of 'ENGINE'-enabled devices should write ENGINE
+ * implementations with parameterisations that work in this scheme, so that
+ * compliant ENGINE-based applications can work consistently with the same
+ * configuration for the same ENGINE-enabled devices, across applications. */
+int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+				int cmd_optional);
+
+/* These functions are useful for manufacturing new ENGINE structures. They
+ * don't address reference counting at all - one uses them to populate an ENGINE
+ * structure with personalised implementations of things prior to using it
+ * directly or adding it to the builtin ENGINE list in OpenSSL. These are also
+ * here so that the ENGINE structure doesn't have to be exposed and break binary
+ * compatibility! */
+ENGINE *ENGINE_new(void);
+int ENGINE_free(ENGINE *e);
+int ENGINE_up_ref(ENGINE *e);
+int ENGINE_set_id(ENGINE *e, const char *id);
+int ENGINE_set_name(ENGINE *e, const char *name);
+int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth);
+int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth);
+int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
+int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
+int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
+int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
+int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
+int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+int ENGINE_set_flags(ENGINE *e, int flags);
+int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
+/* These functions (and the "get" function lower down) allow control over any
+ * per-structure ENGINE data. */
+int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+		CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
+
+/* This function cleans up anything that needs it. Eg. the ENGINE_add() function
+ * automatically ensures the list cleanup function is registered to be called
+ * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure
+ * ENGINE_cleanup() will clean up after them. */
+void ENGINE_cleanup(void);
+
+/* These return values from within the ENGINE structure. These can be useful
+ * with functional references as well as structural references - it depends
+ * which you obtained. Using the result for functional purposes if you only
+ * obtained a structural reference may be problematic! */
+const char *ENGINE_get_id(const ENGINE *e);
+const char *ENGINE_get_name(const ENGINE *e);
+const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
+const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
+const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e);
+const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e);
+const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
+const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
+ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
+const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
+int ENGINE_get_flags(const ENGINE *e);
+void *ENGINE_get_ex_data(const ENGINE *e, int idx);
+
+/* FUNCTIONAL functions. These functions deal with ENGINE structures
+ * that have (or will) be initialised for use. Broadly speaking, the
+ * structural functions are useful for iterating the list of available
+ * engine types, creating new engine types, and other "list" operations.
+ * These functions actually deal with ENGINEs that are to be used. As
+ * such these functions can fail (if applicable) when particular
+ * engines are unavailable - eg. if a hardware accelerator is not
+ * attached or not functioning correctly. Each ENGINE has 2 reference
+ * counts; structural and functional. Every time a functional reference
+ * is obtained or released, a corresponding structural reference is
+ * automatically obtained or released too. */
+
+/* Initialise a engine type for use (or up its reference count if it's
+ * already in use). This will fail if the engine is not currently
+ * operational and cannot initialise. */
+int ENGINE_init(ENGINE *e);
+/* Free a functional reference to a engine type. This does not require
+ * a corresponding call to ENGINE_free as it also releases a structural
+ * reference. */
+int ENGINE_finish(ENGINE *e);
+
+/* The following functions handle keys that are stored in some secondary
+ * location, handled by the engine.  The storage may be on a card or
+ * whatever. */
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data);
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data);
+
+/* This returns a pointer for the current ENGINE structure that
+ * is (by default) performing any RSA operations. The value returned
+ * is an incremented reference, so it should be free'd (ENGINE_finish)
+ * before it is discarded. */
+ENGINE *ENGINE_get_default_RSA(void);
+/* Same for the other "methods" */
+ENGINE *ENGINE_get_default_DSA(void);
+ENGINE *ENGINE_get_default_ECDH(void);
+ENGINE *ENGINE_get_default_ECDSA(void);
+ENGINE *ENGINE_get_default_DH(void);
+ENGINE *ENGINE_get_default_RAND(void);
+/* These functions can be used to get a functional reference to perform
+ * ciphering or digesting corresponding to "nid". */
+ENGINE *ENGINE_get_cipher_engine(int nid);
+ENGINE *ENGINE_get_digest_engine(int nid);
+
+/* This sets a new default ENGINE structure for performing RSA
+ * operations. If the result is non-zero (success) then the ENGINE
+ * structure will have had its reference count up'd so the caller
+ * should still free their own reference 'e'. */
+int ENGINE_set_default_RSA(ENGINE *e);
+int ENGINE_set_default_string(ENGINE *e, const char *list);
+/* Same for the other "methods" */
+int ENGINE_set_default_DSA(ENGINE *e);
+int ENGINE_set_default_ECDH(ENGINE *e);
+int ENGINE_set_default_ECDSA(ENGINE *e);
+int ENGINE_set_default_DH(ENGINE *e);
+int ENGINE_set_default_RAND(ENGINE *e);
+int ENGINE_set_default_ciphers(ENGINE *e);
+int ENGINE_set_default_digests(ENGINE *e);
+
+/* The combination "set" - the flags are bitwise "OR"d from the
+ * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
+ * function, this function can result in unnecessary static linkage. If your
+ * application requires only specific functionality, consider using more
+ * selective functions. */
+int ENGINE_set_default(ENGINE *e, unsigned int flags);
+
+void ENGINE_add_conf_module(void);
+
+/* Deprecated functions ... */
+/* int ENGINE_clear_defaults(void); */
+
+/**************************/
+/* DYNAMIC ENGINE SUPPORT */
+/**************************/
+
+/* Binary/behaviour compatibility levels */
+#define OSSL_DYNAMIC_VERSION		(unsigned long)0x00010200
+/* Binary versions older than this are too old for us (whether we're a loader or
+ * a loadee) */
+#define OSSL_DYNAMIC_OLDEST		(unsigned long)0x00010200
+
+/* When compiling an ENGINE entirely as an external shared library, loadable by
+ * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure
+ * type provides the calling application's (or library's) error functionality
+ * and memory management function pointers to the loaded library. These should
+ * be used/set in the loaded library code so that the loading application's
+ * 'state' will be used/changed in all operations. The 'static_state' pointer
+ * allows the loaded library to know if it shares the same static data as the
+ * calling application (or library), and thus whether these callbacks need to be
+ * set or not. */
+typedef void *(*dyn_MEM_malloc_cb)(size_t);
+typedef void *(*dyn_MEM_realloc_cb)(void *, size_t);
+typedef void (*dyn_MEM_free_cb)(void *);
+typedef struct st_dynamic_MEM_fns {
+	dyn_MEM_malloc_cb			malloc_cb;
+	dyn_MEM_realloc_cb			realloc_cb;
+	dyn_MEM_free_cb				free_cb;
+	} dynamic_MEM_fns;
+/* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use
+ * these types so we (and any other dependant code) can simplify a bit?? */
+typedef void (*dyn_lock_locking_cb)(int,int,const char *,int);
+typedef int (*dyn_lock_add_lock_cb)(int*,int,int,const char *,int);
+typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)(
+						const char *,int);
+typedef void (*dyn_dynlock_lock_cb)(int,struct CRYPTO_dynlock_value *,
+						const char *,int);
+typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *,
+						const char *,int);
+typedef struct st_dynamic_LOCK_fns {
+	dyn_lock_locking_cb			lock_locking_cb;
+	dyn_lock_add_lock_cb			lock_add_lock_cb;
+	dyn_dynlock_create_cb			dynlock_create_cb;
+	dyn_dynlock_lock_cb			dynlock_lock_cb;
+	dyn_dynlock_destroy_cb			dynlock_destroy_cb;
+	} dynamic_LOCK_fns;
+/* The top-level structure */
+typedef struct st_dynamic_fns {
+	void 					*static_state;
+	const ERR_FNS				*err_fns;
+	const CRYPTO_EX_DATA_IMPL		*ex_data_fns;
+	dynamic_MEM_fns				mem_fns;
+	dynamic_LOCK_fns			lock_fns;
+	} dynamic_fns;
+
+/* The version checking function should be of this prototype. NB: The
+ * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code.
+ * If this function returns zero, it indicates a (potential) version
+ * incompatibility and the loaded library doesn't believe it can proceed.
+ * Otherwise, the returned value is the (latest) version supported by the
+ * loading library. The loader may still decide that the loaded code's version
+ * is unsatisfactory and could veto the load. The function is expected to
+ * be implemented with the symbol name "v_check", and a default implementation
+ * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */
+typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version);
+#define IMPLEMENT_DYNAMIC_CHECK_FN() \
+	unsigned long v_check(unsigned long v) { \
+		if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
+		return 0; }
+
+/* This function is passed the ENGINE structure to initialise with its own
+ * function and command settings. It should not adjust the structural or
+ * functional reference counts. If this function returns zero, (a) the load will
+ * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the
+ * structure, and (c) the shared library will be unloaded. So implementations
+ * should do their own internal cleanup in failure circumstances otherwise they
+ * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that
+ * the loader is looking for. If this is NULL, the shared library can choose to
+ * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared
+ * library must initialise only an ENGINE matching the passed 'id'. The function
+ * is expected to be implemented with the symbol name "bind_engine". A standard
+ * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where
+ * the parameter 'fn' is a callback function that populates the ENGINE structure
+ * and returns an int value (zero for failure). 'fn' should have prototype;
+ *    [static] int fn(ENGINE *e, const char *id); */
+typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id,
+				const dynamic_fns *fns);
+#define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
+	int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
+		if(ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
+		if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \
+			fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \
+			return 0; \
+		CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \
+		CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \
+		CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \
+		CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \
+		CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \
+		if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \
+			return 0; \
+		if(!ERR_set_implementation(fns->err_fns)) return 0; \
+	skip_cbs: \
+		if(!fn(e,id)) return 0; \
+		return 1; }
+
+/* If the loading application (or library) and the loaded ENGINE library share
+ * the same static data (eg. they're both dynamically linked to the same
+ * libcrypto.so) we need a way to avoid trying to set system callbacks - this
+ * would fail, and for the same reason that it's unnecessary to try. If the
+ * loaded ENGINE has (or gets from through the loader) its own copy of the
+ * libcrypto static data, we will need to set the callbacks. The easiest way to
+ * detect this is to have a function that returns a pointer to some static data
+ * and let the loading application and loaded ENGINE compare their respective
+ * values. */
+void *ENGINE_get_static_state(void);
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_ENGINE_strings(void);
+
+/* Error codes for the ENGINE functions. */
+
+/* Function codes. */
+#define ENGINE_F_DYNAMIC_CTRL				 180
+#define ENGINE_F_DYNAMIC_GET_DATA_CTX			 181
+#define ENGINE_F_DYNAMIC_LOAD				 182
+#define ENGINE_F_ENGINE_ADD				 105
+#define ENGINE_F_ENGINE_BY_ID				 106
+#define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE		 170
+#define ENGINE_F_ENGINE_CTRL				 142
+#define ENGINE_F_ENGINE_CTRL_CMD			 178
+#define ENGINE_F_ENGINE_CTRL_CMD_STRING			 171
+#define ENGINE_F_ENGINE_FINISH				 107
+#define ENGINE_F_ENGINE_FREE				 108
+#define ENGINE_F_ENGINE_GET_CIPHER			 185
+#define ENGINE_F_ENGINE_GET_DEFAULT_TYPE		 177
+#define ENGINE_F_ENGINE_GET_DIGEST			 186
+#define ENGINE_F_ENGINE_GET_NEXT			 115
+#define ENGINE_F_ENGINE_GET_PREV			 116
+#define ENGINE_F_ENGINE_INIT				 119
+#define ENGINE_F_ENGINE_LIST_ADD			 120
+#define ENGINE_F_ENGINE_LIST_REMOVE			 121
+#define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY		 150
+#define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY			 151
+#define ENGINE_F_ENGINE_MODULE_INIT			 187
+#define ENGINE_F_ENGINE_NEW				 122
+#define ENGINE_F_ENGINE_REMOVE				 123
+#define ENGINE_F_ENGINE_SET_DEFAULT_STRING		 189
+#define ENGINE_F_ENGINE_SET_DEFAULT_TYPE		 126
+#define ENGINE_F_ENGINE_SET_ID				 129
+#define ENGINE_F_ENGINE_SET_NAME			 130
+#define ENGINE_F_ENGINE_TABLE_REGISTER			 184
+#define ENGINE_F_ENGINE_UNLOAD_KEY			 152
+#define ENGINE_F_ENGINE_UP_REF				 190
+#define ENGINE_F_INT_CTRL_HELPER			 172
+#define ENGINE_F_INT_ENGINE_CONFIGURE			 188
+#define ENGINE_F_LOG_MESSAGE				 141
+#define ENGINE_F_SET_DATA_CTX				 183
+
+/* Reason codes. */
+#define ENGINE_R_ALREADY_LOADED				 100
+#define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER		 133
+#define ENGINE_R_CMD_NOT_EXECUTABLE			 134
+#define ENGINE_R_COMMAND_TAKES_INPUT			 135
+#define ENGINE_R_COMMAND_TAKES_NO_INPUT			 136
+#define ENGINE_R_CONFLICTING_ENGINE_ID			 103
+#define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED		 119
+#define ENGINE_R_DH_NOT_IMPLEMENTED			 139
+#define ENGINE_R_DSA_NOT_IMPLEMENTED			 140
+#define ENGINE_R_DSO_FAILURE				 104
+#define ENGINE_R_DSO_NOT_FOUND				 132
+#define ENGINE_R_ENGINES_SECTION_ERROR			 148
+#define ENGINE_R_ENGINE_IS_NOT_IN_LIST			 105
+#define ENGINE_R_ENGINE_SECTION_ERROR			 149
+#define ENGINE_R_FAILED_LOADING_PRIVATE_KEY		 128
+#define ENGINE_R_FAILED_LOADING_PUBLIC_KEY		 129
+#define ENGINE_R_FINISH_FAILED				 106
+#define ENGINE_R_GET_HANDLE_FAILED			 107
+#define ENGINE_R_ID_OR_NAME_MISSING			 108
+#define ENGINE_R_INIT_FAILED				 109
+#define ENGINE_R_INTERNAL_LIST_ERROR			 110
+#define ENGINE_R_INVALID_ARGUMENT			 143
+#define ENGINE_R_INVALID_CMD_NAME			 137
+#define ENGINE_R_INVALID_CMD_NUMBER			 138
+#define ENGINE_R_INVALID_INIT_VALUE			 151
+#define ENGINE_R_INVALID_STRING				 150
+#define ENGINE_R_NOT_INITIALISED			 117
+#define ENGINE_R_NOT_LOADED				 112
+#define ENGINE_R_NO_CONTROL_FUNCTION			 120
+#define ENGINE_R_NO_INDEX				 144
+#define ENGINE_R_NO_LOAD_FUNCTION			 125
+#define ENGINE_R_NO_REFERENCE				 130
+#define ENGINE_R_NO_SUCH_ENGINE				 116
+#define ENGINE_R_NO_UNLOAD_FUNCTION			 126
+#define ENGINE_R_PROVIDE_PARAMETERS			 113
+#define ENGINE_R_RSA_NOT_IMPLEMENTED			 141
+#define ENGINE_R_UNIMPLEMENTED_CIPHER			 146
+#define ENGINE_R_UNIMPLEMENTED_DIGEST			 147
+#define ENGINE_R_VERSION_INCOMPATIBILITY		 145
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/engine/enginetest.c b/crypto/engine/enginetest.c
new file mode 100644
index 0000000000..87fa8c57b7
--- /dev/null
+++ b/crypto/engine/enginetest.c
@@ -0,0 +1,274 @@
+/* crypto/engine/enginetest.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/e_os2.h>
+#include <stdio.h>
+#include <string.h>
+#include <openssl/buffer.h>
+#include <openssl/crypto.h>
+#include <openssl/engine.h>
+#include <openssl/err.h>
+
+static void display_engine_list()
+	{
+	ENGINE *h;
+	int loop;
+
+	h = ENGINE_get_first();
+	loop = 0;
+	printf("listing available engine types\n");
+	while(h)
+		{
+		printf("engine %i, id = \"%s\", name = \"%s\"\n",
+			loop++, ENGINE_get_id(h), ENGINE_get_name(h));
+		h = ENGINE_get_next(h);
+		}
+	printf("end of list\n");
+	/* ENGINE_get_first() increases the struct_ref counter, so we 
+           must call ENGINE_free() to decrease it again */
+	ENGINE_free(h);
+	}
+
+int main(int argc, char *argv[])
+	{
+	ENGINE *block[512];
+	char buf[256];
+	const char *id, *name;
+	ENGINE *ptr;
+	int loop;
+	int to_return = 1;
+	ENGINE *new_h1 = NULL;
+	ENGINE *new_h2 = NULL;
+	ENGINE *new_h3 = NULL;
+	ENGINE *new_h4 = NULL;
+
+	/* enable memory leak checking unless explicitly disabled */
+	if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+		{
+		CRYPTO_malloc_debug_init();
+		CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+		}
+	else
+		{
+		/* OPENSSL_DEBUG_MEMORY=off */
+		CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+		}
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+	ERR_load_crypto_strings();
+
+	memset(block, 0, 512 * sizeof(ENGINE *));
+	if(((new_h1 = ENGINE_new()) == NULL) ||
+			!ENGINE_set_id(new_h1, "test_id0") ||
+			!ENGINE_set_name(new_h1, "First test item") ||
+			((new_h2 = ENGINE_new()) == NULL) ||
+			!ENGINE_set_id(new_h2, "test_id1") ||
+			!ENGINE_set_name(new_h2, "Second test item") ||
+			((new_h3 = ENGINE_new()) == NULL) ||
+			!ENGINE_set_id(new_h3, "test_id2") ||
+			!ENGINE_set_name(new_h3, "Third test item") ||
+			((new_h4 = ENGINE_new()) == NULL) ||
+			!ENGINE_set_id(new_h4, "test_id3") ||
+			!ENGINE_set_name(new_h4, "Fourth test item"))
+		{
+		printf("Couldn't set up test ENGINE structures\n");
+		goto end;
+		}
+	printf("\nenginetest beginning\n\n");
+	display_engine_list();
+	if(!ENGINE_add(new_h1))
+		{
+		printf("Add failed!\n");
+		goto end;
+		}
+	display_engine_list();
+	ptr = ENGINE_get_first();
+	if(!ENGINE_remove(ptr))
+		{
+		printf("Remove failed!\n");
+		goto end;
+		}
+	if (ptr)
+		ENGINE_free(ptr);
+	display_engine_list();
+	if(!ENGINE_add(new_h3) || !ENGINE_add(new_h2))
+		{
+		printf("Add failed!\n");
+		goto end;
+		}
+	display_engine_list();
+	if(!ENGINE_remove(new_h2))
+		{
+		printf("Remove failed!\n");
+		goto end;
+		}
+	display_engine_list();
+	if(!ENGINE_add(new_h4))
+		{
+		printf("Add failed!\n");
+		goto end;
+		}
+	display_engine_list();
+	if(ENGINE_add(new_h3))
+		{
+		printf("Add *should* have failed but didn't!\n");
+		goto end;
+		}
+	else
+		printf("Add that should fail did.\n");
+	ERR_clear_error();
+	if(ENGINE_remove(new_h2))
+		{
+		printf("Remove *should* have failed but didn't!\n");
+		goto end;
+		}
+	else
+		printf("Remove that should fail did.\n");
+	ERR_clear_error();
+	if(!ENGINE_remove(new_h3))
+		{
+		printf("Remove failed!\n");
+		goto end;
+		}
+	display_engine_list();
+	if(!ENGINE_remove(new_h4))
+		{
+		printf("Remove failed!\n");
+		goto end;
+		}
+	display_engine_list();
+	/* Depending on whether there's any hardware support compiled
+	 * in, this remove may be destined to fail. */
+	ptr = ENGINE_get_first();
+	if(ptr)
+		if(!ENGINE_remove(ptr))
+			printf("Remove failed!i - probably no hardware "
+				"support present.\n");
+	if (ptr)
+		ENGINE_free(ptr);
+	display_engine_list();
+	if(!ENGINE_add(new_h1) || !ENGINE_remove(new_h1))
+		{
+		printf("Couldn't add and remove to an empty list!\n");
+		goto end;
+		}
+	else
+		printf("Successfully added and removed to an empty list!\n");
+	printf("About to beef up the engine-type list\n");
+	for(loop = 0; loop < 512; loop++)
+		{
+		sprintf(buf, "id%i", loop);
+		id = BUF_strdup(buf);
+		sprintf(buf, "Fake engine type %i", loop);
+		name = BUF_strdup(buf);
+		if(((block[loop] = ENGINE_new()) == NULL) ||
+				!ENGINE_set_id(block[loop], id) ||
+				!ENGINE_set_name(block[loop], name))
+			{
+			printf("Couldn't create block of ENGINE structures.\n"
+				"I'll probably also core-dump now, damn.\n");
+			goto end;
+			}
+		}
+	for(loop = 0; loop < 512; loop++)
+		{
+		if(!ENGINE_add(block[loop]))
+			{
+			printf("\nAdding stopped at %i, (%s,%s)\n",
+				loop, ENGINE_get_id(block[loop]),
+				ENGINE_get_name(block[loop]));
+			goto cleanup_loop;
+			}
+		else
+			printf("."); fflush(stdout);
+		}
+cleanup_loop:
+	printf("\nAbout to empty the engine-type list\n");
+	while((ptr = ENGINE_get_first()) != NULL)
+		{
+		if(!ENGINE_remove(ptr))
+			{
+			printf("\nRemove failed!\n");
+			goto end;
+			}
+		ENGINE_free(ptr);
+		printf("."); fflush(stdout);
+		}
+	for(loop = 0; loop < 512; loop++)
+		{
+		OPENSSL_free((void *)ENGINE_get_id(block[loop]));
+		OPENSSL_free((void *)ENGINE_get_name(block[loop]));
+		}
+	printf("\nTests completed happily\n");
+	to_return = 0;
+end:
+	if(to_return)
+		ERR_print_errors_fp(stderr);
+	if(new_h1) ENGINE_free(new_h1);
+	if(new_h2) ENGINE_free(new_h2);
+	if(new_h3) ENGINE_free(new_h3);
+	if(new_h4) ENGINE_free(new_h4);
+	for(loop = 0; loop < 512; loop++)
+		if(block[loop])
+			ENGINE_free(block[loop]);
+	ENGINE_cleanup();
+	CRYPTO_cleanup_all_ex_data();
+	ERR_free_strings();
+	ERR_remove_state(0);
+	CRYPTO_mem_leaks_fp(stderr);
+	return to_return;
+	}
diff --git a/crypto/engine/tb_cipher.c b/crypto/engine/tb_cipher.c
new file mode 100644
index 0000000000..c5a50fc910
--- /dev/null
+++ b/crypto/engine/tb_cipher.c
@@ -0,0 +1,145 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_cipher_engine(), the function that
+ * is used by EVP to hook in cipher code and cache defaults (etc), will display
+ * brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_CIPHER_DEBUG */
+
+static ENGINE_TABLE *cipher_table = NULL;
+
+void ENGINE_unregister_ciphers(ENGINE *e)
+	{
+	engine_table_unregister(&cipher_table, e);
+	}
+
+static void engine_unregister_all_ciphers(void)
+	{
+	engine_table_cleanup(&cipher_table);
+	}
+
+int ENGINE_register_ciphers(ENGINE *e)
+	{
+	if(e->ciphers)
+		{
+		const int *nids;
+		int num_nids = e->ciphers(e, NULL, &nids, 0);
+		if(num_nids > 0)
+			return engine_table_register(&cipher_table,
+					&engine_unregister_all_ciphers, e, nids,
+					num_nids, 0);
+		}
+	return 1;
+	}
+
+void ENGINE_register_all_ciphers()
+	{
+	ENGINE *e;
+
+	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+		ENGINE_register_ciphers(e);
+	}
+
+int ENGINE_set_default_ciphers(ENGINE *e)
+	{
+	if(e->ciphers)
+		{
+		const int *nids;
+		int num_nids = e->ciphers(e, NULL, &nids, 0);
+		if(num_nids > 0)
+			return engine_table_register(&cipher_table,
+					&engine_unregister_all_ciphers, e, nids,
+					num_nids, 1);
+		}
+	return 1;
+	}
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given cipher 'nid' */
+ENGINE *ENGINE_get_cipher_engine(int nid)
+	{
+	return engine_table_select(&cipher_table, nid);
+	}
+
+/* Obtains a cipher implementation from an ENGINE functional reference */
+const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid)
+	{
+	const EVP_CIPHER *ret;
+	ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);
+	if(!fn || !fn(e, &ret, NULL, nid))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER,
+				ENGINE_R_UNIMPLEMENTED_CIPHER);
+		return NULL;
+		}
+	return ret;
+	}
+
+/* Gets the cipher callback from an ENGINE structure */
+ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e)
+	{
+	return e->ciphers;
+	}
+
+/* Sets the cipher callback in an ENGINE structure */
+int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f)
+	{
+	e->ciphers = f;
+	return 1;
+	}
diff --git a/crypto/engine/tb_dh.c b/crypto/engine/tb_dh.c
new file mode 100644
index 0000000000..c9347235ea
--- /dev/null
+++ b/crypto/engine/tb_dh.c
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_default_DH(), the function that is
+ * used by DH to hook in implementation code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_DH_DEBUG */
+
+static ENGINE_TABLE *dh_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_DH(ENGINE *e)
+	{
+	engine_table_unregister(&dh_table, e);
+	}
+
+static void engine_unregister_all_DH(void)
+	{
+	engine_table_cleanup(&dh_table);
+	}
+
+int ENGINE_register_DH(ENGINE *e)
+	{
+	if(e->dh_meth)
+		return engine_table_register(&dh_table,
+				&engine_unregister_all_DH, e, &dummy_nid, 1, 0);
+	return 1;
+	}
+
+void ENGINE_register_all_DH()
+	{
+	ENGINE *e;
+
+	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+		ENGINE_register_DH(e);
+	}
+
+int ENGINE_set_default_DH(ENGINE *e)
+	{
+	if(e->dh_meth)
+		return engine_table_register(&dh_table,
+				&engine_unregister_all_DH, e, &dummy_nid, 1, 1);
+	return 1;
+	}
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references). */
+ENGINE *ENGINE_get_default_DH(void)
+	{
+	return engine_table_select(&dh_table, dummy_nid);
+	}
+
+/* Obtains an DH implementation from an ENGINE functional reference */
+const DH_METHOD *ENGINE_get_DH(const ENGINE *e)
+	{
+	return e->dh_meth;
+	}
+
+/* Sets an DH implementation in an ENGINE structure */
+int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)
+	{
+	e->dh_meth = dh_meth;
+	return 1;
+	}
diff --git a/crypto/engine/tb_digest.c b/crypto/engine/tb_digest.c
new file mode 100644
index 0000000000..2c4dd6f796
--- /dev/null
+++ b/crypto/engine/tb_digest.c
@@ -0,0 +1,145 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_digest_engine(), the function that
+ * is used by EVP to hook in digest code and cache defaults (etc), will display
+ * brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_DIGEST_DEBUG */
+
+static ENGINE_TABLE *digest_table = NULL;
+
+void ENGINE_unregister_digests(ENGINE *e)
+	{
+	engine_table_unregister(&digest_table, e);
+	}
+
+static void engine_unregister_all_digests(void)
+	{
+	engine_table_cleanup(&digest_table);
+	}
+
+int ENGINE_register_digests(ENGINE *e)
+	{
+	if(e->digests)
+		{
+		const int *nids;
+		int num_nids = e->digests(e, NULL, &nids, 0);
+		if(num_nids > 0)
+			return engine_table_register(&digest_table,
+					&engine_unregister_all_digests, e, nids,
+					num_nids, 0);
+		}
+	return 1;
+	}
+
+void ENGINE_register_all_digests()
+	{
+	ENGINE *e;
+
+	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+		ENGINE_register_digests(e);
+	}
+
+int ENGINE_set_default_digests(ENGINE *e)
+	{
+	if(e->digests)
+		{
+		const int *nids;
+		int num_nids = e->digests(e, NULL, &nids, 0);
+		if(num_nids > 0)
+			return engine_table_register(&digest_table,
+					&engine_unregister_all_digests, e, nids,
+					num_nids, 1);
+		}
+	return 1;
+	}
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given digest 'nid' */
+ENGINE *ENGINE_get_digest_engine(int nid)
+	{
+	return engine_table_select(&digest_table, nid);
+	}
+
+/* Obtains a digest implementation from an ENGINE functional reference */
+const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid)
+	{
+	const EVP_MD *ret;
+	ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);
+	if(!fn || !fn(e, &ret, NULL, nid))
+		{
+		ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST,
+				ENGINE_R_UNIMPLEMENTED_DIGEST);
+		return NULL;
+		}
+	return ret;
+	}
+
+/* Gets the digest callback from an ENGINE structure */
+ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e)
+	{
+	return e->digests;
+	}
+
+/* Sets the digest callback in an ENGINE structure */
+int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f)
+	{
+	e->digests = f;
+	return 1;
+	}
diff --git a/crypto/engine/tb_dsa.c b/crypto/engine/tb_dsa.c
new file mode 100644
index 0000000000..e9209476b8
--- /dev/null
+++ b/crypto/engine/tb_dsa.c
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_default_DSA(), the function that is
+ * used by DSA to hook in implementation code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_DSA_DEBUG */
+
+static ENGINE_TABLE *dsa_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_DSA(ENGINE *e)
+	{
+	engine_table_unregister(&dsa_table, e);
+	}
+
+static void engine_unregister_all_DSA(void)
+	{
+	engine_table_cleanup(&dsa_table);
+	}
+
+int ENGINE_register_DSA(ENGINE *e)
+	{
+	if(e->dsa_meth)
+		return engine_table_register(&dsa_table,
+				&engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
+	return 1;
+	}
+
+void ENGINE_register_all_DSA()
+	{
+	ENGINE *e;
+
+	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+		ENGINE_register_DSA(e);
+	}
+
+int ENGINE_set_default_DSA(ENGINE *e)
+	{
+	if(e->dsa_meth)
+		return engine_table_register(&dsa_table,
+				&engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
+	return 1;
+	}
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references). */
+ENGINE *ENGINE_get_default_DSA(void)
+	{
+	return engine_table_select(&dsa_table, dummy_nid);
+	}
+
+/* Obtains an DSA implementation from an ENGINE functional reference */
+const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e)
+	{
+	return e->dsa_meth;
+	}
+
+/* Sets an DSA implementation in an ENGINE structure */
+int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)
+	{
+	e->dsa_meth = dsa_meth;
+	return 1;
+	}
diff --git a/crypto/engine/tb_ecdh.c b/crypto/engine/tb_ecdh.c
new file mode 100644
index 0000000000..ea82b61a18
--- /dev/null
+++ b/crypto/engine/tb_ecdh.c
@@ -0,0 +1,135 @@
+/* crypto/engine/tb_ecdh.c */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+ * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+ * to the OpenSSL project.
+ *
+ * The ECC Code is licensed pursuant to the OpenSSL open source
+ * license provided below.
+ *
+ * The ECDH engine software is originally written by Nils Gura and
+ * Douglas Stebila of Sun Microsystems Laboratories.
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_default_ECDH(), the function that is
+ * used by ECDH to hook in implementation code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_ECDH_DEBUG */
+
+static ENGINE_TABLE *ecdh_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_ECDH(ENGINE *e)
+	{
+	engine_table_unregister(&ecdh_table, e);
+	}
+
+static void engine_unregister_all_ECDH(void)
+	{
+	engine_table_cleanup(&ecdh_table);
+	}
+
+int ENGINE_register_ECDH(ENGINE *e)
+	{
+	if(e->ecdh_meth)
+		return engine_table_register(&ecdh_table,
+				&engine_unregister_all_ECDH, e, &dummy_nid, 1, 0);
+	return 1;
+	}
+
+void ENGINE_register_all_ECDH()
+	{
+	ENGINE *e;
+
+	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+		ENGINE_register_ECDH(e);
+	}
+
+int ENGINE_set_default_ECDH(ENGINE *e)
+	{
+	if(e->ecdh_meth)
+		return engine_table_register(&ecdh_table,
+				&engine_unregister_all_ECDH, e, &dummy_nid, 1, 0);
+	return 1;
+	}
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references). */
+ENGINE *ENGINE_get_default_ECDH(void)
+	{
+	return engine_table_select(&ecdh_table, dummy_nid);
+	}
+
+/* Obtains an ECDH implementation from an ENGINE functional reference */
+const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e)
+	{
+	return e->ecdh_meth;
+	}
+
+/* Sets an ECDH implementation in an ENGINE structure */
+int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth)
+	{
+	e->ecdh_meth = ecdh_meth;
+	return 1;
+	}
diff --git a/crypto/engine/tb_ecdsa.c b/crypto/engine/tb_ecdsa.c
new file mode 100644
index 0000000000..5860fcac72
--- /dev/null
+++ b/crypto/engine/tb_ecdsa.c
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2000-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_default_ECDSA(), the function that is
+ * used by ECDSA to hook in implementation code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_ECDSA_DEBUG */
+
+static ENGINE_TABLE *ecdsa_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_ECDSA(ENGINE *e)
+	{
+	engine_table_unregister(&ecdsa_table, e);
+	}
+
+static void engine_unregister_all_ECDSA(void)
+	{
+	engine_table_cleanup(&ecdsa_table);
+	}
+
+int ENGINE_register_ECDSA(ENGINE *e)
+	{
+	if(e->ecdsa_meth)
+		return engine_table_register(&ecdsa_table,
+				&engine_unregister_all_ECDSA, e, &dummy_nid, 1, 0);
+	return 1;
+	}
+
+void ENGINE_register_all_ECDSA()
+	{
+	ENGINE *e;
+
+	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+		ENGINE_register_ECDSA(e);
+	}
+
+int ENGINE_set_default_ECDSA(ENGINE *e)
+	{
+	if(e->ecdsa_meth)
+		return engine_table_register(&ecdsa_table,
+				&engine_unregister_all_ECDSA, e, &dummy_nid, 1, 0);
+	return 1;
+	}
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references). */
+ENGINE *ENGINE_get_default_ECDSA(void)
+	{
+	return engine_table_select(&ecdsa_table, dummy_nid);
+	}
+
+/* Obtains an ECDSA implementation from an ENGINE functional reference */
+const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e)
+	{
+	return e->ecdsa_meth;
+	}
+
+/* Sets an ECDSA implementation in an ENGINE structure */
+int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth)
+	{
+	e->ecdsa_meth = ecdsa_meth;
+	return 1;
+	}
diff --git a/crypto/engine/tb_rand.c b/crypto/engine/tb_rand.c
new file mode 100644
index 0000000000..0b1d031f1e
--- /dev/null
+++ b/crypto/engine/tb_rand.c
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_default_RAND(), the function that is
+ * used by RAND to hook in implementation code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_RAND_DEBUG */
+
+static ENGINE_TABLE *rand_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_RAND(ENGINE *e)
+	{
+	engine_table_unregister(&rand_table, e);
+	}
+
+static void engine_unregister_all_RAND(void)
+	{
+	engine_table_cleanup(&rand_table);
+	}
+
+int ENGINE_register_RAND(ENGINE *e)
+	{
+	if(e->rand_meth)
+		return engine_table_register(&rand_table,
+				&engine_unregister_all_RAND, e, &dummy_nid, 1, 0);
+	return 1;
+	}
+
+void ENGINE_register_all_RAND()
+	{
+	ENGINE *e;
+
+	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+		ENGINE_register_RAND(e);
+	}
+
+int ENGINE_set_default_RAND(ENGINE *e)
+	{
+	if(e->rand_meth)
+		return engine_table_register(&rand_table,
+				&engine_unregister_all_RAND, e, &dummy_nid, 1, 1);
+	return 1;
+	}
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references). */
+ENGINE *ENGINE_get_default_RAND(void)
+	{
+	return engine_table_select(&rand_table, dummy_nid);
+	}
+
+/* Obtains an RAND implementation from an ENGINE functional reference */
+const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e)
+	{
+	return e->rand_meth;
+	}
+
+/* Sets an RAND implementation in an ENGINE structure */
+int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)
+	{
+	e->rand_meth = rand_meth;
+	return 1;
+	}
diff --git a/crypto/engine/tb_rsa.c b/crypto/engine/tb_rsa.c
new file mode 100644
index 0000000000..f84fea3968
--- /dev/null
+++ b/crypto/engine/tb_rsa.c
@@ -0,0 +1,120 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "eng_int.h"
+
+/* If this symbol is defined then ENGINE_get_default_RSA(), the function that is
+ * used by RSA to hook in implementation code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'. */
+/* #define ENGINE_RSA_DEBUG */
+
+static ENGINE_TABLE *rsa_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_RSA(ENGINE *e)
+	{
+	engine_table_unregister(&rsa_table, e);
+	}
+
+static void engine_unregister_all_RSA(void)
+	{
+	engine_table_cleanup(&rsa_table);
+	}
+
+int ENGINE_register_RSA(ENGINE *e)
+	{
+	if(e->rsa_meth)
+		return engine_table_register(&rsa_table,
+				&engine_unregister_all_RSA, e, &dummy_nid, 1, 0);
+	return 1;
+	}
+
+void ENGINE_register_all_RSA()
+	{
+	ENGINE *e;
+
+	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
+		ENGINE_register_RSA(e);
+	}
+
+int ENGINE_set_default_RSA(ENGINE *e)
+	{
+	if(e->rsa_meth)
+		return engine_table_register(&rsa_table,
+				&engine_unregister_all_RSA, e, &dummy_nid, 1, 1);
+	return 1;
+	}
+
+/* Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references). */
+ENGINE *ENGINE_get_default_RSA(void)
+	{
+	return engine_table_select(&rsa_table, dummy_nid);
+	}
+
+/* Obtains an RSA implementation from an ENGINE functional reference */
+const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e)
+	{
+	return e->rsa_meth;
+	}
+
+/* Sets an RSA implementation in an ENGINE structure */
+int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)
+	{
+	e->rsa_meth = rsa_meth;
+	return 1;
+	}
diff --git a/crypto/err/.cvsignore b/crypto/err/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/err/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/err/Makefile.ssl b/crypto/err/Makefile.ssl
index 57c87eb041..b94fee3b63 100644
--- a/crypto/err/Makefile.ssl
+++ b/crypto/err/Makefile.ssl
@@ -5,11 +5,14 @@
 DIR=	err
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -37,24 +40,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -66,15 +68,53 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+err.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/buffer.h
+err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+err.o: ../../include/openssl/symhacks.h ../cryptlib.h err.c
+err_all.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+err_all.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+err_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+err_all.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+err_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+err_all.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+err_all.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+err_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+err_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+err_all.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+err_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+err_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+err_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+err_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+err_all.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+err_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem2.h
+err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+err_all.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+err_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+err_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+err_all.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+err_all.o: ../../include/openssl/x509v3.h err_all.c
+err_prn.o: ../../e_os.h ../../include/openssl/bio.h
+err_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+err_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+err_prn.o: ../cryptlib.h err_prn.c
diff --git a/crypto/err/err.c b/crypto/err/err.c
index 5cf621855a..85ff9a52dd 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -55,38 +55,74 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
-#include "lhash.h"
-#include "crypto.h"
+#include <stdarg.h>
+#include <string.h>
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "err.h"
-#include "crypto.h"
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
 
+static void err_load_strings(int lib, ERR_STRING_DATA *str);
 
-static LHASH *error_hash=NULL;
-static LHASH *thread_hash=NULL;
-
-#ifndef NOPROTO
-static unsigned long err_hash(ERR_STRING_DATA *a);
-static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b);
-static unsigned long pid_hash(ERR_STATE *pid);
-static int pid_cmp(ERR_STATE *a,ERR_STATE *pid);
-static unsigned long get_error_values(int inc,char **file,int *line,
-	char **data,int *flags);
 static void ERR_STATE_free(ERR_STATE *s);
-#else
-static unsigned long err_hash();
-static int err_cmp();
-static unsigned long pid_hash();
-static int pid_cmp();
-static unsigned long get_error_values();
-static void ERR_STATE_free();
-ERR_STATE *s;
-#endif
-
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA ERR_str_libraries[]=
 	{
 {ERR_PACK(ERR_LIB_NONE,0,0)		,"unknown library"},
@@ -96,18 +132,23 @@ static ERR_STRING_DATA ERR_str_libraries[]=
 {ERR_PACK(ERR_LIB_DH,0,0)		,"Diffie-Hellman routines"},
 {ERR_PACK(ERR_LIB_EVP,0,0)		,"digital envelope routines"},
 {ERR_PACK(ERR_LIB_BUF,0,0)		,"memory buffer routines"},
-{ERR_PACK(ERR_LIB_BIO,0,0)		,"BIO routines"},
 {ERR_PACK(ERR_LIB_OBJ,0,0)		,"object identifier routines"},
 {ERR_PACK(ERR_LIB_PEM,0,0)		,"PEM routines"},
-{ERR_PACK(ERR_LIB_ASN1,0,0)		,"asn1 encoding routines"},
+{ERR_PACK(ERR_LIB_DSA,0,0)		,"dsa routines"},
 {ERR_PACK(ERR_LIB_X509,0,0)		,"x509 certificate routines"},
-{ERR_PACK(ERR_LIB_CONF,0,0)		,"configuation file routines"},
-{ERR_PACK(ERR_LIB_METH,0,0)		,"X509 lookup 'method' routines"},
+{ERR_PACK(ERR_LIB_ASN1,0,0)		,"asn1 encoding routines"},
+{ERR_PACK(ERR_LIB_CONF,0,0)		,"configuration file routines"},
+{ERR_PACK(ERR_LIB_CRYPTO,0,0)		,"common libcrypto routines"},
+{ERR_PACK(ERR_LIB_EC,0,0)		,"elliptic curve routines"},
 {ERR_PACK(ERR_LIB_SSL,0,0)		,"SSL routines"},
-{ERR_PACK(ERR_LIB_RSAREF,0,0)		,"RSAref routines"},
-{ERR_PACK(ERR_LIB_PROXY,0,0)		,"Proxy routines"},
 {ERR_PACK(ERR_LIB_BIO,0,0)		,"BIO routines"},
 {ERR_PACK(ERR_LIB_PKCS7,0,0)		,"PKCS7 routines"},
+{ERR_PACK(ERR_LIB_X509V3,0,0)		,"X509 V3 routines"},
+{ERR_PACK(ERR_LIB_PKCS12,0,0)		,"PKCS12 routines"},
+{ERR_PACK(ERR_LIB_RAND,0,0)		,"random number generator"},
+{ERR_PACK(ERR_LIB_DSO,0,0)		,"DSO support routines"},
+{ERR_PACK(ERR_LIB_ENGINE,0,0)		,"engine routines"},
+{ERR_PACK(ERR_LIB_OCSP,0,0)		,"OCSP routines"},
 {0,NULL},
 	};
 
@@ -121,35 +162,40 @@ static ERR_STRING_DATA ERR_str_functs[]=
 	{ERR_PACK(0,SYS_F_BIND,0),		"bind"},
 	{ERR_PACK(0,SYS_F_LISTEN,0),		"listen"},
 	{ERR_PACK(0,SYS_F_ACCEPT,0),		"accept"},
-#ifdef WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
 	{ERR_PACK(0,SYS_F_WSASTARTUP,0),	"WSAstartup"},
 #endif
+	{ERR_PACK(0,SYS_F_OPENDIR,0),		"opendir"},
+	{ERR_PACK(0,SYS_F_FREAD,0),		"fread"},
 	{0,NULL},
 	};
 
 static ERR_STRING_DATA ERR_str_reasons[]=
 	{
-{ERR_R_FATAL                             ,"fatal"},
 {ERR_R_SYS_LIB				,"system lib"},
 {ERR_R_BN_LIB				,"BN lib"},
 {ERR_R_RSA_LIB				,"RSA lib"},
 {ERR_R_DH_LIB				,"DH lib"},
 {ERR_R_EVP_LIB				,"EVP lib"},
 {ERR_R_BUF_LIB				,"BUF lib"},
-{ERR_R_BIO_LIB				,"BIO lib"},
 {ERR_R_OBJ_LIB				,"OBJ lib"},
 {ERR_R_PEM_LIB				,"PEM lib"},
+{ERR_R_DSA_LIB				,"DSA lib"},
 {ERR_R_X509_LIB				,"X509 lib"},
-{ERR_R_METH_LIB				,"METH lib"},
 {ERR_R_ASN1_LIB				,"ASN1 lib"},
 {ERR_R_CONF_LIB				,"CONF lib"},
+{ERR_R_CRYPTO_LIB			,"CRYPTO lib"},
+{ERR_R_EC_LIB				,"EC lib"},
 {ERR_R_SSL_LIB				,"SSL lib"},
-{ERR_R_PROXY_LIB			,"PROXY lib"},
 {ERR_R_BIO_LIB				,"BIO lib"},
 {ERR_R_PKCS7_LIB			,"PKCS7 lib"},
-{ERR_R_MALLOC_FAILURE			,"Malloc failure"},
-{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED	,"called a fuction you should not call"},
-{ERR_R_PASSED_NULL_PARAMETER		,"passed a null parameter"},
+{ERR_R_X509V3_LIB			,"X509V3 lib"},
+{ERR_R_PKCS12_LIB			,"PKCS12 lib"},
+{ERR_R_RAND_LIB				,"RAND lib"},
+{ERR_R_DSO_LIB				,"DSO lib"},
+{ERR_R_ENGINE_LIB			,"ENGINE lib"},
+{ERR_R_OCSP_LIB				,"OCSP lib"},
+
 {ERR_R_NESTED_ASN1_ERROR		,"nested asn1 error"},
 {ERR_R_BAD_ASN1_OBJECT_HEADER		,"bad asn1 object header"},
 {ERR_R_BAD_GET_ASN1_OBJECT_CALL		,"bad get asn1 object call"},
@@ -157,104 +203,441 @@ static ERR_STRING_DATA ERR_str_reasons[]=
 {ERR_R_ASN1_LENGTH_MISMATCH		,"asn1 length mismatch"},
 {ERR_R_MISSING_ASN1_EOS			,"missing asn1 eos"},
 
+{ERR_R_FATAL                            ,"fatal"},
+{ERR_R_MALLOC_FAILURE			,"malloc failure"},
+{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED	,"called a function you should not call"},
+{ERR_R_PASSED_NULL_PARAMETER		,"passed a null parameter"},
+{ERR_R_INTERNAL_ERROR			,"internal error"},
+{ERR_R_DISABLED				,"called a function that was disabled at compile-time"},
+
 {0,NULL},
 	};
+
+
+/* Define the predeclared (but externally opaque) "ERR_FNS" type */
+struct st_ERR_FNS
+	{
+	/* Works on the "error_hash" string table */
+	LHASH *(*cb_err_get)(int create);
+	void (*cb_err_del)(void);
+	ERR_STRING_DATA *(*cb_err_get_item)(const ERR_STRING_DATA *);
+	ERR_STRING_DATA *(*cb_err_set_item)(ERR_STRING_DATA *);
+	ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *);
+	/* Works on the "thread_hash" error-state table */
+	LHASH *(*cb_thread_get)(int create);
+	ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *);
+	ERR_STATE *(*cb_thread_set_item)(ERR_STATE *);
+	void (*cb_thread_del_item)(const ERR_STATE *);
+	/* Returns the next available error "library" numbers */
+	int (*cb_get_next_lib)(void);
+	};
+
+/* Predeclarations of the "err_defaults" functions */
+static LHASH *int_err_get(int create);
+static void int_err_del(void);
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
+static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *);
+static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *);
+static LHASH *int_thread_get(int create);
+static ERR_STATE *int_thread_get_item(const ERR_STATE *);
+static ERR_STATE *int_thread_set_item(ERR_STATE *);
+static void int_thread_del_item(const ERR_STATE *);
+static int int_err_get_next_lib(void);
+/* The static ERR_FNS table using these defaults functions */
+static const ERR_FNS err_defaults =
+	{
+	int_err_get,
+	int_err_del,
+	int_err_get_item,
+	int_err_set_item,
+	int_err_del_item,
+	int_thread_get,
+	int_thread_get_item,
+	int_thread_set_item,
+	int_thread_del_item,
+	int_err_get_next_lib
+	};
+
+/* The replacable table of ERR_FNS functions we use at run-time */
+static const ERR_FNS *err_fns = NULL;
+
+/* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */
+#define ERRFN(a) err_fns->cb_##a
+
+/* The internal state used by "err_defaults" - as such, the setting, reading,
+ * creating, and deleting of this data should only be permitted via the
+ * "err_defaults" functions. This way, a linked module can completely defer all
+ * ERR state operation (together with requisite locking) to the implementations
+ * and state in the loading application. */
+static LHASH *int_error_hash = NULL;
+static LHASH *int_thread_hash = NULL;
+static int int_err_library_number= ERR_LIB_USER;
+
+/* Internal function that checks whether "err_fns" is set and if not, sets it to
+ * the defaults. */
+static void err_fns_check(void)
+	{
+	if (err_fns) return;
+	
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	if (!err_fns)
+		err_fns = &err_defaults;
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+	}
+
+/* API functions to get or set the underlying ERR functions. */
+
+const ERR_FNS *ERR_get_implementation(void)
+	{
+	err_fns_check();
+	return err_fns;
+	}
+
+int ERR_set_implementation(const ERR_FNS *fns)
+	{
+	int ret = 0;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	/* It's too late if 'err_fns' is non-NULL. BTW: not much point setting
+	 * an error is there?! */
+	if (!err_fns)
+		{
+		err_fns = fns;
+		ret = 1;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+	return ret;
+	}
+
+/* These are the callbacks provided to "lh_new()" when creating the LHASH tables
+ * internal to the "err_defaults" implementation. */
+
+/* static unsigned long err_hash(ERR_STRING_DATA *a); */
+static unsigned long err_hash(const void *a_void);
+/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b); */
+static int err_cmp(const void *a_void, const void *b_void);
+/* static unsigned long pid_hash(ERR_STATE *pid); */
+static unsigned long pid_hash(const void *pid_void);
+/* static int pid_cmp(ERR_STATE *a,ERR_STATE *pid); */
+static int pid_cmp(const void *a_void,const void *pid_void);
+static unsigned long get_error_values(int inc,int top,const char **file,int *line,
+				      const char **data,int *flags);
+
+/* The internal functions used in the "err_defaults" implementation */
+
+static LHASH *int_err_get(int create)
+	{
+	LHASH *ret = NULL;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	if (!int_error_hash && create)
+		{
+		CRYPTO_push_info("int_err_get (err.c)");
+		int_error_hash = lh_new(err_hash, err_cmp);
+		CRYPTO_pop_info();
+		}
+	if (int_error_hash)
+		ret = int_error_hash;
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+	return ret;
+	}
+
+static void int_err_del(void)
+	{
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	if (int_error_hash)
+		{
+		lh_free(int_error_hash);
+		int_error_hash = NULL;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+	}
+
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
+	{
+	ERR_STRING_DATA *p;
+	LHASH *hash;
+
+	err_fns_check();
+	hash = ERRFN(err_get)(0);
+	if (!hash)
+		return NULL;
+
+	CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+	p = (ERR_STRING_DATA *)lh_retrieve(hash, d);
+	CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+
+	return p;
+	}
+
+static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d)
+	{
+	ERR_STRING_DATA *p;
+	LHASH *hash;
+
+	err_fns_check();
+	hash = ERRFN(err_get)(1);
+	if (!hash)
+		return NULL;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	p = (ERR_STRING_DATA *)lh_insert(hash, d);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+	return p;
+	}
+
+static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d)
+	{
+	ERR_STRING_DATA *p;
+	LHASH *hash;
+
+	err_fns_check();
+	hash = ERRFN(err_get)(0);
+	if (!hash)
+		return NULL;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	p = (ERR_STRING_DATA *)lh_delete(hash, d);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+	return p;
+	}
+
+static LHASH *int_thread_get(int create)
+	{
+	LHASH *ret = NULL;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	if (!int_thread_hash && create)
+		{
+		CRYPTO_push_info("int_thread_get (err.c)");
+		int_thread_hash = lh_new(pid_hash, pid_cmp);
+		CRYPTO_pop_info();
+		}
+	if (int_thread_hash)
+		ret = int_thread_hash;
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+	return ret;
+	}
+
+static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
+	{
+	ERR_STATE *p;
+	LHASH *hash;
+
+	err_fns_check();
+	hash = ERRFN(thread_get)(0);
+	if (!hash)
+		return NULL;
+
+	CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+	p = (ERR_STATE *)lh_retrieve(hash, d);
+	CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+
+	return p;
+	}
+
+static ERR_STATE *int_thread_set_item(ERR_STATE *d)
+	{
+	ERR_STATE *p;
+	LHASH *hash;
+
+	err_fns_check();
+	hash = ERRFN(thread_get)(1);
+	if (!hash)
+		return NULL;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	p = (ERR_STATE *)lh_insert(hash, d);
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+	return p;
+	}
+
+static void int_thread_del_item(const ERR_STATE *d)
+	{
+	ERR_STATE *p;
+	LHASH *hash;
+
+	err_fns_check();
+	hash = ERRFN(thread_get)(0);
+	if (!hash)
+		return;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	p = (ERR_STATE *)lh_delete(hash, d);
+	/* make sure we don't leak memory */
+	if (int_thread_hash && (lh_num_items(int_thread_hash) == 0))
+		{
+		lh_free(int_thread_hash);
+		int_thread_hash = NULL;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+	if (p)
+		ERR_STATE_free(p);
+	}
+
+static int int_err_get_next_lib(void)
+	{
+	int ret;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	ret = int_err_library_number++;
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+	return ret;
+	}
+
+
+#define NUM_SYS_STR_REASONS 127
+#define LEN_SYS_STR_REASON 32
+
+static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
+/* SYS_str_reasons is filled with copies of strerror() results at
+ * initialization.
+ * 'errno' values up to 127 should cover all usual errors,
+ * others will be displayed numerically by ERR_error_string.
+ * It is crucial that we have something for each reason code
+ * that occurs in ERR_str_reasons, or bogus reason strings
+ * will be returned for SYSerr(), which always gets an errno
+ * value and never one of those 'standard' reason codes. */
+
+static void build_SYS_str_reasons()
+	{
+	/* OPENSSL_malloc cannot be used here, use static storage instead */
+	static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
+	int i;
+	static int init = 1;
+
+	if (!init) return;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+
+	for (i = 1; i <= NUM_SYS_STR_REASONS; i++)
+		{
+		ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
+
+		str->error = (unsigned long)i;
+		if (str->string == NULL)
+			{
+			char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
+			char *src = strerror(i);
+			if (src != NULL)
+				{
+				strncpy(*dest, src, sizeof *dest);
+				(*dest)[sizeof *dest - 1] = '\0';
+				str->string = *dest;
+				}
+			}
+		if (str->string == NULL)
+			str->string = "unknown";
+		}
+
+	/* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL},
+	 * as required by ERR_load_strings. */
+
+	init = 0;
+	
+	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+	}
 #endif
 
 #define err_clear_data(p,i) \
 	if (((p)->err_data[i] != NULL) && \
 		(p)->err_data_flags[i] & ERR_TXT_MALLOCED) \
 		{  \
-		Free((p)->err_data[i]); \
+		OPENSSL_free((p)->err_data[i]); \
 		(p)->err_data[i]=NULL; \
 		} \
 	(p)->err_data_flags[i]=0;
 
-static void ERR_STATE_free(s)
-ERR_STATE *s;
+static void ERR_STATE_free(ERR_STATE *s)
 	{
 	int i;
 
+	if (s == NULL)
+	    return;
+
 	for (i=0; i<ERR_NUM_ERRORS; i++)
 		{
 		err_clear_data(s,i);
 		}
-	Free(s);
+	OPENSSL_free(s);
 	}
 
-void ERR_load_ERR_strings()
+void ERR_load_ERR_strings(void)
 	{
-	static int init=1;
-
-	if (init)
-		{
-		CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-		if (init == 0)
-			{
-			CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-			return;
-			}
-		init=0;
-		CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-#ifndef NO_ERR
-		ERR_load_strings(0,ERR_str_libraries);
-		ERR_load_strings(0,ERR_str_reasons);
-		ERR_load_strings(ERR_LIB_SYS,ERR_str_functs);
+	err_fns_check();
+#ifndef OPENSSL_NO_ERR
+	err_load_strings(0,ERR_str_libraries);
+	err_load_strings(0,ERR_str_reasons);
+	err_load_strings(ERR_LIB_SYS,ERR_str_functs);
+	build_SYS_str_reasons();
+	err_load_strings(ERR_LIB_SYS,SYS_str_reasons);
 #endif
-		}
 	}
 
-void ERR_load_strings(lib,str)
-int lib;
-ERR_STRING_DATA *str;
+static void err_load_strings(int lib, ERR_STRING_DATA *str)
 	{
-	if (error_hash == NULL)
-		{
-		CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
-		error_hash=lh_new(err_hash,err_cmp);
-		if (error_hash == NULL)
-			{
-			CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
-			return;
-			}
-		CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
-
-		ERR_load_ERR_strings();
-		}
-
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH);
 	while (str->error)
 		{
 		str->error|=ERR_PACK(lib,0,0);
-		lh_insert(error_hash,(char *)str);
+		ERRFN(err_set_item)(str);
 		str++;
 		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH);
 	}
 
-void ERR_free_strings()
+void ERR_load_strings(int lib, ERR_STRING_DATA *str)
 	{
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+	ERR_load_ERR_strings();
+	err_load_strings(lib, str);
+	}
 
-	if (error_hash != NULL)
+void ERR_unload_strings(int lib, ERR_STRING_DATA *str)
+	{
+	while (str->error)
 		{
-		lh_free(error_hash);
-		error_hash=NULL;
+		str->error|=ERR_PACK(lib,0,0);
+		ERRFN(err_del_item)(str);
+		str++;
 		}
+	}
 
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+void ERR_free_strings(void)
+	{
+	err_fns_check();
+	ERRFN(err_del)();
 	}
 
 /********************************************************/
 
-void ERR_put_error(lib,func,reason,file,line)
-int lib,func,reason;
-char *file;
-int line;
+void ERR_put_error(int lib, int func, int reason, const char *file,
+	     int line)
 	{
 	ERR_STATE *es;
 
+#ifdef _OSD_POSIX
+	/* In the BS2000-OSD POSIX subsystem, the compiler generates
+	 * path names in the form "*POSIX(/etc/passwd)".
+	 * This dirty hack strips them to something sensible.
+	 * @@@ We shouldn't modify a const string, though.
+	 */
+	if (strncmp(file,"*POSIX(", sizeof("*POSIX(")-1) == 0) {
+		char *end;
+
+		/* Skip the "*POSIX(" prefix */
+		file += sizeof("*POSIX(")-1;
+		end = &file[strlen(file)-1];
+		if (*end == ')')
+			*end = '\0';
+		/* Optional: use the basename of the path only. */
+		if ((end = strrchr(file, '/')) != NULL)
+			file = &end[1];
+	}
+#endif
 	es=ERR_get_state();
 
 	es->top=(es->top+1)%ERR_NUM_ERRORS;
@@ -266,62 +649,60 @@ int line;
 	err_clear_data(es,es->top);
 	}
 
-void ERR_clear_error()
+void ERR_clear_error(void)
 	{
+	int i;
 	ERR_STATE *es;
 
 	es=ERR_get_state();
 
-#if 0
-	/* hmm... is this needed */
 	for (i=0; i<ERR_NUM_ERRORS; i++)
 		{
 		es->err_buffer[i]=0;
+		err_clear_data(es,i);
 		es->err_file[i]=NULL;
 		es->err_line[i]= -1;
-		err_clear_data(es,i);
 		}
-#endif
 	es->top=es->bottom=0;
 	}
 
 
-unsigned long ERR_get_error()
-	{ return(get_error_values(1,NULL,NULL,NULL,NULL)); }
+unsigned long ERR_get_error(void)
+	{ return(get_error_values(1,0,NULL,NULL,NULL,NULL)); }
+
+unsigned long ERR_get_error_line(const char **file,
+	     int *line)
+	{ return(get_error_values(1,0,file,line,NULL,NULL)); }
+
+unsigned long ERR_get_error_line_data(const char **file, int *line,
+	     const char **data, int *flags)
+	{ return(get_error_values(1,0,file,line,data,flags)); }
 
-unsigned long ERR_get_error_line(file,line)
-char **file;
-int *line;
-	{ return(get_error_values(1,file,line,NULL,NULL)); }
 
-unsigned long ERR_get_error_line_data(file,line,data,flags)
-char **file;
-int *line;
-char **data;
-int *flags;
-	{ return(get_error_values(1,file,line,data,flags)); }
+unsigned long ERR_peek_error(void)
+	{ return(get_error_values(0,0,NULL,NULL,NULL,NULL)); }
 
-unsigned long ERR_peek_error()
-	{ return(get_error_values(0,NULL,NULL,NULL,NULL)); }
+unsigned long ERR_peek_error_line(const char **file, int *line)
+	{ return(get_error_values(0,0,file,line,NULL,NULL)); }
 
-unsigned long ERR_peek_error_line(file,line)
-char **file;
-int *line;
-	{ return(get_error_values(0,file,line,NULL,NULL)); }
+unsigned long ERR_peek_error_line_data(const char **file, int *line,
+	     const char **data, int *flags)
+	{ return(get_error_values(0,0,file,line,data,flags)); }
 
-unsigned long ERR_peek_error_line_data(file,line,data,flags)
-char **file;
-int *line;
-char **data;
-int *flags;
-	{ return(get_error_values(0,file,line,data,flags)); }
 
-static unsigned long get_error_values(inc,file,line,data,flags)
-int inc;
-char **file;
-int *line;
-char **data;
-int *flags;
+unsigned long ERR_peek_last_error(void)
+	{ return(get_error_values(0,1,NULL,NULL,NULL,NULL)); }
+
+unsigned long ERR_peek_last_error_line(const char **file, int *line)
+	{ return(get_error_values(0,1,file,line,NULL,NULL)); }
+
+unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+	     const char **data, int *flags)
+	{ return(get_error_values(0,1,file,line,data,flags)); }
+
+
+static unsigned long get_error_values(int inc, int top, const char **file, int *line,
+	     const char **data, int *flags)
 	{	
 	int i=0;
 	ERR_STATE *es;
@@ -329,8 +710,21 @@ int *flags;
 
 	es=ERR_get_state();
 
-	if (es->bottom == es->top) return(0);
-	i=(es->bottom+1)%ERR_NUM_ERRORS;
+	if (inc && top)
+		{
+		if (file) *file = "";
+		if (line) *line = 0;
+		if (data) *data = "";
+		if (flags) *flags = 0;
+			
+		return ERR_R_INTERNAL_ERROR;
+		}
+
+	if (es->bottom == es->top) return 0;
+	if (top)
+		i=es->top;			 /* last error */
+	else
+		i=(es->bottom+1)%ERR_NUM_ERRORS; /* first error */
 
 	ret=es->err_buffer[i];
 	if (inc)
@@ -353,7 +747,14 @@ int *flags;
 			}
 		}
 
-	if (data != NULL)
+	if (data == NULL)
+		{
+		if (inc)
+			{
+			err_clear_data(es, i);
+			}
+		}
+	else
 		{
 		if (es->err_data[i] == NULL)
 			{
@@ -366,18 +767,14 @@ int *flags;
 			if (flags != NULL) *flags=es->err_data_flags[i];
 			}
 		}
-	return(ret);
+	return ret;
 	}
 
-/* BAD for multi-threaded, uses a local buffer if ret == NULL */
-char *ERR_error_string(e,ret)
-unsigned long e;
-char *ret;
+void ERR_error_string_n(unsigned long e, char *buf, size_t len)
 	{
-	static char buf[256];
-	char *ls,*fs,*rs;
+	char lsbuf[64], fsbuf[64], rsbuf[64];
+	const char *ls,*fs,*rs;
 	unsigned long l,f,r;
-	int i;
 
 	l=ERR_GET_LIB(e);
 	f=ERR_GET_FUNC(e);
@@ -387,187 +784,168 @@ char *ret;
 	fs=ERR_func_error_string(e);
 	rs=ERR_reason_error_string(e);
 
-	if (ret == NULL) ret=buf;
-
-	sprintf(&(ret[0]),"error:%08lX:",e);
-	i=strlen(ret);
-	if (ls == NULL)
-		sprintf(&(ret[i]),":lib(%lu) ",l);
-	else	sprintf(&(ret[i]),"%s",ls);
-	i=strlen(ret);
+	if (ls == NULL) 
+		BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);
 	if (fs == NULL)
-		sprintf(&(ret[i]),":func(%lu) ",f);
-	else	sprintf(&(ret[i]),":%s",fs);
-	i=strlen(ret);
+		BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);
 	if (rs == NULL)
-		sprintf(&(ret[i]),":reason(%lu)",r);
-	else	sprintf(&(ret[i]),":%s",rs);
+		BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);
+
+	BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf, 
+		fs?fs:fsbuf, rs?rs:rsbuf);
+	if (strlen(buf) == len-1)
+		{
+		/* output may be truncated; make sure we always have 5 
+		 * colon-separated fields, i.e. 4 colons ... */
+#define NUM_COLONS 4
+		if (len > NUM_COLONS) /* ... if possible */
+			{
+			int i;
+			char *s = buf;
+			
+			for (i = 0; i < NUM_COLONS; i++)
+				{
+				char *colon = strchr(s, ':');
+				if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i)
+					{
+					/* set colon no. i at last possible position
+					 * (buf[len-1] is the terminating 0)*/
+					colon = &buf[len-1] - NUM_COLONS + i;
+					*colon = ':';
+					}
+				s = colon + 1;
+				}
+			}
+		}
+	}
+
+/* BAD for multi-threading: uses a local buffer if ret == NULL */
+/* ERR_error_string_n should be used instead for ret != NULL
+ * as ERR_error_string cannot know how large the buffer is */
+char *ERR_error_string(unsigned long e, char *ret)
+	{
+	static char buf[256];
+
+	if (ret == NULL) ret=buf;
+	ERR_error_string_n(e, ret, 256);
 
-	return(ret);
+	return ret;
 	}
 
-LHASH *ERR_get_string_table()
+LHASH *ERR_get_string_table(void)
 	{
-	return(error_hash);
+	err_fns_check();
+	return ERRFN(err_get)(0);
 	}
 
-LHASH *ERR_get_err_state_table()
+LHASH *ERR_get_err_state_table(void)
 	{
-	return(thread_hash);
+	err_fns_check();
+	return ERRFN(thread_get)(0);
 	}
 
-char *ERR_lib_error_string(e)
-unsigned long e;
+const char *ERR_lib_error_string(unsigned long e)
 	{
-	ERR_STRING_DATA d,*p=NULL;
+	ERR_STRING_DATA d,*p;
 	unsigned long l;
 
+	err_fns_check();
 	l=ERR_GET_LIB(e);
-
-	CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
-
-	if (error_hash != NULL)
-		{
-		d.error=ERR_PACK(l,0,0);
-		p=(ERR_STRING_DATA *)lh_retrieve(error_hash,(char *)&d);
-		}
-
-	CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
-
+	d.error=ERR_PACK(l,0,0);
+	p=ERRFN(err_get_item)(&d);
 	return((p == NULL)?NULL:p->string);
 	}
 
-char *ERR_func_error_string(e)
-unsigned long e;
+const char *ERR_func_error_string(unsigned long e)
 	{
-	ERR_STRING_DATA d,*p=NULL;
+	ERR_STRING_DATA d,*p;
 	unsigned long l,f;
 
+	err_fns_check();
 	l=ERR_GET_LIB(e);
 	f=ERR_GET_FUNC(e);
-
-	CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
-
-	if (error_hash != NULL)
-		{
-		d.error=ERR_PACK(l,f,0);
-		p=(ERR_STRING_DATA *)lh_retrieve(error_hash,(char *)&d);
-		}
-
-	CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
-
+	d.error=ERR_PACK(l,f,0);
+	p=ERRFN(err_get_item)(&d);
 	return((p == NULL)?NULL:p->string);
 	}
 
-char *ERR_reason_error_string(e)
-unsigned long e;
+const char *ERR_reason_error_string(unsigned long e)
 	{
 	ERR_STRING_DATA d,*p=NULL;
 	unsigned long l,r;
 
+	err_fns_check();
 	l=ERR_GET_LIB(e);
 	r=ERR_GET_REASON(e);
-
-	CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH);
-
-	if (error_hash != NULL)
+	d.error=ERR_PACK(l,0,r);
+	p=ERRFN(err_get_item)(&d);
+	if (!p)
 		{
-		d.error=ERR_PACK(l,0,r);
-		p=(ERR_STRING_DATA *)lh_retrieve(error_hash,(char *)&d);
-		if (p == NULL)
-			{
-			d.error=ERR_PACK(0,0,r);
-			p=(ERR_STRING_DATA *)lh_retrieve(error_hash,
-				(char *)&d);
-			}
+		d.error=ERR_PACK(0,0,r);
+		p=ERRFN(err_get_item)(&d);
 		}
-
-	CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH);
-
 	return((p == NULL)?NULL:p->string);
 	}
 
-static unsigned long err_hash(a)
-ERR_STRING_DATA *a;
+/* static unsigned long err_hash(ERR_STRING_DATA *a) */
+static unsigned long err_hash(const void *a_void)
 	{
 	unsigned long ret,l;
 
-	l=a->error;
+	l=((ERR_STRING_DATA *)a_void)->error;
 	ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l);
 	return(ret^ret%19*13);
 	}
 
-static int err_cmp(a,b)
-ERR_STRING_DATA *a,*b;
+/* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) */
+static int err_cmp(const void *a_void, const void *b_void)
 	{
-	return((int)(a->error-b->error));
+	return((int)(((ERR_STRING_DATA *)a_void)->error -
+			((ERR_STRING_DATA *)b_void)->error));
 	}
 
-static unsigned long pid_hash(a)
-ERR_STATE *a;
+/* static unsigned long pid_hash(ERR_STATE *a) */
+static unsigned long pid_hash(const void *a_void)
 	{
-	return(a->pid*13);
+	return(((ERR_STATE *)a_void)->pid*13);
 	}
 
-static int pid_cmp(a,b)
-ERR_STATE *a,*b;
+/* static int pid_cmp(ERR_STATE *a, ERR_STATE *b) */
+static int pid_cmp(const void *a_void, const void *b_void)
 	{
-	return((int)((long)a->pid - (long)b->pid));
+	return((int)((long)((ERR_STATE *)a_void)->pid -
+			(long)((ERR_STATE *)b_void)->pid));
 	}
 
-void ERR_remove_state(pid)
-unsigned long pid;
+void ERR_remove_state(unsigned long pid)
 	{
-	ERR_STATE *p,tmp;
+	ERR_STATE tmp;
 
-	if (thread_hash == NULL)
-		return;
+	err_fns_check();
 	if (pid == 0)
 		pid=(unsigned long)CRYPTO_thread_id();
 	tmp.pid=pid;
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	p=(ERR_STATE *)lh_delete(thread_hash,(char *)&tmp);
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-	if (p != NULL) ERR_STATE_free(p);
+	/* thread_del_item automatically destroys the LHASH if the number of
+	 * items reaches zero. */
+	ERRFN(thread_del_item)(&tmp);
 	}
 
-ERR_STATE *ERR_get_state()
+ERR_STATE *ERR_get_state(void)
 	{
 	static ERR_STATE fallback;
-	ERR_STATE *ret=NULL,tmp,*tmpp;
+	ERR_STATE *ret,tmp,*tmpp=NULL;
 	int i;
 	unsigned long pid;
 
+	err_fns_check();
 	pid=(unsigned long)CRYPTO_thread_id();
-
-	CRYPTO_r_lock(CRYPTO_LOCK_ERR);
-	if (thread_hash == NULL)
-		{
-		CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
-		CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-		if (thread_hash == NULL)
-			{
-			MemCheck_off();
-			thread_hash=lh_new(pid_hash,pid_cmp);
-			MemCheck_on();
-			CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-			if (thread_hash == NULL) return(&fallback);
-			}
-		else
-			CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-		}
-	else
-		{
-		tmp.pid=pid;
-		ret=(ERR_STATE *)lh_retrieve(thread_hash,(char *)&tmp);
-		CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
-		}
+	tmp.pid=pid;
+	ret=ERRFN(thread_get_item)(&tmp);
 
 	/* ret == the error state, if NULL, make a new one */
 	if (ret == NULL)
 		{
-		ret=(ERR_STATE *)Malloc(sizeof(ERR_STATE));
+		ret=(ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE));
 		if (ret == NULL) return(&fallback);
 		ret->pid=pid;
 		ret->top=0;
@@ -577,27 +955,28 @@ ERR_STATE *ERR_get_state()
 			ret->err_data[i]=NULL;
 			ret->err_data_flags[i]=0;
 			}
-		CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-		tmpp=(ERR_STATE *)lh_insert(thread_hash,(char *)ret);
-		CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-		if (tmpp != NULL) /* old entry - should not happen */
+		tmpp = ERRFN(thread_set_item)(ret);
+		/* To check if insertion failed, do a get. */
+		if (ERRFN(thread_get_item)(ret) != ret)
 			{
-			ERR_STATE_free(tmpp);
+			ERR_STATE_free(ret); /* could not insert it */
+			return(&fallback);
 			}
+		/* If a race occured in this function and we came second, tmpp
+		 * is the first one that we just replaced. */
+		if (tmpp)
+			ERR_STATE_free(tmpp);
 		}
-	return(ret);
+	return ret;
 	}
 
-int ERR_get_next_error_library()
+int ERR_get_next_error_library(void)
 	{
-	static int value=ERR_LIB_USER;
-
-	return(value++);
+	err_fns_check();
+	return ERRFN(get_next_lib)();
 	}
 
-void ERR_set_error_data(data,flags)
-char *data;
-int flags;
+void ERR_set_error_data(char *data, int flags)
 	{
 	ERR_STATE *es;
 	int i;
@@ -608,27 +987,27 @@ int flags;
 	if (i == 0)
 		i=ERR_NUM_ERRORS-1;
 
+	err_clear_data(es,i);
 	es->err_data[i]=data;
-	es->err_data_flags[es->top]=flags;
+	es->err_data_flags[i]=flags;
 	}
 
-void ERR_add_error_data( VAR_PLIST(int , num))
-VAR_ALIST
-        {
-        VAR_BDEFN(args, int, num);
+void ERR_add_error_data(int num, ...)
+	{
+	va_list args;
 	int i,n,s;
 	char *str,*p,*a;
 
-	s=64;
-	str=Malloc(s+1);
+	s=80;
+	str=OPENSSL_malloc(s+1);
 	if (str == NULL) return;
 	str[0]='\0';
 
-	VAR_INIT(args,int,num);
+	va_start(args, num);
 	n=0;
 	for (i=0; i<num; i++)
 		{
-		VAR_ARG(args,char *,a);
+		a=va_arg(args, char*);
 		/* ignore NULLs, thanks to Bob Beck <beck@obtuse.com> */
 		if (a != NULL)
 			{
@@ -636,11 +1015,11 @@ VAR_ALIST
 			if (n > s)
 				{
 				s=n+20;
-				p=Realloc(str,s+1);
+				p=OPENSSL_realloc(str,s+1);
 				if (p == NULL)
 					{
-					Free(str);
-					return;
+					OPENSSL_free(str);
+					goto err;
 					}
 				else
 					str=p;
@@ -650,6 +1029,6 @@ VAR_ALIST
 		}
 	ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
 
-	VAR_END( args );
+err:
+	va_end(args);
 	}
-
diff --git a/crypto/err/err.h b/crypto/err/err.h
index c81dedd666..ec895c4d12 100644
--- a/crypto/err/err.h
+++ b/crypto/err/err.h
@@ -59,17 +59,23 @@
 #ifndef HEADER_ERR_H
 #define HEADER_ERR_H
 
-#ifdef	__cplusplus
-extern "C" {
+#ifndef OPENSSL_NO_FP_API
+#include <stdio.h>
+#include <stdlib.h>
 #endif
 
-/* The following is a bit of a trick to help the object files only contain
- * the 'name of the file' string once.  Since 'err.h' is protected by the
- * HEADER_ERR_H stuff, this should be included only once per file. */
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#ifndef OPENSSL_NO_LHASH
+#include <openssl/lhash.h>
+#endif
 
-#define ERR_file_name	__FILE__
+#ifdef	__cplusplus
+extern "C" {
+#endif
 
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 #define ERR_PUT_error(a,b,c,d,e)	ERR_put_error(a,b,c,d,e)
 #else
 #define ERR_PUT_error(a,b,c,d,e)	ERR_put_error(a,b,c,NULL,0)
@@ -87,7 +93,7 @@ typedef struct err_state_st
 	unsigned long err_buffer[ERR_NUM_ERRORS];
 	char *err_data[ERR_NUM_ERRORS];
 	int err_data_flags[ERR_NUM_ERRORS];
-	char *err_file[ERR_NUM_ERRORS];
+	const char *err_file[ERR_NUM_ERRORS];
 	int err_line[ERR_NUM_ERRORS];
 	int top,bottom;
 	} ERR_STATE;
@@ -104,43 +110,59 @@ typedef struct err_state_st
 #define ERR_LIB_PEM		9
 #define ERR_LIB_DSA		10
 #define ERR_LIB_X509		11
-#define ERR_LIB_METH		12
+/* #define ERR_LIB_METH         12 */
 #define ERR_LIB_ASN1		13
 #define ERR_LIB_CONF		14
 #define ERR_LIB_CRYPTO		15
+#define ERR_LIB_EC		16
 #define ERR_LIB_SSL		20
-#define ERR_LIB_SSL23		21
-#define ERR_LIB_SSL2		22
-#define ERR_LIB_SSL3		23
-#define ERR_LIB_RSAREF		30
-#define ERR_LIB_PROXY		31
+/* #define ERR_LIB_SSL23        21 */
+/* #define ERR_LIB_SSL2         22 */
+/* #define ERR_LIB_SSL3         23 */
+/* #define ERR_LIB_RSAREF       30 */
+/* #define ERR_LIB_PROXY        31 */
 #define ERR_LIB_BIO		32
 #define ERR_LIB_PKCS7		33
+#define ERR_LIB_X509V3		34
+#define ERR_LIB_PKCS12		35
+#define ERR_LIB_RAND		36
+#define ERR_LIB_DSO		37
+#define ERR_LIB_ENGINE		38
+#define ERR_LIB_OCSP            39
+#define ERR_LIB_UI              40
+#define ERR_LIB_COMP            41
+#define ERR_LIB_ECDSA		42
+#define ERR_LIB_ECDH		43
 
 #define ERR_LIB_USER		128
 
-#define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),ERR_file_name,__LINE__)
-#define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),ERR_file_name,__LINE__)
-#define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),ERR_file_name,__LINE__)
-#define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),ERR_file_name,__LINE__)
-#define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),ERR_file_name,__LINE__)
-#define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),ERR_file_name,__LINE__)
-#define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),ERR_file_name,__LINE__)
-#define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),ERR_file_name,__LINE__)
-#define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),ERR_file_name,__LINE__)
-#define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),ERR_file_name,__LINE__)
-#define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),ERR_file_name,__LINE__)
-#define METHerr(f,r) ERR_PUT_error(ERR_LIB_METH,(f),(r),ERR_file_name,__LINE__)
-#define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),ERR_file_name,__LINE__)
-#define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),ERR_file_name,__LINE__)
-#define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),ERR_file_name,__LINE__)
-#define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),ERR_file_name,__LINE__)
-#define SSL23err(f,r) ERR_PUT_error(ERR_LIB_SSL23,(f),(r),ERR_file_name,__LINE__)
-#define SSL2err(f,r) ERR_PUT_error(ERR_LIB_SSL2,(f),(r),ERR_file_name,__LINE__)
-#define SSL3err(f,r) ERR_PUT_error(ERR_LIB_SSL3,(f),(r),ERR_file_name,__LINE__)
-#define RSAREFerr(f,r) ERR_PUT_error(ERR_LIB_RSAREF,(f),(r),ERR_file_name,__LINE__)
-#define PROXYerr(f,r) ERR_PUT_error(ERR_LIB_PROXY,(f),(r),ERR_file_name,__LINE__)
-#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),ERR_file_name,__LINE__)
+#define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__)
+#define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__)
+#define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__)
+#define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__)
+#define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__)
+#define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__)
+#define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__)
+#define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__)
+#define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__)
+#define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__)
+#define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__)
+#define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__)
+#define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__)
+#define ECerr(f,r)   ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__)
+#define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__)
+#define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__)
+#define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__)
+#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__)
+#define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__)
+#define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__)
+#define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__)
+#define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__)
+#define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__)
+#define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__)
+#define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__)
+#define ECDSAerr(f,r)  ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),__FILE__,__LINE__)
+#define ECDHerr(f,r)  ERR_PUT_error(ERR_LIB_ECDH,(f),(r),__FILE__,__LINE__)
 
 /* Borland C seems too stupid to be able to shift and do longs in
  * the pre-processor :-( */
@@ -152,7 +174,8 @@ typedef struct err_state_st
 #define ERR_GET_REASON(l)	(int)((l)&0xfffL)
 #define ERR_FATAL_ERROR(l)	(int)((l)&ERR_R_FATAL)
 
-/* OS fuctions */
+
+/* OS functions */
 #define SYS_F_FOPEN		1
 #define SYS_F_CONNECT		2
 #define SYS_F_GETSERVBYNAME	3
@@ -162,129 +185,118 @@ typedef struct err_state_st
 #define SYS_F_LISTEN		7
 #define SYS_F_ACCEPT		8
 #define SYS_F_WSASTARTUP	9 /* Winsock stuff */
+#define SYS_F_OPENDIR		10
+#define SYS_F_FREAD		11
+
 
-#define ERR_R_FATAL		32	
 /* reasons */
-#define ERR_R_SYS_LIB	ERR_LIB_SYS
-#define ERR_R_BN_LIB	ERR_LIB_BN
-#define ERR_R_RSA_LIB	ERR_LIB_RSA
-#define ERR_R_DSA_LIB	ERR_LIB_DSA
-#define ERR_R_DH_LIB	ERR_LIB_DH
-#define ERR_R_EVP_LIB	ERR_LIB_EVP
-#define ERR_R_BUF_LIB	ERR_LIB_BUF
-#define ERR_R_BIO_LIB	ERR_LIB_BIO
-#define ERR_R_OBJ_LIB	ERR_LIB_OBJ
-#define ERR_R_PEM_LIB	ERR_LIB_PEM
-#define ERR_R_X509_LIB	ERR_LIB_X509
-#define ERR_R_METH_LIB	ERR_LIB_METH
-#define ERR_R_ASN1_LIB	ERR_LIB_ASN1
-#define ERR_R_CONF_LIB	ERR_LIB_CONF
-#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO
-#define ERR_R_SSL_LIB	ERR_LIB_SSL
-#define ERR_R_SSL23_LIB	ERR_LIB_SSL23
-#define ERR_R_SSL2_LIB	ERR_LIB_SSL2
-#define ERR_R_SSL3_LIB	ERR_LIB_SSL3
-#define ERR_R_PROXY_LIB	ERR_LIB_PROXY
-#define ERR_R_BIO_LIB	ERR_LIB_BIO
-#define ERR_R_PKCS7_LIB	ERR_LIB_PKCS7
+#define ERR_R_SYS_LIB	ERR_LIB_SYS       /* 2 */
+#define ERR_R_BN_LIB	ERR_LIB_BN        /* 3 */
+#define ERR_R_RSA_LIB	ERR_LIB_RSA       /* 4 */
+#define ERR_R_DH_LIB	ERR_LIB_DH        /* 5 */
+#define ERR_R_EVP_LIB	ERR_LIB_EVP       /* 6 */
+#define ERR_R_BUF_LIB	ERR_LIB_BUF       /* 7 */
+#define ERR_R_OBJ_LIB	ERR_LIB_OBJ       /* 8 */
+#define ERR_R_PEM_LIB	ERR_LIB_PEM       /* 9 */
+#define ERR_R_DSA_LIB	ERR_LIB_DSA      /* 10 */
+#define ERR_R_X509_LIB	ERR_LIB_X509     /* 11 */
+#define ERR_R_ASN1_LIB	ERR_LIB_ASN1     /* 13 */
+#define ERR_R_CONF_LIB	ERR_LIB_CONF     /* 14 */
+#define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO  /* 15 */
+#define ERR_R_EC_LIB	ERR_LIB_EC       /* 16 */
+#define ERR_R_SSL_LIB	ERR_LIB_SSL      /* 20 */
+#define ERR_R_BIO_LIB	ERR_LIB_BIO      /* 32 */
+#define ERR_R_PKCS7_LIB	ERR_LIB_PKCS7    /* 33 */
+#define ERR_R_X509V3_LIB ERR_LIB_X509V3  /* 34 */
+#define ERR_R_PKCS12_LIB ERR_LIB_PKCS12  /* 35 */
+#define ERR_R_RAND_LIB	ERR_LIB_RAND     /* 36 */
+#define ERR_R_DSO_LIB	ERR_LIB_DSO      /* 37 */
+#define ERR_R_ENGINE_LIB ERR_LIB_ENGINE  /* 38 */
+#define ERR_R_OCSP_LIB  ERR_LIB_OCSP     /* 39 */
+#define ERR_R_UI_LIB    ERR_LIB_UI       /* 40 */
+#define ERR_R_COMP_LIB	ERR_LIB_COMP     /* 41 */
+#define ERR_R_ECDSA_LIB ERR_LIB_ECDSA	 /* 42 */
+#define ERR_R_ECDH_LIB  ERR_LIB_ECDH	 /* 43 */
+
+#define ERR_R_NESTED_ASN1_ERROR			58
+#define ERR_R_BAD_ASN1_OBJECT_HEADER		59
+#define ERR_R_BAD_GET_ASN1_OBJECT_CALL		60
+#define ERR_R_EXPECTING_AN_ASN1_SEQUENCE	61
+#define ERR_R_ASN1_LENGTH_MISMATCH		62
+#define ERR_R_MISSING_ASN1_EOS			63
 
 /* fatal error */
+#define ERR_R_FATAL				64
 #define	ERR_R_MALLOC_FAILURE			(1|ERR_R_FATAL)
 #define	ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED	(2|ERR_R_FATAL)
 #define	ERR_R_PASSED_NULL_PARAMETER		(3|ERR_R_FATAL)
-#define ERR_R_NESTED_ASN1_ERROR			(4)
-#define ERR_R_BAD_ASN1_OBJECT_HEADER		(5)
-#define ERR_R_BAD_GET_ASN1_OBJECT_CALL		(6)
-#define ERR_R_EXPECTING_AN_ASN1_SEQUENCE	(7)
-#define ERR_R_ASN1_LENGTH_MISMATCH		(8)
-#define ERR_R_MISSING_ASN1_EOS			(9)
+#define	ERR_R_INTERNAL_ERROR			(4|ERR_R_FATAL)
+#define	ERR_R_DISABLED				(5|ERR_R_FATAL)
+
+/* 99 is the maximum possible ERR_R_... code, higher values
+ * are reserved for the individual libraries */
+
 
 typedef struct ERR_string_data_st
 	{
 	unsigned long error;
-	char *string;
+	const char *string;
 	} ERR_STRING_DATA;
 
-#ifndef NOPROTO
-void ERR_put_error(int lib, int func,int reason,char *file,int line);
+void ERR_put_error(int lib, int func,int reason,const char *file,int line);
 void ERR_set_error_data(char *data,int flags);
 
-unsigned long ERR_get_error(void );
-unsigned long ERR_get_error_line(char **file,int *line);
-unsigned long ERR_get_error_line_data(char **file,int *line,
-		char **data, int *flags);
-unsigned long ERR_peek_error(void );
-unsigned long ERR_peek_error_line(char **file,int *line);
-unsigned long ERR_peek_error_line_data(char **file,int *line,
-		char **data,int *flags);
+unsigned long ERR_get_error(void);
+unsigned long ERR_get_error_line(const char **file,int *line);
+unsigned long ERR_get_error_line_data(const char **file,int *line,
+				      const char **data, int *flags);
+unsigned long ERR_peek_error(void);
+unsigned long ERR_peek_error_line(const char **file,int *line);
+unsigned long ERR_peek_error_line_data(const char **file,int *line,
+				       const char **data,int *flags);
+unsigned long ERR_peek_last_error(void);
+unsigned long ERR_peek_last_error_line(const char **file,int *line);
+unsigned long ERR_peek_last_error_line_data(const char **file,int *line,
+				       const char **data,int *flags);
 void ERR_clear_error(void );
 char *ERR_error_string(unsigned long e,char *buf);
-char *ERR_lib_error_string(unsigned long e);
-char *ERR_func_error_string(unsigned long e);
-char *ERR_reason_error_string(unsigned long e);
-#ifndef NO_FP_API
+void ERR_error_string_n(unsigned long e, char *buf, size_t len);
+const char *ERR_lib_error_string(unsigned long e);
+const char *ERR_func_error_string(unsigned long e);
+const char *ERR_reason_error_string(unsigned long e);
+void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
+			 void *u);
+#ifndef OPENSSL_NO_FP_API
 void ERR_print_errors_fp(FILE *fp);
 #endif
-#ifdef HEADER_BIO_H
+#ifndef OPENSSL_NO_BIO
 void ERR_print_errors(BIO *bp);
-void ERR_add_error_data( VAR_PLIST( int, num ) );
+void ERR_add_error_data(int num, ...);
 #endif
 void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
-void ERR_load_ERR_strings(void );
-void ERR_load_crypto_strings(void );
-void ERR_free_strings(void );
+void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);
+void ERR_load_ERR_strings(void);
+void ERR_load_crypto_strings(void);
+void ERR_free_strings(void);
 
 void ERR_remove_state(unsigned long pid); /* if zero we look it up */
 ERR_STATE *ERR_get_state(void);
 
-#ifdef HEADER_LHASH_H
-LHASH *ERR_get_string_table(void );
-LHASH *ERR_get_err_state_table(void );
-#else
-char *ERR_get_string_table(void );
-char *ERR_get_err_state_table(void );
-#endif
-
-int ERR_get_next_error_library(void );
-
-#else
-
-void ERR_put_error();
-void ERR_set_error_data();
-
-unsigned long ERR_get_error();
-unsigned long ERR_get_error_line();
-unsigned long ERR_peek_error();
-unsigned long ERR_peek_error_line();
-void ERR_clear_error();
-char *ERR_error_string();
-char *ERR_lib_error_string();
-char *ERR_func_error_string();
-char *ERR_reason_error_string();
-#ifndef NO_FP_API
-void ERR_print_errors_fp();
-#endif
-void ERR_print_errors();
-void ERR_add_error_data();
-void ERR_load_strings();
-void ERR_load_ERR_strings();
-void ERR_load_crypto_strings();
-void ERR_free_strings();
-
-void ERR_remove_state();
-ERR_STATE *ERR_get_state();
-
-#ifdef HEADER_LHASH_H
-LHASH *ERR_get_string_table();
-LHASH *ERR_get_err_state_table();
-#else
-char *ERR_get_string_table();
-char *ERR_get_err_state_table();
+#ifndef OPENSSL_NO_LHASH
+LHASH *ERR_get_string_table(void);
+LHASH *ERR_get_err_state_table(void);
 #endif
 
-int ERR_get_next_error_library();
+int ERR_get_next_error_library(void);
 
-#endif
+/* This opaque type encapsulates the low-level error-state functions */
+typedef struct st_ERR_FNS ERR_FNS;
+/* An application can use this function and provide the return value to loaded
+ * modules that should use the application's ERR state/functionality */
+const ERR_FNS *ERR_get_implementation(void);
+/* A loaded module should call this function prior to any ERR operations using
+ * the application's "ERR_FNS". */
+int ERR_set_implementation(const ERR_FNS *fns);
 
 #ifdef	__cplusplus
 }
diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
index f874268e1a..90029fd159 100644
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -57,60 +57,73 @@
  */
 
 #include <stdio.h>
-#include "asn1.h"
-#include "bn.h"
-#include "buffer.h"
-#include "bio.h"
-#ifndef NO_RSA
-#include "rsa.h"
+#include <openssl/asn1.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
 #endif
-#ifdef RSAref
-#include "rsaref.h"
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
 #endif
-#ifndef NO_DH
-#include "dh.h"
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
 #endif
-#ifndef NO_DSA
-#include "dsa.h"
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
 #endif
-#include "evp.h"
-#include "objects.h"
-#include "pem.h"
-#include "x509.h"
-#include "conf.h"
-#include "err.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/pem2.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/conf.h>
+#include <openssl/pkcs12.h>
+#include <openssl/rand.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#include <openssl/ocsp.h>
+#include <openssl/err.h>
 
-void ERR_load_crypto_strings()
+void ERR_load_crypto_strings(void)
 	{
 	static int done=0;
 
 	if (done) return;
 	done=1;
-#ifndef NO_ERR
-	ERR_load_ASN1_strings();
+#ifndef OPENSSL_NO_ERR
+	ERR_load_ERR_strings(); /* include error strings for SYSerr */
 	ERR_load_BN_strings();
-	ERR_load_BUF_strings();
-	ERR_load_BIO_strings();
-	ERR_load_CONF_strings();
-#ifndef NO_RSA
-#ifdef RSAref
-	ERR_load_RSAREF_strings();
-#else
+#ifndef OPENSSL_NO_RSA
 	ERR_load_RSA_strings();
 #endif
-#endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	ERR_load_DH_strings();
 #endif
-#ifndef NO_DSA
-	ERR_load_DSA_strings();
-#endif
-	ERR_load_ERR_strings();
 	ERR_load_EVP_strings();
+	ERR_load_BUF_strings();
 	ERR_load_OBJ_strings();
 	ERR_load_PEM_strings();
+#ifndef OPENSSL_NO_DSA
+	ERR_load_DSA_strings();
+#endif
 	ERR_load_X509_strings();
+	ERR_load_ASN1_strings();
+	ERR_load_CONF_strings();
 	ERR_load_CRYPTO_strings();
-	ERR_load_PKCS7_strings();
+#ifndef OPENSSL_NO_EC
+	ERR_load_EC_strings();
+#endif
+	/* skip ERR_load_SSL_strings() because it is not in this library */
+	ERR_load_BIO_strings();
+	ERR_load_PKCS7_strings();	
+	ERR_load_X509V3_strings();
+	ERR_load_PKCS12_strings();
+	ERR_load_RAND_strings();
+	ERR_load_DSO_strings();
+	ERR_load_ENGINE_strings();
+	ERR_load_OCSP_strings();
+	ERR_load_UI_strings();
 #endif
 	}
diff --git a/crypto/err/err_code.pl b/crypto/err/err_code.pl
deleted file mode 100644
index 7f4cd7c216..0000000000
--- a/crypto/err/err_code.pl
+++ /dev/null
@@ -1,105 +0,0 @@
-#!/usr/local/bin/perl
-
-while (@ARGV)
-	{
-	$in=shift(@ARGV);
-	if ($in =~ /^-conf$/)
-		{
-		$in=shift(@ARGV);
-		open(IN,"<$in") || die "unable to open '$in'\n";
-		while (<IN>)
-			{
-			s/#.*$//;
-			s/\s+$//;
-			next if (/^$/);
-			if (/^L\s+(\S+)\s+(\S+)$/)
-				{ $errfile{$1}=$2; }
-			elsif (/^F\s+(\S+)$/)
-				{ $function{$1}=1; }
-			elsif (/^R\s+(\S+)\s+(\S+)$/)
-				{ $r_value{$1}=$2; }
-			else { die "bad input line: $in:$.\n"; }
-			}
-		close(IN);
-		next;
-		}
-
-	open(IN,"<$in") || die "unable to open '$in'\n";
-	$last="";
-	while (<IN>)
-		{
-		if (/err\(([A-Z0-9]+_F_[0-9A-Z_]+)\s*,\s*([0-9A-Z]+_R_[0-9A-Z_]+)\s*\)/)
-			{
-			if ($1 != $last)
-				{
-				if ($function{$1} == 0)
-					{
-					printf STDERR "$. $1 is bad\n";
-					}
-				}
-			$function{$1}++;
-			$last=$1;
-			$reason{$2}++;
-			}
-		}
-	close(IN);
-	}
-
-foreach (keys %function,keys %reason)
-	{
-	/^([A-Z0-9]+)_/;
-	$prefix{$1}++;
-	}
-
-@F=sort keys %function;
-@R=sort keys %reason;
-foreach $j (sort keys %prefix)
-	{
-	next if $errfile{$j} eq "NONE";
-	printf STDERR "doing %-6s - ",$j;
-	if (defined($errfile{$j}))
-		{
-		open(OUT,">$errfile{$j}") ||
-			die "unable to open '$errfile{$j}':$!\n";
-		$close_file=1;
-		}
-	else
-		{
-		*OUT=*STDOUT;
-		$close=0;
-		}
-	@f=grep(/^${j}_/,@F);
-	@r=grep(/^${j}_/,@R);
-	$num=100;
-	print OUT "/* Error codes for the $j functions. */\n\n";
-	print OUT "/* Function codes. */\n";
-	$f_count=0;
-	foreach $i (@f)
-		{
-		$z=6-int(length($i)/8);
-		printf OUT "#define $i%s $num\n","\t" x $z;
-		$num++;
-		$f_count++;
-		}
-	$num=100;
-	print OUT "\n/* Reason codes. */\n";
-	$r_count=0;
-	foreach $i (@r)
-		{
-		$z=6-int(length($i)/8);
-		if (defined($r_value{$i}))
-			{
-			printf OUT "#define $i%s $r_value{$i}\n","\t" x $z;
-			}
-		else
-			{
-			printf OUT "#define $i%s $num\n","\t" x $z;
-			$num++;
-			}
-		$r_count++;
-		}
-	close(OUT) if $close_file;
-
-	printf STDERR "%3d functions, %3d reasons\n",$f_count,$r_count;
-	}
-
diff --git a/crypto/err/err_genc.pl b/crypto/err/err_genc.pl
deleted file mode 100644
index 87c6da9a6d..0000000000
--- a/crypto/err/err_genc.pl
+++ /dev/null
@@ -1,198 +0,0 @@
-#!/usr/local/bin/perl
-
-if ($ARGV[0] eq "-s") { $static=1; shift @ARGV; }
-
-($#ARGV == 1) || die "usage: $0 [-s] <header file> <output C file>\n";
-open(IN,"<$ARGV[0]") || die "unable to open $ARGV[0]:$!\n";
-open(STDOUT,">$ARGV[1]") || die "unable to open $ARGV[1]:$!\n";
-
-$Func=0;
-$Reas=0;
-$fuction{'FOPEN'}='fopen';
-while (<IN>)
-	{
-	if (/(\S+)\s*\(\);/)
-		{
-		$t=$1;
-		$t =~ s/\*//;
-		($upper=$t) =~ tr/a-z/A-Z/;
-		$fuction{$upper}=$t;
-		}
-	next unless (/^#define\s+(\S+)\s/);
-
-	$o=$1;
-	if ($o =~ /^([^_]+)_F_(.*)/)
-		{
-		$type=$1;
-		$Func++;
-		$n=$2;
-		$n=$fuction{$n} if (defined($fuction{$n}));
-		$out{$1."_str_functs"}.=
-			sprintf("{ERR_PACK(0,%s,0),\t\"$n\"},\n",$o);
-		}
-	elsif ($o =~ /^([^_]+)_R_(.*)/)
-		{
-		$type=$1;
-		$Reas++;
-		$r=$2;
-		$r =~ tr/A-Z_/a-z /;
-		$pkg{$type."_str_reasons"}=$type;
-		$out{$type."_str_reasons"}.=sprintf("{%-40s,\"$r\"},\n",$o);
-		}
-	elsif ($ARGV[0] =~ /rsaref/ && $o =~ /^RE_(.*)/)
-		{
-		$type="RSAREF";
-		$Reas++;
-		$r=$1;
-		$r =~ tr/A-Z_/a-z /;
-		$pkg{$type."_str_reasons"}=$type;
-		$out{$type."_str_reasons"}.=sprintf("{%-40s,\"$r\"},\n",$o);
-		}
-	}
-close(IN);
-
-&header($type,$ARGV[0]);
-
-foreach (sort keys %out)
-	{
-	print "static ERR_STRING_DATA ${_}[]=\n\t{\n";
-	print $out{$_};
-	print "{0,NULL},\n";
-	print "\t};\n\n";
-	}
-print "#endif\n";
-
-if ($static)
-	{ $lib="ERR_LIB_$type"; }
-else
-	{ $lib="${type}_lib_error_code"; }
-
-$str="";
-$str.="#ifndef NO_ERR\n";
-$str.="\t\tERR_load_strings($lib,${type}_str_functs);\n" if $Func;
-$str.="\t\tERR_load_strings($lib,${type}_str_reasons);\n" if $Reas;
-$str.="#endif\n";
-
-if (!$static)
-	{
-print <<"EOF";
-
-static int ${type}_lib_error_code=0;
-
-void ERR_load_${type}_strings()
-	{
-	static int init=1;
-
-	if (${type}_lib_error_code == 0)
-		${type}_lib_error_code=ERR_get_next_error_library();
-
-	if (init)
-		{
-		init=0;
-$str
-		}
-	}
-
-void ERR_${type}_error(function,reason,file,line)
-int function;
-int reason;
-char *file;
-int line;
-	{
-	if (${type}_lib_error_code == 0)
-		${type}_lib_error_code=ERR_get_next_error_library();
-	ERR_PUT_error(${type}_lib_error_code,function,reason,file,line);
-	}
-EOF
-	}
-else # $static
-	{
-	print <<"EOF";
-
-void ERR_load_${type}_strings()
-	{
-	static int init=1;
-
-	if (init)
-		{
-		init=0;
-$str
-		}
-	}
-EOF
-	}
-
-sub header
-	{
-	($type,$header)=@_;
-
-	($lc=$type) =~ tr/A-Z/a-z/;
-	$header =~ s/^.*\///;
-
-	print "/* lib/$lc/${lc}\_err.c */\n";
-	print <<'EOF';
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-EOF
-
-	print "#include <stdio.h>\n";
-	print "#include \"err.h\"\n";
-	print "#include \"$header\"\n";
-	print "\n/* BEGIN ERROR CODES */\n";
-	print "#ifndef NO_ERR\n";
-	}
-
diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c
index ecd0e7c4fa..81e34bd6ce 100644
--- a/crypto/err/err_prn.c
+++ b/crypto/err/err_prn.c
@@ -57,51 +57,50 @@
  */
 
 #include <stdio.h>
-#include "lhash.h"
-#include "crypto.h"
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "err.h"
-#include "crypto.h"
+#include <openssl/buffer.h>
+#include <openssl/err.h>
 
-#ifndef NO_FP_API
-void ERR_print_errors_fp(fp)
-FILE *fp;
+void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
+			 void *u)
 	{
 	unsigned long l;
-	char buf[200];
-	char *file,*data;
+	char buf[256];
+	char buf2[4096];
+	const char *file,*data;
 	int line,flags;
 	unsigned long es;
 
 	es=CRYPTO_thread_id();
 	while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)
 		{
-		fprintf(fp,"%lu:%s:%s:%d:%s\n",es,ERR_error_string(l,buf),
-			file,line,(flags&ERR_TXT_STRING)?data:"");
+		ERR_error_string_n(l, buf, sizeof buf);
+		BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf,
+			file, line, (flags & ERR_TXT_STRING) ? data : "");
+		cb(buf2, strlen(buf2), u);
 		}
 	}
-#endif
 
-void ERR_print_errors(bp)
-BIO *bp;
+#ifndef OPENSSL_NO_FP_API
+static int print_fp(const char *str, size_t len, void *fp)
 	{
-	unsigned long l;
-	char buf[256];
-	char buf2[256];
-	char *file,*data;
-	int line,flags;
-	unsigned long es;
+	return fprintf((FILE *)fp, "%s", str);
+	}
+void ERR_print_errors_fp(FILE *fp)
+	{
+	ERR_print_errors_cb(print_fp, fp);
+	}
+#endif
 
-	es=CRYPTO_thread_id();
-	while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)
-		{
-		sprintf(buf2,"%lu:%s:%s:%d:",es,ERR_error_string(l,buf),
-			file,line);
-		BIO_write(bp,buf2,strlen(buf2));
-		if (flags & ERR_TXT_STRING)
-			BIO_write(bp,data,strlen(data));
-		BIO_write(bp,"\n",1);
-		}
+static int print_bio(const char *str, size_t len, void *bp)
+	{
+	return BIO_write((BIO *)bp, str, len);
+	}
+void ERR_print_errors(BIO *bp)
+	{
+	ERR_print_errors_cb(print_bio, bp);
 	}
 
+	
diff --git a/crypto/err/error.err b/crypto/err/error.err
deleted file mode 100644
index f09557d8d9..0000000000
--- a/crypto/err/error.err
+++ /dev/null
@@ -1,13 +0,0 @@
-/* Error codes for the ERR functions. */
-
-/* Function codes. */
-
-/* Reason codes. */
-#define ERR_R_BN_LIB					100
-#define ERR_R_DER_LIB					101
-#define ERR_R_MALLOC_FAILURE				102
-#define ERR_R_PEM_LIB					103
-#define ERR_R_RSA_LIB					104
-#define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED		105
-#define ERR_R_SYS_LIB					106
-#define ERR_R_X509_LIB					107
diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
new file mode 100644
index 0000000000..38d68f23e7
--- /dev/null
+++ b/crypto/err/openssl.ec
@@ -0,0 +1,84 @@
+# crypto/err/openssl.ec
+
+# configuration file for util/mkerr.pl
+
+# files that may have to be rewritten by util/mkerr.pl
+L ERR		NONE				NONE
+L BN		crypto/bn/bn.h			crypto/bn/bn_err.c
+L RSA		crypto/rsa/rsa.h		crypto/rsa/rsa_err.c
+L DH		crypto/dh/dh.h			crypto/dh/dh_err.c
+L EVP		crypto/evp/evp.h		crypto/evp/evp_err.c
+L BUF		crypto/buffer/buffer.h		crypto/buffer/buf_err.c
+L OBJ		crypto/objects/objects.h	crypto/objects/obj_err.c
+L PEM		crypto/pem/pem.h		crypto/pem/pem_err.c
+L DSA		crypto/dsa/dsa.h		crypto/dsa/dsa_err.c
+L X509		crypto/x509/x509.h		crypto/x509/x509_err.c
+L ASN1		crypto/asn1/asn1.h		crypto/asn1/asn1_err.c
+L CONF		crypto/conf/conf.h		crypto/conf/conf_err.c
+L CRYPTO	crypto/crypto.h			crypto/cpt_err.c
+L EC		crypto/ec/ec.h			crypto/ec/ec_err.c
+L SSL		ssl/ssl.h			ssl/ssl_err.c
+L BIO		crypto/bio/bio.h		crypto/bio/bio_err.c
+L PKCS7		crypto/pkcs7/pkcs7.h		crypto/pkcs7/pkcs7err.c
+L X509V3	crypto/x509v3/x509v3.h		crypto/x509v3/v3err.c
+L PKCS12	crypto/pkcs12/pkcs12.h		crypto/pkcs12/pk12err.c
+L RAND		crypto/rand/rand.h		crypto/rand/rand_err.c
+L DSO		crypto/dso/dso.h		crypto/dso/dso_err.c
+L ENGINE	crypto/engine/engine.h		crypto/engine/eng_err.c
+L OCSP		crypto/ocsp/ocsp.h		crypto/ocsp/ocsp_err.c
+L UI		crypto/ui/ui.h			crypto/ui/ui_err.c
+L ECDSA		crypto/ecdsa/ecdsa.h		crypto/ecdsa/ecs_err.c
+L ECDH		crypto/ecdh/ecdh.h		crypto/ecdh/ech_err.c
+
+# additional header files to be scanned for function names
+L NONE		crypto/x509/x509_vfy.h		NONE
+L NONE		crypto/ec/ec_lcl.h		NONE
+L NONE		crypto/ecdsa/ecs_locl.h		NONE
+
+
+F RSAREF_F_RSA_BN2BIN
+F RSAREF_F_RSA_PRIVATE_DECRYPT
+F RSAREF_F_RSA_PRIVATE_ENCRYPT
+F RSAREF_F_RSA_PUBLIC_DECRYPT
+F RSAREF_F_RSA_PUBLIC_ENCRYPT
+#F SSL_F_CLIENT_CERTIFICATE
+
+R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE		1010
+R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		1020
+R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED		1021
+R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW		1022
+R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE	1030
+R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE		1040
+R SSL_R_SSLV3_ALERT_NO_CERTIFICATE		1041
+R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		1042
+R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE	1043
+R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED		1044
+R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED		1045
+R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN		1046
+R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER		1047
+R SSL_R_TLSV1_ALERT_UNKNOWN_CA			1048
+R SSL_R_TLSV1_ALERT_ACCESS_DENIED		1049
+R SSL_R_TLSV1_ALERT_DECODE_ERROR		1050
+R SSL_R_TLSV1_ALERT_DECRYPT_ERROR		1051
+R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION		1060
+R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION		1070
+R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY	1071
+R SSL_R_TLSV1_ALERT_INTERNAL_ERROR		1080
+R SSL_R_TLSV1_ALERT_USER_CANCELLED		1090
+R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		1100
+
+R RSAREF_R_CONTENT_ENCODING			0x0400
+R RSAREF_R_DATA					0x0401
+R RSAREF_R_DIGEST_ALGORITHM			0x0402
+R RSAREF_R_ENCODING				0x0403
+R RSAREF_R_KEY					0x0404
+R RSAREF_R_KEY_ENCODING				0x0405
+R RSAREF_R_LEN					0x0406
+R RSAREF_R_MODULUS_LEN				0x0407
+R RSAREF_R_NEED_RANDOM				0x0408
+R RSAREF_R_PRIVATE_KEY				0x0409
+R RSAREF_R_PUBLIC_KEY				0x040a
+R RSAREF_R_SIGNATURE				0x040b
+R RSAREF_R_SIGNATURE_ENCODING			0x040c
+R RSAREF_R_ENCRYPTION_ALGORITHM			0x040d
+
diff --git a/crypto/err/ssleay.ec b/crypto/err/ssleay.ec
deleted file mode 100644
index 12cb3432a8..0000000000
--- a/crypto/err/ssleay.ec
+++ /dev/null
@@ -1,70 +0,0 @@
-L ERR		NONE
-L CRYPTO	crypto.err
-L BN		bn/bn.err
-L RSA		rsa/rsa.err
-L DSA		dsa/dsa.err
-L DH		dh/dh.err
-L EVP		evp/evp.err
-L BUF		buffer/buffer.err
-L BIO		bio/bio.err
-L OBJ		objects/objects.err
-L PEM		pem/pem.err
-L X509		x509/x509.err
-L METH		meth/meth.err
-L ASN1		asn1/asn1.err
-L CONF		conf/conf.err
-L PROXY		proxy/proxy.err
-L PKCS7		pkcs7/pkcs7.err
-L RSAREF	../rsaref/rsaref.err
-L SSL		../ssl/ssl.err
-L SSL2		../ssl/ssl2.err
-L SSL3		../ssl/ssl3.err
-L SSL23		../ssl/ssl23.err
-L COMP		comp/comp.err
-
-F RSAREF_F_RSA_BN2BIN
-F RSAREF_F_RSA_PRIVATE_DECRYPT
-F RSAREF_F_RSA_PRIVATE_ENCRYPT
-F RSAREF_F_RSA_PUBLIC_DECRYPT
-F RSAREF_F_RSA_PUBLIC_ENCRYPT
-#F SSL_F_CLIENT_CERTIFICATE
-
-R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE		1010
-R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		1020
-R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED		1021
-R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW		1022
-R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE	1030
-R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE		1040
-R SSL_R_SSLV3_ALERT_NO_CERTIFICATE		1041
-R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		1042
-R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE	1043
-R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED		1044
-R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED		1045
-R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN		1046
-R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER		1047
-R SSL_R_TLSV1_ALERT_UNKNOWN_CA			1048
-R SSL_R_TLSV1_ALERT_ACCESS_DENIED		1049
-R SSL_R_TLSV1_ALERT_DECODE_ERROR		1050
-R SSL_R_TLSV1_ALERT_DECRYPT_ERROR		1051
-R SSL_R_TLSV1_ALERT_EXPORT_RESTRICION		1060
-R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION		1070
-R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY	1071
-R SSL_R_TLSV1_ALERT_INTERNAL_ERROR		1080
-R SSL_R_TLSV1_ALERT_USER_CANCLED		1090
-R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		1100
-
-R RSAREF_R_CONTENT_ENCODING			0x0400
-R RSAREF_R_DATA					0x0401
-R RSAREF_R_DIGEST_ALGORITHM			0x0402
-R RSAREF_R_ENCODING				0x0403
-R RSAREF_R_KEY					0x0404
-R RSAREF_R_KEY_ENCODING				0x0405
-R RSAREF_R_LEN					0x0406
-R RSAREF_R_MODULUS_LEN				0x0407
-R RSAREF_R_NEED_RANDOM				0x0408
-R RSAREF_R_PRIVATE_KEY				0x0409
-R RSAREF_R_PUBLIC_KEY				0x040a
-R RSAREF_R_SIGNATURE				0x040b
-R RSAREF_R_SIGNATURE_ENCODING			0x040c
-R RSAREF_R_ENCRYPTION_ALGORITHM			0x040d
-
diff --git a/crypto/evp/.cvsignore b/crypto/evp/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/evp/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl
index 8bf2516458..cc3775b5ae 100644
--- a/crypto/evp/Makefile.ssl
+++ b/crypto/evp/Makefile.ssl
@@ -5,52 +5,46 @@
 DIR=	evp
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=evp
-ERRC=evp_err
 GENERAL=Makefile
-TEST=
+TEST=evp_test.c
+TESTDATA=evptests.txt
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= encode.c digest.c evp_enc.c evp_key.c \
-	e_ecb_d.c e_cbc_d.c e_cfb_d.c e_ofb_d.c \
-	e_ecb_i.c e_cbc_i.c e_cfb_i.c e_ofb_i.c \
-	e_ecb_3d.c e_cbc_3d.c e_rc4.c names.c \
-	e_cfb_3d.c e_ofb_3d.c e_xcbc_d.c \
-	e_ecb_r2.c e_cbc_r2.c e_cfb_r2.c e_ofb_r2.c \
-	e_ecb_bf.c e_cbc_bf.c e_cfb_bf.c e_ofb_bf.c \
-	e_ecb_c.c e_cbc_c.c e_cfb_c.c e_ofb_c.c \
-	e_ecb_r5.c e_cbc_r5.c e_cfb_r5.c e_ofb_r5.c \
-	m_null.c m_md2.c m_md5.c m_sha.c m_sha1.c m_dss.c m_dss1.c m_mdc2.c \
-	m_ripemd.c \
+LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
+	e_des.c e_bf.c e_idea.c e_des3.c \
+	e_rc4.c e_aes.c names.c \
+	e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
+	m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \
+	m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\
 	p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
-	bio_md.c bio_b64.c bio_enc.c $(ERRC).c e_null.c \
-	c_all.c evp_lib.c
-
-LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o \
-	e_ecb_d.o e_cbc_d.o e_cfb_d.o e_ofb_d.o \
-	e_ecb_i.o e_cbc_i.o e_cfb_i.o e_ofb_i.o \
-	e_ecb_3d.o e_cbc_3d.o e_rc4.o names.o \
-	e_cfb_3d.o e_ofb_3d.o e_xcbc_d.o \
-	e_ecb_r2.o e_cbc_r2.o e_cfb_r2.o e_ofb_r2.o \
-	e_ecb_bf.o e_cbc_bf.o e_cfb_bf.o e_ofb_bf.o \
-	e_ecb_c.o e_cbc_c.o e_cfb_c.o e_ofb_c.o \
-	e_ecb_r5.o e_cbc_r5.o e_cfb_r5.o e_ofb_r5.o \
-	m_null.o m_md2.o m_md5.o m_sha.o m_sha1.o m_dss.o m_dss1.o m_mdc2.o \
-	m_ripemd.o \
+	bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
+	c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
+	evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c
+
+LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
+	e_des.o e_bf.o e_idea.o e_des3.o \
+	e_rc4.o e_aes.o names.o \
+	e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
+	m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \
+	m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\
 	p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
-	bio_md.o bio_b64.o bio_enc.o $(ERRC).o e_null.o \
-	c_all.o evp_lib.o
+	bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
+	c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
+	evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o
 
 SRC= $(LIBSRC)
 
@@ -66,24 +60,24 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TESTDATA)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -95,17 +89,1034 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bio_b64.o: ../../e_os.h ../../include/openssl/aes.h
+bio_b64.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_b64.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+bio_b64.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bio_b64.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+bio_b64.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_b64.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+bio_b64.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+bio_b64.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+bio_b64.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_b64.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_b64.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+bio_b64.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bio_b64.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bio_b64.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_b64.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+bio_b64.o: ../cryptlib.h bio_b64.c
+bio_enc.o: ../../e_os.h ../../include/openssl/aes.h
+bio_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+bio_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+bio_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+bio_enc.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+bio_enc.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+bio_enc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+bio_enc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+bio_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+bio_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+bio_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+bio_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+bio_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bio_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bio_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+bio_enc.o: ../cryptlib.h bio_enc.c
+bio_md.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+bio_md.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+bio_md.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+bio_md.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+bio_md.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+bio_md.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+bio_md.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_md.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+bio_md.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+bio_md.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+bio_md.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+bio_md.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_md.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_md.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+bio_md.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+bio_md.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+bio_md.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+bio_md.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+bio_md.o: ../../include/openssl/ui_compat.h ../cryptlib.h bio_md.c
+bio_ok.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+bio_ok.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+bio_ok.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+bio_ok.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+bio_ok.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+bio_ok.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+bio_ok.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+bio_ok.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+bio_ok.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+bio_ok.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+bio_ok.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+bio_ok.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bio_ok.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+bio_ok.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+bio_ok.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+bio_ok.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+bio_ok.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+bio_ok.o: ../cryptlib.h bio_ok.c
+c_all.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+c_all.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+c_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+c_all.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+c_all.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+c_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+c_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+c_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+c_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+c_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+c_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+c_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+c_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+c_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+c_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+c_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+c_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+c_all.o: ../../include/openssl/ui_compat.h ../cryptlib.h c_all.c
+c_allc.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+c_allc.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+c_allc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+c_allc.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+c_allc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+c_allc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+c_allc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+c_allc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+c_allc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+c_allc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+c_allc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_allc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_allc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+c_allc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+c_allc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+c_allc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+c_allc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+c_allc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+c_allc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+c_allc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+c_allc.o: ../cryptlib.h c_allc.c
+c_alld.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+c_alld.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+c_alld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+c_alld.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+c_alld.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+c_alld.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+c_alld.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+c_alld.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+c_alld.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+c_alld.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+c_alld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+c_alld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_alld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+c_alld.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+c_alld.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+c_alld.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+c_alld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+c_alld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+c_alld.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+c_alld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+c_alld.o: ../cryptlib.h c_alld.c
+digest.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+digest.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+digest.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+digest.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+digest.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+digest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+digest.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+digest.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+digest.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+digest.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+digest.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+digest.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+digest.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+digest.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+digest.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+digest.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+digest.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+digest.o: ../cryptlib.h digest.c
+e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_aes.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_aes.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+e_aes.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_aes.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+e_aes.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+e_aes.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_aes.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_aes.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+e_aes.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_aes.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_aes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+e_aes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+e_aes.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+e_aes.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+e_aes.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_aes.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h e_aes.c
+e_aes.o: evp_locl.h
+e_bf.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_bf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_bf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_bf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_bf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_bf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_bf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_bf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_bf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_bf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_bf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_bf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_bf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_bf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_bf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_bf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_bf.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_bf.c evp_locl.h
+e_cast.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_cast.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_cast.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_cast.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_cast.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_cast.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_cast.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_cast.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_cast.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_cast.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_cast.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_cast.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_cast.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_cast.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_cast.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_cast.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_cast.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_cast.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_cast.c evp_locl.h
+e_des.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_des.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_des.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_des.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_des.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_des.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_des.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_des.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_des.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_des.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_des.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_des.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_des.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_des.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_des.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_des.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_des.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_des.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des.c evp_locl.h
+e_des3.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_des3.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_des3.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_des3.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_des3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_des3.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_des3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_des3.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_des3.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_des3.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_des3.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_des3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_des3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_des3.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_des3.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_des3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_des3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_des3.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_des3.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_des3.c evp_locl.h
+e_idea.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_idea.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_idea.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_idea.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_idea.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_idea.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_idea.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_idea.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_idea.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_idea.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_idea.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_idea.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_idea.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_idea.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_idea.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_idea.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_idea.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_idea.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_idea.c evp_locl.h
+e_null.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_null.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_null.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_null.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_null.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_null.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_null.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_null.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_null.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_null.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_null.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_null.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_null.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_null.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_null.c
+e_rc2.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_rc2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_rc2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_rc2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_rc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_rc2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_rc2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_rc2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_rc2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_rc2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_rc2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_rc2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_rc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_rc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_rc2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_rc2.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc2.c evp_locl.h
+e_rc4.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_rc4.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_rc4.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_rc4.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_rc4.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_rc4.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_rc4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc4.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_rc4.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_rc4.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_rc4.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_rc4.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc4.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc4.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_rc4.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_rc4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_rc4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_rc4.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_rc4.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc4.c
+e_rc5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_rc5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+e_rc5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+e_rc5.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+e_rc5.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+e_rc5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+e_rc5.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+e_rc5.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+e_rc5.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+e_rc5.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+e_rc5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_rc5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_rc5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_rc5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_rc5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_rc5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_rc5.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_rc5.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_rc5.c evp_locl.h
+e_xcbc_d.o: ../../e_os.h ../../include/openssl/aes.h
+e_xcbc_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_xcbc_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+e_xcbc_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+e_xcbc_d.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+e_xcbc_d.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+e_xcbc_d.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+e_xcbc_d.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+e_xcbc_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+e_xcbc_d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+e_xcbc_d.o: ../../include/openssl/opensslconf.h
+e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_xcbc_d.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+e_xcbc_d.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+e_xcbc_d.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+e_xcbc_d.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+e_xcbc_d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+e_xcbc_d.o: ../../include/openssl/ui_compat.h ../cryptlib.h e_xcbc_d.c
+encode.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+encode.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+encode.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+encode.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+encode.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+encode.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+encode.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+encode.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+encode.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+encode.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+encode.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+encode.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+encode.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+encode.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+encode.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+encode.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+encode.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+encode.o: ../../include/openssl/ui_compat.h ../cryptlib.h encode.c
+evp_acnf.o: ../../e_os.h ../../include/openssl/aes.h
+evp_acnf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_acnf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_acnf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+evp_acnf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+evp_acnf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+evp_acnf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+evp_acnf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+evp_acnf.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+evp_acnf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+evp_acnf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+evp_acnf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+evp_acnf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+evp_acnf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_acnf.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+evp_acnf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_acnf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_acnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_acnf.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+evp_acnf.o: ../cryptlib.h evp_acnf.c
+evp_enc.o: ../../e_os.h ../../include/openssl/aes.h
+evp_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_enc.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_enc.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_enc.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_enc.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_enc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_enc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+evp_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+evp_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_enc.o: ../../include/openssl/ui_compat.h ../cryptlib.h evp_enc.c evp_locl.h
+evp_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+evp_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+evp_err.o: ../../include/openssl/bn.h ../../include/openssl/cast.h
+evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_err.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+evp_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+evp_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+evp_err.o: evp_err.c
+evp_key.o: ../../e_os.h ../../include/openssl/aes.h
+evp_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_key.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_key.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+evp_key.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+evp_key.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+evp_key.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+evp_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+evp_key.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_key.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+evp_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+evp_key.o: ../cryptlib.h evp_key.c
+evp_lib.o: ../../e_os.h ../../include/openssl/aes.h
+evp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+evp_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+evp_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+evp_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+evp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+evp_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+evp_lib.o: ../cryptlib.h evp_lib.c
+evp_pbe.o: ../../e_os.h ../../include/openssl/aes.h
+evp_pbe.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_pbe.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_pbe.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_pbe.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_pbe.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_pbe.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+evp_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+evp_pbe.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+evp_pbe.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+evp_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+evp_pbe.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+evp_pbe.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+evp_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_pbe.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+evp_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+evp_pbe.o: ../cryptlib.h evp_pbe.c
+evp_pkey.o: ../../e_os.h ../../include/openssl/aes.h
+evp_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+evp_pkey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+evp_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+evp_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+evp_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+evp_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+evp_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+evp_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+evp_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+evp_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+evp_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+evp_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+evp_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+evp_pkey.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+evp_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pkey.c
+m_dss.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_dss.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_dss.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_dss.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_dss.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_dss.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_dss.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_dss.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_dss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_dss.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+m_dss.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+m_dss.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_dss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_dss.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_dss.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_dss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_dss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_dss.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+m_dss.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+m_dss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_dss.c
+m_dss1.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_dss1.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_dss1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_dss1.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_dss1.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_dss1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_dss1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_dss1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_dss1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_dss1.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+m_dss1.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+m_dss1.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_dss1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_dss1.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_dss1.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_dss1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_dss1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_dss1.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+m_dss1.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+m_dss1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_dss1.c
+m_ecdsa.o: ../../e_os.h ../../include/openssl/aes.h
+m_ecdsa.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_ecdsa.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_ecdsa.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_ecdsa.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+m_ecdsa.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+m_ecdsa.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+m_ecdsa.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+m_ecdsa.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_ecdsa.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_ecdsa.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_ecdsa.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_ecdsa.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_ecdsa.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_ecdsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_ecdsa.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_ecdsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_ecdsa.o: ../cryptlib.h m_ecdsa.c
+m_md2.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_md2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_md2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_md2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_md2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_md2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_md2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_md2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_md2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+m_md2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+m_md2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_md2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_md2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_md2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_md2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_md2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_md2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_md2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_md2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+m_md2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+m_md2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md2.c
+m_md4.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_md4.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_md4.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_md4.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_md4.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_md4.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_md4.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_md4.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_md4.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+m_md4.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+m_md4.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_md4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_md4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_md4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_md4.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_md4.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_md4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_md4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_md4.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+m_md4.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+m_md4.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md4.c
+m_md5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_md5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_md5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_md5.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_md5.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_md5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_md5.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_md5.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+m_md5.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+m_md5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_md5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_md5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_md5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_md5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+m_md5.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md5.c
+m_mdc2.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_mdc2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_mdc2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_mdc2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_mdc2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_mdc2.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_mdc2.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_mdc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_mdc2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+m_mdc2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+m_mdc2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_mdc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_mdc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_mdc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_mdc2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_mdc2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_mdc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_mdc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_mdc2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+m_mdc2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+m_mdc2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_mdc2.c
+m_null.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_null.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_null.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_null.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_null.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_null.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_null.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+m_null.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+m_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_null.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_null.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_null.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+m_null.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+m_null.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_null.c
+m_ripemd.o: ../../e_os.h ../../include/openssl/aes.h
+m_ripemd.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+m_ripemd.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+m_ripemd.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+m_ripemd.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+m_ripemd.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+m_ripemd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+m_ripemd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+m_ripemd.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+m_ripemd.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+m_ripemd.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+m_ripemd.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+m_ripemd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+m_ripemd.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+m_ripemd.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+m_ripemd.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+m_ripemd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+m_ripemd.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+m_ripemd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+m_ripemd.o: ../cryptlib.h m_ripemd.c
+m_sha.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_sha.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_sha.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_sha.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_sha.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_sha.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_sha.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_sha.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+m_sha.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+m_sha.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_sha.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_sha.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_sha.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_sha.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_sha.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_sha.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_sha.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_sha.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+m_sha.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+m_sha.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_sha.c
+m_sha1.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+m_sha1.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+m_sha1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+m_sha1.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+m_sha1.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+m_sha1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+m_sha1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_sha1.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+m_sha1.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+m_sha1.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_sha1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_sha1.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+m_sha1.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+m_sha1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+m_sha1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+m_sha1.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+m_sha1.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+m_sha1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_sha1.c
+names.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+names.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+names.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+names.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+names.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+names.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+names.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+names.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+names.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+names.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+names.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+names.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+names.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+names.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+names.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+names.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+names.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+names.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+names.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+names.o: ../../include/openssl/x509_vfy.h ../cryptlib.h names.c
+p5_crpt.o: ../../e_os.h ../../include/openssl/aes.h
+p5_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p5_crpt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p5_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p5_crpt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p5_crpt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p5_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p5_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p5_crpt.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p5_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p5_crpt.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p5_crpt.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p5_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p5_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p5_crpt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p5_crpt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p5_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_crpt.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_crpt.o: ../cryptlib.h p5_crpt.c
+p5_crpt2.o: ../../e_os.h ../../include/openssl/aes.h
+p5_crpt2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p5_crpt2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p5_crpt2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p5_crpt2.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p5_crpt2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p5_crpt2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p5_crpt2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p5_crpt2.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
+p5_crpt2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p5_crpt2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p5_crpt2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p5_crpt2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p5_crpt2.o: ../../include/openssl/opensslconf.h
+p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p5_crpt2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p5_crpt2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p5_crpt2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p5_crpt2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p5_crpt2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p5_crpt2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p5_crpt2.o: ../cryptlib.h p5_crpt2.c
+p_dec.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_dec.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_dec.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_dec.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_dec.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p_dec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_dec.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_dec.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p_dec.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p_dec.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_dec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_dec.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_dec.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_dec.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+p_dec.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_dec.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_dec.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_dec.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_dec.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p_dec.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_dec.o: ../cryptlib.h p_dec.c
+p_enc.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_enc.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_enc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_enc.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_enc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p_enc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_enc.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+p_enc.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_enc.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_enc.o: ../cryptlib.h p_enc.c
+p_lib.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_lib.o: ../../include/openssl/asn1_mac.h ../../include/openssl/bio.h
+p_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_lib.o: ../cryptlib.h p_lib.c
+p_open.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_open.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_open.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_open.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_open.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p_open.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_open.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_open.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p_open.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p_open.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_open.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_open.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_open.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_open.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_open.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_open.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_open.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_open.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p_open.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p_open.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_open.c
+p_seal.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_seal.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_seal.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_seal.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_seal.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p_seal.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_seal.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_seal.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p_seal.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p_seal.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_seal.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_seal.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_seal.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+p_seal.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_seal.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_seal.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_seal.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_seal.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p_seal.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_seal.o: ../cryptlib.h p_seal.c
+p_sign.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p_sign.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p_sign.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p_sign.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+p_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p_sign.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_sign.c
+p_verify.o: ../../e_os.h ../../include/openssl/aes.h
+p_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p_verify.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p_verify.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p_verify.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p_verify.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p_verify.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p_verify.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p_verify.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p_verify.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p_verify.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p_verify.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p_verify.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p_verify.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p_verify.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p_verify.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p_verify.o: ../cryptlib.h p_verify.c
diff --git a/crypto/evp/abc.c b/crypto/evp/abc.c
deleted file mode 100644
index d6cc1e1f6c..0000000000
--- a/crypto/evp/abc.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/* lib/evp/evp_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include "err.h"
-#include "evp.h"
-
-/* BEGIN ERROR CODES */
-#ifndef NO_ERR
-static ERR_STRING_DATA EVP_str_functs[]=
-	{
-{ERR_PACK(0,EVP_F_D2I_PKEY,0),	"D2I_PKEY"},
-{ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0),	"EVP_DecryptFinal"},
-{ERR_PACK(0,EVP_F_EVP_OPENINIT,0),	"EVP_OpenInit"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0),	"EVP_PKEY_copy_parameters"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0),	"EVP_PKEY_decrypt"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0),	"EVP_PKEY_encrypt"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0),	"EVP_PKEY_new"},
-{ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0),	"EVP_SignFinal"},
-{ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0),	"EVP_VerifyFinal"},
-{0,NULL},
-	};
-
-static ERR_STRING_DATA EVP_str_reasons[]=
-	{
-{EVP_R_BAD_DECRYPT                       ,"bad decrypt"},
-{EVP_R_DIFFERENT_KEY_TYPES               ,"different key types"},
-{EVP_R_IV_TOO_LARGE                      ,"iv too large"},
-{EVP_R_MISSING_PARMATERS                 ,"missing parmaters"},
-{EVP_R_NO_SIGN_FUNCTION_CONFIGURED       ,"no sign function configured"},
-{EVP_R_NO_VERIFY_FUNCTION_CONFIGURED     ,"no verify function configured"},
-{EVP_R_PUBLIC_KEY_NOT_RSA                ,"public key not rsa"},
-{EVP_R_UNSUPPORTED_CIPHER                ,"unsupported cipher"},
-{EVP_R_WRONG_FINAL_BLOCK_LENGTH          ,"wrong final block length"},
-{EVP_R_WRONG_PUBLIC_KEY_TYPE             ,"wrong public key type"},
-{0,NULL},
-	};
-
-#endif
-
-static int EVP_lib_error_code=0;
-
-void ERR_load_EVP_strings()
-	{
-	static int init=1;
-
-	if (EVP_lib_error_code == 0)
-		EVP_lib_error_code=ERR_get_next_error_library();
-
-	if (init);
-		{;
-		init=0;
-#ifndef NO_ERR
-		ERR_load_strings(EVP_lib_error_code,EVP_str_functs);
-		ERR_load_strings(EVP_lib_error_code,EVP_str_reasons);
-#endif
-
-		}
-	}
-
-void ERR_EVP_error(function,reason,file,line)
-int function;
-int reason;
-char *file;
-int line;
-	{
-	if (EVP_lib_error_code == 0)
-		EVP_lib_error_code=ERR_get_next_error_library();
-	ERR_PUT_error(EVP_lib_error_code,function,reason,file,line);
-	}
diff --git a/crypto/evp/abcs.c b/crypto/evp/abcs.c
deleted file mode 100644
index 2b0a0ab93f..0000000000
--- a/crypto/evp/abcs.c
+++ /dev/null
@@ -1,108 +0,0 @@
-/* lib/evp/evp_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include "err.h"
-#include "evp.h"
-
-/* BEGIN ERROR CODES */
-#ifndef NO_ERR
-static ERR_STRING_DATA EVP_str_functs[]=
-	{
-{ERR_PACK(0,EVP_F_D2I_PKEY,0),	"D2I_PKEY"},
-{ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0),	"EVP_DecryptFinal"},
-{ERR_PACK(0,EVP_F_EVP_OPENINIT,0),	"EVP_OpenInit"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0),	"EVP_PKEY_copy_parameters"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0),	"EVP_PKEY_decrypt"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0),	"EVP_PKEY_encrypt"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0),	"EVP_PKEY_new"},
-{ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0),	"EVP_SignFinal"},
-{ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0),	"EVP_VerifyFinal"},
-{0,NULL},
-	};
-
-static ERR_STRING_DATA EVP_str_reasons[]=
-	{
-{EVP_R_BAD_DECRYPT                       ,"bad decrypt"},
-{EVP_R_DIFFERENT_KEY_TYPES               ,"different key types"},
-{EVP_R_IV_TOO_LARGE                      ,"iv too large"},
-{EVP_R_MISSING_PARMATERS                 ,"missing parmaters"},
-{EVP_R_NO_SIGN_FUNCTION_CONFIGURED       ,"no sign function configured"},
-{EVP_R_NO_VERIFY_FUNCTION_CONFIGURED     ,"no verify function configured"},
-{EVP_R_PUBLIC_KEY_NOT_RSA                ,"public key not rsa"},
-{EVP_R_UNSUPPORTED_CIPHER                ,"unsupported cipher"},
-{EVP_R_WRONG_FINAL_BLOCK_LENGTH          ,"wrong final block length"},
-{EVP_R_WRONG_PUBLIC_KEY_TYPE             ,"wrong public key type"},
-{0,NULL},
-	};
-
-#endif
-
-void ERR_load_EVP_strings()
-	{
-	static int init=1;
-
-	if (init);
-		{;
-		init=0;
-#ifndef NO_ERR
-		ERR_load_strings(ERR_LIB_EVP,EVP_str_functs);
-		ERR_load_strings(ERR_LIB_EVP,EVP_str_reasons);
-#endif
-
-		}
-	}
diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c
index 73172b9a07..6e550f6a43 100644
--- a/crypto/evp/bio_b64.c
+++ b/crypto/evp/bio_b64.c
@@ -59,27 +59,17 @@
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "evp.h"
-
-#ifndef NOPROTO
-static int b64_write(BIO *h,char *buf,int num);
-static int b64_read(BIO *h,char *buf,int size);
-/*static int b64_puts(BIO *h,char *str); */
-/*static int b64_gets(BIO *h,char *str,int size); */
-static long b64_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+
+static int b64_write(BIO *h, const char *buf, int num);
+static int b64_read(BIO *h, char *buf, int size);
+/*static int b64_puts(BIO *h, const char *str); */
+/*static int b64_gets(BIO *h, char *str, int size); */
+static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int b64_new(BIO *h);
 static int b64_free(BIO *data);
-#else
-static int b64_write();
-static int b64_read();
-/*static int b64_puts(); */
-/*static int b64_gets(); */
-static long b64_ctrl();
-static int b64_new();
-static int b64_free();
-#endif
-
+static long b64_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);
 #define B64_BLOCK_SIZE	1024
 #define B64_BLOCK_SIZE2	768
 #define B64_NONE	0
@@ -111,19 +101,19 @@ static BIO_METHOD methods_b64=
 	b64_ctrl,
 	b64_new,
 	b64_free,
+	b64_callback_ctrl,
 	};
 
-BIO_METHOD *BIO_f_base64()
+BIO_METHOD *BIO_f_base64(void)
 	{
 	return(&methods_b64);
 	}
 
-static int b64_new(bi)
-BIO *bi;
+static int b64_new(BIO *bi)
 	{
 	BIO_B64_CTX *ctx;
 
-	ctx=(BIO_B64_CTX *)Malloc(sizeof(BIO_B64_CTX));
+	ctx=(BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX));
 	if (ctx == NULL) return(0);
 
 	ctx->buf_len=0;
@@ -140,21 +130,17 @@ BIO *bi;
 	return(1);
 	}
 
-static int b64_free(a)
-BIO *a;
+static int b64_free(BIO *a)
 	{
 	if (a == NULL) return(0);
-	Free(a->ptr);
+	OPENSSL_free(a->ptr);
 	a->ptr=NULL;
 	a->init=0;
 	a->flags=0;
 	return(1);
 	}
 	
-static int b64_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int b64_read(BIO *b, char *out, int outl)
 	{
 	int ret=0,i,ii,j,k,x,n,num,ret_code=0;
 	BIO_B64_CTX *ctx;
@@ -179,6 +165,7 @@ int outl;
 		{
 		i=ctx->buf_len-ctx->buf_off;
 		if (i > outl) i=outl;
+		OPENSSL_assert(ctx->buf_off+i < sizeof ctx->buf);
 		memcpy(out,&(ctx->buf[ctx->buf_off]),i);
 		ret=i;
 		out+=i;
@@ -253,8 +240,8 @@ int outl;
 							&(ctx->tmp[0]));
 						for (x=0; x < i; x++)
 							ctx->tmp[x]=p[x];
-						EVP_DecodeInit(&ctx->base64);
 						}
+					EVP_DecodeInit(&ctx->base64);
 					ctx->start=0;
 					break;
 					}
@@ -354,10 +341,7 @@ int outl;
 	return((ret == 0)?ret_code:ret);
 	}
 
-static int b64_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int b64_write(BIO *b, const char *in, int inl)
 	{
 	int ret=inl,n,i;
 	BIO_B64_CTX *ctx;
@@ -387,10 +371,11 @@ int inl;
 		n-=i;
 		}
 	/* at this point all pending data has been written */
+	ctx->buf_off=0;
+	ctx->buf_len=0;
 
 	if ((in == NULL) || (inl <= 0)) return(0);
 
-	ctx->buf_off=0;
 	while (inl > 0)
 		{
 		n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl;
@@ -400,14 +385,20 @@ int inl;
 			if (ctx->tmp_len > 0)
 				{
 				n=3-ctx->tmp_len;
+				/* There's a teoretical possibility for this */
+				if (n > inl) 
+					n=inl;
 				memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
 				ctx->tmp_len+=n;
-				n=ctx->tmp_len;
-				if (n < 3)
+				if (ctx->tmp_len < 3)
 					break;
 				ctx->buf_len=EVP_EncodeBlock(
 					(unsigned char *)ctx->buf,
-					(unsigned char *)ctx->tmp,n);
+					(unsigned char *)ctx->tmp,
+					ctx->tmp_len);
+				/* Since we're now done using the temporary
+				   buffer, the length should be 0'd */
+				ctx->tmp_len=0;
 				}
 			else
 				{
@@ -451,11 +442,7 @@ int inl;
 	return(ret);
 	}
 
-static long b64_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
 	{
 	BIO_B64_CTX *ctx;
 	long ret=1;
@@ -479,7 +466,8 @@ char *ptr;
 		break;
 	case BIO_CTRL_WPENDING: /* More to write in buffer */
 		ret=ctx->buf_len-ctx->buf_off;
-		if ((ret == 0) && (ctx->base64.num != 0))
+		if ((ret == 0) && (ctx->encode != B64_NONE)
+			&& (ctx->base64.num != 0))
 			ret=1;
 		else if (ret <= 0)
 			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
@@ -514,7 +502,7 @@ again:
 				goto again;
 				}
 			}
-		else if (ctx->base64.num != 0)
+		else if (ctx->encode != B64_NONE && ctx->base64.num != 0)
 			{
 			ctx->buf_off=0;
 			EVP_EncodeFinal(&(ctx->base64),
@@ -545,3 +533,17 @@ again:
 	return(ret);
 	}
 
+static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+	{
+	long ret=1;
+
+	if (b->next_bio == NULL) return(0);
+	switch (cmd)
+		{
+	default:
+		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+		break;
+		}
+	return(ret);
+	}
+
diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c
index ad09b94b1a..510e1bc8a4 100644
--- a/crypto/evp/bio_enc.c
+++ b/crypto/evp/bio_enc.c
@@ -59,28 +59,19 @@
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "evp.h"
-
-#ifndef NOPROTO
-static int enc_write(BIO *h,char *buf,int num);
-static int enc_read(BIO *h,char *buf,int size);
-/*static int enc_puts(BIO *h,char *str); */
-/*static int enc_gets(BIO *h,char *str,int size); */
-static long enc_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+
+static int enc_write(BIO *h, const char *buf, int num);
+static int enc_read(BIO *h, char *buf, int size);
+/*static int enc_puts(BIO *h, const char *str); */
+/*static int enc_gets(BIO *h, char *str, int size); */
+static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int enc_new(BIO *h);
 static int enc_free(BIO *data);
-#else
-static int enc_write();
-static int enc_read();
-/*static int enc_puts(); */
-/*static int enc_gets(); */
-static long enc_ctrl();
-static int enc_new();
-static int enc_free();
-#endif
-
+static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps);
 #define ENC_BLOCK_SIZE	(1024*4)
+#define BUF_OFFSET	EVP_MAX_BLOCK_LENGTH
 
 typedef struct enc_struct
 	{
@@ -90,7 +81,10 @@ typedef struct enc_struct
 	int finished;
 	int ok;			/* bad decrypt */
 	EVP_CIPHER_CTX cipher;
-	char buf[ENC_BLOCK_SIZE+10];
+	/* buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate
+	 * can return up to a block more data than is presented to it
+	 */
+	char buf[ENC_BLOCK_SIZE+BUF_OFFSET+2];
 	} BIO_ENC_CTX;
 
 static BIO_METHOD methods_enc=
@@ -103,21 +97,21 @@ static BIO_METHOD methods_enc=
 	enc_ctrl,
 	enc_new,
 	enc_free,
+	enc_callback_ctrl,
 	};
 
-BIO_METHOD *BIO_f_cipher()
+BIO_METHOD *BIO_f_cipher(void)
 	{
 	return(&methods_enc);
 	}
 
-static int enc_new(bi)
-BIO *bi;
+static int enc_new(BIO *bi)
 	{
 	BIO_ENC_CTX *ctx;
 
-	ctx=(BIO_ENC_CTX *)Malloc(sizeof(BIO_ENC_CTX));
-	EVP_CIPHER_CTX_init(&ctx->cipher);
+	ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX));
 	if (ctx == NULL) return(0);
+	EVP_CIPHER_CTX_init(&ctx->cipher);
 
 	ctx->buf_len=0;
 	ctx->buf_off=0;
@@ -131,26 +125,22 @@ BIO *bi;
 	return(1);
 	}
 
-static int enc_free(a)
-BIO *a;
+static int enc_free(BIO *a)
 	{
 	BIO_ENC_CTX *b;
 
 	if (a == NULL) return(0);
 	b=(BIO_ENC_CTX *)a->ptr;
 	EVP_CIPHER_CTX_cleanup(&(b->cipher));
-	memset(a->ptr,0,sizeof(BIO_ENC_CTX));
-	Free(a->ptr);
+	OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));
+	OPENSSL_free(a->ptr);
 	a->ptr=NULL;
 	a->init=0;
 	a->flags=0;
 	return(1);
 	}
 	
-static int enc_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int enc_read(BIO *b, char *out, int outl)
 	{
 	int ret=0,i;
 	BIO_ENC_CTX *ctx;
@@ -184,9 +174,9 @@ int outl;
 		{
 		if (ctx->cont <= 0) break;
 
-		/* read in at offset 8, read the EVP_Cipher
+		/* read in at IV offset, read the EVP_Cipher
 		 * documentation about why */
-		i=BIO_read(b->next_bio,&(ctx->buf[8]),ENC_BLOCK_SIZE);
+		i=BIO_read(b->next_bio,&(ctx->buf[BUF_OFFSET]),ENC_BLOCK_SIZE);
 
 		if (i <= 0)
 			{
@@ -194,29 +184,37 @@ int outl;
 			if (!BIO_should_retry(b->next_bio))
 				{
 				ctx->cont=i;
-				i=EVP_CipherFinal(&(ctx->cipher),
+				i=EVP_CipherFinal_ex(&(ctx->cipher),
 					(unsigned char *)ctx->buf,
 					&(ctx->buf_len));
 				ctx->ok=i;
 				ctx->buf_off=0;
 				}
-			else
+			else 
+				{
 				ret=(ret == 0)?i:ret;
-			break;
+				break;
+				}
 			}
 		else
 			{
 			EVP_CipherUpdate(&(ctx->cipher),
 				(unsigned char *)ctx->buf,&ctx->buf_len,
-				(unsigned char *)&(ctx->buf[8]),i);
+				(unsigned char *)&(ctx->buf[BUF_OFFSET]),i);
 			ctx->cont=1;
+			/* Note: it is possible for EVP_CipherUpdate to
+			 * decrypt zero bytes because this is or looks like
+			 * the final block: if this happens we should retry
+			 * and either read more data or decrypt the final
+			 * block
+			 */
+			if(ctx->buf_len == 0) continue;
 			}
 
 		if (ctx->buf_len <= outl)
 			i=ctx->buf_len;
 		else
 			i=outl;
-
 		if (i <= 0) break;
 		memcpy(out,ctx->buf,i);
 		ret+=i;
@@ -230,10 +228,7 @@ int outl;
 	return((ret == 0)?ctx->cont:ret);
 	}
 
-static int enc_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int enc_write(BIO *b, const char *in, int inl)
 	{
 	int ret=0,n,i;
 	BIO_ENC_CTX *ctx;
@@ -288,11 +283,7 @@ int inl;
 	return(ret);
 	}
 
-static long enc_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
 	{
 	BIO *dbio;
 	BIO_ENC_CTX *ctx,*dctx;
@@ -307,7 +298,7 @@ char *ptr;
 	case BIO_CTRL_RESET:
 		ctx->ok=1;
 		ctx->finished=0;
-		EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL,
+		EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
 			ctx->cipher.encrypt);
 		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
 		break;
@@ -344,7 +335,7 @@ again:
 			{
 			ctx->finished=1;
 			ctx->buf_off=0;
-			ret=EVP_CipherFinal(&(ctx->cipher),
+			ret=EVP_CipherFinal_ex(&(ctx->cipher),
 				(unsigned char *)ctx->buf,
 				&(ctx->buf_len));
 			ctx->ok=(int)ret;
@@ -383,6 +374,20 @@ again:
 	return(ret);
 	}
 
+static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+	{
+	long ret=1;
+
+	if (b->next_bio == NULL) return(0);
+	switch (cmd)
+		{
+	default:
+		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+		break;
+		}
+	return(ret);
+	}
+
 /*
 void BIO_set_cipher_ctx(b,c)
 BIO *b;
@@ -403,26 +408,22 @@ EVP_CIPHER_ctx *c;
 	}
 */
 
-void BIO_set_cipher(b,c,k,i,e)
-BIO *b;
-EVP_CIPHER *c;
-unsigned char *k;
-unsigned char *i;
-int e;
+void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, unsigned char *k,
+	     unsigned char *i, int e)
 	{
 	BIO_ENC_CTX *ctx;
 
 	if (b == NULL) return;
 
 	if ((b->callback != NULL) &&
-		(b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
+		(b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,0L) <= 0))
 		return;
 
 	b->init=1;
 	ctx=(BIO_ENC_CTX *)b->ptr;
-	EVP_CipherInit(&(ctx->cipher),c,k,i,e);
+	EVP_CipherInit_ex(&(ctx->cipher),c,NULL, k,i,e);
 	
 	if (b->callback != NULL)
-		b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
+		b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L);
 	}
 
diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c
index fa5fdc055b..c632dfb202 100644
--- a/crypto/evp/bio_md.c
+++ b/crypto/evp/bio_md.c
@@ -59,29 +59,20 @@
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "evp.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
 
 /* BIO_put and BIO_get both add to the digest,
  * BIO_gets returns the digest */
 
-#ifndef NOPROTO
-static int md_write(BIO *h,char *buf,int num);
-static int md_read(BIO *h,char *buf,int size);
-/*static int md_puts(BIO *h,char *str); */
-static int md_gets(BIO *h,char *str,int size);
-static long md_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+static int md_write(BIO *h, char const *buf, int num);
+static int md_read(BIO *h, char *buf, int size);
+/*static int md_puts(BIO *h, const char *str); */
+static int md_gets(BIO *h, char *str, int size);
+static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int md_new(BIO *h);
 static int md_free(BIO *data);
-#else
-static int md_write();
-static int md_read();
-/*static int md_puts(); */
-static int md_gets();
-static long md_ctrl();
-static int md_new();
-static int md_free();
-#endif
+static long md_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);
 
 static BIO_METHOD methods_md=
 	{
@@ -93,19 +84,19 @@ static BIO_METHOD methods_md=
 	md_ctrl,
 	md_new,
 	md_free,
+	md_callback_ctrl,
 	};
 
-BIO_METHOD *BIO_f_md()
+BIO_METHOD *BIO_f_md(void)
 	{
 	return(&methods_md);
 	}
 
-static int md_new(bi)
-BIO *bi;
+static int md_new(BIO *bi)
 	{
 	EVP_MD_CTX *ctx;
 
-	ctx=(EVP_MD_CTX *)Malloc(sizeof(EVP_MD_CTX));
+	ctx=EVP_MD_CTX_create();
 	if (ctx == NULL) return(0);
 
 	bi->init=0;
@@ -114,27 +105,23 @@ BIO *bi;
 	return(1);
 	}
 
-static int md_free(a)
-BIO *a;
+static int md_free(BIO *a)
 	{
 	if (a == NULL) return(0);
-	Free(a->ptr);
+	EVP_MD_CTX_destroy(a->ptr);
 	a->ptr=NULL;
 	a->init=0;
 	a->flags=0;
 	return(1);
 	}
 	
-static int md_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int md_read(BIO *b, char *out, int outl)
 	{
 	int ret=0;
 	EVP_MD_CTX *ctx;
 
 	if (out == NULL) return(0);
-	ctx=(EVP_MD_CTX *)b->ptr;
+	ctx=b->ptr;
 
 	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
 
@@ -152,16 +139,13 @@ int outl;
 	return(ret);
 	}
 
-static int md_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int md_write(BIO *b, const char *in, int inl)
 	{
 	int ret=0;
 	EVP_MD_CTX *ctx;
 
 	if ((in == NULL) || (inl <= 0)) return(0);
-	ctx=(EVP_MD_CTX *)b->ptr;
+	ctx=b->ptr;
 
 	if ((ctx != NULL) && (b->next_bio != NULL))
 		ret=BIO_write(b->next_bio,in,inl);
@@ -178,25 +162,21 @@ int inl;
 	return(ret);
 	}
 
-static long md_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
 	{
 	EVP_MD_CTX *ctx,*dctx,**pctx;
-	EVP_MD **ppmd;
+	const EVP_MD **ppmd;
 	EVP_MD *md;
 	long ret=1;
 	BIO *dbio;
 
-	ctx=(EVP_MD_CTX *)b->ptr;
+	ctx=b->ptr;
 
 	switch (cmd)
 		{
 	case BIO_CTRL_RESET:
 		if (b->init)
-			EVP_DigestInit(ctx,ctx->digest);
+			EVP_DigestInit_ex(ctx,ctx->digest, NULL);
 		else
 			ret=0;
 		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
@@ -204,7 +184,7 @@ char *ptr;
 	case BIO_C_GET_MD:
 		if (b->init)
 			{
-			ppmd=(EVP_MD **)ptr;
+			ppmd=ptr;
 			*ppmd=ctx->digest;
 			}
 		else
@@ -213,7 +193,7 @@ char *ptr;
 	case BIO_C_GET_MD_CTX:
 		if (b->init)
 			{
-			pctx=(EVP_MD_CTX **)ptr;
+			pctx=ptr;
 			*pctx=ctx;
 			}
 		else
@@ -226,14 +206,14 @@ char *ptr;
 		break;
 
 	case BIO_C_SET_MD:
-		md=(EVP_MD *)ptr;
-		EVP_DigestInit(ctx,md);
+		md=ptr;
+		EVP_DigestInit_ex(ctx,md, NULL);
 		b->init=1;
 		break;
 	case BIO_CTRL_DUP:
-		dbio=(BIO *)ptr;
-		dctx=(EVP_MD_CTX *)dbio->ptr;
-		memcpy(dctx,ctx,sizeof(ctx));
+		dbio=ptr;
+		dctx=dbio->ptr;
+		EVP_MD_CTX_copy_ex(dctx,ctx);
 		b->init=1;
 		break;
 	default:
@@ -243,19 +223,30 @@ char *ptr;
 	return(ret);
 	}
 
-static int md_gets(bp,buf,size)
-BIO *bp;
-char *buf;
-int size;
+static long md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+	{
+	long ret=1;
+
+	if (b->next_bio == NULL) return(0);
+	switch (cmd)
+		{
+	default:
+		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+		break;
+		}
+	return(ret);
+	}
+
+static int md_gets(BIO *bp, char *buf, int size)
 	{
 	EVP_MD_CTX *ctx;
 	unsigned int ret;
 
 
-	ctx=(EVP_MD_CTX *)bp->ptr;
+	ctx=bp->ptr;
 	if (size < ctx->digest->md_size)
 		return(0);
-	EVP_DigestFinal(ctx,(unsigned char *)buf,&ret);
+	EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret);
 	return((int)ret);
 	}
 
diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c
new file mode 100644
index 0000000000..530ab937ce
--- /dev/null
+++ b/crypto/evp/bio_ok.c
@@ -0,0 +1,575 @@
+/* crypto/evp/bio_ok.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+/*
+	From: Arne Ansper <arne@cyber.ee>
+
+	Why BIO_f_reliable?
+
+	I wrote function which took BIO* as argument, read data from it
+	and processed it. Then I wanted to store the input file in 
+	encrypted form. OK I pushed BIO_f_cipher to the BIO stack
+	and everything was OK. BUT if user types wrong password 
+	BIO_f_cipher outputs only garbage and my function crashes. Yes
+	I can and I should fix my function, but BIO_f_cipher is 
+	easy way to add encryption support to many existing applications
+	and it's hard to debug and fix them all. 
+
+	So I wanted another BIO which would catch the incorrect passwords and
+	file damages which cause garbage on BIO_f_cipher's output. 
+
+	The easy way is to push the BIO_f_md and save the checksum at 
+	the end of the file. However there are several problems with this
+	approach:
+
+	1) you must somehow separate checksum from actual data. 
+	2) you need lot's of memory when reading the file, because you 
+	must read to the end of the file and verify the checksum before
+	letting the application to read the data. 
+	
+	BIO_f_reliable tries to solve both problems, so that you can 
+	read and write arbitrary long streams using only fixed amount
+	of memory.
+
+	BIO_f_reliable splits data stream into blocks. Each block is prefixed
+	with it's length and suffixed with it's digest. So you need only 
+	several Kbytes of memory to buffer single block before verifying 
+	it's digest. 
+
+	BIO_f_reliable goes further and adds several important capabilities:
+
+	1) the digest of the block is computed over the whole stream 
+	-- so nobody can rearrange the blocks or remove or replace them.
+
+	2) to detect invalid passwords right at the start BIO_f_reliable 
+	adds special prefix to the stream. In order to avoid known plain-text
+	attacks this prefix is generated as follows:
+
+		*) digest is initialized with random seed instead of 
+		standardized one.
+		*) same seed is written to ouput
+		*) well-known text is then hashed and the output 
+		of the digest is also written to output.
+
+	reader can now read the seed from stream, hash the same string
+	and then compare the digest output.
+
+	Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I 
+	initially wrote and tested this code on x86 machine and wrote the
+	digests out in machine-dependent order :( There are people using
+	this code and I cannot change this easily without making existing
+	data files unreadable.
+
+*/
+
+#include <stdio.h>
+#include <errno.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+
+static int ok_write(BIO *h, const char *buf, int num);
+static int ok_read(BIO *h, char *buf, int size);
+static long ok_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int ok_new(BIO *h);
+static int ok_free(BIO *data);
+static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+
+static void sig_out(BIO* b);
+static void sig_in(BIO* b);
+static void block_out(BIO* b);
+static void block_in(BIO* b);
+#define OK_BLOCK_SIZE	(1024*4)
+#define OK_BLOCK_BLOCK	4
+#define IOBS		(OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE)
+#define WELLKNOWN "The quick brown fox jumped over the lazy dog's back."
+
+#ifndef L_ENDIAN
+#define swapem(x) \
+	((unsigned long int)((((unsigned long int)(x) & 0x000000ffU) << 24) | \
+			     (((unsigned long int)(x) & 0x0000ff00U) <<  8) | \
+			     (((unsigned long int)(x) & 0x00ff0000U) >>  8) | \
+			     (((unsigned long int)(x) & 0xff000000U) >> 24)))
+#else
+#define swapem(x) (x)
+#endif
+
+typedef struct ok_struct
+	{
+	int buf_len;
+	int buf_off;
+	int buf_len_save;
+	int buf_off_save;
+	int cont;		/* <= 0 when finished */
+	int finished;
+	EVP_MD_CTX md;
+	int blockout;		/* output block is ready */ 
+	int sigio;		/* must process signature */
+	unsigned char buf[IOBS];
+	} BIO_OK_CTX;
+
+static BIO_METHOD methods_ok=
+	{
+	BIO_TYPE_CIPHER,"reliable",
+	ok_write,
+	ok_read,
+	NULL, /* ok_puts, */
+	NULL, /* ok_gets, */
+	ok_ctrl,
+	ok_new,
+	ok_free,
+	ok_callback_ctrl,
+	};
+
+BIO_METHOD *BIO_f_reliable(void)
+	{
+	return(&methods_ok);
+	}
+
+static int ok_new(BIO *bi)
+	{
+	BIO_OK_CTX *ctx;
+
+	ctx=(BIO_OK_CTX *)OPENSSL_malloc(sizeof(BIO_OK_CTX));
+	if (ctx == NULL) return(0);
+
+	ctx->buf_len=0;
+	ctx->buf_off=0;
+	ctx->buf_len_save=0;
+	ctx->buf_off_save=0;
+	ctx->cont=1;
+	ctx->finished=0;
+	ctx->blockout= 0;
+	ctx->sigio=1;
+
+	EVP_MD_CTX_init(&ctx->md);
+
+	bi->init=0;
+	bi->ptr=(char *)ctx;
+	bi->flags=0;
+	return(1);
+	}
+
+static int ok_free(BIO *a)
+	{
+	if (a == NULL) return(0);
+	EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md);
+	OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));
+	OPENSSL_free(a->ptr);
+	a->ptr=NULL;
+	a->init=0;
+	a->flags=0;
+	return(1);
+	}
+	
+static int ok_read(BIO *b, char *out, int outl)
+	{
+	int ret=0,i,n;
+	BIO_OK_CTX *ctx;
+
+	if (out == NULL) return(0);
+	ctx=(BIO_OK_CTX *)b->ptr;
+
+	if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0);
+
+	while(outl > 0)
+		{
+
+		/* copy clean bytes to output buffer */
+		if (ctx->blockout)
+			{
+			i=ctx->buf_len-ctx->buf_off;
+			if (i > outl) i=outl;
+			memcpy(out,&(ctx->buf[ctx->buf_off]),i);
+			ret+=i;
+			out+=i;
+			outl-=i;
+			ctx->buf_off+=i;
+
+			/* all clean bytes are out */
+			if (ctx->buf_len == ctx->buf_off)
+				{
+				ctx->buf_off=0;
+
+				/* copy start of the next block into proper place */
+				if(ctx->buf_len_save- ctx->buf_off_save > 0)
+					{
+					ctx->buf_len= ctx->buf_len_save- ctx->buf_off_save;
+					memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]),
+							ctx->buf_len);
+					}
+				else
+					{
+					ctx->buf_len=0;
+					}
+				ctx->blockout= 0;
+				}
+			}
+	
+		/* output buffer full -- cancel */
+		if (outl == 0) break;
+
+		/* no clean bytes in buffer -- fill it */
+		n=IOBS- ctx->buf_len;
+		i=BIO_read(b->next_bio,&(ctx->buf[ctx->buf_len]),n);
+
+		if (i <= 0) break;	/* nothing new */
+
+		ctx->buf_len+= i;
+
+		/* no signature yet -- check if we got one */
+		if (ctx->sigio == 1) sig_in(b);
+
+		/* signature ok -- check if we got block */
+		if (ctx->sigio == 0) block_in(b);
+
+		/* invalid block -- cancel */
+		if (ctx->cont <= 0) break;
+
+		}
+
+	BIO_clear_retry_flags(b);
+	BIO_copy_next_retry(b);
+	return(ret);
+	}
+
+static int ok_write(BIO *b, const char *in, int inl)
+	{
+	int ret=0,n,i;
+	BIO_OK_CTX *ctx;
+
+	ctx=(BIO_OK_CTX *)b->ptr;
+	ret=inl;
+
+	if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0);
+
+	if(ctx->sigio) sig_out(b);
+
+	do{
+		BIO_clear_retry_flags(b);
+		n=ctx->buf_len-ctx->buf_off;
+		while (ctx->blockout && n > 0)
+			{
+			i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
+			if (i <= 0)
+				{
+				BIO_copy_next_retry(b);
+				if(!BIO_should_retry(b))
+					ctx->cont= 0;
+				return(i);
+				}
+			ctx->buf_off+=i;
+			n-=i;
+			}
+
+		/* at this point all pending data has been written */
+		ctx->blockout= 0;
+		if (ctx->buf_len == ctx->buf_off)
+			{
+			ctx->buf_len=OK_BLOCK_BLOCK;
+			ctx->buf_off=0;
+			}
+	
+		if ((in == NULL) || (inl <= 0)) return(0);
+
+		n= (inl+ ctx->buf_len > OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) ? 
+				OK_BLOCK_SIZE+ OK_BLOCK_BLOCK- ctx->buf_len : inl;
+
+		memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),(unsigned char *)in,n);
+		ctx->buf_len+= n;
+		inl-=n;
+		in+=n;
+
+		if(ctx->buf_len >= OK_BLOCK_SIZE+ OK_BLOCK_BLOCK)
+			{
+			block_out(b);
+			}
+	}while(inl > 0);
+
+	BIO_clear_retry_flags(b);
+	BIO_copy_next_retry(b);
+	return(ret);
+	}
+
+static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
+	{
+	BIO_OK_CTX *ctx;
+	EVP_MD *md;
+	const EVP_MD **ppmd;
+	long ret=1;
+	int i;
+
+	ctx=b->ptr;
+
+	switch (cmd)
+		{
+	case BIO_CTRL_RESET:
+		ctx->buf_len=0;
+		ctx->buf_off=0;
+		ctx->buf_len_save=0;
+		ctx->buf_off_save=0;
+		ctx->cont=1;
+		ctx->finished=0;
+		ctx->blockout= 0;
+		ctx->sigio=1;
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_EOF:	/* More to read */
+		if (ctx->cont <= 0)
+			ret=1;
+		else
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_PENDING: /* More to read in buffer */
+	case BIO_CTRL_WPENDING: /* More to read in buffer */
+		ret=ctx->blockout ? ctx->buf_len-ctx->buf_off : 0;
+		if (ret <= 0)
+			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_CTRL_FLUSH:
+		/* do a final write */
+		if(ctx->blockout == 0)
+			block_out(b);
+
+		while (ctx->blockout)
+			{
+			i=ok_write(b,NULL,0);
+			if (i < 0)
+				{
+				ret=i;
+				break;
+				}
+			}
+
+		ctx->finished=1;
+		ctx->buf_off=ctx->buf_len=0;
+		ctx->cont=(int)ret;
+		
+		/* Finally flush the underlying BIO */
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+	case BIO_C_DO_STATE_MACHINE:
+		BIO_clear_retry_flags(b);
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		BIO_copy_next_retry(b);
+		break;
+	case BIO_CTRL_INFO:
+		ret=(long)ctx->cont;
+		break;
+	case BIO_C_SET_MD:
+		md=ptr;
+		EVP_DigestInit_ex(&ctx->md, md, NULL);
+		b->init=1;
+		break;
+	case BIO_C_GET_MD:
+		if (b->init)
+			{
+			ppmd=ptr;
+			*ppmd=ctx->md.digest;
+			}
+		else
+			ret=0;
+		break;
+	default:
+		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+		break;
+		}
+	return(ret);
+	}
+
+static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+	{
+	long ret=1;
+
+	if (b->next_bio == NULL) return(0);
+	switch (cmd)
+		{
+	default:
+		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+		break;
+		}
+	return(ret);
+	}
+
+static void longswap(void *_ptr, int len)
+{
+#ifndef L_ENDIAN
+	int i;
+	char *ptr=_ptr;
+
+	for(i= 0;i < len;i+= 4){
+		*((unsigned long *)&(ptr[i]))= swapem(*((unsigned long *)&(ptr[i])));
+	}
+#endif
+}
+
+static void sig_out(BIO* b)
+	{
+	BIO_OK_CTX *ctx;
+	EVP_MD_CTX *md;
+
+	ctx=b->ptr;
+	md=&ctx->md;
+
+	if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return;
+
+	EVP_DigestInit_ex(md, md->digest, NULL);
+	/* FIXME: there's absolutely no guarantee this makes any sense at all,
+	 * particularly now EVP_MD_CTX has been restructured.
+	 */
+	RAND_pseudo_bytes(md->md_data, md->digest->md_size);
+	memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
+	longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
+	ctx->buf_len+= md->digest->md_size;
+
+	EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
+	EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);
+	ctx->buf_len+= md->digest->md_size;
+	ctx->blockout= 1;
+	ctx->sigio= 0;
+	}
+
+static void sig_in(BIO* b)
+	{
+	BIO_OK_CTX *ctx;
+	EVP_MD_CTX *md;
+	unsigned char tmp[EVP_MAX_MD_SIZE];
+	int ret= 0;
+
+	ctx=b->ptr;
+	md=&ctx->md;
+
+	if(ctx->buf_len- ctx->buf_off < 2* md->digest->md_size) return;
+
+	EVP_DigestInit_ex(md, md->digest, NULL);
+	memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size);
+	longswap(md->md_data, md->digest->md_size);
+	ctx->buf_off+= md->digest->md_size;
+
+	EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
+	EVP_DigestFinal_ex(md, tmp, NULL);
+	ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
+	ctx->buf_off+= md->digest->md_size;
+	if(ret == 1)
+		{
+		ctx->sigio= 0;
+		if(ctx->buf_len != ctx->buf_off)
+			{
+			memmove(ctx->buf, &(ctx->buf[ctx->buf_off]), ctx->buf_len- ctx->buf_off);
+			}
+		ctx->buf_len-= ctx->buf_off;
+		ctx->buf_off= 0;
+		}
+	else
+		{
+		ctx->cont= 0;
+		}
+	}
+
+static void block_out(BIO* b)
+	{
+	BIO_OK_CTX *ctx;
+	EVP_MD_CTX *md;
+	unsigned long tl;
+
+	ctx=b->ptr;
+	md=&ctx->md;
+
+	tl= ctx->buf_len- OK_BLOCK_BLOCK;
+	tl= swapem(tl);
+	memcpy(ctx->buf, &tl, OK_BLOCK_BLOCK);
+	tl= swapem(tl);
+	EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
+	EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);
+	ctx->buf_len+= md->digest->md_size;
+	ctx->blockout= 1;
+	}
+
+static void block_in(BIO* b)
+	{
+	BIO_OK_CTX *ctx;
+	EVP_MD_CTX *md;
+	long tl= 0;
+	unsigned char tmp[EVP_MAX_MD_SIZE];
+
+	ctx=b->ptr;
+	md=&ctx->md;
+
+	memcpy(&tl, ctx->buf, OK_BLOCK_BLOCK);
+	tl= swapem(tl);
+	if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return;
+ 
+	EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
+	EVP_DigestFinal_ex(md, tmp, NULL);
+	if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0)
+		{
+		/* there might be parts from next block lurking around ! */
+		ctx->buf_off_save= tl+ OK_BLOCK_BLOCK+ md->digest->md_size;
+		ctx->buf_len_save= ctx->buf_len;
+		ctx->buf_off= OK_BLOCK_BLOCK;
+		ctx->buf_len= tl+ OK_BLOCK_BLOCK;
+		ctx->blockout= 1;
+		}
+	else
+		{
+		ctx->cont= 0;
+		}
+	}
+
diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c
index f2e0500dd3..1bd54d791e 100644
--- a/crypto/evp/c_all.c
+++ b/crypto/evp/c_all.c
@@ -58,133 +58,22 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
 
-void SSLeay_add_all_algorithms()
-	{
-	SSLeay_add_all_ciphers();
-	SSLeay_add_all_digests();
-	}
+#if 0
+#undef OpenSSL_add_all_algorithms
 
-void SSLeay_add_all_ciphers()
+void OpenSSL_add_all_algorithms(void)
 	{
-#ifndef NO_DES
-	EVP_add_cipher(EVP_des_cfb());
-	EVP_add_cipher(EVP_des_ede_cfb());
-	EVP_add_cipher(EVP_des_ede3_cfb());
-
-	EVP_add_cipher(EVP_des_ofb());
-	EVP_add_cipher(EVP_des_ede_ofb());
-	EVP_add_cipher(EVP_des_ede3_ofb());
-
-	EVP_add_cipher(EVP_desx_cbc());
-	EVP_add_cipher_alias(SN_desx_cbc,"DESX");
-	EVP_add_cipher_alias(SN_desx_cbc,"desx");
-
-	EVP_add_cipher(EVP_des_cbc());
-	EVP_add_cipher_alias(SN_des_cbc,"DES");
-	EVP_add_cipher_alias(SN_des_cbc,"des");
-	EVP_add_cipher(EVP_des_ede_cbc());
-	EVP_add_cipher(EVP_des_ede3_cbc());
-	EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
-	EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
-
-	EVP_add_cipher(EVP_des_ecb());
-	EVP_add_cipher(EVP_des_ede());
-	EVP_add_cipher(EVP_des_ede3());
-#endif
-
-#ifndef NO_RC4
-	EVP_add_cipher(EVP_rc4());
-	EVP_add_cipher(EVP_rc4_40());
-#endif
-
-#ifndef NO_IDEA
-	EVP_add_cipher(EVP_idea_ecb());
-	EVP_add_cipher(EVP_idea_cfb());
-	EVP_add_cipher(EVP_idea_ofb());
-	EVP_add_cipher(EVP_idea_cbc());
-	EVP_add_cipher_alias(SN_idea_cbc,"IDEA");
-	EVP_add_cipher_alias(SN_idea_cbc,"idea");
-#endif
-
-#ifndef NO_RC2
-	EVP_add_cipher(EVP_rc2_ecb());
-	EVP_add_cipher(EVP_rc2_cfb());
-	EVP_add_cipher(EVP_rc2_ofb());
-	EVP_add_cipher(EVP_rc2_cbc());
-	EVP_add_cipher(EVP_rc2_40_cbc());
-	EVP_add_cipher(EVP_rc2_64_cbc());
-	EVP_add_cipher_alias(SN_rc2_cbc,"RC2");
-	EVP_add_cipher_alias(SN_rc2_cbc,"rc2");
-#endif
-
-#ifndef NO_BLOWFISH
-	EVP_add_cipher(EVP_bf_ecb());
-	EVP_add_cipher(EVP_bf_cfb());
-	EVP_add_cipher(EVP_bf_ofb());
-	EVP_add_cipher(EVP_bf_cbc());
-	EVP_add_cipher_alias(SN_bf_cbc,"BF");
-	EVP_add_cipher_alias(SN_bf_cbc,"bf");
-	EVP_add_cipher_alias(SN_bf_cbc,"blowfish");
-#endif
-
-#ifndef NO_CAST
-	EVP_add_cipher(EVP_cast5_ecb());
-	EVP_add_cipher(EVP_cast5_cfb());
-	EVP_add_cipher(EVP_cast5_ofb());
-	EVP_add_cipher(EVP_cast5_cbc());
-	EVP_add_cipher_alias(SN_cast5_cbc,"CAST");
-	EVP_add_cipher_alias(SN_cast5_cbc,"cast");
-	EVP_add_cipher_alias(SN_cast5_cbc,"CAST-cbc");
-	EVP_add_cipher_alias(SN_cast5_cbc,"cast-cbc");
-#endif
-
-#ifndef NO_RC5
-	EVP_add_cipher(EVP_rc5_32_12_16_ecb());
-	EVP_add_cipher(EVP_rc5_32_12_16_cfb());
-	EVP_add_cipher(EVP_rc5_32_12_16_ofb());
-	EVP_add_cipher(EVP_rc5_32_12_16_cbc());
-	EVP_add_cipher_alias(SN_rc5_cbc,"rc5");
-	EVP_add_cipher_alias(SN_rc5_cbc,"RC5");
-#endif
+	OPENSSL_add_all_algorithms_noconf();
 	}
+#endif
 
-
-void SSLeay_add_all_digests()
+void OPENSSL_add_all_algorithms_noconf(void)
 	{
-#ifndef NO_MD2
-	EVP_add_digest(EVP_md2());
-#endif
-#ifndef NO_MD5
-	EVP_add_digest(EVP_md5());
-	EVP_add_digest_alias(SN_md5,"ssl2-md5");
-	EVP_add_digest_alias(SN_md5,"ssl3-md5");
-#endif
-#ifndef NO_SHA
-	EVP_add_digest(EVP_sha());
-#ifndef NO_DSA
-	EVP_add_digest(EVP_dss());
-#endif
-#endif
-#ifndef NO_SHA1
-	EVP_add_digest(EVP_sha1());
-	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
-	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
-#ifndef NO_DSA
-	EVP_add_digest(EVP_dss1());
-	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
-	EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
-	EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
-#endif
-#endif
-#if !defined(NO_MDC2) && !defined(NO_DES)
-	EVP_add_digest(EVP_mdc2());
-#endif
-#ifndef NO_RMD160
-	EVP_add_digest(EVP_ripemd160());
-	EVP_add_digest_alias(SN_ripemd160,"ripemd");
-	EVP_add_digest_alias(SN_ripemd160,"rmd160");
+	OpenSSL_add_all_ciphers();
+	OpenSSL_add_all_digests();
+#ifdef __OpenBSD__
+	ENGINE_setup_openbsd();
 #endif
 	}
diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c
new file mode 100644
index 0000000000..341a958fd4
--- /dev/null
+++ b/crypto/evp/c_allc.c
@@ -0,0 +1,180 @@
+/* crypto/evp/c_allc.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+#include <openssl/objects.h>
+
+void OpenSSL_add_all_ciphers(void)
+	{
+
+#ifndef OPENSSL_NO_DES
+	EVP_add_cipher(EVP_des_cfb());
+	EVP_add_cipher(EVP_des_ede_cfb());
+	EVP_add_cipher(EVP_des_ede3_cfb());
+
+	EVP_add_cipher(EVP_des_ofb());
+	EVP_add_cipher(EVP_des_ede_ofb());
+	EVP_add_cipher(EVP_des_ede3_ofb());
+
+	EVP_add_cipher(EVP_desx_cbc());
+	EVP_add_cipher_alias(SN_desx_cbc,"DESX");
+	EVP_add_cipher_alias(SN_desx_cbc,"desx");
+
+	EVP_add_cipher(EVP_des_cbc());
+	EVP_add_cipher_alias(SN_des_cbc,"DES");
+	EVP_add_cipher_alias(SN_des_cbc,"des");
+	EVP_add_cipher(EVP_des_ede_cbc());
+	EVP_add_cipher(EVP_des_ede3_cbc());
+	EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
+	EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
+
+	EVP_add_cipher(EVP_des_ecb());
+	EVP_add_cipher(EVP_des_ede());
+	EVP_add_cipher(EVP_des_ede3());
+#endif
+
+#ifndef OPENSSL_NO_RC4
+	EVP_add_cipher(EVP_rc4());
+	EVP_add_cipher(EVP_rc4_40());
+#endif
+
+#ifndef OPENSSL_NO_IDEA
+	EVP_add_cipher(EVP_idea_ecb());
+	EVP_add_cipher(EVP_idea_cfb());
+	EVP_add_cipher(EVP_idea_ofb());
+	EVP_add_cipher(EVP_idea_cbc());
+	EVP_add_cipher_alias(SN_idea_cbc,"IDEA");
+	EVP_add_cipher_alias(SN_idea_cbc,"idea");
+#endif
+
+#ifndef OPENSSL_NO_RC2
+	EVP_add_cipher(EVP_rc2_ecb());
+	EVP_add_cipher(EVP_rc2_cfb());
+	EVP_add_cipher(EVP_rc2_ofb());
+	EVP_add_cipher(EVP_rc2_cbc());
+	EVP_add_cipher(EVP_rc2_40_cbc());
+	EVP_add_cipher(EVP_rc2_64_cbc());
+	EVP_add_cipher_alias(SN_rc2_cbc,"RC2");
+	EVP_add_cipher_alias(SN_rc2_cbc,"rc2");
+#endif
+
+#ifndef OPENSSL_NO_BF
+	EVP_add_cipher(EVP_bf_ecb());
+	EVP_add_cipher(EVP_bf_cfb());
+	EVP_add_cipher(EVP_bf_ofb());
+	EVP_add_cipher(EVP_bf_cbc());
+	EVP_add_cipher_alias(SN_bf_cbc,"BF");
+	EVP_add_cipher_alias(SN_bf_cbc,"bf");
+	EVP_add_cipher_alias(SN_bf_cbc,"blowfish");
+#endif
+
+#ifndef OPENSSL_NO_CAST
+	EVP_add_cipher(EVP_cast5_ecb());
+	EVP_add_cipher(EVP_cast5_cfb());
+	EVP_add_cipher(EVP_cast5_ofb());
+	EVP_add_cipher(EVP_cast5_cbc());
+	EVP_add_cipher_alias(SN_cast5_cbc,"CAST");
+	EVP_add_cipher_alias(SN_cast5_cbc,"cast");
+	EVP_add_cipher_alias(SN_cast5_cbc,"CAST-cbc");
+	EVP_add_cipher_alias(SN_cast5_cbc,"cast-cbc");
+#endif
+
+#ifndef OPENSSL_NO_RC5
+	EVP_add_cipher(EVP_rc5_32_12_16_ecb());
+	EVP_add_cipher(EVP_rc5_32_12_16_cfb());
+	EVP_add_cipher(EVP_rc5_32_12_16_ofb());
+	EVP_add_cipher(EVP_rc5_32_12_16_cbc());
+	EVP_add_cipher_alias(SN_rc5_cbc,"rc5");
+	EVP_add_cipher_alias(SN_rc5_cbc,"RC5");
+#endif
+
+#ifndef OPENSSL_NO_AES
+	EVP_add_cipher(EVP_aes_128_ecb());
+	EVP_add_cipher(EVP_aes_128_cbc());
+	EVP_add_cipher(EVP_aes_128_cfb());
+	EVP_add_cipher(EVP_aes_128_ofb());
+#if 0
+	EVP_add_cipher(EVP_aes_128_ctr());
+#endif
+	EVP_add_cipher_alias(SN_aes_128_cbc,"AES128");
+	EVP_add_cipher_alias(SN_aes_128_cbc,"aes128");
+	EVP_add_cipher(EVP_aes_192_ecb());
+	EVP_add_cipher(EVP_aes_192_cbc());
+	EVP_add_cipher(EVP_aes_192_cfb());
+	EVP_add_cipher(EVP_aes_192_ofb());
+#if 0
+	EVP_add_cipher(EVP_aes_192_ctr());
+#endif
+	EVP_add_cipher_alias(SN_aes_192_cbc,"AES192");
+	EVP_add_cipher_alias(SN_aes_192_cbc,"aes192");
+	EVP_add_cipher(EVP_aes_256_ecb());
+	EVP_add_cipher(EVP_aes_256_cbc());
+	EVP_add_cipher(EVP_aes_256_cfb());
+	EVP_add_cipher(EVP_aes_256_ofb());
+#if 0
+	EVP_add_cipher(EVP_aes_256_ctr());
+#endif
+	EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
+	EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
+#endif
+	PKCS12_PBE_add();
+	PKCS5_PBE_add();
+	}
diff --git a/crypto/evp/e_cfb_d.c b/crypto/evp/c_alld.c
index 9ae4558f51..2334a28a5e 100644
--- a/crypto/evp/e_cfb_d.c
+++ b/crypto/evp/c_alld.c
@@ -1,4 +1,4 @@
-/* crypto/evp/e_cfb_d.c */
+/* crypto/evp/c_alld.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -58,61 +58,49 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
-static void des_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void des_cfb_init_key();
-static void des_cfb_cipher();
-#endif
-
-static EVP_CIPHER d_cfb_cipher=
-	{
-	NID_des_cfb64,
-	1,8,8,
-	des_cfb_init_key,
-	des_cfb_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	};
-
-EVP_CIPHER *EVP_des_cfb()
-	{
-	return(&d_cfb_cipher);
-	}
-	
-static void des_cfb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	ctx->num=0;
-
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		des_set_key((des_cblock *)key,ctx->c.des_ks);
-	}
-
-static void des_cfb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+void OpenSSL_add_all_digests(void)
 	{
-	des_cfb64_encrypt(
-		in,out,
-		(long)inl, ctx->c.des_ks,
-		(des_cblock *)&(ctx->iv[0]),
-		&ctx->num,ctx->encrypt);
+#ifndef OPENSSL_NO_MD2
+	EVP_add_digest(EVP_md2());
+#endif
+#ifndef OPENSSL_NO_MD4
+	EVP_add_digest(EVP_md4());
+#endif
+#ifndef OPENSSL_NO_MD5
+	EVP_add_digest(EVP_md5());
+	EVP_add_digest_alias(SN_md5,"ssl2-md5");
+	EVP_add_digest_alias(SN_md5,"ssl3-md5");
+#endif
+#ifndef OPENSSL_NO_SHA
+	EVP_add_digest(EVP_sha());
+#ifndef OPENSSL_NO_DSA
+	EVP_add_digest(EVP_dss());
+#endif
+#endif
+#ifndef OPENSSL_NO_SHA
+	EVP_add_digest(EVP_sha1());
+	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
+	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
+#ifndef OPENSSL_NO_DSA
+	EVP_add_digest(EVP_dss1());
+	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
+	EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
+	EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
+#endif
+#ifndef OPENSSL_NO_ECDSA
+	EVP_add_digest(EVP_ecdsa());
+#endif
+#endif
+#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
+	EVP_add_digest(EVP_mdc2());
+#endif
+#ifndef OPENSSL_NO_RIPEMD
+	EVP_add_digest(EVP_ripemd160());
+	EVP_add_digest_alias(SN_ripemd160,"ripemd");
+	EVP_add_digest_alias(SN_ripemd160,"rmd160");
+#endif
 	}
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index d65f0036f7..33013c41a6 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -55,35 +55,260 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "objects.h"
-#include "evp.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+
+void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
+	{
+	memset(ctx,'\0',sizeof *ctx);
+	}
+
+EVP_MD_CTX *EVP_MD_CTX_create(void)
+	{
+	EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
+
+	EVP_MD_CTX_init(ctx);
+
+	return ctx;
+	}
+
+int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
+	{
+	EVP_MD_CTX_init(ctx);
+	return EVP_DigestInit_ex(ctx, type, NULL);
+	}
+
+int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
+	{
+	EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
+	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
+	 * so this context may already have an ENGINE! Try to avoid releasing
+	 * the previous handle, re-querying for an ENGINE, and having a
+	 * reinitialisation, when it may all be unecessary. */
+	if (ctx->engine && ctx->digest && (!type ||
+			(type && (type->type == ctx->digest->type))))
+		goto skip_to_init;
+	if (type)
+		{
+		/* Ensure an ENGINE left lying around from last time is cleared
+		 * (the previous check attempted to avoid this if the same
+		 * ENGINE and EVP_MD could be used). */
+		if(ctx->engine)
+			ENGINE_finish(ctx->engine);
+		if(impl)
+			{
+			if (!ENGINE_init(impl))
+				{
+				EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR);
+				return 0;
+				}
+			}
+		else
+			/* Ask if an ENGINE is reserved for this job */
+			impl = ENGINE_get_digest_engine(type->type);
+		if(impl)
+			{
+			/* There's an ENGINE for this job ... (apparently) */
+			const EVP_MD *d = ENGINE_get_digest(impl, type->type);
+			if(!d)
+				{
+				/* Same comment from evp_enc.c */
+				EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR);
+				return 0;
+				}
+			/* We'll use the ENGINE's private digest definition */
+			type = d;
+			/* Store the ENGINE functional reference so we know
+			 * 'type' came from an ENGINE and we need to release
+			 * it when done. */
+			ctx->engine = impl;
+			}
+		else
+			ctx->engine = NULL;
+		}
+	else if(!ctx->digest)
+		{
+		EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
+		return 0;
+		}
+	if (ctx->digest != type)
+		{
+		if (ctx->digest && ctx->digest->ctx_size)
+			OPENSSL_free(ctx->md_data);
+		ctx->digest=type;
+		if (type->ctx_size)
+			ctx->md_data=OPENSSL_malloc(type->ctx_size);
+		}
+skip_to_init:
+	return ctx->digest->init(ctx);
+	}
 
-void EVP_DigestInit(ctx,type)
-EVP_MD_CTX *ctx;
-EVP_MD *type;
+int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
+	     unsigned int count)
 	{
-	ctx->digest=type;
-	type->init(&(ctx->md));
+	return ctx->digest->update(ctx,data,(unsigned long)count);
 	}
 
-void EVP_DigestUpdate(ctx,data,count)
-EVP_MD_CTX *ctx;
-unsigned char *data;
-unsigned int count;
+/* The caller can assume that this removes any secret data from the context */
+int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 	{
-	ctx->digest->update(&(ctx->md.base[0]),data,(unsigned long)count);
+	int ret;
+	ret = EVP_DigestFinal_ex(ctx, md, size);
+	EVP_MD_CTX_cleanup(ctx);
+	return ret;
 	}
 
-void EVP_DigestFinal(ctx,md,size)
-EVP_MD_CTX *ctx;
-unsigned char *md;
-unsigned int *size;
+/* The caller can assume that this removes any secret data from the context */
+int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 	{
-	ctx->digest->final(md,&(ctx->md.base[0]));
+	int ret;
+
+	OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
+	ret=ctx->digest->final(ctx,md);
 	if (size != NULL)
 		*size=ctx->digest->md_size;
-	memset(&(ctx->md),0,sizeof(ctx->md));
+	if (ctx->digest->cleanup)
+		{
+		ctx->digest->cleanup(ctx);
+		EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
+		}
+	memset(ctx->md_data,0,ctx->digest->ctx_size);
+	return ret;
+	}
+
+int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
+	{
+	EVP_MD_CTX_init(out);
+	return EVP_MD_CTX_copy_ex(out, in);
+	}
+
+int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
+	{
+	if ((in == NULL) || (in->digest == NULL))
+		{
+		EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
+		return 0;
+		}
+	/* Make sure it's safe to copy a digest context using an ENGINE */
+	if (in->engine && !ENGINE_init(in->engine))
+		{
+		EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB);
+		return 0;
+		}
+
+	EVP_MD_CTX_cleanup(out);
+	memcpy(out,in,sizeof *out);
+
+	if (out->digest->ctx_size)
+		{
+		out->md_data=OPENSSL_malloc(out->digest->ctx_size);
+		memcpy(out->md_data,in->md_data,out->digest->ctx_size);
+		}
+	
+	if (out->digest->copy)
+		return out->digest->copy(out,in);
+	
+	return 1;
+	}
+
+int EVP_Digest(void *data, unsigned int count,
+		unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl)
+	{
+	EVP_MD_CTX ctx;
+	int ret;
+
+	EVP_MD_CTX_init(&ctx);
+	EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
+	ret=EVP_DigestInit_ex(&ctx, type, impl)
+	  && EVP_DigestUpdate(&ctx, data, count)
+	  && EVP_DigestFinal_ex(&ctx, md, size);
+	EVP_MD_CTX_cleanup(&ctx);
+
+	return ret;
+	}
+
+void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
+	{
+	EVP_MD_CTX_cleanup(ctx);
+	OPENSSL_free(ctx);
+	}
+
+/* This call frees resources associated with the context */
+int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
+	{
+	/* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
+	 * because sometimes only copies of the context are ever finalised.
+	 */
+	if (ctx->digest && ctx->digest->cleanup
+	    && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
+		ctx->digest->cleanup(ctx);
+	if (ctx->digest && ctx->digest->ctx_size && ctx->md_data)
+		{
+		OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
+		OPENSSL_free(ctx->md_data);
+		}
+	if(ctx->engine)
+		/* The EVP_MD we used belongs to an ENGINE, release the
+		 * functional reference we held for this reason. */
+		ENGINE_finish(ctx->engine);
+	memset(ctx,'\0',sizeof *ctx);
+
+	return 1;
 	}
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
new file mode 100644
index 0000000000..c323fa2892
--- /dev/null
+++ b/crypto/evp/e_aes.c
@@ -0,0 +1,101 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ */
+
+#ifndef OPENSSL_NO_AES
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <string.h>
+#include <assert.h>
+#include <openssl/aes.h>
+#include "evp_locl.h"
+
+static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+					const unsigned char *iv, int enc);
+
+typedef struct
+	{
+	AES_KEY ks;
+	} EVP_AES_KEY;
+
+#define data(ctx)	EVP_C_DATA(EVP_AES_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
+		       NID_aes_128, 16, 16, 16, 128,
+		       0, aes_init_key, NULL, 
+		       EVP_CIPHER_set_asn1_iv,
+		       EVP_CIPHER_get_asn1_iv,
+		       NULL)
+IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,
+		       NID_aes_192, 16, 24, 16, 128,
+		       0, aes_init_key, NULL, 
+		       EVP_CIPHER_set_asn1_iv,
+		       EVP_CIPHER_get_asn1_iv,
+		       NULL)
+IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
+		       NID_aes_256, 16, 32, 16, 128,
+		       0, aes_init_key, NULL, 
+		       EVP_CIPHER_set_asn1_iv,
+		       EVP_CIPHER_get_asn1_iv,
+		       NULL)
+
+static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+		   const unsigned char *iv, int enc) {
+
+	if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE
+	    || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE
+	    || enc) 
+		AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
+	else
+		AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
+
+	return 1;
+}
+
+#endif
diff --git a/perl/callback.c b/crypto/evp/e_bf.c
index 4e39c16d70..e74337567b 100644
--- a/perl/callback.c
+++ b/crypto/evp/e_bf.c
@@ -1,4 +1,4 @@
-/* perl/callback.c */
+/* crypto/evp/e_bf.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,48 +56,33 @@
  * [including the GNU Public Licence.]
  */
 
-SV *new_ref(type,obj,mort)
-char *type;
-char *obj;
-	{
-	SV *ret;
+#ifndef OPENSSL_NO_BF
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include "evp_locl.h"
+#include <openssl/objects.h>
+#include <openssl/blowfish.h>
 
-	if (mort)
-		ret=sv_newmortal();
-	else
-		ret=newSViv(0);
-	sv_setref_pv(ret,type,(void *)obj);
-	return(ret);
-	}
+static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+		       const unsigned char *iv, int enc);
 
-int ex_new(obj,data,ad,idx,argl,argp)
-char *obj;
-SV *data;
-CRYPTO_EX_DATA *ad;
-int idx;
-long argl;
-char *argp;
+typedef struct
 	{
-	SV *sv;
+	BF_KEY ks;
+	} EVP_BF_KEY;
 
-fprintf(stderr,"ex_new idx=%d %08X %s\n",idx,obj,argp);
-	sv=sv_newmortal();
-	sv_setref_pv(sv,argp,(void *)obj);
-	CRYPTO_set_ex_data(ad,idx,(char *)sv);
-	return(1);
-	}
+#define data(ctx)	EVP_C_DATA(EVP_BF_KEY,ctx)
 
-void ex_cleanup(obj,data,ad,idx,argl,argp)
-char *obj;
-SV *data;
-CRYPTO_EX_DATA *ad;
-int idx;
-long argl;
-char *argp;
+IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64,
+			EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, 
+			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+	
+static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+		       const unsigned char *iv, int enc)
 	{
-	pr_name("ex_cleanup");
-fprintf(stderr,"ex_cleanup %08X %s\n",obj,argp);
-	if (data != NULL)
-		SvREFCNT_dec((SV *)data);
+	BF_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key);
+	return 1;
 	}
 
+#endif
diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c
new file mode 100644
index 0000000000..3400fef187
--- /dev/null
+++ b/crypto/evp/e_cast.c
@@ -0,0 +1,90 @@
+/* crypto/evp/e_cast.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef OPENSSL_NO_CAST
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+#include <openssl/cast.h>
+
+static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			 const unsigned char *iv,int enc);
+
+typedef struct
+	{
+	CAST_KEY ks;
+	} EVP_CAST_KEY;
+
+#define data(ctx)	EVP_C_DATA(EVP_CAST_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, 
+			NID_cast5, 8, CAST_KEY_LENGTH, 8, 64,
+			EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL,
+			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+			
+static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			 const unsigned char *iv, int enc)
+	{
+	CAST_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key);
+	return 1;
+	}
+
+#endif
diff --git a/crypto/evp/e_cbc_3d.c b/crypto/evp/e_cbc_3d.c
deleted file mode 100644
index 5761bf186a..0000000000
--- a/crypto/evp/e_cbc_3d.c
+++ /dev/null
@@ -1,163 +0,0 @@
-/* crypto/evp/e_cbc_3d.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void des_cbc_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void des_cbc_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void des_cbc_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void des_cbc_ede_init_key();
-static void des_cbc_ede3_init_key();
-static void des_cbc_ede_cipher();
-#endif
-
-static EVP_CIPHER d_cbc_ede_cipher2=
-	{
-	NID_des_ede_cbc,
-	8,16,8,
-	des_cbc_ede_init_key,
-	des_cbc_ede_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
-	EVP_CIPHER_get_asn1_iv,
-	EVP_CIPHER_set_asn1_iv,
-	};
-
-static EVP_CIPHER d_cbc_ede_cipher3=
-	{
-	NID_des_ede3_cbc,
-	8,24,8,
-	des_cbc_ede3_init_key,
-	des_cbc_ede_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	};
-
-EVP_CIPHER *EVP_des_ede_cbc()
-	{
-	return(&d_cbc_ede_cipher2);
-	}
-
-EVP_CIPHER *EVP_des_ede3_cbc()
-	{
-	return(&d_cbc_ede_cipher3);
-	}
-	
-static void des_cbc_ede_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-
-	if (key != NULL)
-		{
-		des_set_key((des_cblock *)key,ctx->c.des_ede.ks1);
-		des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2);
-		memcpy( (char *)ctx->c.des_ede.ks3,
-			(char *)ctx->c.des_ede.ks1,
-			sizeof(ctx->c.des_ede.ks1));
-		}
-	}
-
-static void des_cbc_ede3_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-
-	if (key != NULL)
-		{
-		des_set_key((des_cblock *)key,ctx->c.des_ede.ks1);
-		des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2);
-		des_set_key((des_cblock *)&(key[16]),ctx->c.des_ede.ks3);
-		}
-	}
-
-static void des_cbc_ede_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	des_ede3_cbc_encrypt(
-		(des_cblock *)in,(des_cblock *)out,
-		(long)inl, ctx->c.des_ede.ks1,
-		ctx->c.des_ede.ks2,ctx->c.des_ede.ks3,
-		(des_cblock *)&(ctx->iv[0]),
-		ctx->encrypt);
-	}
diff --git a/crypto/evp/e_cbc_bf.c b/crypto/evp/e_cbc_bf.c
deleted file mode 100644
index be605f4a13..0000000000
--- a/crypto/evp/e_cbc_bf.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/* crypto/evp/e_cbc_bf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_BLOWFISH
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void bf_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void bf_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void bf_cbc_init_key();
-static void bf_cbc_cipher();
-#endif
-
-static EVP_CIPHER bfish_cbc_cipher=
-	{
-	NID_bf_cbc,
-	8,EVP_BLOWFISH_KEY_SIZE,8,
-	bf_cbc_init_key,
-	bf_cbc_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
-	EVP_CIPHER_get_asn1_iv,
-	EVP_CIPHER_set_asn1_iv,
-	};
-
-EVP_CIPHER *EVP_bf_cbc()
-	{
-	return(&bfish_cbc_cipher);
-	}
-	
-static void bf_cbc_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
-	}
-
-static void bf_cbc_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	BF_cbc_encrypt(
-		in,out,(long)inl,
-		&(ctx->c.bf_ks),&(ctx->iv[0]),
-		ctx->encrypt);
-	}
-
-#endif
diff --git a/crypto/evp/e_cbc_c.c b/crypto/evp/e_cbc_c.c
deleted file mode 100644
index b50c7874b3..0000000000
--- a/crypto/evp/e_cbc_c.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/* crypto/evp/e_cbc_c.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_CAST
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void cast_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void cast_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void cast_cbc_init_key();
-static void cast_cbc_cipher();
-#endif
-
-static EVP_CIPHER cast5_cbc_cipher=
-	{
-	NID_cast5_cbc,
-	8,EVP_CAST5_KEY_SIZE,8,
-	cast_cbc_init_key,
-	cast_cbc_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.cast_ks)),
-	EVP_CIPHER_get_asn1_iv,
-	EVP_CIPHER_set_asn1_iv,
-	};
-
-EVP_CIPHER *EVP_cast5_cbc()
-	{
-	return(&cast5_cbc_cipher);
-	}
-	
-static void cast_cbc_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
-	}
-
-static void cast_cbc_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	CAST_cbc_encrypt(
-		in,out,(long)inl,
-		&(ctx->c.cast_ks),&(ctx->iv[0]),
-		ctx->encrypt);
-	}
-
-#endif
diff --git a/crypto/evp/e_cbc_d.c b/crypto/evp/e_cbc_d.c
deleted file mode 100644
index c67706e3a0..0000000000
--- a/crypto/evp/e_cbc_d.c
+++ /dev/null
@@ -1,116 +0,0 @@
-/* crypto/evp/e_cbc_d.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void des_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void des_cbc_init_key();
-static void des_cbc_cipher();
-#endif
-
-static EVP_CIPHER d_cbc_cipher=
-	{
-	NID_des_cbc,
-	8,8,8,
-	des_cbc_init_key,
-	des_cbc_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
-	EVP_CIPHER_get_asn1_iv,
-	EVP_CIPHER_set_asn1_iv,
-	};
-
-EVP_CIPHER *EVP_des_cbc()
-	{
-	return(&d_cbc_cipher);
-	}
-	
-static void des_cbc_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		des_set_key((des_cblock *)key,ctx->c.des_ks);
-	}
-
-static void des_cbc_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	des_ncbc_encrypt(
-		(des_cblock *)in,(des_cblock *)out,
-		(long)inl, ctx->c.des_ks,
-		(des_cblock *)&(ctx->iv[0]),
-		ctx->encrypt);
-	}
diff --git a/crypto/evp/e_cbc_i.c b/crypto/evp/e_cbc_i.c
deleted file mode 100644
index 312ffcb721..0000000000
--- a/crypto/evp/e_cbc_i.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/* crypto/evp/e_cbc_i.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_IDEA
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void idea_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void idea_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void idea_cbc_init_key();
-static void idea_cbc_cipher();
-#endif
-
-static EVP_CIPHER i_cbc_cipher=
-	{
-	NID_idea_cbc,
-	8,16,8,
-	idea_cbc_init_key,
-	idea_cbc_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
-	EVP_CIPHER_get_asn1_iv,
-	EVP_CIPHER_set_asn1_iv,
-	};
-
-EVP_CIPHER *EVP_idea_cbc()
-	{
-	return(&i_cbc_cipher);
-	}
-	
-static void idea_cbc_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		{
-		if (enc)
-			idea_set_encrypt_key(key,&(ctx->c.idea_ks));
-		else
-			{
-			IDEA_KEY_SCHEDULE tmp;
-
-			idea_set_encrypt_key(key,&tmp);
-			idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks));
-			memset((unsigned char *)&tmp,0,
-				sizeof(IDEA_KEY_SCHEDULE));
-			}
-		}
-	}
-
-static void idea_cbc_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	idea_cbc_encrypt(
-		in,out,(long)inl,
-		&(ctx->c.idea_ks),&(ctx->iv[0]),
-		ctx->encrypt);
-	}
-
-#endif
diff --git a/crypto/evp/e_cbc_r5.c b/crypto/evp/e_cbc_r5.c
deleted file mode 100644
index f7d46ca91f..0000000000
--- a/crypto/evp/e_cbc_r5.c
+++ /dev/null
@@ -1,120 +0,0 @@
-/* crypto/evp/e_cbc_r5.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_RC5
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void r_32_12_16_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void r_32_12_16_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void r_32_12_16_cbc_init_key();
-static void r_32_12_16_cbc_cipher();
-#endif
-
-static EVP_CIPHER rc5_32_12_16_cbc_cipher=
-	{
-	NID_rc5_cbc,
-	8,EVP_RC5_32_12_16_KEY_SIZE,8,
-	r_32_12_16_cbc_init_key,
-	r_32_12_16_cbc_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc5_ks)),
-	NULL,
-	NULL,
-	};
-
-EVP_CIPHER *EVP_rc5_32_12_16_cbc()
-	{
-	return(&rc5_32_12_16_cbc_cipher);
-	}
-	
-static void r_32_12_16_cbc_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		RC5_32_set_key(&(ctx->c.rc5_ks),EVP_RC5_32_12_16_KEY_SIZE,
-			key,RC5_12_ROUNDS);
-	}
-
-static void r_32_12_16_cbc_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	RC5_32_cbc_encrypt(
-		in,out,(long)inl,
-		&(ctx->c.rc5_ks),&(ctx->iv[0]),
-		ctx->encrypt);
-	}
-
-#endif
diff --git a/crypto/evp/e_cfb_3d.c b/crypto/evp/e_cfb_3d.c
deleted file mode 100644
index e7e3419411..0000000000
--- a/crypto/evp/e_cfb_3d.c
+++ /dev/null
@@ -1,166 +0,0 @@
-/* crypto/evp/e_cfb_3d.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void des_ede_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void des_ede3_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void des_ede_cfb_init_key();
-static void des_ede3_cfb_init_key();
-static void des_ede_cfb_cipher();
-#endif
-
-static EVP_CIPHER d_ede_cfb_cipher2=
-	{
-	NID_des_ede_cfb64,
-	1,16,8,
-	des_ede_cfb_init_key,
-	des_ede_cfb_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	};
-
-static EVP_CIPHER d_ede3_cfb_cipher3=
-	{
-	NID_des_ede3_cfb64,
-	1,24,8,
-	des_ede3_cfb_init_key,
-	des_ede_cfb_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	};
-
-EVP_CIPHER *EVP_des_ede_cfb()
-	{
-	return(&d_ede_cfb_cipher2);
-	}
-
-EVP_CIPHER *EVP_des_ede3_cfb()
-	{
-	return(&d_ede3_cfb_cipher3);
-	}
-	
-static void des_ede_cfb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	ctx->num=0;
-
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		{
-		des_set_key((des_cblock *)key,ctx->c.des_ede.ks1);
-		des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2);
-		memcpy( (char *)ctx->c.des_ede.ks3,
-			(char *)ctx->c.des_ede.ks1,
-			sizeof(ctx->c.des_ede.ks1));
-		}
-	}
-
-static void des_ede3_cfb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	ctx->num=0;
-
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		{
-		des_set_key((des_cblock *)key,ctx->c.des_ede.ks1);
-		des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2);
-		des_set_key((des_cblock *)&(key[16]),ctx->c.des_ede.ks3);
-		}
-	}
-
-static void des_ede_cfb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	des_ede3_cfb64_encrypt(
-		in,out,(long)inl,
-		ctx->c.des_ede.ks1,
-		ctx->c.des_ede.ks2,
-		ctx->c.des_ede.ks3,
-		(des_cblock *)&(ctx->iv[0]),
-		&ctx->num,ctx->encrypt);
-	}
diff --git a/crypto/evp/e_cfb_bf.c b/crypto/evp/e_cfb_bf.c
deleted file mode 100644
index 8aba2564b8..0000000000
--- a/crypto/evp/e_cfb_bf.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/* crypto/evp/e_cfb_bf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_BLOWFISH
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void bf_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void bf_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void bf_cfb_init_key();
-static void bf_cfb_cipher();
-#endif
-
-static EVP_CIPHER bfish_cfb_cipher=
-	{
-	NID_bf_cfb64,
-	1,EVP_BLOWFISH_KEY_SIZE,8,
-	bf_cfb_init_key,
-	bf_cfb_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	};
-
-EVP_CIPHER *EVP_bf_cfb()
-	{
-	return(&bfish_cfb_cipher);
-	}
-	
-static void bf_cfb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	ctx->num=0;
-
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
-	}
-
-static void bf_cfb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	BF_cfb64_encrypt(
-		in,out,
-		(long)inl, &(ctx->c.bf_ks),
-		&(ctx->iv[0]),
-		&ctx->num,ctx->encrypt);
-	}
-#endif
diff --git a/crypto/evp/e_cfb_c.c b/crypto/evp/e_cfb_c.c
deleted file mode 100644
index 936df55fd8..0000000000
--- a/crypto/evp/e_cfb_c.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/* crypto/evp/e_cfb_c.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_CAST
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void cast_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void cast_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void cast_cfb_init_key();
-static void cast_cfb_cipher();
-#endif
-
-static EVP_CIPHER cast5_cfb_cipher=
-	{
-	NID_cast5_cfb64,
-	1,EVP_CAST5_KEY_SIZE,8,
-	cast_cfb_init_key,
-	cast_cfb_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.cast_ks)),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	};
-
-EVP_CIPHER *EVP_cast5_cfb()
-	{
-	return(&cast5_cfb_cipher);
-	}
-	
-static void cast_cfb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	ctx->num=0;
-
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
-	}
-
-static void cast_cfb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	CAST_cfb64_encrypt(
-		in,out,
-		(long)inl, &(ctx->c.cast_ks),
-		&(ctx->iv[0]),
-		&ctx->num,ctx->encrypt);
-	}
-#endif
diff --git a/crypto/evp/e_cfb_i.c b/crypto/evp/e_cfb_i.c
deleted file mode 100644
index 9225efaa86..0000000000
--- a/crypto/evp/e_cfb_i.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/* crypto/evp/e_cfb_i.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_IDEA
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void idea_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void idea_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void idea_cfb_init_key();
-static void idea_cfb_cipher();
-#endif
-
-static EVP_CIPHER i_cfb_cipher=
-	{
-	NID_idea_cfb64,
-	1,IDEA_KEY_LENGTH,IDEA_BLOCK,
-	idea_cfb_init_key,
-	idea_cfb_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	};
-
-EVP_CIPHER *EVP_idea_cfb()
-	{
-	return(&i_cfb_cipher);
-	}
-
-static void idea_cfb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	ctx->num=0;
-
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		idea_set_encrypt_key(key,&(ctx->c.idea_ks));
-	}
-
-static void idea_cfb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	idea_cfb64_encrypt(
-		in,out,(long)inl,
-		&(ctx->c.idea_ks),&(ctx->iv[0]),
-		&ctx->num,ctx->encrypt);
-	}
-
-#endif
diff --git a/crypto/evp/e_cfb_r2.c b/crypto/evp/e_cfb_r2.c
deleted file mode 100644
index 849be7e638..0000000000
--- a/crypto/evp/e_cfb_r2.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/* crypto/evp/e_cfb_r2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_RC2
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void rc2_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void rc2_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void rc2_cfb_init_key();
-static void rc2_cfb_cipher();
-#endif
-
-static EVP_CIPHER r2_cfb_cipher=
-	{
-	NID_rc2_cfb64,
-	1,EVP_RC2_KEY_SIZE,8,
-	rc2_cfb_init_key,
-	rc2_cfb_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	};
-
-EVP_CIPHER *EVP_rc2_cfb()
-	{
-	return(&r2_cfb_cipher);
-	}
-	
-static void rc2_cfb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	ctx->num=0;
-
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
-			key,EVP_CIPHER_CTX_key_length(ctx)*8);
-	}
-
-static void rc2_cfb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	RC2_cfb64_encrypt(
-		in,out,
-		(long)inl, &(ctx->c.rc2_ks),
-		&(ctx->iv[0]),
-		&ctx->num,ctx->encrypt);
-	}
-#endif
diff --git a/crypto/evp/e_cfb_r5.c b/crypto/evp/e_cfb_r5.c
deleted file mode 100644
index a2fddaedc0..0000000000
--- a/crypto/evp/e_cfb_r5.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/* crypto/evp/e_cfb_r5.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_RC5
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void rc5_32_12_16_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void rc5_32_12_16_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void rc5_32_12_16_cfb_init_key();
-static void rc5_32_12_16_cfb_cipher();
-#endif
-
-static EVP_CIPHER rc5_cfb_cipher=
-	{
-	NID_rc5_cfb64,
-	1,EVP_RC5_32_12_16_KEY_SIZE,8,
-	rc5_32_12_16_cfb_init_key,
-	rc5_32_12_16_cfb_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc5_ks)),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	};
-
-EVP_CIPHER *EVP_rc5_32_12_16_cfb()
-	{
-	return(&rc5_cfb_cipher);
-	}
-	
-static void rc5_32_12_16_cfb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	ctx->num=0;
-
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		RC5_32_set_key(&(ctx->c.rc5_ks),EVP_RC5_32_12_16_KEY_SIZE,key,
-			RC5_12_ROUNDS);
-	}
-
-static void rc5_32_12_16_cfb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	RC5_32_cfb64_encrypt(
-		in,out,
-		(long)inl, &(ctx->c.rc5_ks),
-		&(ctx->iv[0]),
-		&ctx->num,ctx->encrypt);
-	}
-#endif
diff --git a/crypto/pem/ctx_size.c b/crypto/evp/e_des.c
index 87469bc4af..105266a4b3 100644
--- a/crypto/pem/ctx_size.c
+++ b/crypto/evp/e_des.c
@@ -1,4 +1,4 @@
-/* crypto/pem/ctx_size.c */
+/* crypto/evp/e_des.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,67 +56,64 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_DES
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+#include <openssl/des.h>
 
-int main(argc,argv)
-int argc;
-char *argv[];
-	{
-	int i,j;
-	char buf[256];
+static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			const unsigned char *iv, int enc);
+
+/* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */
+
+static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			  const unsigned char *in, unsigned int inl)
+{
+	BLOCK_CIPHER_ecb_loop()
+		DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), ctx->cipher_data, ctx->encrypt);
+	return 1;
+}
+
+static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			  const unsigned char *in, unsigned int inl)
+{
+	DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, (DES_cblock *)ctx->iv, &ctx->num);
+	return 1;
+}
+
+static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			  const unsigned char *in, unsigned int inl)
+{
+	DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data,
+			 (DES_cblock *)ctx->iv, ctx->encrypt);
+	return 1;
+}
 
-	for (;;)
-		{
-		char *str;
-		buf[0]='\0';
-		fgets(buf,256,stdin);
-		if (buf[0] == '\0') break;
+static int des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			  const unsigned char *in, unsigned int inl)
+{
+	DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
+			  (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
+	return 1;
+}
 
-		str="#define EVP_ENCODE_CTX_SIZE ";
-		if (strncmp(buf,str,strlen(str)) == 0)
-			{
-			printf("%s %d\n",str,(int)sizeof(EVP_ENCODE_CTX));
-			continue;
-			}
-		str="#define EVP_MD_SIZE ";
-		if (strncmp(buf,str,strlen(str)) == 0)
-			{
-			printf("%s %d\n",str,(int)sizeof(EVP_MD));
-			continue;
-			}
-		str="#define EVP_MD_CTX_SIZE ";
-		if (strncmp(buf,str,strlen(str)) == 0)
-			{
-			printf("%s %d\n",str,(int)sizeof(EVP_MD_CTX));
-			continue;
-			}
-		str="#define EVP_CIPHER_SIZE ";
-		if (strncmp(buf,str,strlen(str)) == 0)
-			{
-			printf("%s %d\n",str,(int)sizeof(EVP_CIPHER));
-			continue;
-			}
-		str="#define EVP_CIPHER_CTX_SIZE ";
-		if (strncmp(buf,str,strlen(str)) == 0)
-			{
-			printf("%s %d\n",str,(int)sizeof(EVP_CIPHER_CTX));
-			continue;
-			}
+BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
+			0, des_init_key, NULL,
+			EVP_CIPHER_set_asn1_iv,
+			EVP_CIPHER_get_asn1_iv,
+			NULL)
 
-		str="#define EVP_MAX_MD_SIZE ";
-		if (strncmp(buf,str,strlen(str)) == 0)
-			{
-			i=MD2_DIGEST_LENGTH;
-			j=MD5_DIGEST_LENGTH;
-			if (j > i) i=j;
-			j=SHA_DIGEST_LENGTH;
-			if (j > i) i=j;
-			printf("%s %d\n",str,i);
-			continue;
-			}
-		fputs(buf,stdout);
-		}
-	exit(0);
+
+static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			const unsigned char *iv, int enc)
+	{
+	DES_cblock *deskey = (DES_cblock *)key;
+
+	DES_set_key_unchecked(deskey,ctx->cipher_data);
+	return 1;
 	}
+
+#endif
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
new file mode 100644
index 0000000000..077860e7b6
--- /dev/null
+++ b/crypto/evp/e_des3.c
@@ -0,0 +1,193 @@
+/* crypto/evp/e_des3.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef OPENSSL_NO_DES
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+#include <openssl/des.h>
+
+static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			    const unsigned char *iv,int enc);
+
+static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			     const unsigned char *iv,int enc);
+
+typedef struct
+    {
+    DES_key_schedule ks1;/* key schedule */
+    DES_key_schedule ks2;/* key schedule (for ede) */
+    DES_key_schedule ks3;/* key schedule (for ede3) */
+    } DES_EDE_KEY;
+
+#define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data)
+
+/* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */
+
+static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			      const unsigned char *in, unsigned int inl)
+{
+	BLOCK_CIPHER_ecb_loop()
+		DES_ecb3_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), 
+				 &data(ctx)->ks1, &data(ctx)->ks2,
+				 &data(ctx)->ks3,
+				 ctx->encrypt);
+	return 1;
+}
+
+static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			      const unsigned char *in, unsigned int inl)
+{
+	DES_ede3_ofb64_encrypt(in, out, (long)inl,
+			       &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+			       (DES_cblock *)ctx->iv, &ctx->num);
+	return 1;
+}
+
+static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			      const unsigned char *in, unsigned int inl)
+{
+#ifdef KSSL_DEBUG
+	{
+        int i;
+        char *cp;
+	printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len);
+	printf("\t iv= ");
+        for(i=0;i<8;i++)
+                printf("%02X",ctx->iv[i]);
+	printf("\n");
+	}
+#endif    /* KSSL_DEBUG */
+	DES_ede3_cbc_encrypt(in, out, (long)inl,
+			     &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+			     (DES_cblock *)ctx->iv, ctx->encrypt);
+	return 1;
+}
+
+static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			      const unsigned char *in, unsigned int inl)
+{
+	DES_ede3_cfb64_encrypt(in, out, (long)inl, 
+			       &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+			       (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
+	return 1;
+}
+
+BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
+			0, des_ede_init_key, NULL, 
+			EVP_CIPHER_set_asn1_iv,
+			EVP_CIPHER_get_asn1_iv,
+			NULL)
+
+#define des_ede3_cfb_cipher des_ede_cfb_cipher
+#define des_ede3_ofb_cipher des_ede_ofb_cipher
+#define des_ede3_cbc_cipher des_ede_cbc_cipher
+#define des_ede3_ecb_cipher des_ede_ecb_cipher
+
+BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
+			0, des_ede3_init_key, NULL, 
+			EVP_CIPHER_set_asn1_iv,
+			EVP_CIPHER_get_asn1_iv,
+			NULL)
+
+static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			    const unsigned char *iv, int enc)
+	{
+	DES_cblock *deskey = (DES_cblock *)key;
+
+	DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
+	DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
+	memcpy(&data(ctx)->ks3,&data(ctx)->ks1,
+	       sizeof(data(ctx)->ks1));
+	return 1;
+	}
+
+static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			     const unsigned char *iv, int enc)
+	{
+	DES_cblock *deskey = (DES_cblock *)key;
+#ifdef KSSL_DEBUG
+	{
+        int i;
+        printf("des_ede3_init_key(ctx=%lx)\n", ctx);
+	printf("\tKEY= ");
+        for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n");
+	printf("\t IV= ");
+        for(i=0;i<8;i++) printf("%02X",iv[i]); printf("\n");
+	}
+#endif	/* KSSL_DEBUG */
+
+	DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
+	DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
+	DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3);
+
+	return 1;
+	}
+
+const EVP_CIPHER *EVP_des_ede(void)
+{
+	return &des_ede_ecb;
+}
+
+const EVP_CIPHER *EVP_des_ede3(void)
+{
+	return &des_ede3_ecb;
+}
+#endif
diff --git a/crypto/evp/e_dsa.c b/crypto/evp/e_dsa.c
index 6715c3e95e..b96f2738b3 100644
--- a/crypto/evp/e_dsa.c
+++ b/crypto/evp/e_dsa.c
@@ -58,9 +58,9 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
 static EVP_PKEY_METHOD dss_method=
 	{
diff --git a/crypto/evp/e_ecb_3d.c b/crypto/evp/e_ecb_3d.c
deleted file mode 100644
index 908fc0760a..0000000000
--- a/crypto/evp/e_ecb_3d.c
+++ /dev/null
@@ -1,161 +0,0 @@
-/* crypto/evp/e_ecb_3d.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void des_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void des_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void des_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void des_ede_init_key();
-static void des_ede3_init_key();
-static void des_ede_cipher();
-#endif
-
-static EVP_CIPHER d_ede_cipher2=
-	{
-	NID_des_ede,
-	8,16,0,
-	des_ede_init_key,
-	des_ede_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
-	NULL,
-	NULL,
-	};
-
-static EVP_CIPHER d_ede3_cipher3=
-	{
-	NID_des_ede3,
-	8,24,0,
-	des_ede3_init_key,
-	des_ede_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
-	NULL,
-	};
-
-EVP_CIPHER *EVP_des_ede()
-	{
-	return(&d_ede_cipher2);
-	}
-
-EVP_CIPHER *EVP_des_ede3()
-	{
-	return(&d_ede3_cipher3);
-	}
-
-static void des_ede_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	if (key != NULL)
-		{
-		des_set_key((des_cblock *)key,ctx->c.des_ede.ks1);
-		des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2);
-		memcpy( (char *)ctx->c.des_ede.ks3,
-			(char *)ctx->c.des_ede.ks1,
-			sizeof(ctx->c.des_ede.ks1));
-		}
-	}
-
-static void des_ede3_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	if (key != NULL)
-		{
-		des_set_key((des_cblock *)key,ctx->c.des_ede.ks1);
-		des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2);
-		des_set_key((des_cblock *)&(key[16]),ctx->c.des_ede.ks3);
-		}
-	}
-
-static void des_ede_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	unsigned int i;
-
-	if (inl < 8) return;
-	inl-=8;
-	for (i=0; i<=inl; i+=8)
-		{
-		des_ecb3_encrypt(
-			(des_cblock *)&(in[i]),(des_cblock *)&(out[i]),
-			ctx->c.des_ede.ks1,
-			ctx->c.des_ede.ks2,
-			ctx->c.des_ede.ks3,
-			ctx->encrypt);
-		}
-	}
diff --git a/crypto/evp/e_ecb_bf.c b/crypto/evp/e_ecb_bf.c
deleted file mode 100644
index 142a9d3123..0000000000
--- a/crypto/evp/e_ecb_bf.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/* crypto/evp/e_ecb_bf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_BLOWFISH
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void bf_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void bf_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void bf_ecb_init_key();
-static void bf_ecb_cipher();
-#endif
-
-static EVP_CIPHER bfish_ecb_cipher=
-	{
-	NID_bf_ecb,
-	8,EVP_BLOWFISH_KEY_SIZE,0,
-	bf_ecb_init_key,
-	bf_ecb_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
-	NULL,
-	NULL,
-	};
-
-EVP_CIPHER *EVP_bf_ecb()
-	{
-	return(&bfish_ecb_cipher);
-	}
-	
-static void bf_ecb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	if (key != NULL)
-		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
-	}
-
-static void bf_ecb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	unsigned int i;
-
-	if (inl < 8) return;
-	inl-=8;
-	for (i=0; i<=inl; i+=8)
-		{
-		BF_ecb_encrypt(
-			&(in[i]),&(out[i]),
-			&(ctx->c.bf_ks),ctx->encrypt);
-		}
-	}
-
-#endif
diff --git a/crypto/evp/e_ecb_c.c b/crypto/evp/e_ecb_c.c
deleted file mode 100644
index 34e0c18296..0000000000
--- a/crypto/evp/e_ecb_c.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/* crypto/evp/e_ecb_c.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_CAST
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void cast_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void cast_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void cast_ecb_init_key();
-static void cast_ecb_cipher();
-#endif
-
-static EVP_CIPHER cast5_ecb_cipher=
-	{
-	NID_cast5_ecb,
-	8,EVP_CAST5_KEY_SIZE,0,
-	cast_ecb_init_key,
-	cast_ecb_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.cast_ks)),
-	NULL,
-	NULL,
-	};
-
-EVP_CIPHER *EVP_cast5_ecb()
-	{
-	return(&cast5_ecb_cipher);
-	}
-	
-static void cast_ecb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	if (key != NULL)
-		CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
-	}
-
-static void cast_ecb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	unsigned int i;
-
-	if (inl < 8) return;
-	inl-=8;
-	for (i=0; i<=inl; i+=8)
-		{
-		CAST_ecb_encrypt(
-			&(in[i]),&(out[i]),
-			&(ctx->c.cast_ks),ctx->encrypt);
-		}
-	}
-
-#endif
diff --git a/crypto/evp/e_ecb_d.c b/crypto/evp/e_ecb_d.c
deleted file mode 100644
index 7a409d6459..0000000000
--- a/crypto/evp/e_ecb_d.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/* crypto/evp/e_ecb_d.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void des_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void des_ecb_init_key();
-static void des_ecb_cipher();
-#endif
-
-static EVP_CIPHER d_ecb_cipher=
-	{
-	NID_des_ecb,
-	8,8,0,
-	des_ecb_init_key,
-	des_ecb_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
-	NULL,
-	NULL,
-	};
-
-EVP_CIPHER *EVP_des_ecb()
-	{
-	return(&d_ecb_cipher);
-	}
-	
-static void des_ecb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	if (key != NULL)
-		des_set_key((des_cblock *)key,ctx->c.des_ks);
-	}
-
-static void des_ecb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	unsigned int i;
-
-	if (inl < 8) return;
-	inl-=8;
-	for (i=0; i<=inl; i+=8)
-		{
-		des_ecb_encrypt(
-			(des_cblock *)&(in[i]),(des_cblock *)&(out[i]),
-			ctx->c.des_ks,ctx->encrypt);
-		}
-	}
diff --git a/crypto/evp/e_ecb_r2.c b/crypto/evp/e_ecb_r2.c
deleted file mode 100644
index 4e74af96bd..0000000000
--- a/crypto/evp/e_ecb_r2.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/* crypto/evp/e_ecb_r2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_RC2
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void rc2_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void rc2_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void rc2_ecb_init_key();
-static void rc2_ecb_cipher();
-#endif
-
-static EVP_CIPHER r2_ecb_cipher=
-	{
-	NID_rc2_ecb,
-	8,EVP_RC2_KEY_SIZE,0,
-	rc2_ecb_init_key,
-	rc2_ecb_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
-	NULL,
-	NULL,
-	};
-
-EVP_CIPHER *EVP_rc2_ecb()
-	{
-	return(&r2_ecb_cipher);
-	}
-	
-static void rc2_ecb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	if (key != NULL)
-		RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
-			key,EVP_CIPHER_CTX_key_length(ctx)*8);
-	}
-
-static void rc2_ecb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	unsigned int i;
-
-	if (inl < 8) return;
-	inl-=8;
-	for (i=0; i<=inl; i+=8)
-		{
-		RC2_ecb_encrypt(
-			&(in[i]),&(out[i]),
-			&(ctx->c.rc2_ks),ctx->encrypt);
-		}
-	}
-
-#endif
diff --git a/crypto/evp/e_ecb_r5.c b/crypto/evp/e_ecb_r5.c
deleted file mode 100644
index 08f4a82651..0000000000
--- a/crypto/evp/e_ecb_r5.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/* crypto/evp/e_ecb_r5.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_RC5
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void rc5_32_12_16_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void rc5_32_12_16_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void rc5_32_12_16_ecb_init_key();
-static void rc5_32_12_16_ecb_cipher();
-#endif
-
-static EVP_CIPHER rc5_ecb_cipher=
-	{
-	NID_rc5_ecb,
-	8,EVP_RC5_32_12_16_KEY_SIZE,0,
-	rc5_32_12_16_ecb_init_key,
-	rc5_32_12_16_ecb_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc5_ks)),
-	NULL,
-	NULL,
-	};
-
-EVP_CIPHER *EVP_rc5_32_12_16_ecb()
-	{
-	return(&rc5_ecb_cipher);
-	}
-	
-static void rc5_32_12_16_ecb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	if (key != NULL)
-		RC5_32_set_key(&(ctx->c.rc5_ks),EVP_RC5_32_12_16_KEY_SIZE,key,
-			RC5_12_ROUNDS);
-	}
-
-static void rc5_32_12_16_ecb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	unsigned int i;
-
-	if (inl < 8) return;
-	inl-=8;
-	for (i=0; i<=inl; i+=8)
-		{
-		RC5_32_ecb_encrypt(
-			&(in[i]),&(out[i]),
-			&(ctx->c.rc5_ks),ctx->encrypt);
-		}
-	}
-
-#endif
diff --git a/crypto/evp/e_ecb_i.c b/crypto/evp/e_idea.c
index e24022a12c..b9efa75ae7 100644
--- a/crypto/evp/e_ecb_i.c
+++ b/crypto/evp/e_idea.c
@@ -1,4 +1,4 @@
-/* crypto/evp/e_ecb_i.c */
+/* crypto/evp/e_idea.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,78 +56,63 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+#include <openssl/idea.h>
 
-#ifndef NOPROTO
-static void idea_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void idea_ecb_init_key();
-static void idea_ecb_cipher();
-#endif
+static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			 const unsigned char *iv,int enc);
+
+/* NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a special
+ * case 
+ */
+
+static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			   const unsigned char *in, unsigned int inl)
+{
+	BLOCK_CIPHER_ecb_loop()
+		idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);
+	return 1;
+}
 
-static EVP_CIPHER i_ecb_cipher=
+/* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */
+
+typedef struct
 	{
-	NID_idea_ecb,
-	8,16,0,
-	idea_ecb_init_key,
-	idea_ecb_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
-	NULL,
-	NULL,
-	};
+	IDEA_KEY_SCHEDULE ks;
+	} EVP_IDEA_KEY;
+
+BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks)
+BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks)
+BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks)
+
+BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
+			0, idea_init_key, NULL, 
+			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
 
-EVP_CIPHER *EVP_idea_ecb()
+static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			 const unsigned char *iv, int enc)
 	{
-	return(&i_ecb_cipher);
+	if(!enc) {
+		if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) enc = 1;
+		else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE) enc = 1;
 	}
-	
-static void idea_ecb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	if (key != NULL)
+	if (enc) idea_set_encrypt_key(key,ctx->cipher_data);
+	else
 		{
-		if (enc)
-			idea_set_encrypt_key(key,&(ctx->c.idea_ks));
-		else
-			{
-			IDEA_KEY_SCHEDULE tmp;
+		IDEA_KEY_SCHEDULE tmp;
 
-			idea_set_encrypt_key(key,&tmp);
-			idea_set_decrypt_key(&tmp, &(ctx->c.idea_ks));
-			memset((unsigned char *)&tmp,0,
+		idea_set_encrypt_key(key,&tmp);
+		idea_set_decrypt_key(&tmp,ctx->cipher_data);
+		OPENSSL_cleanse((unsigned char *)&tmp,
 				sizeof(IDEA_KEY_SCHEDULE));
-			}
-		}
-	}
-
-static void idea_ecb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	unsigned int i;
-
-	if (inl < 8) return;
-	inl-=8;
-	for (i=0; i<=inl; i+=8)
-		{
-		idea_ecb_encrypt(
-			&(in[i]),&(out[i]),&(ctx->c.idea_ks));
 		}
+	return 1;
 	}
 
 #endif
diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c
index e4e7ca7606..2420d7e5af 100644
--- a/crypto/evp/e_null.c
+++ b/crypto/evp/e_null.c
@@ -58,52 +58,44 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-#ifndef NOPROTO
-static void null_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void null_init_key();
-static void null_cipher();
-#endif
-
-static EVP_CIPHER n_cipher=
+static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+	const unsigned char *iv,int enc);
+static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	const unsigned char *in, unsigned int inl);
+static const EVP_CIPHER n_cipher=
 	{
 	NID_undef,
 	1,0,0,
+	0,
 	null_init_key,
 	null_cipher,
 	NULL,
 	0,
 	NULL,
 	NULL,
+	NULL
 	};
 
-EVP_CIPHER *EVP_enc_null()
+const EVP_CIPHER *EVP_enc_null(void)
 	{
 	return(&n_cipher);
 	}
 
-static void null_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+	     const unsigned char *iv, int enc)
 	{
-	memset(&(ctx->c),0,sizeof(ctx->c));
+	/*	memset(&(ctx->c),0,sizeof(ctx->c));*/
+	return 1;
 	}
 
-static void null_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	     const unsigned char *in, unsigned int inl)
 	{
 	if (in != out)
 		memcpy((char *)out,(char *)in,(int)inl);
+	return 1;
 	}
 
diff --git a/crypto/evp/e_ofb_3d.c b/crypto/evp/e_ofb_3d.c
deleted file mode 100644
index c3add18e93..0000000000
--- a/crypto/evp/e_ofb_3d.c
+++ /dev/null
@@ -1,165 +0,0 @@
-/* crypto/evp/e_ofb_3d.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void des_ede_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void des_ede3_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void des_ede_ofb_init_key();
-static void des_ede3_ofb_init_key();
-static void des_ede_ofb_cipher();
-#endif
-
-static EVP_CIPHER d_ede_ofb_cipher2=
-	{
-	NID_des_ede_ofb64,
-	1,16,8,
-	des_ede_ofb_init_key,
-	des_ede_ofb_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	};
-
-static EVP_CIPHER d_ede3_ofb_cipher3=
-	{
-	NID_des_ede3_ofb64,
-	1,24,8,
-	des_ede3_ofb_init_key,
-	des_ede_ofb_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
-	EVP_CIPHER_set_asn1_iv,
-        EVP_CIPHER_get_asn1_iv,
-	};
-
-EVP_CIPHER *EVP_des_ede_ofb()
-	{
-	return(&d_ede_ofb_cipher2);
-	}
-
-EVP_CIPHER *EVP_des_ede3_ofb()
-	{
-	return(&d_ede3_ofb_cipher3);
-	}
-	
-static void des_ede_ofb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	ctx->num=0;
-
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		{
-		des_set_key((des_cblock *)key,ctx->c.des_ede.ks1);
-		des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2);
-		memcpy( (char *)ctx->c.des_ede.ks3,
-			(char *)ctx->c.des_ede.ks1,
-			sizeof(ctx->c.des_ede.ks1));
-		}
-	}
-
-static void des_ede3_ofb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	ctx->num=0;
-
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		{
-		des_set_key((des_cblock *)key,ctx->c.des_ede.ks1);
-		des_set_key((des_cblock *)&(key[8]),ctx->c.des_ede.ks2);
-		des_set_key((des_cblock *)&(key[16]),ctx->c.des_ede.ks3);
-		}
-	}
-
-static void des_ede_ofb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	des_ede3_ofb64_encrypt(
-		in,out,
-		(long)inl,
-		ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3,
-		(des_cblock *)&(ctx->iv[0]),
-		&ctx->num);
-	}
diff --git a/crypto/evp/e_ofb_bf.c b/crypto/evp/e_ofb_bf.c
deleted file mode 100644
index 492f9b9082..0000000000
--- a/crypto/evp/e_ofb_bf.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/* crypto/evp/e_ofb_bf.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_BLOWFISH
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void bf_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void bf_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void bf_ofb_init_key();
-static void bf_ofb_cipher();
-#endif
-
-static EVP_CIPHER bfish_ofb_cipher=
-	{
-	NID_bf_ofb64,
-	1,EVP_BLOWFISH_KEY_SIZE,8,
-	bf_ofb_init_key,
-	bf_ofb_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	};
-
-EVP_CIPHER *EVP_bf_ofb()
-	{
-	return(&bfish_ofb_cipher);
-	}
-	
-static void bf_ofb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	ctx->num=0;
-
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
-	}
-
-static void bf_ofb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	BF_ofb64_encrypt(
-		in,out,
-		(long)inl, &(ctx->c.bf_ks),
-		&(ctx->iv[0]),
-		&ctx->num);
-	}
-
-#endif
diff --git a/crypto/evp/e_ofb_c.c b/crypto/evp/e_ofb_c.c
deleted file mode 100644
index f1eef4469c..0000000000
--- a/crypto/evp/e_ofb_c.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/* crypto/evp/e_ofb_c.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_CAST
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void cast_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void cast_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void cast_ofb_init_key();
-static void cast_ofb_cipher();
-#endif
-
-static EVP_CIPHER cast5_ofb_cipher=
-	{
-	NID_cast5_ofb64,
-	1,EVP_CAST5_KEY_SIZE,8,
-	cast_ofb_init_key,
-	cast_ofb_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.cast_ks)),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	};
-
-EVP_CIPHER *EVP_cast5_ofb()
-	{
-	return(&cast5_ofb_cipher);
-	}
-	
-static void cast_ofb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	ctx->num=0;
-
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
-	}
-
-static void cast_ofb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	CAST_ofb64_encrypt(
-		in,out,
-		(long)inl, &(ctx->c.cast_ks),
-		&(ctx->iv[0]),
-		&ctx->num);
-	}
-
-#endif
diff --git a/crypto/evp/e_ofb_d.c b/crypto/evp/e_ofb_d.c
deleted file mode 100644
index 09d4b4139d..0000000000
--- a/crypto/evp/e_ofb_d.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/* crypto/evp/e_ofb_d.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void des_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void des_ofb_init_key();
-static void des_ofb_cipher();
-#endif
-
-static EVP_CIPHER d_ofb_cipher=
-	{
-	NID_des_ofb64,
-	1,8,8,
-	des_ofb_init_key,
-	des_ofb_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	};
-
-EVP_CIPHER *EVP_des_ofb()
-	{
-	return(&d_ofb_cipher);
-	}
-	
-static void des_ofb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	ctx->num=0;
-
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		des_set_key((des_cblock *)key,ctx->c.des_ks);
-	}
-
-static void des_ofb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	des_ofb64_encrypt(
-		in,out,
-		(long)inl, ctx->c.des_ks,
-		(des_cblock *)&(ctx->iv[0]),
-		&ctx->num);
-	}
diff --git a/crypto/evp/e_ofb_i.c b/crypto/evp/e_ofb_i.c
deleted file mode 100644
index 96c8afd9c8..0000000000
--- a/crypto/evp/e_ofb_i.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/* crypto/evp/e_ofb_i.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_IDEA
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void idea_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void idea_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void idea_ofb_init_key();
-static void idea_ofb_cipher();
-#endif
-
-static EVP_CIPHER i_ofb_cipher=
-	{
-	NID_idea_ofb64,
-	1,IDEA_KEY_LENGTH,IDEA_BLOCK,
-	idea_ofb_init_key,
-	idea_ofb_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	};
-
-EVP_CIPHER *EVP_idea_ofb()
-	{
-	return(&i_ofb_cipher);
-	}
-	
-static void idea_ofb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	ctx->num=0;
-
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		idea_set_encrypt_key(key,&(ctx->c.idea_ks));
-	}
-
-static void idea_ofb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	idea_ofb64_encrypt(
-		in,out,(long)inl,
-		&(ctx->c.idea_ks),&(ctx->iv[0]),
-		&ctx->num);
-	}
-
-#endif
diff --git a/crypto/evp/e_ofb_r2.c b/crypto/evp/e_ofb_r2.c
deleted file mode 100644
index 4ed67eacd5..0000000000
--- a/crypto/evp/e_ofb_r2.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/* crypto/evp/e_ofb_r2.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_RC2
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void rc2_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void rc2_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void rc2_ofb_init_key();
-static void rc2_ofb_cipher();
-#endif
-
-static EVP_CIPHER r2_ofb_cipher=
-	{
-	NID_rc2_ofb64,
-	1,EVP_RC2_KEY_SIZE,8,
-	rc2_ofb_init_key,
-	rc2_ofb_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	};
-
-EVP_CIPHER *EVP_rc2_ofb()
-	{
-	return(&r2_ofb_cipher);
-	}
-	
-static void rc2_ofb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	ctx->num=0;
-
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
-			key,EVP_CIPHER_CTX_key_length(ctx)*8);
-	}
-
-static void rc2_ofb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	RC2_ofb64_encrypt(
-		in,out,
-		(long)inl, &(ctx->c.rc2_ks),
-		&(ctx->iv[0]),
-		&ctx->num);
-	}
-
-#endif
diff --git a/crypto/evp/e_ofb_r5.c b/crypto/evp/e_ofb_r5.c
deleted file mode 100644
index db28d6c317..0000000000
--- a/crypto/evp/e_ofb_r5.c
+++ /dev/null
@@ -1,123 +0,0 @@
-/* crypto/evp/e_ofb_r5.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef NO_RC5
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void rc5_32_12_16_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void rc5_32_12_16_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void rc5_32_12_16_ofb_init_key();
-static void rc5_32_12_16_ofb_cipher();
-#endif
-
-static EVP_CIPHER rc5_ofb_cipher=
-	{
-	NID_rc5_ofb64,
-	1,EVP_RC5_32_12_16_KEY_SIZE,8,
-	rc5_32_12_16_ofb_init_key,
-	rc5_32_12_16_ofb_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc5_ks)),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	};
-
-EVP_CIPHER *EVP_rc5_32_12_16_ofb()
-	{
-	return(&rc5_ofb_cipher);
-	}
-	
-static void rc5_32_12_16_ofb_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
-	{
-	ctx->num=0;
-
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		RC5_32_set_key(&(ctx->c.rc5_ks),EVP_RC5_32_12_16_KEY_SIZE,key,
-			RC5_12_ROUNDS);
-	}
-
-static void rc5_32_12_16_ofb_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	RC5_32_ofb64_encrypt(
-		in,out,
-		(long)inl, &(ctx->c.rc5_ks),
-		&(ctx->iv[0]),
-		&ctx->num);
-	}
-
-#endif
diff --git a/crypto/evp/e_cbc_r2.c b/crypto/evp/e_rc2.c
index 9175e53550..d42cbfd17e 100644
--- a/crypto/evp/e_cbc_r2.c
+++ b/crypto/evp/e_rc2.c
@@ -1,4 +1,4 @@
-/* crypto/evp/e_cbc_r2.c */
+/* crypto/evp/e_rc2.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,184 +56,175 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_RC2
+#ifndef OPENSSL_NO_RC2
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-
-#ifndef NOPROTO
-static void rc2_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void rc2_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-static int rc2_meth_to_magic(EVP_CIPHER *e);
-static EVP_CIPHER *rc2_magic_to_meth(int i);
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+#include <openssl/rc2.h>
+
+static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			const unsigned char *iv,int enc);
+static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx);
+static int rc2_magic_to_meth(int i);
 static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
 static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
 
-#else
+typedef struct
+	{
+	int key_bits;	/* effective key bits */
+	RC2_KEY ks;	/* key schedule */
+	} EVP_RC2_KEY;
 
-static void rc2_cbc_init_key();
-static void rc2_cbc_cipher();
-static int rc2_meth_to_magic();
-static EVP_CIPHER *rc2_magic_to_meth();
-static int rc2_set_asn1_type_and_iv();
-static int rc2_get_asn1_type_and_iv();
-#endif
+#define data(ctx)	((EVP_RC2_KEY *)(ctx)->cipher_data)
+
+IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2,
+			8,
+			RC2_KEY_LENGTH, 8, 64,
+			EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+			rc2_init_key, NULL,
+			rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, 
+			rc2_ctrl)
 
 #define RC2_40_MAGIC	0xa0
 #define RC2_64_MAGIC	0x78
 #define RC2_128_MAGIC	0x3a
 
-static EVP_CIPHER r2_cbc_cipher=
-	{
-	NID_rc2_cbc,
-	8,EVP_RC2_KEY_SIZE,8,
-	rc2_cbc_init_key,
-	rc2_cbc_cipher,
-	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
-	rc2_set_asn1_type_and_iv,
-	rc2_get_asn1_type_and_iv,
-	};
-
-static EVP_CIPHER r2_64_cbc_cipher=
+static const EVP_CIPHER r2_64_cbc_cipher=
 	{
-	NID_rc2_40_cbc,
+	NID_rc2_64_cbc,
 	8,8 /* 64 bit */,8,
-	rc2_cbc_init_key,
+	EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+	rc2_init_key,
 	rc2_cbc_cipher,
 	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+	sizeof(EVP_RC2_KEY),
 	rc2_set_asn1_type_and_iv,
 	rc2_get_asn1_type_and_iv,
+	rc2_ctrl,
+	NULL
 	};
 
-static EVP_CIPHER r2_40_cbc_cipher=
+static const EVP_CIPHER r2_40_cbc_cipher=
 	{
 	NID_rc2_40_cbc,
 	8,5 /* 40 bit */,8,
-	rc2_cbc_init_key,
+	EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+	rc2_init_key,
 	rc2_cbc_cipher,
 	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+	sizeof(EVP_RC2_KEY),
 	rc2_set_asn1_type_and_iv,
 	rc2_get_asn1_type_and_iv,
+	rc2_ctrl,
+	NULL
 	};
 
-EVP_CIPHER *EVP_rc2_cbc()
-	{
-	return(&r2_cbc_cipher);
-	}
-
-EVP_CIPHER *EVP_rc2_64_cbc()
+const EVP_CIPHER *EVP_rc2_64_cbc(void)
 	{
 	return(&r2_64_cbc_cipher);
 	}
 
-EVP_CIPHER *EVP_rc2_40_cbc()
+const EVP_CIPHER *EVP_rc2_40_cbc(void)
 	{
 	return(&r2_40_cbc_cipher);
 	}
 	
-static void rc2_cbc_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			const unsigned char *iv, int enc)
 	{
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
-			key,EVP_CIPHER_CTX_key_length(ctx)*8);
+	RC2_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
+		    key,data(ctx)->key_bits);
+	return 1;
 	}
 
-static void rc2_cbc_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
-	{
-	RC2_cbc_encrypt(
-		in,out,(long)inl,
-		&(ctx->c.rc2_ks),&(ctx->iv[0]),
-		ctx->encrypt);
-	}
-
-static int rc2_meth_to_magic(e)
-EVP_CIPHER *e;
+static int rc2_meth_to_magic(EVP_CIPHER_CTX *e)
 	{
 	int i;
 
-	i=EVP_CIPHER_key_length(e);
+	EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i);
 	if 	(i == 128) return(RC2_128_MAGIC);
 	else if (i == 64)  return(RC2_64_MAGIC);
 	else if (i == 40)  return(RC2_40_MAGIC);
 	else return(0);
 	}
 
-static EVP_CIPHER *rc2_magic_to_meth(i)
-int i;
+static int rc2_magic_to_meth(int i)
 	{
-	if      (i == RC2_128_MAGIC) return(EVP_rc2_cbc());
-	else if (i == RC2_64_MAGIC)  return(EVP_rc2_64_cbc());
-	else if (i == RC2_40_MAGIC)  return(EVP_rc2_40_cbc());
+	if      (i == RC2_128_MAGIC) return 128;
+	else if (i == RC2_64_MAGIC)  return 64;
+	else if (i == RC2_40_MAGIC)  return 40;
 	else
 		{
 		EVPerr(EVP_F_RC2_MAGIC_TO_METH,EVP_R_UNSUPPORTED_KEY_SIZE);
-		return(NULL);
+		return(0);
 		}
 	}
 
-int rc2_get_asn1_type_and_iv(c,type)
-EVP_CIPHER_CTX *c;
-ASN1_TYPE *type;
+static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 	{
 	long num=0;
 	int i=0,l;
-	EVP_CIPHER *e;
+	int key_bits;
+	unsigned char iv[EVP_MAX_IV_LENGTH];
 
 	if (type != NULL)
 		{
 		l=EVP_CIPHER_CTX_iv_length(c);
-		i=ASN1_TYPE_get_int_octetstring(type,&num,c->oiv,l);
+		OPENSSL_assert(l <= sizeof iv);
+		i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l);
 		if (i != l)
 			return(-1);
-		else if (i > 0)
-			memcpy(c->iv,c->oiv,l);
-		e=rc2_magic_to_meth((int)num);
-		if (e == NULL)
+		key_bits =rc2_magic_to_meth((int)num);
+		if (!key_bits)
 			return(-1);
-		if (e != EVP_CIPHER_CTX_cipher(c))
-			{
-			EVP_CIPHER_CTX_cipher(c)=e;
-			rc2_cbc_init_key(c,NULL,NULL,1);
-			}
+		if(i > 0) EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1);
+		EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
+		EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
 		}
 	return(i);
 	}
 
-static int rc2_set_asn1_type_and_iv(c,type)
-EVP_CIPHER_CTX *c;
-ASN1_TYPE *type;
+static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 	{
 	long num;
 	int i=0,j;
 
 	if (type != NULL)
 		{
-		num=rc2_meth_to_magic(EVP_CIPHER_CTX_cipher(c));
+		num=rc2_meth_to_magic(c);
 		j=EVP_CIPHER_CTX_iv_length(c);
 		i=ASN1_TYPE_set_int_octetstring(type,num,c->oiv,j);
 		}
 	return(i);
 	}
 
+static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+	{
+	switch(type)
+		{
+	case EVP_CTRL_INIT:
+		data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8;
+		return 1;
+
+	case EVP_CTRL_GET_RC2_KEY_BITS:
+		*(int *)ptr = data(c)->key_bits;
+		return 1;
+			
+	case EVP_CTRL_SET_RC2_KEY_BITS:
+		if(arg > 0)
+			{
+			data(c)->key_bits = arg;
+			return 1;
+			}
+		return 0;
+
+	default:
+		return -1;
+		}
+	}
+
 #endif
diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c
index 7e9790a94c..d58f507837 100644
--- a/crypto/evp/e_rc4.c
+++ b/crypto/evp/e_rc4.c
@@ -56,72 +56,78 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef NO_RC4
+#ifndef OPENSSL_NO_RC4
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/rc4.h>
 
-#ifndef NOPROTO
-static void rc4_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void rc4_init_key();
-static void rc4_cipher();
-#endif
+/* FIXME: surely this is available elsewhere? */
+#define EVP_RC4_KEY_SIZE		16
+
+typedef struct
+    {
+    RC4_KEY ks;	/* working key */
+    } EVP_RC4_KEY;
+
+#define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data)
 
-static EVP_CIPHER r4_cipher=
+static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			const unsigned char *iv,int enc);
+static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+		      const unsigned char *in, unsigned int inl);
+static const EVP_CIPHER r4_cipher=
 	{
 	NID_rc4,
 	1,EVP_RC4_KEY_SIZE,0,
+	EVP_CIPH_VARIABLE_LENGTH,
 	rc4_init_key,
 	rc4_cipher,
 	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc4)),
+	sizeof(EVP_RC4_KEY),
 	NULL,
 	NULL,
+	NULL
 	};
 
-static EVP_CIPHER r4_40_cipher=
+static const EVP_CIPHER r4_40_cipher=
 	{
 	NID_rc4_40,
 	1,5 /* 40 bit */,0,
+	EVP_CIPH_VARIABLE_LENGTH,
 	rc4_init_key,
 	rc4_cipher,
+	NULL,
+	sizeof(EVP_RC4_KEY),
+	NULL, 
+	NULL,
+	NULL
 	};
 
-EVP_CIPHER *EVP_rc4()
+const EVP_CIPHER *EVP_rc4(void)
 	{
 	return(&r4_cipher);
 	}
 
-EVP_CIPHER *EVP_rc4_40()
+const EVP_CIPHER *EVP_rc4_40(void)
 	{
 	return(&r4_40_cipher);
 	}
 
-static void rc4_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			const unsigned char *iv, int enc)
 	{
-	if (key != NULL)
-		memcpy(&(ctx->c.rc4.key[0]),key,EVP_CIPHER_CTX_key_length(ctx));
-	RC4_set_key(&(ctx->c.rc4.ks),EVP_CIPHER_CTX_key_length(ctx),
-		ctx->c.rc4.key);
+	RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
+		    key);
+	return 1;
 	}
 
-static void rc4_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+		      const unsigned char *in, unsigned int inl)
 	{
-	RC4(&(ctx->c.rc4.ks),inl,in,out);
+	RC4(&data(ctx)->ks,inl,in,out);
+	return 1;
 	}
 #endif
diff --git a/crypto/asn1/p7_i_s.c b/crypto/evp/e_rc5.c
index 9bae647feb..3c7713b181 100644
--- a/crypto/asn1/p7_i_s.c
+++ b/crypto/evp/e_rc5.c
@@ -1,4 +1,4 @@
-/* crypto/asn1/p7_i_s.c */
+/* crypto/evp/e_rc5.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,66 +56,70 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_RC5
+
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1_mac.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "evp_locl.h"
+#include <openssl/rc5.h>
 
-/*
- * ASN1err(ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW,ERR_R_ASN1_LENGTH_MISMATCH);
- * ASN1err(ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL,ERR_R_ASN1_LENGTH_MISMATCH);
- */
+static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			       const unsigned char *iv,int enc);
+static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
 
-int i2d_PKCS7_ISSUER_AND_SERIAL(a,pp)
-PKCS7_ISSUER_AND_SERIAL *a;
-unsigned char **pp;
+typedef struct
 	{
-	M_ASN1_I2D_vars(a);
+	int rounds;	/* number of rounds */
+	RC5_32_KEY ks;	/* key schedule */
+	} EVP_RC5_KEY;
 
-	M_ASN1_I2D_len(a->issuer,i2d_X509_NAME);
-	M_ASN1_I2D_len(a->serial,i2d_ASN1_INTEGER);
+#define data(ctx)	EVP_C_DATA(EVP_RC5_KEY,ctx)
 
-	M_ASN1_I2D_seq_total();
+IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5,
+		       8, RC5_32_KEY_LENGTH, 8, 64,
+		       EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+		       r_32_12_16_init_key, NULL,
+		       NULL, NULL, rc5_ctrl)
 
-	M_ASN1_I2D_put(a->issuer,i2d_X509_NAME);
-	M_ASN1_I2D_put(a->serial,i2d_ASN1_INTEGER);
-
-	M_ASN1_I2D_finish();
-	}
-
-PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL(a,pp,length)
-PKCS7_ISSUER_AND_SERIAL **a;
-unsigned char **pp;
-long length;
+static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 	{
-	M_ASN1_D2I_vars(a,PKCS7_ISSUER_AND_SERIAL *,PKCS7_ISSUER_AND_SERIAL_new);
+	switch(type)
+		{
+	case EVP_CTRL_INIT:
+		data(c)->rounds = RC5_12_ROUNDS;
+		return 1;
 
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME);
-	M_ASN1_D2I_get(ret->serial,d2i_ASN1_INTEGER);
-	M_ASN1_D2I_Finish(a,PKCS7_ISSUER_AND_SERIAL_free,
-		ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL);
-	}
+	case EVP_CTRL_GET_RC5_ROUNDS:
+		*(int *)ptr = data(c)->rounds;
+		return 1;
+			
+	case EVP_CTRL_SET_RC5_ROUNDS:
+		switch(arg)
+			{
+		case RC5_8_ROUNDS:
+		case RC5_12_ROUNDS:
+		case RC5_16_ROUNDS:
+			data(c)->rounds = arg;
+			return 1;
 
-PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new()
-	{
-	PKCS7_ISSUER_AND_SERIAL *ret=NULL;
-	ASN1_CTX c;
+		default:
+			EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
+			return 0;
+			}
 
-	M_ASN1_New_Malloc(ret,PKCS7_ISSUER_AND_SERIAL);
-	M_ASN1_New(ret->issuer,X509_NAME_new);
-	M_ASN1_New(ret->serial,ASN1_INTEGER_new);
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW);
+	default:
+		return -1;
+		}
 	}
 
-void PKCS7_ISSUER_AND_SERIAL_free(a)
-PKCS7_ISSUER_AND_SERIAL *a;
+static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			       const unsigned char *iv, int enc)
 	{
-	if (a == NULL) return;
-	X509_NAME_free(a->issuer);
-	ASN1_INTEGER_free(a->serial);
-	Free((char *)a);
+	RC5_32_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
+		       key,data(ctx)->rounds);
+	return 1;
 	}
 
+#endif
diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c
index 0d7fda0c47..a6f849e93d 100644
--- a/crypto/evp/e_xcbc_d.c
+++ b/crypto/evp/e_xcbc_d.c
@@ -56,67 +56,67 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_DES
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/des.h>
 
-#ifndef NOPROTO
-static void desx_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
-	unsigned char *iv,int enc);
-static void desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	unsigned char *in, unsigned int inl);
-#else
-static void desx_cbc_init_key();
-static void desx_cbc_cipher();
-#endif
+static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			     const unsigned char *iv,int enc);
+static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			   const unsigned char *in, unsigned int inl);
+
+
+typedef struct
+    {
+    DES_key_schedule ks;/* key schedule */
+    DES_cblock inw;
+    DES_cblock outw;
+    } DESX_CBC_KEY;
+
+#define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data)
 
-static EVP_CIPHER d_xcbc_cipher=
+static const EVP_CIPHER d_xcbc_cipher=
 	{
 	NID_desx_cbc,
 	8,24,8,
+	EVP_CIPH_CBC_MODE,
 	desx_cbc_init_key,
 	desx_cbc_cipher,
 	NULL,
-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.desx_cbc)),
+	sizeof(DESX_CBC_KEY),
 	EVP_CIPHER_set_asn1_iv,
 	EVP_CIPHER_get_asn1_iv,
+	NULL
 	};
 
-EVP_CIPHER *EVP_desx_cbc()
+const EVP_CIPHER *EVP_desx_cbc(void)
 	{
 	return(&d_xcbc_cipher);
 	}
 	
-static void desx_cbc_init_key(ctx,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+			     const unsigned char *iv, int enc)
 	{
-	if (iv != NULL)
-		memcpy(&(ctx->oiv[0]),iv,8);
-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
-	if (key != NULL)
-		{
-		des_set_key((des_cblock *)key,ctx->c.desx_cbc.ks);
-		memcpy(&(ctx->c.desx_cbc.inw[0]),&(key[8]),8);
-		memcpy(&(ctx->c.desx_cbc.outw[0]),&(key[16]),8);
-		}
+	DES_cblock *deskey = (DES_cblock *)key;
+
+	DES_set_key_unchecked(deskey,&data(ctx)->ks);
+	memcpy(&data(ctx)->inw[0],&key[8],8);
+	memcpy(&data(ctx)->outw[0],&key[16],8);
+
+	return 1;
 	}
 
-static void desx_cbc_cipher(ctx,out,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-unsigned char *in;
-unsigned int inl;
+static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			   const unsigned char *in, unsigned int inl)
 	{
-	des_xcbc_encrypt(
-		(des_cblock *)in,(des_cblock *)out,
-		(long)inl, ctx->c.desx_cbc.ks,
-		(des_cblock *)&(ctx->iv[0]),
-		(des_cblock *)&(ctx->c.desx_cbc.inw[0]),
-		(des_cblock *)&(ctx->c.desx_cbc.outw[0]),
-		ctx->encrypt);
+	DES_xcbc_encrypt(in,out,inl,&data(ctx)->ks,
+			 (DES_cblock *)&(ctx->iv[0]),
+			 &data(ctx)->inw,
+			 &data(ctx)->outw,
+			 ctx->encrypt);
+	return 1;
 	}
+#endif
diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
index 14d47c1eed..08209357ce 100644
--- a/crypto/evp/encode.c
+++ b/crypto/evp/encode.c
@@ -58,10 +58,21 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
+#include <openssl/evp.h>
 
+#ifndef CHARSET_EBCDIC
 #define conv_bin2ascii(a)	(data_bin2ascii[(a)&0x3f])
 #define conv_ascii2bin(a)	(data_ascii2bin[(a)&0x7f])
+#else
+/* We assume that PEM encoded files are EBCDIC files
+ * (i.e., printable text files). Convert them here while decoding.
+ * When encoding, output is EBCDIC (text) format again.
+ * (No need for conversion in the conv_bin2ascii macro, as the
+ * underlying textstring data_bin2ascii[] is already EBCDIC)
+ */
+#define conv_bin2ascii(a)	(data_bin2ascii[(a)&0x3f])
+#define conv_ascii2bin(a)	(data_ascii2bin[os_toascii[a]&0x7f])
+#endif
 
 /* 64 char lines
  * pad input with 0
@@ -110,26 +121,22 @@ static unsigned char data_ascii2bin[128]={
 	0x31,0x32,0x33,0xFF,0xFF,0xFF,0xFF,0xFF,
 	};
 
-void EVP_EncodeInit(ctx)
-EVP_ENCODE_CTX *ctx;
+void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
 	{
 	ctx->length=48;
 	ctx->num=0;
 	ctx->line_num=0;
 	}
 
-void EVP_EncodeUpdate(ctx,out,outl,in,inl)
-EVP_ENCODE_CTX *ctx;
-unsigned char *out;
-int *outl;
-unsigned char *in;
-int inl;
+void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+	     unsigned char *in, int inl)
 	{
 	int i,j;
 	unsigned int total=0;
 
 	*outl=0;
 	if (inl == 0) return;
+	OPENSSL_assert(ctx->length <= sizeof ctx->enc_data);
 	if ((ctx->num+inl) < ctx->length)
 		{
 		memcpy(&(ctx->enc_data[ctx->num]),in,inl);
@@ -165,10 +172,7 @@ int inl;
 	*outl=total;
 	}
 
-void EVP_EncodeFinal(ctx,out,outl)
-EVP_ENCODE_CTX *ctx;
-unsigned char *out;
-int *outl;
+void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
 	{
 	unsigned int ret=0;
 
@@ -182,9 +186,7 @@ int *outl;
 	*outl=ret;
 	}
 
-int EVP_EncodeBlock(t,f,dlen)
-unsigned char *t,*f;
-int dlen;
+int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
 	{
 	int i,ret=0;
 	unsigned long l;
@@ -218,8 +220,7 @@ int dlen;
 	return(ret);
 	}
 
-void EVP_DecodeInit(ctx)
-EVP_ENCODE_CTX *ctx;
+void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
 	{
 	ctx->length=30;
 	ctx->num=0;
@@ -231,12 +232,8 @@ EVP_ENCODE_CTX *ctx;
  *  0 for last line
  *  1 for full line
  */
-int EVP_DecodeUpdate(ctx,out,outl,in,inl)
-EVP_ENCODE_CTX *ctx;
-unsigned char *out;
-int *outl;
-unsigned char *in;
-int inl;
+int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+	     unsigned char *in, int inl)
 	{
 	int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl;
 	unsigned char *d;
@@ -262,6 +259,7 @@ int inl;
 		/* only save the good data :-) */
 		if (!B64_NOT_BASE64(v))
 			{
+			OPENSSL_assert(n < sizeof ctx->enc_data);
 			d[n++]=tmp;
 			ln++;
 			}
@@ -281,6 +279,13 @@ int inl;
 			eof++;
 			}
 
+		if (v == B64_CR)
+			{
+			ln = 0;
+			if (exp_nl)
+				continue;
+			}
+
 		/* eoln */
 		if (v == B64_EOLN)
 			{
@@ -296,7 +301,17 @@ int inl;
 		/* If we are at the end of input and it looks like a
 		 * line, process it. */
 		if (((i+1) == inl) && (((n&3) == 0) || eof))
+			{
 			v=B64_EOF;
+			/* In case things were given us in really small
+			   records (so two '=' were given in separate
+			   updates), eof may contain the incorrect number
+			   of ending bytes to skip, so let's redo the count */
+			eof = 0;
+			if (d[n-1] == '=') eof++;
+			if (d[n-2] == '=') eof++;
+			/* There will never be more than two '=' */
+			}
 
 		if ((v == B64_EOF) || (n >= 64))
 			{
@@ -341,9 +356,7 @@ end:
 	return(rv);
 	}
 
-int EVP_DecodeBlock(t,f,n)
-unsigned char *t,*f;
-int n;
+int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
 	{
 	int i,ret=0,a,b,c,d;
 	unsigned long l;
@@ -383,10 +396,7 @@ int n;
 	return(ret);
 	}
 
-int EVP_DecodeFinal(ctx,out,outl)
-EVP_ENCODE_CTX *ctx;
-unsigned char *out;
-int *outl;
+int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
 	{
 	int i;
 
@@ -404,9 +414,7 @@ int *outl;
 	}
 
 #ifdef undef
-int EVP_DecodeValid(buf,len)
-unsigned char *buf;
-int len;
+int EVP_DecodeValid(unsigned char *buf, int len)
 	{
 	int i,num=0,bad=0;
 
diff --git a/crypto/evp/evp.err b/crypto/evp/evp.err
deleted file mode 100644
index b6ed829482..0000000000
--- a/crypto/evp/evp.err
+++ /dev/null
@@ -1,26 +0,0 @@
-/* Error codes for the EVP functions. */
-
-/* Function codes. */
-#define EVP_F_D2I_PKEY					 100
-#define EVP_F_EVP_DECRYPTFINAL				 101
-#define EVP_F_EVP_OPENINIT				 102
-#define EVP_F_EVP_PKEY_COPY_PARAMETERS			 103
-#define EVP_F_EVP_PKEY_DECRYPT				 104
-#define EVP_F_EVP_PKEY_ENCRYPT				 105
-#define EVP_F_EVP_PKEY_NEW				 106
-#define EVP_F_EVP_SIGNFINAL				 107
-#define EVP_F_EVP_VERIFYFINAL				 108
-#define EVP_F_RC2_MAGIC_TO_METH				 109
-
-/* Reason codes. */
-#define EVP_R_BAD_DECRYPT				 100
-#define EVP_R_DIFFERENT_KEY_TYPES			 101
-#define EVP_R_IV_TOO_LARGE				 102
-#define EVP_R_MISSING_PARMATERS				 103
-#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED		 104
-#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED		 105
-#define EVP_R_PUBLIC_KEY_NOT_RSA			 106
-#define EVP_R_UNSUPPORTED_CIPHER			 107
-#define EVP_R_UNSUPPORTED_KEY_SIZE			 108
-#define EVP_R_WRONG_FINAL_BLOCK_LENGTH			 109
-#define EVP_R_WRONG_PUBLIC_KEY_TYPE			 110
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index e6296ce834..10e9e414c5 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -59,84 +59,104 @@
 #ifndef HEADER_ENVELOPE_H
 #define HEADER_ENVELOPE_H
 
-#ifdef	__cplusplus
-extern "C" {
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# include <openssl/opensslconf.h>
+#else
+# define OPENSSL_ALGORITHM_DEFINES
+# include <openssl/opensslconf.h>
+# undef OPENSSL_ALGORITHM_DEFINES
 #endif
 
-#ifndef NO_MD2
-#include "md2.h"
+#include <openssl/ossl_typ.h>
+
+#include <openssl/symhacks.h>
+
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#ifndef OPENSSL_NO_MD2
+#include <openssl/md2.h>
 #endif
-#ifndef NO_MD5
-#include "md5.h"
+#ifndef OPENSSL_NO_MD4
+#include <openssl/md4.h>
 #endif
-#if !defined(NO_SHA) || !defined(NO_SHA1)
-#include "sha.h"
+#ifndef OPENSSL_NO_MD5
+#include <openssl/md5.h>
 #endif
-#ifndef NO_RMD160
-#include "ripemd.h"
+#ifndef OPENSSL_NO_SHA
+#include <openssl/sha.h>
 #endif
-#ifndef NO_DES
-#include "des.h"
+#ifndef OPENSSL_NO_RIPEMD
+#include <openssl/ripemd.h>
 #endif
-#ifndef NO_RC4
-#include "rc4.h"
+#ifndef OPENSSL_NO_DES
+#include <openssl/des.h>
 #endif
-#ifndef NO_RC2
-#include "rc2.h"
+#ifndef OPENSSL_NO_RC4
+#include <openssl/rc4.h>
 #endif
-#ifndef NO_RC5
-#include "rc5.h"
+#ifndef OPENSSL_NO_RC2
+#include <openssl/rc2.h>
 #endif
-#ifndef NO_BLOWFISH
-#include "blowfish.h"
+#ifndef OPENSSL_NO_RC5
+#include <openssl/rc5.h>
 #endif
-#ifndef NO_CAST
-#include "cast.h"
+#ifndef OPENSSL_NO_BF
+#include <openssl/blowfish.h>
 #endif
-#ifndef NO_IDEA
-#include "idea.h"
+#ifndef OPENSSL_NO_CAST
+#include <openssl/cast.h>
 #endif
-#ifndef NO_MDC2
-#include "mdc2.h"
+#ifndef OPENSSL_NO_IDEA
+#include <openssl/idea.h>
+#endif
+#ifndef OPENSSL_NO_MDC2
+#include <openssl/mdc2.h>
+#endif
+#ifndef OPENSSL_NO_AES
+#include <openssl/aes.h>
 #endif
 
+/*
 #define EVP_RC2_KEY_SIZE		16
 #define EVP_RC4_KEY_SIZE		16
 #define EVP_BLOWFISH_KEY_SIZE		16
 #define EVP_CAST5_KEY_SIZE		16
 #define EVP_RC5_32_12_16_KEY_SIZE	16
+*/
 #define EVP_MAX_MD_SIZE			(16+20) /* The SSLv3 md5+sha1 type */
-#define EVP_MAX_KEY_LENGTH		24
-#define EVP_MAX_IV_LENGTH		8
+#define EVP_MAX_KEY_LENGTH		32
+#define EVP_MAX_IV_LENGTH		16
+#define EVP_MAX_BLOCK_LENGTH		32
 
-#ifndef NO_RSA
-#include "rsa.h"
-#else
-#define RSA	long
+#define PKCS5_SALT_LEN			8
+/* Default PKCS#5 iteration count */
+#define PKCS5_DEFAULT_ITER		2048
+
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
 #endif
 
-#ifndef NO_DSA
-#include "dsa.h"
-#else
-#define DSA	long
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
 #endif
 
-#ifndef NO_DH
-#include "dh.h"
-#else
-#define DH	long
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
 #endif
 
-#include "objects.h"
+#include <openssl/objects.h>
 
 #define EVP_PK_RSA	0x0001
 #define EVP_PK_DSA	0x0002
 #define EVP_PK_DH	0x0004
+#define EVP_PK_EC	0x0008
 #define EVP_PKT_SIGN	0x0010
 #define EVP_PKT_ENC	0x0020
 #define EVP_PKT_EXCH	0x0040
 #define EVP_PKS_RSA	0x0100
 #define EVP_PKS_DSA	0x0200
+#define EVP_PKS_EC	0x0400
 #define EVP_PKT_EXP	0x1000 /* <= 512 bit key */
 
 #define EVP_PKEY_NONE	NID_undef
@@ -148,28 +168,38 @@ extern "C" {
 #define EVP_PKEY_DSA3	NID_dsaWithSHA1
 #define EVP_PKEY_DSA4	NID_dsaWithSHA1_2
 #define EVP_PKEY_DH	NID_dhKeyAgreement
+#define EVP_PKEY_EC	NID_X9_62_id_ecPublicKey
+
+#ifdef	__cplusplus
+extern "C" {
+#endif
 
 /* Type needs to be a bit field
  * Sub-type needs to be for variations on the method, as in, can it do
- * arbitary encryption.... */
-typedef struct evp_pkey_st
+ * arbitrary encryption.... */
+struct evp_pkey_st
 	{
 	int type;
 	int save_type;
 	int references;
 	union	{
 		char *ptr;
+#ifndef OPENSSL_NO_RSA
 		struct rsa_st *rsa;	/* RSA */
+#endif
+#ifndef OPENSSL_NO_DSA
 		struct dsa_st *dsa;	/* DSA */
+#endif
+#ifndef OPENSSL_NO_DH
 		struct dh_st *dh;	/* DH */
+#endif
+#ifndef OPENSSL_NO_EC
+		struct ec_key_st *eckey;/* ECC */
+#endif
 		} pkey;
 	int save_parameters;
-#ifdef HEADER_STACK_H
-	STACK /* X509_ATTRIBUTE */ *attributes; /* [ 0 ] */
-#else
-	char /* X509_ATTRIBUTE */ *attributes; /* [ 0 ] */
-#endif
-	} EVP_PKEY;
+	STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
+	} /* EVP_PKEY */;
 
 #define EVP_PKEY_MO_SIGN	0x0001
 #define EVP_PKEY_MO_VERIFY	0x0002
@@ -194,28 +224,28 @@ typedef struct evp_pkey_md_st
 	EVP_PKEY_METHOD *pkey;
 	} EVP_PKEY_MD;
 
-#define EVP_rsa_md2()
+#define EVP_rsa_md2() \
 		EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\
 			EVP_rsa_pkcs1(),EVP_md2())
-#define EVP_rsa_md5()
+#define EVP_rsa_md5() \
 		EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\
 			EVP_rsa_pkcs1(),EVP_md5())
-#define EVP_rsa_sha0()
+#define EVP_rsa_sha0() \
 		EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\
 			EVP_rsa_pkcs1(),EVP_sha())
-#define EVP_rsa_sha1()
+#define EVP_rsa_sha1() \
 		EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\
 			EVP_rsa_pkcs1(),EVP_sha1())
-#define EVP_rsa_ripemd160()
+#define EVP_rsa_ripemd160() \
 		EVP_PKEY_MD_add(NID_ripemd160WithRSA,\
 			EVP_rsa_pkcs1(),EVP_ripemd160())
-#define EVP_rsa_mdc2()
+#define EVP_rsa_mdc2() \
 		EVP_PKEY_MD_add(NID_mdc2WithRSA,\
 			EVP_rsa_octet_string(),EVP_mdc2())
-#define EVP_dsa_sha()
+#define EVP_dsa_sha() \
 		EVP_PKEY_MD_add(NID_dsaWithSHA,\
-			EVP_dsa(),EVP_mdc2())
-#define EVP_dsa_sha1()
+			EVP_dsa(),EVP_sha())
+#define EVP_dsa_sha1() \
 		EVP_PKEY_MD_add(NID_dsaWithSHA1,\
 			EVP_dsa(),EVP_sha1())
 
@@ -230,7 +260,6 @@ typedef struct evp_pkey_method_st
 	int (*sign)();
 	int (*verify)();
 	struct	{
-		int
 		int (*set)();	/* get and/or set the underlying type */
 		int (*get)();
 		int (*encrypt)();
@@ -245,25 +274,32 @@ typedef struct evp_pkey_method_st
 #endif
 
 #ifndef EVP_MD
-typedef struct env_md_st
+struct env_md_st
 	{
 	int type;
 	int pkey_type;
 	int md_size;
-	void (*init)();
-	void (*update)();
-	void (*final)();
-
+	unsigned long flags;
+	int (*init)(EVP_MD_CTX *ctx);
+	int (*update)(EVP_MD_CTX *ctx,const void *data,unsigned long count);
+	int (*final)(EVP_MD_CTX *ctx,unsigned char *md);
+	int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from);
+	int (*cleanup)(EVP_MD_CTX *ctx);
+
+	/* FIXME: prototype these some day */
 	int (*sign)();
 	int (*verify)();
 	int required_pkey_type[5]; /*EVP_PKEY_xxx */
 	int block_size;
-	int ctx_size; /* how big does the ctx need to be */
-	} EVP_MD;
+	int ctx_size; /* how big does the ctx->md_data need to be */
+	} /* EVP_MD */;
+
+#define EVP_MD_FLAG_ONESHOT	0x0001 /* digest can only handle a single
+					* block */
 
 #define EVP_PKEY_NULL_method	NULL,NULL,{0,0,0,0}
 
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 #define EVP_PKEY_DSA_method	DSA_sign,DSA_verify, \
 				{EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \
 					EVP_PKEY_DSA4,0}
@@ -271,7 +307,14 @@ typedef struct env_md_st
 #define EVP_PKEY_DSA_method	EVP_PKEY_NULL_method
 #endif
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_ECDSA
+#define EVP_PKEY_ECDSA_method   ECDSA_sign,ECDSA_verify, \
+                                 {EVP_PKEY_EC,0,0,0}
+#else   
+#define EVP_PKEY_ECDSA_method   EVP_PKEY_NULL_method
+#endif
+
+#ifndef OPENSSL_NO_RSA
 #define EVP_PKEY_RSA_method	RSA_sign,RSA_verify, \
 				{EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0}
 #define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \
@@ -285,103 +328,98 @@ typedef struct env_md_st
 
 #endif /* !EVP_MD */
 
-typedef struct env_md_ctx_st
+struct env_md_ctx_st
 	{
-	EVP_MD *digest;
-	union	{
-		unsigned char base[4];
-#ifndef NO_MD2
-		MD2_CTX md2;
-#endif
-#ifndef NO_MD5
-		MD5_CTX md5;
-#endif
-#ifndef NO_RMD160
-		RIPEMD160_CTX ripemd160;
-#endif
-#if !defined(NO_SHA) || !defined(NO_SHA1)
-		SHA_CTX sha;
-#endif
-#ifndef NO_MDC2
-		MDC2_CTX mdc2;
-#endif
-		} md;
-	} EVP_MD_CTX;
+	const EVP_MD *digest;
+	ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */
+	unsigned long flags;
+	void *md_data;
+	} /* EVP_MD_CTX */;
+
+/* values for EVP_MD_CTX flags */
 
-typedef struct evp_cipher_st
+#define EVP_MD_CTX_FLAG_ONESHOT		0x0001 /* digest update will be called
+						* once only */
+#define EVP_MD_CTX_FLAG_CLEANED		0x0002 /* context has already been
+						* cleaned */
+
+struct evp_cipher_st
 	{
 	int nid;
 	int block_size;
-	int key_len;
+	int key_len;		/* Default value for variable length ciphers */
 	int iv_len;
-	void (*init)();		/* init for encryption */
-	void (*do_cipher)();	/* encrypt data */
-	void (*cleanup)();	/* used by cipher method */ 
-	int ctx_size;		/* how big the ctx needs to be */
-	/* int set_asn1_parameters(EVP_CIPHER_CTX,ASN1_TYPE *); */
-	int (*set_asn1_parameters)(); /* Populate a ASN1_TYPE with parameters */
-	/* int get_asn1_parameters(EVP_CIPHER_CTX,ASN1_TYPE *); */
-	int (*get_asn1_parameters)(); /* Get parameters from a ASN1_TYPE */
-	} EVP_CIPHER;
+	unsigned long flags;	/* Various flags */
+	int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+		    const unsigned char *iv, int enc);	/* init key */
+	int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			 const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */
+	int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */
+	int ctx_size;		/* how big ctx->cipher_data needs to be */
+	int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */
+	int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */
+	int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */
+	void *app_data;		/* Application data */
+	} /* EVP_CIPHER */;
+
+/* Values for cipher flags */
+
+/* Modes for ciphers */
+
+#define		EVP_CIPH_STREAM_CIPHER		0x0
+#define		EVP_CIPH_ECB_MODE		0x1
+#define		EVP_CIPH_CBC_MODE		0x2
+#define		EVP_CIPH_CFB_MODE		0x3
+#define		EVP_CIPH_OFB_MODE		0x4
+#define 	EVP_CIPH_MODE			0x7
+/* Set if variable length cipher */
+#define 	EVP_CIPH_VARIABLE_LENGTH	0x8
+/* Set if the iv handling should be done by the cipher itself */
+#define 	EVP_CIPH_CUSTOM_IV		0x10
+/* Set if the cipher's init() function should be called if key is NULL */
+#define 	EVP_CIPH_ALWAYS_CALL_INIT	0x20
+/* Call ctrl() to init cipher parameters */
+#define 	EVP_CIPH_CTRL_INIT		0x40
+/* Don't use standard key length function */
+#define 	EVP_CIPH_CUSTOM_KEY_LENGTH	0x80
+/* Don't use standard block padding */
+#define 	EVP_CIPH_NO_PADDING		0x100
+
+/* ctrl() values */
+
+#define		EVP_CTRL_INIT			0x0
+#define 	EVP_CTRL_SET_KEY_LENGTH		0x1
+#define 	EVP_CTRL_GET_RC2_KEY_BITS	0x2
+#define 	EVP_CTRL_SET_RC2_KEY_BITS	0x3
+#define 	EVP_CTRL_GET_RC5_ROUNDS		0x4
+#define 	EVP_CTRL_SET_RC5_ROUNDS		0x5
 
 typedef struct evp_cipher_info_st
 	{
-	EVP_CIPHER *cipher;
+	const EVP_CIPHER *cipher;
 	unsigned char iv[EVP_MAX_IV_LENGTH];
 	} EVP_CIPHER_INFO;
 
-typedef struct evp_cipher_ctx_st
+struct evp_cipher_ctx_st
 	{
-	EVP_CIPHER *cipher;
+	const EVP_CIPHER *cipher;
+	ENGINE *engine;	/* functional reference if 'cipher' is ENGINE-provided */
 	int encrypt;		/* encrypt or decrypt */
 	int buf_len;		/* number we have left */
 
 	unsigned char  oiv[EVP_MAX_IV_LENGTH];	/* original iv */
 	unsigned char  iv[EVP_MAX_IV_LENGTH];	/* working iv */
-	unsigned char buf[EVP_MAX_IV_LENGTH];	/* saved partial block */
+	unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */
 	int num;				/* used by cfb/ofb mode */
 
-	char *app_data;		/* aplication stuff */
-	union	{
-#ifndef NO_RC4
-		struct
-			{
-			unsigned char key[EVP_RC4_KEY_SIZE];
-			RC4_KEY ks;	/* working key */
-			} rc4;
-#endif
-#ifndef NO_DES
-		des_key_schedule des_ks;/* key schedule */
-		struct
-			{
-			des_key_schedule ks;/* key schedule */
-			C_Block inw;
-			C_Block outw;
-			} desx_cbc;
-		struct
-			{
-			des_key_schedule ks1;/* key schedule */
-			des_key_schedule ks2;/* key schedule (for ede) */
-			des_key_schedule ks3;/* key schedule (for ede3) */
-			} des_ede;
-#endif
-#ifndef NO_IDEA
-		IDEA_KEY_SCHEDULE idea_ks;/* key schedule */
-#endif
-#ifndef NO_RC2
-		RC2_KEY rc2_ks;/* key schedule */
-#endif
-#ifndef NO_RC5
-		RC5_32_KEY rc5_ks;/* key schedule */
-#endif
-#ifndef NO_BLOWFISH
-		BF_KEY bf_ks;/* key schedule */
-#endif
-#ifndef NO_CAST
-		CAST_KEY cast_ks;/* key schedule */
-#endif
-		} c;
-	} EVP_CIPHER_CTX;
+	void *app_data;		/* application stuff */
+	int key_len;		/* May change for variable length cipher */
+	unsigned long flags;	/* Various flags */
+	void *cipher_data; /* per EVP data */
+	int final_used;
+	int block_mask;
+	unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */
+	} /* EVP_CIPHER_CTX */;
 
 typedef struct evp_Encode_Ctx_st
 	{
@@ -396,12 +434,30 @@ typedef struct evp_Encode_Ctx_st
 	int expect_nl;
 	} EVP_ENCODE_CTX;
 
+/* Password based encryption function */
+typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+		ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                const EVP_MD *md, int en_de);
+
+#ifndef OPENSSL_NO_RSA
 #define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
 					(char *)(rsa))
+#endif
+
+#ifndef OPENSSL_NO_DSA
 #define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
 					(char *)(dsa))
+#endif
+
+#ifndef OPENSSL_NO_DH
 #define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\
 					(char *)(dh))
+#endif
+
+#ifndef OPENSSL_NO_EC
+#define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\
+                                        (char *)(eckey))
+#endif
 
 /* Add some extra combinations */
 #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
@@ -410,38 +466,53 @@ typedef struct evp_Encode_Ctx_st
 #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
 
 #define EVP_MD_type(e)			((e)->type)
+#define EVP_MD_nid(e)			EVP_MD_type(e)
+#define EVP_MD_name(e)			OBJ_nid2sn(EVP_MD_nid(e))
 #define EVP_MD_pkey_type(e)		((e)->pkey_type)
 #define EVP_MD_size(e)			((e)->md_size)
 #define EVP_MD_block_size(e)		((e)->block_size)
 
+#define EVP_MD_CTX_md(e)		((e)->digest)
 #define EVP_MD_CTX_size(e)		EVP_MD_size((e)->digest)
 #define EVP_MD_CTX_block_size(e)	EVP_MD_block_size((e)->digest)
-#define EVP_MD_CTX_type(e)		((e)->digest)
+#define EVP_MD_CTX_type(e)		EVP_MD_type((e)->digest)
 
 #define EVP_CIPHER_nid(e)		((e)->nid)
+#define EVP_CIPHER_name(e)		OBJ_nid2sn(EVP_CIPHER_nid(e))
 #define EVP_CIPHER_block_size(e)	((e)->block_size)
 #define EVP_CIPHER_key_length(e)	((e)->key_len)
 #define EVP_CIPHER_iv_length(e)		((e)->iv_len)
+#define EVP_CIPHER_flags(e)		((e)->flags)
+#define EVP_CIPHER_mode(e)		(((e)->flags) & EVP_CIPH_MODE)
 
 #define EVP_CIPHER_CTX_cipher(e)	((e)->cipher)
 #define EVP_CIPHER_CTX_nid(e)		((e)->cipher->nid)
 #define EVP_CIPHER_CTX_block_size(e)	((e)->cipher->block_size)
-#define EVP_CIPHER_CTX_key_length(e)	((e)->cipher->key_len)
+#define EVP_CIPHER_CTX_key_length(e)	((e)->key_len)
 #define EVP_CIPHER_CTX_iv_length(e)	((e)->cipher->iv_len)
 #define EVP_CIPHER_CTX_get_app_data(e)	((e)->app_data)
 #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d))
+#define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
+#define EVP_CIPHER_CTX_flags(e)		((e)->cipher->flags)
+#define EVP_CIPHER_CTX_mode(e)		((e)->cipher->flags & EVP_CIPH_MODE)
 
 #define EVP_ENCODE_LENGTH(l)	(((l+2)/3*4)+(l/48+1)*2+80)
 #define EVP_DECODE_LENGTH(l)	((l+3)/4*3+80)
 
+#define EVP_SignInit_ex(a,b,c)		EVP_DigestInit_ex(a,b,c)
 #define EVP_SignInit(a,b)		EVP_DigestInit(a,b)
 #define EVP_SignUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)
+#define	EVP_VerifyInit_ex(a,b,c)	EVP_DigestInit_ex(a,b,c)
 #define	EVP_VerifyInit(a,b)		EVP_DigestInit(a,b)
 #define	EVP_VerifyUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)
 #define EVP_OpenUpdate(a,b,c,d,e)	EVP_DecryptUpdate(a,b,c,d,e)
 #define EVP_SealUpdate(a,b,c,d,e)	EVP_EncryptUpdate(a,b,c,d,e)	
 
-#define BIO_set_md(b,md)		BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md)
+#ifdef CONST_STRICT
+void BIO_set_md(BIO *,const EVP_MD *md);
+#else
+# define BIO_set_md(b,md)		BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md)
+#endif
 #define BIO_get_md(b,mdp)		BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp)
 #define BIO_get_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp)
 #define BIO_get_cipher_status(b)	BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
@@ -458,39 +529,61 @@ typedef struct evp_Encode_Ctx_st
 #define EVP_delete_digest_alias(alias) \
 	OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
 
-#ifndef NOPROTO
-
-void	EVP_DigestInit(EVP_MD_CTX *ctx, EVP_MD *type);
-void	EVP_DigestUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt);
-void	EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
-
-int	EVP_read_pw_string(char *buf,int length,char *prompt,int verify);
+void	EVP_MD_CTX_init(EVP_MD_CTX *ctx);
+int	EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
+EVP_MD_CTX *EVP_MD_CTX_create(void);
+void	EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
+int     EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+#define EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs))
+#define EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs))
+#define EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs))
+int	EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+int	EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d,
+			 unsigned int cnt);
+int	EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
+int	EVP_Digest(void *data, unsigned int count,
+		unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl);
+
+int     EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+int	EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+int	EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s);
+
+int	EVP_read_pw_string(char *buf,int length,const char *prompt,int verify);
 void	EVP_set_pw_prompt(char *prompt);
 char *	EVP_get_pw_prompt(void);
 
-int	EVP_BytesToKey(EVP_CIPHER *type,EVP_MD *md,unsigned char *salt,
-		unsigned char *data, int datal, int count,
-		unsigned char *key,unsigned char *iv);
-
-EVP_CIPHER *EVP_get_cipherbyname(char *name);
-
-void	EVP_EncryptInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,
-		unsigned char *key, unsigned char *iv);
-void	EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		int *outl, unsigned char *in, int inl);
-void	EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-
-void	EVP_DecryptInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,
-		unsigned char *key, unsigned char *iv);
-void	EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		int *outl, unsigned char *in, int inl);
+int	EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
+		const unsigned char *salt, const unsigned char *data,
+		int datal, int count, unsigned char *key,unsigned char *iv);
+
+int	EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
+		const unsigned char *key, const unsigned char *iv);
+int	EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
+		const unsigned char *key, const unsigned char *iv);
+int	EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+		int *outl, const unsigned char *in, int inl);
+int	EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+int	EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+
+int	EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
+		const unsigned char *key, const unsigned char *iv);
+int	EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
+		const unsigned char *key, const unsigned char *iv);
+int	EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+		int *outl, const unsigned char *in, int inl);
 int	EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
-
-void	EVP_CipherInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type, unsigned char *key,
-		unsigned char *iv,int enc);
-void	EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		int *outl, unsigned char *in, int inl);
+int	EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+
+int	EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher,
+		       const unsigned char *key,const unsigned char *iv,
+		       int enc);
+int	EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
+		       const unsigned char *key,const unsigned char *iv,
+		       int enc);
+int	EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+		int *outl, const unsigned char *in, int inl);
 int	EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
+int	EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
 
 int	EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
 		EVP_PKEY *pkey);
@@ -498,99 +591,174 @@ int	EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s,
 int	EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf,
 		unsigned int siglen,EVP_PKEY *pkey);
 
-int	EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
+int	EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *ek,
 		int ekl,unsigned char *iv,EVP_PKEY *priv);
 int	EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
 
-int	EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
+int	EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
 		int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
-void	EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
+int	EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
 
 void	EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
 void	EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,
 		int *outl,unsigned char *in,int inl);
 void	EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl);
-int	EVP_EncodeBlock(unsigned char *t, unsigned char *f, int n);
+int	EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
 
 void	EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
 int	EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
 		unsigned char *in, int inl);
 int	EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
 		char *out, int *outl);
-int	EVP_DecodeBlock(unsigned char *t, unsigned
-		char *f, int n);
-
-void	ERR_load_EVP_strings(void );
+int	EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
 
 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
-void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
+int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
+int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
+int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
 
-#ifdef HEADER_BIO_H
+#ifndef OPENSSL_NO_BIO
 BIO_METHOD *BIO_f_md(void);
 BIO_METHOD *BIO_f_base64(void);
 BIO_METHOD *BIO_f_cipher(void);
-void BIO_set_cipher(BIO *b,EVP_CIPHER *c,unsigned char *k,
+BIO_METHOD *BIO_f_reliable(void);
+void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k,
 	unsigned char *i, int enc);
 #endif
 
-EVP_MD *EVP_md_null(void);
-EVP_MD *EVP_md2(void);
-EVP_MD *EVP_md5(void);
-EVP_MD *EVP_sha(void);
-EVP_MD *EVP_sha1(void);
-EVP_MD *EVP_dss(void);
-EVP_MD *EVP_dss1(void);
-EVP_MD *EVP_mdc2(void);
-EVP_MD *EVP_ripemd160(void);
-
-EVP_CIPHER *EVP_enc_null(void);		/* does nothing :-) */
-EVP_CIPHER *EVP_des_ecb(void);
-EVP_CIPHER *EVP_des_ede(void);
-EVP_CIPHER *EVP_des_ede3(void);
-EVP_CIPHER *EVP_des_cfb(void);
-EVP_CIPHER *EVP_des_ede_cfb(void);
-EVP_CIPHER *EVP_des_ede3_cfb(void);
-EVP_CIPHER *EVP_des_ofb(void);
-EVP_CIPHER *EVP_des_ede_ofb(void);
-EVP_CIPHER *EVP_des_ede3_ofb(void);
-EVP_CIPHER *EVP_des_cbc(void);
-EVP_CIPHER *EVP_des_ede_cbc(void);
-EVP_CIPHER *EVP_des_ede3_cbc(void);
-EVP_CIPHER *EVP_desx_cbc(void);
-EVP_CIPHER *EVP_rc4(void);
-EVP_CIPHER *EVP_rc4_40(void);
-EVP_CIPHER *EVP_idea_ecb(void);
-EVP_CIPHER *EVP_idea_cfb(void);
-EVP_CIPHER *EVP_idea_ofb(void);
-EVP_CIPHER *EVP_idea_cbc(void);
-EVP_CIPHER *EVP_rc2_ecb(void);
-EVP_CIPHER *EVP_rc2_cbc(void);
-EVP_CIPHER *EVP_rc2_40_cbc(void);
-EVP_CIPHER *EVP_rc2_64_cbc(void);
-EVP_CIPHER *EVP_rc2_cfb(void);
-EVP_CIPHER *EVP_rc2_ofb(void);
-EVP_CIPHER *EVP_bf_ecb(void);
-EVP_CIPHER *EVP_bf_cbc(void);
-EVP_CIPHER *EVP_bf_cfb(void);
-EVP_CIPHER *EVP_bf_ofb(void);
-EVP_CIPHER *EVP_cast5_ecb(void);
-EVP_CIPHER *EVP_cast5_cbc(void);
-EVP_CIPHER *EVP_cast5_cfb(void);
-EVP_CIPHER *EVP_cast5_ofb(void);
-EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
-EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
-EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
-EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
-
-void SSLeay_add_all_algorithms(void);
-void SSLeay_add_all_ciphers(void);
-void SSLeay_add_all_digests(void);
-
-int EVP_add_cipher(EVP_CIPHER *cipher);
-int EVP_add_digest(EVP_MD *digest);
-
-EVP_CIPHER *EVP_get_cipherbyname(char *name);
-EVP_MD *EVP_get_digestbyname(char *name);
+const EVP_MD *EVP_md_null(void);
+#ifndef OPENSSL_NO_MD2
+const EVP_MD *EVP_md2(void);
+#endif
+#ifndef OPENSSL_NO_MD4
+const EVP_MD *EVP_md4(void);
+#endif
+#ifndef OPENSSL_NO_MD5
+const EVP_MD *EVP_md5(void);
+#endif
+#ifndef OPENSSL_NO_SHA
+const EVP_MD *EVP_sha(void);
+const EVP_MD *EVP_sha1(void);
+const EVP_MD *EVP_dss(void);
+const EVP_MD *EVP_dss1(void);
+const EVP_MD *EVP_ecdsa(void);
+#endif
+#ifndef OPENSSL_NO_MDC2
+const EVP_MD *EVP_mdc2(void);
+#endif
+#ifndef OPENSSL_NO_RIPEMD
+const EVP_MD *EVP_ripemd160(void);
+#endif
+const EVP_CIPHER *EVP_enc_null(void);		/* does nothing :-) */
+#ifndef OPENSSL_NO_DES
+const EVP_CIPHER *EVP_des_ecb(void);
+const EVP_CIPHER *EVP_des_ede(void);
+const EVP_CIPHER *EVP_des_ede3(void);
+const EVP_CIPHER *EVP_des_ede_ecb(void);
+const EVP_CIPHER *EVP_des_ede3_ecb(void);
+const EVP_CIPHER *EVP_des_cfb(void);
+const EVP_CIPHER *EVP_des_ede_cfb(void);
+const EVP_CIPHER *EVP_des_ede3_cfb(void);
+const EVP_CIPHER *EVP_des_ofb(void);
+const EVP_CIPHER *EVP_des_ede_ofb(void);
+const EVP_CIPHER *EVP_des_ede3_ofb(void);
+const EVP_CIPHER *EVP_des_cbc(void);
+const EVP_CIPHER *EVP_des_ede_cbc(void);
+const EVP_CIPHER *EVP_des_ede3_cbc(void);
+const EVP_CIPHER *EVP_desx_cbc(void);
+/* This should now be supported through the dev_crypto ENGINE. But also, why are
+ * rc4 and md5 declarations made here inside a "NO_DES" precompiler branch? */
+#if 0
+# ifdef OPENSSL_OPENBSD_DEV_CRYPTO
+const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void);
+const EVP_CIPHER *EVP_dev_crypto_rc4(void);
+const EVP_MD *EVP_dev_crypto_md5(void);
+# endif
+#endif
+#endif
+#ifndef OPENSSL_NO_RC4
+const EVP_CIPHER *EVP_rc4(void);
+const EVP_CIPHER *EVP_rc4_40(void);
+#endif
+#ifndef OPENSSL_NO_IDEA
+const EVP_CIPHER *EVP_idea_ecb(void);
+const EVP_CIPHER *EVP_idea_cfb(void);
+const EVP_CIPHER *EVP_idea_ofb(void);
+const EVP_CIPHER *EVP_idea_cbc(void);
+#endif
+#ifndef OPENSSL_NO_RC2
+const EVP_CIPHER *EVP_rc2_ecb(void);
+const EVP_CIPHER *EVP_rc2_cbc(void);
+const EVP_CIPHER *EVP_rc2_40_cbc(void);
+const EVP_CIPHER *EVP_rc2_64_cbc(void);
+const EVP_CIPHER *EVP_rc2_cfb(void);
+const EVP_CIPHER *EVP_rc2_ofb(void);
+#endif
+#ifndef OPENSSL_NO_BF
+const EVP_CIPHER *EVP_bf_ecb(void);
+const EVP_CIPHER *EVP_bf_cbc(void);
+const EVP_CIPHER *EVP_bf_cfb(void);
+const EVP_CIPHER *EVP_bf_ofb(void);
+#endif
+#ifndef OPENSSL_NO_CAST
+const EVP_CIPHER *EVP_cast5_ecb(void);
+const EVP_CIPHER *EVP_cast5_cbc(void);
+const EVP_CIPHER *EVP_cast5_cfb(void);
+const EVP_CIPHER *EVP_cast5_ofb(void);
+#endif
+#ifndef OPENSSL_NO_RC5
+const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
+#endif
+#ifndef OPENSSL_NO_AES
+const EVP_CIPHER *EVP_aes_128_ecb(void);
+const EVP_CIPHER *EVP_aes_128_cbc(void);
+const EVP_CIPHER *EVP_aes_128_cfb(void);
+const EVP_CIPHER *EVP_aes_128_ofb(void);
+#if 0
+const EVP_CIPHER *EVP_aes_128_ctr(void);
+#endif
+const EVP_CIPHER *EVP_aes_192_ecb(void);
+const EVP_CIPHER *EVP_aes_192_cbc(void);
+const EVP_CIPHER *EVP_aes_192_cfb(void);
+const EVP_CIPHER *EVP_aes_192_ofb(void);
+#if 0
+const EVP_CIPHER *EVP_aes_192_ctr(void);
+#endif
+const EVP_CIPHER *EVP_aes_256_ecb(void);
+const EVP_CIPHER *EVP_aes_256_cbc(void);
+const EVP_CIPHER *EVP_aes_256_cfb(void);
+const EVP_CIPHER *EVP_aes_256_ofb(void);
+#if 0
+const EVP_CIPHER *EVP_aes_256_ctr(void);
+#endif
+#endif
+
+void OPENSSL_add_all_algorithms_noconf(void);
+void OPENSSL_add_all_algorithms_conf(void);
+
+#ifdef OPENSSL_LOAD_CONF
+#define OpenSSL_add_all_algorithms() \
+		OPENSSL_add_all_algorithms_conf()
+#else
+#define OpenSSL_add_all_algorithms() \
+		OPENSSL_add_all_algorithms_noconf()
+#endif
+
+void OpenSSL_add_all_ciphers(void);
+void OpenSSL_add_all_digests(void);
+#define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms()
+#define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers()
+#define SSLeay_add_all_digests() OpenSSL_add_all_digests()
+
+int EVP_add_cipher(const EVP_CIPHER *cipher);
+int EVP_add_digest(const EVP_MD *digest);
+
+const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
+const EVP_MD *EVP_get_digestbyname(const char *name);
 void EVP_cleanup(void);
 
 int		EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key,
@@ -601,6 +769,28 @@ int		EVP_PKEY_type(int type);
 int		EVP_PKEY_bits(EVP_PKEY *pkey);
 int		EVP_PKEY_size(EVP_PKEY *pkey);
 int 		EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key);
+
+#ifndef OPENSSL_NO_RSA
+struct rsa_st;
+int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,struct rsa_st *key);
+struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
+#endif
+#ifndef OPENSSL_NO_DSA
+struct dsa_st;
+int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,struct dsa_st *key);
+struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
+#endif
+#ifndef OPENSSL_NO_DH
+struct dh_st;
+int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key);
+struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+#endif
+#ifndef OPENSSL_NO_EC
+struct ec_key_st;
+int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,struct ec_key_st *key);
+struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
+#endif
+
 EVP_PKEY *	EVP_PKEY_new(void);
 void		EVP_PKEY_free(EVP_PKEY *pkey);
 EVP_PKEY *	d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp,
@@ -609,6 +799,8 @@ int		i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
 
 EVP_PKEY *	d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp,
 			long length);
+EVP_PKEY *	d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp,
+			long length);
 int		i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
 
 int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from);
@@ -616,6 +808,8 @@ int EVP_PKEY_missing_parameters(EVP_PKEY *pkey);
 int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode);
 int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b);
 
+int EVP_CIPHER_type(const EVP_CIPHER *ctx);
+
 /* calls methods */
 int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
 int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
@@ -624,180 +818,113 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
 int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
 int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type);
 
-#else
-
-void	EVP_DigestInit();
-void	EVP_DigestUpdate();
-void	EVP_DigestFinal();
-
-int	EVP_read_pw_string();
-void	EVP_set_pw_prompt();
-char *	EVP_get_pw_prompt();
-
-int	EVP_BytesToKey();
-
-EVP_CIPHER *EVP_get_cipherbyname();
-
-void	EVP_EncryptInit();
-void	EVP_EncryptUpdate();
-void	EVP_EncryptFinal();
-
-void	EVP_DecryptInit();
-void	EVP_DecryptUpdate();
-int	EVP_DecryptFinal();
-
-void	EVP_CipherInit();
-void	EVP_CipherUpdate();
-int	EVP_CipherFinal();
-
-int	EVP_SignFinal();
-
-int	EVP_VerifyFinal();
-
-int	EVP_OpenInit();
-int	EVP_OpenFinal();
-
-int	EVP_SealInit();
-void	EVP_SealFinal();
-
-void	EVP_EncodeInit();
-void	EVP_EncodeUpdate();
-void	EVP_EncodeFinal();
-int	EVP_EncodeBlock();
-
-void	EVP_DecodeInit();
-int	EVP_DecodeUpdate();
-int	EVP_DecodeFinal();
-int	EVP_DecodeBlock();
-
-void	ERR_load_EVP_strings();
-
-void EVP_CIPHER_CTX_init();
-void EVP_CIPHER_CTX_cleanup();
-
-#ifdef HEADER_BIO_H
-BIO_METHOD *BIO_f_md();
-BIO_METHOD *BIO_f_base64();
-BIO_METHOD *BIO_f_cipher();
-void BIO_set_cipher();
-#endif
-
-EVP_MD *EVP_md_null();
-EVP_MD *EVP_md2();
-EVP_MD *EVP_md5();
-EVP_MD *EVP_sha();
-EVP_MD *EVP_sha1();
-EVP_MD *EVP_dss();
-EVP_MD *EVP_dss1();
-EVP_MD *EVP_mdc2();
-
-EVP_CIPHER *EVP_enc_null();
-EVP_CIPHER *EVP_des_ecb();
-EVP_CIPHER *EVP_des_ede();
-EVP_CIPHER *EVP_des_ede3();
-EVP_CIPHER *EVP_des_cfb();
-EVP_CIPHER *EVP_des_ede_cfb();
-EVP_CIPHER *EVP_des_ede3_cfb();
-EVP_CIPHER *EVP_des_ofb();
-EVP_CIPHER *EVP_des_ede_ofb();
-EVP_CIPHER *EVP_des_ede3_ofb();
-EVP_CIPHER *EVP_des_cbc();
-EVP_CIPHER *EVP_des_ede_cbc();
-EVP_CIPHER *EVP_des_ede3_cbc();
-EVP_CIPHER *EVP_desx_cbc();
-EVP_CIPHER *EVP_rc4();
-EVP_CIPHER *EVP_rc4_40();
-EVP_CIPHER *EVP_idea_ecb();
-EVP_CIPHER *EVP_idea_cfb();
-EVP_CIPHER *EVP_idea_ofb();
-EVP_CIPHER *EVP_idea_cbc();
-EVP_CIPHER *EVP_rc2_ecb();
-EVP_CIPHER *EVP_rc2_cbc();
-EVP_CIPHER *EVP_rc2_40_cbc();
-EVP_CIPHER *EVP_rc2_64_cbc();
-EVP_CIPHER *EVP_rc2_cfb();
-EVP_CIPHER *EVP_rc2_ofb();
-EVP_CIPHER *EVP_bf_ecb();
-EVP_CIPHER *EVP_bf_cbc();
-EVP_CIPHER *EVP_bf_cfb();
-EVP_CIPHER *EVP_bf_ofb();
-EVP_CIPHER *EVP_cast5_ecb();
-EVP_CIPHER *EVP_cast5_cbc();
-EVP_CIPHER *EVP_cast5_cfb();
-EVP_CIPHER *EVP_cast5_ofb();
-EVP_CIPHER *EVP_rc5_32_12_16_cbc();
-EVP_CIPHER *EVP_rc5_32_12_16_ecb();
-EVP_CIPHER *EVP_rc5_32_12_16_cfb();
-EVP_CIPHER *EVP_rc5_32_12_16_ofb();
-
-void SSLeay_add_all_algorithms();
-void SSLeay_add_all_ciphers();
-void SSLeay_add_all_digests();
-
-int EVP_add_cipher();
-int EVP_add_digest();
-
-EVP_CIPHER *EVP_get_cipherbyname();
-EVP_MD *EVP_get_digestbyname();
-void EVP_cleanup();
-
-int		EVP_PKEY_decrypt();
-int		EVP_PKEY_encrypt();
-int		EVP_PKEY_type();
-int		EVP_PKEY_bits();
-int		EVP_PKEY_size();
-int 		EVP_PKEY_assign();
-EVP_PKEY *	EVP_PKEY_new();
-void		EVP_PKEY_free();
-EVP_PKEY *	d2i_PublicKey();
-int		i2d_PublicKey();
-
-EVP_PKEY *	d2i_PrivateKey();
-int		i2d_PrivateKey();
-
-int EVP_PKEY_copy_parameters();
-int EVP_PKEY_missing_parameters();
-int EVP_PKEY_save_parameters();
-int EVP_PKEY_cmp_parameters();
-
-int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
-
-int EVP_CIPHER_set_asn1_iv();
-int EVP_CIPHER_get_asn1_iv();
-
-#endif
+/* PKCS5 password based encryption */
+int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
+			 int en_de);
+int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+			   unsigned char *salt, int saltlen, int iter,
+			   int keylen, unsigned char *out);
+int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
+			 int en_de);
+
+void PKCS5_PBE_add(void);
+
+int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
+	     ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);
+int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
+		    EVP_PBE_KEYGEN *keygen);
+void EVP_PBE_cleanup(void);
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_EVP_strings(void);
+
 /* Error codes for the EVP functions. */
 
 /* Function codes. */
 #define EVP_F_D2I_PKEY					 100
+#define EVP_F_ECDSA_PKEY2PKCS8				 129
+#define EVP_F_EC_KEY_PKEY2PKCS8				 132
+#define EVP_F_EVP_CIPHERINIT				 123
+#define EVP_F_EVP_CIPHER_CTX_CTRL			 124
+#define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH		 122
 #define EVP_F_EVP_DECRYPTFINAL				 101
+#define EVP_F_EVP_DIGESTINIT				 128
+#define EVP_F_EVP_ENCRYPTFINAL				 127
+#define EVP_F_EVP_MD_CTX_COPY				 110
 #define EVP_F_EVP_OPENINIT				 102
+#define EVP_F_EVP_PBE_ALG_ADD				 115
+#define EVP_F_EVP_PBE_CIPHERINIT			 116
+#define EVP_F_EVP_PKCS82PKEY				 111
+#define EVP_F_EVP_PKCS8_SET_BROKEN			 112
+#define EVP_F_EVP_PKEY2PKCS8				 113
 #define EVP_F_EVP_PKEY_COPY_PARAMETERS			 103
 #define EVP_F_EVP_PKEY_DECRYPT				 104
 #define EVP_F_EVP_PKEY_ENCRYPT				 105
+#define EVP_F_EVP_PKEY_GET1_DH				 119
+#define EVP_F_EVP_PKEY_GET1_DSA				 120
+#define EVP_F_EVP_PKEY_GET1_ECDSA			 130
+#define EVP_F_EVP_PKEY_GET1_EC_KEY			 131
+#define EVP_F_EVP_PKEY_GET1_RSA				 121
 #define EVP_F_EVP_PKEY_NEW				 106
+#define EVP_F_EVP_RIJNDAEL				 126
 #define EVP_F_EVP_SIGNFINAL				 107
 #define EVP_F_EVP_VERIFYFINAL				 108
+#define EVP_F_PKCS5_PBE_KEYIVGEN			 117
+#define EVP_F_PKCS5_V2_PBE_KEYIVGEN			 118
 #define EVP_F_RC2_MAGIC_TO_METH				 109
+#define EVP_F_RC5_CTRL					 125
 
 /* Reason codes. */
+#define EVP_R_ASN1_LIB					 140
+#define EVP_R_BAD_BLOCK_LENGTH				 136
 #define EVP_R_BAD_DECRYPT				 100
+#define EVP_R_BAD_KEY_LENGTH				 137
+#define EVP_R_BN_DECODE_ERROR				 112
+#define EVP_R_BN_PUBKEY_ERROR				 113
+#define EVP_R_CIPHER_PARAMETER_ERROR			 122
+#define EVP_R_CTRL_NOT_IMPLEMENTED			 132
+#define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED		 133
+#define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH		 138
+#define EVP_R_DECODE_ERROR				 114
 #define EVP_R_DIFFERENT_KEY_TYPES			 101
+#define EVP_R_ENCODE_ERROR				 115
+#define EVP_R_EVP_PBE_CIPHERINIT_ERROR			 119
+#define EVP_R_EXPECTING_AN_RSA_KEY			 127
+#define EVP_R_EXPECTING_A_DH_KEY			 128
+#define EVP_R_EXPECTING_A_DSA_KEY			 129
+#define EVP_R_EXPECTING_A_ECDSA_KEY			 141
+#define EVP_R_EXPECTING_A_EC_KEY			 142
+#define EVP_R_INITIALIZATION_ERROR			 134
+#define EVP_R_INPUT_NOT_INITIALIZED			 111
+#define EVP_R_INVALID_KEY_LENGTH			 130
 #define EVP_R_IV_TOO_LARGE				 102
-#define EVP_R_MISSING_PARMATERS				 103
+#define EVP_R_KEYGEN_FAILURE				 120
+#define EVP_R_MISSING_PARAMETERS			 103
+#define EVP_R_NO_CIPHER_SET				 131
+#define EVP_R_NO_DIGEST_SET				 139
+#define EVP_R_NO_DSA_PARAMETERS				 116
 #define EVP_R_NO_SIGN_FUNCTION_CONFIGURED		 104
 #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED		 105
+#define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE			 117
 #define EVP_R_PUBLIC_KEY_NOT_RSA			 106
+#define EVP_R_UNKNOWN_PBE_ALGORITHM			 121
+#define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS		 135
 #define EVP_R_UNSUPPORTED_CIPHER			 107
+#define EVP_R_UNSUPPORTED_KEYLENGTH			 123
+#define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION	 124
 #define EVP_R_UNSUPPORTED_KEY_SIZE			 108
+#define EVP_R_UNSUPPORTED_PRF				 125
+#define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM		 118
+#define EVP_R_UNSUPPORTED_SALT_TYPE			 126
 #define EVP_R_WRONG_FINAL_BLOCK_LENGTH			 109
 #define EVP_R_WRONG_PUBLIC_KEY_TYPE			 110
- 
+
 #ifdef  __cplusplus
 }
 #endif
 #endif
-
diff --git a/crypto/evp/evp_acnf.c b/crypto/evp/evp_acnf.c
new file mode 100644
index 0000000000..a68b979bdb
--- /dev/null
+++ b/crypto/evp/evp_acnf.c
@@ -0,0 +1,74 @@
+/* evp_acnf.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/conf.h>
+#include <openssl/engine.h>
+
+
+/* Load all algorithms and configure OpenSSL.
+ * This function is called automatically when
+ * OPENSSL_LOAD_CONF is set.
+ */
+
+void OPENSSL_add_all_algorithms_conf(void)
+	{
+	OPENSSL_add_all_algorithms_noconf();
+	OPENSSL_config(NULL);
+	}
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index ea580b1df3..66c48d1431 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -58,218 +58,373 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/engine.h>
+#include "evp_locl.h"
 
-char *EVP_version="EVP part of SSLeay 0.9.1a 06-Jul-1998";
+const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT;
 
-void EVP_CIPHER_CTX_init(ctx)
-EVP_CIPHER_CTX *ctx;
+void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
 	{
 	memset(ctx,0,sizeof(EVP_CIPHER_CTX));
 	/* ctx->cipher=NULL; */
 	}
 
-void EVP_CipherInit(ctx,data,key,iv,enc)
-EVP_CIPHER_CTX *ctx;
-EVP_CIPHER *data;
-unsigned char *key;
-unsigned char *iv;
-int enc;
+
+int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+	     const unsigned char *key, const unsigned char *iv, int enc)
+	{
+	if (cipher)
+		EVP_CIPHER_CTX_init(ctx);
+	return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
+	}
+
+int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
+	     const unsigned char *key, const unsigned char *iv, int enc)
+	{
+	if (enc == -1)
+		enc = ctx->encrypt;
+	else
+		{
+		if (enc)
+			enc = 1;
+		ctx->encrypt = enc;
+		}
+	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
+	 * so this context may already have an ENGINE! Try to avoid releasing
+	 * the previous handle, re-querying for an ENGINE, and having a
+	 * reinitialisation, when it may all be unecessary. */
+	if (ctx->engine && ctx->cipher && (!cipher ||
+			(cipher && (cipher->nid == ctx->cipher->nid))))
+		goto skip_to_init;
+	if (cipher)
+		{
+		/* Ensure a context left lying around from last time is cleared
+		 * (the previous check attempted to avoid this if the same
+		 * ENGINE and EVP_CIPHER could be used). */
+		EVP_CIPHER_CTX_cleanup(ctx);
+
+		/* Restore encrypt field: it is zeroed by cleanup */
+		ctx->encrypt = enc;
+		if(impl)
+			{
+			if (!ENGINE_init(impl))
+				{
+				EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
+				return 0;
+				}
+			}
+		else
+			/* Ask if an ENGINE is reserved for this job */
+			impl = ENGINE_get_cipher_engine(cipher->nid);
+		if(impl)
+			{
+			/* There's an ENGINE for this job ... (apparently) */
+			const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
+			if(!c)
+				{
+				/* One positive side-effect of US's export
+				 * control history, is that we should at least
+				 * be able to avoid using US mispellings of
+				 * "initialisation"? */
+				EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
+				return 0;
+				}
+			/* We'll use the ENGINE's private cipher definition */
+			cipher = c;
+			/* Store the ENGINE functional reference so we know
+			 * 'cipher' came from an ENGINE and we need to release
+			 * it when done. */
+			ctx->engine = impl;
+			}
+		else
+			ctx->engine = NULL;
+
+		ctx->cipher=cipher;
+		ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
+		ctx->key_len = cipher->key_len;
+		ctx->flags = 0;
+		if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
+			{
+			if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
+				{
+				EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR);
+				return 0;
+				}
+			}
+		}
+	else if(!ctx->cipher)
+		{
+		EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET);
+		return 0;
+		}
+skip_to_init:
+	/* we assume block size is a power of 2 in *cryptUpdate */
+	OPENSSL_assert(ctx->cipher->block_size == 1
+	    || ctx->cipher->block_size == 8
+	    || ctx->cipher->block_size == 16);
+
+	if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
+		switch(EVP_CIPHER_CTX_mode(ctx)) {
+
+			case EVP_CIPH_STREAM_CIPHER:
+			case EVP_CIPH_ECB_MODE:
+			break;
+
+			case EVP_CIPH_CFB_MODE:
+			case EVP_CIPH_OFB_MODE:
+
+			ctx->num = 0;
+
+			case EVP_CIPH_CBC_MODE:
+
+			OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof ctx->iv);
+			if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+			memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
+			break;
+
+			default:
+			return 0;
+			break;
+		}
+	}
+
+	if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
+		if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
+	}
+	ctx->buf_len=0;
+	ctx->final_used=0;
+	ctx->block_mask=ctx->cipher->block_size-1;
+	return 1;
+	}
+
+int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+	     const unsigned char *in, int inl)
 	{
-	if (enc)
-		EVP_EncryptInit(ctx,data,key,iv);
-	else	
-		EVP_DecryptInit(ctx,data,key,iv);
+	if (ctx->encrypt)
+		return EVP_EncryptUpdate(ctx,out,outl,in,inl);
+	else	return EVP_DecryptUpdate(ctx,out,outl,in,inl);
 	}
 
-void EVP_CipherUpdate(ctx,out,outl,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-int *outl;
-unsigned char *in;
-int inl;
+int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
 	if (ctx->encrypt)
-		EVP_EncryptUpdate(ctx,out,outl,in,inl);
-	else	EVP_DecryptUpdate(ctx,out,outl,in,inl);
+		return EVP_EncryptFinal_ex(ctx,out,outl);
+	else	return EVP_DecryptFinal_ex(ctx,out,outl);
 	}
 
-int EVP_CipherFinal(ctx,out,outl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-int *outl;
+int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
 	if (ctx->encrypt)
-		{
-		EVP_EncryptFinal(ctx,out,outl);
-		return(1);
-		}
-	else	return(EVP_DecryptFinal(ctx,out,outl));
+		return EVP_EncryptFinal(ctx,out,outl);
+	else	return EVP_DecryptFinal(ctx,out,outl);
 	}
 
-void EVP_EncryptInit(ctx,cipher,key,iv)
-EVP_CIPHER_CTX *ctx;
-EVP_CIPHER *cipher;
-unsigned char *key;
-unsigned char *iv;
+int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+	     const unsigned char *key, const unsigned char *iv)
 	{
-	if (cipher != NULL)
-		ctx->cipher=cipher;
-	ctx->cipher->init(ctx,key,iv,1);
-	ctx->encrypt=1;
-	ctx->buf_len=0;
+	return EVP_CipherInit(ctx, cipher, key, iv, 1);
 	}
 
-void EVP_DecryptInit(ctx,cipher,key,iv)
-EVP_CIPHER_CTX *ctx;
-EVP_CIPHER *cipher;
-unsigned char *key;
-unsigned char *iv;
+int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
+		const unsigned char *key, const unsigned char *iv)
 	{
-	if (cipher != NULL)
-		ctx->cipher=cipher;
-	ctx->cipher->init(ctx,key,iv,0);
-	ctx->encrypt=0;
-	ctx->buf_len=0;
+	return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
+	}
+
+int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+	     const unsigned char *key, const unsigned char *iv)
+	{
+	return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0);
 	}
 
+int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
+	     const unsigned char *key, const unsigned char *iv)
+	{
+	return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
+	}
 
-void EVP_EncryptUpdate(ctx,out,outl,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-int *outl;
-unsigned char *in;
-int inl;
+int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+	     const unsigned char *in, int inl)
 	{
 	int i,j,bl;
 
+	OPENSSL_assert(inl > 0);
+	if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
+		{
+		if(ctx->cipher->do_cipher(ctx,out,in,inl))
+			{
+			*outl=inl;
+			return 1;
+			}
+		else
+			{
+			*outl=0;
+			return 0;
+			}
+		}
 	i=ctx->buf_len;
 	bl=ctx->cipher->block_size;
-	*outl=0;
-	if ((inl == 0) && (i != bl)) return;
+	OPENSSL_assert(bl <= sizeof ctx->buf);
 	if (i != 0)
 		{
 		if (i+inl < bl)
 			{
 			memcpy(&(ctx->buf[i]),in,inl);
 			ctx->buf_len+=inl;
-			return;
+			*outl=0;
+			return 1;
 			}
 		else
 			{
 			j=bl-i;
-			if (j != 0) memcpy(&(ctx->buf[i]),in,j);
-			ctx->cipher->do_cipher(ctx,out,ctx->buf,bl);
+			memcpy(&(ctx->buf[i]),in,j);
+			if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;
 			inl-=j;
 			in+=j;
 			out+=bl;
-			*outl+=bl;
+			*outl=bl;
 			}
 		}
-	i=inl%bl; /* how much is left */
+	else
+		*outl = 0;
+	i=inl&(bl-1);
 	inl-=i;
 	if (inl > 0)
 		{
-		ctx->cipher->do_cipher(ctx,out,in,inl);
+		if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0;
 		*outl+=inl;
 		}
 
 	if (i != 0)
 		memcpy(ctx->buf,&(in[inl]),i);
 	ctx->buf_len=i;
+	return 1;
 	}
 
-void EVP_EncryptFinal(ctx,out,outl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-int *outl;
+int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
-	int i,n,b,bl;
+	int ret;
+	ret = EVP_EncryptFinal_ex(ctx, out, outl);
+	return ret;
+	}
+
+int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+	{
+	int i,n,b,bl,ret;
 
 	b=ctx->cipher->block_size;
+	OPENSSL_assert(b <= sizeof ctx->buf);
 	if (b == 1)
 		{
 		*outl=0;
-		return;
+		return 1;
 		}
 	bl=ctx->buf_len;
+	if (ctx->flags & EVP_CIPH_NO_PADDING)
+		{
+		if(bl)
+			{
+			EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+			return 0;
+			}
+		*outl = 0;
+		return 1;
+		}
+
 	n=b-bl;
 	for (i=bl; i<b; i++)
 		ctx->buf[i]=n;
-	ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
-	*outl=b;
+	ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
+
+
+	if(ret)
+		*outl=b;
+
+	return ret;
 	}
 
-void EVP_DecryptUpdate(ctx,out,outl,in,inl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-int *outl;
-unsigned char *in;
-int inl;
+int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+	     const unsigned char *in, int inl)
 	{
-	int b,bl,n;
-	int keep_last=0;
+	int b, fix_len;
 
-	*outl=0;
-	if (inl == 0) return;
+	if (inl == 0)
+		{
+		*outl=0;
+		return 1;
+		}
+
+	if (ctx->flags & EVP_CIPH_NO_PADDING)
+		return EVP_EncryptUpdate(ctx, out, outl, in, inl);
 
 	b=ctx->cipher->block_size;
-	if (b > 1)
+	OPENSSL_assert(b <= sizeof ctx->final);
+
+	if(ctx->final_used)
 		{
-		/* Is the input a multiple of the block size? */
-		bl=ctx->buf_len;
-		n=inl+bl;
-		if (n%b == 0)
-			{
-			if (inl < b) /* must be 'just one' buff */
-				{
-				memcpy(&(ctx->buf[bl]),in,inl);
-				ctx->buf_len=b;
-				*outl=0;
-				return;
-				}
-			keep_last=1;
-			inl-=b; /* don't do the last block */
-			}
+		memcpy(out,ctx->final,b);
+		out+=b;
+		fix_len = 1;
 		}
-	EVP_EncryptUpdate(ctx,out,outl,in,inl);
+	else
+		fix_len = 0;
+
+
+	if(!EVP_EncryptUpdate(ctx,out,outl,in,inl))
+		return 0;
 
 	/* if we have 'decrypted' a multiple of block size, make sure
 	 * we have a copy of this last block */
-	if (keep_last)
+	if (b > 1 && !ctx->buf_len)
 		{
-		memcpy(&(ctx->buf[0]),&(in[inl]),b);
-#ifdef DEBUG
-		if (ctx->buf_len != 0)
-			{
-			abort();
-			}
-#endif
-		ctx->buf_len=b;
+		*outl-=b;
+		ctx->final_used=1;
+		memcpy(ctx->final,&out[*outl],b);
 		}
+	else
+		ctx->final_used = 0;
+
+	if (fix_len)
+		*outl += b;
+		
+	return 1;
 	}
 
-int EVP_DecryptFinal(ctx,out,outl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-int *outl;
+int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+	{
+	int ret;
+	ret = EVP_DecryptFinal_ex(ctx, out, outl);
+	return ret;
+	}
+
+int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
 	int i,b;
 	int n;
 
 	*outl=0;
 	b=ctx->cipher->block_size;
+	if (ctx->flags & EVP_CIPH_NO_PADDING)
+		{
+		if(ctx->buf_len)
+			{
+			EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+			return 0;
+			}
+		*outl = 0;
+		return 1;
+		}
 	if (b > 1)
 		{
-		if (ctx->buf_len != b)
+		if (ctx->buf_len || !ctx->final_used)
 			{
 			EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
 			return(0);
 			}
-		EVP_EncryptUpdate(ctx,ctx->buf,&n,ctx->buf,0);
-		if (n != b)
-			return(0);
-		n=ctx->buf[b-1];
+		OPENSSL_assert(b <= sizeof ctx->final);
+		n=ctx->final[b-1];
 		if (n > b)
 			{
 			EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
@@ -277,7 +432,7 @@ int *outl;
 			}
 		for (i=0; i<n; i++)
 			{
-			if (ctx->buf[--b] != n)
+			if (ctx->final[--b] != n)
 				{
 				EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT);
 				return(0);
@@ -285,7 +440,7 @@ int *outl;
 			}
 		n=ctx->cipher->block_size-n;
 		for (i=0; i<n; i++)
-			out[i]=ctx->buf[i];
+			out[i]=ctx->final[i];
 		*outl=n;
 		}
 	else
@@ -293,11 +448,64 @@ int *outl;
 	return(1);
 	}
 
-void EVP_CIPHER_CTX_cleanup(c)
-EVP_CIPHER_CTX *c;
+int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
 	{
-	if ((c->cipher != NULL) && (c->cipher->cleanup != NULL))
-		c->cipher->cleanup(c);
+	if (c->cipher != NULL)
+		{
+		if(c->cipher->cleanup && !c->cipher->cleanup(c))
+			return 0;
+		/* Cleanse cipher context data */
+		if (c->cipher_data)
+			OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
+		}
+	if (c->cipher_data)
+		OPENSSL_free(c->cipher_data);
+	if (c->engine)
+		/* The EVP_CIPHER we used belongs to an ENGINE, release the
+		 * functional reference we held for this reason. */
+		ENGINE_finish(c->engine);
 	memset(c,0,sizeof(EVP_CIPHER_CTX));
+	return 1;
+	}
+
+int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
+	{
+	if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) 
+		return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
+	if(c->key_len == keylen) return 1;
+	if((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH))
+		{
+		c->key_len = keylen;
+		return 1;
+		}
+	EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH);
+	return 0;
+	}
+
+int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
+	{
+	if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING;
+	else ctx->flags |= EVP_CIPH_NO_PADDING;
+	return 1;
+	}
+
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+	int ret;
+	if(!ctx->cipher) {
+		EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
+		return 0;
 	}
 
+	if(!ctx->cipher->ctrl) {
+		EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
+		return 0;
+	}
+
+	ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
+	if(ret == -1) {
+		EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
+		return 0;
+	}
+	return ret;
+}
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index c7caa3b13b..815ce63b3b 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -1,107 +1,164 @@
-/* lib/evp/evp_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/evp/evp_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "evp.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA EVP_str_functs[]=
 	{
 {ERR_PACK(0,EVP_F_D2I_PKEY,0),	"D2I_PKEY"},
+{ERR_PACK(0,EVP_F_ECDSA_PKEY2PKCS8,0),	"ECDSA_PKEY2PKCS8"},
+{ERR_PACK(0,EVP_F_EC_KEY_PKEY2PKCS8,0),	"EC_KEY_PKEY2PKCS8"},
+{ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0),	"EVP_CipherInit"},
+{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0),	"EVP_CIPHER_CTX_ctrl"},
+{ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0),	"EVP_CIPHER_CTX_set_key_length"},
 {ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0),	"EVP_DecryptFinal"},
+{ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0),	"EVP_DigestInit"},
+{ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0),	"EVP_EncryptFinal"},
+{ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0),	"EVP_MD_CTX_copy"},
 {ERR_PACK(0,EVP_F_EVP_OPENINIT,0),	"EVP_OpenInit"},
+{ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0),	"EVP_PBE_alg_add"},
+{ERR_PACK(0,EVP_F_EVP_PBE_CIPHERINIT,0),	"EVP_PBE_CipherInit"},
+{ERR_PACK(0,EVP_F_EVP_PKCS82PKEY,0),	"EVP_PKCS82PKEY"},
+{ERR_PACK(0,EVP_F_EVP_PKCS8_SET_BROKEN,0),	"EVP_PKCS8_SET_BROKEN"},
+{ERR_PACK(0,EVP_F_EVP_PKEY2PKCS8,0),	"EVP_PKEY2PKCS8"},
 {ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0),	"EVP_PKEY_copy_parameters"},
 {ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0),	"EVP_PKEY_decrypt"},
 {ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0),	"EVP_PKEY_encrypt"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DH,0),	"EVP_PKEY_get1_DH"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DSA,0),	"EVP_PKEY_get1_DSA"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_ECDSA,0),	"EVP_PKEY_GET1_ECDSA"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_EC_KEY,0),	"EVP_PKEY_get1_EC_KEY"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_GET1_RSA,0),	"EVP_PKEY_get1_RSA"},
 {ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0),	"EVP_PKEY_new"},
+{ERR_PACK(0,EVP_F_EVP_RIJNDAEL,0),	"EVP_RIJNDAEL"},
 {ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0),	"EVP_SignFinal"},
 {ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0),	"EVP_VerifyFinal"},
+{ERR_PACK(0,EVP_F_PKCS5_PBE_KEYIVGEN,0),	"PKCS5_PBE_keyivgen"},
+{ERR_PACK(0,EVP_F_PKCS5_V2_PBE_KEYIVGEN,0),	"PKCS5_v2_PBE_keyivgen"},
 {ERR_PACK(0,EVP_F_RC2_MAGIC_TO_METH,0),	"RC2_MAGIC_TO_METH"},
-{0,NULL},
+{ERR_PACK(0,EVP_F_RC5_CTRL,0),	"RC5_CTRL"},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA EVP_str_reasons[]=
 	{
+{EVP_R_ASN1_LIB                          ,"asn1 lib"},
+{EVP_R_BAD_BLOCK_LENGTH                  ,"bad block length"},
 {EVP_R_BAD_DECRYPT                       ,"bad decrypt"},
+{EVP_R_BAD_KEY_LENGTH                    ,"bad key length"},
+{EVP_R_BN_DECODE_ERROR                   ,"bn decode error"},
+{EVP_R_BN_PUBKEY_ERROR                   ,"bn pubkey error"},
+{EVP_R_CIPHER_PARAMETER_ERROR            ,"cipher parameter error"},
+{EVP_R_CTRL_NOT_IMPLEMENTED              ,"ctrl not implemented"},
+{EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED    ,"ctrl operation not implemented"},
+{EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"},
+{EVP_R_DECODE_ERROR                      ,"decode error"},
 {EVP_R_DIFFERENT_KEY_TYPES               ,"different key types"},
+{EVP_R_ENCODE_ERROR                      ,"encode error"},
+{EVP_R_EVP_PBE_CIPHERINIT_ERROR          ,"evp pbe cipherinit error"},
+{EVP_R_EXPECTING_AN_RSA_KEY              ,"expecting an rsa key"},
+{EVP_R_EXPECTING_A_DH_KEY                ,"expecting a dh key"},
+{EVP_R_EXPECTING_A_DSA_KEY               ,"expecting a dsa key"},
+{EVP_R_EXPECTING_A_ECDSA_KEY             ,"expecting a ecdsa key"},
+{EVP_R_EXPECTING_A_EC_KEY                ,"expecting a ec key"},
+{EVP_R_INITIALIZATION_ERROR              ,"initialization error"},
+{EVP_R_INPUT_NOT_INITIALIZED             ,"input not initialized"},
+{EVP_R_INVALID_KEY_LENGTH                ,"invalid key length"},
 {EVP_R_IV_TOO_LARGE                      ,"iv too large"},
-{EVP_R_MISSING_PARMATERS                 ,"missing parmaters"},
+{EVP_R_KEYGEN_FAILURE                    ,"keygen failure"},
+{EVP_R_MISSING_PARAMETERS                ,"missing parameters"},
+{EVP_R_NO_CIPHER_SET                     ,"no cipher set"},
+{EVP_R_NO_DIGEST_SET                     ,"no digest set"},
+{EVP_R_NO_DSA_PARAMETERS                 ,"no dsa parameters"},
 {EVP_R_NO_SIGN_FUNCTION_CONFIGURED       ,"no sign function configured"},
 {EVP_R_NO_VERIFY_FUNCTION_CONFIGURED     ,"no verify function configured"},
+{EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE         ,"pkcs8 unknown broken type"},
 {EVP_R_PUBLIC_KEY_NOT_RSA                ,"public key not rsa"},
+{EVP_R_UNKNOWN_PBE_ALGORITHM             ,"unknown pbe algorithm"},
+{EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS       ,"unsuported number of rounds"},
 {EVP_R_UNSUPPORTED_CIPHER                ,"unsupported cipher"},
+{EVP_R_UNSUPPORTED_KEYLENGTH             ,"unsupported keylength"},
+{EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION,"unsupported key derivation function"},
 {EVP_R_UNSUPPORTED_KEY_SIZE              ,"unsupported key size"},
+{EVP_R_UNSUPPORTED_PRF                   ,"unsupported prf"},
+{EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM ,"unsupported private key algorithm"},
+{EVP_R_UNSUPPORTED_SALT_TYPE             ,"unsupported salt type"},
 {EVP_R_WRONG_FINAL_BLOCK_LENGTH          ,"wrong final block length"},
 {EVP_R_WRONG_PUBLIC_KEY_TYPE             ,"wrong public key type"},
-{0,NULL},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_EVP_strings()
+void ERR_load_EVP_strings(void)
 	{
 	static int init=1;
 
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_EVP,EVP_str_functs);
 		ERR_load_strings(ERR_LIB_EVP,EVP_str_reasons);
 #endif
diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c
index dafa686f64..5f387a94d3 100644
--- a/crypto/evp/evp_key.c
+++ b/crypto/evp/evp_key.c
@@ -58,23 +58,26 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "x509.h"
-#include "objects.h"
-#include "evp.h"
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/ui.h>
 
 /* should be init to zeros. */
 static char prompt_string[80];
 
-void EVP_set_pw_prompt(prompt)
-char *prompt;
+void EVP_set_pw_prompt(char *prompt)
 	{
 	if (prompt == NULL)
 		prompt_string[0]='\0';
 	else
+		{
 		strncpy(prompt_string,prompt,79);
+		prompt_string[79]='\0';
+		}
 	}
 
-char *EVP_get_pw_prompt()
+char *EVP_get_pw_prompt(void)
 	{
 	if (prompt_string[0] == '\0')
 		return(NULL);
@@ -82,30 +85,31 @@ char *EVP_get_pw_prompt()
 		return(prompt_string);
 	}
 
-#ifdef NO_DES
-int des_read_pw_string(char *buf,int len,char *prompt,int verify);
-#endif
-
-int EVP_read_pw_string(buf,len,prompt,verify)
-char *buf;
-int len;
-char *prompt;
-int verify;
+/* For historical reasons, the standard function for reading passwords is
+ * in the DES library -- if someone ever wants to disable DES,
+ * this function will fail */
+int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
 	{
+	int ret;
+	char buff[BUFSIZ];
+	UI *ui;
+
 	if ((prompt == NULL) && (prompt_string[0] != '\0'))
 		prompt=prompt_string;
-	return(des_read_pw_string(buf,len,prompt,verify));
+	ui = UI_new();
+	UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len);
+	if (verify)
+		UI_add_verify_string(ui,prompt,0,
+			buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
+	ret = UI_process(ui);
+	UI_free(ui);
+	OPENSSL_cleanse(buff,BUFSIZ);
+	return ret;
 	}
 
-int EVP_BytesToKey(type,md,salt,data,datal,count,key,iv)
-EVP_CIPHER *type;
-EVP_MD *md;
-unsigned char *salt;
-unsigned char *data;
-int datal;
-int count;
-unsigned char *key;
-unsigned char *iv;
+int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, 
+	     const unsigned char *salt, const unsigned char *data, int datal,
+	     int count, unsigned char *key, unsigned char *iv)
 	{
 	EVP_MD_CTX c;
 	unsigned char md_buf[EVP_MAX_MD_SIZE];
@@ -114,24 +118,27 @@ unsigned char *iv;
 
 	nkey=type->key_len;
 	niv=type->iv_len;
+	OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
+	OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
 
 	if (data == NULL) return(nkey);
 
+	EVP_MD_CTX_init(&c);
 	for (;;)
 		{
-		EVP_DigestInit(&c,md);
+		EVP_DigestInit_ex(&c,md, NULL);
 		if (addmd++)
 			EVP_DigestUpdate(&c,&(md_buf[0]),mds);
 		EVP_DigestUpdate(&c,data,datal);
 		if (salt != NULL)
-			EVP_DigestUpdate(&c,salt,8);
-		EVP_DigestFinal(&c,&(md_buf[0]),&mds);
+			EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN);
+		EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
 
 		for (i=1; i<(unsigned int)count; i++)
 			{
-			EVP_DigestInit(&c,md);
+			EVP_DigestInit_ex(&c,md, NULL);
 			EVP_DigestUpdate(&c,&(md_buf[0]),mds);
-			EVP_DigestFinal(&c,&(md_buf[0]),&mds);
+			EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
 			}
 		i=0;
 		if (nkey)
@@ -160,8 +167,8 @@ unsigned char *iv;
 			}
 		if ((nkey == 0) && (niv == 0)) break;
 		}
-	memset(&c,0,sizeof(c));
-	memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE);
+	EVP_MD_CTX_cleanup(&c);
+	OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
 	return(type->key_len);
 	}
 
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 729fc8f4e6..52a3b287be 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -58,12 +58,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
 
-int EVP_CIPHER_param_to_asn1(c,type)
-EVP_CIPHER_CTX *c;
-ASN1_TYPE *type;
+int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 	{
 	int ret;
 
@@ -74,9 +72,7 @@ ASN1_TYPE *type;
 	return(ret);
 	}
 
-int EVP_CIPHER_asn1_to_param(c,type)
-EVP_CIPHER_CTX *c;
-ASN1_TYPE *type;
+int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 	{
 	int ret;
 
@@ -87,15 +83,14 @@ ASN1_TYPE *type;
 	return(ret);
 	}
 
-int EVP_CIPHER_get_asn1_iv(c,type)
-EVP_CIPHER_CTX *c;
-ASN1_TYPE *type;
+int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 	{
 	int i=0,l;
 
 	if (type != NULL) 
 		{
 		l=EVP_CIPHER_CTX_iv_length(c);
+		OPENSSL_assert(l <= sizeof c->iv);
 		i=ASN1_TYPE_get_octetstring(type,c->oiv,l);
 		if (i != l)
 			return(-1);
@@ -105,16 +100,45 @@ ASN1_TYPE *type;
 	return(i);
 	}
 
-int EVP_CIPHER_set_asn1_iv(c,type)
-EVP_CIPHER_CTX *c;
-ASN1_TYPE *type;
+int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 	{
 	int i=0,j;
 
 	if (type != NULL)
 		{
 		j=EVP_CIPHER_CTX_iv_length(c);
+		OPENSSL_assert(j <= sizeof c->iv);
 		i=ASN1_TYPE_set_octetstring(type,c->oiv,j);
 		}
 	return(i);
 	}
+
+/* Convert the various cipher NIDs and dummies to a proper OID NID */
+int EVP_CIPHER_type(const EVP_CIPHER *ctx)
+{
+	int nid;
+	ASN1_OBJECT *otmp;
+	nid = EVP_CIPHER_nid(ctx);
+
+	switch(nid) {
+
+		case NID_rc2_cbc:
+		case NID_rc2_64_cbc:
+		case NID_rc2_40_cbc:
+
+		return NID_rc2_cbc;
+
+		case NID_rc4:
+		case NID_rc4_40:
+
+		return NID_rc4;
+
+		default:
+		/* Check it has an OID and it is valid */
+		otmp = OBJ_nid2obj(nid);
+		if(!otmp || !otmp->data) nid = NID_undef;
+		ASN1_OBJECT_free(otmp);
+		return nid;
+	}
+}
+
diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h
new file mode 100644
index 0000000000..4d81a3bf4c
--- /dev/null
+++ b/crypto/evp/evp_locl.h
@@ -0,0 +1,227 @@
+/* evp_locl.h */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* Macros to code block cipher wrappers */
+
+/* Wrapper functions for each cipher mode */
+
+#define BLOCK_CIPHER_ecb_loop() \
+	unsigned int i, bl; \
+	bl = ctx->cipher->block_size;\
+	if(inl < bl) return 1;\
+	inl -= bl; \
+	for(i=0; i <= inl; i+=bl) \
+
+#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
+static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+{\
+	BLOCK_CIPHER_ecb_loop() \
+		cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\
+	return 1;\
+}
+
+#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
+static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+{\
+	cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\
+	return 1;\
+}
+
+#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
+static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+{\
+	cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\
+	return 1;\
+}
+
+#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
+static int cname##_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \
+{\
+	cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\
+	return 1;\
+}
+
+#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
+	BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
+	BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
+	BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
+	BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched)
+
+#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \
+			  key_len, iv_len, flags, init_key, cleanup, \
+			  set_asn1, get_asn1, ctrl) \
+static const EVP_CIPHER cname##_##mode = { \
+	nid##_##nmode, block_size, key_len, iv_len, \
+	flags | EVP_CIPH_##MODE##_MODE, \
+	init_key, \
+	cname##_##mode##_cipher, \
+	cleanup, \
+	sizeof(kstruct), \
+	set_asn1, get_asn1,\
+	ctrl, \
+	NULL \
+}; \
+const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
+
+#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \
+			     iv_len, flags, init_key, cleanup, set_asn1, \
+			     get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
+		  iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
+			     iv_len, cbits, flags, init_key, cleanup, \
+			     set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cfb##cbits, cfb, CFB, kstruct, nid, 1, \
+		  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
+		  get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
+			     iv_len, cbits, flags, init_key, cleanup, \
+			     set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
+		  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
+		  get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \
+			     iv_len, flags, init_key, cleanup, set_asn1, \
+			     get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
+		  iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+			  nid, block_size, key_len, iv_len, cbits, flags, \
+			  init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+		     init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
+		     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
+		     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+		     init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+
+/*
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+				nid, block_size, key_len, iv_len, flags,\
+				 init_key, cleanup, set_asn1, get_asn1, ctrl)\
+static const EVP_CIPHER cname##_cbc = {\
+	nid##_cbc, block_size, key_len, iv_len, \
+	flags | EVP_CIPH_CBC_MODE,\
+	init_key,\
+	cname##_cbc_cipher,\
+	cleanup,\
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+	set_asn1, get_asn1,\
+	ctrl, \
+	NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
+static const EVP_CIPHER cname##_cfb = {\
+	nid##_cfb64, 1, key_len, iv_len, \
+	flags | EVP_CIPH_CFB_MODE,\
+	init_key,\
+	cname##_cfb_cipher,\
+	cleanup,\
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+	set_asn1, get_asn1,\
+	ctrl,\
+	NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
+static const EVP_CIPHER cname##_ofb = {\
+	nid##_ofb64, 1, key_len, iv_len, \
+	flags | EVP_CIPH_OFB_MODE,\
+	init_key,\
+	cname##_ofb_cipher,\
+	cleanup,\
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+	set_asn1, get_asn1,\
+	ctrl,\
+	NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
+static const EVP_CIPHER cname##_ecb = {\
+	nid##_ecb, block_size, key_len, iv_len, \
+	flags | EVP_CIPH_ECB_MODE,\
+	init_key,\
+	cname##_ecb_cipher,\
+	cleanup,\
+	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+		sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+	set_asn1, get_asn1,\
+	ctrl,\
+	NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
+*/
+
+#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \
+			       block_size, key_len, iv_len, cbits, \
+			       flags, init_key, \
+			       cleanup, set_asn1, get_asn1, ctrl) \
+	BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
+	BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \
+			  cbits, flags, init_key, cleanup, set_asn1, \
+			  get_asn1, ctrl)
+
+#define EVP_C_DATA(kstruct, ctx)	((kstruct *)(ctx)->cipher_data)
diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c
new file mode 100644
index 0000000000..0da88fdcff
--- /dev/null
+++ b/crypto/evp/evp_pbe.c
@@ -0,0 +1,136 @@
+/* evp_pbe.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+/* Password based encryption (PBE) functions */
+
+static STACK *pbe_algs;
+
+/* Setup a cipher context from a PBE algorithm */
+
+typedef struct {
+int pbe_nid;
+const EVP_CIPHER *cipher;
+const EVP_MD *md;
+EVP_PBE_KEYGEN *keygen;
+} EVP_PBE_CTL;
+
+int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
+	     ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
+{
+
+	EVP_PBE_CTL *pbetmp, pbelu;
+	int i;
+	pbelu.pbe_nid = OBJ_obj2nid(pbe_obj);
+	if (pbelu.pbe_nid != NID_undef) i = sk_find(pbe_algs, (char *)&pbelu);
+	else i = -1;
+
+	if (i == -1) {
+		char obj_tmp[80];
+		EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
+		if (!pbe_obj) strcpy (obj_tmp, "NULL");
+		else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
+		ERR_add_error_data(2, "TYPE=", obj_tmp);
+		return 0;
+	}
+	if(!pass) passlen = 0;
+	else if (passlen == -1) passlen = strlen(pass);
+	pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i);
+	i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher,
+						 pbetmp->md, en_de);
+	if (!i) {
+		EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE);
+		return 0;
+	}
+	return 1;	
+}
+
+static int pbe_cmp(const char * const *a, const char * const *b)
+{
+	EVP_PBE_CTL **pbe1 = (EVP_PBE_CTL **) a,  **pbe2 = (EVP_PBE_CTL **)b;
+	return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid);
+}
+
+/* Add a PBE algorithm */
+
+int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
+	     EVP_PBE_KEYGEN *keygen)
+{
+	EVP_PBE_CTL *pbe_tmp;
+	if (!pbe_algs) pbe_algs = sk_new(pbe_cmp);
+	if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL)))) {
+		EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	pbe_tmp->pbe_nid = nid;
+	pbe_tmp->cipher = cipher;
+	pbe_tmp->md = md;
+	pbe_tmp->keygen = keygen;
+	sk_push (pbe_algs, (char *)pbe_tmp);
+	return 1;
+}
+
+void EVP_PBE_cleanup(void)
+{
+	sk_pop_free(pbe_algs, OPENSSL_freeFunc);
+	pbe_algs = NULL;
+}
diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c
new file mode 100644
index 0000000000..a97b1f87da
--- /dev/null
+++ b/crypto/evp/evp_pkey.c
@@ -0,0 +1,629 @@
+/* evp_pkey.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+#ifndef OPENSSL_NO_DSA
+static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
+#endif
+#ifndef OPENSSL_NO_EC
+static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
+#endif
+
+/* Extract a private key from a PKCS8 structure */
+
+EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8)
+{
+	EVP_PKEY *pkey = NULL;
+#ifndef OPENSSL_NO_RSA
+	RSA *rsa = NULL;
+#endif
+#ifndef OPENSSL_NO_DSA
+	DSA *dsa = NULL;
+	ASN1_TYPE *t1, *t2;
+	STACK_OF(ASN1_TYPE) *ndsa = NULL;
+#endif
+#ifndef OPENSSL_NO_EC
+	EC_KEY *eckey = NULL;
+#endif
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
+	ASN1_TYPE    *param = NULL;	
+	ASN1_INTEGER *privkey;
+	BN_CTX *ctx = NULL;
+	int plen;
+#endif
+	X509_ALGOR *a;
+	unsigned char *p;
+	const unsigned char *cp;
+	int pkeylen;
+	int  nid;
+	char obj_tmp[80];
+
+	if(p8->pkey->type == V_ASN1_OCTET_STRING) {
+		p8->broken = PKCS8_OK;
+		p = p8->pkey->value.octet_string->data;
+		pkeylen = p8->pkey->value.octet_string->length;
+	} else {
+		p8->broken = PKCS8_NO_OCTET;
+		p = p8->pkey->value.sequence->data;
+		pkeylen = p8->pkey->value.sequence->length;
+	}
+	if (!(pkey = EVP_PKEY_new())) {
+		EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	a = p8->pkeyalg;
+	nid = OBJ_obj2nid(a->algorithm);
+	switch(nid)
+	{
+#ifndef OPENSSL_NO_RSA
+		case NID_rsaEncryption:
+		cp = p;
+		if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+			return NULL;
+		}
+		EVP_PKEY_assign_RSA (pkey, rsa);
+		break;
+#endif
+#ifndef OPENSSL_NO_DSA
+		case NID_dsa:
+		/* PKCS#8 DSA is weird: you just get a private key integer
+	         * and parameters in the AlgorithmIdentifier the pubkey must
+		 * be recalculated.
+		 */
+	
+		/* Check for broken DSA PKCS#8, UGH! */
+		if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
+		    if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, 
+							  d2i_ASN1_TYPE,
+							  ASN1_TYPE_free))) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+			goto dsaerr;
+		    }
+		    if(sk_ASN1_TYPE_num(ndsa) != 2 ) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+			goto dsaerr;
+		    }
+		    /* Handle Two broken types:
+		     * SEQUENCE {parameters, priv_key}
+		     * SEQUENCE {pub_key, priv_key}
+		     */
+
+		    t1 = sk_ASN1_TYPE_value(ndsa, 0);
+		    t2 = sk_ASN1_TYPE_value(ndsa, 1);
+		    if(t1->type == V_ASN1_SEQUENCE) {
+			p8->broken = PKCS8_EMBEDDED_PARAM;
+			param = t1;
+		    } else if(a->parameter->type == V_ASN1_SEQUENCE) {
+			p8->broken = PKCS8_NS_DB;
+			param = a->parameter;
+		    } else {
+			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+			goto dsaerr;
+		    }
+
+		    if(t2->type != V_ASN1_INTEGER) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+			goto dsaerr;
+		    }
+		    privkey = t2->value.integer;
+		} else {
+			if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
+				EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+				goto dsaerr;
+			}
+			param = p8->pkeyalg->parameter;
+		}
+		if (!param || (param->type != V_ASN1_SEQUENCE)) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+			goto dsaerr;
+		}
+		cp = p = param->value.sequence->data;
+		plen = param->value.sequence->length;
+		if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+			goto dsaerr;
+		}
+		/* We have parameters now set private key */
+		if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
+			goto dsaerr;
+		}
+		/* Calculate public key (ouch!) */
+		if (!(dsa->pub_key = BN_new())) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
+			goto dsaerr;
+		}
+		if (!(ctx = BN_CTX_new())) {
+			EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
+			goto dsaerr;
+		}
+			
+		if (!BN_mod_exp(dsa->pub_key, dsa->g,
+						 dsa->priv_key, dsa->p, ctx)) {
+			
+			EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
+			goto dsaerr;
+		}
+
+		EVP_PKEY_assign_DSA(pkey, dsa);
+		BN_CTX_free (ctx);
+		if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+		else ASN1_INTEGER_free(privkey);
+		break;
+		dsaerr:
+		BN_CTX_free (ctx);
+		sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+		DSA_free(dsa);
+		EVP_PKEY_free(pkey);
+		return NULL;
+		break;
+#endif
+#ifndef OPENSSL_NO_EC
+		case NID_X9_62_id_ecPublicKey:
+		if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen)))
+		{
+			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+			goto ecerr;
+		}
+		param = p8->pkeyalg->parameter;
+
+		if (!param || ((param->type != V_ASN1_SEQUENCE) &&
+		    (param->type != V_ASN1_OBJECT)))
+		{
+			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+			goto ecerr;
+		}
+
+		if (param->type == V_ASN1_SEQUENCE)
+		{
+			cp = p = param->value.sequence->data;
+			plen = param->value.sequence->length;
+
+			if (!(eckey = d2i_ECParameters(NULL, &cp, plen)))
+			{
+				EVPerr(EVP_F_EVP_PKCS82PKEY,
+					EVP_R_DECODE_ERROR);
+				goto ecerr;
+			}
+		}
+		else
+		{
+			cp = p = param->value.object->data;
+			plen = param->value.object->length;
+
+			/* type == V_ASN1_OBJECT => the parameters are given
+			 * by an asn1 OID
+			 */
+			if ((eckey = EC_KEY_new()) == NULL)
+			{
+				EVPerr(EVP_F_EVP_PKCS82PKEY,
+					ERR_R_MALLOC_FAILURE);
+				goto ecerr;
+			}
+			if ((eckey->group = EC_GROUP_new_by_nid(
+                             OBJ_obj2nid(a->parameter->value.object))) == NULL)
+				goto ecerr;
+			EC_GROUP_set_asn1_flag(eckey->group, 
+						OPENSSL_EC_NAMED_CURVE);
+		}
+
+		/* We have parameters now set private key */
+		if (!(eckey->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)))
+		{
+			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_BN_DECODE_ERROR);
+			goto ecerr;
+		}
+		/* Calculate public key */
+		if ((eckey->pub_key = EC_POINT_new(eckey->group)) == NULL)
+		{
+			EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
+			goto ecerr;
+		}
+		if (!EC_POINT_copy(eckey->pub_key, 
+			EC_GROUP_get0_generator(eckey->group)))
+		{
+			EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
+			goto ecerr;
+		}
+		if (!EC_POINT_mul(eckey->group, eckey->pub_key, 
+			eckey->priv_key, NULL, NULL, ctx))
+		{
+			EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
+			goto ecerr;
+		}
+
+		EVP_PKEY_assign_EC_KEY(pkey, eckey);
+		if (ctx)
+			BN_CTX_free(ctx);
+		if (privkey)
+			ASN1_INTEGER_free(privkey);
+		break;
+ecerr:
+		if (ctx)
+			BN_CTX_free(ctx);
+		if (eckey)
+			EC_KEY_free(eckey);
+		if (pkey)
+			EVP_PKEY_free(pkey);
+		return NULL;
+#endif
+		default:
+		EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+		if (!a->algorithm) strcpy (obj_tmp, "NULL");
+		else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
+		ERR_add_error_data(2, "TYPE=", obj_tmp);
+		EVP_PKEY_free (pkey);
+		return NULL;
+	}
+	return pkey;
+}
+
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
+{
+	return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);
+}
+
+/* Turn a private key into a PKCS8 structure */
+
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
+{
+	PKCS8_PRIV_KEY_INFO *p8;
+
+	if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {	
+		EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	p8->broken = broken;
+	ASN1_INTEGER_set (p8->version, 0);
+	if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
+		EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+		PKCS8_PRIV_KEY_INFO_free (p8);
+		return NULL;
+	}
+	p8->pkey->type = V_ASN1_OCTET_STRING;
+	switch (EVP_PKEY_type(pkey->type)) {
+#ifndef OPENSSL_NO_RSA
+		case EVP_PKEY_RSA:
+
+		if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE;
+
+		p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
+		p8->pkeyalg->parameter->type = V_ASN1_NULL;
+		if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey,
+					 &p8->pkey->value.octet_string)) {
+			EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+			PKCS8_PRIV_KEY_INFO_free (p8);
+			return NULL;
+		}
+		break;
+#endif
+#ifndef OPENSSL_NO_DSA
+		case EVP_PKEY_DSA:
+		if(!dsa_pkey2pkcs8(p8, pkey)) {
+			PKCS8_PRIV_KEY_INFO_free (p8);
+			return NULL;
+		}
+
+		break;
+#endif
+#ifndef OPENSSL_NO_EC
+		case EVP_PKEY_EC:
+		if (!eckey_pkey2pkcs8(p8, pkey))
+		{
+			PKCS8_PRIV_KEY_INFO_free(p8);
+			return(NULL);
+		}
+		break;
+#endif
+		default:
+		EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+		PKCS8_PRIV_KEY_INFO_free (p8);
+		return NULL;
+	}
+	RAND_add(p8->pkey->value.octet_string->data,
+		 p8->pkey->value.octet_string->length, 0);
+	return p8;
+}
+
+PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
+{
+	switch (broken) {
+
+		case PKCS8_OK:
+		p8->broken = PKCS8_OK;
+		return p8;
+		break;
+
+		case PKCS8_NO_OCTET:
+		p8->broken = PKCS8_NO_OCTET;
+		p8->pkey->type = V_ASN1_SEQUENCE;
+		return p8;
+		break;
+
+		default:
+		EVPerr(EVP_F_EVP_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
+		return NULL;
+		break;
+		
+	}
+}
+
+#ifndef OPENSSL_NO_DSA
+static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
+{
+	ASN1_STRING *params;
+	ASN1_INTEGER *prkey;
+	ASN1_TYPE *ttmp;
+	STACK_OF(ASN1_TYPE) *ndsa;
+	unsigned char *p, *q;
+	int len;
+
+	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
+	len = i2d_DSAparams (pkey->pkey.dsa, NULL);
+	if (!(p = OPENSSL_malloc(len))) {
+		EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+		PKCS8_PRIV_KEY_INFO_free (p8);
+		return 0;
+	}
+	q = p;
+	i2d_DSAparams (pkey->pkey.dsa, &q);
+	params = ASN1_STRING_new();
+	ASN1_STRING_set(params, p, len);
+	OPENSSL_free(p);
+	/* Get private key into integer */
+	if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
+		EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
+		return 0;
+	}
+
+	switch(p8->broken) {
+
+		case PKCS8_OK:
+		case PKCS8_NO_OCTET:
+
+		if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER,
+					 &p8->pkey->value.octet_string)) {
+			EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+			M_ASN1_INTEGER_free (prkey);
+			return 0;
+		}
+
+		M_ASN1_INTEGER_free (prkey);
+		p8->pkeyalg->parameter->value.sequence = params;
+		p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
+
+		break;
+
+		case PKCS8_NS_DB:
+
+		p8->pkeyalg->parameter->value.sequence = params;
+		p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
+		ndsa = sk_ASN1_TYPE_new_null();
+		ttmp = ASN1_TYPE_new();
+		if (!(ttmp->value.integer = BN_to_ASN1_INTEGER (pkey->pkey.dsa->pub_key, NULL))) {
+			EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
+			PKCS8_PRIV_KEY_INFO_free(p8);
+			return 0;
+		}
+		ttmp->type = V_ASN1_INTEGER;
+		sk_ASN1_TYPE_push(ndsa, ttmp);
+
+		ttmp = ASN1_TYPE_new();
+		ttmp->value.integer = prkey;
+		ttmp->type = V_ASN1_INTEGER;
+		sk_ASN1_TYPE_push(ndsa, ttmp);
+
+		p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
+
+		if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
+					 &p8->pkey->value.octet_string->data,
+					 &p8->pkey->value.octet_string->length)) {
+
+			EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+			sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+			M_ASN1_INTEGER_free(prkey);
+			return 0;
+		}
+		sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+		break;
+
+		case PKCS8_EMBEDDED_PARAM:
+
+		p8->pkeyalg->parameter->type = V_ASN1_NULL;
+		ndsa = sk_ASN1_TYPE_new_null();
+		ttmp = ASN1_TYPE_new();
+		ttmp->value.sequence = params;
+		ttmp->type = V_ASN1_SEQUENCE;
+		sk_ASN1_TYPE_push(ndsa, ttmp);
+
+		ttmp = ASN1_TYPE_new();
+		ttmp->value.integer = prkey;
+		ttmp->type = V_ASN1_INTEGER;
+		sk_ASN1_TYPE_push(ndsa, ttmp);
+
+		p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
+
+		if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
+					 &p8->pkey->value.octet_string->data,
+					 &p8->pkey->value.octet_string->length)) {
+
+			EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
+			sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+			M_ASN1_INTEGER_free (prkey);
+			return 0;
+		}
+		sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+		break;
+	}
+	return 1;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
+{
+	EC_KEY		*eckey;
+	ASN1_INTEGER	*prkey = NULL;
+	unsigned char	*p, *pp;
+	int 		nid;
+
+	if (pkey->pkey.eckey == NULL || pkey->pkey.eckey->group == NULL)
+	{
+		EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);
+		return 0;
+	}
+	eckey = pkey->pkey.eckey;
+
+	/* set the ec parameters OID */
+	if (p8->pkeyalg->algorithm)
+		ASN1_OBJECT_free(p8->pkeyalg->algorithm);
+
+	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey);
+
+	/* set the ec parameters */
+
+	if (p8->pkeyalg->parameter)
+	{
+		ASN1_TYPE_free(p8->pkeyalg->parameter);
+		p8->pkeyalg->parameter = NULL;
+	}
+
+	if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL)
+	{
+		EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	
+	if (EC_GROUP_get_asn1_flag(eckey->group)
+                     && (nid = EC_GROUP_get_nid(eckey->group)))
+	{
+		/* we have a 'named curve' => just set the OID */
+		p8->pkeyalg->parameter->type = V_ASN1_OBJECT;
+		p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid);
+	}
+	else	/* explicit parameters */
+	{
+		int i;
+		if ((i = i2d_ECParameters(eckey, NULL)) == 0)
+		{
+			EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_EC_LIB);
+			return 0;
+		}
+		if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
+		{
+			EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+			return 0;
+		}	
+		pp = p;
+		if (!i2d_ECParameters(eckey, &pp))
+		{
+			EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_EC_LIB);
+			OPENSSL_free(p);
+			return 0;
+		}
+		p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
+		if ((p8->pkeyalg->parameter->value.sequence 
+			= ASN1_STRING_new()) == NULL)
+		{
+			EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_ASN1_LIB);
+			OPENSSL_free(p);
+			return 0;
+		}
+		ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i);
+		OPENSSL_free(p);
+	}
+
+	/* set the private key */
+	if ((prkey = BN_to_ASN1_INTEGER(pkey->pkey.eckey->priv_key, NULL)) 
+		== NULL)
+	{
+		EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_ASN1_LIB);
+		return 0;
+	}
+
+	switch(p8->broken) {
+
+		case PKCS8_OK:
+		if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER,
+					 &p8->pkey->value.octet_string)) 
+		{
+			EVPerr(EVP_F_EC_KEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+			M_ASN1_INTEGER_free(prkey);
+			return 0;
+		}
+
+		ASN1_INTEGER_free(prkey);
+
+		break;
+		case PKCS8_NO_OCTET:		/* RSA specific */
+		case PKCS8_NS_DB:		/* DSA specific */
+		case PKCS8_EMBEDDED_PARAM:	/* DSA specific */
+		default:
+			EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
+			return 0;
+
+	}
+	return 1;
+}
+#endif
diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c
new file mode 100644
index 0000000000..698aff21dc
--- /dev/null
+++ b/crypto/evp/evp_test.c
@@ -0,0 +1,395 @@
+/* Written by Ben Laurie, 2001 */
+/*
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "../e_os.h"
+
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include <openssl/conf.h>
+
+static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
+    {
+    int n=0;
+
+    fprintf(f,"%s",title);
+    for( ; n < l ; ++n)
+	{
+	if((n%16) == 0)
+	    fprintf(f,"\n%04x",n);
+	fprintf(f," %02x",s[n]);
+	}
+    fprintf(f,"\n");
+    }
+
+static int convert(unsigned char *s)
+    {
+    unsigned char *d;
+
+    for(d=s ; *s ; s+=2,++d)
+	{
+	unsigned int n;
+
+	if(!s[1])
+	    {
+	    fprintf(stderr,"Odd number of hex digits!");
+	    EXIT(4);
+	    }
+	sscanf((char *)s,"%2x",&n);
+	*d=(unsigned char)n;
+	}
+    return s-d;
+    }
+
+static char *sstrsep(char **string, const char *delim)
+    {
+    char isdelim[256];
+    char *token = *string;
+
+    if (**string == 0)
+        return NULL;
+
+    memset(isdelim, 0, 256);
+    isdelim[0] = 1;
+
+    while (*delim)
+        {
+        isdelim[(unsigned char)(*delim)] = 1;
+        delim++;
+        }
+
+    while (!isdelim[(unsigned char)(**string)])
+        {
+        (*string)++;
+        }
+
+    if (**string)
+        {
+        **string = 0;
+        (*string)++;
+        }
+
+    return token;
+    }
+
+static unsigned char *ustrsep(char **p,const char *sep)
+    { return (unsigned char *)sstrsep(p,sep); }
+
+static int test1_exit(int ec)
+	{
+	EXIT(ec);
+	return(0);		/* To keep some compilers quiet */
+	}
+
+static void test1(const EVP_CIPHER *c,const unsigned char *key,int kn,
+		  const unsigned char *iv,int in,
+		  const unsigned char *plaintext,int pn,
+		  const unsigned char *ciphertext,int cn,
+		  int encdec)
+    {
+    EVP_CIPHER_CTX ctx;
+    unsigned char out[4096];
+    int outl,outl2;
+
+    printf("Testing cipher %s%s\n",EVP_CIPHER_name(c),
+	   (encdec == 1 ? "(encrypt)" : (encdec == 0 ? "(decrypt)" : "(encrypt/decrypt)")));
+    hexdump(stdout,"Key",key,kn);
+    if(in)
+	hexdump(stdout,"IV",iv,in);
+    hexdump(stdout,"Plaintext",plaintext,pn);
+    hexdump(stdout,"Ciphertext",ciphertext,cn);
+    
+    if(kn != c->key_len)
+	{
+	fprintf(stderr,"Key length doesn't match, got %d expected %d\n",kn,
+		c->key_len);
+	test1_exit(5);
+	}
+    EVP_CIPHER_CTX_init(&ctx);
+    if (encdec != 0)
+        {
+	if(!EVP_EncryptInit_ex(&ctx,c,NULL,key,iv))
+	    {
+	    fprintf(stderr,"EncryptInit failed\n");
+	    test1_exit(10);
+	    }
+	EVP_CIPHER_CTX_set_padding(&ctx,0);
+
+	if(!EVP_EncryptUpdate(&ctx,out,&outl,plaintext,pn))
+	    {
+	    fprintf(stderr,"Encrypt failed\n");
+	    test1_exit(6);
+	    }
+	if(!EVP_EncryptFinal_ex(&ctx,out+outl,&outl2))
+	    {
+	    fprintf(stderr,"EncryptFinal failed\n");
+	    test1_exit(7);
+	    }
+
+	if(outl+outl2 != cn)
+	    {
+	    fprintf(stderr,"Ciphertext length mismatch got %d expected %d\n",
+		    outl+outl2,cn);
+	    test1_exit(8);
+	    }
+
+	if(memcmp(out,ciphertext,cn))
+	    {
+	    fprintf(stderr,"Ciphertext mismatch\n");
+	    hexdump(stderr,"Got",out,cn);
+	    hexdump(stderr,"Expected",ciphertext,cn);
+	    test1_exit(9);
+	    }
+	}
+
+    if (encdec <= 0)
+        {
+	if(!EVP_DecryptInit_ex(&ctx,c,NULL,key,iv))
+	    {
+	    fprintf(stderr,"DecryptInit failed\n");
+	    test1_exit(11);
+	    }
+	EVP_CIPHER_CTX_set_padding(&ctx,0);
+
+	if(!EVP_DecryptUpdate(&ctx,out,&outl,ciphertext,cn))
+	    {
+	    fprintf(stderr,"Decrypt failed\n");
+	    test1_exit(6);
+	    }
+	if(!EVP_DecryptFinal_ex(&ctx,out+outl,&outl2))
+	    {
+	    fprintf(stderr,"DecryptFinal failed\n");
+	    test1_exit(7);
+	    }
+
+	if(outl+outl2 != cn)
+	    {
+	    fprintf(stderr,"Plaintext length mismatch got %d expected %d\n",
+		    outl+outl2,cn);
+	    test1_exit(8);
+	    }
+
+	if(memcmp(out,plaintext,cn))
+	    {
+	    fprintf(stderr,"Plaintext mismatch\n");
+	    hexdump(stderr,"Got",out,cn);
+	    hexdump(stderr,"Expected",plaintext,cn);
+	    test1_exit(9);
+	    }
+	}
+
+    EVP_CIPHER_CTX_cleanup(&ctx);
+
+    printf("\n");
+    }
+
+static int test_cipher(const char *cipher,const unsigned char *key,int kn,
+		       const unsigned char *iv,int in,
+		       const unsigned char *plaintext,int pn,
+		       const unsigned char *ciphertext,int cn,
+		       int encdec)
+    {
+    const EVP_CIPHER *c;
+
+    c=EVP_get_cipherbyname(cipher);
+    if(!c)
+	return 0;
+
+    test1(c,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec);
+
+    return 1;
+    }
+
+static int test_digest(const char *digest,
+		       const unsigned char *plaintext,int pn,
+		       const unsigned char *ciphertext, unsigned int cn)
+    {
+    const EVP_MD *d;
+    EVP_MD_CTX ctx;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    unsigned int mdn;
+
+    d=EVP_get_digestbyname(digest);
+    if(!d)
+	return 0;
+
+    printf("Testing digest %s\n",EVP_MD_name(d));
+    hexdump(stdout,"Plaintext",plaintext,pn);
+    hexdump(stdout,"Digest",ciphertext,cn);
+
+    EVP_MD_CTX_init(&ctx);
+    if(!EVP_DigestInit_ex(&ctx,d, NULL))
+	{
+	fprintf(stderr,"DigestInit failed\n");
+	EXIT(100);
+	}
+    if(!EVP_DigestUpdate(&ctx,plaintext,pn))
+	{
+	fprintf(stderr,"DigestUpdate failed\n");
+	EXIT(101);
+	}
+    if(!EVP_DigestFinal_ex(&ctx,md,&mdn))
+	{
+	fprintf(stderr,"DigestFinal failed\n");
+	EXIT(101);
+	}
+    EVP_MD_CTX_cleanup(&ctx);
+
+    if(mdn != cn)
+	{
+	fprintf(stderr,"Digest length mismatch, got %d expected %d\n",mdn,cn);
+	EXIT(102);
+	}
+
+    if(memcmp(md,ciphertext,cn))
+	{
+	fprintf(stderr,"Digest mismatch\n");
+	hexdump(stderr,"Got",md,cn);
+	hexdump(stderr,"Expected",ciphertext,cn);
+	EXIT(103);
+	}
+
+    printf("\n");
+
+    EVP_MD_CTX_cleanup(&ctx);
+
+    return 1;
+    }
+
+int main(int argc,char **argv)
+    {
+    const char *szTestFile;
+    FILE *f;
+
+    if(argc != 2)
+	{
+	fprintf(stderr,"%s <test file>\n",argv[0]);
+	EXIT(1);
+	}
+    CRYPTO_malloc_debug_init();
+    CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    szTestFile=argv[1];
+
+    f=fopen(szTestFile,"r");
+    if(!f)
+	{
+	perror(szTestFile);
+	EXIT(2);
+	}
+
+    /* Load up the software EVP_CIPHER and EVP_MD definitions */
+    OpenSSL_add_all_ciphers();
+    OpenSSL_add_all_digests();
+    /* Load all compiled-in ENGINEs */
+    ENGINE_load_builtin_engines();
+#if 0
+    OPENSSL_config();
+#endif
+    /* Register all available ENGINE implementations of ciphers and digests.
+     * This could perhaps be changed to "ENGINE_register_all_complete()"? */
+    ENGINE_register_all_ciphers();
+    ENGINE_register_all_digests();
+    /* If we add command-line options, this statement should be switchable.
+     * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if
+     * they weren't already initialised. */
+    /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */
+
+    for( ; ; )
+	{
+	char line[4096];
+	char *p;
+	char *cipher;
+	unsigned char *iv,*key,*plaintext,*ciphertext;
+	int encdec;
+	int kn,in,pn,cn;
+
+	if(!fgets((char *)line,sizeof line,f))
+	    break;
+	if(line[0] == '#' || line[0] == '\n')
+	    continue;
+	p=line;
+	cipher=sstrsep(&p,":");	
+	key=ustrsep(&p,":");
+	iv=ustrsep(&p,":");
+	plaintext=ustrsep(&p,":");
+	ciphertext=ustrsep(&p,":");
+	if (p[-1] == '\n') {
+	    p[-1] = '\0';
+	    encdec = -1;
+	} else {
+	    encdec = atoi(sstrsep(&p,"\n"));
+	}
+	      
+
+	kn=convert(key);
+	in=convert(iv);
+	pn=convert(plaintext);
+	cn=convert(ciphertext);
+
+	if(!test_cipher(cipher,key,kn,iv,in,plaintext,pn,ciphertext,cn,encdec)
+	   && !test_digest(cipher,plaintext,pn,ciphertext,cn))
+	    {
+	    fprintf(stderr,"Can't find %s\n",cipher);
+	    EXIT(3);
+	    }
+	}
+
+    ENGINE_cleanup();
+    EVP_cleanup();
+    CRYPTO_cleanup_all_ex_data();
+    ERR_remove_state(0);
+    ERR_free_strings();
+    CRYPTO_mem_leaks_fp(stderr);
+
+    return 0;
+    }
diff --git a/crypto/evp/evptests.txt b/crypto/evp/evptests.txt
new file mode 100644
index 0000000000..80bd9c7765
--- /dev/null
+++ b/crypto/evp/evptests.txt
@@ -0,0 +1,183 @@
+#cipher:key:iv:plaintext:ciphertext:0/1(decrypt/encrypt)
+#digest:::input:output
+
+# SHA(1) tests (from shatest.c)
+SHA1:::616263:a9993e364706816aba3e25717850c26c9cd0d89d
+
+# MD5 tests (from md5test.c)
+MD5::::d41d8cd98f00b204e9800998ecf8427e
+MD5:::61:0cc175b9c0f1b6a831c399e269772661
+MD5:::616263:900150983cd24fb0d6963f7d28e17f72
+MD5:::6d65737361676520646967657374:f96b697d7cb7938d525a2f31aaf161d0
+MD5:::6162636465666768696a6b6c6d6e6f707172737475767778797a:c3fcd3d76192e4007dfb496cca67e13b
+MD5:::4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839:d174ab98d277d9f5a5611c2c9f419d9f
+MD5:::3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930:57edf4a22be3c955ac49da2e2107b67a
+
+# AES 128 ECB tests (from FIPS-197 test vectors, encrypt)
+
+AES-128-ECB:000102030405060708090A0B0C0D0E0F::00112233445566778899AABBCCDDEEFF:69C4E0D86A7B0430D8CDB78070B4C55A:1
+
+# AES 192 ECB tests (from FIPS-197 test vectors, encrypt)
+
+AES-192-ECB:000102030405060708090A0B0C0D0E0F1011121314151617::00112233445566778899AABBCCDDEEFF:DDA97CA4864CDFE06EAF70A0EC0D7191:1
+
+# AES 256 ECB tests (from FIPS-197 test vectors, encrypt)
+
+AES-256-ECB:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F::00112233445566778899AABBCCDDEEFF:8EA2B7CA516745BFEAFC49904B496089:1
+
+# AES 128 ECB tests (from NIST test vectors, encrypt)
+
+#AES-128-ECB:00000000000000000000000000000000::00000000000000000000000000000000:C34C052CC0DA8D73451AFE5F03BE297F:1
+
+# AES 128 ECB tests (from NIST test vectors, decrypt)
+
+#AES-128-ECB:00000000000000000000000000000000::44416AC2D1F53C583303917E6BE9EBE0:00000000000000000000000000000000:0
+
+# AES 192 ECB tests (from NIST test vectors, decrypt)
+
+#AES-192-ECB:000000000000000000000000000000000000000000000000::48E31E9E256718F29229319C19F15BA4:00000000000000000000000000000000:0
+
+# AES 256 ECB tests (from NIST test vectors, decrypt)
+
+#AES-256-ECB:0000000000000000000000000000000000000000000000000000000000000000::058CCFFDBBCB382D1F6F56585D8A4ADE:00000000000000000000000000000000:0
+
+# AES 128 CBC tests (from NIST test vectors, encrypt)
+
+#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:8A05FC5E095AF4848A08D328D3688E3D:1
+
+# AES 192 CBC tests (from NIST test vectors, encrypt)
+
+#AES-192-CBC:000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:7BD966D53AD8C1BB85D2ADFAE87BB104:1
+
+# AES 256 CBC tests (from NIST test vectors, encrypt)
+
+#AES-256-CBC:0000000000000000000000000000000000000000000000000000000000000000:00000000000000000000000000000000:00000000000000000000000000000000:FE3C53653E2F45B56FCD88B2CC898FF0:1
+
+# AES 128 CBC tests (from NIST test vectors, decrypt)
+
+#AES-128-CBC:00000000000000000000000000000000:00000000000000000000000000000000:FACA37E0B0C85373DF706E73F7C9AF86:00000000000000000000000000000000:0
+
+# AES tests from NIST document SP800-38A
+# For all ECB encrypts and decrypts, the transformed sequence is
+#   AES-bits-ECB:key::plaintext:ciphertext:encdec
+# ECB-AES128.Encrypt and ECB-AES128.Decrypt
+AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::6BC1BEE22E409F96E93D7E117393172A:3AD77BB40D7A3660A89ECAF32466EF97
+AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::AE2D8A571E03AC9C9EB76FAC45AF8E51:F5D3D58503B9699DE785895A96FDBAAF
+AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::30C81C46A35CE411E5FBC1191A0A52EF:43B1CD7F598ECE23881B00E3ED030688
+AES-128-ECB:2B7E151628AED2A6ABF7158809CF4F3C::F69F2445DF4F9B17AD2B417BE66C3710:7B0C785E27E8AD3F8223207104725DD4
+# ECB-AES192.Encrypt and ECB-AES192.Decrypt 
+AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::6BC1BEE22E409F96E93D7E117393172A:BD334F1D6E45F25FF712A214571FA5CC
+AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::AE2D8A571E03AC9C9EB76FAC45AF8E51:974104846D0AD3AD7734ECB3ECEE4EEF
+AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::30C81C46A35CE411E5FBC1191A0A52EF:EF7AFD2270E2E60ADCE0BA2FACE6444E
+AES-192-ECB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B::F69F2445DF4F9B17AD2B417BE66C3710:9A4B41BA738D6C72FB16691603C18E0E
+# ECB-AES256.Encrypt and ECB-AES256.Decrypt 
+AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::6BC1BEE22E409F96E93D7E117393172A:F3EED1BDB5D2A03C064B5A7E3DB181F8
+AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::AE2D8A571E03AC9C9EB76FAC45AF8E51:591CCB10D410ED26DC5BA74A31362870
+AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::30C81C46A35CE411E5FBC1191A0A52EF:B6ED21B99CA6F4F9F153E7B1BEAFED1D
+AES-256-ECB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4::F69F2445DF4F9B17AD2B417BE66C3710:23304B7A39F9F3FF067D8D8F9E24ECC7
+# For all CBC encrypts and decrypts, the transformed sequence is
+#   AES-bits-CBC:key:IV/ciphertext':plaintext:ciphertext:encdec
+# CBC-AES128.Encrypt and CBC-AES128.Decrypt 
+AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:7649ABAC8119B246CEE98E9B12E9197D
+AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:7649ABAC8119B246CEE98E9B12E9197D:AE2D8A571E03AC9C9EB76FAC45AF8E51:5086CB9B507219EE95DB113A917678B2
+AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:5086CB9B507219EE95DB113A917678B2:30C81C46A35CE411E5FBC1191A0A52EF:73BED6B8E3C1743B7116E69E22229516
+AES-128-CBC:2B7E151628AED2A6ABF7158809CF4F3C:73BED6B8E3C1743B7116E69E22229516:F69F2445DF4F9B17AD2B417BE66C3710:3FF1CAA1681FAC09120ECA307586E1A7
+# CBC-AES192.Encrypt and CBC-AES192.Decrypt 
+AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:4F021DB243BC633D7178183A9FA071E8
+AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:4F021DB243BC633D7178183A9FA071E8:AE2D8A571E03AC9C9EB76FAC45AF8E51:B4D9ADA9AD7DEDF4E5E738763F69145A
+AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:B4D9ADA9AD7DEDF4E5E738763F69145A:30C81C46A35CE411E5FBC1191A0A52EF:571B242012FB7AE07FA9BAAC3DF102E0
+AES-192-CBC:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:571B242012FB7AE07FA9BAAC3DF102E0:F69F2445DF4F9B17AD2B417BE66C3710:08B0E27988598881D920A9E64F5615CD
+# CBC-AES256.Encrypt and CBC-AES256.Decrypt 
+AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:F58C4C04D6E5F1BA779EABFB5F7BFBD6
+AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:F58C4C04D6E5F1BA779EABFB5F7BFBD6:AE2D8A571E03AC9C9EB76FAC45AF8E51:9CFC4E967EDB808D679F777BC6702C7D
+AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:9CFC4E967EDB808D679F777BC6702C7D:30C81C46A35CE411E5FBC1191A0A52EF:39F23369A9D9BACFA530E26304231461
+AES-256-CBC:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39F23369A9D9BACFA530E26304231461:F69F2445DF4F9B17AD2B417BE66C3710:B2EB05E2C39BE9FCDA6C19078C6A9D1B
+# We don't support CFB{1,8}-AESxxx.{En,De}crypt
+# For all CFB128 encrypts and decrypts, the transformed sequence is
+#   AES-bits-CFB:key:IV/ciphertext':plaintext:ciphertext:encdec
+# CFB128-AES128.Encrypt 
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:1
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:1
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:1
+# CFB128-AES128.Decrypt 
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:3B3FD92EB72DAD20333449F8E83CFB4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:C8A64537A0B3A93FCDE3CDAD9F1CE58B:0
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:C8A64537A0B3A93FCDE3CDAD9F1CE58B:30C81C46A35CE411E5FBC1191A0A52EF:26751F67A3CBB140B1808CF187A4F4DF:0
+AES-128-CFB:2B7E151628AED2A6ABF7158809CF4F3C:26751F67A3CBB140B1808CF187A4F4DF:F69F2445DF4F9B17AD2B417BE66C3710:C04B05357C5D1C0EEAC4C66F9FF7F2E6:0
+# CFB128-AES192.Encrypt
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:1
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:1
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:1
+# CFB128-AES192.Decrypt
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:CDC80D6FDDF18CAB34C25909C99A4174:AE2D8A571E03AC9C9EB76FAC45AF8E51:67CE7F7F81173621961A2B70171D3D7A:0
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:67CE7F7F81173621961A2B70171D3D7A:30C81C46A35CE411E5FBC1191A0A52EF:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:0
+AES-192-CFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:2E1E8A1DD59B88B1C8E60FED1EFAC4C9:F69F2445DF4F9B17AD2B417BE66C3710:C05F9F9CA9834FA042AE8FBA584B09FF:0
+# CFB128-AES256.Encrypt 
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:1
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:1
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:1
+# CFB128-AES256.Decrypt 
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DC7E84BFDA79164B7ECD8486985D3860:AE2D8A571E03AC9C9EB76FAC45AF8E51:39FFED143B28B1C832113C6331E5407B:0
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:39FFED143B28B1C832113C6331E5407B:30C81C46A35CE411E5FBC1191A0A52EF:DF10132415E54B92A13ED0A8267AE2F9:0
+AES-256-CFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:DF10132415E54B92A13ED0A8267AE2F9:F69F2445DF4F9B17AD2B417BE66C3710:75A385741AB9CEF82031623D55B1E471:0
+# For all OFB encrypts and decrypts, the transformed sequence is
+#   AES-bits-CFB:key:IV/output':plaintext:ciphertext:encdec
+# OFB-AES128.Encrypt 
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:1 
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:1 
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:1 
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:1 
+# OFB-AES128.Decrypt 
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:3B3FD92EB72DAD20333449F8E83CFB4A:0
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:50FE67CC996D32B6DA0937E99BAFEC60:AE2D8A571E03AC9C9EB76FAC45AF8E51:7789508D16918F03F53C52DAC54ED825:0
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:D9A4DADA0892239F6B8B3D7680E15674:30C81C46A35CE411E5FBC1191A0A52EF:9740051E9C5FECF64344F7A82260EDCC:0
+AES-128-OFB:2B7E151628AED2A6ABF7158809CF4F3C:A78819583F0308E7A6BF36B1386ABF23:F69F2445DF4F9B17AD2B417BE66C3710:304C6528F659C77866A510D9C1D6AE5E:0
+# OFB-AES192.Encrypt 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:1 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:1 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:1 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:1 
+# OFB-AES192.Decrypt 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:CDC80D6FDDF18CAB34C25909C99A4174:0 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:A609B38DF3B1133DDDFF2718BA09565E:AE2D8A571E03AC9C9EB76FAC45AF8E51:FCC28B8D4C63837C09E81700C1100401:0 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:52EF01DA52602FE0975F78AC84BF8A50:30C81C46A35CE411E5FBC1191A0A52EF:8D9A9AEAC0F6596F559C6D4DAF59A5F2:0 
+AES-192-OFB:8E73B0F7DA0E6452C810F32B809079E562F8EAD2522C6B7B:BD5286AC63AABD7EB067AC54B553F71D:F69F2445DF4F9B17AD2B417BE66C3710:6D9F200857CA6C3E9CAC524BD9ACC92A:0 
+# OFB-AES256.Encrypt 
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:1
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:1
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:1
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:1
+# OFB-AES256.Decrypt 
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:000102030405060708090A0B0C0D0E0F:6BC1BEE22E409F96E93D7E117393172A:DC7E84BFDA79164B7ECD8486985D3860:0
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7BF3A5DF43989DD97F0FA97EBCE2F4A:AE2D8A571E03AC9C9EB76FAC45AF8E51:4FEBDC6740D20B3AC88F6AD82A4FB08D:0
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0
+AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0
+
+# DES ECB tests (from destest)
+
+DES-ECB:0000000000000000::0000000000000000:8CA64DE9C1B123A7
+DES-ECB:FFFFFFFFFFFFFFFF::FFFFFFFFFFFFFFFF:7359B2163E4EDC58
+DES-ECB:3000000000000000::1000000000000001:958E6E627A05557B
+DES-ECB:1111111111111111::1111111111111111:F40379AB9E0EC533
+DES-ECB:0123456789ABCDEF::1111111111111111:17668DFC7292532D
+DES-ECB:1111111111111111::0123456789ABCDEF:8A5AE1F81AB8F2DD
+DES-ECB:FEDCBA9876543210::0123456789ABCDEF:ED39D950FA74BCC4
+
+# DESX-CBC tests (from destest)
+DESX-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:846B2914851E9A2954732F8AA0A611C115CDC2D7951B1053A63C5E03B21AA3C4
+
+# DES EDE3 CBC tests (from destest)
+DES-EDE3-CBC:0123456789abcdeff1e0d3c2b5a49786fedcba9876543210:fedcba9876543210:37363534333231204E6F77206973207468652074696D6520666F722000000000:3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
+
+# RC4 tests (from rc4test)
+RC4:0123456789abcdef0123456789abcdef::0123456789abcdef:75b7878099e0c596
+RC4:0123456789abcdef0123456789abcdef::0000000000000000:7494c2e7104b0879
+RC4:00000000000000000000000000000000::0000000000000000:de188941a3375d3a
+RC4:ef012345ef012345ef012345ef012345::0000000000000000000000000000000000000000:d6a141a7ec3c38dfbd615a1162e1c7ba36b67858
+RC4:0123456789abcdef0123456789abcdef::123456789ABCDEF0123456789ABCDEF0123456789ABCDEF012345678:66a0949f8af7d6891f7f832ba833c00c892ebe30143ce28740011ecf
+RC4:ef012345ef012345ef012345ef012345::00000000000000000000:d6a141a7ec3c38dfbd61
diff --git a/crypto/evp/m_dss.c b/crypto/evp/m_dss.c
index 3549b1699c..beb8d7fc5c 100644
--- a/crypto/evp/m_dss.c
+++ b/crypto/evp/m_dss.c
@@ -58,25 +58,38 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-static EVP_MD dsa_md=
+#ifndef OPENSSL_NO_SHA
+static int init(EVP_MD_CTX *ctx)
+	{ return SHA1_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{ return SHA1_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return SHA1_Final(md,ctx->md_data); }
+
+static const EVP_MD dsa_md=
 	{
 	NID_dsaWithSHA,
 	NID_dsaWithSHA,
 	SHA_DIGEST_LENGTH,
-	SHA1_Init,
-	SHA1_Update,
-	SHA1_Final,
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
 	EVP_PKEY_DSA_method,
 	SHA_CBLOCK,
 	sizeof(EVP_MD *)+sizeof(SHA_CTX),
 	};
 
-EVP_MD *EVP_dss()
+const EVP_MD *EVP_dss(void)
 	{
 	return(&dsa_md);
 	}
-
+#endif
diff --git a/crypto/evp/m_dss1.c b/crypto/evp/m_dss1.c
index ff256b7b20..f5668ebda0 100644
--- a/crypto/evp/m_dss1.c
+++ b/crypto/evp/m_dss1.c
@@ -56,26 +56,40 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_SHA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-static EVP_MD dss1_md=
+static int init(EVP_MD_CTX *ctx)
+	{ return SHA1_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{ return SHA1_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return SHA1_Final(md,ctx->md_data); }
+
+static const EVP_MD dss1_md=
 	{
 	NID_dsa,
 	NID_dsaWithSHA1,
 	SHA_DIGEST_LENGTH,
-	SHA1_Init,
-	SHA1_Update,
-	SHA1_Final,
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
 	EVP_PKEY_DSA_method,
 	SHA_CBLOCK,
 	sizeof(EVP_MD *)+sizeof(SHA_CTX),
 	};
 
-EVP_MD *EVP_dss1()
+const EVP_MD *EVP_dss1(void)
 	{
 	return(&dss1_md);
 	}
+#endif
diff --git a/crypto/evp/pk_lib.c b/crypto/evp/m_ecdsa.c
index 08f9fabbae..4e8b010709 100644
--- a/crypto/evp/pk_lib.c
+++ b/crypto/evp/m_ecdsa.c
@@ -1,4 +1,4 @@
-/* crypto/evp/pk_lib.c */
+/* crypto/evp/m_ecdsa.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -58,25 +58,38 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-static LHASH *pk_md=NULL;
+#ifndef OPENSSL_NO_SHA
+static int init(EVP_MD_CTX *ctx)
+	{ return SHA1_Init(ctx->md_data); }
 
-static LHASH *pk_md=NULL;
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{ return SHA1_Update(ctx->md_data,data,count); }
 
-int EVP_add_pkey_md(oid,pkm,md)
-int oid;
-EVP_PKEY_METHOD *pkm;
-EVP_MD *md;
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return SHA1_Final(md,ctx->md_data); }
+
+static const EVP_MD ecdsa_md=
 	{
-	}
+	NID_ecdsa_with_SHA1,
+	NID_ecdsa_with_SHA1,
+	SHA_DIGEST_LENGTH,
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
+	EVP_PKEY_ECDSA_method,
+	SHA_CBLOCK,
+	sizeof(EVP_MD *)+sizeof(SHA_CTX),
+	};
 
-EVP_add_pkey(pkm)
-EVP_PKEY_METHOD *pkm;
+const EVP_MD *EVP_ecdsa(void)
 	{
+	return(&ecdsa_md);
 	}
-
-EVP_PKEY_METHOD:q
-
-
+#endif
diff --git a/crypto/evp/m_md2.c b/crypto/evp/m_md2.c
index 2209416142..50914c83b3 100644
--- a/crypto/evp/m_md2.c
+++ b/crypto/evp/m_md2.c
@@ -56,27 +56,41 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_MD2
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/md2.h>
 
-static EVP_MD md2_md=
+static int init(EVP_MD_CTX *ctx)
+	{ return MD2_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{ return MD2_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return MD2_Final(md,ctx->md_data); }
+
+static const EVP_MD md2_md=
 	{
 	NID_md2,
 	NID_md2WithRSAEncryption,
 	MD2_DIGEST_LENGTH,
-	MD2_Init,
-	MD2_Update,
-	MD2_Final,
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
 	EVP_PKEY_RSA_method,
 	MD2_BLOCK,
 	sizeof(EVP_MD *)+sizeof(MD2_CTX),
 	};
 
-EVP_MD *EVP_md2()
+const EVP_MD *EVP_md2(void)
 	{
 	return(&md2_md);
 	}
-
+#endif
diff --git a/crypto/bn/old/bn_com.c b/crypto/evp/m_md4.c
index 7666b2304c..e19b663754 100644
--- a/crypto/bn/old/bn_com.c
+++ b/crypto/evp/m_md4.c
@@ -1,4 +1,4 @@
-/* crypto/bn/bn_mulw.c */
+/* crypto/evp/m_md4.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,35 +56,41 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_MD4
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn_lcl.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/md4.h>
 
-#ifdef BN_LLONG 
+static int init(EVP_MD_CTX *ctx)
+	{ return MD4_Init(ctx->md_data); }
 
-ab
-12
-   a2 b2
-a1 b1
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{ return MD4_Update(ctx->md_data,data,count); }
 
-abc
-123
-      a3 b3 c3
-   a2 b2 c2
-a1 b1 c1
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return MD4_Final(md,ctx->md_data); }
 
-abcd
-1234
-         a4 b4 c4 d4
-      a3 b3 c3 d3
-   a2 b2 c2 d2
-a1 b1 c1 d1
+static const EVP_MD md4_md=
+	{
+	NID_md4,
+	NID_md4WithRSAEncryption,
+	MD4_DIGEST_LENGTH,
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
+	EVP_PKEY_RSA_method,
+	MD4_CBLOCK,
+	sizeof(EVP_MD *)+sizeof(MD4_CTX),
+	};
 
-abcde
-01234
-               a5 b5 c5 d5 e5
-            a4 b4 c4 d4 e4
-         a3 b3 c3 d3 e3
-      a2 b2 c2 d2 e2
-   a1 b1 c1 d1 e1
-a0 b0 c0 d0 e0
+const EVP_MD *EVP_md4(void)
+	{
+	return(&md4_md);
+	}
+#endif
diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c
index d65db9aa1d..b00a03e048 100644
--- a/crypto/evp/m_md5.c
+++ b/crypto/evp/m_md5.c
@@ -56,26 +56,41 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_MD5
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/md5.h>
 
-static EVP_MD md5_md=
+static int init(EVP_MD_CTX *ctx)
+	{ return MD5_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{ return MD5_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return MD5_Final(md,ctx->md_data); }
+
+static const EVP_MD md5_md=
 	{
 	NID_md5,
 	NID_md5WithRSAEncryption,
 	MD5_DIGEST_LENGTH,
-	MD5_Init,
-	MD5_Update,
-	MD5_Final,
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
 	EVP_PKEY_RSA_method,
 	MD5_CBLOCK,
 	sizeof(EVP_MD *)+sizeof(MD5_CTX),
 	};
 
-EVP_MD *EVP_md5()
+const EVP_MD *EVP_md5(void)
 	{
 	return(&md5_md);
 	}
+#endif
diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c
index 64a853eb7f..9f6467c931 100644
--- a/crypto/evp/m_mdc2.c
+++ b/crypto/evp/m_mdc2.c
@@ -56,26 +56,41 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_MDC2
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/mdc2.h>
 
-static EVP_MD mdc2_md=
+static int init(EVP_MD_CTX *ctx)
+	{ return MDC2_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{ return MDC2_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return MDC2_Final(md,ctx->md_data); }
+
+static const EVP_MD mdc2_md=
 	{
 	NID_mdc2,
 	NID_mdc2WithRSA,
 	MDC2_DIGEST_LENGTH,
-	MDC2_Init,
-	MDC2_Update,
-	MDC2_Final,
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
 	EVP_PKEY_RSA_ASN1_OCTET_STRING_method,
 	MDC2_BLOCK,
 	sizeof(EVP_MD *)+sizeof(MDC2_CTX),
 	};
 
-EVP_MD *EVP_mdc2()
+const EVP_MD *EVP_mdc2(void)
 	{
 	return(&mdc2_md);
 	}
+#endif
diff --git a/crypto/evp/m_null.c b/crypto/evp/m_null.c
index 6d80560df2..f6f0a1d2c0 100644
--- a/crypto/evp/m_null.c
+++ b/crypto/evp/m_null.c
@@ -58,29 +58,36 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-static void function()
-	{
-	}
+static int init(EVP_MD_CTX *ctx)
+	{ return 1; }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{ return 1; }
 
-static EVP_MD null_md=
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return 1; }
+
+static const EVP_MD null_md=
 	{
 	NID_undef,
 	NID_undef,
 	0,
-	function,
-	function,
-	function,
-	
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
 	EVP_PKEY_NULL_method,
 	0,
 	sizeof(EVP_MD *),
 	};
 
-EVP_MD *EVP_md_null()
+const EVP_MD *EVP_md_null(void)
 	{
 	return(&null_md);
 	}
diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c
index 04c5d8897b..64725528dc 100644
--- a/crypto/evp/m_ripemd.c
+++ b/crypto/evp/m_ripemd.c
@@ -56,26 +56,41 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_RIPEMD
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/ripemd.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-static EVP_MD ripemd160_md=
+static int init(EVP_MD_CTX *ctx)
+	{ return RIPEMD160_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{ return RIPEMD160_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return RIPEMD160_Final(md,ctx->md_data); }
+
+static const EVP_MD ripemd160_md=
 	{
 	NID_ripemd160,
 	NID_ripemd160WithRSA,
 	RIPEMD160_DIGEST_LENGTH,
-	RIPEMD160_Init,
-	RIPEMD160_Update,
-	RIPEMD160_Final,
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
 	EVP_PKEY_RSA_method,
 	RIPEMD160_CBLOCK,
 	sizeof(EVP_MD *)+sizeof(RIPEMD160_CTX),
 	};
 
-EVP_MD *EVP_ripemd160()
+const EVP_MD *EVP_ripemd160(void)
 	{
 	return(&ripemd160_md);
 	}
+#endif
diff --git a/crypto/evp/m_sha.c b/crypto/evp/m_sha.c
index af4e434a22..10697c7ed3 100644
--- a/crypto/evp/m_sha.c
+++ b/crypto/evp/m_sha.c
@@ -56,27 +56,40 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_SHA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-static EVP_MD sha_md=
+static int init(EVP_MD_CTX *ctx)
+	{ return SHA_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{ return SHA_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return SHA_Final(md,ctx->md_data); }
+
+static const EVP_MD sha_md=
 	{
 	NID_sha,
 	NID_shaWithRSAEncryption,
 	SHA_DIGEST_LENGTH,
-	SHA_Init,
-	SHA_Update,
-	SHA_Final,
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
 	EVP_PKEY_RSA_method,
 	SHA_CBLOCK,
 	sizeof(EVP_MD *)+sizeof(SHA_CTX),
 	};
 
-EVP_MD *EVP_sha()
+const EVP_MD *EVP_sha(void)
 	{
 	return(&sha_md);
 	}
-
+#endif
diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c
index 87135a9cf2..d6be3502f0 100644
--- a/crypto/evp/m_sha1.c
+++ b/crypto/evp/m_sha1.c
@@ -56,26 +56,40 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_SHA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-static EVP_MD sha1_md=
+static int init(EVP_MD_CTX *ctx)
+	{ return SHA1_Init(ctx->md_data); }
+
+static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count)
+	{ return SHA1_Update(ctx->md_data,data,count); }
+
+static int final(EVP_MD_CTX *ctx,unsigned char *md)
+	{ return SHA1_Final(md,ctx->md_data); }
+
+static const EVP_MD sha1_md=
 	{
 	NID_sha1,
 	NID_sha1WithRSAEncryption,
 	SHA_DIGEST_LENGTH,
-	SHA1_Init,
-	SHA1_Update,
-	SHA1_Final,
+	0,
+	init,
+	update,
+	final,
+	NULL,
+	NULL,
 	EVP_PKEY_RSA_method,
 	SHA_CBLOCK,
 	sizeof(EVP_MD *)+sizeof(SHA_CTX),
 	};
 
-EVP_MD *EVP_sha1()
+const EVP_MD *EVP_sha1(void)
 	{
 	return(&sha1_md);
 	}
+#endif
diff --git a/crypto/evp/names.c b/crypto/evp/names.c
index 4cc715606e..eb9f4329cd 100644
--- a/crypto/evp/names.c
+++ b/crypto/evp/names.c
@@ -58,11 +58,11 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-int EVP_add_cipher(c)
-EVP_CIPHER *c;
+int EVP_add_cipher(const EVP_CIPHER *c)
 	{
 	int r;
 
@@ -72,11 +72,10 @@ EVP_CIPHER *c;
 	return(r);
 	}
 
-int EVP_add_digest(md)
-EVP_MD *md;
+int EVP_add_digest(const EVP_MD *md)
 	{
 	int r;
-	char *name;
+	const char *name;
 
 	name=OBJ_nid2sn(md->type);
 	r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(char *)md);
@@ -95,26 +94,30 @@ EVP_MD *md;
 	return(r);
 	}
 
-EVP_CIPHER *EVP_get_cipherbyname(name)
-char *name;
+const EVP_CIPHER *EVP_get_cipherbyname(const char *name)
 	{
-	EVP_CIPHER *cp;
+	const EVP_CIPHER *cp;
 
-	cp=(EVP_CIPHER *)OBJ_NAME_get(name,OBJ_NAME_TYPE_CIPHER_METH);
+	cp=(const EVP_CIPHER *)OBJ_NAME_get(name,OBJ_NAME_TYPE_CIPHER_METH);
 	return(cp);
 	}
 
-EVP_MD *EVP_get_digestbyname(name)
-char *name;
+const EVP_MD *EVP_get_digestbyname(const char *name)
 	{
-	EVP_MD *cp;
+	const EVP_MD *cp;
 
-	cp=(EVP_MD *)OBJ_NAME_get(name,OBJ_NAME_TYPE_MD_METH);
+	cp=(const EVP_MD *)OBJ_NAME_get(name,OBJ_NAME_TYPE_MD_METH);
 	return(cp);
 	}
 
-void EVP_cleanup()
+void EVP_cleanup(void)
 	{
 	OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH);
 	OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH);
+	/* The above calls will only clean out the contents of the name
+	   hash table, but not the hash table itself.  The following line
+	   does that part.  -- Richard Levitte */
+	OBJ_NAME_cleanup(-1);
+
+	EVP_PBE_cleanup();
 	}
diff --git a/crypto/evp/openbsd_hw.c b/crypto/evp/openbsd_hw.c
new file mode 100644
index 0000000000..3831a5731e
--- /dev/null
+++ b/crypto/evp/openbsd_hw.c
@@ -0,0 +1,446 @@
+/* Written by Ben Laurie, 2001 */
+/*
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/rsa.h>
+#include "evp_locl.h"
+
+/* This stuff should now all be supported through
+ * crypto/engine/hw_openbsd_dev_crypto.c unless I botched it up */
+static void *dummy=&dummy;
+
+#if 0
+
+/* check flag after OpenSSL headers to ensure make depend works */
+#ifdef OPENSSL_OPENBSD_DEV_CRYPTO
+
+#include <fcntl.h>
+#include <stdio.h>
+#include <errno.h>
+#include <sys/ioctl.h>
+#include <crypto/cryptodev.h>
+#include <unistd.h>
+#include <assert.h>
+
+/* longest key supported in hardware */
+#define MAX_HW_KEY	24
+#define MAX_HW_IV	8
+
+#define MD5_DIGEST_LENGTH	16
+#define MD5_CBLOCK		64
+
+static int fd;
+static int dev_failed;
+
+typedef struct session_op session_op;
+
+#define CDATA(ctx) EVP_C_DATA(session_op,ctx)
+
+static void err(const char *str)
+    {
+    fprintf(stderr,"%s: errno %d\n",str,errno);
+    }
+
+static int dev_crypto_init(session_op *ses)
+    {
+    if(dev_failed)
+	return 0;
+    if(!fd)
+	{
+	int cryptodev_fd;
+
+        if ((cryptodev_fd=open("/dev/crypto",O_RDWR,0)) < 0)
+	    {
+	    err("/dev/crypto");
+	    dev_failed=1;
+	    return 0;
+	    }
+        if (ioctl(cryptodev_fd,CRIOGET,&fd) == -1)
+	    {
+	    err("CRIOGET failed");
+	    close(cryptodev_fd);
+	    dev_failed=1;
+	    return 0;
+	    }
+	close(cryptodev_fd);
+	}
+    assert(ses);
+    memset(ses,'\0',sizeof *ses);
+
+    return 1;
+    }
+
+static int dev_crypto_cleanup(EVP_CIPHER_CTX *ctx)
+    {
+    if(ioctl(fd,CIOCFSESSION,&CDATA(ctx)->ses) == -1)
+	err("CIOCFSESSION failed");
+
+    OPENSSL_free(CDATA(ctx)->key);
+
+    return 1;
+    }
+
+static int dev_crypto_init_key(EVP_CIPHER_CTX *ctx,int cipher,
+			       const unsigned char *key,int klen)
+    {
+    if(!dev_crypto_init(CDATA(ctx)))
+	return 0;
+
+    CDATA(ctx)->key=OPENSSL_malloc(MAX_HW_KEY);
+
+    assert(ctx->cipher->iv_len <= MAX_HW_IV);
+
+    memcpy(CDATA(ctx)->key,key,klen);
+    
+    CDATA(ctx)->cipher=cipher;
+    CDATA(ctx)->keylen=klen;
+
+    if (ioctl(fd,CIOCGSESSION,CDATA(ctx)) == -1)
+	{
+	err("CIOCGSESSION failed");
+	return 0;
+	}
+    return 1;
+    }
+
+static int dev_crypto_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
+			     const unsigned char *in,unsigned int inl)
+    {
+    struct crypt_op cryp;
+    unsigned char lb[MAX_HW_IV];
+
+    if(!inl)
+	return 1;
+
+    assert(CDATA(ctx));
+    assert(!dev_failed);
+
+    memset(&cryp,'\0',sizeof cryp);
+    cryp.ses=CDATA(ctx)->ses;
+    cryp.op=ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+    cryp.flags=0;
+    cryp.len=inl;
+    assert((inl&(ctx->cipher->block_size-1)) == 0);
+    cryp.src=(caddr_t)in;
+    cryp.dst=(caddr_t)out;
+    cryp.mac=0;
+    if(ctx->cipher->iv_len)
+	cryp.iv=(caddr_t)ctx->iv;
+
+    if(!ctx->encrypt)
+	memcpy(lb,&in[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
+
+    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+	{
+	if(errno == EINVAL) /* buffers are misaligned */
+	    {
+	    unsigned int cinl=0;
+	    char *cin=NULL;
+	    char *cout=NULL;
+
+	    /* NB: this can only make cinl != inl with stream ciphers */
+	    cinl=(inl+3)/4*4;
+
+	    if(((unsigned long)in&3) || cinl != inl)
+		{
+		cin=OPENSSL_malloc(cinl);
+		memcpy(cin,in,inl);
+		cryp.src=cin;
+		}
+
+	    if(((unsigned long)out&3) || cinl != inl)
+		{
+		cout=OPENSSL_malloc(cinl);
+		cryp.dst=cout;
+		}
+
+	    cryp.len=cinl;
+
+	    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+		{
+		err("CIOCCRYPT(2) failed");
+		printf("src=%p dst=%p\n",cryp.src,cryp.dst);
+		abort();
+		return 0;
+		}
+		
+	    if(cout)
+		{
+		memcpy(out,cout,inl);
+		OPENSSL_free(cout);
+		}
+	    if(cin)
+		OPENSSL_free(cin);
+	    }
+	else 
+	    {	    
+	    err("CIOCCRYPT failed");
+	    abort();
+	    return 0;
+	    }
+	}
+
+    if(ctx->encrypt)
+	memcpy(ctx->iv,&out[cryp.len-ctx->cipher->iv_len],ctx->cipher->iv_len);
+    else
+	memcpy(ctx->iv,lb,ctx->cipher->iv_len);
+
+    return 1;
+    }
+
+static int dev_crypto_des_ede3_init_key(EVP_CIPHER_CTX *ctx,
+					const unsigned char *key,
+					const unsigned char *iv, int enc)
+    { return dev_crypto_init_key(ctx,CRYPTO_3DES_CBC,key,24); }
+
+#define dev_crypto_des_ede3_cbc_cipher dev_crypto_cipher
+
+BLOCK_CIPHER_def_cbc(dev_crypto_des_ede3, session_op, NID_des_ede3, 8, 24, 8,
+		     0, dev_crypto_des_ede3_init_key,
+		     dev_crypto_cleanup, 
+		     EVP_CIPHER_set_asn1_iv,
+		     EVP_CIPHER_get_asn1_iv,
+		     NULL)
+
+static int dev_crypto_rc4_init_key(EVP_CIPHER_CTX *ctx,
+					const unsigned char *key,
+					const unsigned char *iv, int enc)
+    { return dev_crypto_init_key(ctx,CRYPTO_ARC4,key,16); }
+
+static const EVP_CIPHER r4_cipher=
+    {
+    NID_rc4,
+    1,16,0,	/* FIXME: key should be up to 256 bytes */
+    EVP_CIPH_VARIABLE_LENGTH,
+    dev_crypto_rc4_init_key,
+    dev_crypto_cipher,
+    dev_crypto_cleanup,
+    sizeof(session_op),
+    NULL,
+    NULL,
+    NULL
+    };
+
+const EVP_CIPHER *EVP_dev_crypto_rc4(void)
+    { return &r4_cipher; }
+
+typedef struct
+    {
+    session_op sess;
+    char *data;
+    int len;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    } MD_DATA;
+
+static int dev_crypto_init_digest(MD_DATA *md_data,int mac)
+    {
+    if(!dev_crypto_init(&md_data->sess))
+	return 0;
+
+    md_data->len=0;
+    md_data->data=NULL;
+
+    md_data->sess.mac=mac;
+
+    if (ioctl(fd,CIOCGSESSION,&md_data->sess) == -1)
+	{
+	err("CIOCGSESSION failed");
+	return 0;
+	}
+    return 1;
+    }
+
+static int dev_crypto_cleanup_digest(MD_DATA *md_data)
+    {
+    if (ioctl(fd,CIOCFSESSION,&md_data->sess.ses) == -1)
+	{
+	err("CIOCFSESSION failed");
+	return 0;
+	}
+
+    return 1;
+    }
+
+/* FIXME: if device can do chained MACs, then don't accumulate */
+/* FIXME: move accumulation to the framework */
+static int dev_crypto_md5_init(EVP_MD_CTX *ctx)
+    { return dev_crypto_init_digest(ctx->md_data,CRYPTO_MD5); }
+
+static int do_digest(int ses,unsigned char *md,const void *data,int len)
+    {
+    struct crypt_op cryp;
+    static unsigned char md5zero[16]=
+	{
+	0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04,
+	0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e
+	};
+
+    /* some cards can't do zero length */
+    if(!len)
+	{
+	memcpy(md,md5zero,16);
+	return 1;
+	}
+
+    memset(&cryp,'\0',sizeof cryp);
+    cryp.ses=ses;
+    cryp.op=COP_ENCRYPT;/* required to do the MAC rather than check it */
+    cryp.len=len;
+    cryp.src=(caddr_t)data;
+    cryp.dst=(caddr_t)data; // FIXME!!!
+    cryp.mac=(caddr_t)md;
+
+    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+	{
+	if(errno == EINVAL) /* buffer is misaligned */
+	    {
+	    char *dcopy;
+
+	    dcopy=OPENSSL_malloc(len);
+	    memcpy(dcopy,data,len);
+	    cryp.src=dcopy;
+	    cryp.dst=cryp.src; // FIXME!!!
+
+	    if(ioctl(fd, CIOCCRYPT, &cryp) == -1)
+		{
+		err("CIOCCRYPT(MAC2) failed");
+		abort();
+		return 0;
+		}
+	    OPENSSL_free(dcopy);
+	    }
+	else
+	    {
+	    err("CIOCCRYPT(MAC) failed");
+	    abort();
+	    return 0;
+	    }
+	}
+    //    printf("done\n");
+
+    return 1;
+    }
+
+static int dev_crypto_md5_update(EVP_MD_CTX *ctx,const void *data,
+				 unsigned long len)
+    {
+    MD_DATA *md_data=ctx->md_data;
+
+    if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)
+	return do_digest(md_data->sess.ses,md_data->md,data,len);
+
+    md_data->data=OPENSSL_realloc(md_data->data,md_data->len+len);
+    memcpy(md_data->data+md_data->len,data,len);
+    md_data->len+=len;
+
+    return 1;
+    }	
+
+static int dev_crypto_md5_final(EVP_MD_CTX *ctx,unsigned char *md)
+    {
+    int ret;
+    MD_DATA *md_data=ctx->md_data;
+
+    if(ctx->flags&EVP_MD_CTX_FLAG_ONESHOT)
+	{
+	memcpy(md,md_data->md,MD5_DIGEST_LENGTH);
+	ret=1;
+	}
+    else
+	{
+	ret=do_digest(md_data->sess.ses,md,md_data->data,md_data->len);
+	OPENSSL_free(md_data->data);
+	md_data->data=NULL;
+	md_data->len=0;
+	}
+
+    return ret;
+    }
+
+static int dev_crypto_md5_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
+    {
+    const MD_DATA *from_md=from->md_data;
+    MD_DATA *to_md=to->md_data;
+
+    // How do we copy sessions?
+    assert(from->digest->flags&EVP_MD_FLAG_ONESHOT);
+
+    to_md->data=OPENSSL_malloc(from_md->len);
+    memcpy(to_md->data,from_md->data,from_md->len);
+
+    return 1;
+    }
+
+static int dev_crypto_md5_cleanup(EVP_MD_CTX *ctx)
+    {
+    return dev_crypto_cleanup_digest(ctx->md_data);
+    }
+
+static const EVP_MD md5_md=
+    {
+    NID_md5,
+    NID_md5WithRSAEncryption,
+    MD5_DIGEST_LENGTH,
+    EVP_MD_FLAG_ONESHOT,	// XXX: set according to device info...
+    dev_crypto_md5_init,
+    dev_crypto_md5_update,
+    dev_crypto_md5_final,
+    dev_crypto_md5_copy,
+    dev_crypto_md5_cleanup,
+    EVP_PKEY_RSA_method,
+    MD5_CBLOCK,
+    sizeof(MD_DATA),
+    };
+
+const EVP_MD *EVP_dev_crypto_md5(void)
+    { return &md5_md; }
+
+#endif
+#endif
diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c
new file mode 100644
index 0000000000..a1874e83b2
--- /dev/null
+++ b/crypto/evp/p5_crpt.c
@@ -0,0 +1,153 @@
+/* p5_crpt.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+
+/* PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info.
+ */
+
+void PKCS5_PBE_add(void)
+{
+#ifndef OPENSSL_NO_DES
+#  ifndef OPENSSL_NO_MD5
+EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(),
+							 PKCS5_PBE_keyivgen);
+#  endif
+#  ifndef OPENSSL_NO_MD2
+EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(),
+							 PKCS5_PBE_keyivgen);
+#  endif
+#  ifndef OPENSSL_NO_SHA
+EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(),
+							 PKCS5_PBE_keyivgen);
+#  endif
+#endif
+#ifndef OPENSSL_NO_RC2
+#  ifndef OPENSSL_NO_MD5
+EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(),
+							 PKCS5_PBE_keyivgen);
+#  endif
+#  ifndef OPENSSL_NO_MD2
+EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(),
+							 PKCS5_PBE_keyivgen);
+#  endif
+#  ifndef OPENSSL_NO_SHA
+EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(),
+							 PKCS5_PBE_keyivgen);
+#  endif
+#endif
+#ifndef OPENSSL_NO_HMAC
+EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen);
+#endif
+}
+
+int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
+			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
+			 int en_de)
+{
+	EVP_MD_CTX ctx;
+	unsigned char md_tmp[EVP_MAX_MD_SIZE];
+	unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+	int i;
+	PBEPARAM *pbe;
+	int saltlen, iter;
+	unsigned char *salt, *pbuf;
+
+	/* Extract useful info from parameter */
+	pbuf = param->value.sequence->data;
+	if (!param || (param->type != V_ASN1_SEQUENCE) ||
+	   !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) {
+		EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+		return 0;
+	}
+
+	if (!pbe->iter) iter = 1;
+	else iter = ASN1_INTEGER_get (pbe->iter);
+	salt = pbe->salt->data;
+	saltlen = pbe->salt->length;
+
+	if(!pass) passlen = 0;
+	else if(passlen == -1) passlen = strlen(pass);
+
+	EVP_MD_CTX_init(&ctx);
+	EVP_DigestInit_ex(&ctx, md, NULL);
+	EVP_DigestUpdate(&ctx, pass, passlen);
+	EVP_DigestUpdate(&ctx, salt, saltlen);
+	PBEPARAM_free(pbe);
+	EVP_DigestFinal_ex(&ctx, md_tmp, NULL);
+	for (i = 1; i < iter; i++) {
+		EVP_DigestInit_ex(&ctx, md, NULL);
+		EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md));
+		EVP_DigestFinal_ex (&ctx, md_tmp, NULL);
+	}
+	EVP_MD_CTX_cleanup(&ctx);
+	OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= sizeof md_tmp);
+	memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
+	OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
+	memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
+						 EVP_CIPHER_iv_length(cipher));
+	EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
+	OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
+	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+	return 1;
+}
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
new file mode 100644
index 0000000000..1f94e1ef88
--- /dev/null
+++ b/crypto/evp/p5_crpt2.c
@@ -0,0 +1,251 @@
+/* p5_crpt2.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)
+#include <stdio.h>
+#include <stdlib.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+
+/* set this to print out info about the keygen algorithm */
+/* #define DEBUG_PKCS5V2 */
+
+#ifdef DEBUG_PKCS5V2
+	static void h__dump (const unsigned char *p, int len);
+#endif
+
+/* This is an implementation of PKCS#5 v2.0 password based encryption key
+ * derivation function PBKDF2 using the only currently defined function HMAC
+ * with SHA1. Verified against test vectors posted by Peter Gutmann
+ * <pgut001@cs.auckland.ac.nz> to the PKCS-TNG <pkcs-tng@rsa.com> mailing list.
+ */
+
+int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+			   unsigned char *salt, int saltlen, int iter,
+			   int keylen, unsigned char *out)
+{
+	unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4];
+	int cplen, j, k, tkeylen;
+	unsigned long i = 1;
+	HMAC_CTX hctx;
+
+	HMAC_CTX_init(&hctx);
+	p = out;
+	tkeylen = keylen;
+	if(!pass) passlen = 0;
+	else if(passlen == -1) passlen = strlen(pass);
+	while(tkeylen) {
+		if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH;
+		else cplen = tkeylen;
+		/* We are unlikely to ever use more than 256 blocks (5120 bits!)
+		 * but just in case...
+		 */
+		itmp[0] = (unsigned char)((i >> 24) & 0xff);
+		itmp[1] = (unsigned char)((i >> 16) & 0xff);
+		itmp[2] = (unsigned char)((i >> 8) & 0xff);
+		itmp[3] = (unsigned char)(i & 0xff);
+		HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL);
+		HMAC_Update(&hctx, salt, saltlen);
+		HMAC_Update(&hctx, itmp, 4);
+		HMAC_Final(&hctx, digtmp, NULL);
+		memcpy(p, digtmp, cplen);
+		for(j = 1; j < iter; j++) {
+			HMAC(EVP_sha1(), pass, passlen,
+				 digtmp, SHA_DIGEST_LENGTH, digtmp, NULL);
+			for(k = 0; k < cplen; k++) p[k] ^= digtmp[k];
+		}
+		tkeylen-= cplen;
+		i++;
+		p+= cplen;
+	}
+	HMAC_CTX_cleanup(&hctx);
+#ifdef DEBUG_PKCS5V2
+	fprintf(stderr, "Password:\n");
+	h__dump (pass, passlen);
+	fprintf(stderr, "Salt:\n");
+	h__dump (salt, saltlen);
+	fprintf(stderr, "Iteration count %d\n", iter);
+	fprintf(stderr, "Key:\n");
+	h__dump (out, keylen);
+#endif
+	return 1;
+}
+
+#ifdef DO_TEST
+main()
+{
+	unsigned char out[4];
+	unsigned char salt[] = {0x12, 0x34, 0x56, 0x78};
+	PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out);
+	fprintf(stderr, "Out %02X %02X %02X %02X\n",
+					 out[0], out[1], out[2], out[3]);
+}
+
+#endif
+
+/* Now the key derivation function itself. This is a bit evil because
+ * it has to check the ASN1 parameters are valid: and there are quite a
+ * few of them...
+ */
+
+int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                         ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md,
+                         int en_de)
+{
+	unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH];
+	int saltlen, keylen, iter, plen;
+	PBE2PARAM *pbe2 = NULL;
+	const EVP_CIPHER *cipher;
+	PBKDF2PARAM *kdf = NULL;
+
+	pbuf = param->value.sequence->data;
+	plen = param->value.sequence->length;
+	if(!param || (param->type != V_ASN1_SEQUENCE) ||
+				   !(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+		return 0;
+	}
+
+	/* See if we recognise the key derivation function */
+
+	if(OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+				EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
+		goto err;
+	}
+
+	/* lets see if we recognise the encryption algorithm.
+	 */
+
+	cipher = EVP_get_cipherbyname(
+			OBJ_nid2sn(OBJ_obj2nid(pbe2->encryption->algorithm)));
+
+	if(!cipher) {
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+						EVP_R_UNSUPPORTED_CIPHER);
+		goto err;
+	}
+
+	/* Fixup cipher based on AlgorithmIdentifier */
+	EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de);
+	if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+					EVP_R_CIPHER_PARAMETER_ERROR);
+		goto err;
+	}
+	keylen = EVP_CIPHER_CTX_key_length(ctx);
+	OPENSSL_assert(keylen <= sizeof key);
+
+	/* Now decode key derivation function */
+
+	pbuf = pbe2->keyfunc->parameter->value.sequence->data;
+	plen = pbe2->keyfunc->parameter->value.sequence->length;
+	if(!pbe2->keyfunc->parameter ||
+		 (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE) ||
+				!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+		goto err;
+	}
+
+	PBE2PARAM_free(pbe2);
+	pbe2 = NULL;
+
+	/* Now check the parameters of the kdf */
+
+	if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != keylen)){
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+						EVP_R_UNSUPPORTED_KEYLENGTH);
+		goto err;
+	}
+
+	if(kdf->prf && (OBJ_obj2nid(kdf->prf->algorithm) != NID_hmacWithSHA1)) {
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
+		goto err;
+	}
+
+	if(kdf->salt->type != V_ASN1_OCTET_STRING) {
+		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+						EVP_R_UNSUPPORTED_SALT_TYPE);
+		goto err;
+	}
+
+	/* it seems that its all OK */
+	salt = kdf->salt->value.octet_string->data;
+	saltlen = kdf->salt->value.octet_string->length;
+	iter = ASN1_INTEGER_get(kdf->iter);
+	PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
+	EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
+	OPENSSL_cleanse(key, keylen);
+	PBKDF2PARAM_free(kdf);
+	return 1;
+
+	err:
+	PBE2PARAM_free(pbe2);
+	PBKDF2PARAM_free(kdf);
+	return 0;
+}
+
+#ifdef DEBUG_PKCS5V2
+static void h__dump (const unsigned char *p, int len)
+{
+        for (; len --; p++) fprintf(stderr, "%02X ", *p);
+        fprintf(stderr, "\n");
+}
+#endif
+#endif
diff --git a/crypto/evp/p_dec.c b/crypto/evp/p_dec.c
index e845ce70c7..8af620400e 100644
--- a/crypto/evp/p_dec.c
+++ b/crypto/evp/p_dec.c
@@ -58,27 +58,30 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "rand.h"
-#include "rsa.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-int EVP_PKEY_decrypt(key,ek,ekl,priv)
-unsigned char *key;
-unsigned char *ek;
-int ekl;
-EVP_PKEY *priv;
+int EVP_PKEY_decrypt(unsigned char *key, unsigned char *ek, int ekl,
+	     EVP_PKEY *priv)
 	{
 	int ret= -1;
 	
+#ifndef OPENSSL_NO_RSA
 	if (priv->type != EVP_PKEY_RSA)
 		{
+#endif
 		EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
+#ifndef OPENSSL_NO_RSA
 		goto err;
                 }
 
 	ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING);
 err:
+#endif
 	return(ret);
 	}
diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c
index a26bfad02a..656883b996 100644
--- a/crypto/evp/p_enc.c
+++ b/crypto/evp/p_enc.c
@@ -58,26 +58,29 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "rand.h"
-#include "rsa.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-int EVP_PKEY_encrypt(ek,key,key_len,pubk)
-unsigned char *ek;
-unsigned char *key;
-int key_len;
-EVP_PKEY *pubk;
+int EVP_PKEY_encrypt(unsigned char *ek, unsigned char *key, int key_len,
+	     EVP_PKEY *pubk)
 	{
 	int ret=0;
 	
+#ifndef OPENSSL_NO_RSA
 	if (pubk->type != EVP_PKEY_RSA)
 		{
+#endif
 		EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
+#ifndef OPENSSL_NO_RSA
 		goto err;
 		}
 	ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING);
 err:
+#endif
 	return(ret);
 	}
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index 581df867da..c7a3dee108 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -58,71 +58,99 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "objects.h"
-#include "evp.h"
-#include "asn1_mac.h"
-#include "x509.h"
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-/* EVPerr(EVP_F_D2I_PKEY,EVP_R_UNSUPPORTED_CIPHER); */
-/* EVPerr(EVP_F_D2I_PKEY,EVP_R_IV_TOO_LARGE); */
-
-#ifndef NOPROTO
 static void EVP_PKEY_free_it(EVP_PKEY *x);
-#else
-static void EVP_PKEY_free_it();
-#endif
 
-int EVP_PKEY_bits(pkey)
-EVP_PKEY *pkey;
+int EVP_PKEY_bits(EVP_PKEY *pkey)
 	{
-#ifndef NO_RSA
-	if (pkey->type == EVP_PKEY_RSA)
+	if (0)
+		return 0;
+#ifndef OPENSSL_NO_RSA
+	else if (pkey->type == EVP_PKEY_RSA)
 		return(BN_num_bits(pkey->pkey.rsa->n));
-	else
 #endif
-#ifndef NO_DSA
-		if (pkey->type == EVP_PKEY_DSA)
+#ifndef OPENSSL_NO_DSA
+	else if (pkey->type == EVP_PKEY_DSA)
 		return(BN_num_bits(pkey->pkey.dsa->p));
 #endif
+#ifndef OPENSSL_NO_EC
+	else if (pkey->type == EVP_PKEY_EC)
+		{
+		BIGNUM *order = BN_new();
+		int ret;
+
+		if (!order)
+			{
+			ERR_clear_error();
+			return 0;
+			}
+		if (!EC_GROUP_get_order(pkey->pkey.eckey->group, order, NULL))
+			{
+			ERR_clear_error();
+			return 0;
+			}
+
+		ret = BN_num_bits(order);
+		BN_free(order);
+		return ret;
+		}
+#endif
 	return(0);
 	}
 
-int EVP_PKEY_size(pkey)
-EVP_PKEY *pkey;
+int EVP_PKEY_size(EVP_PKEY *pkey)
 	{
 	if (pkey == NULL)
 		return(0);
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (pkey->type == EVP_PKEY_RSA)
 		return(RSA_size(pkey->pkey.rsa));
 	else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 		return(DSA_size(pkey->pkey.dsa));
 #endif
+#ifndef OPENSSL_NO_ECDSA
+		if (pkey->type == EVP_PKEY_EC)
+		return(ECDSA_size(pkey->pkey.eckey));
+#endif
+
 	return(0);
 	}
 
-int EVP_PKEY_save_parameters(pkey,mode)
-EVP_PKEY *pkey;
-int mode;
+int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
 	{
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	if (pkey->type == EVP_PKEY_DSA)
 		{
-		int ret=pkey->save_parameters=mode;
+		int ret=pkey->save_parameters;
 
 		if (mode >= 0)
 			pkey->save_parameters=mode;
 		return(ret);
 		}
 #endif
+#ifndef OPENSSL_NO_EC
+	if (pkey->type == EVP_PKEY_EC)
+		{
+		int ret = pkey->save_parameters;
+
+		if (mode >= 0)
+			pkey->save_parameters = mode;
+		return(ret);
+		}
+#endif
 	return(0);
 	}
 
-int EVP_PKEY_copy_parameters(to,from)
-EVP_PKEY *to,*from;
+int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from)
 	{
 	if (to->type != from->type)
 		{
@@ -132,10 +160,10 @@ EVP_PKEY *to,*from;
 
 	if (EVP_PKEY_missing_parameters(from))
 		{
-		EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARMATERS);
+		EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARAMETERS);
 		goto err;
 		}
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	if (to->type == EVP_PKEY_DSA)
 		{
 		BIGNUM *a;
@@ -153,15 +181,26 @@ EVP_PKEY *to,*from;
 		to->pkey.dsa->g=a;
 		}
 #endif
+#ifndef OPENSSL_NO_EC
+	if (to->type == EVP_PKEY_EC)
+		{
+		if (to->pkey.eckey->group != NULL)
+			EC_GROUP_free(to->pkey.eckey->group);
+		if ((to->pkey.eckey->group = EC_GROUP_new(
+			EC_GROUP_method_of(from->pkey.eckey->group))) == NULL) 
+			goto err;
+		if (!EC_GROUP_copy(to->pkey.eckey->group,
+			from->pkey.eckey->group)) goto err;
+		}
+#endif
 	return(1);
 err:
 	return(0);
 	}
 
-int EVP_PKEY_missing_parameters(pkey)
-EVP_PKEY *pkey;
+int EVP_PKEY_missing_parameters(EVP_PKEY *pkey)
 	{
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	if (pkey->type == EVP_PKEY_DSA)
 		{
 		DSA *dsa;
@@ -171,13 +210,20 @@ EVP_PKEY *pkey;
 			return(1);
 		}
 #endif
+#ifndef OPENSSL_NO_EC
+	if (pkey->type == EVP_PKEY_EC)
+		{
+		if (pkey->pkey.eckey->group == NULL)
+			return(1);
+		}
+#endif
+
 	return(0);
 	}
 
-int EVP_PKEY_cmp_parameters(a,b)
-EVP_PKEY *a,*b;
+int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b)
 	{
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA))
 		{
 		if (	BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) ||
@@ -191,11 +237,11 @@ EVP_PKEY *a,*b;
 	return(-1);
 	}
 
-EVP_PKEY *EVP_PKEY_new()
+EVP_PKEY *EVP_PKEY_new(void)
 	{
 	EVP_PKEY *ret;
 
-	ret=(EVP_PKEY *)Malloc(sizeof(EVP_PKEY));
+	ret=(EVP_PKEY *)OPENSSL_malloc(sizeof(EVP_PKEY));
 	if (ret == NULL)
 		{
 		EVPerr(EVP_F_EVP_PKEY_NEW,ERR_R_MALLOC_FAILURE);
@@ -209,10 +255,7 @@ EVP_PKEY *EVP_PKEY_new()
 	return(ret);
 	}
 
-int EVP_PKEY_assign(pkey,type,key)
-EVP_PKEY *pkey;
-int type;
-char *key;
+int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key)
 	{
 	if (pkey == NULL) return(0);
 	if (pkey->pkey.ptr != NULL)
@@ -220,11 +263,93 @@ char *key;
 	pkey->type=EVP_PKEY_type(type);
 	pkey->save_type=type;
 	pkey->pkey.ptr=key;
-	return(1);
+	return(key != NULL);
+	}
+
+#ifndef OPENSSL_NO_RSA
+int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
+{
+	int ret = EVP_PKEY_assign_RSA(pkey, key);
+	if(ret)
+		RSA_up_ref(key);
+	return ret;
+}
+
+RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
+	{
+	if(pkey->type != EVP_PKEY_RSA) {
+		EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
+		return NULL;
+	}
+	RSA_up_ref(pkey->pkey.rsa);
+	return pkey->pkey.rsa;
+}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)
+{
+	int ret = EVP_PKEY_assign_DSA(pkey, key);
+	if(ret)
+		DSA_up_ref(key);
+	return ret;
+}
+
+DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
+	{
+	if(pkey->type != EVP_PKEY_DSA) {
+		EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY);
+		return NULL;
+	}
+	DSA_up_ref(pkey->pkey.dsa);
+	return pkey->pkey.dsa;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+
+int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
+{
+	int ret = EVP_PKEY_assign_EC_KEY(pkey,key);
+	if (ret) CRYPTO_add(&key->references, 1, CRYPTO_LOCK_EC);
+		return ret;
+}
+
+EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
+{
+	if (pkey->type != EVP_PKEY_EC)
+	{
+		EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
+		return NULL;
 	}
+	CRYPTO_add(&pkey->pkey.eckey->references, 1, CRYPTO_LOCK_EC);
+	return pkey->pkey.eckey;
+}
+#endif
+
+
+#ifndef OPENSSL_NO_DH
+
+int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
+{
+	int ret = EVP_PKEY_assign_DH(pkey, key);
+	if(ret)
+		DH_up_ref(key);
+	return ret;
+}
 
-int EVP_PKEY_type(type)
-int type;
+DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
+	{
+	if(pkey->type != EVP_PKEY_DH) {
+		EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY);
+		return NULL;
+	}
+	DH_up_ref(pkey->pkey.dh);
+	return pkey->pkey.dh;
+}
+#endif
+
+int EVP_PKEY_type(int type)
 	{
 	switch (type)
 		{
@@ -239,13 +364,14 @@ int type;
 		return(EVP_PKEY_DSA);
 	case EVP_PKEY_DH:
 		return(EVP_PKEY_DH);
+	case EVP_PKEY_EC:
+		return(EVP_PKEY_EC);
 	default:
 		return(NID_undef);
 		}
 	}
 
-void EVP_PKEY_free(x)
-EVP_PKEY *x;
+void EVP_PKEY_free(EVP_PKEY *x)
 	{
 	int i;
 
@@ -264,21 +390,20 @@ EVP_PKEY *x;
 		}
 #endif
 	EVP_PKEY_free_it(x);
-	Free((char *)x);
+	OPENSSL_free(x);
 	}
 
-static void EVP_PKEY_free_it(x)
-EVP_PKEY *x;
+static void EVP_PKEY_free_it(EVP_PKEY *x)
 	{
 	switch (x->type)
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	case EVP_PKEY_RSA:
 	case EVP_PKEY_RSA2:
 		RSA_free(x->pkey.rsa);
 		break;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	case EVP_PKEY_DSA:
 	case EVP_PKEY_DSA2:
 	case EVP_PKEY_DSA3:
@@ -286,7 +411,12 @@ EVP_PKEY *x;
 		DSA_free(x->pkey.dsa);
 		break;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_EC
+	case EVP_PKEY_EC:
+		EC_KEY_free(x->pkey.eckey);
+		break;
+#endif
+#ifndef OPENSSL_NO_DH
 	case EVP_PKEY_DH:
 		DH_free(x->pkey.dh);
 		break;
diff --git a/crypto/evp/p_open.c b/crypto/evp/p_open.c
index 28a8e02252..5a933d1cda 100644
--- a/crypto/evp/p_open.c
+++ b/crypto/evp/p_open.c
@@ -56,64 +56,68 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-int EVP_OpenInit(ctx,type,ek,ekl,iv,priv)
-EVP_CIPHER_CTX *ctx;
-EVP_CIPHER *type;
-unsigned char *ek;
-int ekl;
-unsigned char *iv;
-EVP_PKEY *priv;
+int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek,
+	     int ekl, unsigned char *iv, EVP_PKEY *priv)
 	{
 	unsigned char *key=NULL;
 	int i,size=0,ret=0;
-	
+
+	if(type) {	
+		EVP_CIPHER_CTX_init(ctx);
+		if(!EVP_DecryptInit_ex(ctx,type,NULL, NULL,NULL)) return 0;
+	}
+
+	if(!priv) return 1;
+
 	if (priv->type != EVP_PKEY_RSA)
 		{
 		EVPerr(EVP_F_EVP_OPENINIT,EVP_R_PUBLIC_KEY_NOT_RSA);
-		ret= -1;
 		goto err;
                 }
 
 	size=RSA_size(priv->pkey.rsa);
-	key=(unsigned char *)Malloc(size+2);
+	key=(unsigned char *)OPENSSL_malloc(size+2);
 	if (key == NULL)
 		{
 		/* ERROR */
 		EVPerr(EVP_F_EVP_OPENINIT,ERR_R_MALLOC_FAILURE);
-		ret= -1;
 		goto err;
 		}
 
 	i=EVP_PKEY_decrypt(key,ek,ekl,priv);
-	if (i != type->key_len)
+	if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i))
 		{
 		/* ERROR */
 		goto err;
 		}
+	if(!EVP_DecryptInit_ex(ctx,NULL,NULL,key,iv)) goto err;
 
-	EVP_CIPHER_CTX_init(ctx);
-	EVP_DecryptInit(ctx,type,key,iv);
 	ret=1;
 err:
-	if (key != NULL) memset(key,0,size);
-	Free(key);
+	if (key != NULL) OPENSSL_cleanse(key,size);
+	OPENSSL_free(key);
 	return(ret);
 	}
 
-int EVP_OpenFinal(ctx,out,outl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-int *outl;
+int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
 	int i;
 
-	i=EVP_DecryptFinal(ctx,out,outl);
-	EVP_DecryptInit(ctx,NULL,NULL,NULL);
+	i=EVP_DecryptFinal_ex(ctx,out,outl);
+	EVP_DecryptInit_ex(ctx,NULL,NULL,NULL,NULL);
 	return(i);
 	}
+#else /* !OPENSSL_NO_RSA */
+
+# ifdef PEDANTIC
+static void *dummy=&dummy;
+# endif
+
+#endif
diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c
index 09a408de35..37e547fe72 100644
--- a/crypto/evp/p_seal.c
+++ b/crypto/evp/p_seal.c
@@ -58,35 +58,36 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "rand.h"
-#include "rsa.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-int EVP_SealInit(ctx,type,ek,ekl,iv,pubk,npubk)
-EVP_CIPHER_CTX *ctx;
-EVP_CIPHER *type;
-unsigned char **ek;
-int *ekl;
-unsigned char *iv;
-EVP_PKEY **pubk;
-int npubk;
+int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
+	     int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk)
 	{
 	unsigned char key[EVP_MAX_KEY_LENGTH];
 	int i;
 	
-	if (npubk <= 0) return(0);
-	RAND_bytes(key,EVP_MAX_KEY_LENGTH);
-	if (type->iv_len > 0)
-		RAND_bytes(iv,type->iv_len);
+	if(type) {
+		EVP_CIPHER_CTX_init(ctx);
+		if(!EVP_EncryptInit_ex(ctx,type,NULL,NULL,NULL)) return 0;
+	}
+	if ((npubk <= 0) || !pubk)
+		return 1;
+	if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0)
+		return 0;
+	if (EVP_CIPHER_CTX_iv_length(ctx))
+		RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx));
 
-	EVP_CIPHER_CTX_init(ctx);
-	EVP_EncryptInit(ctx,type,key,iv);
+	if(!EVP_EncryptInit_ex(ctx,NULL,NULL,key,iv)) return 0;
 
 	for (i=0; i<npubk; i++)
 		{
-		ekl[i]=EVP_PKEY_encrypt(ek[i],key,EVP_CIPHER_key_length(type),
+		ekl[i]=EVP_PKEY_encrypt(ek[i],key,EVP_CIPHER_CTX_key_length(ctx),
 			pubk[i]);
 		if (ekl[i] <= 0) return(-1);
 		}
@@ -105,11 +106,10 @@ int inl;
 	}
 */
 
-void EVP_SealFinal(ctx,out,outl)
-EVP_CIPHER_CTX *ctx;
-unsigned char *out;
-int *outl;
+int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 	{
-	EVP_EncryptFinal(ctx,out,outl);
-	EVP_EncryptInit(ctx,NULL,NULL,NULL);
+	int i;
+	i = EVP_EncryptFinal_ex(ctx,out,outl);
+	EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL);
+	return i;
 	}
diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c
index 073270ce31..e4ae5906f5 100644
--- a/crypto/evp/p_sign.c
+++ b/crypto/evp/p_sign.c
@@ -58,32 +58,25 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
 #ifdef undef
-void EVP_SignInit(ctx,type)
-EVP_MD_CTX *ctx;
-EVP_MD *type;
+void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
 	{
-	EVP_DigestInit(ctx,type);
+	EVP_DigestInit_ex(ctx,type);
 	}
 
-void EVP_SignUpdate(ctx,data,count)
-EVP_MD_CTX *ctx;
-unsigned char *data;
-unsigned int count;
+void EVP_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
+	     unsigned int count)
 	{
 	EVP_DigestUpdate(ctx,data,count);
 	}
 #endif
 
-int EVP_SignFinal(ctx,sigret,siglen,pkey)
-EVP_MD_CTX *ctx;
-unsigned char *sigret;
-unsigned int *siglen;
-EVP_PKEY *pkey;
+int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
+	     EVP_PKEY *pkey)
 	{
 	unsigned char m[EVP_MAX_MD_SIZE];
 	unsigned int m_len;
@@ -91,8 +84,10 @@ EVP_PKEY *pkey;
 	MS_STATIC EVP_MD_CTX tmp_ctx;
 
 	*siglen=0;
-	memcpy(&tmp_ctx,ctx,sizeof(EVP_MD_CTX));
-	EVP_DigestFinal(&tmp_ctx,&(m[0]),&m_len);
+	EVP_MD_CTX_init(&tmp_ctx);
+	EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);   
+	EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
+	EVP_MD_CTX_cleanup(&tmp_ctx);
 	for (i=0; i<4; i++)
 		{
 		v=ctx->digest->required_pkey_type[i];
diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c
index 8d727d8f02..d854d743a5 100644
--- a/crypto/evp/p_verify.c
+++ b/crypto/evp/p_verify.c
@@ -58,15 +58,12 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-int EVP_VerifyFinal(ctx,sigbuf,siglen,pkey)
-EVP_MD_CTX *ctx;
-unsigned char *sigbuf;
-unsigned int siglen;
-EVP_PKEY *pkey;
+int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf,
+	     unsigned int siglen, EVP_PKEY *pkey)
 	{
 	unsigned char m[EVP_MAX_MD_SIZE];
 	unsigned int m_len;
@@ -88,8 +85,10 @@ EVP_PKEY *pkey;
 		EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
 		return(-1);
 		}
-	memcpy(&tmp_ctx,ctx,sizeof(EVP_MD_CTX));
-	EVP_DigestFinal(&tmp_ctx,&(m[0]),&m_len);
+	EVP_MD_CTX_init(&tmp_ctx);
+	EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);     
+	EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
+	EVP_MD_CTX_cleanup(&tmp_ctx);
         if (ctx->digest->verify == NULL)
                 {
 		EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
diff --git a/crypto/ex_data.c b/crypto/ex_data.c
index 42b8b9d1ba..5b2e345c27 100644
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@@ -1,4 +1,33 @@
 /* crypto/ex_data.c */
+
+/*
+ * Overhaul notes;
+ *
+ * This code is now *mostly* thread-safe. It is now easier to understand in what
+ * ways it is safe and in what ways it is not, which is an improvement. Firstly,
+ * all per-class stacks and index-counters for ex_data are stored in the same
+ * global LHASH table (keyed by class). This hash table uses locking for all
+ * access with the exception of CRYPTO_cleanup_all_ex_data(), which must only be
+ * called when no other threads can possibly race against it (even if it was
+ * locked, the race would mean it's possible the hash table might have been
+ * recreated after the cleanup). As classes can only be added to the hash table,
+ * and within each class, the stack of methods can only be incremented, the
+ * locking mechanics are simpler than they would otherwise be. For example, the
+ * new/dup/free ex_data functions will lock the hash table, copy the method
+ * pointers it needs from the relevant class, then unlock the hash table before
+ * actually applying those method pointers to the task of the new/dup/free
+ * operations. As they can't be removed from the method-stack, only
+ * supplemented, there's no race conditions associated with using them outside
+ * the lock. The get/set_ex_data functions are not locked because they do not
+ * involve this global state at all - they operate directly with a previously
+ * obtained per-class method index and a particular "ex_data" variable. These
+ * variables are usually instantiated per-context (eg. each RSA structure has
+ * one) so locking on read/write access to that variable can be locked locally
+ * if required (eg. using the "RSA" lock to synchronise access to a
+ * per-RSA-structure ex_data variable if required).
+ * [Geoff]
+ */
+
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -55,187 +84,553 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "buffer.h"
-#include "bio.h"
-#include "lhash.h"
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/lhash.h>
 #include "cryptlib.h"
 
-int CRYPTO_get_ex_new_index(idx,skp,argl,argp,new_func,dup_func,free_func)
-int idx;
-STACK **skp;
-long argl;
-char *argp;
-int (*new_func)();
-int (*dup_func)();
-void (*free_func)();
+/* What an "implementation of ex_data functionality" looks like */
+struct st_CRYPTO_EX_DATA_IMPL
+	{
+	/*********************/
+	/* GLOBAL OPERATIONS */
+	/* Return a new class index */
+	int (*cb_new_class)(void);
+	/* Cleanup all state used by the implementation */
+	void (*cb_cleanup)(void);
+	/************************/
+	/* PER-CLASS OPERATIONS */
+	/* Get a new method index within a class */
+	int (*cb_get_new_index)(int class_index, long argl, void *argp,
+			CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+			CRYPTO_EX_free *free_func);
+	/* Initialise a new CRYPTO_EX_DATA of a given class */
+	int (*cb_new_ex_data)(int class_index, void *obj,
+			CRYPTO_EX_DATA *ad);
+	/* Duplicate a CRYPTO_EX_DATA of a given class onto a copy */
+	int (*cb_dup_ex_data)(int class_index, CRYPTO_EX_DATA *to,
+			CRYPTO_EX_DATA *from);
+	/* Cleanup a CRYPTO_EX_DATA of a given class */
+	void (*cb_free_ex_data)(int class_index, void *obj,
+			CRYPTO_EX_DATA *ad);
+	};
+
+/* The implementation we use at run-time */
+static const CRYPTO_EX_DATA_IMPL *impl = NULL;
+
+/* To call "impl" functions, use this macro rather than referring to 'impl' directly, eg.
+ * EX_IMPL(get_new_index)(...); */
+#define EX_IMPL(a) impl->cb_##a
+
+/* Predeclare the "default" ex_data implementation */
+static int int_new_class(void);
+static void int_cleanup(void);
+static int int_get_new_index(int class_index, long argl, void *argp,
+		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+		CRYPTO_EX_free *free_func);
+static int int_new_ex_data(int class_index, void *obj,
+		CRYPTO_EX_DATA *ad);
+static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+		CRYPTO_EX_DATA *from);
+static void int_free_ex_data(int class_index, void *obj,
+		CRYPTO_EX_DATA *ad);
+static CRYPTO_EX_DATA_IMPL impl_default =
+	{
+	int_new_class,
+	int_cleanup,
+	int_get_new_index,
+	int_new_ex_data,
+	int_dup_ex_data,
+	int_free_ex_data
+	};
+
+/* Internal function that checks whether "impl" is set and if not, sets it to
+ * the default. */
+static void impl_check(void)
+	{
+	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+	if(!impl)
+		impl = &impl_default;
+	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+	}
+/* A macro wrapper for impl_check that first uses a non-locked test before
+ * invoking the function (which checks again inside a lock). */
+#define IMPL_CHECK if(!impl) impl_check();
+
+/* API functions to get/set the "ex_data" implementation */
+const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void)
+	{
+	IMPL_CHECK
+	return impl;
+	}
+int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i)
+	{
+	int toret = 0;
+	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+	if(!impl)
+		{
+		impl = i;
+		toret = 1;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+	return toret;
+	}
+
+/****************************************************************************/
+/* Interal (default) implementation of "ex_data" support. API functions are
+ * further down. */
+
+/* The type that represents what each "class" used to implement locally. A STACK
+ * of CRYPTO_EX_DATA_FUNCS plus a index-counter. The 'class_index' is the global
+ * value representing the class that is used to distinguish these items. */
+typedef struct st_ex_class_item {
+	int class_index;
+	STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth;
+	int meth_num;
+} EX_CLASS_ITEM;
+
+/* When assigning new class indexes, this is our counter */
+static int ex_class = CRYPTO_EX_INDEX_USER;
+
+/* The global hash table of EX_CLASS_ITEM items */
+static LHASH *ex_data = NULL;
+
+/* The callbacks required in the "ex_data" hash table */
+static unsigned long ex_hash_cb(const void *a_void)
+	{
+	return ((const EX_CLASS_ITEM *)a_void)->class_index;
+	}
+static int ex_cmp_cb(const void *a_void, const void *b_void)
+	{
+	return (((const EX_CLASS_ITEM *)a_void)->class_index -
+		((const EX_CLASS_ITEM *)b_void)->class_index);
+	}
+
+/* Internal functions used by the "impl_default" implementation to access the
+ * state */
+
+static int ex_data_check(void)
+	{
+	int toret = 1;
+	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+	if(!ex_data && ((ex_data = lh_new(ex_hash_cb, ex_cmp_cb)) == NULL))
+		toret = 0;
+	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+	return toret;
+	}
+/* This macros helps reduce the locking from repeated checks because the
+ * ex_data_check() function checks ex_data again inside a lock. */
+#define EX_DATA_CHECK(iffail) if(!ex_data && !ex_data_check()) {iffail}
+
+/* This "inner" callback is used by the callback function that follows it */
+static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs)
+	{
+	OPENSSL_free(funcs);
+	}
+
+/* This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from
+ * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't do
+ * any locking. */
+static void def_cleanup_cb(const void *a_void)
 	{
-	int ret= -1;
-	CRYPTO_EX_DATA_FUNCS *a;
+	EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void;
+	sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb);
+	OPENSSL_free(item);
+	}
 
-	MemCheck_off();
-	if (*skp == NULL)
-		*skp=sk_new_null();
-	if (*skp == NULL)
+/* Return the EX_CLASS_ITEM from the "ex_data" hash table that corresponds to a
+ * given class. Handles locking. */
+static EX_CLASS_ITEM *def_get_class(int class_index)
+	{
+	EX_CLASS_ITEM d, *p, *gen;
+	EX_DATA_CHECK(return NULL;)
+	d.class_index = class_index;
+	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+	p = lh_retrieve(ex_data, &d);
+	if(!p)
 		{
-		CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE);
-		goto err;
+		gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM));
+		if(gen)
+			{
+			gen->class_index = class_index;
+			gen->meth_num = 0;
+			gen->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null();
+			if(!gen->meth)
+				OPENSSL_free(gen);
+			else
+				{
+				/* Because we're inside the ex_data lock, the
+				 * return value from the insert will be NULL */
+				lh_insert(ex_data, gen);
+				p = gen;
+				}
+			}
 		}
-	a=(CRYPTO_EX_DATA_FUNCS *)Malloc(sizeof(CRYPTO_EX_DATA_FUNCS));
-	if (a == NULL)
+	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+	if(!p)
+		CRYPTOerr(CRYPTO_F_DEF_GET_CLASS,ERR_R_MALLOC_FAILURE);
+	return p;
+	}
+
+/* Add a new method to the given EX_CLASS_ITEM and return the corresponding
+ * index (or -1 for error). Handles locking. */
+static int def_add_index(EX_CLASS_ITEM *item, long argl, void *argp,
+		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+		CRYPTO_EX_free *free_func)
+	{
+	int toret = -1;
+	CRYPTO_EX_DATA_FUNCS *a = (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc(
+					sizeof(CRYPTO_EX_DATA_FUNCS));
+	if(!a)
 		{
-		CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE);
-		goto err;
+		CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE);
+		return -1;
 		}
 	a->argl=argl;
 	a->argp=argp;
 	a->new_func=new_func;
 	a->dup_func=dup_func;
 	a->free_func=free_func;
-	while (sk_num(*skp) <= idx)
+	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+	while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num)
 		{
-		if (!sk_push(*skp,NULL))
+		if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL))
 			{
-			CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE);
-			Free(a);
+			CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE);
+			OPENSSL_free(a);
 			goto err;
 			}
 		}
-	sk_value(*skp,idx)=(char *)a;
-	ret=idx;
+	toret = item->meth_num++;
+	sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a);
 err:
-	MemCheck_on();
-	return(idx);
+	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+	return toret;
 	}
 
-int CRYPTO_set_ex_data(ad,idx,val)
-CRYPTO_EX_DATA *ad;
-int idx;
-char *val;
-	{
-	int i;
+/**************************************************************/
+/* The functions in the default CRYPTO_EX_DATA_IMPL structure */
 
-	if (ad->sk == NULL)
-		{
-		if ((ad->sk=sk_new_null()) == NULL)
-			{
-			CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		}
-	i=sk_num(ad->sk);
+static int int_new_class(void)
+	{
+	int toret;
+	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+	toret = ex_class++;
+	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+	return toret;
+	}
 
-	while (i <= idx)
-		{
-		if (!sk_push(ad->sk,NULL))
-			{
-			CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		i++;
-		}
-	sk_value(ad->sk,idx)=val;
-	return(1);
+static void int_cleanup(void)
+	{
+	EX_DATA_CHECK(return;)
+	lh_doall(ex_data, def_cleanup_cb);
+	lh_free(ex_data);
+	ex_data = NULL;
+	impl = NULL;
 	}
 
-char *CRYPTO_get_ex_data(ad,idx)
-CRYPTO_EX_DATA *ad;
-int idx;
+static int int_get_new_index(int class_index, long argl, void *argp,
+		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+		CRYPTO_EX_free *free_func)
 	{
-	if (ad->sk == NULL)
-		return(0);
-	else if (idx >= sk_num(ad->sk))
-		return(0);
-	else
-		return(sk_value(ad->sk,idx));
+	EX_CLASS_ITEM *item = def_get_class(class_index);
+	if(!item)
+		return -1;
+	return def_add_index(item, argl, argp, new_func, dup_func, free_func);
 	}
 
-/* The callback is called with the 'object', which is the origional data object
- * being duplicated, a pointer to the
- * 'new' object to be inserted, the index, and the argi/argp
- */
-int CRYPTO_dup_ex_data(meth,to,from)
-STACK *meth;
-CRYPTO_EX_DATA *to,*from;
-	{
-	int i,j,m,r;
-	CRYPTO_EX_DATA_FUNCS *mm;
-	char *from_d;
-
-	if (meth == NULL) return(1);
-	if (from->sk == NULL) return(1);
-	m=sk_num(meth);
-	j=sk_num(from->sk);
-	for (i=0; i<j; i++)
-		{
-		from_d=CRYPTO_get_ex_data(from,i);
-		if (i < m)
+/* Thread-safe by copying a class's array of "CRYPTO_EX_DATA_FUNCS" entries in
+ * the lock, then using them outside the lock. NB: Thread-safety only applies to
+ * the global "ex_data" state (ie. class definitions), not thread-safe on 'ad'
+ * itself. */
+static int int_new_ex_data(int class_index, void *obj,
+		CRYPTO_EX_DATA *ad)
+	{
+	int mx,i;
+	void *ptr;
+	CRYPTO_EX_DATA_FUNCS **storage = NULL;
+	EX_CLASS_ITEM *item = def_get_class(class_index);
+	if(!item)
+		/* error is already set */
+		return 0;
+	ad->sk = NULL;
+	CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
+	mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
+	if(mx > 0)
+		{
+		storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
+		if(!storage)
+			goto skip;
+		for(i = 0; i < mx; i++)
+			storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);
+		}
+skip:
+	CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
+	if((mx > 0) && !storage)
+		{
+		CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA,ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
+	for(i = 0; i < mx; i++)
+		{
+		if(storage[i] && storage[i]->new_func)
 			{
-			mm=(CRYPTO_EX_DATA_FUNCS *)sk_value(meth,i);
-			if (mm->dup_func != NULL)
-				r=mm->dup_func(to,from,(char **)&from_d,i,
-					mm->argl,mm->argp);
+			ptr = CRYPTO_get_ex_data(ad, i);
+			storage[i]->new_func(obj,ptr,ad,i,
+				storage[i]->argl,storage[i]->argp);
 			}
-		CRYPTO_set_ex_data(to,i,from_d);
 		}
-	return(1);
+	if(storage)
+		OPENSSL_free(storage);
+	return 1;
 	}
 
-/* Call each free callback */
-void CRYPTO_free_ex_data(meth,obj,ad)
-STACK *meth;
-char *obj;
-CRYPTO_EX_DATA *ad;
+/* Same thread-safety notes as for "int_new_ex_data" */
+static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+		CRYPTO_EX_DATA *from)
 	{
-	CRYPTO_EX_DATA_FUNCS *m;
+	int mx, j, i;
 	char *ptr;
-	int i,max;
+	CRYPTO_EX_DATA_FUNCS **storage = NULL;
+	EX_CLASS_ITEM *item;
+	if(!from->sk)
+		/* 'to' should be "blank" which *is* just like 'from' */
+		return 1;
+	if((item = def_get_class(class_index)) == NULL)
+		return 0;
+	CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
+	mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
+	j = sk_num(from->sk);
+	if(j < mx)
+		mx = j;
+	if(mx > 0)
+		{
+		storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
+		if(!storage)
+			goto skip;
+		for(i = 0; i < mx; i++)
+			storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);
+		}
+skip:
+	CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
+	if((mx > 0) && !storage)
+		{
+		CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA,ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
+	for(i = 0; i < mx; i++)
+		{
+		ptr = CRYPTO_get_ex_data(from, i);
+		if(storage[i] && storage[i]->dup_func)
+			storage[i]->dup_func(to,from,&ptr,i,
+				storage[i]->argl,storage[i]->argp);
+		CRYPTO_set_ex_data(to,i,ptr);
+		}
+	if(storage)
+		OPENSSL_free(storage);
+	return 1;
+	}
 
-	if (meth != NULL)
+/* Same thread-safety notes as for "int_new_ex_data" */
+static void int_free_ex_data(int class_index, void *obj,
+		CRYPTO_EX_DATA *ad)
+	{
+	int mx,i;
+	EX_CLASS_ITEM *item;
+	void *ptr;
+	CRYPTO_EX_DATA_FUNCS **storage = NULL;
+	if((item = def_get_class(class_index)) == NULL)
+		return;
+	CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
+	mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
+	if(mx > 0)
+		{
+		storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
+		if(!storage)
+			goto skip;
+		for(i = 0; i < mx; i++)
+			storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);
+		}
+skip:
+	CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
+	if((mx > 0) && !storage)
+		{
+		CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA,ERR_R_MALLOC_FAILURE);
+		return;
+		}
+	for(i = 0; i < mx; i++)
 		{
-		max=sk_num(meth);
-		for (i=0; i<max; i++)
+		if(storage[i] && storage[i]->free_func)
 			{
-			m=(CRYPTO_EX_DATA_FUNCS *)sk_value(meth,i);
-			if ((m != NULL) && (m->free_func != NULL))
-				{
-				ptr=CRYPTO_get_ex_data(ad,i);
-				m->free_func(obj,ptr,ad,i,m->argl,m->argp);
-				}
+			ptr = CRYPTO_get_ex_data(ad,i);
+			storage[i]->free_func(obj,ptr,ad,i,
+				storage[i]->argl,storage[i]->argp);
 			}
 		}
-	if (ad->sk != NULL)
+	if(storage)
+		OPENSSL_free(storage);
+	if(ad->sk)
 		{
 		sk_free(ad->sk);
 		ad->sk=NULL;
 		}
 	}
 
-void CRYPTO_new_ex_data(meth,obj,ad)
-STACK *meth;
-char *obj;
-CRYPTO_EX_DATA *ad;
+/********************************************************************/
+/* API functions that defer all "state" operations to the "ex_data"
+ * implementation we have set. */
+
+/* Obtain an index for a new class (not the same as getting a new index within
+ * an existing class - this is actually getting a new *class*) */
+int CRYPTO_ex_data_new_class(void)
 	{
-	CRYPTO_EX_DATA_FUNCS *m;
-	char *ptr;
-	int i,max;
+	IMPL_CHECK
+	return EX_IMPL(new_class)();
+	}
+
+/* Release all "ex_data" state to prevent memory leaks. This can't be made
+ * thread-safe without overhauling a lot of stuff, and shouldn't really be
+ * called under potential race-conditions anyway (it's for program shutdown
+ * after all). */
+void CRYPTO_cleanup_all_ex_data(void)
+	{
+	IMPL_CHECK
+	EX_IMPL(cleanup)();
+	}
+
+/* Inside an existing class, get/register a new index. */
+int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
+		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+		CRYPTO_EX_free *free_func)
+	{
+	int ret = -1;
 
-	ad->sk=NULL;
-	if (meth != NULL)
+	IMPL_CHECK
+	ret = EX_IMPL(get_new_index)(class_index,
+			argl, argp, new_func, dup_func, free_func);
+	return ret;
+	}
+
+/* Initialise a new CRYPTO_EX_DATA for use in a particular class - including
+ * calling new() callbacks for each index in the class used by this variable */
+int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+	{
+	IMPL_CHECK
+	return EX_IMPL(new_ex_data)(class_index, obj, ad);
+	}
+
+/* Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks for
+ * each index in the class used by this variable */
+int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+	     CRYPTO_EX_DATA *from)
+	{
+	IMPL_CHECK
+	return EX_IMPL(dup_ex_data)(class_index, to, from);
+	}
+
+/* Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for
+ * each index in the class used by this variable */
+void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+	{
+	IMPL_CHECK
+	EX_IMPL(free_ex_data)(class_index, obj, ad);
+	}
+
+/* For a given CRYPTO_EX_DATA variable, set the value corresponding to a
+ * particular index in the class used by this variable */
+int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
+	{
+	int i;
+
+	if (ad->sk == NULL)
 		{
-		max=sk_num(meth);
-		for (i=0; i<max; i++)
+		if ((ad->sk=sk_new_null()) == NULL)
 			{
-			m=(CRYPTO_EX_DATA_FUNCS *)sk_value(meth,i);
-			if ((m != NULL) && (m->new_func != NULL))
-				{
-				ptr=CRYPTO_get_ex_data(ad,i);
-				m->new_func(obj,ptr,ad,i,m->argl,m->argp);
-				}
+			CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);
+			return(0);
 			}
 		}
+	i=sk_num(ad->sk);
+
+	while (i <= idx)
+		{
+		if (!sk_push(ad->sk,NULL))
+			{
+			CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);
+			return(0);
+			}
+		i++;
+		}
+	sk_set(ad->sk,idx,val);
+	return(1);
 	}
 
+/* For a given CRYPTO_EX_DATA_ variable, get the value corresponding to a
+ * particular index in the class used by this variable */
+void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx)
+	{
+	if (ad->sk == NULL)
+		return(0);
+	else if (idx >= sk_num(ad->sk))
+		return(0);
+	else
+		return(sk_value(ad->sk,idx));
+	}
 
+IMPLEMENT_STACK_OF(CRYPTO_EX_DATA_FUNCS)
diff --git a/crypto/hmac/.cvsignore b/crypto/hmac/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/hmac/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/hmac/Makefile.ssl b/crypto/hmac/Makefile.ssl
index 7a042b7261..d48df0597e 100644
--- a/crypto/hmac/Makefile.ssl
+++ b/crypto/hmac/Makefile.ssl
@@ -7,9 +7,12 @@ TOP=	../..
 CC=	cc
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -37,24 +40,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -66,15 +68,34 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+hmac.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+hmac.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+hmac.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+hmac.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+hmac.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+hmac.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
+hmac.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+hmac.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+hmac.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+hmac.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+hmac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+hmac.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h
+hmac.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+hmac.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+hmac.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+hmac.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+hmac.o: ../cryptlib.h hmac.c
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index fb09129963..4c91f919d5 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -58,13 +58,11 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "hmac.h"
+#include <openssl/hmac.h>
+#include "cryptlib.h"
 
-void HMAC_Init(ctx,key,len,md)
-HMAC_CTX *ctx;
-unsigned char *key;
-int len;
-EVP_MD *md;
+void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+		  const EVP_MD *md, ENGINE *impl)
 	{
 	int i,j,reset=0;
 	unsigned char pad[HMAC_MAX_MD_CBLOCK];
@@ -81,49 +79,54 @@ EVP_MD *md;
 		{
 		reset=1;
 		j=EVP_MD_block_size(md);
+		OPENSSL_assert(j <= sizeof ctx->key);
 		if (j < len)
 			{
-			EVP_DigestInit(&ctx->md_ctx,md);
+			EVP_DigestInit_ex(&ctx->md_ctx,md, impl);
 			EVP_DigestUpdate(&ctx->md_ctx,key,len);
-			EVP_DigestFinal(&(ctx->md_ctx),ctx->key,
+			EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key,
 				&ctx->key_length);
 			}
 		else
 			{
+			OPENSSL_assert(len <= sizeof ctx->key);
 			memcpy(ctx->key,key,len);
-			memset(&(ctx->key[len]),0,sizeof(ctx->key)-len);
 			ctx->key_length=len;
 			}
+		if(ctx->key_length != HMAC_MAX_MD_CBLOCK)
+			memset(&ctx->key[ctx->key_length], 0,
+				HMAC_MAX_MD_CBLOCK - ctx->key_length);
 		}
 
 	if (reset)	
 		{
 		for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
 			pad[i]=0x36^ctx->key[i];
-		EVP_DigestInit(&ctx->i_ctx,md);
+		EVP_DigestInit_ex(&ctx->i_ctx,md, impl);
 		EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md));
 
 		for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
 			pad[i]=0x5c^ctx->key[i];
-		EVP_DigestInit(&ctx->o_ctx,md);
+		EVP_DigestInit_ex(&ctx->o_ctx,md, impl);
 		EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md));
 		}
+	EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx);
+	}
 
-	memcpy(&ctx->md_ctx,&ctx->i_ctx,sizeof(ctx->i_ctx));
+void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
+	       const EVP_MD *md)
+	{
+	if(key && md)
+	    HMAC_CTX_init(ctx);
+	HMAC_Init_ex(ctx,key,len,md, NULL);
 	}
 
-void HMAC_Update(ctx,data,len)
-HMAC_CTX *ctx;
-unsigned char *data;
-int len;
+void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len)
 	{
-	EVP_DigestUpdate(&(ctx->md_ctx),data,len);
+	EVP_DigestUpdate(&ctx->md_ctx,data,len);
 	}
 
-void HMAC_Final(ctx,md,len)
-HMAC_CTX *ctx;
-unsigned char *md;
-unsigned int *len;
+void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
 	{
 	int j;
 	unsigned int i;
@@ -131,35 +134,40 @@ unsigned int *len;
 
 	j=EVP_MD_block_size(ctx->md);
 
-	EVP_DigestFinal(&(ctx->md_ctx),buf,&i);
-	memcpy(&(ctx->md_ctx),&(ctx->o_ctx),sizeof(ctx->o_ctx));
-	EVP_DigestUpdate(&(ctx->md_ctx),buf,i);
-	EVP_DigestFinal(&(ctx->md_ctx),md,len);
+	EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i);
+	EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx);
+	EVP_DigestUpdate(&ctx->md_ctx,buf,i);
+	EVP_DigestFinal_ex(&ctx->md_ctx,md,len);
+	}
+
+void HMAC_CTX_init(HMAC_CTX *ctx)
+	{
+	EVP_MD_CTX_init(&ctx->i_ctx);
+	EVP_MD_CTX_init(&ctx->o_ctx);
+	EVP_MD_CTX_init(&ctx->md_ctx);
 	}
 
-void HMAC_cleanup(ctx)
-HMAC_CTX *ctx;
+void HMAC_CTX_cleanup(HMAC_CTX *ctx)
 	{
-	memset(ctx,0,sizeof(HMAC_CTX));
+	EVP_MD_CTX_cleanup(&ctx->i_ctx);
+	EVP_MD_CTX_cleanup(&ctx->o_ctx);
+	EVP_MD_CTX_cleanup(&ctx->md_ctx);
+	memset(ctx,0,sizeof *ctx);
 	}
 
-unsigned char *HMAC(evp_md,key,key_len,d,n,md,md_len)
-EVP_MD *evp_md;
-unsigned char *key;
-int key_len;
-unsigned char *d;
-int n;
-unsigned char *md;
-unsigned int *md_len;
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+		    const unsigned char *d, int n, unsigned char *md,
+		    unsigned int *md_len)
 	{
 	HMAC_CTX c;
 	static unsigned char m[EVP_MAX_MD_SIZE];
 
 	if (md == NULL) md=m;
+	HMAC_CTX_init(&c);
 	HMAC_Init(&c,key,key_len,evp_md);
 	HMAC_Update(&c,d,n);
 	HMAC_Final(&c,md,md_len);
-	HMAC_cleanup(&c);
+	HMAC_CTX_cleanup(&c);
 	return(md);
 	}
 
diff --git a/crypto/hmac/hmac.h b/crypto/hmac/hmac.h
index e6b43f52c4..0364a1fcbd 100644
--- a/crypto/hmac/hmac.h
+++ b/crypto/hmac/hmac.h
@@ -58,17 +58,21 @@
 #ifndef HEADER_HMAC_H
 #define HEADER_HMAC_H
 
-#ifdef  __cplusplus
-extern "C" {
+#ifdef OPENSSL_NO_HMAC
+#error HMAC is disabled.
 #endif
 
-#include "evp.h"
+#include <openssl/evp.h>
 
 #define HMAC_MAX_MD_CBLOCK	64
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 typedef struct hmac_ctx_st
 	{
-	EVP_MD *md;
+	const EVP_MD *md;
 	EVP_MD_CTX md_ctx;
 	EVP_MD_CTX i_ctx;
 	EVP_MD_CTX o_ctx;
@@ -78,26 +82,22 @@ typedef struct hmac_ctx_st
 
 #define HMAC_size(e)	(EVP_MD_size((e)->md))
 
-#ifndef NOPROTO
-
-void HMAC_Init(HMAC_CTX *ctx, unsigned char *key, int len,
-	EVP_MD *md);
-void HMAC_Update(HMAC_CTX *ctx,unsigned char *key, int len);
-void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
-void HMAC_cleanup(HMAC_CTX *ctx);
-unsigned char *HMAC(EVP_MD *evp_md, unsigned char *key, int key_len,
-	unsigned char *d, int n, unsigned char *md, unsigned int *md_len);
 
+void HMAC_CTX_init(HMAC_CTX *ctx);
+void HMAC_CTX_cleanup(HMAC_CTX *ctx);
 
-#else
+#define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */
 
-void HMAC_Init();
-void HMAC_Update();
-void HMAC_Final();
-void HMAC_cleanup();
-unsigned char *HMAC();
+void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
+	       const EVP_MD *md); /* deprecated */
+void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+		  const EVP_MD *md, ENGINE *impl);
+void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
+void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+		    const unsigned char *d, int n, unsigned char *md,
+		    unsigned int *md_len);
 
-#endif
 
 #ifdef  __cplusplus
 }
diff --git a/crypto/hmac/hmactest.c b/crypto/hmac/hmactest.c
index 5938e375dc..1b906b81af 100644
--- a/crypto/hmac/hmactest.c
+++ b/crypto/hmac/hmactest.c
@@ -59,9 +59,27 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "hmac.h"
 
-struct test_st
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_HMAC
+int main(int argc, char *argv[])
+{
+    printf("No HMAC support\n");
+    return(0);
+}
+#else
+#include <openssl/hmac.h>
+#ifndef OPENSSL_NO_MD5
+#include <openssl/md5.h>
+#endif
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+#ifndef OPENSSL_NO_MD5
+static struct test_st
 	{
 	unsigned char key[16];
 	int key_len;
@@ -100,20 +118,27 @@ struct test_st
 		(unsigned char *)"56be34521d144c88dbb8c733f0e8b3f6",
 	},
 	};
-
-
-#ifndef NOPROTO
-static char *pt(unsigned char *md);
-#else
-static char *pt();
 #endif
 
-int main(argc,argv)
-int argc;
-char *argv[];
+static char *pt(unsigned char *md);
+int main(int argc, char *argv[])
 	{
-	int i,err=0;
+#ifndef OPENSSL_NO_MD5
+	int i;
 	char *p;
+#endif
+	int err=0;
+
+#ifdef OPENSSL_NO_MD5
+	printf("test skipped: MD5 disabled\n");
+#else
+
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(test[0].data, test[0].data, test[0].data_len);
+	ebcdic2ascii(test[1].data, test[1].data, test[1].data_len);
+	ebcdic2ascii(test[2].key,  test[2].key,  test[2].key_len);
+	ebcdic2ascii(test[2].data, test[2].data, test[2].data_len);
+#endif
 
 	for (i=0; i<4; i++)
 		{
@@ -131,12 +156,13 @@ char *argv[];
 		else
 			printf("test %d ok\n",i);
 		}
-	exit(err);
+#endif /* OPENSSL_NO_MD5 */
+	EXIT(err);
 	return(0);
 	}
 
-static char *pt(md)
-unsigned char *md;
+#ifndef OPENSSL_NO_MD5
+static char *pt(unsigned char *md)
 	{
 	int i;
 	static char buf[80];
@@ -145,3 +171,5 @@ unsigned char *md;
 		sprintf(&(buf[i*2]),"%02x",md[i]);
 	return(buf);
 	}
+#endif
+#endif
diff --git a/crypto/idea/.cvsignore b/crypto/idea/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/idea/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/idea/Makefile.ssl b/crypto/idea/Makefile.ssl
index 41b42ce03b..ca4b76fc2f 100644
--- a/crypto/idea/Makefile.ssl
+++ b/crypto/idea/Makefile.ssl
@@ -7,9 +7,12 @@ TOP=	../..
 CC=	cc
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -37,24 +40,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -66,15 +68,24 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+i_cbc.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_cbc.o: i_cbc.c idea_lcl.h
+i_cfb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_cfb64.o: i_cfb64.c idea_lcl.h
+i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h
+i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_ofb64.o: i_ofb64.c idea_lcl.h
+i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+i_skey.o: i_skey.c idea_lcl.h
diff --git a/crypto/idea/Makefile.uni b/crypto/idea/Makefile.uni
deleted file mode 100644
index 354123dac8..0000000000
--- a/crypto/idea/Makefile.uni
+++ /dev/null
@@ -1,72 +0,0 @@
-# Targets
-# make          - twidle the options yourself :-)
-# make cc       - standard cc options
-# make gcc      - standard gcc options
-
-DIR=    cast
-TOP=    .
-CC=     gcc
-CFLAG=	-O3 -fomit-frame-pointer
-
-CPP=    $(CC) -E
-INCLUDES=
-INSTALLTOP=/usr/local/lib
-MAKE=           make
-MAKEDEPEND=     makedepend
-MAKEFILE=       Makefile.uni
-AR=             ar r
-
-IDEA_ENC=i_cbc.o
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=ideatest
-APPS=idea_spd
-
-LIB=libidea.a
-LIBSRC=i_skey.c i_ecb.c i_cbc.c i_cfb64.c i_ofb64.c
-LIBOBJ=i_skey.o i_ecb.o $(IDEA_ENC) i_cfb64.o i_ofb64.o
-
-SRC= $(LIBSRC)
-
-EXHEADER= idea.h
-HEADER= idea_lcl.h $(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-all:    $(LIB) $(TEST) $(APPS)
-
-$(LIB):    $(LIBOBJ)
-	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/ranlib.sh $(LIB)
-
-test:	$(TEST)
-	./$(TEST)
-
-$(TEST): $(TEST).c $(LIB)
-	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
-
-$(APPS): $(APPS).c $(LIB)
-	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
-
-dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-cc:
-	$(MAKE) CC="cc" CFLAG="-O" all
-
-gcc:
-	$(MAKE) CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/idea/i_cbc.c b/crypto/idea/i_cbc.c
index 716ea3f474..ecb9cb8b83 100644
--- a/crypto/idea/i_cbc.c
+++ b/crypto/idea/i_cbc.c
@@ -47,7 +47,7 @@
  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * OUT OF THE USE OF THIS  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  * 
  * The licence and distribution terms for any publically available version or
@@ -56,16 +56,11 @@
  * [including the GNU Public Licence.]
  */
 
-#include "idea.h"
+#include <openssl/idea.h>
 #include "idea_lcl.h"
 
-void idea_cbc_encrypt(in, out, length, ks, iv, encrypt)
-unsigned char *in;
-unsigned char *out;
-long length;
-IDEA_KEY_SCHEDULE *ks;
-unsigned char *iv;
-int encrypt;
+void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+	     IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int encrypt)
 	{
 	register unsigned long tin0,tin1;
 	register unsigned long tout0,tout1,xor0,xor1;
@@ -138,9 +133,7 @@ int encrypt;
 	tin[0]=tin[1]=0;
 	}
 
-void idea_encrypt(d,key)
-unsigned long *d;
-IDEA_KEY_SCHEDULE *key;
+void idea_encrypt(unsigned long *d, IDEA_KEY_SCHEDULE *key)
 	{
 	register IDEA_INT *p;
 	register unsigned long x1,x2,x3,x4,t0,t1,ul;
diff --git a/crypto/idea/i_cfb64.c b/crypto/idea/i_cfb64.c
index 8dfa7ece48..66d49d520e 100644
--- a/crypto/idea/i_cfb64.c
+++ b/crypto/idea/i_cfb64.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#include "idea.h"
+#include <openssl/idea.h>
 #include "idea_lcl.h"
 
 /* The input and output encrypted as though 64bit cfb mode is being
@@ -64,14 +64,9 @@
  * 64bit block we have used is contained in *num;
  */
 
-void idea_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt)
-unsigned char *in;
-unsigned char *out;
-long length;
-IDEA_KEY_SCHEDULE *schedule;
-unsigned char *ivec;
-int *num;
-int encrypt;
+void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+			long length, IDEA_KEY_SCHEDULE *schedule,
+			unsigned char *ivec, int *num, int encrypt)
 	{
 	register unsigned long v0,v1,t;
 	register int n= *num;
diff --git a/crypto/idea/i_ecb.c b/crypto/idea/i_ecb.c
index 5d5f8e0325..fb613db595 100644
--- a/crypto/idea/i_ecb.c
+++ b/crypto/idea/i_ecb.c
@@ -56,12 +56,13 @@
  * [including the GNU Public Licence.]
  */
 
-#include "idea.h"
+#include <openssl/idea.h>
 #include "idea_lcl.h"
+#include <openssl/opensslv.h>
 
-char *IDEA_version="IDEA part of SSLeay 0.9.1a 06-Jul-1998";
+const char *IDEA_version="IDEA" OPENSSL_VERSION_PTEXT;
 
-char *idea_options()
+const char *idea_options(void)
 	{
 	if (sizeof(short) != sizeof(IDEA_INT))
 		return("idea(int)");
@@ -69,10 +70,8 @@ char *idea_options()
 		return("idea(short)");
 	}
 
-void idea_ecb_encrypt(in, out, ks)
-unsigned char *in;
-unsigned char *out;
-IDEA_KEY_SCHEDULE *ks;
+void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
+	     IDEA_KEY_SCHEDULE *ks)
 	{
 	unsigned long l0,l1,d[2];
 
diff --git a/crypto/idea/i_ofb64.c b/crypto/idea/i_ofb64.c
index d687adb22d..e749e88e34 100644
--- a/crypto/idea/i_ofb64.c
+++ b/crypto/idea/i_ofb64.c
@@ -56,20 +56,16 @@
  * [including the GNU Public Licence.]
  */
 
-#include "idea.h"
+#include <openssl/idea.h>
 #include "idea_lcl.h"
 
 /* The input and output encrypted as though 64bit ofb mode is being
  * used.  The extra state information to record how much of the
  * 64bit block we have used is contained in *num;
  */
-void idea_ofb64_encrypt(in, out, length, schedule, ivec, num)
-unsigned char *in;
-unsigned char *out;
-long length;
-IDEA_KEY_SCHEDULE *schedule;
-unsigned char *ivec;
-int *num;
+void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+			long length, IDEA_KEY_SCHEDULE *schedule,
+			unsigned char *ivec, int *num)
 	{
 	register unsigned long v0,v1,t;
 	register int n= *num;
diff --git a/crypto/idea/i_skey.c b/crypto/idea/i_skey.c
index 00fcc1e586..1c95bc9c7b 100644
--- a/crypto/idea/i_skey.c
+++ b/crypto/idea/i_skey.c
@@ -56,18 +56,11 @@
  * [including the GNU Public Licence.]
  */
 
-#include "idea.h"
+#include <openssl/idea.h>
 #include "idea_lcl.h"
 
-#ifndef NOPROTO
 static IDEA_INT inverse(unsigned int xin);
-#else
-static IDEA_INT inverse();
-#endif
-
-void idea_set_encrypt_key(key, ks)
-unsigned char *key;
-IDEA_KEY_SCHEDULE *ks;
+void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
 	{
 	int i;
 	register IDEA_INT *kt,*kf,r0,r1,r2;
@@ -101,9 +94,7 @@ IDEA_KEY_SCHEDULE *ks;
 		}
 	}
 
-void idea_set_decrypt_key(ek, dk)
-IDEA_KEY_SCHEDULE *ek;
-IDEA_KEY_SCHEDULE *dk;
+void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk)
 	{
 	int r;
 	register IDEA_INT *fp,*tp,t;
@@ -133,8 +124,7 @@ IDEA_KEY_SCHEDULE *dk;
 	}
 
 /* taken directly from the 'paper' I'll have a look at it later */
-static IDEA_INT inverse(xin)
-unsigned int xin;
+static IDEA_INT inverse(unsigned int xin)
 	{
 	long n1,n2,q,r,b1,b2,t;
 
diff --git a/crypto/idea/idea.h b/crypto/idea/idea.h
index e0eb4e0d63..67132414ee 100644
--- a/crypto/idea/idea.h
+++ b/crypto/idea/idea.h
@@ -1,4 +1,4 @@
-/* crypto/idea/idea.org */
+/* crypto/idea/idea.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,59 +56,42 @@
  * [including the GNU Public Licence.]
  */
 
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * Always modify idea.org since idea.h is automatically generated from 
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-
 #ifndef HEADER_IDEA_H
 #define HEADER_IDEA_H
 
-#ifdef  __cplusplus
-extern "C" {
+#ifdef OPENSSL_NO_IDEA
+#error IDEA is disabled.
 #endif
 
 #define IDEA_ENCRYPT	1
 #define IDEA_DECRYPT	0
 
-#define IDEA_INT unsigned int
+#include <openssl/opensslconf.h> /* IDEA_INT */
 #define IDEA_BLOCK	8
 #define IDEA_KEY_LENGTH	16
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 typedef struct idea_key_st
 	{
 	IDEA_INT data[9][6];
 	} IDEA_KEY_SCHEDULE;
 
-#ifndef NOPROTO
-char *idea_options(void);
-void idea_ecb_encrypt(unsigned char *in, unsigned char *out,
+const char *idea_options(void);
+void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
 	IDEA_KEY_SCHEDULE *ks);
-void idea_set_encrypt_key(unsigned char *key, IDEA_KEY_SCHEDULE *ks);
+void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
 void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
-void idea_cbc_encrypt(unsigned char *in, unsigned char *out,
+void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
 	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc);
-void idea_cfb64_encrypt(unsigned char *in, unsigned char *out,
+void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
 	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
 	int *num,int enc);
-void idea_ofb64_encrypt(unsigned char *in, unsigned char *out,
+void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out,
 	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num);
 void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
-#else
-char *idea_options();
-void idea_ecb_encrypt();
-void idea_set_encrypt_key();
-void idea_set_decrypt_key();
-void idea_cbc_encrypt();
-void idea_cfb64_encrypt();
-void idea_ofb64_encrypt();
-void idea_encrypt();
-#endif
-
 #ifdef  __cplusplus
 }
 #endif
diff --git a/crypto/idea/idea.org b/crypto/idea/idea.org
deleted file mode 100644
index e0eb4e0d63..0000000000
--- a/crypto/idea/idea.org
+++ /dev/null
@@ -1,116 +0,0 @@
-/* crypto/idea/idea.org */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * Always modify idea.org since idea.h is automatically generated from 
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-
-#ifndef HEADER_IDEA_H
-#define HEADER_IDEA_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define IDEA_ENCRYPT	1
-#define IDEA_DECRYPT	0
-
-#define IDEA_INT unsigned int
-#define IDEA_BLOCK	8
-#define IDEA_KEY_LENGTH	16
-
-typedef struct idea_key_st
-	{
-	IDEA_INT data[9][6];
-	} IDEA_KEY_SCHEDULE;
-
-#ifndef NOPROTO
-char *idea_options(void);
-void idea_ecb_encrypt(unsigned char *in, unsigned char *out,
-	IDEA_KEY_SCHEDULE *ks);
-void idea_set_encrypt_key(unsigned char *key, IDEA_KEY_SCHEDULE *ks);
-void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
-void idea_cbc_encrypt(unsigned char *in, unsigned char *out,
-	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc);
-void idea_cfb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
-	int *num,int enc);
-void idea_ofb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num);
-void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
-#else
-char *idea_options();
-void idea_ecb_encrypt();
-void idea_set_encrypt_key();
-void idea_set_decrypt_key();
-void idea_cbc_encrypt();
-void idea_cfb64_encrypt();
-void idea_ofb64_encrypt();
-void idea_encrypt();
-#endif
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/idea/idea_lcl.h b/crypto/idea/idea_lcl.h
index 4cf256ae87..463aa36ce9 100644
--- a/crypto/idea/idea_lcl.h
+++ b/crypto/idea/idea_lcl.h
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-/* The new form of this macro (check if the a*b == 0) was sugested by 
+/* The new form of this macro (check if the a*b == 0) was suggested by 
  * Colin Plumb <colin@nyx10.cs.du.edu> */
 /* Removal of the inner if from from Wei Dai 24/4/96 */
 #define idea_mul(r,a,b,ul) \
diff --git a/crypto/idea/idea_spd.c b/crypto/idea/idea_spd.c
index 98060d9b8c..48ffaff520 100644
--- a/crypto/idea/idea_spd.c
+++ b/crypto/idea/idea_spd.c
@@ -59,19 +59,17 @@
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
 
-#ifndef MSDOS
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
 #define TIMES
 #endif
 
 #include <stdio.h>
-#ifndef MSDOS
-#include <unistd.h>
-#else
-#include <io.h>
-extern int exit();
-#endif
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
 #include <signal.h>
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -79,15 +77,15 @@ extern int exit();
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
@@ -98,16 +96,12 @@ struct tms {
 #include <sys/param.h>
 #endif
 
-#include "idea.h"
+#include <openssl/idea.h>
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
 #ifndef CLK_TCK
-#ifndef VMS
-#define HZ	100.0
-#else /* VMS */
 #define HZ	100.0
-#endif
 #else /* CLK_TCK */
 #define HZ ((double)CLK_TCK)
 #endif
@@ -116,12 +110,7 @@ struct tms {
 #define BUFSIZE	((long)1024)
 long run=0;
 
-#ifndef NOPROTO
 double Time_F(int s);
-#else
-double Time_F();
-#endif
-
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
 #define SIGRETTYPE void
@@ -129,14 +118,8 @@ double Time_F();
 #define SIGRETTYPE int
 #endif
 
-#ifndef NOPROTO
 SIGRETTYPE sig_done(int sig);
-#else
-SIGRETTYPE sig_done();
-#endif
-
-SIGRETTYPE sig_done(sig)
-int sig;
+SIGRETTYPE sig_done(int sig)
 	{
 	signal(SIGALRM,sig_done);
 	run=0;
@@ -149,8 +132,7 @@ int sig;
 #define START	0
 #define STOP	1
 
-double Time_F(s)
-int s;
+double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -186,9 +168,7 @@ int s;
 #endif
 	}
 
-int main(argc,argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	long count;
 	static unsigned char buf[BUFSIZE];
@@ -203,7 +183,7 @@ char **argv;
 #endif
 
 #ifndef TIMES
-	printf("To get the most acurate results, try to run this\n");
+	printf("To get the most accurate results, try to run this\n");
 	printf("program when this computer is idle.\n");
 #endif
 
@@ -309,7 +289,7 @@ char **argv;
 	printf("IDEA raw ecb bytes   per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
 	printf("IDEA cbc     bytes   per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
 	exit(0);
-#if defined(LINT) || defined(MSDOS)
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
 	return(0);
 #endif
 	}
diff --git a/crypto/idea/ideatest.c b/crypto/idea/ideatest.c
index 6eff9029cc..98f805d72a 100644
--- a/crypto/idea/ideatest.c
+++ b/crypto/idea/ideatest.c
@@ -59,7 +59,17 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "idea.h"
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_IDEA
+int main(int argc, char *argv[])
+{
+    printf("No IDEA support\n");
+    return(0);
+}
+#else
+#include <openssl/idea.h>
 
 unsigned char k[16]={
 	0x00,0x01,0x00,0x02,0x00,0x03,0x00,0x04,
@@ -95,17 +105,9 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
 	0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/
 	}; 
 
-#ifndef NOPROTO
 static int cfb64_test(unsigned char *cfb_cipher);
 static char *pt(unsigned char *p);
-#else
-static int cfb64_test();
-static char *pt();
-#endif
-
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int i,err=0;
 	IDEA_KEY_SCHEDULE key,dkey; 
@@ -167,12 +169,11 @@ char *argv[];
 	else
 		printf("ok\n");
 
-	exit(err);
+	EXIT(err);
 	return(err);
 	}
 
-static int cfb64_test(cfb_cipher)
-unsigned char *cfb_cipher;
+static int cfb64_test(unsigned char *cfb_cipher)
         {
         IDEA_KEY_SCHEDULE eks,dks;
         int err=0,i,n;
@@ -210,8 +211,7 @@ unsigned char *cfb_cipher;
         return(err);
         }
 
-static char *pt(p)
-unsigned char *p;
+static char *pt(unsigned char *p)
 	{
 	static char bufs[10][20];
 	static int bnum=0;
@@ -229,4 +229,4 @@ unsigned char *p;
 	ret[16]='\0';
 	return(ret);
 	}
-	
+#endif
diff --git a/crypto/install.com b/crypto/install.com
new file mode 100644
index 0000000000..f043a731d3
--- /dev/null
+++ b/crypto/install.com
@@ -0,0 +1,140 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 22-MAY-1998 10:13
+$!
+$! P1	root of the directory tree
+$!
+$	IF P1 .EQS. ""
+$	THEN
+$	    WRITE SYS$OUTPUT "First argument missing."
+$	    WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$	    EXIT
+$	ENDIF
+$
+$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
+$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
+$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
+		   - "[000000." - "][" - "[" - "]"
+$	ROOT = ROOT_DEV + "[" + ROOT_DIR
+$
+$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
+$	DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB]
+$	DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB]
+$	DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
+$
+$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
+$	IF F$PARSE("WRK_SSLVLIB:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLVLIB:
+$	IF F$PARSE("WRK_SSLALIB:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLALIB:
+$	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLINCLUDE:
+$
+$	SDIRS := ,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,-
+		 DES,RC2,RC4,RC5,IDEA,BF,CAST,-
+		 BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,-
+		 BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,-
+		 EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,-
+		 UI,KRB5
+$	EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,-
+		symhacks.h,ossl_typ.h
+$	EXHEADER_MD2 := md2.h
+$	EXHEADER_MD4 := md4.h
+$	EXHEADER_MD5 := md5.h
+$	EXHEADER_SHA := sha.h
+$	EXHEADER_MDC2 := mdc2.h
+$	EXHEADER_HMAC := hmac.h
+$	EXHEADER_RIPEMD := ripemd.h
+$	EXHEADER_DES := des.h,des_old.h
+$	EXHEADER_RC2 := rc2.h
+$	EXHEADER_RC4 := rc4.h
+$	EXHEADER_RC5 := rc5.h
+$	EXHEADER_IDEA := idea.h
+$	EXHEADER_BF := blowfish.h
+$	EXHEADER_CAST := cast.h
+$	EXHEADER_BN := bn.h
+$	EXHEADER_EC := ec.h
+$	EXHEADER_RSA := rsa.h
+$	EXHEADER_DSA := dsa.h
+$	EXHEADER_ECDSA := ecdsa.h
+$	EXHEADER_DH := dh.h
+$	EXHEADER_ECDH := ecdh.h
+$	EXHEADER_DSO := dso.h
+$	EXHEADER_ENGINE := engine.h
+$	EXHEADER_AES := aes.h
+$	EXHEADER_BUFFER := buffer.h
+$	EXHEADER_BIO := bio.h
+$	EXHEADER_STACK := stack.h,safestack.h
+$	EXHEADER_LHASH := lhash.h
+$	EXHEADER_RAND := rand.h
+$	EXHEADER_ERR := err.h
+$	EXHEADER_OBJECTS := objects.h,obj_mac.h
+$	EXHEADER_EVP := evp.h
+$	EXHEADER_ASN1 := asn1.h,asn1_mac.h,asn1t.h
+$	EXHEADER_PEM := pem.h,pem2.h
+$	EXHEADER_X509 := x509.h,x509_vfy.h
+$	EXHEADER_X509V3 := x509v3.h
+$	EXHEADER_CONF := conf.h,conf_api.h
+$	EXHEADER_TXT_DB := txt_db.h
+$	EXHEADER_PKCS7 := pkcs7.h
+$	EXHEADER_PKCS12 := pkcs12.h
+$	EXHEADER_COMP := comp.h
+$	EXHEADER_OCSP := ocsp.h
+$	EXHEADER_UI := ui.h,ui_compat.h
+$	EXHEADER_KRB5 := krb5_asn.h
+$	LIBS := LIBCRYPTO
+$
+$	VEXE_DIR := [-.VAX.EXE.CRYPTO]
+$	AEXE_DIR := [-.AXP.EXE.CRYPTO]
+$
+$	I = 0
+$ LOOP_SDIRS: 
+$	D = F$EDIT(F$ELEMENT(I, ",", SDIRS),"TRIM")
+$	I = I + 1
+$	IF D .EQS. "," THEN GOTO LOOP_SDIRS_END
+$	tmp = EXHEADER_'D'
+$	IF D .EQS. ""
+$	THEN
+$	  COPY 'tmp' WRK_SSLINCLUDE: /LOG
+$	ELSE
+$	  COPY [.'D']'tmp' WRK_SSLINCLUDE: /LOG
+$	ENDIF
+$	SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'tmp'
+$	GOTO LOOP_SDIRS
+$ LOOP_SDIRS_END:
+$
+$	I = 0
+$ LOOP_LIB: 
+$	E = F$EDIT(F$ELEMENT(I, ",", LIBS),"TRIM")
+$	I = I + 1
+$	IF E .EQS. "," THEN GOTO LOOP_LIB_END
+$	SET NOON
+$	IF F$SEARCH(VEXE_DIR+E+".OLB") .NES. ""
+$	THEN
+$	  COPY 'VEXE_DIR''E'.OLB WRK_SSLVLIB:'E'.OLB/log
+$	  SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.OLB
+$	ENDIF
+$	! Preparing for the time when we have shareable images
+$	IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. ""
+$	THEN
+$	  COPY 'VEXE_DIR''E'.EXE WRK_SSLVLIB:'E'.EXE/log
+$	  SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.EXE
+$	ENDIF
+$	IF F$SEARCH(AEXE_DIR+E+".OLB") .NES. ""
+$	THEN
+$	  COPY 'AEXE_DIR''E'.OLB WRK_SSLALIB:'E'.OLB/log
+$	  SET FILE/PROT=W:RE WRK_SSLALIB:'E'.OLB
+$	ENDIF
+$	! Preparing for the time when we have shareable images
+$	IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. ""
+$	THEN
+$	  COPY 'AEXE_DIR''E'.EXE WRK_SSLALIB:'E'.EXE/log
+$	  SET FILE/PROT=W:RE WRK_SSLALIB:'E'.EXE
+$	ENDIF
+$	SET ON
+$	GOTO LOOP_LIB
+$ LOOP_LIB_END:
+$
+$	EXIT
diff --git a/crypto/krb5/.cvsignore b/crypto/krb5/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/krb5/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/krb5/Makefile.ssl b/crypto/krb5/Makefile.ssl
new file mode 100644
index 0000000000..cc47c05472
--- /dev/null
+++ b/crypto/krb5/Makefile.ssl
@@ -0,0 +1,90 @@
+#
+# OpenSSL/krb5/Makefile.ssl
+#
+
+DIR=	krb5
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= krb5_asn.c
+
+LIBOBJ= krb5_asn.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= krb5_asn.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+krb5_asn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+krb5_asn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+krb5_asn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+krb5_asn.o: ../../include/openssl/krb5_asn.h
+krb5_asn.o: ../../include/openssl/opensslconf.h
+krb5_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+krb5_asn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+krb5_asn.o: ../../include/openssl/symhacks.h krb5_asn.c
diff --git a/crypto/krb5/krb5_asn.c b/crypto/krb5/krb5_asn.c
new file mode 100644
index 0000000000..1fb741d2a0
--- /dev/null
+++ b/crypto/krb5/krb5_asn.c
@@ -0,0 +1,167 @@
+/* krb5_asn.c */
+/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project,
+** using ocsp/{*.h,*asn*.c} as a starting point
+*/
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/krb5_asn.h>
+
+
+ASN1_SEQUENCE(KRB5_ENCDATA) = {
+	ASN1_EXP(KRB5_ENCDATA, etype,		ASN1_INTEGER,	  0),
+	ASN1_EXP_OPT(KRB5_ENCDATA, kvno,	ASN1_INTEGER,	  1),
+	ASN1_EXP(KRB5_ENCDATA, cipher,		ASN1_OCTET_STRING,2)
+} ASN1_SEQUENCE_END(KRB5_ENCDATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCDATA)
+
+
+ASN1_SEQUENCE(KRB5_PRINCNAME) = {
+	ASN1_EXP(KRB5_PRINCNAME, nametype,	ASN1_INTEGER,	  0),
+	ASN1_EXP_SEQUENCE_OF(KRB5_PRINCNAME, namestring, ASN1_GENERALSTRING, 1)
+} ASN1_SEQUENCE_END(KRB5_PRINCNAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_PRINCNAME)
+
+
+/* [APPLICATION 1] = 0x61 */
+ASN1_SEQUENCE(KRB5_TKTBODY) = {
+	ASN1_EXP(KRB5_TKTBODY, tktvno,		ASN1_INTEGER,	  0),
+	ASN1_EXP(KRB5_TKTBODY, realm, 		ASN1_GENERALSTRING, 1),
+	ASN1_EXP(KRB5_TKTBODY, sname,		KRB5_PRINCNAME,	  2),
+	ASN1_EXP(KRB5_TKTBODY, encdata,		KRB5_ENCDATA,	  3)
+} ASN1_SEQUENCE_END(KRB5_TKTBODY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_TKTBODY)
+
+
+ASN1_ITEM_TEMPLATE(KRB5_TICKET) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 1,
+			KRB5_TICKET, KRB5_TKTBODY)
+ASN1_ITEM_TEMPLATE_END(KRB5_TICKET)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_TICKET)
+
+
+/* [APPLICATION 14] = 0x6e */
+ASN1_SEQUENCE(KRB5_APREQBODY) = {
+	ASN1_EXP(KRB5_APREQBODY, pvno,		ASN1_INTEGER,	  0),
+	ASN1_EXP(KRB5_APREQBODY, msgtype,	ASN1_INTEGER,	  1),
+	ASN1_EXP(KRB5_APREQBODY, apoptions,	ASN1_BIT_STRING,  2),
+	ASN1_EXP(KRB5_APREQBODY, ticket, 	KRB5_TICKET,	  3),
+	ASN1_EXP(KRB5_APREQBODY, authenticator,	KRB5_ENCDATA,	  4),
+} ASN1_SEQUENCE_END(KRB5_APREQBODY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQBODY)
+
+ASN1_ITEM_TEMPLATE(KRB5_APREQ) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 14,
+			KRB5_APREQ, KRB5_APREQBODY)
+ASN1_ITEM_TEMPLATE_END(KRB5_APREQ)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQ)
+
+
+/*  Authenticator stuff 	*/
+
+ASN1_SEQUENCE(KRB5_CHECKSUM) = {
+	ASN1_EXP(KRB5_CHECKSUM, ctype,		ASN1_INTEGER,	  0),
+	ASN1_EXP(KRB5_CHECKSUM, checksum,	ASN1_OCTET_STRING,1)
+} ASN1_SEQUENCE_END(KRB5_CHECKSUM)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_CHECKSUM)
+
+
+ASN1_SEQUENCE(KRB5_ENCKEY) = {
+	ASN1_EXP(KRB5_ENCKEY,	ktype,		ASN1_INTEGER,	  0),
+	ASN1_EXP(KRB5_ENCKEY,	keyvalue,	ASN1_OCTET_STRING,1)
+} ASN1_SEQUENCE_END(KRB5_ENCKEY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCKEY)
+
+
+/* SEQ OF SEQ; see ASN1_EXP_SEQUENCE_OF_OPT() below */
+ASN1_SEQUENCE(KRB5_AUTHDATA) = {
+	ASN1_EXP(KRB5_AUTHDATA,	adtype,		ASN1_INTEGER,	  0),
+	ASN1_EXP(KRB5_AUTHDATA,	addata, 	ASN1_OCTET_STRING,1)
+} ASN1_SEQUENCE_END(KRB5_AUTHDATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHDATA)
+
+
+/* [APPLICATION 2] = 0x62 */
+ASN1_SEQUENCE(KRB5_AUTHENTBODY) = {
+	ASN1_EXP(KRB5_AUTHENTBODY,	avno,	ASN1_INTEGER,	  0),
+	ASN1_EXP(KRB5_AUTHENTBODY,	crealm,	ASN1_GENERALSTRING, 1),
+	ASN1_EXP(KRB5_AUTHENTBODY,	cname,	KRB5_PRINCNAME,	  2),
+	ASN1_EXP_OPT(KRB5_AUTHENTBODY,	cksum,	KRB5_CHECKSUM,	  3),
+	ASN1_EXP(KRB5_AUTHENTBODY,	cusec,	ASN1_INTEGER,	  4),
+	ASN1_EXP(KRB5_AUTHENTBODY,	ctime,	ASN1_GENERALIZEDTIME, 5),
+	ASN1_EXP_OPT(KRB5_AUTHENTBODY,	subkey,	KRB5_ENCKEY,	  6),
+	ASN1_EXP_OPT(KRB5_AUTHENTBODY,	seqnum,	ASN1_INTEGER,	  7),
+	ASN1_EXP_SEQUENCE_OF_OPT
+		    (KRB5_AUTHENTBODY,	authorization,	KRB5_AUTHDATA, 8),
+} ASN1_SEQUENCE_END(KRB5_AUTHENTBODY)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
+
+ASN1_ITEM_TEMPLATE(KRB5_AUTHENT) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 2,
+			KRB5_AUTHENT, KRB5_AUTHENTBODY)
+ASN1_ITEM_TEMPLATE_END(KRB5_AUTHENT)
+
+IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENT)
+
diff --git a/crypto/krb5/krb5_asn.h b/crypto/krb5/krb5_asn.h
new file mode 100644
index 0000000000..3329477b07
--- /dev/null
+++ b/crypto/krb5/krb5_asn.h
@@ -0,0 +1,256 @@
+/* krb5_asn.h */
+/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project,
+** using ocsp/{*.h,*asn*.c} as a starting point
+*/
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_KRB5_ASN_H
+#define HEADER_KRB5_ASN_H
+
+/*
+#include <krb5.h>
+*/
+#include <openssl/safestack.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+/*	ASN.1 from Kerberos RFC 1510
+*/
+
+/*	EncryptedData ::=   SEQUENCE {
+**		etype[0]                      INTEGER, -- EncryptionType
+**		kvno[1]                       INTEGER OPTIONAL,
+**		cipher[2]                     OCTET STRING -- ciphertext
+**	}
+*/
+typedef	struct	krb5_encdata_st
+	{
+	ASN1_INTEGER			*etype;
+	ASN1_INTEGER			*kvno;
+	ASN1_OCTET_STRING		*cipher;
+	}	KRB5_ENCDATA;
+
+DECLARE_STACK_OF(KRB5_ENCDATA)
+
+/*	PrincipalName ::=   SEQUENCE {
+**		name-type[0]                  INTEGER,
+**		name-string[1]                SEQUENCE OF GeneralString
+**	}
+*/
+typedef	struct	krb5_princname_st
+	{
+	ASN1_INTEGER			*nametype;
+	STACK_OF(ASN1_GENERALSTRING)	*namestring;
+	}	KRB5_PRINCNAME;
+
+DECLARE_STACK_OF(KRB5_PRINCNAME)
+
+
+/*	Ticket ::=	[APPLICATION 1] SEQUENCE {
+**		tkt-vno[0]                    INTEGER,
+**		realm[1]                      Realm,
+**		sname[2]                      PrincipalName,
+**		enc-part[3]                   EncryptedData
+**	}
+*/
+typedef	struct	krb5_tktbody_st
+	{
+	ASN1_INTEGER			*tktvno;
+	ASN1_GENERALSTRING		*realm;
+	KRB5_PRINCNAME			*sname;
+	KRB5_ENCDATA			*encdata;
+	}	KRB5_TKTBODY;
+
+typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET;
+DECLARE_STACK_OF(KRB5_TKTBODY)
+
+
+/*	AP-REQ ::=      [APPLICATION 14] SEQUENCE {
+**		pvno[0]                       INTEGER,
+**		msg-type[1]                   INTEGER,
+**		ap-options[2]                 APOptions,
+**		ticket[3]                     Ticket,
+**		authenticator[4]              EncryptedData
+**	}
+**
+**	APOptions ::=   BIT STRING {
+**		reserved(0), use-session-key(1), mutual-required(2) }
+*/
+typedef	struct	krb5_ap_req_st
+	{
+	ASN1_INTEGER			*pvno;
+	ASN1_INTEGER			*msgtype;
+	ASN1_BIT_STRING			*apoptions;
+	KRB5_TICKET			*ticket;
+	KRB5_ENCDATA			*authenticator;
+	}	KRB5_APREQBODY;
+
+typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ;
+DECLARE_STACK_OF(KRB5_APREQBODY)
+
+
+/*	Authenticator Stuff	*/
+
+
+/*	Checksum ::=   SEQUENCE {
+**		cksumtype[0]                  INTEGER,
+**		checksum[1]                   OCTET STRING
+**	}
+*/
+typedef	struct	krb5_checksum_st
+	{
+	ASN1_INTEGER			*ctype;
+	ASN1_OCTET_STRING		*checksum;
+	}	KRB5_CHECKSUM;
+
+DECLARE_STACK_OF(KRB5_CHECKSUM)
+
+
+/*	EncryptionKey ::=   SEQUENCE {
+**		keytype[0]                    INTEGER,
+**		keyvalue[1]                   OCTET STRING
+**	}
+*/
+typedef struct  krb5_encryptionkey_st
+	{
+	ASN1_INTEGER			*ktype;
+	ASN1_OCTET_STRING		*keyvalue;
+	}	KRB5_ENCKEY;
+
+DECLARE_STACK_OF(KRB5_ENCKEY)
+
+
+/*	AuthorizationData ::=   SEQUENCE OF SEQUENCE {
+**		ad-type[0]                    INTEGER,
+**              ad-data[1]                    OCTET STRING
+**	}
+*/
+typedef struct	krb5_authorization_st
+	{
+	ASN1_INTEGER			*adtype;
+	ASN1_OCTET_STRING		*addata;
+	}	KRB5_AUTHDATA;
+
+DECLARE_STACK_OF(KRB5_AUTHDATA)
+
+			
+/*	-- Unencrypted authenticator
+**	Authenticator ::=    [APPLICATION 2] SEQUENCE    {
+**		authenticator-vno[0]          INTEGER,
+**		crealm[1]                     Realm,
+**		cname[2]                      PrincipalName,
+**		cksum[3]                      Checksum OPTIONAL,
+**		cusec[4]                      INTEGER,
+**		ctime[5]                      KerberosTime,
+**		subkey[6]                     EncryptionKey OPTIONAL,
+**		seq-number[7]                 INTEGER OPTIONAL,
+**		authorization-data[8]         AuthorizationData OPTIONAL
+**	}
+*/
+typedef struct	krb5_authenticator_st
+	{
+	ASN1_INTEGER			*avno;
+	ASN1_GENERALSTRING		*crealm;
+	KRB5_PRINCNAME			*cname;
+	KRB5_CHECKSUM			*cksum;
+	ASN1_INTEGER			*cusec;
+	ASN1_GENERALIZEDTIME		*ctime;
+	KRB5_ENCKEY			*subkey;
+	ASN1_INTEGER			*seqnum;
+	KRB5_AUTHDATA			*authorization;
+	}	KRB5_AUTHENTBODY;
+
+typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT;
+DECLARE_STACK_OF(KRB5_AUTHENTBODY)
+
+
+/*  DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) =
+**	type *name##_new(void);
+**	void name##_free(type *a);
+**	DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) =
+**	 DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) =
+**	  type *d2i_##name(type **a, unsigned char **in, long len);
+**	  int i2d_##name(type *a, unsigned char **out);
+**	  DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it
+*/
+
+DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA)
+DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME)
+DECLARE_ASN1_FUNCTIONS(KRB5_TKTBODY)
+DECLARE_ASN1_FUNCTIONS(KRB5_APREQBODY)
+DECLARE_ASN1_FUNCTIONS(KRB5_TICKET)
+DECLARE_ASN1_FUNCTIONS(KRB5_APREQ)
+
+DECLARE_ASN1_FUNCTIONS(KRB5_CHECKSUM)
+DECLARE_ASN1_FUNCTIONS(KRB5_ENCKEY)
+DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA)
+DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
+DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT)
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/lhash/.cvsignore b/crypto/lhash/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/lhash/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/lhash/Makefile.ssl b/crypto/lhash/Makefile.ssl
index cb08547b4f..1902e4a899 100644
--- a/crypto/lhash/Makefile.ssl
+++ b/crypto/lhash/Makefile.ssl
@@ -7,9 +7,12 @@ TOP=	../..
 CC=	cc
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -37,24 +40,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -66,15 +68,26 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+lh_stats.o: ../../e_os.h ../../include/openssl/bio.h
+lh_stats.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+lh_stats.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+lh_stats.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+lh_stats.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+lh_stats.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+lh_stats.o: ../cryptlib.h lh_stats.c
+lhash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+lhash.o: ../../include/openssl/e_os2.h ../../include/openssl/lhash.h
+lhash.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+lhash.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+lhash.o: ../../include/openssl/symhacks.h lhash.c
diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c
index 23fe82f777..5aa7766aa6 100644
--- a/crypto/lhash/lh_stats.c
+++ b/crypto/lhash/lh_stats.c
@@ -63,13 +63,14 @@
  * and things should work as expected */
 #include "cryptlib.h"
 
-#include "lhash.h"
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#include <openssl/lhash.h>
 
-#ifndef HEADER_BIO_H
+#ifdef OPENSSL_NO_BIO
 
-void lh_stats(lh, out)
-LHASH *lh;
-FILE *out;
+void lh_stats(LHASH *lh, FILE *out)
 	{
 	fprintf(out,"num_items             = %lu\n",lh->num_items);
 	fprintf(out,"num_nodes             = %u\n",lh->num_nodes);
@@ -87,7 +88,7 @@ FILE *out;
 	fprintf(out,"num_retrieve          = %lu\n",lh->num_retrieve);
 	fprintf(out,"num_retrieve_miss     = %lu\n",lh->num_retrieve_miss);
 	fprintf(out,"num_hash_comps        = %lu\n",lh->num_hash_comps);
-#ifdef DEBUG
+#if 0
 	fprintf(out,"p                     = %u\n",lh->p);
 	fprintf(out,"pmax                  = %u\n",lh->pmax);
 	fprintf(out,"up_load               = %lu\n",lh->up_load);
@@ -95,9 +96,7 @@ FILE *out;
 #endif
 	}
 
-void lh_node_stats(lh, out)
-LHASH *lh;
-FILE *out;
+void lh_node_stats(LHASH *lh, FILE *out)
 	{
 	LHASH_NODE *n;
 	unsigned int i,num;
@@ -110,9 +109,7 @@ FILE *out;
 		}
 	}
 
-void lh_node_usage_stats(lh, out)
-LHASH *lh;
-FILE *out;
+void lh_node_usage_stats(LHASH *lh, FILE *out)
 	{
 	LHASH_NODE *n;
 	unsigned long num;
@@ -141,10 +138,8 @@ FILE *out;
 
 #else
 
-#ifndef NO_FP_API
-void lh_stats(lh,fp)
-LHASH *lh;
-FILE *fp;
+#ifndef OPENSSL_NO_FP_API
+void lh_stats(const LHASH *lh, FILE *fp)
 	{
 	BIO *bp;
 
@@ -156,9 +151,7 @@ FILE *fp;
 end:;
 	}
 
-void lh_node_stats(lh,fp)
-LHASH *lh;
-FILE *fp;
+void lh_node_stats(const LHASH *lh, FILE *fp)
 	{
 	BIO *bp;
 
@@ -170,9 +163,7 @@ FILE *fp;
 end:;
 	}
 
-void lh_node_usage_stats(lh,fp)
-LHASH *lh;
-FILE *fp;
+void lh_node_usage_stats(const LHASH *lh, FILE *fp)
 	{
 	BIO *bp;
 
@@ -186,82 +177,53 @@ end:;
 
 #endif
 
-void lh_stats_bio(lh, out)
-LHASH *lh;
-BIO *out;
+void lh_stats_bio(const LHASH *lh, BIO *out)
 	{
-	char buf[128];
-
-	sprintf(buf,"num_items             = %lu\n",lh->num_items);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_nodes             = %u\n",lh->num_nodes);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_alloc_nodes       = %u\n",lh->num_alloc_nodes);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_expands           = %lu\n",lh->num_expands);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_expand_reallocs   = %lu\n",lh->num_expand_reallocs);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_contracts         = %lu\n",lh->num_contracts);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_contract_reallocs = %lu\n",lh->num_contract_reallocs);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_hash_calls        = %lu\n",lh->num_hash_calls);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_comp_calls        = %lu\n",lh->num_comp_calls);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_insert            = %lu\n",lh->num_insert);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_replace           = %lu\n",lh->num_replace);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_delete            = %lu\n",lh->num_delete);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_no_delete         = %lu\n",lh->num_no_delete);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_retrieve          = %lu\n",lh->num_retrieve);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_retrieve_miss     = %lu\n",lh->num_retrieve_miss);
-	BIO_puts(out,buf);
-	sprintf(buf,"num_hash_comps        = %lu\n",lh->num_hash_comps);
-	BIO_puts(out,buf);
-#ifdef DEBUG
-	sprintf(buf,"p                     = %u\n",lh->p);
-	BIO_puts(out,buf);
-	sprintf(buf,"pmax                  = %u\n",lh->pmax);
-	BIO_puts(out,buf);
-	sprintf(buf,"up_load               = %lu\n",lh->up_load);
-	BIO_puts(out,buf);
-	sprintf(buf,"down_load             = %lu\n",lh->down_load);
-	BIO_puts(out,buf);
+	BIO_printf(out,"num_items             = %lu\n",lh->num_items);
+	BIO_printf(out,"num_nodes             = %u\n",lh->num_nodes);
+	BIO_printf(out,"num_alloc_nodes       = %u\n",lh->num_alloc_nodes);
+	BIO_printf(out,"num_expands           = %lu\n",lh->num_expands);
+	BIO_printf(out,"num_expand_reallocs   = %lu\n",
+		   lh->num_expand_reallocs);
+	BIO_printf(out,"num_contracts         = %lu\n",lh->num_contracts);
+	BIO_printf(out,"num_contract_reallocs = %lu\n",
+		   lh->num_contract_reallocs);
+	BIO_printf(out,"num_hash_calls        = %lu\n",lh->num_hash_calls);
+	BIO_printf(out,"num_comp_calls        = %lu\n",lh->num_comp_calls);
+	BIO_printf(out,"num_insert            = %lu\n",lh->num_insert);
+	BIO_printf(out,"num_replace           = %lu\n",lh->num_replace);
+	BIO_printf(out,"num_delete            = %lu\n",lh->num_delete);
+	BIO_printf(out,"num_no_delete         = %lu\n",lh->num_no_delete);
+	BIO_printf(out,"num_retrieve          = %lu\n",lh->num_retrieve);
+	BIO_printf(out,"num_retrieve_miss     = %lu\n",lh->num_retrieve_miss);
+	BIO_printf(out,"num_hash_comps        = %lu\n",lh->num_hash_comps);
+#if 0
+	BIO_printf(out,"p                     = %u\n",lh->p);
+	BIO_printf(out,"pmax                  = %u\n",lh->pmax);
+	BIO_printf(out,"up_load               = %lu\n",lh->up_load);
+	BIO_printf(out,"down_load             = %lu\n",lh->down_load);
 #endif
 	}
 
-void lh_node_stats_bio(lh, out)
-LHASH *lh;
-BIO *out;
+void lh_node_stats_bio(const LHASH *lh, BIO *out)
 	{
 	LHASH_NODE *n;
 	unsigned int i,num;
-	char buf[128];
 
 	for (i=0; i<lh->num_nodes; i++)
 		{
 		for (n=lh->b[i],num=0; n != NULL; n=n->next)
 			num++;
-		sprintf(buf,"node %6u -> %3u\n",i,num);
-		BIO_puts(out,buf);
+		BIO_printf(out,"node %6u -> %3u\n",i,num);
 		}
 	}
 
-void lh_node_usage_stats_bio(lh, out)
-LHASH *lh;
-BIO *out;
+void lh_node_usage_stats_bio(const LHASH *lh, BIO *out)
 	{
 	LHASH_NODE *n;
 	unsigned long num;
 	unsigned int i;
 	unsigned long total=0,n_used=0;
-	char buf[128];
 
 	for (i=0; i<lh->num_nodes; i++)
 		{
@@ -273,17 +235,14 @@ BIO *out;
 			total+=num;
 			}
 		}
-	sprintf(buf,"%lu nodes used out of %u\n",n_used,lh->num_nodes);
-	BIO_puts(out,buf);
-	sprintf(buf,"%lu items\n",total);
-	BIO_puts(out,buf);
+	BIO_printf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes);
+	BIO_printf(out,"%lu items\n",total);
 	if (n_used == 0) return;
-	sprintf(buf,"load %d.%02d  actual load %d.%02d\n",
-		(int)(total/lh->num_nodes),
-		(int)((total%lh->num_nodes)*100/lh->num_nodes),
-		(int)(total/n_used),
-		(int)((total%n_used)*100/n_used));
-	BIO_puts(out,buf);
+	BIO_printf(out,"load %d.%02d  actual load %d.%02d\n",
+		   (int)(total/lh->num_nodes),
+		   (int)((total%lh->num_nodes)*100/lh->num_nodes),
+		   (int)(total/n_used),
+		   (int)((total%n_used)*100/n_used));
 	}
 
 #endif
diff --git a/crypto/lhash/lh_test.c b/crypto/lhash/lh_test.c
index 294b42bc82..85700c859b 100644
--- a/crypto/lhash/lh_test.c
+++ b/crypto/lhash/lh_test.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "lhash.h"
+#include <openssl/lhash.h>
 
 main()
 	{
@@ -75,9 +75,8 @@ main()
 		buf[0]='\0';
 		fgets(buf,256,stdin);
 		if (buf[0] == '\0') break;
-		buf[256]='\0';
 		i=strlen(buf);
-		p=Malloc(i+1);
+		p=OPENSSL_malloc(i+1);
 		memcpy(p,buf,i+1);
 		lh_insert(conf,p);
 		}
diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c
index 97006c4499..0a16fcf27d 100644
--- a/crypto/lhash/lhash.c
+++ b/crypto/lhash/lhash.c
@@ -56,8 +56,6 @@
  * [including the GNU Public Licence.]
  */
 
-char *lh_version="lhash part of SSLeay 0.9.1a 06-Jul-1998";
-
 /* Code for dynamic hash table routines
  * Author - Eric Young v 2.0
  *
@@ -66,11 +64,11 @@ char *lh_version="lhash part of SSLeay 0.9.1a 06-Jul-1998";
  *
  * 2.1 eay - Added an 'error in last operation' flag. eay 6-May-98
  *
- * 2.0 eay - Fixed a bug that occured when using lh_delete
+ * 2.0 eay - Fixed a bug that occurred when using lh_delete
  *	     from inside lh_doall().  As entries were deleted,
  *	     the 'table' was 'contract()ed', making some entries
  *	     jump from the end of the table to the start, there by
- *	     skiping the lh_doall() processing. eay - 4/12/95
+ *	     skipping the lh_doall() processing. eay - 4/12/95
  *
  * 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs
  *	     were not being free()ed. 21/11/95
@@ -99,47 +97,33 @@ char *lh_version="lhash part of SSLeay 0.9.1a 06-Jul-1998";
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "crypto.h"
-#include "lhash.h"
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+
+const char *lh_version="lhash" OPENSSL_VERSION_PTEXT;
 
 #undef MIN_NODES 
 #define MIN_NODES	16
 #define UP_LOAD		(2*LH_LOAD_MULT) /* load times 256  (default 2) */
 #define DOWN_LOAD	(LH_LOAD_MULT)   /* load times 256  (default 1) */
 
-#ifndef NOPROTO
-
-#define P_CP	char *
-#define P_CPP	char *,char *
 static void expand(LHASH *lh);
 static void contract(LHASH *lh);
-static LHASH_NODE **getrn(LHASH *lh, char *data, unsigned long *rhash);
-
-#else
-
-#define	P_CP
-#define P_CPP
-static void expand();
-static void contract();
-static LHASH_NODE **getrn();
-
-#endif
+static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash);
 
-LHASH *lh_new(h, c)
-unsigned long (*h)();
-int (*c)();
+LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c)
 	{
 	LHASH *ret;
 	int i;
 
-	if ((ret=(LHASH *)Malloc(sizeof(LHASH))) == NULL)
+	if ((ret=(LHASH *)OPENSSL_malloc(sizeof(LHASH))) == NULL)
 		goto err0;
-	if ((ret->b=(LHASH_NODE **)Malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL)
+	if ((ret->b=(LHASH_NODE **)OPENSSL_malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL)
 		goto err1;
 	for (i=0; i<MIN_NODES; i++)
 		ret->b[i]=NULL;
-	ret->comp=((c == NULL)?(int (*)())strcmp:c);
-	ret->hash=((h == NULL)?(unsigned long (*)())lh_strhash:h);
+	ret->comp=((c == NULL)?(LHASH_COMP_FN_TYPE)strcmp:c);
+	ret->hash=((h == NULL)?(LHASH_HASH_FN_TYPE)lh_strhash:h);
 	ret->num_nodes=MIN_NODES/2;
 	ret->num_alloc_nodes=MIN_NODES;
 	ret->p=0;
@@ -165,38 +149,38 @@ int (*c)();
 	ret->error=0;
 	return(ret);
 err1:
-	Free((char *)ret);
+	OPENSSL_free(ret);
 err0:
 	return(NULL);
 	}
 
-void lh_free(lh)
-LHASH *lh;
+void lh_free(LHASH *lh)
 	{
 	unsigned int i;
 	LHASH_NODE *n,*nn;
 
+	if (lh == NULL)
+	    return;
+
 	for (i=0; i<lh->num_nodes; i++)
 		{
 		n=lh->b[i];
 		while (n != NULL)
 			{
 			nn=n->next;
-			Free(n);
+			OPENSSL_free(n);
 			n=nn;
 			}
 		}
-	Free((char *)lh->b);
-	Free((char *)lh);
+	OPENSSL_free(lh->b);
+	OPENSSL_free(lh);
 	}
 
-char *lh_insert(lh, data)
-LHASH *lh;
-char *data;
+void *lh_insert(LHASH *lh, const void *data)
 	{
 	unsigned long hash;
 	LHASH_NODE *nn,**rn;
-	char *ret;
+	const void *ret;
 
 	lh->error=0;
 	if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))
@@ -206,14 +190,14 @@ char *data;
 
 	if (*rn == NULL)
 		{
-		if ((nn=(LHASH_NODE *)Malloc(sizeof(LHASH_NODE))) == NULL)
+		if ((nn=(LHASH_NODE *)OPENSSL_malloc(sizeof(LHASH_NODE))) == NULL)
 			{
 			lh->error++;
 			return(NULL);
 			}
 		nn->data=data;
 		nn->next=NULL;
-#ifndef NO_HASH_COMP
+#ifndef OPENSSL_NO_HASH_COMP
 		nn->hash=hash;
 #endif
 		*rn=nn;
@@ -227,16 +211,14 @@ char *data;
 		(*rn)->data=data;
 		lh->num_replace++;
 		}
-	return(ret);
+	return((void *)ret);
 	}
 
-char *lh_delete(lh, data)
-LHASH *lh;
-char *data;
+void *lh_delete(LHASH *lh, const void *data)
 	{
 	unsigned long hash;
 	LHASH_NODE *nn,**rn;
-	char *ret;
+	const void *ret;
 
 	lh->error=0;
 	rn=getrn(lh,data,&hash);
@@ -251,7 +233,7 @@ char *data;
 		nn= *rn;
 		*rn=nn->next;
 		ret=nn->data;
-		Free((char *)nn);
+		OPENSSL_free(nn);
 		lh->num_delete++;
 		}
 
@@ -260,16 +242,14 @@ char *data;
 		(lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)))
 		contract(lh);
 
-	return(ret);
+	return((void *)ret);
 	}
 
-char *lh_retrieve(lh, data)
-LHASH *lh;
-char *data;
+void *lh_retrieve(LHASH *lh, const void *data)
 	{
 	unsigned long hash;
 	LHASH_NODE **rn;
-	char *ret;
+	const void *ret;
 
 	lh->error=0;
 	rn=getrn(lh,data,&hash);
@@ -284,20 +264,11 @@ char *data;
 		ret= (*rn)->data;
 		lh->num_retrieve++;
 		}
-	return(ret);
-	}
-
-void lh_doall(lh, func)
-LHASH *lh;
-void (*func)();
-	{
-	lh_doall_arg(lh,func,NULL);
+	return((void *)ret);
 	}
 
-void lh_doall_arg(lh, func, arg)
-LHASH *lh;
-void (*func)();
-char *arg;
+static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
+			  LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg)
 	{
 	int i;
 	LHASH_NODE *a,*n;
@@ -312,14 +283,26 @@ char *arg;
 			/* 28/05/91 - eay - n added so items can be deleted
 			 * via lh_doall */
 			n=a->next;
-			func(a->data,arg);
+			if(use_arg)
+				func_arg(a->data,arg);
+			else
+				func(a->data);
 			a=n;
 			}
 		}
 	}
 
-static void expand(lh)
-LHASH *lh;
+void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func)
+	{
+	doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL);
+	}
+
+void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg)
+	{
+	doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg);
+	}
+
+static void expand(LHASH *lh)
 	{
 	LHASH_NODE **n,**n1,**n2,*np;
 	unsigned int p,i,j;
@@ -335,10 +318,10 @@ LHASH *lh;
 	
 	for (np= *n1; np != NULL; )
 		{
-#ifndef NO_HASH_COMP
+#ifndef OPENSSL_NO_HASH_COMP
 		hash=np->hash;
 #else
-		hash=(*(lh->hash))(np->data);
+		hash=lh->hash(np->data);
 		lh->num_hash_calls++;
 #endif
 		if ((hash%nni) != p)
@@ -355,7 +338,7 @@ LHASH *lh;
 	if ((lh->p) >= lh->pmax)
 		{
 		j=(int)lh->num_alloc_nodes*2;
-		n=(LHASH_NODE **)Realloc((char *)lh->b,
+		n=(LHASH_NODE **)OPENSSL_realloc(lh->b,
 			(unsigned int)sizeof(LHASH_NODE *)*j);
 		if (n == NULL)
 			{
@@ -375,8 +358,7 @@ LHASH *lh;
 		}
 	}
 
-static void contract(lh)
-LHASH *lh;
+static void contract(LHASH *lh)
 	{
 	LHASH_NODE **n,*n1,*np;
 
@@ -384,7 +366,7 @@ LHASH *lh;
 	lh->b[lh->p+lh->pmax-1]=NULL; /* 24/07-92 - eay - weird but :-( */
 	if (lh->p == 0)
 		{
-		n=(LHASH_NODE **)Realloc((char *)lh->b,
+		n=(LHASH_NODE **)OPENSSL_realloc(lh->b,
 			(unsigned int)(sizeof(LHASH_NODE *)*lh->pmax));
 		if (n == NULL)
 			{
@@ -415,10 +397,7 @@ LHASH *lh;
 		}
 	}
 
-static LHASH_NODE **getrn(lh, data, rhash)
-LHASH *lh;
-char *data;
-unsigned long *rhash;
+static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash)
 	{
 	LHASH_NODE **ret,*n1;
 	unsigned long hash,nn;
@@ -436,7 +415,7 @@ unsigned long *rhash;
 	ret= &(lh->b[(int)nn]);
 	for (n1= *ret; n1 != NULL; n1=n1->next)
 		{
-#ifndef NO_HASH_COMP
+#ifndef OPENSSL_NO_HASH_COMP
 		lh->num_hash_comps++;
 		if (n1->hash != hash)
 			{
@@ -445,35 +424,18 @@ unsigned long *rhash;
 			}
 #endif
 		lh->num_comp_calls++;
-		if ((*cf)(n1->data,data) == 0)
+		if(cf(n1->data,data) == 0)
 			break;
 		ret= &(n1->next);
 		}
 	return(ret);
 	}
 
-/*
-static unsigned long lh_strhash(str)
-char *str;
-	{
-	int i,l;
-	unsigned long ret=0;
-	unsigned short *s;
-
-	if (str == NULL) return(0);
-	l=(strlen(str)+1)/2;
-	s=(unsigned short *)str;
-	for (i=0; i<l; i++)
-		ret^=(s[i]<<(i&0x0f));
-	return(ret);
-	} */
-
 /* The following hash seems to work very well on normal text strings
  * no collisions on /usr/dict/words and it distributes on %2^n quite
  * well, not as good as MD5, but still good.
  */
-unsigned long lh_strhash(c)
-char *c;
+unsigned long lh_strhash(const char *c)
 	{
 	unsigned long ret=0;
 	long n;
@@ -502,3 +464,7 @@ char *c;
 	return((ret>>16)^ret);
 	}
 
+unsigned long lh_num_items(const LHASH *lh)
+	{
+	return lh ? lh->num_items : 0;
+	}
diff --git a/crypto/lhash/lhash.h b/crypto/lhash/lhash.h
index 06aad873b2..dee8207333 100644
--- a/crypto/lhash/lhash.h
+++ b/crypto/lhash/lhash.h
@@ -63,24 +63,82 @@
 #ifndef HEADER_LHASH_H
 #define HEADER_LHASH_H
 
+#ifndef OPENSSL_NO_FP_API
+#include <stdio.h>
+#endif
+
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
 typedef struct lhash_node_st
 	{
-	char *data;
+	const void *data;
 	struct lhash_node_st *next;
-#ifndef NO_HASH_COMP
+#ifndef OPENSSL_NO_HASH_COMP
 	unsigned long hash;
 #endif
 	} LHASH_NODE;
 
+typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *);
+typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *);
+typedef void (*LHASH_DOALL_FN_TYPE)(const void *);
+typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, void *);
+
+/* Macros for declaring and implementing type-safe wrappers for LHASH callbacks.
+ * This way, callbacks can be provided to LHASH structures without function
+ * pointer casting and the macro-defined callbacks provide per-variable casting
+ * before deferring to the underlying type-specific callbacks. NB: It is
+ * possible to place a "static" in front of both the DECLARE and IMPLEMENT
+ * macros if the functions are strictly internal. */
+
+/* First: "hash" functions */
+#define DECLARE_LHASH_HASH_FN(f_name,o_type) \
+	unsigned long f_name##_LHASH_HASH(const void *);
+#define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \
+	unsigned long f_name##_LHASH_HASH(const void *arg) { \
+		o_type a = (o_type)arg; \
+		return f_name(a); }
+#define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH
+
+/* Second: "compare" functions */
+#define DECLARE_LHASH_COMP_FN(f_name,o_type) \
+	int f_name##_LHASH_COMP(const void *, const void *);
+#define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \
+	int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \
+		o_type a = (o_type)arg1; \
+		o_type b = (o_type)arg2; \
+		return f_name(a,b); }
+#define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP
+
+/* Third: "doall" functions */
+#define DECLARE_LHASH_DOALL_FN(f_name,o_type) \
+	void f_name##_LHASH_DOALL(const void *);
+#define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \
+	void f_name##_LHASH_DOALL(const void *arg) { \
+		o_type a = (o_type)arg; \
+		f_name(a); }
+#define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL
+
+/* Fourth: "doall_arg" functions */
+#define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
+	void f_name##_LHASH_DOALL_ARG(const void *, void *);
+#define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
+	void f_name##_LHASH_DOALL_ARG(const void *arg1, void *arg2) { \
+		o_type a = (o_type)arg1; \
+		a_type b = (a_type)arg2; \
+		f_name(a,b); }
+#define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG
+
 typedef struct lhash_st
 	{
 	LHASH_NODE **b;
-	int (*comp)();
-	unsigned long (*hash)();
+	LHASH_COMP_FN_TYPE comp;
+	LHASH_HASH_FN_TYPE hash;
 	unsigned int num_nodes;
 	unsigned int num_alloc_nodes;
 	unsigned int p;
@@ -112,47 +170,27 @@ typedef struct lhash_st
  * in lh_insert(). */
 #define lh_error(lh)	((lh)->error)
 
-#ifndef NOPROTO
-LHASH *lh_new(unsigned long (*h)(), int (*c)());
+LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c);
 void lh_free(LHASH *lh);
-char *lh_insert(LHASH *lh, char *data);
-char *lh_delete(LHASH *lh, char *data);
-char *lh_retrieve(LHASH *lh, char *data);
-void lh_doall(LHASH *lh, void (*func)(/* char *b */));
-void lh_doall_arg(LHASH *lh, void (*func)(/*char *a,char *b*/),char *arg);
-unsigned long lh_strhash(char *c);
-
-#ifndef NO_FP_API
-void lh_stats(LHASH *lh, FILE *out);
-void lh_node_stats(LHASH *lh, FILE *out);
-void lh_node_usage_stats(LHASH *lh, FILE *out);
+void *lh_insert(LHASH *lh, const void *data);
+void *lh_delete(LHASH *lh, const void *data);
+void *lh_retrieve(LHASH *lh, const void *data);
+void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func);
+void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg);
+unsigned long lh_strhash(const char *c);
+unsigned long lh_num_items(const LHASH *lh);
+
+#ifndef OPENSSL_NO_FP_API
+void lh_stats(const LHASH *lh, FILE *out);
+void lh_node_stats(const LHASH *lh, FILE *out);
+void lh_node_usage_stats(const LHASH *lh, FILE *out);
 #endif
 
-#ifdef HEADER_BIO_H
-void lh_stats_bio(LHASH *lh, BIO *out);
-void lh_node_stats_bio(LHASH *lh, BIO *out);
-void lh_node_usage_stats_bio(LHASH *lh, BIO *out);
-#endif
-#else
-LHASH *lh_new();
-void lh_free();
-char *lh_insert();
-char *lh_delete();
-char *lh_retrieve();
-void lh_doall();
-void lh_doall_arg();
-unsigned long lh_strhash();
-
-#ifndef NO_FP_API
-void lh_stats();
-void lh_node_stats();
-void lh_node_usage_stats();
+#ifndef OPENSSL_NO_BIO
+void lh_stats_bio(const LHASH *lh, BIO *out);
+void lh_node_stats_bio(const LHASH *lh, BIO *out);
+void lh_node_usage_stats_bio(const LHASH *lh, BIO *out);
 #endif
-void lh_stats_bio();
-void lh_node_stats_bio();
-void lh_node_usage_stats_bio();
-#endif
-
 #ifdef  __cplusplus
 }
 #endif
diff --git a/crypto/libvms.com b/crypto/libvms.com
deleted file mode 100755
index 44f90c65b0..0000000000
--- a/crypto/libvms.com
+++ /dev/null
@@ -1,31 +0,0 @@
-$!
-$! Compile crypto.c as several subset modules and insert in crypto-xxx.olb.
-$! If P1 is specifed, it specifies alternate list of subsets to compile.
-$!
-$ libname = "CRYPTO-AXP.OLB"
-$ subset_list = "LIB,ASN1,BN,BUFFER,CONF,DES,DH,DSA,ERROR,EVP,IDEA,LHASH,MD," + -
-	"METH,OBJECTS,PEM,RAND,RC,RSA,SHA,STACK,TXT_DB,X509"
-$ if p1 .nes. "" then subset_list = p1
-$!
-$ if f$getsyi("CPU") .lt. 128 then libname = "CRYPTO-VAX.OLB"
-$ if f$search(libname) .eqs. "" then library/create/object/log 'libname'
-$!
-$ cc = "cc/include=[-.include]/prefix=all" + P2
-$!
-$ i = 0
-$ next_subset:
-$    subset = f$element(i,",",subset_list)
-$    if subset .eqs. "," then goto done
-$    i = i + 1
-$    create crypto_'subset'.subset
-#include "crypto.c"
-$    ofile = "sys$disk:[]crypto_" + subset + ".obj"
-$    on warning then goto next_subset
-$    write sys$output "Compiling ", ofile
-$    cc /object='ofile' crypto_'subset'.subset -
-	/define=(CRYPTO_SUBSET,CRYPTO_'subset'_SUBSET)
-$    library/replace/log 'libname'/module=CRYPTO_'subset' 'ofile'
-$    goto next_subset
-$!
-$ done:
-$ exit
diff --git a/crypto/md/Makefile.ssl b/crypto/md/Makefile.ssl
deleted file mode 100644
index 3e9dda7034..0000000000
--- a/crypto/md/Makefile.ssl
+++ /dev/null
@@ -1,80 +0,0 @@
-#
-# SSLeay/crypto/md/Makefile
-#
-
-DIR=	md
-TOP=	../..
-CC=	cc
-INCLUDES=
-CFLAG=-g
-INSTALLTOP=/usr/local/ssl
-MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
-MAKEFILE=	Makefile.ssl
-AR=		ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=md2test.c md5test.c
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC=md2_dgst.c md5_dgst.c md2_one.c md5_one.c
-LIBOBJ=md2_dgst.o md5_dgst.o md2_one.o md5_one.o
-
-SRC= $(LIBSRC)
-
-EXHEADER= md2.h md5.h
-HEADER=	md5_locl.h $(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
-
-all:	lib
-
-lib:	$(LIBOBJ)
-	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
-	@touch lib
-
-files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
-
-links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
-
-install:
-	@for i in $(EXHEADER) ; \
-	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
-	done;
-
-tags:
-	ctags $(SRC)
-
-tests:
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
-
-dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/md/md2.c b/crypto/md/md2.c
deleted file mode 100644
index f3a65b914f..0000000000
--- a/crypto/md/md2.c
+++ /dev/null
@@ -1,137 +0,0 @@
-/* crypto/md/md2.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "md2.h"
-
-#define BUFSIZE	1024*16
-
-#ifndef NOPROTO
-void do_fp(FILE *f);
-void pt(unsigned char *md);
-int read(int, void *, unsigned int);
-void exit(int);
-void perror(const char *);
-#else
-void do_fp();
-void pt();
-int read();
-void exit();
-void perror();
-#endif
-
-int main(argc, argv)
-int argc;
-char *argv[];
-	{
-	int i,err=0;
-	FILE *IN;
-
-	if (argc == 1)
-		{
-		do_fp(stdin);
-		}
-	else
-		{
-		for (i=1; i<argc; i++)
-			{
-			IN=fopen(argv[i],"r");
-			if (IN == NULL)
-				{
-				perror(argv[i]);
-				err++;
-				continue;
-				}
-			printf("MD2(%s)= ",argv[i]);
-			do_fp(IN);
-			fclose(IN);
-			}
-		}
-	exit(err);
-	return(err);
-	}
-
-void do_fp(f)
-FILE *f;
-	{
-	MD2_CTX c;
-	unsigned char md[MD2_DIGEST_LENGTH];
-	int fd,i;
-	static unsigned char buf[BUFSIZE];
-
-	fd=fileno(f);
-	MD2_Init(&c);
-	for (;;)
-		{
-		i=read(fd,buf,BUFSIZE);
-		if (i <= 0) break;
-		MD2_Update(&c,buf,(unsigned long)i);
-		}
-	MD2_Final(&(md[0]),&c);
-	pt(md);
-	}
-
-void pt(md)
-unsigned char *md;
-	{
-	int i;
-
-	for (i=0; i<MD2_DIGEST_LENGTH; i++)
-		printf("%02x",md[i]);
-	printf("\n");
-	}
diff --git a/crypto/md/md2.h b/crypto/md/md2.h
deleted file mode 100644
index 9f39933790..0000000000
--- a/crypto/md/md2.h
+++ /dev/null
@@ -1,106 +0,0 @@
-/* crypto/md/md2.org */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * Always modify md2.org since md2.h is automatically generated from 
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-
-#ifndef HEADER_MD2_H
-#define HEADER_MD2_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define MD2_DIGEST_LENGTH	16
-#define MD2_BLOCK       	16
-
-#define MD2_INT unsigned int
-
-typedef struct MD2state_st
-	{
-	int num;
-	unsigned char data[MD2_BLOCK];
-	MD2_INT cksm[MD2_BLOCK];
-	MD2_INT state[MD2_BLOCK];
-	} MD2_CTX;
-
-#ifndef NOPROTO
-char *MD2_options(void);
-void MD2_Init(MD2_CTX *c);
-void MD2_Update(MD2_CTX *c, register unsigned char *data, unsigned long len);
-void MD2_Final(unsigned char *md, MD2_CTX *c);
-unsigned char *MD2(unsigned char *d, unsigned long n,unsigned char *md);
-#else
-char *MD2_options();
-void MD2_Init();
-void MD2_Update();
-void MD2_Final();
-unsigned char *MD2();
-#endif
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/md/md2.org b/crypto/md/md2.org
deleted file mode 100644
index 9f39933790..0000000000
--- a/crypto/md/md2.org
+++ /dev/null
@@ -1,106 +0,0 @@
-/* crypto/md/md2.org */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * Always modify md2.org since md2.h is automatically generated from 
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-
-#ifndef HEADER_MD2_H
-#define HEADER_MD2_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define MD2_DIGEST_LENGTH	16
-#define MD2_BLOCK       	16
-
-#define MD2_INT unsigned int
-
-typedef struct MD2state_st
-	{
-	int num;
-	unsigned char data[MD2_BLOCK];
-	MD2_INT cksm[MD2_BLOCK];
-	MD2_INT state[MD2_BLOCK];
-	} MD2_CTX;
-
-#ifndef NOPROTO
-char *MD2_options(void);
-void MD2_Init(MD2_CTX *c);
-void MD2_Update(MD2_CTX *c, register unsigned char *data, unsigned long len);
-void MD2_Final(unsigned char *md, MD2_CTX *c);
-unsigned char *MD2(unsigned char *d, unsigned long n,unsigned char *md);
-#else
-char *MD2_options();
-void MD2_Init();
-void MD2_Update();
-void MD2_Final();
-unsigned char *MD2();
-#endif
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/md/md2_dgst.c b/crypto/md/md2_dgst.c
deleted file mode 100644
index ef70de7371..0000000000
--- a/crypto/md/md2_dgst.c
+++ /dev/null
@@ -1,235 +0,0 @@
-/* crypto/md/md2_dgst.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "md2.h"
-
-char *MD2_version="MD2 part of SSLeay 0.8.1b 29-Jun-1998";
-
-/* Implemented from RFC1319 The MD2 Message-Digest Algorithm
- */
-
-#define UCHAR	unsigned char
-
-#ifndef NOPROTO
-static void md2_block(MD2_CTX *c, unsigned char *d);
-#else
-static void md2_block();
-#endif
-
-/* The magic S table - I have converted it to hex since it is
- * basicaly just a random byte string. */
-static MD2_INT S[256]={
-	0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01,
-	0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13,
-	0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C,
-	0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA,
-	0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
-	0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12,
-	0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49,
-	0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A,
-	0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F,
-	0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
-	0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27,
-	0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03,
-	0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1,
-	0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6,
-	0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
-	0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1,
-	0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20,
-	0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02,
-	0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6,
-	0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
-	0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A,
-	0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26,
-	0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09,
-	0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52,
-	0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
-	0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A,
-	0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D,
-	0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39,
-	0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4,
-	0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
-	0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A,
-	0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14,
-	};
-
-char *MD2_options()
-	{
-	if (sizeof(MD2_INT) == 1)
-		return("md2(char)");
-	else
-		return("md2(int)");
-	}
-
-void MD2_Init(c)
-MD2_CTX *c;
-	{
-	c->num=0;
-	memset(c->state,0,MD2_BLOCK*sizeof(MD2_INT));
-	memset(c->cksm,0,MD2_BLOCK*sizeof(MD2_INT));
-	memset(c->data,0,MD2_BLOCK);
-	}
-
-void MD2_Update(c, data, len)
-MD2_CTX *c;
-register unsigned char *data;
-unsigned long len;
-	{
-	register UCHAR *p;
-
-	if (len == 0) return;
-
-	p=c->data;
-	if (c->num != 0)
-		{
-		if ((c->num+len) >= MD2_BLOCK)
-			{
-			memcpy(&(p[c->num]),data,MD2_BLOCK-c->num);
-			md2_block(c,c->data);
-			data+=(MD2_BLOCK - c->num);
-			len-=(MD2_BLOCK - c->num);
-			c->num=0;
-			/* drop through and do the rest */
-			}
-		else
-			{
-			memcpy(&(p[c->num]),data,(int)len);
-			/* data+=len; */
-			c->num+=(int)len;
-			return;
-			}
-		}
-	/* we now can process the input data in blocks of MD2_BLOCK
-	 * chars and save the leftovers to c->data. */
-	while (len >= MD2_BLOCK)
-		{
-		md2_block(c,data);
-		data+=MD2_BLOCK;
-		len-=MD2_BLOCK;
-		}
-	memcpy(p,data,(int)len);
-	c->num=(int)len;
-	}
-
-static void md2_block(c, d)
-MD2_CTX *c;
-unsigned char *d;
-	{
-	register MD2_INT t,*sp1,*sp2;
-	register int i,j;
-	MD2_INT state[48];
-
-	sp1=c->state;
-	sp2=c->cksm;
-	j=sp2[MD2_BLOCK-1];
-	for (i=0; i<16; i++)
-		{
-		state[i]=sp1[i];
-		state[i+16]=t=d[i];
-		state[i+32]=(t^sp1[i]);
-		j=sp2[i]^=S[t^j];
-		}
-	t=0;
-	for (i=0; i<18; i++)
-		{
-		for (j=0; j<48; j+=8)
-			{
-			t= state[j+ 0]^=S[t];
-			t= state[j+ 1]^=S[t];
-			t= state[j+ 2]^=S[t];
-			t= state[j+ 3]^=S[t];
-			t= state[j+ 4]^=S[t];
-			t= state[j+ 5]^=S[t];
-			t= state[j+ 6]^=S[t];
-			t= state[j+ 7]^=S[t];
-			}
-		t=(t+i)&0xff;
-		}
-	memcpy(sp1,state,16*sizeof(MD2_INT));
-	memset(state,0,48*sizeof(MD2_INT));
-	}
-
-void MD2_Final(md, c)
-unsigned char *md;
-MD2_CTX *c;
-	{
-	int i,v;
-	register UCHAR *cp;
-	register MD2_INT *p1,*p2;
-
-	cp=c->data;
-	p1=c->state;
-	p2=c->cksm;
-	v=MD2_BLOCK-c->num;
-	for (i=c->num; i<MD2_BLOCK; i++)
-		cp[i]=(UCHAR)v;
-
-	md2_block(c,cp);
-
-	for (i=0; i<MD2_BLOCK; i++)
-		cp[i]=(UCHAR)p2[i];
-	md2_block(c,cp);
-
-	for (i=0; i<16; i++)
-		md[i]=(UCHAR)(p1[i]&0xff);
-	memset((char *)&c,0,sizeof(c));
-	}
-
diff --git a/crypto/md/md2_one.c b/crypto/md/md2_one.c
deleted file mode 100644
index 352484a933..0000000000
--- a/crypto/md/md2_one.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/* crypto/md/md2_one.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "md2.h"
-
-/* This is a separate file so that #defines in cryptlib.h can
- * map my MD functions to different names */
-
-unsigned char *MD2(d, n, md)
-unsigned char *d;
-unsigned long n;
-unsigned char *md;
-	{
-	MD2_CTX c;
-	static unsigned char m[MD2_DIGEST_LENGTH];
-
-	if (md == NULL) md=m;
-	MD2_Init(&c);
-	MD2_Update(&c,d,n);
-	MD2_Final(md,&c);
-	memset(&c,0,sizeof(c));	/* Security consideration */
-	return(md);
-	}
diff --git a/crypto/md/md2test.c b/crypto/md/md2test.c
deleted file mode 100644
index 6e51245b2a..0000000000
--- a/crypto/md/md2test.c
+++ /dev/null
@@ -1,130 +0,0 @@
-/* crypto/md/md2test.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include "md2.h"
-
-char *test[]={
-	"",
-	"a",
-	"abc",
-	"message digest",
-	"abcdefghijklmnopqrstuvwxyz",
-	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
-	"12345678901234567890123456789012345678901234567890123456789012345678901234567890",
-	NULL,
-	};
-
-char *ret[]={
-	"8350e5a3e24c153df2275c9f80692773",
-	"32ec01ec4a6dac72c0ab96fb34c0b5d1",
-	"da853b0d3f88d99b30283a69e6ded6bb",
-	"ab4f496bfb2a530b219ff33031fe06b0",
-	"4e8ddff3650292ab5a4108c3aa47940b",
-	"da33def2a42df13975352846c30338cd",
-	"d5976f79d83d3a0dc9806c3c66f3efd8",
-	};
-
-#ifndef NOPROTO
-static char *pt(unsigned char *md);
-#else
-static char *pt();
-#endif
-
-int main(argc,argv)
-int argc;
-char *argv[];
-	{
-	int i,err=0;
-	char **P,**R;
-	char *p;
-
-	P=test;
-	R=ret;
-	i=1;
-	while (*P != NULL)
-		{
-		p=pt(MD2((unsigned char *)*P,(unsigned long)strlen(*P),NULL));
-		if (strcmp(p,*R) != 0)
-			{
-			printf("error calculating MD2 on '%s'\n",*P);
-			printf("got %s instead of %s\n",p,*R);
-			err++;
-			}
-		else
-			printf("test %d ok\n",i);
-		i++;
-		R++;
-		P++;
-		}
-	exit(err);
-	return(0);
-	}
-
-static char *pt(md)
-unsigned char *md;
-	{
-	int i;
-	static char buf[80];
-
-	for (i=0; i<MD2_DIGEST_LENGTH; i++)
-		sprintf(&(buf[i*2]),"%02x",md[i]);
-	return(buf);
-	}
diff --git a/crypto/md/md5.h b/crypto/md/md5.h
deleted file mode 100644
index 0071db8089..0000000000
--- a/crypto/md/md5.h
+++ /dev/null
@@ -1,97 +0,0 @@
-/* crypto/md/md5.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_MD5_H
-#define HEADER_MD5_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define MD5_CBLOCK	64
-#define MD5_LBLOCK	16
-#define MD5_BLOCK	16
-#define MD5_LAST_BLOCK  56
-#define MD5_LENGTH_BLOCK 8
-#define MD5_DIGEST_LENGTH 16
-
-typedef struct MD5state_st
-	{
-	unsigned long A,B,C,D;
-	unsigned long Nl,Nh;
-	unsigned long data[MD5_LBLOCK];
-	int num;
-	} MD5_CTX;
-
-#ifndef NOPROTO
-void MD5_Init(MD5_CTX *c);
-void MD5_Update(MD5_CTX *c, unsigned char *data, unsigned long len);
-void MD5_Final(unsigned char *md, MD5_CTX *c);
-unsigned char *MD5(unsigned char *d, unsigned long n, unsigned char *md);
-#else
-void MD5_Init();
-void MD5_Update();
-void MD5_Final();
-unsigned char *MD5();
-#endif
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/md/md5_dgst.c b/crypto/md/md5_dgst.c
deleted file mode 100644
index b209bb4e97..0000000000
--- a/crypto/md/md5_dgst.c
+++ /dev/null
@@ -1,366 +0,0 @@
-/* crypto/md/md5_dgst.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "md5_locl.h"
-
-char *MD5_version="MD5 part of SSLeay 0.8.1b 29-Jun-1998";
-
-/* Implemented from RFC1321 The MD5 Message-Digest Algorithm
- */
-
-#define INIT_DATA_A (unsigned long)0x67452301L
-#define INIT_DATA_B (unsigned long)0xefcdab89L
-#define INIT_DATA_C (unsigned long)0x98badcfeL
-#define INIT_DATA_D (unsigned long)0x10325476L
-
-#ifndef NOPROTO
-static void md5_block(MD5_CTX *c, unsigned long *p);
-#else
-static void md5_block();
-#endif
-
-void MD5_Init(c)
-MD5_CTX *c;
-	{
-	c->A=INIT_DATA_A;
-	c->B=INIT_DATA_B;
-	c->C=INIT_DATA_C;
-	c->D=INIT_DATA_D;
-	c->Nl=0;
-	c->Nh=0;
-	c->num=0;
-	}
-
-void MD5_Update(c, data, len)
-MD5_CTX *c;
-register unsigned char *data;
-unsigned long len;
-	{
-	register ULONG *p;
-	int sw,sc;
-	ULONG l;
-
-	if (len == 0) return;
-
-	l=(c->Nl+(len<<3))&0xffffffffL;
-	/* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
-	 * Wei Dai <weidai@eskimo.com> for pointing it out. */
-	if (l < c->Nl) /* overflow */
-		c->Nh++;
-	c->Nh+=(len>>29);
-	c->Nl=l;
-
-	if (c->num != 0)
-		{
-		p=c->data;
-		sw=c->num>>2;
-		sc=c->num&0x03;
-
-		if ((c->num+len) >= MD5_CBLOCK)
-			{
-			l= p[sw];
-			p_c2l(data,l,sc);
-			p[sw++]=l;
-			for (; sw<MD5_LBLOCK; sw++)
-				{
-				c2l(data,l);
-				p[sw]=l;
-				}
-			len-=(MD5_CBLOCK-c->num);
-
-			md5_block(c,p);
-			c->num=0;
-			/* drop through and do the rest */
-			}
-		else
-			{
-			int ew,ec;
-
-			c->num+=(int)len;
-			if ((sc+len) < 4) /* ugly, add char's to a word */
-				{
-				l= p[sw];
-				p_c2l_p(data,l,sc,len);
-				p[sw]=l;
-				}
-			else
-				{
-				ew=(c->num>>2);
-				ec=(c->num&0x03);
-				l= p[sw];
-				p_c2l(data,l,sc);
-				p[sw++]=l;
-				for (; sw < ew; sw++)
-					{ c2l(data,l); p[sw]=l; }
-				if (ec)
-					{
-					c2l_p(data,l,ec);
-					p[sw]=l;
-					}
-				}
-			return;
-			}
-		}
-	/* we now can process the input data in blocks of MD5_CBLOCK
-	 * chars and save the leftovers to c->data. */
-	p=c->data;
-	while (len >= MD5_CBLOCK)
-		{
-#if defined(L_ENDIAN) || defined(B_ENDIAN)
-		memcpy(p,data,MD5_CBLOCK);
-		data+=MD5_CBLOCK;
-#ifdef B_ENDIAN
-		for (sw=(MD5_LBLOCK/4); sw; sw--)
-			{
-			Endian_Reverse32(p[0]);
-			Endian_Reverse32(p[1]);
-			Endian_Reverse32(p[2]);
-			Endian_Reverse32(p[3]);
-			p+=4;
-			}
-#endif
-#else
-		for (sw=(MD5_LBLOCK/4); sw; sw--)
-			{
-			c2l(data,l); *(p++)=l;
-			c2l(data,l); *(p++)=l;
-			c2l(data,l); *(p++)=l;
-			c2l(data,l); *(p++)=l; 
-			} 
-#endif
-		p=c->data;
-		md5_block(c,p);
-		len-=MD5_CBLOCK;
-		}
-	sc=(int)len;
-	c->num=sc;
-	if (sc)
-		{
-		sw=sc>>2;	/* words to copy */
-#ifdef L_ENDIAN
-		p[sw]=0;
-		memcpy(p,data,sc);
-#else
-		sc&=0x03;
-		for ( ; sw; sw--)
-			{ c2l(data,l); *(p++)=l; }
-		c2l_p(data,l,sc);
-		*p=l;
-#endif
-		}
-	}
-
-static void md5_block(c, X)
-MD5_CTX *c;
-register ULONG *X;
-	{
-	register ULONG A,B,C,D;
-
-	A=c->A;
-	B=c->B;
-	C=c->C;
-	D=c->D;
-
-	/* Round 0 */
-	R0(A,B,C,D,X[ 0], 7,0xd76aa478L);
-	R0(D,A,B,C,X[ 1],12,0xe8c7b756L);
-	R0(C,D,A,B,X[ 2],17,0x242070dbL);
-	R0(B,C,D,A,X[ 3],22,0xc1bdceeeL);
-	R0(A,B,C,D,X[ 4], 7,0xf57c0fafL);
-	R0(D,A,B,C,X[ 5],12,0x4787c62aL);
-	R0(C,D,A,B,X[ 6],17,0xa8304613L);
-	R0(B,C,D,A,X[ 7],22,0xfd469501L);
-	R0(A,B,C,D,X[ 8], 7,0x698098d8L);
-	R0(D,A,B,C,X[ 9],12,0x8b44f7afL);
-	R0(C,D,A,B,X[10],17,0xffff5bb1L);
-	R0(B,C,D,A,X[11],22,0x895cd7beL);
-	R0(A,B,C,D,X[12], 7,0x6b901122L);
-	R0(D,A,B,C,X[13],12,0xfd987193L);
-	R0(C,D,A,B,X[14],17,0xa679438eL);
-	R0(B,C,D,A,X[15],22,0x49b40821L);
-	/* Round 1 */
-	R1(A,B,C,D,X[ 1], 5,0xf61e2562L);
-	R1(D,A,B,C,X[ 6], 9,0xc040b340L);
-	R1(C,D,A,B,X[11],14,0x265e5a51L);
-	R1(B,C,D,A,X[ 0],20,0xe9b6c7aaL);
-	R1(A,B,C,D,X[ 5], 5,0xd62f105dL);
-	R1(D,A,B,C,X[10], 9,0x02441453L);
-	R1(C,D,A,B,X[15],14,0xd8a1e681L);
-	R1(B,C,D,A,X[ 4],20,0xe7d3fbc8L);
-	R1(A,B,C,D,X[ 9], 5,0x21e1cde6L);
-	R1(D,A,B,C,X[14], 9,0xc33707d6L);
-	R1(C,D,A,B,X[ 3],14,0xf4d50d87L);
-	R1(B,C,D,A,X[ 8],20,0x455a14edL);
-	R1(A,B,C,D,X[13], 5,0xa9e3e905L);
-	R1(D,A,B,C,X[ 2], 9,0xfcefa3f8L);
-	R1(C,D,A,B,X[ 7],14,0x676f02d9L);
-	R1(B,C,D,A,X[12],20,0x8d2a4c8aL);
-	/* Round 2 */
-	R2(A,B,C,D,X[ 5], 4,0xfffa3942L);
-	R2(D,A,B,C,X[ 8],11,0x8771f681L);
-	R2(C,D,A,B,X[11],16,0x6d9d6122L);
-	R2(B,C,D,A,X[14],23,0xfde5380cL);
-	R2(A,B,C,D,X[ 1], 4,0xa4beea44L);
-	R2(D,A,B,C,X[ 4],11,0x4bdecfa9L);
-	R2(C,D,A,B,X[ 7],16,0xf6bb4b60L);
-	R2(B,C,D,A,X[10],23,0xbebfbc70L);
-	R2(A,B,C,D,X[13], 4,0x289b7ec6L);
-	R2(D,A,B,C,X[ 0],11,0xeaa127faL);
-	R2(C,D,A,B,X[ 3],16,0xd4ef3085L);
-	R2(B,C,D,A,X[ 6],23,0x04881d05L);
-	R2(A,B,C,D,X[ 9], 4,0xd9d4d039L);
-	R2(D,A,B,C,X[12],11,0xe6db99e5L);
-	R2(C,D,A,B,X[15],16,0x1fa27cf8L);
-	R2(B,C,D,A,X[ 2],23,0xc4ac5665L);
-	/* Round 3 */
-	R3(A,B,C,D,X[ 0], 6,0xf4292244L);
-	R3(D,A,B,C,X[ 7],10,0x432aff97L);
-	R3(C,D,A,B,X[14],15,0xab9423a7L);
-	R3(B,C,D,A,X[ 5],21,0xfc93a039L);
-	R3(A,B,C,D,X[12], 6,0x655b59c3L);
-	R3(D,A,B,C,X[ 3],10,0x8f0ccc92L);
-	R3(C,D,A,B,X[10],15,0xffeff47dL);
-	R3(B,C,D,A,X[ 1],21,0x85845dd1L);
-	R3(A,B,C,D,X[ 8], 6,0x6fa87e4fL);
-	R3(D,A,B,C,X[15],10,0xfe2ce6e0L);
-	R3(C,D,A,B,X[ 6],15,0xa3014314L);
-	R3(B,C,D,A,X[13],21,0x4e0811a1L);
-	R3(A,B,C,D,X[ 4], 6,0xf7537e82L);
-	R3(D,A,B,C,X[11],10,0xbd3af235L);
-	R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL);
-	R3(B,C,D,A,X[ 9],21,0xeb86d391L);
-
-	c->A+=A&0xffffffffL;
-	c->B+=B&0xffffffffL;
-	c->C+=C&0xffffffffL;
-	c->D+=D&0xffffffffL;
-	}
-
-void MD5_Final(md, c)
-unsigned char *md;
-MD5_CTX *c;
-	{
-	register int i,j;
-	register ULONG l;
-	register ULONG *p;
-	static unsigned char end[4]={0x80,0x00,0x00,0x00};
-	unsigned char *cp=end;
-
-	/* c->num should definitly have room for at least one more byte. */
-	p=c->data;
-	j=c->num;
-	i=j>>2;
-
-	/* purify often complains about the following line as an
-	 * Uninitialized Memory Read.  While this can be true, the
-	 * following p_c2l macro will reset l when that case is true.
-	 * This is because j&0x03 contains the number of 'valid' bytes
-	 * already in p[i].  If and only if j&0x03 == 0, the UMR will
-	 * occur but this is also the only time p_c2l will do
-	 * l= *(cp++) instead of l|= *(cp++)
-	 * Many thanks to Alex Tang <altitude@cic.net> for pickup this
-	 * 'potential bug' */
-#ifdef PURIFY
-	if ((j&0x03) == 0) p[i]=0;
-#endif
-	l=p[i];
-	p_c2l(cp,l,j&0x03);
-	p[i]=l;
-	i++;
-	/* i is the next 'undefined word' */
-	if (c->num >= MD5_LAST_BLOCK)
-		{
-		for (; i<MD5_LBLOCK; i++)
-			p[i]=0;
-		md5_block(c,p);
-		i=0;
-		}
-	for (; i<(MD5_LBLOCK-2); i++)
-		p[i]=0;
-	p[MD5_LBLOCK-2]=c->Nl;
-	p[MD5_LBLOCK-1]=c->Nh;
-	md5_block(c,p);
-	cp=md;
-	l=c->A; l2c(l,cp);
-	l=c->B; l2c(l,cp);
-	l=c->C; l2c(l,cp);
-	l=c->D; l2c(l,cp);
-
-	/* clear stuff, md5_block may be leaving some stuff on the stack
-	 * but I'm not worried :-) */
-	c->num=0;
-/*	memset((char *)&c,0,sizeof(c));*/
-	}
-
-#ifdef undef
-int printit(l)
-unsigned long *l;
-	{
-	int i,ii;
-
-	for (i=0; i<2; i++)
-		{
-		for (ii=0; ii<8; ii++)
-			{
-			fprintf(stderr,"%08lx ",l[i*8+ii]);
-			}
-		fprintf(stderr,"\n");
-		}
-	}
-#endif
diff --git a/crypto/md/md5_one.c b/crypto/md/md5_one.c
deleted file mode 100644
index b23cb285ea..0000000000
--- a/crypto/md/md5_one.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/* crypto/md/md5_one.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "md5_locl.h"
-
-unsigned char *MD5(d, n, md)
-unsigned char *d;
-unsigned long n;
-unsigned char *md;
-	{
-	MD5_CTX c;
-	static unsigned char m[MD5_DIGEST_LENGTH];
-
-	if (md == NULL) md=m;
-	MD5_Init(&c);
-	MD5_Update(&c,d,n);
-	MD5_Final(md,&c);
-	memset(&c,0,sizeof(c)); /* security consideration */
-	return(md);
-	}
-
diff --git a/crypto/md2/.cvsignore b/crypto/md2/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/md2/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/md2/Makefile.ssl b/crypto/md2/Makefile.ssl
index d8e7200c83..e5b3265a44 100644
--- a/crypto/md2/Makefile.ssl
+++ b/crypto/md2/Makefile.ssl
@@ -2,14 +2,17 @@
 # SSLeay/crypto/md/Makefile
 #
 
-DIR=	md
+DIR=	md2
 TOP=	../..
 CC=	cc
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -20,7 +23,7 @@ TEST=md2test.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=md2_dgst.c md5_one.c
+LIBSRC=md2_dgst.c md2_one.c
 LIBOBJ=md2_dgst.o md2_one.o
 
 SRC= $(LIBSRC)
@@ -37,24 +40,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -66,15 +68,26 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
+md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+md2_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md2_dgst.o: md2_dgst.c
+md2_one.o: ../../e_os.h ../../include/openssl/bio.h
+md2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md2_one.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+md2_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+md2_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+md2_one.o: ../../include/openssl/symhacks.h ../cryptlib.h md2_one.c
diff --git a/crypto/md2/md2.c b/crypto/md2/md2.c
index 7f3ab64a43..f4d6f62264 100644
--- a/crypto/md2/md2.c
+++ b/crypto/md2/md2.c
@@ -58,25 +58,15 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "md2.h"
+#include <openssl/md2.h>
 
 #define BUFSIZE	1024*16
 
-#ifndef NOPROTO
 void do_fp(FILE *f);
 void pt(unsigned char *md);
 int read(int, void *, unsigned int);
 void exit(int);
-#else
-void do_fp();
-void pt();
-int read();
-void exit();
-#endif
-
-int main(argc, argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int i,err=0;
 	FILE *IN;
@@ -105,8 +95,7 @@ char *argv[];
 	return(err);
 	}
 
-void do_fp(f)
-FILE *f;
+void do_fp(FILE *f)
 	{
 	MD2_CTX c;
 	unsigned char md[MD2_DIGEST_LENGTH];
@@ -125,8 +114,7 @@ FILE *f;
 	pt(md);
 	}
 
-void pt(md)
-unsigned char *md;
+void pt(unsigned char *md)
 	{
 	int i;
 
diff --git a/crypto/md2/md2.h b/crypto/md2/md2.h
index 9f39933790..ad9241455c 100644
--- a/crypto/md2/md2.h
+++ b/crypto/md2/md2.h
@@ -1,4 +1,4 @@
-/* crypto/md/md2.org */
+/* crypto/md/md2.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,26 +56,20 @@
  * [including the GNU Public Licence.]
  */
 
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * Always modify md2.org since md2.h is automatically generated from 
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-
 #ifndef HEADER_MD2_H
 #define HEADER_MD2_H
 
-#ifdef  __cplusplus
-extern "C" {
+#ifdef OPENSSL_NO_MD2
+#error MD2 is disabled.
 #endif
 
 #define MD2_DIGEST_LENGTH	16
 #define MD2_BLOCK       	16
+#include <openssl/opensslconf.h> /* MD2_INT */
 
-#define MD2_INT unsigned int
+#ifdef  __cplusplus
+extern "C" {
+#endif
 
 typedef struct MD2state_st
 	{
@@ -85,20 +79,11 @@ typedef struct MD2state_st
 	MD2_INT state[MD2_BLOCK];
 	} MD2_CTX;
 
-#ifndef NOPROTO
-char *MD2_options(void);
-void MD2_Init(MD2_CTX *c);
-void MD2_Update(MD2_CTX *c, register unsigned char *data, unsigned long len);
-void MD2_Final(unsigned char *md, MD2_CTX *c);
-unsigned char *MD2(unsigned char *d, unsigned long n,unsigned char *md);
-#else
-char *MD2_options();
-void MD2_Init();
-void MD2_Update();
-void MD2_Final();
-unsigned char *MD2();
-#endif
-
+const char *MD2_options(void);
+int MD2_Init(MD2_CTX *c);
+int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len);
+int MD2_Final(unsigned char *md, MD2_CTX *c);
+unsigned char *MD2(const unsigned char *d, unsigned long n,unsigned char *md);
 #ifdef  __cplusplus
 }
 #endif
diff --git a/crypto/md2/md2.org b/crypto/md2/md2.org
deleted file mode 100644
index 9f39933790..0000000000
--- a/crypto/md2/md2.org
+++ /dev/null
@@ -1,106 +0,0 @@
-/* crypto/md/md2.org */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * Always modify md2.org since md2.h is automatically generated from 
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-
-#ifndef HEADER_MD2_H
-#define HEADER_MD2_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define MD2_DIGEST_LENGTH	16
-#define MD2_BLOCK       	16
-
-#define MD2_INT unsigned int
-
-typedef struct MD2state_st
-	{
-	int num;
-	unsigned char data[MD2_BLOCK];
-	MD2_INT cksm[MD2_BLOCK];
-	MD2_INT state[MD2_BLOCK];
-	} MD2_CTX;
-
-#ifndef NOPROTO
-char *MD2_options(void);
-void MD2_Init(MD2_CTX *c);
-void MD2_Update(MD2_CTX *c, register unsigned char *data, unsigned long len);
-void MD2_Final(unsigned char *md, MD2_CTX *c);
-unsigned char *MD2(unsigned char *d, unsigned long n,unsigned char *md);
-#else
-char *MD2_options();
-void MD2_Init();
-void MD2_Update();
-void MD2_Final();
-unsigned char *MD2();
-#endif
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c
index 6a60dd2fb9..ecb64f0ec4 100644
--- a/crypto/md2/md2_dgst.c
+++ b/crypto/md2/md2_dgst.c
@@ -59,23 +59,20 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "md2.h"
+#include <openssl/md2.h>
+#include <openssl/opensslv.h>
+#include <openssl/crypto.h>
 
-char *MD2_version="MD2 part of SSLeay 0.9.1a 06-Jul-1998";
+const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT;
 
 /* Implemented from RFC1319 The MD2 Message-Digest Algorithm
  */
 
 #define UCHAR	unsigned char
 
-#ifndef NOPROTO
-static void md2_block(MD2_CTX *c, unsigned char *d);
-#else
-static void md2_block();
-#endif
-
+static void md2_block(MD2_CTX *c, const unsigned char *d);
 /* The magic S table - I have converted it to hex since it is
- * basicaly just a random byte string. */
+ * basically just a random byte string. */
 static MD2_INT S[256]={
 	0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01,
 	0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13,
@@ -111,7 +108,7 @@ static MD2_INT S[256]={
 	0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14,
 	};
 
-char *MD2_options()
+const char *MD2_options(void)
 	{
 	if (sizeof(MD2_INT) == 1)
 		return("md2(char)");
@@ -119,23 +116,20 @@ char *MD2_options()
 		return("md2(int)");
 	}
 
-void MD2_Init(c)
-MD2_CTX *c;
+int MD2_Init(MD2_CTX *c)
 	{
 	c->num=0;
-	memset(c->state,0,MD2_BLOCK*sizeof(MD2_INT));
-	memset(c->cksm,0,MD2_BLOCK*sizeof(MD2_INT));
-	memset(c->data,0,MD2_BLOCK);
+	memset(c->state,0,sizeof c->state);
+	memset(c->cksm,0,sizeof c->cksm);
+	memset(c->data,0,sizeof c->data);
+	return 1;
 	}
 
-void MD2_Update(c, data, len)
-MD2_CTX *c;
-register unsigned char *data;
-unsigned long len;
+int MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len)
 	{
 	register UCHAR *p;
 
-	if (len == 0) return;
+	if (len == 0) return 1;
 
 	p=c->data;
 	if (c->num != 0)
@@ -154,7 +148,7 @@ unsigned long len;
 			memcpy(&(p[c->num]),data,(int)len);
 			/* data+=len; */
 			c->num+=(int)len;
-			return;
+			return 1;
 			}
 		}
 	/* we now can process the input data in blocks of MD2_BLOCK
@@ -167,11 +161,10 @@ unsigned long len;
 		}
 	memcpy(p,data,(int)len);
 	c->num=(int)len;
+	return 1;
 	}
 
-static void md2_block(c, d)
-MD2_CTX *c;
-unsigned char *d;
+static void md2_block(MD2_CTX *c, const unsigned char *d)
 	{
 	register MD2_INT t,*sp1,*sp2;
 	register int i,j;
@@ -204,12 +197,10 @@ unsigned char *d;
 		t=(t+i)&0xff;
 		}
 	memcpy(sp1,state,16*sizeof(MD2_INT));
-	memset(state,0,48*sizeof(MD2_INT));
+	OPENSSL_cleanse(state,48*sizeof(MD2_INT));
 	}
 
-void MD2_Final(md, c)
-unsigned char *md;
-MD2_CTX *c;
+int MD2_Final(unsigned char *md, MD2_CTX *c)
 	{
 	int i,v;
 	register UCHAR *cp;
@@ -231,5 +222,6 @@ MD2_CTX *c;
 	for (i=0; i<16; i++)
 		md[i]=(UCHAR)(p1[i]&0xff);
 	memset((char *)&c,0,sizeof(c));
+	return 1;
 	}
 
diff --git a/crypto/md2/md2_one.c b/crypto/md2/md2_one.c
index 513bf62fdb..835160ef56 100644
--- a/crypto/md2/md2_one.c
+++ b/crypto/md2/md2_one.c
@@ -58,23 +58,36 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "md2.h"
+#include <openssl/md2.h>
 
 /* This is a separate file so that #defines in cryptlib.h can
  * map my MD functions to different names */
 
-unsigned char *MD2(d, n, md)
-unsigned char *d;
-unsigned long n;
-unsigned char *md;
+unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md)
 	{
 	MD2_CTX c;
 	static unsigned char m[MD2_DIGEST_LENGTH];
 
 	if (md == NULL) md=m;
 	MD2_Init(&c);
+#ifndef CHARSET_EBCDIC
 	MD2_Update(&c,d,n);
+#else
+	{
+		char temp[1024];
+		unsigned long chunk;
+
+		while (n > 0)
+		{
+			chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+			ebcdic2ascii(temp, d, chunk);
+			MD2_Update(&c,temp,chunk);
+			n -= chunk;
+			d += chunk;
+		}
+	}
+#endif
 	MD2_Final(md,&c);
-	memset(&c,0,sizeof(c));	/* Security consideration */
+	OPENSSL_cleanse(&c,sizeof(c));	/* Security consideration */
 	return(md);
 	}
diff --git a/crypto/md2/md2test.c b/crypto/md2/md2test.c
index 55924d44cd..d2f6dce97f 100644
--- a/crypto/md2/md2test.c
+++ b/crypto/md2/md2test.c
@@ -59,9 +59,24 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "md2.h"
+#include <openssl/md2.h>
 
-char *test[]={
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_MD2
+int main(int argc, char *argv[])
+{
+    printf("No MD2 support\n");
+    return(0);
+}
+#else
+#include <openssl/evp.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+static char *test[]={
 	"",
 	"a",
 	"abc",
@@ -72,7 +87,7 @@ char *test[]={
 	NULL,
 	};
 
-char *ret[]={
+static char *ret[]={
 	"8350e5a3e24c153df2275c9f80692773",
 	"32ec01ec4a6dac72c0ab96fb34c0b5d1",
 	"da853b0d3f88d99b30283a69e6ded6bb",
@@ -82,26 +97,21 @@ char *ret[]={
 	"d5976f79d83d3a0dc9806c3c66f3efd8",
 	};
 
-#ifndef NOPROTO
 static char *pt(unsigned char *md);
-#else
-static char *pt();
-#endif
-
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int i,err=0;
 	char **P,**R;
 	char *p;
+	unsigned char md[MD2_DIGEST_LENGTH];
 
 	P=test;
 	R=ret;
 	i=1;
 	while (*P != NULL)
 		{
-		p=pt(MD2((unsigned char *)*P,(unsigned long)strlen(*P),NULL));
+		EVP_Digest((unsigned char *)*P,(unsigned long)strlen(*P),md,NULL,EVP_md2(), NULL);
+		p=pt(md);
 		if (strcmp(p,*R) != 0)
 			{
 			printf("error calculating MD2 on '%s'\n",*P);
@@ -114,12 +124,11 @@ char *argv[];
 		R++;
 		P++;
 		}
-	exit(err);
+	EXIT(err);
 	return(0);
 	}
 
-static char *pt(md)
-unsigned char *md;
+static char *pt(unsigned char *md)
 	{
 	int i;
 	static char buf[80];
@@ -128,3 +137,4 @@ unsigned char *md;
 		sprintf(&(buf[i*2]),"%02x",md[i]);
 	return(buf);
 	}
+#endif
diff --git a/crypto/md32_common.h b/crypto/md32_common.h
new file mode 100644
index 0000000000..275b93618b
--- /dev/null
+++ b/crypto/md32_common.h
@@ -0,0 +1,612 @@
+/* crypto/md32_common.h */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+ * This is a generic 32 bit "collector" for message digest algorithms.
+ * Whenever needed it collects input character stream into chunks of
+ * 32 bit values and invokes a block function that performs actual hash
+ * calculations.
+ *
+ * Porting guide.
+ *
+ * Obligatory macros:
+ *
+ * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
+ *	this macro defines byte order of input stream.
+ * HASH_CBLOCK
+ *	size of a unit chunk HASH_BLOCK operates on.
+ * HASH_LONG
+ *	has to be at lest 32 bit wide, if it's wider, then
+ *	HASH_LONG_LOG2 *has to* be defined along
+ * HASH_CTX
+ *	context structure that at least contains following
+ *	members:
+ *		typedef struct {
+ *			...
+ *			HASH_LONG	Nl,Nh;
+ *			HASH_LONG	data[HASH_LBLOCK];
+ *			int		num;
+ *			...
+ *			} HASH_CTX;
+ * HASH_UPDATE
+ *	name of "Update" function, implemented here.
+ * HASH_TRANSFORM
+ *	name of "Transform" function, implemented here.
+ * HASH_FINAL
+ *	name of "Final" function, implemented here.
+ * HASH_BLOCK_HOST_ORDER
+ *	name of "block" function treating *aligned* input message
+ *	in host byte order, implemented externally.
+ * HASH_BLOCK_DATA_ORDER
+ *	name of "block" function treating *unaligned* input message
+ *	in original (data) byte order, implemented externally (it
+ *	actually is optional if data and host are of the same
+ *	"endianess").
+ * HASH_MAKE_STRING
+ *	macro convering context variables to an ASCII hash string.
+ *
+ * Optional macros:
+ *
+ * B_ENDIAN or L_ENDIAN
+ *	defines host byte-order.
+ * HASH_LONG_LOG2
+ *	defaults to 2 if not states otherwise.
+ * HASH_LBLOCK
+ *	assumed to be HASH_CBLOCK/4 if not stated otherwise.
+ * HASH_BLOCK_DATA_ORDER_ALIGNED
+ *	alternative "block" function capable of treating
+ *	aligned input message in original (data) order,
+ *	implemented externally.
+ *
+ * MD5 example:
+ *
+ *	#define DATA_ORDER_IS_LITTLE_ENDIAN
+ *
+ *	#define HASH_LONG		MD5_LONG
+ *	#define HASH_LONG_LOG2		MD5_LONG_LOG2
+ *	#define HASH_CTX		MD5_CTX
+ *	#define HASH_CBLOCK		MD5_CBLOCK
+ *	#define HASH_LBLOCK		MD5_LBLOCK
+ *	#define HASH_UPDATE		MD5_Update
+ *	#define HASH_TRANSFORM		MD5_Transform
+ *	#define HASH_FINAL		MD5_Final
+ *	#define HASH_BLOCK_HOST_ORDER	md5_block_host_order
+ *	#define HASH_BLOCK_DATA_ORDER	md5_block_data_order
+ *
+ *					<appro@fy.chalmers.se>
+ */
+
+#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+#error "DATA_ORDER must be defined!"
+#endif
+
+#ifndef HASH_CBLOCK
+#error "HASH_CBLOCK must be defined!"
+#endif
+#ifndef HASH_LONG
+#error "HASH_LONG must be defined!"
+#endif
+#ifndef HASH_CTX
+#error "HASH_CTX must be defined!"
+#endif
+
+#ifndef HASH_UPDATE
+#error "HASH_UPDATE must be defined!"
+#endif
+#ifndef HASH_TRANSFORM
+#error "HASH_TRANSFORM must be defined!"
+#endif
+#ifndef HASH_FINAL
+#error "HASH_FINAL must be defined!"
+#endif
+
+#ifndef HASH_BLOCK_HOST_ORDER
+#error "HASH_BLOCK_HOST_ORDER must be defined!"
+#endif
+
+#if 0
+/*
+ * Moved below as it's required only if HASH_BLOCK_DATA_ORDER_ALIGNED
+ * isn't defined.
+ */
+#ifndef HASH_BLOCK_DATA_ORDER
+#error "HASH_BLOCK_DATA_ORDER must be defined!"
+#endif
+#endif
+
+#ifndef HASH_LBLOCK
+#define HASH_LBLOCK	(HASH_CBLOCK/4)
+#endif
+
+#ifndef HASH_LONG_LOG2
+#define HASH_LONG_LOG2	2
+#endif
+
+/*
+ * Engage compiler specific rotate intrinsic function if available.
+ */
+#undef ROTATE
+#ifndef PEDANTIC
+# if 0 /* defined(_MSC_VER) */
+#  define ROTATE(a,n)	_lrotl(a,n)
+# elif defined(__MWERKS__)
+#  if defined(__POWERPC__)
+#   define ROTATE(a,n)	__rlwinm(a,n,0,31)
+#  elif defined(__MC68K__)
+    /* Motorola specific tweak. <appro@fy.chalmers.se> */
+#   define ROTATE(a,n)	( n<24 ? __rol(a,n) : __ror(a,32-n) )
+#  else
+#   define ROTATE(a,n)	__rol(a,n)
+#  endif
+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+  /*
+   * Some GNU C inline assembler templates. Note that these are
+   * rotates by *constant* number of bits! But that's exactly
+   * what we need here...
+   *
+   * 					<appro@fy.chalmers.se>
+   */
+#  if defined(__i386) || defined(__i386__)
+#   define ROTATE(a,n)	({ register unsigned int ret;	\
+				asm (			\
+				"roll %1,%0"		\
+				: "=r"(ret)		\
+				: "I"(n), "0"(a)	\
+				: "cc");		\
+			   ret;				\
+			})
+#  elif defined(__powerpc) || defined(__ppc)
+#   define ROTATE(a,n)	({ register unsigned int ret;	\
+				asm (			\
+				"rlwinm %0,%1,%2,0,31"	\
+				: "=r"(ret)		\
+				: "r"(a), "I"(n));	\
+			   ret;				\
+			})
+#  endif
+# endif
+
+/*
+ * Engage compiler specific "fetch in reverse byte order"
+ * intrinsic function if available.
+ */
+# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+  /* some GNU C inline assembler templates by <appro@fy.chalmers.se> */
+#  if (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)
+#   define BE_FETCH32(a)	({ register unsigned int l=(a);\
+				asm (			\
+				"bswapl %0"		\
+				: "=r"(l) : "0"(l));	\
+			  l;				\
+			})
+#  elif defined(__powerpc)
+#   define LE_FETCH32(a)	({ register unsigned int l;	\
+				asm (			\
+				"lwbrx %0,0,%1"		\
+				: "=r"(l)		\
+				: "r"(a));		\
+			   l;				\
+			})
+
+#  elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC)
+#  define LE_FETCH32(a)	({ register unsigned int l;		\
+				asm (				\
+				"lda [%1]#ASI_PRIMARY_LITTLE,%0"\
+				: "=r"(l)			\
+				: "r"(a));			\
+			   l;					\
+			})
+#  endif
+# endif
+#endif /* PEDANTIC */
+
+#if HASH_LONG_LOG2==2	/* Engage only if sizeof(HASH_LONG)== 4 */
+/* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
+#ifdef ROTATE
+/* 5 instructions with rotate instruction, else 9 */
+#define REVERSE_FETCH32(a,l)	(					\
+		l=*(const HASH_LONG *)(a),				\
+		((ROTATE(l,8)&0x00FF00FF)|(ROTATE((l&0x00FF00FF),24)))	\
+				)
+#else
+/* 6 instructions with rotate instruction, else 8 */
+#define REVERSE_FETCH32(a,l)	(				\
+		l=*(const HASH_LONG *)(a),			\
+		l=(((l>>8)&0x00FF00FF)|((l&0x00FF00FF)<<8)),	\
+		ROTATE(l,16)					\
+				)
+/*
+ * Originally the middle line started with l=(((l&0xFF00FF00)>>8)|...
+ * It's rewritten as above for two reasons:
+ *	- RISCs aren't good at long constants and have to explicitely
+ *	  compose 'em with several (well, usually 2) instructions in a
+ *	  register before performing the actual operation and (as you
+ *	  already realized:-) having same constant should inspire the
+ *	  compiler to permanently allocate the only register for it;
+ *	- most modern CPUs have two ALUs, but usually only one has
+ *	  circuitry for shifts:-( this minor tweak inspires compiler
+ *	  to schedule shift instructions in a better way...
+ *
+ *				<appro@fy.chalmers.se>
+ */
+#endif
+#endif
+
+#ifndef ROTATE
+#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+#endif
+
+/*
+ * Make some obvious choices. E.g., HASH_BLOCK_DATA_ORDER_ALIGNED
+ * and HASH_BLOCK_HOST_ORDER ought to be the same if input data
+ * and host are of the same "endianess". It's possible to mask
+ * this with blank #define HASH_BLOCK_DATA_ORDER though...
+ *
+ *				<appro@fy.chalmers.se>
+ */
+#if defined(B_ENDIAN)
+#  if defined(DATA_ORDER_IS_BIG_ENDIAN)
+#    if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
+#      define HASH_BLOCK_DATA_ORDER_ALIGNED	HASH_BLOCK_HOST_ORDER
+#    endif
+#  elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+#    ifndef HOST_FETCH32
+#      ifdef LE_FETCH32
+#        define HOST_FETCH32(p,l)	LE_FETCH32(p)
+#      elif defined(REVERSE_FETCH32)
+#        define HOST_FETCH32(p,l)	REVERSE_FETCH32(p,l)
+#      endif
+#    endif
+#  endif
+#elif defined(L_ENDIAN)
+#  if defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+#    if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED) && HASH_LONG_LOG2==2
+#      define HASH_BLOCK_DATA_ORDER_ALIGNED	HASH_BLOCK_HOST_ORDER
+#    endif
+#  elif defined(DATA_ORDER_IS_BIG_ENDIAN)
+#    ifndef HOST_FETCH32
+#      ifdef BE_FETCH32
+#        define HOST_FETCH32(p,l)	BE_FETCH32(p)
+#      elif defined(REVERSE_FETCH32)
+#        define HOST_FETCH32(p,l)	REVERSE_FETCH32(p,l)
+#      endif
+#    endif
+#  endif
+#endif
+
+#if !defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
+#ifndef HASH_BLOCK_DATA_ORDER
+#error "HASH_BLOCK_DATA_ORDER must be defined!"
+#endif
+#endif
+
+#if defined(DATA_ORDER_IS_BIG_ENDIAN)
+
+#define HOST_c2l(c,l)	(l =(((unsigned long)(*((c)++)))<<24),		\
+			 l|=(((unsigned long)(*((c)++)))<<16),		\
+			 l|=(((unsigned long)(*((c)++)))<< 8),		\
+			 l|=(((unsigned long)(*((c)++)))    ),		\
+			 l)
+#define HOST_p_c2l(c,l,n)	{					\
+			switch (n) {					\
+			case 0: l =((unsigned long)(*((c)++)))<<24;	\
+			case 1: l|=((unsigned long)(*((c)++)))<<16;	\
+			case 2: l|=((unsigned long)(*((c)++)))<< 8;	\
+			case 3: l|=((unsigned long)(*((c)++)));		\
+				} }
+#define HOST_p_c2l_p(c,l,sc,len) {					\
+			switch (sc) {					\
+			case 0: l =((unsigned long)(*((c)++)))<<24;	\
+				if (--len == 0) break;			\
+			case 1: l|=((unsigned long)(*((c)++)))<<16;	\
+				if (--len == 0) break;			\
+			case 2: l|=((unsigned long)(*((c)++)))<< 8;	\
+				} }
+/* NOTE the pointer is not incremented at the end of this */
+#define HOST_c2l_p(c,l,n)	{					\
+			l=0; (c)+=n;					\
+			switch (n) {					\
+			case 3: l =((unsigned long)(*(--(c))))<< 8;	\
+			case 2: l|=((unsigned long)(*(--(c))))<<16;	\
+			case 1: l|=((unsigned long)(*(--(c))))<<24;	\
+				} }
+#define HOST_l2c(l,c)	(*((c)++)=(unsigned char)(((l)>>24)&0xff),	\
+			 *((c)++)=(unsigned char)(((l)>>16)&0xff),	\
+			 *((c)++)=(unsigned char)(((l)>> 8)&0xff),	\
+			 *((c)++)=(unsigned char)(((l)    )&0xff),	\
+			 l)
+
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+
+#define HOST_c2l(c,l)	(l =(((unsigned long)(*((c)++)))    ),		\
+			 l|=(((unsigned long)(*((c)++)))<< 8),		\
+			 l|=(((unsigned long)(*((c)++)))<<16),		\
+			 l|=(((unsigned long)(*((c)++)))<<24),		\
+			 l)
+#define HOST_p_c2l(c,l,n)	{					\
+			switch (n) {					\
+			case 0: l =((unsigned long)(*((c)++)));		\
+			case 1: l|=((unsigned long)(*((c)++)))<< 8;	\
+			case 2: l|=((unsigned long)(*((c)++)))<<16;	\
+			case 3: l|=((unsigned long)(*((c)++)))<<24;	\
+				} }
+#define HOST_p_c2l_p(c,l,sc,len) {					\
+			switch (sc) {					\
+			case 0: l =((unsigned long)(*((c)++)));		\
+				if (--len == 0) break;			\
+			case 1: l|=((unsigned long)(*((c)++)))<< 8;	\
+				if (--len == 0) break;			\
+			case 2: l|=((unsigned long)(*((c)++)))<<16;	\
+				} }
+/* NOTE the pointer is not incremented at the end of this */
+#define HOST_c2l_p(c,l,n)	{					\
+			l=0; (c)+=n;					\
+			switch (n) {					\
+			case 3: l =((unsigned long)(*(--(c))))<<16;	\
+			case 2: l|=((unsigned long)(*(--(c))))<< 8;	\
+			case 1: l|=((unsigned long)(*(--(c))));		\
+				} }
+#define HOST_l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff),	\
+			 *((c)++)=(unsigned char)(((l)>> 8)&0xff),	\
+			 *((c)++)=(unsigned char)(((l)>>16)&0xff),	\
+			 *((c)++)=(unsigned char)(((l)>>24)&0xff),	\
+			 l)
+
+#endif
+
+/*
+ * Time for some action:-)
+ */
+
+int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len)
+	{
+	const unsigned char *data=data_;
+	register HASH_LONG * p;
+	register unsigned long l;
+	int sw,sc,ew,ec;
+
+	if (len==0) return 1;
+
+	l=(c->Nl+(len<<3))&0xffffffffL;
+	/* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
+	 * Wei Dai <weidai@eskimo.com> for pointing it out. */
+	if (l < c->Nl) /* overflow */
+		c->Nh++;
+	c->Nh+=(len>>29);
+	c->Nl=l;
+
+	if (c->num != 0)
+		{
+		p=c->data;
+		sw=c->num>>2;
+		sc=c->num&0x03;
+
+		if ((c->num+len) >= HASH_CBLOCK)
+			{
+			l=p[sw]; HOST_p_c2l(data,l,sc); p[sw++]=l;
+			for (; sw<HASH_LBLOCK; sw++)
+				{
+				HOST_c2l(data,l); p[sw]=l;
+				}
+			HASH_BLOCK_HOST_ORDER (c,p,1);
+			len-=(HASH_CBLOCK-c->num);
+			c->num=0;
+			/* drop through and do the rest */
+			}
+		else
+			{
+			c->num+=len;
+			if ((sc+len) < 4) /* ugly, add char's to a word */
+				{
+				l=p[sw]; HOST_p_c2l_p(data,l,sc,len); p[sw]=l;
+				}
+			else
+				{
+				ew=(c->num>>2);
+				ec=(c->num&0x03);
+				if (sc)
+					l=p[sw];
+				HOST_p_c2l(data,l,sc);
+				p[sw++]=l;
+				for (; sw < ew; sw++)
+					{
+					HOST_c2l(data,l); p[sw]=l;
+					}
+				if (ec)
+					{
+					HOST_c2l_p(data,l,ec); p[sw]=l;
+					}
+				}
+			return 1;
+			}
+		}
+
+	sw=len/HASH_CBLOCK;
+	if (sw > 0)
+		{
+#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
+		/*
+		 * Note that HASH_BLOCK_DATA_ORDER_ALIGNED gets defined
+		 * only if sizeof(HASH_LONG)==4.
+		 */
+		if ((((unsigned long)data)%4) == 0)
+			{
+			/* data is properly aligned so that we can cast it: */
+			HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,sw);
+			sw*=HASH_CBLOCK;
+			data+=sw;
+			len-=sw;
+			}
+		else
+#if !defined(HASH_BLOCK_DATA_ORDER)
+			while (sw--)
+				{
+				memcpy (p=c->data,data,HASH_CBLOCK);
+				HASH_BLOCK_DATA_ORDER_ALIGNED(c,p,1);
+				data+=HASH_CBLOCK;
+				len-=HASH_CBLOCK;
+				}
+#endif
+#endif
+#if defined(HASH_BLOCK_DATA_ORDER)
+			{
+			HASH_BLOCK_DATA_ORDER(c,data,sw);
+			sw*=HASH_CBLOCK;
+			data+=sw;
+			len-=sw;
+			}
+#endif
+		}
+
+	if (len!=0)
+		{
+		p = c->data;
+		c->num = len;
+		ew=len>>2;	/* words to copy */
+		ec=len&0x03;
+		for (; ew; ew--,p++)
+			{
+			HOST_c2l(data,l); *p=l;
+			}
+		HOST_c2l_p(data,l,ec);
+		*p=l;
+		}
+	return 1;
+	}
+
+
+void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data)
+	{
+#if defined(HASH_BLOCK_DATA_ORDER_ALIGNED)
+	if ((((unsigned long)data)%4) == 0)
+		/* data is properly aligned so that we can cast it: */
+		HASH_BLOCK_DATA_ORDER_ALIGNED (c,(HASH_LONG *)data,1);
+	else
+#if !defined(HASH_BLOCK_DATA_ORDER)
+		{
+		memcpy (c->data,data,HASH_CBLOCK);
+		HASH_BLOCK_DATA_ORDER_ALIGNED (c,c->data,1);
+		}
+#endif
+#endif
+#if defined(HASH_BLOCK_DATA_ORDER)
+	HASH_BLOCK_DATA_ORDER (c,data,1);
+#endif
+	}
+
+
+int HASH_FINAL (unsigned char *md, HASH_CTX *c)
+	{
+	register HASH_LONG *p;
+	register unsigned long l;
+	register int i,j;
+	static const unsigned char end[4]={0x80,0x00,0x00,0x00};
+	const unsigned char *cp=end;
+
+	/* c->num should definitly have room for at least one more byte. */
+	p=c->data;
+	i=c->num>>2;
+	j=c->num&0x03;
+
+#if 0
+	/* purify often complains about the following line as an
+	 * Uninitialized Memory Read.  While this can be true, the
+	 * following p_c2l macro will reset l when that case is true.
+	 * This is because j&0x03 contains the number of 'valid' bytes
+	 * already in p[i].  If and only if j&0x03 == 0, the UMR will
+	 * occur but this is also the only time p_c2l will do
+	 * l= *(cp++) instead of l|= *(cp++)
+	 * Many thanks to Alex Tang <altitude@cic.net> for pickup this
+	 * 'potential bug' */
+#ifdef PURIFY
+	if (j==0) p[i]=0; /* Yeah, but that's not the way to fix it:-) */
+#endif
+	l=p[i];
+#else
+	l = (j==0) ? 0 : p[i];
+#endif
+	HOST_p_c2l(cp,l,j); p[i++]=l; /* i is the next 'undefined word' */
+
+	if (i>(HASH_LBLOCK-2)) /* save room for Nl and Nh */
+		{
+		if (i<HASH_LBLOCK) p[i]=0;
+		HASH_BLOCK_HOST_ORDER (c,p,1);
+		i=0;
+		}
+	for (; i<(HASH_LBLOCK-2); i++)
+		p[i]=0;
+
+#if   defined(DATA_ORDER_IS_BIG_ENDIAN)
+	p[HASH_LBLOCK-2]=c->Nh;
+	p[HASH_LBLOCK-1]=c->Nl;
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+	p[HASH_LBLOCK-2]=c->Nl;
+	p[HASH_LBLOCK-1]=c->Nh;
+#endif
+	HASH_BLOCK_HOST_ORDER (c,p,1);
+
+#ifndef HASH_MAKE_STRING
+#error "HASH_MAKE_STRING must be defined!"
+#else
+	HASH_MAKE_STRING(c,md);
+#endif
+
+	c->num=0;
+	/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
+	 * but I'm not worried :-)
+	OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));
+	 */
+	return 1;
+	}
diff --git a/crypto/md4/.cvsignore b/crypto/md4/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/md4/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/md4/Makefile.ssl b/crypto/md4/Makefile.ssl
new file mode 100644
index 0000000000..4d2d7369e6
--- /dev/null
+++ b/crypto/md4/Makefile.ssl
@@ -0,0 +1,91 @@
+#
+# SSLeay/crypto/md4/Makefile
+#
+
+DIR=    md4
+TOP=    ../..
+CC=     cc
+CPP=    $(CC) -E
+INCLUDES=
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=           make -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=       Makefile.ssl
+AR=             ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=md4test.c
+APPS=md4.c
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=md4_dgst.c md4_one.c
+LIBOBJ=md4_dgst.o md4_one.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= md4.h
+HEADER= md4_locl.h $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:    lib
+
+lib:    $(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB) || echo Never mind.
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h
+md4_dgst.o: ../../include/openssl/opensslconf.h
+md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c
+md4_dgst.o: md4_locl.h
+md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
+md4_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+md4_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md4_one.o: md4_one.c
diff --git a/crypto/md/md5.c b/crypto/md4/md4.c
index 2dd7894cc0..2ac2d914ff 100644
--- a/crypto/md/md5.c
+++ b/crypto/md4/md4.c
@@ -1,5 +1,5 @@
-/* crypto/md/md5.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* crypto/md4/md4.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -58,23 +58,17 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "md5.h"
+#include <openssl/md4.h>
 
 #define BUFSIZE	1024*16
 
-#ifndef NOPROTO
 void do_fp(FILE *f);
 void pt(unsigned char *md);
+#ifndef _OSD_POSIX
 int read(int, void *, unsigned int);
-#else
-void do_fp();
-void pt();
-int read();
 #endif
 
-int main(argc, argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	int i,err=0;
 	FILE *IN;
@@ -94,7 +88,7 @@ char **argv;
 				err++;
 				continue;
 				}
-			printf("MD5(%s)= ",argv[i]);
+			printf("MD4(%s)= ",argv[i]);
 			do_fp(IN);
 			fclose(IN);
 			}
@@ -102,33 +96,31 @@ char **argv;
 	exit(err);
 	}
 
-void do_fp(f)
-FILE *f;
+void do_fp(FILE *f)
 	{
-	MD5_CTX c;
-	unsigned char md[MD5_DIGEST_LENGTH];
+	MD4_CTX c;
+	unsigned char md[MD4_DIGEST_LENGTH];
 	int fd;
 	int i;
 	static unsigned char buf[BUFSIZE];
 
 	fd=fileno(f);
-	MD5_Init(&c);
+	MD4_Init(&c);
 	for (;;)
 		{
-		i=read(fd,buf,BUFSIZE);
+		i=read(fd,buf,sizeof buf);
 		if (i <= 0) break;
-		MD5_Update(&c,buf,(unsigned long)i);
+		MD4_Update(&c,buf,(unsigned long)i);
 		}
-	MD5_Final(&(md[0]),&c);
+	MD4_Final(&(md[0]),&c);
 	pt(md);
 	}
 
-void pt(md)
-unsigned char *md;
+void pt(unsigned char *md)
 	{
 	int i;
 
-	for (i=0; i<MD5_DIGEST_LENGTH; i++)
+	for (i=0; i<MD4_DIGEST_LENGTH; i++)
 		printf("%02x",md[i]);
 	printf("\n");
 	}
diff --git a/apps/eay.c b/crypto/md4/md4.h
index 37d5dcbd30..7a7b23682f 100644
--- a/apps/eay.c
+++ b/crypto/md4/md4.h
@@ -1,4 +1,4 @@
-/* apps/eay.c */
+/* crypto/md4/md4.h */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,75 +56,61 @@
  * [including the GNU Public Licence.]
  */
 
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
+#ifndef HEADER_MD4_H
+#define HEADER_MD4_H
 
-#define MONOLITH
-#define USE_SOCKETS
-#include "../e_os.h"
+#include <openssl/e_os2.h>
 
-#include "bio.h"
-#include "stack.h"
-#include "lhash.h"
-
-#include "err.h"
-
-#include "bn.h"
+#ifdef  __cplusplus
+extern "C" {
+#endif
 
-#include "evp.h"
+#ifdef OPENSSL_NO_MD4
+#error MD4 is disabled.
+#endif
 
-#include "rand.h"
-#include "conf.h"
-#include "txt_db.h"
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! MD4_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! MD4_LONG_LOG2 has to be defined along.			   !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
 
-#include "err.h"
+#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#define MD4_LONG unsigned long
+#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
+#define MD4_LONG unsigned long
+#define MD4_LONG_LOG2 3
+/*
+ * _CRAY note. I could declare short, but I have no idea what impact
+ * does it have on performance on none-T3E machines. I could declare
+ * int, but at least on C90 sizeof(int) can be chosen at compile time.
+ * So I've chosen long...
+ *					<appro@fy.chalmers.se>
+ */
+#else
+#define MD4_LONG unsigned int
+#endif
 
-#include "x509.h"
-#include "pkcs7.h"
-#include "pem.h"
-#include "asn1.h"
-#include "objects.h"
+#define MD4_CBLOCK	64
+#define MD4_LBLOCK	(MD4_CBLOCK/4)
+#define MD4_DIGEST_LENGTH 16
 
-#define MONOLITH
+typedef struct MD4state_st
+	{
+	MD4_LONG A,B,C,D;
+	MD4_LONG Nl,Nh;
+	MD4_LONG data[MD4_LBLOCK];
+	int num;
+	} MD4_CTX;
 
-#include "ssleay.c"
-#include "apps.c"
-#include "asn1pars.c"
-#ifndef NO_RSA
-#include "ca.c"
-#include "genrsa.c"
-#include "req.c"
-#include "rsa.c"
-#endif
-#ifndef NO_DH
-#include "gendh.c"
-#include "dh.c"
-#endif
-#include "crl.c"
-#include "crl2p7.c"
-#include "dgst.c"
-#include "enc.c"
-#include "errstr.c"
-#if !defined(NO_SSL2) || !defined(NO_SSL3)
-#ifndef NO_SOCK
-#include "s_cb.c"
-#include "s_client.c"
-#include "s_server.c"
-#include "s_socket.c"
-#include "s_time.c"
-#endif
-#endif
-#include "speed.c"
-#include "verify.c"
-#include "version.c"
-#include "x509.c"
-#include "ciphers.c"
-#include "sess_id.c"
-#include "pkcs7.c"
-#ifndef NO_DSA
-#include "dsaparam.c"
-#include "dsa.c"
-#include "gendsa.c"
+int MD4_Init(MD4_CTX *c);
+int MD4_Update(MD4_CTX *c, const void *data, unsigned long len);
+int MD4_Final(unsigned char *md, MD4_CTX *c);
+unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md);
+void MD4_Transform(MD4_CTX *c, const unsigned char *b);
+#ifdef  __cplusplus
+}
 #endif
 
+#endif
diff --git a/crypto/md4/md4_dgst.c b/crypto/md4/md4_dgst.c
new file mode 100644
index 0000000000..6446f5f5e7
--- /dev/null
+++ b/crypto/md4/md4_dgst.c
@@ -0,0 +1,286 @@
+/* crypto/md4/md4_dgst.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "md4_locl.h"
+#include <openssl/opensslv.h>
+
+const char *MD4_version="MD4" OPENSSL_VERSION_PTEXT;
+
+/* Implemented from RFC1186 The MD4 Message-Digest Algorithm
+ */
+
+#define INIT_DATA_A (unsigned long)0x67452301L
+#define INIT_DATA_B (unsigned long)0xefcdab89L
+#define INIT_DATA_C (unsigned long)0x98badcfeL
+#define INIT_DATA_D (unsigned long)0x10325476L
+
+int MD4_Init(MD4_CTX *c)
+	{
+	c->A=INIT_DATA_A;
+	c->B=INIT_DATA_B;
+	c->C=INIT_DATA_C;
+	c->D=INIT_DATA_D;
+	c->Nl=0;
+	c->Nh=0;
+	c->num=0;
+	return 1;
+	}
+
+#ifndef md4_block_host_order
+void md4_block_host_order (MD4_CTX *c, const void *data, int num)
+	{
+	const MD4_LONG *X=data;
+	register unsigned long A,B,C,D;
+	/*
+	 * In case you wonder why A-D are declared as long and not
+	 * as MD4_LONG. Doing so results in slight performance
+	 * boost on LP64 architectures. The catch is we don't
+	 * really care if 32 MSBs of a 64-bit register get polluted
+	 * with eventual overflows as we *save* only 32 LSBs in
+	 * *either* case. Now declaring 'em long excuses the compiler
+	 * from keeping 32 MSBs zeroed resulting in 13% performance
+	 * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+	 * Well, to be honest it should say that this *prevents* 
+	 * performance degradation.
+	 *
+	 *				<appro@fy.chalmers.se>
+	 */
+
+	A=c->A;
+	B=c->B;
+	C=c->C;
+	D=c->D;
+
+	for (;num--;X+=HASH_LBLOCK)
+		{
+	/* Round 0 */
+	R0(A,B,C,D,X[ 0], 3,0);
+	R0(D,A,B,C,X[ 1], 7,0);
+	R0(C,D,A,B,X[ 2],11,0);
+	R0(B,C,D,A,X[ 3],19,0);
+	R0(A,B,C,D,X[ 4], 3,0);
+	R0(D,A,B,C,X[ 5], 7,0);
+	R0(C,D,A,B,X[ 6],11,0);
+	R0(B,C,D,A,X[ 7],19,0);
+	R0(A,B,C,D,X[ 8], 3,0);
+	R0(D,A,B,C,X[ 9], 7,0);
+	R0(C,D,A,B,X[10],11,0);
+	R0(B,C,D,A,X[11],19,0);
+	R0(A,B,C,D,X[12], 3,0);
+	R0(D,A,B,C,X[13], 7,0);
+	R0(C,D,A,B,X[14],11,0);
+	R0(B,C,D,A,X[15],19,0);
+	/* Round 1 */
+	R1(A,B,C,D,X[ 0], 3,0x5A827999L);
+	R1(D,A,B,C,X[ 4], 5,0x5A827999L);
+	R1(C,D,A,B,X[ 8], 9,0x5A827999L);
+	R1(B,C,D,A,X[12],13,0x5A827999L);
+	R1(A,B,C,D,X[ 1], 3,0x5A827999L);
+	R1(D,A,B,C,X[ 5], 5,0x5A827999L);
+	R1(C,D,A,B,X[ 9], 9,0x5A827999L);
+	R1(B,C,D,A,X[13],13,0x5A827999L);
+	R1(A,B,C,D,X[ 2], 3,0x5A827999L);
+	R1(D,A,B,C,X[ 6], 5,0x5A827999L);
+	R1(C,D,A,B,X[10], 9,0x5A827999L);
+	R1(B,C,D,A,X[14],13,0x5A827999L);
+	R1(A,B,C,D,X[ 3], 3,0x5A827999L);
+	R1(D,A,B,C,X[ 7], 5,0x5A827999L);
+	R1(C,D,A,B,X[11], 9,0x5A827999L);
+	R1(B,C,D,A,X[15],13,0x5A827999L);
+	/* Round 2 */
+	R2(A,B,C,D,X[ 0], 3,0x6ED9EBA1);
+	R2(D,A,B,C,X[ 8], 9,0x6ED9EBA1);
+	R2(C,D,A,B,X[ 4],11,0x6ED9EBA1);
+	R2(B,C,D,A,X[12],15,0x6ED9EBA1);
+	R2(A,B,C,D,X[ 2], 3,0x6ED9EBA1);
+	R2(D,A,B,C,X[10], 9,0x6ED9EBA1);
+	R2(C,D,A,B,X[ 6],11,0x6ED9EBA1);
+	R2(B,C,D,A,X[14],15,0x6ED9EBA1);
+	R2(A,B,C,D,X[ 1], 3,0x6ED9EBA1);
+	R2(D,A,B,C,X[ 9], 9,0x6ED9EBA1);
+	R2(C,D,A,B,X[ 5],11,0x6ED9EBA1);
+	R2(B,C,D,A,X[13],15,0x6ED9EBA1);
+	R2(A,B,C,D,X[ 3], 3,0x6ED9EBA1);
+	R2(D,A,B,C,X[11], 9,0x6ED9EBA1);
+	R2(C,D,A,B,X[ 7],11,0x6ED9EBA1);
+	R2(B,C,D,A,X[15],15,0x6ED9EBA1);
+
+	A = c->A += A;
+	B = c->B += B;
+	C = c->C += C;
+	D = c->D += D;
+		}
+	}
+#endif
+
+#ifndef md4_block_data_order
+#ifdef X
+#undef X
+#endif
+void md4_block_data_order (MD4_CTX *c, const void *data_, int num)
+	{
+	const unsigned char *data=data_;
+	register unsigned long A,B,C,D,l;
+	/*
+	 * In case you wonder why A-D are declared as long and not
+	 * as MD4_LONG. Doing so results in slight performance
+	 * boost on LP64 architectures. The catch is we don't
+	 * really care if 32 MSBs of a 64-bit register get polluted
+	 * with eventual overflows as we *save* only 32 LSBs in
+	 * *either* case. Now declaring 'em long excuses the compiler
+	 * from keeping 32 MSBs zeroed resulting in 13% performance
+	 * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+	 * Well, to be honest it should say that this *prevents* 
+	 * performance degradation.
+	 *
+	 *				<appro@fy.chalmers.se>
+	 */
+#ifndef MD32_XARRAY
+	/* See comment in crypto/sha/sha_locl.h for details. */
+	unsigned long	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+			XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
+# define X(i)	XX##i
+#else
+	MD4_LONG XX[MD4_LBLOCK];
+# define X(i)	XX[i]
+#endif
+
+	A=c->A;
+	B=c->B;
+	C=c->C;
+	D=c->D;
+
+	for (;num--;)
+		{
+	HOST_c2l(data,l); X( 0)=l;		HOST_c2l(data,l); X( 1)=l;
+	/* Round 0 */
+	R0(A,B,C,D,X( 0), 3,0);	HOST_c2l(data,l); X( 2)=l;
+	R0(D,A,B,C,X( 1), 7,0);	HOST_c2l(data,l); X( 3)=l;
+	R0(C,D,A,B,X( 2),11,0);	HOST_c2l(data,l); X( 4)=l;
+	R0(B,C,D,A,X( 3),19,0);	HOST_c2l(data,l); X( 5)=l;
+	R0(A,B,C,D,X( 4), 3,0);	HOST_c2l(data,l); X( 6)=l;
+	R0(D,A,B,C,X( 5), 7,0);	HOST_c2l(data,l); X( 7)=l;
+	R0(C,D,A,B,X( 6),11,0);	HOST_c2l(data,l); X( 8)=l;
+	R0(B,C,D,A,X( 7),19,0);	HOST_c2l(data,l); X( 9)=l;
+	R0(A,B,C,D,X( 8), 3,0);	HOST_c2l(data,l); X(10)=l;
+	R0(D,A,B,C,X( 9), 7,0);	HOST_c2l(data,l); X(11)=l;
+	R0(C,D,A,B,X(10),11,0);	HOST_c2l(data,l); X(12)=l;
+	R0(B,C,D,A,X(11),19,0);	HOST_c2l(data,l); X(13)=l;
+	R0(A,B,C,D,X(12), 3,0);	HOST_c2l(data,l); X(14)=l;
+	R0(D,A,B,C,X(13), 7,0);	HOST_c2l(data,l); X(15)=l;
+	R0(C,D,A,B,X(14),11,0);
+	R0(B,C,D,A,X(15),19,0);
+	/* Round 1 */
+	R1(A,B,C,D,X( 0), 3,0x5A827999L);
+	R1(D,A,B,C,X( 4), 5,0x5A827999L);
+	R1(C,D,A,B,X( 8), 9,0x5A827999L);
+	R1(B,C,D,A,X(12),13,0x5A827999L);
+	R1(A,B,C,D,X( 1), 3,0x5A827999L);
+	R1(D,A,B,C,X( 5), 5,0x5A827999L);
+	R1(C,D,A,B,X( 9), 9,0x5A827999L);
+	R1(B,C,D,A,X(13),13,0x5A827999L);
+	R1(A,B,C,D,X( 2), 3,0x5A827999L);
+	R1(D,A,B,C,X( 6), 5,0x5A827999L);
+	R1(C,D,A,B,X(10), 9,0x5A827999L);
+	R1(B,C,D,A,X(14),13,0x5A827999L);
+	R1(A,B,C,D,X( 3), 3,0x5A827999L);
+	R1(D,A,B,C,X( 7), 5,0x5A827999L);
+	R1(C,D,A,B,X(11), 9,0x5A827999L);
+	R1(B,C,D,A,X(15),13,0x5A827999L);
+	/* Round 2 */
+	R2(A,B,C,D,X( 0), 3,0x6ED9EBA1L);
+	R2(D,A,B,C,X( 8), 9,0x6ED9EBA1L);
+	R2(C,D,A,B,X( 4),11,0x6ED9EBA1L);
+	R2(B,C,D,A,X(12),15,0x6ED9EBA1L);
+	R2(A,B,C,D,X( 2), 3,0x6ED9EBA1L);
+	R2(D,A,B,C,X(10), 9,0x6ED9EBA1L);
+	R2(C,D,A,B,X( 6),11,0x6ED9EBA1L);
+	R2(B,C,D,A,X(14),15,0x6ED9EBA1L);
+	R2(A,B,C,D,X( 1), 3,0x6ED9EBA1L);
+	R2(D,A,B,C,X( 9), 9,0x6ED9EBA1L);
+	R2(C,D,A,B,X( 5),11,0x6ED9EBA1L);
+	R2(B,C,D,A,X(13),15,0x6ED9EBA1L);
+	R2(A,B,C,D,X( 3), 3,0x6ED9EBA1L);
+	R2(D,A,B,C,X(11), 9,0x6ED9EBA1L);
+	R2(C,D,A,B,X( 7),11,0x6ED9EBA1L);
+	R2(B,C,D,A,X(15),15,0x6ED9EBA1L);
+
+	A = c->A += A;
+	B = c->B += B;
+	C = c->C += C;
+	D = c->D += D;
+		}
+	}
+#endif
+
+#ifdef undef
+int printit(unsigned long *l)
+	{
+	int i,ii;
+
+	for (i=0; i<2; i++)
+		{
+		for (ii=0; ii<8; ii++)
+			{
+			fprintf(stderr,"%08lx ",l[i*8+ii]);
+			}
+		fprintf(stderr,"\n");
+		}
+	}
+#endif
diff --git a/crypto/md/md5_locl.h b/crypto/md4/md4_locl.h
index b2f0028fbd..a8d31d7a73 100644
--- a/crypto/md/md5_locl.h
+++ b/crypto/md4/md4_locl.h
@@ -1,5 +1,5 @@
-/* crypto/md/md5_locl.h */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* crypto/md4/md4_locl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -58,133 +58,97 @@
 
 #include <stdlib.h>
 #include <string.h>
-#include "md5.h"
+#include <openssl/opensslconf.h>
+#include <openssl/md4.h>
 
-#define ULONG	unsigned long
-#define UCHAR	unsigned char
-#define UINT	unsigned int
-
-#if defined(NOCONST)
-#define const
+#ifndef MD4_LONG_LOG2
+#define MD4_LONG_LOG2 2 /* default to 32 bits */
 #endif
 
-#undef c2l
-#define c2l(c,l)	(l = ((unsigned long)(*((c)++)))     , \
-			 l|=(((unsigned long)(*((c)++)))<< 8), \
-			 l|=(((unsigned long)(*((c)++)))<<16), \
-			 l|=(((unsigned long)(*((c)++)))<<24))
-
-#undef p_c2l
-#define p_c2l(c,l,n)	{ \
-			switch (n) { \
-			case 0: l =((unsigned long)(*((c)++))); \
-			case 1: l|=((unsigned long)(*((c)++)))<< 8; \
-			case 2: l|=((unsigned long)(*((c)++)))<<16; \
-			case 3: l|=((unsigned long)(*((c)++)))<<24; \
-				} \
-			}
+void md4_block_host_order (MD4_CTX *c, const void *p,int num);
+void md4_block_data_order (MD4_CTX *c, const void *p,int num);
 
-/* NOTE the pointer is not incremented at the end of this */
-#undef c2l_p
-#define c2l_p(c,l,n)	{ \
-			l=0; \
-			(c)+=n; \
-			switch (n) { \
-			case 3: l =((unsigned long)(*(--(c))))<<16; \
-			case 2: l|=((unsigned long)(*(--(c))))<< 8; \
-			case 1: l|=((unsigned long)(*(--(c))))    ; \
-				} \
-			}
-
-#undef p_c2l_p
-#define p_c2l_p(c,l,sc,len) { \
-			switch (sc) \
-				{ \
-			case 0: l =((unsigned long)(*((c)++))); \
-				if (--len == 0) break; \
-			case 1: l|=((unsigned long)(*((c)++)))<< 8; \
-				if (--len == 0) break; \
-			case 2: l|=((unsigned long)(*((c)++)))<<16; \
-				} \
-			}
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+/*
+ * *_block_host_order is expected to handle aligned data while
+ * *_block_data_order - unaligned. As algorithm and host (x86)
+ * are in this case of the same "endianness" these two are
+ * otherwise indistinguishable. But normally you don't want to
+ * call the same function because unaligned access in places
+ * where alignment is expected is usually a "Bad Thing". Indeed,
+ * on RISCs you get punished with BUS ERROR signal or *severe*
+ * performance degradation. Intel CPUs are in turn perfectly
+ * capable of loading unaligned data without such drastic side
+ * effect. Yes, they say it's slower than aligned load, but no
+ * exception is generated and therefore performance degradation
+ * is *incomparable* with RISCs. What we should weight here is
+ * costs of unaligned access against costs of aligning data.
+ * According to my measurements allowing unaligned access results
+ * in ~9% performance improvement on Pentium II operating at
+ * 266MHz. I won't be surprised if the difference will be higher
+ * on faster systems:-)
+ *
+ *				<appro@fy.chalmers.se>
+ */
+#define md4_block_data_order md4_block_host_order
+#endif
 
-#undef l2c
-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>24)&0xff))
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+
+#define HASH_LONG		MD4_LONG
+#define HASH_LONG_LOG2		MD4_LONG_LOG2
+#define HASH_CTX		MD4_CTX
+#define HASH_CBLOCK		MD4_CBLOCK
+#define HASH_LBLOCK		MD4_LBLOCK
+#define HASH_UPDATE		MD4_Update
+#define HASH_TRANSFORM		MD4_Transform
+#define HASH_FINAL		MD4_Final
+#define	HASH_MAKE_STRING(c,s)	do {	\
+	unsigned long ll;		\
+	ll=(c)->A; HOST_l2c(ll,(s));	\
+	ll=(c)->B; HOST_l2c(ll,(s));	\
+	ll=(c)->C; HOST_l2c(ll,(s));	\
+	ll=(c)->D; HOST_l2c(ll,(s));	\
+	} while (0)
+#define HASH_BLOCK_HOST_ORDER	md4_block_host_order
+#if !defined(L_ENDIAN) || defined(md4_block_data_order)
+#define	HASH_BLOCK_DATA_ORDER	md4_block_data_order
+/*
+ * Little-endians (Intel and Alpha) feel better without this.
+ * It looks like memcpy does better job than generic
+ * md4_block_data_order on copying-n-aligning input data.
+ * But frankly speaking I didn't expect such result on Alpha.
+ * On the other hand I've got this with egcs-1.0.2 and if
+ * program is compiled with another (better?) compiler it
+ * might turn out other way around.
+ *
+ *				<appro@fy.chalmers.se>
+ */
+#endif
 
-/* NOTE - c is not incremented as per l2c */
-#undef l2cn
-#define l2cn(l1,l2,c,n)	{ \
-			c+=n; \
-			switch (n) { \
-			case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
-			case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
-			case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
-			case 5: *(--(c))=(unsigned char)(((l2)    )&0xff); \
-			case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
-			case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
-			case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
-			case 1: *(--(c))=(unsigned char)(((l1)    )&0xff); \
-				} \
-			}
+#include "md32_common.h"
 
-/* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
-#if defined(WIN32)
-/* 5 instructions with rotate instruction, else 9 */
-#define Endian_Reverse32(a) \
-	{ \
-	unsigned long l=(a); \
-	(a)=((ROTATE(l,8)&0x00FF00FF)|(ROTATE(l,24)&0xFF00FF00)); \
-	}
-#else
-/* 6 instructions with rotate instruction, else 8 */
-#define Endian_Reverse32(a) \
-	{ \
-	unsigned long l=(a); \
-	l=(((l&0xFF00FF00)>>8L)|((l&0x00FF00FF)<<8L)); \
-	(a)=ROTATE(l,16L); \
-	}
-#endif
 /*
 #define	F(x,y,z)	(((x) & (y))  |  ((~(x)) & (z)))
-#define	G(x,y,z)	(((x) & (z))  |  ((y) & (~(z))))
+#define	G(x,y,z)	(((x) & (y))  |  ((x) & ((z))) | ((y) & ((z))))
 */
 
 /* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be
- * simplified to the code below.  Wei attributes these optimisations
+ * simplified to the code below.  Wei attributes these optimizations
  * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
  */
-#define	F(x,y,z)	((((y) ^ (z)) & (x)) ^ (z))
-#define	G(x,y,z)	((((x) ^ (y)) & (z)) ^ (y))
-#define	H(x,y,z)	((x) ^ (y) ^ (z))
-#define	I(x,y,z)	(((x) | (~(z))) ^ (y))
-
-#undef ROTATE
-#if defined(WIN32)
-#define ROTATE(a,n)     _lrotl(a,n)
-#else
-#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
-#endif
-
+#define	F(b,c,d)	((((c) ^ (d)) & (b)) ^ (d))
+#define G(b,c,d)	(((b) & (c)) | ((b) & (d)) | ((c) & (d)))
+#define	H(b,c,d)	((b) ^ (c) ^ (d))
 
 #define R0(a,b,c,d,k,s,t) { \
 	a+=((k)+(t)+F((b),(c),(d))); \
-	a=ROTATE(a,s); \
-	a+=b; };\
+	a=ROTATE(a,s); };
 
 #define R1(a,b,c,d,k,s,t) { \
 	a+=((k)+(t)+G((b),(c),(d))); \
-	a=ROTATE(a,s); \
-	a+=b; };
+	a=ROTATE(a,s); };\
 
 #define R2(a,b,c,d,k,s,t) { \
 	a+=((k)+(t)+H((b),(c),(d))); \
-	a=ROTATE(a,s); \
-	a+=b; };
-
-#define R3(a,b,c,d,k,s,t) { \
-	a+=((k)+(t)+I((b),(c),(d))); \
-	a=ROTATE(a,s); \
-	a+=b; };
+	a=ROTATE(a,s); };
diff --git a/crypto/cryptall.h b/crypto/md4/md4_one.c
index 65a46452a8..00565507e4 100644
--- a/crypto/cryptall.h
+++ b/crypto/md4/md4_one.c
@@ -1,4 +1,4 @@
-/* crypto/cryptall.h */
+/* crypto/md4/md4_one.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,55 +56,41 @@
  * [including the GNU Public Licence.]
  */
 
-#ifndef HEADER_CRYPTOALL_H
-#define HEADER_CRYPTOALL_H
+#include <stdio.h>
+#include <string.h>
+#include <openssl/md4.h>
+#include <openssl/crypto.h>
 
-#include "buffer.h"
-#include "stack.h"
-#include "lhash.h"
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
 
-#include "err.h"
+unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md)
+	{
+	MD4_CTX c;
+	static unsigned char m[MD4_DIGEST_LENGTH];
 
-#ifdef NO_MD2
-#include <md2.h>
-#else
-#include "md2.h"
-#endif
-#ifdef NO_MD5
-#include <md5.h>
+	if (md == NULL) md=m;
+	MD4_Init(&c);
+#ifndef CHARSET_EBCDIC
+	MD4_Update(&c,d,n);
 #else
-#include "md5.h"
-#endif
-#include "sha.h"
+	{
+		char temp[1024];
+		unsigned long chunk;
 
-#ifdef NO_DES
-#include <des.h>
-#else
-#include "des.h"
+		while (n > 0)
+		{
+			chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+			ebcdic2ascii(temp, d, chunk);
+			MD4_Update(&c,temp,chunk);
+			n -= chunk;
+			d += chunk;
+		}
+	}
 #endif
-#include "rc2.h"
-#include "rc4.h"
-#include "idea.h"
-
-#include "bn.h"
-#include "dh.h"
-#include "rsa.h"
-#include "dsa.h"
+	MD4_Final(md,&c);
+	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
+	return(md);
+	}
 
-#include "rand.h"
-#include "conf.h"
-#include "txt_db.h"
-
-#include "err.h"
-#include "evp.h"
-
-#include "meth.h"
-#include "x509.h"
-#include "pkcs7.h"
-#include "pem.h"
-#include "asn1.h"
-#include "objects.h"
-
-#include "crypto.h"
-
-#endif
diff --git a/crypto/md4/md4s.cpp b/crypto/md4/md4s.cpp
new file mode 100644
index 0000000000..c0ec97fc9f
--- /dev/null
+++ b/crypto/md4/md4s.cpp
@@ -0,0 +1,78 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+	       : "=eax" (tsc)
+	       :
+	       : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/md4.h>
+
+extern "C" {
+void md4_block_x86(MD4_CTX *ctx, unsigned char *buffer,int num);
+}
+
+void main(int argc,char *argv[])
+	{
+	unsigned char buffer[64*256];
+	MD4_CTX ctx;
+	unsigned long s1,s2,e1,e2;
+	unsigned char k[16];
+	unsigned long data[2];
+	unsigned char iv[8];
+	int i,num=0,numm;
+	int j=0;
+
+	if (argc >= 2)
+		num=atoi(argv[1]);
+
+	if (num == 0) num=16;
+	if (num > 250) num=16;
+	numm=num+2;
+	num*=64;
+	numm*=64;
+
+	for (j=0; j<6; j++)
+		{
+		for (i=0; i<10; i++) /**/
+			{
+			md4_block_x86(&ctx,buffer,numm);
+			GetTSC(s1);
+			md4_block_x86(&ctx,buffer,numm);
+			GetTSC(e1);
+			GetTSC(s2);
+			md4_block_x86(&ctx,buffer,num);
+			GetTSC(e2);
+			md4_block_x86(&ctx,buffer,num);
+			}
+		printf("md4 (%d bytes) %d %d (%.2f)\n",num,
+			e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+		}
+	}
+
diff --git a/crypto/md/md5test.c b/crypto/md4/md4test.c
index e5c38cf817..21a77d96f7 100644
--- a/crypto/md/md5test.c
+++ b/crypto/md4/md4test.c
@@ -1,5 +1,5 @@
-/* crypto/md/md5test.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+/* crypto/md4/md4test.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
@@ -59,9 +59,20 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "md5.h"
 
-char *test[]={
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_MD4
+int main(int argc, char *argv[])
+{
+    printf("No MD4 support\n");
+    return(0);
+}
+#else
+#include <openssl/evp.h>
+#include <openssl/md4.h>
+
+static char *test[]={
 	"",
 	"a",
 	"abc",
@@ -72,39 +83,34 @@ char *test[]={
 	NULL,
 	};
 
-char *ret[]={
-	"d41d8cd98f00b204e9800998ecf8427e",
-	"0cc175b9c0f1b6a831c399e269772661",
-	"900150983cd24fb0d6963f7d28e17f72",
-	"f96b697d7cb7938d525a2f31aaf161d0",
-	"c3fcd3d76192e4007dfb496cca67e13b",
-	"d174ab98d277d9f5a5611c2c9f419d9f",
-	"57edf4a22be3c955ac49da2e2107b67a",
-	};
+static char *ret[]={
+"31d6cfe0d16ae931b73c59d7e0c089c0",
+"bde52cb31de33e46245e05fbdbd6fb24",
+"a448017aaf21d8525fc10ae87aa6729d",
+"d9130a8164549fe818874806e1c7014b",
+"d79e1c308aa5bbcdeea8ed63df412da9",
+"043f8582f241db351ce627e153e7f0e4",
+"e33b4ddc9c38f2199c3e7b164fcc0536",
+};
 
-#ifndef NOPROTO
 static char *pt(unsigned char *md);
-#else
-static char *pt();
-#endif
-
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int i,err=0;
 	unsigned char **P,**R;
 	char *p;
+	unsigned char md[MD4_DIGEST_LENGTH];
 
 	P=(unsigned char **)test;
 	R=(unsigned char **)ret;
 	i=1;
 	while (*P != NULL)
 		{
-		p=pt(MD5(*P,(unsigned long)strlen((char *)*P),NULL));
+		EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md4(), NULL);
+		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{
-			printf("error calculating MD5 on '%s'\n",*P);
+			printf("error calculating MD4 on '%s'\n",*P);
 			printf("got %s instead of %s\n",p,*R);
 			err++;
 			}
@@ -114,17 +120,17 @@ char *argv[];
 		R++;
 		P++;
 		}
-	exit(err);
+	EXIT(err);
 	return(0);
 	}
 
-static char *pt(md)
-unsigned char *md;
+static char *pt(unsigned char *md)
 	{
 	int i;
 	static char buf[80];
 
-	for (i=0; i<MD5_DIGEST_LENGTH; i++)
+	for (i=0; i<MD4_DIGEST_LENGTH; i++)
 		sprintf(&(buf[i*2]),"%02x",md[i]);
 	return(buf);
 	}
+#endif
diff --git a/crypto/md5/.cvsignore b/crypto/md5/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/md5/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/md5/Makefile.ssl b/crypto/md5/Makefile.ssl
index abbe2eef87..cbb05263f7 100644
--- a/crypto/md5/Makefile.ssl
+++ b/crypto/md5/Makefile.ssl
@@ -8,9 +8,12 @@ CC=     cc
 CPP=    $(CC) -E
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=           make -f Makefile.ssl
-MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=       Makefile.ssl
 AR=             ar r
 
@@ -18,9 +21,17 @@ MD5_ASM_OBJ=
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
+# We let the C compiler driver to take care of .s files. This is done in
+# order to be excused from maintaining a separate set of architecture
+# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+# gcc, then the driver will automatically translate it to -xarch=v8plus
+# and pass it down to assembler.
+AS=$(CC) -c
+ASFLAGS=$(CFLAGS)
+
 GENERAL=Makefile
 TEST=md5test.c
-APPS=md5.c
+APPS=
 
 LIB=$(TOP)/libcrypto.a
 LIBSRC=md5_dgst.c md5_one.c
@@ -40,12 +51,12 @@ all:    lib
 
 lib:    $(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 # elf
 asm/mx86-elf.o: asm/mx86unix.cpp
-	$(CPP) -DELF asm/mx86unix.cpp | as -o asm/mx86-elf.o
+	$(CPP) -DELF -x c asm/mx86unix.cpp | as -o asm/mx86-elf.o
 
 # solaris
 asm/mx86-sol.o: asm/mx86unix.cpp
@@ -61,24 +72,41 @@ asm/mx86-out.o: asm/mx86unix.cpp
 asm/mx86bsdi.o: asm/mx86unix.cpp
 	$(CPP) -DBSDI asm/mx86unix.cpp | sed 's/ :/:/' | as -o asm/mx86bsdi.o
 
-asm/mx86unix.cpp:
-	(cd asm; perl md5-586.pl cpp >mx86unix.cpp)
+asm/mx86unix.cpp: asm/md5-586.pl ../perlasm/x86asm.pl
+	(cd asm; $(PERL) md5-586.pl cpp >mx86unix.cpp)
+
+asm/md5-sparcv8plus.o: asm/md5-sparcv9.S
+	$(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \
+		-o asm/md5-sparcv8plus.o asm/md5-sparcv9.S
+
+# Old GNU assembler doesn't understand V9 instructions, so we
+# hire /usr/ccs/bin/as to do the job. Note that option is called
+# *-gcc27, but even gcc 2>=8 users may experience similar problem
+# if they didn't bother to upgrade GNU assembler. Such users should
+# not choose this option, but be adviced to *remove* GNU assembler
+# or upgrade it.
+asm/md5-sparcv8plus-gcc27.o: asm/md5-sparcv9.S
+	$(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -E asm/md5-sparcv9.S | \
+		/usr/ccs/bin/as -xarch=v8plus - -o asm/md5-sparcv8plus-gcc27.o
+
+asm/md5-sparcv9.o: asm/md5-sparcv9.S
+	$(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \
+		-o asm/md5-sparcv9.o asm/md5-sparcv9.S
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -90,15 +118,22 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c
+md5_dgst.o: md5_locl.h
+md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+md5_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+md5_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md5_one.o: md5_one.c
diff --git a/crypto/md5/Makefile.uni b/crypto/md5/Makefile.uni
deleted file mode 100644
index 54685712db..0000000000
--- a/crypto/md5/Makefile.uni
+++ /dev/null
@@ -1,109 +0,0 @@
-# Targets
-# make          - twidle the options yourself :-)
-# make cc       - standard cc options
-# make gcc      - standard gcc options
-# make x86-elf  - linux-elf etc
-# make x86-out  - linux-a.out, FreeBSD etc
-# make x86-solaris
-# make x86-bdsi
-
-DIR=    md5
-TOP=    .
-CC=     gcc
-CFLAG=	-O3 -fomit-frame-pointer
-
-CPP=    $(CC) -E
-INCLUDES=
-INSTALLTOP=/usr/local/lib
-MAKE=           make
-MAKEDEPEND=     makedepend
-MAKEFILE=       Makefile.uni
-AR=             ar r
-
-MD5_ASM_OBJ=
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=md5test
-APPS=md5
-
-LIB=libmd5.a
-LIBSRC=md5_dgst.c md5_one.c
-LIBOBJ=md5_dgst.o md5_one.o $(MD5_ASM_OBJ)
-
-SRC= $(LIBSRC)
-
-EXHEADER= md5.h
-HEADER= md5_locl.h $(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-all:    $(LIB) $(TEST) $(APPS)
-
-$(LIB):    $(LIBOBJ)
-	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/ranlib.sh $(LIB)
-
-# elf
-asm/mx86-elf.o: asm/mx86unix.cpp
-	$(CPP) -DELF asm/mx86unix.cpp | as -o asm/mx86-elf.o
-
-# solaris
-asm/mx86-sol.o: asm/mx86unix.cpp
-	$(CC) -E -DSOL asm/mx86unix.cpp | sed 's/^#.*//' > asm/mx86-sol.s
-	as -o asm/mx86-sol.o asm/mx86-sol.s
-	rm -f asm/mx86-sol.s
-
-# a.out
-asm/mx86-out.o: asm/mx86unix.cpp
-	$(CPP) -DOUT asm/mx86unix.cpp | as -o asm/mx86-out.o
-
-# bsdi
-asm/mx86bsdi.o: asm/mx86unix.cpp
-	$(CPP) -DBSDI asm/mx86unix.cpp | as -o asm/mx86bsdi.o
-
-asm/mx86unix.cpp:
-	(cd asm; perl md5-586.pl cpp >mx86unix.cpp)
-
-test:	$(TEST)
-	./$(TEST)
-
-$(TEST): $(TEST).c $(LIB)
-	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
-
-$(APPS): $(APPS).c $(LIB)
-	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
-
-dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-cc:
-	$(MAKE) MD5_ASM_OBJ="" CC="cc" CFLAG="-O" all
-
-gcc:
-	$(MAKE) MD5_ASM_OBJ="" CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
-
-x86-elf:
-	$(MAKE) MD5_ASM_OBJ="asm/mx86-elf.o" CFLAG="-DELF -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
-
-x86-out:
-	$(MAKE) MD5_ASM_OBJ="asm/mx86-out.o" CFLAG="-DOUT -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
-
-x86-solaris:
-	$(MAKE) MD5_ASM_OBJ="asm/mx86-sol.o" CFLAG="-DSOL -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
-
-x86-bdsi:
-	$(MAKE) MD5_ASM_OBJ="asm/mx86-bdsi.o" CFLAG="-DBDSI -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/md5/asm/.cvsignore b/crypto/md5/asm/.cvsignore
new file mode 100644
index 0000000000..085a1b1a96
--- /dev/null
+++ b/crypto/md5/asm/.cvsignore
@@ -0,0 +1 @@
+mx86unix.cpp
diff --git a/crypto/md5/asm/m5-win32.asm b/crypto/md5/asm/m5-win32.asm
deleted file mode 100644
index c2081da746..0000000000
--- a/crypto/md5/asm/m5-win32.asm
+++ /dev/null
@@ -1,686 +0,0 @@
-	; Don't even think of reading this code
-	; It was automatically generated by md5-586.pl
-	; Which is a perl program used to generate the x86 assember for
-	; any of elf, a.out, BSDI,Win32, or Solaris
-	; eric <eay@cryptsoft.com>
-	; 
-	TITLE	md5-586.asm
-        .386
-.model FLAT
-_TEXT	SEGMENT
-PUBLIC	_md5_block_x86
-
-_md5_block_x86 PROC NEAR
-	push	esi
-	push	edi
-	mov	edi,		DWORD PTR 12[esp]
-	mov	esi,		DWORD PTR 16[esp]
-	mov	ecx,		DWORD PTR 20[esp]
-	push	ebp
-	push	ebx
-	add	ecx,		esi
-	sub	ecx,		64
-	mov	eax,		DWORD PTR [edi]
-	push	ecx
-	mov	ebx,		DWORD PTR 4[edi]
-	mov	ecx,		DWORD PTR 8[edi]
-	mov	edx,		DWORD PTR 12[edi]
-L000start:
-	; 
-	; R0 section
-	mov	edi,		ecx
-	mov	ebp,		DWORD PTR [esi]
-	; R0 0
-	xor	edi,		edx
-	and	edi,		ebx
-	lea	eax,		DWORD PTR 3614090360[ebp*1+eax]
-	mov	ebp,		DWORD PTR 4[esi]
-	xor	edi,		edx
-	add	eax,		edi
-	mov	edi,		ebx
-	rol	eax,		7
-	add	eax,		ebx
-	; R0 1
-	xor	edi,		ecx
-	and	edi,		eax
-	lea	edx,		DWORD PTR 3905402710[ebp*1+edx]
-	mov	ebp,		DWORD PTR 8[esi]
-	xor	edi,		ecx
-	add	edx,		edi
-	mov	edi,		eax
-	rol	edx,		12
-	add	edx,		eax
-	; R0 2
-	xor	edi,		ebx
-	and	edi,		edx
-	lea	ecx,		DWORD PTR 606105819[ebp*1+ecx]
-	mov	ebp,		DWORD PTR 12[esi]
-	xor	edi,		ebx
-	add	ecx,		edi
-	mov	edi,		edx
-	rol	ecx,		17
-	add	ecx,		edx
-	; R0 3
-	xor	edi,		eax
-	and	edi,		ecx
-	lea	ebx,		DWORD PTR 3250441966[ebp*1+ebx]
-	mov	ebp,		DWORD PTR 16[esi]
-	xor	edi,		eax
-	add	ebx,		edi
-	mov	edi,		ecx
-	rol	ebx,		22
-	add	ebx,		ecx
-	; R0 4
-	xor	edi,		edx
-	and	edi,		ebx
-	lea	eax,		DWORD PTR 4118548399[ebp*1+eax]
-	mov	ebp,		DWORD PTR 20[esi]
-	xor	edi,		edx
-	add	eax,		edi
-	mov	edi,		ebx
-	rol	eax,		7
-	add	eax,		ebx
-	; R0 5
-	xor	edi,		ecx
-	and	edi,		eax
-	lea	edx,		DWORD PTR 1200080426[ebp*1+edx]
-	mov	ebp,		DWORD PTR 24[esi]
-	xor	edi,		ecx
-	add	edx,		edi
-	mov	edi,		eax
-	rol	edx,		12
-	add	edx,		eax
-	; R0 6
-	xor	edi,		ebx
-	and	edi,		edx
-	lea	ecx,		DWORD PTR 2821735955[ebp*1+ecx]
-	mov	ebp,		DWORD PTR 28[esi]
-	xor	edi,		ebx
-	add	ecx,		edi
-	mov	edi,		edx
-	rol	ecx,		17
-	add	ecx,		edx
-	; R0 7
-	xor	edi,		eax
-	and	edi,		ecx
-	lea	ebx,		DWORD PTR 4249261313[ebp*1+ebx]
-	mov	ebp,		DWORD PTR 32[esi]
-	xor	edi,		eax
-	add	ebx,		edi
-	mov	edi,		ecx
-	rol	ebx,		22
-	add	ebx,		ecx
-	; R0 8
-	xor	edi,		edx
-	and	edi,		ebx
-	lea	eax,		DWORD PTR 1770035416[ebp*1+eax]
-	mov	ebp,		DWORD PTR 36[esi]
-	xor	edi,		edx
-	add	eax,		edi
-	mov	edi,		ebx
-	rol	eax,		7
-	add	eax,		ebx
-	; R0 9
-	xor	edi,		ecx
-	and	edi,		eax
-	lea	edx,		DWORD PTR 2336552879[ebp*1+edx]
-	mov	ebp,		DWORD PTR 40[esi]
-	xor	edi,		ecx
-	add	edx,		edi
-	mov	edi,		eax
-	rol	edx,		12
-	add	edx,		eax
-	; R0 10
-	xor	edi,		ebx
-	and	edi,		edx
-	lea	ecx,		DWORD PTR 4294925233[ebp*1+ecx]
-	mov	ebp,		DWORD PTR 44[esi]
-	xor	edi,		ebx
-	add	ecx,		edi
-	mov	edi,		edx
-	rol	ecx,		17
-	add	ecx,		edx
-	; R0 11
-	xor	edi,		eax
-	and	edi,		ecx
-	lea	ebx,		DWORD PTR 2304563134[ebp*1+ebx]
-	mov	ebp,		DWORD PTR 48[esi]
-	xor	edi,		eax
-	add	ebx,		edi
-	mov	edi,		ecx
-	rol	ebx,		22
-	add	ebx,		ecx
-	; R0 12
-	xor	edi,		edx
-	and	edi,		ebx
-	lea	eax,		DWORD PTR 1804603682[ebp*1+eax]
-	mov	ebp,		DWORD PTR 52[esi]
-	xor	edi,		edx
-	add	eax,		edi
-	mov	edi,		ebx
-	rol	eax,		7
-	add	eax,		ebx
-	; R0 13
-	xor	edi,		ecx
-	and	edi,		eax
-	lea	edx,		DWORD PTR 4254626195[ebp*1+edx]
-	mov	ebp,		DWORD PTR 56[esi]
-	xor	edi,		ecx
-	add	edx,		edi
-	mov	edi,		eax
-	rol	edx,		12
-	add	edx,		eax
-	; R0 14
-	xor	edi,		ebx
-	and	edi,		edx
-	lea	ecx,		DWORD PTR 2792965006[ebp*1+ecx]
-	mov	ebp,		DWORD PTR 60[esi]
-	xor	edi,		ebx
-	add	ecx,		edi
-	mov	edi,		edx
-	rol	ecx,		17
-	add	ecx,		edx
-	; R0 15
-	xor	edi,		eax
-	and	edi,		ecx
-	lea	ebx,		DWORD PTR 1236535329[ebp*1+ebx]
-	mov	ebp,		DWORD PTR 4[esi]
-	xor	edi,		eax
-	add	ebx,		edi
-	mov	edi,		ecx
-	rol	ebx,		22
-	add	ebx,		ecx
-	; 
-	; R1 section
-	; R1 16
-	lea	eax,		DWORD PTR 4129170786[ebp*1+eax]
-	xor	edi,		ebx
-	and	edi,		edx
-	mov	ebp,		DWORD PTR 24[esi]
-	xor	edi,		ecx
-	add	eax,		edi
-	mov	edi,		ebx
-	rol	eax,		5
-	add	eax,		ebx
-	; R1 17
-	lea	edx,		DWORD PTR 3225465664[ebp*1+edx]
-	xor	edi,		eax
-	and	edi,		ecx
-	mov	ebp,		DWORD PTR 44[esi]
-	xor	edi,		ebx
-	add	edx,		edi
-	mov	edi,		eax
-	rol	edx,		9
-	add	edx,		eax
-	; R1 18
-	lea	ecx,		DWORD PTR 643717713[ebp*1+ecx]
-	xor	edi,		edx
-	and	edi,		ebx
-	mov	ebp,		DWORD PTR [esi]
-	xor	edi,		eax
-	add	ecx,		edi
-	mov	edi,		edx
-	rol	ecx,		14
-	add	ecx,		edx
-	; R1 19
-	lea	ebx,		DWORD PTR 3921069994[ebp*1+ebx]
-	xor	edi,		ecx
-	and	edi,		eax
-	mov	ebp,		DWORD PTR 20[esi]
-	xor	edi,		edx
-	add	ebx,		edi
-	mov	edi,		ecx
-	rol	ebx,		20
-	add	ebx,		ecx
-	; R1 20
-	lea	eax,		DWORD PTR 3593408605[ebp*1+eax]
-	xor	edi,		ebx
-	and	edi,		edx
-	mov	ebp,		DWORD PTR 40[esi]
-	xor	edi,		ecx
-	add	eax,		edi
-	mov	edi,		ebx
-	rol	eax,		5
-	add	eax,		ebx
-	; R1 21
-	lea	edx,		DWORD PTR 38016083[ebp*1+edx]
-	xor	edi,		eax
-	and	edi,		ecx
-	mov	ebp,		DWORD PTR 60[esi]
-	xor	edi,		ebx
-	add	edx,		edi
-	mov	edi,		eax
-	rol	edx,		9
-	add	edx,		eax
-	; R1 22
-	lea	ecx,		DWORD PTR 3634488961[ebp*1+ecx]
-	xor	edi,		edx
-	and	edi,		ebx
-	mov	ebp,		DWORD PTR 16[esi]
-	xor	edi,		eax
-	add	ecx,		edi
-	mov	edi,		edx
-	rol	ecx,		14
-	add	ecx,		edx
-	; R1 23
-	lea	ebx,		DWORD PTR 3889429448[ebp*1+ebx]
-	xor	edi,		ecx
-	and	edi,		eax
-	mov	ebp,		DWORD PTR 36[esi]
-	xor	edi,		edx
-	add	ebx,		edi
-	mov	edi,		ecx
-	rol	ebx,		20
-	add	ebx,		ecx
-	; R1 24
-	lea	eax,		DWORD PTR 568446438[ebp*1+eax]
-	xor	edi,		ebx
-	and	edi,		edx
-	mov	ebp,		DWORD PTR 56[esi]
-	xor	edi,		ecx
-	add	eax,		edi
-	mov	edi,		ebx
-	rol	eax,		5
-	add	eax,		ebx
-	; R1 25
-	lea	edx,		DWORD PTR 3275163606[ebp*1+edx]
-	xor	edi,		eax
-	and	edi,		ecx
-	mov	ebp,		DWORD PTR 12[esi]
-	xor	edi,		ebx
-	add	edx,		edi
-	mov	edi,		eax
-	rol	edx,		9
-	add	edx,		eax
-	; R1 26
-	lea	ecx,		DWORD PTR 4107603335[ebp*1+ecx]
-	xor	edi,		edx
-	and	edi,		ebx
-	mov	ebp,		DWORD PTR 32[esi]
-	xor	edi,		eax
-	add	ecx,		edi
-	mov	edi,		edx
-	rol	ecx,		14
-	add	ecx,		edx
-	; R1 27
-	lea	ebx,		DWORD PTR 1163531501[ebp*1+ebx]
-	xor	edi,		ecx
-	and	edi,		eax
-	mov	ebp,		DWORD PTR 52[esi]
-	xor	edi,		edx
-	add	ebx,		edi
-	mov	edi,		ecx
-	rol	ebx,		20
-	add	ebx,		ecx
-	; R1 28
-	lea	eax,		DWORD PTR 2850285829[ebp*1+eax]
-	xor	edi,		ebx
-	and	edi,		edx
-	mov	ebp,		DWORD PTR 8[esi]
-	xor	edi,		ecx
-	add	eax,		edi
-	mov	edi,		ebx
-	rol	eax,		5
-	add	eax,		ebx
-	; R1 29
-	lea	edx,		DWORD PTR 4243563512[ebp*1+edx]
-	xor	edi,		eax
-	and	edi,		ecx
-	mov	ebp,		DWORD PTR 28[esi]
-	xor	edi,		ebx
-	add	edx,		edi
-	mov	edi,		eax
-	rol	edx,		9
-	add	edx,		eax
-	; R1 30
-	lea	ecx,		DWORD PTR 1735328473[ebp*1+ecx]
-	xor	edi,		edx
-	and	edi,		ebx
-	mov	ebp,		DWORD PTR 48[esi]
-	xor	edi,		eax
-	add	ecx,		edi
-	mov	edi,		edx
-	rol	ecx,		14
-	add	ecx,		edx
-	; R1 31
-	lea	ebx,		DWORD PTR 2368359562[ebp*1+ebx]
-	xor	edi,		ecx
-	and	edi,		eax
-	mov	ebp,		DWORD PTR 20[esi]
-	xor	edi,		edx
-	add	ebx,		edi
-	mov	edi,		ecx
-	rol	ebx,		20
-	add	ebx,		ecx
-	; 
-	; R2 section
-	; R2 32
-	xor	edi,		edx
-	xor	edi,		ebx
-	lea	eax,		DWORD PTR 4294588738[ebp*1+eax]
-	add	eax,		edi
-	mov	ebp,		DWORD PTR 32[esi]
-	rol	eax,		4
-	mov	edi,		ebx
-	; R2 33
-	lea	edx,		DWORD PTR 2272392833[ebp*1+edx]
-	add	eax,		ebx
-	xor	edi,		ecx
-	xor	edi,		eax
-	mov	ebp,		DWORD PTR 44[esi]
-	add	edx,		edi
-	mov	edi,		eax
-	rol	edx,		11
-	add	edx,		eax
-	; R2 34
-	xor	edi,		ebx
-	xor	edi,		edx
-	lea	ecx,		DWORD PTR 1839030562[ebp*1+ecx]
-	add	ecx,		edi
-	mov	ebp,		DWORD PTR 56[esi]
-	rol	ecx,		16
-	mov	edi,		edx
-	; R2 35
-	lea	ebx,		DWORD PTR 4259657740[ebp*1+ebx]
-	add	ecx,		edx
-	xor	edi,		eax
-	xor	edi,		ecx
-	mov	ebp,		DWORD PTR 4[esi]
-	add	ebx,		edi
-	mov	edi,		ecx
-	rol	ebx,		23
-	add	ebx,		ecx
-	; R2 36
-	xor	edi,		edx
-	xor	edi,		ebx
-	lea	eax,		DWORD PTR 2763975236[ebp*1+eax]
-	add	eax,		edi
-	mov	ebp,		DWORD PTR 16[esi]
-	rol	eax,		4
-	mov	edi,		ebx
-	; R2 37
-	lea	edx,		DWORD PTR 1272893353[ebp*1+edx]
-	add	eax,		ebx
-	xor	edi,		ecx
-	xor	edi,		eax
-	mov	ebp,		DWORD PTR 28[esi]
-	add	edx,		edi
-	mov	edi,		eax
-	rol	edx,		11
-	add	edx,		eax
-	; R2 38
-	xor	edi,		ebx
-	xor	edi,		edx
-	lea	ecx,		DWORD PTR 4139469664[ebp*1+ecx]
-	add	ecx,		edi
-	mov	ebp,		DWORD PTR 40[esi]
-	rol	ecx,		16
-	mov	edi,		edx
-	; R2 39
-	lea	ebx,		DWORD PTR 3200236656[ebp*1+ebx]
-	add	ecx,		edx
-	xor	edi,		eax
-	xor	edi,		ecx
-	mov	ebp,		DWORD PTR 52[esi]
-	add	ebx,		edi
-	mov	edi,		ecx
-	rol	ebx,		23
-	add	ebx,		ecx
-	; R2 40
-	xor	edi,		edx
-	xor	edi,		ebx
-	lea	eax,		DWORD PTR 681279174[ebp*1+eax]
-	add	eax,		edi
-	mov	ebp,		DWORD PTR [esi]
-	rol	eax,		4
-	mov	edi,		ebx
-	; R2 41
-	lea	edx,		DWORD PTR 3936430074[ebp*1+edx]
-	add	eax,		ebx
-	xor	edi,		ecx
-	xor	edi,		eax
-	mov	ebp,		DWORD PTR 12[esi]
-	add	edx,		edi
-	mov	edi,		eax
-	rol	edx,		11
-	add	edx,		eax
-	; R2 42
-	xor	edi,		ebx
-	xor	edi,		edx
-	lea	ecx,		DWORD PTR 3572445317[ebp*1+ecx]
-	add	ecx,		edi
-	mov	ebp,		DWORD PTR 24[esi]
-	rol	ecx,		16
-	mov	edi,		edx
-	; R2 43
-	lea	ebx,		DWORD PTR 76029189[ebp*1+ebx]
-	add	ecx,		edx
-	xor	edi,		eax
-	xor	edi,		ecx
-	mov	ebp,		DWORD PTR 36[esi]
-	add	ebx,		edi
-	mov	edi,		ecx
-	rol	ebx,		23
-	add	ebx,		ecx
-	; R2 44
-	xor	edi,		edx
-	xor	edi,		ebx
-	lea	eax,		DWORD PTR 3654602809[ebp*1+eax]
-	add	eax,		edi
-	mov	ebp,		DWORD PTR 48[esi]
-	rol	eax,		4
-	mov	edi,		ebx
-	; R2 45
-	lea	edx,		DWORD PTR 3873151461[ebp*1+edx]
-	add	eax,		ebx
-	xor	edi,		ecx
-	xor	edi,		eax
-	mov	ebp,		DWORD PTR 60[esi]
-	add	edx,		edi
-	mov	edi,		eax
-	rol	edx,		11
-	add	edx,		eax
-	; R2 46
-	xor	edi,		ebx
-	xor	edi,		edx
-	lea	ecx,		DWORD PTR 530742520[ebp*1+ecx]
-	add	ecx,		edi
-	mov	ebp,		DWORD PTR 8[esi]
-	rol	ecx,		16
-	mov	edi,		edx
-	; R2 47
-	lea	ebx,		DWORD PTR 3299628645[ebp*1+ebx]
-	add	ecx,		edx
-	xor	edi,		eax
-	xor	edi,		ecx
-	mov	ebp,		DWORD PTR [esi]
-	add	ebx,		edi
-	mov	edi,		-1
-	rol	ebx,		23
-	add	ebx,		ecx
-	; 
-	; R3 section
-	; R3 48
-	xor	edi,		edx
-	or	edi,		ebx
-	lea	eax,		DWORD PTR 4096336452[ebp*1+eax]
-	xor	edi,		ecx
-	mov	ebp,		DWORD PTR 28[esi]
-	add	eax,		edi
-	mov	edi,		-1
-	rol	eax,		6
-	xor	edi,		ecx
-	add	eax,		ebx
-	; R3 49
-	or	edi,		eax
-	lea	edx,		DWORD PTR 1126891415[ebp*1+edx]
-	xor	edi,		ebx
-	mov	ebp,		DWORD PTR 56[esi]
-	add	edx,		edi
-	mov	edi,		-1
-	rol	edx,		10
-	xor	edi,		ebx
-	add	edx,		eax
-	; R3 50
-	or	edi,		edx
-	lea	ecx,		DWORD PTR 2878612391[ebp*1+ecx]
-	xor	edi,		eax
-	mov	ebp,		DWORD PTR 20[esi]
-	add	ecx,		edi
-	mov	edi,		-1
-	rol	ecx,		15
-	xor	edi,		eax
-	add	ecx,		edx
-	; R3 51
-	or	edi,		ecx
-	lea	ebx,		DWORD PTR 4237533241[ebp*1+ebx]
-	xor	edi,		edx
-	mov	ebp,		DWORD PTR 48[esi]
-	add	ebx,		edi
-	mov	edi,		-1
-	rol	ebx,		21
-	xor	edi,		edx
-	add	ebx,		ecx
-	; R3 52
-	or	edi,		ebx
-	lea	eax,		DWORD PTR 1700485571[ebp*1+eax]
-	xor	edi,		ecx
-	mov	ebp,		DWORD PTR 12[esi]
-	add	eax,		edi
-	mov	edi,		-1
-	rol	eax,		6
-	xor	edi,		ecx
-	add	eax,		ebx
-	; R3 53
-	or	edi,		eax
-	lea	edx,		DWORD PTR 2399980690[ebp*1+edx]
-	xor	edi,		ebx
-	mov	ebp,		DWORD PTR 40[esi]
-	add	edx,		edi
-	mov	edi,		-1
-	rol	edx,		10
-	xor	edi,		ebx
-	add	edx,		eax
-	; R3 54
-	or	edi,		edx
-	lea	ecx,		DWORD PTR 4293915773[ebp*1+ecx]
-	xor	edi,		eax
-	mov	ebp,		DWORD PTR 4[esi]
-	add	ecx,		edi
-	mov	edi,		-1
-	rol	ecx,		15
-	xor	edi,		eax
-	add	ecx,		edx
-	; R3 55
-	or	edi,		ecx
-	lea	ebx,		DWORD PTR 2240044497[ebp*1+ebx]
-	xor	edi,		edx
-	mov	ebp,		DWORD PTR 32[esi]
-	add	ebx,		edi
-	mov	edi,		-1
-	rol	ebx,		21
-	xor	edi,		edx
-	add	ebx,		ecx
-	; R3 56
-	or	edi,		ebx
-	lea	eax,		DWORD PTR 1873313359[ebp*1+eax]
-	xor	edi,		ecx
-	mov	ebp,		DWORD PTR 60[esi]
-	add	eax,		edi
-	mov	edi,		-1
-	rol	eax,		6
-	xor	edi,		ecx
-	add	eax,		ebx
-	; R3 57
-	or	edi,		eax
-	lea	edx,		DWORD PTR 4264355552[ebp*1+edx]
-	xor	edi,		ebx
-	mov	ebp,		DWORD PTR 24[esi]
-	add	edx,		edi
-	mov	edi,		-1
-	rol	edx,		10
-	xor	edi,		ebx
-	add	edx,		eax
-	; R3 58
-	or	edi,		edx
-	lea	ecx,		DWORD PTR 2734768916[ebp*1+ecx]
-	xor	edi,		eax
-	mov	ebp,		DWORD PTR 52[esi]
-	add	ecx,		edi
-	mov	edi,		-1
-	rol	ecx,		15
-	xor	edi,		eax
-	add	ecx,		edx
-	; R3 59
-	or	edi,		ecx
-	lea	ebx,		DWORD PTR 1309151649[ebp*1+ebx]
-	xor	edi,		edx
-	mov	ebp,		DWORD PTR 16[esi]
-	add	ebx,		edi
-	mov	edi,		-1
-	rol	ebx,		21
-	xor	edi,		edx
-	add	ebx,		ecx
-	; R3 60
-	or	edi,		ebx
-	lea	eax,		DWORD PTR 4149444226[ebp*1+eax]
-	xor	edi,		ecx
-	mov	ebp,		DWORD PTR 44[esi]
-	add	eax,		edi
-	mov	edi,		-1
-	rol	eax,		6
-	xor	edi,		ecx
-	add	eax,		ebx
-	; R3 61
-	or	edi,		eax
-	lea	edx,		DWORD PTR 3174756917[ebp*1+edx]
-	xor	edi,		ebx
-	mov	ebp,		DWORD PTR 8[esi]
-	add	edx,		edi
-	mov	edi,		-1
-	rol	edx,		10
-	xor	edi,		ebx
-	add	edx,		eax
-	; R3 62
-	or	edi,		edx
-	lea	ecx,		DWORD PTR 718787259[ebp*1+ecx]
-	xor	edi,		eax
-	mov	ebp,		DWORD PTR 36[esi]
-	add	ecx,		edi
-	mov	edi,		-1
-	rol	ecx,		15
-	xor	edi,		eax
-	add	ecx,		edx
-	; R3 63
-	or	edi,		ecx
-	lea	ebx,		DWORD PTR 3951481745[ebp*1+ebx]
-	xor	edi,		edx
-	mov	ebp,		DWORD PTR 24[esp]
-	add	ebx,		edi
-	add	esi,		64
-	rol	ebx,		21
-	mov	edi,		DWORD PTR [ebp]
-	add	ebx,		ecx
-	add	eax,		edi
-	mov	edi,		DWORD PTR 4[ebp]
-	add	ebx,		edi
-	mov	edi,		DWORD PTR 8[ebp]
-	add	ecx,		edi
-	mov	edi,		DWORD PTR 12[ebp]
-	add	edx,		edi
-	mov	DWORD PTR [ebp],eax
-	mov	DWORD PTR 4[ebp],ebx
-	mov	edi,		DWORD PTR [esp]
-	mov	DWORD PTR 8[ebp],ecx
-	mov	DWORD PTR 12[ebp],edx
-	cmp	edi,		esi
-	jge	L000start
-	pop	eax
-	pop	ebx
-	pop	ebp
-	pop	edi
-	pop	esi
-	ret
-_md5_block_x86 ENDP
-_TEXT	ENDS
-END
diff --git a/crypto/md5/asm/md5-586.pl b/crypto/md5/asm/md5-586.pl
index b1238e0385..5fc6a205ce 100644
--- a/crypto/md5/asm/md5-586.pl
+++ b/crypto/md5/asm/md5-586.pl
@@ -29,7 +29,7 @@ $X="esi";
  0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9,	# R3
  );
 
-&md5_block("md5_block_x86");
+&md5_block("md5_block_asm_host_order");
 &asm_finish();
 
 sub Np
@@ -44,7 +44,7 @@ sub R0
 	local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_;
 
 	&mov($tmp1,$C)  if $pos < 0;
-	 &mov($tmp2,&DWP($xo[$ki]*4,$K,"",0)) if $pos < 0; # very first one 
+	&mov($tmp2,&DWP($xo[$ki]*4,$K,"",0)) if $pos < 0; # very first one 
 
 	# body proper
 
@@ -54,7 +54,6 @@ sub R0
 	&and($tmp1,$b); # F function - part 3
 	&lea($a,&DWP($t,$a,$tmp2,1));
 
-	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
 	&xor($tmp1,$d); # F function - part 4
 
 	&add($a,$tmp1);
@@ -62,8 +61,10 @@ sub R0
 	&mov($tmp1,&Np($c)) if $pos == 1;	# next tmp1 for R1
 
 	&rotl($a,$s);
-	&add($a,$b);
 
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
+
+	&add($a,$b);
 	}
 
 sub R1
@@ -100,16 +101,16 @@ if (($n & 1) == 0)
 	# make sure to do 'D' first, not 'B', else we clash with
 	# the last add from the previous round.
 
-	 &xor($tmp1,$d); # H function - part 2
+	&xor($tmp1,$d); # H function - part 2
 
 	&xor($tmp1,$b); # H function - part 3
-	 &lea($a,&DWP($t,$a,$tmp2,1));
+	&lea($a,&DWP($t,$a,$tmp2,1));
 
 	&add($a,$tmp1);
-	 &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0));
 
 	&rotl($a,$s);
 
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0));
 	&mov($tmp1,&Np($c));
 	}
 else
@@ -118,17 +119,17 @@ else
 	# make sure to do 'D' first, not 'B', else we clash with
 	# the last add from the previous round.
 
-	 &lea($a,&DWP($t,$a,$tmp2,1));
+	&lea($a,&DWP($t,$a,$tmp2,1));
 
 	&add($b,$c);			# MOVED FORWARD
-	 &xor($tmp1,$d); # H function - part 2
+	&xor($tmp1,$d); # H function - part 2
 
 	&xor($tmp1,$b); # H function - part 3
-	 &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2);
 
 	&add($a,$tmp1);
-	 &mov($tmp1,&Np($c)) if $pos < 1;	# H function - part 1
-	 &mov($tmp1,-1) if $pos == 1;		# I function - part 1
+	&mov($tmp1,&Np($c)) if $pos < 1;	# H function - part 1
+	&mov($tmp1,-1) if $pos == 1;		# I function - part 1
 
 	&rotl($a,$s);
 
@@ -146,21 +147,21 @@ sub R3
 	&xor($tmp1,$d) if $pos < 0; 	# I function - part 2
 
 	&or($tmp1,$b);				# I function - part 3
-	 &lea($a,&DWP($t,$a,$tmp2,1));
+	&lea($a,&DWP($t,$a,$tmp2,1));
 
 	&xor($tmp1,$c); 			# I function - part 4
-	 &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0))	if $pos != 2; # load X/k value
-	 &mov($tmp2,&wparam(0)) if $pos == 2;
+	&mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0))	if $pos != 2; # load X/k value
+	&mov($tmp2,&wparam(0)) if $pos == 2;
 
 	&add($a,$tmp1);
-	 &mov($tmp1,-1) if $pos < 1;	# H function - part 1
-	 &add($K,64) if $pos >=1 && !$normal;
+	&mov($tmp1,-1) if $pos < 1;	# H function - part 1
+	&add($K,64) if $pos >=1 && !$normal;
 
 	&rotl($a,$s);
 
 	&xor($tmp1,&Np($d)) if $pos <= 0; 	# I function - part = first time
 	&mov($tmp1,&DWP( 0,$tmp2,"",0)) if $pos > 0;
-	 &add($a,$b);
+	&add($a,$b);
 	}
 
 
@@ -182,6 +183,7 @@ sub md5_block
 	 &mov($X,	&wparam(1)); # esi
 	&mov($C,	&wparam(2));
 	 &push("ebp");
+	&shl($C,	6);
 	&push("ebx");
 	 &add($C,	$X); # offset we end at
 	&sub($C,	64);
diff --git a/crypto/md5/asm/md5-sparcv9.S b/crypto/md5/asm/md5-sparcv9.S
new file mode 100644
index 0000000000..a599ed5660
--- /dev/null
+++ b/crypto/md5/asm/md5-sparcv9.S
@@ -0,0 +1,1029 @@
+.ident	"md5-sparcv9.S, Version 1.0"
+.ident	"SPARC V9 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+.file	"md5-sparcv9.S"
+
+/*
+ * ====================================================================
+ * Copyright (c) 1999 Andy Polyakov <appro@fy.chalmers.se>.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted as long as above copyright notices are retained. Warranty
+ * of any kind is (of course:-) disclaimed.
+ * ====================================================================
+ */
+
+/*
+ * This is my modest contribution to OpenSSL project (see
+ * http://www.openssl.org/ for more information about it) and is an
+ * assembler implementation of MD5 block hash function. I've hand-coded
+ * this for the sole reason to reach UltraSPARC-specific "load in
+ * little-endian byte order" instruction. This gives up to 15%
+ * performance improvement for cases when input message is aligned at
+ * 32 bits boundary. The module was tested under both 32 *and* 64 bit
+ * kernels. For updates see http://fy.chalmers.se/~appro/hpe/.
+ *
+ * To compile with SC4.x/SC5.x:
+ *
+ *	cc -xarch=v[9|8plus] -DOPENSSL_SYSNAME_ULTRASPARC -DMD5_BLOCK_DATA_ORDER \
+ *		-c md5-sparcv9.S
+ *
+ * and with gcc:
+ *
+ *	gcc -mcpu=ultrasparc -DOPENSSL_SYSNAME_ULTRASPARC -DMD5_BLOCK_DATA_ORDER \
+ *		-c md5-sparcv9.S
+ *
+ * or if above fails (it does if you have gas):
+ *
+ *	gcc -E -DULTRASPARC -DMD5_BLOCK_DATA_ORDER md5_block.sparc.S | \
+ *		as -xarch=v8plus /dev/fd/0 -o md5-sparcv9.o
+ */
+
+#define	A	%o0
+#define B	%o1
+#define	C	%o2
+#define	D	%o3
+#define	T1	%o4
+#define	T2	%o5
+
+#define	R0	%l0
+#define	R1	%l1
+#define	R2	%l2
+#define	R3	%l3
+#define	R4	%l4
+#define	R5	%l5
+#define	R6	%l6
+#define	R7	%l7
+#define	R8	%i3
+#define	R9	%i4
+#define	R10	%i5
+#define	R11	%g1
+#define R12	%g2
+#define	R13	%g3
+#define RX	%g4
+
+#define Aptr	%i0+0
+#define Bptr	%i0+4
+#define Cptr	%i0+8
+#define Dptr	%i0+12
+
+#define Aval	R5	/* those not used at the end of the last round */
+#define Bval	R6
+#define Cval	R7
+#define Dval	R8
+
+#if defined(MD5_BLOCK_DATA_ORDER)
+# if defined(OPENSSL_SYSNAME_ULTRASPARC)
+#  define	LOAD			lda
+#  define	X(i)			[%i1+i*4]%asi
+#  define	md5_block		md5_block_asm_data_order_aligned
+#  define	ASI_PRIMARY_LITTLE	0x88
+# else
+#  error "MD5_BLOCK_DATA_ORDER is supported only on UltraSPARC!"
+# endif
+#else
+# define	LOAD			ld
+# define	X(i)			[%i1+i*4]
+# define	md5_block		md5_block_asm_host_order
+#endif
+
+.section        ".text",#alloc,#execinstr
+
+#if defined(__SUNPRO_C) && defined(__sparcv9)
+  /* They've said -xarch=v9 at command line */
+  .register	%g2,#scratch
+  .register	%g3,#scratch
+# define	FRAME	-192
+#elif defined(__GNUC__) && defined(__arch64__)
+  /* They've said -m64 at command line */
+  .register     %g2,#scratch
+  .register     %g3,#scratch
+# define        FRAME   -192
+#else
+# define	FRAME	-96
+#endif
+
+.align  32
+
+.global md5_block
+md5_block:
+	save	%sp,FRAME,%sp
+
+	ld	[Dptr],D
+	ld	[Cptr],C
+	ld	[Bptr],B
+	ld	[Aptr],A
+#ifdef ASI_PRIMARY_LITTLE
+	rd	%asi,%o7	! How dare I? Well, I just do:-)
+	wr	%g0,ASI_PRIMARY_LITTLE,%asi
+#endif
+	LOAD	X(0),R0
+
+.Lmd5_block_loop:
+
+!!!!!!!!Round 0
+
+	xor	C,D,T1
+	sethi	%hi(0xd76aa478),T2
+	and	T1,B,T1
+	or	T2,%lo(0xd76aa478),T2	!=
+	xor	T1,D,T1
+	add	T1,R0,T1
+	LOAD	X(1),R1
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,7,T2
+	srl	A,32-7,A
+	or	A,T2,A			!=
+	 xor	 B,C,T1
+	add	A,B,A
+
+	sethi	%hi(0xe8c7b756),T2
+	and	T1,A,T1			!=
+	or	T2,%lo(0xe8c7b756),T2
+	xor	T1,C,T1
+	LOAD	X(2),R2
+	add	T1,R1,T1		!=
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,12,T2
+	srl	D,32-12,D		!=
+	or	D,T2,D
+	 xor	 A,B,T1
+	add	D,A,D
+
+	sethi	%hi(0x242070db),T2	!=
+	and	T1,D,T1
+	or	T2,%lo(0x242070db),T2
+	xor	T1,B,T1
+	add	T1,R2,T1		!=
+	LOAD	X(3),R3
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,17,T2			!=
+	srl	C,32-17,C
+	or	C,T2,C
+	 xor	 D,A,T1
+	add	C,D,C			!=
+
+	sethi	%hi(0xc1bdceee),T2
+	and	T1,C,T1
+	or	T2,%lo(0xc1bdceee),T2
+	xor	T1,A,T1			!=
+	add	T1,R3,T1
+	LOAD	X(4),R4
+	add	T1,T2,T1
+	add	B,T1,B			!=
+	sll	B,22,T2
+	srl	B,32-22,B
+	or	B,T2,B
+	 xor	 C,D,T1			!=
+	add	B,C,B
+
+	sethi	%hi(0xf57c0faf),T2
+	and	T1,B,T1
+	or	T2,%lo(0xf57c0faf),T2	!=
+	xor	T1,D,T1
+	add	T1,R4,T1
+	LOAD	X(5),R5
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,7,T2
+	srl	A,32-7,A
+	or	A,T2,A			!=
+	 xor	 B,C,T1
+	add	A,B,A
+
+	sethi	%hi(0x4787c62a),T2
+	and	T1,A,T1			!=
+	or	T2,%lo(0x4787c62a),T2
+	xor	T1,C,T1
+	LOAD	X(6),R6
+	add	T1,R5,T1		!=
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,12,T2
+	srl	D,32-12,D		!=
+	or	D,T2,D
+	 xor	 A,B,T1
+	add	D,A,D
+
+	sethi	%hi(0xa8304613),T2	!=
+	and	T1,D,T1
+	or	T2,%lo(0xa8304613),T2
+	xor	T1,B,T1
+	add	T1,R6,T1		!=
+	LOAD	X(7),R7
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,17,T2			!=
+	srl	C,32-17,C
+	or	C,T2,C
+	 xor	 D,A,T1
+	add	C,D,C			!=
+
+	sethi	%hi(0xfd469501),T2
+	and	T1,C,T1
+	or	T2,%lo(0xfd469501),T2
+	xor	T1,A,T1			!=
+	add	T1,R7,T1
+	LOAD	X(8),R8
+	add	T1,T2,T1
+	add	B,T1,B			!=
+	sll	B,22,T2
+	srl	B,32-22,B
+	or	B,T2,B
+	 xor	 C,D,T1			!=
+	add	B,C,B
+
+	sethi	%hi(0x698098d8),T2
+	and	T1,B,T1
+	or	T2,%lo(0x698098d8),T2	!=
+	xor	T1,D,T1
+	add	T1,R8,T1
+	LOAD	X(9),R9
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,7,T2
+	srl	A,32-7,A
+	or	A,T2,A			!=
+	 xor	 B,C,T1
+	add	A,B,A
+
+	sethi	%hi(0x8b44f7af),T2
+	and	T1,A,T1			!=
+	or	T2,%lo(0x8b44f7af),T2
+	xor	T1,C,T1
+	LOAD	X(10),R10
+	add	T1,R9,T1		!=
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,12,T2
+	srl	D,32-12,D		!=
+	or	D,T2,D
+	 xor	 A,B,T1
+	add	D,A,D
+
+	sethi	%hi(0xffff5bb1),T2	!=
+	and	T1,D,T1
+	or	T2,%lo(0xffff5bb1),T2
+	xor	T1,B,T1
+	add	T1,R10,T1		!=
+	LOAD	X(11),R11
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,17,T2			!=
+	srl	C,32-17,C
+	or	C,T2,C
+	 xor	 D,A,T1
+	add	C,D,C			!=
+
+	sethi	%hi(0x895cd7be),T2
+	and	T1,C,T1
+	or	T2,%lo(0x895cd7be),T2
+	xor	T1,A,T1			!=
+	add	T1,R11,T1
+	LOAD	X(12),R12
+	add	T1,T2,T1
+	add	B,T1,B			!=
+	sll	B,22,T2
+	srl	B,32-22,B
+	or	B,T2,B
+	 xor	 C,D,T1			!=
+	add	B,C,B
+
+	sethi	%hi(0x6b901122),T2
+	and	T1,B,T1
+	or	T2,%lo(0x6b901122),T2	!=
+	xor	T1,D,T1
+	add	T1,R12,T1
+	LOAD	X(13),R13
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,7,T2
+	srl	A,32-7,A
+	or	A,T2,A			!=
+	 xor	 B,C,T1
+	add	A,B,A
+
+	sethi	%hi(0xfd987193),T2
+	and	T1,A,T1			!=
+	or	T2,%lo(0xfd987193),T2
+	xor	T1,C,T1
+	LOAD	X(14),RX
+	add	T1,R13,T1		!=
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,12,T2
+	srl	D,32-12,D		!=
+	or	D,T2,D
+	 xor	 A,B,T1
+	add	D,A,D
+
+	sethi	%hi(0xa679438e),T2	!=
+	and	T1,D,T1
+	or	T2,%lo(0xa679438e),T2
+	xor	T1,B,T1
+	add	T1,RX,T1		!=
+	LOAD	X(15),RX
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,17,T2			!=
+	srl	C,32-17,C
+	or	C,T2,C
+	 xor	 D,A,T1
+	add	C,D,C			!=
+
+	sethi	%hi(0x49b40821),T2
+	and	T1,C,T1
+	or	T2,%lo(0x49b40821),T2
+	xor	T1,A,T1			!=
+	add	T1,RX,T1
+	!pre-LOADed	X(1),R1
+	add	T1,T2,T1
+	add	B,T1,B
+	sll	B,22,T2			!=
+	srl	B,32-22,B
+	or	B,T2,B
+	add	B,C,B
+
+!!!!!!!!Round 1
+
+	xor	B,C,T1			!=
+	sethi	%hi(0xf61e2562),T2
+	and	T1,D,T1
+	or	T2,%lo(0xf61e2562),T2
+	xor	T1,C,T1			!=
+	add	T1,R1,T1
+	!pre-LOADed	X(6),R6
+	add	T1,T2,T1
+	add	A,T1,A
+	sll	A,5,T2			!=
+	srl	A,32-5,A
+	or	A,T2,A
+	add	A,B,A
+
+	xor	A,B,T1			!=
+	sethi	%hi(0xc040b340),T2
+	and	T1,C,T1
+	or	T2,%lo(0xc040b340),T2
+	xor	T1,B,T1			!=
+	add	T1,R6,T1
+	!pre-LOADed	X(11),R11
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,9,T2			!=
+	srl	D,32-9,D
+	or	D,T2,D
+	add	D,A,D
+
+	xor	D,A,T1			!=
+	sethi	%hi(0x265e5a51),T2
+	and	T1,B,T1
+	or	T2,%lo(0x265e5a51),T2
+	xor	T1,A,T1			!=
+	add	T1,R11,T1
+	!pre-LOADed	X(0),R0
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,14,T2			!=
+	srl	C,32-14,C
+	or	C,T2,C
+	add	C,D,C
+
+	xor	C,D,T1			!=
+	sethi	%hi(0xe9b6c7aa),T2
+	and	T1,A,T1
+	or	T2,%lo(0xe9b6c7aa),T2
+	xor	T1,D,T1			!=
+	add	T1,R0,T1
+	!pre-LOADed	X(5),R5
+	add	T1,T2,T1
+	add	B,T1,B
+	sll	B,20,T2			!=
+	srl	B,32-20,B
+	or	B,T2,B
+	add	B,C,B
+
+	xor	B,C,T1			!=
+	sethi	%hi(0xd62f105d),T2
+	and	T1,D,T1
+	or	T2,%lo(0xd62f105d),T2
+	xor	T1,C,T1			!=
+	add	T1,R5,T1
+	!pre-LOADed	X(10),R10
+	add	T1,T2,T1
+	add	A,T1,A
+	sll	A,5,T2			!=
+	srl	A,32-5,A
+	or	A,T2,A
+	add	A,B,A
+
+	xor	A,B,T1			!=
+	sethi	%hi(0x02441453),T2
+	and	T1,C,T1
+	or	T2,%lo(0x02441453),T2
+	xor	T1,B,T1			!=
+	add	T1,R10,T1
+	LOAD	X(15),RX
+	add	T1,T2,T1
+	add	D,T1,D			!=
+	sll	D,9,T2
+	srl	D,32-9,D
+	or	D,T2,D
+	add	D,A,D			!=
+
+	xor	D,A,T1
+	sethi	%hi(0xd8a1e681),T2
+	and	T1,B,T1
+	or	T2,%lo(0xd8a1e681),T2	!=
+	xor	T1,A,T1
+	add	T1,RX,T1
+	!pre-LOADed	X(4),R4
+	add	T1,T2,T1
+	add	C,T1,C			!=
+	sll	C,14,T2
+	srl	C,32-14,C
+	or	C,T2,C
+	add	C,D,C			!=
+
+	xor	C,D,T1
+	sethi	%hi(0xe7d3fbc8),T2
+	and	T1,A,T1
+	or	T2,%lo(0xe7d3fbc8),T2	!=
+	xor	T1,D,T1
+	add	T1,R4,T1
+	!pre-LOADed	X(9),R9
+	add	T1,T2,T1
+	add	B,T1,B			!=
+	sll	B,20,T2
+	srl	B,32-20,B
+	or	B,T2,B
+	add	B,C,B			!=
+
+	xor	B,C,T1
+	sethi	%hi(0x21e1cde6),T2
+	and	T1,D,T1
+	or	T2,%lo(0x21e1cde6),T2	!=
+	xor	T1,C,T1
+	add	T1,R9,T1
+	LOAD	X(14),RX
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,5,T2
+	srl	A,32-5,A
+	or	A,T2,A			!=
+	add	A,B,A
+
+	xor	A,B,T1
+	sethi	%hi(0xc33707d6),T2
+	and	T1,C,T1			!=
+	or	T2,%lo(0xc33707d6),T2
+	xor	T1,B,T1
+	add	T1,RX,T1
+	!pre-LOADed	X(3),R3
+	add	T1,T2,T1		!=
+	add	D,T1,D
+	sll	D,9,T2
+	srl	D,32-9,D
+	or	D,T2,D			!=
+	add	D,A,D
+
+	xor	D,A,T1
+	sethi	%hi(0xf4d50d87),T2
+	and	T1,B,T1			!=
+	or	T2,%lo(0xf4d50d87),T2
+	xor	T1,A,T1
+	add	T1,R3,T1
+	!pre-LOADed	X(8),R8
+	add	T1,T2,T1		!=
+	add	C,T1,C
+	sll	C,14,T2
+	srl	C,32-14,C
+	or	C,T2,C			!=
+	add	C,D,C
+
+	xor	C,D,T1
+	sethi	%hi(0x455a14ed),T2
+	and	T1,A,T1			!=
+	or	T2,%lo(0x455a14ed),T2
+	xor	T1,D,T1
+	add	T1,R8,T1
+	!pre-LOADed	X(13),R13
+	add	T1,T2,T1		!=
+	add	B,T1,B
+	sll	B,20,T2
+	srl	B,32-20,B
+	or	B,T2,B			!=
+	add	B,C,B
+
+	xor	B,C,T1
+	sethi	%hi(0xa9e3e905),T2
+	and	T1,D,T1			!=
+	or	T2,%lo(0xa9e3e905),T2
+	xor	T1,C,T1
+	add	T1,R13,T1
+	!pre-LOADed	X(2),R2
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,5,T2
+	srl	A,32-5,A
+	or	A,T2,A			!=
+	add	A,B,A
+
+	xor	A,B,T1
+	sethi	%hi(0xfcefa3f8),T2
+	and	T1,C,T1			!=
+	or	T2,%lo(0xfcefa3f8),T2
+	xor	T1,B,T1
+	add	T1,R2,T1
+	!pre-LOADed	X(7),R7
+	add	T1,T2,T1		!=
+	add	D,T1,D
+	sll	D,9,T2
+	srl	D,32-9,D
+	or	D,T2,D			!=
+	add	D,A,D
+
+	xor	D,A,T1
+	sethi	%hi(0x676f02d9),T2
+	and	T1,B,T1			!=
+	or	T2,%lo(0x676f02d9),T2
+	xor	T1,A,T1
+	add	T1,R7,T1
+	!pre-LOADed	X(12),R12
+	add	T1,T2,T1		!=
+	add	C,T1,C
+	sll	C,14,T2
+	srl	C,32-14,C
+	or	C,T2,C			!=
+	add	C,D,C
+
+	xor	C,D,T1
+	sethi	%hi(0x8d2a4c8a),T2
+	and	T1,A,T1			!=
+	or	T2,%lo(0x8d2a4c8a),T2
+	xor	T1,D,T1
+	add	T1,R12,T1
+	!pre-LOADed	X(5),R5
+	add	T1,T2,T1		!=
+	add	B,T1,B
+	sll	B,20,T2
+	srl	B,32-20,B
+	or	B,T2,B			!=
+	add	B,C,B
+
+!!!!!!!!Round 2
+
+	xor	B,C,T1
+	sethi	%hi(0xfffa3942),T2
+	xor	T1,D,T1			!=
+	or	T2,%lo(0xfffa3942),T2
+	add	T1,R5,T1
+	!pre-LOADed	X(8),R8
+	add	T1,T2,T1
+	add	A,T1,A			!=
+	sll	A,4,T2
+	srl	A,32-4,A
+	or	A,T2,A
+	add	A,B,A			!=
+
+	xor	A,B,T1
+	sethi	%hi(0x8771f681),T2
+	xor	T1,C,T1
+	or	T2,%lo(0x8771f681),T2	!=
+	add	T1,R8,T1
+	!pre-LOADed	X(11),R11
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,11,T2			!=
+	srl	D,32-11,D
+	or	D,T2,D
+	add	D,A,D
+
+	xor	D,A,T1			!=
+	sethi	%hi(0x6d9d6122),T2
+	xor	T1,B,T1
+	or	T2,%lo(0x6d9d6122),T2
+	add	T1,R11,T1		!=
+	LOAD	X(14),RX
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,16,T2			!=
+	srl	C,32-16,C
+	or	C,T2,C
+	add	C,D,C
+
+	xor	C,D,T1			!=
+	sethi	%hi(0xfde5380c),T2
+	xor	T1,A,T1
+	or	T2,%lo(0xfde5380c),T2
+	add	T1,RX,T1		!=
+	!pre-LOADed	X(1),R1
+	add	T1,T2,T1
+	add	B,T1,B
+	sll	B,23,T2
+	srl	B,32-23,B		!=
+	or	B,T2,B
+	add	B,C,B
+
+	xor	B,C,T1
+	sethi	%hi(0xa4beea44),T2	!=
+	xor	T1,D,T1
+	or	T2,%lo(0xa4beea44),T2
+	add	T1,R1,T1
+	!pre-LOADed	X(4),R4
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,4,T2
+	srl	A,32-4,A
+	or	A,T2,A			!=
+	add	A,B,A
+
+	xor	A,B,T1
+	sethi	%hi(0x4bdecfa9),T2
+	xor	T1,C,T1			!=
+	or	T2,%lo(0x4bdecfa9),T2
+	add	T1,R4,T1
+	!pre-LOADed	X(7),R7
+	add	T1,T2,T1
+	add	D,T1,D			!=
+	sll	D,11,T2
+	srl	D,32-11,D
+	or	D,T2,D
+	add	D,A,D			!=
+
+	xor	D,A,T1
+	sethi	%hi(0xf6bb4b60),T2
+	xor	T1,B,T1
+	or	T2,%lo(0xf6bb4b60),T2	!=
+	add	T1,R7,T1
+	!pre-LOADed	X(10),R10
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,16,T2			!=
+	srl	C,32-16,C
+	or	C,T2,C
+	add	C,D,C
+
+	xor	C,D,T1			!=
+	sethi	%hi(0xbebfbc70),T2
+	xor	T1,A,T1
+	or	T2,%lo(0xbebfbc70),T2
+	add	T1,R10,T1		!=
+	!pre-LOADed	X(13),R13
+	add	T1,T2,T1
+	add	B,T1,B
+	sll	B,23,T2
+	srl	B,32-23,B		!=
+	or	B,T2,B
+	add	B,C,B
+
+	xor	B,C,T1
+	sethi	%hi(0x289b7ec6),T2	!=
+	xor	T1,D,T1
+	or	T2,%lo(0x289b7ec6),T2
+	add	T1,R13,T1
+	!pre-LOADed	X(0),R0
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,4,T2
+	srl	A,32-4,A
+	or	A,T2,A			!=
+	add	A,B,A
+
+	xor	A,B,T1
+	sethi	%hi(0xeaa127fa),T2
+	xor	T1,C,T1			!=
+	or	T2,%lo(0xeaa127fa),T2
+	add	T1,R0,T1
+	!pre-LOADed	X(3),R3
+	add	T1,T2,T1
+	add	D,T1,D			!=
+	sll	D,11,T2
+	srl	D,32-11,D
+	or	D,T2,D
+	add	D,A,D			!=
+
+	xor	D,A,T1
+	sethi	%hi(0xd4ef3085),T2
+	xor	T1,B,T1
+	or	T2,%lo(0xd4ef3085),T2	!=
+	add	T1,R3,T1
+	!pre-LOADed	X(6),R6
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,16,T2			!=
+	srl	C,32-16,C
+	or	C,T2,C
+	add	C,D,C
+
+	xor	C,D,T1			!=
+	sethi	%hi(0x04881d05),T2
+	xor	T1,A,T1
+	or	T2,%lo(0x04881d05),T2
+	add	T1,R6,T1		!=
+	!pre-LOADed	X(9),R9
+	add	T1,T2,T1
+	add	B,T1,B
+	sll	B,23,T2
+	srl	B,32-23,B		!=
+	or	B,T2,B
+	add	B,C,B
+
+	xor	B,C,T1
+	sethi	%hi(0xd9d4d039),T2	!=
+	xor	T1,D,T1
+	or	T2,%lo(0xd9d4d039),T2
+	add	T1,R9,T1
+	!pre-LOADed	X(12),R12
+	add	T1,T2,T1		!=
+	add	A,T1,A
+	sll	A,4,T2
+	srl	A,32-4,A
+	or	A,T2,A			!=
+	add	A,B,A
+
+	xor	A,B,T1
+	sethi	%hi(0xe6db99e5),T2
+	xor	T1,C,T1			!=
+	or	T2,%lo(0xe6db99e5),T2
+	add	T1,R12,T1
+	LOAD	X(15),RX
+	add	T1,T2,T1		!=
+	add	D,T1,D
+	sll	D,11,T2
+	srl	D,32-11,D
+	or	D,T2,D			!=
+	add	D,A,D
+
+	xor	D,A,T1
+	sethi	%hi(0x1fa27cf8),T2
+	xor	T1,B,T1			!=
+	or	T2,%lo(0x1fa27cf8),T2
+	add	T1,RX,T1
+	!pre-LOADed	X(2),R2
+	add	T1,T2,T1
+	add	C,T1,C			!=
+	sll	C,16,T2
+	srl	C,32-16,C
+	or	C,T2,C
+	add	C,D,C			!=
+
+	xor	C,D,T1
+	sethi	%hi(0xc4ac5665),T2
+	xor	T1,A,T1
+	or	T2,%lo(0xc4ac5665),T2	!=
+	add	T1,R2,T1
+	!pre-LOADed	X(0),R0
+	add	T1,T2,T1
+	add	B,T1,B
+	sll	B,23,T2			!=
+	srl	B,32-23,B
+	or	B,T2,B
+	add	B,C,B
+
+!!!!!!!!Round 3
+
+	orn	B,D,T1			!=
+	sethi	%hi(0xf4292244),T2
+	xor	T1,C,T1
+	or	T2,%lo(0xf4292244),T2
+	add	T1,R0,T1		!=
+	!pre-LOADed	X(7),R7
+	add	T1,T2,T1
+	add	A,T1,A
+	sll	A,6,T2
+	srl	A,32-6,A		!=
+	or	A,T2,A
+	add	A,B,A
+
+	orn	A,C,T1
+	sethi	%hi(0x432aff97),T2	!=
+	xor	T1,B,T1
+	or	T2,%lo(0x432aff97),T2
+	LOAD	X(14),RX
+	add	T1,R7,T1		!=
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,10,T2
+	srl	D,32-10,D		!=
+	or	D,T2,D
+	add	D,A,D
+
+	orn	D,B,T1
+	sethi	%hi(0xab9423a7),T2	!=
+	xor	T1,A,T1
+	or	T2,%lo(0xab9423a7),T2
+	add	T1,RX,T1
+	!pre-LOADed	X(5),R5
+	add	T1,T2,T1		!=
+	add	C,T1,C
+	sll	C,15,T2
+	srl	C,32-15,C
+	or	C,T2,C			!=
+	add	C,D,C
+
+	orn	C,A,T1
+	sethi	%hi(0xfc93a039),T2
+	xor	T1,D,T1			!=
+	or	T2,%lo(0xfc93a039),T2
+	add	T1,R5,T1
+	!pre-LOADed	X(12),R12
+	add	T1,T2,T1
+	add	B,T1,B			!=
+	sll	B,21,T2
+	srl	B,32-21,B
+	or	B,T2,B
+	add	B,C,B			!=
+
+	orn	B,D,T1
+	sethi	%hi(0x655b59c3),T2
+	xor	T1,C,T1
+	or	T2,%lo(0x655b59c3),T2	!=
+	add	T1,R12,T1
+	!pre-LOADed	X(3),R3
+	add	T1,T2,T1
+	add	A,T1,A
+	sll	A,6,T2			!=
+	srl	A,32-6,A
+	or	A,T2,A
+	add	A,B,A
+
+	orn	A,C,T1			!=
+	sethi	%hi(0x8f0ccc92),T2
+	xor	T1,B,T1
+	or	T2,%lo(0x8f0ccc92),T2
+	add	T1,R3,T1		!=
+	!pre-LOADed	X(10),R10
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,10,T2
+	srl	D,32-10,D		!=
+	or	D,T2,D
+	add	D,A,D
+
+	orn	D,B,T1
+	sethi	%hi(0xffeff47d),T2	!=
+	xor	T1,A,T1
+	or	T2,%lo(0xffeff47d),T2
+	add	T1,R10,T1
+	!pre-LOADed	X(1),R1
+	add	T1,T2,T1		!=
+	add	C,T1,C
+	sll	C,15,T2
+	srl	C,32-15,C
+	or	C,T2,C			!=
+	add	C,D,C
+
+	orn	C,A,T1
+	sethi	%hi(0x85845dd1),T2
+	xor	T1,D,T1			!=
+	or	T2,%lo(0x85845dd1),T2
+	add	T1,R1,T1
+	!pre-LOADed	X(8),R8
+	add	T1,T2,T1
+	add	B,T1,B			!=
+	sll	B,21,T2
+	srl	B,32-21,B
+	or	B,T2,B
+	add	B,C,B			!=
+
+	orn	B,D,T1
+	sethi	%hi(0x6fa87e4f),T2
+	xor	T1,C,T1
+	or	T2,%lo(0x6fa87e4f),T2	!=
+	add	T1,R8,T1
+	LOAD	X(15),RX
+	add	T1,T2,T1
+	add	A,T1,A			!=
+	sll	A,6,T2
+	srl	A,32-6,A
+	or	A,T2,A
+	add	A,B,A			!=
+
+	orn	A,C,T1
+	sethi	%hi(0xfe2ce6e0),T2
+	xor	T1,B,T1
+	or	T2,%lo(0xfe2ce6e0),T2	!=
+	add	T1,RX,T1
+	!pre-LOADed	X(6),R6
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,10,T2			!=
+	srl	D,32-10,D
+	or	D,T2,D
+	add	D,A,D
+
+	orn	D,B,T1			!=
+	sethi	%hi(0xa3014314),T2
+	xor	T1,A,T1
+	or	T2,%lo(0xa3014314),T2
+	add	T1,R6,T1		!=
+	!pre-LOADed	X(13),R13
+	add	T1,T2,T1
+	add	C,T1,C
+	sll	C,15,T2
+	srl	C,32-15,C		!=
+	or	C,T2,C
+	add	C,D,C
+
+	orn	C,A,T1
+	sethi	%hi(0x4e0811a1),T2	!=
+	xor	T1,D,T1
+	or	T2,%lo(0x4e0811a1),T2
+	!pre-LOADed	X(4),R4
+	 ld	 [Aptr],Aval
+	add	T1,R13,T1		!=
+	add	T1,T2,T1
+	add	B,T1,B
+	sll	B,21,T2
+	srl	B,32-21,B		!=
+	or	B,T2,B
+	add	B,C,B
+
+	orn	B,D,T1
+	sethi	%hi(0xf7537e82),T2	!=
+	xor	T1,C,T1
+	or	T2,%lo(0xf7537e82),T2
+	!pre-LOADed	X(11),R11
+	 ld	 [Dptr],Dval
+	add	T1,R4,T1		!=
+	add	T1,T2,T1
+	add	A,T1,A
+	sll	A,6,T2
+	srl	A,32-6,A		!=
+	or	A,T2,A
+	add	A,B,A
+
+	orn	A,C,T1
+	sethi	%hi(0xbd3af235),T2	!=
+	xor	T1,B,T1
+	or	T2,%lo(0xbd3af235),T2
+	!pre-LOADed	X(2),R2
+	 ld	 [Cptr],Cval
+	add	T1,R11,T1		!=
+	add	T1,T2,T1
+	add	D,T1,D
+	sll	D,10,T2
+	srl	D,32-10,D		!=
+	or	D,T2,D
+	add	D,A,D
+
+	orn	D,B,T1
+	sethi	%hi(0x2ad7d2bb),T2	!=
+	xor	T1,A,T1
+	or	T2,%lo(0x2ad7d2bb),T2
+	!pre-LOADed	X(9),R9
+	 ld	 [Bptr],Bval
+	add	T1,R2,T1		!=
+	 add	 Aval,A,Aval
+	add	T1,T2,T1
+	 st	 Aval,[Aptr]
+	add	C,T1,C			!=
+	sll	C,15,T2
+	 add	 Dval,D,Dval
+	srl	C,32-15,C
+	or	C,T2,C			!=
+	 st	 Dval,[Dptr]
+	add	C,D,C
+
+	orn	C,A,T1
+	sethi	%hi(0xeb86d391),T2	!=
+	xor	T1,D,T1
+	or	T2,%lo(0xeb86d391),T2
+	add	T1,R9,T1
+	!pre-LOADed	X(0),R0
+	 mov	 Aval,A			!=
+	add	T1,T2,T1
+	 mov	 Dval,D
+	add	B,T1,B
+	sll	B,21,T2			!=
+	 add	 Cval,C,Cval
+	srl	B,32-21,B
+	 st	 Cval,[Cptr]
+	or	B,T2,B			!=
+	add	B,C,B
+
+	deccc	%i2
+	mov	Cval,C
+	add	B,Bval,B		!=
+	inc	64,%i1
+	nop
+	st	B,[Bptr]
+	nop				!=
+
+#ifdef	OPENSSL_SYSNAME_ULTRASPARC
+	bg,a,pt	%icc,.Lmd5_block_loop
+#else
+	bg,a	.Lmd5_block_loop
+#endif
+	LOAD	X(0),R0
+
+#ifdef ASI_PRIMARY_LITTLE
+	wr	%g0,%o7,%asi
+#endif
+	ret
+	restore	%g0,0,%o0
+
+.type	md5_block,#function
+.size	md5_block,(.-md5_block)
diff --git a/crypto/md5/asm/mx86unix.cpp b/crypto/md5/asm/mx86unix.cpp
deleted file mode 100644
index 5d399122b6..0000000000
--- a/crypto/md5/asm/mx86unix.cpp
+++ /dev/null
@@ -1,730 +0,0 @@
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-
-#if defined(OUT) || defined(BSDI)
-#define md5_block_x86 _md5_block_x86
-
-#endif
-
-#ifdef OUT
-#define OK	1
-#define ALIGN	4
-#endif
-
-#ifdef BSDI
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-/* Let the Assembler begin :-) */
-	/* Don't even think of reading this code */
-	/* It was automatically generated by md5-586.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, BSDI,Win32, or Solaris */
-	/* eric <eay@cryptsoft.com> */
-
-	.file	"md5-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl md5_block_x86
-	TYPE(md5_block_x86,@function)
-md5_block_x86:
-	pushl	%esi
-	pushl	%edi
-	movl	12(%esp),	%edi
-	movl	16(%esp),	%esi
-	movl	20(%esp),	%ecx
-	pushl	%ebp
-	pushl	%ebx
-	addl	%esi,		%ecx
-	subl	$64,		%ecx
-	movl	(%edi),		%eax
-	pushl	%ecx
-	movl	4(%edi),	%ebx
-	movl	8(%edi),	%ecx
-	movl	12(%edi),	%edx
-.L000start:
-
-	/* R0 section */
-	movl	%ecx,		%edi
-	movl	(%esi),		%ebp
-	/* R0 0 */
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	leal	3614090360(%eax,%ebp,1),%eax
-	movl	4(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$7,		%eax
-	addl	%ebx,		%eax
-	/* R0 1 */
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	leal	3905402710(%edx,%ebp,1),%edx
-	movl	8(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$12,		%edx
-	addl	%eax,		%edx
-	/* R0 2 */
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	leal	606105819(%ecx,%ebp,1),%ecx
-	movl	12(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$17,		%ecx
-	addl	%edx,		%ecx
-	/* R0 3 */
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	leal	3250441966(%ebx,%ebp,1),%ebx
-	movl	16(%esi),	%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$22,		%ebx
-	addl	%ecx,		%ebx
-	/* R0 4 */
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	leal	4118548399(%eax,%ebp,1),%eax
-	movl	20(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$7,		%eax
-	addl	%ebx,		%eax
-	/* R0 5 */
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	leal	1200080426(%edx,%ebp,1),%edx
-	movl	24(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$12,		%edx
-	addl	%eax,		%edx
-	/* R0 6 */
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	leal	2821735955(%ecx,%ebp,1),%ecx
-	movl	28(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$17,		%ecx
-	addl	%edx,		%ecx
-	/* R0 7 */
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	leal	4249261313(%ebx,%ebp,1),%ebx
-	movl	32(%esi),	%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$22,		%ebx
-	addl	%ecx,		%ebx
-	/* R0 8 */
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	leal	1770035416(%eax,%ebp,1),%eax
-	movl	36(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$7,		%eax
-	addl	%ebx,		%eax
-	/* R0 9 */
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	leal	2336552879(%edx,%ebp,1),%edx
-	movl	40(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$12,		%edx
-	addl	%eax,		%edx
-	/* R0 10 */
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	leal	4294925233(%ecx,%ebp,1),%ecx
-	movl	44(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$17,		%ecx
-	addl	%edx,		%ecx
-	/* R0 11 */
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	leal	2304563134(%ebx,%ebp,1),%ebx
-	movl	48(%esi),	%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$22,		%ebx
-	addl	%ecx,		%ebx
-	/* R0 12 */
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	leal	1804603682(%eax,%ebp,1),%eax
-	movl	52(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$7,		%eax
-	addl	%ebx,		%eax
-	/* R0 13 */
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	leal	4254626195(%edx,%ebp,1),%edx
-	movl	56(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$12,		%edx
-	addl	%eax,		%edx
-	/* R0 14 */
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	leal	2792965006(%ecx,%ebp,1),%ecx
-	movl	60(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$17,		%ecx
-	addl	%edx,		%ecx
-	/* R0 15 */
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	leal	1236535329(%ebx,%ebp,1),%ebx
-	movl	4(%esi),	%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$22,		%ebx
-	addl	%ecx,		%ebx
-
-	/* R1 section */
-	/* R1 16 */
-	leal	4129170786(%eax,%ebp,1),%eax
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	movl	24(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$5,		%eax
-	addl	%ebx,		%eax
-	/* R1 17 */
-	leal	3225465664(%edx,%ebp,1),%edx
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	movl	44(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$9,		%edx
-	addl	%eax,		%edx
-	/* R1 18 */
-	leal	643717713(%ecx,%ebp,1),%ecx
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	movl	(%esi),		%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$14,		%ecx
-	addl	%edx,		%ecx
-	/* R1 19 */
-	leal	3921069994(%ebx,%ebp,1),%ebx
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	movl	20(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$20,		%ebx
-	addl	%ecx,		%ebx
-	/* R1 20 */
-	leal	3593408605(%eax,%ebp,1),%eax
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	movl	40(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$5,		%eax
-	addl	%ebx,		%eax
-	/* R1 21 */
-	leal	38016083(%edx,%ebp,1),%edx
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	movl	60(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$9,		%edx
-	addl	%eax,		%edx
-	/* R1 22 */
-	leal	3634488961(%ecx,%ebp,1),%ecx
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	movl	16(%esi),	%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$14,		%ecx
-	addl	%edx,		%ecx
-	/* R1 23 */
-	leal	3889429448(%ebx,%ebp,1),%ebx
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	movl	36(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$20,		%ebx
-	addl	%ecx,		%ebx
-	/* R1 24 */
-	leal	568446438(%eax,%ebp,1),%eax
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	movl	56(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$5,		%eax
-	addl	%ebx,		%eax
-	/* R1 25 */
-	leal	3275163606(%edx,%ebp,1),%edx
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	movl	12(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$9,		%edx
-	addl	%eax,		%edx
-	/* R1 26 */
-	leal	4107603335(%ecx,%ebp,1),%ecx
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	movl	32(%esi),	%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$14,		%ecx
-	addl	%edx,		%ecx
-	/* R1 27 */
-	leal	1163531501(%ebx,%ebp,1),%ebx
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	movl	52(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$20,		%ebx
-	addl	%ecx,		%ebx
-	/* R1 28 */
-	leal	2850285829(%eax,%ebp,1),%eax
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	movl	8(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$5,		%eax
-	addl	%ebx,		%eax
-	/* R1 29 */
-	leal	4243563512(%edx,%ebp,1),%edx
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	movl	28(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$9,		%edx
-	addl	%eax,		%edx
-	/* R1 30 */
-	leal	1735328473(%ecx,%ebp,1),%ecx
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	movl	48(%esi),	%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$14,		%ecx
-	addl	%edx,		%ecx
-	/* R1 31 */
-	leal	2368359562(%ebx,%ebp,1),%ebx
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	movl	20(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$20,		%ebx
-	addl	%ecx,		%ebx
-
-	/* R2 section */
-	/* R2 32 */
-	xorl	%edx,		%edi
-	xorl	%ebx,		%edi
-	leal	4294588738(%eax,%ebp,1),%eax
-	addl	%edi,		%eax
-	movl	32(%esi),	%ebp
-	roll	$4,		%eax
-	movl	%ebx,		%edi
-	/* R2 33 */
-	leal	2272392833(%edx,%ebp,1),%edx
-	addl	%ebx,		%eax
-	xorl	%ecx,		%edi
-	xorl	%eax,		%edi
-	movl	44(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$11,		%edx
-	addl	%eax,		%edx
-	/* R2 34 */
-	xorl	%ebx,		%edi
-	xorl	%edx,		%edi
-	leal	1839030562(%ecx,%ebp,1),%ecx
-	addl	%edi,		%ecx
-	movl	56(%esi),	%ebp
-	roll	$16,		%ecx
-	movl	%edx,		%edi
-	/* R2 35 */
-	leal	4259657740(%ebx,%ebp,1),%ebx
-	addl	%edx,		%ecx
-	xorl	%eax,		%edi
-	xorl	%ecx,		%edi
-	movl	4(%esi),	%ebp
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$23,		%ebx
-	addl	%ecx,		%ebx
-	/* R2 36 */
-	xorl	%edx,		%edi
-	xorl	%ebx,		%edi
-	leal	2763975236(%eax,%ebp,1),%eax
-	addl	%edi,		%eax
-	movl	16(%esi),	%ebp
-	roll	$4,		%eax
-	movl	%ebx,		%edi
-	/* R2 37 */
-	leal	1272893353(%edx,%ebp,1),%edx
-	addl	%ebx,		%eax
-	xorl	%ecx,		%edi
-	xorl	%eax,		%edi
-	movl	28(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$11,		%edx
-	addl	%eax,		%edx
-	/* R2 38 */
-	xorl	%ebx,		%edi
-	xorl	%edx,		%edi
-	leal	4139469664(%ecx,%ebp,1),%ecx
-	addl	%edi,		%ecx
-	movl	40(%esi),	%ebp
-	roll	$16,		%ecx
-	movl	%edx,		%edi
-	/* R2 39 */
-	leal	3200236656(%ebx,%ebp,1),%ebx
-	addl	%edx,		%ecx
-	xorl	%eax,		%edi
-	xorl	%ecx,		%edi
-	movl	52(%esi),	%ebp
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$23,		%ebx
-	addl	%ecx,		%ebx
-	/* R2 40 */
-	xorl	%edx,		%edi
-	xorl	%ebx,		%edi
-	leal	681279174(%eax,%ebp,1),%eax
-	addl	%edi,		%eax
-	movl	(%esi),		%ebp
-	roll	$4,		%eax
-	movl	%ebx,		%edi
-	/* R2 41 */
-	leal	3936430074(%edx,%ebp,1),%edx
-	addl	%ebx,		%eax
-	xorl	%ecx,		%edi
-	xorl	%eax,		%edi
-	movl	12(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$11,		%edx
-	addl	%eax,		%edx
-	/* R2 42 */
-	xorl	%ebx,		%edi
-	xorl	%edx,		%edi
-	leal	3572445317(%ecx,%ebp,1),%ecx
-	addl	%edi,		%ecx
-	movl	24(%esi),	%ebp
-	roll	$16,		%ecx
-	movl	%edx,		%edi
-	/* R2 43 */
-	leal	76029189(%ebx,%ebp,1),%ebx
-	addl	%edx,		%ecx
-	xorl	%eax,		%edi
-	xorl	%ecx,		%edi
-	movl	36(%esi),	%ebp
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$23,		%ebx
-	addl	%ecx,		%ebx
-	/* R2 44 */
-	xorl	%edx,		%edi
-	xorl	%ebx,		%edi
-	leal	3654602809(%eax,%ebp,1),%eax
-	addl	%edi,		%eax
-	movl	48(%esi),	%ebp
-	roll	$4,		%eax
-	movl	%ebx,		%edi
-	/* R2 45 */
-	leal	3873151461(%edx,%ebp,1),%edx
-	addl	%ebx,		%eax
-	xorl	%ecx,		%edi
-	xorl	%eax,		%edi
-	movl	60(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$11,		%edx
-	addl	%eax,		%edx
-	/* R2 46 */
-	xorl	%ebx,		%edi
-	xorl	%edx,		%edi
-	leal	530742520(%ecx,%ebp,1),%ecx
-	addl	%edi,		%ecx
-	movl	8(%esi),	%ebp
-	roll	$16,		%ecx
-	movl	%edx,		%edi
-	/* R2 47 */
-	leal	3299628645(%ebx,%ebp,1),%ebx
-	addl	%edx,		%ecx
-	xorl	%eax,		%edi
-	xorl	%ecx,		%edi
-	movl	(%esi),		%ebp
-	addl	%edi,		%ebx
-	movl	$-1,		%edi
-	roll	$23,		%ebx
-	addl	%ecx,		%ebx
-
-	/* R3 section */
-	/* R3 48 */
-	xorl	%edx,		%edi
-	orl	%ebx,		%edi
-	leal	4096336452(%eax,%ebp,1),%eax
-	xorl	%ecx,		%edi
-	movl	28(%esi),	%ebp
-	addl	%edi,		%eax
-	movl	$-1,		%edi
-	roll	$6,		%eax
-	xorl	%ecx,		%edi
-	addl	%ebx,		%eax
-	/* R3 49 */
-	orl	%eax,		%edi
-	leal	1126891415(%edx,%ebp,1),%edx
-	xorl	%ebx,		%edi
-	movl	56(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	$-1,		%edi
-	roll	$10,		%edx
-	xorl	%ebx,		%edi
-	addl	%eax,		%edx
-	/* R3 50 */
-	orl	%edx,		%edi
-	leal	2878612391(%ecx,%ebp,1),%ecx
-	xorl	%eax,		%edi
-	movl	20(%esi),	%ebp
-	addl	%edi,		%ecx
-	movl	$-1,		%edi
-	roll	$15,		%ecx
-	xorl	%eax,		%edi
-	addl	%edx,		%ecx
-	/* R3 51 */
-	orl	%ecx,		%edi
-	leal	4237533241(%ebx,%ebp,1),%ebx
-	xorl	%edx,		%edi
-	movl	48(%esi),	%ebp
-	addl	%edi,		%ebx
-	movl	$-1,		%edi
-	roll	$21,		%ebx
-	xorl	%edx,		%edi
-	addl	%ecx,		%ebx
-	/* R3 52 */
-	orl	%ebx,		%edi
-	leal	1700485571(%eax,%ebp,1),%eax
-	xorl	%ecx,		%edi
-	movl	12(%esi),	%ebp
-	addl	%edi,		%eax
-	movl	$-1,		%edi
-	roll	$6,		%eax
-	xorl	%ecx,		%edi
-	addl	%ebx,		%eax
-	/* R3 53 */
-	orl	%eax,		%edi
-	leal	2399980690(%edx,%ebp,1),%edx
-	xorl	%ebx,		%edi
-	movl	40(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	$-1,		%edi
-	roll	$10,		%edx
-	xorl	%ebx,		%edi
-	addl	%eax,		%edx
-	/* R3 54 */
-	orl	%edx,		%edi
-	leal	4293915773(%ecx,%ebp,1),%ecx
-	xorl	%eax,		%edi
-	movl	4(%esi),	%ebp
-	addl	%edi,		%ecx
-	movl	$-1,		%edi
-	roll	$15,		%ecx
-	xorl	%eax,		%edi
-	addl	%edx,		%ecx
-	/* R3 55 */
-	orl	%ecx,		%edi
-	leal	2240044497(%ebx,%ebp,1),%ebx
-	xorl	%edx,		%edi
-	movl	32(%esi),	%ebp
-	addl	%edi,		%ebx
-	movl	$-1,		%edi
-	roll	$21,		%ebx
-	xorl	%edx,		%edi
-	addl	%ecx,		%ebx
-	/* R3 56 */
-	orl	%ebx,		%edi
-	leal	1873313359(%eax,%ebp,1),%eax
-	xorl	%ecx,		%edi
-	movl	60(%esi),	%ebp
-	addl	%edi,		%eax
-	movl	$-1,		%edi
-	roll	$6,		%eax
-	xorl	%ecx,		%edi
-	addl	%ebx,		%eax
-	/* R3 57 */
-	orl	%eax,		%edi
-	leal	4264355552(%edx,%ebp,1),%edx
-	xorl	%ebx,		%edi
-	movl	24(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	$-1,		%edi
-	roll	$10,		%edx
-	xorl	%ebx,		%edi
-	addl	%eax,		%edx
-	/* R3 58 */
-	orl	%edx,		%edi
-	leal	2734768916(%ecx,%ebp,1),%ecx
-	xorl	%eax,		%edi
-	movl	52(%esi),	%ebp
-	addl	%edi,		%ecx
-	movl	$-1,		%edi
-	roll	$15,		%ecx
-	xorl	%eax,		%edi
-	addl	%edx,		%ecx
-	/* R3 59 */
-	orl	%ecx,		%edi
-	leal	1309151649(%ebx,%ebp,1),%ebx
-	xorl	%edx,		%edi
-	movl	16(%esi),	%ebp
-	addl	%edi,		%ebx
-	movl	$-1,		%edi
-	roll	$21,		%ebx
-	xorl	%edx,		%edi
-	addl	%ecx,		%ebx
-	/* R3 60 */
-	orl	%ebx,		%edi
-	leal	4149444226(%eax,%ebp,1),%eax
-	xorl	%ecx,		%edi
-	movl	44(%esi),	%ebp
-	addl	%edi,		%eax
-	movl	$-1,		%edi
-	roll	$6,		%eax
-	xorl	%ecx,		%edi
-	addl	%ebx,		%eax
-	/* R3 61 */
-	orl	%eax,		%edi
-	leal	3174756917(%edx,%ebp,1),%edx
-	xorl	%ebx,		%edi
-	movl	8(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	$-1,		%edi
-	roll	$10,		%edx
-	xorl	%ebx,		%edi
-	addl	%eax,		%edx
-	/* R3 62 */
-	orl	%edx,		%edi
-	leal	718787259(%ecx,%ebp,1),%ecx
-	xorl	%eax,		%edi
-	movl	36(%esi),	%ebp
-	addl	%edi,		%ecx
-	movl	$-1,		%edi
-	roll	$15,		%ecx
-	xorl	%eax,		%edi
-	addl	%edx,		%ecx
-	/* R3 63 */
-	orl	%ecx,		%edi
-	leal	3951481745(%ebx,%ebp,1),%ebx
-	xorl	%edx,		%edi
-	movl	24(%esp),	%ebp
-	addl	%edi,		%ebx
-	addl	$64,		%esi
-	roll	$21,		%ebx
-	movl	(%ebp),		%edi
-	addl	%ecx,		%ebx
-	addl	%edi,		%eax
-	movl	4(%ebp),	%edi
-	addl	%edi,		%ebx
-	movl	8(%ebp),	%edi
-	addl	%edi,		%ecx
-	movl	12(%ebp),	%edi
-	addl	%edi,		%edx
-	movl	%eax,		(%ebp)
-	movl	%ebx,		4(%ebp)
-	movl	(%esp),		%edi
-	movl	%ecx,		8(%ebp)
-	movl	%edx,		12(%ebp)
-	cmpl	%esi,		%edi
-	jge	.L000start
-	popl	%eax
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.md5_block_x86_end:
-	SIZE(md5_block_x86,.md5_block_x86_end-md5_block_x86)
-.ident	"desasm.pl"
diff --git a/crypto/md5/f b/crypto/md5/f
deleted file mode 100644
index b21505ce9c..0000000000
--- a/crypto/md5/f
+++ /dev/null
@@ -1,731 +0,0 @@
-# 1 "asm/mx86unix.cpp"
- 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- 
-	 
-	 
-	 
-	 
-	 
-
-	.file	"md5-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align 4 
-.globl _md5_block_x86 
-	 
-_md5_block_x86 :
-	pushl	%esi
-	pushl	%edi
-	movl	12(%esp),	%edi
-	movl	16(%esp),	%esi
-	movl	20(%esp),	%ecx
-	pushl	%ebp
-	pushl	%ebx
-	addl	%esi,		%ecx
-	subl	$64,		%ecx
-	movl	(%edi),		%eax
-	pushl	%ecx
-	movl	4(%edi),	%ebx
-	movl	8(%edi),	%ecx
-	movl	12(%edi),	%edx
-.L000start:
-
-	 
-	movl	%ecx,		%edi
-	movl	(%esi),		%ebp
-	 
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	leal	3614090360(%eax,%ebp,1),%eax
-	movl	4(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$7,		%eax
-	addl	%ebx,		%eax
-	 
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	leal	3905402710(%edx,%ebp,1),%edx
-	movl	8(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$12,		%edx
-	addl	%eax,		%edx
-	 
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	leal	606105819(%ecx,%ebp,1),%ecx
-	movl	12(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$17,		%ecx
-	addl	%edx,		%ecx
-	 
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	leal	3250441966(%ebx,%ebp,1),%ebx
-	movl	16(%esi),	%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$22,		%ebx
-	addl	%ecx,		%ebx
-	 
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	leal	4118548399(%eax,%ebp,1),%eax
-	movl	20(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$7,		%eax
-	addl	%ebx,		%eax
-	 
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	leal	1200080426(%edx,%ebp,1),%edx
-	movl	24(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$12,		%edx
-	addl	%eax,		%edx
-	 
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	leal	2821735955(%ecx,%ebp,1),%ecx
-	movl	28(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$17,		%ecx
-	addl	%edx,		%ecx
-	 
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	leal	4249261313(%ebx,%ebp,1),%ebx
-	movl	32(%esi),	%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$22,		%ebx
-	addl	%ecx,		%ebx
-	 
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	leal	1770035416(%eax,%ebp,1),%eax
-	movl	36(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$7,		%eax
-	addl	%ebx,		%eax
-	 
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	leal	2336552879(%edx,%ebp,1),%edx
-	movl	40(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$12,		%edx
-	addl	%eax,		%edx
-	 
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	leal	4294925233(%ecx,%ebp,1),%ecx
-	movl	44(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$17,		%ecx
-	addl	%edx,		%ecx
-	 
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	leal	2304563134(%ebx,%ebp,1),%ebx
-	movl	48(%esi),	%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$22,		%ebx
-	addl	%ecx,		%ebx
-	 
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	leal	1804603682(%eax,%ebp,1),%eax
-	movl	52(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$7,		%eax
-	addl	%ebx,		%eax
-	 
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	leal	4254626195(%edx,%ebp,1),%edx
-	movl	56(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$12,		%edx
-	addl	%eax,		%edx
-	 
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	leal	2792965006(%ecx,%ebp,1),%ecx
-	movl	60(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$17,		%ecx
-	addl	%edx,		%ecx
-	 
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	leal	1236535329(%ebx,%ebp,1),%ebx
-	movl	4(%esi),	%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$22,		%ebx
-	addl	%ecx,		%ebx
-
-	 
-	 
-	leal	4129170786(%eax,%ebp,1),%eax
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	movl	24(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$5,		%eax
-	addl	%ebx,		%eax
-	 
-	leal	3225465664(%edx,%ebp,1),%edx
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	movl	44(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$9,		%edx
-	addl	%eax,		%edx
-	 
-	leal	643717713(%ecx,%ebp,1),%ecx
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	movl	(%esi),		%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$14,		%ecx
-	addl	%edx,		%ecx
-	 
-	leal	3921069994(%ebx,%ebp,1),%ebx
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	movl	20(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$20,		%ebx
-	addl	%ecx,		%ebx
-	 
-	leal	3593408605(%eax,%ebp,1),%eax
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	movl	40(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$5,		%eax
-	addl	%ebx,		%eax
-	 
-	leal	38016083(%edx,%ebp,1),%edx
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	movl	60(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$9,		%edx
-	addl	%eax,		%edx
-	 
-	leal	3634488961(%ecx,%ebp,1),%ecx
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	movl	16(%esi),	%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$14,		%ecx
-	addl	%edx,		%ecx
-	 
-	leal	3889429448(%ebx,%ebp,1),%ebx
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	movl	36(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$20,		%ebx
-	addl	%ecx,		%ebx
-	 
-	leal	568446438(%eax,%ebp,1),%eax
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	movl	56(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$5,		%eax
-	addl	%ebx,		%eax
-	 
-	leal	3275163606(%edx,%ebp,1),%edx
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	movl	12(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$9,		%edx
-	addl	%eax,		%edx
-	 
-	leal	4107603335(%ecx,%ebp,1),%ecx
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	movl	32(%esi),	%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$14,		%ecx
-	addl	%edx,		%ecx
-	 
-	leal	1163531501(%ebx,%ebp,1),%ebx
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	movl	52(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$20,		%ebx
-	addl	%ecx,		%ebx
-	 
-	leal	2850285829(%eax,%ebp,1),%eax
-	xorl	%ebx,		%edi
-	andl	%edx,		%edi
-	movl	8(%esi),	%ebp
-	xorl	%ecx,		%edi
-	addl	%edi,		%eax
-	movl	%ebx,		%edi
-	roll	$5,		%eax
-	addl	%ebx,		%eax
-	 
-	leal	4243563512(%edx,%ebp,1),%edx
-	xorl	%eax,		%edi
-	andl	%ecx,		%edi
-	movl	28(%esi),	%ebp
-	xorl	%ebx,		%edi
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$9,		%edx
-	addl	%eax,		%edx
-	 
-	leal	1735328473(%ecx,%ebp,1),%ecx
-	xorl	%edx,		%edi
-	andl	%ebx,		%edi
-	movl	48(%esi),	%ebp
-	xorl	%eax,		%edi
-	addl	%edi,		%ecx
-	movl	%edx,		%edi
-	roll	$14,		%ecx
-	addl	%edx,		%ecx
-	 
-	leal	2368359562(%ebx,%ebp,1),%ebx
-	xorl	%ecx,		%edi
-	andl	%eax,		%edi
-	movl	20(%esi),	%ebp
-	xorl	%edx,		%edi
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$20,		%ebx
-	addl	%ecx,		%ebx
-
-	 
-	 
-	xorl	%edx,		%edi
-	xorl	%ebx,		%edi
-	leal	4294588738(%eax,%ebp,1),%eax
-	addl	%edi,		%eax
-	movl	32(%esi),	%ebp
-	roll	$4,		%eax
-	movl	%ebx,		%edi
-	 
-	leal	2272392833(%edx,%ebp,1),%edx
-	addl	%ebx,		%eax
-	xorl	%ecx,		%edi
-	xorl	%eax,		%edi
-	movl	44(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$11,		%edx
-	addl	%eax,		%edx
-	 
-	xorl	%ebx,		%edi
-	xorl	%edx,		%edi
-	leal	1839030562(%ecx,%ebp,1),%ecx
-	addl	%edi,		%ecx
-	movl	56(%esi),	%ebp
-	roll	$16,		%ecx
-	movl	%edx,		%edi
-	 
-	leal	4259657740(%ebx,%ebp,1),%ebx
-	addl	%edx,		%ecx
-	xorl	%eax,		%edi
-	xorl	%ecx,		%edi
-	movl	4(%esi),	%ebp
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$23,		%ebx
-	addl	%ecx,		%ebx
-	 
-	xorl	%edx,		%edi
-	xorl	%ebx,		%edi
-	leal	2763975236(%eax,%ebp,1),%eax
-	addl	%edi,		%eax
-	movl	16(%esi),	%ebp
-	roll	$4,		%eax
-	movl	%ebx,		%edi
-	 
-	leal	1272893353(%edx,%ebp,1),%edx
-	addl	%ebx,		%eax
-	xorl	%ecx,		%edi
-	xorl	%eax,		%edi
-	movl	28(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$11,		%edx
-	addl	%eax,		%edx
-	 
-	xorl	%ebx,		%edi
-	xorl	%edx,		%edi
-	leal	4139469664(%ecx,%ebp,1),%ecx
-	addl	%edi,		%ecx
-	movl	40(%esi),	%ebp
-	roll	$16,		%ecx
-	movl	%edx,		%edi
-	 
-	leal	3200236656(%ebx,%ebp,1),%ebx
-	addl	%edx,		%ecx
-	xorl	%eax,		%edi
-	xorl	%ecx,		%edi
-	movl	52(%esi),	%ebp
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$23,		%ebx
-	addl	%ecx,		%ebx
-	 
-	xorl	%edx,		%edi
-	xorl	%ebx,		%edi
-	leal	681279174(%eax,%ebp,1),%eax
-	addl	%edi,		%eax
-	movl	(%esi),		%ebp
-	roll	$4,		%eax
-	movl	%ebx,		%edi
-	 
-	leal	3936430074(%edx,%ebp,1),%edx
-	addl	%ebx,		%eax
-	xorl	%ecx,		%edi
-	xorl	%eax,		%edi
-	movl	12(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$11,		%edx
-	addl	%eax,		%edx
-	 
-	xorl	%ebx,		%edi
-	xorl	%edx,		%edi
-	leal	3572445317(%ecx,%ebp,1),%ecx
-	addl	%edi,		%ecx
-	movl	24(%esi),	%ebp
-	roll	$16,		%ecx
-	movl	%edx,		%edi
-	 
-	leal	76029189(%ebx,%ebp,1),%ebx
-	addl	%edx,		%ecx
-	xorl	%eax,		%edi
-	xorl	%ecx,		%edi
-	movl	36(%esi),	%ebp
-	addl	%edi,		%ebx
-	movl	%ecx,		%edi
-	roll	$23,		%ebx
-	addl	%ecx,		%ebx
-	 
-	xorl	%edx,		%edi
-	xorl	%ebx,		%edi
-	leal	3654602809(%eax,%ebp,1),%eax
-	addl	%edi,		%eax
-	movl	48(%esi),	%ebp
-	roll	$4,		%eax
-	movl	%ebx,		%edi
-	 
-	leal	3873151461(%edx,%ebp,1),%edx
-	addl	%ebx,		%eax
-	xorl	%ecx,		%edi
-	xorl	%eax,		%edi
-	movl	60(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	roll	$11,		%edx
-	addl	%eax,		%edx
-	 
-	xorl	%ebx,		%edi
-	xorl	%edx,		%edi
-	leal	530742520(%ecx,%ebp,1),%ecx
-	addl	%edi,		%ecx
-	movl	8(%esi),	%ebp
-	roll	$16,		%ecx
-	movl	%edx,		%edi
-	 
-	leal	3299628645(%ebx,%ebp,1),%ebx
-	addl	%edx,		%ecx
-	xorl	%eax,		%edi
-	xorl	%ecx,		%edi
-	movl	(%esi),		%ebp
-	addl	%edi,		%ebx
-	movl	$-1,		%edi
-	roll	$23,		%ebx
-	addl	%ecx,		%ebx
-
-	 
-	 
-	xorl	%edx,		%edi
-	orl	%ebx,		%edi
-	leal	4096336452(%eax,%ebp,1),%eax
-	xorl	%ecx,		%edi
-	movl	28(%esi),	%ebp
-	addl	%edi,		%eax
-	movl	$-1,		%edi
-	roll	$6,		%eax
-	xorl	%ecx,		%edi
-	addl	%ebx,		%eax
-	 
-	orl	%eax,		%edi
-	leal	1126891415(%edx,%ebp,1),%edx
-	xorl	%ebx,		%edi
-	movl	56(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	$-1,		%edi
-	roll	$10,		%edx
-	xorl	%ebx,		%edi
-	addl	%eax,		%edx
-	 
-	orl	%edx,		%edi
-	leal	2878612391(%ecx,%ebp,1),%ecx
-	xorl	%eax,		%edi
-	movl	20(%esi),	%ebp
-	addl	%edi,		%ecx
-	movl	$-1,		%edi
-	roll	$15,		%ecx
-	xorl	%eax,		%edi
-	addl	%edx,		%ecx
-	 
-	orl	%ecx,		%edi
-	leal	4237533241(%ebx,%ebp,1),%ebx
-	xorl	%edx,		%edi
-	movl	48(%esi),	%ebp
-	addl	%edi,		%ebx
-	movl	$-1,		%edi
-	roll	$21,		%ebx
-	xorl	%edx,		%edi
-	addl	%ecx,		%ebx
-	 
-	orl	%ebx,		%edi
-	leal	1700485571(%eax,%ebp,1),%eax
-	xorl	%ecx,		%edi
-	movl	12(%esi),	%ebp
-	addl	%edi,		%eax
-	movl	$-1,		%edi
-	roll	$6,		%eax
-	xorl	%ecx,		%edi
-	addl	%ebx,		%eax
-	 
-	orl	%eax,		%edi
-	leal	2399980690(%edx,%ebp,1),%edx
-	xorl	%ebx,		%edi
-	movl	40(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	$-1,		%edi
-	roll	$10,		%edx
-	xorl	%ebx,		%edi
-	addl	%eax,		%edx
-	 
-	orl	%edx,		%edi
-	leal	4293915773(%ecx,%ebp,1),%ecx
-	xorl	%eax,		%edi
-	movl	4(%esi),	%ebp
-	addl	%edi,		%ecx
-	movl	$-1,		%edi
-	roll	$15,		%ecx
-	xorl	%eax,		%edi
-	addl	%edx,		%ecx
-	 
-	orl	%ecx,		%edi
-	leal	2240044497(%ebx,%ebp,1),%ebx
-	xorl	%edx,		%edi
-	movl	32(%esi),	%ebp
-	addl	%edi,		%ebx
-	movl	$-1,		%edi
-	roll	$21,		%ebx
-	xorl	%edx,		%edi
-	addl	%ecx,		%ebx
-	 
-	orl	%ebx,		%edi
-	leal	1873313359(%eax,%ebp,1),%eax
-	xorl	%ecx,		%edi
-	movl	60(%esi),	%ebp
-	addl	%edi,		%eax
-	movl	$-1,		%edi
-	roll	$6,		%eax
-	xorl	%ecx,		%edi
-	addl	%ebx,		%eax
-	 
-	orl	%eax,		%edi
-	leal	4264355552(%edx,%ebp,1),%edx
-	xorl	%ebx,		%edi
-	movl	24(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	$-1,		%edi
-	roll	$10,		%edx
-	xorl	%ebx,		%edi
-	addl	%eax,		%edx
-	 
-	orl	%edx,		%edi
-	leal	2734768916(%ecx,%ebp,1),%ecx
-	xorl	%eax,		%edi
-	movl	52(%esi),	%ebp
-	addl	%edi,		%ecx
-	movl	$-1,		%edi
-	roll	$15,		%ecx
-	xorl	%eax,		%edi
-	addl	%edx,		%ecx
-	 
-	orl	%ecx,		%edi
-	leal	1309151649(%ebx,%ebp,1),%ebx
-	xorl	%edx,		%edi
-	movl	16(%esi),	%ebp
-	addl	%edi,		%ebx
-	movl	$-1,		%edi
-	roll	$21,		%ebx
-	xorl	%edx,		%edi
-	addl	%ecx,		%ebx
-	 
-	orl	%ebx,		%edi
-	leal	4149444226(%eax,%ebp,1),%eax
-	xorl	%ecx,		%edi
-	movl	44(%esi),	%ebp
-	addl	%edi,		%eax
-	movl	$-1,		%edi
-	roll	$6,		%eax
-	xorl	%ecx,		%edi
-	addl	%ebx,		%eax
-	 
-	orl	%eax,		%edi
-	leal	3174756917(%edx,%ebp,1),%edx
-	xorl	%ebx,		%edi
-	movl	8(%esi),	%ebp
-	addl	%edi,		%edx
-	movl	$-1,		%edi
-	roll	$10,		%edx
-	xorl	%ebx,		%edi
-	addl	%eax,		%edx
-	 
-	orl	%edx,		%edi
-	leal	718787259(%ecx,%ebp,1),%ecx
-	xorl	%eax,		%edi
-	movl	36(%esi),	%ebp
-	addl	%edi,		%ecx
-	movl	$-1,		%edi
-	roll	$15,		%ecx
-	xorl	%eax,		%edi
-	addl	%edx,		%ecx
-	 
-	orl	%ecx,		%edi
-	leal	3951481745(%ebx,%ebp,1),%ebx
-	xorl	%edx,		%edi
-	movl	24(%esp),	%ebp
-	addl	%edi,		%ebx
-	addl	$64,		%esi
-	roll	$21,		%ebx
-	movl	(%ebp),		%edi
-	addl	%ecx,		%ebx
-	addl	%edi,		%eax
-	movl	4(%ebp),	%edi
-	addl	%edi,		%ebx
-	movl	8(%ebp),	%edi
-	addl	%edi,		%ecx
-	movl	12(%ebp),	%edi
-	addl	%edi,		%edx
-	movl	%eax,		(%ebp)
-	movl	%ebx,		4(%ebp)
-	movl	(%esp),		%edi
-	movl	%ecx,		8(%ebp)
-	movl	%edx,		12(%ebp)
-	cmpl	%esi,		%edi
-	jge	.L000start
-	popl	%eax
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.md5_block_x86_end:
-	 
-.ident	"desasm.pl"
diff --git a/crypto/md5/md5.c b/crypto/md5/md5.c
index 9d6f5a6003..7ed0024ae1 100644
--- a/crypto/md5/md5.c
+++ b/crypto/md5/md5.c
@@ -58,23 +58,17 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "md5.h"
+#include <openssl/md5.h>
 
 #define BUFSIZE	1024*16
 
-#ifndef NOPROTO
 void do_fp(FILE *f);
 void pt(unsigned char *md);
+#ifndef _OSD_POSIX
 int read(int, void *, unsigned int);
-#else
-void do_fp();
-void pt();
-int read();
 #endif
 
-int main(argc, argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	int i,err=0;
 	FILE *IN;
@@ -102,8 +96,7 @@ char **argv;
 	exit(err);
 	}
 
-void do_fp(f)
-FILE *f;
+void do_fp(FILE *f)
 	{
 	MD5_CTX c;
 	unsigned char md[MD5_DIGEST_LENGTH];
@@ -123,8 +116,7 @@ FILE *f;
 	pt(md);
 	}
 
-void pt(md)
-unsigned char *md;
+void pt(unsigned char *md)
 	{
 	int i;
 
diff --git a/crypto/md5/md5.h b/crypto/md5/md5.h
index 357c6c625d..52cb753e6a 100644
--- a/crypto/md5/md5.h
+++ b/crypto/md5/md5.h
@@ -63,35 +63,50 @@
 extern "C" {
 #endif
 
+#ifdef OPENSSL_NO_MD5
+#error MD5 is disabled.
+#endif
+
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! MD5_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! MD5_LONG_LOG2 has to be defined along.			   !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#define MD5_LONG unsigned long
+#elif defined(OENSSL_SYS_CRAY) || defined(__ILP64__)
+#define MD5_LONG unsigned long
+#define MD5_LONG_LOG2 3
+/*
+ * _CRAY note. I could declare short, but I have no idea what impact
+ * does it have on performance on none-T3E machines. I could declare
+ * int, but at least on C90 sizeof(int) can be chosen at compile time.
+ * So I've chosen long...
+ *					<appro@fy.chalmers.se>
+ */
+#else
+#define MD5_LONG unsigned int
+#endif
+
 #define MD5_CBLOCK	64
-#define MD5_LBLOCK	16
-#define MD5_BLOCK	16
-#define MD5_LAST_BLOCK  56
-#define MD5_LENGTH_BLOCK 8
+#define MD5_LBLOCK	(MD5_CBLOCK/4)
 #define MD5_DIGEST_LENGTH 16
 
 typedef struct MD5state_st
 	{
-	unsigned long A,B,C,D;
-	unsigned long Nl,Nh;
-	unsigned long data[MD5_LBLOCK];
+	MD5_LONG A,B,C,D;
+	MD5_LONG Nl,Nh;
+	MD5_LONG data[MD5_LBLOCK];
 	int num;
 	} MD5_CTX;
 
-#ifndef NOPROTO
-void MD5_Init(MD5_CTX *c);
-void MD5_Update(MD5_CTX *c, unsigned char *data, unsigned long len);
-void MD5_Final(unsigned char *md, MD5_CTX *c);
-unsigned char *MD5(unsigned char *d, unsigned long n, unsigned char *md);
-void MD5_Transform(MD5_CTX *c, unsigned char *b);
-#else
-void MD5_Init();
-void MD5_Update();
-void MD5_Final();
-unsigned char *MD5();
-void MD5_Transform();
-#endif
-
+int MD5_Init(MD5_CTX *c);
+int MD5_Update(MD5_CTX *c, const void *data, unsigned long len);
+int MD5_Final(unsigned char *md, MD5_CTX *c);
+unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md);
+void MD5_Transform(MD5_CTX *c, const unsigned char *b);
 #ifdef  __cplusplus
 }
 #endif
diff --git a/crypto/md5/md5_dgst.c b/crypto/md5/md5_dgst.c
index 367b5bce0c..c38a3f021e 100644
--- a/crypto/md5/md5_dgst.c
+++ b/crypto/md5/md5_dgst.c
@@ -58,8 +58,9 @@
 
 #include <stdio.h>
 #include "md5_locl.h"
+#include <openssl/opensslv.h>
 
-char *MD5_version="MD5 part of SSLeay 0.9.1a 06-Jul-1998";
+const char *MD5_version="MD5" OPENSSL_VERSION_PTEXT;
 
 /* Implemented from RFC1321 The MD5 Message-Digest Algorithm
  */
@@ -69,24 +70,7 @@ char *MD5_version="MD5 part of SSLeay 0.9.1a 06-Jul-1998";
 #define INIT_DATA_C (unsigned long)0x98badcfeL
 #define INIT_DATA_D (unsigned long)0x10325476L
 
-#ifndef NOPROTO
-#  ifdef MD5_ASM
-     void md5_block_x86(MD5_CTX *c, unsigned long *p,int num);
-#    define md5_block md5_block_x86
-#  else
-     static void md5_block(MD5_CTX *c, unsigned long *p,int num);
-#  endif
-#else
-#  ifdef MD5_ASM
-     void md5_block_x86();
-#    define md5_block md5_block_x86
-#  else
-     static void md5_block();
-#  endif
-#endif
-
-void MD5_Init(c)
-MD5_CTX *c;
+int MD5_Init(MD5_CTX *c)
 	{
 	c->A=INIT_DATA_A;
 	c->B=INIT_DATA_B;
@@ -95,192 +79,35 @@ MD5_CTX *c;
 	c->Nl=0;
 	c->Nh=0;
 	c->num=0;
+	return 1;
 	}
 
-void MD5_Update(c, data, len)
-MD5_CTX *c;
-register unsigned char *data;
-unsigned long len;
-	{
-	register ULONG *p;
-	int sw,sc;
-	ULONG l;
-
-	if (len == 0) return;
-
-	l=(c->Nl+(len<<3))&0xffffffffL;
-	/* 95-05-24 eay Fixed a bug with the overflow handling, thanks to
-	 * Wei Dai <weidai@eskimo.com> for pointing it out. */
-	if (l < c->Nl) /* overflow */
-		c->Nh++;
-	c->Nh+=(len>>29);
-	c->Nl=l;
-
-	if (c->num != 0)
-		{
-		p=c->data;
-		sw=c->num>>2;
-		sc=c->num&0x03;
-
-		if ((c->num+len) >= MD5_CBLOCK)
-			{
-			l= p[sw];
-			p_c2l(data,l,sc);
-			p[sw++]=l;
-			for (; sw<MD5_LBLOCK; sw++)
-				{
-				c2l(data,l);
-				p[sw]=l;
-				}
-			len-=(MD5_CBLOCK-c->num);
-
-			md5_block(c,p,64);
-			c->num=0;
-			/* drop through and do the rest */
-			}
-		else
-			{
-			int ew,ec;
-
-			c->num+=(int)len;
-			if ((sc+len) < 4) /* ugly, add char's to a word */
-				{
-				l= p[sw];
-				p_c2l_p(data,l,sc,len);
-				p[sw]=l;
-				}
-			else
-				{
-				ew=(c->num>>2);
-				ec=(c->num&0x03);
-				l= p[sw];
-				p_c2l(data,l,sc);
-				p[sw++]=l;
-				for (; sw < ew; sw++)
-					{ c2l(data,l); p[sw]=l; }
-				if (ec)
-					{
-					c2l_p(data,l,ec);
-					p[sw]=l;
-					}
-				}
-			return;
-			}
-		}
-	/* we now can process the input data in blocks of MD5_CBLOCK
-	 * chars and save the leftovers to c->data. */
-#ifdef L_ENDIAN
-	if ((((unsigned long)data)%sizeof(ULONG)) == 0)
-		{
-		sw=(int)len/MD5_CBLOCK;
-		if (sw > 0)
-			{
-			sw*=MD5_CBLOCK;
-			md5_block(c,(ULONG *)data,sw);
-			data+=sw;
-			len-=sw;
-			}
-		}
-#endif
-	p=c->data;
-	while (len >= MD5_CBLOCK)
-		{
-#if defined(L_ENDIAN) || defined(B_ENDIAN)
-		if (p != (unsigned long *)data)
-			memcpy(p,data,MD5_CBLOCK);
-		data+=MD5_CBLOCK;
-#ifdef B_ENDIAN
-		for (sw=(MD5_LBLOCK/4); sw; sw--)
-			{
-			Endian_Reverse32(p[0]);
-			Endian_Reverse32(p[1]);
-			Endian_Reverse32(p[2]);
-			Endian_Reverse32(p[3]);
-			p+=4;
-			}
-#endif
-#else
-		for (sw=(MD5_LBLOCK/4); sw; sw--)
-			{
-			c2l(data,l); *(p++)=l;
-			c2l(data,l); *(p++)=l;
-			c2l(data,l); *(p++)=l;
-			c2l(data,l); *(p++)=l; 
-			} 
-#endif
-		p=c->data;
-		md5_block(c,p,64);
-		len-=MD5_CBLOCK;
-		}
-	sc=(int)len;
-	c->num=sc;
-	if (sc)
-		{
-		sw=sc>>2;	/* words to copy */
-#ifdef L_ENDIAN
-		p[sw]=0;
-		memcpy(p,data,sc);
-#else
-		sc&=0x03;
-		for ( ; sw; sw--)
-			{ c2l(data,l); *(p++)=l; }
-		c2l_p(data,l,sc);
-		*p=l;
-#endif
-		}
-	}
-
-void MD5_Transform(c,b)
-MD5_CTX *c;
-unsigned char *b;
-	{
-	ULONG p[16];
-#if !defined(L_ENDIAN)
-	ULONG *q;
-	int i;
-#endif
-
-#if defined(B_ENDIAN) || defined(L_ENDIAN)
-	memcpy(p,b,64);
-#ifdef B_ENDIAN
-	q=p;
-	for (i=(MD5_LBLOCK/4); i; i--)
-		{
-		Endian_Reverse32(q[0]);
-		Endian_Reverse32(q[1]);
-		Endian_Reverse32(q[2]);
-		Endian_Reverse32(q[3]);
-		q+=4;
-		}
-#endif
-#else
-	q=p;
-	for (i=(MD5_LBLOCK/4); i; i--)
-		{
-		ULONG l;
-		c2l(b,l); *(q++)=l;
-		c2l(b,l); *(q++)=l;
-		c2l(b,l); *(q++)=l;
-		c2l(b,l); *(q++)=l; 
-		} 
-#endif
-	md5_block(c,p,64);
-	}
-
-#ifndef MD5_ASM
-
-static void md5_block(c, X, num)
-MD5_CTX *c;
-register ULONG *X;
-int num;
+#ifndef md5_block_host_order
+void md5_block_host_order (MD5_CTX *c, const void *data, int num)
 	{
-	register ULONG A,B,C,D;
+	const MD5_LONG *X=data;
+	register unsigned long A,B,C,D;
+	/*
+	 * In case you wonder why A-D are declared as long and not
+	 * as MD5_LONG. Doing so results in slight performance
+	 * boost on LP64 architectures. The catch is we don't
+	 * really care if 32 MSBs of a 64-bit register get polluted
+	 * with eventual overflows as we *save* only 32 LSBs in
+	 * *either* case. Now declaring 'em long excuses the compiler
+	 * from keeping 32 MSBs zeroed resulting in 13% performance
+	 * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+	 * Well, to be honest it should say that this *prevents* 
+	 * performance degradation.
+	 *
+	 *				<appro@fy.chalmers.se>
+	 */
 
 	A=c->A;
 	B=c->B;
 	C=c->C;
 	D=c->D;
-	for (;;)
+
+	for (;num--;X+=HASH_LBLOCK)
 		{
 	/* Round 0 */
 	R0(A,B,C,D,X[ 0], 7,0xd76aa478L);
@@ -351,80 +178,133 @@ int num;
 	R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL);
 	R3(B,C,D,A,X[ 9],21,0xeb86d391L);
 
-	A+=c->A&0xffffffffL;
-	B+=c->B&0xffffffffL;
-	c->A=A;
-	c->B=B;
-	C+=c->C&0xffffffffL;
-	D+=c->D&0xffffffffL;
-	c->C=C;
-	c->D=D;
-	X+=16;
-	num-=64;
-	if (num <= 0) break;
+	A = c->A += A;
+	B = c->B += B;
+	C = c->C += C;
+	D = c->D += D;
 		}
 	}
 #endif
 
-void MD5_Final(md, c)
-unsigned char *md;
-MD5_CTX *c;
+#ifndef md5_block_data_order
+#ifdef X
+#undef X
+#endif
+void md5_block_data_order (MD5_CTX *c, const void *data_, int num)
 	{
-	register int i,j;
-	register ULONG l;
-	register ULONG *p;
-	static unsigned char end[4]={0x80,0x00,0x00,0x00};
-	unsigned char *cp=end;
+	const unsigned char *data=data_;
+	register unsigned long A,B,C,D,l;
+	/*
+	 * In case you wonder why A-D are declared as long and not
+	 * as MD5_LONG. Doing so results in slight performance
+	 * boost on LP64 architectures. The catch is we don't
+	 * really care if 32 MSBs of a 64-bit register get polluted
+	 * with eventual overflows as we *save* only 32 LSBs in
+	 * *either* case. Now declaring 'em long excuses the compiler
+	 * from keeping 32 MSBs zeroed resulting in 13% performance
+	 * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+	 * Well, to be honest it should say that this *prevents* 
+	 * performance degradation.
+	 *
+	 *				<appro@fy.chalmers.se>
+	 */
+#ifndef MD32_XARRAY
+	/* See comment in crypto/sha/sha_locl.h for details. */
+	unsigned long	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+			XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
+# define X(i)	XX##i
+#else
+	MD5_LONG XX[MD5_LBLOCK];
+# define X(i)	XX[i]
+#endif
 
-	/* c->num should definitly have room for at least one more byte. */
-	p=c->data;
-	j=c->num;
-	i=j>>2;
+	A=c->A;
+	B=c->B;
+	C=c->C;
+	D=c->D;
 
-	/* purify often complains about the following line as an
-	 * Uninitialized Memory Read.  While this can be true, the
-	 * following p_c2l macro will reset l when that case is true.
-	 * This is because j&0x03 contains the number of 'valid' bytes
-	 * already in p[i].  If and only if j&0x03 == 0, the UMR will
-	 * occur but this is also the only time p_c2l will do
-	 * l= *(cp++) instead of l|= *(cp++)
-	 * Many thanks to Alex Tang <altitude@cic.net> for pickup this
-	 * 'potential bug' */
-#ifdef PURIFY
-	if ((j&0x03) == 0) p[i]=0;
-#endif
-	l=p[i];
-	p_c2l(cp,l,j&0x03);
-	p[i]=l;
-	i++;
-	/* i is the next 'undefined word' */
-	if (c->num >= MD5_LAST_BLOCK)
+	for (;num--;)
 		{
-		for (; i<MD5_LBLOCK; i++)
-			p[i]=0;
-		md5_block(c,p,64);
-		i=0;
-		}
-	for (; i<(MD5_LBLOCK-2); i++)
-		p[i]=0;
-	p[MD5_LBLOCK-2]=c->Nl;
-	p[MD5_LBLOCK-1]=c->Nh;
-	md5_block(c,p,64);
-	cp=md;
-	l=c->A; l2c(l,cp);
-	l=c->B; l2c(l,cp);
-	l=c->C; l2c(l,cp);
-	l=c->D; l2c(l,cp);
+	HOST_c2l(data,l); X( 0)=l;		HOST_c2l(data,l); X( 1)=l;
+	/* Round 0 */
+	R0(A,B,C,D,X( 0), 7,0xd76aa478L);	HOST_c2l(data,l); X( 2)=l;
+	R0(D,A,B,C,X( 1),12,0xe8c7b756L);	HOST_c2l(data,l); X( 3)=l;
+	R0(C,D,A,B,X( 2),17,0x242070dbL);	HOST_c2l(data,l); X( 4)=l;
+	R0(B,C,D,A,X( 3),22,0xc1bdceeeL);	HOST_c2l(data,l); X( 5)=l;
+	R0(A,B,C,D,X( 4), 7,0xf57c0fafL);	HOST_c2l(data,l); X( 6)=l;
+	R0(D,A,B,C,X( 5),12,0x4787c62aL);	HOST_c2l(data,l); X( 7)=l;
+	R0(C,D,A,B,X( 6),17,0xa8304613L);	HOST_c2l(data,l); X( 8)=l;
+	R0(B,C,D,A,X( 7),22,0xfd469501L);	HOST_c2l(data,l); X( 9)=l;
+	R0(A,B,C,D,X( 8), 7,0x698098d8L);	HOST_c2l(data,l); X(10)=l;
+	R0(D,A,B,C,X( 9),12,0x8b44f7afL);	HOST_c2l(data,l); X(11)=l;
+	R0(C,D,A,B,X(10),17,0xffff5bb1L);	HOST_c2l(data,l); X(12)=l;
+	R0(B,C,D,A,X(11),22,0x895cd7beL);	HOST_c2l(data,l); X(13)=l;
+	R0(A,B,C,D,X(12), 7,0x6b901122L);	HOST_c2l(data,l); X(14)=l;
+	R0(D,A,B,C,X(13),12,0xfd987193L);	HOST_c2l(data,l); X(15)=l;
+	R0(C,D,A,B,X(14),17,0xa679438eL);
+	R0(B,C,D,A,X(15),22,0x49b40821L);
+	/* Round 1 */
+	R1(A,B,C,D,X( 1), 5,0xf61e2562L);
+	R1(D,A,B,C,X( 6), 9,0xc040b340L);
+	R1(C,D,A,B,X(11),14,0x265e5a51L);
+	R1(B,C,D,A,X( 0),20,0xe9b6c7aaL);
+	R1(A,B,C,D,X( 5), 5,0xd62f105dL);
+	R1(D,A,B,C,X(10), 9,0x02441453L);
+	R1(C,D,A,B,X(15),14,0xd8a1e681L);
+	R1(B,C,D,A,X( 4),20,0xe7d3fbc8L);
+	R1(A,B,C,D,X( 9), 5,0x21e1cde6L);
+	R1(D,A,B,C,X(14), 9,0xc33707d6L);
+	R1(C,D,A,B,X( 3),14,0xf4d50d87L);
+	R1(B,C,D,A,X( 8),20,0x455a14edL);
+	R1(A,B,C,D,X(13), 5,0xa9e3e905L);
+	R1(D,A,B,C,X( 2), 9,0xfcefa3f8L);
+	R1(C,D,A,B,X( 7),14,0x676f02d9L);
+	R1(B,C,D,A,X(12),20,0x8d2a4c8aL);
+	/* Round 2 */
+	R2(A,B,C,D,X( 5), 4,0xfffa3942L);
+	R2(D,A,B,C,X( 8),11,0x8771f681L);
+	R2(C,D,A,B,X(11),16,0x6d9d6122L);
+	R2(B,C,D,A,X(14),23,0xfde5380cL);
+	R2(A,B,C,D,X( 1), 4,0xa4beea44L);
+	R2(D,A,B,C,X( 4),11,0x4bdecfa9L);
+	R2(C,D,A,B,X( 7),16,0xf6bb4b60L);
+	R2(B,C,D,A,X(10),23,0xbebfbc70L);
+	R2(A,B,C,D,X(13), 4,0x289b7ec6L);
+	R2(D,A,B,C,X( 0),11,0xeaa127faL);
+	R2(C,D,A,B,X( 3),16,0xd4ef3085L);
+	R2(B,C,D,A,X( 6),23,0x04881d05L);
+	R2(A,B,C,D,X( 9), 4,0xd9d4d039L);
+	R2(D,A,B,C,X(12),11,0xe6db99e5L);
+	R2(C,D,A,B,X(15),16,0x1fa27cf8L);
+	R2(B,C,D,A,X( 2),23,0xc4ac5665L);
+	/* Round 3 */
+	R3(A,B,C,D,X( 0), 6,0xf4292244L);
+	R3(D,A,B,C,X( 7),10,0x432aff97L);
+	R3(C,D,A,B,X(14),15,0xab9423a7L);
+	R3(B,C,D,A,X( 5),21,0xfc93a039L);
+	R3(A,B,C,D,X(12), 6,0x655b59c3L);
+	R3(D,A,B,C,X( 3),10,0x8f0ccc92L);
+	R3(C,D,A,B,X(10),15,0xffeff47dL);
+	R3(B,C,D,A,X( 1),21,0x85845dd1L);
+	R3(A,B,C,D,X( 8), 6,0x6fa87e4fL);
+	R3(D,A,B,C,X(15),10,0xfe2ce6e0L);
+	R3(C,D,A,B,X( 6),15,0xa3014314L);
+	R3(B,C,D,A,X(13),21,0x4e0811a1L);
+	R3(A,B,C,D,X( 4), 6,0xf7537e82L);
+	R3(D,A,B,C,X(11),10,0xbd3af235L);
+	R3(C,D,A,B,X( 2),15,0x2ad7d2bbL);
+	R3(B,C,D,A,X( 9),21,0xeb86d391L);
 
-	/* clear stuff, md5_block may be leaving some stuff on the stack
-	 * but I'm not worried :-) */
-	c->num=0;
-/*	memset((char *)&c,0,sizeof(c));*/
+	A = c->A += A;
+	B = c->B += B;
+	C = c->C += C;
+	D = c->D += D;
+		}
 	}
+#endif
 
 #ifdef undef
-int printit(l)
-unsigned long *l;
+int printit(unsigned long *l)
 	{
 	int i,ii;
 
diff --git a/crypto/md5/md5_locl.h b/crypto/md5/md5_locl.h
index dbbe1b71ca..34c5257306 100644
--- a/crypto/md5/md5_locl.h
+++ b/crypto/md5/md5_locl.h
@@ -56,109 +56,94 @@
  * [including the GNU Public Licence.]
  */
 
-/* On sparc, this actually slows things down :-( */
-#if defined(sun)
-#undef B_ENDIAN
-#endif
-
 #include <stdlib.h>
 #include <string.h>
-#include "md5.h"
-
-#define ULONG	unsigned long
-#define UCHAR	unsigned char
-#define UINT	unsigned int
+#include <openssl/opensslconf.h>
+#include <openssl/md5.h>
 
-#if defined(NOCONST)
-#define const
+#ifndef MD5_LONG_LOG2
+#define MD5_LONG_LOG2 2 /* default to 32 bits */
 #endif
 
-#undef c2l
-#define c2l(c,l)	(l = ((unsigned long)(*((c)++)))     , \
-			 l|=(((unsigned long)(*((c)++)))<< 8), \
-			 l|=(((unsigned long)(*((c)++)))<<16), \
-			 l|=(((unsigned long)(*((c)++)))<<24))
-
-#undef p_c2l
-#define p_c2l(c,l,n)	{ \
-			switch (n) { \
-			case 0: l =((unsigned long)(*((c)++))); \
-			case 1: l|=((unsigned long)(*((c)++)))<< 8; \
-			case 2: l|=((unsigned long)(*((c)++)))<<16; \
-			case 3: l|=((unsigned long)(*((c)++)))<<24; \
-				} \
-			}
+#ifdef MD5_ASM
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+#  define md5_block_host_order md5_block_asm_host_order
+# elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC)
+   void md5_block_asm_data_order_aligned (MD5_CTX *c, const MD5_LONG *p,int num);
+#  define HASH_BLOCK_DATA_ORDER_ALIGNED md5_block_asm_data_order_aligned
+# endif
+#endif
 
-/* NOTE the pointer is not incremented at the end of this */
-#undef c2l_p
-#define c2l_p(c,l,n)	{ \
-			l=0; \
-			(c)+=n; \
-			switch (n) { \
-			case 3: l =((unsigned long)(*(--(c))))<<16; \
-			case 2: l|=((unsigned long)(*(--(c))))<< 8; \
-			case 1: l|=((unsigned long)(*(--(c))))    ; \
-				} \
-			}
+void md5_block_host_order (MD5_CTX *c, const void *p,int num);
+void md5_block_data_order (MD5_CTX *c, const void *p,int num);
 
-#undef p_c2l_p
-#define p_c2l_p(c,l,sc,len) { \
-			switch (sc) \
-				{ \
-			case 0: l =((unsigned long)(*((c)++))); \
-				if (--len == 0) break; \
-			case 1: l|=((unsigned long)(*((c)++)))<< 8; \
-				if (--len == 0) break; \
-			case 2: l|=((unsigned long)(*((c)++)))<<16; \
-				} \
-			}
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+/*
+ * *_block_host_order is expected to handle aligned data while
+ * *_block_data_order - unaligned. As algorithm and host (x86)
+ * are in this case of the same "endianness" these two are
+ * otherwise indistinguishable. But normally you don't want to
+ * call the same function because unaligned access in places
+ * where alignment is expected is usually a "Bad Thing". Indeed,
+ * on RISCs you get punished with BUS ERROR signal or *severe*
+ * performance degradation. Intel CPUs are in turn perfectly
+ * capable of loading unaligned data without such drastic side
+ * effect. Yes, they say it's slower than aligned load, but no
+ * exception is generated and therefore performance degradation
+ * is *incomparable* with RISCs. What we should weight here is
+ * costs of unaligned access against costs of aligning data.
+ * According to my measurements allowing unaligned access results
+ * in ~9% performance improvement on Pentium II operating at
+ * 266MHz. I won't be surprised if the difference will be higher
+ * on faster systems:-)
+ *
+ *				<appro@fy.chalmers.se>
+ */
+#define md5_block_data_order md5_block_host_order
+#endif
 
-#undef l2c
-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>24)&0xff))
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+
+#define HASH_LONG		MD5_LONG
+#define HASH_LONG_LOG2		MD5_LONG_LOG2
+#define HASH_CTX		MD5_CTX
+#define HASH_CBLOCK		MD5_CBLOCK
+#define HASH_LBLOCK		MD5_LBLOCK
+#define HASH_UPDATE		MD5_Update
+#define HASH_TRANSFORM		MD5_Transform
+#define HASH_FINAL		MD5_Final
+#define	HASH_MAKE_STRING(c,s)	do {	\
+	unsigned long ll;		\
+	ll=(c)->A; HOST_l2c(ll,(s));	\
+	ll=(c)->B; HOST_l2c(ll,(s));	\
+	ll=(c)->C; HOST_l2c(ll,(s));	\
+	ll=(c)->D; HOST_l2c(ll,(s));	\
+	} while (0)
+#define HASH_BLOCK_HOST_ORDER	md5_block_host_order
+#if !defined(L_ENDIAN) || defined(md5_block_data_order)
+#define	HASH_BLOCK_DATA_ORDER	md5_block_data_order
+/*
+ * Little-endians (Intel and Alpha) feel better without this.
+ * It looks like memcpy does better job than generic
+ * md5_block_data_order on copying-n-aligning input data.
+ * But frankly speaking I didn't expect such result on Alpha.
+ * On the other hand I've got this with egcs-1.0.2 and if
+ * program is compiled with another (better?) compiler it
+ * might turn out other way around.
+ *
+ *				<appro@fy.chalmers.se>
+ */
+#endif
 
-/* NOTE - c is not incremented as per l2c */
-#undef l2cn
-#define l2cn(l1,l2,c,n)	{ \
-			c+=n; \
-			switch (n) { \
-			case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
-			case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
-			case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
-			case 5: *(--(c))=(unsigned char)(((l2)    )&0xff); \
-			case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
-			case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
-			case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
-			case 1: *(--(c))=(unsigned char)(((l1)    )&0xff); \
-				} \
-			}
+#include "md32_common.h"
 
-/* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
-#if defined(WIN32)
-/* 5 instructions with rotate instruction, else 9 */
-#define Endian_Reverse32(a) \
-	{ \
-	unsigned long l=(a); \
-	(a)=((ROTATE(l,8)&0x00FF00FF)|(ROTATE(l,24)&0xFF00FF00)); \
-	}
-#else
-/* 6 instructions with rotate instruction, else 8 */
-#define Endian_Reverse32(a) \
-	{ \
-	unsigned long l=(a); \
-	l=(((l&0xFF00FF00)>>8L)|((l&0x00FF00FF)<<8L)); \
-	(a)=ROTATE(l,16L); \
-	}
-#endif
 /*
 #define	F(x,y,z)	(((x) & (y))  |  ((~(x)) & (z)))
 #define	G(x,y,z)	(((x) & (z))  |  ((y) & (~(z))))
 */
 
 /* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be
- * simplified to the code below.  Wei attributes these optimisations
+ * simplified to the code below.  Wei attributes these optimizations
  * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
  */
 #define	F(b,c,d)	((((c) ^ (d)) & (b)) ^ (d))
@@ -166,14 +151,6 @@
 #define	H(b,c,d)	((b) ^ (c) ^ (d))
 #define	I(b,c,d)	(((~(d)) | (b)) ^ (c))
 
-#undef ROTATE
-#if defined(WIN32)
-#define ROTATE(a,n)     _lrotl(a,n)
-#else
-#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
-#endif
-
-
 #define R0(a,b,c,d,k,s,t) { \
 	a+=((k)+(t)+F((b),(c),(d))); \
 	a=ROTATE(a,s); \
diff --git a/crypto/md5/md5_one.c b/crypto/md5/md5_one.c
index ab6bb435f9..c5dd2d81db 100644
--- a/crypto/md5/md5_one.c
+++ b/crypto/md5/md5_one.c
@@ -57,21 +57,40 @@
  */
 
 #include <stdio.h>
-#include "md5_locl.h"
+#include <string.h>
+#include <openssl/md5.h>
+#include <openssl/crypto.h>
 
-unsigned char *MD5(d, n, md)
-unsigned char *d;
-unsigned long n;
-unsigned char *md;
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md)
 	{
 	MD5_CTX c;
 	static unsigned char m[MD5_DIGEST_LENGTH];
 
 	if (md == NULL) md=m;
 	MD5_Init(&c);
+#ifndef CHARSET_EBCDIC
 	MD5_Update(&c,d,n);
+#else
+	{
+		char temp[1024];
+		unsigned long chunk;
+
+		while (n > 0)
+		{
+			chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+			ebcdic2ascii(temp, d, chunk);
+			MD5_Update(&c,temp,chunk);
+			n -= chunk;
+			d += chunk;
+		}
+	}
+#endif
 	MD5_Final(md,&c);
-	memset(&c,0,sizeof(c)); /* security consideration */
+	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
 	return(md);
 	}
 
diff --git a/crypto/md5/md5s.cpp b/crypto/md5/md5s.cpp
index ef8e175df0..dd343fd4e6 100644
--- a/crypto/md5/md5s.cpp
+++ b/crypto/md5/md5s.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "md5.h"
+#include <openssl/md5.h>
 
 extern "C" {
 void md5_block_x86(MD5_CTX *ctx, unsigned char *buffer,int num);
diff --git a/crypto/md5/md5test.c b/crypto/md5/md5test.c
index 74b84bc67f..bfd62629ed 100644
--- a/crypto/md5/md5test.c
+++ b/crypto/md5/md5test.c
@@ -59,9 +59,20 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "md5.h"
 
-char *test[]={
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_MD5
+int main(int argc, char *argv[])
+{
+    printf("No MD5 support\n");
+    return(0);
+}
+#else
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+
+static char *test[]={
 	"",
 	"a",
 	"abc",
@@ -72,7 +83,7 @@ char *test[]={
 	NULL,
 	};
 
-char *ret[]={
+static char *ret[]={
 	"d41d8cd98f00b204e9800998ecf8427e",
 	"0cc175b9c0f1b6a831c399e269772661",
 	"900150983cd24fb0d6963f7d28e17f72",
@@ -82,26 +93,21 @@ char *ret[]={
 	"57edf4a22be3c955ac49da2e2107b67a",
 	};
 
-#ifndef NOPROTO
 static char *pt(unsigned char *md);
-#else
-static char *pt();
-#endif
-
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int i,err=0;
 	unsigned char **P,**R;
 	char *p;
+	unsigned char md[MD5_DIGEST_LENGTH];
 
 	P=(unsigned char **)test;
 	R=(unsigned char **)ret;
 	i=1;
 	while (*P != NULL)
 		{
-		p=pt(MD5(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+		EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_md5(), NULL);
+		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{
 			printf("error calculating MD5 on '%s'\n",*P);
@@ -114,12 +120,11 @@ char *argv[];
 		R++;
 		P++;
 		}
-	exit(err);
+	EXIT(err);
 	return(0);
 	}
 
-static char *pt(md)
-unsigned char *md;
+static char *pt(unsigned char *md)
 	{
 	int i;
 	static char buf[80];
@@ -128,3 +133,4 @@ unsigned char *md;
 		sprintf(&(buf[i*2]),"%02x",md[i]);
 	return(buf);
 	}
+#endif
diff --git a/crypto/mdc2/.cvsignore b/crypto/mdc2/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/mdc2/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/mdc2/Makefile.ssl b/crypto/mdc2/Makefile.ssl
index 495a2789a0..387d7f8cd8 100644
--- a/crypto/mdc2/Makefile.ssl
+++ b/crypto/mdc2/Makefile.ssl
@@ -7,9 +7,12 @@ TOP=	../..
 CC=	cc
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -37,24 +40,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -66,15 +68,31 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+mdc2_one.o: ../../e_os.h ../../include/openssl/bio.h
+mdc2_one.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+mdc2_one.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+mdc2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+mdc2_one.o: ../../include/openssl/lhash.h ../../include/openssl/mdc2.h
+mdc2_one.o: ../../include/openssl/opensslconf.h
+mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+mdc2_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+mdc2_one.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+mdc2_one.o: ../cryptlib.h mdc2_one.c
+mdc2dgst.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+mdc2dgst.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+mdc2dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h
+mdc2dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+mdc2dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+mdc2dgst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+mdc2dgst.o: mdc2dgst.c
diff --git a/crypto/mdc2/mdc2.h b/crypto/mdc2/mdc2.h
index 0b104be184..793a8a0f13 100644
--- a/crypto/mdc2/mdc2.h
+++ b/crypto/mdc2/mdc2.h
@@ -59,11 +59,15 @@
 #ifndef HEADER_MDC2_H
 #define HEADER_MDC2_H
 
+#include <openssl/des.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#include "des.h"
+#ifdef OPENSSL_NO_MDC2
+#error MDC2 is disabled.
+#endif
 
 #define MDC2_BLOCK              8
 #define MDC2_DIGEST_LENGTH      16
@@ -72,25 +76,16 @@ typedef struct mdc2_ctx_st
 	{
 	int num;
 	unsigned char data[MDC2_BLOCK];
-	des_cblock h,hh;
+	DES_cblock h,hh;
 	int pad_type; /* either 1 or 2, default 1 */
 	} MDC2_CTX;
 
-#ifndef NOPROTO
-
-void MDC2_Init(MDC2_CTX *c);
-void MDC2_Update(MDC2_CTX *c, unsigned char *data, unsigned long len);
-void MDC2_Final(unsigned char *md, MDC2_CTX *c);
-unsigned char *MDC2(unsigned char *d, unsigned long n, unsigned char *md);
 
-#else
-
-void MDC2_Init();
-void MDC2_Update();
-void MDC2_Final();
-unsigned char *MDC2();
-
-#endif
+int MDC2_Init(MDC2_CTX *c);
+int MDC2_Update(MDC2_CTX *c, const unsigned char *data, unsigned long len);
+int MDC2_Final(unsigned char *md, MDC2_CTX *c);
+unsigned char *MDC2(const unsigned char *d, unsigned long n,
+	unsigned char *md);
 
 #ifdef  __cplusplus
 }
diff --git a/crypto/mdc2/mdc2_one.c b/crypto/mdc2/mdc2_one.c
index aa055b66fd..37f06c8d77 100644
--- a/crypto/mdc2/mdc2_one.c
+++ b/crypto/mdc2/mdc2_one.c
@@ -58,12 +58,9 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "mdc2.h"
+#include <openssl/mdc2.h>
 
-unsigned char *MDC2(d, n, md)
-unsigned char *d;
-unsigned long n;
-unsigned char *md;
+unsigned char *MDC2(const unsigned char *d, unsigned long n, unsigned char *md)
 	{
 	MDC2_CTX c;
 	static unsigned char m[MDC2_DIGEST_LENGTH];
@@ -72,7 +69,7 @@ unsigned char *md;
 	MDC2_Init(&c);
 	MDC2_Update(&c,d,n);
         MDC2_Final(md,&c);
-	memset(&c,0,sizeof(c)); /* security consideration */
+	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
 	return(md);
 	}
 
diff --git a/crypto/mdc2/mdc2dgst.c b/crypto/mdc2/mdc2dgst.c
index 2a086c0612..32daa9b0da 100644
--- a/crypto/mdc2/mdc2dgst.c
+++ b/crypto/mdc2/mdc2dgst.c
@@ -59,8 +59,8 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "des.h"
-#include "mdc2.h"
+#include <openssl/des.h>
+#include <openssl/mdc2.h>
 
 #undef c2l
 #define c2l(c,l)	(l =((DES_LONG)(*((c)++)))    , \
@@ -74,25 +74,17 @@
 			*((c)++)=(unsigned char)(((l)>>16L)&0xff), \
 			*((c)++)=(unsigned char)(((l)>>24L)&0xff))
 
-#ifndef NOPROTO
-static void mdc2_body(MDC2_CTX *c, unsigned char *in, unsigned int len);
-#else
-static void mdc2_body();
-#endif
-
-void MDC2_Init(c)
-MDC2_CTX *c;
+static void mdc2_body(MDC2_CTX *c, const unsigned char *in, unsigned int len);
+int MDC2_Init(MDC2_CTX *c)
 	{
 	c->num=0;
 	c->pad_type=1;
 	memset(&(c->h[0]),0x52,MDC2_BLOCK);
 	memset(&(c->hh[0]),0x25,MDC2_BLOCK);
+	return 1;
 	}
 
-void MDC2_Update(c,in,len)
-MDC2_CTX *c;
-register unsigned char *in;
-unsigned long len;
+int MDC2_Update(MDC2_CTX *c, const unsigned char *in, unsigned long len)
 	{
 	int i,j;
 
@@ -104,7 +96,7 @@ unsigned long len;
 			/* partial block */
 			memcpy(&(c->data[i]),in,(int)len);
 			c->num+=(int)len;
-			return;
+			return 1;
 			}
 		else
 			{
@@ -125,56 +117,48 @@ unsigned long len;
 		memcpy(&(c->data[0]),&(in[i]),j);
 		c->num=j;
 		}
+	return 1;
 	}
 
-static void mdc2_body(c,in,len)
-MDC2_CTX *c;
-unsigned char *in;
-unsigned int len;
+static void mdc2_body(MDC2_CTX *c, const unsigned char *in, unsigned int len)
 	{
 	register DES_LONG tin0,tin1;
 	register DES_LONG ttin0,ttin1;
 	DES_LONG d[2],dd[2];
-	des_cblock *h,*hh;
-	des_key_schedule k;
+	DES_key_schedule k;
 	unsigned char *p;
 	unsigned int i;
 
-	h= (des_cblock *)&(c->h[0]);
-	hh= (des_cblock *)&(c->hh[0]);
-
 	for (i=0; i<len; i+=8)
 		{
 		c2l(in,tin0); d[0]=dd[0]=tin0;
 		c2l(in,tin1); d[1]=dd[1]=tin1;
-		(*h)[0]=((*h)[0]&0x9f)|0x40;
-		(*hh)[0]=((*hh)[0]&0x9f)|0x20;
+		c->h[0]=(c->h[0]&0x9f)|0x40;
+		c->hh[0]=(c->hh[0]&0x9f)|0x20;
 
-		des_set_odd_parity(h);
-		des_set_key(h,k);
-		des_encrypt((DES_LONG *)d,k,1);
+		DES_set_odd_parity(&c->h);
+		DES_set_key_unchecked(&c->h,&k);
+		DES_encrypt1(d,&k,1);
 
-		des_set_odd_parity(hh);
-		des_set_key(hh,k);
-		des_encrypt((DES_LONG *)dd,k,1);
+		DES_set_odd_parity(&c->hh);
+		DES_set_key_unchecked(&c->hh,&k);
+		DES_encrypt1(dd,&k,1);
 
 		ttin0=tin0^dd[0];
 		ttin1=tin1^dd[1];
 		tin0^=d[0];
 		tin1^=d[1];
 
-		p=(unsigned char *)h;
+		p=c->h;
 		l2c(tin0,p);
 		l2c(ttin1,p);
-		p=(unsigned char *)hh;
+		p=c->hh;
 		l2c(ttin0,p);
 		l2c(tin1,p);
 		}
 	}
 
-void MDC2_Final(md,c)
-unsigned char *md;
-MDC2_CTX *c;
+int MDC2_Final(unsigned char *md, MDC2_CTX *c)
 	{
 	int i,j;
 
@@ -189,6 +173,7 @@ MDC2_CTX *c;
 		}
 	memcpy(md,(char *)c->h,MDC2_BLOCK);
 	memcpy(&(md[MDC2_BLOCK]),(char *)c->hh,MDC2_BLOCK);
+	return 1;
 	}
 
 #undef TEST
diff --git a/crypto/mdc2/mdc2test.c b/crypto/mdc2/mdc2test.c
index 6e7c9a706e..c9abe99d92 100644
--- a/crypto/mdc2/mdc2test.c
+++ b/crypto/mdc2/mdc2test.c
@@ -59,7 +59,26 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "mdc2.h"
+
+#include "../e_os.h"
+
+#if defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_MDC2)
+#define OPENSSL_NO_MDC2
+#endif
+
+#ifdef OPENSSL_NO_MDC2
+int main(int argc, char *argv[])
+{
+    printf("No MDC2 support\n");
+    return(0);
+}
+#else
+#include <openssl/evp.h>
+#include <openssl/mdc2.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
 
 static unsigned char pad1[16]={
 	0x42,0xE5,0x0C,0xD2,0x24,0xBA,0xCE,0xBA,
@@ -71,19 +90,22 @@ static unsigned char pad2[16]={
 	0x35,0xD8,0x7A,0xFE,0xAB,0x33,0xBE,0xE2
 	};
 
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int ret=0;
 	unsigned char md[MDC2_DIGEST_LENGTH];
 	int i;
-	MDC2_CTX c;
+	EVP_MD_CTX c;
 	static char *text="Now is the time for all ";
 
-	MDC2_Init(&c);
-	MDC2_Update(&c,(unsigned char *)text,strlen(text));
-	MDC2_Final(&(md[0]),&c);
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(text,text,strlen(text));
+#endif
+
+	EVP_MD_CTX_init(&c);
+	EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
+	EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
+	EVP_DigestFinal_ex(&c,&(md[0]),NULL);
 
 	if (memcmp(md,pad1,MDC2_DIGEST_LENGTH) != 0)
 		{
@@ -98,10 +120,11 @@ char *argv[];
 	else
 		printf("pad1 - ok\n");
 
-	MDC2_Init(&c);
-	c.pad_type=2;
-	MDC2_Update(&c,(unsigned char *)text,strlen(text));
-	MDC2_Final(&(md[0]),&c);
+	EVP_DigestInit_ex(&c,EVP_mdc2(), NULL);
+	/* FIXME: use a ctl function? */
+	((MDC2_CTX *)c.md_data)->pad_type=2;
+	EVP_DigestUpdate(&c,(unsigned char *)text,strlen(text));
+	EVP_DigestFinal_ex(&c,&(md[0]),NULL);
 
 	if (memcmp(md,pad2,MDC2_DIGEST_LENGTH) != 0)
 		{
@@ -116,7 +139,8 @@ char *argv[];
 	else
 		printf("pad2 - ok\n");
 
-	exit(ret);
+	EVP_MD_CTX_cleanup(&c);
+	EXIT(ret);
 	return(ret);
 	}
-
+#endif
diff --git a/crypto/mem.c b/crypto/mem.c
index e5f24923c9..d7d3cda5dc 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -58,356 +58,330 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "buffer.h"
-#include "bio.h"
-#include "lhash.h"
+#include <openssl/crypto.h>
 #include "cryptlib.h"
 
-#ifdef CRYPTO_MDEBUG
-static int mh_mode=CRYPTO_MEM_CHECK_ON;
-#else
-static int mh_mode=CRYPTO_MEM_CHECK_OFF;
-#endif
-static unsigned long order=0;
 
-static LHASH *mh=NULL;
+static int allow_customize = 1;      /* we provide flexible functions for */
+static int allow_customize_debug = 1;/* exchanging memory-related functions at
+                                      * run-time, but this must be done
+                                      * before any blocks are actually
+                                      * allocated; or we'll run into huge
+                                      * problems when malloc/free pairs
+                                      * don't match etc. */
 
-typedef struct mem_st
-	{
-	char *addr;
-	int num;
-	char *file;
-	int line;
-	unsigned long order;
-	} MEM;
-
-int CRYPTO_mem_ctrl(mode)
-int mode;
-	{
-	int ret=mh_mode;
 
-	CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
-	switch (mode)
-		{
-	case CRYPTO_MEM_CHECK_ON:
-		mh_mode|=CRYPTO_MEM_CHECK_ON;
-		break;
-	case CRYPTO_MEM_CHECK_OFF:
-		mh_mode&= ~CRYPTO_MEM_CHECK_ON;
-		break;
-	case CRYPTO_MEM_CHECK_DISABLE:
-		mh_mode&= ~CRYPTO_MEM_CHECK_ENABLE;
-		break;
-	case CRYPTO_MEM_CHECK_ENABLE:
-		if (mh_mode&CRYPTO_MEM_CHECK_ON)
-			mh_mode|=CRYPTO_MEM_CHECK_ENABLE;
-		break;
-	default:
-		break;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
-	return(ret);
-	}
 
-static int mem_cmp(a,b)
-MEM *a,*b;
-	{
-	return(a->addr - b->addr);
-	}
+/* the following pointers may be changed as long as 'allow_customize' is set */
 
-static unsigned long mem_hash(a)
-MEM *a;
-	{
-	unsigned long ret;
+static void *(*malloc_func)(size_t)         = malloc;
+static void *default_malloc_ex(size_t num, const char *file, int line)
+	{ return malloc_func(num); }
+static void *(*malloc_ex_func)(size_t, const char *file, int line)
+        = default_malloc_ex;
+
+static void *(*realloc_func)(void *, size_t)= realloc;
+static void *default_realloc_ex(void *str, size_t num,
+        const char *file, int line)
+	{ return realloc_func(str,num); }
+static void *(*realloc_ex_func)(void *, size_t, const char *file, int line)
+        = default_realloc_ex;
+
+static void (*free_func)(void *)            = free;
+
+static void *(*malloc_locked_func)(size_t)  = malloc;
+static void *default_malloc_locked_ex(size_t num, const char *file, int line)
+	{ return malloc_locked_func(num); }
+static void *(*malloc_locked_ex_func)(size_t, const char *file, int line)
+        = default_malloc_locked_ex;
+
+static void (*free_locked_func)(void *)     = free;
 
-	ret=(unsigned long)a->addr;
 
-	ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
-	return(ret);
-	}
 
-static char *(*malloc_locked_func)()=(char *(*)())malloc;
-static void (*free_locked_func)()=(void (*)())free;
-static char *(*malloc_func)()=	(char *(*)())malloc;
-static char *(*realloc_func)()=	(char *(*)())realloc;
-static void (*free_func)()=	(void (*)())free;
+/* may be changed as long as 'allow_customize_debug' is set */
+/* XXX use correct function pointer types */
+#ifdef CRYPTO_MDEBUG
+/* use default functions from mem_dbg.c */
+static void (*malloc_debug_func)(void *,int,const char *,int,int)
+	= CRYPTO_dbg_malloc;
+static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
+	= CRYPTO_dbg_realloc;
+static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free;
+static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options;
+static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options;
+#else
+/* applications can use CRYPTO_malloc_debug_init() to select above case
+ * at run-time */
+static void (*malloc_debug_func)(void *,int,const char *,int,int) = NULL;
+static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
+	= NULL;
+static void (*free_debug_func)(void *,int) = NULL;
+static void (*set_debug_options_func)(long) = NULL;
+static long (*get_debug_options_func)(void) = NULL;
+#endif
+
 
-void CRYPTO_set_mem_functions(m,r,f)
-char *(*m)();
-char *(*r)();
-void (*f)();
+int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t),
+	void (*f)(void *))
 	{
-	if ((m == NULL) || (r == NULL) || (f == NULL)) return;
-	malloc_func=m;
-	realloc_func=r;
+	if (!allow_customize)
+		return 0;
+	if ((m == 0) || (r == 0) || (f == 0))
+		return 0;
+	malloc_func=m; malloc_ex_func=default_malloc_ex;
+	realloc_func=r; realloc_ex_func=default_realloc_ex;
 	free_func=f;
-	malloc_locked_func=m;
+	malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex;
 	free_locked_func=f;
+	return 1;
 	}
 
-void CRYPTO_set_locked_mem_functions(m,f)
-char *(*m)();
-void (*f)();
+int CRYPTO_set_mem_ex_functions(
+        void *(*m)(size_t,const char *,int),
+        void *(*r)(void *, size_t,const char *,int),
+	void (*f)(void *))
 	{
-	if ((m == NULL) || (f == NULL)) return;
-	malloc_locked_func=m;
+	if (!allow_customize)
+		return 0;
+	if ((m == 0) || (r == 0) || (f == 0))
+		return 0;
+	malloc_func=0; malloc_ex_func=m;
+	realloc_func=0; realloc_ex_func=r;
+	free_func=f;
+	malloc_locked_func=0; malloc_locked_ex_func=m;
 	free_locked_func=f;
+	return 1;
 	}
 
-void CRYPTO_get_mem_functions(m,r,f)
-char *(**m)();
-char *(**r)();
-void (**f)();
+int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*f)(void *))
 	{
-	if (m != NULL) *m=malloc_func;
-	if (r != NULL) *r=realloc_func;
-	if (f != NULL) *f=free_func;
+	if (!allow_customize)
+		return 0;
+	if ((m == NULL) || (f == NULL))
+		return 0;
+	malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex;
+	free_locked_func=f;
+	return 1;
 	}
 
-void CRYPTO_get_locked_mem_functions(m,f)
-char *(**m)();
-void (**f)();
+int CRYPTO_set_locked_mem_ex_functions(
+        void *(*m)(size_t,const char *,int),
+        void (*f)(void *))
 	{
-	if (m != NULL) *m=malloc_locked_func;
-	if (f != NULL) *f=free_locked_func;
+	if (!allow_customize)
+		return 0;
+	if ((m == NULL) || (f == NULL))
+		return 0;
+	malloc_locked_func=0; malloc_locked_ex_func=m;
+	free_func=f;
+	return 1;
 	}
 
-char *CRYPTO_malloc_locked(num)
-int num;
+int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
+				   void (*r)(void *,void *,int,const char *,int,int),
+				   void (*f)(void *,int),
+				   void (*so)(long),
+				   long (*go)(void))
 	{
-	return(malloc_locked_func(num));
+	if (!allow_customize_debug)
+		return 0;
+	malloc_debug_func=m;
+	realloc_debug_func=r;
+	free_debug_func=f;
+	set_debug_options_func=so;
+	get_debug_options_func=go;
+	return 1;
 	}
 
-void CRYPTO_free_locked(str)
-char *str;
+
+void CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t),
+	void (**f)(void *))
 	{
-	free_locked_func(str);
+	if (m != NULL) *m = (malloc_ex_func == default_malloc_ex) ? 
+	                     malloc_func : 0;
+	if (r != NULL) *r = (realloc_ex_func == default_realloc_ex) ? 
+	                     realloc_func : 0;
+	if (f != NULL) *f=free_func;
 	}
 
-char *CRYPTO_malloc(num)
-int num;
+void CRYPTO_get_mem_ex_functions(
+        void *(**m)(size_t,const char *,int),
+        void *(**r)(void *, size_t,const char *,int),
+	void (**f)(void *))
 	{
-	return(malloc_func(num));
+	if (m != NULL) *m = (malloc_ex_func != default_malloc_ex) ?
+	                    malloc_ex_func : 0;
+	if (r != NULL) *r = (realloc_ex_func != default_realloc_ex) ?
+	                    realloc_ex_func : 0;
+	if (f != NULL) *f=free_func;
 	}
 
-char *CRYPTO_realloc(str,num)
-char *str;
-int num;
+void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *))
 	{
-	return(realloc_func(str,num));
+	if (m != NULL) *m = (malloc_locked_ex_func == default_malloc_locked_ex) ? 
+	                     malloc_locked_func : 0;
+	if (f != NULL) *f=free_locked_func;
 	}
 
-void CRYPTO_free(str)
-char *str;
+void CRYPTO_get_locked_mem_ex_functions(
+        void *(**m)(size_t,const char *,int),
+        void (**f)(void *))
 	{
-	free_func(str);
+	if (m != NULL) *m = (malloc_locked_ex_func != default_malloc_locked_ex) ?
+	                    malloc_locked_ex_func : 0;
+	if (f != NULL) *f=free_locked_func;
 	}
 
-static unsigned long break_order_num=0;
-char *CRYPTO_dbg_malloc(num,file,line)
-int num;
-char *file;
-int line;
+void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
+				    void (**r)(void *,void *,int,const char *,int,int),
+				    void (**f)(void *,int),
+				    void (**so)(long),
+				    long (**go)(void))
 	{
-	char *ret;
-	MEM *m,*mm;
-
-	if ((ret=malloc_func(num)) == NULL)
-		return(NULL);
-
-	if (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
-		{
-		MemCheck_off();
-		if ((m=(MEM *)Malloc(sizeof(MEM))) == NULL)
-			{
-			Free(ret);
-			MemCheck_on();
-			return(NULL);
-			}
-		CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
-		if (mh == NULL)
-			{
-			if ((mh=lh_new(mem_hash,mem_cmp)) == NULL)
-				{
-				Free(ret);
-				Free(m);
-				ret=NULL;
-				goto err;
-				}
-			}
-
-		m->addr=ret;
-		m->file=file;
-		m->line=line;
-		m->num=num;
-		if (order == break_order_num)
-			{
-			/* BREAK HERE */
-			m->order=order;
-			}
-		m->order=order++;
-		if ((mm=(MEM *)lh_insert(mh,(char *)m)) != NULL)
-			{
-			/* Not good, but don't sweat it */
-			Free(mm);
-			}
-err:
-		CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
-		MemCheck_on();
-		}
-	return(ret);
+	if (m != NULL) *m=malloc_debug_func;
+	if (r != NULL) *r=realloc_debug_func;
+	if (f != NULL) *f=free_debug_func;
+	if (so != NULL) *so=set_debug_options_func;
+	if (go != NULL) *go=get_debug_options_func;
 	}
 
-void CRYPTO_dbg_free(addr)
-char *addr;
+
+void *CRYPTO_malloc_locked(int num, const char *file, int line)
 	{
-	MEM m,*mp;
+	void *ret = NULL;
+	extern unsigned char cleanse_ctr;
 
-	if ((mh_mode & CRYPTO_MEM_CHECK_ENABLE) && (mh != NULL))
+	allow_customize = 0;
+	if (malloc_debug_func != NULL)
 		{
-		MemCheck_off();
-		CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
-		m.addr=addr;
-		mp=(MEM *)lh_delete(mh,(char *)&m);
-		if (mp != NULL)
-			Free(mp);
-		CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
-		MemCheck_on();
+		allow_customize_debug = 0;
+		malloc_debug_func(NULL, num, file, line, 0);
 		}
-	free_func(addr);
+	ret = malloc_locked_ex_func(num,file,line);
+#ifdef LEVITTE_DEBUG_MEM
+	fprintf(stderr, "LEVITTE_DEBUG_MEM:         > 0x%p (%d)\n", ret, num);
+#endif
+	if (malloc_debug_func != NULL)
+		malloc_debug_func(ret, num, file, line, 1);
+
+        /* Create a dependency on the value of 'cleanse_ctr' so our memory
+         * sanitisation function can't be optimised out. NB: We only do
+         * this for >2Kb so the overhead doesn't bother us. */
+        if(ret && (num > 2048))
+		((unsigned char *)ret)[0] = cleanse_ctr;
+
+	return ret;
 	}
 
-char *CRYPTO_dbg_realloc(addr,num,file,line)
-char *addr;
-int num;
-char *file;
-int line;
+void CRYPTO_free_locked(void *str)
 	{
-	char *ret;
-	MEM m,*mp;
+	if (free_debug_func != NULL)
+		free_debug_func(str, 0);
+#ifdef LEVITTE_DEBUG_MEM
+	fprintf(stderr, "LEVITTE_DEBUG_MEM:         < 0x%p\n", str);
+#endif
+	free_locked_func(str);
+	if (free_debug_func != NULL)
+		free_debug_func(NULL, 1);
+	}
 
-	ret=realloc_func(addr,num);
-	if (ret == addr) return(ret);
+void *CRYPTO_malloc(int num, const char *file, int line)
+	{
+	void *ret = NULL;
+	extern unsigned char cleanse_ctr;
 
-	if (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
+	allow_customize = 0;
+	if (malloc_debug_func != NULL)
 		{
-		MemCheck_off();
-		if (ret == NULL) return(NULL);
-		m.addr=addr;
-		CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
-		mp=(MEM *)lh_delete(mh,(char *)&m);
-		if (mp != NULL)
-			{
-			mp->addr=ret;
-			lh_insert(mh,(char *)mp);
-			}
-		CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
-		MemCheck_on();
+		allow_customize_debug = 0;
+		malloc_debug_func(NULL, num, file, line, 0);
 		}
-	return(ret);
-	}
+	ret = malloc_ex_func(num,file,line);
+#ifdef LEVITTE_DEBUG_MEM
+	fprintf(stderr, "LEVITTE_DEBUG_MEM:         > 0x%p (%d)\n", ret, num);
+#endif
+	if (malloc_debug_func != NULL)
+		malloc_debug_func(ret, num, file, line, 1);
 
-char *CRYPTO_remalloc(a,n)
-char *a;
-int n;
-	{
-	if (a != NULL) Free(a);
-	a=(char *)Malloc(n);
-	return(a);
+        /* Create a dependency on the value of 'cleanse_ctr' so our memory
+         * sanitisation function can't be optimised out. NB: We only do
+         * this for >2Kb so the overhead doesn't bother us. */
+        if(ret && (num > 2048))
+                ((unsigned char *)ret)[0] = cleanse_ctr;
+
+	return ret;
 	}
 
-char *CRYPTO_dbg_remalloc(a,n,file,line)
-char *a;
-int n;
-char *file;
-int line;
+void *CRYPTO_realloc(void *str, int num, const char *file, int line)
 	{
-	if (a != NULL) CRYPTO_dbg_free(a);
-	a=(char *)CRYPTO_dbg_malloc(n,file,line);
-	return(a);
-	}
+	void *ret = NULL;
+
+	if (str == NULL)
+		return CRYPTO_malloc(num, file, line);
+	if (realloc_debug_func != NULL)
+		realloc_debug_func(str, NULL, num, file, line, 0);
+	ret = realloc_ex_func(str,num,file,line);
+#ifdef LEVITTE_DEBUG_MEM
+	fprintf(stderr, "LEVITTE_DEBUG_MEM:         | 0x%p -> 0x%p (%d)\n", str, ret, num);
+#endif
+	if (realloc_debug_func != NULL)
+		realloc_debug_func(str, ret, num, file, line, 1);
 
+	return ret;
+	}
 
-typedef struct mem_leak_st
-	{
-	BIO *bio;
-	int chunks;
-	long bytes;
-	} MEM_LEAK;
-
-static void print_leak(m,l)
-MEM *m;
-MEM_LEAK *l;
+void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
+			   int line)
 	{
-	char buf[128];
+	void *ret = NULL;
+
+	if (str == NULL)
+		return CRYPTO_malloc(num, file, line);
+	if (realloc_debug_func != NULL)
+		realloc_debug_func(str, NULL, num, file, line, 0);
+	ret=malloc_ex_func(num,file,line);
+	if(ret)
+		memcpy(ret,str,old_len);
+	OPENSSL_cleanse(str,old_len);
+	free_func(str);
+#ifdef LEVITTE_DEBUG_MEM
+	fprintf(stderr, "LEVITTE_DEBUG_MEM:         | 0x%p -> 0x%p (%d)\n", str, ret, num);
+#endif
+	if (realloc_debug_func != NULL)
+		realloc_debug_func(str, ret, num, file, line, 1);
 
-	sprintf(buf,"%5ld file=%s, line=%d, number=%d, address=%08lX\n",
-		m->order,m->file,m->line,m->num,(long)m->addr);
-	BIO_puts(l->bio,buf);
-	l->chunks++;
-	l->bytes+=m->num;
+	return ret;
 	}
 
-void CRYPTO_mem_leaks(b)
-BIO *b;
+void CRYPTO_free(void *str)
 	{
-	MEM_LEAK ml;
-	char buf[80];
-
-	if (mh == NULL) return;
-	ml.bio=b;
-	ml.bytes=0;
-	ml.chunks=0;
-	CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
-	lh_doall_arg(mh,(void (*)())print_leak,(char *)&ml);
-	CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
-	if (ml.chunks != 0)
-		{
-		sprintf(buf,"%ld bytes leaked in %d chunks\n",
-			ml.bytes,ml.chunks);
-		BIO_puts(b,buf);
-		}
-
-#if 0
-	lh_stats_bio(mh,b);
-        lh_node_stats_bio(mh,b);
-        lh_node_usage_stats_bio(mh,b);
+	if (free_debug_func != NULL)
+		free_debug_func(str, 0);
+#ifdef LEVITTE_DEBUG_MEM
+	fprintf(stderr, "LEVITTE_DEBUG_MEM:         < 0x%p\n", str);
 #endif
+	free_func(str);
+	if (free_debug_func != NULL)
+		free_debug_func(NULL, 1);
 	}
 
-static void (*mem_cb)()=NULL;
-
-static void cb_leak(m,cb)
-MEM *m;
-char *cb;
+void *CRYPTO_remalloc(void *a, int num, const char *file, int line)
 	{
-	void (*mem_callback)()=(void (*)())cb;
-	mem_callback(m->order,m->file,m->line,m->num,m->addr);
+	if (a != NULL) OPENSSL_free(a);
+	a=(char *)OPENSSL_malloc(num);
+	return(a);
 	}
 
-void CRYPTO_mem_leaks_cb(cb)
-void (*cb)();
+void CRYPTO_set_mem_debug_options(long bits)
 	{
-	if (mh == NULL) return;
-	CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
-	mem_cb=cb;
-	lh_doall_arg(mh,(void (*)())cb_leak,(char *)mem_cb);
-	mem_cb=NULL;
-	CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+	if (set_debug_options_func != NULL)
+		set_debug_options_func(bits);
 	}
 
-#ifndef NO_FP_API
-void CRYPTO_mem_leaks_fp(fp)
-FILE *fp;
+long CRYPTO_get_mem_debug_options(void)
 	{
-	BIO *b;
-
-	if (mh == NULL) return;
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-		return;
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	CRYPTO_mem_leaks(b);
-	BIO_free(b);
+	if (get_debug_options_func != NULL)
+		return get_debug_options_func();
+	return 0;
 	}
-#endif
-
diff --git a/crypto/mem_clr.c b/crypto/mem_clr.c
new file mode 100644
index 0000000000..e4b7f540b0
--- /dev/null
+++ b/crypto/mem_clr.c
@@ -0,0 +1,75 @@
+/* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2002.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+
+unsigned char cleanse_ctr = 0;
+
+void OPENSSL_cleanse(void *ptr, size_t len)
+	{
+	unsigned char *p = ptr;
+	size_t loop = len;
+	while(loop--)
+		{
+		*(p++) = cleanse_ctr;
+		cleanse_ctr += (17 + (unsigned char)((int)p & 0xF));
+		}
+	if(memchr(ptr, cleanse_ctr, len))
+		cleanse_ctr += 63;
+	}
diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c
new file mode 100644
index 0000000000..57bd08f65d
--- /dev/null
+++ b/crypto/mem_dbg.c
@@ -0,0 +1,784 @@
+/* crypto/mem_dbg.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>	
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/lhash.h>
+#include "cryptlib.h"
+
+static int mh_mode=CRYPTO_MEM_CHECK_OFF;
+/* The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE
+ * when the application asks for it (usually after library initialisation
+ * for which no book-keeping is desired).
+ *
+ * State CRYPTO_MEM_CHECK_ON exists only temporarily when the library
+ * thinks that certain allocations should not be checked (e.g. the data
+ * structures used for memory checking).  It is not suitable as an initial
+ * state: the library will unexpectedly enable memory checking when it
+ * executes one of those sections that want to disable checking
+ * temporarily.
+ *
+ * State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes no sense whatsoever.
+ */
+
+static unsigned long order = 0; /* number of memory requests */
+static LHASH *mh=NULL; /* hash-table of memory requests (address as key);
+                        * access requires MALLOC2 lock */
+
+
+typedef struct app_mem_info_st
+/* For application-defined information (static C-string `info')
+ * to be displayed in memory leak list.
+ * Each thread has its own stack.  For applications, there is
+ *   CRYPTO_push_info("...")     to push an entry,
+ *   CRYPTO_pop_info()           to pop an entry,
+ *   CRYPTO_remove_all_info()    to pop all entries.
+ */
+	{	
+	unsigned long thread;
+	const char *file;
+	int line;
+	const char *info;
+	struct app_mem_info_st *next; /* tail of thread's stack */
+	int references;
+	} APP_INFO;
+
+static void app_info_free(APP_INFO *);
+
+static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's
+                          * that are at the top of their thread's stack
+                          * (with `thread' as key);
+                          * access requires MALLOC2 lock */
+
+typedef struct mem_st
+/* memory-block description */
+	{
+	void *addr;
+	int num;
+	const char *file;
+	int line;
+	unsigned long thread;
+	unsigned long order;
+	time_t time;
+	APP_INFO *app_info;
+	} MEM;
+
+static long options =             /* extra information to be recorded */
+#if defined(CRYPTO_MDEBUG_TIME) || defined(CRYPTO_MDEBUG_ALL)
+	V_CRYPTO_MDEBUG_TIME |
+#endif
+#if defined(CRYPTO_MDEBUG_THREAD) || defined(CRYPTO_MDEBUG_ALL)
+	V_CRYPTO_MDEBUG_THREAD |
+#endif
+	0;
+
+
+static unsigned int num_disable = 0; /* num_disable > 0
+                                      *     iff
+                                      * mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE)
+                                      */
+static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0.
+                                            * CRYPTO_LOCK_MALLOC2 is locked
+                                            * exactly in this case (by the
+                                            * thread named in disabling_thread).
+                                            */
+
+static void app_info_free(APP_INFO *inf)
+	{
+	if (--(inf->references) <= 0)
+		{
+		if (inf->next != NULL)
+			{
+			app_info_free(inf->next);
+			}
+		OPENSSL_free(inf);
+		}
+	}
+
+int CRYPTO_mem_ctrl(int mode)
+	{
+	int ret=mh_mode;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+	switch (mode)
+		{
+	/* for applications (not to be called while multiple threads
+	 * use the library): */
+	case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */
+		mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE;
+		num_disable = 0;
+		break;
+	case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */
+		mh_mode = 0;
+		num_disable = 0; /* should be true *before* MemCheck_stop is used,
+		                    or there'll be a lot of confusion */
+		break;
+
+	/* switch off temporarily (for library-internal use): */
+	case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */
+		if (mh_mode & CRYPTO_MEM_CHECK_ON)
+			{
+			if (!num_disable || (disabling_thread != CRYPTO_thread_id())) /* otherwise we already have the MALLOC2 lock */
+				{
+				/* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while
+				 * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if
+				 * somebody else holds CRYPTO_LOCK_MALLOC2 (and cannot release
+				 * it because we block entry to this function).
+				 * Give them a chance, first, and then claim the locks in
+				 * appropriate order (long-time lock first).
+				 */
+				CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+				/* Note that after we have waited for CRYPTO_LOCK_MALLOC2
+				 * and CRYPTO_LOCK_MALLOC, we'll still be in the right
+				 * "case" and "if" branch because MemCheck_start and
+				 * MemCheck_stop may never be used while there are multiple
+				 * OpenSSL threads. */
+				CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
+				CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+				mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE;
+				disabling_thread=CRYPTO_thread_id();
+				}
+			num_disable++;
+			}
+		break;
+	case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */
+		if (mh_mode & CRYPTO_MEM_CHECK_ON)
+			{
+			if (num_disable) /* always true, or something is going wrong */
+				{
+				num_disable--;
+				if (num_disable == 0)
+					{
+					mh_mode|=CRYPTO_MEM_CHECK_ENABLE;
+					CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
+					}
+				}
+			}
+		break;
+
+	default:
+		break;
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+	return(ret);
+	}
+
+int CRYPTO_is_mem_check_on(void)
+	{
+	int ret = 0;
+
+	if (mh_mode & CRYPTO_MEM_CHECK_ON)
+		{
+		CRYPTO_r_lock(CRYPTO_LOCK_MALLOC);
+
+		ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
+			|| (disabling_thread != CRYPTO_thread_id());
+
+		CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC);
+		}
+	return(ret);
+	}	
+
+
+void CRYPTO_dbg_set_options(long bits)
+	{
+	options = bits;
+	}
+
+long CRYPTO_dbg_get_options(void)
+	{
+	return options;
+	}
+
+/* static int mem_cmp(MEM *a, MEM *b) */
+static int mem_cmp(const void *a_void, const void *b_void)
+	{
+	return((const char *)((const MEM *)a_void)->addr
+		- (const char *)((const MEM *)b_void)->addr);
+	}
+
+/* static unsigned long mem_hash(MEM *a) */
+static unsigned long mem_hash(const void *a_void)
+	{
+	unsigned long ret;
+
+	ret=(unsigned long)((const MEM *)a_void)->addr;
+
+	ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
+	return(ret);
+	}
+
+/* static int app_info_cmp(APP_INFO *a, APP_INFO *b) */
+static int app_info_cmp(const void *a_void, const void *b_void)
+	{
+	return(((const APP_INFO *)a_void)->thread
+		!= ((const APP_INFO *)b_void)->thread);
+	}
+
+/* static unsigned long app_info_hash(APP_INFO *a) */
+static unsigned long app_info_hash(const void *a_void)
+	{
+	unsigned long ret;
+
+	ret=(unsigned long)((const APP_INFO *)a_void)->thread;
+
+	ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
+	return(ret);
+	}
+
+static APP_INFO *pop_info(void)
+	{
+	APP_INFO tmp;
+	APP_INFO *ret = NULL;
+
+	if (amih != NULL)
+		{
+		tmp.thread=CRYPTO_thread_id();
+		if ((ret=(APP_INFO *)lh_delete(amih,&tmp)) != NULL)
+			{
+			APP_INFO *next=ret->next;
+
+			if (next != NULL)
+				{
+				next->references++;
+				lh_insert(amih,(char *)next);
+				}
+#ifdef LEVITTE_DEBUG_MEM
+			if (ret->thread != tmp.thread)
+				{
+				fprintf(stderr, "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
+					ret->thread, tmp.thread);
+				abort();
+				}
+#endif
+			if (--(ret->references) <= 0)
+				{
+				ret->next = NULL;
+				if (next != NULL)
+					next->references--;
+				OPENSSL_free(ret);
+				}
+			}
+		}
+	return(ret);
+	}
+
+int CRYPTO_push_info_(const char *info, const char *file, int line)
+	{
+	APP_INFO *ami, *amim;
+	int ret=0;
+
+	if (is_MemCheck_on())
+		{
+		MemCheck_off(); /* obtain MALLOC2 lock */
+
+		if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL)
+			{
+			ret=0;
+			goto err;
+			}
+		if (amih == NULL)
+			{
+			if ((amih=lh_new(app_info_hash, app_info_cmp)) == NULL)
+				{
+				OPENSSL_free(ami);
+				ret=0;
+				goto err;
+				}
+			}
+
+		ami->thread=CRYPTO_thread_id();
+		ami->file=file;
+		ami->line=line;
+		ami->info=info;
+		ami->references=1;
+		ami->next=NULL;
+
+		if ((amim=(APP_INFO *)lh_insert(amih,(char *)ami)) != NULL)
+			{
+#ifdef LEVITTE_DEBUG_MEM
+			if (ami->thread != amim->thread)
+				{
+				fprintf(stderr, "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
+					amim->thread, ami->thread);
+				abort();
+				}
+#endif
+			ami->next=amim;
+			}
+ err:
+		MemCheck_on(); /* release MALLOC2 lock */
+		}
+
+	return(ret);
+	}
+
+int CRYPTO_pop_info(void)
+	{
+	int ret=0;
+
+	if (is_MemCheck_on()) /* _must_ be true, or something went severely wrong */
+		{
+		MemCheck_off(); /* obtain MALLOC2 lock */
+
+		ret=(pop_info() != NULL);
+
+		MemCheck_on(); /* release MALLOC2 lock */
+		}
+	return(ret);
+	}
+
+int CRYPTO_remove_all_info(void)
+	{
+	int ret=0;
+
+	if (is_MemCheck_on()) /* _must_ be true */
+		{
+		MemCheck_off(); /* obtain MALLOC2 lock */
+
+		while(pop_info() != NULL)
+			ret++;
+
+		MemCheck_on(); /* release MALLOC2 lock */
+		}
+	return(ret);
+	}
+
+
+static unsigned long break_order_num=0;
+void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
+	int before_p)
+	{
+	MEM *m,*mm;
+	APP_INFO tmp,*amim;
+
+	switch(before_p & 127)
+		{
+	case 0:
+		break;
+	case 1:
+		if (addr == NULL)
+			break;
+
+		if (is_MemCheck_on())
+			{
+			MemCheck_off(); /* make sure we hold MALLOC2 lock */
+			if ((m=(MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL)
+				{
+				OPENSSL_free(addr);
+				MemCheck_on(); /* release MALLOC2 lock
+				                * if num_disabled drops to 0 */
+				return;
+				}
+			if (mh == NULL)
+				{
+				if ((mh=lh_new(mem_hash, mem_cmp)) == NULL)
+					{
+					OPENSSL_free(addr);
+					OPENSSL_free(m);
+					addr=NULL;
+					goto err;
+					}
+				}
+
+			m->addr=addr;
+			m->file=file;
+			m->line=line;
+			m->num=num;
+			if (options & V_CRYPTO_MDEBUG_THREAD)
+				m->thread=CRYPTO_thread_id();
+			else
+				m->thread=0;
+
+			if (order == break_order_num)
+				{
+				/* BREAK HERE */
+				m->order=order;
+				}
+			m->order=order++;
+#ifdef LEVITTE_DEBUG_MEM
+			fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] %c 0x%p (%d)\n",
+				m->order,
+				(before_p & 128) ? '*' : '+',
+				m->addr, m->num);
+#endif
+			if (options & V_CRYPTO_MDEBUG_TIME)
+				m->time=time(NULL);
+			else
+				m->time=0;
+
+			tmp.thread=CRYPTO_thread_id();
+			m->app_info=NULL;
+			if (amih != NULL
+				&& (amim=(APP_INFO *)lh_retrieve(amih,(char *)&tmp)) != NULL)
+				{
+				m->app_info = amim;
+				amim->references++;
+				}
+
+			if ((mm=(MEM *)lh_insert(mh,(char *)m)) != NULL)
+				{
+				/* Not good, but don't sweat it */
+				if (mm->app_info != NULL)
+					{
+					mm->app_info->references--;
+					}
+				OPENSSL_free(mm);
+				}
+		err:
+			MemCheck_on(); /* release MALLOC2 lock
+			                * if num_disabled drops to 0 */
+			}
+		break;
+		}
+	return;
+	}
+
+void CRYPTO_dbg_free(void *addr, int before_p)
+	{
+	MEM m,*mp;
+
+	switch(before_p)
+		{
+	case 0:
+		if (addr == NULL)
+			break;
+
+		if (is_MemCheck_on() && (mh != NULL))
+			{
+			MemCheck_off(); /* make sure we hold MALLOC2 lock */
+
+			m.addr=addr;
+			mp=(MEM *)lh_delete(mh,(char *)&m);
+			if (mp != NULL)
+				{
+#ifdef LEVITTE_DEBUG_MEM
+			fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] - 0x%p (%d)\n",
+				mp->order, mp->addr, mp->num);
+#endif
+				if (mp->app_info != NULL)
+					app_info_free(mp->app_info);
+				OPENSSL_free(mp);
+				}
+
+			MemCheck_on(); /* release MALLOC2 lock
+			                * if num_disabled drops to 0 */
+			}
+		break;
+	case 1:
+		break;
+		}
+	}
+
+void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num,
+	const char *file, int line, int before_p)
+	{
+	MEM m,*mp;
+
+#ifdef LEVITTE_DEBUG_MEM
+	fprintf(stderr, "LEVITTE_DEBUG_MEM: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n",
+		addr1, addr2, num, file, line, before_p);
+#endif
+
+	switch(before_p)
+		{
+	case 0:
+		break;
+	case 1:
+		if (addr2 == NULL)
+			break;
+
+		if (addr1 == NULL)
+			{
+			CRYPTO_dbg_malloc(addr2, num, file, line, 128 | before_p);
+			break;
+			}
+
+		if (is_MemCheck_on())
+			{
+			MemCheck_off(); /* make sure we hold MALLOC2 lock */
+
+			m.addr=addr1;
+			mp=(MEM *)lh_delete(mh,(char *)&m);
+			if (mp != NULL)
+				{
+#ifdef LEVITTE_DEBUG_MEM
+				fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] * 0x%p (%d) -> 0x%p (%d)\n",
+					mp->order,
+					mp->addr, mp->num,
+					addr2, num);
+#endif
+				mp->addr=addr2;
+				mp->num=num;
+				lh_insert(mh,(char *)mp);
+				}
+
+			MemCheck_on(); /* release MALLOC2 lock
+			                * if num_disabled drops to 0 */
+			}
+		break;
+		}
+	return;
+	}
+
+
+typedef struct mem_leak_st
+	{
+	BIO *bio;
+	int chunks;
+	long bytes;
+	} MEM_LEAK;
+
+static void print_leak(const MEM *m, MEM_LEAK *l)
+	{
+	char buf[1024];
+	char *bufp = buf;
+	APP_INFO *amip;
+	int ami_cnt;
+	struct tm *lcl = NULL;
+	unsigned long ti;
+
+	if(m->addr == (char *)l->bio)
+	    return;
+
+	if (options & V_CRYPTO_MDEBUG_TIME)
+		{
+		lcl = localtime(&m->time);
+	
+		sprintf(bufp, "[%02d:%02d:%02d] ",
+			lcl->tm_hour,lcl->tm_min,lcl->tm_sec);
+		bufp += strlen(bufp);
+		}
+
+	sprintf(bufp, "%5lu file=%s, line=%d, ",
+		m->order,m->file,m->line);
+	bufp += strlen(bufp);
+
+	if (options & V_CRYPTO_MDEBUG_THREAD)
+		{
+		sprintf(bufp, "thread=%lu, ", m->thread);
+		bufp += strlen(bufp);
+		}
+
+	sprintf(bufp, "number=%d, address=%08lX\n",
+		m->num,(unsigned long)m->addr);
+	bufp += strlen(bufp);
+
+	BIO_puts(l->bio,buf);
+	
+	l->chunks++;
+	l->bytes+=m->num;
+
+	amip=m->app_info;
+	ami_cnt=0;
+	if (!amip)
+		return;
+	ti=amip->thread;
+	
+	do
+		{
+		int buf_len;
+		int info_len;
+
+		ami_cnt++;
+		memset(buf,'>',ami_cnt);
+		sprintf(buf + ami_cnt,
+			" thread=%lu, file=%s, line=%d, info=\"",
+			amip->thread, amip->file, amip->line);
+		buf_len=strlen(buf);
+		info_len=strlen(amip->info);
+		if (128 - buf_len - 3 < info_len)
+			{
+			memcpy(buf + buf_len, amip->info, 128 - buf_len - 3);
+			buf_len = 128 - 3;
+			}
+		else
+			{
+			strcpy(buf + buf_len, amip->info);
+			buf_len = strlen(buf);
+			}
+		sprintf(buf + buf_len, "\"\n");
+		
+		BIO_puts(l->bio,buf);
+
+		amip = amip->next;
+		}
+	while(amip && amip->thread == ti);
+		
+#ifdef LEVITTE_DEBUG_MEM
+	if (amip)
+		{
+		fprintf(stderr, "Thread switch detected in backtrace!!!!\n");
+		abort();
+		}
+#endif
+	}
+
+static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM *, MEM_LEAK *)
+
+void CRYPTO_mem_leaks(BIO *b)
+	{
+	MEM_LEAK ml;
+
+	if (mh == NULL && amih == NULL)
+		return;
+
+	MemCheck_off(); /* obtain MALLOC2 lock */
+
+	ml.bio=b;
+	ml.bytes=0;
+	ml.chunks=0;
+	if (mh != NULL)
+		lh_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak),
+				(char *)&ml);
+	if (ml.chunks != 0)
+		{
+		BIO_printf(b,"%ld bytes leaked in %d chunks\n",
+			   ml.bytes,ml.chunks);
+		}
+	else
+		{
+		/* Make sure that, if we found no leaks, memory-leak debugging itself
+		 * does not introduce memory leaks (which might irritate
+		 * external debugging tools).
+		 * (When someone enables leak checking, but does not call
+		 * this function, we declare it to be their fault.)
+		 *
+		 * XXX    This should be in CRYPTO_mem_leaks_cb,
+		 * and CRYPTO_mem_leaks should be implemented by
+		 * using CRYPTO_mem_leaks_cb.
+		 * (Also their should be a variant of lh_doall_arg
+		 * that takes a function pointer instead of a void *;
+		 * this would obviate the ugly and illegal
+		 * void_fn_to_char kludge in CRYPTO_mem_leaks_cb.
+		 * Otherwise the code police will come and get us.)
+		 */
+		int old_mh_mode;
+
+		CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+
+		/* avoid deadlock when lh_free() uses CRYPTO_dbg_free(),
+		 * which uses CRYPTO_is_mem_check_on */
+		old_mh_mode = mh_mode;
+		mh_mode = CRYPTO_MEM_CHECK_OFF;
+
+		if (mh != NULL)
+			{
+			lh_free(mh);
+			mh = NULL;
+			}
+		if (amih != NULL)
+			{
+			if (lh_num_items(amih) == 0) 
+				{
+				lh_free(amih);
+				amih = NULL;
+				}
+			}
+
+		mh_mode = old_mh_mode;
+		CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+		}
+	MemCheck_on(); /* release MALLOC2 lock */
+	}
+
+#ifndef OPENSSL_NO_FP_API
+void CRYPTO_mem_leaks_fp(FILE *fp)
+	{
+	BIO *b;
+
+	if (mh == NULL) return;
+	/* Need to turn off memory checking when allocated BIOs ... especially
+	 * as we're creating them at a time when we're trying to check we've not
+	 * left anything un-free()'d!! */
+	MemCheck_off();
+	b = BIO_new(BIO_s_file());
+	MemCheck_on();
+	if(!b) return;
+	BIO_set_fp(b,fp,BIO_NOCLOSE);
+	CRYPTO_mem_leaks(b);
+	BIO_free(b);
+	}
+#endif
+
+
+
+/* FIXME: We really don't allow much to the callback.  For example, it has
+   no chance of reaching the info stack for the item it processes.  Should
+   it really be this way?  -- Richard Levitte */
+/* NB: The prototypes have been typedef'd to CRYPTO_MEM_LEAK_CB inside crypto.h
+ * If this code is restructured, remove the callback type if it is no longer
+ * needed. -- Geoff Thorpe */
+static void cb_leak(const MEM *m, CRYPTO_MEM_LEAK_CB **cb)
+	{
+	(**cb)(m->order,m->file,m->line,m->num,m->addr);
+	}
+
+static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM *, CRYPTO_MEM_LEAK_CB **)
+
+void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb)
+	{
+	if (mh == NULL) return;
+	CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
+	lh_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), &cb);
+	CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
+	}
diff --git a/crypto/o_time.c b/crypto/o_time.c
new file mode 100644
index 0000000000..1bc0297b36
--- /dev/null
+++ b/crypto/o_time.c
@@ -0,0 +1,203 @@
+/* crypto/o_time.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/e_os2.h>
+#include <string.h>
+#include "o_time.h"
+
+#ifdef OPENSSL_SYS_VMS
+# include <libdtdef.h>
+# include <lib$routines.h>
+# include <lnmdef.h>
+# include <starlet.h>
+# include <descrip.h>
+# include <stdlib.h>
+#endif
+
+struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
+	{
+	struct tm *ts = NULL;
+
+#if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX)
+	/* should return &data, but doesn't on some systems,
+	   so we don't even look at the return value */
+	gmtime_r(timer,result);
+	ts = result;
+#elif !defined(OPENSSL_SYS_VMS)
+	ts = gmtime(timer);
+	memcpy(result, ts, sizeof(struct tm));
+	ts = result;
+#endif
+#ifdef OPENSSL_SYS_VMS
+	if (ts == NULL)
+		{
+		static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL");
+		static $DESCRIPTOR(lognam,"SYS$TIMEZONE_DIFFERENTIAL");
+		char logvalue[256];
+		unsigned int reslen = 0;
+		struct {
+			short buflen;
+			short code;
+			void *bufaddr;
+			unsigned int *reslen;
+		} itemlist[] = {
+			{ 0, LNM$_STRING, 0, 0 },
+			{ 0, 0, 0, 0 },
+		};
+		int status;
+		time_t t;
+
+		/* Get the value for SYS$TIMEZONE_DIFFERENTIAL */
+		itemlist[0].buflen = sizeof(logvalue);
+		itemlist[0].bufaddr = logvalue;
+		itemlist[0].reslen = &reslen;
+		status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist);
+		if (!(status & 1))
+			return NULL;
+		logvalue[reslen] = '\0';
+
+		/* Get the numerical value of the equivalence string */
+		status = atoi(logvalue);
+
+		/* and use it to move time to GMT */
+		t = *timer - status;
+
+		/* then convert the result to the time structure */
+#ifndef OPENSSL_THREADS
+		ts=(struct tm *)localtime(&t);
+#else
+		/* Since there was no gmtime_r() to do this stuff for us,
+		   we have to do it the hard way. */
+		{
+		/* The VMS epoch is the astronomical Smithsonian date,
+		   if I remember correctly, which is November 17, 1858.
+		   Furthermore, time is measure in thenths of microseconds
+		   and stored in quadwords (64 bit integers).  unix_epoch
+		   below is January 1st 1970 expressed as a VMS time.  The
+		   following code was used to get this number:
+
+		   #include <stdio.h>
+		   #include <stdlib.h>
+		   #include <lib$routines.h>
+		   #include <starlet.h>
+
+		   main()
+		   {
+		     unsigned long systime[2];
+		     unsigned short epoch_values[7] =
+		       { 1970, 1, 1, 0, 0, 0, 0 };
+
+		     lib$cvt_vectim(epoch_values, systime);
+
+		     printf("%u %u", systime[0], systime[1]);
+		   }
+		*/
+		unsigned long unix_epoch[2] = { 1273708544, 8164711 };
+		unsigned long deltatime[2];
+		unsigned long systime[2];
+		struct vms_vectime
+			{
+			short year, month, day, hour, minute, second,
+				centi_second;
+			} time_values;
+		long operation;
+
+		/* Turn the number of seconds since January 1st 1970 to
+		   an internal delta time.
+		   Note that lib$cvt_to_internal_time() will assume
+		   that t is signed, and will therefore break on 32-bit
+		   systems some time in 2038.
+		*/
+		operation = LIB$K_DELTA_SECONDS;
+		status = lib$cvt_to_internal_time(&operation,
+			&t, deltatime);
+
+		/* Add the delta time with the Unix epoch and we have
+		   the current UTC time in internal format */
+		status = lib$add_times(unix_epoch, deltatime, systime);
+
+		/* Turn the internal time into a time vector */
+		status = sys$numtim(&time_values, systime);
+
+		/* Fill in the struct tm with the result */
+		result->tm_sec = time_values.second;
+		result->tm_min = time_values.minute;
+		result->tm_hour = time_values.hour;
+		result->tm_mday = time_values.day;
+		result->tm_mon = time_values.month - 1;
+		result->tm_year = time_values.year - 1900;
+
+		operation = LIB$K_DAY_OF_WEEK;
+		status = lib$cvt_from_internal_time(&operation,
+			&result->tm_wday, systime);
+		result->tm_wday %= 7;
+
+		operation = LIB$K_DAY_OF_YEAR;
+		status = lib$cvt_from_internal_time(&operation,
+			&result->tm_yday, systime);
+		result->tm_yday--;
+
+		result->tm_isdst = 0; /* There's no way to know... */
+
+		ts = result;
+#endif
+		}
+		}
+#endif
+	return ts;
+	}	
diff --git a/crypto/o_time.h b/crypto/o_time.h
new file mode 100644
index 0000000000..e66044626d
--- /dev/null
+++ b/crypto/o_time.h
@@ -0,0 +1,66 @@
+/* crypto/o_time.h -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_O_TIME_H
+#define HEADER_O_TIME_H
+
+#include <time.h>
+
+struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
+
+#endif
diff --git a/crypto/objects/.cvsignore b/crypto/objects/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/objects/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/objects/Makefile.ssl b/crypto/objects/Makefile.ssl
index 4fa4a7dbf4..1f5d213495 100644
--- a/crypto/objects/Makefile.ssl
+++ b/crypto/objects/Makefile.ssl
@@ -5,29 +5,31 @@
 DIR=	objects
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
+PERL=		perl
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=objects
-ERRC=obj_err
 GENERAL=Makefile README
 TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=	o_names.c obj_dat.c obj_lib.c $(ERRC).c
-LIBOBJ= o_names.o obj_dat.o obj_lib.o $(ERRC).o
+LIBSRC=	o_names.c obj_dat.c obj_lib.c obj_err.c
+LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o
 
 SRC= $(LIBSRC)
 
-EXHEADER= objects.h
+EXHEADER= objects.h obj_mac.h
 HEADER=	$(EXHEADER) obj_dat.h
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -37,29 +39,32 @@ top:
 
 all:	obj_dat.h lib
 
-obj_dat.h: objects.h obj_dat.pl
-	perl ./obj_dat.pl < objects.h > obj_dat.h
-
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
+obj_dat.h: obj_dat.pl obj_mac.h
+	$(PERL) obj_dat.pl obj_mac.h obj_dat.h
+
+# objects.pl both reads and writes obj_mac.num
+obj_mac.h: objects.pl objects.txt obj_mac.num
+	$(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
+
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -71,17 +76,48 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+o_names.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+o_names.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+o_names.o: ../../include/openssl/e_os2.h ../../include/openssl/lhash.h
+o_names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+o_names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+o_names.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+o_names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+o_names.o: o_names.c
+obj_dat.o: ../../e_os.h ../../include/openssl/asn1.h
+obj_dat.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+obj_dat.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+obj_dat.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+obj_dat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+obj_dat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+obj_dat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+obj_dat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_dat.o: ../../include/openssl/symhacks.h ../cryptlib.h obj_dat.c obj_dat.h
+obj_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+obj_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+obj_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+obj_err.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+obj_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+obj_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+obj_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_err.o: ../../include/openssl/symhacks.h obj_err.c
+obj_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+obj_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+obj_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+obj_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+obj_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+obj_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+obj_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+obj_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+obj_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h obj_lib.c
diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c
index 8995869587..b4453b4a98 100644
--- a/crypto/objects/o_names.c
+++ b/crypto/objects/o_names.c
@@ -2,84 +2,121 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "lhash.h"
-#include "objects.h"
+#include <openssl/lhash.h>
+#include <openssl/objects.h>
+#include <openssl/safestack.h>
+#include <openssl/e_os2.h>
+
+/* Later versions of DEC C has started to add lnkage information to certain
+ * functions, which makes it tricky to use them as values to regular function
+ * pointers.  One way is to define a macro that takes care of casting them
+ * correctly.
+ */
+#ifdef OPENSSL_SYS_VMS_DECC
+# define OPENSSL_strcmp (int (*)(const char *,const char *))strcmp
+#else
+# define OPENSSL_strcmp strcmp
+#endif
 
 /* I use the ex_data stuff to manage the identifiers for the obj_name_types
  * that applications may define.  I only really use the free function field.
  */
 static LHASH *names_lh=NULL;
 static int names_type_num=OBJ_NAME_TYPE_NUM;
-static STACK *names_cmp=NULL;
-static STACK *names_hash=NULL;
-static STACK *names_free=NULL;
 
-static unsigned long obj_name_hash(OBJ_NAME *a);
-static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b);
+typedef struct name_funcs_st
+	{
+	unsigned long (*hash_func)(const char *name);
+	int (*cmp_func)(const char *a,const char *b);
+	void (*free_func)(const char *, int, const char *);
+	} NAME_FUNCS;
+
+DECLARE_STACK_OF(NAME_FUNCS)
+IMPLEMENT_STACK_OF(NAME_FUNCS)
+
+static STACK_OF(NAME_FUNCS) *name_funcs_stack;
+
+/* The LHASH callbacks now use the raw "void *" prototypes and do per-variable
+ * casting in the functions. This prevents function pointer casting without the
+ * need for macro-generated wrapper functions. */
 
-int OBJ_NAME_init()
+/* static unsigned long obj_name_hash(OBJ_NAME *a); */
+static unsigned long obj_name_hash(const void *a_void);
+/* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */
+static int obj_name_cmp(const void *a_void,const void *b_void);
+
+int OBJ_NAME_init(void)
 	{
 	if (names_lh != NULL) return(1);
 	MemCheck_off();
-	names_lh=lh_new(obj_name_hash,obj_name_cmp);
+	names_lh=lh_new(obj_name_hash, obj_name_cmp);
 	MemCheck_on();
 	return(names_lh != NULL);
 	}
 
-int OBJ_NAME_new_index(hash_func,cmp_func,free_func)
-unsigned long (*hash_func)();
-int (*cmp_func)();
-void (*free_func)();
+int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
+	int (*cmp_func)(const char *, const char *),
+	void (*free_func)(const char *, int, const char *))
 	{
 	int ret;
 	int i;
+	NAME_FUNCS *name_funcs;
 
-	if (names_free == NULL)
+	if (name_funcs_stack == NULL)
 		{
 		MemCheck_off();
-		names_hash=sk_new_null();
-		names_cmp=sk_new_null();
-		names_free=sk_new_null();
+		name_funcs_stack=sk_NAME_FUNCS_new_null();
 		MemCheck_on();
 		}
-	if ((names_free == NULL) || (names_hash == NULL) || (names_cmp == NULL))
+	if ((name_funcs_stack == NULL))
 		{
 		/* ERROR */
 		return(0);
 		}
 	ret=names_type_num;
 	names_type_num++;
-	for (i=sk_num(names_free); i<names_type_num; i++)
+	for (i=sk_NAME_FUNCS_num(name_funcs_stack); i<names_type_num; i++)
 		{
 		MemCheck_off();
-		sk_push(names_hash,(char *)strcmp);
-		sk_push(names_cmp,(char *)lh_strhash);
-		sk_push(names_free,NULL);
+		name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
+		MemCheck_on();
+		if (!name_funcs) return(0);
+		name_funcs->hash_func = lh_strhash;
+		name_funcs->cmp_func = OPENSSL_strcmp;
+		name_funcs->free_func = 0; /* NULL is often declared to
+						* ((void *)0), which according
+						* to Compaq C is not really
+						* compatible with a function
+						* pointer.	-- Richard Levitte*/
+		MemCheck_off();
+		sk_NAME_FUNCS_push(name_funcs_stack,name_funcs);
 		MemCheck_on();
 		}
+	name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret);
 	if (hash_func != NULL)
-		sk_value(names_hash,ret)=(char *)hash_func;
+		name_funcs->hash_func = hash_func;
 	if (cmp_func != NULL)
-		sk_value(names_cmp,ret)= (char *)cmp_func;
+		name_funcs->cmp_func = cmp_func;
 	if (free_func != NULL)
-		sk_value(names_free,ret)=(char *)free_func;
+		name_funcs->free_func = free_func;
 	return(ret);
 	}
 
-static int obj_name_cmp(a,b)
-OBJ_NAME *a;
-OBJ_NAME *b;
+/* static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) */
+static int obj_name_cmp(const void *a_void, const void *b_void)
 	{
 	int ret;
-	int (*cmp)();
+	OBJ_NAME *a = (OBJ_NAME *)a_void;
+	OBJ_NAME *b = (OBJ_NAME *)b_void;
 
 	ret=a->type-b->type;
 	if (ret == 0)
 		{
-		if ((names_cmp != NULL) && (sk_num(names_cmp) > a->type))
+		if ((name_funcs_stack != NULL)
+			&& (sk_NAME_FUNCS_num(name_funcs_stack) > a->type))
 			{
-			cmp=(int (*)())sk_value(names_cmp,a->type);
-			ret=cmp(a->name,b->name);
+			ret=sk_NAME_FUNCS_value(name_funcs_stack,
+				a->type)->cmp_func(a->name,b->name);
 			}
 		else
 			ret=strcmp(a->name,b->name);
@@ -87,16 +124,16 @@ OBJ_NAME *b;
 	return(ret);
 	}
 
-static unsigned long obj_name_hash(a)
-OBJ_NAME *a;
+/* static unsigned long obj_name_hash(OBJ_NAME *a) */
+static unsigned long obj_name_hash(const void *a_void)
 	{
 	unsigned long ret;
-	unsigned long (*hash)();
+	OBJ_NAME *a = (OBJ_NAME *)a_void;
 
-	if ((names_hash != NULL) && (sk_num(names_hash) > a->type))
+	if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type))
 		{
-		hash=(unsigned long (*)())sk_value(names_hash,a->type);
-		ret=hash(a->name);
+		ret=sk_NAME_FUNCS_value(name_funcs_stack,
+			a->type)->hash_func(a->name);
 		}
 	else
 		{
@@ -106,9 +143,7 @@ OBJ_NAME *a;
 	return(ret);
 	}
 
-char *OBJ_NAME_get(name,type)
-char *name;
-int type;
+const char *OBJ_NAME_get(const char *name, int type)
 	{
 	OBJ_NAME on,*ret;
 	int num=0,alias;
@@ -123,8 +158,8 @@ int type;
 	on.type=type;
 
 	for (;;)
-		{
-		ret=(OBJ_NAME *)lh_retrieve(names_lh,(char *)&on);
+	{
+		ret=(OBJ_NAME *)lh_retrieve(names_lh,&on);
 		if (ret == NULL) return(NULL);
 		if ((ret->alias) && !alias)
 			{
@@ -138,12 +173,8 @@ int type;
 		}
 	}
 
-int OBJ_NAME_add(name,type,data)
-char *name;
-int type;
-char *data;
+int OBJ_NAME_add(const char *name, int type, const char *data)
 	{
-	void (*f)();
 	OBJ_NAME *onp,*ret;
 	int alias;
 
@@ -152,7 +183,7 @@ char *data;
 	alias=type&OBJ_NAME_ALIAS;
 	type&= ~OBJ_NAME_ALIAS;
 
-	onp=(OBJ_NAME *)Malloc(sizeof(OBJ_NAME));
+	onp=(OBJ_NAME *)OPENSSL_malloc(sizeof(OBJ_NAME));
 	if (onp == NULL)
 		{
 		/* ERROR */
@@ -164,16 +195,20 @@ char *data;
 	onp->type=type;
 	onp->data=data;
 
-	ret=(OBJ_NAME *)lh_insert(names_lh,(char *)onp);
+	ret=(OBJ_NAME *)lh_insert(names_lh,onp);
 	if (ret != NULL)
 		{
 		/* free things */
-		if ((names_free != NULL) && (sk_num(names_free) > ret->type))
+		if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type))
 			{
-			f=(void (*)())sk_value(names_free,ret->type);
-			f(ret->name,ret->type,ret->data);
+			/* XXX: I'm not sure I understand why the free
+			 * function should get three arguments...
+			 * -- Richard Levitte
+			 */
+			sk_NAME_FUNCS_value(name_funcs_stack,
+				ret->type)->free_func(ret->name,ret->type,ret->data);
 			}
-		Free((char *)ret);
+		OPENSSL_free(ret);
 		}
 	else
 		{
@@ -186,47 +221,126 @@ char *data;
 	return(1);
 	}
 
-int OBJ_NAME_remove(name,type)
-char *name;
-int type;
+int OBJ_NAME_remove(const char *name, int type)
 	{
 	OBJ_NAME on,*ret;
-	void (*f)();
 
 	if (names_lh == NULL) return(0);
 
 	type&= ~OBJ_NAME_ALIAS;
 	on.name=name;
 	on.type=type;
-	ret=(OBJ_NAME *)lh_delete(names_lh,(char *)&on);
+	ret=(OBJ_NAME *)lh_delete(names_lh,&on);
 	if (ret != NULL)
 		{
 		/* free things */
-		if ((names_free != NULL) && (sk_num(names_free) > type))
+		if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type))
 			{
-			f=(void (*)())sk_value(names_free,type);
-			f(ret->name,ret->type,ret->data);
+			/* XXX: I'm not sure I understand why the free
+			 * function should get three arguments...
+			 * -- Richard Levitte
+			 */
+			sk_NAME_FUNCS_value(name_funcs_stack,
+				ret->type)->free_func(ret->name,ret->type,ret->data);
 			}
-		Free((char *)ret);
+		OPENSSL_free(ret);
 		return(1);
 		}
 	else
 		return(0);
 	}
 
-static int free_type;
+struct doall
+	{
+	int type;
+	void (*fn)(const OBJ_NAME *,void *arg);
+	void *arg;
+	};
+
+static void do_all_fn(const OBJ_NAME *name,struct doall *d)
+	{
+	if(name->type == d->type)
+		d->fn(name,d->arg);
+	}
+
+static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME *, struct doall *)
+
+void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),void *arg)
+	{
+	struct doall d;
+
+	d.type=type;
+	d.fn=fn;
+	d.arg=arg;
+
+	lh_doall_arg(names_lh,LHASH_DOALL_ARG_FN(do_all_fn),&d);
+	}
+
+struct doall_sorted
+	{
+	int type;
+	int n;
+	const OBJ_NAME **names;
+	};
+
+static void do_all_sorted_fn(const OBJ_NAME *name,void *d_)
+	{
+	struct doall_sorted *d=d_;
+
+	if(name->type != d->type)
+		return;
+
+	d->names[d->n++]=name;
+	}
 
-static void names_lh_free(onp,type)
-OBJ_NAME *onp;
+static int do_all_sorted_cmp(const void *n1_,const void *n2_)
 	{
+	const OBJ_NAME * const *n1=n1_;
+	const OBJ_NAME * const *n2=n2_;
+
+	return strcmp((*n1)->name,(*n2)->name);
+	}
+
+void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg),
+				void *arg)
+	{
+	struct doall_sorted d;
+	int n;
+
+	d.type=type;
+	d.names=OPENSSL_malloc(lh_num_items(names_lh)*sizeof *d.names);
+	d.n=0;
+	OBJ_NAME_do_all(type,do_all_sorted_fn,&d);
+
+	qsort((void *)d.names,d.n,sizeof *d.names,do_all_sorted_cmp);
+
+	for(n=0 ; n < d.n ; ++n)
+		fn(d.names[n],arg);
+
+	OPENSSL_free((void *)d.names);
+	}
+
+static int free_type;
+
+static void names_lh_free(OBJ_NAME *onp)
+{
+	if(onp == NULL)
+		return;
+
 	if ((free_type < 0) || (free_type == onp->type))
 		{
 		OBJ_NAME_remove(onp->name,onp->type);
 		}
 	}
 
-void OBJ_NAME_cleanup(type)
-int type;
+static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME *)
+
+static void name_funcs_free(NAME_FUNCS *ptr)
+	{
+	OPENSSL_free(ptr);
+	}
+
+void OBJ_NAME_cleanup(int type)
 	{
 	unsigned long down_load;
 
@@ -236,17 +350,13 @@ int type;
 	down_load=names_lh->down_load;
 	names_lh->down_load=0;
 
-	lh_doall(names_lh,names_lh_free);
+	lh_doall(names_lh,LHASH_DOALL_FN(names_lh_free));
 	if (type < 0)
 		{
 		lh_free(names_lh);
-		sk_free(names_hash);
-		sk_free(names_cmp);
-		sk_free(names_free);
+		sk_NAME_FUNCS_pop_free(name_funcs_stack,name_funcs_free);
 		names_lh=NULL;
-		names_hash=NULL;
-		names_cmp=NULL;
-		names_free=NULL;
+		name_funcs_stack = NULL;
 		}
 	else
 		names_lh->down_load=down_load;
diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index 93424a373f..5d983e3ed4 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -59,12 +59,12 @@
 #include <stdio.h>
 #include <ctype.h>
 #include "cryptlib.h"
-#include "lhash.h"
-#include "asn1.h"
-#include "objects.h"
+#include <openssl/lhash.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
 
 /* obj_dat.h is generated from objects.h by obj_dat.pl */
-#ifndef NO_OBJECT
+#ifndef OPENSSL_NO_OBJECT
 #include "obj_dat.h"
 #else
 /* You will have to load all the objects needed manually in the application */
@@ -79,16 +79,9 @@ static ASN1_OBJECT *ln_objs[1];
 static ASN1_OBJECT *obj_objs[1];
 #endif
 
-#ifndef NOPROTO
-static int sn_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b);
-static int ln_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b);
-static int obj_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b);
-#else
-static int sn_cmp();
-static int ln_cmp();
-static int obj_cmp();
-#endif
-
+static int sn_cmp(const void *a, const void *b);
+static int ln_cmp(const void *a, const void *b);
+static int obj_cmp(const void *a, const void *b);
 #define ADDED_DATA	0
 #define ADDED_SNAME	1
 #define ADDED_LNAME	2
@@ -103,23 +96,26 @@ typedef struct added_obj_st
 static int new_nid=NUM_NID;
 static LHASH *added=NULL;
 
-static int sn_cmp(ap,bp)
-ASN1_OBJECT **ap;
-ASN1_OBJECT **bp;
-	{ return(strcmp((*ap)->sn,(*bp)->sn)); }
+static int sn_cmp(const void *a, const void *b)
+	{
+	const ASN1_OBJECT * const *ap = a, * const *bp = b;
+	return(strcmp((*ap)->sn,(*bp)->sn));
+	}
 
-static int ln_cmp(ap,bp)
-ASN1_OBJECT **ap;
-ASN1_OBJECT **bp;
-	{ return(strcmp((*ap)->ln,(*bp)->ln)); }
+static int ln_cmp(const void *a, const void *b)
+	{ 
+	const ASN1_OBJECT * const *ap = a, * const *bp = b;
+	return(strcmp((*ap)->ln,(*bp)->ln));
+	}
 
-static unsigned long add_hash(ca)
-ADDED_OBJ *ca;
+/* static unsigned long add_hash(ADDED_OBJ *ca) */
+static unsigned long add_hash(const void *ca_void)
 	{
-	ASN1_OBJECT *a;
+	const ASN1_OBJECT *a;
 	int i;
 	unsigned long ret=0;
 	unsigned char *p;
+	ADDED_OBJ *ca = (ADDED_OBJ *)ca_void;
 
 	a=ca->obj;
 	switch (ca->type)
@@ -140,18 +136,21 @@ ADDED_OBJ *ca;
 		ret=a->nid;
 		break;
 	default:
-		abort();
+		/* abort(); */
+		return 0;
 		}
 	ret&=0x3fffffffL;
 	ret|=ca->type<<30L;
 	return(ret);
 	}
 
-static int add_cmp(ca,cb)
-ADDED_OBJ *ca,*cb;
+/* static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb) */
+static int add_cmp(const void *ca_void, const void *cb_void)
 	{
 	ASN1_OBJECT *a,*b;
 	int i;
+	ADDED_OBJ *ca = (ADDED_OBJ *)ca_void;
+	ADDED_OBJ *cb = (ADDED_OBJ *)cb_void;
 
 	i=ca->type-cb->type;
 	if (i) return(i);
@@ -174,20 +173,19 @@ ADDED_OBJ *ca,*cb;
 	case ADDED_NID:
 		return(a->nid-b->nid);
 	default:
-		abort();
+		/* abort(); */
+		return 0;
 		}
-	return(1); /* should not get here */
 	}
 
-static int init_added()
+static int init_added(void)
 	{
 	if (added != NULL) return(1);
 	added=lh_new(add_hash,add_cmp);
 	return(added != NULL);
 	}
 
-static void cleanup1(a)
-ADDED_OBJ *a;
+static void cleanup1(ADDED_OBJ *a)
 	{
 	a->obj->nid=0;
 	a->obj->flags|=ASN1_OBJECT_FLAG_DYNAMIC|
@@ -195,31 +193,32 @@ ADDED_OBJ *a;
 			ASN1_OBJECT_FLAG_DYNAMIC_DATA;
 	}
 
-static void cleanup2(a)
-ADDED_OBJ *a;
+static void cleanup2(ADDED_OBJ *a)
 	{ a->obj->nid++; }
 
-static void cleanup3(a)
-ADDED_OBJ *a;
+static void cleanup3(ADDED_OBJ *a)
 	{
 	if (--a->obj->nid == 0)
 		ASN1_OBJECT_free(a->obj);
-	Free(a);
+	OPENSSL_free(a);
 	}
 
-void OBJ_cleanup()
+static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ *)
+static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ *)
+static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ *)
+
+void OBJ_cleanup(void)
 	{
 	if (added == NULL) return;
 	added->down_load=0;
-	lh_doall(added,cleanup1); /* zero counters */
-	lh_doall(added,cleanup2); /* set counters */
-	lh_doall(added,cleanup3); /* free objects */
+	lh_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */
+	lh_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */
+	lh_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */
 	lh_free(added);
 	added=NULL;
 	}
 
-int OBJ_new_nid(num)
-int num;
+int OBJ_new_nid(int num)
 	{
 	int i;
 
@@ -228,27 +227,22 @@ int num;
 	return(i);
 	}
 
-int OBJ_add_object(obj)
-ASN1_OBJECT *obj;
+int OBJ_add_object(const ASN1_OBJECT *obj)
 	{
 	ASN1_OBJECT *o;
-	ADDED_OBJ *ao[4],*aop;
+	ADDED_OBJ *ao[4]={NULL,NULL,NULL,NULL},*aop;
 	int i;
 
 	if (added == NULL)
 		if (!init_added()) return(0);
 	if ((o=OBJ_dup(obj)) == NULL) goto err;
-	ao[ADDED_DATA]=NULL;
-	ao[ADDED_SNAME]=NULL;
-	ao[ADDED_LNAME]=NULL;
-	ao[ADDED_NID]=NULL;
-	ao[ADDED_NID]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ));
+	if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err;
 	if ((o->length != 0) && (obj->data != NULL))
-		ao[ADDED_DATA]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ));
+		ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
 	if (o->sn != NULL)
-		ao[ADDED_SNAME]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ));
+		ao[ADDED_SNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
 	if (o->ln != NULL)
-		ao[ADDED_LNAME]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ));
+		ao[ADDED_LNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
 
 	for (i=ADDED_DATA; i<=ADDED_NID; i++)
 		{
@@ -256,10 +250,10 @@ ASN1_OBJECT *obj;
 			{
 			ao[i]->type=i;
 			ao[i]->obj=o;
-			aop=(ADDED_OBJ *)lh_insert(added,(char *)ao[i]);
+			aop=(ADDED_OBJ *)lh_insert(added,ao[i]);
 			/* memory leak, buit should not normally matter */
 			if (aop != NULL)
-				Free(aop);
+				OPENSSL_free(aop);
 			}
 		}
 	o->flags&= ~(ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
@@ -268,13 +262,12 @@ ASN1_OBJECT *obj;
 	return(o->nid);
 err:
 	for (i=ADDED_DATA; i<=ADDED_NID; i++)
-		if (ao[i] != NULL) Free(ao[i]);
-	if (o != NULL) Free(o);
+		if (ao[i] != NULL) OPENSSL_free(ao[i]);
+	if (o != NULL) OPENSSL_free(o);
 	return(NID_undef);
 	}
 
-ASN1_OBJECT *OBJ_nid2obj(n)
-int n;
+ASN1_OBJECT *OBJ_nid2obj(int n)
 	{
 	ADDED_OBJ ad,*adp;
 	ASN1_OBJECT ob;
@@ -295,7 +288,7 @@ int n;
 		ad.type=ADDED_NID;
 		ad.obj= &ob;
 		ob.nid=n;
-		adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad);
+		adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
 		if (adp != NULL)
 			return(adp->obj);
 		else
@@ -306,8 +299,7 @@ int n;
 		}
 	}
 
-char *OBJ_nid2sn(n)
-int n;
+const char *OBJ_nid2sn(int n)
 	{
 	ADDED_OBJ ad,*adp;
 	ASN1_OBJECT ob;
@@ -328,7 +320,7 @@ int n;
 		ad.type=ADDED_NID;
 		ad.obj= &ob;
 		ob.nid=n;
-		adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad);
+		adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
 		if (adp != NULL)
 			return(adp->obj->sn);
 		else
@@ -339,8 +331,7 @@ int n;
 		}
 	}
 
-char *OBJ_nid2ln(n)
-int n;
+const char *OBJ_nid2ln(int n)
 	{
 	ADDED_OBJ ad,*adp;
 	ASN1_OBJECT ob;
@@ -361,7 +352,7 @@ int n;
 		ad.type=ADDED_NID;
 		ad.obj= &ob;
 		ob.nid=n;
-		adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad);
+		adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
 		if (adp != NULL)
 			return(adp->obj->ln);
 		else
@@ -372,8 +363,7 @@ int n;
 		}
 	}
 
-int OBJ_obj2nid(a)
-ASN1_OBJECT *a;
+int OBJ_obj2nid(const ASN1_OBJECT *a)
 	{
 	ASN1_OBJECT **op;
 	ADDED_OBJ ad,*adp;
@@ -386,56 +376,135 @@ ASN1_OBJECT *a;
 	if (added != NULL)
 		{
 		ad.type=ADDED_DATA;
-		ad.obj=a;
-		adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad);
+		ad.obj=(ASN1_OBJECT *)a; /* XXX: ugly but harmless */
+		adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
 		if (adp != NULL) return (adp->obj->nid);
 		}
 	op=(ASN1_OBJECT **)OBJ_bsearch((char *)&a,(char *)obj_objs,NUM_OBJ,
-		sizeof(ASN1_OBJECT *),(int (*)())obj_cmp);
+		sizeof(ASN1_OBJECT *),obj_cmp);
 	if (op == NULL)
 		return(NID_undef);
 	return((*op)->nid);
 	}
 
-int OBJ_txt2nid(s)
-char *s;
+/* Convert an object name into an ASN1_OBJECT
+ * if "noname" is not set then search for short and long names first.
+ * This will convert the "dotted" form into an object: unlike OBJ_txt2nid
+ * it can be used with any objects, not just registered ones.
+ */
+
+ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
 	{
-	int ret;
+	int nid = NID_undef;
+	ASN1_OBJECT *op=NULL;
+	unsigned char *buf,*p;
+	int i, j;
 
-	ret=OBJ_sn2nid(s);
-	if (ret == NID_undef)
-		{
-		ret=OBJ_ln2nid(s);
-		if (ret == NID_undef)
-			{
-			ASN1_OBJECT *op=NULL;
-			unsigned char *buf,*p;
-			int i;
+	if(!no_name) {
+		if( ((nid = OBJ_sn2nid(s)) != NID_undef) ||
+			((nid = OBJ_ln2nid(s)) != NID_undef) ) 
+					return OBJ_nid2obj(nid);
+	}
 
-			i=a2d_ASN1_OBJECT(NULL,0,s,-1);
-			if (i <= 0)
-				{
-				/* clear the error */
-				ERR_get_error();
-				return(0);
-				}
+	/* Work out size of content octets */
+	i=a2d_ASN1_OBJECT(NULL,0,s,-1);
+	if (i <= 0) {
+		/* Clear the error */
+		ERR_get_error();
+		return NULL;
+	}
+	/* Work out total size */
+	j = ASN1_object_size(0,i,V_ASN1_OBJECT);
+
+	if((buf=(unsigned char *)OPENSSL_malloc(j)) == NULL) return NULL;
+
+	p = buf;
+	/* Write out tag+length */
+	ASN1_put_object(&p,0,i,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
+	/* Write out contents */
+	a2d_ASN1_OBJECT(p,i,s,-1);
+	
+	p=buf;
+	op=d2i_ASN1_OBJECT(NULL,&p,j);
+	OPENSSL_free(buf);
+	return op;
+	}
+
+int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
+{
+	int i,idx=0,n=0,len,nid;
+	unsigned long l;
+	unsigned char *p;
+	const char *s;
+	char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
+
+	if (buf_len <= 0) return(0);
 
-			if ((buf=(unsigned char *)Malloc(i)) == NULL)
-				return(NID_undef);
-			a2d_ASN1_OBJECT(buf,i,s,-1);
-			p=buf;
-			op=d2i_ASN1_OBJECT(NULL,&p,i);
-			if (op == NULL) return(NID_undef);
-			ret=OBJ_obj2nid(op);
-			ASN1_OBJECT_free(op);
-			Free(buf);
+	if ((a == NULL) || (a->data == NULL)) {
+		buf[0]='\0';
+		return(0);
+	}
+
+	if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) {
+		len=a->length;
+		p=a->data;
+
+		idx=0;
+		l=0;
+		while (idx < a->length) {
+			l|=(p[idx]&0x7f);
+			if (!(p[idx] & 0x80)) break;
+			l<<=7L;
+			idx++;
+		}
+		idx++;
+		i=(int)(l/40);
+		if (i > 2) i=2;
+		l-=(long)(i*40);
+
+		sprintf(tbuf,"%d.%lu",i,l);
+		i=strlen(tbuf);
+		BUF_strlcpy(buf,tbuf,buf_len);
+		buf_len-=i;
+		buf+=i;
+		n+=i;
+
+		l=0;
+		for (; idx<len; idx++) {
+			l|=p[idx]&0x7f;
+			if (!(p[idx] & 0x80)) {
+				sprintf(tbuf,".%lu",l);
+				i=strlen(tbuf);
+				if (buf_len > 0)
+					BUF_strlcpy(buf,tbuf,buf_len);
+				buf_len-=i;
+				buf+=i;
+				n+=i;
+				l=0;
 			}
+			l<<=7L;
 		}
-	return(ret);
+	} else {
+		s=OBJ_nid2ln(nid);
+		if (s == NULL)
+			s=OBJ_nid2sn(nid);
+		BUF_strlcpy(buf,s,buf_len);
+		n=strlen(s);
 	}
+	return(n);
+}
 
-int OBJ_ln2nid(s)
-char *s;
+int OBJ_txt2nid(const char *s)
+{
+	ASN1_OBJECT *obj;
+	int nid;
+	obj = OBJ_txt2obj(s, 0);
+	nid = OBJ_obj2nid(obj);
+	ASN1_OBJECT_free(obj);
+	return nid;
+}
+
+int OBJ_ln2nid(const char *s)
 	{
 	ASN1_OBJECT o,*oo= &o,**op;
 	ADDED_OBJ ad,*adp;
@@ -445,17 +514,16 @@ char *s;
 		{
 		ad.type=ADDED_LNAME;
 		ad.obj= &o;
-		adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad);
+		adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
 		if (adp != NULL) return (adp->obj->nid);
 		}
 	op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs,NUM_LN,
-		sizeof(ASN1_OBJECT *),(int (*)())ln_cmp);
+		sizeof(ASN1_OBJECT *),ln_cmp);
 	if (op == NULL) return(NID_undef);
 	return((*op)->nid);
 	}
 
-int OBJ_sn2nid(s)
-char *s;
+int OBJ_sn2nid(const char *s)
 	{
 	ASN1_OBJECT o,*oo= &o,**op;
 	ADDED_OBJ ad,*adp;
@@ -465,37 +533,31 @@ char *s;
 		{
 		ad.type=ADDED_SNAME;
 		ad.obj= &o;
-		adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad);
+		adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
 		if (adp != NULL) return (adp->obj->nid);
 		}
 	op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN,
-		sizeof(ASN1_OBJECT *),(int (*)())sn_cmp);
+		sizeof(ASN1_OBJECT *),sn_cmp);
 	if (op == NULL) return(NID_undef);
 	return((*op)->nid);
 	}
 
-static int obj_cmp(ap, bp)
-ASN1_OBJECT **ap;
-ASN1_OBJECT **bp;
+static int obj_cmp(const void *ap, const void *bp)
 	{
 	int j;
-	ASN1_OBJECT *a= *ap;
-	ASN1_OBJECT *b= *bp;
+	ASN1_OBJECT *a= *(ASN1_OBJECT **)ap;
+	ASN1_OBJECT *b= *(ASN1_OBJECT **)bp;
 
 	j=(a->length - b->length);
         if (j) return(j);
 	return(memcmp(a->data,b->data,a->length));
         }
 
-char *OBJ_bsearch(key,base,num,size,cmp)
-char *key;
-char *base;
-int num;
-int size;
-int (*cmp)();
+const char *OBJ_bsearch(const char *key, const char *base, int num, int size,
+	int (*cmp)(const void *, const void *))
 	{
 	int l,h,i,c;
-	char *p;
+	const char *p;
 
 	if (num == 0) return(NULL);
 	l=0;
@@ -512,11 +574,21 @@ int (*cmp)();
 		else
 			return(p);
 		}
+#ifdef CHARSET_EBCDIC
+/* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and
+ * I don't have perl (yet), we revert to a *LINEAR* search
+ * when the object wasn't found in the binary search.
+ */
+	for (i=0; i<num; ++i) {
+		p= &(base[i*size]);
+		if ((*cmp)(key,p) == 0)
+			return p;
+	}
+#endif
 	return(NULL);
 	}
 
-int OBJ_create_objects(in)
-BIO *in;
+int OBJ_create_objects(BIO *in)
 	{
 	MS_STATIC char buf[512];
 	int i,num=0;
@@ -528,26 +600,26 @@ BIO *in;
 		i=BIO_gets(in,buf,512);
 		if (i <= 0) return(num);
 		buf[i-1]='\0';
-		if (!isalnum(buf[0])) return(num);
+		if (!isalnum((unsigned char)buf[0])) return(num);
 		o=s=buf;
-		while (isdigit(*s) || (*s == '.'))
+		while (isdigit((unsigned char)*s) || (*s == '.'))
 			s++;
 		if (*s != '\0')
 			{
 			*(s++)='\0';
-			while (isspace(*s))
+			while (isspace((unsigned char)*s))
 				s++;
 			if (*s == '\0')
 				s=NULL;
 			else
 				{
 				l=s;
-				while ((*l != '\0') && !isspace(*l))
+				while ((*l != '\0') && !isspace((unsigned char)*l))
 					l++;
 				if (*l != '\0')
 					{
 					*(l++)='\0';
-					while (isspace(*l))
+					while (isspace((unsigned char)*l))
 						l++;
 					if (*l == '\0') l=NULL;
 					}
@@ -564,10 +636,7 @@ BIO *in;
 	/* return(num); */
 	}
 
-int OBJ_create(oid,sn,ln)
-char *oid;
-char *sn;
-char *ln;
+int OBJ_create(const char *oid, const char *sn, const char *ln)
 	{
 	int ok=0;
 	ASN1_OBJECT *op=NULL;
@@ -577,19 +646,21 @@ char *ln;
 	i=a2d_ASN1_OBJECT(NULL,0,oid,-1);
 	if (i <= 0) return(0);
 
-	if ((buf=(unsigned char *)Malloc(i)) == NULL)
+	if ((buf=(unsigned char *)OPENSSL_malloc(i)) == NULL)
 		{
 		OBJerr(OBJ_F_OBJ_CREATE,OBJ_R_MALLOC_FAILURE);
 		return(0);
 		}
 	i=a2d_ASN1_OBJECT(buf,i,oid,-1);
+	if (i == 0)
+		goto err;
 	op=(ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1),buf,i,sn,ln);
 	if (op == NULL) 
 		goto err;
 	ok=OBJ_add_object(op);
 err:
 	ASN1_OBJECT_free(op);
-	Free((char *)buf);
+	OPENSSL_free(buf);
 	return(ok);
 	}
 
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index ea79d47f52..c9ce8dc56e 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -1,4 +1,10 @@
-/* lib/obj/obj_dat.h */
+/* crypto/objects/obj_dat.h */
+
+/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the
+ * following command:
+ * perl obj_dat.pl obj_mac.h obj_dat.h
+ */
+
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,17 +62,12 @@
  * [including the GNU Public Licence.]
  */
 
-/* THIS FILE IS GENERATED FROM Objects.h by obj_dat.pl via the
- * following command:
- * perl obj_dat.pl < objects.h > obj_dat.h
- */
+#define NUM_NID 718
+#define NUM_SN 713
+#define NUM_LN 713
+#define NUM_OBJ 687
 
-#define NUM_NID 126
-#define NUM_SN 97
-#define NUM_LN 124
-#define NUM_OBJ 98
-
-static unsigned char lvalues[611]={
+static unsigned char lvalues[4869]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -99,78 +100,667 @@ static unsigned char lvalues[611]={
 0x2B,0x0E,0x03,0x02,0x06,                    /* [187] OBJ_des_ecb */
 0x2B,0x0E,0x03,0x02,0x09,                    /* [192] OBJ_des_cfb64 */
 0x2B,0x0E,0x03,0x02,0x07,                    /* [197] OBJ_des_cbc */
-0x2B,0x0E,0x03,0x02,0x11,                    /* [202] OBJ_des_ede */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02,     /* [207] OBJ_rc2_cbc */
-0x2B,0x0E,0x03,0x02,0x12,                    /* [215] OBJ_sha */
-0x2B,0x0E,0x03,0x02,0x0F,                    /* [220] OBJ_shaWithRSAEncryption */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07,     /* [225] OBJ_des_ede3_cbc */
-0x2B,0x0E,0x03,0x02,0x08,                    /* [233] OBJ_des_ofb64 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,     /* [238] OBJ_pkcs9 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,/* [246] OBJ_pkcs9_emailAddress */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,/* [255] OBJ_pkcs9_unstructuredName */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,/* [264] OBJ_pkcs9_contentType */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,/* [273] OBJ_pkcs9_messageDigest */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,/* [282] OBJ_pkcs9_signingTime */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,/* [291] OBJ_pkcs9_countersignature */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,/* [300] OBJ_pkcs9_challengePassword */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,/* [309] OBJ_pkcs9_unstructuredAddress */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,/* [318] OBJ_pkcs9_extCertAttributes */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,          /* [327] OBJ_netscape */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,     /* [334] OBJ_netscape_cert_extension */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,     /* [342] OBJ_netscape_data_type */
-0x2B,0x0E,0x03,0x02,0x1A,                    /* [350] OBJ_sha1 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,/* [355] OBJ_sha1WithRSAEncryption */
-0x2B,0x0E,0x03,0x02,0x0D,                    /* [364] OBJ_dsaWithSHA */
-0x2B,0x0E,0x03,0x02,0x0C,                    /* [369] OBJ_dsa_2 */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,/* [374] OBJ_pbeWithSHA1AndRC2_CBC */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,/* [383] OBJ_pbeWithSHA1AndRC4 */
-0x2B,0x0E,0x03,0x02,0x1B,                    /* [392] OBJ_dsaWithSHA1_2 */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,/* [397] OBJ_netscape_cert_type */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,/* [406] OBJ_netscape_base_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,/* [415] OBJ_netscape_revocation_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,/* [424] OBJ_netscape_ca_revocation_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,/* [433] OBJ_netscape_renewal_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,/* [442] OBJ_netscape_ca_policy_url */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,/* [451] OBJ_netscape_ssl_server_name */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,/* [460] OBJ_netscape_comment */
-0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,/* [469] OBJ_netscape_cert_sequence */
-0x55,0x1D,                                   /* [478] OBJ_ld_ce */
-0x55,0x1D,0x0E,                              /* [480] OBJ_subject_key_identifier */
-0x55,0x1D,0x0F,                              /* [483] OBJ_key_usage */
-0x55,0x1D,0x10,                              /* [486] OBJ_private_key_usage_period */
-0x55,0x1D,0x11,                              /* [489] OBJ_subject_alt_name */
-0x55,0x1D,0x12,                              /* [492] OBJ_issuer_alt_name */
-0x55,0x1D,0x13,                              /* [495] OBJ_basic_constraints */
-0x55,0x1D,0x14,                              /* [498] OBJ_crl_number */
-0x55,0x1D,0x20,                              /* [501] OBJ_certificate_policies */
-0x55,0x1D,0x23,                              /* [504] OBJ_authority_key_identifier */
-0x55,0x08,0x03,0x65,                         /* [507] OBJ_mdc2 */
-0x55,0x08,0x03,0x64,                         /* [511] OBJ_mdc2WithRSA */
-0x55,0x04,0x2A,                              /* [515] OBJ_givenName */
-0x55,0x04,0x04,                              /* [518] OBJ_surname */
-0x55,0x04,0x2B,                              /* [521] OBJ_initials */
-0x55,0x04,0x2D,                              /* [524] OBJ_uniqueIdentifier */
-0x55,0x1D,0x1F,                              /* [527] OBJ_crl_distribution_points */
-0x2B,0x0E,0x03,0x02,0x03,                    /* [530] OBJ_md5WithRSA */
-0x55,0x04,0x05,                              /* [535] OBJ_serialNumber */
-0x55,0x04,0x0C,                              /* [538] OBJ_title */
-0x55,0x04,0x0D,                              /* [541] OBJ_description */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [544] OBJ_cast5_cbc */
-0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [553] OBJ_pbeWithMD5AndCast5_CBC */
-0x2A,0x86,0x48,0xCE,0x38,0x04,0x03,          /* [562] OBJ_dsaWithSHA1 */
-0x2B,0x0E,0x03,0x02,0x1D,                    /* [569] OBJ_sha1WithRSA */
-0x2A,0x86,0x48,0xCE,0x38,0x04,0x01,          /* [574] OBJ_dsa */
-0x2B,0x24,0x03,0x02,0x01,                    /* [581] OBJ_ripemd160 */
-0x2B,0x24,0x03,0x03,0x01,0x02,               /* [586] OBJ_ripemd160WithRSA */
-0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08,     /* [592] OBJ_rc5_cbc */
-0x29,0x01,0x01,0x85,0x1A,                    /* [600] OBJ_rle_compression */
-0x29,0x01,0x01,0x85,0x1A,                    /* [605] OBJ_zlib_compression */
+0x2B,0x0E,0x03,0x02,0x11,                    /* [202] OBJ_des_ede_ecb */
+0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,/* [207] OBJ_idea_cbc */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02,     /* [218] OBJ_rc2_cbc */
+0x2B,0x0E,0x03,0x02,0x12,                    /* [226] OBJ_sha */
+0x2B,0x0E,0x03,0x02,0x0F,                    /* [231] OBJ_shaWithRSAEncryption */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07,     /* [236] OBJ_des_ede3_cbc */
+0x2B,0x0E,0x03,0x02,0x08,                    /* [244] OBJ_des_ofb64 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,     /* [249] OBJ_pkcs9 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,/* [257] OBJ_pkcs9_emailAddress */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,/* [266] OBJ_pkcs9_unstructuredName */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,/* [275] OBJ_pkcs9_contentType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,/* [284] OBJ_pkcs9_messageDigest */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,/* [293] OBJ_pkcs9_signingTime */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,/* [302] OBJ_pkcs9_countersignature */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,/* [311] OBJ_pkcs9_challengePassword */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,/* [320] OBJ_pkcs9_unstructuredAddress */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,/* [329] OBJ_pkcs9_extCertAttributes */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,          /* [338] OBJ_netscape */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,     /* [345] OBJ_netscape_cert_extension */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,     /* [353] OBJ_netscape_data_type */
+0x2B,0x0E,0x03,0x02,0x1A,                    /* [361] OBJ_sha1 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,/* [366] OBJ_sha1WithRSAEncryption */
+0x2B,0x0E,0x03,0x02,0x0D,                    /* [375] OBJ_dsaWithSHA */
+0x2B,0x0E,0x03,0x02,0x0C,                    /* [380] OBJ_dsa_2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,/* [385] OBJ_pbeWithSHA1AndRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,/* [394] OBJ_id_pbkdf2 */
+0x2B,0x0E,0x03,0x02,0x1B,                    /* [403] OBJ_dsaWithSHA1_2 */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,/* [408] OBJ_netscape_cert_type */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,/* [417] OBJ_netscape_base_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,/* [426] OBJ_netscape_revocation_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,/* [435] OBJ_netscape_ca_revocation_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,/* [444] OBJ_netscape_renewal_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,/* [453] OBJ_netscape_ca_policy_url */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,/* [462] OBJ_netscape_ssl_server_name */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,/* [471] OBJ_netscape_comment */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,/* [480] OBJ_netscape_cert_sequence */
+0x55,0x1D,                                   /* [489] OBJ_id_ce */
+0x55,0x1D,0x0E,                              /* [491] OBJ_subject_key_identifier */
+0x55,0x1D,0x0F,                              /* [494] OBJ_key_usage */
+0x55,0x1D,0x10,                              /* [497] OBJ_private_key_usage_period */
+0x55,0x1D,0x11,                              /* [500] OBJ_subject_alt_name */
+0x55,0x1D,0x12,                              /* [503] OBJ_issuer_alt_name */
+0x55,0x1D,0x13,                              /* [506] OBJ_basic_constraints */
+0x55,0x1D,0x14,                              /* [509] OBJ_crl_number */
+0x55,0x1D,0x20,                              /* [512] OBJ_certificate_policies */
+0x55,0x1D,0x23,                              /* [515] OBJ_authority_key_identifier */
+0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02,/* [518] OBJ_bf_cbc */
+0x55,0x08,0x03,0x65,                         /* [527] OBJ_mdc2 */
+0x55,0x08,0x03,0x64,                         /* [531] OBJ_mdc2WithRSA */
+0x55,0x04,0x2A,                              /* [535] OBJ_givenName */
+0x55,0x04,0x04,                              /* [538] OBJ_surname */
+0x55,0x04,0x2B,                              /* [541] OBJ_initials */
+0x55,0x1D,0x1F,                              /* [544] OBJ_crl_distribution_points */
+0x2B,0x0E,0x03,0x02,0x03,                    /* [547] OBJ_md5WithRSA */
+0x55,0x04,0x05,                              /* [552] OBJ_serialNumber */
+0x55,0x04,0x0C,                              /* [555] OBJ_title */
+0x55,0x04,0x0D,                              /* [558] OBJ_description */
+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,/* [561] OBJ_cast5_cbc */
+0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,/* [570] OBJ_pbeWithMD5AndCast5_CBC */
+0x2A,0x86,0x48,0xCE,0x38,0x04,0x03,          /* [579] OBJ_dsaWithSHA1 */
+0x2B,0x0E,0x03,0x02,0x1D,                    /* [586] OBJ_sha1WithRSA */
+0x2A,0x86,0x48,0xCE,0x38,0x04,0x01,          /* [591] OBJ_dsa */
+0x2B,0x24,0x03,0x02,0x01,                    /* [598] OBJ_ripemd160 */
+0x2B,0x24,0x03,0x03,0x01,0x02,               /* [603] OBJ_ripemd160WithRSA */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08,     /* [609] OBJ_rc5_cbc */
+0x29,0x01,0x01,0x85,0x1A,0x01,               /* [617] OBJ_rle_compression */
+0x29,0x01,0x01,0x85,0x1A,0x02,               /* [623] OBJ_zlib_compression */
+0x55,0x1D,0x25,                              /* [629] OBJ_ext_key_usage */
+0x2B,0x06,0x01,0x05,0x05,0x07,               /* [632] OBJ_id_pkix */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,          /* [638] OBJ_id_kp */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,     /* [645] OBJ_server_auth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,     /* [653] OBJ_client_auth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,     /* [661] OBJ_code_sign */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04,     /* [669] OBJ_email_protect */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08,     /* [677] OBJ_time_stamp */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [685] OBJ_ms_code_ind */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [695] OBJ_ms_code_com */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [705] OBJ_ms_ctl_sign */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [715] OBJ_ms_sgc */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [725] OBJ_ms_efs */
+0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [735] OBJ_ns_sgc */
+0x55,0x1D,0x1B,                              /* [744] OBJ_delta_crl */
+0x55,0x1D,0x15,                              /* [747] OBJ_crl_reason */
+0x55,0x1D,0x18,                              /* [750] OBJ_invalidity_date */
+0x2B,0x65,0x01,0x04,0x01,                    /* [753] OBJ_sxnet */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [758] OBJ_pbe_WithSHA1And128BitRC4 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [768] OBJ_pbe_WithSHA1And40BitRC4 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [778] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [788] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [798] OBJ_pbe_WithSHA1And128BitRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [808] OBJ_pbe_WithSHA1And40BitRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [818] OBJ_keyBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [829] OBJ_pkcs8ShroudedKeyBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [840] OBJ_certBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [851] OBJ_crlBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [862] OBJ_secretBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [873] OBJ_safeContentsBag */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [884] OBJ_friendlyName */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [893] OBJ_localKeyID */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [902] OBJ_x509Certificate */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [912] OBJ_sdsiCertificate */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [922] OBJ_x509Crl */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [932] OBJ_pbes2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [941] OBJ_pbmac1 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07,     /* [950] OBJ_hmacWithSHA1 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,     /* [958] OBJ_id_qt_cps */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,     /* [966] OBJ_id_qt_unotice */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [974] OBJ_SMIMECapabilities */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [983] OBJ_pbeWithMD2AndRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [992] OBJ_pbeWithMD5AndRC2_CBC */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1001] OBJ_pbeWithSHA1AndDES_CBC */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1010] OBJ_ms_ext_req */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1020] OBJ_ext_req */
+0x55,0x04,0x29,                              /* [1029] OBJ_name */
+0x55,0x04,0x2E,                              /* [1032] OBJ_dnQualifier */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,          /* [1035] OBJ_id_pe */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,          /* [1042] OBJ_id_ad */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,     /* [1049] OBJ_info_access */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,     /* [1057] OBJ_ad_OCSP */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,     /* [1065] OBJ_ad_ca_issuers */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09,     /* [1073] OBJ_OCSP_sign */
+0x28,                                        /* [1081] OBJ_iso */
+0x2A,                                        /* [1082] OBJ_member_body */
+0x2A,0x86,0x48,                              /* [1083] OBJ_ISO_US */
+0x2A,0x86,0x48,0xCE,0x38,                    /* [1086] OBJ_X9_57 */
+0x2A,0x86,0x48,0xCE,0x38,0x04,               /* [1091] OBJ_X9cm */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,     /* [1097] OBJ_pkcs1 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,     /* [1105] OBJ_pkcs5 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1113] OBJ_SMIME */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1122] OBJ_id_smime_mod */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1132] OBJ_id_smime_ct */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1142] OBJ_id_smime_aa */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1152] OBJ_id_smime_alg */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1162] OBJ_id_smime_cd */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1172] OBJ_id_smime_spq */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1182] OBJ_id_smime_cti */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1192] OBJ_id_smime_mod_cms */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1203] OBJ_id_smime_mod_ess */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1214] OBJ_id_smime_mod_oid */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1225] OBJ_id_smime_mod_msg_v3 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1236] OBJ_id_smime_mod_ets_eSignature_88 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1247] OBJ_id_smime_mod_ets_eSignature_97 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1258] OBJ_id_smime_mod_ets_eSigPolicy_88 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1269] OBJ_id_smime_mod_ets_eSigPolicy_97 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1280] OBJ_id_smime_ct_receipt */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1291] OBJ_id_smime_ct_authData */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1302] OBJ_id_smime_ct_publishCert */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1313] OBJ_id_smime_ct_TSTInfo */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1324] OBJ_id_smime_ct_TDTInfo */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1335] OBJ_id_smime_ct_contentInfo */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1346] OBJ_id_smime_ct_DVCSRequestData */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1357] OBJ_id_smime_ct_DVCSResponseData */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1368] OBJ_id_smime_aa_receiptRequest */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1379] OBJ_id_smime_aa_securityLabel */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1390] OBJ_id_smime_aa_mlExpandHistory */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1401] OBJ_id_smime_aa_contentHint */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1412] OBJ_id_smime_aa_msgSigDigest */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1423] OBJ_id_smime_aa_encapContentType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1434] OBJ_id_smime_aa_contentIdentifier */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1445] OBJ_id_smime_aa_macValue */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1456] OBJ_id_smime_aa_equivalentLabels */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1467] OBJ_id_smime_aa_contentReference */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1478] OBJ_id_smime_aa_encrypKeyPref */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1489] OBJ_id_smime_aa_signingCertificate */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1500] OBJ_id_smime_aa_smimeEncryptCerts */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1511] OBJ_id_smime_aa_timeStampToken */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1522] OBJ_id_smime_aa_ets_sigPolicyId */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1533] OBJ_id_smime_aa_ets_commitmentType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1544] OBJ_id_smime_aa_ets_signerLocation */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1555] OBJ_id_smime_aa_ets_signerAttr */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1566] OBJ_id_smime_aa_ets_otherSigCert */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1577] OBJ_id_smime_aa_ets_contentTimestamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1588] OBJ_id_smime_aa_ets_CertificateRefs */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1599] OBJ_id_smime_aa_ets_RevocationRefs */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1610] OBJ_id_smime_aa_ets_certValues */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1621] OBJ_id_smime_aa_ets_revocationValues */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1632] OBJ_id_smime_aa_ets_escTimeStamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1643] OBJ_id_smime_aa_ets_certCRLTimestamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1654] OBJ_id_smime_aa_ets_archiveTimeStamp */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1665] OBJ_id_smime_aa_signatureType */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1676] OBJ_id_smime_aa_dvcs_dvc */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1687] OBJ_id_smime_alg_ESDHwith3DES */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1698] OBJ_id_smime_alg_ESDHwithRC2 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1709] OBJ_id_smime_alg_3DESwrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1720] OBJ_id_smime_alg_RC2wrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1731] OBJ_id_smime_alg_ESDH */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1742] OBJ_id_smime_alg_CMS3DESwrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1753] OBJ_id_smime_alg_CMSRC2wrap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1764] OBJ_id_smime_cd_ldap */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1775] OBJ_id_smime_spq_ets_sqt_uri */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1786] OBJ_id_smime_spq_ets_sqt_unotice */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1797] OBJ_id_smime_cti_ets_proofOfOrigin */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1808] OBJ_id_smime_cti_ets_proofOfReceipt */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1819] OBJ_id_smime_cti_ets_proofOfDelivery */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1830] OBJ_id_smime_cti_ets_proofOfSender */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1841] OBJ_id_smime_cti_ets_proofOfApproval */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1852] OBJ_id_smime_cti_ets_proofOfCreation */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04,     /* [1863] OBJ_md4 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,          /* [1871] OBJ_id_pkix_mod */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,          /* [1878] OBJ_id_qt */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,          /* [1885] OBJ_id_it */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,          /* [1892] OBJ_id_pkip */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,          /* [1899] OBJ_id_alg */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,          /* [1906] OBJ_id_cmc */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x08,          /* [1913] OBJ_id_on */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,          /* [1920] OBJ_id_pda */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,          /* [1927] OBJ_id_aca */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,          /* [1934] OBJ_id_qcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,          /* [1941] OBJ_id_cct */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01,     /* [1948] OBJ_id_pkix1_explicit_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02,     /* [1956] OBJ_id_pkix1_implicit_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03,     /* [1964] OBJ_id_pkix1_explicit_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04,     /* [1972] OBJ_id_pkix1_implicit_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05,     /* [1980] OBJ_id_mod_crmf */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06,     /* [1988] OBJ_id_mod_cmc */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07,     /* [1996] OBJ_id_mod_kea_profile_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08,     /* [2004] OBJ_id_mod_kea_profile_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09,     /* [2012] OBJ_id_mod_cmp */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A,     /* [2020] OBJ_id_mod_qualified_cert_88 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B,     /* [2028] OBJ_id_mod_qualified_cert_93 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C,     /* [2036] OBJ_id_mod_attribute_cert */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D,     /* [2044] OBJ_id_mod_timestamp_protocol */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E,     /* [2052] OBJ_id_mod_ocsp */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F,     /* [2060] OBJ_id_mod_dvcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10,     /* [2068] OBJ_id_mod_cmp2000 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02,     /* [2076] OBJ_biometricInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03,     /* [2084] OBJ_qcStatements */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04,     /* [2092] OBJ_ac_auditEntity */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05,     /* [2100] OBJ_ac_targeting */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06,     /* [2108] OBJ_aaControls */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07,     /* [2116] OBJ_sbqp_ipAddrBlock */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08,     /* [2124] OBJ_sbqp_autonomousSysNum */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09,     /* [2132] OBJ_sbqp_routerIdentifier */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03,     /* [2140] OBJ_textNotice */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05,     /* [2148] OBJ_ipsecEndSystem */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06,     /* [2156] OBJ_ipsecTunnel */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07,     /* [2164] OBJ_ipsecUser */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A,     /* [2172] OBJ_dvcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01,     /* [2180] OBJ_id_it_caProtEncCert */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02,     /* [2188] OBJ_id_it_signKeyPairTypes */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03,     /* [2196] OBJ_id_it_encKeyPairTypes */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04,     /* [2204] OBJ_id_it_preferredSymmAlg */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05,     /* [2212] OBJ_id_it_caKeyUpdateInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06,     /* [2220] OBJ_id_it_currentCRL */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07,     /* [2228] OBJ_id_it_unsupportedOIDs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08,     /* [2236] OBJ_id_it_subscriptionRequest */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09,     /* [2244] OBJ_id_it_subscriptionResponse */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A,     /* [2252] OBJ_id_it_keyPairParamReq */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B,     /* [2260] OBJ_id_it_keyPairParamRep */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C,     /* [2268] OBJ_id_it_revPassphrase */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D,     /* [2276] OBJ_id_it_implicitConfirm */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E,     /* [2284] OBJ_id_it_confirmWaitTime */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F,     /* [2292] OBJ_id_it_origPKIMessage */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,     /* [2300] OBJ_id_regCtrl */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,     /* [2308] OBJ_id_regInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2316] OBJ_id_regCtrl_regToken */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2325] OBJ_id_regCtrl_authenticator */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2334] OBJ_id_regCtrl_pkiPublicationInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2343] OBJ_id_regCtrl_pkiArchiveOptions */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2352] OBJ_id_regCtrl_oldCertID */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2361] OBJ_id_regCtrl_protocolEncrKey */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2370] OBJ_id_regInfo_utf8Pairs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2379] OBJ_id_regInfo_certReq */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01,     /* [2388] OBJ_id_alg_des40 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02,     /* [2396] OBJ_id_alg_noSignature */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03,     /* [2404] OBJ_id_alg_dh_sig_hmac_sha1 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04,     /* [2412] OBJ_id_alg_dh_pop */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01,     /* [2420] OBJ_id_cmc_statusInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02,     /* [2428] OBJ_id_cmc_identification */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03,     /* [2436] OBJ_id_cmc_identityProof */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04,     /* [2444] OBJ_id_cmc_dataReturn */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05,     /* [2452] OBJ_id_cmc_transactionId */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06,     /* [2460] OBJ_id_cmc_senderNonce */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07,     /* [2468] OBJ_id_cmc_recipientNonce */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08,     /* [2476] OBJ_id_cmc_addExtensions */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09,     /* [2484] OBJ_id_cmc_encryptedPOP */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A,     /* [2492] OBJ_id_cmc_decryptedPOP */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B,     /* [2500] OBJ_id_cmc_lraPOPWitness */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F,     /* [2508] OBJ_id_cmc_getCert */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10,     /* [2516] OBJ_id_cmc_getCRL */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11,     /* [2524] OBJ_id_cmc_revokeRequest */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12,     /* [2532] OBJ_id_cmc_regInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13,     /* [2540] OBJ_id_cmc_responseInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15,     /* [2548] OBJ_id_cmc_queryPending */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16,     /* [2556] OBJ_id_cmc_popLinkRandom */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17,     /* [2564] OBJ_id_cmc_popLinkWitness */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18,     /* [2572] OBJ_id_cmc_confirmCertAcceptance */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01,     /* [2580] OBJ_id_on_personalData */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01,     /* [2588] OBJ_id_pda_dateOfBirth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02,     /* [2596] OBJ_id_pda_placeOfBirth */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,     /* [2604] OBJ_id_pda_gender */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,     /* [2612] OBJ_id_pda_countryOfCitizenship */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,     /* [2620] OBJ_id_pda_countryOfResidence */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,     /* [2628] OBJ_id_aca_authenticationInfo */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,     /* [2636] OBJ_id_aca_accessIdentity */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,     /* [2644] OBJ_id_aca_chargingIdentity */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,     /* [2652] OBJ_id_aca_group */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,     /* [2660] OBJ_id_aca_role */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,     /* [2668] OBJ_id_qcs_pkixQCSyntax_v1 */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,     /* [2676] OBJ_id_cct_crs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,     /* [2684] OBJ_id_cct_PKIData */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,     /* [2692] OBJ_id_cct_PKIResponse */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,     /* [2700] OBJ_ad_timeStamping */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,     /* [2708] OBJ_ad_dvcs */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2716] OBJ_id_pkix_OCSP_basic */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2725] OBJ_id_pkix_OCSP_Nonce */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2734] OBJ_id_pkix_OCSP_CrlID */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2743] OBJ_id_pkix_OCSP_acceptableResponses */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2752] OBJ_id_pkix_OCSP_noCheck */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2761] OBJ_id_pkix_OCSP_archiveCutoff */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2770] OBJ_id_pkix_OCSP_serviceLocator */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2779] OBJ_id_pkix_OCSP_extendedStatus */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2788] OBJ_id_pkix_OCSP_valid */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2797] OBJ_id_pkix_OCSP_path */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2806] OBJ_id_pkix_OCSP_trustRoot */
+0x2B,0x0E,0x03,0x02,                         /* [2815] OBJ_algorithm */
+0x2B,0x0E,0x03,0x02,0x0B,                    /* [2819] OBJ_rsaSignature */
+0x55,0x08,                                   /* [2824] OBJ_X500algorithms */
+0x2B,                                        /* [2826] OBJ_org */
+0x2B,0x06,                                   /* [2827] OBJ_dod */
+0x2B,0x06,0x01,                              /* [2829] OBJ_iana */
+0x2B,0x06,0x01,0x01,                         /* [2832] OBJ_Directory */
+0x2B,0x06,0x01,0x02,                         /* [2836] OBJ_Management */
+0x2B,0x06,0x01,0x03,                         /* [2840] OBJ_Experimental */
+0x2B,0x06,0x01,0x04,                         /* [2844] OBJ_Private */
+0x2B,0x06,0x01,0x05,                         /* [2848] OBJ_Security */
+0x2B,0x06,0x01,0x06,                         /* [2852] OBJ_SNMPv2 */
+0x2B,0x06,0x01,0x07,                         /* [2856] OBJ_Mail */
+0x2B,0x06,0x01,0x04,0x01,                    /* [2860] OBJ_Enterprises */
+0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2865] OBJ_dcObject */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2874] OBJ_domainComponent */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2884] OBJ_Domain */
+0x50,                                        /* [2894] OBJ_joint_iso_ccitt */
+0x55,0x01,0x05,                              /* [2895] OBJ_selected_attribute_types */
+0x55,0x01,0x05,0x37,                         /* [2898] OBJ_clearance */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2902] OBJ_md4WithRSAEncryption */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A,     /* [2911] OBJ_ac_proxying */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B,     /* [2919] OBJ_sinfo_access */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06,     /* [2927] OBJ_id_aca_encAttrs */
+0x55,0x04,0x48,                              /* [2935] OBJ_role */
+0x55,0x1D,0x24,                              /* [2938] OBJ_policy_constraints */
+0x55,0x1D,0x37,                              /* [2941] OBJ_target_information */
+0x55,0x1D,0x38,                              /* [2944] OBJ_no_rev_avail */
+0x00,                                        /* [2947] OBJ_ccitt */
+0x2A,0x86,0x48,0xCE,0x3D,                    /* [2948] OBJ_ansi_X9_62 */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01,          /* [2953] OBJ_X9_62_prime_field */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,          /* [2960] OBJ_X9_62_characteristic_two_field */
+0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01,          /* [2967] OBJ_X9_62_id_ecPublicKey */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01,     /* [2974] OBJ_X9_62_prime192v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02,     /* [2982] OBJ_X9_62_prime192v2 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03,     /* [2990] OBJ_X9_62_prime192v3 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04,     /* [2998] OBJ_X9_62_prime239v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05,     /* [3006] OBJ_X9_62_prime239v2 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06,     /* [3014] OBJ_X9_62_prime239v3 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07,     /* [3022] OBJ_X9_62_prime256v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01,          /* [3030] OBJ_ecdsa_with_SHA1 */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3037] OBJ_ms_csp_name */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3046] OBJ_aes_128_ecb */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3055] OBJ_aes_128_cbc */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3064] OBJ_aes_128_ofb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3073] OBJ_aes_128_cfb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3082] OBJ_aes_192_ecb */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3091] OBJ_aes_192_cbc */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3100] OBJ_aes_192_ofb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3109] OBJ_aes_192_cfb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3118] OBJ_aes_256_ecb */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3127] OBJ_aes_256_cbc */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3136] OBJ_aes_256_ofb128 */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3145] OBJ_aes_256_cfb128 */
+0x55,0x1D,0x17,                              /* [3154] OBJ_hold_instruction_code */
+0x2A,0x86,0x48,0xCE,0x38,0x02,0x01,          /* [3157] OBJ_hold_instruction_none */
+0x2A,0x86,0x48,0xCE,0x38,0x02,0x02,          /* [3164] OBJ_hold_instruction_call_issuer */
+0x2A,0x86,0x48,0xCE,0x38,0x02,0x03,          /* [3171] OBJ_hold_instruction_reject */
+0x09,                                        /* [3178] OBJ_data */
+0x09,0x92,0x26,                              /* [3179] OBJ_pss */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,          /* [3182] OBJ_ucl */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,     /* [3189] OBJ_pilot */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3197] OBJ_pilotAttributeType */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3206] OBJ_pilotAttributeSyntax */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3215] OBJ_pilotObjectClass */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3224] OBJ_pilotGroups */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3233] OBJ_iA5StringSyntax */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3243] OBJ_caseIgnoreIA5StringSyntax */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3253] OBJ_pilotObject */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3263] OBJ_pilotPerson */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3273] OBJ_account */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3283] OBJ_document */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3293] OBJ_room */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3303] OBJ_documentSeries */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3313] OBJ_rFC822localPart */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3323] OBJ_dNSDomain */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3333] OBJ_domainRelatedObject */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3343] OBJ_friendlyCountry */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3353] OBJ_simpleSecurityObject */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3363] OBJ_pilotOrganization */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3373] OBJ_pilotDSA */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3383] OBJ_qualityLabelledData */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3393] OBJ_userId */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3403] OBJ_textEncodedORAddress */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3413] OBJ_rfc822Mailbox */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3423] OBJ_info */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3433] OBJ_favouriteDrink */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3443] OBJ_roomNumber */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3453] OBJ_photo */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3463] OBJ_userClass */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3473] OBJ_host */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3483] OBJ_manager */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3493] OBJ_documentIdentifier */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3503] OBJ_documentTitle */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3513] OBJ_documentVersion */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3523] OBJ_documentAuthor */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3533] OBJ_documentLocation */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3543] OBJ_homeTelephoneNumber */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3553] OBJ_secretary */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3563] OBJ_otherMailbox */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3573] OBJ_lastModifiedTime */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3583] OBJ_lastModifiedBy */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3593] OBJ_aRecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3603] OBJ_pilotAttributeType27 */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3613] OBJ_mXRecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3623] OBJ_nSRecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3633] OBJ_sOARecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3643] OBJ_cNAMERecord */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3653] OBJ_associatedDomain */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3663] OBJ_associatedName */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3673] OBJ_homePostalAddress */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3683] OBJ_personalTitle */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3693] OBJ_mobileTelephoneNumber */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3703] OBJ_pagerTelephoneNumber */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3713] OBJ_friendlyCountryName */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3723] OBJ_organizationalStatus */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3733] OBJ_janetMailbox */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3743] OBJ_mailPreferenceOption */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3753] OBJ_buildingName */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3763] OBJ_dSAQuality */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3773] OBJ_singleLevelQuality */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3783] OBJ_subtreeMinimumQuality */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3793] OBJ_subtreeMaximumQuality */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3803] OBJ_personalSignature */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3813] OBJ_dITRedirect */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3823] OBJ_audio */
+0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3833] OBJ_documentPublisher */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,     /* [3843] OBJ_X9_62_id_characteristic_two_basis */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [3851] OBJ_X9_62_onBasis */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [3860] OBJ_X9_62_tpBasis */
+0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [3869] OBJ_X9_62_ppBasis */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01,     /* [3878] OBJ_X9_62_c2pnb163v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02,     /* [3886] OBJ_X9_62_c2pnb163v2 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03,     /* [3894] OBJ_X9_62_c2pnb163v3 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04,     /* [3902] OBJ_X9_62_c2pnb176v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05,     /* [3910] OBJ_X9_62_c2tnb191v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06,     /* [3918] OBJ_X9_62_c2tnb191v2 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07,     /* [3926] OBJ_X9_62_c2tnb191v3 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08,     /* [3934] OBJ_X9_62_c2onb191v4 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09,     /* [3942] OBJ_X9_62_c2onb191v5 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A,     /* [3950] OBJ_X9_62_c2pnb208w1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B,     /* [3958] OBJ_X9_62_c2tnb239v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C,     /* [3966] OBJ_X9_62_c2tnb239v2 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D,     /* [3974] OBJ_X9_62_c2tnb239v3 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E,     /* [3982] OBJ_X9_62_c2onb239v4 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F,     /* [3990] OBJ_X9_62_c2onb239v5 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10,     /* [3998] OBJ_X9_62_c2pnb272w1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11,     /* [4006] OBJ_X9_62_c2pnb304w1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12,     /* [4014] OBJ_X9_62_c2tnb359v1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13,     /* [4022] OBJ_X9_62_c2pnb368w1 */
+0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14,     /* [4030] OBJ_X9_62_c2tnb431r1 */
+0x2B,                                        /* [4038] OBJ_identified_organization */
+0x2B,0x81,0x04,                              /* [4039] OBJ_certicom_arc */
+0x2B,0x81,0x04,0x00,0x06,                    /* [4042] OBJ_secp112r1 */
+0x2B,0x81,0x04,0x00,0x07,                    /* [4047] OBJ_secp112r2 */
+0x2B,0x81,0x04,0x00,0x1C,                    /* [4052] OBJ_secp128r1 */
+0x2B,0x81,0x04,0x00,0x1D,                    /* [4057] OBJ_secp128r2 */
+0x2B,0x81,0x04,0x00,0x09,                    /* [4062] OBJ_secp160k1 */
+0x2B,0x81,0x04,0x00,0x08,                    /* [4067] OBJ_secp160r1 */
+0x2B,0x81,0x04,0x00,0x1E,                    /* [4072] OBJ_secp160r2 */
+0x2B,0x81,0x04,0x00,0x1F,                    /* [4077] OBJ_secp192k1 */
+0x2B,0x81,0x04,0x00,0x20,                    /* [4082] OBJ_secp224k1 */
+0x2B,0x81,0x04,0x00,0x21,                    /* [4087] OBJ_secp224r1 */
+0x2B,0x81,0x04,0x00,0x0A,                    /* [4092] OBJ_secp256k1 */
+0x2B,0x81,0x04,0x00,0x22,                    /* [4097] OBJ_secp384r1 */
+0x2B,0x81,0x04,0x00,0x23,                    /* [4102] OBJ_secp521r1 */
+0x2B,0x81,0x04,0x00,0x04,                    /* [4107] OBJ_sect113r1 */
+0x2B,0x81,0x04,0x00,0x05,                    /* [4112] OBJ_sect113r2 */
+0x2B,0x81,0x04,0x00,0x16,                    /* [4117] OBJ_sect131r1 */
+0x2B,0x81,0x04,0x00,0x17,                    /* [4122] OBJ_sect131r2 */
+0x2B,0x81,0x04,0x00,0x01,                    /* [4127] OBJ_sect163k1 */
+0x2B,0x81,0x04,0x00,0x02,                    /* [4132] OBJ_sect163r1 */
+0x2B,0x81,0x04,0x00,0x0F,                    /* [4137] OBJ_sect163r2 */
+0x2B,0x81,0x04,0x00,0x18,                    /* [4142] OBJ_sect193r1 */
+0x2B,0x81,0x04,0x00,0x19,                    /* [4147] OBJ_sect193r2 */
+0x2B,0x81,0x04,0x00,0x1A,                    /* [4152] OBJ_sect233k1 */
+0x2B,0x81,0x04,0x00,0x1B,                    /* [4157] OBJ_sect233r1 */
+0x2B,0x81,0x04,0x00,0x03,                    /* [4162] OBJ_sect239k1 */
+0x2B,0x81,0x04,0x00,0x10,                    /* [4167] OBJ_sect283k1 */
+0x2B,0x81,0x04,0x00,0x11,                    /* [4172] OBJ_sect283r1 */
+0x2B,0x81,0x04,0x00,0x24,                    /* [4177] OBJ_sect409k1 */
+0x2B,0x81,0x04,0x00,0x25,                    /* [4182] OBJ_sect409r1 */
+0x2B,0x81,0x04,0x00,0x26,                    /* [4187] OBJ_sect571k1 */
+0x2B,0x81,0x04,0x00,0x27,                    /* [4192] OBJ_sect571r1 */
+0x67,0x2B,                                   /* [4197] OBJ_wap */
+0x67,0x2B,0x0D,                              /* [4199] OBJ_wap_wsg */
+0x67,0x2B,0x0D,0x04,0x01,                    /* [4202] OBJ_wap_wsg_idm_ecid_wtls1 */
+0x67,0x2B,0x0D,0x04,0x06,                    /* [4207] OBJ_wap_wsg_idm_ecid_wtls6 */
+0x67,0x2B,0x0D,0x04,0x08,                    /* [4212] OBJ_wap_wsg_idm_ecid_wtls8 */
+0x67,0x2B,0x0D,0x04,0x09,                    /* [4217] OBJ_wap_wsg_idm_ecid_wtls9 */
+0x55,0x04,0x2D,                              /* [4222] OBJ_x500UniqueIdentifier */
+0x2B,0x06,0x01,0x07,0x01,                    /* [4225] OBJ_mime_mhs */
+0x2B,0x06,0x01,0x07,0x01,0x01,               /* [4230] OBJ_mime_mhs_headings */
+0x2B,0x06,0x01,0x07,0x01,0x02,               /* [4236] OBJ_mime_mhs_bodies */
+0x2B,0x06,0x01,0x07,0x01,0x01,0x01,          /* [4242] OBJ_id_hex_partial_message */
+0x2B,0x06,0x01,0x07,0x01,0x01,0x02,          /* [4249] OBJ_id_hex_multipart_message */
+0x55,0x04,0x2C,                              /* [4256] OBJ_generationQualifier */
+0x55,0x04,0x41,                              /* [4259] OBJ_pseudonym */
+0x67,0x2A,                                   /* [4262] OBJ_id_set */
+0x67,0x2A,0x00,                              /* [4264] OBJ_set_ctype */
+0x67,0x2A,0x01,                              /* [4267] OBJ_set_msgExt */
+0x67,0x2A,0x03,                              /* [4270] OBJ_set_attr */
+0x67,0x2A,0x05,                              /* [4273] OBJ_set_policy */
+0x67,0x2A,0x07,                              /* [4276] OBJ_set_certExt */
+0x67,0x2A,0x08,                              /* [4279] OBJ_set_brand */
+0x67,0x2A,0x00,0x00,                         /* [4282] OBJ_setct_PANData */
+0x67,0x2A,0x00,0x01,                         /* [4286] OBJ_setct_PANToken */
+0x67,0x2A,0x00,0x02,                         /* [4290] OBJ_setct_PANOnly */
+0x67,0x2A,0x00,0x03,                         /* [4294] OBJ_setct_OIData */
+0x67,0x2A,0x00,0x04,                         /* [4298] OBJ_setct_PI */
+0x67,0x2A,0x00,0x05,                         /* [4302] OBJ_setct_PIData */
+0x67,0x2A,0x00,0x06,                         /* [4306] OBJ_setct_PIDataUnsigned */
+0x67,0x2A,0x00,0x07,                         /* [4310] OBJ_setct_HODInput */
+0x67,0x2A,0x00,0x08,                         /* [4314] OBJ_setct_AuthResBaggage */
+0x67,0x2A,0x00,0x09,                         /* [4318] OBJ_setct_AuthRevReqBaggage */
+0x67,0x2A,0x00,0x0A,                         /* [4322] OBJ_setct_AuthRevResBaggage */
+0x67,0x2A,0x00,0x0B,                         /* [4326] OBJ_setct_CapTokenSeq */
+0x67,0x2A,0x00,0x0C,                         /* [4330] OBJ_setct_PInitResData */
+0x67,0x2A,0x00,0x0D,                         /* [4334] OBJ_setct_PI_TBS */
+0x67,0x2A,0x00,0x0E,                         /* [4338] OBJ_setct_PResData */
+0x67,0x2A,0x00,0x10,                         /* [4342] OBJ_setct_AuthReqTBS */
+0x67,0x2A,0x00,0x11,                         /* [4346] OBJ_setct_AuthResTBS */
+0x67,0x2A,0x00,0x12,                         /* [4350] OBJ_setct_AuthResTBSX */
+0x67,0x2A,0x00,0x13,                         /* [4354] OBJ_setct_AuthTokenTBS */
+0x67,0x2A,0x00,0x14,                         /* [4358] OBJ_setct_CapTokenData */
+0x67,0x2A,0x00,0x15,                         /* [4362] OBJ_setct_CapTokenTBS */
+0x67,0x2A,0x00,0x16,                         /* [4366] OBJ_setct_AcqCardCodeMsg */
+0x67,0x2A,0x00,0x17,                         /* [4370] OBJ_setct_AuthRevReqTBS */
+0x67,0x2A,0x00,0x18,                         /* [4374] OBJ_setct_AuthRevResData */
+0x67,0x2A,0x00,0x19,                         /* [4378] OBJ_setct_AuthRevResTBS */
+0x67,0x2A,0x00,0x1A,                         /* [4382] OBJ_setct_CapReqTBS */
+0x67,0x2A,0x00,0x1B,                         /* [4386] OBJ_setct_CapReqTBSX */
+0x67,0x2A,0x00,0x1C,                         /* [4390] OBJ_setct_CapResData */
+0x67,0x2A,0x00,0x1D,                         /* [4394] OBJ_setct_CapRevReqTBS */
+0x67,0x2A,0x00,0x1E,                         /* [4398] OBJ_setct_CapRevReqTBSX */
+0x67,0x2A,0x00,0x1F,                         /* [4402] OBJ_setct_CapRevResData */
+0x67,0x2A,0x00,0x20,                         /* [4406] OBJ_setct_CredReqTBS */
+0x67,0x2A,0x00,0x21,                         /* [4410] OBJ_setct_CredReqTBSX */
+0x67,0x2A,0x00,0x22,                         /* [4414] OBJ_setct_CredResData */
+0x67,0x2A,0x00,0x23,                         /* [4418] OBJ_setct_CredRevReqTBS */
+0x67,0x2A,0x00,0x24,                         /* [4422] OBJ_setct_CredRevReqTBSX */
+0x67,0x2A,0x00,0x25,                         /* [4426] OBJ_setct_CredRevResData */
+0x67,0x2A,0x00,0x26,                         /* [4430] OBJ_setct_PCertReqData */
+0x67,0x2A,0x00,0x27,                         /* [4434] OBJ_setct_PCertResTBS */
+0x67,0x2A,0x00,0x28,                         /* [4438] OBJ_setct_BatchAdminReqData */
+0x67,0x2A,0x00,0x29,                         /* [4442] OBJ_setct_BatchAdminResData */
+0x67,0x2A,0x00,0x2A,                         /* [4446] OBJ_setct_CardCInitResTBS */
+0x67,0x2A,0x00,0x2B,                         /* [4450] OBJ_setct_MeAqCInitResTBS */
+0x67,0x2A,0x00,0x2C,                         /* [4454] OBJ_setct_RegFormResTBS */
+0x67,0x2A,0x00,0x2D,                         /* [4458] OBJ_setct_CertReqData */
+0x67,0x2A,0x00,0x2E,                         /* [4462] OBJ_setct_CertReqTBS */
+0x67,0x2A,0x00,0x2F,                         /* [4466] OBJ_setct_CertResData */
+0x67,0x2A,0x00,0x30,                         /* [4470] OBJ_setct_CertInqReqTBS */
+0x67,0x2A,0x00,0x31,                         /* [4474] OBJ_setct_ErrorTBS */
+0x67,0x2A,0x00,0x32,                         /* [4478] OBJ_setct_PIDualSignedTBE */
+0x67,0x2A,0x00,0x33,                         /* [4482] OBJ_setct_PIUnsignedTBE */
+0x67,0x2A,0x00,0x34,                         /* [4486] OBJ_setct_AuthReqTBE */
+0x67,0x2A,0x00,0x35,                         /* [4490] OBJ_setct_AuthResTBE */
+0x67,0x2A,0x00,0x36,                         /* [4494] OBJ_setct_AuthResTBEX */
+0x67,0x2A,0x00,0x37,                         /* [4498] OBJ_setct_AuthTokenTBE */
+0x67,0x2A,0x00,0x38,                         /* [4502] OBJ_setct_CapTokenTBE */
+0x67,0x2A,0x00,0x39,                         /* [4506] OBJ_setct_CapTokenTBEX */
+0x67,0x2A,0x00,0x3A,                         /* [4510] OBJ_setct_AcqCardCodeMsgTBE */
+0x67,0x2A,0x00,0x3B,                         /* [4514] OBJ_setct_AuthRevReqTBE */
+0x67,0x2A,0x00,0x3C,                         /* [4518] OBJ_setct_AuthRevResTBE */
+0x67,0x2A,0x00,0x3D,                         /* [4522] OBJ_setct_AuthRevResTBEB */
+0x67,0x2A,0x00,0x3E,                         /* [4526] OBJ_setct_CapReqTBE */
+0x67,0x2A,0x00,0x3F,                         /* [4530] OBJ_setct_CapReqTBEX */
+0x67,0x2A,0x00,0x40,                         /* [4534] OBJ_setct_CapResTBE */
+0x67,0x2A,0x00,0x41,                         /* [4538] OBJ_setct_CapRevReqTBE */
+0x67,0x2A,0x00,0x42,                         /* [4542] OBJ_setct_CapRevReqTBEX */
+0x67,0x2A,0x00,0x43,                         /* [4546] OBJ_setct_CapRevResTBE */
+0x67,0x2A,0x00,0x44,                         /* [4550] OBJ_setct_CredReqTBE */
+0x67,0x2A,0x00,0x45,                         /* [4554] OBJ_setct_CredReqTBEX */
+0x67,0x2A,0x00,0x46,                         /* [4558] OBJ_setct_CredResTBE */
+0x67,0x2A,0x00,0x47,                         /* [4562] OBJ_setct_CredRevReqTBE */
+0x67,0x2A,0x00,0x48,                         /* [4566] OBJ_setct_CredRevReqTBEX */
+0x67,0x2A,0x00,0x49,                         /* [4570] OBJ_setct_CredRevResTBE */
+0x67,0x2A,0x00,0x4A,                         /* [4574] OBJ_setct_BatchAdminReqTBE */
+0x67,0x2A,0x00,0x4B,                         /* [4578] OBJ_setct_BatchAdminResTBE */
+0x67,0x2A,0x00,0x4C,                         /* [4582] OBJ_setct_RegFormReqTBE */
+0x67,0x2A,0x00,0x4D,                         /* [4586] OBJ_setct_CertReqTBE */
+0x67,0x2A,0x00,0x4E,                         /* [4590] OBJ_setct_CertReqTBEX */
+0x67,0x2A,0x00,0x4F,                         /* [4594] OBJ_setct_CertResTBE */
+0x67,0x2A,0x00,0x50,                         /* [4598] OBJ_setct_CRLNotificationTBS */
+0x67,0x2A,0x00,0x51,                         /* [4602] OBJ_setct_CRLNotificationResTBS */
+0x67,0x2A,0x00,0x52,                         /* [4606] OBJ_setct_BCIDistributionTBS */
+0x67,0x2A,0x01,0x01,                         /* [4610] OBJ_setext_genCrypt */
+0x67,0x2A,0x01,0x03,                         /* [4614] OBJ_setext_miAuth */
+0x67,0x2A,0x01,0x04,                         /* [4618] OBJ_setext_pinSecure */
+0x67,0x2A,0x01,0x05,                         /* [4622] OBJ_setext_pinAny */
+0x67,0x2A,0x01,0x07,                         /* [4626] OBJ_setext_track2 */
+0x67,0x2A,0x01,0x08,                         /* [4630] OBJ_setext_cv */
+0x67,0x2A,0x05,0x00,                         /* [4634] OBJ_set_policy_root */
+0x67,0x2A,0x07,0x00,                         /* [4638] OBJ_setCext_hashedRoot */
+0x67,0x2A,0x07,0x01,                         /* [4642] OBJ_setCext_certType */
+0x67,0x2A,0x07,0x02,                         /* [4646] OBJ_setCext_merchData */
+0x67,0x2A,0x07,0x03,                         /* [4650] OBJ_setCext_cCertRequired */
+0x67,0x2A,0x07,0x04,                         /* [4654] OBJ_setCext_tunneling */
+0x67,0x2A,0x07,0x05,                         /* [4658] OBJ_setCext_setExt */
+0x67,0x2A,0x07,0x06,                         /* [4662] OBJ_setCext_setQualf */
+0x67,0x2A,0x07,0x07,                         /* [4666] OBJ_setCext_PGWYcapabilities */
+0x67,0x2A,0x07,0x08,                         /* [4670] OBJ_setCext_TokenIdentifier */
+0x67,0x2A,0x07,0x09,                         /* [4674] OBJ_setCext_Track2Data */
+0x67,0x2A,0x07,0x0A,                         /* [4678] OBJ_setCext_TokenType */
+0x67,0x2A,0x07,0x0B,                         /* [4682] OBJ_setCext_IssuerCapabilities */
+0x67,0x2A,0x03,0x00,                         /* [4686] OBJ_setAttr_Cert */
+0x67,0x2A,0x03,0x01,                         /* [4690] OBJ_setAttr_PGWYcap */
+0x67,0x2A,0x03,0x02,                         /* [4694] OBJ_setAttr_TokenType */
+0x67,0x2A,0x03,0x03,                         /* [4698] OBJ_setAttr_IssCap */
+0x67,0x2A,0x03,0x00,0x00,                    /* [4702] OBJ_set_rootKeyThumb */
+0x67,0x2A,0x03,0x00,0x01,                    /* [4707] OBJ_set_addPolicy */
+0x67,0x2A,0x03,0x02,0x01,                    /* [4712] OBJ_setAttr_Token_EMV */
+0x67,0x2A,0x03,0x02,0x02,                    /* [4717] OBJ_setAttr_Token_B0Prime */
+0x67,0x2A,0x03,0x03,0x03,                    /* [4722] OBJ_setAttr_IssCap_CVM */
+0x67,0x2A,0x03,0x03,0x04,                    /* [4727] OBJ_setAttr_IssCap_T2 */
+0x67,0x2A,0x03,0x03,0x05,                    /* [4732] OBJ_setAttr_IssCap_Sig */
+0x67,0x2A,0x03,0x03,0x03,0x01,               /* [4737] OBJ_setAttr_GenCryptgrm */
+0x67,0x2A,0x03,0x03,0x04,0x01,               /* [4743] OBJ_setAttr_T2Enc */
+0x67,0x2A,0x03,0x03,0x04,0x02,               /* [4749] OBJ_setAttr_T2cleartxt */
+0x67,0x2A,0x03,0x03,0x05,0x01,               /* [4755] OBJ_setAttr_TokICCsig */
+0x67,0x2A,0x03,0x03,0x05,0x02,               /* [4761] OBJ_setAttr_SecDevSig */
+0x67,0x2A,0x08,0x01,                         /* [4767] OBJ_set_brand_IATA_ATA */
+0x67,0x2A,0x08,0x1E,                         /* [4771] OBJ_set_brand_Diners */
+0x67,0x2A,0x08,0x22,                         /* [4775] OBJ_set_brand_AmericanExpress */
+0x67,0x2A,0x08,0x23,                         /* [4779] OBJ_set_brand_JCB */
+0x67,0x2A,0x08,0x04,                         /* [4783] OBJ_set_brand_Visa */
+0x67,0x2A,0x08,0x05,                         /* [4787] OBJ_set_brand_MasterCard */
+0x67,0x2A,0x08,0xAE,0x7B,                    /* [4791] OBJ_set_brand_Novus */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A,     /* [4796] OBJ_des_cdmf */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4804] OBJ_rsaOAEPEncryptionSET */
+0x67,0x2B,0x0D,0x04,0x03,                    /* [4813] OBJ_wap_wsg_idm_ecid_wtls3 */
+0x67,0x2B,0x0D,0x04,0x04,                    /* [4818] OBJ_wap_wsg_idm_ecid_wtls4 */
+0x67,0x2B,0x0D,0x04,0x05,                    /* [4823] OBJ_wap_wsg_idm_ecid_wtls5 */
+0x67,0x2B,0x0D,0x04,0x07,                    /* [4828] OBJ_wap_wsg_idm_ecid_wtls7 */
+0x67,0x2B,0x0D,0x04,0x0A,                    /* [4833] OBJ_wap_wsg_idm_ecid_wtls10 */
+0x67,0x2B,0x0D,0x04,0x0B,                    /* [4838] OBJ_wap_wsg_idm_ecid_wtls11 */
+0x67,0x2B,0x0D,0x04,0x0C,                    /* [4843] OBJ_wap_wsg_idm_ecid_wtls12 */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4848] OBJ_ms_smartcard_login */
+0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4858] OBJ_ms_upn */
 };
 
 static ASN1_OBJECT nid_objs[NUM_NID]={
 {"UNDEF","undefined",NID_undef,1,&(lvalues[0]),0},
-{"rsadsi","rsadsi",NID_rsadsi,6,&(lvalues[1]),0},
-{"pkcs","pkcs",NID_pkcs,7,&(lvalues[7]),0},
+{"rsadsi","RSA Data Security, Inc.",NID_rsadsi,6,&(lvalues[1]),0},
+{"pkcs","RSA Data Security, Inc. PKCS",NID_pkcs,7,&(lvalues[7]),0},
 {"MD2","md2",NID_md2,8,&(lvalues[14]),0},
 {"MD5","md5",NID_md5,8,&(lvalues[22]),0},
 {"RC4","rc4",NID_rc4,8,&(lvalues[30]),0},
@@ -179,11 +769,11 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 	&(lvalues[47]),0},
 {"RSA-MD5","md5WithRSAEncryption",NID_md5WithRSAEncryption,9,
 	&(lvalues[56]),0},
-{"pbeWithMD2AndDES-CBC","pbeWithMD2AndDES-CBC",
-	NID_pbeWithMD2AndDES_CBC,9,&(lvalues[65]),0},
-{"pbeWithMD5AndDES-CBC","pbeWithMD5AndDES-CBC",
-	NID_pbeWithMD5AndDES_CBC,9,&(lvalues[74]),0},
-{"X500","X500",NID_X500,1,&(lvalues[83]),0},
+{"PBE-MD2-DES","pbeWithMD2AndDES-CBC",NID_pbeWithMD2AndDES_CBC,9,
+	&(lvalues[65]),0},
+{"PBE-MD5-DES","pbeWithMD5AndDES-CBC",NID_pbeWithMD5AndDES_CBC,9,
+	&(lvalues[74]),0},
+{"X500","directory services (X.500)",NID_X500,1,&(lvalues[83]),0},
 {"X509","X509",NID_X509,2,&(lvalues[84]),0},
 {"CN","commonName",NID_commonName,3,&(lvalues[86]),0},
 {"C","countryName",NID_countryName,3,&(lvalues[89]),0},
@@ -211,134 +801,1100 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"DES-ECB","des-ecb",NID_des_ecb,5,&(lvalues[187]),0},
 {"DES-CFB","des-cfb",NID_des_cfb64,5,&(lvalues[192]),0},
 {"DES-CBC","des-cbc",NID_des_cbc,5,&(lvalues[197]),0},
-{"DES-EDE","des-ede",NID_des_ede,5,&(lvalues[202]),0},
-{"DES-EDE3","des-ede3",NID_des_ede3,0,NULL},
-{"IDEA-CBC","idea-cbc",NID_idea_cbc,0,NULL},
+{"DES-EDE","des-ede",NID_des_ede_ecb,5,&(lvalues[202]),0},
+{"DES-EDE3","des-ede3",NID_des_ede3_ecb,0,NULL},
+{"IDEA-CBC","idea-cbc",NID_idea_cbc,11,&(lvalues[207]),0},
 {"IDEA-CFB","idea-cfb",NID_idea_cfb64,0,NULL},
 {"IDEA-ECB","idea-ecb",NID_idea_ecb,0,NULL},
-{"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[207]),0},
+{"RC2-CBC","rc2-cbc",NID_rc2_cbc,8,&(lvalues[218]),0},
 {"RC2-ECB","rc2-ecb",NID_rc2_ecb,0,NULL},
 {"RC2-CFB","rc2-cfb",NID_rc2_cfb64,0,NULL},
 {"RC2-OFB","rc2-ofb",NID_rc2_ofb64,0,NULL},
-{"SHA","sha",NID_sha,5,&(lvalues[215]),0},
+{"SHA","sha",NID_sha,5,&(lvalues[226]),0},
 {"RSA-SHA","shaWithRSAEncryption",NID_shaWithRSAEncryption,5,
-	&(lvalues[220]),0},
+	&(lvalues[231]),0},
 {"DES-EDE-CBC","des-ede-cbc",NID_des_ede_cbc,0,NULL},
-{"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[225]),0},
-{"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[233]),0},
+{"DES-EDE3-CBC","des-ede3-cbc",NID_des_ede3_cbc,8,&(lvalues[236]),0},
+{"DES-OFB","des-ofb",NID_des_ofb64,5,&(lvalues[244]),0},
 {"IDEA-OFB","idea-ofb",NID_idea_ofb64,0,NULL},
-{"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[238]),0},
-{"Email","emailAddress",NID_pkcs9_emailAddress,9,&(lvalues[246]),0},
+{"pkcs9","pkcs9",NID_pkcs9,8,&(lvalues[249]),0},
+{"emailAddress","emailAddress",NID_pkcs9_emailAddress,9,
+	&(lvalues[257]),0},
 {"unstructuredName","unstructuredName",NID_pkcs9_unstructuredName,9,
-	&(lvalues[255]),0},
-{"contentType","contentType",NID_pkcs9_contentType,9,&(lvalues[264]),0},
+	&(lvalues[266]),0},
+{"contentType","contentType",NID_pkcs9_contentType,9,&(lvalues[275]),0},
 {"messageDigest","messageDigest",NID_pkcs9_messageDigest,9,
-	&(lvalues[273]),0},
-{"signingTime","signingTime",NID_pkcs9_signingTime,9,&(lvalues[282]),0},
+	&(lvalues[284]),0},
+{"signingTime","signingTime",NID_pkcs9_signingTime,9,&(lvalues[293]),0},
 {"countersignature","countersignature",NID_pkcs9_countersignature,9,
-	&(lvalues[291]),0},
+	&(lvalues[302]),0},
 {"challengePassword","challengePassword",NID_pkcs9_challengePassword,
-	9,&(lvalues[300]),0},
+	9,&(lvalues[311]),0},
 {"unstructuredAddress","unstructuredAddress",
-	NID_pkcs9_unstructuredAddress,9,&(lvalues[309]),0},
+	NID_pkcs9_unstructuredAddress,9,&(lvalues[320]),0},
 {"extendedCertificateAttributes","extendedCertificateAttributes",
-	NID_pkcs9_extCertAttributes,9,&(lvalues[318]),0},
+	NID_pkcs9_extCertAttributes,9,&(lvalues[329]),0},
 {"Netscape","Netscape Communications Corp.",NID_netscape,7,
-	&(lvalues[327]),0},
+	&(lvalues[338]),0},
 {"nsCertExt","Netscape Certificate Extension",
-	NID_netscape_cert_extension,8,&(lvalues[334]),0},
+	NID_netscape_cert_extension,8,&(lvalues[345]),0},
 {"nsDataType","Netscape Data Type",NID_netscape_data_type,8,
-	&(lvalues[342]),0},
+	&(lvalues[353]),0},
 {"DES-EDE-CFB","des-ede-cfb",NID_des_ede_cfb64,0,NULL},
 {"DES-EDE3-CFB","des-ede3-cfb",NID_des_ede3_cfb64,0,NULL},
 {"DES-EDE-OFB","des-ede-ofb",NID_des_ede_ofb64,0,NULL},
 {"DES-EDE3-OFB","des-ede3-ofb",NID_des_ede3_ofb64,0,NULL},
-{"SHA1","sha1",NID_sha1,5,&(lvalues[350]),0},
+{"SHA1","sha1",NID_sha1,5,&(lvalues[361]),0},
 {"RSA-SHA1","sha1WithRSAEncryption",NID_sha1WithRSAEncryption,9,
-	&(lvalues[355]),0},
-{"DSA-SHA","dsaWithSHA",NID_dsaWithSHA,5,&(lvalues[364]),0},
-{"DSA-old","dsaEncryption-old",NID_dsa_2,5,&(lvalues[369]),0},
-{"pbeWithSHA1AndRC2-CBC","pbeWithSHA1AndRC2-CBC",
-	NID_pbeWithSHA1AndRC2_CBC,9,&(lvalues[374]),0},
-{"pbeWithSHA1AndRC4","pbeWithSHA1AndRC4",NID_pbeWithSHA1AndRC4,9,
-	&(lvalues[383]),0},
-{"DSA-SHA1-old","dsaWithSHA1-old",NID_dsaWithSHA1_2,5,&(lvalues[392]),0},
+	&(lvalues[366]),0},
+{"DSA-SHA","dsaWithSHA",NID_dsaWithSHA,5,&(lvalues[375]),0},
+{"DSA-old","dsaEncryption-old",NID_dsa_2,5,&(lvalues[380]),0},
+{"PBE-SHA1-RC2-64","pbeWithSHA1AndRC2-CBC",NID_pbeWithSHA1AndRC2_CBC,
+	9,&(lvalues[385]),0},
+{"PBKDF2","PBKDF2",NID_id_pbkdf2,9,&(lvalues[394]),0},
+{"DSA-SHA1-old","dsaWithSHA1-old",NID_dsaWithSHA1_2,5,&(lvalues[403]),0},
 {"nsCertType","Netscape Cert Type",NID_netscape_cert_type,9,
-	&(lvalues[397]),0},
+	&(lvalues[408]),0},
 {"nsBaseUrl","Netscape Base Url",NID_netscape_base_url,9,
-	&(lvalues[406]),0},
+	&(lvalues[417]),0},
 {"nsRevocationUrl","Netscape Revocation Url",
-	NID_netscape_revocation_url,9,&(lvalues[415]),0},
+	NID_netscape_revocation_url,9,&(lvalues[426]),0},
 {"nsCaRevocationUrl","Netscape CA Revocation Url",
-	NID_netscape_ca_revocation_url,9,&(lvalues[424]),0},
+	NID_netscape_ca_revocation_url,9,&(lvalues[435]),0},
 {"nsRenewalUrl","Netscape Renewal Url",NID_netscape_renewal_url,9,
-	&(lvalues[433]),0},
+	&(lvalues[444]),0},
 {"nsCaPolicyUrl","Netscape CA Policy Url",NID_netscape_ca_policy_url,
-	9,&(lvalues[442]),0},
+	9,&(lvalues[453]),0},
 {"nsSslServerName","Netscape SSL Server Name",
-	NID_netscape_ssl_server_name,9,&(lvalues[451]),0},
-{"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[460]),0},
+	NID_netscape_ssl_server_name,9,&(lvalues[462]),0},
+{"nsComment","Netscape Comment",NID_netscape_comment,9,&(lvalues[471]),0},
 {"nsCertSequence","Netscape Certificate Sequence",
-	NID_netscape_cert_sequence,9,&(lvalues[469]),0},
+	NID_netscape_cert_sequence,9,&(lvalues[480]),0},
 {"DESX-CBC","desx-cbc",NID_desx_cbc,0,NULL},
-{"ld-ce","ld-ce",NID_ld_ce,2,&(lvalues[478]),0},
+{"id-ce","id-ce",NID_id_ce,2,&(lvalues[489]),0},
 {"subjectKeyIdentifier","X509v3 Subject Key Identifier",
-	NID_subject_key_identifier,3,&(lvalues[480]),0},
-{"keyUsage","X509v3 Key Usage",NID_key_usage,3,&(lvalues[483]),0},
+	NID_subject_key_identifier,3,&(lvalues[491]),0},
+{"keyUsage","X509v3 Key Usage",NID_key_usage,3,&(lvalues[494]),0},
 {"privateKeyUsagePeriod","X509v3 Private Key Usage Period",
-	NID_private_key_usage_period,3,&(lvalues[486]),0},
+	NID_private_key_usage_period,3,&(lvalues[497]),0},
 {"subjectAltName","X509v3 Subject Alternative Name",
-	NID_subject_alt_name,3,&(lvalues[489]),0},
+	NID_subject_alt_name,3,&(lvalues[500]),0},
 {"issuerAltName","X509v3 Issuer Alternative Name",NID_issuer_alt_name,
-	3,&(lvalues[492]),0},
+	3,&(lvalues[503]),0},
 {"basicConstraints","X509v3 Basic Constraints",NID_basic_constraints,
-	3,&(lvalues[495]),0},
-{"crlNumber","X509v3 CRL Number",NID_crl_number,3,&(lvalues[498]),0},
+	3,&(lvalues[506]),0},
+{"crlNumber","X509v3 CRL Number",NID_crl_number,3,&(lvalues[509]),0},
 {"certificatePolicies","X509v3 Certificate Policies",
-	NID_certificate_policies,3,&(lvalues[501]),0},
+	NID_certificate_policies,3,&(lvalues[512]),0},
 {"authorityKeyIdentifier","X509v3 Authority Key Identifier",
-	NID_authority_key_identifier,3,&(lvalues[504]),0},
-{"BF-CBC","bf-cbc",NID_bf_cbc,0,NULL},
+	NID_authority_key_identifier,3,&(lvalues[515]),0},
+{"BF-CBC","bf-cbc",NID_bf_cbc,9,&(lvalues[518]),0},
 {"BF-ECB","bf-ecb",NID_bf_ecb,0,NULL},
 {"BF-CFB","bf-cfb",NID_bf_cfb64,0,NULL},
 {"BF-OFB","bf-ofb",NID_bf_ofb64,0,NULL},
-{"MDC2","mdc2",NID_mdc2,4,&(lvalues[507]),0},
-{"RSA-MDC2","mdc2withRSA",NID_mdc2WithRSA,4,&(lvalues[511]),0},
+{"MDC2","mdc2",NID_mdc2,4,&(lvalues[527]),0},
+{"RSA-MDC2","mdc2WithRSA",NID_mdc2WithRSA,4,&(lvalues[531]),0},
 {"RC4-40","rc4-40",NID_rc4_40,0,NULL},
 {"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL},
-{"G","givenName",NID_givenName,3,&(lvalues[515]),0},
-{"S","surname",NID_surname,3,&(lvalues[518]),0},
-{"I","initials",NID_initials,3,&(lvalues[521]),0},
-{"UID","uniqueIdentifier",NID_uniqueIdentifier,3,&(lvalues[524]),0},
+{"gn","givenName",NID_givenName,3,&(lvalues[535]),0},
+{"SN","surname",NID_surname,3,&(lvalues[538]),0},
+{"initials","initials",NID_initials,3,&(lvalues[541]),0},
+{NULL,NULL,NID_undef,0,NULL},
 {"crlDistributionPoints","X509v3 CRL Distribution Points",
-	NID_crl_distribution_points,3,&(lvalues[527]),0},
-{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[530]),0},
-{"SN","serialNumber",NID_serialNumber,3,&(lvalues[535]),0},
-{"T","title",NID_title,3,&(lvalues[538]),0},
-{"D","description",NID_description,3,&(lvalues[541]),0},
-{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[544]),0},
+	NID_crl_distribution_points,3,&(lvalues[544]),0},
+{"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[547]),0},
+{"serialNumber","serialNumber",NID_serialNumber,3,&(lvalues[552]),0},
+{"title","title",NID_title,3,&(lvalues[555]),0},
+{"description","description",NID_description,3,&(lvalues[558]),0},
+{"CAST5-CBC","cast5-cbc",NID_cast5_cbc,9,&(lvalues[561]),0},
 {"CAST5-ECB","cast5-ecb",NID_cast5_ecb,0,NULL},
 {"CAST5-CFB","cast5-cfb",NID_cast5_cfb64,0,NULL},
 {"CAST5-OFB","cast5-ofb",NID_cast5_ofb64,0,NULL},
 {"pbeWithMD5AndCast5CBC","pbeWithMD5AndCast5CBC",
-	NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[553]),0},
-{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[562]),0},
+	NID_pbeWithMD5AndCast5_CBC,9,&(lvalues[570]),0},
+{"DSA-SHA1","dsaWithSHA1",NID_dsaWithSHA1,7,&(lvalues[579]),0},
 {"MD5-SHA1","md5-sha1",NID_md5_sha1,0,NULL},
-{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[569]),0},
-{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[574]),0},
-{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[581]),0},
+{"RSA-SHA1-2","sha1WithRSA",NID_sha1WithRSA,5,&(lvalues[586]),0},
+{"DSA","dsaEncryption",NID_dsa,7,&(lvalues[591]),0},
+{"RIPEMD160","ripemd160",NID_ripemd160,5,&(lvalues[598]),0},
 {NULL,NULL,NID_undef,0,NULL},
 {"RSA-RIPEMD160","ripemd160WithRSA",NID_ripemd160WithRSA,6,
-	&(lvalues[586]),0},
-{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[592]),0},
+	&(lvalues[603]),0},
+{"RC5-CBC","rc5-cbc",NID_rc5_cbc,8,&(lvalues[609]),0},
 {"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL},
 {"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL},
 {"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL},
-{"RLE","run length compression",NID_rle_compression,5,&(lvalues[600]),0},
-{"ZLIB","zlib compression",NID_zlib_compression,5,&(lvalues[605]),0},
+{"RLE","run length compression",NID_rle_compression,6,&(lvalues[617]),0},
+{"ZLIB","zlib compression",NID_zlib_compression,6,&(lvalues[623]),0},
+{"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3,
+	&(lvalues[629]),0},
+{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[632]),0},
+{"id-kp","id-kp",NID_id_kp,7,&(lvalues[638]),0},
+{"serverAuth","TLS Web Server Authentication",NID_server_auth,8,
+	&(lvalues[645]),0},
+{"clientAuth","TLS Web Client Authentication",NID_client_auth,8,
+	&(lvalues[653]),0},
+{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[661]),0},
+{"emailProtection","E-mail Protection",NID_email_protect,8,
+	&(lvalues[669]),0},
+{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[677]),0},
+{"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10,
+	&(lvalues[685]),0},
+{"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10,
+	&(lvalues[695]),0},
+{"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10,
+	&(lvalues[705]),0},
+{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[715]),0},
+{"msEFS","Microsoft Encrypted File System",NID_ms_efs,10,
+	&(lvalues[725]),0},
+{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[735]),0},
+{"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3,
+	&(lvalues[744]),0},
+{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[747]),0},
+{"invalidityDate","Invalidity Date",NID_invalidity_date,3,
+	&(lvalues[750]),0},
+{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[753]),0},
+{"PBE-SHA1-RC4-128","pbeWithSHA1And128BitRC4",
+	NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[758]),0},
+{"PBE-SHA1-RC4-40","pbeWithSHA1And40BitRC4",
+	NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[768]),0},
+{"PBE-SHA1-3DES","pbeWithSHA1And3-KeyTripleDES-CBC",
+	NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[778]),0},
+{"PBE-SHA1-2DES","pbeWithSHA1And2-KeyTripleDES-CBC",
+	NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[788]),0},
+{"PBE-SHA1-RC2-128","pbeWithSHA1And128BitRC2-CBC",
+	NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[798]),0},
+{"PBE-SHA1-RC2-40","pbeWithSHA1And40BitRC2-CBC",
+	NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[808]),0},
+{"keyBag","keyBag",NID_keyBag,11,&(lvalues[818]),0},
+{"pkcs8ShroudedKeyBag","pkcs8ShroudedKeyBag",NID_pkcs8ShroudedKeyBag,
+	11,&(lvalues[829]),0},
+{"certBag","certBag",NID_certBag,11,&(lvalues[840]),0},
+{"crlBag","crlBag",NID_crlBag,11,&(lvalues[851]),0},
+{"secretBag","secretBag",NID_secretBag,11,&(lvalues[862]),0},
+{"safeContentsBag","safeContentsBag",NID_safeContentsBag,11,
+	&(lvalues[873]),0},
+{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[884]),0},
+{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[893]),0},
+{"x509Certificate","x509Certificate",NID_x509Certificate,10,
+	&(lvalues[902]),0},
+{"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10,
+	&(lvalues[912]),0},
+{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[922]),0},
+{"PBES2","PBES2",NID_pbes2,9,&(lvalues[932]),0},
+{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[941]),0},
+{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[950]),0},
+{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[958]),0},
+{"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8,
+	&(lvalues[966]),0},
+{"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL},
+{"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9,
+	&(lvalues[974]),0},
+{"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9,
+	&(lvalues[983]),0},
+{"PBE-MD5-RC2-64","pbeWithMD5AndRC2-CBC",NID_pbeWithMD5AndRC2_CBC,9,
+	&(lvalues[992]),0},
+{"PBE-SHA1-DES","pbeWithSHA1AndDES-CBC",NID_pbeWithSHA1AndDES_CBC,9,
+	&(lvalues[1001]),0},
+{"msExtReq","Microsoft Extension Request",NID_ms_ext_req,10,
+	&(lvalues[1010]),0},
+{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1020]),0},
+{"name","name",NID_name,3,&(lvalues[1029]),0},
+{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1032]),0},
+{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1035]),0},
+{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1042]),0},
+{"authorityInfoAccess","Authority Information Access",NID_info_access,
+	8,&(lvalues[1049]),0},
+{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1057]),0},
+{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1065]),0},
+{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1073]),0},
+{"ISO","iso",NID_iso,1,&(lvalues[1081]),0},
+{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1082]),0},
+{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1083]),0},
+{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1086]),0},
+{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1091]),0},
+{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1097]),0},
+{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1105]),0},
+{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1113]),0},
+{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1122]),0},
+{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1132]),0},
+{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1142]),0},
+{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1152]),0},
+{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1162]),0},
+{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1172]),0},
+{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1182]),0},
+{"id-smime-mod-cms","id-smime-mod-cms",NID_id_smime_mod_cms,11,
+	&(lvalues[1192]),0},
+{"id-smime-mod-ess","id-smime-mod-ess",NID_id_smime_mod_ess,11,
+	&(lvalues[1203]),0},
+{"id-smime-mod-oid","id-smime-mod-oid",NID_id_smime_mod_oid,11,
+	&(lvalues[1214]),0},
+{"id-smime-mod-msg-v3","id-smime-mod-msg-v3",NID_id_smime_mod_msg_v3,
+	11,&(lvalues[1225]),0},
+{"id-smime-mod-ets-eSignature-88","id-smime-mod-ets-eSignature-88",
+	NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1236]),0},
+{"id-smime-mod-ets-eSignature-97","id-smime-mod-ets-eSignature-97",
+	NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1247]),0},
+{"id-smime-mod-ets-eSigPolicy-88","id-smime-mod-ets-eSigPolicy-88",
+	NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1258]),0},
+{"id-smime-mod-ets-eSigPolicy-97","id-smime-mod-ets-eSigPolicy-97",
+	NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1269]),0},
+{"id-smime-ct-receipt","id-smime-ct-receipt",NID_id_smime_ct_receipt,
+	11,&(lvalues[1280]),0},
+{"id-smime-ct-authData","id-smime-ct-authData",
+	NID_id_smime_ct_authData,11,&(lvalues[1291]),0},
+{"id-smime-ct-publishCert","id-smime-ct-publishCert",
+	NID_id_smime_ct_publishCert,11,&(lvalues[1302]),0},
+{"id-smime-ct-TSTInfo","id-smime-ct-TSTInfo",NID_id_smime_ct_TSTInfo,
+	11,&(lvalues[1313]),0},
+{"id-smime-ct-TDTInfo","id-smime-ct-TDTInfo",NID_id_smime_ct_TDTInfo,
+	11,&(lvalues[1324]),0},
+{"id-smime-ct-contentInfo","id-smime-ct-contentInfo",
+	NID_id_smime_ct_contentInfo,11,&(lvalues[1335]),0},
+{"id-smime-ct-DVCSRequestData","id-smime-ct-DVCSRequestData",
+	NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1346]),0},
+{"id-smime-ct-DVCSResponseData","id-smime-ct-DVCSResponseData",
+	NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1357]),0},
+{"id-smime-aa-receiptRequest","id-smime-aa-receiptRequest",
+	NID_id_smime_aa_receiptRequest,11,&(lvalues[1368]),0},
+{"id-smime-aa-securityLabel","id-smime-aa-securityLabel",
+	NID_id_smime_aa_securityLabel,11,&(lvalues[1379]),0},
+{"id-smime-aa-mlExpandHistory","id-smime-aa-mlExpandHistory",
+	NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1390]),0},
+{"id-smime-aa-contentHint","id-smime-aa-contentHint",
+	NID_id_smime_aa_contentHint,11,&(lvalues[1401]),0},
+{"id-smime-aa-msgSigDigest","id-smime-aa-msgSigDigest",
+	NID_id_smime_aa_msgSigDigest,11,&(lvalues[1412]),0},
+{"id-smime-aa-encapContentType","id-smime-aa-encapContentType",
+	NID_id_smime_aa_encapContentType,11,&(lvalues[1423]),0},
+{"id-smime-aa-contentIdentifier","id-smime-aa-contentIdentifier",
+	NID_id_smime_aa_contentIdentifier,11,&(lvalues[1434]),0},
+{"id-smime-aa-macValue","id-smime-aa-macValue",
+	NID_id_smime_aa_macValue,11,&(lvalues[1445]),0},
+{"id-smime-aa-equivalentLabels","id-smime-aa-equivalentLabels",
+	NID_id_smime_aa_equivalentLabels,11,&(lvalues[1456]),0},
+{"id-smime-aa-contentReference","id-smime-aa-contentReference",
+	NID_id_smime_aa_contentReference,11,&(lvalues[1467]),0},
+{"id-smime-aa-encrypKeyPref","id-smime-aa-encrypKeyPref",
+	NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1478]),0},
+{"id-smime-aa-signingCertificate","id-smime-aa-signingCertificate",
+	NID_id_smime_aa_signingCertificate,11,&(lvalues[1489]),0},
+{"id-smime-aa-smimeEncryptCerts","id-smime-aa-smimeEncryptCerts",
+	NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1500]),0},
+{"id-smime-aa-timeStampToken","id-smime-aa-timeStampToken",
+	NID_id_smime_aa_timeStampToken,11,&(lvalues[1511]),0},
+{"id-smime-aa-ets-sigPolicyId","id-smime-aa-ets-sigPolicyId",
+	NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1522]),0},
+{"id-smime-aa-ets-commitmentType","id-smime-aa-ets-commitmentType",
+	NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1533]),0},
+{"id-smime-aa-ets-signerLocation","id-smime-aa-ets-signerLocation",
+	NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1544]),0},
+{"id-smime-aa-ets-signerAttr","id-smime-aa-ets-signerAttr",
+	NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1555]),0},
+{"id-smime-aa-ets-otherSigCert","id-smime-aa-ets-otherSigCert",
+	NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1566]),0},
+{"id-smime-aa-ets-contentTimestamp",
+	"id-smime-aa-ets-contentTimestamp",
+	NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1577]),0},
+{"id-smime-aa-ets-CertificateRefs","id-smime-aa-ets-CertificateRefs",
+	NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1588]),0},
+{"id-smime-aa-ets-RevocationRefs","id-smime-aa-ets-RevocationRefs",
+	NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1599]),0},
+{"id-smime-aa-ets-certValues","id-smime-aa-ets-certValues",
+	NID_id_smime_aa_ets_certValues,11,&(lvalues[1610]),0},
+{"id-smime-aa-ets-revocationValues",
+	"id-smime-aa-ets-revocationValues",
+	NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1621]),0},
+{"id-smime-aa-ets-escTimeStamp","id-smime-aa-ets-escTimeStamp",
+	NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1632]),0},
+{"id-smime-aa-ets-certCRLTimestamp",
+	"id-smime-aa-ets-certCRLTimestamp",
+	NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1643]),0},
+{"id-smime-aa-ets-archiveTimeStamp",
+	"id-smime-aa-ets-archiveTimeStamp",
+	NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1654]),0},
+{"id-smime-aa-signatureType","id-smime-aa-signatureType",
+	NID_id_smime_aa_signatureType,11,&(lvalues[1665]),0},
+{"id-smime-aa-dvcs-dvc","id-smime-aa-dvcs-dvc",
+	NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1676]),0},
+{"id-smime-alg-ESDHwith3DES","id-smime-alg-ESDHwith3DES",
+	NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1687]),0},
+{"id-smime-alg-ESDHwithRC2","id-smime-alg-ESDHwithRC2",
+	NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1698]),0},
+{"id-smime-alg-3DESwrap","id-smime-alg-3DESwrap",
+	NID_id_smime_alg_3DESwrap,11,&(lvalues[1709]),0},
+{"id-smime-alg-RC2wrap","id-smime-alg-RC2wrap",
+	NID_id_smime_alg_RC2wrap,11,&(lvalues[1720]),0},
+{"id-smime-alg-ESDH","id-smime-alg-ESDH",NID_id_smime_alg_ESDH,11,
+	&(lvalues[1731]),0},
+{"id-smime-alg-CMS3DESwrap","id-smime-alg-CMS3DESwrap",
+	NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1742]),0},
+{"id-smime-alg-CMSRC2wrap","id-smime-alg-CMSRC2wrap",
+	NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1753]),0},
+{"id-smime-cd-ldap","id-smime-cd-ldap",NID_id_smime_cd_ldap,11,
+	&(lvalues[1764]),0},
+{"id-smime-spq-ets-sqt-uri","id-smime-spq-ets-sqt-uri",
+	NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1775]),0},
+{"id-smime-spq-ets-sqt-unotice","id-smime-spq-ets-sqt-unotice",
+	NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1786]),0},
+{"id-smime-cti-ets-proofOfOrigin","id-smime-cti-ets-proofOfOrigin",
+	NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1797]),0},
+{"id-smime-cti-ets-proofOfReceipt","id-smime-cti-ets-proofOfReceipt",
+	NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1808]),0},
+{"id-smime-cti-ets-proofOfDelivery",
+	"id-smime-cti-ets-proofOfDelivery",
+	NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1819]),0},
+{"id-smime-cti-ets-proofOfSender","id-smime-cti-ets-proofOfSender",
+	NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1830]),0},
+{"id-smime-cti-ets-proofOfApproval",
+	"id-smime-cti-ets-proofOfApproval",
+	NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1841]),0},
+{"id-smime-cti-ets-proofOfCreation",
+	"id-smime-cti-ets-proofOfCreation",
+	NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1852]),0},
+{"MD4","md4",NID_md4,8,&(lvalues[1863]),0},
+{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1871]),0},
+{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1878]),0},
+{"id-it","id-it",NID_id_it,7,&(lvalues[1885]),0},
+{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1892]),0},
+{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1899]),0},
+{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1906]),0},
+{"id-on","id-on",NID_id_on,7,&(lvalues[1913]),0},
+{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1920]),0},
+{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1927]),0},
+{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1934]),0},
+{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1941]),0},
+{"id-pkix1-explicit-88","id-pkix1-explicit-88",
+	NID_id_pkix1_explicit_88,8,&(lvalues[1948]),0},
+{"id-pkix1-implicit-88","id-pkix1-implicit-88",
+	NID_id_pkix1_implicit_88,8,&(lvalues[1956]),0},
+{"id-pkix1-explicit-93","id-pkix1-explicit-93",
+	NID_id_pkix1_explicit_93,8,&(lvalues[1964]),0},
+{"id-pkix1-implicit-93","id-pkix1-implicit-93",
+	NID_id_pkix1_implicit_93,8,&(lvalues[1972]),0},
+{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1980]),0},
+{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1988]),0},
+{"id-mod-kea-profile-88","id-mod-kea-profile-88",
+	NID_id_mod_kea_profile_88,8,&(lvalues[1996]),0},
+{"id-mod-kea-profile-93","id-mod-kea-profile-93",
+	NID_id_mod_kea_profile_93,8,&(lvalues[2004]),0},
+{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2012]),0},
+{"id-mod-qualified-cert-88","id-mod-qualified-cert-88",
+	NID_id_mod_qualified_cert_88,8,&(lvalues[2020]),0},
+{"id-mod-qualified-cert-93","id-mod-qualified-cert-93",
+	NID_id_mod_qualified_cert_93,8,&(lvalues[2028]),0},
+{"id-mod-attribute-cert","id-mod-attribute-cert",
+	NID_id_mod_attribute_cert,8,&(lvalues[2036]),0},
+{"id-mod-timestamp-protocol","id-mod-timestamp-protocol",
+	NID_id_mod_timestamp_protocol,8,&(lvalues[2044]),0},
+{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2052]),0},
+{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2060]),0},
+{"id-mod-cmp2000","id-mod-cmp2000",NID_id_mod_cmp2000,8,
+	&(lvalues[2068]),0},
+{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2076]),0},
+{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2084]),0},
+{"ac-auditEntity","ac-auditEntity",NID_ac_auditEntity,8,
+	&(lvalues[2092]),0},
+{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2100]),0},
+{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2108]),0},
+{"sbqp-ipAddrBlock","sbqp-ipAddrBlock",NID_sbqp_ipAddrBlock,8,
+	&(lvalues[2116]),0},
+{"sbqp-autonomousSysNum","sbqp-autonomousSysNum",
+	NID_sbqp_autonomousSysNum,8,&(lvalues[2124]),0},
+{"sbqp-routerIdentifier","sbqp-routerIdentifier",
+	NID_sbqp_routerIdentifier,8,&(lvalues[2132]),0},
+{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2140]),0},
+{"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8,
+	&(lvalues[2148]),0},
+{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2156]),0},
+{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2164]),0},
+{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2172]),0},
+{"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert,
+	8,&(lvalues[2180]),0},
+{"id-it-signKeyPairTypes","id-it-signKeyPairTypes",
+	NID_id_it_signKeyPairTypes,8,&(lvalues[2188]),0},
+{"id-it-encKeyPairTypes","id-it-encKeyPairTypes",
+	NID_id_it_encKeyPairTypes,8,&(lvalues[2196]),0},
+{"id-it-preferredSymmAlg","id-it-preferredSymmAlg",
+	NID_id_it_preferredSymmAlg,8,&(lvalues[2204]),0},
+{"id-it-caKeyUpdateInfo","id-it-caKeyUpdateInfo",
+	NID_id_it_caKeyUpdateInfo,8,&(lvalues[2212]),0},
+{"id-it-currentCRL","id-it-currentCRL",NID_id_it_currentCRL,8,
+	&(lvalues[2220]),0},
+{"id-it-unsupportedOIDs","id-it-unsupportedOIDs",
+	NID_id_it_unsupportedOIDs,8,&(lvalues[2228]),0},
+{"id-it-subscriptionRequest","id-it-subscriptionRequest",
+	NID_id_it_subscriptionRequest,8,&(lvalues[2236]),0},
+{"id-it-subscriptionResponse","id-it-subscriptionResponse",
+	NID_id_it_subscriptionResponse,8,&(lvalues[2244]),0},
+{"id-it-keyPairParamReq","id-it-keyPairParamReq",
+	NID_id_it_keyPairParamReq,8,&(lvalues[2252]),0},
+{"id-it-keyPairParamRep","id-it-keyPairParamRep",
+	NID_id_it_keyPairParamRep,8,&(lvalues[2260]),0},
+{"id-it-revPassphrase","id-it-revPassphrase",NID_id_it_revPassphrase,
+	8,&(lvalues[2268]),0},
+{"id-it-implicitConfirm","id-it-implicitConfirm",
+	NID_id_it_implicitConfirm,8,&(lvalues[2276]),0},
+{"id-it-confirmWaitTime","id-it-confirmWaitTime",
+	NID_id_it_confirmWaitTime,8,&(lvalues[2284]),0},
+{"id-it-origPKIMessage","id-it-origPKIMessage",
+	NID_id_it_origPKIMessage,8,&(lvalues[2292]),0},
+{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2300]),0},
+{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2308]),0},
+{"id-regCtrl-regToken","id-regCtrl-regToken",NID_id_regCtrl_regToken,
+	9,&(lvalues[2316]),0},
+{"id-regCtrl-authenticator","id-regCtrl-authenticator",
+	NID_id_regCtrl_authenticator,9,&(lvalues[2325]),0},
+{"id-regCtrl-pkiPublicationInfo","id-regCtrl-pkiPublicationInfo",
+	NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2334]),0},
+{"id-regCtrl-pkiArchiveOptions","id-regCtrl-pkiArchiveOptions",
+	NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2343]),0},
+{"id-regCtrl-oldCertID","id-regCtrl-oldCertID",
+	NID_id_regCtrl_oldCertID,9,&(lvalues[2352]),0},
+{"id-regCtrl-protocolEncrKey","id-regCtrl-protocolEncrKey",
+	NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2361]),0},
+{"id-regInfo-utf8Pairs","id-regInfo-utf8Pairs",
+	NID_id_regInfo_utf8Pairs,9,&(lvalues[2370]),0},
+{"id-regInfo-certReq","id-regInfo-certReq",NID_id_regInfo_certReq,9,
+	&(lvalues[2379]),0},
+{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2388]),0},
+{"id-alg-noSignature","id-alg-noSignature",NID_id_alg_noSignature,8,
+	&(lvalues[2396]),0},
+{"id-alg-dh-sig-hmac-sha1","id-alg-dh-sig-hmac-sha1",
+	NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2404]),0},
+{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2412]),0},
+{"id-cmc-statusInfo","id-cmc-statusInfo",NID_id_cmc_statusInfo,8,
+	&(lvalues[2420]),0},
+{"id-cmc-identification","id-cmc-identification",
+	NID_id_cmc_identification,8,&(lvalues[2428]),0},
+{"id-cmc-identityProof","id-cmc-identityProof",
+	NID_id_cmc_identityProof,8,&(lvalues[2436]),0},
+{"id-cmc-dataReturn","id-cmc-dataReturn",NID_id_cmc_dataReturn,8,
+	&(lvalues[2444]),0},
+{"id-cmc-transactionId","id-cmc-transactionId",
+	NID_id_cmc_transactionId,8,&(lvalues[2452]),0},
+{"id-cmc-senderNonce","id-cmc-senderNonce",NID_id_cmc_senderNonce,8,
+	&(lvalues[2460]),0},
+{"id-cmc-recipientNonce","id-cmc-recipientNonce",
+	NID_id_cmc_recipientNonce,8,&(lvalues[2468]),0},
+{"id-cmc-addExtensions","id-cmc-addExtensions",
+	NID_id_cmc_addExtensions,8,&(lvalues[2476]),0},
+{"id-cmc-encryptedPOP","id-cmc-encryptedPOP",NID_id_cmc_encryptedPOP,
+	8,&(lvalues[2484]),0},
+{"id-cmc-decryptedPOP","id-cmc-decryptedPOP",NID_id_cmc_decryptedPOP,
+	8,&(lvalues[2492]),0},
+{"id-cmc-lraPOPWitness","id-cmc-lraPOPWitness",
+	NID_id_cmc_lraPOPWitness,8,&(lvalues[2500]),0},
+{"id-cmc-getCert","id-cmc-getCert",NID_id_cmc_getCert,8,
+	&(lvalues[2508]),0},
+{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2516]),0},
+{"id-cmc-revokeRequest","id-cmc-revokeRequest",
+	NID_id_cmc_revokeRequest,8,&(lvalues[2524]),0},
+{"id-cmc-regInfo","id-cmc-regInfo",NID_id_cmc_regInfo,8,
+	&(lvalues[2532]),0},
+{"id-cmc-responseInfo","id-cmc-responseInfo",NID_id_cmc_responseInfo,
+	8,&(lvalues[2540]),0},
+{"id-cmc-queryPending","id-cmc-queryPending",NID_id_cmc_queryPending,
+	8,&(lvalues[2548]),0},
+{"id-cmc-popLinkRandom","id-cmc-popLinkRandom",
+	NID_id_cmc_popLinkRandom,8,&(lvalues[2556]),0},
+{"id-cmc-popLinkWitness","id-cmc-popLinkWitness",
+	NID_id_cmc_popLinkWitness,8,&(lvalues[2564]),0},
+{"id-cmc-confirmCertAcceptance","id-cmc-confirmCertAcceptance",
+	NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2572]),0},
+{"id-on-personalData","id-on-personalData",NID_id_on_personalData,8,
+	&(lvalues[2580]),0},
+{"id-pda-dateOfBirth","id-pda-dateOfBirth",NID_id_pda_dateOfBirth,8,
+	&(lvalues[2588]),0},
+{"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth,
+	8,&(lvalues[2596]),0},
+{NULL,NULL,NID_undef,0,NULL},
+{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2604]),0},
+{"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship",
+	NID_id_pda_countryOfCitizenship,8,&(lvalues[2612]),0},
+{"id-pda-countryOfResidence","id-pda-countryOfResidence",
+	NID_id_pda_countryOfResidence,8,&(lvalues[2620]),0},
+{"id-aca-authenticationInfo","id-aca-authenticationInfo",
+	NID_id_aca_authenticationInfo,8,&(lvalues[2628]),0},
+{"id-aca-accessIdentity","id-aca-accessIdentity",
+	NID_id_aca_accessIdentity,8,&(lvalues[2636]),0},
+{"id-aca-chargingIdentity","id-aca-chargingIdentity",
+	NID_id_aca_chargingIdentity,8,&(lvalues[2644]),0},
+{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2652]),0},
+{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2660]),0},
+{"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1",
+	NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2668]),0},
+{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2676]),0},
+{"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8,
+	&(lvalues[2684]),0},
+{"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8,
+	&(lvalues[2692]),0},
+{"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8,
+	&(lvalues[2700]),0},
+{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2708]),0},
+{"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9,
+	&(lvalues[2716]),0},
+{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2725]),0},
+{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2734]),0},
+{"acceptableResponses","Acceptable OCSP Responses",
+	NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2743]),0},
+{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2752]),0},
+{"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff,
+	9,&(lvalues[2761]),0},
+{"serviceLocator","OCSP Service Locator",
+	NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2770]),0},
+{"extendedStatus","Extended OCSP Status",
+	NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2779]),0},
+{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2788]),0},
+{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2797]),0},
+{"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9,
+	&(lvalues[2806]),0},
+{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2815]),0},
+{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2819]),0},
+{"X500algorithms","directory services - algorithms",
+	NID_X500algorithms,2,&(lvalues[2824]),0},
+{"ORG","org",NID_org,1,&(lvalues[2826]),0},
+{"DOD","dod",NID_dod,2,&(lvalues[2827]),0},
+{"IANA","iana",NID_iana,3,&(lvalues[2829]),0},
+{"directory","Directory",NID_Directory,4,&(lvalues[2832]),0},
+{"mgmt","Management",NID_Management,4,&(lvalues[2836]),0},
+{"experimental","Experimental",NID_Experimental,4,&(lvalues[2840]),0},
+{"private","Private",NID_Private,4,&(lvalues[2844]),0},
+{"security","Security",NID_Security,4,&(lvalues[2848]),0},
+{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2852]),0},
+{"Mail","Mail",NID_Mail,4,&(lvalues[2856]),0},
+{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2860]),0},
+{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2865]),0},
+{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2874]),0},
+{"domain","Domain",NID_Domain,10,&(lvalues[2884]),0},
+{"JOINT-ISO-CCITT","joint-iso-ccitt",NID_joint_iso_ccitt,1,
+	&(lvalues[2894]),0},
+{"selected-attribute-types","Selected Attribute Types",
+	NID_selected_attribute_types,3,&(lvalues[2895]),0},
+{"clearance","clearance",NID_clearance,4,&(lvalues[2898]),0},
+{"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9,
+	&(lvalues[2902]),0},
+{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2911]),0},
+{"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8,
+	&(lvalues[2919]),0},
+{"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8,
+	&(lvalues[2927]),0},
+{"role","role",NID_role,3,&(lvalues[2935]),0},
+{"policyConstraints","X509v3 Policy Constraints",
+	NID_policy_constraints,3,&(lvalues[2938]),0},
+{"targetInformation","X509v3 AC Targeting",NID_target_information,3,
+	&(lvalues[2941]),0},
+{"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3,
+	&(lvalues[2944]),0},
+{"CCITT","ccitt",NID_ccitt,1,&(lvalues[2947]),0},
+{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2948]),0},
+{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2953]),0},
+{"characteristic-two-field","characteristic-two-field",
+	NID_X9_62_characteristic_two_field,7,&(lvalues[2960]),0},
+{"id-ecPublicKey","id-ecPublicKey",NID_X9_62_id_ecPublicKey,7,
+	&(lvalues[2967]),0},
+{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2974]),0},
+{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2982]),0},
+{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2990]),0},
+{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[2998]),0},
+{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3006]),0},
+{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3014]),0},
+{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3022]),0},
+{"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7,
+	&(lvalues[3030]),0},
+{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3037]),0},
+{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3046]),0},
+{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3055]),0},
+{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3064]),0},
+{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3073]),0},
+{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3082]),0},
+{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3091]),0},
+{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3100]),0},
+{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3109]),0},
+{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3118]),0},
+{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3127]),0},
+{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3136]),0},
+{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3145]),0},
+{"holdInstructionCode","Hold Instruction Code",
+	NID_hold_instruction_code,3,&(lvalues[3154]),0},
+{"holdInstructionNone","Hold Instruction None",
+	NID_hold_instruction_none,7,&(lvalues[3157]),0},
+{"holdInstructionCallIssuer","Hold Instruction Call Issuer",
+	NID_hold_instruction_call_issuer,7,&(lvalues[3164]),0},
+{"holdInstructionReject","Hold Instruction Reject",
+	NID_hold_instruction_reject,7,&(lvalues[3171]),0},
+{"data","data",NID_data,1,&(lvalues[3178]),0},
+{"pss","pss",NID_pss,3,&(lvalues[3179]),0},
+{"ucl","ucl",NID_ucl,7,&(lvalues[3182]),0},
+{"pilot","pilot",NID_pilot,8,&(lvalues[3189]),0},
+{"pilotAttributeType","pilotAttributeType",NID_pilotAttributeType,9,
+	&(lvalues[3197]),0},
+{"pilotAttributeSyntax","pilotAttributeSyntax",
+	NID_pilotAttributeSyntax,9,&(lvalues[3206]),0},
+{"pilotObjectClass","pilotObjectClass",NID_pilotObjectClass,9,
+	&(lvalues[3215]),0},
+{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3224]),0},
+{"iA5StringSyntax","iA5StringSyntax",NID_iA5StringSyntax,10,
+	&(lvalues[3233]),0},
+{"caseIgnoreIA5StringSyntax","caseIgnoreIA5StringSyntax",
+	NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3243]),0},
+{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3253]),0},
+{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3263]),0},
+{"account","account",NID_account,10,&(lvalues[3273]),0},
+{"document","document",NID_document,10,&(lvalues[3283]),0},
+{"room","room",NID_room,10,&(lvalues[3293]),0},
+{"documentSeries","documentSeries",NID_documentSeries,10,
+	&(lvalues[3303]),0},
+{"rFC822localPart","rFC822localPart",NID_rFC822localPart,10,
+	&(lvalues[3313]),0},
+{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3323]),0},
+{"domainRelatedObject","domainRelatedObject",NID_domainRelatedObject,
+	10,&(lvalues[3333]),0},
+{"friendlyCountry","friendlyCountry",NID_friendlyCountry,10,
+	&(lvalues[3343]),0},
+{"simpleSecurityObject","simpleSecurityObject",
+	NID_simpleSecurityObject,10,&(lvalues[3353]),0},
+{"pilotOrganization","pilotOrganization",NID_pilotOrganization,10,
+	&(lvalues[3363]),0},
+{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3373]),0},
+{"qualityLabelledData","qualityLabelledData",NID_qualityLabelledData,
+	10,&(lvalues[3383]),0},
+{"UID","userId",NID_userId,10,&(lvalues[3393]),0},
+{"textEncodedORAddress","textEncodedORAddress",
+	NID_textEncodedORAddress,10,&(lvalues[3403]),0},
+{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3413]),0},
+{"info","info",NID_info,10,&(lvalues[3423]),0},
+{"favouriteDrink","favouriteDrink",NID_favouriteDrink,10,
+	&(lvalues[3433]),0},
+{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3443]),0},
+{"photo","photo",NID_photo,10,&(lvalues[3453]),0},
+{"userClass","userClass",NID_userClass,10,&(lvalues[3463]),0},
+{"host","host",NID_host,10,&(lvalues[3473]),0},
+{"manager","manager",NID_manager,10,&(lvalues[3483]),0},
+{"documentIdentifier","documentIdentifier",NID_documentIdentifier,10,
+	&(lvalues[3493]),0},
+{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3503]),0},
+{"documentVersion","documentVersion",NID_documentVersion,10,
+	&(lvalues[3513]),0},
+{"documentAuthor","documentAuthor",NID_documentAuthor,10,
+	&(lvalues[3523]),0},
+{"documentLocation","documentLocation",NID_documentLocation,10,
+	&(lvalues[3533]),0},
+{"homeTelephoneNumber","homeTelephoneNumber",NID_homeTelephoneNumber,
+	10,&(lvalues[3543]),0},
+{"secretary","secretary",NID_secretary,10,&(lvalues[3553]),0},
+{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3563]),0},
+{"lastModifiedTime","lastModifiedTime",NID_lastModifiedTime,10,
+	&(lvalues[3573]),0},
+{"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10,
+	&(lvalues[3583]),0},
+{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3593]),0},
+{"pilotAttributeType27","pilotAttributeType27",
+	NID_pilotAttributeType27,10,&(lvalues[3603]),0},
+{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3613]),0},
+{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3623]),0},
+{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3633]),0},
+{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3643]),0},
+{"associatedDomain","associatedDomain",NID_associatedDomain,10,
+	&(lvalues[3653]),0},
+{"associatedName","associatedName",NID_associatedName,10,
+	&(lvalues[3663]),0},
+{"homePostalAddress","homePostalAddress",NID_homePostalAddress,10,
+	&(lvalues[3673]),0},
+{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3683]),0},
+{"mobileTelephoneNumber","mobileTelephoneNumber",
+	NID_mobileTelephoneNumber,10,&(lvalues[3693]),0},
+{"pagerTelephoneNumber","pagerTelephoneNumber",
+	NID_pagerTelephoneNumber,10,&(lvalues[3703]),0},
+{"friendlyCountryName","friendlyCountryName",NID_friendlyCountryName,
+	10,&(lvalues[3713]),0},
+{"organizationalStatus","organizationalStatus",
+	NID_organizationalStatus,10,&(lvalues[3723]),0},
+{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3733]),0},
+{"mailPreferenceOption","mailPreferenceOption",
+	NID_mailPreferenceOption,10,&(lvalues[3743]),0},
+{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3753]),0},
+{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3763]),0},
+{"singleLevelQuality","singleLevelQuality",NID_singleLevelQuality,10,
+	&(lvalues[3773]),0},
+{"subtreeMinimumQuality","subtreeMinimumQuality",
+	NID_subtreeMinimumQuality,10,&(lvalues[3783]),0},
+{"subtreeMaximumQuality","subtreeMaximumQuality",
+	NID_subtreeMaximumQuality,10,&(lvalues[3793]),0},
+{"personalSignature","personalSignature",NID_personalSignature,10,
+	&(lvalues[3803]),0},
+{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3813]),0},
+{"audio","audio",NID_audio,10,&(lvalues[3823]),0},
+{"documentPublisher","documentPublisher",NID_documentPublisher,10,
+	&(lvalues[3833]),0},
+{"id-characteristic-two-basis","id-characteristic-two-basis",
+	NID_X9_62_id_characteristic_two_basis,8,&(lvalues[3843]),0},
+{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[3851]),0},
+{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[3860]),0},
+{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[3869]),0},
+{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[3878]),0},
+{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[3886]),0},
+{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[3894]),0},
+{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[3902]),0},
+{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[3910]),0},
+{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[3918]),0},
+{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[3926]),0},
+{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[3934]),0},
+{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[3942]),0},
+{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[3950]),0},
+{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[3958]),0},
+{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[3966]),0},
+{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[3974]),0},
+{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[3982]),0},
+{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[3990]),0},
+{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[3998]),0},
+{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4006]),0},
+{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4014]),0},
+{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4022]),0},
+{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4030]),0},
+{"identified-organization","identified-organization",
+	NID_identified_organization,1,&(lvalues[4038]),0},
+{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4039]),0},
+{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4042]),0},
+{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4047]),0},
+{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4052]),0},
+{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4057]),0},
+{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4062]),0},
+{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4067]),0},
+{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4072]),0},
+{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4077]),0},
+{NULL,NULL,NID_undef,0,NULL},
+{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4082]),0},
+{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4087]),0},
+{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4092]),0},
+{NULL,NULL,NID_undef,0,NULL},
+{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4097]),0},
+{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4102]),0},
+{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4107]),0},
+{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4112]),0},
+{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4117]),0},
+{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4122]),0},
+{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4127]),0},
+{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4132]),0},
+{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4137]),0},
+{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4142]),0},
+{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4147]),0},
+{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4152]),0},
+{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4157]),0},
+{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4162]),0},
+{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4167]),0},
+{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4172]),0},
+{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4177]),0},
+{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4182]),0},
+{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4187]),0},
+{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4192]),0},
+{"wap","wap",NID_wap,2,&(lvalues[4197]),0},
+{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4199]),0},
+{"wap-wsg-idm-ecid-wtls1","wap-wsg-idm-ecid-wtls1",
+	NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4202]),0},
+{"wap-wsg-idm-ecid-wtls6","wap-wsg-idm-ecid-wtls6",
+	NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4207]),0},
+{"wap-wsg-idm-ecid-wtls8","wap-wsg-idm-ecid-wtls8",
+	NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4212]),0},
+{"wap-wsg-idm-ecid-wtls9","wap-wsg-idm-ecid-wtls9",
+	NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4217]),0},
+{"x500UniqueIdentifier","x500UniqueIdentifier",
+	NID_x500UniqueIdentifier,3,&(lvalues[4222]),0},
+{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[4225]),0},
+{"mime-mhs-headings","mime-mhs-headings",NID_mime_mhs_headings,6,
+	&(lvalues[4230]),0},
+{"mime-mhs-bodies","mime-mhs-bodies",NID_mime_mhs_bodies,6,
+	&(lvalues[4236]),0},
+{"id-hex-partial-message","id-hex-partial-message",
+	NID_id_hex_partial_message,7,&(lvalues[4242]),0},
+{"id-hex-multipart-message","id-hex-multipart-message",
+	NID_id_hex_multipart_message,7,&(lvalues[4249]),0},
+{"generationQualifier","generationQualifier",NID_generationQualifier,
+	3,&(lvalues[4256]),0},
+{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[4259]),0},
+{"id-set","Secure Electronic Transactions",NID_id_set,2,
+	&(lvalues[4262]),0},
+{"set-ctype","content types",NID_set_ctype,3,&(lvalues[4264]),0},
+{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[4267]),0},
+{"set-attr","set-attr",NID_set_attr,3,&(lvalues[4270]),0},
+{"set-policy","set-policy",NID_set_policy,3,&(lvalues[4273]),0},
+{"set-certExt","certificate extensions",NID_set_certExt,3,
+	&(lvalues[4276]),0},
+{"set-brand","set-brand",NID_set_brand,3,&(lvalues[4279]),0},
+{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[4282]),0},
+{"setct-PANToken","setct-PANToken",NID_setct_PANToken,4,
+	&(lvalues[4286]),0},
+{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[4290]),0},
+{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[4294]),0},
+{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[4298]),0},
+{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[4302]),0},
+{"setct-PIDataUnsigned","setct-PIDataUnsigned",
+	NID_setct_PIDataUnsigned,4,&(lvalues[4306]),0},
+{"setct-HODInput","setct-HODInput",NID_setct_HODInput,4,
+	&(lvalues[4310]),0},
+{"setct-AuthResBaggage","setct-AuthResBaggage",
+	NID_setct_AuthResBaggage,4,&(lvalues[4314]),0},
+{"setct-AuthRevReqBaggage","setct-AuthRevReqBaggage",
+	NID_setct_AuthRevReqBaggage,4,&(lvalues[4318]),0},
+{"setct-AuthRevResBaggage","setct-AuthRevResBaggage",
+	NID_setct_AuthRevResBaggage,4,&(lvalues[4322]),0},
+{"setct-CapTokenSeq","setct-CapTokenSeq",NID_setct_CapTokenSeq,4,
+	&(lvalues[4326]),0},
+{"setct-PInitResData","setct-PInitResData",NID_setct_PInitResData,4,
+	&(lvalues[4330]),0},
+{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[4334]),0},
+{"setct-PResData","setct-PResData",NID_setct_PResData,4,
+	&(lvalues[4338]),0},
+{"setct-AuthReqTBS","setct-AuthReqTBS",NID_setct_AuthReqTBS,4,
+	&(lvalues[4342]),0},
+{"setct-AuthResTBS","setct-AuthResTBS",NID_setct_AuthResTBS,4,
+	&(lvalues[4346]),0},
+{"setct-AuthResTBSX","setct-AuthResTBSX",NID_setct_AuthResTBSX,4,
+	&(lvalues[4350]),0},
+{"setct-AuthTokenTBS","setct-AuthTokenTBS",NID_setct_AuthTokenTBS,4,
+	&(lvalues[4354]),0},
+{"setct-CapTokenData","setct-CapTokenData",NID_setct_CapTokenData,4,
+	&(lvalues[4358]),0},
+{"setct-CapTokenTBS","setct-CapTokenTBS",NID_setct_CapTokenTBS,4,
+	&(lvalues[4362]),0},
+{"setct-AcqCardCodeMsg","setct-AcqCardCodeMsg",
+	NID_setct_AcqCardCodeMsg,4,&(lvalues[4366]),0},
+{"setct-AuthRevReqTBS","setct-AuthRevReqTBS",NID_setct_AuthRevReqTBS,
+	4,&(lvalues[4370]),0},
+{"setct-AuthRevResData","setct-AuthRevResData",
+	NID_setct_AuthRevResData,4,&(lvalues[4374]),0},
+{"setct-AuthRevResTBS","setct-AuthRevResTBS",NID_setct_AuthRevResTBS,
+	4,&(lvalues[4378]),0},
+{"setct-CapReqTBS","setct-CapReqTBS",NID_setct_CapReqTBS,4,
+	&(lvalues[4382]),0},
+{"setct-CapReqTBSX","setct-CapReqTBSX",NID_setct_CapReqTBSX,4,
+	&(lvalues[4386]),0},
+{"setct-CapResData","setct-CapResData",NID_setct_CapResData,4,
+	&(lvalues[4390]),0},
+{"setct-CapRevReqTBS","setct-CapRevReqTBS",NID_setct_CapRevReqTBS,4,
+	&(lvalues[4394]),0},
+{"setct-CapRevReqTBSX","setct-CapRevReqTBSX",NID_setct_CapRevReqTBSX,
+	4,&(lvalues[4398]),0},
+{"setct-CapRevResData","setct-CapRevResData",NID_setct_CapRevResData,
+	4,&(lvalues[4402]),0},
+{"setct-CredReqTBS","setct-CredReqTBS",NID_setct_CredReqTBS,4,
+	&(lvalues[4406]),0},
+{"setct-CredReqTBSX","setct-CredReqTBSX",NID_setct_CredReqTBSX,4,
+	&(lvalues[4410]),0},
+{"setct-CredResData","setct-CredResData",NID_setct_CredResData,4,
+	&(lvalues[4414]),0},
+{"setct-CredRevReqTBS","setct-CredRevReqTBS",NID_setct_CredRevReqTBS,
+	4,&(lvalues[4418]),0},
+{"setct-CredRevReqTBSX","setct-CredRevReqTBSX",
+	NID_setct_CredRevReqTBSX,4,&(lvalues[4422]),0},
+{"setct-CredRevResData","setct-CredRevResData",
+	NID_setct_CredRevResData,4,&(lvalues[4426]),0},
+{"setct-PCertReqData","setct-PCertReqData",NID_setct_PCertReqData,4,
+	&(lvalues[4430]),0},
+{"setct-PCertResTBS","setct-PCertResTBS",NID_setct_PCertResTBS,4,
+	&(lvalues[4434]),0},
+{"setct-BatchAdminReqData","setct-BatchAdminReqData",
+	NID_setct_BatchAdminReqData,4,&(lvalues[4438]),0},
+{"setct-BatchAdminResData","setct-BatchAdminResData",
+	NID_setct_BatchAdminResData,4,&(lvalues[4442]),0},
+{"setct-CardCInitResTBS","setct-CardCInitResTBS",
+	NID_setct_CardCInitResTBS,4,&(lvalues[4446]),0},
+{"setct-MeAqCInitResTBS","setct-MeAqCInitResTBS",
+	NID_setct_MeAqCInitResTBS,4,&(lvalues[4450]),0},
+{"setct-RegFormResTBS","setct-RegFormResTBS",NID_setct_RegFormResTBS,
+	4,&(lvalues[4454]),0},
+{"setct-CertReqData","setct-CertReqData",NID_setct_CertReqData,4,
+	&(lvalues[4458]),0},
+{"setct-CertReqTBS","setct-CertReqTBS",NID_setct_CertReqTBS,4,
+	&(lvalues[4462]),0},
+{"setct-CertResData","setct-CertResData",NID_setct_CertResData,4,
+	&(lvalues[4466]),0},
+{"setct-CertInqReqTBS","setct-CertInqReqTBS",NID_setct_CertInqReqTBS,
+	4,&(lvalues[4470]),0},
+{"setct-ErrorTBS","setct-ErrorTBS",NID_setct_ErrorTBS,4,
+	&(lvalues[4474]),0},
+{"setct-PIDualSignedTBE","setct-PIDualSignedTBE",
+	NID_setct_PIDualSignedTBE,4,&(lvalues[4478]),0},
+{"setct-PIUnsignedTBE","setct-PIUnsignedTBE",NID_setct_PIUnsignedTBE,
+	4,&(lvalues[4482]),0},
+{"setct-AuthReqTBE","setct-AuthReqTBE",NID_setct_AuthReqTBE,4,
+	&(lvalues[4486]),0},
+{"setct-AuthResTBE","setct-AuthResTBE",NID_setct_AuthResTBE,4,
+	&(lvalues[4490]),0},
+{"setct-AuthResTBEX","setct-AuthResTBEX",NID_setct_AuthResTBEX,4,
+	&(lvalues[4494]),0},
+{"setct-AuthTokenTBE","setct-AuthTokenTBE",NID_setct_AuthTokenTBE,4,
+	&(lvalues[4498]),0},
+{"setct-CapTokenTBE","setct-CapTokenTBE",NID_setct_CapTokenTBE,4,
+	&(lvalues[4502]),0},
+{"setct-CapTokenTBEX","setct-CapTokenTBEX",NID_setct_CapTokenTBEX,4,
+	&(lvalues[4506]),0},
+{"setct-AcqCardCodeMsgTBE","setct-AcqCardCodeMsgTBE",
+	NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4510]),0},
+{"setct-AuthRevReqTBE","setct-AuthRevReqTBE",NID_setct_AuthRevReqTBE,
+	4,&(lvalues[4514]),0},
+{"setct-AuthRevResTBE","setct-AuthRevResTBE",NID_setct_AuthRevResTBE,
+	4,&(lvalues[4518]),0},
+{"setct-AuthRevResTBEB","setct-AuthRevResTBEB",
+	NID_setct_AuthRevResTBEB,4,&(lvalues[4522]),0},
+{"setct-CapReqTBE","setct-CapReqTBE",NID_setct_CapReqTBE,4,
+	&(lvalues[4526]),0},
+{"setct-CapReqTBEX","setct-CapReqTBEX",NID_setct_CapReqTBEX,4,
+	&(lvalues[4530]),0},
+{"setct-CapResTBE","setct-CapResTBE",NID_setct_CapResTBE,4,
+	&(lvalues[4534]),0},
+{"setct-CapRevReqTBE","setct-CapRevReqTBE",NID_setct_CapRevReqTBE,4,
+	&(lvalues[4538]),0},
+{"setct-CapRevReqTBEX","setct-CapRevReqTBEX",NID_setct_CapRevReqTBEX,
+	4,&(lvalues[4542]),0},
+{"setct-CapRevResTBE","setct-CapRevResTBE",NID_setct_CapRevResTBE,4,
+	&(lvalues[4546]),0},
+{"setct-CredReqTBE","setct-CredReqTBE",NID_setct_CredReqTBE,4,
+	&(lvalues[4550]),0},
+{"setct-CredReqTBEX","setct-CredReqTBEX",NID_setct_CredReqTBEX,4,
+	&(lvalues[4554]),0},
+{"setct-CredResTBE","setct-CredResTBE",NID_setct_CredResTBE,4,
+	&(lvalues[4558]),0},
+{"setct-CredRevReqTBE","setct-CredRevReqTBE",NID_setct_CredRevReqTBE,
+	4,&(lvalues[4562]),0},
+{"setct-CredRevReqTBEX","setct-CredRevReqTBEX",
+	NID_setct_CredRevReqTBEX,4,&(lvalues[4566]),0},
+{"setct-CredRevResTBE","setct-CredRevResTBE",NID_setct_CredRevResTBE,
+	4,&(lvalues[4570]),0},
+{"setct-BatchAdminReqTBE","setct-BatchAdminReqTBE",
+	NID_setct_BatchAdminReqTBE,4,&(lvalues[4574]),0},
+{"setct-BatchAdminResTBE","setct-BatchAdminResTBE",
+	NID_setct_BatchAdminResTBE,4,&(lvalues[4578]),0},
+{"setct-RegFormReqTBE","setct-RegFormReqTBE",NID_setct_RegFormReqTBE,
+	4,&(lvalues[4582]),0},
+{"setct-CertReqTBE","setct-CertReqTBE",NID_setct_CertReqTBE,4,
+	&(lvalues[4586]),0},
+{"setct-CertReqTBEX","setct-CertReqTBEX",NID_setct_CertReqTBEX,4,
+	&(lvalues[4590]),0},
+{"setct-CertResTBE","setct-CertResTBE",NID_setct_CertResTBE,4,
+	&(lvalues[4594]),0},
+{"setct-CRLNotificationTBS","setct-CRLNotificationTBS",
+	NID_setct_CRLNotificationTBS,4,&(lvalues[4598]),0},
+{"setct-CRLNotificationResTBS","setct-CRLNotificationResTBS",
+	NID_setct_CRLNotificationResTBS,4,&(lvalues[4602]),0},
+{"setct-BCIDistributionTBS","setct-BCIDistributionTBS",
+	NID_setct_BCIDistributionTBS,4,&(lvalues[4606]),0},
+{"setext-genCrypt","generic cryptogram",NID_setext_genCrypt,4,
+	&(lvalues[4610]),0},
+{"setext-miAuth","merchant initiated auth",NID_setext_miAuth,4,
+	&(lvalues[4614]),0},
+{"setext-pinSecure","setext-pinSecure",NID_setext_pinSecure,4,
+	&(lvalues[4618]),0},
+{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4622]),0},
+{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4626]),0},
+{"setext-cv","additional verification",NID_setext_cv,4,
+	&(lvalues[4630]),0},
+{"set-policy-root","set-policy-root",NID_set_policy_root,4,
+	&(lvalues[4634]),0},
+{"setCext-hashedRoot","setCext-hashedRoot",NID_setCext_hashedRoot,4,
+	&(lvalues[4638]),0},
+{"setCext-certType","setCext-certType",NID_setCext_certType,4,
+	&(lvalues[4642]),0},
+{"setCext-merchData","setCext-merchData",NID_setCext_merchData,4,
+	&(lvalues[4646]),0},
+{"setCext-cCertRequired","setCext-cCertRequired",
+	NID_setCext_cCertRequired,4,&(lvalues[4650]),0},
+{"setCext-tunneling","setCext-tunneling",NID_setCext_tunneling,4,
+	&(lvalues[4654]),0},
+{"setCext-setExt","setCext-setExt",NID_setCext_setExt,4,
+	&(lvalues[4658]),0},
+{"setCext-setQualf","setCext-setQualf",NID_setCext_setQualf,4,
+	&(lvalues[4662]),0},
+{"setCext-PGWYcapabilities","setCext-PGWYcapabilities",
+	NID_setCext_PGWYcapabilities,4,&(lvalues[4666]),0},
+{"setCext-TokenIdentifier","setCext-TokenIdentifier",
+	NID_setCext_TokenIdentifier,4,&(lvalues[4670]),0},
+{"setCext-Track2Data","setCext-Track2Data",NID_setCext_Track2Data,4,
+	&(lvalues[4674]),0},
+{"setCext-TokenType","setCext-TokenType",NID_setCext_TokenType,4,
+	&(lvalues[4678]),0},
+{"setCext-IssuerCapabilities","setCext-IssuerCapabilities",
+	NID_setCext_IssuerCapabilities,4,&(lvalues[4682]),0},
+{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4686]),0},
+{"setAttr-PGWYcap","payment gateway capabilities",NID_setAttr_PGWYcap,
+	4,&(lvalues[4690]),0},
+{"setAttr-TokenType","setAttr-TokenType",NID_setAttr_TokenType,4,
+	&(lvalues[4694]),0},
+{"setAttr-IssCap","issuer capabilities",NID_setAttr_IssCap,4,
+	&(lvalues[4698]),0},
+{"set-rootKeyThumb","set-rootKeyThumb",NID_set_rootKeyThumb,5,
+	&(lvalues[4702]),0},
+{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4707]),0},
+{"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5,
+	&(lvalues[4712]),0},
+{"setAttr-Token-B0Prime","setAttr-Token-B0Prime",
+	NID_setAttr_Token_B0Prime,5,&(lvalues[4717]),0},
+{"setAttr-IssCap-CVM","setAttr-IssCap-CVM",NID_setAttr_IssCap_CVM,5,
+	&(lvalues[4722]),0},
+{"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5,
+	&(lvalues[4727]),0},
+{"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5,
+	&(lvalues[4732]),0},
+{"setAttr-GenCryptgrm","generate cryptogram",NID_setAttr_GenCryptgrm,
+	6,&(lvalues[4737]),0},
+{"setAttr-T2Enc","encrypted track 2",NID_setAttr_T2Enc,6,
+	&(lvalues[4743]),0},
+{"setAttr-T2cleartxt","cleartext track 2",NID_setAttr_T2cleartxt,6,
+	&(lvalues[4749]),0},
+{"setAttr-TokICCsig","ICC or token signature",NID_setAttr_TokICCsig,6,
+	&(lvalues[4755]),0},
+{"setAttr-SecDevSig","secure device signature",NID_setAttr_SecDevSig,
+	6,&(lvalues[4761]),0},
+{"set-brand-IATA-ATA","set-brand-IATA-ATA",NID_set_brand_IATA_ATA,4,
+	&(lvalues[4767]),0},
+{"set-brand-Diners","set-brand-Diners",NID_set_brand_Diners,4,
+	&(lvalues[4771]),0},
+{"set-brand-AmericanExpress","set-brand-AmericanExpress",
+	NID_set_brand_AmericanExpress,4,&(lvalues[4775]),0},
+{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4779]),0},
+{"set-brand-Visa","set-brand-Visa",NID_set_brand_Visa,4,
+	&(lvalues[4783]),0},
+{"set-brand-MasterCard","set-brand-MasterCard",
+	NID_set_brand_MasterCard,4,&(lvalues[4787]),0},
+{"set-brand-Novus","set-brand-Novus",NID_set_brand_Novus,5,
+	&(lvalues[4791]),0},
+{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4796]),0},
+{"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET",
+	NID_rsaOAEPEncryptionSET,9,&(lvalues[4804]),0},
+{"wap-wsg-idm-ecid-wtls3","wap-wsg-idm-ecid-wtls3",
+	NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4813]),0},
+{"wap-wsg-idm-ecid-wtls4","wap-wsg-idm-ecid-wtls4",
+	NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4818]),0},
+{"wap-wsg-idm-ecid-wtls5","wap-wsg-idm-ecid-wtls5",
+	NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4823]),0},
+{"wap-wsg-idm-ecid-wtls7","wap-wsg-idm-ecid-wtls7",
+	NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4828]),0},
+{"wap-wsg-idm-ecid-wtls10","wap-wsg-idm-ecid-wtls10",
+	NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4833]),0},
+{"wap-wsg-idm-ecid-wtls11","wap-wsg-idm-ecid-wtls11",
+	NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4838]),0},
+{"wap-wsg-idm-ecid-wtls12","wap-wsg-idm-ecid-wtls12",
+	NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4843]),0},
+{"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login,
+	10,&(lvalues[4848]),0},
+{"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10,
+	&(lvalues[4858]),0},
 };
 
 static ASN1_OBJECT *sn_objs[NUM_SN]={
+&(nid_objs[364]),/* "AD_DVCS" */
+&(nid_objs[419]),/* "AES-128-CBC" */
+&(nid_objs[421]),/* "AES-128-CFB" */
+&(nid_objs[418]),/* "AES-128-ECB" */
+&(nid_objs[420]),/* "AES-128-OFB" */
+&(nid_objs[423]),/* "AES-192-CBC" */
+&(nid_objs[425]),/* "AES-192-CFB" */
+&(nid_objs[422]),/* "AES-192-ECB" */
+&(nid_objs[424]),/* "AES-192-OFB" */
+&(nid_objs[427]),/* "AES-256-CBC" */
+&(nid_objs[429]),/* "AES-256-CFB" */
+&(nid_objs[426]),/* "AES-256-ECB" */
+&(nid_objs[428]),/* "AES-256-OFB" */
 &(nid_objs[91]),/* "BF-CBC" */
 &(nid_objs[93]),/* "BF-CFB" */
 &(nid_objs[92]),/* "BF-ECB" */
@@ -348,9 +1904,14 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[110]),/* "CAST5-CFB" */
 &(nid_objs[109]),/* "CAST5-ECB" */
 &(nid_objs[111]),/* "CAST5-OFB" */
+&(nid_objs[404]),/* "CCITT" */
 &(nid_objs[13]),/* "CN" */
-&(nid_objs[107]),/* "D" */
+&(nid_objs[141]),/* "CRLReason" */
+&(nid_objs[417]),/* "CSPName" */
+&(nid_objs[367]),/* "CrlID" */
+&(nid_objs[391]),/* "DC" */
 &(nid_objs[31]),/* "DES-CBC" */
+&(nid_objs[707]),/* "DES-CDMF" */
 &(nid_objs[30]),/* "DES-CFB" */
 &(nid_objs[29]),/* "DES-ECB" */
 &(nid_objs[32]),/* "DES-EDE" */
@@ -363,27 +1924,53 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[63]),/* "DES-EDE3-OFB" */
 &(nid_objs[45]),/* "DES-OFB" */
 &(nid_objs[80]),/* "DESX-CBC" */
+&(nid_objs[380]),/* "DOD" */
 &(nid_objs[116]),/* "DSA" */
 &(nid_objs[66]),/* "DSA-SHA" */
 &(nid_objs[113]),/* "DSA-SHA1" */
 &(nid_objs[70]),/* "DSA-SHA1-old" */
 &(nid_objs[67]),/* "DSA-old" */
-&(nid_objs[48]),/* "Email" */
-&(nid_objs[99]),/* "G" */
-&(nid_objs[101]),/* "I" */
+&(nid_objs[297]),/* "DVCS" */
+&(nid_objs[381]),/* "IANA" */
 &(nid_objs[34]),/* "IDEA-CBC" */
 &(nid_objs[35]),/* "IDEA-CFB" */
 &(nid_objs[36]),/* "IDEA-ECB" */
 &(nid_objs[46]),/* "IDEA-OFB" */
+&(nid_objs[181]),/* "ISO" */
+&(nid_objs[183]),/* "ISO-US" */
+&(nid_objs[393]),/* "JOINT-ISO-CCITT" */
 &(nid_objs[15]),/* "L" */
 &(nid_objs[ 3]),/* "MD2" */
+&(nid_objs[257]),/* "MD4" */
 &(nid_objs[ 4]),/* "MD5" */
 &(nid_objs[114]),/* "MD5-SHA1" */
 &(nid_objs[95]),/* "MDC2" */
+&(nid_objs[388]),/* "Mail" */
 &(nid_objs[57]),/* "Netscape" */
+&(nid_objs[366]),/* "Nonce" */
 &(nid_objs[17]),/* "O" */
+&(nid_objs[178]),/* "OCSP" */
+&(nid_objs[180]),/* "OCSPSigning" */
+&(nid_objs[379]),/* "ORG" */
 &(nid_objs[18]),/* "OU" */
+&(nid_objs[ 9]),/* "PBE-MD2-DES" */
+&(nid_objs[168]),/* "PBE-MD2-RC2-64" */
+&(nid_objs[10]),/* "PBE-MD5-DES" */
+&(nid_objs[169]),/* "PBE-MD5-RC2-64" */
+&(nid_objs[147]),/* "PBE-SHA1-2DES" */
+&(nid_objs[146]),/* "PBE-SHA1-3DES" */
+&(nid_objs[170]),/* "PBE-SHA1-DES" */
+&(nid_objs[148]),/* "PBE-SHA1-RC2-128" */
+&(nid_objs[149]),/* "PBE-SHA1-RC2-40" */
+&(nid_objs[68]),/* "PBE-SHA1-RC2-64" */
+&(nid_objs[144]),/* "PBE-SHA1-RC4-128" */
+&(nid_objs[145]),/* "PBE-SHA1-RC4-40" */
+&(nid_objs[161]),/* "PBES2" */
+&(nid_objs[69]),/* "PBKDF2" */
+&(nid_objs[162]),/* "PBMAC1" */
+&(nid_objs[127]),/* "PKIX" */
 &(nid_objs[98]),/* "RC2-40-CBC" */
+&(nid_objs[166]),/* "RC2-64-CBC" */
 &(nid_objs[37]),/* "RC2-CBC" */
 &(nid_objs[39]),/* "RC2-CFB" */
 &(nid_objs[38]),/* "RC2-ECB" */
@@ -398,6 +1985,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[124]),/* "RLE" */
 &(nid_objs[19]),/* "RSA" */
 &(nid_objs[ 7]),/* "RSA-MD2" */
+&(nid_objs[396]),/* "RSA-MD4" */
 &(nid_objs[ 8]),/* "RSA-MD5" */
 &(nid_objs[96]),/* "RSA-MDC2" */
 &(nid_objs[104]),/* "RSA-NP-MD5" */
@@ -405,23 +1993,329 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[42]),/* "RSA-SHA" */
 &(nid_objs[65]),/* "RSA-SHA1" */
 &(nid_objs[115]),/* "RSA-SHA1-2" */
-&(nid_objs[100]),/* "S" */
 &(nid_objs[41]),/* "SHA" */
 &(nid_objs[64]),/* "SHA1" */
-&(nid_objs[105]),/* "SN" */
+&(nid_objs[188]),/* "SMIME" */
+&(nid_objs[167]),/* "SMIME-CAPS" */
+&(nid_objs[100]),/* "SN" */
 &(nid_objs[16]),/* "ST" */
-&(nid_objs[106]),/* "T" */
-&(nid_objs[102]),/* "UID" */
+&(nid_objs[143]),/* "SXNetID" */
+&(nid_objs[458]),/* "UID" */
 &(nid_objs[ 0]),/* "UNDEF" */
+&(nid_objs[11]),/* "X500" */
+&(nid_objs[378]),/* "X500algorithms" */
+&(nid_objs[12]),/* "X509" */
+&(nid_objs[184]),/* "X9-57" */
+&(nid_objs[185]),/* "X9cm" */
 &(nid_objs[125]),/* "ZLIB" */
+&(nid_objs[478]),/* "aRecord" */
+&(nid_objs[289]),/* "aaControls" */
+&(nid_objs[287]),/* "ac-auditEntity" */
+&(nid_objs[397]),/* "ac-proxying" */
+&(nid_objs[288]),/* "ac-targeting" */
+&(nid_objs[368]),/* "acceptableResponses" */
+&(nid_objs[446]),/* "account" */
+&(nid_objs[363]),/* "ad_timestamping" */
+&(nid_objs[376]),/* "algorithm" */
+&(nid_objs[405]),/* "ansi-X9-62" */
+&(nid_objs[370]),/* "archiveCutoff" */
+&(nid_objs[484]),/* "associatedDomain" */
+&(nid_objs[485]),/* "associatedName" */
+&(nid_objs[501]),/* "audio" */
+&(nid_objs[177]),/* "authorityInfoAccess" */
 &(nid_objs[90]),/* "authorityKeyIdentifier" */
 &(nid_objs[87]),/* "basicConstraints" */
+&(nid_objs[365]),/* "basicOCSPResponse" */
+&(nid_objs[285]),/* "biometricInfo" */
+&(nid_objs[494]),/* "buildingName" */
+&(nid_objs[514]),/* "c2onb191v4" */
+&(nid_objs[515]),/* "c2onb191v5" */
+&(nid_objs[520]),/* "c2onb239v4" */
+&(nid_objs[521]),/* "c2onb239v5" */
+&(nid_objs[507]),/* "c2pnb163v1" */
+&(nid_objs[508]),/* "c2pnb163v2" */
+&(nid_objs[509]),/* "c2pnb163v3" */
+&(nid_objs[510]),/* "c2pnb176v1" */
+&(nid_objs[516]),/* "c2pnb208w1" */
+&(nid_objs[522]),/* "c2pnb272w1" */
+&(nid_objs[523]),/* "c2pnb304w1" */
+&(nid_objs[525]),/* "c2pnb368w1" */
+&(nid_objs[511]),/* "c2tnb191v1" */
+&(nid_objs[512]),/* "c2tnb191v2" */
+&(nid_objs[513]),/* "c2tnb191v3" */
+&(nid_objs[517]),/* "c2tnb239v1" */
+&(nid_objs[518]),/* "c2tnb239v2" */
+&(nid_objs[519]),/* "c2tnb239v3" */
+&(nid_objs[524]),/* "c2tnb359v1" */
+&(nid_objs[526]),/* "c2tnb431r1" */
+&(nid_objs[483]),/* "cNAMERecord" */
+&(nid_objs[179]),/* "caIssuers" */
+&(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */
+&(nid_objs[152]),/* "certBag" */
+&(nid_objs[528]),/* "certicom-arc" */
 &(nid_objs[89]),/* "certificatePolicies" */
+&(nid_objs[54]),/* "challengePassword" */
+&(nid_objs[407]),/* "characteristic-two-field" */
+&(nid_objs[395]),/* "clearance" */
+&(nid_objs[130]),/* "clientAuth" */
+&(nid_objs[131]),/* "codeSigning" */
+&(nid_objs[50]),/* "contentType" */
+&(nid_objs[53]),/* "countersignature" */
+&(nid_objs[153]),/* "crlBag" */
 &(nid_objs[103]),/* "crlDistributionPoints" */
 &(nid_objs[88]),/* "crlNumber" */
+&(nid_objs[500]),/* "dITRedirect" */
+&(nid_objs[451]),/* "dNSDomain" */
+&(nid_objs[495]),/* "dSAQuality" */
+&(nid_objs[434]),/* "data" */
+&(nid_objs[390]),/* "dcobject" */
+&(nid_objs[140]),/* "deltaCRL" */
+&(nid_objs[107]),/* "description" */
+&(nid_objs[28]),/* "dhKeyAgreement" */
+&(nid_objs[382]),/* "directory" */
+&(nid_objs[174]),/* "dnQualifier" */
+&(nid_objs[447]),/* "document" */
+&(nid_objs[471]),/* "documentAuthor" */
+&(nid_objs[468]),/* "documentIdentifier" */
+&(nid_objs[472]),/* "documentLocation" */
+&(nid_objs[502]),/* "documentPublisher" */
+&(nid_objs[449]),/* "documentSeries" */
+&(nid_objs[469]),/* "documentTitle" */
+&(nid_objs[470]),/* "documentVersion" */
+&(nid_objs[392]),/* "domain" */
+&(nid_objs[452]),/* "domainRelatedObject" */
+&(nid_objs[416]),/* "ecdsa-with-SHA1" */
+&(nid_objs[48]),/* "emailAddress" */
+&(nid_objs[132]),/* "emailProtection" */
+&(nid_objs[389]),/* "enterprises" */
+&(nid_objs[384]),/* "experimental" */
+&(nid_objs[172]),/* "extReq" */
+&(nid_objs[56]),/* "extendedCertificateAttributes" */
+&(nid_objs[126]),/* "extendedKeyUsage" */
+&(nid_objs[372]),/* "extendedStatus" */
+&(nid_objs[462]),/* "favouriteDrink" */
+&(nid_objs[453]),/* "friendlyCountry" */
+&(nid_objs[490]),/* "friendlyCountryName" */
+&(nid_objs[156]),/* "friendlyName" */
+&(nid_objs[574]),/* "generationQualifier" */
+&(nid_objs[99]),/* "gn" */
+&(nid_objs[163]),/* "hmacWithSHA1" */
+&(nid_objs[432]),/* "holdInstructionCallIssuer" */
+&(nid_objs[430]),/* "holdInstructionCode" */
+&(nid_objs[431]),/* "holdInstructionNone" */
+&(nid_objs[433]),/* "holdInstructionReject" */
+&(nid_objs[486]),/* "homePostalAddress" */
+&(nid_objs[473]),/* "homeTelephoneNumber" */
+&(nid_objs[466]),/* "host" */
+&(nid_objs[442]),/* "iA5StringSyntax" */
+&(nid_objs[266]),/* "id-aca" */
+&(nid_objs[355]),/* "id-aca-accessIdentity" */
+&(nid_objs[354]),/* "id-aca-authenticationInfo" */
+&(nid_objs[356]),/* "id-aca-chargingIdentity" */
+&(nid_objs[399]),/* "id-aca-encAttrs" */
+&(nid_objs[357]),/* "id-aca-group" */
+&(nid_objs[358]),/* "id-aca-role" */
+&(nid_objs[176]),/* "id-ad" */
+&(nid_objs[262]),/* "id-alg" */
+&(nid_objs[323]),/* "id-alg-des40" */
+&(nid_objs[326]),/* "id-alg-dh-pop" */
+&(nid_objs[325]),/* "id-alg-dh-sig-hmac-sha1" */
+&(nid_objs[324]),/* "id-alg-noSignature" */
+&(nid_objs[268]),/* "id-cct" */
+&(nid_objs[361]),/* "id-cct-PKIData" */
+&(nid_objs[362]),/* "id-cct-PKIResponse" */
+&(nid_objs[360]),/* "id-cct-crs" */
+&(nid_objs[81]),/* "id-ce" */
+&(nid_objs[503]),/* "id-characteristic-two-basis" */
+&(nid_objs[263]),/* "id-cmc" */
+&(nid_objs[334]),/* "id-cmc-addExtensions" */
+&(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */
+&(nid_objs[330]),/* "id-cmc-dataReturn" */
+&(nid_objs[336]),/* "id-cmc-decryptedPOP" */
+&(nid_objs[335]),/* "id-cmc-encryptedPOP" */
+&(nid_objs[339]),/* "id-cmc-getCRL" */
+&(nid_objs[338]),/* "id-cmc-getCert" */
+&(nid_objs[328]),/* "id-cmc-identification" */
+&(nid_objs[329]),/* "id-cmc-identityProof" */
+&(nid_objs[337]),/* "id-cmc-lraPOPWitness" */
+&(nid_objs[344]),/* "id-cmc-popLinkRandom" */
+&(nid_objs[345]),/* "id-cmc-popLinkWitness" */
+&(nid_objs[343]),/* "id-cmc-queryPending" */
+&(nid_objs[333]),/* "id-cmc-recipientNonce" */
+&(nid_objs[341]),/* "id-cmc-regInfo" */
+&(nid_objs[342]),/* "id-cmc-responseInfo" */
+&(nid_objs[340]),/* "id-cmc-revokeRequest" */
+&(nid_objs[332]),/* "id-cmc-senderNonce" */
+&(nid_objs[327]),/* "id-cmc-statusInfo" */
+&(nid_objs[331]),/* "id-cmc-transactionId" */
+&(nid_objs[408]),/* "id-ecPublicKey" */
+&(nid_objs[573]),/* "id-hex-multipart-message" */
+&(nid_objs[572]),/* "id-hex-partial-message" */
+&(nid_objs[260]),/* "id-it" */
+&(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */
+&(nid_objs[298]),/* "id-it-caProtEncCert" */
+&(nid_objs[311]),/* "id-it-confirmWaitTime" */
+&(nid_objs[303]),/* "id-it-currentCRL" */
+&(nid_objs[300]),/* "id-it-encKeyPairTypes" */
+&(nid_objs[310]),/* "id-it-implicitConfirm" */
+&(nid_objs[308]),/* "id-it-keyPairParamRep" */
+&(nid_objs[307]),/* "id-it-keyPairParamReq" */
+&(nid_objs[312]),/* "id-it-origPKIMessage" */
+&(nid_objs[301]),/* "id-it-preferredSymmAlg" */
+&(nid_objs[309]),/* "id-it-revPassphrase" */
+&(nid_objs[299]),/* "id-it-signKeyPairTypes" */
+&(nid_objs[305]),/* "id-it-subscriptionRequest" */
+&(nid_objs[306]),/* "id-it-subscriptionResponse" */
+&(nid_objs[304]),/* "id-it-unsupportedOIDs" */
+&(nid_objs[128]),/* "id-kp" */
+&(nid_objs[280]),/* "id-mod-attribute-cert" */
+&(nid_objs[274]),/* "id-mod-cmc" */
+&(nid_objs[277]),/* "id-mod-cmp" */
+&(nid_objs[284]),/* "id-mod-cmp2000" */
+&(nid_objs[273]),/* "id-mod-crmf" */
+&(nid_objs[283]),/* "id-mod-dvcs" */
+&(nid_objs[275]),/* "id-mod-kea-profile-88" */
+&(nid_objs[276]),/* "id-mod-kea-profile-93" */
+&(nid_objs[282]),/* "id-mod-ocsp" */
+&(nid_objs[278]),/* "id-mod-qualified-cert-88" */
+&(nid_objs[279]),/* "id-mod-qualified-cert-93" */
+&(nid_objs[281]),/* "id-mod-timestamp-protocol" */
+&(nid_objs[264]),/* "id-on" */
+&(nid_objs[347]),/* "id-on-personalData" */
+&(nid_objs[265]),/* "id-pda" */
+&(nid_objs[352]),/* "id-pda-countryOfCitizenship" */
+&(nid_objs[353]),/* "id-pda-countryOfResidence" */
+&(nid_objs[348]),/* "id-pda-dateOfBirth" */
+&(nid_objs[351]),/* "id-pda-gender" */
+&(nid_objs[349]),/* "id-pda-placeOfBirth" */
+&(nid_objs[175]),/* "id-pe" */
+&(nid_objs[261]),/* "id-pkip" */
+&(nid_objs[258]),/* "id-pkix-mod" */
+&(nid_objs[269]),/* "id-pkix1-explicit-88" */
+&(nid_objs[271]),/* "id-pkix1-explicit-93" */
+&(nid_objs[270]),/* "id-pkix1-implicit-88" */
+&(nid_objs[272]),/* "id-pkix1-implicit-93" */
+&(nid_objs[267]),/* "id-qcs" */
+&(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */
+&(nid_objs[259]),/* "id-qt" */
+&(nid_objs[164]),/* "id-qt-cps" */
+&(nid_objs[165]),/* "id-qt-unotice" */
+&(nid_objs[313]),/* "id-regCtrl" */
+&(nid_objs[316]),/* "id-regCtrl-authenticator" */
+&(nid_objs[319]),/* "id-regCtrl-oldCertID" */
+&(nid_objs[318]),/* "id-regCtrl-pkiArchiveOptions" */
+&(nid_objs[317]),/* "id-regCtrl-pkiPublicationInfo" */
+&(nid_objs[320]),/* "id-regCtrl-protocolEncrKey" */
+&(nid_objs[315]),/* "id-regCtrl-regToken" */
+&(nid_objs[314]),/* "id-regInfo" */
+&(nid_objs[322]),/* "id-regInfo-certReq" */
+&(nid_objs[321]),/* "id-regInfo-utf8Pairs" */
+&(nid_objs[576]),/* "id-set" */
+&(nid_objs[191]),/* "id-smime-aa" */
+&(nid_objs[215]),/* "id-smime-aa-contentHint" */
+&(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */
+&(nid_objs[221]),/* "id-smime-aa-contentReference" */
+&(nid_objs[240]),/* "id-smime-aa-dvcs-dvc" */
+&(nid_objs[217]),/* "id-smime-aa-encapContentType" */
+&(nid_objs[222]),/* "id-smime-aa-encrypKeyPref" */
+&(nid_objs[220]),/* "id-smime-aa-equivalentLabels" */
+&(nid_objs[232]),/* "id-smime-aa-ets-CertificateRefs" */
+&(nid_objs[233]),/* "id-smime-aa-ets-RevocationRefs" */
+&(nid_objs[238]),/* "id-smime-aa-ets-archiveTimeStamp" */
+&(nid_objs[237]),/* "id-smime-aa-ets-certCRLTimestamp" */
+&(nid_objs[234]),/* "id-smime-aa-ets-certValues" */
+&(nid_objs[227]),/* "id-smime-aa-ets-commitmentType" */
+&(nid_objs[231]),/* "id-smime-aa-ets-contentTimestamp" */
+&(nid_objs[236]),/* "id-smime-aa-ets-escTimeStamp" */
+&(nid_objs[230]),/* "id-smime-aa-ets-otherSigCert" */
+&(nid_objs[235]),/* "id-smime-aa-ets-revocationValues" */
+&(nid_objs[226]),/* "id-smime-aa-ets-sigPolicyId" */
+&(nid_objs[229]),/* "id-smime-aa-ets-signerAttr" */
+&(nid_objs[228]),/* "id-smime-aa-ets-signerLocation" */
+&(nid_objs[219]),/* "id-smime-aa-macValue" */
+&(nid_objs[214]),/* "id-smime-aa-mlExpandHistory" */
+&(nid_objs[216]),/* "id-smime-aa-msgSigDigest" */
+&(nid_objs[212]),/* "id-smime-aa-receiptRequest" */
+&(nid_objs[213]),/* "id-smime-aa-securityLabel" */
+&(nid_objs[239]),/* "id-smime-aa-signatureType" */
+&(nid_objs[223]),/* "id-smime-aa-signingCertificate" */
+&(nid_objs[224]),/* "id-smime-aa-smimeEncryptCerts" */
+&(nid_objs[225]),/* "id-smime-aa-timeStampToken" */
+&(nid_objs[192]),/* "id-smime-alg" */
+&(nid_objs[243]),/* "id-smime-alg-3DESwrap" */
+&(nid_objs[246]),/* "id-smime-alg-CMS3DESwrap" */
+&(nid_objs[247]),/* "id-smime-alg-CMSRC2wrap" */
+&(nid_objs[245]),/* "id-smime-alg-ESDH" */
+&(nid_objs[241]),/* "id-smime-alg-ESDHwith3DES" */
+&(nid_objs[242]),/* "id-smime-alg-ESDHwithRC2" */
+&(nid_objs[244]),/* "id-smime-alg-RC2wrap" */
+&(nid_objs[193]),/* "id-smime-cd" */
+&(nid_objs[248]),/* "id-smime-cd-ldap" */
+&(nid_objs[190]),/* "id-smime-ct" */
+&(nid_objs[210]),/* "id-smime-ct-DVCSRequestData" */
+&(nid_objs[211]),/* "id-smime-ct-DVCSResponseData" */
+&(nid_objs[208]),/* "id-smime-ct-TDTInfo" */
+&(nid_objs[207]),/* "id-smime-ct-TSTInfo" */
+&(nid_objs[205]),/* "id-smime-ct-authData" */
+&(nid_objs[209]),/* "id-smime-ct-contentInfo" */
+&(nid_objs[206]),/* "id-smime-ct-publishCert" */
+&(nid_objs[204]),/* "id-smime-ct-receipt" */
+&(nid_objs[195]),/* "id-smime-cti" */
+&(nid_objs[255]),/* "id-smime-cti-ets-proofOfApproval" */
+&(nid_objs[256]),/* "id-smime-cti-ets-proofOfCreation" */
+&(nid_objs[253]),/* "id-smime-cti-ets-proofOfDelivery" */
+&(nid_objs[251]),/* "id-smime-cti-ets-proofOfOrigin" */
+&(nid_objs[252]),/* "id-smime-cti-ets-proofOfReceipt" */
+&(nid_objs[254]),/* "id-smime-cti-ets-proofOfSender" */
+&(nid_objs[189]),/* "id-smime-mod" */
+&(nid_objs[196]),/* "id-smime-mod-cms" */
+&(nid_objs[197]),/* "id-smime-mod-ess" */
+&(nid_objs[202]),/* "id-smime-mod-ets-eSigPolicy-88" */
+&(nid_objs[203]),/* "id-smime-mod-ets-eSigPolicy-97" */
+&(nid_objs[200]),/* "id-smime-mod-ets-eSignature-88" */
+&(nid_objs[201]),/* "id-smime-mod-ets-eSignature-97" */
+&(nid_objs[199]),/* "id-smime-mod-msg-v3" */
+&(nid_objs[198]),/* "id-smime-mod-oid" */
+&(nid_objs[194]),/* "id-smime-spq" */
+&(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */
+&(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */
+&(nid_objs[527]),/* "identified-organization" */
+&(nid_objs[461]),/* "info" */
+&(nid_objs[101]),/* "initials" */
+&(nid_objs[142]),/* "invalidityDate" */
+&(nid_objs[294]),/* "ipsecEndSystem" */
+&(nid_objs[295]),/* "ipsecTunnel" */
+&(nid_objs[296]),/* "ipsecUser" */
 &(nid_objs[86]),/* "issuerAltName" */
+&(nid_objs[492]),/* "janetMailbox" */
+&(nid_objs[150]),/* "keyBag" */
 &(nid_objs[83]),/* "keyUsage" */
-&(nid_objs[81]),/* "ld-ce" */
+&(nid_objs[477]),/* "lastModifiedBy" */
+&(nid_objs[476]),/* "lastModifiedTime" */
+&(nid_objs[157]),/* "localKeyID" */
+&(nid_objs[480]),/* "mXRecord" */
+&(nid_objs[460]),/* "mail" */
+&(nid_objs[493]),/* "mailPreferenceOption" */
+&(nid_objs[467]),/* "manager" */
+&(nid_objs[182]),/* "member-body" */
+&(nid_objs[51]),/* "messageDigest" */
+&(nid_objs[383]),/* "mgmt" */
+&(nid_objs[569]),/* "mime-mhs" */
+&(nid_objs[571]),/* "mime-mhs-bodies" */
+&(nid_objs[570]),/* "mime-mhs-headings" */
+&(nid_objs[488]),/* "mobileTelephoneNumber" */
+&(nid_objs[136]),/* "msCTLSign" */
+&(nid_objs[135]),/* "msCodeCom" */
+&(nid_objs[134]),/* "msCodeInd" */
+&(nid_objs[138]),/* "msEFS" */
+&(nid_objs[171]),/* "msExtReq" */
+&(nid_objs[137]),/* "msSGC" */
+&(nid_objs[716]),/* "msSmartcardLogin" */
+&(nid_objs[717]),/* "msUPN" */
+&(nid_objs[481]),/* "nSRecord" */
+&(nid_objs[173]),/* "name" */
+&(nid_objs[369]),/* "noCheck" */
+&(nid_objs[403]),/* "noRevAvail" */
 &(nid_objs[72]),/* "nsBaseUrl" */
 &(nid_objs[76]),/* "nsCaPolicyUrl" */
 &(nid_objs[74]),/* "nsCaRevocationUrl" */
@@ -432,13 +2326,316 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[59]),/* "nsDataType" */
 &(nid_objs[75]),/* "nsRenewalUrl" */
 &(nid_objs[73]),/* "nsRevocationUrl" */
+&(nid_objs[139]),/* "nsSGC" */
 &(nid_objs[77]),/* "nsSslServerName" */
+&(nid_objs[504]),/* "onBasis" */
+&(nid_objs[491]),/* "organizationalStatus" */
+&(nid_objs[475]),/* "otherMailbox" */
+&(nid_objs[489]),/* "pagerTelephoneNumber" */
+&(nid_objs[374]),/* "path" */
+&(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */
+&(nid_objs[499]),/* "personalSignature" */
+&(nid_objs[487]),/* "personalTitle" */
+&(nid_objs[464]),/* "photo" */
+&(nid_objs[437]),/* "pilot" */
+&(nid_objs[439]),/* "pilotAttributeSyntax" */
+&(nid_objs[438]),/* "pilotAttributeType" */
+&(nid_objs[479]),/* "pilotAttributeType27" */
+&(nid_objs[456]),/* "pilotDSA" */
+&(nid_objs[441]),/* "pilotGroups" */
+&(nid_objs[444]),/* "pilotObject" */
+&(nid_objs[440]),/* "pilotObjectClass" */
+&(nid_objs[455]),/* "pilotOrganization" */
+&(nid_objs[445]),/* "pilotPerson" */
+&(nid_objs[ 2]),/* "pkcs" */
+&(nid_objs[186]),/* "pkcs1" */
+&(nid_objs[27]),/* "pkcs3" */
+&(nid_objs[187]),/* "pkcs5" */
+&(nid_objs[20]),/* "pkcs7" */
+&(nid_objs[21]),/* "pkcs7-data" */
+&(nid_objs[25]),/* "pkcs7-digestData" */
+&(nid_objs[26]),/* "pkcs7-encryptedData" */
+&(nid_objs[23]),/* "pkcs7-envelopedData" */
+&(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */
+&(nid_objs[22]),/* "pkcs7-signedData" */
+&(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */
+&(nid_objs[47]),/* "pkcs9" */
+&(nid_objs[401]),/* "policyConstraints" */
+&(nid_objs[506]),/* "ppBasis" */
+&(nid_objs[406]),/* "prime-field" */
+&(nid_objs[409]),/* "prime192v1" */
+&(nid_objs[410]),/* "prime192v2" */
+&(nid_objs[411]),/* "prime192v3" */
+&(nid_objs[412]),/* "prime239v1" */
+&(nid_objs[413]),/* "prime239v2" */
+&(nid_objs[414]),/* "prime239v3" */
+&(nid_objs[415]),/* "prime256v1" */
+&(nid_objs[385]),/* "private" */
 &(nid_objs[84]),/* "privateKeyUsagePeriod" */
+&(nid_objs[575]),/* "pseudonym" */
+&(nid_objs[435]),/* "pss" */
+&(nid_objs[286]),/* "qcStatements" */
+&(nid_objs[457]),/* "qualityLabelledData" */
+&(nid_objs[450]),/* "rFC822localPart" */
+&(nid_objs[400]),/* "role" */
+&(nid_objs[448]),/* "room" */
+&(nid_objs[463]),/* "roomNumber" */
+&(nid_objs[ 6]),/* "rsaEncryption" */
+&(nid_objs[708]),/* "rsaOAEPEncryptionSET" */
+&(nid_objs[377]),/* "rsaSignature" */
+&(nid_objs[ 1]),/* "rsadsi" */
+&(nid_objs[482]),/* "sOARecord" */
+&(nid_objs[155]),/* "safeContentsBag" */
+&(nid_objs[291]),/* "sbqp-autonomousSysNum" */
+&(nid_objs[290]),/* "sbqp-ipAddrBlock" */
+&(nid_objs[292]),/* "sbqp-routerIdentifier" */
+&(nid_objs[159]),/* "sdsiCertificate" */
+&(nid_objs[529]),/* "secp112r1" */
+&(nid_objs[530]),/* "secp112r2" */
+&(nid_objs[531]),/* "secp128r1" */
+&(nid_objs[532]),/* "secp128r2" */
+&(nid_objs[533]),/* "secp160k1" */
+&(nid_objs[534]),/* "secp160r1" */
+&(nid_objs[535]),/* "secp160r2" */
+&(nid_objs[536]),/* "secp192k1" */
+&(nid_objs[538]),/* "secp224k1" */
+&(nid_objs[539]),/* "secp224r1" */
+&(nid_objs[540]),/* "secp256k1" */
+&(nid_objs[542]),/* "secp384r1" */
+&(nid_objs[543]),/* "secp521r1" */
+&(nid_objs[154]),/* "secretBag" */
+&(nid_objs[474]),/* "secretary" */
+&(nid_objs[544]),/* "sect113r1" */
+&(nid_objs[545]),/* "sect113r2" */
+&(nid_objs[546]),/* "sect131r1" */
+&(nid_objs[547]),/* "sect131r2" */
+&(nid_objs[548]),/* "sect163k1" */
+&(nid_objs[549]),/* "sect163r1" */
+&(nid_objs[550]),/* "sect163r2" */
+&(nid_objs[551]),/* "sect193r1" */
+&(nid_objs[552]),/* "sect193r2" */
+&(nid_objs[553]),/* "sect233k1" */
+&(nid_objs[554]),/* "sect233r1" */
+&(nid_objs[555]),/* "sect239k1" */
+&(nid_objs[556]),/* "sect283k1" */
+&(nid_objs[557]),/* "sect283r1" */
+&(nid_objs[558]),/* "sect409k1" */
+&(nid_objs[559]),/* "sect409r1" */
+&(nid_objs[560]),/* "sect571k1" */
+&(nid_objs[561]),/* "sect571r1" */
+&(nid_objs[386]),/* "security" */
+&(nid_objs[394]),/* "selected-attribute-types" */
+&(nid_objs[105]),/* "serialNumber" */
+&(nid_objs[129]),/* "serverAuth" */
+&(nid_objs[371]),/* "serviceLocator" */
+&(nid_objs[689]),/* "set-addPolicy" */
+&(nid_objs[579]),/* "set-attr" */
+&(nid_objs[582]),/* "set-brand" */
+&(nid_objs[702]),/* "set-brand-AmericanExpress" */
+&(nid_objs[701]),/* "set-brand-Diners" */
+&(nid_objs[700]),/* "set-brand-IATA-ATA" */
+&(nid_objs[703]),/* "set-brand-JCB" */
+&(nid_objs[705]),/* "set-brand-MasterCard" */
+&(nid_objs[706]),/* "set-brand-Novus" */
+&(nid_objs[704]),/* "set-brand-Visa" */
+&(nid_objs[581]),/* "set-certExt" */
+&(nid_objs[577]),/* "set-ctype" */
+&(nid_objs[578]),/* "set-msgExt" */
+&(nid_objs[580]),/* "set-policy" */
+&(nid_objs[671]),/* "set-policy-root" */
+&(nid_objs[688]),/* "set-rootKeyThumb" */
+&(nid_objs[684]),/* "setAttr-Cert" */
+&(nid_objs[695]),/* "setAttr-GenCryptgrm" */
+&(nid_objs[687]),/* "setAttr-IssCap" */
+&(nid_objs[692]),/* "setAttr-IssCap-CVM" */
+&(nid_objs[694]),/* "setAttr-IssCap-Sig" */
+&(nid_objs[693]),/* "setAttr-IssCap-T2" */
+&(nid_objs[685]),/* "setAttr-PGWYcap" */
+&(nid_objs[699]),/* "setAttr-SecDevSig" */
+&(nid_objs[696]),/* "setAttr-T2Enc" */
+&(nid_objs[697]),/* "setAttr-T2cleartxt" */
+&(nid_objs[698]),/* "setAttr-TokICCsig" */
+&(nid_objs[691]),/* "setAttr-Token-B0Prime" */
+&(nid_objs[690]),/* "setAttr-Token-EMV" */
+&(nid_objs[686]),/* "setAttr-TokenType" */
+&(nid_objs[683]),/* "setCext-IssuerCapabilities" */
+&(nid_objs[679]),/* "setCext-PGWYcapabilities" */
+&(nid_objs[680]),/* "setCext-TokenIdentifier" */
+&(nid_objs[682]),/* "setCext-TokenType" */
+&(nid_objs[681]),/* "setCext-Track2Data" */
+&(nid_objs[675]),/* "setCext-cCertRequired" */
+&(nid_objs[673]),/* "setCext-certType" */
+&(nid_objs[672]),/* "setCext-hashedRoot" */
+&(nid_objs[674]),/* "setCext-merchData" */
+&(nid_objs[677]),/* "setCext-setExt" */
+&(nid_objs[678]),/* "setCext-setQualf" */
+&(nid_objs[676]),/* "setCext-tunneling" */
+&(nid_objs[604]),/* "setct-AcqCardCodeMsg" */
+&(nid_objs[640]),/* "setct-AcqCardCodeMsgTBE" */
+&(nid_objs[634]),/* "setct-AuthReqTBE" */
+&(nid_objs[598]),/* "setct-AuthReqTBS" */
+&(nid_objs[591]),/* "setct-AuthResBaggage" */
+&(nid_objs[635]),/* "setct-AuthResTBE" */
+&(nid_objs[636]),/* "setct-AuthResTBEX" */
+&(nid_objs[599]),/* "setct-AuthResTBS" */
+&(nid_objs[600]),/* "setct-AuthResTBSX" */
+&(nid_objs[592]),/* "setct-AuthRevReqBaggage" */
+&(nid_objs[641]),/* "setct-AuthRevReqTBE" */
+&(nid_objs[605]),/* "setct-AuthRevReqTBS" */
+&(nid_objs[593]),/* "setct-AuthRevResBaggage" */
+&(nid_objs[606]),/* "setct-AuthRevResData" */
+&(nid_objs[642]),/* "setct-AuthRevResTBE" */
+&(nid_objs[643]),/* "setct-AuthRevResTBEB" */
+&(nid_objs[607]),/* "setct-AuthRevResTBS" */
+&(nid_objs[637]),/* "setct-AuthTokenTBE" */
+&(nid_objs[601]),/* "setct-AuthTokenTBS" */
+&(nid_objs[664]),/* "setct-BCIDistributionTBS" */
+&(nid_objs[622]),/* "setct-BatchAdminReqData" */
+&(nid_objs[656]),/* "setct-BatchAdminReqTBE" */
+&(nid_objs[623]),/* "setct-BatchAdminResData" */
+&(nid_objs[657]),/* "setct-BatchAdminResTBE" */
+&(nid_objs[663]),/* "setct-CRLNotificationResTBS" */
+&(nid_objs[662]),/* "setct-CRLNotificationTBS" */
+&(nid_objs[644]),/* "setct-CapReqTBE" */
+&(nid_objs[645]),/* "setct-CapReqTBEX" */
+&(nid_objs[608]),/* "setct-CapReqTBS" */
+&(nid_objs[609]),/* "setct-CapReqTBSX" */
+&(nid_objs[610]),/* "setct-CapResData" */
+&(nid_objs[646]),/* "setct-CapResTBE" */
+&(nid_objs[647]),/* "setct-CapRevReqTBE" */
+&(nid_objs[648]),/* "setct-CapRevReqTBEX" */
+&(nid_objs[611]),/* "setct-CapRevReqTBS" */
+&(nid_objs[612]),/* "setct-CapRevReqTBSX" */
+&(nid_objs[613]),/* "setct-CapRevResData" */
+&(nid_objs[649]),/* "setct-CapRevResTBE" */
+&(nid_objs[602]),/* "setct-CapTokenData" */
+&(nid_objs[594]),/* "setct-CapTokenSeq" */
+&(nid_objs[638]),/* "setct-CapTokenTBE" */
+&(nid_objs[639]),/* "setct-CapTokenTBEX" */
+&(nid_objs[603]),/* "setct-CapTokenTBS" */
+&(nid_objs[624]),/* "setct-CardCInitResTBS" */
+&(nid_objs[630]),/* "setct-CertInqReqTBS" */
+&(nid_objs[627]),/* "setct-CertReqData" */
+&(nid_objs[659]),/* "setct-CertReqTBE" */
+&(nid_objs[660]),/* "setct-CertReqTBEX" */
+&(nid_objs[628]),/* "setct-CertReqTBS" */
+&(nid_objs[629]),/* "setct-CertResData" */
+&(nid_objs[661]),/* "setct-CertResTBE" */
+&(nid_objs[650]),/* "setct-CredReqTBE" */
+&(nid_objs[651]),/* "setct-CredReqTBEX" */
+&(nid_objs[614]),/* "setct-CredReqTBS" */
+&(nid_objs[615]),/* "setct-CredReqTBSX" */
+&(nid_objs[616]),/* "setct-CredResData" */
+&(nid_objs[652]),/* "setct-CredResTBE" */
+&(nid_objs[653]),/* "setct-CredRevReqTBE" */
+&(nid_objs[654]),/* "setct-CredRevReqTBEX" */
+&(nid_objs[617]),/* "setct-CredRevReqTBS" */
+&(nid_objs[618]),/* "setct-CredRevReqTBSX" */
+&(nid_objs[619]),/* "setct-CredRevResData" */
+&(nid_objs[655]),/* "setct-CredRevResTBE" */
+&(nid_objs[631]),/* "setct-ErrorTBS" */
+&(nid_objs[590]),/* "setct-HODInput" */
+&(nid_objs[625]),/* "setct-MeAqCInitResTBS" */
+&(nid_objs[586]),/* "setct-OIData" */
+&(nid_objs[583]),/* "setct-PANData" */
+&(nid_objs[585]),/* "setct-PANOnly" */
+&(nid_objs[584]),/* "setct-PANToken" */
+&(nid_objs[620]),/* "setct-PCertReqData" */
+&(nid_objs[621]),/* "setct-PCertResTBS" */
+&(nid_objs[587]),/* "setct-PI" */
+&(nid_objs[596]),/* "setct-PI-TBS" */
+&(nid_objs[588]),/* "setct-PIData" */
+&(nid_objs[589]),/* "setct-PIDataUnsigned" */
+&(nid_objs[632]),/* "setct-PIDualSignedTBE" */
+&(nid_objs[633]),/* "setct-PIUnsignedTBE" */
+&(nid_objs[595]),/* "setct-PInitResData" */
+&(nid_objs[597]),/* "setct-PResData" */
+&(nid_objs[658]),/* "setct-RegFormReqTBE" */
+&(nid_objs[626]),/* "setct-RegFormResTBS" */
+&(nid_objs[670]),/* "setext-cv" */
+&(nid_objs[665]),/* "setext-genCrypt" */
+&(nid_objs[666]),/* "setext-miAuth" */
+&(nid_objs[668]),/* "setext-pinAny" */
+&(nid_objs[667]),/* "setext-pinSecure" */
+&(nid_objs[669]),/* "setext-track2" */
+&(nid_objs[52]),/* "signingTime" */
+&(nid_objs[454]),/* "simpleSecurityObject" */
+&(nid_objs[496]),/* "singleLevelQuality" */
+&(nid_objs[387]),/* "snmpv2" */
 &(nid_objs[85]),/* "subjectAltName" */
+&(nid_objs[398]),/* "subjectInfoAccess" */
 &(nid_objs[82]),/* "subjectKeyIdentifier" */
+&(nid_objs[498]),/* "subtreeMaximumQuality" */
+&(nid_objs[497]),/* "subtreeMinimumQuality" */
+&(nid_objs[402]),/* "targetInformation" */
+&(nid_objs[459]),/* "textEncodedORAddress" */
+&(nid_objs[293]),/* "textNotice" */
+&(nid_objs[133]),/* "timeStamping" */
+&(nid_objs[106]),/* "title" */
+&(nid_objs[505]),/* "tpBasis" */
+&(nid_objs[375]),/* "trustRoot" */
+&(nid_objs[436]),/* "ucl" */
+&(nid_objs[55]),/* "unstructuredAddress" */
+&(nid_objs[49]),/* "unstructuredName" */
+&(nid_objs[465]),/* "userClass" */
+&(nid_objs[373]),/* "valid" */
+&(nid_objs[562]),/* "wap" */
+&(nid_objs[563]),/* "wap-wsg" */
+&(nid_objs[564]),/* "wap-wsg-idm-ecid-wtls1" */
+&(nid_objs[713]),/* "wap-wsg-idm-ecid-wtls10" */
+&(nid_objs[714]),/* "wap-wsg-idm-ecid-wtls11" */
+&(nid_objs[715]),/* "wap-wsg-idm-ecid-wtls12" */
+&(nid_objs[709]),/* "wap-wsg-idm-ecid-wtls3" */
+&(nid_objs[710]),/* "wap-wsg-idm-ecid-wtls4" */
+&(nid_objs[711]),/* "wap-wsg-idm-ecid-wtls5" */
+&(nid_objs[565]),/* "wap-wsg-idm-ecid-wtls6" */
+&(nid_objs[712]),/* "wap-wsg-idm-ecid-wtls7" */
+&(nid_objs[566]),/* "wap-wsg-idm-ecid-wtls8" */
+&(nid_objs[567]),/* "wap-wsg-idm-ecid-wtls9" */
+&(nid_objs[568]),/* "x500UniqueIdentifier" */
+&(nid_objs[158]),/* "x509Certificate" */
+&(nid_objs[160]),/* "x509Crl" */
 };
 
 static ASN1_OBJECT *ln_objs[NUM_LN]={
+&(nid_objs[363]),/* "AD Time Stamping" */
+&(nid_objs[405]),/* "ANSI X9.62" */
+&(nid_objs[368]),/* "Acceptable OCSP Responses" */
+&(nid_objs[177]),/* "Authority Information Access" */
+&(nid_objs[365]),/* "Basic OCSP Response" */
+&(nid_objs[285]),/* "Biometric Info" */
+&(nid_objs[179]),/* "CA Issuers" */
+&(nid_objs[131]),/* "Code Signing" */
+&(nid_objs[382]),/* "Directory" */
+&(nid_objs[392]),/* "Domain" */
+&(nid_objs[132]),/* "E-mail Protection" */
+&(nid_objs[389]),/* "Enterprises" */
+&(nid_objs[384]),/* "Experimental" */
+&(nid_objs[372]),/* "Extended OCSP Status" */
+&(nid_objs[172]),/* "Extension Request" */
+&(nid_objs[432]),/* "Hold Instruction Call Issuer" */
+&(nid_objs[430]),/* "Hold Instruction Code" */
+&(nid_objs[431]),/* "Hold Instruction None" */
+&(nid_objs[433]),/* "Hold Instruction Reject" */
+&(nid_objs[698]),/* "ICC or token signature" */
+&(nid_objs[294]),/* "IPSec End System" */
+&(nid_objs[295]),/* "IPSec Tunnel" */
+&(nid_objs[296]),/* "IPSec User" */
+&(nid_objs[182]),/* "ISO Member Body" */
+&(nid_objs[183]),/* "ISO US Member Body" */
+&(nid_objs[142]),/* "Invalidity Date" */
+&(nid_objs[569]),/* "MIME MHS" */
+&(nid_objs[388]),/* "Mail" */
+&(nid_objs[383]),/* "Management" */
+&(nid_objs[417]),/* "Microsoft CSP Name" */
+&(nid_objs[135]),/* "Microsoft Commercial Code Signing" */
+&(nid_objs[138]),/* "Microsoft Encrypted File System" */
+&(nid_objs[171]),/* "Microsoft Extension Request" */
+&(nid_objs[134]),/* "Microsoft Individual Code Signing" */
+&(nid_objs[137]),/* "Microsoft Server Gated Crypto" */
+&(nid_objs[716]),/* "Microsoft Smartcardlogin" */
+&(nid_objs[136]),/* "Microsoft Trust List Signing" */
+&(nid_objs[717]),/* "Microsoft Universal Principal Name" */
 &(nid_objs[72]),/* "Netscape Base Url" */
 &(nid_objs[76]),/* "Netscape CA Policy Url" */
 &(nid_objs[74]),/* "Netscape CA Revocation Url" */
@@ -451,32 +2648,130 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[75]),/* "Netscape Renewal Url" */
 &(nid_objs[73]),/* "Netscape Revocation Url" */
 &(nid_objs[77]),/* "Netscape SSL Server Name" */
-&(nid_objs[11]),/* "X500" */
+&(nid_objs[139]),/* "Netscape Server Gated Crypto" */
+&(nid_objs[178]),/* "OCSP" */
+&(nid_objs[370]),/* "OCSP Archive Cutoff" */
+&(nid_objs[367]),/* "OCSP CRL ID" */
+&(nid_objs[369]),/* "OCSP No Check" */
+&(nid_objs[366]),/* "OCSP Nonce" */
+&(nid_objs[371]),/* "OCSP Service Locator" */
+&(nid_objs[180]),/* "OCSP Signing" */
+&(nid_objs[161]),/* "PBES2" */
+&(nid_objs[69]),/* "PBKDF2" */
+&(nid_objs[162]),/* "PBMAC1" */
+&(nid_objs[127]),/* "PKIX" */
+&(nid_objs[164]),/* "Policy Qualifier CPS" */
+&(nid_objs[165]),/* "Policy Qualifier User Notice" */
+&(nid_objs[385]),/* "Private" */
+&(nid_objs[ 1]),/* "RSA Data Security, Inc." */
+&(nid_objs[ 2]),/* "RSA Data Security, Inc. PKCS" */
+&(nid_objs[188]),/* "S/MIME" */
+&(nid_objs[167]),/* "S/MIME Capabilities" */
+&(nid_objs[387]),/* "SNMPv2" */
+&(nid_objs[576]),/* "Secure Electronic Transactions" */
+&(nid_objs[386]),/* "Security" */
+&(nid_objs[394]),/* "Selected Attribute Types" */
+&(nid_objs[143]),/* "Strong Extranet ID" */
+&(nid_objs[398]),/* "Subject Information Access" */
+&(nid_objs[130]),/* "TLS Web Client Authentication" */
+&(nid_objs[129]),/* "TLS Web Server Authentication" */
+&(nid_objs[133]),/* "Time Stamping" */
+&(nid_objs[375]),/* "Trust Root" */
 &(nid_objs[12]),/* "X509" */
+&(nid_objs[402]),/* "X509v3 AC Targeting" */
 &(nid_objs[90]),/* "X509v3 Authority Key Identifier" */
 &(nid_objs[87]),/* "X509v3 Basic Constraints" */
 &(nid_objs[103]),/* "X509v3 CRL Distribution Points" */
 &(nid_objs[88]),/* "X509v3 CRL Number" */
+&(nid_objs[141]),/* "X509v3 CRL Reason Code" */
 &(nid_objs[89]),/* "X509v3 Certificate Policies" */
+&(nid_objs[140]),/* "X509v3 Delta CRL Indicator" */
+&(nid_objs[126]),/* "X509v3 Extended Key Usage" */
 &(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
 &(nid_objs[83]),/* "X509v3 Key Usage" */
+&(nid_objs[403]),/* "X509v3 No Revocation Available" */
+&(nid_objs[401]),/* "X509v3 Policy Constraints" */
 &(nid_objs[84]),/* "X509v3 Private Key Usage Period" */
 &(nid_objs[85]),/* "X509v3 Subject Alternative Name" */
 &(nid_objs[82]),/* "X509v3 Subject Key Identifier" */
+&(nid_objs[184]),/* "X9.57" */
+&(nid_objs[185]),/* "X9.57 CM ?" */
+&(nid_objs[478]),/* "aRecord" */
+&(nid_objs[289]),/* "aaControls" */
+&(nid_objs[287]),/* "ac-auditEntity" */
+&(nid_objs[397]),/* "ac-proxying" */
+&(nid_objs[288]),/* "ac-targeting" */
+&(nid_objs[446]),/* "account" */
+&(nid_objs[364]),/* "ad dvcs" */
+&(nid_objs[670]),/* "additional verification" */
+&(nid_objs[419]),/* "aes-128-cbc" */
+&(nid_objs[421]),/* "aes-128-cfb" */
+&(nid_objs[418]),/* "aes-128-ecb" */
+&(nid_objs[420]),/* "aes-128-ofb" */
+&(nid_objs[423]),/* "aes-192-cbc" */
+&(nid_objs[425]),/* "aes-192-cfb" */
+&(nid_objs[422]),/* "aes-192-ecb" */
+&(nid_objs[424]),/* "aes-192-ofb" */
+&(nid_objs[427]),/* "aes-256-cbc" */
+&(nid_objs[429]),/* "aes-256-cfb" */
+&(nid_objs[426]),/* "aes-256-ecb" */
+&(nid_objs[428]),/* "aes-256-ofb" */
+&(nid_objs[376]),/* "algorithm" */
+&(nid_objs[484]),/* "associatedDomain" */
+&(nid_objs[485]),/* "associatedName" */
+&(nid_objs[501]),/* "audio" */
 &(nid_objs[91]),/* "bf-cbc" */
 &(nid_objs[93]),/* "bf-cfb" */
 &(nid_objs[92]),/* "bf-ecb" */
 &(nid_objs[94]),/* "bf-ofb" */
+&(nid_objs[494]),/* "buildingName" */
+&(nid_objs[514]),/* "c2onb191v4" */
+&(nid_objs[515]),/* "c2onb191v5" */
+&(nid_objs[520]),/* "c2onb239v4" */
+&(nid_objs[521]),/* "c2onb239v5" */
+&(nid_objs[507]),/* "c2pnb163v1" */
+&(nid_objs[508]),/* "c2pnb163v2" */
+&(nid_objs[509]),/* "c2pnb163v3" */
+&(nid_objs[510]),/* "c2pnb176v1" */
+&(nid_objs[516]),/* "c2pnb208w1" */
+&(nid_objs[522]),/* "c2pnb272w1" */
+&(nid_objs[523]),/* "c2pnb304w1" */
+&(nid_objs[525]),/* "c2pnb368w1" */
+&(nid_objs[511]),/* "c2tnb191v1" */
+&(nid_objs[512]),/* "c2tnb191v2" */
+&(nid_objs[513]),/* "c2tnb191v3" */
+&(nid_objs[517]),/* "c2tnb239v1" */
+&(nid_objs[518]),/* "c2tnb239v2" */
+&(nid_objs[519]),/* "c2tnb239v3" */
+&(nid_objs[524]),/* "c2tnb359v1" */
+&(nid_objs[526]),/* "c2tnb431r1" */
+&(nid_objs[483]),/* "cNAMERecord" */
+&(nid_objs[443]),/* "caseIgnoreIA5StringSyntax" */
 &(nid_objs[108]),/* "cast5-cbc" */
 &(nid_objs[110]),/* "cast5-cfb" */
 &(nid_objs[109]),/* "cast5-ecb" */
 &(nid_objs[111]),/* "cast5-ofb" */
+&(nid_objs[404]),/* "ccitt" */
+&(nid_objs[152]),/* "certBag" */
+&(nid_objs[528]),/* "certicom-arc" */
+&(nid_objs[581]),/* "certificate extensions" */
 &(nid_objs[54]),/* "challengePassword" */
+&(nid_objs[407]),/* "characteristic-two-field" */
+&(nid_objs[395]),/* "clearance" */
+&(nid_objs[697]),/* "cleartext track 2" */
 &(nid_objs[13]),/* "commonName" */
+&(nid_objs[577]),/* "content types" */
 &(nid_objs[50]),/* "contentType" */
 &(nid_objs[53]),/* "countersignature" */
 &(nid_objs[14]),/* "countryName" */
+&(nid_objs[153]),/* "crlBag" */
+&(nid_objs[500]),/* "dITRedirect" */
+&(nid_objs[451]),/* "dNSDomain" */
+&(nid_objs[495]),/* "dSAQuality" */
+&(nid_objs[434]),/* "data" */
+&(nid_objs[390]),/* "dcObject" */
 &(nid_objs[31]),/* "des-cbc" */
+&(nid_objs[707]),/* "des-cdmf" */
 &(nid_objs[30]),/* "des-cfb" */
 &(nid_objs[29]),/* "des-ecb" */
 &(nid_objs[32]),/* "des-ede" */
@@ -491,38 +2786,287 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[107]),/* "description" */
 &(nid_objs[80]),/* "desx-cbc" */
 &(nid_objs[28]),/* "dhKeyAgreement" */
+&(nid_objs[11]),/* "directory services (X.500)" */
+&(nid_objs[378]),/* "directory services - algorithms" */
+&(nid_objs[174]),/* "dnQualifier" */
+&(nid_objs[447]),/* "document" */
+&(nid_objs[471]),/* "documentAuthor" */
+&(nid_objs[468]),/* "documentIdentifier" */
+&(nid_objs[472]),/* "documentLocation" */
+&(nid_objs[502]),/* "documentPublisher" */
+&(nid_objs[449]),/* "documentSeries" */
+&(nid_objs[469]),/* "documentTitle" */
+&(nid_objs[470]),/* "documentVersion" */
+&(nid_objs[380]),/* "dod" */
+&(nid_objs[391]),/* "domainComponent" */
+&(nid_objs[452]),/* "domainRelatedObject" */
 &(nid_objs[116]),/* "dsaEncryption" */
 &(nid_objs[67]),/* "dsaEncryption-old" */
 &(nid_objs[66]),/* "dsaWithSHA" */
 &(nid_objs[113]),/* "dsaWithSHA1" */
 &(nid_objs[70]),/* "dsaWithSHA1-old" */
+&(nid_objs[297]),/* "dvcs" */
+&(nid_objs[416]),/* "ecdsa-with-SHA1" */
 &(nid_objs[48]),/* "emailAddress" */
+&(nid_objs[696]),/* "encrypted track 2" */
 &(nid_objs[56]),/* "extendedCertificateAttributes" */
+&(nid_objs[462]),/* "favouriteDrink" */
+&(nid_objs[453]),/* "friendlyCountry" */
+&(nid_objs[490]),/* "friendlyCountryName" */
+&(nid_objs[156]),/* "friendlyName" */
+&(nid_objs[695]),/* "generate cryptogram" */
+&(nid_objs[574]),/* "generationQualifier" */
+&(nid_objs[665]),/* "generic cryptogram" */
 &(nid_objs[99]),/* "givenName" */
+&(nid_objs[163]),/* "hmacWithSHA1" */
+&(nid_objs[486]),/* "homePostalAddress" */
+&(nid_objs[473]),/* "homeTelephoneNumber" */
+&(nid_objs[466]),/* "host" */
+&(nid_objs[442]),/* "iA5StringSyntax" */
+&(nid_objs[381]),/* "iana" */
+&(nid_objs[266]),/* "id-aca" */
+&(nid_objs[355]),/* "id-aca-accessIdentity" */
+&(nid_objs[354]),/* "id-aca-authenticationInfo" */
+&(nid_objs[356]),/* "id-aca-chargingIdentity" */
+&(nid_objs[399]),/* "id-aca-encAttrs" */
+&(nid_objs[357]),/* "id-aca-group" */
+&(nid_objs[358]),/* "id-aca-role" */
+&(nid_objs[176]),/* "id-ad" */
+&(nid_objs[262]),/* "id-alg" */
+&(nid_objs[323]),/* "id-alg-des40" */
+&(nid_objs[326]),/* "id-alg-dh-pop" */
+&(nid_objs[325]),/* "id-alg-dh-sig-hmac-sha1" */
+&(nid_objs[324]),/* "id-alg-noSignature" */
+&(nid_objs[268]),/* "id-cct" */
+&(nid_objs[361]),/* "id-cct-PKIData" */
+&(nid_objs[362]),/* "id-cct-PKIResponse" */
+&(nid_objs[360]),/* "id-cct-crs" */
+&(nid_objs[81]),/* "id-ce" */
+&(nid_objs[503]),/* "id-characteristic-two-basis" */
+&(nid_objs[263]),/* "id-cmc" */
+&(nid_objs[334]),/* "id-cmc-addExtensions" */
+&(nid_objs[346]),/* "id-cmc-confirmCertAcceptance" */
+&(nid_objs[330]),/* "id-cmc-dataReturn" */
+&(nid_objs[336]),/* "id-cmc-decryptedPOP" */
+&(nid_objs[335]),/* "id-cmc-encryptedPOP" */
+&(nid_objs[339]),/* "id-cmc-getCRL" */
+&(nid_objs[338]),/* "id-cmc-getCert" */
+&(nid_objs[328]),/* "id-cmc-identification" */
+&(nid_objs[329]),/* "id-cmc-identityProof" */
+&(nid_objs[337]),/* "id-cmc-lraPOPWitness" */
+&(nid_objs[344]),/* "id-cmc-popLinkRandom" */
+&(nid_objs[345]),/* "id-cmc-popLinkWitness" */
+&(nid_objs[343]),/* "id-cmc-queryPending" */
+&(nid_objs[333]),/* "id-cmc-recipientNonce" */
+&(nid_objs[341]),/* "id-cmc-regInfo" */
+&(nid_objs[342]),/* "id-cmc-responseInfo" */
+&(nid_objs[340]),/* "id-cmc-revokeRequest" */
+&(nid_objs[332]),/* "id-cmc-senderNonce" */
+&(nid_objs[327]),/* "id-cmc-statusInfo" */
+&(nid_objs[331]),/* "id-cmc-transactionId" */
+&(nid_objs[408]),/* "id-ecPublicKey" */
+&(nid_objs[573]),/* "id-hex-multipart-message" */
+&(nid_objs[572]),/* "id-hex-partial-message" */
+&(nid_objs[260]),/* "id-it" */
+&(nid_objs[302]),/* "id-it-caKeyUpdateInfo" */
+&(nid_objs[298]),/* "id-it-caProtEncCert" */
+&(nid_objs[311]),/* "id-it-confirmWaitTime" */
+&(nid_objs[303]),/* "id-it-currentCRL" */
+&(nid_objs[300]),/* "id-it-encKeyPairTypes" */
+&(nid_objs[310]),/* "id-it-implicitConfirm" */
+&(nid_objs[308]),/* "id-it-keyPairParamRep" */
+&(nid_objs[307]),/* "id-it-keyPairParamReq" */
+&(nid_objs[312]),/* "id-it-origPKIMessage" */
+&(nid_objs[301]),/* "id-it-preferredSymmAlg" */
+&(nid_objs[309]),/* "id-it-revPassphrase" */
+&(nid_objs[299]),/* "id-it-signKeyPairTypes" */
+&(nid_objs[305]),/* "id-it-subscriptionRequest" */
+&(nid_objs[306]),/* "id-it-subscriptionResponse" */
+&(nid_objs[304]),/* "id-it-unsupportedOIDs" */
+&(nid_objs[128]),/* "id-kp" */
+&(nid_objs[280]),/* "id-mod-attribute-cert" */
+&(nid_objs[274]),/* "id-mod-cmc" */
+&(nid_objs[277]),/* "id-mod-cmp" */
+&(nid_objs[284]),/* "id-mod-cmp2000" */
+&(nid_objs[273]),/* "id-mod-crmf" */
+&(nid_objs[283]),/* "id-mod-dvcs" */
+&(nid_objs[275]),/* "id-mod-kea-profile-88" */
+&(nid_objs[276]),/* "id-mod-kea-profile-93" */
+&(nid_objs[282]),/* "id-mod-ocsp" */
+&(nid_objs[278]),/* "id-mod-qualified-cert-88" */
+&(nid_objs[279]),/* "id-mod-qualified-cert-93" */
+&(nid_objs[281]),/* "id-mod-timestamp-protocol" */
+&(nid_objs[264]),/* "id-on" */
+&(nid_objs[347]),/* "id-on-personalData" */
+&(nid_objs[265]),/* "id-pda" */
+&(nid_objs[352]),/* "id-pda-countryOfCitizenship" */
+&(nid_objs[353]),/* "id-pda-countryOfResidence" */
+&(nid_objs[348]),/* "id-pda-dateOfBirth" */
+&(nid_objs[351]),/* "id-pda-gender" */
+&(nid_objs[349]),/* "id-pda-placeOfBirth" */
+&(nid_objs[175]),/* "id-pe" */
+&(nid_objs[261]),/* "id-pkip" */
+&(nid_objs[258]),/* "id-pkix-mod" */
+&(nid_objs[269]),/* "id-pkix1-explicit-88" */
+&(nid_objs[271]),/* "id-pkix1-explicit-93" */
+&(nid_objs[270]),/* "id-pkix1-implicit-88" */
+&(nid_objs[272]),/* "id-pkix1-implicit-93" */
+&(nid_objs[267]),/* "id-qcs" */
+&(nid_objs[359]),/* "id-qcs-pkixQCSyntax-v1" */
+&(nid_objs[259]),/* "id-qt" */
+&(nid_objs[313]),/* "id-regCtrl" */
+&(nid_objs[316]),/* "id-regCtrl-authenticator" */
+&(nid_objs[319]),/* "id-regCtrl-oldCertID" */
+&(nid_objs[318]),/* "id-regCtrl-pkiArchiveOptions" */
+&(nid_objs[317]),/* "id-regCtrl-pkiPublicationInfo" */
+&(nid_objs[320]),/* "id-regCtrl-protocolEncrKey" */
+&(nid_objs[315]),/* "id-regCtrl-regToken" */
+&(nid_objs[314]),/* "id-regInfo" */
+&(nid_objs[322]),/* "id-regInfo-certReq" */
+&(nid_objs[321]),/* "id-regInfo-utf8Pairs" */
+&(nid_objs[191]),/* "id-smime-aa" */
+&(nid_objs[215]),/* "id-smime-aa-contentHint" */
+&(nid_objs[218]),/* "id-smime-aa-contentIdentifier" */
+&(nid_objs[221]),/* "id-smime-aa-contentReference" */
+&(nid_objs[240]),/* "id-smime-aa-dvcs-dvc" */
+&(nid_objs[217]),/* "id-smime-aa-encapContentType" */
+&(nid_objs[222]),/* "id-smime-aa-encrypKeyPref" */
+&(nid_objs[220]),/* "id-smime-aa-equivalentLabels" */
+&(nid_objs[232]),/* "id-smime-aa-ets-CertificateRefs" */
+&(nid_objs[233]),/* "id-smime-aa-ets-RevocationRefs" */
+&(nid_objs[238]),/* "id-smime-aa-ets-archiveTimeStamp" */
+&(nid_objs[237]),/* "id-smime-aa-ets-certCRLTimestamp" */
+&(nid_objs[234]),/* "id-smime-aa-ets-certValues" */
+&(nid_objs[227]),/* "id-smime-aa-ets-commitmentType" */
+&(nid_objs[231]),/* "id-smime-aa-ets-contentTimestamp" */
+&(nid_objs[236]),/* "id-smime-aa-ets-escTimeStamp" */
+&(nid_objs[230]),/* "id-smime-aa-ets-otherSigCert" */
+&(nid_objs[235]),/* "id-smime-aa-ets-revocationValues" */
+&(nid_objs[226]),/* "id-smime-aa-ets-sigPolicyId" */
+&(nid_objs[229]),/* "id-smime-aa-ets-signerAttr" */
+&(nid_objs[228]),/* "id-smime-aa-ets-signerLocation" */
+&(nid_objs[219]),/* "id-smime-aa-macValue" */
+&(nid_objs[214]),/* "id-smime-aa-mlExpandHistory" */
+&(nid_objs[216]),/* "id-smime-aa-msgSigDigest" */
+&(nid_objs[212]),/* "id-smime-aa-receiptRequest" */
+&(nid_objs[213]),/* "id-smime-aa-securityLabel" */
+&(nid_objs[239]),/* "id-smime-aa-signatureType" */
+&(nid_objs[223]),/* "id-smime-aa-signingCertificate" */
+&(nid_objs[224]),/* "id-smime-aa-smimeEncryptCerts" */
+&(nid_objs[225]),/* "id-smime-aa-timeStampToken" */
+&(nid_objs[192]),/* "id-smime-alg" */
+&(nid_objs[243]),/* "id-smime-alg-3DESwrap" */
+&(nid_objs[246]),/* "id-smime-alg-CMS3DESwrap" */
+&(nid_objs[247]),/* "id-smime-alg-CMSRC2wrap" */
+&(nid_objs[245]),/* "id-smime-alg-ESDH" */
+&(nid_objs[241]),/* "id-smime-alg-ESDHwith3DES" */
+&(nid_objs[242]),/* "id-smime-alg-ESDHwithRC2" */
+&(nid_objs[244]),/* "id-smime-alg-RC2wrap" */
+&(nid_objs[193]),/* "id-smime-cd" */
+&(nid_objs[248]),/* "id-smime-cd-ldap" */
+&(nid_objs[190]),/* "id-smime-ct" */
+&(nid_objs[210]),/* "id-smime-ct-DVCSRequestData" */
+&(nid_objs[211]),/* "id-smime-ct-DVCSResponseData" */
+&(nid_objs[208]),/* "id-smime-ct-TDTInfo" */
+&(nid_objs[207]),/* "id-smime-ct-TSTInfo" */
+&(nid_objs[205]),/* "id-smime-ct-authData" */
+&(nid_objs[209]),/* "id-smime-ct-contentInfo" */
+&(nid_objs[206]),/* "id-smime-ct-publishCert" */
+&(nid_objs[204]),/* "id-smime-ct-receipt" */
+&(nid_objs[195]),/* "id-smime-cti" */
+&(nid_objs[255]),/* "id-smime-cti-ets-proofOfApproval" */
+&(nid_objs[256]),/* "id-smime-cti-ets-proofOfCreation" */
+&(nid_objs[253]),/* "id-smime-cti-ets-proofOfDelivery" */
+&(nid_objs[251]),/* "id-smime-cti-ets-proofOfOrigin" */
+&(nid_objs[252]),/* "id-smime-cti-ets-proofOfReceipt" */
+&(nid_objs[254]),/* "id-smime-cti-ets-proofOfSender" */
+&(nid_objs[189]),/* "id-smime-mod" */
+&(nid_objs[196]),/* "id-smime-mod-cms" */
+&(nid_objs[197]),/* "id-smime-mod-ess" */
+&(nid_objs[202]),/* "id-smime-mod-ets-eSigPolicy-88" */
+&(nid_objs[203]),/* "id-smime-mod-ets-eSigPolicy-97" */
+&(nid_objs[200]),/* "id-smime-mod-ets-eSignature-88" */
+&(nid_objs[201]),/* "id-smime-mod-ets-eSignature-97" */
+&(nid_objs[199]),/* "id-smime-mod-msg-v3" */
+&(nid_objs[198]),/* "id-smime-mod-oid" */
+&(nid_objs[194]),/* "id-smime-spq" */
+&(nid_objs[250]),/* "id-smime-spq-ets-sqt-unotice" */
+&(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */
 &(nid_objs[34]),/* "idea-cbc" */
 &(nid_objs[35]),/* "idea-cfb" */
 &(nid_objs[36]),/* "idea-ecb" */
 &(nid_objs[46]),/* "idea-ofb" */
+&(nid_objs[527]),/* "identified-organization" */
+&(nid_objs[461]),/* "info" */
 &(nid_objs[101]),/* "initials" */
+&(nid_objs[181]),/* "iso" */
+&(nid_objs[687]),/* "issuer capabilities" */
+&(nid_objs[492]),/* "janetMailbox" */
+&(nid_objs[393]),/* "joint-iso-ccitt" */
+&(nid_objs[150]),/* "keyBag" */
+&(nid_objs[477]),/* "lastModifiedBy" */
+&(nid_objs[476]),/* "lastModifiedTime" */
+&(nid_objs[157]),/* "localKeyID" */
 &(nid_objs[15]),/* "localityName" */
+&(nid_objs[480]),/* "mXRecord" */
+&(nid_objs[493]),/* "mailPreferenceOption" */
+&(nid_objs[467]),/* "manager" */
 &(nid_objs[ 3]),/* "md2" */
 &(nid_objs[ 7]),/* "md2WithRSAEncryption" */
+&(nid_objs[257]),/* "md4" */
+&(nid_objs[396]),/* "md4WithRSAEncryption" */
 &(nid_objs[ 4]),/* "md5" */
 &(nid_objs[114]),/* "md5-sha1" */
 &(nid_objs[104]),/* "md5WithRSA" */
 &(nid_objs[ 8]),/* "md5WithRSAEncryption" */
 &(nid_objs[95]),/* "mdc2" */
-&(nid_objs[96]),/* "mdc2withRSA" */
+&(nid_objs[96]),/* "mdc2WithRSA" */
+&(nid_objs[666]),/* "merchant initiated auth" */
+&(nid_objs[578]),/* "message extensions" */
 &(nid_objs[51]),/* "messageDigest" */
+&(nid_objs[571]),/* "mime-mhs-bodies" */
+&(nid_objs[570]),/* "mime-mhs-headings" */
+&(nid_objs[488]),/* "mobileTelephoneNumber" */
+&(nid_objs[481]),/* "nSRecord" */
+&(nid_objs[173]),/* "name" */
+&(nid_objs[504]),/* "onBasis" */
+&(nid_objs[379]),/* "org" */
 &(nid_objs[17]),/* "organizationName" */
+&(nid_objs[491]),/* "organizationalStatus" */
 &(nid_objs[18]),/* "organizationalUnitName" */
+&(nid_objs[475]),/* "otherMailbox" */
+&(nid_objs[489]),/* "pagerTelephoneNumber" */
+&(nid_objs[374]),/* "path" */
+&(nid_objs[685]),/* "payment gateway capabilities" */
 &(nid_objs[ 9]),/* "pbeWithMD2AndDES-CBC" */
+&(nid_objs[168]),/* "pbeWithMD2AndRC2-CBC" */
 &(nid_objs[112]),/* "pbeWithMD5AndCast5CBC" */
 &(nid_objs[10]),/* "pbeWithMD5AndDES-CBC" */
+&(nid_objs[169]),/* "pbeWithMD5AndRC2-CBC" */
+&(nid_objs[148]),/* "pbeWithSHA1And128BitRC2-CBC" */
+&(nid_objs[144]),/* "pbeWithSHA1And128BitRC4" */
+&(nid_objs[147]),/* "pbeWithSHA1And2-KeyTripleDES-CBC" */
+&(nid_objs[146]),/* "pbeWithSHA1And3-KeyTripleDES-CBC" */
+&(nid_objs[149]),/* "pbeWithSHA1And40BitRC2-CBC" */
+&(nid_objs[145]),/* "pbeWithSHA1And40BitRC4" */
+&(nid_objs[170]),/* "pbeWithSHA1AndDES-CBC" */
 &(nid_objs[68]),/* "pbeWithSHA1AndRC2-CBC" */
-&(nid_objs[69]),/* "pbeWithSHA1AndRC4" */
-&(nid_objs[ 2]),/* "pkcs" */
+&(nid_objs[499]),/* "personalSignature" */
+&(nid_objs[487]),/* "personalTitle" */
+&(nid_objs[464]),/* "photo" */
+&(nid_objs[437]),/* "pilot" */
+&(nid_objs[439]),/* "pilotAttributeSyntax" */
+&(nid_objs[438]),/* "pilotAttributeType" */
+&(nid_objs[479]),/* "pilotAttributeType27" */
+&(nid_objs[456]),/* "pilotDSA" */
+&(nid_objs[441]),/* "pilotGroups" */
+&(nid_objs[444]),/* "pilotObject" */
+&(nid_objs[440]),/* "pilotObjectClass" */
+&(nid_objs[455]),/* "pilotOrganization" */
+&(nid_objs[445]),/* "pilotPerson" */
+&(nid_objs[186]),/* "pkcs1" */
 &(nid_objs[27]),/* "pkcs3" */
+&(nid_objs[187]),/* "pkcs5" */
 &(nid_objs[20]),/* "pkcs7" */
 &(nid_objs[21]),/* "pkcs7-data" */
 &(nid_objs[25]),/* "pkcs7-digestData" */
@@ -530,8 +3074,24 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[23]),/* "pkcs7-envelopedData" */
 &(nid_objs[24]),/* "pkcs7-signedAndEnvelopedData" */
 &(nid_objs[22]),/* "pkcs7-signedData" */
+&(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */
 &(nid_objs[47]),/* "pkcs9" */
+&(nid_objs[506]),/* "ppBasis" */
+&(nid_objs[406]),/* "prime-field" */
+&(nid_objs[409]),/* "prime192v1" */
+&(nid_objs[410]),/* "prime192v2" */
+&(nid_objs[411]),/* "prime192v3" */
+&(nid_objs[412]),/* "prime239v1" */
+&(nid_objs[413]),/* "prime239v2" */
+&(nid_objs[414]),/* "prime239v3" */
+&(nid_objs[415]),/* "prime256v1" */
+&(nid_objs[575]),/* "pseudonym" */
+&(nid_objs[435]),/* "pss" */
+&(nid_objs[286]),/* "qcStatements" */
+&(nid_objs[457]),/* "qualityLabelledData" */
+&(nid_objs[450]),/* "rFC822localPart" */
 &(nid_objs[98]),/* "rc2-40-cbc" */
+&(nid_objs[166]),/* "rc2-64-cbc" */
 &(nid_objs[37]),/* "rc2-cbc" */
 &(nid_objs[39]),/* "rc2-cfb" */
 &(nid_objs[38]),/* "rc2-ecb" */
@@ -542,34 +3102,238 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[122]),/* "rc5-cfb" */
 &(nid_objs[121]),/* "rc5-ecb" */
 &(nid_objs[123]),/* "rc5-ofb" */
+&(nid_objs[460]),/* "rfc822Mailbox" */
 &(nid_objs[117]),/* "ripemd160" */
 &(nid_objs[119]),/* "ripemd160WithRSA" */
+&(nid_objs[400]),/* "role" */
+&(nid_objs[448]),/* "room" */
+&(nid_objs[463]),/* "roomNumber" */
 &(nid_objs[19]),/* "rsa" */
 &(nid_objs[ 6]),/* "rsaEncryption" */
-&(nid_objs[ 1]),/* "rsadsi" */
+&(nid_objs[708]),/* "rsaOAEPEncryptionSET" */
+&(nid_objs[377]),/* "rsaSignature" */
 &(nid_objs[124]),/* "run length compression" */
+&(nid_objs[482]),/* "sOARecord" */
+&(nid_objs[155]),/* "safeContentsBag" */
+&(nid_objs[291]),/* "sbqp-autonomousSysNum" */
+&(nid_objs[290]),/* "sbqp-ipAddrBlock" */
+&(nid_objs[292]),/* "sbqp-routerIdentifier" */
+&(nid_objs[159]),/* "sdsiCertificate" */
+&(nid_objs[529]),/* "secp112r1" */
+&(nid_objs[530]),/* "secp112r2" */
+&(nid_objs[531]),/* "secp128r1" */
+&(nid_objs[532]),/* "secp128r2" */
+&(nid_objs[533]),/* "secp160k1" */
+&(nid_objs[534]),/* "secp160r1" */
+&(nid_objs[535]),/* "secp160r2" */
+&(nid_objs[536]),/* "secp192k1" */
+&(nid_objs[538]),/* "secp224k1" */
+&(nid_objs[539]),/* "secp224r1" */
+&(nid_objs[540]),/* "secp256k1" */
+&(nid_objs[542]),/* "secp384r1" */
+&(nid_objs[543]),/* "secp521r1" */
+&(nid_objs[154]),/* "secretBag" */
+&(nid_objs[474]),/* "secretary" */
+&(nid_objs[544]),/* "sect113r1" */
+&(nid_objs[545]),/* "sect113r2" */
+&(nid_objs[546]),/* "sect131r1" */
+&(nid_objs[547]),/* "sect131r2" */
+&(nid_objs[548]),/* "sect163k1" */
+&(nid_objs[549]),/* "sect163r1" */
+&(nid_objs[550]),/* "sect163r2" */
+&(nid_objs[551]),/* "sect193r1" */
+&(nid_objs[552]),/* "sect193r2" */
+&(nid_objs[553]),/* "sect233k1" */
+&(nid_objs[554]),/* "sect233r1" */
+&(nid_objs[555]),/* "sect239k1" */
+&(nid_objs[556]),/* "sect283k1" */
+&(nid_objs[557]),/* "sect283r1" */
+&(nid_objs[558]),/* "sect409k1" */
+&(nid_objs[559]),/* "sect409r1" */
+&(nid_objs[560]),/* "sect571k1" */
+&(nid_objs[561]),/* "sect571r1" */
+&(nid_objs[699]),/* "secure device signature" */
 &(nid_objs[105]),/* "serialNumber" */
+&(nid_objs[689]),/* "set-addPolicy" */
+&(nid_objs[579]),/* "set-attr" */
+&(nid_objs[582]),/* "set-brand" */
+&(nid_objs[702]),/* "set-brand-AmericanExpress" */
+&(nid_objs[701]),/* "set-brand-Diners" */
+&(nid_objs[700]),/* "set-brand-IATA-ATA" */
+&(nid_objs[703]),/* "set-brand-JCB" */
+&(nid_objs[705]),/* "set-brand-MasterCard" */
+&(nid_objs[706]),/* "set-brand-Novus" */
+&(nid_objs[704]),/* "set-brand-Visa" */
+&(nid_objs[580]),/* "set-policy" */
+&(nid_objs[671]),/* "set-policy-root" */
+&(nid_objs[688]),/* "set-rootKeyThumb" */
+&(nid_objs[684]),/* "setAttr-Cert" */
+&(nid_objs[692]),/* "setAttr-IssCap-CVM" */
+&(nid_objs[694]),/* "setAttr-IssCap-Sig" */
+&(nid_objs[693]),/* "setAttr-IssCap-T2" */
+&(nid_objs[691]),/* "setAttr-Token-B0Prime" */
+&(nid_objs[690]),/* "setAttr-Token-EMV" */
+&(nid_objs[686]),/* "setAttr-TokenType" */
+&(nid_objs[683]),/* "setCext-IssuerCapabilities" */
+&(nid_objs[679]),/* "setCext-PGWYcapabilities" */
+&(nid_objs[680]),/* "setCext-TokenIdentifier" */
+&(nid_objs[682]),/* "setCext-TokenType" */
+&(nid_objs[681]),/* "setCext-Track2Data" */
+&(nid_objs[675]),/* "setCext-cCertRequired" */
+&(nid_objs[673]),/* "setCext-certType" */
+&(nid_objs[672]),/* "setCext-hashedRoot" */
+&(nid_objs[674]),/* "setCext-merchData" */
+&(nid_objs[677]),/* "setCext-setExt" */
+&(nid_objs[678]),/* "setCext-setQualf" */
+&(nid_objs[676]),/* "setCext-tunneling" */
+&(nid_objs[604]),/* "setct-AcqCardCodeMsg" */
+&(nid_objs[640]),/* "setct-AcqCardCodeMsgTBE" */
+&(nid_objs[634]),/* "setct-AuthReqTBE" */
+&(nid_objs[598]),/* "setct-AuthReqTBS" */
+&(nid_objs[591]),/* "setct-AuthResBaggage" */
+&(nid_objs[635]),/* "setct-AuthResTBE" */
+&(nid_objs[636]),/* "setct-AuthResTBEX" */
+&(nid_objs[599]),/* "setct-AuthResTBS" */
+&(nid_objs[600]),/* "setct-AuthResTBSX" */
+&(nid_objs[592]),/* "setct-AuthRevReqBaggage" */
+&(nid_objs[641]),/* "setct-AuthRevReqTBE" */
+&(nid_objs[605]),/* "setct-AuthRevReqTBS" */
+&(nid_objs[593]),/* "setct-AuthRevResBaggage" */
+&(nid_objs[606]),/* "setct-AuthRevResData" */
+&(nid_objs[642]),/* "setct-AuthRevResTBE" */
+&(nid_objs[643]),/* "setct-AuthRevResTBEB" */
+&(nid_objs[607]),/* "setct-AuthRevResTBS" */
+&(nid_objs[637]),/* "setct-AuthTokenTBE" */
+&(nid_objs[601]),/* "setct-AuthTokenTBS" */
+&(nid_objs[664]),/* "setct-BCIDistributionTBS" */
+&(nid_objs[622]),/* "setct-BatchAdminReqData" */
+&(nid_objs[656]),/* "setct-BatchAdminReqTBE" */
+&(nid_objs[623]),/* "setct-BatchAdminResData" */
+&(nid_objs[657]),/* "setct-BatchAdminResTBE" */
+&(nid_objs[663]),/* "setct-CRLNotificationResTBS" */
+&(nid_objs[662]),/* "setct-CRLNotificationTBS" */
+&(nid_objs[644]),/* "setct-CapReqTBE" */
+&(nid_objs[645]),/* "setct-CapReqTBEX" */
+&(nid_objs[608]),/* "setct-CapReqTBS" */
+&(nid_objs[609]),/* "setct-CapReqTBSX" */
+&(nid_objs[610]),/* "setct-CapResData" */
+&(nid_objs[646]),/* "setct-CapResTBE" */
+&(nid_objs[647]),/* "setct-CapRevReqTBE" */
+&(nid_objs[648]),/* "setct-CapRevReqTBEX" */
+&(nid_objs[611]),/* "setct-CapRevReqTBS" */
+&(nid_objs[612]),/* "setct-CapRevReqTBSX" */
+&(nid_objs[613]),/* "setct-CapRevResData" */
+&(nid_objs[649]),/* "setct-CapRevResTBE" */
+&(nid_objs[602]),/* "setct-CapTokenData" */
+&(nid_objs[594]),/* "setct-CapTokenSeq" */
+&(nid_objs[638]),/* "setct-CapTokenTBE" */
+&(nid_objs[639]),/* "setct-CapTokenTBEX" */
+&(nid_objs[603]),/* "setct-CapTokenTBS" */
+&(nid_objs[624]),/* "setct-CardCInitResTBS" */
+&(nid_objs[630]),/* "setct-CertInqReqTBS" */
+&(nid_objs[627]),/* "setct-CertReqData" */
+&(nid_objs[659]),/* "setct-CertReqTBE" */
+&(nid_objs[660]),/* "setct-CertReqTBEX" */
+&(nid_objs[628]),/* "setct-CertReqTBS" */
+&(nid_objs[629]),/* "setct-CertResData" */
+&(nid_objs[661]),/* "setct-CertResTBE" */
+&(nid_objs[650]),/* "setct-CredReqTBE" */
+&(nid_objs[651]),/* "setct-CredReqTBEX" */
+&(nid_objs[614]),/* "setct-CredReqTBS" */
+&(nid_objs[615]),/* "setct-CredReqTBSX" */
+&(nid_objs[616]),/* "setct-CredResData" */
+&(nid_objs[652]),/* "setct-CredResTBE" */
+&(nid_objs[653]),/* "setct-CredRevReqTBE" */
+&(nid_objs[654]),/* "setct-CredRevReqTBEX" */
+&(nid_objs[617]),/* "setct-CredRevReqTBS" */
+&(nid_objs[618]),/* "setct-CredRevReqTBSX" */
+&(nid_objs[619]),/* "setct-CredRevResData" */
+&(nid_objs[655]),/* "setct-CredRevResTBE" */
+&(nid_objs[631]),/* "setct-ErrorTBS" */
+&(nid_objs[590]),/* "setct-HODInput" */
+&(nid_objs[625]),/* "setct-MeAqCInitResTBS" */
+&(nid_objs[586]),/* "setct-OIData" */
+&(nid_objs[583]),/* "setct-PANData" */
+&(nid_objs[585]),/* "setct-PANOnly" */
+&(nid_objs[584]),/* "setct-PANToken" */
+&(nid_objs[620]),/* "setct-PCertReqData" */
+&(nid_objs[621]),/* "setct-PCertResTBS" */
+&(nid_objs[587]),/* "setct-PI" */
+&(nid_objs[596]),/* "setct-PI-TBS" */
+&(nid_objs[588]),/* "setct-PIData" */
+&(nid_objs[589]),/* "setct-PIDataUnsigned" */
+&(nid_objs[632]),/* "setct-PIDualSignedTBE" */
+&(nid_objs[633]),/* "setct-PIUnsignedTBE" */
+&(nid_objs[595]),/* "setct-PInitResData" */
+&(nid_objs[597]),/* "setct-PResData" */
+&(nid_objs[658]),/* "setct-RegFormReqTBE" */
+&(nid_objs[626]),/* "setct-RegFormResTBS" */
+&(nid_objs[668]),/* "setext-pinAny" */
+&(nid_objs[667]),/* "setext-pinSecure" */
+&(nid_objs[669]),/* "setext-track2" */
 &(nid_objs[41]),/* "sha" */
 &(nid_objs[64]),/* "sha1" */
 &(nid_objs[115]),/* "sha1WithRSA" */
 &(nid_objs[65]),/* "sha1WithRSAEncryption" */
 &(nid_objs[42]),/* "shaWithRSAEncryption" */
 &(nid_objs[52]),/* "signingTime" */
+&(nid_objs[454]),/* "simpleSecurityObject" */
+&(nid_objs[496]),/* "singleLevelQuality" */
 &(nid_objs[16]),/* "stateOrProvinceName" */
+&(nid_objs[498]),/* "subtreeMaximumQuality" */
+&(nid_objs[497]),/* "subtreeMinimumQuality" */
 &(nid_objs[100]),/* "surname" */
+&(nid_objs[459]),/* "textEncodedORAddress" */
+&(nid_objs[293]),/* "textNotice" */
 &(nid_objs[106]),/* "title" */
+&(nid_objs[505]),/* "tpBasis" */
+&(nid_objs[436]),/* "ucl" */
 &(nid_objs[ 0]),/* "undefined" */
-&(nid_objs[102]),/* "uniqueIdentifier" */
 &(nid_objs[55]),/* "unstructuredAddress" */
 &(nid_objs[49]),/* "unstructuredName" */
+&(nid_objs[465]),/* "userClass" */
+&(nid_objs[458]),/* "userId" */
+&(nid_objs[373]),/* "valid" */
+&(nid_objs[562]),/* "wap" */
+&(nid_objs[563]),/* "wap-wsg" */
+&(nid_objs[564]),/* "wap-wsg-idm-ecid-wtls1" */
+&(nid_objs[713]),/* "wap-wsg-idm-ecid-wtls10" */
+&(nid_objs[714]),/* "wap-wsg-idm-ecid-wtls11" */
+&(nid_objs[715]),/* "wap-wsg-idm-ecid-wtls12" */
+&(nid_objs[709]),/* "wap-wsg-idm-ecid-wtls3" */
+&(nid_objs[710]),/* "wap-wsg-idm-ecid-wtls4" */
+&(nid_objs[711]),/* "wap-wsg-idm-ecid-wtls5" */
+&(nid_objs[565]),/* "wap-wsg-idm-ecid-wtls6" */
+&(nid_objs[712]),/* "wap-wsg-idm-ecid-wtls7" */
+&(nid_objs[566]),/* "wap-wsg-idm-ecid-wtls8" */
+&(nid_objs[567]),/* "wap-wsg-idm-ecid-wtls9" */
+&(nid_objs[568]),/* "x500UniqueIdentifier" */
+&(nid_objs[158]),/* "x509Certificate" */
+&(nid_objs[160]),/* "x509Crl" */
 &(nid_objs[125]),/* "zlib compression" */
 };
 
 static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[ 0]),/* OBJ_undef                        0 */
+&(nid_objs[404]),/* OBJ_ccitt                        0 */
+&(nid_objs[434]),/* OBJ_data                         0 9 */
+&(nid_objs[181]),/* OBJ_iso                          1 */
+&(nid_objs[182]),/* OBJ_member_body                  1 2 */
+&(nid_objs[379]),/* OBJ_org                          1 3 */
+&(nid_objs[527]),/* OBJ_identified_organization      1 3 */
+&(nid_objs[393]),/* OBJ_joint_iso_ccitt              2 */
 &(nid_objs[11]),/* OBJ_X500                         2 5 */
+&(nid_objs[380]),/* OBJ_dod                          1 3 6 */
 &(nid_objs[12]),/* OBJ_X509                         2 5 4 */
-&(nid_objs[81]),/* OBJ_ld_ce                        2 5 29 */
+&(nid_objs[378]),/* OBJ_X500algorithms               2 5 8 */
+&(nid_objs[81]),/* OBJ_id_ce                        2 5 29 */
+&(nid_objs[576]),/* OBJ_id_set                       2 23 42 */
+&(nid_objs[562]),/* OBJ_wap                          2 23 43 */
+&(nid_objs[435]),/* OBJ_pss                          0 9 2342 */
+&(nid_objs[183]),/* OBJ_ISO_US                       1 2 840 */
+&(nid_objs[381]),/* OBJ_iana                         1 3 6 1 */
+&(nid_objs[528]),/* OBJ_certicom_arc                 1 3 132 */
+&(nid_objs[394]),/* OBJ_selected_attribute_types     2 5 1 5 */
 &(nid_objs[13]),/* OBJ_commonName                   2 5 4 3 */
 &(nid_objs[100]),/* OBJ_surname                      2 5 4 4 */
 &(nid_objs[105]),/* OBJ_serialNumber                 2 5 4 5 */
@@ -580,9 +3344,14 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[18]),/* OBJ_organizationalUnitName       2 5 4 11 */
 &(nid_objs[106]),/* OBJ_title                        2 5 4 12 */
 &(nid_objs[107]),/* OBJ_description                  2 5 4 13 */
+&(nid_objs[173]),/* OBJ_name                         2 5 4 41 */
 &(nid_objs[99]),/* OBJ_givenName                    2 5 4 42 */
 &(nid_objs[101]),/* OBJ_initials                     2 5 4 43 */
-&(nid_objs[102]),/* OBJ_uniqueIdentifier             2 5 4 45 */
+&(nid_objs[574]),/* OBJ_generationQualifier          2 5 4 44 */
+&(nid_objs[568]),/* OBJ_x500UniqueIdentifier         2 5 4 45 */
+&(nid_objs[174]),/* OBJ_dnQualifier                  2 5 4 46 */
+&(nid_objs[575]),/* OBJ_pseudonym                    2 5 4 65 */
+&(nid_objs[400]),/* OBJ_role                         2 5 4 72 */
 &(nid_objs[82]),/* OBJ_subject_key_identifier       2 5 29 14 */
 &(nid_objs[83]),/* OBJ_key_usage                    2 5 29 15 */
 &(nid_objs[84]),/* OBJ_private_key_usage_period     2 5 29 16 */
@@ -590,56 +3359,426 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[86]),/* OBJ_issuer_alt_name              2 5 29 18 */
 &(nid_objs[87]),/* OBJ_basic_constraints            2 5 29 19 */
 &(nid_objs[88]),/* OBJ_crl_number                   2 5 29 20 */
+&(nid_objs[141]),/* OBJ_crl_reason                   2 5 29 21 */
+&(nid_objs[430]),/* OBJ_hold_instruction_code        2 5 29 23 */
+&(nid_objs[142]),/* OBJ_invalidity_date              2 5 29 24 */
+&(nid_objs[140]),/* OBJ_delta_crl                    2 5 29 27 */
 &(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */
 &(nid_objs[89]),/* OBJ_certificate_policies         2 5 29 32 */
 &(nid_objs[90]),/* OBJ_authority_key_identifier     2 5 29 35 */
+&(nid_objs[401]),/* OBJ_policy_constraints           2 5 29 36 */
+&(nid_objs[126]),/* OBJ_ext_key_usage                2 5 29 37 */
+&(nid_objs[402]),/* OBJ_target_information           2 5 29 55 */
+&(nid_objs[403]),/* OBJ_no_rev_avail                 2 5 29 56 */
+&(nid_objs[577]),/* OBJ_set_ctype                    2 23 42 0 */
+&(nid_objs[578]),/* OBJ_set_msgExt                   2 23 42 1 */
+&(nid_objs[579]),/* OBJ_set_attr                     2 23 42 3 */
+&(nid_objs[580]),/* OBJ_set_policy                   2 23 42 5 */
+&(nid_objs[581]),/* OBJ_set_certExt                  2 23 42 7 */
+&(nid_objs[582]),/* OBJ_set_brand                    2 23 42 8 */
+&(nid_objs[563]),/* OBJ_wap_wsg                      2 23 43 13 */
+&(nid_objs[382]),/* OBJ_Directory                    1 3 6 1 1 */
+&(nid_objs[383]),/* OBJ_Management                   1 3 6 1 2 */
+&(nid_objs[384]),/* OBJ_Experimental                 1 3 6 1 3 */
+&(nid_objs[385]),/* OBJ_Private                      1 3 6 1 4 */
+&(nid_objs[386]),/* OBJ_Security                     1 3 6 1 5 */
+&(nid_objs[387]),/* OBJ_SNMPv2                       1 3 6 1 6 */
+&(nid_objs[388]),/* OBJ_Mail                         1 3 6 1 7 */
+&(nid_objs[376]),/* OBJ_algorithm                    1 3 14 3 2 */
+&(nid_objs[395]),/* OBJ_clearance                    2 5 1 5 55 */
 &(nid_objs[19]),/* OBJ_rsa                          2 5 8 1 1 */
 &(nid_objs[96]),/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
 &(nid_objs[95]),/* OBJ_mdc2                         2 5 8 3 101 */
-&(nid_objs[124]),/* OBJ_rle_compression              1 1 1 1 666.1 */
-&(nid_objs[125]),/* OBJ_zlib_compression             1 1 1 1 666.2 */
+&(nid_objs[583]),/* OBJ_setct_PANData                2 23 42 0 0 */
+&(nid_objs[584]),/* OBJ_setct_PANToken               2 23 42 0 1 */
+&(nid_objs[585]),/* OBJ_setct_PANOnly                2 23 42 0 2 */
+&(nid_objs[586]),/* OBJ_setct_OIData                 2 23 42 0 3 */
+&(nid_objs[587]),/* OBJ_setct_PI                     2 23 42 0 4 */
+&(nid_objs[588]),/* OBJ_setct_PIData                 2 23 42 0 5 */
+&(nid_objs[589]),/* OBJ_setct_PIDataUnsigned         2 23 42 0 6 */
+&(nid_objs[590]),/* OBJ_setct_HODInput               2 23 42 0 7 */
+&(nid_objs[591]),/* OBJ_setct_AuthResBaggage         2 23 42 0 8 */
+&(nid_objs[592]),/* OBJ_setct_AuthRevReqBaggage      2 23 42 0 9 */
+&(nid_objs[593]),/* OBJ_setct_AuthRevResBaggage      2 23 42 0 10 */
+&(nid_objs[594]),/* OBJ_setct_CapTokenSeq            2 23 42 0 11 */
+&(nid_objs[595]),/* OBJ_setct_PInitResData           2 23 42 0 12 */
+&(nid_objs[596]),/* OBJ_setct_PI_TBS                 2 23 42 0 13 */
+&(nid_objs[597]),/* OBJ_setct_PResData               2 23 42 0 14 */
+&(nid_objs[598]),/* OBJ_setct_AuthReqTBS             2 23 42 0 16 */
+&(nid_objs[599]),/* OBJ_setct_AuthResTBS             2 23 42 0 17 */
+&(nid_objs[600]),/* OBJ_setct_AuthResTBSX            2 23 42 0 18 */
+&(nid_objs[601]),/* OBJ_setct_AuthTokenTBS           2 23 42 0 19 */
+&(nid_objs[602]),/* OBJ_setct_CapTokenData           2 23 42 0 20 */
+&(nid_objs[603]),/* OBJ_setct_CapTokenTBS            2 23 42 0 21 */
+&(nid_objs[604]),/* OBJ_setct_AcqCardCodeMsg         2 23 42 0 22 */
+&(nid_objs[605]),/* OBJ_setct_AuthRevReqTBS          2 23 42 0 23 */
+&(nid_objs[606]),/* OBJ_setct_AuthRevResData         2 23 42 0 24 */
+&(nid_objs[607]),/* OBJ_setct_AuthRevResTBS          2 23 42 0 25 */
+&(nid_objs[608]),/* OBJ_setct_CapReqTBS              2 23 42 0 26 */
+&(nid_objs[609]),/* OBJ_setct_CapReqTBSX             2 23 42 0 27 */
+&(nid_objs[610]),/* OBJ_setct_CapResData             2 23 42 0 28 */
+&(nid_objs[611]),/* OBJ_setct_CapRevReqTBS           2 23 42 0 29 */
+&(nid_objs[612]),/* OBJ_setct_CapRevReqTBSX          2 23 42 0 30 */
+&(nid_objs[613]),/* OBJ_setct_CapRevResData          2 23 42 0 31 */
+&(nid_objs[614]),/* OBJ_setct_CredReqTBS             2 23 42 0 32 */
+&(nid_objs[615]),/* OBJ_setct_CredReqTBSX            2 23 42 0 33 */
+&(nid_objs[616]),/* OBJ_setct_CredResData            2 23 42 0 34 */
+&(nid_objs[617]),/* OBJ_setct_CredRevReqTBS          2 23 42 0 35 */
+&(nid_objs[618]),/* OBJ_setct_CredRevReqTBSX         2 23 42 0 36 */
+&(nid_objs[619]),/* OBJ_setct_CredRevResData         2 23 42 0 37 */
+&(nid_objs[620]),/* OBJ_setct_PCertReqData           2 23 42 0 38 */
+&(nid_objs[621]),/* OBJ_setct_PCertResTBS            2 23 42 0 39 */
+&(nid_objs[622]),/* OBJ_setct_BatchAdminReqData      2 23 42 0 40 */
+&(nid_objs[623]),/* OBJ_setct_BatchAdminResData      2 23 42 0 41 */
+&(nid_objs[624]),/* OBJ_setct_CardCInitResTBS        2 23 42 0 42 */
+&(nid_objs[625]),/* OBJ_setct_MeAqCInitResTBS        2 23 42 0 43 */
+&(nid_objs[626]),/* OBJ_setct_RegFormResTBS          2 23 42 0 44 */
+&(nid_objs[627]),/* OBJ_setct_CertReqData            2 23 42 0 45 */
+&(nid_objs[628]),/* OBJ_setct_CertReqTBS             2 23 42 0 46 */
+&(nid_objs[629]),/* OBJ_setct_CertResData            2 23 42 0 47 */
+&(nid_objs[630]),/* OBJ_setct_CertInqReqTBS          2 23 42 0 48 */
+&(nid_objs[631]),/* OBJ_setct_ErrorTBS               2 23 42 0 49 */
+&(nid_objs[632]),/* OBJ_setct_PIDualSignedTBE        2 23 42 0 50 */
+&(nid_objs[633]),/* OBJ_setct_PIUnsignedTBE          2 23 42 0 51 */
+&(nid_objs[634]),/* OBJ_setct_AuthReqTBE             2 23 42 0 52 */
+&(nid_objs[635]),/* OBJ_setct_AuthResTBE             2 23 42 0 53 */
+&(nid_objs[636]),/* OBJ_setct_AuthResTBEX            2 23 42 0 54 */
+&(nid_objs[637]),/* OBJ_setct_AuthTokenTBE           2 23 42 0 55 */
+&(nid_objs[638]),/* OBJ_setct_CapTokenTBE            2 23 42 0 56 */
+&(nid_objs[639]),/* OBJ_setct_CapTokenTBEX           2 23 42 0 57 */
+&(nid_objs[640]),/* OBJ_setct_AcqCardCodeMsgTBE      2 23 42 0 58 */
+&(nid_objs[641]),/* OBJ_setct_AuthRevReqTBE          2 23 42 0 59 */
+&(nid_objs[642]),/* OBJ_setct_AuthRevResTBE          2 23 42 0 60 */
+&(nid_objs[643]),/* OBJ_setct_AuthRevResTBEB         2 23 42 0 61 */
+&(nid_objs[644]),/* OBJ_setct_CapReqTBE              2 23 42 0 62 */
+&(nid_objs[645]),/* OBJ_setct_CapReqTBEX             2 23 42 0 63 */
+&(nid_objs[646]),/* OBJ_setct_CapResTBE              2 23 42 0 64 */
+&(nid_objs[647]),/* OBJ_setct_CapRevReqTBE           2 23 42 0 65 */
+&(nid_objs[648]),/* OBJ_setct_CapRevReqTBEX          2 23 42 0 66 */
+&(nid_objs[649]),/* OBJ_setct_CapRevResTBE           2 23 42 0 67 */
+&(nid_objs[650]),/* OBJ_setct_CredReqTBE             2 23 42 0 68 */
+&(nid_objs[651]),/* OBJ_setct_CredReqTBEX            2 23 42 0 69 */
+&(nid_objs[652]),/* OBJ_setct_CredResTBE             2 23 42 0 70 */
+&(nid_objs[653]),/* OBJ_setct_CredRevReqTBE          2 23 42 0 71 */
+&(nid_objs[654]),/* OBJ_setct_CredRevReqTBEX         2 23 42 0 72 */
+&(nid_objs[655]),/* OBJ_setct_CredRevResTBE          2 23 42 0 73 */
+&(nid_objs[656]),/* OBJ_setct_BatchAdminReqTBE       2 23 42 0 74 */
+&(nid_objs[657]),/* OBJ_setct_BatchAdminResTBE       2 23 42 0 75 */
+&(nid_objs[658]),/* OBJ_setct_RegFormReqTBE          2 23 42 0 76 */
+&(nid_objs[659]),/* OBJ_setct_CertReqTBE             2 23 42 0 77 */
+&(nid_objs[660]),/* OBJ_setct_CertReqTBEX            2 23 42 0 78 */
+&(nid_objs[661]),/* OBJ_setct_CertResTBE             2 23 42 0 79 */
+&(nid_objs[662]),/* OBJ_setct_CRLNotificationTBS     2 23 42 0 80 */
+&(nid_objs[663]),/* OBJ_setct_CRLNotificationResTBS  2 23 42 0 81 */
+&(nid_objs[664]),/* OBJ_setct_BCIDistributionTBS     2 23 42 0 82 */
+&(nid_objs[665]),/* OBJ_setext_genCrypt              2 23 42 1 1 */
+&(nid_objs[666]),/* OBJ_setext_miAuth                2 23 42 1 3 */
+&(nid_objs[667]),/* OBJ_setext_pinSecure             2 23 42 1 4 */
+&(nid_objs[668]),/* OBJ_setext_pinAny                2 23 42 1 5 */
+&(nid_objs[669]),/* OBJ_setext_track2                2 23 42 1 7 */
+&(nid_objs[670]),/* OBJ_setext_cv                    2 23 42 1 8 */
+&(nid_objs[684]),/* OBJ_setAttr_Cert                 2 23 42 3 0 */
+&(nid_objs[685]),/* OBJ_setAttr_PGWYcap              2 23 42 3 1 */
+&(nid_objs[686]),/* OBJ_setAttr_TokenType            2 23 42 3 2 */
+&(nid_objs[687]),/* OBJ_setAttr_IssCap               2 23 42 3 3 */
+&(nid_objs[671]),/* OBJ_set_policy_root              2 23 42 5 0 */
+&(nid_objs[672]),/* OBJ_setCext_hashedRoot           2 23 42 7 0 */
+&(nid_objs[673]),/* OBJ_setCext_certType             2 23 42 7 1 */
+&(nid_objs[674]),/* OBJ_setCext_merchData            2 23 42 7 2 */
+&(nid_objs[675]),/* OBJ_setCext_cCertRequired        2 23 42 7 3 */
+&(nid_objs[676]),/* OBJ_setCext_tunneling            2 23 42 7 4 */
+&(nid_objs[677]),/* OBJ_setCext_setExt               2 23 42 7 5 */
+&(nid_objs[678]),/* OBJ_setCext_setQualf             2 23 42 7 6 */
+&(nid_objs[679]),/* OBJ_setCext_PGWYcapabilities     2 23 42 7 7 */
+&(nid_objs[680]),/* OBJ_setCext_TokenIdentifier      2 23 42 7 8 */
+&(nid_objs[681]),/* OBJ_setCext_Track2Data           2 23 42 7 9 */
+&(nid_objs[682]),/* OBJ_setCext_TokenType            2 23 42 7 10 */
+&(nid_objs[683]),/* OBJ_setCext_IssuerCapabilities   2 23 42 7 11 */
+&(nid_objs[700]),/* OBJ_set_brand_IATA_ATA           2 23 42 8 1 */
+&(nid_objs[704]),/* OBJ_set_brand_Visa               2 23 42 8 4 */
+&(nid_objs[705]),/* OBJ_set_brand_MasterCard         2 23 42 8 5 */
+&(nid_objs[701]),/* OBJ_set_brand_Diners             2 23 42 8 30 */
+&(nid_objs[702]),/* OBJ_set_brand_AmericanExpress    2 23 42 8 34 */
+&(nid_objs[703]),/* OBJ_set_brand_JCB                2 23 42 8 35 */
+&(nid_objs[184]),/* OBJ_X9_57                        1 2 840 10040 */
+&(nid_objs[405]),/* OBJ_ansi_X9_62                   1 2 840 10045 */
+&(nid_objs[389]),/* OBJ_Enterprises                  1 3 6 1 4 1 */
+&(nid_objs[569]),/* OBJ_mime_mhs                     1 3 6 1 7 1 */
 &(nid_objs[104]),/* OBJ_md5WithRSA                   1 3 14 3 2 3 */
 &(nid_objs[29]),/* OBJ_des_ecb                      1 3 14 3 2 6 */
 &(nid_objs[31]),/* OBJ_des_cbc                      1 3 14 3 2 7 */
 &(nid_objs[45]),/* OBJ_des_ofb64                    1 3 14 3 2 8 */
 &(nid_objs[30]),/* OBJ_des_cfb64                    1 3 14 3 2 9 */
+&(nid_objs[377]),/* OBJ_rsaSignature                 1 3 14 3 2 11 */
 &(nid_objs[67]),/* OBJ_dsa_2                        1 3 14 3 2 12 */
 &(nid_objs[66]),/* OBJ_dsaWithSHA                   1 3 14 3 2 13 */
 &(nid_objs[42]),/* OBJ_shaWithRSAEncryption         1 3 14 3 2 15 */
-&(nid_objs[32]),/* OBJ_des_ede                      1 3 14 3 2 17 */
+&(nid_objs[32]),/* OBJ_des_ede_ecb                  1 3 14 3 2 17 */
 &(nid_objs[41]),/* OBJ_sha                          1 3 14 3 2 18 */
 &(nid_objs[64]),/* OBJ_sha1                         1 3 14 3 2 26 */
 &(nid_objs[70]),/* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
 &(nid_objs[115]),/* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
 &(nid_objs[117]),/* OBJ_ripemd160                    1 3 36 3 2 1 */
+&(nid_objs[143]),/* OBJ_sxnet                        1 3 101 1 4 1 */
+&(nid_objs[548]),/* OBJ_sect163k1                    1 3 132 0 1 */
+&(nid_objs[549]),/* OBJ_sect163r1                    1 3 132 0 2 */
+&(nid_objs[555]),/* OBJ_sect239k1                    1 3 132 0 3 */
+&(nid_objs[544]),/* OBJ_sect113r1                    1 3 132 0 4 */
+&(nid_objs[545]),/* OBJ_sect113r2                    1 3 132 0 5 */
+&(nid_objs[529]),/* OBJ_secp112r1                    1 3 132 0 6 */
+&(nid_objs[530]),/* OBJ_secp112r2                    1 3 132 0 7 */
+&(nid_objs[534]),/* OBJ_secp160r1                    1 3 132 0 8 */
+&(nid_objs[533]),/* OBJ_secp160k1                    1 3 132 0 9 */
+&(nid_objs[540]),/* OBJ_secp256k1                    1 3 132 0 10 */
+&(nid_objs[550]),/* OBJ_sect163r2                    1 3 132 0 15 */
+&(nid_objs[556]),/* OBJ_sect283k1                    1 3 132 0 16 */
+&(nid_objs[557]),/* OBJ_sect283r1                    1 3 132 0 17 */
+&(nid_objs[546]),/* OBJ_sect131r1                    1 3 132 0 22 */
+&(nid_objs[547]),/* OBJ_sect131r2                    1 3 132 0 23 */
+&(nid_objs[551]),/* OBJ_sect193r1                    1 3 132 0 24 */
+&(nid_objs[552]),/* OBJ_sect193r2                    1 3 132 0 25 */
+&(nid_objs[553]),/* OBJ_sect233k1                    1 3 132 0 26 */
+&(nid_objs[554]),/* OBJ_sect233r1                    1 3 132 0 27 */
+&(nid_objs[531]),/* OBJ_secp128r1                    1 3 132 0 28 */
+&(nid_objs[532]),/* OBJ_secp128r2                    1 3 132 0 29 */
+&(nid_objs[535]),/* OBJ_secp160r2                    1 3 132 0 30 */
+&(nid_objs[536]),/* OBJ_secp192k1                    1 3 132 0 31 */
+&(nid_objs[538]),/* OBJ_secp224k1                    1 3 132 0 32 */
+&(nid_objs[539]),/* OBJ_secp224r1                    1 3 132 0 33 */
+&(nid_objs[542]),/* OBJ_secp384r1                    1 3 132 0 34 */
+&(nid_objs[543]),/* OBJ_secp521r1                    1 3 132 0 35 */
+&(nid_objs[558]),/* OBJ_sect409k1                    1 3 132 0 36 */
+&(nid_objs[559]),/* OBJ_sect409r1                    1 3 132 0 37 */
+&(nid_objs[560]),/* OBJ_sect571k1                    1 3 132 0 38 */
+&(nid_objs[561]),/* OBJ_sect571r1                    1 3 132 0 39 */
+&(nid_objs[688]),/* OBJ_set_rootKeyThumb             2 23 42 3 0 0 */
+&(nid_objs[689]),/* OBJ_set_addPolicy                2 23 42 3 0 1 */
+&(nid_objs[690]),/* OBJ_setAttr_Token_EMV            2 23 42 3 2 1 */
+&(nid_objs[691]),/* OBJ_setAttr_Token_B0Prime        2 23 42 3 2 2 */
+&(nid_objs[692]),/* OBJ_setAttr_IssCap_CVM           2 23 42 3 3 3 */
+&(nid_objs[693]),/* OBJ_setAttr_IssCap_T2            2 23 42 3 3 4 */
+&(nid_objs[694]),/* OBJ_setAttr_IssCap_Sig           2 23 42 3 3 5 */
+&(nid_objs[706]),/* OBJ_set_brand_Novus              2 23 42 8 6011 */
+&(nid_objs[564]),/* OBJ_wap_wsg_idm_ecid_wtls1       2 23 43 13 4 1 */
+&(nid_objs[709]),/* OBJ_wap_wsg_idm_ecid_wtls3       2 23 43 13 4 3 */
+&(nid_objs[710]),/* OBJ_wap_wsg_idm_ecid_wtls4       2 23 43 13 4 4 */
+&(nid_objs[711]),/* OBJ_wap_wsg_idm_ecid_wtls5       2 23 43 13 4 5 */
+&(nid_objs[565]),/* OBJ_wap_wsg_idm_ecid_wtls6       2 23 43 13 4 6 */
+&(nid_objs[712]),/* OBJ_wap_wsg_idm_ecid_wtls7       2 23 43 13 4 7 */
+&(nid_objs[566]),/* OBJ_wap_wsg_idm_ecid_wtls8       2 23 43 13 4 8 */
+&(nid_objs[567]),/* OBJ_wap_wsg_idm_ecid_wtls9       2 23 43 13 4 9 */
+&(nid_objs[713]),/* OBJ_wap_wsg_idm_ecid_wtls10      2 23 43 13 4 10 */
+&(nid_objs[714]),/* OBJ_wap_wsg_idm_ecid_wtls11      2 23 43 13 4 11 */
+&(nid_objs[715]),/* OBJ_wap_wsg_idm_ecid_wtls12      2 23 43 13 4 12 */
+&(nid_objs[124]),/* OBJ_rle_compression              1 1 1 1 666 1 */
+&(nid_objs[125]),/* OBJ_zlib_compression             1 1 1 1 666 2 */
 &(nid_objs[ 1]),/* OBJ_rsadsi                       1 2 840 113549 */
+&(nid_objs[185]),/* OBJ_X9cm                         1 2 840 10040 4 */
+&(nid_objs[127]),/* OBJ_id_pkix                      1 3 6 1 5 5 7 */
+&(nid_objs[570]),/* OBJ_mime_mhs_headings            1 3 6 1 7 1 1 */
+&(nid_objs[571]),/* OBJ_mime_mhs_bodies              1 3 6 1 7 1 2 */
 &(nid_objs[119]),/* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */
+&(nid_objs[695]),/* OBJ_setAttr_GenCryptgrm          2 23 42 3 3 3 1 */
+&(nid_objs[696]),/* OBJ_setAttr_T2Enc                2 23 42 3 3 4 1 */
+&(nid_objs[697]),/* OBJ_setAttr_T2cleartxt           2 23 42 3 3 4 2 */
+&(nid_objs[698]),/* OBJ_setAttr_TokICCsig            2 23 42 3 3 5 1 */
+&(nid_objs[699]),/* OBJ_setAttr_SecDevSig            2 23 42 3 3 5 2 */
+&(nid_objs[436]),/* OBJ_ucl                          0 9 2342 19200300 */
 &(nid_objs[ 2]),/* OBJ_pkcs                         1 2 840 113549 1 */
+&(nid_objs[431]),/* OBJ_hold_instruction_none        1 2 840 10040 2 1 */
+&(nid_objs[432]),/* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */
+&(nid_objs[433]),/* OBJ_hold_instruction_reject      1 2 840 10040 2 3 */
 &(nid_objs[116]),/* OBJ_dsa                          1 2 840 10040 4 1 */
 &(nid_objs[113]),/* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */
+&(nid_objs[406]),/* OBJ_X9_62_prime_field            1 2 840 10045 1 1 */
+&(nid_objs[407]),/* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */
+&(nid_objs[408]),/* OBJ_X9_62_id_ecPublicKey         1 2 840 10045 2 1 */
+&(nid_objs[416]),/* OBJ_ecdsa_with_SHA1              1 2 840 10045 4 1 */
+&(nid_objs[258]),/* OBJ_id_pkix_mod                  1 3 6 1 5 5 7 0 */
+&(nid_objs[175]),/* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
+&(nid_objs[259]),/* OBJ_id_qt                        1 3 6 1 5 5 7 2 */
+&(nid_objs[128]),/* OBJ_id_kp                        1 3 6 1 5 5 7 3 */
+&(nid_objs[260]),/* OBJ_id_it                        1 3 6 1 5 5 7 4 */
+&(nid_objs[261]),/* OBJ_id_pkip                      1 3 6 1 5 5 7 5 */
+&(nid_objs[262]),/* OBJ_id_alg                       1 3 6 1 5 5 7 6 */
+&(nid_objs[263]),/* OBJ_id_cmc                       1 3 6 1 5 5 7 7 */
+&(nid_objs[264]),/* OBJ_id_on                        1 3 6 1 5 5 7 8 */
+&(nid_objs[265]),/* OBJ_id_pda                       1 3 6 1 5 5 7 9 */
+&(nid_objs[266]),/* OBJ_id_aca                       1 3 6 1 5 5 7 10 */
+&(nid_objs[267]),/* OBJ_id_qcs                       1 3 6 1 5 5 7 11 */
+&(nid_objs[268]),/* OBJ_id_cct                       1 3 6 1 5 5 7 12 */
+&(nid_objs[176]),/* OBJ_id_ad                        1 3 6 1 5 5 7 48 */
+&(nid_objs[572]),/* OBJ_id_hex_partial_message       1 3 6 1 7 1 1 1 */
+&(nid_objs[573]),/* OBJ_id_hex_multipart_message     1 3 6 1 7 1 1 2 */
 &(nid_objs[57]),/* OBJ_netscape                     2 16 840 1 113730 */
+&(nid_objs[437]),/* OBJ_pilot                        0 9 2342 19200300 100 */
+&(nid_objs[186]),/* OBJ_pkcs1                        1 2 840 113549 1 1 */
 &(nid_objs[27]),/* OBJ_pkcs3                        1 2 840 113549 1 3 */
+&(nid_objs[187]),/* OBJ_pkcs5                        1 2 840 113549 1 5 */
 &(nid_objs[20]),/* OBJ_pkcs7                        1 2 840 113549 1 7 */
 &(nid_objs[47]),/* OBJ_pkcs9                        1 2 840 113549 1 9 */
 &(nid_objs[ 3]),/* OBJ_md2                          1 2 840 113549 2 2 */
+&(nid_objs[257]),/* OBJ_md4                          1 2 840 113549 2 4 */
 &(nid_objs[ 4]),/* OBJ_md5                          1 2 840 113549 2 5 */
+&(nid_objs[163]),/* OBJ_hmacWithSHA1                 1 2 840 113549 2 7 */
 &(nid_objs[37]),/* OBJ_rc2_cbc                      1 2 840 113549 3 2 */
 &(nid_objs[ 5]),/* OBJ_rc4                          1 2 840 113549 3 4 */
 &(nid_objs[44]),/* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
 &(nid_objs[120]),/* OBJ_rc5_cbc                      1 2 840 113549 3 8 */
+&(nid_objs[707]),/* OBJ_des_cdmf                     1 2 840 113549 3 10 */
+&(nid_objs[503]),/* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */
+&(nid_objs[507]),/* OBJ_X9_62_c2pnb163v1             1 2 840 10045 3 0 1 */
+&(nid_objs[508]),/* OBJ_X9_62_c2pnb163v2             1 2 840 10045 3 0 2 */
+&(nid_objs[509]),/* OBJ_X9_62_c2pnb163v3             1 2 840 10045 3 0 3 */
+&(nid_objs[510]),/* OBJ_X9_62_c2pnb176v1             1 2 840 10045 3 0 4 */
+&(nid_objs[511]),/* OBJ_X9_62_c2tnb191v1             1 2 840 10045 3 0 5 */
+&(nid_objs[512]),/* OBJ_X9_62_c2tnb191v2             1 2 840 10045 3 0 6 */
+&(nid_objs[513]),/* OBJ_X9_62_c2tnb191v3             1 2 840 10045 3 0 7 */
+&(nid_objs[514]),/* OBJ_X9_62_c2onb191v4             1 2 840 10045 3 0 8 */
+&(nid_objs[515]),/* OBJ_X9_62_c2onb191v5             1 2 840 10045 3 0 9 */
+&(nid_objs[516]),/* OBJ_X9_62_c2pnb208w1             1 2 840 10045 3 0 10 */
+&(nid_objs[517]),/* OBJ_X9_62_c2tnb239v1             1 2 840 10045 3 0 11 */
+&(nid_objs[518]),/* OBJ_X9_62_c2tnb239v2             1 2 840 10045 3 0 12 */
+&(nid_objs[519]),/* OBJ_X9_62_c2tnb239v3             1 2 840 10045 3 0 13 */
+&(nid_objs[520]),/* OBJ_X9_62_c2onb239v4             1 2 840 10045 3 0 14 */
+&(nid_objs[521]),/* OBJ_X9_62_c2onb239v5             1 2 840 10045 3 0 15 */
+&(nid_objs[522]),/* OBJ_X9_62_c2pnb272w1             1 2 840 10045 3 0 16 */
+&(nid_objs[523]),/* OBJ_X9_62_c2pnb304w1             1 2 840 10045 3 0 17 */
+&(nid_objs[524]),/* OBJ_X9_62_c2tnb359v1             1 2 840 10045 3 0 18 */
+&(nid_objs[525]),/* OBJ_X9_62_c2pnb368w1             1 2 840 10045 3 0 19 */
+&(nid_objs[526]),/* OBJ_X9_62_c2tnb431r1             1 2 840 10045 3 0 20 */
+&(nid_objs[409]),/* OBJ_X9_62_prime192v1             1 2 840 10045 3 1 1 */
+&(nid_objs[410]),/* OBJ_X9_62_prime192v2             1 2 840 10045 3 1 2 */
+&(nid_objs[411]),/* OBJ_X9_62_prime192v3             1 2 840 10045 3 1 3 */
+&(nid_objs[412]),/* OBJ_X9_62_prime239v1             1 2 840 10045 3 1 4 */
+&(nid_objs[413]),/* OBJ_X9_62_prime239v2             1 2 840 10045 3 1 5 */
+&(nid_objs[414]),/* OBJ_X9_62_prime239v3             1 2 840 10045 3 1 6 */
+&(nid_objs[415]),/* OBJ_X9_62_prime256v1             1 2 840 10045 3 1 7 */
+&(nid_objs[269]),/* OBJ_id_pkix1_explicit_88         1 3 6 1 5 5 7 0 1 */
+&(nid_objs[270]),/* OBJ_id_pkix1_implicit_88         1 3 6 1 5 5 7 0 2 */
+&(nid_objs[271]),/* OBJ_id_pkix1_explicit_93         1 3 6 1 5 5 7 0 3 */
+&(nid_objs[272]),/* OBJ_id_pkix1_implicit_93         1 3 6 1 5 5 7 0 4 */
+&(nid_objs[273]),/* OBJ_id_mod_crmf                  1 3 6 1 5 5 7 0 5 */
+&(nid_objs[274]),/* OBJ_id_mod_cmc                   1 3 6 1 5 5 7 0 6 */
+&(nid_objs[275]),/* OBJ_id_mod_kea_profile_88        1 3 6 1 5 5 7 0 7 */
+&(nid_objs[276]),/* OBJ_id_mod_kea_profile_93        1 3 6 1 5 5 7 0 8 */
+&(nid_objs[277]),/* OBJ_id_mod_cmp                   1 3 6 1 5 5 7 0 9 */
+&(nid_objs[278]),/* OBJ_id_mod_qualified_cert_88     1 3 6 1 5 5 7 0 10 */
+&(nid_objs[279]),/* OBJ_id_mod_qualified_cert_93     1 3 6 1 5 5 7 0 11 */
+&(nid_objs[280]),/* OBJ_id_mod_attribute_cert        1 3 6 1 5 5 7 0 12 */
+&(nid_objs[281]),/* OBJ_id_mod_timestamp_protocol    1 3 6 1 5 5 7 0 13 */
+&(nid_objs[282]),/* OBJ_id_mod_ocsp                  1 3 6 1 5 5 7 0 14 */
+&(nid_objs[283]),/* OBJ_id_mod_dvcs                  1 3 6 1 5 5 7 0 15 */
+&(nid_objs[284]),/* OBJ_id_mod_cmp2000               1 3 6 1 5 5 7 0 16 */
+&(nid_objs[177]),/* OBJ_info_access                  1 3 6 1 5 5 7 1 1 */
+&(nid_objs[285]),/* OBJ_biometricInfo                1 3 6 1 5 5 7 1 2 */
+&(nid_objs[286]),/* OBJ_qcStatements                 1 3 6 1 5 5 7 1 3 */
+&(nid_objs[287]),/* OBJ_ac_auditEntity               1 3 6 1 5 5 7 1 4 */
+&(nid_objs[288]),/* OBJ_ac_targeting                 1 3 6 1 5 5 7 1 5 */
+&(nid_objs[289]),/* OBJ_aaControls                   1 3 6 1 5 5 7 1 6 */
+&(nid_objs[290]),/* OBJ_sbqp_ipAddrBlock             1 3 6 1 5 5 7 1 7 */
+&(nid_objs[291]),/* OBJ_sbqp_autonomousSysNum        1 3 6 1 5 5 7 1 8 */
+&(nid_objs[292]),/* OBJ_sbqp_routerIdentifier        1 3 6 1 5 5 7 1 9 */
+&(nid_objs[397]),/* OBJ_ac_proxying                  1 3 6 1 5 5 7 1 10 */
+&(nid_objs[398]),/* OBJ_sinfo_access                 1 3 6 1 5 5 7 1 11 */
+&(nid_objs[164]),/* OBJ_id_qt_cps                    1 3 6 1 5 5 7 2 1 */
+&(nid_objs[165]),/* OBJ_id_qt_unotice                1 3 6 1 5 5 7 2 2 */
+&(nid_objs[293]),/* OBJ_textNotice                   1 3 6 1 5 5 7 2 3 */
+&(nid_objs[129]),/* OBJ_server_auth                  1 3 6 1 5 5 7 3 1 */
+&(nid_objs[130]),/* OBJ_client_auth                  1 3 6 1 5 5 7 3 2 */
+&(nid_objs[131]),/* OBJ_code_sign                    1 3 6 1 5 5 7 3 3 */
+&(nid_objs[132]),/* OBJ_email_protect                1 3 6 1 5 5 7 3 4 */
+&(nid_objs[294]),/* OBJ_ipsecEndSystem               1 3 6 1 5 5 7 3 5 */
+&(nid_objs[295]),/* OBJ_ipsecTunnel                  1 3 6 1 5 5 7 3 6 */
+&(nid_objs[296]),/* OBJ_ipsecUser                    1 3 6 1 5 5 7 3 7 */
+&(nid_objs[133]),/* OBJ_time_stamp                   1 3 6 1 5 5 7 3 8 */
+&(nid_objs[180]),/* OBJ_OCSP_sign                    1 3 6 1 5 5 7 3 9 */
+&(nid_objs[297]),/* OBJ_dvcs                         1 3 6 1 5 5 7 3 10 */
+&(nid_objs[298]),/* OBJ_id_it_caProtEncCert          1 3 6 1 5 5 7 4 1 */
+&(nid_objs[299]),/* OBJ_id_it_signKeyPairTypes       1 3 6 1 5 5 7 4 2 */
+&(nid_objs[300]),/* OBJ_id_it_encKeyPairTypes        1 3 6 1 5 5 7 4 3 */
+&(nid_objs[301]),/* OBJ_id_it_preferredSymmAlg       1 3 6 1 5 5 7 4 4 */
+&(nid_objs[302]),/* OBJ_id_it_caKeyUpdateInfo        1 3 6 1 5 5 7 4 5 */
+&(nid_objs[303]),/* OBJ_id_it_currentCRL             1 3 6 1 5 5 7 4 6 */
+&(nid_objs[304]),/* OBJ_id_it_unsupportedOIDs        1 3 6 1 5 5 7 4 7 */
+&(nid_objs[305]),/* OBJ_id_it_subscriptionRequest    1 3 6 1 5 5 7 4 8 */
+&(nid_objs[306]),/* OBJ_id_it_subscriptionResponse   1 3 6 1 5 5 7 4 9 */
+&(nid_objs[307]),/* OBJ_id_it_keyPairParamReq        1 3 6 1 5 5 7 4 10 */
+&(nid_objs[308]),/* OBJ_id_it_keyPairParamRep        1 3 6 1 5 5 7 4 11 */
+&(nid_objs[309]),/* OBJ_id_it_revPassphrase          1 3 6 1 5 5 7 4 12 */
+&(nid_objs[310]),/* OBJ_id_it_implicitConfirm        1 3 6 1 5 5 7 4 13 */
+&(nid_objs[311]),/* OBJ_id_it_confirmWaitTime        1 3 6 1 5 5 7 4 14 */
+&(nid_objs[312]),/* OBJ_id_it_origPKIMessage         1 3 6 1 5 5 7 4 15 */
+&(nid_objs[313]),/* OBJ_id_regCtrl                   1 3 6 1 5 5 7 5 1 */
+&(nid_objs[314]),/* OBJ_id_regInfo                   1 3 6 1 5 5 7 5 2 */
+&(nid_objs[323]),/* OBJ_id_alg_des40                 1 3 6 1 5 5 7 6 1 */
+&(nid_objs[324]),/* OBJ_id_alg_noSignature           1 3 6 1 5 5 7 6 2 */
+&(nid_objs[325]),/* OBJ_id_alg_dh_sig_hmac_sha1      1 3 6 1 5 5 7 6 3 */
+&(nid_objs[326]),/* OBJ_id_alg_dh_pop                1 3 6 1 5 5 7 6 4 */
+&(nid_objs[327]),/* OBJ_id_cmc_statusInfo            1 3 6 1 5 5 7 7 1 */
+&(nid_objs[328]),/* OBJ_id_cmc_identification        1 3 6 1 5 5 7 7 2 */
+&(nid_objs[329]),/* OBJ_id_cmc_identityProof         1 3 6 1 5 5 7 7 3 */
+&(nid_objs[330]),/* OBJ_id_cmc_dataReturn            1 3 6 1 5 5 7 7 4 */
+&(nid_objs[331]),/* OBJ_id_cmc_transactionId         1 3 6 1 5 5 7 7 5 */
+&(nid_objs[332]),/* OBJ_id_cmc_senderNonce           1 3 6 1 5 5 7 7 6 */
+&(nid_objs[333]),/* OBJ_id_cmc_recipientNonce        1 3 6 1 5 5 7 7 7 */
+&(nid_objs[334]),/* OBJ_id_cmc_addExtensions         1 3 6 1 5 5 7 7 8 */
+&(nid_objs[335]),/* OBJ_id_cmc_encryptedPOP          1 3 6 1 5 5 7 7 9 */
+&(nid_objs[336]),/* OBJ_id_cmc_decryptedPOP          1 3 6 1 5 5 7 7 10 */
+&(nid_objs[337]),/* OBJ_id_cmc_lraPOPWitness         1 3 6 1 5 5 7 7 11 */
+&(nid_objs[338]),/* OBJ_id_cmc_getCert               1 3 6 1 5 5 7 7 15 */
+&(nid_objs[339]),/* OBJ_id_cmc_getCRL                1 3 6 1 5 5 7 7 16 */
+&(nid_objs[340]),/* OBJ_id_cmc_revokeRequest         1 3 6 1 5 5 7 7 17 */
+&(nid_objs[341]),/* OBJ_id_cmc_regInfo               1 3 6 1 5 5 7 7 18 */
+&(nid_objs[342]),/* OBJ_id_cmc_responseInfo          1 3 6 1 5 5 7 7 19 */
+&(nid_objs[343]),/* OBJ_id_cmc_queryPending          1 3 6 1 5 5 7 7 21 */
+&(nid_objs[344]),/* OBJ_id_cmc_popLinkRandom         1 3 6 1 5 5 7 7 22 */
+&(nid_objs[345]),/* OBJ_id_cmc_popLinkWitness        1 3 6 1 5 5 7 7 23 */
+&(nid_objs[346]),/* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */
+&(nid_objs[347]),/* OBJ_id_on_personalData           1 3 6 1 5 5 7 8 1 */
+&(nid_objs[348]),/* OBJ_id_pda_dateOfBirth           1 3 6 1 5 5 7 9 1 */
+&(nid_objs[349]),/* OBJ_id_pda_placeOfBirth          1 3 6 1 5 5 7 9 2 */
+&(nid_objs[351]),/* OBJ_id_pda_gender                1 3 6 1 5 5 7 9 3 */
+&(nid_objs[352]),/* OBJ_id_pda_countryOfCitizenship  1 3 6 1 5 5 7 9 4 */
+&(nid_objs[353]),/* OBJ_id_pda_countryOfResidence    1 3 6 1 5 5 7 9 5 */
+&(nid_objs[354]),/* OBJ_id_aca_authenticationInfo    1 3 6 1 5 5 7 10 1 */
+&(nid_objs[355]),/* OBJ_id_aca_accessIdentity        1 3 6 1 5 5 7 10 2 */
+&(nid_objs[356]),/* OBJ_id_aca_chargingIdentity      1 3 6 1 5 5 7 10 3 */
+&(nid_objs[357]),/* OBJ_id_aca_group                 1 3 6 1 5 5 7 10 4 */
+&(nid_objs[358]),/* OBJ_id_aca_role                  1 3 6 1 5 5 7 10 5 */
+&(nid_objs[399]),/* OBJ_id_aca_encAttrs              1 3 6 1 5 5 7 10 6 */
+&(nid_objs[359]),/* OBJ_id_qcs_pkixQCSyntax_v1       1 3 6 1 5 5 7 11 1 */
+&(nid_objs[360]),/* OBJ_id_cct_crs                   1 3 6 1 5 5 7 12 1 */
+&(nid_objs[361]),/* OBJ_id_cct_PKIData               1 3 6 1 5 5 7 12 2 */
+&(nid_objs[362]),/* OBJ_id_cct_PKIResponse           1 3 6 1 5 5 7 12 3 */
+&(nid_objs[178]),/* OBJ_ad_OCSP                      1 3 6 1 5 5 7 48 1 */
+&(nid_objs[179]),/* OBJ_ad_ca_issuers                1 3 6 1 5 5 7 48 2 */
+&(nid_objs[363]),/* OBJ_ad_timeStamping              1 3 6 1 5 5 7 48 3 */
+&(nid_objs[364]),/* OBJ_ad_dvcs                      1 3 6 1 5 5 7 48 4 */
 &(nid_objs[58]),/* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
 &(nid_objs[59]),/* OBJ_netscape_data_type           2 16 840 1 113730 2 */
+&(nid_objs[438]),/* OBJ_pilotAttributeType           0 9 2342 19200300 100 1 */
+&(nid_objs[439]),/* OBJ_pilotAttributeSyntax         0 9 2342 19200300 100 3 */
+&(nid_objs[440]),/* OBJ_pilotObjectClass             0 9 2342 19200300 100 4 */
+&(nid_objs[441]),/* OBJ_pilotGroups                  0 9 2342 19200300 100 10 */
 &(nid_objs[108]),/* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
 &(nid_objs[112]),/* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
 &(nid_objs[ 6]),/* OBJ_rsaEncryption                1 2 840 113549 1 1 1 */
 &(nid_objs[ 7]),/* OBJ_md2WithRSAEncryption         1 2 840 113549 1 1 2 */
+&(nid_objs[396]),/* OBJ_md4WithRSAEncryption         1 2 840 113549 1 1 3 */
 &(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
 &(nid_objs[65]),/* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
+&(nid_objs[708]),/* OBJ_rsaOAEPEncryptionSET         1 2 840 113549 1 1 6 */
 &(nid_objs[28]),/* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */
 &(nid_objs[ 9]),/* OBJ_pbeWithMD2AndDES_CBC         1 2 840 113549 1 5 1 */
 &(nid_objs[10]),/* OBJ_pbeWithMD5AndDES_CBC         1 2 840 113549 1 5 3 */
-&(nid_objs[68]),/* OBJ_pbeWithSHA1AndRC2_CBC        1 2 840 113549 1 5 11  */
-&(nid_objs[69]),/* OBJ_pbeWithSHA1AndRC4            1 2 840 113549 1 5 12  */
+&(nid_objs[168]),/* OBJ_pbeWithMD2AndRC2_CBC         1 2 840 113549 1 5 4 */
+&(nid_objs[169]),/* OBJ_pbeWithMD5AndRC2_CBC         1 2 840 113549 1 5 6 */
+&(nid_objs[170]),/* OBJ_pbeWithSHA1AndDES_CBC        1 2 840 113549 1 5 10 */
+&(nid_objs[68]),/* OBJ_pbeWithSHA1AndRC2_CBC        1 2 840 113549 1 5 11 */
+&(nid_objs[69]),/* OBJ_id_pbkdf2                    1 2 840 113549 1 5 12 */
+&(nid_objs[161]),/* OBJ_pbes2                        1 2 840 113549 1 5 13 */
+&(nid_objs[162]),/* OBJ_pbmac1                       1 2 840 113549 1 5 14 */
 &(nid_objs[21]),/* OBJ_pkcs7_data                   1 2 840 113549 1 7 1 */
 &(nid_objs[22]),/* OBJ_pkcs7_signed                 1 2 840 113549 1 7 2 */
 &(nid_objs[23]),/* OBJ_pkcs7_enveloped              1 2 840 113549 1 7 3 */
@@ -655,6 +3794,48 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[54]),/* OBJ_pkcs9_challengePassword      1 2 840 113549 1 9 7 */
 &(nid_objs[55]),/* OBJ_pkcs9_unstructuredAddress    1 2 840 113549 1 9 8 */
 &(nid_objs[56]),/* OBJ_pkcs9_extCertAttributes      1 2 840 113549 1 9 9 */
+&(nid_objs[172]),/* OBJ_ext_req                      1 2 840 113549 1 9 14 */
+&(nid_objs[167]),/* OBJ_SMIMECapabilities            1 2 840 113549 1 9 15 */
+&(nid_objs[188]),/* OBJ_SMIME                        1 2 840 113549 1 9 16 */
+&(nid_objs[156]),/* OBJ_friendlyName                 1 2 840 113549 1 9 20 */
+&(nid_objs[157]),/* OBJ_localKeyID                   1 2 840 113549 1 9 21 */
+&(nid_objs[504]),/* OBJ_X9_62_onBasis                1 2 840 10045 1 2 3 1 */
+&(nid_objs[505]),/* OBJ_X9_62_tpBasis                1 2 840 10045 1 2 3 2 */
+&(nid_objs[506]),/* OBJ_X9_62_ppBasis                1 2 840 10045 1 2 3 3 */
+&(nid_objs[417]),/* OBJ_ms_csp_name                  1 3 6 1 4 1 311 17 1 */
+&(nid_objs[390]),/* OBJ_dcObject                     1 3 6 1 4 1 1466 344 */
+&(nid_objs[91]),/* OBJ_bf_cbc                       1 3 6 1 4 1 3029 1 2 */
+&(nid_objs[315]),/* OBJ_id_regCtrl_regToken          1 3 6 1 5 5 7 5 1 1 */
+&(nid_objs[316]),/* OBJ_id_regCtrl_authenticator     1 3 6 1 5 5 7 5 1 2 */
+&(nid_objs[317]),/* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */
+&(nid_objs[318]),/* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */
+&(nid_objs[319]),/* OBJ_id_regCtrl_oldCertID         1 3 6 1 5 5 7 5 1 5 */
+&(nid_objs[320]),/* OBJ_id_regCtrl_protocolEncrKey   1 3 6 1 5 5 7 5 1 6 */
+&(nid_objs[321]),/* OBJ_id_regInfo_utf8Pairs         1 3 6 1 5 5 7 5 2 1 */
+&(nid_objs[322]),/* OBJ_id_regInfo_certReq           1 3 6 1 5 5 7 5 2 2 */
+&(nid_objs[365]),/* OBJ_id_pkix_OCSP_basic           1 3 6 1 5 5 7 48 1 1 */
+&(nid_objs[366]),/* OBJ_id_pkix_OCSP_Nonce           1 3 6 1 5 5 7 48 1 2 */
+&(nid_objs[367]),/* OBJ_id_pkix_OCSP_CrlID           1 3 6 1 5 5 7 48 1 3 */
+&(nid_objs[368]),/* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */
+&(nid_objs[369]),/* OBJ_id_pkix_OCSP_noCheck         1 3 6 1 5 5 7 48 1 5 */
+&(nid_objs[370]),/* OBJ_id_pkix_OCSP_archiveCutoff   1 3 6 1 5 5 7 48 1 6 */
+&(nid_objs[371]),/* OBJ_id_pkix_OCSP_serviceLocator  1 3 6 1 5 5 7 48 1 7 */
+&(nid_objs[372]),/* OBJ_id_pkix_OCSP_extendedStatus  1 3 6 1 5 5 7 48 1 8 */
+&(nid_objs[373]),/* OBJ_id_pkix_OCSP_valid           1 3 6 1 5 5 7 48 1 9 */
+&(nid_objs[374]),/* OBJ_id_pkix_OCSP_path            1 3 6 1 5 5 7 48 1 10 */
+&(nid_objs[375]),/* OBJ_id_pkix_OCSP_trustRoot       1 3 6 1 5 5 7 48 1 11 */
+&(nid_objs[418]),/* OBJ_aes_128_ecb                  2 16 840 1 101 3 4 1 1 */
+&(nid_objs[419]),/* OBJ_aes_128_cbc                  2 16 840 1 101 3 4 1 2 */
+&(nid_objs[420]),/* OBJ_aes_128_ofb128               2 16 840 1 101 3 4 1 3 */
+&(nid_objs[421]),/* OBJ_aes_128_cfb128               2 16 840 1 101 3 4 1 4 */
+&(nid_objs[422]),/* OBJ_aes_192_ecb                  2 16 840 1 101 3 4 1 21 */
+&(nid_objs[423]),/* OBJ_aes_192_cbc                  2 16 840 1 101 3 4 1 22 */
+&(nid_objs[424]),/* OBJ_aes_192_ofb128               2 16 840 1 101 3 4 1 23 */
+&(nid_objs[425]),/* OBJ_aes_192_cfb128               2 16 840 1 101 3 4 1 24 */
+&(nid_objs[426]),/* OBJ_aes_256_ecb                  2 16 840 1 101 3 4 1 41 */
+&(nid_objs[427]),/* OBJ_aes_256_cbc                  2 16 840 1 101 3 4 1 42 */
+&(nid_objs[428]),/* OBJ_aes_256_ofb128               2 16 840 1 101 3 4 1 43 */
+&(nid_objs[429]),/* OBJ_aes_256_cfb128               2 16 840 1 101 3 4 1 44 */
 &(nid_objs[71]),/* OBJ_netscape_cert_type           2 16 840 1 113730 1 1 */
 &(nid_objs[72]),/* OBJ_netscape_base_url            2 16 840 1 113730 1 2 */
 &(nid_objs[73]),/* OBJ_netscape_revocation_url      2 16 840 1 113730 1 3 */
@@ -664,5 +3845,161 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[77]),/* OBJ_netscape_ssl_server_name     2 16 840 1 113730 1 12 */
 &(nid_objs[78]),/* OBJ_netscape_comment             2 16 840 1 113730 1 13 */
 &(nid_objs[79]),/* OBJ_netscape_cert_sequence       2 16 840 1 113730 2 5 */
+&(nid_objs[139]),/* OBJ_ns_sgc                       2 16 840 1 113730 4 1 */
+&(nid_objs[458]),/* OBJ_userId                       0 9 2342 19200300 100 1 1 */
+&(nid_objs[459]),/* OBJ_textEncodedORAddress         0 9 2342 19200300 100 1 2 */
+&(nid_objs[460]),/* OBJ_rfc822Mailbox                0 9 2342 19200300 100 1 3 */
+&(nid_objs[461]),/* OBJ_info                         0 9 2342 19200300 100 1 4 */
+&(nid_objs[462]),/* OBJ_favouriteDrink               0 9 2342 19200300 100 1 5 */
+&(nid_objs[463]),/* OBJ_roomNumber                   0 9 2342 19200300 100 1 6 */
+&(nid_objs[464]),/* OBJ_photo                        0 9 2342 19200300 100 1 7 */
+&(nid_objs[465]),/* OBJ_userClass                    0 9 2342 19200300 100 1 8 */
+&(nid_objs[466]),/* OBJ_host                         0 9 2342 19200300 100 1 9 */
+&(nid_objs[467]),/* OBJ_manager                      0 9 2342 19200300 100 1 10 */
+&(nid_objs[468]),/* OBJ_documentIdentifier           0 9 2342 19200300 100 1 11 */
+&(nid_objs[469]),/* OBJ_documentTitle                0 9 2342 19200300 100 1 12 */
+&(nid_objs[470]),/* OBJ_documentVersion              0 9 2342 19200300 100 1 13 */
+&(nid_objs[471]),/* OBJ_documentAuthor               0 9 2342 19200300 100 1 14 */
+&(nid_objs[472]),/* OBJ_documentLocation             0 9 2342 19200300 100 1 15 */
+&(nid_objs[473]),/* OBJ_homeTelephoneNumber          0 9 2342 19200300 100 1 20 */
+&(nid_objs[474]),/* OBJ_secretary                    0 9 2342 19200300 100 1 21 */
+&(nid_objs[475]),/* OBJ_otherMailbox                 0 9 2342 19200300 100 1 22 */
+&(nid_objs[476]),/* OBJ_lastModifiedTime             0 9 2342 19200300 100 1 23 */
+&(nid_objs[477]),/* OBJ_lastModifiedBy               0 9 2342 19200300 100 1 24 */
+&(nid_objs[391]),/* OBJ_domainComponent              0 9 2342 19200300 100 1 25 */
+&(nid_objs[478]),/* OBJ_aRecord                      0 9 2342 19200300 100 1 26 */
+&(nid_objs[479]),/* OBJ_pilotAttributeType27         0 9 2342 19200300 100 1 27 */
+&(nid_objs[480]),/* OBJ_mXRecord                     0 9 2342 19200300 100 1 28 */
+&(nid_objs[481]),/* OBJ_nSRecord                     0 9 2342 19200300 100 1 29 */
+&(nid_objs[482]),/* OBJ_sOARecord                    0 9 2342 19200300 100 1 30 */
+&(nid_objs[483]),/* OBJ_cNAMERecord                  0 9 2342 19200300 100 1 31 */
+&(nid_objs[484]),/* OBJ_associatedDomain             0 9 2342 19200300 100 1 37 */
+&(nid_objs[485]),/* OBJ_associatedName               0 9 2342 19200300 100 1 38 */
+&(nid_objs[486]),/* OBJ_homePostalAddress            0 9 2342 19200300 100 1 39 */
+&(nid_objs[487]),/* OBJ_personalTitle                0 9 2342 19200300 100 1 40 */
+&(nid_objs[488]),/* OBJ_mobileTelephoneNumber        0 9 2342 19200300 100 1 41 */
+&(nid_objs[489]),/* OBJ_pagerTelephoneNumber         0 9 2342 19200300 100 1 42 */
+&(nid_objs[490]),/* OBJ_friendlyCountryName          0 9 2342 19200300 100 1 43 */
+&(nid_objs[491]),/* OBJ_organizationalStatus         0 9 2342 19200300 100 1 45 */
+&(nid_objs[492]),/* OBJ_janetMailbox                 0 9 2342 19200300 100 1 46 */
+&(nid_objs[493]),/* OBJ_mailPreferenceOption         0 9 2342 19200300 100 1 47 */
+&(nid_objs[494]),/* OBJ_buildingName                 0 9 2342 19200300 100 1 48 */
+&(nid_objs[495]),/* OBJ_dSAQuality                   0 9 2342 19200300 100 1 49 */
+&(nid_objs[496]),/* OBJ_singleLevelQuality           0 9 2342 19200300 100 1 50 */
+&(nid_objs[497]),/* OBJ_subtreeMinimumQuality        0 9 2342 19200300 100 1 51 */
+&(nid_objs[498]),/* OBJ_subtreeMaximumQuality        0 9 2342 19200300 100 1 52 */
+&(nid_objs[499]),/* OBJ_personalSignature            0 9 2342 19200300 100 1 53 */
+&(nid_objs[500]),/* OBJ_dITRedirect                  0 9 2342 19200300 100 1 54 */
+&(nid_objs[501]),/* OBJ_audio                        0 9 2342 19200300 100 1 55 */
+&(nid_objs[502]),/* OBJ_documentPublisher            0 9 2342 19200300 100 1 56 */
+&(nid_objs[442]),/* OBJ_iA5StringSyntax              0 9 2342 19200300 100 3 4 */
+&(nid_objs[443]),/* OBJ_caseIgnoreIA5StringSyntax    0 9 2342 19200300 100 3 5 */
+&(nid_objs[444]),/* OBJ_pilotObject                  0 9 2342 19200300 100 4 3 */
+&(nid_objs[445]),/* OBJ_pilotPerson                  0 9 2342 19200300 100 4 4 */
+&(nid_objs[446]),/* OBJ_account                      0 9 2342 19200300 100 4 5 */
+&(nid_objs[447]),/* OBJ_document                     0 9 2342 19200300 100 4 6 */
+&(nid_objs[448]),/* OBJ_room                         0 9 2342 19200300 100 4 7 */
+&(nid_objs[449]),/* OBJ_documentSeries               0 9 2342 19200300 100 4 9 */
+&(nid_objs[392]),/* OBJ_Domain                       0 9 2342 19200300 100 4 13 */
+&(nid_objs[450]),/* OBJ_rFC822localPart              0 9 2342 19200300 100 4 14 */
+&(nid_objs[451]),/* OBJ_dNSDomain                    0 9 2342 19200300 100 4 15 */
+&(nid_objs[452]),/* OBJ_domainRelatedObject          0 9 2342 19200300 100 4 17 */
+&(nid_objs[453]),/* OBJ_friendlyCountry              0 9 2342 19200300 100 4 18 */
+&(nid_objs[454]),/* OBJ_simpleSecurityObject         0 9 2342 19200300 100 4 19 */
+&(nid_objs[455]),/* OBJ_pilotOrganization            0 9 2342 19200300 100 4 20 */
+&(nid_objs[456]),/* OBJ_pilotDSA                     0 9 2342 19200300 100 4 21 */
+&(nid_objs[457]),/* OBJ_qualityLabelledData          0 9 2342 19200300 100 4 22 */
+&(nid_objs[189]),/* OBJ_id_smime_mod                 1 2 840 113549 1 9 16 0 */
+&(nid_objs[190]),/* OBJ_id_smime_ct                  1 2 840 113549 1 9 16 1 */
+&(nid_objs[191]),/* OBJ_id_smime_aa                  1 2 840 113549 1 9 16 2 */
+&(nid_objs[192]),/* OBJ_id_smime_alg                 1 2 840 113549 1 9 16 3 */
+&(nid_objs[193]),/* OBJ_id_smime_cd                  1 2 840 113549 1 9 16 4 */
+&(nid_objs[194]),/* OBJ_id_smime_spq                 1 2 840 113549 1 9 16 5 */
+&(nid_objs[195]),/* OBJ_id_smime_cti                 1 2 840 113549 1 9 16 6 */
+&(nid_objs[158]),/* OBJ_x509Certificate              1 2 840 113549 1 9 22 1 */
+&(nid_objs[159]),/* OBJ_sdsiCertificate              1 2 840 113549 1 9 22 2 */
+&(nid_objs[160]),/* OBJ_x509Crl                      1 2 840 113549 1 9 23 1 */
+&(nid_objs[144]),/* OBJ_pbe_WithSHA1And128BitRC4     1 2 840 113549 1 12 1 1 */
+&(nid_objs[145]),/* OBJ_pbe_WithSHA1And40BitRC4      1 2 840 113549 1 12 1 2 */
+&(nid_objs[146]),/* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */
+&(nid_objs[147]),/* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */
+&(nid_objs[148]),/* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */
+&(nid_objs[149]),/* OBJ_pbe_WithSHA1And40BitRC2_CBC  1 2 840 113549 1 12 1 6 */
+&(nid_objs[171]),/* OBJ_ms_ext_req                   1 3 6 1 4 1 311 2 1 14 */
+&(nid_objs[134]),/* OBJ_ms_code_ind                  1 3 6 1 4 1 311 2 1 21 */
+&(nid_objs[135]),/* OBJ_ms_code_com                  1 3 6 1 4 1 311 2 1 22 */
+&(nid_objs[136]),/* OBJ_ms_ctl_sign                  1 3 6 1 4 1 311 10 3 1 */
+&(nid_objs[137]),/* OBJ_ms_sgc                       1 3 6 1 4 1 311 10 3 3 */
+&(nid_objs[138]),/* OBJ_ms_efs                       1 3 6 1 4 1 311 10 3 4 */
+&(nid_objs[716]),/* OBJ_ms_smartcard_login           1 3 6 1 4 1 311 20 2 2 */
+&(nid_objs[717]),/* OBJ_ms_upn                       1 3 6 1 4 1 311 20 2 3 */
+&(nid_objs[196]),/* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */
+&(nid_objs[197]),/* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */
+&(nid_objs[198]),/* OBJ_id_smime_mod_oid             1 2 840 113549 1 9 16 0 3 */
+&(nid_objs[199]),/* OBJ_id_smime_mod_msg_v3          1 2 840 113549 1 9 16 0 4 */
+&(nid_objs[200]),/* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */
+&(nid_objs[201]),/* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */
+&(nid_objs[202]),/* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */
+&(nid_objs[203]),/* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */
+&(nid_objs[204]),/* OBJ_id_smime_ct_receipt          1 2 840 113549 1 9 16 1 1 */
+&(nid_objs[205]),/* OBJ_id_smime_ct_authData         1 2 840 113549 1 9 16 1 2 */
+&(nid_objs[206]),/* OBJ_id_smime_ct_publishCert      1 2 840 113549 1 9 16 1 3 */
+&(nid_objs[207]),/* OBJ_id_smime_ct_TSTInfo          1 2 840 113549 1 9 16 1 4 */
+&(nid_objs[208]),/* OBJ_id_smime_ct_TDTInfo          1 2 840 113549 1 9 16 1 5 */
+&(nid_objs[209]),/* OBJ_id_smime_ct_contentInfo      1 2 840 113549 1 9 16 1 6 */
+&(nid_objs[210]),/* OBJ_id_smime_ct_DVCSRequestData  1 2 840 113549 1 9 16 1 7 */
+&(nid_objs[211]),/* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */
+&(nid_objs[212]),/* OBJ_id_smime_aa_receiptRequest   1 2 840 113549 1 9 16 2 1 */
+&(nid_objs[213]),/* OBJ_id_smime_aa_securityLabel    1 2 840 113549 1 9 16 2 2 */
+&(nid_objs[214]),/* OBJ_id_smime_aa_mlExpandHistory  1 2 840 113549 1 9 16 2 3 */
+&(nid_objs[215]),/* OBJ_id_smime_aa_contentHint      1 2 840 113549 1 9 16 2 4 */
+&(nid_objs[216]),/* OBJ_id_smime_aa_msgSigDigest     1 2 840 113549 1 9 16 2 5 */
+&(nid_objs[217]),/* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */
+&(nid_objs[218]),/* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */
+&(nid_objs[219]),/* OBJ_id_smime_aa_macValue         1 2 840 113549 1 9 16 2 8 */
+&(nid_objs[220]),/* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */
+&(nid_objs[221]),/* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */
+&(nid_objs[222]),/* OBJ_id_smime_aa_encrypKeyPref    1 2 840 113549 1 9 16 2 11 */
+&(nid_objs[223]),/* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */
+&(nid_objs[224]),/* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */
+&(nid_objs[225]),/* OBJ_id_smime_aa_timeStampToken   1 2 840 113549 1 9 16 2 14 */
+&(nid_objs[226]),/* OBJ_id_smime_aa_ets_sigPolicyId  1 2 840 113549 1 9 16 2 15 */
+&(nid_objs[227]),/* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */
+&(nid_objs[228]),/* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */
+&(nid_objs[229]),/* OBJ_id_smime_aa_ets_signerAttr   1 2 840 113549 1 9 16 2 18 */
+&(nid_objs[230]),/* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */
+&(nid_objs[231]),/* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */
+&(nid_objs[232]),/* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */
+&(nid_objs[233]),/* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */
+&(nid_objs[234]),/* OBJ_id_smime_aa_ets_certValues   1 2 840 113549 1 9 16 2 23 */
+&(nid_objs[235]),/* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */
+&(nid_objs[236]),/* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */
+&(nid_objs[237]),/* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */
+&(nid_objs[238]),/* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */
+&(nid_objs[239]),/* OBJ_id_smime_aa_signatureType    1 2 840 113549 1 9 16 2 28 */
+&(nid_objs[240]),/* OBJ_id_smime_aa_dvcs_dvc         1 2 840 113549 1 9 16 2 29 */
+&(nid_objs[241]),/* OBJ_id_smime_alg_ESDHwith3DES    1 2 840 113549 1 9 16 3 1 */
+&(nid_objs[242]),/* OBJ_id_smime_alg_ESDHwithRC2     1 2 840 113549 1 9 16 3 2 */
+&(nid_objs[243]),/* OBJ_id_smime_alg_3DESwrap        1 2 840 113549 1 9 16 3 3 */
+&(nid_objs[244]),/* OBJ_id_smime_alg_RC2wrap         1 2 840 113549 1 9 16 3 4 */
+&(nid_objs[245]),/* OBJ_id_smime_alg_ESDH            1 2 840 113549 1 9 16 3 5 */
+&(nid_objs[246]),/* OBJ_id_smime_alg_CMS3DESwrap     1 2 840 113549 1 9 16 3 6 */
+&(nid_objs[247]),/* OBJ_id_smime_alg_CMSRC2wrap      1 2 840 113549 1 9 16 3 7 */
+&(nid_objs[248]),/* OBJ_id_smime_cd_ldap             1 2 840 113549 1 9 16 4 1 */
+&(nid_objs[249]),/* OBJ_id_smime_spq_ets_sqt_uri     1 2 840 113549 1 9 16 5 1 */
+&(nid_objs[250]),/* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */
+&(nid_objs[251]),/* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */
+&(nid_objs[252]),/* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */
+&(nid_objs[253]),/* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */
+&(nid_objs[254]),/* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */
+&(nid_objs[255]),/* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */
+&(nid_objs[256]),/* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */
+&(nid_objs[150]),/* OBJ_keyBag                       1 2 840 113549 1 12 10 1 1 */
+&(nid_objs[151]),/* OBJ_pkcs8ShroudedKeyBag          1 2 840 113549 1 12 10 1 2 */
+&(nid_objs[152]),/* OBJ_certBag                      1 2 840 113549 1 12 10 1 3 */
+&(nid_objs[153]),/* OBJ_crlBag                       1 2 840 113549 1 12 10 1 4 */
+&(nid_objs[154]),/* OBJ_secretBag                    1 2 840 113549 1 12 10 1 5 */
+&(nid_objs[155]),/* OBJ_safeContentsBag              1 2 840 113549 1 12 10 1 6 */
+&(nid_objs[34]),/* OBJ_idea_cbc                     1 3 6 1 4 1 188 7 1 1 2 */
 };
 
diff --git a/crypto/objects/obj_dat.pl b/crypto/objects/obj_dat.pl
index ebeb243d80..5dfb84ea00 100644
--- a/crypto/objects/obj_dat.pl
+++ b/crypto/objects/obj_dat.pl
@@ -38,15 +38,36 @@ sub expand_obj
 	return(%objn);
 	}
 
-while (<>)
+open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]";
+open (OUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";
+
+while (<IN>)
 	{
 	next unless /^\#define\s+(\S+)\s+(.*)$/;
 	$v=$1;
 	$d=$2;
+	$d =~ s/^\"//;
+	$d =~ s/\"$//;
 	if ($v =~ /^SN_(.*)$/)
-		{ $sn{$1}=$d; }
+		{
+		if(defined $snames{$d})
+			{
+			print "WARNING: Duplicate short name \"$d\"\n";
+			}
+		else 
+			{ $snames{$d} = "X"; }
+		$sn{$1}=$d;
+		}
 	elsif ($v =~ /^LN_(.*)$/)
-		{ $ln{$1}=$d; }
+		{
+		if(defined $lnames{$d})
+			{
+			print "WARNING: Duplicate long name \"$d\"\n";
+			}
+		else 
+			{ $lnames{$d} = "X"; }
+		$ln{$1}=$d;
+		}
 	elsif ($v =~ /^NID_(.*)$/)
 		{ $nid{$d}=$1; }
 	elsif ($v =~ /^OBJ_(.*)$/)
@@ -55,6 +76,7 @@ while (<>)
 		$objd{$v}=$d;
 		}
 	}
+close IN;
 
 %ob=&expand_obj(*objd);
 
@@ -74,11 +96,20 @@ for ($i=0; $i<$n; $i++)
 		{
 		$sn=defined($sn{$nid{$i}})?"$sn{$nid{$i}}":"NULL";
 		$ln=defined($ln{$nid{$i}})?"$ln{$nid{$i}}":"NULL";
-		$sn=$ln if ($sn eq "NULL");
-		$ln=$sn if ($ln eq "NULL");
+
+		if ($sn eq "NULL") {
+			$sn=$ln;
+			$sn{$nid{$i}} = $ln;
+		}
+
+		if ($ln eq "NULL") {
+			$ln=$sn;
+			$ln{$nid{$i}} = $sn;
+		}
+			
 		$out ="{";
-		$out.=$sn;
-		$out.=",".$ln;
+		$out.="\"$sn\"";
+		$out.=","."\"$ln\"";
 		$out.=",NID_$nid{$i},";
 		if (defined($obj{$nid{$i}}))
 			{
@@ -113,13 +144,13 @@ for ($i=0; $i<$n; $i++)
 @a=grep(defined($sn{$nid{$_}}),0 .. $n);
 foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a)
 	{
-	push(@sn,sprintf("&(nid_objs[%2d]),/* $sn{$nid{$_}} */\n",$_));
+	push(@sn,sprintf("&(nid_objs[%2d]),/* \"$sn{$nid{$_}}\" */\n",$_));
 	}
 
 @a=grep(defined($ln{$nid{$_}}),0 .. $n);
 foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a)
 	{
-	push(@ln,sprintf("&(nid_objs[%2d]),/* $ln{$nid{$_}} */\n",$_));
+	push(@ln,sprintf("&(nid_objs[%2d]),/* \"$ln{$nid{$_}}\" */\n",$_));
 	}
 
 @a=grep(defined($obj{$nid{$_}}),0 .. $n);
@@ -132,8 +163,14 @@ foreach (sort obj_cmp @a)
 	push(@ob,sprintf("&(nid_objs[%2d]),/* %-32s %s */\n",$_,$m,$v));
 	}
 
-print <<'EOF';
-/* lib/obj/obj_dat.h */
+print OUT <<'EOF';
+/* crypto/objects/obj_dat.h */
+
+/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the
+ * following command:
+ * perl obj_dat.pl obj_mac.h obj_dat.h
+ */
+
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -191,23 +228,18 @@ print <<'EOF';
  * [including the GNU Public Licence.]
  */
 
-/* THIS FILE IS GENERATED FROM Objects.h by obj_dat.pl via the
- * following command:
- * perl obj_dat.pl < objects.h > obj_dat.h
- */
-
 EOF
 
-printf "#define NUM_NID %d\n",$n;
-printf "#define NUM_SN %d\n",$#sn+1;
-printf "#define NUM_LN %d\n",$#ln+1;
-printf "#define NUM_OBJ %d\n\n",$#ob+1;
+printf OUT "#define NUM_NID %d\n",$n;
+printf OUT "#define NUM_SN %d\n",$#sn+1;
+printf OUT "#define NUM_LN %d\n",$#ln+1;
+printf OUT "#define NUM_OBJ %d\n\n",$#ob+1;
 
-printf "static unsigned char lvalues[%d]={\n",$lvalues+1;
-print @lvalues;
-print "};\n\n";
+printf OUT "static unsigned char lvalues[%d]={\n",$lvalues+1;
+print OUT @lvalues;
+print OUT "};\n\n";
 
-printf "static ASN1_OBJECT nid_objs[NUM_NID]={\n";
+printf OUT "static ASN1_OBJECT nid_objs[NUM_NID]={\n";
 foreach (@out)
 	{
 	if (length($_) > 75)
@@ -218,30 +250,32 @@ foreach (@out)
 			$t=$out.$_.",";
 			if (length($t) > 70)
 				{
-				print "$out\n";
+				print OUT "$out\n";
 				$t="\t$_,";
 				}
 			$out=$t;
 			}
 		chop $out;
-		print "$out";
+		print OUT "$out";
 		}
 	else
-		{ print $_; }
+		{ print OUT $_; }
 	}
-print  "};\n\n";
+print  OUT "};\n\n";
+
+printf OUT "static ASN1_OBJECT *sn_objs[NUM_SN]={\n";
+print  OUT @sn;
+print  OUT "};\n\n";
 
-printf "static ASN1_OBJECT *sn_objs[NUM_SN]={\n";
-print  @sn;
-print  "};\n\n";
+printf OUT "static ASN1_OBJECT *ln_objs[NUM_LN]={\n";
+print  OUT @ln;
+print  OUT "};\n\n";
 
-printf "static ASN1_OBJECT *ln_objs[NUM_LN]={\n";
-print  @ln;
-print  "};\n\n";
+printf OUT "static ASN1_OBJECT *obj_objs[NUM_OBJ]={\n";
+print  OUT @ob;
+print  OUT "};\n\n";
 
-printf "static ASN1_OBJECT *obj_objs[NUM_OBJ]={\n";
-print  @ob;
-print  "};\n\n";
+close OUT;
 
 sub der_it
 	{
@@ -252,7 +286,7 @@ sub der_it
 	$ret.=pack("C*",$a[0]*40+$a[1]);
 	shift @a;
 	shift @a;
-	while ($_=shift(@a))
+	foreach (@a)
 		{
 		@r=();
 		$t=0;
diff --git a/crypto/objects/obj_err.c b/crypto/objects/obj_err.c
index 5625306021..80ab6855af 100644
--- a/crypto/objects/obj_err.c
+++ b/crypto/objects/obj_err.c
@@ -1,66 +1,69 @@
-/* lib/obj/obj_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/objects/obj_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "objects.h"
+#include <openssl/err.h>
+#include <openssl/objects.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA OBJ_str_functs[]=
 	{
 {ERR_PACK(0,OBJ_F_OBJ_CREATE,0),	"OBJ_create"},
@@ -68,26 +71,26 @@ static ERR_STRING_DATA OBJ_str_functs[]=
 {ERR_PACK(0,OBJ_F_OBJ_NID2LN,0),	"OBJ_nid2ln"},
 {ERR_PACK(0,OBJ_F_OBJ_NID2OBJ,0),	"OBJ_nid2obj"},
 {ERR_PACK(0,OBJ_F_OBJ_NID2SN,0),	"OBJ_nid2sn"},
-{0,NULL},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA OBJ_str_reasons[]=
 	{
 {OBJ_R_MALLOC_FAILURE                    ,"malloc failure"},
 {OBJ_R_UNKNOWN_NID                       ,"unknown nid"},
-{0,NULL},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_OBJ_strings()
+void ERR_load_OBJ_strings(void)
 	{
 	static int init=1;
 
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_OBJ,OBJ_str_functs);
 		ERR_load_strings(ERR_LIB_OBJ,OBJ_str_reasons);
 #endif
diff --git a/crypto/objects/obj_lib.c b/crypto/objects/obj_lib.c
index 16ff852095..b0b0f2ff24 100644
--- a/crypto/objects/obj_lib.c
+++ b/crypto/objects/obj_lib.c
@@ -58,27 +58,28 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "lhash.h"
-#include "objects.h"
-#include "buffer.h"
+#include <openssl/lhash.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
 
-ASN1_OBJECT *OBJ_dup(o)
-ASN1_OBJECT *o;
+ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
 	{
 	ASN1_OBJECT *r;
 	int i;
+	char *ln=NULL;
 
 	if (o == NULL) return(NULL);
 	if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
-		return(o);
+		return((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of
+					     duplication is this??? */
 
-	r=(ASN1_OBJECT *)ASN1_OBJECT_new();
+	r=ASN1_OBJECT_new();
 	if (r == NULL)
 		{
 		OBJerr(OBJ_F_OBJ_DUP,ERR_R_ASN1_LIB);
 		return(NULL);
 		}
-	r->data=(unsigned char *)Malloc(o->length);
+	r->data=OPENSSL_malloc(o->length);
 	if (r->data == NULL)
 		goto err;
 	memcpy(r->data,o->data,o->length);
@@ -88,17 +89,19 @@ ASN1_OBJECT *o;
 	if (o->ln != NULL)
 		{
 		i=strlen(o->ln)+1;
-		r->ln=(char *)Malloc(i);
+		r->ln=ln=OPENSSL_malloc(i);
 		if (r->ln == NULL) goto err;
-		memcpy(r->ln,o->ln,i);
+		memcpy(ln,o->ln,i);
 		}
 
 	if (o->sn != NULL)
 		{
+		char *s;
+
 		i=strlen(o->sn)+1;
-		r->sn=(char *)Malloc(i);
+		r->sn=s=OPENSSL_malloc(i);
 		if (r->sn == NULL) goto err;
-		memcpy(r->sn,o->sn,i);
+		memcpy(s,o->sn,i);
 		}
 	r->flags=o->flags|(ASN1_OBJECT_FLAG_DYNAMIC|
 		ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|ASN1_OBJECT_FLAG_DYNAMIC_DATA);
@@ -107,16 +110,14 @@ err:
 	OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE);
 	if (r != NULL)
 		{
-		if (r->ln != NULL) Free(r->ln);
-		if (r->data != NULL) Free(r->data);
-		Free(r);
+		if (ln != NULL) OPENSSL_free(ln);
+		if (r->data != NULL) OPENSSL_free(r->data);
+		OPENSSL_free(r);
 		}
 	return(NULL);
 	}
 
-int OBJ_cmp(a,b)
-ASN1_OBJECT *a;
-ASN1_OBJECT *b;
+int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b)
 	{
 	int ret;
 
diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
new file mode 100644
index 0000000000..705359675b
--- /dev/null
+++ b/crypto/objects/obj_mac.h
@@ -0,0 +1,3152 @@
+/* crypto/objects/obj_mac.h */
+
+/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
+ * following command:
+ * perl objects.pl objects.txt obj_mac.num obj_mac.h
+ */
+
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#define SN_undef			"UNDEF"
+#define LN_undef			"undefined"
+#define NID_undef			0
+#define OBJ_undef			0L
+
+#define SN_ccitt		"CCITT"
+#define LN_ccitt		"ccitt"
+#define NID_ccitt		404
+#define OBJ_ccitt		0L
+
+#define SN_iso		"ISO"
+#define LN_iso		"iso"
+#define NID_iso		181
+#define OBJ_iso		1L
+
+#define SN_joint_iso_ccitt		"JOINT-ISO-CCITT"
+#define LN_joint_iso_ccitt		"joint-iso-ccitt"
+#define NID_joint_iso_ccitt		393
+#define OBJ_joint_iso_ccitt		2L
+
+#define SN_member_body		"member-body"
+#define LN_member_body		"ISO Member Body"
+#define NID_member_body		182
+#define OBJ_member_body		OBJ_iso,2L
+
+#define SN_identified_organization		"identified-organization"
+#define NID_identified_organization		527
+#define OBJ_identified_organization		OBJ_iso,3L
+
+#define SN_certicom_arc		"certicom-arc"
+#define NID_certicom_arc		528
+#define OBJ_certicom_arc		OBJ_identified_organization,132L
+
+#define SN_wap		"wap"
+#define NID_wap		562
+#define OBJ_wap		OBJ_joint_iso_ccitt,23L,43L
+
+#define SN_wap_wsg		"wap-wsg"
+#define NID_wap_wsg		563
+#define OBJ_wap_wsg		OBJ_wap,13L
+
+#define SN_selected_attribute_types		"selected-attribute-types"
+#define LN_selected_attribute_types		"Selected Attribute Types"
+#define NID_selected_attribute_types		394
+#define OBJ_selected_attribute_types		OBJ_joint_iso_ccitt,5L,1L,5L
+
+#define SN_clearance		"clearance"
+#define NID_clearance		395
+#define OBJ_clearance		OBJ_selected_attribute_types,55L
+
+#define SN_ISO_US		"ISO-US"
+#define LN_ISO_US		"ISO US Member Body"
+#define NID_ISO_US		183
+#define OBJ_ISO_US		OBJ_member_body,840L
+
+#define SN_X9_57		"X9-57"
+#define LN_X9_57		"X9.57"
+#define NID_X9_57		184
+#define OBJ_X9_57		OBJ_ISO_US,10040L
+
+#define SN_X9cm		"X9cm"
+#define LN_X9cm		"X9.57 CM ?"
+#define NID_X9cm		185
+#define OBJ_X9cm		OBJ_X9_57,4L
+
+#define SN_dsa		"DSA"
+#define LN_dsa		"dsaEncryption"
+#define NID_dsa		116
+#define OBJ_dsa		OBJ_X9cm,1L
+
+#define SN_dsaWithSHA1		"DSA-SHA1"
+#define LN_dsaWithSHA1		"dsaWithSHA1"
+#define NID_dsaWithSHA1		113
+#define OBJ_dsaWithSHA1		OBJ_X9cm,3L
+
+#define SN_ansi_X9_62		"ansi-X9-62"
+#define LN_ansi_X9_62		"ANSI X9.62"
+#define NID_ansi_X9_62		405
+#define OBJ_ansi_X9_62		OBJ_ISO_US,10045L
+
+#define OBJ_X9_62_id_fieldType		OBJ_ansi_X9_62,1L
+
+#define SN_X9_62_prime_field		"prime-field"
+#define NID_X9_62_prime_field		406
+#define OBJ_X9_62_prime_field		OBJ_X9_62_id_fieldType,1L
+
+#define SN_X9_62_characteristic_two_field		"characteristic-two-field"
+#define NID_X9_62_characteristic_two_field		407
+#define OBJ_X9_62_characteristic_two_field		OBJ_X9_62_id_fieldType,2L
+
+#define SN_X9_62_id_characteristic_two_basis		"id-characteristic-two-basis"
+#define NID_X9_62_id_characteristic_two_basis		503
+#define OBJ_X9_62_id_characteristic_two_basis		OBJ_X9_62_characteristic_two_field,3L
+
+#define SN_X9_62_onBasis		"onBasis"
+#define NID_X9_62_onBasis		504
+#define OBJ_X9_62_onBasis		OBJ_X9_62_id_characteristic_two_basis,1L
+
+#define SN_X9_62_tpBasis		"tpBasis"
+#define NID_X9_62_tpBasis		505
+#define OBJ_X9_62_tpBasis		OBJ_X9_62_id_characteristic_two_basis,2L
+
+#define SN_X9_62_ppBasis		"ppBasis"
+#define NID_X9_62_ppBasis		506
+#define OBJ_X9_62_ppBasis		OBJ_X9_62_id_characteristic_two_basis,3L
+
+#define OBJ_X9_62_id_publicKeyType		OBJ_ansi_X9_62,2L
+
+#define SN_X9_62_id_ecPublicKey		"id-ecPublicKey"
+#define NID_X9_62_id_ecPublicKey		408
+#define OBJ_X9_62_id_ecPublicKey		OBJ_X9_62_id_publicKeyType,1L
+
+#define OBJ_X9_62_ellipticCurve		OBJ_ansi_X9_62,3L
+
+#define OBJ_X9_62_c_TwoCurve		OBJ_X9_62_ellipticCurve,0L
+
+#define SN_X9_62_c2pnb163v1		"c2pnb163v1"
+#define NID_X9_62_c2pnb163v1		507
+#define OBJ_X9_62_c2pnb163v1		OBJ_X9_62_c_TwoCurve,1L
+
+#define SN_X9_62_c2pnb163v2		"c2pnb163v2"
+#define NID_X9_62_c2pnb163v2		508
+#define OBJ_X9_62_c2pnb163v2		OBJ_X9_62_c_TwoCurve,2L
+
+#define SN_X9_62_c2pnb163v3		"c2pnb163v3"
+#define NID_X9_62_c2pnb163v3		509
+#define OBJ_X9_62_c2pnb163v3		OBJ_X9_62_c_TwoCurve,3L
+
+#define SN_X9_62_c2pnb176v1		"c2pnb176v1"
+#define NID_X9_62_c2pnb176v1		510
+#define OBJ_X9_62_c2pnb176v1		OBJ_X9_62_c_TwoCurve,4L
+
+#define SN_X9_62_c2tnb191v1		"c2tnb191v1"
+#define NID_X9_62_c2tnb191v1		511
+#define OBJ_X9_62_c2tnb191v1		OBJ_X9_62_c_TwoCurve,5L
+
+#define SN_X9_62_c2tnb191v2		"c2tnb191v2"
+#define NID_X9_62_c2tnb191v2		512
+#define OBJ_X9_62_c2tnb191v2		OBJ_X9_62_c_TwoCurve,6L
+
+#define SN_X9_62_c2tnb191v3		"c2tnb191v3"
+#define NID_X9_62_c2tnb191v3		513
+#define OBJ_X9_62_c2tnb191v3		OBJ_X9_62_c_TwoCurve,7L
+
+#define SN_X9_62_c2onb191v4		"c2onb191v4"
+#define NID_X9_62_c2onb191v4		514
+#define OBJ_X9_62_c2onb191v4		OBJ_X9_62_c_TwoCurve,8L
+
+#define SN_X9_62_c2onb191v5		"c2onb191v5"
+#define NID_X9_62_c2onb191v5		515
+#define OBJ_X9_62_c2onb191v5		OBJ_X9_62_c_TwoCurve,9L
+
+#define SN_X9_62_c2pnb208w1		"c2pnb208w1"
+#define NID_X9_62_c2pnb208w1		516
+#define OBJ_X9_62_c2pnb208w1		OBJ_X9_62_c_TwoCurve,10L
+
+#define SN_X9_62_c2tnb239v1		"c2tnb239v1"
+#define NID_X9_62_c2tnb239v1		517
+#define OBJ_X9_62_c2tnb239v1		OBJ_X9_62_c_TwoCurve,11L
+
+#define SN_X9_62_c2tnb239v2		"c2tnb239v2"
+#define NID_X9_62_c2tnb239v2		518
+#define OBJ_X9_62_c2tnb239v2		OBJ_X9_62_c_TwoCurve,12L
+
+#define SN_X9_62_c2tnb239v3		"c2tnb239v3"
+#define NID_X9_62_c2tnb239v3		519
+#define OBJ_X9_62_c2tnb239v3		OBJ_X9_62_c_TwoCurve,13L
+
+#define SN_X9_62_c2onb239v4		"c2onb239v4"
+#define NID_X9_62_c2onb239v4		520
+#define OBJ_X9_62_c2onb239v4		OBJ_X9_62_c_TwoCurve,14L
+
+#define SN_X9_62_c2onb239v5		"c2onb239v5"
+#define NID_X9_62_c2onb239v5		521
+#define OBJ_X9_62_c2onb239v5		OBJ_X9_62_c_TwoCurve,15L
+
+#define SN_X9_62_c2pnb272w1		"c2pnb272w1"
+#define NID_X9_62_c2pnb272w1		522
+#define OBJ_X9_62_c2pnb272w1		OBJ_X9_62_c_TwoCurve,16L
+
+#define SN_X9_62_c2pnb304w1		"c2pnb304w1"
+#define NID_X9_62_c2pnb304w1		523
+#define OBJ_X9_62_c2pnb304w1		OBJ_X9_62_c_TwoCurve,17L
+
+#define SN_X9_62_c2tnb359v1		"c2tnb359v1"
+#define NID_X9_62_c2tnb359v1		524
+#define OBJ_X9_62_c2tnb359v1		OBJ_X9_62_c_TwoCurve,18L
+
+#define SN_X9_62_c2pnb368w1		"c2pnb368w1"
+#define NID_X9_62_c2pnb368w1		525
+#define OBJ_X9_62_c2pnb368w1		OBJ_X9_62_c_TwoCurve,19L
+
+#define SN_X9_62_c2tnb431r1		"c2tnb431r1"
+#define NID_X9_62_c2tnb431r1		526
+#define OBJ_X9_62_c2tnb431r1		OBJ_X9_62_c_TwoCurve,20L
+
+#define OBJ_X9_62_primeCurve		OBJ_X9_62_ellipticCurve,1L
+
+#define SN_X9_62_prime192v1		"prime192v1"
+#define NID_X9_62_prime192v1		409
+#define OBJ_X9_62_prime192v1		OBJ_X9_62_primeCurve,1L
+
+#define SN_X9_62_prime192v2		"prime192v2"
+#define NID_X9_62_prime192v2		410
+#define OBJ_X9_62_prime192v2		OBJ_X9_62_primeCurve,2L
+
+#define SN_X9_62_prime192v3		"prime192v3"
+#define NID_X9_62_prime192v3		411
+#define OBJ_X9_62_prime192v3		OBJ_X9_62_primeCurve,3L
+
+#define SN_X9_62_prime239v1		"prime239v1"
+#define NID_X9_62_prime239v1		412
+#define OBJ_X9_62_prime239v1		OBJ_X9_62_primeCurve,4L
+
+#define SN_X9_62_prime239v2		"prime239v2"
+#define NID_X9_62_prime239v2		413
+#define OBJ_X9_62_prime239v2		OBJ_X9_62_primeCurve,5L
+
+#define SN_X9_62_prime239v3		"prime239v3"
+#define NID_X9_62_prime239v3		414
+#define OBJ_X9_62_prime239v3		OBJ_X9_62_primeCurve,6L
+
+#define SN_X9_62_prime256v1		"prime256v1"
+#define NID_X9_62_prime256v1		415
+#define OBJ_X9_62_prime256v1		OBJ_X9_62_primeCurve,7L
+
+#define OBJ_X9_62_id_ecSigType		OBJ_ansi_X9_62,4L
+
+#define SN_ecdsa_with_SHA1		"ecdsa-with-SHA1"
+#define NID_ecdsa_with_SHA1		416
+#define OBJ_ecdsa_with_SHA1		OBJ_X9_62_id_ecSigType,1L
+
+#define OBJ_secg_ellipticCurve		OBJ_certicom_arc,0L
+
+#define SN_secp112r1		"secp112r1"
+#define NID_secp112r1		529
+#define OBJ_secp112r1		OBJ_secg_ellipticCurve,6L
+
+#define SN_secp112r2		"secp112r2"
+#define NID_secp112r2		530
+#define OBJ_secp112r2		OBJ_secg_ellipticCurve,7L
+
+#define SN_secp128r1		"secp128r1"
+#define NID_secp128r1		531
+#define OBJ_secp128r1		OBJ_secg_ellipticCurve,28L
+
+#define SN_secp128r2		"secp128r2"
+#define NID_secp128r2		532
+#define OBJ_secp128r2		OBJ_secg_ellipticCurve,29L
+
+#define SN_secp160k1		"secp160k1"
+#define NID_secp160k1		533
+#define OBJ_secp160k1		OBJ_secg_ellipticCurve,9L
+
+#define SN_secp160r1		"secp160r1"
+#define NID_secp160r1		534
+#define OBJ_secp160r1		OBJ_secg_ellipticCurve,8L
+
+#define SN_secp160r2		"secp160r2"
+#define NID_secp160r2		535
+#define OBJ_secp160r2		OBJ_secg_ellipticCurve,30L
+
+#define SN_secp192k1		"secp192k1"
+#define NID_secp192k1		536
+#define OBJ_secp192k1		OBJ_secg_ellipticCurve,31L
+
+#define SN_secp224k1		"secp224k1"
+#define NID_secp224k1		538
+#define OBJ_secp224k1		OBJ_secg_ellipticCurve,32L
+
+#define SN_secp224r1		"secp224r1"
+#define NID_secp224r1		539
+#define OBJ_secp224r1		OBJ_secg_ellipticCurve,33L
+
+#define SN_secp256k1		"secp256k1"
+#define NID_secp256k1		540
+#define OBJ_secp256k1		OBJ_secg_ellipticCurve,10L
+
+#define SN_secp384r1		"secp384r1"
+#define NID_secp384r1		542
+#define OBJ_secp384r1		OBJ_secg_ellipticCurve,34L
+
+#define SN_secp521r1		"secp521r1"
+#define NID_secp521r1		543
+#define OBJ_secp521r1		OBJ_secg_ellipticCurve,35L
+
+#define SN_sect113r1		"sect113r1"
+#define NID_sect113r1		544
+#define OBJ_sect113r1		OBJ_secg_ellipticCurve,4L
+
+#define SN_sect113r2		"sect113r2"
+#define NID_sect113r2		545
+#define OBJ_sect113r2		OBJ_secg_ellipticCurve,5L
+
+#define SN_sect131r1		"sect131r1"
+#define NID_sect131r1		546
+#define OBJ_sect131r1		OBJ_secg_ellipticCurve,22L
+
+#define SN_sect131r2		"sect131r2"
+#define NID_sect131r2		547
+#define OBJ_sect131r2		OBJ_secg_ellipticCurve,23L
+
+#define SN_sect163k1		"sect163k1"
+#define NID_sect163k1		548
+#define OBJ_sect163k1		OBJ_secg_ellipticCurve,1L
+
+#define SN_sect163r1		"sect163r1"
+#define NID_sect163r1		549
+#define OBJ_sect163r1		OBJ_secg_ellipticCurve,2L
+
+#define SN_sect163r2		"sect163r2"
+#define NID_sect163r2		550
+#define OBJ_sect163r2		OBJ_secg_ellipticCurve,15L
+
+#define SN_sect193r1		"sect193r1"
+#define NID_sect193r1		551
+#define OBJ_sect193r1		OBJ_secg_ellipticCurve,24L
+
+#define SN_sect193r2		"sect193r2"
+#define NID_sect193r2		552
+#define OBJ_sect193r2		OBJ_secg_ellipticCurve,25L
+
+#define SN_sect233k1		"sect233k1"
+#define NID_sect233k1		553
+#define OBJ_sect233k1		OBJ_secg_ellipticCurve,26L
+
+#define SN_sect233r1		"sect233r1"
+#define NID_sect233r1		554
+#define OBJ_sect233r1		OBJ_secg_ellipticCurve,27L
+
+#define SN_sect239k1		"sect239k1"
+#define NID_sect239k1		555
+#define OBJ_sect239k1		OBJ_secg_ellipticCurve,3L
+
+#define SN_sect283k1		"sect283k1"
+#define NID_sect283k1		556
+#define OBJ_sect283k1		OBJ_secg_ellipticCurve,16L
+
+#define SN_sect283r1		"sect283r1"
+#define NID_sect283r1		557
+#define OBJ_sect283r1		OBJ_secg_ellipticCurve,17L
+
+#define SN_sect409k1		"sect409k1"
+#define NID_sect409k1		558
+#define OBJ_sect409k1		OBJ_secg_ellipticCurve,36L
+
+#define SN_sect409r1		"sect409r1"
+#define NID_sect409r1		559
+#define OBJ_sect409r1		OBJ_secg_ellipticCurve,37L
+
+#define SN_sect571k1		"sect571k1"
+#define NID_sect571k1		560
+#define OBJ_sect571k1		OBJ_secg_ellipticCurve,38L
+
+#define SN_sect571r1		"sect571r1"
+#define NID_sect571r1		561
+#define OBJ_sect571r1		OBJ_secg_ellipticCurve,39L
+
+#define OBJ_wap_wsg_idm_ecid		OBJ_wap_wsg,4L
+
+#define SN_wap_wsg_idm_ecid_wtls1		"wap-wsg-idm-ecid-wtls1"
+#define NID_wap_wsg_idm_ecid_wtls1		564
+#define OBJ_wap_wsg_idm_ecid_wtls1		OBJ_wap_wsg_idm_ecid,1L
+
+#define SN_wap_wsg_idm_ecid_wtls3		"wap-wsg-idm-ecid-wtls3"
+#define NID_wap_wsg_idm_ecid_wtls3		709
+#define OBJ_wap_wsg_idm_ecid_wtls3		OBJ_wap_wsg_idm_ecid,3L
+
+#define SN_wap_wsg_idm_ecid_wtls4		"wap-wsg-idm-ecid-wtls4"
+#define NID_wap_wsg_idm_ecid_wtls4		710
+#define OBJ_wap_wsg_idm_ecid_wtls4		OBJ_wap_wsg_idm_ecid,4L
+
+#define SN_wap_wsg_idm_ecid_wtls5		"wap-wsg-idm-ecid-wtls5"
+#define NID_wap_wsg_idm_ecid_wtls5		711
+#define OBJ_wap_wsg_idm_ecid_wtls5		OBJ_wap_wsg_idm_ecid,5L
+
+#define SN_wap_wsg_idm_ecid_wtls6		"wap-wsg-idm-ecid-wtls6"
+#define NID_wap_wsg_idm_ecid_wtls6		565
+#define OBJ_wap_wsg_idm_ecid_wtls6		OBJ_wap_wsg_idm_ecid,6L
+
+#define SN_wap_wsg_idm_ecid_wtls7		"wap-wsg-idm-ecid-wtls7"
+#define NID_wap_wsg_idm_ecid_wtls7		712
+#define OBJ_wap_wsg_idm_ecid_wtls7		OBJ_wap_wsg_idm_ecid,7L
+
+#define SN_wap_wsg_idm_ecid_wtls8		"wap-wsg-idm-ecid-wtls8"
+#define NID_wap_wsg_idm_ecid_wtls8		566
+#define OBJ_wap_wsg_idm_ecid_wtls8		OBJ_wap_wsg_idm_ecid,8L
+
+#define SN_wap_wsg_idm_ecid_wtls9		"wap-wsg-idm-ecid-wtls9"
+#define NID_wap_wsg_idm_ecid_wtls9		567
+#define OBJ_wap_wsg_idm_ecid_wtls9		OBJ_wap_wsg_idm_ecid,9L
+
+#define SN_wap_wsg_idm_ecid_wtls10		"wap-wsg-idm-ecid-wtls10"
+#define NID_wap_wsg_idm_ecid_wtls10		713
+#define OBJ_wap_wsg_idm_ecid_wtls10		OBJ_wap_wsg_idm_ecid,10L
+
+#define SN_wap_wsg_idm_ecid_wtls11		"wap-wsg-idm-ecid-wtls11"
+#define NID_wap_wsg_idm_ecid_wtls11		714
+#define OBJ_wap_wsg_idm_ecid_wtls11		OBJ_wap_wsg_idm_ecid,11L
+
+#define SN_wap_wsg_idm_ecid_wtls12		"wap-wsg-idm-ecid-wtls12"
+#define NID_wap_wsg_idm_ecid_wtls12		715
+#define OBJ_wap_wsg_idm_ecid_wtls12		OBJ_wap_wsg_idm_ecid,12L
+
+#define SN_cast5_cbc		"CAST5-CBC"
+#define LN_cast5_cbc		"cast5-cbc"
+#define NID_cast5_cbc		108
+#define OBJ_cast5_cbc		OBJ_ISO_US,113533L,7L,66L,10L
+
+#define SN_cast5_ecb		"CAST5-ECB"
+#define LN_cast5_ecb		"cast5-ecb"
+#define NID_cast5_ecb		109
+
+#define SN_cast5_cfb64		"CAST5-CFB"
+#define LN_cast5_cfb64		"cast5-cfb"
+#define NID_cast5_cfb64		110
+
+#define SN_cast5_ofb64		"CAST5-OFB"
+#define LN_cast5_ofb64		"cast5-ofb"
+#define NID_cast5_ofb64		111
+
+#define LN_pbeWithMD5AndCast5_CBC		"pbeWithMD5AndCast5CBC"
+#define NID_pbeWithMD5AndCast5_CBC		112
+#define OBJ_pbeWithMD5AndCast5_CBC		OBJ_ISO_US,113533L,7L,66L,12L
+
+#define SN_rsadsi		"rsadsi"
+#define LN_rsadsi		"RSA Data Security, Inc."
+#define NID_rsadsi		1
+#define OBJ_rsadsi		OBJ_ISO_US,113549L
+
+#define SN_pkcs		"pkcs"
+#define LN_pkcs		"RSA Data Security, Inc. PKCS"
+#define NID_pkcs		2
+#define OBJ_pkcs		OBJ_rsadsi,1L
+
+#define SN_pkcs1		"pkcs1"
+#define NID_pkcs1		186
+#define OBJ_pkcs1		OBJ_pkcs,1L
+
+#define LN_rsaEncryption		"rsaEncryption"
+#define NID_rsaEncryption		6
+#define OBJ_rsaEncryption		OBJ_pkcs1,1L
+
+#define SN_md2WithRSAEncryption		"RSA-MD2"
+#define LN_md2WithRSAEncryption		"md2WithRSAEncryption"
+#define NID_md2WithRSAEncryption		7
+#define OBJ_md2WithRSAEncryption		OBJ_pkcs1,2L
+
+#define SN_md4WithRSAEncryption		"RSA-MD4"
+#define LN_md4WithRSAEncryption		"md4WithRSAEncryption"
+#define NID_md4WithRSAEncryption		396
+#define OBJ_md4WithRSAEncryption		OBJ_pkcs1,3L
+
+#define SN_md5WithRSAEncryption		"RSA-MD5"
+#define LN_md5WithRSAEncryption		"md5WithRSAEncryption"
+#define NID_md5WithRSAEncryption		8
+#define OBJ_md5WithRSAEncryption		OBJ_pkcs1,4L
+
+#define SN_sha1WithRSAEncryption		"RSA-SHA1"
+#define LN_sha1WithRSAEncryption		"sha1WithRSAEncryption"
+#define NID_sha1WithRSAEncryption		65
+#define OBJ_sha1WithRSAEncryption		OBJ_pkcs1,5L
+
+#define SN_pkcs3		"pkcs3"
+#define NID_pkcs3		27
+#define OBJ_pkcs3		OBJ_pkcs,3L
+
+#define LN_dhKeyAgreement		"dhKeyAgreement"
+#define NID_dhKeyAgreement		28
+#define OBJ_dhKeyAgreement		OBJ_pkcs3,1L
+
+#define SN_pkcs5		"pkcs5"
+#define NID_pkcs5		187
+#define OBJ_pkcs5		OBJ_pkcs,5L
+
+#define SN_pbeWithMD2AndDES_CBC		"PBE-MD2-DES"
+#define LN_pbeWithMD2AndDES_CBC		"pbeWithMD2AndDES-CBC"
+#define NID_pbeWithMD2AndDES_CBC		9
+#define OBJ_pbeWithMD2AndDES_CBC		OBJ_pkcs5,1L
+
+#define SN_pbeWithMD5AndDES_CBC		"PBE-MD5-DES"
+#define LN_pbeWithMD5AndDES_CBC		"pbeWithMD5AndDES-CBC"
+#define NID_pbeWithMD5AndDES_CBC		10
+#define OBJ_pbeWithMD5AndDES_CBC		OBJ_pkcs5,3L
+
+#define SN_pbeWithMD2AndRC2_CBC		"PBE-MD2-RC2-64"
+#define LN_pbeWithMD2AndRC2_CBC		"pbeWithMD2AndRC2-CBC"
+#define NID_pbeWithMD2AndRC2_CBC		168
+#define OBJ_pbeWithMD2AndRC2_CBC		OBJ_pkcs5,4L
+
+#define SN_pbeWithMD5AndRC2_CBC		"PBE-MD5-RC2-64"
+#define LN_pbeWithMD5AndRC2_CBC		"pbeWithMD5AndRC2-CBC"
+#define NID_pbeWithMD5AndRC2_CBC		169
+#define OBJ_pbeWithMD5AndRC2_CBC		OBJ_pkcs5,6L
+
+#define SN_pbeWithSHA1AndDES_CBC		"PBE-SHA1-DES"
+#define LN_pbeWithSHA1AndDES_CBC		"pbeWithSHA1AndDES-CBC"
+#define NID_pbeWithSHA1AndDES_CBC		170
+#define OBJ_pbeWithSHA1AndDES_CBC		OBJ_pkcs5,10L
+
+#define SN_pbeWithSHA1AndRC2_CBC		"PBE-SHA1-RC2-64"
+#define LN_pbeWithSHA1AndRC2_CBC		"pbeWithSHA1AndRC2-CBC"
+#define NID_pbeWithSHA1AndRC2_CBC		68
+#define OBJ_pbeWithSHA1AndRC2_CBC		OBJ_pkcs5,11L
+
+#define LN_id_pbkdf2		"PBKDF2"
+#define NID_id_pbkdf2		69
+#define OBJ_id_pbkdf2		OBJ_pkcs5,12L
+
+#define LN_pbes2		"PBES2"
+#define NID_pbes2		161
+#define OBJ_pbes2		OBJ_pkcs5,13L
+
+#define LN_pbmac1		"PBMAC1"
+#define NID_pbmac1		162
+#define OBJ_pbmac1		OBJ_pkcs5,14L
+
+#define SN_pkcs7		"pkcs7"
+#define NID_pkcs7		20
+#define OBJ_pkcs7		OBJ_pkcs,7L
+
+#define LN_pkcs7_data		"pkcs7-data"
+#define NID_pkcs7_data		21
+#define OBJ_pkcs7_data		OBJ_pkcs7,1L
+
+#define LN_pkcs7_signed		"pkcs7-signedData"
+#define NID_pkcs7_signed		22
+#define OBJ_pkcs7_signed		OBJ_pkcs7,2L
+
+#define LN_pkcs7_enveloped		"pkcs7-envelopedData"
+#define NID_pkcs7_enveloped		23
+#define OBJ_pkcs7_enveloped		OBJ_pkcs7,3L
+
+#define LN_pkcs7_signedAndEnveloped		"pkcs7-signedAndEnvelopedData"
+#define NID_pkcs7_signedAndEnveloped		24
+#define OBJ_pkcs7_signedAndEnveloped		OBJ_pkcs7,4L
+
+#define LN_pkcs7_digest		"pkcs7-digestData"
+#define NID_pkcs7_digest		25
+#define OBJ_pkcs7_digest		OBJ_pkcs7,5L
+
+#define LN_pkcs7_encrypted		"pkcs7-encryptedData"
+#define NID_pkcs7_encrypted		26
+#define OBJ_pkcs7_encrypted		OBJ_pkcs7,6L
+
+#define SN_pkcs9		"pkcs9"
+#define NID_pkcs9		47
+#define OBJ_pkcs9		OBJ_pkcs,9L
+
+#define LN_pkcs9_emailAddress		"emailAddress"
+#define NID_pkcs9_emailAddress		48
+#define OBJ_pkcs9_emailAddress		OBJ_pkcs9,1L
+
+#define LN_pkcs9_unstructuredName		"unstructuredName"
+#define NID_pkcs9_unstructuredName		49
+#define OBJ_pkcs9_unstructuredName		OBJ_pkcs9,2L
+
+#define LN_pkcs9_contentType		"contentType"
+#define NID_pkcs9_contentType		50
+#define OBJ_pkcs9_contentType		OBJ_pkcs9,3L
+
+#define LN_pkcs9_messageDigest		"messageDigest"
+#define NID_pkcs9_messageDigest		51
+#define OBJ_pkcs9_messageDigest		OBJ_pkcs9,4L
+
+#define LN_pkcs9_signingTime		"signingTime"
+#define NID_pkcs9_signingTime		52
+#define OBJ_pkcs9_signingTime		OBJ_pkcs9,5L
+
+#define LN_pkcs9_countersignature		"countersignature"
+#define NID_pkcs9_countersignature		53
+#define OBJ_pkcs9_countersignature		OBJ_pkcs9,6L
+
+#define LN_pkcs9_challengePassword		"challengePassword"
+#define NID_pkcs9_challengePassword		54
+#define OBJ_pkcs9_challengePassword		OBJ_pkcs9,7L
+
+#define LN_pkcs9_unstructuredAddress		"unstructuredAddress"
+#define NID_pkcs9_unstructuredAddress		55
+#define OBJ_pkcs9_unstructuredAddress		OBJ_pkcs9,8L
+
+#define LN_pkcs9_extCertAttributes		"extendedCertificateAttributes"
+#define NID_pkcs9_extCertAttributes		56
+#define OBJ_pkcs9_extCertAttributes		OBJ_pkcs9,9L
+
+#define SN_ext_req		"extReq"
+#define LN_ext_req		"Extension Request"
+#define NID_ext_req		172
+#define OBJ_ext_req		OBJ_pkcs9,14L
+
+#define SN_SMIMECapabilities		"SMIME-CAPS"
+#define LN_SMIMECapabilities		"S/MIME Capabilities"
+#define NID_SMIMECapabilities		167
+#define OBJ_SMIMECapabilities		OBJ_pkcs9,15L
+
+#define SN_SMIME		"SMIME"
+#define LN_SMIME		"S/MIME"
+#define NID_SMIME		188
+#define OBJ_SMIME		OBJ_pkcs9,16L
+
+#define SN_id_smime_mod		"id-smime-mod"
+#define NID_id_smime_mod		189
+#define OBJ_id_smime_mod		OBJ_SMIME,0L
+
+#define SN_id_smime_ct		"id-smime-ct"
+#define NID_id_smime_ct		190
+#define OBJ_id_smime_ct		OBJ_SMIME,1L
+
+#define SN_id_smime_aa		"id-smime-aa"
+#define NID_id_smime_aa		191
+#define OBJ_id_smime_aa		OBJ_SMIME,2L
+
+#define SN_id_smime_alg		"id-smime-alg"
+#define NID_id_smime_alg		192
+#define OBJ_id_smime_alg		OBJ_SMIME,3L
+
+#define SN_id_smime_cd		"id-smime-cd"
+#define NID_id_smime_cd		193
+#define OBJ_id_smime_cd		OBJ_SMIME,4L
+
+#define SN_id_smime_spq		"id-smime-spq"
+#define NID_id_smime_spq		194
+#define OBJ_id_smime_spq		OBJ_SMIME,5L
+
+#define SN_id_smime_cti		"id-smime-cti"
+#define NID_id_smime_cti		195
+#define OBJ_id_smime_cti		OBJ_SMIME,6L
+
+#define SN_id_smime_mod_cms		"id-smime-mod-cms"
+#define NID_id_smime_mod_cms		196
+#define OBJ_id_smime_mod_cms		OBJ_id_smime_mod,1L
+
+#define SN_id_smime_mod_ess		"id-smime-mod-ess"
+#define NID_id_smime_mod_ess		197
+#define OBJ_id_smime_mod_ess		OBJ_id_smime_mod,2L
+
+#define SN_id_smime_mod_oid		"id-smime-mod-oid"
+#define NID_id_smime_mod_oid		198
+#define OBJ_id_smime_mod_oid		OBJ_id_smime_mod,3L
+
+#define SN_id_smime_mod_msg_v3		"id-smime-mod-msg-v3"
+#define NID_id_smime_mod_msg_v3		199
+#define OBJ_id_smime_mod_msg_v3		OBJ_id_smime_mod,4L
+
+#define SN_id_smime_mod_ets_eSignature_88		"id-smime-mod-ets-eSignature-88"
+#define NID_id_smime_mod_ets_eSignature_88		200
+#define OBJ_id_smime_mod_ets_eSignature_88		OBJ_id_smime_mod,5L
+
+#define SN_id_smime_mod_ets_eSignature_97		"id-smime-mod-ets-eSignature-97"
+#define NID_id_smime_mod_ets_eSignature_97		201
+#define OBJ_id_smime_mod_ets_eSignature_97		OBJ_id_smime_mod,6L
+
+#define SN_id_smime_mod_ets_eSigPolicy_88		"id-smime-mod-ets-eSigPolicy-88"
+#define NID_id_smime_mod_ets_eSigPolicy_88		202
+#define OBJ_id_smime_mod_ets_eSigPolicy_88		OBJ_id_smime_mod,7L
+
+#define SN_id_smime_mod_ets_eSigPolicy_97		"id-smime-mod-ets-eSigPolicy-97"
+#define NID_id_smime_mod_ets_eSigPolicy_97		203
+#define OBJ_id_smime_mod_ets_eSigPolicy_97		OBJ_id_smime_mod,8L
+
+#define SN_id_smime_ct_receipt		"id-smime-ct-receipt"
+#define NID_id_smime_ct_receipt		204
+#define OBJ_id_smime_ct_receipt		OBJ_id_smime_ct,1L
+
+#define SN_id_smime_ct_authData		"id-smime-ct-authData"
+#define NID_id_smime_ct_authData		205
+#define OBJ_id_smime_ct_authData		OBJ_id_smime_ct,2L
+
+#define SN_id_smime_ct_publishCert		"id-smime-ct-publishCert"
+#define NID_id_smime_ct_publishCert		206
+#define OBJ_id_smime_ct_publishCert		OBJ_id_smime_ct,3L
+
+#define SN_id_smime_ct_TSTInfo		"id-smime-ct-TSTInfo"
+#define NID_id_smime_ct_TSTInfo		207
+#define OBJ_id_smime_ct_TSTInfo		OBJ_id_smime_ct,4L
+
+#define SN_id_smime_ct_TDTInfo		"id-smime-ct-TDTInfo"
+#define NID_id_smime_ct_TDTInfo		208
+#define OBJ_id_smime_ct_TDTInfo		OBJ_id_smime_ct,5L
+
+#define SN_id_smime_ct_contentInfo		"id-smime-ct-contentInfo"
+#define NID_id_smime_ct_contentInfo		209
+#define OBJ_id_smime_ct_contentInfo		OBJ_id_smime_ct,6L
+
+#define SN_id_smime_ct_DVCSRequestData		"id-smime-ct-DVCSRequestData"
+#define NID_id_smime_ct_DVCSRequestData		210
+#define OBJ_id_smime_ct_DVCSRequestData		OBJ_id_smime_ct,7L
+
+#define SN_id_smime_ct_DVCSResponseData		"id-smime-ct-DVCSResponseData"
+#define NID_id_smime_ct_DVCSResponseData		211
+#define OBJ_id_smime_ct_DVCSResponseData		OBJ_id_smime_ct,8L
+
+#define SN_id_smime_aa_receiptRequest		"id-smime-aa-receiptRequest"
+#define NID_id_smime_aa_receiptRequest		212
+#define OBJ_id_smime_aa_receiptRequest		OBJ_id_smime_aa,1L
+
+#define SN_id_smime_aa_securityLabel		"id-smime-aa-securityLabel"
+#define NID_id_smime_aa_securityLabel		213
+#define OBJ_id_smime_aa_securityLabel		OBJ_id_smime_aa,2L
+
+#define SN_id_smime_aa_mlExpandHistory		"id-smime-aa-mlExpandHistory"
+#define NID_id_smime_aa_mlExpandHistory		214
+#define OBJ_id_smime_aa_mlExpandHistory		OBJ_id_smime_aa,3L
+
+#define SN_id_smime_aa_contentHint		"id-smime-aa-contentHint"
+#define NID_id_smime_aa_contentHint		215
+#define OBJ_id_smime_aa_contentHint		OBJ_id_smime_aa,4L
+
+#define SN_id_smime_aa_msgSigDigest		"id-smime-aa-msgSigDigest"
+#define NID_id_smime_aa_msgSigDigest		216
+#define OBJ_id_smime_aa_msgSigDigest		OBJ_id_smime_aa,5L
+
+#define SN_id_smime_aa_encapContentType		"id-smime-aa-encapContentType"
+#define NID_id_smime_aa_encapContentType		217
+#define OBJ_id_smime_aa_encapContentType		OBJ_id_smime_aa,6L
+
+#define SN_id_smime_aa_contentIdentifier		"id-smime-aa-contentIdentifier"
+#define NID_id_smime_aa_contentIdentifier		218
+#define OBJ_id_smime_aa_contentIdentifier		OBJ_id_smime_aa,7L
+
+#define SN_id_smime_aa_macValue		"id-smime-aa-macValue"
+#define NID_id_smime_aa_macValue		219
+#define OBJ_id_smime_aa_macValue		OBJ_id_smime_aa,8L
+
+#define SN_id_smime_aa_equivalentLabels		"id-smime-aa-equivalentLabels"
+#define NID_id_smime_aa_equivalentLabels		220
+#define OBJ_id_smime_aa_equivalentLabels		OBJ_id_smime_aa,9L
+
+#define SN_id_smime_aa_contentReference		"id-smime-aa-contentReference"
+#define NID_id_smime_aa_contentReference		221
+#define OBJ_id_smime_aa_contentReference		OBJ_id_smime_aa,10L
+
+#define SN_id_smime_aa_encrypKeyPref		"id-smime-aa-encrypKeyPref"
+#define NID_id_smime_aa_encrypKeyPref		222
+#define OBJ_id_smime_aa_encrypKeyPref		OBJ_id_smime_aa,11L
+
+#define SN_id_smime_aa_signingCertificate		"id-smime-aa-signingCertificate"
+#define NID_id_smime_aa_signingCertificate		223
+#define OBJ_id_smime_aa_signingCertificate		OBJ_id_smime_aa,12L
+
+#define SN_id_smime_aa_smimeEncryptCerts		"id-smime-aa-smimeEncryptCerts"
+#define NID_id_smime_aa_smimeEncryptCerts		224
+#define OBJ_id_smime_aa_smimeEncryptCerts		OBJ_id_smime_aa,13L
+
+#define SN_id_smime_aa_timeStampToken		"id-smime-aa-timeStampToken"
+#define NID_id_smime_aa_timeStampToken		225
+#define OBJ_id_smime_aa_timeStampToken		OBJ_id_smime_aa,14L
+
+#define SN_id_smime_aa_ets_sigPolicyId		"id-smime-aa-ets-sigPolicyId"
+#define NID_id_smime_aa_ets_sigPolicyId		226
+#define OBJ_id_smime_aa_ets_sigPolicyId		OBJ_id_smime_aa,15L
+
+#define SN_id_smime_aa_ets_commitmentType		"id-smime-aa-ets-commitmentType"
+#define NID_id_smime_aa_ets_commitmentType		227
+#define OBJ_id_smime_aa_ets_commitmentType		OBJ_id_smime_aa,16L
+
+#define SN_id_smime_aa_ets_signerLocation		"id-smime-aa-ets-signerLocation"
+#define NID_id_smime_aa_ets_signerLocation		228
+#define OBJ_id_smime_aa_ets_signerLocation		OBJ_id_smime_aa,17L
+
+#define SN_id_smime_aa_ets_signerAttr		"id-smime-aa-ets-signerAttr"
+#define NID_id_smime_aa_ets_signerAttr		229
+#define OBJ_id_smime_aa_ets_signerAttr		OBJ_id_smime_aa,18L
+
+#define SN_id_smime_aa_ets_otherSigCert		"id-smime-aa-ets-otherSigCert"
+#define NID_id_smime_aa_ets_otherSigCert		230
+#define OBJ_id_smime_aa_ets_otherSigCert		OBJ_id_smime_aa,19L
+
+#define SN_id_smime_aa_ets_contentTimestamp		"id-smime-aa-ets-contentTimestamp"
+#define NID_id_smime_aa_ets_contentTimestamp		231
+#define OBJ_id_smime_aa_ets_contentTimestamp		OBJ_id_smime_aa,20L
+
+#define SN_id_smime_aa_ets_CertificateRefs		"id-smime-aa-ets-CertificateRefs"
+#define NID_id_smime_aa_ets_CertificateRefs		232
+#define OBJ_id_smime_aa_ets_CertificateRefs		OBJ_id_smime_aa,21L
+
+#define SN_id_smime_aa_ets_RevocationRefs		"id-smime-aa-ets-RevocationRefs"
+#define NID_id_smime_aa_ets_RevocationRefs		233
+#define OBJ_id_smime_aa_ets_RevocationRefs		OBJ_id_smime_aa,22L
+
+#define SN_id_smime_aa_ets_certValues		"id-smime-aa-ets-certValues"
+#define NID_id_smime_aa_ets_certValues		234
+#define OBJ_id_smime_aa_ets_certValues		OBJ_id_smime_aa,23L
+
+#define SN_id_smime_aa_ets_revocationValues		"id-smime-aa-ets-revocationValues"
+#define NID_id_smime_aa_ets_revocationValues		235
+#define OBJ_id_smime_aa_ets_revocationValues		OBJ_id_smime_aa,24L
+
+#define SN_id_smime_aa_ets_escTimeStamp		"id-smime-aa-ets-escTimeStamp"
+#define NID_id_smime_aa_ets_escTimeStamp		236
+#define OBJ_id_smime_aa_ets_escTimeStamp		OBJ_id_smime_aa,25L
+
+#define SN_id_smime_aa_ets_certCRLTimestamp		"id-smime-aa-ets-certCRLTimestamp"
+#define NID_id_smime_aa_ets_certCRLTimestamp		237
+#define OBJ_id_smime_aa_ets_certCRLTimestamp		OBJ_id_smime_aa,26L
+
+#define SN_id_smime_aa_ets_archiveTimeStamp		"id-smime-aa-ets-archiveTimeStamp"
+#define NID_id_smime_aa_ets_archiveTimeStamp		238
+#define OBJ_id_smime_aa_ets_archiveTimeStamp		OBJ_id_smime_aa,27L
+
+#define SN_id_smime_aa_signatureType		"id-smime-aa-signatureType"
+#define NID_id_smime_aa_signatureType		239
+#define OBJ_id_smime_aa_signatureType		OBJ_id_smime_aa,28L
+
+#define SN_id_smime_aa_dvcs_dvc		"id-smime-aa-dvcs-dvc"
+#define NID_id_smime_aa_dvcs_dvc		240
+#define OBJ_id_smime_aa_dvcs_dvc		OBJ_id_smime_aa,29L
+
+#define SN_id_smime_alg_ESDHwith3DES		"id-smime-alg-ESDHwith3DES"
+#define NID_id_smime_alg_ESDHwith3DES		241
+#define OBJ_id_smime_alg_ESDHwith3DES		OBJ_id_smime_alg,1L
+
+#define SN_id_smime_alg_ESDHwithRC2		"id-smime-alg-ESDHwithRC2"
+#define NID_id_smime_alg_ESDHwithRC2		242
+#define OBJ_id_smime_alg_ESDHwithRC2		OBJ_id_smime_alg,2L
+
+#define SN_id_smime_alg_3DESwrap		"id-smime-alg-3DESwrap"
+#define NID_id_smime_alg_3DESwrap		243
+#define OBJ_id_smime_alg_3DESwrap		OBJ_id_smime_alg,3L
+
+#define SN_id_smime_alg_RC2wrap		"id-smime-alg-RC2wrap"
+#define NID_id_smime_alg_RC2wrap		244
+#define OBJ_id_smime_alg_RC2wrap		OBJ_id_smime_alg,4L
+
+#define SN_id_smime_alg_ESDH		"id-smime-alg-ESDH"
+#define NID_id_smime_alg_ESDH		245
+#define OBJ_id_smime_alg_ESDH		OBJ_id_smime_alg,5L
+
+#define SN_id_smime_alg_CMS3DESwrap		"id-smime-alg-CMS3DESwrap"
+#define NID_id_smime_alg_CMS3DESwrap		246
+#define OBJ_id_smime_alg_CMS3DESwrap		OBJ_id_smime_alg,6L
+
+#define SN_id_smime_alg_CMSRC2wrap		"id-smime-alg-CMSRC2wrap"
+#define NID_id_smime_alg_CMSRC2wrap		247
+#define OBJ_id_smime_alg_CMSRC2wrap		OBJ_id_smime_alg,7L
+
+#define SN_id_smime_cd_ldap		"id-smime-cd-ldap"
+#define NID_id_smime_cd_ldap		248
+#define OBJ_id_smime_cd_ldap		OBJ_id_smime_cd,1L
+
+#define SN_id_smime_spq_ets_sqt_uri		"id-smime-spq-ets-sqt-uri"
+#define NID_id_smime_spq_ets_sqt_uri		249
+#define OBJ_id_smime_spq_ets_sqt_uri		OBJ_id_smime_spq,1L
+
+#define SN_id_smime_spq_ets_sqt_unotice		"id-smime-spq-ets-sqt-unotice"
+#define NID_id_smime_spq_ets_sqt_unotice		250
+#define OBJ_id_smime_spq_ets_sqt_unotice		OBJ_id_smime_spq,2L
+
+#define SN_id_smime_cti_ets_proofOfOrigin		"id-smime-cti-ets-proofOfOrigin"
+#define NID_id_smime_cti_ets_proofOfOrigin		251
+#define OBJ_id_smime_cti_ets_proofOfOrigin		OBJ_id_smime_cti,1L
+
+#define SN_id_smime_cti_ets_proofOfReceipt		"id-smime-cti-ets-proofOfReceipt"
+#define NID_id_smime_cti_ets_proofOfReceipt		252
+#define OBJ_id_smime_cti_ets_proofOfReceipt		OBJ_id_smime_cti,2L
+
+#define SN_id_smime_cti_ets_proofOfDelivery		"id-smime-cti-ets-proofOfDelivery"
+#define NID_id_smime_cti_ets_proofOfDelivery		253
+#define OBJ_id_smime_cti_ets_proofOfDelivery		OBJ_id_smime_cti,3L
+
+#define SN_id_smime_cti_ets_proofOfSender		"id-smime-cti-ets-proofOfSender"
+#define NID_id_smime_cti_ets_proofOfSender		254
+#define OBJ_id_smime_cti_ets_proofOfSender		OBJ_id_smime_cti,4L
+
+#define SN_id_smime_cti_ets_proofOfApproval		"id-smime-cti-ets-proofOfApproval"
+#define NID_id_smime_cti_ets_proofOfApproval		255
+#define OBJ_id_smime_cti_ets_proofOfApproval		OBJ_id_smime_cti,5L
+
+#define SN_id_smime_cti_ets_proofOfCreation		"id-smime-cti-ets-proofOfCreation"
+#define NID_id_smime_cti_ets_proofOfCreation		256
+#define OBJ_id_smime_cti_ets_proofOfCreation		OBJ_id_smime_cti,6L
+
+#define LN_friendlyName		"friendlyName"
+#define NID_friendlyName		156
+#define OBJ_friendlyName		OBJ_pkcs9,20L
+
+#define LN_localKeyID		"localKeyID"
+#define NID_localKeyID		157
+#define OBJ_localKeyID		OBJ_pkcs9,21L
+
+#define SN_ms_csp_name		"CSPName"
+#define LN_ms_csp_name		"Microsoft CSP Name"
+#define NID_ms_csp_name		417
+#define OBJ_ms_csp_name		1L,3L,6L,1L,4L,1L,311L,17L,1L
+
+#define OBJ_certTypes		OBJ_pkcs9,22L
+
+#define LN_x509Certificate		"x509Certificate"
+#define NID_x509Certificate		158
+#define OBJ_x509Certificate		OBJ_certTypes,1L
+
+#define LN_sdsiCertificate		"sdsiCertificate"
+#define NID_sdsiCertificate		159
+#define OBJ_sdsiCertificate		OBJ_certTypes,2L
+
+#define OBJ_crlTypes		OBJ_pkcs9,23L
+
+#define LN_x509Crl		"x509Crl"
+#define NID_x509Crl		160
+#define OBJ_x509Crl		OBJ_crlTypes,1L
+
+#define OBJ_pkcs12		OBJ_pkcs,12L
+
+#define OBJ_pkcs12_pbeids		OBJ_pkcs12,1L
+
+#define SN_pbe_WithSHA1And128BitRC4		"PBE-SHA1-RC4-128"
+#define LN_pbe_WithSHA1And128BitRC4		"pbeWithSHA1And128BitRC4"
+#define NID_pbe_WithSHA1And128BitRC4		144
+#define OBJ_pbe_WithSHA1And128BitRC4		OBJ_pkcs12_pbeids,1L
+
+#define SN_pbe_WithSHA1And40BitRC4		"PBE-SHA1-RC4-40"
+#define LN_pbe_WithSHA1And40BitRC4		"pbeWithSHA1And40BitRC4"
+#define NID_pbe_WithSHA1And40BitRC4		145
+#define OBJ_pbe_WithSHA1And40BitRC4		OBJ_pkcs12_pbeids,2L
+
+#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC		"PBE-SHA1-3DES"
+#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC		"pbeWithSHA1And3-KeyTripleDES-CBC"
+#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC		146
+#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC		OBJ_pkcs12_pbeids,3L
+
+#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC		"PBE-SHA1-2DES"
+#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC		"pbeWithSHA1And2-KeyTripleDES-CBC"
+#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC		147
+#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC		OBJ_pkcs12_pbeids,4L
+
+#define SN_pbe_WithSHA1And128BitRC2_CBC		"PBE-SHA1-RC2-128"
+#define LN_pbe_WithSHA1And128BitRC2_CBC		"pbeWithSHA1And128BitRC2-CBC"
+#define NID_pbe_WithSHA1And128BitRC2_CBC		148
+#define OBJ_pbe_WithSHA1And128BitRC2_CBC		OBJ_pkcs12_pbeids,5L
+
+#define SN_pbe_WithSHA1And40BitRC2_CBC		"PBE-SHA1-RC2-40"
+#define LN_pbe_WithSHA1And40BitRC2_CBC		"pbeWithSHA1And40BitRC2-CBC"
+#define NID_pbe_WithSHA1And40BitRC2_CBC		149
+#define OBJ_pbe_WithSHA1And40BitRC2_CBC		OBJ_pkcs12_pbeids,6L
+
+#define OBJ_pkcs12_Version1		OBJ_pkcs12,10L
+
+#define OBJ_pkcs12_BagIds		OBJ_pkcs12_Version1,1L
+
+#define LN_keyBag		"keyBag"
+#define NID_keyBag		150
+#define OBJ_keyBag		OBJ_pkcs12_BagIds,1L
+
+#define LN_pkcs8ShroudedKeyBag		"pkcs8ShroudedKeyBag"
+#define NID_pkcs8ShroudedKeyBag		151
+#define OBJ_pkcs8ShroudedKeyBag		OBJ_pkcs12_BagIds,2L
+
+#define LN_certBag		"certBag"
+#define NID_certBag		152
+#define OBJ_certBag		OBJ_pkcs12_BagIds,3L
+
+#define LN_crlBag		"crlBag"
+#define NID_crlBag		153
+#define OBJ_crlBag		OBJ_pkcs12_BagIds,4L
+
+#define LN_secretBag		"secretBag"
+#define NID_secretBag		154
+#define OBJ_secretBag		OBJ_pkcs12_BagIds,5L
+
+#define LN_safeContentsBag		"safeContentsBag"
+#define NID_safeContentsBag		155
+#define OBJ_safeContentsBag		OBJ_pkcs12_BagIds,6L
+
+#define SN_md2		"MD2"
+#define LN_md2		"md2"
+#define NID_md2		3
+#define OBJ_md2		OBJ_rsadsi,2L,2L
+
+#define SN_md4		"MD4"
+#define LN_md4		"md4"
+#define NID_md4		257
+#define OBJ_md4		OBJ_rsadsi,2L,4L
+
+#define SN_md5		"MD5"
+#define LN_md5		"md5"
+#define NID_md5		4
+#define OBJ_md5		OBJ_rsadsi,2L,5L
+
+#define SN_md5_sha1		"MD5-SHA1"
+#define LN_md5_sha1		"md5-sha1"
+#define NID_md5_sha1		114
+
+#define LN_hmacWithSHA1		"hmacWithSHA1"
+#define NID_hmacWithSHA1		163
+#define OBJ_hmacWithSHA1		OBJ_rsadsi,2L,7L
+
+#define SN_rc2_cbc		"RC2-CBC"
+#define LN_rc2_cbc		"rc2-cbc"
+#define NID_rc2_cbc		37
+#define OBJ_rc2_cbc		OBJ_rsadsi,3L,2L
+
+#define SN_rc2_ecb		"RC2-ECB"
+#define LN_rc2_ecb		"rc2-ecb"
+#define NID_rc2_ecb		38
+
+#define SN_rc2_cfb64		"RC2-CFB"
+#define LN_rc2_cfb64		"rc2-cfb"
+#define NID_rc2_cfb64		39
+
+#define SN_rc2_ofb64		"RC2-OFB"
+#define LN_rc2_ofb64		"rc2-ofb"
+#define NID_rc2_ofb64		40
+
+#define SN_rc2_40_cbc		"RC2-40-CBC"
+#define LN_rc2_40_cbc		"rc2-40-cbc"
+#define NID_rc2_40_cbc		98
+
+#define SN_rc2_64_cbc		"RC2-64-CBC"
+#define LN_rc2_64_cbc		"rc2-64-cbc"
+#define NID_rc2_64_cbc		166
+
+#define SN_rc4		"RC4"
+#define LN_rc4		"rc4"
+#define NID_rc4		5
+#define OBJ_rc4		OBJ_rsadsi,3L,4L
+
+#define SN_rc4_40		"RC4-40"
+#define LN_rc4_40		"rc4-40"
+#define NID_rc4_40		97
+
+#define SN_des_ede3_cbc		"DES-EDE3-CBC"
+#define LN_des_ede3_cbc		"des-ede3-cbc"
+#define NID_des_ede3_cbc		44
+#define OBJ_des_ede3_cbc		OBJ_rsadsi,3L,7L
+
+#define SN_rc5_cbc		"RC5-CBC"
+#define LN_rc5_cbc		"rc5-cbc"
+#define NID_rc5_cbc		120
+#define OBJ_rc5_cbc		OBJ_rsadsi,3L,8L
+
+#define SN_rc5_ecb		"RC5-ECB"
+#define LN_rc5_ecb		"rc5-ecb"
+#define NID_rc5_ecb		121
+
+#define SN_rc5_cfb64		"RC5-CFB"
+#define LN_rc5_cfb64		"rc5-cfb"
+#define NID_rc5_cfb64		122
+
+#define SN_rc5_ofb64		"RC5-OFB"
+#define LN_rc5_ofb64		"rc5-ofb"
+#define NID_rc5_ofb64		123
+
+#define SN_ms_ext_req		"msExtReq"
+#define LN_ms_ext_req		"Microsoft Extension Request"
+#define NID_ms_ext_req		171
+#define OBJ_ms_ext_req		1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+
+#define SN_ms_code_ind		"msCodeInd"
+#define LN_ms_code_ind		"Microsoft Individual Code Signing"
+#define NID_ms_code_ind		134
+#define OBJ_ms_code_ind		1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+
+#define SN_ms_code_com		"msCodeCom"
+#define LN_ms_code_com		"Microsoft Commercial Code Signing"
+#define NID_ms_code_com		135
+#define OBJ_ms_code_com		1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+
+#define SN_ms_ctl_sign		"msCTLSign"
+#define LN_ms_ctl_sign		"Microsoft Trust List Signing"
+#define NID_ms_ctl_sign		136
+#define OBJ_ms_ctl_sign		1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+
+#define SN_ms_sgc		"msSGC"
+#define LN_ms_sgc		"Microsoft Server Gated Crypto"
+#define NID_ms_sgc		137
+#define OBJ_ms_sgc		1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+
+#define SN_ms_efs		"msEFS"
+#define LN_ms_efs		"Microsoft Encrypted File System"
+#define NID_ms_efs		138
+#define OBJ_ms_efs		1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+
+#define SN_ms_smartcard_login		"msSmartcardLogin"
+#define LN_ms_smartcard_login		"Microsoft Smartcardlogin"
+#define NID_ms_smartcard_login		716
+#define OBJ_ms_smartcard_login		1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+
+#define SN_ms_upn		"msUPN"
+#define LN_ms_upn		"Microsoft Universal Principal Name"
+#define NID_ms_upn		717
+#define OBJ_ms_upn		1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+
+#define SN_idea_cbc		"IDEA-CBC"
+#define LN_idea_cbc		"idea-cbc"
+#define NID_idea_cbc		34
+#define OBJ_idea_cbc		1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L
+
+#define SN_idea_ecb		"IDEA-ECB"
+#define LN_idea_ecb		"idea-ecb"
+#define NID_idea_ecb		36
+
+#define SN_idea_cfb64		"IDEA-CFB"
+#define LN_idea_cfb64		"idea-cfb"
+#define NID_idea_cfb64		35
+
+#define SN_idea_ofb64		"IDEA-OFB"
+#define LN_idea_ofb64		"idea-ofb"
+#define NID_idea_ofb64		46
+
+#define SN_bf_cbc		"BF-CBC"
+#define LN_bf_cbc		"bf-cbc"
+#define NID_bf_cbc		91
+#define OBJ_bf_cbc		1L,3L,6L,1L,4L,1L,3029L,1L,2L
+
+#define SN_bf_ecb		"BF-ECB"
+#define LN_bf_ecb		"bf-ecb"
+#define NID_bf_ecb		92
+
+#define SN_bf_cfb64		"BF-CFB"
+#define LN_bf_cfb64		"bf-cfb"
+#define NID_bf_cfb64		93
+
+#define SN_bf_ofb64		"BF-OFB"
+#define LN_bf_ofb64		"bf-ofb"
+#define NID_bf_ofb64		94
+
+#define SN_id_pkix		"PKIX"
+#define NID_id_pkix		127
+#define OBJ_id_pkix		1L,3L,6L,1L,5L,5L,7L
+
+#define SN_id_pkix_mod		"id-pkix-mod"
+#define NID_id_pkix_mod		258
+#define OBJ_id_pkix_mod		OBJ_id_pkix,0L
+
+#define SN_id_pe		"id-pe"
+#define NID_id_pe		175
+#define OBJ_id_pe		OBJ_id_pkix,1L
+
+#define SN_id_qt		"id-qt"
+#define NID_id_qt		259
+#define OBJ_id_qt		OBJ_id_pkix,2L
+
+#define SN_id_kp		"id-kp"
+#define NID_id_kp		128
+#define OBJ_id_kp		OBJ_id_pkix,3L
+
+#define SN_id_it		"id-it"
+#define NID_id_it		260
+#define OBJ_id_it		OBJ_id_pkix,4L
+
+#define SN_id_pkip		"id-pkip"
+#define NID_id_pkip		261
+#define OBJ_id_pkip		OBJ_id_pkix,5L
+
+#define SN_id_alg		"id-alg"
+#define NID_id_alg		262
+#define OBJ_id_alg		OBJ_id_pkix,6L
+
+#define SN_id_cmc		"id-cmc"
+#define NID_id_cmc		263
+#define OBJ_id_cmc		OBJ_id_pkix,7L
+
+#define SN_id_on		"id-on"
+#define NID_id_on		264
+#define OBJ_id_on		OBJ_id_pkix,8L
+
+#define SN_id_pda		"id-pda"
+#define NID_id_pda		265
+#define OBJ_id_pda		OBJ_id_pkix,9L
+
+#define SN_id_aca		"id-aca"
+#define NID_id_aca		266
+#define OBJ_id_aca		OBJ_id_pkix,10L
+
+#define SN_id_qcs		"id-qcs"
+#define NID_id_qcs		267
+#define OBJ_id_qcs		OBJ_id_pkix,11L
+
+#define SN_id_cct		"id-cct"
+#define NID_id_cct		268
+#define OBJ_id_cct		OBJ_id_pkix,12L
+
+#define SN_id_ad		"id-ad"
+#define NID_id_ad		176
+#define OBJ_id_ad		OBJ_id_pkix,48L
+
+#define SN_id_pkix1_explicit_88		"id-pkix1-explicit-88"
+#define NID_id_pkix1_explicit_88		269
+#define OBJ_id_pkix1_explicit_88		OBJ_id_pkix_mod,1L
+
+#define SN_id_pkix1_implicit_88		"id-pkix1-implicit-88"
+#define NID_id_pkix1_implicit_88		270
+#define OBJ_id_pkix1_implicit_88		OBJ_id_pkix_mod,2L
+
+#define SN_id_pkix1_explicit_93		"id-pkix1-explicit-93"
+#define NID_id_pkix1_explicit_93		271
+#define OBJ_id_pkix1_explicit_93		OBJ_id_pkix_mod,3L
+
+#define SN_id_pkix1_implicit_93		"id-pkix1-implicit-93"
+#define NID_id_pkix1_implicit_93		272
+#define OBJ_id_pkix1_implicit_93		OBJ_id_pkix_mod,4L
+
+#define SN_id_mod_crmf		"id-mod-crmf"
+#define NID_id_mod_crmf		273
+#define OBJ_id_mod_crmf		OBJ_id_pkix_mod,5L
+
+#define SN_id_mod_cmc		"id-mod-cmc"
+#define NID_id_mod_cmc		274
+#define OBJ_id_mod_cmc		OBJ_id_pkix_mod,6L
+
+#define SN_id_mod_kea_profile_88		"id-mod-kea-profile-88"
+#define NID_id_mod_kea_profile_88		275
+#define OBJ_id_mod_kea_profile_88		OBJ_id_pkix_mod,7L
+
+#define SN_id_mod_kea_profile_93		"id-mod-kea-profile-93"
+#define NID_id_mod_kea_profile_93		276
+#define OBJ_id_mod_kea_profile_93		OBJ_id_pkix_mod,8L
+
+#define SN_id_mod_cmp		"id-mod-cmp"
+#define NID_id_mod_cmp		277
+#define OBJ_id_mod_cmp		OBJ_id_pkix_mod,9L
+
+#define SN_id_mod_qualified_cert_88		"id-mod-qualified-cert-88"
+#define NID_id_mod_qualified_cert_88		278
+#define OBJ_id_mod_qualified_cert_88		OBJ_id_pkix_mod,10L
+
+#define SN_id_mod_qualified_cert_93		"id-mod-qualified-cert-93"
+#define NID_id_mod_qualified_cert_93		279
+#define OBJ_id_mod_qualified_cert_93		OBJ_id_pkix_mod,11L
+
+#define SN_id_mod_attribute_cert		"id-mod-attribute-cert"
+#define NID_id_mod_attribute_cert		280
+#define OBJ_id_mod_attribute_cert		OBJ_id_pkix_mod,12L
+
+#define SN_id_mod_timestamp_protocol		"id-mod-timestamp-protocol"
+#define NID_id_mod_timestamp_protocol		281
+#define OBJ_id_mod_timestamp_protocol		OBJ_id_pkix_mod,13L
+
+#define SN_id_mod_ocsp		"id-mod-ocsp"
+#define NID_id_mod_ocsp		282
+#define OBJ_id_mod_ocsp		OBJ_id_pkix_mod,14L
+
+#define SN_id_mod_dvcs		"id-mod-dvcs"
+#define NID_id_mod_dvcs		283
+#define OBJ_id_mod_dvcs		OBJ_id_pkix_mod,15L
+
+#define SN_id_mod_cmp2000		"id-mod-cmp2000"
+#define NID_id_mod_cmp2000		284
+#define OBJ_id_mod_cmp2000		OBJ_id_pkix_mod,16L
+
+#define SN_info_access		"authorityInfoAccess"
+#define LN_info_access		"Authority Information Access"
+#define NID_info_access		177
+#define OBJ_info_access		OBJ_id_pe,1L
+
+#define SN_biometricInfo		"biometricInfo"
+#define LN_biometricInfo		"Biometric Info"
+#define NID_biometricInfo		285
+#define OBJ_biometricInfo		OBJ_id_pe,2L
+
+#define SN_qcStatements		"qcStatements"
+#define NID_qcStatements		286
+#define OBJ_qcStatements		OBJ_id_pe,3L
+
+#define SN_ac_auditEntity		"ac-auditEntity"
+#define NID_ac_auditEntity		287
+#define OBJ_ac_auditEntity		OBJ_id_pe,4L
+
+#define SN_ac_targeting		"ac-targeting"
+#define NID_ac_targeting		288
+#define OBJ_ac_targeting		OBJ_id_pe,5L
+
+#define SN_aaControls		"aaControls"
+#define NID_aaControls		289
+#define OBJ_aaControls		OBJ_id_pe,6L
+
+#define SN_sbqp_ipAddrBlock		"sbqp-ipAddrBlock"
+#define NID_sbqp_ipAddrBlock		290
+#define OBJ_sbqp_ipAddrBlock		OBJ_id_pe,7L
+
+#define SN_sbqp_autonomousSysNum		"sbqp-autonomousSysNum"
+#define NID_sbqp_autonomousSysNum		291
+#define OBJ_sbqp_autonomousSysNum		OBJ_id_pe,8L
+
+#define SN_sbqp_routerIdentifier		"sbqp-routerIdentifier"
+#define NID_sbqp_routerIdentifier		292
+#define OBJ_sbqp_routerIdentifier		OBJ_id_pe,9L
+
+#define SN_ac_proxying		"ac-proxying"
+#define NID_ac_proxying		397
+#define OBJ_ac_proxying		OBJ_id_pe,10L
+
+#define SN_sinfo_access		"subjectInfoAccess"
+#define LN_sinfo_access		"Subject Information Access"
+#define NID_sinfo_access		398
+#define OBJ_sinfo_access		OBJ_id_pe,11L
+
+#define SN_id_qt_cps		"id-qt-cps"
+#define LN_id_qt_cps		"Policy Qualifier CPS"
+#define NID_id_qt_cps		164
+#define OBJ_id_qt_cps		OBJ_id_qt,1L
+
+#define SN_id_qt_unotice		"id-qt-unotice"
+#define LN_id_qt_unotice		"Policy Qualifier User Notice"
+#define NID_id_qt_unotice		165
+#define OBJ_id_qt_unotice		OBJ_id_qt,2L
+
+#define SN_textNotice		"textNotice"
+#define NID_textNotice		293
+#define OBJ_textNotice		OBJ_id_qt,3L
+
+#define SN_server_auth		"serverAuth"
+#define LN_server_auth		"TLS Web Server Authentication"
+#define NID_server_auth		129
+#define OBJ_server_auth		OBJ_id_kp,1L
+
+#define SN_client_auth		"clientAuth"
+#define LN_client_auth		"TLS Web Client Authentication"
+#define NID_client_auth		130
+#define OBJ_client_auth		OBJ_id_kp,2L
+
+#define SN_code_sign		"codeSigning"
+#define LN_code_sign		"Code Signing"
+#define NID_code_sign		131
+#define OBJ_code_sign		OBJ_id_kp,3L
+
+#define SN_email_protect		"emailProtection"
+#define LN_email_protect		"E-mail Protection"
+#define NID_email_protect		132
+#define OBJ_email_protect		OBJ_id_kp,4L
+
+#define SN_ipsecEndSystem		"ipsecEndSystem"
+#define LN_ipsecEndSystem		"IPSec End System"
+#define NID_ipsecEndSystem		294
+#define OBJ_ipsecEndSystem		OBJ_id_kp,5L
+
+#define SN_ipsecTunnel		"ipsecTunnel"
+#define LN_ipsecTunnel		"IPSec Tunnel"
+#define NID_ipsecTunnel		295
+#define OBJ_ipsecTunnel		OBJ_id_kp,6L
+
+#define SN_ipsecUser		"ipsecUser"
+#define LN_ipsecUser		"IPSec User"
+#define NID_ipsecUser		296
+#define OBJ_ipsecUser		OBJ_id_kp,7L
+
+#define SN_time_stamp		"timeStamping"
+#define LN_time_stamp		"Time Stamping"
+#define NID_time_stamp		133
+#define OBJ_time_stamp		OBJ_id_kp,8L
+
+#define SN_OCSP_sign		"OCSPSigning"
+#define LN_OCSP_sign		"OCSP Signing"
+#define NID_OCSP_sign		180
+#define OBJ_OCSP_sign		OBJ_id_kp,9L
+
+#define SN_dvcs		"DVCS"
+#define LN_dvcs		"dvcs"
+#define NID_dvcs		297
+#define OBJ_dvcs		OBJ_id_kp,10L
+
+#define SN_id_it_caProtEncCert		"id-it-caProtEncCert"
+#define NID_id_it_caProtEncCert		298
+#define OBJ_id_it_caProtEncCert		OBJ_id_it,1L
+
+#define SN_id_it_signKeyPairTypes		"id-it-signKeyPairTypes"
+#define NID_id_it_signKeyPairTypes		299
+#define OBJ_id_it_signKeyPairTypes		OBJ_id_it,2L
+
+#define SN_id_it_encKeyPairTypes		"id-it-encKeyPairTypes"
+#define NID_id_it_encKeyPairTypes		300
+#define OBJ_id_it_encKeyPairTypes		OBJ_id_it,3L
+
+#define SN_id_it_preferredSymmAlg		"id-it-preferredSymmAlg"
+#define NID_id_it_preferredSymmAlg		301
+#define OBJ_id_it_preferredSymmAlg		OBJ_id_it,4L
+
+#define SN_id_it_caKeyUpdateInfo		"id-it-caKeyUpdateInfo"
+#define NID_id_it_caKeyUpdateInfo		302
+#define OBJ_id_it_caKeyUpdateInfo		OBJ_id_it,5L
+
+#define SN_id_it_currentCRL		"id-it-currentCRL"
+#define NID_id_it_currentCRL		303
+#define OBJ_id_it_currentCRL		OBJ_id_it,6L
+
+#define SN_id_it_unsupportedOIDs		"id-it-unsupportedOIDs"
+#define NID_id_it_unsupportedOIDs		304
+#define OBJ_id_it_unsupportedOIDs		OBJ_id_it,7L
+
+#define SN_id_it_subscriptionRequest		"id-it-subscriptionRequest"
+#define NID_id_it_subscriptionRequest		305
+#define OBJ_id_it_subscriptionRequest		OBJ_id_it,8L
+
+#define SN_id_it_subscriptionResponse		"id-it-subscriptionResponse"
+#define NID_id_it_subscriptionResponse		306
+#define OBJ_id_it_subscriptionResponse		OBJ_id_it,9L
+
+#define SN_id_it_keyPairParamReq		"id-it-keyPairParamReq"
+#define NID_id_it_keyPairParamReq		307
+#define OBJ_id_it_keyPairParamReq		OBJ_id_it,10L
+
+#define SN_id_it_keyPairParamRep		"id-it-keyPairParamRep"
+#define NID_id_it_keyPairParamRep		308
+#define OBJ_id_it_keyPairParamRep		OBJ_id_it,11L
+
+#define SN_id_it_revPassphrase		"id-it-revPassphrase"
+#define NID_id_it_revPassphrase		309
+#define OBJ_id_it_revPassphrase		OBJ_id_it,12L
+
+#define SN_id_it_implicitConfirm		"id-it-implicitConfirm"
+#define NID_id_it_implicitConfirm		310
+#define OBJ_id_it_implicitConfirm		OBJ_id_it,13L
+
+#define SN_id_it_confirmWaitTime		"id-it-confirmWaitTime"
+#define NID_id_it_confirmWaitTime		311
+#define OBJ_id_it_confirmWaitTime		OBJ_id_it,14L
+
+#define SN_id_it_origPKIMessage		"id-it-origPKIMessage"
+#define NID_id_it_origPKIMessage		312
+#define OBJ_id_it_origPKIMessage		OBJ_id_it,15L
+
+#define SN_id_regCtrl		"id-regCtrl"
+#define NID_id_regCtrl		313
+#define OBJ_id_regCtrl		OBJ_id_pkip,1L
+
+#define SN_id_regInfo		"id-regInfo"
+#define NID_id_regInfo		314
+#define OBJ_id_regInfo		OBJ_id_pkip,2L
+
+#define SN_id_regCtrl_regToken		"id-regCtrl-regToken"
+#define NID_id_regCtrl_regToken		315
+#define OBJ_id_regCtrl_regToken		OBJ_id_regCtrl,1L
+
+#define SN_id_regCtrl_authenticator		"id-regCtrl-authenticator"
+#define NID_id_regCtrl_authenticator		316
+#define OBJ_id_regCtrl_authenticator		OBJ_id_regCtrl,2L
+
+#define SN_id_regCtrl_pkiPublicationInfo		"id-regCtrl-pkiPublicationInfo"
+#define NID_id_regCtrl_pkiPublicationInfo		317
+#define OBJ_id_regCtrl_pkiPublicationInfo		OBJ_id_regCtrl,3L
+
+#define SN_id_regCtrl_pkiArchiveOptions		"id-regCtrl-pkiArchiveOptions"
+#define NID_id_regCtrl_pkiArchiveOptions		318
+#define OBJ_id_regCtrl_pkiArchiveOptions		OBJ_id_regCtrl,4L
+
+#define SN_id_regCtrl_oldCertID		"id-regCtrl-oldCertID"
+#define NID_id_regCtrl_oldCertID		319
+#define OBJ_id_regCtrl_oldCertID		OBJ_id_regCtrl,5L
+
+#define SN_id_regCtrl_protocolEncrKey		"id-regCtrl-protocolEncrKey"
+#define NID_id_regCtrl_protocolEncrKey		320
+#define OBJ_id_regCtrl_protocolEncrKey		OBJ_id_regCtrl,6L
+
+#define SN_id_regInfo_utf8Pairs		"id-regInfo-utf8Pairs"
+#define NID_id_regInfo_utf8Pairs		321
+#define OBJ_id_regInfo_utf8Pairs		OBJ_id_regInfo,1L
+
+#define SN_id_regInfo_certReq		"id-regInfo-certReq"
+#define NID_id_regInfo_certReq		322
+#define OBJ_id_regInfo_certReq		OBJ_id_regInfo,2L
+
+#define SN_id_alg_des40		"id-alg-des40"
+#define NID_id_alg_des40		323
+#define OBJ_id_alg_des40		OBJ_id_alg,1L
+
+#define SN_id_alg_noSignature		"id-alg-noSignature"
+#define NID_id_alg_noSignature		324
+#define OBJ_id_alg_noSignature		OBJ_id_alg,2L
+
+#define SN_id_alg_dh_sig_hmac_sha1		"id-alg-dh-sig-hmac-sha1"
+#define NID_id_alg_dh_sig_hmac_sha1		325
+#define OBJ_id_alg_dh_sig_hmac_sha1		OBJ_id_alg,3L
+
+#define SN_id_alg_dh_pop		"id-alg-dh-pop"
+#define NID_id_alg_dh_pop		326
+#define OBJ_id_alg_dh_pop		OBJ_id_alg,4L
+
+#define SN_id_cmc_statusInfo		"id-cmc-statusInfo"
+#define NID_id_cmc_statusInfo		327
+#define OBJ_id_cmc_statusInfo		OBJ_id_cmc,1L
+
+#define SN_id_cmc_identification		"id-cmc-identification"
+#define NID_id_cmc_identification		328
+#define OBJ_id_cmc_identification		OBJ_id_cmc,2L
+
+#define SN_id_cmc_identityProof		"id-cmc-identityProof"
+#define NID_id_cmc_identityProof		329
+#define OBJ_id_cmc_identityProof		OBJ_id_cmc,3L
+
+#define SN_id_cmc_dataReturn		"id-cmc-dataReturn"
+#define NID_id_cmc_dataReturn		330
+#define OBJ_id_cmc_dataReturn		OBJ_id_cmc,4L
+
+#define SN_id_cmc_transactionId		"id-cmc-transactionId"
+#define NID_id_cmc_transactionId		331
+#define OBJ_id_cmc_transactionId		OBJ_id_cmc,5L
+
+#define SN_id_cmc_senderNonce		"id-cmc-senderNonce"
+#define NID_id_cmc_senderNonce		332
+#define OBJ_id_cmc_senderNonce		OBJ_id_cmc,6L
+
+#define SN_id_cmc_recipientNonce		"id-cmc-recipientNonce"
+#define NID_id_cmc_recipientNonce		333
+#define OBJ_id_cmc_recipientNonce		OBJ_id_cmc,7L
+
+#define SN_id_cmc_addExtensions		"id-cmc-addExtensions"
+#define NID_id_cmc_addExtensions		334
+#define OBJ_id_cmc_addExtensions		OBJ_id_cmc,8L
+
+#define SN_id_cmc_encryptedPOP		"id-cmc-encryptedPOP"
+#define NID_id_cmc_encryptedPOP		335
+#define OBJ_id_cmc_encryptedPOP		OBJ_id_cmc,9L
+
+#define SN_id_cmc_decryptedPOP		"id-cmc-decryptedPOP"
+#define NID_id_cmc_decryptedPOP		336
+#define OBJ_id_cmc_decryptedPOP		OBJ_id_cmc,10L
+
+#define SN_id_cmc_lraPOPWitness		"id-cmc-lraPOPWitness"
+#define NID_id_cmc_lraPOPWitness		337
+#define OBJ_id_cmc_lraPOPWitness		OBJ_id_cmc,11L
+
+#define SN_id_cmc_getCert		"id-cmc-getCert"
+#define NID_id_cmc_getCert		338
+#define OBJ_id_cmc_getCert		OBJ_id_cmc,15L
+
+#define SN_id_cmc_getCRL		"id-cmc-getCRL"
+#define NID_id_cmc_getCRL		339
+#define OBJ_id_cmc_getCRL		OBJ_id_cmc,16L
+
+#define SN_id_cmc_revokeRequest		"id-cmc-revokeRequest"
+#define NID_id_cmc_revokeRequest		340
+#define OBJ_id_cmc_revokeRequest		OBJ_id_cmc,17L
+
+#define SN_id_cmc_regInfo		"id-cmc-regInfo"
+#define NID_id_cmc_regInfo		341
+#define OBJ_id_cmc_regInfo		OBJ_id_cmc,18L
+
+#define SN_id_cmc_responseInfo		"id-cmc-responseInfo"
+#define NID_id_cmc_responseInfo		342
+#define OBJ_id_cmc_responseInfo		OBJ_id_cmc,19L
+
+#define SN_id_cmc_queryPending		"id-cmc-queryPending"
+#define NID_id_cmc_queryPending		343
+#define OBJ_id_cmc_queryPending		OBJ_id_cmc,21L
+
+#define SN_id_cmc_popLinkRandom		"id-cmc-popLinkRandom"
+#define NID_id_cmc_popLinkRandom		344
+#define OBJ_id_cmc_popLinkRandom		OBJ_id_cmc,22L
+
+#define SN_id_cmc_popLinkWitness		"id-cmc-popLinkWitness"
+#define NID_id_cmc_popLinkWitness		345
+#define OBJ_id_cmc_popLinkWitness		OBJ_id_cmc,23L
+
+#define SN_id_cmc_confirmCertAcceptance		"id-cmc-confirmCertAcceptance"
+#define NID_id_cmc_confirmCertAcceptance		346
+#define OBJ_id_cmc_confirmCertAcceptance		OBJ_id_cmc,24L
+
+#define SN_id_on_personalData		"id-on-personalData"
+#define NID_id_on_personalData		347
+#define OBJ_id_on_personalData		OBJ_id_on,1L
+
+#define SN_id_pda_dateOfBirth		"id-pda-dateOfBirth"
+#define NID_id_pda_dateOfBirth		348
+#define OBJ_id_pda_dateOfBirth		OBJ_id_pda,1L
+
+#define SN_id_pda_placeOfBirth		"id-pda-placeOfBirth"
+#define NID_id_pda_placeOfBirth		349
+#define OBJ_id_pda_placeOfBirth		OBJ_id_pda,2L
+
+#define SN_id_pda_gender		"id-pda-gender"
+#define NID_id_pda_gender		351
+#define OBJ_id_pda_gender		OBJ_id_pda,3L
+
+#define SN_id_pda_countryOfCitizenship		"id-pda-countryOfCitizenship"
+#define NID_id_pda_countryOfCitizenship		352
+#define OBJ_id_pda_countryOfCitizenship		OBJ_id_pda,4L
+
+#define SN_id_pda_countryOfResidence		"id-pda-countryOfResidence"
+#define NID_id_pda_countryOfResidence		353
+#define OBJ_id_pda_countryOfResidence		OBJ_id_pda,5L
+
+#define SN_id_aca_authenticationInfo		"id-aca-authenticationInfo"
+#define NID_id_aca_authenticationInfo		354
+#define OBJ_id_aca_authenticationInfo		OBJ_id_aca,1L
+
+#define SN_id_aca_accessIdentity		"id-aca-accessIdentity"
+#define NID_id_aca_accessIdentity		355
+#define OBJ_id_aca_accessIdentity		OBJ_id_aca,2L
+
+#define SN_id_aca_chargingIdentity		"id-aca-chargingIdentity"
+#define NID_id_aca_chargingIdentity		356
+#define OBJ_id_aca_chargingIdentity		OBJ_id_aca,3L
+
+#define SN_id_aca_group		"id-aca-group"
+#define NID_id_aca_group		357
+#define OBJ_id_aca_group		OBJ_id_aca,4L
+
+#define SN_id_aca_role		"id-aca-role"
+#define NID_id_aca_role		358
+#define OBJ_id_aca_role		OBJ_id_aca,5L
+
+#define SN_id_aca_encAttrs		"id-aca-encAttrs"
+#define NID_id_aca_encAttrs		399
+#define OBJ_id_aca_encAttrs		OBJ_id_aca,6L
+
+#define SN_id_qcs_pkixQCSyntax_v1		"id-qcs-pkixQCSyntax-v1"
+#define NID_id_qcs_pkixQCSyntax_v1		359
+#define OBJ_id_qcs_pkixQCSyntax_v1		OBJ_id_qcs,1L
+
+#define SN_id_cct_crs		"id-cct-crs"
+#define NID_id_cct_crs		360
+#define OBJ_id_cct_crs		OBJ_id_cct,1L
+
+#define SN_id_cct_PKIData		"id-cct-PKIData"
+#define NID_id_cct_PKIData		361
+#define OBJ_id_cct_PKIData		OBJ_id_cct,2L
+
+#define SN_id_cct_PKIResponse		"id-cct-PKIResponse"
+#define NID_id_cct_PKIResponse		362
+#define OBJ_id_cct_PKIResponse		OBJ_id_cct,3L
+
+#define SN_ad_OCSP		"OCSP"
+#define LN_ad_OCSP		"OCSP"
+#define NID_ad_OCSP		178
+#define OBJ_ad_OCSP		OBJ_id_ad,1L
+
+#define SN_ad_ca_issuers		"caIssuers"
+#define LN_ad_ca_issuers		"CA Issuers"
+#define NID_ad_ca_issuers		179
+#define OBJ_ad_ca_issuers		OBJ_id_ad,2L
+
+#define SN_ad_timeStamping		"ad_timestamping"
+#define LN_ad_timeStamping		"AD Time Stamping"
+#define NID_ad_timeStamping		363
+#define OBJ_ad_timeStamping		OBJ_id_ad,3L
+
+#define SN_ad_dvcs		"AD_DVCS"
+#define LN_ad_dvcs		"ad dvcs"
+#define NID_ad_dvcs		364
+#define OBJ_ad_dvcs		OBJ_id_ad,4L
+
+#define OBJ_id_pkix_OCSP		OBJ_ad_OCSP
+
+#define SN_id_pkix_OCSP_basic		"basicOCSPResponse"
+#define LN_id_pkix_OCSP_basic		"Basic OCSP Response"
+#define NID_id_pkix_OCSP_basic		365
+#define OBJ_id_pkix_OCSP_basic		OBJ_id_pkix_OCSP,1L
+
+#define SN_id_pkix_OCSP_Nonce		"Nonce"
+#define LN_id_pkix_OCSP_Nonce		"OCSP Nonce"
+#define NID_id_pkix_OCSP_Nonce		366
+#define OBJ_id_pkix_OCSP_Nonce		OBJ_id_pkix_OCSP,2L
+
+#define SN_id_pkix_OCSP_CrlID		"CrlID"
+#define LN_id_pkix_OCSP_CrlID		"OCSP CRL ID"
+#define NID_id_pkix_OCSP_CrlID		367
+#define OBJ_id_pkix_OCSP_CrlID		OBJ_id_pkix_OCSP,3L
+
+#define SN_id_pkix_OCSP_acceptableResponses		"acceptableResponses"
+#define LN_id_pkix_OCSP_acceptableResponses		"Acceptable OCSP Responses"
+#define NID_id_pkix_OCSP_acceptableResponses		368
+#define OBJ_id_pkix_OCSP_acceptableResponses		OBJ_id_pkix_OCSP,4L
+
+#define SN_id_pkix_OCSP_noCheck		"noCheck"
+#define LN_id_pkix_OCSP_noCheck		"OCSP No Check"
+#define NID_id_pkix_OCSP_noCheck		369
+#define OBJ_id_pkix_OCSP_noCheck		OBJ_id_pkix_OCSP,5L
+
+#define SN_id_pkix_OCSP_archiveCutoff		"archiveCutoff"
+#define LN_id_pkix_OCSP_archiveCutoff		"OCSP Archive Cutoff"
+#define NID_id_pkix_OCSP_archiveCutoff		370
+#define OBJ_id_pkix_OCSP_archiveCutoff		OBJ_id_pkix_OCSP,6L
+
+#define SN_id_pkix_OCSP_serviceLocator		"serviceLocator"
+#define LN_id_pkix_OCSP_serviceLocator		"OCSP Service Locator"
+#define NID_id_pkix_OCSP_serviceLocator		371
+#define OBJ_id_pkix_OCSP_serviceLocator		OBJ_id_pkix_OCSP,7L
+
+#define SN_id_pkix_OCSP_extendedStatus		"extendedStatus"
+#define LN_id_pkix_OCSP_extendedStatus		"Extended OCSP Status"
+#define NID_id_pkix_OCSP_extendedStatus		372
+#define OBJ_id_pkix_OCSP_extendedStatus		OBJ_id_pkix_OCSP,8L
+
+#define SN_id_pkix_OCSP_valid		"valid"
+#define NID_id_pkix_OCSP_valid		373
+#define OBJ_id_pkix_OCSP_valid		OBJ_id_pkix_OCSP,9L
+
+#define SN_id_pkix_OCSP_path		"path"
+#define NID_id_pkix_OCSP_path		374
+#define OBJ_id_pkix_OCSP_path		OBJ_id_pkix_OCSP,10L
+
+#define SN_id_pkix_OCSP_trustRoot		"trustRoot"
+#define LN_id_pkix_OCSP_trustRoot		"Trust Root"
+#define NID_id_pkix_OCSP_trustRoot		375
+#define OBJ_id_pkix_OCSP_trustRoot		OBJ_id_pkix_OCSP,11L
+
+#define SN_algorithm		"algorithm"
+#define LN_algorithm		"algorithm"
+#define NID_algorithm		376
+#define OBJ_algorithm		1L,3L,14L,3L,2L
+
+#define SN_md5WithRSA		"RSA-NP-MD5"
+#define LN_md5WithRSA		"md5WithRSA"
+#define NID_md5WithRSA		104
+#define OBJ_md5WithRSA		OBJ_algorithm,3L
+
+#define SN_des_ecb		"DES-ECB"
+#define LN_des_ecb		"des-ecb"
+#define NID_des_ecb		29
+#define OBJ_des_ecb		OBJ_algorithm,6L
+
+#define SN_des_cbc		"DES-CBC"
+#define LN_des_cbc		"des-cbc"
+#define NID_des_cbc		31
+#define OBJ_des_cbc		OBJ_algorithm,7L
+
+#define SN_des_ofb64		"DES-OFB"
+#define LN_des_ofb64		"des-ofb"
+#define NID_des_ofb64		45
+#define OBJ_des_ofb64		OBJ_algorithm,8L
+
+#define SN_des_cfb64		"DES-CFB"
+#define LN_des_cfb64		"des-cfb"
+#define NID_des_cfb64		30
+#define OBJ_des_cfb64		OBJ_algorithm,9L
+
+#define SN_rsaSignature		"rsaSignature"
+#define NID_rsaSignature		377
+#define OBJ_rsaSignature		OBJ_algorithm,11L
+
+#define SN_dsa_2		"DSA-old"
+#define LN_dsa_2		"dsaEncryption-old"
+#define NID_dsa_2		67
+#define OBJ_dsa_2		OBJ_algorithm,12L
+
+#define SN_dsaWithSHA		"DSA-SHA"
+#define LN_dsaWithSHA		"dsaWithSHA"
+#define NID_dsaWithSHA		66
+#define OBJ_dsaWithSHA		OBJ_algorithm,13L
+
+#define SN_shaWithRSAEncryption		"RSA-SHA"
+#define LN_shaWithRSAEncryption		"shaWithRSAEncryption"
+#define NID_shaWithRSAEncryption		42
+#define OBJ_shaWithRSAEncryption		OBJ_algorithm,15L
+
+#define SN_des_ede_ecb		"DES-EDE"
+#define LN_des_ede_ecb		"des-ede"
+#define NID_des_ede_ecb		32
+#define OBJ_des_ede_ecb		OBJ_algorithm,17L
+
+#define SN_des_ede3_ecb		"DES-EDE3"
+#define LN_des_ede3_ecb		"des-ede3"
+#define NID_des_ede3_ecb		33
+
+#define SN_des_ede_cbc		"DES-EDE-CBC"
+#define LN_des_ede_cbc		"des-ede-cbc"
+#define NID_des_ede_cbc		43
+
+#define SN_des_ede_cfb64		"DES-EDE-CFB"
+#define LN_des_ede_cfb64		"des-ede-cfb"
+#define NID_des_ede_cfb64		60
+
+#define SN_des_ede3_cfb64		"DES-EDE3-CFB"
+#define LN_des_ede3_cfb64		"des-ede3-cfb"
+#define NID_des_ede3_cfb64		61
+
+#define SN_des_ede_ofb64		"DES-EDE-OFB"
+#define LN_des_ede_ofb64		"des-ede-ofb"
+#define NID_des_ede_ofb64		62
+
+#define SN_des_ede3_ofb64		"DES-EDE3-OFB"
+#define LN_des_ede3_ofb64		"des-ede3-ofb"
+#define NID_des_ede3_ofb64		63
+
+#define SN_desx_cbc		"DESX-CBC"
+#define LN_desx_cbc		"desx-cbc"
+#define NID_desx_cbc		80
+
+#define SN_sha		"SHA"
+#define LN_sha		"sha"
+#define NID_sha		41
+#define OBJ_sha		OBJ_algorithm,18L
+
+#define SN_sha1		"SHA1"
+#define LN_sha1		"sha1"
+#define NID_sha1		64
+#define OBJ_sha1		OBJ_algorithm,26L
+
+#define SN_dsaWithSHA1_2		"DSA-SHA1-old"
+#define LN_dsaWithSHA1_2		"dsaWithSHA1-old"
+#define NID_dsaWithSHA1_2		70
+#define OBJ_dsaWithSHA1_2		OBJ_algorithm,27L
+
+#define SN_sha1WithRSA		"RSA-SHA1-2"
+#define LN_sha1WithRSA		"sha1WithRSA"
+#define NID_sha1WithRSA		115
+#define OBJ_sha1WithRSA		OBJ_algorithm,29L
+
+#define SN_ripemd160		"RIPEMD160"
+#define LN_ripemd160		"ripemd160"
+#define NID_ripemd160		117
+#define OBJ_ripemd160		1L,3L,36L,3L,2L,1L
+
+#define SN_ripemd160WithRSA		"RSA-RIPEMD160"
+#define LN_ripemd160WithRSA		"ripemd160WithRSA"
+#define NID_ripemd160WithRSA		119
+#define OBJ_ripemd160WithRSA		1L,3L,36L,3L,3L,1L,2L
+
+#define SN_sxnet		"SXNetID"
+#define LN_sxnet		"Strong Extranet ID"
+#define NID_sxnet		143
+#define OBJ_sxnet		1L,3L,101L,1L,4L,1L
+
+#define SN_X500		"X500"
+#define LN_X500		"directory services (X.500)"
+#define NID_X500		11
+#define OBJ_X500		2L,5L
+
+#define SN_X509		"X509"
+#define NID_X509		12
+#define OBJ_X509		OBJ_X500,4L
+
+#define SN_commonName		"CN"
+#define LN_commonName		"commonName"
+#define NID_commonName		13
+#define OBJ_commonName		OBJ_X509,3L
+
+#define SN_surname		"SN"
+#define LN_surname		"surname"
+#define NID_surname		100
+#define OBJ_surname		OBJ_X509,4L
+
+#define LN_serialNumber		"serialNumber"
+#define NID_serialNumber		105
+#define OBJ_serialNumber		OBJ_X509,5L
+
+#define SN_countryName		"C"
+#define LN_countryName		"countryName"
+#define NID_countryName		14
+#define OBJ_countryName		OBJ_X509,6L
+
+#define SN_localityName		"L"
+#define LN_localityName		"localityName"
+#define NID_localityName		15
+#define OBJ_localityName		OBJ_X509,7L
+
+#define SN_stateOrProvinceName		"ST"
+#define LN_stateOrProvinceName		"stateOrProvinceName"
+#define NID_stateOrProvinceName		16
+#define OBJ_stateOrProvinceName		OBJ_X509,8L
+
+#define SN_organizationName		"O"
+#define LN_organizationName		"organizationName"
+#define NID_organizationName		17
+#define OBJ_organizationName		OBJ_X509,10L
+
+#define SN_organizationalUnitName		"OU"
+#define LN_organizationalUnitName		"organizationalUnitName"
+#define NID_organizationalUnitName		18
+#define OBJ_organizationalUnitName		OBJ_X509,11L
+
+#define LN_title		"title"
+#define NID_title		106
+#define OBJ_title		OBJ_X509,12L
+
+#define LN_description		"description"
+#define NID_description		107
+#define OBJ_description		OBJ_X509,13L
+
+#define SN_name		"name"
+#define LN_name		"name"
+#define NID_name		173
+#define OBJ_name		OBJ_X509,41L
+
+#define SN_givenName		"gn"
+#define LN_givenName		"givenName"
+#define NID_givenName		99
+#define OBJ_givenName		OBJ_X509,42L
+
+#define LN_initials		"initials"
+#define NID_initials		101
+#define OBJ_initials		OBJ_X509,43L
+
+#define LN_generationQualifier		"generationQualifier"
+#define NID_generationQualifier		574
+#define OBJ_generationQualifier		OBJ_X509,44L
+
+#define LN_x500UniqueIdentifier		"x500UniqueIdentifier"
+#define NID_x500UniqueIdentifier		568
+#define OBJ_x500UniqueIdentifier		OBJ_X509,45L
+
+#define SN_dnQualifier		"dnQualifier"
+#define LN_dnQualifier		"dnQualifier"
+#define NID_dnQualifier		174
+#define OBJ_dnQualifier		OBJ_X509,46L
+
+#define LN_pseudonym		"pseudonym"
+#define NID_pseudonym		575
+#define OBJ_pseudonym		OBJ_X509,65L
+
+#define SN_role		"role"
+#define LN_role		"role"
+#define NID_role		400
+#define OBJ_role		OBJ_X509,72L
+
+#define SN_X500algorithms		"X500algorithms"
+#define LN_X500algorithms		"directory services - algorithms"
+#define NID_X500algorithms		378
+#define OBJ_X500algorithms		OBJ_X500,8L
+
+#define SN_rsa		"RSA"
+#define LN_rsa		"rsa"
+#define NID_rsa		19
+#define OBJ_rsa		OBJ_X500algorithms,1L,1L
+
+#define SN_mdc2WithRSA		"RSA-MDC2"
+#define LN_mdc2WithRSA		"mdc2WithRSA"
+#define NID_mdc2WithRSA		96
+#define OBJ_mdc2WithRSA		OBJ_X500algorithms,3L,100L
+
+#define SN_mdc2		"MDC2"
+#define LN_mdc2		"mdc2"
+#define NID_mdc2		95
+#define OBJ_mdc2		OBJ_X500algorithms,3L,101L
+
+#define SN_id_ce		"id-ce"
+#define NID_id_ce		81
+#define OBJ_id_ce		OBJ_X500,29L
+
+#define SN_subject_key_identifier		"subjectKeyIdentifier"
+#define LN_subject_key_identifier		"X509v3 Subject Key Identifier"
+#define NID_subject_key_identifier		82
+#define OBJ_subject_key_identifier		OBJ_id_ce,14L
+
+#define SN_key_usage		"keyUsage"
+#define LN_key_usage		"X509v3 Key Usage"
+#define NID_key_usage		83
+#define OBJ_key_usage		OBJ_id_ce,15L
+
+#define SN_private_key_usage_period		"privateKeyUsagePeriod"
+#define LN_private_key_usage_period		"X509v3 Private Key Usage Period"
+#define NID_private_key_usage_period		84
+#define OBJ_private_key_usage_period		OBJ_id_ce,16L
+
+#define SN_subject_alt_name		"subjectAltName"
+#define LN_subject_alt_name		"X509v3 Subject Alternative Name"
+#define NID_subject_alt_name		85
+#define OBJ_subject_alt_name		OBJ_id_ce,17L
+
+#define SN_issuer_alt_name		"issuerAltName"
+#define LN_issuer_alt_name		"X509v3 Issuer Alternative Name"
+#define NID_issuer_alt_name		86
+#define OBJ_issuer_alt_name		OBJ_id_ce,18L
+
+#define SN_basic_constraints		"basicConstraints"
+#define LN_basic_constraints		"X509v3 Basic Constraints"
+#define NID_basic_constraints		87
+#define OBJ_basic_constraints		OBJ_id_ce,19L
+
+#define SN_crl_number		"crlNumber"
+#define LN_crl_number		"X509v3 CRL Number"
+#define NID_crl_number		88
+#define OBJ_crl_number		OBJ_id_ce,20L
+
+#define SN_crl_reason		"CRLReason"
+#define LN_crl_reason		"X509v3 CRL Reason Code"
+#define NID_crl_reason		141
+#define OBJ_crl_reason		OBJ_id_ce,21L
+
+#define SN_invalidity_date		"invalidityDate"
+#define LN_invalidity_date		"Invalidity Date"
+#define NID_invalidity_date		142
+#define OBJ_invalidity_date		OBJ_id_ce,24L
+
+#define SN_delta_crl		"deltaCRL"
+#define LN_delta_crl		"X509v3 Delta CRL Indicator"
+#define NID_delta_crl		140
+#define OBJ_delta_crl		OBJ_id_ce,27L
+
+#define SN_crl_distribution_points		"crlDistributionPoints"
+#define LN_crl_distribution_points		"X509v3 CRL Distribution Points"
+#define NID_crl_distribution_points		103
+#define OBJ_crl_distribution_points		OBJ_id_ce,31L
+
+#define SN_certificate_policies		"certificatePolicies"
+#define LN_certificate_policies		"X509v3 Certificate Policies"
+#define NID_certificate_policies		89
+#define OBJ_certificate_policies		OBJ_id_ce,32L
+
+#define SN_authority_key_identifier		"authorityKeyIdentifier"
+#define LN_authority_key_identifier		"X509v3 Authority Key Identifier"
+#define NID_authority_key_identifier		90
+#define OBJ_authority_key_identifier		OBJ_id_ce,35L
+
+#define SN_policy_constraints		"policyConstraints"
+#define LN_policy_constraints		"X509v3 Policy Constraints"
+#define NID_policy_constraints		401
+#define OBJ_policy_constraints		OBJ_id_ce,36L
+
+#define SN_ext_key_usage		"extendedKeyUsage"
+#define LN_ext_key_usage		"X509v3 Extended Key Usage"
+#define NID_ext_key_usage		126
+#define OBJ_ext_key_usage		OBJ_id_ce,37L
+
+#define SN_target_information		"targetInformation"
+#define LN_target_information		"X509v3 AC Targeting"
+#define NID_target_information		402
+#define OBJ_target_information		OBJ_id_ce,55L
+
+#define SN_no_rev_avail		"noRevAvail"
+#define LN_no_rev_avail		"X509v3 No Revocation Available"
+#define NID_no_rev_avail		403
+#define OBJ_no_rev_avail		OBJ_id_ce,56L
+
+#define SN_netscape		"Netscape"
+#define LN_netscape		"Netscape Communications Corp."
+#define NID_netscape		57
+#define OBJ_netscape		2L,16L,840L,1L,113730L
+
+#define SN_netscape_cert_extension		"nsCertExt"
+#define LN_netscape_cert_extension		"Netscape Certificate Extension"
+#define NID_netscape_cert_extension		58
+#define OBJ_netscape_cert_extension		OBJ_netscape,1L
+
+#define SN_netscape_data_type		"nsDataType"
+#define LN_netscape_data_type		"Netscape Data Type"
+#define NID_netscape_data_type		59
+#define OBJ_netscape_data_type		OBJ_netscape,2L
+
+#define SN_netscape_cert_type		"nsCertType"
+#define LN_netscape_cert_type		"Netscape Cert Type"
+#define NID_netscape_cert_type		71
+#define OBJ_netscape_cert_type		OBJ_netscape_cert_extension,1L
+
+#define SN_netscape_base_url		"nsBaseUrl"
+#define LN_netscape_base_url		"Netscape Base Url"
+#define NID_netscape_base_url		72
+#define OBJ_netscape_base_url		OBJ_netscape_cert_extension,2L
+
+#define SN_netscape_revocation_url		"nsRevocationUrl"
+#define LN_netscape_revocation_url		"Netscape Revocation Url"
+#define NID_netscape_revocation_url		73
+#define OBJ_netscape_revocation_url		OBJ_netscape_cert_extension,3L
+
+#define SN_netscape_ca_revocation_url		"nsCaRevocationUrl"
+#define LN_netscape_ca_revocation_url		"Netscape CA Revocation Url"
+#define NID_netscape_ca_revocation_url		74
+#define OBJ_netscape_ca_revocation_url		OBJ_netscape_cert_extension,4L
+
+#define SN_netscape_renewal_url		"nsRenewalUrl"
+#define LN_netscape_renewal_url		"Netscape Renewal Url"
+#define NID_netscape_renewal_url		75
+#define OBJ_netscape_renewal_url		OBJ_netscape_cert_extension,7L
+
+#define SN_netscape_ca_policy_url		"nsCaPolicyUrl"
+#define LN_netscape_ca_policy_url		"Netscape CA Policy Url"
+#define NID_netscape_ca_policy_url		76
+#define OBJ_netscape_ca_policy_url		OBJ_netscape_cert_extension,8L
+
+#define SN_netscape_ssl_server_name		"nsSslServerName"
+#define LN_netscape_ssl_server_name		"Netscape SSL Server Name"
+#define NID_netscape_ssl_server_name		77
+#define OBJ_netscape_ssl_server_name		OBJ_netscape_cert_extension,12L
+
+#define SN_netscape_comment		"nsComment"
+#define LN_netscape_comment		"Netscape Comment"
+#define NID_netscape_comment		78
+#define OBJ_netscape_comment		OBJ_netscape_cert_extension,13L
+
+#define SN_netscape_cert_sequence		"nsCertSequence"
+#define LN_netscape_cert_sequence		"Netscape Certificate Sequence"
+#define NID_netscape_cert_sequence		79
+#define OBJ_netscape_cert_sequence		OBJ_netscape_data_type,5L
+
+#define SN_ns_sgc		"nsSGC"
+#define LN_ns_sgc		"Netscape Server Gated Crypto"
+#define NID_ns_sgc		139
+#define OBJ_ns_sgc		OBJ_netscape,4L,1L
+
+#define SN_org		"ORG"
+#define LN_org		"org"
+#define NID_org		379
+#define OBJ_org		OBJ_iso,3L
+
+#define SN_dod		"DOD"
+#define LN_dod		"dod"
+#define NID_dod		380
+#define OBJ_dod		OBJ_org,6L
+
+#define SN_iana		"IANA"
+#define LN_iana		"iana"
+#define NID_iana		381
+#define OBJ_iana		OBJ_dod,1L
+
+#define OBJ_internet		OBJ_iana
+
+#define SN_Directory		"directory"
+#define LN_Directory		"Directory"
+#define NID_Directory		382
+#define OBJ_Directory		OBJ_internet,1L
+
+#define SN_Management		"mgmt"
+#define LN_Management		"Management"
+#define NID_Management		383
+#define OBJ_Management		OBJ_internet,2L
+
+#define SN_Experimental		"experimental"
+#define LN_Experimental		"Experimental"
+#define NID_Experimental		384
+#define OBJ_Experimental		OBJ_internet,3L
+
+#define SN_Private		"private"
+#define LN_Private		"Private"
+#define NID_Private		385
+#define OBJ_Private		OBJ_internet,4L
+
+#define SN_Security		"security"
+#define LN_Security		"Security"
+#define NID_Security		386
+#define OBJ_Security		OBJ_internet,5L
+
+#define SN_SNMPv2		"snmpv2"
+#define LN_SNMPv2		"SNMPv2"
+#define NID_SNMPv2		387
+#define OBJ_SNMPv2		OBJ_internet,6L
+
+#define LN_Mail		"Mail"
+#define NID_Mail		388
+#define OBJ_Mail		OBJ_internet,7L
+
+#define SN_Enterprises		"enterprises"
+#define LN_Enterprises		"Enterprises"
+#define NID_Enterprises		389
+#define OBJ_Enterprises		OBJ_Private,1L
+
+#define SN_dcObject		"dcobject"
+#define LN_dcObject		"dcObject"
+#define NID_dcObject		390
+#define OBJ_dcObject		OBJ_Enterprises,1466L,344L
+
+#define SN_mime_mhs		"mime-mhs"
+#define LN_mime_mhs		"MIME MHS"
+#define NID_mime_mhs		569
+#define OBJ_mime_mhs		OBJ_Mail,1L
+
+#define SN_mime_mhs_headings		"mime-mhs-headings"
+#define LN_mime_mhs_headings		"mime-mhs-headings"
+#define NID_mime_mhs_headings		570
+#define OBJ_mime_mhs_headings		OBJ_mime_mhs,1L
+
+#define SN_mime_mhs_bodies		"mime-mhs-bodies"
+#define LN_mime_mhs_bodies		"mime-mhs-bodies"
+#define NID_mime_mhs_bodies		571
+#define OBJ_mime_mhs_bodies		OBJ_mime_mhs,2L
+
+#define SN_id_hex_partial_message		"id-hex-partial-message"
+#define LN_id_hex_partial_message		"id-hex-partial-message"
+#define NID_id_hex_partial_message		572
+#define OBJ_id_hex_partial_message		OBJ_mime_mhs_headings,1L
+
+#define SN_id_hex_multipart_message		"id-hex-multipart-message"
+#define LN_id_hex_multipart_message		"id-hex-multipart-message"
+#define NID_id_hex_multipart_message		573
+#define OBJ_id_hex_multipart_message		OBJ_mime_mhs_headings,2L
+
+#define SN_rle_compression		"RLE"
+#define LN_rle_compression		"run length compression"
+#define NID_rle_compression		124
+#define OBJ_rle_compression		1L,1L,1L,1L,666L,1L
+
+#define SN_zlib_compression		"ZLIB"
+#define LN_zlib_compression		"zlib compression"
+#define NID_zlib_compression		125
+#define OBJ_zlib_compression		1L,1L,1L,1L,666L,2L
+
+#define OBJ_csor		2L,16L,840L,1L,101L,3L
+
+#define OBJ_nistAlgorithms		OBJ_csor,4L
+
+#define OBJ_aes		OBJ_nistAlgorithms,1L
+
+#define SN_aes_128_ecb		"AES-128-ECB"
+#define LN_aes_128_ecb		"aes-128-ecb"
+#define NID_aes_128_ecb		418
+#define OBJ_aes_128_ecb		OBJ_aes,1L
+
+#define SN_aes_128_cbc		"AES-128-CBC"
+#define LN_aes_128_cbc		"aes-128-cbc"
+#define NID_aes_128_cbc		419
+#define OBJ_aes_128_cbc		OBJ_aes,2L
+
+#define SN_aes_128_ofb128		"AES-128-OFB"
+#define LN_aes_128_ofb128		"aes-128-ofb"
+#define NID_aes_128_ofb128		420
+#define OBJ_aes_128_ofb128		OBJ_aes,3L
+
+#define SN_aes_128_cfb128		"AES-128-CFB"
+#define LN_aes_128_cfb128		"aes-128-cfb"
+#define NID_aes_128_cfb128		421
+#define OBJ_aes_128_cfb128		OBJ_aes,4L
+
+#define SN_aes_192_ecb		"AES-192-ECB"
+#define LN_aes_192_ecb		"aes-192-ecb"
+#define NID_aes_192_ecb		422
+#define OBJ_aes_192_ecb		OBJ_aes,21L
+
+#define SN_aes_192_cbc		"AES-192-CBC"
+#define LN_aes_192_cbc		"aes-192-cbc"
+#define NID_aes_192_cbc		423
+#define OBJ_aes_192_cbc		OBJ_aes,22L
+
+#define SN_aes_192_ofb128		"AES-192-OFB"
+#define LN_aes_192_ofb128		"aes-192-ofb"
+#define NID_aes_192_ofb128		424
+#define OBJ_aes_192_ofb128		OBJ_aes,23L
+
+#define SN_aes_192_cfb128		"AES-192-CFB"
+#define LN_aes_192_cfb128		"aes-192-cfb"
+#define NID_aes_192_cfb128		425
+#define OBJ_aes_192_cfb128		OBJ_aes,24L
+
+#define SN_aes_256_ecb		"AES-256-ECB"
+#define LN_aes_256_ecb		"aes-256-ecb"
+#define NID_aes_256_ecb		426
+#define OBJ_aes_256_ecb		OBJ_aes,41L
+
+#define SN_aes_256_cbc		"AES-256-CBC"
+#define LN_aes_256_cbc		"aes-256-cbc"
+#define NID_aes_256_cbc		427
+#define OBJ_aes_256_cbc		OBJ_aes,42L
+
+#define SN_aes_256_ofb128		"AES-256-OFB"
+#define LN_aes_256_ofb128		"aes-256-ofb"
+#define NID_aes_256_ofb128		428
+#define OBJ_aes_256_ofb128		OBJ_aes,43L
+
+#define SN_aes_256_cfb128		"AES-256-CFB"
+#define LN_aes_256_cfb128		"aes-256-cfb"
+#define NID_aes_256_cfb128		429
+#define OBJ_aes_256_cfb128		OBJ_aes,44L
+
+#define SN_hold_instruction_code		"holdInstructionCode"
+#define LN_hold_instruction_code		"Hold Instruction Code"
+#define NID_hold_instruction_code		430
+#define OBJ_hold_instruction_code		OBJ_id_ce,23L
+
+#define OBJ_holdInstruction		OBJ_X9_57,2L
+
+#define SN_hold_instruction_none		"holdInstructionNone"
+#define LN_hold_instruction_none		"Hold Instruction None"
+#define NID_hold_instruction_none		431
+#define OBJ_hold_instruction_none		OBJ_holdInstruction,1L
+
+#define SN_hold_instruction_call_issuer		"holdInstructionCallIssuer"
+#define LN_hold_instruction_call_issuer		"Hold Instruction Call Issuer"
+#define NID_hold_instruction_call_issuer		432
+#define OBJ_hold_instruction_call_issuer		OBJ_holdInstruction,2L
+
+#define SN_hold_instruction_reject		"holdInstructionReject"
+#define LN_hold_instruction_reject		"Hold Instruction Reject"
+#define NID_hold_instruction_reject		433
+#define OBJ_hold_instruction_reject		OBJ_holdInstruction,3L
+
+#define SN_data		"data"
+#define NID_data		434
+#define OBJ_data		OBJ_ccitt,9L
+
+#define SN_pss		"pss"
+#define NID_pss		435
+#define OBJ_pss		OBJ_data,2342L
+
+#define SN_ucl		"ucl"
+#define NID_ucl		436
+#define OBJ_ucl		OBJ_pss,19200300L
+
+#define SN_pilot		"pilot"
+#define NID_pilot		437
+#define OBJ_pilot		OBJ_ucl,100L
+
+#define LN_pilotAttributeType		"pilotAttributeType"
+#define NID_pilotAttributeType		438
+#define OBJ_pilotAttributeType		OBJ_pilot,1L
+
+#define LN_pilotAttributeSyntax		"pilotAttributeSyntax"
+#define NID_pilotAttributeSyntax		439
+#define OBJ_pilotAttributeSyntax		OBJ_pilot,3L
+
+#define LN_pilotObjectClass		"pilotObjectClass"
+#define NID_pilotObjectClass		440
+#define OBJ_pilotObjectClass		OBJ_pilot,4L
+
+#define LN_pilotGroups		"pilotGroups"
+#define NID_pilotGroups		441
+#define OBJ_pilotGroups		OBJ_pilot,10L
+
+#define LN_iA5StringSyntax		"iA5StringSyntax"
+#define NID_iA5StringSyntax		442
+#define OBJ_iA5StringSyntax		OBJ_pilotAttributeSyntax,4L
+
+#define LN_caseIgnoreIA5StringSyntax		"caseIgnoreIA5StringSyntax"
+#define NID_caseIgnoreIA5StringSyntax		443
+#define OBJ_caseIgnoreIA5StringSyntax		OBJ_pilotAttributeSyntax,5L
+
+#define LN_pilotObject		"pilotObject"
+#define NID_pilotObject		444
+#define OBJ_pilotObject		OBJ_pilotObjectClass,3L
+
+#define LN_pilotPerson		"pilotPerson"
+#define NID_pilotPerson		445
+#define OBJ_pilotPerson		OBJ_pilotObjectClass,4L
+
+#define SN_account		"account"
+#define NID_account		446
+#define OBJ_account		OBJ_pilotObjectClass,5L
+
+#define SN_document		"document"
+#define NID_document		447
+#define OBJ_document		OBJ_pilotObjectClass,6L
+
+#define SN_room		"room"
+#define NID_room		448
+#define OBJ_room		OBJ_pilotObjectClass,7L
+
+#define LN_documentSeries		"documentSeries"
+#define NID_documentSeries		449
+#define OBJ_documentSeries		OBJ_pilotObjectClass,9L
+
+#define SN_Domain		"domain"
+#define LN_Domain		"Domain"
+#define NID_Domain		392
+#define OBJ_Domain		OBJ_pilotObjectClass,13L
+
+#define LN_rFC822localPart		"rFC822localPart"
+#define NID_rFC822localPart		450
+#define OBJ_rFC822localPart		OBJ_pilotObjectClass,14L
+
+#define LN_dNSDomain		"dNSDomain"
+#define NID_dNSDomain		451
+#define OBJ_dNSDomain		OBJ_pilotObjectClass,15L
+
+#define LN_domainRelatedObject		"domainRelatedObject"
+#define NID_domainRelatedObject		452
+#define OBJ_domainRelatedObject		OBJ_pilotObjectClass,17L
+
+#define LN_friendlyCountry		"friendlyCountry"
+#define NID_friendlyCountry		453
+#define OBJ_friendlyCountry		OBJ_pilotObjectClass,18L
+
+#define LN_simpleSecurityObject		"simpleSecurityObject"
+#define NID_simpleSecurityObject		454
+#define OBJ_simpleSecurityObject		OBJ_pilotObjectClass,19L
+
+#define LN_pilotOrganization		"pilotOrganization"
+#define NID_pilotOrganization		455
+#define OBJ_pilotOrganization		OBJ_pilotObjectClass,20L
+
+#define LN_pilotDSA		"pilotDSA"
+#define NID_pilotDSA		456
+#define OBJ_pilotDSA		OBJ_pilotObjectClass,21L
+
+#define LN_qualityLabelledData		"qualityLabelledData"
+#define NID_qualityLabelledData		457
+#define OBJ_qualityLabelledData		OBJ_pilotObjectClass,22L
+
+#define SN_userId		"UID"
+#define LN_userId		"userId"
+#define NID_userId		458
+#define OBJ_userId		OBJ_pilotAttributeType,1L
+
+#define LN_textEncodedORAddress		"textEncodedORAddress"
+#define NID_textEncodedORAddress		459
+#define OBJ_textEncodedORAddress		OBJ_pilotAttributeType,2L
+
+#define SN_rfc822Mailbox		"mail"
+#define LN_rfc822Mailbox		"rfc822Mailbox"
+#define NID_rfc822Mailbox		460
+#define OBJ_rfc822Mailbox		OBJ_pilotAttributeType,3L
+
+#define SN_info		"info"
+#define NID_info		461
+#define OBJ_info		OBJ_pilotAttributeType,4L
+
+#define LN_favouriteDrink		"favouriteDrink"
+#define NID_favouriteDrink		462
+#define OBJ_favouriteDrink		OBJ_pilotAttributeType,5L
+
+#define LN_roomNumber		"roomNumber"
+#define NID_roomNumber		463
+#define OBJ_roomNumber		OBJ_pilotAttributeType,6L
+
+#define SN_photo		"photo"
+#define NID_photo		464
+#define OBJ_photo		OBJ_pilotAttributeType,7L
+
+#define LN_userClass		"userClass"
+#define NID_userClass		465
+#define OBJ_userClass		OBJ_pilotAttributeType,8L
+
+#define SN_host		"host"
+#define NID_host		466
+#define OBJ_host		OBJ_pilotAttributeType,9L
+
+#define SN_manager		"manager"
+#define NID_manager		467
+#define OBJ_manager		OBJ_pilotAttributeType,10L
+
+#define LN_documentIdentifier		"documentIdentifier"
+#define NID_documentIdentifier		468
+#define OBJ_documentIdentifier		OBJ_pilotAttributeType,11L
+
+#define LN_documentTitle		"documentTitle"
+#define NID_documentTitle		469
+#define OBJ_documentTitle		OBJ_pilotAttributeType,12L
+
+#define LN_documentVersion		"documentVersion"
+#define NID_documentVersion		470
+#define OBJ_documentVersion		OBJ_pilotAttributeType,13L
+
+#define LN_documentAuthor		"documentAuthor"
+#define NID_documentAuthor		471
+#define OBJ_documentAuthor		OBJ_pilotAttributeType,14L
+
+#define LN_documentLocation		"documentLocation"
+#define NID_documentLocation		472
+#define OBJ_documentLocation		OBJ_pilotAttributeType,15L
+
+#define LN_homeTelephoneNumber		"homeTelephoneNumber"
+#define NID_homeTelephoneNumber		473
+#define OBJ_homeTelephoneNumber		OBJ_pilotAttributeType,20L
+
+#define SN_secretary		"secretary"
+#define NID_secretary		474
+#define OBJ_secretary		OBJ_pilotAttributeType,21L
+
+#define LN_otherMailbox		"otherMailbox"
+#define NID_otherMailbox		475
+#define OBJ_otherMailbox		OBJ_pilotAttributeType,22L
+
+#define LN_lastModifiedTime		"lastModifiedTime"
+#define NID_lastModifiedTime		476
+#define OBJ_lastModifiedTime		OBJ_pilotAttributeType,23L
+
+#define LN_lastModifiedBy		"lastModifiedBy"
+#define NID_lastModifiedBy		477
+#define OBJ_lastModifiedBy		OBJ_pilotAttributeType,24L
+
+#define SN_domainComponent		"DC"
+#define LN_domainComponent		"domainComponent"
+#define NID_domainComponent		391
+#define OBJ_domainComponent		OBJ_pilotAttributeType,25L
+
+#define LN_aRecord		"aRecord"
+#define NID_aRecord		478
+#define OBJ_aRecord		OBJ_pilotAttributeType,26L
+
+#define LN_pilotAttributeType27		"pilotAttributeType27"
+#define NID_pilotAttributeType27		479
+#define OBJ_pilotAttributeType27		OBJ_pilotAttributeType,27L
+
+#define LN_mXRecord		"mXRecord"
+#define NID_mXRecord		480
+#define OBJ_mXRecord		OBJ_pilotAttributeType,28L
+
+#define LN_nSRecord		"nSRecord"
+#define NID_nSRecord		481
+#define OBJ_nSRecord		OBJ_pilotAttributeType,29L
+
+#define LN_sOARecord		"sOARecord"
+#define NID_sOARecord		482
+#define OBJ_sOARecord		OBJ_pilotAttributeType,30L
+
+#define LN_cNAMERecord		"cNAMERecord"
+#define NID_cNAMERecord		483
+#define OBJ_cNAMERecord		OBJ_pilotAttributeType,31L
+
+#define LN_associatedDomain		"associatedDomain"
+#define NID_associatedDomain		484
+#define OBJ_associatedDomain		OBJ_pilotAttributeType,37L
+
+#define LN_associatedName		"associatedName"
+#define NID_associatedName		485
+#define OBJ_associatedName		OBJ_pilotAttributeType,38L
+
+#define LN_homePostalAddress		"homePostalAddress"
+#define NID_homePostalAddress		486
+#define OBJ_homePostalAddress		OBJ_pilotAttributeType,39L
+
+#define LN_personalTitle		"personalTitle"
+#define NID_personalTitle		487
+#define OBJ_personalTitle		OBJ_pilotAttributeType,40L
+
+#define LN_mobileTelephoneNumber		"mobileTelephoneNumber"
+#define NID_mobileTelephoneNumber		488
+#define OBJ_mobileTelephoneNumber		OBJ_pilotAttributeType,41L
+
+#define LN_pagerTelephoneNumber		"pagerTelephoneNumber"
+#define NID_pagerTelephoneNumber		489
+#define OBJ_pagerTelephoneNumber		OBJ_pilotAttributeType,42L
+
+#define LN_friendlyCountryName		"friendlyCountryName"
+#define NID_friendlyCountryName		490
+#define OBJ_friendlyCountryName		OBJ_pilotAttributeType,43L
+
+#define LN_organizationalStatus		"organizationalStatus"
+#define NID_organizationalStatus		491
+#define OBJ_organizationalStatus		OBJ_pilotAttributeType,45L
+
+#define LN_janetMailbox		"janetMailbox"
+#define NID_janetMailbox		492
+#define OBJ_janetMailbox		OBJ_pilotAttributeType,46L
+
+#define LN_mailPreferenceOption		"mailPreferenceOption"
+#define NID_mailPreferenceOption		493
+#define OBJ_mailPreferenceOption		OBJ_pilotAttributeType,47L
+
+#define LN_buildingName		"buildingName"
+#define NID_buildingName		494
+#define OBJ_buildingName		OBJ_pilotAttributeType,48L
+
+#define LN_dSAQuality		"dSAQuality"
+#define NID_dSAQuality		495
+#define OBJ_dSAQuality		OBJ_pilotAttributeType,49L
+
+#define LN_singleLevelQuality		"singleLevelQuality"
+#define NID_singleLevelQuality		496
+#define OBJ_singleLevelQuality		OBJ_pilotAttributeType,50L
+
+#define LN_subtreeMinimumQuality		"subtreeMinimumQuality"
+#define NID_subtreeMinimumQuality		497
+#define OBJ_subtreeMinimumQuality		OBJ_pilotAttributeType,51L
+
+#define LN_subtreeMaximumQuality		"subtreeMaximumQuality"
+#define NID_subtreeMaximumQuality		498
+#define OBJ_subtreeMaximumQuality		OBJ_pilotAttributeType,52L
+
+#define LN_personalSignature		"personalSignature"
+#define NID_personalSignature		499
+#define OBJ_personalSignature		OBJ_pilotAttributeType,53L
+
+#define LN_dITRedirect		"dITRedirect"
+#define NID_dITRedirect		500
+#define OBJ_dITRedirect		OBJ_pilotAttributeType,54L
+
+#define SN_audio		"audio"
+#define NID_audio		501
+#define OBJ_audio		OBJ_pilotAttributeType,55L
+
+#define LN_documentPublisher		"documentPublisher"
+#define NID_documentPublisher		502
+#define OBJ_documentPublisher		OBJ_pilotAttributeType,56L
+
+#define SN_id_set		"id-set"
+#define LN_id_set		"Secure Electronic Transactions"
+#define NID_id_set		576
+#define OBJ_id_set		2L,23L,42L
+
+#define SN_set_ctype		"set-ctype"
+#define LN_set_ctype		"content types"
+#define NID_set_ctype		577
+#define OBJ_set_ctype		OBJ_id_set,0L
+
+#define SN_set_msgExt		"set-msgExt"
+#define LN_set_msgExt		"message extensions"
+#define NID_set_msgExt		578
+#define OBJ_set_msgExt		OBJ_id_set,1L
+
+#define SN_set_attr		"set-attr"
+#define NID_set_attr		579
+#define OBJ_set_attr		OBJ_id_set,3L
+
+#define SN_set_policy		"set-policy"
+#define NID_set_policy		580
+#define OBJ_set_policy		OBJ_id_set,5L
+
+#define SN_set_certExt		"set-certExt"
+#define LN_set_certExt		"certificate extensions"
+#define NID_set_certExt		581
+#define OBJ_set_certExt		OBJ_id_set,7L
+
+#define SN_set_brand		"set-brand"
+#define NID_set_brand		582
+#define OBJ_set_brand		OBJ_id_set,8L
+
+#define SN_setct_PANData		"setct-PANData"
+#define NID_setct_PANData		583
+#define OBJ_setct_PANData		OBJ_set_ctype,0L
+
+#define SN_setct_PANToken		"setct-PANToken"
+#define NID_setct_PANToken		584
+#define OBJ_setct_PANToken		OBJ_set_ctype,1L
+
+#define SN_setct_PANOnly		"setct-PANOnly"
+#define NID_setct_PANOnly		585
+#define OBJ_setct_PANOnly		OBJ_set_ctype,2L
+
+#define SN_setct_OIData		"setct-OIData"
+#define NID_setct_OIData		586
+#define OBJ_setct_OIData		OBJ_set_ctype,3L
+
+#define SN_setct_PI		"setct-PI"
+#define NID_setct_PI		587
+#define OBJ_setct_PI		OBJ_set_ctype,4L
+
+#define SN_setct_PIData		"setct-PIData"
+#define NID_setct_PIData		588
+#define OBJ_setct_PIData		OBJ_set_ctype,5L
+
+#define SN_setct_PIDataUnsigned		"setct-PIDataUnsigned"
+#define NID_setct_PIDataUnsigned		589
+#define OBJ_setct_PIDataUnsigned		OBJ_set_ctype,6L
+
+#define SN_setct_HODInput		"setct-HODInput"
+#define NID_setct_HODInput		590
+#define OBJ_setct_HODInput		OBJ_set_ctype,7L
+
+#define SN_setct_AuthResBaggage		"setct-AuthResBaggage"
+#define NID_setct_AuthResBaggage		591
+#define OBJ_setct_AuthResBaggage		OBJ_set_ctype,8L
+
+#define SN_setct_AuthRevReqBaggage		"setct-AuthRevReqBaggage"
+#define NID_setct_AuthRevReqBaggage		592
+#define OBJ_setct_AuthRevReqBaggage		OBJ_set_ctype,9L
+
+#define SN_setct_AuthRevResBaggage		"setct-AuthRevResBaggage"
+#define NID_setct_AuthRevResBaggage		593
+#define OBJ_setct_AuthRevResBaggage		OBJ_set_ctype,10L
+
+#define SN_setct_CapTokenSeq		"setct-CapTokenSeq"
+#define NID_setct_CapTokenSeq		594
+#define OBJ_setct_CapTokenSeq		OBJ_set_ctype,11L
+
+#define SN_setct_PInitResData		"setct-PInitResData"
+#define NID_setct_PInitResData		595
+#define OBJ_setct_PInitResData		OBJ_set_ctype,12L
+
+#define SN_setct_PI_TBS		"setct-PI-TBS"
+#define NID_setct_PI_TBS		596
+#define OBJ_setct_PI_TBS		OBJ_set_ctype,13L
+
+#define SN_setct_PResData		"setct-PResData"
+#define NID_setct_PResData		597
+#define OBJ_setct_PResData		OBJ_set_ctype,14L
+
+#define SN_setct_AuthReqTBS		"setct-AuthReqTBS"
+#define NID_setct_AuthReqTBS		598
+#define OBJ_setct_AuthReqTBS		OBJ_set_ctype,16L
+
+#define SN_setct_AuthResTBS		"setct-AuthResTBS"
+#define NID_setct_AuthResTBS		599
+#define OBJ_setct_AuthResTBS		OBJ_set_ctype,17L
+
+#define SN_setct_AuthResTBSX		"setct-AuthResTBSX"
+#define NID_setct_AuthResTBSX		600
+#define OBJ_setct_AuthResTBSX		OBJ_set_ctype,18L
+
+#define SN_setct_AuthTokenTBS		"setct-AuthTokenTBS"
+#define NID_setct_AuthTokenTBS		601
+#define OBJ_setct_AuthTokenTBS		OBJ_set_ctype,19L
+
+#define SN_setct_CapTokenData		"setct-CapTokenData"
+#define NID_setct_CapTokenData		602
+#define OBJ_setct_CapTokenData		OBJ_set_ctype,20L
+
+#define SN_setct_CapTokenTBS		"setct-CapTokenTBS"
+#define NID_setct_CapTokenTBS		603
+#define OBJ_setct_CapTokenTBS		OBJ_set_ctype,21L
+
+#define SN_setct_AcqCardCodeMsg		"setct-AcqCardCodeMsg"
+#define NID_setct_AcqCardCodeMsg		604
+#define OBJ_setct_AcqCardCodeMsg		OBJ_set_ctype,22L
+
+#define SN_setct_AuthRevReqTBS		"setct-AuthRevReqTBS"
+#define NID_setct_AuthRevReqTBS		605
+#define OBJ_setct_AuthRevReqTBS		OBJ_set_ctype,23L
+
+#define SN_setct_AuthRevResData		"setct-AuthRevResData"
+#define NID_setct_AuthRevResData		606
+#define OBJ_setct_AuthRevResData		OBJ_set_ctype,24L
+
+#define SN_setct_AuthRevResTBS		"setct-AuthRevResTBS"
+#define NID_setct_AuthRevResTBS		607
+#define OBJ_setct_AuthRevResTBS		OBJ_set_ctype,25L
+
+#define SN_setct_CapReqTBS		"setct-CapReqTBS"
+#define NID_setct_CapReqTBS		608
+#define OBJ_setct_CapReqTBS		OBJ_set_ctype,26L
+
+#define SN_setct_CapReqTBSX		"setct-CapReqTBSX"
+#define NID_setct_CapReqTBSX		609
+#define OBJ_setct_CapReqTBSX		OBJ_set_ctype,27L
+
+#define SN_setct_CapResData		"setct-CapResData"
+#define NID_setct_CapResData		610
+#define OBJ_setct_CapResData		OBJ_set_ctype,28L
+
+#define SN_setct_CapRevReqTBS		"setct-CapRevReqTBS"
+#define NID_setct_CapRevReqTBS		611
+#define OBJ_setct_CapRevReqTBS		OBJ_set_ctype,29L
+
+#define SN_setct_CapRevReqTBSX		"setct-CapRevReqTBSX"
+#define NID_setct_CapRevReqTBSX		612
+#define OBJ_setct_CapRevReqTBSX		OBJ_set_ctype,30L
+
+#define SN_setct_CapRevResData		"setct-CapRevResData"
+#define NID_setct_CapRevResData		613
+#define OBJ_setct_CapRevResData		OBJ_set_ctype,31L
+
+#define SN_setct_CredReqTBS		"setct-CredReqTBS"
+#define NID_setct_CredReqTBS		614
+#define OBJ_setct_CredReqTBS		OBJ_set_ctype,32L
+
+#define SN_setct_CredReqTBSX		"setct-CredReqTBSX"
+#define NID_setct_CredReqTBSX		615
+#define OBJ_setct_CredReqTBSX		OBJ_set_ctype,33L
+
+#define SN_setct_CredResData		"setct-CredResData"
+#define NID_setct_CredResData		616
+#define OBJ_setct_CredResData		OBJ_set_ctype,34L
+
+#define SN_setct_CredRevReqTBS		"setct-CredRevReqTBS"
+#define NID_setct_CredRevReqTBS		617
+#define OBJ_setct_CredRevReqTBS		OBJ_set_ctype,35L
+
+#define SN_setct_CredRevReqTBSX		"setct-CredRevReqTBSX"
+#define NID_setct_CredRevReqTBSX		618
+#define OBJ_setct_CredRevReqTBSX		OBJ_set_ctype,36L
+
+#define SN_setct_CredRevResData		"setct-CredRevResData"
+#define NID_setct_CredRevResData		619
+#define OBJ_setct_CredRevResData		OBJ_set_ctype,37L
+
+#define SN_setct_PCertReqData		"setct-PCertReqData"
+#define NID_setct_PCertReqData		620
+#define OBJ_setct_PCertReqData		OBJ_set_ctype,38L
+
+#define SN_setct_PCertResTBS		"setct-PCertResTBS"
+#define NID_setct_PCertResTBS		621
+#define OBJ_setct_PCertResTBS		OBJ_set_ctype,39L
+
+#define SN_setct_BatchAdminReqData		"setct-BatchAdminReqData"
+#define NID_setct_BatchAdminReqData		622
+#define OBJ_setct_BatchAdminReqData		OBJ_set_ctype,40L
+
+#define SN_setct_BatchAdminResData		"setct-BatchAdminResData"
+#define NID_setct_BatchAdminResData		623
+#define OBJ_setct_BatchAdminResData		OBJ_set_ctype,41L
+
+#define SN_setct_CardCInitResTBS		"setct-CardCInitResTBS"
+#define NID_setct_CardCInitResTBS		624
+#define OBJ_setct_CardCInitResTBS		OBJ_set_ctype,42L
+
+#define SN_setct_MeAqCInitResTBS		"setct-MeAqCInitResTBS"
+#define NID_setct_MeAqCInitResTBS		625
+#define OBJ_setct_MeAqCInitResTBS		OBJ_set_ctype,43L
+
+#define SN_setct_RegFormResTBS		"setct-RegFormResTBS"
+#define NID_setct_RegFormResTBS		626
+#define OBJ_setct_RegFormResTBS		OBJ_set_ctype,44L
+
+#define SN_setct_CertReqData		"setct-CertReqData"
+#define NID_setct_CertReqData		627
+#define OBJ_setct_CertReqData		OBJ_set_ctype,45L
+
+#define SN_setct_CertReqTBS		"setct-CertReqTBS"
+#define NID_setct_CertReqTBS		628
+#define OBJ_setct_CertReqTBS		OBJ_set_ctype,46L
+
+#define SN_setct_CertResData		"setct-CertResData"
+#define NID_setct_CertResData		629
+#define OBJ_setct_CertResData		OBJ_set_ctype,47L
+
+#define SN_setct_CertInqReqTBS		"setct-CertInqReqTBS"
+#define NID_setct_CertInqReqTBS		630
+#define OBJ_setct_CertInqReqTBS		OBJ_set_ctype,48L
+
+#define SN_setct_ErrorTBS		"setct-ErrorTBS"
+#define NID_setct_ErrorTBS		631
+#define OBJ_setct_ErrorTBS		OBJ_set_ctype,49L
+
+#define SN_setct_PIDualSignedTBE		"setct-PIDualSignedTBE"
+#define NID_setct_PIDualSignedTBE		632
+#define OBJ_setct_PIDualSignedTBE		OBJ_set_ctype,50L
+
+#define SN_setct_PIUnsignedTBE		"setct-PIUnsignedTBE"
+#define NID_setct_PIUnsignedTBE		633
+#define OBJ_setct_PIUnsignedTBE		OBJ_set_ctype,51L
+
+#define SN_setct_AuthReqTBE		"setct-AuthReqTBE"
+#define NID_setct_AuthReqTBE		634
+#define OBJ_setct_AuthReqTBE		OBJ_set_ctype,52L
+
+#define SN_setct_AuthResTBE		"setct-AuthResTBE"
+#define NID_setct_AuthResTBE		635
+#define OBJ_setct_AuthResTBE		OBJ_set_ctype,53L
+
+#define SN_setct_AuthResTBEX		"setct-AuthResTBEX"
+#define NID_setct_AuthResTBEX		636
+#define OBJ_setct_AuthResTBEX		OBJ_set_ctype,54L
+
+#define SN_setct_AuthTokenTBE		"setct-AuthTokenTBE"
+#define NID_setct_AuthTokenTBE		637
+#define OBJ_setct_AuthTokenTBE		OBJ_set_ctype,55L
+
+#define SN_setct_CapTokenTBE		"setct-CapTokenTBE"
+#define NID_setct_CapTokenTBE		638
+#define OBJ_setct_CapTokenTBE		OBJ_set_ctype,56L
+
+#define SN_setct_CapTokenTBEX		"setct-CapTokenTBEX"
+#define NID_setct_CapTokenTBEX		639
+#define OBJ_setct_CapTokenTBEX		OBJ_set_ctype,57L
+
+#define SN_setct_AcqCardCodeMsgTBE		"setct-AcqCardCodeMsgTBE"
+#define NID_setct_AcqCardCodeMsgTBE		640
+#define OBJ_setct_AcqCardCodeMsgTBE		OBJ_set_ctype,58L
+
+#define SN_setct_AuthRevReqTBE		"setct-AuthRevReqTBE"
+#define NID_setct_AuthRevReqTBE		641
+#define OBJ_setct_AuthRevReqTBE		OBJ_set_ctype,59L
+
+#define SN_setct_AuthRevResTBE		"setct-AuthRevResTBE"
+#define NID_setct_AuthRevResTBE		642
+#define OBJ_setct_AuthRevResTBE		OBJ_set_ctype,60L
+
+#define SN_setct_AuthRevResTBEB		"setct-AuthRevResTBEB"
+#define NID_setct_AuthRevResTBEB		643
+#define OBJ_setct_AuthRevResTBEB		OBJ_set_ctype,61L
+
+#define SN_setct_CapReqTBE		"setct-CapReqTBE"
+#define NID_setct_CapReqTBE		644
+#define OBJ_setct_CapReqTBE		OBJ_set_ctype,62L
+
+#define SN_setct_CapReqTBEX		"setct-CapReqTBEX"
+#define NID_setct_CapReqTBEX		645
+#define OBJ_setct_CapReqTBEX		OBJ_set_ctype,63L
+
+#define SN_setct_CapResTBE		"setct-CapResTBE"
+#define NID_setct_CapResTBE		646
+#define OBJ_setct_CapResTBE		OBJ_set_ctype,64L
+
+#define SN_setct_CapRevReqTBE		"setct-CapRevReqTBE"
+#define NID_setct_CapRevReqTBE		647
+#define OBJ_setct_CapRevReqTBE		OBJ_set_ctype,65L
+
+#define SN_setct_CapRevReqTBEX		"setct-CapRevReqTBEX"
+#define NID_setct_CapRevReqTBEX		648
+#define OBJ_setct_CapRevReqTBEX		OBJ_set_ctype,66L
+
+#define SN_setct_CapRevResTBE		"setct-CapRevResTBE"
+#define NID_setct_CapRevResTBE		649
+#define OBJ_setct_CapRevResTBE		OBJ_set_ctype,67L
+
+#define SN_setct_CredReqTBE		"setct-CredReqTBE"
+#define NID_setct_CredReqTBE		650
+#define OBJ_setct_CredReqTBE		OBJ_set_ctype,68L
+
+#define SN_setct_CredReqTBEX		"setct-CredReqTBEX"
+#define NID_setct_CredReqTBEX		651
+#define OBJ_setct_CredReqTBEX		OBJ_set_ctype,69L
+
+#define SN_setct_CredResTBE		"setct-CredResTBE"
+#define NID_setct_CredResTBE		652
+#define OBJ_setct_CredResTBE		OBJ_set_ctype,70L
+
+#define SN_setct_CredRevReqTBE		"setct-CredRevReqTBE"
+#define NID_setct_CredRevReqTBE		653
+#define OBJ_setct_CredRevReqTBE		OBJ_set_ctype,71L
+
+#define SN_setct_CredRevReqTBEX		"setct-CredRevReqTBEX"
+#define NID_setct_CredRevReqTBEX		654
+#define OBJ_setct_CredRevReqTBEX		OBJ_set_ctype,72L
+
+#define SN_setct_CredRevResTBE		"setct-CredRevResTBE"
+#define NID_setct_CredRevResTBE		655
+#define OBJ_setct_CredRevResTBE		OBJ_set_ctype,73L
+
+#define SN_setct_BatchAdminReqTBE		"setct-BatchAdminReqTBE"
+#define NID_setct_BatchAdminReqTBE		656
+#define OBJ_setct_BatchAdminReqTBE		OBJ_set_ctype,74L
+
+#define SN_setct_BatchAdminResTBE		"setct-BatchAdminResTBE"
+#define NID_setct_BatchAdminResTBE		657
+#define OBJ_setct_BatchAdminResTBE		OBJ_set_ctype,75L
+
+#define SN_setct_RegFormReqTBE		"setct-RegFormReqTBE"
+#define NID_setct_RegFormReqTBE		658
+#define OBJ_setct_RegFormReqTBE		OBJ_set_ctype,76L
+
+#define SN_setct_CertReqTBE		"setct-CertReqTBE"
+#define NID_setct_CertReqTBE		659
+#define OBJ_setct_CertReqTBE		OBJ_set_ctype,77L
+
+#define SN_setct_CertReqTBEX		"setct-CertReqTBEX"
+#define NID_setct_CertReqTBEX		660
+#define OBJ_setct_CertReqTBEX		OBJ_set_ctype,78L
+
+#define SN_setct_CertResTBE		"setct-CertResTBE"
+#define NID_setct_CertResTBE		661
+#define OBJ_setct_CertResTBE		OBJ_set_ctype,79L
+
+#define SN_setct_CRLNotificationTBS		"setct-CRLNotificationTBS"
+#define NID_setct_CRLNotificationTBS		662
+#define OBJ_setct_CRLNotificationTBS		OBJ_set_ctype,80L
+
+#define SN_setct_CRLNotificationResTBS		"setct-CRLNotificationResTBS"
+#define NID_setct_CRLNotificationResTBS		663
+#define OBJ_setct_CRLNotificationResTBS		OBJ_set_ctype,81L
+
+#define SN_setct_BCIDistributionTBS		"setct-BCIDistributionTBS"
+#define NID_setct_BCIDistributionTBS		664
+#define OBJ_setct_BCIDistributionTBS		OBJ_set_ctype,82L
+
+#define SN_setext_genCrypt		"setext-genCrypt"
+#define LN_setext_genCrypt		"generic cryptogram"
+#define NID_setext_genCrypt		665
+#define OBJ_setext_genCrypt		OBJ_set_msgExt,1L
+
+#define SN_setext_miAuth		"setext-miAuth"
+#define LN_setext_miAuth		"merchant initiated auth"
+#define NID_setext_miAuth		666
+#define OBJ_setext_miAuth		OBJ_set_msgExt,3L
+
+#define SN_setext_pinSecure		"setext-pinSecure"
+#define NID_setext_pinSecure		667
+#define OBJ_setext_pinSecure		OBJ_set_msgExt,4L
+
+#define SN_setext_pinAny		"setext-pinAny"
+#define NID_setext_pinAny		668
+#define OBJ_setext_pinAny		OBJ_set_msgExt,5L
+
+#define SN_setext_track2		"setext-track2"
+#define NID_setext_track2		669
+#define OBJ_setext_track2		OBJ_set_msgExt,7L
+
+#define SN_setext_cv		"setext-cv"
+#define LN_setext_cv		"additional verification"
+#define NID_setext_cv		670
+#define OBJ_setext_cv		OBJ_set_msgExt,8L
+
+#define SN_set_policy_root		"set-policy-root"
+#define NID_set_policy_root		671
+#define OBJ_set_policy_root		OBJ_set_policy,0L
+
+#define SN_setCext_hashedRoot		"setCext-hashedRoot"
+#define NID_setCext_hashedRoot		672
+#define OBJ_setCext_hashedRoot		OBJ_set_certExt,0L
+
+#define SN_setCext_certType		"setCext-certType"
+#define NID_setCext_certType		673
+#define OBJ_setCext_certType		OBJ_set_certExt,1L
+
+#define SN_setCext_merchData		"setCext-merchData"
+#define NID_setCext_merchData		674
+#define OBJ_setCext_merchData		OBJ_set_certExt,2L
+
+#define SN_setCext_cCertRequired		"setCext-cCertRequired"
+#define NID_setCext_cCertRequired		675
+#define OBJ_setCext_cCertRequired		OBJ_set_certExt,3L
+
+#define SN_setCext_tunneling		"setCext-tunneling"
+#define NID_setCext_tunneling		676
+#define OBJ_setCext_tunneling		OBJ_set_certExt,4L
+
+#define SN_setCext_setExt		"setCext-setExt"
+#define NID_setCext_setExt		677
+#define OBJ_setCext_setExt		OBJ_set_certExt,5L
+
+#define SN_setCext_setQualf		"setCext-setQualf"
+#define NID_setCext_setQualf		678
+#define OBJ_setCext_setQualf		OBJ_set_certExt,6L
+
+#define SN_setCext_PGWYcapabilities		"setCext-PGWYcapabilities"
+#define NID_setCext_PGWYcapabilities		679
+#define OBJ_setCext_PGWYcapabilities		OBJ_set_certExt,7L
+
+#define SN_setCext_TokenIdentifier		"setCext-TokenIdentifier"
+#define NID_setCext_TokenIdentifier		680
+#define OBJ_setCext_TokenIdentifier		OBJ_set_certExt,8L
+
+#define SN_setCext_Track2Data		"setCext-Track2Data"
+#define NID_setCext_Track2Data		681
+#define OBJ_setCext_Track2Data		OBJ_set_certExt,9L
+
+#define SN_setCext_TokenType		"setCext-TokenType"
+#define NID_setCext_TokenType		682
+#define OBJ_setCext_TokenType		OBJ_set_certExt,10L
+
+#define SN_setCext_IssuerCapabilities		"setCext-IssuerCapabilities"
+#define NID_setCext_IssuerCapabilities		683
+#define OBJ_setCext_IssuerCapabilities		OBJ_set_certExt,11L
+
+#define SN_setAttr_Cert		"setAttr-Cert"
+#define NID_setAttr_Cert		684
+#define OBJ_setAttr_Cert		OBJ_set_attr,0L
+
+#define SN_setAttr_PGWYcap		"setAttr-PGWYcap"
+#define LN_setAttr_PGWYcap		"payment gateway capabilities"
+#define NID_setAttr_PGWYcap		685
+#define OBJ_setAttr_PGWYcap		OBJ_set_attr,1L
+
+#define SN_setAttr_TokenType		"setAttr-TokenType"
+#define NID_setAttr_TokenType		686
+#define OBJ_setAttr_TokenType		OBJ_set_attr,2L
+
+#define SN_setAttr_IssCap		"setAttr-IssCap"
+#define LN_setAttr_IssCap		"issuer capabilities"
+#define NID_setAttr_IssCap		687
+#define OBJ_setAttr_IssCap		OBJ_set_attr,3L
+
+#define SN_set_rootKeyThumb		"set-rootKeyThumb"
+#define NID_set_rootKeyThumb		688
+#define OBJ_set_rootKeyThumb		OBJ_setAttr_Cert,0L
+
+#define SN_set_addPolicy		"set-addPolicy"
+#define NID_set_addPolicy		689
+#define OBJ_set_addPolicy		OBJ_setAttr_Cert,1L
+
+#define SN_setAttr_Token_EMV		"setAttr-Token-EMV"
+#define NID_setAttr_Token_EMV		690
+#define OBJ_setAttr_Token_EMV		OBJ_setAttr_TokenType,1L
+
+#define SN_setAttr_Token_B0Prime		"setAttr-Token-B0Prime"
+#define NID_setAttr_Token_B0Prime		691
+#define OBJ_setAttr_Token_B0Prime		OBJ_setAttr_TokenType,2L
+
+#define SN_setAttr_IssCap_CVM		"setAttr-IssCap-CVM"
+#define NID_setAttr_IssCap_CVM		692
+#define OBJ_setAttr_IssCap_CVM		OBJ_setAttr_IssCap,3L
+
+#define SN_setAttr_IssCap_T2		"setAttr-IssCap-T2"
+#define NID_setAttr_IssCap_T2		693
+#define OBJ_setAttr_IssCap_T2		OBJ_setAttr_IssCap,4L
+
+#define SN_setAttr_IssCap_Sig		"setAttr-IssCap-Sig"
+#define NID_setAttr_IssCap_Sig		694
+#define OBJ_setAttr_IssCap_Sig		OBJ_setAttr_IssCap,5L
+
+#define SN_setAttr_GenCryptgrm		"setAttr-GenCryptgrm"
+#define LN_setAttr_GenCryptgrm		"generate cryptogram"
+#define NID_setAttr_GenCryptgrm		695
+#define OBJ_setAttr_GenCryptgrm		OBJ_setAttr_IssCap_CVM,1L
+
+#define SN_setAttr_T2Enc		"setAttr-T2Enc"
+#define LN_setAttr_T2Enc		"encrypted track 2"
+#define NID_setAttr_T2Enc		696
+#define OBJ_setAttr_T2Enc		OBJ_setAttr_IssCap_T2,1L
+
+#define SN_setAttr_T2cleartxt		"setAttr-T2cleartxt"
+#define LN_setAttr_T2cleartxt		"cleartext track 2"
+#define NID_setAttr_T2cleartxt		697
+#define OBJ_setAttr_T2cleartxt		OBJ_setAttr_IssCap_T2,2L
+
+#define SN_setAttr_TokICCsig		"setAttr-TokICCsig"
+#define LN_setAttr_TokICCsig		"ICC or token signature"
+#define NID_setAttr_TokICCsig		698
+#define OBJ_setAttr_TokICCsig		OBJ_setAttr_IssCap_Sig,1L
+
+#define SN_setAttr_SecDevSig		"setAttr-SecDevSig"
+#define LN_setAttr_SecDevSig		"secure device signature"
+#define NID_setAttr_SecDevSig		699
+#define OBJ_setAttr_SecDevSig		OBJ_setAttr_IssCap_Sig,2L
+
+#define SN_set_brand_IATA_ATA		"set-brand-IATA-ATA"
+#define NID_set_brand_IATA_ATA		700
+#define OBJ_set_brand_IATA_ATA		OBJ_set_brand,1L
+
+#define SN_set_brand_Diners		"set-brand-Diners"
+#define NID_set_brand_Diners		701
+#define OBJ_set_brand_Diners		OBJ_set_brand,30L
+
+#define SN_set_brand_AmericanExpress		"set-brand-AmericanExpress"
+#define NID_set_brand_AmericanExpress		702
+#define OBJ_set_brand_AmericanExpress		OBJ_set_brand,34L
+
+#define SN_set_brand_JCB		"set-brand-JCB"
+#define NID_set_brand_JCB		703
+#define OBJ_set_brand_JCB		OBJ_set_brand,35L
+
+#define SN_set_brand_Visa		"set-brand-Visa"
+#define NID_set_brand_Visa		704
+#define OBJ_set_brand_Visa		OBJ_set_brand,4L
+
+#define SN_set_brand_MasterCard		"set-brand-MasterCard"
+#define NID_set_brand_MasterCard		705
+#define OBJ_set_brand_MasterCard		OBJ_set_brand,5L
+
+#define SN_set_brand_Novus		"set-brand-Novus"
+#define NID_set_brand_Novus		706
+#define OBJ_set_brand_Novus		OBJ_set_brand,6011L
+
+#define SN_des_cdmf		"DES-CDMF"
+#define LN_des_cdmf		"des-cdmf"
+#define NID_des_cdmf		707
+#define OBJ_des_cdmf		OBJ_rsadsi,3L,10L
+
+#define SN_rsaOAEPEncryptionSET		"rsaOAEPEncryptionSET"
+#define NID_rsaOAEPEncryptionSET		708
+#define OBJ_rsaOAEPEncryptionSET		OBJ_rsadsi,1L,1L,6L
+
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
new file mode 100644
index 0000000000..81936507e8
--- /dev/null
+++ b/crypto/objects/obj_mac.num
@@ -0,0 +1,717 @@
+undef		0
+rsadsi		1
+pkcs		2
+md2		3
+md5		4
+rc4		5
+rsaEncryption		6
+md2WithRSAEncryption		7
+md5WithRSAEncryption		8
+pbeWithMD2AndDES_CBC		9
+pbeWithMD5AndDES_CBC		10
+X500		11
+X509		12
+commonName		13
+countryName		14
+localityName		15
+stateOrProvinceName		16
+organizationName		17
+organizationalUnitName		18
+rsa		19
+pkcs7		20
+pkcs7_data		21
+pkcs7_signed		22
+pkcs7_enveloped		23
+pkcs7_signedAndEnveloped		24
+pkcs7_digest		25
+pkcs7_encrypted		26
+pkcs3		27
+dhKeyAgreement		28
+des_ecb		29
+des_cfb64		30
+des_cbc		31
+des_ede_ecb		32
+des_ede3_ecb		33
+idea_cbc		34
+idea_cfb64		35
+idea_ecb		36
+rc2_cbc		37
+rc2_ecb		38
+rc2_cfb64		39
+rc2_ofb64		40
+sha		41
+shaWithRSAEncryption		42
+des_ede_cbc		43
+des_ede3_cbc		44
+des_ofb64		45
+idea_ofb64		46
+pkcs9		47
+pkcs9_emailAddress		48
+pkcs9_unstructuredName		49
+pkcs9_contentType		50
+pkcs9_messageDigest		51
+pkcs9_signingTime		52
+pkcs9_countersignature		53
+pkcs9_challengePassword		54
+pkcs9_unstructuredAddress		55
+pkcs9_extCertAttributes		56
+netscape		57
+netscape_cert_extension		58
+netscape_data_type		59
+des_ede_cfb64		60
+des_ede3_cfb64		61
+des_ede_ofb64		62
+des_ede3_ofb64		63
+sha1		64
+sha1WithRSAEncryption		65
+dsaWithSHA		66
+dsa_2		67
+pbeWithSHA1AndRC2_CBC		68
+id_pbkdf2		69
+dsaWithSHA1_2		70
+netscape_cert_type		71
+netscape_base_url		72
+netscape_revocation_url		73
+netscape_ca_revocation_url		74
+netscape_renewal_url		75
+netscape_ca_policy_url		76
+netscape_ssl_server_name		77
+netscape_comment		78
+netscape_cert_sequence		79
+desx_cbc		80
+id_ce		81
+subject_key_identifier		82
+key_usage		83
+private_key_usage_period		84
+subject_alt_name		85
+issuer_alt_name		86
+basic_constraints		87
+crl_number		88
+certificate_policies		89
+authority_key_identifier		90
+bf_cbc		91
+bf_ecb		92
+bf_cfb64		93
+bf_ofb64		94
+mdc2		95
+mdc2WithRSA		96
+rc4_40		97
+rc2_40_cbc		98
+givenName		99
+surname		100
+initials		101
+uniqueIdentifier		102
+crl_distribution_points		103
+md5WithRSA		104
+serialNumber		105
+title		106
+description		107
+cast5_cbc		108
+cast5_ecb		109
+cast5_cfb64		110
+cast5_ofb64		111
+pbeWithMD5AndCast5_CBC		112
+dsaWithSHA1		113
+md5_sha1		114
+sha1WithRSA		115
+dsa		116
+ripemd160		117
+ripemd160WithRSA		119
+rc5_cbc		120
+rc5_ecb		121
+rc5_cfb64		122
+rc5_ofb64		123
+rle_compression		124
+zlib_compression		125
+ext_key_usage		126
+id_pkix		127
+id_kp		128
+server_auth		129
+client_auth		130
+code_sign		131
+email_protect		132
+time_stamp		133
+ms_code_ind		134
+ms_code_com		135
+ms_ctl_sign		136
+ms_sgc		137
+ms_efs		138
+ns_sgc		139
+delta_crl		140
+crl_reason		141
+invalidity_date		142
+sxnet		143
+pbe_WithSHA1And128BitRC4		144
+pbe_WithSHA1And40BitRC4		145
+pbe_WithSHA1And3_Key_TripleDES_CBC		146
+pbe_WithSHA1And2_Key_TripleDES_CBC		147
+pbe_WithSHA1And128BitRC2_CBC		148
+pbe_WithSHA1And40BitRC2_CBC		149
+keyBag		150
+pkcs8ShroudedKeyBag		151
+certBag		152
+crlBag		153
+secretBag		154
+safeContentsBag		155
+friendlyName		156
+localKeyID		157
+x509Certificate		158
+sdsiCertificate		159
+x509Crl		160
+pbes2		161
+pbmac1		162
+hmacWithSHA1		163
+id_qt_cps		164
+id_qt_unotice		165
+rc2_64_cbc		166
+SMIMECapabilities		167
+pbeWithMD2AndRC2_CBC		168
+pbeWithMD5AndRC2_CBC		169
+pbeWithSHA1AndDES_CBC		170
+ms_ext_req		171
+ext_req		172
+name		173
+dnQualifier		174
+id_pe		175
+id_ad		176
+info_access		177
+ad_OCSP		178
+ad_ca_issuers		179
+OCSP_sign		180
+iso		181
+member_body		182
+ISO_US		183
+X9_57		184
+X9cm		185
+pkcs1		186
+pkcs5		187
+SMIME		188
+id_smime_mod		189
+id_smime_ct		190
+id_smime_aa		191
+id_smime_alg		192
+id_smime_cd		193
+id_smime_spq		194
+id_smime_cti		195
+id_smime_mod_cms		196
+id_smime_mod_ess		197
+id_smime_mod_oid		198
+id_smime_mod_msg_v3		199
+id_smime_mod_ets_eSignature_88		200
+id_smime_mod_ets_eSignature_97		201
+id_smime_mod_ets_eSigPolicy_88		202
+id_smime_mod_ets_eSigPolicy_97		203
+id_smime_ct_receipt		204
+id_smime_ct_authData		205
+id_smime_ct_publishCert		206
+id_smime_ct_TSTInfo		207
+id_smime_ct_TDTInfo		208
+id_smime_ct_contentInfo		209
+id_smime_ct_DVCSRequestData		210
+id_smime_ct_DVCSResponseData		211
+id_smime_aa_receiptRequest		212
+id_smime_aa_securityLabel		213
+id_smime_aa_mlExpandHistory		214
+id_smime_aa_contentHint		215
+id_smime_aa_msgSigDigest		216
+id_smime_aa_encapContentType		217
+id_smime_aa_contentIdentifier		218
+id_smime_aa_macValue		219
+id_smime_aa_equivalentLabels		220
+id_smime_aa_contentReference		221
+id_smime_aa_encrypKeyPref		222
+id_smime_aa_signingCertificate		223
+id_smime_aa_smimeEncryptCerts		224
+id_smime_aa_timeStampToken		225
+id_smime_aa_ets_sigPolicyId		226
+id_smime_aa_ets_commitmentType		227
+id_smime_aa_ets_signerLocation		228
+id_smime_aa_ets_signerAttr		229
+id_smime_aa_ets_otherSigCert		230
+id_smime_aa_ets_contentTimestamp		231
+id_smime_aa_ets_CertificateRefs		232
+id_smime_aa_ets_RevocationRefs		233
+id_smime_aa_ets_certValues		234
+id_smime_aa_ets_revocationValues		235
+id_smime_aa_ets_escTimeStamp		236
+id_smime_aa_ets_certCRLTimestamp		237
+id_smime_aa_ets_archiveTimeStamp		238
+id_smime_aa_signatureType		239
+id_smime_aa_dvcs_dvc		240
+id_smime_alg_ESDHwith3DES		241
+id_smime_alg_ESDHwithRC2		242
+id_smime_alg_3DESwrap		243
+id_smime_alg_RC2wrap		244
+id_smime_alg_ESDH		245
+id_smime_alg_CMS3DESwrap		246
+id_smime_alg_CMSRC2wrap		247
+id_smime_cd_ldap		248
+id_smime_spq_ets_sqt_uri		249
+id_smime_spq_ets_sqt_unotice		250
+id_smime_cti_ets_proofOfOrigin		251
+id_smime_cti_ets_proofOfReceipt		252
+id_smime_cti_ets_proofOfDelivery		253
+id_smime_cti_ets_proofOfSender		254
+id_smime_cti_ets_proofOfApproval		255
+id_smime_cti_ets_proofOfCreation		256
+md4		257
+id_pkix_mod		258
+id_qt		259
+id_it		260
+id_pkip		261
+id_alg		262
+id_cmc		263
+id_on		264
+id_pda		265
+id_aca		266
+id_qcs		267
+id_cct		268
+id_pkix1_explicit_88		269
+id_pkix1_implicit_88		270
+id_pkix1_explicit_93		271
+id_pkix1_implicit_93		272
+id_mod_crmf		273
+id_mod_cmc		274
+id_mod_kea_profile_88		275
+id_mod_kea_profile_93		276
+id_mod_cmp		277
+id_mod_qualified_cert_88		278
+id_mod_qualified_cert_93		279
+id_mod_attribute_cert		280
+id_mod_timestamp_protocol		281
+id_mod_ocsp		282
+id_mod_dvcs		283
+id_mod_cmp2000		284
+biometricInfo		285
+qcStatements		286
+ac_auditEntity		287
+ac_targeting		288
+aaControls		289
+sbqp_ipAddrBlock		290
+sbqp_autonomousSysNum		291
+sbqp_routerIdentifier		292
+textNotice		293
+ipsecEndSystem		294
+ipsecTunnel		295
+ipsecUser		296
+dvcs		297
+id_it_caProtEncCert		298
+id_it_signKeyPairTypes		299
+id_it_encKeyPairTypes		300
+id_it_preferredSymmAlg		301
+id_it_caKeyUpdateInfo		302
+id_it_currentCRL		303
+id_it_unsupportedOIDs		304
+id_it_subscriptionRequest		305
+id_it_subscriptionResponse		306
+id_it_keyPairParamReq		307
+id_it_keyPairParamRep		308
+id_it_revPassphrase		309
+id_it_implicitConfirm		310
+id_it_confirmWaitTime		311
+id_it_origPKIMessage		312
+id_regCtrl		313
+id_regInfo		314
+id_regCtrl_regToken		315
+id_regCtrl_authenticator		316
+id_regCtrl_pkiPublicationInfo		317
+id_regCtrl_pkiArchiveOptions		318
+id_regCtrl_oldCertID		319
+id_regCtrl_protocolEncrKey		320
+id_regInfo_utf8Pairs		321
+id_regInfo_certReq		322
+id_alg_des40		323
+id_alg_noSignature		324
+id_alg_dh_sig_hmac_sha1		325
+id_alg_dh_pop		326
+id_cmc_statusInfo		327
+id_cmc_identification		328
+id_cmc_identityProof		329
+id_cmc_dataReturn		330
+id_cmc_transactionId		331
+id_cmc_senderNonce		332
+id_cmc_recipientNonce		333
+id_cmc_addExtensions		334
+id_cmc_encryptedPOP		335
+id_cmc_decryptedPOP		336
+id_cmc_lraPOPWitness		337
+id_cmc_getCert		338
+id_cmc_getCRL		339
+id_cmc_revokeRequest		340
+id_cmc_regInfo		341
+id_cmc_responseInfo		342
+id_cmc_queryPending		343
+id_cmc_popLinkRandom		344
+id_cmc_popLinkWitness		345
+id_cmc_confirmCertAcceptance		346
+id_on_personalData		347
+id_pda_dateOfBirth		348
+id_pda_placeOfBirth		349
+id_pda_pseudonym		350
+id_pda_gender		351
+id_pda_countryOfCitizenship		352
+id_pda_countryOfResidence		353
+id_aca_authenticationInfo		354
+id_aca_accessIdentity		355
+id_aca_chargingIdentity		356
+id_aca_group		357
+id_aca_role		358
+id_qcs_pkixQCSyntax_v1		359
+id_cct_crs		360
+id_cct_PKIData		361
+id_cct_PKIResponse		362
+ad_timeStamping		363
+ad_dvcs		364
+id_pkix_OCSP_basic		365
+id_pkix_OCSP_Nonce		366
+id_pkix_OCSP_CrlID		367
+id_pkix_OCSP_acceptableResponses		368
+id_pkix_OCSP_noCheck		369
+id_pkix_OCSP_archiveCutoff		370
+id_pkix_OCSP_serviceLocator		371
+id_pkix_OCSP_extendedStatus		372
+id_pkix_OCSP_valid		373
+id_pkix_OCSP_path		374
+id_pkix_OCSP_trustRoot		375
+algorithm		376
+rsaSignature		377
+X500algorithms		378
+org		379
+dod		380
+iana		381
+Directory		382
+Management		383
+Experimental		384
+Private		385
+Security		386
+SNMPv2		387
+Mail		388
+Enterprises		389
+dcObject		390
+domainComponent		391
+Domain		392
+joint_iso_ccitt		393
+selected_attribute_types		394
+clearance		395
+md4WithRSAEncryption		396
+ac_proxying		397
+sinfo_access		398
+id_aca_encAttrs		399
+role		400
+policy_constraints		401
+target_information		402
+no_rev_avail		403
+ccitt		404
+ansi_X9_62		405
+X9_62_prime_field		406
+X9_62_characteristic_two_field		407
+X9_62_id_ecPublicKey		408
+X9_62_prime192v1		409
+X9_62_prime192v2		410
+X9_62_prime192v3		411
+X9_62_prime239v1		412
+X9_62_prime239v2		413
+X9_62_prime239v3		414
+X9_62_prime256v1		415
+ecdsa_with_SHA1		416
+ms_csp_name		417
+aes_128_ecb		418
+aes_128_cbc		419
+aes_128_ofb128		420
+aes_128_cfb128		421
+aes_192_ecb		422
+aes_192_cbc		423
+aes_192_ofb128		424
+aes_192_cfb128		425
+aes_256_ecb		426
+aes_256_cbc		427
+aes_256_ofb128		428
+aes_256_cfb128		429
+hold_instruction_code		430
+hold_instruction_none		431
+hold_instruction_call_issuer		432
+hold_instruction_reject		433
+data		434
+pss		435
+ucl		436
+pilot		437
+pilotAttributeType		438
+pilotAttributeSyntax		439
+pilotObjectClass		440
+pilotGroups		441
+iA5StringSyntax		442
+caseIgnoreIA5StringSyntax		443
+pilotObject		444
+pilotPerson		445
+account		446
+document		447
+room		448
+documentSeries		449
+rFC822localPart		450
+dNSDomain		451
+domainRelatedObject		452
+friendlyCountry		453
+simpleSecurityObject		454
+pilotOrganization		455
+pilotDSA		456
+qualityLabelledData		457
+userId		458
+textEncodedORAddress		459
+rfc822Mailbox		460
+info		461
+favouriteDrink		462
+roomNumber		463
+photo		464
+userClass		465
+host		466
+manager		467
+documentIdentifier		468
+documentTitle		469
+documentVersion		470
+documentAuthor		471
+documentLocation		472
+homeTelephoneNumber		473
+secretary		474
+otherMailbox		475
+lastModifiedTime		476
+lastModifiedBy		477
+aRecord		478
+pilotAttributeType27		479
+mXRecord		480
+nSRecord		481
+sOARecord		482
+cNAMERecord		483
+associatedDomain		484
+associatedName		485
+homePostalAddress		486
+personalTitle		487
+mobileTelephoneNumber		488
+pagerTelephoneNumber		489
+friendlyCountryName		490
+organizationalStatus		491
+janetMailbox		492
+mailPreferenceOption		493
+buildingName		494
+dSAQuality		495
+singleLevelQuality		496
+subtreeMinimumQuality		497
+subtreeMaximumQuality		498
+personalSignature		499
+dITRedirect		500
+audio		501
+documentPublisher		502
+X9_62_id_characteristic_two_basis		503
+X9_62_onBasis		504
+X9_62_tpBasis		505
+X9_62_ppBasis		506
+X9_62_c2pnb163v1		507
+X9_62_c2pnb163v2		508
+X9_62_c2pnb163v3		509
+X9_62_c2pnb176v1		510
+X9_62_c2tnb191v1		511
+X9_62_c2tnb191v2		512
+X9_62_c2tnb191v3		513
+X9_62_c2onb191v4		514
+X9_62_c2onb191v5		515
+X9_62_c2pnb208w1		516
+X9_62_c2tnb239v1		517
+X9_62_c2tnb239v2		518
+X9_62_c2tnb239v3		519
+X9_62_c2onb239v4		520
+X9_62_c2onb239v5		521
+X9_62_c2pnb272w1		522
+X9_62_c2pnb304w1		523
+X9_62_c2tnb359v1		524
+X9_62_c2pnb368w1		525
+X9_62_c2tnb431r1		526
+identified_organization		527
+certicom_arc		528
+secp112r1		529
+secp112r2		530
+secp128r1		531
+secp128r2		532
+secp160k1		533
+secp160r1		534
+secp160r2		535
+secp192k1		536
+secp192r1		537
+secp224k1		538
+secp224r1		539
+secp256k1		540
+secp256r1		541
+secp384r1		542
+secp521r1		543
+sect113r1		544
+sect113r2		545
+sect131r1		546
+sect131r2		547
+sect163k1		548
+sect163r1		549
+sect163r2		550
+sect193r1		551
+sect193r2		552
+sect233k1		553
+sect233r1		554
+sect239k1		555
+sect283k1		556
+sect283r1		557
+sect409k1		558
+sect409r1		559
+sect571k1		560
+sect571r1		561
+wap		562
+wap_wsg		563
+wap_wsg_idm_ecid_wtls1		564
+wap_wsg_idm_ecid_wtls6		565
+wap_wsg_idm_ecid_wtls8		566
+wap_wsg_idm_ecid_wtls9		567
+x500UniqueIdentifier		568
+mime_mhs		569
+mime_mhs_headings		570
+mime_mhs_bodies		571
+id_hex_partial_message		572
+id_hex_multipart_message		573
+generationQualifier		574
+pseudonym		575
+id_set		576
+set_ctype		577
+set_msgExt		578
+set_attr		579
+set_policy		580
+set_certExt		581
+set_brand		582
+setct_PANData		583
+setct_PANToken		584
+setct_PANOnly		585
+setct_OIData		586
+setct_PI		587
+setct_PIData		588
+setct_PIDataUnsigned		589
+setct_HODInput		590
+setct_AuthResBaggage		591
+setct_AuthRevReqBaggage		592
+setct_AuthRevResBaggage		593
+setct_CapTokenSeq		594
+setct_PInitResData		595
+setct_PI_TBS		596
+setct_PResData		597
+setct_AuthReqTBS		598
+setct_AuthResTBS		599
+setct_AuthResTBSX		600
+setct_AuthTokenTBS		601
+setct_CapTokenData		602
+setct_CapTokenTBS		603
+setct_AcqCardCodeMsg		604
+setct_AuthRevReqTBS		605
+setct_AuthRevResData		606
+setct_AuthRevResTBS		607
+setct_CapReqTBS		608
+setct_CapReqTBSX		609
+setct_CapResData		610
+setct_CapRevReqTBS		611
+setct_CapRevReqTBSX		612
+setct_CapRevResData		613
+setct_CredReqTBS		614
+setct_CredReqTBSX		615
+setct_CredResData		616
+setct_CredRevReqTBS		617
+setct_CredRevReqTBSX		618
+setct_CredRevResData		619
+setct_PCertReqData		620
+setct_PCertResTBS		621
+setct_BatchAdminReqData		622
+setct_BatchAdminResData		623
+setct_CardCInitResTBS		624
+setct_MeAqCInitResTBS		625
+setct_RegFormResTBS		626
+setct_CertReqData		627
+setct_CertReqTBS		628
+setct_CertResData		629
+setct_CertInqReqTBS		630
+setct_ErrorTBS		631
+setct_PIDualSignedTBE		632
+setct_PIUnsignedTBE		633
+setct_AuthReqTBE		634
+setct_AuthResTBE		635
+setct_AuthResTBEX		636
+setct_AuthTokenTBE		637
+setct_CapTokenTBE		638
+setct_CapTokenTBEX		639
+setct_AcqCardCodeMsgTBE		640
+setct_AuthRevReqTBE		641
+setct_AuthRevResTBE		642
+setct_AuthRevResTBEB		643
+setct_CapReqTBE		644
+setct_CapReqTBEX		645
+setct_CapResTBE		646
+setct_CapRevReqTBE		647
+setct_CapRevReqTBEX		648
+setct_CapRevResTBE		649
+setct_CredReqTBE		650
+setct_CredReqTBEX		651
+setct_CredResTBE		652
+setct_CredRevReqTBE		653
+setct_CredRevReqTBEX		654
+setct_CredRevResTBE		655
+setct_BatchAdminReqTBE		656
+setct_BatchAdminResTBE		657
+setct_RegFormReqTBE		658
+setct_CertReqTBE		659
+setct_CertReqTBEX		660
+setct_CertResTBE		661
+setct_CRLNotificationTBS		662
+setct_CRLNotificationResTBS		663
+setct_BCIDistributionTBS		664
+setext_genCrypt		665
+setext_miAuth		666
+setext_pinSecure		667
+setext_pinAny		668
+setext_track2		669
+setext_cv		670
+set_policy_root		671
+setCext_hashedRoot		672
+setCext_certType		673
+setCext_merchData		674
+setCext_cCertRequired		675
+setCext_tunneling		676
+setCext_setExt		677
+setCext_setQualf		678
+setCext_PGWYcapabilities		679
+setCext_TokenIdentifier		680
+setCext_Track2Data		681
+setCext_TokenType		682
+setCext_IssuerCapabilities		683
+setAttr_Cert		684
+setAttr_PGWYcap		685
+setAttr_TokenType		686
+setAttr_IssCap		687
+set_rootKeyThumb		688
+set_addPolicy		689
+setAttr_Token_EMV		690
+setAttr_Token_B0Prime		691
+setAttr_IssCap_CVM		692
+setAttr_IssCap_T2		693
+setAttr_IssCap_Sig		694
+setAttr_GenCryptgrm		695
+setAttr_T2Enc		696
+setAttr_T2cleartxt		697
+setAttr_TokICCsig		698
+setAttr_SecDevSig		699
+set_brand_IATA_ATA		700
+set_brand_Diners		701
+set_brand_AmericanExpress		702
+set_brand_JCB		703
+set_brand_Visa		704
+set_brand_MasterCard		705
+set_brand_Novus		706
+des_cdmf		707
+rsaOAEPEncryptionSET		708
+wap_wsg_idm_ecid_wtls3		709
+wap_wsg_idm_ecid_wtls4		710
+wap_wsg_idm_ecid_wtls5		711
+wap_wsg_idm_ecid_wtls7		712
+wap_wsg_idm_ecid_wtls10		713
+wap_wsg_idm_ecid_wtls11		714
+wap_wsg_idm_ecid_wtls12		715
+ms_smartcard_login		716
+ms_upn		717
diff --git a/crypto/objects/objects.README b/crypto/objects/objects.README
new file mode 100644
index 0000000000..4d745508d8
--- /dev/null
+++ b/crypto/objects/objects.README
@@ -0,0 +1,44 @@
+objects.txt syntax
+------------------
+
+To cover all the naming hacks that were previously in objects.h needed some
+kind of hacks in objects.txt.
+
+The basic syntax for adding an object is as follows:
+
+	1 2 3 4		: shortName	: Long Name
+
+		If the long name doesn't contain spaces, or no short name
+		exists, the long name is used as basis for the base name
+		in C.  Otherwise, the short name is used.
+
+		The base name (let's call it 'base') will then be used to
+		create the C macros SN_base, LN_base, NID_base and OBJ_base.
+
+		Note that if the base name contains spaces, dashes or periods,
+		those will be converte to underscore.
+
+Then there are some extra commands:
+
+	!Alias foo 1 2 3 4
+
+		This juts makes a name foo for an OID.  The C macro
+		OBJ_foo will be created as a result.
+
+	!Cname foo
+
+		This makes sure that the name foo will be used as base name
+		in C.
+
+	!module foo
+	1 2 3 4		: shortName	: Long Name
+	!global
+
+		The !module command was meant to define a kind of modularity.
+		What it does is to make sure the module name is prepended
+		to the base name.  !global turns this off.  This construction
+		is not recursive.
+
+Lines starting with # are treated as comments, as well as any line starting
+with ! and not matching the commands above.
+
diff --git a/crypto/objects/objects.err b/crypto/objects/objects.err
deleted file mode 100644
index 8bec3eaea2..0000000000
--- a/crypto/objects/objects.err
+++ /dev/null
@@ -1,12 +0,0 @@
-/* Error codes for the OBJ functions. */
-
-/* Function codes. */
-#define OBJ_F_OBJ_CREATE				 100
-#define OBJ_F_OBJ_DUP					 101
-#define OBJ_F_OBJ_NID2LN				 102
-#define OBJ_F_OBJ_NID2OBJ				 103
-#define OBJ_F_OBJ_NID2SN				 104
-
-/* Reason codes. */
-#define OBJ_R_MALLOC_FAILURE				 100
-#define OBJ_R_UNKNOWN_NID				 101
diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h
index 8e1a9d3fa1..de10532813 100644
--- a/crypto/objects/objects.h
+++ b/crypto/objects/objects.h
@@ -59,10 +59,11 @@
 #ifndef HEADER_OBJECTS_H
 #define HEADER_OBJECTS_H
 
-#ifdef  __cplusplus
-extern "C" {
-#endif
+#define USE_OBJ_MAC
 
+#ifdef USE_OBJ_MAC
+#include <openssl/obj_mac.h>
+#else
 #define SN_undef			"UNDEF"
 #define LN_undef			"undefined"
 #define NID_undef			0
@@ -110,10 +111,12 @@ extern "C" {
 #define NID_md5WithRSAEncryption	8
 #define OBJ_md5WithRSAEncryption	OBJ_pkcs,1L,4L
 
+#define SN_pbeWithMD2AndDES_CBC		"PBE-MD2-DES"
 #define LN_pbeWithMD2AndDES_CBC		"pbeWithMD2AndDES-CBC"
 #define NID_pbeWithMD2AndDES_CBC	9
 #define OBJ_pbeWithMD2AndDES_CBC	OBJ_pkcs,5L,1L
 
+#define SN_pbeWithMD5AndDES_CBC		"PBE-MD5-DES"
 #define LN_pbeWithMD5AndDES_CBC		"pbeWithMD5AndDES-CBC"
 #define NID_pbeWithMD5AndDES_CBC	10
 #define OBJ_pbeWithMD5AndDES_CBC	OBJ_pkcs,5L,3L
@@ -230,6 +233,7 @@ extern "C" {
 #define SN_idea_cbc			"IDEA-CBC"
 #define LN_idea_cbc			"idea-cbc"
 #define NID_idea_cbc			34
+#define OBJ_idea_cbc			1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L
 
 #define SN_idea_cfb64			"IDEA-CFB"
 #define LN_idea_cfb64			"idea-cfb"
@@ -380,14 +384,18 @@ extern "C" {
 #define OBJ_dsa_2			OBJ_algorithm,12L
 
 /* proposed by microsoft to RSA */
+#define SN_pbeWithSHA1AndRC2_CBC	"PBE-SHA1-RC2-64"
 #define LN_pbeWithSHA1AndRC2_CBC	"pbeWithSHA1AndRC2-CBC"
 #define NID_pbeWithSHA1AndRC2_CBC	68
 #define OBJ_pbeWithSHA1AndRC2_CBC	OBJ_pkcs,5L,11L 
 
-/* proposed by microsoft to RSA */
-#define LN_pbeWithSHA1AndRC4		"pbeWithSHA1AndRC4"
-#define NID_pbeWithSHA1AndRC4		69
-#define OBJ_pbeWithSHA1AndRC4		OBJ_pkcs,5L,12L 
+/* proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now
+ * defined explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something
+ * completely different.
+ */
+#define LN_id_pbkdf2			"PBKDF2"
+#define NID_id_pbkdf2			69
+#define OBJ_id_pbkdf2			OBJ_pkcs,5L,12L 
 
 #define SN_dsaWithSHA1_2		"DSA-SHA1-old"
 #define LN_dsaWithSHA1_2		"dsaWithSHA1-old"
@@ -444,58 +452,59 @@ extern "C" {
 #define LN_desx_cbc			"desx-cbc"
 #define NID_desx_cbc			80
 
-#define SN_ld_ce			"ld-ce"
-#define NID_ld_ce			81
-#define OBJ_ld_ce			2L,5L,29L
+#define SN_id_ce			"id-ce"
+#define NID_id_ce			81
+#define OBJ_id_ce			2L,5L,29L
 
 #define SN_subject_key_identifier	"subjectKeyIdentifier"
 #define LN_subject_key_identifier	"X509v3 Subject Key Identifier"
 #define NID_subject_key_identifier	82
-#define OBJ_subject_key_identifier	OBJ_ld_ce,14L
+#define OBJ_subject_key_identifier	OBJ_id_ce,14L
 
 #define SN_key_usage			"keyUsage"
 #define LN_key_usage			"X509v3 Key Usage"
 #define NID_key_usage			83
-#define OBJ_key_usage			OBJ_ld_ce,15L
+#define OBJ_key_usage			OBJ_id_ce,15L
 
 #define SN_private_key_usage_period	"privateKeyUsagePeriod"
 #define LN_private_key_usage_period	"X509v3 Private Key Usage Period"
 #define NID_private_key_usage_period	84
-#define OBJ_private_key_usage_period	OBJ_ld_ce,16L
+#define OBJ_private_key_usage_period	OBJ_id_ce,16L
 
 #define SN_subject_alt_name		"subjectAltName"
 #define LN_subject_alt_name		"X509v3 Subject Alternative Name"
 #define NID_subject_alt_name		85
-#define OBJ_subject_alt_name		OBJ_ld_ce,17L
+#define OBJ_subject_alt_name		OBJ_id_ce,17L
 
 #define SN_issuer_alt_name		"issuerAltName"
 #define LN_issuer_alt_name		"X509v3 Issuer Alternative Name"
 #define NID_issuer_alt_name		86
-#define OBJ_issuer_alt_name		OBJ_ld_ce,18L
+#define OBJ_issuer_alt_name		OBJ_id_ce,18L
 
 #define SN_basic_constraints		"basicConstraints"
 #define LN_basic_constraints		"X509v3 Basic Constraints"
 #define NID_basic_constraints		87
-#define OBJ_basic_constraints		OBJ_ld_ce,19L
+#define OBJ_basic_constraints		OBJ_id_ce,19L
 
 #define SN_crl_number			"crlNumber"
 #define LN_crl_number			"X509v3 CRL Number"
 #define NID_crl_number			88
-#define OBJ_crl_number			OBJ_ld_ce,20L
+#define OBJ_crl_number			OBJ_id_ce,20L
 
 #define SN_certificate_policies		"certificatePolicies"
 #define LN_certificate_policies		"X509v3 Certificate Policies"
 #define NID_certificate_policies	89
-#define OBJ_certificate_policies	OBJ_ld_ce,32L
+#define OBJ_certificate_policies	OBJ_id_ce,32L
 
 #define SN_authority_key_identifier	"authorityKeyIdentifier"
 #define LN_authority_key_identifier	"X509v3 Authority Key Identifier"
 #define NID_authority_key_identifier	90
-#define OBJ_authority_key_identifier	OBJ_ld_ce,35L
+#define OBJ_authority_key_identifier	OBJ_id_ce,35L
 
 #define SN_bf_cbc			"BF-CBC"
 #define LN_bf_cbc			"bf-cbc"
 #define NID_bf_cbc			91
+#define OBJ_bf_cbc			1L,3L,6L,1L,4L,1L,3029L,1L,2L
 
 #define SN_bf_ecb			"BF-ECB"
 #define LN_bf_ecb			"bf-ecb"
@@ -551,7 +560,7 @@ extern "C" {
 #define SN_crl_distribution_points	"crlDistributionPoints"
 #define LN_crl_distribution_points	"X509v3 CRL Distribution Points"
 #define NID_crl_distribution_points	103
-#define OBJ_crl_distribution_points	OBJ_ld_ce,31L
+#define OBJ_crl_distribution_points	OBJ_id_ce,31L
 
 #define SN_md5WithRSA			"RSA-NP-MD5"
 #define LN_md5WithRSA			"md5WithRSA"
@@ -624,7 +633,7 @@ extern "C" {
 #define OBJ_ripemd160			1L,3L,36L,3L,2L,1L
 
 /* The name should actually be rsaSignatureWithripemd160, but I'm going
- * to contiune using the convention I'm using with the other ciphers */
+ * to continue using the convention I'm using with the other ciphers */
 #define SN_ripemd160WithRSA		"RSA-RIPEMD160"
 #define LN_ripemd160WithRSA		"ripemd160WithRSA"
 #define NID_ripemd160WithRSA		119
@@ -658,15 +667,297 @@ extern "C" {
 #define SN_rle_compression		"RLE"
 #define LN_rle_compression		"run length compression"
 #define NID_rle_compression		124
-#define OBJ_rle_compression		1L,1L,1L,1L,666L.1L
+#define OBJ_rle_compression		1L,1L,1L,1L,666L,1L
 
 #define SN_zlib_compression		"ZLIB"
 #define LN_zlib_compression		"zlib compression"
 #define NID_zlib_compression		125
-#define OBJ_zlib_compression		1L,1L,1L,1L,666L.2L
+#define OBJ_zlib_compression		1L,1L,1L,1L,666L,2L
+
+#define SN_ext_key_usage		"extendedKeyUsage"
+#define LN_ext_key_usage		"X509v3 Extended Key Usage"
+#define NID_ext_key_usage		126
+#define OBJ_ext_key_usage		OBJ_id_ce,37
+
+#define SN_id_pkix			"PKIX"
+#define NID_id_pkix			127
+#define OBJ_id_pkix			1L,3L,6L,1L,5L,5L,7L
+
+#define SN_id_kp			"id-kp"
+#define NID_id_kp			128
+#define OBJ_id_kp			OBJ_id_pkix,3L
+
+/* PKIX extended key usage OIDs */
+
+#define SN_server_auth			"serverAuth"
+#define LN_server_auth			"TLS Web Server Authentication"
+#define NID_server_auth			129
+#define OBJ_server_auth			OBJ_id_kp,1L
+
+#define SN_client_auth			"clientAuth"
+#define LN_client_auth			"TLS Web Client Authentication"
+#define NID_client_auth			130
+#define OBJ_client_auth			OBJ_id_kp,2L
+
+#define SN_code_sign			"codeSigning"
+#define LN_code_sign			"Code Signing"
+#define NID_code_sign			131
+#define OBJ_code_sign			OBJ_id_kp,3L
+
+#define SN_email_protect		"emailProtection"
+#define LN_email_protect		"E-mail Protection"
+#define NID_email_protect		132
+#define OBJ_email_protect		OBJ_id_kp,4L
+
+#define SN_time_stamp			"timeStamping"
+#define LN_time_stamp			"Time Stamping"
+#define NID_time_stamp			133
+#define OBJ_time_stamp			OBJ_id_kp,8L
+
+/* Additional extended key usage OIDs: Microsoft */
+
+#define SN_ms_code_ind			"msCodeInd"
+#define LN_ms_code_ind			"Microsoft Individual Code Signing"
+#define NID_ms_code_ind			134
+#define OBJ_ms_code_ind			1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+
+#define SN_ms_code_com			"msCodeCom"
+#define LN_ms_code_com			"Microsoft Commercial Code Signing"
+#define NID_ms_code_com			135
+#define OBJ_ms_code_com			1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+
+#define SN_ms_ctl_sign			"msCTLSign"
+#define LN_ms_ctl_sign			"Microsoft Trust List Signing"
+#define NID_ms_ctl_sign			136
+#define OBJ_ms_ctl_sign			1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+
+#define SN_ms_sgc			"msSGC"
+#define LN_ms_sgc			"Microsoft Server Gated Crypto"
+#define NID_ms_sgc			137
+#define OBJ_ms_sgc			1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+
+#define SN_ms_efs			"msEFS"
+#define LN_ms_efs			"Microsoft Encrypted File System"
+#define NID_ms_efs			138
+#define OBJ_ms_efs			1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+
+/* Additional usage: Netscape */
+
+#define SN_ns_sgc			"nsSGC"
+#define LN_ns_sgc			"Netscape Server Gated Crypto"
+#define NID_ns_sgc			139
+#define OBJ_ns_sgc			OBJ_netscape,4L,1L
+
+#define SN_delta_crl			"deltaCRL"
+#define LN_delta_crl			"X509v3 Delta CRL Indicator"
+#define NID_delta_crl			140
+#define OBJ_delta_crl			OBJ_id_ce,27L
+
+#define SN_crl_reason			"CRLReason"
+#define LN_crl_reason			"CRL Reason Code"
+#define NID_crl_reason			141
+#define OBJ_crl_reason			OBJ_id_ce,21L
+
+#define SN_invalidity_date		"invalidityDate"
+#define LN_invalidity_date		"Invalidity Date"
+#define NID_invalidity_date		142
+#define OBJ_invalidity_date		OBJ_id_ce,24L
+
+#define SN_sxnet			"SXNetID"
+#define LN_sxnet			"Strong Extranet ID"
+#define NID_sxnet			143
+#define OBJ_sxnet			1L,3L,101L,1L,4L,1L
+
+/* PKCS12 and related OBJECT IDENTIFIERS */
+
+#define OBJ_pkcs12			OBJ_pkcs,12L
+#define OBJ_pkcs12_pbeids		OBJ_pkcs12, 1
+
+#define SN_pbe_WithSHA1And128BitRC4	"PBE-SHA1-RC4-128"
+#define LN_pbe_WithSHA1And128BitRC4	"pbeWithSHA1And128BitRC4"
+#define NID_pbe_WithSHA1And128BitRC4	144
+#define OBJ_pbe_WithSHA1And128BitRC4	OBJ_pkcs12_pbeids, 1L
+
+#define SN_pbe_WithSHA1And40BitRC4	"PBE-SHA1-RC4-40"
+#define LN_pbe_WithSHA1And40BitRC4	"pbeWithSHA1And40BitRC4"
+#define NID_pbe_WithSHA1And40BitRC4	145
+#define OBJ_pbe_WithSHA1And40BitRC4	OBJ_pkcs12_pbeids, 2L
+
+#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC	"PBE-SHA1-3DES"
+#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC	"pbeWithSHA1And3-KeyTripleDES-CBC"
+#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC	146
+#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC	OBJ_pkcs12_pbeids, 3L
+
+#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC	"PBE-SHA1-2DES"
+#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC	"pbeWithSHA1And2-KeyTripleDES-CBC"
+#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC	147
+#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC	OBJ_pkcs12_pbeids, 4L
+
+#define SN_pbe_WithSHA1And128BitRC2_CBC		"PBE-SHA1-RC2-128"
+#define LN_pbe_WithSHA1And128BitRC2_CBC		"pbeWithSHA1And128BitRC2-CBC"
+#define NID_pbe_WithSHA1And128BitRC2_CBC	148
+#define OBJ_pbe_WithSHA1And128BitRC2_CBC	OBJ_pkcs12_pbeids, 5L
+
+#define SN_pbe_WithSHA1And40BitRC2_CBC	"PBE-SHA1-RC2-40"
+#define LN_pbe_WithSHA1And40BitRC2_CBC	"pbeWithSHA1And40BitRC2-CBC"
+#define NID_pbe_WithSHA1And40BitRC2_CBC	149
+#define OBJ_pbe_WithSHA1And40BitRC2_CBC	OBJ_pkcs12_pbeids, 6L
+
+#define OBJ_pkcs12_Version1	OBJ_pkcs12, 10L
+
+#define OBJ_pkcs12_BagIds	OBJ_pkcs12_Version1, 1L
+
+#define LN_keyBag		"keyBag"
+#define NID_keyBag		150
+#define OBJ_keyBag		OBJ_pkcs12_BagIds, 1L
+
+#define LN_pkcs8ShroudedKeyBag	"pkcs8ShroudedKeyBag"
+#define NID_pkcs8ShroudedKeyBag	151
+#define OBJ_pkcs8ShroudedKeyBag	OBJ_pkcs12_BagIds, 2L
+
+#define LN_certBag		"certBag"
+#define NID_certBag		152
+#define OBJ_certBag		OBJ_pkcs12_BagIds, 3L
+
+#define LN_crlBag		"crlBag"
+#define NID_crlBag		153
+#define OBJ_crlBag		OBJ_pkcs12_BagIds, 4L
+
+#define LN_secretBag		"secretBag"
+#define NID_secretBag		154
+#define OBJ_secretBag		OBJ_pkcs12_BagIds, 5L
+
+#define LN_safeContentsBag	"safeContentsBag"
+#define NID_safeContentsBag	155
+#define OBJ_safeContentsBag	OBJ_pkcs12_BagIds, 6L
+
+#define LN_friendlyName		"friendlyName"
+#define	NID_friendlyName	156
+#define OBJ_friendlyName	OBJ_pkcs9, 20L
+
+#define LN_localKeyID		"localKeyID"
+#define	NID_localKeyID		157
+#define OBJ_localKeyID		OBJ_pkcs9, 21L
+
+#define OBJ_certTypes		OBJ_pkcs9, 22L
+
+#define LN_x509Certificate	"x509Certificate"
+#define	NID_x509Certificate	158
+#define OBJ_x509Certificate	OBJ_certTypes, 1L
+
+#define LN_sdsiCertificate	"sdsiCertificate"
+#define	NID_sdsiCertificate	159
+#define OBJ_sdsiCertificate	OBJ_certTypes, 2L
+
+#define OBJ_crlTypes		OBJ_pkcs9, 23L
+
+#define LN_x509Crl		"x509Crl"
+#define	NID_x509Crl		160
+#define OBJ_x509Crl		OBJ_crlTypes, 1L
+
+/* PKCS#5 v2 OIDs */
+
+#define LN_pbes2		"PBES2"
+#define NID_pbes2		161
+#define OBJ_pbes2		OBJ_pkcs,5L,13L
+
+#define LN_pbmac1		"PBMAC1"
+#define NID_pbmac1		162
+#define OBJ_pbmac1		OBJ_pkcs,5L,14L
+
+#define LN_hmacWithSHA1		"hmacWithSHA1"
+#define NID_hmacWithSHA1	163
+#define OBJ_hmacWithSHA1	OBJ_rsadsi,2L,7L
+
+/* Policy Qualifier Ids */
+
+#define LN_id_qt_cps		"Policy Qualifier CPS"
+#define SN_id_qt_cps		"id-qt-cps"
+#define NID_id_qt_cps		164
+#define OBJ_id_qt_cps		OBJ_id_pkix,2L,1L
+
+#define LN_id_qt_unotice	"Policy Qualifier User Notice"
+#define SN_id_qt_unotice	"id-qt-unotice"
+#define NID_id_qt_unotice	165
+#define OBJ_id_qt_unotice	OBJ_id_pkix,2L,2L
+
+#define SN_rc2_64_cbc			"RC2-64-CBC"
+#define LN_rc2_64_cbc			"rc2-64-cbc"
+#define NID_rc2_64_cbc			166
+
+#define SN_SMIMECapabilities		"SMIME-CAPS"
+#define LN_SMIMECapabilities		"S/MIME Capabilities"
+#define NID_SMIMECapabilities		167
+#define OBJ_SMIMECapabilities		OBJ_pkcs9,15L
+
+#define SN_pbeWithMD2AndRC2_CBC		"PBE-MD2-RC2-64"
+#define LN_pbeWithMD2AndRC2_CBC		"pbeWithMD2AndRC2-CBC"
+#define NID_pbeWithMD2AndRC2_CBC	168
+#define OBJ_pbeWithMD2AndRC2_CBC	OBJ_pkcs,5L,4L
+
+#define SN_pbeWithMD5AndRC2_CBC		"PBE-MD5-RC2-64"
+#define LN_pbeWithMD5AndRC2_CBC		"pbeWithMD5AndRC2-CBC"
+#define NID_pbeWithMD5AndRC2_CBC	169
+#define OBJ_pbeWithMD5AndRC2_CBC	OBJ_pkcs,5L,6L
 
-#include "bio.h"
-#include "asn1.h"
+#define SN_pbeWithSHA1AndDES_CBC	"PBE-SHA1-DES"
+#define LN_pbeWithSHA1AndDES_CBC	"pbeWithSHA1AndDES-CBC"
+#define NID_pbeWithSHA1AndDES_CBC	170
+#define OBJ_pbeWithSHA1AndDES_CBC	OBJ_pkcs,5L,10L
+
+/* Extension request OIDs */
+
+#define LN_ms_ext_req			"Microsoft Extension Request"
+#define SN_ms_ext_req			"msExtReq"
+#define NID_ms_ext_req			171
+#define OBJ_ms_ext_req			1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+
+#define LN_ext_req			"Extension Request"
+#define SN_ext_req			"extReq"
+#define NID_ext_req			172
+#define OBJ_ext_req			OBJ_pkcs9,14L
+
+#define SN_name				"name"
+#define LN_name				"name"
+#define NID_name			173
+#define OBJ_name			OBJ_X509,41L
+
+#define SN_dnQualifier			"dnQualifier"
+#define LN_dnQualifier			"dnQualifier"
+#define NID_dnQualifier			174
+#define OBJ_dnQualifier			OBJ_X509,46L
+
+#define SN_id_pe			"id-pe"
+#define NID_id_pe			175
+#define OBJ_id_pe			OBJ_id_pkix,1L
+
+#define SN_id_ad			"id-ad"
+#define NID_id_ad			176
+#define OBJ_id_ad			OBJ_id_pkix,48L
+
+#define SN_info_access			"authorityInfoAccess"
+#define LN_info_access			"Authority Information Access"
+#define NID_info_access			177
+#define OBJ_info_access			OBJ_id_pe,1L
+
+#define SN_ad_OCSP			"OCSP"
+#define LN_ad_OCSP			"OCSP"
+#define NID_ad_OCSP			178
+#define OBJ_ad_OCSP			OBJ_id_ad,1L
+
+#define SN_ad_ca_issuers		"caIssuers"
+#define LN_ad_ca_issuers		"CA Issuers"
+#define NID_ad_ca_issuers		179
+#define OBJ_ad_ca_issuers		OBJ_id_ad,2L
+
+#define SN_OCSP_sign			"OCSPSigning"
+#define LN_OCSP_sign			"OCSP Signing"
+#define NID_OCSP_sign			180
+#define OBJ_OCSP_sign			OBJ_id_kp,9L
+#endif /* USE_OBJ_MAC */
+
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
 
 #define	OBJ_NAME_TYPE_UNDEF		0x00
 #define	OBJ_NAME_TYPE_MD_METH		0x01
@@ -678,76 +969,60 @@ extern "C" {
 #define	OBJ_NAME_ALIAS		0x8000
 
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 typedef struct obj_name_st
 	{
 	int type;
 	int alias;
-	char *name;
-	char *data;
+	const char *name;
+	const char *data;
 	} OBJ_NAME;
 
 #define		OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c)
 
-#ifndef NOPROTO
 
 int OBJ_NAME_init(void);
-int OBJ_NAME_new_index(unsigned long (*hash_func)(),int (*cmp_func)(),
-	void (*free_func)());
-char *OBJ_NAME_get(char *name,int type);
-int OBJ_NAME_add(char *name,int type,char *data);
-int OBJ_NAME_remove(char *name,int type);
+int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
+		       int (*cmp_func)(const char *, const char *),
+		       void (*free_func)(const char *, int, const char *));
+const char *OBJ_NAME_get(const char *name,int type);
+int OBJ_NAME_add(const char *name,int type,const char *data);
+int OBJ_NAME_remove(const char *name,int type);
 void OBJ_NAME_cleanup(int type); /* -1 for everything */
+void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),
+		     void *arg);
+void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg),
+			    void *arg);
 
-ASN1_OBJECT *	OBJ_dup(ASN1_OBJECT *o);
+ASN1_OBJECT *	OBJ_dup(const ASN1_OBJECT *o);
 ASN1_OBJECT *	OBJ_nid2obj(int n);
-char *		OBJ_nid2ln(int n);
-char *		OBJ_nid2sn(int n);
-int		OBJ_obj2nid(ASN1_OBJECT *o);
-int		OBJ_txt2nid(char *s);
-int		OBJ_ln2nid(char *s);
-int		OBJ_sn2nid(char *s);
-int		OBJ_cmp(ASN1_OBJECT *a,ASN1_OBJECT *b);
-char *		OBJ_bsearch(char *key,char *base,int num,int size,int (*cmp)());
-
-void		ERR_load_OBJ_strings(void );
+const char *	OBJ_nid2ln(int n);
+const char *	OBJ_nid2sn(int n);
+int		OBJ_obj2nid(const ASN1_OBJECT *o);
+ASN1_OBJECT *	OBJ_txt2obj(const char *s, int no_name);
+int	OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
+int		OBJ_txt2nid(const char *s);
+int		OBJ_ln2nid(const char *s);
+int		OBJ_sn2nid(const char *s);
+int		OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
+const char *	OBJ_bsearch(const char *key,const char *base,int num,int size,
+	int (*cmp)(const void *, const void *));
 
 int		OBJ_new_nid(int num);
-int		OBJ_add_object(ASN1_OBJECT *obj);
-int		OBJ_create(char *oid,char *sn,char *ln);
+int		OBJ_add_object(const ASN1_OBJECT *obj);
+int		OBJ_create(const char *oid,const char *sn,const char *ln);
 void		OBJ_cleanup(void );
 int		OBJ_create_objects(BIO *in);
 
-#else
-
-int OBJ_NAME_init();
-int OBJ_NAME_new_index();
-char *OBJ_NAME_get();
-int OBJ_NAME_add();
-int OBJ_NAME_remove();
-void OBJ_NAME_cleanup();
-
-ASN1_OBJECT *	OBJ_dup();
-ASN1_OBJECT *	OBJ_nid2obj();
-char *		OBJ_nid2ln();
-char *		OBJ_nid2sn();
-int		OBJ_obj2nid();
-int		OBJ_txt2nid();
-int		OBJ_ln2nid();
-int		OBJ_sn2nid();
-int		OBJ_cmp();
-char *		OBJ_bsearch();
-
-void		ERR_load_OBJ_strings();
-
-int		OBJ_new_nid();
-int		OBJ_add_object();
-int		OBJ_create();
-void		OBJ_cleanup();
-int		OBJ_create_objects();
-
-#endif
-
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_OBJ_strings(void);
+
 /* Error codes for the OBJ functions. */
 
 /* Function codes. */
@@ -760,9 +1035,8 @@ int		OBJ_create_objects();
 /* Reason codes. */
 #define OBJ_R_MALLOC_FAILURE				 100
 #define OBJ_R_UNKNOWN_NID				 101
- 
+
 #ifdef  __cplusplus
 }
 #endif
 #endif
-
diff --git a/crypto/objects/objects.pl b/crypto/objects/objects.pl
new file mode 100644
index 0000000000..76c06cc8f9
--- /dev/null
+++ b/crypto/objects/objects.pl
@@ -0,0 +1,229 @@
+#!/usr/local/bin/perl
+
+open (NUMIN,"$ARGV[1]") || die "Can't open number file $ARGV[1]";
+$max_nid=0;
+$o=0;
+while(<NUMIN>)
+	{
+	chop;
+	$o++;
+	s/#.*$//;
+	next if /^\s*$/;
+	$_ = 'X'.$_;
+	($Cname,$mynum) = split;
+	$Cname =~ s/^X//;
+	if (defined($nidn{$mynum}))
+		{ die "$ARGV[1]:$o:There's already an object with NID ",$mynum," on line ",$order{$mynum},"\n"; }
+	$nid{$Cname} = $mynum;
+	$nidn{$mynum} = $Cname;
+	$order{$mynum} = $o;
+	$max_nid = $mynum if $mynum > $max_nid;
+	}
+close NUMIN;
+
+open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]";
+$Cname="";
+$o=0;
+while (<IN>)
+	{
+	chop;
+	$o++;
+        if (/^!module\s+(.*)$/)
+		{
+		$module = $1."-";
+		$module =~ s/\./_/g;
+		$module =~ s/-/_/g;
+		}
+        if (/^!global$/)
+		{ $module = ""; }
+	if (/^!Cname\s+(.*)$/)
+		{ $Cname = $1; }
+	if (/^!Alias\s+(.+?)\s+(.*)$/)
+		{
+		$Cname = $module.$1;
+		$myoid = $2;
+		$myoid = &process_oid($myoid);
+		$Cname =~ s/-/_/g;
+		$ordern{$o} = $Cname;
+		$order{$Cname} = $o;
+		$obj{$Cname} = $myoid;
+		$_ = "";
+		$Cname = "";
+		}
+	s/!.*$//;
+	s/#.*$//;
+	next if /^\s*$/;
+	($myoid,$mysn,$myln) = split ':';
+	$mysn =~ s/^\s*//;
+	$mysn =~ s/\s*$//;
+	$myln =~ s/^\s*//;
+	$myln =~ s/\s*$//;
+	$myoid =~ s/^\s*//;
+	$myoid =~ s/\s*$//;
+	if ($myoid ne "")
+		{
+		$myoid = &process_oid($myoid);
+		}
+
+	if ($Cname eq "" && !($myln =~ / /))
+		{
+		$Cname = $myln;
+		$Cname =~ s/\./_/g;
+		$Cname =~ s/-/_/g;
+		if ($Cname ne "" && defined($ln{$module.$Cname}))
+			{ die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
+		}
+	if ($Cname eq "")
+		{
+		$Cname = $mysn;
+		$Cname =~ s/-/_/g;
+		if ($Cname ne "" && defined($sn{$module.$Cname}))
+			{ die "objects.txt:$o:There's already an object with short name ",$sn{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
+		}
+	if ($Cname eq "")
+		{
+		$Cname = $myln;
+		$Cname =~ s/-/_/g;
+		$Cname =~ s/\./_/g;
+		$Cname =~ s/ /_/g;
+		if ($Cname ne "" && defined($ln{$module.$Cname}))
+			{ die "objects.txt:$o:There's already an object with long name ",$ln{$module.$Cname}," on line ",$order{$module.$Cname},"\n"; }
+		}
+	$Cname =~ s/\./_/g;
+	$Cname =~ s/-/_/g;
+	$Cname = $module.$Cname;
+	$ordern{$o} = $Cname;
+	$order{$Cname} = $o;
+	$sn{$Cname} = $mysn;
+	$ln{$Cname} = $myln;
+	$obj{$Cname} = $myoid;
+	if (!defined($nid{$Cname}))
+		{
+		$max_nid++;
+		$nid{$Cname} = $max_nid;
+		$nidn{$max_nid} = $Cname;
+		}
+	$Cname="";
+	}
+close IN;
+
+open (NUMOUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]";
+foreach (sort { $a <=> $b } keys %nidn)
+	{
+	print NUMOUT $nidn{$_},"\t\t",$_,"\n";
+	}
+close NUMOUT;
+
+open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]";
+print OUT <<'EOF';
+/* crypto/objects/obj_mac.h */
+
+/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
+ * following command:
+ * perl objects.pl objects.txt obj_mac.num obj_mac.h
+ */
+
+/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#define SN_undef			"UNDEF"
+#define LN_undef			"undefined"
+#define NID_undef			0
+#define OBJ_undef			0L
+
+EOF
+
+foreach (sort { $a <=> $b } keys %ordern)
+	{
+	$Cname=$ordern{$_};
+	print OUT "#define SN_",$Cname,"\t\t\"",$sn{$Cname},"\"\n" if $sn{$Cname} ne "";
+	print OUT "#define LN_",$Cname,"\t\t\"",$ln{$Cname},"\"\n" if $ln{$Cname} ne "";
+	print OUT "#define NID_",$Cname,"\t\t",$nid{$Cname},"\n" if $nid{$Cname} ne "";
+	print OUT "#define OBJ_",$Cname,"\t\t",$obj{$Cname},"\n" if $obj{$Cname} ne "";
+	print OUT "\n";
+	}
+
+close OUT;
+
+sub process_oid
+	{
+	local($oid)=@_;
+	local(@a,$oid_pref);
+
+	@a = split(/\s+/,$myoid);
+	$pref_oid = "";
+	$pref_sep = "";
+	if (!($a[0] =~ /^[0-9]+$/))
+		{
+		$a[0] =~ s/-/_/g;
+		if (!defined($obj{$a[0]}))
+			{ die "$ARGV[0]:$o:Undefined identifier ",$a[0],"\n"; }
+		$pref_oid = "OBJ_" . $a[0];
+		$pref_sep = ",";
+		shift @a;
+		}
+	$oids = join('L,',@a) . "L";
+	if ($oids ne "L")
+		{
+		$oids = $pref_oid . $pref_sep . $oids;
+		}
+	else
+		{
+		$oids = $pref_oid;
+		}
+	return($oids);
+	}
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index cb276e90e9..3e4e9f2302 100644
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -1,40 +1,995 @@
-1 2			: ISO member bodies
-1 2 840			: US (ANSI)
-1 2 840 113549		: rsadsi	: RSA Data Security, Inc.
-1 2 840 113549 1	: pkcs		: RSA Data Security, Inc. PKCS
-1 2 840 113549 1 1 1	: rsaEncryption
-1 2 840 113549 1 1 2	: md2withRSAEncryption
-1 2 840 113549 1 1 4	: md5withRSAEncryption
-1 2 840 113549 1 7	: pkcs-7
-1 2 840 113549 1 7 1	: pkcs-7-data
-1 2 840 113549 1 7 2	: pkcs-7-signedData
-1 2 840 113549 1 7 3	: pkcs-7-envelopedData
-1 2 840 113549 1 7 4	: pkcs-7-signedAndEnvelopedData
-1 2 840 113549 1 7 5	: pkcs-7-digestData
-1 2 840 113549 1 7 6	: pkcs-7-encryptedData
-1 2 840 113549 2 2	: md2
-1 2 840 113549 2 4	: md4
-1 2 840 113549 2 5	: md5
-1 2 840 113549 3 4	: rc4
-1 2 840 113549 5 1	: pbeWithMD2AndDES_CBC
-1 2 840 113549 5 3	: pbeWithMD5AndDES_CBC
-2 5			: X500		: directory services (X.500)
-2 5 4			: X509
-2 5 4 3			: commonName
-2 5 4 6			: countryName
-2 5 4 7			: localityName
-2 5 4 8			: stateOrProvinceName
-2 5 4 10		: organizationName
-2 5 4 11		: organizationalUnitName
-2 5 8			: directory services - algorithms
-2 5 8 1 1		: rsa
-
-algorithm 18		: sha
-encryptionAlgorithm 1	: rsa
+0			: CCITT			: ccitt
+
+1			: ISO			: iso
+
+2			: JOINT-ISO-CCITT	: joint-iso-ccitt
+
+iso 2			: member-body		: ISO Member Body
+
+iso 3			: identified-organization
+
+identified-organization 132	: certicom-arc
+
+joint-iso-ccitt 23 43	: wap
+wap 13			: wap-wsg
+
+joint-iso-ccitt 5 1 5	: selected-attribute-types	: Selected Attribute Types
+
+selected-attribute-types 55	: clearance
+
+member-body 840		: ISO-US		: ISO US Member Body
+ISO-US 10040		: X9-57			: X9.57
+X9-57 4			: X9cm			: X9.57 CM ?
+
+!Cname dsa
+X9cm 1			: DSA			: dsaEncryption
+X9cm 3			: DSA-SHA1		: dsaWithSHA1
+
+
+ISO-US 10045		: ansi-X9-62		: ANSI X9.62
+!module X9-62
+!Alias id-fieldType ansi-X9-62 1
+X9-62_id-fieldType 1		: prime-field
+X9-62_id-fieldType 2		: characteristic-two-field
+X9-62_characteristic-two-field 3 : id-characteristic-two-basis
+X9-62_id-characteristic-two-basis 1 : onBasis
+X9-62_id-characteristic-two-basis 2 : tpBasis
+X9-62_id-characteristic-two-basis 3 : ppBasis
+!Alias id-publicKeyType ansi-X9-62 2
+X9-62_id-publicKeyType 1	: id-ecPublicKey
+!Alias ellipticCurve ansi-X9-62 3
+!Alias c-TwoCurve X9-62_ellipticCurve 0
+X9-62_c-TwoCurve 1		: c2pnb163v1
+X9-62_c-TwoCurve 2		: c2pnb163v2
+X9-62_c-TwoCurve 3		: c2pnb163v3
+X9-62_c-TwoCurve 4		: c2pnb176v1
+X9-62_c-TwoCurve 5		: c2tnb191v1
+X9-62_c-TwoCurve 6		: c2tnb191v2
+X9-62_c-TwoCurve 7		: c2tnb191v3
+X9-62_c-TwoCurve 8		: c2onb191v4
+X9-62_c-TwoCurve 9		: c2onb191v5
+X9-62_c-TwoCurve 10		: c2pnb208w1
+X9-62_c-TwoCurve 11		: c2tnb239v1
+X9-62_c-TwoCurve 12		: c2tnb239v2
+X9-62_c-TwoCurve 13		: c2tnb239v3
+X9-62_c-TwoCurve 14		: c2onb239v4
+X9-62_c-TwoCurve 15		: c2onb239v5
+X9-62_c-TwoCurve 16		: c2pnb272w1
+X9-62_c-TwoCurve 17		: c2pnb304w1
+X9-62_c-TwoCurve 18		: c2tnb359v1
+X9-62_c-TwoCurve 19		: c2pnb368w1
+X9-62_c-TwoCurve 20		: c2tnb431r1
+!Alias primeCurve X9-62_ellipticCurve 1
+X9-62_primeCurve 1	 	: prime192v1
+X9-62_primeCurve 2	 	: prime192v2
+X9-62_primeCurve 3	 	: prime192v3
+X9-62_primeCurve 4	 	: prime239v1
+X9-62_primeCurve 5	 	: prime239v2
+X9-62_primeCurve 6	 	: prime239v3
+X9-62_primeCurve 7	 	: prime256v1
+!Alias id-ecSigType ansi-X9-62 4
+!global
+X9-62_id-ecSigType 1		: ecdsa-with-SHA1
+
+# SECG curve OIDs from "SEC 2: Recommended Elliptic Curve Domain Parameters"
+# (http://www.secg.org/)
+!Alias secg_ellipticCurve certicom-arc 0
+# SECG prime curves OIDs
+secg-ellipticCurve 6		: secp112r1
+secg-ellipticCurve 7		: secp112r2
+secg-ellipticCurve 28		: secp128r1
+secg-ellipticCurve 29		: secp128r2
+secg-ellipticCurve 9		: secp160k1
+secg-ellipticCurve 8		: secp160r1
+secg-ellipticCurve 30		: secp160r2
+secg-ellipticCurve 31		: secp192k1
+secg-ellipticCurve 32		: secp224k1
+secg-ellipticCurve 33		: secp224r1
+secg-ellipticCurve 10		: secp256k1
+secg-ellipticCurve 34		: secp384r1
+secg-ellipticCurve 35		: secp521r1
+# SECG characteristic two curves OIDs
+secg-ellipticCurve 4		: sect113r1
+secg-ellipticCurve 5		: sect113r2
+secg-ellipticCurve 22		: sect131r1
+secg-ellipticCurve 23		: sect131r2
+secg-ellipticCurve 1		: sect163k1
+secg-ellipticCurve 2		: sect163r1
+secg-ellipticCurve 15		: sect163r2
+secg-ellipticCurve 24		: sect193r1
+secg-ellipticCurve 25		: sect193r2
+secg-ellipticCurve 26		: sect233k1
+secg-ellipticCurve 27		: sect233r1
+secg-ellipticCurve 3		: sect239k1
+secg-ellipticCurve 16		: sect283k1
+secg-ellipticCurve 17		: sect283r1
+secg-ellipticCurve 36		: sect409k1
+secg-ellipticCurve 37		: sect409r1
+secg-ellipticCurve 38		: sect571k1
+secg-ellipticCurve 39		: sect571r1
+
+# WAP/TLS curve OIDs (http://www.wapforum.org/)
+!Alias wap-wsg-idm-ecid wap-wsg 4
+wap-wsg-idm-ecid 1	: wap-wsg-idm-ecid-wtls1
+wap-wsg-idm-ecid 3	: wap-wsg-idm-ecid-wtls3
+wap-wsg-idm-ecid 4	: wap-wsg-idm-ecid-wtls4
+wap-wsg-idm-ecid 5	: wap-wsg-idm-ecid-wtls5
+wap-wsg-idm-ecid 6	: wap-wsg-idm-ecid-wtls6
+wap-wsg-idm-ecid 7	: wap-wsg-idm-ecid-wtls7
+wap-wsg-idm-ecid 8	: wap-wsg-idm-ecid-wtls8
+wap-wsg-idm-ecid 9	: wap-wsg-idm-ecid-wtls9
+wap-wsg-idm-ecid 10	: wap-wsg-idm-ecid-wtls10
+wap-wsg-idm-ecid 11	: wap-wsg-idm-ecid-wtls11
+wap-wsg-idm-ecid 12	: wap-wsg-idm-ecid-wtls12
+
+
+ISO-US 113533 7 66 10	: CAST5-CBC		: cast5-cbc
+			: CAST5-ECB		: cast5-ecb
+!Cname cast5-cfb64
+			: CAST5-CFB		: cast5-cfb
+!Cname cast5-ofb64
+			: CAST5-OFB		: cast5-ofb
+!Cname pbeWithMD5AndCast5-CBC
+ISO-US 113533 7 66 12	:			: pbeWithMD5AndCast5CBC
+
+ISO-US 113549		: rsadsi		: RSA Data Security, Inc.
+
+rsadsi 1		: pkcs			: RSA Data Security, Inc. PKCS
+
+pkcs 1			: pkcs1
+pkcs1 1			:			: rsaEncryption
+pkcs1 2			: RSA-MD2		: md2WithRSAEncryption
+pkcs1 3			: RSA-MD4		: md4WithRSAEncryption
+pkcs1 4			: RSA-MD5		: md5WithRSAEncryption
+pkcs1 5			: RSA-SHA1		: sha1WithRSAEncryption
+
+pkcs 3			: pkcs3
+pkcs3 1			:			: dhKeyAgreement
+
+pkcs 5			: pkcs5
+pkcs5 1			: PBE-MD2-DES		: pbeWithMD2AndDES-CBC
+pkcs5 3			: PBE-MD5-DES		: pbeWithMD5AndDES-CBC
+pkcs5 4			: PBE-MD2-RC2-64	: pbeWithMD2AndRC2-CBC
+pkcs5 6			: PBE-MD5-RC2-64	: pbeWithMD5AndRC2-CBC
+pkcs5 10		: PBE-SHA1-DES		: pbeWithSHA1AndDES-CBC
+pkcs5 11		: PBE-SHA1-RC2-64	: pbeWithSHA1AndRC2-CBC
+!Cname id_pbkdf2
+pkcs5 12		:			: PBKDF2
+!Cname pbes2
+pkcs5 13		:			: PBES2
+!Cname pbmac1
+pkcs5 14		:			: PBMAC1
+
+pkcs 7			: pkcs7
+pkcs7 1			:			: pkcs7-data
+!Cname pkcs7-signed
+pkcs7 2			:			: pkcs7-signedData
+!Cname pkcs7-enveloped
+pkcs7 3			:			: pkcs7-envelopedData
+!Cname pkcs7-signedAndEnveloped
+pkcs7 4			:			: pkcs7-signedAndEnvelopedData
+!Cname pkcs7-digest
+pkcs7 5			:			: pkcs7-digestData
+!Cname pkcs7-encrypted
+pkcs7 6			:			: pkcs7-encryptedData
+
+pkcs 9			: pkcs9
+!module pkcs9
+pkcs9 1			: 			: emailAddress
+pkcs9 2			:			: unstructuredName
+pkcs9 3			:			: contentType
+pkcs9 4			:			: messageDigest
+pkcs9 5			:			: signingTime
+pkcs9 6			:			: countersignature
+pkcs9 7			:			: challengePassword
+pkcs9 8			:			: unstructuredAddress
+!Cname extCertAttributes
+pkcs9 9			:			: extendedCertificateAttributes
+!global
+
+!Cname ext-req
+pkcs9 14		: extReq		: Extension Request
+
+!Cname SMIMECapabilities
+pkcs9 15		: SMIME-CAPS		: S/MIME Capabilities
+
+# S/MIME
+!Cname SMIME
+pkcs9 16		: SMIME			: S/MIME
+SMIME 0			: id-smime-mod
+SMIME 1			: id-smime-ct
+SMIME 2			: id-smime-aa
+SMIME 3			: id-smime-alg
+SMIME 4			: id-smime-cd
+SMIME 5			: id-smime-spq
+SMIME 6			: id-smime-cti
+
+# S/MIME Modules
+id-smime-mod 1		: id-smime-mod-cms
+id-smime-mod 2		: id-smime-mod-ess
+id-smime-mod 3		: id-smime-mod-oid
+id-smime-mod 4		: id-smime-mod-msg-v3
+id-smime-mod 5		: id-smime-mod-ets-eSignature-88
+id-smime-mod 6		: id-smime-mod-ets-eSignature-97
+id-smime-mod 7		: id-smime-mod-ets-eSigPolicy-88
+id-smime-mod 8		: id-smime-mod-ets-eSigPolicy-97
+
+# S/MIME Content Types
+id-smime-ct 1		: id-smime-ct-receipt
+id-smime-ct 2		: id-smime-ct-authData
+id-smime-ct 3		: id-smime-ct-publishCert
+id-smime-ct 4		: id-smime-ct-TSTInfo
+id-smime-ct 5		: id-smime-ct-TDTInfo
+id-smime-ct 6		: id-smime-ct-contentInfo
+id-smime-ct 7		: id-smime-ct-DVCSRequestData
+id-smime-ct 8		: id-smime-ct-DVCSResponseData
+
+# S/MIME Attributes
+id-smime-aa 1		: id-smime-aa-receiptRequest
+id-smime-aa 2		: id-smime-aa-securityLabel
+id-smime-aa 3		: id-smime-aa-mlExpandHistory
+id-smime-aa 4		: id-smime-aa-contentHint
+id-smime-aa 5		: id-smime-aa-msgSigDigest
+# obsolete
+id-smime-aa 6		: id-smime-aa-encapContentType
+id-smime-aa 7		: id-smime-aa-contentIdentifier
+# obsolete
+id-smime-aa 8		: id-smime-aa-macValue
+id-smime-aa 9		: id-smime-aa-equivalentLabels
+id-smime-aa 10		: id-smime-aa-contentReference
+id-smime-aa 11		: id-smime-aa-encrypKeyPref
+id-smime-aa 12		: id-smime-aa-signingCertificate
+id-smime-aa 13		: id-smime-aa-smimeEncryptCerts
+id-smime-aa 14		: id-smime-aa-timeStampToken
+id-smime-aa 15		: id-smime-aa-ets-sigPolicyId
+id-smime-aa 16		: id-smime-aa-ets-commitmentType
+id-smime-aa 17		: id-smime-aa-ets-signerLocation
+id-smime-aa 18		: id-smime-aa-ets-signerAttr
+id-smime-aa 19		: id-smime-aa-ets-otherSigCert
+id-smime-aa 20		: id-smime-aa-ets-contentTimestamp
+id-smime-aa 21		: id-smime-aa-ets-CertificateRefs
+id-smime-aa 22		: id-smime-aa-ets-RevocationRefs
+id-smime-aa 23		: id-smime-aa-ets-certValues
+id-smime-aa 24		: id-smime-aa-ets-revocationValues
+id-smime-aa 25		: id-smime-aa-ets-escTimeStamp
+id-smime-aa 26		: id-smime-aa-ets-certCRLTimestamp
+id-smime-aa 27		: id-smime-aa-ets-archiveTimeStamp
+id-smime-aa 28		: id-smime-aa-signatureType
+id-smime-aa 29		: id-smime-aa-dvcs-dvc
+
+# S/MIME Algorithm Identifiers
+# obsolete
+id-smime-alg 1		: id-smime-alg-ESDHwith3DES
+# obsolete
+id-smime-alg 2		: id-smime-alg-ESDHwithRC2
+# obsolete
+id-smime-alg 3		: id-smime-alg-3DESwrap
+# obsolete
+id-smime-alg 4		: id-smime-alg-RC2wrap
+id-smime-alg 5		: id-smime-alg-ESDH
+id-smime-alg 6		: id-smime-alg-CMS3DESwrap
+id-smime-alg 7		: id-smime-alg-CMSRC2wrap
+
+# S/MIME Certificate Distribution
+id-smime-cd 1		: id-smime-cd-ldap
+
+# S/MIME Signature Policy Qualifier
+id-smime-spq 1		: id-smime-spq-ets-sqt-uri
+id-smime-spq 2		: id-smime-spq-ets-sqt-unotice
+
+# S/MIME Commitment Type Identifier
+id-smime-cti 1		: id-smime-cti-ets-proofOfOrigin
+id-smime-cti 2		: id-smime-cti-ets-proofOfReceipt
+id-smime-cti 3		: id-smime-cti-ets-proofOfDelivery
+id-smime-cti 4		: id-smime-cti-ets-proofOfSender
+id-smime-cti 5		: id-smime-cti-ets-proofOfApproval
+id-smime-cti 6		: id-smime-cti-ets-proofOfCreation
+
+pkcs9 20		:			: friendlyName
+pkcs9 21		:			: localKeyID
+!Cname ms-csp-name
+1 3 6 1 4 1 311 17 1	: CSPName		: Microsoft CSP Name
+!Alias certTypes pkcs9 22
+certTypes 1		:			: x509Certificate
+certTypes 2		:			: sdsiCertificate
+!Alias crlTypes pkcs9 23
+crlTypes 1		:			: x509Crl
+
+!Alias pkcs12 pkcs 12
+!Alias pkcs12-pbeids pkcs12 1
+
+!Cname pbe-WithSHA1And128BitRC4
+pkcs12-pbeids 1		: PBE-SHA1-RC4-128	: pbeWithSHA1And128BitRC4
+!Cname pbe-WithSHA1And40BitRC4
+pkcs12-pbeids 2		: PBE-SHA1-RC4-40	: pbeWithSHA1And40BitRC4
+!Cname pbe-WithSHA1And3_Key_TripleDES-CBC
+pkcs12-pbeids 3		: PBE-SHA1-3DES		: pbeWithSHA1And3-KeyTripleDES-CBC
+!Cname pbe-WithSHA1And2_Key_TripleDES-CBC
+pkcs12-pbeids 4		: PBE-SHA1-2DES		: pbeWithSHA1And2-KeyTripleDES-CBC
+!Cname pbe-WithSHA1And128BitRC2-CBC
+pkcs12-pbeids 5		: PBE-SHA1-RC2-128	: pbeWithSHA1And128BitRC2-CBC
+!Cname pbe-WithSHA1And40BitRC2-CBC
+pkcs12-pbeids 6		: PBE-SHA1-RC2-40	: pbeWithSHA1And40BitRC2-CBC
+
+!Alias pkcs12-Version1 pkcs12 10
+!Alias pkcs12-BagIds pkcs12-Version1 1
+pkcs12-BagIds 1		:			: keyBag
+pkcs12-BagIds 2		:			: pkcs8ShroudedKeyBag
+pkcs12-BagIds 3		:			: certBag
+pkcs12-BagIds 4		:			: crlBag
+pkcs12-BagIds 5		:			: secretBag
+pkcs12-BagIds 6		:			: safeContentsBag
+
+rsadsi 2 2		: MD2			: md2
+rsadsi 2 4		: MD4			: md4
+rsadsi 2 5		: MD5			: md5
+			: MD5-SHA1		: md5-sha1
+rsadsi 2 7		:			: hmacWithSHA1
+rsadsi 3 2		: RC2-CBC		: rc2-cbc
+			: RC2-ECB		: rc2-ecb
+!Cname rc2-cfb64
+			: RC2-CFB		: rc2-cfb
+!Cname rc2-ofb64
+			: RC2-OFB		: rc2-ofb
+			: RC2-40-CBC		: rc2-40-cbc
+			: RC2-64-CBC		: rc2-64-cbc
+rsadsi 3 4		: RC4			: rc4
+			: RC4-40		: rc4-40
+rsadsi 3 7		: DES-EDE3-CBC		: des-ede3-cbc
+rsadsi 3 8		: RC5-CBC		: rc5-cbc
+			: RC5-ECB		: rc5-ecb
+!Cname rc5-cfb64
+			: RC5-CFB		: rc5-cfb
+!Cname rc5-ofb64
+			: RC5-OFB		: rc5-ofb
+
+!Cname ms-ext-req
+1 3 6 1 4 1 311 2 1 14	: msExtReq		: Microsoft Extension Request
+!Cname ms-code-ind
+1 3 6 1 4 1 311 2 1 21	: msCodeInd		: Microsoft Individual Code Signing
+!Cname ms-code-com
+1 3 6 1 4 1 311 2 1 22	: msCodeCom		: Microsoft Commercial Code Signing
+!Cname ms-ctl-sign
+1 3 6 1 4 1 311 10 3 1	: msCTLSign		: Microsoft Trust List Signing
+!Cname ms-sgc
+1 3 6 1 4 1 311 10 3 3	: msSGC			: Microsoft Server Gated Crypto
+!Cname ms-efs
+1 3 6 1 4 1 311 10 3 4	: msEFS			: Microsoft Encrypted File System
+!Cname ms-smartcard-login
+1 3 6 1 4 1 311 20 2 2	: msSmartcardLogin	: Microsoft Smartcardlogin
+!Cname ms-upn
+1 3 6 1 4 1 311 20 2 3	: msUPN			: Microsoft Universal Principal Name
+
+1 3 6 1 4 1 188 7 1 1 2	: IDEA-CBC		: idea-cbc
+			: IDEA-ECB		: idea-ecb
+!Cname idea-cfb64
+			: IDEA-CFB		: idea-cfb
+!Cname idea-ofb64
+			: IDEA-OFB		: idea-ofb
+
+1 3 6 1 4 1 3029 1 2	: BF-CBC		: bf-cbc
+			: BF-ECB		: bf-ecb
+!Cname bf-cfb64
+			: BF-CFB		: bf-cfb
+!Cname bf-ofb64
+			: BF-OFB		: bf-ofb
+
+!Cname id-pkix
+1 3 6 1 5 5 7		: PKIX
+
+# PKIX Arcs
+id-pkix 0		: id-pkix-mod
+id-pkix 1		: id-pe
+id-pkix 2		: id-qt
+id-pkix 3		: id-kp
+id-pkix 4		: id-it
+id-pkix 5		: id-pkip
+id-pkix 6		: id-alg
+id-pkix 7		: id-cmc
+id-pkix 8		: id-on
+id-pkix 9		: id-pda
+id-pkix 10		: id-aca
+id-pkix 11		: id-qcs
+id-pkix 12		: id-cct
+id-pkix 48		: id-ad
+
+# PKIX Modules
+id-pkix-mod 1		: id-pkix1-explicit-88
+id-pkix-mod 2		: id-pkix1-implicit-88
+id-pkix-mod 3		: id-pkix1-explicit-93
+id-pkix-mod 4		: id-pkix1-implicit-93
+id-pkix-mod 5		: id-mod-crmf
+id-pkix-mod 6		: id-mod-cmc
+id-pkix-mod 7		: id-mod-kea-profile-88
+id-pkix-mod 8		: id-mod-kea-profile-93
+id-pkix-mod 9		: id-mod-cmp
+id-pkix-mod 10		: id-mod-qualified-cert-88
+id-pkix-mod 11		: id-mod-qualified-cert-93
+id-pkix-mod 12		: id-mod-attribute-cert
+id-pkix-mod 13		: id-mod-timestamp-protocol
+id-pkix-mod 14		: id-mod-ocsp
+id-pkix-mod 15		: id-mod-dvcs
+id-pkix-mod 16		: id-mod-cmp2000
+
+# PKIX Private Extensions
+!Cname info-access
+id-pe 1			: authorityInfoAccess	: Authority Information Access
+id-pe 2			: biometricInfo		: Biometric Info
+id-pe 3			: qcStatements
+id-pe 4			: ac-auditEntity
+id-pe 5			: ac-targeting
+id-pe 6			: aaControls
+id-pe 7			: sbqp-ipAddrBlock
+id-pe 8			: sbqp-autonomousSysNum
+id-pe 9			: sbqp-routerIdentifier
+id-pe 10		: ac-proxying
+!Cname sinfo-access
+id-pe 11		: subjectInfoAccess	: Subject Information Access
+
+# PKIX policyQualifiers for Internet policy qualifiers
+id-qt 1			: id-qt-cps		: Policy Qualifier CPS
+id-qt 2			: id-qt-unotice		: Policy Qualifier User Notice
+id-qt 3			: textNotice
+
+# PKIX key purpose identifiers
+!Cname server-auth
+id-kp 1			: serverAuth		: TLS Web Server Authentication
+!Cname client-auth
+id-kp 2			: clientAuth		: TLS Web Client Authentication
+!Cname code-sign
+id-kp 3			: codeSigning		: Code Signing
+!Cname email-protect
+id-kp 4			: emailProtection	: E-mail Protection
+id-kp 5			: ipsecEndSystem	: IPSec End System
+id-kp 6			: ipsecTunnel		: IPSec Tunnel
+id-kp 7			: ipsecUser		: IPSec User
+!Cname time-stamp
+id-kp 8			: timeStamping		: Time Stamping
+# From OCSP spec RFC2560
+!Cname OCSP-sign
+id-kp 9			: OCSPSigning		: OCSP Signing
+id-kp 10		: DVCS			: dvcs
+
+# CMP information types
+id-it 1			: id-it-caProtEncCert
+id-it 2			: id-it-signKeyPairTypes
+id-it 3			: id-it-encKeyPairTypes
+id-it 4			: id-it-preferredSymmAlg
+id-it 5			: id-it-caKeyUpdateInfo
+id-it 6			: id-it-currentCRL
+id-it 7			: id-it-unsupportedOIDs
+# obsolete
+id-it 8			: id-it-subscriptionRequest
+# obsolete
+id-it 9			: id-it-subscriptionResponse
+id-it 10		: id-it-keyPairParamReq
+id-it 11		: id-it-keyPairParamRep
+id-it 12		: id-it-revPassphrase
+id-it 13		: id-it-implicitConfirm
+id-it 14		: id-it-confirmWaitTime
+id-it 15		: id-it-origPKIMessage
+
+# CRMF registration
+id-pkip 1		: id-regCtrl
+id-pkip 2		: id-regInfo
+
+# CRMF registration controls
+id-regCtrl 1		: id-regCtrl-regToken
+id-regCtrl 2		: id-regCtrl-authenticator
+id-regCtrl 3		: id-regCtrl-pkiPublicationInfo
+id-regCtrl 4		: id-regCtrl-pkiArchiveOptions
+id-regCtrl 5		: id-regCtrl-oldCertID
+id-regCtrl 6		: id-regCtrl-protocolEncrKey
+
+# CRMF registration information
+id-regInfo 1		: id-regInfo-utf8Pairs
+id-regInfo 2		: id-regInfo-certReq
+
+# algorithms
+id-alg 1		: id-alg-des40
+id-alg 2		: id-alg-noSignature
+id-alg 3		: id-alg-dh-sig-hmac-sha1
+id-alg 4		: id-alg-dh-pop
+
+# CMC controls
+id-cmc 1		: id-cmc-statusInfo
+id-cmc 2		: id-cmc-identification
+id-cmc 3		: id-cmc-identityProof
+id-cmc 4		: id-cmc-dataReturn
+id-cmc 5		: id-cmc-transactionId
+id-cmc 6		: id-cmc-senderNonce
+id-cmc 7		: id-cmc-recipientNonce
+id-cmc 8		: id-cmc-addExtensions
+id-cmc 9		: id-cmc-encryptedPOP
+id-cmc 10		: id-cmc-decryptedPOP
+id-cmc 11		: id-cmc-lraPOPWitness
+id-cmc 15		: id-cmc-getCert
+id-cmc 16		: id-cmc-getCRL
+id-cmc 17		: id-cmc-revokeRequest
+id-cmc 18		: id-cmc-regInfo
+id-cmc 19		: id-cmc-responseInfo
+id-cmc 21		: id-cmc-queryPending
+id-cmc 22		: id-cmc-popLinkRandom
+id-cmc 23		: id-cmc-popLinkWitness
+id-cmc 24		: id-cmc-confirmCertAcceptance 
+
+# other names
+id-on 1			: id-on-personalData
+
+# personal data attributes
+id-pda 1		: id-pda-dateOfBirth
+id-pda 2		: id-pda-placeOfBirth
+id-pda 3		: id-pda-gender
+id-pda 4		: id-pda-countryOfCitizenship
+id-pda 5		: id-pda-countryOfResidence
+
+# attribute certificate attributes
+id-aca 1		: id-aca-authenticationInfo
+id-aca 2		: id-aca-accessIdentity
+id-aca 3		: id-aca-chargingIdentity
+id-aca 4		: id-aca-group
+# attention : the following seems to be obsolete, replace by 'role'
+id-aca 5		: id-aca-role
+id-aca 6		: id-aca-encAttrs
+
+# qualified certificate statements
+id-qcs 1		: id-qcs-pkixQCSyntax-v1
+
+# CMC content types
+id-cct 1		: id-cct-crs
+id-cct 2		: id-cct-PKIData
+id-cct 3		: id-cct-PKIResponse
+
+# access descriptors for authority info access extension
+!Cname ad-OCSP
+id-ad 1			: OCSP			: OCSP
+!Cname ad-ca-issuers
+id-ad 2			: caIssuers		: CA Issuers
+!Cname ad-timeStamping
+id-ad 3			: ad_timestamping	: AD Time Stamping
+!Cname ad-dvcs
+id-ad 4			: AD_DVCS		: ad dvcs
+
+
+!Alias id-pkix-OCSP ad-OCSP
+!module id-pkix-OCSP
+!Cname basic
+id-pkix-OCSP 1		: basicOCSPResponse	: Basic OCSP Response
+id-pkix-OCSP 2		: Nonce			: OCSP Nonce
+id-pkix-OCSP 3		: CrlID			: OCSP CRL ID
+id-pkix-OCSP 4		: acceptableResponses	: Acceptable OCSP Responses
+id-pkix-OCSP 5		: noCheck		: OCSP No Check
+id-pkix-OCSP 6		: archiveCutoff		: OCSP Archive Cutoff
+id-pkix-OCSP 7		: serviceLocator	: OCSP Service Locator
+id-pkix-OCSP 8		: extendedStatus	: Extended OCSP Status
+id-pkix-OCSP 9		: valid
+id-pkix-OCSP 10		: path
+id-pkix-OCSP 11		: trustRoot		: Trust Root
+!global
+
+1 3 14 3 2		: algorithm		: algorithm
+algorithm 3		: RSA-NP-MD5		: md5WithRSA
+algorithm 6		: DES-ECB		: des-ecb
+algorithm 7		: DES-CBC		: des-cbc
+!Cname des-ofb64
+algorithm 8		: DES-OFB		: des-ofb
+!Cname des-cfb64
+algorithm 9		: DES-CFB		: des-cfb
 algorithm 11		: rsaSignature
+!Cname dsa-2
+algorithm 12		: DSA-old		: dsaEncryption-old
+algorithm 13		: DSA-SHA		: dsaWithSHA
+algorithm 15		: RSA-SHA		: shaWithRSAEncryption
+!Cname des-ede-ecb
+algorithm 17		: DES-EDE		: des-ede
+!Cname des-ede3-ecb
+			: DES-EDE3		: des-ede3
+			: DES-EDE-CBC		: des-ede-cbc
+!Cname des-ede-cfb64
+			: DES-EDE-CFB		: des-ede-cfb
+!Cname des-ede3-cfb64
+			: DES-EDE3-CFB		: des-ede3-cfb
+!Cname des-ede-ofb64
+			: DES-EDE-OFB		: des-ede-ofb
+!Cname des-ede3-ofb64
+			: DES-EDE3-OFB		: des-ede3-ofb
+			: DESX-CBC		: desx-cbc
+algorithm 18		: SHA			: sha
+algorithm 26		: SHA1			: sha1
+!Cname dsaWithSHA1-2
+algorithm 27		: DSA-SHA1-old		: dsaWithSHA1-old
+algorithm 29		: RSA-SHA1-2		: sha1WithRSA
+
+1 3 36 3 2 1		: RIPEMD160		: ripemd160
+1 3 36 3 3 1 2		: RSA-RIPEMD160		: ripemd160WithRSA
+
+!Cname sxnet
+1 3 101 1 4 1		: SXNetID		: Strong Extranet ID
+
+2 5			: X500			: directory services (X.500)
+
+X500 4			: X509
+X509 3			: CN			: commonName
+X509 4			: SN			: surname
+X509 5			: 			: serialNumber
+X509 6			: C			: countryName
+X509 7			: L			: localityName
+X509 8			: ST			: stateOrProvinceName
+X509 10			: O			: organizationName
+X509 11			: OU			: organizationalUnitName
+X509 12			: 			: title
+X509 13			: 			: description
+X509 41			: name			: name
+X509 42			: gn			: givenName
+X509 43			: 			: initials
+X509 44			: 			: generationQualifier
+X509 45			: 			: x500UniqueIdentifier
+X509 46			: dnQualifier		: dnQualifier
+X509 65			:			: pseudonym
+X509 72			: role			: role
+
+X500 8			: X500algorithms	: directory services - algorithms
+X500algorithms 1 1	: RSA			: rsa
+X500algorithms 3 100	: RSA-MDC2		: mdc2WithRSA
+X500algorithms 3 101	: MDC2			: mdc2
+
+X500 29			: id-ce
+!Cname subject-key-identifier
+id-ce 14		: subjectKeyIdentifier	: X509v3 Subject Key Identifier
+!Cname key-usage
+id-ce 15		: keyUsage		: X509v3 Key Usage
+!Cname private-key-usage-period
+id-ce 16		: privateKeyUsagePeriod	: X509v3 Private Key Usage Period
+!Cname subject-alt-name
+id-ce 17		: subjectAltName	: X509v3 Subject Alternative Name
+!Cname issuer-alt-name
+id-ce 18		: issuerAltName		: X509v3 Issuer Alternative Name
+!Cname basic-constraints
+id-ce 19		: basicConstraints	: X509v3 Basic Constraints
+!Cname crl-number
+id-ce 20		: crlNumber		: X509v3 CRL Number
+!Cname crl-reason
+id-ce 21		: CRLReason		: X509v3 CRL Reason Code
+!Cname invalidity-date
+id-ce 24		: invalidityDate	: Invalidity Date
+!Cname delta-crl
+id-ce 27		: deltaCRL		: X509v3 Delta CRL Indicator
+!Cname crl-distribution-points
+id-ce 31		: crlDistributionPoints	: X509v3 CRL Distribution Points
+!Cname certificate-policies
+id-ce 32		: certificatePolicies	: X509v3 Certificate Policies
+!Cname authority-key-identifier
+id-ce 35		: authorityKeyIdentifier : X509v3 Authority Key Identifier
+!Cname policy-constraints
+id-ce 36		: policyConstraints	: X509v3 Policy Constraints
+!Cname ext-key-usage
+id-ce 37		: extendedKeyUsage	: X509v3 Extended Key Usage
+!Cname target-information
+id-ce 55		: targetInformation	: X509v3 AC Targeting
+!Cname no-rev-avail
+id-ce 56		: noRevAvail		: X509v3 No Revocation Available
+
+!Cname netscape
+2 16 840 1 113730	: Netscape		: Netscape Communications Corp.
+!Cname netscape-cert-extension
+netscape 1		: nsCertExt		: Netscape Certificate Extension
+!Cname netscape-data-type
+netscape 2		: nsDataType		: Netscape Data Type
+!Cname netscape-cert-type
+netscape-cert-extension 1 : nsCertType		: Netscape Cert Type
+!Cname netscape-base-url
+netscape-cert-extension 2 : nsBaseUrl		: Netscape Base Url
+!Cname netscape-revocation-url
+netscape-cert-extension 3 : nsRevocationUrl	: Netscape Revocation Url
+!Cname netscape-ca-revocation-url
+netscape-cert-extension 4 : nsCaRevocationUrl	: Netscape CA Revocation Url
+!Cname netscape-renewal-url
+netscape-cert-extension 7 : nsRenewalUrl	: Netscape Renewal Url
+!Cname netscape-ca-policy-url
+netscape-cert-extension 8 : nsCaPolicyUrl	: Netscape CA Policy Url
+!Cname netscape-ssl-server-name
+netscape-cert-extension 12 : nsSslServerName	: Netscape SSL Server Name
+!Cname netscape-comment
+netscape-cert-extension 13 : nsComment		: Netscape Comment
+!Cname netscape-cert-sequence
+netscape-data-type 5	: nsCertSequence	: Netscape Certificate Sequence
+!Cname ns-sgc
+netscape 4 1		: nsSGC			: Netscape Server Gated Crypto
+
+# iso(1)
+iso 3			: ORG			: org
+org 6			: DOD			: dod
+dod 1			: IANA			: iana
+!Alias internet iana
+
+internet 1		: directory		: Directory
+internet 2		: mgmt			: Management
+internet 3		: experimental		: Experimental
+internet 4		: private		: Private
+internet 5		: security		: Security
+internet 6		: snmpv2		: SNMPv2
+# Documents refer to "internet 7" as "mail". This however leads to ambiguities
+# with RFC2798, Section 9.1.3, where "mail" is defined as the short name for
+# rfc822Mailbox. The short name is therefore here left out for a reason.
+# Subclasses of "mail", e.g. "MIME MHS" don't consitute a problem, as
+# references are realized via long name "Mail" (with capital M).
+internet 7		:			: Mail
+
+Private 1		: enterprises		: Enterprises
+
+# RFC 2247
+Enterprises 1466 344	: dcobject		: dcObject
+
+# RFC 1495
+Mail 1			: mime-mhs		: MIME MHS
+mime-mhs 1		: mime-mhs-headings	: mime-mhs-headings
+mime-mhs 2		: mime-mhs-bodies	: mime-mhs-bodies
+mime-mhs-headings 1	: id-hex-partial-message : id-hex-partial-message
+mime-mhs-headings 2	: id-hex-multipart-message : id-hex-multipart-message
+
+# What the hell are these OIDs, really?
+!Cname rle-compression
+1 1 1 1 666 1		: RLE			: run length compression
+!Cname zlib-compression
+1 1 1 1 666 2		: ZLIB			: zlib compression
+
+# AES aka Rijndael
+
+!Alias csor 2 16 840 1 101 3
+!Alias nistAlgorithms csor 4
+!Alias aes nistAlgorithms 1
+
+aes 1			: AES-128-ECB		: aes-128-ecb
+aes 2			: AES-128-CBC		: aes-128-cbc
+!Cname aes-128-ofb128
+aes 3			: AES-128-OFB		: aes-128-ofb
+!Cname aes-128-cfb128
+aes 4			: AES-128-CFB		: aes-128-cfb
+
+aes 21			: AES-192-ECB		: aes-192-ecb
+aes 22			: AES-192-CBC		: aes-192-cbc
+!Cname aes-192-ofb128
+aes 23			: AES-192-OFB		: aes-192-ofb
+!Cname aes-192-cfb128
+aes 24			: AES-192-CFB		: aes-192-cfb
+
+aes 41			: AES-256-ECB		: aes-256-ecb
+aes 42			: AES-256-CBC		: aes-256-cbc
+!Cname aes-256-ofb128
+aes 43			: AES-256-OFB		: aes-256-ofb
+!Cname aes-256-cfb128
+aes 44			: AES-256-CFB		: aes-256-cfb
+
+# Hold instruction CRL entry extension
+!Cname hold-instruction-code
+id-ce 23		: holdInstructionCode	: Hold Instruction Code
+!Alias holdInstruction	X9-57 2
+!Cname hold-instruction-none
+holdInstruction 1	: holdInstructionNone	: Hold Instruction None
+!Cname hold-instruction-call-issuer
+holdInstruction 2	: holdInstructionCallIssuer : Hold Instruction Call Issuer
+!Cname hold-instruction-reject
+holdInstruction 3	: holdInstructionReject	: Hold Instruction Reject
+
+# OID's from CCITT.  Most of this is defined in RFC 1274.  A couple of
+# them are also mentioned in RFC 2247
+ccitt 9			: data
+data 2342		: pss
+pss 19200300		: ucl
+ucl 100			: pilot
+pilot 1			:			: pilotAttributeType
+pilot 3			:			: pilotAttributeSyntax
+pilot 4			:			: pilotObjectClass
+pilot 10		:			: pilotGroups
+pilotAttributeSyntax 4	:			: iA5StringSyntax
+pilotAttributeSyntax 5	:			: caseIgnoreIA5StringSyntax
+pilotObjectClass 3	:			: pilotObject
+pilotObjectClass 4	:			: pilotPerson
+pilotObjectClass 5	: account
+pilotObjectClass 6	: document
+pilotObjectClass 7	: room
+pilotObjectClass 9	:			: documentSeries
+pilotObjectClass 13	: domain		: Domain
+pilotObjectClass 14	:			: rFC822localPart
+pilotObjectClass 15	:			: dNSDomain
+pilotObjectClass 17	:			: domainRelatedObject
+pilotObjectClass 18	:			: friendlyCountry
+pilotObjectClass 19	:			: simpleSecurityObject
+pilotObjectClass 20	:			: pilotOrganization
+pilotObjectClass 21	:			: pilotDSA
+pilotObjectClass 22	:			: qualityLabelledData
+pilotAttributeType 1	: UID			: userId
+pilotAttributeType 2	:			: textEncodedORAddress
+pilotAttributeType 3	: mail			: rfc822Mailbox
+pilotAttributeType 4	: info
+pilotAttributeType 5	:			: favouriteDrink
+pilotAttributeType 6	:			: roomNumber
+pilotAttributeType 7	: photo
+pilotAttributeType 8	:			: userClass
+pilotAttributeType 9	: host
+pilotAttributeType 10	: manager
+pilotAttributeType 11	:			: documentIdentifier
+pilotAttributeType 12	:			: documentTitle
+pilotAttributeType 13	:			: documentVersion
+pilotAttributeType 14	:			: documentAuthor
+pilotAttributeType 15	:			: documentLocation
+pilotAttributeType 20	:			: homeTelephoneNumber
+pilotAttributeType 21	: secretary
+pilotAttributeType 22	:			: otherMailbox
+pilotAttributeType 23	:			: lastModifiedTime
+pilotAttributeType 24	:			: lastModifiedBy
+pilotAttributeType 25	: DC			: domainComponent
+pilotAttributeType 26	:			: aRecord
+pilotAttributeType 27	:			: pilotAttributeType27
+pilotAttributeType 28	:			: mXRecord
+pilotAttributeType 29	:			: nSRecord
+pilotAttributeType 30	:			: sOARecord
+pilotAttributeType 31	:			: cNAMERecord
+pilotAttributeType 37	:			: associatedDomain
+pilotAttributeType 38	:			: associatedName
+pilotAttributeType 39	:			: homePostalAddress
+pilotAttributeType 40	:			: personalTitle
+pilotAttributeType 41	:			: mobileTelephoneNumber
+pilotAttributeType 42	:			: pagerTelephoneNumber
+pilotAttributeType 43	:			: friendlyCountryName
+# The following clashes with 2.5.4.45, so commented away
+#pilotAttributeType 44	: uid			: uniqueIdentifier
+pilotAttributeType 45	:			: organizationalStatus
+pilotAttributeType 46	:			: janetMailbox
+pilotAttributeType 47	:			: mailPreferenceOption
+pilotAttributeType 48	:			: buildingName
+pilotAttributeType 49	:			: dSAQuality
+pilotAttributeType 50	:			: singleLevelQuality
+pilotAttributeType 51	:			: subtreeMinimumQuality
+pilotAttributeType 52	:			: subtreeMaximumQuality
+pilotAttributeType 53	:			: personalSignature
+pilotAttributeType 54	:			: dITRedirect
+pilotAttributeType 55	: audio
+pilotAttributeType 56	:			: documentPublisher
+
+2 23 42			: id-set		: Secure Electronic Transactions
+
+id-set 0		: set-ctype		: content types
+id-set 1		: set-msgExt		: message extensions
+id-set 3		: set-attr
+id-set 5		: set-policy
+id-set 7		: set-certExt		: certificate extensions
+id-set 8		: set-brand
+
+set-ctype 0		: setct-PANData
+set-ctype 1		: setct-PANToken
+set-ctype 2		: setct-PANOnly
+set-ctype 3		: setct-OIData
+set-ctype 4		: setct-PI
+set-ctype 5		: setct-PIData
+set-ctype 6		: setct-PIDataUnsigned
+set-ctype 7		: setct-HODInput
+set-ctype 8		: setct-AuthResBaggage
+set-ctype 9		: setct-AuthRevReqBaggage
+set-ctype 10		: setct-AuthRevResBaggage
+set-ctype 11		: setct-CapTokenSeq
+set-ctype 12		: setct-PInitResData
+set-ctype 13		: setct-PI-TBS
+set-ctype 14		: setct-PResData
+set-ctype 16		: setct-AuthReqTBS
+set-ctype 17		: setct-AuthResTBS
+set-ctype 18		: setct-AuthResTBSX
+set-ctype 19		: setct-AuthTokenTBS
+set-ctype 20		: setct-CapTokenData
+set-ctype 21		: setct-CapTokenTBS
+set-ctype 22		: setct-AcqCardCodeMsg
+set-ctype 23		: setct-AuthRevReqTBS
+set-ctype 24		: setct-AuthRevResData
+set-ctype 25		: setct-AuthRevResTBS
+set-ctype 26		: setct-CapReqTBS
+set-ctype 27		: setct-CapReqTBSX
+set-ctype 28		: setct-CapResData
+set-ctype 29		: setct-CapRevReqTBS
+set-ctype 30		: setct-CapRevReqTBSX
+set-ctype 31		: setct-CapRevResData
+set-ctype 32		: setct-CredReqTBS
+set-ctype 33		: setct-CredReqTBSX
+set-ctype 34		: setct-CredResData
+set-ctype 35		: setct-CredRevReqTBS
+set-ctype 36		: setct-CredRevReqTBSX
+set-ctype 37		: setct-CredRevResData
+set-ctype 38		: setct-PCertReqData
+set-ctype 39		: setct-PCertResTBS
+set-ctype 40		: setct-BatchAdminReqData
+set-ctype 41		: setct-BatchAdminResData
+set-ctype 42		: setct-CardCInitResTBS
+set-ctype 43		: setct-MeAqCInitResTBS
+set-ctype 44		: setct-RegFormResTBS
+set-ctype 45		: setct-CertReqData
+set-ctype 46		: setct-CertReqTBS
+set-ctype 47		: setct-CertResData
+set-ctype 48		: setct-CertInqReqTBS
+set-ctype 49		: setct-ErrorTBS
+set-ctype 50		: setct-PIDualSignedTBE
+set-ctype 51		: setct-PIUnsignedTBE
+set-ctype 52		: setct-AuthReqTBE
+set-ctype 53		: setct-AuthResTBE
+set-ctype 54		: setct-AuthResTBEX
+set-ctype 55		: setct-AuthTokenTBE
+set-ctype 56		: setct-CapTokenTBE
+set-ctype 57		: setct-CapTokenTBEX
+set-ctype 58		: setct-AcqCardCodeMsgTBE
+set-ctype 59		: setct-AuthRevReqTBE
+set-ctype 60		: setct-AuthRevResTBE
+set-ctype 61		: setct-AuthRevResTBEB
+set-ctype 62		: setct-CapReqTBE
+set-ctype 63		: setct-CapReqTBEX
+set-ctype 64		: setct-CapResTBE
+set-ctype 65		: setct-CapRevReqTBE
+set-ctype 66		: setct-CapRevReqTBEX
+set-ctype 67		: setct-CapRevResTBE
+set-ctype 68		: setct-CredReqTBE
+set-ctype 69		: setct-CredReqTBEX
+set-ctype 70		: setct-CredResTBE
+set-ctype 71		: setct-CredRevReqTBE
+set-ctype 72		: setct-CredRevReqTBEX
+set-ctype 73		: setct-CredRevResTBE
+set-ctype 74		: setct-BatchAdminReqTBE
+set-ctype 75		: setct-BatchAdminResTBE
+set-ctype 76		: setct-RegFormReqTBE
+set-ctype 77		: setct-CertReqTBE
+set-ctype 78		: setct-CertReqTBEX
+set-ctype 79		: setct-CertResTBE
+set-ctype 80		: setct-CRLNotificationTBS
+set-ctype 81		: setct-CRLNotificationResTBS
+set-ctype 82		: setct-BCIDistributionTBS
+
+set-msgExt 1		: setext-genCrypt	: generic cryptogram
+set-msgExt 3		: setext-miAuth		: merchant initiated auth
+set-msgExt 4		: setext-pinSecure
+set-msgExt 5		: setext-pinAny
+set-msgExt 7		: setext-track2
+set-msgExt 8		: setext-cv		: additional verification
+
+set-policy 0		: set-policy-root
+
+set-certExt 0		: setCext-hashedRoot
+set-certExt 1		: setCext-certType
+set-certExt 2		: setCext-merchData
+set-certExt 3		: setCext-cCertRequired
+set-certExt 4		: setCext-tunneling
+set-certExt 5		: setCext-setExt
+set-certExt 6		: setCext-setQualf
+set-certExt 7		: setCext-PGWYcapabilities
+set-certExt 8		: setCext-TokenIdentifier
+set-certExt 9		: setCext-Track2Data
+set-certExt 10		: setCext-TokenType
+set-certExt 11		: setCext-IssuerCapabilities
+
+set-attr 0		: setAttr-Cert
+set-attr 1		: setAttr-PGWYcap	: payment gateway capabilities
+set-attr 2		: setAttr-TokenType
+set-attr 3		: setAttr-IssCap	: issuer capabilities
+
+setAttr-Cert 0		: set-rootKeyThumb
+setAttr-Cert 1		: set-addPolicy
+
+setAttr-TokenType 1	: setAttr-Token-EMV
+setAttr-TokenType 2	: setAttr-Token-B0Prime
+
+setAttr-IssCap 3	: setAttr-IssCap-CVM
+setAttr-IssCap 4	: setAttr-IssCap-T2
+setAttr-IssCap 5	: setAttr-IssCap-Sig
+
+setAttr-IssCap-CVM 1	: setAttr-GenCryptgrm	: generate cryptogram
+setAttr-IssCap-T2 1	: setAttr-T2Enc		: encrypted track 2
+setAttr-IssCap-T2 2	: setAttr-T2cleartxt	: cleartext track 2
+
+setAttr-IssCap-Sig 1	: setAttr-TokICCsig	: ICC or token signature
+setAttr-IssCap-Sig 2	: setAttr-SecDevSig	: secure device signature
+
+set-brand 1		: set-brand-IATA-ATA
+set-brand 30		: set-brand-Diners
+set-brand 34		: set-brand-AmericanExpress
+set-brand 35		: set-brand-JCB
+set-brand 4		: set-brand-Visa
+set-brand 5		: set-brand-MasterCard
+set-brand 6011		: set-brand-Novus
 
-algorithm 6		: desECB
-algorithm 7		: desCBC
-algorithm 8		: desOFB
-algorithm 9		: desCFB
-algorithm 17		: desEDE2
+rsadsi 3 10		: DES-CDMF		: des-cdmf
+rsadsi 1 1 6		: rsaOAEPEncryptionSET
diff --git a/crypto/ocsp/.cvsignore b/crypto/ocsp/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/ocsp/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/ocsp/Makefile.ssl b/crypto/ocsp/Makefile.ssl
new file mode 100644
index 0000000000..681bf4dfe7
--- /dev/null
+++ b/crypto/ocsp/Makefile.ssl
@@ -0,0 +1,308 @@
+#
+# OpenSSL/ocsp/Makefile.ssl
+#
+
+DIR=	ocsp
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c \
+	ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c
+
+LIBOBJ= ocsp_asn.o ocsp_ext.o ocsp_ht.o ocsp_lib.o ocsp_cl.o \
+	ocsp_srv.o ocsp_prn.o ocsp_vfy.o ocsp_err.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ocsp.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ocsp_asn.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_asn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+ocsp_asn.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_asn.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_asn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_asn.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_asn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ocsp_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ocsp_asn.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_asn.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_asn.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_asn.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_asn.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_asn.o: ../../include/openssl/opensslconf.h
+ocsp_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_asn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_asn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_asn.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_asn.o: ../../include/openssl/x509v3.h ocsp_asn.c
+ocsp_cl.o: ../../e_os.h ../../include/openssl/aes.h
+ocsp_cl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_cl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_cl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_cl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_cl.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_cl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_cl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ocsp_cl.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ocsp_cl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_cl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_cl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_cl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_cl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_cl.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_cl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_cl.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_cl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_cl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_cl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+ocsp_cl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_cl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_cl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ocsp_cl.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+ocsp_cl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_cl.o: ../cryptlib.h ocsp_cl.c
+ocsp_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_err.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_err.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+ocsp_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ocsp_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ocsp_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_err.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_err.o: ../../include/openssl/opensslconf.h
+ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_err.o: ../../include/openssl/x509v3.h ocsp_err.c
+ocsp_ext.o: ../../e_os.h ../../include/openssl/aes.h
+ocsp_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_ext.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_ext.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ocsp_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ocsp_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_ext.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_ext.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_ext.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_ext.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_ext.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+ocsp_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ocsp_ext.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+ocsp_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_ext.o: ../cryptlib.h ocsp_ext.c
+ocsp_ht.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_ht.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_ht.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_ht.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_ht.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_ht.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+ocsp_ht.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ocsp_ht.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ocsp_ht.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ocsp_ht.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_ht.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_ht.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_ht.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_ht.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_ht.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ocsp_ht.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+ocsp_ht.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_ht.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+ocsp_ht.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_ht.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_ht.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ocsp_ht.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+ocsp_ht.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_ht.o: ocsp_ht.c
+ocsp_lib.o: ../../e_os.h ../../include/openssl/aes.h
+ocsp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_lib.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ocsp_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ocsp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_lib.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+ocsp_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ocsp_lib.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+ocsp_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_lib.o: ../cryptlib.h ocsp_lib.c
+ocsp_prn.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_prn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_prn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_prn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_prn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_prn.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+ocsp_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ocsp_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ocsp_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ocsp_prn.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_prn.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_prn.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_prn.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_prn.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_prn.o: ../../include/openssl/opensslconf.h
+ocsp_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_prn.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_prn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_prn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_prn.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_prn.o: ../../include/openssl/x509v3.h ocsp_prn.c
+ocsp_srv.o: ../../e_os.h ../../include/openssl/aes.h
+ocsp_srv.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_srv.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_srv.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_srv.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_srv.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+ocsp_srv.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_srv.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ocsp_srv.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+ocsp_srv.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_srv.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_srv.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_srv.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_srv.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_srv.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_srv.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_srv.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+ocsp_srv.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+ocsp_srv.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_srv.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+ocsp_srv.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_srv.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_srv.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ocsp_srv.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+ocsp_srv.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_srv.o: ../cryptlib.h ocsp_srv.c
+ocsp_vfy.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+ocsp_vfy.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_vfy.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_vfy.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_vfy.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+ocsp_vfy.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+ocsp_vfy.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ocsp_vfy.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+ocsp_vfy.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_vfy.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_vfy.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_vfy.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_vfy.o: ../../include/openssl/opensslconf.h
+ocsp_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ocsp_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+ocsp_vfy.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+ocsp_vfy.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+ocsp_vfy.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+ocsp_vfy.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ocsp_vfy.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ocsp_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+ocsp_vfy.o: ../../include/openssl/x509v3.h ocsp_vfy.c
diff --git a/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h
new file mode 100644
index 0000000000..fab3c03182
--- /dev/null
+++ b/crypto/ocsp/ocsp.h
@@ -0,0 +1,619 @@
+/* ocsp.h */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was transfered to Richard Levitte from CertCo by Kathy
+   Weinhold in mid-spring 2000 to be included in OpenSSL or released
+   as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_OCSP_H
+#define HEADER_OCSP_H
+
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/safestack.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Various flags and values */
+
+#define OCSP_DEFAULT_NONCE_LENGTH	16
+
+#define OCSP_NOCERTS			0x1
+#define OCSP_NOINTERN			0x2
+#define OCSP_NOSIGS			0x4
+#define OCSP_NOCHAIN			0x8
+#define OCSP_NOVERIFY			0x10
+#define OCSP_NOEXPLICIT			0x20
+#define OCSP_NOCASIGN			0x40
+#define OCSP_NODELEGATED		0x80
+#define OCSP_NOCHECKS			0x100
+#define OCSP_TRUSTOTHER			0x200
+#define OCSP_RESPID_KEY			0x400
+#define OCSP_NOTIME			0x800
+
+/*   CertID ::= SEQUENCE {
+ *       hashAlgorithm            AlgorithmIdentifier,
+ *       issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
+ *       issuerKeyHash      OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
+ *       serialNumber       CertificateSerialNumber }
+ */
+typedef struct ocsp_cert_id_st
+	{
+	X509_ALGOR *hashAlgorithm;
+	ASN1_OCTET_STRING *issuerNameHash;
+	ASN1_OCTET_STRING *issuerKeyHash;
+	ASN1_INTEGER *serialNumber;
+	} OCSP_CERTID;
+
+DECLARE_STACK_OF(OCSP_CERTID)
+
+/*   Request ::=     SEQUENCE {
+ *       reqCert                    CertID,
+ *       singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_one_request_st
+	{
+	OCSP_CERTID *reqCert;
+	STACK_OF(X509_EXTENSION) *singleRequestExtensions;
+	} OCSP_ONEREQ;
+
+DECLARE_STACK_OF(OCSP_ONEREQ)
+DECLARE_ASN1_SET_OF(OCSP_ONEREQ)
+
+
+/*   TBSRequest      ::=     SEQUENCE {
+ *       version             [0] EXPLICIT Version DEFAULT v1,
+ *       requestorName       [1] EXPLICIT GeneralName OPTIONAL,
+ *       requestList             SEQUENCE OF Request,
+ *       requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_req_info_st
+	{
+	ASN1_INTEGER *version;
+	GENERAL_NAME *requestorName;
+	STACK_OF(OCSP_ONEREQ) *requestList;
+	STACK_OF(X509_EXTENSION) *requestExtensions;
+	} OCSP_REQINFO;
+
+/*   Signature       ::=     SEQUENCE {
+ *       signatureAlgorithm   AlgorithmIdentifier,
+ *       signature            BIT STRING,
+ *       certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+typedef struct ocsp_signature_st
+	{
+	X509_ALGOR *signatureAlgorithm;
+	ASN1_BIT_STRING *signature;
+	STACK_OF(X509) *certs;
+	} OCSP_SIGNATURE;
+
+/*   OCSPRequest     ::=     SEQUENCE {
+ *       tbsRequest                  TBSRequest,
+ *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
+ */
+typedef struct ocsp_request_st
+	{
+	OCSP_REQINFO *tbsRequest;
+	OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
+	} OCSP_REQUEST;
+
+/*   OCSPResponseStatus ::= ENUMERATED {
+ *       successful            (0),      --Response has valid confirmations
+ *       malformedRequest      (1),      --Illegal confirmation request
+ *       internalError         (2),      --Internal error in issuer
+ *       tryLater              (3),      --Try again later
+ *                                       --(4) is not used
+ *       sigRequired           (5),      --Must sign the request
+ *       unauthorized          (6)       --Request unauthorized
+ *   }
+ */
+#define OCSP_RESPONSE_STATUS_SUCCESSFUL          0
+#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST     1
+#define OCSP_RESPONSE_STATUS_INTERNALERROR        2
+#define OCSP_RESPONSE_STATUS_TRYLATER             3
+#define OCSP_RESPONSE_STATUS_SIGREQUIRED          5
+#define OCSP_RESPONSE_STATUS_UNAUTHORIZED         6
+
+/*   ResponseBytes ::=       SEQUENCE {
+ *       responseType   OBJECT IDENTIFIER,
+ *       response       OCTET STRING }
+ */
+typedef struct ocsp_resp_bytes_st
+	{
+	ASN1_OBJECT *responseType;
+	ASN1_OCTET_STRING *response;
+	} OCSP_RESPBYTES;
+
+/*   OCSPResponse ::= SEQUENCE {
+ *      responseStatus         OCSPResponseStatus,
+ *      responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
+ */
+typedef struct ocsp_response_st
+	{
+	ASN1_ENUMERATED *responseStatus;
+	OCSP_RESPBYTES  *responseBytes;
+	} OCSP_RESPONSE;
+
+/*   ResponderID ::= CHOICE {
+ *      byName   [1] Name,
+ *      byKey    [2] KeyHash }
+ */
+#define V_OCSP_RESPID_NAME 0
+#define V_OCSP_RESPID_KEY  1
+typedef struct ocsp_responder_id_st
+	{
+	int type;
+	union   {
+		X509_NAME* byName;
+        	ASN1_OCTET_STRING *byKey;
+		} value;
+	} OCSP_RESPID;
+/*   KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
+ *                            --(excluding the tag and length fields)
+ */
+
+/*   RevokedInfo ::= SEQUENCE {
+ *       revocationTime              GeneralizedTime,
+ *       revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
+ */
+typedef struct ocsp_revoked_info_st
+	{
+	ASN1_GENERALIZEDTIME *revocationTime;
+	ASN1_ENUMERATED *revocationReason;
+	} OCSP_REVOKEDINFO;
+
+/*   CertStatus ::= CHOICE {
+ *       good                [0]     IMPLICIT NULL,
+ *       revoked             [1]     IMPLICIT RevokedInfo,
+ *       unknown             [2]     IMPLICIT UnknownInfo }
+ */
+#define V_OCSP_CERTSTATUS_GOOD    0
+#define V_OCSP_CERTSTATUS_REVOKED 1
+#define V_OCSP_CERTSTATUS_UNKNOWN 2
+typedef struct ocsp_cert_status_st
+	{
+	int type;
+	union	{
+		ASN1_NULL *good;
+		OCSP_REVOKEDINFO *revoked;
+		ASN1_NULL *unknown;
+		} value;
+	} OCSP_CERTSTATUS;
+
+/*   SingleResponse ::= SEQUENCE {
+ *      certID                       CertID,
+ *      certStatus                   CertStatus,
+ *      thisUpdate                   GeneralizedTime,
+ *      nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
+ *      singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_single_response_st
+	{
+	OCSP_CERTID *certId;
+	OCSP_CERTSTATUS *certStatus;
+	ASN1_GENERALIZEDTIME *thisUpdate;
+	ASN1_GENERALIZEDTIME *nextUpdate;
+	STACK_OF(X509_EXTENSION) *singleExtensions;
+	} OCSP_SINGLERESP;
+
+DECLARE_STACK_OF(OCSP_SINGLERESP)
+DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)
+
+/*   ResponseData ::= SEQUENCE {
+ *      version              [0] EXPLICIT Version DEFAULT v1,
+ *      responderID              ResponderID,
+ *      producedAt               GeneralizedTime,
+ *      responses                SEQUENCE OF SingleResponse,
+ *      responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_response_data_st
+	{
+	ASN1_INTEGER *version;
+	OCSP_RESPID  *responderId;
+	ASN1_GENERALIZEDTIME *producedAt;
+	STACK_OF(OCSP_SINGLERESP) *responses;
+	STACK_OF(X509_EXTENSION) *responseExtensions;
+	} OCSP_RESPDATA;
+
+/*   BasicOCSPResponse       ::= SEQUENCE {
+ *      tbsResponseData      ResponseData,
+ *      signatureAlgorithm   AlgorithmIdentifier,
+ *      signature            BIT STRING,
+ *      certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+  /* Note 1:
+     The value for "signature" is specified in the OCSP rfc2560 as follows:
+     "The value for the signature SHALL be computed on the hash of the DER
+     encoding ResponseData."  This means that you must hash the DER-encoded
+     tbsResponseData, and then run it through a crypto-signing function, which
+     will (at least w/RSA) do a hash-'n'-private-encrypt operation.  This seems
+     a bit odd, but that's the spec.  Also note that the data structures do not
+     leave anywhere to independently specify the algorithm used for the initial
+     hash. So, we look at the signature-specification algorithm, and try to do
+     something intelligent.	-- Kathy Weinhold, CertCo */
+  /* Note 2:
+     It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open
+     for interpretation.  I've done tests against another responder, and found
+     that it doesn't do the double hashing that the RFC seems to say one
+     should.  Therefore, all relevant functions take a flag saying which
+     variant should be used.	-- Richard Levitte, OpenSSL team and CeloCom */
+typedef struct ocsp_basic_response_st
+	{
+	OCSP_RESPDATA *tbsResponseData;
+	X509_ALGOR *signatureAlgorithm;
+	ASN1_BIT_STRING *signature;
+	STACK_OF(X509) *certs;
+	} OCSP_BASICRESP;
+
+/*
+ *   CRLReason ::= ENUMERATED {
+ *        unspecified             (0),
+ *        keyCompromise           (1),
+ *        cACompromise            (2),
+ *        affiliationChanged      (3),
+ *        superseded              (4),
+ *        cessationOfOperation    (5),
+ *        certificateHold         (6),
+ *        removeFromCRL           (8) }
+ */
+#define OCSP_REVOKED_STATUS_NOSTATUS               -1
+#define OCSP_REVOKED_STATUS_UNSPECIFIED             0
+#define OCSP_REVOKED_STATUS_KEYCOMPROMISE           1
+#define OCSP_REVOKED_STATUS_CACOMPROMISE            2
+#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED      3
+#define OCSP_REVOKED_STATUS_SUPERSEDED              4
+#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION    5
+#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD         6
+#define OCSP_REVOKED_STATUS_REMOVEFROMCRL           8
+
+/* CrlID ::= SEQUENCE {
+ *     crlUrl               [0]     EXPLICIT IA5String OPTIONAL,
+ *     crlNum               [1]     EXPLICIT INTEGER OPTIONAL,
+ *     crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }
+ */
+typedef struct ocsp_crl_id_st
+        {
+	ASN1_IA5STRING *crlUrl;
+	ASN1_INTEGER *crlNum;
+	ASN1_GENERALIZEDTIME *crlTime;
+        } OCSP_CRLID;
+
+/* ServiceLocator ::= SEQUENCE {
+ *      issuer    Name,
+ *      locator   AuthorityInfoAccessSyntax OPTIONAL }
+ */
+typedef struct ocsp_service_locator_st
+        {
+	X509_NAME* issuer;
+	STACK_OF(ACCESS_DESCRIPTION) *locator;
+        } OCSP_SERVICELOC;
+ 
+#define PEM_STRING_OCSP_REQUEST	"OCSP REQUEST"
+#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
+
+#define d2i_OCSP_REQUEST_bio(bp,p) (OCSP_REQUEST*)ASN1_d2i_bio((char*(*)()) \
+		OCSP_REQUEST_new,(char *(*)())d2i_OCSP_REQUEST, (bp),\
+		(unsigned char **)(p))
+
+#define d2i_OCSP_RESPONSE_bio(bp,p) (OCSP_RESPONSE*)ASN1_d2i_bio((char*(*)())\
+		OCSP_REQUEST_new,(char *(*)())d2i_OCSP_RESPONSE, (bp),\
+		(unsigned char **)(p))
+
+#define	PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
+     (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)
+
+#define	PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\
+     (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)
+
+#define PEM_write_bio_OCSP_REQUEST(bp,o) \
+    PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
+			bp,(char *)o, NULL,NULL,0,NULL,NULL)
+
+#define PEM_write_bio_OCSP_RESPONSE(bp,o) \
+    PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
+			bp,(char *)o, NULL,NULL,0,NULL,NULL)
+
+#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_RESPONSE,bp,\
+		(unsigned char *)o)
+
+#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_REQUEST,bp,\
+		(unsigned char *)o)
+
+#define OCSP_REQUEST_sign(o,pkey,md) \
+	ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
+		o->optionalSignature->signatureAlgorithm,NULL,\
+	        o->optionalSignature->signature,o->tbsRequest,pkey,md)
+
+#define OCSP_BASICRESP_sign(o,pkey,md,d) \
+	ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\
+		o->signature,o->tbsResponseData,pkey,md)
+
+#define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
+        a->optionalSignature->signatureAlgorithm,\
+	a->optionalSignature->signature,a->tbsRequest,r)
+
+#define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
+	a->signatureAlgorithm,a->signature,a->tbsResponseData,r)
+
+#define ASN1_BIT_STRING_digest(data,type,md,len) \
+	ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
+
+#define OCSP_CERTID_dup(cid) (OCSP_CERTID*)ASN1_dup((int(*)())i2d_OCSP_CERTID,\
+		(char *(*)())d2i_OCSP_CERTID,(char *)(cid))
+
+#define OCSP_CERTSTATUS_dup(cs)\
+                (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
+		(char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
+
+OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
+
+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
+
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, 
+			      X509_NAME *issuerName, 
+			      ASN1_BIT_STRING* issuerKey, 
+			      ASN1_INTEGER *serialNumber);
+
+OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
+
+int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
+int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
+int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
+int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
+
+int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
+int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
+
+int OCSP_request_sign(OCSP_REQUEST   *req,
+		      X509           *signer,
+		      EVP_PKEY       *key,
+		      const EVP_MD   *dgst,
+		      STACK_OF(X509) *certs,
+		      unsigned long flags);
+
+int OCSP_response_status(OCSP_RESPONSE *resp);
+OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
+
+int OCSP_resp_count(OCSP_BASICRESP *bs);
+OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
+int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
+int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+				ASN1_GENERALIZEDTIME **revtime,
+				ASN1_GENERALIZEDTIME **thisupd,
+				ASN1_GENERALIZEDTIME **nextupd);
+int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
+				int *reason,
+				ASN1_GENERALIZEDTIME **revtime,
+				ASN1_GENERALIZEDTIME **thisupd,
+				ASN1_GENERALIZEDTIME **nextupd);
+int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
+			ASN1_GENERALIZEDTIME *nextupd,
+			long sec, long maxsec);
+
+int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags);
+
+int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl);
+
+int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b);
+
+int OCSP_request_onereq_count(OCSP_REQUEST *req);
+OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
+OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);
+int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+			ASN1_OCTET_STRING **pikeyHash,
+			ASN1_INTEGER **pserial, OCSP_CERTID *cid);
+int OCSP_request_is_signed(OCSP_REQUEST *req);
+OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
+OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
+						OCSP_CERTID *cid,
+						int status, int reason,
+						ASN1_TIME *revtime,
+					ASN1_TIME *thisupd, ASN1_TIME *nextupd);
+int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
+int OCSP_basic_sign(OCSP_BASICRESP *brsp, 
+			X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+			STACK_OF(X509) *certs, unsigned long flags);
+
+ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), 
+				char *data, STACK_OF(ASN1_OBJECT) *sk);
+
+X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
+
+X509_EXTENSION *OCSP_accept_responses_new(char **oids);
+
+X509_EXTENSION *OCSP_archive_cutoff_new(char* tim);
+
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls);
+
+int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);
+int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);
+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos);
+int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos);
+X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);
+X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);
+void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx);
+int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
+							unsigned long flags);
+int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);
+int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);
+int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos);
+int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);
+X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);
+X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc);
+void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx);
+int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
+							unsigned long flags);
+int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);
+int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);
+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos);
+int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos);
+X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);
+X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);
+void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx);
+int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit,
+							unsigned long flags);
+int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);
+int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos);
+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos);
+int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos);
+X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
+X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);
+void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx);
+int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit,
+							unsigned long flags);
+int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc);
+
+DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
+DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
+DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
+DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES)
+DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)
+DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)
+DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)
+DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)
+DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
+DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
+DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
+
+char *OCSP_response_status_str(long s);
+char *OCSP_cert_status_str(long s);
+char *OCSP_crl_reason_str(long s);
+
+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);
+
+int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+				X509_STORE *st, unsigned long flags);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_OCSP_strings(void);
+
+/* Error codes for the OCSP functions. */
+
+/* Function codes. */
+#define OCSP_F_ASN1_STRING_ENCODE			 100
+#define OCSP_F_CERT_ID_NEW				 101
+#define OCSP_F_D2I_OCSP_NONCE				 102
+#define OCSP_F_OCSP_BASIC_ADD1_STATUS			 103
+#define OCSP_F_OCSP_BASIC_SIGN				 104
+#define OCSP_F_OCSP_BASIC_VERIFY			 105
+#define OCSP_F_OCSP_CHECK_DELEGATED			 106
+#define OCSP_F_OCSP_CHECK_IDS				 107
+#define OCSP_F_OCSP_CHECK_ISSUER			 108
+#define OCSP_F_OCSP_CHECK_VALIDITY			 115
+#define OCSP_F_OCSP_MATCH_ISSUERID			 109
+#define OCSP_F_OCSP_PARSE_URL				 114
+#define OCSP_F_OCSP_REQUEST_SIGN			 110
+#define OCSP_F_OCSP_REQUEST_VERIFY			 116
+#define OCSP_F_OCSP_RESPONSE_GET1_BASIC			 111
+#define OCSP_F_OCSP_SENDREQ_BIO				 112
+#define OCSP_F_REQUEST_VERIFY				 113
+
+/* Reason codes. */
+#define OCSP_R_BAD_DATA					 100
+#define OCSP_R_CERTIFICATE_VERIFY_ERROR			 101
+#define OCSP_R_DIGEST_ERR				 102
+#define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD		 122
+#define OCSP_R_ERROR_IN_THISUPDATE_FIELD		 123
+#define OCSP_R_ERROR_PARSING_URL			 121
+#define OCSP_R_MISSING_OCSPSIGNING_USAGE		 103
+#define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE		 124
+#define OCSP_R_NOT_BASIC_RESPONSE			 104
+#define OCSP_R_NO_CERTIFICATES_IN_CHAIN			 105
+#define OCSP_R_NO_CONTENT				 106
+#define OCSP_R_NO_PUBLIC_KEY				 107
+#define OCSP_R_NO_RESPONSE_DATA				 108
+#define OCSP_R_NO_REVOKED_TIME				 109
+#define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE	 110
+#define OCSP_R_REQUEST_NOT_SIGNED			 128
+#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA	 111
+#define OCSP_R_ROOT_CA_NOT_TRUSTED			 112
+#define OCSP_R_SERVER_READ_ERROR			 113
+#define OCSP_R_SERVER_RESPONSE_ERROR			 114
+#define OCSP_R_SERVER_RESPONSE_PARSE_ERROR		 115
+#define OCSP_R_SERVER_WRITE_ERROR			 116
+#define OCSP_R_SIGNATURE_FAILURE			 117
+#define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND		 118
+#define OCSP_R_STATUS_EXPIRED				 125
+#define OCSP_R_STATUS_NOT_YET_VALID			 126
+#define OCSP_R_STATUS_TOO_OLD				 127
+#define OCSP_R_UNKNOWN_MESSAGE_DIGEST			 119
+#define OCSP_R_UNKNOWN_NID				 120
+#define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE		 129
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/ocsp/ocsp_asn.c b/crypto/ocsp/ocsp_asn.c
new file mode 100644
index 0000000000..6a3a360d54
--- /dev/null
+++ b/crypto/ocsp/ocsp_asn.c
@@ -0,0 +1,182 @@
+/* ocsp_asn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/ocsp.h>
+
+ASN1_SEQUENCE(OCSP_SIGNATURE) = {
+	ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
+	ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
+	ASN1_EXP_SEQUENCE_OF(OCSP_SIGNATURE, certs, X509, 0)
+} ASN1_SEQUENCE_END(OCSP_SIGNATURE)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
+
+ASN1_SEQUENCE(OCSP_CERTID) = {
+	ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
+	ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(OCSP_CERTID)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID)
+
+ASN1_SEQUENCE(OCSP_ONEREQ) = {
+	ASN1_SIMPLE(OCSP_ONEREQ, reqCert, OCSP_CERTID),
+	ASN1_EXP_SEQUENCE_OF_OPT(OCSP_ONEREQ, singleRequestExtensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END(OCSP_ONEREQ)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_ONEREQ)
+
+ASN1_SEQUENCE(OCSP_REQINFO) = {
+	ASN1_EXP_OPT(OCSP_REQINFO, version, ASN1_INTEGER, 0),
+	ASN1_EXP_OPT(OCSP_REQINFO, requestorName, GENERAL_NAME, 1),
+	ASN1_SEQUENCE_OF(OCSP_REQINFO, requestList, OCSP_ONEREQ),
+	ASN1_EXP_SEQUENCE_OF_OPT(OCSP_REQINFO, requestExtensions, X509_EXTENSION, 2)
+} ASN1_SEQUENCE_END(OCSP_REQINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO)
+
+ASN1_SEQUENCE(OCSP_REQUEST) = {
+	ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
+	ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0)
+} ASN1_SEQUENCE_END(OCSP_REQUEST)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST)
+
+/* OCSP_RESPONSE templates */
+
+ASN1_SEQUENCE(OCSP_RESPBYTES) = {
+	    ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT),
+	    ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(OCSP_RESPBYTES)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES)
+
+ASN1_SEQUENCE(OCSP_RESPONSE) = {
+	ASN1_SIMPLE(OCSP_RESPONSE, responseStatus, ASN1_ENUMERATED),
+	ASN1_EXP_OPT(OCSP_RESPONSE, responseBytes, OCSP_RESPBYTES, 0)
+} ASN1_SEQUENCE_END(OCSP_RESPONSE)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE)
+
+ASN1_CHOICE(OCSP_RESPID) = {
+	   ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1),
+	   ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2)
+} ASN1_CHOICE_END(OCSP_RESPID)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID)
+
+ASN1_SEQUENCE(OCSP_REVOKEDINFO) = {
+	ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME),
+  	ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0)
+} ASN1_SEQUENCE_END(OCSP_REVOKEDINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
+
+ASN1_CHOICE(OCSP_CERTSTATUS) = {
+	ASN1_IMP(OCSP_CERTSTATUS, value.good, ASN1_NULL, 0),
+	ASN1_IMP(OCSP_CERTSTATUS, value.revoked, OCSP_REVOKEDINFO, 1),
+	ASN1_IMP(OCSP_CERTSTATUS, value.unknown, ASN1_NULL, 2)
+} ASN1_CHOICE_END(OCSP_CERTSTATUS)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
+
+ASN1_SEQUENCE(OCSP_SINGLERESP) = {
+	   ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID),
+	   ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS),
+	   ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME),
+	   ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0),
+	   ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(OCSP_SINGLERESP)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP)
+
+ASN1_SEQUENCE(OCSP_RESPDATA) = {
+	   ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
+	   ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID),
+	   ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
+	   ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
+	   ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(OCSP_RESPDATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)
+
+ASN1_SEQUENCE(OCSP_BASICRESP) = {
+	   ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
+	   ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
+	   ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
+	   ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
+} ASN1_SEQUENCE_END(OCSP_BASICRESP)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP)
+
+ASN1_SEQUENCE(OCSP_CRLID) = {
+	   ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0),
+	   ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1),
+	   ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2)
+} ASN1_SEQUENCE_END(OCSP_CRLID)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID)
+
+ASN1_SEQUENCE(OCSP_SERVICELOC) = {
+	ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME),
+	ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION)
+} ASN1_SEQUENCE_END(OCSP_SERVICELOC)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SERVICELOC)
diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c
new file mode 100644
index 0000000000..9b3e6dd8ca
--- /dev/null
+++ b/crypto/ocsp/ocsp_cl.c
@@ -0,0 +1,370 @@
+/* ocsp_cl.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was transfered to Richard Levitte from CertCo by Kathy
+   Weinhold in mid-spring 2000 to be included in OpenSSL or released
+   as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <cryptlib.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/ocsp.h>
+
+/* Utility functions related to sending OCSP requests and extracting
+ * relevant information from the response.
+ */
+
+/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ 
+ * pointer: useful if we want to add extensions.
+ */
+
+OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
+        {
+	OCSP_ONEREQ *one = NULL;
+
+	if (!(one = OCSP_ONEREQ_new())) goto err;
+	if (one->reqCert) OCSP_CERTID_free(one->reqCert);
+	one->reqCert = cid;
+	if (req &&
+		!sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one))
+				goto err;
+	return one;
+err:
+	OCSP_ONEREQ_free(one);
+	return NULL;
+        }
+
+/* Set requestorName from an X509_NAME structure */
+
+int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm)
+	{
+	GENERAL_NAME *gen;
+	gen = GENERAL_NAME_new();
+	if (!X509_NAME_set(&gen->d.directoryName, nm))
+		{
+		GENERAL_NAME_free(gen);
+		return 0;
+		}
+	gen->type = GEN_DIRNAME;
+	if (req->tbsRequest->requestorName)
+		GENERAL_NAME_free(req->tbsRequest->requestorName);
+	req->tbsRequest->requestorName = gen;
+	return 1;
+	}
+	
+
+/* Add a certificate to an OCSP request */
+
+int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)
+	{
+	OCSP_SIGNATURE *sig;
+	if (!req->optionalSignature)
+		req->optionalSignature = OCSP_SIGNATURE_new();
+	sig = req->optionalSignature;
+	if (!sig) return 0;
+	if (!cert) return 1;
+	if (!sig->certs && !(sig->certs = sk_X509_new_null()))
+		return 0;
+
+	if(!sk_X509_push(sig->certs, cert)) return 0;
+	CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+	return 1;
+	}
+
+/* Sign an OCSP request set the requestorName to the subjec
+ * name of an optional signers certificate and include one
+ * or more optional certificates in the request. Behaves
+ * like PKCS7_sign().
+ */
+
+int OCSP_request_sign(OCSP_REQUEST   *req,
+		      X509           *signer,
+		      EVP_PKEY       *key,
+		      const EVP_MD   *dgst,
+		      STACK_OF(X509) *certs,
+		      unsigned long flags)
+        {
+	int i;
+	OCSP_SIGNATURE *sig;
+	X509 *x;
+
+	if (!OCSP_request_set1_name(req, X509_get_subject_name(signer)))
+			goto err;
+
+	if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err;
+	if (!dgst) dgst = EVP_sha1();
+	if (key)
+		{
+		if (!X509_check_private_key(signer, key))
+			{
+			OCSPerr(OCSP_F_OCSP_REQUEST_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+			goto err;
+			}
+		if (!OCSP_REQUEST_sign(req, key, dgst)) goto err;
+		}
+
+	if (!(flags & OCSP_NOCERTS))
+		{
+		if(!OCSP_request_add1_cert(req, signer)) goto err;
+		for (i = 0; i < sk_X509_num(certs); i++)
+			{
+			x = sk_X509_value(certs, i);
+			if (!OCSP_request_add1_cert(req, x)) goto err;
+			}
+		}
+
+	return 1;
+err:
+	OCSP_SIGNATURE_free(req->optionalSignature);
+	req->optionalSignature = NULL;
+	return 0;
+	}
+
+/* Get response status */
+
+int OCSP_response_status(OCSP_RESPONSE *resp)
+	{
+	return ASN1_ENUMERATED_get(resp->responseStatus);
+	}
+
+/* Extract basic response from OCSP_RESPONSE or NULL if
+ * no basic response present.
+ */
+ 
+
+OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp)
+	{
+	OCSP_RESPBYTES *rb;
+	rb = resp->responseBytes;
+	if (!rb)
+		{
+		OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NO_RESPONSE_DATA);
+		return NULL;
+		}
+	if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic)
+		{
+		OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NOT_BASIC_RESPONSE);
+		return NULL;
+		}
+
+	return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP));
+	}
+
+/* Return number of OCSP_SINGLERESP reponses present in
+ * a basic response.
+ */
+
+int OCSP_resp_count(OCSP_BASICRESP *bs)
+	{
+	if (!bs) return -1;
+	return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses);
+	}
+
+/* Extract an OCSP_SINGLERESP response with a given index */
+
+OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx)
+	{
+	if (!bs) return NULL;
+	return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx);
+	}
+
+/* Look single response matching a given certificate ID */
+
+int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
+	{
+	int i;
+	STACK_OF(OCSP_SINGLERESP) *sresp;
+	OCSP_SINGLERESP *single;
+	if (!bs) return -1;
+	if (last < 0) last = 0;
+	else last++;
+	sresp = bs->tbsResponseData->responses;
+	for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++)
+		{
+		single = sk_OCSP_SINGLERESP_value(sresp, i);
+		if (!OCSP_id_cmp(id, single->certId)) return i;
+		}
+	return -1;
+	}
+
+/* Extract status information from an OCSP_SINGLERESP structure.
+ * Note: the revtime and reason values are only set if the 
+ * certificate status is revoked. Returns numerical value of
+ * status.
+ */
+
+int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+				ASN1_GENERALIZEDTIME **revtime,
+				ASN1_GENERALIZEDTIME **thisupd,
+				ASN1_GENERALIZEDTIME **nextupd)
+	{
+	int ret;
+	OCSP_CERTSTATUS *cst;
+	if(!single) return -1;
+	cst = single->certStatus;
+	ret = cst->type;
+	if (ret == V_OCSP_CERTSTATUS_REVOKED)
+		{
+		OCSP_REVOKEDINFO *rev = cst->value.revoked;
+		if (revtime) *revtime = rev->revocationTime;
+		if (reason) 
+			{
+			if(rev->revocationReason)
+				*reason = ASN1_ENUMERATED_get(rev->revocationReason);
+			else *reason = -1;
+			}
+		}
+	if(thisupd) *thisupd = single->thisUpdate;
+	if(nextupd) *nextupd = single->nextUpdate;
+	return ret;
+	}
+
+/* This function combines the previous ones: look up a certificate ID and
+ * if found extract status information. Return 0 is successful.
+ */
+
+int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
+				int *reason,
+				ASN1_GENERALIZEDTIME **revtime,
+				ASN1_GENERALIZEDTIME **thisupd,
+				ASN1_GENERALIZEDTIME **nextupd)
+	{
+	int i;
+	OCSP_SINGLERESP *single;
+	i = OCSP_resp_find(bs, id, -1);
+	/* Maybe check for multiple responses and give an error? */
+	if(i < 0) return 0;
+	single = OCSP_resp_get0(bs, i);
+	i = OCSP_single_get0_status(single, reason, revtime, thisupd, nextupd);
+	if(status) *status = i;
+	return 1;
+	}
+
+/* Check validity of thisUpdate and nextUpdate fields. It is possible that the request will
+ * take a few seconds to process and/or the time wont be totally accurate. Therefore to avoid
+ * rejecting otherwise valid time we allow the times to be within 'nsec' of the current time.
+ * Also to avoid accepting very old responses without a nextUpdate field an optional maxage
+ * parameter specifies the maximum age the thisUpdate field can be.
+ */
+
+int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec)
+	{
+	int ret = 1;
+	time_t t_now, t_tmp;
+	time(&t_now);
+	/* Check thisUpdate is valid and not more than nsec in the future */
+	if (!ASN1_GENERALIZEDTIME_check(thisupd))
+		{
+		OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_THISUPDATE_FIELD);
+		ret = 0;
+		}
+	else 
+		{
+			t_tmp = t_now + nsec;
+			if (X509_cmp_time(thisupd, &t_tmp) > 0)
+			{
+			OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_NOT_YET_VALID);
+			ret = 0;
+			}
+
+		/* If maxsec specified check thisUpdate is not more than maxsec in the past */
+		if (maxsec >= 0)
+			{
+			t_tmp = t_now - maxsec;
+			if (X509_cmp_time(thisupd, &t_tmp) < 0)
+				{
+				OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_TOO_OLD);
+				ret = 0;
+				}
+			}
+		}
+		
+
+	if (!nextupd) return ret;
+
+	/* Check nextUpdate is valid and not more than nsec in the past */
+	if (!ASN1_GENERALIZEDTIME_check(nextupd))
+		{
+		OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
+		ret = 0;
+		}
+	else 
+		{
+		t_tmp = t_now - nsec;
+		if (X509_cmp_time(nextupd, &t_tmp) < 0)
+			{
+			OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_EXPIRED);
+			ret = 0;
+			}
+		}
+
+	/* Also don't allow nextUpdate to precede thisUpdate */
+	if (ASN1_STRING_cmp(nextupd, thisupd) < 0)
+		{
+		OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);
+		ret = 0;
+		}
+
+	return ret;
+	}
diff --git a/crypto/ocsp/ocsp_err.c b/crypto/ocsp/ocsp_err.c
new file mode 100644
index 0000000000..4c4d8306f8
--- /dev/null
+++ b/crypto/ocsp/ocsp_err.c
@@ -0,0 +1,139 @@
+/* crypto/ocsp/ocsp_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA OCSP_str_functs[]=
+	{
+{ERR_PACK(0,OCSP_F_ASN1_STRING_ENCODE,0),	"ASN1_STRING_encode"},
+{ERR_PACK(0,OCSP_F_CERT_ID_NEW,0),	"CERT_ID_NEW"},
+{ERR_PACK(0,OCSP_F_D2I_OCSP_NONCE,0),	"D2I_OCSP_NONCE"},
+{ERR_PACK(0,OCSP_F_OCSP_BASIC_ADD1_STATUS,0),	"OCSP_basic_add1_status"},
+{ERR_PACK(0,OCSP_F_OCSP_BASIC_SIGN,0),	"OCSP_basic_sign"},
+{ERR_PACK(0,OCSP_F_OCSP_BASIC_VERIFY,0),	"OCSP_basic_verify"},
+{ERR_PACK(0,OCSP_F_OCSP_CHECK_DELEGATED,0),	"OCSP_CHECK_DELEGATED"},
+{ERR_PACK(0,OCSP_F_OCSP_CHECK_IDS,0),	"OCSP_CHECK_IDS"},
+{ERR_PACK(0,OCSP_F_OCSP_CHECK_ISSUER,0),	"OCSP_CHECK_ISSUER"},
+{ERR_PACK(0,OCSP_F_OCSP_CHECK_VALIDITY,0),	"OCSP_check_validity"},
+{ERR_PACK(0,OCSP_F_OCSP_MATCH_ISSUERID,0),	"OCSP_MATCH_ISSUERID"},
+{ERR_PACK(0,OCSP_F_OCSP_PARSE_URL,0),	"OCSP_parse_url"},
+{ERR_PACK(0,OCSP_F_OCSP_REQUEST_SIGN,0),	"OCSP_request_sign"},
+{ERR_PACK(0,OCSP_F_OCSP_REQUEST_VERIFY,0),	"OCSP_request_verify"},
+{ERR_PACK(0,OCSP_F_OCSP_RESPONSE_GET1_BASIC,0),	"OCSP_response_get1_basic"},
+{ERR_PACK(0,OCSP_F_OCSP_SENDREQ_BIO,0),	"OCSP_sendreq_bio"},
+{ERR_PACK(0,OCSP_F_REQUEST_VERIFY,0),	"REQUEST_VERIFY"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA OCSP_str_reasons[]=
+	{
+{OCSP_R_BAD_DATA                         ,"bad data"},
+{OCSP_R_CERTIFICATE_VERIFY_ERROR         ,"certificate verify error"},
+{OCSP_R_DIGEST_ERR                       ,"digest err"},
+{OCSP_R_ERROR_IN_NEXTUPDATE_FIELD        ,"error in nextupdate field"},
+{OCSP_R_ERROR_IN_THISUPDATE_FIELD        ,"error in thisupdate field"},
+{OCSP_R_ERROR_PARSING_URL                ,"error parsing url"},
+{OCSP_R_MISSING_OCSPSIGNING_USAGE        ,"missing ocspsigning usage"},
+{OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE     ,"nextupdate before thisupdate"},
+{OCSP_R_NOT_BASIC_RESPONSE               ,"not basic response"},
+{OCSP_R_NO_CERTIFICATES_IN_CHAIN         ,"no certificates in chain"},
+{OCSP_R_NO_CONTENT                       ,"no content"},
+{OCSP_R_NO_PUBLIC_KEY                    ,"no public key"},
+{OCSP_R_NO_RESPONSE_DATA                 ,"no response data"},
+{OCSP_R_NO_REVOKED_TIME                  ,"no revoked time"},
+{OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"},
+{OCSP_R_REQUEST_NOT_SIGNED               ,"request not signed"},
+{OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA,"response contains no revocation data"},
+{OCSP_R_ROOT_CA_NOT_TRUSTED              ,"root ca not trusted"},
+{OCSP_R_SERVER_READ_ERROR                ,"server read error"},
+{OCSP_R_SERVER_RESPONSE_ERROR            ,"server response error"},
+{OCSP_R_SERVER_RESPONSE_PARSE_ERROR      ,"server response parse error"},
+{OCSP_R_SERVER_WRITE_ERROR               ,"server write error"},
+{OCSP_R_SIGNATURE_FAILURE                ,"signature failure"},
+{OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND     ,"signer certificate not found"},
+{OCSP_R_STATUS_EXPIRED                   ,"status expired"},
+{OCSP_R_STATUS_NOT_YET_VALID             ,"status not yet valid"},
+{OCSP_R_STATUS_TOO_OLD                   ,"status too old"},
+{OCSP_R_UNKNOWN_MESSAGE_DIGEST           ,"unknown message digest"},
+{OCSP_R_UNKNOWN_NID                      ,"unknown nid"},
+{OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE   ,"unsupported requestorname type"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_OCSP_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(ERR_LIB_OCSP,OCSP_str_functs);
+		ERR_load_strings(ERR_LIB_OCSP,OCSP_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c
new file mode 100644
index 0000000000..d6c8899f58
--- /dev/null
+++ b/crypto/ocsp/ocsp_ext.c
@@ -0,0 +1,528 @@
+/* ocsp_ext.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was transfered to Richard Levitte from CertCo by Kathy
+   Weinhold in mid-spring 2000 to be included in OpenSSL or released
+   as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <cryptlib.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/ocsp.h>
+#include <openssl/rand.h>
+#include <openssl/x509v3.h>
+
+/* Standard wrapper functions for extensions */
+
+/* OCSP request extensions */
+
+int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x)
+	{
+	return(X509v3_get_ext_count(x->tbsRequest->requestExtensions));
+	}
+
+int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos)
+	{
+	return(X509v3_get_ext_by_NID(x->tbsRequest->requestExtensions,nid,lastpos));
+	}
+
+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos)
+	{
+	return(X509v3_get_ext_by_OBJ(x->tbsRequest->requestExtensions,obj,lastpos));
+	}
+
+int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos)
+	{
+	return(X509v3_get_ext_by_critical(x->tbsRequest->requestExtensions,crit,lastpos));
+	}
+
+X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)
+	{
+	return(X509v3_get_ext(x->tbsRequest->requestExtensions,loc));
+	}
+
+X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc)
+	{
+	return(X509v3_delete_ext(x->tbsRequest->requestExtensions,loc));
+	}
+
+void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx)
+	{
+	return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx);
+	}
+
+int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
+							unsigned long flags)
+	{
+	return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value, crit, flags);
+	}
+
+int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
+	{
+	return(X509v3_add_ext(&(x->tbsRequest->requestExtensions),ex,loc) != NULL);
+	}
+
+/* Single extensions */
+
+int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x)
+	{
+	return(X509v3_get_ext_count(x->singleRequestExtensions));
+	}
+
+int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos)
+	{
+	return(X509v3_get_ext_by_NID(x->singleRequestExtensions,nid,lastpos));
+	}
+
+int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos)
+	{
+	return(X509v3_get_ext_by_OBJ(x->singleRequestExtensions,obj,lastpos));
+	}
+
+int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos)
+	{
+	return(X509v3_get_ext_by_critical(x->singleRequestExtensions,crit,lastpos));
+	}
+
+X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc)
+	{
+	return(X509v3_get_ext(x->singleRequestExtensions,loc));
+	}
+
+X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc)
+	{
+	return(X509v3_delete_ext(x->singleRequestExtensions,loc));
+	}
+
+void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx)
+	{
+	return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx);
+	}
+
+int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
+							unsigned long flags)
+	{
+	return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit, flags);
+	}
+
+int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc)
+	{
+	return(X509v3_add_ext(&(x->singleRequestExtensions),ex,loc) != NULL);
+	}
+
+/* OCSP Basic response */
+
+int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x)
+	{
+	return(X509v3_get_ext_count(x->tbsResponseData->responseExtensions));
+	}
+
+int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
+	{
+	return(X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions,nid,lastpos));
+	}
+
+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos)
+	{
+	return(X509v3_get_ext_by_OBJ(x->tbsResponseData->responseExtensions,obj,lastpos));
+	}
+
+int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos)
+	{
+	return(X509v3_get_ext_by_critical(x->tbsResponseData->responseExtensions,crit,lastpos));
+	}
+
+X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)
+	{
+	return(X509v3_get_ext(x->tbsResponseData->responseExtensions,loc));
+	}
+
+X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc)
+	{
+	return(X509v3_delete_ext(x->tbsResponseData->responseExtensions,loc));
+	}
+
+void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx)
+	{
+	return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit, idx);
+	}
+
+int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit,
+							unsigned long flags)
+	{
+	return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid, value, crit, flags);
+	}
+
+int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)
+	{
+	return(X509v3_add_ext(&(x->tbsResponseData->responseExtensions),ex,loc) != NULL);
+	}
+
+/* OCSP single response extensions */
+
+int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x)
+	{
+	return(X509v3_get_ext_count(x->singleExtensions));
+	}
+
+int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos)
+	{
+	return(X509v3_get_ext_by_NID(x->singleExtensions,nid,lastpos));
+	}
+
+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos)
+	{
+	return(X509v3_get_ext_by_OBJ(x->singleExtensions,obj,lastpos));
+	}
+
+int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos)
+	{
+	return(X509v3_get_ext_by_critical(x->singleExtensions,crit,lastpos));
+	}
+
+X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc)
+	{
+	return(X509v3_get_ext(x->singleExtensions,loc));
+	}
+
+X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc)
+	{
+	return(X509v3_delete_ext(x->singleExtensions,loc));
+	}
+
+void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx)
+	{
+	return X509V3_get_d2i(x->singleExtensions, nid, crit, idx);
+	}
+
+int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit,
+							unsigned long flags)
+	{
+	return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags);
+	}
+
+int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
+	{
+	return(X509v3_add_ext(&(x->singleExtensions),ex,loc) != NULL);
+	}
+
+/* also CRL Entry Extensions */
+
+ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), 
+				char *data, STACK_OF(ASN1_OBJECT) *sk)
+        {
+	int i;
+	unsigned char *p, *b = NULL;
+
+	if (data)
+	        {
+		if ((i=i2d(data,NULL)) <= 0) goto err;
+		if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i)))
+			goto err;
+	        if (i2d(data, &p) <= 0) goto err;
+		}
+	else if (sk)
+	        {
+		if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL,i2d,V_ASN1_SEQUENCE,
+				   V_ASN1_UNIVERSAL,IS_SEQUENCE))<=0) goto err;
+		if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i)))
+			goto err;
+		if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,i2d,V_ASN1_SEQUENCE,
+				 V_ASN1_UNIVERSAL,IS_SEQUENCE)<=0) goto err;
+		}
+	else
+		{
+		OCSPerr(OCSP_F_ASN1_STRING_ENCODE,OCSP_R_BAD_DATA);
+		goto err;
+		}
+	if (!s && !(s = ASN1_STRING_new())) goto err;
+	if (!(ASN1_STRING_set(s, b, i))) goto err;
+	OPENSSL_free(b);
+	return s;
+err:
+	if (b) OPENSSL_free(b);
+	return NULL;
+	}
+
+/* Nonce handling functions */
+
+/* Add a nonce to an extension stack. A nonce can be specificed or if NULL
+ * a random nonce will be generated.
+ */
+
+static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len)
+	{
+	unsigned char *tmpval;
+	ASN1_OCTET_STRING os;
+	int ret = 0;
+	if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH;
+	if (val) tmpval = val;
+	else
+		{
+		if (!(tmpval = OPENSSL_malloc(len))) goto err;
+		RAND_pseudo_bytes(tmpval, len);
+		}
+	os.data = tmpval;
+	os.length = len;
+	if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
+			&os, 0, X509V3_ADD_REPLACE))
+				goto err;
+	ret = 1;
+	err:
+	if(!val) OPENSSL_free(tmpval);
+	return ret;
+	}
+
+
+/* Add nonce to an OCSP request */
+
+int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len)
+	{
+	return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len);
+	}
+
+/* Same as above but for a response */
+
+int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)
+	{
+	return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val, len);
+	}
+
+/* Check nonce validity in a request and response.
+ * Return value reflects result:
+ *  1: nonces present and equal.
+ *  2: nonces both absent.
+ *  3: nonce present in response only.
+ *  0: nonces both present and not equal.
+ * -1: nonce in request only.
+ *
+ *  For most responders clients can check return > 0.
+ *  If responder doesn't handle nonces return != 0 may be
+ *  necessary. return == 0 is always an error.
+ */
+
+int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
+	{
+	/*
+	 * Since we are only interested in the presence or absence of
+	 * the nonce and comparing its value there is no need to use
+	 * the X509V3 routines: this way we can avoid them allocating an
+	 * ASN1_OCTET_STRING structure for the value which would be
+	 * freed immediately anyway.
+	 */
+
+	int req_idx, resp_idx;
+	X509_EXTENSION *req_ext, *resp_ext;
+	req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
+	resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1);
+	/* Check both absent */
+	if((req_idx < 0) && (resp_idx < 0))
+		return 2;
+	/* Check in request only */
+	if((req_idx >= 0) && (resp_idx < 0))
+		return -1;
+	/* Check in response but not request */
+	if((req_idx < 0) && (resp_idx >= 0))
+		return 3;
+	/* Otherwise nonce in request and response so retrieve the extensions */
+	req_ext = OCSP_REQUEST_get_ext(req, req_idx);
+	resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx);
+	if(ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value))
+		return 0;
+	return 1;
+	}
+
+/* Copy the nonce value (if any) from an OCSP request to 
+ * a response.
+ */
+
+int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req)
+	{
+	X509_EXTENSION *req_ext;
+	int req_idx;
+	/* Check for nonce in request */
+	req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
+	/* If no nonce that's OK */
+	if (req_idx < 0) return 2;
+	req_ext = OCSP_REQUEST_get_ext(req, req_idx);
+	return OCSP_BASICRESP_add_ext(resp, req_ext, -1);
+	}
+
+X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
+        {
+	X509_EXTENSION *x = NULL;
+	OCSP_CRLID *cid = NULL;
+	
+	if (!(cid = OCSP_CRLID_new())) goto err;
+	if (url)
+	        {
+		if (!(cid->crlUrl = ASN1_IA5STRING_new())) goto err;
+		if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) goto err;
+		}
+	if (n)
+	        {
+		if (!(cid->crlNum = ASN1_INTEGER_new())) goto err;
+		if (!(ASN1_INTEGER_set(cid->crlNum, *n))) goto err;
+		}
+	if (tim)
+	        {
+		if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err;
+		if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) 
+		        goto err;
+		}
+	if (!(x = X509_EXTENSION_new())) goto err;
+	if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err;
+	if (!(ASN1_STRING_encode(x->value,i2d_OCSP_CRLID,(char*)cid,NULL)))
+	        goto err;
+	OCSP_CRLID_free(cid);
+	return x;
+err:
+	if (x) X509_EXTENSION_free(x);
+	if (cid) OCSP_CRLID_free(cid);
+	return NULL;
+	}
+
+/*   AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
+X509_EXTENSION *OCSP_accept_responses_new(char **oids)
+        {
+	int nid;
+	STACK_OF(ASN1_OBJECT) *sk = NULL;
+	ASN1_OBJECT *o = NULL;
+        X509_EXTENSION *x = NULL;
+
+	if (!(sk = sk_ASN1_OBJECT_new_null())) goto err;
+	while (oids && *oids)
+	        {
+		if ((nid=OBJ_txt2nid(*oids))!=NID_undef&&(o=OBJ_nid2obj(nid))) 
+		        sk_ASN1_OBJECT_push(sk, o);
+		oids++;
+		}
+	if (!(x = X509_EXTENSION_new())) goto err;
+	if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
+		goto err;
+	if (!(ASN1_STRING_encode(x->value,i2d_ASN1_OBJECT,NULL,sk)))
+	        goto err;
+	sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
+	return x;
+err:
+	if (x) X509_EXTENSION_free(x);
+	if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
+	return NULL;
+        }
+
+/*  ArchiveCutoff ::= GeneralizedTime */
+X509_EXTENSION *OCSP_archive_cutoff_new(char* tim)
+        {
+	X509_EXTENSION *x=NULL;
+	ASN1_GENERALIZEDTIME *gt = NULL;
+
+	if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err;
+	if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;
+	if (!(x = X509_EXTENSION_new())) goto err;
+	if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err;
+	if (!(ASN1_STRING_encode(x->value,i2d_ASN1_GENERALIZEDTIME,
+				 (char*)gt,NULL))) goto err;
+	ASN1_GENERALIZEDTIME_free(gt);
+	return x;
+err:
+	if (gt) ASN1_GENERALIZEDTIME_free(gt);
+	if (x) X509_EXTENSION_free(x);
+	return NULL;
+	}
+
+/* per ACCESS_DESCRIPTION parameter are oids, of which there are currently
+ * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value.  This
+ * method forces NID_ad_ocsp and uniformResourceLocator [6] IA5String.
+ */
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
+        {
+	X509_EXTENSION *x = NULL;
+	ASN1_IA5STRING *ia5 = NULL;
+	OCSP_SERVICELOC *sloc = NULL;
+	ACCESS_DESCRIPTION *ad = NULL;
+	
+	if (!(sloc = OCSP_SERVICELOC_new())) goto err;
+	if (!(sloc->issuer = X509_NAME_dup(issuer))) goto err;
+	if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null())) goto err;
+	while (urls && *urls)
+	        {
+		if (!(ad = ACCESS_DESCRIPTION_new())) goto err;
+		if (!(ad->method=OBJ_nid2obj(NID_ad_OCSP))) goto err;
+		if (!(ad->location = GENERAL_NAME_new())) goto err;
+	        if (!(ia5 = ASN1_IA5STRING_new())) goto err;
+		if (!ASN1_STRING_set((ASN1_STRING*)ia5, *urls, -1)) goto err;
+		ad->location->type = GEN_URI;
+		ad->location->d.ia5 = ia5;
+		if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err;
+		urls++;
+		}
+	if (!(x = X509_EXTENSION_new())) goto err;
+	if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) 
+	        goto err;
+	if (!(ASN1_STRING_encode(x->value, i2d_OCSP_SERVICELOC,
+				 (char*)sloc, NULL))) goto err;
+	OCSP_SERVICELOC_free(sloc);
+	return x;
+err:
+	if (x) X509_EXTENSION_free(x);
+	if (sloc) OCSP_SERVICELOC_free(sloc);
+	return NULL;
+	}
+
diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c
new file mode 100644
index 0000000000..357709a843
--- /dev/null
+++ b/crypto/ocsp/ocsp_ht.c
@@ -0,0 +1,167 @@
+/* ocsp_ht.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/asn1.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+#include <openssl/ocsp.h>
+#include <openssl/err.h>
+#include <openssl/buffer.h>
+#ifdef OPENSSL_SYS_SUNOS
+#define strtoul (unsigned long)strtol
+#endif /* OPENSSL_SYS_SUNOS */
+
+/* Quick and dirty HTTP OCSP request handler.
+ * Could make this a bit cleverer by adding
+ * support for non blocking BIOs and a few
+ * other refinements.
+ */
+
+OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req)
+{
+	BIO *mem = NULL;
+	char tmpbuf[1024];
+	OCSP_RESPONSE *resp = NULL;
+	char *p, *q, *r;
+	int len, retcode;
+	static char req_txt[] =
+"POST %s HTTP/1.0\r\n\
+Content-Type: application/ocsp-request\r\n\
+Content-Length: %d\r\n\r\n";
+
+	len = i2d_OCSP_REQUEST(req, NULL);
+	if(BIO_printf(b, req_txt, path, len) < 0) {
+		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR);
+		goto err;
+	}
+	if(i2d_OCSP_REQUEST_bio(b, req) <= 0) {
+		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR);
+		goto err;
+	}
+	if(!(mem = BIO_new(BIO_s_mem()))) goto err;
+	/* Copy response to a memory BIO: socket bios can't do gets! */
+	while ((len = BIO_read(b, tmpbuf, sizeof tmpbuf))) {
+		if(len < 0) {
+			OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_READ_ERROR);
+			goto err;
+		}
+		BIO_write(mem, tmpbuf, len);
+	}
+	if(BIO_gets(mem, tmpbuf, 512) <= 0) {
+		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+		goto err;
+	}
+	/* Parse the HTTP response. This will look like this:
+	 * "HTTP/1.0 200 OK". We need to obtain the numeric code and
+         * informational message.
+	 */
+
+	/* Skip to first white space (passed protocol info) */
+	for(p = tmpbuf; *p && !isspace((unsigned char)*p); p++) continue;
+	if(!*p) {
+		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+		goto err;
+	}
+	/* Skip past white space to start of response code */
+	while(*p && isspace((unsigned char)*p)) p++;
+	if(!*p) {
+		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+		goto err;
+	}
+	/* Find end of response code: first whitespace after start of code */
+	for(q = p; *q && !isspace((unsigned char)*q); q++) continue;
+	if(!*q) {
+		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+		goto err;
+	}
+	/* Set end of response code and start of message */ 
+	*q++ = 0;
+	/* Attempt to parse numeric code */
+	retcode = strtoul(p, &r, 10);
+	if(*r) goto err;
+	/* Skip over any leading white space in message */
+	while(*q && isspace((unsigned char)*q))  q++;
+	if(!*q) goto err;
+	/* Finally zap any trailing white space in message (include CRLF) */
+	/* We know q has a non white space character so this is OK */
+	for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0;
+	if(retcode != 200) {
+		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_ERROR);
+		ERR_add_error_data(4, "Code=", p, ",Reason=", q);
+		goto err;
+	}
+	/* Find blank line marking beginning of content */	
+	while(BIO_gets(mem, tmpbuf, 512) > 0)
+	{
+		for(p = tmpbuf; *p && isspace((unsigned char)*p); p++) continue;
+		if(!*p) break;
+	}
+	if(*p) {
+		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_NO_CONTENT);
+		goto err;
+	}
+	if(!(resp = d2i_OCSP_RESPONSE_bio(mem, NULL))) {
+		OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,ERR_R_NESTED_ASN1_ERROR);
+		goto err;
+	}
+	err:
+	BIO_free(mem);
+	return resp;
+}
diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
new file mode 100644
index 0000000000..3875af165c
--- /dev/null
+++ b/crypto/ocsp/ocsp_lib.c
@@ -0,0 +1,261 @@
+/* ocsp_lib.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was transfered to Richard Levitte from CertCo by Kathy
+   Weinhold in mid-spring 2000 to be included in OpenSSL or released
+   as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <cryptlib.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/ocsp.h>
+
+/* Convert a certificate and its issuer to an OCSP_CERTID */
+
+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
+{
+	X509_NAME *iname;
+	ASN1_INTEGER *serial;
+	ASN1_BIT_STRING *ikey;
+#ifndef OPENSSL_NO_SHA1
+	if(!dgst) dgst = EVP_sha1();
+#endif
+	if (subject)
+		{
+		iname = X509_get_issuer_name(subject);
+		serial = X509_get_serialNumber(subject);
+		}
+	else
+		{
+		iname = X509_get_subject_name(issuer);
+		serial = NULL;
+		}
+	ikey = X509_get0_pubkey_bitstr(issuer);
+	return OCSP_cert_id_new(dgst, iname, ikey, serial);
+}
+
+
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, 
+			      X509_NAME *issuerName, 
+			      ASN1_BIT_STRING* issuerKey, 
+			      ASN1_INTEGER *serialNumber)
+        {
+	int nid;
+        unsigned int i;
+	X509_ALGOR *alg;
+	OCSP_CERTID *cid = NULL;
+	unsigned char md[EVP_MAX_MD_SIZE];
+
+	if (!(cid = OCSP_CERTID_new())) goto err;
+
+	alg = cid->hashAlgorithm;
+	if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm);
+	if ((nid = EVP_MD_type(dgst)) == NID_undef)
+	        {
+		OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_UNKNOWN_NID);
+		goto err;
+		}
+	if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err;
+	if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
+	alg->parameter->type=V_ASN1_NULL;
+
+	if (!X509_NAME_digest(issuerName, dgst, md, &i)) goto digerr;
+	if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err;
+
+	/* Calculate the issuerKey hash, excluding tag and length */
+	EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL);
+
+	if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err;
+
+	if (serialNumber)
+		{
+		ASN1_INTEGER_free(cid->serialNumber);
+		if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) goto err;
+		}
+	return cid;
+digerr:
+	OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_DIGEST_ERR);
+err:
+	if (cid) OCSP_CERTID_free(cid);
+	return NULL;
+	}
+
+int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
+	{
+	int ret;
+	ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);
+	if (ret) return ret;
+	ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash);
+	if (ret) return ret;
+	return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash);
+	}
+
+int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
+	{
+	int ret;
+	ret = OCSP_id_issuer_cmp(a, b);
+	if (ret) return ret;
+	return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber);
+	}
+
+
+/* Parse a URL and split it up into host, port and path components and whether
+ * it is SSL.
+ */
+
+int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)
+	{
+	char *p, *buf;
+
+	char *host, *port;
+
+	/* dup the buffer since we are going to mess with it */
+	buf = BUF_strdup(url);
+	if (!buf) goto mem_err;
+
+	*phost = NULL;
+	*pport = NULL;
+	*ppath = NULL;
+
+	/* Check for initial colon */
+	p = strchr(buf, ':');
+
+	if (!p) goto parse_err;
+
+	*(p++) = '\0';
+
+	if (!strcmp(buf, "http"))
+		{
+		*pssl = 0;
+		port = "80";
+		}
+	else if (!strcmp(buf, "https"))
+		{
+		*pssl = 1;
+		port = "443";
+		}
+	else
+		goto parse_err;
+
+	/* Check for double slash */
+	if ((p[0] != '/') || (p[1] != '/'))
+		goto parse_err;
+
+	p += 2;
+
+	host = p;
+
+	/* Check for trailing part of path */
+
+	p = strchr(p, '/');
+
+	if (!p) 
+		*ppath = BUF_strdup("/");
+	else
+		{
+		*ppath = BUF_strdup(p);
+		/* Set start of path to 0 so hostname is valid */
+		*p = '\0';
+		}
+
+	if (!*ppath) goto mem_err;
+
+	/* Look for optional ':' for port number */
+	if ((p = strchr(host, ':')))
+		{
+		*p = 0;
+		port = p + 1;
+		}
+	else
+		{
+		/* Not found: set default port */
+		if (*pssl) port = "443";
+		else port = "80";
+		}
+
+	*pport = BUF_strdup(port);
+	if (!*pport) goto mem_err;
+
+	*phost = BUF_strdup(host);
+
+	if (!*phost) goto mem_err;
+
+	OPENSSL_free(buf);
+
+	return 1;
+
+	mem_err:
+	OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
+	goto err;
+
+	parse_err:
+	OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);
+
+
+	err:
+	if (*ppath) OPENSSL_free(*ppath);
+	if (*pport) OPENSSL_free(*pport);
+	if (*phost) OPENSSL_free(*phost);
+	return 0;
+
+	}
diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c
new file mode 100644
index 0000000000..4b7bc28769
--- /dev/null
+++ b/crypto/ocsp/ocsp_prn.c
@@ -0,0 +1,291 @@
+/* ocsp_prn.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was originally part of ocsp.c and was transfered to Richard
+   Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
+   in OpenSSL or released as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+#include <openssl/pem.h>
+
+static int ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent)
+        {
+	BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
+	indent += 2;
+	BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
+	i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm);
+	BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
+	i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
+	BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
+	i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING);
+	BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
+	i2a_ASN1_INTEGER(bp, a->serialNumber);
+	BIO_printf(bp, "\n");
+	return 1;
+	}
+
+typedef struct
+	{
+	long t;
+	char *m;
+	} OCSP_TBLSTR;
+
+static char *table2string(long s, OCSP_TBLSTR *ts, int len)
+{
+	OCSP_TBLSTR *p;
+	for (p=ts; p < ts + len; p++)
+	        if (p->t == s)
+		         return p->m;
+	return "(UNKNOWN)";
+}
+
+char *OCSP_response_status_str(long s)
+        {
+	static OCSP_TBLSTR rstat_tbl[] = {
+	        { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" },
+	        { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" },
+	        { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" },
+	        { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" },
+	        { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" },
+	        { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } };
+	return table2string(s, rstat_tbl, 6);
+	} 
+
+char *OCSP_cert_status_str(long s)
+        {
+	static OCSP_TBLSTR cstat_tbl[] = {
+	        { V_OCSP_CERTSTATUS_GOOD, "good" },
+	        { V_OCSP_CERTSTATUS_REVOKED, "revoked" },
+	        { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } };
+	return table2string(s, cstat_tbl, 3);
+	} 
+
+char *OCSP_crl_reason_str(long s)
+        {
+	OCSP_TBLSTR reason_tbl[] = {
+	  { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },
+          { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" },
+          { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" },
+          { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" },
+          { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" },
+          { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" },
+          { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" },
+          { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } };
+	return table2string(s, reason_tbl, 8);
+	} 
+
+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags)
+        {
+	int i;
+	long l;
+	OCSP_CERTID* cid = NULL;
+	OCSP_ONEREQ *one = NULL;
+	OCSP_REQINFO *inf = o->tbsRequest;
+	OCSP_SIGNATURE *sig = o->optionalSignature;
+
+	if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) goto err;
+	l=ASN1_INTEGER_get(inf->version);
+	if (BIO_printf(bp,"    Version: %lu (0x%lx)",l+1,l) <= 0) goto err;
+	if (inf->requestorName != NULL)
+	        {
+		if (BIO_write(bp,"\n    Requestor Name: ",21) <= 0) 
+		        goto err;
+		GENERAL_NAME_print(bp, inf->requestorName);
+		}
+	if (BIO_write(bp,"\n    Requestor List:\n",21) <= 0) goto err;
+	for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++)
+	        {
+		one = sk_OCSP_ONEREQ_value(inf->requestList, i);
+		cid = one->reqCert;
+		ocsp_certid_print(bp, cid, 8);
+		if (!X509V3_extensions_print(bp,
+					"Request Single Extensions",
+					one->singleRequestExtensions, flags, 8))
+							goto err;
+		}
+	if (!X509V3_extensions_print(bp, "Request Extensions",
+			inf->requestExtensions, flags, 4))
+							goto err;
+	if (sig)
+	        {
+		X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);
+		for (i=0; i<sk_X509_num(sig->certs); i++)
+			{
+			X509_print(bp, sk_X509_value(sig->certs,i));
+			PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i));
+			}
+		}
+	return 1;
+err:
+	return 0;
+	}
+
+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
+        {
+	int i, ret = 0;
+	long l;
+	unsigned char *p;
+	OCSP_CERTID *cid = NULL;
+	OCSP_BASICRESP *br = NULL;
+	OCSP_RESPID *rid = NULL;
+	OCSP_RESPDATA  *rd = NULL;
+	OCSP_CERTSTATUS *cst = NULL;
+	OCSP_REVOKEDINFO *rev = NULL;
+	OCSP_SINGLERESP *single = NULL;
+	OCSP_RESPBYTES *rb = o->responseBytes;
+
+	if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err;
+	l=ASN1_ENUMERATED_get(o->responseStatus);
+	if (BIO_printf(bp,"    OCSP Response Status: %s (0x%x)\n",
+		       OCSP_response_status_str(l), l) <= 0) goto err;
+	if (rb == NULL) return 1;
+        if (BIO_puts(bp,"    Response Type: ") <= 0)
+	        goto err;
+	if(i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)
+	        goto err;
+	if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) 
+	        {
+		BIO_puts(bp," (unknown response type)\n");
+		return 1;
+		}
+
+	p = ASN1_STRING_data(rb->response);
+	i = ASN1_STRING_length(rb->response);
+	if (!(br = OCSP_response_get1_basic(o))) goto err;
+	rd = br->tbsResponseData;
+	l=ASN1_INTEGER_get(rd->version);
+	if (BIO_printf(bp,"\n    Version: %lu (0x%lx)\n",
+		       l+1,l) <= 0) goto err;
+	if (BIO_puts(bp,"    Responder Id: ") <= 0) goto err;
+
+	rid =  rd->responderId;
+	switch (rid->type)
+		{
+		case V_OCSP_RESPID_NAME:
+		        X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
+		        break;
+		case V_OCSP_RESPID_KEY:
+		        i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING);
+		        break;
+		}
+
+	if (BIO_printf(bp,"\n    Produced At: ")<=0) goto err;
+	if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) goto err;
+	if (BIO_printf(bp,"\n    Responses:\n") <= 0) goto err;
+	for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++)
+	        {
+		if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) continue;
+		single = sk_OCSP_SINGLERESP_value(rd->responses, i);
+		cid = single->certId;
+		if(ocsp_certid_print(bp, cid, 4) <= 0) goto err;
+		cst = single->certStatus;
+		if (BIO_printf(bp,"    Cert Status: %s",
+			       OCSP_cert_status_str(cst->type)) <= 0)
+		        goto err;
+		if (cst->type == V_OCSP_CERTSTATUS_REVOKED)
+		        {
+		        rev = cst->value.revoked;
+			if (BIO_printf(bp, "\n    Revocation Time: ") <= 0) 
+			        goto err;
+			if (!ASN1_GENERALIZEDTIME_print(bp, 
+							rev->revocationTime)) 
+				goto err;
+			if (rev->revocationReason) 
+			        {
+				l=ASN1_ENUMERATED_get(rev->revocationReason);
+				if (BIO_printf(bp, 
+					 "\n    Revocation Reason: %s (0x%x)",
+					       OCSP_crl_reason_str(l), l) <= 0)
+				        goto err;
+				}
+			}
+		if (BIO_printf(bp,"\n    This Update: ") <= 0) goto err;
+		if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) 
+			goto err;
+		if (single->nextUpdate)
+		        {
+			if (BIO_printf(bp,"\n    Next Update: ") <= 0)goto err;
+			if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate))
+				goto err;
+			}
+		if (!BIO_write(bp,"\n",1)) goto err;
+		if (!X509V3_extensions_print(bp,
+					"Response Single Extensions",
+					single->singleExtensions, flags, 8))
+							goto err;
+		if (!BIO_write(bp,"\n",1)) goto err;
+		}
+	if (!X509V3_extensions_print(bp, "Response Extensions",
+					rd->responseExtensions, flags, 4))
+	if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
+							goto err;
+
+	for (i=0; i<sk_X509_num(br->certs); i++)
+		{
+		X509_print(bp, sk_X509_value(br->certs,i));
+		PEM_write_bio_X509(bp,sk_X509_value(br->certs,i));
+		}
+
+	ret = 1;
+err:
+	OCSP_BASICRESP_free(br);
+	return ret;
+	}
diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c
new file mode 100644
index 0000000000..fffa134e75
--- /dev/null
+++ b/crypto/ocsp/ocsp_srv.c
@@ -0,0 +1,264 @@
+/* ocsp_srv.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <cryptlib.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/ocsp.h>
+
+/* Utility functions related to sending OCSP responses and extracting
+ * relevant information from the request.
+ */
+
+int OCSP_request_onereq_count(OCSP_REQUEST *req)
+	{
+	return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList);
+	}
+
+OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)
+	{
+	return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i);
+	}
+
+OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one)
+	{
+	return one->reqCert;
+	}
+
+int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+			ASN1_OCTET_STRING **pikeyHash,
+			ASN1_INTEGER **pserial, OCSP_CERTID *cid)
+	{
+	if (!cid) return 0;
+	if (pmd) *pmd = cid->hashAlgorithm->algorithm;
+	if(piNameHash) *piNameHash = cid->issuerNameHash;
+	if (pikeyHash) *pikeyHash = cid->issuerKeyHash;
+	if (pserial) *pserial = cid->serialNumber;
+	return 1;
+	}
+
+int OCSP_request_is_signed(OCSP_REQUEST *req)
+	{
+	if(req->optionalSignature) return 1;
+	return 0;
+	}
+
+/* Create an OCSP response and encode an optional basic response */
+OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs)
+        {
+        OCSP_RESPONSE *rsp = NULL;
+
+	if (!(rsp = OCSP_RESPONSE_new())) goto err;
+	if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) goto err;
+	if (!bs) return rsp;
+	if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) goto err;
+	rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);
+	if (!ASN1_item_pack(bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response))
+				goto err;
+	return rsp;
+err:
+	if (rsp) OCSP_RESPONSE_free(rsp);
+	return NULL;
+	}
+
+
+OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
+						OCSP_CERTID *cid,
+						int status, int reason,
+						ASN1_TIME *revtime,
+					ASN1_TIME *thisupd, ASN1_TIME *nextupd)
+	{
+	OCSP_SINGLERESP *single = NULL;
+	OCSP_CERTSTATUS *cs;
+	OCSP_REVOKEDINFO *ri;
+
+	if(!rsp->tbsResponseData->responses &&
+	    !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null()))
+		goto err;
+
+	if (!(single = OCSP_SINGLERESP_new()))
+		goto err;
+
+
+
+	if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))
+		goto err;
+	if (nextupd &&
+		!ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))
+		goto err;
+
+	OCSP_CERTID_free(single->certId);
+
+	if(!(single->certId = OCSP_CERTID_dup(cid)))
+		goto err;
+
+	cs = single->certStatus;
+	switch(cs->type = status)
+		{
+	case V_OCSP_CERTSTATUS_REVOKED:
+		if (!revtime)
+		        {
+		        OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,OCSP_R_NO_REVOKED_TIME);
+			goto err;
+		        }
+		if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) goto err;
+		if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
+			goto err;	
+		if (reason != OCSP_REVOKED_STATUS_NOSTATUS)
+		        {
+			if (!(ri->revocationReason = ASN1_ENUMERATED_new())) 
+			        goto err;
+			if (!(ASN1_ENUMERATED_set(ri->revocationReason, 
+						  reason)))
+			        goto err;	
+			}
+		break;
+
+	case V_OCSP_CERTSTATUS_GOOD:
+		cs->value.good = ASN1_NULL_new();
+		break;
+
+	case V_OCSP_CERTSTATUS_UNKNOWN:
+		cs->value.unknown = ASN1_NULL_new();
+		break;
+
+	default:
+		goto err;
+
+		}
+	if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
+		goto err;
+	return single;
+err:
+	OCSP_SINGLERESP_free(single);
+	return NULL;
+	}
+
+/* Add a certificate to an OCSP request */
+
+int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)
+	{
+	if (!resp->certs && !(resp->certs = sk_X509_new_null()))
+		return 0;
+
+	if(!sk_X509_push(resp->certs, cert)) return 0;
+	CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+	return 1;
+	}
+
+int OCSP_basic_sign(OCSP_BASICRESP *brsp, 
+			X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+			STACK_OF(X509) *certs, unsigned long flags)
+        {
+	int i;
+	OCSP_RESPID *rid;
+
+	if (!X509_check_private_key(signer, key))
+		{
+		OCSPerr(OCSP_F_OCSP_BASIC_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+		goto err;
+		}
+
+	if(!(flags & OCSP_NOCERTS))
+		{
+		if(!OCSP_basic_add1_cert(brsp, signer))
+			goto err;
+		for (i = 0; i < sk_X509_num(certs); i++)
+			{
+			X509 *tmpcert = sk_X509_value(certs, i);
+			if(!OCSP_basic_add1_cert(brsp, tmpcert))
+				goto err;
+			}
+		}
+
+	rid = brsp->tbsResponseData->responderId;
+	if (flags & OCSP_RESPID_KEY)
+		{
+		unsigned char md[SHA_DIGEST_LENGTH];
+		X509_pubkey_digest(signer, EVP_sha1(), md, NULL);
+		if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))
+			goto err;
+		if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH)))
+				goto err;
+		rid->type = V_OCSP_RESPID_KEY;
+		}
+	else
+		{
+		if (!X509_NAME_set(&rid->value.byName,
+					X509_get_subject_name(signer)))
+				goto err;
+		rid->type = V_OCSP_RESPID_NAME;
+		}
+
+	if (!(flags & OCSP_NOTIME) &&
+		!X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0))
+		goto err;
+
+	/* Right now, I think that not doing double hashing is the right
+	   thing.	-- Richard Levitte */
+
+	if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0)) goto err;
+
+	return 1;
+err:
+	return 0;
+	}
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
new file mode 100644
index 0000000000..1f5fda7ca3
--- /dev/null
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -0,0 +1,444 @@
+/* ocsp_vfy.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/ocsp.h>
+#include <openssl/err.h>
+#include <string.h>
+
+static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+				X509_STORE *st, unsigned long flags);
+static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags);
+static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret);
+static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, STACK_OF(OCSP_SINGLERESP) *sresp);
+static int ocsp_check_delegated(X509 *x, int flags);
+static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs,
+				X509_STORE *st, unsigned long flags);
+
+/* Verify a basic response message */
+
+int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+				X509_STORE *st, unsigned long flags)
+	{
+	X509 *signer, *x;
+	STACK_OF(X509) *chain = NULL;
+	X509_STORE_CTX ctx;
+	int i, ret = 0;
+	ret = ocsp_find_signer(&signer, bs, certs, st, flags);
+	if (!ret)
+		{
+		OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
+		goto end;
+		}
+	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
+		flags |= OCSP_NOVERIFY;
+	if (!(flags & OCSP_NOSIGS))
+		{
+		EVP_PKEY *skey;
+		skey = X509_get_pubkey(signer);
+		ret = OCSP_BASICRESP_verify(bs, skey, 0);
+		EVP_PKEY_free(skey);
+		if(ret <= 0)
+			{
+			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
+			goto end;
+			}
+		}
+	if (!(flags & OCSP_NOVERIFY))
+		{
+		int init_res;
+		if(flags & OCSP_NOCHAIN)
+			init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);
+		else
+			init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
+		if(!init_res)
+			{
+			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
+			goto end;
+			}
+
+		X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
+		ret = X509_verify_cert(&ctx);
+		chain = X509_STORE_CTX_get1_chain(&ctx);
+		X509_STORE_CTX_cleanup(&ctx);
+                if (ret <= 0)
+			{
+			i = X509_STORE_CTX_get_error(&ctx);	
+			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR);
+			ERR_add_error_data(2, "Verify error:",
+					X509_verify_cert_error_string(i));
+                        goto end;
+                	}
+		if(flags & OCSP_NOCHECKS)
+			{
+			ret = 1;
+			goto end;
+			}
+		/* At this point we have a valid certificate chain
+		 * need to verify it against the OCSP issuer criteria.
+		 */
+		ret = ocsp_check_issuer(bs, chain, flags);
+
+		/* If fatal error or valid match then finish */
+		if (ret != 0) goto end;
+
+		/* Easy case: explicitly trusted. Get root CA and
+		 * check for explicit trust
+		 */
+		if(flags & OCSP_NOEXPLICIT) goto end;
+
+		x = sk_X509_value(chain, sk_X509_num(chain) - 1);
+		if(X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED)
+			{
+			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_ROOT_CA_NOT_TRUSTED);
+			goto end;
+			}
+		ret = 1;
+		}
+
+
+
+	end:
+	if(chain) sk_X509_pop_free(chain, X509_free);
+	return ret;
+	}
+
+
+static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+				X509_STORE *st, unsigned long flags)
+	{
+	X509 *signer;
+	OCSP_RESPID *rid = bs->tbsResponseData->responderId;
+	if ((signer = ocsp_find_signer_sk(certs, rid)))
+		{
+		*psigner = signer;
+		return 2;
+		}
+	if(!(flags & OCSP_NOINTERN) &&
+	    (signer = ocsp_find_signer_sk(bs->certs, rid)))
+		{
+		*psigner = signer;
+		return 1;
+		}
+	/* Maybe lookup from store if by subject name */
+
+	*psigner = NULL;
+	return 0;
+	}
+
+
+static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
+	{
+	int i;
+	unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
+	X509 *x;
+
+	/* Easy if lookup by name */
+	if (id->type == V_OCSP_RESPID_NAME)
+		return X509_find_by_subject(certs, id->value.byName);
+
+	/* Lookup by key hash */
+
+	/* If key hash isn't SHA1 length then forget it */
+	if (id->value.byKey->length != SHA_DIGEST_LENGTH) return NULL;
+	keyhash = id->value.byKey->data;
+	/* Calculate hash of each key and compare */
+	for (i = 0; i < sk_X509_num(certs); i++)
+		{
+		x = sk_X509_value(certs, i);
+		X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
+		if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
+			return x;
+		}
+	return NULL;
+	}
+
+
+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags)
+	{
+	STACK_OF(OCSP_SINGLERESP) *sresp;
+	X509 *signer, *sca;
+	OCSP_CERTID *caid = NULL;
+	int i;
+	sresp = bs->tbsResponseData->responses;
+
+	if (sk_X509_num(chain) <= 0)
+		{
+		OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
+		return -1;
+		}
+
+	/* See if the issuer IDs match. */
+	i = ocsp_check_ids(sresp, &caid);
+
+	/* If ID mismatch or other error then return */
+	if (i <= 0) return i;
+
+	signer = sk_X509_value(chain, 0);
+	/* Check to see if OCSP responder CA matches request CA */
+	if (sk_X509_num(chain) > 1)
+		{
+		sca = sk_X509_value(chain, 1);
+		i = ocsp_match_issuerid(sca, caid, sresp);
+		if (i < 0) return i;
+		if (i)
+			{
+			/* We have a match, if extensions OK then success */
+			if (ocsp_check_delegated(signer, flags)) return 1;
+			return 0;
+			}
+		}
+
+	/* Otherwise check if OCSP request signed directly by request CA */
+	return ocsp_match_issuerid(signer, caid, sresp);
+	}
+
+
+/* Check the issuer certificate IDs for equality. If there is a mismatch with the same
+ * algorithm then there's no point trying to match any certificates against the issuer.
+ * If the issuer IDs all match then we just need to check equality against one of them.
+ */
+	
+static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
+	{
+	OCSP_CERTID *tmpid, *cid;
+	int i, idcount;
+
+	idcount = sk_OCSP_SINGLERESP_num(sresp);
+	if (idcount <= 0)
+		{
+		OCSPerr(OCSP_F_OCSP_CHECK_IDS, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
+		return -1;
+		}
+
+	cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
+
+	*ret = NULL;
+
+	for (i = 1; i < idcount; i++)
+		{
+		tmpid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
+		/* Check to see if IDs match */
+		if (OCSP_id_issuer_cmp(cid, tmpid))
+			{
+			/* If algoritm mismatch let caller deal with it */
+			if (OBJ_cmp(tmpid->hashAlgorithm->algorithm,
+					cid->hashAlgorithm->algorithm))
+					return 2;
+			/* Else mismatch */
+			return 0;
+			}
+		}
+
+	/* All IDs match: only need to check one ID */
+	*ret = cid;
+	return 1;
+	}
+
+
+static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
+			STACK_OF(OCSP_SINGLERESP) *sresp)
+	{
+	/* If only one ID to match then do it */
+	if(cid)
+		{
+		const EVP_MD *dgst;
+		X509_NAME *iname;
+		int mdlen;
+		unsigned char md[EVP_MAX_MD_SIZE];
+		if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm)))
+			{
+			OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID, OCSP_R_UNKNOWN_MESSAGE_DIGEST);
+			return -1;
+			}
+
+		mdlen = EVP_MD_size(dgst);
+		if ((cid->issuerNameHash->length != mdlen) ||
+		   (cid->issuerKeyHash->length != mdlen))
+			return 0;
+		iname = X509_get_subject_name(cert);
+		if (!X509_NAME_digest(iname, dgst, md, NULL))
+			return -1;
+		if (memcmp(md, cid->issuerNameHash->data, mdlen))
+			return 0;
+		X509_pubkey_digest(cert, EVP_sha1(), md, NULL);
+		if (memcmp(md, cid->issuerKeyHash->data, mdlen))
+			return 0;
+
+		return 1;
+
+		}
+	else
+		{
+		/* We have to match the whole lot */
+		int i, ret;
+		OCSP_CERTID *tmpid;
+		for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++)
+			{
+			tmpid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
+			ret = ocsp_match_issuerid(cert, tmpid, NULL);
+			if (ret <= 0) return ret;
+			}
+		return 1;
+		}
+			
+	}
+
+static int ocsp_check_delegated(X509 *x, int flags)
+	{
+	X509_check_purpose(x, -1, 0);
+	if ((x->ex_flags & EXFLAG_XKUSAGE) &&
+	    (x->ex_xkusage & XKU_OCSP_SIGN))
+		return 1;
+	OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
+	return 0;
+	}
+
+/* Verify an OCSP request. This is fortunately much easier than OCSP
+ * response verify. Just find the signers certificate and verify it
+ * against a given trust value.
+ */
+
+int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags)
+        {
+	X509 *signer;
+	X509_NAME *nm;
+	GENERAL_NAME *gen;
+	int ret;
+	X509_STORE_CTX ctx;
+	if (!req->optionalSignature) 
+		{
+		OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
+		return 0;
+		}
+	gen = req->tbsRequest->requestorName;
+	if (gen->type != GEN_DIRNAME)
+		{
+		OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
+		return 0;
+		}
+	nm = gen->d.directoryName;
+	ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);
+	if (ret <= 0)
+		{
+		OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
+		return 0;
+		}
+	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
+		flags |= OCSP_NOVERIFY;
+	if (!(flags & OCSP_NOSIGS))
+		{
+		EVP_PKEY *skey;
+		skey = X509_get_pubkey(signer);
+		ret = OCSP_REQUEST_verify(req, skey);
+		EVP_PKEY_free(skey);
+		if(ret <= 0)
+			{
+			OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
+			return 0;
+			}
+		}
+	if (!(flags & OCSP_NOVERIFY))
+		{
+		int init_res;
+		if(flags & OCSP_NOCHAIN)
+			init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL);
+		else
+			init_res = X509_STORE_CTX_init(&ctx, store, signer,
+					req->optionalSignature->certs);
+		if(!init_res)
+			{
+			OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB);
+			return 0;
+			}
+
+		X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
+		X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST);
+		ret = X509_verify_cert(&ctx);
+		X509_STORE_CTX_cleanup(&ctx);
+                if (ret <= 0)
+			{
+			ret = X509_STORE_CTX_get_error(&ctx);	
+			OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR);
+			ERR_add_error_data(2, "Verify error:",
+					X509_verify_cert_error_string(ret));
+                        return 0;
+                	}
+		}
+	return 1;
+        }
+
+static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs,
+				X509_STORE *st, unsigned long flags)
+	{
+	X509 *signer;
+	if(!(flags & OCSP_NOINTERN))
+		{
+		signer = X509_find_by_subject(req->optionalSignature->certs, nm);
+		*psigner = signer;
+		return 1;
+		}
+
+	signer = X509_find_by_subject(certs, nm);
+	if (signer)
+		{
+		*psigner = signer;
+		return 2;
+		}
+	return 0;
+	}
diff --git a/crypto/opensslconf.h.in b/crypto/opensslconf.h.in
new file mode 100644
index 0000000000..9082a16c46
--- /dev/null
+++ b/crypto/opensslconf.h.in
@@ -0,0 +1,158 @@
+/* crypto/opensslconf.h.in */
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+#define OPENSSLDIR "/usr/local/ssl"
+#endif
+#endif
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
+#define IDEA_INT unsigned int
+#endif
+
+#if defined(HEADER_MD2_H) && !defined(MD2_INT)
+#define MD2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC2_H) && !defined(RC2_INT)
+/* I need to put in a mod for the alpha - eay */
+#define RC2_INT unsigned int
+#endif
+
+#if defined(HEADER_RC4_H)
+#if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
+/*
+ * I don't know what does "most" mean, but declaring "int" is a must on:
+ * - Intel P6 because partial register stalls are very expensive;
+ * - elder Alpha because it lacks byte load/store instructions;
+ */
+#define RC4_INT unsigned int
+#endif
+#if !defined(RC4_CHUNK)
+/*
+ * This enables code handling data aligned at natural CPU word
+ * boundary. See crypto/rc4/rc4_enc.c for further details.
+ */
+#undef RC4_CHUNK
+#endif
+#endif
+
+#if (defined(HEADER_DES_H) || defined(HEADER_DES_OLD_H)) && !defined(DES_LONG)
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
+#ifndef DES_LONG
+#define DES_LONG unsigned long
+#endif
+#endif
+
+#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+#define CONFIG_HEADER_BN_H
+#undef BN_LLONG
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+#undef SIXTEEN_BIT
+#undef EIGHT_BIT
+#endif
+
+#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
+#define CONFIG_HEADER_RC4_LOCL_H
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
+#undef RC4_INDEX
+#endif
+
+#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+#define CONFIG_HEADER_BF_LOCL_H
+#undef BF_PTR
+#endif /* HEADER_BF_LOCL_H */
+
+#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
+#define CONFIG_HEADER_DES_LOCL_H
+#ifndef DES_DEFAULT_OPTIONS
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
+#ifndef DES_PTR
+#undef DES_PTR
+#endif
+
+/* This helps C compiler generate the correct code for multiple functional
+ * units.  It reduces register dependancies at the expense of 2 more
+ * registers */
+#ifndef DES_RISC1
+#undef DES_RISC1
+#endif
+
+#ifndef DES_RISC2
+#undef DES_RISC2
+#endif
+
+#if defined(DES_RISC1) && defined(DES_RISC2)
+YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
+#endif
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
+#ifndef DES_UNROLL
+#undef DES_UNROLL
+#endif
+
+/* These default values were supplied by
+ * Peter Gutman <pgut001@cs.auckland.ac.nz>
+ * They are only used if nothing else has been defined */
+#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
+/* Special defines which change the way the code is built depending on the
+   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
+   even newer MIPS CPU's, but at the moment one size fits all for
+   optimization options.  Older Sparc's work better with only UNROLL, but
+   there's no way to tell at compile time what it is you're running on */
+ 
+#if defined( sun )		/* Newer Sparc's */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#elif defined( __ultrix )	/* Older MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined( __osf1__ )	/* Alpha */
+#  define DES_PTR
+#  define DES_RISC2
+#elif defined ( _AIX )		/* RS6000 */
+  /* Unknown */
+#elif defined( __hpux )		/* HP-PA */
+  /* Unknown */
+#elif defined( __aux )		/* 68K */
+  /* Unknown */
+#elif defined( __dgux )		/* 88K (but P6 in latest boxes) */
+#  define DES_UNROLL
+#elif defined( __sgi )		/* Newer MIPS */
+#  define DES_PTR
+#  define DES_RISC2
+#  define DES_UNROLL
+#elif defined(i386) || defined(__i386__)	/* x86 boxes, should be gcc */
+#  define DES_PTR
+#  define DES_RISC1
+#  define DES_UNROLL
+#endif /* Systems-specific speed defines */
+#endif
+
+#endif /* DES_DEFAULT_OPTIONS */
+#endif /* HEADER_DES_LOCL_H */
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
new file mode 100644
index 0000000000..e63b275e46
--- /dev/null
+++ b/crypto/opensslv.h
@@ -0,0 +1,85 @@
+#ifndef HEADER_OPENSSLV_H
+#define HEADER_OPENSSLV_H
+
+/* Numeric release version identifier:
+ * MNNFFPPS: major minor fix patch status
+ * The status nibble has one of the values 0 for development, 1 to e for betas
+ * 1 to 14, and f for release.  The patch level is exactly that.
+ * For example:
+ * 0.9.3-dev	  0x00903000
+ * 0.9.3-beta1	  0x00903001
+ * 0.9.3-beta2-dev 0x00903002
+ * 0.9.3-beta2    0x00903002 (same as ...beta2-dev)
+ * 0.9.3	  0x0090300f
+ * 0.9.3a	  0x0090301f
+ * 0.9.4 	  0x0090400f
+ * 1.2.3z	  0x102031af
+ *
+ * For continuity reasons (because 0.9.5 is already out, and is coded
+ * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level
+ * part is slightly different, by setting the highest bit.  This means
+ * that 0.9.5a looks like this: 0x0090581f.  At 0.9.6, we can start
+ * with 0x0090600S...
+ *
+ * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.)
+ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+ *  major minor fix final patch/beta)
+ */
+#define OPENSSL_VERSION_NUMBER	0x00908000L
+#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.8-dev XX xxx XXXX"
+#define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
+
+
+/* The macros below are to be used for shared library (.so, .dll, ...)
+ * versioning.  That kind of versioning works a bit differently between
+ * operating systems.  The most usual scheme is to set a major and a minor
+ * number, and have the runtime loader check that the major number is equal
+ * to what it was at application link time, while the minor number has to
+ * be greater or equal to what it was at application link time.  With this
+ * scheme, the version number is usually part of the file name, like this:
+ *
+ *	libcrypto.so.0.9
+ *
+ * Some unixen also make a softlink with the major verson number only:
+ *
+ *	libcrypto.so.0
+ *
+ * On Tru64 and IRIX 6.x it works a little bit differently.  There, the
+ * shared library version is stored in the file, and is actually a series
+ * of versions, separated by colons.  The rightmost version present in the
+ * library when linking an application is stored in the application to be
+ * matched at run time.  When the application is run, a check is done to
+ * see if the library version stored in the application matches any of the
+ * versions in the version string of the library itself.
+ * This version string can be constructed in any way, depending on what
+ * kind of matching is desired.  However, to implement the same scheme as
+ * the one used in the other unixen, all compatible versions, from lowest
+ * to highest, should be part of the string.  Consecutive builds would
+ * give the following versions strings:
+ *
+ *	3.0
+ *	3.0:3.1
+ *	3.0:3.1:3.2
+ *	4.0
+ *	4.0:4.1
+ *
+ * Notice how version 4 is completely incompatible with version, and
+ * therefore give the breach you can see.
+ *
+ * There may be other schemes as well that I haven't yet discovered.
+ *
+ * So, here's the way it works here: first of all, the library version
+ * number doesn't need at all to match the overall OpenSSL version.
+ * However, it's nice and more understandable if it actually does.
+ * The current library version is stored in the macro SHLIB_VERSION_NUMBER,
+ * which is just a piece of text in the format "M.m.e" (Major, minor, edit).
+ * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways,
+ * we need to keep a history of version numbers, which is done in the
+ * macro SHLIB_VERSION_HISTORY.  The numbers are separated by colons and
+ * should only keep the versions that are binary compatible with the current.
+ */
+#define SHLIB_VERSION_HISTORY ""
+#define SHLIB_VERSION_NUMBER "0.9.8"
+
+
+#endif /* HEADER_OPENSSLV_H */
diff --git a/crypto/ossl_typ.h b/crypto/ossl_typ.h
new file mode 100644
index 0000000000..420d5e68fb
--- /dev/null
+++ b/crypto/ossl_typ.h
@@ -0,0 +1,123 @@
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_OPENSSL_TYPES_H
+#define HEADER_OPENSSL_TYPES_H
+
+#ifdef NO_ASN1_TYPEDEFS
+#define ASN1_INTEGER		ASN1_STRING
+#define ASN1_ENUMERATED		ASN1_STRING
+#define ASN1_BIT_STRING		ASN1_STRING
+#define ASN1_OCTET_STRING	ASN1_STRING
+#define ASN1_PRINTABLESTRING	ASN1_STRING
+#define ASN1_T61STRING		ASN1_STRING
+#define ASN1_IA5STRING		ASN1_STRING
+#define ASN1_UTCTIME		ASN1_STRING
+#define ASN1_GENERALIZEDTIME	ASN1_STRING
+#define ASN1_TIME		ASN1_STRING
+#define ASN1_GENERALSTRING	ASN1_STRING
+#define ASN1_UNIVERSALSTRING	ASN1_STRING
+#define ASN1_BMPSTRING		ASN1_STRING
+#define ASN1_VISIBLESTRING	ASN1_STRING
+#define ASN1_UTF8STRING		ASN1_STRING
+#define ASN1_BOOLEAN		int
+#define ASN1_NULL		int
+#else
+typedef struct asn1_string_st ASN1_INTEGER;
+typedef struct asn1_string_st ASN1_ENUMERATED;
+typedef struct asn1_string_st ASN1_BIT_STRING;
+typedef struct asn1_string_st ASN1_OCTET_STRING;
+typedef struct asn1_string_st ASN1_PRINTABLESTRING;
+typedef struct asn1_string_st ASN1_T61STRING;
+typedef struct asn1_string_st ASN1_IA5STRING;
+typedef struct asn1_string_st ASN1_GENERALSTRING;
+typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
+typedef struct asn1_string_st ASN1_BMPSTRING;
+typedef struct asn1_string_st ASN1_UTCTIME;
+typedef struct asn1_string_st ASN1_TIME;
+typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
+typedef struct asn1_string_st ASN1_VISIBLESTRING;
+typedef struct asn1_string_st ASN1_UTF8STRING;
+typedef int ASN1_BOOLEAN;
+typedef int ASN1_NULL;
+#endif
+
+#ifdef OPENSSL_SYS_WIN32
+#undef X509_NAME
+#undef PKCS7_ISSUER_AND_SERIAL
+#endif
+
+typedef struct evp_cipher_st EVP_CIPHER;
+typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
+typedef struct env_md_st EVP_MD;
+typedef struct env_md_ctx_st EVP_MD_CTX;
+typedef struct evp_pkey_st EVP_PKEY;
+
+typedef struct x509_st X509;
+typedef struct X509_algor_st X509_ALGOR;
+typedef struct X509_crl_st X509_CRL;
+typedef struct X509_name_st X509_NAME;
+typedef struct x509_store_st X509_STORE;
+typedef struct x509_store_ctx_st X509_STORE_CTX;
+
+typedef struct v3_ext_ctx X509V3_CTX;
+typedef struct conf_st CONF;
+
+typedef struct engine_st ENGINE;
+
+  /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */
+#define DECLARE_PKCS12_STACK_OF(type) /* Nothing */
+#define IMPLEMENT_PKCS12_STACK_OF(type) /* Nothing */
+
+#endif /* def HEADER_OPENSSL_TYPES_H */
diff --git a/crypto/pem/.cvsignore b/crypto/pem/.cvsignore
new file mode 100644
index 0000000000..d0340d6553
--- /dev/null
+++ b/crypto/pem/.cvsignore
@@ -0,0 +1,3 @@
+lib
+ctx_size
+Makefile.save
diff --git a/crypto/pem/Makefile.ssl b/crypto/pem/Makefile.ssl
index fc04a88fd9..afeb417a34 100644
--- a/crypto/pem/Makefile.ssl
+++ b/crypto/pem/Makefile.ssl
@@ -5,32 +5,33 @@
 DIR=	pem
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=pem
-ERRC=pem_err
 GENERAL=Makefile
 TEST=
 APPS=
 
-CTX_SIZE= ctx_size
-
 LIB=$(TOP)/libcrypto.a
-LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c $(ERRC).c
+LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c \
+	pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c
 
-LIBOBJ=	pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o $(ERRC).o
+LIBOBJ=	pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o \
+	pem_x509.o pem_xaux.o pem_oth.o pem_pk8.o pem_pkey.o
 
 SRC= $(LIBSRC)
 
-EXHEADER= pem.h
+EXHEADER= pem.h pem2.h
 HEADER=	$(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -38,36 +39,27 @@ ALL=    $(GENERAL) $(SRC) $(HEADER)
 top:
 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
 
-all:	pem.h lib
-
-pem.h: $(CTX_SIZE)
-	./$(CTX_SIZE) <pem.org >pem.new
-	if [ -f pem.h ]; then mv -f pem.h pem.old; fi
-	mv -f pem.new pem.h
-
-$(CTX_SIZE): $(CTX_SIZE).o
-	$(CC) $(CFLAGS) -o $(CTX_SIZE) $(CTX_SIZE).o
+all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
-links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+links: $(EXHEADER)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -79,18 +71,280 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(CTX_SIZE).c $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f $(CTX_SIZE) *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).org # SPECIAL CASE .org
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+pem_all.o: ../../e_os.h ../../include/openssl/aes.h
+pem_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_all.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_all.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_all.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_all.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pem_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pem_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pem_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pem_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_all.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pem_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_all.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_all.o: ../cryptlib.h pem_all.c
+pem_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+pem_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+pem_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pem_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pem_err.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pem_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pem_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pem_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pem_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pem_err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pem_err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pem_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pem_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pem_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pem_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+pem_err.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+pem_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_err.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_err.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_err.o: ../../include/openssl/x509_vfy.h pem_err.c
+pem_info.o: ../../e_os.h ../../include/openssl/aes.h
+pem_info.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_info.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_info.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_info.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_info.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_info.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_info.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pem_info.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pem_info.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pem_info.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pem_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_info.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pem_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_info.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_info.o: ../cryptlib.h pem_info.c
+pem_lib.o: ../../e_os.h ../../include/openssl/aes.h
+pem_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pem_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pem_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pem_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pem_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_lib.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pem_lib.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+pem_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_lib.o: ../cryptlib.h pem_lib.c
+pem_oth.o: ../../e_os.h ../../include/openssl/aes.h
+pem_oth.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_oth.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_oth.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_oth.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_oth.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_oth.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_oth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_oth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_oth.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pem_oth.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pem_oth.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pem_oth.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pem_oth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_oth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_oth.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_oth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_oth.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_oth.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_oth.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_oth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_oth.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_oth.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_oth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_oth.c
+pem_pk8.o: ../../e_os.h ../../include/openssl/aes.h
+pem_pk8.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_pk8.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_pk8.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_pk8.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_pk8.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_pk8.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_pk8.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_pk8.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_pk8.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pem_pk8.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pem_pk8.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pem_pk8.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pem_pk8.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_pk8.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_pk8.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_pk8.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pem_pk8.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+pem_pk8.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_pk8.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_pk8.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_pk8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_pk8.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_pk8.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_pk8.o: ../cryptlib.h pem_pk8.c
+pem_pkey.o: ../../e_os.h ../../include/openssl/aes.h
+pem_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_pkey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_pkey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_pkey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pem_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pem_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pem_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pem_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_pkey.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_pkey.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+pem_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+pem_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_pkey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_pkey.o: ../cryptlib.h pem_pkey.c
+pem_seal.o: ../../e_os.h ../../include/openssl/aes.h
+pem_seal.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_seal.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_seal.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_seal.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_seal.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_seal.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_seal.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_seal.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pem_seal.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pem_seal.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pem_seal.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pem_seal.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_seal.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_seal.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_seal.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_seal.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_seal.c
+pem_sign.o: ../../e_os.h ../../include/openssl/aes.h
+pem_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_sign.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_sign.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pem_sign.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pem_sign.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pem_sign.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pem_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_sign.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pem_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pem_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pem_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pem_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pem_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pem_sign.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pem_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_sign.c
+pem_x509.o: ../../e_os.h ../../include/openssl/aes.h
+pem_x509.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_x509.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_x509.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_x509.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pem_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pem_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pem_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pem_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_x509.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pem_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_x509.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_x509.o: ../cryptlib.h pem_x509.c
+pem_xaux.o: ../../e_os.h ../../include/openssl/aes.h
+pem_xaux.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pem_xaux.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pem_xaux.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pem_xaux.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pem_xaux.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pem_xaux.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pem_xaux.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pem_xaux.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pem_xaux.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pem_xaux.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pem_xaux.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pem_xaux.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pem_xaux.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pem_xaux.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pem_xaux.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pem_xaux.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pem_xaux.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pem_xaux.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pem_xaux.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pem_xaux.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pem_xaux.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pem_xaux.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pem_xaux.o: ../cryptlib.h pem_xaux.c
diff --git a/crypto/pem/gmon.out b/crypto/pem/gmon.out
deleted file mode 100644
index f26186dcdd..0000000000
--- a/crypto/pem/gmon.out
+++ /dev/null
diff --git a/crypto/pem/pem.err b/crypto/pem/pem.err
deleted file mode 100644
index 0e523abf82..0000000000
--- a/crypto/pem/pem.err
+++ /dev/null
@@ -1,38 +0,0 @@
-/* Error codes for the PEM functions. */
-
-/* Function codes. */
-#define PEM_F_DEF_CALLBACK				 100
-#define PEM_F_LOAD_IV					 101
-#define PEM_F_PEM_ASN1_READ				 102
-#define PEM_F_PEM_ASN1_READ_BIO				 103
-#define PEM_F_PEM_ASN1_WRITE				 104
-#define PEM_F_PEM_ASN1_WRITE_BIO			 105
-#define PEM_F_PEM_DO_HEADER				 106
-#define PEM_F_PEM_GET_EVP_CIPHER_INFO			 107
-#define PEM_F_PEM_READ					 108
-#define PEM_F_PEM_READ_BIO				 109
-#define PEM_F_PEM_SEALFINAL				 110
-#define PEM_F_PEM_SEALINIT				 111
-#define PEM_F_PEM_SIGNFINAL				 112
-#define PEM_F_PEM_WRITE					 113
-#define PEM_F_PEM_WRITE_BIO				 114
-#define PEM_F_PEM_X509_INFO_READ			 115
-#define PEM_F_PEM_X509_INFO_READ_BIO			 116
-#define PEM_F_PEM_X509_INFO_WRITE_BIO			 117
-
-/* Reason codes. */
-#define PEM_R_BAD_BASE64_DECODE				 100
-#define PEM_R_BAD_DECRYPT				 101
-#define PEM_R_BAD_END_LINE				 102
-#define PEM_R_BAD_IV_CHARS				 103
-#define PEM_R_BAD_PASSWORD_READ				 104
-#define PEM_R_NOT_DEK_INFO				 105
-#define PEM_R_NOT_ENCRYPTED				 106
-#define PEM_R_NOT_PROC_TYPE				 107
-#define PEM_R_NO_START_LINE				 108
-#define PEM_R_PROBLEMS_GETTING_PASSWORD			 109
-#define PEM_R_PUBLIC_KEY_NO_RSA				 110
-#define PEM_R_READ_KEY					 111
-#define PEM_R_SHORT_HEADER				 112
-#define PEM_R_UNSUPPORTED_CIPHER			 113
-#define PEM_R_UNSUPPORTED_ENCRYPTION			 114
diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h
index 55fbaeffe2..02dd9f2b67 100644
--- a/crypto/pem/pem.h
+++ b/crypto/pem/pem.h
@@ -1,4 +1,4 @@
-/* crypto/pem/pem.org */
+/* crypto/pem/pem.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,23 +56,25 @@
  * [including the GNU Public Licence.]
  */
 
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
- *
- * Always modify pem.org since pem.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
 #ifndef HEADER_PEM_H
 #define HEADER_PEM_H
 
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#ifndef OPENSSL_NO_STACK
+#include <openssl/stack.h>
+#endif
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem2.h>
+#include <openssl/e_os2.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#include "evp.h"
-#include "x509.h"
+#define PEM_BUFSIZE		1024
 
 #define PEM_OBJ_UNDEF		0
 #define PEM_OBJ_X509		1
@@ -89,6 +91,9 @@ extern "C" {
 #define PEM_OBJ_DHPARAMS	17
 #define PEM_OBJ_DSAPARAMS	18
 #define PEM_OBJ_PRIV_RSA_PUBLIC	19
+#define PEM_OBJ_PRIV_ECDSA	20
+#define PEM_OBJ_PUB_ECDSA	21
+#define PEM_OBJ_ECPARAMETERS	22
 
 #define PEM_ERROR		30
 #define PEM_DEK_DES_CBC         40
@@ -108,49 +113,29 @@ extern "C" {
 
 #define PEM_STRING_X509_OLD	"X509 CERTIFICATE"
 #define PEM_STRING_X509		"CERTIFICATE"
+#define PEM_STRING_X509_PAIR	"CERTIFICATE PAIR"
+#define PEM_STRING_X509_TRUSTED	"TRUSTED CERTIFICATE"
 #define PEM_STRING_X509_REQ_OLD	"NEW CERTIFICATE REQUEST"
 #define PEM_STRING_X509_REQ	"CERTIFICATE REQUEST"
 #define PEM_STRING_X509_CRL	"X509 CRL"
-#define PEM_STRING_EVP_PKEY	"PRIVATE KEY"
+#define PEM_STRING_EVP_PKEY	"ANY PRIVATE KEY"
+#define PEM_STRING_PUBLIC	"PUBLIC KEY"
 #define PEM_STRING_RSA		"RSA PRIVATE KEY"
 #define PEM_STRING_RSA_PUBLIC	"RSA PUBLIC KEY"
 #define PEM_STRING_DSA		"DSA PRIVATE KEY"
+#define PEM_STRING_DSA_PUBLIC	"DSA PUBLIC KEY"
 #define PEM_STRING_PKCS7	"PKCS7"
+#define PEM_STRING_PKCS8	"ENCRYPTED PRIVATE KEY"
+#define PEM_STRING_PKCS8INF	"PRIVATE KEY"
 #define PEM_STRING_DHPARAMS	"DH PARAMETERS"
 #define PEM_STRING_SSL_SESSION	"SSL SESSION PARAMETERS"
 #define PEM_STRING_DSAPARAMS	"DSA PARAMETERS"
+#define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
+#define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
+#define PEM_STRING_ECPRIVATEKEY	"EC PRIVATE KEY"
 
-#ifndef HEADER_ENVELOPE_H
-
-#define EVP_ENCODE_CTX_SIZE  96
-#define EVP_MD_SIZE  60
-#define EVP_MD_CTX_SIZE  152
-#define EVP_CIPHER_SIZE  40
-#define EVP_CIPHER_CTX_SIZE  4212
-#define EVP_MAX_MD_SIZE  20
-
-typedef struct evp_encode_ctx_st
-	{
-	char data[EVP_ENCODE_CTX_SIZE];
-	} EVP_ENCODE_CTX;
-
-typedef struct env_md_ctx_st
-	{
-	char data[EVP_MD_CTX_SIZE];
-	} EVP_MD_CTX;
-
-typedef struct evp_cipher_st
-	{
-	char data[EVP_CIPHER_SIZE];
-	} EVP_CIPHER;
-
-typedef struct evp_cipher_ctx_st
-	{
-	char data[EVP_CIPHER_CTX_SIZE];
-	} EVP_CIPHER_CTX;
-#endif
-
-
+  /* Note that this structure is initialised by PEM_SealInit and cleaned up
+     by PEM_SealFinal (at least for now) */
 typedef struct PEM_Encode_Seal_st
 	{
 	EVP_ENCODE_CTX encode;
@@ -171,7 +156,7 @@ typedef struct pem_recip_st
 
 	int cipher;
 	int key_enc;
-	char iv[8];
+	/*	char iv[8]; unused and wrong size */
 	} PEM_USER;
 
 typedef struct pem_ctx_st
@@ -187,7 +172,8 @@ typedef struct pem_ctx_st
 
 	struct	{
 		int cipher;
-		unsigned char iv[8];
+	/* unused, and wrong size
+	   unsigned char iv[8]; */
 		} DEK_info;
 		
 	PEM_USER *originator;
@@ -195,7 +181,7 @@ typedef struct pem_ctx_st
 	int num_recipient;
 	PEM_USER **recipient;
 
-#ifdef HEADER_STACK_H
+#ifndef OPENSSL_NO_STACK
 	STACK *x509_chain;	/* certificate chain */
 #else
 	char *x509_chain;	/* certificate chain */
@@ -209,7 +195,8 @@ typedef struct pem_ctx_st
 	EVP_CIPHER *dec;	/* date encryption cipher */
 	int key_len;		/* key length */
 	unsigned char *key;	/* key */
-	unsigned char iv[8];	/* the iv */
+	/* unused, and wrong size
+	   unsigned char iv[8]; */
 
 	
 	int  data_enc;		/* is the data encrypted */
@@ -217,151 +204,324 @@ typedef struct pem_ctx_st
 	unsigned char *data;
 	} PEM_CTX;
 
+/* These macros make the PEM_read/PEM_write functions easier to maintain and
+ * write. Now they are all implemented with either:
+ * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...)
+ */
+
+#ifdef OPENSSL_NO_FP_API
+
+#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
+#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
+#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
+
+#else
+
+#define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
+type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
+{ \
+return((type *)PEM_ASN1_read((char *(*)())d2i_##asn1, str,fp,(char **)x,\
+	cb,u)); \
+} \
+
+#define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x) \
+{ \
+return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, (char *)x, \
+							 NULL,NULL,0,NULL,NULL)); \
+} 
+
+#define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+	     unsigned char *kstr, int klen, pem_password_cb *cb, \
+		  void *u) \
+	{ \
+	return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, \
+		(char *)x,enc,kstr,klen,cb,u)); \
+	}
+
+#endif
+
+#define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
+{ \
+return((type *)PEM_ASN1_read_bio((char *(*)())d2i_##asn1, str,bp,\
+							(char **)x,cb,u)); \
+}
+
+#define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x) \
+{ \
+return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, (char *)x, \
+							 NULL,NULL,0,NULL,NULL)); \
+}
+
+#define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
+	{ \
+	return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, \
+		(char *)x,enc,kstr,klen,cb,u)); \
+	}
+
+#define IMPLEMENT_PEM_write(name, type, str, asn1) \
+	IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+	IMPLEMENT_PEM_write_fp(name, type, str, asn1) 
+
+#define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
+	IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+	IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) 
+
+#define IMPLEMENT_PEM_read(name, type, str, asn1) \
+	IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+	IMPLEMENT_PEM_read_fp(name, type, str, asn1) 
+
+#define IMPLEMENT_PEM_rw(name, type, str, asn1) \
+	IMPLEMENT_PEM_read(name, type, str, asn1) \
+	IMPLEMENT_PEM_write(name, type, str, asn1)
+
+#define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
+	IMPLEMENT_PEM_read(name, type, str, asn1) \
+	IMPLEMENT_PEM_write_cb(name, type, str, asn1)
+
+/* These are the same except they are for the declarations */
+
+#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API)
+
+#define DECLARE_PEM_read_fp(name, type) /**/
+#define DECLARE_PEM_write_fp(name, type) /**/
+#define DECLARE_PEM_write_cb_fp(name, type) /**/
+
+#else
+
+#define DECLARE_PEM_read_fp(name, type) \
+	type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);
+
+#define DECLARE_PEM_write_fp(name, type) \
+	int PEM_write_##name(FILE *fp, type *x);
+
+#define DECLARE_PEM_write_cb_fp(name, type) \
+	int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
+
+#endif
+
+#ifndef OPENSSL_NO_BIO
+#define DECLARE_PEM_read_bio(name, type) \
+	type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);
+
+#define DECLARE_PEM_write_bio(name, type) \
+	int PEM_write_bio_##name(BIO *bp, type *x);
+
+#define DECLARE_PEM_write_cb_bio(name, type) \
+	int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
+
+#else
+
+#define DECLARE_PEM_read_bio(name, type) /**/
+#define DECLARE_PEM_write_bio(name, type) /**/
+#define DECLARE_PEM_write_cb_bio(name, type) /**/
+
+#endif
+
+#define DECLARE_PEM_write(name, type) \
+	DECLARE_PEM_write_bio(name, type) \
+	DECLARE_PEM_write_fp(name, type) 
+
+#define DECLARE_PEM_write_cb(name, type) \
+	DECLARE_PEM_write_cb_bio(name, type) \
+	DECLARE_PEM_write_cb_fp(name, type) 
+
+#define DECLARE_PEM_read(name, type) \
+	DECLARE_PEM_read_bio(name, type) \
+	DECLARE_PEM_read_fp(name, type)
+
+#define DECLARE_PEM_rw(name, type) \
+	DECLARE_PEM_read(name, type) \
+	DECLARE_PEM_write(name, type)
+
+#define DECLARE_PEM_rw_cb(name, type) \
+	DECLARE_PEM_read(name, type) \
+	DECLARE_PEM_write_cb(name, type)
+
 #ifdef SSLEAY_MACROS
 
 #define PEM_write_SSL_SESSION(fp,x) \
 		PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
-			PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL)
+			PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_X509(fp,x) \
 		PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
-			(char *)x, NULL,NULL,0,NULL)
+			(char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \
 		(int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \
-			NULL,NULL,0,NULL)
+			NULL,NULL,0,NULL,NULL)
 #define PEM_write_X509_CRL(fp,x) \
 		PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \
-			fp,(char *)x, NULL,NULL,0,NULL)
-#define	PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb) \
+			fp,(char *)x, NULL,NULL,0,NULL,NULL)
+#define	PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
 		PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\
-			(char *)x,enc,kstr,klen,cb)
+			(char *)x,enc,kstr,klen,cb,u)
 #define	PEM_write_RSAPublicKey(fp,x) \
 		PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\
-			PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL)
-#define	PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb) \
+			PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL)
+#define	PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \
 		PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\
-			(char *)x,enc,kstr,klen,cb)
-#define	PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb) \
+			(char *)x,enc,kstr,klen,cb,u)
+#define	PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
 		PEM_ASN1_write((int (*)())i2d_PrivateKey,\
 		(((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
-			bp,(char *)x,enc,kstr,klen,cb)
+			bp,(char *)x,enc,kstr,klen,cb,u)
 #define PEM_write_PKCS7(fp,x) \
 		PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \
-			(char *)x, NULL,NULL,0,NULL)
+			(char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_DHparams(fp,x) \
 		PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\
-			(char *)x,NULL,NULL,0,NULL)
-
-#define	PEM_read_SSL_SESSION(fp,x,cb) (SSL_SESSION *)PEM_ASN1_read( \
-	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb)
-#define	PEM_read_X509(fp,x,cb) (X509 *)PEM_ASN1_read( \
-	(char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb)
-#define	PEM_read_X509_REQ(fp,x,cb) (X509_REQ *)PEM_ASN1_read( \
-	(char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb)
-#define	PEM_read_X509_CRL(fp,x,cb) (X509_CRL *)PEM_ASN1_read( \
-	(char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb)
-#define	PEM_read_RSAPrivateKey(fp,x,cb) (RSA *)PEM_ASN1_read( \
-	(char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb)
-#define	PEM_read_RSAPublicKey(fp,x,cb) (RSA *)PEM_ASN1_read( \
-	(char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb)
-#define	PEM_read_DSAPrivateKey(fp,x,cb) (DSA *)PEM_ASN1_read( \
-	(char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb)
-#define	PEM_read_PrivateKey(fp,x,cb) (EVP_PKEY *)PEM_ASN1_read( \
-	(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb)
-#define	PEM_read_PKCS7(fp,x,cb) (PKCS7 *)PEM_ASN1_read( \
-	(char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb)
-#define	PEM_read_DHparams(fp,x,cb) (DH *)PEM_ASN1_read( \
-	(char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb)
+			(char *)x,NULL,NULL,0,NULL,NULL)
+
+#define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \
+                PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
+			PEM_STRING_X509,fp, \
+                        (char *)x, NULL,NULL,0,NULL,NULL)
+
+#define	PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
+	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
+#define	PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \
+	(char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u)
+#define	PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \
+	(char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u)
+#define	PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \
+	(char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u)
+#define	PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
+	(char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u)
+#define	PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \
+	(char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u)
+#define	PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \
+	(char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u)
+#define	PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \
+	(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u)
+#define	PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \
+	(char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u)
+#define	PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \
+	(char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u)
+
+#define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \
+		(NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \
+        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\
+							(char **)x,cb,u)
 
 #define PEM_write_bio_SSL_SESSION(bp,x) \
 		PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
-			PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL)
+			PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_X509(bp,x) \
 		PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \
-			(char *)x, NULL,NULL,0,NULL)
+			(char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \
 		(int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \
-			NULL,NULL,0,NULL)
+			NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_X509_CRL(bp,x) \
 		PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\
-			bp,(char *)x, NULL,NULL,0,NULL)
-#define	PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb) \
+			bp,(char *)x, NULL,NULL,0,NULL,NULL)
+#define	PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
 		PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\
-			bp,(char *)x,enc,kstr,klen,cb)
+			bp,(char *)x,enc,kstr,klen,cb,u)
 #define	PEM_write_bio_RSAPublicKey(bp,x) \
 		PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \
 			PEM_STRING_RSA_PUBLIC,\
-			bp,(char *)x,NULL,NULL,0,NULL)
-#define	PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb) \
+			bp,(char *)x,NULL,NULL,0,NULL,NULL)
+#define	PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \
 		PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\
-			bp,(char *)x,enc,kstr,klen,cb)
-#define	PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb) \
+			bp,(char *)x,enc,kstr,klen,cb,u)
+#define	PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \
 		PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\
 		(((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
-			bp,(char *)x,enc,kstr,klen,cb)
+			bp,(char *)x,enc,kstr,klen,cb,u)
 #define PEM_write_bio_PKCS7(bp,x) \
 		PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \
-			(char *)x, NULL,NULL,0,NULL)
+			(char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_DHparams(bp,x) \
 		PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\
-			bp,(char *)x,NULL,NULL,0,NULL)
+			bp,(char *)x,NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_DSAparams(bp,x) \
 		PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \
-			PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL)
-
-#define	PEM_read_bio_SSL_SESSION(bp,x,cb) (SSL_SESSION *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb)
-#define	PEM_read_bio_X509(bp,x,cb) (X509 *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb)
-#define	PEM_read_bio_X509_REQ(bp,x,cb) (X509_REQ *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb)
-#define	PEM_read_bio_X509_CRL(bp,x,cb) (X509_CRL *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb)
-#define	PEM_read_bio_RSAPrivateKey(bp,x,cb) (RSA *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb)
-#define	PEM_read_bio_RSAPublicKey(bp,x,cb) (RSA *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb)
-#define	PEM_read_bio_DSAPrivateKey(bp,x,cb) (DSA *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb)
-#define	PEM_read_bio_PrivateKey(bp,x,cb) (EVP_PKEY *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb)
-
-#define	PEM_read_bio_PKCS7(bp,x,cb) (PKCS7 *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb)
-#define	PEM_read_bio_DHparams(bp,x,cb) (DH *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb)
-#define	PEM_read_bio_DSAparams(bp,x,cb) (DSA *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb)
+			PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL)
+
+#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \
+                PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \
+			PEM_STRING_X509,bp, \
+                        (char *)x, NULL,NULL,0,NULL,NULL)
+
+#define	PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u)
+#define	PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u)
+#define	PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u)
+#define	PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u)
+#define	PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u)
+#define	PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u)
+#define	PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u)
+#define	PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u)
+
+#define	PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u)
+#define	PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u)
+#define	PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u)
+
+#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \
+		(NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \
+        (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\
+							(char **)x,cb,u)
 
 #endif
 
-#ifndef NOPROTO
+#if 1
+/* "userdata": new with OpenSSL 0.9.4 */
+typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata);
+#else
+/* OpenSSL 0.9.3, 0.9.3a */
+typedef int pem_password_cb(char *buf, int size, int rwflag);
+#endif
+
 int	PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
 int	PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
-		int (*callback)());
+	pem_password_cb *callback,void *u);
 
-#ifdef HEADER_BIO_H
+#ifndef OPENSSL_NO_BIO
 int	PEM_read_bio(BIO *bp, char **name, char **header,
 		unsigned char **data,long *len);
-int	PEM_write_bio(BIO *bp,char *name,char *hdr,unsigned char *data,
+int	PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data,
 		long len);
-char *	PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *bp,char **x,
-		int (*cb)());
-int	PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *bp,char *x,
-		EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
-STACK *	PEM_X509_INFO_read_bio(BIO *bp, STACK *sk, int (*cb)());
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
+	     pem_password_cb *cb, void *u);
+char *	PEM_ASN1_read_bio(char *(*d2i)(),const char *name,BIO *bp,char **x,
+		pem_password_cb *cb, void *u);
+int	PEM_ASN1_write_bio(int (*i2d)(),const char *name,BIO *bp,char *x,
+			   const EVP_CIPHER *enc,unsigned char *kstr,int klen,
+			   pem_password_cb *cb, void *u);
+STACK_OF(X509_INFO) *	PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u);
 int	PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
-		unsigned char *kstr, int klen, int (*cb)());
+		unsigned char *kstr, int klen, pem_password_cb *cd, void *u);
 #endif
 
-#ifndef WIN16
+#ifndef OPENSSL_SYS_WIN16
 int	PEM_read(FILE *fp, char **name, char **header,
 		unsigned char **data,long *len);
 int	PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);
-char *	PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x,
-		int (*cb)());
-int	PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x,
-		EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
-STACK *	PEM_X509_INFO_read(FILE *fp, STACK *sk, int (*cb)());
+char *	PEM_ASN1_read(char *(*d2i)(),const char *name,FILE *fp,char **x,
+	pem_password_cb *cb, void *u);
+int	PEM_ASN1_write(int (*i2d)(),const char *name,FILE *fp,char *x,
+		       const EVP_CIPHER *enc,unsigned char *kstr,int klen,
+		       pem_password_cb *callback, void *u);
+STACK_OF(X509_INFO) *	PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
+	pem_password_cb *cb, void *u);
 #endif
 
 int	PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
@@ -377,148 +537,110 @@ void    PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt);
 int	PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
 		unsigned int *siglen, EVP_PKEY *pkey);
 
-void	ERR_load_PEM_strings(void);
-
+int	PEM_def_callback(char *buf, int num, int w, void *key);
 void	PEM_proc_type(char *buf, int type);
-void	PEM_dek_info(char *buf, char *type, int len, char *str);
+void	PEM_dek_info(char *buf, const char *type, int len, char *str);
 
 #ifndef SSLEAY_MACROS
 
-#ifndef WIN16
-X509 *PEM_read_X509(FILE *fp,X509 **x,int (*cb)());
-X509_REQ *PEM_read_X509_REQ(FILE *fp,X509_REQ **x,int (*cb)());
-X509_CRL *PEM_read_X509_CRL(FILE *fp,X509_CRL **x,int (*cb)());
-RSA *PEM_read_RSAPrivateKey(FILE *fp,RSA **x,int (*cb)());
-RSA *PEM_read_RSAPublicKey(FILE *fp,RSA **x,int (*cb)());
-DSA *PEM_read_DSAPrivateKey(FILE *fp,DSA **x,int (*cb)());
-EVP_PKEY *PEM_read_PrivateKey(FILE *fp,EVP_PKEY **x,int (*cb)());
-PKCS7 *PEM_read_PKCS7(FILE *fp,PKCS7 **x,int (*cb)());
-DH *PEM_read_DHparams(FILE *fp,DH **x,int (*cb)());
-DSA *PEM_read_DSAparams(FILE *fp,DSA **x,int (*cb)());
-int PEM_write_X509(FILE *fp,X509 *x);
-int PEM_write_X509_REQ(FILE *fp,X509_REQ *x);
-int PEM_write_X509_CRL(FILE *fp,X509_CRL *x);
-int PEM_write_RSAPrivateKey(FILE *fp,RSA *x,EVP_CIPHER *enc,unsigned char *kstr,
-        int klen,int (*cb)());
-int PEM_write_RSAPublicKey(FILE *fp,RSA *x);
-int PEM_write_DSAPrivateKey(FILE *fp,DSA *x,EVP_CIPHER *enc,unsigned char *kstr,
-        int klen,int (*cb)());
-int PEM_write_PrivateKey(FILE *fp,EVP_PKEY *x,EVP_CIPHER *enc,
-	unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_PKCS7(FILE *fp,PKCS7 *x);
-int PEM_write_DHparams(FILE *fp,DH *x);
-int PEM_write_DSAparams(FILE *fp,DSA *x);
-#endif
+#include <openssl/symhacks.h>
+
+DECLARE_PEM_rw(X509, X509)
+
+DECLARE_PEM_rw(X509_AUX, X509)
+
+DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR)
+
+DECLARE_PEM_rw(X509_REQ, X509_REQ)
+DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
+
+DECLARE_PEM_rw(X509_CRL, X509_CRL)
+
+DECLARE_PEM_rw(PKCS7, PKCS7)
+
+DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
+
+DECLARE_PEM_rw(PKCS8, X509_SIG)
+
+DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
+
+#ifndef OPENSSL_NO_RSA
+
+DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
+
+DECLARE_PEM_rw(RSAPublicKey, RSA)
+DECLARE_PEM_rw(RSA_PUBKEY, RSA)
 
-#ifdef HEADER_BIO_H
-X509 *PEM_read_bio_X509(BIO *bp,X509 **x,int (*cb)());
-X509_REQ *PEM_read_bio_X509_REQ(BIO *bp,X509_REQ **x,int (*cb)());
-X509_CRL *PEM_read_bio_X509_CRL(BIO *bp,X509_CRL **x,int (*cb)());
-RSA *PEM_read_bio_RSAPrivateKey(BIO *bp,RSA **x,int (*cb)());
-RSA *PEM_read_bio_RSAPublicKey(BIO *bp,RSA **x,int (*cb)());
-DSA *PEM_read_bio_DSAPrivateKey(BIO *bp,DSA **x,int (*cb)());
-EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp,EVP_PKEY **x,int (*cb)());
-PKCS7 *PEM_read_bio_PKCS7(BIO *bp,PKCS7 **x,int (*cb)());
-DH *PEM_read_bio_DHparams(BIO *bp,DH **x,int (*cb)());
-DSA *PEM_read_bio_DSAparams(BIO *bp,DSA **x,int (*cb)());
-int PEM_write_bio_X509(BIO *bp,X509 *x);
-int PEM_write_bio_X509_REQ(BIO *bp,X509_REQ *x);
-int PEM_write_bio_X509_CRL(BIO *bp,X509_CRL *x);
-int PEM_write_bio_RSAPrivateKey(BIO *fp,RSA *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_bio_RSAPublicKey(BIO *fp,RSA *x);
-int PEM_write_bio_DSAPrivateKey(BIO *fp,DSA *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_bio_PrivateKey(BIO *fp,EVP_PKEY *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_bio_PKCS7(BIO *bp,PKCS7 *x);
-int PEM_write_bio_DHparams(BIO *bp,DH *x);
-int PEM_write_bio_DSAparams(BIO *bp,DSA *x);
 #endif
 
-#endif /* SSLEAY_MACROS */
+#ifndef OPENSSL_NO_DSA
 
+DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
 
-#else
+DECLARE_PEM_rw(DSA_PUBKEY, DSA)
+
+DECLARE_PEM_rw(DSAparams, DSA)
 
-int	PEM_get_EVP_CIPHER_INFO();
-int	PEM_do_header();
-int	PEM_read_bio();
-int	PEM_write_bio();
-#ifndef WIN16
-int	PEM_read();
-int	PEM_write();
-STACK *	PEM_X509_INFO_read();
-char *	PEM_ASN1_read();
-int	PEM_ASN1_write();
 #endif
-STACK *	PEM_X509_INFO_read_bio();
-int	PEM_X509_INFO_write_bio();
-char *	PEM_ASN1_read_bio();
-int	PEM_ASN1_write_bio();
-int	PEM_SealInit();
-void	PEM_SealUpdate();
-int	PEM_SealFinal();
-int	PEM_SignFinal();
 
-void	ERR_load_PEM_strings();
+#ifndef OPENSSL_NO_EC
+DECLARE_PEM_rw(ECPKParameters, EC_GROUP)
+DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
+DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
+#endif
 
-void	PEM_proc_type();
-void	PEM_dek_info();
+#ifndef OPENSSL_NO_DH
+
+DECLARE_PEM_rw(DHparams, DH)
 
-#ifndef SSLEAY_MACROS
-#ifndef WIN16
-X509 *PEM_read_X509();
-X509_REQ *PEM_read_X509_REQ();
-X509_CRL *PEM_read_X509_CRL();
-RSA *PEM_read_RSAPrivateKey();
-RSA *PEM_read_RSAPublicKey();
-DSA *PEM_read_DSAPrivateKey();
-EVP_PKEY *PEM_read_PrivateKey();
-PKCS7 *PEM_read_PKCS7();
-DH *PEM_read_DHparams();
-DSA *PEM_read_DSAparams();
-int PEM_write_X509();
-int PEM_write_X509_REQ();
-int PEM_write_X509_CRL();
-int PEM_write_RSAPrivateKey();
-int PEM_write_RSAPublicKey();
-int PEM_write_DSAPrivateKey();
-int PEM_write_PrivateKey();
-int PEM_write_PKCS7();
-int PEM_write_DHparams();
-int PEM_write_DSAparams();
 #endif
 
-X509 *PEM_read_bio_X509();
-X509_REQ *PEM_read_bio_X509_REQ();
-X509_CRL *PEM_read_bio_X509_CRL();
-RSA *PEM_read_bio_RSAPrivateKey();
-RSA *PEM_read_bio_RSAPublicKey();
-DSA *PEM_read_bio_DSAPrivateKey();
-EVP_PKEY *PEM_read_bio_PrivateKey();
-PKCS7 *PEM_read_bio_PKCS7();
-DH *PEM_read_bio_DHparams();
-DSA *PEM_read_bio_DSAparams();
-int PEM_write_bio_X509();
-int PEM_write_bio_X509_REQ();
-int PEM_write_bio_X509_CRL();
-int PEM_write_bio_RSAPrivateKey();
-int PEM_write_bio_RSAPublicKey();
-int PEM_write_bio_DSAPrivateKey();
-int PEM_write_bio_PrivateKey();
-int PEM_write_bio_PKCS7();
-int PEM_write_bio_DHparams();
-int PEM_write_bio_DSAparams();
+DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
+
+DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
+
+int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u);
+int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,
+                                  char *, int, pem_password_cb *, void *);
+int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u);
+int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u);
+EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
+
+int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u);
+int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u);
+int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u);
+
+EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
+
+int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc,
+			      char *kstr,int klen, pem_password_cb *cd, void *u);
 
 #endif /* SSLEAY_MACROS */
 
-#endif
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_PEM_strings(void);
+
 /* Error codes for the PEM functions. */
 
 /* Function codes. */
+#define PEM_F_D2I_PKCS8PRIVATEKEY_BIO			 120
+#define PEM_F_D2I_PKCS8PRIVATEKEY_FP			 121
 #define PEM_F_DEF_CALLBACK				 100
 #define PEM_F_LOAD_IV					 101
 #define PEM_F_PEM_ASN1_READ				 102
@@ -526,6 +648,8 @@ int PEM_write_bio_DSAparams();
 #define PEM_F_PEM_ASN1_WRITE				 104
 #define PEM_F_PEM_ASN1_WRITE_BIO			 105
 #define PEM_F_PEM_DO_HEADER				 106
+#define PEM_F_PEM_F_DO_PK8KEY_FP			 122
+#define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY		 118
 #define PEM_F_PEM_GET_EVP_CIPHER_INFO			 107
 #define PEM_F_PEM_READ					 108
 #define PEM_F_PEM_READ_BIO				 109
@@ -534,6 +658,7 @@ int PEM_write_bio_DSAparams();
 #define PEM_F_PEM_SIGNFINAL				 112
 #define PEM_F_PEM_WRITE					 113
 #define PEM_F_PEM_WRITE_BIO				 114
+#define PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY		 119
 #define PEM_F_PEM_X509_INFO_READ			 115
 #define PEM_F_PEM_X509_INFO_READ_BIO			 116
 #define PEM_F_PEM_X509_INFO_WRITE_BIO			 117
@@ -544,6 +669,7 @@ int PEM_write_bio_DSAparams();
 #define PEM_R_BAD_END_LINE				 102
 #define PEM_R_BAD_IV_CHARS				 103
 #define PEM_R_BAD_PASSWORD_READ				 104
+#define PEM_R_ERROR_CONVERTING_PRIVATE_KEY		 115
 #define PEM_R_NOT_DEK_INFO				 105
 #define PEM_R_NOT_ENCRYPTED				 106
 #define PEM_R_NOT_PROC_TYPE				 107
@@ -554,9 +680,8 @@ int PEM_write_bio_DSAparams();
 #define PEM_R_SHORT_HEADER				 112
 #define PEM_R_UNSUPPORTED_CIPHER			 113
 #define PEM_R_UNSUPPORTED_ENCRYPTION			 114
- 
+
 #ifdef  __cplusplus
 }
 #endif
 #endif
-
diff --git a/crypto/pem/pem.org b/crypto/pem/pem.org
deleted file mode 100644
index 38952509dd..0000000000
--- a/crypto/pem/pem.org
+++ /dev/null
@@ -1,562 +0,0 @@
-/* crypto/pem/pem.org */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
- *
- * Always modify pem.org since pem.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-#ifndef HEADER_PEM_H
-#define HEADER_PEM_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#include "evp.h"
-#include "x509.h"
-
-#define PEM_OBJ_UNDEF		0
-#define PEM_OBJ_X509		1
-#define PEM_OBJ_X509_REQ	2
-#define PEM_OBJ_CRL		3
-#define PEM_OBJ_SSL_SESSION	4
-#define PEM_OBJ_PRIV_KEY	10
-#define PEM_OBJ_PRIV_RSA	11
-#define PEM_OBJ_PRIV_DSA	12
-#define PEM_OBJ_PRIV_DH		13
-#define PEM_OBJ_PUB_RSA		14
-#define PEM_OBJ_PUB_DSA		15
-#define PEM_OBJ_PUB_DH		16
-#define PEM_OBJ_DHPARAMS	17
-#define PEM_OBJ_DSAPARAMS	18
-#define PEM_OBJ_PRIV_RSA_PUBLIC	19
-
-#define PEM_ERROR		30
-#define PEM_DEK_DES_CBC         40
-#define PEM_DEK_IDEA_CBC        45
-#define PEM_DEK_DES_EDE         50
-#define PEM_DEK_DES_ECB         60
-#define PEM_DEK_RSA             70
-#define PEM_DEK_RSA_MD2         80
-#define PEM_DEK_RSA_MD5         90
-
-#define PEM_MD_MD2		NID_md2
-#define PEM_MD_MD5		NID_md5
-#define PEM_MD_SHA		NID_sha
-#define PEM_MD_MD2_RSA		NID_md2WithRSAEncryption
-#define PEM_MD_MD5_RSA		NID_md5WithRSAEncryption
-#define PEM_MD_SHA_RSA		NID_sha1WithRSAEncryption
-
-#define PEM_STRING_X509_OLD	"X509 CERTIFICATE"
-#define PEM_STRING_X509		"CERTIFICATE"
-#define PEM_STRING_X509_REQ_OLD	"NEW CERTIFICATE REQUEST"
-#define PEM_STRING_X509_REQ	"CERTIFICATE REQUEST"
-#define PEM_STRING_X509_CRL	"X509 CRL"
-#define PEM_STRING_EVP_PKEY	"PRIVATE KEY"
-#define PEM_STRING_RSA		"RSA PRIVATE KEY"
-#define PEM_STRING_RSA_PUBLIC	"RSA PUBLIC KEY"
-#define PEM_STRING_DSA		"DSA PRIVATE KEY"
-#define PEM_STRING_PKCS7	"PKCS7"
-#define PEM_STRING_DHPARAMS	"DH PARAMETERS"
-#define PEM_STRING_SSL_SESSION	"SSL SESSION PARAMETERS"
-#define PEM_STRING_DSAPARAMS	"DSA PARAMETERS"
-
-#ifndef HEADER_ENVELOPE_H
-
-#define EVP_ENCODE_CTX_SIZE  92
-#define EVP_MD_SIZE  48
-#define EVP_MD_CTX_SIZE  152
-#define EVP_CIPHER_SIZE  28
-#define EVP_CIPHER_CTX_SIZE  4212
-#define EVP_MAX_MD_SIZE  20
-
-typedef struct evp_encode_ctx_st
-	{
-	char data[EVP_ENCODE_CTX_SIZE];
-	} EVP_ENCODE_CTX;
-
-typedef struct env_md_ctx_st
-	{
-	char data[EVP_MD_CTX_SIZE];
-	} EVP_MD_CTX;
-
-typedef struct evp_cipher_st
-	{
-	char data[EVP_CIPHER_SIZE];
-	} EVP_CIPHER;
-
-typedef struct evp_cipher_ctx_st
-	{
-	char data[EVP_CIPHER_CTX_SIZE];
-	} EVP_CIPHER_CTX;
-#endif
-
-
-typedef struct PEM_Encode_Seal_st
-	{
-	EVP_ENCODE_CTX encode;
-	EVP_MD_CTX md;
-	EVP_CIPHER_CTX cipher;
-	} PEM_ENCODE_SEAL_CTX;
-
-/* enc_type is one off */
-#define PEM_TYPE_ENCRYPTED      10
-#define PEM_TYPE_MIC_ONLY       20
-#define PEM_TYPE_MIC_CLEAR      30
-#define PEM_TYPE_CLEAR		40
-
-typedef struct pem_recip_st
-	{
-	char *name;
-	X509_NAME *dn;
-
-	int cipher;
-	int key_enc;
-	char iv[8];
-	} PEM_USER;
-
-typedef struct pem_ctx_st
-	{
-	int type;		/* what type of object */
-
-	struct	{
-		int version;	
-		int mode;		
-		} proc_type;
-
-	char *domain;
-
-	struct	{
-		int cipher;
-		unsigned char iv[8];
-		} DEK_info;
-		
-	PEM_USER *originator;
-
-	int num_recipient;
-	PEM_USER **recipient;
-
-#ifdef HEADER_STACK_H
-	STACK *x509_chain;	/* certificate chain */
-#else
-	char *x509_chain;	/* certificate chain */
-#endif
-	EVP_MD *md;		/* signature type */
-
-	int md_enc;		/* is the md encrypted or not? */
-	int md_len;		/* length of md_data */
-	char *md_data;		/* message digest, could be pkey encrypted */
-
-	EVP_CIPHER *dec;	/* date encryption cipher */
-	int key_len;		/* key length */
-	unsigned char *key;	/* key */
-	unsigned char iv[8];	/* the iv */
-
-	
-	int  data_enc;		/* is the data encrypted */
-	int data_len;
-	unsigned char *data;
-	} PEM_CTX;
-
-#ifdef SSLEAY_MACROS
-
-#define PEM_write_SSL_SESSION(fp,x) \
-		PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
-			PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL)
-#define PEM_write_X509(fp,x) \
-		PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
-			(char *)x, NULL,NULL,0,NULL)
-#define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \
-		(int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \
-			NULL,NULL,0,NULL)
-#define PEM_write_X509_CRL(fp,x) \
-		PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \
-			fp,(char *)x, NULL,NULL,0,NULL)
-#define	PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb) \
-		PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\
-			(char *)x,enc,kstr,klen,cb)
-#define	PEM_write_RSAPublicKey(fp,x) \
-		PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\
-			PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL)
-#define	PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb) \
-		PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\
-			(char *)x,enc,kstr,klen,cb)
-#define	PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb) \
-		PEM_ASN1_write((int (*)())i2d_PrivateKey,\
-		(((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
-			bp,(char *)x,enc,kstr,klen,cb)
-#define PEM_write_PKCS7(fp,x) \
-		PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \
-			(char *)x, NULL,NULL,0,NULL)
-#define PEM_write_DHparams(fp,x) \
-		PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\
-			(char *)x,NULL,NULL,0,NULL)
-
-#define	PEM_read_SSL_SESSION(fp,x,cb) (SSL_SESSION *)PEM_ASN1_read( \
-	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb)
-#define	PEM_read_X509(fp,x,cb) (X509 *)PEM_ASN1_read( \
-	(char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb)
-#define	PEM_read_X509_REQ(fp,x,cb) (X509_REQ *)PEM_ASN1_read( \
-	(char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb)
-#define	PEM_read_X509_CRL(fp,x,cb) (X509_CRL *)PEM_ASN1_read( \
-	(char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb)
-#define	PEM_read_RSAPrivateKey(fp,x,cb) (RSA *)PEM_ASN1_read( \
-	(char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb)
-#define	PEM_read_RSAPublicKey(fp,x,cb) (RSA *)PEM_ASN1_read( \
-	(char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb)
-#define	PEM_read_DSAPrivateKey(fp,x,cb) (DSA *)PEM_ASN1_read( \
-	(char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb)
-#define	PEM_read_PrivateKey(fp,x,cb) (EVP_PKEY *)PEM_ASN1_read( \
-	(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb)
-#define	PEM_read_PKCS7(fp,x,cb) (PKCS7 *)PEM_ASN1_read( \
-	(char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb)
-#define	PEM_read_DHparams(fp,x,cb) (DH *)PEM_ASN1_read( \
-	(char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb)
-
-#define PEM_write_bio_SSL_SESSION(bp,x) \
-		PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
-			PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL)
-#define PEM_write_bio_X509(bp,x) \
-		PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \
-			(char *)x, NULL,NULL,0,NULL)
-#define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \
-		(int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \
-			NULL,NULL,0,NULL)
-#define PEM_write_bio_X509_CRL(bp,x) \
-		PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\
-			bp,(char *)x, NULL,NULL,0,NULL)
-#define	PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb) \
-		PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\
-			bp,(char *)x,enc,kstr,klen,cb)
-#define	PEM_write_bio_RSAPublicKey(bp,x) \
-		PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \
-			PEM_STRING_RSA_PUBLIC,\
-			bp,(char *)x,NULL,NULL,0,NULL)
-#define	PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb) \
-		PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\
-			bp,(char *)x,enc,kstr,klen,cb)
-#define	PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb) \
-		PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\
-		(((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\
-			bp,(char *)x,enc,kstr,klen,cb)
-#define PEM_write_bio_PKCS7(bp,x) \
-		PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \
-			(char *)x, NULL,NULL,0,NULL)
-#define PEM_write_bio_DHparams(bp,x) \
-		PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\
-			bp,(char *)x,NULL,NULL,0,NULL)
-#define PEM_write_bio_DSAparams(bp,x) \
-		PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \
-			PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL)
-
-#define	PEM_read_bio_SSL_SESSION(bp,x,cb) (SSL_SESSION *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb)
-#define	PEM_read_bio_X509(bp,x,cb) (X509 *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb)
-#define	PEM_read_bio_X509_REQ(bp,x,cb) (X509_REQ *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb)
-#define	PEM_read_bio_X509_CRL(bp,x,cb) (X509_CRL *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb)
-#define	PEM_read_bio_RSAPrivateKey(bp,x,cb) (RSA *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb)
-#define	PEM_read_bio_RSAPublicKey(bp,x,cb) (RSA *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb)
-#define	PEM_read_bio_DSAPrivateKey(bp,x,cb) (DSA *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb)
-#define	PEM_read_bio_PrivateKey(bp,x,cb) (EVP_PKEY *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb)
-
-#define	PEM_read_bio_PKCS7(bp,x,cb) (PKCS7 *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb)
-#define	PEM_read_bio_DHparams(bp,x,cb) (DH *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb)
-#define	PEM_read_bio_DSAparams(bp,x,cb) (DSA *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb)
-
-#endif
-
-#ifndef NOPROTO
-int	PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
-int	PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
-		int (*callback)());
-
-#ifdef HEADER_BIO_H
-int	PEM_read_bio(BIO *bp, char **name, char **header,
-		unsigned char **data,long *len);
-int	PEM_write_bio(BIO *bp,char *name,char *hdr,unsigned char *data,
-		long len);
-char *	PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *bp,char **x,
-		int (*cb)());
-int	PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *bp,char *x,
-		EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
-STACK *	PEM_X509_INFO_read_bio(BIO *bp, STACK *sk, int (*cb)());
-int	PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc,
-		unsigned char *kstr, int klen, int (*cb)());
-#endif
-
-#ifndef WIN16
-int	PEM_read(FILE *fp, char **name, char **header,
-		unsigned char **data,long *len);
-int	PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len);
-char *	PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x,
-		int (*cb)());
-int	PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x,
-		EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
-STACK *	PEM_X509_INFO_read(FILE *fp, STACK *sk, int (*cb)());
-#endif
-
-int	PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type,
-		EVP_MD *md_type, unsigned char **ek, int *ekl,
-		unsigned char *iv, EVP_PKEY **pubk, int npubk);
-void	PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
-		unsigned char *in, int inl);
-int	PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig,int *sigl,
-		unsigned char *out, int *outl, EVP_PKEY *priv);
-
-void    PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
-void    PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt);
-int	PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
-		unsigned int *siglen, EVP_PKEY *pkey);
-
-void	ERR_load_PEM_strings(void);
-
-void	PEM_proc_type(char *buf, int type);
-void	PEM_dek_info(char *buf, char *type, int len, char *str);
-
-#ifndef SSLEAY_MACROS
-
-#ifndef WIN16
-X509 *PEM_read_X509(FILE *fp,X509 **x,int (*cb)());
-X509_REQ *PEM_read_X509_REQ(FILE *fp,X509_REQ **x,int (*cb)());
-X509_CRL *PEM_read_X509_CRL(FILE *fp,X509_CRL **x,int (*cb)());
-RSA *PEM_read_RSAPrivateKey(FILE *fp,RSA **x,int (*cb)());
-RSA *PEM_read_RSAPublicKey(FILE *fp,RSA **x,int (*cb)());
-DSA *PEM_read_DSAPrivateKey(FILE *fp,DSA **x,int (*cb)());
-EVP_PKEY *PEM_read_PrivateKey(FILE *fp,EVP_PKEY **x,int (*cb)());
-PKCS7 *PEM_read_PKCS7(FILE *fp,PKCS7 **x,int (*cb)());
-DH *PEM_read_DHparams(FILE *fp,DH **x,int (*cb)());
-DSA *PEM_read_DSAparams(FILE *fp,DSA **x,int (*cb)());
-int PEM_write_X509(FILE *fp,X509 *x);
-int PEM_write_X509_REQ(FILE *fp,X509_REQ *x);
-int PEM_write_X509_CRL(FILE *fp,X509_CRL *x);
-int PEM_write_RSAPrivateKey(FILE *fp,RSA *x,EVP_CIPHER *enc,unsigned char *kstr,
-        int klen,int (*cb)());
-int PEM_write_RSAPublicKey(FILE *fp,RSA *x);
-int PEM_write_DSAPrivateKey(FILE *fp,DSA *x,EVP_CIPHER *enc,unsigned char *kstr,
-        int klen,int (*cb)());
-int PEM_write_PrivateKey(FILE *fp,EVP_PKEY *x,EVP_CIPHER *enc,
-	unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_PKCS7(FILE *fp,PKCS7 *x);
-int PEM_write_DHparams(FILE *fp,DH *x);
-int PEM_write_DSAparams(FILE *fp,DSA *x);
-#endif
-
-#ifdef HEADER_BIO_H
-X509 *PEM_read_bio_X509(BIO *bp,X509 **x,int (*cb)());
-X509_REQ *PEM_read_bio_X509_REQ(BIO *bp,X509_REQ **x,int (*cb)());
-X509_CRL *PEM_read_bio_X509_CRL(BIO *bp,X509_CRL **x,int (*cb)());
-RSA *PEM_read_bio_RSAPrivateKey(BIO *bp,RSA **x,int (*cb)());
-RSA *PEM_read_bio_RSAPublicKey(BIO *bp,RSA **x,int (*cb)());
-DSA *PEM_read_bio_DSAPrivateKey(BIO *bp,DSA **x,int (*cb)());
-EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp,EVP_PKEY **x,int (*cb)());
-PKCS7 *PEM_read_bio_PKCS7(BIO *bp,PKCS7 **x,int (*cb)());
-DH *PEM_read_bio_DHparams(BIO *bp,DH **x,int (*cb)());
-DSA *PEM_read_bio_DSAparams(BIO *bp,DSA **x,int (*cb)());
-int PEM_write_bio_X509(BIO *bp,X509 *x);
-int PEM_write_bio_X509_REQ(BIO *bp,X509_REQ *x);
-int PEM_write_bio_X509_CRL(BIO *bp,X509_CRL *x);
-int PEM_write_bio_RSAPrivateKey(BIO *fp,RSA *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_bio_RSAPublicKey(BIO *fp,RSA *x);
-int PEM_write_bio_DSAPrivateKey(BIO *fp,DSA *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_bio_PrivateKey(BIO *fp,EVP_PKEY *x,EVP_CIPHER *enc,
-        unsigned char *kstr,int klen,int (*cb)());
-int PEM_write_bio_PKCS7(BIO *bp,PKCS7 *x);
-int PEM_write_bio_DHparams(BIO *bp,DH *x);
-int PEM_write_bio_DSAparams(BIO *bp,DSA *x);
-#endif
-
-#endif /* SSLEAY_MACROS */
-
-
-#else
-
-int	PEM_get_EVP_CIPHER_INFO();
-int	PEM_do_header();
-int	PEM_read_bio();
-int	PEM_write_bio();
-#ifndef WIN16
-int	PEM_read();
-int	PEM_write();
-STACK *	PEM_X509_INFO_read();
-char *	PEM_ASN1_read();
-int	PEM_ASN1_write();
-#endif
-STACK *	PEM_X509_INFO_read_bio();
-int	PEM_X509_INFO_write_bio();
-char *	PEM_ASN1_read_bio();
-int	PEM_ASN1_write_bio();
-int	PEM_SealInit();
-void	PEM_SealUpdate();
-int	PEM_SealFinal();
-int	PEM_SignFinal();
-
-void	ERR_load_PEM_strings();
-
-void	PEM_proc_type();
-void	PEM_dek_info();
-
-#ifndef SSLEAY_MACROS
-#ifndef WIN16
-X509 *PEM_read_X509();
-X509_REQ *PEM_read_X509_REQ();
-X509_CRL *PEM_read_X509_CRL();
-RSA *PEM_read_RSAPrivateKey();
-RSA *PEM_read_RSAPublicKey();
-DSA *PEM_read_DSAPrivateKey();
-EVP_PKEY *PEM_read_PrivateKey();
-PKCS7 *PEM_read_PKCS7();
-DH *PEM_read_DHparams();
-DSA *PEM_read_DSAparams();
-int PEM_write_X509();
-int PEM_write_X509_REQ();
-int PEM_write_X509_CRL();
-int PEM_write_RSAPrivateKey();
-int PEM_write_RSAPublicKey();
-int PEM_write_DSAPrivateKey();
-int PEM_write_PrivateKey();
-int PEM_write_PKCS7();
-int PEM_write_DHparams();
-int PEM_write_DSAparams();
-#endif
-
-X509 *PEM_read_bio_X509();
-X509_REQ *PEM_read_bio_X509_REQ();
-X509_CRL *PEM_read_bio_X509_CRL();
-RSA *PEM_read_bio_RSAPrivateKey();
-RSA *PEM_read_bio_RSAPublicKey();
-DSA *PEM_read_bio_DSAPrivateKey();
-EVP_PKEY *PEM_read_bio_PrivateKey();
-PKCS7 *PEM_read_bio_PKCS7();
-DH *PEM_read_bio_DHparams();
-DSA *PEM_read_bio_DSAparams();
-int PEM_write_bio_X509();
-int PEM_write_bio_X509_REQ();
-int PEM_write_bio_X509_CRL();
-int PEM_write_bio_RSAPrivateKey();
-int PEM_write_bio_RSAPublicKey();
-int PEM_write_bio_DSAPrivateKey();
-int PEM_write_bio_PrivateKey();
-int PEM_write_bio_PKCS7();
-int PEM_write_bio_DHparams();
-int PEM_write_bio_DSAparams();
-
-#endif /* SSLEAY_MACROS */
-
-#endif
-
-/* BEGIN ERROR CODES */
-/* Error codes for the PEM functions. */
-
-/* Function codes. */
-#define PEM_F_DEF_CALLBACK				 100
-#define PEM_F_LOAD_IV					 101
-#define PEM_F_PEM_ASN1_READ				 102
-#define PEM_F_PEM_ASN1_READ_BIO				 103
-#define PEM_F_PEM_ASN1_WRITE				 104
-#define PEM_F_PEM_ASN1_WRITE_BIO			 105
-#define PEM_F_PEM_DO_HEADER				 106
-#define PEM_F_PEM_GET_EVP_CIPHER_INFO			 107
-#define PEM_F_PEM_READ					 108
-#define PEM_F_PEM_READ_BIO				 109
-#define PEM_F_PEM_SEALFINAL				 110
-#define PEM_F_PEM_SEALINIT				 111
-#define PEM_F_PEM_SIGNFINAL				 112
-#define PEM_F_PEM_WRITE					 113
-#define PEM_F_PEM_WRITE_BIO				 114
-#define PEM_F_PEM_X509_INFO_READ			 115
-#define PEM_F_PEM_X509_INFO_READ_BIO			 116
-#define PEM_F_PEM_X509_INFO_WRITE_BIO			 117
-
-/* Reason codes. */
-#define PEM_R_BAD_BASE64_DECODE				 100
-#define PEM_R_BAD_DECRYPT				 101
-#define PEM_R_BAD_END_LINE				 102
-#define PEM_R_BAD_IV_CHARS				 103
-#define PEM_R_BAD_PASSWORD_READ				 104
-#define PEM_R_NOT_DEK_INFO				 105
-#define PEM_R_NOT_ENCRYPTED				 106
-#define PEM_R_NOT_PROC_TYPE				 107
-#define PEM_R_NO_START_LINE				 108
-#define PEM_R_PROBLEMS_GETTING_PASSWORD			 109
-#define PEM_R_PUBLIC_KEY_NO_RSA				 110
-#define PEM_R_READ_KEY					 111
-#define PEM_R_SHORT_HEADER				 112
-#define PEM_R_UNSUPPORTED_CIPHER			 113
-#define PEM_R_UNSUPPORTED_ENCRYPTION			 114
- 
-#ifdef  __cplusplus
-}
-#endif
-#endif
-
diff --git a/crypto/pem/pem2.h b/crypto/pem/pem2.h
new file mode 100644
index 0000000000..f31790d69c
--- /dev/null
+++ b/crypto/pem/pem2.h
@@ -0,0 +1,70 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+ * This header only exists to break a circular dependency between pem and err
+ * Ben 30 Jan 1999.
+ */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef HEADER_PEM_H
+void ERR_load_PEM_strings(void);
+#endif
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c
index d1cda7aabe..60f5188f30 100644
--- a/crypto/pem/pem_all.c
+++ b/crypto/pem/pem_all.c
@@ -55,434 +55,245 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
 #undef SSLEAY_MACROS
 #include "cryptlib.h"
-#include "bio.h"
-#include "evp.h"
-#include "x509.h"
-#include "pkcs7.h"
-#include "pem.h"
-
-#ifndef NO_FP_API
-/* The X509 functions */
-X509 *PEM_read_X509(fp,x,cb)
-FILE *fp;
-X509 **x;
-int (*cb)();
-	{
-	return((X509 *)PEM_ASN1_read((char *(*)())d2i_X509,
-		PEM_STRING_X509,fp,(char **)x,cb));
-	}
-#endif
-
-X509 *PEM_read_bio_X509(bp,x,cb)
-BIO *bp;
-X509 **x;
-int (*cb)();
-	{
-	return((X509 *)PEM_ASN1_read_bio((char *(*)())d2i_X509,
-		PEM_STRING_X509,bp,(char **)x,cb));
-	}
-
-#ifndef NO_FP_API
-int PEM_write_X509(fp,x)
-FILE *fp;
-X509 *x;
-	{
-	return(PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+
+#ifndef OPENSSL_NO_RSA
+static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
 #endif
-
-int PEM_write_bio_X509(bp,x)
-BIO *bp;
-X509 *x;
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
-
-#ifndef NO_FP_API
-/* The X509_REQ functions */
-X509_REQ *PEM_read_X509_REQ(fp,x,cb)
-FILE *fp;
-X509_REQ **x;
-int (*cb)();
-	{
-	return((X509_REQ *)PEM_ASN1_read((char *(*)())d2i_X509_REQ,
-		PEM_STRING_X509_REQ,fp,(char **)x,cb));
-	}
+#ifndef OPENSSL_NO_DSA
+static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa);
 #endif
 
-X509_REQ *PEM_read_bio_X509_REQ(bp,x,cb)
-BIO *bp;
-X509_REQ **x;
-int (*cb)();
-	{
-	return((X509_REQ *)PEM_ASN1_read_bio((char *(*)())d2i_X509_REQ,
-		PEM_STRING_X509_REQ,bp,(char **)x,cb));
-	}
-
-#ifndef NO_FP_API
-int PEM_write_X509_REQ(fp,x)
-FILE *fp;
-X509_REQ *x;
-	{
-	return(PEM_ASN1_write((int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
+#ifndef OPENSSL_NO_EC
+static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey);
 #endif
 
-int PEM_write_bio_X509_REQ(bp,x)
-BIO *bp;
-X509_REQ *x;
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,
-		bp,(char *)x, NULL,NULL,0,NULL));
-	}
+IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ)
 
-#ifndef NO_FP_API
-/* The X509_CRL functions */
-X509_CRL *PEM_read_X509_CRL(fp,x,cb)
-FILE *fp;
-X509_CRL **x;
-int (*cb)();
-	{
-	return((X509_CRL *)PEM_ASN1_read((char *(*)())d2i_X509_CRL,
-		PEM_STRING_X509_CRL,fp,(char **)x,cb));
-	}
-#endif
+IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ)
 
-X509_CRL *PEM_read_bio_X509_CRL(bp,x,cb)
-BIO *bp;
-X509_CRL **x;
-int (*cb)();
-	{
-	return((X509_CRL *)PEM_ASN1_read_bio((char *(*)())d2i_X509_CRL,
-		PEM_STRING_X509_CRL,bp,(char **)x,cb));
-	}
+IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL)
 
-#ifndef NO_FP_API
-int PEM_write_X509_CRL(fp,x)
-FILE *fp;
-X509_CRL *x;
-	{
-	return(PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,fp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
-#endif
+IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)
 
-int PEM_write_bio_X509_CRL(bp,x)
-BIO *bp;
-X509_CRL *x;
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,
-		bp,(char *)x, NULL,NULL,0,NULL));
-	}
+IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
+					PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
 
-#ifndef NO_RSA
-#ifndef NO_FP_API
-/* The RSAPrivateKey functions */
-RSA *PEM_read_RSAPrivateKey(fp,x,cb)
-FILE *fp;
-RSA **x;
-int (*cb)();
-	{
-	return((RSA *)PEM_ASN1_read((char *(*)())d2i_RSAPrivateKey,
-		PEM_STRING_RSA,fp,(char **)x,cb));
-	}
-
-RSA *PEM_read_RSAPublicKey(fp,x,cb)
-FILE *fp;
-RSA **x;
-int (*cb)();
-	{
-	return((RSA *)PEM_ASN1_read((char *(*)())d2i_RSAPublicKey,
-		PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb));
-	}
-#endif
 
-RSA *PEM_read_bio_RSAPrivateKey(bp,x,cb)
-BIO *bp;
-RSA **x;
-int (*cb)();
-	{
-	return((RSA *)PEM_ASN1_read_bio((char *(*)())d2i_RSAPrivateKey,
-		PEM_STRING_RSA,bp,(char **)x,cb));
-	}
+#ifndef OPENSSL_NO_RSA
 
-RSA *PEM_read_bio_RSAPublicKey(bp,x,cb)
-BIO *bp;
-RSA **x;
-int (*cb)();
-	{
-	return((RSA *)PEM_ASN1_read_bio((char *(*)())d2i_RSAPublicKey,
-		PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb));
-	}
+/* We treat RSA or DSA private keys as a special case.
+ *
+ * For private keys we read in an EVP_PKEY structure with
+ * PEM_read_bio_PrivateKey() and extract the relevant private
+ * key: this means can handle "traditional" and PKCS#8 formats
+ * transparently.
+ */
 
-#ifndef NO_FP_API
-int PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb)
-FILE *fp;
-RSA *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-	{
-	return(PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,
-		(char *)x,enc,kstr,klen,cb));
-	}
+static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa)
+{
+	RSA *rtmp;
+	if(!key) return NULL;
+	rtmp = EVP_PKEY_get1_RSA(key);
+	EVP_PKEY_free(key);
+	if(!rtmp) return NULL;
+	if(rsa) {
+		RSA_free(*rsa);
+		*rsa = rtmp;
+	}
+	return rtmp;
+}
+
+RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb,
+								void *u)
+{
+	EVP_PKEY *pktmp;
+	pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+	return pkey_get_rsa(pktmp, rsa);
+}
+
+#ifndef OPENSSL_NO_FP_API
+
+RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
+								void *u)
+{
+	EVP_PKEY *pktmp;
+	pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+	return pkey_get_rsa(pktmp, rsa);
+}
 
-int PEM_write_RSAPublicKey(fp,x)
-FILE *fp;
-RSA *x;
-	{
-	return(PEM_ASN1_write((int (*)())i2d_RSAPublicKey,
-		PEM_STRING_RSA_PUBLIC,fp,
-		(char *)x,NULL,NULL,0,NULL));
-	}
 #endif
 
-int PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb)
-BIO *bp;
-RSA *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,
-		bp,(char *)x,enc,kstr,klen,cb));
-	}
+IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
+IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
+IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
 
-int PEM_write_bio_RSAPublicKey(bp,x)
-BIO *bp;
-RSA *x;
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey,
-		PEM_STRING_RSA_PUBLIC,
-		bp,(char *)x,NULL,NULL,0,NULL));
-	}
-#endif /* !NO_RSA */
-
-#ifndef NO_DSA
-#ifndef NO_FP_API
-/* The DSAPrivateKey functions */
-DSA *PEM_read_DSAPrivateKey(fp,x,cb)
-FILE *fp;
-DSA **x;
-int (*cb)();
-	{
-	return((DSA *)PEM_ASN1_read((char *(*)())d2i_DSAPrivateKey,
-		PEM_STRING_DSA,fp,(char **)x,cb));
-	}
 #endif
 
-DSA *PEM_read_bio_DSAPrivateKey(bp,x,cb)
-BIO *bp;
-DSA **x;
-int (*cb)();
-	{
-	return((DSA *)PEM_ASN1_read_bio((char *(*)())d2i_DSAPrivateKey,
-		PEM_STRING_DSA,bp,(char **)x,cb));
-	}
+#ifndef OPENSSL_NO_DSA
+
+static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa)
+{
+	DSA *dtmp;
+	if(!key) return NULL;
+	dtmp = EVP_PKEY_get1_DSA(key);
+	EVP_PKEY_free(key);
+	if(!dtmp) return NULL;
+	if(dsa) {
+		DSA_free(*dsa);
+		*dsa = dtmp;
+	}
+	return dtmp;
+}
+
+DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
+								void *u)
+{
+	EVP_PKEY *pktmp;
+	pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+	return pkey_get_dsa(pktmp, dsa);
+}
+
+IMPLEMENT_PEM_write_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
+IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
+
+#ifndef OPENSSL_NO_FP_API
+
+DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb,
+								void *u)
+{
+	EVP_PKEY *pktmp;
+	pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+	return pkey_get_dsa(pktmp, dsa);
+}
 
-#ifndef NO_FP_API
-int PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb)
-FILE *fp;
-DSA *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-	{
-	return(PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,
-		(char *)x,enc,kstr,klen,cb));
-	}
 #endif
 
-int PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb)
-BIO *bp;
-DSA *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,
-		bp,(char *)x,enc,kstr,klen,cb));
-	}
-#endif
+IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
 
-#ifndef NO_FP_API
-/* The PrivateKey functions */
-EVP_PKEY *PEM_read_PrivateKey(fp,x,cb)
-FILE *fp;
-EVP_PKEY **x;
-int (*cb)();
-	{
-	return((EVP_PKEY *)PEM_ASN1_read((char *(*)())d2i_PrivateKey,
-		PEM_STRING_EVP_PKEY,fp,(char **)x,cb));
-	}
 #endif
 
-EVP_PKEY *PEM_read_bio_PrivateKey(bp,x,cb)
-BIO *bp;
-EVP_PKEY **x;
-int (*cb)();
-	{
-	return((EVP_PKEY *)PEM_ASN1_read_bio((char *(*)())d2i_PrivateKey,
-		PEM_STRING_EVP_PKEY,bp,(char **)x,cb));
-	}
 
-#ifndef NO_FP_API
-int PEM_write_PrivateKey(fp,x,enc,kstr,klen,cb)
-FILE *fp;
-EVP_PKEY *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
+#ifndef OPENSSL_NO_EC
+static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey)
+{
+	EC_KEY *dtmp;
+	if(!key) return NULL;
+	dtmp = EVP_PKEY_get1_EC_KEY(key);
+	EVP_PKEY_free(key);
+	if(!dtmp) return NULL;
+	if(eckey) 
 	{
-	return(PEM_ASN1_write((int (*)())i2d_PrivateKey,
-		((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
-		fp,(char *)x,enc,kstr,klen,cb));
+ 		EC_KEY_free(*eckey);
+		*eckey = dtmp;
 	}
-#endif
+	return dtmp;
+}
 
-int PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb)
-BIO *bp;
-EVP_PKEY *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,
-		((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),
-		bp,(char *)x,enc,kstr,klen,cb));
-	}
+EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
+							void *u)
+{
+	EVP_PKEY *pktmp;
+	pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+	return pkey_get_eckey(pktmp, key);
+}
 
-#ifndef NO_FP_API
-/* The PKCS7 functions */
-PKCS7 *PEM_read_PKCS7(fp,x,cb)
-FILE *fp;
-PKCS7 **x;
-int (*cb)();
-	{
-	return((PKCS7 *)PEM_ASN1_read((char *(*)())d2i_PKCS7,
-		PEM_STRING_PKCS7,fp,(char **)x,cb));
-	}
-#endif
+IMPLEMENT_PEM_rw(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)
 
-PKCS7 *PEM_read_bio_PKCS7(bp,x,cb)
-BIO *bp;
-PKCS7 **x;
-int (*cb)();
-	{
-	return((PKCS7 *)PEM_ASN1_read_bio((char *(*)())d2i_PKCS7,
-		PEM_STRING_PKCS7,bp,(char **)x,cb));
-	}
+IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
 
-#ifndef NO_FP_API
-int PEM_write_PKCS7(fp,x)
-FILE *fp;
-PKCS7 *x;
-	{
-	return(PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
-#endif
+IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
 
-int PEM_write_bio_PKCS7(bp,x)
-BIO *bp;
-PKCS7 *x;
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
+#ifndef OPENSSL_NO_FP_API
+ 
+EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
+ 								void *u)
+{
+	EVP_PKEY *pktmp;
+	pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+	return pkey_get_eckey(pktmp, eckey);
+}
 
-#ifndef NO_DH
-#ifndef NO_FP_API
-/* The DHparams functions */
-DH *PEM_read_DHparams(fp,x,cb)
-FILE *fp;
-DH **x;
-int (*cb)();
-	{
-	return((DH *)PEM_ASN1_read((char *(*)())d2i_DHparams,
-		PEM_STRING_DHPARAMS,fp,(char **)x,cb));
-	}
 #endif
 
-DH *PEM_read_bio_DHparams(bp,x,cb)
-BIO *bp;
-DH **x;
-int (*cb)();
-	{
-	return((DH *)PEM_ASN1_read_bio((char *(*)())d2i_DHparams,
-		PEM_STRING_DHPARAMS,bp,(char **)x,cb));
-	}
-
-#ifndef NO_FP_API
-int PEM_write_DHparams(fp,x)
-FILE *fp;
-DH *x;
-	{
-	return(PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
 #endif
 
-int PEM_write_bio_DHparams(bp,x)
-BIO *bp;
-DH *x;
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,
-		bp,(char *)x, NULL,NULL,0,NULL));
-	}
-#endif
+#ifndef OPENSSL_NO_DH
+
+IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
 
-#ifndef NO_DSA
-#ifndef NO_FP_API
-/* The DSAparams functions */
-DSA *PEM_read_DSAparams(fp,x,cb)
-FILE *fp;
-DSA **x;
-int (*cb)();
-	{
-	return((DSA *)PEM_ASN1_read((char *(*)())d2i_DSAparams,
-		PEM_STRING_DSAPARAMS,fp,(char **)x,cb));
-	}
 #endif
 
-DSA *PEM_read_bio_DSAparams(bp,x,cb)
-BIO *bp;
-DSA **x;
-int (*cb)();
-	{
-	return((DSA *)PEM_ASN1_read_bio((char *(*)())d2i_DSAparams,
-		PEM_STRING_DSAPARAMS,bp,(char **)x,cb));
-	}
 
-#ifndef NO_FP_API
-int PEM_write_DSAparams(fp,x)
-FILE *fp;
-DSA *x;
-	{
-	return(PEM_ASN1_write((int (*)())i2d_DSAparams,PEM_STRING_DSAPARAMS,fp,
-		(char *)x, NULL,NULL,0,NULL));
-	}
-#endif
+/* The PrivateKey case is not that straightforward.
+ *   IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)
+ * does not work, RSA and DSA keys have specific strings.
+ * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
+ * appropriate.)
+ */
+IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:\
+			(x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY), PrivateKey)
 
-int PEM_write_bio_DSAparams(bp,x)
-BIO *bp;
-DSA *x;
-	{
-	return(PEM_ASN1_write_bio((int (*)())i2d_DSAparams,PEM_STRING_DSAPARAMS,
-		bp,(char *)x, NULL,NULL,0,NULL));
-	}
-#endif
+IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
 
diff --git a/crypto/pem/pem_err.c b/crypto/pem/pem_err.c
index 1bd5c16c84..3b39b84d66 100644
--- a/crypto/pem/pem_err.c
+++ b/crypto/pem/pem_err.c
@@ -1,68 +1,73 @@
-/* lib/pem/pem_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/pem/pem_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "pem.h"
+#include <openssl/err.h>
+#include <openssl/pem.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA PEM_str_functs[]=
 	{
+{ERR_PACK(0,PEM_F_D2I_PKCS8PRIVATEKEY_BIO,0),	"d2i_PKCS8PrivateKey_bio"},
+{ERR_PACK(0,PEM_F_D2I_PKCS8PRIVATEKEY_FP,0),	"d2i_PKCS8PrivateKey_fp"},
 {ERR_PACK(0,PEM_F_DEF_CALLBACK,0),	"DEF_CALLBACK"},
 {ERR_PACK(0,PEM_F_LOAD_IV,0),	"LOAD_IV"},
 {ERR_PACK(0,PEM_F_PEM_ASN1_READ,0),	"PEM_ASN1_read"},
@@ -70,6 +75,8 @@ static ERR_STRING_DATA PEM_str_functs[]=
 {ERR_PACK(0,PEM_F_PEM_ASN1_WRITE,0),	"PEM_ASN1_write"},
 {ERR_PACK(0,PEM_F_PEM_ASN1_WRITE_BIO,0),	"PEM_ASN1_write_bio"},
 {ERR_PACK(0,PEM_F_PEM_DO_HEADER,0),	"PEM_do_header"},
+{ERR_PACK(0,PEM_F_PEM_F_DO_PK8KEY_FP,0),	"PEM_F_DO_PK8KEY_FP"},
+{ERR_PACK(0,PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY,0),	"PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
 {ERR_PACK(0,PEM_F_PEM_GET_EVP_CIPHER_INFO,0),	"PEM_get_EVP_CIPHER_INFO"},
 {ERR_PACK(0,PEM_F_PEM_READ,0),	"PEM_read"},
 {ERR_PACK(0,PEM_F_PEM_READ_BIO,0),	"PEM_read_bio"},
@@ -78,10 +85,11 @@ static ERR_STRING_DATA PEM_str_functs[]=
 {ERR_PACK(0,PEM_F_PEM_SIGNFINAL,0),	"PEM_SignFinal"},
 {ERR_PACK(0,PEM_F_PEM_WRITE,0),	"PEM_write"},
 {ERR_PACK(0,PEM_F_PEM_WRITE_BIO,0),	"PEM_write_bio"},
+{ERR_PACK(0,PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,0),	"PEM_write_bio_PKCS8PrivateKey"},
 {ERR_PACK(0,PEM_F_PEM_X509_INFO_READ,0),	"PEM_X509_INFO_read"},
 {ERR_PACK(0,PEM_F_PEM_X509_INFO_READ_BIO,0),	"PEM_X509_INFO_read_bio"},
 {ERR_PACK(0,PEM_F_PEM_X509_INFO_WRITE_BIO,0),	"PEM_X509_INFO_write_bio"},
-{0,NULL},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA PEM_str_reasons[]=
@@ -91,6 +99,7 @@ static ERR_STRING_DATA PEM_str_reasons[]=
 {PEM_R_BAD_END_LINE                      ,"bad end line"},
 {PEM_R_BAD_IV_CHARS                      ,"bad iv chars"},
 {PEM_R_BAD_PASSWORD_READ                 ,"bad password read"},
+{PEM_R_ERROR_CONVERTING_PRIVATE_KEY      ,"error converting private key"},
 {PEM_R_NOT_DEK_INFO                      ,"not dek info"},
 {PEM_R_NOT_ENCRYPTED                     ,"not encrypted"},
 {PEM_R_NOT_PROC_TYPE                     ,"not proc type"},
@@ -101,19 +110,19 @@ static ERR_STRING_DATA PEM_str_reasons[]=
 {PEM_R_SHORT_HEADER                      ,"short header"},
 {PEM_R_UNSUPPORTED_CIPHER                ,"unsupported cipher"},
 {PEM_R_UNSUPPORTED_ENCRYPTION            ,"unsupported encryption"},
-{0,NULL},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_PEM_strings()
+void ERR_load_PEM_strings(void)
 	{
 	static int init=1;
 
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_PEM,PEM_str_functs);
 		ERR_load_strings(ERR_LIB_PEM,PEM_str_reasons);
 #endif
diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c
index 4b69833b62..17ea85e4d7 100644
--- a/crypto/pem/pem_info.c
+++ b/crypto/pem/pem_info.c
@@ -58,20 +58,17 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
-#ifndef NO_FP_API
-STACK *PEM_X509_INFO_read(fp,sk,cb)
-FILE *fp;
-STACK *sk;
-int (*cb)();
+#ifndef OPENSSL_NO_FP_API
+STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
 	{
         BIO *b;
-        STACK *ret;
+        STACK_OF(X509_INFO) *ret;
 
         if ((b=BIO_new(BIO_s_file())) == NULL)
 		{
@@ -79,29 +76,26 @@ int (*cb)();
                 return(0);
 		}
         BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_X509_INFO_read_bio(b,sk,cb);
+        ret=PEM_X509_INFO_read_bio(b,sk,cb,u);
         BIO_free(b);
         return(ret);
 	}
 #endif
 
-STACK *PEM_X509_INFO_read_bio(bp,sk,cb)
-BIO *bp;
-STACK *sk;
-int (*cb)();
+STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
 	{
 	X509_INFO *xi=NULL;
 	char *name=NULL,*header=NULL,**pp;
 	unsigned char *data=NULL,*p;
 	long len,error=0;
 	int ok=0;
-	STACK *ret=NULL;
+	STACK_OF(X509_INFO) *ret=NULL;
 	unsigned int i,raw;
 	char *(*d2i)();
 
 	if (sk == NULL)
 		{
-		if ((ret=sk_new_null()) == NULL)
+		if ((ret=sk_X509_INFO_new_null()) == NULL)
 			{
 			PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE);
 			goto err;
@@ -117,7 +111,7 @@ int (*cb)();
 		i=PEM_read_bio(bp,&name,&header,&data,&len);
 		if (i == 0)
 			{
-			error=ERR_GET_REASON(ERR_peek_error());
+			error=ERR_GET_REASON(ERR_peek_last_error());
 			if (error == PEM_R_NO_START_LINE)
 				{
 				ERR_clear_error();
@@ -132,7 +126,18 @@ start:
 			d2i=(char *(*)())d2i_X509;
 			if (xi->x509 != NULL)
 				{
-				if (!sk_push(ret,(char *)xi)) goto err;
+				if (!sk_X509_INFO_push(ret,xi)) goto err;
+				if ((xi=X509_INFO_new()) == NULL) goto err;
+				goto start;
+				}
+			pp=(char **)&(xi->x509);
+			}
+		else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0))
+			{
+			d2i=(char *(*)())d2i_X509_AUX;
+			if (xi->x509 != NULL)
+				{
+				if (!sk_X509_INFO_push(ret,xi)) goto err;
 				if ((xi=X509_INFO_new()) == NULL) goto err;
 				goto start;
 				}
@@ -143,20 +148,20 @@ start:
 			d2i=(char *(*)())d2i_X509_CRL;
 			if (xi->crl != NULL)
 				{
-				if (!sk_push(ret,(char *)xi)) goto err;
+				if (!sk_X509_INFO_push(ret,xi)) goto err;
 				if ((xi=X509_INFO_new()) == NULL) goto err;
 				goto start;
 				}
 			pp=(char **)&(xi->crl);
 			}
 		else
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 			if (strcmp(name,PEM_STRING_RSA) == 0)
 			{
 			d2i=(char *(*)())d2i_RSAPrivateKey;
 			if (xi->x_pkey != NULL) 
 				{
-				if (!sk_push(ret,(char *)xi)) goto err;
+				if (!sk_X509_INFO_push(ret,xi)) goto err;
 				if ((xi=X509_INFO_new()) == NULL) goto err;
 				goto start;
 				}
@@ -174,13 +179,13 @@ start:
 			}
 		else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 			if (strcmp(name,PEM_STRING_DSA) == 0)
 			{
 			d2i=(char *(*)())d2i_DSAPrivateKey;
 			if (xi->x_pkey != NULL) 
 				{
-				if (!sk_push(ret,(char *)xi)) goto err;
+				if (!sk_X509_INFO_push(ret,xi)) goto err;
 				if ((xi=X509_INFO_new()) == NULL) goto err;
 				goto start;
 				}
@@ -198,6 +203,30 @@ start:
 			}
 		else
 #endif
+#ifndef OPENSSL_NO_EC
+ 			if (strcmp(name,PEM_STRING_ECPRIVATEKEY) == 0)
+ 			{
+ 				d2i=(char *(*)())d2i_ECPrivateKey;
+ 				if (xi->x_pkey != NULL) 
+ 				{
+ 					if (!sk_X509_INFO_push(ret,xi)) goto err;
+ 					if ((xi=X509_INFO_new()) == NULL) goto err;
+ 						goto start;
+ 				}
+ 
+ 			xi->enc_data=NULL;
+ 			xi->enc_len=0;
+ 
+ 			xi->x_pkey=X509_PKEY_new();
+ 			if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
+ 				goto err;
+ 			xi->x_pkey->dec_pkey->type=EVP_PKEY_EC;
+ 			pp=(char **)&(xi->x_pkey->dec_pkey->pkey.eckey);
+ 			if ((int)strlen(header) > 10) /* assume encrypted */
+ 				raw=1;
+			}
+		else
+#endif
 			{
 			d2i=NULL;
 			pp=NULL;
@@ -211,7 +240,7 @@ start:
 
 				if (!PEM_get_EVP_CIPHER_INFO(header,&cipher))
 					goto err;
-				if (!PEM_do_header(&cipher,data,&len,cb))
+				if (!PEM_do_header(&cipher,data,&len,cb,u))
 					goto err;
 				p=data;
 				if (d2i(pp,&p,len) == NULL)
@@ -232,9 +261,9 @@ start:
 		else	{
 			/* unknown */
 			}
-		if (name != NULL) Free(name);
-		if (header != NULL) Free(header);
-		if (data != NULL) Free(data);
+		if (name != NULL) OPENSSL_free(name);
+		if (header != NULL) OPENSSL_free(header);
+		if (data != NULL) OPENSSL_free(data);
 		name=NULL;
 		header=NULL;
 		data=NULL;
@@ -246,7 +275,7 @@ start:
 	if ((xi->x509 != NULL) || (xi->crl != NULL) ||
 		(xi->x_pkey != NULL) || (xi->enc_data != NULL))
 		{
-		if (!sk_push(ret,(char *)xi)) goto err;
+		if (!sk_X509_INFO_push(ret,xi)) goto err;
 		xi=NULL;
 		}
 	ok=1;
@@ -254,36 +283,30 @@ err:
 	if (xi != NULL) X509_INFO_free(xi);
 	if (!ok)
 		{
-		for (i=0; ((int)i)<sk_num(ret); i++)
+		for (i=0; ((int)i)<sk_X509_INFO_num(ret); i++)
 			{
-			xi=(X509_INFO *)sk_value(ret,i);
+			xi=sk_X509_INFO_value(ret,i);
 			X509_INFO_free(xi);
 			}
-		if (ret != sk) sk_free(ret);
+		if (ret != sk) sk_X509_INFO_free(ret);
 		ret=NULL;
 		}
 		
-	if (name != NULL) Free(name);
-	if (header != NULL) Free(header);
-	if (data != NULL) Free(data);
+	if (name != NULL) OPENSSL_free(name);
+	if (header != NULL) OPENSSL_free(header);
+	if (data != NULL) OPENSSL_free(data);
 	return(ret);
 	}
 
 
 /* A TJH addition */
-int PEM_X509_INFO_write_bio(bp,xi,enc,kstr,klen,cb)
-BIO *bp;
-X509_INFO *xi;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*cb)();
+int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
+	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
 	{
 	EVP_CIPHER_CTX ctx;
 	int i,ret=0;
 	unsigned char *data=NULL;
-	char *objstr=NULL;
-#define PEM_BUFSIZE	1024
+	const char *objstr=NULL;
 	char buf[PEM_BUFSIZE];
 	unsigned char *iv=NULL;
 	
@@ -306,7 +329,7 @@ int (*cb)();
 		{
 		if ( (xi->enc_data!=NULL) && (xi->enc_len>0) )
 			{
-			/* copy from wierdo names into more normal things */
+			/* copy from weirdo names into more normal things */
 			iv=xi->enc_cipher.iv;
 			data=(unsigned char *)xi->enc_data;
 			i=xi->enc_len;
@@ -325,9 +348,10 @@ int (*cb)();
 				}
 
 			/* create the right magic header stuff */
+			OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
 			buf[0]='\0';
 			PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
-			PEM_dek_info(buf,objstr,8,(char *)iv);
+			PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
 
 			/* use the normal code to write things out */
 			i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i);
@@ -336,18 +360,18 @@ int (*cb)();
 		else
 			{
 			/* Add DSA/DH */
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 			/* normal optionally encrypted stuff */
 			if (PEM_write_bio_RSAPrivateKey(bp,
 				xi->x_pkey->dec_pkey->pkey.rsa,
-				enc,kstr,klen,cb)<=0)
+				enc,kstr,klen,cb,u)<=0)
 				goto err;
 #endif
 			}
 		}
 
 	/* if we have a certificate then write it out now */
-	if ((xi->x509 != NULL) || (PEM_write_bio_X509(bp,xi->x509) <= 0))
+	if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0))
 		goto err;
 
 	/* we are ignoring anything else that is loaded into the X509_INFO
@@ -359,7 +383,7 @@ int (*cb)();
 	ret=1;
 
 err:
-	memset((char *)&ctx,0,sizeof(ctx));
-	memset(buf,0,PEM_BUFSIZE);
+	OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+	OPENSSL_cleanse(buf,PEM_BUFSIZE);
 	return(ret);
 	}
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index 790847144d..900af737ed 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -58,45 +58,40 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "objects.h"
-#include "evp.h"
-#include "rand.h"
-#include "x509.h"
-#include "pem.h"
-#ifndef NO_DES
-#include "des.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+#ifndef OPENSSL_NO_DES
+#include <openssl/des.h>
 #endif
 
-char *PEM_version="PEM part of SSLeay 0.9.1a 06-Jul-1998";
+const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT;
 
 #define MIN_LENGTH	4
 
-/* PEMerr(PEM_F_PEM_WRITE_BIO,ERR_R_MALLOC_FAILURE);
- * PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
- */
-
-#ifndef NOPROTO
-static int def_callback(char *buf, int num, int w);
 static int load_iv(unsigned char **fromp,unsigned char *to, int num);
-#else
-static int def_callback();
-static int load_iv();
-#endif
+static int check_pem(const char *nm, const char *name);
 
-static int def_callback(buf, num, w)
-char *buf;
-int num;
-int w;
+int PEM_def_callback(char *buf, int num, int w, void *key)
 	{
-#ifdef NO_FP_API
+#ifdef OPENSSL_NO_FP_API
 	/* We should not ever call the default callback routine from
 	 * windows. */
 	PEMerr(PEM_F_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
 	return(-1);
 #else
 	int i,j;
-	char *prompt;
+	const char *prompt;
+	if(key) {
+		i=strlen(key);
+		i=(i > num)?num:i;
+		memcpy(buf,key,i);
+		return(i);
+	}
 
 	prompt=EVP_get_pw_prompt();
 	if (prompt == NULL)
@@ -123,11 +118,9 @@ int w;
 #endif
 	}
 
-void PEM_proc_type(buf, type)
-char *buf;
-int type;
+void PEM_proc_type(char *buf, int type)
 	{
-	char *str;
+	const char *str;
 
 	if (type == PEM_TYPE_ENCRYPTED)
 		str="ENCRYPTED";
@@ -143,13 +136,9 @@ int type;
 	strcat(buf,"\n");
 	}
 
-void PEM_dek_info(buf, type, len, str)
-char *buf;
-char *type;
-int len;
-char *str;
+void PEM_dek_info(char *buf, const char *type, int len, char *str)
 	{
-	static unsigned char map[17]="0123456789ABCDEF";
+	static const unsigned char map[17]="0123456789ABCDEF";
 	long i;
 	int j;
 
@@ -166,13 +155,9 @@ char *str;
 	buf[j+i*2+1]='\0';
 	}
 
-#ifndef NO_FP_API
-char *PEM_ASN1_read(d2i,name,fp, x, cb)
-char *(*d2i)();
-char *name;
-FILE *fp;
-char **x;
-int (*cb)();
+#ifndef OPENSSL_NO_FP_API
+char *PEM_ASN1_read(char *(*d2i)(), const char *name, FILE *fp, char **x,
+	     pem_password_cb *cb, void *u)
 	{
         BIO *b;
         char *ret;
@@ -183,74 +168,99 @@ int (*cb)();
                 return(0);
 		}
         BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_ASN1_read_bio(d2i,name,b,x,cb);
+        ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);
         BIO_free(b);
         return(ret);
 	}
 #endif
 
-char *PEM_ASN1_read_bio(d2i,name,bp, x, cb)
-char *(*d2i)();
-char *name;
-BIO *bp;
-char **x;
-int (*cb)();
+static int check_pem(const char *nm, const char *name)
+{
+	/* Normal matching nm and name */
+	if (!strcmp(nm,name)) return 1;
+
+	/* Make PEM_STRING_EVP_PKEY match any private key */
+
+	if(!strcmp(nm,PEM_STRING_PKCS8) &&
+		!strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+
+	if(!strcmp(nm,PEM_STRING_PKCS8INF) &&
+		 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+
+	if(!strcmp(nm,PEM_STRING_RSA) &&
+		!strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+
+	if(!strcmp(nm,PEM_STRING_DSA) &&
+		 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+
+ 	if(!strcmp(nm,PEM_STRING_ECPRIVATEKEY) &&
+ 		 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+	/* Permit older strings */
+
+	if(!strcmp(nm,PEM_STRING_X509_OLD) &&
+		!strcmp(name,PEM_STRING_X509)) return 1;
+
+	if(!strcmp(nm,PEM_STRING_X509_REQ_OLD) &&
+		!strcmp(name,PEM_STRING_X509_REQ)) return 1;
+
+	/* Allow normal certs to be read as trusted certs */
+	if(!strcmp(nm,PEM_STRING_X509) &&
+		!strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;
+
+	if(!strcmp(nm,PEM_STRING_X509_OLD) &&
+		!strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;
+
+	/* Some CAs use PKCS#7 with CERTIFICATE headers */
+	if(!strcmp(nm, PEM_STRING_X509) &&
+		!strcmp(name, PEM_STRING_PKCS7)) return 1;
+
+	return 0;
+}
+
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
+	     pem_password_cb *cb, void *u)
 	{
 	EVP_CIPHER_INFO cipher;
 	char *nm=NULL,*header=NULL;
-	unsigned char *p=NULL,*data=NULL;
+	unsigned char *data=NULL;
 	long len;
-	char *ret=NULL;
+	int ret = 0;
 
 	for (;;)
 		{
-		if (!PEM_read_bio(bp,&nm,&header,&data,&len)) return(NULL);
-		if (	(strcmp(nm,name) == 0) ||
-			((strcmp(nm,PEM_STRING_RSA) == 0) &&
-			 (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
-			((strcmp(nm,PEM_STRING_DSA) == 0) &&
-			 (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) ||
-			((strcmp(nm,PEM_STRING_X509_OLD) == 0) &&
-			 (strcmp(name,PEM_STRING_X509) == 0)) ||
-			((strcmp(nm,PEM_STRING_X509_REQ_OLD) == 0) &&
-			 (strcmp(name,PEM_STRING_X509_REQ) == 0))
-			)
-			break;
-		Free(nm);
-		Free(header);
-		Free(data);
+		if (!PEM_read_bio(bp,&nm,&header,&data,&len)) {
+			if(ERR_GET_REASON(ERR_peek_error()) ==
+				PEM_R_NO_START_LINE)
+				ERR_add_error_data(2, "Expecting: ", name);
+			return 0;
 		}
-	if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;
-	if (!PEM_do_header(&cipher,data,&len,cb)) goto err;
-	p=data;
-	if (strcmp(name,PEM_STRING_EVP_PKEY) == 0)
-		{
-		if (strcmp(nm,PEM_STRING_RSA) == 0)
-			ret=d2i(EVP_PKEY_RSA,x,&p,len);
-		else if (strcmp(nm,PEM_STRING_DSA) == 0)
-			ret=d2i(EVP_PKEY_DSA,x,&p,len);
+		if(check_pem(nm, name)) break;
+		OPENSSL_free(nm);
+		OPENSSL_free(header);
+		OPENSSL_free(data);
 		}
-	else	
-		ret=d2i(x,&p,len);
-	if (ret == NULL)
-		PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
+	if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;
+	if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err;
+
+	*pdata = data;
+	*plen = len;
+
+	if (pnm)
+		*pnm = nm;
+
+	ret = 1;
+
 err:
-	Free(nm);
-	Free(header);
-	Free(data);
-	return(ret);
+	if (!ret || !pnm) OPENSSL_free(nm);
+	OPENSSL_free(header);
+	if (!ret) OPENSSL_free(data);
+	return ret;
 	}
 
-#ifndef NO_FP_API
-int PEM_ASN1_write(i2d,name,fp, x, enc, kstr, klen, callback)
-int (*i2d)();
-char *name;
-FILE *fp;
-char *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*callback)();
+#ifndef OPENSSL_NO_FP_API
+int PEM_ASN1_write(int (*i2d)(), const char *name, FILE *fp, char *x,
+	     const EVP_CIPHER *enc, unsigned char *kstr, int klen,
+	     pem_password_cb *callback, void *u)
         {
         BIO *b;
         int ret;
@@ -261,27 +271,20 @@ int (*callback)();
                 return(0);
 		}
         BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback);
+        ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u);
         BIO_free(b);
         return(ret);
         }
 #endif
 
-int PEM_ASN1_write_bio(i2d,name,bp, x, enc, kstr, klen, callback)
-int (*i2d)();
-char *name;
-BIO *bp;
-char *x;
-EVP_CIPHER *enc;
-unsigned char *kstr;
-int klen;
-int (*callback)();
+int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x,
+	     const EVP_CIPHER *enc, unsigned char *kstr, int klen,
+	     pem_password_cb *callback, void *u)
 	{
 	EVP_CIPHER_CTX ctx;
 	int dsize=0,i,j,ret=0;
 	unsigned char *p,*data=NULL;
-	char *objstr=NULL;
-#define PEM_BUFSIZE	1024
+	const char *objstr=NULL;
 	char buf[PEM_BUFSIZE];
 	unsigned char key[EVP_MAX_KEY_LENGTH];
 	unsigned char iv[EVP_MAX_IV_LENGTH];
@@ -303,7 +306,8 @@ int (*callback)();
 		goto err;
 		}
 	/* dzise + 8 bytes are needed */
-	data=(unsigned char *)Malloc((unsigned int)dsize+20);
+	/* actually it needs the cipher block size extra... */
+	data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);
 	if (data == NULL)
 		{
 		PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
@@ -317,32 +321,42 @@ int (*callback)();
 		if (kstr == NULL)
 			{
 			if (callback == NULL)
-				klen=def_callback(buf,PEM_BUFSIZE,1);
+				klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u);
 			else
-				klen=(*callback)(buf,PEM_BUFSIZE,1);
+				klen=(*callback)(buf,PEM_BUFSIZE,1,u);
 			if (klen <= 0)
 				{
 				PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY);
 				goto err;
 				}
+#ifdef CHARSET_EBCDIC
+			/* Convert the pass phrase from EBCDIC */
+			ebcdic2ascii(buf, buf, klen);
+#endif
 			kstr=(unsigned char *)buf;
 			}
-		RAND_seed(data,i);/* put in the RSA key. */
-		RAND_bytes(iv,8);	/* Generate a salt */
+		RAND_add(data,i,0);/* put in the RSA key. */
+		OPENSSL_assert(enc->iv_len <= sizeof iv);
+		if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
+			goto err;
 		/* The 'iv' is used as the iv and as a salt.  It is
 		 * NOT taken from the BytesToKey function */
 		EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
 
-		if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE);
+		if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
+
+		OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
 
 		buf[0]='\0';
 		PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
-		PEM_dek_info(buf,objstr,8,(char *)iv);
+		PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
 		/* k=strlen(buf); */
-	
-		EVP_EncryptInit(&ctx,enc,key,iv);
+
+		EVP_CIPHER_CTX_init(&ctx);
+		EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
 		EVP_EncryptUpdate(&ctx,data,&j,data,i);
-		EVP_EncryptFinal(&ctx,&(data[j]),&i);
+		EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
+		EVP_CIPHER_CTX_cleanup(&ctx);
 		i+=j;
 		ret=1;
 		}
@@ -354,20 +368,20 @@ int (*callback)();
 	i=PEM_write_bio(bp,name,buf,data,i);
 	if (i <= 0) ret=0;
 err:
-	memset(key,0,sizeof(key));
-	memset(iv,0,sizeof(iv));
-	memset((char *)&ctx,0,sizeof(ctx));
-	memset(buf,0,PEM_BUFSIZE);
-	memset(data,0,(unsigned int)dsize);
-	Free(data);
+	OPENSSL_cleanse(key,sizeof(key));
+	OPENSSL_cleanse(iv,sizeof(iv));
+	OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+	OPENSSL_cleanse(buf,PEM_BUFSIZE);
+	if (data != NULL)
+		{
+		OPENSSL_cleanse(data,(unsigned int)dsize);
+		OPENSSL_free(data);
+		}
 	return(ret);
 	}
 
-int PEM_do_header(cipher, data, plen, callback)
-EVP_CIPHER_INFO *cipher;
-unsigned char *data;
-long *plen;
-int (*callback)();
+int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
+	     pem_password_cb *callback,void *u)
 	{
 	int i,j,o,klen;
 	long len;
@@ -379,24 +393,30 @@ int (*callback)();
 
 	if (cipher->cipher == NULL) return(1);
 	if (callback == NULL)
-		klen=def_callback(buf,PEM_BUFSIZE,0);
+		klen=PEM_def_callback(buf,PEM_BUFSIZE,0,u);
 	else
-		klen=callback(buf,PEM_BUFSIZE,0);
+		klen=callback(buf,PEM_BUFSIZE,0,u);
 	if (klen <= 0)
 		{
 		PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ);
 		return(0);
 		}
+#ifdef CHARSET_EBCDIC
+	/* Convert the pass phrase from EBCDIC */
+	ebcdic2ascii(buf, buf, klen);
+#endif
+
 	EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
 		(unsigned char *)buf,klen,1,key,NULL);
 
 	j=(int)len;
-	EVP_DecryptInit(&ctx,cipher->cipher,key,&(cipher->iv[0]));
+	EVP_CIPHER_CTX_init(&ctx);
+	EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
 	EVP_DecryptUpdate(&ctx,data,&i,data,j);
-	o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
+	o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
 	EVP_CIPHER_CTX_cleanup(&ctx);
-	memset((char *)buf,0,sizeof(buf));
-	memset((char *)key,0,sizeof(key));
+	OPENSSL_cleanse((char *)buf,sizeof(buf));
+	OPENSSL_cleanse((char *)key,sizeof(key));
 	j+=i;
 	if (!o)
 		{
@@ -407,12 +427,10 @@ int (*callback)();
 	return(1);
 	}
 
-int PEM_get_EVP_CIPHER_INFO(header,cipher)
-char *header;
-EVP_CIPHER_INFO *cipher;
+int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
 	{
 	int o;
-	EVP_CIPHER *enc=NULL;
+	const EVP_CIPHER *enc=NULL;
 	char *p,c;
 
 	cipher->cipher=NULL;
@@ -438,9 +456,15 @@ EVP_CIPHER_INFO *cipher;
 	for (;;)
 		{
 		c= *header;
+#ifndef CHARSET_EBCDIC
 		if (!(	((c >= 'A') && (c <= 'Z')) || (c == '-') ||
 			((c >= '0') && (c <= '9'))))
 			break;
+#else
+		if (!(	isupper(c) || (c == '-') ||
+			isdigit(c)))
+			break;
+#endif
 		header++;
 		}
 	*header='\0';
@@ -454,14 +478,12 @@ EVP_CIPHER_INFO *cipher;
 		PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);
 		return(0);
 		}
-	if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),8)) return(0);
+	if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),enc->iv_len)) return(0);
 
 	return(1);
 	}
 
-static int load_iv(fromp,to,num)
-unsigned char **fromp,*to;
-int num;
+static int load_iv(unsigned char **fromp, unsigned char *to, int num)
 	{
 	int v,i;
 	unsigned char *from;
@@ -490,13 +512,9 @@ int num;
 	return(1);
 	}
 
-#ifndef NO_FP_API
-int PEM_write(fp, name, header, data,len)
-FILE *fp;
-char *name;
-char *header;
-unsigned char *data;
-long len;
+#ifndef OPENSSL_NO_FP_API
+int PEM_write(FILE *fp, char *name, char *header, unsigned char *data,
+	     long len)
         {
         BIO *b;
         int ret;
@@ -513,12 +531,8 @@ long len;
         }
 #endif
 
-int PEM_write_bio(bp, name, header, data,len)
-BIO *bp;
-char *name;
-char *header;
-unsigned char *data;
-long len;
+int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
+	     long len)
 	{
 	int nlen,n,i,j,outl;
 	unsigned char *buf;
@@ -541,7 +555,7 @@ long len;
 			goto err;
 		}
 
-	buf=(unsigned char *)Malloc(PEM_BUFSIZE*8);
+	buf=(unsigned char *)OPENSSL_malloc(PEM_BUFSIZE*8);
 	if (buf == NULL)
 		{
 		reason=ERR_R_MALLOC_FAILURE;
@@ -561,7 +575,7 @@ long len;
 		}
 	EVP_EncodeFinal(&ctx,buf,&outl);
 	if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
-	Free(buf);
+	OPENSSL_free(buf);
 	if (	(BIO_write(bp,"-----END ",9) != 9) ||
 		(BIO_write(bp,name,nlen) != nlen) ||
 		(BIO_write(bp,"-----\n",6) != 6))
@@ -572,13 +586,9 @@ err:
 	return(0);
 	}
 
-#ifndef NO_FP_API
-int PEM_read(fp, name, header, data,len)
-FILE *fp;
-char **name;
-char **header;
-unsigned char **data;
-long *len;
+#ifndef OPENSSL_NO_FP_API
+int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
+	     long *len)
         {
         BIO *b;
         int ret;
@@ -595,12 +605,8 @@ long *len;
         }
 #endif
 
-int PEM_read_bio(bp, name, header, data, len)
-BIO *bp;
-char **name;
-char **header;
-unsigned char **data;
-long *len;
+int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
+	     long *len)
 	{
 	EVP_ENCODE_CTX ctx;
 	int end=0,i,k,bl=0,hl=0,nohead=0;
@@ -643,7 +649,7 @@ long *len;
 				PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
 				goto err;
 				}
-			strncpy(nameB->data,&(buf[11]),(unsigned int)i-6);
+			memcpy(nameB->data,&(buf[11]),i-6);
 			nameB->data[i-6]='\0';
 			break;
 			}
@@ -668,7 +674,7 @@ long *len;
 			nohead=1;
 			break;
 			}
-		strncpy(&(headerB->data[hl]),buf,(unsigned int)i);
+		memcpy(&(headerB->data[hl]),buf,i);
 		headerB->data[hl+i]='\0';
 		hl+=i;
 		}
@@ -691,12 +697,12 @@ long *len;
 			if (strncmp(buf,"-----END ",9) == 0)
 				break;
 			if (i > 65) break;
-			if (!BUF_MEM_grow(dataB,i+bl+9))
+			if (!BUF_MEM_grow_clean(dataB,i+bl+9))
 				{
 				PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
 				goto err;
 				}
-			strncpy(&(dataB->data[bl]),buf,(unsigned int)i);
+			memcpy(&(dataB->data[bl]),buf,i);
 			dataB->data[bl+i]='\0';
 			bl+=i;
 			if (end)
@@ -721,7 +727,7 @@ long *len;
 		}
 	i=strlen(nameB->data);
 	if (	(strncmp(buf,"-----END ",9) != 0) ||
-		(strncmp(nameB->data,&(buf[9]),(unsigned int)i) != 0) ||
+		(strncmp(nameB->data,&(buf[9]),i) != 0) ||
 		(strncmp(&(buf[9+i]),"-----\n",6) != 0))
 		{
 		PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE);
@@ -750,9 +756,9 @@ long *len;
 	*header=headerB->data;
 	*data=(unsigned char *)dataB->data;
 	*len=bl;
-	Free(nameB);
-	Free(headerB);
-	Free(dataB);
+	OPENSSL_free(nameB);
+	OPENSSL_free(headerB);
+	OPENSSL_free(dataB);
 	return(1);
 err:
 	BUF_MEM_free(nameB);
diff --git a/crypto/asn1/a_bmp.c b/crypto/pem/pem_oth.c
index 76a6f1cd66..8d9064ea7c 100644
--- a/crypto/asn1/a_bmp.c
+++ b/crypto/pem/pem_oth.c
@@ -1,4 +1,4 @@
-/* crypto/asn1/a_bmp.c */
+/* crypto/pem/pem_oth.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -58,33 +58,28 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
-/* ASN1err(ASN1_F_D2I_ASN1_INTEGER,ASN1_R_EXPECTING_AN_INTEGER);
- */
+/* Handle 'other' PEMs: not private keys */
 
-int i2d_ASN1_BMPSTRING(a, pp)
-ASN1_BMPSTRING *a;
-unsigned char **pp;
+char *PEM_ASN1_read_bio(char *(*d2i)(), const char *name, BIO *bp, char **x,
+	     pem_password_cb *cb, void *u)
 	{
-	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
-		V_ASN1_BMPSTRING,V_ASN1_UNIVERSAL));
-	}
+	unsigned char *p=NULL,*data=NULL;
+	long len;
+	char *ret=NULL;
 
-ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(a, pp, length)
-ASN1_BMPSTRING **a;
-unsigned char **pp;
-long length;
-	{
-	ASN1_BMPSTRING *ret=NULL;
-
-	ret=(ASN1_BMPSTRING *)d2i_ASN1_bytes((ASN1_STRING **)a,
-		pp,length,V_ASN1_BMPSTRING,V_ASN1_UNIVERSAL);
+	if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u))
+		return NULL;
+	p = data;
+	ret=d2i(x,&p,len);
 	if (ret == NULL)
-		{
-		ASN1err(ASN1_F_D2I_ASN1_BMPSTRING,ERR_R_NESTED_ASN1_ERROR);
-		return(NULL);
-		}
+		PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
+	OPENSSL_free(data);
 	return(ret);
 	}
-
diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c
new file mode 100644
index 0000000000..db38a2a79d
--- /dev/null
+++ b/crypto/pem/pem_pk8.c
@@ -0,0 +1,243 @@
+/* crypto/pem/pem_pkey.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs12.h>
+#include <openssl/pem.h>
+
+static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
+				int nid, const EVP_CIPHER *enc,
+				char *kstr, int klen,
+				pem_password_cb *cb, void *u);
+static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
+				int nid, const EVP_CIPHER *enc,
+				char *kstr, int klen,
+				pem_password_cb *cb, void *u);
+
+/* These functions write a private key in PKCS#8 format: it is a "drop in"
+ * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
+ * is NULL then it uses the unencrypted private key form. The 'nid' versions
+ * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0.
+ */
+
+int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u)
+{
+	return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);
+}
+
+int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u)
+{
+	return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);
+}
+
+int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u)
+{
+	return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);
+}
+
+int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u)
+{
+	return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);
+}
+
+static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u)
+{
+	X509_SIG *p8;
+	PKCS8_PRIV_KEY_INFO *p8inf;
+	char buf[PEM_BUFSIZE];
+	int ret;
+	if(!(p8inf = EVP_PKEY2PKCS8(x))) {
+		PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
+					PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
+		return 0;
+	}
+	if(enc || (nid != -1)) {
+		if(!kstr) {
+			if(!cb) klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
+			else klen = cb(buf, PEM_BUFSIZE, 1, u);
+			if(klen <= 0) {
+				PEMerr(PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,
+								PEM_R_READ_KEY);
+				PKCS8_PRIV_KEY_INFO_free(p8inf);
+				return 0;
+			}
+				
+			kstr = buf;
+		}
+		p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
+		if(kstr == buf) OPENSSL_cleanse(buf, klen);
+		PKCS8_PRIV_KEY_INFO_free(p8inf);
+		if(isder) ret = i2d_PKCS8_bio(bp, p8);
+		else ret = PEM_write_bio_PKCS8(bp, p8);
+		X509_SIG_free(p8);
+		return ret;
+	} else {
+		if(isder) ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
+		else ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
+		PKCS8_PRIV_KEY_INFO_free(p8inf);
+		return ret;
+	}
+}
+
+EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
+{
+	PKCS8_PRIV_KEY_INFO *p8inf = NULL;
+	X509_SIG *p8 = NULL;
+	int klen;
+	EVP_PKEY *ret;
+	char psbuf[PEM_BUFSIZE];
+	p8 = d2i_PKCS8_bio(bp, NULL);
+	if(!p8) return NULL;
+	if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
+	else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
+	if (klen <= 0) {
+		PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
+		X509_SIG_free(p8);
+		return NULL;	
+	}
+	p8inf = PKCS8_decrypt(p8, psbuf, klen);
+	X509_SIG_free(p8);
+	if(!p8inf) return NULL;
+	ret = EVP_PKCS82PKEY(p8inf);
+	PKCS8_PRIV_KEY_INFO_free(p8inf);
+	if(!ret) return NULL;
+	if(x) {
+		if(*x) EVP_PKEY_free(*x);
+		*x = ret;
+	}
+	return ret;
+}
+
+#ifndef OPENSSL_NO_FP_API
+
+int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u)
+{
+	return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);
+}
+
+int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u)
+{
+	return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);
+}
+
+int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u)
+{
+	return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);
+}
+
+int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+			      char *kstr, int klen, pem_password_cb *cb, void *u)
+{
+	return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);
+}
+
+static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u)
+{
+	BIO *bp;
+	int ret;
+	if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+		PEMerr(PEM_F_PEM_F_DO_PK8KEY_FP,ERR_R_BUF_LIB);
+                return(0);
+	}
+	ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
+	BIO_free(bp);
+	return ret;
+}
+
+EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
+{
+	BIO *bp;
+	EVP_PKEY *ret;
+	if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+		PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP,ERR_R_BUF_LIB);
+                return NULL;
+	}
+	ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
+	BIO_free(bp);
+	return ret;
+}
+
+#endif
+
+IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)
+IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,
+							 PKCS8_PRIV_KEY_INFO)
diff --git a/crypto/bn/bn_m.c b/crypto/pem/pem_pkey.c
index 5166daaeec..92a55f536a 100644
--- a/crypto/bn/bn_m.c
+++ b/crypto/pem/pem_pkey.c
@@ -1,4 +1,4 @@
-/* crypto/bn/bn_m.c */
+/* crypto/pem/pem_pkey.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -58,112 +58,85 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn_lcl.h"
-#include "stack.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs12.h>
+#include <openssl/pem.h>
 
-int limit=16;
 
-typedef struct bn_pool_st
+EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
 	{
-	int used;
-	int tos;
-	STACK *sk; 
-	} BN_POOL;
-
-BIGNUM *BN_POOL_push(bp)
-BN_POOL *bp;
-	{
-	BIGNUM *ret;
-
-	if (bp->used >= bp->tos)
-		{
-		ret=BN_new();
-		sk_push(bp->sk,(char *)ret);
-		bp->tos++;
-		bp->used++;
+	char *nm=NULL;
+	unsigned char *p=NULL,*data=NULL;
+	long len;
+	EVP_PKEY *ret=NULL;
+
+	if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
+		return NULL;
+	p = data;
+
+	if (strcmp(nm,PEM_STRING_RSA) == 0)
+		ret=d2i_PrivateKey(EVP_PKEY_RSA,x,&p,len);
+	else if (strcmp(nm,PEM_STRING_DSA) == 0)
+		ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len);
+	else if (strcmp(nm,PEM_STRING_ECPRIVATEKEY) == 0)
+		ret=d2i_PrivateKey(EVP_PKEY_EC,x,&p,len);
+	else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
+		PKCS8_PRIV_KEY_INFO *p8inf;
+		p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
+		if(!p8inf) goto p8err;
+		ret = EVP_PKCS82PKEY(p8inf);
+		PKCS8_PRIV_KEY_INFO_free(p8inf);
+	} else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
+		PKCS8_PRIV_KEY_INFO *p8inf;
+		X509_SIG *p8;
+		int klen;
+		char psbuf[PEM_BUFSIZE];
+		p8 = d2i_X509_SIG(NULL, &p, len);
+		if(!p8) goto p8err;
+		if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
+		else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
+		if (klen <= 0) {
+			PEMerr(PEM_F_PEM_ASN1_READ_BIO,
+					PEM_R_BAD_PASSWORD_READ);
+			goto err;
 		}
-	else
-		{
-		ret=(BIGNUM *)sk_value(bp->sk,bp->used);
-		bp->used++;
+		p8inf = PKCS8_decrypt(p8, psbuf, klen);
+		X509_SIG_free(p8);
+		if(!p8inf) goto p8err;
+		ret = EVP_PKCS82PKEY(p8inf);
+		if(x) {
+			if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
+			*x = ret;
 		}
-	return(ret);
+		PKCS8_PRIV_KEY_INFO_free(p8inf);
 	}
-
-void BN_POOL_pop(bp,num)
-BN_POOL *bp;
-int num;
-	{
-	bp->used-=num;
-	}
-
-int BN_m(r,a,b)
-BIGNUM *r,*a,*b;
-	{
-	static BN_POOL bp;
-	static init=1;
-
-	if (init)
-		{
-		bp.used=0;
-		bp.tos=0;
-		bp.sk=sk_new_null();
-		init=0;
-		}
-	return(BN_mm(r,a,b,&bp));
+p8err:
+	if (ret == NULL)
+		PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
+err:
+	OPENSSL_free(nm);
+	OPENSSL_free(data);
+	return(ret);
 	}
 
-/* r must be different to a and b */
-int BN_mm(m, A, B, bp)
-BIGNUM *m,*A,*B;
-BN_POOL *bp;
+#ifndef OPENSSL_NO_FP_API
+EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
 	{
-	int i,num;
-	int an,bn;
-	BIGNUM *a,*b,*c,*d,*ac,*bd;
+        BIO *b;
+        EVP_PKEY *ret;
 
-	an=A->top;
-	bn=B->top;
-	if ((an <= limit) || (bn <= limit))
+        if ((b=BIO_new(BIO_s_file())) == NULL)
 		{
-		return(BN_mul(m,A,B));
+		PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);
+                return(0);
 		}
-
-	a=BN_POOL_push(bp);
-	b=BN_POOL_push(bp);
-	c=BN_POOL_push(bp);
-	d=BN_POOL_push(bp);
-	ac=BN_POOL_push(bp);
-	bd=BN_POOL_push(bp);
-
-	num=(an <= bn)?an:bn;
-	num=1<<(BN_num_bits_word(num-1)-1);
-
-	/* Are going to now chop things into 'num' word chunks. */
-	num*=BN_BITS2;
-
-	BN_copy(a,A);
-	BN_mask_bits(a,num);
-	BN_rshift(b,A,num);
-
-	BN_copy(c,B);
-	BN_mask_bits(c,num);
-	BN_rshift(d,B,num);
-
-	BN_sub(ac ,b,a);
-	BN_sub(bd,c,d);
-	BN_mm(m,ac,bd,bp);
-	BN_mm(ac,a,c,bp);
-	BN_mm(bd,b,d,bp);
-
-	BN_add(m,m,ac);
-	BN_add(m,m,bd);
-	BN_lshift(m,m,num);
-	BN_lshift(bd,bd,num*2);
-
-	BN_add(m,m,ac);
-	BN_add(m,m,bd);
-	BN_POOL_pop(bp,6);
-	return(1);
+        BIO_set_fp(b,fp,BIO_NOCLOSE);
+        ret=PEM_read_bio_PrivateKey(b,x,cb,u);
+        BIO_free(b);
+        return(ret);
 	}
-
+#endif
diff --git a/crypto/pem/pem_seal.c b/crypto/pem/pem_seal.c
index b4b36df453..56e08abd70 100644
--- a/crypto/pem/pem_seal.c
+++ b/crypto/pem/pem_seal.c
@@ -56,23 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef OPENSSL_NO_RSA
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "rand.h"
-#include "objects.h"
-#include "x509.h"
-#include "pem.h"
-
-int PEM_SealInit(ctx,type,md_type,ek,ekl,iv,pubk,npubk)
-PEM_ENCODE_SEAL_CTX *ctx;
-EVP_CIPHER *type;
-EVP_MD *md_type;
-unsigned char **ek;
-int *ekl;
-unsigned char *iv;
-EVP_PKEY **pubk;
-int npubk;
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
+	     unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk,
+	     int npubk)
 	{
 	unsigned char key[EVP_MAX_KEY_LENGTH];
 	int ret= -1;
@@ -89,17 +84,20 @@ int npubk;
 		j=RSA_size(pubk[i]->pkey.rsa);
 		if (j > max) max=j;
 		}
-	s=(char *)Malloc(max*2);
+	s=(char *)OPENSSL_malloc(max*2);
 	if (s == NULL)
 		{
 		PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
 
-	EVP_EncodeInit(&(ctx->encode));
-	EVP_SignInit(&(ctx->md),md_type);
+	EVP_EncodeInit(&ctx->encode);
+
+	EVP_MD_CTX_init(&ctx->md);
+	EVP_SignInit(&ctx->md,md_type);
 
-	ret=EVP_SealInit(&(ctx->cipher),type,ek,ekl,iv,pubk,npubk);
+	EVP_CIPHER_CTX_init(&ctx->cipher);
+	ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
 	if (!ret) goto err;
 
 	/* base64 encode the keys */
@@ -113,23 +111,19 @@ int npubk;
 
 	ret=npubk;
 err:
-	if (s != NULL) Free(s);
-	memset(key,0,EVP_MAX_KEY_LENGTH);
+	if (s != NULL) OPENSSL_free(s);
+	OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
 	return(ret);
 	}
 
-void PEM_SealUpdate(ctx,out,outl,in,inl)
-PEM_ENCODE_SEAL_CTX *ctx;
-unsigned char *out;
-int *outl;
-unsigned char *in;
-int inl;
+void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
+	     unsigned char *in, int inl)
 	{
 	unsigned char buffer[1600];
 	int i,j;
 
 	*outl=0;
-	EVP_SignUpdate(&(ctx->md),in,inl);
+	EVP_SignUpdate(&ctx->md,in,inl);
 	for (;;)
 		{
 		if (inl <= 0) break;
@@ -137,8 +131,8 @@ int inl;
 			i=1200;
 		else
 			i=inl;
-		EVP_EncryptUpdate(&(ctx->cipher),buffer,&j,in,i);
-		EVP_EncodeUpdate(&(ctx->encode),out,&j,buffer,j);
+		EVP_EncryptUpdate(&ctx->cipher,buffer,&j,in,i);
+		EVP_EncodeUpdate(&ctx->encode,out,&j,buffer,j);
 		*outl+=j;
 		out+=j;
 		in+=i;
@@ -146,13 +140,8 @@ int inl;
 		}
 	}
 
-int PEM_SealFinal(ctx,sig,sigl,out,outl,priv)
-PEM_ENCODE_SEAL_CTX *ctx;
-unsigned char *sig;
-int *sigl;
-unsigned char *out;
-int *outl;
-EVP_PKEY *priv;
+int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
+	     unsigned char *out, int *outl, EVP_PKEY *priv)
 	{
 	unsigned char *s=NULL;
 	int ret=0,j;
@@ -165,27 +154,34 @@ EVP_PKEY *priv;
 		}
 	i=RSA_size(priv->pkey.rsa);
 	if (i < 100) i=100;
-	s=(unsigned char *)Malloc(i*2);
+	s=(unsigned char *)OPENSSL_malloc(i*2);
 	if (s == NULL)
 		{
 		PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
 
-	EVP_EncryptFinal(&(ctx->cipher),s,(int *)&i);
-	EVP_EncodeUpdate(&(ctx->encode),out,&j,s,i);
+	EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);
+	EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
 	*outl=j;
 	out+=j;
-	EVP_EncodeFinal(&(ctx->encode),out,&j);
+	EVP_EncodeFinal(&ctx->encode,out,&j);
 	*outl+=j;
 
-	if (!EVP_SignFinal(&(ctx->md),s,&i,priv)) goto err;
+	if (!EVP_SignFinal(&ctx->md,s,&i,priv)) goto err;
 	*sigl=EVP_EncodeBlock(sig,s,i);
 
 	ret=1;
 err:
-	memset((char *)&(ctx->md),0,sizeof(ctx->md));
-	memset((char *)&(ctx->cipher),0,sizeof(ctx->cipher));
-	if (s != NULL) Free(s);
+	EVP_MD_CTX_cleanup(&ctx->md);
+	EVP_CIPHER_CTX_cleanup(&ctx->cipher);
+	if (s != NULL) OPENSSL_free(s);
 	return(ret);
 	}
+#else /* !OPENSSL_NO_RSA */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
+#endif
diff --git a/crypto/pem/pem_sign.c b/crypto/pem/pem_sign.c
index d56f9f9e14..c3b9808cb2 100644
--- a/crypto/pem/pem_sign.c
+++ b/crypto/pem/pem_sign.c
@@ -58,38 +58,31 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "rand.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/rand.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
-void PEM_SignInit(ctx,type)
-EVP_MD_CTX *ctx;
-EVP_MD *type;
+void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
 	{
-	EVP_DigestInit(ctx,type);
+	EVP_DigestInit_ex(ctx, type, NULL);
 	}
 
-void PEM_SignUpdate(ctx,data,count)
-EVP_MD_CTX *ctx;
-unsigned char *data;
-unsigned int count;
+void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
+	     unsigned int count)
 	{
 	EVP_DigestUpdate(ctx,data,count);
 	}
 
-int PEM_SignFinal(ctx,sigret,siglen,pkey)
-EVP_MD_CTX *ctx;
-unsigned char *sigret;
-unsigned int *siglen;
-EVP_PKEY *pkey;
+int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
+	     EVP_PKEY *pkey)
 	{
 	unsigned char *m;
 	int i,ret=0;
 	unsigned int m_len;
 
-	m=(unsigned char *)Malloc(EVP_PKEY_size(pkey)+2);
+	m=(unsigned char *)OPENSSL_malloc(EVP_PKEY_size(pkey)+2);
 	if (m == NULL)
 		{
 		PEMerr(PEM_F_PEM_SIGNFINAL,ERR_R_MALLOC_FAILURE);
@@ -103,7 +96,7 @@ EVP_PKEY *pkey;
 	ret=1;
 err:
 	/* ctx has been zeroed by EVP_SignFinal() */
-	if (m != NULL) Free(m);
+	if (m != NULL) OPENSSL_free(m);
 	return(ret);
 	}
 
diff --git a/crypto/pem/pem_x509.c b/crypto/pem/pem_x509.c
new file mode 100644
index 0000000000..19f88d8d3a
--- /dev/null
+++ b/crypto/pem/pem_x509.c
@@ -0,0 +1,69 @@
+/* pem_x509.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#undef SSLEAY_MACROS
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+
+IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)
+
diff --git a/crypto/pem/pem_xaux.c b/crypto/pem/pem_xaux.c
new file mode 100644
index 0000000000..63ce660cf1
--- /dev/null
+++ b/crypto/pem/pem_xaux.c
@@ -0,0 +1,69 @@
+/* pem_xaux.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#undef SSLEAY_MACROS
+#include "cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+
+IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)
+IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, X509_CERT_PAIR)
diff --git a/crypto/perlasm/f b/crypto/perlasm/f
deleted file mode 100644
index 80da809107..0000000000
--- a/crypto/perlasm/f
+++ /dev/null
@@ -1,19 +0,0 @@
-sub out3
-	{
-	local($name,$p1,$p2,$p3)=@_;
-
-	push(@out,"\t$name\t");
-	$l=length($p1)+1;
-	push(@out,$p1.",");
-	$ll=4-($l+9)/8;
-	$tmp1=sprintf("\t" x $ll);
-	push(@out,$tmp1);
-
-	$l=length($p2)+1;
-	push(@out,$p2.",");
-	$ll=4-($l+9)/8;
-	$tmp1=sprintf("\t" x $ll);
-	push(@out,$tmp1);
-
-	push(@out,&conv($p3)."\n");
-	}
diff --git a/crypto/perlasm/x86asm.pl b/crypto/perlasm/x86asm.pl
index d62c9bc9ee..9a3d85b098 100644
--- a/crypto/perlasm/x86asm.pl
+++ b/crypto/perlasm/x86asm.pl
@@ -15,20 +15,24 @@ sub main'asm_finish
 
 sub main'asm_init
 	{
-	($type,$fn)=@_;
+	($type,$fn,$i386)=@_;
 	$filename=$fn;
 
-	$cpp=$sol=$aout=$win32=0;
+	$cpp=$sol=$aout=$win32=$gaswin=0;
 	if (	($type eq "elf"))
 		{ require "x86unix.pl"; }
 	elsif (	($type eq "a.out"))
 		{ $aout=1; require "x86unix.pl"; }
+	elsif (	($type eq "gaswin"))
+		{ $gaswin=1; $aout=1; require "x86unix.pl"; }
 	elsif (	($type eq "sol"))
 		{ $sol=1; require "x86unix.pl"; }
 	elsif (	($type eq "cpp"))
 		{ $cpp=1; require "x86unix.pl"; }
 	elsif (	($type eq "win32"))
 		{ $win32=1; require "x86ms.pl"; }
+	elsif (	($type eq "win32n"))
+		{ $win32=1; require "x86nasm.pl"; }
 	else
 		{
 		print STDERR <<"EOF";
@@ -38,6 +42,7 @@ Pick one target type from
 	sol	- x86 solaris
 	cpp	- format so x86unix.cpp can be used
 	win32	- Windows 95/Windows NT
+	win32n	- Windows 95/Windows NT NASM format
 EOF
 		exit(1);
 		}
@@ -47,7 +52,7 @@ EOF
 &comment("Don't even think of reading this code");
 &comment("It was automatically generated by $filename");
 &comment("Which is a perl program used to generate the x86 assember for");
-&comment("any of elf, a.out, BSDI,Win32, or Solaris");
+&comment("any of elf, a.out, BSDI, Win32, gaswin (for GNU as on Win32) or Solaris");
 &comment("eric <eay\@cryptsoft.com>");
 &comment("");
 
@@ -75,16 +80,22 @@ sub asm_finish_cpp
 #define TYPE(a,b)       .type   a,b
 #define SIZE(a,b)       .size   a,b
 
-#if defined(OUT) || defined(BSDI)
+#if defined(OUT) || (defined(BSDI) && !defined(ELF))
 $tmp
 #endif
 
 #ifdef OUT
 #define OK	1
 #define ALIGN	4
+#if defined(__CYGWIN__) || defined(__DJGPP__)
+#undef SIZE
+#undef TYPE
+#define SIZE(a,b)
+#define TYPE(a,b)
+#endif /* __CYGWIN || __DJGPP */
 #endif
 
-#ifdef BSDI
+#if defined(BSDI) && !defined(ELF)
 #define OK              1
 #define ALIGN           4
 #undef SIZE
diff --git a/crypto/perlasm/x86ms.pl b/crypto/perlasm/x86ms.pl
index b8b1909567..206452341d 100644
--- a/crypto/perlasm/x86ms.pl
+++ b/crypto/perlasm/x86ms.pl
@@ -51,6 +51,16 @@ sub main'DWP
 	&get_mem("DWORD",@_);
 	}
 
+sub main'BC
+	{
+	return @_;
+	}
+
+sub main'DWC
+	{
+	return @_;
+	}
+
 sub main'stack_push
 	{
 	local($num)=@_;
@@ -331,7 +341,14 @@ sub main'set_label
 		$label{$_[0]}="${label}${_[0]}";
 		$label++;
 		}
-	push(@out,"$label{$_[0]}:\n");
+	if((defined $_[2]) && ($_[2] == 1))
+		{
+		push(@out,"$label{$_[0]}::\n");
+		}
+	else
+		{
+		push(@out,"$label{$_[0]}:\n");
+		}
 	}
 
 sub main'data_word
diff --git a/crypto/perlasm/x86nasm.pl b/crypto/perlasm/x86nasm.pl
new file mode 100644
index 0000000000..519d8a5867
--- /dev/null
+++ b/crypto/perlasm/x86nasm.pl
@@ -0,0 +1,342 @@
+#!/usr/local/bin/perl
+
+package x86nasm;
+
+$label="L000";
+
+%lb=(	'eax',	'al',
+	'ebx',	'bl',
+	'ecx',	'cl',
+	'edx',	'dl',
+	'ax',	'al',
+	'bx',	'bl',
+	'cx',	'cl',
+	'dx',	'dl',
+	);
+
+%hb=(	'eax',	'ah',
+	'ebx',	'bh',
+	'ecx',	'ch',
+	'edx',	'dh',
+	'ax',	'ah',
+	'bx',	'bh',
+	'cx',	'ch',
+	'dx',	'dh',
+	);
+
+sub main'asm_init_output { @out=(); }
+sub main'asm_get_output { return(@out); }
+sub main'get_labels { return(@labels); }
+
+sub main'external_label
+{
+	push(@labels,@_);
+	foreach (@_) {
+		push(@out, "extern\t_$_\n");
+	}
+}
+
+sub main'LB
+	{
+	(defined($lb{$_[0]})) || die "$_[0] does not have a 'low byte'\n";
+	return($lb{$_[0]});
+	}
+
+sub main'HB
+	{
+	(defined($hb{$_[0]})) || die "$_[0] does not have a 'high byte'\n";
+	return($hb{$_[0]});
+	}
+
+sub main'BP
+	{
+	&get_mem("BYTE",@_);
+	}
+
+sub main'DWP
+	{
+	&get_mem("DWORD",@_);
+	}
+
+sub main'BC
+	{
+	return "BYTE @_";
+	}
+
+sub main'DWC
+	{
+	return "DWORD @_";
+	}
+
+sub main'stack_push
+	{
+	my($num)=@_;
+	$stack+=$num*4;
+	&main'sub("esp",$num*4);
+	}
+
+sub main'stack_pop
+	{
+	my($num)=@_;
+	$stack-=$num*4;
+	&main'add("esp",$num*4);
+	}
+
+sub get_mem
+	{
+	my($size,$addr,$reg1,$reg2,$idx)=@_;
+	my($t,$post);
+	my($ret)="[";
+	$addr =~ s/^\s+//;
+	if ($addr =~ /^(.+)\+(.+)$/)
+		{
+		$reg2=&conv($1);
+		$addr="_$2";
+		}
+	elsif ($addr =~ /^[_a-zA-Z]/)
+		{
+		$addr="_$addr";
+		}
+
+	$reg1="$regs{$reg1}" if defined($regs{$reg1});
+	$reg2="$regs{$reg2}" if defined($regs{$reg2});
+	if (($addr ne "") && ($addr ne 0))
+		{
+		if ($addr !~ /^-/)
+			{ $ret.="${addr}+"; }
+		else	{ $post=$addr; }
+		}
+	if ($reg2 ne "")
+		{
+		$t="";
+		$t="*$idx" if ($idx != 0);
+		$reg1="+".$reg1 if ("$reg1$post" ne "");
+		$ret.="$reg2$t$reg1$post]";
+		}
+	else
+		{
+		$ret.="$reg1$post]"
+		}
+	return($ret);
+	}
+
+sub main'mov	{ &out2("mov",@_); }
+sub main'movb	{ &out2("mov",@_); }
+sub main'and	{ &out2("and",@_); }
+sub main'or	{ &out2("or",@_); }
+sub main'shl	{ &out2("shl",@_); }
+sub main'shr	{ &out2("shr",@_); }
+sub main'xor	{ &out2("xor",@_); }
+sub main'xorb	{ &out2("xor",@_); }
+sub main'add	{ &out2("add",@_); }
+sub main'adc	{ &out2("adc",@_); }
+sub main'sub	{ &out2("sub",@_); }
+sub main'rotl	{ &out2("rol",@_); }
+sub main'rotr	{ &out2("ror",@_); }
+sub main'exch	{ &out2("xchg",@_); }
+sub main'cmp	{ &out2("cmp",@_); }
+sub main'lea	{ &out2("lea",@_); }
+sub main'mul	{ &out1("mul",@_); }
+sub main'div	{ &out1("div",@_); }
+sub main'dec	{ &out1("dec",@_); }
+sub main'inc	{ &out1("inc",@_); }
+sub main'jmp	{ &out1("jmp",@_); }
+sub main'jmp_ptr { &out1p("jmp",@_); }
+
+# This is a bit of a kludge: declare all branches as NEAR.
+sub main'je	{ &out1("je NEAR",@_); }
+sub main'jle	{ &out1("jle NEAR",@_); }
+sub main'jz	{ &out1("jz NEAR",@_); }
+sub main'jge	{ &out1("jge NEAR",@_); }
+sub main'jl	{ &out1("jl NEAR",@_); }
+sub main'jb	{ &out1("jb NEAR",@_); }
+sub main'jc	{ &out1("jc NEAR",@_); }
+sub main'jnc	{ &out1("jnc NEAR",@_); }
+sub main'jnz	{ &out1("jnz NEAR",@_); }
+sub main'jne	{ &out1("jne NEAR",@_); }
+sub main'jno	{ &out1("jno NEAR",@_); }
+
+sub main'push	{ &out1("push",@_); $stack+=4; }
+sub main'pop	{ &out1("pop",@_); $stack-=4; }
+sub main'bswap	{ &out1("bswap",@_); &using486(); }
+sub main'not	{ &out1("not",@_); }
+sub main'call	{ &out1("call",'_'.$_[0]); }
+sub main'ret	{ &out0("ret"); }
+sub main'nop	{ &out0("nop"); }
+
+sub out2
+	{
+	my($name,$p1,$p2)=@_;
+	my($l,$t);
+
+	push(@out,"\t$name\t");
+	$t=&conv($p1).",";
+	$l=length($t);
+	push(@out,$t);
+	$l=4-($l+9)/8;
+	push(@out,"\t" x $l);
+	push(@out,&conv($p2));
+	push(@out,"\n");
+	}
+
+sub out0
+	{
+	my($name)=@_;
+
+	push(@out,"\t$name\n");
+	}
+
+sub out1
+	{
+	my($name,$p1)=@_;
+	my($l,$t);
+	push(@out,"\t$name\t".&conv($p1)."\n");
+	}
+
+sub conv
+	{
+	my($p)=@_;
+	$p =~ s/0x([0-9A-Fa-f]+)/0$1h/;
+	return $p;
+	}
+
+sub using486
+	{
+	return if $using486;
+	$using486++;
+	grep(s/\.386/\.486/,@out);
+	}
+
+sub main'file
+	{
+	push(@out, "segment .text use32\n");
+	}
+
+sub main'function_begin
+	{
+	my($func,$extra)=@_;
+
+	push(@labels,$func);
+	my($tmp)=<<"EOF";
+global	_$func
+_$func:
+	push	ebp
+	push	ebx
+	push	esi
+	push	edi
+EOF
+	push(@out,$tmp);
+	$stack=20;
+	}
+
+sub main'function_begin_B
+	{
+	my($func,$extra)=@_;
+	my($tmp)=<<"EOF";
+global	_$func
+_$func:
+EOF
+	push(@out,$tmp);
+	$stack=4;
+	}
+
+sub main'function_end
+	{
+	my($func)=@_;
+
+	my($tmp)=<<"EOF";
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+EOF
+	push(@out,$tmp);
+	$stack=0;
+	%label=();
+	}
+
+sub main'function_end_B
+	{
+	$stack=0;
+	%label=();
+	}
+
+sub main'function_end_A
+	{
+	my($func)=@_;
+
+	my($tmp)=<<"EOF";
+	pop	edi
+	pop	esi
+	pop	ebx
+	pop	ebp
+	ret
+EOF
+	push(@out,$tmp);
+	}
+
+sub main'file_end
+	{
+	}
+
+sub main'wparam
+	{
+	my($num)=@_;
+
+	return(&main'DWP($stack+$num*4,"esp","",0));
+	}
+
+sub main'swtmp
+	{
+	return(&main'DWP($_[0]*4,"esp","",0));
+	}
+
+# Should use swtmp, which is above esp.  Linix can trash the stack above esp
+#sub main'wtmp
+#	{
+#	my($num)=@_;
+#
+#	return(&main'DWP(-(($num+1)*4),"esp","",0));
+#	}
+
+sub main'comment
+	{
+	foreach (@_)
+		{
+		push(@out,"\t; $_\n");
+		}
+	}
+
+sub main'label
+	{
+	if (!defined($label{$_[0]}))
+		{
+		$label{$_[0]}="\$${label}${_[0]}";
+		$label++;
+		}
+	return($label{$_[0]});
+	}
+
+sub main'set_label
+	{
+	if (!defined($label{$_[0]}))
+		{
+		$label{$_[0]}="${label}${_[0]}";
+		$label++;
+		}
+	push(@out,"$label{$_[0]}:\n");
+	}
+
+sub main'data_word
+	{
+	push(@out,"\tDD\t$_[0]\n");
+	}
+
+sub out1p
+	{
+	my($name,$p1)=@_;
+	my($l,$t);
+
+	push(@out,"\t$name\t ".&conv($p1)."\n");
+	}
diff --git a/crypto/perlasm/x86unix.pl b/crypto/perlasm/x86unix.pl
index deb1185fc9..9ceabf0705 100644
--- a/crypto/perlasm/x86unix.pl
+++ b/crypto/perlasm/x86unix.pl
@@ -1,14 +1,10 @@
 #!/usr/local/bin/perl
 
-# Because the bswapl instruction is not supported for old assembers
-# (it was a new instruction for the 486), I've added .byte xxxx code
-# to put it in.
-# eric 24-Apr-1998
-#
-
 package x86unix;
 
 $label="L000";
+$const="";
+$constl=0;
 
 $align=($main'aout)?"4":"16";
 $under=($main'aout)?"_":"";
@@ -85,12 +81,17 @@ sub main'DWP
 	local($addr,$reg1,$reg2,$idx)=@_;
 
 	$ret="";
-	$addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/;
+	$addr =~ s/(^|[+ \t])([A-Za-z_]+[A-Za-z0-9_]+)($|[+ \t])/$1$under$2$3/;
 	$reg1="$regs{$reg1}" if defined($regs{$reg1});
 	$reg2="$regs{$reg2}" if defined($regs{$reg2});
 	$ret.=$addr if ($addr ne "") && ($addr ne 0);
 	if ($reg2 ne "")
-		{ $ret.="($reg1,$reg2,$idx)"; }
+		{
+		if($idx ne "")
+		    { $ret.="($reg1,$reg2,$idx)"; }
+		else
+		    { $ret.="($reg1,$reg2)"; }
+	        }
 	else
 		{ $ret.="($reg1)" }
 	return($ret);
@@ -101,6 +102,16 @@ sub main'BP
 	return(&main'DWP(@_));
 	}
 
+sub main'BC
+	{
+	return @_;
+	}
+
+sub main'DWC
+	{
+	return @_;
+	}
+
 #sub main'BP
 #	{
 #	local($addr,$reg1,$reg2,$idx)=@_;
@@ -153,12 +164,29 @@ sub main'dec	{ &out1("decl",@_); }
 sub main'inc	{ &out1("incl",@_); }
 sub main'push	{ &out1("pushl",@_); $stack+=4; }
 sub main'pop	{ &out1("popl",@_); $stack-=4; }
-sub main'bswap	{ &out1("bswapl",@_); }
+sub main'pushf	{ &out0("pushf"); $stack+=4; }
+sub main'popf	{ &out0("popf"); $stack-=4; }
 sub main'not	{ &out1("notl",@_); }
 sub main'call	{ &out1("call",$under.$_[0]); }
 sub main'ret	{ &out0("ret"); }
 sub main'nop	{ &out0("nop"); }
 
+# The bswapl instruction is new for the 486. Emulate if i386.
+sub main'bswap
+	{
+	if ($main'i386)
+		{
+		&main'comment("bswapl @_");
+		&main'exch(main'HB(@_),main'LB(@_));
+		&main'rotr(@_,16);
+		&main'exch(main'HB(@_),main'LB(@_));
+		}
+	else
+		{
+		&out1("bswapl",@_);
+		}
+	}
+
 sub out2
 	{
 	local($name,$p1,$p2)=@_;
@@ -268,6 +296,8 @@ EOF
 	push(@out,$tmp);
 	if ($main'cpp)
 		{ $tmp=push(@out,"\tTYPE($func,\@function)\n"); }
+	elsif ($main'gaswin)
+		{ $tmp=push(@out,"\t.def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); }
 	else	{ $tmp=push(@out,"\t.type\t$func,\@function\n"); }
 	push(@out,"$func:\n");
 	$tmp=<<"EOF";
@@ -296,6 +326,8 @@ EOF
 	push(@out,$tmp);
 	if ($main'cpp)
 		{ push(@out,"\tTYPE($func,\@function)\n"); }
+	elsif ($main'gaswin)
+		{ $tmp=push(@out,"\t.def\t$func;\t.scl\t2;\t.type\t32;\t.endef\n"); }
 	else	{ push(@out,"\t.type	$func,\@function\n"); }
 	push(@out,"$func:\n");
 	$stack=4;
@@ -316,8 +348,11 @@ sub main'function_end
 .${func}_end:
 EOF
 	push(@out,$tmp);
+
 	if ($main'cpp)
 		{ push(@out,"\tSIZE($func,.${func}_end-$func)\n"); }
+	elsif ($main'gaswin)
+                { $tmp=push(@out,"\t.align 4\n"); }
 	else	{ push(@out,"\t.size\t$func,.${func}_end-$func\n"); }
 	push(@out,".ident	\"$func\"\n");
 	$stack=0;
@@ -344,10 +379,12 @@ sub main'function_end_B
 
 	$func=$under.$func;
 
-	push(@out,".${func}_end:\n");
+	push(@out,".L_${func}_end:\n");
 	if ($main'cpp)
-		{ push(@out,"\tSIZE($func,.${func}_end-$func)\n"); }
-	else	{ push(@out,"\t.size\t$func,.${func}_end-$func\n"); }
+		{ push(@out,"\tSIZE($func,.L_${func}_end-$func)\n"); }
+        elsif ($main'gaswin)
+                { push(@out,"\t.align 4\n"); }
+	else	{ push(@out,"\t.size\t$func,.L_${func}_end-$func\n"); }
 	push(@out,".ident	\"desasm.pl\"\n");
 	$stack=0;
 	%label=();
@@ -421,9 +458,87 @@ sub main'set_label
 
 sub main'file_end
 	{
+	if ($const ne "")
+		{
+		push(@out,".section .rodata\n");
+		push(@out,$const);
+		$const="";
+		}
 	}
 
 sub main'data_word
 	{
 	push(@out,"\t.long $_[0]\n");
 	}
+
+# debug output functions: puts, putx, printf
+
+sub main'puts
+	{
+	&pushvars();
+	&main'push('$Lstring' . ++$constl);
+	&main'call('puts');
+	$stack-=4;
+	&main'add("esp",4);
+	&popvars();
+
+	$const .= "Lstring$constl:\n\t.string \"@_[0]\"\n";
+	}
+
+sub main'putx
+	{
+	&pushvars();
+	&main'push($_[0]);
+	&main'push('$Lstring' . ++$constl);
+	&main'call('printf');
+	&main'add("esp",8);
+	$stack-=8;
+	&popvars();
+
+	$const .= "Lstring$constl:\n\t.string \"\%X\"\n";
+	}
+
+sub main'printf
+	{
+	$ostack = $stack;
+	&pushvars();
+	for ($i = @_ - 1; $i >= 0; $i--)
+		{
+		if ($i == 0) # change this to support %s format strings
+			{
+			&main'push('$Lstring' . ++$constl);
+			$const .= "Lstring$constl:\n\t.string \"@_[$i]\"\n";
+			}
+		else
+			{
+			if ($_[$i] =~ /([0-9]*)\(%esp\)/)
+				{
+				&main'push(($1 + $stack - $ostack) . '(%esp)');
+				}
+			else
+				{
+				&main'push($_[$i]);
+				}
+			}
+		}
+	&main'call('printf');
+	$stack-=4*@_;
+	&main'add("esp",4*@_);
+	&popvars();
+	}
+
+sub pushvars
+	{
+	&main'pushf();
+	&main'push("edx");
+	&main'push("ecx");
+	&main'push("eax");
+	}
+
+sub popvars
+	{
+	&main'pop("eax");
+	&main'pop("ecx");
+	&main'pop("edx");
+	&main'popf();
+	}
diff --git a/crypto/pkcs12/.cvsignore b/crypto/pkcs12/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/pkcs12/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/pkcs12/Makefile.ssl b/crypto/pkcs12/Makefile.ssl
new file mode 100644
index 0000000000..52ca218669
--- /dev/null
+++ b/crypto/pkcs12/Makefile.ssl
@@ -0,0 +1,436 @@
+#
+# SSLeay/crypto/pkcs12/Makefile
+#
+
+DIR=	pkcs12
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c p12_decr.c \
+	p12_init.c p12_key.c p12_kiss.c p12_mutl.c\
+	p12_utl.c p12_npas.c pk12err.c p12_p8d.c p12_p8e.c
+LIBOBJ= p12_add.o p12_asn.o p12_attr.o p12_crpt.o p12_crt.o p12_decr.o \
+	p12_init.o p12_key.o p12_kiss.o p12_mutl.o\
+	p12_utl.o p12_npas.o pk12err.o p12_p8d.o p12_p8e.o
+
+SRC= $(LIBSRC)
+
+EXHEADER=  pkcs12.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+test:
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB) || echo Never mind.
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+p12_add.o: ../../e_os.h ../../include/openssl/aes.h
+p12_add.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_add.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_add.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_add.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_add.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_add.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_add.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_add.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_add.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_add.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_add.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_add.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_add.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_add.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_add.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_add.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_add.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_add.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_add.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_add.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_add.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_add.c
+p12_asn.o: ../../e_os.h ../../include/openssl/aes.h
+p12_asn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+p12_asn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p12_asn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p12_asn.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p12_asn.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p12_asn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p12_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p12_asn.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p12_asn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_asn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_asn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_asn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_asn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_asn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+p12_asn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+p12_asn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+p12_asn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_asn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_asn.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_asn.o: ../cryptlib.h p12_asn.c
+p12_attr.o: ../../e_os.h ../../include/openssl/aes.h
+p12_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_attr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_attr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_attr.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_attr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_attr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_attr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_attr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_attr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_attr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_attr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_attr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_attr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_attr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_attr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_attr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_attr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_attr.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_attr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_attr.c
+p12_crpt.o: ../../e_os.h ../../include/openssl/aes.h
+p12_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_crpt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_crpt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_crpt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_crpt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_crpt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_crpt.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_crpt.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_crpt.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_crpt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_crpt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_crpt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_crpt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_crpt.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_crpt.c
+p12_crt.o: ../../e_os.h ../../include/openssl/aes.h
+p12_crt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_crt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_crt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_crt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_crt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_crt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_crt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_crt.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_crt.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_crt.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_crt.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_crt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_crt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_crt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_crt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_crt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_crt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_crt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_crt.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_crt.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_crt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_crt.c
+p12_decr.o: ../../e_os.h ../../include/openssl/aes.h
+p12_decr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_decr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_decr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_decr.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_decr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_decr.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_decr.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_decr.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_decr.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_decr.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_decr.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_decr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_decr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_decr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_decr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_decr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_decr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_decr.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_decr.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_decr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_decr.c
+p12_init.o: ../../e_os.h ../../include/openssl/aes.h
+p12_init.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_init.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_init.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_init.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_init.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_init.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_init.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_init.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_init.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_init.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_init.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_init.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_init.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_init.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_init.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_init.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_init.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_init.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_init.c
+p12_key.o: ../../e_os.h ../../include/openssl/aes.h
+p12_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_key.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_key.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_key.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_key.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_key.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_key.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_key.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_key.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_key.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_key.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_key.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_key.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_key.c
+p12_kiss.o: ../../e_os.h ../../include/openssl/aes.h
+p12_kiss.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_kiss.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_kiss.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_kiss.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_kiss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_kiss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_kiss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_kiss.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_kiss.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_kiss.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_kiss.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_kiss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_kiss.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_kiss.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_kiss.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_kiss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_kiss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_kiss.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_kiss.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_kiss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_kiss.c
+p12_mutl.o: ../../e_os.h ../../include/openssl/aes.h
+p12_mutl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_mutl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_mutl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_mutl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_mutl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_mutl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_mutl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_mutl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_mutl.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
+p12_mutl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_mutl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_mutl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_mutl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_mutl.o: ../../include/openssl/opensslconf.h
+p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_mutl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_mutl.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+p12_mutl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+p12_mutl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+p12_mutl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+p12_mutl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+p12_mutl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+p12_mutl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+p12_mutl.o: ../cryptlib.h p12_mutl.c
+p12_npas.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+p12_npas.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+p12_npas.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+p12_npas.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+p12_npas.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+p12_npas.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+p12_npas.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+p12_npas.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+p12_npas.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+p12_npas.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+p12_npas.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+p12_npas.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+p12_npas.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+p12_npas.o: ../../include/openssl/opensslconf.h
+p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_npas.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+p12_npas.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_npas.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_npas.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_npas.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_npas.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_npas.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_npas.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_npas.o: ../../include/openssl/x509_vfy.h p12_npas.c
+p12_p8d.o: ../../e_os.h ../../include/openssl/aes.h
+p12_p8d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_p8d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_p8d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_p8d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_p8d.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_p8d.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_p8d.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_p8d.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_p8d.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_p8d.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_p8d.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_p8d.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_p8d.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_p8d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_p8d.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_p8d.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_p8d.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_p8d.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_p8d.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_p8d.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_p8d.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_p8d.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8d.c
+p12_p8e.o: ../../e_os.h ../../include/openssl/aes.h
+p12_p8e.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_p8e.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_p8e.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_p8e.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_p8e.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_p8e.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_p8e.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_p8e.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_p8e.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_p8e.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_p8e.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_p8e.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_p8e.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_p8e.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_p8e.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_p8e.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_p8e.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_p8e.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_p8e.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_p8e.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_p8e.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_p8e.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8e.c
+p12_utl.o: ../../e_os.h ../../include/openssl/aes.h
+p12_utl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+p12_utl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+p12_utl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+p12_utl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+p12_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+p12_utl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+p12_utl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+p12_utl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+p12_utl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+p12_utl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+p12_utl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+p12_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+p12_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+p12_utl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+p12_utl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+p12_utl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+p12_utl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+p12_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+p12_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+p12_utl.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+p12_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_utl.c
+pk12err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+pk12err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+pk12err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pk12err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pk12err.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk12err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk12err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pk12err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pk12err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk12err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pk12err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pk12err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pk12err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk12err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+pk12err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
+pk12err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pk12err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pk12err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pk12err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk12err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk12err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pk12err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk12err.o: pk12err.c
diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c
new file mode 100644
index 0000000000..1909f28506
--- /dev/null
+++ b/crypto/pkcs12/p12_add.c
@@ -0,0 +1,215 @@
+/* p12_add.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Pack an object into an OCTET STRING and turn into a safebag */
+
+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
+	     int nid2)
+{
+	PKCS12_BAGS *bag;
+	PKCS12_SAFEBAG *safebag;
+	if (!(bag = PKCS12_BAGS_new())) {
+		PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	bag->type = OBJ_nid2obj(nid1);
+	if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
+		PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	if (!(safebag = PKCS12_SAFEBAG_new())) {
+		PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	safebag->value.bag = bag;
+	safebag->type = OBJ_nid2obj(nid2);
+	return safebag;
+}
+
+/* Turn PKCS8 object into a keybag */
+
+PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
+{
+	PKCS12_SAFEBAG *bag;
+	if (!(bag = PKCS12_SAFEBAG_new())) {
+		PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	bag->type = OBJ_nid2obj(NID_keyBag);
+	bag->value.keybag = p8;
+	return bag;
+}
+
+/* Turn PKCS8 object into a shrouded keybag */
+
+PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
+	     int passlen, unsigned char *salt, int saltlen, int iter,
+	     PKCS8_PRIV_KEY_INFO *p8)
+{
+	PKCS12_SAFEBAG *bag;
+
+	/* Set up the safe bag */
+	if (!(bag = PKCS12_SAFEBAG_new())) {
+		PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
+	if (!(bag->value.shkeybag = 
+	  PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,
+									 p8))) {
+		PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	return bag;
+}
+
+/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
+PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
+{
+	PKCS7 *p7;
+	if (!(p7 = PKCS7_new())) {
+		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	p7->type = OBJ_nid2obj(NID_pkcs7_data);
+	if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
+		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	
+	if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
+		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
+		return NULL;
+	}
+	return p7;
+}
+
+/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
+{
+	if(!PKCS7_type_is_data(p7)) return NULL;
+	return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
+}
+
+/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
+
+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
+			      unsigned char *salt, int saltlen, int iter,
+			      STACK_OF(PKCS12_SAFEBAG) *bags)
+{
+	PKCS7 *p7;
+	X509_ALGOR *pbe;
+	if (!(p7 = PKCS7_new())) {
+		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
+		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
+				PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
+		return NULL;
+	}
+	if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) {
+		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
+	p7->d.encrypted->enc_data->algorithm = pbe;
+	M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
+	if (!(p7->d.encrypted->enc_data->enc_data =
+	PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen,
+				 bags, 1))) {
+		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
+		return NULL;
+	}
+
+	return p7;
+}
+
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)
+{
+	if(!PKCS7_type_is_encrypted(p7)) return NULL;
+	return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
+			           ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
+				   pass, passlen,
+			           p7->d.encrypted->enc_data->enc_data, 1);
+}
+
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
+								int passlen)
+{
+	return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
+}
+
+int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) 
+{
+	if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
+		&p12->authsafes->d.data)) 
+			return 1;
+	return 0;
+}
+
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
+{
+	return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
+}
diff --git a/crypto/pkcs12/p12_asn.c b/crypto/pkcs12/p12_asn.c
new file mode 100644
index 0000000000..a3739fee1a
--- /dev/null
+++ b/crypto/pkcs12/p12_asn.c
@@ -0,0 +1,125 @@
+/* p12_asn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pkcs12.h>
+
+/* PKCS#12 ASN1 module */
+
+ASN1_SEQUENCE(PKCS12) = {
+	ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER),
+	ASN1_SIMPLE(PKCS12, authsafes, PKCS7),
+	ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA)
+} ASN1_SEQUENCE_END(PKCS12)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12)
+
+ASN1_SEQUENCE(PKCS12_MAC_DATA) = {
+	ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG),
+	ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING),
+	ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PKCS12_MAC_DATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
+
+ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0);
+
+ASN1_ADB(PKCS12_BAGS) = {
+	ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)),
+	ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)),
+	ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)),
+} ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL);
+
+ASN1_SEQUENCE(PKCS12_BAGS) = {
+	ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT),
+	ASN1_ADB_OBJECT(PKCS12_BAGS),
+} ASN1_SEQUENCE_END(PKCS12_BAGS)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS)
+
+ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ANY, 0);
+
+ASN1_ADB(PKCS12_SAFEBAG) = {
+	ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),
+	ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),
+	ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
+	ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
+	ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
+	ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0))
+} ASN1_ADB_END(PKCS12_SAFEBAG, 0, type, 0, &safebag_default_tt, NULL);
+
+ASN1_SEQUENCE(PKCS12_SAFEBAG) = {
+	ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT),
+	ASN1_ADB_OBJECT(PKCS12_SAFEBAG),
+	ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE)
+} ASN1_SEQUENCE_END(PKCS12_SAFEBAG)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
+
+/* SEQUENCE OF SafeBag */
+ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG)
+ASN1_ITEM_TEMPLATE_END(PKCS12_SAFEBAGS)
+
+/* Authsafes: SEQUENCE OF PKCS7 */
+ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7)
+ASN1_ITEM_TEMPLATE_END(PKCS12_AUTHSAFES)
+
diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c
new file mode 100644
index 0000000000..026cf3826a
--- /dev/null
+++ b/crypto/pkcs12/p12_attr.c
@@ -0,0 +1,145 @@
+/* p12_attr.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Add a local keyid to a safebag */
+
+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
+	     int namelen)
+{
+	if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID,
+				V_ASN1_OCTET_STRING, name, namelen))
+		return 1;
+	else 
+		return 0;
+}
+
+/* Add key usage to PKCS#8 structure */
+
+int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
+{
+	unsigned char us_val;
+	us_val = (unsigned char) usage;
+	if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage,
+				V_ASN1_BIT_STRING, &us_val, 1))
+		return 1;
+	else
+		return 0;
+}
+
+/* Add a friendlyname to a safebag */
+
+int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
+				 int namelen)
+{
+	if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+				MBSTRING_ASC, (unsigned char *)name, namelen))
+		return 1;
+	else
+		return 0;
+}
+
+
+int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
+				 const unsigned char *name, int namelen)
+{
+	if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+				MBSTRING_BMP, name, namelen))
+		return 1;
+	else
+		return 0;
+}
+
+int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
+				 int namelen)
+{
+	if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name,
+				MBSTRING_ASC, (unsigned char *)name, namelen))
+		return 1;
+	else
+		return 0;
+}
+
+ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
+{
+	X509_ATTRIBUTE *attrib;
+	int i;
+	if (!attrs) return NULL;
+	for (i = 0; i < sk_X509_ATTRIBUTE_num (attrs); i++) {
+		attrib = sk_X509_ATTRIBUTE_value (attrs, i);
+		if (OBJ_obj2nid (attrib->object) == attr_nid) {
+			if (sk_ASN1_TYPE_num (attrib->value.set))
+			    return sk_ASN1_TYPE_value(attrib->value.set, 0);
+			else return NULL;
+		}
+	}
+	return NULL;
+}
+
+char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
+{
+	ASN1_TYPE *atype;
+	if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) return NULL;
+	if (atype->type != V_ASN1_BMPSTRING) return NULL;
+	return uni2asc(atype->value.bmpstring->data,
+				 atype->value.bmpstring->length);
+}
+
diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c
new file mode 100644
index 0000000000..5e8958612b
--- /dev/null
+++ b/crypto/pkcs12/p12_crpt.c
@@ -0,0 +1,124 @@
+/* p12_crpt.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* PKCS#12 specific PBE functions */
+
+void PKCS12_PBE_add(void)
+{
+#ifndef OPENSSL_NO_RC4
+EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(),
+							 PKCS12_PBE_keyivgen);
+EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(),
+							 PKCS12_PBE_keyivgen);
+#endif
+#ifndef OPENSSL_NO_DES
+EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
+		 	EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
+EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 
+			EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
+#endif
+#ifndef OPENSSL_NO_RC2
+EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(),
+					EVP_sha1(), PKCS12_PBE_keyivgen);
+EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
+					EVP_sha1(), PKCS12_PBE_keyivgen);
+#endif
+}
+
+int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+		ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
+{
+	PBEPARAM *pbe;
+	int saltlen, iter;
+	unsigned char *salt, *pbuf;
+	unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+
+	/* Extract useful info from parameter */
+	pbuf = param->value.sequence->data;
+	if (!param || (param->type != V_ASN1_SEQUENCE) ||
+	   !(pbe = d2i_PBEPARAM (NULL, &pbuf, param->value.sequence->length))) {
+		EVPerr(PKCS12_F_PKCS12_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+		return 0;
+	}
+
+	if (!pbe->iter) iter = 1;
+	else iter = ASN1_INTEGER_get (pbe->iter);
+	salt = pbe->salt->data;
+	saltlen = pbe->salt->length;
+	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
+			     iter, EVP_CIPHER_key_length(cipher), key, md)) {
+		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_KEY_GEN_ERROR);
+		PBEPARAM_free(pbe);
+		return 0;
+	}
+	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
+				iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
+		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_IV_GEN_ERROR);
+		PBEPARAM_free(pbe);
+		return 0;
+	}
+	PBEPARAM_free(pbe);
+	EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
+	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+	return 1;
+}
diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c
new file mode 100644
index 0000000000..77b5845ea9
--- /dev/null
+++ b/crypto/pkcs12/p12_crt.c
@@ -0,0 +1,336 @@
+/* p12_crt.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+
+static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
+
+PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
+	     STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
+	     int keytype)
+{
+	PKCS12 *p12 = NULL;
+	STACK_OF(PKCS7) *safes = NULL;
+	STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
+	PKCS12_SAFEBAG *bag = NULL;
+	int i;
+	unsigned char keyid[EVP_MAX_MD_SIZE];
+	unsigned int keyidlen = 0;
+
+	/* Set defaults */
+	if (!nid_cert)
+		nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+	if (!nid_key)
+		nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+	if (!iter)
+		iter = PKCS12_DEFAULT_ITER;
+	if (!mac_iter)
+		mac_iter = 1;
+
+	if(!pkey && !cert && !ca)
+		{
+		PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);
+		return NULL;
+		}
+
+	if (pkey && cert)
+		{
+		if(!X509_check_private_key(cert, pkey))
+			return NULL;
+		X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
+		}
+
+	if (cert)
+		{
+		bag = PKCS12_add_cert(&bags, cert);
+		if(name && !PKCS12_add_friendlyname(bag, name, -1))
+			goto err;
+		if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+			goto err;
+		}
+
+	/* Add all other certificates */
+	for(i = 0; i < sk_X509_num(ca); i++)
+		{
+		if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))
+			goto err;
+		}
+
+	if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))
+			goto err;
+
+	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+	bags = NULL;
+
+	if (pkey)
+		{
+		bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
+		if (!bag)
+			goto err;
+		if(name && !PKCS12_add_friendlyname(bag, name, -1))
+			goto err;
+		if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+			goto err;
+		}
+
+	if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))
+			goto err;
+
+	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+	bags = NULL;
+
+	p12 = PKCS12_add_safes(safes, 0);
+
+	sk_PKCS7_pop_free(safes, PKCS7_free);
+
+	safes = NULL;
+
+	if ((mac_iter != -1) &&
+		!PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
+	    goto err;
+
+	return p12;
+
+	err:
+
+	if (p12)
+		PKCS12_free(p12);
+	if (safes)
+		sk_PKCS7_pop_free(safes, PKCS7_free);
+	if (bags)
+		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+	return NULL;
+
+}
+
+PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
+	{
+	PKCS12_SAFEBAG *bag = NULL;
+	char *name;
+	int namelen = -1;
+	unsigned char *keyid;
+	int keyidlen = -1;
+
+	/* Add user certificate */
+	if(!(bag = PKCS12_x5092certbag(cert)))
+		goto err;
+
+	/* Use friendlyName and localKeyID in certificate.
+	 * (if present)
+	 */
+
+	name = (char *)X509_alias_get0(cert, &namelen);
+
+	if(name && !PKCS12_add_friendlyname(bag, name, namelen))
+		goto err;
+
+	keyid = X509_keyid_get0(cert, &keyidlen);
+
+	if(keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+		goto err;
+
+	if (!pkcs12_add_bag(pbags, bag))
+		goto err;
+
+	return bag;
+
+	err:
+
+	if (bag)
+		PKCS12_SAFEBAG_free(bag);
+
+	return NULL;
+
+	}
+
+PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,
+						int key_usage, int iter,
+						int nid_key, char *pass)
+	{
+
+	PKCS12_SAFEBAG *bag = NULL;
+	PKCS8_PRIV_KEY_INFO *p8 = NULL;
+
+	/* Make a PKCS#8 structure */
+	if(!(p8 = EVP_PKEY2PKCS8(key)))
+		goto err;
+	if(key_usage && !PKCS8_add_keyusage(p8, key_usage))
+		goto err;
+	if (nid_key != -1)
+		{
+		bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8);
+		PKCS8_PRIV_KEY_INFO_free(p8);
+		}
+	else
+		bag = PKCS12_MAKE_KEYBAG(p8);
+
+	if(!bag)
+		goto err;
+
+	if (!pkcs12_add_bag(pbags, bag))
+		goto err;
+
+	return bag;
+
+	err:
+
+	if (bag)
+		PKCS12_SAFEBAG_free(bag);
+
+	return NULL;
+
+	}
+
+int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
+						int nid_safe, int iter, char *pass)
+	{
+	PKCS7 *p7 = NULL;
+	int free_safes = 0;
+
+	if (!*psafes)
+		{
+		*psafes = sk_PKCS7_new_null();
+		if (!*psafes)
+			return 0;
+		free_safes = 1;
+		}
+	else
+		free_safes = 0;
+
+	if (nid_safe == 0)
+		nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
+
+	if (nid_safe == -1)
+		p7 = PKCS12_pack_p7data(bags);
+	else
+		p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0,
+					  iter, bags);
+	if (!p7)
+		goto err;
+
+	if (!sk_PKCS7_push(*psafes, p7))
+		goto err;
+
+	return 1;
+
+	err:
+	if (free_safes)
+		{
+		sk_PKCS7_free(*psafes);
+		*psafes = NULL;
+		}
+
+	if (p7)
+		PKCS7_free(p7);
+
+	return 0;
+
+	}
+
+static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag)
+	{
+	int free_bags;
+	if (!pbags)
+		return 1;
+	if (!*pbags)
+		{
+		*pbags = sk_PKCS12_SAFEBAG_new_null();
+		if (!*pbags)
+			return 0;
+		free_bags = 1;
+		}
+	else 
+		free_bags = 0;
+
+	if (!sk_PKCS12_SAFEBAG_push(*pbags, bag))
+		{
+		if (free_bags)
+			{
+			sk_PKCS12_SAFEBAG_free(*pbags);
+			*pbags = NULL;
+			}
+		return 0;
+		}
+
+	return 1;
+
+	}
+		
+
+PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7)
+	{
+	PKCS12 *p12;
+	if (nid_p7 <= 0)
+		nid_p7 = NID_pkcs7_data;
+	p12 = PKCS12_init(nid_p7);
+
+	if (!p12)
+		return NULL;
+
+	if(!PKCS12_pack_authsafes(p12, safes))
+		{
+		PKCS12_free(p12);
+		return NULL;
+		}
+
+	return p12;
+
+	}
diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c
new file mode 100644
index 0000000000..b5684a83ba
--- /dev/null
+++ b/crypto/pkcs12/p12_decr.c
@@ -0,0 +1,176 @@
+/* p12_decr.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Define this to dump decrypted output to files called DERnnn */
+/*#define DEBUG_DECRYPT*/
+
+
+/* Encrypt/Decrypt a buffer based on password and algor, result in a
+ * OPENSSL_malloc'ed buffer
+ */
+
+unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
+	     int passlen, unsigned char *in, int inlen, unsigned char **data,
+	     int *datalen, int en_de)
+{
+	unsigned char *out;
+	int outlen, i;
+	EVP_CIPHER_CTX ctx;
+
+	EVP_CIPHER_CTX_init(&ctx);
+	/* Decrypt data */
+        if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
+					 algor->parameter, &ctx, en_de)) {
+		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
+		return NULL;
+	}
+
+	if(!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
+		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+
+	EVP_CipherUpdate(&ctx, out, &i, in, inlen);
+	outlen = i;
+	if(!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
+		OPENSSL_free(out);
+		out = NULL;
+		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
+		goto err;
+	}
+	outlen += i;
+	if (datalen) *datalen = outlen;
+	if (data) *data = out;
+	err:
+	EVP_CIPHER_CTX_cleanup(&ctx);
+	return out;
+
+}
+
+/* Decrypt an OCTET STRING and decode ASN1 structure 
+ * if zbuf set zero buffer after use.
+ */
+
+void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
+	     const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)
+{
+	unsigned char *out, *p;
+	void *ret;
+	int outlen;
+
+	if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
+			       &out, &outlen, 0)) {
+		PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
+		return NULL;
+	}
+	p = out;
+#ifdef DEBUG_DECRYPT
+	{
+		FILE *op;
+
+		char fname[30];
+		static int fnm = 1;
+		sprintf(fname, "DER%d", fnm++);
+		op = fopen(fname, "wb");
+		fwrite (p, 1, outlen, op);
+		fclose(op);
+	}
+#endif
+	ret = ASN1_item_d2i(NULL, &p, outlen, it);
+	if (zbuf) OPENSSL_cleanse(out, outlen);
+	if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
+	OPENSSL_free(out);
+	return ret;
+}
+
+/* Encode ASN1 structure and encrypt, return OCTET STRING 
+ * if zbuf set zero encoding.
+ */
+
+ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
+				       const char *pass, int passlen,
+				       void *obj, int zbuf)
+{
+	ASN1_OCTET_STRING *oct;
+	unsigned char *in = NULL;
+	int inlen;
+	if (!(oct = M_ASN1_OCTET_STRING_new ())) {
+		PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	inlen = ASN1_item_i2d(obj, &in, it);
+	if (!in) {
+		PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);
+		return NULL;
+	}
+	if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
+				 &oct->length, 1)) {
+		PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);
+		OPENSSL_free(in);
+		return NULL;
+	}
+	if (zbuf) OPENSSL_cleanse(in, inlen);
+	OPENSSL_free(in);
+	return oct;
+}
+
+IMPLEMENT_PKCS12_STACK_OF(PKCS7)
diff --git a/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c
new file mode 100644
index 0000000000..eb837a78cf
--- /dev/null
+++ b/crypto/pkcs12/p12_init.c
@@ -0,0 +1,90 @@
+/* p12_init.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Initialise a PKCS12 structure to take data */
+
+PKCS12 *PKCS12_init (int mode)
+{
+	PKCS12 *pkcs12;
+	if (!(pkcs12 = PKCS12_new())) {
+		PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	ASN1_INTEGER_set(pkcs12->version, 3);
+	pkcs12->authsafes->type = OBJ_nid2obj(mode);
+	switch (mode) {
+		case NID_pkcs7_data:
+			if (!(pkcs12->authsafes->d.data =
+				 M_ASN1_OCTET_STRING_new())) {
+			PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
+			return NULL;
+		}
+		break;
+		default:
+			PKCS12err(PKCS12_F_PKCS12_INIT,PKCS12_R_UNSUPPORTED_PKCS12_MODE);
+			PKCS12_free(pkcs12);
+			return NULL;
+		break;
+	}
+		
+	return pkcs12;
+}
diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c
new file mode 100644
index 0000000000..9196a34b4a
--- /dev/null
+++ b/crypto/pkcs12/p12_key.c
@@ -0,0 +1,206 @@
+/* p12_key.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+
+/* Uncomment out this line to get debugging info about key generation */
+/*#define DEBUG_KEYGEN*/
+#ifdef DEBUG_KEYGEN
+#include <openssl/bio.h>
+extern BIO *bio_err;
+void h__dump (unsigned char *p, int len);
+#endif
+
+/* PKCS12 compatible key/IV generation */
+#ifndef min
+#define min(a,b) ((a) < (b) ? (a) : (b))
+#endif
+
+int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
+	     int saltlen, int id, int iter, int n, unsigned char *out,
+	     const EVP_MD *md_type)
+{
+	int ret;
+	unsigned char *unipass;
+	int uniplen;
+	if(!pass) {
+		unipass = NULL;
+		uniplen = 0;
+	} else if (!asc2uni(pass, passlen, &unipass, &uniplen)) {
+		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
+						 id, iter, n, out, md_type);
+	if(unipass) {
+		OPENSSL_cleanse(unipass, uniplen);	/* Clear password from memory */
+		OPENSSL_free(unipass);
+	}
+	return ret;
+}
+
+int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
+	     int saltlen, int id, int iter, int n, unsigned char *out,
+	     const EVP_MD *md_type)
+{
+	unsigned char *B, *D, *I, *p, *Ai;
+	int Slen, Plen, Ilen, Ijlen;
+	int i, j, u, v;
+	BIGNUM *Ij, *Bpl1;	/* These hold Ij and B + 1 */
+	EVP_MD_CTX ctx;
+#ifdef  DEBUG_KEYGEN
+	unsigned char *tmpout = out;
+	int tmpn = n;
+#endif
+
+#if 0
+	if (!pass) {
+		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER);
+		return 0;
+	}
+#endif
+
+	EVP_MD_CTX_init(&ctx);
+#ifdef  DEBUG_KEYGEN
+	fprintf(stderr, "KEYGEN DEBUG\n");
+	fprintf(stderr, "ID %d, ITER %d\n", id, iter);
+	fprintf(stderr, "Password (length %d):\n", passlen);
+	h__dump(pass, passlen);
+	fprintf(stderr, "Salt (length %d):\n", saltlen);
+	h__dump(salt, saltlen);
+#endif
+	v = EVP_MD_block_size (md_type);
+	u = EVP_MD_size (md_type);
+	D = OPENSSL_malloc (v);
+	Ai = OPENSSL_malloc (u);
+	B = OPENSSL_malloc (v + 1);
+	Slen = v * ((saltlen+v-1)/v);
+	if(passlen) Plen = v * ((passlen+v-1)/v);
+	else Plen = 0;
+	Ilen = Slen + Plen;
+	I = OPENSSL_malloc (Ilen);
+	Ij = BN_new();
+	Bpl1 = BN_new();
+	if (!D || !Ai || !B || !I || !Ij || !Bpl1) {
+		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	for (i = 0; i < v; i++) D[i] = id;
+	p = I;
+	for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
+	for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];
+	for (;;) {
+		EVP_DigestInit_ex(&ctx, md_type, NULL);
+		EVP_DigestUpdate(&ctx, D, v);
+		EVP_DigestUpdate(&ctx, I, Ilen);
+		EVP_DigestFinal_ex(&ctx, Ai, NULL);
+		for (j = 1; j < iter; j++) {
+			EVP_DigestInit_ex(&ctx, md_type, NULL);
+			EVP_DigestUpdate(&ctx, Ai, u);
+			EVP_DigestFinal_ex(&ctx, Ai, NULL);
+		}
+		memcpy (out, Ai, min (n, u));
+		if (u >= n) {
+			OPENSSL_free (Ai);
+			OPENSSL_free (B);
+			OPENSSL_free (D);
+			OPENSSL_free (I);
+			BN_free (Ij);
+			BN_free (Bpl1);
+			EVP_MD_CTX_cleanup(&ctx);
+#ifdef DEBUG_KEYGEN
+			fprintf(stderr, "Output KEY (length %d)\n", tmpn);
+			h__dump(tmpout, tmpn);
+#endif
+			return 1;	
+		}
+		n -= u;
+		out += u;
+		for (j = 0; j < v; j++) B[j] = Ai[j % u];
+		/* Work out B + 1 first then can use B as tmp space */
+		BN_bin2bn (B, v, Bpl1);
+		BN_add_word (Bpl1, 1);
+		for (j = 0; j < Ilen ; j+=v) {
+			BN_bin2bn (I + j, v, Ij);
+			BN_add (Ij, Ij, Bpl1);
+			BN_bn2bin (Ij, B);
+			Ijlen = BN_num_bytes (Ij);
+			/* If more than 2^(v*8) - 1 cut off MSB */
+			if (Ijlen > v) {
+				BN_bn2bin (Ij, B);
+				memcpy (I + j, B + 1, v);
+#ifndef PKCS12_BROKEN_KEYGEN
+			/* If less than v bytes pad with zeroes */
+			} else if (Ijlen < v) {
+				memset(I + j, 0, v - Ijlen);
+				BN_bn2bin(Ij, I + j + v - Ijlen); 
+#endif
+			} else BN_bn2bin (Ij, I + j);
+		}
+	}
+}
+#ifdef DEBUG_KEYGEN
+void h__dump (unsigned char *p, int len)
+{
+	for (; len --; p++) fprintf(stderr, "%02X", *p);
+	fprintf(stderr, "\n");	
+}
+#endif
diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c
new file mode 100644
index 0000000000..885087ad00
--- /dev/null
+++ b/crypto/pkcs12/p12_kiss.c
@@ -0,0 +1,285 @@
+/* p12_kiss.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Simplified PKCS#12 routines */
+
+static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
+		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
+
+static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+		       int passlen, EVP_PKEY **pkey, X509 **cert,
+		       STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
+		       char *keymatch);
+
+static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
+			EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
+			ASN1_OCTET_STRING **keyid, char *keymatch);
+
+/* Parse and decrypt a PKCS#12 structure returning user key, user cert
+ * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
+ * or it should point to a valid STACK structure. pkey and cert can be
+ * passed unitialised.
+ */
+
+int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+	     STACK_OF(X509) **ca)
+{
+
+	/* Check for NULL PKCS12 structure */
+
+	if(!p12) {
+		PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+		return 0;
+	}
+
+	/* Allocate stack for ca certificates if needed */
+	if ((ca != NULL) && (*ca == NULL)) {
+		if (!(*ca = sk_X509_new_null())) {
+			PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
+			return 0;
+		}
+	}
+
+	if(pkey) *pkey = NULL;
+	if(cert) *cert = NULL;
+
+	/* Check the mac */
+
+	/* If password is zero length or NULL then try verifying both cases
+	 * to determine which password is correct. The reason for this is that
+	 * under PKCS#12 password based encryption no password and a zero length
+	 * password are two different things...
+	 */
+
+	if(!pass || !*pass) {
+		if(PKCS12_verify_mac(p12, NULL, 0)) pass = NULL;
+		else if(PKCS12_verify_mac(p12, "", 0)) pass = "";
+		else {
+			PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
+			goto err;
+		}
+	} else if (!PKCS12_verify_mac(p12, pass, -1)) {
+		PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
+		goto err;
+	}
+
+	if (!parse_pk12 (p12, pass, -1, pkey, cert, ca))
+		{
+		PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);
+		goto err;
+		}
+
+	return 1;
+
+ err:
+
+	if (pkey && *pkey) EVP_PKEY_free(*pkey);
+	if (cert && *cert) X509_free(*cert);
+	if (ca) sk_X509_pop_free(*ca, X509_free);
+	return 0;
+
+}
+
+/* Parse the outer PKCS#12 structure */
+
+static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen,
+	     EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
+{
+	STACK_OF(PKCS7) *asafes;
+	STACK_OF(PKCS12_SAFEBAG) *bags;
+	int i, bagnid;
+	PKCS7 *p7;
+	ASN1_OCTET_STRING *keyid = NULL;
+
+	char keymatch = 0;
+	if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0;
+	for (i = 0; i < sk_PKCS7_num (asafes); i++) {
+		p7 = sk_PKCS7_value (asafes, i);
+		bagnid = OBJ_obj2nid (p7->type);
+		if (bagnid == NID_pkcs7_data) {
+			bags = PKCS12_unpack_p7data(p7);
+		} else if (bagnid == NID_pkcs7_encrypted) {
+			bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
+		} else continue;
+		if (!bags) {
+			sk_PKCS7_pop_free(asafes, PKCS7_free);
+			return 0;
+		}
+	    	if (!parse_bags(bags, pass, passlen, pkey, cert, ca,
+							 &keyid, &keymatch)) {
+			sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+			sk_PKCS7_pop_free(asafes, PKCS7_free);
+			return 0;
+		}
+		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+	}
+	sk_PKCS7_pop_free(asafes, PKCS7_free);
+	if (keyid) M_ASN1_OCTET_STRING_free(keyid);
+	return 1;
+}
+
+
+static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+		       int passlen, EVP_PKEY **pkey, X509 **cert,
+		       STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
+		       char *keymatch)
+{
+	int i;
+	for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+		if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i),
+			 pass, passlen, pkey, cert, ca, keyid,
+							 keymatch)) return 0;
+	}
+	return 1;
+}
+
+#define MATCH_KEY  0x1
+#define MATCH_CERT 0x2
+#define MATCH_ALL  0x3
+
+static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
+		      EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
+		      ASN1_OCTET_STRING **keyid,
+	     char *keymatch)
+{
+	PKCS8_PRIV_KEY_INFO *p8;
+	X509 *x509;
+	ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL;
+	ASN1_TYPE *attrib;
+	ASN1_BMPSTRING *fname = NULL;
+
+	if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
+		fname = attrib->value.bmpstring;
+
+	if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) {
+		lkey = attrib->value.octet_string;
+		ckid = lkey;
+	}
+
+	/* Check for any local key id matching (if needed) */
+	if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) {
+		if (*keyid) {
+			if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL;
+		} else {
+			if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) {
+				PKCS12err(PKCS12_F_PARSE_BAGS,ERR_R_MALLOC_FAILURE);
+				return 0;
+		    }
+		}
+	}
+	
+	switch (M_PKCS12_bag_type(bag))
+	{
+	case NID_keyBag:
+		if (!lkey || !pkey) return 1;	
+		if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0;
+		*keymatch |= MATCH_KEY;
+	break;
+
+	case NID_pkcs8ShroudedKeyBag:
+		if (!lkey || !pkey) return 1;	
+		if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
+				return 0;
+		*pkey = EVP_PKCS82PKEY(p8);
+		PKCS8_PRIV_KEY_INFO_free(p8);
+		if (!(*pkey)) return 0;
+		*keymatch |= MATCH_KEY;
+	break;
+
+	case NID_certBag:
+		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
+								 return 1;
+		if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
+		if(ckid) X509_keyid_set1(x509, ckid->data, ckid->length);
+		if(fname) {
+			int len;
+			unsigned char *data;
+			len = ASN1_STRING_to_UTF8(&data, fname);
+			if(len > 0) {
+				X509_alias_set1(x509, data, len);
+				OPENSSL_free(data);
+			}
+		}
+
+
+		if (lkey) {
+			*keymatch |= MATCH_CERT;
+			if (cert) *cert = x509;
+			else X509_free(x509);
+		} else {
+			if(ca) sk_X509_push (*ca, x509);
+			else X509_free(x509);
+		}
+	break;
+
+	case NID_safeContentsBag:
+		return parse_bags(bag->value.safes, pass, passlen,
+			 		pkey, cert, ca, keyid, keymatch);
+	break;
+
+	default:
+		return 1;
+	break;
+	}
+	return 1;
+}
+
diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
new file mode 100644
index 0000000000..0fb67f74b8
--- /dev/null
+++ b/crypto/pkcs12/p12_mutl.c
@@ -0,0 +1,173 @@
+/* p12_mutl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef OPENSSL_NO_HMAC
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/hmac.h>
+#include <openssl/rand.h>
+#include <openssl/pkcs12.h>
+
+/* Generate a MAC */
+int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen,
+		    unsigned char *mac, unsigned int *maclen)
+{
+	const EVP_MD *md_type;
+	HMAC_CTX hmac;
+	unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt;
+	int saltlen, iter;
+
+	salt = p12->mac->salt->data;
+	saltlen = p12->mac->salt->length;
+	if (!p12->mac->iter) iter = 1;
+	else iter = ASN1_INTEGER_get (p12->mac->iter);
+    	if(!(md_type =
+		 EVP_get_digestbyobj (p12->mac->dinfo->algor->algorithm))) {
+		PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
+		return 0;
+	}
+	if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
+				 PKCS12_MAC_KEY_LENGTH, key, md_type)) {
+		PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
+		return 0;
+	}
+	HMAC_CTX_init(&hmac);
+	HMAC_Init_ex(&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type, NULL);
+    	HMAC_Update(&hmac, p12->authsafes->d.data->data,
+					 p12->authsafes->d.data->length);
+    	HMAC_Final(&hmac, mac, maclen);
+    	HMAC_CTX_cleanup(&hmac);
+	return 1;
+}
+
+/* Verify the mac */
+int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen)
+{
+	unsigned char mac[EVP_MAX_MD_SIZE];
+	unsigned int maclen;
+	if(p12->mac == NULL) {
+		PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_ABSENT);
+		return 0;
+	}
+	if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
+		PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR);
+		return 0;
+	}
+	if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
+	|| memcmp (mac, p12->mac->dinfo->digest->data, maclen)) return 0;
+	return 1;
+}
+
+/* Set a mac */
+
+int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen,
+	     unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type)
+{
+	unsigned char mac[EVP_MAX_MD_SIZE];
+	unsigned int maclen;
+
+	if (!md_type) md_type = EVP_sha1();
+	if (PKCS12_setup_mac (p12, iter, salt, saltlen, md_type) ==
+				 	PKCS12_ERROR) {
+		PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_SETUP_ERROR);
+		return 0;
+	}
+	if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
+		PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR);
+		return 0;
+	}
+	if (!(M_ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) {
+		PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR);
+						return 0;
+	}
+	return 1;
+}
+
+/* Set up a mac structure */
+int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
+	     const EVP_MD *md_type)
+{
+	if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR;
+	if (iter > 1) {
+		if(!(p12->mac->iter = M_ASN1_INTEGER_new())) {
+			PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+			return 0;
+		}
+		ASN1_INTEGER_set(p12->mac->iter, iter);
+	}
+	if (!saltlen) saltlen = PKCS12_SALT_LEN;
+	p12->mac->salt->length = saltlen;
+	if (!(p12->mac->salt->data = OPENSSL_malloc (saltlen))) {
+		PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	if (!salt) {
+		if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0)
+			return 0;
+	}
+	else memcpy (p12->mac->salt->data, salt, saltlen);
+	p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
+	if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
+		PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
+	
+	return 1;
+}
+#endif
diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c
new file mode 100644
index 0000000000..a549433eeb
--- /dev/null
+++ b/crypto/pkcs12/p12_npas.c
@@ -0,0 +1,217 @@
+/* p12_npas.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+/* PKCS#12 password change routine */
+
+static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
+			char *newpass);
+static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
+static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
+
+/* 
+ * Change the password on a PKCS#12 structure.
+ */
+
+int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
+{
+
+/* Check for NULL PKCS12 structure */
+
+if(!p12) {
+	PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+	return 0;
+}
+
+/* Check the mac */
+
+if (!PKCS12_verify_mac(p12, oldpass, -1)) {
+	PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE);
+	return 0;
+}
+
+if (!newpass_p12(p12, oldpass, newpass)) {
+	PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR);
+	return 0;
+}
+
+return 1;
+
+}
+
+/* Parse the outer PKCS#12 structure */
+
+static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
+{
+	STACK_OF(PKCS7) *asafes, *newsafes;
+	STACK_OF(PKCS12_SAFEBAG) *bags;
+	int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen;
+	PKCS7 *p7, *p7new;
+	ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
+	unsigned char mac[EVP_MAX_MD_SIZE];
+	unsigned int maclen;
+
+	if (!(asafes = PKCS12_unpack_authsafes(p12))) return 0;
+	if(!(newsafes = sk_PKCS7_new_null())) return 0;
+	for (i = 0; i < sk_PKCS7_num (asafes); i++) {
+		p7 = sk_PKCS7_value(asafes, i);
+		bagnid = OBJ_obj2nid(p7->type);
+		if (bagnid == NID_pkcs7_data) {
+			bags = PKCS12_unpack_p7data(p7);
+		} else if (bagnid == NID_pkcs7_encrypted) {
+			bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
+			alg_get(p7->d.encrypted->enc_data->algorithm,
+				&pbe_nid, &pbe_iter, &pbe_saltlen);
+		} else continue;
+		if (!bags) {
+			sk_PKCS7_pop_free(asafes, PKCS7_free);
+			return 0;
+		}
+	    	if (!newpass_bags(bags, oldpass, newpass)) {
+			sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+			sk_PKCS7_pop_free(asafes, PKCS7_free);
+			return 0;
+		}
+		/* Repack bag in same form with new password */
+		if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags);
+		else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
+						 pbe_saltlen, pbe_iter, bags);
+		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+		if(!p7new) {
+			sk_PKCS7_pop_free(asafes, PKCS7_free);
+			return 0;
+		}
+		sk_PKCS7_push(newsafes, p7new);
+	}
+	sk_PKCS7_pop_free(asafes, PKCS7_free);
+
+	/* Repack safe: save old safe in case of error */
+
+	p12_data_tmp = p12->authsafes->d.data;
+	if(!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) goto saferr;
+	if(!PKCS12_pack_authsafes(p12, newsafes)) goto saferr;
+
+	if(!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr;
+	if(!(macnew = ASN1_OCTET_STRING_new())) goto saferr;
+	if(!ASN1_OCTET_STRING_set(macnew, mac, maclen)) goto saferr;
+	ASN1_OCTET_STRING_free(p12->mac->dinfo->digest);
+	p12->mac->dinfo->digest = macnew;
+	ASN1_OCTET_STRING_free(p12_data_tmp);
+
+	return 1;
+
+	saferr:
+	/* Restore old safe */
+	ASN1_OCTET_STRING_free(p12->authsafes->d.data);
+	ASN1_OCTET_STRING_free(macnew);
+	p12->authsafes->d.data = p12_data_tmp;
+	return 0;
+
+}
+
+
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
+			char *newpass)
+{
+	int i;
+	for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+		if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i),
+				 oldpass, newpass))
+		    return 0;
+	}
+	return 1;
+}
+
+/* Change password of safebag: only needs handle shrouded keybags */
+
+static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
+{
+	PKCS8_PRIV_KEY_INFO *p8;
+	X509_SIG *p8new;
+	int p8_nid, p8_saltlen, p8_iter;
+
+	if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1;
+
+	if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) return 0;
+	alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen);
+	if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
+						     p8_iter, p8))) return 0;
+	X509_SIG_free(bag->value.shkeybag);
+	bag->value.shkeybag = p8new;
+	return 1;
+}
+
+static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
+{
+        PBEPARAM *pbe;
+        unsigned char *p;
+        p = alg->parameter->value.sequence->data;
+        pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
+        *pnid = OBJ_obj2nid(alg->algorithm);
+	*piter = ASN1_INTEGER_get(pbe->iter);
+	*psaltlen = pbe->salt->length;
+        PBEPARAM_free(pbe);
+        return 0;
+}
diff --git a/crypto/pkcs12/p12_p8d.c b/crypto/pkcs12/p12_p8d.c
new file mode 100644
index 0000000000..3c6f377933
--- /dev/null
+++ b/crypto/pkcs12/p12_p8d.c
@@ -0,0 +1,68 @@
+/* p12_p8d.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen)
+{
+	return PKCS12_item_decrypt_d2i(p8->algor, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass,
+					passlen, p8->digest, 1);
+}
+
diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c
new file mode 100644
index 0000000000..3d47956652
--- /dev/null
+++ b/crypto/pkcs12/p12_p8e.c
@@ -0,0 +1,97 @@
+/* p12_p8e.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
+			 const char *pass, int passlen,
+			 unsigned char *salt, int saltlen, int iter,
+						PKCS8_PRIV_KEY_INFO *p8inf)
+{
+	X509_SIG *p8 = NULL;
+	X509_ALGOR *pbe;
+
+	if (!(p8 = X509_SIG_new())) {
+		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+
+	if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
+	else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+	if(!pbe) {
+		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
+		goto err;
+	}
+	X509_ALGOR_free(p8->algor);
+	p8->algor = pbe;
+	M_ASN1_OCTET_STRING_free(p8->digest);
+	p8->digest = PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),
+					pass, passlen, p8inf, 1);
+	if(!p8->digest) {
+		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
+		goto err;
+	}
+
+	return p8;
+
+	err:
+	X509_SIG_free(p8);
+	return NULL;
+}
diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c
new file mode 100644
index 0000000000..243ec76be9
--- /dev/null
+++ b/crypto/pkcs12/p12_utl.c
@@ -0,0 +1,146 @@
+/* p12_utl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Cheap and nasty Unicode stuff */
+
+unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
+{
+	int ulen, i;
+	unsigned char *unitmp;
+	if (asclen == -1) asclen = strlen(asc);
+	ulen = asclen*2  + 2;
+	if (!(unitmp = OPENSSL_malloc(ulen))) return NULL;
+	for (i = 0; i < ulen - 2; i+=2) {
+		unitmp[i] = 0;
+		unitmp[i + 1] = asc[i>>1];
+	}
+	/* Make result double null terminated */
+	unitmp[ulen - 2] = 0;
+	unitmp[ulen - 1] = 0;
+	if (unilen) *unilen = ulen;
+	if (uni) *uni = unitmp;
+	return unitmp;
+}
+
+char *uni2asc(unsigned char *uni, int unilen)
+{
+	int asclen, i;
+	char *asctmp;
+	asclen = unilen / 2;
+	/* If no terminating zero allow for one */
+	if (!unilen || uni[unilen - 1]) asclen++;
+	uni++;
+	if (!(asctmp = OPENSSL_malloc(asclen))) return NULL;
+	for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];
+	asctmp[asclen - 1] = 0;
+	return asctmp;
+}
+
+int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
+{
+	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
+{
+	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
+}
+#endif
+
+PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
+{
+	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
+}
+#ifndef OPENSSL_NO_FP_API
+PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
+{
+        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
+}
+#endif
+
+PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509)
+{
+	return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
+			NID_x509Certificate, NID_certBag);
+}
+
+PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl)
+{
+	return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
+			NID_x509Crl, NID_crlBag);
+}
+
+X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
+{
+	if(M_PKCS12_bag_type(bag) != NID_certBag) return NULL;
+	if(M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) return NULL;
+	return ASN1_item_unpack(bag->value.bag->value.octet, ASN1_ITEM_rptr(X509));
+}
+
+X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
+{
+	if(M_PKCS12_bag_type(bag) != NID_crlBag) return NULL;
+	if(M_PKCS12_cert_bag_type(bag) != NID_x509Crl) return NULL;
+	return ASN1_item_unpack(bag->value.bag->value.octet,
+							ASN1_ITEM_rptr(X509_CRL));
+}
diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c
new file mode 100644
index 0000000000..10ab80502c
--- /dev/null
+++ b/crypto/pkcs12/pk12err.c
@@ -0,0 +1,139 @@
+/* crypto/pkcs12/pk12err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA PKCS12_str_functs[]=
+	{
+{ERR_PACK(0,PKCS12_F_PARSE_BAGS,0),	"PARSE_BAGS"},
+{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME,0),	"PKCS12_ADD_FRIENDLYNAME"},
+{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC,0),	"PKCS12_add_friendlyname_asc"},
+{ERR_PACK(0,PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI,0),	"PKCS12_add_friendlyname_uni"},
+{ERR_PACK(0,PKCS12_F_PKCS12_ADD_LOCALKEYID,0),	"PKCS12_add_localkeyid"},
+{ERR_PACK(0,PKCS12_F_PKCS12_CREATE,0),	"PKCS12_create"},
+{ERR_PACK(0,PKCS12_F_PKCS12_DECRYPT_D2I,0),	"PKCS12_decrypt_d2i"},
+{ERR_PACK(0,PKCS12_F_PKCS12_GEN_MAC,0),	"PKCS12_gen_mac"},
+{ERR_PACK(0,PKCS12_F_PKCS12_I2D_ENCRYPT,0),	"PKCS12_i2d_encrypt"},
+{ERR_PACK(0,PKCS12_F_PKCS12_INIT,0),	"PKCS12_init"},
+{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_ASC,0),	"PKCS12_key_gen_asc"},
+{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0),	"PKCS12_key_gen_uni"},
+{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0),	"PKCS12_MAKE_KEYBAG"},
+{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0),	"PKCS12_MAKE_SHKEYBAG"},
+{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0),	"PKCS12_newpass"},
+{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0),	"PKCS12_pack_p7data"},
+{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0),	"PKCS12_pack_p7encdata"},
+{ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0),	"PKCS12_pack_safebag"},
+{ERR_PACK(0,PKCS12_F_PKCS12_PARSE,0),	"PKCS12_parse"},
+{ERR_PACK(0,PKCS12_F_PKCS12_PBE_CRYPT,0),	"PKCS12_pbe_crypt"},
+{ERR_PACK(0,PKCS12_F_PKCS12_PBE_KEYIVGEN,0),	"PKCS12_PBE_keyivgen"},
+{ERR_PACK(0,PKCS12_F_PKCS12_SETUP_MAC,0),	"PKCS12_setup_mac"},
+{ERR_PACK(0,PKCS12_F_PKCS12_SET_MAC,0),	"PKCS12_set_mac"},
+{ERR_PACK(0,PKCS12_F_PKCS8_ADD_KEYUSAGE,0),	"PKCS8_add_keyusage"},
+{ERR_PACK(0,PKCS12_F_PKCS8_ENCRYPT,0),	"PKCS8_encrypt"},
+{ERR_PACK(0,PKCS12_F_VERIFY_MAC,0),	"VERIFY_MAC"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA PKCS12_str_reasons[]=
+	{
+{PKCS12_R_CANT_PACK_STRUCTURE            ,"cant pack structure"},
+{PKCS12_R_DECODE_ERROR                   ,"decode error"},
+{PKCS12_R_ENCODE_ERROR                   ,"encode error"},
+{PKCS12_R_ENCRYPT_ERROR                  ,"encrypt error"},
+{PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE,"error setting encrypted data type"},
+{PKCS12_R_INVALID_NULL_ARGUMENT          ,"invalid null argument"},
+{PKCS12_R_INVALID_NULL_PKCS12_POINTER    ,"invalid null pkcs12 pointer"},
+{PKCS12_R_IV_GEN_ERROR                   ,"iv gen error"},
+{PKCS12_R_KEY_GEN_ERROR                  ,"key gen error"},
+{PKCS12_R_MAC_ABSENT                     ,"mac absent"},
+{PKCS12_R_MAC_GENERATION_ERROR           ,"mac generation error"},
+{PKCS12_R_MAC_SETUP_ERROR                ,"mac setup error"},
+{PKCS12_R_MAC_STRING_SET_ERROR           ,"mac string set error"},
+{PKCS12_R_MAC_VERIFY_ERROR               ,"mac verify error"},
+{PKCS12_R_MAC_VERIFY_FAILURE             ,"mac verify failure"},
+{PKCS12_R_PARSE_ERROR                    ,"parse error"},
+{PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR  ,"pkcs12 algor cipherinit error"},
+{PKCS12_R_PKCS12_CIPHERFINAL_ERROR       ,"pkcs12 cipherfinal error"},
+{PKCS12_R_PKCS12_PBE_CRYPT_ERROR         ,"pkcs12 pbe crypt error"},
+{PKCS12_R_UNKNOWN_DIGEST_ALGORITHM       ,"unknown digest algorithm"},
+{PKCS12_R_UNSUPPORTED_PKCS12_MODE        ,"unsupported pkcs12 mode"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_PKCS12_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_functs);
+		ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/pkcs12/pkcs12.h b/crypto/pkcs12/pkcs12.h
new file mode 100644
index 0000000000..5c8b492816
--- /dev/null
+++ b/crypto/pkcs12/pkcs12.h
@@ -0,0 +1,329 @@
+/* pkcs12.h */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_PKCS12_H
+#define HEADER_PKCS12_H
+
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define PKCS12_KEY_ID	1
+#define PKCS12_IV_ID	2
+#define PKCS12_MAC_ID	3
+
+/* Default iteration count */
+#ifndef PKCS12_DEFAULT_ITER
+#define PKCS12_DEFAULT_ITER	PKCS5_DEFAULT_ITER
+#endif
+
+#define PKCS12_MAC_KEY_LENGTH 20
+
+#define PKCS12_SALT_LEN	8
+
+/* Uncomment out next line for unicode password and names, otherwise ASCII */
+
+/*#define PBE_UNICODE*/
+
+#ifdef PBE_UNICODE
+#define PKCS12_key_gen PKCS12_key_gen_uni
+#define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni
+#else
+#define PKCS12_key_gen PKCS12_key_gen_asc
+#define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc
+#endif
+
+/* MS key usage constants */
+
+#define KEY_EX	0x10
+#define KEY_SIG 0x80
+
+typedef struct {
+X509_SIG *dinfo;
+ASN1_OCTET_STRING *salt;
+ASN1_INTEGER *iter;	/* defaults to 1 */
+} PKCS12_MAC_DATA;
+
+typedef struct {
+ASN1_INTEGER *version;
+PKCS12_MAC_DATA *mac;
+PKCS7 *authsafes;
+} PKCS12;
+
+PREDECLARE_STACK_OF(PKCS12_SAFEBAG)
+
+typedef struct {
+ASN1_OBJECT *type;
+union {
+	struct pkcs12_bag_st *bag; /* secret, crl and certbag */
+	struct pkcs8_priv_key_info_st	*keybag; /* keybag */
+	X509_SIG *shkeybag; /* shrouded key bag */
+	STACK_OF(PKCS12_SAFEBAG) *safes;
+	ASN1_TYPE *other;
+}value;
+STACK_OF(X509_ATTRIBUTE) *attrib;
+} PKCS12_SAFEBAG;
+
+DECLARE_STACK_OF(PKCS12_SAFEBAG)
+DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG)
+DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG)
+
+typedef struct pkcs12_bag_st {
+ASN1_OBJECT *type;
+union {
+	ASN1_OCTET_STRING *x509cert;
+	ASN1_OCTET_STRING *x509crl;
+	ASN1_OCTET_STRING *octet;
+	ASN1_IA5STRING *sdsicert;
+	ASN1_TYPE *other; /* Secret or other bag */
+}value;
+} PKCS12_BAGS;
+
+#define PKCS12_ERROR	0
+#define PKCS12_OK	1
+
+/* Compatibility macros */
+
+#define M_PKCS12_x5092certbag PKCS12_x5092certbag
+#define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag
+
+#define M_PKCS12_certbag2x509 PKCS12_certbag2x509
+#define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl 
+
+#define M_PKCS12_unpack_p7data PKCS12_unpack_p7data
+#define M_PKCS12_pack_authsafes PKCS12_pack_authsafes
+#define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes
+#define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata
+
+#define M_PKCS12_decrypt_skey PKCS12_decrypt_skey
+#define M_PKCS8_decrypt PKCS8_decrypt
+
+#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
+#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
+#define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
+
+#define PKCS12_get_attr(bag, attr_nid) \
+			 PKCS12_get_attr_gen(bag->attrib, attr_nid)
+
+#define PKCS8_get_attr(p8, attr_nid) \
+		PKCS12_get_attr_gen(p8->attributes, attr_nid)
+
+#define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0)
+
+
+PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509);
+PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl);
+X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag);
+
+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
+	     int nid2);
+PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8);
+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen);
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
+								int passlen);
+X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, 
+			const char *pass, int passlen,
+			unsigned char *salt, int saltlen, int iter,
+			PKCS8_PRIV_KEY_INFO *p8);
+PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
+				     int passlen, unsigned char *salt,
+				     int saltlen, int iter,
+				     PKCS8_PRIV_KEY_INFO *p8);
+PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
+			     unsigned char *salt, int saltlen, int iter,
+			     STACK_OF(PKCS12_SAFEBAG) *bags);
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen);
+
+int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12);
+
+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen);
+int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
+				int namelen);
+int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
+				int namelen);
+int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name,
+				int namelen);
+int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
+ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid);
+char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
+unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
+				int passlen, unsigned char *in, int inlen,
+				unsigned char **data, int *datalen, int en_de);
+void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
+	     const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf);
+ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
+				       const char *pass, int passlen,
+				       void *obj, int zbuf);
+PKCS12 *PKCS12_init(int mode);
+int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
+		       int saltlen, int id, int iter, int n,
+		       unsigned char *out, const EVP_MD *md_type);
+int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type);
+int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type,
+			 int en_de);
+int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+			 unsigned char *mac, unsigned int *maclen);
+int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
+int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
+		   unsigned char *salt, int saltlen, int iter,
+		   const EVP_MD *md_type);
+int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
+					 int saltlen, const EVP_MD *md_type);
+unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen);
+char *uni2asc(unsigned char *uni, int unilen);
+
+DECLARE_ASN1_FUNCTIONS(PKCS12)
+DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
+DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
+DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS)
+
+DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS)
+DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
+
+void PKCS12_PBE_add(void);
+int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+		 STACK_OF(X509) **ca);
+PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
+			 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
+						 int mac_iter, int keytype);
+
+PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
+PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,
+						int key_usage, int iter,
+						int key_nid, char *pass);
+int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
+					int safe_nid, int iter, char *pass);
+PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);
+
+int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
+int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
+PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
+PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
+int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_PKCS12_strings(void);
+
+/* Error codes for the PKCS12 functions. */
+
+/* Function codes. */
+#define PKCS12_F_PARSE_BAGS				 103
+#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME		 100
+#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC		 127
+#define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI		 102
+#define PKCS12_F_PKCS12_ADD_LOCALKEYID			 104
+#define PKCS12_F_PKCS12_CREATE				 105
+#define PKCS12_F_PKCS12_DECRYPT_D2I			 106
+#define PKCS12_F_PKCS12_GEN_MAC				 107
+#define PKCS12_F_PKCS12_I2D_ENCRYPT			 108
+#define PKCS12_F_PKCS12_INIT				 109
+#define PKCS12_F_PKCS12_KEY_GEN_ASC			 110
+#define PKCS12_F_PKCS12_KEY_GEN_UNI			 111
+#define PKCS12_F_PKCS12_MAKE_KEYBAG			 112
+#define PKCS12_F_PKCS12_MAKE_SHKEYBAG			 113
+#define PKCS12_F_PKCS12_NEWPASS				 128
+#define PKCS12_F_PKCS12_PACK_P7DATA			 114
+#define PKCS12_F_PKCS12_PACK_P7ENCDATA			 115
+#define PKCS12_F_PKCS12_PACK_SAFEBAG			 117
+#define PKCS12_F_PKCS12_PARSE				 118
+#define PKCS12_F_PKCS12_PBE_CRYPT			 119
+#define PKCS12_F_PKCS12_PBE_KEYIVGEN			 120
+#define PKCS12_F_PKCS12_SETUP_MAC			 122
+#define PKCS12_F_PKCS12_SET_MAC				 123
+#define PKCS12_F_PKCS8_ADD_KEYUSAGE			 124
+#define PKCS12_F_PKCS8_ENCRYPT				 125
+#define PKCS12_F_VERIFY_MAC				 126
+
+/* Reason codes. */
+#define PKCS12_R_CANT_PACK_STRUCTURE			 100
+#define PKCS12_R_DECODE_ERROR				 101
+#define PKCS12_R_ENCODE_ERROR				 102
+#define PKCS12_R_ENCRYPT_ERROR				 103
+#define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE	 120
+#define PKCS12_R_INVALID_NULL_ARGUMENT			 104
+#define PKCS12_R_INVALID_NULL_PKCS12_POINTER		 105
+#define PKCS12_R_IV_GEN_ERROR				 106
+#define PKCS12_R_KEY_GEN_ERROR				 107
+#define PKCS12_R_MAC_ABSENT				 108
+#define PKCS12_R_MAC_GENERATION_ERROR			 109
+#define PKCS12_R_MAC_SETUP_ERROR			 110
+#define PKCS12_R_MAC_STRING_SET_ERROR			 111
+#define PKCS12_R_MAC_VERIFY_ERROR			 112
+#define PKCS12_R_MAC_VERIFY_FAILURE			 113
+#define PKCS12_R_PARSE_ERROR				 114
+#define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR		 115
+#define PKCS12_R_PKCS12_CIPHERFINAL_ERROR		 116
+#define PKCS12_R_PKCS12_PBE_CRYPT_ERROR			 117
+#define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM		 118
+#define PKCS12_R_UNSUPPORTED_PKCS12_MODE		 119
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/pkcs7/.cvsignore b/crypto/pkcs7/.cvsignore
new file mode 100644
index 0000000000..780d5c1afc
--- /dev/null
+++ b/crypto/pkcs7/.cvsignore
@@ -0,0 +1,6 @@
+lib
+Makefile.save
+enc
+dec
+sign
+verify
diff --git a/crypto/pkcs7/Makefile.ssl b/crypto/pkcs7/Makefile.ssl
index a88359b320..bbeed604be 100644
--- a/crypto/pkcs7/Makefile.ssl
+++ b/crypto/pkcs7/Makefile.ssl
@@ -1,29 +1,35 @@
 #
-# SSLeay/crypto/asn1/Makefile
+# SSLeay/crypto/pkcs7/Makefile
 #
 
 DIR=	pkcs7
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
+PEX_LIBS=
+EX_LIBS=
+ 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=pkcs7
-ERRC=pkcs7err
 GENERAL=Makefile README
 TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=	pk7_lib.c pkcs7err.c pk7_doit.c
-LIBOBJ= pk7_lib.o pkcs7err.o pk7_doit.o
+LIBSRC=	pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c \
+	pk7_mime.c
+LIBOBJ= pk7_asn1.o pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o \
+	pk7_mime.o
 
 SRC= $(LIBSRC)
 
@@ -39,26 +45,39 @@ test:
 
 all:	lib
 
+testapps: enc dec sign verify
+
+enc: enc.o lib
+	$(CC) $(CFLAGS) -o enc enc.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+
+dec: dec.o lib
+	$(CC) $(CFLAGS) -o dec dec.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+
+sign: sign.o lib
+	$(CC) $(CFLAGS) -o sign sign.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+
+verify: verify.o example.o lib
+	$(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS)
+
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -70,17 +89,165 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff enc dec sign verify
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+pk7_asn1.o: ../../e_os.h ../../include/openssl/aes.h
+pk7_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+pk7_asn1.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+pk7_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pk7_asn1.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pk7_asn1.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk7_asn1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk7_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pk7_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pk7_asn1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_asn1.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pk7_asn1.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pk7_asn1.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pk7_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_asn1.o: ../../include/openssl/opensslconf.h
+pk7_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pk7_asn1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pk7_asn1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pk7_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_asn1.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pk7_asn1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_asn1.o: ../cryptlib.h pk7_asn1.c
+pk7_attr.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+pk7_attr.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+pk7_attr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+pk7_attr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+pk7_attr.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk7_attr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk7_attr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pk7_attr.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pk7_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_attr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pk7_attr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pk7_attr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pk7_attr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_attr.o: ../../include/openssl/opensslconf.h
+pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_attr.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+pk7_attr.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pk7_attr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pk7_attr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pk7_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_attr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_attr.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pk7_attr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_attr.o: pk7_attr.c
+pk7_doit.o: ../../e_os.h ../../include/openssl/aes.h
+pk7_doit.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_doit.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pk7_doit.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+pk7_doit.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk7_doit.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pk7_doit.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pk7_doit.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_doit.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pk7_doit.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pk7_doit.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pk7_doit.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_doit.o: ../../include/openssl/opensslconf.h
+pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_doit.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pk7_doit.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pk7_doit.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pk7_doit.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pk7_doit.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_doit.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pk7_doit.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pk7_doit.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+pk7_doit.o: ../cryptlib.h pk7_doit.c
+pk7_lib.o: ../../e_os.h ../../include/openssl/aes.h
+pk7_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pk7_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pk7_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pk7_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pk7_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pk7_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pk7_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pk7_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pk7_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pk7_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pk7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pk7_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pk7_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pk7_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_lib.o: ../cryptlib.h pk7_lib.c
+pk7_mime.o: ../../e_os.h ../../include/openssl/aes.h
+pk7_mime.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_mime.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pk7_mime.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+pk7_mime.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+pk7_mime.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+pk7_mime.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+pk7_mime.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+pk7_mime.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+pk7_mime.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+pk7_mime.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+pk7_mime.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+pk7_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+pk7_mime.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+pk7_mime.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+pk7_mime.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+pk7_mime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+pk7_mime.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+pk7_mime.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+pk7_mime.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_mime.c
+pk7_smime.o: ../../e_os.h ../../include/openssl/aes.h
+pk7_smime.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pk7_smime.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+pk7_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+pk7_smime.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+pk7_smime.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+pk7_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+pk7_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+pk7_smime.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+pk7_smime.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+pk7_smime.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+pk7_smime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+pk7_smime.o: ../../include/openssl/opensslconf.h
+pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pk7_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+pk7_smime.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+pk7_smime.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+pk7_smime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+pk7_smime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pk7_smime.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+pk7_smime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+pk7_smime.o: ../../include/openssl/x509v3.h ../cryptlib.h pk7_smime.c
+pkcs7err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+pkcs7err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+pkcs7err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+pkcs7err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+pkcs7err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+pkcs7err.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+pkcs7err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+pkcs7err.o: pkcs7err.c
diff --git a/crypto/pkcs7/README b/crypto/pkcs7/README
deleted file mode 100644
index 27001c6970..0000000000
--- a/crypto/pkcs7/README
+++ /dev/null
@@ -1,5 +0,0 @@
-WARNING
-
-Everything in this directory is experimental and is subject to change.
-
-Do not rely on the stuff in here not changing in the next release
diff --git a/crypto/pkcs7/bio_ber.c b/crypto/pkcs7/bio_ber.c
index df4d9a5223..895a91177b 100644
--- a/crypto/pkcs7/bio_ber.c
+++ b/crypto/pkcs7/bio_ber.c
@@ -59,10 +59,9 @@
 #include <stdio.h>
 #include <errno.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "evp.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
 
-#ifndef NOPROTO
 static int ber_write(BIO *h,char *buf,int num);
 static int ber_read(BIO *h,char *buf,int size);
 /*static int ber_puts(BIO *h,char *str); */
@@ -70,16 +69,7 @@ static int ber_read(BIO *h,char *buf,int size);
 static long ber_ctrl(BIO *h,int cmd,long arg1,char *arg2);
 static int ber_new(BIO *h);
 static int ber_free(BIO *data);
-#else
-static int ber_write();
-static int ber_read();
-/*static int ber_puts(); */
-/*static int ber_gets(); */
-static long ber_ctrl();
-static int ber_new();
-static int ber_free();
-#endif
-
+static long ber_callback_ctrl(BIO *h,int cmd,void *(*fp)());
 #define BER_BUF_SIZE	(32)
 
 /* This is used to hold the state of the BER objects being read. */
@@ -103,7 +93,7 @@ typedef struct bio_ber_struct
 	/* most of the following are used when doing non-blocking IO */
 	/* reading */
 	long num_left;	/* number of bytes still to read/write in block */
-	int depth;	/* used with idefinite encoding. */
+	int depth;	/* used with indefinite encoding. */
 	int finished;	/* No more read data */
 
 	/* writting */ 
@@ -126,19 +116,19 @@ static BIO_METHOD methods_ber=
 	ber_ctrl,
 	ber_new,
 	ber_free,
+	ber_callback_ctrl,
 	};
 
-BIO_METHOD *BIO_f_ber()
+BIO_METHOD *BIO_f_ber(void)
 	{
 	return(&methods_ber);
 	}
 
-static int ber_new(bi)
-BIO *bi;
+static int ber_new(BIO *bi)
 	{
 	BIO_BER_CTX *ctx;
 
-	ctx=(BIO_BER_CTX *)Malloc(sizeof(BIO_BER_CTX));
+	ctx=(BIO_BER_CTX *)OPENSSL_malloc(sizeof(BIO_BER_CTX));
 	if (ctx == NULL) return(0);
 
 	memset((char *)ctx,0,sizeof(BIO_BER_CTX));
@@ -149,24 +139,21 @@ BIO *bi;
 	return(1);
 	}
 
-static int ber_free(a)
-BIO *a;
+static int ber_free(BIO *a)
 	{
 	BIO_BER_CTX *b;
 
 	if (a == NULL) return(0);
 	b=(BIO_BER_CTX *)a->ptr;
-	memset(a->ptr,0,sizeof(BIO_BER_CTX));
-	Free(a->ptr);
+	OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX));
+	OPENSSL_free(a->ptr);
 	a->ptr=NULL;
 	a->init=0;
 	a->flags=0;
 	return(1);
 	}
 
-int bio_ber_get_header(bio,ctx)
-BIO *bio;
-BIO_BER_CTX *ctx;
+int bio_ber_get_header(BIO *bio, BIO_BER_CTX *ctx)
 	{
 	char buf[64];
 	int i,j,n;
@@ -236,10 +223,7 @@ BIO_BER_CTX *ctx;
 	if (ret & V_ASN1_CONSTRUCTED)
 	}
 	
-static int ber_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int ber_read(BIO *b, char *out, int outl)
 	{
 	int ret=0,i,n;
 	BIO_BER_CTX *ctx;
@@ -286,10 +270,7 @@ again:
 		}
 	}
 
-static int ber_write(b,in,inl)
-BIO *b;
-char *in;
-int inl;
+static int ber_write(BIO *b, char *in, int inl)
 	{
 	int ret=0,n,i;
 	BIO_ENC_CTX *ctx;
@@ -344,11 +325,7 @@ int inl;
 	return(ret);
 	}
 
-static long ber_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long ber_ctrl(BIO *b, int cmd, long num, char *ptr)
 	{
 	BIO *dbio;
 	BIO_ENC_CTX *ctx,*dctx;
@@ -362,7 +339,7 @@ char *ptr;
 	case BIO_CTRL_RESET:
 		ctx->ok=1;
 		ctx->finished=0;
-		EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL,
+		EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
 			ctx->cipher.berrypt);
 		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
 		break;
@@ -399,7 +376,7 @@ again:
 			{
 			ctx->finished=1;
 			ctx->buf_off=0;
-			ret=EVP_CipherFinal(&(ctx->cipher),
+			ret=EVP_CipherFinal_ex(&(ctx->cipher),
 				(unsigned char *)ctx->buf,
 				&(ctx->buf_len));
 			ctx->ok=(int)ret;
@@ -434,6 +411,20 @@ again:
 	return(ret);
 	}
 
+static long ber_callback_ctrl(BIO *b, int cmd, void *(*fp)())
+	{
+	long ret=1;
+
+	if (b->next_bio == NULL) return(0);
+	switch (cmd)
+		{
+	default:
+		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
+		break;
+		}
+	return(ret);
+	}
+
 /*
 void BIO_set_cipher_ctx(b,c)
 BIO *b;
@@ -454,12 +445,8 @@ EVP_CIPHER_ctx *c;
 	}
 */
 
-void BIO_set_cipher(b,c,k,i,e)
-BIO *b;
-EVP_CIPHER *c;
-unsigned char *k;
-unsigned char *i;
-int e;
+void BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *k, unsigned char *i,
+	     int e)
 	{
 	BIO_ENC_CTX *ctx;
 
@@ -471,7 +458,7 @@ int e;
 
 	b->init=1;
 	ctx=(BIO_ENC_CTX *)b->ptr;
-	EVP_CipherInit(&(ctx->cipher),c,k,i,e);
+	EVP_CipherInit_ex(&(ctx->cipher),c,NULL,k,i,e);
 	
 	if (b->callback != NULL)
 		b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
diff --git a/crypto/pkcs7/build b/crypto/pkcs7/build
deleted file mode 100755
index 05eb70fa4a..0000000000
--- a/crypto/pkcs7/build
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/sh -x
-
-make
-gcc -I../../include -g -o enc enc.c ../../libcrypto.a
-gcc -I../../include -g -o dec dec.c ../../libcrypto.a
diff --git a/crypto/pkcs7/dec.c b/crypto/pkcs7/dec.c
index 2622cbd696..6752ec568a 100644
--- a/crypto/pkcs7/dec.c
+++ b/crypto/pkcs7/dec.c
@@ -56,48 +56,40 @@
  * [including the GNU Public Licence.]
  */
 #include <stdio.h>
-#include "asn1.h"
-#include "bio.h"
-#include "x509.h"
-#include "pem.h"
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/asn1.h>
 
 int verify_callback(int ok, X509_STORE_CTX *ctx);
 
 BIO *bio_err=NULL;
 
-main(argc,argv)
+int main(argc,argv)
 int argc;
 char *argv[];
 	{
+	char *keyfile=NULL;
 	BIO *in;
-	X509 *x509,*x;
 	EVP_PKEY *pkey;
+	X509 *x509;
 	PKCS7 *p7;
-	PKCS7_SIGNED *s;
 	PKCS7_SIGNER_INFO *si;
-	PKCS7_ISSUER_AND_SERIAL *ias;
 	X509_STORE_CTX cert_ctx;
 	X509_STORE *cert_store=NULL;
-	X509_LOOKUP *lookup=NULL;
 	BIO *data,*detached=NULL,*p7bio=NULL;
 	char buf[1024*4];
-	unsigned char *p,*pp;
-	int i,j,printit=0;
-	STACK *sk;
+	unsigned char *pp;
+	int i,printit=0;
+	STACK_OF(PKCS7_SIGNER_INFO) *sk;
 
-	SSLeay_add_all_algorithms();
+	OpenSSL_add_all_algorithms();
 	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-	EVP_add_digest(EVP_sha1());
-	EVP_add_cipher(EVP_des_ede3_cbc());
-
-        if ((in=BIO_new_file("server.pem","r")) == NULL) goto err;
-        if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err;
-        BIO_reset(in);
-        if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
-        BIO_free(in);
 
 	data=BIO_new(BIO_s_file());
-again:
 	pp=NULL;
 	while (argc > 1)
 		{
@@ -107,28 +99,41 @@ again:
 			{
 			printit=1;
 			}
-		else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2))
+		else if ((strcmp(argv[0],"-k") == 0) && (argc >= 2)) {
+			keyfile = argv[1];
+			argc-=1;
+			argv+=1;
+		} else if ((strcmp(argv[0],"-d") == 0) && (argc >= 2))
 			{
 			detached=BIO_new(BIO_s_file());
 			if (!BIO_read_filename(detached,argv[1]))
 				goto err;
-			argc--;
-			argv++;
-			}
-		else
-			{
-			pp=argv[0];
-			if (!BIO_read_filename(data,argv[0]))
-				goto err;
+			argc-=1;
+			argv+=1;
 			}
+		else break;
 		}
 
+	 if (!BIO_read_filename(data,argv[0])) goto err; 
+
+	if(!keyfile) {
+		fprintf(stderr, "No private key file specified\n");
+		goto err;
+	}
+
+        if ((in=BIO_new_file(keyfile,"r")) == NULL) goto err;
+        if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err;
+        BIO_reset(in);
+        if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL)
+		goto err;
+        BIO_free(in);
+
 	if (pp == NULL)
 		BIO_set_fp(data,stdin,BIO_NOCLOSE);
 
 
 	/* Load the PKCS7 object from a file */
-	if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL)) == NULL) goto err;
+	if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err;
 
 
 
@@ -144,8 +149,8 @@ again:
 
 	/* We need to process the data */
 	/* We cannot support detached encryption */
-	p7bio=PKCS7_dataDecode(p7,pkey,detached,cert_store);
-	
+	p7bio=PKCS7_dataDecode(p7,pkey,detached,x509);
+
 	if (p7bio == NULL)
 		{
 		printf("problems decoding\n");
@@ -158,23 +163,23 @@ again:
 		i=BIO_read(p7bio,buf,sizeof(buf));
 		/* print it? */
 		if (i <= 0) break;
-		write(fileno(stdout),buf,i);
+		fwrite(buf,1, i, stdout);
 		}
 
 	/* We can now verify signatures */
 	sk=PKCS7_get_signer_info(p7);
 	if (sk == NULL)
 		{
-		printf("there are no signatures on this data\n");
+		fprintf(stderr, "there are no signatures on this data\n");
 		}
 	else
 		{
 		/* Ok, first we need to, for each subject entry,
 		 * see if we can verify */
 		ERR_clear_error();
-		for (i=0; i<sk_num(sk); i++)
+		for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++)
 			{
-			si=(PKCS7_SIGNER_INFO *)sk_value(sk,i);
+			si=sk_PKCS7_SIGNER_INFO_value(sk,i);
 			i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
 			if (i <= 0)
 				goto err;
@@ -192,9 +197,7 @@ err:
 	}
 
 /* should be X509 * but we can just have them as char *. */
-int verify_callback(ok, ctx)
-int ok;
-X509_STORE_CTX *ctx;
+int verify_callback(int ok, X509_STORE_CTX *ctx)
 	{
 	char buf[256];
 	X509 *err_cert;
diff --git a/crypto/pkcs7/enc.c b/crypto/pkcs7/enc.c
index 8c3f937cfc..7417f8a4e0 100644
--- a/crypto/pkcs7/enc.c
+++ b/crypto/pkcs7/enc.c
@@ -56,61 +56,91 @@
  * [including the GNU Public Licence.]
  */
 #include <stdio.h>
-#include "bio.h"
-#include "x509.h"
-#include "pem.h"
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
 
-main(argc,argv)
+int main(argc,argv)
 int argc;
 char *argv[];
 	{
 	X509 *x509;
-	EVP_PKEY *pkey;
 	PKCS7 *p7;
-	PKCS7 *p7_data;
-	PKCS7_SIGNER_INFO *si;
 	BIO *in;
 	BIO *data,*p7bio;
 	char buf[1024*4];
-	int i,j;
+	int i;
 	int nodetach=1;
+	char *keyfile = NULL;
+	const EVP_CIPHER *cipher=NULL;
+	STACK_OF(X509) *recips=NULL;
 
-	EVP_add_digest(EVP_sha1());
-	EVP_add_cipher(EVP_des_ede3_cbc());
+	OpenSSL_add_all_algorithms();
 
 	data=BIO_new(BIO_s_file());
-again:
-	if (argc > 1)
+	while(argc > 1)
 		{
 		if (strcmp(argv[1],"-nd") == 0)
 			{
 			nodetach=1;
 			argv++; argc--;
-			goto again;
 			}
-		if (!BIO_read_filename(data,argv[1]))
-			goto err;
-		}
-	else
-		BIO_set_fp(data,stdin,BIO_NOCLOSE);
+		else if ((strcmp(argv[1],"-c") == 0) && (argc >= 2)) {
+			if(!(cipher = EVP_get_cipherbyname(argv[2]))) {
+				fprintf(stderr, "Unknown cipher %s\n", argv[2]);
+				goto err;
+			}
+			argc-=2;
+			argv+=2;
+		} else if ((strcmp(argv[1],"-k") == 0) && (argc >= 2)) {
+			keyfile = argv[2];
+			argc-=2;
+			argv+=2;
+			if (!(in=BIO_new_file(keyfile,"r"))) goto err;
+			if (!(x509=PEM_read_bio_X509(in,NULL,NULL,NULL)))
+				goto err;
+			if(!recips) recips = sk_X509_new_null();
+			sk_X509_push(recips, x509);
+			BIO_free(in);
+		} else break;
+	}
 
-	if ((in=BIO_new_file("server.pem","r")) == NULL) goto err;
-	if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err;
+	if(!recips) {
+		fprintf(stderr, "No recipients\n");
+		goto err;
+	}
+
+	if (!BIO_read_filename(data,argv[1])) goto err;
+
+	p7=PKCS7_new();
+#if 0
 	BIO_reset(in);
 	if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
 	BIO_free(in);
-
-	p7=PKCS7_new();
 	PKCS7_set_type(p7,NID_pkcs7_signedAndEnveloped);
 	 
 	if (PKCS7_add_signature(p7,x509,pkey,EVP_sha1()) == NULL) goto err;
-
-	if (!PKCS7_set_cipher(p7,EVP_des_ede3_cbc())) goto err;
-	if (PKCS7_add_recipient(p7,x509) == NULL) goto err;
-
 	/* we may want to add more */
 	PKCS7_add_certificate(p7,x509);
+#else
+	PKCS7_set_type(p7,NID_pkcs7_enveloped);
+#endif
+	if(!cipher)	{
+#ifndef OPENSSL_NO_DES
+		cipher = EVP_des_ede3_cbc();
+#else
+		fprintf(stderr, "No cipher selected\n");
+		goto err;
+#endif
+	}
 
+	if (!PKCS7_set_cipher(p7,cipher)) goto err;
+	for(i = 0; i < sk_X509_num(recips); i++) {
+		if (!PKCS7_add_recipient(p7,sk_X509_value(recips, i))) goto err;
+	}
+	sk_X509_pop_free(recips, X509_free);
 
 	/* Set the content of the signed to 'data' */
 	/* PKCS7_content_new(p7,NID_pkcs7_data); not used in envelope */
diff --git a/crypto/pkcs7/example.c b/crypto/pkcs7/example.c
index 9309e1d5ef..c993947cc3 100644
--- a/crypto/pkcs7/example.c
+++ b/crypto/pkcs7/example.c
@@ -1,10 +1,11 @@
 #include <stdio.h>
 #include <stdlib.h>
-#include <malloc.h>
-#include "pkcs7.h"
+#include <string.h>
+#include <openssl/pkcs7.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
 
-int add_signed_time(si)
-PKCS7_SIGNER_INFO *si;
+int add_signed_time(PKCS7_SIGNER_INFO *si)
 	{
 	ASN1_UTCTIME *sign_time;
 
@@ -16,25 +17,19 @@ PKCS7_SIGNER_INFO *si;
 	return(1);
 	}
 
-ASN1_UTCTIME *get_signed_time(si)
-PKCS7_SIGNER_INFO *si;
+ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si)
 	{
 	ASN1_TYPE *so;
-	ASN1_UTCTIME *ut;
 
 	so=PKCS7_get_signed_attribute(si,NID_pkcs9_signingTime);
 	if (so->type == V_ASN1_UTCTIME)
-		{
-		ut=so->value.utctime;
-		}
-	return(ut);
+	    return so->value.utctime;
+	return NULL;
 	}
 	
 static int signed_string_nid= -1;
 
-int add_signed_string(si,str)
-PKCS7_SIGNER_INFO *si;
-char *str;
+void add_signed_string(PKCS7_SIGNER_INFO *si, char *str)
 	{
 	ASN1_OCTET_STRING *os;
 
@@ -43,16 +38,13 @@ char *str;
 		signed_string_nid=
 			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
 	os=ASN1_OCTET_STRING_new();
-	ASN1_OCTET_STRING_set(os,str,strlen(str));
+	ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str));
 	/* When we add, we do not free */
 	PKCS7_add_signed_attribute(si,signed_string_nid,
 		V_ASN1_OCTET_STRING,(char *)os);
 	}
 
-int get_signed_string(si,buf,len)
-PKCS7_SIGNER_INFO *si;
-char *buf;
-int len;
+int get_signed_string(PKCS7_SIGNER_INFO *si, char *buf, int len)
 	{
 	ASN1_TYPE *so;
 	ASN1_OCTET_STRING *os;
@@ -78,19 +70,16 @@ int len;
 	return(0);
 	}
 
-static signed_seq2string_nid= -1;
+static int signed_seq2string_nid= -1;
 /* ########################################### */
-int add_signed_seq2string(si,str1,str2)
-PKCS7_SIGNER_INFO *si;
-char *str1;
-char *str2;
+int add_signed_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
+	{
 	/* To add an object of OID 1.9.999, which is a sequence containing
 	 * 2 octet strings */
-	{
 	unsigned char *p;
 	ASN1_OCTET_STRING *os1,*os2;
 	ASN1_STRING *seq;
-	char *data;
+	unsigned char *data;
 	int i,total;
 
 	if (signed_seq2string_nid == -1)
@@ -99,8 +88,8 @@ char *str2;
 
 	os1=ASN1_OCTET_STRING_new();
 	os2=ASN1_OCTET_STRING_new();
-	ASN1_OCTET_STRING_set(os1,str1,strlen(str1));
-	ASN1_OCTET_STRING_set(os2,str1,strlen(str1));
+	ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1));
+	ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1));
 	i =i2d_ASN1_OCTET_STRING(os1,NULL);
 	i+=i2d_ASN1_OCTET_STRING(os2,NULL);
 	total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
@@ -123,10 +112,7 @@ char *str2;
 	}
 
 /* For this case, I will malloc the return strings */
-int get_signed_seq2string(si,str1,str2)
-PKCS7_SIGNER_INFO *si;
-char **str1;
-char **str2;
+int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2)
 	{
 	ASN1_TYPE *so;
 
@@ -135,7 +121,7 @@ char **str2;
 			OBJ_create("1.9.9999","OID_example","Our example OID");
 	/* To retrieve */
 	so=PKCS7_get_signed_attribute(si,signed_seq2string_nid);
-	if (so->type == V_ASN1_SEQUENCE)
+	if (so && (so->type == V_ASN1_SEQUENCE))
 		{
 		ASN1_CTX c;
 		ASN1_STRING *s;
@@ -178,7 +164,7 @@ err:
  * THE OTHER WAY TO DO THINGS
  * #######################################
  */
-X509_ATTRIBUTE *create_time()
+X509_ATTRIBUTE *create_time(void)
 	{
 	ASN1_UTCTIME *sign_time;
 	X509_ATTRIBUTE *ret;
@@ -191,24 +177,19 @@ X509_ATTRIBUTE *create_time()
 	return(ret);
 	}
 
-ASN1_UTCTIME *sk_get_time(sk)
-STACK *sk;
+ASN1_UTCTIME *sk_get_time(STACK_OF(X509_ATTRIBUTE) *sk)
 	{
 	ASN1_TYPE *so;
-	ASN1_UTCTIME *ut;
 	PKCS7_SIGNER_INFO si;
 
 	si.auth_attr=sk;
 	so=PKCS7_get_signed_attribute(&si,NID_pkcs9_signingTime);
 	if (so->type == V_ASN1_UTCTIME)
-		{
-		ut=so->value.utctime;
-		}
-	return(ut);
+	    return so->value.utctime;
+	return NULL;
 	}
 	
-X509_ATTRIBUTE *create_string(si,str)
-char *str;
+X509_ATTRIBUTE *create_string(char *str)
 	{
 	ASN1_OCTET_STRING *os;
 	X509_ATTRIBUTE *ret;
@@ -218,17 +199,14 @@ char *str;
 		signed_string_nid=
 			OBJ_create("1.2.3.4.5","OID_example","Our example OID");
 	os=ASN1_OCTET_STRING_new();
-	ASN1_OCTET_STRING_set(os,str,strlen(str));
+	ASN1_OCTET_STRING_set(os,(unsigned char*)str,strlen(str));
 	/* When we add, we do not free */
 	ret=X509_ATTRIBUTE_create(signed_string_nid,
 		V_ASN1_OCTET_STRING,(char *)os);
 	return(ret);
 	}
 
-int sk_get_string(sk,buf,len)
-STACK *sk;
-char *buf;
-int len;
+int sk_get_string(STACK_OF(X509_ATTRIBUTE) *sk, char *buf, int len)
 	{
 	ASN1_TYPE *so;
 	ASN1_OCTET_STRING *os;
@@ -257,18 +235,15 @@ int len;
 	return(0);
 	}
 
-X509_ATTRIBUTE *add_seq2string(si,str1,str2)
-PKCS7_SIGNER_INFO *si;
-char *str1;
-char *str2;
+X509_ATTRIBUTE *add_seq2string(PKCS7_SIGNER_INFO *si, char *str1, char *str2)
+	{
 	/* To add an object of OID 1.9.999, which is a sequence containing
 	 * 2 octet strings */
-	{
 	unsigned char *p;
 	ASN1_OCTET_STRING *os1,*os2;
 	ASN1_STRING *seq;
 	X509_ATTRIBUTE *ret;
-	char *data;
+	unsigned char *data;
 	int i,total;
 
 	if (signed_seq2string_nid == -1)
@@ -277,8 +252,8 @@ char *str2;
 
 	os1=ASN1_OCTET_STRING_new();
 	os2=ASN1_OCTET_STRING_new();
-	ASN1_OCTET_STRING_set(os1,str1,strlen(str1));
-	ASN1_OCTET_STRING_set(os2,str1,strlen(str1));
+	ASN1_OCTET_STRING_set(os1,(unsigned char*)str1,strlen(str1));
+	ASN1_OCTET_STRING_set(os2,(unsigned char*)str1,strlen(str1));
 	i =i2d_ASN1_OCTET_STRING(os1,NULL);
 	i+=i2d_ASN1_OCTET_STRING(os2,NULL);
 	total=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
@@ -301,10 +276,7 @@ char *str2;
 	}
 
 /* For this case, I will malloc the return strings */
-int sk_get_seq2string(sk,str1,str2)
-STACK *sk;
-char **str1;
-char **str2;
+int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2)
 	{
 	ASN1_TYPE *so;
 	PKCS7_SIGNER_INFO si;
diff --git a/crypto/pkcs7/example.h b/crypto/pkcs7/example.h
new file mode 100644
index 0000000000..96167de188
--- /dev/null
+++ b/crypto/pkcs7/example.h
@@ -0,0 +1,57 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+int add_signed_time(PKCS7_SIGNER_INFO *si);
+ASN1_UTCTIME *get_signed_time(PKCS7_SIGNER_INFO *si);
+int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2);
diff --git a/crypto/pkcs7/mf.p7 b/crypto/pkcs7/mf.p7
deleted file mode 100644
index 524335b4b3..0000000000
--- a/crypto/pkcs7/mf.p7
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN PKCS7-----
-MIAGCSqGSIb3DQEHAqCAMIIC2QIBATEMMAoGCCqGSIb3DQIFMIAGCSqGSIb3DQEH
-AQAAoIIB7TCCAekwggFSAgEAMA0GCSqGSIb3DQEBBAUAMFsxCzAJBgNVBAYTAkFV
-MRMwEQYDVQQIEwpRdWVlbnNsYW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0
-ZDEbMBkGA1UEAxMSVGVzdCBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0NloX
-DTk4MDYwOTEzNTc0NlowYzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xh
-bmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYDVQQDExpTZXJ2ZXIg
-dGVzdCBjZXJ0ICg1MTIgYml0KTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCfs8OE
-J5X/EjFSDxXvRhHErYDmNlsP3YDXYY3g/HJFCTT+VWZFQ0xol2r+qKCl3194/+7X
-ZLg/BMtv/yr+/rntAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAeEzEdgr2nChPcALL
-vY8gl/GIlpoAjPmKD+pLeGZI9s+SEX5u1q8nCrJ6ZzkfrRnqgI5Anmev9+qPZfdU
-bz5zdVSf4sUL9nX9ChXjK9NCJA3UzQHSFqhZErGUwGNkAHYHp2+zAdY6Ho6rmMzt
-g0CDu/sKR4qzm6REsQGS8kgpjz4xgcUwgcICAQEwYDBbMQswCQYDVQQGEwJBVTET
-MBEGA1UECBMKUXVlZW5zbGFuZDEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQx
-GzAZBgNVBAMTElRlc3QgQ0EgKDEwMjQgYml0KQIBADAKBggqhkiG9w0CBTANBgkq
-hkiG9w0BAQQFAARALnrxJiOX9XZf2D+3vL8SKMQmMq55LltomwOLGUru/q1uVXzi
-ARg7FSCegOpA1nunsTURMUGgrPXKK4XmL4IseQAAAAA=
------END PKCS7-----
diff --git a/crypto/pkcs7/p7.tst b/crypto/pkcs7/p7.tst
deleted file mode 100644
index 6d14dce163..0000000000
--- a/crypto/pkcs7/p7.tst
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN PKCS7-----
-MIAGCSqGSIb3DQEHAqCAMIIFsQIBATELMAkGBSsOAwIaBQAwgAYJKoZIhvcNAQcB
-AACgggQdMIICJTCCAc+gAwIBAgIBIjANBgkqhkiG9w0BAQQFADCBgjELMAkGA1UE
-BhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxETAPBgNVBAcTCEJyaXNiYW5lMRow
-GAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEUMBIGA1UECxMLZGV2ZWxvcG1lbnQx
-GTAXBgNVBAMTEENyeXB0U29mdCBEZXYgQ0EwHhcNOTcwNjEzMTgxMDE3WhcNOTgw
-NjEzMTgxMDE3WjCBiDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
-ETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEU
-MBIGA1UECxMLSUlTIHRlc3RpbmcxDjAMBgNVBAMTBXRlc3QxMQ8wDQYJKoZIhvcN
-AQkBFgAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAxtWiv59VH42+rotrmFAyDxTc
-J2osFt5uy/zEllx3vvjtwewqQxGUOwf6cjqFOTrnpEdVvwywpEhIQ5364bJqIwID
-AQABoygwJjAkBglghkgBhvhCAQ0EFxYVR2VuZXJhdGVkIHdpdGggU1NMZWF5MA0G
-CSqGSIb3DQEBBAUAA0EAMnYkNV2AdpeHPy/qlcdZx6MDGIJgrLhklhcn6Or6KiAP
-t9+nv9XdOGHyMyQr9ufsweuQfAgJ9yjKPZR2/adTjTCCAfAwggGaAgEAMA0GCSqG
-SIb3DQEBBAUAMIGCMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDER
-MA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRQw
-EgYDVQQLEwtkZXZlbG9wbWVudDEZMBcGA1UEAxMQQ3J5cHRTb2Z0IERldiBDQTAe
-Fw05NzAzMjIxMzM0MDRaFw05ODAzMjIxMzM0MDRaMIGCMQswCQYDVQQGEwJBVTET
-MBEGA1UECBMKUXVlZW5zbGFuZDERMA8GA1UEBxMIQnJpc2JhbmUxGjAYBgNVBAoT
-EUNyeXB0U29mdCBQdHkgTHRkMRQwEgYDVQQLEwtkZXZlbG9wbWVudDEZMBcGA1UE
-AxMQQ3J5cHRTb2Z0IERldiBDQTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDgDgKq
-IBuUMAJi4c8juAqEZ8f8FcuDWT+HcScvNztRJy9K8DnbGpiSrzzix4El6N4A7vbl
-crwn/0CZmQJguZpfAgMBAAEwDQYJKoZIhvcNAQEEBQADQQA0UUvxlXXe6wKkVukn
-ZoCyXbjlNsqt2rwbvfZEam6fQP3S7uq+o1Pnj+KDgE33WxWbQAA9h8fY1LWN7X3a
-yTm/MYIBbTCCAWkCAQEwgYgwgYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVl
-bnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0
-eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQg
-RGV2IENBAgEiMAkGBSsOAwIaBQCgfTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
-MCMGCSqGSIb3DQEJBDEWBBSUVhbGkNE+KGqpOK13+FkfOkaoizAcBgkqhkiG9w0B
-CQUxDxcNOTcwNzAxMDE0MzM0WjAeBgkqhkiG9w0BCQ8xETAPMA0GCCqGSIb3DQMC
-AgEoMA0GCSqGSIb3DQEBAQUABECa9Jpo4w/fZOc3Vy78wZFAVF8kvpn7il99Ldsr
-AQ4JiBmcfiSwEBBY6WuKT+/SYtFwZl1oXkTwB5AVCFIC/IFNAAAAAA==
------END PKCS7-----
diff --git a/crypto/pkcs7/pk7_asn1.c b/crypto/pkcs7/pk7_asn1.c
new file mode 100644
index 0000000000..77931feeb4
--- /dev/null
+++ b/crypto/pkcs7/pk7_asn1.c
@@ -0,0 +1,214 @@
+/* pk7_asn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pkcs7.h>
+#include <openssl/x509.h>
+
+/* PKCS#7 ASN1 module */
+
+/* This is the ANY DEFINED BY table for the top level PKCS#7 structure */
+
+ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0);
+
+ASN1_ADB(PKCS7) = {
+	ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)),
+	ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)),
+	ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)),
+	ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)),
+	ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)),
+	ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))
+} ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL);
+
+ASN1_NDEF_SEQUENCE(PKCS7) = {
+	ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT),
+	ASN1_ADB_OBJECT(PKCS7)
+}ASN1_NDEF_SEQUENCE_END(PKCS7)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7)
+IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7)
+IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7)
+
+ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = {
+	ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER),
+	ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR),
+	ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7),
+	ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0),
+	ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1),
+	ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGNED)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED)
+
+/* Minor tweak to operation: free up EVP_PKEY */
+static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	if(operation == ASN1_OP_FREE_POST) {
+		PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval;
+		EVP_PKEY_free(si->pkey);
+	}
+	return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = {
+	ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER),
+	ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
+	ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR),
+	/* NB this should be a SET OF but we use a SEQUENCE OF so the
+	 * original order * is retained when the structure is reencoded.
+	 * Since the attributes are implicitly tagged this will not affect
+	 * the encoding.
+	 */
+	ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0),
+	ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR),
+	ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING),
+	ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1)
+} ASN1_SEQUENCE_END_cb(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
+
+ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = {
+	ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME),
+	ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PKCS7_ISSUER_AND_SERIAL)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
+
+ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = {
+	ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER),
+	ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
+	ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_ENVELOPE)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
+
+/* Minor tweak to operation: free up X509 */
+static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	if(operation == ASN1_OP_FREE_POST) {
+		PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;
+		X509_free(ri->cert);
+	}
+	return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = {
+	ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER),
+	ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
+	ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR),
+	ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
+
+ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = {
+	ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT),
+	ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR),
+	ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
+
+ASN1_NDEF_SEQUENCE(PKCS7_SIGN_ENVELOPE) = {
+	ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER),
+	ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
+	ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR),
+	ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT),
+	ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0),
+	ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1),
+	ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGN_ENVELOPE)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
+
+ASN1_NDEF_SEQUENCE(PKCS7_ENCRYPT) = {
+	ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER),
+	ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_ENCRYPT)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
+
+ASN1_NDEF_SEQUENCE(PKCS7_DIGEST) = {
+	ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER),
+	ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR),
+	ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7),
+	ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_DIGEST)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST)
+
+/* Specials for authenticated attributes */
+
+/* When signing attributes we want to reorder them to match the sorted
+ * encoding.
+ */
+
+ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN)
+
+/* When verifying attributes we need to use the received order. So 
+ * we use SEQUENCE OF and tag it to SET OF
+ */
+
+ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
+				V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY)
diff --git a/crypto/pkcs7/pk7_attr.c b/crypto/pkcs7/pk7_attr.c
new file mode 100644
index 0000000000..5ff5a88b5c
--- /dev/null
+++ b/crypto/pkcs7/pk7_attr.c
@@ -0,0 +1,139 @@
+/* pk7_attr.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
+{
+	ASN1_STRING *seq;
+	unsigned char *p, *pp;
+	int len;
+	len=i2d_ASN1_SET_OF_X509_ALGOR(cap,NULL,i2d_X509_ALGOR,
+				       V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL,
+				       IS_SEQUENCE);
+	if(!(pp=(unsigned char *)OPENSSL_malloc(len))) {
+		PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	p=pp;
+	i2d_ASN1_SET_OF_X509_ALGOR(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
+				   V_ASN1_UNIVERSAL, IS_SEQUENCE);
+	if(!(seq = ASN1_STRING_new())) {
+		PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	if(!ASN1_STRING_set (seq, pp, len)) {
+		PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	OPENSSL_free (pp);
+        return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
+							V_ASN1_SEQUENCE, seq);
+}
+
+STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
+{
+	ASN1_TYPE *cap;
+	unsigned char *p;
+	cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
+	if (!cap) return NULL;
+	p = cap->value.sequence->data;
+	return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p,
+					  cap->value.sequence->length,
+					  d2i_X509_ALGOR, X509_ALGOR_free,
+					  V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+}
+
+/* Basic smime-capabilities OID and optional integer arg */
+int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
+{
+	X509_ALGOR *alg;
+
+	if(!(alg = X509_ALGOR_new())) {
+		PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	ASN1_OBJECT_free(alg->algorithm);
+	alg->algorithm = OBJ_nid2obj (nid);
+	if (arg > 0) {
+		ASN1_INTEGER *nbit;
+		if(!(alg->parameter = ASN1_TYPE_new())) {
+			PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+			return 0;
+		}
+		if(!(nbit = ASN1_INTEGER_new())) {
+			PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+			return 0;
+		}
+		if(!ASN1_INTEGER_set (nbit, arg)) {
+			PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+			return 0;
+		}
+		alg->parameter->value.integer = nbit;
+		alg->parameter->type = V_ASN1_INTEGER;
+	}
+	sk_X509_ALGOR_push (sk, alg);
+	return 1;
+}
diff --git a/crypto/pkcs7/pk7_dgst.c b/crypto/pkcs7/pk7_dgst.c
index 7769abeb1e..90edfa5001 100644
--- a/crypto/pkcs7/pk7_dgst.c
+++ b/crypto/pkcs7/pk7_dgst.c
@@ -58,9 +58,9 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "rand.h"
-#include "objects.h"
-#include "x509.h"
-#include "pkcs7.h"
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
 
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index d761c3ee02..123671b43e 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -58,24 +58,56 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "rand.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
 
-static int add_attribute(STACK **sk, int nid, int atrtype, char *value);
-static ASN1_TYPE *get_attribute(STACK *sk, int nid);
+static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
+			 void *value);
+static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
 
-#if 1
-BIO *PKCS7_dataInit(p7,bio)
-PKCS7 *p7;
-BIO *bio;
+static int PKCS7_type_is_other(PKCS7* p7)
+	{
+	int isOther=1;
+	
+	int nid=OBJ_obj2nid(p7->type);
+
+	switch( nid )
+		{
+	case NID_pkcs7_data:
+	case NID_pkcs7_signed:
+	case NID_pkcs7_enveloped:
+	case NID_pkcs7_signedAndEnveloped:
+	case NID_pkcs7_digest:
+	case NID_pkcs7_encrypted:
+		isOther=0;
+		break;
+	default:
+		isOther=1;
+		}
+
+	return isOther;
+
+	}
+
+static int PKCS7_type_is_octet_string(PKCS7* p7)
+	{
+	if ( 0==PKCS7_type_is_other(p7) )
+		return 0;
+
+	return (V_ASN1_OCTET_STRING==p7->d.other->type) ? 1 : 0;
+	}
+
+BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
 	{
 	int i,j;
 	BIO *out=NULL,*btmp=NULL;
 	X509_ALGOR *xa;
-	EVP_MD *evp_md;
-	EVP_CIPHER *evp_cipher=NULL;
-	STACK *md_sk=NULL,*rsk=NULL;
+	const EVP_MD *evp_md;
+	const EVP_CIPHER *evp_cipher=NULL;
+	STACK_OF(X509_ALGOR) *md_sk=NULL;
+	STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
 	X509_ALGOR *xalg=NULL;
 	PKCS7_RECIP_INFO *ri=NULL;
 	EVP_PKEY *pkey;
@@ -91,23 +123,25 @@ BIO *bio;
 	case NID_pkcs7_signedAndEnveloped:
 		rsk=p7->d.signed_and_enveloped->recipientinfo;
 		md_sk=p7->d.signed_and_enveloped->md_algs;
-		evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(p7->d.signed_and_enveloped->enc_data->algorithm->algorithm)));
+		xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
+		evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher;
 		if (evp_cipher == NULL)
 			{
-			PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+			PKCS7err(PKCS7_F_PKCS7_DATAINIT,
+						PKCS7_R_CIPHER_NOT_INITIALIZED);
 			goto err;
 			}
-		xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
 		break;
 	case NID_pkcs7_enveloped:
 		rsk=p7->d.enveloped->recipientinfo;
-		evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(p7->d.enveloped->enc_data->algorithm->algorithm)));
+		xalg=p7->d.enveloped->enc_data->algorithm;
+		evp_cipher=p7->d.enveloped->enc_data->cipher;
 		if (evp_cipher == NULL)
 			{
-			PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+			PKCS7err(PKCS7_F_PKCS7_DATAINIT,
+						PKCS7_R_CIPHER_NOT_INITIALIZED);
 			goto err;
 			}
-		xalg=p7->d.enveloped->enc_data->algorithm;
 		break;
 	default:
 		PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
@@ -116,9 +150,9 @@ BIO *bio;
 
 	if (md_sk != NULL)
 		{
-		for (i=0; i<sk_num(md_sk); i++)
+		for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
 			{
-			xa=(X509_ALGOR *)sk_value(md_sk,i);
+			xa=sk_X509_ALGOR_value(md_sk,i);
 			if ((btmp=BIO_new(BIO_f_md())) == NULL)
 				{
 				PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
@@ -149,35 +183,34 @@ BIO *bio;
 		int keylen,ivlen;
 		int jj,max;
 		unsigned char *tmp;
+		EVP_CIPHER_CTX *ctx;
 
 		if ((btmp=BIO_new(BIO_f_cipher())) == NULL)
 			{
 			PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
 			goto err;
 			}
+		BIO_get_cipher_ctx(btmp, &ctx);
 		keylen=EVP_CIPHER_key_length(evp_cipher);
 		ivlen=EVP_CIPHER_iv_length(evp_cipher);
-
-		if (ivlen > 0)
-			{
-			ASN1_OCTET_STRING *os;
-
-			RAND_bytes(iv,ivlen);
-			os=ASN1_OCTET_STRING_new();
-			ASN1_OCTET_STRING_set(os,iv,ivlen);
-/* XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX this needs to change */
-			if (xalg->parameter == NULL)
-				xalg->parameter=ASN1_TYPE_new();
-			ASN1_TYPE_set(xalg->parameter,V_ASN1_OCTET_STRING,
-				(char *)os);
-			}
-		RAND_bytes(key,keylen);
+		if (RAND_bytes(key,keylen) <= 0)
+			goto err;
+		xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
+		if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen);
+		EVP_CipherInit_ex(ctx, evp_cipher, NULL, key, iv, 1);
+
+		if (ivlen > 0) {
+			if (xalg->parameter == NULL) 
+						xalg->parameter=ASN1_TYPE_new();
+			if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
+								       goto err;
+		}
 
 		/* Lets do the pub key stuff :-) */
 		max=0;
-		for (i=0; i<sk_num(rsk); i++)
+		for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
 			{
-			ri=(PKCS7_RECIP_INFO *)sk_value(rsk,i);
+			ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
 			if (ri->cert == NULL)
 				{
 				PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO);
@@ -185,29 +218,30 @@ BIO *bio;
 				}
 			pkey=X509_get_pubkey(ri->cert);
 			jj=EVP_PKEY_size(pkey);
+			EVP_PKEY_free(pkey);
 			if (max < jj) max=jj;
 			}
-		if ((tmp=(unsigned char *)Malloc(max)) == NULL)
+		if ((tmp=(unsigned char *)OPENSSL_malloc(max)) == NULL)
 			{
 			PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE);
 			goto err;
 			}
-		for (i=0; i<sk_num(rsk); i++)
+		for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
 			{
-			ri=(PKCS7_RECIP_INFO *)sk_value(rsk,i);
+			ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
 			pkey=X509_get_pubkey(ri->cert);
 			jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
+			EVP_PKEY_free(pkey);
 			if (jj <= 0)
 				{
 				PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB);
-				Free(tmp);
+				OPENSSL_free(tmp);
 				goto err;
 				}
-			ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
+			M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
 			}
-		Free(tmp);
-
-		BIO_set_cipher(btmp,evp_cipher,key,iv,1);
+		OPENSSL_free(tmp);
+		OPENSSL_cleanse(key, keylen);
 
 		if (out == NULL)
 			out=btmp;
@@ -216,30 +250,30 @@ BIO *bio;
 		btmp=NULL;
 		}
 
-	if (bio == NULL) /* ??????????? */
-		{
-		if (p7->detached)
+	if (bio == NULL) {
+		if (PKCS7_is_detached(p7))
 			bio=BIO_new(BIO_s_null());
-		else
-			{
-			bio=BIO_new(BIO_s_mem());
-			/* We need to set this so that when we have read all
-			 * the data, the encrypt BIO, if present, will read
-			 * EOF and encode the last few bytes */
-			BIO_set_mem_eof_return(bio,0);
-
-			if (PKCS7_type_is_signed(p7) &&
-				PKCS7_type_is_data(p7->d.sign->contents))
-				{
-				ASN1_OCTET_STRING *os;
-
-				os=p7->d.sign->contents->d.data;
-				if (os->length > 0)
-					BIO_write(bio,(char *)os->data,
-						os->length);
+		else {
+			if (PKCS7_type_is_signed(p7) ) { 
+				if ( PKCS7_type_is_data(p7->d.sign->contents)) {
+					ASN1_OCTET_STRING *os;
+					os=p7->d.sign->contents->d.data;
+					if (os->length > 0)
+						bio = BIO_new_mem_buf(os->data, os->length);
 				}
+				else if ( PKCS7_type_is_octet_string(p7->d.sign->contents) ) {
+					ASN1_OCTET_STRING *os;
+					os=p7->d.sign->contents->d.other->value.octet_string;
+					if (os->length > 0)
+						bio = BIO_new_mem_buf(os->data, os->length);
+				}
+			}
+			if(bio == NULL) {
+				bio=BIO_new(BIO_s_mem());
+				BIO_set_mem_eof_return(bio,0);
 			}
 		}
+	}
 	BIO_push(out,bio);
 	bio=NULL;
 	if (0)
@@ -255,28 +289,21 @@ err:
 	}
 
 /* int */
-BIO *PKCS7_dataDecode(p7,pkey,in_bio,xs)
-PKCS7 *p7;
-EVP_PKEY *pkey;
-BIO *in_bio;
-X509_STORE *xs;
+BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 	{
 	int i,j;
 	BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL;
-	char *tmp=NULL;
+	unsigned char *tmp=NULL;
 	X509_ALGOR *xa;
 	ASN1_OCTET_STRING *data_body=NULL;
-	EVP_MD *evp_md;
-	EVP_CIPHER *evp_cipher=NULL;
+	const EVP_MD *evp_md;
+	const EVP_CIPHER *evp_cipher=NULL;
 	EVP_CIPHER_CTX *evp_ctx=NULL;
 	X509_ALGOR *enc_alg=NULL;
-	STACK *md_sk=NULL,*rsk=NULL;
+	STACK_OF(X509_ALGOR) *md_sk=NULL;
+	STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
 	X509_ALGOR *xalg=NULL;
 	PKCS7_RECIP_INFO *ri=NULL;
-/*	EVP_PKEY *pkey; */
-#if 0
-	X509_STORE_CTX s_ctx;
-#endif
 
 	i=OBJ_obj2nid(p7->type);
 	p7->state=PKCS7_S_HEADER;
@@ -295,7 +322,7 @@ X509_STORE *xs;
 		evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)));
 		if (evp_cipher == NULL)
 			{
-			PKCS7err(PKCS7_F_PKCS7_SIGNENVELOPEDECRYPT,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
 			goto err;
 			}
 		xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
@@ -307,25 +334,25 @@ X509_STORE *xs;
 		evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)));
 		if (evp_cipher == NULL)
 			{
-			PKCS7err(PKCS7_F_PKCS7_SIGNENVELOPEDECRYPT,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
 			goto err;
 			}
 		xalg=p7->d.enveloped->enc_data->algorithm;
 		break;
 	default:
-		PKCS7err(PKCS7_F_PKCS7_SIGNENVELOPEDECRYPT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+		PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
 	        goto err;
 		}
 
 	/* We will be checking the signature */
 	if (md_sk != NULL)
 		{
-		for (i=0; i<sk_num(md_sk); i++)
+		for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
 			{
-			xa=(X509_ALGOR *)sk_value(md_sk,i);
+			xa=sk_X509_ALGOR_value(md_sk,i);
 			if ((btmp=BIO_new(BIO_f_md())) == NULL)
 				{
-				PKCS7err(PKCS7_F_PKCS7_SIGNENVELOPEDECRYPT,ERR_R_BIO_LIB);
+				PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
 				goto err;
 				}
 
@@ -333,7 +360,7 @@ X509_STORE *xs;
 			evp_md=EVP_get_digestbyname(OBJ_nid2sn(j));
 			if (evp_md == NULL)
 				{
-				PKCS7err(PKCS7_F_PKCS7_SIGNENVELOPEDECRYPT,PKCS7_R_UNKNOWN_DIGEST_TYPE);
+				PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE);
 				goto err;
 				}
 
@@ -360,72 +387,68 @@ X509_STORE *xs;
 
 		if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
 			{
-			PKCS7err(PKCS7_F_PKCS7_SIGNENVELOPEDECRYPT,ERR_R_BIO_LIB);
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
 			goto err;
 			}
 
 		/* It was encrypted, we need to decrypt the secret key
 		 * with the private key */
 
-		/* We need to find a private key for one of the people in the
-		 * recipentinfo list */
-		if (rsk == NULL)
-			return(NULL);
+		/* Find the recipientInfo which matches the passed certificate
+		 * (if any)
+		 */
 
-		ri=(PKCS7_RECIP_INFO *)sk_value(rsk,0);
-#if 0
-		X509_STORE_CTX_init(&s_ctx,xs,NULL,NULL);
-		for (i=0; i<sk_num(rsk); i++)
-			{
-			ri=(PKCS7_RECIP_INFO *)sk_value(rsk,i);
-			uf (X509_STORE_get_by_issuer_serial(&s_ctx,
-				X509_LU_PKEY,
-				ri->issuer_and_serial->issuer,
-				ri->issuer_and_serial->serial,
-				&ret))
-				break;
+		for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+			ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
+			if(!X509_NAME_cmp(ri->issuer_and_serial->issuer,
+					pcert->cert_info->issuer) &&
+			     !M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
+					ri->issuer_and_serial->serial)) break;
 			ri=NULL;
-			}
-		if (ri == NULL) return(NULL);	
-		pkey=ret.data.pkey;
-#endif
-		if (pkey == NULL)
-			{
-			return(NULL);
-			}
+		}
+		if (ri == NULL) {
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+				 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
+			goto err;
+		}
 
 		jj=EVP_PKEY_size(pkey);
-		tmp=Malloc(jj+10);
+		tmp=(unsigned char *)OPENSSL_malloc(jj+10);
 		if (tmp == NULL)
 			{
-			PKCS7err(PKCS7_F_PKCS7_SIGNENVELOPEDECRYPT,ERR_R_MALLOC_FAILURE);
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE);
 			goto err;
 			}
 
-		jj=EVP_PKEY_decrypt((unsigned char *)tmp,
-			ASN1_STRING_data(ri->enc_key),
-			ASN1_STRING_length(ri->enc_key),
-			pkey);
+		jj=EVP_PKEY_decrypt(tmp, M_ASN1_STRING_data(ri->enc_key),
+			M_ASN1_STRING_length(ri->enc_key), pkey);
 		if (jj <= 0)
 			{
-			PKCS7err(PKCS7_F_PKCS7_SIGNENVELOPEDECRYPT,ERR_R_EVP_LIB);
+			PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB);
 			goto err;
 			}
 
 		evp_ctx=NULL;
 		BIO_get_cipher_ctx(etmp,&evp_ctx);
-		EVP_CipherInit(evp_ctx,evp_cipher,NULL,NULL,0);
+		EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0);
 		if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
-			return(NULL);
-
-		if (jj != EVP_CIPHER_CTX_key_length(evp_ctx))
-			{
-			PKCS7err(PKCS7_F_PKCS7_SIGNENVELOPEDECRYPT,PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
 			goto err;
-			}
-		EVP_CipherInit(evp_ctx,NULL,(unsigned char *)tmp,NULL,0);
 
-		memset(tmp,0,jj);
+		if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) {
+			/* Some S/MIME clients don't use the same key
+			 * and effective key length. The key length is
+			 * determined by the size of the decrypted RSA key.
+			 */
+			if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj))
+				{
+				PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+					PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
+				goto err;
+				}
+		} 
+		EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);
+
+		OPENSSL_cleanse(tmp,jj);
 
 		if (out == NULL)
 			out=etmp;
@@ -435,12 +458,13 @@ X509_STORE *xs;
 		}
 
 #if 1
-	if (p7->detached || (in_bio != NULL))
+	if (PKCS7_is_detached(p7) || (in_bio != NULL))
 		{
 		bio=in_bio;
 		}
 	else 
 		{
+#if 0
 		bio=BIO_new(BIO_s_mem());
 		/* We need to set this so that when we have read all
 		 * the data, the encrypt BIO, if present, will read
@@ -449,6 +473,14 @@ X509_STORE *xs;
 
 		if (data_body->length > 0)
 			BIO_write(bio,(char *)data_body->data,data_body->length);
+#else
+		if (data_body->length > 0)
+		      bio = BIO_new_mem_buf(data_body->data,data_body->length);
+		else {
+			bio=BIO_new(BIO_s_mem());
+			BIO_set_mem_eof_return(bio,0);
+		}
+#endif
 		}
 	BIO_push(out,bio);
 	bio=NULL;
@@ -463,14 +495,11 @@ err:
 		out=NULL;
 		}
 	if (tmp != NULL)
-		Free(tmp);
+		OPENSSL_free(tmp);
 	return(out);
 	}
-#endif
 
-int PKCS7_dataFinal(p7,bio)
-PKCS7 *p7;
-BIO *bio;
+int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 	{
 	int ret=0;
 	int i,j;
@@ -479,11 +508,11 @@ BIO *bio;
 	BUF_MEM *buf=NULL;
 	PKCS7_SIGNER_INFO *si;
 	EVP_MD_CTX *mdc,ctx_tmp;
-	STACK *sk,*si_sk=NULL;
-	unsigned char *p,*pp=NULL;
-	int x;
+	STACK_OF(X509_ATTRIBUTE) *sk;
+	STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
 	ASN1_OCTET_STRING *os=NULL;
 
+	EVP_MD_CTX_init(&ctx_tmp);
 	i=OBJ_obj2nid(p7->type);
 	p7->state=PKCS7_S_HEADER;
 
@@ -492,17 +521,22 @@ BIO *bio;
 	case NID_pkcs7_signedAndEnveloped:
 		/* XXXXXXXXXXXXXXXX */
 		si_sk=p7->d.signed_and_enveloped->signer_info;
-		os=ASN1_OCTET_STRING_new();
+		os=M_ASN1_OCTET_STRING_new();
 		p7->d.signed_and_enveloped->enc_data->enc_data=os;
 		break;
 	case NID_pkcs7_enveloped:
 		/* XXXXXXXXXXXXXXXX */
-		os=ASN1_OCTET_STRING_new();
+		os=M_ASN1_OCTET_STRING_new();
 		p7->d.enveloped->enc_data->enc_data=os;
 		break;
 	case NID_pkcs7_signed:
 		si_sk=p7->d.sign->signer_info;
 		os=p7->d.sign->contents->d.data;
+		/* If detached data then the content is excluded */
+		if(p7->detached) {
+			M_ASN1_OCTET_STRING_free(os);
+			p7->d.sign->contents->d.data = NULL;
+		}
 		break;
 		}
 
@@ -513,10 +547,9 @@ BIO *bio;
 			PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
 			goto err;
 			}
-		for (i=0; i<sk_num(si_sk); i++)
+		for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)
 			{
-			si=(PKCS7_SIGNER_INFO *)
-				sk_value(si_sk,i);
+			si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);
 			if (si->pkey == NULL) continue;
 
 			j=OBJ_obj2nid(si->digest_alg->algorithm);
@@ -533,19 +566,19 @@ BIO *bio;
 				BIO_get_md_ctx(btmp,&mdc);
 				if (mdc == NULL)
 					{
-					PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_INTERNAL_ERROR);
+					PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_INTERNAL_ERROR);
 					goto err;
 					}
-				if (EVP_MD_type(EVP_MD_CTX_type(mdc)) == j)
+				if (EVP_MD_CTX_type(mdc) == j)
 					break;
 				else
-					btmp=btmp->next_bio;
+					btmp=BIO_next(btmp);
 				}
 			
 			/* We now have the EVP_MD_CTX, lets do the
 			 * signing. */
-			memcpy(&ctx_tmp,mdc,sizeof(ctx_tmp));
-			if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey)))
+			EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
+			if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))
 				{
 				PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
 				goto err;
@@ -555,43 +588,50 @@ BIO *bio;
 
 			/* If there are attributes, we add the digest
 			 * attribute and only sign the attributes */
-			if ((sk != NULL) && (sk_num(sk) != 0))
+			if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
 				{
-				unsigned char md_data[EVP_MAX_MD_SIZE];
-				unsigned int md_len;
+				unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NULL;
+				unsigned int md_len, alen;
 				ASN1_OCTET_STRING *digest;
 				ASN1_UTCTIME *sign_time;
-				EVP_MD *md_tmp;
+				const EVP_MD *md_tmp;
 
-				/* Add signing time */
-				sign_time=X509_gmtime_adj(NULL,0);
-				PKCS7_add_signed_attribute(si,
-					NID_pkcs9_signingTime,
-					V_ASN1_UTCTIME,(char *)sign_time);
+				/* Add signing time if not already present */
+				if (!PKCS7_get_signed_attribute(si,
+							NID_pkcs9_signingTime))
+					{
+					sign_time=X509_gmtime_adj(NULL,0);
+					PKCS7_add_signed_attribute(si,
+						NID_pkcs9_signingTime,
+						V_ASN1_UTCTIME,sign_time);
+					}
 
 				/* Add digest */
-				md_tmp=EVP_MD_CTX_type(&ctx_tmp);
-				EVP_DigestFinal(&ctx_tmp,md_data,&md_len);
-				digest=ASN1_OCTET_STRING_new();
-				ASN1_OCTET_STRING_set(digest,md_data,md_len);
-				PKCS7_add_signed_attribute(si,NID_pkcs9_messageDigest,
-					V_ASN1_OCTET_STRING,(char *)digest);
-
-				/* Now sign the mess */
-				EVP_SignInit(&ctx_tmp,md_tmp);
-				x=i2d_ASN1_SET(sk,NULL,i2d_X509_ATTRIBUTE,
-					V_ASN1_SET,V_ASN1_UNIVERSAL);
-				pp=(unsigned char *)Malloc(x);
-				p=pp;
-				i2d_ASN1_SET(sk,&p,i2d_X509_ATTRIBUTE,
-					V_ASN1_SET,V_ASN1_UNIVERSAL);
-				EVP_SignUpdate(&ctx_tmp,pp,x);
-				Free(pp);
-				pp=NULL;
+				md_tmp=EVP_MD_CTX_md(&ctx_tmp);
+				EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);
+				digest=M_ASN1_OCTET_STRING_new();
+				M_ASN1_OCTET_STRING_set(digest,md_data,md_len);
+				PKCS7_add_signed_attribute(si,
+					NID_pkcs9_messageDigest,
+					V_ASN1_OCTET_STRING,digest);
+
+				/* Now sign the attributes */
+				EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL);
+				alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf,
+							ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
+				if(!abuf) goto err;
+				EVP_SignUpdate(&ctx_tmp,abuf,alen);
+				OPENSSL_free(abuf);
 				}
 
+#ifndef OPENSSL_NO_DSA
 			if (si->pkey->type == EVP_PKEY_DSA)
 				ctx_tmp.digest=EVP_dss1();
+#endif
+#ifndef OPENSSL_NO_ECDSA
+ 			if (si->pkey->type == EVP_PKEY_EC)
+ 				ctx_tmp.digest=EVP_ecdsa();
+#endif
 
 			if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
 				(unsigned int *)&buf->length,si->pkey))
@@ -608,9 +648,7 @@ BIO *bio;
 			}
 		}
 
-	if (p7->detached)
-		ASN1_OCTET_STRING_set(os,(unsigned char *)"",0);
-	else
+	if (!PKCS7_is_detached(p7))
 		{
 		btmp=BIO_find_type(bio,BIO_TYPE_MEM);
 		if (btmp == NULL)
@@ -619,34 +657,31 @@ BIO *bio;
 			goto err;
 			}
 		BIO_get_mem_ptr(btmp,&buf_mem);
-		ASN1_OCTET_STRING_set(os,
+		/* Mark the BIO read only then we can use its copy of the data
+		 * instead of making an extra copy.
+		 */
+		BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
+		BIO_set_mem_eof_return(btmp, 0);
+		os->data = (unsigned char *)buf_mem->data;
+		os->length = buf_mem->length;
+#if 0
+		M_ASN1_OCTET_STRING_set(os,
 			(unsigned char *)buf_mem->data,buf_mem->length);
+#endif
 		}
-	if (pp != NULL) Free(pp);
-	pp=NULL;
-
 	ret=1;
 err:
+	EVP_MD_CTX_cleanup(&ctx_tmp);
 	if (buf != NULL) BUF_MEM_free(buf);
 	return(ret);
 	}
 
-int PKCS7_dataVerify(cert_store,ctx,bio,p7,si)
-X509_STORE *cert_store;
-X509_STORE_CTX *ctx;
-BIO *bio;
-PKCS7 *p7;
-PKCS7_SIGNER_INFO *si;
+int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
+	     PKCS7 *p7, PKCS7_SIGNER_INFO *si)
 	{
-/*	PKCS7_SIGNED *s; */
-	ASN1_OCTET_STRING *os;
-	EVP_MD_CTX mdc_tmp,*mdc;
-	unsigned char *pp,*p;
 	PKCS7_ISSUER_AND_SERIAL *ias;
 	int ret=0,i;
-	int md_type;
-	STACK *sk,*cert;
-	BIO *btmp;
+	STACK_OF(X509) *cert;
 	X509 *x509;
 
 	if (PKCS7_type_is_signed(p7))
@@ -675,16 +710,46 @@ PKCS7_SIGNER_INFO *si;
 		}
 
 	/* Lets verify */
-	X509_STORE_CTX_init(ctx,cert_store,x509,cert);
+	if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert))
+		{
+		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
+		goto err;
+		}
+	X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
 	i=X509_verify_cert(ctx);
 	if (i <= 0) 
 		{
 		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
+		X509_STORE_CTX_cleanup(ctx);
 		goto err;
 		}
 	X509_STORE_CTX_cleanup(ctx);
 
-	/* So we like 'x509', lets check the signature. */
+	return PKCS7_signatureVerify(bio, p7, si, x509);
+	err:
+	return ret;
+	}
+
+int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
+								X509 *x509)
+	{
+	ASN1_OCTET_STRING *os;
+	EVP_MD_CTX mdc_tmp,*mdc;
+	int ret=0,i;
+	int md_type;
+	STACK_OF(X509_ATTRIBUTE) *sk;
+	BIO *btmp;
+	EVP_PKEY *pkey;
+
+	EVP_MD_CTX_init(&mdc_tmp);
+
+	if (!PKCS7_type_is_signed(p7) && 
+				!PKCS7_type_is_signedAndEnveloped(p7)) {
+		PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+						PKCS7_R_WRONG_PKCS7_TYPE);
+		goto err;
+	}
+
 	md_type=OBJ_obj2nid(si->digest_alg->algorithm);
 
 	btmp=bio;
@@ -693,39 +758,42 @@ PKCS7_SIGNER_INFO *si;
 		if ((btmp == NULL) ||
 			((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL))
 			{
-			PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+					PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
 			goto err;
 			}
 		BIO_get_md_ctx(btmp,&mdc);
 		if (mdc == NULL)
 			{
-			PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_INTERNAL_ERROR);
+			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+							ERR_R_INTERNAL_ERROR);
 			goto err;
 			}
-		if (EVP_MD_type(EVP_MD_CTX_type(mdc)) == md_type)
+		if (EVP_MD_CTX_type(mdc) == md_type)
 			break;
-		btmp=btmp->next_bio;	
+		btmp=BIO_next(btmp);
 		}
 
 	/* mdc is the digest ctx that we want, unless there are attributes,
 	 * in which case the digest is the signed attributes */
-	memcpy(&mdc_tmp,mdc,sizeof(mdc_tmp));
+	EVP_MD_CTX_copy_ex(&mdc_tmp,mdc);
 
 	sk=si->auth_attr;
-	if ((sk != NULL) && (sk_num(sk) != 0))
+	if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
 		{
-		unsigned char md_dat[EVP_MAX_MD_SIZE];
-		int md_len;
+		unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
+                unsigned int md_len, alen;
 		ASN1_OCTET_STRING *message_digest;
 
-		EVP_DigestFinal(&mdc_tmp,md_dat,&md_len);
+		EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len);
 		message_digest=PKCS7_digest_from_attributes(sk);
 		if (!message_digest)
 			{
-			PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+					PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
 			goto err;
 			}
-		if ((message_digest->length != md_len) ||
+		if ((message_digest->length != (int)md_len) ||
 			(memcmp(message_digest->data,md_dat,md_len)))
 			{
 #if 0
@@ -736,88 +804,91 @@ for (ii=0; ii<message_digest->length; ii++)
 for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
 }
 #endif
-			PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_DIGEST_FAILURE);
+			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+							PKCS7_R_DIGEST_FAILURE);
 			ret= -1;
 			goto err;
 			}
 
-		EVP_VerifyInit(&mdc_tmp,EVP_get_digestbynid(md_type));
-		i=i2d_ASN1_SET(sk,NULL,i2d_X509_ATTRIBUTE,
-			V_ASN1_SET,V_ASN1_UNIVERSAL);
-		pp=(unsigned char *)Malloc(i);
-		p=pp;
-		i2d_ASN1_SET(sk,&p,i2d_X509_ATTRIBUTE,
-			V_ASN1_SET,V_ASN1_UNIVERSAL);
-		EVP_VerifyUpdate(&mdc_tmp,pp,i);
-		Free(pp);
+		EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL);
+
+		alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
+						ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
+		EVP_VerifyUpdate(&mdc_tmp, abuf, alen);
+
+		OPENSSL_free(abuf);
 		}
 
 	os=si->enc_digest;
-	if (X509_get_pubkey(x509)->type == EVP_PKEY_DSA)
-		mdc_tmp.digest=EVP_dss1();
+	pkey = X509_get_pubkey(x509);
+	if (!pkey)
+		{
+		ret = -1;
+		goto err;
+		}
+#ifndef OPENSSL_NO_DSA
+	if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
+#endif
+#ifndef OPENSSL_NO_ECDSA
+	if (pkey->type == EVP_PKEY_EC) mdc_tmp.digest=EVP_ecdsa();
+#endif
 
-	i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length,
-		X509_get_pubkey(x509));
+	i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
+	EVP_PKEY_free(pkey);
 	if (i <= 0)
 		{
-		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_SIGNATURE_FAILURE);
+		PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+						PKCS7_R_SIGNATURE_FAILURE);
 		ret= -1;
 		goto err;
 		}
 	else
 		ret=1;
 err:
+	EVP_MD_CTX_cleanup(&mdc_tmp);
 	return(ret);
 	}
 
-PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(p7,idx)
-PKCS7 *p7;
-int idx;
+PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
 	{
-	STACK *rsk;
+	STACK_OF(PKCS7_RECIP_INFO) *rsk;
 	PKCS7_RECIP_INFO *ri;
 	int i;
 
 	i=OBJ_obj2nid(p7->type);
 	if (i != NID_pkcs7_signedAndEnveloped) return(NULL);
 	rsk=p7->d.signed_and_enveloped->recipientinfo;
-	ri=(PKCS7_RECIP_INFO *)sk_value(rsk,0);
-	if (sk_num(rsk) <= idx) return(NULL);
-	ri=(PKCS7_RECIP_INFO *)sk_value(rsk,idx);
+	ri=sk_PKCS7_RECIP_INFO_value(rsk,0);
+	if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL);
+	ri=sk_PKCS7_RECIP_INFO_value(rsk,idx);
 	return(ri->issuer_and_serial);
 	}
 
-ASN1_TYPE *PKCS7_get_signed_attribute(si,nid)
-PKCS7_SIGNER_INFO *si;
-int nid;
+ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
 	{
 	return(get_attribute(si->auth_attr,nid));
 	}
 
-ASN1_TYPE *PKCS7_get_attribute(si,nid)
-PKCS7_SIGNER_INFO *si;
-int nid;
+ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
 	{
 	return(get_attribute(si->unauth_attr,nid));
 	}
 
-static ASN1_TYPE *get_attribute(sk,nid)
-STACK *sk;
-int nid;
+static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
 	{
 	int i;
 	X509_ATTRIBUTE *xa;
 	ASN1_OBJECT *o;
 
 	o=OBJ_nid2obj(nid);
-	if (o == NULL) return(NULL);
-	for (i=0; i<sk_num(sk); i++)
+	if (!o || !sk) return(NULL);
+	for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
 		{
-		xa=(X509_ATTRIBUTE *)sk_value(sk,i);
+		xa=sk_X509_ATTRIBUTE_value(sk,i);
 		if (OBJ_cmp(xa->object,o) == 0)
 			{
-			if (xa->set && sk_num(xa->value.set))
-				return((ASN1_TYPE *)sk_value(xa->value.set,0));
+			if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))
+				return(sk_ASN1_TYPE_value(xa->value.set,0));
 			else
 				return(NULL);
 			}
@@ -825,111 +896,85 @@ int nid;
 	return(NULL);
 	}
 
-ASN1_OCTET_STRING *PKCS7_digest_from_attributes(sk)
-STACK *sk;
-	{
-	X509_ATTRIBUTE *attr;
+ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
+{
 	ASN1_TYPE *astype;
-	int i;
-	if (!sk || !sk_num(sk)) return NULL;
-	/* Search the attributes for a digest */
-	for (i = 0; i < sk_num(sk); i++)
-		{
-		attr = (X509_ATTRIBUTE *) sk_value(sk, i);
-		if (OBJ_obj2nid(attr->object) == NID_pkcs9_messageDigest)
-			{
-			if (!attr->set) return NULL;
-			if (!attr->value.set ||
-				 !sk_num (attr->value.set) ) return NULL;
-			astype = (ASN1_TYPE *) sk_value(attr->value.set, 0);
-			return astype->value.octet_string;
-			}
-		}
-	return NULL;
-	}
+	if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL;
+	return astype->value.octet_string;
+}
 
-int PKCS7_set_signed_attributes(p7si,sk)
-PKCS7_SIGNER_INFO *p7si;
-STACK *sk;
+int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
+				STACK_OF(X509_ATTRIBUTE) *sk)
 	{
 	int i;
 
 	if (p7si->auth_attr != NULL)
-		sk_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free);
-	p7si->auth_attr=sk_dup(sk);
-	for (i=0; i<sk_num(sk); i++)
+		sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free);
+	p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk);
+	for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
 		{
-		if ((sk_value(p7si->auth_attr,i)=(char *)X509_ATTRIBUTE_dup(
-			(X509_ATTRIBUTE *)sk_value(sk,i))) == NULL)
+		if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i,
+			X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
+		    == NULL)
 			return(0);
 		}
 	return(1);
 	}
 
-int PKCS7_set_attributes(p7si,sk)
-PKCS7_SIGNER_INFO *p7si;
-STACK *sk;
+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
 	{
 	int i;
 
 	if (p7si->unauth_attr != NULL)
-		sk_pop_free(p7si->unauth_attr,X509_ATTRIBUTE_free);
-	p7si->unauth_attr=sk_dup(sk);
-	for (i=0; i<sk_num(sk); i++)
+		sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,
+					   X509_ATTRIBUTE_free);
+	p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk);
+	for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
 		{
-		if ((sk_value(p7si->unauth_attr,i)=(char *)X509_ATTRIBUTE_dup(
-			(X509_ATTRIBUTE *)sk_value(sk,i))) == NULL)
+		if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i,
+                        X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
+		    == NULL)
 			return(0);
 		}
 	return(1);
 	}
 
-int PKCS7_add_signed_attribute(p7si,nid,atrtype,value)
-PKCS7_SIGNER_INFO *p7si;
-int nid;
-int atrtype;
-char *value;
+int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+	     void *value)
 	{
 	return(add_attribute(&(p7si->auth_attr),nid,atrtype,value));
 	}
 
-int PKCS7_add_attribute(p7si,nid,atrtype,value)
-PKCS7_SIGNER_INFO *p7si;
-int nid;
-int atrtype;
-char *value;
+int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+	     void *value)
 	{
 	return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value));
 	}
 
-static int add_attribute(sk, nid, atrtype, value)
-STACK **sk;
-int nid;
-int atrtype;
-char *value;
+static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
+			 void *value)
 	{
 	X509_ATTRIBUTE *attr=NULL;
-	ASN1_TYPE *val=NULL;
 
 	if (*sk == NULL)
 		{
-		*sk = sk_new(NULL);
+		*sk = sk_X509_ATTRIBUTE_new_null();
 new_attrib:
 		attr=X509_ATTRIBUTE_create(nid,atrtype,value);
-		sk_push(*sk,(char *)attr);
+		sk_X509_ATTRIBUTE_push(*sk,attr);
 		}
 	else
 		{
 		int i;
 
-		for (i=0; i<sk_num(*sk); i++)
+		for (i=0; i<sk_X509_ATTRIBUTE_num(*sk); i++)
 			{
-			attr=(X509_ATTRIBUTE *)sk_value(*sk,i);
+			attr=sk_X509_ATTRIBUTE_value(*sk,i);
 			if (OBJ_obj2nid(attr->object) == nid)
 				{
 				X509_ATTRIBUTE_free(attr);
 				attr=X509_ATTRIBUTE_create(nid,atrtype,value);
-				sk_value(*sk,i)=(char *)attr;
+				sk_X509_ATTRIBUTE_set(*sk,i,attr);
 				goto end;
 				}
 			}
diff --git a/crypto/pkcs7/pk7_enc.c b/crypto/pkcs7/pk7_enc.c
index a5b6dc463f..acbb189c59 100644
--- a/crypto/pkcs7/pk7_enc.c
+++ b/crypto/pkcs7/pk7_enc.c
@@ -58,11 +58,11 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "rand.h"
-#include "objects.h"
-#include "x509.h"
-#include "pkcs7.h"
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
 
 PKCS7_in_bio(PKCS7 *p7,BIO *in);
 PKCS7_out_bio(PKCS7 *p7,BIO *out);
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index 7534f4c2a5..9b647b2121 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -58,14 +58,10 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "objects.h"
-#include "x509.h"
-
-long PKCS7_ctrl(p7,cmd,larg,parg)
-PKCS7 *p7;
-int cmd;
-long larg;
-char *parg;
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
 	{
 	int nid;
 	long ret;
@@ -78,6 +74,13 @@ char *parg;
 		if (nid == NID_pkcs7_signed)
 			{
 			ret=p7->detached=(int)larg;
+			if (ret && PKCS7_type_is_data(p7->d.sign->contents))
+					{
+					ASN1_OCTET_STRING *os;
+					os=p7->d.sign->contents->d.data;
+					ASN1_OCTET_STRING_free(os);
+					p7->d.sign->contents->d.data = NULL;
+					}
 			}
 		else
 			{
@@ -88,7 +91,11 @@ char *parg;
 	case PKCS7_OP_GET_DETACHED_SIGNATURE:
 		if (nid == NID_pkcs7_signed)
 			{
-			ret=p7->detached;
+			if(!p7->d.sign  || !p7->d.sign->contents->d.ptr)
+				ret = 1;
+			else ret = 0;
+				
+			p7->detached = ret;
 			}
 		else
 			{
@@ -104,9 +111,7 @@ char *parg;
 	return(ret);
 	}
 
-int PKCS7_content_new(p7,type)
-PKCS7 *p7;
-int type;
+int PKCS7_content_new(PKCS7 *p7, int type)
 	{
 	PKCS7 *ret=NULL;
 
@@ -120,9 +125,7 @@ err:
 	return(0);
 	}
 
-int PKCS7_set_content(p7,p7_data)
-PKCS7 *p7;
-PKCS7 *p7_data;
+int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
 	{
 	int i;
 
@@ -131,7 +134,7 @@ PKCS7 *p7_data;
 		{
 	case NID_pkcs7_signed:
 		if (p7->d.sign->contents != NULL)
-			PKCS7_content_free(p7->d.sign->contents);
+			PKCS7_free(p7->d.sign->contents);
 		p7->d.sign->contents=p7_data;
 		break;
 	case NID_pkcs7_digest:
@@ -148,13 +151,11 @@ err:
 	return(0);
 	}
 
-int PKCS7_set_type(p7,type)
-PKCS7 *p7;
-int type;
+int PKCS7_set_type(PKCS7 *p7, int type)
 	{
 	ASN1_OBJECT *obj;
 
-	PKCS7_content_free(p7);
+	/*PKCS7_content_free(p7);*/
 	obj=OBJ_nid2obj(type); /* will not fail */
 
 	switch (type)
@@ -167,7 +168,7 @@ int type;
 		break;
 	case NID_pkcs7_data:
 		p7->type=obj;
-		if ((p7->d.data=ASN1_OCTET_STRING_new()) == NULL)
+		if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL)
 			goto err;
 		break;
 	case NID_pkcs7_signedAndEnveloped:
@@ -175,18 +176,27 @@ int type;
 		if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
 			== NULL) goto err;
 		ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
-/*		p7->d.signed_and_enveloped->enc_data->content_type=
-			OBJ_nid2obj(NID_pkcs7_encrypted);*/
-			
+		p7->d.signed_and_enveloped->enc_data->content_type
+						= OBJ_nid2obj(NID_pkcs7_data);
 		break;
 	case NID_pkcs7_enveloped:
 		p7->type=obj;
 		if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
 			== NULL) goto err;
 		ASN1_INTEGER_set(p7->d.enveloped->version,0);
+		p7->d.enveloped->enc_data->content_type
+						= OBJ_nid2obj(NID_pkcs7_data);
 		break;
-	case NID_pkcs7_digest:
 	case NID_pkcs7_encrypted:
+		p7->type=obj;
+		if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
+			== NULL) goto err;
+		ASN1_INTEGER_set(p7->d.encrypted->version,0);
+		p7->d.encrypted->enc_data->content_type
+						= OBJ_nid2obj(NID_pkcs7_data);
+		break;
+
+	case NID_pkcs7_digest:
 	default:
 		PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
 		goto err;
@@ -196,14 +206,12 @@ err:
 	return(0);
 	}
 
-int PKCS7_add_signer(p7,psi)
-PKCS7 *p7;
-PKCS7_SIGNER_INFO *psi;
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
 	{
 	int i,j,nid;
 	X509_ALGOR *alg;
-	STACK *signer_sk;
-	STACK *md_sk;
+	STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
+	STACK_OF(X509_ALGOR) *md_sk;
 
 	i=OBJ_obj2nid(p7->type);
 	switch (i)
@@ -225,9 +233,9 @@ PKCS7_SIGNER_INFO *psi;
 
 	/* If the digest is not currently listed, add it */
 	j=0;
-	for (i=0; i<sk_num(md_sk); i++)
+	for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
 		{
-		alg=(X509_ALGOR *)sk_value(md_sk,i);
+		alg=sk_X509_ALGOR_value(md_sk,i);
 		if (OBJ_obj2nid(alg->algorithm) == nid)
 			{
 			j=1;
@@ -236,21 +244,24 @@ PKCS7_SIGNER_INFO *psi;
 		}
 	if (!j) /* we need to add another algorithm */
 		{
-		alg=X509_ALGOR_new();
+		if(!(alg=X509_ALGOR_new())
+			|| !(alg->parameter = ASN1_TYPE_new())) {
+			PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE);
+			return(0);
+		}
 		alg->algorithm=OBJ_nid2obj(nid);
-		sk_push(md_sk,(char *)alg);
+		alg->parameter->type = V_ASN1_NULL;
+		sk_X509_ALGOR_push(md_sk,alg);
 		}
 
-	sk_push(signer_sk,(char *)psi);
+	sk_PKCS7_SIGNER_INFO_push(signer_sk,psi);
 	return(1);
 	}
 
-int PKCS7_add_certificate(p7,x509)
-PKCS7 *p7;
-X509 *x509;
+int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
 	{
 	int i;
-	STACK **sk;
+	STACK_OF(X509) **sk;
 
 	i=OBJ_obj2nid(p7->type);
 	switch (i)
@@ -267,18 +278,16 @@ X509 *x509;
 		}
 
 	if (*sk == NULL)
-		*sk=sk_new_null();
+		*sk=sk_X509_new_null();
 	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
-	sk_push(*sk,(char *)x509);
+	sk_X509_push(*sk,x509);
 	return(1);
 	}
 
-int PKCS7_add_crl(p7,crl)
-PKCS7 *p7;
-X509_CRL *crl;
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
 	{
 	int i;
-	STACK **sk;
+	STACK_OF(X509_CRL) **sk;
 
 	i=OBJ_obj2nid(p7->type);
 	switch (i)
@@ -295,19 +304,23 @@ X509_CRL *crl;
 		}
 
 	if (*sk == NULL)
-		*sk=sk_new_null();
+		*sk=sk_X509_CRL_new_null();
 
 	CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
-	sk_push(*sk,(char *)crl);
+	sk_X509_CRL_push(*sk,crl);
 	return(1);
 	}
 
-int PKCS7_SIGNER_INFO_set(p7i,x509,pkey,dgst)
-PKCS7_SIGNER_INFO *p7i;
-X509 *x509;
-EVP_PKEY *pkey;
-EVP_MD *dgst;
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+	     const EVP_MD *dgst)
 	{
+	int nid;
+	char is_dsa;
+
+	if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC)
+		is_dsa = 1;
+	else
+		is_dsa = 0;
 	/* We now need to add another PKCS7_SIGNER_INFO entry */
 	ASN1_INTEGER_set(p7i->version,1);
 	X509_NAME_set(&p7i->issuer_and_serial->issuer,
@@ -315,39 +328,65 @@ EVP_MD *dgst;
 
 	/* because ASN1_INTEGER_set is used to set a 'long' we will do
 	 * things the ugly way. */
-	ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
 	p7i->issuer_and_serial->serial=
-		ASN1_INTEGER_dup(X509_get_serialNumber(x509));
+		M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
 
 	/* lets keep the pkey around for a while */
 	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
 	p7i->pkey=pkey;
 
 	/* Set the algorithms */
-	if (pkey->type == EVP_PKEY_DSA)
-		p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
+	if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
 	else	
 		p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
-	p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_MD_pkey_type(dgst));
 
-#if 1
+	if (p7i->digest_alg->parameter != NULL)
+		ASN1_TYPE_free(p7i->digest_alg->parameter);
+	if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)
+		goto err;
+	p7i->digest_alg->parameter->type=V_ASN1_NULL;
+
 	if (p7i->digest_enc_alg->parameter != NULL)
 		ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
-	if ((p7i->digest_enc_alg->parameter=ASN1_TYPE_new()) == NULL)
-		goto err;
-	p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
+	nid = EVP_PKEY_type(pkey->type);
+	if (nid == EVP_PKEY_RSA)
+		{
+		p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_rsaEncryption);
+		if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
+			goto err;
+		p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
+		}
+	else if (nid == EVP_PKEY_DSA)
+		{
+#if 1
+		/* use 'dsaEncryption' OID for compatibility with other software
+		 * (PKCS #7 v1.5 does specify how to handle DSA) ... */
+		p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsa);
+#else
+		/* ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for CMS)
+		 * would make more sense. */
+		p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsaWithSHA1);
 #endif
+		p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit 'parameter'! */
+		}
+	else if (nid == EVP_PKEY_EC)
+		{
+		p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_ecdsa_with_SHA1);
+		if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
+			goto err;
+		p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
+		}
+	else
+		return(0);
 
 	return(1);
 err:
 	return(0);
 	}
 
-PKCS7_SIGNER_INFO *PKCS7_add_signature(p7,x509,pkey,dgst)
-PKCS7 *p7;
-X509 *x509;
-EVP_PKEY *pkey;
-EVP_MD *dgst;
+PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
+	     const EVP_MD *dgst)
 	{
 	PKCS7_SIGNER_INFO *si;
 
@@ -359,8 +398,7 @@ err:
 	return(NULL);
 	}
 
-STACK *PKCS7_get_signer_info(p7)
-PKCS7 *p7;
+STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
 	{
 	if (PKCS7_type_is_signed(p7))
 		{
@@ -374,9 +412,7 @@ PKCS7 *p7;
 		return(NULL);
 	}
 
-PKCS7_RECIP_INFO *PKCS7_add_recipient(p7,x509)
-PKCS7 *p7;
-X509 *x509;
+PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
 	{
 	PKCS7_RECIP_INFO *ri;
 
@@ -388,12 +424,10 @@ err:
 	return(NULL);
 	}
 
-int PKCS7_add_recipient_info(p7,ri)
-PKCS7 *p7;
-PKCS7_RECIP_INFO *ri;
+int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
 	{
 	int i;
-	STACK *sk;
+	STACK_OF(PKCS7_RECIP_INFO) *sk;
 
 	i=OBJ_obj2nid(p7->type);
 	switch (i)
@@ -409,26 +443,22 @@ PKCS7_RECIP_INFO *ri;
 		return(0);
 		}
 
-	sk_push(sk,(char *)ri);
+	sk_PKCS7_RECIP_INFO_push(sk,ri);
 	return(1);
 	}
 
-int PKCS7_RECIP_INFO_set(p7i,x509)
-PKCS7_RECIP_INFO *p7i;
-X509 *x509;
+int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
 	{
 	ASN1_INTEGER_set(p7i->version,0);
 	X509_NAME_set(&p7i->issuer_and_serial->issuer,
 		X509_get_issuer_name(x509));
 
-	ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
 	p7i->issuer_and_serial->serial=
-		ASN1_INTEGER_dup(X509_get_serialNumber(x509));
+		M_ASN1_INTEGER_dup(X509_get_serialNumber(x509));
 
 	X509_ALGOR_free(p7i->key_enc_algor);
-	p7i->key_enc_algor=(X509_ALGOR *)ASN1_dup(i2d_X509_ALGOR,
-		(char *(*)())d2i_X509_ALGOR,
-		(char *)x509->cert_info->key->algor);
+	p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor);
 
 	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
 	p7i->cert=x509;
@@ -436,9 +466,7 @@ X509 *x509;
 	return(1);
 	}
 
-X509 *PKCS7_cert_from_signer_info(p7,si)
-PKCS7 *p7;
-PKCS7_SIGNER_INFO *si;
+X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
 	{
 	if (PKCS7_type_is_signed(p7))
 		return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
@@ -448,11 +476,10 @@ PKCS7_SIGNER_INFO *si;
 		return(NULL);
 	}
 
-int PKCS7_set_cipher(p7,cipher)
-PKCS7 *p7;
-EVP_CIPHER *cipher;
+int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
 	{
 	int i;
+	ASN1_OBJECT *objtmp;
 	PKCS7_ENC_CONTENT *ec;
 
 	i=OBJ_obj2nid(p7->type);
@@ -469,7 +496,15 @@ EVP_CIPHER *cipher;
 		return(0);
 		}
 
-	ec->algorithm->algorithm=OBJ_nid2obj(EVP_CIPHER_nid(cipher));
-	return(ec->algorithm->algorithm != NULL);
+	/* Check cipher OID exists and has data in it*/
+	i = EVP_CIPHER_type(cipher);
+	if(i == NID_undef) {
+		PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+		return(0);
+	}
+	objtmp = OBJ_nid2obj(i);
+
+	ec->cipher = cipher;
+	return 1;
 	}
 
diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c
new file mode 100644
index 0000000000..5100c84b88
--- /dev/null
+++ b/crypto/pkcs7/pk7_mime.c
@@ -0,0 +1,685 @@
+/* pk7_mime.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+
+/* MIME and related routines */
+
+/* MIME format structures
+ * Note that all are translated to lower case apart from
+ * parameter values. Quotes are stripped off
+ */
+
+typedef struct {
+char *param_name;			/* Param name e.g. "micalg" */
+char *param_value;			/* Param value e.g. "sha1" */
+} MIME_PARAM;
+
+DECLARE_STACK_OF(MIME_PARAM)
+IMPLEMENT_STACK_OF(MIME_PARAM)
+
+typedef struct {
+char *name;				/* Name of line e.g. "content-type" */
+char *value;				/* Value of line e.g. "text/plain" */
+STACK_OF(MIME_PARAM) *params;		/* Zero or more parameters */
+} MIME_HEADER;
+
+DECLARE_STACK_OF(MIME_HEADER)
+IMPLEMENT_STACK_OF(MIME_HEADER)
+
+static int B64_write_PKCS7(BIO *bio, PKCS7 *p7);
+static PKCS7 *B64_read_PKCS7(BIO *bio);
+static char * strip_ends(char *name);
+static char * strip_start(char *name);
+static char * strip_end(char *name);
+static MIME_HEADER *mime_hdr_new(char *name, char *value);
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
+static int mime_hdr_cmp(const MIME_HEADER * const *a,
+			const MIME_HEADER * const *b);
+static int mime_param_cmp(const MIME_PARAM * const *a,
+			const MIME_PARAM * const *b);
+static void mime_param_free(MIME_PARAM *param);
+static int mime_bound_check(char *line, int linelen, char *bound, int blen);
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
+static int iscrlf(char c);
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
+static void mime_hdr_free(MIME_HEADER *hdr);
+
+#define MAX_SMLEN 1024
+#define mime_debug(x) /* x */
+
+
+typedef void (*stkfree)();
+
+/* Base 64 read and write of PKCS#7 structure */
+
+static int B64_write_PKCS7(BIO *bio, PKCS7 *p7)
+{
+	BIO *b64;
+	if(!(b64 = BIO_new(BIO_f_base64()))) {
+		PKCS7err(PKCS7_F_B64_WRITE_PKCS7,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	bio = BIO_push(b64, bio);
+	i2d_PKCS7_bio(bio, p7);
+	BIO_flush(bio);
+	bio = BIO_pop(bio);
+	BIO_free(b64);
+	return 1;
+}
+
+static PKCS7 *B64_read_PKCS7(BIO *bio)
+{
+	BIO *b64;
+	PKCS7 *p7;
+	if(!(b64 = BIO_new(BIO_f_base64()))) {
+		PKCS7err(PKCS7_F_B64_READ_PKCS7,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	bio = BIO_push(b64, bio);
+	if(!(p7 = d2i_PKCS7_bio(bio, NULL))) 
+		PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR);
+	BIO_flush(bio);
+	bio = BIO_pop(bio);
+	BIO_free(b64);
+	return p7;
+}
+
+/* SMIME sender */
+
+int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
+{
+	char linebuf[MAX_SMLEN];
+	char bound[33], c;
+	int i;
+	if((flags & PKCS7_DETACHED) && data) {
+	/* We want multipart/signed */
+		/* Generate a random boundary */
+		RAND_pseudo_bytes((unsigned char *)bound, 32);
+		for(i = 0; i < 32; i++) {
+			c = bound[i] & 0xf;
+			if(c < 10) c += '0';
+			else c += 'A' - 10;
+			bound[i] = c;
+		}
+		bound[32] = 0;
+		BIO_printf(bio, "MIME-Version: 1.0\n");
+		BIO_printf(bio, "Content-Type: multipart/signed;");
+		BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";");
+		BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound);
+		BIO_printf(bio, "This is an S/MIME signed message\n\n");
+		/* Now write out the first part */
+		BIO_printf(bio, "------%s\r\n", bound);
+		if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n");
+		while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0) 
+						BIO_write(bio, linebuf, i);
+		BIO_printf(bio, "\n------%s\n", bound);
+
+		/* Headers for signature */
+
+		BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n");
+		BIO_printf(bio, "Content-Transfer-Encoding: base64\n");
+		BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n");
+		B64_write_PKCS7(bio, p7);
+		BIO_printf(bio,"\n------%s--\n\n", bound);
+		return 1;
+	}
+	/* MIME headers */
+	BIO_printf(bio, "MIME-Version: 1.0\n");
+	BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n");
+	BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n");
+	BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n");
+	B64_write_PKCS7(bio, p7);
+	BIO_printf(bio, "\n");
+	return 1;
+}
+
+/* SMIME reader: handle multipart/signed and opaque signing.
+ * in multipart case the content is placed in a memory BIO
+ * pointed to by "bcont". In opaque this is set to NULL
+ */
+
+PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
+{
+	BIO *p7in;
+	STACK_OF(MIME_HEADER) *headers = NULL;
+	STACK_OF(BIO) *parts = NULL;
+	MIME_HEADER *hdr;
+	MIME_PARAM *prm;
+	PKCS7 *p7;
+	int ret;
+
+	if(bcont) *bcont = NULL;
+
+	if (!(headers = mime_parse_hdr(bio))) {
+		PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_PARSE_ERROR);
+		return NULL;
+	}
+
+	if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+		PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE);
+		return NULL;
+	}
+
+	/* Handle multipart/signed */
+
+	if(!strcmp(hdr->value, "multipart/signed")) {
+		/* Split into two parts */
+		prm = mime_param_find(hdr, "boundary");
+		if(!prm || !prm->param_value) {
+			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+			PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY);
+			return NULL;
+		}
+		ret = multi_split(bio, prm->param_value, &parts);
+		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+		if(!ret || (sk_BIO_num(parts) != 2) ) {
+			PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE);
+			sk_BIO_pop_free(parts, BIO_vfree);
+			return NULL;
+		}
+
+		/* Parse the signature piece */
+		p7in = sk_BIO_value(parts, 1);
+
+		if (!(headers = mime_parse_hdr(p7in))) {
+			PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR);
+			sk_BIO_pop_free(parts, BIO_vfree);
+			return NULL;
+		}
+
+		/* Get content type */
+
+		if(!(hdr = mime_hdr_find(headers, "content-type")) ||
+								 !hdr->value) {
+			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+			PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE);
+			return NULL;
+		}
+
+		if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
+			strcmp(hdr->value, "application/pkcs7-signature")) {
+			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+			PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE);
+			ERR_add_error_data(2, "type: ", hdr->value);
+			sk_BIO_pop_free(parts, BIO_vfree);
+			return NULL;
+		}
+		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+		/* Read in PKCS#7 */
+		if(!(p7 = B64_read_PKCS7(p7in))) {
+			PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR);
+			sk_BIO_pop_free(parts, BIO_vfree);
+			return NULL;
+		}
+
+		if(bcont) {
+			*bcont = sk_BIO_value(parts, 0);
+			BIO_free(p7in);
+			sk_BIO_free(parts);
+		} else sk_BIO_pop_free(parts, BIO_vfree);
+		return p7;
+	}
+		
+	/* OK, if not multipart/signed try opaque signature */
+
+	if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
+	    strcmp (hdr->value, "application/pkcs7-mime")) {
+		PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE);
+		ERR_add_error_data(2, "type: ", hdr->value);
+		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+		return NULL;
+	}
+
+	sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+	
+	if(!(p7 = B64_read_PKCS7(bio))) {
+		PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR);
+		return NULL;
+	}
+	return p7;
+
+}
+
+/* Copy text from one BIO to another making the output CRLF at EOL */
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
+{
+	char eol;
+	int len;
+	char linebuf[MAX_SMLEN];
+	if(flags & PKCS7_BINARY) {
+		while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
+						BIO_write(out, linebuf, len);
+		return 1;
+	}
+	if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
+	while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
+		eol = 0;
+		while(iscrlf(linebuf[len - 1])) {
+			len--;
+			eol = 1;
+		}	
+		BIO_write(out, linebuf, len);
+		if(eol) BIO_write(out, "\r\n", 2);
+	}
+	return 1;
+}
+
+/* Strip off headers if they are text/plain */
+int SMIME_text(BIO *in, BIO *out)
+{
+	char iobuf[4096];
+	int len;
+	STACK_OF(MIME_HEADER) *headers;
+	MIME_HEADER *hdr;
+
+	if (!(headers = mime_parse_hdr(in))) {
+		PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR);
+		return 0;
+	}
+	if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+		PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE);
+		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+		return 0;
+	}
+	if (strcmp (hdr->value, "text/plain")) {
+		PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE);
+		ERR_add_error_data(2, "type: ", hdr->value);
+		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+		return 0;
+	}
+	sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+	while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
+						BIO_write(out, iobuf, len);
+	return 1;
+}
+
+/* Split a multipart/XXX message body into component parts: result is
+ * canonical parts in a STACK of bios
+ */
+
+static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
+{
+	char linebuf[MAX_SMLEN];
+	int len, blen;
+	BIO *bpart = NULL;
+	STACK_OF(BIO) *parts;
+	char state, part, first;
+
+	blen = strlen(bound);
+	part = 0;
+	state = 0;
+	first = 1;
+	parts = sk_BIO_new_null();
+	*ret = parts;
+	while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+		state = mime_bound_check(linebuf, len, bound, blen);
+		if(state == 1) {
+			first = 1;
+			part++;
+		} else if(state == 2) {
+			sk_BIO_push(parts, bpart);
+			return 1;
+		} else if(part) {
+			if(first) {
+				first = 0;
+				if(bpart) sk_BIO_push(parts, bpart);
+				bpart = BIO_new(BIO_s_mem());
+				
+			} else BIO_write(bpart, "\r\n", 2);
+			/* Strip CR+LF from linebuf */
+			while(iscrlf(linebuf[len - 1])) len--;
+			BIO_write(bpart, linebuf, len);
+		}
+	}
+	return 0;
+}
+
+static int iscrlf(char c)
+{
+	if(c == '\r' || c == '\n') return 1;
+	return 0;
+}
+
+/* This is the big one: parse MIME header lines up to message body */
+
+#define MIME_INVALID	0
+#define MIME_START	1
+#define MIME_TYPE	2
+#define MIME_NAME	3
+#define MIME_VALUE	4
+#define MIME_QUOTE	5
+#define MIME_COMMENT	6
+
+
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
+{
+	char *p, *q, c;
+	char *ntmp;
+	char linebuf[MAX_SMLEN];
+	MIME_HEADER *mhdr = NULL;
+	STACK_OF(MIME_HEADER) *headers;
+	int len, state, save_state = 0;
+
+	headers = sk_MIME_HEADER_new(mime_hdr_cmp);
+	while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+	/* If whitespace at line start then continuation line */
+	if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
+	else state = MIME_START;
+	ntmp = NULL;
+	/* Go through all characters */
+	for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
+
+	/* State machine to handle MIME headers
+	 * if this looks horrible that's because it *is*
+         */
+
+		switch(state) {
+			case MIME_START:
+			if(c == ':') {
+				state = MIME_TYPE;
+				*p = 0;
+				ntmp = strip_ends(q);
+				q = p + 1;
+			}
+			break;
+
+			case MIME_TYPE:
+			if(c == ';') {
+				mime_debug("Found End Value\n");
+				*p = 0;
+				mhdr = mime_hdr_new(ntmp, strip_ends(q));
+				sk_MIME_HEADER_push(headers, mhdr);
+				ntmp = NULL;
+				q = p + 1;
+				state = MIME_NAME;
+			} else if(c == '(') {
+				save_state = state;
+				state = MIME_COMMENT;
+			}
+			break;
+
+			case MIME_COMMENT:
+			if(c == ')') {
+				state = save_state;
+			}
+			break;
+
+			case MIME_NAME:
+			if(c == '=') {
+				state = MIME_VALUE;
+				*p = 0;
+				ntmp = strip_ends(q);
+				q = p + 1;
+			}
+			break ;
+
+			case MIME_VALUE:
+			if(c == ';') {
+				state = MIME_NAME;
+				*p = 0;
+				mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+				ntmp = NULL;
+				q = p + 1;
+			} else if (c == '"') {
+				mime_debug("Found Quote\n");
+				state = MIME_QUOTE;
+			} else if(c == '(') {
+				save_state = state;
+				state = MIME_COMMENT;
+			}
+			break;
+
+			case MIME_QUOTE:
+			if(c == '"') {
+				mime_debug("Found Match Quote\n");
+				state = MIME_VALUE;
+			}
+			break;
+		}
+	}
+
+	if(state == MIME_TYPE) {
+		mhdr = mime_hdr_new(ntmp, strip_ends(q));
+		sk_MIME_HEADER_push(headers, mhdr);
+	} else if(state == MIME_VALUE)
+			 mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+	if(p == linebuf) break;	/* Blank line means end of headers */
+}
+
+return headers;
+
+}
+
+static char *strip_ends(char *name)
+{
+	return strip_end(strip_start(name));
+}
+
+/* Strip a parameter of whitespace from start of param */
+static char *strip_start(char *name)
+{
+	char *p, c;
+	/* Look for first non white space or quote */
+	for(p = name; (c = *p) ;p++) {
+		if(c == '"') {
+			/* Next char is start of string if non null */
+			if(p[1]) return p + 1;
+			/* Else null string */
+			return NULL;
+		}
+		if(!isspace((unsigned char)c)) return p;
+	}
+	return NULL;
+}
+
+/* As above but strip from end of string : maybe should handle brackets? */
+static char *strip_end(char *name)
+{
+	char *p, c;
+	if(!name) return NULL;
+	/* Look for first non white space or quote */
+	for(p = name + strlen(name) - 1; p >= name ;p--) {
+		c = *p;
+		if(c == '"') {
+			if(p - 1 == name) return NULL;
+			*p = 0;
+			return name;
+		}
+		if(isspace((unsigned char)c)) *p = 0;	
+		else return name;
+	}
+	return NULL;
+}
+
+static MIME_HEADER *mime_hdr_new(char *name, char *value)
+{
+	MIME_HEADER *mhdr;
+	char *tmpname, *tmpval, *p;
+	int c;
+	if(name) {
+		if(!(tmpname = BUF_strdup(name))) return NULL;
+		for(p = tmpname ; *p; p++) {
+			c = *p;
+			if(isupper(c)) {
+				c = tolower(c);
+				*p = c;
+			}
+		}
+	} else tmpname = NULL;
+	if(value) {
+		if(!(tmpval = BUF_strdup(value))) return NULL;
+		for(p = tmpval ; *p; p++) {
+			c = *p;
+			if(isupper(c)) {
+				c = tolower(c);
+				*p = c;
+			}
+		}
+	} else tmpval = NULL;
+	mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER));
+	if(!mhdr) return NULL;
+	mhdr->name = tmpname;
+	mhdr->value = tmpval;
+	if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL;
+	return mhdr;
+}
+		
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
+{
+	char *tmpname, *tmpval, *p;
+	int c;
+	MIME_PARAM *mparam;
+	if(name) {
+		tmpname = BUF_strdup(name);
+		if(!tmpname) return 0;
+		for(p = tmpname ; *p; p++) {
+			c = *p;
+			if(isupper(c)) {
+				c = tolower(c);
+				*p = c;
+			}
+		}
+	} else tmpname = NULL;
+	if(value) {
+		tmpval = BUF_strdup(value);
+		if(!tmpval) return 0;
+	} else tmpval = NULL;
+	/* Parameter values are case sensitive so leave as is */
+	mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM));
+	if(!mparam) return 0;
+	mparam->param_name = tmpname;
+	mparam->param_value = tmpval;
+	sk_MIME_PARAM_push(mhdr->params, mparam);
+	return 1;
+}
+
+static int mime_hdr_cmp(const MIME_HEADER * const *a,
+			const MIME_HEADER * const *b)
+{
+	return(strcmp((*a)->name, (*b)->name));
+}
+
+static int mime_param_cmp(const MIME_PARAM * const *a,
+			const MIME_PARAM * const *b)
+{
+	return(strcmp((*a)->param_name, (*b)->param_name));
+}
+
+/* Find a header with a given name (if possible) */
+
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
+{
+	MIME_HEADER htmp;
+	int idx;
+	htmp.name = name;
+	idx = sk_MIME_HEADER_find(hdrs, &htmp);
+	if(idx < 0) return NULL;
+	return sk_MIME_HEADER_value(hdrs, idx);
+}
+
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
+{
+	MIME_PARAM param;
+	int idx;
+	param.param_name = name;
+	idx = sk_MIME_PARAM_find(hdr->params, &param);
+	if(idx < 0) return NULL;
+	return sk_MIME_PARAM_value(hdr->params, idx);
+}
+
+static void mime_hdr_free(MIME_HEADER *hdr)
+{
+	if(hdr->name) OPENSSL_free(hdr->name);
+	if(hdr->value) OPENSSL_free(hdr->value);
+	if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
+	OPENSSL_free(hdr);
+}
+
+static void mime_param_free(MIME_PARAM *param)
+{
+	if(param->param_name) OPENSSL_free(param->param_name);
+	if(param->param_value) OPENSSL_free(param->param_value);
+	OPENSSL_free(param);
+}
+
+/* Check for a multipart boundary. Returns:
+ * 0 : no boundary
+ * 1 : part boundary
+ * 2 : final boundary
+ */
+static int mime_bound_check(char *line, int linelen, char *bound, int blen)
+{
+	if(linelen == -1) linelen = strlen(line);
+	if(blen == -1) blen = strlen(bound);
+	/* Quickly eliminate if line length too short */
+	if(blen + 2 > linelen) return 0;
+	/* Check for part boundary */
+	if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
+		if(!strncmp(line + blen + 2, "--", 2)) return 2;
+		else return 1;
+	}
+	return 0;
+}
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
new file mode 100644
index 0000000000..f0d071e282
--- /dev/null
+++ b/crypto/pkcs7/pk7_smime.c
@@ -0,0 +1,441 @@
+/* pk7_smime.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* Simple PKCS#7 processing functions */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+		  BIO *data, int flags)
+{
+	PKCS7 *p7;
+	PKCS7_SIGNER_INFO *si;
+	BIO *p7bio;
+	STACK_OF(X509_ALGOR) *smcap;
+	int i;
+
+	if(!X509_check_private_key(signcert, pkey)) {
+		PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+                return NULL;
+	}
+
+	if(!(p7 = PKCS7_new())) {
+		PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	PKCS7_set_type(p7, NID_pkcs7_signed);
+
+	PKCS7_content_new(p7, NID_pkcs7_data);
+
+    	if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
+		PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
+		return NULL;
+	}
+
+	if(!(flags & PKCS7_NOCERTS)) {
+		PKCS7_add_certificate(p7, signcert);
+		if(certs) for(i = 0; i < sk_X509_num(certs); i++)
+			PKCS7_add_certificate(p7, sk_X509_value(certs, i));
+	}
+
+	if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
+		PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+
+	SMIME_crlf_copy(data, p7bio, flags);
+
+	if(!(flags & PKCS7_NOATTR)) {
+		PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
+				V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
+		/* Add SMIMECapabilities */
+		if(!(flags & PKCS7_NOSMIMECAP))
+		{
+		if(!(smcap = sk_X509_ALGOR_new_null())) {
+			PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+			return NULL;
+		}
+#ifndef OPENSSL_NO_DES
+		PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1);
+#endif
+#ifndef OPENSSL_NO_RC2
+		PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128);
+		PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64);
+#endif
+#ifndef OPENSSL_NO_DES
+		PKCS7_simple_smimecap (smcap, NID_des_cbc, -1);
+#endif
+#ifndef OPENSSL_NO_RC2
+		PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40);
+#endif
+		PKCS7_add_attrib_smimecap (si, smcap);
+		sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+		}
+	}
+
+	if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
+
+        if (!PKCS7_dataFinal(p7,p7bio)) {
+		PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);
+		return NULL;
+	}
+
+        BIO_free_all(p7bio);
+	return p7;
+}
+
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+					BIO *indata, BIO *out, int flags)
+{
+	STACK_OF(X509) *signers;
+	X509 *signer;
+	STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+	PKCS7_SIGNER_INFO *si;
+	X509_STORE_CTX cert_ctx;
+	char buf[4096];
+	int i, j=0, k, ret = 0;
+	BIO *p7bio;
+	BIO *tmpout;
+
+	if(!p7) {
+		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER);
+		return 0;
+	}
+
+	if(!PKCS7_type_is_signed(p7)) {
+		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE);
+		return 0;
+	}
+
+	/* Check for no data and no content: no data to verify signature */
+	if(PKCS7_get_detached(p7) && !indata) {
+		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);
+		return 0;
+	}
+#if 0
+	/* NB: this test commented out because some versions of Netscape
+	 * illegally include zero length content when signing data.
+	 */
+
+	/* Check for data and content: two sets of data */
+	if(!PKCS7_get_detached(p7) && indata) {
+				PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT);
+		return 0;
+	}
+#endif
+
+	sinfos = PKCS7_get_signer_info(p7);
+
+	if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
+		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA);
+		return 0;
+	}
+
+
+	signers = PKCS7_get0_signers(p7, certs, flags);
+
+	if(!signers) return 0;
+
+	/* Now verify the certificates */
+
+	if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) {
+		signer = sk_X509_value (signers, k);
+		if (!(flags & PKCS7_NOCHAIN)) {
+			if(!X509_STORE_CTX_init(&cert_ctx, store, signer,
+							p7->d.sign->cert))
+				{
+				PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
+				sk_X509_free(signers);
+				return 0;
+				}
+			X509_STORE_CTX_set_purpose(&cert_ctx,
+						X509_PURPOSE_SMIME_SIGN);
+		} else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
+			PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
+			sk_X509_free(signers);
+			return 0;
+		}
+		i = X509_verify_cert(&cert_ctx);
+		if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
+		X509_STORE_CTX_cleanup(&cert_ctx);
+		if (i <= 0) {
+			PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR);
+			ERR_add_error_data(2, "Verify error:",
+					 X509_verify_cert_error_string(j));
+			sk_X509_free(signers);
+			return 0;
+		}
+		/* Check for revocation status here */
+	}
+
+	p7bio=PKCS7_dataInit(p7,indata);
+
+	if(flags & PKCS7_TEXT) {
+		if(!(tmpout = BIO_new(BIO_s_mem()))) {
+			PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+	} else tmpout = out;
+
+	/* We now have to 'read' from p7bio to calculate digests etc. */
+	for (;;)
+	{
+		i=BIO_read(p7bio,buf,sizeof(buf));
+		if (i <= 0) break;
+		if (tmpout) BIO_write(tmpout, buf, i);
+	}
+
+	if(flags & PKCS7_TEXT) {
+		if(!SMIME_text(tmpout, out)) {
+			PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR);
+			BIO_free(tmpout);
+			goto err;
+		}
+		BIO_free(tmpout);
+	}
+
+	/* Now Verify All Signatures */
+	if (!(flags & PKCS7_NOSIGS))
+	    for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
+		{
+		si=sk_PKCS7_SIGNER_INFO_value(sinfos,i);
+		signer = sk_X509_value (signers, i);
+		j=PKCS7_signatureVerify(p7bio,p7,si, signer);
+		if (j <= 0) {
+			PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNATURE_FAILURE);
+			goto err;
+		}
+	}
+
+	ret = 1;
+
+	err:
+
+	if(indata) BIO_pop(p7bio);
+	BIO_free_all(p7bio);
+	sk_X509_free(signers);
+
+	return ret;
+}
+
+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
+{
+	STACK_OF(X509) *signers;
+	STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+	PKCS7_SIGNER_INFO *si;
+	PKCS7_ISSUER_AND_SERIAL *ias;
+	X509 *signer;
+	int i;
+
+	if(!p7) {
+		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_INVALID_NULL_POINTER);
+		return NULL;
+	}
+
+	if(!PKCS7_type_is_signed(p7)) {
+		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE);
+		return NULL;
+	}
+	if(!(signers = sk_X509_new_null())) {
+		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	/* Collect all the signers together */
+
+	sinfos = PKCS7_get_signer_info(p7);
+
+	if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
+		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS);
+		return 0;
+	}
+
+	for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
+	{
+	    si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
+	    ias = si->issuer_and_serial;
+	    signer = NULL;
+		/* If any certificates passed they take priority */
+	    if (certs) signer = X509_find_by_issuer_and_serial (certs,
+					 	ias->issuer, ias->serial);
+	    if (!signer && !(flags & PKCS7_NOINTERN)
+			&& p7->d.sign->cert) signer =
+		              X509_find_by_issuer_and_serial (p7->d.sign->cert,
+					      	ias->issuer, ias->serial);
+	    if (!signer) {
+			PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
+			sk_X509_free(signers);
+			return 0;
+	    }
+
+	    sk_X509_push(signers, signer);
+	}
+	return signers;
+}
+
+
+/* Build a complete PKCS#7 enveloped data */
+
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
+								int flags)
+{
+	PKCS7 *p7;
+	BIO *p7bio = NULL;
+	int i;
+	X509 *x509;
+	if(!(p7 = PKCS7_new())) {
+		PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	PKCS7_set_type(p7, NID_pkcs7_enveloped);
+	if(!PKCS7_set_cipher(p7, cipher)) {
+		PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER);
+		goto err;
+	}
+
+	for(i = 0; i < sk_X509_num(certs); i++) {
+		x509 = sk_X509_value(certs, i);
+		if(!PKCS7_add_recipient(p7, x509)) {
+			PKCS7err(PKCS7_F_PKCS7_ENCRYPT,
+					PKCS7_R_ERROR_ADDING_RECIPIENT);
+			goto err;
+		}
+	}
+
+	if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
+		PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+
+	SMIME_crlf_copy(in, p7bio, flags);
+
+	BIO_flush(p7bio);
+
+        if (!PKCS7_dataFinal(p7,p7bio)) {
+		PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR);
+		goto err;
+	}
+        BIO_free_all(p7bio);
+
+	return p7;
+
+	err:
+
+	BIO_free(p7bio);
+	PKCS7_free(p7);
+	return NULL;
+
+}
+
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
+{
+	BIO *tmpmem;
+	int ret, i;
+	char buf[4096];
+
+	if(!p7) {
+		PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER);
+		return 0;
+	}
+
+	if(!PKCS7_type_is_enveloped(p7)) {
+		PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE);
+		return 0;
+	}
+
+	if(!X509_check_private_key(cert, pkey)) {
+		PKCS7err(PKCS7_F_PKCS7_DECRYPT,
+				PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+		return 0;
+	}
+
+	if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
+		PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
+		return 0;
+	}
+
+	if (flags & PKCS7_TEXT) {
+		BIO *tmpbuf, *bread;
+		/* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
+		if(!(tmpbuf = BIO_new(BIO_f_buffer()))) {
+			PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+			return 0;
+		}
+		if(!(bread = BIO_push(tmpbuf, tmpmem))) {
+			PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+			return 0;
+		}
+		ret = SMIME_text(bread, data);
+		BIO_free_all(bread);
+		return ret;
+	} else {
+		for(;;) {
+			i = BIO_read(tmpmem, buf, sizeof(buf));
+			if(i <= 0) break;
+			BIO_write(data, buf, i);
+		}
+		BIO_free_all(tmpmem);
+		return 1;
+	}
+}
diff --git a/crypto/pkcs7/pkcs7.err b/crypto/pkcs7/pkcs7.err
deleted file mode 100644
index 115721e918..0000000000
--- a/crypto/pkcs7/pkcs7.err
+++ /dev/null
@@ -1,32 +0,0 @@
-/* Error codes for the PKCS7 functions. */
-
-/* Function codes. */
-#define PKCS7_F_PKCS7_ADD_CERTIFICATE			 100
-#define PKCS7_F_PKCS7_ADD_CRL				 101
-#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO		 102
-#define PKCS7_F_PKCS7_ADD_SIGNER			 103
-#define PKCS7_F_PKCS7_CTRL				 104
-#define PKCS7_F_PKCS7_DATAINIT				 105
-#define PKCS7_F_PKCS7_DATASIGN				 106
-#define PKCS7_F_PKCS7_DATAVERIFY			 107
-#define PKCS7_F_PKCS7_SET_CIPHER			 108
-#define PKCS7_F_PKCS7_SET_CONTENT			 109
-#define PKCS7_F_PKCS7_SET_TYPE				 110
-#define PKCS7_F_PKCS7_SIGNENVELOPEDECRYPT		 111
-
-/* Reason codes. */
-#define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH		 100
-#define PKCS7_R_DIGEST_FAILURE				 101
-#define PKCS7_R_INTERNAL_ERROR				 102
-#define PKCS7_R_MISSING_CERIPEND_INFO			 103
-#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE	 104
-#define PKCS7_R_SIGNATURE_FAILURE			 105
-#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE		 106
-#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO			 107
-#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST		 108
-#define PKCS7_R_UNKNOWN_DIGEST_TYPE			 109
-#define PKCS7_R_UNKNOWN_OPERATION			 110
-#define PKCS7_R_UNSUPPORTED_CIPHER_TYPE			 111
-#define PKCS7_R_UNSUPPORTED_CONTENT_TYPE		 112
-#define PKCS7_R_WRONG_CONTENT_TYPE			 113
-#define PKCS7_R_WRONG_PKCS7_TYPE			 114
diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h
index 01afa5a5c3..226fb64348 100644
--- a/crypto/pkcs7/pkcs7.h
+++ b/crypto/pkcs7/pkcs7.h
@@ -59,12 +59,22 @@
 #ifndef HEADER_PKCS7_H
 #define HEADER_PKCS7_H
 
+#include <openssl/asn1.h>
+#include <openssl/bio.h>
+#include <openssl/e_os2.h>
+
+#include <openssl/symhacks.h>
+#include <openssl/ossl_typ.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#include "bio.h"
-#include "x509.h"
+#ifdef OPENSSL_SYS_WIN32
+/* Under Win32 thes are defined in wincrypt.h */
+#undef PKCS7_ISSUER_AND_SERIAL
+#undef PKCS7_SIGNER_INFO
+#endif
 
 /*
 Encryption_ID		DES-CBC
@@ -84,15 +94,18 @@ typedef struct pkcs7_signer_info_st
 	ASN1_INTEGER 			*version;	/* version 1 */
 	PKCS7_ISSUER_AND_SERIAL		*issuer_and_serial;
 	X509_ALGOR			*digest_alg;
-	STACK /* X509_ATTRIBUTE */	*auth_attr;	/* [ 0 ] */
+	STACK_OF(X509_ATTRIBUTE)	*auth_attr;	/* [ 0 ] */
 	X509_ALGOR			*digest_enc_alg;
 	ASN1_OCTET_STRING		*enc_digest;
-	STACK /* X509_ATTRIBUTE */	*unauth_attr;	/* [ 1 ] */
+	STACK_OF(X509_ATTRIBUTE)	*unauth_attr;	/* [ 1 ] */
 
 	/* The private key to sign with */
 	EVP_PKEY			*pkey;
 	} PKCS7_SIGNER_INFO;
 
+DECLARE_STACK_OF(PKCS7_SIGNER_INFO)
+DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO)
+
 typedef struct pkcs7_recip_info_st
 	{
 	ASN1_INTEGER			*version;	/* version 0 */
@@ -102,13 +115,16 @@ typedef struct pkcs7_recip_info_st
 	X509				*cert; /* get the pub-key from this */
 	} PKCS7_RECIP_INFO;
 
+DECLARE_STACK_OF(PKCS7_RECIP_INFO)
+DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO)
+
 typedef struct pkcs7_signed_st
 	{
 	ASN1_INTEGER			*version;	/* version 1 */
-	STACK /* X509_ALGOR's */	*md_algs;	/* md used */
-	STACK /* X509 */		*cert;		/* [ 0 ] */
-	STACK /* X509_CRL */		*crl;		/* [ 1 ] */
-	STACK /* PKCS7_SIGNER_INFO */	*signer_info;
+	STACK_OF(X509_ALGOR)		*md_algs;	/* md used */
+	STACK_OF(X509)			*cert;		/* [ 0 ] */
+	STACK_OF(X509_CRL)		*crl;		/* [ 1 ] */
+	STACK_OF(PKCS7_SIGNER_INFO)	*signer_info;
 
 	struct pkcs7_st			*contents;
 	} PKCS7_SIGNED;
@@ -120,25 +136,26 @@ typedef struct pkcs7_enc_content_st
 	ASN1_OBJECT			*content_type;
 	X509_ALGOR			*algorithm;
 	ASN1_OCTET_STRING		*enc_data;	/* [ 0 ] */
+	const EVP_CIPHER		*cipher;
 	} PKCS7_ENC_CONTENT;
 
 typedef struct pkcs7_enveloped_st
 	{
 	ASN1_INTEGER			*version;	/* version 0 */
-	STACK /* PKCS7_RECIP_INFO */	*recipientinfo;
+	STACK_OF(PKCS7_RECIP_INFO)	*recipientinfo;
 	PKCS7_ENC_CONTENT		*enc_data;
 	} PKCS7_ENVELOPE;
-	
+
 typedef struct pkcs7_signedandenveloped_st
 	{
 	ASN1_INTEGER			*version;	/* version 1 */
-	STACK /* X509_ALGOR's */	*md_algs;	/* md used */
-	STACK /* X509 */		*cert;		/* [ 0 ] */
-	STACK /* X509_CRL */		*crl;		/* [ 1 ] */
-	STACK /* PKCS7_SIGNER_INFO */	*signer_info;
+	STACK_OF(X509_ALGOR)		*md_algs;	/* md used */
+	STACK_OF(X509)			*cert;		/* [ 0 ] */
+	STACK_OF(X509_CRL)		*crl;		/* [ 1 ] */
+	STACK_OF(PKCS7_SIGNER_INFO)	*signer_info;
 
 	PKCS7_ENC_CONTENT		*enc_data;
-	STACK /* PKCS7_RECIP_INFO */	*recipientinfo;
+	STACK_OF(PKCS7_RECIP_INFO)	*recipientinfo;
 	} PKCS7_SIGN_ENVELOPE;
 
 typedef struct pkcs7_digest_st
@@ -193,9 +210,16 @@ typedef struct pkcs7_st
 
 		/* NID_pkcs7_encrypted */
 		PKCS7_ENCRYPT *encrypted;
+
+		/* Anything else */
+		ASN1_TYPE *other;
 		} d;
 	} PKCS7;
 
+DECLARE_STACK_OF(PKCS7)
+DECLARE_ASN1_SET_OF(PKCS7)
+DECLARE_PKCS12_STACK_OF(PKCS7)
+
 #define PKCS7_OP_SET_DETACHED_SIGNATURE	1
 #define PKCS7_OP_GET_DETACHED_SIGNATURE	2
 
@@ -203,6 +227,8 @@ typedef struct pkcs7_st
 #define PKCS7_get_attributes(si)	((si)->unauth_attr)
 
 #define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)
+#define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
+#define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped)
 #define PKCS7_type_is_signedAndEnveloped(a) \
 		(OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
 #define PKCS7_type_is_data(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
@@ -212,6 +238,8 @@ typedef struct pkcs7_st
 #define PKCS7_get_detached(p) \
 		PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL)
 
+#define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
+
 #ifdef SSLEAY_MACROS
 #ifndef PKCS7_ISSUER_AND_SERIAL_digest
 #define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \
@@ -220,250 +248,192 @@ typedef struct pkcs7_st
 #endif
 #endif
 
-
-#ifndef NOPROTO
-PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(void );
-void			PKCS7_ISSUER_AND_SERIAL_free(
-				PKCS7_ISSUER_AND_SERIAL *a);
-int 			i2d_PKCS7_ISSUER_AND_SERIAL(
-				PKCS7_ISSUER_AND_SERIAL *a,unsigned char **pp);
-PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL(
-				PKCS7_ISSUER_AND_SERIAL **a,
-				unsigned char **pp, long length);
+/* S/MIME related flags */
+
+#define PKCS7_TEXT		0x1
+#define PKCS7_NOCERTS		0x2
+#define PKCS7_NOSIGS		0x4
+#define PKCS7_NOCHAIN		0x8
+#define PKCS7_NOINTERN		0x10
+#define PKCS7_NOVERIFY		0x20
+#define PKCS7_DETACHED		0x40
+#define PKCS7_BINARY		0x80
+#define PKCS7_NOATTR		0x100
+#define	PKCS7_NOSMIMECAP	0x200
+
+/* Flags: for compatibility with older code */
+
+#define SMIME_TEXT	PKCS7_TEXT
+#define SMIME_NOCERTS	PKCS7_NOCERTS
+#define SMIME_NOSIGS	PKCS7_NOSIGS
+#define SMIME_NOCHAIN	PKCS7_NOCHAIN
+#define SMIME_NOINTERN	PKCS7_NOINTERN
+#define SMIME_NOVERIFY	PKCS7_NOVERIFY
+#define SMIME_DETACHED	PKCS7_DETACHED
+#define SMIME_BINARY	PKCS7_BINARY
+#define SMIME_NOATTR	PKCS7_NOATTR
+
+DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
 
 #ifndef SSLEAY_MACROS
-int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,EVP_MD *type,
+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type,
 	unsigned char *md,unsigned int *len);
-#ifndef NO_FP_API
-PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 *p7);
+#ifndef OPENSSL_NO_FP_API
+PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7);
 int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7);
 #endif
 PKCS7 *PKCS7_dup(PKCS7 *p7);
-PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 *p7);
+PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7);
 int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7);
 #endif
 
-PKCS7_SIGNER_INFO	*PKCS7_SIGNER_INFO_new(void);
-void			PKCS7_SIGNER_INFO_free(PKCS7_SIGNER_INFO *a);
-int 			i2d_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO *a,
-				unsigned char **pp);
-PKCS7_SIGNER_INFO	*d2i_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO **a,
-				unsigned char **pp,long length);
-
-PKCS7_RECIP_INFO	*PKCS7_RECIP_INFO_new(void);
-void			PKCS7_RECIP_INFO_free(PKCS7_RECIP_INFO *a);
-int 			i2d_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO *a,
-				unsigned char **pp);
-PKCS7_RECIP_INFO	*d2i_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO **a,
-				unsigned char **pp,long length);
-
-PKCS7_SIGNED		*PKCS7_SIGNED_new(void);
-void			PKCS7_SIGNED_free(PKCS7_SIGNED *a);
-int 			i2d_PKCS7_SIGNED(PKCS7_SIGNED *a,
-				unsigned char **pp);
-PKCS7_SIGNED		*d2i_PKCS7_SIGNED(PKCS7_SIGNED **a,
-				unsigned char **pp,long length);
-
-PKCS7_ENC_CONTENT	*PKCS7_ENC_CONTENT_new(void);
-void			PKCS7_ENC_CONTENT_free(PKCS7_ENC_CONTENT *a);
-int 			i2d_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT *a,
-				unsigned char **pp);
-PKCS7_ENC_CONTENT	*d2i_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT **a,
-				unsigned char **pp,long length);
-
-PKCS7_ENVELOPE		*PKCS7_ENVELOPE_new(void);
-void			PKCS7_ENVELOPE_free(PKCS7_ENVELOPE *a);
-int 			i2d_PKCS7_ENVELOPE(PKCS7_ENVELOPE *a,
-				unsigned char **pp);
-PKCS7_ENVELOPE		*d2i_PKCS7_ENVELOPE(PKCS7_ENVELOPE **a,
-				unsigned char **pp,long length);
-
-PKCS7_SIGN_ENVELOPE	*PKCS7_SIGN_ENVELOPE_new(void);
-void			PKCS7_SIGN_ENVELOPE_free(PKCS7_SIGN_ENVELOPE *a);
-int 			i2d_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE *a,
-				unsigned char **pp);
-PKCS7_SIGN_ENVELOPE	*d2i_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE **a,
-				unsigned char **pp,long length);
-
-PKCS7_DIGEST		*PKCS7_DIGEST_new(void);
-void			PKCS7_DIGEST_free(PKCS7_DIGEST *a);
-int 			i2d_PKCS7_DIGEST(PKCS7_DIGEST *a,
-				unsigned char **pp);
-PKCS7_DIGEST		*d2i_PKCS7_DIGEST(PKCS7_DIGEST **a,
-				unsigned char **pp,long length);
-
-PKCS7_ENCRYPT		*PKCS7_ENCRYPT_new(void);
-void			PKCS7_ENCRYPT_free(PKCS7_ENCRYPT *a);
-int 			i2d_PKCS7_ENCRYPT(PKCS7_ENCRYPT *a,
-				unsigned char **pp);
-PKCS7_ENCRYPT		*d2i_PKCS7_ENCRYPT(PKCS7_ENCRYPT **a,
-				unsigned char **pp,long length);
-
-PKCS7			*PKCS7_new(void);
-void			PKCS7_free(PKCS7 *a);
-void			PKCS7_content_free(PKCS7 *a);
-int 			i2d_PKCS7(PKCS7 *a,
-				unsigned char **pp);
-PKCS7			*d2i_PKCS7(PKCS7 **a,
-				unsigned char **pp,long length);
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
+DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED)
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
+DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST)
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
+DECLARE_ASN1_FUNCTIONS(PKCS7)
 
-void ERR_load_PKCS7_strings(void);
+DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)
+DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)
 
+DECLARE_ASN1_NDEF_FUNCTION(PKCS7)
 
 long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
 
 int PKCS7_set_type(PKCS7 *p7, int type);
 int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
 int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
-	EVP_MD *dgst);
+	const EVP_MD *dgst);
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
 int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
 int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
 int PKCS7_content_new(PKCS7 *p7, int nid);
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
 	BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); 
+int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
+								X509 *x509);
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
-BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509_STORE *xs);
+BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);
 
 
 PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
-	EVP_PKEY *pkey, EVP_MD *dgst);
+	EVP_PKEY *pkey, const EVP_MD *dgst);
 X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
-STACK *PKCS7_get_signer_info(PKCS7 *p7);
+STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
 
 PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
 int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);
 int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);
-int PKCS7_set_cipher(PKCS7 *p7, EVP_CIPHER *cipher);
+int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher);
 
 PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);
-ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK *sk);
+ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk);
 int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type,
-	char *data);
+	void *data);
 int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
-	char *value);
+	void *value);
 ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid);
 ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid);
-int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, STACK *sk);
-int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK *sk);
-
-
-#else
-
-PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new();
-void			PKCS7_ISSUER_AND_SERIAL_free();
-int 			i2d_PKCS7_ISSUER_AND_SERIAL();
-PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL();
-
-#ifndef SSLEAY_MACROS
-int			PKCS7_ISSUER_AND_SERIAL_digest();
-#ifndef NO_FP_API
-PKCS7 *d2i_PKCS7_fp();
-int i2d_PKCS7_fp();
-#endif
-PKCS7 *PKCS7_dup();
-PKCS7 *d2i_PKCS7_bio();
-int i2d_PKCS7_bio();
-
-#endif
-
-PKCS7_SIGNER_INFO	*PKCS7_SIGNER_INFO_new();
-void			PKCS7_SIGNER_INFO_free();
-int 			i2d_PKCS7_SIGNER_INFO();
-PKCS7_SIGNER_INFO	*d2i_PKCS7_SIGNER_INFO();
-PKCS7_RECIP_INFO	*PKCS7_RECIP_INFO_new();
-void			PKCS7_RECIP_INFO_free();
-int 			i2d_PKCS7_RECIP_INFO();
-PKCS7_RECIP_INFO	*d2i_PKCS7_RECIP_INFO();
-PKCS7_SIGNED		*PKCS7_SIGNED_new();
-void			PKCS7_SIGNED_free();
-int 			i2d_PKCS7_SIGNED();
-PKCS7_SIGNED		*d2i_PKCS7_SIGNED();
-PKCS7_ENC_CONTENT	*PKCS7_ENC_CONTENT_new();
-void			PKCS7_ENC_CONTENT_free();
-int 			i2d_PKCS7_ENC_CONTENT();
-PKCS7_ENC_CONTENT	*d2i_PKCS7_ENC_CONTENT();
-PKCS7_ENVELOPE		*PKCS7_ENVELOPE_new();
-void			PKCS7_ENVELOPE_free();
-int 			i2d_PKCS7_ENVELOPE();
-PKCS7_ENVELOPE		*d2i_PKCS7_ENVELOPE();
-PKCS7_SIGN_ENVELOPE	*PKCS7_SIGN_ENVELOPE_new();
-void			PKCS7_SIGN_ENVELOPE_free();
-int 			i2d_PKCS7_SIGN_ENVELOPE();
-PKCS7_SIGN_ENVELOPE	*d2i_PKCS7_SIGN_ENVELOPE();
-PKCS7_DIGEST		*PKCS7_DIGEST_new();
-void			PKCS7_DIGEST_free();
-int 			i2d_PKCS7_DIGEST();
-PKCS7_DIGEST		*d2i_PKCS7_DIGEST();
-PKCS7_ENCRYPT		*PKCS7_ENCRYPT_new();
-void			PKCS7_ENCRYPT_free();
-int 			i2d_PKCS7_ENCRYPT();
-PKCS7_ENCRYPT		*d2i_PKCS7_ENCRYPT();
-PKCS7			*PKCS7_new();
-void			PKCS7_free();
-void			PKCS7_content_free();
-int 			i2d_PKCS7();
-PKCS7			*d2i_PKCS7();
-
-void ERR_load_PKCS7_strings();
-
-long PKCS7_ctrl();
-int PKCS7_set_type();
-int PKCS7_set_content();
-int PKCS7_SIGNER_INFO_set();
-int PKCS7_add_signer();
-int PKCS7_add_certificate();
-int PKCS7_add_crl();
-int PKCS7_content_new();
-int PKCS7_dataVerify();
-BIO *PKCS7_dataInit();
-PKCS7_SIGNER_INFO *PKCS7_add_signature();
-X509 *PKCS7_cert_from_signer_info();
-STACK *PKCS7_get_signer_info();
-
-PKCS7_RECIP_INFO *PKCS7_add_recipient();
-int PKCS7_add_recipient_info();
-int PKCS7_RECIP_INFO_set();
-int PKCS7_set_cipher();
-
-PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial();
-ASN1_OCTET_STRING *PKCS7_digest_from_attributes();
-int PKCS7_add_signed_attribute();
-int PKCS7_add_attribute();
-ASN1_TYPE *PKCS7_get_attribute();
-ASN1_TYPE *PKCS7_get_signed_attribute();
-void PKCS7_set_signed_attributes();
-void PKCS7_set_attributes();
-
-#endif
-
+int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
+				STACK_OF(X509_ATTRIBUTE) *sk);
+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk);
+
+
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+							BIO *data, int flags);
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+					BIO *indata, BIO *out, int flags);
+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
+								int flags);
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
+
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
+			      STACK_OF(X509_ALGOR) *cap);
+STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);
+int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg);
+
+int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);
+PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
+int SMIME_text(BIO *in, BIO *out);
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_PKCS7_strings(void);
+
 /* Error codes for the PKCS7 functions. */
 
 /* Function codes. */
+#define PKCS7_F_B64_READ_PKCS7				 120
+#define PKCS7_F_B64_WRITE_PKCS7				 121
+#define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP		 118
 #define PKCS7_F_PKCS7_ADD_CERTIFICATE			 100
 #define PKCS7_F_PKCS7_ADD_CRL				 101
 #define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO		 102
 #define PKCS7_F_PKCS7_ADD_SIGNER			 103
 #define PKCS7_F_PKCS7_CTRL				 104
+#define PKCS7_F_PKCS7_DATADECODE			 112
 #define PKCS7_F_PKCS7_DATAINIT				 105
 #define PKCS7_F_PKCS7_DATASIGN				 106
 #define PKCS7_F_PKCS7_DATAVERIFY			 107
+#define PKCS7_F_PKCS7_DECRYPT				 114
+#define PKCS7_F_PKCS7_ENCRYPT				 115
+#define PKCS7_F_PKCS7_GET0_SIGNERS			 124
 #define PKCS7_F_PKCS7_SET_CIPHER			 108
 #define PKCS7_F_PKCS7_SET_CONTENT			 109
 #define PKCS7_F_PKCS7_SET_TYPE				 110
-#define PKCS7_F_PKCS7_SIGNENVELOPEDECRYPT		 111
+#define PKCS7_F_PKCS7_SIGN				 116
+#define PKCS7_F_PKCS7_SIGNATUREVERIFY			 113
+#define PKCS7_F_PKCS7_SIMPLE_SMIMECAP			 119
+#define PKCS7_F_PKCS7_VERIFY				 117
+#define PKCS7_F_SMIME_READ_PKCS7			 122
+#define PKCS7_F_SMIME_TEXT				 123
 
 /* Reason codes. */
+#define PKCS7_R_CERTIFICATE_VERIFY_ERROR		 117
+#define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER		 144
+#define PKCS7_R_CIPHER_NOT_INITIALIZED			 116
+#define PKCS7_R_CONTENT_AND_DATA_PRESENT		 118
+#define PKCS7_R_DECODE_ERROR				 130
 #define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH		 100
+#define PKCS7_R_DECRYPT_ERROR				 119
 #define PKCS7_R_DIGEST_FAILURE				 101
-#define PKCS7_R_INTERNAL_ERROR				 102
+#define PKCS7_R_ERROR_ADDING_RECIPIENT			 120
+#define PKCS7_R_ERROR_SETTING_CIPHER			 121
+#define PKCS7_R_INVALID_MIME_TYPE			 131
+#define PKCS7_R_INVALID_NULL_POINTER			 143
+#define PKCS7_R_MIME_NO_CONTENT_TYPE			 132
+#define PKCS7_R_MIME_PARSE_ERROR			 133
+#define PKCS7_R_MIME_SIG_PARSE_ERROR			 134
 #define PKCS7_R_MISSING_CERIPEND_INFO			 103
+#define PKCS7_R_NO_CONTENT				 122
+#define PKCS7_R_NO_CONTENT_TYPE				 135
+#define PKCS7_R_NO_MULTIPART_BODY_FAILURE		 136
+#define PKCS7_R_NO_MULTIPART_BOUNDARY			 137
+#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE	 115
+#define PKCS7_R_NO_SIGNATURES_ON_DATA			 123
+#define PKCS7_R_NO_SIGNERS				 142
+#define PKCS7_R_NO_SIG_CONTENT_TYPE			 138
 #define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE	 104
+#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR		 124
+#define PKCS7_R_PKCS7_DATAFINAL_ERROR			 125
+#define PKCS7_R_PKCS7_DATASIGN				 126
+#define PKCS7_R_PKCS7_PARSE_ERROR			 139
+#define PKCS7_R_PKCS7_SIG_PARSE_ERROR			 140
+#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE	 127
 #define PKCS7_R_SIGNATURE_FAILURE			 105
+#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND		 128
+#define PKCS7_R_SIG_INVALID_MIME_TYPE			 141
+#define PKCS7_R_SMIME_TEXT_ERROR			 129
 #define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE		 106
 #define PKCS7_R_UNABLE_TO_FIND_MEM_BIO			 107
 #define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST		 108
@@ -473,9 +443,8 @@ void PKCS7_set_attributes();
 #define PKCS7_R_UNSUPPORTED_CONTENT_TYPE		 112
 #define PKCS7_R_WRONG_CONTENT_TYPE			 113
 #define PKCS7_R_WRONG_PKCS7_TYPE			 114
- 
+
 #ifdef  __cplusplus
 }
 #endif
 #endif
-
diff --git a/crypto/pkcs7/pkcs7err.c b/crypto/pkcs7/pkcs7err.c
index f60c856f8a..5e51527a40 100644
--- a/crypto/pkcs7/pkcs7err.c
+++ b/crypto/pkcs7/pkcs7err.c
@@ -1,91 +1,135 @@
-/* lib/pkcs7/pkcs7_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/pkcs7/pkcs7err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "pkcs7.h"
+#include <openssl/err.h>
+#include <openssl/pkcs7.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA PKCS7_str_functs[]=
 	{
+{ERR_PACK(0,PKCS7_F_B64_READ_PKCS7,0),	"B64_READ_PKCS7"},
+{ERR_PACK(0,PKCS7_F_B64_WRITE_PKCS7,0),	"B64_WRITE_PKCS7"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,0),	"PKCS7_add_attrib_smimecap"},
 {ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0),	"PKCS7_add_certificate"},
 {ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0),	"PKCS7_add_crl"},
 {ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0),	"PKCS7_add_recipient_info"},
 {ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0),	"PKCS7_add_signer"},
 {ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0),	"PKCS7_ctrl"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DATADECODE,0),	"PKCS7_dataDecode"},
 {ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0),	"PKCS7_dataInit"},
-{ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0),	"PKCS7_dataSign"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0),	"PKCS7_DATASIGN"},
 {ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0),	"PKCS7_dataVerify"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DECRYPT,0),	"PKCS7_decrypt"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ENCRYPT,0),	"PKCS7_encrypt"},
+{ERR_PACK(0,PKCS7_F_PKCS7_GET0_SIGNERS,0),	"PKCS7_get0_signers"},
 {ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0),	"PKCS7_set_cipher"},
 {ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0),	"PKCS7_set_content"},
 {ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0),	"PKCS7_set_type"},
-{ERR_PACK(0,PKCS7_F_PKCS7_SIGNENVELOPEDECRYPT,0),	"PKCS7_SIGNENVELOPEDECRYPT"},
-{0,NULL},
+{ERR_PACK(0,PKCS7_F_PKCS7_SIGN,0),	"PKCS7_sign"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SIGNATUREVERIFY,0),	"PKCS7_signatureVerify"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SIMPLE_SMIMECAP,0),	"PKCS7_simple_smimecap"},
+{ERR_PACK(0,PKCS7_F_PKCS7_VERIFY,0),	"PKCS7_verify"},
+{ERR_PACK(0,PKCS7_F_SMIME_READ_PKCS7,0),	"SMIME_read_PKCS7"},
+{ERR_PACK(0,PKCS7_F_SMIME_TEXT,0),	"SMIME_text"},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA PKCS7_str_reasons[]=
 	{
+{PKCS7_R_CERTIFICATE_VERIFY_ERROR        ,"certificate verify error"},
+{PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ,"cipher has no object identifier"},
+{PKCS7_R_CIPHER_NOT_INITIALIZED          ,"cipher not initialized"},
+{PKCS7_R_CONTENT_AND_DATA_PRESENT        ,"content and data present"},
+{PKCS7_R_DECODE_ERROR                    ,"decode error"},
 {PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH   ,"decrypted key is wrong length"},
+{PKCS7_R_DECRYPT_ERROR                   ,"decrypt error"},
 {PKCS7_R_DIGEST_FAILURE                  ,"digest failure"},
-{PKCS7_R_INTERNAL_ERROR                  ,"internal error"},
+{PKCS7_R_ERROR_ADDING_RECIPIENT          ,"error adding recipient"},
+{PKCS7_R_ERROR_SETTING_CIPHER            ,"error setting cipher"},
+{PKCS7_R_INVALID_MIME_TYPE               ,"invalid mime type"},
+{PKCS7_R_INVALID_NULL_POINTER            ,"invalid null pointer"},
+{PKCS7_R_MIME_NO_CONTENT_TYPE            ,"mime no content type"},
+{PKCS7_R_MIME_PARSE_ERROR                ,"mime parse error"},
+{PKCS7_R_MIME_SIG_PARSE_ERROR            ,"mime sig parse error"},
 {PKCS7_R_MISSING_CERIPEND_INFO           ,"missing ceripend info"},
+{PKCS7_R_NO_CONTENT                      ,"no content"},
+{PKCS7_R_NO_CONTENT_TYPE                 ,"no content type"},
+{PKCS7_R_NO_MULTIPART_BODY_FAILURE       ,"no multipart body failure"},
+{PKCS7_R_NO_MULTIPART_BOUNDARY           ,"no multipart boundary"},
+{PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE,"no recipient matches certificate"},
+{PKCS7_R_NO_SIGNATURES_ON_DATA           ,"no signatures on data"},
+{PKCS7_R_NO_SIGNERS                      ,"no signers"},
+{PKCS7_R_NO_SIG_CONTENT_TYPE             ,"no sig content type"},
 {PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE,"operation not supported on this type"},
+{PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR       ,"pkcs7 add signature error"},
+{PKCS7_R_PKCS7_DATAFINAL_ERROR           ,"pkcs7 datafinal error"},
+{PKCS7_R_PKCS7_DATASIGN                  ,"pkcs7 datasign"},
+{PKCS7_R_PKCS7_PARSE_ERROR               ,"pkcs7 parse error"},
+{PKCS7_R_PKCS7_SIG_PARSE_ERROR           ,"pkcs7 sig parse error"},
+{PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"},
 {PKCS7_R_SIGNATURE_FAILURE               ,"signature failure"},
+{PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND    ,"signer certificate not found"},
+{PKCS7_R_SIG_INVALID_MIME_TYPE           ,"sig invalid mime type"},
+{PKCS7_R_SMIME_TEXT_ERROR                ,"smime text error"},
 {PKCS7_R_UNABLE_TO_FIND_CERTIFICATE      ,"unable to find certificate"},
 {PKCS7_R_UNABLE_TO_FIND_MEM_BIO          ,"unable to find mem bio"},
 {PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST   ,"unable to find message digest"},
@@ -95,19 +139,19 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
 {PKCS7_R_UNSUPPORTED_CONTENT_TYPE        ,"unsupported content type"},
 {PKCS7_R_WRONG_CONTENT_TYPE              ,"wrong content type"},
 {PKCS7_R_WRONG_PKCS7_TYPE                ,"wrong pkcs7 type"},
-{0,NULL},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_PKCS7_strings()
+void ERR_load_PKCS7_strings(void)
 	{
 	static int init=1;
 
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_functs);
 		ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_reasons);
 #endif
diff --git a/crypto/pkcs7/sign.c b/crypto/pkcs7/sign.c
index 6ad88d4688..8b59885f7e 100644
--- a/crypto/pkcs7/sign.c
+++ b/crypto/pkcs7/sign.c
@@ -56,29 +56,38 @@
  * [including the GNU Public Licence.]
  */
 #include <stdio.h>
-#include "bio.h"
-#include "x509.h"
-#include "pem.h"
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
 
-main(argc,argv)
+int main(argc,argv)
 int argc;
 char *argv[];
 	{
 	X509 *x509;
 	EVP_PKEY *pkey;
 	PKCS7 *p7;
-	PKCS7 *p7_data;
 	PKCS7_SIGNER_INFO *si;
 	BIO *in;
 	BIO *data,*p7bio;
 	char buf[1024*4];
-	int i,j;
+	int i;
 	int nodetach=0;
 
+#ifndef OPENSSL_NO_MD2
 	EVP_add_digest(EVP_md2());
+#endif
+#ifndef OPENSSL_NO_MD5
 	EVP_add_digest(EVP_md5());
+#endif
+#ifndef OPENSSL_NO_SHA1
 	EVP_add_digest(EVP_sha1());
+#endif
+#ifndef OPENSSL_NO_MDC2
 	EVP_add_digest(EVP_mdc2());
+#endif
 
 	data=BIO_new(BIO_s_file());
 again:
@@ -97,9 +106,9 @@ again:
 		BIO_set_fp(data,stdin,BIO_NOCLOSE);
 
 	if ((in=BIO_new_file("server.pem","r")) == NULL) goto err;
-	if ((x509=PEM_read_bio_X509(in,NULL,NULL)) == NULL) goto err;
+	if ((x509=PEM_read_bio_X509(in,NULL,NULL,NULL)) == NULL) goto err;
 	BIO_reset(in);
-	if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL)) == NULL) goto err;
+	if ((pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL)) == NULL) goto err;
 	BIO_free(in);
 
 	p7=PKCS7_new();
@@ -108,10 +117,9 @@ again:
 	si=PKCS7_add_signature(p7,x509,pkey,EVP_sha1());
 	if (si == NULL) goto err;
 
-	/* Add some extra attributes */
-	if (!add_signed_time(si)) goto err;
-	if (!add_signed_string(si,"SIGNED STRING")) goto err;
-	if (!add_signed_seq2string(si,"STRING1","STRING2")) goto err;
+	/* If you do this then you get signing time automatically added */
+	PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT,
+						OBJ_nid2obj(NID_pkcs7_data));
 
 	/* we may want to add more */
 	PKCS7_add_certificate(p7,x509);
diff --git a/crypto/pkcs7/t/f b/crypto/pkcs7/t/f
deleted file mode 100644
index 7f5dc67f54..0000000000
--- a/crypto/pkcs7/t/f
+++ /dev/null
@@ -1,2 +0,0 @@
-signed body
-
diff --git a/crypto/pkcs7/t/z b/crypto/pkcs7/t/z
deleted file mode 100644
index a5145e8d6e..0000000000
--- a/crypto/pkcs7/t/z
+++ /dev/null
@@ -1 +0,0 @@
-DQpzaWduZWQgYm9keQ0KDQo=

diff --git a/crypto/pkcs7/t/zz b/crypto/pkcs7/t/zz
deleted file mode 100644
index aabbbb3b99..0000000000
--- a/crypto/pkcs7/t/zz
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PKCS7-----
-MIAGCSqGSIb3DQEHA6CAMIICeQIBADGCAeYwgfACAQAwgZkwgZIxCzAJBgNVBAYT
-AkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgG
-A1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJT04g
-QU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQQICBH4wDQYJ
-KoZIhvcNAQEBBQAEQD3Y3b1iTf1FRja0hV17EZPYwVfcnofwsHxoNEmPDvzjcAuA
-nnNekzn5/zRCQBbAQ3YDo+XdXGIJ4ouLjfnNdXIwgfACAQAwgZkwgZIxCzAJBgNV
-BAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEa
-MBgGA1UEChMRQ3J5cHRzb2Z0IFB0eSBMdGQxIjAgBgNVBAsTGURFTU9OU1RSQVRJ
-T04gQU5EIFRFU1RJTkcxGzAZBgNVBAMTEkRFTU8gWkVSTyBWQUxVRSBDQQICBG4w
-DQYJKoZIhvcNAQEBBQAEQJH0h/Ie2+eMWZnwHahQISzW/EywbS7WTEoThEw8XIOo
-MIQBGrvNcyCfNJQjtaC/lRJIoOpwtEl5b6O9hRG/+ckwgYkGCSqGSIb3DQEHATAa
-BggqhkiG9w0DAjAOAgIAoAQIrLqrij2ZMpeAYIm7Z+q3kWVrlpOSL+SAIYIra/BG
-BOMOMkkOxDAepk5QaBaXHFDFlwdCfVShYK9gCWEPNRF1u6LrgNzStLbC2P6QT8id
-LrLbkfe4NUKaF8/UlE+lo3LtILS97lfJO5tIqgAAAAA=
------END PKCS7-----
diff --git a/crypto/pkcs7/verify.c b/crypto/pkcs7/verify.c
index 7e0f6e5fee..b40f26032e 100644
--- a/crypto/pkcs7/verify.c
+++ b/crypto/pkcs7/verify.c
@@ -56,43 +56,50 @@
  * [including the GNU Public Licence.]
  */
 #include <stdio.h>
-#include "asn1.h"
-#include "bio.h"
-#include "x509.h"
-#include "pem.h"
+#include <string.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include "example.h"
 
 int verify_callback(int ok, X509_STORE_CTX *ctx);
 
 BIO *bio_err=NULL;
 BIO *bio_out=NULL;
 
-main(argc,argv)
+int main(argc,argv)
 int argc;
 char *argv[];
 	{
-	X509 *x509,*x;
 	PKCS7 *p7;
-	PKCS7_SIGNED *s;
 	PKCS7_SIGNER_INFO *si;
-	PKCS7_ISSUER_AND_SERIAL *ias;
 	X509_STORE_CTX cert_ctx;
 	X509_STORE *cert_store=NULL;
-	X509_LOOKUP *lookup=NULL;
 	BIO *data,*detached=NULL,*p7bio=NULL;
 	char buf[1024*4];
-	unsigned char *p,*pp;
-	int i,j,printit=0;
-	STACK *sk;
+	char *pp;
+	int i,printit=0;
+	STACK_OF(PKCS7_SIGNER_INFO) *sk;
 
 	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
+#ifndef OPENSSL_NO_MD2
 	EVP_add_digest(EVP_md2());
+#endif
+#ifndef OPENSSL_NO_MD5
 	EVP_add_digest(EVP_md5());
+#endif
+#ifndef OPENSSL_NO_SHA1
 	EVP_add_digest(EVP_sha1());
+#endif
+#ifndef OPENSSL_NO_MDC2
 	EVP_add_digest(EVP_mdc2());
+#endif
 
 	data=BIO_new(BIO_s_file());
-again:
+
 	pp=NULL;
 	while (argc > 1)
 		{
@@ -123,7 +130,7 @@ again:
 
 
 	/* Load the PKCS7 object from a file */
-	if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL)) == NULL) goto err;
+	if ((p7=PEM_read_bio_PKCS7(data,NULL,NULL,NULL)) == NULL) goto err;
 
 	/* This stuff is being setup for certificate verification.
 	 * When using SSL, it could be replaced with a 
@@ -168,14 +175,15 @@ again:
 		}
 
 	/* Ok, first we need to, for each subject entry, see if we can verify */
-	for (i=0; i<sk_num(sk); i++)
+	for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sk); i++)
 		{
 		ASN1_UTCTIME *tm;
 		char *str1,*str2;
+		int rc;
 
-		si=(PKCS7_SIGNER_INFO *)sk_value(sk,i);
-		i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
-		if (i <= 0)
+		si=sk_PKCS7_SIGNER_INFO_value(sk,i);
+		rc=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
+		if (rc <= 0)
 			goto err;
 		printf("signer info\n");
 		if ((tm=get_signed_time(si)) != NULL)
@@ -190,7 +198,7 @@ again:
 			BIO_printf(bio_out,"String 1 is %s\n",str1);
 			BIO_printf(bio_out,"String 2 is %s\n",str2);
 			}
-			
+
 		}
 
 	X509_STORE_free(cert_store);
@@ -204,9 +212,7 @@ err:
 	}
 
 /* should be X509 * but we can just have them as char *. */
-int verify_callback(ok, ctx)
-int ok;
-X509_STORE_CTX *ctx;
+int verify_callback(int ok, X509_STORE_CTX *ctx)
 	{
 	char buf[256];
 	X509 *err_cert;
diff --git a/crypto/rand/.cvsignore b/crypto/rand/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/rand/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/rand/Makefile.ssl b/crypto/rand/Makefile.ssl
index ef693aec16..166895ee9c 100644
--- a/crypto/rand/Makefile.ssl
+++ b/crypto/rand/Makefile.ssl
@@ -7,9 +7,12 @@ TOP=	../..
 CC=	cc
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -20,8 +23,10 @@ TEST= randtest.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=md_rand.c randfile.c rand_lib.c
-LIBOBJ=md_rand.o randfile.o rand_lib.o
+LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c \
+	rand_win.c rand_unix.c rand_os2.c
+LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o \
+	rand_win.o rand_unix.o rand_os2.o
 
 SRC= $(LIBSRC)
 
@@ -37,24 +42,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -66,15 +70,126 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+md_rand.o: ../../e_os.h ../../include/openssl/aes.h
+md_rand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+md_rand.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+md_rand.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+md_rand.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+md_rand.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+md_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+md_rand.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+md_rand.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+md_rand.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+md_rand.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+md_rand.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+md_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md_rand.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+md_rand.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+md_rand.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+md_rand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+md_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+md_rand.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+md_rand.o: md_rand.c rand_lcl.h
+rand_egd.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+rand_egd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rand_egd.o: rand_egd.c
+rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+rand_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rand_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rand_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_err.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+rand_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_err.o: rand_err.c
+rand_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+rand_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rand_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rand_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+rand_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+rand_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+rand_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+rand_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rand_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rand_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+rand_lib.o: ../cryptlib.h rand_lib.c
+rand_os2.o: ../../e_os.h ../../include/openssl/aes.h
+rand_os2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rand_os2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rand_os2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_os2.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rand_os2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rand_os2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_os2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rand_os2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rand_os2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rand_os2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_os2.o: ../../include/openssl/opensslconf.h
+rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+rand_os2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rand_os2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rand_os2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_os2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_os2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_os2.o: ../cryptlib.h rand_lcl.h rand_os2.c
+rand_unix.o: ../../e_os.h ../../include/openssl/aes.h
+rand_unix.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rand_unix.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rand_unix.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_unix.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rand_unix.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rand_unix.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_unix.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rand_unix.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rand_unix.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rand_unix.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_unix.o: ../../include/openssl/opensslconf.h
+rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+rand_unix.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rand_unix.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rand_unix.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_unix.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_unix.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_unix.o: ../cryptlib.h rand_lcl.h rand_unix.c
+rand_win.o: ../../e_os.h ../../include/openssl/aes.h
+rand_win.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rand_win.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rand_win.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rand_win.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rand_win.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rand_win.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rand_win.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rand_win.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rand_win.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rand_win.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rand_win.o: ../../include/openssl/opensslconf.h
+rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rand_win.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+rand_win.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rand_win.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rand_win.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rand_win.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rand_win.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rand_win.o: ../cryptlib.h rand_lcl.h rand_win.c
+randfile.o: ../../e_os.h ../../include/openssl/crypto.h
+randfile.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+randfile.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+randfile.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+randfile.o: randfile.c
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index 35defdea30..eeffc0df4c 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -55,69 +55,82 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
-#include <stdio.h>
-#include "cryptlib.h"
-#include <sys/types.h>
-#include <time.h>
-
-#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
-#ifndef NO_MD5
-#define USE_MD5_RAND
-#elif !defined(NO_SHA1)
-#define USE_SHA1_RAND
-#elif !defined(NO_MDC2)
-#define USE_MDC2_RAND
-#elif !defined(NO_MD2)
-#define USE_MD2_RAND
-#else
-We need a message digest of some type 
-#endif
+#ifdef MD_RAND_DEBUG
+# ifndef NDEBUG
+#   define NDEBUG
+# endif
 #endif
 
-/* Changed how the state buffer used.  I now attempt to 'wrap' such
- * that I don't run over the same locations the next time  go through
- * the 1023 bytes - many thanks to
- * Robert J. LeBlanc <rjl@renaissoft.com> for his comments
- */
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
 
-#if defined(USE_MD5_RAND)
-#include "md5.h"
-#define MD_DIGEST_LENGTH	MD5_DIGEST_LENGTH
-#define MD_CTX			MD5_CTX
-#define MD_Init(a)		MD5_Init(a)
-#define MD_Update(a,b,c)	MD5_Update(a,b,c)
-#define	MD_Final(a,b)		MD5_Final(a,b)
-#define	MD(a,b,c)		MD5(a,b,c)
-#elif defined(USE_SHA1_RAND)
-#include "sha.h"
-#define MD_DIGEST_LENGTH	SHA_DIGEST_LENGTH
-#define MD_CTX			SHA_CTX
-#define MD_Init(a)		SHA1_Init(a)
-#define MD_Update(a,b,c)	SHA1_Update(a,b,c)
-#define	MD_Final(a,b)		SHA1_Final(a,b)
-#define	MD(a,b,c)		SHA1(a,b,c)
-#elif defined(USE_MDC2_RAND)
-#include "mdc2.h"
-#define MD_DIGEST_LENGTH	MDC2_DIGEST_LENGTH
-#define MD_CTX			MDC2_CTX
-#define MD_Init(a)		MDC2_Init(a)
-#define MD_Update(a,b,c)	MDC2_Update(a,b,c)
-#define	MD_Final(a,b)		MDC2_Final(a,b)
-#define	MD(a,b,c)		MDC2(a,b,c)
-#elif defined(USE_MD2_RAND)
-#include "md2.h"
-#define MD_DIGEST_LENGTH	MD2_DIGEST_LENGTH
-#define MD_CTX			MD2_CTX
-#define MD_Init(a)		MD2_Init(a)
-#define MD_Update(a,b,c)	MD2_Update(a,b,c)
-#define	MD_Final(a,b)		MD2_Final(a,b)
-#define	MD(a,b,c)		MD2(a,b,c)
-#endif
+#include "e_os.h"
+
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#include <openssl/crypto.h>
+#include <openssl/err.h>
 
-#include "rand.h"
+#ifdef BN_DEBUG
+# define PREDICT
+#endif
 
-/* #define NORAND	1 */
 /* #define PREDICT	1 */
 
 #define STATE_SIZE	1023
@@ -125,50 +138,102 @@ static int state_num=0,state_index=0;
 static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
 static unsigned char md[MD_DIGEST_LENGTH];
 static long md_count[2]={0,0};
+static double entropy=0;
+static int initialized=0;
+
+static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
+                                           * holds CRYPTO_LOCK_RAND
+                                           * (to prevent double locking) */
+/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
+static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */
+
 
-char *RAND_version="RAND part of SSLeay 0.9.1a 06-Jul-1998";
+#ifdef PREDICT
+int rand_predictable=0;
+#endif
+
+const char *RAND_version="RAND" OPENSSL_VERSION_PTEXT;
 
 static void ssleay_rand_cleanup(void);
-static void ssleay_rand_seed(unsigned char *buf, int num);
-static void ssleay_rand_bytes(unsigned char *buf, int num);
+static void ssleay_rand_seed(const void *buf, int num);
+static void ssleay_rand_add(const void *buf, int num, double add_entropy);
+static int ssleay_rand_bytes(unsigned char *buf, int num);
+static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
+static int ssleay_rand_status(void);
 
-RAND_METHOD rand_ssleay={
+RAND_METHOD rand_ssleay_meth={
 	ssleay_rand_seed,
 	ssleay_rand_bytes,
 	ssleay_rand_cleanup,
+	ssleay_rand_add,
+	ssleay_rand_pseudo_bytes,
+	ssleay_rand_status
 	}; 
 
-RAND_METHOD *RAND_SSLeay()
+RAND_METHOD *RAND_SSLeay(void)
 	{
-	return(&rand_ssleay);
+	return(&rand_ssleay_meth);
 	}
 
-static void ssleay_rand_cleanup()
+static void ssleay_rand_cleanup(void)
 	{
-	memset(state,0,sizeof(state));
+	OPENSSL_cleanse(state,sizeof(state));
 	state_num=0;
 	state_index=0;
-	memset(md,0,MD_DIGEST_LENGTH);
+	OPENSSL_cleanse(md,MD_DIGEST_LENGTH);
 	md_count[0]=0;
 	md_count[1]=0;
+	entropy=0;
+	initialized=0;
 	}
 
-static void ssleay_rand_seed(buf,num)
-unsigned char *buf;
-int num;
+static void ssleay_rand_add(const void *buf, int num, double add)
 	{
-	int i,j,k,st_idx,st_num;
-	MD_CTX m;
-
-#ifdef NORAND
-	return;
-#endif
+	int i,j,k,st_idx;
+	long md_c[2];
+	unsigned char local_md[MD_DIGEST_LENGTH];
+	EVP_MD_CTX m;
+	int do_not_lock;
+
+	/*
+	 * (Based on the rand(3) manpage)
+	 *
+	 * The input is chopped up into units of 20 bytes (or less for
+	 * the last block).  Each of these blocks is run through the hash
+	 * function as follows:  The data passed to the hash function
+	 * is the current 'md', the same number of bytes from the 'state'
+	 * (the location determined by in incremented looping index) as
+	 * the current 'block', the new key data 'block', and 'count'
+	 * (which is incremented after each use).
+	 * The result of this is kept in 'md' and also xored into the
+	 * 'state' at the same locations that were used as input into the
+         * hash function.
+	 */
+
+	/* check if we already have the lock */
+	if (crypto_lock_rand)
+		{
+		CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
+		do_not_lock = (locking_thread == CRYPTO_thread_id());
+		CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
+		}
+	else
+		do_not_lock = 0;
 
-	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+	if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 	st_idx=state_index;
-	st_num=state_num;
 
-	state_index=(state_index+num);
+	/* use our own copies of the counters so that even
+	 * if a concurrent thread seeds with exactly the
+	 * same data and uses the same subarray there's _some_
+	 * difference */
+	md_c[0] = md_count[0];
+	md_c[1] = md_count[1];
+
+	memcpy(local_md, md, sizeof md);
+
+	/* state_index <= state_num <= STATE_SIZE */
+	state_index += num;
 	if (state_index >= STATE_SIZE)
 		{
 		state_index%=STATE_SIZE;
@@ -179,15 +244,24 @@ int num;
 		if (state_index > state_num)
 			state_num=state_index;
 		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+	/* state_index <= state_num <= STATE_SIZE */
+
+	/* state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE]
+	 * are what we will use now, but other threads may use them
+	 * as well */
 
+	md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
+
+	if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+	EVP_MD_CTX_init(&m);
 	for (i=0; i<num; i+=MD_DIGEST_LENGTH)
 		{
 		j=(num-i);
 		j=(j > MD_DIGEST_LENGTH)?MD_DIGEST_LENGTH:j;
 
 		MD_Init(&m);
-		MD_Update(&m,md,MD_DIGEST_LENGTH);
+		MD_Update(&m,local_md,MD_DIGEST_LENGTH);
 		k=(st_idx+j)-STATE_SIZE;
 		if (k > 0)
 			{
@@ -198,232 +272,301 @@ int num;
 			MD_Update(&m,&(state[st_idx]),j);
 			
 		MD_Update(&m,buf,j);
-		MD_Update(&m,(unsigned char *)&(md_count[0]),sizeof(md_count));
-		MD_Final(md,&m);
-		md_count[1]++;
+		MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
+		MD_Final(&m,local_md);
+		md_c[1]++;
 
-		buf+=j;
+		buf=(const char *)buf + j;
 
 		for (k=0; k<j; k++)
 			{
-			state[st_idx++]^=md[k];
+			/* Parallel threads may interfere with this,
+			 * but always each byte of the new state is
+			 * the XOR of some previous value of its
+			 * and local_md (itermediate values may be lost).
+			 * Alway using locking could hurt performance more
+			 * than necessary given that conflicts occur only
+			 * when the total seeding is longer than the random
+			 * state. */
+			state[st_idx++]^=local_md[k];
 			if (st_idx >= STATE_SIZE)
-				{
 				st_idx=0;
-				st_num=STATE_SIZE;
-				}
 			}
 		}
-	memset((char *)&m,0,sizeof(m));
+	EVP_MD_CTX_cleanup(&m);
+
+	if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+	/* Don't just copy back local_md into md -- this could mean that
+	 * other thread's seeding remains without effect (except for
+	 * the incremented counter).  By XORing it we keep at least as
+	 * much entropy as fits into md. */
+	for (k = 0; k < sizeof md; k++)
+		{
+		md[k] ^= local_md[k];
+		}
+	if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
+	    entropy += add;
+	if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+	
+#if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
+	assert(md_c[1] == md_count[1]);
+#endif
+	}
+
+static void ssleay_rand_seed(const void *buf, int num)
+	{
+	ssleay_rand_add(buf, num, num);
 	}
 
-static void ssleay_rand_bytes(buf,num)
-unsigned char *buf;
-int num;
+static int ssleay_rand_bytes(unsigned char *buf, int num)
 	{
+	static volatile int stirred_pool = 0;
 	int i,j,k,st_num,st_idx;
-	MD_CTX m;
-	static int init=1;
-	unsigned long l;
-#ifdef DEVRANDOM
-	FILE *fh;
+	int num_ceil;
+	int ok;
+	long md_c[2];
+	unsigned char local_md[MD_DIGEST_LENGTH];
+	EVP_MD_CTX m;
+#ifndef GETPID_IS_MEANINGLESS
+	pid_t curr_pid = getpid();
 #endif
+	int do_stir_pool = 0;
 
 #ifdef PREDICT
-	{
-	static unsigned char val=0;
+	if (rand_predictable)
+		{
+		static unsigned char val=0;
 
-	for (i=0; i<num; i++)
-		buf[i]=val++;
-	return;
-	}
+		for (i=0; i<num; i++)
+			buf[i]=val++;
+		return(1);
+		}
 #endif
 
+	if (num <= 0)
+		return 1;
+
+	EVP_MD_CTX_init(&m);
+	/* round upwards to multiple of MD_DIGEST_LENGTH/2 */
+	num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2);
+
+	/*
+	 * (Based on the rand(3) manpage:)
+	 *
+	 * For each group of 10 bytes (or less), we do the following:
+	 *
+	 * Input into the hash function the local 'md' (which is initialized from
+	 * the global 'md' before any bytes are generated), the bytes that are to
+	 * be overwritten by the random bytes, and bytes from the 'state'
+	 * (incrementing looping index). From this digest output (which is kept
+	 * in 'md'), the top (up to) 10 bytes are returned to the caller and the
+	 * bottom 10 bytes are xored into the 'state'.
+	 * 
+	 * Finally, after we have finished 'num' random bytes for the
+	 * caller, 'count' (which is incremented) and the local and global 'md'
+	 * are fed into the hash function and the results are kept in the
+	 * global 'md'.
+	 */
+
 	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 
-	if (init)
+	/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
+	CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
+	locking_thread = CRYPTO_thread_id();
+	CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
+	crypto_lock_rand = 1;
+
+	if (!initialized)
 		{
-		init=0;
-		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-		/* put in some default random data, we need more than
-		 * just this */
-		RAND_seed((unsigned char *)&m,sizeof(m));
-#ifndef MSDOS
-		l=getpid();
-		RAND_seed((unsigned char *)&l,sizeof(l));
-		l=getuid();
-		RAND_seed((unsigned char *)&l,sizeof(l));
-#endif
-		l=time(NULL);
-		RAND_seed((unsigned char *)&l,sizeof(l));
-
-/* #ifdef DEVRANDOM */
-		/* 
-		 * Use a random entropy pool device.
-		 * Linux 1.3.x and FreeBSD-Current has 
-		 * this. Use /dev/urandom if you can
-		 * as /dev/random will block if it runs out
-		 * of random entries.
+		RAND_poll();
+		initialized = 1;
+		}
+	
+	if (!stirred_pool)
+		do_stir_pool = 1;
+	
+	ok = (entropy >= ENTROPY_NEEDED);
+	if (!ok)
+		{
+		/* If the PRNG state is not yet unpredictable, then seeing
+		 * the PRNG output may help attackers to determine the new
+		 * state; thus we have to decrease the entropy estimate.
+		 * Once we've had enough initial seeding we don't bother to
+		 * adjust the entropy count, though, because we're not ambitious
+		 * to provide *information-theoretic* randomness.
+		 *
+		 * NOTE: This approach fails if the program forks before
+		 * we have enough entropy. Entropy should be collected
+		 * in a separate input pool and be transferred to the
+		 * output pool only when the entropy limit has been reached.
 		 */
-		if ((fh = fopen(DEVRANDOM, "r")) != NULL)
+		entropy -= num;
+		if (entropy < 0)
+			entropy = 0;
+		}
+
+	if (do_stir_pool)
+		{
+		/* In the output function only half of 'md' remains secret,
+		 * so we better make sure that the required entropy gets
+		 * 'evenly distributed' through 'state', our randomness pool.
+		 * The input function (ssleay_rand_add) chains all of 'md',
+		 * which makes it more suitable for this purpose.
+		 */
+
+		int n = STATE_SIZE; /* so that the complete pool gets accessed */
+		while (n > 0)
 			{
-			unsigned char tmpbuf[32];
-
-			fread((unsigned char *)tmpbuf,1,32,fh);
-			/* we don't care how many bytes we read,
-			 * we will just copy the 'stack' if there is
-			 * nothing else :-) */
-			fclose(fh);
-			RAND_seed(tmpbuf,32);
-			memset(tmpbuf,0,32);
-			}
-/* #endif */
-#ifdef PURIFY
-		memset(state,0,STATE_SIZE);
-		memset(md,0,MD_DIGEST_LENGTH);
+#if MD_DIGEST_LENGTH > 20
+# error "Please adjust DUMMY_SEED."
 #endif
-		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+#define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */
+			/* Note that the seed does not matter, it's just that
+			 * ssleay_rand_add expects to have something to hash. */
+			ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0);
+			n -= MD_DIGEST_LENGTH;
+			}
+		if (ok)
+			stirred_pool = 1;
 		}
 
 	st_idx=state_index;
 	st_num=state_num;
-	state_index+=num;
+	md_c[0] = md_count[0];
+	md_c[1] = md_count[1];
+	memcpy(local_md, md, sizeof md);
+
+	state_index+=num_ceil;
 	if (state_index > state_num)
-		state_index=(state_index%state_num);
+		state_index %= state_num;
+
+	/* state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num]
+	 * are now ours (but other threads may use them too) */
 
+	md_count[0] += 1;
+
+	/* before unlocking, we must clear 'crypto_lock_rand' */
+	crypto_lock_rand = 0;
 	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
 
 	while (num > 0)
 		{
+		/* num_ceil -= MD_DIGEST_LENGTH/2 */
 		j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num;
 		num-=j;
 		MD_Init(&m);
-		MD_Update(&m,&(md[MD_DIGEST_LENGTH/2]),MD_DIGEST_LENGTH/2);
-		MD_Update(&m,(unsigned char *)&(md_count[0]),sizeof(md_count));
+#ifndef GETPID_IS_MEANINGLESS
+		if (curr_pid) /* just in the first iteration to save time */
+			{
+			MD_Update(&m,(unsigned char*)&curr_pid,sizeof curr_pid);
+			curr_pid = 0;
+			}
+#endif
+		MD_Update(&m,local_md,MD_DIGEST_LENGTH);
+		MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
 #ifndef PURIFY
 		MD_Update(&m,buf,j); /* purify complains */
 #endif
-		k=(st_idx+j)-st_num;
+		k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
 		if (k > 0)
 			{
-			MD_Update(&m,&(state[st_idx]),j-k);
+			MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k);
 			MD_Update(&m,&(state[0]),k);
 			}
 		else
-			MD_Update(&m,&(state[st_idx]),j);
-		MD_Final(md,&m);
+			MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2);
+		MD_Final(&m,local_md);
 
-		for (i=0; i<j; i++)
+		for (i=0; i<MD_DIGEST_LENGTH/2; i++)
 			{
+			state[st_idx++]^=local_md[i]; /* may compete with other threads */
 			if (st_idx >= st_num)
 				st_idx=0;
-			state[st_idx++]^=md[i];
-			*(buf++)=md[i+MD_DIGEST_LENGTH/2];
+			if (i < j)
+				*(buf++)=local_md[i+MD_DIGEST_LENGTH/2];
 			}
 		}
 
 	MD_Init(&m);
-	MD_Update(&m,(unsigned char *)&(md_count[0]),sizeof(md_count));
-	md_count[0]++;
+	MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
+	MD_Update(&m,local_md,MD_DIGEST_LENGTH);
+	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
 	MD_Update(&m,md,MD_DIGEST_LENGTH);
-	MD_Final(md,&m);
-	memset(&m,0,sizeof(m));
+	MD_Final(&m,md);
+	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+	EVP_MD_CTX_cleanup(&m);
+	if (ok)
+		return(1);
+	else
+		{
+		RANDerr(RAND_F_SSLEAY_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED);
+		ERR_add_error_data(1, "You need to read the OpenSSL FAQ, "
+			"http://www.openssl.org/support/faq.html");
+		return(0);
+		}
 	}
 
-#ifdef WINDOWS
-#include <windows.h>
-#include <rand.h>
+/* pseudo-random bytes that are guaranteed to be unique but not
+   unpredictable */
+static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) 
+	{
+	int ret;
+	unsigned long err;
 
-/*****************************************************************************
- * Initialisation function for the SSL random generator.  Takes the contents
- * of the screen as random seed.
- *
- * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
- *
- * Code adapted from
- * <URL:http://www.microsoft.com/kb/developr/win_dk/q97193.htm>;
- * the original copyright message is:
- *
-//   (C) Copyright Microsoft Corp. 1993.  All rights reserved.
-//
-//   You have a royalty-free right to use, modify, reproduce and
-//   distribute the Sample Files (and/or any modified version) in
-//   any way you find useful, provided that you agree that
-//   Microsoft has no warranty obligations or liability for any
-//   Sample Application Files which are modified.
- */
-/*
- * I have modified the loading of bytes via RAND_seed() mechanism since
- * the origional would have been very very CPU intensive since RAND_seed()
- * does an MD5 per 16 bytes of input.  The cost to digest 16 bytes is the same
- * as that to digest 56 bytes.  So under the old system, a screen of
- * 1024*768*256 would have been CPU cost of approximatly 49,000 56 byte MD5
- * digests or digesting 2.7 mbytes.  What I have put in place would
- * be 48 16k MD5 digests, or efectivly 48*16+48 MD5 bytes or 816 kbytes
- * or about 3.5 times as much.
- * - eric 
- */
-void RAND_screen(void)
-{
-  HDC		hScrDC;		/* screen DC */
-  HDC		hMemDC;		/* memory DC */
-  HBITMAP	hBitmap;	/* handle for our bitmap */
-  HBITMAP	hOldBitmap;	/* handle for previous bitmap */
-  BITMAP	bm;		/* bitmap properties */
-  unsigned int	size;		/* size of bitmap */
-  char		*bmbits;	/* contents of bitmap */
-  int		w;		/* screen width */
-  int		h;		/* screen height */
-  int		y;		/* y-coordinate of screen lines to grab */
-  int		n = 16;		/* number of screen lines to grab at a time */
-
-  /* Create a screen DC and a memory DC compatible to screen DC */
-  hScrDC = CreateDC("DISPLAY", NULL, NULL, NULL);
-  hMemDC = CreateCompatibleDC(hScrDC);
-
-  /* Get screen resolution */
-  w = GetDeviceCaps(hScrDC, HORZRES);
-  h = GetDeviceCaps(hScrDC, VERTRES);
-
-  /* Create a bitmap compatible with the screen DC */
-  hBitmap = CreateCompatibleBitmap(hScrDC, w, n);
-
-  /* Select new bitmap into memory DC */
-  hOldBitmap = SelectObject(hMemDC, hBitmap);
-
-  /* Get bitmap properties */
-  GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bm);
-  size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes;
-
-  bmbits = Malloc(size);
-  if (bmbits) {
-    /* Now go through the whole screen, repeatedly grabbing n lines */
-    for (y = 0; y < h-n; y += n)
-    	{
-	unsigned char md[MD_DIGEST_LENGTH];
-
-	/* Bitblt screen DC to memory DC */
-	BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY);
-
-	/* Copy bitmap bits from memory DC to bmbits */
-	GetBitmapBits(hBitmap, size, bmbits);
-
-	/* Get the MD5 of the bitmap */
-	MD(bmbits,size,md);
-
-	/* Seed the random generator with the MD5 digest */
-	RAND_seed(md, MD_DIGEST_LENGTH);
+	ret = RAND_bytes(buf, num);
+	if (ret == 0)
+		{
+		err = ERR_peek_error();
+		if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
+		    ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
+			(void)ERR_get_error();
+		}
+	return (ret);
 	}
 
-    Free(bmbits);
-  }
+static int ssleay_rand_status(void)
+	{
+	int ret;
+	int do_not_lock;
+
+	/* check if we already have the lock
+	 * (could happen if a RAND_poll() implementation calls RAND_status()) */
+	if (crypto_lock_rand)
+		{
+		CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
+		do_not_lock = (locking_thread == CRYPTO_thread_id());
+		CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
+		}
+	else
+		do_not_lock = 0;
+	
+	if (!do_not_lock)
+		{
+		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+		
+		/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
+		CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
+		locking_thread = CRYPTO_thread_id();
+		CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
+		crypto_lock_rand = 1;
+		}
+	
+	if (!initialized)
+		{
+		RAND_poll();
+		initialized = 1;
+		}
 
-  /* Select old bitmap back into memory DC */
-  hBitmap = SelectObject(hMemDC, hOldBitmap);
+	ret = entropy >= ENTROPY_NEEDED;
 
-  /* Clean up */
-  DeleteObject(hBitmap);
-  DeleteDC(hMemDC);
-  DeleteDC(hScrDC);
-}
-#endif
+	if (!do_not_lock)
+		{
+		/* before unlocking, we must clear 'crypto_lock_rand' */
+		crypto_lock_rand = 0;
+		
+		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+		}
+	
+	return ret;
+	}
diff --git a/crypto/rand/rand.h b/crypto/rand/rand.h
index f5edcb9a54..66e39991ec 100644
--- a/crypto/rand/rand.h
+++ b/crypto/rand/rand.h
@@ -59,53 +59,73 @@
 #ifndef HEADER_RAND_H
 #define HEADER_RAND_H
 
+#include <stdlib.h>
+#include <openssl/ossl_typ.h>
+#include <openssl/e_os2.h>
+
+#if defined(OPENSSL_SYS_WINDOWS)
+#include <windows.h>
+#endif
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
 typedef struct rand_meth_st
 	{
-#ifndef NOPROTO
-	void (*seed)(unsigned char *buf, int num);
-	void (*bytes)(unsigned char *buf, int num);
+	void (*seed)(const void *buf, int num);
+	int (*bytes)(unsigned char *buf, int num);
 	void (*cleanup)(void);
-#else
-	void (*seed)();
-	void (*bytes)();
-	void (*cleanup)();
-#endif
+	void (*add)(const void *buf, int num, double entropy);
+	int (*pseudorand)(unsigned char *buf, int num);
+	int (*status)(void);
 	} RAND_METHOD;
 
-#ifndef NOPROTO
-void RAND_set_rand_method(RAND_METHOD *meth);
-RAND_METHOD *RAND_get_rand_method(void );
+#ifdef BN_DEBUG
+extern int rand_predictable;
+#endif
+
+int RAND_set_rand_method(const RAND_METHOD *meth);
+const RAND_METHOD *RAND_get_rand_method(void);
+int RAND_set_rand_engine(ENGINE *engine);
 RAND_METHOD *RAND_SSLeay(void);
 void RAND_cleanup(void );
-void RAND_bytes( unsigned char *buf,int num);
-void RAND_seed( unsigned char *buf,int num);
-int  RAND_load_file(char *file,long max_bytes);
-int  RAND_write_file(char *file);
-char *RAND_file_name(char *file,int num);
-#ifdef WINDOWS
+int  RAND_bytes(unsigned char *buf,int num);
+int  RAND_pseudo_bytes(unsigned char *buf,int num);
+void RAND_seed(const void *buf,int num);
+void RAND_add(const void *buf,int num,double entropy);
+int  RAND_load_file(const char *file,long max_bytes);
+int  RAND_write_file(const char *file);
+const char *RAND_file_name(char *file,size_t num);
+int RAND_status(void);
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
+int RAND_egd(const char *path);
+int RAND_egd_bytes(const char *path,int bytes);
+int RAND_poll(void);
+
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+
 void RAND_screen(void);
+int RAND_event(UINT, WPARAM, LPARAM);
+
 #endif
-#else
-void RAND_set_rand_method();
-RAND_METHOD *RAND_get_rand_method();
-RAND_METHOD *RAND_SSLeay();
-void RAND_cleanup();
-void RAND_bytes();
-void RAND_seed();
-int  RAND_load_file();
-int  RAND_write_file();
-char *RAND_file_name();
-#ifdef WINDOWS
-void RAND_screen();
-#endif
-#endif
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_RAND_strings(void);
+
+/* Error codes for the RAND functions. */
+
+/* Function codes. */
+#define RAND_F_RAND_GET_RAND_METHOD			 101
+#define RAND_F_SSLEAY_RAND_BYTES			 100
+
+/* Reason codes. */
+#define RAND_R_PRNG_NOT_SEEDED				 100
 
 #ifdef  __cplusplus
 }
 #endif
-
 #endif
diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c
new file mode 100644
index 0000000000..1f168221e3
--- /dev/null
+++ b/crypto/rand/rand_egd.c
@@ -0,0 +1,298 @@
+/* crypto/rand/rand_egd.c */
+/* Written by Ulf Moeller and Lutz Jaenicke for the OpenSSL project. */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/e_os2.h>
+#include <openssl/rand.h>
+
+/*
+ * Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
+ *
+ * This module supplies three routines:
+ *
+ * RAND_query_egd_bytes(path, buf, bytes)
+ *   will actually query "bytes" bytes of entropy form the egd-socket located
+ *   at path and will write them to buf (if supplied) or will directly feed
+ *   it to RAND_seed() if buf==NULL.
+ *   The number of bytes is not limited by the maximum chunk size of EGD,
+ *   which is 255 bytes. If more than 255 bytes are wanted, several chunks
+ *   of entropy bytes are requested. The connection is left open until the
+ *   query is competed.
+ *   RAND_query_egd_bytes() returns with
+ *     -1  if an error occured during connection or communication.
+ *     num the number of bytes read from the EGD socket. This number is either
+ *         the number of bytes requested or smaller, if the EGD pool is
+ *         drained and the daemon signals that the pool is empty.
+ *   This routine does not touch any RAND_status(). This is necessary, since
+ *   PRNG functions may call it during initialization.
+ *
+ * RAND_egd_bytes(path, bytes) will query "bytes" bytes and have them
+ *   used to seed the PRNG.
+ *   RAND_egd_bytes() is a wrapper for RAND_query_egd_bytes() with buf=NULL.
+ *   Unlike RAND_query_egd_bytes(), RAND_status() is used to test the
+ *   seed status so that the return value can reflect the seed state:
+ *     -1  if an error occured during connection or communication _or_
+ *         if the PRNG has still not received the required seeding.
+ *     num the number of bytes read from the EGD socket. This number is either
+ *         the number of bytes requested or smaller, if the EGD pool is
+ *         drained and the daemon signals that the pool is empty.
+ *
+ * RAND_egd(path) will query 255 bytes and use the bytes retreived to seed
+ *   the PRNG.
+ *   RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
+ */
+
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS)
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
+	{
+	return(-1);
+	}
+int RAND_egd(const char *path)
+	{
+	return(-1);
+	}
+
+int RAND_egd_bytes(const char *path,int bytes)
+	{
+	return(-1);
+	}
+#else
+#include <openssl/opensslconf.h>
+#include OPENSSL_UNISTD
+#include <sys/types.h>
+#include <sys/socket.h>
+#ifndef NO_SYS_UN_H
+# ifdef OPENSSL_SYS_VXWORKS
+#   include <streams/un.h>
+# else
+#   include <sys/un.h>
+# endif
+#else
+struct	sockaddr_un {
+	short	sun_family;		/* AF_UNIX */
+	char	sun_path[108];		/* path name (gag) */
+};
+#endif /* NO_SYS_UN_H */
+#include <string.h>
+#include <errno.h>
+
+#ifndef offsetof
+#  define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
+#endif
+
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
+	{
+	int ret = 0;
+	struct sockaddr_un addr;
+	int len, num, numbytes;
+	int fd = -1;
+	int success;
+	unsigned char egdbuf[2], tempbuf[255], *retrievebuf;
+
+	memset(&addr, 0, sizeof(addr));
+	addr.sun_family = AF_UNIX;
+	if (strlen(path) >= sizeof(addr.sun_path))
+		return (-1);
+	strcpy(addr.sun_path,path);
+	len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
+	fd = socket(AF_UNIX, SOCK_STREAM, 0);
+	if (fd == -1) return (-1);
+	success = 0;
+	while (!success)
+	    {
+	    if (connect(fd, (struct sockaddr *)&addr, len) == 0)
+	       success = 1;
+	    else
+		{
+		switch (errno)
+		    {
+#ifdef EINTR
+		    case EINTR:
+#endif
+#ifdef EAGAIN
+		    case EAGAIN:
+#endif
+#ifdef EINPROGRESS
+		    case EINPROGRESS:
+#endif
+#ifdef EALREADY
+		    case EALREADY:
+#endif
+			/* No error, try again */
+			break;
+#ifdef EISCONN
+		    case EISCONN:
+			success = 1;
+			break;
+#endif
+		    default:
+			goto err;	/* failure */
+		    }
+		}
+	    }
+
+	while(bytes > 0)
+	    {
+	    egdbuf[0] = 1;
+	    egdbuf[1] = bytes < 255 ? bytes : 255;
+	    numbytes = 0;
+	    while (numbytes != 2)
+		{
+	        num = write(fd, egdbuf + numbytes, 2 - numbytes);
+	        if (num >= 0)
+		    numbytes += num;
+	    	else
+		    {
+		    switch (errno)
+		    	{
+#ifdef EINTR
+		    	case EINTR:
+#endif
+#ifdef EAGAIN
+		    	case EAGAIN:
+#endif
+			    /* No error, try again */
+			    break;
+		    	default:
+			    ret = -1;
+			    goto err;	/* failure */
+			}
+		    }
+		}
+	    numbytes = 0;
+	    while (numbytes != 1)
+		{
+	        num = read(fd, egdbuf, 1);
+	        if (num >= 0)
+		    numbytes += num;
+	    	else
+		    {
+		    switch (errno)
+		    	{
+#ifdef EINTR
+		    	case EINTR:
+#endif
+#ifdef EAGAIN
+		    	case EAGAIN:
+#endif
+			    /* No error, try again */
+			    break;
+		    	default:
+			    ret = -1;
+			    goto err;	/* failure */
+			}
+		    }
+		}
+	    if(egdbuf[0] == 0)
+		goto err;
+	    if (buf)
+		retrievebuf = buf + ret;
+	    else
+		retrievebuf = tempbuf;
+	    numbytes = 0;
+	    while (numbytes != egdbuf[0])
+		{
+	        num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes);
+	        if (num >= 0)
+		    numbytes += num;
+	    	else
+		    {
+		    switch (errno)
+		    	{
+#ifdef EINTR
+		    	case EINTR:
+#endif
+#ifdef EAGAIN
+		    	case EAGAIN:
+#endif
+			    /* No error, try again */
+			    break;
+		    	default:
+			    ret = -1;
+			    goto err;	/* failure */
+			}
+		    }
+		}
+	    ret += egdbuf[0];
+	    bytes -= egdbuf[0];
+	    if (!buf)
+		RAND_seed(tempbuf, egdbuf[0]);
+	    }
+ err:
+	if (fd != -1) close(fd);
+	return(ret);
+	}
+
+
+int RAND_egd_bytes(const char *path, int bytes)
+	{
+	int num, ret = 0;
+
+	num = RAND_query_egd_bytes(path, NULL, bytes);
+	if (num < 1) goto err;
+	if (RAND_status() == 1)
+	    ret = num;
+ err:
+	return(ret);
+	}
+
+
+int RAND_egd(const char *path)
+	{
+	return (RAND_egd_bytes(path, 255));
+	}
+
+
+#endif
diff --git a/crypto/rand/rand_err.c b/crypto/rand/rand_err.c
new file mode 100644
index 0000000000..b77267e213
--- /dev/null
+++ b/crypto/rand/rand_err.c
@@ -0,0 +1,95 @@
+/* crypto/rand/rand_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA RAND_str_functs[]=
+	{
+{ERR_PACK(0,RAND_F_RAND_GET_RAND_METHOD,0),	"RAND_get_rand_method"},
+{ERR_PACK(0,RAND_F_SSLEAY_RAND_BYTES,0),	"SSLEAY_RAND_BYTES"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA RAND_str_reasons[]=
+	{
+{RAND_R_PRNG_NOT_SEEDED                  ,"PRNG not seeded"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_RAND_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(ERR_LIB_RAND,RAND_str_functs);
+		ERR_load_strings(ERR_LIB_RAND,RAND_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h
new file mode 100644
index 0000000000..618a8ec899
--- /dev/null
+++ b/crypto/rand/rand_lcl.h
@@ -0,0 +1,158 @@
+/* crypto/rand/rand_lcl.h */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_RAND_LCL_H
+#define HEADER_RAND_LCL_H
+
+#define ENTROPY_NEEDED 32  /* require 256 bits = 32 bytes of randomness */
+
+
+#if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
+#define USE_SHA1_RAND
+#elif !defined(OPENSSL_NO_MD5)
+#define USE_MD5_RAND
+#elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
+#define USE_MDC2_RAND
+#elif !defined(OPENSSL_NO_MD2)
+#define USE_MD2_RAND
+#else
+#error No message digest algorithm available
+#endif
+#endif
+
+#include <openssl/evp.h>
+#define MD_Update(a,b,c)	EVP_DigestUpdate(a,b,c)
+#define	MD_Final(a,b)		EVP_DigestFinal_ex(a,b,NULL)
+#if defined(USE_MD5_RAND)
+#include <openssl/md5.h>
+#define MD_DIGEST_LENGTH	MD5_DIGEST_LENGTH
+#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_md5(), NULL)
+#define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_md5(), NULL)
+#elif defined(USE_SHA1_RAND)
+#include <openssl/sha.h>
+#define MD_DIGEST_LENGTH	SHA_DIGEST_LENGTH
+#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_sha1(), NULL)
+#define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_sha1(), NULL)
+#elif defined(USE_MDC2_RAND)
+#include <openssl/mdc2.h>
+#define MD_DIGEST_LENGTH	MDC2_DIGEST_LENGTH
+#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_mdc2(), NULL)
+#define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_mdc2(), NULL)
+#elif defined(USE_MD2_RAND)
+#include <openssl/md2.h>
+#define MD_DIGEST_LENGTH	MD2_DIGEST_LENGTH
+#define MD_Init(a)		EVP_DigestInit_ex(a,EVP_md2(), NULL)
+#define	MD(a,b,c)		EVP_Digest(a,b,c,NULL,EVP_md2(), NULL)
+#endif
+
+
+#endif
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index c4b44e5186..5cf5dc1188 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -57,48 +57,110 @@
  */
 
 #include <stdio.h>
-#include "cryptlib.h"
-#include <sys/types.h>
 #include <time.h>
-#include "rand.h"
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/engine.h>
 
-#ifdef NO_RAND
-static RAND_METHOD *rand_meth=NULL;
-#else
-extern RAND_METHOD rand_ssleay;
-static RAND_METHOD *rand_meth= &rand_ssleay;
-#endif
+/* non-NULL if default_RAND_meth is ENGINE-provided */
+static ENGINE *funct_ref =NULL;
+static const RAND_METHOD *default_RAND_meth = NULL;
 
-void RAND_set_rand_method(meth)
-RAND_METHOD *meth;
+int RAND_set_rand_method(const RAND_METHOD *meth)
 	{
-	rand_meth=meth;
+	if(funct_ref)
+		{
+		ENGINE_finish(funct_ref);
+		funct_ref = NULL;
+		}
+	default_RAND_meth = meth;
+	return 1;
 	}
 
-RAND_METHOD *RAND_get_rand_method()
+const RAND_METHOD *RAND_get_rand_method(void)
 	{
-	return(rand_meth);
+	if (!default_RAND_meth)
+		{
+		ENGINE *e = ENGINE_get_default_RAND();
+		if(e)
+			{
+			default_RAND_meth = ENGINE_get_RAND(e);
+			if(!default_RAND_meth)
+				{
+				ENGINE_finish(e);
+				e = NULL;
+				}
+			}
+		if(e)
+			funct_ref = e;
+		else
+			default_RAND_meth = RAND_SSLeay();
+		}
+	return default_RAND_meth;
 	}
 
-void RAND_cleanup()
+int RAND_set_rand_engine(ENGINE *engine)
 	{
-	if (rand_meth != NULL)
-		rand_meth->cleanup();
+	const RAND_METHOD *tmp_meth = NULL;
+	if(engine)
+		{
+		if(!ENGINE_init(engine))
+			return 0;
+		tmp_meth = ENGINE_get_RAND(engine);
+		if(!tmp_meth)
+			{
+			ENGINE_finish(engine);
+			return 0;
+			}
+		}
+	/* This function releases any prior ENGINE so call it first */
+	RAND_set_rand_method(tmp_meth);
+	funct_ref = engine;
+	return 1;
 	}
 
-void RAND_seed(buf,num)
-unsigned char *buf;
-int num;
+void RAND_cleanup(void)
 	{
-	if (rand_meth != NULL)
-		rand_meth->seed(buf,num);
+	const RAND_METHOD *meth = RAND_get_rand_method();
+	if (meth && meth->cleanup)
+		meth->cleanup();
+	RAND_set_rand_method(NULL);
 	}
 
-void RAND_bytes(buf,num)
-unsigned char *buf;
-int num;
+void RAND_seed(const void *buf, int num)
 	{
-	if (rand_meth != NULL)
-		rand_meth->bytes(buf,num);
+	const RAND_METHOD *meth = RAND_get_rand_method();
+	if (meth && meth->seed)
+		meth->seed(buf,num);
 	}
 
+void RAND_add(const void *buf, int num, double entropy)
+	{
+	const RAND_METHOD *meth = RAND_get_rand_method();
+	if (meth && meth->add)
+		meth->add(buf,num,entropy);
+	}
+
+int RAND_bytes(unsigned char *buf, int num)
+	{
+	const RAND_METHOD *meth = RAND_get_rand_method();
+	if (meth && meth->bytes)
+		return meth->bytes(buf,num);
+	return(-1);
+	}
+
+int RAND_pseudo_bytes(unsigned char *buf, int num)
+	{
+	const RAND_METHOD *meth = RAND_get_rand_method();
+	if (meth && meth->pseudorand)
+		return meth->pseudorand(buf,num);
+	return(-1);
+	}
+
+int RAND_status(void)
+	{
+	const RAND_METHOD *meth = RAND_get_rand_method();
+	if (meth && meth->status)
+		return meth->status();
+	return 0;
+	}
diff --git a/crypto/rand/rand_os2.c b/crypto/rand/rand_os2.c
new file mode 100644
index 0000000000..c3e36d4e5e
--- /dev/null
+++ b/crypto/rand/rand_os2.c
@@ -0,0 +1,147 @@
+/* crypto/rand/rand_os2.c */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#ifdef OPENSSL_SYS_OS2
+
+#define INCL_DOSPROCESS
+#define INCL_DOSPROFILE
+#define INCL_DOSMISC
+#define INCL_DOSMODULEMGR
+#include <os2.h>
+
+#define   CMD_KI_RDCNT    (0x63)
+
+typedef struct _CPUUTIL {
+    ULONG ulTimeLow;            /* Low 32 bits of time stamp      */
+    ULONG ulTimeHigh;           /* High 32 bits of time stamp     */
+    ULONG ulIdleLow;            /* Low 32 bits of idle time       */
+    ULONG ulIdleHigh;           /* High 32 bits of idle time      */
+    ULONG ulBusyLow;            /* Low 32 bits of busy time       */
+    ULONG ulBusyHigh;           /* High 32 bits of busy time      */
+    ULONG ulIntrLow;            /* Low 32 bits of interrupt time  */
+    ULONG ulIntrHigh;           /* High 32 bits of interrupt time */
+} CPUUTIL;
+
+APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1, ULONG ulParm2, ULONG ulParm3) = NULL;
+APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid, ULONG _res_, PVOID buf, ULONG bufsz) = NULL;
+HMODULE hDoscalls = 0;
+
+int RAND_poll(void)
+{
+    char failed_module[20];
+    QWORD qwTime;
+    ULONG SysVars[QSV_FOREGROUND_PROCESS];
+
+    if (hDoscalls == 0) {
+        ULONG rc = DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS", &hDoscalls);
+
+        if (rc == 0) {
+            rc = DosQueryProcAddr(hDoscalls, 976, NULL, (PFN *)&DosPerfSysCall);
+
+            if (rc)
+                DosPerfSysCall = NULL;
+
+            rc = DosQueryProcAddr(hDoscalls, 368, NULL, (PFN *)&DosQuerySysState);
+
+            if (rc)
+                DosQuerySysState = NULL;
+        }
+    }
+
+    /* Sample the hi-res timer, runs at around 1.1 MHz */
+    DosTmrQueryTime(&qwTime);
+    RAND_add(&qwTime, sizeof(qwTime), 2);
+
+    /* Sample a bunch of system variables, includes various process & memory statistics */
+    DosQuerySysInfo(1, QSV_FOREGROUND_PROCESS, SysVars, sizeof(SysVars));
+    RAND_add(SysVars, sizeof(SysVars), 4);
+
+    /* If available, sample CPU registers that count at CPU MHz
+     * Only fairly new CPUs (PPro & K6 onwards) & OS/2 versions support this
+     */
+    if (DosPerfSysCall) {
+        CPUUTIL util;
+
+        if (DosPerfSysCall(CMD_KI_RDCNT, (ULONG)&util, 0, 0) == 0) {
+            RAND_add(&util, sizeof(util), 10);
+        }
+        else {
+            DosPerfSysCall = NULL;
+        }
+    }
+
+    /* DosQuerySysState() gives us a huge quantity of process, thread, memory & handle stats */
+    if (DosQuerySysState) {
+        char *buffer = OPENSSL_malloc(256 * 1024);
+
+        if (DosQuerySysState(0x1F, 0, 0, 0, buffer, 256 * 1024) == 0) {
+            /* First 4 bytes in buffer is a pointer to the thread count
+             * there should be at least 1 byte of entropy per thread
+             */
+            RAND_add(buffer, 256 * 1024, **(ULONG **)buffer);
+        }
+
+        OPENSSL_free(buffer);
+        return 1;
+    }
+
+    return 0;
+}
+
+#endif /* OPENSSL_SYS_OS2 */
diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c
new file mode 100644
index 0000000000..a776e52243
--- /dev/null
+++ b/crypto/rand/rand_unix.c
@@ -0,0 +1,245 @@
+/* crypto/rand/rand_unix.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define USE_SOCKETS
+#include "e_os.h"
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS))
+
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/times.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <time.h>
+
+int RAND_poll(void)
+{
+	unsigned long l;
+	pid_t curr_pid = getpid();
+#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+	unsigned char tmpbuf[ENTROPY_NEEDED];
+	int n = 0;
+#endif
+#ifdef DEVRANDOM
+	static const char *randomfiles[] = { DEVRANDOM, NULL };
+	const char **randomfile = NULL;
+	int fd;
+#endif
+#ifdef DEVRANDOM_EGD
+	static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
+	const char **egdsocket = NULL;
+#endif
+
+#ifdef DEVRANDOM
+	/* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
+	 * have this. Use /dev/urandom if you can as /dev/random may block
+	 * if it runs out of random entries.  */
+
+	for (randomfile = randomfiles; *randomfile && n < ENTROPY_NEEDED; randomfile++)
+		{
+		if ((fd = open(*randomfile, O_RDONLY|O_NONBLOCK
+#ifdef O_NOCTTY /* If it happens to be a TTY (god forbid), do not make it
+		   our controlling tty */
+			|O_NOCTTY
+#endif
+#ifdef O_NOFOLLOW /* Fail if the file is a symbolic link */
+			|O_NOFOLLOW
+#endif
+			)) >= 0)
+			{
+			struct timeval t = { 0, 10*1000 }; /* Spend 10ms on
+							      each file. */
+			int r;
+			fd_set fset;
+
+			do
+				{
+				FD_ZERO(&fset);
+				FD_SET(fd, &fset);
+				r = -1;
+
+				if (select(fd+1,&fset,NULL,NULL,&t) < 0)
+					t.tv_usec=0;
+				else if (FD_ISSET(fd, &fset))
+					{
+					r=read(fd,(unsigned char *)tmpbuf+n,
+					       ENTROPY_NEEDED-n);
+					if (r > 0)
+						n += r;
+					}
+
+				/* Some Unixen will update t, some
+				   won't.  For those who won't, give
+				   up here, otherwise, we will do
+				   this once again for the remaining
+				   time. */
+				if (t.tv_usec == 10*1000)
+					t.tv_usec=0;
+				}
+			while ((r > 0 || (errno == EINTR || errno == EAGAIN))
+				&& t.tv_usec != 0 && n < ENTROPY_NEEDED);
+
+			close(fd);
+			}
+		}
+#endif
+
+#ifdef DEVRANDOM_EGD
+	/* Use an EGD socket to read entropy from an EGD or PRNGD entropy
+	 * collecting daemon. */
+
+	for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED; egdsocket++)
+		{
+		int r;
+
+		r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf+n,
+					 ENTROPY_NEEDED-n);
+		if (r > 0)
+			n += r;
+		}
+#endif
+
+#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+	if (n > 0)
+		{
+		RAND_add(tmpbuf,sizeof tmpbuf,n);
+		OPENSSL_cleanse(tmpbuf,n);
+		}
+#endif
+
+	/* put in some default random data, we need more than just this */
+	l=curr_pid;
+	RAND_add(&l,sizeof(l),0);
+	l=getuid();
+	RAND_add(&l,sizeof(l),0);
+
+	l=time(NULL);
+	RAND_add(&l,sizeof(l),0);
+
+#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+	return 1;
+#else
+	return 0;
+#endif
+}
+
+#endif
+
+#if defined(OPENSSL_SYS_VXWORKS)
+int RAND_poll(void)
+{
+    return 0;
+}
+#endif
diff --git a/crypto/rand/rand_vms.c b/crypto/rand/rand_vms.c
new file mode 100644
index 0000000000..29b2d7af0b
--- /dev/null
+++ b/crypto/rand/rand_vms.c
@@ -0,0 +1,135 @@
+/* crypto/rand/rand_vms.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#if defined(OPENSSL_SYS_VMS)
+
+#include <descrip.h>
+#include <jpidef.h>
+#include <ssdef.h>
+#include <starlet.h>
+#ifdef __DECC
+# pragma message disable DOLLARID
+#endif
+
+static struct items_data_st
+	{
+	short length, code;	/* length is amount of bytes */
+	} items_data[] =
+		{ { 4, JPI$_BUFIO },
+		  { 4, JPI$_CPUTIM },
+		  { 4, JPI$_DIRIO },
+		  { 8, JPI$_LOGINTIM },
+		  { 4, JPI$_PAGEFLTS },
+		  { 4, JPI$_PID },
+		  { 4, JPI$_WSSIZE },
+		  { 0, 0 }
+		};
+		  
+int RAND_poll(void)
+	{
+	long pid, iosb[2];
+	int status = 0;
+	struct
+		{
+		short length, code;
+		long *buffer;
+		int *retlen;
+		} item[32], *pitem;
+	unsigned char data_buffer[256];
+	short total_length = 0;
+	struct items_data_st *pitems_data;
+
+	pitems_data = items_data;
+	pitem = item;
+
+	/* Setup */
+	while (pitems_data->length)
+		{
+		pitem->length = pitems_data->length;
+		pitem->code = pitems_data->code;
+		pitem->buffer = (long *)data_buffer[total_length];
+		pitem->retlen = 0;
+		total_length += pitems_data->length;
+		pitems_data++;
+		pitem++;
+		}
+	pitem->length = pitem->code = 0;
+
+	/*
+	 * Scan through all the processes in the system and add entropy with
+	 * results from the processes that were possible to look at.
+	 * However, view the information as only half trustable.
+	 */
+	pid = -1;			/* search context */
+	while ((status = sys$getjpiw(0, &pid,  0, item, iosb, 0, 0))
+		!= SS$_NOMOREPROC)
+		{
+		if (status == SS$_NORMAL)
+			{
+			RAND_add(data_buffer, total_length, total_length/2);
+			}
+		}
+	sys$gettim(iosb);
+	RAND_add((unsigned char *)iosb, sizeof(iosb), sizeof(iosb)/2);
+	return 1;
+}
+
+#endif
diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c
new file mode 100644
index 0000000000..113b58678f
--- /dev/null
+++ b/crypto/rand/rand_win.c
@@ -0,0 +1,721 @@
+/* crypto/rand/rand_win.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_lcl.h"
+
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+#include <windows.h>
+#ifndef _WIN32_WINNT
+# define _WIN32_WINNT 0x0400
+#endif
+#include <wincrypt.h>
+#include <tlhelp32.h>
+
+/* Intel hardware RNG CSP -- available from
+ * http://developer.intel.com/design/security/rng/redist_license.htm
+ */
+#define PROV_INTEL_SEC 22
+#define INTEL_DEF_PROV TEXT("Intel Hardware Cryptographic Service Provider")
+
+static void readtimer(void);
+static void readscreen(void);
+
+/* It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined
+   when WINVER is 0x0500 and up, which currently only happens on Win2000.
+   Unfortunately, those are typedefs, so they're a little bit difficult to
+   detect properly.  On the other hand, the macro CURSOR_SHOWING is defined
+   within the same conditional, so it can be use to detect the absence of said
+   typedefs. */
+
+#ifndef CURSOR_SHOWING
+/*
+ * Information about the global cursor.
+ */
+typedef struct tagCURSORINFO
+{
+    DWORD   cbSize;
+    DWORD   flags;
+    HCURSOR hCursor;
+    POINT   ptScreenPos;
+} CURSORINFO, *PCURSORINFO, *LPCURSORINFO;
+
+#define CURSOR_SHOWING     0x00000001
+#endif /* CURSOR_SHOWING */
+
+typedef BOOL (WINAPI *CRYPTACQUIRECONTEXT)(HCRYPTPROV *, LPCTSTR, LPCTSTR,
+				    DWORD, DWORD);
+typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *);
+typedef BOOL (WINAPI *CRYPTRELEASECONTEXT)(HCRYPTPROV, DWORD);
+
+typedef HWND (WINAPI *GETFOREGROUNDWINDOW)(VOID);
+typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO);
+typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
+
+typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
+typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD);
+typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
+typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
+typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32);
+typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32);
+typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32);
+
+#include <lmcons.h>
+#ifndef OPENSSL_SYS_WINCE
+#include <lmstats.h>
+#endif
+#if 1 /* The NET API is Unicode only.  It requires the use of the UNICODE
+       * macro.  When UNICODE is defined LPTSTR becomes LPWSTR.  LMSTR was
+       * was added to the Platform SDK to allow the NET API to be used in
+       * non-Unicode applications provided that Unicode strings were still
+       * used for input.  LMSTR is defined as LPWSTR.
+       */
+typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET)
+        (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*);
+typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE);
+#endif /* 1 */
+
+int RAND_poll(void)
+{
+	MEMORYSTATUS m;
+	HCRYPTPROV hProvider = 0;
+	BYTE buf[64];
+	DWORD w;
+	HWND h;
+
+	HMODULE advapi, kernel, user, netapi;
+	CRYPTACQUIRECONTEXT acquire = 0;
+	CRYPTGENRANDOM gen = 0;
+	CRYPTRELEASECONTEXT release = 0;
+#if 1 /* There was previously a problem with NETSTATGET.  Currently, this
+       * section is still experimental, but if all goes well, this conditional
+       * will be removed
+       */
+	NETSTATGET netstatget = 0;
+	NETFREE netfree = 0;
+#endif /* 1 */
+
+	/* Determine the OS version we are on so we can turn off things 
+	 * that do not work properly.
+	 */
+        OSVERSIONINFO osverinfo ;
+        osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ;
+        GetVersionEx( &osverinfo ) ;
+
+#if defined(OPENSSL_SYS_WINCE) && WCEPLATFORM!=MS_HPC_PRO
+	/* poll the CryptoAPI PRNG */
+	/* The CryptoAPI returns sizeof(buf) bytes of randomness */
+	if (CryptAcquireContext(&hProvider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
+		{
+		if (CryptGenRandom(hProvider, sizeof(buf), buf))
+			RAND_add(buf, sizeof(buf), sizeof(buf));
+		CryptReleaseContext(hProvider, 0); 
+		}
+#endif
+
+	/* load functions dynamically - not available on all systems */
+	advapi = LoadLibrary(TEXT("ADVAPI32.DLL"));
+	kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
+	user = LoadLibrary(TEXT("USER32.DLL"));
+	netapi = LoadLibrary(TEXT("NETAPI32.DLL"));
+
+#ifndef OPENSSL_SYS_WINCE
+#if 1 /* There was previously a problem with NETSTATGET.  Currently, this
+       * section is still experimental, but if all goes well, this conditional
+       * will be removed
+       */
+	if (netapi)
+		{
+		netstatget = (NETSTATGET) GetProcAddress(netapi,TEXT("NetStatisticsGet"));
+		netfree = (NETFREE) GetProcAddress(netapi,TEXT("NetApiBufferFree"));
+		}
+
+	if (netstatget && netfree)
+		{
+		LPBYTE outbuf;
+		/* NetStatisticsGet() is a Unicode only function
+ 		 * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0
+		 * contains 17 fields.  We treat each field as a source of
+		 * one byte of entropy.
+                 */
+
+		if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0)
+			{
+			RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45);
+			netfree(outbuf);
+			}
+		if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0)
+			{
+			RAND_add(outbuf, sizeof(STAT_SERVER_0), 17);
+			netfree(outbuf);
+			}
+		}
+
+	if (netapi)
+		FreeLibrary(netapi);
+#endif /* 1 */
+#endif /* !OPENSSL_SYS_WINCE */
+ 
+#ifndef OPENSSL_SYS_WINCE
+        /* It appears like this can cause an exception deep within ADVAPI32.DLL
+         * at random times on Windows 2000.  Reported by Jeffrey Altman.  
+         * Only use it on NT.
+	 */
+	/* Wolfgang Marczy <WMarczy@topcall.co.at> reports that
+	 * the RegQueryValueEx call below can hang on NT4.0 (SP6).
+	 * So we don't use this at all for now. */
+#if 0
+        if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+		osverinfo.dwMajorVersion < 5)
+		{
+		/* Read Performance Statistics from NT/2000 registry
+		 * The size of the performance data can vary from call
+		 * to call so we must guess the size of the buffer to use
+		 * and increase its size if we get an ERROR_MORE_DATA
+		 * return instead of ERROR_SUCCESS.
+		 */
+		LONG   rc=ERROR_MORE_DATA;
+		char * buf=NULL;
+		DWORD bufsz=0;
+		DWORD length;
+
+		while (rc == ERROR_MORE_DATA)
+			{
+			buf = realloc(buf,bufsz+8192);
+			if (!buf)
+				break;
+			bufsz += 8192;
+
+			length = bufsz;
+			rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"),
+				NULL, NULL, buf, &length);
+			}
+		if (rc == ERROR_SUCCESS)
+			{
+                        /* For entropy count assume only least significant
+			 * byte of each DWORD is random.
+			 */
+			RAND_add(&length, sizeof(length), 0);
+			RAND_add(buf, length, length / 4.0);
+
+			/* Close the Registry Key to allow Windows to cleanup/close
+			 * the open handle
+			 * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened
+			 *       when the RegQueryValueEx above is done.  However, if
+			 *       it is not explicitly closed, it can cause disk
+			 *       partition manipulation problems.
+			 */
+			RegCloseKey(HKEY_PERFORMANCE_DATA);
+			}
+		if (buf)
+			free(buf);
+		}
+#endif
+#endif /* !OPENSSL_SYS_WINCE */
+
+	if (advapi)
+		{
+		acquire = (CRYPTACQUIRECONTEXT) GetProcAddress(advapi,
+			TEXT("CryptAcquireContextA"));
+		gen = (CRYPTGENRANDOM) GetProcAddress(advapi,
+			TEXT("CryptGenRandom"));
+		release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
+			TEXT("CryptReleaseContext"));
+		}
+
+	if (acquire && gen && release)
+		{
+		/* poll the CryptoAPI PRNG */
+                /* The CryptoAPI returns sizeof(buf) bytes of randomness */
+		if (acquire(&hProvider, 0, 0, PROV_RSA_FULL,
+			CRYPT_VERIFYCONTEXT))
+			{
+			if (gen(hProvider, sizeof(buf), buf) != 0)
+				{
+				RAND_add(buf, sizeof(buf), 0);
+#if 0
+				printf("randomness from PROV_RSA_FULL\n");
+#endif
+				}
+			release(hProvider, 0); 
+			}
+		
+		/* poll the Pentium PRG with CryptoAPI */
+		if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0))
+			{
+			if (gen(hProvider, sizeof(buf), buf) != 0)
+				{
+				RAND_add(buf, sizeof(buf), sizeof(buf));
+#if 0
+				printf("randomness from PROV_INTEL_SEC\n");
+#endif
+				}
+			release(hProvider, 0);
+			}
+		}
+
+        if (advapi)
+		FreeLibrary(advapi);
+
+	/* timer data */
+	readtimer();
+	
+	/* memory usage statistics */
+	GlobalMemoryStatus(&m);
+	RAND_add(&m, sizeof(m), 1);
+
+	/* process ID */
+	w = GetCurrentProcessId();
+	RAND_add(&w, sizeof(w), 1);
+
+	if (user)
+		{
+		GETCURSORINFO cursor;
+		GETFOREGROUNDWINDOW win;
+		GETQUEUESTATUS queue;
+
+		win = (GETFOREGROUNDWINDOW) GetProcAddress(user, TEXT("GetForegroundWindow"));
+		cursor = (GETCURSORINFO) GetProcAddress(user, TEXT("GetCursorInfo"));
+		queue = (GETQUEUESTATUS) GetProcAddress(user, TEXT("GetQueueStatus"));
+
+		if (win)
+			{
+			/* window handle */
+			h = win();
+			RAND_add(&h, sizeof(h), 0);
+			}
+		if (cursor)
+			{
+			/* unfortunately, its not safe to call GetCursorInfo()
+			 * on NT4 even though it exists in SP3 (or SP6) and
+			 * higher.
+			 */
+			if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+				osverinfo.dwMajorVersion < 5)
+				cursor = 0;
+			}
+		if (cursor)
+			{
+			/* cursor position */
+                        /* assume 2 bytes of entropy */
+			CURSORINFO ci;
+			ci.cbSize = sizeof(CURSORINFO);
+			if (cursor(&ci))
+				RAND_add(&ci, ci.cbSize, 2);
+			}
+
+		if (queue)
+			{
+			/* message queue status */
+                        /* assume 1 byte of entropy */
+			w = queue(QS_ALLEVENTS);
+			RAND_add(&w, sizeof(w), 1);
+			}
+
+		FreeLibrary(user);
+		}
+
+	/* Toolhelp32 snapshot: enumerate processes, threads, modules and heap
+	 * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm
+	 * (Win 9x and 2000 only, not available on NT)
+	 *
+	 * This seeding method was proposed in Peter Gutmann, Software
+	 * Generation of Practically Strong Random Numbers,
+	 * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
+     * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
+	 * (The assignment of entropy estimates below is arbitrary, but based
+	 * on Peter's analysis the full poll appears to be safe. Additional
+	 * interactive seeding is encouraged.)
+	 */
+
+	if (kernel)
+		{
+		CREATETOOLHELP32SNAPSHOT snap;
+		HANDLE handle;
+
+		HEAP32FIRST heap_first;
+		HEAP32NEXT heap_next;
+		HEAP32LIST heaplist_first, heaplist_next;
+		PROCESS32 process_first, process_next;
+		THREAD32 thread_first, thread_next;
+		MODULE32 module_first, module_next;
+
+		HEAPLIST32 hlist;
+		HEAPENTRY32 hentry;
+		PROCESSENTRY32 p;
+		THREADENTRY32 t;
+		MODULEENTRY32 m;
+
+		snap = (CREATETOOLHELP32SNAPSHOT)
+			GetProcAddress(kernel, TEXT("CreateToolhelp32Snapshot"));
+		heap_first = (HEAP32FIRST) GetProcAddress(kernel, TEXT("Heap32First"));
+		heap_next = (HEAP32NEXT) GetProcAddress(kernel, TEXT("Heap32Next"));
+		heaplist_first = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListFirst"));
+		heaplist_next = (HEAP32LIST) GetProcAddress(kernel, TEXT("Heap32ListNext"));
+		process_first = (PROCESS32) GetProcAddress(kernel, TEXT("Process32First"));
+		process_next = (PROCESS32) GetProcAddress(kernel, TEXT("Process32Next"));
+		thread_first = (THREAD32) GetProcAddress(kernel, TEXT("Thread32First"));
+		thread_next = (THREAD32) GetProcAddress(kernel, TEXT("Thread32Next"));
+		module_first = (MODULE32) GetProcAddress(kernel, TEXT("Module32First"));
+		module_next = (MODULE32) GetProcAddress(kernel, TEXT("Module32Next"));
+
+		if (snap && heap_first && heap_next && heaplist_first &&
+			heaplist_next && process_first && process_next &&
+			thread_first && thread_next && module_first &&
+			module_next && (handle = snap(TH32CS_SNAPALL,0))
+			!= NULL)
+			{
+			/* heap list and heap walking */
+                        /* HEAPLIST32 contains 3 fields that will change with
+                         * each entry.  Consider each field a source of 1 byte
+                         * of entropy.
+                         * HEAPENTRY32 contains 5 fields that will change with 
+                         * each entry.  Consider each field a source of 1 byte
+                         * of entropy.
+                         */
+			hlist.dwSize = sizeof(HEAPLIST32);		
+			if (heaplist_first(handle, &hlist))
+				do
+					{
+					RAND_add(&hlist, hlist.dwSize, 3);
+					hentry.dwSize = sizeof(HEAPENTRY32);
+					if (heap_first(&hentry,
+						hlist.th32ProcessID,
+						hlist.th32HeapID))
+						{
+						int entrycnt = 80;
+						do
+							RAND_add(&hentry,
+								hentry.dwSize, 5);
+						while (heap_next(&hentry)
+							&& --entrycnt > 0);
+						}
+					} while (heaplist_next(handle,
+						&hlist));
+			
+			/* process walking */
+                        /* PROCESSENTRY32 contains 9 fields that will change
+                         * with each entry.  Consider each field a source of
+                         * 1 byte of entropy.
+                         */
+			p.dwSize = sizeof(PROCESSENTRY32);
+			if (process_first(handle, &p))
+				do
+					RAND_add(&p, p.dwSize, 9);
+				while (process_next(handle, &p));
+
+			/* thread walking */
+                        /* THREADENTRY32 contains 6 fields that will change
+                         * with each entry.  Consider each field a source of
+                         * 1 byte of entropy.
+                         */
+			t.dwSize = sizeof(THREADENTRY32);
+			if (thread_first(handle, &t))
+				do
+					RAND_add(&t, t.dwSize, 6);
+				while (thread_next(handle, &t));
+
+			/* module walking */
+                        /* MODULEENTRY32 contains 9 fields that will change
+                         * with each entry.  Consider each field a source of
+                         * 1 byte of entropy.
+                         */
+			m.dwSize = sizeof(MODULEENTRY32);
+			if (module_first(handle, &m))
+				do
+					RAND_add(&m, m.dwSize, 9);
+				while (module_next(handle, &m));
+
+			CloseHandle(handle);
+			}
+
+		FreeLibrary(kernel);
+		}
+
+#if 0
+	printf("Exiting RAND_poll\n");
+#endif
+
+	return(1);
+}
+
+int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
+        {
+        double add_entropy=0;
+
+        switch (iMsg)
+                {
+        case WM_KEYDOWN:
+                        {
+                        static WPARAM key;
+                        if (key != wParam)
+                                add_entropy = 0.05;
+                        key = wParam;
+                        }
+                        break;
+	case WM_MOUSEMOVE:
+                        {
+                        static int lastx,lasty,lastdx,lastdy;
+                        int x,y,dx,dy;
+
+                        x=LOWORD(lParam);
+                        y=HIWORD(lParam);
+                        dx=lastx-x;
+                        dy=lasty-y;
+                        if (dx != 0 && dy != 0 && dx-lastdx != 0 && dy-lastdy != 0)
+                                add_entropy=.2;
+                        lastx=x, lasty=y;
+                        lastdx=dx, lastdy=dy;
+                        }
+		break;
+		}
+
+	readtimer();
+        RAND_add(&iMsg, sizeof(iMsg), add_entropy);
+	RAND_add(&wParam, sizeof(wParam), 0);
+	RAND_add(&lParam, sizeof(lParam), 0);
+ 
+	return (RAND_status());
+	}
+
+
+void RAND_screen(void) /* function available for backward compatibility */
+{
+	RAND_poll();
+	readscreen();
+}
+
+
+/* feed timing information to the PRNG */
+static void readtimer(void)
+{
+	DWORD w;
+	LARGE_INTEGER l;
+	static int have_perfc = 1;
+#if defined(_MSC_VER) && !defined(OPENSSL_SYS_WINCE)
+	static int have_tsc = 1;
+	DWORD cyclecount;
+
+	if (have_tsc) {
+	  __try {
+	    __asm {
+	      _emit 0x0f
+	      _emit 0x31
+	      mov cyclecount, eax
+	      }
+	    RAND_add(&cyclecount, sizeof(cyclecount), 1);
+	  } __except(EXCEPTION_EXECUTE_HANDLER) {
+	    have_tsc = 0;
+	  }
+	}
+#else
+# define have_tsc 0
+#endif
+
+	if (have_perfc) {
+	  if (QueryPerformanceCounter(&l) == 0)
+	    have_perfc = 0;
+	  else
+	    RAND_add(&l, sizeof(l), 0);
+	}
+
+	if (!have_tsc && !have_perfc) {
+	  w = GetTickCount();
+	  RAND_add(&w, sizeof(w), 0);
+	}
+}
+
+/* feed screen contents to PRNG */
+/*****************************************************************************
+ *
+ * Created 960901 by Gertjan van Oosten, gertjan@West.NL, West Consulting B.V.
+ *
+ * Code adapted from
+ * <URL:http://www.microsoft.com/kb/developr/win_dk/q97193.htm>;
+ * the original copyright message is:
+ *
+ *   (C) Copyright Microsoft Corp. 1993.  All rights reserved.
+ *
+ *   You have a royalty-free right to use, modify, reproduce and
+ *   distribute the Sample Files (and/or any modified version) in
+ *   any way you find useful, provided that you agree that
+ *   Microsoft has no warranty obligations or liability for any
+ *   Sample Application Files which are modified.
+ */
+
+static void readscreen(void)
+{
+#ifndef OPENSSL_SYS_WINCE
+  HDC		hScrDC;		/* screen DC */
+  HDC		hMemDC;		/* memory DC */
+  HBITMAP	hBitmap;	/* handle for our bitmap */
+  HBITMAP	hOldBitmap;	/* handle for previous bitmap */
+  BITMAP	bm;		/* bitmap properties */
+  unsigned int	size;		/* size of bitmap */
+  char		*bmbits;	/* contents of bitmap */
+  int		w;		/* screen width */
+  int		h;		/* screen height */
+  int		y;		/* y-coordinate of screen lines to grab */
+  int		n = 16;		/* number of screen lines to grab at a time */
+
+  /* Create a screen DC and a memory DC compatible to screen DC */
+  hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL);
+  hMemDC = CreateCompatibleDC(hScrDC);
+
+  /* Get screen resolution */
+  w = GetDeviceCaps(hScrDC, HORZRES);
+  h = GetDeviceCaps(hScrDC, VERTRES);
+
+  /* Create a bitmap compatible with the screen DC */
+  hBitmap = CreateCompatibleBitmap(hScrDC, w, n);
+
+  /* Select new bitmap into memory DC */
+  hOldBitmap = SelectObject(hMemDC, hBitmap);
+
+  /* Get bitmap properties */
+  GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bm);
+  size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes;
+
+  bmbits = OPENSSL_malloc(size);
+  if (bmbits) {
+    /* Now go through the whole screen, repeatedly grabbing n lines */
+    for (y = 0; y < h-n; y += n)
+    	{
+	unsigned char md[MD_DIGEST_LENGTH];
+
+	/* Bitblt screen DC to memory DC */
+	BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY);
+
+	/* Copy bitmap bits from memory DC to bmbits */
+	GetBitmapBits(hBitmap, size, bmbits);
+
+	/* Get the hash of the bitmap */
+	MD(bmbits,size,md);
+
+	/* Seed the random generator with the hash value */
+	RAND_add(md, MD_DIGEST_LENGTH, 0);
+	}
+
+    OPENSSL_free(bmbits);
+  }
+
+  /* Select old bitmap back into memory DC */
+  hBitmap = SelectObject(hMemDC, hOldBitmap);
+
+  /* Clean up */
+  DeleteObject(hBitmap);
+  DeleteDC(hMemDC);
+  DeleteDC(hScrDC);
+#endif /* !OPENSSL_SYS_WINCE */
+}
+
+#endif
diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c
index 4b38b2bf64..41574768ab 100644
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@@ -56,23 +56,41 @@
  * [including the GNU Public Licence.]
  */
 
+#include <errno.h>
 #include <stdio.h>
-#include "cryptlib.h"
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include "rand.h"
+#include <stdlib.h>
+#include <string.h>
+
+#include "e_os.h"
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+
+#ifdef OPENSSL_SYS_VMS
+#include <unixio.h>
+#endif
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef MAC_OS_pre_X
+# include <stat.h>
+#else
+# include <sys/stat.h>
+#endif
 
 #undef BUFSIZE
 #define BUFSIZE	1024
 #define RAND_DATA 1024
 
-/* #define RFILE ".rand" - defined in ../../e_os.h */
+/* #define RFILE ".rnd" - defined in ../../e_os.h */
+
+/* Note that these functions are intended for seed files only.
+ * Entropy devices and EGD sockets are handled in rand_unix.c */
 
-int RAND_load_file(file,bytes)
-char *file;
-long bytes;
+int RAND_load_file(const char *file, long bytes)
 	{
+	/* If bytes >= 0, read up to 'bytes' bytes.
+	 * if bytes == -1, read complete file. */
+
 	MS_STATIC unsigned char buf[BUFSIZE];
 	struct stat sb;
 	int i,ret=0,n;
@@ -82,47 +100,65 @@ long bytes;
 
 	i=stat(file,&sb);
 	/* If the state fails, put some crap in anyway */
-	RAND_seed((unsigned char *)&sb,sizeof(sb));
-	ret+=sizeof(sb);
+	RAND_add(&sb,sizeof(sb),0);
 	if (i < 0) return(0);
-	if (bytes <= 0) return(ret);
+	if (bytes == 0) return(ret);
 
-	in=fopen(file,"br");
+	in=fopen(file,"rb");
 	if (in == NULL) goto err;
 	for (;;)
 		{
-		n=(bytes < BUFSIZE)?(int)bytes:BUFSIZE;
+		if (bytes > 0)
+			n = (bytes < BUFSIZE)?(int)bytes:BUFSIZE;
+		else
+			n = BUFSIZE;
 		i=fread(buf,1,n,in);
 		if (i <= 0) break;
 		/* even if n != i, use the full array */
-		RAND_seed(buf,n);
+		RAND_add(buf,n,i);
 		ret+=i;
-		bytes-=n;
-		if (bytes <= 0) break;
+		if (bytes > 0)
+			{
+			bytes-=n;
+			if (bytes <= 0) break;
+			}
 		}
 	fclose(in);
-	memset(buf,0,BUFSIZE);
+	OPENSSL_cleanse(buf,BUFSIZE);
 err:
 	return(ret);
 	}
 
-int RAND_write_file(file)
-char *file;
+int RAND_write_file(const char *file)
 	{
 	unsigned char buf[BUFSIZE];
-	int i,ret=0;
-	FILE *out;
+	int i,ret=0,rand_err=0;
+	FILE *out = NULL;
 	int n;
-
-	out=fopen(file,"w");
+	
+#if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32)
+	/* For some reason Win32 can't write to files created this way */
+	
+	/* chmod(..., 0600) is too late to protect the file,
+	 * permissions should be restrictive from the start */
+	int fd = open(file, O_CREAT, 0600);
+	if (fd != -1)
+		out = fdopen(fd, "wb");
+#endif
+	if (out == NULL)
+		out = fopen(file,"wb");
 	if (out == NULL) goto err;
+
+#ifndef NO_CHMOD
 	chmod(file,0600);
+#endif
 	n=RAND_DATA;
 	for (;;)
 		{
 		i=(n > BUFSIZE)?BUFSIZE:n;
 		n-=BUFSIZE;
-		RAND_bytes(buf,i);
+		if (RAND_bytes(buf,i) <= 0)
+			rand_err=1;
 		i=fwrite(buf,1,i,out);
 		if (i <= 0)
 			{
@@ -131,37 +167,68 @@ char *file;
 			}
 		ret+=i;
 		if (n <= 0) break;
+                }
+#ifdef OPENSSL_SYS_VMS
+	/* Try to delete older versions of the file, until there aren't
+	   any */
+	{
+	char *tmpf;
+
+	tmpf = OPENSSL_malloc(strlen(file) + 4);  /* to add ";-1" and a nul */
+	if (tmpf)
+		{
+		strcpy(tmpf, file);
+		strcat(tmpf, ";-1");
+		while(delete(tmpf) == 0)
+			;
+		rename(file,";1"); /* Make sure it's version 1, or we
+				      will reach the limit (32767) at
+				      some point... */
 		}
+	}
+#endif /* OPENSSL_SYS_VMS */
+
 	fclose(out);
-	memset(buf,0,BUFSIZE);
+	OPENSSL_cleanse(buf,BUFSIZE);
 err:
-	return(ret);
+	return (rand_err ? -1 : ret);
 	}
 
-char *RAND_file_name(buf,size)
-char *buf;
-int size;
+const char *RAND_file_name(char *buf, size_t size)
 	{
-	char *s;
+	char *s=NULL;
 	char *ret=NULL;
 
-	s=getenv("RANDFILE");
+	if (OPENSSL_issetugid() == 0)
+		s=getenv("RANDFILE");
 	if (s != NULL)
 		{
-		strncpy(buf,s,size-1);
-		buf[size-1]='\0';
+		if(strlen(s) >= size)
+			return NULL;
+		strcpy(buf,s);
 		ret=buf;
 		}
 	else
 		{
-		s=getenv("HOME");
-		if (s == NULL) return(RFILE);
-		if (((int)(strlen(s)+strlen(RFILE)+2)) > size)
-			return(RFILE);
-		strcpy(buf,s);
-		strcat(buf,"/");
-		strcat(buf,RFILE);
-		ret=buf;
+		if (OPENSSL_issetugid() == 0)
+			s=getenv("HOME");
+#ifdef DEFAULT_HOME
+		if (s == NULL)
+			{
+			s = DEFAULT_HOME;
+			}
+#endif
+		if (s != NULL && (strlen(s)+strlen(RFILE)+2 < size))
+			{
+			strcpy(buf,s);
+#ifndef OPENSSL_SYS_VMS
+			strcat(buf,"/");
+#endif
+			strcat(buf,RFILE);
+			ret=buf;
+			}
+		else
+		  	buf[0] = '\0'; /* no file name */
 		}
 	return(ret);
 	}
diff --git a/crypto/rand/randtest.c b/crypto/rand/randtest.c
index e0ba61e123..701932e6ee 100644
--- a/crypto/rand/randtest.c
+++ b/crypto/rand/randtest.c
@@ -58,7 +58,9 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "rand.h"
+#include <openssl/rand.h>
+
+#include "../e_os.h"
 
 /* some FIPS 140-1 random number test */
 /* some simple tests */
@@ -73,7 +75,13 @@ int main()
 	/*double d; */
 	long d;
 
-	RAND_bytes(buf,2500);
+	i = RAND_pseudo_bytes(buf,2500);
+	if (i < 0)
+		{
+		printf ("init failed, the rand method is not properly installed\n");
+		err++;
+		goto err;
+		}
 
 	n1=0;
 	for (i=0; i<16; i++) n2[i]=0;
@@ -117,7 +125,7 @@ int main()
 	/* test 1 */
 	if (!((9654 < n1) && (n1 < 10346)))
 		{
-		printf("test 1 failed, X=%ld\n",n1);
+		printf("test 1 failed, X=%lu\n",n1);
 		err++;
 		}
 	printf("test 1 done\n");
@@ -150,37 +158,37 @@ int main()
 		{
 		if (!((2267 < runs[i][0]) && (runs[i][0] < 2733)))
 			{
-			printf("test 3 failed, bit=%d run=%d num=%ld\n",
+			printf("test 3 failed, bit=%d run=%d num=%lu\n",
 				i,1,runs[i][0]);
 			err++;
 			}
 		if (!((1079 < runs[i][1]) && (runs[i][1] < 1421)))
 			{
-			printf("test 3 failed, bit=%d run=%d num=%ld\n",
+			printf("test 3 failed, bit=%d run=%d num=%lu\n",
 				i,2,runs[i][1]);
 			err++;
 			}
 		if (!(( 502 < runs[i][2]) && (runs[i][2] <  748)))
 			{
-			printf("test 3 failed, bit=%d run=%d num=%ld\n",
+			printf("test 3 failed, bit=%d run=%d num=%lu\n",
 				i,3,runs[i][2]);
 			err++;
 			}
 		if (!(( 223 < runs[i][3]) && (runs[i][3] <  402)))
 			{
-			printf("test 3 failed, bit=%d run=%d num=%ld\n",
+			printf("test 3 failed, bit=%d run=%d num=%lu\n",
 				i,4,runs[i][3]);
 			err++;
 			}
 		if (!((  90 < runs[i][4]) && (runs[i][4] <  223)))
 			{
-			printf("test 3 failed, bit=%d run=%d num=%ld\n",
+			printf("test 3 failed, bit=%d run=%d num=%lu\n",
 				i,5,runs[i][4]);
 			err++;
 			}
 		if (!((  90 < runs[i][5]) && (runs[i][5] <  223)))
 			{
-			printf("test 3 failed, bit=%d run=%d num=%ld\n",
+			printf("test 3 failed, bit=%d run=%d num=%lu\n",
 				i,6,runs[i][5]);
 			err++;
 			}
@@ -190,18 +198,19 @@ int main()
 	/* test 4 */
 	if (runs[0][33] != 0)
 		{
-		printf("test 4 failed, bit=%d run=%d num=%ld\n",
+		printf("test 4 failed, bit=%d run=%d num=%lu\n",
 			0,34,runs[0][33]);
 		err++;
 		}
 	if (runs[1][33] != 0)
 		{
-		printf("test 4 failed, bit=%d run=%d num=%ld\n",
+		printf("test 4 failed, bit=%d run=%d num=%lu\n",
 			1,34,runs[1][33]);
 		err++;
 		}
 	printf("test 4 done\n");
+ err:
 	err=((err)?1:0);
-	exit(err);
+	EXIT(err);
 	return(err);
 	}
diff --git a/crypto/ranlib.sh b/crypto/ranlib.sh
deleted file mode 100644
index 543f712c6b..0000000000
--- a/crypto/ranlib.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-
-cwd=`pwd`
-cd /tmp
-
-if [ -s /bin/ranlib ] ; then 
-	RL=/bin/ranlib
-else if [ -s /usr/bin/ranlib ] ; then
-	RL=/usr/bin/ranlib
-fi
-fi
-
-if [ "x$RL" != "x" ]
-then
-	case "$1" in
-		/*)  
-		$RL "$1"
-		;;
-		*)
-		$RL "$cwd/$1"
-		;;
-	esac
-fi
diff --git a/crypto/rc2/.cvsignore b/crypto/rc2/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/rc2/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/rc2/Makefile.ssl b/crypto/rc2/Makefile.ssl
index c5138f13e2..aa73dea5b6 100644
--- a/crypto/rc2/Makefile.ssl
+++ b/crypto/rc2/Makefile.ssl
@@ -7,9 +7,12 @@ TOP=	../..
 CC=	cc
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -37,24 +40,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -66,15 +68,24 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2_cbc.o: rc2_cbc.c rc2_locl.h
+rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rc2_ecb.o: ../../include/openssl/rc2.h rc2_ecb.c rc2_locl.h
+rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2_skey.o: rc2_locl.h rc2_skey.c
+rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2cfb64.o: rc2_locl.h rc2cfb64.c
+rc2ofb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2ofb64.o: rc2_locl.h rc2ofb64.c
diff --git a/crypto/rc2/Makefile.uni b/crypto/rc2/Makefile.uni
deleted file mode 100644
index e50b3f2d19..0000000000
--- a/crypto/rc2/Makefile.uni
+++ /dev/null
@@ -1,72 +0,0 @@
-# Targets
-# make          - twidle the options yourself :-)
-# make cc       - standard cc options
-# make gcc      - standard gcc options
-
-DIR=    rc2
-TOP=    .
-CC=     gcc
-CFLAG=	-O3 -fomit-frame-pointer
-
-CPP=    $(CC) -E
-INCLUDES=
-INSTALLTOP=/usr/local/lib
-MAKE=           make
-MAKEDEPEND=     makedepend
-MAKEFILE=       Makefile.uni
-AR=             ar r
-
-IDEA_ENC=rc2_cbc.o
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=rc2test
-APPS=rc2speed
-
-LIB=librc2.a
-LIBSRC=rc2_skey.c rc2_ecb.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
-LIBOBJ=rc2_skey.o rc2_ecb.o $(IDEA_ENC) rc2cfb64.o rc2ofb64.o
-
-SRC= $(LIBSRC)
-
-EXHEADER= rc2.h
-HEADER= rc2_locl.h $(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-all:    $(LIB) $(TEST) $(APPS)
-
-$(LIB):    $(LIBOBJ)
-	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/ranlib.sh $(LIB)
-
-test:	$(TEST)
-	./$(TEST)
-
-$(TEST): $(TEST).c $(LIB)
-	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
-
-$(APPS): $(APPS).c $(LIB)
-	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
-
-dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-cc:
-	$(MAKE) CC="cc" CFLAG="-O" all
-
-gcc:
-	$(MAKE) CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/rc2/rc2.h b/crypto/rc2/rc2.h
index 9232bbd564..7816b454dc 100644
--- a/crypto/rc2/rc2.h
+++ b/crypto/rc2/rc2.h
@@ -1,4 +1,4 @@
-/* crypto/rc2/rc2.org */
+/* crypto/rc2/rc2.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,60 +56,43 @@
  * [including the GNU Public Licence.]
  */
 
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
- *
- * Always modify rc2.org since rc2.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
 #ifndef HEADER_RC2_H
 #define HEADER_RC2_H
 
-#ifdef  __cplusplus
-extern "C" {
+#ifdef OPENSSL_NO_RC2
+#error RC2 is disabled.
 #endif
 
 #define RC2_ENCRYPT	1
 #define RC2_DECRYPT	0
 
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-
+#include <openssl/opensslconf.h> /* RC2_INT */
 #define RC2_BLOCK	8
 #define RC2_KEY_LENGTH	16
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 typedef struct rc2_key_st
 	{
 	RC2_INT data[64];
 	} RC2_KEY;
 
-#ifndef NOPROTO
  
-void RC2_set_key(RC2_KEY *key, int len, unsigned char *data,int bits);
-void RC2_ecb_encrypt(unsigned char *in,unsigned char *out,RC2_KEY *key,
-	int enc);
+void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
+void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
+		     int enc);
 void RC2_encrypt(unsigned long *data,RC2_KEY *key);
 void RC2_decrypt(unsigned long *data,RC2_KEY *key);
-void RC2_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
+void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
 	RC2_KEY *ks, unsigned char *iv, int enc);
-void RC2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	RC2_KEY *schedule, unsigned char *ivec, int *num, int enc);
-void RC2_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	RC2_KEY *schedule, unsigned char *ivec, int *num);
-
-#else
-
-void RC2_set_key();
-void RC2_ecb_encrypt();
-void RC2_encrypt();
-void RC2_decrypt();
-void RC2_cbc_encrypt();
-void RC2_cfb64_encrypt();
-void RC2_ofb64_encrypt();
-
-#endif
+void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+		       long length, RC2_KEY *schedule, unsigned char *ivec,
+		       int *num, int enc);
+void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+		       long length, RC2_KEY *schedule, unsigned char *ivec,
+		       int *num);
 
 #ifdef  __cplusplus
 }
diff --git a/crypto/rc2/rc2.org b/crypto/rc2/rc2.org
deleted file mode 100644
index 37354cfa62..0000000000
--- a/crypto/rc2/rc2.org
+++ /dev/null
@@ -1,118 +0,0 @@
-/* crypto/rc2/rc2.org */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
- *
- * Always modify rc2.org since rc2.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-#ifndef HEADER_RC2_H
-#define HEADER_RC2_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define RC2_ENCRYPT	1
-#define RC2_DECRYPT	0
-
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned short
-
-#define RC2_BLOCK	8
-#define RC2_KEY_LENGTH	16
-
-typedef struct rc2_key_st
-	{
-	RC2_INT data[64];
-	} RC2_KEY;
-
-#ifndef NOPROTO
- 
-void RC2_set_key(RC2_KEY *key, int len, unsigned char *data,int bits);
-void RC2_ecb_encrypt(unsigned char *in,unsigned char *out,RC2_KEY *key,
-	int enc);
-void RC2_encrypt(unsigned long *data,RC2_KEY *key);
-void RC2_decrypt(unsigned long *data,RC2_KEY *key);
-void RC2_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
-	RC2_KEY *ks, unsigned char *iv, int enc);
-void RC2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	RC2_KEY *schedule, unsigned char *ivec, int *num, int enc);
-void RC2_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	RC2_KEY *schedule, unsigned char *ivec, int *num);
-
-#else
-
-void RC2_set_key();
-void RC2_ecb_encrypt();
-void RC2_encrypt();
-void RC2_decrypt();
-void RC2_cbc_encrypt();
-void RC2_cfb64_encrypt();
-void RC2_ofb64_encrypt();
-
-#endif
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/rc2/rc2_cbc.c b/crypto/rc2/rc2_cbc.c
index 22e89f0441..74f48d3d87 100644
--- a/crypto/rc2/rc2_cbc.c
+++ b/crypto/rc2/rc2_cbc.c
@@ -56,16 +56,11 @@
  * [including the GNU Public Licence.]
  */
 
-#include "rc2.h"
+#include <openssl/rc2.h>
 #include "rc2_locl.h"
 
-void RC2_cbc_encrypt(in, out, length, ks, iv, encrypt)
-unsigned char *in;
-unsigned char *out;
-long length;
-RC2_KEY *ks;
-unsigned char *iv;
-int encrypt;
+void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+	     RC2_KEY *ks, unsigned char *iv, int encrypt)
 	{
 	register unsigned long tin0,tin1;
 	register unsigned long tout0,tout1,xor0,xor1;
@@ -138,9 +133,7 @@ int encrypt;
 	tin[0]=tin[1]=0;
 	}
 
-void RC2_encrypt(d,key)
-unsigned long *d;
-RC2_KEY *key;
+void RC2_encrypt(unsigned long *d, RC2_KEY *key)
 	{
 	int i,n;
 	register RC2_INT *p0,*p1;
@@ -185,9 +178,7 @@ RC2_KEY *key;
 	d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
 	}
 
-void RC2_decrypt(d,key)
-unsigned long *d;
-RC2_KEY *key;
+void RC2_decrypt(unsigned long *d, RC2_KEY *key)
 	{
 	int i,n;
 	register RC2_INT *p0,*p1;
diff --git a/crypto/rc2/rc2_ecb.c b/crypto/rc2/rc2_ecb.c
index 502298258d..d3e8c2718a 100644
--- a/crypto/rc2/rc2_ecb.c
+++ b/crypto/rc2/rc2_ecb.c
@@ -56,10 +56,11 @@
  * [including the GNU Public Licence.]
  */
 
-#include "rc2.h"
+#include <openssl/rc2.h>
 #include "rc2_locl.h"
+#include <openssl/opensslv.h>
 
-char *RC2_version="RC2 part of SSLeay 0.9.1a 06-Jul-1998";
+const char *RC2_version="RC2" OPENSSL_VERSION_PTEXT;
 
 /* RC2 as implemented frm a posting from
  * Newsgroups: sci.crypt
@@ -69,11 +70,8 @@ char *RC2_version="RC2 part of SSLeay 0.9.1a 06-Jul-1998";
  * Date: 11 Feb 1996 06:45:03 GMT
  */
 
-void RC2_ecb_encrypt(in, out, ks, encrypt)
-unsigned char *in;
-unsigned char *out;
-RC2_KEY *ks;
-int encrypt;
+void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *ks,
+		     int encrypt)
 	{
 	unsigned long l,d[2];
 
diff --git a/crypto/rc2/rc2_skey.c b/crypto/rc2/rc2_skey.c
index 0f1f253395..cab3080c73 100644
--- a/crypto/rc2/rc2_skey.c
+++ b/crypto/rc2/rc2_skey.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#include "rc2.h"
+#include <openssl/rc2.h>
 #include "rc2_locl.h"
 
 static unsigned char key_table[256]={
@@ -90,11 +90,7 @@ static unsigned char key_table[256]={
  * BSAFE uses the 'retarded' version.  What I previously shipped is
  * the same as specifying 1024 for the 'bits' parameter.  Bsafe uses
  * a version where the bits parameter is the same as len*8 */
-void RC2_set_key(key,len,data,bits)
-RC2_KEY *key;
-int len;
-unsigned char *data;
-int bits;
+void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
 	{
 	int i,j;
 	unsigned char *k;
diff --git a/crypto/rc2/rc2cfb64.c b/crypto/rc2/rc2cfb64.c
index d409fb77e9..b3a0158a6e 100644
--- a/crypto/rc2/rc2cfb64.c
+++ b/crypto/rc2/rc2cfb64.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#include "rc2.h"
+#include <openssl/rc2.h>
 #include "rc2_locl.h"
 
 /* The input and output encrypted as though 64bit cfb mode is being
@@ -64,14 +64,9 @@
  * 64bit block we have used is contained in *num;
  */
 
-void RC2_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt)
-unsigned char *in;
-unsigned char *out;
-long length;
-RC2_KEY *schedule;
-unsigned char *ivec;
-int *num;
-int encrypt;
+void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+		       long length, RC2_KEY *schedule, unsigned char *ivec,
+		       int *num, int encrypt)
 	{
 	register unsigned long v0,v1,t;
 	register int n= *num;
diff --git a/crypto/rc2/rc2ofb64.c b/crypto/rc2/rc2ofb64.c
index 4f09167447..9e297867ed 100644
--- a/crypto/rc2/rc2ofb64.c
+++ b/crypto/rc2/rc2ofb64.c
@@ -56,20 +56,16 @@
  * [including the GNU Public Licence.]
  */
 
-#include "rc2.h"
+#include <openssl/rc2.h>
 #include "rc2_locl.h"
 
 /* The input and output encrypted as though 64bit ofb mode is being
  * used.  The extra state information to record how much of the
  * 64bit block we have used is contained in *num;
  */
-void RC2_ofb64_encrypt(in, out, length, schedule, ivec, num)
-unsigned char *in;
-unsigned char *out;
-long length;
-RC2_KEY *schedule;
-unsigned char *ivec;
-int *num;
+void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+		       long length, RC2_KEY *schedule, unsigned char *ivec,
+		       int *num)
 	{
 	register unsigned long v0,v1,t;
 	register int n= *num;
diff --git a/crypto/rc2/rc2speed.c b/crypto/rc2/rc2speed.c
index d02f9d812c..47d34b444e 100644
--- a/crypto/rc2/rc2speed.c
+++ b/crypto/rc2/rc2speed.c
@@ -59,19 +59,17 @@
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
 
-#ifndef MSDOS
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
 #define TIMES
 #endif
 
 #include <stdio.h>
-#ifndef MSDOS
-#include <unistd.h>
-#else
-#include <io.h>
-extern int exit();
-#endif
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
 #include <signal.h>
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -79,15 +77,15 @@ extern int exit();
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
@@ -98,30 +96,21 @@ struct tms {
 #include <sys/param.h>
 #endif
 
-#include "rc2.h"
+#include <openssl/rc2.h>
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
 #ifndef CLK_TCK
-#ifndef VMS
-#define HZ	100.0
-#else /* VMS */
 #define HZ	100.0
 #endif
 #else /* CLK_TCK */
 #define HZ ((double)CLK_TCK)
 #endif
-#endif
 
 #define BUFSIZE	((long)1024)
 long run=0;
 
-#ifndef NOPROTO
 double Time_F(int s);
-#else
-double Time_F();
-#endif
-
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
 #define SIGRETTYPE void
@@ -129,14 +118,8 @@ double Time_F();
 #define SIGRETTYPE int
 #endif
 
-#ifndef NOPROTO
 SIGRETTYPE sig_done(int sig);
-#else
-SIGRETTYPE sig_done();
-#endif
-
-SIGRETTYPE sig_done(sig)
-int sig;
+SIGRETTYPE sig_done(int sig)
 	{
 	signal(SIGALRM,sig_done);
 	run=0;
@@ -149,8 +132,7 @@ int sig;
 #define START	0
 #define STOP	1
 
-double Time_F(s)
-int s;
+double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -186,9 +168,7 @@ int s;
 #endif
 	}
 
-int main(argc,argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	long count;
 	static unsigned char buf[BUFSIZE];
@@ -203,7 +183,7 @@ char **argv;
 #endif
 
 #ifndef TIMES
-	printf("To get the most acurate results, try to run this\n");
+	printf("To get the most accurate results, try to run this\n");
 	printf("program when this computer is idle.\n");
 #endif
 
@@ -288,7 +268,7 @@ char **argv;
 	printf("RC2 raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
 	printf("RC2 cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
 	exit(0);
-#if defined(LINT) || defined(MSDOS)
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
 	return(0);
 #endif
 	}
diff --git a/crypto/rc2/rc2test.c b/crypto/rc2/rc2test.c
index 9d0f8016ec..b67bafb49f 100644
--- a/crypto/rc2/rc2test.c
+++ b/crypto/rc2/rc2test.c
@@ -62,9 +62,19 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "rc2.h"
 
-unsigned char RC2key[4][16]={
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_RC2
+int main(int argc, char *argv[])
+{
+    printf("No RC2 support\n");
+    return(0);
+}
+#else
+#include <openssl/rc2.h>
+
+static unsigned char RC2key[4][16]={
 	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
 	 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
 	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
@@ -75,14 +85,14 @@ unsigned char RC2key[4][16]={
 	 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F},
 	};
 
-unsigned char RC2plain[4][8]={
+static unsigned char RC2plain[4][8]={
 	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
 	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
 	{0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF},
 	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
 	};
 
-unsigned char RC2cipher[4][8]={
+static unsigned char RC2cipher[4][8]={
 	{0x1C,0x19,0x8A,0x83,0x8D,0xF0,0x28,0xB7},
 	{0x21,0x82,0x9C,0x78,0xA9,0xF9,0xC0,0x74},
 	{0x13,0xDB,0x35,0x17,0xD3,0x21,0x86,0x9E},
@@ -125,19 +135,11 @@ static unsigned char cfb_cipher64[CFB_TEST_SIZE]={
 	}; 
 
 
-#ifndef NOPROTO
 /*static int cfb64_test(unsigned char *cfb_cipher);*/
 static char *pt(unsigned char *p);
-#else
-/*static int cfb64_test(); */
-static char *pt();
 #endif
 
-#endif
-
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int i,n,err=0;
 	RC2_KEY key; 
@@ -203,13 +205,12 @@ char *argv[];
 		printf("ok\n");
 #endif
 
-	exit(err);
+	EXIT(err);
 	return(err);
 	}
 
 #ifdef undef
-static int cfb64_test(cfb_cipher)
-unsigned char *cfb_cipher;
+static int cfb64_test(unsigned char *cfb_cipher)
         {
         IDEA_KEY_SCHEDULE eks,dks;
         int err=0,i,n;
@@ -247,8 +248,7 @@ unsigned char *cfb_cipher;
         return(err);
         }
 
-static char *pt(p)
-unsigned char *p;
+static char *pt(unsigned char *p)
 	{
 	static char bufs[10][20];
 	static int bnum=0;
@@ -268,3 +268,4 @@ unsigned char *p;
 	}
 	
 #endif
+#endif
diff --git a/crypto/rc4/.cvsignore b/crypto/rc4/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/rc4/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/rc4/Makefile.ssl b/crypto/rc4/Makefile.ssl
index f5f38a4acb..a1eb79fd08 100644
--- a/crypto/rc4/Makefile.ssl
+++ b/crypto/rc4/Makefile.ssl
@@ -5,11 +5,15 @@
 DIR=	rc4
 TOP=	../..
 CC=	cc
+CPP=    $(CC) -E
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -44,12 +48,12 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 # elf
 asm/rx86-elf.o: asm/rx86unix.cpp
-	$(CPP) -DELF asm/rx86unix.cpp | as -o asm/rx86-elf.o
+	$(CPP) -DELF -x c asm/rx86unix.cpp | as -o asm/rx86-elf.o
 
 # solaris
 asm/rx86-sol.o: asm/rx86unix.cpp
@@ -65,24 +69,23 @@ asm/rx86-out.o: asm/rx86unix.cpp
 asm/rx86bsdi.o: asm/rx86unix.cpp
 	$(CPP) -DBSDI asm/rx86unix.cpp | sed 's/ :/:/' | as -o asm/rx86bsdi.o
 
-asm/rx86unix.cpp:
-	(cd asm; perl rc4-586.pl cpp >rx86unix.cpp)
+asm/rx86unix.cpp: asm/rc4-586.pl ../perlasm/x86asm.pl
+	(cd asm; $(PERL) rc4-586.pl cpp >rx86unix.cpp)
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -94,15 +97,19 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
-
-errors:
+	rm -f asm/rx86unix.cpp *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rc4_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc4.h
+rc4_enc.o: rc4_enc.c rc4_locl.h
+rc4_skey.o: ../../include/openssl/opensslconf.h
+rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/rc4.h
+rc4_skey.o: rc4_locl.h rc4_skey.c
diff --git a/crypto/rc4/Makefile.uni b/crypto/rc4/Makefile.uni
deleted file mode 100644
index 79dc17b8d1..0000000000
--- a/crypto/rc4/Makefile.uni
+++ /dev/null
@@ -1,102 +0,0 @@
-# Targets
-# make          - twidle the options yourself :-)
-# make cc       - standard cc options
-# make gcc      - standard gcc options
-# make x86-elf  - linux-elf etc
-# make x86-out  - linux-a.out, FreeBSD etc
-# make x86-solaris
-# make x86-bdsi
-
-DIR=    rc4
-TOP=    .
-CC=     gcc
-CFLAG=	-O3 -fomit-frame-pointer
-
-CPP=    $(CC) -E
-INCLUDES=
-INSTALLTOP=/usr/local/lib
-MAKE=           make
-MAKEDEPEND=     makedepend
-MAKEFILE=       Makefile.uni
-AR=             ar r
-
-RC4_ENC=rc4_enc.o
-# or use
-#RC4_ENC=asm/rx86-elf.o
-#RC4_ENC=asm/rx86-out.o
-#RC4_ENC=asm/rx86-sol.o
-#RC4_ENC=asm/rx86bdsi.o
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=rc4test
-APPS=rc4speed
-
-LIB=librc4.a
-LIBSRC=rc4_skey.c rc4_enc.c
-LIBOBJ=rc4_skey.o $(RC4_ENC)
-
-SRC= $(LIBSRC)
-
-EXHEADER= rc4.h
-HEADER= $(EXHEADER) rc4_locl.h
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-all:    $(LIB) $(TEST) $(APPS)
-
-$(LIB):    $(LIBOBJ)
-	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/ranlib.sh $(LIB)
-
-# elf
-asm/rx86-elf.o: asm/rx86unix.cpp
-	$(CPP) -DELF asm/rx86unix.cpp | as -o asm/rx86-elf.o
-
-# solaris
-asm/rx86-sol.o: asm/rx86unix.cpp
-	$(CC) -E -DSOL asm/rx86unix.cpp | sed 's/^#.*//' > asm/rx86-sol.s
-	as -o asm/rx86-sol.o asm/rx86-sol.s
-	rm -f asm/rx86-sol.s
-
-# a.out
-asm/rx86-out.o: asm/rx86unix.cpp
-	$(CPP) -DOUT asm/rx86unix.cpp | as -o asm/rx86-out.o
-
-# bsdi
-asm/rx86bsdi.o: asm/rx86unix.cpp
-	$(CPP) -DBSDI asm/rx86unix.cpp | as -o asm/rx86bsdi.o
-
-asm/rx86unix.cpp:
-	(cd asm; perl rc4-586.pl cpp >rx86unix.cpp)
-
-test:	$(TEST)
-	./$(TEST)
-
-$(TEST): $(TEST).c $(LIB)
-	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
-
-$(APPS): $(APPS).c $(LIB)
-	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
-
-dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-cc:
-	$(MAKE) CC="cc" CFLAG="-O" all
-
-gcc:
-	$(MAKE) CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/rc4/asm/.cvsignore b/crypto/rc4/asm/.cvsignore
new file mode 100644
index 0000000000..0ec20dc6ff
--- /dev/null
+++ b/crypto/rc4/asm/.cvsignore
@@ -0,0 +1 @@
+rx86unix.cpp
diff --git a/crypto/rc4/asm/r4-win32.asm b/crypto/rc4/asm/r4-win32.asm
deleted file mode 100644
index 70b0f7484c..0000000000
--- a/crypto/rc4/asm/r4-win32.asm
+++ /dev/null
@@ -1,314 +0,0 @@
-	; Don't even think of reading this code
-	; It was automatically generated by rc4-586.pl
-	; Which is a perl program used to generate the x86 assember for
-	; any of elf, a.out, BSDI,Win32, or Solaris
-	; eric <eay@cryptsoft.com>
-	; 
-	TITLE	rc4-586.asm
-        .386
-.model FLAT
-_TEXT	SEGMENT
-PUBLIC	_RC4
-
-_RC4 PROC NEAR
-	; 
-	push	ebp
-	push	ebx
-	mov	ebp,		DWORD PTR 12[esp]
-	mov	ebx,		DWORD PTR 16[esp]
-	push	esi
-	push	edi
-	mov	ecx,		DWORD PTR [ebp]
-	mov	edx,		DWORD PTR 4[ebp]
-	mov	esi,		DWORD PTR 28[esp]
-	inc	ecx
-	sub	esp,		12
-	add	ebp,		8
-	and	ecx,		255
-	lea	ebx,		DWORD PTR [esi+ebx-8]
-	mov	edi,		DWORD PTR 44[esp]
-	mov	DWORD PTR 8[esp],ebx
-	mov	eax,		DWORD PTR [ecx*4+ebp]
-	cmp	ebx,		esi
-	jl	$L000end
-L001start:
-	add	esi,		8
-	; Round 0
-	add	edx,		eax
-	and	edx,		255
-	inc	ecx
-	mov	ebx,		DWORD PTR [edx*4+ebp]
-	mov	DWORD PTR [ecx*4+ebp-4],ebx
-	add	ebx,		eax
-	and	ecx,		255
-	and	ebx,		255
-	mov	DWORD PTR [edx*4+ebp],eax
-	nop
-	mov	ebx,		DWORD PTR [ebx*4+ebp]
-	mov	eax,		DWORD PTR [ecx*4+ebp]
-	mov	BYTE PTR [esp],	bl
-	; Round 1
-	add	edx,		eax
-	and	edx,		255
-	inc	ecx
-	mov	ebx,		DWORD PTR [edx*4+ebp]
-	mov	DWORD PTR [ecx*4+ebp-4],ebx
-	add	ebx,		eax
-	and	ecx,		255
-	and	ebx,		255
-	mov	DWORD PTR [edx*4+ebp],eax
-	nop
-	mov	ebx,		DWORD PTR [ebx*4+ebp]
-	mov	eax,		DWORD PTR [ecx*4+ebp]
-	mov	BYTE PTR 1[esp],bl
-	; Round 2
-	add	edx,		eax
-	and	edx,		255
-	inc	ecx
-	mov	ebx,		DWORD PTR [edx*4+ebp]
-	mov	DWORD PTR [ecx*4+ebp-4],ebx
-	add	ebx,		eax
-	and	ecx,		255
-	and	ebx,		255
-	mov	DWORD PTR [edx*4+ebp],eax
-	nop
-	mov	ebx,		DWORD PTR [ebx*4+ebp]
-	mov	eax,		DWORD PTR [ecx*4+ebp]
-	mov	BYTE PTR 2[esp],bl
-	; Round 3
-	add	edx,		eax
-	and	edx,		255
-	inc	ecx
-	mov	ebx,		DWORD PTR [edx*4+ebp]
-	mov	DWORD PTR [ecx*4+ebp-4],ebx
-	add	ebx,		eax
-	and	ecx,		255
-	and	ebx,		255
-	mov	DWORD PTR [edx*4+ebp],eax
-	nop
-	mov	ebx,		DWORD PTR [ebx*4+ebp]
-	mov	eax,		DWORD PTR [ecx*4+ebp]
-	mov	BYTE PTR 3[esp],bl
-	; Round 4
-	add	edx,		eax
-	and	edx,		255
-	inc	ecx
-	mov	ebx,		DWORD PTR [edx*4+ebp]
-	mov	DWORD PTR [ecx*4+ebp-4],ebx
-	add	ebx,		eax
-	and	ecx,		255
-	and	ebx,		255
-	mov	DWORD PTR [edx*4+ebp],eax
-	nop
-	mov	ebx,		DWORD PTR [ebx*4+ebp]
-	mov	eax,		DWORD PTR [ecx*4+ebp]
-	mov	BYTE PTR 4[esp],bl
-	; Round 5
-	add	edx,		eax
-	and	edx,		255
-	inc	ecx
-	mov	ebx,		DWORD PTR [edx*4+ebp]
-	mov	DWORD PTR [ecx*4+ebp-4],ebx
-	add	ebx,		eax
-	and	ecx,		255
-	and	ebx,		255
-	mov	DWORD PTR [edx*4+ebp],eax
-	nop
-	mov	ebx,		DWORD PTR [ebx*4+ebp]
-	mov	eax,		DWORD PTR [ecx*4+ebp]
-	mov	BYTE PTR 5[esp],bl
-	; Round 6
-	add	edx,		eax
-	and	edx,		255
-	inc	ecx
-	mov	ebx,		DWORD PTR [edx*4+ebp]
-	mov	DWORD PTR [ecx*4+ebp-4],ebx
-	add	ebx,		eax
-	and	ecx,		255
-	and	ebx,		255
-	mov	DWORD PTR [edx*4+ebp],eax
-	nop
-	mov	ebx,		DWORD PTR [ebx*4+ebp]
-	mov	eax,		DWORD PTR [ecx*4+ebp]
-	mov	BYTE PTR 6[esp],bl
-	; Round 7
-	add	edx,		eax
-	and	edx,		255
-	inc	ecx
-	mov	ebx,		DWORD PTR [edx*4+ebp]
-	mov	DWORD PTR [ecx*4+ebp-4],ebx
-	add	ebx,		eax
-	and	ecx,		255
-	and	ebx,		255
-	mov	DWORD PTR [edx*4+ebp],eax
-	nop
-	mov	ebx,		DWORD PTR [ebx*4+ebp]
-	add	edi,		8
-	mov	BYTE PTR 7[esp],bl
-	; apply the cipher text
-	mov	eax,		DWORD PTR [esp]
-	mov	ebx,		DWORD PTR [esi-8]
-	xor	eax,		ebx
-	mov	ebx,		DWORD PTR [esi-4]
-	mov	DWORD PTR [edi-8],eax
-	mov	eax,		DWORD PTR 4[esp]
-	xor	eax,		ebx
-	mov	ebx,		DWORD PTR 8[esp]
-	mov	DWORD PTR [edi-4],eax
-	mov	eax,		DWORD PTR [ecx*4+ebp]
-	cmp	esi,		ebx
-	jle	L001start
-$L000end:
-	; Round 0
-	add	ebx,		8
-	inc	esi
-	cmp	ebx,		esi
-	jl	$L002finished
-	mov	DWORD PTR 8[esp],ebx
-	add	edx,		eax
-	and	edx,		255
-	inc	ecx
-	mov	ebx,		DWORD PTR [edx*4+ebp]
-	mov	DWORD PTR [ecx*4+ebp-4],ebx
-	add	ebx,		eax
-	and	ecx,		255
-	and	ebx,		255
-	mov	DWORD PTR [edx*4+ebp],eax
-	nop
-	mov	ebx,		DWORD PTR [ebx*4+ebp]
-	mov	eax,		DWORD PTR [ecx*4+ebp]
-	mov	bh,		BYTE PTR [esi-1]
-	xor	bl,		bh
-	mov	BYTE PTR [edi],	bl
-	; Round 1
-	mov	ebx,		DWORD PTR 8[esp]
-	cmp	ebx,		esi
-	jle	$L002finished
-	inc	esi
-	add	edx,		eax
-	and	edx,		255
-	inc	ecx
-	mov	ebx,		DWORD PTR [edx*4+ebp]
-	mov	DWORD PTR [ecx*4+ebp-4],ebx
-	add	ebx,		eax
-	and	ecx,		255
-	and	ebx,		255
-	mov	DWORD PTR [edx*4+ebp],eax
-	nop
-	mov	ebx,		DWORD PTR [ebx*4+ebp]
-	mov	eax,		DWORD PTR [ecx*4+ebp]
-	mov	bh,		BYTE PTR [esi-1]
-	xor	bl,		bh
-	mov	BYTE PTR 1[edi],bl
-	; Round 2
-	mov	ebx,		DWORD PTR 8[esp]
-	cmp	ebx,		esi
-	jle	$L002finished
-	inc	esi
-	add	edx,		eax
-	and	edx,		255
-	inc	ecx
-	mov	ebx,		DWORD PTR [edx*4+ebp]
-	mov	DWORD PTR [ecx*4+ebp-4],ebx
-	add	ebx,		eax
-	and	ecx,		255
-	and	ebx,		255
-	mov	DWORD PTR [edx*4+ebp],eax
-	nop
-	mov	ebx,		DWORD PTR [ebx*4+ebp]
-	mov	eax,		DWORD PTR [ecx*4+ebp]
-	mov	bh,		BYTE PTR [esi-1]
-	xor	bl,		bh
-	mov	BYTE PTR 2[edi],bl
-	; Round 3
-	mov	ebx,		DWORD PTR 8[esp]
-	cmp	ebx,		esi
-	jle	$L002finished
-	inc	esi
-	add	edx,		eax
-	and	edx,		255
-	inc	ecx
-	mov	ebx,		DWORD PTR [edx*4+ebp]
-	mov	DWORD PTR [ecx*4+ebp-4],ebx
-	add	ebx,		eax
-	and	ecx,		255
-	and	ebx,		255
-	mov	DWORD PTR [edx*4+ebp],eax
-	nop
-	mov	ebx,		DWORD PTR [ebx*4+ebp]
-	mov	eax,		DWORD PTR [ecx*4+ebp]
-	mov	bh,		BYTE PTR [esi-1]
-	xor	bl,		bh
-	mov	BYTE PTR 3[edi],bl
-	; Round 4
-	mov	ebx,		DWORD PTR 8[esp]
-	cmp	ebx,		esi
-	jle	$L002finished
-	inc	esi
-	add	edx,		eax
-	and	edx,		255
-	inc	ecx
-	mov	ebx,		DWORD PTR [edx*4+ebp]
-	mov	DWORD PTR [ecx*4+ebp-4],ebx
-	add	ebx,		eax
-	and	ecx,		255
-	and	ebx,		255
-	mov	DWORD PTR [edx*4+ebp],eax
-	nop
-	mov	ebx,		DWORD PTR [ebx*4+ebp]
-	mov	eax,		DWORD PTR [ecx*4+ebp]
-	mov	bh,		BYTE PTR [esi-1]
-	xor	bl,		bh
-	mov	BYTE PTR 4[edi],bl
-	; Round 5
-	mov	ebx,		DWORD PTR 8[esp]
-	cmp	ebx,		esi
-	jle	$L002finished
-	inc	esi
-	add	edx,		eax
-	and	edx,		255
-	inc	ecx
-	mov	ebx,		DWORD PTR [edx*4+ebp]
-	mov	DWORD PTR [ecx*4+ebp-4],ebx
-	add	ebx,		eax
-	and	ecx,		255
-	and	ebx,		255
-	mov	DWORD PTR [edx*4+ebp],eax
-	nop
-	mov	ebx,		DWORD PTR [ebx*4+ebp]
-	mov	eax,		DWORD PTR [ecx*4+ebp]
-	mov	bh,		BYTE PTR [esi-1]
-	xor	bl,		bh
-	mov	BYTE PTR 5[edi],bl
-	; Round 6
-	mov	ebx,		DWORD PTR 8[esp]
-	cmp	ebx,		esi
-	jle	$L002finished
-	inc	esi
-	add	edx,		eax
-	and	edx,		255
-	inc	ecx
-	mov	ebx,		DWORD PTR [edx*4+ebp]
-	mov	DWORD PTR [ecx*4+ebp-4],ebx
-	add	ebx,		eax
-	and	ecx,		255
-	and	ebx,		255
-	mov	DWORD PTR [edx*4+ebp],eax
-	nop
-	mov	ebx,		DWORD PTR [ebx*4+ebp]
-	mov	bh,		BYTE PTR [esi-1]
-	xor	bl,		bh
-	mov	BYTE PTR 6[edi],bl
-$L002finished:
-	dec	ecx
-	add	esp,		12
-	mov	DWORD PTR [ebp-4],edx
-	mov	BYTE PTR [ebp-8],cl
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-_RC4 ENDP
-_TEXT	ENDS
-END
diff --git a/crypto/rc4/asm/rx86unix.cpp b/crypto/rc4/asm/rx86unix.cpp
deleted file mode 100644
index ec1d72a110..0000000000
--- a/crypto/rc4/asm/rx86unix.cpp
+++ /dev/null
@@ -1,358 +0,0 @@
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-
-#if defined(OUT) || defined(BSDI)
-#define RC4 _RC4
-
-#endif
-
-#ifdef OUT
-#define OK	1
-#define ALIGN	4
-#endif
-
-#ifdef BSDI
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-/* Let the Assembler begin :-) */
-	/* Don't even think of reading this code */
-	/* It was automatically generated by rc4-586.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, BSDI,Win32, or Solaris */
-	/* eric <eay@cryptsoft.com> */
-
-	.file	"rc4-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl RC4
-	TYPE(RC4,@function)
-RC4:
-
-	pushl	%ebp
-	pushl	%ebx
-	movl	12(%esp),	%ebp
-	movl	16(%esp),	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	(%ebp),		%ecx
-	movl	4(%ebp),	%edx
-	movl	28(%esp),	%esi
-	incl	%ecx
-	subl	$12,		%esp
-	addl	$8,		%ebp
-	andl	$255,		%ecx
-	leal	-8(%ebx,%esi,),	%ebx
-	movl	44(%esp),	%edi
-	movl	%ebx,		8(%esp)
-	movl	(%ebp,%ecx,4),	%eax
-	cmpl	%esi,		%ebx
-	jl	.L000end
-.L001start:
-	addl	$8,		%esi
-	/* Round 0 */
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	%bl,		(%esp)
-	/* Round 1 */
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	%bl,		1(%esp)
-	/* Round 2 */
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	%bl,		2(%esp)
-	/* Round 3 */
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	%bl,		3(%esp)
-	/* Round 4 */
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	%bl,		4(%esp)
-	/* Round 5 */
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	%bl,		5(%esp)
-	/* Round 6 */
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	%bl,		6(%esp)
-	/* Round 7 */
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	addl	$8,		%edi
-	movb	%bl,		7(%esp)
-	/* apply the cipher text */
-	movl	(%esp),		%eax
-	movl	-8(%esi),	%ebx
-	xorl	%ebx,		%eax
-	movl	-4(%esi),	%ebx
-	movl	%eax,		-8(%edi)
-	movl	4(%esp),	%eax
-	xorl	%ebx,		%eax
-	movl	8(%esp),	%ebx
-	movl	%eax,		-4(%edi)
-	movl	(%ebp,%ecx,4),	%eax
-	cmpl	%ebx,		%esi
-	jle	.L001start
-.L000end:
-	/* Round 0 */
-	addl	$8,		%ebx
-	incl	%esi
-	cmpl	%esi,		%ebx
-	jl	.L002finished
-	movl	%ebx,		8(%esp)
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	-1(%esi),	%bh
-	xorb	%bh,		%bl
-	movb	%bl,		(%edi)
-	/* Round 1 */
-	movl	8(%esp),	%ebx
-	cmpl	%esi,		%ebx
-	jle	.L002finished
-	incl	%esi
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	-1(%esi),	%bh
-	xorb	%bh,		%bl
-	movb	%bl,		1(%edi)
-	/* Round 2 */
-	movl	8(%esp),	%ebx
-	cmpl	%esi,		%ebx
-	jle	.L002finished
-	incl	%esi
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	-1(%esi),	%bh
-	xorb	%bh,		%bl
-	movb	%bl,		2(%edi)
-	/* Round 3 */
-	movl	8(%esp),	%ebx
-	cmpl	%esi,		%ebx
-	jle	.L002finished
-	incl	%esi
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	-1(%esi),	%bh
-	xorb	%bh,		%bl
-	movb	%bl,		3(%edi)
-	/* Round 4 */
-	movl	8(%esp),	%ebx
-	cmpl	%esi,		%ebx
-	jle	.L002finished
-	incl	%esi
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	-1(%esi),	%bh
-	xorb	%bh,		%bl
-	movb	%bl,		4(%edi)
-	/* Round 5 */
-	movl	8(%esp),	%ebx
-	cmpl	%esi,		%ebx
-	jle	.L002finished
-	incl	%esi
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movl	(%ebp,%ecx,4),	%eax
-	movb	-1(%esi),	%bh
-	xorb	%bh,		%bl
-	movb	%bl,		5(%edi)
-	/* Round 6 */
-	movl	8(%esp),	%ebx
-	cmpl	%esi,		%ebx
-	jle	.L002finished
-	incl	%esi
-	addl	%eax,		%edx
-	andl	$255,		%edx
-	incl	%ecx
-	movl	(%ebp,%edx,4),	%ebx
-	movl	%ebx,		-4(%ebp,%ecx,4)
-	addl	%eax,		%ebx
-	andl	$255,		%ecx
-	andl	$255,		%ebx
-	movl	%eax,		(%ebp,%edx,4)
-	nop
-	movl	(%ebp,%ebx,4),	%ebx
-	movb	-1(%esi),	%bh
-	xorb	%bh,		%bl
-	movb	%bl,		6(%edi)
-.L002finished:
-	decl	%ecx
-	addl	$12,		%esp
-	movl	%edx,		-4(%ebp)
-	movb	%cl,		-8(%ebp)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.RC4_end:
-	SIZE(RC4,.RC4_end-RC4)
-.ident	"RC4"
diff --git a/crypto/rc4/rc4.c b/crypto/rc4/rc4.c
index 127e8a5093..b39c070292 100644
--- a/crypto/rc4/rc4.c
+++ b/crypto/rc4/rc4.c
@@ -59,7 +59,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "rc4.h"
+#include <openssl/rc4.h>
 
 char *usage[]={
 "usage: rc4 args\n",
@@ -70,9 +70,7 @@ char *usage[]={
 NULL
 };
 
-int main(argc, argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	FILE *in=NULL,*out=NULL;
 	char *infile=NULL,*outfile=NULL,*keystr=NULL;
@@ -115,7 +113,7 @@ char *argv[];
 		{
 bad:
 		for (pp=usage; (*pp != NULL); pp++)
-			fprintf(stderr,*pp);
+			fprintf(stderr,"%s",*pp);
 		exit(1);
 		}
 
@@ -143,7 +141,7 @@ bad:
 			}
 		}
 		
-#ifdef MSDOS
+#ifdef OPENSSL_SYS_MSDOS
 	/* This should set the file to binary mode. */
 	{
 #include <fcntl.h>
@@ -157,15 +155,15 @@ bad:
 		i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
 		if (i != 0)
 			{
-			memset(buf,0,BUFSIZ);
+			OPENSSL_cleanse(buf,BUFSIZ);
 			fprintf(stderr,"bad password read\n");
 			exit(1);
 			}
 		keystr=buf;
 		}
 
-	MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md);
-	memset(keystr,0,strlen(keystr));
+	EVP_Digest((unsigned char *)keystr,(unsigned long)strlen(keystr),md,NULL,EVP_md5());
+	OPENSSL_cleanse(keystr,strlen(keystr));
 	RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
 	
 	for(;;)
diff --git a/crypto/rc4/rc4.h b/crypto/rc4/rc4.h
index c558651af8..8722091f2e 100644
--- a/crypto/rc4/rc4.h
+++ b/crypto/rc4/rc4.h
@@ -1,4 +1,4 @@
-/* crypto/rc4/rc4.org */
+/* crypto/rc4/rc4.h */
 /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,46 +56,31 @@
  * [including the GNU Public Licence.]
  */
 
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * Always modify rc4.org since rc4.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
- */
-
 #ifndef HEADER_RC4_H
 #define HEADER_RC4_H
 
+#ifdef OPENSSL_NO_RC4
+#error RC4 is disabled.
+#endif
+
+#include <openssl/opensslconf.h> /* RC4_INT */
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-#define RC4_INT unsigned int
-
 typedef struct rc4_key_st
 	{
 	RC4_INT x,y;
 	RC4_INT data[256];
 	} RC4_KEY;
 
-#ifndef NOPROTO
  
-char *RC4_options(void);
-void RC4_set_key(RC4_KEY *key, int len, unsigned char *data);
-void RC4(RC4_KEY *key, unsigned long len, unsigned char *indata,
+const char *RC4_options(void);
+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
 		unsigned char *outdata);
 
-#else
-
-char *RC4_options();
-void RC4_set_key();
-void RC4();
-
-#endif
-
 #ifdef  __cplusplus
 }
 #endif
diff --git a/crypto/rc4/rc4.org b/crypto/rc4/rc4.org
deleted file mode 100644
index c558651af8..0000000000
--- a/crypto/rc4/rc4.org
+++ /dev/null
@@ -1,103 +0,0 @@
-/* crypto/rc4/rc4.org */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * Always modify rc4.org since rc4.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
- */
-
-#ifndef HEADER_RC4_H
-#define HEADER_RC4_H
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-#define RC4_INT unsigned int
-
-typedef struct rc4_key_st
-	{
-	RC4_INT x,y;
-	RC4_INT data[256];
-	} RC4_KEY;
-
-#ifndef NOPROTO
- 
-char *RC4_options(void);
-void RC4_set_key(RC4_KEY *key, int len, unsigned char *data);
-void RC4(RC4_KEY *key, unsigned long len, unsigned char *indata,
-		unsigned char *outdata);
-
-#else
-
-char *RC4_options();
-void RC4_set_key();
-void RC4();
-
-#endif
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/crypto/rc4/rc4_enc.c b/crypto/rc4/rc4_enc.c
index 26da6d520c..d5f18a3a70 100644
--- a/crypto/rc4/rc4_enc.c
+++ b/crypto/rc4/rc4_enc.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#include "rc4.h"
+#include <openssl/rc4.h>
 #include "rc4_locl.h"
 
 /* RC4 as implemented from a posting from
@@ -67,11 +67,8 @@
  * Date: Wed, 14 Sep 1994 06:35:31 GMT
  */
 
-void RC4(key, len, indata, outdata)
-RC4_KEY *key;
-unsigned long len;
-unsigned char *indata;
-unsigned char *outdata;
+void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
+	     unsigned char *outdata)
 	{
         register RC4_INT *d;
         register RC4_INT x,y,tx,ty;
@@ -81,6 +78,190 @@ unsigned char *outdata;
         y=key->y;     
         d=key->data; 
 
+#if defined(RC4_CHUNK)
+	/*
+	 * The original reason for implementing this(*) was the fact that
+	 * pre-21164a Alpha CPUs don't have byte load/store instructions
+	 * and e.g. a byte store has to be done with 64-bit load, shift,
+	 * and, or and finally 64-bit store. Peaking data and operating
+	 * at natural word size made it possible to reduce amount of
+	 * instructions as well as to perform early read-ahead without
+	 * suffering from RAW (read-after-write) hazard. This resulted
+	 * in ~40%(**) performance improvement on 21064 box with gcc.
+	 * But it's not only Alpha users who win here:-) Thanks to the
+	 * early-n-wide read-ahead this implementation also exhibits
+	 * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending
+	 * on sizeof(RC4_INT)).
+	 *
+	 * (*)	"this" means code which recognizes the case when input
+	 *	and output pointers appear to be aligned at natural CPU
+	 *	word boundary
+	 * (**)	i.e. according to 'apps/openssl speed rc4' benchmark,
+	 *	crypto/rc4/rc4speed.c exhibits almost 70% speed-up...
+	 *
+	 * Cavets.
+	 *
+	 * - RC4_CHUNK="unsigned long long" should be a #1 choice for
+	 *   UltraSPARC. Unfortunately gcc generates very slow code
+	 *   (2.5-3 times slower than one generated by Sun's WorkShop
+	 *   C) and therefore gcc (at least 2.95 and earlier) should
+	 *   always be told that RC4_CHUNK="unsigned long".
+	 *
+	 *					<appro@fy.chalmers.se>
+	 */
+
+# define RC4_STEP	( \
+			x=(x+1) &0xff,	\
+			tx=d[x],	\
+			y=(tx+y)&0xff,	\
+			ty=d[y],	\
+			d[y]=tx,	\
+			d[x]=ty,	\
+			(RC4_CHUNK)d[(tx+ty)&0xff]\
+			)
+
+	if ( ( ((unsigned long)indata  & (sizeof(RC4_CHUNK)-1)) | 
+	       ((unsigned long)outdata & (sizeof(RC4_CHUNK)-1)) ) == 0 )
+		{
+		RC4_CHUNK ichunk,otp;
+		const union { long one; char little; } is_endian = {1};
+
+		/*
+		 * I reckon we can afford to implement both endian
+		 * cases and to decide which way to take at run-time
+		 * because the machine code appears to be very compact
+		 * and redundant 1-2KB is perfectly tolerable (i.e.
+		 * in case the compiler fails to eliminate it:-). By
+		 * suggestion from Terrel Larson <terr@terralogic.net>
+		 * who also stands for the is_endian union:-)
+		 *
+		 * Special notes.
+		 *
+		 * - is_endian is declared automatic as doing otherwise
+		 *   (declaring static) prevents gcc from eliminating
+		 *   the redundant code;
+		 * - compilers (those I've tried) don't seem to have
+		 *   problems eliminating either the operators guarded
+		 *   by "if (sizeof(RC4_CHUNK)==8)" or the condition
+		 *   expressions themselves so I've got 'em to replace
+		 *   corresponding #ifdefs from the previous version;
+		 * - I chose to let the redundant switch cases when
+		 *   sizeof(RC4_CHUNK)!=8 be (were also #ifdefed
+		 *   before);
+		 * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in
+		 *   [LB]ESHFT guards against "shift is out of range"
+		 *   warnings when sizeof(RC4_CHUNK)!=8 
+		 *
+		 *			<appro@fy.chalmers.se>
+		 */
+		if (!is_endian.little)
+			{	/* BIG-ENDIAN CASE */
+# define BESHFT(c)	(((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1))
+			for (;len&-sizeof(RC4_CHUNK);len-=sizeof(RC4_CHUNK))
+				{
+				ichunk  = *(RC4_CHUNK *)indata;
+				otp  = RC4_STEP<<BESHFT(0);
+				otp |= RC4_STEP<<BESHFT(1);
+				otp |= RC4_STEP<<BESHFT(2);
+				otp |= RC4_STEP<<BESHFT(3);
+				if (sizeof(RC4_CHUNK)==8)
+					{
+					otp |= RC4_STEP<<BESHFT(4);
+					otp |= RC4_STEP<<BESHFT(5);
+					otp |= RC4_STEP<<BESHFT(6);
+					otp |= RC4_STEP<<BESHFT(7);
+					}
+				*(RC4_CHUNK *)outdata = otp^ichunk;
+				indata  += sizeof(RC4_CHUNK);
+				outdata += sizeof(RC4_CHUNK);
+				}
+			if (len)
+				{
+				RC4_CHUNK mask=(RC4_CHUNK)-1, ochunk;
+
+				ichunk = *(RC4_CHUNK *)indata;
+				ochunk = *(RC4_CHUNK *)outdata;
+				otp = 0;
+				i = BESHFT(0);
+				mask <<= (sizeof(RC4_CHUNK)-len)<<3;
+				switch (len&(sizeof(RC4_CHUNK)-1))
+					{
+					case 7:	otp  = RC4_STEP<<i, i-=8;
+					case 6:	otp |= RC4_STEP<<i, i-=8;
+					case 5:	otp |= RC4_STEP<<i, i-=8;
+					case 4:	otp |= RC4_STEP<<i, i-=8;
+					case 3:	otp |= RC4_STEP<<i, i-=8;
+					case 2:	otp |= RC4_STEP<<i, i-=8;
+					case 1:	otp |= RC4_STEP<<i, i-=8;
+					case 0: ; /*
+						   * it's never the case,
+						   * but it has to be here
+						   * for ultrix?
+						   */
+					}
+				ochunk &= ~mask;
+				ochunk |= (otp^ichunk) & mask;
+				*(RC4_CHUNK *)outdata = ochunk;
+				}
+			key->x=x;     
+			key->y=y;
+			return;
+			}
+		else
+			{	/* LITTLE-ENDIAN CASE */
+# define LESHFT(c)	(((c)*8)&(sizeof(RC4_CHUNK)*8-1))
+			for (;len&-sizeof(RC4_CHUNK);len-=sizeof(RC4_CHUNK))
+				{
+				ichunk  = *(RC4_CHUNK *)indata;
+				otp  = RC4_STEP;
+				otp |= RC4_STEP<<8;
+				otp |= RC4_STEP<<16;
+				otp |= RC4_STEP<<24;
+				if (sizeof(RC4_CHUNK)==8)
+					{
+					otp |= RC4_STEP<<LESHFT(4);
+					otp |= RC4_STEP<<LESHFT(5);
+					otp |= RC4_STEP<<LESHFT(6);
+					otp |= RC4_STEP<<LESHFT(7);
+					}
+				*(RC4_CHUNK *)outdata = otp^ichunk;
+				indata  += sizeof(RC4_CHUNK);
+				outdata += sizeof(RC4_CHUNK);
+				}
+			if (len)
+				{
+				RC4_CHUNK mask=(RC4_CHUNK)-1, ochunk;
+
+				ichunk = *(RC4_CHUNK *)indata;
+				ochunk = *(RC4_CHUNK *)outdata;
+				otp = 0;
+				i   = 0;
+				mask >>= (sizeof(RC4_CHUNK)-len)<<3;
+				switch (len&(sizeof(RC4_CHUNK)-1))
+					{
+					case 7:	otp  = RC4_STEP,    i+=8;
+					case 6:	otp |= RC4_STEP<<i, i+=8;
+					case 5:	otp |= RC4_STEP<<i, i+=8;
+					case 4:	otp |= RC4_STEP<<i, i+=8;
+					case 3:	otp |= RC4_STEP<<i, i+=8;
+					case 2:	otp |= RC4_STEP<<i, i+=8;
+					case 1:	otp |= RC4_STEP<<i, i+=8;
+					case 0: ; /*
+						   * it's never the case,
+						   * but it has to be here
+						   * for ultrix?
+						   */
+					}
+				ochunk &= ~mask;
+				ochunk |= (otp^ichunk) & mask;
+				*(RC4_CHUNK *)outdata = ochunk;
+				}
+			key->x=x;     
+			key->y=y;
+			return;
+			}
+		}
+#endif
 #define LOOP(in,out) \
 		x=((x+1)&0xff); \
 		tx=d[x]; \
diff --git a/crypto/rc4/rc4_enc.org b/crypto/rc4/rc4_enc.org
deleted file mode 100644
index c83b9aca85..0000000000
--- a/crypto/rc4/rc4_enc.org
+++ /dev/null
@@ -1,195 +0,0 @@
-/* crypto/rc4/rc4_enc.org */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * Always modify rc4_enc.org since rc4_enc.c is automatically generated from
- * it during SSLeay configuration.
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING 
- */
-
-#include "rc4.h"
-
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#define RC4_INDEX
-
-char *RC4_version="RC4 part of SSLeay 0.8.1b 29-Jun-1998";
-
-char *RC4_options()
-	{
-#ifdef RC4_INDEX
-	if (sizeof(RC4_INT) == 1)
-		return("rc4(idx,char)");
-	else
-		return("rc4(idx,int)");
-#else
-	if (sizeof(RC4_INT) == 1)
-		return("rc4(ptr,char)");
-	else
-		return("rc4(ptr,int)");
-#endif
-	}
-
-/* RC4 as implemented from a posting from
- * Newsgroups: sci.crypt
- * From: sterndark@netcom.com (David Sterndark)
- * Subject: RC4 Algorithm revealed.
- * Message-ID: <sternCvKL4B.Hyy@netcom.com>
- * Date: Wed, 14 Sep 1994 06:35:31 GMT
- */
-
-void RC4_set_key(key, len, data)
-RC4_KEY *key;
-int len;
-register unsigned char *data;
-	{
-        register RC4_INT tmp;
-        register int id1,id2;
-        register RC4_INT *d;
-        unsigned int i;
-        
-        d= &(key->data[0]);
-	for (i=0; i<256; i++)
-		d[i]=i;
-        key->x = 0;     
-        key->y = 0;     
-        id1=id2=0;     
-
-#define SK_LOOP(n) { \
-		tmp=d[(n)]; \
-		id2 = (data[id1] + tmp + id2) & 0xff; \
-		if (++id1 == len) id1=0; \
-		d[(n)]=d[id2]; \
-		d[id2]=tmp; }
-
-	for (i=0; i < 256; i+=4)
-		{
-		SK_LOOP(i+0);
-		SK_LOOP(i+1);
-		SK_LOOP(i+2);
-		SK_LOOP(i+3);
-		}
-	}
-    
-void RC4(key, len, indata, outdata)
-RC4_KEY *key;
-unsigned long len;
-unsigned char *indata;
-unsigned char *outdata;
-	{
-        register RC4_INT *d;
-        register RC4_INT x,y,tx,ty;
-	int i;
-        
-        x=key->x;     
-        y=key->y;     
-        d=key->data; 
-
-#define LOOP(in,out) \
-		x=((x+1)&0xff); \
-		tx=d[x]; \
-		y=(tx+y)&0xff; \
-		d[x]=ty=d[y]; \
-		d[y]=tx; \
-		(out) = d[(tx+ty)&0xff]^ (in);
-
-#ifndef RC4_INDEX
-#define RC4_LOOP(a,b,i)	LOOP(*((a)++),*((b)++))
-#else
-#define RC4_LOOP(a,b,i)	LOOP(a[i],b[i])
-#endif
-
-	i= -(int)len;
-	i=(int)(len>>3L);
-	if (i)
-		{
-		for (;;)
-			{
-			RC4_LOOP(indata,outdata,0);
-			RC4_LOOP(indata,outdata,1);
-			RC4_LOOP(indata,outdata,2);
-			RC4_LOOP(indata,outdata,3);
-			RC4_LOOP(indata,outdata,4);
-			RC4_LOOP(indata,outdata,5);
-			RC4_LOOP(indata,outdata,6);
-			RC4_LOOP(indata,outdata,7);
-#ifdef RC4_INDEX
-			indata+=8;
-			outdata+=8;
-#endif
-			if (--i == 0) break;
-			}
-		}
-	i=(int)len&0x07;
-	if (i)
-		{
-		for (;;)
-			{
-			RC4_LOOP(indata,outdata,0); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,1); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,2); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,3); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,4); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,5); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,6); if (--i == 0) break;
-			}
-		}               
-	key->x=x;     
-	key->y=y;
-	}
diff --git a/crypto/rc4/rc4_locl.h b/crypto/rc4/rc4_locl.h
index 1ef4455fb7..3bb80b6ce9 100644
--- a/crypto/rc4/rc4_locl.h
+++ b/crypto/rc4/rc4_locl.h
@@ -1,70 +1,4 @@
-/* crypto/rc4/rc4_locl.org */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * Always modify bf_locl.org since bf_locl.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-
+#ifndef HEADER_RC4_LOCL_H
+#define HEADER_RC4_LOCL_H
+#include <openssl/opensslconf.h>
+#endif
diff --git a/crypto/rc4/rc4_locl.org b/crypto/rc4/rc4_locl.org
deleted file mode 100644
index 1ef4455fb7..0000000000
--- a/crypto/rc4/rc4_locl.org
+++ /dev/null
@@ -1,70 +0,0 @@
-/* crypto/rc4/rc4_locl.org */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * Always modify bf_locl.org since bf_locl.h is automatically generated from
- * it during SSLeay configuration.
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- */
-
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-
diff --git a/crypto/rc4/rc4_skey.c b/crypto/rc4/rc4_skey.c
index 03e69e16c3..bb10c1ebe2 100644
--- a/crypto/rc4/rc4_skey.c
+++ b/crypto/rc4/rc4_skey.c
@@ -56,12 +56,13 @@
  * [including the GNU Public Licence.]
  */
 
-#include "rc4.h"
+#include <openssl/rc4.h>
 #include "rc4_locl.h"
+#include <openssl/opensslv.h>
 
-char *RC4_version="RC4 part of SSLeay 0.9.1a 06-Jul-1998";
+const char *RC4_version="RC4" OPENSSL_VERSION_PTEXT;
 
-char *RC4_options()
+const char *RC4_options(void)
 	{
 #ifdef RC4_INDEX
 	if (sizeof(RC4_INT) == 1)
@@ -84,10 +85,7 @@ char *RC4_options()
  * Date: Wed, 14 Sep 1994 06:35:31 GMT
  */
 
-void RC4_set_key(key, len, data)
-RC4_KEY *key;
-int len;
-register unsigned char *data;
+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
 	{
         register RC4_INT tmp;
         register int id1,id2;
diff --git a/crypto/rc4/rc4s.cpp b/crypto/rc4/rc4s.cpp
index 39f1727dd3..3814fde997 100644
--- a/crypto/rc4/rc4s.cpp
+++ b/crypto/rc4/rc4s.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "rc4.h"
+#include <openssl/rc4.h>
 
 void main(int argc,char *argv[])
 	{
diff --git a/crypto/rc4/rc4speed.c b/crypto/rc4/rc4speed.c
index f796f7b7be..ced98c52df 100644
--- a/crypto/rc4/rc4speed.c
+++ b/crypto/rc4/rc4speed.c
@@ -59,19 +59,17 @@
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
 
-#ifndef MSDOS
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
 #define TIMES
 #endif
 
 #include <stdio.h>
-#ifndef MSDOS
-#include <unistd.h>
-#else
-#include <io.h>
-extern int exit();
-#endif
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
 #include <signal.h>
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -79,15 +77,15 @@ extern int exit();
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
@@ -98,16 +96,12 @@ struct tms {
 #include <sys/param.h>
 #endif
 
-#include "rc4.h"
+#include <openssl/rc4.h>
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
 #ifndef CLK_TCK
-#ifndef VMS
-#define HZ	100.0
-#else /* VMS */
 #define HZ	100.0
-#endif
 #else /* CLK_TCK */
 #define HZ ((double)CLK_TCK)
 #endif
@@ -116,12 +110,7 @@ struct tms {
 #define BUFSIZE	((long)1024)
 long run=0;
 
-#ifndef NOPROTO
 double Time_F(int s);
-#else
-double Time_F();
-#endif
-
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
 #define SIGRETTYPE void
@@ -129,14 +118,8 @@ double Time_F();
 #define SIGRETTYPE int
 #endif
 
-#ifndef NOPROTO
 SIGRETTYPE sig_done(int sig);
-#else
-SIGRETTYPE sig_done();
-#endif
-
-SIGRETTYPE sig_done(sig)
-int sig;
+SIGRETTYPE sig_done(int sig)
 	{
 	signal(SIGALRM,sig_done);
 	run=0;
@@ -149,8 +132,7 @@ int sig;
 #define START	0
 #define STOP	1
 
-double Time_F(s)
-int s;
+double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -186,9 +168,7 @@ int s;
 #endif
 	}
 
-int main(argc,argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	long count;
 	static unsigned char buf[BUFSIZE];
@@ -203,7 +183,7 @@ char **argv;
 #endif
 
 #ifndef TIMES
-	printf("To get the most acurate results, try to run this\n");
+	printf("To get the most accurate results, try to run this\n");
 	printf("program when this computer is idle.\n");
 #endif
 
@@ -263,7 +243,7 @@ char **argv;
 	printf("RC4 set_key per sec = %12.2f (%9.3fuS)\n",a,1.0e6/a);
 	printf("RC4   bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
 	exit(0);
-#if defined(LINT) || defined(MSDOS)
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
 	return(0);
 #endif
 	}
diff --git a/crypto/rc4/rc4test.c b/crypto/rc4/rc4test.c
index 041e1aff95..b9d8f20975 100644
--- a/crypto/rc4/rc4test.c
+++ b/crypto/rc4/rc4test.c
@@ -59,9 +59,19 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "rc4.h"
 
-unsigned char keys[7][30]={
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_RC4
+int main(int argc, char *argv[])
+{
+    printf("No RC4 support\n");
+    return(0);
+}
+#else
+#include <openssl/rc4.h>
+
+static unsigned char keys[7][30]={
 	{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
 	{8,0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef},
 	{8,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
@@ -70,8 +80,8 @@ unsigned char keys[7][30]={
 	{4,0xef,0x01,0x23,0x45},
 	};
 
-unsigned char data_len[7]={8,8,8,20,28,10};
-unsigned char data[7][30]={
+static unsigned char data_len[7]={8,8,8,20,28,10};
+static unsigned char data[7][30]={
 	{0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xff},
 	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
 	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff},
@@ -86,7 +96,7 @@ unsigned char data[7][30]={
 	{0},
 	};
 
-unsigned char output[7][30]={
+static unsigned char output[7][30]={
 	{0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96,0x00},
 	{0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79,0x00},
 	{0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a,0x00},
@@ -101,9 +111,7 @@ unsigned char output[7][30]={
 	{0},
 	};
 
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int i,err=0;
 	int j;
@@ -189,7 +197,7 @@ char *argv[];
 			}
 		}
 	printf("done\n");
-	exit(err);
+	EXIT(err);
 	return(0);
 	}
-
+#endif
diff --git a/crypto/rc5/.cvsignore b/crypto/rc5/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/rc5/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/rc5/Makefile.ssl b/crypto/rc5/Makefile.ssl
index f7379b046b..bb4704d5f5 100644
--- a/crypto/rc5/Makefile.ssl
+++ b/crypto/rc5/Makefile.ssl
@@ -8,9 +8,12 @@ CC=	cc
 CPP=	$(CC) -E
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -42,12 +45,12 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 # elf
 asm/r586-elf.o: asm/r586unix.cpp
-	$(CPP) -DELF asm/r586unix.cpp | as -o asm/r586-elf.o
+	$(CPP) -DELF -x c asm/r586unix.cpp | as -o asm/r586-elf.o
 
 # solaris
 asm/r586-sol.o: asm/r586unix.cpp
@@ -63,25 +66,23 @@ asm/r586-out.o: asm/r586unix.cpp
 asm/r586bsdi.o: asm/r586unix.cpp
 	$(CPP) -DBSDI asm/r586unix.cpp | sed 's/ :/:/' | as -o asm/r586bsdi.o
 
-asm/r586unix.cpp:
-	(cd asm; perl rc5-586.pl cpp >r586unix.cpp)
+asm/r586unix.cpp: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+	(cd asm; $(PERL) rc5-586.pl cpp >r586unix.cpp)
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	# $(TOP)/util/point.sh ../../doc/rc5.doc rc5.doc ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -93,15 +94,20 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f asm/r586unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rc5_ecb.o: ../../include/openssl/opensslv.h ../../include/openssl/rc5.h
+rc5_ecb.o: rc5_ecb.c rc5_locl.h
+rc5_enc.o: ../../include/openssl/rc5.h rc5_enc.c rc5_locl.h
+rc5_skey.o: ../../include/openssl/rc5.h rc5_locl.h rc5_skey.c
+rc5cfb64.o: ../../include/openssl/rc5.h rc5_locl.h rc5cfb64.c
+rc5ofb64.o: ../../include/openssl/rc5.h rc5_locl.h rc5ofb64.c
diff --git a/crypto/rc5/Makefile.uni b/crypto/rc5/Makefile.uni
deleted file mode 100644
index e50b3f2d19..0000000000
--- a/crypto/rc5/Makefile.uni
+++ /dev/null
@@ -1,72 +0,0 @@
-# Targets
-# make          - twidle the options yourself :-)
-# make cc       - standard cc options
-# make gcc      - standard gcc options
-
-DIR=    rc2
-TOP=    .
-CC=     gcc
-CFLAG=	-O3 -fomit-frame-pointer
-
-CPP=    $(CC) -E
-INCLUDES=
-INSTALLTOP=/usr/local/lib
-MAKE=           make
-MAKEDEPEND=     makedepend
-MAKEFILE=       Makefile.uni
-AR=             ar r
-
-IDEA_ENC=rc2_cbc.o
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=rc2test
-APPS=rc2speed
-
-LIB=librc2.a
-LIBSRC=rc2_skey.c rc2_ecb.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
-LIBOBJ=rc2_skey.o rc2_ecb.o $(IDEA_ENC) rc2cfb64.o rc2ofb64.o
-
-SRC= $(LIBSRC)
-
-EXHEADER= rc2.h
-HEADER= rc2_locl.h $(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-all:    $(LIB) $(TEST) $(APPS)
-
-$(LIB):    $(LIBOBJ)
-	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/ranlib.sh $(LIB)
-
-test:	$(TEST)
-	./$(TEST)
-
-$(TEST): $(TEST).c $(LIB)
-	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
-
-$(APPS): $(APPS).c $(LIB)
-	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
-
-dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-cc:
-	$(MAKE) CC="cc" CFLAG="-O" all
-
-gcc:
-	$(MAKE) CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/rc5/asm/.cvsignore b/crypto/rc5/asm/.cvsignore
new file mode 100644
index 0000000000..f60a6a8d65
--- /dev/null
+++ b/crypto/rc5/asm/.cvsignore
@@ -0,0 +1 @@
+r586unix.cpp
diff --git a/crypto/rc5/asm/r5-win32.asm b/crypto/rc5/asm/r5-win32.asm
deleted file mode 100644
index f43d3711f0..0000000000
--- a/crypto/rc5/asm/r5-win32.asm
+++ /dev/null
@@ -1,574 +0,0 @@
-	; Don't even think of reading this code
-	; It was automatically generated by rc5-586.pl
-	; Which is a perl program used to generate the x86 assember for
-	; any of elf, a.out, BSDI,Win32, or Solaris
-	; eric <eay@cryptsoft.com>
-	; 
-	TITLE	rc5-586.asm
-        .386
-.model FLAT
-_TEXT	SEGMENT
-PUBLIC	_RC5_32_encrypt
-
-_RC5_32_encrypt PROC NEAR
-	; 
-	push	ebp
-	push	esi
-	push	edi
-	mov	edx,		DWORD PTR 16[esp]
-	mov	ebp,		DWORD PTR 20[esp]
-	; Load the 2 words
-	mov	edi,		DWORD PTR [edx]
-	mov	esi,		DWORD PTR 4[edx]
-	push	ebx
-	mov	ebx,		DWORD PTR [ebp]
-	add	edi,		DWORD PTR 4[ebp]
-	add	esi,		DWORD PTR 8[ebp]
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 12[ebp]
-	mov	ecx,		esi
-	rol	edi,		cl
-	add	edi,		eax
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 16[ebp]
-	mov	ecx,		edi
-	rol	esi,		cl
-	add	esi,		eax
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 20[ebp]
-	mov	ecx,		esi
-	rol	edi,		cl
-	add	edi,		eax
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 24[ebp]
-	mov	ecx,		edi
-	rol	esi,		cl
-	add	esi,		eax
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 28[ebp]
-	mov	ecx,		esi
-	rol	edi,		cl
-	add	edi,		eax
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 32[ebp]
-	mov	ecx,		edi
-	rol	esi,		cl
-	add	esi,		eax
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 36[ebp]
-	mov	ecx,		esi
-	rol	edi,		cl
-	add	edi,		eax
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 40[ebp]
-	mov	ecx,		edi
-	rol	esi,		cl
-	add	esi,		eax
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 44[ebp]
-	mov	ecx,		esi
-	rol	edi,		cl
-	add	edi,		eax
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 48[ebp]
-	mov	ecx,		edi
-	rol	esi,		cl
-	add	esi,		eax
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 52[ebp]
-	mov	ecx,		esi
-	rol	edi,		cl
-	add	edi,		eax
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 56[ebp]
-	mov	ecx,		edi
-	rol	esi,		cl
-	add	esi,		eax
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 60[ebp]
-	mov	ecx,		esi
-	rol	edi,		cl
-	add	edi,		eax
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 64[ebp]
-	mov	ecx,		edi
-	rol	esi,		cl
-	add	esi,		eax
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 68[ebp]
-	mov	ecx,		esi
-	rol	edi,		cl
-	add	edi,		eax
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 72[ebp]
-	mov	ecx,		edi
-	rol	esi,		cl
-	add	esi,		eax
-	cmp	ebx,		8
-	je	$L000rc5_exit
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 76[ebp]
-	mov	ecx,		esi
-	rol	edi,		cl
-	add	edi,		eax
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 80[ebp]
-	mov	ecx,		edi
-	rol	esi,		cl
-	add	esi,		eax
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 84[ebp]
-	mov	ecx,		esi
-	rol	edi,		cl
-	add	edi,		eax
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 88[ebp]
-	mov	ecx,		edi
-	rol	esi,		cl
-	add	esi,		eax
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 92[ebp]
-	mov	ecx,		esi
-	rol	edi,		cl
-	add	edi,		eax
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 96[ebp]
-	mov	ecx,		edi
-	rol	esi,		cl
-	add	esi,		eax
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 100[ebp]
-	mov	ecx,		esi
-	rol	edi,		cl
-	add	edi,		eax
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 104[ebp]
-	mov	ecx,		edi
-	rol	esi,		cl
-	add	esi,		eax
-	cmp	ebx,		12
-	je	$L000rc5_exit
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 108[ebp]
-	mov	ecx,		esi
-	rol	edi,		cl
-	add	edi,		eax
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 112[ebp]
-	mov	ecx,		edi
-	rol	esi,		cl
-	add	esi,		eax
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 116[ebp]
-	mov	ecx,		esi
-	rol	edi,		cl
-	add	edi,		eax
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 120[ebp]
-	mov	ecx,		edi
-	rol	esi,		cl
-	add	esi,		eax
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 124[ebp]
-	mov	ecx,		esi
-	rol	edi,		cl
-	add	edi,		eax
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 128[ebp]
-	mov	ecx,		edi
-	rol	esi,		cl
-	add	esi,		eax
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 132[ebp]
-	mov	ecx,		esi
-	rol	edi,		cl
-	add	edi,		eax
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 136[ebp]
-	mov	ecx,		edi
-	rol	esi,		cl
-	add	esi,		eax
-$L000rc5_exit:
-	mov	DWORD PTR [edx],edi
-	mov	DWORD PTR 4[edx],esi
-	pop	ebx
-	pop	edi
-	pop	esi
-	pop	ebp
-	ret
-_RC5_32_encrypt ENDP
-_TEXT	ENDS
-_TEXT	SEGMENT
-PUBLIC	_RC5_32_decrypt
-
-_RC5_32_decrypt PROC NEAR
-	; 
-	push	ebp
-	push	esi
-	push	edi
-	mov	edx,		DWORD PTR 16[esp]
-	mov	ebp,		DWORD PTR 20[esp]
-	; Load the 2 words
-	mov	edi,		DWORD PTR [edx]
-	mov	esi,		DWORD PTR 4[edx]
-	push	ebx
-	mov	ebx,		DWORD PTR [ebp]
-	cmp	ebx,		12
-	je	$L001rc5_dec_12
-	cmp	ebx,		8
-	je	$L002rc5_dec_8
-	mov	eax,		DWORD PTR 136[ebp]
-	sub	esi,		eax
-	mov	ecx,		edi
-	ror	esi,		cl
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 132[ebp]
-	sub	edi,		eax
-	mov	ecx,		esi
-	ror	edi,		cl
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 128[ebp]
-	sub	esi,		eax
-	mov	ecx,		edi
-	ror	esi,		cl
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 124[ebp]
-	sub	edi,		eax
-	mov	ecx,		esi
-	ror	edi,		cl
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 120[ebp]
-	sub	esi,		eax
-	mov	ecx,		edi
-	ror	esi,		cl
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 116[ebp]
-	sub	edi,		eax
-	mov	ecx,		esi
-	ror	edi,		cl
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 112[ebp]
-	sub	esi,		eax
-	mov	ecx,		edi
-	ror	esi,		cl
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 108[ebp]
-	sub	edi,		eax
-	mov	ecx,		esi
-	ror	edi,		cl
-	xor	edi,		esi
-$L001rc5_dec_12:
-	mov	eax,		DWORD PTR 104[ebp]
-	sub	esi,		eax
-	mov	ecx,		edi
-	ror	esi,		cl
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 100[ebp]
-	sub	edi,		eax
-	mov	ecx,		esi
-	ror	edi,		cl
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 96[ebp]
-	sub	esi,		eax
-	mov	ecx,		edi
-	ror	esi,		cl
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 92[ebp]
-	sub	edi,		eax
-	mov	ecx,		esi
-	ror	edi,		cl
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 88[ebp]
-	sub	esi,		eax
-	mov	ecx,		edi
-	ror	esi,		cl
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 84[ebp]
-	sub	edi,		eax
-	mov	ecx,		esi
-	ror	edi,		cl
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 80[ebp]
-	sub	esi,		eax
-	mov	ecx,		edi
-	ror	esi,		cl
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 76[ebp]
-	sub	edi,		eax
-	mov	ecx,		esi
-	ror	edi,		cl
-	xor	edi,		esi
-$L002rc5_dec_8:
-	mov	eax,		DWORD PTR 72[ebp]
-	sub	esi,		eax
-	mov	ecx,		edi
-	ror	esi,		cl
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 68[ebp]
-	sub	edi,		eax
-	mov	ecx,		esi
-	ror	edi,		cl
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 64[ebp]
-	sub	esi,		eax
-	mov	ecx,		edi
-	ror	esi,		cl
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 60[ebp]
-	sub	edi,		eax
-	mov	ecx,		esi
-	ror	edi,		cl
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 56[ebp]
-	sub	esi,		eax
-	mov	ecx,		edi
-	ror	esi,		cl
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 52[ebp]
-	sub	edi,		eax
-	mov	ecx,		esi
-	ror	edi,		cl
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 48[ebp]
-	sub	esi,		eax
-	mov	ecx,		edi
-	ror	esi,		cl
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 44[ebp]
-	sub	edi,		eax
-	mov	ecx,		esi
-	ror	edi,		cl
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 40[ebp]
-	sub	esi,		eax
-	mov	ecx,		edi
-	ror	esi,		cl
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 36[ebp]
-	sub	edi,		eax
-	mov	ecx,		esi
-	ror	edi,		cl
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 32[ebp]
-	sub	esi,		eax
-	mov	ecx,		edi
-	ror	esi,		cl
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 28[ebp]
-	sub	edi,		eax
-	mov	ecx,		esi
-	ror	edi,		cl
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 24[ebp]
-	sub	esi,		eax
-	mov	ecx,		edi
-	ror	esi,		cl
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 20[ebp]
-	sub	edi,		eax
-	mov	ecx,		esi
-	ror	edi,		cl
-	xor	edi,		esi
-	mov	eax,		DWORD PTR 16[ebp]
-	sub	esi,		eax
-	mov	ecx,		edi
-	ror	esi,		cl
-	xor	esi,		edi
-	mov	eax,		DWORD PTR 12[ebp]
-	sub	edi,		eax
-	mov	ecx,		esi
-	ror	edi,		cl
-	xor	edi,		esi
-	sub	esi,		DWORD PTR 8[ebp]
-	sub	edi,		DWORD PTR 4[ebp]
-L003rc5_exit:
-	mov	DWORD PTR [edx],edi
-	mov	DWORD PTR 4[edx],esi
-	pop	ebx
-	pop	edi
-	pop	esi
-	pop	ebp
-	ret
-_RC5_32_decrypt ENDP
-_TEXT	ENDS
-_TEXT	SEGMENT
-PUBLIC	_RC5_32_cbc_encrypt
-
-_RC5_32_cbc_encrypt PROC NEAR
-	; 
-	push	ebp
-	push	ebx
-	push	esi
-	push	edi
-	mov	ebp,		DWORD PTR 28[esp]
-	; getting iv ptr from parameter 4
-	mov	ebx,		DWORD PTR 36[esp]
-	mov	esi,		DWORD PTR [ebx]
-	mov	edi,		DWORD PTR 4[ebx]
-	push	edi
-	push	esi
-	push	edi
-	push	esi
-	mov	ebx,		esp
-	mov	esi,		DWORD PTR 36[esp]
-	mov	edi,		DWORD PTR 40[esp]
-	; getting encrypt flag from parameter 5
-	mov	ecx,		DWORD PTR 56[esp]
-	; get and push parameter 3
-	mov	eax,		DWORD PTR 48[esp]
-	push	eax
-	push	ebx
-	cmp	ecx,		0
-	jz	$L004decrypt
-	and	ebp,		4294967288
-	mov	eax,		DWORD PTR 8[esp]
-	mov	ebx,		DWORD PTR 12[esp]
-	jz	$L005encrypt_finish
-L006encrypt_loop:
-	mov	ecx,		DWORD PTR [esi]
-	mov	edx,		DWORD PTR 4[esi]
-	xor	eax,		ecx
-	xor	ebx,		edx
-	mov	DWORD PTR 8[esp],eax
-	mov	DWORD PTR 12[esp],ebx
-	call	_RC5_32_encrypt
-	mov	eax,		DWORD PTR 8[esp]
-	mov	ebx,		DWORD PTR 12[esp]
-	mov	DWORD PTR [edi],eax
-	mov	DWORD PTR 4[edi],ebx
-	add	esi,		8
-	add	edi,		8
-	sub	ebp,		8
-	jnz	L006encrypt_loop
-$L005encrypt_finish:
-	mov	ebp,		DWORD PTR 52[esp]
-	and	ebp,		7
-	jz	$L007finish
-	xor	ecx,		ecx
-	xor	edx,		edx
-	mov	ebp,		DWORD PTR $L008cbc_enc_jmp_table[ebp*4]
-	jmp	 ebp
-L009ej7:
-	mov	dh,		BYTE PTR 6[esi]
-	shl	edx,		8
-L010ej6:
-	mov	dh,		BYTE PTR 5[esi]
-L011ej5:
-	mov	dl,		BYTE PTR 4[esi]
-L012ej4:
-	mov	ecx,		DWORD PTR [esi]
-	jmp	$L013ejend
-L014ej3:
-	mov	ch,		BYTE PTR 2[esi]
-	shl	ecx,		8
-L015ej2:
-	mov	ch,		BYTE PTR 1[esi]
-L016ej1:
-	mov	cl,		BYTE PTR [esi]
-$L013ejend:
-	xor	eax,		ecx
-	xor	ebx,		edx
-	mov	DWORD PTR 8[esp],eax
-	mov	DWORD PTR 12[esp],ebx
-	call	_RC5_32_encrypt
-	mov	eax,		DWORD PTR 8[esp]
-	mov	ebx,		DWORD PTR 12[esp]
-	mov	DWORD PTR [edi],eax
-	mov	DWORD PTR 4[edi],ebx
-	jmp	$L007finish
-$L004decrypt:
-	and	ebp,		4294967288
-	mov	eax,		DWORD PTR 16[esp]
-	mov	ebx,		DWORD PTR 20[esp]
-	jz	$L017decrypt_finish
-L018decrypt_loop:
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-	mov	DWORD PTR 8[esp],eax
-	mov	DWORD PTR 12[esp],ebx
-	call	_RC5_32_decrypt
-	mov	eax,		DWORD PTR 8[esp]
-	mov	ebx,		DWORD PTR 12[esp]
-	mov	ecx,		DWORD PTR 16[esp]
-	mov	edx,		DWORD PTR 20[esp]
-	xor	ecx,		eax
-	xor	edx,		ebx
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-	mov	DWORD PTR [edi],ecx
-	mov	DWORD PTR 4[edi],edx
-	mov	DWORD PTR 16[esp],eax
-	mov	DWORD PTR 20[esp],ebx
-	add	esi,		8
-	add	edi,		8
-	sub	ebp,		8
-	jnz	L018decrypt_loop
-$L017decrypt_finish:
-	mov	ebp,		DWORD PTR 52[esp]
-	and	ebp,		7
-	jz	$L007finish
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-	mov	DWORD PTR 8[esp],eax
-	mov	DWORD PTR 12[esp],ebx
-	call	_RC5_32_decrypt
-	mov	eax,		DWORD PTR 8[esp]
-	mov	ebx,		DWORD PTR 12[esp]
-	mov	ecx,		DWORD PTR 16[esp]
-	mov	edx,		DWORD PTR 20[esp]
-	xor	ecx,		eax
-	xor	edx,		ebx
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-L019dj7:
-	ror	edx,		16
-	mov	BYTE PTR 6[edi],dl
-	shr	edx,		16
-L020dj6:
-	mov	BYTE PTR 5[edi],dh
-L021dj5:
-	mov	BYTE PTR 4[edi],dl
-L022dj4:
-	mov	DWORD PTR [edi],ecx
-	jmp	$L023djend
-L024dj3:
-	ror	ecx,		16
-	mov	BYTE PTR 2[edi],cl
-	shl	ecx,		16
-L025dj2:
-	mov	BYTE PTR 1[esi],ch
-L026dj1:
-	mov	BYTE PTR [esi],	cl
-$L023djend:
-	jmp	$L007finish
-$L007finish:
-	mov	ecx,		DWORD PTR 60[esp]
-	add	esp,		24
-	mov	DWORD PTR [ecx],eax
-	mov	DWORD PTR 4[ecx],ebx
-	pop	edi
-	pop	esi
-	pop	ebx
-	pop	ebp
-	ret
-$L008cbc_enc_jmp_table:
-	DD	0
-	DD	L016ej1
-	DD	L015ej2
-	DD	L014ej3
-	DD	L012ej4
-	DD	L011ej5
-	DD	L010ej6
-	DD	L009ej7
-L027cbc_dec_jmp_table:
-	DD	0
-	DD	L026dj1
-	DD	L025dj2
-	DD	L024dj3
-	DD	L022dj4
-	DD	L021dj5
-	DD	L020dj6
-	DD	L019dj7
-_RC5_32_cbc_encrypt ENDP
-_TEXT	ENDS
-END
diff --git a/crypto/rc5/asm/r586unix.cpp b/crypto/rc5/asm/r586unix.cpp
deleted file mode 100644
index a25dd5a9a4..0000000000
--- a/crypto/rc5/asm/r586unix.cpp
+++ /dev/null
@@ -1,628 +0,0 @@
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-
-#if defined(OUT) || defined(BSDI)
-#define RC5_32_encrypt _RC5_32_encrypt
-#define RC5_32_decrypt _RC5_32_decrypt
-#define RC5_32_cbc_encrypt _RC5_32_cbc_encrypt
-
-#endif
-
-#ifdef OUT
-#define OK	1
-#define ALIGN	4
-#endif
-
-#ifdef BSDI
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-/* Let the Assembler begin :-) */
-	/* Don't even think of reading this code */
-	/* It was automatically generated by rc5-586.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, BSDI,Win32, or Solaris */
-	/* eric <eay@cryptsoft.com> */
-
-	.file	"rc5-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl RC5_32_encrypt
-	TYPE(RC5_32_encrypt,@function)
-RC5_32_encrypt:
-
-	pushl	%ebp
-	pushl	%esi
-	pushl	%edi
-	movl	16(%esp),	%edx
-	movl	20(%esp),	%ebp
-	/* Load the 2 words */
-	movl	(%edx),		%edi
-	movl	4(%edx),	%esi
-	pushl	%ebx
-	movl	(%ebp),		%ebx
-	addl	4(%ebp),	%edi
-	addl	8(%ebp),	%esi
-	xorl	%esi,		%edi
-	movl	12(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	16(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	20(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	24(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	28(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	32(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	36(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	40(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	44(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	48(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	52(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	56(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	60(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	64(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	68(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	72(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	cmpl	$8,		%ebx
-	je	.L000rc5_exit
-	xorl	%esi,		%edi
-	movl	76(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	80(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	84(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	88(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	92(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	96(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	100(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	104(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	cmpl	$12,		%ebx
-	je	.L000rc5_exit
-	xorl	%esi,		%edi
-	movl	108(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	112(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	116(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	120(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	124(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	128(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-	xorl	%esi,		%edi
-	movl	132(%ebp),	%eax
-	movl	%esi,		%ecx
-	roll	%cl,		%edi
-	addl	%eax,		%edi
-	xorl	%edi,		%esi
-	movl	136(%ebp),	%eax
-	movl	%edi,		%ecx
-	roll	%cl,		%esi
-	addl	%eax,		%esi
-.L000rc5_exit:
-	movl	%edi,		(%edx)
-	movl	%esi,		4(%edx)
-	popl	%ebx
-	popl	%edi
-	popl	%esi
-	popl	%ebp
-	ret
-.RC5_32_encrypt_end:
-	SIZE(RC5_32_encrypt,.RC5_32_encrypt_end-RC5_32_encrypt)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl RC5_32_decrypt
-	TYPE(RC5_32_decrypt,@function)
-RC5_32_decrypt:
-
-	pushl	%ebp
-	pushl	%esi
-	pushl	%edi
-	movl	16(%esp),	%edx
-	movl	20(%esp),	%ebp
-	/* Load the 2 words */
-	movl	(%edx),		%edi
-	movl	4(%edx),	%esi
-	pushl	%ebx
-	movl	(%ebp),		%ebx
-	cmpl	$12,		%ebx
-	je	.L001rc5_dec_12
-	cmpl	$8,		%ebx
-	je	.L002rc5_dec_8
-	movl	136(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	132(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	128(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	124(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	120(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	116(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	112(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	108(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-.L001rc5_dec_12:
-	movl	104(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	100(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	96(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	92(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	88(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	84(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	80(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	76(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-.L002rc5_dec_8:
-	movl	72(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	68(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	64(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	60(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	56(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	52(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	48(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	44(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	40(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	36(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	32(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	28(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	24(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	20(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	movl	16(%ebp),	%eax
-	subl	%eax,		%esi
-	movl	%edi,		%ecx
-	rorl	%cl,		%esi
-	xorl	%edi,		%esi
-	movl	12(%ebp),	%eax
-	subl	%eax,		%edi
-	movl	%esi,		%ecx
-	rorl	%cl,		%edi
-	xorl	%esi,		%edi
-	subl	8(%ebp),	%esi
-	subl	4(%ebp),	%edi
-.L003rc5_exit:
-	movl	%edi,		(%edx)
-	movl	%esi,		4(%edx)
-	popl	%ebx
-	popl	%edi
-	popl	%esi
-	popl	%ebp
-	ret
-.RC5_32_decrypt_end:
-	SIZE(RC5_32_decrypt,.RC5_32_decrypt_end-RC5_32_decrypt)
-.ident	"desasm.pl"
-.text
-	.align ALIGN
-.globl RC5_32_cbc_encrypt
-	TYPE(RC5_32_cbc_encrypt,@function)
-RC5_32_cbc_encrypt:
-
-	pushl	%ebp
-	pushl	%ebx
-	pushl	%esi
-	pushl	%edi
-	movl	28(%esp),	%ebp
-	/* getting iv ptr from parameter 4 */
-	movl	36(%esp),	%ebx
-	movl	(%ebx),		%esi
-	movl	4(%ebx),	%edi
-	pushl	%edi
-	pushl	%esi
-	pushl	%edi
-	pushl	%esi
-	movl	%esp,		%ebx
-	movl	36(%esp),	%esi
-	movl	40(%esp),	%edi
-	/* getting encrypt flag from parameter 5 */
-	movl	56(%esp),	%ecx
-	/* get and push parameter 3 */
-	movl	48(%esp),	%eax
-	pushl	%eax
-	pushl	%ebx
-	cmpl	$0,		%ecx
-	jz	.L004decrypt
-	andl	$4294967288,	%ebp
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-	jz	.L005encrypt_finish
-.L006encrypt_loop:
-	movl	(%esi),		%ecx
-	movl	4(%esi),	%edx
-	xorl	%ecx,		%eax
-	xorl	%edx,		%ebx
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	RC5_32_encrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-	movl	%eax,		(%edi)
-	movl	%ebx,		4(%edi)
-	addl	$8,		%esi
-	addl	$8,		%edi
-	subl	$8,		%ebp
-	jnz	.L006encrypt_loop
-.L005encrypt_finish:
-	movl	52(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L007finish
-	xorl	%ecx,		%ecx
-	xorl	%edx,		%edx
-	movl	.L008cbc_enc_jmp_table(,%ebp,4),%ebp
-	jmp	*%ebp
-.L009ej7:
-	movb	6(%esi),	%dh
-	sall	$8,		%edx
-.L010ej6:
-	movb	5(%esi),	%dh
-.L011ej5:
-	movb	4(%esi),	%dl
-.L012ej4:
-	movl	(%esi),		%ecx
-	jmp	.L013ejend
-.L014ej3:
-	movb	2(%esi),	%ch
-	sall	$8,		%ecx
-.L015ej2:
-	movb	1(%esi),	%ch
-.L016ej1:
-	movb	(%esi),		%cl
-.L013ejend:
-	xorl	%ecx,		%eax
-	xorl	%edx,		%ebx
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	RC5_32_encrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-	movl	%eax,		(%edi)
-	movl	%ebx,		4(%edi)
-	jmp	.L007finish
-.align ALIGN
-.L004decrypt:
-	andl	$4294967288,	%ebp
-	movl	16(%esp),	%eax
-	movl	20(%esp),	%ebx
-	jz	.L017decrypt_finish
-.L018decrypt_loop:
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	RC5_32_decrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-	movl	16(%esp),	%ecx
-	movl	20(%esp),	%edx
-	xorl	%eax,		%ecx
-	xorl	%ebx,		%edx
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%ecx,		(%edi)
-	movl	%edx,		4(%edi)
-	movl	%eax,		16(%esp)
-	movl	%ebx,		20(%esp)
-	addl	$8,		%esi
-	addl	$8,		%edi
-	subl	$8,		%ebp
-	jnz	.L018decrypt_loop
-.L017decrypt_finish:
-	movl	52(%esp),	%ebp
-	andl	$7,		%ebp
-	jz	.L007finish
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%eax,		8(%esp)
-	movl	%ebx,		12(%esp)
-	call	RC5_32_decrypt
-	movl	8(%esp),	%eax
-	movl	12(%esp),	%ebx
-	movl	16(%esp),	%ecx
-	movl	20(%esp),	%edx
-	xorl	%eax,		%ecx
-	xorl	%ebx,		%edx
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-.L019dj7:
-	rorl	$16,		%edx
-	movb	%dl,		6(%edi)
-	shrl	$16,		%edx
-.L020dj6:
-	movb	%dh,		5(%edi)
-.L021dj5:
-	movb	%dl,		4(%edi)
-.L022dj4:
-	movl	%ecx,		(%edi)
-	jmp	.L023djend
-.L024dj3:
-	rorl	$16,		%ecx
-	movb	%cl,		2(%edi)
-	sall	$16,		%ecx
-.L025dj2:
-	movb	%ch,		1(%esi)
-.L026dj1:
-	movb	%cl,		(%esi)
-.L023djend:
-	jmp	.L007finish
-.align ALIGN
-.L007finish:
-	movl	60(%esp),	%ecx
-	addl	$24,		%esp
-	movl	%eax,		(%ecx)
-	movl	%ebx,		4(%ecx)
-	popl	%edi
-	popl	%esi
-	popl	%ebx
-	popl	%ebp
-	ret
-.align ALIGN
-.L008cbc_enc_jmp_table:
-	.long 0
-	.long .L016ej1
-	.long .L015ej2
-	.long .L014ej3
-	.long .L012ej4
-	.long .L011ej5
-	.long .L010ej6
-	.long .L009ej7
-.align ALIGN
-.L027cbc_dec_jmp_table:
-	.long 0
-	.long .L026dj1
-	.long .L025dj2
-	.long .L024dj3
-	.long .L022dj4
-	.long .L021dj5
-	.long .L020dj6
-	.long .L019dj7
-.RC5_32_cbc_encrypt_end:
-	SIZE(RC5_32_cbc_encrypt,.RC5_32_cbc_encrypt_end-RC5_32_cbc_encrypt)
-.ident	"desasm.pl"
diff --git a/crypto/rc5/rc5.h b/crypto/rc5/rc5.h
index 5fd64e3f10..4adfd2db5a 100644
--- a/crypto/rc5/rc5.h
+++ b/crypto/rc5/rc5.h
@@ -63,6 +63,10 @@
 extern "C" {
 #endif
 
+#ifdef OPENSSL_NO_RC5
+#error RC5 is disabled.
+#endif
+
 #define RC5_ENCRYPT	1
 #define RC5_DECRYPT	0
 
@@ -88,32 +92,22 @@ typedef struct rc5_key_st
 	RC5_32_INT data[2*(RC5_16_ROUNDS+1)];
 	} RC5_32_KEY;
 
-#ifndef NOPROTO
  
-void RC5_32_set_key(RC5_32_KEY *key, int len, unsigned char *data,
+void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
 	int rounds);
-void RC5_32_ecb_encrypt(unsigned char *in,unsigned char *out,RC5_32_KEY *key,
+void RC5_32_ecb_encrypt(const unsigned char *in,unsigned char *out,RC5_32_KEY *key,
 	int enc);
 void RC5_32_encrypt(unsigned long *data,RC5_32_KEY *key);
 void RC5_32_decrypt(unsigned long *data,RC5_32_KEY *key);
-void RC5_32_cbc_encrypt(unsigned char *in, unsigned char *out, long length,
-	RC5_32_KEY *ks, unsigned char *iv, int enc);
-void RC5_32_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	RC5_32_KEY *schedule, unsigned char *ivec, int *num, int enc);
-void RC5_32_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	RC5_32_KEY *schedule, unsigned char *ivec, int *num);
-
-#else
-
-void RC5_32_set_key();
-void RC5_32_ecb_encrypt();
-void RC5_32_encrypt();
-void RC5_32_decrypt();
-void RC5_32_cbc_encrypt();
-void RC5_32_cfb64_encrypt();
-void RC5_32_ofb64_encrypt();
-
-#endif
+void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
+			long length, RC5_32_KEY *ks, unsigned char *iv,
+			int enc);
+void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+			  long length, RC5_32_KEY *schedule,
+			  unsigned char *ivec, int *num, int enc);
+void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+			  long length, RC5_32_KEY *schedule,
+			  unsigned char *ivec, int *num);
 
 #ifdef  __cplusplus
 }
diff --git a/crypto/rc5/rc5_ecb.c b/crypto/rc5/rc5_ecb.c
index ab971a9de9..e72b535507 100644
--- a/crypto/rc5/rc5_ecb.c
+++ b/crypto/rc5/rc5_ecb.c
@@ -56,16 +56,14 @@
  * [including the GNU Public Licence.]
  */
 
-#include "rc5.h"
+#include <openssl/rc5.h>
 #include "rc5_locl.h"
+#include <openssl/opensslv.h>
 
-char *RC5_version="RC5 part of SSLeay 0.9.1a 06-Jul-1998";
+const char RC5_version[]="RC5" OPENSSL_VERSION_PTEXT;
 
-void RC5_32_ecb_encrypt(in, out, ks, encrypt)
-unsigned char *in;
-unsigned char *out;
-RC5_32_KEY *ks;
-int encrypt;
+void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out,
+			RC5_32_KEY *ks, int encrypt)
 	{
 	unsigned long l,d[2];
 
diff --git a/crypto/rc5/rc5_enc.c b/crypto/rc5/rc5_enc.c
index ee5f97eed1..f327d32a76 100644
--- a/crypto/rc5/rc5_enc.c
+++ b/crypto/rc5/rc5_enc.c
@@ -57,16 +57,12 @@
  */
 
 #include <stdio.h>
-#include "rc5.h"
+#include <openssl/rc5.h>
 #include "rc5_locl.h"
 
-void RC5_32_cbc_encrypt(in, out, length, ks, iv, encrypt)
-unsigned char *in;
-unsigned char *out;
-long length;
-RC5_32_KEY *ks;
-unsigned char *iv;
-int encrypt;
+void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
+			long length, RC5_32_KEY *ks, unsigned char *iv,
+			int encrypt)
 	{
 	register unsigned long tin0,tin1;
 	register unsigned long tout0,tout1,xor0,xor1;
@@ -139,9 +135,7 @@ int encrypt;
 	tin[0]=tin[1]=0;
 	}
 
-void RC5_32_encrypt(d,key)
-unsigned long *d;
-RC5_32_KEY *key;
+void RC5_32_encrypt(unsigned long *d, RC5_32_KEY *key)
 	{
 	RC5_32_INT a,b,*s;
 
@@ -180,9 +174,7 @@ RC5_32_KEY *key;
 	d[1]=b;
 	}
 
-void RC5_32_decrypt(d,key)
-unsigned long *d;
-RC5_32_KEY *key;
+void RC5_32_decrypt(unsigned long *d, RC5_32_KEY *key)
 	{
 	RC5_32_INT a,b,*s;
 
diff --git a/crypto/rc5/rc5_locl.h b/crypto/rc5/rc5_locl.h
index 718c6162ea..d3871c6555 100644
--- a/crypto/rc5/rc5_locl.h
+++ b/crypto/rc5/rc5_locl.h
@@ -146,7 +146,7 @@
                          *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
                          *((c)++)=(unsigned char)(((l)     )&0xff))
 
-#if defined(WIN32)
+#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
 #define ROTATE_l32(a,n)     _lrotl(a,n)
 #define ROTATE_r32(a,n)     _lrotr(a,n)
 #else
diff --git a/crypto/rc5/rc5_skey.c b/crypto/rc5/rc5_skey.c
index 5753390d08..a2e00a41c5 100644
--- a/crypto/rc5/rc5_skey.c
+++ b/crypto/rc5/rc5_skey.c
@@ -56,14 +56,11 @@
  * [including the GNU Public Licence.]
  */
 
-#include "rc5.h"
+#include <openssl/rc5.h>
 #include "rc5_locl.h"
 
-void RC5_32_set_key(key,len,data,rounds)
-RC5_32_KEY *key;
-int len;
-unsigned char *data;
-int rounds;
+void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
+		    int rounds)
 	{
 	RC5_32_INT L[64],l,ll,A,B,*S,k;
 	int i,j,m,c,t,ii,jj;
diff --git a/crypto/rc5/rc5cfb64.c b/crypto/rc5/rc5cfb64.c
index fe245d0348..3a8b60bc7a 100644
--- a/crypto/rc5/rc5cfb64.c
+++ b/crypto/rc5/rc5cfb64.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-#include "rc5.h"
+#include <openssl/rc5.h>
 #include "rc5_locl.h"
 
 /* The input and output encrypted as though 64bit cfb mode is being
@@ -64,14 +64,9 @@
  * 64bit block we have used is contained in *num;
  */
 
-void RC5_32_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt)
-unsigned char *in;
-unsigned char *out;
-long length;
-RC5_32_KEY *schedule;
-unsigned char *ivec;
-int *num;
-int encrypt;
+void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+			  long length, RC5_32_KEY *schedule,
+			  unsigned char *ivec, int *num, int encrypt)
 	{
 	register unsigned long v0,v1,t;
 	register int n= *num;
diff --git a/crypto/rc5/rc5ofb64.c b/crypto/rc5/rc5ofb64.c
index aa43b6a820..d412215f3c 100644
--- a/crypto/rc5/rc5ofb64.c
+++ b/crypto/rc5/rc5ofb64.c
@@ -56,20 +56,16 @@
  * [including the GNU Public Licence.]
  */
 
-#include "rc5.h"
+#include <openssl/rc5.h>
 #include "rc5_locl.h"
 
 /* The input and output encrypted as though 64bit ofb mode is being
  * used.  The extra state information to record how much of the
  * 64bit block we have used is contained in *num;
  */
-void RC5_32_ofb64_encrypt(in, out, length, schedule, ivec, num)
-unsigned char *in;
-unsigned char *out;
-long length;
-RC5_32_KEY *schedule;
-unsigned char *ivec;
-int *num;
+void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+			  long length, RC5_32_KEY *schedule,
+			  unsigned char *ivec, int *num)
 	{
 	register unsigned long v0,v1,t;
 	register int n= *num;
diff --git a/crypto/rc5/rc5s.cpp b/crypto/rc5/rc5s.cpp
index b069601c22..1c5518bc80 100644
--- a/crypto/rc5/rc5s.cpp
+++ b/crypto/rc5/rc5s.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "rc5.h"
+#include <openssl/rc5.h>
 
 void main(int argc,char *argv[])
 	{
diff --git a/crypto/rc5/rc5speed.c b/crypto/rc5/rc5speed.c
index 29148dc494..7d490d5b77 100644
--- a/crypto/rc5/rc5speed.c
+++ b/crypto/rc5/rc5speed.c
@@ -59,19 +59,17 @@
 /* 11-Sep-92 Andrew Daviel   Support for Silicon Graphics IRIX added */
 /* 06-Apr-92 Luke Brennan    Support for VMS and add extra signal calls */
 
-#ifndef MSDOS
+#if !defined(OPENSSL_SYS_MSDOS) && (!defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX)
 #define TIMES
 #endif
 
 #include <stdio.h>
-#ifndef MSDOS
-#include <unistd.h>
-#else
-#include <io.h>
-extern int exit();
-#endif
+
+#include <openssl/e_os2.h>
+#include OPENSSL_UNISTD_IO
+OPENSSL_DECLARE_EXIT
+
 #include <signal.h>
-#ifndef VMS
 #ifndef _IRIX
 #include <time.h>
 #endif
@@ -79,15 +77,15 @@ extern int exit();
 #include <sys/types.h>
 #include <sys/times.h>
 #endif
-#else /* VMS */
-#include <types.h>
-struct tms {
-	time_t tms_utime;
-	time_t tms_stime;
-	time_t tms_uchild;	/* I dunno...  */
-	time_t tms_uchildsys;	/* so these names are a guess :-) */
-	}
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
 #endif
+
 #ifndef TIMES
 #include <sys/timeb.h>
 #endif
@@ -98,16 +96,12 @@ struct tms {
 #include <sys/param.h>
 #endif
 
-#include "rc5.h"
+#include <openssl/rc5.h>
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
 #ifndef CLK_TCK
-#ifndef VMS
-#define HZ	100.0
-#else /* VMS */
 #define HZ	100.0
-#endif
 #else /* CLK_TCK */
 #define HZ ((double)CLK_TCK)
 #endif
@@ -116,12 +110,7 @@ struct tms {
 #define BUFSIZE	((long)1024)
 long run=0;
 
-#ifndef NOPROTO
 double Time_F(int s);
-#else
-double Time_F();
-#endif
-
 #ifdef SIGALRM
 #if defined(__STDC__) || defined(sgi) || defined(_AIX)
 #define SIGRETTYPE void
@@ -129,14 +118,8 @@ double Time_F();
 #define SIGRETTYPE int
 #endif
 
-#ifndef NOPROTO
 SIGRETTYPE sig_done(int sig);
-#else
-SIGRETTYPE sig_done();
-#endif
-
-SIGRETTYPE sig_done(sig)
-int sig;
+SIGRETTYPE sig_done(int sig)
 	{
 	signal(SIGALRM,sig_done);
 	run=0;
@@ -149,8 +132,7 @@ int sig;
 #define START	0
 #define STOP	1
 
-double Time_F(s)
-int s;
+double Time_F(int s)
 	{
 	double ret;
 #ifdef TIMES
@@ -186,9 +168,7 @@ int s;
 #endif
 	}
 
-int main(argc,argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	long count;
 	static unsigned char buf[BUFSIZE];
@@ -203,7 +183,7 @@ char **argv;
 #endif
 
 #ifndef TIMES
-	printf("To get the most acurate results, try to run this\n");
+	printf("To get the most accurate results, try to run this\n");
 	printf("program when this computer is idle.\n");
 #endif
 
@@ -288,7 +268,7 @@ char **argv;
 	printf("RC5_32/12/16 raw ecb bytes per sec = %12.2f (%9.3fuS)\n",b,8.0e6/b);
 	printf("RC5_32/12/16 cbc     bytes per sec = %12.2f (%9.3fuS)\n",c,8.0e6/c);
 	exit(0);
-#if defined(LINT) || defined(MSDOS)
+#if defined(LINT) || defined(OPENSSL_SYS_MSDOS)
 	return(0);
 #endif
 	}
diff --git a/crypto/rc5/rc5test.c b/crypto/rc5/rc5test.c
index 14c321d7b8..ce3d0cc16f 100644
--- a/crypto/rc5/rc5test.c
+++ b/crypto/rc5/rc5test.c
@@ -62,9 +62,19 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "rc5.h"
 
-unsigned char RC5key[5][16]={
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_RC5
+int main(int argc, char *argv[])
+{
+    printf("No RC5 support\n");
+    return(0);
+}
+#else
+#include <openssl/rc5.h>
+
+static unsigned char RC5key[5][16]={
 	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
 	 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
 	{0x91,0x5f,0x46,0x19,0xbe,0x41,0xb2,0x51,
@@ -77,7 +87,7 @@ unsigned char RC5key[5][16]={
 	 0x24,0x97,0x57,0x4d,0x7f,0x15,0x31,0x25},
 	};
 
-unsigned char RC5plain[5][8]={
+static unsigned char RC5plain[5][8]={
 	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
 	{0x21,0xA5,0xDB,0xEE,0x15,0x4B,0x8F,0x6D},
 	{0xF7,0xC0,0x13,0xAC,0x5B,0x2B,0x89,0x52},
@@ -85,7 +95,7 @@ unsigned char RC5plain[5][8]={
 	{0x65,0xC1,0x78,0xB2,0x84,0xD1,0x97,0xCC},
 	};
 
-unsigned char RC5cipher[5][8]={
+static unsigned char RC5cipher[5][8]={
 	{0x21,0xA5,0xDB,0xEE,0x15,0x4B,0x8F,0x6D},
 	{0xF7,0xC0,0x13,0xAC,0x5B,0x2B,0x89,0x52},
 	{0x2F,0x42,0xB3,0xB7,0x03,0x69,0xFC,0x92},
@@ -94,7 +104,7 @@ unsigned char RC5cipher[5][8]={
 	};
 
 #define RC5_CBC_NUM 27
-unsigned char rc5_cbc_cipher[RC5_CBC_NUM][8]={
+static unsigned char rc5_cbc_cipher[RC5_CBC_NUM][8]={
 	{0x7a,0x7b,0xba,0x4d,0x79,0x11,0x1d,0x1e},
 	{0x79,0x7b,0xba,0x4d,0x78,0x11,0x1d,0x1e},
 	{0x7a,0x7b,0xba,0x4d,0x79,0x11,0x1d,0x1f},
@@ -124,7 +134,7 @@ unsigned char rc5_cbc_cipher[RC5_CBC_NUM][8]={
 	{0x7f,0xd1,0xa0,0x23,0xa5,0xbb,0xa2,0x17},
 	};
 
-unsigned char rc5_cbc_key[RC5_CBC_NUM][17]={
+static unsigned char rc5_cbc_key[RC5_CBC_NUM][17]={
 	{ 1,0x00},
 	{ 1,0x00},
 	{ 1,0x00},
@@ -157,7 +167,7 @@ unsigned char rc5_cbc_key[RC5_CBC_NUM][17]={
 	{ 5,0x01,0x02,0x03,0x04,0x05},
 	};
 
-unsigned char rc5_cbc_plain[RC5_CBC_NUM][8]={
+static unsigned char rc5_cbc_plain[RC5_CBC_NUM][8]={
 	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
 	{0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff},
 	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
@@ -187,14 +197,14 @@ unsigned char rc5_cbc_plain[RC5_CBC_NUM][8]={
 	{0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x01},
 	};
 
-int rc5_cbc_rounds[RC5_CBC_NUM]={
+static int rc5_cbc_rounds[RC5_CBC_NUM]={
 	 0, 0, 0, 0, 0, 1, 2, 2,
 	 8, 8,12,16, 8,12,16,12,
 	 8,12,16, 8,12,16,12, 8,
 	 8, 8, 8,
 	};
 
-unsigned char rc5_cbc_iv[RC5_CBC_NUM][8]={
+static unsigned char rc5_cbc_iv[RC5_CBC_NUM][8]={
 	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
 	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00},
 	{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01},
@@ -224,9 +234,7 @@ unsigned char rc5_cbc_iv[RC5_CBC_NUM][8]={
 	{0x7c,0xb3,0xf1,0xdf,0x34,0xf9,0x48,0x11},
 	};
 
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int i,n,err=0;
 	RC5_32_KEY key; 
@@ -312,13 +320,12 @@ char *argv[];
 		}
 	if (err == 0) printf("cbc RC5 ok\n");
 
-	exit(err);
+	EXIT(err);
 	return(err);
 	}
 
 #ifdef undef
-static int cfb64_test(cfb_cipher)
-unsigned char *cfb_cipher;
+static int cfb64_test(unsigned char *cfb_cipher)
         {
         IDEA_KEY_SCHEDULE eks,dks;
         int err=0,i,n;
@@ -356,8 +363,7 @@ unsigned char *cfb_cipher;
         return(err);
         }
 
-static char *pt(p)
-unsigned char *p;
+static char *pt(unsigned char *p)
 	{
 	static char bufs[10][20];
 	static int bnum=0;
@@ -377,3 +383,4 @@ unsigned char *p;
 	}
 	
 #endif
+#endif
diff --git a/crypto/ripemd/.cvsignore b/crypto/ripemd/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/ripemd/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/ripemd/Makefile.ssl b/crypto/ripemd/Makefile.ssl
index e865cdb5e7..6f1a9c59a2 100644
--- a/crypto/ripemd/Makefile.ssl
+++ b/crypto/ripemd/Makefile.ssl
@@ -8,9 +8,12 @@ CC=     cc
 CPP=    $(CC) -E
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=           make -f Makefile.ssl
-MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=       Makefile.ssl
 AR=             ar r
 
@@ -20,7 +23,7 @@ CFLAGS= $(INCLUDES) $(CFLAG)
 
 GENERAL=Makefile
 TEST=rmdtest.c
-APPS=rmd160.c
+APPS=
 
 LIB=$(TOP)/libcrypto.a
 LIBSRC=rmd_dgst.c rmd_one.c
@@ -40,12 +43,12 @@ all:    lib
 
 lib:    $(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 # elf
 asm/rm86-elf.o: asm/rm86unix.cpp
-	$(CPP) -DELF asm/rm86unix.cpp | as -o asm/rm86-elf.o
+	$(CPP) -DELF -x c asm/rm86unix.cpp | as -o asm/rm86-elf.o
 
 # solaris
 asm/rm86-sol.o: asm/rm86unix.cpp
@@ -61,24 +64,23 @@ asm/rm86-out.o: asm/rm86unix.cpp
 asm/rm86bsdi.o: asm/rm86unix.cpp
 	$(CPP) -DBSDI asm/rm86unix.cpp | sed 's/ :/:/' | as -o asm/rm86bsdi.o
 
-asm/rm86unix.cpp:
-	(cd asm; perl rmd-586.pl cpp >rm86unix.cpp)
+asm/rm86unix.cpp: asm/rmd-586.pl ../perlasm/x86asm.pl
+	(cd asm; $(PERL) rmd-586.pl cpp >rm86unix.cpp)
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -90,15 +92,22 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f asm/rm86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
+rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h
+rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rmd_one.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h
+rmd_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rmd_one.o: rmd_one.c
diff --git a/crypto/ripemd/Makefile.uni b/crypto/ripemd/Makefile.uni
deleted file mode 100644
index 54685712db..0000000000
--- a/crypto/ripemd/Makefile.uni
+++ /dev/null
@@ -1,109 +0,0 @@
-# Targets
-# make          - twidle the options yourself :-)
-# make cc       - standard cc options
-# make gcc      - standard gcc options
-# make x86-elf  - linux-elf etc
-# make x86-out  - linux-a.out, FreeBSD etc
-# make x86-solaris
-# make x86-bdsi
-
-DIR=    md5
-TOP=    .
-CC=     gcc
-CFLAG=	-O3 -fomit-frame-pointer
-
-CPP=    $(CC) -E
-INCLUDES=
-INSTALLTOP=/usr/local/lib
-MAKE=           make
-MAKEDEPEND=     makedepend
-MAKEFILE=       Makefile.uni
-AR=             ar r
-
-MD5_ASM_OBJ=
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=md5test
-APPS=md5
-
-LIB=libmd5.a
-LIBSRC=md5_dgst.c md5_one.c
-LIBOBJ=md5_dgst.o md5_one.o $(MD5_ASM_OBJ)
-
-SRC= $(LIBSRC)
-
-EXHEADER= md5.h
-HEADER= md5_locl.h $(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-all:    $(LIB) $(TEST) $(APPS)
-
-$(LIB):    $(LIBOBJ)
-	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/ranlib.sh $(LIB)
-
-# elf
-asm/mx86-elf.o: asm/mx86unix.cpp
-	$(CPP) -DELF asm/mx86unix.cpp | as -o asm/mx86-elf.o
-
-# solaris
-asm/mx86-sol.o: asm/mx86unix.cpp
-	$(CC) -E -DSOL asm/mx86unix.cpp | sed 's/^#.*//' > asm/mx86-sol.s
-	as -o asm/mx86-sol.o asm/mx86-sol.s
-	rm -f asm/mx86-sol.s
-
-# a.out
-asm/mx86-out.o: asm/mx86unix.cpp
-	$(CPP) -DOUT asm/mx86unix.cpp | as -o asm/mx86-out.o
-
-# bsdi
-asm/mx86bsdi.o: asm/mx86unix.cpp
-	$(CPP) -DBSDI asm/mx86unix.cpp | as -o asm/mx86bsdi.o
-
-asm/mx86unix.cpp:
-	(cd asm; perl md5-586.pl cpp >mx86unix.cpp)
-
-test:	$(TEST)
-	./$(TEST)
-
-$(TEST): $(TEST).c $(LIB)
-	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
-
-$(APPS): $(APPS).c $(LIB)
-	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
-
-dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-cc:
-	$(MAKE) MD5_ASM_OBJ="" CC="cc" CFLAG="-O" all
-
-gcc:
-	$(MAKE) MD5_ASM_OBJ="" CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
-
-x86-elf:
-	$(MAKE) MD5_ASM_OBJ="asm/mx86-elf.o" CFLAG="-DELF -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
-
-x86-out:
-	$(MAKE) MD5_ASM_OBJ="asm/mx86-out.o" CFLAG="-DOUT -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
-
-x86-solaris:
-	$(MAKE) MD5_ASM_OBJ="asm/mx86-sol.o" CFLAG="-DSOL -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
-
-x86-bdsi:
-	$(MAKE) MD5_ASM_OBJ="asm/mx86-bdsi.o" CFLAG="-DBDSI -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/ripemd/asm/.cvsignore b/crypto/ripemd/asm/.cvsignore
new file mode 100644
index 0000000000..64d70dbf32
--- /dev/null
+++ b/crypto/ripemd/asm/.cvsignore
@@ -0,0 +1 @@
+rm86unix.cpp
diff --git a/crypto/ripemd/asm/rips.cpp b/crypto/ripemd/asm/rips.cpp
index 78a933c448..f7a13677a9 100644
--- a/crypto/ripemd/asm/rips.cpp
+++ b/crypto/ripemd/asm/rips.cpp
@@ -32,7 +32,9 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "ripemd.h"
+#include <openssl/ripemd.h>
+
+#define ripemd160_block_x86 ripemd160_block_asm_host_order
 
 extern "C" {
 void ripemd160_block_x86(RIPEMD160_CTX *ctx, unsigned char *buffer,int num);
@@ -55,8 +57,10 @@ void main(int argc,char *argv[])
 	if (num == 0) num=16;
 	if (num > 250) num=16;
 	numm=num+2;
+#if 0
 	num*=64;
 	numm*=64;
+#endif
 
 	for (j=0; j<6; j++)
 		{
@@ -71,7 +75,7 @@ void main(int argc,char *argv[])
 			GetTSC(e2);
 			ripemd160_block_x86(&ctx,buffer,num);
 			}
-		printf("ripemd160 (%d bytes) %d %d (%.2f)\n",num,
+		printf("ripemd160 (%d bytes) %d %d (%.2f)\n",num*64,
 			e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
 		}
 	}
diff --git a/crypto/ripemd/asm/rm-win32.asm b/crypto/ripemd/asm/rm-win32.asm
deleted file mode 100644
index bd38791c13..0000000000
--- a/crypto/ripemd/asm/rm-win32.asm
+++ /dev/null
@@ -1,1972 +0,0 @@
-	; Don't even think of reading this code
-	; It was automatically generated by rmd-586.pl
-	; Which is a perl program used to generate the x86 assember for
-	; any of elf, a.out, BSDI,Win32, or Solaris
-	; eric <eay@cryptsoft.com>
-	; 
-	TITLE	rmd-586.asm
-        .386
-.model FLAT
-_TEXT	SEGMENT
-PUBLIC	_ripemd160_block_x86
-
-_ripemd160_block_x86 PROC NEAR
-	push	esi
-	mov	ecx,		DWORD PTR 16[esp]
-	push	edi
-	mov	esi,		DWORD PTR 16[esp]
-	push	ebp
-	add	ecx,		esi
-	push	ebx
-	sub	ecx,		64
-	sub	esp,		88
-	mov	DWORD PTR [esp],ecx
-	mov	edi,		DWORD PTR 108[esp]
-L000start:
-	; 
-	mov	eax,		DWORD PTR [esi]
-	mov	ebx,		DWORD PTR 4[esi]
-	mov	DWORD PTR 4[esp],eax
-	mov	DWORD PTR 8[esp],ebx
-	mov	eax,		DWORD PTR 8[esi]
-	mov	ebx,		DWORD PTR 12[esi]
-	mov	DWORD PTR 12[esp],eax
-	mov	DWORD PTR 16[esp],ebx
-	mov	eax,		DWORD PTR 16[esi]
-	mov	ebx,		DWORD PTR 20[esi]
-	mov	DWORD PTR 20[esp],eax
-	mov	DWORD PTR 24[esp],ebx
-	mov	eax,		DWORD PTR 24[esi]
-	mov	ebx,		DWORD PTR 28[esi]
-	mov	DWORD PTR 28[esp],eax
-	mov	DWORD PTR 32[esp],ebx
-	mov	eax,		DWORD PTR 32[esi]
-	mov	ebx,		DWORD PTR 36[esi]
-	mov	DWORD PTR 36[esp],eax
-	mov	DWORD PTR 40[esp],ebx
-	mov	eax,		DWORD PTR 40[esi]
-	mov	ebx,		DWORD PTR 44[esi]
-	mov	DWORD PTR 44[esp],eax
-	mov	DWORD PTR 48[esp],ebx
-	mov	eax,		DWORD PTR 48[esi]
-	mov	ebx,		DWORD PTR 52[esi]
-	mov	DWORD PTR 52[esp],eax
-	mov	DWORD PTR 56[esp],ebx
-	mov	eax,		DWORD PTR 56[esi]
-	mov	ebx,		DWORD PTR 60[esi]
-	mov	DWORD PTR 60[esp],eax
-	mov	DWORD PTR 64[esp],ebx
-	add	esi,		64
-	mov	eax,		DWORD PTR [edi]
-	mov	DWORD PTR 112[esp],esi
-	mov	ebx,		DWORD PTR 4[edi]
-	mov	ecx,		DWORD PTR 8[edi]
-	mov	edx,		DWORD PTR 12[edi]
-	mov	ebp,		DWORD PTR 16[edi]
-	; 0
-	mov	esi,		ecx
-	xor	esi,		edx
-	mov	edi,		DWORD PTR 4[esp]
-	xor	esi,		ebx
-	add	eax,		edi
-	rol	ecx,		10
-	add	eax,		esi
-	mov	esi,		ebx
-	rol	eax,		11
-	add	eax,		ebp
-	; 1
-	xor	esi,		ecx
-	mov	edi,		DWORD PTR 8[esp]
-	xor	esi,		eax
-	add	ebp,		esi
-	mov	esi,		eax
-	rol	ebx,		10
-	add	ebp,		edi
-	xor	esi,		ebx
-	rol	ebp,		14
-	add	ebp,		edx
-	; 2
-	mov	edi,		DWORD PTR 12[esp]
-	xor	esi,		ebp
-	add	edx,		edi
-	rol	eax,		10
-	add	edx,		esi
-	mov	esi,		ebp
-	rol	edx,		15
-	add	edx,		ecx
-	; 3
-	xor	esi,		eax
-	mov	edi,		DWORD PTR 16[esp]
-	xor	esi,		edx
-	add	ecx,		esi
-	mov	esi,		edx
-	rol	ebp,		10
-	add	ecx,		edi
-	xor	esi,		ebp
-	rol	ecx,		12
-	add	ecx,		ebx
-	; 4
-	mov	edi,		DWORD PTR 20[esp]
-	xor	esi,		ecx
-	add	ebx,		edi
-	rol	edx,		10
-	add	ebx,		esi
-	mov	esi,		ecx
-	rol	ebx,		5
-	add	ebx,		eax
-	; 5
-	xor	esi,		edx
-	mov	edi,		DWORD PTR 24[esp]
-	xor	esi,		ebx
-	add	eax,		esi
-	mov	esi,		ebx
-	rol	ecx,		10
-	add	eax,		edi
-	xor	esi,		ecx
-	rol	eax,		8
-	add	eax,		ebp
-	; 6
-	mov	edi,		DWORD PTR 28[esp]
-	xor	esi,		eax
-	add	ebp,		edi
-	rol	ebx,		10
-	add	ebp,		esi
-	mov	esi,		eax
-	rol	ebp,		7
-	add	ebp,		edx
-	; 7
-	xor	esi,		ebx
-	mov	edi,		DWORD PTR 32[esp]
-	xor	esi,		ebp
-	add	edx,		esi
-	mov	esi,		ebp
-	rol	eax,		10
-	add	edx,		edi
-	xor	esi,		eax
-	rol	edx,		9
-	add	edx,		ecx
-	; 8
-	mov	edi,		DWORD PTR 36[esp]
-	xor	esi,		edx
-	add	ecx,		edi
-	rol	ebp,		10
-	add	ecx,		esi
-	mov	esi,		edx
-	rol	ecx,		11
-	add	ecx,		ebx
-	; 9
-	xor	esi,		ebp
-	mov	edi,		DWORD PTR 40[esp]
-	xor	esi,		ecx
-	add	ebx,		esi
-	mov	esi,		ecx
-	rol	edx,		10
-	add	ebx,		edi
-	xor	esi,		edx
-	rol	ebx,		13
-	add	ebx,		eax
-	; 10
-	mov	edi,		DWORD PTR 44[esp]
-	xor	esi,		ebx
-	add	eax,		edi
-	rol	ecx,		10
-	add	eax,		esi
-	mov	esi,		ebx
-	rol	eax,		14
-	add	eax,		ebp
-	; 11
-	xor	esi,		ecx
-	mov	edi,		DWORD PTR 48[esp]
-	xor	esi,		eax
-	add	ebp,		esi
-	mov	esi,		eax
-	rol	ebx,		10
-	add	ebp,		edi
-	xor	esi,		ebx
-	rol	ebp,		15
-	add	ebp,		edx
-	; 12
-	mov	edi,		DWORD PTR 52[esp]
-	xor	esi,		ebp
-	add	edx,		edi
-	rol	eax,		10
-	add	edx,		esi
-	mov	esi,		ebp
-	rol	edx,		6
-	add	edx,		ecx
-	; 13
-	xor	esi,		eax
-	mov	edi,		DWORD PTR 56[esp]
-	xor	esi,		edx
-	add	ecx,		esi
-	mov	esi,		edx
-	rol	ebp,		10
-	add	ecx,		edi
-	xor	esi,		ebp
-	rol	ecx,		7
-	add	ecx,		ebx
-	; 14
-	mov	edi,		DWORD PTR 60[esp]
-	xor	esi,		ecx
-	add	ebx,		edi
-	rol	edx,		10
-	add	ebx,		esi
-	mov	esi,		ecx
-	rol	ebx,		9
-	add	ebx,		eax
-	; 15
-	xor	esi,		edx
-	mov	edi,		DWORD PTR 64[esp]
-	xor	esi,		ebx
-	add	eax,		esi
-	mov	esi,		-1
-	rol	ecx,		10
-	add	eax,		edi
-	mov	edi,		DWORD PTR 32[esp]
-	rol	eax,		8
-	add	eax,		ebp
-	; 16
-	add	ebp,		edi
-	mov	edi,		ebx
-	sub	esi,		eax
-	and	edi,		eax
-	and	esi,		ecx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 20[esp]
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 1518500249[edi*1+ebp]
-	mov	edi,		-1
-	rol	ebp,		7
-	add	ebp,		edx
-	; 17
-	add	edx,		esi
-	mov	esi,		eax
-	sub	edi,		ebp
-	and	esi,		ebp
-	and	edi,		ebx
-	or	esi,		edi
-	mov	edi,		DWORD PTR 56[esp]
-	rol	eax,		10
-	lea	edx,		DWORD PTR 1518500249[esi*1+edx]
-	mov	esi,		-1
-	rol	edx,		6
-	add	edx,		ecx
-	; 18
-	add	ecx,		edi
-	mov	edi,		ebp
-	sub	esi,		edx
-	and	edi,		edx
-	and	esi,		eax
-	or	edi,		esi
-	mov	esi,		DWORD PTR 8[esp]
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 1518500249[edi*1+ecx]
-	mov	edi,		-1
-	rol	ecx,		8
-	add	ecx,		ebx
-	; 19
-	add	ebx,		esi
-	mov	esi,		edx
-	sub	edi,		ecx
-	and	esi,		ecx
-	and	edi,		ebp
-	or	esi,		edi
-	mov	edi,		DWORD PTR 44[esp]
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 1518500249[esi*1+ebx]
-	mov	esi,		-1
-	rol	ebx,		13
-	add	ebx,		eax
-	; 20
-	add	eax,		edi
-	mov	edi,		ecx
-	sub	esi,		ebx
-	and	edi,		ebx
-	and	esi,		edx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 28[esp]
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 1518500249[edi*1+eax]
-	mov	edi,		-1
-	rol	eax,		11
-	add	eax,		ebp
-	; 21
-	add	ebp,		esi
-	mov	esi,		ebx
-	sub	edi,		eax
-	and	esi,		eax
-	and	edi,		ecx
-	or	esi,		edi
-	mov	edi,		DWORD PTR 64[esp]
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 1518500249[esi*1+ebp]
-	mov	esi,		-1
-	rol	ebp,		9
-	add	ebp,		edx
-	; 22
-	add	edx,		edi
-	mov	edi,		eax
-	sub	esi,		ebp
-	and	edi,		ebp
-	and	esi,		ebx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 16[esp]
-	rol	eax,		10
-	lea	edx,		DWORD PTR 1518500249[edi*1+edx]
-	mov	edi,		-1
-	rol	edx,		7
-	add	edx,		ecx
-	; 23
-	add	ecx,		esi
-	mov	esi,		ebp
-	sub	edi,		edx
-	and	esi,		edx
-	and	edi,		eax
-	or	esi,		edi
-	mov	edi,		DWORD PTR 52[esp]
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 1518500249[esi*1+ecx]
-	mov	esi,		-1
-	rol	ecx,		15
-	add	ecx,		ebx
-	; 24
-	add	ebx,		edi
-	mov	edi,		edx
-	sub	esi,		ecx
-	and	edi,		ecx
-	and	esi,		ebp
-	or	edi,		esi
-	mov	esi,		DWORD PTR 4[esp]
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 1518500249[edi*1+ebx]
-	mov	edi,		-1
-	rol	ebx,		7
-	add	ebx,		eax
-	; 25
-	add	eax,		esi
-	mov	esi,		ecx
-	sub	edi,		ebx
-	and	esi,		ebx
-	and	edi,		edx
-	or	esi,		edi
-	mov	edi,		DWORD PTR 40[esp]
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 1518500249[esi*1+eax]
-	mov	esi,		-1
-	rol	eax,		12
-	add	eax,		ebp
-	; 26
-	add	ebp,		edi
-	mov	edi,		ebx
-	sub	esi,		eax
-	and	edi,		eax
-	and	esi,		ecx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 24[esp]
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 1518500249[edi*1+ebp]
-	mov	edi,		-1
-	rol	ebp,		15
-	add	ebp,		edx
-	; 27
-	add	edx,		esi
-	mov	esi,		eax
-	sub	edi,		ebp
-	and	esi,		ebp
-	and	edi,		ebx
-	or	esi,		edi
-	mov	edi,		DWORD PTR 12[esp]
-	rol	eax,		10
-	lea	edx,		DWORD PTR 1518500249[esi*1+edx]
-	mov	esi,		-1
-	rol	edx,		9
-	add	edx,		ecx
-	; 28
-	add	ecx,		edi
-	mov	edi,		ebp
-	sub	esi,		edx
-	and	edi,		edx
-	and	esi,		eax
-	or	edi,		esi
-	mov	esi,		DWORD PTR 60[esp]
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 1518500249[edi*1+ecx]
-	mov	edi,		-1
-	rol	ecx,		11
-	add	ecx,		ebx
-	; 29
-	add	ebx,		esi
-	mov	esi,		edx
-	sub	edi,		ecx
-	and	esi,		ecx
-	and	edi,		ebp
-	or	esi,		edi
-	mov	edi,		DWORD PTR 48[esp]
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 1518500249[esi*1+ebx]
-	mov	esi,		-1
-	rol	ebx,		7
-	add	ebx,		eax
-	; 30
-	add	eax,		edi
-	mov	edi,		ecx
-	sub	esi,		ebx
-	and	edi,		ebx
-	and	esi,		edx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 36[esp]
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 1518500249[edi*1+eax]
-	mov	edi,		-1
-	rol	eax,		13
-	add	eax,		ebp
-	; 31
-	add	ebp,		esi
-	mov	esi,		ebx
-	sub	edi,		eax
-	and	esi,		eax
-	and	edi,		ecx
-	or	esi,		edi
-	mov	edi,		-1
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 1518500249[esi*1+ebp]
-	sub	edi,		eax
-	rol	ebp,		12
-	add	ebp,		edx
-	; 32
-	mov	esi,		DWORD PTR 16[esp]
-	or	edi,		ebp
-	add	edx,		esi
-	xor	edi,		ebx
-	mov	esi,		-1
-	rol	eax,		10
-	lea	edx,		DWORD PTR 1859775393[edi*1+edx]
-	sub	esi,		ebp
-	rol	edx,		11
-	add	edx,		ecx
-	; 33
-	mov	edi,		DWORD PTR 44[esp]
-	or	esi,		edx
-	add	ecx,		edi
-	xor	esi,		eax
-	mov	edi,		-1
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 1859775393[esi*1+ecx]
-	sub	edi,		edx
-	rol	ecx,		13
-	add	ecx,		ebx
-	; 34
-	mov	esi,		DWORD PTR 60[esp]
-	or	edi,		ecx
-	add	ebx,		esi
-	xor	edi,		ebp
-	mov	esi,		-1
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 1859775393[edi*1+ebx]
-	sub	esi,		ecx
-	rol	ebx,		6
-	add	ebx,		eax
-	; 35
-	mov	edi,		DWORD PTR 20[esp]
-	or	esi,		ebx
-	add	eax,		edi
-	xor	esi,		edx
-	mov	edi,		-1
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 1859775393[esi*1+eax]
-	sub	edi,		ebx
-	rol	eax,		7
-	add	eax,		ebp
-	; 36
-	mov	esi,		DWORD PTR 40[esp]
-	or	edi,		eax
-	add	ebp,		esi
-	xor	edi,		ecx
-	mov	esi,		-1
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 1859775393[edi*1+ebp]
-	sub	esi,		eax
-	rol	ebp,		14
-	add	ebp,		edx
-	; 37
-	mov	edi,		DWORD PTR 64[esp]
-	or	esi,		ebp
-	add	edx,		edi
-	xor	esi,		ebx
-	mov	edi,		-1
-	rol	eax,		10
-	lea	edx,		DWORD PTR 1859775393[esi*1+edx]
-	sub	edi,		ebp
-	rol	edx,		9
-	add	edx,		ecx
-	; 38
-	mov	esi,		DWORD PTR 36[esp]
-	or	edi,		edx
-	add	ecx,		esi
-	xor	edi,		eax
-	mov	esi,		-1
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 1859775393[edi*1+ecx]
-	sub	esi,		edx
-	rol	ecx,		13
-	add	ecx,		ebx
-	; 39
-	mov	edi,		DWORD PTR 8[esp]
-	or	esi,		ecx
-	add	ebx,		edi
-	xor	esi,		ebp
-	mov	edi,		-1
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 1859775393[esi*1+ebx]
-	sub	edi,		ecx
-	rol	ebx,		15
-	add	ebx,		eax
-	; 40
-	mov	esi,		DWORD PTR 12[esp]
-	or	edi,		ebx
-	add	eax,		esi
-	xor	edi,		edx
-	mov	esi,		-1
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 1859775393[edi*1+eax]
-	sub	esi,		ebx
-	rol	eax,		14
-	add	eax,		ebp
-	; 41
-	mov	edi,		DWORD PTR 32[esp]
-	or	esi,		eax
-	add	ebp,		edi
-	xor	esi,		ecx
-	mov	edi,		-1
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 1859775393[esi*1+ebp]
-	sub	edi,		eax
-	rol	ebp,		8
-	add	ebp,		edx
-	; 42
-	mov	esi,		DWORD PTR 4[esp]
-	or	edi,		ebp
-	add	edx,		esi
-	xor	edi,		ebx
-	mov	esi,		-1
-	rol	eax,		10
-	lea	edx,		DWORD PTR 1859775393[edi*1+edx]
-	sub	esi,		ebp
-	rol	edx,		13
-	add	edx,		ecx
-	; 43
-	mov	edi,		DWORD PTR 28[esp]
-	or	esi,		edx
-	add	ecx,		edi
-	xor	esi,		eax
-	mov	edi,		-1
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 1859775393[esi*1+ecx]
-	sub	edi,		edx
-	rol	ecx,		6
-	add	ecx,		ebx
-	; 44
-	mov	esi,		DWORD PTR 56[esp]
-	or	edi,		ecx
-	add	ebx,		esi
-	xor	edi,		ebp
-	mov	esi,		-1
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 1859775393[edi*1+ebx]
-	sub	esi,		ecx
-	rol	ebx,		5
-	add	ebx,		eax
-	; 45
-	mov	edi,		DWORD PTR 48[esp]
-	or	esi,		ebx
-	add	eax,		edi
-	xor	esi,		edx
-	mov	edi,		-1
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 1859775393[esi*1+eax]
-	sub	edi,		ebx
-	rol	eax,		12
-	add	eax,		ebp
-	; 46
-	mov	esi,		DWORD PTR 24[esp]
-	or	edi,		eax
-	add	ebp,		esi
-	xor	edi,		ecx
-	mov	esi,		-1
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 1859775393[edi*1+ebp]
-	sub	esi,		eax
-	rol	ebp,		7
-	add	ebp,		edx
-	; 47
-	mov	edi,		DWORD PTR 52[esp]
-	or	esi,		ebp
-	add	edx,		edi
-	xor	esi,		ebx
-	mov	edi,		-1
-	rol	eax,		10
-	lea	edx,		DWORD PTR 1859775393[esi*1+edx]
-	mov	esi,		eax
-	rol	edx,		5
-	add	edx,		ecx
-	; 48
-	sub	edi,		eax
-	and	esi,		edx
-	and	edi,		ebp
-	or	edi,		esi
-	mov	esi,		DWORD PTR 8[esp]
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 2400959708[edi+ecx]
-	mov	edi,		-1
-	add	ecx,		esi
-	mov	esi,		ebp
-	rol	ecx,		11
-	add	ecx,		ebx
-	; 49
-	sub	edi,		ebp
-	and	esi,		ecx
-	and	edi,		edx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 40[esp]
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 2400959708[edi+ebx]
-	mov	edi,		-1
-	add	ebx,		esi
-	mov	esi,		edx
-	rol	ebx,		12
-	add	ebx,		eax
-	; 50
-	sub	edi,		edx
-	and	esi,		ebx
-	and	edi,		ecx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 48[esp]
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 2400959708[edi+eax]
-	mov	edi,		-1
-	add	eax,		esi
-	mov	esi,		ecx
-	rol	eax,		14
-	add	eax,		ebp
-	; 51
-	sub	edi,		ecx
-	and	esi,		eax
-	and	edi,		ebx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 44[esp]
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 2400959708[edi+ebp]
-	mov	edi,		-1
-	add	ebp,		esi
-	mov	esi,		ebx
-	rol	ebp,		15
-	add	ebp,		edx
-	; 52
-	sub	edi,		ebx
-	and	esi,		ebp
-	and	edi,		eax
-	or	edi,		esi
-	mov	esi,		DWORD PTR 4[esp]
-	rol	eax,		10
-	lea	edx,		DWORD PTR 2400959708[edi+edx]
-	mov	edi,		-1
-	add	edx,		esi
-	mov	esi,		eax
-	rol	edx,		14
-	add	edx,		ecx
-	; 53
-	sub	edi,		eax
-	and	esi,		edx
-	and	edi,		ebp
-	or	edi,		esi
-	mov	esi,		DWORD PTR 36[esp]
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 2400959708[edi+ecx]
-	mov	edi,		-1
-	add	ecx,		esi
-	mov	esi,		ebp
-	rol	ecx,		15
-	add	ecx,		ebx
-	; 54
-	sub	edi,		ebp
-	and	esi,		ecx
-	and	edi,		edx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 52[esp]
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 2400959708[edi+ebx]
-	mov	edi,		-1
-	add	ebx,		esi
-	mov	esi,		edx
-	rol	ebx,		9
-	add	ebx,		eax
-	; 55
-	sub	edi,		edx
-	and	esi,		ebx
-	and	edi,		ecx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 20[esp]
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 2400959708[edi+eax]
-	mov	edi,		-1
-	add	eax,		esi
-	mov	esi,		ecx
-	rol	eax,		8
-	add	eax,		ebp
-	; 56
-	sub	edi,		ecx
-	and	esi,		eax
-	and	edi,		ebx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 56[esp]
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 2400959708[edi+ebp]
-	mov	edi,		-1
-	add	ebp,		esi
-	mov	esi,		ebx
-	rol	ebp,		9
-	add	ebp,		edx
-	; 57
-	sub	edi,		ebx
-	and	esi,		ebp
-	and	edi,		eax
-	or	edi,		esi
-	mov	esi,		DWORD PTR 16[esp]
-	rol	eax,		10
-	lea	edx,		DWORD PTR 2400959708[edi+edx]
-	mov	edi,		-1
-	add	edx,		esi
-	mov	esi,		eax
-	rol	edx,		14
-	add	edx,		ecx
-	; 58
-	sub	edi,		eax
-	and	esi,		edx
-	and	edi,		ebp
-	or	edi,		esi
-	mov	esi,		DWORD PTR 32[esp]
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 2400959708[edi+ecx]
-	mov	edi,		-1
-	add	ecx,		esi
-	mov	esi,		ebp
-	rol	ecx,		5
-	add	ecx,		ebx
-	; 59
-	sub	edi,		ebp
-	and	esi,		ecx
-	and	edi,		edx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 64[esp]
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 2400959708[edi+ebx]
-	mov	edi,		-1
-	add	ebx,		esi
-	mov	esi,		edx
-	rol	ebx,		6
-	add	ebx,		eax
-	; 60
-	sub	edi,		edx
-	and	esi,		ebx
-	and	edi,		ecx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 60[esp]
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 2400959708[edi+eax]
-	mov	edi,		-1
-	add	eax,		esi
-	mov	esi,		ecx
-	rol	eax,		8
-	add	eax,		ebp
-	; 61
-	sub	edi,		ecx
-	and	esi,		eax
-	and	edi,		ebx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 24[esp]
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 2400959708[edi+ebp]
-	mov	edi,		-1
-	add	ebp,		esi
-	mov	esi,		ebx
-	rol	ebp,		6
-	add	ebp,		edx
-	; 62
-	sub	edi,		ebx
-	and	esi,		ebp
-	and	edi,		eax
-	or	edi,		esi
-	mov	esi,		DWORD PTR 28[esp]
-	rol	eax,		10
-	lea	edx,		DWORD PTR 2400959708[edi+edx]
-	mov	edi,		-1
-	add	edx,		esi
-	mov	esi,		eax
-	rol	edx,		5
-	add	edx,		ecx
-	; 63
-	sub	edi,		eax
-	and	esi,		edx
-	and	edi,		ebp
-	or	edi,		esi
-	mov	esi,		DWORD PTR 12[esp]
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 2400959708[edi+ecx]
-	mov	edi,		-1
-	add	ecx,		esi
-	sub	edi,		ebp
-	rol	ecx,		12
-	add	ecx,		ebx
-	; 64
-	mov	esi,		DWORD PTR 20[esp]
-	or	edi,		edx
-	add	ebx,		esi
-	xor	edi,		ecx
-	mov	esi,		-1
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 2840853838[edi*1+ebx]
-	sub	esi,		edx
-	rol	ebx,		9
-	add	ebx,		eax
-	; 65
-	mov	edi,		DWORD PTR 4[esp]
-	or	esi,		ecx
-	add	eax,		edi
-	xor	esi,		ebx
-	mov	edi,		-1
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 2840853838[esi*1+eax]
-	sub	edi,		ecx
-	rol	eax,		15
-	add	eax,		ebp
-	; 66
-	mov	esi,		DWORD PTR 24[esp]
-	or	edi,		ebx
-	add	ebp,		esi
-	xor	edi,		eax
-	mov	esi,		-1
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 2840853838[edi*1+ebp]
-	sub	esi,		ebx
-	rol	ebp,		5
-	add	ebp,		edx
-	; 67
-	mov	edi,		DWORD PTR 40[esp]
-	or	esi,		eax
-	add	edx,		edi
-	xor	esi,		ebp
-	mov	edi,		-1
-	rol	eax,		10
-	lea	edx,		DWORD PTR 2840853838[esi*1+edx]
-	sub	edi,		eax
-	rol	edx,		11
-	add	edx,		ecx
-	; 68
-	mov	esi,		DWORD PTR 32[esp]
-	or	edi,		ebp
-	add	ecx,		esi
-	xor	edi,		edx
-	mov	esi,		-1
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 2840853838[edi*1+ecx]
-	sub	esi,		ebp
-	rol	ecx,		6
-	add	ecx,		ebx
-	; 69
-	mov	edi,		DWORD PTR 52[esp]
-	or	esi,		edx
-	add	ebx,		edi
-	xor	esi,		ecx
-	mov	edi,		-1
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 2840853838[esi*1+ebx]
-	sub	edi,		edx
-	rol	ebx,		8
-	add	ebx,		eax
-	; 70
-	mov	esi,		DWORD PTR 12[esp]
-	or	edi,		ecx
-	add	eax,		esi
-	xor	edi,		ebx
-	mov	esi,		-1
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 2840853838[edi*1+eax]
-	sub	esi,		ecx
-	rol	eax,		13
-	add	eax,		ebp
-	; 71
-	mov	edi,		DWORD PTR 44[esp]
-	or	esi,		ebx
-	add	ebp,		edi
-	xor	esi,		eax
-	mov	edi,		-1
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 2840853838[esi*1+ebp]
-	sub	edi,		ebx
-	rol	ebp,		12
-	add	ebp,		edx
-	; 72
-	mov	esi,		DWORD PTR 60[esp]
-	or	edi,		eax
-	add	edx,		esi
-	xor	edi,		ebp
-	mov	esi,		-1
-	rol	eax,		10
-	lea	edx,		DWORD PTR 2840853838[edi*1+edx]
-	sub	esi,		eax
-	rol	edx,		5
-	add	edx,		ecx
-	; 73
-	mov	edi,		DWORD PTR 8[esp]
-	or	esi,		ebp
-	add	ecx,		edi
-	xor	esi,		edx
-	mov	edi,		-1
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 2840853838[esi*1+ecx]
-	sub	edi,		ebp
-	rol	ecx,		12
-	add	ecx,		ebx
-	; 74
-	mov	esi,		DWORD PTR 16[esp]
-	or	edi,		edx
-	add	ebx,		esi
-	xor	edi,		ecx
-	mov	esi,		-1
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 2840853838[edi*1+ebx]
-	sub	esi,		edx
-	rol	ebx,		13
-	add	ebx,		eax
-	; 75
-	mov	edi,		DWORD PTR 36[esp]
-	or	esi,		ecx
-	add	eax,		edi
-	xor	esi,		ebx
-	mov	edi,		-1
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 2840853838[esi*1+eax]
-	sub	edi,		ecx
-	rol	eax,		14
-	add	eax,		ebp
-	; 76
-	mov	esi,		DWORD PTR 48[esp]
-	or	edi,		ebx
-	add	ebp,		esi
-	xor	edi,		eax
-	mov	esi,		-1
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 2840853838[edi*1+ebp]
-	sub	esi,		ebx
-	rol	ebp,		11
-	add	ebp,		edx
-	; 77
-	mov	edi,		DWORD PTR 28[esp]
-	or	esi,		eax
-	add	edx,		edi
-	xor	esi,		ebp
-	mov	edi,		-1
-	rol	eax,		10
-	lea	edx,		DWORD PTR 2840853838[esi*1+edx]
-	sub	edi,		eax
-	rol	edx,		8
-	add	edx,		ecx
-	; 78
-	mov	esi,		DWORD PTR 64[esp]
-	or	edi,		ebp
-	add	ecx,		esi
-	xor	edi,		edx
-	mov	esi,		-1
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 2840853838[edi*1+ecx]
-	sub	esi,		ebp
-	rol	ecx,		5
-	add	ecx,		ebx
-	; 79
-	mov	edi,		DWORD PTR 56[esp]
-	or	esi,		edx
-	add	ebx,		edi
-	xor	esi,		ecx
-	mov	edi,		DWORD PTR 108[esp]
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 2840853838[esi*1+ebx]
-	mov	DWORD PTR 68[esp],eax
-	rol	ebx,		6
-	add	ebx,		eax
-	mov	eax,		DWORD PTR [edi]
-	mov	DWORD PTR 72[esp],ebx
-	mov	DWORD PTR 76[esp],ecx
-	mov	ebx,		DWORD PTR 4[edi]
-	mov	DWORD PTR 80[esp],edx
-	mov	ecx,		DWORD PTR 8[edi]
-	mov	DWORD PTR 84[esp],ebp
-	mov	edx,		DWORD PTR 12[edi]
-	mov	ebp,		DWORD PTR 16[edi]
-	; 80
-	mov	edi,		-1
-	sub	edi,		edx
-	mov	esi,		DWORD PTR 24[esp]
-	or	edi,		ecx
-	add	eax,		esi
-	xor	edi,		ebx
-	mov	esi,		-1
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 1352829926[edi*1+eax]
-	sub	esi,		ecx
-	rol	eax,		8
-	add	eax,		ebp
-	; 81
-	mov	edi,		DWORD PTR 60[esp]
-	or	esi,		ebx
-	add	ebp,		edi
-	xor	esi,		eax
-	mov	edi,		-1
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 1352829926[esi*1+ebp]
-	sub	edi,		ebx
-	rol	ebp,		9
-	add	ebp,		edx
-	; 82
-	mov	esi,		DWORD PTR 32[esp]
-	or	edi,		eax
-	add	edx,		esi
-	xor	edi,		ebp
-	mov	esi,		-1
-	rol	eax,		10
-	lea	edx,		DWORD PTR 1352829926[edi*1+edx]
-	sub	esi,		eax
-	rol	edx,		9
-	add	edx,		ecx
-	; 83
-	mov	edi,		DWORD PTR 4[esp]
-	or	esi,		ebp
-	add	ecx,		edi
-	xor	esi,		edx
-	mov	edi,		-1
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 1352829926[esi*1+ecx]
-	sub	edi,		ebp
-	rol	ecx,		11
-	add	ecx,		ebx
-	; 84
-	mov	esi,		DWORD PTR 40[esp]
-	or	edi,		edx
-	add	ebx,		esi
-	xor	edi,		ecx
-	mov	esi,		-1
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 1352829926[edi*1+ebx]
-	sub	esi,		edx
-	rol	ebx,		13
-	add	ebx,		eax
-	; 85
-	mov	edi,		DWORD PTR 12[esp]
-	or	esi,		ecx
-	add	eax,		edi
-	xor	esi,		ebx
-	mov	edi,		-1
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 1352829926[esi*1+eax]
-	sub	edi,		ecx
-	rol	eax,		15
-	add	eax,		ebp
-	; 86
-	mov	esi,		DWORD PTR 48[esp]
-	or	edi,		ebx
-	add	ebp,		esi
-	xor	edi,		eax
-	mov	esi,		-1
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 1352829926[edi*1+ebp]
-	sub	esi,		ebx
-	rol	ebp,		15
-	add	ebp,		edx
-	; 87
-	mov	edi,		DWORD PTR 20[esp]
-	or	esi,		eax
-	add	edx,		edi
-	xor	esi,		ebp
-	mov	edi,		-1
-	rol	eax,		10
-	lea	edx,		DWORD PTR 1352829926[esi*1+edx]
-	sub	edi,		eax
-	rol	edx,		5
-	add	edx,		ecx
-	; 88
-	mov	esi,		DWORD PTR 56[esp]
-	or	edi,		ebp
-	add	ecx,		esi
-	xor	edi,		edx
-	mov	esi,		-1
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 1352829926[edi*1+ecx]
-	sub	esi,		ebp
-	rol	ecx,		7
-	add	ecx,		ebx
-	; 89
-	mov	edi,		DWORD PTR 28[esp]
-	or	esi,		edx
-	add	ebx,		edi
-	xor	esi,		ecx
-	mov	edi,		-1
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 1352829926[esi*1+ebx]
-	sub	edi,		edx
-	rol	ebx,		7
-	add	ebx,		eax
-	; 90
-	mov	esi,		DWORD PTR 64[esp]
-	or	edi,		ecx
-	add	eax,		esi
-	xor	edi,		ebx
-	mov	esi,		-1
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 1352829926[edi*1+eax]
-	sub	esi,		ecx
-	rol	eax,		8
-	add	eax,		ebp
-	; 91
-	mov	edi,		DWORD PTR 36[esp]
-	or	esi,		ebx
-	add	ebp,		edi
-	xor	esi,		eax
-	mov	edi,		-1
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 1352829926[esi*1+ebp]
-	sub	edi,		ebx
-	rol	ebp,		11
-	add	ebp,		edx
-	; 92
-	mov	esi,		DWORD PTR 8[esp]
-	or	edi,		eax
-	add	edx,		esi
-	xor	edi,		ebp
-	mov	esi,		-1
-	rol	eax,		10
-	lea	edx,		DWORD PTR 1352829926[edi*1+edx]
-	sub	esi,		eax
-	rol	edx,		14
-	add	edx,		ecx
-	; 93
-	mov	edi,		DWORD PTR 44[esp]
-	or	esi,		ebp
-	add	ecx,		edi
-	xor	esi,		edx
-	mov	edi,		-1
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 1352829926[esi*1+ecx]
-	sub	edi,		ebp
-	rol	ecx,		14
-	add	ecx,		ebx
-	; 94
-	mov	esi,		DWORD PTR 16[esp]
-	or	edi,		edx
-	add	ebx,		esi
-	xor	edi,		ecx
-	mov	esi,		-1
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 1352829926[edi*1+ebx]
-	sub	esi,		edx
-	rol	ebx,		12
-	add	ebx,		eax
-	; 95
-	mov	edi,		DWORD PTR 52[esp]
-	or	esi,		ecx
-	add	eax,		edi
-	xor	esi,		ebx
-	mov	edi,		-1
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 1352829926[esi*1+eax]
-	mov	esi,		ecx
-	rol	eax,		6
-	add	eax,		ebp
-	; 96
-	sub	edi,		ecx
-	and	esi,		eax
-	and	edi,		ebx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 28[esp]
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 1548603684[edi+ebp]
-	mov	edi,		-1
-	add	ebp,		esi
-	mov	esi,		ebx
-	rol	ebp,		9
-	add	ebp,		edx
-	; 97
-	sub	edi,		ebx
-	and	esi,		ebp
-	and	edi,		eax
-	or	edi,		esi
-	mov	esi,		DWORD PTR 48[esp]
-	rol	eax,		10
-	lea	edx,		DWORD PTR 1548603684[edi+edx]
-	mov	edi,		-1
-	add	edx,		esi
-	mov	esi,		eax
-	rol	edx,		13
-	add	edx,		ecx
-	; 98
-	sub	edi,		eax
-	and	esi,		edx
-	and	edi,		ebp
-	or	edi,		esi
-	mov	esi,		DWORD PTR 16[esp]
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 1548603684[edi+ecx]
-	mov	edi,		-1
-	add	ecx,		esi
-	mov	esi,		ebp
-	rol	ecx,		15
-	add	ecx,		ebx
-	; 99
-	sub	edi,		ebp
-	and	esi,		ecx
-	and	edi,		edx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 32[esp]
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 1548603684[edi+ebx]
-	mov	edi,		-1
-	add	ebx,		esi
-	mov	esi,		edx
-	rol	ebx,		7
-	add	ebx,		eax
-	; 100
-	sub	edi,		edx
-	and	esi,		ebx
-	and	edi,		ecx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 4[esp]
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 1548603684[edi+eax]
-	mov	edi,		-1
-	add	eax,		esi
-	mov	esi,		ecx
-	rol	eax,		12
-	add	eax,		ebp
-	; 101
-	sub	edi,		ecx
-	and	esi,		eax
-	and	edi,		ebx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 56[esp]
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 1548603684[edi+ebp]
-	mov	edi,		-1
-	add	ebp,		esi
-	mov	esi,		ebx
-	rol	ebp,		8
-	add	ebp,		edx
-	; 102
-	sub	edi,		ebx
-	and	esi,		ebp
-	and	edi,		eax
-	or	edi,		esi
-	mov	esi,		DWORD PTR 24[esp]
-	rol	eax,		10
-	lea	edx,		DWORD PTR 1548603684[edi+edx]
-	mov	edi,		-1
-	add	edx,		esi
-	mov	esi,		eax
-	rol	edx,		9
-	add	edx,		ecx
-	; 103
-	sub	edi,		eax
-	and	esi,		edx
-	and	edi,		ebp
-	or	edi,		esi
-	mov	esi,		DWORD PTR 44[esp]
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 1548603684[edi+ecx]
-	mov	edi,		-1
-	add	ecx,		esi
-	mov	esi,		ebp
-	rol	ecx,		11
-	add	ecx,		ebx
-	; 104
-	sub	edi,		ebp
-	and	esi,		ecx
-	and	edi,		edx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 60[esp]
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 1548603684[edi+ebx]
-	mov	edi,		-1
-	add	ebx,		esi
-	mov	esi,		edx
-	rol	ebx,		7
-	add	ebx,		eax
-	; 105
-	sub	edi,		edx
-	and	esi,		ebx
-	and	edi,		ecx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 64[esp]
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 1548603684[edi+eax]
-	mov	edi,		-1
-	add	eax,		esi
-	mov	esi,		ecx
-	rol	eax,		7
-	add	eax,		ebp
-	; 106
-	sub	edi,		ecx
-	and	esi,		eax
-	and	edi,		ebx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 36[esp]
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 1548603684[edi+ebp]
-	mov	edi,		-1
-	add	ebp,		esi
-	mov	esi,		ebx
-	rol	ebp,		12
-	add	ebp,		edx
-	; 107
-	sub	edi,		ebx
-	and	esi,		ebp
-	and	edi,		eax
-	or	edi,		esi
-	mov	esi,		DWORD PTR 52[esp]
-	rol	eax,		10
-	lea	edx,		DWORD PTR 1548603684[edi+edx]
-	mov	edi,		-1
-	add	edx,		esi
-	mov	esi,		eax
-	rol	edx,		7
-	add	edx,		ecx
-	; 108
-	sub	edi,		eax
-	and	esi,		edx
-	and	edi,		ebp
-	or	edi,		esi
-	mov	esi,		DWORD PTR 20[esp]
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 1548603684[edi+ecx]
-	mov	edi,		-1
-	add	ecx,		esi
-	mov	esi,		ebp
-	rol	ecx,		6
-	add	ecx,		ebx
-	; 109
-	sub	edi,		ebp
-	and	esi,		ecx
-	and	edi,		edx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 40[esp]
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 1548603684[edi+ebx]
-	mov	edi,		-1
-	add	ebx,		esi
-	mov	esi,		edx
-	rol	ebx,		15
-	add	ebx,		eax
-	; 110
-	sub	edi,		edx
-	and	esi,		ebx
-	and	edi,		ecx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 8[esp]
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 1548603684[edi+eax]
-	mov	edi,		-1
-	add	eax,		esi
-	mov	esi,		ecx
-	rol	eax,		13
-	add	eax,		ebp
-	; 111
-	sub	edi,		ecx
-	and	esi,		eax
-	and	edi,		ebx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 12[esp]
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 1548603684[edi+ebp]
-	mov	edi,		-1
-	add	ebp,		esi
-	sub	edi,		eax
-	rol	ebp,		11
-	add	ebp,		edx
-	; 112
-	mov	esi,		DWORD PTR 64[esp]
-	or	edi,		ebp
-	add	edx,		esi
-	xor	edi,		ebx
-	mov	esi,		-1
-	rol	eax,		10
-	lea	edx,		DWORD PTR 1836072691[edi*1+edx]
-	sub	esi,		ebp
-	rol	edx,		9
-	add	edx,		ecx
-	; 113
-	mov	edi,		DWORD PTR 24[esp]
-	or	esi,		edx
-	add	ecx,		edi
-	xor	esi,		eax
-	mov	edi,		-1
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 1836072691[esi*1+ecx]
-	sub	edi,		edx
-	rol	ecx,		7
-	add	ecx,		ebx
-	; 114
-	mov	esi,		DWORD PTR 8[esp]
-	or	edi,		ecx
-	add	ebx,		esi
-	xor	edi,		ebp
-	mov	esi,		-1
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 1836072691[edi*1+ebx]
-	sub	esi,		ecx
-	rol	ebx,		15
-	add	ebx,		eax
-	; 115
-	mov	edi,		DWORD PTR 16[esp]
-	or	esi,		ebx
-	add	eax,		edi
-	xor	esi,		edx
-	mov	edi,		-1
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 1836072691[esi*1+eax]
-	sub	edi,		ebx
-	rol	eax,		11
-	add	eax,		ebp
-	; 116
-	mov	esi,		DWORD PTR 32[esp]
-	or	edi,		eax
-	add	ebp,		esi
-	xor	edi,		ecx
-	mov	esi,		-1
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 1836072691[edi*1+ebp]
-	sub	esi,		eax
-	rol	ebp,		8
-	add	ebp,		edx
-	; 117
-	mov	edi,		DWORD PTR 60[esp]
-	or	esi,		ebp
-	add	edx,		edi
-	xor	esi,		ebx
-	mov	edi,		-1
-	rol	eax,		10
-	lea	edx,		DWORD PTR 1836072691[esi*1+edx]
-	sub	edi,		ebp
-	rol	edx,		6
-	add	edx,		ecx
-	; 118
-	mov	esi,		DWORD PTR 28[esp]
-	or	edi,		edx
-	add	ecx,		esi
-	xor	edi,		eax
-	mov	esi,		-1
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 1836072691[edi*1+ecx]
-	sub	esi,		edx
-	rol	ecx,		6
-	add	ecx,		ebx
-	; 119
-	mov	edi,		DWORD PTR 40[esp]
-	or	esi,		ecx
-	add	ebx,		edi
-	xor	esi,		ebp
-	mov	edi,		-1
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 1836072691[esi*1+ebx]
-	sub	edi,		ecx
-	rol	ebx,		14
-	add	ebx,		eax
-	; 120
-	mov	esi,		DWORD PTR 48[esp]
-	or	edi,		ebx
-	add	eax,		esi
-	xor	edi,		edx
-	mov	esi,		-1
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 1836072691[edi*1+eax]
-	sub	esi,		ebx
-	rol	eax,		12
-	add	eax,		ebp
-	; 121
-	mov	edi,		DWORD PTR 36[esp]
-	or	esi,		eax
-	add	ebp,		edi
-	xor	esi,		ecx
-	mov	edi,		-1
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 1836072691[esi*1+ebp]
-	sub	edi,		eax
-	rol	ebp,		13
-	add	ebp,		edx
-	; 122
-	mov	esi,		DWORD PTR 52[esp]
-	or	edi,		ebp
-	add	edx,		esi
-	xor	edi,		ebx
-	mov	esi,		-1
-	rol	eax,		10
-	lea	edx,		DWORD PTR 1836072691[edi*1+edx]
-	sub	esi,		ebp
-	rol	edx,		5
-	add	edx,		ecx
-	; 123
-	mov	edi,		DWORD PTR 12[esp]
-	or	esi,		edx
-	add	ecx,		edi
-	xor	esi,		eax
-	mov	edi,		-1
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 1836072691[esi*1+ecx]
-	sub	edi,		edx
-	rol	ecx,		14
-	add	ecx,		ebx
-	; 124
-	mov	esi,		DWORD PTR 44[esp]
-	or	edi,		ecx
-	add	ebx,		esi
-	xor	edi,		ebp
-	mov	esi,		-1
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 1836072691[edi*1+ebx]
-	sub	esi,		ecx
-	rol	ebx,		13
-	add	ebx,		eax
-	; 125
-	mov	edi,		DWORD PTR 4[esp]
-	or	esi,		ebx
-	add	eax,		edi
-	xor	esi,		edx
-	mov	edi,		-1
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 1836072691[esi*1+eax]
-	sub	edi,		ebx
-	rol	eax,		13
-	add	eax,		ebp
-	; 126
-	mov	esi,		DWORD PTR 20[esp]
-	or	edi,		eax
-	add	ebp,		esi
-	xor	edi,		ecx
-	mov	esi,		-1
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 1836072691[edi*1+ebp]
-	sub	esi,		eax
-	rol	ebp,		7
-	add	ebp,		edx
-	; 127
-	mov	edi,		DWORD PTR 56[esp]
-	or	esi,		ebp
-	add	edx,		edi
-	xor	esi,		ebx
-	mov	edi,		DWORD PTR 36[esp]
-	rol	eax,		10
-	lea	edx,		DWORD PTR 1836072691[esi*1+edx]
-	mov	esi,		-1
-	rol	edx,		5
-	add	edx,		ecx
-	; 128
-	add	ecx,		edi
-	mov	edi,		ebp
-	sub	esi,		edx
-	and	edi,		edx
-	and	esi,		eax
-	or	edi,		esi
-	mov	esi,		DWORD PTR 28[esp]
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 2053994217[edi*1+ecx]
-	mov	edi,		-1
-	rol	ecx,		15
-	add	ecx,		ebx
-	; 129
-	add	ebx,		esi
-	mov	esi,		edx
-	sub	edi,		ecx
-	and	esi,		ecx
-	and	edi,		ebp
-	or	esi,		edi
-	mov	edi,		DWORD PTR 20[esp]
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 2053994217[esi*1+ebx]
-	mov	esi,		-1
-	rol	ebx,		5
-	add	ebx,		eax
-	; 130
-	add	eax,		edi
-	mov	edi,		ecx
-	sub	esi,		ebx
-	and	edi,		ebx
-	and	esi,		edx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 8[esp]
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 2053994217[edi*1+eax]
-	mov	edi,		-1
-	rol	eax,		8
-	add	eax,		ebp
-	; 131
-	add	ebp,		esi
-	mov	esi,		ebx
-	sub	edi,		eax
-	and	esi,		eax
-	and	edi,		ecx
-	or	esi,		edi
-	mov	edi,		DWORD PTR 16[esp]
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 2053994217[esi*1+ebp]
-	mov	esi,		-1
-	rol	ebp,		11
-	add	ebp,		edx
-	; 132
-	add	edx,		edi
-	mov	edi,		eax
-	sub	esi,		ebp
-	and	edi,		ebp
-	and	esi,		ebx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 48[esp]
-	rol	eax,		10
-	lea	edx,		DWORD PTR 2053994217[edi*1+edx]
-	mov	edi,		-1
-	rol	edx,		14
-	add	edx,		ecx
-	; 133
-	add	ecx,		esi
-	mov	esi,		ebp
-	sub	edi,		edx
-	and	esi,		edx
-	and	edi,		eax
-	or	esi,		edi
-	mov	edi,		DWORD PTR 64[esp]
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 2053994217[esi*1+ecx]
-	mov	esi,		-1
-	rol	ecx,		14
-	add	ecx,		ebx
-	; 134
-	add	ebx,		edi
-	mov	edi,		edx
-	sub	esi,		ecx
-	and	edi,		ecx
-	and	esi,		ebp
-	or	edi,		esi
-	mov	esi,		DWORD PTR 4[esp]
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 2053994217[edi*1+ebx]
-	mov	edi,		-1
-	rol	ebx,		6
-	add	ebx,		eax
-	; 135
-	add	eax,		esi
-	mov	esi,		ecx
-	sub	edi,		ebx
-	and	esi,		ebx
-	and	edi,		edx
-	or	esi,		edi
-	mov	edi,		DWORD PTR 24[esp]
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 2053994217[esi*1+eax]
-	mov	esi,		-1
-	rol	eax,		14
-	add	eax,		ebp
-	; 136
-	add	ebp,		edi
-	mov	edi,		ebx
-	sub	esi,		eax
-	and	edi,		eax
-	and	esi,		ecx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 52[esp]
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 2053994217[edi*1+ebp]
-	mov	edi,		-1
-	rol	ebp,		6
-	add	ebp,		edx
-	; 137
-	add	edx,		esi
-	mov	esi,		eax
-	sub	edi,		ebp
-	and	esi,		ebp
-	and	edi,		ebx
-	or	esi,		edi
-	mov	edi,		DWORD PTR 12[esp]
-	rol	eax,		10
-	lea	edx,		DWORD PTR 2053994217[esi*1+edx]
-	mov	esi,		-1
-	rol	edx,		9
-	add	edx,		ecx
-	; 138
-	add	ecx,		edi
-	mov	edi,		ebp
-	sub	esi,		edx
-	and	edi,		edx
-	and	esi,		eax
-	or	edi,		esi
-	mov	esi,		DWORD PTR 56[esp]
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 2053994217[edi*1+ecx]
-	mov	edi,		-1
-	rol	ecx,		12
-	add	ecx,		ebx
-	; 139
-	add	ebx,		esi
-	mov	esi,		edx
-	sub	edi,		ecx
-	and	esi,		ecx
-	and	edi,		ebp
-	or	esi,		edi
-	mov	edi,		DWORD PTR 40[esp]
-	rol	edx,		10
-	lea	ebx,		DWORD PTR 2053994217[esi*1+ebx]
-	mov	esi,		-1
-	rol	ebx,		9
-	add	ebx,		eax
-	; 140
-	add	eax,		edi
-	mov	edi,		ecx
-	sub	esi,		ebx
-	and	edi,		ebx
-	and	esi,		edx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 32[esp]
-	rol	ecx,		10
-	lea	eax,		DWORD PTR 2053994217[edi*1+eax]
-	mov	edi,		-1
-	rol	eax,		12
-	add	eax,		ebp
-	; 141
-	add	ebp,		esi
-	mov	esi,		ebx
-	sub	edi,		eax
-	and	esi,		eax
-	and	edi,		ecx
-	or	esi,		edi
-	mov	edi,		DWORD PTR 44[esp]
-	rol	ebx,		10
-	lea	ebp,		DWORD PTR 2053994217[esi*1+ebp]
-	mov	esi,		-1
-	rol	ebp,		5
-	add	ebp,		edx
-	; 142
-	add	edx,		edi
-	mov	edi,		eax
-	sub	esi,		ebp
-	and	edi,		ebp
-	and	esi,		ebx
-	or	edi,		esi
-	mov	esi,		DWORD PTR 60[esp]
-	rol	eax,		10
-	lea	edx,		DWORD PTR 2053994217[edi*1+edx]
-	mov	edi,		-1
-	rol	edx,		15
-	add	edx,		ecx
-	; 143
-	add	ecx,		esi
-	mov	esi,		ebp
-	sub	edi,		edx
-	and	esi,		edx
-	and	edi,		eax
-	or	edi,		esi
-	mov	esi,		edx
-	rol	ebp,		10
-	lea	ecx,		DWORD PTR 2053994217[edi*1+ecx]
-	xor	esi,		ebp
-	rol	ecx,		8
-	add	ecx,		ebx
-	; 144
-	mov	edi,		DWORD PTR 52[esp]
-	xor	esi,		ecx
-	add	ebx,		edi
-	rol	edx,		10
-	add	ebx,		esi
-	mov	esi,		ecx
-	rol	ebx,		8
-	add	ebx,		eax
-	; 145
-	xor	esi,		edx
-	mov	edi,		DWORD PTR 64[esp]
-	xor	esi,		ebx
-	add	eax,		esi
-	mov	esi,		ebx
-	rol	ecx,		10
-	add	eax,		edi
-	xor	esi,		ecx
-	rol	eax,		5
-	add	eax,		ebp
-	; 146
-	mov	edi,		DWORD PTR 44[esp]
-	xor	esi,		eax
-	add	ebp,		edi
-	rol	ebx,		10
-	add	ebp,		esi
-	mov	esi,		eax
-	rol	ebp,		12
-	add	ebp,		edx
-	; 147
-	xor	esi,		ebx
-	mov	edi,		DWORD PTR 20[esp]
-	xor	esi,		ebp
-	add	edx,		esi
-	mov	esi,		ebp
-	rol	eax,		10
-	add	edx,		edi
-	xor	esi,		eax
-	rol	edx,		9
-	add	edx,		ecx
-	; 148
-	mov	edi,		DWORD PTR 8[esp]
-	xor	esi,		edx
-	add	ecx,		edi
-	rol	ebp,		10
-	add	ecx,		esi
-	mov	esi,		edx
-	rol	ecx,		12
-	add	ecx,		ebx
-	; 149
-	xor	esi,		ebp
-	mov	edi,		DWORD PTR 24[esp]
-	xor	esi,		ecx
-	add	ebx,		esi
-	mov	esi,		ecx
-	rol	edx,		10
-	add	ebx,		edi
-	xor	esi,		edx
-	rol	ebx,		5
-	add	ebx,		eax
-	; 150
-	mov	edi,		DWORD PTR 36[esp]
-	xor	esi,		ebx
-	add	eax,		edi
-	rol	ecx,		10
-	add	eax,		esi
-	mov	esi,		ebx
-	rol	eax,		14
-	add	eax,		ebp
-	; 151
-	xor	esi,		ecx
-	mov	edi,		DWORD PTR 32[esp]
-	xor	esi,		eax
-	add	ebp,		esi
-	mov	esi,		eax
-	rol	ebx,		10
-	add	ebp,		edi
-	xor	esi,		ebx
-	rol	ebp,		6
-	add	ebp,		edx
-	; 152
-	mov	edi,		DWORD PTR 28[esp]
-	xor	esi,		ebp
-	add	edx,		edi
-	rol	eax,		10
-	add	edx,		esi
-	mov	esi,		ebp
-	rol	edx,		8
-	add	edx,		ecx
-	; 153
-	xor	esi,		eax
-	mov	edi,		DWORD PTR 12[esp]
-	xor	esi,		edx
-	add	ecx,		esi
-	mov	esi,		edx
-	rol	ebp,		10
-	add	ecx,		edi
-	xor	esi,		ebp
-	rol	ecx,		13
-	add	ecx,		ebx
-	; 154
-	mov	edi,		DWORD PTR 56[esp]
-	xor	esi,		ecx
-	add	ebx,		edi
-	rol	edx,		10
-	add	ebx,		esi
-	mov	esi,		ecx
-	rol	ebx,		6
-	add	ebx,		eax
-	; 155
-	xor	esi,		edx
-	mov	edi,		DWORD PTR 60[esp]
-	xor	esi,		ebx
-	add	eax,		esi
-	mov	esi,		ebx
-	rol	ecx,		10
-	add	eax,		edi
-	xor	esi,		ecx
-	rol	eax,		5
-	add	eax,		ebp
-	; 156
-	mov	edi,		DWORD PTR 4[esp]
-	xor	esi,		eax
-	add	ebp,		edi
-	rol	ebx,		10
-	add	ebp,		esi
-	mov	esi,		eax
-	rol	ebp,		15
-	add	ebp,		edx
-	; 157
-	xor	esi,		ebx
-	mov	edi,		DWORD PTR 16[esp]
-	xor	esi,		ebp
-	add	edx,		esi
-	mov	esi,		ebp
-	rol	eax,		10
-	add	edx,		edi
-	xor	esi,		eax
-	rol	edx,		13
-	add	edx,		ecx
-	; 158
-	mov	edi,		DWORD PTR 40[esp]
-	xor	esi,		edx
-	add	ecx,		edi
-	rol	ebp,		10
-	add	ecx,		esi
-	mov	esi,		edx
-	rol	ecx,		11
-	add	ecx,		ebx
-	; 159
-	xor	esi,		ebp
-	mov	edi,		DWORD PTR 48[esp]
-	xor	esi,		ecx
-	add	ebx,		esi
-	rol	edx,		10
-	add	ebx,		edi
-	mov	edi,		DWORD PTR 108[esp]
-	rol	ebx,		11
-	add	ebx,		eax
-	mov	esi,		DWORD PTR 4[edi]
-	add	edx,		esi
-	mov	esi,		DWORD PTR 76[esp]
-	add	edx,		esi
-	mov	esi,		DWORD PTR 8[edi]
-	add	ebp,		esi
-	mov	esi,		DWORD PTR 80[esp]
-	add	ebp,		esi
-	mov	esi,		DWORD PTR 12[edi]
-	add	eax,		esi
-	mov	esi,		DWORD PTR 84[esp]
-	add	eax,		esi
-	mov	esi,		DWORD PTR 16[edi]
-	add	ebx,		esi
-	mov	esi,		DWORD PTR 68[esp]
-	add	ebx,		esi
-	mov	esi,		DWORD PTR [edi]
-	add	ecx,		esi
-	mov	esi,		DWORD PTR 72[esp]
-	add	ecx,		esi
-	mov	DWORD PTR [edi],edx
-	mov	DWORD PTR 4[edi],ebp
-	mov	DWORD PTR 8[edi],eax
-	mov	DWORD PTR 12[edi],ebx
-	mov	DWORD PTR 16[edi],ecx
-	mov	edi,		DWORD PTR [esp]
-	mov	esi,		DWORD PTR 112[esp]
-	cmp	edi,		esi
-	mov	edi,		DWORD PTR 108[esp]
-	jge	L000start
-	add	esp,		88
-	pop	ebx
-	pop	ebp
-	pop	edi
-	pop	esi
-	ret
-_ripemd160_block_x86 ENDP
-_TEXT	ENDS
-END
diff --git a/crypto/ripemd/asm/rm86unix.cpp b/crypto/ripemd/asm/rm86unix.cpp
deleted file mode 100644
index f90f6f2fd6..0000000000
--- a/crypto/ripemd/asm/rm86unix.cpp
+++ /dev/null
@@ -1,2016 +0,0 @@
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-
-#if defined(OUT) || defined(BSDI)
-#define ripemd160_block_x86 _ripemd160_block_x86
-
-#endif
-
-#ifdef OUT
-#define OK	1
-#define ALIGN	4
-#endif
-
-#ifdef BSDI
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-/* Let the Assembler begin :-) */
-	/* Don't even think of reading this code */
-	/* It was automatically generated by rmd-586.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, BSDI,Win32, or Solaris */
-	/* eric <eay@cryptsoft.com> */
-
-	.file	"rmd-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl ripemd160_block_x86
-	TYPE(ripemd160_block_x86,@function)
-ripemd160_block_x86:
-	pushl	%esi
-	movl	16(%esp),	%ecx
-	pushl	%edi
-	movl	16(%esp),	%esi
-	pushl	%ebp
-	addl	%esi,		%ecx
-	pushl	%ebx
-	subl	$64,		%ecx
-	subl	$88,		%esp
-	movl	%ecx,		(%esp)
-	movl	108(%esp),	%edi
-.L000start:
-
-	movl	(%esi),		%eax
-	movl	4(%esi),	%ebx
-	movl	%eax,		4(%esp)
-	movl	%ebx,		8(%esp)
-	movl	8(%esi),	%eax
-	movl	12(%esi),	%ebx
-	movl	%eax,		12(%esp)
-	movl	%ebx,		16(%esp)
-	movl	16(%esi),	%eax
-	movl	20(%esi),	%ebx
-	movl	%eax,		20(%esp)
-	movl	%ebx,		24(%esp)
-	movl	24(%esi),	%eax
-	movl	28(%esi),	%ebx
-	movl	%eax,		28(%esp)
-	movl	%ebx,		32(%esp)
-	movl	32(%esi),	%eax
-	movl	36(%esi),	%ebx
-	movl	%eax,		36(%esp)
-	movl	%ebx,		40(%esp)
-	movl	40(%esi),	%eax
-	movl	44(%esi),	%ebx
-	movl	%eax,		44(%esp)
-	movl	%ebx,		48(%esp)
-	movl	48(%esi),	%eax
-	movl	52(%esi),	%ebx
-	movl	%eax,		52(%esp)
-	movl	%ebx,		56(%esp)
-	movl	56(%esi),	%eax
-	movl	60(%esi),	%ebx
-	movl	%eax,		60(%esp)
-	movl	%ebx,		64(%esp)
-	addl	$64,		%esi
-	movl	(%edi),		%eax
-	movl	%esi,		112(%esp)
-	movl	4(%edi),	%ebx
-	movl	8(%edi),	%ecx
-	movl	12(%edi),	%edx
-	movl	16(%edi),	%ebp
-	/* 0 */
-	movl	%ecx,		%esi
-	xorl	%edx,		%esi
-	movl	4(%esp),	%edi
-	xorl	%ebx,		%esi
-	addl	%edi,		%eax
-	roll	$10,		%ecx
-	addl	%esi,		%eax
-	movl	%ebx,		%esi
-	roll	$11,		%eax
-	addl	%ebp,		%eax
-	/* 1 */
-	xorl	%ecx,		%esi
-	movl	8(%esp),	%edi
-	xorl	%eax,		%esi
-	addl	%esi,		%ebp
-	movl	%eax,		%esi
-	roll	$10,		%ebx
-	addl	%edi,		%ebp
-	xorl	%ebx,		%esi
-	roll	$14,		%ebp
-	addl	%edx,		%ebp
-	/* 2 */
-	movl	12(%esp),	%edi
-	xorl	%ebp,		%esi
-	addl	%edi,		%edx
-	roll	$10,		%eax
-	addl	%esi,		%edx
-	movl	%ebp,		%esi
-	roll	$15,		%edx
-	addl	%ecx,		%edx
-	/* 3 */
-	xorl	%eax,		%esi
-	movl	16(%esp),	%edi
-	xorl	%edx,		%esi
-	addl	%esi,		%ecx
-	movl	%edx,		%esi
-	roll	$10,		%ebp
-	addl	%edi,		%ecx
-	xorl	%ebp,		%esi
-	roll	$12,		%ecx
-	addl	%ebx,		%ecx
-	/* 4 */
-	movl	20(%esp),	%edi
-	xorl	%ecx,		%esi
-	addl	%edi,		%ebx
-	roll	$10,		%edx
-	addl	%esi,		%ebx
-	movl	%ecx,		%esi
-	roll	$5,		%ebx
-	addl	%eax,		%ebx
-	/* 5 */
-	xorl	%edx,		%esi
-	movl	24(%esp),	%edi
-	xorl	%ebx,		%esi
-	addl	%esi,		%eax
-	movl	%ebx,		%esi
-	roll	$10,		%ecx
-	addl	%edi,		%eax
-	xorl	%ecx,		%esi
-	roll	$8,		%eax
-	addl	%ebp,		%eax
-	/* 6 */
-	movl	28(%esp),	%edi
-	xorl	%eax,		%esi
-	addl	%edi,		%ebp
-	roll	$10,		%ebx
-	addl	%esi,		%ebp
-	movl	%eax,		%esi
-	roll	$7,		%ebp
-	addl	%edx,		%ebp
-	/* 7 */
-	xorl	%ebx,		%esi
-	movl	32(%esp),	%edi
-	xorl	%ebp,		%esi
-	addl	%esi,		%edx
-	movl	%ebp,		%esi
-	roll	$10,		%eax
-	addl	%edi,		%edx
-	xorl	%eax,		%esi
-	roll	$9,		%edx
-	addl	%ecx,		%edx
-	/* 8 */
-	movl	36(%esp),	%edi
-	xorl	%edx,		%esi
-	addl	%edi,		%ecx
-	roll	$10,		%ebp
-	addl	%esi,		%ecx
-	movl	%edx,		%esi
-	roll	$11,		%ecx
-	addl	%ebx,		%ecx
-	/* 9 */
-	xorl	%ebp,		%esi
-	movl	40(%esp),	%edi
-	xorl	%ecx,		%esi
-	addl	%esi,		%ebx
-	movl	%ecx,		%esi
-	roll	$10,		%edx
-	addl	%edi,		%ebx
-	xorl	%edx,		%esi
-	roll	$13,		%ebx
-	addl	%eax,		%ebx
-	/* 10 */
-	movl	44(%esp),	%edi
-	xorl	%ebx,		%esi
-	addl	%edi,		%eax
-	roll	$10,		%ecx
-	addl	%esi,		%eax
-	movl	%ebx,		%esi
-	roll	$14,		%eax
-	addl	%ebp,		%eax
-	/* 11 */
-	xorl	%ecx,		%esi
-	movl	48(%esp),	%edi
-	xorl	%eax,		%esi
-	addl	%esi,		%ebp
-	movl	%eax,		%esi
-	roll	$10,		%ebx
-	addl	%edi,		%ebp
-	xorl	%ebx,		%esi
-	roll	$15,		%ebp
-	addl	%edx,		%ebp
-	/* 12 */
-	movl	52(%esp),	%edi
-	xorl	%ebp,		%esi
-	addl	%edi,		%edx
-	roll	$10,		%eax
-	addl	%esi,		%edx
-	movl	%ebp,		%esi
-	roll	$6,		%edx
-	addl	%ecx,		%edx
-	/* 13 */
-	xorl	%eax,		%esi
-	movl	56(%esp),	%edi
-	xorl	%edx,		%esi
-	addl	%esi,		%ecx
-	movl	%edx,		%esi
-	roll	$10,		%ebp
-	addl	%edi,		%ecx
-	xorl	%ebp,		%esi
-	roll	$7,		%ecx
-	addl	%ebx,		%ecx
-	/* 14 */
-	movl	60(%esp),	%edi
-	xorl	%ecx,		%esi
-	addl	%edi,		%ebx
-	roll	$10,		%edx
-	addl	%esi,		%ebx
-	movl	%ecx,		%esi
-	roll	$9,		%ebx
-	addl	%eax,		%ebx
-	/* 15 */
-	xorl	%edx,		%esi
-	movl	64(%esp),	%edi
-	xorl	%ebx,		%esi
-	addl	%esi,		%eax
-	movl	$-1,		%esi
-	roll	$10,		%ecx
-	addl	%edi,		%eax
-	movl	32(%esp),	%edi
-	roll	$8,		%eax
-	addl	%ebp,		%eax
-	/* 16 */
-	addl	%edi,		%ebp
-	movl	%ebx,		%edi
-	subl	%eax,		%esi
-	andl	%eax,		%edi
-	andl	%ecx,		%esi
-	orl	%esi,		%edi
-	movl	20(%esp),	%esi
-	roll	$10,		%ebx
-	leal	1518500249(%ebp,%edi,1),%ebp
-	movl	$-1,		%edi
-	roll	$7,		%ebp
-	addl	%edx,		%ebp
-	/* 17 */
-	addl	%esi,		%edx
-	movl	%eax,		%esi
-	subl	%ebp,		%edi
-	andl	%ebp,		%esi
-	andl	%ebx,		%edi
-	orl	%edi,		%esi
-	movl	56(%esp),	%edi
-	roll	$10,		%eax
-	leal	1518500249(%edx,%esi,1),%edx
-	movl	$-1,		%esi
-	roll	$6,		%edx
-	addl	%ecx,		%edx
-	/* 18 */
-	addl	%edi,		%ecx
-	movl	%ebp,		%edi
-	subl	%edx,		%esi
-	andl	%edx,		%edi
-	andl	%eax,		%esi
-	orl	%esi,		%edi
-	movl	8(%esp),	%esi
-	roll	$10,		%ebp
-	leal	1518500249(%ecx,%edi,1),%ecx
-	movl	$-1,		%edi
-	roll	$8,		%ecx
-	addl	%ebx,		%ecx
-	/* 19 */
-	addl	%esi,		%ebx
-	movl	%edx,		%esi
-	subl	%ecx,		%edi
-	andl	%ecx,		%esi
-	andl	%ebp,		%edi
-	orl	%edi,		%esi
-	movl	44(%esp),	%edi
-	roll	$10,		%edx
-	leal	1518500249(%ebx,%esi,1),%ebx
-	movl	$-1,		%esi
-	roll	$13,		%ebx
-	addl	%eax,		%ebx
-	/* 20 */
-	addl	%edi,		%eax
-	movl	%ecx,		%edi
-	subl	%ebx,		%esi
-	andl	%ebx,		%edi
-	andl	%edx,		%esi
-	orl	%esi,		%edi
-	movl	28(%esp),	%esi
-	roll	$10,		%ecx
-	leal	1518500249(%eax,%edi,1),%eax
-	movl	$-1,		%edi
-	roll	$11,		%eax
-	addl	%ebp,		%eax
-	/* 21 */
-	addl	%esi,		%ebp
-	movl	%ebx,		%esi
-	subl	%eax,		%edi
-	andl	%eax,		%esi
-	andl	%ecx,		%edi
-	orl	%edi,		%esi
-	movl	64(%esp),	%edi
-	roll	$10,		%ebx
-	leal	1518500249(%ebp,%esi,1),%ebp
-	movl	$-1,		%esi
-	roll	$9,		%ebp
-	addl	%edx,		%ebp
-	/* 22 */
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	subl	%ebp,		%esi
-	andl	%ebp,		%edi
-	andl	%ebx,		%esi
-	orl	%esi,		%edi
-	movl	16(%esp),	%esi
-	roll	$10,		%eax
-	leal	1518500249(%edx,%edi,1),%edx
-	movl	$-1,		%edi
-	roll	$7,		%edx
-	addl	%ecx,		%edx
-	/* 23 */
-	addl	%esi,		%ecx
-	movl	%ebp,		%esi
-	subl	%edx,		%edi
-	andl	%edx,		%esi
-	andl	%eax,		%edi
-	orl	%edi,		%esi
-	movl	52(%esp),	%edi
-	roll	$10,		%ebp
-	leal	1518500249(%ecx,%esi,1),%ecx
-	movl	$-1,		%esi
-	roll	$15,		%ecx
-	addl	%ebx,		%ecx
-	/* 24 */
-	addl	%edi,		%ebx
-	movl	%edx,		%edi
-	subl	%ecx,		%esi
-	andl	%ecx,		%edi
-	andl	%ebp,		%esi
-	orl	%esi,		%edi
-	movl	4(%esp),	%esi
-	roll	$10,		%edx
-	leal	1518500249(%ebx,%edi,1),%ebx
-	movl	$-1,		%edi
-	roll	$7,		%ebx
-	addl	%eax,		%ebx
-	/* 25 */
-	addl	%esi,		%eax
-	movl	%ecx,		%esi
-	subl	%ebx,		%edi
-	andl	%ebx,		%esi
-	andl	%edx,		%edi
-	orl	%edi,		%esi
-	movl	40(%esp),	%edi
-	roll	$10,		%ecx
-	leal	1518500249(%eax,%esi,1),%eax
-	movl	$-1,		%esi
-	roll	$12,		%eax
-	addl	%ebp,		%eax
-	/* 26 */
-	addl	%edi,		%ebp
-	movl	%ebx,		%edi
-	subl	%eax,		%esi
-	andl	%eax,		%edi
-	andl	%ecx,		%esi
-	orl	%esi,		%edi
-	movl	24(%esp),	%esi
-	roll	$10,		%ebx
-	leal	1518500249(%ebp,%edi,1),%ebp
-	movl	$-1,		%edi
-	roll	$15,		%ebp
-	addl	%edx,		%ebp
-	/* 27 */
-	addl	%esi,		%edx
-	movl	%eax,		%esi
-	subl	%ebp,		%edi
-	andl	%ebp,		%esi
-	andl	%ebx,		%edi
-	orl	%edi,		%esi
-	movl	12(%esp),	%edi
-	roll	$10,		%eax
-	leal	1518500249(%edx,%esi,1),%edx
-	movl	$-1,		%esi
-	roll	$9,		%edx
-	addl	%ecx,		%edx
-	/* 28 */
-	addl	%edi,		%ecx
-	movl	%ebp,		%edi
-	subl	%edx,		%esi
-	andl	%edx,		%edi
-	andl	%eax,		%esi
-	orl	%esi,		%edi
-	movl	60(%esp),	%esi
-	roll	$10,		%ebp
-	leal	1518500249(%ecx,%edi,1),%ecx
-	movl	$-1,		%edi
-	roll	$11,		%ecx
-	addl	%ebx,		%ecx
-	/* 29 */
-	addl	%esi,		%ebx
-	movl	%edx,		%esi
-	subl	%ecx,		%edi
-	andl	%ecx,		%esi
-	andl	%ebp,		%edi
-	orl	%edi,		%esi
-	movl	48(%esp),	%edi
-	roll	$10,		%edx
-	leal	1518500249(%ebx,%esi,1),%ebx
-	movl	$-1,		%esi
-	roll	$7,		%ebx
-	addl	%eax,		%ebx
-	/* 30 */
-	addl	%edi,		%eax
-	movl	%ecx,		%edi
-	subl	%ebx,		%esi
-	andl	%ebx,		%edi
-	andl	%edx,		%esi
-	orl	%esi,		%edi
-	movl	36(%esp),	%esi
-	roll	$10,		%ecx
-	leal	1518500249(%eax,%edi,1),%eax
-	movl	$-1,		%edi
-	roll	$13,		%eax
-	addl	%ebp,		%eax
-	/* 31 */
-	addl	%esi,		%ebp
-	movl	%ebx,		%esi
-	subl	%eax,		%edi
-	andl	%eax,		%esi
-	andl	%ecx,		%edi
-	orl	%edi,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebx
-	leal	1518500249(%ebp,%esi,1),%ebp
-	subl	%eax,		%edi
-	roll	$12,		%ebp
-	addl	%edx,		%ebp
-	/* 32 */
-	movl	16(%esp),	%esi
-	orl	%ebp,		%edi
-	addl	%esi,		%edx
-	xorl	%ebx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%eax
-	leal	1859775393(%edx,%edi,1),%edx
-	subl	%ebp,		%esi
-	roll	$11,		%edx
-	addl	%ecx,		%edx
-	/* 33 */
-	movl	44(%esp),	%edi
-	orl	%edx,		%esi
-	addl	%edi,		%ecx
-	xorl	%eax,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebp
-	leal	1859775393(%ecx,%esi,1),%ecx
-	subl	%edx,		%edi
-	roll	$13,		%ecx
-	addl	%ebx,		%ecx
-	/* 34 */
-	movl	60(%esp),	%esi
-	orl	%ecx,		%edi
-	addl	%esi,		%ebx
-	xorl	%ebp,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%edx
-	leal	1859775393(%ebx,%edi,1),%ebx
-	subl	%ecx,		%esi
-	roll	$6,		%ebx
-	addl	%eax,		%ebx
-	/* 35 */
-	movl	20(%esp),	%edi
-	orl	%ebx,		%esi
-	addl	%edi,		%eax
-	xorl	%edx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ecx
-	leal	1859775393(%eax,%esi,1),%eax
-	subl	%ebx,		%edi
-	roll	$7,		%eax
-	addl	%ebp,		%eax
-	/* 36 */
-	movl	40(%esp),	%esi
-	orl	%eax,		%edi
-	addl	%esi,		%ebp
-	xorl	%ecx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebx
-	leal	1859775393(%ebp,%edi,1),%ebp
-	subl	%eax,		%esi
-	roll	$14,		%ebp
-	addl	%edx,		%ebp
-	/* 37 */
-	movl	64(%esp),	%edi
-	orl	%ebp,		%esi
-	addl	%edi,		%edx
-	xorl	%ebx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%eax
-	leal	1859775393(%edx,%esi,1),%edx
-	subl	%ebp,		%edi
-	roll	$9,		%edx
-	addl	%ecx,		%edx
-	/* 38 */
-	movl	36(%esp),	%esi
-	orl	%edx,		%edi
-	addl	%esi,		%ecx
-	xorl	%eax,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebp
-	leal	1859775393(%ecx,%edi,1),%ecx
-	subl	%edx,		%esi
-	roll	$13,		%ecx
-	addl	%ebx,		%ecx
-	/* 39 */
-	movl	8(%esp),	%edi
-	orl	%ecx,		%esi
-	addl	%edi,		%ebx
-	xorl	%ebp,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%edx
-	leal	1859775393(%ebx,%esi,1),%ebx
-	subl	%ecx,		%edi
-	roll	$15,		%ebx
-	addl	%eax,		%ebx
-	/* 40 */
-	movl	12(%esp),	%esi
-	orl	%ebx,		%edi
-	addl	%esi,		%eax
-	xorl	%edx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ecx
-	leal	1859775393(%eax,%edi,1),%eax
-	subl	%ebx,		%esi
-	roll	$14,		%eax
-	addl	%ebp,		%eax
-	/* 41 */
-	movl	32(%esp),	%edi
-	orl	%eax,		%esi
-	addl	%edi,		%ebp
-	xorl	%ecx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebx
-	leal	1859775393(%ebp,%esi,1),%ebp
-	subl	%eax,		%edi
-	roll	$8,		%ebp
-	addl	%edx,		%ebp
-	/* 42 */
-	movl	4(%esp),	%esi
-	orl	%ebp,		%edi
-	addl	%esi,		%edx
-	xorl	%ebx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%eax
-	leal	1859775393(%edx,%edi,1),%edx
-	subl	%ebp,		%esi
-	roll	$13,		%edx
-	addl	%ecx,		%edx
-	/* 43 */
-	movl	28(%esp),	%edi
-	orl	%edx,		%esi
-	addl	%edi,		%ecx
-	xorl	%eax,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebp
-	leal	1859775393(%ecx,%esi,1),%ecx
-	subl	%edx,		%edi
-	roll	$6,		%ecx
-	addl	%ebx,		%ecx
-	/* 44 */
-	movl	56(%esp),	%esi
-	orl	%ecx,		%edi
-	addl	%esi,		%ebx
-	xorl	%ebp,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%edx
-	leal	1859775393(%ebx,%edi,1),%ebx
-	subl	%ecx,		%esi
-	roll	$5,		%ebx
-	addl	%eax,		%ebx
-	/* 45 */
-	movl	48(%esp),	%edi
-	orl	%ebx,		%esi
-	addl	%edi,		%eax
-	xorl	%edx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ecx
-	leal	1859775393(%eax,%esi,1),%eax
-	subl	%ebx,		%edi
-	roll	$12,		%eax
-	addl	%ebp,		%eax
-	/* 46 */
-	movl	24(%esp),	%esi
-	orl	%eax,		%edi
-	addl	%esi,		%ebp
-	xorl	%ecx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebx
-	leal	1859775393(%ebp,%edi,1),%ebp
-	subl	%eax,		%esi
-	roll	$7,		%ebp
-	addl	%edx,		%ebp
-	/* 47 */
-	movl	52(%esp),	%edi
-	orl	%ebp,		%esi
-	addl	%edi,		%edx
-	xorl	%ebx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%eax
-	leal	1859775393(%edx,%esi,1),%edx
-	movl	%eax,		%esi
-	roll	$5,		%edx
-	addl	%ecx,		%edx
-	/* 48 */
-	subl	%eax,		%edi
-	andl	%edx,		%esi
-	andl	%ebp,		%edi
-	orl	%esi,		%edi
-	movl	8(%esp),	%esi
-	roll	$10,		%ebp
-	leal	2400959708(%ecx,%edi,),%ecx
-	movl	$-1,		%edi
-	addl	%esi,		%ecx
-	movl	%ebp,		%esi
-	roll	$11,		%ecx
-	addl	%ebx,		%ecx
-	/* 49 */
-	subl	%ebp,		%edi
-	andl	%ecx,		%esi
-	andl	%edx,		%edi
-	orl	%esi,		%edi
-	movl	40(%esp),	%esi
-	roll	$10,		%edx
-	leal	2400959708(%ebx,%edi,),%ebx
-	movl	$-1,		%edi
-	addl	%esi,		%ebx
-	movl	%edx,		%esi
-	roll	$12,		%ebx
-	addl	%eax,		%ebx
-	/* 50 */
-	subl	%edx,		%edi
-	andl	%ebx,		%esi
-	andl	%ecx,		%edi
-	orl	%esi,		%edi
-	movl	48(%esp),	%esi
-	roll	$10,		%ecx
-	leal	2400959708(%eax,%edi,),%eax
-	movl	$-1,		%edi
-	addl	%esi,		%eax
-	movl	%ecx,		%esi
-	roll	$14,		%eax
-	addl	%ebp,		%eax
-	/* 51 */
-	subl	%ecx,		%edi
-	andl	%eax,		%esi
-	andl	%ebx,		%edi
-	orl	%esi,		%edi
-	movl	44(%esp),	%esi
-	roll	$10,		%ebx
-	leal	2400959708(%ebp,%edi,),%ebp
-	movl	$-1,		%edi
-	addl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$15,		%ebp
-	addl	%edx,		%ebp
-	/* 52 */
-	subl	%ebx,		%edi
-	andl	%ebp,		%esi
-	andl	%eax,		%edi
-	orl	%esi,		%edi
-	movl	4(%esp),	%esi
-	roll	$10,		%eax
-	leal	2400959708(%edx,%edi,),%edx
-	movl	$-1,		%edi
-	addl	%esi,		%edx
-	movl	%eax,		%esi
-	roll	$14,		%edx
-	addl	%ecx,		%edx
-	/* 53 */
-	subl	%eax,		%edi
-	andl	%edx,		%esi
-	andl	%ebp,		%edi
-	orl	%esi,		%edi
-	movl	36(%esp),	%esi
-	roll	$10,		%ebp
-	leal	2400959708(%ecx,%edi,),%ecx
-	movl	$-1,		%edi
-	addl	%esi,		%ecx
-	movl	%ebp,		%esi
-	roll	$15,		%ecx
-	addl	%ebx,		%ecx
-	/* 54 */
-	subl	%ebp,		%edi
-	andl	%ecx,		%esi
-	andl	%edx,		%edi
-	orl	%esi,		%edi
-	movl	52(%esp),	%esi
-	roll	$10,		%edx
-	leal	2400959708(%ebx,%edi,),%ebx
-	movl	$-1,		%edi
-	addl	%esi,		%ebx
-	movl	%edx,		%esi
-	roll	$9,		%ebx
-	addl	%eax,		%ebx
-	/* 55 */
-	subl	%edx,		%edi
-	andl	%ebx,		%esi
-	andl	%ecx,		%edi
-	orl	%esi,		%edi
-	movl	20(%esp),	%esi
-	roll	$10,		%ecx
-	leal	2400959708(%eax,%edi,),%eax
-	movl	$-1,		%edi
-	addl	%esi,		%eax
-	movl	%ecx,		%esi
-	roll	$8,		%eax
-	addl	%ebp,		%eax
-	/* 56 */
-	subl	%ecx,		%edi
-	andl	%eax,		%esi
-	andl	%ebx,		%edi
-	orl	%esi,		%edi
-	movl	56(%esp),	%esi
-	roll	$10,		%ebx
-	leal	2400959708(%ebp,%edi,),%ebp
-	movl	$-1,		%edi
-	addl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$9,		%ebp
-	addl	%edx,		%ebp
-	/* 57 */
-	subl	%ebx,		%edi
-	andl	%ebp,		%esi
-	andl	%eax,		%edi
-	orl	%esi,		%edi
-	movl	16(%esp),	%esi
-	roll	$10,		%eax
-	leal	2400959708(%edx,%edi,),%edx
-	movl	$-1,		%edi
-	addl	%esi,		%edx
-	movl	%eax,		%esi
-	roll	$14,		%edx
-	addl	%ecx,		%edx
-	/* 58 */
-	subl	%eax,		%edi
-	andl	%edx,		%esi
-	andl	%ebp,		%edi
-	orl	%esi,		%edi
-	movl	32(%esp),	%esi
-	roll	$10,		%ebp
-	leal	2400959708(%ecx,%edi,),%ecx
-	movl	$-1,		%edi
-	addl	%esi,		%ecx
-	movl	%ebp,		%esi
-	roll	$5,		%ecx
-	addl	%ebx,		%ecx
-	/* 59 */
-	subl	%ebp,		%edi
-	andl	%ecx,		%esi
-	andl	%edx,		%edi
-	orl	%esi,		%edi
-	movl	64(%esp),	%esi
-	roll	$10,		%edx
-	leal	2400959708(%ebx,%edi,),%ebx
-	movl	$-1,		%edi
-	addl	%esi,		%ebx
-	movl	%edx,		%esi
-	roll	$6,		%ebx
-	addl	%eax,		%ebx
-	/* 60 */
-	subl	%edx,		%edi
-	andl	%ebx,		%esi
-	andl	%ecx,		%edi
-	orl	%esi,		%edi
-	movl	60(%esp),	%esi
-	roll	$10,		%ecx
-	leal	2400959708(%eax,%edi,),%eax
-	movl	$-1,		%edi
-	addl	%esi,		%eax
-	movl	%ecx,		%esi
-	roll	$8,		%eax
-	addl	%ebp,		%eax
-	/* 61 */
-	subl	%ecx,		%edi
-	andl	%eax,		%esi
-	andl	%ebx,		%edi
-	orl	%esi,		%edi
-	movl	24(%esp),	%esi
-	roll	$10,		%ebx
-	leal	2400959708(%ebp,%edi,),%ebp
-	movl	$-1,		%edi
-	addl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$6,		%ebp
-	addl	%edx,		%ebp
-	/* 62 */
-	subl	%ebx,		%edi
-	andl	%ebp,		%esi
-	andl	%eax,		%edi
-	orl	%esi,		%edi
-	movl	28(%esp),	%esi
-	roll	$10,		%eax
-	leal	2400959708(%edx,%edi,),%edx
-	movl	$-1,		%edi
-	addl	%esi,		%edx
-	movl	%eax,		%esi
-	roll	$5,		%edx
-	addl	%ecx,		%edx
-	/* 63 */
-	subl	%eax,		%edi
-	andl	%edx,		%esi
-	andl	%ebp,		%edi
-	orl	%esi,		%edi
-	movl	12(%esp),	%esi
-	roll	$10,		%ebp
-	leal	2400959708(%ecx,%edi,),%ecx
-	movl	$-1,		%edi
-	addl	%esi,		%ecx
-	subl	%ebp,		%edi
-	roll	$12,		%ecx
-	addl	%ebx,		%ecx
-	/* 64 */
-	movl	20(%esp),	%esi
-	orl	%edx,		%edi
-	addl	%esi,		%ebx
-	xorl	%ecx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%edx
-	leal	2840853838(%ebx,%edi,1),%ebx
-	subl	%edx,		%esi
-	roll	$9,		%ebx
-	addl	%eax,		%ebx
-	/* 65 */
-	movl	4(%esp),	%edi
-	orl	%ecx,		%esi
-	addl	%edi,		%eax
-	xorl	%ebx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ecx
-	leal	2840853838(%eax,%esi,1),%eax
-	subl	%ecx,		%edi
-	roll	$15,		%eax
-	addl	%ebp,		%eax
-	/* 66 */
-	movl	24(%esp),	%esi
-	orl	%ebx,		%edi
-	addl	%esi,		%ebp
-	xorl	%eax,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebx
-	leal	2840853838(%ebp,%edi,1),%ebp
-	subl	%ebx,		%esi
-	roll	$5,		%ebp
-	addl	%edx,		%ebp
-	/* 67 */
-	movl	40(%esp),	%edi
-	orl	%eax,		%esi
-	addl	%edi,		%edx
-	xorl	%ebp,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%eax
-	leal	2840853838(%edx,%esi,1),%edx
-	subl	%eax,		%edi
-	roll	$11,		%edx
-	addl	%ecx,		%edx
-	/* 68 */
-	movl	32(%esp),	%esi
-	orl	%ebp,		%edi
-	addl	%esi,		%ecx
-	xorl	%edx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebp
-	leal	2840853838(%ecx,%edi,1),%ecx
-	subl	%ebp,		%esi
-	roll	$6,		%ecx
-	addl	%ebx,		%ecx
-	/* 69 */
-	movl	52(%esp),	%edi
-	orl	%edx,		%esi
-	addl	%edi,		%ebx
-	xorl	%ecx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%edx
-	leal	2840853838(%ebx,%esi,1),%ebx
-	subl	%edx,		%edi
-	roll	$8,		%ebx
-	addl	%eax,		%ebx
-	/* 70 */
-	movl	12(%esp),	%esi
-	orl	%ecx,		%edi
-	addl	%esi,		%eax
-	xorl	%ebx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ecx
-	leal	2840853838(%eax,%edi,1),%eax
-	subl	%ecx,		%esi
-	roll	$13,		%eax
-	addl	%ebp,		%eax
-	/* 71 */
-	movl	44(%esp),	%edi
-	orl	%ebx,		%esi
-	addl	%edi,		%ebp
-	xorl	%eax,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebx
-	leal	2840853838(%ebp,%esi,1),%ebp
-	subl	%ebx,		%edi
-	roll	$12,		%ebp
-	addl	%edx,		%ebp
-	/* 72 */
-	movl	60(%esp),	%esi
-	orl	%eax,		%edi
-	addl	%esi,		%edx
-	xorl	%ebp,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%eax
-	leal	2840853838(%edx,%edi,1),%edx
-	subl	%eax,		%esi
-	roll	$5,		%edx
-	addl	%ecx,		%edx
-	/* 73 */
-	movl	8(%esp),	%edi
-	orl	%ebp,		%esi
-	addl	%edi,		%ecx
-	xorl	%edx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebp
-	leal	2840853838(%ecx,%esi,1),%ecx
-	subl	%ebp,		%edi
-	roll	$12,		%ecx
-	addl	%ebx,		%ecx
-	/* 74 */
-	movl	16(%esp),	%esi
-	orl	%edx,		%edi
-	addl	%esi,		%ebx
-	xorl	%ecx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%edx
-	leal	2840853838(%ebx,%edi,1),%ebx
-	subl	%edx,		%esi
-	roll	$13,		%ebx
-	addl	%eax,		%ebx
-	/* 75 */
-	movl	36(%esp),	%edi
-	orl	%ecx,		%esi
-	addl	%edi,		%eax
-	xorl	%ebx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ecx
-	leal	2840853838(%eax,%esi,1),%eax
-	subl	%ecx,		%edi
-	roll	$14,		%eax
-	addl	%ebp,		%eax
-	/* 76 */
-	movl	48(%esp),	%esi
-	orl	%ebx,		%edi
-	addl	%esi,		%ebp
-	xorl	%eax,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebx
-	leal	2840853838(%ebp,%edi,1),%ebp
-	subl	%ebx,		%esi
-	roll	$11,		%ebp
-	addl	%edx,		%ebp
-	/* 77 */
-	movl	28(%esp),	%edi
-	orl	%eax,		%esi
-	addl	%edi,		%edx
-	xorl	%ebp,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%eax
-	leal	2840853838(%edx,%esi,1),%edx
-	subl	%eax,		%edi
-	roll	$8,		%edx
-	addl	%ecx,		%edx
-	/* 78 */
-	movl	64(%esp),	%esi
-	orl	%ebp,		%edi
-	addl	%esi,		%ecx
-	xorl	%edx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebp
-	leal	2840853838(%ecx,%edi,1),%ecx
-	subl	%ebp,		%esi
-	roll	$5,		%ecx
-	addl	%ebx,		%ecx
-	/* 79 */
-	movl	56(%esp),	%edi
-	orl	%edx,		%esi
-	addl	%edi,		%ebx
-	xorl	%ecx,		%esi
-	movl	108(%esp),	%edi
-	roll	$10,		%edx
-	leal	2840853838(%ebx,%esi,1),%ebx
-	movl	%eax,		68(%esp)
-	roll	$6,		%ebx
-	addl	%eax,		%ebx
-	movl	(%edi),		%eax
-	movl	%ebx,		72(%esp)
-	movl	%ecx,		76(%esp)
-	movl	4(%edi),	%ebx
-	movl	%edx,		80(%esp)
-	movl	8(%edi),	%ecx
-	movl	%ebp,		84(%esp)
-	movl	12(%edi),	%edx
-	movl	16(%edi),	%ebp
-	/* 80 */
-	movl	$-1,		%edi
-	subl	%edx,		%edi
-	movl	24(%esp),	%esi
-	orl	%ecx,		%edi
-	addl	%esi,		%eax
-	xorl	%ebx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ecx
-	leal	1352829926(%eax,%edi,1),%eax
-	subl	%ecx,		%esi
-	roll	$8,		%eax
-	addl	%ebp,		%eax
-	/* 81 */
-	movl	60(%esp),	%edi
-	orl	%ebx,		%esi
-	addl	%edi,		%ebp
-	xorl	%eax,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebx
-	leal	1352829926(%ebp,%esi,1),%ebp
-	subl	%ebx,		%edi
-	roll	$9,		%ebp
-	addl	%edx,		%ebp
-	/* 82 */
-	movl	32(%esp),	%esi
-	orl	%eax,		%edi
-	addl	%esi,		%edx
-	xorl	%ebp,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%eax
-	leal	1352829926(%edx,%edi,1),%edx
-	subl	%eax,		%esi
-	roll	$9,		%edx
-	addl	%ecx,		%edx
-	/* 83 */
-	movl	4(%esp),	%edi
-	orl	%ebp,		%esi
-	addl	%edi,		%ecx
-	xorl	%edx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebp
-	leal	1352829926(%ecx,%esi,1),%ecx
-	subl	%ebp,		%edi
-	roll	$11,		%ecx
-	addl	%ebx,		%ecx
-	/* 84 */
-	movl	40(%esp),	%esi
-	orl	%edx,		%edi
-	addl	%esi,		%ebx
-	xorl	%ecx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%edx
-	leal	1352829926(%ebx,%edi,1),%ebx
-	subl	%edx,		%esi
-	roll	$13,		%ebx
-	addl	%eax,		%ebx
-	/* 85 */
-	movl	12(%esp),	%edi
-	orl	%ecx,		%esi
-	addl	%edi,		%eax
-	xorl	%ebx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ecx
-	leal	1352829926(%eax,%esi,1),%eax
-	subl	%ecx,		%edi
-	roll	$15,		%eax
-	addl	%ebp,		%eax
-	/* 86 */
-	movl	48(%esp),	%esi
-	orl	%ebx,		%edi
-	addl	%esi,		%ebp
-	xorl	%eax,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebx
-	leal	1352829926(%ebp,%edi,1),%ebp
-	subl	%ebx,		%esi
-	roll	$15,		%ebp
-	addl	%edx,		%ebp
-	/* 87 */
-	movl	20(%esp),	%edi
-	orl	%eax,		%esi
-	addl	%edi,		%edx
-	xorl	%ebp,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%eax
-	leal	1352829926(%edx,%esi,1),%edx
-	subl	%eax,		%edi
-	roll	$5,		%edx
-	addl	%ecx,		%edx
-	/* 88 */
-	movl	56(%esp),	%esi
-	orl	%ebp,		%edi
-	addl	%esi,		%ecx
-	xorl	%edx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebp
-	leal	1352829926(%ecx,%edi,1),%ecx
-	subl	%ebp,		%esi
-	roll	$7,		%ecx
-	addl	%ebx,		%ecx
-	/* 89 */
-	movl	28(%esp),	%edi
-	orl	%edx,		%esi
-	addl	%edi,		%ebx
-	xorl	%ecx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%edx
-	leal	1352829926(%ebx,%esi,1),%ebx
-	subl	%edx,		%edi
-	roll	$7,		%ebx
-	addl	%eax,		%ebx
-	/* 90 */
-	movl	64(%esp),	%esi
-	orl	%ecx,		%edi
-	addl	%esi,		%eax
-	xorl	%ebx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ecx
-	leal	1352829926(%eax,%edi,1),%eax
-	subl	%ecx,		%esi
-	roll	$8,		%eax
-	addl	%ebp,		%eax
-	/* 91 */
-	movl	36(%esp),	%edi
-	orl	%ebx,		%esi
-	addl	%edi,		%ebp
-	xorl	%eax,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebx
-	leal	1352829926(%ebp,%esi,1),%ebp
-	subl	%ebx,		%edi
-	roll	$11,		%ebp
-	addl	%edx,		%ebp
-	/* 92 */
-	movl	8(%esp),	%esi
-	orl	%eax,		%edi
-	addl	%esi,		%edx
-	xorl	%ebp,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%eax
-	leal	1352829926(%edx,%edi,1),%edx
-	subl	%eax,		%esi
-	roll	$14,		%edx
-	addl	%ecx,		%edx
-	/* 93 */
-	movl	44(%esp),	%edi
-	orl	%ebp,		%esi
-	addl	%edi,		%ecx
-	xorl	%edx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebp
-	leal	1352829926(%ecx,%esi,1),%ecx
-	subl	%ebp,		%edi
-	roll	$14,		%ecx
-	addl	%ebx,		%ecx
-	/* 94 */
-	movl	16(%esp),	%esi
-	orl	%edx,		%edi
-	addl	%esi,		%ebx
-	xorl	%ecx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%edx
-	leal	1352829926(%ebx,%edi,1),%ebx
-	subl	%edx,		%esi
-	roll	$12,		%ebx
-	addl	%eax,		%ebx
-	/* 95 */
-	movl	52(%esp),	%edi
-	orl	%ecx,		%esi
-	addl	%edi,		%eax
-	xorl	%ebx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ecx
-	leal	1352829926(%eax,%esi,1),%eax
-	movl	%ecx,		%esi
-	roll	$6,		%eax
-	addl	%ebp,		%eax
-	/* 96 */
-	subl	%ecx,		%edi
-	andl	%eax,		%esi
-	andl	%ebx,		%edi
-	orl	%esi,		%edi
-	movl	28(%esp),	%esi
-	roll	$10,		%ebx
-	leal	1548603684(%ebp,%edi,),%ebp
-	movl	$-1,		%edi
-	addl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$9,		%ebp
-	addl	%edx,		%ebp
-	/* 97 */
-	subl	%ebx,		%edi
-	andl	%ebp,		%esi
-	andl	%eax,		%edi
-	orl	%esi,		%edi
-	movl	48(%esp),	%esi
-	roll	$10,		%eax
-	leal	1548603684(%edx,%edi,),%edx
-	movl	$-1,		%edi
-	addl	%esi,		%edx
-	movl	%eax,		%esi
-	roll	$13,		%edx
-	addl	%ecx,		%edx
-	/* 98 */
-	subl	%eax,		%edi
-	andl	%edx,		%esi
-	andl	%ebp,		%edi
-	orl	%esi,		%edi
-	movl	16(%esp),	%esi
-	roll	$10,		%ebp
-	leal	1548603684(%ecx,%edi,),%ecx
-	movl	$-1,		%edi
-	addl	%esi,		%ecx
-	movl	%ebp,		%esi
-	roll	$15,		%ecx
-	addl	%ebx,		%ecx
-	/* 99 */
-	subl	%ebp,		%edi
-	andl	%ecx,		%esi
-	andl	%edx,		%edi
-	orl	%esi,		%edi
-	movl	32(%esp),	%esi
-	roll	$10,		%edx
-	leal	1548603684(%ebx,%edi,),%ebx
-	movl	$-1,		%edi
-	addl	%esi,		%ebx
-	movl	%edx,		%esi
-	roll	$7,		%ebx
-	addl	%eax,		%ebx
-	/* 100 */
-	subl	%edx,		%edi
-	andl	%ebx,		%esi
-	andl	%ecx,		%edi
-	orl	%esi,		%edi
-	movl	4(%esp),	%esi
-	roll	$10,		%ecx
-	leal	1548603684(%eax,%edi,),%eax
-	movl	$-1,		%edi
-	addl	%esi,		%eax
-	movl	%ecx,		%esi
-	roll	$12,		%eax
-	addl	%ebp,		%eax
-	/* 101 */
-	subl	%ecx,		%edi
-	andl	%eax,		%esi
-	andl	%ebx,		%edi
-	orl	%esi,		%edi
-	movl	56(%esp),	%esi
-	roll	$10,		%ebx
-	leal	1548603684(%ebp,%edi,),%ebp
-	movl	$-1,		%edi
-	addl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$8,		%ebp
-	addl	%edx,		%ebp
-	/* 102 */
-	subl	%ebx,		%edi
-	andl	%ebp,		%esi
-	andl	%eax,		%edi
-	orl	%esi,		%edi
-	movl	24(%esp),	%esi
-	roll	$10,		%eax
-	leal	1548603684(%edx,%edi,),%edx
-	movl	$-1,		%edi
-	addl	%esi,		%edx
-	movl	%eax,		%esi
-	roll	$9,		%edx
-	addl	%ecx,		%edx
-	/* 103 */
-	subl	%eax,		%edi
-	andl	%edx,		%esi
-	andl	%ebp,		%edi
-	orl	%esi,		%edi
-	movl	44(%esp),	%esi
-	roll	$10,		%ebp
-	leal	1548603684(%ecx,%edi,),%ecx
-	movl	$-1,		%edi
-	addl	%esi,		%ecx
-	movl	%ebp,		%esi
-	roll	$11,		%ecx
-	addl	%ebx,		%ecx
-	/* 104 */
-	subl	%ebp,		%edi
-	andl	%ecx,		%esi
-	andl	%edx,		%edi
-	orl	%esi,		%edi
-	movl	60(%esp),	%esi
-	roll	$10,		%edx
-	leal	1548603684(%ebx,%edi,),%ebx
-	movl	$-1,		%edi
-	addl	%esi,		%ebx
-	movl	%edx,		%esi
-	roll	$7,		%ebx
-	addl	%eax,		%ebx
-	/* 105 */
-	subl	%edx,		%edi
-	andl	%ebx,		%esi
-	andl	%ecx,		%edi
-	orl	%esi,		%edi
-	movl	64(%esp),	%esi
-	roll	$10,		%ecx
-	leal	1548603684(%eax,%edi,),%eax
-	movl	$-1,		%edi
-	addl	%esi,		%eax
-	movl	%ecx,		%esi
-	roll	$7,		%eax
-	addl	%ebp,		%eax
-	/* 106 */
-	subl	%ecx,		%edi
-	andl	%eax,		%esi
-	andl	%ebx,		%edi
-	orl	%esi,		%edi
-	movl	36(%esp),	%esi
-	roll	$10,		%ebx
-	leal	1548603684(%ebp,%edi,),%ebp
-	movl	$-1,		%edi
-	addl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$12,		%ebp
-	addl	%edx,		%ebp
-	/* 107 */
-	subl	%ebx,		%edi
-	andl	%ebp,		%esi
-	andl	%eax,		%edi
-	orl	%esi,		%edi
-	movl	52(%esp),	%esi
-	roll	$10,		%eax
-	leal	1548603684(%edx,%edi,),%edx
-	movl	$-1,		%edi
-	addl	%esi,		%edx
-	movl	%eax,		%esi
-	roll	$7,		%edx
-	addl	%ecx,		%edx
-	/* 108 */
-	subl	%eax,		%edi
-	andl	%edx,		%esi
-	andl	%ebp,		%edi
-	orl	%esi,		%edi
-	movl	20(%esp),	%esi
-	roll	$10,		%ebp
-	leal	1548603684(%ecx,%edi,),%ecx
-	movl	$-1,		%edi
-	addl	%esi,		%ecx
-	movl	%ebp,		%esi
-	roll	$6,		%ecx
-	addl	%ebx,		%ecx
-	/* 109 */
-	subl	%ebp,		%edi
-	andl	%ecx,		%esi
-	andl	%edx,		%edi
-	orl	%esi,		%edi
-	movl	40(%esp),	%esi
-	roll	$10,		%edx
-	leal	1548603684(%ebx,%edi,),%ebx
-	movl	$-1,		%edi
-	addl	%esi,		%ebx
-	movl	%edx,		%esi
-	roll	$15,		%ebx
-	addl	%eax,		%ebx
-	/* 110 */
-	subl	%edx,		%edi
-	andl	%ebx,		%esi
-	andl	%ecx,		%edi
-	orl	%esi,		%edi
-	movl	8(%esp),	%esi
-	roll	$10,		%ecx
-	leal	1548603684(%eax,%edi,),%eax
-	movl	$-1,		%edi
-	addl	%esi,		%eax
-	movl	%ecx,		%esi
-	roll	$13,		%eax
-	addl	%ebp,		%eax
-	/* 111 */
-	subl	%ecx,		%edi
-	andl	%eax,		%esi
-	andl	%ebx,		%edi
-	orl	%esi,		%edi
-	movl	12(%esp),	%esi
-	roll	$10,		%ebx
-	leal	1548603684(%ebp,%edi,),%ebp
-	movl	$-1,		%edi
-	addl	%esi,		%ebp
-	subl	%eax,		%edi
-	roll	$11,		%ebp
-	addl	%edx,		%ebp
-	/* 112 */
-	movl	64(%esp),	%esi
-	orl	%ebp,		%edi
-	addl	%esi,		%edx
-	xorl	%ebx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%eax
-	leal	1836072691(%edx,%edi,1),%edx
-	subl	%ebp,		%esi
-	roll	$9,		%edx
-	addl	%ecx,		%edx
-	/* 113 */
-	movl	24(%esp),	%edi
-	orl	%edx,		%esi
-	addl	%edi,		%ecx
-	xorl	%eax,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebp
-	leal	1836072691(%ecx,%esi,1),%ecx
-	subl	%edx,		%edi
-	roll	$7,		%ecx
-	addl	%ebx,		%ecx
-	/* 114 */
-	movl	8(%esp),	%esi
-	orl	%ecx,		%edi
-	addl	%esi,		%ebx
-	xorl	%ebp,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%edx
-	leal	1836072691(%ebx,%edi,1),%ebx
-	subl	%ecx,		%esi
-	roll	$15,		%ebx
-	addl	%eax,		%ebx
-	/* 115 */
-	movl	16(%esp),	%edi
-	orl	%ebx,		%esi
-	addl	%edi,		%eax
-	xorl	%edx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ecx
-	leal	1836072691(%eax,%esi,1),%eax
-	subl	%ebx,		%edi
-	roll	$11,		%eax
-	addl	%ebp,		%eax
-	/* 116 */
-	movl	32(%esp),	%esi
-	orl	%eax,		%edi
-	addl	%esi,		%ebp
-	xorl	%ecx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebx
-	leal	1836072691(%ebp,%edi,1),%ebp
-	subl	%eax,		%esi
-	roll	$8,		%ebp
-	addl	%edx,		%ebp
-	/* 117 */
-	movl	60(%esp),	%edi
-	orl	%ebp,		%esi
-	addl	%edi,		%edx
-	xorl	%ebx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%eax
-	leal	1836072691(%edx,%esi,1),%edx
-	subl	%ebp,		%edi
-	roll	$6,		%edx
-	addl	%ecx,		%edx
-	/* 118 */
-	movl	28(%esp),	%esi
-	orl	%edx,		%edi
-	addl	%esi,		%ecx
-	xorl	%eax,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebp
-	leal	1836072691(%ecx,%edi,1),%ecx
-	subl	%edx,		%esi
-	roll	$6,		%ecx
-	addl	%ebx,		%ecx
-	/* 119 */
-	movl	40(%esp),	%edi
-	orl	%ecx,		%esi
-	addl	%edi,		%ebx
-	xorl	%ebp,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%edx
-	leal	1836072691(%ebx,%esi,1),%ebx
-	subl	%ecx,		%edi
-	roll	$14,		%ebx
-	addl	%eax,		%ebx
-	/* 120 */
-	movl	48(%esp),	%esi
-	orl	%ebx,		%edi
-	addl	%esi,		%eax
-	xorl	%edx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ecx
-	leal	1836072691(%eax,%edi,1),%eax
-	subl	%ebx,		%esi
-	roll	$12,		%eax
-	addl	%ebp,		%eax
-	/* 121 */
-	movl	36(%esp),	%edi
-	orl	%eax,		%esi
-	addl	%edi,		%ebp
-	xorl	%ecx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebx
-	leal	1836072691(%ebp,%esi,1),%ebp
-	subl	%eax,		%edi
-	roll	$13,		%ebp
-	addl	%edx,		%ebp
-	/* 122 */
-	movl	52(%esp),	%esi
-	orl	%ebp,		%edi
-	addl	%esi,		%edx
-	xorl	%ebx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%eax
-	leal	1836072691(%edx,%edi,1),%edx
-	subl	%ebp,		%esi
-	roll	$5,		%edx
-	addl	%ecx,		%edx
-	/* 123 */
-	movl	12(%esp),	%edi
-	orl	%edx,		%esi
-	addl	%edi,		%ecx
-	xorl	%eax,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ebp
-	leal	1836072691(%ecx,%esi,1),%ecx
-	subl	%edx,		%edi
-	roll	$14,		%ecx
-	addl	%ebx,		%ecx
-	/* 124 */
-	movl	44(%esp),	%esi
-	orl	%ecx,		%edi
-	addl	%esi,		%ebx
-	xorl	%ebp,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%edx
-	leal	1836072691(%ebx,%edi,1),%ebx
-	subl	%ecx,		%esi
-	roll	$13,		%ebx
-	addl	%eax,		%ebx
-	/* 125 */
-	movl	4(%esp),	%edi
-	orl	%ebx,		%esi
-	addl	%edi,		%eax
-	xorl	%edx,		%esi
-	movl	$-1,		%edi
-	roll	$10,		%ecx
-	leal	1836072691(%eax,%esi,1),%eax
-	subl	%ebx,		%edi
-	roll	$13,		%eax
-	addl	%ebp,		%eax
-	/* 126 */
-	movl	20(%esp),	%esi
-	orl	%eax,		%edi
-	addl	%esi,		%ebp
-	xorl	%ecx,		%edi
-	movl	$-1,		%esi
-	roll	$10,		%ebx
-	leal	1836072691(%ebp,%edi,1),%ebp
-	subl	%eax,		%esi
-	roll	$7,		%ebp
-	addl	%edx,		%ebp
-	/* 127 */
-	movl	56(%esp),	%edi
-	orl	%ebp,		%esi
-	addl	%edi,		%edx
-	xorl	%ebx,		%esi
-	movl	36(%esp),	%edi
-	roll	$10,		%eax
-	leal	1836072691(%edx,%esi,1),%edx
-	movl	$-1,		%esi
-	roll	$5,		%edx
-	addl	%ecx,		%edx
-	/* 128 */
-	addl	%edi,		%ecx
-	movl	%ebp,		%edi
-	subl	%edx,		%esi
-	andl	%edx,		%edi
-	andl	%eax,		%esi
-	orl	%esi,		%edi
-	movl	28(%esp),	%esi
-	roll	$10,		%ebp
-	leal	2053994217(%ecx,%edi,1),%ecx
-	movl	$-1,		%edi
-	roll	$15,		%ecx
-	addl	%ebx,		%ecx
-	/* 129 */
-	addl	%esi,		%ebx
-	movl	%edx,		%esi
-	subl	%ecx,		%edi
-	andl	%ecx,		%esi
-	andl	%ebp,		%edi
-	orl	%edi,		%esi
-	movl	20(%esp),	%edi
-	roll	$10,		%edx
-	leal	2053994217(%ebx,%esi,1),%ebx
-	movl	$-1,		%esi
-	roll	$5,		%ebx
-	addl	%eax,		%ebx
-	/* 130 */
-	addl	%edi,		%eax
-	movl	%ecx,		%edi
-	subl	%ebx,		%esi
-	andl	%ebx,		%edi
-	andl	%edx,		%esi
-	orl	%esi,		%edi
-	movl	8(%esp),	%esi
-	roll	$10,		%ecx
-	leal	2053994217(%eax,%edi,1),%eax
-	movl	$-1,		%edi
-	roll	$8,		%eax
-	addl	%ebp,		%eax
-	/* 131 */
-	addl	%esi,		%ebp
-	movl	%ebx,		%esi
-	subl	%eax,		%edi
-	andl	%eax,		%esi
-	andl	%ecx,		%edi
-	orl	%edi,		%esi
-	movl	16(%esp),	%edi
-	roll	$10,		%ebx
-	leal	2053994217(%ebp,%esi,1),%ebp
-	movl	$-1,		%esi
-	roll	$11,		%ebp
-	addl	%edx,		%ebp
-	/* 132 */
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	subl	%ebp,		%esi
-	andl	%ebp,		%edi
-	andl	%ebx,		%esi
-	orl	%esi,		%edi
-	movl	48(%esp),	%esi
-	roll	$10,		%eax
-	leal	2053994217(%edx,%edi,1),%edx
-	movl	$-1,		%edi
-	roll	$14,		%edx
-	addl	%ecx,		%edx
-	/* 133 */
-	addl	%esi,		%ecx
-	movl	%ebp,		%esi
-	subl	%edx,		%edi
-	andl	%edx,		%esi
-	andl	%eax,		%edi
-	orl	%edi,		%esi
-	movl	64(%esp),	%edi
-	roll	$10,		%ebp
-	leal	2053994217(%ecx,%esi,1),%ecx
-	movl	$-1,		%esi
-	roll	$14,		%ecx
-	addl	%ebx,		%ecx
-	/* 134 */
-	addl	%edi,		%ebx
-	movl	%edx,		%edi
-	subl	%ecx,		%esi
-	andl	%ecx,		%edi
-	andl	%ebp,		%esi
-	orl	%esi,		%edi
-	movl	4(%esp),	%esi
-	roll	$10,		%edx
-	leal	2053994217(%ebx,%edi,1),%ebx
-	movl	$-1,		%edi
-	roll	$6,		%ebx
-	addl	%eax,		%ebx
-	/* 135 */
-	addl	%esi,		%eax
-	movl	%ecx,		%esi
-	subl	%ebx,		%edi
-	andl	%ebx,		%esi
-	andl	%edx,		%edi
-	orl	%edi,		%esi
-	movl	24(%esp),	%edi
-	roll	$10,		%ecx
-	leal	2053994217(%eax,%esi,1),%eax
-	movl	$-1,		%esi
-	roll	$14,		%eax
-	addl	%ebp,		%eax
-	/* 136 */
-	addl	%edi,		%ebp
-	movl	%ebx,		%edi
-	subl	%eax,		%esi
-	andl	%eax,		%edi
-	andl	%ecx,		%esi
-	orl	%esi,		%edi
-	movl	52(%esp),	%esi
-	roll	$10,		%ebx
-	leal	2053994217(%ebp,%edi,1),%ebp
-	movl	$-1,		%edi
-	roll	$6,		%ebp
-	addl	%edx,		%ebp
-	/* 137 */
-	addl	%esi,		%edx
-	movl	%eax,		%esi
-	subl	%ebp,		%edi
-	andl	%ebp,		%esi
-	andl	%ebx,		%edi
-	orl	%edi,		%esi
-	movl	12(%esp),	%edi
-	roll	$10,		%eax
-	leal	2053994217(%edx,%esi,1),%edx
-	movl	$-1,		%esi
-	roll	$9,		%edx
-	addl	%ecx,		%edx
-	/* 138 */
-	addl	%edi,		%ecx
-	movl	%ebp,		%edi
-	subl	%edx,		%esi
-	andl	%edx,		%edi
-	andl	%eax,		%esi
-	orl	%esi,		%edi
-	movl	56(%esp),	%esi
-	roll	$10,		%ebp
-	leal	2053994217(%ecx,%edi,1),%ecx
-	movl	$-1,		%edi
-	roll	$12,		%ecx
-	addl	%ebx,		%ecx
-	/* 139 */
-	addl	%esi,		%ebx
-	movl	%edx,		%esi
-	subl	%ecx,		%edi
-	andl	%ecx,		%esi
-	andl	%ebp,		%edi
-	orl	%edi,		%esi
-	movl	40(%esp),	%edi
-	roll	$10,		%edx
-	leal	2053994217(%ebx,%esi,1),%ebx
-	movl	$-1,		%esi
-	roll	$9,		%ebx
-	addl	%eax,		%ebx
-	/* 140 */
-	addl	%edi,		%eax
-	movl	%ecx,		%edi
-	subl	%ebx,		%esi
-	andl	%ebx,		%edi
-	andl	%edx,		%esi
-	orl	%esi,		%edi
-	movl	32(%esp),	%esi
-	roll	$10,		%ecx
-	leal	2053994217(%eax,%edi,1),%eax
-	movl	$-1,		%edi
-	roll	$12,		%eax
-	addl	%ebp,		%eax
-	/* 141 */
-	addl	%esi,		%ebp
-	movl	%ebx,		%esi
-	subl	%eax,		%edi
-	andl	%eax,		%esi
-	andl	%ecx,		%edi
-	orl	%edi,		%esi
-	movl	44(%esp),	%edi
-	roll	$10,		%ebx
-	leal	2053994217(%ebp,%esi,1),%ebp
-	movl	$-1,		%esi
-	roll	$5,		%ebp
-	addl	%edx,		%ebp
-	/* 142 */
-	addl	%edi,		%edx
-	movl	%eax,		%edi
-	subl	%ebp,		%esi
-	andl	%ebp,		%edi
-	andl	%ebx,		%esi
-	orl	%esi,		%edi
-	movl	60(%esp),	%esi
-	roll	$10,		%eax
-	leal	2053994217(%edx,%edi,1),%edx
-	movl	$-1,		%edi
-	roll	$15,		%edx
-	addl	%ecx,		%edx
-	/* 143 */
-	addl	%esi,		%ecx
-	movl	%ebp,		%esi
-	subl	%edx,		%edi
-	andl	%edx,		%esi
-	andl	%eax,		%edi
-	orl	%esi,		%edi
-	movl	%edx,		%esi
-	roll	$10,		%ebp
-	leal	2053994217(%ecx,%edi,1),%ecx
-	xorl	%ebp,		%esi
-	roll	$8,		%ecx
-	addl	%ebx,		%ecx
-	/* 144 */
-	movl	52(%esp),	%edi
-	xorl	%ecx,		%esi
-	addl	%edi,		%ebx
-	roll	$10,		%edx
-	addl	%esi,		%ebx
-	movl	%ecx,		%esi
-	roll	$8,		%ebx
-	addl	%eax,		%ebx
-	/* 145 */
-	xorl	%edx,		%esi
-	movl	64(%esp),	%edi
-	xorl	%ebx,		%esi
-	addl	%esi,		%eax
-	movl	%ebx,		%esi
-	roll	$10,		%ecx
-	addl	%edi,		%eax
-	xorl	%ecx,		%esi
-	roll	$5,		%eax
-	addl	%ebp,		%eax
-	/* 146 */
-	movl	44(%esp),	%edi
-	xorl	%eax,		%esi
-	addl	%edi,		%ebp
-	roll	$10,		%ebx
-	addl	%esi,		%ebp
-	movl	%eax,		%esi
-	roll	$12,		%ebp
-	addl	%edx,		%ebp
-	/* 147 */
-	xorl	%ebx,		%esi
-	movl	20(%esp),	%edi
-	xorl	%ebp,		%esi
-	addl	%esi,		%edx
-	movl	%ebp,		%esi
-	roll	$10,		%eax
-	addl	%edi,		%edx
-	xorl	%eax,		%esi
-	roll	$9,		%edx
-	addl	%ecx,		%edx
-	/* 148 */
-	movl	8(%esp),	%edi
-	xorl	%edx,		%esi
-	addl	%edi,		%ecx
-	roll	$10,		%ebp
-	addl	%esi,		%ecx
-	movl	%edx,		%esi
-	roll	$12,		%ecx
-	addl	%ebx,		%ecx
-	/* 149 */
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%edi
-	xorl	%ecx,		%esi
-	addl	%esi,		%ebx
-	movl	%ecx,		%esi
-	roll	$10,		%edx
-	addl	%edi,		%ebx
-	xorl	%edx,		%esi
-	roll	$5,		%ebx
-	addl	%eax,		%ebx
-	/* 150 */
-	movl	36(%esp),	%edi
-	xorl	%ebx,		%esi
-	addl	%edi,		%eax
-	roll	$10,		%ecx
-	addl	%esi,		%eax
-	movl	%ebx,		%esi
-	roll	$14,		%eax
-	addl	%ebp,		%eax
-	/* 151 */
-	xorl	%ecx,		%esi
-	movl	32(%esp),	%edi
-	xorl	%eax,		%esi
-	addl	%esi,		%ebp
-	movl	%eax,		%esi
-	roll	$10,		%ebx
-	addl	%edi,		%ebp
-	xorl	%ebx,		%esi
-	roll	$6,		%ebp
-	addl	%edx,		%ebp
-	/* 152 */
-	movl	28(%esp),	%edi
-	xorl	%ebp,		%esi
-	addl	%edi,		%edx
-	roll	$10,		%eax
-	addl	%esi,		%edx
-	movl	%ebp,		%esi
-	roll	$8,		%edx
-	addl	%ecx,		%edx
-	/* 153 */
-	xorl	%eax,		%esi
-	movl	12(%esp),	%edi
-	xorl	%edx,		%esi
-	addl	%esi,		%ecx
-	movl	%edx,		%esi
-	roll	$10,		%ebp
-	addl	%edi,		%ecx
-	xorl	%ebp,		%esi
-	roll	$13,		%ecx
-	addl	%ebx,		%ecx
-	/* 154 */
-	movl	56(%esp),	%edi
-	xorl	%ecx,		%esi
-	addl	%edi,		%ebx
-	roll	$10,		%edx
-	addl	%esi,		%ebx
-	movl	%ecx,		%esi
-	roll	$6,		%ebx
-	addl	%eax,		%ebx
-	/* 155 */
-	xorl	%edx,		%esi
-	movl	60(%esp),	%edi
-	xorl	%ebx,		%esi
-	addl	%esi,		%eax
-	movl	%ebx,		%esi
-	roll	$10,		%ecx
-	addl	%edi,		%eax
-	xorl	%ecx,		%esi
-	roll	$5,		%eax
-	addl	%ebp,		%eax
-	/* 156 */
-	movl	4(%esp),	%edi
-	xorl	%eax,		%esi
-	addl	%edi,		%ebp
-	roll	$10,		%ebx
-	addl	%esi,		%ebp
-	movl	%eax,		%esi
-	roll	$15,		%ebp
-	addl	%edx,		%ebp
-	/* 157 */
-	xorl	%ebx,		%esi
-	movl	16(%esp),	%edi
-	xorl	%ebp,		%esi
-	addl	%esi,		%edx
-	movl	%ebp,		%esi
-	roll	$10,		%eax
-	addl	%edi,		%edx
-	xorl	%eax,		%esi
-	roll	$13,		%edx
-	addl	%ecx,		%edx
-	/* 158 */
-	movl	40(%esp),	%edi
-	xorl	%edx,		%esi
-	addl	%edi,		%ecx
-	roll	$10,		%ebp
-	addl	%esi,		%ecx
-	movl	%edx,		%esi
-	roll	$11,		%ecx
-	addl	%ebx,		%ecx
-	/* 159 */
-	xorl	%ebp,		%esi
-	movl	48(%esp),	%edi
-	xorl	%ecx,		%esi
-	addl	%esi,		%ebx
-	roll	$10,		%edx
-	addl	%edi,		%ebx
-	movl	108(%esp),	%edi
-	roll	$11,		%ebx
-	addl	%eax,		%ebx
-	movl	4(%edi),	%esi
-	addl	%esi,		%edx
-	movl	76(%esp),	%esi
-	addl	%esi,		%edx
-	movl	8(%edi),	%esi
-	addl	%esi,		%ebp
-	movl	80(%esp),	%esi
-	addl	%esi,		%ebp
-	movl	12(%edi),	%esi
-	addl	%esi,		%eax
-	movl	84(%esp),	%esi
-	addl	%esi,		%eax
-	movl	16(%edi),	%esi
-	addl	%esi,		%ebx
-	movl	68(%esp),	%esi
-	addl	%esi,		%ebx
-	movl	(%edi),		%esi
-	addl	%esi,		%ecx
-	movl	72(%esp),	%esi
-	addl	%esi,		%ecx
-	movl	%edx,		(%edi)
-	movl	%ebp,		4(%edi)
-	movl	%eax,		8(%edi)
-	movl	%ebx,		12(%edi)
-	movl	%ecx,		16(%edi)
-	movl	(%esp),		%edi
-	movl	112(%esp),	%esi
-	cmpl	%esi,		%edi
-	movl	108(%esp),	%edi
-	jge	.L000start
-	addl	$88,		%esp
-	popl	%ebx
-	popl	%ebp
-	popl	%edi
-	popl	%esi
-	ret
-.ripemd160_block_x86_end:
-	SIZE(ripemd160_block_x86,.ripemd160_block_x86_end-ripemd160_block_x86)
-.ident	"desasm.pl"
diff --git a/crypto/ripemd/asm/rmd-586.pl b/crypto/ripemd/asm/rmd-586.pl
index 4c8098ac67..0ab6f76bff 100644
--- a/crypto/ripemd/asm/rmd-586.pl
+++ b/crypto/ripemd/asm/rmd-586.pl
@@ -1,9 +1,7 @@
 #!/usr/local/bin/perl
 
 # Normal is the
-# ripemd160_block_x86(MD5_CTX *c, ULONG *X);
-# version, non-normal is the
-# ripemd160_block_x86(MD5_CTX *c, ULONG *X,int blocks);
+# ripemd160_block_asm_host_order(RIPEMD160_CTX *c, ULONG *X,int blocks);
 
 $normal=0;
 
@@ -12,13 +10,13 @@ require "x86asm.pl";
 
 &asm_init($ARGV[0],$0);
 
-$A="eax";
-$B="ebx";
-$C="ecx";
-$D="edx";
+$A="ecx";
+$B="esi";
+$C="edi";
+$D="ebx";
 $E="ebp";
-$tmp1="esi";
-$tmp2="edi";
+$tmp1="eax";
+$tmp2="edx";
 
 $KL1=0x5A827999;
 $KL2=0x6ED9EBA1;
@@ -58,13 +56,13 @@ $KR3=0x7A6D76E9;
 	 8, 5,12, 9,12, 5,14, 6, 8,13, 6, 5,15,13,11,11,
  	);
 
-&ripemd160_block("ripemd160_block_x86");
+&ripemd160_block("ripemd160_block_asm_host_order");
 &asm_finish();
 
 sub Xv
 	{
 	local($n)=@_;
-	return(&swtmp($n+1));
+	return(&swtmp($n));
 	# tmp on stack
 	}
 
@@ -82,7 +80,7 @@ sub RIP1
 	&comment($p++);
 	if ($p & 1)
 		{
-	 &mov($tmp1,	$c) if $o == -1;
+	 #&mov($tmp1,	$c) if $o == -1;
 	&xor($tmp1,	$d) if $o == -1;
 	 &mov($tmp2,	&Xv($pos));
 	&xor($tmp1,	$b);
@@ -290,7 +288,7 @@ sub RIP5
 	&rotl($c,	10);
 	&lea($a,	&DWP($K,$a,$tmp1,1));
 	 &sub($tmp2,	&Np($d)) if $o <= 0;
-	 &mov(&swtmp(1+16),	$A) if $o == 1;
+	 &mov(&swtmp(16),	$A) if $o == 1;
 	 &mov($tmp1,	&Np($d)) if $o == 2;
 	&rotl($a,	$s);
 	&add($a,	$e);
@@ -310,19 +308,25 @@ sub ripemd160_block
 	# D 	12
 	# E 	16
 
+	&mov($tmp2,	&wparam(0));
+	 &mov($tmp1,	&wparam(1));
 	&push("esi");
-	 &mov($C,	&wparam(2));
+	 &mov($A,	&DWP( 0,$tmp2,"",0));
 	&push("edi");
-	 &mov($tmp1,	&wparam(1)); # edi
+	 &mov($B,	&DWP( 4,$tmp2,"",0));
 	&push("ebp");
-	 &add($C,	$tmp1); # offset we end at
+	 &mov($C,	&DWP( 8,$tmp2,"",0));
 	&push("ebx");
-	 &sub($C,	64);
-	&stack_push(16+5+1);
-	 # XXX
-
-	&mov(&swtmp(0),	$C);
-	 &mov($tmp2,	&wparam(0)); # Done at end of loop
+	 &stack_push(16+5+6);
+			  # Special comment about the figure of 6.
+			  # Idea is to pad the current frame so
+			  # that the top of the stack gets fairly
+			  # aligned. Well, as you realize it would
+			  # always depend on how the frame below is
+			  # aligned. The good news are that gcc-2.95
+			  # and later does keep first argument at
+			  # least double-wise aligned.
+			  #			<appro@fy.chalmers.se>
 
 	&set_label("start") unless $normal;
 	&comment("");
@@ -332,16 +336,12 @@ sub ripemd160_block
 
 	for ($z=0; $z<16; $z+=2)
 		{
-		&mov($A,		&DWP( $z*4,$tmp1,"",0));
-		 &mov($B,		&DWP( ($z+1)*4,$tmp1,"",0));
-		&mov(&swtmp(1+$z),	$A);
-		 &mov(&swtmp(1+$z+1),	$B);
+		&mov($D,		&DWP( $z*4,$tmp1,"",0));
+		 &mov($E,		&DWP( ($z+1)*4,$tmp1,"",0));
+		&mov(&swtmp($z),	$D);
+		 &mov(&swtmp($z+1),	$E);
 		}
-	&add($tmp1,	64);
-	 &mov($A,	&DWP( 0,$tmp2,"",0));
-	&mov(&wparam(1),$tmp1);
-	 &mov($B,	&DWP( 4,$tmp2,"",0));
-	&mov($C,	&DWP( 8,$tmp2,"",0));
+	&mov($tmp1,	$C);
 	 &mov($D,	&DWP(12,$tmp2,"",0));
 	&mov($E,	&DWP(16,$tmp2,"",0));
 
@@ -431,14 +431,14 @@ sub ripemd160_block
 	&RIP5($B,$C,$D,$E,$A,$wl[79],$sl[79],$KL4,1);
 
 	# &mov($tmp2,	&wparam(0)); # moved into last RIP5
-	# &mov(&swtmp(1+16),	$A);
+	# &mov(&swtmp(16),	$A);
 	 &mov($A,	&DWP( 0,$tmp2,"",0));
-	&mov(&swtmp(1+17),	$B);
-	 &mov(&swtmp(1+18),	$C);
+	&mov(&swtmp(16+1),	$B);
+	 &mov(&swtmp(16+2),	$C);
 	&mov($B,	&DWP( 4,$tmp2,"",0));
-	 &mov(&swtmp(1+19),	$D);
+	 &mov(&swtmp(16+3),	$D);
 	&mov($C,	&DWP( 8,$tmp2,"",0));
-	 &mov(&swtmp(1+20),	$E);
+	 &mov(&swtmp(16+4),	$E);
 	&mov($D,	&DWP(12,$tmp2,"",0));
 	 &mov($E,	&DWP(16,$tmp2,"",0));
 
@@ -530,47 +530,55 @@ sub ripemd160_block
 	# &mov($tmp2,	&wparam(0)); # Moved into last round
 
 	 &mov($tmp1,	&DWP( 4,$tmp2,"",0));	# ctx->B
-	&add($D,	$tmp1);	
-	 &mov($tmp1,	&swtmp(1+18));		# $c
+ 	&add($D,	$tmp1);	
+	 &mov($tmp1,	&swtmp(16+2));		# $c
 	&add($D,	$tmp1);
 
 	 &mov($tmp1,	&DWP( 8,$tmp2,"",0));	# ctx->C
 	&add($E,	$tmp1);	
-	 &mov($tmp1,	&swtmp(1+19));		# $d
+	 &mov($tmp1,	&swtmp(16+3));		# $d
 	&add($E,	$tmp1);
 
 	 &mov($tmp1,	&DWP(12,$tmp2,"",0));	# ctx->D
 	&add($A,	$tmp1);	
-	 &mov($tmp1,	&swtmp(1+20));		# $e
+	 &mov($tmp1,	&swtmp(16+4));		# $e
 	&add($A,	$tmp1);
 
 
 	 &mov($tmp1,	&DWP(16,$tmp2,"",0));	# ctx->E
 	&add($B,	$tmp1);	
-	 &mov($tmp1,	&swtmp(1+16));		# $a
+	 &mov($tmp1,	&swtmp(16+0));		# $a
 	&add($B,	$tmp1);
 
 	 &mov($tmp1,	&DWP( 0,$tmp2,"",0));	# ctx->A
 	&add($C,	$tmp1);	
-	 &mov($tmp1,	&swtmp(1+17));		# $b
+	 &mov($tmp1,	&swtmp(16+1));		# $b
 	&add($C,	$tmp1);
 
+	 &mov($tmp1,	&wparam(2));
+
 	&mov(&DWP( 0,$tmp2,"",0),	$D);
 	 &mov(&DWP( 4,$tmp2,"",0),	$E);
 	&mov(&DWP( 8,$tmp2,"",0),	$A);
-	 &mov(&DWP(12,$tmp2,"",0),	$B);
-	&mov(&DWP(16,$tmp2,"",0),	$C);
+	 &sub($tmp1,1);
+	&mov(&DWP(12,$tmp2,"",0),	$B);
+	 &mov(&DWP(16,$tmp2,"",0),	$C);
 
-	&mov($tmp2,		&swtmp(0));
-	 &mov($tmp1,		&wparam(1));
+	&jle(&label("get_out"));
+
+	&mov(&wparam(2),$tmp1);
+	 &mov($C,	$A);
+	&mov($tmp1,	&wparam(1));
+	 &mov($A,	$D);
+	&add($tmp1,	64);
+	 &mov($B,	$E);
+	&mov(&wparam(1),$tmp1);
 
-	&cmp($tmp2,$tmp1);
-	 &mov($tmp2,	&wparam(0));
+	&jmp(&label("start"));
 
-	# XXX
-	 &jge(&label("start"));
+	&set_label("get_out");
 
-	&stack_pop(16+5+1);
+	&stack_pop(16+5+6);
 
 	&pop("ebx");
 	&pop("ebp");
diff --git a/crypto/ripemd/ripemd.h b/crypto/ripemd/ripemd.h
index a3bc6e3ab2..78d5f36560 100644
--- a/crypto/ripemd/ripemd.h
+++ b/crypto/ripemd/ripemd.h
@@ -59,39 +59,43 @@
 #ifndef HEADER_RIPEMD_H
 #define HEADER_RIPEMD_H
 
+#include <openssl/e_os2.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
+#ifdef OPENSSL_NO_RIPEMD
+#error RIPEMD is disabled.
+#endif
+
+#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#define RIPEMD160_LONG unsigned long
+#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
+#define RIPEMD160_LONG unsigned long
+#define RIPEMD160_LONG_LOG2 3
+#else
+#define RIPEMD160_LONG unsigned int
+#endif
+
 #define RIPEMD160_CBLOCK	64
-#define RIPEMD160_LBLOCK	16
-#define RIPEMD160_BLOCK		16
-#define RIPEMD160_LAST_BLOCK	56
-#define RIPEMD160_LENGTH_BLOCK	8
+#define RIPEMD160_LBLOCK	(RIPEMD160_CBLOCK/4)
 #define RIPEMD160_DIGEST_LENGTH	20
 
 typedef struct RIPEMD160state_st
 	{
-	unsigned long A,B,C,D,E;
-	unsigned long Nl,Nh;
-	unsigned long data[RIPEMD160_LBLOCK];
+	RIPEMD160_LONG A,B,C,D,E;
+	RIPEMD160_LONG Nl,Nh;
+	RIPEMD160_LONG data[RIPEMD160_LBLOCK];
 	int num;
 	} RIPEMD160_CTX;
 
-#ifndef NOPROTO
-void RIPEMD160_Init(RIPEMD160_CTX *c);
-void RIPEMD160_Update(RIPEMD160_CTX *c, unsigned char *data, unsigned long len);
-void RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
-unsigned char *RIPEMD160(unsigned char *d, unsigned long n, unsigned char *md);
-void RIPEMD160_Transform(RIPEMD160_CTX *c, unsigned char *b);
-#else
-void RIPEMD160_Init();
-void RIPEMD160_Update();
-void RIPEMD160_Final();
-unsigned char *RIPEMD160();
-void RIPEMD160_Transform();
-#endif
-
+int RIPEMD160_Init(RIPEMD160_CTX *c);
+int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len);
+int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
+unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
+	unsigned char *md);
+void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b);
 #ifdef  __cplusplus
 }
 #endif
diff --git a/crypto/ripemd/rmd160.c b/crypto/ripemd/rmd160.c
index 3fa1b8096e..4f8b88a18a 100644
--- a/crypto/ripemd/rmd160.c
+++ b/crypto/ripemd/rmd160.c
@@ -58,23 +58,17 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "ripemd.h"
+#include <openssl/ripemd.h>
 
 #define BUFSIZE	1024*16
 
-#ifndef NOPROTO
 void do_fp(FILE *f);
 void pt(unsigned char *md);
+#ifndef _OSD_POSIX
 int read(int, void *, unsigned int);
-#else
-void do_fp();
-void pt();
-int read();
 #endif
 
-int main(argc, argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	int i,err=0;
 	FILE *IN;
@@ -102,8 +96,7 @@ char **argv;
 	exit(err);
 	}
 
-void do_fp(f)
-FILE *f;
+void do_fp(FILE *f)
 	{
 	RIPEMD160_CTX c;
 	unsigned char md[RIPEMD160_DIGEST_LENGTH];
@@ -123,8 +116,7 @@ FILE *f;
 	pt(md);
 	}
 
-void pt(md)
-unsigned char *md;
+void pt(unsigned char *md)
 	{
 	int i;
 
diff --git a/crypto/ripemd/rmd_dgst.c b/crypto/ripemd/rmd_dgst.c
index 904a45b762..a3170f7c8a 100644
--- a/crypto/ripemd/rmd_dgst.c
+++ b/crypto/ripemd/rmd_dgst.c
@@ -58,27 +58,18 @@
 
 #include <stdio.h>
 #include "rmd_locl.h"
+#include <openssl/opensslv.h>
 
-char *RMD160_version="RIPEMD160 part of SSLeay 0.9.1a 06-Jul-1998";
+const char *RMD160_version="RIPE-MD160" OPENSSL_VERSION_PTEXT;
 
-#ifndef NOPROTO
 #  ifdef RMD160_ASM
      void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p,int num);
 #    define ripemd160_block ripemd160_block_x86
 #  else
      void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,int num);
 #  endif
-#else
-#  ifdef RMD160_ASM
-     void ripemd160_block_x86();
-#    define ripemd160_block ripemd160_block_x86
-#  else
-     void ripemd160_block();
-#  endif
-#endif
 
-void RIPEMD160_Init(c)
-RIPEMD160_CTX *c;
+int RIPEMD160_Init(RIPEMD160_CTX *c)
 	{
 	c->A=RIPEMD160_A;
 	c->B=RIPEMD160_B;
@@ -88,189 +79,24 @@ RIPEMD160_CTX *c;
 	c->Nl=0;
 	c->Nh=0;
 	c->num=0;
+	return 1;
 	}
 
-void RIPEMD160_Update(c, data, len)
-RIPEMD160_CTX *c;
-register unsigned char *data;
-unsigned long len;
-	{
-	register ULONG *p;
-	int sw,sc;
-	ULONG l;
-
-	if (len == 0) return;
-
-	l=(c->Nl+(len<<3))&0xffffffffL;
-	if (l < c->Nl) /* overflow */
-		c->Nh++;
-	c->Nh+=(len>>29);
-	c->Nl=l;
-
-	if (c->num != 0)
-		{
-		p=c->data;
-		sw=c->num>>2;
-		sc=c->num&0x03;
-
-		if ((c->num+len) >= RIPEMD160_CBLOCK)
-			{
-			l= p[sw];
-			p_c2l(data,l,sc);
-			p[sw++]=l;
-			for (; sw<RIPEMD160_LBLOCK; sw++)
-				{
-				c2l(data,l);
-				p[sw]=l;
-				}
-			len-=(RIPEMD160_CBLOCK-c->num);
-
-			ripemd160_block(c,p,64);
-			c->num=0;
-			/* drop through and do the rest */
-			}
-		else
-			{
-			int ew,ec;
-
-			c->num+=(int)len;
-			if ((sc+len) < 4) /* ugly, add char's to a word */
-				{
-				l= p[sw];
-				p_c2l_p(data,l,sc,len);
-				p[sw]=l;
-				}
-			else
-				{
-				ew=(c->num>>2);
-				ec=(c->num&0x03);
-				l= p[sw];
-				p_c2l(data,l,sc);
-				p[sw++]=l;
-				for (; sw < ew; sw++)
-					{ c2l(data,l); p[sw]=l; }
-				if (ec)
-					{
-					c2l_p(data,l,ec);
-					p[sw]=l;
-					}
-				}
-			return;
-			}
-		}
-	/* we now can process the input data in blocks of RIPEMD160_CBLOCK
-	 * chars and save the leftovers to c->data. */
-#ifdef L_ENDIAN
-	if ((((unsigned long)data)%sizeof(ULONG)) == 0)
-		{
-		sw=(int)len/RIPEMD160_CBLOCK;
-		if (sw > 0)
-			{
-			sw*=RIPEMD160_CBLOCK;
-			ripemd160_block(c,(ULONG *)data,sw);
-			data+=sw;
-			len-=sw;
-			}
-		}
+#ifndef ripemd160_block_host_order
+#ifdef X
+#undef X
 #endif
-	p=c->data;
-	while (len >= RIPEMD160_CBLOCK)
-		{
-#if defined(L_ENDIAN) || defined(B_ENDIAN)
-		if (p != (unsigned long *)data)
-			memcpy(p,data,RIPEMD160_CBLOCK);
-		data+=RIPEMD160_CBLOCK;
-#ifdef B_ENDIAN
-		for (sw=(RIPEMD160_LBLOCK/4); sw; sw--)
-			{
-			Endian_Reverse32(p[0]);
-			Endian_Reverse32(p[1]);
-			Endian_Reverse32(p[2]);
-			Endian_Reverse32(p[3]);
-			p+=4;
-			}
-#endif
-#else
-		for (sw=(RIPEMD160_LBLOCK/4); sw; sw--)
-			{
-			c2l(data,l); *(p++)=l;
-			c2l(data,l); *(p++)=l;
-			c2l(data,l); *(p++)=l;
-			c2l(data,l); *(p++)=l; 
-			} 
-#endif
-		p=c->data;
-		ripemd160_block(c,p,64);
-		len-=RIPEMD160_CBLOCK;
-		}
-	sc=(int)len;
-	c->num=sc;
-	if (sc)
-		{
-		sw=sc>>2;	/* words to copy */
-#ifdef L_ENDIAN
-		p[sw]=0;
-		memcpy(p,data,sc);
-#else
-		sc&=0x03;
-		for ( ; sw; sw--)
-			{ c2l(data,l); *(p++)=l; }
-		c2l_p(data,l,sc);
-		*p=l;
-#endif
-		}
-	}
-
-void RIPEMD160_Transform(c,b)
-RIPEMD160_CTX *c;
-unsigned char *b;
+#define X(i)	XX[i]
+void ripemd160_block_host_order (RIPEMD160_CTX *ctx, const void *p, int num)
 	{
-	ULONG p[16];
-#if !defined(L_ENDIAN)
-	ULONG *q;
-	int i;
-#endif
+	const RIPEMD160_LONG *XX=p;
+	register unsigned long A,B,C,D,E;
+	register unsigned long a,b,c,d,e;
 
-#if defined(B_ENDIAN) || defined(L_ENDIAN)
-	memcpy(p,b,64);
-#ifdef B_ENDIAN
-	q=p;
-	for (i=(RIPEMD160_LBLOCK/4); i; i--)
-		{
-		Endian_Reverse32(q[0]);
-		Endian_Reverse32(q[1]);
-		Endian_Reverse32(q[2]);
-		Endian_Reverse32(q[3]);
-		q+=4;
-		}
-#endif
-#else
-	q=p;
-	for (i=(RIPEMD160_LBLOCK/4); i; i--)
+	for (;num--;XX+=HASH_LBLOCK)
 		{
-		ULONG l;
-		c2l(b,l); *(q++)=l;
-		c2l(b,l); *(q++)=l;
-		c2l(b,l); *(q++)=l;
-		c2l(b,l); *(q++)=l; 
-		} 
-#endif
-	ripemd160_block(c,p,64);
-	}
-
-#ifndef RMD160_ASM
-
-void ripemd160_block(ctx, X, num)
-RIPEMD160_CTX *ctx;
-register ULONG *X;
-int num;
-	{
-	register ULONG A,B,C,D,E;
-	ULONG a,b,c,d,e;
 
-	for (;;)
-		{
-		A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
+	A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
 
 	RIP1(A,B,C,D,E,WL00,SL00);
 	RIP1(E,A,B,C,D,WL01,SL01);
@@ -453,83 +279,216 @@ int num;
 	ctx->E=ctx->A+b+C;
 	ctx->A=D;
 
-	X+=16;
-	num-=64;
-	if (num <= 0) break;
 		}
 	}
 #endif
 
-void RIPEMD160_Final(md, c)
-unsigned char *md;
-RIPEMD160_CTX *c;
+#ifndef ripemd160_block_data_order
+#ifdef X
+#undef X
+#endif
+void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, int num)
 	{
-	register int i,j;
-	register ULONG l;
-	register ULONG *p;
-	static unsigned char end[4]={0x80,0x00,0x00,0x00};
-	unsigned char *cp=end;
-
-	/* c->num should definitly have room for at least one more byte. */
-	p=c->data;
-	j=c->num;
-	i=j>>2;
-
-	/* purify often complains about the following line as an
-	 * Uninitialized Memory Read.  While this can be true, the
-	 * following p_c2l macro will reset l when that case is true.
-	 * This is because j&0x03 contains the number of 'valid' bytes
-	 * already in p[i].  If and only if j&0x03 == 0, the UMR will
-	 * occur but this is also the only time p_c2l will do
-	 * l= *(cp++) instead of l|= *(cp++)
-	 * Many thanks to Alex Tang <altitude@cic.net> for pickup this
-	 * 'potential bug' */
-#ifdef PURIFY
-	if ((j&0x03) == 0) p[i]=0;
+	const unsigned char *data=p;
+	register unsigned long A,B,C,D,E;
+	unsigned long a,b,c,d,e,l;
+#ifndef MD32_XARRAY
+	/* See comment in crypto/sha/sha_locl.h for details. */
+	unsigned long	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+			XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
+# define X(i)	XX##i
+#else
+	RIPEMD160_LONG	XX[16];
+# define X(i)	XX[i]
 #endif
-	l=p[i];
-	p_c2l(cp,l,j&0x03);
-	p[i]=l;
-	i++;
-	/* i is the next 'undefined word' */
-	if (c->num >= RIPEMD160_LAST_BLOCK)
+
+	for (;num--;)
 		{
-		for (; i<RIPEMD160_LBLOCK; i++)
-			p[i]=0;
-		ripemd160_block(c,p,64);
-		i=0;
-		}
-	for (; i<(RIPEMD160_LBLOCK-2); i++)
-		p[i]=0;
-	p[RIPEMD160_LBLOCK-2]=c->Nl;
-	p[RIPEMD160_LBLOCK-1]=c->Nh;
-	ripemd160_block(c,p,64);
-	cp=md;
-	l=c->A; l2c(l,cp);
-	l=c->B; l2c(l,cp);
-	l=c->C; l2c(l,cp);
-	l=c->D; l2c(l,cp);
-	l=c->E; l2c(l,cp);
-
-	/* clear stuff, ripemd160_block may be leaving some stuff on the stack
-	 * but I'm not worried :-) */
-	c->num=0;
-/*	memset((char *)&c,0,sizeof(c));*/
-	}
 
-#ifdef undef
-int printit(l)
-unsigned long *l;
-	{
-	int i,ii;
+	A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
+
+	HOST_c2l(data,l); X( 0)=l;	HOST_c2l(data,l); X( 1)=l;
+	RIP1(A,B,C,D,E,WL00,SL00);	HOST_c2l(data,l); X( 2)=l;
+	RIP1(E,A,B,C,D,WL01,SL01);	HOST_c2l(data,l); X( 3)=l;
+	RIP1(D,E,A,B,C,WL02,SL02);	HOST_c2l(data,l); X( 4)=l;
+	RIP1(C,D,E,A,B,WL03,SL03);	HOST_c2l(data,l); X( 5)=l;
+	RIP1(B,C,D,E,A,WL04,SL04);	HOST_c2l(data,l); X( 6)=l;
+	RIP1(A,B,C,D,E,WL05,SL05);	HOST_c2l(data,l); X( 7)=l;
+	RIP1(E,A,B,C,D,WL06,SL06);	HOST_c2l(data,l); X( 8)=l;
+	RIP1(D,E,A,B,C,WL07,SL07);	HOST_c2l(data,l); X( 9)=l;
+	RIP1(C,D,E,A,B,WL08,SL08);	HOST_c2l(data,l); X(10)=l;
+	RIP1(B,C,D,E,A,WL09,SL09);	HOST_c2l(data,l); X(11)=l;
+	RIP1(A,B,C,D,E,WL10,SL10);	HOST_c2l(data,l); X(12)=l;
+	RIP1(E,A,B,C,D,WL11,SL11);	HOST_c2l(data,l); X(13)=l;
+	RIP1(D,E,A,B,C,WL12,SL12);	HOST_c2l(data,l); X(14)=l;
+	RIP1(C,D,E,A,B,WL13,SL13);	HOST_c2l(data,l); X(15)=l;
+	RIP1(B,C,D,E,A,WL14,SL14);
+	RIP1(A,B,C,D,E,WL15,SL15);
+
+	RIP2(E,A,B,C,D,WL16,SL16,KL1);
+	RIP2(D,E,A,B,C,WL17,SL17,KL1);
+	RIP2(C,D,E,A,B,WL18,SL18,KL1);
+	RIP2(B,C,D,E,A,WL19,SL19,KL1);
+	RIP2(A,B,C,D,E,WL20,SL20,KL1);
+	RIP2(E,A,B,C,D,WL21,SL21,KL1);
+	RIP2(D,E,A,B,C,WL22,SL22,KL1);
+	RIP2(C,D,E,A,B,WL23,SL23,KL1);
+	RIP2(B,C,D,E,A,WL24,SL24,KL1);
+	RIP2(A,B,C,D,E,WL25,SL25,KL1);
+	RIP2(E,A,B,C,D,WL26,SL26,KL1);
+	RIP2(D,E,A,B,C,WL27,SL27,KL1);
+	RIP2(C,D,E,A,B,WL28,SL28,KL1);
+	RIP2(B,C,D,E,A,WL29,SL29,KL1);
+	RIP2(A,B,C,D,E,WL30,SL30,KL1);
+	RIP2(E,A,B,C,D,WL31,SL31,KL1);
+
+	RIP3(D,E,A,B,C,WL32,SL32,KL2);
+	RIP3(C,D,E,A,B,WL33,SL33,KL2);
+	RIP3(B,C,D,E,A,WL34,SL34,KL2);
+	RIP3(A,B,C,D,E,WL35,SL35,KL2);
+	RIP3(E,A,B,C,D,WL36,SL36,KL2);
+	RIP3(D,E,A,B,C,WL37,SL37,KL2);
+	RIP3(C,D,E,A,B,WL38,SL38,KL2);
+	RIP3(B,C,D,E,A,WL39,SL39,KL2);
+	RIP3(A,B,C,D,E,WL40,SL40,KL2);
+	RIP3(E,A,B,C,D,WL41,SL41,KL2);
+	RIP3(D,E,A,B,C,WL42,SL42,KL2);
+	RIP3(C,D,E,A,B,WL43,SL43,KL2);
+	RIP3(B,C,D,E,A,WL44,SL44,KL2);
+	RIP3(A,B,C,D,E,WL45,SL45,KL2);
+	RIP3(E,A,B,C,D,WL46,SL46,KL2);
+	RIP3(D,E,A,B,C,WL47,SL47,KL2);
+
+	RIP4(C,D,E,A,B,WL48,SL48,KL3);
+	RIP4(B,C,D,E,A,WL49,SL49,KL3);
+	RIP4(A,B,C,D,E,WL50,SL50,KL3);
+	RIP4(E,A,B,C,D,WL51,SL51,KL3);
+	RIP4(D,E,A,B,C,WL52,SL52,KL3);
+	RIP4(C,D,E,A,B,WL53,SL53,KL3);
+	RIP4(B,C,D,E,A,WL54,SL54,KL3);
+	RIP4(A,B,C,D,E,WL55,SL55,KL3);
+	RIP4(E,A,B,C,D,WL56,SL56,KL3);
+	RIP4(D,E,A,B,C,WL57,SL57,KL3);
+	RIP4(C,D,E,A,B,WL58,SL58,KL3);
+	RIP4(B,C,D,E,A,WL59,SL59,KL3);
+	RIP4(A,B,C,D,E,WL60,SL60,KL3);
+	RIP4(E,A,B,C,D,WL61,SL61,KL3);
+	RIP4(D,E,A,B,C,WL62,SL62,KL3);
+	RIP4(C,D,E,A,B,WL63,SL63,KL3);
+
+	RIP5(B,C,D,E,A,WL64,SL64,KL4);
+	RIP5(A,B,C,D,E,WL65,SL65,KL4);
+	RIP5(E,A,B,C,D,WL66,SL66,KL4);
+	RIP5(D,E,A,B,C,WL67,SL67,KL4);
+	RIP5(C,D,E,A,B,WL68,SL68,KL4);
+	RIP5(B,C,D,E,A,WL69,SL69,KL4);
+	RIP5(A,B,C,D,E,WL70,SL70,KL4);
+	RIP5(E,A,B,C,D,WL71,SL71,KL4);
+	RIP5(D,E,A,B,C,WL72,SL72,KL4);
+	RIP5(C,D,E,A,B,WL73,SL73,KL4);
+	RIP5(B,C,D,E,A,WL74,SL74,KL4);
+	RIP5(A,B,C,D,E,WL75,SL75,KL4);
+	RIP5(E,A,B,C,D,WL76,SL76,KL4);
+	RIP5(D,E,A,B,C,WL77,SL77,KL4);
+	RIP5(C,D,E,A,B,WL78,SL78,KL4);
+	RIP5(B,C,D,E,A,WL79,SL79,KL4);
+
+	a=A; b=B; c=C; d=D; e=E;
+	/* Do other half */
+	A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
+
+	RIP5(A,B,C,D,E,WR00,SR00,KR0);
+	RIP5(E,A,B,C,D,WR01,SR01,KR0);
+	RIP5(D,E,A,B,C,WR02,SR02,KR0);
+	RIP5(C,D,E,A,B,WR03,SR03,KR0);
+	RIP5(B,C,D,E,A,WR04,SR04,KR0);
+	RIP5(A,B,C,D,E,WR05,SR05,KR0);
+	RIP5(E,A,B,C,D,WR06,SR06,KR0);
+	RIP5(D,E,A,B,C,WR07,SR07,KR0);
+	RIP5(C,D,E,A,B,WR08,SR08,KR0);
+	RIP5(B,C,D,E,A,WR09,SR09,KR0);
+	RIP5(A,B,C,D,E,WR10,SR10,KR0);
+	RIP5(E,A,B,C,D,WR11,SR11,KR0);
+	RIP5(D,E,A,B,C,WR12,SR12,KR0);
+	RIP5(C,D,E,A,B,WR13,SR13,KR0);
+	RIP5(B,C,D,E,A,WR14,SR14,KR0);
+	RIP5(A,B,C,D,E,WR15,SR15,KR0);
+
+	RIP4(E,A,B,C,D,WR16,SR16,KR1);
+	RIP4(D,E,A,B,C,WR17,SR17,KR1);
+	RIP4(C,D,E,A,B,WR18,SR18,KR1);
+	RIP4(B,C,D,E,A,WR19,SR19,KR1);
+	RIP4(A,B,C,D,E,WR20,SR20,KR1);
+	RIP4(E,A,B,C,D,WR21,SR21,KR1);
+	RIP4(D,E,A,B,C,WR22,SR22,KR1);
+	RIP4(C,D,E,A,B,WR23,SR23,KR1);
+	RIP4(B,C,D,E,A,WR24,SR24,KR1);
+	RIP4(A,B,C,D,E,WR25,SR25,KR1);
+	RIP4(E,A,B,C,D,WR26,SR26,KR1);
+	RIP4(D,E,A,B,C,WR27,SR27,KR1);
+	RIP4(C,D,E,A,B,WR28,SR28,KR1);
+	RIP4(B,C,D,E,A,WR29,SR29,KR1);
+	RIP4(A,B,C,D,E,WR30,SR30,KR1);
+	RIP4(E,A,B,C,D,WR31,SR31,KR1);
+
+	RIP3(D,E,A,B,C,WR32,SR32,KR2);
+	RIP3(C,D,E,A,B,WR33,SR33,KR2);
+	RIP3(B,C,D,E,A,WR34,SR34,KR2);
+	RIP3(A,B,C,D,E,WR35,SR35,KR2);
+	RIP3(E,A,B,C,D,WR36,SR36,KR2);
+	RIP3(D,E,A,B,C,WR37,SR37,KR2);
+	RIP3(C,D,E,A,B,WR38,SR38,KR2);
+	RIP3(B,C,D,E,A,WR39,SR39,KR2);
+	RIP3(A,B,C,D,E,WR40,SR40,KR2);
+	RIP3(E,A,B,C,D,WR41,SR41,KR2);
+	RIP3(D,E,A,B,C,WR42,SR42,KR2);
+	RIP3(C,D,E,A,B,WR43,SR43,KR2);
+	RIP3(B,C,D,E,A,WR44,SR44,KR2);
+	RIP3(A,B,C,D,E,WR45,SR45,KR2);
+	RIP3(E,A,B,C,D,WR46,SR46,KR2);
+	RIP3(D,E,A,B,C,WR47,SR47,KR2);
+
+	RIP2(C,D,E,A,B,WR48,SR48,KR3);
+	RIP2(B,C,D,E,A,WR49,SR49,KR3);
+	RIP2(A,B,C,D,E,WR50,SR50,KR3);
+	RIP2(E,A,B,C,D,WR51,SR51,KR3);
+	RIP2(D,E,A,B,C,WR52,SR52,KR3);
+	RIP2(C,D,E,A,B,WR53,SR53,KR3);
+	RIP2(B,C,D,E,A,WR54,SR54,KR3);
+	RIP2(A,B,C,D,E,WR55,SR55,KR3);
+	RIP2(E,A,B,C,D,WR56,SR56,KR3);
+	RIP2(D,E,A,B,C,WR57,SR57,KR3);
+	RIP2(C,D,E,A,B,WR58,SR58,KR3);
+	RIP2(B,C,D,E,A,WR59,SR59,KR3);
+	RIP2(A,B,C,D,E,WR60,SR60,KR3);
+	RIP2(E,A,B,C,D,WR61,SR61,KR3);
+	RIP2(D,E,A,B,C,WR62,SR62,KR3);
+	RIP2(C,D,E,A,B,WR63,SR63,KR3);
+
+	RIP1(B,C,D,E,A,WR64,SR64);
+	RIP1(A,B,C,D,E,WR65,SR65);
+	RIP1(E,A,B,C,D,WR66,SR66);
+	RIP1(D,E,A,B,C,WR67,SR67);
+	RIP1(C,D,E,A,B,WR68,SR68);
+	RIP1(B,C,D,E,A,WR69,SR69);
+	RIP1(A,B,C,D,E,WR70,SR70);
+	RIP1(E,A,B,C,D,WR71,SR71);
+	RIP1(D,E,A,B,C,WR72,SR72);
+	RIP1(C,D,E,A,B,WR73,SR73);
+	RIP1(B,C,D,E,A,WR74,SR74);
+	RIP1(A,B,C,D,E,WR75,SR75);
+	RIP1(E,A,B,C,D,WR76,SR76);
+	RIP1(D,E,A,B,C,WR77,SR77);
+	RIP1(C,D,E,A,B,WR78,SR78);
+	RIP1(B,C,D,E,A,WR79,SR79);
+
+	D     =ctx->B+c+D;
+	ctx->B=ctx->C+d+E;
+	ctx->C=ctx->D+e+A;
+	ctx->D=ctx->E+a+B;
+	ctx->E=ctx->A+b+C;
+	ctx->A=D;
 
-	for (i=0; i<2; i++)
-		{
-		for (ii=0; ii<8; ii++)
-			{
-			fprintf(stderr,"%08lx ",l[i*8+ii]);
-			}
-		fprintf(stderr,"\n");
 		}
 	}
 #endif
diff --git a/crypto/ripemd/rmd_locl.h b/crypto/ripemd/rmd_locl.h
index a1feccf7c1..7b835dfbd4 100644
--- a/crypto/ripemd/rmd_locl.h
+++ b/crypto/ripemd/rmd_locl.h
@@ -58,138 +58,72 @@
 
 #include <stdlib.h>
 #include <string.h>
-#include "ripemd.h"
+#include <openssl/opensslconf.h>
+#include <openssl/ripemd.h>
 
-#define ULONG	unsigned long
-#define UCHAR	unsigned char
-#define UINT	unsigned int
+#ifndef RIPEMD160_LONG_LOG2
+#define RIPEMD160_LONG_LOG2 2 /* default to 32 bits */
+#endif
 
-#ifdef NOCONST
-#define const
+/*
+ * DO EXAMINE COMMENTS IN crypto/md5/md5_locl.h & crypto/md5/md5_dgst.c
+ * FOR EXPLANATIONS ON FOLLOWING "CODE."
+ *					<appro@fy.chalmers.se>
+ */
+#ifdef RMD160_ASM
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+#  define ripemd160_block_host_order ripemd160_block_asm_host_order
+# endif
 #endif
 
-#undef c2nl
-#define c2nl(c,l)	(l =(((unsigned long)(*((c)++)))<<24), \
-			 l|=(((unsigned long)(*((c)++)))<<16), \
-			 l|=(((unsigned long)(*((c)++)))<< 8), \
-			 l|=(((unsigned long)(*((c)++)))    ))
-
-#undef p_c2nl
-#define p_c2nl(c,l,n)	{ \
-			switch (n) { \
-			case 0: l =((unsigned long)(*((c)++)))<<24; \
-			case 1: l|=((unsigned long)(*((c)++)))<<16; \
-			case 2: l|=((unsigned long)(*((c)++)))<< 8; \
-			case 3: l|=((unsigned long)(*((c)++))); \
-				} \
-			}
-
-#undef c2nl_p
-/* NOTE the pointer is not incremented at the end of this */
-#define c2nl_p(c,l,n)	{ \
-			l=0; \
-			(c)+=n; \
-			switch (n) { \
-			case 3: l =((unsigned long)(*(--(c))))<< 8; \
-			case 2: l|=((unsigned long)(*(--(c))))<<16; \
-			case 1: l|=((unsigned long)(*(--(c))))<<24; \
-				} \
-			}
-
-#undef p_c2nl_p
-#define p_c2nl_p(c,l,sc,len) { \
-			switch (sc) \
-				{ \
-			case 0: l =((unsigned long)(*((c)++)))<<24; \
-				if (--len == 0) break; \
-			case 1: l|=((unsigned long)(*((c)++)))<<16; \
-				if (--len == 0) break; \
-			case 2: l|=((unsigned long)(*((c)++)))<< 8; \
-				} \
-			}
-
-#undef nl2c
-#define nl2c(l,c)	(*((c)++)=(unsigned char)(((l)>>24)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-			 *((c)++)=(unsigned char)(((l)    )&0xff))
-
-#undef c2l
-#define c2l(c,l)	(l =(((unsigned long)(*((c)++)))    ), \
-			 l|=(((unsigned long)(*((c)++)))<< 8), \
-			 l|=(((unsigned long)(*((c)++)))<<16), \
-			 l|=(((unsigned long)(*((c)++)))<<24))
-
-#undef p_c2l
-#define p_c2l(c,l,n)	{ \
-			switch (n) { \
-			case 0: l =((unsigned long)(*((c)++))); \
-			case 1: l|=((unsigned long)(*((c)++)))<< 8; \
-			case 2: l|=((unsigned long)(*((c)++)))<<16; \
-			case 3: l|=((unsigned long)(*((c)++)))<<24; \
-				} \
-			}
-
-#undef c2l_p
-/* NOTE the pointer is not incremented at the end of this */
-#define c2l_p(c,l,n)	{ \
-			l=0; \
-			(c)+=n; \
-			switch (n) { \
-			case 3: l =((unsigned long)(*(--(c))))<<16; \
-			case 2: l|=((unsigned long)(*(--(c))))<< 8; \
-			case 1: l|=((unsigned long)(*(--(c)))); \
-				} \
-			}
-
-#undef p_c2l_p
-#define p_c2l_p(c,l,sc,len) { \
-			switch (sc) \
-				{ \
-			case 0: l =((unsigned long)(*((c)++))); \
-				if (--len == 0) break; \
-			case 1: l|=((unsigned long)(*((c)++)))<< 8; \
-				if (--len == 0) break; \
-			case 2: l|=((unsigned long)(*((c)++)))<<16; \
-				} \
-			}
-
-#undef l2c
-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>24)&0xff))
-
-#undef ROTATE
-#if defined(WIN32)
-#define ROTATE(a,n)     _lrotl(a,n)
-#else
-#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+void ripemd160_block_host_order (RIPEMD160_CTX *c, const void *p,int num);
+void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,int num);
+
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+#define ripemd160_block_data_order ripemd160_block_host_order
 #endif
 
-/* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
-#if defined(WIN32)
-/* 5 instructions with rotate instruction, else 9 */
-#define Endian_Reverse32(a) \
-	{ \
-	unsigned long l=(a); \
-	(a)=((ROTATE(l,8)&0x00FF00FF)|(ROTATE(l,24)&0xFF00FF00)); \
-	}
-#else
-/* 6 instructions with rotate instruction, else 8 */
-#define Endian_Reverse32(a) \
-	{ \
-	unsigned long l=(a); \
-	l=(((l&0xFF00FF00)>>8L)|((l&0x00FF00FF)<<8L)); \
-	(a)=ROTATE(l,16L); \
-	}
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+
+#define HASH_LONG               RIPEMD160_LONG
+#define HASH_LONG_LOG2          RIPEMD160_LONG_LOG2
+#define HASH_CTX                RIPEMD160_CTX
+#define HASH_CBLOCK             RIPEMD160_CBLOCK
+#define HASH_LBLOCK             RIPEMD160_LBLOCK
+#define HASH_UPDATE             RIPEMD160_Update
+#define HASH_TRANSFORM          RIPEMD160_Transform
+#define HASH_FINAL              RIPEMD160_Final
+#define HASH_BLOCK_HOST_ORDER   ripemd160_block_host_order
+#define	HASH_MAKE_STRING(c,s)	do {	\
+	unsigned long ll;		\
+	ll=(c)->A; HOST_l2c(ll,(s));	\
+	ll=(c)->B; HOST_l2c(ll,(s));	\
+	ll=(c)->C; HOST_l2c(ll,(s));	\
+	ll=(c)->D; HOST_l2c(ll,(s));	\
+	ll=(c)->E; HOST_l2c(ll,(s));	\
+	} while (0)
+#if !defined(L_ENDIAN) || defined(ripemd160_block_data_order)
+#define HASH_BLOCK_DATA_ORDER   ripemd160_block_data_order
 #endif
 
+#include "md32_common.h"
+
+#if 0
 #define F1(x,y,z)	 ((x)^(y)^(z))
 #define F2(x,y,z)	(((x)&(y))|((~x)&z))
 #define F3(x,y,z)	(((x)|(~y))^(z))
 #define F4(x,y,z)	(((x)&(z))|((y)&(~(z))))
 #define F5(x,y,z)	 ((x)^((y)|(~(z))))
+#else
+/*
+ * Transformed F2 and F4 are courtesy of Wei Dai <weidai@eskimo.com>
+ */
+#define F1(x,y,z)	((x) ^ (y) ^ (z))
+#define F2(x,y,z)	((((y) ^ (z)) & (x)) ^ (z))
+#define F3(x,y,z)	(((~(y)) | (x)) ^ (z))
+#define F4(x,y,z)	((((x) ^ (y)) & (z)) ^ (y))
+#define F5(x,y,z)	(((~(z)) | (y)) ^ (x))
+#endif
 
 #define RIPEMD160_A	0x67452301L
 #define RIPEMD160_B	0xEFCDAB89L
@@ -200,27 +134,27 @@
 #include "rmdconst.h"
 
 #define RIP1(a,b,c,d,e,w,s) { \
-	a+=F1(b,c,d)+X[w]; \
+	a+=F1(b,c,d)+X(w); \
         a=ROTATE(a,s)+e; \
         c=ROTATE(c,10); }
 
 #define RIP2(a,b,c,d,e,w,s,K) { \
-	a+=F2(b,c,d)+X[w]+K; \
+	a+=F2(b,c,d)+X(w)+K; \
         a=ROTATE(a,s)+e; \
         c=ROTATE(c,10); }
 
 #define RIP3(a,b,c,d,e,w,s,K) { \
-	a+=F3(b,c,d)+X[w]+K; \
+	a+=F3(b,c,d)+X(w)+K; \
         a=ROTATE(a,s)+e; \
         c=ROTATE(c,10); }
 
 #define RIP4(a,b,c,d,e,w,s,K) { \
-	a+=F4(b,c,d)+X[w]+K; \
+	a+=F4(b,c,d)+X(w)+K; \
         a=ROTATE(a,s)+e; \
         c=ROTATE(c,10); }
 
 #define RIP5(a,b,c,d,e,w,s,K) { \
-	a+=F5(b,c,d)+X[w]+K; \
+	a+=F5(b,c,d)+X(w)+K; \
         a=ROTATE(a,s)+e; \
         c=ROTATE(c,10); }
 
diff --git a/crypto/ripemd/rmd_one.c b/crypto/ripemd/rmd_one.c
index a7626dbcda..f8b580c33a 100644
--- a/crypto/ripemd/rmd_one.c
+++ b/crypto/ripemd/rmd_one.c
@@ -57,12 +57,12 @@
  */
 
 #include <stdio.h>
-#include "rmd_locl.h"
+#include <string.h>
+#include <openssl/ripemd.h>
+#include <openssl/crypto.h>
 
-unsigned char *RIPEMD160(d, n, md)
-unsigned char *d;
-unsigned long n;
-unsigned char *md;
+unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
+	     unsigned char *md)
 	{
 	RIPEMD160_CTX c;
 	static unsigned char m[RIPEMD160_DIGEST_LENGTH];
@@ -71,7 +71,7 @@ unsigned char *md;
 	RIPEMD160_Init(&c);
 	RIPEMD160_Update(&c,d,n);
 	RIPEMD160_Final(md,&c);
-	memset(&c,0,sizeof(c)); /* security consideration */
+	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
 	return(md);
 	}
 
diff --git a/crypto/ripemd/rmdtest.c b/crypto/ripemd/rmdtest.c
index 6a0297f975..d4c709e646 100644
--- a/crypto/ripemd/rmdtest.c
+++ b/crypto/ripemd/rmdtest.c
@@ -59,9 +59,24 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "ripemd.h"
 
-char *test[]={
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_RIPEMD
+int main(int argc, char *argv[])
+{
+    printf("No ripemd support\n");
+    return(0);
+}
+#else
+#include <openssl/ripemd.h>
+#include <openssl/evp.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+
+static char *test[]={
 	"",
 	"a",
 	"abc",
@@ -73,7 +88,7 @@ char *test[]={
 	NULL,
 	};
 
-char *ret[]={
+static char *ret[]={
 	"9c1185a5c5e9fc54612808977ee8f548b2258d31",
 	"0bdc9d2d256b3ee9daae347be6f4dc835a467ffe",
 	"8eb208f7e05d987a9b044a8e98c6b087f15a0bfc",
@@ -84,26 +99,24 @@ char *ret[]={
 	"9b752e45573d4b39f4dbd3323cab82bf63326bfb",
 	};
 
-#ifndef NOPROTO
 static char *pt(unsigned char *md);
-#else
-static char *pt();
-#endif
-
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int i,err=0;
 	unsigned char **P,**R;
 	char *p;
+	unsigned char md[RIPEMD160_DIGEST_LENGTH];
 
 	P=(unsigned char **)test;
 	R=(unsigned char **)ret;
 	i=1;
 	while (*P != NULL)
 		{
-		p=pt(RIPEMD160(&(P[0][0]),(unsigned long)strlen((char *)*P),NULL));
+#ifdef CHARSET_EBCDIC
+		ebcdic2ascii((char *)*P, (char *)*P, strlen((char *)*P));
+#endif
+		EVP_Digest(&(P[0][0]),(unsigned long)strlen((char *)*P),md,NULL,EVP_ripemd160(), NULL);
+		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{
 			printf("error calculating RIPEMD160 on '%s'\n",*P);
@@ -116,12 +129,11 @@ char *argv[];
 		R++;
 		P++;
 		}
-	exit(err);
+	EXIT(err);
 	return(0);
 	}
 
-static char *pt(md)
-unsigned char *md;
+static char *pt(unsigned char *md)
 	{
 	int i;
 	static char buf[80];
@@ -130,4 +142,4 @@ unsigned char *md;
 		sprintf(&(buf[i*2]),"%02x",md[i]);
 	return(buf);
 	}
-
+#endif
diff --git a/crypto/rsa/.cvsignore b/crypto/rsa/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/rsa/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/rsa/Makefile.ssl b/crypto/rsa/Makefile.ssl
index d52f2e609e..7e4c6db986 100644
--- a/crypto/rsa/Makefile.ssl
+++ b/crypto/rsa/Makefile.ssl
@@ -5,27 +5,30 @@
 DIR=	rsa
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=rsa
-ERRC=rsa_err
 GENERAL=Makefile
-TEST=
+TEST=rsa_test.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c $(ERRC).c \
-	rsa_pk1.c rsa_ssl.c rsa_none.c
-LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o $(ERRC).o \
-	rsa_pk1.o rsa_ssl.o rsa_none.o
+LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
+	rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
+	rsa_asn1.c
+LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
+	rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
+	rsa_asn1.o
 
 SRC= $(LIBSRC)
 
@@ -41,24 +44,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -70,17 +72,179 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+rsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+rsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rsa_asn1.o: ../../include/openssl/opensslconf.h
+rsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_asn1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_asn1.o: ../cryptlib.h rsa_asn1.c
+rsa_chk.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+rsa_chk.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_chk.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_chk.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_chk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_chk.o: rsa_chk.c
+rsa_eay.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_eay.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+rsa_eay.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+rsa_eay.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_eay.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+rsa_eay.o: ../cryptlib.h rsa_eay.c
+rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+rsa_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_err.o: rsa_err.c
+rsa_gen.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_gen.o: ../cryptlib.h rsa_gen.c
+rsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+rsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+rsa_lib.o: ../cryptlib.h rsa_lib.c
+rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_none.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_none.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_none.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_none.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_none.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_none.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_none.c
+rsa_null.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_null.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_null.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_null.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_null.c
+rsa_oaep.o: ../../e_os.h ../../include/openssl/aes.h
+rsa_oaep.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_oaep.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_oaep.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_oaep.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rsa_oaep.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rsa_oaep.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_oaep.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rsa_oaep.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rsa_oaep.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rsa_oaep.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_oaep.o: ../../include/openssl/opensslconf.h
+rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+rsa_oaep.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rsa_oaep.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_oaep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_oaep.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rsa_oaep.o: ../cryptlib.h rsa_oaep.c
+rsa_pk1.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_pk1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_pk1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c
+rsa_saos.o: ../../e_os.h ../../include/openssl/aes.h
+rsa_saos.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_saos.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_saos.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_saos.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rsa_saos.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rsa_saos.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+rsa_saos.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+rsa_saos.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+rsa_saos.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+rsa_saos.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+rsa_saos.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+rsa_saos.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_saos.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+rsa_saos.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+rsa_saos.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+rsa_saos.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_saos.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_saos.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+rsa_saos.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_saos.o: ../cryptlib.h rsa_saos.c
+rsa_sign.o: ../../e_os.h ../../include/openssl/aes.h
+rsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+rsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+rsa_sign.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+rsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+rsa_sign.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+rsa_sign.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+rsa_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+rsa_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_sign.o: ../../include/openssl/opensslconf.h
+rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+rsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+rsa_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+rsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+rsa_sign.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+rsa_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_sign.c
+rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_ssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+rsa_ssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_ssl.c
diff --git a/crypto/rsa/f b/crypto/rsa/f
deleted file mode 100644
index 57528ef93e..0000000000
--- a/crypto/rsa/f
+++ /dev/null
@@ -1,6 +0,0 @@
-	if ((rsa->method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
-		{
-		if ((rsa->method_mod_n=(char *)BN_MONT_CTX_new()) != NULL)
-			if (!BN_MONT_CTX_set((BN_MONT_CTX *)rsa->method_mod_n,
-				rsa->n,ctx)) goto err;
-		}
diff --git a/crypto/rsa/rsa.err b/crypto/rsa/rsa.err
deleted file mode 100644
index e866635fb7..0000000000
--- a/crypto/rsa/rsa.err
+++ /dev/null
@@ -1,46 +0,0 @@
-/* Error codes for the RSA functions. */
-
-/* Function codes. */
-#define RSA_F_MEMORY_LOCK				 100
-#define RSA_F_RSA_EAY_PRIVATE_DECRYPT			 101
-#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT			 102
-#define RSA_F_RSA_EAY_PUBLIC_DECRYPT			 103
-#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT			 104
-#define RSA_F_RSA_GENERATE_KEY				 105
-#define RSA_F_RSA_NEW_METHOD				 106
-#define RSA_F_RSA_PADDING_ADD_NONE			 107
-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1		 108
-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2		 109
-#define RSA_F_RSA_PADDING_ADD_SSLV23			 110
-#define RSA_F_RSA_PADDING_CHECK_NONE			 111
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1		 112
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2		 113
-#define RSA_F_RSA_PADDING_CHECK_SSLV23			 114
-#define RSA_F_RSA_PRINT					 115
-#define RSA_F_RSA_PRINT_FP				 116
-#define RSA_F_RSA_SIGN					 117
-#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING		 118
-#define RSA_F_RSA_VERIFY				 119
-#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING		 120
-
-/* Reason codes. */
-#define RSA_R_ALGORITHM_MISMATCH			 100
-#define RSA_R_BAD_E_VALUE				 101
-#define RSA_R_BAD_FIXED_HEADER_DECRYPT			 102
-#define RSA_R_BAD_PAD_BYTE_COUNT			 103
-#define RSA_R_BAD_SIGNATURE				 104
-#define RSA_R_BAD_ZERO_BYTE				 105
-#define RSA_R_BLOCK_TYPE_IS_NOT_01			 106
-#define RSA_R_BLOCK_TYPE_IS_NOT_02			 107
-#define RSA_R_DATA_GREATER_THAN_MOD_LEN			 108
-#define RSA_R_DATA_TOO_LARGE				 109
-#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 110
-#define RSA_R_DATA_TOO_SMALL				 111
-#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY		 112
-#define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113
-#define RSA_R_PADDING_CHECK_FAILED			 114
-#define RSA_R_SSLV3_ROLLBACK_ATTACK			 115
-#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
-#define RSA_R_UNKNOWN_ALGORITHM_TYPE			 117
-#define RSA_R_UNKNOWN_PADDING_TYPE			 118
-#define RSA_R_WRONG_SIGNATURE_LENGTH			 119
diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
index b7c02fdab7..b2e25e4e7c 100644
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -59,36 +59,73 @@
 #ifndef HEADER_RSA_H
 #define HEADER_RSA_H
 
+#include <openssl/asn1.h>
+
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include <openssl/ossl_typ.h>
+
+#ifdef OPENSSL_NO_RSA
+#error RSA is disabled.
+#endif
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#include "bn.h"
-#include "crypto.h"
+typedef struct rsa_st RSA;
 
 typedef struct rsa_meth_st
 	{
-	char *name;
-	int (*rsa_pub_enc)();
-	int (*rsa_pub_dec)();
-	int (*rsa_priv_enc)();
-	int (*rsa_priv_dec)();
-	int (*rsa_mod_exp)();		/* Can be null */
-	int (*bn_mod_exp)();		/* Can be null */
-	int (*init)(/* RSA * */);	/* called at new */
-	int (*finish)(/* RSA * */);	/* called at free */
-
+	const char *name;
+	int (*rsa_pub_enc)(int flen,const unsigned char *from,
+			   unsigned char *to,
+			   RSA *rsa,int padding);
+	int (*rsa_pub_dec)(int flen,const unsigned char *from,
+			   unsigned char *to,
+			   RSA *rsa,int padding);
+	int (*rsa_priv_enc)(int flen,const unsigned char *from,
+			    unsigned char *to,
+			    RSA *rsa,int padding);
+	int (*rsa_priv_dec)(int flen,const unsigned char *from,
+			    unsigned char *to,
+			    RSA *rsa,int padding);
+	int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa); /* Can be null */
+	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			  const BIGNUM *m, BN_CTX *ctx,
+			  BN_MONT_CTX *m_ctx); /* Can be null */
+	int (*init)(RSA *rsa);		/* called at new */
+	int (*finish)(RSA *rsa);	/* called at free */
 	int flags;			/* RSA_METHOD_FLAG_* things */
 	char *app_data;			/* may be needed! */
+/* New sign and verify functions: some libraries don't allow arbitrary data
+ * to be signed/verified: this allows them to be used. Note: for this to work
+ * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used
+ * RSA_sign(), RSA_verify() should be used instead. Note: for backwards
+ * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
+ * option is set in 'flags'.
+ */
+	int (*rsa_sign)(int type,
+		const unsigned char *m, unsigned int m_length,
+		unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
+	int (*rsa_verify)(int dtype,
+		const unsigned char *m, unsigned int m_length,
+		unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
+
 	} RSA_METHOD;
 
-typedef struct rsa_st
+struct rsa_st
 	{
 	/* The first parameter is used to pickup errors where
 	 * this is passed instead of aEVP_PKEY, it is set to 0 */
 	int pad;
-	int version;
-	RSA_METHOD *meth;
+	long version;
+	const RSA_METHOD *meth;
+	/* functional reference if 'meth' is ENGINE-provided */
+	ENGINE *engine;
 	BIGNUM *n;
 	BIGNUM *e;
 	BIGNUM *d;
@@ -97,21 +134,21 @@ typedef struct rsa_st
 	BIGNUM *dmp1;
 	BIGNUM *dmq1;
 	BIGNUM *iqmp;
-	/* be carefull using this if the RSA structure is shared */
+	/* be careful using this if the RSA structure is shared */
 	CRYPTO_EX_DATA ex_data;
 	int references;
 	int flags;
 
-	/* Normally used to cache montgomery values */
-	char *method_mod_n;
-	char *method_mod_p;
-	char *method_mod_q;
+	/* Used to cache montgomery values */
+	BN_MONT_CTX *_method_mod_n;
+	BN_MONT_CTX *_method_mod_p;
+	BN_MONT_CTX *_method_mod_q;
 
 	/* all BIGNUM values are actually in the following data, if it is not
 	 * NULL */
 	char *bignum_data;
 	BN_BLINDING *blinding;
-	} RSA;
+	};
 
 #define RSA_3	0x3L
 #define RSA_F4	0x10001L
@@ -122,178 +159,153 @@ typedef struct rsa_st
 #define RSA_FLAG_CACHE_PRIVATE		0x04
 #define RSA_FLAG_BLINDING		0x08
 #define RSA_FLAG_THREAD_SAFE		0x10
+/* This flag means the private key operations will be handled by rsa_mod_exp
+ * and that they do not depend on the private key components being present:
+ * for example a key stored in external hardware. Without this flag bn_mod_exp
+ * gets called when private key components are absent.
+ */
+#define RSA_FLAG_EXT_PKEY		0x20
+
+/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions.
+ */
+#define RSA_FLAG_SIGN_VER		0x40
 
 #define RSA_PKCS1_PADDING	1
 #define RSA_SSLV23_PADDING	2
 #define RSA_NO_PADDING		3
+#define RSA_PKCS1_OAEP_PADDING	4
 
-#define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,(char *)arg)
+#define RSA_PKCS1_PADDING_SIZE	11
+
+#define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
 #define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
 
-#ifndef NOPROTO
 RSA *	RSA_new(void);
-RSA *	RSA_new_method(RSA_METHOD *method);
-int	RSA_size(RSA *);
+RSA *	RSA_new_method(ENGINE *engine);
+int	RSA_size(const RSA *);
 RSA *	RSA_generate_key(int bits, unsigned long e,void
-		(*callback)(int,int,char *),char *cb_arg);
+		(*callback)(int,int,void *),void *cb_arg);
+int	RSA_check_key(const RSA *);
 	/* next 4 return -1 on error */
-int	RSA_public_encrypt(int flen, unsigned char *from,
+int	RSA_public_encrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-int	RSA_private_encrypt(int flen, unsigned char *from,
+int	RSA_private_encrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-int	RSA_public_decrypt(int flen, unsigned char *from, 
+int	RSA_public_decrypt(int flen, const unsigned char *from, 
 		unsigned char *to, RSA *rsa,int padding);
-int	RSA_private_decrypt(int flen, unsigned char *from, 
+int	RSA_private_decrypt(int flen, const unsigned char *from, 
 		unsigned char *to, RSA *rsa,int padding);
 void	RSA_free (RSA *r);
+/* "up" the RSA object's reference count */
+int	RSA_up_ref(RSA *r);
 
-int	RSA_flags(RSA *r);
+int	RSA_flags(const RSA *r);
 
-void RSA_set_default_method(RSA_METHOD *meth);
+void RSA_set_default_method(const RSA_METHOD *meth);
+const RSA_METHOD *RSA_get_default_method(void);
+const RSA_METHOD *RSA_get_method(const RSA *rsa);
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
 
 /* This function needs the memory locking malloc callbacks to be installed */
 int RSA_memory_lock(RSA *r);
 
-/* If you have RSAref compiled in. */
-RSA_METHOD *RSA_PKCS1_RSAref(void);
-
 /* these are the actual SSLeay RSA functions */
-RSA_METHOD *RSA_PKCS1_SSLeay(void);
+const RSA_METHOD *RSA_PKCS1_SSLeay(void);
 
-void	ERR_load_RSA_strings(void );
+const RSA_METHOD *RSA_null_method(void);
 
-RSA *	d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
-int	i2d_RSAPublicKey(RSA *a, unsigned char **pp);
-RSA *	d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
-int 	i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
-#ifndef NO_FP_API
-int	RSA_print_fp(FILE *fp, RSA *r,int offset);
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
+
+#ifndef OPENSSL_NO_FP_API
+int	RSA_print_fp(FILE *fp, const RSA *r,int offset);
 #endif
 
-#ifdef HEADER_BIO_H
-int	RSA_print(BIO *bp, RSA *r,int offset);
+#ifndef OPENSSL_NO_BIO
+int	RSA_print(BIO *bp, const RSA *r,int offset);
 #endif
 
-int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
-RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
-/* Naughty internal function required elsewhere, to handle a MS structure
- * that is the same as the netscape one :-) */
-RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length, int (*cb)());
+int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey);
+RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey);
+
+int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)());
+RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)());
 
 /* The following 2 functions sign and verify a X509_SIG ASN1 object
  * inside PKCS#1 padded RSA encryption */
-int RSA_sign(int type, unsigned char *m, unsigned int m_len,
+int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
 	unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-int RSA_verify(int type, unsigned char *m, unsigned int m_len,
+int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
 	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
 
 /* The following 2 function sign and verify a ASN1_OCTET_STRING
  * object inside PKCS#1 padded RSA encryption */
-int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
+int RSA_sign_ASN1_OCTET_STRING(int type,
+	const unsigned char *m, unsigned int m_length,
 	unsigned char *sigret, unsigned int *siglen, RSA *rsa);
-int RSA_verify_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
+int RSA_verify_ASN1_OCTET_STRING(int type,
+	const unsigned char *m, unsigned int m_length,
 	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
 
 int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
 void RSA_blinding_off(RSA *rsa);
 
 int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen,
-	unsigned char *f,int fl);
+	const unsigned char *f,int fl);
 int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen,
-	unsigned char *f,int fl,int rsa_len);
+	const unsigned char *f,int fl,int rsa_len);
 int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
-	unsigned char *f,int fl);
+	const unsigned char *f,int fl);
 int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
-	unsigned char *f,int fl,int rsa_len);
+	const unsigned char *f,int fl,int rsa_len);
+int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen,
+	const unsigned char *f,int fl,
+	const unsigned char *p,int pl);
+int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen,
+	const unsigned char *f,int fl,int rsa_len,
+	const unsigned char *p,int pl);
 int RSA_padding_add_SSLv23(unsigned char *to,int tlen,
-	unsigned char *f,int fl);
+	const unsigned char *f,int fl);
 int RSA_padding_check_SSLv23(unsigned char *to,int tlen,
-	unsigned char *f,int fl,int rsa_len);
+	const unsigned char *f,int fl,int rsa_len);
 int RSA_padding_add_none(unsigned char *to,int tlen,
-	unsigned char *f,int fl);
+	const unsigned char *f,int fl);
 int RSA_padding_check_none(unsigned char *to,int tlen,
-	unsigned char *f,int fl,int rsa_len);
-
-int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
-	int (*dup_func)(), void (*free_func)());
-int RSA_set_ex_data(RSA *r,int idx,char *arg);
-char *RSA_get_ex_data(RSA *r, int idx);
-
-#else
+	const unsigned char *f,int fl,int rsa_len);
 
-RSA *	RSA_new();
-RSA *	RSA_new_method();
-int	RSA_size();
-RSA *	RSA_generate_key();
-int	RSA_public_encrypt();
-int	RSA_private_encrypt();
-int	RSA_public_decrypt();
-int	RSA_private_decrypt();
-void	RSA_free ();
+int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int RSA_set_ex_data(RSA *r,int idx,void *arg);
+void *RSA_get_ex_data(const RSA *r, int idx);
 
-int	RSA_flags();
-
-void RSA_set_default_method();
-int RSA_memory_lock();
-
-/* RSA_METHOD *RSA_PKCS1_RSAref(); */
-RSA_METHOD *RSA_PKCS1_SSLeay();
-
-void	ERR_load_RSA_strings();
-
-RSA *	d2i_RSAPublicKey();
-int	i2d_RSAPublicKey();
-RSA *	d2i_RSAPrivateKey();
-int 	i2d_RSAPrivateKey();
-#ifndef NO_FP_API
-int	RSA_print_fp();
-#endif
-
-int	RSA_print();
-
-int i2d_Netscape_RSA();
-RSA *d2i_Netscape_RSA();
-RSA *d2i_Netscape_RSA_2();
-
-int RSA_sign();
-int RSA_verify();
-
-int RSA_sign_ASN1_OCTET_STRING();
-int RSA_verify_ASN1_OCTET_STRING();
-int RSA_blinding_on();
-void RSA_blinding_off();
-
-int RSA_padding_add_PKCS1_type_1();
-int RSA_padding_check_PKCS1_type_1();
-int RSA_padding_add_PKCS1_type_2();
-int RSA_padding_check_PKCS1_type_2();
-int RSA_padding_add_SSLv23();
-int RSA_padding_check_SSLv23();
-int RSA_padding_add_none();
-int RSA_padding_check_none();
-
-int RSA_get_ex_new_index();
-int RSA_set_ex_data();
-char *RSA_get_ex_data();
-
-#endif
+RSA *RSAPublicKey_dup(RSA *rsa);
+RSA *RSAPrivateKey_dup(RSA *rsa);
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_RSA_strings(void);
+
 /* Error codes for the RSA functions. */
 
 /* Function codes. */
 #define RSA_F_MEMORY_LOCK				 100
+#define RSA_F_RSA_CHECK_KEY				 123
 #define RSA_F_RSA_EAY_PRIVATE_DECRYPT			 101
 #define RSA_F_RSA_EAY_PRIVATE_ENCRYPT			 102
 #define RSA_F_RSA_EAY_PUBLIC_DECRYPT			 103
 #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT			 104
 #define RSA_F_RSA_GENERATE_KEY				 105
 #define RSA_F_RSA_NEW_METHOD				 106
+#define RSA_F_RSA_NULL					 124
 #define RSA_F_RSA_PADDING_ADD_NONE			 107
+#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP		 121
 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1		 108
 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2		 109
 #define RSA_F_RSA_PADDING_ADD_SSLV23			 110
 #define RSA_F_RSA_PADDING_CHECK_NONE			 111
+#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP		 122
 #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1		 112
 #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2		 113
 #define RSA_F_RSA_PADDING_CHECK_SSLV23			 114
@@ -310,24 +322,35 @@ char *RSA_get_ex_data();
 #define RSA_R_BAD_FIXED_HEADER_DECRYPT			 102
 #define RSA_R_BAD_PAD_BYTE_COUNT			 103
 #define RSA_R_BAD_SIGNATURE				 104
-#define RSA_R_BAD_ZERO_BYTE				 105
 #define RSA_R_BLOCK_TYPE_IS_NOT_01			 106
 #define RSA_R_BLOCK_TYPE_IS_NOT_02			 107
 #define RSA_R_DATA_GREATER_THAN_MOD_LEN			 108
 #define RSA_R_DATA_TOO_LARGE				 109
 #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 110
+#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS		 132
 #define RSA_R_DATA_TOO_SMALL				 111
+#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE		 122
 #define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY		 112
+#define RSA_R_DMP1_NOT_CONGRUENT_TO_D			 124
+#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D			 125
+#define RSA_R_D_E_NOT_CONGRUENT_TO_1			 123
+#define RSA_R_INVALID_MESSAGE_LENGTH			 131
+#define RSA_R_IQMP_NOT_INVERSE_OF_Q			 126
+#define RSA_R_KEY_SIZE_TOO_SMALL			 120
 #define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113
+#define RSA_R_N_DOES_NOT_EQUAL_P_Q			 127
+#define RSA_R_OAEP_DECODING_ERROR			 121
 #define RSA_R_PADDING_CHECK_FAILED			 114
+#define RSA_R_P_NOT_PRIME				 128
+#define RSA_R_Q_NOT_PRIME				 129
+#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED		 130
 #define RSA_R_SSLV3_ROLLBACK_ATTACK			 115
 #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
 #define RSA_R_UNKNOWN_ALGORITHM_TYPE			 117
 #define RSA_R_UNKNOWN_PADDING_TYPE			 118
 #define RSA_R_WRONG_SIGNATURE_LENGTH			 119
- 
+
 #ifdef  __cplusplus
 }
 #endif
 #endif
-
diff --git a/crypto/rsa/rsa_asn1.c b/crypto/rsa/rsa_asn1.c
new file mode 100644
index 0000000000..1455a7e0e4
--- /dev/null
+++ b/crypto/rsa/rsa_asn1.c
@@ -0,0 +1,121 @@
+/* rsa_asn1.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/asn1t.h>
+
+static ASN1_METHOD method={
+        (int (*)())  i2d_RSAPrivateKey,
+        (char *(*)())d2i_RSAPrivateKey,
+        (char *(*)())RSA_new,
+        (void (*)()) RSA_free};
+
+ASN1_METHOD *RSAPrivateKey_asn1_meth(void)
+	{
+	return(&method);
+	}
+
+/* Override the default free and new methods */
+static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+	if(operation == ASN1_OP_NEW_PRE) {
+		*pval = (ASN1_VALUE *)RSA_new();
+		if(*pval) return 2;
+		return 0;
+	} else if(operation == ASN1_OP_FREE_PRE) {
+		RSA_free((RSA *)*pval);
+		*pval = NULL;
+		return 2;
+	}
+	return 1;
+}
+
+ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = {
+	ASN1_SIMPLE(RSA, version, LONG),
+	ASN1_SIMPLE(RSA, n, BIGNUM),
+	ASN1_SIMPLE(RSA, e, BIGNUM),
+	ASN1_SIMPLE(RSA, d, BIGNUM),
+	ASN1_SIMPLE(RSA, p, BIGNUM),
+	ASN1_SIMPLE(RSA, q, BIGNUM),
+	ASN1_SIMPLE(RSA, dmp1, BIGNUM),
+	ASN1_SIMPLE(RSA, dmq1, BIGNUM),
+	ASN1_SIMPLE(RSA, iqmp, BIGNUM)
+} ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey)
+
+
+ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = {
+	ASN1_SIMPLE(RSA, n, BIGNUM),
+	ASN1_SIMPLE(RSA, e, BIGNUM),
+} ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey)
+
+RSA *RSAPublicKey_dup(RSA *rsa)
+	{
+	return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa);
+	}
+
+RSA *RSAPrivateKey_dup(RSA *rsa)
+	{
+	return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa);
+	}
diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c
new file mode 100644
index 0000000000..002f2cb487
--- /dev/null
+++ b/crypto/rsa/rsa_chk.c
@@ -0,0 +1,184 @@
+/* crypto/rsa/rsa_chk.c  -*- Mode: C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+
+
+int RSA_check_key(const RSA *key)
+	{
+	BIGNUM *i, *j, *k, *l, *m;
+	BN_CTX *ctx;
+	int r;
+	int ret=1;
+	
+	i = BN_new();
+	j = BN_new();
+	k = BN_new();
+	l = BN_new();
+	m = BN_new();
+	ctx = BN_CTX_new();
+	if (i == NULL || j == NULL || k == NULL || l == NULL ||
+		m == NULL || ctx == NULL)
+		{
+		ret = -1;
+		RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	
+	/* p prime? */
+	r = BN_is_prime(key->p, BN_prime_checks, NULL, NULL, NULL);
+	if (r != 1)
+		{
+		ret = r;
+		if (r != 0)
+			goto err;
+		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
+		}
+	
+	/* q prime? */
+	r = BN_is_prime(key->q, BN_prime_checks, NULL, NULL, NULL);
+	if (r != 1)
+		{
+		ret = r;
+		if (r != 0)
+			goto err;
+		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
+		}
+	
+	/* n = p*q? */
+	r = BN_mul(i, key->p, key->q, ctx);
+	if (!r) { ret = -1; goto err; }
+	
+	if (BN_cmp(i, key->n) != 0)
+		{
+		ret = 0;
+		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
+		}
+	
+	/* d*e = 1  mod lcm(p-1,q-1)? */
+
+	r = BN_sub(i, key->p, BN_value_one());
+	if (!r) { ret = -1; goto err; }
+	r = BN_sub(j, key->q, BN_value_one());
+	if (!r) { ret = -1; goto err; }
+
+	/* now compute k = lcm(i,j) */
+	r = BN_mul(l, i, j, ctx);
+	if (!r) { ret = -1; goto err; }
+	r = BN_gcd(m, i, j, ctx);
+	if (!r) { ret = -1; goto err; }
+	r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */
+	if (!r) { ret = -1; goto err; }
+
+	r = BN_mod_mul(i, key->d, key->e, k, ctx);
+	if (!r) { ret = -1; goto err; }
+
+	if (!BN_is_one(i))
+		{
+		ret = 0;
+		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);
+		}
+	
+	if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL)
+		{
+		/* dmp1 = d mod (p-1)? */
+		r = BN_sub(i, key->p, BN_value_one());
+		if (!r) { ret = -1; goto err; }
+
+		r = BN_mod(j, key->d, i, ctx);
+		if (!r) { ret = -1; goto err; }
+
+		if (BN_cmp(j, key->dmp1) != 0)
+			{
+			ret = 0;
+			RSAerr(RSA_F_RSA_CHECK_KEY,
+				RSA_R_DMP1_NOT_CONGRUENT_TO_D);
+			}
+	
+		/* dmq1 = d mod (q-1)? */    
+		r = BN_sub(i, key->q, BN_value_one());
+		if (!r) { ret = -1; goto err; }
+	
+		r = BN_mod(j, key->d, i, ctx);
+		if (!r) { ret = -1; goto err; }
+
+		if (BN_cmp(j, key->dmq1) != 0)
+			{
+			ret = 0;
+			RSAerr(RSA_F_RSA_CHECK_KEY,
+				RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
+			}
+	
+		/* iqmp = q^-1 mod p? */
+		if(!BN_mod_inverse(i, key->q, key->p, ctx))
+			{
+			ret = -1;
+			goto err;
+			}
+
+		if (BN_cmp(i, key->iqmp) != 0)
+			{
+			ret = 0;
+			RSAerr(RSA_F_RSA_CHECK_KEY,
+				RSA_R_IQMP_NOT_INVERSE_OF_Q);
+			}
+		}
+
+ err:
+	if (i != NULL) BN_free(i);
+	if (j != NULL) BN_free(j);
+	if (k != NULL) BN_free(k);
+	if (l != NULL) BN_free(l);
+	if (m != NULL) BN_free(m);
+	if (ctx != NULL) BN_CTX_free(ctx);
+	return (ret);
+	}
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
index 7623189e41..c4e6d1e22a 100644
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -58,57 +58,47 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "rand.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+#include <openssl/engine.h>
 
-#ifndef NOPROTO
-static int RSA_eay_public_encrypt(int flen, unsigned char *from,
+#ifndef RSA_NULL
+
+static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_encrypt(int flen, unsigned char *from,
+static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_public_decrypt(int flen, unsigned char *from,
+static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_decrypt(int flen, unsigned char *from,
+static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa);
+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa);
 static int RSA_eay_init(RSA *rsa);
 static int RSA_eay_finish(RSA *rsa);
-#else
-static int RSA_eay_public_encrypt();
-static int RSA_eay_private_encrypt();
-static int RSA_eay_public_decrypt();
-static int RSA_eay_private_decrypt();
-static int RSA_eay_mod_exp();
-static int RSA_eay_init();
-static int RSA_eay_finish();
-#endif
-
 static RSA_METHOD rsa_pkcs1_eay_meth={
 	"Eric Young's PKCS#1 RSA",
 	RSA_eay_public_encrypt,
-	RSA_eay_public_decrypt,
-	RSA_eay_private_encrypt,
+	RSA_eay_public_decrypt, /* signature verification */
+	RSA_eay_private_encrypt, /* signing */
 	RSA_eay_private_decrypt,
 	RSA_eay_mod_exp,
-	BN_mod_exp_mont,
+	BN_mod_exp_mont, /* XXX probably we should not use Montgomery if  e == 3 */
 	RSA_eay_init,
 	RSA_eay_finish,
-	0,
+	0, /* flags */
 	NULL,
+	0, /* rsa_sign */
+	0  /* rsa_verify */
 	};
 
-RSA_METHOD *RSA_PKCS1_SSLeay()
+const RSA_METHOD *RSA_PKCS1_SSLeay(void)
 	{
 	return(&rsa_pkcs1_eay_meth);
 	}
 
-static int RSA_eay_public_encrypt(flen, from, to, rsa, padding)
-int flen;
-unsigned char *from;
-unsigned char *to;
-RSA *rsa;
-int padding;
+static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding)
 	{
 	BIGNUM f,ret;
 	int i,j,k,num=0,r= -1;
@@ -119,7 +109,7 @@ int padding;
 	BN_init(&ret);
 	if ((ctx=BN_CTX_new()) == NULL) goto err;
 	num=BN_num_bytes(rsa->n);
-	if ((buf=(unsigned char *)Malloc(num)) == NULL)
+	if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
 		{
 		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
 		goto err;
@@ -130,6 +120,11 @@ int padding;
 	case RSA_PKCS1_PADDING:
 		i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
 		break;
+#ifndef OPENSSL_NO_SHA
+	case RSA_PKCS1_OAEP_PADDING:
+	        i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);
+		break;
+#endif
 	case RSA_SSLV23_PADDING:
 		i=RSA_padding_add_SSLv23(buf,num,from,flen);
 		break;
@@ -144,15 +139,39 @@ int padding;
 
 	if (BN_bin2bn(buf,num,&f) == NULL) goto err;
 	
-	if ((rsa->method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
-		{
-		if ((rsa->method_mod_n=(char *)BN_MONT_CTX_new()) != NULL)
-			if (!BN_MONT_CTX_set((BN_MONT_CTX *)rsa->method_mod_n,
-				rsa->n,ctx)) goto err;
+	if (BN_ucmp(&f, rsa->n) >= 0)
+		{	
+		/* usually the padding functions would catch this */
+		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+		goto err;
 		}
 
+	if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
+		{
+		BN_MONT_CTX* bn_mont_ctx;
+		if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
+			goto err;
+		if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
+			{
+			BN_MONT_CTX_free(bn_mont_ctx);
+			goto err;
+			}
+		if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
+			{
+			CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+			if (rsa->_method_mod_n == NULL)
+				{
+				rsa->_method_mod_n = bn_mont_ctx;
+				bn_mont_ctx = NULL;
+				}
+			CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+			}
+		if (bn_mont_ctx)
+			BN_MONT_CTX_free(bn_mont_ctx);
+		}
+		
 	if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
-		rsa->method_mod_n)) goto err;
+		rsa->_method_mod_n)) goto err;
 
 	/* put in leading 0 bytes if the number is less than the
 	 * length of the modulus */
@@ -168,18 +187,15 @@ err:
 	BN_clear_free(&ret);
 	if (buf != NULL) 
 		{
-		memset(buf,0,num);
-		Free(buf);
+		OPENSSL_cleanse(buf,num);
+		OPENSSL_free(buf);
 		}
 	return(r);
 	}
 
-static int RSA_eay_private_encrypt(flen, from, to, rsa, padding)
-int flen;
-unsigned char *from;
-unsigned char *to;
-RSA *rsa;
-int padding;
+/* signing */
+static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding)
 	{
 	BIGNUM f,ret;
 	int i,j,k,num=0,r= -1;
@@ -191,7 +207,7 @@ int padding;
 
 	if ((ctx=BN_CTX_new()) == NULL) goto err;
 	num=BN_num_bytes(rsa->n);
-	if ((buf=(unsigned char *)Malloc(num)) == NULL)
+	if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
 		{
 		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
 		goto err;
@@ -213,17 +229,25 @@ int padding;
 	if (i <= 0) goto err;
 
 	if (BN_bin2bn(buf,num,&f) == NULL) goto err;
+	
+	if (BN_ucmp(&f, rsa->n) >= 0)
+		{	
+		/* usually the padding functions would catch this */
+		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+		goto err;
+		}
 
 	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
 		RSA_blinding_on(rsa,ctx);
 	if (rsa->flags & RSA_FLAG_BLINDING)
 		if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
 
-	if (	(rsa->p != NULL) &&
+	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
+		((rsa->p != NULL) &&
 		(rsa->q != NULL) &&
 		(rsa->dmp1 != NULL) &&
 		(rsa->dmq1 != NULL) &&
-		(rsa->iqmp != NULL))
+		(rsa->iqmp != NULL)) )
 		{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
 	else
 		{
@@ -247,18 +271,14 @@ err:
 	BN_clear_free(&f);
 	if (buf != NULL)
 		{
-		memset(buf,0,num);
-		Free(buf);
+		OPENSSL_cleanse(buf,num);
+		OPENSSL_free(buf);
 		}
 	return(r);
 	}
 
-static int RSA_eay_private_decrypt(flen, from, to, rsa,padding)
-int flen;
-unsigned char *from;
-unsigned char *to;
-RSA *rsa;
-int padding;
+static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding)
 	{
 	BIGNUM f,ret;
 	int j,num=0,r= -1;
@@ -273,13 +293,13 @@ int padding;
 
 	num=BN_num_bytes(rsa->n);
 
-	if ((buf=(unsigned char *)Malloc(num)) == NULL)
+	if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
 		{
 		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
 
-	/* This check was for equallity but PGP does evil things
+	/* This check was for equality but PGP does evil things
 	 * and chops off the top '0' bytes */
 	if (flen > num)
 		{
@@ -290,17 +310,24 @@ int padding;
 	/* make data into a big number */
 	if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err;
 
+	if (BN_ucmp(&f, rsa->n) >= 0)
+		{
+		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+		goto err;
+		}
+
 	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
 		RSA_blinding_on(rsa,ctx);
 	if (rsa->flags & RSA_FLAG_BLINDING)
 		if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
 
 	/* do the decrypt */
-	if (	(rsa->p != NULL) &&
+	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
+		((rsa->p != NULL) &&
 		(rsa->q != NULL) &&
 		(rsa->dmp1 != NULL) &&
 		(rsa->dmq1 != NULL) &&
-		(rsa->iqmp != NULL))
+		(rsa->iqmp != NULL)) )
 		{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
 	else
 		{
@@ -319,7 +346,12 @@ int padding;
 	case RSA_PKCS1_PADDING:
 		r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num);
 		break;
-	case RSA_SSLV23_PADDING:
+#ifndef OPENSSL_NO_SHA
+        case RSA_PKCS1_OAEP_PADDING:
+	        r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0);
+                break;
+#endif
+ 	case RSA_SSLV23_PADDING:
 		r=RSA_padding_check_SSLv23(to,num,buf,j,num);
 		break;
 	case RSA_NO_PADDING:
@@ -338,18 +370,15 @@ err:
 	BN_clear_free(&ret);
 	if (buf != NULL)
 		{
-		memset(buf,0,num);
-		Free(buf);
+		OPENSSL_cleanse(buf,num);
+		OPENSSL_free(buf);
 		}
 	return(r);
 	}
 
-static int RSA_eay_public_decrypt(flen, from, to, rsa, padding)
-int flen;
-unsigned char *from;
-unsigned char *to;
-RSA *rsa;
-int padding;
+/* signature verification */
+static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding)
 	{
 	BIGNUM f,ret;
 	int i,num=0,r= -1;
@@ -363,14 +392,14 @@ int padding;
 	if (ctx == NULL) goto err;
 
 	num=BN_num_bytes(rsa->n);
-	buf=(unsigned char *)Malloc(num);
+	buf=(unsigned char *)OPENSSL_malloc(num);
 	if (buf == NULL)
 		{
 		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
 
-	/* This check was for equallity but PGP does evil things
+	/* This check was for equality but PGP does evil things
 	 * and chops off the top '0' bytes */
 	if (flen > num)
 		{
@@ -379,16 +408,40 @@ int padding;
 		}
 
 	if (BN_bin2bn(from,flen,&f) == NULL) goto err;
-	/* do the decrypt */
-	if ((rsa->method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
+
+	if (BN_ucmp(&f, rsa->n) >= 0)
 		{
-		if ((rsa->method_mod_n=(char *)BN_MONT_CTX_new()) != NULL)
-			if (!BN_MONT_CTX_set((BN_MONT_CTX *)rsa->method_mod_n,
-				rsa->n,ctx)) goto err;
+		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+		goto err;
 		}
 
+	/* do the decrypt */
+	if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
+		{
+		BN_MONT_CTX* bn_mont_ctx;
+		if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
+			goto err;
+		if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
+			{
+			BN_MONT_CTX_free(bn_mont_ctx);
+			goto err;
+			}
+		if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
+			{
+			CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+			if (rsa->_method_mod_n == NULL)
+				{
+				rsa->_method_mod_n = bn_mont_ctx;
+				bn_mont_ctx = NULL;
+				}
+			CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+			}
+		if (bn_mont_ctx)
+			BN_MONT_CTX_free(bn_mont_ctx);
+		}
+		
 	if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
-		rsa->method_mod_n)) goto err;
+		rsa->_method_mod_n)) goto err;
 
 	p=buf;
 	i=BN_bn2bin(&ret,p);
@@ -414,89 +467,143 @@ err:
 	BN_clear_free(&ret);
 	if (buf != NULL)
 		{
-		memset(buf,0,num);
-		Free(buf);
+		OPENSSL_cleanse(buf,num);
+		OPENSSL_free(buf);
 		}
 	return(r);
 	}
 
-static int RSA_eay_mod_exp(r0, I, rsa)
-BIGNUM *r0;
-BIGNUM *I;
-RSA *rsa;
+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
 	{
-	BIGNUM r1,m1;
+	BIGNUM r1,m1,vrfy;
 	int ret=0;
 	BN_CTX *ctx;
 
-	if ((ctx=BN_CTX_new()) == NULL) goto err;
 	BN_init(&m1);
 	BN_init(&r1);
+	BN_init(&vrfy);
+	if ((ctx=BN_CTX_new()) == NULL) goto err;
 
 	if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
 		{
-		if (rsa->method_mod_p == NULL)
+		if (rsa->_method_mod_p == NULL)
 			{
-			if ((rsa->method_mod_p=(char *)
-				BN_MONT_CTX_new()) != NULL)
-				if (!BN_MONT_CTX_set((BN_MONT_CTX *)
-					rsa->method_mod_p,rsa->p,ctx))
-					goto err;
+			BN_MONT_CTX* bn_mont_ctx;
+			if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
+				goto err;
+			if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx))
+				{
+				BN_MONT_CTX_free(bn_mont_ctx);
+				goto err;
+				}
+			if (rsa->_method_mod_p == NULL) /* other thread may have finished first */
+				{
+				CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+				if (rsa->_method_mod_p == NULL)
+					{
+					rsa->_method_mod_p = bn_mont_ctx;
+					bn_mont_ctx = NULL;
+					}
+				CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+				}
+			if (bn_mont_ctx)
+				BN_MONT_CTX_free(bn_mont_ctx);
 			}
-		if (rsa->method_mod_q == NULL)
+
+		if (rsa->_method_mod_q == NULL)
 			{
-			if ((rsa->method_mod_q=(char *)
-				BN_MONT_CTX_new()) != NULL)
-				if (!BN_MONT_CTX_set((BN_MONT_CTX *)
-					rsa->method_mod_q,rsa->q,ctx))
-					goto err;
+			BN_MONT_CTX* bn_mont_ctx;
+			if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
+				goto err;
+			if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx))
+				{
+				BN_MONT_CTX_free(bn_mont_ctx);
+				goto err;
+				}
+			if (rsa->_method_mod_q == NULL) /* other thread may have finished first */
+				{
+				CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+				if (rsa->_method_mod_q == NULL)
+					{
+					rsa->_method_mod_q = bn_mont_ctx;
+					bn_mont_ctx = NULL;
+					}
+				CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+				}
+			if (bn_mont_ctx)
+				BN_MONT_CTX_free(bn_mont_ctx);
 			}
 		}
-
+		
 	if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
 	if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
-		rsa->method_mod_q)) goto err;
+		rsa->_method_mod_q)) goto err;
 
 	if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
 	if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
-		rsa->method_mod_p)) goto err;
+		rsa->_method_mod_p)) goto err;
 
 	if (!BN_sub(r0,r0,&m1)) goto err;
 	/* This will help stop the size of r0 increasing, which does
 	 * affect the multiply if it optimised for a power of 2 size */
-	if (r0->neg)
+	if (BN_get_sign(r0))
 		if (!BN_add(r0,r0,rsa->p)) goto err;
 
 	if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err;
 	if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err;
+	/* If p < q it is occasionally possible for the correction of
+         * adding 'p' if r0 is negative above to leave the result still
+	 * negative. This can break the private key operations: the following
+	 * second correction should *always* correct this rare occurrence.
+	 * This will *never* happen with OpenSSL generated keys because
+         * they ensure p > q [steve]
+         */
+	if (BN_get_sign(r0))
+		if (!BN_add(r0,r0,rsa->p)) goto err;
 	if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err;
 	if (!BN_add(r0,&r1,&m1)) goto err;
 
+	if (rsa->e && rsa->n)
+		{
+		if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
+		/* If 'I' was greater than (or equal to) rsa->n, the operation
+		 * will be equivalent to using 'I mod n'. However, the result of
+		 * the verify will *always* be less than 'n' so we don't check
+		 * for absolute equality, just congruency. */
+		if (!BN_sub(&vrfy, &vrfy, I)) goto err;
+		if (!BN_mod(&vrfy, &vrfy, rsa->n, ctx)) goto err;
+		if (BN_get_sign(&vrfy))
+			if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err;
+		if (!BN_is_zero(&vrfy))
+			/* 'I' and 'vrfy' aren't congruent mod n. Don't leak
+			 * miscalculated CRT output, just do a raw (slower)
+			 * mod_exp and return that instead. */
+			if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
+		}
 	ret=1;
 err:
 	BN_clear_free(&m1);
 	BN_clear_free(&r1);
+	BN_clear_free(&vrfy);
 	BN_CTX_free(ctx);
 	return(ret);
 	}
 
-static int RSA_eay_init(rsa)
-RSA *rsa;
+static int RSA_eay_init(RSA *rsa)
 	{
 	rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
 	return(1);
 	}
 
-static int RSA_eay_finish(rsa)
-RSA *rsa;
+static int RSA_eay_finish(RSA *rsa)
 	{
-	if (rsa->method_mod_n != NULL)
-		BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_n);
-	if (rsa->method_mod_p != NULL)
-		BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_p);
-	if (rsa->method_mod_q != NULL)
-		BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_q);
+	if (rsa->_method_mod_n != NULL)
+		BN_MONT_CTX_free(rsa->_method_mod_n);
+	if (rsa->_method_mod_p != NULL)
+		BN_MONT_CTX_free(rsa->_method_mod_p);
+	if (rsa->_method_mod_q != NULL)
+		BN_MONT_CTX_free(rsa->_method_mod_q);
 	return(1);
 	}
 
-
+#endif
diff --git a/crypto/rsa/rsa_enc.c b/crypto/rsa/rsa_enc.c
deleted file mode 100644
index c4a4ad5a60..0000000000
--- a/crypto/rsa/rsa_enc.c
+++ /dev/null
@@ -1,538 +0,0 @@
-/* crypto/rsa/rsa_enc.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "rand.h"
-
-#ifndef NOPROTO
-static int RSA_eay_public_encrypt(int flen, unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_encrypt(int flen, unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_public_decrypt(int flen, unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_decrypt(int flen, unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa);
-#else
-static int RSA_eay_public_encrypt();
-static int RSA_eay_private_encrypt();
-static int RSA_eay_public_decrypt();
-static int RSA_eay_private_decrypt();
-static int RSA_eay_mod_exp();
-#endif
-
-static RSA_METHOD rsa_pkcs1_eay_meth={
-	"Eric Young's PKCS#1 RSA",
-	RSA_eay_public_encrypt,
-	RSA_eay_public_decrypt,
-	RSA_eay_private_encrypt,
-	RSA_eay_private_decrypt,
-	RSA_eay_mod_exp,
-	BN_mod_exp,
-	NULL,
-	NULL,
-	};
-
-RSA_METHOD *RSA_PKCS1_SSLeay()
-	{
-	return(&rsa_pkcs1_eay_meth);
-	}
-
-static int RSA_eay_public_encrypt(flen, from, to, rsa, padding)
-int flen;
-unsigned char *from;
-unsigned char *to;
-RSA *rsa;
-int padding;
-	{
-	BIGNUM *f=NULL,*ret=NULL;
-	int i,j,k,num=0,r= -1;
-	unsigned char *p;
-	unsigned char *buf=NULL;
-	BN_CTX *ctx=NULL;
-
-	if (	(padding != RSA_PKCS1_PADDING) &&
-		(padding != RSA_SSLV23_PADDING))
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-		goto err;
-		}
-
-	ctx=BN_CTX_new();
-	if (ctx == NULL) goto err;
-
-	num=BN_num_bytes(rsa->n);
-	if (flen > (num-11))
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		goto err;
-		}
-	
-	buf=(unsigned char *)Malloc(num);
-	if (buf == NULL)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	p=(unsigned char *)buf;
-
-	*(p++)=0;
-	*(p++)=2; /* Public Key BT (Block Type) */
-
-	/* pad out with non-zero random data */
-	j=num-3-flen;
-
-	RAND_bytes(p,j);
-	for (i=0; i<j; i++)
-		{
-		if (*p == '\0')
-			do	{
-				RAND_bytes(p,1);
-				} while (*p == '\0');
-		p++;
-		}
-
-	if (padding == RSA_SSLV23_PADDING)
-		memset(&(p[-8]),3,8);
-
-	*(p++)='\0';
-
-	memcpy(p,from,(unsigned int)flen);
-
-	f=BN_new();
-	ret=BN_new();
-	if ((f == NULL) || (ret == NULL)) goto err;
-
-	if (BN_bin2bn(buf,num,f) == NULL) goto err;
-	if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx)) goto err;
-
-	/* put in leading 0 bytes if the number is less than the
-	 * length of the modulus */
-	j=BN_num_bytes(ret);
-	i=BN_bn2bin(ret,&(to[num-j]));
-	for (k=0; k<(num-i); k++)
-		to[k]=0;
-
-	r=num;
-err:
-	if (ctx != NULL) BN_CTX_free(ctx);
-	if (f != NULL) BN_free(f);
-	if (ret != NULL) BN_free(ret);
-	if (buf != NULL) 
-		{
-		memset(buf,0,num);
-		Free(buf);
-		}
-	return(r);
-	}
-
-static int RSA_eay_private_encrypt(flen, from, to, rsa, padding)
-int flen;
-unsigned char *from;
-unsigned char *to;
-RSA *rsa;
-int padding;
-	{
-	BIGNUM *f=NULL,*ret=NULL;
-	int i,j,k,num=0,r= -1;
-	unsigned char *p;
-	unsigned char *buf=NULL;
-	BN_CTX *ctx=NULL;
-
-	if (padding != RSA_PKCS1_PADDING)
-		{
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-		goto err;
-		}
-
-	ctx=BN_CTX_new();
-	if (ctx == NULL) goto err;
-
-	num=BN_num_bytes(rsa->n);
-	if (flen > (num-11))
-		{
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		goto err;
-		}
-	buf=(unsigned char *)Malloc(num);
-	if (buf == NULL)
-		{
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	p=buf;
-
-	*(p++)=0;
-	*(p++)=1; /* Private Key BT (Block Type) */
-
-	/* padd out with 0xff data */
-	j=num-3-flen;
-	for (i=0; i<j; i++)
-		*(p++)=0xff;
-	*(p++)='\0';
-	memcpy(p,from,(unsigned int)flen);
-	ret=BN_new();
-	f=BN_new();
-	if ((ret == NULL) || (f == NULL)) goto err;
-	if (BN_bin2bn(buf,num,f) == NULL) goto err;
-	if (	(rsa->p != NULL) &&
-		(rsa->q != NULL) &&
-		(rsa->dmp1 != NULL) &&
-		(rsa->dmq1 != NULL) &&
-		(rsa->iqmp != NULL))
-		{ if (!rsa->meth->rsa_mod_exp(ret,f,rsa)) goto err; }
-	else
-		{ if (!rsa->meth->bn_mod_exp(ret,f,rsa->d,rsa->n,ctx)) goto err; }
-
-	p=buf;
-	BN_bn2bin(ret,p);
-
-	/* put in leading 0 bytes if the number is less than the
-	 * length of the modulus */
-	j=BN_num_bytes(ret);
-	i=BN_bn2bin(ret,&(to[num-j]));
-	for (k=0; k<(num-i); k++)
-		to[k]=0;
-
-	r=num;
-err:
-	if (ctx != NULL) BN_CTX_free(ctx);
-	if (ret != NULL) BN_free(ret);
-	if (f != NULL) BN_free(f);
-	if (buf != NULL)
-		{
-		memset(buf,0,num);
-		Free(buf);
-		}
-	return(r);
-	}
-
-static int RSA_eay_private_decrypt(flen, from, to, rsa,padding)
-int flen;
-unsigned char *from;
-unsigned char *to;
-RSA *rsa;
-int padding;
-	{
-	BIGNUM *f=NULL,*ret=NULL;
-	int i,j,num=0,r= -1;
-	unsigned char *p;
-	unsigned char *buf=NULL;
-	BN_CTX *ctx=NULL;
-
-	if ((padding != RSA_PKCS1_PADDING) && (padding != RSA_SSLV23_PADDING))
-		{
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-		goto err;
-		}
-
-	ctx=BN_CTX_new();
-	if (ctx == NULL) goto err;
-
-	num=BN_num_bytes(rsa->n);
-
-	buf=(unsigned char *)Malloc(num);
-	if (buf == NULL)
-		{
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	/* This check was for equallity but PGP does evil things
-	 * and chops off the top '0' bytes */
-	if (flen > num)
-		{
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
-		goto err;
-		}
-
-	/* make data into a big number */
-	ret=BN_new();
-	f=BN_new();
-	if ((ret == NULL) || (f == NULL)) goto err;
-	if (BN_bin2bn(from,(int)flen,f) == NULL) goto err;
-	/* do the decrypt */
-	if (	(rsa->p != NULL) &&
-		(rsa->q != NULL) &&
-		(rsa->dmp1 != NULL) &&
-		(rsa->dmq1 != NULL) &&
-		(rsa->iqmp != NULL))
-		{ if (!rsa->meth->rsa_mod_exp(ret,f,rsa)) goto err; }
-	else
-		{ if (!rsa->meth->bn_mod_exp(ret,f,rsa->d,rsa->n,ctx)) goto err; }
-
-	p=buf;
-	BN_bn2bin(ret,p);
-
-	/* BT must be 02 */
-	if (*(p++) != 02)
-		{
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_BLOCK_TYPE_IS_NOT_02);
-		goto err;
-		}
-
-	/* scan over padding data */
-	j=num-2; /* one for type and one for the prepended 0. */
-	for (i=0; i<j; i++)
-		if (*(p++) == 0) break;
-
-	if (i == j)
-		{
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_NULL_BEFORE_BLOCK_MISSING);
-		goto err;
-		}
-
-	if (i < 8)
-		{
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_BAD_PAD_BYTE_COUNT);
-		goto err;
-		}
-
-#undef RSA_DEBUG
-#ifdef RSA_DEBUG
-	{
-	int z;
-	unsigned char *q;
-	q= &(p[-9]);
-	fprintf(stderr,"\n");
-	for (z=0; z<8; z++) fprintf(stderr,"%02X",q[z]);
-	fprintf(stderr,"\n");
-	}
-#endif
-
-	if (padding == RSA_SSLV23_PADDING)
-		{
-		int z;
-		unsigned char *q;
-
-		/* -9 because we have jumped the '\0' */
-		q= &(p[-9]);
-		for (z=0; z<8; z++)
-			{
-			if (*(q++) != 0x03)
-				break;
-			}
-		if (z == 8)
-			{
-			RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_SSLV3_ROLLBACK_ATTACK);
-			goto err;
-			}
-		}
-
-	/* skip over the '\0' */
-	i++;	
-	j-=i;
-
-	/* output data */
-	memcpy(to,p,(unsigned int)j);
-	r=j;
-err:
-	if (ctx != NULL) BN_CTX_free(ctx);
-	if (f != NULL) BN_free(f);
-	if (ret != NULL) BN_free(ret);
-	if (buf != NULL)
-		{
-		memset(buf,0,num);
-		Free(buf);
-		}
-	return(r);
-	}
-
-static int RSA_eay_public_decrypt(flen, from, to, rsa, padding)
-int flen;
-unsigned char *from;
-unsigned char *to;
-RSA *rsa;
-int padding;
-	{
-	BIGNUM *f=NULL,*ret=NULL;
-	int i,j,num=0,r= -1;
-	unsigned char *p;
-	unsigned char *buf=NULL;
-	BN_CTX *ctx=NULL;
-
-	if (padding != RSA_PKCS1_PADDING)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-		goto err;
-		}
-
-	ctx=BN_CTX_new();
-	if (ctx == NULL) goto err;
-
-	num=BN_num_bytes(rsa->n);
-	buf=(unsigned char *)Malloc(num);
-	if (buf == NULL)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	/* This check was for equallity but PGP does evil things
-	 * and chops off the top '0' bytes */
-	if (flen > num)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
-		goto err;
-		}
-
-	/* make data into a big number */
-	f=BN_new();
-	ret=BN_new();
-	if ((f == NULL) || (ret == NULL)) goto err;
-
-	if (BN_bin2bn(from,flen,f) == NULL) goto err;
-	/* do the decrypt */
-	if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx)) goto err;
-
-	p=buf;
-	i=BN_bn2bin(ret,p);
-
-	/* BT must be 01 */
-	if (*(p++) != 01)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_BLOCK_TYPE_IS_NOT_01);
-		goto err;
-		}
-
-	/* scan over padding data */
-	j=num-2; /* one for type and one for the prepended 0. */
-	for (i=0; i<j; i++)
-		{
-		if (*p != 0xff) /* should decrypt to 0xff */
-			{
-			if (*p == 0)
-				{ p++; break; }
-			else	{
-				RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_BAD_FIXED_HEADER_DECRYPT);
-				goto err;
-				}
-			}
-		p++;
-		}
-	if (i == j)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_NULL_BEFORE_BLOCK_MISSING);
-		goto err;
-		}
-	if (i < 8)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_BAD_PAD_BYTE_COUNT);
-		goto err;
-		}
-
-	/* skip over the '\0' */
-	i++;	
-	j-=i;
-
-	/* output data */
-	memcpy(to,p,(unsigned int)j);
-	r=j;
-err:
-	if (ctx != NULL) BN_CTX_free(ctx);
-	if (f != NULL) BN_free(f);
-	if (ret != NULL) BN_free(ret);
-	if (buf != NULL)
-		{
-		memset(buf,0,num);
-		Free(buf);
-		}
-	return(r);
-	}
-
-static int RSA_eay_mod_exp(r0, I, rsa)
-BIGNUM *r0;
-BIGNUM *I;
-RSA *rsa;
-	{
-	BIGNUM *r1=NULL,*m1=NULL;
-	int ret=0;
-	BN_CTX *ctx;
-
-	if ((ctx=BN_CTX_new()) == NULL) goto err;
-	m1=BN_new();
-	r1=BN_new();
-	if ((m1 == NULL) || (r1 == NULL)) goto err;
-
-	if (!BN_mod(r1,I,rsa->q,ctx)) goto err;
-	if (!rsa->meth->bn_mod_exp(m1,r1,rsa->dmq1,rsa->q,ctx)) goto err;
-
-	if (!BN_mod(r1,I,rsa->p,ctx)) goto err;
-	if (!rsa->meth->bn_mod_exp(r0,r1,rsa->dmp1,rsa->p,ctx)) goto err;
-
-	if (!BN_add(r1,r0,rsa->p)) goto err;
-	if (!BN_sub(r0,r1,m1)) goto err;
-
-	if (!BN_mul(r1,r0,rsa->iqmp)) goto err;
-	if (!BN_mod(r0,r1,rsa->p,ctx)) goto err;
-	if (!BN_mul(r1,r0,rsa->q)) goto err;
-	if (!BN_add(r0,r1,m1)) goto err;
-	
-	ret=1;
-err:
-	if (m1 != NULL) BN_free(m1);
-	if (r1 != NULL) BN_free(r1);
-	BN_CTX_free(ctx);
-	return(ret);
-	}
-
-
diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
index 7899a5d4e2..a7766c3b76 100644
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -1,80 +1,87 @@
-/* lib/rsa/rsa_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/rsa/rsa_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "rsa.h"
+#include <openssl/err.h>
+#include <openssl/rsa.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA RSA_str_functs[]=
 	{
 {ERR_PACK(0,RSA_F_MEMORY_LOCK,0),	"MEMORY_LOCK"},
+{ERR_PACK(0,RSA_F_RSA_CHECK_KEY,0),	"RSA_check_key"},
 {ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0),	"RSA_EAY_PRIVATE_DECRYPT"},
 {ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0),	"RSA_EAY_PRIVATE_ENCRYPT"},
 {ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0),	"RSA_EAY_PUBLIC_DECRYPT"},
 {ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_ENCRYPT,0),	"RSA_EAY_PUBLIC_ENCRYPT"},
 {ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0),	"RSA_generate_key"},
 {ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0),	"RSA_new_method"},
+{ERR_PACK(0,RSA_F_RSA_NULL,0),	"RSA_NULL"},
 {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0),	"RSA_padding_add_none"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,0),	"RSA_padding_add_PKCS1_OAEP"},
 {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0),	"RSA_padding_add_PKCS1_type_1"},
 {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,0),	"RSA_padding_add_PKCS1_type_2"},
 {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_SSLV23,0),	"RSA_padding_add_SSLv23"},
 {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_NONE,0),	"RSA_padding_check_none"},
+{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,0),	"RSA_padding_check_PKCS1_OAEP"},
 {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,0),	"RSA_padding_check_PKCS1_type_1"},
 {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,0),	"RSA_padding_check_PKCS1_type_2"},
 {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_SSLV23,0),	"RSA_padding_check_SSLv23"},
@@ -84,7 +91,7 @@ static ERR_STRING_DATA RSA_str_functs[]=
 {ERR_PACK(0,RSA_F_RSA_SIGN_ASN1_OCTET_STRING,0),	"RSA_sign_ASN1_OCTET_STRING"},
 {ERR_PACK(0,RSA_F_RSA_VERIFY,0),	"RSA_verify"},
 {ERR_PACK(0,RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,0),	"RSA_verify_ASN1_OCTET_STRING"},
-{0,NULL},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA RSA_str_reasons[]=
@@ -94,34 +101,46 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {RSA_R_BAD_FIXED_HEADER_DECRYPT          ,"bad fixed header decrypt"},
 {RSA_R_BAD_PAD_BYTE_COUNT                ,"bad pad byte count"},
 {RSA_R_BAD_SIGNATURE                     ,"bad signature"},
-{RSA_R_BAD_ZERO_BYTE                     ,"bad zero byte"},
 {RSA_R_BLOCK_TYPE_IS_NOT_01              ,"block type is not 01"},
 {RSA_R_BLOCK_TYPE_IS_NOT_02              ,"block type is not 02"},
 {RSA_R_DATA_GREATER_THAN_MOD_LEN         ,"data greater than mod len"},
 {RSA_R_DATA_TOO_LARGE                    ,"data too large"},
 {RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       ,"data too large for key size"},
+{RSA_R_DATA_TOO_LARGE_FOR_MODULUS        ,"data too large for modulus"},
 {RSA_R_DATA_TOO_SMALL                    ,"data too small"},
+{RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE       ,"data too small for key size"},
 {RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY        ,"digest too big for rsa key"},
+{RSA_R_DMP1_NOT_CONGRUENT_TO_D           ,"dmp1 not congruent to d"},
+{RSA_R_DMQ1_NOT_CONGRUENT_TO_D           ,"dmq1 not congruent to d"},
+{RSA_R_D_E_NOT_CONGRUENT_TO_1            ,"d e not congruent to 1"},
+{RSA_R_INVALID_MESSAGE_LENGTH            ,"invalid message length"},
+{RSA_R_IQMP_NOT_INVERSE_OF_Q             ,"iqmp not inverse of q"},
+{RSA_R_KEY_SIZE_TOO_SMALL                ,"key size too small"},
 {RSA_R_NULL_BEFORE_BLOCK_MISSING         ,"null before block missing"},
+{RSA_R_N_DOES_NOT_EQUAL_P_Q              ,"n does not equal p q"},
+{RSA_R_OAEP_DECODING_ERROR               ,"oaep decoding error"},
 {RSA_R_PADDING_CHECK_FAILED              ,"padding check failed"},
+{RSA_R_P_NOT_PRIME                       ,"p not prime"},
+{RSA_R_Q_NOT_PRIME                       ,"q not prime"},
+{RSA_R_RSA_OPERATIONS_NOT_SUPPORTED      ,"rsa operations not supported"},
 {RSA_R_SSLV3_ROLLBACK_ATTACK             ,"sslv3 rollback attack"},
 {RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
 {RSA_R_UNKNOWN_ALGORITHM_TYPE            ,"unknown algorithm type"},
 {RSA_R_UNKNOWN_PADDING_TYPE              ,"unknown padding type"},
 {RSA_R_WRONG_SIGNATURE_LENGTH            ,"wrong signature length"},
-{0,NULL},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_RSA_strings()
+void ERR_load_RSA_strings(void)
 	{
 	static int init=1;
 
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_RSA,RSA_str_functs);
 		ERR_load_strings(ERR_LIB_RSA,RSA_str_reasons);
 #endif
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index 936db49515..00c25adbc5 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -59,14 +59,11 @@
 #include <stdio.h>
 #include <time.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-
-RSA *RSA_generate_key(bits, e_value, callback,cb_arg)
-int bits;
-unsigned long e_value;
-void (*callback)(P_I_I_P);
-char *cb_arg;
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+
+RSA *RSA_generate_key(int bits, unsigned long e_value,
+	     void (*callback)(int,int,void *), void *cb_arg)
 	{
 	RSA *rsa=NULL;
 	BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
@@ -77,11 +74,12 @@ char *cb_arg;
 	if (ctx == NULL) goto err;
 	ctx2=BN_CTX_new();
 	if (ctx2 == NULL) goto err;
-	r0= &(ctx->bn[0]);
-	r1= &(ctx->bn[1]);
-	r2= &(ctx->bn[2]);
-	r3= &(ctx->bn[3]);
-	ctx->tos+=4;
+	BN_CTX_start(ctx);
+	r0 = BN_CTX_get(ctx);
+	r1 = BN_CTX_get(ctx);
+	r2 = BN_CTX_get(ctx);
+	r3 = BN_CTX_get(ctx);
+	if (r3 == NULL) goto err;
 
 	bitsp=(bits+1)/2;
 	bitsq=bits-bitsp;
@@ -97,7 +95,7 @@ char *cb_arg;
 	 * unsigned long can be larger */
 	for (i=0; i<sizeof(unsigned long)*8; i++)
 		{
-		if (e_value & (1<<i))
+		if (e_value & (1UL<<i))
 			BN_set_bit(rsa->e,i);
 		}
 #else
@@ -160,7 +158,7 @@ char *cb_arg;
 		goto err;
 		}
 */
-	rsa->d=(BIGNUM *)BN_mod_inverse(NULL,rsa->e,r0,ctx2);	/* d */
+	rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2);	/* d */
 	if (rsa->d == NULL) goto err;
 
 	/* calculate d mod (p-1) */
@@ -184,6 +182,7 @@ err:
 		RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN);
 		ok=0;
 		}
+	BN_CTX_end(ctx);
 	BN_CTX_free(ctx);
 	BN_CTX_free(ctx2);
 	
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 5ce51f9f56..93235744f7 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -57,53 +57,103 @@
  */
 
 #include <stdio.h>
-#include "crypto.h"
+#include <openssl/crypto.h>
 #include "cryptlib.h"
-#include "lhash.h"
-#include "bn.h"
-#include "rsa.h"
+#include <openssl/lhash.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/engine.h>
 
-char *RSA_version="RSA part of SSLeay 0.9.1a 06-Jul-1998";
+const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
 
-static RSA_METHOD *default_RSA_meth=NULL;
-static int rsa_meth_num=0;
-static STACK *rsa_meth=NULL;
+static const RSA_METHOD *default_RSA_meth=NULL;
 
-RSA *RSA_new()
+RSA *RSA_new(void)
 	{
 	return(RSA_new_method(NULL));
 	}
 
-void RSA_set_default_method(meth)
-RSA_METHOD *meth;
+void RSA_set_default_method(const RSA_METHOD *meth)
 	{
-	default_RSA_meth=meth;
+	default_RSA_meth = meth;
 	}
 
-RSA *RSA_new_method(meth)
-RSA_METHOD *meth;
+const RSA_METHOD *RSA_get_default_method(void)
 	{
-	RSA *ret;
-
 	if (default_RSA_meth == NULL)
 		{
-#ifdef RSAref
+#ifdef RSA_NULL
+		default_RSA_meth=RSA_null_method();
+#else
+#if 0 /* was: #ifdef RSAref */
 		default_RSA_meth=RSA_PKCS1_RSAref();
 #else
 		default_RSA_meth=RSA_PKCS1_SSLeay();
 #endif
+#endif
 		}
-	ret=(RSA *)Malloc(sizeof(RSA));
+
+	return default_RSA_meth;
+	}
+
+const RSA_METHOD *RSA_get_method(const RSA *rsa)
+	{
+	return rsa->meth;
+	}
+
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
+	{
+	/* NB: The caller is specifically setting a method, so it's not up to us
+	 * to deal with which ENGINE it comes from. */
+	const RSA_METHOD *mtmp;
+	mtmp = rsa->meth;
+	if (mtmp->finish) mtmp->finish(rsa);
+	if (rsa->engine)
+		{
+		ENGINE_finish(rsa->engine);
+		rsa->engine = NULL;
+		}
+	rsa->meth = meth;
+	if (meth->init) meth->init(rsa);
+	return 1;
+	}
+
+RSA *RSA_new_method(ENGINE *engine)
+	{
+	RSA *ret;
+
+	ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
 	if (ret == NULL)
 		{
 		RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-		return(NULL);
+		return NULL;
 		}
 
-	if (meth == NULL)
-		ret->meth=default_RSA_meth;
+	ret->meth = RSA_get_default_method();
+	if (engine)
+		{
+		if (!ENGINE_init(engine))
+			{
+			RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+			OPENSSL_free(ret);
+			return NULL;
+			}
+		ret->engine = engine;
+		}
 	else
-		ret->meth=meth;
+		ret->engine = ENGINE_get_default_RSA();
+	if(ret->engine)
+		{
+		ret->meth = ENGINE_get_RSA(ret->engine);
+		if(!ret->meth)
+			{
+			RSAerr(RSA_F_RSA_NEW_METHOD,
+				ERR_R_ENGINE_LIB);
+			ENGINE_finish(ret->engine);
+			OPENSSL_free(ret);
+			return NULL;
+			}
+		}
 
 	ret->pad=0;
 	ret->version=0;
@@ -116,24 +166,25 @@ RSA_METHOD *meth;
 	ret->dmq1=NULL;
 	ret->iqmp=NULL;
 	ret->references=1;
-	ret->method_mod_n=NULL;
-	ret->method_mod_p=NULL;
-	ret->method_mod_q=NULL;
+	ret->_method_mod_n=NULL;
+	ret->_method_mod_p=NULL;
+	ret->_method_mod_q=NULL;
 	ret->blinding=NULL;
 	ret->bignum_data=NULL;
 	ret->flags=ret->meth->flags;
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
 	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
 		{
-		Free(ret);
+		if (ret->engine)
+			ENGINE_finish(ret->engine);
+		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+		OPENSSL_free(ret);
 		ret=NULL;
 		}
-	else
-		CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data);
 	return(ret);
 	}
 
-void RSA_free(r)
-RSA *r;
+void RSA_free(RSA *r)
 	{
 	int i;
 
@@ -152,10 +203,12 @@ RSA *r;
 		}
 #endif
 
-	CRYPTO_free_ex_data(rsa_meth,(char *)r,&r->ex_data);
-
-	if (r->meth->finish != NULL)
+	if (r->meth->finish)
 		r->meth->finish(r);
+	if (r->engine)
+		ENGINE_finish(r->engine);
+
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
 
 	if (r->n != NULL) BN_clear_free(r->n);
 	if (r->e != NULL) BN_clear_free(r->e);
@@ -166,91 +219,78 @@ RSA *r;
 	if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
 	if (r->iqmp != NULL) BN_clear_free(r->iqmp);
 	if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
-	if (r->bignum_data != NULL) Free_locked(r->bignum_data);
-	Free(r);
+	if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
+	OPENSSL_free(r);
+	}
+
+int RSA_up_ref(RSA *r)
+	{
+	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
+#ifdef REF_PRINT
+	REF_PRINT("RSA",r);
+#endif
+#ifdef REF_CHECK
+	if (i < 2)
+		{
+		fprintf(stderr, "RSA_up_ref, bad reference count\n");
+		abort();
+		}
+#endif
+	return ((i > 1) ? 1 : 0);
 	}
 
-int RSA_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
-long argl;
-char *argp;
-int (*new_func)();
-int (*dup_func)();
-void (*free_func)();
+int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
         {
-	rsa_meth_num++;
-	return(CRYPTO_get_ex_new_index(rsa_meth_num-1,
-		&rsa_meth,argl,argp,new_func,dup_func,free_func));
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
+				new_func, dup_func, free_func);
         }
 
-int RSA_set_ex_data(r,idx,arg)
-RSA *r;
-int idx;
-char *arg;
+int RSA_set_ex_data(RSA *r, int idx, void *arg)
 	{
 	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
 	}
 
-char *RSA_get_ex_data(r,idx)
-RSA *r;
-int idx;
+void *RSA_get_ex_data(const RSA *r, int idx)
 	{
 	return(CRYPTO_get_ex_data(&r->ex_data,idx));
 	}
 
-int RSA_size(r)
-RSA *r;
+int RSA_size(const RSA *r)
 	{
 	return(BN_num_bytes(r->n));
 	}
 
-int RSA_public_encrypt(flen, from, to, rsa, padding)
-int flen;
-unsigned char *from;
-unsigned char *to;
-RSA *rsa;
-int padding;
+int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
+	     RSA *rsa, int padding)
 	{
 	return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
 	}
 
-int RSA_private_encrypt(flen, from, to, rsa, padding)
-int flen;
-unsigned char *from;
-unsigned char *to;
-RSA *rsa;
-int padding;
+int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
+	     RSA *rsa, int padding)
 	{
 	return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
 	}
 
-int RSA_private_decrypt(flen, from, to, rsa, padding)
-int flen;
-unsigned char *from;
-unsigned char *to;
-RSA *rsa;
-int padding;
+int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
+	     RSA *rsa, int padding)
 	{
 	return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
 	}
 
-int RSA_public_decrypt(flen, from, to, rsa, padding)
-int flen;
-unsigned char *from;
-unsigned char *to;
-RSA *rsa;
-int padding;
+int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
+	     RSA *rsa, int padding)
 	{
 	return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
 	}
 
-int RSA_flags(r)
-RSA *r;
+int RSA_flags(const RSA *r)
 	{
 	return((r == NULL)?0:r->meth->flags);
 	}
 
-void RSA_blinding_off(rsa)
-RSA *rsa;
+void RSA_blinding_off(RSA *rsa)
 	{
 	if (rsa->blinding != NULL)
 		{
@@ -260,9 +300,7 @@ RSA *rsa;
 	rsa->flags&= ~RSA_FLAG_BLINDING;
 	}
 
-int RSA_blinding_on(rsa,p_ctx)
-RSA *rsa;
-BN_CTX *p_ctx;
+int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
 	{
 	BIGNUM *A,*Ai;
 	BN_CTX *ctx;
@@ -278,25 +316,24 @@ BN_CTX *p_ctx;
 	if (rsa->blinding != NULL)
 		BN_BLINDING_free(rsa->blinding);
 
-	A= &(ctx->bn[0]);
-	ctx->tos++;
-	if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err;
+	BN_CTX_start(ctx);
+	A = BN_CTX_get(ctx);
+	if (!BN_rand_range(A,rsa->n)) goto err;
 	if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
 
-	if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,
-		(char *)rsa->method_mod_n)) goto err;
+	if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
+	    goto err;
 	rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n);
-	ctx->tos--;
 	rsa->flags|=RSA_FLAG_BLINDING;
 	BN_free(Ai);
 	ret=1;
 err:
+	BN_CTX_end(ctx);
 	if (ctx != p_ctx) BN_CTX_free(ctx);
 	return(ret);
 	}
 
-int RSA_memory_lock(r)
-RSA *r;
+int RSA_memory_lock(RSA *r)
 	{
 	int i,j,k,off;
 	char *p;
@@ -315,7 +352,7 @@ RSA *r;
 	j=1;
 	for (i=0; i<6; i++)
 		j+= (*t[i])->top;
-	if ((p=Malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
+	if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
 		{
 		RSAerr(RSA_F_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
 		return(0);
@@ -340,4 +377,3 @@ RSA *r;
 	r->bignum_data=p;
 	return(1);
 	}
-
diff --git a/crypto/rsa/rsa_none.c b/crypto/rsa/rsa_none.c
index 6385b556be..e6f3e627ca 100644
--- a/crypto/rsa/rsa_none.c
+++ b/crypto/rsa/rsa_none.c
@@ -58,53 +58,41 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "rand.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
 
-int RSA_padding_add_none(to,tlen,from,flen)
-unsigned char *to;
-int tlen;
-unsigned char *from;
-int flen;
+int RSA_padding_add_none(unsigned char *to, int tlen,
+	const unsigned char *from, int flen)
 	{
-	if (flen >= tlen)
+	if (flen > tlen)
 		{
 		RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
 		return(0);
 		}
+
+	if (flen < tlen)
+		{
+		RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
+		return(0);
+		}
 	
-	*(to++)=0;
 	memcpy(to,from,(unsigned int)flen);
 	return(1);
 	}
 
-int RSA_padding_check_none(to,tlen,from,flen,num)
-unsigned char *to;
-int tlen;
-unsigned char *from;
-int flen;
-int num;
+int RSA_padding_check_none(unsigned char *to, int tlen,
+	const unsigned char *from, int flen, int num)
 	{
-	int j;
 
-	from++;
-	if (flen+1 > tlen)
+	if (flen > tlen)
 		{
 		RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE);
 		return(-1);
 		}
-	if (flen+1 >= num)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_BAD_ZERO_BYTE);
-		return(-1);
-		}
 
-	/* scan over padding data */
-	j=flen-1; /* one for type and one for the prepended 0. */
-	memset(to,0,tlen-j);
-	to+=(tlen-j);
-	memcpy(to,from,j);
-	return(j);
+	memset(to,0,tlen-flen);
+	memcpy(to+tlen-flen,from,flen);
+	return(tlen);
 	}
 
diff --git a/crypto/rsa/rsa_null.c b/crypto/rsa/rsa_null.c
new file mode 100644
index 0000000000..64057fbdcf
--- /dev/null
+++ b/crypto/rsa/rsa_null.c
@@ -0,0 +1,150 @@
+/* rsa_null.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+
+/* This is a dummy RSA implementation that just returns errors when called.
+ * It is designed to allow some RSA functions to work while stopping those
+ * covered by the RSA patent. That is RSA, encryption, decryption, signing
+ * and verify is not allowed but RSA key generation, key checking and other
+ * operations (like storing RSA keys) are permitted.
+ */
+
+static int RSA_null_public_encrypt(int flen, const unsigned char *from,
+		unsigned char *to, RSA *rsa,int padding);
+static int RSA_null_private_encrypt(int flen, const unsigned char *from,
+		unsigned char *to, RSA *rsa,int padding);
+static int RSA_null_public_decrypt(int flen, const unsigned char *from,
+		unsigned char *to, RSA *rsa,int padding);
+static int RSA_null_private_decrypt(int flen, const unsigned char *from,
+		unsigned char *to, RSA *rsa,int padding);
+#if 0 /* not currently used */
+static int RSA_null_mod_exp(const BIGNUM *r0, const BIGNUM *i, RSA *rsa);
+#endif
+static int RSA_null_init(RSA *rsa);
+static int RSA_null_finish(RSA *rsa);
+static RSA_METHOD rsa_null_meth={
+	"Null RSA",
+	RSA_null_public_encrypt,
+	RSA_null_public_decrypt,
+	RSA_null_private_encrypt,
+	RSA_null_private_decrypt,
+	NULL,
+	NULL,
+	RSA_null_init,
+	RSA_null_finish,
+	0,
+	NULL,
+	};
+
+const RSA_METHOD *RSA_null_method(void)
+	{
+	return(&rsa_null_meth);
+	}
+
+static int RSA_null_public_encrypt(int flen, const unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding)
+	{
+	RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+	return -1;
+	}
+
+static int RSA_null_private_encrypt(int flen, const unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding)
+	{
+	RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+	return -1;
+	}
+
+static int RSA_null_private_decrypt(int flen, const unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding)
+	{
+	RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+	return -1;
+	}
+
+static int RSA_null_public_decrypt(int flen, const unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding)
+	{
+	RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+	return -1;
+	}
+
+#if 0 /* not currently used */
+static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
+	{
+	RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+	return -1;
+	}
+#endif
+
+static int RSA_null_init(RSA *rsa)
+	{
+	return(1);
+	}
+
+static int RSA_null_finish(RSA *rsa)
+	{
+	return(1);
+	}
+
+
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
new file mode 100644
index 0000000000..e3f7c608ec
--- /dev/null
+++ b/crypto/rsa/rsa_oaep.c
@@ -0,0 +1,206 @@
+/* crypto/rsa/rsa_oaep.c */
+/* Written by Ulf Moeller. This software is distributed on an "AS IS"
+   basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
+
+/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
+
+/* See Victor Shoup, "OAEP reconsidered," Nov. 2000,
+ * <URL: http://www.shoup.net/papers/oaep.ps.Z>
+ * for problems with the security proof for the
+ * original OAEP scheme, which EME-OAEP is based on.
+ * 
+ * A new proof can be found in E. Fujisaki, T. Okamoto,
+ * D. Pointcheval, J. Stern, "RSA-OEAP is Still Alive!",
+ * Dec. 2000, <URL: http://eprint.iacr.org/2000/061/>.
+ * The new proof has stronger requirements for the
+ * underlying permutation: "partial-one-wayness" instead
+ * of one-wayness.  For the RSA function, this is
+ * an equivalent notion.
+ */
+
+
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+
+int MGF1(unsigned char *mask, long len,
+	const unsigned char *seed, long seedlen);
+
+int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+	const unsigned char *from, int flen,
+	const unsigned char *param, int plen)
+	{
+	int i, emlen = tlen - 1;
+	unsigned char *db, *seed;
+	unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
+
+	if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1)
+		{
+		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
+		   RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+		return 0;
+		}
+
+	if (emlen < 2 * SHA_DIGEST_LENGTH + 1)
+		{
+		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL);
+		return 0;
+		}
+
+	dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
+	if (dbmask == NULL)
+		{
+		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
+
+	to[0] = 0;
+	seed = to + 1;
+	db = to + SHA_DIGEST_LENGTH + 1;
+
+	EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL);
+	memset(db + SHA_DIGEST_LENGTH, 0,
+		emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
+	db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
+	memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen);
+	if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0)
+		return 0;
+#ifdef PKCS_TESTVECT
+	memcpy(seed,
+	   "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
+	   20);
+#endif
+
+	MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
+	for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
+		db[i] ^= dbmask[i];
+
+	MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
+	for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+		seed[i] ^= seedmask[i];
+
+	OPENSSL_free(dbmask);
+	return 1;
+	}
+
+int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+	const unsigned char *from, int flen, int num,
+	const unsigned char *param, int plen)
+	{
+	int i, dblen, mlen = -1;
+	const unsigned char *maskeddb;
+	int lzero;
+	unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
+	int bad = 0;
+
+	if (--num < 2 * SHA_DIGEST_LENGTH + 1)
+		/* 'num' is the length of the modulus, i.e. does not depend on the
+		 * particular ciphertext. */
+		goto decoding_err;
+
+	lzero = num - flen;
+	if (lzero < 0)
+		{
+		/* lzero == -1 */
+
+		/* signalling this error immediately after detection might allow
+		 * for side-channel attacks (e.g. timing if 'plen' is huge
+		 * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal
+		 * Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001),
+		 * so we use a 'bad' flag */
+		bad = 1;
+		lzero = 0;
+		}
+	maskeddb = from - lzero + SHA_DIGEST_LENGTH;
+
+	dblen = num - SHA_DIGEST_LENGTH;
+	db = OPENSSL_malloc(dblen);
+	if (db == NULL)
+		{
+		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+		return -1;
+		}
+
+	MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
+	for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
+		seed[i] ^= from[i - lzero];
+  
+	MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
+	for (i = 0; i < dblen; i++)
+		db[i] ^= maskeddb[i];
+
+	EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL);
+
+	if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
+		goto decoding_err;
+	else
+		{
+		for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
+			if (db[i] != 0x00)
+				break;
+		if (db[i] != 0x01 || i++ >= dblen)
+			goto decoding_err;
+		else
+			{
+			/* everything looks OK */
+
+			mlen = dblen - i;
+			if (tlen < mlen)
+				{
+				RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
+				mlen = -1;
+				}
+			else
+				memcpy(to, db + i, mlen);
+			}
+		}
+	OPENSSL_free(db);
+	return mlen;
+
+decoding_err:
+	/* to avoid chosen ciphertext attacks, the error message should not reveal
+	 * which kind of decoding error happened */
+	RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
+	if (db != NULL) OPENSSL_free(db);
+	return -1;
+	}
+
+int MGF1(unsigned char *mask, long len,
+	const unsigned char *seed, long seedlen)
+	{
+	long i, outlen = 0;
+	unsigned char cnt[4];
+	EVP_MD_CTX c;
+	unsigned char md[SHA_DIGEST_LENGTH];
+
+	EVP_MD_CTX_init(&c);
+	for (i = 0; outlen < len; i++)
+		{
+		cnt[0] = (unsigned char)((i >> 24) & 255);
+		cnt[1] = (unsigned char)((i >> 16) & 255);
+		cnt[2] = (unsigned char)((i >> 8)) & 255;
+		cnt[3] = (unsigned char)(i & 255);
+		EVP_DigestInit_ex(&c,EVP_sha1(), NULL);
+		EVP_DigestUpdate(&c, seed, seedlen);
+		EVP_DigestUpdate(&c, cnt, 4);
+		if (outlen + SHA_DIGEST_LENGTH <= len)
+			{
+			EVP_DigestFinal_ex(&c, mask + outlen, NULL);
+			outlen += SHA_DIGEST_LENGTH;
+			}
+		else
+			{
+			EVP_DigestFinal_ex(&c, md, NULL);
+			memcpy(mask + outlen, md, len - outlen);
+			outlen = len;
+			}
+		}
+	EVP_MD_CTX_cleanup(&c);
+	return 0;
+	}
+#endif
diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c
index 4638187970..8560755f1d 100644
--- a/crypto/rsa/rsa_pk1.c
+++ b/crypto/rsa/rsa_pk1.c
@@ -58,32 +58,17 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "rand.h"
-
-#ifndef NOPROTO
-int RSA_padding_add_PKCS1_type_1();
-int RSA_padding_check_PKCS1_type_1();
-int RSA_padding_add_PKCS1_type_2();
-int RSA_padding_check_PKCS1_type_2();
-int RSA_padding_add_SSLv23();
-int RSA_padding_check_SSLv23();
-int RSA_padding_add_none();
-int RSA_padding_check_none();
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
 
-#endif
-
-int RSA_padding_add_PKCS1_type_1(to,tlen,from,flen)
-unsigned char *to;
-int tlen;
-unsigned char *from;
-int flen;
+int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+	     const unsigned char *from, int flen)
 	{
 	int j;
 	unsigned char *p;
 
-	if (flen > (tlen-11))
+	if (flen > (tlen-RSA_PKCS1_PADDING_SIZE))
 		{
 		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
 		return(0);
@@ -94,7 +79,7 @@ int flen;
 	*(p++)=0;
 	*(p++)=1; /* Private Key BT (Block Type) */
 
-	/* padd out with 0xff data */
+	/* pad out with 0xff data */
 	j=tlen-3-flen;
 	memset(p,0xff,j);
 	p+=j;
@@ -103,15 +88,11 @@ int flen;
 	return(1);
 	}
 
-int RSA_padding_check_PKCS1_type_1(to,tlen,from,flen,num)
-unsigned char *to;
-int tlen;
-unsigned char *from;
-int flen;
-int num;
+int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+	     const unsigned char *from, int flen, int num)
 	{
 	int i,j;
-	unsigned char *p;
+	const unsigned char *p;
 
 	p=from;
 	if ((num != (flen+1)) || (*(p++) != 01))
@@ -149,16 +130,18 @@ int num;
 		}
 	i++; /* Skip over the '\0' */
 	j-=i;
+	if (j > tlen)
+		{
+		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE);
+		return(-1);
+		}
 	memcpy(to,p,(unsigned int)j);
 
 	return(j);
 	}
 
-int RSA_padding_add_PKCS1_type_2(to,tlen,from,flen)
-unsigned char *to;
-int tlen;
-unsigned char *from;
-int flen;
+int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+	     const unsigned char *from, int flen)
 	{
 	int i,j;
 	unsigned char *p;
@@ -177,12 +160,14 @@ int flen;
 	/* pad out with non-zero random data */
 	j=tlen-3-flen;
 
-	RAND_bytes(p,j);
+	if (RAND_bytes(p,j) <= 0)
+		return(0);
 	for (i=0; i<j; i++)
 		{
 		if (*p == '\0')
 			do	{
-				RAND_bytes(p,1);
+				if (RAND_bytes(p,1) <= 0)
+					return(0);
 				} while (*p == '\0');
 		p++;
 		}
@@ -193,15 +178,11 @@ int flen;
 	return(1);
 	}
 
-int RSA_padding_check_PKCS1_type_2(to,tlen,from,flen,num)
-unsigned char *to;
-int tlen;
-unsigned char *from;
-int flen;
-int num;
+int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+	     const unsigned char *from, int flen, int num)
 	{
 	int i,j;
-	unsigned char *p;
+	const unsigned char *p;
 
 	p=from;
 	if ((num != (flen+1)) || (*(p++) != 02))
@@ -231,6 +212,11 @@ int num;
 		}
 	i++; /* Skip over the '\0' */
 	j-=i;
+	if (j > tlen)
+		{
+		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE);
+		return(-1);
+		}
 	memcpy(to,p,(unsigned int)j);
 
 	return(j);
diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c
index fb0fae5a43..f462716a57 100644
--- a/crypto/rsa/rsa_saos.c
+++ b/crypto/rsa/rsa_saos.c
@@ -58,18 +58,14 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-int RSA_sign_ASN1_OCTET_STRING(type,m,m_len,sigret,siglen,rsa)
-int type;
-unsigned char *m;
-unsigned int m_len;
-unsigned char *sigret;
-unsigned int *siglen;
-RSA *rsa;
+int RSA_sign_ASN1_OCTET_STRING(int type,
+	const unsigned char *m, unsigned int m_len,
+	unsigned char *sigret, unsigned int *siglen, RSA *rsa)
 	{
 	ASN1_OCTET_STRING sig;
 	int i,j,ret=1;
@@ -77,16 +73,16 @@ RSA *rsa;
 
 	sig.type=V_ASN1_OCTET_STRING;
 	sig.length=m_len;
-	sig.data=m;
+	sig.data=(unsigned char *)m;
 
 	i=i2d_ASN1_OCTET_STRING(&sig,NULL);
 	j=RSA_size(rsa);
-	if ((i-RSA_PKCS1_PADDING) > j)
+	if (i > (j-RSA_PKCS1_PADDING_SIZE))
 		{
 		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
 		return(0);
 		}
-	s=(unsigned char *)Malloc((unsigned int)j+1);
+	s=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);
 	if (s == NULL)
 		{
 		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
@@ -100,18 +96,15 @@ RSA *rsa;
 	else
 		*siglen=i;
 
-	memset(s,0,(unsigned int)j+1);
-	Free(s);
+	OPENSSL_cleanse(s,(unsigned int)j+1);
+	OPENSSL_free(s);
 	return(ret);
 	}
 
-int RSA_verify_ASN1_OCTET_STRING(dtype, m, m_len, sigbuf, siglen, rsa)
-int dtype;
-unsigned char *m;
-unsigned int m_len;
-unsigned char *sigbuf;
-unsigned int siglen;
-RSA *rsa;
+int RSA_verify_ASN1_OCTET_STRING(int dtype,
+	const unsigned char *m,
+	unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
+	RSA *rsa)
 	{
 	int i,ret=0;
 	unsigned char *p,*s;
@@ -123,7 +116,7 @@ RSA *rsa;
 		return(0);
 		}
 
-	s=(unsigned char *)Malloc((unsigned int)siglen);
+	s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
 	if (s == NULL)
 		{
 		RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
@@ -145,9 +138,9 @@ RSA *rsa;
 	else
 		ret=1;
 err:
-	if (sig != NULL) ASN1_OCTET_STRING_free(sig);
-	memset(s,0,(unsigned int)siglen);
-	Free(s);
+	if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
+	OPENSSL_cleanse(s,(unsigned int)siglen);
+	OPENSSL_free(s);
 	return(ret);
 	}
 
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index e38911146a..4ac2de3407 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -58,79 +58,92 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "objects.h"
-#include "x509.h"
-
-int RSA_sign(type,m,m_len,sigret,siglen,rsa)
-int type;
-unsigned char *m;
-unsigned int m_len;
-unsigned char *sigret;
-unsigned int *siglen;
-RSA *rsa;
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/engine.h>
+
+/* Size of an SSL signature: MD5+SHA1 */
+#define SSL_SIG_LENGTH	36
+
+int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
+	     unsigned char *sigret, unsigned int *siglen, RSA *rsa)
 	{
 	X509_SIG sig;
 	ASN1_TYPE parameter;
 	int i,j,ret=1;
-	unsigned char *p,*s;
+	unsigned char *p, *tmps = NULL;
+	const unsigned char *s = NULL;
 	X509_ALGOR algor;
 	ASN1_OCTET_STRING digest;
-
-	sig.algor= &algor;
-	sig.algor->algorithm=OBJ_nid2obj(type);
-	if (sig.algor->algorithm == NULL)
-		{
-		RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
-		return(0);
-		}
-	if (sig.algor->algorithm->length == 0)
-		{
-		RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
-		return(0);
+	if((rsa->flags & RSA_FLAG_SIGN_VER)
+	      && ENGINE_get_RSA(rsa->engine)->rsa_sign)
+	      return ENGINE_get_RSA(rsa->engine)->rsa_sign(type,
+			m, m_len, sigret, siglen, rsa);
+	/* Special case: SSL signature, just check the length */
+	if(type == NID_md5_sha1) {
+		if(m_len != SSL_SIG_LENGTH) {
+			RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH);
+			return(0);
 		}
-	parameter.type=V_ASN1_NULL;
-	parameter.value.ptr=NULL;
-	sig.algor->parameter= &parameter;
+		i = SSL_SIG_LENGTH;
+		s = m;
+	} else {
+		sig.algor= &algor;
+		sig.algor->algorithm=OBJ_nid2obj(type);
+		if (sig.algor->algorithm == NULL)
+			{
+			RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
+			return(0);
+			}
+		if (sig.algor->algorithm->length == 0)
+			{
+			RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+			return(0);
+			}
+		parameter.type=V_ASN1_NULL;
+		parameter.value.ptr=NULL;
+		sig.algor->parameter= &parameter;
 
-	sig.digest= &digest;
-	sig.digest->data=m;
-	sig.digest->length=m_len;
+		sig.digest= &digest;
+		sig.digest->data=(unsigned char *)m; /* TMP UGLY CAST */
+		sig.digest->length=m_len;
 
-	i=i2d_X509_SIG(&sig,NULL);
+		i=i2d_X509_SIG(&sig,NULL);
+	}
 	j=RSA_size(rsa);
-	if ((i-RSA_PKCS1_PADDING) > j)
+	if (i > (j-RSA_PKCS1_PADDING_SIZE))
 		{
 		RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
 		return(0);
 		}
-	s=(unsigned char *)Malloc((unsigned int)j+1);
-	if (s == NULL)
-		{
-		RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	p=s;
-	i2d_X509_SIG(&sig,&p);
+	if(type != NID_md5_sha1) {
+		tmps=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);
+		if (tmps == NULL)
+			{
+			RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);
+			return(0);
+			}
+		p=tmps;
+		i2d_X509_SIG(&sig,&p);
+		s=tmps;
+	}
 	i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
 	if (i <= 0)
 		ret=0;
 	else
 		*siglen=i;
 
-	memset(s,0,(unsigned int)j+1);
-	Free(s);
+	if(type != NID_md5_sha1) {
+		OPENSSL_cleanse(tmps,(unsigned int)j+1);
+		OPENSSL_free(tmps);
+	}
 	return(ret);
 	}
 
-int RSA_verify(dtype, m, m_len, sigbuf, siglen, rsa)
-int dtype;
-unsigned char *m;
-unsigned int m_len;
-unsigned char *sigbuf;
-unsigned int siglen;
-RSA *rsa;
+int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
+	     unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
 	{
 	int i,ret=0,sigtype;
 	unsigned char *p,*s;
@@ -142,57 +155,74 @@ RSA *rsa;
 		return(0);
 		}
 
-	s=(unsigned char *)Malloc((unsigned int)siglen);
+	if((rsa->flags & RSA_FLAG_SIGN_VER)
+	    && ENGINE_get_RSA(rsa->engine)->rsa_verify)
+	    return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype,
+			m, m_len, sigbuf, siglen, rsa);
+
+	s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
 	if (s == NULL)
 		{
 		RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
+	if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {
+			RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
+			return(0);
+	}
 	i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
 
 	if (i <= 0) goto err;
 
-	p=s;
-	sig=d2i_X509_SIG(NULL,&p,(long)i);
+	/* Special case: SSL signature */
+	if(dtype == NID_md5_sha1) {
+		if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
+				RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+		else ret = 1;
+	} else {
+		p=s;
+		sig=d2i_X509_SIG(NULL,&p,(long)i);
 
-	if (sig == NULL) goto err;
-	sigtype=OBJ_obj2nid(sig->algor->algorithm);
+		if (sig == NULL) goto err;
+		sigtype=OBJ_obj2nid(sig->algor->algorithm);
 
 
-#ifdef RSA_DEBUG
-	/* put a backward compatability flag in EAY */
-	fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),
-		OBJ_nid2ln(dtype));
-#endif
-	if (sigtype != dtype)
-		{
-		if (((dtype == NID_md5) &&
-			(sigtype == NID_md5WithRSAEncryption)) ||
-			((dtype == NID_md2) &&
-			(sigtype == NID_md2WithRSAEncryption)))
+	#ifdef RSA_DEBUG
+		/* put a backward compatibility flag in EAY */
+		fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),
+			OBJ_nid2ln(dtype));
+	#endif
+		if (sigtype != dtype)
 			{
-			/* ok, we will let it through */
-#if !defined(NO_STDIO) && !defined(WIN16)
-			fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");
+			if (((dtype == NID_md5) &&
+				(sigtype == NID_md5WithRSAEncryption)) ||
+				((dtype == NID_md2) &&
+				(sigtype == NID_md2WithRSAEncryption)))
+				{
+				/* ok, we will let it through */
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
+				fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");
 #endif
+				}
+			else
+				{
+				RSAerr(RSA_F_RSA_VERIFY,
+						RSA_R_ALGORITHM_MISMATCH);
+				goto err;
+				}
 			}
-		else
+		if (	((unsigned int)sig->digest->length != m_len) ||
+			(memcmp(m,sig->digest->data,m_len) != 0))
 			{
-			RSAerr(RSA_F_RSA_VERIFY,RSA_R_ALGORITHM_MISMATCH);
-			goto err;
+			RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
 			}
-		}
-	if (	((unsigned int)sig->digest->length != m_len) ||
-		(memcmp(m,sig->digest->data,m_len) != 0))
-		{
-		RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
-		}
-	else
-		ret=1;
+		else
+			ret=1;
+	}
 err:
 	if (sig != NULL) X509_SIG_free(sig);
-	memset(s,0,(unsigned int)siglen);
-	Free(s);
+	OPENSSL_cleanse(s,(unsigned int)siglen);
+	OPENSSL_free(s);
 	return(ret);
 	}
 
diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c
index 42ee076800..ea72629494 100644
--- a/crypto/rsa/rsa_ssl.c
+++ b/crypto/rsa/rsa_ssl.c
@@ -58,15 +58,12 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "rand.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
 
-int RSA_padding_add_SSLv23(to,tlen,from,flen)
-unsigned char *to;
-int tlen;
-unsigned char *from;
-int flen;
+int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+	const unsigned char *from, int flen)
 	{
 	int i,j;
 	unsigned char *p;
@@ -85,12 +82,14 @@ int flen;
 	/* pad out with non-zero random data */
 	j=tlen-3-8-flen;
 
-	RAND_bytes(p,j);
+	if (RAND_bytes(p,j) <= 0)
+		return(0);
 	for (i=0; i<j; i++)
 		{
 		if (*p == '\0')
 			do	{
-				RAND_bytes(p,1);
+				if (RAND_bytes(p,1) <= 0)
+					return(0);
 				} while (*p == '\0');
 		p++;
 		}
@@ -103,15 +102,11 @@ int flen;
 	return(1);
 	}
 
-int RSA_padding_check_SSLv23(to,tlen,from,flen,num)
-unsigned char *to;
-int tlen;
-unsigned char *from;
-int flen;
-int num;
+int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+	const unsigned char *from, int flen, int num)
 	{
 	int i,j,k;
-	unsigned char *p;
+	const unsigned char *p;
 
 	p=from;
 	if (flen < 10)
@@ -139,7 +134,7 @@ int num;
 		{
 		if (p[k] !=  0x03) break;
 		}
-	if (k == 0)
+	if (k == -1)
 		{
 		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_SSLV3_ROLLBACK_ATTACK);
 		return(-1);
@@ -147,6 +142,11 @@ int num;
 
 	i++; /* Skip over the '\0' */
 	j-=i;
+	if (j > tlen)
+		{
+		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_LARGE);
+		return(-1);
+		}
 	memcpy(to,p,(unsigned int)j);
 
 	return(j);
diff --git a/crypto/rsa/rsa_test.c b/crypto/rsa/rsa_test.c
new file mode 100644
index 0000000000..b8b462d33b
--- /dev/null
+++ b/crypto/rsa/rsa_test.c
@@ -0,0 +1,318 @@
+/* test vectors from p1ovect1.txt */
+
+#include <stdio.h>
+#include <string.h>
+
+#include "e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#ifdef OPENSSL_NO_RSA
+int main(int argc, char *argv[])
+{
+    printf("No RSA support\n");
+    return(0);
+}
+#else
+#include <openssl/rsa.h>
+#include <openssl/engine.h>
+
+#define SetKey \
+  key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
+  key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
+  key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
+  key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
+  key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
+  key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
+  key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
+  key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
+  memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
+  return (sizeof(ctext_ex) - 1);
+
+static int key1(RSA *key, unsigned char *c)
+    {
+    static unsigned char n[] =
+"\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
+"\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
+"\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
+"\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
+"\xF5";
+
+    static unsigned char e[] = "\x11";
+
+    static unsigned char d[] =
+"\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
+"\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
+"\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
+"\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
+
+    static unsigned char p[] =
+"\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
+"\x0D";
+    
+    static unsigned char q[] =
+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+"\x89";
+
+    static unsigned char dmp1[] =
+"\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
+"\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
+
+    static unsigned char dmq1[] =
+"\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
+"\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
+"\x51";
+
+    static unsigned char iqmp[] =
+"\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
+"\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
+
+    static unsigned char ctext_ex[] =
+"\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"
+"\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"
+"\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"
+"\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";
+
+    SetKey;
+    }
+
+static int key2(RSA *key, unsigned char *c)
+    {
+    static unsigned char n[] =
+"\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"
+"\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"
+"\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"
+"\x34\x77\xCF";
+
+    static unsigned char e[] = "\x3";
+
+    static unsigned char d[] =
+"\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"
+"\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"
+"\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"
+"\xE5\xEB";
+
+    static unsigned char p[] =
+"\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"
+"\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";
+
+    static unsigned char q[] =
+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";
+    
+    static unsigned char dmp1[] =
+"\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"
+"\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";
+
+    static unsigned char dmq1[] =
+"\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"
+"\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";
+
+    static unsigned char iqmp[] =
+"\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"
+"\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";
+
+    static unsigned char ctext_ex[] =
+"\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
+"\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
+"\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
+"\x62\x51";
+
+    SetKey;
+    }
+
+static int key3(RSA *key, unsigned char *c)
+    {
+    static unsigned char n[] =
+"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
+"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
+"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
+"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
+"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
+"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
+"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
+"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
+"\xCB";
+
+    static unsigned char e[] = "\x11";
+
+    static unsigned char d[] =
+"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
+"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
+"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
+"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
+"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
+"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
+"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
+"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
+"\xC1";
+
+    static unsigned char p[] =
+"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
+"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
+"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
+"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
+"\x99";
+
+    static unsigned char q[] =
+"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
+"\x03";
+
+    static unsigned char dmp1[] =
+"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
+"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
+"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
+"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
+
+    static unsigned char dmq1[] =
+"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
+"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
+"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
+"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
+    
+    static unsigned char iqmp[] =
+"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
+"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
+"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
+"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
+"\xF7";
+
+    static unsigned char ctext_ex[] =
+"\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"
+"\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"
+"\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"
+"\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"
+"\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"
+"\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"
+"\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"
+"\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";
+
+    SetKey;
+    }
+
+static int pad_unknown(void)
+{
+    unsigned long l;
+    while ((l = ERR_get_error()) != 0)
+      if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)
+	return(1);
+    return(0);
+}
+
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+
+int main(int argc, char *argv[])
+    {
+    int err=0;
+    int v;
+    RSA *key;
+    unsigned char ptext[256];
+    unsigned char ctext[256];
+    static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
+    unsigned char ctext_ex[256];
+    int plen;
+    int clen = 0;
+    int num;
+
+    CRYPTO_malloc_debug_init();
+    CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */
+
+    plen = sizeof(ptext_ex) - 1;
+
+    for (v = 0; v < 3; v++)
+	{
+	key = RSA_new();
+	switch (v) {
+    case 0:
+	clen = key1(key, ctext_ex);
+	break;
+    case 1:
+	clen = key2(key, ctext_ex);
+	break;
+    case 2:
+	clen = key3(key, ctext_ex);
+	break;
+	}
+
+	num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+				 RSA_PKCS1_PADDING);
+	if (num != clen)
+	    {
+	    printf("PKCS#1 v1.5 encryption failed!\n");
+	    err=1;
+	    goto oaep;
+	    }
+  
+	num = RSA_private_decrypt(num, ctext, ptext, key,
+				  RSA_PKCS1_PADDING);
+	if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+	    {
+	    printf("PKCS#1 v1.5 decryption failed!\n");
+	    err=1;
+	    }
+	else
+	    printf("PKCS #1 v1.5 encryption/decryption ok\n");
+
+    oaep:
+	ERR_clear_error();
+	num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+				 RSA_PKCS1_OAEP_PADDING);
+	if (num == -1 && pad_unknown())
+	    {
+	    printf("No OAEP support\n");
+	    goto next;
+	    }
+	if (num != clen)
+	    {
+	    printf("OAEP encryption failed!\n");
+	    err=1;
+	    goto next;
+	    }
+  
+	num = RSA_private_decrypt(num, ctext, ptext, key,
+				  RSA_PKCS1_OAEP_PADDING);
+	if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+	    {
+	    printf("OAEP decryption (encrypted data) failed!\n");
+	    err=1;
+	    }
+	else if (memcmp(ctext, ctext_ex, num) == 0)
+	    {
+	    printf("OAEP test vector %d passed!\n", v);
+	    goto next;
+	    }
+    
+	/* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT).
+	   Try decrypting ctext_ex */
+
+	num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
+				  RSA_PKCS1_OAEP_PADDING);
+
+	if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+	    {
+	    printf("OAEP decryption (test vector data) failed!\n");
+	    err=1;
+	    }
+	else
+	    printf("OAEP encryption/decryption ok\n");
+    next:
+	RSA_free(key);
+	}
+
+    CRYPTO_cleanup_all_ex_data();
+    ERR_remove_state(0);
+
+    CRYPTO_mem_leaks_fp(stderr);
+
+    return err;
+    }
+#endif
diff --git a/crypto/sha/.cvsignore b/crypto/sha/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/sha/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/sha/Makefile.ssl b/crypto/sha/Makefile.ssl
index fd389b17d8..64873976a4 100644
--- a/crypto/sha/Makefile.ssl
+++ b/crypto/sha/Makefile.ssl
@@ -5,11 +5,15 @@
 DIR=    sha
 TOP=    ../..
 CC=     cc
+CPP=    $(CC) -E
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=           make -f Makefile.ssl
-MAKEDEPEND=     makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=       Makefile.ssl
 AR=             ar r
 
@@ -39,12 +43,12 @@ all:    lib
 
 lib:    $(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 # elf
 asm/sx86-elf.o: asm/sx86unix.cpp
-	$(CPP) -DELF asm/sx86unix.cpp | as -o asm/sx86-elf.o
+	$(CPP) -DELF -x c asm/sx86unix.cpp | as -o asm/sx86-elf.o
 
 # solaris
 asm/sx86-sol.o: asm/sx86unix.cpp
@@ -60,24 +64,23 @@ asm/sx86-out.o: asm/sx86unix.cpp
 asm/sx86bsdi.o: asm/sx86unix.cpp
 	$(CPP) -DBSDI asm/sx86unix.cpp | sed 's/ :/:/' | as -o asm/sx86bsdi.o
 
-asm/sx86unix.cpp:
-	(cd asm; perl sha1-586.pl cpp >sx86unix.cpp)
+asm/sx86unix.cpp: asm/sha1-586.pl ../perlasm/x86asm.pl
+	(cd asm; $(PERL) sha1-586.pl cpp $(PROCESSOR) >sx86unix.cpp)
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -89,15 +92,30 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
-
-errors:
+	rm -f asm/sx86unix.cpp *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+sha1_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+sha1_one.o: ../../include/openssl/opensslconf.h
+sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+sha1_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+sha1_one.o: ../../include/openssl/symhacks.h sha1_one.c
+sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h
+sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h
+sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+sha_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+sha_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+sha_one.o: sha_one.c
diff --git a/crypto/sha/Makefile.uni b/crypto/sha/Makefile.uni
deleted file mode 100644
index f3236755b2..0000000000
--- a/crypto/sha/Makefile.uni
+++ /dev/null
@@ -1,122 +0,0 @@
-# Targets
-# make          - twidle the options yourself :-)
-# make cc       - standard cc options
-# make gcc      - standard gcc options
-# make x86-elf  - linux-elf etc
-# make x86-out  - linux-a.out, FreeBSD etc
-# make x86-solaris
-# make x86-bdsi
-
-DIR=    sha
-TOP=    .
-CC=     gcc
-CFLAG=	-O3 -fomit-frame-pointer
-
-CPP=    $(CC) -E
-INCLUDES=
-INSTALLTOP=/usr/local/lib
-MAKE=           make
-MAKEDEPEND=     makedepend
-MAKEFILE=       Makefile.uni
-AR=             ar r
-
-SHA_ASM_OBJ=
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-
-TEST1=shatest
-TEST2=sha1test
-APP1=sha
-APP2=sha1
-
-TEST=$(TEST1) $(TEST2)
-APPS=$(APP1) $(APP2)
-
-LIB=libsha.a
-LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
-LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o $(SHA_ASM_OBJ)
-
-SRC= $(LIBSRC)
-
-EXHEADER= sha.h
-HEADER= sha_locl.h $(EXHEADER)
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-all:    $(LIB) $(TEST) $(APPS)
-
-$(LIB): $(LIBOBJ)
-	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/ranlib.sh $(LIB)
-
-# elf
-asm/sx86-elf.o: asm/sx86unix.cpp
-	$(CPP) -DELF asm/sx86unix.cpp | as -o asm/sx86-elf.o
-
-# solaris
-asm/sx86-sol.o: asm/sx86unix.cpp
-	$(CC) -E -DSOL asm/sx86unix.cpp | sed 's/^#.*//' > asm/sx86-sol.s
-	as -o asm/sx86-sol.o asm/sx86-sol.s
-	rm -f asm/sx86-sol.s
-
-# a.out
-asm/sx86-out.o: asm/sx86unix.cpp
-	$(CPP) -DOUT asm/sx86unix.cpp | as -o asm/sx86-out.o
-
-# bsdi
-asm/sx86bsdi.o: asm/sx86unix.cpp
-	$(CPP) -DBSDI asm/sx86unix.cpp | as -o asm/sx86bsdi.o
-
-asm/sx86unix.cpp:
-	(cd asm; perl sha1-586.pl cpp >sx86unix.cpp)
-
-test:	$(TEST)
-	./$(TEST1)
-	./$(TEST2)
-
-$(TEST1): $(TEST1).c $(LIB)
-	$(CC) -o $(TEST1) $(CFLAGS) $(TEST1).c $(LIB)
-
-$(TEST2): $(TEST2).c $(LIB)
-	$(CC) -o $(TEST2) $(CFLAGS) $(TEST2).c $(LIB)
-
-$(APP1): $(APP1).c $(LIB)
-	$(CC) -o $(APP1) $(CFLAGS) $(APP1).c $(LIB)
-
-$(APP2): $(APP2).c $(LIB)
-	$(CC) -o $(APP2) $(CFLAGS) $(APP2).c $(LIB)
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
-
-dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-cc:
-	$(MAKE) SHA_ASM_OBJ="" CC="cc" CFLAG="-O" all
-
-gcc:
-	$(MAKE) SHA_ASM_OBJ="" CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
-
-x86-elf:
-	$(MAKE) SHA_ASM_OBJ="asm/sx86-elf.o" CFLAG="-DELF -DSHA1_ASM -DL_ENDIAN $(CFLAGS)" all
-
-x86-out:
-	$(MAKE) SHA_ASM_OBJ="asm/sx86-out.o" CFLAG="-DOUT -DSHA1_ASM -DL_ENDIAN $(CFLAGS)" all
-
-x86-solaris:
-	$(MAKE) SHA_ASM_OBJ="asm/sx86-sol.o" CFLAG="-DSOL -DSHA1_ASM -DL_ENDIAN $(CFLAGS)" all
-
-x86-bdsi:
-	$(MAKE) SHA_ASM_OBJ="asm/sx86-bdsi.o" CFLAG="-DBDSI -DSHA1_ASM -DL_ENDIAN $(CFLAGS)" all
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/crypto/sha/asm/.cvsignore b/crypto/sha/asm/.cvsignore
new file mode 100644
index 0000000000..5e8206257c
--- /dev/null
+++ b/crypto/sha/asm/.cvsignore
@@ -0,0 +1 @@
+sx86unix.cpp
diff --git a/crypto/sha/asm/a.out b/crypto/sha/asm/a.out
deleted file mode 100644
index ca165d52e7..0000000000
--- a/crypto/sha/asm/a.out
+++ /dev/null
diff --git a/crypto/sha/asm/f b/crypto/sha/asm/f
deleted file mode 100644
index 3a702f5dff..0000000000
--- a/crypto/sha/asm/f
+++ /dev/null
@@ -1,2089 +0,0 @@
-GAS LISTING f.s 			page 1
-
-
-   1              		# Don't even think of reading this code 
-   2              		# It was automatically generated by sha1-586.pl 
-   3              		# Which is a perl program used to generate the x86 assember for 
-   4              		# any of elf, a.out, BSDI,Win32, or Solaris 
-   5              		# eric <eay@cryptsoft.com> 
-   6              	
-   7              		.file	"sha1-586.s"
-   8              		.version	"01.01"
-   9              	gcc2_compiled.:
-  10              	.text
-  11              		.align 16
-  12              	.globl sha1_block_x86
-  13              		.type	sha1_block_x86,@function
-  14              	sha1_block_x86:
-  15 0000 56       		pushl	%esi
-  16 0001 55       		pushl	%ebp
-  17 0002 8B442414 		movl	20(%esp),	%eax
-  18 0006 8B742410 		movl	16(%esp),	%esi
-  19 000a 01F0     		addl	%esi,		%eax
-  20 000c 8B6C240C 		movl	12(%esp),	%ebp
-  21 0010 53       		pushl	%ebx
-  22 0011 83E840   		subl	$64,		%eax
-  23 0014 57       		pushl	%edi
-  24 0015 8B5D04   		movl	4(%ebp),	%ebx
-  25 0018 83EC48   		subl	$72,		%esp
-  26 001b 8B550C   		movl	12(%ebp),	%edx
-  27 001e 8B7D10   		movl	16(%ebp),	%edi
-  28 0021 8B4D08   		movl	8(%ebp),	%ecx
-  29 0024 89442444 		movl	%eax,		68(%esp)
-  30              		# First we need to setup the X array 
-  31 0028 8B06     		movl	(%esi),		%eax
-  32              	.L000start:
-  33              		# First, load the words onto the stack in network byte order 
-  34 002a 0F       	.byte 15
-  35 002b C8       	.byte 200		# bswapl  %eax 
-  36 002c 890424   		movl	%eax,		(%esp)
-  37 002f 8B4604   		movl	4(%esi),	%eax
-  38 0032 0F       	.byte 15
-  39 0033 C8       	.byte 200		# bswapl  %eax 
-  40 0034 89442404 		movl	%eax,		4(%esp)
-  41 0038 8B4608   		movl	8(%esi),	%eax
-  42 003b 0F       	.byte 15
-  43 003c C8       	.byte 200		# bswapl  %eax 
-  44 003d 89442408 		movl	%eax,		8(%esp)
-  45 0041 8B460C   		movl	12(%esi),	%eax
-  46 0044 0F       	.byte 15
-  47 0045 C8       	.byte 200		# bswapl  %eax 
-  48 0046 8944240C 		movl	%eax,		12(%esp)
-  49 004a 8B4610   		movl	16(%esi),	%eax
-  50 004d 0F       	.byte 15
-  51 004e C8       	.byte 200		# bswapl  %eax 
-  52 004f 89442410 		movl	%eax,		16(%esp)
-  53 0053 8B4614   		movl	20(%esi),	%eax
-  54 0056 0F       	.byte 15
-  55 0057 C8       	.byte 200		# bswapl  %eax 
-  56 0058 89442414 		movl	%eax,		20(%esp)
-  57 005c 8B4618   		movl	24(%esi),	%eax
-GAS LISTING f.s 			page 2
-
-
-  58 005f 0F       	.byte 15
-  59 0060 C8       	.byte 200		# bswapl  %eax 
-  60 0061 89442418 		movl	%eax,		24(%esp)
-  61 0065 8B461C   		movl	28(%esi),	%eax
-  62 0068 0F       	.byte 15
-  63 0069 C8       	.byte 200		# bswapl  %eax 
-  64 006a 8944241C 		movl	%eax,		28(%esp)
-  65 006e 8B4620   		movl	32(%esi),	%eax
-  66 0071 0F       	.byte 15
-  67 0072 C8       	.byte 200		# bswapl  %eax 
-  68 0073 89442420 		movl	%eax,		32(%esp)
-  69 0077 8B4624   		movl	36(%esi),	%eax
-  70 007a 0F       	.byte 15
-  71 007b C8       	.byte 200		# bswapl  %eax 
-  72 007c 89442424 		movl	%eax,		36(%esp)
-  73 0080 8B4628   		movl	40(%esi),	%eax
-  74 0083 0F       	.byte 15
-  75 0084 C8       	.byte 200		# bswapl  %eax 
-  76 0085 89442428 		movl	%eax,		40(%esp)
-  77 0089 8B462C   		movl	44(%esi),	%eax
-  78 008c 0F       	.byte 15
-  79 008d C8       	.byte 200		# bswapl  %eax 
-  80 008e 8944242C 		movl	%eax,		44(%esp)
-  81 0092 8B4630   		movl	48(%esi),	%eax
-  82 0095 0F       	.byte 15
-  83 0096 C8       	.byte 200		# bswapl  %eax 
-  84 0097 89442430 		movl	%eax,		48(%esp)
-  85 009b 8B4634   		movl	52(%esi),	%eax
-  86 009e 0F       	.byte 15
-  87 009f C8       	.byte 200		# bswapl  %eax 
-  88 00a0 89442434 		movl	%eax,		52(%esp)
-  89 00a4 8B4638   		movl	56(%esi),	%eax
-  90 00a7 0F       	.byte 15
-  91 00a8 C8       	.byte 200		# bswapl  %eax 
-  92 00a9 89442438 		movl	%eax,		56(%esp)
-  93 00ad 8B463C   		movl	60(%esi),	%eax
-  94 00b0 0F       	.byte 15
-  95 00b1 C8       	.byte 200		# bswapl  %eax 
-  96 00b2 8944243C 		movl	%eax,		60(%esp)
-  97              		# We now have the X array on the stack 
-  98              		# starting at sp-4 
-  99 00b6 89742440 		movl	%esi,		64(%esp)
- 100              	
- 101              		# Start processing 
- 102 00ba 8B4500   		movl	(%ebp),		%eax
- 103              		# 00_15 0 
- 104 00bd 89CE     		movl	%ecx,		%esi
- 105 00bf 89C5     		movl	%eax,		%ebp
- 106 00c1 31D6     		xorl	%edx,		%esi
- 107 00c3 C1C505   		roll	$5,		%ebp
- 108 00c6 21DE     		andl	%ebx,		%esi
- 109 00c8 01FD     		addl	%edi,		%ebp
- 110 00ca D1       	.byte 209
- 111 00cb CB       	.byte 203		# rorl $1 %ebx 
- 112 00cc 8B3C24   		movl	(%esp),		%edi
- 113 00cf D1       	.byte 209
- 114 00d0 CB       	.byte 203		# rorl $1 %ebx 
-GAS LISTING f.s 			page 3
-
-
- 115 00d1 31D6     		xorl	%edx,		%esi
- 116 00d3 8DAC3D99 		leal	1518500249(%ebp,%edi,1),%ebp
- 116      79825A
- 117 00da 89DF     		movl	%ebx,		%edi
- 118 00dc 01EE     		addl	%ebp,		%esi
- 119 00de 31CF     		xorl	%ecx,		%edi
- 120 00e0 89F5     		movl	%esi,		%ebp
- 121 00e2 21C7     		andl	%eax,		%edi
- 122 00e4 C1C505   		roll	$5,		%ebp
- 123 00e7 01D5     		addl	%edx,		%ebp
- 124 00e9 8B542404 		movl	4(%esp),	%edx
- 125 00ed D1       	.byte 209
- 126 00ee C8       	.byte 200		# rorl $1 %eax 
- 127 00ef 31CF     		xorl	%ecx,		%edi
- 128 00f1 D1       	.byte 209
- 129 00f2 C8       	.byte 200		# rorl $1 %eax 
- 130 00f3 8DAC1599 		leal	1518500249(%ebp,%edx,1),%ebp
- 130      79825A
- 131 00fa 01EF     		addl	%ebp,		%edi
- 132              		# 00_15 2 
- 133 00fc 89C2     		movl	%eax,		%edx
- 134 00fe 89FD     		movl	%edi,		%ebp
- 135 0100 31DA     		xorl	%ebx,		%edx
- 136 0102 C1C505   		roll	$5,		%ebp
- 137 0105 21F2     		andl	%esi,		%edx
- 138 0107 01CD     		addl	%ecx,		%ebp
- 139 0109 D1       	.byte 209
- 140 010a CE       	.byte 206		# rorl $1 %esi 
- 141 010b 8B4C2408 		movl	8(%esp),	%ecx
- 142 010f D1       	.byte 209
- 143 0110 CE       	.byte 206		# rorl $1 %esi 
- 144 0111 31DA     		xorl	%ebx,		%edx
- 145 0113 8DAC0D99 		leal	1518500249(%ebp,%ecx,1),%ebp
- 145      79825A
- 146 011a 89F1     		movl	%esi,		%ecx
- 147 011c 01EA     		addl	%ebp,		%edx
- 148 011e 31C1     		xorl	%eax,		%ecx
- 149 0120 89D5     		movl	%edx,		%ebp
- 150 0122 21F9     		andl	%edi,		%ecx
- 151 0124 C1C505   		roll	$5,		%ebp
- 152 0127 01DD     		addl	%ebx,		%ebp
- 153 0129 8B5C240C 		movl	12(%esp),	%ebx
- 154 012d D1       	.byte 209
- 155 012e CF       	.byte 207		# rorl $1 %edi 
- 156 012f 31C1     		xorl	%eax,		%ecx
- 157 0131 D1       	.byte 209
- 158 0132 CF       	.byte 207		# rorl $1 %edi 
- 159 0133 8DAC1D99 		leal	1518500249(%ebp,%ebx,1),%ebp
- 159      79825A
- 160 013a 01E9     		addl	%ebp,		%ecx
- 161              		# 00_15 4 
- 162 013c 89FB     		movl	%edi,		%ebx
- 163 013e 89CD     		movl	%ecx,		%ebp
- 164 0140 31F3     		xorl	%esi,		%ebx
- 165 0142 C1C505   		roll	$5,		%ebp
- 166 0145 21D3     		andl	%edx,		%ebx
- 167 0147 01C5     		addl	%eax,		%ebp
-GAS LISTING f.s 			page 4
-
-
- 168 0149 D1       	.byte 209
- 169 014a CA       	.byte 202		# rorl $1 %edx 
- 170 014b 8B442410 		movl	16(%esp),	%eax
- 171 014f D1       	.byte 209
- 172 0150 CA       	.byte 202		# rorl $1 %edx 
- 173 0151 31F3     		xorl	%esi,		%ebx
- 174 0153 8DAC0599 		leal	1518500249(%ebp,%eax,1),%ebp
- 174      79825A
- 175 015a 89D0     		movl	%edx,		%eax
- 176 015c 01EB     		addl	%ebp,		%ebx
- 177 015e 31F8     		xorl	%edi,		%eax
- 178 0160 89DD     		movl	%ebx,		%ebp
- 179 0162 21C8     		andl	%ecx,		%eax
- 180 0164 C1C505   		roll	$5,		%ebp
- 181 0167 01F5     		addl	%esi,		%ebp
- 182 0169 8B742414 		movl	20(%esp),	%esi
- 183 016d D1       	.byte 209
- 184 016e C9       	.byte 201		# rorl $1 %ecx 
- 185 016f 31F8     		xorl	%edi,		%eax
- 186 0171 D1       	.byte 209
- 187 0172 C9       	.byte 201		# rorl $1 %ecx 
- 188 0173 8DAC3599 		leal	1518500249(%ebp,%esi,1),%ebp
- 188      79825A
- 189 017a 01E8     		addl	%ebp,		%eax
- 190              		# 00_15 6 
- 191 017c 89CE     		movl	%ecx,		%esi
- 192 017e 89C5     		movl	%eax,		%ebp
- 193 0180 31D6     		xorl	%edx,		%esi
- 194 0182 C1C505   		roll	$5,		%ebp
- 195 0185 21DE     		andl	%ebx,		%esi
- 196 0187 01FD     		addl	%edi,		%ebp
- 197 0189 D1       	.byte 209
- 198 018a CB       	.byte 203		# rorl $1 %ebx 
- 199 018b 8B7C2418 		movl	24(%esp),	%edi
- 200 018f D1       	.byte 209
- 201 0190 CB       	.byte 203		# rorl $1 %ebx 
- 202 0191 31D6     		xorl	%edx,		%esi
- 203 0193 8DAC3D99 		leal	1518500249(%ebp,%edi,1),%ebp
- 203      79825A
- 204 019a 89DF     		movl	%ebx,		%edi
- 205 019c 01EE     		addl	%ebp,		%esi
- 206 019e 31CF     		xorl	%ecx,		%edi
- 207 01a0 89F5     		movl	%esi,		%ebp
- 208 01a2 21C7     		andl	%eax,		%edi
- 209 01a4 C1C505   		roll	$5,		%ebp
- 210 01a7 01D5     		addl	%edx,		%ebp
- 211 01a9 8B54241C 		movl	28(%esp),	%edx
- 212 01ad D1       	.byte 209
- 213 01ae C8       	.byte 200		# rorl $1 %eax 
- 214 01af 31CF     		xorl	%ecx,		%edi
- 215 01b1 D1       	.byte 209
- 216 01b2 C8       	.byte 200		# rorl $1 %eax 
- 217 01b3 8DAC1599 		leal	1518500249(%ebp,%edx,1),%ebp
- 217      79825A
- 218 01ba 01EF     		addl	%ebp,		%edi
- 219              		# 00_15 8 
- 220 01bc 89C2     		movl	%eax,		%edx
-GAS LISTING f.s 			page 5
-
-
- 221 01be 89FD     		movl	%edi,		%ebp
- 222 01c0 31DA     		xorl	%ebx,		%edx
- 223 01c2 C1C505   		roll	$5,		%ebp
- 224 01c5 21F2     		andl	%esi,		%edx
- 225 01c7 01CD     		addl	%ecx,		%ebp
- 226 01c9 D1       	.byte 209
- 227 01ca CE       	.byte 206		# rorl $1 %esi 
- 228 01cb 8B4C2420 		movl	32(%esp),	%ecx
- 229 01cf D1       	.byte 209
- 230 01d0 CE       	.byte 206		# rorl $1 %esi 
- 231 01d1 31DA     		xorl	%ebx,		%edx
- 232 01d3 8DAC0D99 		leal	1518500249(%ebp,%ecx,1),%ebp
- 232      79825A
- 233 01da 89F1     		movl	%esi,		%ecx
- 234 01dc 01EA     		addl	%ebp,		%edx
- 235 01de 31C1     		xorl	%eax,		%ecx
- 236 01e0 89D5     		movl	%edx,		%ebp
- 237 01e2 21F9     		andl	%edi,		%ecx
- 238 01e4 C1C505   		roll	$5,		%ebp
- 239 01e7 01DD     		addl	%ebx,		%ebp
- 240 01e9 8B5C2424 		movl	36(%esp),	%ebx
- 241 01ed D1       	.byte 209
- 242 01ee CF       	.byte 207		# rorl $1 %edi 
- 243 01ef 31C1     		xorl	%eax,		%ecx
- 244 01f1 D1       	.byte 209
- 245 01f2 CF       	.byte 207		# rorl $1 %edi 
- 246 01f3 8DAC1D99 		leal	1518500249(%ebp,%ebx,1),%ebp
- 246      79825A
- 247 01fa 01E9     		addl	%ebp,		%ecx
- 248              		# 00_15 10 
- 249 01fc 89FB     		movl	%edi,		%ebx
- 250 01fe 89CD     		movl	%ecx,		%ebp
- 251 0200 31F3     		xorl	%esi,		%ebx
- 252 0202 C1C505   		roll	$5,		%ebp
- 253 0205 21D3     		andl	%edx,		%ebx
- 254 0207 01C5     		addl	%eax,		%ebp
- 255 0209 D1       	.byte 209
- 256 020a CA       	.byte 202		# rorl $1 %edx 
- 257 020b 8B442428 		movl	40(%esp),	%eax
- 258 020f D1       	.byte 209
- 259 0210 CA       	.byte 202		# rorl $1 %edx 
- 260 0211 31F3     		xorl	%esi,		%ebx
- 261 0213 8DAC0599 		leal	1518500249(%ebp,%eax,1),%ebp
- 261      79825A
- 262 021a 89D0     		movl	%edx,		%eax
- 263 021c 01EB     		addl	%ebp,		%ebx
- 264 021e 31F8     		xorl	%edi,		%eax
- 265 0220 89DD     		movl	%ebx,		%ebp
- 266 0222 21C8     		andl	%ecx,		%eax
- 267 0224 C1C505   		roll	$5,		%ebp
- 268 0227 01F5     		addl	%esi,		%ebp
- 269 0229 8B74242C 		movl	44(%esp),	%esi
- 270 022d D1       	.byte 209
- 271 022e C9       	.byte 201		# rorl $1 %ecx 
- 272 022f 31F8     		xorl	%edi,		%eax
- 273 0231 D1       	.byte 209
- 274 0232 C9       	.byte 201		# rorl $1 %ecx 
-GAS LISTING f.s 			page 6
-
-
- 275 0233 8DAC3599 		leal	1518500249(%ebp,%esi,1),%ebp
- 275      79825A
- 276 023a 01E8     		addl	%ebp,		%eax
- 277              		# 00_15 12 
- 278 023c 89CE     		movl	%ecx,		%esi
- 279 023e 89C5     		movl	%eax,		%ebp
- 280 0240 31D6     		xorl	%edx,		%esi
- 281 0242 C1C505   		roll	$5,		%ebp
- 282 0245 21DE     		andl	%ebx,		%esi
- 283 0247 01FD     		addl	%edi,		%ebp
- 284 0249 D1       	.byte 209
- 285 024a CB       	.byte 203		# rorl $1 %ebx 
- 286 024b 8B7C2430 		movl	48(%esp),	%edi
- 287 024f D1       	.byte 209
- 288 0250 CB       	.byte 203		# rorl $1 %ebx 
- 289 0251 31D6     		xorl	%edx,		%esi
- 290 0253 8DAC3D99 		leal	1518500249(%ebp,%edi,1),%ebp
- 290      79825A
- 291 025a 89DF     		movl	%ebx,		%edi
- 292 025c 01EE     		addl	%ebp,		%esi
- 293 025e 31CF     		xorl	%ecx,		%edi
- 294 0260 89F5     		movl	%esi,		%ebp
- 295 0262 21C7     		andl	%eax,		%edi
- 296 0264 C1C505   		roll	$5,		%ebp
- 297 0267 01D5     		addl	%edx,		%ebp
- 298 0269 8B542434 		movl	52(%esp),	%edx
- 299 026d D1       	.byte 209
- 300 026e C8       	.byte 200		# rorl $1 %eax 
- 301 026f 31CF     		xorl	%ecx,		%edi
- 302 0271 D1       	.byte 209
- 303 0272 C8       	.byte 200		# rorl $1 %eax 
- 304 0273 8DAC1599 		leal	1518500249(%ebp,%edx,1),%ebp
- 304      79825A
- 305 027a 01EF     		addl	%ebp,		%edi
- 306              		# 00_15 14 
- 307 027c 89C2     		movl	%eax,		%edx
- 308 027e 89FD     		movl	%edi,		%ebp
- 309 0280 31DA     		xorl	%ebx,		%edx
- 310 0282 C1C505   		roll	$5,		%ebp
- 311 0285 21F2     		andl	%esi,		%edx
- 312 0287 01CD     		addl	%ecx,		%ebp
- 313 0289 D1       	.byte 209
- 314 028a CE       	.byte 206		# rorl $1 %esi 
- 315 028b 8B4C2438 		movl	56(%esp),	%ecx
- 316 028f D1       	.byte 209
- 317 0290 CE       	.byte 206		# rorl $1 %esi 
- 318 0291 31DA     		xorl	%ebx,		%edx
- 319 0293 8DAC0D99 		leal	1518500249(%ebp,%ecx,1),%ebp
- 319      79825A
- 320 029a 89F1     		movl	%esi,		%ecx
- 321 029c 01EA     		addl	%ebp,		%edx
- 322 029e 31C1     		xorl	%eax,		%ecx
- 323 02a0 89D5     		movl	%edx,		%ebp
- 324 02a2 21F9     		andl	%edi,		%ecx
- 325 02a4 C1C505   		roll	$5,		%ebp
- 326 02a7 01DD     		addl	%ebx,		%ebp
- 327 02a9 8B5C243C 		movl	60(%esp),	%ebx
-GAS LISTING f.s 			page 7
-
-
- 328 02ad D1       	.byte 209
- 329 02ae CF       	.byte 207		# rorl $1 %edi 
- 330 02af 31C1     		xorl	%eax,		%ecx
- 331 02b1 D1       	.byte 209
- 332 02b2 CF       	.byte 207		# rorl $1 %edi 
- 333 02b3 8DAC1D99 		leal	1518500249(%ebp,%ebx,1),%ebp
- 333      79825A
- 334 02ba 01E9     		addl	%ebp,		%ecx
- 335              		# 16_19 16 
- 336 02bc 90       		nop
- 337 02bd 8B2C24   		movl	(%esp),		%ebp
- 338 02c0 8B5C2408 		movl	8(%esp),	%ebx
- 339 02c4 31EB     		xorl	%ebp,		%ebx
- 340 02c6 8B6C2420 		movl	32(%esp),	%ebp
- 341 02ca 31EB     		xorl	%ebp,		%ebx
- 342 02cc 8B6C2434 		movl	52(%esp),	%ebp
- 343 02d0 31EB     		xorl	%ebp,		%ebx
- 344 02d2 89FD     		movl	%edi,		%ebp
- 345 02d4 D1       	.byte 209
- 346 02d5 C3       	.byte 195		# roll $1 %ebx 
- 347 02d6 31F5     		xorl	%esi,		%ebp
- 348 02d8 891C24   		movl	%ebx,		(%esp)
- 349 02db 21D5     		andl	%edx,		%ebp
- 350 02dd 8D9C0399 		leal	1518500249(%ebx,%eax,1),%ebx
- 350      79825A
- 351 02e4 31F5     		xorl	%esi,		%ebp
- 352 02e6 89C8     		movl	%ecx,		%eax
- 353 02e8 01EB     		addl	%ebp,		%ebx
- 354 02ea C1C005   		roll	$5,		%eax
- 355 02ed D1       	.byte 209
- 356 02ee CA       	.byte 202		# rorl $1 %edx 
- 357 02ef 01C3     		addl	%eax,		%ebx
- 358 02f1 8B442404 		movl	4(%esp),	%eax
- 359 02f5 8B6C240C 		movl	12(%esp),	%ebp
- 360 02f9 31E8     		xorl	%ebp,		%eax
- 361 02fb 8B6C2424 		movl	36(%esp),	%ebp
- 362 02ff 31E8     		xorl	%ebp,		%eax
- 363 0301 8B6C2438 		movl	56(%esp),	%ebp
- 364 0305 D1       	.byte 209
- 365 0306 CA       	.byte 202		# rorl $1 %edx 
- 366 0307 31E8     		xorl	%ebp,		%eax
- 367 0309 D1       	.byte 209
- 368 030a C0       	.byte 192		# roll $1 %eax 
- 369 030b 89D5     		movl	%edx,		%ebp
- 370 030d 31FD     		xorl	%edi,		%ebp
- 371 030f 89442404 		movl	%eax,		4(%esp)
- 372 0313 21CD     		andl	%ecx,		%ebp
- 373 0315 8D843099 		leal	1518500249(%eax,%esi,1),%eax
- 373      79825A
- 374 031c 31FD     		xorl	%edi,		%ebp
- 375 031e 89DE     		movl	%ebx,		%esi
- 376 0320 C1C605   		roll	$5,		%esi
- 377 0323 D1       	.byte 209
- 378 0324 C9       	.byte 201		# rorl $1 %ecx 
- 379 0325 01F0     		addl	%esi,		%eax
- 380 0327 D1       	.byte 209
- 381 0328 C9       	.byte 201		# rorl $1 %ecx 
-GAS LISTING f.s 			page 8
-
-
- 382 0329 01E8     		addl	%ebp,		%eax
- 383              		# 16_19 18 
- 384 032b 8B6C2408 		movl	8(%esp),	%ebp
- 385 032f 8B742410 		movl	16(%esp),	%esi
- 386 0333 31EE     		xorl	%ebp,		%esi
- 387 0335 8B6C2428 		movl	40(%esp),	%ebp
- 388 0339 31EE     		xorl	%ebp,		%esi
- 389 033b 8B6C243C 		movl	60(%esp),	%ebp
- 390 033f 31EE     		xorl	%ebp,		%esi
- 391 0341 89CD     		movl	%ecx,		%ebp
- 392 0343 D1       	.byte 209
- 393 0344 C6       	.byte 198		# roll $1 %esi 
- 394 0345 31D5     		xorl	%edx,		%ebp
- 395 0347 89742408 		movl	%esi,		8(%esp)
- 396 034b 21DD     		andl	%ebx,		%ebp
- 397 034d 8DB43E99 		leal	1518500249(%esi,%edi,1),%esi
- 397      79825A
- 398 0354 31D5     		xorl	%edx,		%ebp
- 399 0356 89C7     		movl	%eax,		%edi
- 400 0358 01EE     		addl	%ebp,		%esi
- 401 035a C1C705   		roll	$5,		%edi
- 402 035d D1       	.byte 209
- 403 035e CB       	.byte 203		# rorl $1 %ebx 
- 404 035f 01FE     		addl	%edi,		%esi
- 405 0361 8B7C240C 		movl	12(%esp),	%edi
- 406 0365 8B6C2414 		movl	20(%esp),	%ebp
- 407 0369 31EF     		xorl	%ebp,		%edi
- 408 036b 8B6C242C 		movl	44(%esp),	%ebp
- 409 036f 31EF     		xorl	%ebp,		%edi
- 410 0371 8B2C24   		movl	(%esp),		%ebp
- 411 0374 D1       	.byte 209
- 412 0375 CB       	.byte 203		# rorl $1 %ebx 
- 413 0376 31EF     		xorl	%ebp,		%edi
- 414 0378 D1       	.byte 209
- 415 0379 C7       	.byte 199		# roll $1 %edi 
- 416 037a 89DD     		movl	%ebx,		%ebp
- 417 037c 31CD     		xorl	%ecx,		%ebp
- 418 037e 897C240C 		movl	%edi,		12(%esp)
- 419 0382 21C5     		andl	%eax,		%ebp
- 420 0384 8DBC1799 		leal	1518500249(%edi,%edx,1),%edi
- 420      79825A
- 421 038b 31CD     		xorl	%ecx,		%ebp
- 422 038d 89F2     		movl	%esi,		%edx
- 423 038f C1C205   		roll	$5,		%edx
- 424 0392 D1       	.byte 209
- 425 0393 C8       	.byte 200		# rorl $1 %eax 
- 426 0394 01D7     		addl	%edx,		%edi
- 427 0396 D1       	.byte 209
- 428 0397 C8       	.byte 200		# rorl $1 %eax 
- 429 0398 01EF     		addl	%ebp,		%edi
- 430              		# 20_39 20 
- 431 039a 8B542410 		movl	16(%esp),	%edx
- 432 039e 8B6C2418 		movl	24(%esp),	%ebp
- 433 03a2 31EA     		xorl	%ebp,		%edx
- 434 03a4 8B6C2430 		movl	48(%esp),	%ebp
- 435 03a8 31EA     		xorl	%ebp,		%edx
- 436 03aa 8B6C2404 		movl	4(%esp),	%ebp
-GAS LISTING f.s 			page 9
-
-
- 437 03ae 31EA     		xorl	%ebp,		%edx
- 438 03b0 89F5     		movl	%esi,		%ebp
- 439 03b2 D1       	.byte 209
- 440 03b3 C2       	.byte 194		# roll $1 %edx 
- 441 03b4 31C5     		xorl	%eax,		%ebp
- 442 03b6 89542410 		movl	%edx,		16(%esp)
- 443 03ba 31DD     		xorl	%ebx,		%ebp
- 444 03bc 8D940AA1 		leal	1859775393(%edx,%ecx,1),%edx
- 444      EBD96E
- 445 03c3 89F9     		movl	%edi,		%ecx
- 446 03c5 C1C105   		roll	$5,		%ecx
- 447 03c8 D1       	.byte 209
- 448 03c9 CE       	.byte 206		# rorl $1 %esi 
- 449 03ca 01E9     		addl	%ebp,		%ecx
- 450 03cc D1       	.byte 209
- 451 03cd CE       	.byte 206		# rorl $1 %esi 
- 452 03ce 01CA     		addl	%ecx,		%edx
- 453              		# 20_39 21 
- 454 03d0 8B4C2414 		movl	20(%esp),	%ecx
- 455 03d4 8B6C241C 		movl	28(%esp),	%ebp
- 456 03d8 31E9     		xorl	%ebp,		%ecx
- 457 03da 8B6C2434 		movl	52(%esp),	%ebp
- 458 03de 31E9     		xorl	%ebp,		%ecx
- 459 03e0 8B6C2408 		movl	8(%esp),	%ebp
- 460 03e4 31E9     		xorl	%ebp,		%ecx
- 461 03e6 89FD     		movl	%edi,		%ebp
- 462 03e8 D1       	.byte 209
- 463 03e9 C1       	.byte 193		# roll $1 %ecx 
- 464 03ea 31F5     		xorl	%esi,		%ebp
- 465 03ec 894C2414 		movl	%ecx,		20(%esp)
- 466 03f0 31C5     		xorl	%eax,		%ebp
- 467 03f2 8D8C19A1 		leal	1859775393(%ecx,%ebx,1),%ecx
- 467      EBD96E
- 468 03f9 89D3     		movl	%edx,		%ebx
- 469 03fb C1C305   		roll	$5,		%ebx
- 470 03fe D1       	.byte 209
- 471 03ff CF       	.byte 207		# rorl $1 %edi 
- 472 0400 01EB     		addl	%ebp,		%ebx
- 473 0402 D1       	.byte 209
- 474 0403 CF       	.byte 207		# rorl $1 %edi 
- 475 0404 01D9     		addl	%ebx,		%ecx
- 476              		# 20_39 22 
- 477 0406 8B5C2418 		movl	24(%esp),	%ebx
- 478 040a 8B6C2420 		movl	32(%esp),	%ebp
- 479 040e 31EB     		xorl	%ebp,		%ebx
- 480 0410 8B6C2438 		movl	56(%esp),	%ebp
- 481 0414 31EB     		xorl	%ebp,		%ebx
- 482 0416 8B6C240C 		movl	12(%esp),	%ebp
- 483 041a 31EB     		xorl	%ebp,		%ebx
- 484 041c 89D5     		movl	%edx,		%ebp
- 485 041e D1       	.byte 209
- 486 041f C3       	.byte 195		# roll $1 %ebx 
- 487 0420 31FD     		xorl	%edi,		%ebp
- 488 0422 895C2418 		movl	%ebx,		24(%esp)
- 489 0426 31F5     		xorl	%esi,		%ebp
- 490 0428 8D9C03A1 		leal	1859775393(%ebx,%eax,1),%ebx
- 490      EBD96E
-GAS LISTING f.s 			page 10
-
-
- 491 042f 89C8     		movl	%ecx,		%eax
- 492 0431 C1C005   		roll	$5,		%eax
- 493 0434 D1       	.byte 209
- 494 0435 CA       	.byte 202		# rorl $1 %edx 
- 495 0436 01E8     		addl	%ebp,		%eax
- 496 0438 D1       	.byte 209
- 497 0439 CA       	.byte 202		# rorl $1 %edx 
- 498 043a 01C3     		addl	%eax,		%ebx
- 499              		# 20_39 23 
- 500 043c 8B44241C 		movl	28(%esp),	%eax
- 501 0440 8B6C2424 		movl	36(%esp),	%ebp
- 502 0444 31E8     		xorl	%ebp,		%eax
- 503 0446 8B6C243C 		movl	60(%esp),	%ebp
- 504 044a 31E8     		xorl	%ebp,		%eax
- 505 044c 8B6C2410 		movl	16(%esp),	%ebp
- 506 0450 31E8     		xorl	%ebp,		%eax
- 507 0452 89CD     		movl	%ecx,		%ebp
- 508 0454 D1       	.byte 209
- 509 0455 C0       	.byte 192		# roll $1 %eax 
- 510 0456 31D5     		xorl	%edx,		%ebp
- 511 0458 8944241C 		movl	%eax,		28(%esp)
- 512 045c 31FD     		xorl	%edi,		%ebp
- 513 045e 8D8430A1 		leal	1859775393(%eax,%esi,1),%eax
- 513      EBD96E
- 514 0465 89DE     		movl	%ebx,		%esi
- 515 0467 C1C605   		roll	$5,		%esi
- 516 046a D1       	.byte 209
- 517 046b C9       	.byte 201		# rorl $1 %ecx 
- 518 046c 01EE     		addl	%ebp,		%esi
- 519 046e D1       	.byte 209
- 520 046f C9       	.byte 201		# rorl $1 %ecx 
- 521 0470 01F0     		addl	%esi,		%eax
- 522              		# 20_39 24 
- 523 0472 8B742420 		movl	32(%esp),	%esi
- 524 0476 8B6C2428 		movl	40(%esp),	%ebp
- 525 047a 31EE     		xorl	%ebp,		%esi
- 526 047c 8B2C24   		movl	(%esp),		%ebp
- 527 047f 31EE     		xorl	%ebp,		%esi
- 528 0481 8B6C2414 		movl	20(%esp),	%ebp
- 529 0485 31EE     		xorl	%ebp,		%esi
- 530 0487 89DD     		movl	%ebx,		%ebp
- 531 0489 D1       	.byte 209
- 532 048a C6       	.byte 198		# roll $1 %esi 
- 533 048b 31CD     		xorl	%ecx,		%ebp
- 534 048d 89742420 		movl	%esi,		32(%esp)
- 535 0491 31D5     		xorl	%edx,		%ebp
- 536 0493 8DB43EA1 		leal	1859775393(%esi,%edi,1),%esi
- 536      EBD96E
- 537 049a 89C7     		movl	%eax,		%edi
- 538 049c C1C705   		roll	$5,		%edi
- 539 049f D1       	.byte 209
- 540 04a0 CB       	.byte 203		# rorl $1 %ebx 
- 541 04a1 01EF     		addl	%ebp,		%edi
- 542 04a3 D1       	.byte 209
- 543 04a4 CB       	.byte 203		# rorl $1 %ebx 
- 544 04a5 01FE     		addl	%edi,		%esi
- 545              		# 20_39 25 
-GAS LISTING f.s 			page 11
-
-
- 546 04a7 8B7C2424 		movl	36(%esp),	%edi
- 547 04ab 8B6C242C 		movl	44(%esp),	%ebp
- 548 04af 31EF     		xorl	%ebp,		%edi
- 549 04b1 8B6C2404 		movl	4(%esp),	%ebp
- 550 04b5 31EF     		xorl	%ebp,		%edi
- 551 04b7 8B6C2418 		movl	24(%esp),	%ebp
- 552 04bb 31EF     		xorl	%ebp,		%edi
- 553 04bd 89C5     		movl	%eax,		%ebp
- 554 04bf D1       	.byte 209
- 555 04c0 C7       	.byte 199		# roll $1 %edi 
- 556 04c1 31DD     		xorl	%ebx,		%ebp
- 557 04c3 897C2424 		movl	%edi,		36(%esp)
- 558 04c7 31CD     		xorl	%ecx,		%ebp
- 559 04c9 8DBC17A1 		leal	1859775393(%edi,%edx,1),%edi
- 559      EBD96E
- 560 04d0 89F2     		movl	%esi,		%edx
- 561 04d2 C1C205   		roll	$5,		%edx
- 562 04d5 D1       	.byte 209
- 563 04d6 C8       	.byte 200		# rorl $1 %eax 
- 564 04d7 01EA     		addl	%ebp,		%edx
- 565 04d9 D1       	.byte 209
- 566 04da C8       	.byte 200		# rorl $1 %eax 
- 567 04db 01D7     		addl	%edx,		%edi
- 568              		# 20_39 26 
- 569 04dd 8B542428 		movl	40(%esp),	%edx
- 570 04e1 8B6C2430 		movl	48(%esp),	%ebp
- 571 04e5 31EA     		xorl	%ebp,		%edx
- 572 04e7 8B6C2408 		movl	8(%esp),	%ebp
- 573 04eb 31EA     		xorl	%ebp,		%edx
- 574 04ed 8B6C241C 		movl	28(%esp),	%ebp
- 575 04f1 31EA     		xorl	%ebp,		%edx
- 576 04f3 89F5     		movl	%esi,		%ebp
- 577 04f5 D1       	.byte 209
- 578 04f6 C2       	.byte 194		# roll $1 %edx 
- 579 04f7 31C5     		xorl	%eax,		%ebp
- 580 04f9 89542428 		movl	%edx,		40(%esp)
- 581 04fd 31DD     		xorl	%ebx,		%ebp
- 582 04ff 8D940AA1 		leal	1859775393(%edx,%ecx,1),%edx
- 582      EBD96E
- 583 0506 89F9     		movl	%edi,		%ecx
- 584 0508 C1C105   		roll	$5,		%ecx
- 585 050b D1       	.byte 209
- 586 050c CE       	.byte 206		# rorl $1 %esi 
- 587 050d 01E9     		addl	%ebp,		%ecx
- 588 050f D1       	.byte 209
- 589 0510 CE       	.byte 206		# rorl $1 %esi 
- 590 0511 01CA     		addl	%ecx,		%edx
- 591              		# 20_39 27 
- 592 0513 8B4C242C 		movl	44(%esp),	%ecx
- 593 0517 8B6C2434 		movl	52(%esp),	%ebp
- 594 051b 31E9     		xorl	%ebp,		%ecx
- 595 051d 8B6C240C 		movl	12(%esp),	%ebp
- 596 0521 31E9     		xorl	%ebp,		%ecx
- 597 0523 8B6C2420 		movl	32(%esp),	%ebp
- 598 0527 31E9     		xorl	%ebp,		%ecx
- 599 0529 89FD     		movl	%edi,		%ebp
- 600 052b D1       	.byte 209
-GAS LISTING f.s 			page 12
-
-
- 601 052c C1       	.byte 193		# roll $1 %ecx 
- 602 052d 31F5     		xorl	%esi,		%ebp
- 603 052f 894C242C 		movl	%ecx,		44(%esp)
- 604 0533 31C5     		xorl	%eax,		%ebp
- 605 0535 8D8C19A1 		leal	1859775393(%ecx,%ebx,1),%ecx
- 605      EBD96E
- 606 053c 89D3     		movl	%edx,		%ebx
- 607 053e C1C305   		roll	$5,		%ebx
- 608 0541 D1       	.byte 209
- 609 0542 CF       	.byte 207		# rorl $1 %edi 
- 610 0543 01EB     		addl	%ebp,		%ebx
- 611 0545 D1       	.byte 209
- 612 0546 CF       	.byte 207		# rorl $1 %edi 
- 613 0547 01D9     		addl	%ebx,		%ecx
- 614              		# 20_39 28 
- 615 0549 8B5C2430 		movl	48(%esp),	%ebx
- 616 054d 8B6C2438 		movl	56(%esp),	%ebp
- 617 0551 31EB     		xorl	%ebp,		%ebx
- 618 0553 8B6C2410 		movl	16(%esp),	%ebp
- 619 0557 31EB     		xorl	%ebp,		%ebx
- 620 0559 8B6C2424 		movl	36(%esp),	%ebp
- 621 055d 31EB     		xorl	%ebp,		%ebx
- 622 055f 89D5     		movl	%edx,		%ebp
- 623 0561 D1       	.byte 209
- 624 0562 C3       	.byte 195		# roll $1 %ebx 
- 625 0563 31FD     		xorl	%edi,		%ebp
- 626 0565 895C2430 		movl	%ebx,		48(%esp)
- 627 0569 31F5     		xorl	%esi,		%ebp
- 628 056b 8D9C03A1 		leal	1859775393(%ebx,%eax,1),%ebx
- 628      EBD96E
- 629 0572 89C8     		movl	%ecx,		%eax
- 630 0574 C1C005   		roll	$5,		%eax
- 631 0577 D1       	.byte 209
- 632 0578 CA       	.byte 202		# rorl $1 %edx 
- 633 0579 01E8     		addl	%ebp,		%eax
- 634 057b D1       	.byte 209
- 635 057c CA       	.byte 202		# rorl $1 %edx 
- 636 057d 01C3     		addl	%eax,		%ebx
- 637              		# 20_39 29 
- 638 057f 8B442434 		movl	52(%esp),	%eax
- 639 0583 8B6C243C 		movl	60(%esp),	%ebp
- 640 0587 31E8     		xorl	%ebp,		%eax
- 641 0589 8B6C2414 		movl	20(%esp),	%ebp
- 642 058d 31E8     		xorl	%ebp,		%eax
- 643 058f 8B6C2428 		movl	40(%esp),	%ebp
- 644 0593 31E8     		xorl	%ebp,		%eax
- 645 0595 89CD     		movl	%ecx,		%ebp
- 646 0597 D1       	.byte 209
- 647 0598 C0       	.byte 192		# roll $1 %eax 
- 648 0599 31D5     		xorl	%edx,		%ebp
- 649 059b 89442434 		movl	%eax,		52(%esp)
- 650 059f 31FD     		xorl	%edi,		%ebp
- 651 05a1 8D8430A1 		leal	1859775393(%eax,%esi,1),%eax
- 651      EBD96E
- 652 05a8 89DE     		movl	%ebx,		%esi
- 653 05aa C1C605   		roll	$5,		%esi
- 654 05ad D1       	.byte 209
-GAS LISTING f.s 			page 13
-
-
- 655 05ae C9       	.byte 201		# rorl $1 %ecx 
- 656 05af 01EE     		addl	%ebp,		%esi
- 657 05b1 D1       	.byte 209
- 658 05b2 C9       	.byte 201		# rorl $1 %ecx 
- 659 05b3 01F0     		addl	%esi,		%eax
- 660              		# 20_39 30 
- 661 05b5 8B742438 		movl	56(%esp),	%esi
- 662 05b9 8B2C24   		movl	(%esp),		%ebp
- 663 05bc 31EE     		xorl	%ebp,		%esi
- 664 05be 8B6C2418 		movl	24(%esp),	%ebp
- 665 05c2 31EE     		xorl	%ebp,		%esi
- 666 05c4 8B6C242C 		movl	44(%esp),	%ebp
- 667 05c8 31EE     		xorl	%ebp,		%esi
- 668 05ca 89DD     		movl	%ebx,		%ebp
- 669 05cc D1       	.byte 209
- 670 05cd C6       	.byte 198		# roll $1 %esi 
- 671 05ce 31CD     		xorl	%ecx,		%ebp
- 672 05d0 89742438 		movl	%esi,		56(%esp)
- 673 05d4 31D5     		xorl	%edx,		%ebp
- 674 05d6 8DB43EA1 		leal	1859775393(%esi,%edi,1),%esi
- 674      EBD96E
- 675 05dd 89C7     		movl	%eax,		%edi
- 676 05df C1C705   		roll	$5,		%edi
- 677 05e2 D1       	.byte 209
- 678 05e3 CB       	.byte 203		# rorl $1 %ebx 
- 679 05e4 01EF     		addl	%ebp,		%edi
- 680 05e6 D1       	.byte 209
- 681 05e7 CB       	.byte 203		# rorl $1 %ebx 
- 682 05e8 01FE     		addl	%edi,		%esi
- 683              		# 20_39 31 
- 684 05ea 8B7C243C 		movl	60(%esp),	%edi
- 685 05ee 8B6C2404 		movl	4(%esp),	%ebp
- 686 05f2 31EF     		xorl	%ebp,		%edi
- 687 05f4 8B6C241C 		movl	28(%esp),	%ebp
- 688 05f8 31EF     		xorl	%ebp,		%edi
- 689 05fa 8B6C2430 		movl	48(%esp),	%ebp
- 690 05fe 31EF     		xorl	%ebp,		%edi
- 691 0600 89C5     		movl	%eax,		%ebp
- 692 0602 D1       	.byte 209
- 693 0603 C7       	.byte 199		# roll $1 %edi 
- 694 0604 31DD     		xorl	%ebx,		%ebp
- 695 0606 897C243C 		movl	%edi,		60(%esp)
- 696 060a 31CD     		xorl	%ecx,		%ebp
- 697 060c 8DBC17A1 		leal	1859775393(%edi,%edx,1),%edi
- 697      EBD96E
- 698 0613 89F2     		movl	%esi,		%edx
- 699 0615 C1C205   		roll	$5,		%edx
- 700 0618 D1       	.byte 209
- 701 0619 C8       	.byte 200		# rorl $1 %eax 
- 702 061a 01EA     		addl	%ebp,		%edx
- 703 061c D1       	.byte 209
- 704 061d C8       	.byte 200		# rorl $1 %eax 
- 705 061e 01D7     		addl	%edx,		%edi
- 706              		# 20_39 32 
- 707 0620 8B1424   		movl	(%esp),		%edx
- 708 0623 8B6C2408 		movl	8(%esp),	%ebp
- 709 0627 31EA     		xorl	%ebp,		%edx
-GAS LISTING f.s 			page 14
-
-
- 710 0629 8B6C2420 		movl	32(%esp),	%ebp
- 711 062d 31EA     		xorl	%ebp,		%edx
- 712 062f 8B6C2434 		movl	52(%esp),	%ebp
- 713 0633 31EA     		xorl	%ebp,		%edx
- 714 0635 89F5     		movl	%esi,		%ebp
- 715 0637 D1       	.byte 209
- 716 0638 C2       	.byte 194		# roll $1 %edx 
- 717 0639 31C5     		xorl	%eax,		%ebp
- 718 063b 891424   		movl	%edx,		(%esp)
- 719 063e 31DD     		xorl	%ebx,		%ebp
- 720 0640 8D940AA1 		leal	1859775393(%edx,%ecx,1),%edx
- 720      EBD96E
- 721 0647 89F9     		movl	%edi,		%ecx
- 722 0649 C1C105   		roll	$5,		%ecx
- 723 064c D1       	.byte 209
- 724 064d CE       	.byte 206		# rorl $1 %esi 
- 725 064e 01E9     		addl	%ebp,		%ecx
- 726 0650 D1       	.byte 209
- 727 0651 CE       	.byte 206		# rorl $1 %esi 
- 728 0652 01CA     		addl	%ecx,		%edx
- 729              		# 20_39 33 
- 730 0654 8B4C2404 		movl	4(%esp),	%ecx
- 731 0658 8B6C240C 		movl	12(%esp),	%ebp
- 732 065c 31E9     		xorl	%ebp,		%ecx
- 733 065e 8B6C2424 		movl	36(%esp),	%ebp
- 734 0662 31E9     		xorl	%ebp,		%ecx
- 735 0664 8B6C2438 		movl	56(%esp),	%ebp
- 736 0668 31E9     		xorl	%ebp,		%ecx
- 737 066a 89FD     		movl	%edi,		%ebp
- 738 066c D1       	.byte 209
- 739 066d C1       	.byte 193		# roll $1 %ecx 
- 740 066e 31F5     		xorl	%esi,		%ebp
- 741 0670 894C2404 		movl	%ecx,		4(%esp)
- 742 0674 31C5     		xorl	%eax,		%ebp
- 743 0676 8D8C19A1 		leal	1859775393(%ecx,%ebx,1),%ecx
- 743      EBD96E
- 744 067d 89D3     		movl	%edx,		%ebx
- 745 067f C1C305   		roll	$5,		%ebx
- 746 0682 D1       	.byte 209
- 747 0683 CF       	.byte 207		# rorl $1 %edi 
- 748 0684 01EB     		addl	%ebp,		%ebx
- 749 0686 D1       	.byte 209
- 750 0687 CF       	.byte 207		# rorl $1 %edi 
- 751 0688 01D9     		addl	%ebx,		%ecx
- 752              		# 20_39 34 
- 753 068a 8B5C2408 		movl	8(%esp),	%ebx
- 754 068e 8B6C2410 		movl	16(%esp),	%ebp
- 755 0692 31EB     		xorl	%ebp,		%ebx
- 756 0694 8B6C2428 		movl	40(%esp),	%ebp
- 757 0698 31EB     		xorl	%ebp,		%ebx
- 758 069a 8B6C243C 		movl	60(%esp),	%ebp
- 759 069e 31EB     		xorl	%ebp,		%ebx
- 760 06a0 89D5     		movl	%edx,		%ebp
- 761 06a2 D1       	.byte 209
- 762 06a3 C3       	.byte 195		# roll $1 %ebx 
- 763 06a4 31FD     		xorl	%edi,		%ebp
- 764 06a6 895C2408 		movl	%ebx,		8(%esp)
-GAS LISTING f.s 			page 15
-
-
- 765 06aa 31F5     		xorl	%esi,		%ebp
- 766 06ac 8D9C03A1 		leal	1859775393(%ebx,%eax,1),%ebx
- 766      EBD96E
- 767 06b3 89C8     		movl	%ecx,		%eax
- 768 06b5 C1C005   		roll	$5,		%eax
- 769 06b8 D1       	.byte 209
- 770 06b9 CA       	.byte 202		# rorl $1 %edx 
- 771 06ba 01E8     		addl	%ebp,		%eax
- 772 06bc D1       	.byte 209
- 773 06bd CA       	.byte 202		# rorl $1 %edx 
- 774 06be 01C3     		addl	%eax,		%ebx
- 775              		# 20_39 35 
- 776 06c0 8B44240C 		movl	12(%esp),	%eax
- 777 06c4 8B6C2414 		movl	20(%esp),	%ebp
- 778 06c8 31E8     		xorl	%ebp,		%eax
- 779 06ca 8B6C242C 		movl	44(%esp),	%ebp
- 780 06ce 31E8     		xorl	%ebp,		%eax
- 781 06d0 8B2C24   		movl	(%esp),		%ebp
- 782 06d3 31E8     		xorl	%ebp,		%eax
- 783 06d5 89CD     		movl	%ecx,		%ebp
- 784 06d7 D1       	.byte 209
- 785 06d8 C0       	.byte 192		# roll $1 %eax 
- 786 06d9 31D5     		xorl	%edx,		%ebp
- 787 06db 8944240C 		movl	%eax,		12(%esp)
- 788 06df 31FD     		xorl	%edi,		%ebp
- 789 06e1 8D8430A1 		leal	1859775393(%eax,%esi,1),%eax
- 789      EBD96E
- 790 06e8 89DE     		movl	%ebx,		%esi
- 791 06ea C1C605   		roll	$5,		%esi
- 792 06ed D1       	.byte 209
- 793 06ee C9       	.byte 201		# rorl $1 %ecx 
- 794 06ef 01EE     		addl	%ebp,		%esi
- 795 06f1 D1       	.byte 209
- 796 06f2 C9       	.byte 201		# rorl $1 %ecx 
- 797 06f3 01F0     		addl	%esi,		%eax
- 798              		# 20_39 36 
- 799 06f5 8B742410 		movl	16(%esp),	%esi
- 800 06f9 8B6C2418 		movl	24(%esp),	%ebp
- 801 06fd 31EE     		xorl	%ebp,		%esi
- 802 06ff 8B6C2430 		movl	48(%esp),	%ebp
- 803 0703 31EE     		xorl	%ebp,		%esi
- 804 0705 8B6C2404 		movl	4(%esp),	%ebp
- 805 0709 31EE     		xorl	%ebp,		%esi
- 806 070b 89DD     		movl	%ebx,		%ebp
- 807 070d D1       	.byte 209
- 808 070e C6       	.byte 198		# roll $1 %esi 
- 809 070f 31CD     		xorl	%ecx,		%ebp
- 810 0711 89742410 		movl	%esi,		16(%esp)
- 811 0715 31D5     		xorl	%edx,		%ebp
- 812 0717 8DB43EA1 		leal	1859775393(%esi,%edi,1),%esi
- 812      EBD96E
- 813 071e 89C7     		movl	%eax,		%edi
- 814 0720 C1C705   		roll	$5,		%edi
- 815 0723 D1       	.byte 209
- 816 0724 CB       	.byte 203		# rorl $1 %ebx 
- 817 0725 01EF     		addl	%ebp,		%edi
- 818 0727 D1       	.byte 209
-GAS LISTING f.s 			page 16
-
-
- 819 0728 CB       	.byte 203		# rorl $1 %ebx 
- 820 0729 01FE     		addl	%edi,		%esi
- 821              		# 20_39 37 
- 822 072b 8B7C2414 		movl	20(%esp),	%edi
- 823 072f 8B6C241C 		movl	28(%esp),	%ebp
- 824 0733 31EF     		xorl	%ebp,		%edi
- 825 0735 8B6C2434 		movl	52(%esp),	%ebp
- 826 0739 31EF     		xorl	%ebp,		%edi
- 827 073b 8B6C2408 		movl	8(%esp),	%ebp
- 828 073f 31EF     		xorl	%ebp,		%edi
- 829 0741 89C5     		movl	%eax,		%ebp
- 830 0743 D1       	.byte 209
- 831 0744 C7       	.byte 199		# roll $1 %edi 
- 832 0745 31DD     		xorl	%ebx,		%ebp
- 833 0747 897C2414 		movl	%edi,		20(%esp)
- 834 074b 31CD     		xorl	%ecx,		%ebp
- 835 074d 8DBC17A1 		leal	1859775393(%edi,%edx,1),%edi
- 835      EBD96E
- 836 0754 89F2     		movl	%esi,		%edx
- 837 0756 C1C205   		roll	$5,		%edx
- 838 0759 D1       	.byte 209
- 839 075a C8       	.byte 200		# rorl $1 %eax 
- 840 075b 01EA     		addl	%ebp,		%edx
- 841 075d D1       	.byte 209
- 842 075e C8       	.byte 200		# rorl $1 %eax 
- 843 075f 01D7     		addl	%edx,		%edi
- 844              		# 20_39 38 
- 845 0761 8B542418 		movl	24(%esp),	%edx
- 846 0765 8B6C2420 		movl	32(%esp),	%ebp
- 847 0769 31EA     		xorl	%ebp,		%edx
- 848 076b 8B6C2438 		movl	56(%esp),	%ebp
- 849 076f 31EA     		xorl	%ebp,		%edx
- 850 0771 8B6C240C 		movl	12(%esp),	%ebp
- 851 0775 31EA     		xorl	%ebp,		%edx
- 852 0777 89F5     		movl	%esi,		%ebp
- 853 0779 D1       	.byte 209
- 854 077a C2       	.byte 194		# roll $1 %edx 
- 855 077b 31C5     		xorl	%eax,		%ebp
- 856 077d 89542418 		movl	%edx,		24(%esp)
- 857 0781 31DD     		xorl	%ebx,		%ebp
- 858 0783 8D940AA1 		leal	1859775393(%edx,%ecx,1),%edx
- 858      EBD96E
- 859 078a 89F9     		movl	%edi,		%ecx
- 860 078c C1C105   		roll	$5,		%ecx
- 861 078f D1       	.byte 209
- 862 0790 CE       	.byte 206		# rorl $1 %esi 
- 863 0791 01E9     		addl	%ebp,		%ecx
- 864 0793 D1       	.byte 209
- 865 0794 CE       	.byte 206		# rorl $1 %esi 
- 866 0795 01CA     		addl	%ecx,		%edx
- 867              		# 20_39 39 
- 868 0797 8B4C241C 		movl	28(%esp),	%ecx
- 869 079b 8B6C2424 		movl	36(%esp),	%ebp
- 870 079f 31E9     		xorl	%ebp,		%ecx
- 871 07a1 8B6C243C 		movl	60(%esp),	%ebp
- 872 07a5 31E9     		xorl	%ebp,		%ecx
- 873 07a7 8B6C2410 		movl	16(%esp),	%ebp
-GAS LISTING f.s 			page 17
-
-
- 874 07ab 31E9     		xorl	%ebp,		%ecx
- 875 07ad 89FD     		movl	%edi,		%ebp
- 876 07af D1       	.byte 209
- 877 07b0 C1       	.byte 193		# roll $1 %ecx 
- 878 07b1 31F5     		xorl	%esi,		%ebp
- 879 07b3 894C241C 		movl	%ecx,		28(%esp)
- 880 07b7 31C5     		xorl	%eax,		%ebp
- 881 07b9 8D8C19A1 		leal	1859775393(%ecx,%ebx,1),%ecx
- 881      EBD96E
- 882 07c0 89D3     		movl	%edx,		%ebx
- 883 07c2 C1C305   		roll	$5,		%ebx
- 884 07c5 D1       	.byte 209
- 885 07c6 CF       	.byte 207		# rorl $1 %edi 
- 886 07c7 01EB     		addl	%ebp,		%ebx
- 887 07c9 D1       	.byte 209
- 888 07ca CF       	.byte 207		# rorl $1 %edi 
- 889 07cb 01D9     		addl	%ebx,		%ecx
- 890              		# 40_59 40 
- 891 07cd 8B5C2420 		movl	32(%esp),	%ebx
- 892 07d1 8B6C2428 		movl	40(%esp),	%ebp
- 893 07d5 31EB     		xorl	%ebp,		%ebx
- 894 07d7 8B2C24   		movl	(%esp),		%ebp
- 895 07da 31EB     		xorl	%ebp,		%ebx
- 896 07dc 8B6C2414 		movl	20(%esp),	%ebp
- 897 07e0 31EB     		xorl	%ebp,		%ebx
- 898 07e2 89D5     		movl	%edx,		%ebp
- 899 07e4 D1       	.byte 209
- 900 07e5 C3       	.byte 195		# roll $1 %ebx 
- 901 07e6 09FD     		orl	%edi,		%ebp
- 902 07e8 895C2420 		movl	%ebx,		32(%esp)
- 903 07ec 21F5     		andl	%esi,		%ebp
- 904 07ee 8D9C03DC 		leal	2400959708(%ebx,%eax,1),%ebx
- 904      BC1B8F
- 905 07f5 89D0     		movl	%edx,		%eax
- 906 07f7 D1       	.byte 209
- 907 07f8 CA       	.byte 202		# rorl $1 %edx 
- 908 07f9 21F8     		andl	%edi,		%eax
- 909 07fb 09C5     		orl	%eax,		%ebp
- 910 07fd 89C8     		movl	%ecx,		%eax
- 911 07ff C1C005   		roll	$5,		%eax
- 912 0802 01C5     		addl	%eax,		%ebp
- 913 0804 8B442424 		movl	36(%esp),	%eax
- 914 0808 01EB     		addl	%ebp,		%ebx
- 915 080a 8B6C242C 		movl	44(%esp),	%ebp
- 916 080e 31E8     		xorl	%ebp,		%eax
- 917 0810 8B6C2404 		movl	4(%esp),	%ebp
- 918 0814 31E8     		xorl	%ebp,		%eax
- 919 0816 8B6C2418 		movl	24(%esp),	%ebp
- 920 081a D1       	.byte 209
- 921 081b CA       	.byte 202		# rorl $1 %edx 
- 922 081c 31E8     		xorl	%ebp,		%eax
- 923 081e D1       	.byte 209
- 924 081f C0       	.byte 192		# roll $1 %eax 
- 925 0820 89CD     		movl	%ecx,		%ebp
- 926 0822 89442424 		movl	%eax,		36(%esp)
- 927 0826 09D5     		orl	%edx,		%ebp
- 928 0828 8D8430DC 		leal	2400959708(%eax,%esi,1),%eax
-GAS LISTING f.s 			page 18
-
-
- 928      BC1B8F
- 929 082f 89CE     		movl	%ecx,		%esi
- 930 0831 21FD     		andl	%edi,		%ebp
- 931 0833 21D6     		andl	%edx,		%esi
- 932 0835 09F5     		orl	%esi,		%ebp
- 933 0837 89DE     		movl	%ebx,		%esi
- 934 0839 C1C605   		roll	$5,		%esi
- 935 083c D1       	.byte 209
- 936 083d C9       	.byte 201		# rorl $1 %ecx 
- 937 083e 01F5     		addl	%esi,		%ebp
- 938 0840 D1       	.byte 209
- 939 0841 C9       	.byte 201		# rorl $1 %ecx 
- 940 0842 01E8     		addl	%ebp,		%eax
- 941              		# 40_59 41 
- 942              		# 40_59 42 
- 943 0844 8B742428 		movl	40(%esp),	%esi
- 944 0848 8B6C2430 		movl	48(%esp),	%ebp
- 945 084c 31EE     		xorl	%ebp,		%esi
- 946 084e 8B6C2408 		movl	8(%esp),	%ebp
- 947 0852 31EE     		xorl	%ebp,		%esi
- 948 0854 8B6C241C 		movl	28(%esp),	%ebp
- 949 0858 31EE     		xorl	%ebp,		%esi
- 950 085a 89DD     		movl	%ebx,		%ebp
- 951 085c D1       	.byte 209
- 952 085d C6       	.byte 198		# roll $1 %esi 
- 953 085e 09CD     		orl	%ecx,		%ebp
- 954 0860 89742428 		movl	%esi,		40(%esp)
- 955 0864 21D5     		andl	%edx,		%ebp
- 956 0866 8DB43EDC 		leal	2400959708(%esi,%edi,1),%esi
- 956      BC1B8F
- 957 086d 89DF     		movl	%ebx,		%edi
- 958 086f D1       	.byte 209
- 959 0870 CB       	.byte 203		# rorl $1 %ebx 
- 960 0871 21CF     		andl	%ecx,		%edi
- 961 0873 09FD     		orl	%edi,		%ebp
- 962 0875 89C7     		movl	%eax,		%edi
- 963 0877 C1C705   		roll	$5,		%edi
- 964 087a 01FD     		addl	%edi,		%ebp
- 965 087c 8B7C242C 		movl	44(%esp),	%edi
- 966 0880 01EE     		addl	%ebp,		%esi
- 967 0882 8B6C2434 		movl	52(%esp),	%ebp
- 968 0886 31EF     		xorl	%ebp,		%edi
- 969 0888 8B6C240C 		movl	12(%esp),	%ebp
- 970 088c 31EF     		xorl	%ebp,		%edi
- 971 088e 8B6C2420 		movl	32(%esp),	%ebp
- 972 0892 D1       	.byte 209
- 973 0893 CB       	.byte 203		# rorl $1 %ebx 
- 974 0894 31EF     		xorl	%ebp,		%edi
- 975 0896 D1       	.byte 209
- 976 0897 C7       	.byte 199		# roll $1 %edi 
- 977 0898 89C5     		movl	%eax,		%ebp
- 978 089a 897C242C 		movl	%edi,		44(%esp)
- 979 089e 09DD     		orl	%ebx,		%ebp
- 980 08a0 8DBC17DC 		leal	2400959708(%edi,%edx,1),%edi
- 980      BC1B8F
- 981 08a7 89C2     		movl	%eax,		%edx
- 982 08a9 21CD     		andl	%ecx,		%ebp
-GAS LISTING f.s 			page 19
-
-
- 983 08ab 21DA     		andl	%ebx,		%edx
- 984 08ad 09D5     		orl	%edx,		%ebp
- 985 08af 89F2     		movl	%esi,		%edx
- 986 08b1 C1C205   		roll	$5,		%edx
- 987 08b4 D1       	.byte 209
- 988 08b5 C8       	.byte 200		# rorl $1 %eax 
- 989 08b6 01D5     		addl	%edx,		%ebp
- 990 08b8 D1       	.byte 209
- 991 08b9 C8       	.byte 200		# rorl $1 %eax 
- 992 08ba 01EF     		addl	%ebp,		%edi
- 993              		# 40_59 43 
- 994              		# 40_59 44 
- 995 08bc 8B542430 		movl	48(%esp),	%edx
- 996 08c0 8B6C2438 		movl	56(%esp),	%ebp
- 997 08c4 31EA     		xorl	%ebp,		%edx
- 998 08c6 8B6C2410 		movl	16(%esp),	%ebp
- 999 08ca 31EA     		xorl	%ebp,		%edx
- 1000 08cc 8B6C2424 		movl	36(%esp),	%ebp
- 1001 08d0 31EA     		xorl	%ebp,		%edx
- 1002 08d2 89F5     		movl	%esi,		%ebp
- 1003 08d4 D1       	.byte 209
- 1004 08d5 C2       	.byte 194		# roll $1 %edx 
- 1005 08d6 09C5     		orl	%eax,		%ebp
- 1006 08d8 89542430 		movl	%edx,		48(%esp)
- 1007 08dc 21DD     		andl	%ebx,		%ebp
- 1008 08de 8D940ADC 		leal	2400959708(%edx,%ecx,1),%edx
- 1008      BC1B8F
- 1009 08e5 89F1     		movl	%esi,		%ecx
- 1010 08e7 D1       	.byte 209
- 1011 08e8 CE       	.byte 206		# rorl $1 %esi 
- 1012 08e9 21C1     		andl	%eax,		%ecx
- 1013 08eb 09CD     		orl	%ecx,		%ebp
- 1014 08ed 89F9     		movl	%edi,		%ecx
- 1015 08ef C1C105   		roll	$5,		%ecx
- 1016 08f2 01CD     		addl	%ecx,		%ebp
- 1017 08f4 8B4C2434 		movl	52(%esp),	%ecx
- 1018 08f8 01EA     		addl	%ebp,		%edx
- 1019 08fa 8B6C243C 		movl	60(%esp),	%ebp
- 1020 08fe 31E9     		xorl	%ebp,		%ecx
- 1021 0900 8B6C2414 		movl	20(%esp),	%ebp
- 1022 0904 31E9     		xorl	%ebp,		%ecx
- 1023 0906 8B6C2428 		movl	40(%esp),	%ebp
- 1024 090a D1       	.byte 209
- 1025 090b CE       	.byte 206		# rorl $1 %esi 
- 1026 090c 31E9     		xorl	%ebp,		%ecx
- 1027 090e D1       	.byte 209
- 1028 090f C1       	.byte 193		# roll $1 %ecx 
- 1029 0910 89FD     		movl	%edi,		%ebp
- 1030 0912 894C2434 		movl	%ecx,		52(%esp)
- 1031 0916 09F5     		orl	%esi,		%ebp
- 1032 0918 8D8C19DC 		leal	2400959708(%ecx,%ebx,1),%ecx
- 1032      BC1B8F
- 1033 091f 89FB     		movl	%edi,		%ebx
- 1034 0921 21C5     		andl	%eax,		%ebp
- 1035 0923 21F3     		andl	%esi,		%ebx
- 1036 0925 09DD     		orl	%ebx,		%ebp
- 1037 0927 89D3     		movl	%edx,		%ebx
-GAS LISTING f.s 			page 20
-
-
- 1038 0929 C1C305   		roll	$5,		%ebx
- 1039 092c D1       	.byte 209
- 1040 092d CF       	.byte 207		# rorl $1 %edi 
- 1041 092e 01DD     		addl	%ebx,		%ebp
- 1042 0930 D1       	.byte 209
- 1043 0931 CF       	.byte 207		# rorl $1 %edi 
- 1044 0932 01E9     		addl	%ebp,		%ecx
- 1045              		# 40_59 45 
- 1046              		# 40_59 46 
- 1047 0934 8B5C2438 		movl	56(%esp),	%ebx
- 1048 0938 8B2C24   		movl	(%esp),		%ebp
- 1049 093b 31EB     		xorl	%ebp,		%ebx
- 1050 093d 8B6C2418 		movl	24(%esp),	%ebp
- 1051 0941 31EB     		xorl	%ebp,		%ebx
- 1052 0943 8B6C242C 		movl	44(%esp),	%ebp
- 1053 0947 31EB     		xorl	%ebp,		%ebx
- 1054 0949 89D5     		movl	%edx,		%ebp
- 1055 094b D1       	.byte 209
- 1056 094c C3       	.byte 195		# roll $1 %ebx 
- 1057 094d 09FD     		orl	%edi,		%ebp
- 1058 094f 895C2438 		movl	%ebx,		56(%esp)
- 1059 0953 21F5     		andl	%esi,		%ebp
- 1060 0955 8D9C03DC 		leal	2400959708(%ebx,%eax,1),%ebx
- 1060      BC1B8F
- 1061 095c 89D0     		movl	%edx,		%eax
- 1062 095e D1       	.byte 209
- 1063 095f CA       	.byte 202		# rorl $1 %edx 
- 1064 0960 21F8     		andl	%edi,		%eax
- 1065 0962 09C5     		orl	%eax,		%ebp
- 1066 0964 89C8     		movl	%ecx,		%eax
- 1067 0966 C1C005   		roll	$5,		%eax
- 1068 0969 01C5     		addl	%eax,		%ebp
- 1069 096b 8B44243C 		movl	60(%esp),	%eax
- 1070 096f 01EB     		addl	%ebp,		%ebx
- 1071 0971 8B6C2404 		movl	4(%esp),	%ebp
- 1072 0975 31E8     		xorl	%ebp,		%eax
- 1073 0977 8B6C241C 		movl	28(%esp),	%ebp
- 1074 097b 31E8     		xorl	%ebp,		%eax
- 1075 097d 8B6C2430 		movl	48(%esp),	%ebp
- 1076 0981 D1       	.byte 209
- 1077 0982 CA       	.byte 202		# rorl $1 %edx 
- 1078 0983 31E8     		xorl	%ebp,		%eax
- 1079 0985 D1       	.byte 209
- 1080 0986 C0       	.byte 192		# roll $1 %eax 
- 1081 0987 89CD     		movl	%ecx,		%ebp
- 1082 0989 8944243C 		movl	%eax,		60(%esp)
- 1083 098d 09D5     		orl	%edx,		%ebp
- 1084 098f 8D8430DC 		leal	2400959708(%eax,%esi,1),%eax
- 1084      BC1B8F
- 1085 0996 89CE     		movl	%ecx,		%esi
- 1086 0998 21FD     		andl	%edi,		%ebp
- 1087 099a 21D6     		andl	%edx,		%esi
- 1088 099c 09F5     		orl	%esi,		%ebp
- 1089 099e 89DE     		movl	%ebx,		%esi
- 1090 09a0 C1C605   		roll	$5,		%esi
- 1091 09a3 D1       	.byte 209
- 1092 09a4 C9       	.byte 201		# rorl $1 %ecx 
-GAS LISTING f.s 			page 21
-
-
- 1093 09a5 01F5     		addl	%esi,		%ebp
- 1094 09a7 D1       	.byte 209
- 1095 09a8 C9       	.byte 201		# rorl $1 %ecx 
- 1096 09a9 01E8     		addl	%ebp,		%eax
- 1097              		# 40_59 47 
- 1098              		# 40_59 48 
- 1099 09ab 8B3424   		movl	(%esp),		%esi
- 1100 09ae 8B6C2408 		movl	8(%esp),	%ebp
- 1101 09b2 31EE     		xorl	%ebp,		%esi
- 1102 09b4 8B6C2420 		movl	32(%esp),	%ebp
- 1103 09b8 31EE     		xorl	%ebp,		%esi
- 1104 09ba 8B6C2434 		movl	52(%esp),	%ebp
- 1105 09be 31EE     		xorl	%ebp,		%esi
- 1106 09c0 89DD     		movl	%ebx,		%ebp
- 1107 09c2 D1       	.byte 209
- 1108 09c3 C6       	.byte 198		# roll $1 %esi 
- 1109 09c4 09CD     		orl	%ecx,		%ebp
- 1110 09c6 893424   		movl	%esi,		(%esp)
- 1111 09c9 21D5     		andl	%edx,		%ebp
- 1112 09cb 8DB43EDC 		leal	2400959708(%esi,%edi,1),%esi
- 1112      BC1B8F
- 1113 09d2 89DF     		movl	%ebx,		%edi
- 1114 09d4 D1       	.byte 209
- 1115 09d5 CB       	.byte 203		# rorl $1 %ebx 
- 1116 09d6 21CF     		andl	%ecx,		%edi
- 1117 09d8 09FD     		orl	%edi,		%ebp
- 1118 09da 89C7     		movl	%eax,		%edi
- 1119 09dc C1C705   		roll	$5,		%edi
- 1120 09df 01FD     		addl	%edi,		%ebp
- 1121 09e1 8B7C2404 		movl	4(%esp),	%edi
- 1122 09e5 01EE     		addl	%ebp,		%esi
- 1123 09e7 8B6C240C 		movl	12(%esp),	%ebp
- 1124 09eb 31EF     		xorl	%ebp,		%edi
- 1125 09ed 8B6C2424 		movl	36(%esp),	%ebp
- 1126 09f1 31EF     		xorl	%ebp,		%edi
- 1127 09f3 8B6C2438 		movl	56(%esp),	%ebp
- 1128 09f7 D1       	.byte 209
- 1129 09f8 CB       	.byte 203		# rorl $1 %ebx 
- 1130 09f9 31EF     		xorl	%ebp,		%edi
- 1131 09fb D1       	.byte 209
- 1132 09fc C7       	.byte 199		# roll $1 %edi 
- 1133 09fd 89C5     		movl	%eax,		%ebp
- 1134 09ff 897C2404 		movl	%edi,		4(%esp)
- 1135 0a03 09DD     		orl	%ebx,		%ebp
- 1136 0a05 8DBC17DC 		leal	2400959708(%edi,%edx,1),%edi
- 1136      BC1B8F
- 1137 0a0c 89C2     		movl	%eax,		%edx
- 1138 0a0e 21CD     		andl	%ecx,		%ebp
- 1139 0a10 21DA     		andl	%ebx,		%edx
- 1140 0a12 09D5     		orl	%edx,		%ebp
- 1141 0a14 89F2     		movl	%esi,		%edx
- 1142 0a16 C1C205   		roll	$5,		%edx
- 1143 0a19 D1       	.byte 209
- 1144 0a1a C8       	.byte 200		# rorl $1 %eax 
- 1145 0a1b 01D5     		addl	%edx,		%ebp
- 1146 0a1d D1       	.byte 209
- 1147 0a1e C8       	.byte 200		# rorl $1 %eax 
-GAS LISTING f.s 			page 22
-
-
- 1148 0a1f 01EF     		addl	%ebp,		%edi
- 1149              		# 40_59 49 
- 1150              		# 40_59 50 
- 1151 0a21 8B542408 		movl	8(%esp),	%edx
- 1152 0a25 8B6C2410 		movl	16(%esp),	%ebp
- 1153 0a29 31EA     		xorl	%ebp,		%edx
- 1154 0a2b 8B6C2428 		movl	40(%esp),	%ebp
- 1155 0a2f 31EA     		xorl	%ebp,		%edx
- 1156 0a31 8B6C243C 		movl	60(%esp),	%ebp
- 1157 0a35 31EA     		xorl	%ebp,		%edx
- 1158 0a37 89F5     		movl	%esi,		%ebp
- 1159 0a39 D1       	.byte 209
- 1160 0a3a C2       	.byte 194		# roll $1 %edx 
- 1161 0a3b 09C5     		orl	%eax,		%ebp
- 1162 0a3d 89542408 		movl	%edx,		8(%esp)
- 1163 0a41 21DD     		andl	%ebx,		%ebp
- 1164 0a43 8D940ADC 		leal	2400959708(%edx,%ecx,1),%edx
- 1164      BC1B8F
- 1165 0a4a 89F1     		movl	%esi,		%ecx
- 1166 0a4c D1       	.byte 209
- 1167 0a4d CE       	.byte 206		# rorl $1 %esi 
- 1168 0a4e 21C1     		andl	%eax,		%ecx
- 1169 0a50 09CD     		orl	%ecx,		%ebp
- 1170 0a52 89F9     		movl	%edi,		%ecx
- 1171 0a54 C1C105   		roll	$5,		%ecx
- 1172 0a57 01CD     		addl	%ecx,		%ebp
- 1173 0a59 8B4C240C 		movl	12(%esp),	%ecx
- 1174 0a5d 01EA     		addl	%ebp,		%edx
- 1175 0a5f 8B6C2414 		movl	20(%esp),	%ebp
- 1176 0a63 31E9     		xorl	%ebp,		%ecx
- 1177 0a65 8B6C242C 		movl	44(%esp),	%ebp
- 1178 0a69 31E9     		xorl	%ebp,		%ecx
- 1179 0a6b 8B2C24   		movl	(%esp),		%ebp
- 1180 0a6e D1       	.byte 209
- 1181 0a6f CE       	.byte 206		# rorl $1 %esi 
- 1182 0a70 31E9     		xorl	%ebp,		%ecx
- 1183 0a72 D1       	.byte 209
- 1184 0a73 C1       	.byte 193		# roll $1 %ecx 
- 1185 0a74 89FD     		movl	%edi,		%ebp
- 1186 0a76 894C240C 		movl	%ecx,		12(%esp)
- 1187 0a7a 09F5     		orl	%esi,		%ebp
- 1188 0a7c 8D8C19DC 		leal	2400959708(%ecx,%ebx,1),%ecx
- 1188      BC1B8F
- 1189 0a83 89FB     		movl	%edi,		%ebx
- 1190 0a85 21C5     		andl	%eax,		%ebp
- 1191 0a87 21F3     		andl	%esi,		%ebx
- 1192 0a89 09DD     		orl	%ebx,		%ebp
- 1193 0a8b 89D3     		movl	%edx,		%ebx
- 1194 0a8d C1C305   		roll	$5,		%ebx
- 1195 0a90 D1       	.byte 209
- 1196 0a91 CF       	.byte 207		# rorl $1 %edi 
- 1197 0a92 01DD     		addl	%ebx,		%ebp
- 1198 0a94 D1       	.byte 209
- 1199 0a95 CF       	.byte 207		# rorl $1 %edi 
- 1200 0a96 01E9     		addl	%ebp,		%ecx
- 1201              		# 40_59 51 
- 1202              		# 40_59 52 
-GAS LISTING f.s 			page 23
-
-
- 1203 0a98 8B5C2410 		movl	16(%esp),	%ebx
- 1204 0a9c 8B6C2418 		movl	24(%esp),	%ebp
- 1205 0aa0 31EB     		xorl	%ebp,		%ebx
- 1206 0aa2 8B6C2430 		movl	48(%esp),	%ebp
- 1207 0aa6 31EB     		xorl	%ebp,		%ebx
- 1208 0aa8 8B6C2404 		movl	4(%esp),	%ebp
- 1209 0aac 31EB     		xorl	%ebp,		%ebx
- 1210 0aae 89D5     		movl	%edx,		%ebp
- 1211 0ab0 D1       	.byte 209
- 1212 0ab1 C3       	.byte 195		# roll $1 %ebx 
- 1213 0ab2 09FD     		orl	%edi,		%ebp
- 1214 0ab4 895C2410 		movl	%ebx,		16(%esp)
- 1215 0ab8 21F5     		andl	%esi,		%ebp
- 1216 0aba 8D9C03DC 		leal	2400959708(%ebx,%eax,1),%ebx
- 1216      BC1B8F
- 1217 0ac1 89D0     		movl	%edx,		%eax
- 1218 0ac3 D1       	.byte 209
- 1219 0ac4 CA       	.byte 202		# rorl $1 %edx 
- 1220 0ac5 21F8     		andl	%edi,		%eax
- 1221 0ac7 09C5     		orl	%eax,		%ebp
- 1222 0ac9 89C8     		movl	%ecx,		%eax
- 1223 0acb C1C005   		roll	$5,		%eax
- 1224 0ace 01C5     		addl	%eax,		%ebp
- 1225 0ad0 8B442414 		movl	20(%esp),	%eax
- 1226 0ad4 01EB     		addl	%ebp,		%ebx
- 1227 0ad6 8B6C241C 		movl	28(%esp),	%ebp
- 1228 0ada 31E8     		xorl	%ebp,		%eax
- 1229 0adc 8B6C2434 		movl	52(%esp),	%ebp
- 1230 0ae0 31E8     		xorl	%ebp,		%eax
- 1231 0ae2 8B6C2408 		movl	8(%esp),	%ebp
- 1232 0ae6 D1       	.byte 209
- 1233 0ae7 CA       	.byte 202		# rorl $1 %edx 
- 1234 0ae8 31E8     		xorl	%ebp,		%eax
- 1235 0aea D1       	.byte 209
- 1236 0aeb C0       	.byte 192		# roll $1 %eax 
- 1237 0aec 89CD     		movl	%ecx,		%ebp
- 1238 0aee 89442414 		movl	%eax,		20(%esp)
- 1239 0af2 09D5     		orl	%edx,		%ebp
- 1240 0af4 8D8430DC 		leal	2400959708(%eax,%esi,1),%eax
- 1240      BC1B8F
- 1241 0afb 89CE     		movl	%ecx,		%esi
- 1242 0afd 21FD     		andl	%edi,		%ebp
- 1243 0aff 21D6     		andl	%edx,		%esi
- 1244 0b01 09F5     		orl	%esi,		%ebp
- 1245 0b03 89DE     		movl	%ebx,		%esi
- 1246 0b05 C1C605   		roll	$5,		%esi
- 1247 0b08 D1       	.byte 209
- 1248 0b09 C9       	.byte 201		# rorl $1 %ecx 
- 1249 0b0a 01F5     		addl	%esi,		%ebp
- 1250 0b0c D1       	.byte 209
- 1251 0b0d C9       	.byte 201		# rorl $1 %ecx 
- 1252 0b0e 01E8     		addl	%ebp,		%eax
- 1253              		# 40_59 53 
- 1254              		# 40_59 54 
- 1255 0b10 8B742418 		movl	24(%esp),	%esi
- 1256 0b14 8B6C2420 		movl	32(%esp),	%ebp
- 1257 0b18 31EE     		xorl	%ebp,		%esi
-GAS LISTING f.s 			page 24
-
-
- 1258 0b1a 8B6C2438 		movl	56(%esp),	%ebp
- 1259 0b1e 31EE     		xorl	%ebp,		%esi
- 1260 0b20 8B6C240C 		movl	12(%esp),	%ebp
- 1261 0b24 31EE     		xorl	%ebp,		%esi
- 1262 0b26 89DD     		movl	%ebx,		%ebp
- 1263 0b28 D1       	.byte 209
- 1264 0b29 C6       	.byte 198		# roll $1 %esi 
- 1265 0b2a 09CD     		orl	%ecx,		%ebp
- 1266 0b2c 89742418 		movl	%esi,		24(%esp)
- 1267 0b30 21D5     		andl	%edx,		%ebp
- 1268 0b32 8DB43EDC 		leal	2400959708(%esi,%edi,1),%esi
- 1268      BC1B8F
- 1269 0b39 89DF     		movl	%ebx,		%edi
- 1270 0b3b D1       	.byte 209
- 1271 0b3c CB       	.byte 203		# rorl $1 %ebx 
- 1272 0b3d 21CF     		andl	%ecx,		%edi
- 1273 0b3f 09FD     		orl	%edi,		%ebp
- 1274 0b41 89C7     		movl	%eax,		%edi
- 1275 0b43 C1C705   		roll	$5,		%edi
- 1276 0b46 01FD     		addl	%edi,		%ebp
- 1277 0b48 8B7C241C 		movl	28(%esp),	%edi
- 1278 0b4c 01EE     		addl	%ebp,		%esi
- 1279 0b4e 8B6C2424 		movl	36(%esp),	%ebp
- 1280 0b52 31EF     		xorl	%ebp,		%edi
- 1281 0b54 8B6C243C 		movl	60(%esp),	%ebp
- 1282 0b58 31EF     		xorl	%ebp,		%edi
- 1283 0b5a 8B6C2410 		movl	16(%esp),	%ebp
- 1284 0b5e D1       	.byte 209
- 1285 0b5f CB       	.byte 203		# rorl $1 %ebx 
- 1286 0b60 31EF     		xorl	%ebp,		%edi
- 1287 0b62 D1       	.byte 209
- 1288 0b63 C7       	.byte 199		# roll $1 %edi 
- 1289 0b64 89C5     		movl	%eax,		%ebp
- 1290 0b66 897C241C 		movl	%edi,		28(%esp)
- 1291 0b6a 09DD     		orl	%ebx,		%ebp
- 1292 0b6c 8DBC17DC 		leal	2400959708(%edi,%edx,1),%edi
- 1292      BC1B8F
- 1293 0b73 89C2     		movl	%eax,		%edx
- 1294 0b75 21CD     		andl	%ecx,		%ebp
- 1295 0b77 21DA     		andl	%ebx,		%edx
- 1296 0b79 09D5     		orl	%edx,		%ebp
- 1297 0b7b 89F2     		movl	%esi,		%edx
- 1298 0b7d C1C205   		roll	$5,		%edx
- 1299 0b80 D1       	.byte 209
- 1300 0b81 C8       	.byte 200		# rorl $1 %eax 
- 1301 0b82 01D5     		addl	%edx,		%ebp
- 1302 0b84 D1       	.byte 209
- 1303 0b85 C8       	.byte 200		# rorl $1 %eax 
- 1304 0b86 01EF     		addl	%ebp,		%edi
- 1305              		# 40_59 55 
- 1306              		# 40_59 56 
- 1307 0b88 8B542420 		movl	32(%esp),	%edx
- 1308 0b8c 8B6C2428 		movl	40(%esp),	%ebp
- 1309 0b90 31EA     		xorl	%ebp,		%edx
- 1310 0b92 8B2C24   		movl	(%esp),		%ebp
- 1311 0b95 31EA     		xorl	%ebp,		%edx
- 1312 0b97 8B6C2414 		movl	20(%esp),	%ebp
-GAS LISTING f.s 			page 25
-
-
- 1313 0b9b 31EA     		xorl	%ebp,		%edx
- 1314 0b9d 89F5     		movl	%esi,		%ebp
- 1315 0b9f D1       	.byte 209
- 1316 0ba0 C2       	.byte 194		# roll $1 %edx 
- 1317 0ba1 09C5     		orl	%eax,		%ebp
- 1318 0ba3 89542420 		movl	%edx,		32(%esp)
- 1319 0ba7 21DD     		andl	%ebx,		%ebp
- 1320 0ba9 8D940ADC 		leal	2400959708(%edx,%ecx,1),%edx
- 1320      BC1B8F
- 1321 0bb0 89F1     		movl	%esi,		%ecx
- 1322 0bb2 D1       	.byte 209
- 1323 0bb3 CE       	.byte 206		# rorl $1 %esi 
- 1324 0bb4 21C1     		andl	%eax,		%ecx
- 1325 0bb6 09CD     		orl	%ecx,		%ebp
- 1326 0bb8 89F9     		movl	%edi,		%ecx
- 1327 0bba C1C105   		roll	$5,		%ecx
- 1328 0bbd 01CD     		addl	%ecx,		%ebp
- 1329 0bbf 8B4C2424 		movl	36(%esp),	%ecx
- 1330 0bc3 01EA     		addl	%ebp,		%edx
- 1331 0bc5 8B6C242C 		movl	44(%esp),	%ebp
- 1332 0bc9 31E9     		xorl	%ebp,		%ecx
- 1333 0bcb 8B6C2404 		movl	4(%esp),	%ebp
- 1334 0bcf 31E9     		xorl	%ebp,		%ecx
- 1335 0bd1 8B6C2418 		movl	24(%esp),	%ebp
- 1336 0bd5 D1       	.byte 209
- 1337 0bd6 CE       	.byte 206		# rorl $1 %esi 
- 1338 0bd7 31E9     		xorl	%ebp,		%ecx
- 1339 0bd9 D1       	.byte 209
- 1340 0bda C1       	.byte 193		# roll $1 %ecx 
- 1341 0bdb 89FD     		movl	%edi,		%ebp
- 1342 0bdd 894C2424 		movl	%ecx,		36(%esp)
- 1343 0be1 09F5     		orl	%esi,		%ebp
- 1344 0be3 8D8C19DC 		leal	2400959708(%ecx,%ebx,1),%ecx
- 1344      BC1B8F
- 1345 0bea 89FB     		movl	%edi,		%ebx
- 1346 0bec 21C5     		andl	%eax,		%ebp
- 1347 0bee 21F3     		andl	%esi,		%ebx
- 1348 0bf0 09DD     		orl	%ebx,		%ebp
- 1349 0bf2 89D3     		movl	%edx,		%ebx
- 1350 0bf4 C1C305   		roll	$5,		%ebx
- 1351 0bf7 D1       	.byte 209
- 1352 0bf8 CF       	.byte 207		# rorl $1 %edi 
- 1353 0bf9 01DD     		addl	%ebx,		%ebp
- 1354 0bfb D1       	.byte 209
- 1355 0bfc CF       	.byte 207		# rorl $1 %edi 
- 1356 0bfd 01E9     		addl	%ebp,		%ecx
- 1357              		# 40_59 57 
- 1358              		# 40_59 58 
- 1359 0bff 8B5C2428 		movl	40(%esp),	%ebx
- 1360 0c03 8B6C2430 		movl	48(%esp),	%ebp
- 1361 0c07 31EB     		xorl	%ebp,		%ebx
- 1362 0c09 8B6C2408 		movl	8(%esp),	%ebp
- 1363 0c0d 31EB     		xorl	%ebp,		%ebx
- 1364 0c0f 8B6C241C 		movl	28(%esp),	%ebp
- 1365 0c13 31EB     		xorl	%ebp,		%ebx
- 1366 0c15 89D5     		movl	%edx,		%ebp
- 1367 0c17 D1       	.byte 209
-GAS LISTING f.s 			page 26
-
-
- 1368 0c18 C3       	.byte 195		# roll $1 %ebx 
- 1369 0c19 09FD     		orl	%edi,		%ebp
- 1370 0c1b 895C2428 		movl	%ebx,		40(%esp)
- 1371 0c1f 21F5     		andl	%esi,		%ebp
- 1372 0c21 8D9C03DC 		leal	2400959708(%ebx,%eax,1),%ebx
- 1372      BC1B8F
- 1373 0c28 89D0     		movl	%edx,		%eax
- 1374 0c2a D1       	.byte 209
- 1375 0c2b CA       	.byte 202		# rorl $1 %edx 
- 1376 0c2c 21F8     		andl	%edi,		%eax
- 1377 0c2e 09C5     		orl	%eax,		%ebp
- 1378 0c30 89C8     		movl	%ecx,		%eax
- 1379 0c32 C1C005   		roll	$5,		%eax
- 1380 0c35 01C5     		addl	%eax,		%ebp
- 1381 0c37 8B44242C 		movl	44(%esp),	%eax
- 1382 0c3b 01EB     		addl	%ebp,		%ebx
- 1383 0c3d 8B6C2434 		movl	52(%esp),	%ebp
- 1384 0c41 31E8     		xorl	%ebp,		%eax
- 1385 0c43 8B6C240C 		movl	12(%esp),	%ebp
- 1386 0c47 31E8     		xorl	%ebp,		%eax
- 1387 0c49 8B6C2420 		movl	32(%esp),	%ebp
- 1388 0c4d D1       	.byte 209
- 1389 0c4e CA       	.byte 202		# rorl $1 %edx 
- 1390 0c4f 31E8     		xorl	%ebp,		%eax
- 1391 0c51 D1       	.byte 209
- 1392 0c52 C0       	.byte 192		# roll $1 %eax 
- 1393 0c53 89CD     		movl	%ecx,		%ebp
- 1394 0c55 8944242C 		movl	%eax,		44(%esp)
- 1395 0c59 09D5     		orl	%edx,		%ebp
- 1396 0c5b 8D8430DC 		leal	2400959708(%eax,%esi,1),%eax
- 1396      BC1B8F
- 1397 0c62 89CE     		movl	%ecx,		%esi
- 1398 0c64 21FD     		andl	%edi,		%ebp
- 1399 0c66 21D6     		andl	%edx,		%esi
- 1400 0c68 09F5     		orl	%esi,		%ebp
- 1401 0c6a 89DE     		movl	%ebx,		%esi
- 1402 0c6c C1C605   		roll	$5,		%esi
- 1403 0c6f D1       	.byte 209
- 1404 0c70 C9       	.byte 201		# rorl $1 %ecx 
- 1405 0c71 01F5     		addl	%esi,		%ebp
- 1406 0c73 D1       	.byte 209
- 1407 0c74 C9       	.byte 201		# rorl $1 %ecx 
- 1408 0c75 01E8     		addl	%ebp,		%eax
- 1409              		# 40_59 59 
- 1410              		# 20_39 60 
- 1411 0c77 8B742430 		movl	48(%esp),	%esi
- 1412 0c7b 8B6C2438 		movl	56(%esp),	%ebp
- 1413 0c7f 31EE     		xorl	%ebp,		%esi
- 1414 0c81 8B6C2410 		movl	16(%esp),	%ebp
- 1415 0c85 31EE     		xorl	%ebp,		%esi
- 1416 0c87 8B6C2424 		movl	36(%esp),	%ebp
- 1417 0c8b 31EE     		xorl	%ebp,		%esi
- 1418 0c8d 89DD     		movl	%ebx,		%ebp
- 1419 0c8f D1       	.byte 209
- 1420 0c90 C6       	.byte 198		# roll $1 %esi 
- 1421 0c91 31CD     		xorl	%ecx,		%ebp
- 1422 0c93 89742430 		movl	%esi,		48(%esp)
-GAS LISTING f.s 			page 27
-
-
- 1423 0c97 31D5     		xorl	%edx,		%ebp
- 1424 0c99 8DB43ED6 		leal	3395469782(%esi,%edi,1),%esi
- 1424      C162CA
- 1425 0ca0 89C7     		movl	%eax,		%edi
- 1426 0ca2 C1C705   		roll	$5,		%edi
- 1427 0ca5 D1       	.byte 209
- 1428 0ca6 CB       	.byte 203		# rorl $1 %ebx 
- 1429 0ca7 01EF     		addl	%ebp,		%edi
- 1430 0ca9 D1       	.byte 209
- 1431 0caa CB       	.byte 203		# rorl $1 %ebx 
- 1432 0cab 01FE     		addl	%edi,		%esi
- 1433              		# 20_39 61 
- 1434 0cad 8B7C2434 		movl	52(%esp),	%edi
- 1435 0cb1 8B6C243C 		movl	60(%esp),	%ebp
- 1436 0cb5 31EF     		xorl	%ebp,		%edi
- 1437 0cb7 8B6C2414 		movl	20(%esp),	%ebp
- 1438 0cbb 31EF     		xorl	%ebp,		%edi
- 1439 0cbd 8B6C2428 		movl	40(%esp),	%ebp
- 1440 0cc1 31EF     		xorl	%ebp,		%edi
- 1441 0cc3 89C5     		movl	%eax,		%ebp
- 1442 0cc5 D1       	.byte 209
- 1443 0cc6 C7       	.byte 199		# roll $1 %edi 
- 1444 0cc7 31DD     		xorl	%ebx,		%ebp
- 1445 0cc9 897C2434 		movl	%edi,		52(%esp)
- 1446 0ccd 31CD     		xorl	%ecx,		%ebp
- 1447 0ccf 8DBC17D6 		leal	3395469782(%edi,%edx,1),%edi
- 1447      C162CA
- 1448 0cd6 89F2     		movl	%esi,		%edx
- 1449 0cd8 C1C205   		roll	$5,		%edx
- 1450 0cdb D1       	.byte 209
- 1451 0cdc C8       	.byte 200		# rorl $1 %eax 
- 1452 0cdd 01EA     		addl	%ebp,		%edx
- 1453 0cdf D1       	.byte 209
- 1454 0ce0 C8       	.byte 200		# rorl $1 %eax 
- 1455 0ce1 01D7     		addl	%edx,		%edi
- 1456              		# 20_39 62 
- 1457 0ce3 8B542438 		movl	56(%esp),	%edx
- 1458 0ce7 8B2C24   		movl	(%esp),		%ebp
- 1459 0cea 31EA     		xorl	%ebp,		%edx
- 1460 0cec 8B6C2418 		movl	24(%esp),	%ebp
- 1461 0cf0 31EA     		xorl	%ebp,		%edx
- 1462 0cf2 8B6C242C 		movl	44(%esp),	%ebp
- 1463 0cf6 31EA     		xorl	%ebp,		%edx
- 1464 0cf8 89F5     		movl	%esi,		%ebp
- 1465 0cfa D1       	.byte 209
- 1466 0cfb C2       	.byte 194		# roll $1 %edx 
- 1467 0cfc 31C5     		xorl	%eax,		%ebp
- 1468 0cfe 89542438 		movl	%edx,		56(%esp)
- 1469 0d02 31DD     		xorl	%ebx,		%ebp
- 1470 0d04 8D940AD6 		leal	3395469782(%edx,%ecx,1),%edx
- 1470      C162CA
- 1471 0d0b 89F9     		movl	%edi,		%ecx
- 1472 0d0d C1C105   		roll	$5,		%ecx
- 1473 0d10 D1       	.byte 209
- 1474 0d11 CE       	.byte 206		# rorl $1 %esi 
- 1475 0d12 01E9     		addl	%ebp,		%ecx
- 1476 0d14 D1       	.byte 209
-GAS LISTING f.s 			page 28
-
-
- 1477 0d15 CE       	.byte 206		# rorl $1 %esi 
- 1478 0d16 01CA     		addl	%ecx,		%edx
- 1479              		# 20_39 63 
- 1480 0d18 8B4C243C 		movl	60(%esp),	%ecx
- 1481 0d1c 8B6C2404 		movl	4(%esp),	%ebp
- 1482 0d20 31E9     		xorl	%ebp,		%ecx
- 1483 0d22 8B6C241C 		movl	28(%esp),	%ebp
- 1484 0d26 31E9     		xorl	%ebp,		%ecx
- 1485 0d28 8B6C2430 		movl	48(%esp),	%ebp
- 1486 0d2c 31E9     		xorl	%ebp,		%ecx
- 1487 0d2e 89FD     		movl	%edi,		%ebp
- 1488 0d30 D1       	.byte 209
- 1489 0d31 C1       	.byte 193		# roll $1 %ecx 
- 1490 0d32 31F5     		xorl	%esi,		%ebp
- 1491 0d34 894C243C 		movl	%ecx,		60(%esp)
- 1492 0d38 31C5     		xorl	%eax,		%ebp
- 1493 0d3a 8D8C19D6 		leal	3395469782(%ecx,%ebx,1),%ecx
- 1493      C162CA
- 1494 0d41 89D3     		movl	%edx,		%ebx
- 1495 0d43 C1C305   		roll	$5,		%ebx
- 1496 0d46 D1       	.byte 209
- 1497 0d47 CF       	.byte 207		# rorl $1 %edi 
- 1498 0d48 01EB     		addl	%ebp,		%ebx
- 1499 0d4a D1       	.byte 209
- 1500 0d4b CF       	.byte 207		# rorl $1 %edi 
- 1501 0d4c 01D9     		addl	%ebx,		%ecx
- 1502              		# 20_39 64 
- 1503 0d4e 8B1C24   		movl	(%esp),		%ebx
- 1504 0d51 8B6C2408 		movl	8(%esp),	%ebp
- 1505 0d55 31EB     		xorl	%ebp,		%ebx
- 1506 0d57 8B6C2420 		movl	32(%esp),	%ebp
- 1507 0d5b 31EB     		xorl	%ebp,		%ebx
- 1508 0d5d 8B6C2434 		movl	52(%esp),	%ebp
- 1509 0d61 31EB     		xorl	%ebp,		%ebx
- 1510 0d63 89D5     		movl	%edx,		%ebp
- 1511 0d65 D1       	.byte 209
- 1512 0d66 C3       	.byte 195		# roll $1 %ebx 
- 1513 0d67 31FD     		xorl	%edi,		%ebp
- 1514 0d69 891C24   		movl	%ebx,		(%esp)
- 1515 0d6c 31F5     		xorl	%esi,		%ebp
- 1516 0d6e 8D9C03D6 		leal	3395469782(%ebx,%eax,1),%ebx
- 1516      C162CA
- 1517 0d75 89C8     		movl	%ecx,		%eax
- 1518 0d77 C1C005   		roll	$5,		%eax
- 1519 0d7a D1       	.byte 209
- 1520 0d7b CA       	.byte 202		# rorl $1 %edx 
- 1521 0d7c 01E8     		addl	%ebp,		%eax
- 1522 0d7e D1       	.byte 209
- 1523 0d7f CA       	.byte 202		# rorl $1 %edx 
- 1524 0d80 01C3     		addl	%eax,		%ebx
- 1525              		# 20_39 65 
- 1526 0d82 8B442404 		movl	4(%esp),	%eax
- 1527 0d86 8B6C240C 		movl	12(%esp),	%ebp
- 1528 0d8a 31E8     		xorl	%ebp,		%eax
- 1529 0d8c 8B6C2424 		movl	36(%esp),	%ebp
- 1530 0d90 31E8     		xorl	%ebp,		%eax
- 1531 0d92 8B6C2438 		movl	56(%esp),	%ebp
-GAS LISTING f.s 			page 29
-
-
- 1532 0d96 31E8     		xorl	%ebp,		%eax
- 1533 0d98 89CD     		movl	%ecx,		%ebp
- 1534 0d9a D1       	.byte 209
- 1535 0d9b C0       	.byte 192		# roll $1 %eax 
- 1536 0d9c 31D5     		xorl	%edx,		%ebp
- 1537 0d9e 89442404 		movl	%eax,		4(%esp)
- 1538 0da2 31FD     		xorl	%edi,		%ebp
- 1539 0da4 8D8430D6 		leal	3395469782(%eax,%esi,1),%eax
- 1539      C162CA
- 1540 0dab 89DE     		movl	%ebx,		%esi
- 1541 0dad C1C605   		roll	$5,		%esi
- 1542 0db0 D1       	.byte 209
- 1543 0db1 C9       	.byte 201		# rorl $1 %ecx 
- 1544 0db2 01EE     		addl	%ebp,		%esi
- 1545 0db4 D1       	.byte 209
- 1546 0db5 C9       	.byte 201		# rorl $1 %ecx 
- 1547 0db6 01F0     		addl	%esi,		%eax
- 1548              		# 20_39 66 
- 1549 0db8 8B742408 		movl	8(%esp),	%esi
- 1550 0dbc 8B6C2410 		movl	16(%esp),	%ebp
- 1551 0dc0 31EE     		xorl	%ebp,		%esi
- 1552 0dc2 8B6C2428 		movl	40(%esp),	%ebp
- 1553 0dc6 31EE     		xorl	%ebp,		%esi
- 1554 0dc8 8B6C243C 		movl	60(%esp),	%ebp
- 1555 0dcc 31EE     		xorl	%ebp,		%esi
- 1556 0dce 89DD     		movl	%ebx,		%ebp
- 1557 0dd0 D1       	.byte 209
- 1558 0dd1 C6       	.byte 198		# roll $1 %esi 
- 1559 0dd2 31CD     		xorl	%ecx,		%ebp
- 1560 0dd4 89742408 		movl	%esi,		8(%esp)
- 1561 0dd8 31D5     		xorl	%edx,		%ebp
- 1562 0dda 8DB43ED6 		leal	3395469782(%esi,%edi,1),%esi
- 1562      C162CA
- 1563 0de1 89C7     		movl	%eax,		%edi
- 1564 0de3 C1C705   		roll	$5,		%edi
- 1565 0de6 D1       	.byte 209
- 1566 0de7 CB       	.byte 203		# rorl $1 %ebx 
- 1567 0de8 01EF     		addl	%ebp,		%edi
- 1568 0dea D1       	.byte 209
- 1569 0deb CB       	.byte 203		# rorl $1 %ebx 
- 1570 0dec 01FE     		addl	%edi,		%esi
- 1571              		# 20_39 67 
- 1572 0dee 8B7C240C 		movl	12(%esp),	%edi
- 1573 0df2 8B6C2414 		movl	20(%esp),	%ebp
- 1574 0df6 31EF     		xorl	%ebp,		%edi
- 1575 0df8 8B6C242C 		movl	44(%esp),	%ebp
- 1576 0dfc 31EF     		xorl	%ebp,		%edi
- 1577 0dfe 8B2C24   		movl	(%esp),		%ebp
- 1578 0e01 31EF     		xorl	%ebp,		%edi
- 1579 0e03 89C5     		movl	%eax,		%ebp
- 1580 0e05 D1       	.byte 209
- 1581 0e06 C7       	.byte 199		# roll $1 %edi 
- 1582 0e07 31DD     		xorl	%ebx,		%ebp
- 1583 0e09 897C240C 		movl	%edi,		12(%esp)
- 1584 0e0d 31CD     		xorl	%ecx,		%ebp
- 1585 0e0f 8DBC17D6 		leal	3395469782(%edi,%edx,1),%edi
- 1585      C162CA
-GAS LISTING f.s 			page 30
-
-
- 1586 0e16 89F2     		movl	%esi,		%edx
- 1587 0e18 C1C205   		roll	$5,		%edx
- 1588 0e1b D1       	.byte 209
- 1589 0e1c C8       	.byte 200		# rorl $1 %eax 
- 1590 0e1d 01EA     		addl	%ebp,		%edx
- 1591 0e1f D1       	.byte 209
- 1592 0e20 C8       	.byte 200		# rorl $1 %eax 
- 1593 0e21 01D7     		addl	%edx,		%edi
- 1594              		# 20_39 68 
- 1595 0e23 8B542410 		movl	16(%esp),	%edx
- 1596 0e27 8B6C2418 		movl	24(%esp),	%ebp
- 1597 0e2b 31EA     		xorl	%ebp,		%edx
- 1598 0e2d 8B6C2430 		movl	48(%esp),	%ebp
- 1599 0e31 31EA     		xorl	%ebp,		%edx
- 1600 0e33 8B6C2404 		movl	4(%esp),	%ebp
- 1601 0e37 31EA     		xorl	%ebp,		%edx
- 1602 0e39 89F5     		movl	%esi,		%ebp
- 1603 0e3b D1       	.byte 209
- 1604 0e3c C2       	.byte 194		# roll $1 %edx 
- 1605 0e3d 31C5     		xorl	%eax,		%ebp
- 1606 0e3f 89542410 		movl	%edx,		16(%esp)
- 1607 0e43 31DD     		xorl	%ebx,		%ebp
- 1608 0e45 8D940AD6 		leal	3395469782(%edx,%ecx,1),%edx
- 1608      C162CA
- 1609 0e4c 89F9     		movl	%edi,		%ecx
- 1610 0e4e C1C105   		roll	$5,		%ecx
- 1611 0e51 D1       	.byte 209
- 1612 0e52 CE       	.byte 206		# rorl $1 %esi 
- 1613 0e53 01E9     		addl	%ebp,		%ecx
- 1614 0e55 D1       	.byte 209
- 1615 0e56 CE       	.byte 206		# rorl $1 %esi 
- 1616 0e57 01CA     		addl	%ecx,		%edx
- 1617              		# 20_39 69 
- 1618 0e59 8B4C2414 		movl	20(%esp),	%ecx
- 1619 0e5d 8B6C241C 		movl	28(%esp),	%ebp
- 1620 0e61 31E9     		xorl	%ebp,		%ecx
- 1621 0e63 8B6C2434 		movl	52(%esp),	%ebp
- 1622 0e67 31E9     		xorl	%ebp,		%ecx
- 1623 0e69 8B6C2408 		movl	8(%esp),	%ebp
- 1624 0e6d 31E9     		xorl	%ebp,		%ecx
- 1625 0e6f 89FD     		movl	%edi,		%ebp
- 1626 0e71 D1       	.byte 209
- 1627 0e72 C1       	.byte 193		# roll $1 %ecx 
- 1628 0e73 31F5     		xorl	%esi,		%ebp
- 1629 0e75 894C2414 		movl	%ecx,		20(%esp)
- 1630 0e79 31C5     		xorl	%eax,		%ebp
- 1631 0e7b 8D8C19D6 		leal	3395469782(%ecx,%ebx,1),%ecx
- 1631      C162CA
- 1632 0e82 89D3     		movl	%edx,		%ebx
- 1633 0e84 C1C305   		roll	$5,		%ebx
- 1634 0e87 D1       	.byte 209
- 1635 0e88 CF       	.byte 207		# rorl $1 %edi 
- 1636 0e89 01EB     		addl	%ebp,		%ebx
- 1637 0e8b D1       	.byte 209
- 1638 0e8c CF       	.byte 207		# rorl $1 %edi 
- 1639 0e8d 01D9     		addl	%ebx,		%ecx
- 1640              		# 20_39 70 
-GAS LISTING f.s 			page 31
-
-
- 1641 0e8f 8B5C2418 		movl	24(%esp),	%ebx
- 1642 0e93 8B6C2420 		movl	32(%esp),	%ebp
- 1643 0e97 31EB     		xorl	%ebp,		%ebx
- 1644 0e99 8B6C2438 		movl	56(%esp),	%ebp
- 1645 0e9d 31EB     		xorl	%ebp,		%ebx
- 1646 0e9f 8B6C240C 		movl	12(%esp),	%ebp
- 1647 0ea3 31EB     		xorl	%ebp,		%ebx
- 1648 0ea5 89D5     		movl	%edx,		%ebp
- 1649 0ea7 D1       	.byte 209
- 1650 0ea8 C3       	.byte 195		# roll $1 %ebx 
- 1651 0ea9 31FD     		xorl	%edi,		%ebp
- 1652 0eab 895C2418 		movl	%ebx,		24(%esp)
- 1653 0eaf 31F5     		xorl	%esi,		%ebp
- 1654 0eb1 8D9C03D6 		leal	3395469782(%ebx,%eax,1),%ebx
- 1654      C162CA
- 1655 0eb8 89C8     		movl	%ecx,		%eax
- 1656 0eba C1C005   		roll	$5,		%eax
- 1657 0ebd D1       	.byte 209
- 1658 0ebe CA       	.byte 202		# rorl $1 %edx 
- 1659 0ebf 01E8     		addl	%ebp,		%eax
- 1660 0ec1 D1       	.byte 209
- 1661 0ec2 CA       	.byte 202		# rorl $1 %edx 
- 1662 0ec3 01C3     		addl	%eax,		%ebx
- 1663              		# 20_39 71 
- 1664 0ec5 8B44241C 		movl	28(%esp),	%eax
- 1665 0ec9 8B6C2424 		movl	36(%esp),	%ebp
- 1666 0ecd 31E8     		xorl	%ebp,		%eax
- 1667 0ecf 8B6C243C 		movl	60(%esp),	%ebp
- 1668 0ed3 31E8     		xorl	%ebp,		%eax
- 1669 0ed5 8B6C2410 		movl	16(%esp),	%ebp
- 1670 0ed9 31E8     		xorl	%ebp,		%eax
- 1671 0edb 89CD     		movl	%ecx,		%ebp
- 1672 0edd D1       	.byte 209
- 1673 0ede C0       	.byte 192		# roll $1 %eax 
- 1674 0edf 31D5     		xorl	%edx,		%ebp
- 1675 0ee1 8944241C 		movl	%eax,		28(%esp)
- 1676 0ee5 31FD     		xorl	%edi,		%ebp
- 1677 0ee7 8D8430D6 		leal	3395469782(%eax,%esi,1),%eax
- 1677      C162CA
- 1678 0eee 89DE     		movl	%ebx,		%esi
- 1679 0ef0 C1C605   		roll	$5,		%esi
- 1680 0ef3 D1       	.byte 209
- 1681 0ef4 C9       	.byte 201		# rorl $1 %ecx 
- 1682 0ef5 01EE     		addl	%ebp,		%esi
- 1683 0ef7 D1       	.byte 209
- 1684 0ef8 C9       	.byte 201		# rorl $1 %ecx 
- 1685 0ef9 01F0     		addl	%esi,		%eax
- 1686              		# 20_39 72 
- 1687 0efb 8B742420 		movl	32(%esp),	%esi
- 1688 0eff 8B6C2428 		movl	40(%esp),	%ebp
- 1689 0f03 31EE     		xorl	%ebp,		%esi
- 1690 0f05 8B2C24   		movl	(%esp),		%ebp
- 1691 0f08 31EE     		xorl	%ebp,		%esi
- 1692 0f0a 8B6C2414 		movl	20(%esp),	%ebp
- 1693 0f0e 31EE     		xorl	%ebp,		%esi
- 1694 0f10 89DD     		movl	%ebx,		%ebp
- 1695 0f12 D1       	.byte 209
-GAS LISTING f.s 			page 32
-
-
- 1696 0f13 C6       	.byte 198		# roll $1 %esi 
- 1697 0f14 31CD     		xorl	%ecx,		%ebp
- 1698 0f16 89742420 		movl	%esi,		32(%esp)
- 1699 0f1a 31D5     		xorl	%edx,		%ebp
- 1700 0f1c 8DB43ED6 		leal	3395469782(%esi,%edi,1),%esi
- 1700      C162CA
- 1701 0f23 89C7     		movl	%eax,		%edi
- 1702 0f25 C1C705   		roll	$5,		%edi
- 1703 0f28 D1       	.byte 209
- 1704 0f29 CB       	.byte 203		# rorl $1 %ebx 
- 1705 0f2a 01EF     		addl	%ebp,		%edi
- 1706 0f2c D1       	.byte 209
- 1707 0f2d CB       	.byte 203		# rorl $1 %ebx 
- 1708 0f2e 01FE     		addl	%edi,		%esi
- 1709              		# 20_39 73 
- 1710 0f30 8B7C2424 		movl	36(%esp),	%edi
- 1711 0f34 8B6C242C 		movl	44(%esp),	%ebp
- 1712 0f38 31EF     		xorl	%ebp,		%edi
- 1713 0f3a 8B6C2404 		movl	4(%esp),	%ebp
- 1714 0f3e 31EF     		xorl	%ebp,		%edi
- 1715 0f40 8B6C2418 		movl	24(%esp),	%ebp
- 1716 0f44 31EF     		xorl	%ebp,		%edi
- 1717 0f46 89C5     		movl	%eax,		%ebp
- 1718 0f48 D1       	.byte 209
- 1719 0f49 C7       	.byte 199		# roll $1 %edi 
- 1720 0f4a 31DD     		xorl	%ebx,		%ebp
- 1721 0f4c 897C2424 		movl	%edi,		36(%esp)
- 1722 0f50 31CD     		xorl	%ecx,		%ebp
- 1723 0f52 8DBC17D6 		leal	3395469782(%edi,%edx,1),%edi
- 1723      C162CA
- 1724 0f59 89F2     		movl	%esi,		%edx
- 1725 0f5b C1C205   		roll	$5,		%edx
- 1726 0f5e D1       	.byte 209
- 1727 0f5f C8       	.byte 200		# rorl $1 %eax 
- 1728 0f60 01EA     		addl	%ebp,		%edx
- 1729 0f62 D1       	.byte 209
- 1730 0f63 C8       	.byte 200		# rorl $1 %eax 
- 1731 0f64 01D7     		addl	%edx,		%edi
- 1732              		# 20_39 74 
- 1733 0f66 8B542428 		movl	40(%esp),	%edx
- 1734 0f6a 8B6C2430 		movl	48(%esp),	%ebp
- 1735 0f6e 31EA     		xorl	%ebp,		%edx
- 1736 0f70 8B6C2408 		movl	8(%esp),	%ebp
- 1737 0f74 31EA     		xorl	%ebp,		%edx
- 1738 0f76 8B6C241C 		movl	28(%esp),	%ebp
- 1739 0f7a 31EA     		xorl	%ebp,		%edx
- 1740 0f7c 89F5     		movl	%esi,		%ebp
- 1741 0f7e D1       	.byte 209
- 1742 0f7f C2       	.byte 194		# roll $1 %edx 
- 1743 0f80 31C5     		xorl	%eax,		%ebp
- 1744 0f82 89542428 		movl	%edx,		40(%esp)
- 1745 0f86 31DD     		xorl	%ebx,		%ebp
- 1746 0f88 8D940AD6 		leal	3395469782(%edx,%ecx,1),%edx
- 1746      C162CA
- 1747 0f8f 89F9     		movl	%edi,		%ecx
- 1748 0f91 C1C105   		roll	$5,		%ecx
- 1749 0f94 D1       	.byte 209
-GAS LISTING f.s 			page 33
-
-
- 1750 0f95 CE       	.byte 206		# rorl $1 %esi 
- 1751 0f96 01E9     		addl	%ebp,		%ecx
- 1752 0f98 D1       	.byte 209
- 1753 0f99 CE       	.byte 206		# rorl $1 %esi 
- 1754 0f9a 01CA     		addl	%ecx,		%edx
- 1755              		# 20_39 75 
- 1756 0f9c 8B4C242C 		movl	44(%esp),	%ecx
- 1757 0fa0 8B6C2434 		movl	52(%esp),	%ebp
- 1758 0fa4 31E9     		xorl	%ebp,		%ecx
- 1759 0fa6 8B6C240C 		movl	12(%esp),	%ebp
- 1760 0faa 31E9     		xorl	%ebp,		%ecx
- 1761 0fac 8B6C2420 		movl	32(%esp),	%ebp
- 1762 0fb0 31E9     		xorl	%ebp,		%ecx
- 1763 0fb2 89FD     		movl	%edi,		%ebp
- 1764 0fb4 D1       	.byte 209
- 1765 0fb5 C1       	.byte 193		# roll $1 %ecx 
- 1766 0fb6 31F5     		xorl	%esi,		%ebp
- 1767 0fb8 894C242C 		movl	%ecx,		44(%esp)
- 1768 0fbc 31C5     		xorl	%eax,		%ebp
- 1769 0fbe 8D8C19D6 		leal	3395469782(%ecx,%ebx,1),%ecx
- 1769      C162CA
- 1770 0fc5 89D3     		movl	%edx,		%ebx
- 1771 0fc7 C1C305   		roll	$5,		%ebx
- 1772 0fca D1       	.byte 209
- 1773 0fcb CF       	.byte 207		# rorl $1 %edi 
- 1774 0fcc 01EB     		addl	%ebp,		%ebx
- 1775 0fce D1       	.byte 209
- 1776 0fcf CF       	.byte 207		# rorl $1 %edi 
- 1777 0fd0 01D9     		addl	%ebx,		%ecx
- 1778              		# 20_39 76 
- 1779 0fd2 8B5C2430 		movl	48(%esp),	%ebx
- 1780 0fd6 8B6C2438 		movl	56(%esp),	%ebp
- 1781 0fda 31EB     		xorl	%ebp,		%ebx
- 1782 0fdc 8B6C2410 		movl	16(%esp),	%ebp
- 1783 0fe0 31EB     		xorl	%ebp,		%ebx
- 1784 0fe2 8B6C2424 		movl	36(%esp),	%ebp
- 1785 0fe6 31EB     		xorl	%ebp,		%ebx
- 1786 0fe8 89D5     		movl	%edx,		%ebp
- 1787 0fea D1       	.byte 209
- 1788 0feb C3       	.byte 195		# roll $1 %ebx 
- 1789 0fec 31FD     		xorl	%edi,		%ebp
- 1790 0fee 895C2430 		movl	%ebx,		48(%esp)
- 1791 0ff2 31F5     		xorl	%esi,		%ebp
- 1792 0ff4 8D9C03D6 		leal	3395469782(%ebx,%eax,1),%ebx
- 1792      C162CA
- 1793 0ffb 89C8     		movl	%ecx,		%eax
- 1794 0ffd C1C005   		roll	$5,		%eax
- 1795 1000 D1       	.byte 209
- 1796 1001 CA       	.byte 202		# rorl $1 %edx 
- 1797 1002 01E8     		addl	%ebp,		%eax
- 1798 1004 D1       	.byte 209
- 1799 1005 CA       	.byte 202		# rorl $1 %edx 
- 1800 1006 01C3     		addl	%eax,		%ebx
- 1801              		# 20_39 77 
- 1802 1008 8B442434 		movl	52(%esp),	%eax
- 1803 100c 8B6C243C 		movl	60(%esp),	%ebp
- 1804 1010 31E8     		xorl	%ebp,		%eax
-GAS LISTING f.s 			page 34
-
-
- 1805 1012 8B6C2414 		movl	20(%esp),	%ebp
- 1806 1016 31E8     		xorl	%ebp,		%eax
- 1807 1018 8B6C2428 		movl	40(%esp),	%ebp
- 1808 101c 31E8     		xorl	%ebp,		%eax
- 1809 101e 89CD     		movl	%ecx,		%ebp
- 1810 1020 D1       	.byte 209
- 1811 1021 C0       	.byte 192		# roll $1 %eax 
- 1812 1022 31D5     		xorl	%edx,		%ebp
- 1813 1024 89442434 		movl	%eax,		52(%esp)
- 1814 1028 31FD     		xorl	%edi,		%ebp
- 1815 102a 8D8430D6 		leal	3395469782(%eax,%esi,1),%eax
- 1815      C162CA
- 1816 1031 89DE     		movl	%ebx,		%esi
- 1817 1033 C1C605   		roll	$5,		%esi
- 1818 1036 D1       	.byte 209
- 1819 1037 C9       	.byte 201		# rorl $1 %ecx 
- 1820 1038 01EE     		addl	%ebp,		%esi
- 1821 103a D1       	.byte 209
- 1822 103b C9       	.byte 201		# rorl $1 %ecx 
- 1823 103c 01F0     		addl	%esi,		%eax
- 1824              		# 20_39 78 
- 1825 103e 8B742438 		movl	56(%esp),	%esi
- 1826 1042 8B2C24   		movl	(%esp),		%ebp
- 1827 1045 31EE     		xorl	%ebp,		%esi
- 1828 1047 8B6C2418 		movl	24(%esp),	%ebp
- 1829 104b 31EE     		xorl	%ebp,		%esi
- 1830 104d 8B6C242C 		movl	44(%esp),	%ebp
- 1831 1051 31EE     		xorl	%ebp,		%esi
- 1832 1053 89DD     		movl	%ebx,		%ebp
- 1833 1055 D1       	.byte 209
- 1834 1056 C6       	.byte 198		# roll $1 %esi 
- 1835 1057 31CD     		xorl	%ecx,		%ebp
- 1836 1059 89742438 		movl	%esi,		56(%esp)
- 1837 105d 31D5     		xorl	%edx,		%ebp
- 1838 105f 8DB43ED6 		leal	3395469782(%esi,%edi,1),%esi
- 1838      C162CA
- 1839 1066 89C7     		movl	%eax,		%edi
- 1840 1068 C1C705   		roll	$5,		%edi
- 1841 106b D1       	.byte 209
- 1842 106c CB       	.byte 203		# rorl $1 %ebx 
- 1843 106d 01EF     		addl	%ebp,		%edi
- 1844 106f D1       	.byte 209
- 1845 1070 CB       	.byte 203		# rorl $1 %ebx 
- 1846 1071 01FE     		addl	%edi,		%esi
- 1847              		# 20_39 79 
- 1848 1073 8B7C243C 		movl	60(%esp),	%edi
- 1849 1077 8B6C2404 		movl	4(%esp),	%ebp
- 1850 107b 31EF     		xorl	%ebp,		%edi
- 1851 107d 8B6C241C 		movl	28(%esp),	%ebp
- 1852 1081 31EF     		xorl	%ebp,		%edi
- 1853 1083 8B6C2430 		movl	48(%esp),	%ebp
- 1854 1087 31EF     		xorl	%ebp,		%edi
- 1855 1089 89C5     		movl	%eax,		%ebp
- 1856 108b D1       	.byte 209
- 1857 108c C7       	.byte 199		# roll $1 %edi 
- 1858 108d 31DD     		xorl	%ebx,		%ebp
- 1859 108f 897C243C 		movl	%edi,		60(%esp)
-GAS LISTING f.s 			page 35
-
-
- 1860 1093 31CD     		xorl	%ecx,		%ebp
- 1861 1095 8DBC17D6 		leal	3395469782(%edi,%edx,1),%edi
- 1861      C162CA
- 1862 109c 89F2     		movl	%esi,		%edx
- 1863 109e C1C205   		roll	$5,		%edx
- 1864 10a1 01EA     		addl	%ebp,		%edx
- 1865 10a3 8B6C245C 		movl	92(%esp),	%ebp
- 1866 10a7 D1       	.byte 209
- 1867 10a8 C8       	.byte 200		# rorl $1 %eax 
- 1868 10a9 01D7     		addl	%edx,		%edi
- 1869 10ab D1       	.byte 209
- 1870 10ac C8       	.byte 200		# rorl $1 %eax 
- 1871              		# End processing 
- 1872              	
- 1873 10ad 8B550C   		movl	12(%ebp),	%edx
- 1874 10b0 01DA     		addl	%ebx,		%edx
- 1875 10b2 8B5D04   		movl	4(%ebp),	%ebx
- 1876 10b5 01F3     		addl	%esi,		%ebx
- 1877 10b7 89C6     		movl	%eax,		%esi
- 1878 10b9 8B4500   		movl	(%ebp),		%eax
- 1879 10bc 89550C   		movl	%edx,		12(%ebp)
- 1880 10bf 01F8     		addl	%edi,		%eax
- 1881 10c1 8B7D10   		movl	16(%ebp),	%edi
- 1882 10c4 01CF     		addl	%ecx,		%edi
- 1883 10c6 8B4D08   		movl	8(%ebp),	%ecx
- 1884 10c9 01F1     		addl	%esi,		%ecx
- 1885 10cb 894500   		movl	%eax,		(%ebp)
- 1886 10ce 894D08   		movl	%ecx,		8(%ebp)
- 1887 10d1 8B742440 		movl	64(%esp),	%esi
- 1888 10d5 897D10   		movl	%edi,		16(%ebp)
- 1889 10d8 83C640   		addl	$64,		%esi
- 1890 10db 8B442444 		movl	68(%esp),	%eax
- 1891 10df 895D04   		movl	%ebx,		4(%ebp)
- 1892 10e2 39F0     		cmpl	%esi,		%eax
- 1893 10e4 8B06     		movl	(%esi),		%eax
- 1894 10e6 0F8D3EEF 		jge	.L000start
- 1894      FFFF
- 1895 10ec 83C448   		addl	$72,		%esp
- 1896 10ef 5F       		popl	%edi
- 1897 10f0 5B       		popl	%ebx
- 1898 10f1 5D       		popl	%ebp
- 1899 10f2 5E       		popl	%esi
- 1900 10f3 C3       		ret
- 1901              	.sha1_block_x86_end:
- 1902              		.size	sha1_block_x86,.sha1_block_x86_end-sha1_block_x86
- 1903              	.ident	"desasm.pl"
diff --git a/crypto/sha/asm/f.s b/crypto/sha/asm/f.s
deleted file mode 100644
index 9f56d1859b..0000000000
--- a/crypto/sha/asm/f.s
+++ /dev/null
@@ -1,1905 +0,0 @@
-	# Don't even think of reading this code 
-	# It was automatically generated by sha1-586.pl 
-	# Which is a perl program used to generate the x86 assember for 
-	# any of elf, a.out, BSDI,Win32, or Solaris 
-	# eric <eay@cryptsoft.com> 
-
-	.file	"sha1-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align 16
-.globl sha1_block_x86
-	.type	sha1_block_x86,@function
-sha1_block_x86:
-	pushl	%esi
-	pushl	%ebp
-	movl	20(%esp),	%eax
-	movl	16(%esp),	%esi
-	addl	%esi,		%eax
-	movl	12(%esp),	%ebp
-	pushl	%ebx
-	subl	$64,		%eax
-	pushl	%edi
-	movl	4(%ebp),	%ebx
-	subl	$72,		%esp
-	movl	12(%ebp),	%edx
-	movl	16(%ebp),	%edi
-	movl	8(%ebp),	%ecx
-	movl	%eax,		68(%esp)
-	# First we need to setup the X array 
-	movl	(%esi),		%eax
-.L000start:
-	# First, load the words onto the stack in network byte order 
-.byte 15
-.byte 200		# bswapl  %eax 
-	movl	%eax,		(%esp)
-	movl	4(%esi),	%eax
-.byte 15
-.byte 200		# bswapl  %eax 
-	movl	%eax,		4(%esp)
-	movl	8(%esi),	%eax
-.byte 15
-.byte 200		# bswapl  %eax 
-	movl	%eax,		8(%esp)
-	movl	12(%esi),	%eax
-.byte 15
-.byte 200		# bswapl  %eax 
-	movl	%eax,		12(%esp)
-	movl	16(%esi),	%eax
-.byte 15
-.byte 200		# bswapl  %eax 
-	movl	%eax,		16(%esp)
-	movl	20(%esi),	%eax
-.byte 15
-.byte 200		# bswapl  %eax 
-	movl	%eax,		20(%esp)
-	movl	24(%esi),	%eax
-.byte 15
-.byte 200		# bswapl  %eax 
-	movl	%eax,		24(%esp)
-	movl	28(%esi),	%eax
-.byte 15
-.byte 200		# bswapl  %eax 
-	movl	%eax,		28(%esp)
-	movl	32(%esi),	%eax
-.byte 15
-.byte 200		# bswapl  %eax 
-	movl	%eax,		32(%esp)
-	movl	36(%esi),	%eax
-.byte 15
-.byte 200		# bswapl  %eax 
-	movl	%eax,		36(%esp)
-	movl	40(%esi),	%eax
-.byte 15
-.byte 200		# bswapl  %eax 
-	movl	%eax,		40(%esp)
-	movl	44(%esi),	%eax
-.byte 15
-.byte 200		# bswapl  %eax 
-	movl	%eax,		44(%esp)
-	movl	48(%esi),	%eax
-.byte 15
-.byte 200		# bswapl  %eax 
-	movl	%eax,		48(%esp)
-	movl	52(%esi),	%eax
-.byte 15
-.byte 200		# bswapl  %eax 
-	movl	%eax,		52(%esp)
-	movl	56(%esi),	%eax
-.byte 15
-.byte 200		# bswapl  %eax 
-	movl	%eax,		56(%esp)
-	movl	60(%esi),	%eax
-.byte 15
-.byte 200		# bswapl  %eax 
-	movl	%eax,		60(%esp)
-	# We now have the X array on the stack 
-	# starting at sp-4 
-	movl	%esi,		64(%esp)
-
-	# Start processing 
-	movl	(%ebp),		%eax
-	# 00_15 0 
-	movl	%ecx,		%esi
-	movl	%eax,		%ebp
-	xorl	%edx,		%esi
-	roll	$5,		%ebp
-	andl	%ebx,		%esi
-	addl	%edi,		%ebp
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	movl	(%esp),		%edi
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	xorl	%edx,		%esi
-	leal	1518500249(%ebp,%edi,1),%ebp
-	movl	%ebx,		%edi
-	addl	%ebp,		%esi
-	xorl	%ecx,		%edi
-	movl	%esi,		%ebp
-	andl	%eax,		%edi
-	roll	$5,		%ebp
-	addl	%edx,		%ebp
-	movl	4(%esp),	%edx
-.byte 209
-.byte 200		# rorl $1 %eax 
-	xorl	%ecx,		%edi
-.byte 209
-.byte 200		# rorl $1 %eax 
-	leal	1518500249(%ebp,%edx,1),%ebp
-	addl	%ebp,		%edi
-	# 00_15 2 
-	movl	%eax,		%edx
-	movl	%edi,		%ebp
-	xorl	%ebx,		%edx
-	roll	$5,		%ebp
-	andl	%esi,		%edx
-	addl	%ecx,		%ebp
-.byte 209
-.byte 206		# rorl $1 %esi 
-	movl	8(%esp),	%ecx
-.byte 209
-.byte 206		# rorl $1 %esi 
-	xorl	%ebx,		%edx
-	leal	1518500249(%ebp,%ecx,1),%ebp
-	movl	%esi,		%ecx
-	addl	%ebp,		%edx
-	xorl	%eax,		%ecx
-	movl	%edx,		%ebp
-	andl	%edi,		%ecx
-	roll	$5,		%ebp
-	addl	%ebx,		%ebp
-	movl	12(%esp),	%ebx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	xorl	%eax,		%ecx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	leal	1518500249(%ebp,%ebx,1),%ebp
-	addl	%ebp,		%ecx
-	# 00_15 4 
-	movl	%edi,		%ebx
-	movl	%ecx,		%ebp
-	xorl	%esi,		%ebx
-	roll	$5,		%ebp
-	andl	%edx,		%ebx
-	addl	%eax,		%ebp
-.byte 209
-.byte 202		# rorl $1 %edx 
-	movl	16(%esp),	%eax
-.byte 209
-.byte 202		# rorl $1 %edx 
-	xorl	%esi,		%ebx
-	leal	1518500249(%ebp,%eax,1),%ebp
-	movl	%edx,		%eax
-	addl	%ebp,		%ebx
-	xorl	%edi,		%eax
-	movl	%ebx,		%ebp
-	andl	%ecx,		%eax
-	roll	$5,		%ebp
-	addl	%esi,		%ebp
-	movl	20(%esp),	%esi
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	xorl	%edi,		%eax
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	leal	1518500249(%ebp,%esi,1),%ebp
-	addl	%ebp,		%eax
-	# 00_15 6 
-	movl	%ecx,		%esi
-	movl	%eax,		%ebp
-	xorl	%edx,		%esi
-	roll	$5,		%ebp
-	andl	%ebx,		%esi
-	addl	%edi,		%ebp
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	movl	24(%esp),	%edi
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	xorl	%edx,		%esi
-	leal	1518500249(%ebp,%edi,1),%ebp
-	movl	%ebx,		%edi
-	addl	%ebp,		%esi
-	xorl	%ecx,		%edi
-	movl	%esi,		%ebp
-	andl	%eax,		%edi
-	roll	$5,		%ebp
-	addl	%edx,		%ebp
-	movl	28(%esp),	%edx
-.byte 209
-.byte 200		# rorl $1 %eax 
-	xorl	%ecx,		%edi
-.byte 209
-.byte 200		# rorl $1 %eax 
-	leal	1518500249(%ebp,%edx,1),%ebp
-	addl	%ebp,		%edi
-	# 00_15 8 
-	movl	%eax,		%edx
-	movl	%edi,		%ebp
-	xorl	%ebx,		%edx
-	roll	$5,		%ebp
-	andl	%esi,		%edx
-	addl	%ecx,		%ebp
-.byte 209
-.byte 206		# rorl $1 %esi 
-	movl	32(%esp),	%ecx
-.byte 209
-.byte 206		# rorl $1 %esi 
-	xorl	%ebx,		%edx
-	leal	1518500249(%ebp,%ecx,1),%ebp
-	movl	%esi,		%ecx
-	addl	%ebp,		%edx
-	xorl	%eax,		%ecx
-	movl	%edx,		%ebp
-	andl	%edi,		%ecx
-	roll	$5,		%ebp
-	addl	%ebx,		%ebp
-	movl	36(%esp),	%ebx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	xorl	%eax,		%ecx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	leal	1518500249(%ebp,%ebx,1),%ebp
-	addl	%ebp,		%ecx
-	# 00_15 10 
-	movl	%edi,		%ebx
-	movl	%ecx,		%ebp
-	xorl	%esi,		%ebx
-	roll	$5,		%ebp
-	andl	%edx,		%ebx
-	addl	%eax,		%ebp
-.byte 209
-.byte 202		# rorl $1 %edx 
-	movl	40(%esp),	%eax
-.byte 209
-.byte 202		# rorl $1 %edx 
-	xorl	%esi,		%ebx
-	leal	1518500249(%ebp,%eax,1),%ebp
-	movl	%edx,		%eax
-	addl	%ebp,		%ebx
-	xorl	%edi,		%eax
-	movl	%ebx,		%ebp
-	andl	%ecx,		%eax
-	roll	$5,		%ebp
-	addl	%esi,		%ebp
-	movl	44(%esp),	%esi
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	xorl	%edi,		%eax
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	leal	1518500249(%ebp,%esi,1),%ebp
-	addl	%ebp,		%eax
-	# 00_15 12 
-	movl	%ecx,		%esi
-	movl	%eax,		%ebp
-	xorl	%edx,		%esi
-	roll	$5,		%ebp
-	andl	%ebx,		%esi
-	addl	%edi,		%ebp
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	movl	48(%esp),	%edi
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	xorl	%edx,		%esi
-	leal	1518500249(%ebp,%edi,1),%ebp
-	movl	%ebx,		%edi
-	addl	%ebp,		%esi
-	xorl	%ecx,		%edi
-	movl	%esi,		%ebp
-	andl	%eax,		%edi
-	roll	$5,		%ebp
-	addl	%edx,		%ebp
-	movl	52(%esp),	%edx
-.byte 209
-.byte 200		# rorl $1 %eax 
-	xorl	%ecx,		%edi
-.byte 209
-.byte 200		# rorl $1 %eax 
-	leal	1518500249(%ebp,%edx,1),%ebp
-	addl	%ebp,		%edi
-	# 00_15 14 
-	movl	%eax,		%edx
-	movl	%edi,		%ebp
-	xorl	%ebx,		%edx
-	roll	$5,		%ebp
-	andl	%esi,		%edx
-	addl	%ecx,		%ebp
-.byte 209
-.byte 206		# rorl $1 %esi 
-	movl	56(%esp),	%ecx
-.byte 209
-.byte 206		# rorl $1 %esi 
-	xorl	%ebx,		%edx
-	leal	1518500249(%ebp,%ecx,1),%ebp
-	movl	%esi,		%ecx
-	addl	%ebp,		%edx
-	xorl	%eax,		%ecx
-	movl	%edx,		%ebp
-	andl	%edi,		%ecx
-	roll	$5,		%ebp
-	addl	%ebx,		%ebp
-	movl	60(%esp),	%ebx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	xorl	%eax,		%ecx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	leal	1518500249(%ebp,%ebx,1),%ebp
-	addl	%ebp,		%ecx
-	# 16_19 16 
-	nop
-	movl	(%esp),		%ebp
-	movl	8(%esp),	%ebx
-	xorl	%ebp,		%ebx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edi,		%ebp
-.byte 209
-.byte 195		# roll $1 %ebx 
-	xorl	%esi,		%ebp
-	movl	%ebx,		(%esp)
-	andl	%edx,		%ebp
-	leal	1518500249(%ebx,%eax,1),%ebx
-	xorl	%esi,		%ebp
-	movl	%ecx,		%eax
-	addl	%ebp,		%ebx
-	roll	$5,		%eax
-.byte 209
-.byte 202		# rorl $1 %edx 
-	addl	%eax,		%ebx
-	movl	4(%esp),	%eax
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	56(%esp),	%ebp
-.byte 209
-.byte 202		# rorl $1 %edx 
-	xorl	%ebp,		%eax
-.byte 209
-.byte 192		# roll $1 %eax 
-	movl	%edx,		%ebp
-	xorl	%edi,		%ebp
-	movl	%eax,		4(%esp)
-	andl	%ecx,		%ebp
-	leal	1518500249(%eax,%esi,1),%eax
-	xorl	%edi,		%ebp
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	addl	%esi,		%eax
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	addl	%ebp,		%eax
-	# 16_19 18 
-	movl	8(%esp),	%ebp
-	movl	16(%esp),	%esi
-	xorl	%ebp,		%esi
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ecx,		%ebp
-.byte 209
-.byte 198		# roll $1 %esi 
-	xorl	%edx,		%ebp
-	movl	%esi,		8(%esp)
-	andl	%ebx,		%ebp
-	leal	1518500249(%esi,%edi,1),%esi
-	xorl	%edx,		%ebp
-	movl	%eax,		%edi
-	addl	%ebp,		%esi
-	roll	$5,		%edi
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	addl	%edi,		%esi
-	movl	12(%esp),	%edi
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	(%esp),		%ebp
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	xorl	%ebp,		%edi
-.byte 209
-.byte 199		# roll $1 %edi 
-	movl	%ebx,		%ebp
-	xorl	%ecx,		%ebp
-	movl	%edi,		12(%esp)
-	andl	%eax,		%ebp
-	leal	1518500249(%edi,%edx,1),%edi
-	xorl	%ecx,		%ebp
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		# rorl $1 %eax 
-	addl	%edx,		%edi
-.byte 209
-.byte 200		# rorl $1 %eax 
-	addl	%ebp,		%edi
-	# 20_39 20 
-	movl	16(%esp),	%edx
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		# roll $1 %edx 
-	xorl	%eax,		%ebp
-	movl	%edx,		16(%esp)
-	xorl	%ebx,		%ebp
-	leal	1859775393(%edx,%ecx,1),%edx
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-.byte 209
-.byte 206		# rorl $1 %esi 
-	addl	%ebp,		%ecx
-.byte 209
-.byte 206		# rorl $1 %esi 
-	addl	%ecx,		%edx
-	# 20_39 21 
-	movl	20(%esp),	%ecx
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	%edi,		%ebp
-.byte 209
-.byte 193		# roll $1 %ecx 
-	xorl	%esi,		%ebp
-	movl	%ecx,		20(%esp)
-	xorl	%eax,		%ebp
-	leal	1859775393(%ecx,%ebx,1),%ecx
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	addl	%ebp,		%ebx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	addl	%ebx,		%ecx
-	# 20_39 22 
-	movl	24(%esp),	%ebx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		# roll $1 %ebx 
-	xorl	%edi,		%ebp
-	movl	%ebx,		24(%esp)
-	xorl	%esi,		%ebp
-	leal	1859775393(%ebx,%eax,1),%ebx
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-.byte 209
-.byte 202		# rorl $1 %edx 
-	addl	%ebp,		%eax
-.byte 209
-.byte 202		# rorl $1 %edx 
-	addl	%eax,		%ebx
-	# 20_39 23 
-	movl	28(%esp),	%eax
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	%ecx,		%ebp
-.byte 209
-.byte 192		# roll $1 %eax 
-	xorl	%edx,		%ebp
-	movl	%eax,		28(%esp)
-	xorl	%edi,		%ebp
-	leal	1859775393(%eax,%esi,1),%eax
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	addl	%ebp,		%esi
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	addl	%esi,		%eax
-	# 20_39 24 
-	movl	32(%esp),	%esi
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%esi
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		# roll $1 %esi 
-	xorl	%ecx,		%ebp
-	movl	%esi,		32(%esp)
-	xorl	%edx,		%ebp
-	leal	1859775393(%esi,%edi,1),%esi
-	movl	%eax,		%edi
-	roll	$5,		%edi
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	addl	%ebp,		%edi
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	addl	%edi,		%esi
-	# 20_39 25 
-	movl	36(%esp),	%edi
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	%eax,		%ebp
-.byte 209
-.byte 199		# roll $1 %edi 
-	xorl	%ebx,		%ebp
-	movl	%edi,		36(%esp)
-	xorl	%ecx,		%ebp
-	leal	1859775393(%edi,%edx,1),%edi
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		# rorl $1 %eax 
-	addl	%ebp,		%edx
-.byte 209
-.byte 200		# rorl $1 %eax 
-	addl	%edx,		%edi
-	# 20_39 26 
-	movl	40(%esp),	%edx
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		# roll $1 %edx 
-	xorl	%eax,		%ebp
-	movl	%edx,		40(%esp)
-	xorl	%ebx,		%ebp
-	leal	1859775393(%edx,%ecx,1),%edx
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-.byte 209
-.byte 206		# rorl $1 %esi 
-	addl	%ebp,		%ecx
-.byte 209
-.byte 206		# rorl $1 %esi 
-	addl	%ecx,		%edx
-	# 20_39 27 
-	movl	44(%esp),	%ecx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	%edi,		%ebp
-.byte 209
-.byte 193		# roll $1 %ecx 
-	xorl	%esi,		%ebp
-	movl	%ecx,		44(%esp)
-	xorl	%eax,		%ebp
-	leal	1859775393(%ecx,%ebx,1),%ecx
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	addl	%ebp,		%ebx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	addl	%ebx,		%ecx
-	# 20_39 28 
-	movl	48(%esp),	%ebx
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		# roll $1 %ebx 
-	xorl	%edi,		%ebp
-	movl	%ebx,		48(%esp)
-	xorl	%esi,		%ebp
-	leal	1859775393(%ebx,%eax,1),%ebx
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-.byte 209
-.byte 202		# rorl $1 %edx 
-	addl	%ebp,		%eax
-.byte 209
-.byte 202		# rorl $1 %edx 
-	addl	%eax,		%ebx
-	# 20_39 29 
-	movl	52(%esp),	%eax
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	%ecx,		%ebp
-.byte 209
-.byte 192		# roll $1 %eax 
-	xorl	%edx,		%ebp
-	movl	%eax,		52(%esp)
-	xorl	%edi,		%ebp
-	leal	1859775393(%eax,%esi,1),%eax
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	addl	%ebp,		%esi
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	addl	%esi,		%eax
-	# 20_39 30 
-	movl	56(%esp),	%esi
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		# roll $1 %esi 
-	xorl	%ecx,		%ebp
-	movl	%esi,		56(%esp)
-	xorl	%edx,		%ebp
-	leal	1859775393(%esi,%edi,1),%esi
-	movl	%eax,		%edi
-	roll	$5,		%edi
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	addl	%ebp,		%edi
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	addl	%edi,		%esi
-	# 20_39 31 
-	movl	60(%esp),	%edi
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	%eax,		%ebp
-.byte 209
-.byte 199		# roll $1 %edi 
-	xorl	%ebx,		%ebp
-	movl	%edi,		60(%esp)
-	xorl	%ecx,		%ebp
-	leal	1859775393(%edi,%edx,1),%edi
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		# rorl $1 %eax 
-	addl	%ebp,		%edx
-.byte 209
-.byte 200		# rorl $1 %eax 
-	addl	%edx,		%edi
-	# 20_39 32 
-	movl	(%esp),		%edx
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		# roll $1 %edx 
-	xorl	%eax,		%ebp
-	movl	%edx,		(%esp)
-	xorl	%ebx,		%ebp
-	leal	1859775393(%edx,%ecx,1),%edx
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-.byte 209
-.byte 206		# rorl $1 %esi 
-	addl	%ebp,		%ecx
-.byte 209
-.byte 206		# rorl $1 %esi 
-	addl	%ecx,		%edx
-	# 20_39 33 
-	movl	4(%esp),	%ecx
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	%edi,		%ebp
-.byte 209
-.byte 193		# roll $1 %ecx 
-	xorl	%esi,		%ebp
-	movl	%ecx,		4(%esp)
-	xorl	%eax,		%ebp
-	leal	1859775393(%ecx,%ebx,1),%ecx
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	addl	%ebp,		%ebx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	addl	%ebx,		%ecx
-	# 20_39 34 
-	movl	8(%esp),	%ebx
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		# roll $1 %ebx 
-	xorl	%edi,		%ebp
-	movl	%ebx,		8(%esp)
-	xorl	%esi,		%ebp
-	leal	1859775393(%ebx,%eax,1),%ebx
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-.byte 209
-.byte 202		# rorl $1 %edx 
-	addl	%ebp,		%eax
-.byte 209
-.byte 202		# rorl $1 %edx 
-	addl	%eax,		%ebx
-	# 20_39 35 
-	movl	12(%esp),	%eax
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%eax
-	movl	%ecx,		%ebp
-.byte 209
-.byte 192		# roll $1 %eax 
-	xorl	%edx,		%ebp
-	movl	%eax,		12(%esp)
-	xorl	%edi,		%ebp
-	leal	1859775393(%eax,%esi,1),%eax
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	addl	%ebp,		%esi
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	addl	%esi,		%eax
-	# 20_39 36 
-	movl	16(%esp),	%esi
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		# roll $1 %esi 
-	xorl	%ecx,		%ebp
-	movl	%esi,		16(%esp)
-	xorl	%edx,		%ebp
-	leal	1859775393(%esi,%edi,1),%esi
-	movl	%eax,		%edi
-	roll	$5,		%edi
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	addl	%ebp,		%edi
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	addl	%edi,		%esi
-	# 20_39 37 
-	movl	20(%esp),	%edi
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	%eax,		%ebp
-.byte 209
-.byte 199		# roll $1 %edi 
-	xorl	%ebx,		%ebp
-	movl	%edi,		20(%esp)
-	xorl	%ecx,		%ebp
-	leal	1859775393(%edi,%edx,1),%edi
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		# rorl $1 %eax 
-	addl	%ebp,		%edx
-.byte 209
-.byte 200		# rorl $1 %eax 
-	addl	%edx,		%edi
-	# 20_39 38 
-	movl	24(%esp),	%edx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		# roll $1 %edx 
-	xorl	%eax,		%ebp
-	movl	%edx,		24(%esp)
-	xorl	%ebx,		%ebp
-	leal	1859775393(%edx,%ecx,1),%edx
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-.byte 209
-.byte 206		# rorl $1 %esi 
-	addl	%ebp,		%ecx
-.byte 209
-.byte 206		# rorl $1 %esi 
-	addl	%ecx,		%edx
-	# 20_39 39 
-	movl	28(%esp),	%ecx
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	%edi,		%ebp
-.byte 209
-.byte 193		# roll $1 %ecx 
-	xorl	%esi,		%ebp
-	movl	%ecx,		28(%esp)
-	xorl	%eax,		%ebp
-	leal	1859775393(%ecx,%ebx,1),%ecx
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	addl	%ebp,		%ebx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	addl	%ebx,		%ecx
-	# 40_59 40 
-	movl	32(%esp),	%ebx
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%ebx
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		# roll $1 %ebx 
-	orl	%edi,		%ebp
-	movl	%ebx,		32(%esp)
-	andl	%esi,		%ebp
-	leal	2400959708(%ebx,%eax,1),%ebx
-	movl	%edx,		%eax
-.byte 209
-.byte 202		# rorl $1 %edx 
-	andl	%edi,		%eax
-	orl	%eax,		%ebp
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-	addl	%eax,		%ebp
-	movl	36(%esp),	%eax
-	addl	%ebp,		%ebx
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	24(%esp),	%ebp
-.byte 209
-.byte 202		# rorl $1 %edx 
-	xorl	%ebp,		%eax
-.byte 209
-.byte 192		# roll $1 %eax 
-	movl	%ecx,		%ebp
-	movl	%eax,		36(%esp)
-	orl	%edx,		%ebp
-	leal	2400959708(%eax,%esi,1),%eax
-	movl	%ecx,		%esi
-	andl	%edi,		%ebp
-	andl	%edx,		%esi
-	orl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	addl	%esi,		%ebp
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	addl	%ebp,		%eax
-	# 40_59 41 
-	# 40_59 42 
-	movl	40(%esp),	%esi
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		# roll $1 %esi 
-	orl	%ecx,		%ebp
-	movl	%esi,		40(%esp)
-	andl	%edx,		%ebp
-	leal	2400959708(%esi,%edi,1),%esi
-	movl	%ebx,		%edi
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	andl	%ecx,		%edi
-	orl	%edi,		%ebp
-	movl	%eax,		%edi
-	roll	$5,		%edi
-	addl	%edi,		%ebp
-	movl	44(%esp),	%edi
-	addl	%ebp,		%esi
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	32(%esp),	%ebp
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	xorl	%ebp,		%edi
-.byte 209
-.byte 199		# roll $1 %edi 
-	movl	%eax,		%ebp
-	movl	%edi,		44(%esp)
-	orl	%ebx,		%ebp
-	leal	2400959708(%edi,%edx,1),%edi
-	movl	%eax,		%edx
-	andl	%ecx,		%ebp
-	andl	%ebx,		%edx
-	orl	%edx,		%ebp
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		# rorl $1 %eax 
-	addl	%edx,		%ebp
-.byte 209
-.byte 200		# rorl $1 %eax 
-	addl	%ebp,		%edi
-	# 40_59 43 
-	# 40_59 44 
-	movl	48(%esp),	%edx
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		# roll $1 %edx 
-	orl	%eax,		%ebp
-	movl	%edx,		48(%esp)
-	andl	%ebx,		%ebp
-	leal	2400959708(%edx,%ecx,1),%edx
-	movl	%esi,		%ecx
-.byte 209
-.byte 206		# rorl $1 %esi 
-	andl	%eax,		%ecx
-	orl	%ecx,		%ebp
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-	addl	%ecx,		%ebp
-	movl	52(%esp),	%ecx
-	addl	%ebp,		%edx
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	40(%esp),	%ebp
-.byte 209
-.byte 206		# rorl $1 %esi 
-	xorl	%ebp,		%ecx
-.byte 209
-.byte 193		# roll $1 %ecx 
-	movl	%edi,		%ebp
-	movl	%ecx,		52(%esp)
-	orl	%esi,		%ebp
-	leal	2400959708(%ecx,%ebx,1),%ecx
-	movl	%edi,		%ebx
-	andl	%eax,		%ebp
-	andl	%esi,		%ebx
-	orl	%ebx,		%ebp
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	addl	%ebx,		%ebp
-.byte 209
-.byte 207		# rorl $1 %edi 
-	addl	%ebp,		%ecx
-	# 40_59 45 
-	# 40_59 46 
-	movl	56(%esp),	%ebx
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%ebx
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		# roll $1 %ebx 
-	orl	%edi,		%ebp
-	movl	%ebx,		56(%esp)
-	andl	%esi,		%ebp
-	leal	2400959708(%ebx,%eax,1),%ebx
-	movl	%edx,		%eax
-.byte 209
-.byte 202		# rorl $1 %edx 
-	andl	%edi,		%eax
-	orl	%eax,		%ebp
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-	addl	%eax,		%ebp
-	movl	60(%esp),	%eax
-	addl	%ebp,		%ebx
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	48(%esp),	%ebp
-.byte 209
-.byte 202		# rorl $1 %edx 
-	xorl	%ebp,		%eax
-.byte 209
-.byte 192		# roll $1 %eax 
-	movl	%ecx,		%ebp
-	movl	%eax,		60(%esp)
-	orl	%edx,		%ebp
-	leal	2400959708(%eax,%esi,1),%eax
-	movl	%ecx,		%esi
-	andl	%edi,		%ebp
-	andl	%edx,		%esi
-	orl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	addl	%esi,		%ebp
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	addl	%ebp,		%eax
-	# 40_59 47 
-	# 40_59 48 
-	movl	(%esp),		%esi
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		# roll $1 %esi 
-	orl	%ecx,		%ebp
-	movl	%esi,		(%esp)
-	andl	%edx,		%ebp
-	leal	2400959708(%esi,%edi,1),%esi
-	movl	%ebx,		%edi
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	andl	%ecx,		%edi
-	orl	%edi,		%ebp
-	movl	%eax,		%edi
-	roll	$5,		%edi
-	addl	%edi,		%ebp
-	movl	4(%esp),	%edi
-	addl	%ebp,		%esi
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	56(%esp),	%ebp
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	xorl	%ebp,		%edi
-.byte 209
-.byte 199		# roll $1 %edi 
-	movl	%eax,		%ebp
-	movl	%edi,		4(%esp)
-	orl	%ebx,		%ebp
-	leal	2400959708(%edi,%edx,1),%edi
-	movl	%eax,		%edx
-	andl	%ecx,		%ebp
-	andl	%ebx,		%edx
-	orl	%edx,		%ebp
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		# rorl $1 %eax 
-	addl	%edx,		%ebp
-.byte 209
-.byte 200		# rorl $1 %eax 
-	addl	%ebp,		%edi
-	# 40_59 49 
-	# 40_59 50 
-	movl	8(%esp),	%edx
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		# roll $1 %edx 
-	orl	%eax,		%ebp
-	movl	%edx,		8(%esp)
-	andl	%ebx,		%ebp
-	leal	2400959708(%edx,%ecx,1),%edx
-	movl	%esi,		%ecx
-.byte 209
-.byte 206		# rorl $1 %esi 
-	andl	%eax,		%ecx
-	orl	%ecx,		%ebp
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-	addl	%ecx,		%ebp
-	movl	12(%esp),	%ecx
-	addl	%ebp,		%edx
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	(%esp),		%ebp
-.byte 209
-.byte 206		# rorl $1 %esi 
-	xorl	%ebp,		%ecx
-.byte 209
-.byte 193		# roll $1 %ecx 
-	movl	%edi,		%ebp
-	movl	%ecx,		12(%esp)
-	orl	%esi,		%ebp
-	leal	2400959708(%ecx,%ebx,1),%ecx
-	movl	%edi,		%ebx
-	andl	%eax,		%ebp
-	andl	%esi,		%ebx
-	orl	%ebx,		%ebp
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	addl	%ebx,		%ebp
-.byte 209
-.byte 207		# rorl $1 %edi 
-	addl	%ebp,		%ecx
-	# 40_59 51 
-	# 40_59 52 
-	movl	16(%esp),	%ebx
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		# roll $1 %ebx 
-	orl	%edi,		%ebp
-	movl	%ebx,		16(%esp)
-	andl	%esi,		%ebp
-	leal	2400959708(%ebx,%eax,1),%ebx
-	movl	%edx,		%eax
-.byte 209
-.byte 202		# rorl $1 %edx 
-	andl	%edi,		%eax
-	orl	%eax,		%ebp
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	addl	%ebp,		%ebx
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	8(%esp),	%ebp
-.byte 209
-.byte 202		# rorl $1 %edx 
-	xorl	%ebp,		%eax
-.byte 209
-.byte 192		# roll $1 %eax 
-	movl	%ecx,		%ebp
-	movl	%eax,		20(%esp)
-	orl	%edx,		%ebp
-	leal	2400959708(%eax,%esi,1),%eax
-	movl	%ecx,		%esi
-	andl	%edi,		%ebp
-	andl	%edx,		%esi
-	orl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	addl	%esi,		%ebp
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	addl	%ebp,		%eax
-	# 40_59 53 
-	# 40_59 54 
-	movl	24(%esp),	%esi
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		# roll $1 %esi 
-	orl	%ecx,		%ebp
-	movl	%esi,		24(%esp)
-	andl	%edx,		%ebp
-	leal	2400959708(%esi,%edi,1),%esi
-	movl	%ebx,		%edi
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	andl	%ecx,		%edi
-	orl	%edi,		%ebp
-	movl	%eax,		%edi
-	roll	$5,		%edi
-	addl	%edi,		%ebp
-	movl	28(%esp),	%edi
-	addl	%ebp,		%esi
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	16(%esp),	%ebp
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	xorl	%ebp,		%edi
-.byte 209
-.byte 199		# roll $1 %edi 
-	movl	%eax,		%ebp
-	movl	%edi,		28(%esp)
-	orl	%ebx,		%ebp
-	leal	2400959708(%edi,%edx,1),%edi
-	movl	%eax,		%edx
-	andl	%ecx,		%ebp
-	andl	%ebx,		%edx
-	orl	%edx,		%ebp
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		# rorl $1 %eax 
-	addl	%edx,		%ebp
-.byte 209
-.byte 200		# rorl $1 %eax 
-	addl	%ebp,		%edi
-	# 40_59 55 
-	# 40_59 56 
-	movl	32(%esp),	%edx
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%edx
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		# roll $1 %edx 
-	orl	%eax,		%ebp
-	movl	%edx,		32(%esp)
-	andl	%ebx,		%ebp
-	leal	2400959708(%edx,%ecx,1),%edx
-	movl	%esi,		%ecx
-.byte 209
-.byte 206		# rorl $1 %esi 
-	andl	%eax,		%ecx
-	orl	%ecx,		%ebp
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-	addl	%ecx,		%ebp
-	movl	36(%esp),	%ecx
-	addl	%ebp,		%edx
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	24(%esp),	%ebp
-.byte 209
-.byte 206		# rorl $1 %esi 
-	xorl	%ebp,		%ecx
-.byte 209
-.byte 193		# roll $1 %ecx 
-	movl	%edi,		%ebp
-	movl	%ecx,		36(%esp)
-	orl	%esi,		%ebp
-	leal	2400959708(%ecx,%ebx,1),%ecx
-	movl	%edi,		%ebx
-	andl	%eax,		%ebp
-	andl	%esi,		%ebx
-	orl	%ebx,		%ebp
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	addl	%ebx,		%ebp
-.byte 209
-.byte 207		# rorl $1 %edi 
-	addl	%ebp,		%ecx
-	# 40_59 57 
-	# 40_59 58 
-	movl	40(%esp),	%ebx
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		# roll $1 %ebx 
-	orl	%edi,		%ebp
-	movl	%ebx,		40(%esp)
-	andl	%esi,		%ebp
-	leal	2400959708(%ebx,%eax,1),%ebx
-	movl	%edx,		%eax
-.byte 209
-.byte 202		# rorl $1 %edx 
-	andl	%edi,		%eax
-	orl	%eax,		%ebp
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-	addl	%eax,		%ebp
-	movl	44(%esp),	%eax
-	addl	%ebp,		%ebx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	32(%esp),	%ebp
-.byte 209
-.byte 202		# rorl $1 %edx 
-	xorl	%ebp,		%eax
-.byte 209
-.byte 192		# roll $1 %eax 
-	movl	%ecx,		%ebp
-	movl	%eax,		44(%esp)
-	orl	%edx,		%ebp
-	leal	2400959708(%eax,%esi,1),%eax
-	movl	%ecx,		%esi
-	andl	%edi,		%ebp
-	andl	%edx,		%esi
-	orl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	addl	%esi,		%ebp
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	addl	%ebp,		%eax
-	# 40_59 59 
-	# 20_39 60 
-	movl	48(%esp),	%esi
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		# roll $1 %esi 
-	xorl	%ecx,		%ebp
-	movl	%esi,		48(%esp)
-	xorl	%edx,		%ebp
-	leal	3395469782(%esi,%edi,1),%esi
-	movl	%eax,		%edi
-	roll	$5,		%edi
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	addl	%ebp,		%edi
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	addl	%edi,		%esi
-	# 20_39 61 
-	movl	52(%esp),	%edi
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	%eax,		%ebp
-.byte 209
-.byte 199		# roll $1 %edi 
-	xorl	%ebx,		%ebp
-	movl	%edi,		52(%esp)
-	xorl	%ecx,		%ebp
-	leal	3395469782(%edi,%edx,1),%edi
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		# rorl $1 %eax 
-	addl	%ebp,		%edx
-.byte 209
-.byte 200		# rorl $1 %eax 
-	addl	%edx,		%edi
-	# 20_39 62 
-	movl	56(%esp),	%edx
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%edx
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		# roll $1 %edx 
-	xorl	%eax,		%ebp
-	movl	%edx,		56(%esp)
-	xorl	%ebx,		%ebp
-	leal	3395469782(%edx,%ecx,1),%edx
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-.byte 209
-.byte 206		# rorl $1 %esi 
-	addl	%ebp,		%ecx
-.byte 209
-.byte 206		# rorl $1 %esi 
-	addl	%ecx,		%edx
-	# 20_39 63 
-	movl	60(%esp),	%ecx
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	%edi,		%ebp
-.byte 209
-.byte 193		# roll $1 %ecx 
-	xorl	%esi,		%ebp
-	movl	%ecx,		60(%esp)
-	xorl	%eax,		%ebp
-	leal	3395469782(%ecx,%ebx,1),%ecx
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	addl	%ebp,		%ebx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	addl	%ebx,		%ecx
-	# 20_39 64 
-	movl	(%esp),		%ebx
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		# roll $1 %ebx 
-	xorl	%edi,		%ebp
-	movl	%ebx,		(%esp)
-	xorl	%esi,		%ebp
-	leal	3395469782(%ebx,%eax,1),%ebx
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-.byte 209
-.byte 202		# rorl $1 %edx 
-	addl	%ebp,		%eax
-.byte 209
-.byte 202		# rorl $1 %edx 
-	addl	%eax,		%ebx
-	# 20_39 65 
-	movl	4(%esp),	%eax
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	%ecx,		%ebp
-.byte 209
-.byte 192		# roll $1 %eax 
-	xorl	%edx,		%ebp
-	movl	%eax,		4(%esp)
-	xorl	%edi,		%ebp
-	leal	3395469782(%eax,%esi,1),%eax
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	addl	%ebp,		%esi
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	addl	%esi,		%eax
-	# 20_39 66 
-	movl	8(%esp),	%esi
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		# roll $1 %esi 
-	xorl	%ecx,		%ebp
-	movl	%esi,		8(%esp)
-	xorl	%edx,		%ebp
-	leal	3395469782(%esi,%edi,1),%esi
-	movl	%eax,		%edi
-	roll	$5,		%edi
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	addl	%ebp,		%edi
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	addl	%edi,		%esi
-	# 20_39 67 
-	movl	12(%esp),	%edi
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%edi
-	movl	%eax,		%ebp
-.byte 209
-.byte 199		# roll $1 %edi 
-	xorl	%ebx,		%ebp
-	movl	%edi,		12(%esp)
-	xorl	%ecx,		%ebp
-	leal	3395469782(%edi,%edx,1),%edi
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		# rorl $1 %eax 
-	addl	%ebp,		%edx
-.byte 209
-.byte 200		# rorl $1 %eax 
-	addl	%edx,		%edi
-	# 20_39 68 
-	movl	16(%esp),	%edx
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		# roll $1 %edx 
-	xorl	%eax,		%ebp
-	movl	%edx,		16(%esp)
-	xorl	%ebx,		%ebp
-	leal	3395469782(%edx,%ecx,1),%edx
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-.byte 209
-.byte 206		# rorl $1 %esi 
-	addl	%ebp,		%ecx
-.byte 209
-.byte 206		# rorl $1 %esi 
-	addl	%ecx,		%edx
-	# 20_39 69 
-	movl	20(%esp),	%ecx
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	%edi,		%ebp
-.byte 209
-.byte 193		# roll $1 %ecx 
-	xorl	%esi,		%ebp
-	movl	%ecx,		20(%esp)
-	xorl	%eax,		%ebp
-	leal	3395469782(%ecx,%ebx,1),%ecx
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	addl	%ebp,		%ebx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	addl	%ebx,		%ecx
-	# 20_39 70 
-	movl	24(%esp),	%ebx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		# roll $1 %ebx 
-	xorl	%edi,		%ebp
-	movl	%ebx,		24(%esp)
-	xorl	%esi,		%ebp
-	leal	3395469782(%ebx,%eax,1),%ebx
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-.byte 209
-.byte 202		# rorl $1 %edx 
-	addl	%ebp,		%eax
-.byte 209
-.byte 202		# rorl $1 %edx 
-	addl	%eax,		%ebx
-	# 20_39 71 
-	movl	28(%esp),	%eax
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	%ecx,		%ebp
-.byte 209
-.byte 192		# roll $1 %eax 
-	xorl	%edx,		%ebp
-	movl	%eax,		28(%esp)
-	xorl	%edi,		%ebp
-	leal	3395469782(%eax,%esi,1),%eax
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	addl	%ebp,		%esi
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	addl	%esi,		%eax
-	# 20_39 72 
-	movl	32(%esp),	%esi
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%esi
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		# roll $1 %esi 
-	xorl	%ecx,		%ebp
-	movl	%esi,		32(%esp)
-	xorl	%edx,		%ebp
-	leal	3395469782(%esi,%edi,1),%esi
-	movl	%eax,		%edi
-	roll	$5,		%edi
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	addl	%ebp,		%edi
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	addl	%edi,		%esi
-	# 20_39 73 
-	movl	36(%esp),	%edi
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	%eax,		%ebp
-.byte 209
-.byte 199		# roll $1 %edi 
-	xorl	%ebx,		%ebp
-	movl	%edi,		36(%esp)
-	xorl	%ecx,		%ebp
-	leal	3395469782(%edi,%edx,1),%edi
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		# rorl $1 %eax 
-	addl	%ebp,		%edx
-.byte 209
-.byte 200		# rorl $1 %eax 
-	addl	%edx,		%edi
-	# 20_39 74 
-	movl	40(%esp),	%edx
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		# roll $1 %edx 
-	xorl	%eax,		%ebp
-	movl	%edx,		40(%esp)
-	xorl	%ebx,		%ebp
-	leal	3395469782(%edx,%ecx,1),%edx
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-.byte 209
-.byte 206		# rorl $1 %esi 
-	addl	%ebp,		%ecx
-.byte 209
-.byte 206		# rorl $1 %esi 
-	addl	%ecx,		%edx
-	# 20_39 75 
-	movl	44(%esp),	%ecx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	%edi,		%ebp
-.byte 209
-.byte 193		# roll $1 %ecx 
-	xorl	%esi,		%ebp
-	movl	%ecx,		44(%esp)
-	xorl	%eax,		%ebp
-	leal	3395469782(%ecx,%ebx,1),%ecx
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	addl	%ebp,		%ebx
-.byte 209
-.byte 207		# rorl $1 %edi 
-	addl	%ebx,		%ecx
-	# 20_39 76 
-	movl	48(%esp),	%ebx
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		# roll $1 %ebx 
-	xorl	%edi,		%ebp
-	movl	%ebx,		48(%esp)
-	xorl	%esi,		%ebp
-	leal	3395469782(%ebx,%eax,1),%ebx
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-.byte 209
-.byte 202		# rorl $1 %edx 
-	addl	%ebp,		%eax
-.byte 209
-.byte 202		# rorl $1 %edx 
-	addl	%eax,		%ebx
-	# 20_39 77 
-	movl	52(%esp),	%eax
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	%ecx,		%ebp
-.byte 209
-.byte 192		# roll $1 %eax 
-	xorl	%edx,		%ebp
-	movl	%eax,		52(%esp)
-	xorl	%edi,		%ebp
-	leal	3395469782(%eax,%esi,1),%eax
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	addl	%ebp,		%esi
-.byte 209
-.byte 201		# rorl $1 %ecx 
-	addl	%esi,		%eax
-	# 20_39 78 
-	movl	56(%esp),	%esi
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		# roll $1 %esi 
-	xorl	%ecx,		%ebp
-	movl	%esi,		56(%esp)
-	xorl	%edx,		%ebp
-	leal	3395469782(%esi,%edi,1),%esi
-	movl	%eax,		%edi
-	roll	$5,		%edi
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	addl	%ebp,		%edi
-.byte 209
-.byte 203		# rorl $1 %ebx 
-	addl	%edi,		%esi
-	# 20_39 79 
-	movl	60(%esp),	%edi
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	%eax,		%ebp
-.byte 209
-.byte 199		# roll $1 %edi 
-	xorl	%ebx,		%ebp
-	movl	%edi,		60(%esp)
-	xorl	%ecx,		%ebp
-	leal	3395469782(%edi,%edx,1),%edi
-	movl	%esi,		%edx
-	roll	$5,		%edx
-	addl	%ebp,		%edx
-	movl	92(%esp),	%ebp
-.byte 209
-.byte 200		# rorl $1 %eax 
-	addl	%edx,		%edi
-.byte 209
-.byte 200		# rorl $1 %eax 
-	# End processing 
-
-	movl	12(%ebp),	%edx
-	addl	%ebx,		%edx
-	movl	4(%ebp),	%ebx
-	addl	%esi,		%ebx
-	movl	%eax,		%esi
-	movl	(%ebp),		%eax
-	movl	%edx,		12(%ebp)
-	addl	%edi,		%eax
-	movl	16(%ebp),	%edi
-	addl	%ecx,		%edi
-	movl	8(%ebp),	%ecx
-	addl	%esi,		%ecx
-	movl	%eax,		(%ebp)
-	movl	64(%esp),	%esi
-	movl	%ecx,		8(%ebp)
-	addl	$64,		%esi
-	movl	68(%esp),	%eax
-	movl	%edi,		16(%ebp)
-	cmpl	%esi,		%eax
-	movl	%ebx,		4(%ebp)
-	jl	.L001end
-	movl	(%esi),		%eax
-	jmp	.L000start
-.L001end:
-	addl	$72,		%esp
-	popl	%edi
-	popl	%ebx
-	popl	%ebp
-	popl	%esi
-	ret
-.sha1_block_x86_end:
-	.size	sha1_block_x86,.sha1_block_x86_end-sha1_block_x86
-.ident	"desasm.pl"
diff --git a/crypto/sha/asm/s1-win32.asm b/crypto/sha/asm/s1-win32.asm
deleted file mode 100644
index 61335666b9..0000000000
--- a/crypto/sha/asm/s1-win32.asm
+++ /dev/null
@@ -1,1664 +0,0 @@
-	; Don't even think of reading this code
-	; It was automatically generated by sha1-586.pl
-	; Which is a perl program used to generate the x86 assember for
-	; any of elf, a.out, BSDI,Win32, or Solaris
-	; eric <eay@cryptsoft.com>
-	; 
-	TITLE	sha1-586.asm
-        .486
-.model FLAT
-_TEXT	SEGMENT
-PUBLIC	_sha1_block_x86
-
-_sha1_block_x86 PROC NEAR
-	push	esi
-	push	ebp
-	mov	eax,		DWORD PTR 20[esp]
-	mov	esi,		DWORD PTR 16[esp]
-	add	eax,		esi
-	mov	ebp,		DWORD PTR 12[esp]
-	push	ebx
-	sub	eax,		64
-	push	edi
-	mov	ebx,		DWORD PTR 4[ebp]
-	sub	esp,		72
-	mov	edx,		DWORD PTR 12[ebp]
-	mov	edi,		DWORD PTR 16[ebp]
-	mov	ecx,		DWORD PTR 8[ebp]
-	mov	DWORD PTR 68[esp],eax
-	; First we need to setup the X array
-	mov	eax,		DWORD PTR [esi]
-L000start:
-	; First, load the words onto the stack in network byte order
-	bswap	eax
-	mov	DWORD PTR [esp],eax
-	mov	eax,		DWORD PTR 4[esi]
-	bswap	eax
-	mov	DWORD PTR 4[esp],eax
-	mov	eax,		DWORD PTR 8[esi]
-	bswap	eax
-	mov	DWORD PTR 8[esp],eax
-	mov	eax,		DWORD PTR 12[esi]
-	bswap	eax
-	mov	DWORD PTR 12[esp],eax
-	mov	eax,		DWORD PTR 16[esi]
-	bswap	eax
-	mov	DWORD PTR 16[esp],eax
-	mov	eax,		DWORD PTR 20[esi]
-	bswap	eax
-	mov	DWORD PTR 20[esp],eax
-	mov	eax,		DWORD PTR 24[esi]
-	bswap	eax
-	mov	DWORD PTR 24[esp],eax
-	mov	eax,		DWORD PTR 28[esi]
-	bswap	eax
-	mov	DWORD PTR 28[esp],eax
-	mov	eax,		DWORD PTR 32[esi]
-	bswap	eax
-	mov	DWORD PTR 32[esp],eax
-	mov	eax,		DWORD PTR 36[esi]
-	bswap	eax
-	mov	DWORD PTR 36[esp],eax
-	mov	eax,		DWORD PTR 40[esi]
-	bswap	eax
-	mov	DWORD PTR 40[esp],eax
-	mov	eax,		DWORD PTR 44[esi]
-	bswap	eax
-	mov	DWORD PTR 44[esp],eax
-	mov	eax,		DWORD PTR 48[esi]
-	bswap	eax
-	mov	DWORD PTR 48[esp],eax
-	mov	eax,		DWORD PTR 52[esi]
-	bswap	eax
-	mov	DWORD PTR 52[esp],eax
-	mov	eax,		DWORD PTR 56[esi]
-	bswap	eax
-	mov	DWORD PTR 56[esp],eax
-	mov	eax,		DWORD PTR 60[esi]
-	bswap	eax
-	mov	DWORD PTR 60[esp],eax
-	; We now have the X array on the stack
-	; starting at sp-4
-	mov	DWORD PTR 64[esp],esi
-	; 
-	; Start processing
-	mov	eax,		DWORD PTR [ebp]
-	; 00_15 0
-	mov	esi,		ecx
-	mov	ebp,		eax
-	xor	esi,		edx
-	rol	ebp,		5
-	and	esi,		ebx
-	add	ebp,		edi
-	ror	ebx,		1
-	mov	edi,		DWORD PTR [esp]
-	ror	ebx,		1
-	xor	esi,		edx
-	lea	ebp,		DWORD PTR 1518500249[edi*1+ebp]
-	mov	edi,		ebx
-	add	esi,		ebp
-	xor	edi,		ecx
-	mov	ebp,		esi
-	and	edi,		eax
-	rol	ebp,		5
-	add	ebp,		edx
-	mov	edx,		DWORD PTR 4[esp]
-	ror	eax,		1
-	xor	edi,		ecx
-	ror	eax,		1
-	lea	ebp,		DWORD PTR 1518500249[edx*1+ebp]
-	add	edi,		ebp
-	; 00_15 2
-	mov	edx,		eax
-	mov	ebp,		edi
-	xor	edx,		ebx
-	rol	ebp,		5
-	and	edx,		esi
-	add	ebp,		ecx
-	ror	esi,		1
-	mov	ecx,		DWORD PTR 8[esp]
-	ror	esi,		1
-	xor	edx,		ebx
-	lea	ebp,		DWORD PTR 1518500249[ecx*1+ebp]
-	mov	ecx,		esi
-	add	edx,		ebp
-	xor	ecx,		eax
-	mov	ebp,		edx
-	and	ecx,		edi
-	rol	ebp,		5
-	add	ebp,		ebx
-	mov	ebx,		DWORD PTR 12[esp]
-	ror	edi,		1
-	xor	ecx,		eax
-	ror	edi,		1
-	lea	ebp,		DWORD PTR 1518500249[ebx*1+ebp]
-	add	ecx,		ebp
-	; 00_15 4
-	mov	ebx,		edi
-	mov	ebp,		ecx
-	xor	ebx,		esi
-	rol	ebp,		5
-	and	ebx,		edx
-	add	ebp,		eax
-	ror	edx,		1
-	mov	eax,		DWORD PTR 16[esp]
-	ror	edx,		1
-	xor	ebx,		esi
-	lea	ebp,		DWORD PTR 1518500249[eax*1+ebp]
-	mov	eax,		edx
-	add	ebx,		ebp
-	xor	eax,		edi
-	mov	ebp,		ebx
-	and	eax,		ecx
-	rol	ebp,		5
-	add	ebp,		esi
-	mov	esi,		DWORD PTR 20[esp]
-	ror	ecx,		1
-	xor	eax,		edi
-	ror	ecx,		1
-	lea	ebp,		DWORD PTR 1518500249[esi*1+ebp]
-	add	eax,		ebp
-	; 00_15 6
-	mov	esi,		ecx
-	mov	ebp,		eax
-	xor	esi,		edx
-	rol	ebp,		5
-	and	esi,		ebx
-	add	ebp,		edi
-	ror	ebx,		1
-	mov	edi,		DWORD PTR 24[esp]
-	ror	ebx,		1
-	xor	esi,		edx
-	lea	ebp,		DWORD PTR 1518500249[edi*1+ebp]
-	mov	edi,		ebx
-	add	esi,		ebp
-	xor	edi,		ecx
-	mov	ebp,		esi
-	and	edi,		eax
-	rol	ebp,		5
-	add	ebp,		edx
-	mov	edx,		DWORD PTR 28[esp]
-	ror	eax,		1
-	xor	edi,		ecx
-	ror	eax,		1
-	lea	ebp,		DWORD PTR 1518500249[edx*1+ebp]
-	add	edi,		ebp
-	; 00_15 8
-	mov	edx,		eax
-	mov	ebp,		edi
-	xor	edx,		ebx
-	rol	ebp,		5
-	and	edx,		esi
-	add	ebp,		ecx
-	ror	esi,		1
-	mov	ecx,		DWORD PTR 32[esp]
-	ror	esi,		1
-	xor	edx,		ebx
-	lea	ebp,		DWORD PTR 1518500249[ecx*1+ebp]
-	mov	ecx,		esi
-	add	edx,		ebp
-	xor	ecx,		eax
-	mov	ebp,		edx
-	and	ecx,		edi
-	rol	ebp,		5
-	add	ebp,		ebx
-	mov	ebx,		DWORD PTR 36[esp]
-	ror	edi,		1
-	xor	ecx,		eax
-	ror	edi,		1
-	lea	ebp,		DWORD PTR 1518500249[ebx*1+ebp]
-	add	ecx,		ebp
-	; 00_15 10
-	mov	ebx,		edi
-	mov	ebp,		ecx
-	xor	ebx,		esi
-	rol	ebp,		5
-	and	ebx,		edx
-	add	ebp,		eax
-	ror	edx,		1
-	mov	eax,		DWORD PTR 40[esp]
-	ror	edx,		1
-	xor	ebx,		esi
-	lea	ebp,		DWORD PTR 1518500249[eax*1+ebp]
-	mov	eax,		edx
-	add	ebx,		ebp
-	xor	eax,		edi
-	mov	ebp,		ebx
-	and	eax,		ecx
-	rol	ebp,		5
-	add	ebp,		esi
-	mov	esi,		DWORD PTR 44[esp]
-	ror	ecx,		1
-	xor	eax,		edi
-	ror	ecx,		1
-	lea	ebp,		DWORD PTR 1518500249[esi*1+ebp]
-	add	eax,		ebp
-	; 00_15 12
-	mov	esi,		ecx
-	mov	ebp,		eax
-	xor	esi,		edx
-	rol	ebp,		5
-	and	esi,		ebx
-	add	ebp,		edi
-	ror	ebx,		1
-	mov	edi,		DWORD PTR 48[esp]
-	ror	ebx,		1
-	xor	esi,		edx
-	lea	ebp,		DWORD PTR 1518500249[edi*1+ebp]
-	mov	edi,		ebx
-	add	esi,		ebp
-	xor	edi,		ecx
-	mov	ebp,		esi
-	and	edi,		eax
-	rol	ebp,		5
-	add	ebp,		edx
-	mov	edx,		DWORD PTR 52[esp]
-	ror	eax,		1
-	xor	edi,		ecx
-	ror	eax,		1
-	lea	ebp,		DWORD PTR 1518500249[edx*1+ebp]
-	add	edi,		ebp
-	; 00_15 14
-	mov	edx,		eax
-	mov	ebp,		edi
-	xor	edx,		ebx
-	rol	ebp,		5
-	and	edx,		esi
-	add	ebp,		ecx
-	ror	esi,		1
-	mov	ecx,		DWORD PTR 56[esp]
-	ror	esi,		1
-	xor	edx,		ebx
-	lea	ebp,		DWORD PTR 1518500249[ecx*1+ebp]
-	mov	ecx,		esi
-	add	edx,		ebp
-	xor	ecx,		eax
-	mov	ebp,		edx
-	and	ecx,		edi
-	rol	ebp,		5
-	add	ebp,		ebx
-	mov	ebx,		DWORD PTR 60[esp]
-	ror	edi,		1
-	xor	ecx,		eax
-	ror	edi,		1
-	lea	ebp,		DWORD PTR 1518500249[ebx*1+ebp]
-	add	ecx,		ebp
-	; 16_19 16
-	nop
-	mov	ebp,		DWORD PTR [esp]
-	mov	ebx,		DWORD PTR 8[esp]
-	xor	ebx,		ebp
-	mov	ebp,		DWORD PTR 32[esp]
-	xor	ebx,		ebp
-	mov	ebp,		DWORD PTR 52[esp]
-	xor	ebx,		ebp
-	mov	ebp,		edi
-	rol	ebx,		1
-	xor	ebp,		esi
-	mov	DWORD PTR [esp],ebx
-	and	ebp,		edx
-	lea	ebx,		DWORD PTR 1518500249[eax*1+ebx]
-	xor	ebp,		esi
-	mov	eax,		ecx
-	add	ebx,		ebp
-	rol	eax,		5
-	ror	edx,		1
-	add	ebx,		eax
-	mov	eax,		DWORD PTR 4[esp]
-	mov	ebp,		DWORD PTR 12[esp]
-	xor	eax,		ebp
-	mov	ebp,		DWORD PTR 36[esp]
-	xor	eax,		ebp
-	mov	ebp,		DWORD PTR 56[esp]
-	ror	edx,		1
-	xor	eax,		ebp
-	rol	eax,		1
-	mov	ebp,		edx
-	xor	ebp,		edi
-	mov	DWORD PTR 4[esp],eax
-	and	ebp,		ecx
-	lea	eax,		DWORD PTR 1518500249[esi*1+eax]
-	xor	ebp,		edi
-	mov	esi,		ebx
-	rol	esi,		5
-	ror	ecx,		1
-	add	eax,		esi
-	ror	ecx,		1
-	add	eax,		ebp
-	; 16_19 18
-	mov	ebp,		DWORD PTR 8[esp]
-	mov	esi,		DWORD PTR 16[esp]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 40[esp]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 60[esp]
-	xor	esi,		ebp
-	mov	ebp,		ecx
-	rol	esi,		1
-	xor	ebp,		edx
-	mov	DWORD PTR 8[esp],esi
-	and	ebp,		ebx
-	lea	esi,		DWORD PTR 1518500249[edi*1+esi]
-	xor	ebp,		edx
-	mov	edi,		eax
-	add	esi,		ebp
-	rol	edi,		5
-	ror	ebx,		1
-	add	esi,		edi
-	mov	edi,		DWORD PTR 12[esp]
-	mov	ebp,		DWORD PTR 20[esp]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 44[esp]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR [esp]
-	ror	ebx,		1
-	xor	edi,		ebp
-	rol	edi,		1
-	mov	ebp,		ebx
-	xor	ebp,		ecx
-	mov	DWORD PTR 12[esp],edi
-	and	ebp,		eax
-	lea	edi,		DWORD PTR 1518500249[edx*1+edi]
-	xor	ebp,		ecx
-	mov	edx,		esi
-	rol	edx,		5
-	ror	eax,		1
-	add	edi,		edx
-	ror	eax,		1
-	add	edi,		ebp
-	; 20_39 20
-	mov	edx,		DWORD PTR 16[esp]
-	mov	ebp,		DWORD PTR 24[esp]
-	xor	edx,		ebp
-	mov	ebp,		DWORD PTR 48[esp]
-	xor	edx,		ebp
-	mov	ebp,		DWORD PTR 4[esp]
-	xor	edx,		ebp
-	mov	ebp,		esi
-	rol	edx,		1
-	xor	ebp,		eax
-	mov	DWORD PTR 16[esp],edx
-	xor	ebp,		ebx
-	lea	edx,		DWORD PTR 1859775393[ecx*1+edx]
-	mov	ecx,		edi
-	rol	ecx,		5
-	ror	esi,		1
-	add	ecx,		ebp
-	ror	esi,		1
-	add	edx,		ecx
-	; 20_39 21
-	mov	ecx,		DWORD PTR 20[esp]
-	mov	ebp,		DWORD PTR 28[esp]
-	xor	ecx,		ebp
-	mov	ebp,		DWORD PTR 52[esp]
-	xor	ecx,		ebp
-	mov	ebp,		DWORD PTR 8[esp]
-	xor	ecx,		ebp
-	mov	ebp,		edi
-	rol	ecx,		1
-	xor	ebp,		esi
-	mov	DWORD PTR 20[esp],ecx
-	xor	ebp,		eax
-	lea	ecx,		DWORD PTR 1859775393[ebx*1+ecx]
-	mov	ebx,		edx
-	rol	ebx,		5
-	ror	edi,		1
-	add	ebx,		ebp
-	ror	edi,		1
-	add	ecx,		ebx
-	; 20_39 22
-	mov	ebx,		DWORD PTR 24[esp]
-	mov	ebp,		DWORD PTR 32[esp]
-	xor	ebx,		ebp
-	mov	ebp,		DWORD PTR 56[esp]
-	xor	ebx,		ebp
-	mov	ebp,		DWORD PTR 12[esp]
-	xor	ebx,		ebp
-	mov	ebp,		edx
-	rol	ebx,		1
-	xor	ebp,		edi
-	mov	DWORD PTR 24[esp],ebx
-	xor	ebp,		esi
-	lea	ebx,		DWORD PTR 1859775393[eax*1+ebx]
-	mov	eax,		ecx
-	rol	eax,		5
-	ror	edx,		1
-	add	eax,		ebp
-	ror	edx,		1
-	add	ebx,		eax
-	; 20_39 23
-	mov	eax,		DWORD PTR 28[esp]
-	mov	ebp,		DWORD PTR 36[esp]
-	xor	eax,		ebp
-	mov	ebp,		DWORD PTR 60[esp]
-	xor	eax,		ebp
-	mov	ebp,		DWORD PTR 16[esp]
-	xor	eax,		ebp
-	mov	ebp,		ecx
-	rol	eax,		1
-	xor	ebp,		edx
-	mov	DWORD PTR 28[esp],eax
-	xor	ebp,		edi
-	lea	eax,		DWORD PTR 1859775393[esi*1+eax]
-	mov	esi,		ebx
-	rol	esi,		5
-	ror	ecx,		1
-	add	esi,		ebp
-	ror	ecx,		1
-	add	eax,		esi
-	; 20_39 24
-	mov	esi,		DWORD PTR 32[esp]
-	mov	ebp,		DWORD PTR 40[esp]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR [esp]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 20[esp]
-	xor	esi,		ebp
-	mov	ebp,		ebx
-	rol	esi,		1
-	xor	ebp,		ecx
-	mov	DWORD PTR 32[esp],esi
-	xor	ebp,		edx
-	lea	esi,		DWORD PTR 1859775393[edi*1+esi]
-	mov	edi,		eax
-	rol	edi,		5
-	ror	ebx,		1
-	add	edi,		ebp
-	ror	ebx,		1
-	add	esi,		edi
-	; 20_39 25
-	mov	edi,		DWORD PTR 36[esp]
-	mov	ebp,		DWORD PTR 44[esp]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 4[esp]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	xor	edi,		ebp
-	mov	ebp,		eax
-	rol	edi,		1
-	xor	ebp,		ebx
-	mov	DWORD PTR 36[esp],edi
-	xor	ebp,		ecx
-	lea	edi,		DWORD PTR 1859775393[edx*1+edi]
-	mov	edx,		esi
-	rol	edx,		5
-	ror	eax,		1
-	add	edx,		ebp
-	ror	eax,		1
-	add	edi,		edx
-	; 20_39 26
-	mov	edx,		DWORD PTR 40[esp]
-	mov	ebp,		DWORD PTR 48[esp]
-	xor	edx,		ebp
-	mov	ebp,		DWORD PTR 8[esp]
-	xor	edx,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	xor	edx,		ebp
-	mov	ebp,		esi
-	rol	edx,		1
-	xor	ebp,		eax
-	mov	DWORD PTR 40[esp],edx
-	xor	ebp,		ebx
-	lea	edx,		DWORD PTR 1859775393[ecx*1+edx]
-	mov	ecx,		edi
-	rol	ecx,		5
-	ror	esi,		1
-	add	ecx,		ebp
-	ror	esi,		1
-	add	edx,		ecx
-	; 20_39 27
-	mov	ecx,		DWORD PTR 44[esp]
-	mov	ebp,		DWORD PTR 52[esp]
-	xor	ecx,		ebp
-	mov	ebp,		DWORD PTR 12[esp]
-	xor	ecx,		ebp
-	mov	ebp,		DWORD PTR 32[esp]
-	xor	ecx,		ebp
-	mov	ebp,		edi
-	rol	ecx,		1
-	xor	ebp,		esi
-	mov	DWORD PTR 44[esp],ecx
-	xor	ebp,		eax
-	lea	ecx,		DWORD PTR 1859775393[ebx*1+ecx]
-	mov	ebx,		edx
-	rol	ebx,		5
-	ror	edi,		1
-	add	ebx,		ebp
-	ror	edi,		1
-	add	ecx,		ebx
-	; 20_39 28
-	mov	ebx,		DWORD PTR 48[esp]
-	mov	ebp,		DWORD PTR 56[esp]
-	xor	ebx,		ebp
-	mov	ebp,		DWORD PTR 16[esp]
-	xor	ebx,		ebp
-	mov	ebp,		DWORD PTR 36[esp]
-	xor	ebx,		ebp
-	mov	ebp,		edx
-	rol	ebx,		1
-	xor	ebp,		edi
-	mov	DWORD PTR 48[esp],ebx
-	xor	ebp,		esi
-	lea	ebx,		DWORD PTR 1859775393[eax*1+ebx]
-	mov	eax,		ecx
-	rol	eax,		5
-	ror	edx,		1
-	add	eax,		ebp
-	ror	edx,		1
-	add	ebx,		eax
-	; 20_39 29
-	mov	eax,		DWORD PTR 52[esp]
-	mov	ebp,		DWORD PTR 60[esp]
-	xor	eax,		ebp
-	mov	ebp,		DWORD PTR 20[esp]
-	xor	eax,		ebp
-	mov	ebp,		DWORD PTR 40[esp]
-	xor	eax,		ebp
-	mov	ebp,		ecx
-	rol	eax,		1
-	xor	ebp,		edx
-	mov	DWORD PTR 52[esp],eax
-	xor	ebp,		edi
-	lea	eax,		DWORD PTR 1859775393[esi*1+eax]
-	mov	esi,		ebx
-	rol	esi,		5
-	ror	ecx,		1
-	add	esi,		ebp
-	ror	ecx,		1
-	add	eax,		esi
-	; 20_39 30
-	mov	esi,		DWORD PTR 56[esp]
-	mov	ebp,		DWORD PTR [esp]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 44[esp]
-	xor	esi,		ebp
-	mov	ebp,		ebx
-	rol	esi,		1
-	xor	ebp,		ecx
-	mov	DWORD PTR 56[esp],esi
-	xor	ebp,		edx
-	lea	esi,		DWORD PTR 1859775393[edi*1+esi]
-	mov	edi,		eax
-	rol	edi,		5
-	ror	ebx,		1
-	add	edi,		ebp
-	ror	ebx,		1
-	add	esi,		edi
-	; 20_39 31
-	mov	edi,		DWORD PTR 60[esp]
-	mov	ebp,		DWORD PTR 4[esp]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 48[esp]
-	xor	edi,		ebp
-	mov	ebp,		eax
-	rol	edi,		1
-	xor	ebp,		ebx
-	mov	DWORD PTR 60[esp],edi
-	xor	ebp,		ecx
-	lea	edi,		DWORD PTR 1859775393[edx*1+edi]
-	mov	edx,		esi
-	rol	edx,		5
-	ror	eax,		1
-	add	edx,		ebp
-	ror	eax,		1
-	add	edi,		edx
-	; 20_39 32
-	mov	edx,		DWORD PTR [esp]
-	mov	ebp,		DWORD PTR 8[esp]
-	xor	edx,		ebp
-	mov	ebp,		DWORD PTR 32[esp]
-	xor	edx,		ebp
-	mov	ebp,		DWORD PTR 52[esp]
-	xor	edx,		ebp
-	mov	ebp,		esi
-	rol	edx,		1
-	xor	ebp,		eax
-	mov	DWORD PTR [esp],edx
-	xor	ebp,		ebx
-	lea	edx,		DWORD PTR 1859775393[ecx*1+edx]
-	mov	ecx,		edi
-	rol	ecx,		5
-	ror	esi,		1
-	add	ecx,		ebp
-	ror	esi,		1
-	add	edx,		ecx
-	; 20_39 33
-	mov	ecx,		DWORD PTR 4[esp]
-	mov	ebp,		DWORD PTR 12[esp]
-	xor	ecx,		ebp
-	mov	ebp,		DWORD PTR 36[esp]
-	xor	ecx,		ebp
-	mov	ebp,		DWORD PTR 56[esp]
-	xor	ecx,		ebp
-	mov	ebp,		edi
-	rol	ecx,		1
-	xor	ebp,		esi
-	mov	DWORD PTR 4[esp],ecx
-	xor	ebp,		eax
-	lea	ecx,		DWORD PTR 1859775393[ebx*1+ecx]
-	mov	ebx,		edx
-	rol	ebx,		5
-	ror	edi,		1
-	add	ebx,		ebp
-	ror	edi,		1
-	add	ecx,		ebx
-	; 20_39 34
-	mov	ebx,		DWORD PTR 8[esp]
-	mov	ebp,		DWORD PTR 16[esp]
-	xor	ebx,		ebp
-	mov	ebp,		DWORD PTR 40[esp]
-	xor	ebx,		ebp
-	mov	ebp,		DWORD PTR 60[esp]
-	xor	ebx,		ebp
-	mov	ebp,		edx
-	rol	ebx,		1
-	xor	ebp,		edi
-	mov	DWORD PTR 8[esp],ebx
-	xor	ebp,		esi
-	lea	ebx,		DWORD PTR 1859775393[eax*1+ebx]
-	mov	eax,		ecx
-	rol	eax,		5
-	ror	edx,		1
-	add	eax,		ebp
-	ror	edx,		1
-	add	ebx,		eax
-	; 20_39 35
-	mov	eax,		DWORD PTR 12[esp]
-	mov	ebp,		DWORD PTR 20[esp]
-	xor	eax,		ebp
-	mov	ebp,		DWORD PTR 44[esp]
-	xor	eax,		ebp
-	mov	ebp,		DWORD PTR [esp]
-	xor	eax,		ebp
-	mov	ebp,		ecx
-	rol	eax,		1
-	xor	ebp,		edx
-	mov	DWORD PTR 12[esp],eax
-	xor	ebp,		edi
-	lea	eax,		DWORD PTR 1859775393[esi*1+eax]
-	mov	esi,		ebx
-	rol	esi,		5
-	ror	ecx,		1
-	add	esi,		ebp
-	ror	ecx,		1
-	add	eax,		esi
-	; 20_39 36
-	mov	esi,		DWORD PTR 16[esp]
-	mov	ebp,		DWORD PTR 24[esp]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 48[esp]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 4[esp]
-	xor	esi,		ebp
-	mov	ebp,		ebx
-	rol	esi,		1
-	xor	ebp,		ecx
-	mov	DWORD PTR 16[esp],esi
-	xor	ebp,		edx
-	lea	esi,		DWORD PTR 1859775393[edi*1+esi]
-	mov	edi,		eax
-	rol	edi,		5
-	ror	ebx,		1
-	add	edi,		ebp
-	ror	ebx,		1
-	add	esi,		edi
-	; 20_39 37
-	mov	edi,		DWORD PTR 20[esp]
-	mov	ebp,		DWORD PTR 28[esp]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 52[esp]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 8[esp]
-	xor	edi,		ebp
-	mov	ebp,		eax
-	rol	edi,		1
-	xor	ebp,		ebx
-	mov	DWORD PTR 20[esp],edi
-	xor	ebp,		ecx
-	lea	edi,		DWORD PTR 1859775393[edx*1+edi]
-	mov	edx,		esi
-	rol	edx,		5
-	ror	eax,		1
-	add	edx,		ebp
-	ror	eax,		1
-	add	edi,		edx
-	; 20_39 38
-	mov	edx,		DWORD PTR 24[esp]
-	mov	ebp,		DWORD PTR 32[esp]
-	xor	edx,		ebp
-	mov	ebp,		DWORD PTR 56[esp]
-	xor	edx,		ebp
-	mov	ebp,		DWORD PTR 12[esp]
-	xor	edx,		ebp
-	mov	ebp,		esi
-	rol	edx,		1
-	xor	ebp,		eax
-	mov	DWORD PTR 24[esp],edx
-	xor	ebp,		ebx
-	lea	edx,		DWORD PTR 1859775393[ecx*1+edx]
-	mov	ecx,		edi
-	rol	ecx,		5
-	ror	esi,		1
-	add	ecx,		ebp
-	ror	esi,		1
-	add	edx,		ecx
-	; 20_39 39
-	mov	ecx,		DWORD PTR 28[esp]
-	mov	ebp,		DWORD PTR 36[esp]
-	xor	ecx,		ebp
-	mov	ebp,		DWORD PTR 60[esp]
-	xor	ecx,		ebp
-	mov	ebp,		DWORD PTR 16[esp]
-	xor	ecx,		ebp
-	mov	ebp,		edi
-	rol	ecx,		1
-	xor	ebp,		esi
-	mov	DWORD PTR 28[esp],ecx
-	xor	ebp,		eax
-	lea	ecx,		DWORD PTR 1859775393[ebx*1+ecx]
-	mov	ebx,		edx
-	rol	ebx,		5
-	ror	edi,		1
-	add	ebx,		ebp
-	ror	edi,		1
-	add	ecx,		ebx
-	; 40_59 40
-	mov	ebx,		DWORD PTR 32[esp]
-	mov	ebp,		DWORD PTR 40[esp]
-	xor	ebx,		ebp
-	mov	ebp,		DWORD PTR [esp]
-	xor	ebx,		ebp
-	mov	ebp,		DWORD PTR 20[esp]
-	xor	ebx,		ebp
-	mov	ebp,		edx
-	rol	ebx,		1
-	or	ebp,		edi
-	mov	DWORD PTR 32[esp],ebx
-	and	ebp,		esi
-	lea	ebx,		DWORD PTR 2400959708[eax*1+ebx]
-	mov	eax,		edx
-	ror	edx,		1
-	and	eax,		edi
-	or	ebp,		eax
-	mov	eax,		ecx
-	rol	eax,		5
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 36[esp]
-	add	ebx,		ebp
-	mov	ebp,		DWORD PTR 44[esp]
-	xor	eax,		ebp
-	mov	ebp,		DWORD PTR 4[esp]
-	xor	eax,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	ror	edx,		1
-	xor	eax,		ebp
-	rol	eax,		1
-	mov	ebp,		ecx
-	mov	DWORD PTR 36[esp],eax
-	or	ebp,		edx
-	lea	eax,		DWORD PTR 2400959708[esi*1+eax]
-	mov	esi,		ecx
-	and	ebp,		edi
-	and	esi,		edx
-	or	ebp,		esi
-	mov	esi,		ebx
-	rol	esi,		5
-	ror	ecx,		1
-	add	ebp,		esi
-	ror	ecx,		1
-	add	eax,		ebp
-	; 40_59 41
-	; 40_59 42
-	mov	esi,		DWORD PTR 40[esp]
-	mov	ebp,		DWORD PTR 48[esp]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 8[esp]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	xor	esi,		ebp
-	mov	ebp,		ebx
-	rol	esi,		1
-	or	ebp,		ecx
-	mov	DWORD PTR 40[esp],esi
-	and	ebp,		edx
-	lea	esi,		DWORD PTR 2400959708[edi*1+esi]
-	mov	edi,		ebx
-	ror	ebx,		1
-	and	edi,		ecx
-	or	ebp,		edi
-	mov	edi,		eax
-	rol	edi,		5
-	add	ebp,		edi
-	mov	edi,		DWORD PTR 44[esp]
-	add	esi,		ebp
-	mov	ebp,		DWORD PTR 52[esp]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 12[esp]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 32[esp]
-	ror	ebx,		1
-	xor	edi,		ebp
-	rol	edi,		1
-	mov	ebp,		eax
-	mov	DWORD PTR 44[esp],edi
-	or	ebp,		ebx
-	lea	edi,		DWORD PTR 2400959708[edx*1+edi]
-	mov	edx,		eax
-	and	ebp,		ecx
-	and	edx,		ebx
-	or	ebp,		edx
-	mov	edx,		esi
-	rol	edx,		5
-	ror	eax,		1
-	add	ebp,		edx
-	ror	eax,		1
-	add	edi,		ebp
-	; 40_59 43
-	; 40_59 44
-	mov	edx,		DWORD PTR 48[esp]
-	mov	ebp,		DWORD PTR 56[esp]
-	xor	edx,		ebp
-	mov	ebp,		DWORD PTR 16[esp]
-	xor	edx,		ebp
-	mov	ebp,		DWORD PTR 36[esp]
-	xor	edx,		ebp
-	mov	ebp,		esi
-	rol	edx,		1
-	or	ebp,		eax
-	mov	DWORD PTR 48[esp],edx
-	and	ebp,		ebx
-	lea	edx,		DWORD PTR 2400959708[ecx*1+edx]
-	mov	ecx,		esi
-	ror	esi,		1
-	and	ecx,		eax
-	or	ebp,		ecx
-	mov	ecx,		edi
-	rol	ecx,		5
-	add	ebp,		ecx
-	mov	ecx,		DWORD PTR 52[esp]
-	add	edx,		ebp
-	mov	ebp,		DWORD PTR 60[esp]
-	xor	ecx,		ebp
-	mov	ebp,		DWORD PTR 20[esp]
-	xor	ecx,		ebp
-	mov	ebp,		DWORD PTR 40[esp]
-	ror	esi,		1
-	xor	ecx,		ebp
-	rol	ecx,		1
-	mov	ebp,		edi
-	mov	DWORD PTR 52[esp],ecx
-	or	ebp,		esi
-	lea	ecx,		DWORD PTR 2400959708[ebx*1+ecx]
-	mov	ebx,		edi
-	and	ebp,		eax
-	and	ebx,		esi
-	or	ebp,		ebx
-	mov	ebx,		edx
-	rol	ebx,		5
-	ror	edi,		1
-	add	ebp,		ebx
-	ror	edi,		1
-	add	ecx,		ebp
-	; 40_59 45
-	; 40_59 46
-	mov	ebx,		DWORD PTR 56[esp]
-	mov	ebp,		DWORD PTR [esp]
-	xor	ebx,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	xor	ebx,		ebp
-	mov	ebp,		DWORD PTR 44[esp]
-	xor	ebx,		ebp
-	mov	ebp,		edx
-	rol	ebx,		1
-	or	ebp,		edi
-	mov	DWORD PTR 56[esp],ebx
-	and	ebp,		esi
-	lea	ebx,		DWORD PTR 2400959708[eax*1+ebx]
-	mov	eax,		edx
-	ror	edx,		1
-	and	eax,		edi
-	or	ebp,		eax
-	mov	eax,		ecx
-	rol	eax,		5
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 60[esp]
-	add	ebx,		ebp
-	mov	ebp,		DWORD PTR 4[esp]
-	xor	eax,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	xor	eax,		ebp
-	mov	ebp,		DWORD PTR 48[esp]
-	ror	edx,		1
-	xor	eax,		ebp
-	rol	eax,		1
-	mov	ebp,		ecx
-	mov	DWORD PTR 60[esp],eax
-	or	ebp,		edx
-	lea	eax,		DWORD PTR 2400959708[esi*1+eax]
-	mov	esi,		ecx
-	and	ebp,		edi
-	and	esi,		edx
-	or	ebp,		esi
-	mov	esi,		ebx
-	rol	esi,		5
-	ror	ecx,		1
-	add	ebp,		esi
-	ror	ecx,		1
-	add	eax,		ebp
-	; 40_59 47
-	; 40_59 48
-	mov	esi,		DWORD PTR [esp]
-	mov	ebp,		DWORD PTR 8[esp]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 32[esp]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 52[esp]
-	xor	esi,		ebp
-	mov	ebp,		ebx
-	rol	esi,		1
-	or	ebp,		ecx
-	mov	DWORD PTR [esp],esi
-	and	ebp,		edx
-	lea	esi,		DWORD PTR 2400959708[edi*1+esi]
-	mov	edi,		ebx
-	ror	ebx,		1
-	and	edi,		ecx
-	or	ebp,		edi
-	mov	edi,		eax
-	rol	edi,		5
-	add	ebp,		edi
-	mov	edi,		DWORD PTR 4[esp]
-	add	esi,		ebp
-	mov	ebp,		DWORD PTR 12[esp]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 36[esp]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 56[esp]
-	ror	ebx,		1
-	xor	edi,		ebp
-	rol	edi,		1
-	mov	ebp,		eax
-	mov	DWORD PTR 4[esp],edi
-	or	ebp,		ebx
-	lea	edi,		DWORD PTR 2400959708[edx*1+edi]
-	mov	edx,		eax
-	and	ebp,		ecx
-	and	edx,		ebx
-	or	ebp,		edx
-	mov	edx,		esi
-	rol	edx,		5
-	ror	eax,		1
-	add	ebp,		edx
-	ror	eax,		1
-	add	edi,		ebp
-	; 40_59 49
-	; 40_59 50
-	mov	edx,		DWORD PTR 8[esp]
-	mov	ebp,		DWORD PTR 16[esp]
-	xor	edx,		ebp
-	mov	ebp,		DWORD PTR 40[esp]
-	xor	edx,		ebp
-	mov	ebp,		DWORD PTR 60[esp]
-	xor	edx,		ebp
-	mov	ebp,		esi
-	rol	edx,		1
-	or	ebp,		eax
-	mov	DWORD PTR 8[esp],edx
-	and	ebp,		ebx
-	lea	edx,		DWORD PTR 2400959708[ecx*1+edx]
-	mov	ecx,		esi
-	ror	esi,		1
-	and	ecx,		eax
-	or	ebp,		ecx
-	mov	ecx,		edi
-	rol	ecx,		5
-	add	ebp,		ecx
-	mov	ecx,		DWORD PTR 12[esp]
-	add	edx,		ebp
-	mov	ebp,		DWORD PTR 20[esp]
-	xor	ecx,		ebp
-	mov	ebp,		DWORD PTR 44[esp]
-	xor	ecx,		ebp
-	mov	ebp,		DWORD PTR [esp]
-	ror	esi,		1
-	xor	ecx,		ebp
-	rol	ecx,		1
-	mov	ebp,		edi
-	mov	DWORD PTR 12[esp],ecx
-	or	ebp,		esi
-	lea	ecx,		DWORD PTR 2400959708[ebx*1+ecx]
-	mov	ebx,		edi
-	and	ebp,		eax
-	and	ebx,		esi
-	or	ebp,		ebx
-	mov	ebx,		edx
-	rol	ebx,		5
-	ror	edi,		1
-	add	ebp,		ebx
-	ror	edi,		1
-	add	ecx,		ebp
-	; 40_59 51
-	; 40_59 52
-	mov	ebx,		DWORD PTR 16[esp]
-	mov	ebp,		DWORD PTR 24[esp]
-	xor	ebx,		ebp
-	mov	ebp,		DWORD PTR 48[esp]
-	xor	ebx,		ebp
-	mov	ebp,		DWORD PTR 4[esp]
-	xor	ebx,		ebp
-	mov	ebp,		edx
-	rol	ebx,		1
-	or	ebp,		edi
-	mov	DWORD PTR 16[esp],ebx
-	and	ebp,		esi
-	lea	ebx,		DWORD PTR 2400959708[eax*1+ebx]
-	mov	eax,		edx
-	ror	edx,		1
-	and	eax,		edi
-	or	ebp,		eax
-	mov	eax,		ecx
-	rol	eax,		5
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 20[esp]
-	add	ebx,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	xor	eax,		ebp
-	mov	ebp,		DWORD PTR 52[esp]
-	xor	eax,		ebp
-	mov	ebp,		DWORD PTR 8[esp]
-	ror	edx,		1
-	xor	eax,		ebp
-	rol	eax,		1
-	mov	ebp,		ecx
-	mov	DWORD PTR 20[esp],eax
-	or	ebp,		edx
-	lea	eax,		DWORD PTR 2400959708[esi*1+eax]
-	mov	esi,		ecx
-	and	ebp,		edi
-	and	esi,		edx
-	or	ebp,		esi
-	mov	esi,		ebx
-	rol	esi,		5
-	ror	ecx,		1
-	add	ebp,		esi
-	ror	ecx,		1
-	add	eax,		ebp
-	; 40_59 53
-	; 40_59 54
-	mov	esi,		DWORD PTR 24[esp]
-	mov	ebp,		DWORD PTR 32[esp]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 56[esp]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 12[esp]
-	xor	esi,		ebp
-	mov	ebp,		ebx
-	rol	esi,		1
-	or	ebp,		ecx
-	mov	DWORD PTR 24[esp],esi
-	and	ebp,		edx
-	lea	esi,		DWORD PTR 2400959708[edi*1+esi]
-	mov	edi,		ebx
-	ror	ebx,		1
-	and	edi,		ecx
-	or	ebp,		edi
-	mov	edi,		eax
-	rol	edi,		5
-	add	ebp,		edi
-	mov	edi,		DWORD PTR 28[esp]
-	add	esi,		ebp
-	mov	ebp,		DWORD PTR 36[esp]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 60[esp]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 16[esp]
-	ror	ebx,		1
-	xor	edi,		ebp
-	rol	edi,		1
-	mov	ebp,		eax
-	mov	DWORD PTR 28[esp],edi
-	or	ebp,		ebx
-	lea	edi,		DWORD PTR 2400959708[edx*1+edi]
-	mov	edx,		eax
-	and	ebp,		ecx
-	and	edx,		ebx
-	or	ebp,		edx
-	mov	edx,		esi
-	rol	edx,		5
-	ror	eax,		1
-	add	ebp,		edx
-	ror	eax,		1
-	add	edi,		ebp
-	; 40_59 55
-	; 40_59 56
-	mov	edx,		DWORD PTR 32[esp]
-	mov	ebp,		DWORD PTR 40[esp]
-	xor	edx,		ebp
-	mov	ebp,		DWORD PTR [esp]
-	xor	edx,		ebp
-	mov	ebp,		DWORD PTR 20[esp]
-	xor	edx,		ebp
-	mov	ebp,		esi
-	rol	edx,		1
-	or	ebp,		eax
-	mov	DWORD PTR 32[esp],edx
-	and	ebp,		ebx
-	lea	edx,		DWORD PTR 2400959708[ecx*1+edx]
-	mov	ecx,		esi
-	ror	esi,		1
-	and	ecx,		eax
-	or	ebp,		ecx
-	mov	ecx,		edi
-	rol	ecx,		5
-	add	ebp,		ecx
-	mov	ecx,		DWORD PTR 36[esp]
-	add	edx,		ebp
-	mov	ebp,		DWORD PTR 44[esp]
-	xor	ecx,		ebp
-	mov	ebp,		DWORD PTR 4[esp]
-	xor	ecx,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	ror	esi,		1
-	xor	ecx,		ebp
-	rol	ecx,		1
-	mov	ebp,		edi
-	mov	DWORD PTR 36[esp],ecx
-	or	ebp,		esi
-	lea	ecx,		DWORD PTR 2400959708[ebx*1+ecx]
-	mov	ebx,		edi
-	and	ebp,		eax
-	and	ebx,		esi
-	or	ebp,		ebx
-	mov	ebx,		edx
-	rol	ebx,		5
-	ror	edi,		1
-	add	ebp,		ebx
-	ror	edi,		1
-	add	ecx,		ebp
-	; 40_59 57
-	; 40_59 58
-	mov	ebx,		DWORD PTR 40[esp]
-	mov	ebp,		DWORD PTR 48[esp]
-	xor	ebx,		ebp
-	mov	ebp,		DWORD PTR 8[esp]
-	xor	ebx,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	xor	ebx,		ebp
-	mov	ebp,		edx
-	rol	ebx,		1
-	or	ebp,		edi
-	mov	DWORD PTR 40[esp],ebx
-	and	ebp,		esi
-	lea	ebx,		DWORD PTR 2400959708[eax*1+ebx]
-	mov	eax,		edx
-	ror	edx,		1
-	and	eax,		edi
-	or	ebp,		eax
-	mov	eax,		ecx
-	rol	eax,		5
-	add	ebp,		eax
-	mov	eax,		DWORD PTR 44[esp]
-	add	ebx,		ebp
-	mov	ebp,		DWORD PTR 52[esp]
-	xor	eax,		ebp
-	mov	ebp,		DWORD PTR 12[esp]
-	xor	eax,		ebp
-	mov	ebp,		DWORD PTR 32[esp]
-	ror	edx,		1
-	xor	eax,		ebp
-	rol	eax,		1
-	mov	ebp,		ecx
-	mov	DWORD PTR 44[esp],eax
-	or	ebp,		edx
-	lea	eax,		DWORD PTR 2400959708[esi*1+eax]
-	mov	esi,		ecx
-	and	ebp,		edi
-	and	esi,		edx
-	or	ebp,		esi
-	mov	esi,		ebx
-	rol	esi,		5
-	ror	ecx,		1
-	add	ebp,		esi
-	ror	ecx,		1
-	add	eax,		ebp
-	; 40_59 59
-	; 20_39 60
-	mov	esi,		DWORD PTR 48[esp]
-	mov	ebp,		DWORD PTR 56[esp]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 16[esp]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 36[esp]
-	xor	esi,		ebp
-	mov	ebp,		ebx
-	rol	esi,		1
-	xor	ebp,		ecx
-	mov	DWORD PTR 48[esp],esi
-	xor	ebp,		edx
-	lea	esi,		DWORD PTR 3395469782[edi*1+esi]
-	mov	edi,		eax
-	rol	edi,		5
-	ror	ebx,		1
-	add	edi,		ebp
-	ror	ebx,		1
-	add	esi,		edi
-	; 20_39 61
-	mov	edi,		DWORD PTR 52[esp]
-	mov	ebp,		DWORD PTR 60[esp]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 20[esp]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 40[esp]
-	xor	edi,		ebp
-	mov	ebp,		eax
-	rol	edi,		1
-	xor	ebp,		ebx
-	mov	DWORD PTR 52[esp],edi
-	xor	ebp,		ecx
-	lea	edi,		DWORD PTR 3395469782[edx*1+edi]
-	mov	edx,		esi
-	rol	edx,		5
-	ror	eax,		1
-	add	edx,		ebp
-	ror	eax,		1
-	add	edi,		edx
-	; 20_39 62
-	mov	edx,		DWORD PTR 56[esp]
-	mov	ebp,		DWORD PTR [esp]
-	xor	edx,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	xor	edx,		ebp
-	mov	ebp,		DWORD PTR 44[esp]
-	xor	edx,		ebp
-	mov	ebp,		esi
-	rol	edx,		1
-	xor	ebp,		eax
-	mov	DWORD PTR 56[esp],edx
-	xor	ebp,		ebx
-	lea	edx,		DWORD PTR 3395469782[ecx*1+edx]
-	mov	ecx,		edi
-	rol	ecx,		5
-	ror	esi,		1
-	add	ecx,		ebp
-	ror	esi,		1
-	add	edx,		ecx
-	; 20_39 63
-	mov	ecx,		DWORD PTR 60[esp]
-	mov	ebp,		DWORD PTR 4[esp]
-	xor	ecx,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	xor	ecx,		ebp
-	mov	ebp,		DWORD PTR 48[esp]
-	xor	ecx,		ebp
-	mov	ebp,		edi
-	rol	ecx,		1
-	xor	ebp,		esi
-	mov	DWORD PTR 60[esp],ecx
-	xor	ebp,		eax
-	lea	ecx,		DWORD PTR 3395469782[ebx*1+ecx]
-	mov	ebx,		edx
-	rol	ebx,		5
-	ror	edi,		1
-	add	ebx,		ebp
-	ror	edi,		1
-	add	ecx,		ebx
-	; 20_39 64
-	mov	ebx,		DWORD PTR [esp]
-	mov	ebp,		DWORD PTR 8[esp]
-	xor	ebx,		ebp
-	mov	ebp,		DWORD PTR 32[esp]
-	xor	ebx,		ebp
-	mov	ebp,		DWORD PTR 52[esp]
-	xor	ebx,		ebp
-	mov	ebp,		edx
-	rol	ebx,		1
-	xor	ebp,		edi
-	mov	DWORD PTR [esp],ebx
-	xor	ebp,		esi
-	lea	ebx,		DWORD PTR 3395469782[eax*1+ebx]
-	mov	eax,		ecx
-	rol	eax,		5
-	ror	edx,		1
-	add	eax,		ebp
-	ror	edx,		1
-	add	ebx,		eax
-	; 20_39 65
-	mov	eax,		DWORD PTR 4[esp]
-	mov	ebp,		DWORD PTR 12[esp]
-	xor	eax,		ebp
-	mov	ebp,		DWORD PTR 36[esp]
-	xor	eax,		ebp
-	mov	ebp,		DWORD PTR 56[esp]
-	xor	eax,		ebp
-	mov	ebp,		ecx
-	rol	eax,		1
-	xor	ebp,		edx
-	mov	DWORD PTR 4[esp],eax
-	xor	ebp,		edi
-	lea	eax,		DWORD PTR 3395469782[esi*1+eax]
-	mov	esi,		ebx
-	rol	esi,		5
-	ror	ecx,		1
-	add	esi,		ebp
-	ror	ecx,		1
-	add	eax,		esi
-	; 20_39 66
-	mov	esi,		DWORD PTR 8[esp]
-	mov	ebp,		DWORD PTR 16[esp]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 40[esp]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 60[esp]
-	xor	esi,		ebp
-	mov	ebp,		ebx
-	rol	esi,		1
-	xor	ebp,		ecx
-	mov	DWORD PTR 8[esp],esi
-	xor	ebp,		edx
-	lea	esi,		DWORD PTR 3395469782[edi*1+esi]
-	mov	edi,		eax
-	rol	edi,		5
-	ror	ebx,		1
-	add	edi,		ebp
-	ror	ebx,		1
-	add	esi,		edi
-	; 20_39 67
-	mov	edi,		DWORD PTR 12[esp]
-	mov	ebp,		DWORD PTR 20[esp]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 44[esp]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR [esp]
-	xor	edi,		ebp
-	mov	ebp,		eax
-	rol	edi,		1
-	xor	ebp,		ebx
-	mov	DWORD PTR 12[esp],edi
-	xor	ebp,		ecx
-	lea	edi,		DWORD PTR 3395469782[edx*1+edi]
-	mov	edx,		esi
-	rol	edx,		5
-	ror	eax,		1
-	add	edx,		ebp
-	ror	eax,		1
-	add	edi,		edx
-	; 20_39 68
-	mov	edx,		DWORD PTR 16[esp]
-	mov	ebp,		DWORD PTR 24[esp]
-	xor	edx,		ebp
-	mov	ebp,		DWORD PTR 48[esp]
-	xor	edx,		ebp
-	mov	ebp,		DWORD PTR 4[esp]
-	xor	edx,		ebp
-	mov	ebp,		esi
-	rol	edx,		1
-	xor	ebp,		eax
-	mov	DWORD PTR 16[esp],edx
-	xor	ebp,		ebx
-	lea	edx,		DWORD PTR 3395469782[ecx*1+edx]
-	mov	ecx,		edi
-	rol	ecx,		5
-	ror	esi,		1
-	add	ecx,		ebp
-	ror	esi,		1
-	add	edx,		ecx
-	; 20_39 69
-	mov	ecx,		DWORD PTR 20[esp]
-	mov	ebp,		DWORD PTR 28[esp]
-	xor	ecx,		ebp
-	mov	ebp,		DWORD PTR 52[esp]
-	xor	ecx,		ebp
-	mov	ebp,		DWORD PTR 8[esp]
-	xor	ecx,		ebp
-	mov	ebp,		edi
-	rol	ecx,		1
-	xor	ebp,		esi
-	mov	DWORD PTR 20[esp],ecx
-	xor	ebp,		eax
-	lea	ecx,		DWORD PTR 3395469782[ebx*1+ecx]
-	mov	ebx,		edx
-	rol	ebx,		5
-	ror	edi,		1
-	add	ebx,		ebp
-	ror	edi,		1
-	add	ecx,		ebx
-	; 20_39 70
-	mov	ebx,		DWORD PTR 24[esp]
-	mov	ebp,		DWORD PTR 32[esp]
-	xor	ebx,		ebp
-	mov	ebp,		DWORD PTR 56[esp]
-	xor	ebx,		ebp
-	mov	ebp,		DWORD PTR 12[esp]
-	xor	ebx,		ebp
-	mov	ebp,		edx
-	rol	ebx,		1
-	xor	ebp,		edi
-	mov	DWORD PTR 24[esp],ebx
-	xor	ebp,		esi
-	lea	ebx,		DWORD PTR 3395469782[eax*1+ebx]
-	mov	eax,		ecx
-	rol	eax,		5
-	ror	edx,		1
-	add	eax,		ebp
-	ror	edx,		1
-	add	ebx,		eax
-	; 20_39 71
-	mov	eax,		DWORD PTR 28[esp]
-	mov	ebp,		DWORD PTR 36[esp]
-	xor	eax,		ebp
-	mov	ebp,		DWORD PTR 60[esp]
-	xor	eax,		ebp
-	mov	ebp,		DWORD PTR 16[esp]
-	xor	eax,		ebp
-	mov	ebp,		ecx
-	rol	eax,		1
-	xor	ebp,		edx
-	mov	DWORD PTR 28[esp],eax
-	xor	ebp,		edi
-	lea	eax,		DWORD PTR 3395469782[esi*1+eax]
-	mov	esi,		ebx
-	rol	esi,		5
-	ror	ecx,		1
-	add	esi,		ebp
-	ror	ecx,		1
-	add	eax,		esi
-	; 20_39 72
-	mov	esi,		DWORD PTR 32[esp]
-	mov	ebp,		DWORD PTR 40[esp]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR [esp]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 20[esp]
-	xor	esi,		ebp
-	mov	ebp,		ebx
-	rol	esi,		1
-	xor	ebp,		ecx
-	mov	DWORD PTR 32[esp],esi
-	xor	ebp,		edx
-	lea	esi,		DWORD PTR 3395469782[edi*1+esi]
-	mov	edi,		eax
-	rol	edi,		5
-	ror	ebx,		1
-	add	edi,		ebp
-	ror	ebx,		1
-	add	esi,		edi
-	; 20_39 73
-	mov	edi,		DWORD PTR 36[esp]
-	mov	ebp,		DWORD PTR 44[esp]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 4[esp]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	xor	edi,		ebp
-	mov	ebp,		eax
-	rol	edi,		1
-	xor	ebp,		ebx
-	mov	DWORD PTR 36[esp],edi
-	xor	ebp,		ecx
-	lea	edi,		DWORD PTR 3395469782[edx*1+edi]
-	mov	edx,		esi
-	rol	edx,		5
-	ror	eax,		1
-	add	edx,		ebp
-	ror	eax,		1
-	add	edi,		edx
-	; 20_39 74
-	mov	edx,		DWORD PTR 40[esp]
-	mov	ebp,		DWORD PTR 48[esp]
-	xor	edx,		ebp
-	mov	ebp,		DWORD PTR 8[esp]
-	xor	edx,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	xor	edx,		ebp
-	mov	ebp,		esi
-	rol	edx,		1
-	xor	ebp,		eax
-	mov	DWORD PTR 40[esp],edx
-	xor	ebp,		ebx
-	lea	edx,		DWORD PTR 3395469782[ecx*1+edx]
-	mov	ecx,		edi
-	rol	ecx,		5
-	ror	esi,		1
-	add	ecx,		ebp
-	ror	esi,		1
-	add	edx,		ecx
-	; 20_39 75
-	mov	ecx,		DWORD PTR 44[esp]
-	mov	ebp,		DWORD PTR 52[esp]
-	xor	ecx,		ebp
-	mov	ebp,		DWORD PTR 12[esp]
-	xor	ecx,		ebp
-	mov	ebp,		DWORD PTR 32[esp]
-	xor	ecx,		ebp
-	mov	ebp,		edi
-	rol	ecx,		1
-	xor	ebp,		esi
-	mov	DWORD PTR 44[esp],ecx
-	xor	ebp,		eax
-	lea	ecx,		DWORD PTR 3395469782[ebx*1+ecx]
-	mov	ebx,		edx
-	rol	ebx,		5
-	ror	edi,		1
-	add	ebx,		ebp
-	ror	edi,		1
-	add	ecx,		ebx
-	; 20_39 76
-	mov	ebx,		DWORD PTR 48[esp]
-	mov	ebp,		DWORD PTR 56[esp]
-	xor	ebx,		ebp
-	mov	ebp,		DWORD PTR 16[esp]
-	xor	ebx,		ebp
-	mov	ebp,		DWORD PTR 36[esp]
-	xor	ebx,		ebp
-	mov	ebp,		edx
-	rol	ebx,		1
-	xor	ebp,		edi
-	mov	DWORD PTR 48[esp],ebx
-	xor	ebp,		esi
-	lea	ebx,		DWORD PTR 3395469782[eax*1+ebx]
-	mov	eax,		ecx
-	rol	eax,		5
-	ror	edx,		1
-	add	eax,		ebp
-	ror	edx,		1
-	add	ebx,		eax
-	; 20_39 77
-	mov	eax,		DWORD PTR 52[esp]
-	mov	ebp,		DWORD PTR 60[esp]
-	xor	eax,		ebp
-	mov	ebp,		DWORD PTR 20[esp]
-	xor	eax,		ebp
-	mov	ebp,		DWORD PTR 40[esp]
-	xor	eax,		ebp
-	mov	ebp,		ecx
-	rol	eax,		1
-	xor	ebp,		edx
-	mov	DWORD PTR 52[esp],eax
-	xor	ebp,		edi
-	lea	eax,		DWORD PTR 3395469782[esi*1+eax]
-	mov	esi,		ebx
-	rol	esi,		5
-	ror	ecx,		1
-	add	esi,		ebp
-	ror	ecx,		1
-	add	eax,		esi
-	; 20_39 78
-	mov	esi,		DWORD PTR 56[esp]
-	mov	ebp,		DWORD PTR [esp]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 24[esp]
-	xor	esi,		ebp
-	mov	ebp,		DWORD PTR 44[esp]
-	xor	esi,		ebp
-	mov	ebp,		ebx
-	rol	esi,		1
-	xor	ebp,		ecx
-	mov	DWORD PTR 56[esp],esi
-	xor	ebp,		edx
-	lea	esi,		DWORD PTR 3395469782[edi*1+esi]
-	mov	edi,		eax
-	rol	edi,		5
-	ror	ebx,		1
-	add	edi,		ebp
-	ror	ebx,		1
-	add	esi,		edi
-	; 20_39 79
-	mov	edi,		DWORD PTR 60[esp]
-	mov	ebp,		DWORD PTR 4[esp]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 28[esp]
-	xor	edi,		ebp
-	mov	ebp,		DWORD PTR 48[esp]
-	xor	edi,		ebp
-	mov	ebp,		eax
-	rol	edi,		1
-	xor	ebp,		ebx
-	mov	DWORD PTR 60[esp],edi
-	xor	ebp,		ecx
-	lea	edi,		DWORD PTR 3395469782[edx*1+edi]
-	mov	edx,		esi
-	rol	edx,		5
-	add	edx,		ebp
-	mov	ebp,		DWORD PTR 92[esp]
-	ror	eax,		1
-	add	edi,		edx
-	ror	eax,		1
-	; End processing
-	; 
-	mov	edx,		DWORD PTR 12[ebp]
-	add	edx,		ebx
-	mov	ebx,		DWORD PTR 4[ebp]
-	add	ebx,		esi
-	mov	esi,		eax
-	mov	eax,		DWORD PTR [ebp]
-	mov	DWORD PTR 12[ebp],edx
-	add	eax,		edi
-	mov	edi,		DWORD PTR 16[ebp]
-	add	edi,		ecx
-	mov	ecx,		DWORD PTR 8[ebp]
-	add	ecx,		esi
-	mov	DWORD PTR [ebp],eax
-	mov	esi,		DWORD PTR 64[esp]
-	mov	DWORD PTR 8[ebp],ecx
-	add	esi,		64
-	mov	eax,		DWORD PTR 68[esp]
-	mov	DWORD PTR 16[ebp],edi
-	cmp	eax,		esi
-	mov	DWORD PTR 4[ebp],ebx
-	jl	$L001end
-	mov	eax,		DWORD PTR [esi]
-	jmp	L000start
-$L001end:
-	add	esp,		72
-	pop	edi
-	pop	ebx
-	pop	ebp
-	pop	esi
-	ret
-_sha1_block_x86 ENDP
-_TEXT	ENDS
-END
diff --git a/crypto/sha/asm/sha1-586.pl b/crypto/sha/asm/sha1-586.pl
index 38bb27532d..fe51fd0794 100644
--- a/crypto/sha/asm/sha1-586.pl
+++ b/crypto/sha/asm/sha1-586.pl
@@ -5,11 +5,11 @@ $normal=0;
 push(@INC,"perlasm","../../perlasm");
 require "x86asm.pl";
 
-&asm_init($ARGV[0],"sha1-586.pl");
+&asm_init($ARGV[0],"sha1-586.pl",$ARGV[$#ARGV] eq "386");
 
 $A="eax";
-$B="ebx";
-$C="ecx";
+$B="ecx";
+$C="ebx";
 $D="edx";
 $E="edi";
 $T="esi";
@@ -19,7 +19,7 @@ $off=9*4;
 
 @K=(0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6);
 
-&sha1_block("sha1_block_x86");
+&sha1_block_data("sha1_block_asm_data_order");
 
 &asm_finish();
 
@@ -53,11 +53,14 @@ sub X_expand
 	local($in)=@_;
 
 	&comment("First, load the words onto the stack in network byte order");
-	for ($i=0; $i<16; $i++)
+	for ($i=0; $i<16; $i+=2)
 		{
-		&mov("eax",&DWP(($i+0)*4,$in,"",0)) unless $i == 0;
-		&bswap("eax");
-		&mov(&swtmp($i+0),"eax");
+		&mov($A,&DWP(($i+0)*4,$in,"",0));# unless $i == 0;
+		 &mov($B,&DWP(($i+1)*4,$in,"",0));
+		&bswap($A);
+		 &bswap($B);
+		&mov(&swtmp($i+0),$A);
+		 &mov(&swtmp($i+1),$B);
 		}
 
 	&comment("We now have the X array on the stack");
@@ -312,9 +315,9 @@ sub BODY_60_79
 	&BODY_20_39(@_);
 	}
 
-sub sha1_block
+sub sha1_block_host
 	{
-	local($name)=@_;
+	local($name, $sclabel)=@_;
 
 	&function_begin_B($name,"");
 
@@ -325,35 +328,77 @@ sub sha1_block
 	# D 	12
 	# E 	16
 
-	&push("esi");
-	 &push("ebp");
-	&mov("eax",	&wparam(2));
+	&mov("ecx",	&wparam(2));
+	 &push("esi");
+	&shl("ecx",6);
 	 &mov("esi",	&wparam(1));
-	&add("eax",	"esi");	# offset to leave on
+	&push("ebp");
+	 &add("ecx","esi");	# offset to leave on
+	&push("ebx");
 	 &mov("ebp",	&wparam(0));
+	&push("edi");
+	 &mov($D,	&DWP(12,"ebp","",0));
+	&stack_push(18+9);
+	 &mov($E,	&DWP(16,"ebp","",0));
+	&mov($C,	&DWP( 8,"ebp","",0));
+	 &mov(&swtmp(17),"ecx");
+
+	&comment("First we need to setup the X array");
+
+	for ($i=0; $i<16; $i+=2)
+		{
+		&mov($A,&DWP(($i+0)*4,"esi","",0));# unless $i == 0;
+		 &mov($B,&DWP(($i+1)*4,"esi","",0));
+		&mov(&swtmp($i+0),$A);
+		 &mov(&swtmp($i+1),$B);
+		}
+	&jmp($sclabel);
+	&function_end_B($name);
+	}
+
+
+sub sha1_block_data
+	{
+	local($name)=@_;
+
+	&function_begin_B($name,"");
+
+	# parameter 1 is the MD5_CTX structure.
+	# A	0
+	# B	4
+	# C	8
+	# D 	12
+	# E 	16
+
+	&mov("ecx",	&wparam(2));
+	 &push("esi");
+	&shl("ecx",6);
+	 &mov("esi",	&wparam(1));
+	&push("ebp");
+	 &add("ecx","esi");	# offset to leave on
 	&push("ebx");
-	 &sub("eax",	64);
+	 &mov("ebp",	&wparam(0));
 	&push("edi");
-	 &mov($B,	&DWP( 4,"ebp","",0));
-	&stack_push(18);
 	 &mov($D,	&DWP(12,"ebp","",0));
-	&mov($E,	&DWP(16,"ebp","",0));
-	 &mov($C,	&DWP( 8,"ebp","",0));
-	&mov(&swtmp(17),"eax");
+	&stack_push(18+9);
+	 &mov($E,	&DWP(16,"ebp","",0));
+	&mov($C,	&DWP( 8,"ebp","",0));
+	 &mov(&swtmp(17),"ecx");
 
 	&comment("First we need to setup the X array");
-	 &mov("eax",&DWP(0,"esi","",0)); # pulled out of X_expand
 
 	&set_label("start") unless $normal;
 
 	&X_expand("esi");
-	 &mov(&swtmp(16),"esi");
+	 &mov(&wparam(1),"esi");
 
+	&set_label("shortcut", 0, 1);
 	&comment("");
 	&comment("Start processing");
 
 	# odd start
 	&mov($A,	&DWP( 0,"ebp","",0));
+	 &mov($B,	&DWP( 4,"ebp","",0));
 	$X="esp";
 	&BODY_00_15(-2,$K[0],$X, 0,$A,$B,$C,$D,$E,$T);
 	&BODY_00_15( 0,$K[0],$X, 1,$T,$A,$B,$C,$D,$E);
@@ -468,24 +513,28 @@ sub sha1_block
 	&add($C,$T);
 
 	 &mov(&DWP( 0,$tmp1,"",0),$A);
-	&mov("esi",&swtmp(16));
-	 &mov(&DWP( 8,$tmp1,"",0),$C);	# This is for looping
+	&mov("esi",&wparam(1));
+	 &mov(&DWP( 8,$tmp1,"",0),$C);
  	&add("esi",64);
 	 &mov("eax",&swtmp(17));
 	&mov(&DWP(16,$tmp1,"",0),$E);
-	 &cmp("eax","esi");
-	&mov(&DWP( 4,$tmp1,"",0),$B);	# This is for looping
-	 &jl(&label("end"));
-	&mov("eax",&DWP(0,"esi","",0));	# Pulled down from 
-	 &jmp(&label("start"));
-
-	&set_label("end");
-	&stack_pop(18);
+	 &cmp("esi","eax");
+	&mov(&DWP( 4,$tmp1,"",0),$B);
+	 &jl(&label("start"));
+
+	&stack_pop(18+9);
 	 &pop("edi");
 	&pop("ebx");
 	 &pop("ebp");
 	&pop("esi");
 	 &ret();
+
+	# keep a note of shortcut label so it can be used outside
+	# block.
+	my $sclabel = &label("shortcut");
+
 	&function_end_B($name);
+	# Putting this here avoids problems with MASM in debugging mode
+	&sha1_block_host("sha1_block_asm_host_order", $sclabel);
 	}
 
diff --git a/crypto/sha/asm/sx86unix.cpp b/crypto/sha/asm/sx86unix.cpp
deleted file mode 100644
index 8366664a39..0000000000
--- a/crypto/sha/asm/sx86unix.cpp
+++ /dev/null
@@ -1,1948 +0,0 @@
-/* Run the C pre-processor over this file with one of the following defined
- * ELF - elf object files,
- * OUT - a.out object files,
- * BSDI - BSDI style a.out object files
- * SOL - Solaris style elf
- */
-
-#define TYPE(a,b)       .type   a,b
-#define SIZE(a,b)       .size   a,b
-
-#if defined(OUT) || defined(BSDI)
-#define sha1_block_x86 _sha1_block_x86
-
-#endif
-
-#ifdef OUT
-#define OK	1
-#define ALIGN	4
-#endif
-
-#ifdef BSDI
-#define OK              1
-#define ALIGN           4
-#undef SIZE
-#undef TYPE
-#define SIZE(a,b)
-#define TYPE(a,b)
-#endif
-
-#if defined(ELF) || defined(SOL)
-#define OK              1
-#define ALIGN           16
-#endif
-
-#ifndef OK
-You need to define one of
-ELF - elf systems - linux-elf, NetBSD and DG-UX
-OUT - a.out systems - linux-a.out and FreeBSD
-SOL - solaris systems, which are elf with strange comment lines
-BSDI - a.out with a very primative version of as.
-#endif
-
-/* Let the Assembler begin :-) */
-	/* Don't even think of reading this code */
-	/* It was automatically generated by sha1-586.pl */
-	/* Which is a perl program used to generate the x86 assember for */
-	/* any of elf, a.out, BSDI,Win32, or Solaris */
-	/* eric <eay@cryptsoft.com> */
-
-	.file	"sha1-586.s"
-	.version	"01.01"
-gcc2_compiled.:
-.text
-	.align ALIGN
-.globl sha1_block_x86
-	TYPE(sha1_block_x86,@function)
-sha1_block_x86:
-	pushl	%esi
-	pushl	%ebp
-	movl	20(%esp),	%eax
-	movl	16(%esp),	%esi
-	addl	%esi,		%eax
-	movl	12(%esp),	%ebp
-	pushl	%ebx
-	subl	$64,		%eax
-	pushl	%edi
-	movl	4(%ebp),	%ebx
-	subl	$72,		%esp
-	movl	12(%ebp),	%edx
-	movl	16(%ebp),	%edi
-	movl	8(%ebp),	%ecx
-	movl	%eax,		68(%esp)
-	/* First we need to setup the X array */
-	movl	(%esi),		%eax
-.L000start:
-	/* First, load the words onto the stack in network byte order */
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		(%esp)
-	movl	4(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		4(%esp)
-	movl	8(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		8(%esp)
-	movl	12(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		12(%esp)
-	movl	16(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		16(%esp)
-	movl	20(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		20(%esp)
-	movl	24(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		24(%esp)
-	movl	28(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		28(%esp)
-	movl	32(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		32(%esp)
-	movl	36(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		36(%esp)
-	movl	40(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		40(%esp)
-	movl	44(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		44(%esp)
-	movl	48(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		48(%esp)
-	movl	52(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		52(%esp)
-	movl	56(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		56(%esp)
-	movl	60(%esi),	%eax
-.byte 15
-.byte 200		/* bswapl  %eax */
-	movl	%eax,		60(%esp)
-	/* We now have the X array on the stack */
-	/* starting at sp-4 */
-	movl	%esi,		64(%esp)
-
-	/* Start processing */
-	movl	(%ebp),		%eax
-	/* 00_15 0 */
-	movl	%ecx,		%esi
-	movl	%eax,		%ebp
-	xorl	%edx,		%esi
-	roll	$5,		%ebp
-	andl	%ebx,		%esi
-	addl	%edi,		%ebp
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	movl	(%esp),		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	xorl	%edx,		%esi
-	leal	1518500249(%ebp,%edi,1),%ebp
-	movl	%ebx,		%edi
-	addl	%ebp,		%esi
-	xorl	%ecx,		%edi
-	movl	%esi,		%ebp
-	andl	%eax,		%edi
-	roll	$5,		%ebp
-	addl	%edx,		%ebp
-	movl	4(%esp),	%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	xorl	%ecx,		%edi
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	leal	1518500249(%ebp,%edx,1),%ebp
-	addl	%ebp,		%edi
-	/* 00_15 2 */
-	movl	%eax,		%edx
-	movl	%edi,		%ebp
-	xorl	%ebx,		%edx
-	roll	$5,		%ebp
-	andl	%esi,		%edx
-	addl	%ecx,		%ebp
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	movl	8(%esp),	%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	xorl	%ebx,		%edx
-	leal	1518500249(%ebp,%ecx,1),%ebp
-	movl	%esi,		%ecx
-	addl	%ebp,		%edx
-	xorl	%eax,		%ecx
-	movl	%edx,		%ebp
-	andl	%edi,		%ecx
-	roll	$5,		%ebp
-	addl	%ebx,		%ebp
-	movl	12(%esp),	%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	xorl	%eax,		%ecx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	leal	1518500249(%ebp,%ebx,1),%ebp
-	addl	%ebp,		%ecx
-	/* 00_15 4 */
-	movl	%edi,		%ebx
-	movl	%ecx,		%ebp
-	xorl	%esi,		%ebx
-	roll	$5,		%ebp
-	andl	%edx,		%ebx
-	addl	%eax,		%ebp
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	movl	16(%esp),	%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	xorl	%esi,		%ebx
-	leal	1518500249(%ebp,%eax,1),%ebp
-	movl	%edx,		%eax
-	addl	%ebp,		%ebx
-	xorl	%edi,		%eax
-	movl	%ebx,		%ebp
-	andl	%ecx,		%eax
-	roll	$5,		%ebp
-	addl	%esi,		%ebp
-	movl	20(%esp),	%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	xorl	%edi,		%eax
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	leal	1518500249(%ebp,%esi,1),%ebp
-	addl	%ebp,		%eax
-	/* 00_15 6 */
-	movl	%ecx,		%esi
-	movl	%eax,		%ebp
-	xorl	%edx,		%esi
-	roll	$5,		%ebp
-	andl	%ebx,		%esi
-	addl	%edi,		%ebp
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	movl	24(%esp),	%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	xorl	%edx,		%esi
-	leal	1518500249(%ebp,%edi,1),%ebp
-	movl	%ebx,		%edi
-	addl	%ebp,		%esi
-	xorl	%ecx,		%edi
-	movl	%esi,		%ebp
-	andl	%eax,		%edi
-	roll	$5,		%ebp
-	addl	%edx,		%ebp
-	movl	28(%esp),	%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	xorl	%ecx,		%edi
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	leal	1518500249(%ebp,%edx,1),%ebp
-	addl	%ebp,		%edi
-	/* 00_15 8 */
-	movl	%eax,		%edx
-	movl	%edi,		%ebp
-	xorl	%ebx,		%edx
-	roll	$5,		%ebp
-	andl	%esi,		%edx
-	addl	%ecx,		%ebp
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	movl	32(%esp),	%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	xorl	%ebx,		%edx
-	leal	1518500249(%ebp,%ecx,1),%ebp
-	movl	%esi,		%ecx
-	addl	%ebp,		%edx
-	xorl	%eax,		%ecx
-	movl	%edx,		%ebp
-	andl	%edi,		%ecx
-	roll	$5,		%ebp
-	addl	%ebx,		%ebp
-	movl	36(%esp),	%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	xorl	%eax,		%ecx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	leal	1518500249(%ebp,%ebx,1),%ebp
-	addl	%ebp,		%ecx
-	/* 00_15 10 */
-	movl	%edi,		%ebx
-	movl	%ecx,		%ebp
-	xorl	%esi,		%ebx
-	roll	$5,		%ebp
-	andl	%edx,		%ebx
-	addl	%eax,		%ebp
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	movl	40(%esp),	%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	xorl	%esi,		%ebx
-	leal	1518500249(%ebp,%eax,1),%ebp
-	movl	%edx,		%eax
-	addl	%ebp,		%ebx
-	xorl	%edi,		%eax
-	movl	%ebx,		%ebp
-	andl	%ecx,		%eax
-	roll	$5,		%ebp
-	addl	%esi,		%ebp
-	movl	44(%esp),	%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	xorl	%edi,		%eax
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	leal	1518500249(%ebp,%esi,1),%ebp
-	addl	%ebp,		%eax
-	/* 00_15 12 */
-	movl	%ecx,		%esi
-	movl	%eax,		%ebp
-	xorl	%edx,		%esi
-	roll	$5,		%ebp
-	andl	%ebx,		%esi
-	addl	%edi,		%ebp
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	movl	48(%esp),	%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	xorl	%edx,		%esi
-	leal	1518500249(%ebp,%edi,1),%ebp
-	movl	%ebx,		%edi
-	addl	%ebp,		%esi
-	xorl	%ecx,		%edi
-	movl	%esi,		%ebp
-	andl	%eax,		%edi
-	roll	$5,		%ebp
-	addl	%edx,		%ebp
-	movl	52(%esp),	%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	xorl	%ecx,		%edi
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	leal	1518500249(%ebp,%edx,1),%ebp
-	addl	%ebp,		%edi
-	/* 00_15 14 */
-	movl	%eax,		%edx
-	movl	%edi,		%ebp
-	xorl	%ebx,		%edx
-	roll	$5,		%ebp
-	andl	%esi,		%edx
-	addl	%ecx,		%ebp
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	movl	56(%esp),	%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	xorl	%ebx,		%edx
-	leal	1518500249(%ebp,%ecx,1),%ebp
-	movl	%esi,		%ecx
-	addl	%ebp,		%edx
-	xorl	%eax,		%ecx
-	movl	%edx,		%ebp
-	andl	%edi,		%ecx
-	roll	$5,		%ebp
-	addl	%ebx,		%ebp
-	movl	60(%esp),	%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	xorl	%eax,		%ecx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	leal	1518500249(%ebp,%ebx,1),%ebp
-	addl	%ebp,		%ecx
-	/* 16_19 16 */
-	nop
-	movl	(%esp),		%ebp
-	movl	8(%esp),	%ebx
-	xorl	%ebp,		%ebx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edi,		%ebp
-.byte 209
-.byte 195		/* roll $1 %ebx */
-	xorl	%esi,		%ebp
-	movl	%ebx,		(%esp)
-	andl	%edx,		%ebp
-	leal	1518500249(%ebx,%eax,1),%ebx
-	xorl	%esi,		%ebp
-	movl	%ecx,		%eax
-	addl	%ebp,		%ebx
-	roll	$5,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%eax,		%ebx
-	movl	4(%esp),	%eax
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	56(%esp),	%ebp
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	xorl	%ebp,		%eax
-.byte 209
-.byte 192		/* roll $1 %eax */
-	movl	%edx,		%ebp
-	xorl	%edi,		%ebp
-	movl	%eax,		4(%esp)
-	andl	%ecx,		%ebp
-	leal	1518500249(%eax,%esi,1),%eax
-	xorl	%edi,		%ebp
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%esi,		%eax
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%ebp,		%eax
-	/* 16_19 18 */
-	movl	8(%esp),	%ebp
-	movl	16(%esp),	%esi
-	xorl	%ebp,		%esi
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ecx,		%ebp
-.byte 209
-.byte 198		/* roll $1 %esi */
-	xorl	%edx,		%ebp
-	movl	%esi,		8(%esp)
-	andl	%ebx,		%ebp
-	leal	1518500249(%esi,%edi,1),%esi
-	xorl	%edx,		%ebp
-	movl	%eax,		%edi
-	addl	%ebp,		%esi
-	roll	$5,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%edi,		%esi
-	movl	12(%esp),	%edi
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	(%esp),		%ebp
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	xorl	%ebp,		%edi
-.byte 209
-.byte 199		/* roll $1 %edi */
-	movl	%ebx,		%ebp
-	xorl	%ecx,		%ebp
-	movl	%edi,		12(%esp)
-	andl	%eax,		%ebp
-	leal	1518500249(%edi,%edx,1),%edi
-	xorl	%ecx,		%ebp
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%edx,		%edi
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%ebp,		%edi
-	/* 20_39 20 */
-	movl	16(%esp),	%edx
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		/* roll $1 %edx */
-	xorl	%eax,		%ebp
-	movl	%edx,		16(%esp)
-	xorl	%ebx,		%ebp
-	leal	1859775393(%edx,%ecx,1),%edx
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ebp,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ecx,		%edx
-	/* 20_39 21 */
-	movl	20(%esp),	%ecx
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	%edi,		%ebp
-.byte 209
-.byte 193		/* roll $1 %ecx */
-	xorl	%esi,		%ebp
-	movl	%ecx,		20(%esp)
-	xorl	%eax,		%ebp
-	leal	1859775393(%ecx,%ebx,1),%ecx
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebp,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebx,		%ecx
-	/* 20_39 22 */
-	movl	24(%esp),	%ebx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		/* roll $1 %ebx */
-	xorl	%edi,		%ebp
-	movl	%ebx,		24(%esp)
-	xorl	%esi,		%ebp
-	leal	1859775393(%ebx,%eax,1),%ebx
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%ebp,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%eax,		%ebx
-	/* 20_39 23 */
-	movl	28(%esp),	%eax
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	%ecx,		%ebp
-.byte 209
-.byte 192		/* roll $1 %eax */
-	xorl	%edx,		%ebp
-	movl	%eax,		28(%esp)
-	xorl	%edi,		%ebp
-	leal	1859775393(%eax,%esi,1),%eax
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%ebp,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%esi,		%eax
-	/* 20_39 24 */
-	movl	32(%esp),	%esi
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%esi
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		/* roll $1 %esi */
-	xorl	%ecx,		%ebp
-	movl	%esi,		32(%esp)
-	xorl	%edx,		%ebp
-	leal	1859775393(%esi,%edi,1),%esi
-	movl	%eax,		%edi
-	roll	$5,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%ebp,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%edi,		%esi
-	/* 20_39 25 */
-	movl	36(%esp),	%edi
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	%eax,		%ebp
-.byte 209
-.byte 199		/* roll $1 %edi */
-	xorl	%ebx,		%ebp
-	movl	%edi,		36(%esp)
-	xorl	%ecx,		%ebp
-	leal	1859775393(%edi,%edx,1),%edi
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%ebp,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%edx,		%edi
-	/* 20_39 26 */
-	movl	40(%esp),	%edx
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		/* roll $1 %edx */
-	xorl	%eax,		%ebp
-	movl	%edx,		40(%esp)
-	xorl	%ebx,		%ebp
-	leal	1859775393(%edx,%ecx,1),%edx
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ebp,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ecx,		%edx
-	/* 20_39 27 */
-	movl	44(%esp),	%ecx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	%edi,		%ebp
-.byte 209
-.byte 193		/* roll $1 %ecx */
-	xorl	%esi,		%ebp
-	movl	%ecx,		44(%esp)
-	xorl	%eax,		%ebp
-	leal	1859775393(%ecx,%ebx,1),%ecx
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebp,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebx,		%ecx
-	/* 20_39 28 */
-	movl	48(%esp),	%ebx
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		/* roll $1 %ebx */
-	xorl	%edi,		%ebp
-	movl	%ebx,		48(%esp)
-	xorl	%esi,		%ebp
-	leal	1859775393(%ebx,%eax,1),%ebx
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%ebp,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%eax,		%ebx
-	/* 20_39 29 */
-	movl	52(%esp),	%eax
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	%ecx,		%ebp
-.byte 209
-.byte 192		/* roll $1 %eax */
-	xorl	%edx,		%ebp
-	movl	%eax,		52(%esp)
-	xorl	%edi,		%ebp
-	leal	1859775393(%eax,%esi,1),%eax
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%ebp,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%esi,		%eax
-	/* 20_39 30 */
-	movl	56(%esp),	%esi
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		/* roll $1 %esi */
-	xorl	%ecx,		%ebp
-	movl	%esi,		56(%esp)
-	xorl	%edx,		%ebp
-	leal	1859775393(%esi,%edi,1),%esi
-	movl	%eax,		%edi
-	roll	$5,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%ebp,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%edi,		%esi
-	/* 20_39 31 */
-	movl	60(%esp),	%edi
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	%eax,		%ebp
-.byte 209
-.byte 199		/* roll $1 %edi */
-	xorl	%ebx,		%ebp
-	movl	%edi,		60(%esp)
-	xorl	%ecx,		%ebp
-	leal	1859775393(%edi,%edx,1),%edi
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%ebp,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%edx,		%edi
-	/* 20_39 32 */
-	movl	(%esp),		%edx
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		/* roll $1 %edx */
-	xorl	%eax,		%ebp
-	movl	%edx,		(%esp)
-	xorl	%ebx,		%ebp
-	leal	1859775393(%edx,%ecx,1),%edx
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ebp,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ecx,		%edx
-	/* 20_39 33 */
-	movl	4(%esp),	%ecx
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	%edi,		%ebp
-.byte 209
-.byte 193		/* roll $1 %ecx */
-	xorl	%esi,		%ebp
-	movl	%ecx,		4(%esp)
-	xorl	%eax,		%ebp
-	leal	1859775393(%ecx,%ebx,1),%ecx
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebp,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebx,		%ecx
-	/* 20_39 34 */
-	movl	8(%esp),	%ebx
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		/* roll $1 %ebx */
-	xorl	%edi,		%ebp
-	movl	%ebx,		8(%esp)
-	xorl	%esi,		%ebp
-	leal	1859775393(%ebx,%eax,1),%ebx
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%ebp,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%eax,		%ebx
-	/* 20_39 35 */
-	movl	12(%esp),	%eax
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%eax
-	movl	%ecx,		%ebp
-.byte 209
-.byte 192		/* roll $1 %eax */
-	xorl	%edx,		%ebp
-	movl	%eax,		12(%esp)
-	xorl	%edi,		%ebp
-	leal	1859775393(%eax,%esi,1),%eax
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%ebp,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%esi,		%eax
-	/* 20_39 36 */
-	movl	16(%esp),	%esi
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		/* roll $1 %esi */
-	xorl	%ecx,		%ebp
-	movl	%esi,		16(%esp)
-	xorl	%edx,		%ebp
-	leal	1859775393(%esi,%edi,1),%esi
-	movl	%eax,		%edi
-	roll	$5,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%ebp,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%edi,		%esi
-	/* 20_39 37 */
-	movl	20(%esp),	%edi
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	%eax,		%ebp
-.byte 209
-.byte 199		/* roll $1 %edi */
-	xorl	%ebx,		%ebp
-	movl	%edi,		20(%esp)
-	xorl	%ecx,		%ebp
-	leal	1859775393(%edi,%edx,1),%edi
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%ebp,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%edx,		%edi
-	/* 20_39 38 */
-	movl	24(%esp),	%edx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		/* roll $1 %edx */
-	xorl	%eax,		%ebp
-	movl	%edx,		24(%esp)
-	xorl	%ebx,		%ebp
-	leal	1859775393(%edx,%ecx,1),%edx
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ebp,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ecx,		%edx
-	/* 20_39 39 */
-	movl	28(%esp),	%ecx
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	%edi,		%ebp
-.byte 209
-.byte 193		/* roll $1 %ecx */
-	xorl	%esi,		%ebp
-	movl	%ecx,		28(%esp)
-	xorl	%eax,		%ebp
-	leal	1859775393(%ecx,%ebx,1),%ecx
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebp,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebx,		%ecx
-	/* 40_59 40 */
-	movl	32(%esp),	%ebx
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%ebx
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		/* roll $1 %ebx */
-	orl	%edi,		%ebp
-	movl	%ebx,		32(%esp)
-	andl	%esi,		%ebp
-	leal	2400959708(%ebx,%eax,1),%ebx
-	movl	%edx,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	andl	%edi,		%eax
-	orl	%eax,		%ebp
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-	addl	%eax,		%ebp
-	movl	36(%esp),	%eax
-	addl	%ebp,		%ebx
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	24(%esp),	%ebp
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	xorl	%ebp,		%eax
-.byte 209
-.byte 192		/* roll $1 %eax */
-	movl	%ecx,		%ebp
-	movl	%eax,		36(%esp)
-	orl	%edx,		%ebp
-	leal	2400959708(%eax,%esi,1),%eax
-	movl	%ecx,		%esi
-	andl	%edi,		%ebp
-	andl	%edx,		%esi
-	orl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%esi,		%ebp
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%ebp,		%eax
-	/* 40_59 41 */
-	/* 40_59 42 */
-	movl	40(%esp),	%esi
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		/* roll $1 %esi */
-	orl	%ecx,		%ebp
-	movl	%esi,		40(%esp)
-	andl	%edx,		%ebp
-	leal	2400959708(%esi,%edi,1),%esi
-	movl	%ebx,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	andl	%ecx,		%edi
-	orl	%edi,		%ebp
-	movl	%eax,		%edi
-	roll	$5,		%edi
-	addl	%edi,		%ebp
-	movl	44(%esp),	%edi
-	addl	%ebp,		%esi
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	32(%esp),	%ebp
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	xorl	%ebp,		%edi
-.byte 209
-.byte 199		/* roll $1 %edi */
-	movl	%eax,		%ebp
-	movl	%edi,		44(%esp)
-	orl	%ebx,		%ebp
-	leal	2400959708(%edi,%edx,1),%edi
-	movl	%eax,		%edx
-	andl	%ecx,		%ebp
-	andl	%ebx,		%edx
-	orl	%edx,		%ebp
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%edx,		%ebp
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%ebp,		%edi
-	/* 40_59 43 */
-	/* 40_59 44 */
-	movl	48(%esp),	%edx
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		/* roll $1 %edx */
-	orl	%eax,		%ebp
-	movl	%edx,		48(%esp)
-	andl	%ebx,		%ebp
-	leal	2400959708(%edx,%ecx,1),%edx
-	movl	%esi,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	andl	%eax,		%ecx
-	orl	%ecx,		%ebp
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-	addl	%ecx,		%ebp
-	movl	52(%esp),	%ecx
-	addl	%ebp,		%edx
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	40(%esp),	%ebp
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	xorl	%ebp,		%ecx
-.byte 209
-.byte 193		/* roll $1 %ecx */
-	movl	%edi,		%ebp
-	movl	%ecx,		52(%esp)
-	orl	%esi,		%ebp
-	leal	2400959708(%ecx,%ebx,1),%ecx
-	movl	%edi,		%ebx
-	andl	%eax,		%ebp
-	andl	%esi,		%ebx
-	orl	%ebx,		%ebp
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebx,		%ebp
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebp,		%ecx
-	/* 40_59 45 */
-	/* 40_59 46 */
-	movl	56(%esp),	%ebx
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%ebx
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		/* roll $1 %ebx */
-	orl	%edi,		%ebp
-	movl	%ebx,		56(%esp)
-	andl	%esi,		%ebp
-	leal	2400959708(%ebx,%eax,1),%ebx
-	movl	%edx,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	andl	%edi,		%eax
-	orl	%eax,		%ebp
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-	addl	%eax,		%ebp
-	movl	60(%esp),	%eax
-	addl	%ebp,		%ebx
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	48(%esp),	%ebp
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	xorl	%ebp,		%eax
-.byte 209
-.byte 192		/* roll $1 %eax */
-	movl	%ecx,		%ebp
-	movl	%eax,		60(%esp)
-	orl	%edx,		%ebp
-	leal	2400959708(%eax,%esi,1),%eax
-	movl	%ecx,		%esi
-	andl	%edi,		%ebp
-	andl	%edx,		%esi
-	orl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%esi,		%ebp
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%ebp,		%eax
-	/* 40_59 47 */
-	/* 40_59 48 */
-	movl	(%esp),		%esi
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		/* roll $1 %esi */
-	orl	%ecx,		%ebp
-	movl	%esi,		(%esp)
-	andl	%edx,		%ebp
-	leal	2400959708(%esi,%edi,1),%esi
-	movl	%ebx,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	andl	%ecx,		%edi
-	orl	%edi,		%ebp
-	movl	%eax,		%edi
-	roll	$5,		%edi
-	addl	%edi,		%ebp
-	movl	4(%esp),	%edi
-	addl	%ebp,		%esi
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	56(%esp),	%ebp
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	xorl	%ebp,		%edi
-.byte 209
-.byte 199		/* roll $1 %edi */
-	movl	%eax,		%ebp
-	movl	%edi,		4(%esp)
-	orl	%ebx,		%ebp
-	leal	2400959708(%edi,%edx,1),%edi
-	movl	%eax,		%edx
-	andl	%ecx,		%ebp
-	andl	%ebx,		%edx
-	orl	%edx,		%ebp
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%edx,		%ebp
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%ebp,		%edi
-	/* 40_59 49 */
-	/* 40_59 50 */
-	movl	8(%esp),	%edx
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		/* roll $1 %edx */
-	orl	%eax,		%ebp
-	movl	%edx,		8(%esp)
-	andl	%ebx,		%ebp
-	leal	2400959708(%edx,%ecx,1),%edx
-	movl	%esi,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	andl	%eax,		%ecx
-	orl	%ecx,		%ebp
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-	addl	%ecx,		%ebp
-	movl	12(%esp),	%ecx
-	addl	%ebp,		%edx
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	(%esp),		%ebp
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	xorl	%ebp,		%ecx
-.byte 209
-.byte 193		/* roll $1 %ecx */
-	movl	%edi,		%ebp
-	movl	%ecx,		12(%esp)
-	orl	%esi,		%ebp
-	leal	2400959708(%ecx,%ebx,1),%ecx
-	movl	%edi,		%ebx
-	andl	%eax,		%ebp
-	andl	%esi,		%ebx
-	orl	%ebx,		%ebp
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebx,		%ebp
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebp,		%ecx
-	/* 40_59 51 */
-	/* 40_59 52 */
-	movl	16(%esp),	%ebx
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		/* roll $1 %ebx */
-	orl	%edi,		%ebp
-	movl	%ebx,		16(%esp)
-	andl	%esi,		%ebp
-	leal	2400959708(%ebx,%eax,1),%ebx
-	movl	%edx,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	andl	%edi,		%eax
-	orl	%eax,		%ebp
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-	addl	%eax,		%ebp
-	movl	20(%esp),	%eax
-	addl	%ebp,		%ebx
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	8(%esp),	%ebp
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	xorl	%ebp,		%eax
-.byte 209
-.byte 192		/* roll $1 %eax */
-	movl	%ecx,		%ebp
-	movl	%eax,		20(%esp)
-	orl	%edx,		%ebp
-	leal	2400959708(%eax,%esi,1),%eax
-	movl	%ecx,		%esi
-	andl	%edi,		%ebp
-	andl	%edx,		%esi
-	orl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%esi,		%ebp
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%ebp,		%eax
-	/* 40_59 53 */
-	/* 40_59 54 */
-	movl	24(%esp),	%esi
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		/* roll $1 %esi */
-	orl	%ecx,		%ebp
-	movl	%esi,		24(%esp)
-	andl	%edx,		%ebp
-	leal	2400959708(%esi,%edi,1),%esi
-	movl	%ebx,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	andl	%ecx,		%edi
-	orl	%edi,		%ebp
-	movl	%eax,		%edi
-	roll	$5,		%edi
-	addl	%edi,		%ebp
-	movl	28(%esp),	%edi
-	addl	%ebp,		%esi
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	16(%esp),	%ebp
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	xorl	%ebp,		%edi
-.byte 209
-.byte 199		/* roll $1 %edi */
-	movl	%eax,		%ebp
-	movl	%edi,		28(%esp)
-	orl	%ebx,		%ebp
-	leal	2400959708(%edi,%edx,1),%edi
-	movl	%eax,		%edx
-	andl	%ecx,		%ebp
-	andl	%ebx,		%edx
-	orl	%edx,		%ebp
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%edx,		%ebp
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%ebp,		%edi
-	/* 40_59 55 */
-	/* 40_59 56 */
-	movl	32(%esp),	%edx
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%edx
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		/* roll $1 %edx */
-	orl	%eax,		%ebp
-	movl	%edx,		32(%esp)
-	andl	%ebx,		%ebp
-	leal	2400959708(%edx,%ecx,1),%edx
-	movl	%esi,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	andl	%eax,		%ecx
-	orl	%ecx,		%ebp
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-	addl	%ecx,		%ebp
-	movl	36(%esp),	%ecx
-	addl	%ebp,		%edx
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	24(%esp),	%ebp
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	xorl	%ebp,		%ecx
-.byte 209
-.byte 193		/* roll $1 %ecx */
-	movl	%edi,		%ebp
-	movl	%ecx,		36(%esp)
-	orl	%esi,		%ebp
-	leal	2400959708(%ecx,%ebx,1),%ecx
-	movl	%edi,		%ebx
-	andl	%eax,		%ebp
-	andl	%esi,		%ebx
-	orl	%ebx,		%ebp
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebx,		%ebp
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebp,		%ecx
-	/* 40_59 57 */
-	/* 40_59 58 */
-	movl	40(%esp),	%ebx
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		/* roll $1 %ebx */
-	orl	%edi,		%ebp
-	movl	%ebx,		40(%esp)
-	andl	%esi,		%ebp
-	leal	2400959708(%ebx,%eax,1),%ebx
-	movl	%edx,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	andl	%edi,		%eax
-	orl	%eax,		%ebp
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-	addl	%eax,		%ebp
-	movl	44(%esp),	%eax
-	addl	%ebp,		%ebx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	32(%esp),	%ebp
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	xorl	%ebp,		%eax
-.byte 209
-.byte 192		/* roll $1 %eax */
-	movl	%ecx,		%ebp
-	movl	%eax,		44(%esp)
-	orl	%edx,		%ebp
-	leal	2400959708(%eax,%esi,1),%eax
-	movl	%ecx,		%esi
-	andl	%edi,		%ebp
-	andl	%edx,		%esi
-	orl	%esi,		%ebp
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%esi,		%ebp
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%ebp,		%eax
-	/* 40_59 59 */
-	/* 20_39 60 */
-	movl	48(%esp),	%esi
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		/* roll $1 %esi */
-	xorl	%ecx,		%ebp
-	movl	%esi,		48(%esp)
-	xorl	%edx,		%ebp
-	leal	3395469782(%esi,%edi,1),%esi
-	movl	%eax,		%edi
-	roll	$5,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%ebp,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%edi,		%esi
-	/* 20_39 61 */
-	movl	52(%esp),	%edi
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	%eax,		%ebp
-.byte 209
-.byte 199		/* roll $1 %edi */
-	xorl	%ebx,		%ebp
-	movl	%edi,		52(%esp)
-	xorl	%ecx,		%ebp
-	leal	3395469782(%edi,%edx,1),%edi
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%ebp,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%edx,		%edi
-	/* 20_39 62 */
-	movl	56(%esp),	%edx
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%edx
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		/* roll $1 %edx */
-	xorl	%eax,		%ebp
-	movl	%edx,		56(%esp)
-	xorl	%ebx,		%ebp
-	leal	3395469782(%edx,%ecx,1),%edx
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ebp,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ecx,		%edx
-	/* 20_39 63 */
-	movl	60(%esp),	%ecx
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	%edi,		%ebp
-.byte 209
-.byte 193		/* roll $1 %ecx */
-	xorl	%esi,		%ebp
-	movl	%ecx,		60(%esp)
-	xorl	%eax,		%ebp
-	leal	3395469782(%ecx,%ebx,1),%ecx
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebp,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebx,		%ecx
-	/* 20_39 64 */
-	movl	(%esp),		%ebx
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		/* roll $1 %ebx */
-	xorl	%edi,		%ebp
-	movl	%ebx,		(%esp)
-	xorl	%esi,		%ebp
-	leal	3395469782(%ebx,%eax,1),%ebx
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%ebp,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%eax,		%ebx
-	/* 20_39 65 */
-	movl	4(%esp),	%eax
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	%ecx,		%ebp
-.byte 209
-.byte 192		/* roll $1 %eax */
-	xorl	%edx,		%ebp
-	movl	%eax,		4(%esp)
-	xorl	%edi,		%ebp
-	leal	3395469782(%eax,%esi,1),%eax
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%ebp,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%esi,		%eax
-	/* 20_39 66 */
-	movl	8(%esp),	%esi
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		/* roll $1 %esi */
-	xorl	%ecx,		%ebp
-	movl	%esi,		8(%esp)
-	xorl	%edx,		%ebp
-	leal	3395469782(%esi,%edi,1),%esi
-	movl	%eax,		%edi
-	roll	$5,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%ebp,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%edi,		%esi
-	/* 20_39 67 */
-	movl	12(%esp),	%edi
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%edi
-	movl	%eax,		%ebp
-.byte 209
-.byte 199		/* roll $1 %edi */
-	xorl	%ebx,		%ebp
-	movl	%edi,		12(%esp)
-	xorl	%ecx,		%ebp
-	leal	3395469782(%edi,%edx,1),%edi
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%ebp,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%edx,		%edi
-	/* 20_39 68 */
-	movl	16(%esp),	%edx
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		/* roll $1 %edx */
-	xorl	%eax,		%ebp
-	movl	%edx,		16(%esp)
-	xorl	%ebx,		%ebp
-	leal	3395469782(%edx,%ecx,1),%edx
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ebp,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ecx,		%edx
-	/* 20_39 69 */
-	movl	20(%esp),	%ecx
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	%edi,		%ebp
-.byte 209
-.byte 193		/* roll $1 %ecx */
-	xorl	%esi,		%ebp
-	movl	%ecx,		20(%esp)
-	xorl	%eax,		%ebp
-	leal	3395469782(%ecx,%ebx,1),%ecx
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebp,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebx,		%ecx
-	/* 20_39 70 */
-	movl	24(%esp),	%ebx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		/* roll $1 %ebx */
-	xorl	%edi,		%ebp
-	movl	%ebx,		24(%esp)
-	xorl	%esi,		%ebp
-	leal	3395469782(%ebx,%eax,1),%ebx
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%ebp,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%eax,		%ebx
-	/* 20_39 71 */
-	movl	28(%esp),	%eax
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	%ecx,		%ebp
-.byte 209
-.byte 192		/* roll $1 %eax */
-	xorl	%edx,		%ebp
-	movl	%eax,		28(%esp)
-	xorl	%edi,		%ebp
-	leal	3395469782(%eax,%esi,1),%eax
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%ebp,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%esi,		%eax
-	/* 20_39 72 */
-	movl	32(%esp),	%esi
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%esi
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		/* roll $1 %esi */
-	xorl	%ecx,		%ebp
-	movl	%esi,		32(%esp)
-	xorl	%edx,		%ebp
-	leal	3395469782(%esi,%edi,1),%esi
-	movl	%eax,		%edi
-	roll	$5,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%ebp,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%edi,		%esi
-	/* 20_39 73 */
-	movl	36(%esp),	%edi
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	%eax,		%ebp
-.byte 209
-.byte 199		/* roll $1 %edi */
-	xorl	%ebx,		%ebp
-	movl	%edi,		36(%esp)
-	xorl	%ecx,		%ebp
-	leal	3395469782(%edi,%edx,1),%edi
-	movl	%esi,		%edx
-	roll	$5,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%ebp,		%edx
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%edx,		%edi
-	/* 20_39 74 */
-	movl	40(%esp),	%edx
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	8(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%edx
-	movl	%esi,		%ebp
-.byte 209
-.byte 194		/* roll $1 %edx */
-	xorl	%eax,		%ebp
-	movl	%edx,		40(%esp)
-	xorl	%ebx,		%ebp
-	leal	3395469782(%edx,%ecx,1),%edx
-	movl	%edi,		%ecx
-	roll	$5,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ebp,		%ecx
-.byte 209
-.byte 206		/* rorl $1 %esi */
-	addl	%ecx,		%edx
-	/* 20_39 75 */
-	movl	44(%esp),	%ecx
-	movl	52(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	12(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	32(%esp),	%ebp
-	xorl	%ebp,		%ecx
-	movl	%edi,		%ebp
-.byte 209
-.byte 193		/* roll $1 %ecx */
-	xorl	%esi,		%ebp
-	movl	%ecx,		44(%esp)
-	xorl	%eax,		%ebp
-	leal	3395469782(%ecx,%ebx,1),%ecx
-	movl	%edx,		%ebx
-	roll	$5,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebp,		%ebx
-.byte 209
-.byte 207		/* rorl $1 %edi */
-	addl	%ebx,		%ecx
-	/* 20_39 76 */
-	movl	48(%esp),	%ebx
-	movl	56(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	16(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	36(%esp),	%ebp
-	xorl	%ebp,		%ebx
-	movl	%edx,		%ebp
-.byte 209
-.byte 195		/* roll $1 %ebx */
-	xorl	%edi,		%ebp
-	movl	%ebx,		48(%esp)
-	xorl	%esi,		%ebp
-	leal	3395469782(%ebx,%eax,1),%ebx
-	movl	%ecx,		%eax
-	roll	$5,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%ebp,		%eax
-.byte 209
-.byte 202		/* rorl $1 %edx */
-	addl	%eax,		%ebx
-	/* 20_39 77 */
-	movl	52(%esp),	%eax
-	movl	60(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	20(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	40(%esp),	%ebp
-	xorl	%ebp,		%eax
-	movl	%ecx,		%ebp
-.byte 209
-.byte 192		/* roll $1 %eax */
-	xorl	%edx,		%ebp
-	movl	%eax,		52(%esp)
-	xorl	%edi,		%ebp
-	leal	3395469782(%eax,%esi,1),%eax
-	movl	%ebx,		%esi
-	roll	$5,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%ebp,		%esi
-.byte 209
-.byte 201		/* rorl $1 %ecx */
-	addl	%esi,		%eax
-	/* 20_39 78 */
-	movl	56(%esp),	%esi
-	movl	(%esp),		%ebp
-	xorl	%ebp,		%esi
-	movl	24(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	44(%esp),	%ebp
-	xorl	%ebp,		%esi
-	movl	%ebx,		%ebp
-.byte 209
-.byte 198		/* roll $1 %esi */
-	xorl	%ecx,		%ebp
-	movl	%esi,		56(%esp)
-	xorl	%edx,		%ebp
-	leal	3395469782(%esi,%edi,1),%esi
-	movl	%eax,		%edi
-	roll	$5,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%ebp,		%edi
-.byte 209
-.byte 203		/* rorl $1 %ebx */
-	addl	%edi,		%esi
-	/* 20_39 79 */
-	movl	60(%esp),	%edi
-	movl	4(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	28(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	48(%esp),	%ebp
-	xorl	%ebp,		%edi
-	movl	%eax,		%ebp
-.byte 209
-.byte 199		/* roll $1 %edi */
-	xorl	%ebx,		%ebp
-	movl	%edi,		60(%esp)
-	xorl	%ecx,		%ebp
-	leal	3395469782(%edi,%edx,1),%edi
-	movl	%esi,		%edx
-	roll	$5,		%edx
-	addl	%ebp,		%edx
-	movl	92(%esp),	%ebp
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	addl	%edx,		%edi
-.byte 209
-.byte 200		/* rorl $1 %eax */
-	/* End processing */
-
-	movl	12(%ebp),	%edx
-	addl	%ebx,		%edx
-	movl	4(%ebp),	%ebx
-	addl	%esi,		%ebx
-	movl	%eax,		%esi
-	movl	(%ebp),		%eax
-	movl	%edx,		12(%ebp)
-	addl	%edi,		%eax
-	movl	16(%ebp),	%edi
-	addl	%ecx,		%edi
-	movl	8(%ebp),	%ecx
-	addl	%esi,		%ecx
-	movl	%eax,		(%ebp)
-	movl	64(%esp),	%esi
-	movl	%ecx,		8(%ebp)
-	addl	$64,		%esi
-	movl	68(%esp),	%eax
-	movl	%edi,		16(%ebp)
-	cmpl	%esi,		%eax
-	movl	%ebx,		4(%ebp)
-	jl	.L001end
-	movl	(%esi),		%eax
-	jmp	.L000start
-.L001end:
-	addl	$72,		%esp
-	popl	%edi
-	popl	%ebx
-	popl	%ebp
-	popl	%esi
-	ret
-.sha1_block_x86_end:
-	SIZE(sha1_block_x86,.sha1_block_x86_end-sha1_block_x86)
-.ident	"desasm.pl"
diff --git a/crypto/sha/sha.c b/crypto/sha/sha.c
index 713fec3610..42126551d1 100644
--- a/crypto/sha/sha.c
+++ b/crypto/sha/sha.c
@@ -58,23 +58,14 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "sha.h"
+#include <openssl/sha.h>
 
 #define BUFSIZE	1024*16
 
-#ifndef NOPROTO
 void do_fp(FILE *f);
 void pt(unsigned char *md);
 int read(int, void *, unsigned int);
-#else
-void do_fp();
-void pt();
-int read();
-#endif
-
-int main(argc, argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	int i,err=0;
 	FILE *IN;
@@ -102,8 +93,7 @@ char **argv;
 	exit(err);
 	}
 
-void do_fp(f)
-FILE *f;
+void do_fp(FILE *f)
 	{
 	SHA_CTX c;
 	unsigned char md[SHA_DIGEST_LENGTH];
@@ -123,8 +113,7 @@ FILE *f;
 	pt(md);
 	}
 
-void pt(md)
-unsigned char *md;
+void pt(unsigned char *md)
 	{
 	int i;
 
diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h
index 4cf0ea0225..3fd54a10cc 100644
--- a/crypto/sha/sha.h
+++ b/crypto/sha/sha.h
@@ -59,49 +59,61 @@
 #ifndef HEADER_SHA_H
 #define HEADER_SHA_H
 
+#include <openssl/e_os2.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#define SHA_CBLOCK	64
+#if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1))
+#error SHA is disabled.
+#endif
+
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then !
+ * ! SHA_LONG_LOG2 has to be defined along.                        !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+
+#if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+#define SHA_LONG unsigned long
+#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
+#define SHA_LONG unsigned long
+#define SHA_LONG_LOG2 3
+#else
+#define SHA_LONG unsigned int
+#endif
+
 #define SHA_LBLOCK	16
-#define SHA_BLOCK	16
-#define SHA_LAST_BLOCK  56
-#define SHA_LENGTH_BLOCK 8
+#define SHA_CBLOCK	(SHA_LBLOCK*4)	/* SHA treats input data as a
+					 * contiguous array of 32 bit
+					 * wide big-endian values. */
+#define SHA_LAST_BLOCK  (SHA_CBLOCK-8)
 #define SHA_DIGEST_LENGTH 20
 
 typedef struct SHAstate_st
 	{
-	unsigned long h0,h1,h2,h3,h4;
-	unsigned long Nl,Nh;
-	unsigned long data[SHA_LBLOCK];
+	SHA_LONG h0,h1,h2,h3,h4;
+	SHA_LONG Nl,Nh;
+	SHA_LONG data[SHA_LBLOCK];
 	int num;
 	} SHA_CTX;
 
-#ifndef NOPROTO
-void SHA_Init(SHA_CTX *c);
-void SHA_Update(SHA_CTX *c, unsigned char *data, unsigned long len);
-void SHA_Final(unsigned char *md, SHA_CTX *c);
-unsigned char *SHA(unsigned char *d, unsigned long n,unsigned char *md);
-void SHA_Transform(SHA_CTX *c, unsigned char *data);
-void SHA1_Init(SHA_CTX *c);
-void SHA1_Update(SHA_CTX *c, unsigned char *data, unsigned long len);
-void SHA1_Final(unsigned char *md, SHA_CTX *c);
-unsigned char *SHA1(unsigned char *d, unsigned long n,unsigned char *md);
-void SHA1_Transform(SHA_CTX *c, unsigned char *data);
-#else
-void SHA_Init();
-void SHA_Update();
-void SHA_Final();
-unsigned char *SHA();
-void SHA_Transform();
-void SHA1_Init();
-void SHA1_Update();
-void SHA1_Final();
-unsigned char *SHA1();
-void SHA1_Transform();
+#ifndef OPENSSL_NO_SHA0
+int SHA_Init(SHA_CTX *c);
+int SHA_Update(SHA_CTX *c, const void *data, unsigned long len);
+int SHA_Final(unsigned char *md, SHA_CTX *c);
+unsigned char *SHA(const unsigned char *d, unsigned long n,unsigned char *md);
+void SHA_Transform(SHA_CTX *c, const unsigned char *data);
+#endif
+#ifndef OPENSSL_NO_SHA1
+int SHA1_Init(SHA_CTX *c);
+int SHA1_Update(SHA_CTX *c, const void *data, unsigned long len);
+int SHA1_Final(unsigned char *md, SHA_CTX *c);
+unsigned char *SHA1(const unsigned char *d, unsigned long n,unsigned char *md);
+void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
 #endif
-
 #ifdef  __cplusplus
 }
 #endif
diff --git a/crypto/sha/sha1.c b/crypto/sha/sha1.c
index a4739ac9fd..d350c88ee4 100644
--- a/crypto/sha/sha1.c
+++ b/crypto/sha/sha1.c
@@ -58,23 +58,17 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "sha.h"
+#include <openssl/sha.h>
 
 #define BUFSIZE	1024*16
 
-#ifndef NOPROTO
 void do_fp(FILE *f);
 void pt(unsigned char *md);
+#ifndef _OSD_POSIX
 int read(int, void *, unsigned int);
-#else
-void do_fp();
-void pt();
-int read();
 #endif
 
-int main(argc, argv)
-int argc;
-char **argv;
+int main(int argc, char **argv)
 	{
 	int i,err=0;
 	FILE *IN;
@@ -102,8 +96,7 @@ char **argv;
 	exit(err);
 	}
 
-void do_fp(f)
-FILE *f;
+void do_fp(FILE *f)
 	{
 	SHA_CTX c;
 	unsigned char md[SHA_DIGEST_LENGTH];
@@ -123,8 +116,7 @@ FILE *f;
 	pt(md);
 	}
 
-void pt(md)
-unsigned char *md;
+void pt(unsigned char *md)
 	{
 	int i;
 
diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c
index fe5770d601..20e660c71d 100644
--- a/crypto/sha/sha1_one.c
+++ b/crypto/sha/sha1_one.c
@@ -58,12 +58,11 @@
 
 #include <stdio.h>
 #include <string.h>
-#include "sha.h"
+#include <openssl/sha.h>
+#include <openssl/crypto.h>
 
-unsigned char *SHA1(d, n, md)
-unsigned char *d;
-unsigned long n;
-unsigned char *md;
+#ifndef OPENSSL_NO_SHA1
+unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
 	{
 	SHA_CTX c;
 	static unsigned char m[SHA_DIGEST_LENGTH];
@@ -72,6 +71,7 @@ unsigned char *md;
 	SHA1_Init(&c);
 	SHA1_Update(&c,d,n);
 	SHA1_Final(md,&c);
-	memset(&c,0,sizeof(c));
+	OPENSSL_cleanse(&c,sizeof(c));
 	return(md);
 	}
+#endif
diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c
index 32449ac34b..182f65982a 100644
--- a/crypto/sha/sha1dgst.c
+++ b/crypto/sha/sha1dgst.c
@@ -56,413 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
-#include <stdio.h>
-#include <string.h>
+#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
+
 #undef  SHA_0
 #define SHA_1
-#include "sha.h"
-#include "sha_locl.h"
-
-char *SHA1_version="SHA1 part of SSLeay 0.9.1a 06-Jul-1998";
-
-/* Implemented from SHA-1 document - The Secure Hash Algorithm
- */
-
-#define INIT_DATA_h0 (unsigned long)0x67452301L
-#define INIT_DATA_h1 (unsigned long)0xefcdab89L
-#define INIT_DATA_h2 (unsigned long)0x98badcfeL
-#define INIT_DATA_h3 (unsigned long)0x10325476L
-#define INIT_DATA_h4 (unsigned long)0xc3d2e1f0L
-
-#define K_00_19	0x5a827999L
-#define K_20_39 0x6ed9eba1L
-#define K_40_59 0x8f1bbcdcL
-#define K_60_79 0xca62c1d6L
-
-#ifndef NOPROTO
-#  ifdef SHA1_ASM
-     void sha1_block_x86(SHA_CTX *c, register unsigned long *p, int num);
-#    define sha1_block sha1_block_x86
-#  else
-     void sha1_block(SHA_CTX *c, register unsigned long *p, int num);
-#  endif
-#else
-#  ifdef SHA1_ASM
-     void sha1_block_x86();
-#    define sha1_block sha1_block_x86
-#  else
-     void sha1_block();
-#  endif
-#endif
-
 
-#if defined(L_ENDIAN) && defined(SHA1_ASM)
-#  define	M_c2nl 		c2l
-#  define	M_p_c2nl 	p_c2l
-#  define	M_c2nl_p	c2l_p
-#  define	M_p_c2nl_p	p_c2l_p
-#  define	M_nl2c		l2c
-#else
-#  define	M_c2nl 		c2nl
-#  define	M_p_c2nl	p_c2nl
-#  define	M_c2nl_p	c2nl_p
-#  define	M_p_c2nl_p	p_c2nl_p
-#  define	M_nl2c		nl2c
-#endif
-
-void SHA1_Init(c)
-SHA_CTX *c;
-	{
-	c->h0=INIT_DATA_h0;
-	c->h1=INIT_DATA_h1;
-	c->h2=INIT_DATA_h2;
-	c->h3=INIT_DATA_h3;
-	c->h4=INIT_DATA_h4;
-	c->Nl=0;
-	c->Nh=0;
-	c->num=0;
-	}
-
-void SHA1_Update(c, data, len)
-SHA_CTX *c;
-register unsigned char *data;
-unsigned long len;
-	{
-	register ULONG *p;
-	int ew,ec,sw,sc;
-	ULONG l;
-
-	if (len == 0) return;
-
-	l=(c->Nl+(len<<3))&0xffffffffL;
-	if (l < c->Nl) /* overflow */
-		c->Nh++;
-	c->Nh+=(len>>29);
-	c->Nl=l;
+#include <openssl/opensslv.h>
 
-	if (c->num != 0)
-		{
-		p=c->data;
-		sw=c->num>>2;
-		sc=c->num&0x03;
-
-		if ((c->num+len) >= SHA_CBLOCK)
-			{
-			l= p[sw];
-			M_p_c2nl(data,l,sc);
-			p[sw++]=l;
-			for (; sw<SHA_LBLOCK; sw++)
-				{
-				M_c2nl(data,l);
-				p[sw]=l;
-				}
-			len-=(SHA_CBLOCK-c->num);
-
-			sha1_block(c,p,64);
-			c->num=0;
-			/* drop through and do the rest */
-			}
-		else
-			{
-			c->num+=(int)len;
-			if ((sc+len) < 4) /* ugly, add char's to a word */
-				{
-				l= p[sw];
-				M_p_c2nl_p(data,l,sc,len);
-				p[sw]=l;
-				}
-			else
-				{
-				ew=(c->num>>2);
-				ec=(c->num&0x03);
-				l= p[sw];
-				M_p_c2nl(data,l,sc);
-				p[sw++]=l;
-				for (; sw < ew; sw++)
-					{ M_c2nl(data,l); p[sw]=l; }
-				if (ec)
-					{
-					M_c2nl_p(data,l,ec);
-					p[sw]=l;
-					}
-				}
-			return;
-			}
-		}
-	/* We can only do the following code for assember, the reason
-	 * being that the sha1_block 'C' version changes the values
-	 * in the 'data' array.  The assember code avoids this and
-	 * copies it to a local array.  I should be able to do this for
-	 * the C version as well....
-	 */
-#if 1
-#if defined(B_ENDIAN) || defined(SHA1_ASM)
-	if ((((unsigned long)data)%sizeof(ULONG)) == 0)
-		{
-		sw=len/SHA_CBLOCK;
-		if (sw)
-			{
-			sw*=SHA_CBLOCK;
-			sha1_block(c,(ULONG *)data,sw);
-			data+=sw;
-			len-=sw;
-			}
-		}
-#endif
-#endif
-	/* we now can process the input data in blocks of SHA_CBLOCK
-	 * chars and save the leftovers to c->data. */
-	p=c->data;
-	while (len >= SHA_CBLOCK)
-		{
-#if defined(B_ENDIAN) || defined(L_ENDIAN)
-		if (p != (unsigned long *)data)
-			memcpy(p,data,SHA_CBLOCK);
-		data+=SHA_CBLOCK;
-#  ifdef L_ENDIAN
-#    ifndef SHA1_ASM /* Will not happen */
-		for (sw=(SHA_LBLOCK/4); sw; sw--)
-			{
-			Endian_Reverse32(p[0]);
-			Endian_Reverse32(p[1]);
-			Endian_Reverse32(p[2]);
-			Endian_Reverse32(p[3]);
-			p+=4;
-			}
-		p=c->data;
-#    endif
-#  endif
-#else
-		for (sw=(SHA_BLOCK/4); sw; sw--)
-			{
-			M_c2nl(data,l); *(p++)=l;
-			M_c2nl(data,l); *(p++)=l;
-			M_c2nl(data,l); *(p++)=l;
-			M_c2nl(data,l); *(p++)=l;
-			}
-		p=c->data;
-#endif
-		sha1_block(c,p,64);
-		len-=SHA_CBLOCK;
-		}
-	ec=(int)len;
-	c->num=ec;
-	ew=(ec>>2);
-	ec&=0x03;
+const char *SHA1_version="SHA1" OPENSSL_VERSION_PTEXT;
 
-	for (sw=0; sw < ew; sw++)
-		{ M_c2nl(data,l); p[sw]=l; }
-	M_c2nl_p(data,l,ec);
-	p[sw]=l;
-	}
+/* The implementation is in ../md32_common.h */
 
-void SHA1_Transform(c,b)
-SHA_CTX *c;
-unsigned char *b;
-	{
-	ULONG p[16];
-#ifndef B_ENDIAN
-	ULONG *q;
-	int i;
-#endif
-
-#if defined(B_ENDIAN) || defined(L_ENDIAN)
-	memcpy(p,b,64);
-#ifdef L_ENDIAN
-	q=p;
-	for (i=(SHA_LBLOCK/4); i; i--)
-		{
-		Endian_Reverse32(q[0]);
-		Endian_Reverse32(q[1]);
-		Endian_Reverse32(q[2]);
-		Endian_Reverse32(q[3]);
-		q+=4;
-		}
-#endif
-#else
-	q=p;
-	for (i=(SHA_LBLOCK/4); i; i--)
-		{
-		ULONG l;
-		c2nl(b,l); *(q++)=l;
-		c2nl(b,l); *(q++)=l;
-		c2nl(b,l); *(q++)=l;
-		c2nl(b,l); *(q++)=l; 
-		} 
-#endif
-	sha1_block(c,p,64);
-	}
-
-#ifndef SHA1_ASM
-
-void sha1_block(c, W, num)
-SHA_CTX *c;
-register unsigned long *W;
-int num;
-	{
-	register ULONG A,B,C,D,E,T;
-	ULONG X[16];
-
-	A=c->h0;
-	B=c->h1;
-	C=c->h2;
-	D=c->h3;
-	E=c->h4;
-
-	for (;;)
-		{
-	BODY_00_15( 0,A,B,C,D,E,T,W);
-	BODY_00_15( 1,T,A,B,C,D,E,W);
-	BODY_00_15( 2,E,T,A,B,C,D,W);
-	BODY_00_15( 3,D,E,T,A,B,C,W);
-	BODY_00_15( 4,C,D,E,T,A,B,W);
-	BODY_00_15( 5,B,C,D,E,T,A,W);
-	BODY_00_15( 6,A,B,C,D,E,T,W);
-	BODY_00_15( 7,T,A,B,C,D,E,W);
-	BODY_00_15( 8,E,T,A,B,C,D,W);
-	BODY_00_15( 9,D,E,T,A,B,C,W);
-	BODY_00_15(10,C,D,E,T,A,B,W);
-	BODY_00_15(11,B,C,D,E,T,A,W);
-	BODY_00_15(12,A,B,C,D,E,T,W);
-	BODY_00_15(13,T,A,B,C,D,E,W);
-	BODY_00_15(14,E,T,A,B,C,D,W);
-	BODY_00_15(15,D,E,T,A,B,C,W);
-	BODY_16_19(16,C,D,E,T,A,B,W,W,W,W);
-	BODY_16_19(17,B,C,D,E,T,A,W,W,W,W);
-	BODY_16_19(18,A,B,C,D,E,T,W,W,W,W);
-	BODY_16_19(19,T,A,B,C,D,E,W,W,W,X);
-
-	BODY_20_31(20,E,T,A,B,C,D,W,W,W,X);
-	BODY_20_31(21,D,E,T,A,B,C,W,W,W,X);
-	BODY_20_31(22,C,D,E,T,A,B,W,W,W,X);
-	BODY_20_31(23,B,C,D,E,T,A,W,W,W,X);
-	BODY_20_31(24,A,B,C,D,E,T,W,W,X,X);
-	BODY_20_31(25,T,A,B,C,D,E,W,W,X,X);
-	BODY_20_31(26,E,T,A,B,C,D,W,W,X,X);
-	BODY_20_31(27,D,E,T,A,B,C,W,W,X,X);
-	BODY_20_31(28,C,D,E,T,A,B,W,W,X,X);
-	BODY_20_31(29,B,C,D,E,T,A,W,W,X,X);
-	BODY_20_31(30,A,B,C,D,E,T,W,X,X,X);
-	BODY_20_31(31,T,A,B,C,D,E,W,X,X,X);
-	BODY_32_39(32,E,T,A,B,C,D,X);
-	BODY_32_39(33,D,E,T,A,B,C,X);
-	BODY_32_39(34,C,D,E,T,A,B,X);
-	BODY_32_39(35,B,C,D,E,T,A,X);
-	BODY_32_39(36,A,B,C,D,E,T,X);
-	BODY_32_39(37,T,A,B,C,D,E,X);
-	BODY_32_39(38,E,T,A,B,C,D,X);
-	BODY_32_39(39,D,E,T,A,B,C,X);
-
-	BODY_40_59(40,C,D,E,T,A,B,X);
-	BODY_40_59(41,B,C,D,E,T,A,X);
-	BODY_40_59(42,A,B,C,D,E,T,X);
-	BODY_40_59(43,T,A,B,C,D,E,X);
-	BODY_40_59(44,E,T,A,B,C,D,X);
-	BODY_40_59(45,D,E,T,A,B,C,X);
-	BODY_40_59(46,C,D,E,T,A,B,X);
-	BODY_40_59(47,B,C,D,E,T,A,X);
-	BODY_40_59(48,A,B,C,D,E,T,X);
-	BODY_40_59(49,T,A,B,C,D,E,X);
-	BODY_40_59(50,E,T,A,B,C,D,X);
-	BODY_40_59(51,D,E,T,A,B,C,X);
-	BODY_40_59(52,C,D,E,T,A,B,X);
-	BODY_40_59(53,B,C,D,E,T,A,X);
-	BODY_40_59(54,A,B,C,D,E,T,X);
-	BODY_40_59(55,T,A,B,C,D,E,X);
-	BODY_40_59(56,E,T,A,B,C,D,X);
-	BODY_40_59(57,D,E,T,A,B,C,X);
-	BODY_40_59(58,C,D,E,T,A,B,X);
-	BODY_40_59(59,B,C,D,E,T,A,X);
-
-	BODY_60_79(60,A,B,C,D,E,T,X);
-	BODY_60_79(61,T,A,B,C,D,E,X);
-	BODY_60_79(62,E,T,A,B,C,D,X);
-	BODY_60_79(63,D,E,T,A,B,C,X);
-	BODY_60_79(64,C,D,E,T,A,B,X);
-	BODY_60_79(65,B,C,D,E,T,A,X);
-	BODY_60_79(66,A,B,C,D,E,T,X);
-	BODY_60_79(67,T,A,B,C,D,E,X);
-	BODY_60_79(68,E,T,A,B,C,D,X);
-	BODY_60_79(69,D,E,T,A,B,C,X);
-	BODY_60_79(70,C,D,E,T,A,B,X);
-	BODY_60_79(71,B,C,D,E,T,A,X);
-	BODY_60_79(72,A,B,C,D,E,T,X);
-	BODY_60_79(73,T,A,B,C,D,E,X);
-	BODY_60_79(74,E,T,A,B,C,D,X);
-	BODY_60_79(75,D,E,T,A,B,C,X);
-	BODY_60_79(76,C,D,E,T,A,B,X);
-	BODY_60_79(77,B,C,D,E,T,A,X);
-	BODY_60_79(78,A,B,C,D,E,T,X);
-	BODY_60_79(79,T,A,B,C,D,E,X);
-	
-	c->h0=(c->h0+E)&0xffffffffL; 
-	c->h1=(c->h1+T)&0xffffffffL;
-	c->h2=(c->h2+A)&0xffffffffL;
-	c->h3=(c->h3+B)&0xffffffffL;
-	c->h4=(c->h4+C)&0xffffffffL;
-
-	num-=64;
-	if (num <= 0) break;
-
-	A=c->h0;
-	B=c->h1;
-	C=c->h2;
-	D=c->h3;
-	E=c->h4;
-
-	W+=16;
-		}
-	}
-#endif
-
-void SHA1_Final(md, c)
-unsigned char *md;
-SHA_CTX *c;
-	{
-	register int i,j;
-	register ULONG l;
-	register ULONG *p;
-	static unsigned char end[4]={0x80,0x00,0x00,0x00};
-	unsigned char *cp=end;
+#include "sha_locl.h"
 
-	/* c->num should definitly have room for at least one more byte. */
-	p=c->data;
-	j=c->num;
-	i=j>>2;
-#ifdef PURIFY
-	if ((j&0x03) == 0) p[i]=0;
 #endif
-	l=p[i];
-	M_p_c2nl(cp,l,j&0x03);
-	p[i]=l;
-	i++;
-	/* i is the next 'undefined word' */
-	if (c->num >= SHA_LAST_BLOCK)
-		{
-		for (; i<SHA_LBLOCK; i++)
-			p[i]=0;
-		sha1_block(c,p,64);
-		i=0;
-		}
-	for (; i<(SHA_LBLOCK-2); i++)
-		p[i]=0;
-	p[SHA_LBLOCK-2]=c->Nh;
-	p[SHA_LBLOCK-1]=c->Nl;
-#if defined(L_ENDIAN) && defined(SHA1_ASM)
-	Endian_Reverse32(p[SHA_LBLOCK-2]);
-	Endian_Reverse32(p[SHA_LBLOCK-1]);
-#endif
-	sha1_block(c,p,64);
-	cp=md;
-	l=c->h0; nl2c(l,cp);
-	l=c->h1; nl2c(l,cp);
-	l=c->h2; nl2c(l,cp);
-	l=c->h3; nl2c(l,cp);
-	l=c->h4; nl2c(l,cp);
-
-	/* clear stuff, sha1_block may be leaving some stuff on the stack
-	 * but I'm not worried :-) */
-	c->num=0;
-/*	memset((char *)&c,0,sizeof(c));*/
-	}
 
diff --git a/crypto/sha/sha1s.cpp b/crypto/sha/sha1s.cpp
index 0163377de6..af23d1e0f2 100644
--- a/crypto/sha/sha1s.cpp
+++ b/crypto/sha/sha1s.cpp
@@ -32,8 +32,9 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "sha.h"
+#include <openssl/sha.h>
 
+#define sha1_block_x86 sha1_block_asm_data_order
 extern "C" {
 void sha1_block_x86(SHA_CTX *ctx, unsigned char *buffer,int num);
 }
@@ -55,8 +56,10 @@ void main(int argc,char *argv[])
 	if (num == 0) num=16;
 	if (num > 250) num=16;
 	numm=num+2;
+#if 0
 	num*=64;
 	numm*=64;
+#endif
 
 	for (j=0; j<6; j++)
 		{
@@ -72,7 +75,7 @@ void main(int argc,char *argv[])
 			sha1_block_x86(&ctx,buffer,num);
 			}
 
-		printf("sha1 (%d bytes) %d %d (%.2f)\n",num,
+		printf("sha1 (%d bytes) %d %d (%.2f)\n",num*64,
 			e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
 		}
 	}
diff --git a/crypto/sha/sha1test.c b/crypto/sha/sha1test.c
index 3c62a218b4..4f2e4ada2d 100644
--- a/crypto/sha/sha1test.c
+++ b/crypto/sha/sha1test.c
@@ -59,57 +59,72 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "sha.h"
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_SHA
+int main(int argc, char *argv[])
+{
+    printf("No SHA support\n");
+    return(0);
+}
+#else
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
 
 #undef SHA_0 /* FIPS 180 */
 #define  SHA_1 /* FIPS 180-1 */
 
-char *test[]={
+static char *test[]={
 	"abc",
 	"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
 	NULL,
 	};
 
 #ifdef SHA_0
-char *ret[]={
+static char *ret[]={
 	"0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
 	"d2516ee1acfa5baf33dfc1c471e438449ef134c8",
 	};
-char *bigret=
+static char *bigret=
 	"3232affa48628a26653b5aaa44541fd90d690603";
 #endif
 #ifdef SHA_1
-char *ret[]={
+static char *ret[]={
 	"a9993e364706816aba3e25717850c26c9cd0d89d",
 	"84983e441c3bd26ebaae4aa1f95129e5e54670f1",
 	};
-char *bigret=
+static char *bigret=
 	"34aa973cd4c4daa4f61eeb2bdbad27316534016f";
 #endif
 
-#ifndef NOPROTO
 static char *pt(unsigned char *md);
-#else
-static char *pt();
-#endif
-
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int i,err=0;
 	unsigned char **P,**R;
 	static unsigned char buf[1000];
 	char *p,*r;
-	SHA_CTX c;
+	EVP_MD_CTX c;
 	unsigned char md[SHA_DIGEST_LENGTH];
 
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(test[0], test[0], strlen(test[0]));
+	ebcdic2ascii(test[1], test[1], strlen(test[1]));
+#endif
+
+	EVP_MD_CTX_init(&c);
 	P=(unsigned char **)test;
 	R=(unsigned char **)ret;
 	i=1;
 	while (*P != NULL)
 		{
-		p=pt(SHA1(*P,(unsigned long)strlen((char *)*P),NULL));
+		EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha1(), NULL);
+		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{
 			printf("error calculating SHA1 on '%s'\n",*P);
@@ -124,10 +139,13 @@ char *argv[];
 		}
 
 	memset(buf,'a',1000);
-	SHA1_Init(&c);
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(buf, buf, 1000);
+#endif /*CHARSET_EBCDIC*/
+	EVP_DigestInit_ex(&c,EVP_sha1(), NULL);
 	for (i=0; i<1000; i++)
-		SHA1_Update(&c,buf,1000);
-	SHA1_Final(md,&c);
+		EVP_DigestUpdate(&c,buf,1000);
+	EVP_DigestFinal_ex(&c,md,NULL);
 	p=pt(md);
 
 	r=bigret;
@@ -139,12 +157,12 @@ char *argv[];
 		}
 	else
 		printf("test 3 ok\n");
-	exit(err);
+	EXIT(err);
+	EVP_MD_CTX_cleanup(&c);
 	return(0);
 	}
 
-static char *pt(md)
-unsigned char *md;
+static char *pt(unsigned char *md)
 	{
 	int i;
 	static char buf[80];
@@ -153,3 +171,4 @@ unsigned char *md;
 		sprintf(&(buf[i*2]),"%02x",md[i]);
 	return(buf);
 	}
+#endif
diff --git a/crypto/sha/sha_dgst.c b/crypto/sha/sha_dgst.c
index 7c8434ff30..5a4b3ab204 100644
--- a/crypto/sha/sha_dgst.c
+++ b/crypto/sha/sha_dgst.c
@@ -1,4 +1,4 @@
-/* crypto/sha/sha_dgst.c */
+/* crypto/sha/sha1dgst.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -56,387 +56,18 @@
  * [including the GNU Public Licence.]
  */
 
-#include <stdio.h>
-#include <string.h>
-#define  SHA_0
-#undef SHA_1
-#include "sha.h"
-#include "sha_locl.h"
-
-char *SHA_version="SHA part of SSLeay 0.9.1a 06-Jul-1998";
-
-/* Implemented from SHA-0 document - The Secure Hash Algorithm
- */
-
-#define INIT_DATA_h0 (unsigned long)0x67452301L
-#define INIT_DATA_h1 (unsigned long)0xefcdab89L
-#define INIT_DATA_h2 (unsigned long)0x98badcfeL
-#define INIT_DATA_h3 (unsigned long)0x10325476L
-#define INIT_DATA_h4 (unsigned long)0xc3d2e1f0L
-
-#define K_00_19	0x5a827999L
-#define K_20_39 0x6ed9eba1L
-#define K_40_59 0x8f1bbcdcL
-#define K_60_79 0xca62c1d6L
-
-#ifndef NOPROTO
-   void sha_block(SHA_CTX *c, register unsigned long *p, int num);
-#else
-   void sha_block();
-#endif
-
-#define	M_c2nl 		c2nl
-#define	M_p_c2nl	p_c2nl
-#define	M_c2nl_p	c2nl_p
-#define	M_p_c2nl_p	p_c2nl_p
-#define	M_nl2c		nl2c
-
-void SHA_Init(c)
-SHA_CTX *c;
-	{
-	c->h0=INIT_DATA_h0;
-	c->h1=INIT_DATA_h1;
-	c->h2=INIT_DATA_h2;
-	c->h3=INIT_DATA_h3;
-	c->h4=INIT_DATA_h4;
-	c->Nl=0;
-	c->Nh=0;
-	c->num=0;
-	}
-
-void SHA_Update(c, data, len)
-SHA_CTX *c;
-register unsigned char *data;
-unsigned long len;
-	{
-	register ULONG *p;
-	int ew,ec,sw,sc;
-	ULONG l;
-
-	if (len == 0) return;
-
-	l=(c->Nl+(len<<3))&0xffffffffL;
-	if (l < c->Nl) /* overflow */
-		c->Nh++;
-	c->Nh+=(len>>29);
-	c->Nl=l;
-
-	if (c->num != 0)
-		{
-		p=c->data;
-		sw=c->num>>2;
-		sc=c->num&0x03;
-
-		if ((c->num+len) >= SHA_CBLOCK)
-			{
-			l= p[sw];
-			M_p_c2nl(data,l,sc);
-			p[sw++]=l;
-			for (; sw<SHA_LBLOCK; sw++)
-				{
-				M_c2nl(data,l);
-				p[sw]=l;
-				}
-			len-=(SHA_CBLOCK-c->num);
-
-			sha_block(c,p,64);
-			c->num=0;
-			/* drop through and do the rest */
-			}
-		else
-			{
-			c->num+=(int)len;
-			if ((sc+len) < 4) /* ugly, add char's to a word */
-				{
-				l= p[sw];
-				M_p_c2nl_p(data,l,sc,len);
-				p[sw]=l;
-				}
-			else
-				{
-				ew=(c->num>>2);
-				ec=(c->num&0x03);
-				l= p[sw];
-				M_p_c2nl(data,l,sc);
-				p[sw++]=l;
-				for (; sw < ew; sw++)
-					{ M_c2nl(data,l); p[sw]=l; }
-				if (ec)
-					{
-					M_c2nl_p(data,l,ec);
-					p[sw]=l;
-					}
-				}
-			return;
-			}
-		}
-	/* We can only do the following code for assember, the reason
-	 * being that the sha_block 'C' version changes the values
-	 * in the 'data' array.  The assember code avoids this and
-	 * copies it to a local array.  I should be able to do this for
-	 * the C version as well....
-	 */
-#if 1
-#if defined(B_ENDIAN) || defined(SHA_ASM)
-	if ((((unsigned long)data)%sizeof(ULONG)) == 0)
-		{
-		sw=len/SHA_CBLOCK;
-		if (sw)
-			{
-			sw*=SHA_CBLOCK;
-			sha_block(c,(ULONG *)data,sw);
-			data+=sw;
-			len-=sw;
-			}
-		}
-#endif
-#endif
-	/* we now can process the input data in blocks of SHA_CBLOCK
-	 * chars and save the leftovers to c->data. */
-	p=c->data;
-	while (len >= SHA_CBLOCK)
-		{
-#if defined(B_ENDIAN) || defined(L_ENDIAN)
-		if (p != (unsigned long *)data)
-			memcpy(p,data,SHA_CBLOCK);
-		data+=SHA_CBLOCK;
-#  ifdef L_ENDIAN
-#    ifndef SHA_ASM /* Will not happen */
-		for (sw=(SHA_LBLOCK/4); sw; sw--)
-			{
-			Endian_Reverse32(p[0]);
-			Endian_Reverse32(p[1]);
-			Endian_Reverse32(p[2]);
-			Endian_Reverse32(p[3]);
-			p+=4;
-			}
-		p=c->data;
-#    endif
-#  endif
-#else
-		for (sw=(SHA_BLOCK/4); sw; sw--)
-			{
-			M_c2nl(data,l); *(p++)=l;
-			M_c2nl(data,l); *(p++)=l;
-			M_c2nl(data,l); *(p++)=l;
-			M_c2nl(data,l); *(p++)=l;
-			}
-		p=c->data;
-#endif
-		sha_block(c,p,64);
-		len-=SHA_CBLOCK;
-		}
-	ec=(int)len;
-	c->num=ec;
-	ew=(ec>>2);
-	ec&=0x03;
-
-	for (sw=0; sw < ew; sw++)
-		{ M_c2nl(data,l); p[sw]=l; }
-	M_c2nl_p(data,l,ec);
-	p[sw]=l;
-	}
-
-void SHA_Transform(c,b)
-SHA_CTX *c;
-unsigned char *b;
-	{
-	ULONG p[16];
-#if !defined(B_ENDIAN)
-	ULONG *q;
-	int i;
-#endif
-
-#if defined(B_ENDIAN) || defined(L_ENDIAN)
-	memcpy(p,b,64);
-#ifdef L_ENDIAN
-	q=p;
-	for (i=(SHA_LBLOCK/4); i; i--)
-		{
-		Endian_Reverse32(q[0]);
-		Endian_Reverse32(q[1]);
-		Endian_Reverse32(q[2]);
-		Endian_Reverse32(q[3]);
-		q+=4;
-		}
-#endif
-#else
-	q=p;
-	for (i=(SHA_LBLOCK/4); i; i--)
-		{
-		ULONG l;
-		c2nl(b,l); *(q++)=l;
-		c2nl(b,l); *(q++)=l;
-		c2nl(b,l); *(q++)=l;
-		c2nl(b,l); *(q++)=l; 
-		} 
-#endif
-	sha_block(c,p,64);
-	}
-
-void sha_block(c, W, num)
-SHA_CTX *c;
-register unsigned long *W;
-int num;
-	{
-	register ULONG A,B,C,D,E,T;
-	ULONG X[16];
-
-	A=c->h0;
-	B=c->h1;
-	C=c->h2;
-	D=c->h3;
-	E=c->h4;
-
-	for (;;)
-		{
-	BODY_00_15( 0,A,B,C,D,E,T,W);
-	BODY_00_15( 1,T,A,B,C,D,E,W);
-	BODY_00_15( 2,E,T,A,B,C,D,W);
-	BODY_00_15( 3,D,E,T,A,B,C,W);
-	BODY_00_15( 4,C,D,E,T,A,B,W);
-	BODY_00_15( 5,B,C,D,E,T,A,W);
-	BODY_00_15( 6,A,B,C,D,E,T,W);
-	BODY_00_15( 7,T,A,B,C,D,E,W);
-	BODY_00_15( 8,E,T,A,B,C,D,W);
-	BODY_00_15( 9,D,E,T,A,B,C,W);
-	BODY_00_15(10,C,D,E,T,A,B,W);
-	BODY_00_15(11,B,C,D,E,T,A,W);
-	BODY_00_15(12,A,B,C,D,E,T,W);
-	BODY_00_15(13,T,A,B,C,D,E,W);
-	BODY_00_15(14,E,T,A,B,C,D,W);
-	BODY_00_15(15,D,E,T,A,B,C,W);
-	BODY_16_19(16,C,D,E,T,A,B,W,W,W,W);
-	BODY_16_19(17,B,C,D,E,T,A,W,W,W,W);
-	BODY_16_19(18,A,B,C,D,E,T,W,W,W,W);
-	BODY_16_19(19,T,A,B,C,D,E,W,W,W,X);
+#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
 
-	BODY_20_31(20,E,T,A,B,C,D,W,W,W,X);
-	BODY_20_31(21,D,E,T,A,B,C,W,W,W,X);
-	BODY_20_31(22,C,D,E,T,A,B,W,W,W,X);
-	BODY_20_31(23,B,C,D,E,T,A,W,W,W,X);
-	BODY_20_31(24,A,B,C,D,E,T,W,W,X,X);
-	BODY_20_31(25,T,A,B,C,D,E,W,W,X,X);
-	BODY_20_31(26,E,T,A,B,C,D,W,W,X,X);
-	BODY_20_31(27,D,E,T,A,B,C,W,W,X,X);
-	BODY_20_31(28,C,D,E,T,A,B,W,W,X,X);
-	BODY_20_31(29,B,C,D,E,T,A,W,W,X,X);
-	BODY_20_31(30,A,B,C,D,E,T,W,X,X,X);
-	BODY_20_31(31,T,A,B,C,D,E,W,X,X,X);
-	BODY_32_39(32,E,T,A,B,C,D,X);
-	BODY_32_39(33,D,E,T,A,B,C,X);
-	BODY_32_39(34,C,D,E,T,A,B,X);
-	BODY_32_39(35,B,C,D,E,T,A,X);
-	BODY_32_39(36,A,B,C,D,E,T,X);
-	BODY_32_39(37,T,A,B,C,D,E,X);
-	BODY_32_39(38,E,T,A,B,C,D,X);
-	BODY_32_39(39,D,E,T,A,B,C,X);
+#undef  SHA_1
+#define SHA_0
 
-	BODY_40_59(40,C,D,E,T,A,B,X);
-	BODY_40_59(41,B,C,D,E,T,A,X);
-	BODY_40_59(42,A,B,C,D,E,T,X);
-	BODY_40_59(43,T,A,B,C,D,E,X);
-	BODY_40_59(44,E,T,A,B,C,D,X);
-	BODY_40_59(45,D,E,T,A,B,C,X);
-	BODY_40_59(46,C,D,E,T,A,B,X);
-	BODY_40_59(47,B,C,D,E,T,A,X);
-	BODY_40_59(48,A,B,C,D,E,T,X);
-	BODY_40_59(49,T,A,B,C,D,E,X);
-	BODY_40_59(50,E,T,A,B,C,D,X);
-	BODY_40_59(51,D,E,T,A,B,C,X);
-	BODY_40_59(52,C,D,E,T,A,B,X);
-	BODY_40_59(53,B,C,D,E,T,A,X);
-	BODY_40_59(54,A,B,C,D,E,T,X);
-	BODY_40_59(55,T,A,B,C,D,E,X);
-	BODY_40_59(56,E,T,A,B,C,D,X);
-	BODY_40_59(57,D,E,T,A,B,C,X);
-	BODY_40_59(58,C,D,E,T,A,B,X);
-	BODY_40_59(59,B,C,D,E,T,A,X);
+#include <openssl/opensslv.h>
 
-	BODY_60_79(60,A,B,C,D,E,T,X);
-	BODY_60_79(61,T,A,B,C,D,E,X);
-	BODY_60_79(62,E,T,A,B,C,D,X);
-	BODY_60_79(63,D,E,T,A,B,C,X);
-	BODY_60_79(64,C,D,E,T,A,B,X);
-	BODY_60_79(65,B,C,D,E,T,A,X);
-	BODY_60_79(66,A,B,C,D,E,T,X);
-	BODY_60_79(67,T,A,B,C,D,E,X);
-	BODY_60_79(68,E,T,A,B,C,D,X);
-	BODY_60_79(69,D,E,T,A,B,C,X);
-	BODY_60_79(70,C,D,E,T,A,B,X);
-	BODY_60_79(71,B,C,D,E,T,A,X);
-	BODY_60_79(72,A,B,C,D,E,T,X);
-	BODY_60_79(73,T,A,B,C,D,E,X);
-	BODY_60_79(74,E,T,A,B,C,D,X);
-	BODY_60_79(75,D,E,T,A,B,C,X);
-	BODY_60_79(76,C,D,E,T,A,B,X);
-	BODY_60_79(77,B,C,D,E,T,A,X);
-	BODY_60_79(78,A,B,C,D,E,T,X);
-	BODY_60_79(79,T,A,B,C,D,E,X);
-	
-	c->h0=(c->h0+E)&0xffffffffL; 
-	c->h1=(c->h1+T)&0xffffffffL;
-	c->h2=(c->h2+A)&0xffffffffL;
-	c->h3=(c->h3+B)&0xffffffffL;
-	c->h4=(c->h4+C)&0xffffffffL;
+const char *SHA_version="SHA" OPENSSL_VERSION_PTEXT;
 
-	num-=64;
-	if (num <= 0) break;
+/* The implementation is in ../md32_common.h */
 
-	A=c->h0;
-	B=c->h1;
-	C=c->h2;
-	D=c->h3;
-	E=c->h4;
-
-	W+=16;
-		}
-	}
-
-void SHA_Final(md, c)
-unsigned char *md;
-SHA_CTX *c;
-	{
-	register int i,j;
-	register ULONG l;
-	register ULONG *p;
-	static unsigned char end[4]={0x80,0x00,0x00,0x00};
-	unsigned char *cp=end;
+#include "sha_locl.h"
 
-	/* c->num should definitly have room for at least one more byte. */
-	p=c->data;
-	j=c->num;
-	i=j>>2;
-#ifdef PURIFY
-	if ((j&0x03) == 0) p[i]=0;
 #endif
-	l=p[i];
-	M_p_c2nl(cp,l,j&0x03);
-	p[i]=l;
-	i++;
-	/* i is the next 'undefined word' */
-	if (c->num >= SHA_LAST_BLOCK)
-		{
-		for (; i<SHA_LBLOCK; i++)
-			p[i]=0;
-		sha_block(c,p,64);
-		i=0;
-		}
-	for (; i<(SHA_LBLOCK-2); i++)
-		p[i]=0;
-	p[SHA_LBLOCK-2]=c->Nh;
-	p[SHA_LBLOCK-1]=c->Nl;
-	sha_block(c,p,64);
-	cp=md;
-	l=c->h0; nl2c(l,cp);
-	l=c->h1; nl2c(l,cp);
-	l=c->h2; nl2c(l,cp);
-	l=c->h3; nl2c(l,cp);
-	l=c->h4; nl2c(l,cp);
-
-	/* clear stuff, sha_block may be leaving some stuff on the stack
-	 * but I'm not worried :-) */
-	c->num=0;
-/*	memset((char *)&c,0,sizeof(c));*/
-	}
 
diff --git a/crypto/sha/sha_locl.h b/crypto/sha/sha_locl.h
index 2814ad15fa..471dfb9f8f 100644
--- a/crypto/sha/sha_locl.h
+++ b/crypto/sha/sha_locl.h
@@ -59,137 +59,102 @@
 #include <stdlib.h>
 #include <string.h>
 
-#ifdef undef
-/* one or the other needs to be defined */
-#ifndef SHA_1 /* FIPE 180-1 */
-#define SHA_0 /* FIPS 180   */
-#endif
+#include <openssl/opensslconf.h>
+#include <openssl/sha.h>
+
+#ifndef SHA_LONG_LOG2
+#define SHA_LONG_LOG2	2	/* default to 32 bits */
 #endif
 
-#define ULONG	unsigned long
-#define UCHAR	unsigned char
-#define UINT	unsigned int
+#define DATA_ORDER_IS_BIG_ENDIAN
 
-#ifdef NOCONST
-#define const
-#endif
+#define HASH_LONG               SHA_LONG
+#define HASH_LONG_LOG2          SHA_LONG_LOG2
+#define HASH_CTX                SHA_CTX
+#define HASH_CBLOCK             SHA_CBLOCK
+#define HASH_LBLOCK             SHA_LBLOCK
+#define HASH_MAKE_STRING(c,s)   do {	\
+	unsigned long ll;		\
+	ll=(c)->h0; HOST_l2c(ll,(s));	\
+	ll=(c)->h1; HOST_l2c(ll,(s));	\
+	ll=(c)->h2; HOST_l2c(ll,(s));	\
+	ll=(c)->h3; HOST_l2c(ll,(s));	\
+	ll=(c)->h4; HOST_l2c(ll,(s));	\
+	} while (0)
+
+#if defined(SHA_0)
+
+# define HASH_UPDATE             	SHA_Update
+# define HASH_TRANSFORM          	SHA_Transform
+# define HASH_FINAL              	SHA_Final
+# define HASH_INIT			SHA_Init
+# define HASH_BLOCK_HOST_ORDER   	sha_block_host_order
+# define HASH_BLOCK_DATA_ORDER   	sha_block_data_order
+# define Xupdate(a,ix,ia,ib,ic,id)	(ix=(a)=(ia^ib^ic^id))
+
+  void sha_block_host_order (SHA_CTX *c, const void *p,int num);
+  void sha_block_data_order (SHA_CTX *c, const void *p,int num);
+
+#elif defined(SHA_1)
+
+# define HASH_UPDATE             	SHA1_Update
+# define HASH_TRANSFORM          	SHA1_Transform
+# define HASH_FINAL              	SHA1_Final
+# define HASH_INIT			SHA1_Init
+# define HASH_BLOCK_HOST_ORDER   	sha1_block_host_order
+# define HASH_BLOCK_DATA_ORDER   	sha1_block_data_order
+# if defined(__MWERKS__) && defined(__MC68K__)
+   /* Metrowerks for Motorola fails otherwise:-( <appro@fy.chalmers.se> */
+#  define Xupdate(a,ix,ia,ib,ic,id)	do { (a)=(ia^ib^ic^id);		\
+					     ix=(a)=ROTATE((a),1);	\
+					} while (0)
+# else
+#  define Xupdate(a,ix,ia,ib,ic,id)	( (a)=(ia^ib^ic^id),	\
+					  ix=(a)=ROTATE((a),1)	\
+					)
+# endif
+
+# ifdef SHA1_ASM
+#  if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+#   define sha1_block_host_order		sha1_block_asm_host_order
+#   define DONT_IMPLEMENT_BLOCK_HOST_ORDER
+#   define sha1_block_data_order		sha1_block_asm_data_order
+#   define DONT_IMPLEMENT_BLOCK_DATA_ORDER
+#   define HASH_BLOCK_DATA_ORDER_ALIGNED	sha1_block_asm_data_order
+#  endif
+# endif
+  void sha1_block_host_order (SHA_CTX *c, const void *p,int num);
+  void sha1_block_data_order (SHA_CTX *c, const void *p,int num);
 
-#undef c2nl
-#define c2nl(c,l)	(l =(((unsigned long)(*((c)++)))<<24), \
-			 l|=(((unsigned long)(*((c)++)))<<16), \
-			 l|=(((unsigned long)(*((c)++)))<< 8), \
-			 l|=(((unsigned long)(*((c)++)))    ))
-
-#undef p_c2nl
-#define p_c2nl(c,l,n)	{ \
-			switch (n) { \
-			case 0: l =((unsigned long)(*((c)++)))<<24; \
-			case 1: l|=((unsigned long)(*((c)++)))<<16; \
-			case 2: l|=((unsigned long)(*((c)++)))<< 8; \
-			case 3: l|=((unsigned long)(*((c)++))); \
-				} \
-			}
-
-#undef c2nl_p
-/* NOTE the pointer is not incremented at the end of this */
-#define c2nl_p(c,l,n)	{ \
-			l=0; \
-			(c)+=n; \
-			switch (n) { \
-			case 3: l =((unsigned long)(*(--(c))))<< 8; \
-			case 2: l|=((unsigned long)(*(--(c))))<<16; \
-			case 1: l|=((unsigned long)(*(--(c))))<<24; \
-				} \
-			}
-
-#undef p_c2nl_p
-#define p_c2nl_p(c,l,sc,len) { \
-			switch (sc) \
-				{ \
-			case 0: l =((unsigned long)(*((c)++)))<<24; \
-				if (--len == 0) break; \
-			case 1: l|=((unsigned long)(*((c)++)))<<16; \
-				if (--len == 0) break; \
-			case 2: l|=((unsigned long)(*((c)++)))<< 8; \
-				} \
-			}
-
-#undef nl2c
-#define nl2c(l,c)	(*((c)++)=(unsigned char)(((l)>>24)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-			 *((c)++)=(unsigned char)(((l)    )&0xff))
-
-#undef c2l
-#define c2l(c,l)	(l =(((unsigned long)(*((c)++)))    ), \
-			 l|=(((unsigned long)(*((c)++)))<< 8), \
-			 l|=(((unsigned long)(*((c)++)))<<16), \
-			 l|=(((unsigned long)(*((c)++)))<<24))
-
-#undef p_c2l
-#define p_c2l(c,l,n)	{ \
-			switch (n) { \
-			case 0: l =((unsigned long)(*((c)++))); \
-			case 1: l|=((unsigned long)(*((c)++)))<< 8; \
-			case 2: l|=((unsigned long)(*((c)++)))<<16; \
-			case 3: l|=((unsigned long)(*((c)++)))<<24; \
-				} \
-			}
-
-#undef c2l_p
-/* NOTE the pointer is not incremented at the end of this */
-#define c2l_p(c,l,n)	{ \
-			l=0; \
-			(c)+=n; \
-			switch (n) { \
-			case 3: l =((unsigned long)(*(--(c))))<<16; \
-			case 2: l|=((unsigned long)(*(--(c))))<< 8; \
-			case 1: l|=((unsigned long)(*(--(c)))); \
-				} \
-			}
-
-#undef p_c2l_p
-#define p_c2l_p(c,l,sc,len) { \
-			switch (sc) \
-				{ \
-			case 0: l =((unsigned long)(*((c)++))); \
-				if (--len == 0) break; \
-			case 1: l|=((unsigned long)(*((c)++)))<< 8; \
-				if (--len == 0) break; \
-			case 2: l|=((unsigned long)(*((c)++)))<<16; \
-				} \
-			}
-
-#undef l2c
-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>24)&0xff))
-
-#undef ROTATE
-#if defined(WIN32)
-#define ROTATE(a,n)     _lrotl(a,n)
 #else
-#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+# error "Either SHA_0 or SHA_1 must be defined."
 #endif
 
-/* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
-#if defined(WIN32)
-/* 5 instructions with rotate instruction, else 9 */
-#define Endian_Reverse32(a) \
-	{ \
-	unsigned long l=(a); \
-	(a)=((ROTATE(l,8)&0x00FF00FF)|(ROTATE(l,24)&0xFF00FF00)); \
-	}
-#else
-/* 6 instructions with rotate instruction, else 8 */
-#define Endian_Reverse32(a) \
-	{ \
-	unsigned long l=(a); \
-	l=(((l&0xFF00FF00)>>8L)|((l&0x00FF00FF)<<8L)); \
-	(a)=ROTATE(l,16L); \
+#include "md32_common.h"
+
+#define INIT_DATA_h0 0x67452301UL
+#define INIT_DATA_h1 0xefcdab89UL
+#define INIT_DATA_h2 0x98badcfeUL
+#define INIT_DATA_h3 0x10325476UL
+#define INIT_DATA_h4 0xc3d2e1f0UL
+
+int HASH_INIT (SHA_CTX *c)
+	{
+	c->h0=INIT_DATA_h0;
+	c->h1=INIT_DATA_h1;
+	c->h2=INIT_DATA_h2;
+	c->h3=INIT_DATA_h3;
+	c->h4=INIT_DATA_h4;
+	c->Nl=0;
+	c->Nh=0;
+	c->num=0;
+	return 1;
 	}
-#endif
+
+#define K_00_19	0x5a827999UL
+#define K_20_39 0x6ed9eba1UL
+#define K_40_59 0x8f1bbcdcUL
+#define K_60_79 0xca62c1d6UL
 
 /* As  pointed out by Wei Dai <weidai@eskimo.com>, F() below can be
  * simplified to the code in F_00_19.  Wei attributes these optimisations
@@ -203,44 +168,305 @@
 #define F_40_59(b,c,d)	(((b) & (c)) | (((b)|(c)) & (d))) 
 #define	F_60_79(b,c,d)	F_20_39(b,c,d)
 
-#ifdef SHA_0
-#undef Xupdate
-#define Xupdate(a,i,ia,ib,ic,id) X[(i)&0x0f]=(a)=\
-	(ia[(i)&0x0f]^ib[((i)+2)&0x0f]^ic[((i)+8)&0x0f]^id[((i)+13)&0x0f]);
-#endif
-#ifdef SHA_1
-#undef Xupdate
-#define Xupdate(a,i,ia,ib,ic,id) (a)=\
-	(ia[(i)&0x0f]^ib[((i)+2)&0x0f]^ic[((i)+8)&0x0f]^id[((i)+13)&0x0f]);\
-	X[(i)&0x0f]=(a)=ROTATE((a),1);
-#endif
-
-#define BODY_00_15(i,a,b,c,d,e,f,xa) \
-	(f)=xa[i]+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
+#define BODY_00_15(i,a,b,c,d,e,f,xi) \
+	(f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
 	(b)=ROTATE((b),30);
 
-#define BODY_16_19(i,a,b,c,d,e,f,xa,xb,xc,xd) \
-	Xupdate(f,i,xa,xb,xc,xd); \
+#define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
+	Xupdate(f,xi,xa,xb,xc,xd); \
 	(f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
 	(b)=ROTATE((b),30);
 
-#define BODY_20_31(i,a,b,c,d,e,f,xa,xb,xc,xd) \
-	Xupdate(f,i,xa,xb,xc,xd); \
+#define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
+	Xupdate(f,xi,xa,xb,xc,xd); \
 	(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
 	(b)=ROTATE((b),30);
 
-#define BODY_32_39(i,a,b,c,d,e,f,xa) \
-	Xupdate(f,i,xa,xa,xa,xa); \
+#define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+	Xupdate(f,xa,xa,xb,xc,xd); \
 	(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
 	(b)=ROTATE((b),30);
 
-#define BODY_40_59(i,a,b,c,d,e,f,xa) \
-	Xupdate(f,i,xa,xa,xa,xa); \
+#define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+	Xupdate(f,xa,xa,xb,xc,xd); \
 	(f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
 	(b)=ROTATE((b),30);
 
-#define BODY_60_79(i,a,b,c,d,e,f,xa) \
-	Xupdate(f,i,xa,xa,xa,xa); \
-	(f)=X[(i)&0x0f]+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
+#define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+	Xupdate(f,xa,xa,xb,xc,xd); \
+	(f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
 	(b)=ROTATE((b),30);
 
+#ifdef X
+#undef X
+#endif
+#ifndef MD32_XARRAY
+  /*
+   * Originally X was an array. As it's automatic it's natural
+   * to expect RISC compiler to accomodate at least part of it in
+   * the register bank, isn't it? Unfortunately not all compilers
+   * "find" this expectation reasonable:-( On order to make such
+   * compilers generate better code I replace X[] with a bunch of
+   * X0, X1, etc. See the function body below...
+   *					<appro@fy.chalmers.se>
+   */
+# define X(i)	XX##i
+#else
+  /*
+   * However! Some compilers (most notably HP C) get overwhelmed by
+   * that many local variables so that we have to have the way to
+   * fall down to the original behavior.
+   */
+# define X(i)	XX[i]
+#endif
+
+#ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER
+void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, int num)
+	{
+	const SHA_LONG *W=d;
+	register unsigned long A,B,C,D,E,T;
+#ifndef MD32_XARRAY
+	unsigned long	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+			XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
+#else
+	SHA_LONG	XX[16];
+#endif
+
+	A=c->h0;
+	B=c->h1;
+	C=c->h2;
+	D=c->h3;
+	E=c->h4;
+
+	for (;;)
+		{
+	BODY_00_15( 0,A,B,C,D,E,T,W[ 0]);
+	BODY_00_15( 1,T,A,B,C,D,E,W[ 1]);
+	BODY_00_15( 2,E,T,A,B,C,D,W[ 2]);
+	BODY_00_15( 3,D,E,T,A,B,C,W[ 3]);
+	BODY_00_15( 4,C,D,E,T,A,B,W[ 4]);
+	BODY_00_15( 5,B,C,D,E,T,A,W[ 5]);
+	BODY_00_15( 6,A,B,C,D,E,T,W[ 6]);
+	BODY_00_15( 7,T,A,B,C,D,E,W[ 7]);
+	BODY_00_15( 8,E,T,A,B,C,D,W[ 8]);
+	BODY_00_15( 9,D,E,T,A,B,C,W[ 9]);
+	BODY_00_15(10,C,D,E,T,A,B,W[10]);
+	BODY_00_15(11,B,C,D,E,T,A,W[11]);
+	BODY_00_15(12,A,B,C,D,E,T,W[12]);
+	BODY_00_15(13,T,A,B,C,D,E,W[13]);
+	BODY_00_15(14,E,T,A,B,C,D,W[14]);
+	BODY_00_15(15,D,E,T,A,B,C,W[15]);
+
+	BODY_16_19(16,C,D,E,T,A,B,X( 0),W[ 0],W[ 2],W[ 8],W[13]);
+	BODY_16_19(17,B,C,D,E,T,A,X( 1),W[ 1],W[ 3],W[ 9],W[14]);
+	BODY_16_19(18,A,B,C,D,E,T,X( 2),W[ 2],W[ 4],W[10],W[15]);
+	BODY_16_19(19,T,A,B,C,D,E,X( 3),W[ 3],W[ 5],W[11],X( 0));
+
+	BODY_20_31(20,E,T,A,B,C,D,X( 4),W[ 4],W[ 6],W[12],X( 1));
+	BODY_20_31(21,D,E,T,A,B,C,X( 5),W[ 5],W[ 7],W[13],X( 2));
+	BODY_20_31(22,C,D,E,T,A,B,X( 6),W[ 6],W[ 8],W[14],X( 3));
+	BODY_20_31(23,B,C,D,E,T,A,X( 7),W[ 7],W[ 9],W[15],X( 4));
+	BODY_20_31(24,A,B,C,D,E,T,X( 8),W[ 8],W[10],X( 0),X( 5));
+	BODY_20_31(25,T,A,B,C,D,E,X( 9),W[ 9],W[11],X( 1),X( 6));
+	BODY_20_31(26,E,T,A,B,C,D,X(10),W[10],W[12],X( 2),X( 7));
+	BODY_20_31(27,D,E,T,A,B,C,X(11),W[11],W[13],X( 3),X( 8));
+	BODY_20_31(28,C,D,E,T,A,B,X(12),W[12],W[14],X( 4),X( 9));
+	BODY_20_31(29,B,C,D,E,T,A,X(13),W[13],W[15],X( 5),X(10));
+	BODY_20_31(30,A,B,C,D,E,T,X(14),W[14],X( 0),X( 6),X(11));
+	BODY_20_31(31,T,A,B,C,D,E,X(15),W[15],X( 1),X( 7),X(12));
+
+	BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13));
+	BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14));
+	BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15));
+	BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0));
+	BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1));
+	BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2));
+	BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3));
+	BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4));
+
+	BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5));
+	BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6));
+	BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7));
+	BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8));
+	BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9));
+	BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10));
+	BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11));
+	BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12));
+	BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13));
+	BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14));
+	BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15));
+	BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0));
+	BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1));
+	BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2));
+	BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3));
+	BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4));
+	BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5));
+	BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6));
+	BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7));
+	BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8));
+
+	BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9));
+	BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10));
+	BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11));
+	BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12));
+	BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13));
+	BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14));
+	BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15));
+	BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0));
+	BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1));
+	BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2));
+	BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3));
+	BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4));
+	BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5));
+	BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6));
+	BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7));
+	BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8));
+	BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9));
+	BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10));
+	BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));
+	BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));
+	
+	c->h0=(c->h0+E)&0xffffffffL; 
+	c->h1=(c->h1+T)&0xffffffffL;
+	c->h2=(c->h2+A)&0xffffffffL;
+	c->h3=(c->h3+B)&0xffffffffL;
+	c->h4=(c->h4+C)&0xffffffffL;
+
+	if (--num <= 0) break;
+
+	A=c->h0;
+	B=c->h1;
+	C=c->h2;
+	D=c->h3;
+	E=c->h4;
+
+	W+=SHA_LBLOCK;
+		}
+	}
+#endif
+
+#ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER
+void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, int num)
+	{
+	const unsigned char *data=p;
+	register unsigned long A,B,C,D,E,T,l;
+#ifndef MD32_XARRAY
+	unsigned long	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+			XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
+#else
+	SHA_LONG	XX[16];
+#endif
+
+	A=c->h0;
+	B=c->h1;
+	C=c->h2;
+	D=c->h3;
+	E=c->h4;
+
+	for (;;)
+		{
+
+	HOST_c2l(data,l); X( 0)=l;		HOST_c2l(data,l); X( 1)=l;
+	BODY_00_15( 0,A,B,C,D,E,T,X( 0));	HOST_c2l(data,l); X( 2)=l;
+	BODY_00_15( 1,T,A,B,C,D,E,X( 1));	HOST_c2l(data,l); X( 3)=l;
+	BODY_00_15( 2,E,T,A,B,C,D,X( 2));	HOST_c2l(data,l); X( 4)=l;
+	BODY_00_15( 3,D,E,T,A,B,C,X( 3));	HOST_c2l(data,l); X( 5)=l;
+	BODY_00_15( 4,C,D,E,T,A,B,X( 4));	HOST_c2l(data,l); X( 6)=l;
+	BODY_00_15( 5,B,C,D,E,T,A,X( 5));	HOST_c2l(data,l); X( 7)=l;
+	BODY_00_15( 6,A,B,C,D,E,T,X( 6));	HOST_c2l(data,l); X( 8)=l;
+	BODY_00_15( 7,T,A,B,C,D,E,X( 7));	HOST_c2l(data,l); X( 9)=l;
+	BODY_00_15( 8,E,T,A,B,C,D,X( 8));	HOST_c2l(data,l); X(10)=l;
+	BODY_00_15( 9,D,E,T,A,B,C,X( 9));	HOST_c2l(data,l); X(11)=l;
+	BODY_00_15(10,C,D,E,T,A,B,X(10));	HOST_c2l(data,l); X(12)=l;
+	BODY_00_15(11,B,C,D,E,T,A,X(11));	HOST_c2l(data,l); X(13)=l;
+	BODY_00_15(12,A,B,C,D,E,T,X(12));	HOST_c2l(data,l); X(14)=l;
+	BODY_00_15(13,T,A,B,C,D,E,X(13));	HOST_c2l(data,l); X(15)=l;
+	BODY_00_15(14,E,T,A,B,C,D,X(14));
+	BODY_00_15(15,D,E,T,A,B,C,X(15));
+
+	BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13));
+	BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14));
+	BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15));
+	BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0));
+
+	BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1));
+	BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2));
+	BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3));
+	BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4));
+	BODY_20_31(24,A,B,C,D,E,T,X( 8),X( 8),X(10),X( 0),X( 5));
+	BODY_20_31(25,T,A,B,C,D,E,X( 9),X( 9),X(11),X( 1),X( 6));
+	BODY_20_31(26,E,T,A,B,C,D,X(10),X(10),X(12),X( 2),X( 7));
+	BODY_20_31(27,D,E,T,A,B,C,X(11),X(11),X(13),X( 3),X( 8));
+	BODY_20_31(28,C,D,E,T,A,B,X(12),X(12),X(14),X( 4),X( 9));
+	BODY_20_31(29,B,C,D,E,T,A,X(13),X(13),X(15),X( 5),X(10));
+	BODY_20_31(30,A,B,C,D,E,T,X(14),X(14),X( 0),X( 6),X(11));
+	BODY_20_31(31,T,A,B,C,D,E,X(15),X(15),X( 1),X( 7),X(12));
+
+	BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13));
+	BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14));
+	BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15));
+	BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0));
+	BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1));
+	BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2));
+	BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3));
+	BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4));
+
+	BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5));
+	BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6));
+	BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7));
+	BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8));
+	BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9));
+	BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10));
+	BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11));
+	BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12));
+	BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13));
+	BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14));
+	BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15));
+	BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0));
+	BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1));
+	BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2));
+	BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3));
+	BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4));
+	BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5));
+	BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6));
+	BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7));
+	BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8));
+
+	BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9));
+	BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10));
+	BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11));
+	BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12));
+	BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13));
+	BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14));
+	BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15));
+	BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0));
+	BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1));
+	BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2));
+	BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3));
+	BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4));
+	BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5));
+	BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6));
+	BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7));
+	BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8));
+	BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9));
+	BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10));
+	BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11));
+	BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12));
+	
+	c->h0=(c->h0+E)&0xffffffffL; 
+	c->h1=(c->h1+T)&0xffffffffL;
+	c->h2=(c->h2+A)&0xffffffffL;
+	c->h3=(c->h3+B)&0xffffffffL;
+	c->h4=(c->h4+C)&0xffffffffL;
+
+	if (--num <= 0) break;
+
+	A=c->h0;
+	B=c->h1;
+	C=c->h2;
+	D=c->h3;
+	E=c->h4;
+
+		}
+	}
+#endif
diff --git a/crypto/sha/sha_one.c b/crypto/sha/sha_one.c
index 18ab7f61bc..e61c63f3e9 100644
--- a/crypto/sha/sha_one.c
+++ b/crypto/sha/sha_one.c
@@ -58,12 +58,11 @@
 
 #include <stdio.h>
 #include <string.h>
-#include "sha.h"
+#include <openssl/sha.h>
+#include <openssl/crypto.h>
 
-unsigned char *SHA(d, n, md)
-unsigned char *d;
-unsigned long n;
-unsigned char *md;
+#ifndef OPENSSL_NO_SHA0
+unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
 	{
 	SHA_CTX c;
 	static unsigned char m[SHA_DIGEST_LENGTH];
@@ -72,6 +71,7 @@ unsigned char *md;
 	SHA_Init(&c);
 	SHA_Update(&c,d,n);
 	SHA_Final(md,&c);
-	memset(&c,0,sizeof(c));
+	OPENSSL_cleanse(&c,sizeof(c));
 	return(md);
 	}
+#endif
diff --git a/crypto/sha/sha_sgst.c b/crypto/sha/sha_sgst.c
deleted file mode 100644
index 8a16801328..0000000000
--- a/crypto/sha/sha_sgst.c
+++ /dev/null
@@ -1,246 +0,0 @@
-/* crypto/sha/sha_sgst.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdlib.h>
-#include <string.h>
-
-#ifdef undef
-/* one or the other needs to be defined */
-#ifndef SHA_1 /* FIPE 180-1 */
-#define SHA_0 /* FIPS 180   */
-#endif
-#endif
-
-#define ULONG	unsigned long
-#define UCHAR	unsigned char
-#define UINT	unsigned int
-
-#ifdef NOCONST
-#define const
-#endif
-
-#undef c2nl
-#define c2nl(c,l)	(l =(((unsigned long)(*((c)++)))<<24), \
-			 l|=(((unsigned long)(*((c)++)))<<16), \
-			 l|=(((unsigned long)(*((c)++)))<< 8), \
-			 l|=(((unsigned long)(*((c)++)))    ))
-
-#undef p_c2nl
-#define p_c2nl(c,l,n)	{ \
-			switch (n) { \
-			case 0: l =((unsigned long)(*((c)++)))<<24; \
-			case 1: l|=((unsigned long)(*((c)++)))<<16; \
-			case 2: l|=((unsigned long)(*((c)++)))<< 8; \
-			case 3: l|=((unsigned long)(*((c)++))); \
-				} \
-			}
-
-#undef c2nl_p
-/* NOTE the pointer is not incremented at the end of this */
-#define c2nl_p(c,l,n)	{ \
-			l=0; \
-			(c)+=n; \
-			switch (n) { \
-			case 3: l =((unsigned long)(*(--(c))))<< 8; \
-			case 2: l|=((unsigned long)(*(--(c))))<<16; \
-			case 1: l|=((unsigned long)(*(--(c))))<<24; \
-				} \
-			}
-
-#undef p_c2nl_p
-#define p_c2nl_p(c,l,sc,len) { \
-			switch (sc) \
-				{ \
-			case 0: l =((unsigned long)(*((c)++)))<<24; \
-				if (--len == 0) break; \
-			case 1: l|=((unsigned long)(*((c)++)))<<16; \
-				if (--len == 0) break; \
-			case 2: l|=((unsigned long)(*((c)++)))<< 8; \
-				} \
-			}
-
-#undef nl2c
-#define nl2c(l,c)	(*((c)++)=(unsigned char)(((l)>>24)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-			 *((c)++)=(unsigned char)(((l)    )&0xff))
-
-#undef c2l
-#define c2l(c,l)	(l =(((unsigned long)(*((c)++)))    ), \
-			 l|=(((unsigned long)(*((c)++)))<< 8), \
-			 l|=(((unsigned long)(*((c)++)))<<16), \
-			 l|=(((unsigned long)(*((c)++)))<<24))
-
-#undef p_c2l
-#define p_c2l(c,l,n)	{ \
-			switch (n) { \
-			case 0: l =((unsigned long)(*((c)++))); \
-			case 1: l|=((unsigned long)(*((c)++)))<< 8; \
-			case 2: l|=((unsigned long)(*((c)++)))<<16; \
-			case 3: l|=((unsigned long)(*((c)++)))<<24; \
-				} \
-			}
-
-#undef c2l_p
-/* NOTE the pointer is not incremented at the end of this */
-#define c2l_p(c,l,n)	{ \
-			l=0; \
-			(c)+=n; \
-			switch (n) { \
-			case 3: l =((unsigned long)(*(--(c))))<<16; \
-			case 2: l|=((unsigned long)(*(--(c))))<< 8; \
-			case 1: l|=((unsigned long)(*(--(c)))); \
-				} \
-			}
-
-#undef p_c2l_p
-#define p_c2l_p(c,l,sc,len) { \
-			switch (sc) \
-				{ \
-			case 0: l =((unsigned long)(*((c)++))); \
-				if (--len == 0) break; \
-			case 1: l|=((unsigned long)(*((c)++)))<< 8; \
-				if (--len == 0) break; \
-			case 2: l|=((unsigned long)(*((c)++)))<<16; \
-				} \
-			}
-
-#undef l2c
-#define l2c(l,c)	(*((c)++)=(unsigned char)(((l)    )&0xff), \
-			 *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-			 *((c)++)=(unsigned char)(((l)>>24)&0xff))
-
-#undef ROTATE
-#if defined(WIN32)
-#define ROTATE(a,n)     _lrotl(a,n)
-#else
-#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
-#endif
-
-/* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */
-#if defined(WIN32)
-/* 5 instructions with rotate instruction, else 9 */
-#define Endian_Reverse32(a) \
-	{ \
-	unsigned long l=(a); \
-	(a)=((ROTATE(l,8)&0x00FF00FF)|(ROTATE(l,24)&0xFF00FF00)); \
-	}
-#else
-/* 6 instructions with rotate instruction, else 8 */
-#define Endian_Reverse32(a) \
-	{ \
-	unsigned long l=(a); \
-	l=(((l&0xFF00FF00)>>8L)|((l&0x00FF00FF)<<8L)); \
-	(a)=ROTATE(l,16L); \
-	}
-#endif
-
-/* As  pointed out by Wei Dai <weidai@eskimo.com>, F() below can be
- * simplified to the code in F_00_19.  Wei attributes these optimisations
- * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
- * #define F(x,y,z) (((x) & (y))  |  ((~(x)) & (z)))
- * I've just become aware of another tweak to be made, again from Wei Dai,
- * in F_40_59, (x&a)|(y&a) -> (x|y)&a
- */
-#define	F_00_19(b,c,d)	((((c) ^ (d)) & (b)) ^ (d)) 
-#define	F_20_39(b,c,d)	((b) ^ (c) ^ (d))
-#define F_40_59(b,c,d)	(((b) & (c)) | (((b)|(c)) & (d))) 
-#define	F_60_79(b,c,d)	F_20_39(b,c,d)
-
-#ifdef SHA_0
-#undef Xupdate
-#define Xupdate(a,i,ia,ib,ic,id) X[(i)&0x0f]=(a)=\
-	(ia[(i)&0x0f]^ib[((i)+2)&0x0f]^ic[((i)+8)&0x0f]^id[((i)+13)&0x0f]);
-#endif
-#ifdef SHA_1
-#undef Xupdate
-#define Xupdate(a,i,ia,ib,ic,id) (a)=\
-	(ia[(i)&0x0f]^ib[((i)+2)&0x0f]^ic[((i)+8)&0x0f]^id[((i)+13)&0x0f]);\
-	X[(i)&0x0f]=(a)=ROTATE((a),1);
-#endif
-
-#define BODY_00_15(i,a,b,c,d,e,f,xa) \
-	(f)=xa[i]+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
-	(b)=ROTATE((b),30);
-
-#define BODY_16_19(i,a,b,c,d,e,f,xa,xb,xc,xd) \
-	Xupdate(f,i,xa,xb,xc,xd); \
-	(f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
-	(b)=ROTATE((b),30);
-
-#define BODY_20_31(i,a,b,c,d,e,f,xa,xb,xc,xd) \
-	Xupdate(f,i,xa,xb,xc,xd); \
-	(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
-	(b)=ROTATE((b),30);
-
-#define BODY_32_39(i,a,b,c,d,e,f,xa) \
-	Xupdate(f,i,xa,xa,xa,xa); \
-	(f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
-	(b)=ROTATE((b),30);
-
-#define BODY_40_59(i,a,b,c,d,e,f,xa) \
-	Xupdate(f,i,xa,xa,xa,xa); \
-	(f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
-	(b)=ROTATE((b),30);
-
-#define BODY_60_79(i,a,b,c,d,e,f,xa) \
-	Xupdate(f,i,xa,xa,xa,xa); \
-	(f)=X[(i)&0x0f]+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
-	(b)=ROTATE((b),30);
-
diff --git a/crypto/sha/shatest.c b/crypto/sha/shatest.c
index 03816e9b39..5d2b1d3b1a 100644
--- a/crypto/sha/shatest.c
+++ b/crypto/sha/shatest.c
@@ -59,57 +59,72 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#include "sha.h"
+
+#include "../e_os.h"
+
+#ifdef OPENSSL_NO_SHA
+int main(int argc, char *argv[])
+{
+    printf("No SHA support\n");
+    return(0);
+}
+#else
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
 
 #define SHA_0 /* FIPS 180 */
 #undef  SHA_1 /* FIPS 180-1 */
 
-char *test[]={
+static char *test[]={
 	"abc",
 	"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
 	NULL,
 	};
 
 #ifdef SHA_0
-char *ret[]={
+static char *ret[]={
 	"0164b8a914cd2a5e74c4f7ff082c4d97f1edf880",
 	"d2516ee1acfa5baf33dfc1c471e438449ef134c8",
 	};
-char *bigret=
+static char *bigret=
 	"3232affa48628a26653b5aaa44541fd90d690603";
 #endif
 #ifdef SHA_1
-char *ret[]={
+static char *ret[]={
 	"a9993e364706816aba3e25717850c26c9cd0d89d",
 	"84983e441c3bd26ebaae4aa1f95129e5e54670f1",
 	};
-char *bigret=
+static char *bigret=
 	"34aa973cd4c4daa4f61eeb2bdbad27316534016f";
 #endif
 
-#ifndef NOPROTO
 static char *pt(unsigned char *md);
-#else
-static char *pt();
-#endif
-
-int main(argc,argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	int i,err=0;
 	unsigned char **P,**R;
 	static unsigned char buf[1000];
 	char *p,*r;
-	SHA_CTX c;
+	EVP_MD_CTX c;
 	unsigned char md[SHA_DIGEST_LENGTH];
 
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(test[0], test[0], strlen(test[0]));
+	ebcdic2ascii(test[1], test[1], strlen(test[1]));
+#endif
+
+	EVP_MD_CTX_init(&c);
 	P=(unsigned char **)test;
 	R=(unsigned char **)ret;
 	i=1;
 	while (*P != NULL)
 		{
-		p=pt(SHA(*P,(unsigned long)strlen((char *)*P),NULL));
+		EVP_Digest(*P,(unsigned long)strlen((char *)*P),md,NULL,EVP_sha(), NULL);
+		p=pt(md);
 		if (strcmp(p,(char *)*R) != 0)
 			{
 			printf("error calculating SHA on '%s'\n",*P);
@@ -124,10 +139,13 @@ char *argv[];
 		}
 
 	memset(buf,'a',1000);
-	SHA_Init(&c);
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(buf, buf, 1000);
+#endif /*CHARSET_EBCDIC*/
+	EVP_DigestInit_ex(&c,EVP_sha(), NULL);
 	for (i=0; i<1000; i++)
-		SHA_Update(&c,buf,1000);
-	SHA_Final(md,&c);
+		EVP_DigestUpdate(&c,buf,1000);
+	EVP_DigestFinal_ex(&c,md,NULL);
 	p=pt(md);
 
 	r=bigret;
@@ -139,12 +157,12 @@ char *argv[];
 		}
 	else
 		printf("test 3 ok\n");
-	exit(err);
+	EVP_MD_CTX_cleanup(&c);
+	EXIT(err);
 	return(0);
 	}
 
-static char *pt(md)
-unsigned char *md;
+static char *pt(unsigned char *md)
 	{
 	int i;
 	static char buf[80];
@@ -153,3 +171,4 @@ unsigned char *md;
 		sprintf(&(buf[i*2]),"%02x",md[i]);
 	return(buf);
 	}
+#endif
diff --git a/crypto/stack/.cvsignore b/crypto/stack/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/stack/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/stack/Makefile.ssl b/crypto/stack/Makefile.ssl
index 0d232c08cf..e4acfe6aba 100644
--- a/crypto/stack/Makefile.ssl
+++ b/crypto/stack/Makefile.ssl
@@ -7,9 +7,12 @@ TOP=	../..
 CC=	cc
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -25,7 +28,7 @@ LIBOBJ=stack.o
 
 SRC= $(LIBSRC)
 
-EXHEADER= stack.h
+EXHEADER= stack.h safestack.h
 HEADER=	$(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -37,24 +40,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -66,15 +68,21 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+stack.o: ../../e_os.h ../../include/openssl/bio.h
+stack.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+stack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+stack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+stack.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+stack.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+stack.o: ../cryptlib.h stack.c
diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h
new file mode 100644
index 0000000000..ed9ed2c23a
--- /dev/null
+++ b/crypto/stack/safestack.h
@@ -0,0 +1,1512 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_SAFESTACK_H
+#define HEADER_SAFESTACK_H
+
+#include <openssl/stack.h>
+
+#ifdef DEBUG_SAFESTACK
+
+#define STACK_OF(type) struct stack_st_##type
+#define PREDECLARE_STACK_OF(type) STACK_OF(type);
+
+#define DECLARE_STACK_OF(type) \
+STACK_OF(type) \
+    { \
+    STACK stack; \
+    };
+
+#define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/
+
+/* SKM_sk_... stack macros are internal to safestack.h:
+ * never use them directly, use sk_<type>_... instead */
+#define SKM_sk_new(type, cmp) \
+	((STACK_OF(type) * (*)(int (*)(const type * const *, const type * const *)))sk_new)(cmp)
+#define SKM_sk_new_null(type) \
+	((STACK_OF(type) * (*)(void))sk_new_null)()
+#define SKM_sk_free(type, st) \
+	((void (*)(STACK_OF(type) *))sk_free)(st)
+#define SKM_sk_num(type, st) \
+	((int (*)(const STACK_OF(type) *))sk_num)(st)
+#define SKM_sk_value(type, st,i) \
+	((type * (*)(const STACK_OF(type) *, int))sk_value)(st, i)
+#define SKM_sk_set(type, st,i,val) \
+	((type * (*)(STACK_OF(type) *, int, type *))sk_set)(st, i, val)
+#define SKM_sk_zero(type, st) \
+	((void (*)(STACK_OF(type) *))sk_zero)(st)
+#define SKM_sk_push(type, st,val) \
+	((int (*)(STACK_OF(type) *, type *))sk_push)(st, val)
+#define SKM_sk_unshift(type, st,val) \
+	((int (*)(STACK_OF(type) *, type *))sk_unshift)(st, val)
+#define SKM_sk_find(type, st,val) \
+	((int (*)(STACK_OF(type) *, type *))sk_find)(st, val)
+#define SKM_sk_delete(type, st,i) \
+	((type * (*)(STACK_OF(type) *, int))sk_delete)(st, i)
+#define SKM_sk_delete_ptr(type, st,ptr) \
+	((type * (*)(STACK_OF(type) *, type *))sk_delete_ptr)(st, ptr)
+#define SKM_sk_insert(type, st,val,i) \
+	((int (*)(STACK_OF(type) *, type *, int))sk_insert)(st, val, i)
+#define SKM_sk_set_cmp_func(type, st,cmp) \
+	((int (*(*)(STACK_OF(type) *, int (*)(const type * const *, const type * const *))) \
+	  (const type * const *, const type * const *))sk_set_cmp_func)\
+	(st, cmp)
+#define SKM_sk_dup(type, st) \
+	((STACK_OF(type) *(*)(STACK_OF(type) *))sk_dup)(st)
+#define SKM_sk_pop_free(type, st,free_func) \
+	((void (*)(STACK_OF(type) *, void (*)(type *)))sk_pop_free)\
+	(st, free_func)
+#define SKM_sk_shift(type, st) \
+	((type * (*)(STACK_OF(type) *))sk_shift)(st)
+#define SKM_sk_pop(type, st) \
+	((type * (*)(STACK_OF(type) *))sk_pop)(st)
+#define SKM_sk_sort(type, st) \
+	((void (*)(STACK_OF(type) *))sk_sort)(st)
+
+#define	SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	((STACK_OF(type) * (*) (STACK_OF(type) **,unsigned char **, long , \
+                                       type *(*)(type **, unsigned char **,long), \
+                                       void (*)(type *), int ,int )) d2i_ASN1_SET) \
+						(st,pp,length, d2i_func, free_func, ex_tag,ex_class)
+#define	SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	((int (*)(STACK_OF(type) *,unsigned char **, \
+                           int (*)(type *,unsigned char **), int , int , int)) i2d_ASN1_SET) \
+						(st,pp,i2d_func,ex_tag,ex_class,is_set)
+
+#define	SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
+	((unsigned char *(*)(STACK_OF(type) *, \
+                                    int (*)(type *,unsigned char **), unsigned char **,int *)) ASN1_seq_pack) \
+				(st, i2d_func, buf, len)
+#define	SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
+	((STACK_OF(type) * (*)(unsigned char *,int, \
+                                       type *(*)(type **,unsigned char **, long), \
+                                       void (*)(type *)))ASN1_seq_unpack) \
+					(buf,len,d2i_func, free_func)
+
+#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
+	((STACK_OF(type) * (*)(X509_ALGOR *, \
+                                type *(*)(type **, unsigned char **, long), void (*)(type *), \
+                                const char *, int, \
+                                ASN1_STRING *, int))PKCS12_decrypt_d2i) \
+				(algor,d2i_func,free_func,pass,passlen,oct,seq)
+
+#else
+
+#define STACK_OF(type) STACK
+#define PREDECLARE_STACK_OF(type) /* nada */
+#define DECLARE_STACK_OF(type)    /* nada */
+#define IMPLEMENT_STACK_OF(type)  /* nada */
+
+#define SKM_sk_new(type, cmp) \
+	sk_new((int (*)(const char * const *, const char * const *))(cmp))
+#define SKM_sk_new_null(type) \
+	sk_new_null()
+#define SKM_sk_free(type, st) \
+	sk_free(st)
+#define SKM_sk_num(type, st) \
+	sk_num(st)
+#define SKM_sk_value(type, st,i) \
+	((type *)sk_value(st, i))
+#define SKM_sk_set(type, st,i,val) \
+	((type *)sk_set(st, i,(char *)val))
+#define SKM_sk_zero(type, st) \
+	sk_zero(st)
+#define SKM_sk_push(type, st,val) \
+	sk_push(st, (char *)val)
+#define SKM_sk_unshift(type, st,val) \
+	sk_unshift(st, val)
+#define SKM_sk_find(type, st,val) \
+	sk_find(st, (char *)val)
+#define SKM_sk_delete(type, st,i) \
+	((type *)sk_delete(st, i))
+#define SKM_sk_delete_ptr(type, st,ptr) \
+	((type *)sk_delete_ptr(st,(char *)ptr))
+#define SKM_sk_insert(type, st,val,i) \
+	sk_insert(st, (char *)val, i)
+#define SKM_sk_set_cmp_func(type, st,cmp) \
+	((int (*)(const type * const *,const type * const *)) \
+	sk_set_cmp_func(st, (int (*)(const char * const *, const char * const *))(cmp)))
+#define SKM_sk_dup(type, st) \
+	sk_dup(st)
+#define SKM_sk_pop_free(type, st,free_func) \
+	sk_pop_free(st, (void (*)(void *))free_func)
+#define SKM_sk_shift(type, st) \
+	((type *)sk_shift(st))
+#define SKM_sk_pop(type, st) \
+	((type *)sk_pop(st))
+#define SKM_sk_sort(type, st) \
+	sk_sort(st)
+
+#define	SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	d2i_ASN1_SET(st,pp,length, (char *(*)())d2i_func, (void (*)(void *))free_func, ex_tag,ex_class)
+#define	SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	i2d_ASN1_SET(st,pp,i2d_func,ex_tag,ex_class,is_set)
+
+#define	SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \
+	ASN1_seq_pack(st, i2d_func, buf, len)
+#define	SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \
+	ASN1_seq_unpack(buf,len,(char *(*)())d2i_func, (void(*)(void *))free_func)
+
+#define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \
+	((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq))
+
+#endif
+
+/* This block of defines is updated by util/mkstack.pl, please do not touch! */
+#define sk_ACCESS_DESCRIPTION_new(st) SKM_sk_new(ACCESS_DESCRIPTION, (st))
+#define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION)
+#define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st))
+#define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st))
+#define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i))
+#define sk_ACCESS_DESCRIPTION_set(st, i, val) SKM_sk_set(ACCESS_DESCRIPTION, (st), (i), (val))
+#define sk_ACCESS_DESCRIPTION_zero(st) SKM_sk_zero(ACCESS_DESCRIPTION, (st))
+#define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val))
+#define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val))
+#define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val))
+#define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i))
+#define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr))
+#define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i))
+#define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp))
+#define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st)
+#define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func))
+#define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st))
+#define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st))
+#define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st))
+
+#define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st))
+#define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING)
+#define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st))
+#define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st))
+#define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i))
+#define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val))
+#define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st))
+#define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val))
+#define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val))
+#define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val))
+#define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i))
+#define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr))
+#define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i))
+#define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp))
+#define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st)
+#define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func))
+#define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st))
+#define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st))
+#define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st))
+
+#define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st))
+#define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER)
+#define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st))
+#define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st))
+#define sk_ASN1_INTEGER_value(st, i) SKM_sk_value(ASN1_INTEGER, (st), (i))
+#define sk_ASN1_INTEGER_set(st, i, val) SKM_sk_set(ASN1_INTEGER, (st), (i), (val))
+#define sk_ASN1_INTEGER_zero(st) SKM_sk_zero(ASN1_INTEGER, (st))
+#define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val))
+#define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val))
+#define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val))
+#define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i))
+#define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr))
+#define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i))
+#define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp))
+#define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st)
+#define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func))
+#define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st))
+#define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st))
+#define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st))
+
+#define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st))
+#define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT)
+#define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st))
+#define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st))
+#define sk_ASN1_OBJECT_value(st, i) SKM_sk_value(ASN1_OBJECT, (st), (i))
+#define sk_ASN1_OBJECT_set(st, i, val) SKM_sk_set(ASN1_OBJECT, (st), (i), (val))
+#define sk_ASN1_OBJECT_zero(st) SKM_sk_zero(ASN1_OBJECT, (st))
+#define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val))
+#define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val))
+#define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val))
+#define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i))
+#define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr))
+#define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i))
+#define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp))
+#define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st)
+#define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func))
+#define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st))
+#define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st))
+#define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st))
+
+#define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st))
+#define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE)
+#define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st))
+#define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st))
+#define sk_ASN1_STRING_TABLE_value(st, i) SKM_sk_value(ASN1_STRING_TABLE, (st), (i))
+#define sk_ASN1_STRING_TABLE_set(st, i, val) SKM_sk_set(ASN1_STRING_TABLE, (st), (i), (val))
+#define sk_ASN1_STRING_TABLE_zero(st) SKM_sk_zero(ASN1_STRING_TABLE, (st))
+#define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val))
+#define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val))
+#define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val))
+#define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i))
+#define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr))
+#define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i))
+#define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp))
+#define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st)
+#define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func))
+#define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st))
+#define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st))
+#define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st))
+
+#define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st))
+#define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE)
+#define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st))
+#define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st))
+#define sk_ASN1_TYPE_value(st, i) SKM_sk_value(ASN1_TYPE, (st), (i))
+#define sk_ASN1_TYPE_set(st, i, val) SKM_sk_set(ASN1_TYPE, (st), (i), (val))
+#define sk_ASN1_TYPE_zero(st) SKM_sk_zero(ASN1_TYPE, (st))
+#define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val))
+#define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val))
+#define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val))
+#define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i))
+#define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr))
+#define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i))
+#define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp))
+#define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st)
+#define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func))
+#define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st))
+#define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st))
+#define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st))
+
+#define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st))
+#define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE)
+#define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st))
+#define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st))
+#define sk_ASN1_VALUE_value(st, i) SKM_sk_value(ASN1_VALUE, (st), (i))
+#define sk_ASN1_VALUE_set(st, i, val) SKM_sk_set(ASN1_VALUE, (st), (i), (val))
+#define sk_ASN1_VALUE_zero(st) SKM_sk_zero(ASN1_VALUE, (st))
+#define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val))
+#define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val))
+#define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val))
+#define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i))
+#define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr))
+#define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i))
+#define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp))
+#define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st)
+#define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func))
+#define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st))
+#define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st))
+#define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st))
+
+#define sk_BIO_new(st) SKM_sk_new(BIO, (st))
+#define sk_BIO_new_null() SKM_sk_new_null(BIO)
+#define sk_BIO_free(st) SKM_sk_free(BIO, (st))
+#define sk_BIO_num(st) SKM_sk_num(BIO, (st))
+#define sk_BIO_value(st, i) SKM_sk_value(BIO, (st), (i))
+#define sk_BIO_set(st, i, val) SKM_sk_set(BIO, (st), (i), (val))
+#define sk_BIO_zero(st) SKM_sk_zero(BIO, (st))
+#define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val))
+#define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val))
+#define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val))
+#define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i))
+#define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr))
+#define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i))
+#define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp))
+#define sk_BIO_dup(st) SKM_sk_dup(BIO, st)
+#define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func))
+#define sk_BIO_shift(st) SKM_sk_shift(BIO, (st))
+#define sk_BIO_pop(st) SKM_sk_pop(BIO, (st))
+#define sk_BIO_sort(st) SKM_sk_sort(BIO, (st))
+
+#define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE)
+#define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i))
+#define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val))
+#define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val))
+#define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val))
+#define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val))
+#define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i))
+#define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr))
+#define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i))
+#define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp))
+#define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st)
+#define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func))
+#define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st))
+
+#define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st))
+#define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE)
+#define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st))
+#define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st))
+#define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i))
+#define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val))
+#define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st))
+#define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val))
+#define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val))
+#define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val))
+#define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i))
+#define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr))
+#define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i))
+#define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp))
+#define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st)
+#define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func))
+#define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st))
+#define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st))
+#define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st))
+
+#define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st))
+#define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE)
+#define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st))
+#define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st))
+#define sk_CONF_VALUE_value(st, i) SKM_sk_value(CONF_VALUE, (st), (i))
+#define sk_CONF_VALUE_set(st, i, val) SKM_sk_set(CONF_VALUE, (st), (i), (val))
+#define sk_CONF_VALUE_zero(st) SKM_sk_zero(CONF_VALUE, (st))
+#define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val))
+#define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val))
+#define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val))
+#define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i))
+#define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr))
+#define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i))
+#define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp))
+#define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st)
+#define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func))
+#define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st))
+#define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st))
+#define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st))
+
+#define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st))
+#define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS)
+#define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st))
+#define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st))
+#define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i))
+#define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val))
+#define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st))
+#define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val))
+#define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val))
+#define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val))
+#define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i))
+#define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr))
+#define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i))
+#define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp))
+#define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st)
+#define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func))
+#define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st))
+#define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st))
+#define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st))
+
+#define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st))
+#define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock)
+#define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st))
+#define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st))
+#define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i))
+#define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val))
+#define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st))
+#define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val))
+#define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val))
+#define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val))
+#define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i))
+#define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr))
+#define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i))
+#define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp))
+#define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st)
+#define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func))
+#define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st))
+#define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st))
+#define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st))
+
+#define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st))
+#define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT)
+#define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st))
+#define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st))
+#define sk_DIST_POINT_value(st, i) SKM_sk_value(DIST_POINT, (st), (i))
+#define sk_DIST_POINT_set(st, i, val) SKM_sk_set(DIST_POINT, (st), (i), (val))
+#define sk_DIST_POINT_zero(st) SKM_sk_zero(DIST_POINT, (st))
+#define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val))
+#define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val))
+#define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val))
+#define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i))
+#define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr))
+#define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i))
+#define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp))
+#define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st)
+#define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func))
+#define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st))
+#define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st))
+#define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st))
+
+#define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st))
+#define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE)
+#define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st))
+#define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st))
+#define sk_ENGINE_value(st, i) SKM_sk_value(ENGINE, (st), (i))
+#define sk_ENGINE_set(st, i, val) SKM_sk_set(ENGINE, (st), (i), (val))
+#define sk_ENGINE_zero(st) SKM_sk_zero(ENGINE, (st))
+#define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val))
+#define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val))
+#define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val))
+#define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i))
+#define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr))
+#define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i))
+#define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp))
+#define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st)
+#define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func))
+#define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st))
+#define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st))
+#define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st))
+
+#define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st))
+#define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM)
+#define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st))
+#define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st))
+#define sk_ENGINE_CLEANUP_ITEM_value(st, i) SKM_sk_value(ENGINE_CLEANUP_ITEM, (st), (i))
+#define sk_ENGINE_CLEANUP_ITEM_set(st, i, val) SKM_sk_set(ENGINE_CLEANUP_ITEM, (st), (i), (val))
+#define sk_ENGINE_CLEANUP_ITEM_zero(st) SKM_sk_zero(ENGINE_CLEANUP_ITEM, (st))
+#define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val))
+#define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val))
+#define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val))
+#define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i))
+#define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr))
+#define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i))
+#define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp))
+#define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st)
+#define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func))
+#define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st))
+#define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st))
+#define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st))
+
+#define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st))
+#define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME)
+#define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st))
+#define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st))
+#define sk_GENERAL_NAME_value(st, i) SKM_sk_value(GENERAL_NAME, (st), (i))
+#define sk_GENERAL_NAME_set(st, i, val) SKM_sk_set(GENERAL_NAME, (st), (i), (val))
+#define sk_GENERAL_NAME_zero(st) SKM_sk_zero(GENERAL_NAME, (st))
+#define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val))
+#define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val))
+#define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val))
+#define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i))
+#define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr))
+#define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i))
+#define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp))
+#define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st)
+#define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func))
+#define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st))
+#define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st))
+#define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st))
+
+#define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st))
+#define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY)
+#define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st))
+#define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st))
+#define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i))
+#define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val))
+#define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st))
+#define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val))
+#define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val))
+#define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val))
+#define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i))
+#define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr))
+#define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i))
+#define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp))
+#define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st)
+#define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func))
+#define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st))
+#define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st))
+#define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st))
+
+#define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st))
+#define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA)
+#define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st))
+#define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st))
+#define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i))
+#define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val))
+#define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st))
+#define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val))
+#define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val))
+#define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val))
+#define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i))
+#define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr))
+#define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i))
+#define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp))
+#define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st)
+#define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func))
+#define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st))
+#define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st))
+#define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st))
+
+#define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st))
+#define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY)
+#define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st))
+#define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st))
+#define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i))
+#define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val))
+#define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st))
+#define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val))
+#define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val))
+#define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val))
+#define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i))
+#define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr))
+#define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i))
+#define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp))
+#define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st)
+#define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func))
+#define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st))
+#define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st))
+#define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st))
+
+#define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st))
+#define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM)
+#define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st))
+#define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st))
+#define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i))
+#define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val))
+#define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st))
+#define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val))
+#define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val))
+#define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val))
+#define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i))
+#define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr))
+#define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i))
+#define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp))
+#define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st)
+#define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func))
+#define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st))
+#define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st))
+#define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st))
+
+#define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st))
+#define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA)
+#define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st))
+#define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st))
+#define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i))
+#define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val))
+#define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st))
+#define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val))
+#define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val))
+#define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val))
+#define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i))
+#define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr))
+#define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i))
+#define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp))
+#define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st)
+#define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func))
+#define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st))
+#define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st))
+#define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st))
+
+#define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st))
+#define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY)
+#define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st))
+#define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st))
+#define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i))
+#define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val))
+#define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st))
+#define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val))
+#define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val))
+#define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val))
+#define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i))
+#define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr))
+#define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i))
+#define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp))
+#define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st)
+#define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func))
+#define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st))
+#define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st))
+#define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st))
+
+#define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st))
+#define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME)
+#define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st))
+#define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st))
+#define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i))
+#define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val))
+#define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st))
+#define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val))
+#define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val))
+#define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val))
+#define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i))
+#define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr))
+#define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i))
+#define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp))
+#define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st)
+#define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func))
+#define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st))
+#define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st))
+#define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st))
+
+#define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st))
+#define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY)
+#define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st))
+#define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st))
+#define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i))
+#define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val))
+#define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st))
+#define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val))
+#define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val))
+#define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val))
+#define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i))
+#define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr))
+#define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i))
+#define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp))
+#define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st)
+#define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func))
+#define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st))
+#define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st))
+#define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st))
+
+#define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st))
+#define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER)
+#define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st))
+#define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st))
+#define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i))
+#define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val))
+#define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st))
+#define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val))
+#define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val))
+#define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val))
+#define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i))
+#define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr))
+#define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i))
+#define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp))
+#define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st)
+#define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func))
+#define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st))
+#define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st))
+#define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st))
+
+#define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st))
+#define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM)
+#define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st))
+#define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st))
+#define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i))
+#define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val))
+#define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st))
+#define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val))
+#define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val))
+#define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val))
+#define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i))
+#define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr))
+#define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i))
+#define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp))
+#define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st)
+#define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func))
+#define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st))
+#define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st))
+#define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st))
+
+#define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st))
+#define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS)
+#define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st))
+#define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st))
+#define sk_NAME_FUNCS_value(st, i) SKM_sk_value(NAME_FUNCS, (st), (i))
+#define sk_NAME_FUNCS_set(st, i, val) SKM_sk_set(NAME_FUNCS, (st), (i), (val))
+#define sk_NAME_FUNCS_zero(st) SKM_sk_zero(NAME_FUNCS, (st))
+#define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val))
+#define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val))
+#define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val))
+#define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i))
+#define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr))
+#define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i))
+#define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp))
+#define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st)
+#define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func))
+#define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st))
+#define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st))
+#define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st))
+
+#define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID)
+#define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i))
+#define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val))
+#define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val))
+#define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val))
+#define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val))
+#define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i))
+#define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr))
+#define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i))
+#define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp))
+#define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st)
+#define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func))
+#define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st))
+#define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st))
+
+#define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ)
+#define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i))
+#define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val))
+#define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val))
+#define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val))
+#define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val))
+#define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i))
+#define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr))
+#define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i))
+#define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp))
+#define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st)
+#define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func))
+#define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st))
+
+#define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP)
+#define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i))
+#define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val))
+#define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val))
+#define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val))
+#define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val))
+#define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i))
+#define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr))
+#define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i))
+#define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp))
+#define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st)
+#define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func))
+#define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st))
+
+#define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st))
+#define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG)
+#define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st))
+#define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st))
+#define sk_PKCS12_SAFEBAG_value(st, i) SKM_sk_value(PKCS12_SAFEBAG, (st), (i))
+#define sk_PKCS12_SAFEBAG_set(st, i, val) SKM_sk_set(PKCS12_SAFEBAG, (st), (i), (val))
+#define sk_PKCS12_SAFEBAG_zero(st) SKM_sk_zero(PKCS12_SAFEBAG, (st))
+#define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val))
+#define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val))
+#define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val))
+#define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i))
+#define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr))
+#define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i))
+#define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp))
+#define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st)
+#define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func))
+#define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st))
+#define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st))
+#define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st))
+
+#define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st))
+#define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7)
+#define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st))
+#define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st))
+#define sk_PKCS7_value(st, i) SKM_sk_value(PKCS7, (st), (i))
+#define sk_PKCS7_set(st, i, val) SKM_sk_set(PKCS7, (st), (i), (val))
+#define sk_PKCS7_zero(st) SKM_sk_zero(PKCS7, (st))
+#define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val))
+#define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val))
+#define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val))
+#define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i))
+#define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr))
+#define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i))
+#define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp))
+#define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st)
+#define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func))
+#define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st))
+#define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st))
+#define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st))
+
+#define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st))
+#define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO)
+#define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st))
+#define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st))
+#define sk_PKCS7_RECIP_INFO_value(st, i) SKM_sk_value(PKCS7_RECIP_INFO, (st), (i))
+#define sk_PKCS7_RECIP_INFO_set(st, i, val) SKM_sk_set(PKCS7_RECIP_INFO, (st), (i), (val))
+#define sk_PKCS7_RECIP_INFO_zero(st) SKM_sk_zero(PKCS7_RECIP_INFO, (st))
+#define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val))
+#define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val))
+#define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val))
+#define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i))
+#define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr))
+#define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i))
+#define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp))
+#define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st)
+#define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func))
+#define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st))
+#define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st))
+#define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st))
+
+#define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st))
+#define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO)
+#define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st))
+#define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st))
+#define sk_PKCS7_SIGNER_INFO_value(st, i) SKM_sk_value(PKCS7_SIGNER_INFO, (st), (i))
+#define sk_PKCS7_SIGNER_INFO_set(st, i, val) SKM_sk_set(PKCS7_SIGNER_INFO, (st), (i), (val))
+#define sk_PKCS7_SIGNER_INFO_zero(st) SKM_sk_zero(PKCS7_SIGNER_INFO, (st))
+#define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val))
+#define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val))
+#define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val))
+#define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i))
+#define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr))
+#define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i))
+#define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp))
+#define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st)
+#define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func))
+#define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st))
+#define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st))
+#define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st))
+
+#define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st))
+#define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO)
+#define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st))
+#define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st))
+#define sk_POLICYINFO_value(st, i) SKM_sk_value(POLICYINFO, (st), (i))
+#define sk_POLICYINFO_set(st, i, val) SKM_sk_set(POLICYINFO, (st), (i), (val))
+#define sk_POLICYINFO_zero(st) SKM_sk_zero(POLICYINFO, (st))
+#define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val))
+#define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val))
+#define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val))
+#define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i))
+#define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr))
+#define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i))
+#define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp))
+#define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st)
+#define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func))
+#define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st))
+#define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st))
+#define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st))
+
+#define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st))
+#define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO)
+#define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st))
+#define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st))
+#define sk_POLICYQUALINFO_value(st, i) SKM_sk_value(POLICYQUALINFO, (st), (i))
+#define sk_POLICYQUALINFO_set(st, i, val) SKM_sk_set(POLICYQUALINFO, (st), (i), (val))
+#define sk_POLICYQUALINFO_zero(st) SKM_sk_zero(POLICYQUALINFO, (st))
+#define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val))
+#define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val))
+#define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val))
+#define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i))
+#define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr))
+#define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i))
+#define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp))
+#define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st)
+#define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func))
+#define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st))
+#define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st))
+#define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st))
+
+#define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st))
+#define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER)
+#define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st))
+#define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st))
+#define sk_SSL_CIPHER_value(st, i) SKM_sk_value(SSL_CIPHER, (st), (i))
+#define sk_SSL_CIPHER_set(st, i, val) SKM_sk_set(SSL_CIPHER, (st), (i), (val))
+#define sk_SSL_CIPHER_zero(st) SKM_sk_zero(SSL_CIPHER, (st))
+#define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val))
+#define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val))
+#define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val))
+#define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i))
+#define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr))
+#define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i))
+#define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp))
+#define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st)
+#define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func))
+#define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st))
+#define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st))
+#define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st))
+
+#define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st))
+#define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP)
+#define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st))
+#define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st))
+#define sk_SSL_COMP_value(st, i) SKM_sk_value(SSL_COMP, (st), (i))
+#define sk_SSL_COMP_set(st, i, val) SKM_sk_set(SSL_COMP, (st), (i), (val))
+#define sk_SSL_COMP_zero(st) SKM_sk_zero(SSL_COMP, (st))
+#define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val))
+#define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val))
+#define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val))
+#define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i))
+#define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr))
+#define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i))
+#define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp))
+#define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st)
+#define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func))
+#define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st))
+#define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st))
+#define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st))
+
+#define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st))
+#define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID)
+#define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st))
+#define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st))
+#define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i))
+#define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val))
+#define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st))
+#define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val))
+#define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val))
+#define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val))
+#define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i))
+#define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr))
+#define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i))
+#define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp))
+#define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st)
+#define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func))
+#define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st))
+#define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st))
+#define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st))
+
+#define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st))
+#define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING)
+#define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st))
+#define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st))
+#define sk_UI_STRING_value(st, i) SKM_sk_value(UI_STRING, (st), (i))
+#define sk_UI_STRING_set(st, i, val) SKM_sk_set(UI_STRING, (st), (i), (val))
+#define sk_UI_STRING_zero(st) SKM_sk_zero(UI_STRING, (st))
+#define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val))
+#define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val))
+#define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val))
+#define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i))
+#define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr))
+#define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i))
+#define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp))
+#define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st)
+#define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func))
+#define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st))
+#define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st))
+#define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st))
+
+#define sk_X509_new(st) SKM_sk_new(X509, (st))
+#define sk_X509_new_null() SKM_sk_new_null(X509)
+#define sk_X509_free(st) SKM_sk_free(X509, (st))
+#define sk_X509_num(st) SKM_sk_num(X509, (st))
+#define sk_X509_value(st, i) SKM_sk_value(X509, (st), (i))
+#define sk_X509_set(st, i, val) SKM_sk_set(X509, (st), (i), (val))
+#define sk_X509_zero(st) SKM_sk_zero(X509, (st))
+#define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val))
+#define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val))
+#define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val))
+#define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i))
+#define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr))
+#define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i))
+#define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp))
+#define sk_X509_dup(st) SKM_sk_dup(X509, st)
+#define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func))
+#define sk_X509_shift(st) SKM_sk_shift(X509, (st))
+#define sk_X509_pop(st) SKM_sk_pop(X509, (st))
+#define sk_X509_sort(st) SKM_sk_sort(X509, (st))
+
+#define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st))
+#define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD)
+#define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st))
+#define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st))
+#define sk_X509V3_EXT_METHOD_value(st, i) SKM_sk_value(X509V3_EXT_METHOD, (st), (i))
+#define sk_X509V3_EXT_METHOD_set(st, i, val) SKM_sk_set(X509V3_EXT_METHOD, (st), (i), (val))
+#define sk_X509V3_EXT_METHOD_zero(st) SKM_sk_zero(X509V3_EXT_METHOD, (st))
+#define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val))
+#define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val))
+#define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val))
+#define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i))
+#define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr))
+#define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i))
+#define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp))
+#define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st)
+#define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func))
+#define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st))
+#define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st))
+#define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st))
+
+#define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st))
+#define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR)
+#define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st))
+#define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st))
+#define sk_X509_ALGOR_value(st, i) SKM_sk_value(X509_ALGOR, (st), (i))
+#define sk_X509_ALGOR_set(st, i, val) SKM_sk_set(X509_ALGOR, (st), (i), (val))
+#define sk_X509_ALGOR_zero(st) SKM_sk_zero(X509_ALGOR, (st))
+#define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val))
+#define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val))
+#define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val))
+#define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i))
+#define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr))
+#define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i))
+#define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp))
+#define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st)
+#define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func))
+#define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st))
+#define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st))
+#define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st))
+
+#define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st))
+#define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE)
+#define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st))
+#define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st))
+#define sk_X509_ATTRIBUTE_value(st, i) SKM_sk_value(X509_ATTRIBUTE, (st), (i))
+#define sk_X509_ATTRIBUTE_set(st, i, val) SKM_sk_set(X509_ATTRIBUTE, (st), (i), (val))
+#define sk_X509_ATTRIBUTE_zero(st) SKM_sk_zero(X509_ATTRIBUTE, (st))
+#define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val))
+#define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val))
+#define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val))
+#define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i))
+#define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr))
+#define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i))
+#define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp))
+#define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st)
+#define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func))
+#define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st))
+#define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st))
+#define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st))
+
+#define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st))
+#define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL)
+#define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st))
+#define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st))
+#define sk_X509_CRL_value(st, i) SKM_sk_value(X509_CRL, (st), (i))
+#define sk_X509_CRL_set(st, i, val) SKM_sk_set(X509_CRL, (st), (i), (val))
+#define sk_X509_CRL_zero(st) SKM_sk_zero(X509_CRL, (st))
+#define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val))
+#define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val))
+#define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val))
+#define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i))
+#define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr))
+#define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i))
+#define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp))
+#define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st)
+#define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func))
+#define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st))
+#define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st))
+#define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st))
+
+#define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st))
+#define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION)
+#define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st))
+#define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st))
+#define sk_X509_EXTENSION_value(st, i) SKM_sk_value(X509_EXTENSION, (st), (i))
+#define sk_X509_EXTENSION_set(st, i, val) SKM_sk_set(X509_EXTENSION, (st), (i), (val))
+#define sk_X509_EXTENSION_zero(st) SKM_sk_zero(X509_EXTENSION, (st))
+#define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val))
+#define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val))
+#define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val))
+#define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i))
+#define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr))
+#define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i))
+#define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp))
+#define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st)
+#define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func))
+#define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st))
+#define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st))
+#define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st))
+
+#define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st))
+#define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO)
+#define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st))
+#define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st))
+#define sk_X509_INFO_value(st, i) SKM_sk_value(X509_INFO, (st), (i))
+#define sk_X509_INFO_set(st, i, val) SKM_sk_set(X509_INFO, (st), (i), (val))
+#define sk_X509_INFO_zero(st) SKM_sk_zero(X509_INFO, (st))
+#define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val))
+#define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val))
+#define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val))
+#define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i))
+#define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr))
+#define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i))
+#define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp))
+#define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st)
+#define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func))
+#define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st))
+#define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st))
+#define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st))
+
+#define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st))
+#define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP)
+#define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st))
+#define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st))
+#define sk_X509_LOOKUP_value(st, i) SKM_sk_value(X509_LOOKUP, (st), (i))
+#define sk_X509_LOOKUP_set(st, i, val) SKM_sk_set(X509_LOOKUP, (st), (i), (val))
+#define sk_X509_LOOKUP_zero(st) SKM_sk_zero(X509_LOOKUP, (st))
+#define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val))
+#define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val))
+#define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val))
+#define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i))
+#define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr))
+#define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i))
+#define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp))
+#define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st)
+#define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func))
+#define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st))
+#define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st))
+#define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st))
+
+#define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st))
+#define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME)
+#define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st))
+#define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st))
+#define sk_X509_NAME_value(st, i) SKM_sk_value(X509_NAME, (st), (i))
+#define sk_X509_NAME_set(st, i, val) SKM_sk_set(X509_NAME, (st), (i), (val))
+#define sk_X509_NAME_zero(st) SKM_sk_zero(X509_NAME, (st))
+#define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val))
+#define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val))
+#define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val))
+#define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i))
+#define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr))
+#define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i))
+#define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp))
+#define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st)
+#define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func))
+#define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st))
+#define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st))
+#define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st))
+
+#define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st))
+#define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY)
+#define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st))
+#define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st))
+#define sk_X509_NAME_ENTRY_value(st, i) SKM_sk_value(X509_NAME_ENTRY, (st), (i))
+#define sk_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(X509_NAME_ENTRY, (st), (i), (val))
+#define sk_X509_NAME_ENTRY_zero(st) SKM_sk_zero(X509_NAME_ENTRY, (st))
+#define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val))
+#define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val))
+#define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val))
+#define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i))
+#define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr))
+#define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i))
+#define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp))
+#define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st)
+#define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func))
+#define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st))
+#define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st))
+#define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st))
+
+#define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st))
+#define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT)
+#define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st))
+#define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st))
+#define sk_X509_OBJECT_value(st, i) SKM_sk_value(X509_OBJECT, (st), (i))
+#define sk_X509_OBJECT_set(st, i, val) SKM_sk_set(X509_OBJECT, (st), (i), (val))
+#define sk_X509_OBJECT_zero(st) SKM_sk_zero(X509_OBJECT, (st))
+#define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val))
+#define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val))
+#define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val))
+#define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i))
+#define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr))
+#define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i))
+#define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp))
+#define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st)
+#define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func))
+#define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st))
+#define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st))
+#define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st))
+
+#define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st))
+#define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE)
+#define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st))
+#define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st))
+#define sk_X509_PURPOSE_value(st, i) SKM_sk_value(X509_PURPOSE, (st), (i))
+#define sk_X509_PURPOSE_set(st, i, val) SKM_sk_set(X509_PURPOSE, (st), (i), (val))
+#define sk_X509_PURPOSE_zero(st) SKM_sk_zero(X509_PURPOSE, (st))
+#define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val))
+#define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val))
+#define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val))
+#define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i))
+#define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr))
+#define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i))
+#define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp))
+#define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st)
+#define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func))
+#define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st))
+#define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st))
+#define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st))
+
+#define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st))
+#define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED)
+#define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st))
+#define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st))
+#define sk_X509_REVOKED_value(st, i) SKM_sk_value(X509_REVOKED, (st), (i))
+#define sk_X509_REVOKED_set(st, i, val) SKM_sk_set(X509_REVOKED, (st), (i), (val))
+#define sk_X509_REVOKED_zero(st) SKM_sk_zero(X509_REVOKED, (st))
+#define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val))
+#define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val))
+#define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val))
+#define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i))
+#define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr))
+#define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i))
+#define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp))
+#define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st)
+#define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func))
+#define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st))
+#define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st))
+#define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st))
+
+#define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st))
+#define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST)
+#define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st))
+#define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st))
+#define sk_X509_TRUST_value(st, i) SKM_sk_value(X509_TRUST, (st), (i))
+#define sk_X509_TRUST_set(st, i, val) SKM_sk_set(X509_TRUST, (st), (i), (val))
+#define sk_X509_TRUST_zero(st) SKM_sk_zero(X509_TRUST, (st))
+#define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val))
+#define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val))
+#define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val))
+#define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i))
+#define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr))
+#define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i))
+#define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp))
+#define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st)
+#define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func))
+#define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st))
+#define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st))
+#define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st))
+
+#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_X509(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func))
+
+#define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \
+	SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
+
+#define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \
+	SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
+/* End of util/mkstack.pl block, you may now edit :-) */
+
+#endif /* !defined HEADER_SAFESTACK_H */
diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c
index 1e29adfb91..2496f28a8c 100644
--- a/crypto/stack/stack.c
+++ b/crypto/stack/stack.c
@@ -59,7 +59,7 @@
 /* Code for stacks
  * Author - Eric Young v 1.0
  * 1.2 eay 12-Mar-97 -	Modified sk_find so that it _DOES_ return the
- *			lowest index for the seached item.
+ *			lowest index for the searched item.
  *
  * 1.1 eay - Take from netdb and added to SSLeay
  *
@@ -67,38 +67,34 @@
  */
 #include <stdio.h>
 #include "cryptlib.h"
-#include "stack.h"
+#include <openssl/stack.h>
 
 #undef MIN_NODES
 #define MIN_NODES	4
 
-char *STACK_version="STACK part of SSLeay 0.9.1a 06-Jul-1998";
-
-#ifndef NOPROTO
-#define	FP_ICC	(int (*)(const void *,const void *))
-#else
-#define FP_ICC
-#endif
+const char *STACK_version="Stack" OPENSSL_VERSION_PTEXT;
 
 #include <errno.h>
 
-void sk_set_cmp_func(sk,c)
-STACK *sk;
-int (*c)();
+int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,const char * const *)))
+		(const char * const *, const char * const *)
 	{
+	int (*old)(const char * const *,const char * const *)=sk->comp;
+
 	if (sk->comp != c)
 		sk->sorted=0;
 	sk->comp=c;
+
+	return old;
 	}
 
-STACK *sk_dup(sk)
-STACK *sk;
+STACK *sk_dup(STACK *sk)
 	{
 	STACK *ret;
 	char **s;
 
 	if ((ret=sk_new(sk->comp)) == NULL) goto err;
-	s=(char **)Realloc((char *)ret->data,
+	s=(char **)OPENSSL_realloc((char *)ret->data,
 		(unsigned int)sizeof(char *)*sk->num_alloc);
 	if (s == NULL) goto err;
 	ret->data=s;
@@ -110,19 +106,25 @@ STACK *sk;
 	ret->comp=sk->comp;
 	return(ret);
 err:
+	if(ret)
+		sk_free(ret);
 	return(NULL);
 	}
 
-STACK *sk_new(c)
-int (*c)();
+STACK *sk_new_null(void)
+	{
+	return sk_new((int (*)(const char * const *, const char * const *))0);
+	}
+
+STACK *sk_new(int (*c)(const char * const *, const char * const *))
 	{
 	STACK *ret;
 	int i;
 
-	if ((ret=(STACK *)Malloc(sizeof(STACK))) == NULL)
-		goto err0;
-	if ((ret->data=(char **)Malloc(sizeof(char *)*MIN_NODES)) == NULL)
-		goto err1;
+	if ((ret=(STACK *)OPENSSL_malloc(sizeof(STACK))) == NULL)
+		goto err;
+	if ((ret->data=(char **)OPENSSL_malloc(sizeof(char *)*MIN_NODES)) == NULL)
+		goto err;
 	for (i=0; i<MIN_NODES; i++)
 		ret->data[i]=NULL;
 	ret->comp=c;
@@ -130,22 +132,20 @@ int (*c)();
 	ret->num=0;
 	ret->sorted=0;
 	return(ret);
-err1:
-	Free((char *)ret);
-err0:
+err:
+	if(ret)
+		OPENSSL_free(ret);
 	return(NULL);
 	}
 
-int sk_insert(st,data,loc)
-STACK *st;
-char *data;
-int loc;
+int sk_insert(STACK *st, char *data, int loc)
 	{
 	char **s;
 
+	if(st == NULL) return 0;
 	if (st->num_alloc <= st->num+1)
 		{
-		s=(char **)Realloc((char *)st->data,
+		s=(char **)OPENSSL_realloc((char *)st->data,
 			(unsigned int)sizeof(char *)*st->num_alloc*2);
 		if (s == NULL)
 			return(0);
@@ -161,7 +161,7 @@ int loc;
 
 		f=(char **)st->data;
 		t=(char **)&(st->data[1]);
-		for (i=st->num; i>loc; i--)
+		for (i=st->num; i>=loc; i--)
 			t[i]=f[i];
 			
 #ifdef undef /* no memmove on sunos :-( */
@@ -176,9 +176,7 @@ int loc;
 	return(st->num);
 	}
 
-char *sk_delete_ptr(st,p)
-STACK *st;
-char *p;
+char *sk_delete_ptr(STACK *st, char *p)
 	{
 	int i;
 
@@ -188,14 +186,13 @@ char *p;
 	return(NULL);
 	}
 
-char *sk_delete(st,loc)
-STACK *st;
-int loc;
+char *sk_delete(STACK *st, int loc)
 	{
 	char *ret;
 	int i,j;
 
-	if ((st->num == 0) || (loc < 0) || (loc >= st->num)) return(NULL);
+	if ((st == NULL) || (st->num == 0) || (loc < 0)
+					 || (loc >= st->num)) return(NULL);
 
 	ret=st->data[loc];
 	if (loc != st->num-1)
@@ -213,13 +210,12 @@ int loc;
 	return(ret);
 	}
 
-int sk_find(st,data)
-STACK *st;
-char *data;
+int sk_find(STACK *st, char *data)
 	{
 	char **r;
 	int i;
-	int (*comp_func)();
+	int (*comp_func)(const void *,const void *);
+	if(st == NULL) return -1;
 
 	if (st->comp == NULL)
 		{
@@ -228,55 +224,55 @@ char *data;
 				return(i);
 		return(-1);
 		}
-	comp_func=(int (*)())st->comp;
-	if (!st->sorted)
-		{
-		qsort((char *)st->data,st->num,sizeof(char *),FP_ICC comp_func);
-		st->sorted=1;
-		}
+	sk_sort(st);
 	if (data == NULL) return(-1);
+	/* This (and the "qsort" below) are the two places in OpenSSL
+	 * where we need to convert from our standard (type **,type **)
+	 * compare callback type to the (void *,void *) type required by
+	 * bsearch. However, the "data" it is being called(back) with are
+	 * not (type *) pointers, but the *pointers* to (type *) pointers,
+	 * so we get our extra level of pointer dereferencing that way. */
+	comp_func=(int (*)(const void *,const void *))(st->comp);
 	r=(char **)bsearch(&data,(char *)st->data,
-		st->num,sizeof(char *),FP_ICC comp_func);
+		st->num,sizeof(char *), comp_func);
 	if (r == NULL) return(-1);
 	i=(int)(r-st->data);
 	for ( ; i>0; i--)
-		if ((*st->comp)(&(st->data[i-1]),&data) < 0)
+		/* This needs a cast because the type being pointed to from
+		 * the "&" expressions are (char *) rather than (const char *).
+		 * For an explanation, read:
+		 * http://www.eskimo.com/~scs/C-faq/q11.10.html :-) */
+		if ((*st->comp)((const char * const *)&(st->data[i-1]),
+				(const char * const *)&data) < 0)
 			break;
 	return(i);
 	}
 
-int sk_push(st,data)
-STACK *st;
-char *data;
+int sk_push(STACK *st, char *data)
 	{
 	return(sk_insert(st,data,st->num));
 	}
 
-int sk_unshift(st,data)
-STACK *st;
-char *data;
+int sk_unshift(STACK *st, char *data)
 	{
 	return(sk_insert(st,data,0));
 	}
 
-char *sk_shift(st)
-STACK *st;
+char *sk_shift(STACK *st)
 	{
 	if (st == NULL) return(NULL);
 	if (st->num <= 0) return(NULL);
 	return(sk_delete(st,0));
 	}
 
-char *sk_pop(st)
-STACK *st;
+char *sk_pop(STACK *st)
 	{
 	if (st == NULL) return(NULL);
 	if (st->num <= 0) return(NULL);
 	return(sk_delete(st,st->num-1));
 	}
 
-void sk_zero(st)
-STACK *st;
+void sk_zero(STACK *st)
 	{
 	if (st == NULL) return;
 	if (st->num <= 0) return;
@@ -284,9 +280,7 @@ STACK *st;
 	st->num=0;
 	}
 
-void sk_pop_free(st,func)
-STACK *st;
-void (*func)();
+void sk_pop_free(STACK *st, void (*func)(void *))
 	{
 	int i;
 
@@ -297,11 +291,44 @@ void (*func)();
 	sk_free(st);
 	}
 
-void sk_free(st)
-STACK *st;
+void sk_free(STACK *st)
 	{
 	if (st == NULL) return;
-	if (st->data != NULL) Free((char *)st->data);
-	Free((char *)st);
+	if (st->data != NULL) OPENSSL_free(st->data);
+	OPENSSL_free(st);
 	}
 
+int sk_num(const STACK *st)
+{
+	if(st == NULL) return -1;
+	return st->num;
+}
+
+char *sk_value(const STACK *st, int i)
+{
+	if(st == NULL) return NULL;
+	return st->data[i];
+}
+
+char *sk_set(STACK *st, int i, char *value)
+{
+	if(st == NULL) return NULL;
+	return (st->data[i] = value);
+}
+
+void sk_sort(STACK *st)
+	{
+	if (st && !st->sorted)
+		{
+		int (*comp_func)(const void *,const void *);
+
+		/* same comment as in sk_find ... previously st->comp was declared
+		 * as a (void*,void*) callback type, but this made the population
+		 * of the callback pointer illogical - our callbacks compare
+		 * type** with type**, so we leave the casting until absolutely
+		 * necessary (ie. "now"). */
+		comp_func=(int (*)(const void *,const void *))(st->comp);
+		qsort(st->data,st->num,sizeof(char *), comp_func);
+		st->sorted=1;
+		}
+	}
diff --git a/crypto/stack/stack.h b/crypto/stack/stack.h
index 615eb6ff94..8b436ca4b9 100644
--- a/crypto/stack/stack.h
+++ b/crypto/stack/stack.h
@@ -70,18 +70,21 @@ typedef struct stack_st
 	int sorted;
 
 	int num_alloc;
-	int (*comp)();
+	int (*comp)(const char * const *, const char * const *);
 	} STACK;
 
-#define sk_num(sk)		((sk)->num)
-#define sk_value(sk,n)		((sk)->data[n])
+#define M_sk_num(sk)		((sk) ? (sk)->num:-1)
+#define M_sk_value(sk,n)	((sk) ? (sk)->data[n] : NULL)
 
-#define sk_new_null()	sk_new(NULL)
-#ifndef NOPROTO
+int sk_num(const STACK *);
+char *sk_value(const STACK *, int);
 
-STACK *sk_new(int (*cmp)());
+char *sk_set(STACK *, int, char *);
+
+STACK *sk_new(int (*cmp)(const char * const *, const char * const *));
+STACK *sk_new_null(void);
 void sk_free(STACK *);
-void sk_pop_free(STACK *st, void (*func)());
+void sk_pop_free(STACK *st, void (*func)(void *));
 int sk_insert(STACK *sk,char *data,int where);
 char *sk_delete(STACK *st,int loc);
 char *sk_delete_ptr(STACK *st, char *p);
@@ -91,27 +94,11 @@ int sk_unshift(STACK *st,char *data);
 char *sk_shift(STACK *st);
 char *sk_pop(STACK *st);
 void sk_zero(STACK *st);
-void sk_set_cmp_func(STACK *sk, int (*c)());
+int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,
+			const char * const *)))
+			(const char * const *, const char * const *);
 STACK *sk_dup(STACK *st);
-
-#else
-
-STACK *sk_new();
-void sk_free();
-void sk_pop_free();
-int sk_insert();
-char *sk_delete();
-char *sk_delete_ptr();
-int sk_find();
-int sk_push();
-int sk_unshift();
-char *sk_shift();
-char *sk_pop();
-void sk_zero();
-void sk_set_cmp_func();
-STACK *sk_dup();
-
-#endif
+void sk_sort(STACK *st);
 
 #ifdef  __cplusplus
 }
diff --git a/crypto/symhacks.h b/crypto/symhacks.h
new file mode 100644
index 0000000000..c225602064
--- /dev/null
+++ b/crypto/symhacks.h
@@ -0,0 +1,325 @@
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_SYMHACKS_H
+#define HEADER_SYMHACKS_H
+
+#include <openssl/e_os2.h>
+
+/* Hacks to solve the problem with linkers incapable of handling very long
+   symbol names.  In the case of VMS, the limit is 31 characters on VMS for
+   VAX. */
+#ifdef OPENSSL_SYS_VMS
+
+/* Hack a long name in crypto/ex_data.c */
+#undef CRYPTO_get_ex_data_implementation
+#define CRYPTO_get_ex_data_implementation	CRYPTO_get_ex_data_impl
+#undef CRYPTO_set_ex_data_implementation
+#define CRYPTO_set_ex_data_implementation	CRYPTO_set_ex_data_impl
+
+/* Hack a long name in crypto/asn1/a_mbstr.c */
+#undef ASN1_STRING_set_default_mask_asc
+#define ASN1_STRING_set_default_mask_asc	ASN1_STRING_set_def_mask_asc
+
+#if 0 /* No longer needed, since safestack macro magic does the job */
+/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */
+#undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO
+#define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO	i2d_ASN1_SET_OF_PKCS7_SIGINF
+#undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO
+#define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO	d2i_ASN1_SET_OF_PKCS7_SIGINF
+#endif
+
+#if 0 /* No longer needed, since safestack macro magic does the job */
+/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */
+#undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO
+#define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO	i2d_ASN1_SET_OF_PKCS7_RECINF
+#undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO
+#define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO	d2i_ASN1_SET_OF_PKCS7_RECINF
+#endif
+
+#if 0 /* No longer needed, since safestack macro magic does the job */
+/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */
+#undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION
+#define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION	i2d_ASN1_SET_OF_ACC_DESC
+#undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION
+#define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION	d2i_ASN1_SET_OF_ACC_DESC
+#endif
+
+/* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */
+#undef PEM_read_NETSCAPE_CERT_SEQUENCE
+#define PEM_read_NETSCAPE_CERT_SEQUENCE		PEM_read_NS_CERT_SEQ
+#undef PEM_write_NETSCAPE_CERT_SEQUENCE
+#define PEM_write_NETSCAPE_CERT_SEQUENCE	PEM_write_NS_CERT_SEQ
+#undef PEM_read_bio_NETSCAPE_CERT_SEQUENCE
+#define PEM_read_bio_NETSCAPE_CERT_SEQUENCE	PEM_read_bio_NS_CERT_SEQ
+#undef PEM_write_bio_NETSCAPE_CERT_SEQUENCE
+#define PEM_write_bio_NETSCAPE_CERT_SEQUENCE	PEM_write_bio_NS_CERT_SEQ
+#undef PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE
+#define PEM_write_cb_bio_NETSCAPE_CERT_SEQUENCE	PEM_write_cb_bio_NS_CERT_SEQ
+
+/* Hack the names created with DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO) */
+#undef PEM_read_PKCS8_PRIV_KEY_INFO
+#define PEM_read_PKCS8_PRIV_KEY_INFO		PEM_read_P8_PRIV_KEY_INFO
+#undef PEM_write_PKCS8_PRIV_KEY_INFO
+#define PEM_write_PKCS8_PRIV_KEY_INFO		PEM_write_P8_PRIV_KEY_INFO
+#undef PEM_read_bio_PKCS8_PRIV_KEY_INFO
+#define PEM_read_bio_PKCS8_PRIV_KEY_INFO	PEM_read_bio_P8_PRIV_KEY_INFO
+#undef PEM_write_bio_PKCS8_PRIV_KEY_INFO
+#define PEM_write_bio_PKCS8_PRIV_KEY_INFO	PEM_write_bio_P8_PRIV_KEY_INFO
+#undef PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO
+#define PEM_write_cb_bio_PKCS8_PRIV_KEY_INFO	PEM_wrt_cb_bio_P8_PRIV_KEY_INFO
+
+/* Hack other PEM names */
+#undef PEM_write_bio_PKCS8PrivateKey_nid
+#define PEM_write_bio_PKCS8PrivateKey_nid	PEM_write_bio_PKCS8PrivKey_nid
+
+/* Hack some long X509 names */
+#undef X509_REVOKED_get_ext_by_critical
+#define X509_REVOKED_get_ext_by_critical	X509_REVOKED_get_ext_by_critic
+
+/* Hack some long CRYPTO names */
+#undef CRYPTO_set_dynlock_destroy_callback
+#define CRYPTO_set_dynlock_destroy_callback     CRYPTO_set_dynlock_destroy_cb
+#undef CRYPTO_set_dynlock_create_callback
+#define CRYPTO_set_dynlock_create_callback      CRYPTO_set_dynlock_create_cb
+#undef CRYPTO_set_dynlock_lock_callback
+#define CRYPTO_set_dynlock_lock_callback        CRYPTO_set_dynlock_lock_cb
+#undef CRYPTO_get_dynlock_lock_callback
+#define CRYPTO_get_dynlock_lock_callback        CRYPTO_get_dynlock_lock_cb
+#undef CRYPTO_get_dynlock_destroy_callback
+#define CRYPTO_get_dynlock_destroy_callback     CRYPTO_get_dynlock_destroy_cb
+#undef CRYPTO_get_dynlock_create_callback
+#define CRYPTO_get_dynlock_create_callback      CRYPTO_get_dynlock_create_cb
+#undef CRYPTO_set_locked_mem_ex_functions
+#define CRYPTO_set_locked_mem_ex_functions      CRYPTO_set_locked_mem_ex_funcs
+#undef CRYPTO_get_locked_mem_ex_functions
+#define CRYPTO_get_locked_mem_ex_functions      CRYPTO_get_locked_mem_ex_funcs
+
+/* Hack some long SSL names */
+#undef SSL_CTX_set_default_verify_paths
+#define SSL_CTX_set_default_verify_paths        SSL_CTX_set_def_verify_paths
+#undef SSL_get_ex_data_X509_STORE_CTX_idx
+#define SSL_get_ex_data_X509_STORE_CTX_idx      SSL_get_ex_d_X509_STORE_CTX_idx
+#undef SSL_add_file_cert_subjects_to_stack
+#define SSL_add_file_cert_subjects_to_stack     SSL_add_file_cert_subjs_to_stk
+#if 0 /* This function is not defined i VMS. */
+#undef SSL_add_dir_cert_subjects_to_stack
+#define SSL_add_dir_cert_subjects_to_stack      SSL_add_dir_cert_subjs_to_stk
+#endif
+#undef SSL_CTX_use_certificate_chain_file
+#define SSL_CTX_use_certificate_chain_file      SSL_CTX_use_cert_chain_file
+#undef SSL_CTX_set_cert_verify_callback
+#define SSL_CTX_set_cert_verify_callback        SSL_CTX_set_cert_verify_cb
+#undef SSL_CTX_set_default_passwd_cb_userdata
+#define SSL_CTX_set_default_passwd_cb_userdata  SSL_CTX_set_def_passwd_cb_ud
+
+/* Hack some long ENGINE names */
+#undef ENGINE_get_default_BN_mod_exp_crt
+#define ENGINE_get_default_BN_mod_exp_crt	ENGINE_get_def_BN_mod_exp_crt
+#undef ENGINE_set_default_BN_mod_exp_crt
+#define ENGINE_set_default_BN_mod_exp_crt	ENGINE_set_def_BN_mod_exp_crt
+#undef ENGINE_set_load_privkey_function
+#define ENGINE_set_load_privkey_function        ENGINE_set_load_privkey_fn
+#undef ENGINE_get_load_privkey_function
+#define ENGINE_get_load_privkey_function        ENGINE_get_load_privkey_fn
+
+/* Hack some long OCSP names */
+#undef OCSP_REQUEST_get_ext_by_critical
+#define OCSP_REQUEST_get_ext_by_critical        OCSP_REQUEST_get_ext_by_crit
+#undef OCSP_BASICRESP_get_ext_by_critical
+#define OCSP_BASICRESP_get_ext_by_critical      OCSP_BASICRESP_get_ext_by_crit
+#undef OCSP_SINGLERESP_get_ext_by_critical
+#define OCSP_SINGLERESP_get_ext_by_critical     OCSP_SINGLERESP_get_ext_by_crit
+
+/* Hack some long DES names */
+#undef _ossl_old_des_ede3_cfb64_encrypt
+#define _ossl_old_des_ede3_cfb64_encrypt	_ossl_odes_ede3_cfb64_encrypt
+#undef _ossl_old_des_ede3_ofb64_encrypt
+#define _ossl_old_des_ede3_ofb64_encrypt	_ossl_odes_ede3_ofb64_encrypt
+
+/* Hack some long EVP names */
+#undef OPENSSL_add_all_algorithms_noconf
+#define OPENSSL_add_all_algorithms_noconf	OPENSSL_add_all_algo_noconf
+#undef OPENSSL_add_all_algorithms_conf
+#define OPENSSL_add_all_algorithms_conf		OPENSSL_add_all_algo_conf
+
+/* Hack some long EC names */
+#undef EC_GROUP_set_point_conversion_form
+#define EC_GROUP_set_point_conversion_form	EC_GROUP_set_point_conv_form
+#undef EC_GROUP_get_point_conversion_form
+#define EC_GROUP_get_point_conversion_form	EC_GROUP_get_point_conv_form
+#undef EC_POINT_set_Jprojective_coordinates_GFp
+#define EC_POINT_set_Jprojective_coordinates_GFp \
+                                                EC_POINT_set_Jproj_coords_GFp
+#undef EC_POINT_get_Jprojective_coordinates_GFp
+#define EC_POINT_get_Jprojective_coordinates_GFp \
+                                                EC_POINT_get_Jproj_coords_GFp
+#undef EC_POINT_set_affine_coordinates_GFp
+#define EC_POINT_set_affine_coordinates_GFp     EC_POINT_set_affine_coords_GFp
+#undef EC_POINT_get_affine_coordinates_GFp
+#define EC_POINT_get_affine_coordinates_GFp     EC_POINT_get_affine_coords_GFp
+#undef EC_POINT_set_compressed_coordinates_GFp
+#define EC_POINT_set_compressed_coordinates_GFp EC_POINT_set_compr_coords_GFp
+#undef EC_POINT_set_affine_coordinates_GF2m
+#define EC_POINT_set_affine_coordinates_GF2m    EC_POINT_set_affine_coords_GF2m
+#undef EC_POINT_get_affine_coordinates_GF2m
+#define EC_POINT_get_affine_coordinates_GF2m    EC_POINT_get_affine_coords_GF2m
+#undef EC_POINT_set_compressed_coordinates_GF2m
+#define EC_POINT_set_compressed_coordinates_GF2m \
+                                                EC_POINT_set_compr_coords_GF2m
+#undef ec_GF2m_simple_group_clear_finish
+#define ec_GF2m_simple_group_clear_finish        ec_GF2m_simple_grp_clr_finish
+#undef ec_GF2m_simple_group_check_discriminant
+#define ec_GF2m_simple_group_check_discriminant	ec_GF2m_simple_grp_chk_discrim
+#undef ec_GF2m_simple_point_clear_finish
+#define ec_GF2m_simple_point_clear_finish        ec_GF2m_simple_pt_clr_finish
+#undef ec_GF2m_simple_point_set_to_infinity
+#define ec_GF2m_simple_point_set_to_infinity     ec_GF2m_simple_pt_set_to_inf
+#undef ec_GF2m_simple_points_make_affine
+#define ec_GF2m_simple_points_make_affine        ec_GF2m_simple_pts_make_affine
+#undef ec_GF2m_simple_point_set_affine_coordinates
+#define ec_GF2m_simple_point_set_affine_coordinates \
+                                                ec_GF2m_smp_pt_set_af_coords
+#undef ec_GF2m_simple_point_get_affine_coordinates
+#define ec_GF2m_simple_point_get_affine_coordinates \
+                                                ec_GF2m_smp_pt_get_af_coords
+#undef ec_GF2m_simple_set_compressed_coordinates
+#define ec_GF2m_simple_set_compressed_coordinates \
+                                                ec_GF2m_smp_set_compr_coords
+#undef ec_GFp_simple_group_set_curve_GFp
+#define ec_GFp_simple_group_set_curve_GFp       ec_GFp_simple_grp_set_curve_GFp
+#undef ec_GFp_simple_group_get_curve_GFp
+#define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
+#undef ec_GFp_simple_group_clear_finish
+#define ec_GFp_simple_group_clear_finish        ec_GFp_simple_grp_clear_finish
+#undef ec_GFp_simple_group_set_generator
+#define ec_GFp_simple_group_set_generator       ec_GFp_simple_grp_set_generator
+#undef ec_GFp_simple_group_get0_generator
+#define ec_GFp_simple_group_get0_generator      ec_GFp_simple_grp_gt0_generator
+#undef ec_GFp_simple_group_get_cofactor
+#define ec_GFp_simple_group_get_cofactor        ec_GFp_simple_grp_get_cofactor
+#undef ec_GFp_simple_point_clear_finish
+#define ec_GFp_simple_point_clear_finish        ec_GFp_simple_pt_clear_finish
+#undef ec_GFp_simple_point_set_to_infinity
+#define ec_GFp_simple_point_set_to_infinity     ec_GFp_simple_pt_set_to_inf
+#undef ec_GFp_simple_points_make_affine
+#define ec_GFp_simple_points_make_affine        ec_GFp_simple_pts_make_affine
+#undef ec_GFp_simple_group_get_curve_GFp
+#define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
+#undef ec_GFp_simple_set_Jprojective_coordinates_GFp
+#define ec_GFp_simple_set_Jprojective_coordinates_GFp \
+                                                ec_GFp_smp_set_Jproj_coords_GFp
+#undef ec_GFp_simple_get_Jprojective_coordinates_GFp
+#define ec_GFp_simple_get_Jprojective_coordinates_GFp \
+                                                ec_GFp_smp_get_Jproj_coords_GFp
+#undef ec_GFp_simple_point_set_affine_coordinates_GFp
+#define ec_GFp_simple_point_set_affine_coordinates_GFp \
+                                                ec_GFp_smp_pt_set_af_coords_GFp
+#undef ec_GFp_simple_point_get_affine_coordinates_GFp
+#define ec_GFp_simple_point_get_affine_coordinates_GFp \
+                                                ec_GFp_smp_pt_get_af_coords_GFp
+#undef ec_GFp_simple_set_compressed_coordinates_GFp
+#define ec_GFp_simple_set_compressed_coordinates_GFp \
+                                                ec_GFp_smp_set_compr_coords_GFp
+#undef ec_GFp_simple_point_set_affine_coordinates
+#define ec_GFp_simple_point_set_affine_coordinates \
+                                                ec_GFp_smp_pt_set_af_coords
+#undef ec_GFp_simple_point_get_affine_coordinates
+#define ec_GFp_simple_point_get_affine_coordinates \
+                                                ec_GFp_smp_pt_get_af_coords
+#undef ec_GFp_simple_set_compressed_coordinates
+#define ec_GFp_simple_set_compressed_coordinates \
+                                                ec_GFp_smp_set_compr_coords
+#undef ec_GFp_simple_group_check_discriminant
+#define ec_GFp_simple_group_check_discriminant	ec_GFp_simple_grp_chk_discrim
+
+#endif /* defined OPENSSL_SYS_VMS */
+
+
+/* Case insensiteve linking causes problems.... */
+#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2)
+#undef ERR_load_CRYPTO_strings
+#define ERR_load_CRYPTO_strings			ERR_load_CRYPTOlib_strings
+#undef OCSP_crlID_new
+#define OCSP_crlID_new                          OCSP_crlID2_new
+
+#undef d2i_ECPARAMETERS
+#define d2i_ECPARAMETERS                        d2i_UC_ECPARAMETERS
+#undef i2d_ECPARAMETERS
+#define i2d_ECPARAMETERS                        i2d_UC_ECPARAMETERS
+#undef d2i_ECPKPARAMETERS
+#define d2i_ECPKPARAMETERS                      d2i_UC_ECPKPARAMETERS
+#undef i2d_ECPKPARAMETERS
+#define i2d_ECPKPARAMETERS                      i2d_UC_ECPKPARAMETERS
+
+/* These functions do not seem to exist!  However, I'm paranoid...
+   Original command in x509v3.h:
+   These functions are being redefined in another directory,
+   and clash when the linker is case-insensitive, so let's
+   hide them a little, by giving them an extra 'o' at the
+   beginning of the name... */
+#undef X509v3_cleanup_extensions
+#define X509v3_cleanup_extensions               oX509v3_cleanup_extensions
+#undef X509v3_add_extension
+#define X509v3_add_extension                    oX509v3_add_extension
+#undef X509v3_add_netscape_extensions
+#define X509v3_add_netscape_extensions          oX509v3_add_netscape_extensions
+#undef X509v3_add_standard_extensions
+#define X509v3_add_standard_extensions          oX509v3_add_standard_extensions
+
+
+#endif
+
+
+#endif /* ! defined HEADER_VMS_IDHACKS_H */
diff --git a/mt/README b/crypto/threads/README
index df6b26e146..df6b26e146 100644
--- a/mt/README
+++ b/crypto/threads/README
diff --git a/crypto/threads/f b/crypto/threads/f
deleted file mode 100644
index e69de29bb2..0000000000
--- a/crypto/threads/f
+++ /dev/null
diff --git a/crypto/threads/mttest.c b/crypto/threads/mttest.c
index be395f2bc4..7142e4edc7 100644
--- a/crypto/threads/mttest.c
+++ b/crypto/threads/mttest.c
@@ -63,7 +63,7 @@
 #ifdef LINUX
 #include <typedefs.h>
 #endif
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 #include <windows.h>
 #endif
 #ifdef SOLARIS
@@ -74,27 +74,29 @@
 #include <ulocks.h>
 #include <sys/prctl.h>
 #endif
-#include "lhash.h"
-#include "crypto.h"
-#include "buffer.h"
-#include "../e_os.h"
-#include "x509.h"
-#include "ssl.h"
-#include "err.h"
-
-#ifdef NO_FP_API
+#ifdef PTHREADS
+#include <pthread.h>
+#endif
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include "../../e_os.h"
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+#ifdef OPENSSL_NO_FP_API
 #define APPS_WIN16
-#include "../crypto/buffer/bss_file.c"
+#include "../buffer/bss_file.c"
 #endif
 
-#define TEST_SERVER_CERT "../apps/server.pem"
-#define TEST_CLIENT_CERT "../apps/client.pem"
+#define TEST_SERVER_CERT "../../apps/server.pem"
+#define TEST_CLIENT_CERT "../../apps/client.pem"
 
 #define MAX_THREAD_NUMBER	100
 
-#ifndef NOPROTO
-int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
-	int error,char *arg);
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *xs);
 void thread_setup(void);
 void thread_cleanup(void);
 void do_threads(SSL_CTX *s_ctx,SSL_CTX *c_ctx);
@@ -108,23 +110,6 @@ unsigned long irix_thread_id(void );
 unsigned long solaris_thread_id(void );
 unsigned long pthreads_thread_id(void );
 
-#else
-int MS_CALLBACK verify_callback();
-void thread_setup();
-void thread_cleanup();
-void do_threads();
-
-void irix_locking_callback();
-void solaris_locking_callback();
-void win32_locking_callback();
-void pthreads_locking_callback();
-
-unsigned long irix_thread_id();
-unsigned long solaris_thread_id();
-unsigned long pthreads_thread_id();
-
-#endif
-
 BIO *bio_err=NULL;
 BIO *bio_stdout=NULL;
 
@@ -139,15 +124,10 @@ int number_of_loops=10;
 int reconnect=0;
 int cache_stats=0;
 
-#ifndef  NOPROTO
-int doit(char *ctx[4]);
-#else
-int doit();
-#endif
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
 
-static void print_stats(fp,ctx)
-FILE *fp;
-SSL_CTX *ctx;
+int doit(char *ctx[4]);
+static void print_stats(FILE *fp, SSL_CTX *ctx)
 {
 	fprintf(fp,"%4ld items in the session cache\n",
 		SSL_CTX_sess_number(ctx));
@@ -164,7 +144,7 @@ SSL_CTX *ctx;
 	fprintf(fp,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ctx));
 	}
 
-static void sv_usage()
+static void sv_usage(void)
 	{
 	fprintf(stderr,"usage: ssltest [args ...]\n");
 	fprintf(stderr,"\n");
@@ -182,9 +162,7 @@ static void sv_usage()
 	fprintf(stderr," -ssl3         - just SSLv3n\n");
 	}
 
-int main(argc, argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	char *CApath=NULL,*CAfile=NULL;
 	int badop=0;
@@ -197,6 +175,8 @@ char *argv[];
 	char *ccert=TEST_CLIENT_CERT;
 	SSL_METHOD *ssl_method=SSLv23_method();
 
+	RAND_seed(rnd_seed, sizeof rnd_seed);
+
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 	if (bio_stdout == NULL)
@@ -271,7 +251,7 @@ bad:
 	if (cipher == NULL) cipher=getenv("SSL_CIPHER");
 
 	SSL_load_error_strings();
-	SSLeay_add_ssl_algorithms();
+	OpenSSL_add_ssl_algorithms();
 
 	c_ctx=SSL_CTX_new(ssl_method);
 	s_ctx=SSL_CTX_new(ssl_method);
@@ -286,8 +266,15 @@ bad:
 	SSL_CTX_set_session_cache_mode(c_ctx,
 		SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
 
-	SSL_CTX_use_certificate_file(s_ctx,scert,SSL_FILETYPE_PEM);
-	SSL_CTX_use_RSAPrivateKey_file(s_ctx,scert,SSL_FILETYPE_PEM);
+	if (!SSL_CTX_use_certificate_file(s_ctx,scert,SSL_FILETYPE_PEM))
+		{
+		ERR_print_errors(bio_err);
+		}
+	else if (!SSL_CTX_use_RSAPrivateKey_file(s_ctx,scert,SSL_FILETYPE_PEM))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
 
 	if (client_auth)
 		{
@@ -358,8 +345,7 @@ end:
 #define C_DONE	1
 #define S_DONE	2
 
-int ndoit(ssl_ctx)
-SSL_CTX *ssl_ctx[2];
+int ndoit(SSL_CTX *ssl_ctx[2])
 	{
 	int i;
 	int ret;
@@ -405,8 +391,7 @@ SSL_CTX *ssl_ctx[2];
 	return(0);
 	}
 
-int doit(ctx)
-char *ctx[4];
+int doit(char *ctx[4])
 	{
 	SSL_CTX *s_ctx,*c_ctx;
 	static char cbuf[200],sbuf[200];
@@ -518,6 +503,7 @@ char *ctx[4];
 					else
 						{
 						fprintf(stderr,"ERROR in CLIENT\n");
+						ERR_print_errors_fp(stderr);
 						return(1);
 						}
 					}
@@ -549,6 +535,7 @@ char *ctx[4];
 					else
 						{
 						fprintf(stderr,"ERROR in CLIENT\n");
+						ERR_print_errors_fp(stderr);
 						return(1);
 						}
 					}
@@ -681,38 +668,39 @@ err:
 	return(0);
 	}
 
-int MS_CALLBACK verify_callback(ok, xs, xi, depth, error, arg)
-int ok;
-X509 *xs;
-X509 *xi;
-int depth;
-int error;
-char *arg;
+int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
 	{
-	char buf[256];
+	char *s, buf[256];
 
 	if (verbose)
 		{
-		X509_NAME_oneline(X509_get_subject_name(xs),buf,256);
-		if (ok)
-			fprintf(stderr,"depth=%d %s\n",depth,buf);
-		else
-			fprintf(stderr,"depth=%d error=%d %s\n",depth,error,buf);
+		s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),
+				    buf,256);
+		if (s != NULL)
+			{
+			if (ok)
+				fprintf(stderr,"depth=%d %s\n",
+					ctx->error_depth,buf);
+			else
+				fprintf(stderr,"depth=%d error=%d %s\n",
+					ctx->error_depth,ctx->error,buf);
+			}
 		}
 	return(ok);
 	}
 
 #define THREAD_STACK_SIZE (16*1024)
 
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 
-static HANDLE lock_cs[CRYPTO_NUM_LOCKS];
+static HANDLE *lock_cs;
 
-void thread_setup()
+void thread_setup(void)
 	{
 	int i;
 
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE));
+	for (i=0; i<CRYPTO_num_locks(); i++)
 		{
 		lock_cs[i]=CreateMutex(NULL,FALSE,NULL);
 		}
@@ -721,20 +709,17 @@ void thread_setup()
 	/* id callback defined */
 	}
 
-void thread_cleanup()
+void thread_cleanup(void)
 	{
 	int i;
 
 	CRYPTO_set_locking_callback(NULL);
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+	for (i=0; i<CRYPTO_num_locks(); i++)
 		CloseHandle(lock_cs[i]);
+	OPENSSL_free(lock_cs);
 	}
 
-void win32_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
+void win32_locking_callback(int mode, int type, char *file, int line)
 	{
 	if (mode & CRYPTO_LOCK)
 		{
@@ -746,8 +731,7 @@ int line;
 		}
 	}
 
-void do_threads(s_ctx,c_ctx)
-SSL_CTX *s_ctx,*c_ctx;
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
 	{
 	double ret;
 	SSL_CTX *ssl_ctx[2];
@@ -798,19 +782,21 @@ SSL_CTX *s_ctx,*c_ctx;
 	printf("win32 threads done - %.3f seconds\n",ret);
 	}
 
-#endif /* WIN32 */
+#endif /* OPENSSL_SYS_WIN32 */
 
 #ifdef SOLARIS
 
-static mutex_t lock_cs[CRYPTO_NUM_LOCKS];
-/*static rwlock_t lock_cs[CRYPTO_NUM_LOCKS]; */
-static long lock_count[CRYPTO_NUM_LOCKS];
+static mutex_t *lock_cs;
+/*static rwlock_t *lock_cs; */
+static long *lock_count;
 
-void thread_setup()
+void thread_setup(void)
 	{
 	int i;
 
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(mutex_t));
+	lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+	for (i=0; i<CRYPTO_num_locks(); i++)
 		{
 		lock_count[i]=0;
 		/* rwlock_init(&(lock_cs[i]),USYNC_THREAD,NULL); */
@@ -821,40 +807,42 @@ void thread_setup()
 	CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
 	}
 
-void thread_cleanup()
+void thread_cleanup(void)
 	{
 	int i;
 
 	CRYPTO_set_locking_callback(NULL);
-fprintf(stderr,"cleanup\n");
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+
+	fprintf(stderr,"cleanup\n");
+
+	for (i=0; i<CRYPTO_num_locks(); i++)
 		{
 		/* rwlock_destroy(&(lock_cs[i])); */
 		mutex_destroy(&(lock_cs[i]));
 		fprintf(stderr,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i));
 		}
-fprintf(stderr,"done cleanup\n");
+	OPENSSL_free(lock_cs);
+	OPENSSL_free(lock_count);
+
+	fprintf(stderr,"done cleanup\n");
+
 	}
 
-void solaris_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
+void solaris_locking_callback(int mode, int type, char *file, int line)
 	{
 #ifdef undef
-fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
-	CRYPTO_thread_id(),
-	(mode&CRYPTO_LOCK)?"l":"u",
-	(type&CRYPTO_READ)?"r":"w",file,line);
+	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+		CRYPTO_thread_id(),
+		(mode&CRYPTO_LOCK)?"l":"u",
+		(type&CRYPTO_READ)?"r":"w",file,line);
 #endif
 
-/*
-if (CRYPTO_LOCK_SSL_CERT == type)
+	/*
+	if (CRYPTO_LOCK_SSL_CERT == type)
 	fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
 		CRYPTO_thread_id(),
 		mode,file,line);
-*/
+	*/
 	if (mode & CRYPTO_LOCK)
 		{
 	/*	if (mode & CRYPTO_READ)
@@ -872,8 +860,7 @@ if (CRYPTO_LOCK_SSL_CERT == type)
 		}
 	}
 
-void do_threads(s_ctx,c_ctx)
-SSL_CTX *s_ctx,*c_ctx;
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
 	{
 	SSL_CTX *ssl_ctx[2];
 	thread_t thread_ctx[MAX_THREAD_NUMBER];
@@ -902,7 +889,7 @@ SSL_CTX *s_ctx,*c_ctx;
 		s_ctx->references,c_ctx->references);
 	}
 
-unsigned long solaris_thread_id()
+unsigned long solaris_thread_id(void)
 	{
 	unsigned long ret;
 
@@ -915,9 +902,9 @@ unsigned long solaris_thread_id()
 
 
 static usptr_t *arena;
-static usema_t *lock_cs[CRYPTO_NUM_LOCKS];
+static usema_t **lock_cs;
 
-void thread_setup()
+void thread_setup(void)
 	{
 	int i;
 	char filename[20];
@@ -932,7 +919,8 @@ void thread_setup()
 	arena=usinit(filename);
 	unlink(filename);
 
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *));
+	for (i=0; i<CRYPTO_num_locks(); i++)
 		{
 		lock_cs[i]=usnewsema(arena,1);
 		}
@@ -941,12 +929,12 @@ void thread_setup()
 	CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
 	}
 
-void thread_cleanup()
+void thread_cleanup(void)
 	{
 	int i;
 
 	CRYPTO_set_locking_callback(NULL);
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+	for (i=0; i<CRYPTO_num_locks(); i++)
 		{
 		char buf[10];
 
@@ -954,13 +942,10 @@ void thread_cleanup()
 		usdumpsema(lock_cs[i],stdout,buf);
 		usfreesema(lock_cs[i],arena);
 		}
+	OPENSSL_free(lock_cs);
 	}
 
-void irix_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
+void irix_locking_callback(int mode, int type, char *file, int line)
 	{
 	if (mode & CRYPTO_LOCK)
 		{
@@ -974,8 +959,7 @@ int line;
 		}
 	}
 
-void do_threads(s_ctx,c_ctx)
-SSL_CTX *s_ctx,*c_ctx;
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
 	{
 	SSL_CTX *ssl_ctx[2];
 	int thread_ctx[MAX_THREAD_NUMBER];
@@ -1000,7 +984,7 @@ SSL_CTX *s_ctx,*c_ctx;
 		s_ctx->references,c_ctx->references);
 	}
 
-unsigned long irix_thread_id()
+unsigned long irix_thread_id(void)
 	{
 	unsigned long ret;
 
@@ -1011,14 +995,16 @@ unsigned long irix_thread_id()
 
 #ifdef PTHREADS
 
-static pthread_mutex_t lock_cs[CRYPTO_NUM_LOCKS];
-static long lock_count[CRYPTO_NUM_LOCKS];
+static pthread_mutex_t *lock_cs;
+static long *lock_count;
 
-void thread_setup()
+void thread_setup(void)
 	{
 	int i;
 
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
+	lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+	for (i=0; i<CRYPTO_num_locks(); i++)
 		{
 		lock_count[i]=0;
 		pthread_mutex_init(&(lock_cs[i]),NULL);
@@ -1028,26 +1014,26 @@ void thread_setup()
 	CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
 	}
 
-void thread_cleanup()
+void thread_cleanup(void)
 	{
 	int i;
 
 	CRYPTO_set_locking_callback(NULL);
 	fprintf(stderr,"cleanup\n");
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+	for (i=0; i<CRYPTO_num_locks(); i++)
 		{
 		pthread_mutex_destroy(&(lock_cs[i]));
 		fprintf(stderr,"%8ld:%s\n",lock_count[i],
 			CRYPTO_get_lock_name(i));
 		}
+	OPENSSL_free(lock_cs);
+	OPENSSL_free(lock_count);
+
 	fprintf(stderr,"done cleanup\n");
 	}
 
-void pthreads_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
+void pthreads_locking_callback(int mode, int type, char *file,
+	     int line)
       {
 #ifdef undef
 	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
@@ -1072,8 +1058,7 @@ int line;
 		}
 	}
 
-void do_threads(s_ctx,c_ctx)
-SSL_CTX *s_ctx,*c_ctx;
+void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
 	{
 	SSL_CTX *ssl_ctx[2];
 	pthread_t thread_ctx[MAX_THREAD_NUMBER];
@@ -1098,10 +1083,10 @@ SSL_CTX *s_ctx,*c_ctx;
 		}
 
 	printf("pthreads threads done (%d,%d)\n",
-	s_ctx->references,c_ctx->references);
+		s_ctx->references,c_ctx->references);
 	}
 
-unsigned long pthreads_thread_id()
+unsigned long pthreads_thread_id(void)
 	{
 	unsigned long ret;
 
diff --git a/crypto/threads/profile.sh b/crypto/threads/profile.sh
new file mode 100644
index 0000000000..6e3e342fc0
--- /dev/null
+++ b/crypto/threads/profile.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+/bin/rm -f mttest
+cc -p -DSOLARIS -I../../include -g mttest.c -o mttest -L/usr/lib/libc -ldl -L../.. -lthread  -lssl -lcrypto -lnsl -lsocket
+
diff --git a/crypto/threads/ptest.bat b/crypto/threads/ptest.bat
new file mode 100755
index 0000000000..4071b5ffea
--- /dev/null
+++ b/crypto/threads/ptest.bat
@@ -0,0 +1,4 @@
+del mttest.exe
+
+purify cl /O2 -DWIN32 /MD -I..\..\out mttest.c /Femttest ..\..\out\ssl32.lib ..\..\out\crypt32.lib
+
diff --git a/mt/pthread.sh b/crypto/threads/pthread.sh
index 7d0b6e55f5..f1c49821d2 100644
--- a/mt/pthread.sh
+++ b/crypto/threads/pthread.sh
@@ -5,5 +5,5 @@
 # http://www.mit.edu:8001/people/proven/pthreads.html
 #
 /bin/rm -f mttest
-pgcc -DPTHREADS -I../include -g mttest.c -o mttest -L.. -lssl -lcrypto 
+pgcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto 
 
diff --git a/crypto/threads/pthread2.sh b/crypto/threads/pthread2.sh
new file mode 100755
index 0000000000..41264c6a50
--- /dev/null
+++ b/crypto/threads/pthread2.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+#
+# build using pthreads where it's already built into the system
+#
+/bin/rm -f mttest
+gcc -DPTHREADS -I../../include -g mttest.c -o mttest -L../.. -lssl -lcrypto -lpthread
+
diff --git a/crypto/threads/pthreads-vms.com b/crypto/threads/pthreads-vms.com
new file mode 100644
index 0000000000..63f5b8cc2e
--- /dev/null
+++ b/crypto/threads/pthreads-vms.com
@@ -0,0 +1,9 @@
+$! To compile mttest on VMS.
+$!
+$! WARNING: only tested with DEC C so far.
+$
+$ arch := vax
+$ if f$getsyi("CPU") .ge. 128 then arch := axp
+$ define/user openssl [--.include.openssl]
+$ cc/def=PTHREADS mttest.c
+$ link mttest,[--.'arch'.exe.ssl]libssl/lib,[--.'arch'.exe.crypto]libcrypto/lib
diff --git a/crypto/threads/purify.sh b/crypto/threads/purify.sh
new file mode 100644
index 0000000000..6d44fe26b7
--- /dev/null
+++ b/crypto/threads/purify.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+/bin/rm -f mttest
+purify cc -DSOLARIS -I../../include -g mttest.c -o mttest -L../.. -lthread  -lssl -lcrypto -lnsl -lsocket
+
diff --git a/crypto/threads/solaris.sh b/crypto/threads/solaris.sh
new file mode 100644
index 0000000000..bc93094a27
--- /dev/null
+++ b/crypto/threads/solaris.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+/bin/rm -f mttest
+cc -DSOLARIS -I../../include -g mttest.c -o mttest -L../.. -lthread  -lssl -lcrypto -lnsl -lsocket
+
diff --git a/crypto/threads/th-lock.c b/crypto/threads/th-lock.c
index 039022446d..a6a79b9f45 100644
--- a/crypto/threads/th-lock.c
+++ b/crypto/threads/th-lock.c
@@ -63,7 +63,7 @@
 #ifdef LINUX
 #include <typedefs.h>
 #endif
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 #include <windows.h>
 #endif
 #ifdef SOLARIS
@@ -74,16 +74,18 @@
 #include <ulocks.h>
 #include <sys/prctl.h>
 #endif
-#include "lhash.h"
-#include "crypto.h"
-#include "buffer.h"
-#include "e_os.h"
-#include "x509.h"
-#include "ssl.h"
-#include "err.h"
-
-#ifndef NOPROTO
-int CRYPTO_thread_setup(void);
+#ifdef PTHREADS
+#include <pthread.h>
+#endif
+#include <openssl/lhash.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/e_os.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+void CRYPTO_thread_setup(void);
 void CRYPTO_thread_cleanup(void);
 
 static void irix_locking_callback(int mode,int type,char *file,int line);
@@ -95,38 +97,24 @@ static unsigned long irix_thread_id(void );
 static unsigned long solaris_thread_id(void );
 static unsigned long pthreads_thread_id(void );
 
-#else
-int CRYPOTO_thread_setup();
-void CRYPTO_cleanup();
-
-static void irix_locking_callback();
-static void solaris_locking_callback();
-static void win32_locking_callback();
-static void pthreads_locking_callback();
-
-static unsigned long irix_thread_id();
-static unsigned long solaris_thread_id();
-static unsigned long pthreads_thread_id();
-
-#endif
-
 /* usage:
  * CRYPTO_thread_setup();
- * applicaion code
+ * application code
  * CRYPTO_thread_cleanup();
  */
 
 #define THREAD_STACK_SIZE (16*1024)
 
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 
-static HANDLE lock_cs[CRYPTO_NUM_LOCKS];
+static HANDLE *lock_cs;
 
-int CRYPTO_thread_setup()
+void CRYPTO_thread_setup(void)
 	{
 	int i;
 
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE));
+	for (i=0; i<CRYPTO_num_locks(); i++)
 		{
 		lock_cs[i]=CreateMutex(NULL,FALSE,NULL);
 		}
@@ -136,20 +124,17 @@ int CRYPTO_thread_setup()
 	return(1);
 	}
 
-static void CRYPTO_thread_cleanup()
+static void CRYPTO_thread_cleanup(void)
 	{
 	int i;
 
 	CRYPTO_set_locking_callback(NULL);
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+	for (i=0; i<CRYPTO_num_locks(); i++)
 		CloseHandle(lock_cs[i]);
+	OPENSSL_free(lock_cs);
 	}
 
-void win32_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
+void win32_locking_callback(int mode, int type, char *file, int line)
 	{
 	if (mode & CRYPTO_LOCK)
 		{
@@ -161,24 +146,30 @@ int line;
 		}
 	}
 
-#endif /* WIN32 */
+#endif /* OPENSSL_SYS_WIN32 */
 
 #ifdef SOLARIS
 
 #define USE_MUTEX
 
-static mutex_t lock_cs[CRYPTO_NUM_LOCKS];
 #ifdef USE_MUTEX
-static long lock_count[CRYPTO_NUM_LOCKS];
+static mutex_t *lock_cs;
 #else
-static rwlock_t lock_cs[CRYPTO_NUM_LOCKS];
+static rwlock_t *lock_cs;
 #endif
+static long *lock_count;
 
-void CRYPTO_thread_setup()
+void CRYPTO_thread_setup(void)
 	{
 	int i;
 
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+#ifdef USE_MUTEX
+	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(mutex_t));
+#else
+	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(rwlock_t));
+#endif
+	lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+	for (i=0; i<CRYPTO_num_locks(); i++)
 		{
 		lock_count[i]=0;
 #ifdef USE_MUTEX
@@ -192,12 +183,12 @@ void CRYPTO_thread_setup()
 	CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
 	}
 
-void CRYPTO_thread_cleanup()
+void CRYPTO_thread_cleanup(void)
 	{
 	int i;
 
 	CRYPTO_set_locking_callback(NULL);
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+	for (i=0; i<CRYPTO_num_locks(); i++)
 		{
 #ifdef USE_MUTEX
 		mutex_destroy(&(lock_cs[i]));
@@ -205,13 +196,11 @@ void CRYPTO_thread_cleanup()
 		rwlock_destroy(&(lock_cs[i]));
 #endif
 		}
+	OPENSSL_free(lock_cs);
+	OPENSSL_free(lock_count);
 	}
 
-void solaris_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
+void solaris_locking_callback(int mode, int type, char *file, int line)
 	{
 #if 0
 	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
@@ -248,7 +237,7 @@ int line;
 		}
 	}
 
-unsigned long solaris_thread_id()
+unsigned long solaris_thread_id(void)
 	{
 	unsigned long ret;
 
@@ -261,9 +250,9 @@ unsigned long solaris_thread_id()
 /* I don't think this works..... */
 
 static usptr_t *arena;
-static usema_t *lock_cs[CRYPTO_NUM_LOCKS];
+static usema_t **lock_cs;
 
-void CRYPTO_thread_setup()
+void CRYPTO_thread_setup(void)
 	{
 	int i;
 	char filename[20];
@@ -278,7 +267,8 @@ void CRYPTO_thread_setup()
 	arena=usinit(filename);
 	unlink(filename);
 
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *));
+	for (i=0; i<CRYPTO_num_locks(); i++)
 		{
 		lock_cs[i]=usnewsema(arena,1);
 		}
@@ -287,12 +277,12 @@ void CRYPTO_thread_setup()
 	CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
 	}
 
-void CRYPTO_thread_cleanup()
+void CRYPTO_thread_cleanup(void)
 	{
 	int i;
 
 	CRYPTO_set_locking_callback(NULL);
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+	for (i=0; i<CRYPTO_num_locks(); i++)
 		{
 		char buf[10];
 
@@ -300,13 +290,10 @@ void CRYPTO_thread_cleanup()
 		usdumpsema(lock_cs[i],stdout,buf);
 		usfreesema(lock_cs[i],arena);
 		}
+	OPENSSL_free(lock_cs);
 	}
 
-void irix_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
+void irix_locking_callback(int mode, int type, char *file, int line)
 	{
 	if (mode & CRYPTO_LOCK)
 		{
@@ -318,7 +305,7 @@ int line;
 		}
 	}
 
-unsigned long irix_thread_id()
+unsigned long irix_thread_id(void)
 	{
 	unsigned long ret;
 
@@ -330,14 +317,16 @@ unsigned long irix_thread_id()
 /* Linux and a few others */
 #ifdef PTHREADS
 
-static pthread_mutex_t lock_cs[CRYPTO_NUM_LOCKS];
-static long lock_count[CRYPTO_NUM_LOCKS];
+static pthread_mutex_t *lock_cs;
+static long *lock_count;
 
-void CRYPTO_thread_setup()
+void CRYPTO_thread_setup(void)
 	{
 	int i;
 
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
+	lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
+	for (i=0; i<CRYPTO_num_locks(); i++)
 		{
 		lock_count[i]=0;
 		pthread_mutex_init(&(lock_cs[i]),NULL);
@@ -347,22 +336,21 @@ void CRYPTO_thread_setup()
 	CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
 	}
 
-void thread_cleanup()
+void thread_cleanup(void)
 	{
 	int i;
 
 	CRYPTO_set_locking_callback(NULL);
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+	for (i=0; i<CRYPTO_num_locks(); i++)
 		{
 		pthread_mutex_destroy(&(lock_cs[i]));
 		}
+	OPENSSL_free(lock_cs);
+	OPENSSL_free(lock_count);
 	}
 
-void pthreads_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
+void pthreads_locking_callback(int mode, int type, char *file,
+	     int line)
       {
 #if 0
 	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
@@ -387,7 +375,7 @@ int line;
 		}
 	}
 
-unsigned long pthreads_thread_id()
+unsigned long pthreads_thread_id(void)
 	{
 	unsigned long ret;
 
diff --git a/crypto/threads/win32.bat b/crypto/threads/win32.bat
new file mode 100755
index 0000000000..ee6da80a07
--- /dev/null
+++ b/crypto/threads/win32.bat
@@ -0,0 +1,4 @@
+del mttest.exe
+
+cl /O2 -DWIN32 /MD -I..\..\out mttest.c /Femttest ..\..\out\ssleay32.lib ..\..\out\libeay32.lib
+
diff --git a/crypto/tmdiff.c b/crypto/tmdiff.c
index a5b1c8b6c3..307523ebba 100644
--- a/crypto/tmdiff.c
+++ b/crypto/tmdiff.c
@@ -58,36 +58,35 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include "cryptlib.h"
-#include "tmdiff.h"
+#include <openssl/tmdiff.h>
+#if !defined(OPENSSL_SYS_MSDOS)
+#include OPENSSL_UNISTD
+#endif
 
 #ifdef TIMEB
-#undef WIN32
+#undef OPENSSL_SYS_WIN32
 #undef TIMES
 #endif
 
-#ifndef MSDOS
-#  ifndef WIN32
-#    define TIMES
-#  endif
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) && !(defined(OPENSSL_SYS_VMS) || defined(__DECC)) && !defined(OPENSSL_SYS_MACOSX_RHAPSODY) && !defined(OPENSSL_SYS_VXWORKS)
+# define TIMES
 #endif
 
-#ifndef VMS
-#  ifndef _IRIX
-#   include <time.h>
-#  endif
-#  ifdef TIMES
-#    include <sys/types.h>
-#    include <sys/times.h>
-#  endif
-#else /* VMS */
-#  include <types.h>
-	struct tms {
-		time_t tms_utime;
-		time_t tms_stime;
-		time_t tms_uchild;      /* I dunno...  */
-		time_t tms_uchildsys;   /* so these names are a guess :-) */
-		}
-#endif /* VMS */
+#ifndef _IRIX
+#  include <time.h>
+#endif
+#ifdef TIMES
+#  include <sys/types.h>
+#  include <sys/times.h>
+#endif
+
+/* Depending on the VMS version, the tms structure is perhaps defined.
+   The __TMS macro will show if it was.  If it wasn't defined, we should
+   undefine TIMES, since that tells the rest of the program how things
+   should be handled.				-- Richard Levitte */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__TMS)
+#undef TIMES
+#endif
 
 #if defined(sun) || defined(__ultrix)
 #define _POSIX_SOURCE
@@ -95,28 +94,29 @@
 #include <sys/param.h>
 #endif
 
-#ifndef TIMES
+#if !defined(TIMES) && !defined(OPENSSL_SYS_VXWORKS)
 #include <sys/timeb.h>
 #endif
 
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 #include <windows.h>
 #endif
 
 /* The following if from times(3) man page.  It may need to be changed */
 #ifndef HZ
-# ifndef CLK_TCK
-#  ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
-#   ifndef VMS
-#    define HZ  100.0
-#   else /* VMS */
+# if defined(_SC_CLK_TCK) \
+     && (!defined(OPENSSL_SYS_VMS) || __CTRL_VER >= 70000000)
+#  define HZ ((double)sysconf(_SC_CLK_TCK))
+# else
+#  ifndef CLK_TCK
+#   ifndef _BSD_CLK_TCK_ /* FreeBSD hack */
 #    define HZ  100.0
+#   else /* _BSD_CLK_TCK_ */
+#    define HZ ((double)_BSD_CLK_TCK_)
 #   endif
-#  else /* _BSD_CLK_TCK_ */
-#   define HZ ((double)_BSD_CLK_TCK_)
+#  else /* CLK_TCK */
+#   define HZ ((double)CLK_TCK)
 #  endif
-# else /* CLK_TCK */
-#  define HZ ((double)CLK_TCK)
 # endif
 #endif
 
@@ -125,57 +125,62 @@ typedef struct ms_tm
 #ifdef TIMES
 	struct tms ms_tms;
 #else
-#  ifdef WIN32
+#  ifdef OPENSSL_SYS_WIN32
 	HANDLE thread_id;
 	FILETIME ms_win32;
 #  else
+#    ifdef OPENSSL_SYS_VXWORKS
+          unsigned long ticks;
+#    else
 	struct timeb ms_timeb;
+#    endif
 #  endif
 #endif
 	} MS_TM;
 
-char *ms_time_new()
+char *ms_time_new(void)
 	{
 	MS_TM *ret;
 
-	ret=(MS_TM *)Malloc(sizeof(MS_TM));
+	ret=(MS_TM *)OPENSSL_malloc(sizeof(MS_TM));
 	if (ret == NULL)
 		return(NULL);
 	memset(ret,0,sizeof(MS_TM));
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 	ret->thread_id=GetCurrentThread();
 #endif
 	return((char *)ret);
 	}
 
-void ms_time_free(a)
-char *a;
+void ms_time_free(char *a)
 	{
 	if (a != NULL)
-		Free(a);
+		OPENSSL_free(a);
 	}
 
-void ms_time_get(a)
-char *a;
+void ms_time_get(char *a)
 	{
 	MS_TM *tm=(MS_TM *)a;
-#ifdef WIN32
+#ifdef OPENSSL_SYS_WIN32
 	FILETIME tmpa,tmpb,tmpc;
 #endif
 
 #ifdef TIMES
 	times(&tm->ms_tms);
 #else
-#  ifdef WIN32
+#  ifdef OPENSSL_SYS_WIN32
 	GetThreadTimes(tm->thread_id,&tmpa,&tmpb,&tmpc,&(tm->ms_win32));
 #  else
+#    ifdef OPENSSL_SYS_VXWORKS
+        tm->ticks = tickGet();
+#    else
 	ftime(&tm->ms_timeb);
+#    endif
 #  endif
 #endif
 	}
 
-double ms_time_diff(ap,bp)
-char *ap,*bp;
+double ms_time_diff(char *ap, char *bp)
 	{
 	MS_TM *a=(MS_TM *)ap;
 	MS_TM *b=(MS_TM *)bp;
@@ -184,9 +189,13 @@ char *ap,*bp;
 #ifdef TIMES
 	ret=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ;
 #else
-# ifdef WIN32
+# ifdef OPENSSL_SYS_WIN32
 	{
+#ifdef __GNUC__
+	signed long long la,lb;
+#else
 	signed _int64 la,lb;
+#endif
 	la=a->ms_win32.dwHighDateTime;
 	lb=b->ms_win32.dwHighDateTime;
 	la<<=32;
@@ -196,16 +205,19 @@ char *ap,*bp;
 	ret=((double)(lb-la))/1e7;
 	}
 # else
+#  ifdef OPENSSL_SYS_VXWORKS
+        ret = (double)(b->ticks - a->ticks) / (double)sysClkRateGet();
+#  else
 	ret=	 (double)(b->ms_timeb.time-a->ms_timeb.time)+
 		(((double)b->ms_timeb.millitm)-
 		((double)a->ms_timeb.millitm))/1000.0;
 #  endif
+# endif
 #endif
 	return((ret < 0.0000001)?0.0000001:ret);
 	}
 
-int ms_time_cmp(ap,bp)
-char *ap,*bp;
+int ms_time_cmp(char *ap, char *bp)
 	{
 	MS_TM *a=(MS_TM *)ap,*b=(MS_TM *)bp;
 	double d;
@@ -214,13 +226,17 @@ char *ap,*bp;
 #ifdef TIMES
 	d=(b->ms_tms.tms_utime-a->ms_tms.tms_utime)/HZ;
 #else
-# ifdef WIN32
+# ifdef OPENSSL_SYS_WIN32
 	d =(b->ms_win32.dwHighDateTime&0x000fffff)*10+b->ms_win32.dwLowDateTime/1e7;
 	d-=(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7;
 # else
+#  ifdef OPENSSL_SYS_VXWORKS
+        d = (b->ticks - a->ticks);
+#  else
 	d=	 (double)(b->ms_timeb.time-a->ms_timeb.time)+
 		(((double)b->ms_timeb.millitm)-(double)a->ms_timeb.millitm)/1000.0;
 #  endif
+# endif
 #endif
 	if (d == 0.0)
 		ret=0;
diff --git a/crypto/tmdiff.h b/crypto/tmdiff.h
index 4561211b7c..41a8a1e0e0 100644
--- a/crypto/tmdiff.h
+++ b/crypto/tmdiff.h
@@ -67,22 +67,12 @@
 extern "C" {
 #endif
 
-#ifndef NOPROTO
 char *ms_time_new(void );
 void ms_time_free(char *a);
 void ms_time_get(char *a);
 double ms_time_diff(char *start,char *end);
 int ms_time_cmp(char *ap,char *bp);
 
-#else
-
-char *ms_time_new();
-void ms_time_free();
-void ms_time_get();
-double ms_time_diff();
-int ms_time_cmp();
-#endif
-
 #ifdef  __cplusplus
 }
 #endif
diff --git a/crypto/txt_db/.cvsignore b/crypto/txt_db/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/txt_db/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/txt_db/Makefile.ssl b/crypto/txt_db/Makefile.ssl
index 76e511534f..313f75313b 100644
--- a/crypto/txt_db/Makefile.ssl
+++ b/crypto/txt_db/Makefile.ssl
@@ -7,9 +7,12 @@ TOP=	../..
 CC=	cc
 INCLUDES=
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
@@ -37,24 +40,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -66,15 +68,21 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+txt_db.o: ../../e_os.h ../../include/openssl/bio.h
+txt_db.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+txt_db.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+txt_db.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+txt_db.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+txt_db.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+txt_db.o: ../../include/openssl/txt_db.h ../cryptlib.h txt_db.c
diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c
index c7044684ec..58b300b00b 100644
--- a/crypto/txt_db/txt_db.c
+++ b/crypto/txt_db/txt_db.c
@@ -60,17 +60,15 @@
 #include <stdlib.h>
 #include <string.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "txt_db.h"
+#include <openssl/buffer.h>
+#include <openssl/txt_db.h>
 
 #undef BUFSIZE
 #define BUFSIZE	512
 
-char *TXT_DB_version="TXT_DB part of SSLeay 0.9.1a 06-Jul-1998";
+const char *TXT_DB_version="TXT_DB" OPENSSL_VERSION_PTEXT;
 
-TXT_DB *TXT_DB_read(in,num)
-BIO *in;
-int num;
+TXT_DB *TXT_DB_read(BIO *in, int num)
 	{
 	TXT_DB *ret=NULL;
 	int er=1;
@@ -85,16 +83,16 @@ int num;
 	if ((buf=BUF_MEM_new()) == NULL) goto err;
 	if (!BUF_MEM_grow(buf,size)) goto err;
 
-	if ((ret=(TXT_DB *)Malloc(sizeof(TXT_DB))) == NULL)
+	if ((ret=(TXT_DB *)OPENSSL_malloc(sizeof(TXT_DB))) == NULL)
 		goto err;
 	ret->num_fields=num;
 	ret->index=NULL;
 	ret->qual=NULL;
 	if ((ret->data=sk_new_null()) == NULL)
 		goto err;
-	if ((ret->index=(LHASH **)Malloc(sizeof(LHASH *)*num)) == NULL)
+	if ((ret->index=(LHASH **)OPENSSL_malloc(sizeof(LHASH *)*num)) == NULL)
 		goto err;
-	if ((ret->qual=(int (**)())Malloc(sizeof(int (**)())*num)) == NULL)
+	if ((ret->qual=(int (**)())OPENSSL_malloc(sizeof(int (**)())*num)) == NULL)
 		goto err;
 	for (i=0; i<num; i++)
 		{
@@ -110,7 +108,7 @@ int num;
 		if (offset != 0)
 			{
 			size+=BUFSIZE;
-			if (!BUF_MEM_grow(buf,size)) goto err;
+			if (!BUF_MEM_grow_clean(buf,size)) goto err;
 			}
 		buf->data[offset]='\0';
 		BIO_gets(in,&(buf->data[offset]),size-offset);
@@ -124,7 +122,7 @@ int num;
 		else
 			{
 			buf->data[offset-1]='\0'; /* blat the '\n' */
-			p=(char *)Malloc(add+offset);
+			if (!(p=(char *)OPENSSL_malloc(add+offset))) goto err;
 			offset=0;
 			}
 		pp=(char **)p;
@@ -157,8 +155,8 @@ int num;
 		*(p++)='\0';
 		if ((n != num) || (*f != '\0'))
 			{
-#if !defined(NO_STDIO) && !defined(WIN16)	/* temporaty fix :-( */
-			fprintf(stderr,"wrong number of fields on line %ld\n",ln);
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)	/* temporaty fix :-( */
+			fprintf(stderr,"wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",ln,num,n,f);
 #endif
 			er=2;
 			goto err;
@@ -166,7 +164,7 @@ int num;
 		pp[n]=p;
 		if (!sk_push(ret->data,(char *)pp))
 			{
-#if !defined(NO_STDIO) && !defined(WIN16)	/* temporaty fix :-( */
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)	/* temporaty fix :-( */
 			fprintf(stderr,"failure in sk_push\n");
 #endif
 			er=2;
@@ -178,23 +176,20 @@ err:
 	BUF_MEM_free(buf);
 	if (er)
 		{
-#if !defined(NO_STDIO) && !defined(WIN16)
-		if (er == 1) fprintf(stderr,"Malloc failure\n");
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
+		if (er == 1) fprintf(stderr,"OPENSSL_malloc failure\n");
 #endif
 		if (ret->data != NULL) sk_free(ret->data);
-		if (ret->index != NULL) Free(ret->index);
-		if (ret->qual != NULL) Free((char *)ret->qual);
-		if (ret != NULL) Free(ret);
+		if (ret->index != NULL) OPENSSL_free(ret->index);
+		if (ret->qual != NULL) OPENSSL_free(ret->qual);
+		if (ret != NULL) OPENSSL_free(ret);
 		return(NULL);
 		}
 	else
 		return(ret);
 	}
 
-char **TXT_DB_get_by_index(db,idx,value)
-TXT_DB *db;
-int idx;
-char **value;
+char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value)
 	{
 	char **ret;
 	LHASH *lh;
@@ -210,17 +205,13 @@ char **value;
 		db->error=DB_ERROR_NO_INDEX;
 		return(NULL);
 		}
-	ret=(char **)lh_retrieve(lh,(char *)value);
+	ret=(char **)lh_retrieve(lh,value);
 	db->error=DB_ERROR_OK;
 	return(ret);
 	}
 
-int TXT_DB_create_index(db,field,qual,hash,cmp)
-TXT_DB *db;
-int field;
-int (*qual)();
-unsigned long (*hash)();
-int (*cmp)();
+int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(),
+		LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp)
 	{
 	LHASH *idx;
 	char *r;
@@ -256,9 +247,7 @@ int (*cmp)();
 	return(1);
 	}
 
-long TXT_DB_write(out,db)
-BIO *out;
-TXT_DB *db;
+long TXT_DB_write(BIO *out, TXT_DB *db)
 	{
 	long i,j,n,nn,l,tot=0;
 	char *p,**pp,*f;
@@ -279,7 +268,7 @@ TXT_DB *db;
 			if (pp[j] != NULL)
 				l+=strlen(pp[j]);
 			}
-		if (!BUF_MEM_grow(buf,(int)(l*2+nn))) goto err;
+		if (!BUF_MEM_grow_clean(buf,(int)(l*2+nn))) goto err;
 
 		p=buf->data;
 		for (j=0; j<nn; j++)
@@ -306,9 +295,7 @@ err:
 	return(ret);
 	}
 
-int TXT_DB_insert(db,row)
-TXT_DB *db;
-char **row;
+int TXT_DB_insert(TXT_DB *db, char **row)
 	{
 	int i;
 	char **r;
@@ -319,7 +306,7 @@ char **row;
 			{
 			if ((db->qual[i] != NULL) &&
 				(db->qual[i](row) == 0)) continue;
-			r=(char **)lh_retrieve(db->index[i],(char *)row);
+			r=(char **)lh_retrieve(db->index[i],row);
 			if (r != NULL)
 				{
 				db->error=DB_ERROR_INDEX_CLASH;
@@ -342,7 +329,7 @@ char **row;
 			{
 			if ((db->qual[i] != NULL) &&
 				(db->qual[i](row) == 0)) continue;
-			lh_insert(db->index[i],(char *)row);
+			lh_insert(db->index[i],row);
 			}
 		}
 	return(1);
@@ -350,20 +337,22 @@ err:
 	return(0);
 	}
 
-void TXT_DB_free(db)
-TXT_DB *db;
+void TXT_DB_free(TXT_DB *db)
 	{
 	int i,n;
 	char **p,*max;
 
+	if(db == NULL)
+	    return;
+
 	if (db->index != NULL)
 		{
 		for (i=db->num_fields-1; i>=0; i--)
 			if (db->index[i] != NULL) lh_free(db->index[i]);
-		Free(db->index);
+		OPENSSL_free(db->index);
 		}
 	if (db->qual != NULL)
-		Free(db->qual);
+		OPENSSL_free(db->qual);
 	if (db->data != NULL)
 		{
 		for (i=sk_num(db->data)-1; i>=0; i--)
@@ -375,7 +364,7 @@ TXT_DB *db;
 			if (max == NULL) /* new row */
 				{
 				for (n=0; n<db->num_fields; n++)
-					if (p[n] != NULL) Free(p[n]);
+					if (p[n] != NULL) OPENSSL_free(p[n]);
 				}
 			else
 				{
@@ -383,12 +372,12 @@ TXT_DB *db;
 					{
 					if (((p[n] < (char *)p) || (p[n] > max))
 						&& (p[n] != NULL))
-						Free(p[n]);
+						OPENSSL_free(p[n]);
 					}
 				}
-			Free(sk_value(db->data,i));
+			OPENSSL_free(sk_value(db->data,i));
 			}
 		sk_free(db->data);
 		}
-	Free(db);
+	OPENSSL_free(db);
 	}
diff --git a/crypto/txt_db/txt_db.h b/crypto/txt_db/txt_db.h
index aca6dae393..563392aeff 100644
--- a/crypto/txt_db/txt_db.h
+++ b/crypto/txt_db/txt_db.h
@@ -59,12 +59,11 @@
 #ifndef HEADER_TXT_DB_H
 #define HEADER_TXT_DB_H
 
-#ifdef  __cplusplus
-extern "C" {
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
 #endif
-
-#include "stack.h"
-#include "lhash.h"
+#include <openssl/stack.h>
+#include <openssl/lhash.h>
 
 #define DB_ERROR_OK			0
 #define DB_ERROR_MALLOC			1
@@ -73,6 +72,10 @@ extern "C" {
 #define DB_ERROR_NO_INDEX		4
 #define DB_ERROR_INSERT_INDEX_CLASH    	5
 
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
 typedef struct txt_db_st
 	{
 	int num_fields;
@@ -85,8 +88,7 @@ typedef struct txt_db_st
 	char **arg_row;
 	} TXT_DB;
 
-#ifndef NOPROTO
-#ifdef HEADER_BIO_H
+#ifndef OPENSSL_NO_BIO
 TXT_DB *TXT_DB_read(BIO *in, int num);
 long TXT_DB_write(BIO *out, TXT_DB *db);
 #else
@@ -94,22 +96,11 @@ TXT_DB *TXT_DB_read(char *in, int num);
 long TXT_DB_write(char *out, TXT_DB *db);
 #endif
 int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(),
-	 unsigned long (*hash)(),int (*cmp)());
+		LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp);
 void TXT_DB_free(TXT_DB *db);
 char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value);
 int TXT_DB_insert(TXT_DB *db,char **value);
 
-#else
-
-TXT_DB *TXT_DB_read();
-long TXT_DB_write();
-int TXT_DB_create_index();
-void TXT_DB_free();
-char **TXT_DB_get_by_index();
-int TXT_DB_insert();
-
-#endif
-
 #ifdef  __cplusplus
 }
 #endif
diff --git a/crypto/ui/.cvsignore b/crypto/ui/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/ui/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/ui/Makefile.ssl b/crypto/ui/Makefile.ssl
new file mode 100644
index 0000000000..256f536a68
--- /dev/null
+++ b/crypto/ui/Makefile.ssl
@@ -0,0 +1,117 @@
+#
+# OpenSSL/crypto/ui/Makefile
+#
+
+DIR=	ui
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile
+#TEST= uitest.c
+TEST=
+APPS=
+
+COMPATSRC= ui_compat.c
+COMPATOBJ= ui_compat.o
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ui_err.c ui_lib.c ui_openssl.c ui_util.c $(COMPATSRC)
+LIBOBJ= ui_err.o ui_lib.o ui_openssl.o ui_util.o $(COMPATOBJ)
+
+SRC= $(LIBSRC)
+
+EXHEADER= ui.h ui_compat.h
+HEADER=	$(EXHEADER) ui_locl.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ui_compat.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ui_compat.o: ../../include/openssl/opensslconf.h
+ui_compat.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ui_compat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ui_compat.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+ui_compat.o: ui_compat.c
+ui_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+ui_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ui_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ui_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ui_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ui_err.o: ../../include/openssl/ui.h ui_err.c
+ui_lib.o: ../../e_os.h ../../include/openssl/bio.h
+ui_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ui_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ui_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ui_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ui_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ui_lib.o: ../../include/openssl/ui.h ../cryptlib.h ui_lib.c ui_locl.h
+ui_openssl.o: ../../e_os.h ../../include/openssl/bio.h
+ui_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ui_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ui_openssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ui_openssl.o: ../../include/openssl/opensslv.h
+ui_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ui_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ui_openssl.o: ../cryptlib.h ui_locl.h ui_openssl.c
+ui_util.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ui_util.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ui_util.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ui_util.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+ui_util.o: ui_util.c
diff --git a/crypto/ui/ui.h b/crypto/ui/ui.h
new file mode 100644
index 0000000000..735a2d988e
--- /dev/null
+++ b/crypto/ui/ui.h
@@ -0,0 +1,387 @@
+/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_UI_H
+#define HEADER_UI_H
+
+#include <openssl/crypto.h>
+#include <openssl/safestack.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* The UI type is a holder for a specific user interface session.  It can
+   contain an illimited number of informational or error strings as well
+   as things to prompt for, both passwords (noecho mode) and others (echo
+   mode), and verification of the same.  All of these are called strings,
+   and are further described below. */
+typedef struct ui_st UI;
+
+/* All instances of UI have a reference to a method structure, which is a
+   ordered vector of functions that implement the lower level things to do.
+   There is an instruction on the implementation further down, in the section
+   for method implementors. */
+typedef struct ui_method_st UI_METHOD;
+
+
+/* All the following functions return -1 or NULL on error and in some cases
+   (UI_process()) -2 if interrupted or in some other way cancelled.
+   When everything is fine, they return 0, a positive value or a non-NULL
+   pointer, all depending on their purpose. */
+
+/* Creators and destructor.   */
+UI *UI_new(void);
+UI *UI_new_method(const UI_METHOD *method);
+void UI_free(UI *ui);
+
+/* The following functions are used to add strings to be printed and prompt
+   strings to prompt for data.  The names are UI_{add,dup}_<function>_string
+   and UI_{add,dup}_input_boolean.
+
+   UI_{add,dup}_<function>_string have the following meanings:
+	add	add a text or prompt string.  The pointers given to these
+		functions are used verbatim, no copying is done.
+	dup	make a copy of the text or prompt string, then add the copy
+		to the collection of strings in the user interface.
+	<function>
+		The function is a name for the functionality that the given
+		string shall be used for.  It can be one of:
+			input	use the string as data prompt.
+			verify	use the string as verification prompt.  This
+				is used to verify a previous input.
+			info	use the string for informational output.
+			error	use the string for error output.
+   Honestly, there's currently no difference between info and error for the
+   moment.
+
+   UI_{add,dup}_input_boolean have the same semantics for "add" and "dup",
+   and are typically used when one wants to prompt for a yes/no response.
+
+
+   All of the functions in this group take a UI and a prompt string.
+   The string input and verify addition functions also take a flag argument,
+   a buffer for the result to end up with, a minimum input size and a maximum
+   input size (the result buffer MUST be large enough to be able to contain
+   the maximum number of characters).  Additionally, the verify addition
+   functions takes another buffer to compare the result against.
+   The boolean input functions take an action description string (which should
+   be safe to ignore if the expected user action is obvious, for example with
+   a dialog box with an OK button and a Cancel button), a string of acceptable
+   characters to mean OK and to mean Cancel.  The two last strings are checked
+   to make sure they don't have common characters.  Additionally, the same
+   flag argument as for the string input is taken, as well as a result buffer.
+   The result buffer is required to be at least one byte long.  Depending on
+   the answer, the first character from the OK or the Cancel character strings
+   will be stored in the first byte of the result buffer.  No NUL will be
+   added, so the result is *not* a string.
+
+   On success, the all return an index of the added information.  That index
+   is usefull when retrieving results with UI_get0_result(). */
+int UI_add_input_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize);
+int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize);
+int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize, const char *test_buf);
+int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize, const char *test_buf);
+int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+	const char *ok_chars, const char *cancel_chars,
+	int flags, char *result_buf);
+int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+	const char *ok_chars, const char *cancel_chars,
+	int flags, char *result_buf);
+int UI_add_info_string(UI *ui, const char *text);
+int UI_dup_info_string(UI *ui, const char *text);
+int UI_add_error_string(UI *ui, const char *text);
+int UI_dup_error_string(UI *ui, const char *text);
+
+/* These are the possible flags.  They can be or'ed together. */
+/* Use to have echoing of input */
+#define UI_INPUT_FLAG_ECHO		0x01
+/* Use a default password.  Where that password is found is completely
+   up to the application, it might for example be in the user data set
+   with UI_add_user_data().  It is not recommended to have more than
+   one input in each UI being marked with this flag, or the application
+   might get confused. */
+#define UI_INPUT_FLAG_DEFAULT_PWD	0x02
+
+/* The user of these routines may want to define flags of their own.  The core
+   UI won't look at those, but will pass them on to the method routines.  They
+   must use higher bits so they don't get confused with the UI bits above.
+   UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use.  A good
+   example of use is this:
+
+	#define MY_UI_FLAG1	(0x01 << UI_INPUT_FLAG_USER_BASE)
+
+*/
+#define UI_INPUT_FLAG_USER_BASE	16
+
+
+/* The following function helps construct a prompt.  object_desc is a
+   textual short description of the object, for example "pass phrase",
+   and object_name is the name of the object (might be a card name or
+   a file name.
+   The returned string shall always be allocated on the heap with
+   OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
+
+   If the ui_method doesn't contain a pointer to a user-defined prompt
+   constructor, a default string is built, looking like this:
+
+	"Enter {object_desc} for {object_name}:"
+
+   So, if object_desc has the value "pass phrase" and object_name has
+   the value "foo.key", the resulting string is:
+
+	"Enter pass phrase for foo.key:"
+*/
+char *UI_construct_prompt(UI *ui_method,
+	const char *object_desc, const char *object_name);
+
+
+/* The following function is used to store a pointer to user-specific data.
+   Any previous such pointer will be returned and replaced.
+
+   For callback purposes, this function makes a lot more sense than using
+   ex_data, since the latter requires that different parts of OpenSSL or
+   applications share the same ex_data index.
+
+   Note that the UI_OpenSSL() method completely ignores the user data.
+   Other methods may not, however.  */
+void *UI_add_user_data(UI *ui, void *user_data);
+/* We need a user data retrieving function as well.  */
+void *UI_get0_user_data(UI *ui);
+
+/* Return the result associated with a prompt given with the index i. */
+const char *UI_get0_result(UI *ui, int i);
+
+/* When all strings have been added, process the whole thing. */
+int UI_process(UI *ui);
+
+/* Give a user interface parametrised control commands.  This can be used to
+   send down an integer, a data pointer or a function pointer, as well as
+   be used to get information from a UI. */
+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)());
+
+/* The commands */
+/* Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the
+   OpenSSL error stack before printing any info or added error messages and
+   before any prompting. */
+#define UI_CTRL_PRINT_ERRORS		1
+/* Check if a UI_process() is possible to do again with the same instance of
+   a user interface.  This makes UI_ctrl() return 1 if it is redoable, and 0
+   if not. */
+#define UI_CTRL_IS_REDOABLE		2
+
+
+/* Some methods may use extra data */
+#define UI_set_app_data(s,arg)         UI_set_ex_data(s,0,arg)
+#define UI_get_app_data(s)             UI_get_ex_data(s,0)
+int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int UI_set_ex_data(UI *r,int idx,void *arg);
+void *UI_get_ex_data(UI *r, int idx);
+
+/* Use specific methods instead of the built-in one */
+void UI_set_default_method(const UI_METHOD *meth);
+const UI_METHOD *UI_get_default_method(void);
+const UI_METHOD *UI_get_method(UI *ui);
+const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
+
+/* The method with all the built-in thingies */
+UI_METHOD *UI_OpenSSL(void);
+
+
+/* ---------- For method writers ---------- */
+/* A method contains a number of functions that implement the low level
+   of the User Interface.  The functions are:
+
+	an opener	This function starts a session, maybe by opening
+			a channel to a tty, or by opening a window.
+	a writer	This function is called to write a given string,
+			maybe to the tty, maybe as a field label in a
+			window.
+	a flusher	This function is called to flush everything that
+			has been output so far.  It can be used to actually
+			display a dialog box after it has been built.
+	a reader	This function is called to read a given prompt,
+			maybe from the tty, maybe from a field in a
+			window.  Note that it's called wth all string
+			structures, not only the prompt ones, so it must
+			check such things itself.
+	a closer	This function closes the session, maybe by closing
+			the channel to the tty, or closing the window.
+
+   All these functions are expected to return:
+
+	0	on error.
+	1	on success.
+	-1	on out-of-band events, for example if some prompting has
+		been canceled (by pressing Ctrl-C, for example).  This is
+		only checked when returned by the flusher or the reader.
+
+   The way this is used, the opener is first called, then the writer for all
+   strings, then the flusher, then the reader for all strings and finally the
+   closer.  Note that if you want to prompt from a terminal or other command
+   line interface, the best is to have the reader also write the prompts
+   instead of having the writer do it.  If you want to prompt from a dialog
+   box, the writer can be used to build up the contents of the box, and the
+   flusher to actually display the box and run the event loop until all data
+   has been given, after which the reader only grabs the given data and puts
+   them back into the UI strings.
+
+   All method functions take a UI as argument.  Additionally, the writer and
+   the reader take a UI_STRING.
+*/
+
+/* The UI_STRING type is the data structure that contains all the needed info
+   about a string or a prompt, including test data for a verification prompt.
+*/
+DECLARE_STACK_OF(UI_STRING)
+typedef struct ui_string_st UI_STRING;
+
+/* The different types of strings that are currently supported.
+   This is only needed by method authors. */
+enum UI_string_types
+	{
+	UIT_NONE=0,
+	UIT_PROMPT,		/* Prompt for a string */
+	UIT_VERIFY,		/* Prompt for a string and verify */
+	UIT_BOOLEAN,		/* Prompt for a yes/no response */
+	UIT_INFO,		/* Send info to the user */
+	UIT_ERROR		/* Send an error message to the user */
+	};
+
+/* Create and manipulate methods */
+UI_METHOD *UI_create_method(char *name);
+void UI_destroy_method(UI_METHOD *ui_method);
+int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui));
+int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis));
+int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui));
+int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis));
+int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui));
+int (*UI_method_get_opener(UI_METHOD *method))(UI*);
+int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*);
+int (*UI_method_get_flusher(UI_METHOD *method))(UI*);
+int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*);
+int (*UI_method_get_closer(UI_METHOD *method))(UI*);
+
+/* The following functions are helpers for method writers to access relevant
+   data from a UI_STRING. */
+
+/* Return type of the UI_STRING */
+enum UI_string_types UI_get_string_type(UI_STRING *uis);
+/* Return input flags of the UI_STRING */
+int UI_get_input_flags(UI_STRING *uis);
+/* Return the actual string to output (the prompt, info or error) */
+const char *UI_get0_output_string(UI_STRING *uis);
+/* Return the optional action string to output (the boolean promtp instruction) */
+const char *UI_get0_action_string(UI_STRING *uis);
+/* Return the result of a prompt */
+const char *UI_get0_result_string(UI_STRING *uis);
+/* Return the string to test the result against.  Only useful with verifies. */
+const char *UI_get0_test_string(UI_STRING *uis);
+/* Return the required minimum size of the result */
+int UI_get_result_minsize(UI_STRING *uis);
+/* Return the required maximum size of the result */
+int UI_get_result_maxsize(UI_STRING *uis);
+/* Set the result of a UI_STRING. */
+int UI_set_result(UI *ui, UI_STRING *uis, const char *result);
+
+
+/* A couple of popular utility functions */
+int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify);
+int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_UI_strings(void);
+
+/* Error codes for the UI functions. */
+
+/* Function codes. */
+#define UI_F_GENERAL_ALLOCATE_BOOLEAN			 108
+#define UI_F_GENERAL_ALLOCATE_PROMPT			 109
+#define UI_F_GENERAL_ALLOCATE_STRING			 100
+#define UI_F_UI_CTRL					 111
+#define UI_F_UI_DUP_ERROR_STRING			 101
+#define UI_F_UI_DUP_INFO_STRING				 102
+#define UI_F_UI_DUP_INPUT_BOOLEAN			 110
+#define UI_F_UI_DUP_INPUT_STRING			 103
+#define UI_F_UI_DUP_VERIFY_STRING			 106
+#define UI_F_UI_GET0_RESULT				 107
+#define UI_F_UI_NEW_METHOD				 104
+#define UI_F_UI_SET_RESULT				 105
+
+/* Reason codes. */
+#define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS		 104
+#define UI_R_INDEX_TOO_LARGE				 102
+#define UI_R_INDEX_TOO_SMALL				 103
+#define UI_R_NO_RESULT_BUFFER				 105
+#define UI_R_RESULT_TOO_LARGE				 100
+#define UI_R_RESULT_TOO_SMALL				 101
+#define UI_R_UNKNOWN_CONTROL_COMMAND			 106
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/ui/ui_compat.c b/crypto/ui/ui_compat.c
new file mode 100644
index 0000000000..13e0f70d90
--- /dev/null
+++ b/crypto/ui/ui_compat.c
@@ -0,0 +1,67 @@
+/* crypto/ui/ui_compat.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/ui_compat.h>
+
+int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify)
+	{
+	return UI_UTIL_read_pw_string(buf, length, prompt, verify);
+	}
+
+int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify)
+	{
+	return UI_UTIL_read_pw(buf, buff, size, prompt, verify);
+	}
diff --git a/crypto/ui/ui_compat.h b/crypto/ui/ui_compat.h
new file mode 100644
index 0000000000..b35c9bb7fd
--- /dev/null
+++ b/crypto/ui/ui_compat.h
@@ -0,0 +1,83 @@
+/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_UI_COMPAT_H
+#define HEADER_UI_COMPAT_H
+
+#include <openssl/opensslconf.h>
+#include <openssl/ui.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* The following functions were previously part of the DES section,
+   and are provided here for backward compatibility reasons. */
+
+#define des_read_pw_string(b,l,p,v) \
+	_ossl_old_des_read_pw_string((b),(l),(p),(v))
+#define des_read_pw(b,bf,s,p,v) \
+	_ossl_old_des_read_pw((b),(bf),(s),(p),(v))
+
+int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify);
+int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/crypto/ui/ui_err.c b/crypto/ui/ui_err.c
new file mode 100644
index 0000000000..39a62ae737
--- /dev/null
+++ b/crypto/ui/ui_err.c
@@ -0,0 +1,111 @@
+/* crypto/ui/ui_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ui.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA UI_str_functs[]=
+	{
+{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_BOOLEAN,0),	"GENERAL_ALLOCATE_BOOLEAN"},
+{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_PROMPT,0),	"GENERAL_ALLOCATE_PROMPT"},
+{ERR_PACK(0,UI_F_GENERAL_ALLOCATE_STRING,0),	"GENERAL_ALLOCATE_STRING"},
+{ERR_PACK(0,UI_F_UI_CTRL,0),	"UI_ctrl"},
+{ERR_PACK(0,UI_F_UI_DUP_ERROR_STRING,0),	"UI_dup_error_string"},
+{ERR_PACK(0,UI_F_UI_DUP_INFO_STRING,0),	"UI_dup_info_string"},
+{ERR_PACK(0,UI_F_UI_DUP_INPUT_BOOLEAN,0),	"UI_dup_input_boolean"},
+{ERR_PACK(0,UI_F_UI_DUP_INPUT_STRING,0),	"UI_dup_input_string"},
+{ERR_PACK(0,UI_F_UI_DUP_VERIFY_STRING,0),	"UI_dup_verify_string"},
+{ERR_PACK(0,UI_F_UI_GET0_RESULT,0),	"UI_get0_result"},
+{ERR_PACK(0,UI_F_UI_NEW_METHOD,0),	"UI_new_method"},
+{ERR_PACK(0,UI_F_UI_SET_RESULT,0),	"UI_set_result"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA UI_str_reasons[]=
+	{
+{UI_R_COMMON_OK_AND_CANCEL_CHARACTERS    ,"common ok and cancel characters"},
+{UI_R_INDEX_TOO_LARGE                    ,"index too large"},
+{UI_R_INDEX_TOO_SMALL                    ,"index too small"},
+{UI_R_NO_RESULT_BUFFER                   ,"no result buffer"},
+{UI_R_RESULT_TOO_LARGE                   ,"result too large"},
+{UI_R_RESULT_TOO_SMALL                   ,"result too small"},
+{UI_R_UNKNOWN_CONTROL_COMMAND            ,"unknown control command"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_UI_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(ERR_LIB_UI,UI_str_functs);
+		ERR_load_strings(ERR_LIB_UI,UI_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c
new file mode 100644
index 0000000000..1dad878ff6
--- /dev/null
+++ b/crypto/ui/ui_lib.c
@@ -0,0 +1,901 @@
+/* crypto/ui/ui_lib.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/e_os2.h>
+#include <openssl/buffer.h>
+#include <openssl/ui.h>
+#include <openssl/err.h>
+#include "ui_locl.h"
+#include "cryptlib.h"
+
+IMPLEMENT_STACK_OF(UI_STRING_ST)
+
+static const UI_METHOD *default_UI_meth=NULL;
+
+UI *UI_new(void)
+	{
+	return(UI_new_method(NULL));
+	}
+
+UI *UI_new_method(const UI_METHOD *method)
+	{
+	UI *ret;
+
+	ret=(UI *)OPENSSL_malloc(sizeof(UI));
+	if (ret == NULL)
+		{
+		UIerr(UI_F_UI_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+		return NULL;
+		}
+	if (method == NULL)
+		ret->meth=UI_get_default_method();
+	else
+		ret->meth=method;
+
+	ret->strings=NULL;
+	ret->user_data=NULL;
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data);
+	return ret;
+	}
+
+static void free_string(UI_STRING *uis)
+	{
+	if (uis->flags & OUT_STRING_FREEABLE)
+		{
+		OPENSSL_free((char *)uis->out_string);
+		switch(uis->type)
+			{
+		case UIT_BOOLEAN:
+			OPENSSL_free((char *)uis->_.boolean_data.action_desc);
+			OPENSSL_free((char *)uis->_.boolean_data.ok_chars);
+			OPENSSL_free((char *)uis->_.boolean_data.cancel_chars);
+			break;
+		default:
+			break;
+			}
+		}
+	OPENSSL_free(uis);
+	}
+
+void UI_free(UI *ui)
+	{
+	if (ui == NULL)
+		return;
+	sk_UI_STRING_pop_free(ui->strings,free_string);
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data);
+	OPENSSL_free(ui);
+	}
+
+static int allocate_string_stack(UI *ui)
+	{
+	if (ui->strings == NULL)
+		{
+		ui->strings=sk_UI_STRING_new_null();
+		if (ui->strings == NULL)
+			{
+			return -1;
+			}
+		}
+	return 0;
+	}
+
+static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt,
+	int prompt_freeable, enum UI_string_types type, int input_flags,
+	char *result_buf)
+	{
+	UI_STRING *ret = NULL;
+
+	if (prompt == NULL)
+		{
+		UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,ERR_R_PASSED_NULL_PARAMETER);
+		}
+	else if ((type == UIT_PROMPT || type == UIT_VERIFY
+			 || type == UIT_BOOLEAN) && result_buf == NULL)
+		{
+		UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,UI_R_NO_RESULT_BUFFER);
+		}
+	else if ((ret = (UI_STRING *)OPENSSL_malloc(sizeof(UI_STRING))))
+		{
+		ret->out_string=prompt;
+		ret->flags=prompt_freeable ? OUT_STRING_FREEABLE : 0;
+		ret->input_flags=input_flags;
+		ret->type=type;
+		ret->result_buf=result_buf;
+		}
+	return ret;
+	}
+
+static int general_allocate_string(UI *ui, const char *prompt,
+	int prompt_freeable, enum UI_string_types type, int input_flags,
+	char *result_buf, int minsize, int maxsize, const char *test_buf)
+	{
+	int ret = -1;
+	UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable,
+		type, input_flags, result_buf);
+
+	if (s)
+		{
+		if (allocate_string_stack(ui) >= 0)
+			{
+			s->_.string_data.result_minsize=minsize;
+			s->_.string_data.result_maxsize=maxsize;
+			s->_.string_data.test_buf=test_buf;
+			ret=sk_UI_STRING_push(ui->strings, s);
+			/* sk_push() returns 0 on error.  Let's addapt that */
+			if (ret <= 0) ret--;
+			}
+		else
+			free_string(s);
+		}
+	return ret;
+	}
+
+static int general_allocate_boolean(UI *ui,
+	const char *prompt, const char *action_desc,
+	const char *ok_chars, const char *cancel_chars,
+	int prompt_freeable, enum UI_string_types type, int input_flags,
+	char *result_buf)
+	{
+	int ret = -1;
+	UI_STRING *s;
+	const char *p;
+
+	if (ok_chars == NULL)
+		{
+		UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,ERR_R_PASSED_NULL_PARAMETER);
+		}
+	else if (cancel_chars == NULL)
+		{
+		UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,ERR_R_PASSED_NULL_PARAMETER);
+		}
+	else
+		{
+		for(p = ok_chars; *p; p++)
+			{
+			if (strchr(cancel_chars, *p))
+				{
+				UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
+					UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);
+				}
+			}
+
+		s = general_allocate_prompt(ui, prompt, prompt_freeable,
+			type, input_flags, result_buf);
+
+		if (s)
+			{
+			if (allocate_string_stack(ui) >= 0)
+				{
+				s->_.boolean_data.action_desc = action_desc;
+				s->_.boolean_data.ok_chars = ok_chars;
+				s->_.boolean_data.cancel_chars = cancel_chars;
+				ret=sk_UI_STRING_push(ui->strings, s);
+				/* sk_push() returns 0 on error.
+				   Let's addapt that */
+				if (ret <= 0) ret--;
+				}
+			else
+				free_string(s);
+			}
+		}
+	return ret;
+	}
+
+/* Returns the index to the place in the stack or 0 for error.  Uses a
+   direct reference to the prompt.  */
+int UI_add_input_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize)
+	{
+	return general_allocate_string(ui, prompt, 0,
+		UIT_PROMPT, flags, result_buf, minsize, maxsize, NULL);
+	}
+
+/* Same as UI_add_input_string(), excepts it takes a copy of the prompt */
+int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize)
+	{
+	char *prompt_copy=NULL;
+
+	if (prompt)
+		{
+		prompt_copy=BUF_strdup(prompt);
+		if (prompt_copy == NULL)
+			{
+			UIerr(UI_F_UI_DUP_INPUT_STRING,ERR_R_MALLOC_FAILURE);
+			return 0;
+			}
+		}
+	
+	return general_allocate_string(ui, prompt_copy, 1,
+		UIT_PROMPT, flags, result_buf, minsize, maxsize, NULL);
+	}
+
+int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize, const char *test_buf)
+	{
+	return general_allocate_string(ui, prompt, 0,
+		UIT_VERIFY, flags, result_buf, minsize, maxsize, test_buf);
+	}
+
+int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize, const char *test_buf)
+	{
+	char *prompt_copy=NULL;
+
+	if (prompt)
+		{
+		prompt_copy=BUF_strdup(prompt);
+		if (prompt_copy == NULL)
+			{
+			UIerr(UI_F_UI_DUP_VERIFY_STRING,ERR_R_MALLOC_FAILURE);
+			return -1;
+			}
+		}
+	
+	return general_allocate_string(ui, prompt_copy, 1,
+		UIT_VERIFY, flags, result_buf, minsize, maxsize, test_buf);
+	}
+
+int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+	const char *ok_chars, const char *cancel_chars,
+	int flags, char *result_buf)
+	{
+	return general_allocate_boolean(ui, prompt, action_desc,
+		ok_chars, cancel_chars, 0, UIT_BOOLEAN, flags, result_buf);
+	}
+
+int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+	const char *ok_chars, const char *cancel_chars,
+	int flags, char *result_buf)
+	{
+	char *prompt_copy = NULL;
+	char *action_desc_copy = NULL;
+	char *ok_chars_copy = NULL;
+	char *cancel_chars_copy = NULL;
+
+	if (prompt)
+		{
+		prompt_copy=BUF_strdup(prompt);
+		if (prompt_copy == NULL)
+			{
+			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		}
+	
+	if (action_desc)
+		{
+		action_desc_copy=BUF_strdup(action_desc);
+		if (action_desc_copy == NULL)
+			{
+			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		}
+	
+	if (ok_chars)
+		{
+		ok_chars_copy=BUF_strdup(ok_chars);
+		if (ok_chars_copy == NULL)
+			{
+			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		}
+	
+	if (cancel_chars)
+		{
+		cancel_chars_copy=BUF_strdup(cancel_chars);
+		if (cancel_chars_copy == NULL)
+			{
+			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		}
+	
+	return general_allocate_boolean(ui, prompt_copy, action_desc_copy,
+		ok_chars_copy, cancel_chars_copy, 1, UIT_BOOLEAN, flags,
+		result_buf);
+ err:
+	if (prompt_copy) OPENSSL_free(prompt_copy);
+	if (action_desc_copy) OPENSSL_free(action_desc_copy);
+	if (ok_chars_copy) OPENSSL_free(ok_chars_copy);
+	if (cancel_chars_copy) OPENSSL_free(cancel_chars_copy);
+	return -1;
+	}
+
+int UI_add_info_string(UI *ui, const char *text)
+	{
+	return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0,
+		NULL);
+	}
+
+int UI_dup_info_string(UI *ui, const char *text)
+	{
+	char *text_copy=NULL;
+
+	if (text)
+		{
+		text_copy=BUF_strdup(text);
+		if (text_copy == NULL)
+			{
+			UIerr(UI_F_UI_DUP_INFO_STRING,ERR_R_MALLOC_FAILURE);
+			return -1;
+			}
+		}
+
+	return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
+		0, 0, NULL);
+	}
+
+int UI_add_error_string(UI *ui, const char *text)
+	{
+	return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0,
+		NULL);
+	}
+
+int UI_dup_error_string(UI *ui, const char *text)
+	{
+	char *text_copy=NULL;
+
+	if (text)
+		{
+		text_copy=BUF_strdup(text);
+		if (text_copy == NULL)
+			{
+			UIerr(UI_F_UI_DUP_ERROR_STRING,ERR_R_MALLOC_FAILURE);
+			return -1;
+			}
+		}
+	return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
+		0, 0, NULL);
+	}
+
+char *UI_construct_prompt(UI *ui, const char *object_desc,
+	const char *object_name)
+	{
+	char *prompt = NULL;
+
+	if (ui->meth->ui_construct_prompt)
+		prompt = ui->meth->ui_construct_prompt(ui,
+			object_desc, object_name);
+	else
+		{
+		char prompt1[] = "Enter ";
+		char prompt2[] = " for ";
+		char prompt3[] = ":";
+		int len = 0;
+
+		if (object_desc == NULL)
+			return NULL;
+		len = sizeof(prompt1) - 1 + strlen(object_desc);
+		if (object_name)
+			len += sizeof(prompt2) - 1 + strlen(object_name);
+		len += sizeof(prompt3) - 1;
+
+		prompt = (char *)OPENSSL_malloc(len + 1);
+		strcpy(prompt, prompt1);
+		strcat(prompt, object_desc);
+		if (object_name)
+			{
+			strcat(prompt, prompt2);
+			strcat(prompt, object_name);
+			}
+		strcat(prompt, prompt3);
+		}
+	return prompt;
+	}
+
+void *UI_add_user_data(UI *ui, void *user_data)
+	{
+	void *old_data = ui->user_data;
+	ui->user_data = user_data;
+	return old_data;
+	}
+
+void *UI_get0_user_data(UI *ui)
+	{
+	return ui->user_data;
+	}
+
+const char *UI_get0_result(UI *ui, int i)
+	{
+	if (i < 0)
+		{
+		UIerr(UI_F_UI_GET0_RESULT,UI_R_INDEX_TOO_SMALL);
+		return NULL;
+		}
+	if (i >= sk_UI_STRING_num(ui->strings))
+		{
+		UIerr(UI_F_UI_GET0_RESULT,UI_R_INDEX_TOO_LARGE);
+		return NULL;
+		}
+	return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i));
+	}
+
+static int print_error(const char *str, size_t len, UI *ui)
+	{
+	UI_STRING uis;
+
+	memset(&uis, 0, sizeof(uis));
+	uis.type = UIT_ERROR;
+	uis.out_string = str;
+
+	if (ui->meth->ui_write_string
+		&& !ui->meth->ui_write_string(ui, &uis))
+		return -1;
+	return 0;
+	}
+
+int UI_process(UI *ui)
+	{
+	int i, ok=0;
+
+	if (ui->meth->ui_open_session && !ui->meth->ui_open_session(ui))
+		return -1;
+
+	if (ui->flags & UI_FLAG_PRINT_ERRORS)
+		ERR_print_errors_cb(
+			(int (*)(const char *, size_t, void *))print_error,
+			(void *)ui);
+
+	for(i=0; i<sk_UI_STRING_num(ui->strings); i++)
+		{
+		if (ui->meth->ui_write_string
+			&& !ui->meth->ui_write_string(ui,
+				sk_UI_STRING_value(ui->strings, i)))
+			{
+			ok=-1;
+			goto err;
+			}
+		}
+
+	if (ui->meth->ui_flush)
+		switch(ui->meth->ui_flush(ui))
+			{
+		case -1: /* Interrupt/Cancel/something... */
+			ok = -2;
+			goto err;
+		case 0: /* Errors */
+			ok = -1;
+			goto err;
+		default: /* Success */
+			ok = 0;
+			break;
+			}
+
+	for(i=0; i<sk_UI_STRING_num(ui->strings); i++)
+		{
+		if (ui->meth->ui_read_string)
+			{
+			switch(ui->meth->ui_read_string(ui,
+				sk_UI_STRING_value(ui->strings, i)))
+				{
+			case -1: /* Interrupt/Cancel/something... */
+				ok = -2;
+				goto err;
+			case 0: /* Errors */
+				ok = -1;
+				goto err;
+			default: /* Success */
+				ok = 0;
+				break;
+				}
+			}
+		}
+ err:
+	if (ui->meth->ui_close_session && !ui->meth->ui_close_session(ui))
+		return -1;
+	return ok;
+	}
+
+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)())
+	{
+	if (ui == NULL)
+		{
+		UIerr(UI_F_UI_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+		return -1;
+		}
+	switch(cmd)
+		{
+	case UI_CTRL_PRINT_ERRORS:
+		{
+		int save_flag = !!(ui->flags & UI_FLAG_PRINT_ERRORS);
+		if (i)
+			ui->flags |= UI_FLAG_PRINT_ERRORS;
+		else
+			ui->flags &= ~UI_FLAG_PRINT_ERRORS;
+		return save_flag;
+		}
+	case UI_CTRL_IS_REDOABLE:
+		return !!(ui->flags & UI_FLAG_REDOABLE);
+	default:
+		break;
+		}
+	UIerr(UI_F_UI_CTRL,UI_R_UNKNOWN_CONTROL_COMMAND);
+	return -1;
+	}
+
+int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+        {
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp,
+				new_func, dup_func, free_func);
+        }
+
+int UI_set_ex_data(UI *r, int idx, void *arg)
+	{
+	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+	}
+
+void *UI_get_ex_data(UI *r, int idx)
+	{
+	return(CRYPTO_get_ex_data(&r->ex_data,idx));
+	}
+
+void UI_set_default_method(const UI_METHOD *meth)
+	{
+	default_UI_meth=meth;
+	}
+
+const UI_METHOD *UI_get_default_method(void)
+	{
+	if (default_UI_meth == NULL)
+		{
+		default_UI_meth=UI_OpenSSL();
+		}
+	return default_UI_meth;
+	}
+
+const UI_METHOD *UI_get_method(UI *ui)
+	{
+	return ui->meth;
+	}
+
+const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth)
+	{
+	ui->meth=meth;
+	return ui->meth;
+	}
+
+
+UI_METHOD *UI_create_method(char *name)
+	{
+	UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD));
+
+	if (ui_method)
+		memset(ui_method, 0, sizeof(*ui_method));
+	ui_method->name = BUF_strdup(name);
+	return ui_method;
+	}
+
+/* BIG FSCKING WARNING!!!!  If you use this on a statically allocated method
+   (that is, it hasn't been allocated using UI_create_method(), you deserve
+   anything Murphy can throw at you and more!  You have been warned. */
+void UI_destroy_method(UI_METHOD *ui_method)
+	{
+	OPENSSL_free(ui_method->name);
+	ui_method->name = NULL;
+	OPENSSL_free(ui_method);
+	}
+
+int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui))
+	{
+	if (method)
+		{
+		method->ui_open_session = opener;
+		return 0;
+		}
+	else
+		return -1;
+	}
+
+int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis))
+	{
+	if (method)
+		{
+		method->ui_write_string = writer;
+		return 0;
+		}
+	else
+		return -1;
+	}
+
+int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui))
+	{
+	if (method)
+		{
+		method->ui_flush = flusher;
+		return 0;
+		}
+	else
+		return -1;
+	}
+
+int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis))
+	{
+	if (method)
+		{
+		method->ui_read_string = reader;
+		return 0;
+		}
+	else
+		return -1;
+	}
+
+int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui))
+	{
+	if (method)
+		{
+		method->ui_close_session = closer;
+		return 0;
+		}
+	else
+		return -1;
+	}
+
+int (*UI_method_get_opener(UI_METHOD *method))(UI*)
+	{
+	if (method)
+		return method->ui_open_session;
+	else
+		return NULL;
+	}
+
+int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*)
+	{
+	if (method)
+		return method->ui_write_string;
+	else
+		return NULL;
+	}
+
+int (*UI_method_get_flusher(UI_METHOD *method))(UI*)
+	{
+	if (method)
+		return method->ui_flush;
+	else
+		return NULL;
+	}
+
+int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*)
+	{
+	if (method)
+		return method->ui_read_string;
+	else
+		return NULL;
+	}
+
+int (*UI_method_get_closer(UI_METHOD *method))(UI*)
+	{
+	if (method)
+		return method->ui_close_session;
+	else
+		return NULL;
+	}
+
+enum UI_string_types UI_get_string_type(UI_STRING *uis)
+	{
+	if (!uis)
+		return UIT_NONE;
+	return uis->type;
+	}
+
+int UI_get_input_flags(UI_STRING *uis)
+	{
+	if (!uis)
+		return 0;
+	return uis->input_flags;
+	}
+
+const char *UI_get0_output_string(UI_STRING *uis)
+	{
+	if (!uis)
+		return NULL;
+	return uis->out_string;
+	}
+
+const char *UI_get0_action_string(UI_STRING *uis)
+	{
+	if (!uis)
+		return NULL;
+	switch(uis->type)
+		{
+	case UIT_PROMPT:
+	case UIT_BOOLEAN:
+		return uis->_.boolean_data.action_desc;
+	default:
+		return NULL;
+		}
+	}
+
+const char *UI_get0_result_string(UI_STRING *uis)
+	{
+	if (!uis)
+		return NULL;
+	switch(uis->type)
+		{
+	case UIT_PROMPT:
+	case UIT_VERIFY:
+		return uis->result_buf;
+	default:
+		return NULL;
+		}
+	}
+
+const char *UI_get0_test_string(UI_STRING *uis)
+	{
+	if (!uis)
+		return NULL;
+	switch(uis->type)
+		{
+	case UIT_VERIFY:
+		return uis->_.string_data.test_buf;
+	default:
+		return NULL;
+		}
+	}
+
+int UI_get_result_minsize(UI_STRING *uis)
+	{
+	if (!uis)
+		return -1;
+	switch(uis->type)
+		{
+	case UIT_PROMPT:
+	case UIT_VERIFY:
+		return uis->_.string_data.result_minsize;
+	default:
+		return -1;
+		}
+	}
+
+int UI_get_result_maxsize(UI_STRING *uis)
+	{
+	if (!uis)
+		return -1;
+	switch(uis->type)
+		{
+	case UIT_PROMPT:
+	case UIT_VERIFY:
+		return uis->_.string_data.result_maxsize;
+	default:
+		return -1;
+		}
+	}
+
+int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
+	{
+	int l = strlen(result);
+
+	ui->flags &= ~UI_FLAG_REDOABLE;
+
+	if (!uis)
+		return -1;
+	switch (uis->type)
+		{
+	case UIT_PROMPT:
+	case UIT_VERIFY:
+		{
+		char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize)+1];
+		char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize)+1];
+
+		BIO_snprintf(number1, sizeof(number1), "%d",
+			uis->_.string_data.result_minsize);
+		BIO_snprintf(number2, sizeof(number2), "%d",
+			uis->_.string_data.result_maxsize);
+
+		if (l < uis->_.string_data.result_minsize)
+			{
+			ui->flags |= UI_FLAG_REDOABLE;
+			UIerr(UI_F_UI_SET_RESULT,UI_R_RESULT_TOO_SMALL);
+			ERR_add_error_data(5,"You must type in ",
+				number1," to ",number2," characters");
+			return -1;
+			}
+		if (l > uis->_.string_data.result_maxsize)
+			{
+			ui->flags |= UI_FLAG_REDOABLE;
+			UIerr(UI_F_UI_SET_RESULT,UI_R_RESULT_TOO_LARGE);
+			ERR_add_error_data(5,"You must type in ",
+				number1," to ",number2," characters");
+			return -1;
+			}
+		}
+
+		if (!uis->result_buf)
+			{
+			UIerr(UI_F_UI_SET_RESULT,UI_R_NO_RESULT_BUFFER);
+			return -1;
+			}
+
+		strcpy(uis->result_buf, result);
+		break;
+	case UIT_BOOLEAN:
+		{
+		const char *p;
+
+		if (!uis->result_buf)
+			{
+			UIerr(UI_F_UI_SET_RESULT,UI_R_NO_RESULT_BUFFER);
+			return -1;
+			}
+
+		uis->result_buf[0] = '\0';
+		for(p = result; *p; p++)
+			{
+			if (strchr(uis->_.boolean_data.ok_chars, *p))
+				{
+				uis->result_buf[0] =
+					uis->_.boolean_data.ok_chars[0];
+				break;
+				}
+			if (strchr(uis->_.boolean_data.cancel_chars, *p))
+				{
+				uis->result_buf[0] =
+					uis->_.boolean_data.cancel_chars[0];
+				break;
+				}
+			}
+	default:
+		break;
+		}
+		}
+	return 0;
+	}
diff --git a/crypto/ui/ui_locl.h b/crypto/ui/ui_locl.h
new file mode 100644
index 0000000000..7d3a75a619
--- /dev/null
+++ b/crypto/ui/ui_locl.h
@@ -0,0 +1,148 @@
+/* crypto/ui/ui.h -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_UI_LOCL_H
+#define HEADER_UI_LOCL_H
+
+#include <openssl/ui.h>
+
+struct ui_method_st
+	{
+	char *name;
+
+	/* All the functions return 1 or non-NULL for success and 0 or NULL
+	   for failure */
+
+	/* Open whatever channel for this, be it the console, an X window
+	   or whatever.
+	   This function should use the ex_data structure to save
+	   intermediate data. */
+	int (*ui_open_session)(UI *ui);
+
+	int (*ui_write_string)(UI *ui, UI_STRING *uis);
+
+	/* Flush the output.  If a GUI dialog box is used, this function can
+	   be used to actually display it. */
+	int (*ui_flush)(UI *ui);
+
+	int (*ui_read_string)(UI *ui, UI_STRING *uis);
+
+	int (*ui_close_session)(UI *ui);
+
+	/* Construct a prompt in a user-defined manner.  object_desc is a
+	   textual short description of the object, for example "pass phrase",
+	   and object_name is the name of the object (might be a card name or
+	   a file name.
+	   The returned string shall always be allocated on the heap with
+	   OPENSSL_malloc(), and need to be free'd with OPENSSL_free(). */
+	char *(*ui_construct_prompt)(UI *ui, const char *object_desc,
+		const char *object_name);
+	};
+
+struct ui_string_st
+	{
+	enum UI_string_types type; /* Input */
+	const char *out_string;	/* Input */
+	int input_flags;	/* Flags from the user */
+
+	/* The following parameters are completely irrelevant for UIT_INFO,
+	   and can therefore be set to 0 or NULL */
+	char *result_buf;	/* Input and Output: If not NULL, user-defined
+				   with size in result_maxsize.  Otherwise, it
+				   may be allocated by the UI routine, meaning
+				   result_minsize is going to be overwritten.*/
+	union
+		{
+		struct
+			{
+			int result_minsize;	/* Input: minimum required
+						   size of the result.
+						*/
+			int result_maxsize;	/* Input: maximum permitted
+						   size of the result */
+
+			const char *test_buf;	/* Input: test string to verify
+						   against */
+			} string_data;
+		struct
+			{
+			const char *action_desc; /* Input */
+			const char *ok_chars; /* Input */
+			const char *cancel_chars; /* Input */
+			} boolean_data;
+		} _;
+
+#define OUT_STRING_FREEABLE 0x01
+	int flags;		/* flags for internal use */
+	};
+
+struct ui_st
+	{
+	const UI_METHOD *meth;
+	STACK_OF(UI_STRING) *strings; /* We might want to prompt for more
+					 than one thing at a time, and
+					 with different echoing status.  */
+	void *user_data;
+	CRYPTO_EX_DATA ex_data;
+
+#define UI_FLAG_REDOABLE	0x0001
+#define UI_FLAG_PRINT_ERRORS	0x0100
+	int flags;
+	};
+
+#endif
diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c
new file mode 100644
index 0000000000..e1a872ef7c
--- /dev/null
+++ b/crypto/ui/ui_openssl.c
@@ -0,0 +1,673 @@
+/* crypto/ui/ui_openssl.c -*- mode:C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org) and others
+ * for the OpenSSL project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* The lowest level part of this file was previously in crypto/des/read_pwd.c,
+ * Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+
+#include <openssl/e_os2.h>
+
+#if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
+# ifdef OPENSSL_UNISTD
+#  include OPENSSL_UNISTD
+# else
+#  include <unistd.h>
+# endif
+/* If unistd.h defines _POSIX_VERSION, we conclude that we
+ * are on a POSIX system and have sigaction and termios. */
+# if defined(_POSIX_VERSION)
+
+#  define SIGACTION
+#  if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
+#   define TERMIOS
+#  endif
+
+# endif
+#endif
+
+#ifdef WIN16TTY
+# undef OPENSSL_SYS_WIN16
+# undef WIN16
+# undef _WINDOWS
+# include <graph.h>
+#endif
+
+/* 06-Apr-92 Luke Brennan    Support for VMS */
+#include "ui_locl.h"
+#include "cryptlib.h"
+#include <signal.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+#ifdef OPENSSL_SYS_VMS		/* prototypes for sys$whatever */
+# include <starlet.h>
+# ifdef __DECC
+#  pragma message disable DOLLARID
+# endif
+#endif
+
+#ifdef WIN_CONSOLE_BUG
+# include <windows.h>
+#ifndef OPENSSL_SYS_WINCE
+# include <wincon.h>
+#endif
+#endif
+
+
+/* There are 5 types of terminal interface supported,
+ * TERMIO, TERMIOS, VMS, MSDOS and SGTTY
+ */
+
+#if defined(__sgi) && !defined(TERMIOS)
+# define TERMIOS
+# undef  TERMIO
+# undef  SGTTY
+#endif
+
+#if defined(linux) && !defined(TERMIO)
+# undef  TERMIOS
+# define TERMIO
+# undef  SGTTY
+#endif
+
+#ifdef _LIBC
+# undef  TERMIOS
+# define TERMIO
+# undef  SGTTY
+#endif
+
+#if !defined(TERMIO) && !defined(TERMIOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(MAC_OS_GUSI_SOURCE)
+# undef  TERMIOS
+# undef  TERMIO
+# define SGTTY
+#endif
+
+#if defined(OPENSSL_SYS_VXWORKS)
+#undef TERMIOS
+#undef TERMIO
+#undef SGTTY
+#endif
+
+#ifdef TERMIOS
+# include <termios.h>
+# define TTY_STRUCT		struct termios
+# define TTY_FLAGS		c_lflag
+# define TTY_get(tty,data)	tcgetattr(tty,data)
+# define TTY_set(tty,data)	tcsetattr(tty,TCSANOW,data)
+#endif
+
+#ifdef TERMIO
+# include <termio.h>
+# define TTY_STRUCT		struct termio
+# define TTY_FLAGS		c_lflag
+# define TTY_get(tty,data)	ioctl(tty,TCGETA,data)
+# define TTY_set(tty,data)	ioctl(tty,TCSETA,data)
+#endif
+
+#ifdef SGTTY
+# include <sgtty.h>
+# define TTY_STRUCT		struct sgttyb
+# define TTY_FLAGS		sg_flags
+# define TTY_get(tty,data)	ioctl(tty,TIOCGETP,data)
+# define TTY_set(tty,data)	ioctl(tty,TIOCSETP,data)
+#endif
+
+#if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && !defined(OPENSSL_SYS_SUNOS)
+# include <sys/ioctl.h>
+#endif
+
+#ifdef OPENSSL_SYS_MSDOS
+# include <conio.h>
+#endif
+
+#ifdef OPENSSL_SYS_VMS
+# include <ssdef.h>
+# include <iodef.h>
+# include <ttdef.h>
+# include <descrip.h>
+struct IOSB {
+	short iosb$w_value;
+	short iosb$w_count;
+	long  iosb$l_info;
+	};
+#endif
+
+#ifdef OPENSSL_SYS_SUNOS
+	typedef int sig_atomic_t;
+#endif
+
+#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(MAC_OS_GUSI_SOURCE)
+/*
+ * This one needs work. As a matter of fact the code is unoperational
+ * and this is only a trick to get it compiled.
+ *					<appro@fy.chalmers.se>
+ */
+# define TTY_STRUCT int
+#endif
+
+#ifndef NX509_SIG
+# define NX509_SIG 32
+#endif
+
+
+/* Define globals.  They are protected by a lock */
+#ifdef SIGACTION
+static struct sigaction savsig[NX509_SIG];
+#else
+static void (*savsig[NX509_SIG])(int );
+#endif
+
+#ifdef OPENSSL_SYS_VMS
+static struct IOSB iosb;
+static $DESCRIPTOR(terminal,"TT");
+static long tty_orig[3], tty_new[3]; /* XXX   Is there any guarantee that this will always suffice for the actual structures? */
+static long status;
+static unsigned short channel = 0;
+#else
+#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
+static TTY_STRUCT tty_orig,tty_new;
+#endif
+#endif
+static FILE *tty_in, *tty_out;
+static int is_a_tty;
+
+/* Declare static functions */
+#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+static void read_till_nl(FILE *);
+static void recsig(int);
+static void pushsig(void);
+static void popsig(void);
+#endif
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16)
+static int noecho_fgets(char *buf, int size, FILE *tty);
+#endif
+static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl);
+
+static int read_string(UI *ui, UI_STRING *uis);
+static int write_string(UI *ui, UI_STRING *uis);
+
+static int open_console(UI *ui);
+static int echo_console(UI *ui);
+static int noecho_console(UI *ui);
+static int close_console(UI *ui);
+
+static UI_METHOD ui_openssl =
+	{
+	"OpenSSL default user interface",
+	open_console,
+	write_string,
+	NULL,			/* No flusher is needed for command lines */
+	read_string,
+	close_console,
+	NULL
+	};
+
+/* The method with all the built-in thingies */
+UI_METHOD *UI_OpenSSL(void)
+	{
+	return &ui_openssl;
+	}
+
+/* The following function makes sure that info and error strings are printed
+   before any prompt. */
+static int write_string(UI *ui, UI_STRING *uis)
+	{
+	switch (UI_get_string_type(uis))
+		{
+	case UIT_ERROR:
+	case UIT_INFO:
+		fputs(UI_get0_output_string(uis), tty_out);
+		fflush(tty_out);
+		break;
+	default:
+		break;
+		}
+	return 1;
+	}
+
+static int read_string(UI *ui, UI_STRING *uis)
+	{
+	int ok = 0;
+
+	switch (UI_get_string_type(uis))
+		{
+	case UIT_BOOLEAN:
+		fputs(UI_get0_output_string(uis), tty_out);
+		fputs(UI_get0_action_string(uis), tty_out);
+		fflush(tty_out);
+		return read_string_inner(ui, uis,
+			UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 0);
+	case UIT_PROMPT:
+		fputs(UI_get0_output_string(uis), tty_out);
+		fflush(tty_out);
+		return read_string_inner(ui, uis,
+			UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 1);
+	case UIT_VERIFY:
+		fprintf(tty_out,"Verifying - %s",
+			UI_get0_output_string(uis));
+		fflush(tty_out);
+		if ((ok = read_string_inner(ui, uis,
+			UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 1)) <= 0)
+			return ok;
+		if (strcmp(UI_get0_result_string(uis),
+			UI_get0_test_string(uis)) != 0)
+			{
+			fprintf(tty_out,"Verify failure\n");
+			fflush(tty_out);
+			return 0;
+			}
+		break;
+	default:
+		break;
+		}
+	return 1;
+	}
+
+
+#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+/* Internal functions to read a string without echoing */
+static void read_till_nl(FILE *in)
+	{
+#define SIZE 4
+	char buf[SIZE+1];
+
+	do	{
+		fgets(buf,SIZE,in);
+		} while (strchr(buf,'\n') == NULL);
+	}
+
+static volatile sig_atomic_t intr_signal;
+#endif
+
+static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
+	{
+	static int ps;
+	int ok;
+	char result[BUFSIZ];
+	int maxsize = BUFSIZ-1;
+#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+	char *p;
+
+	intr_signal=0;
+	ok=0;
+	ps=0;
+
+	pushsig();
+	ps=1;
+
+	if (!echo && !noecho_console(ui))
+		goto error;
+	ps=2;
+
+	result[0]='\0';
+#ifdef OPENSSL_SYS_MSDOS
+	if (!echo)
+		{
+		noecho_fgets(result,maxsize,tty_in);
+		p=result; /* FIXME: noecho_fgets doesn't return errors */
+		}
+	else
+		p=fgets(result,maxsize,tty_in);
+#else
+	p=fgets(result,maxsize,tty_in);
+#endif
+	if(!p)
+		goto error;
+	if (feof(tty_in)) goto error;
+	if (ferror(tty_in)) goto error;
+	if ((p=(char *)strchr(result,'\n')) != NULL)
+		{
+		if (strip_nl)
+			*p='\0';
+		}
+	else
+		read_till_nl(tty_in);
+	if (UI_set_result(ui, uis, result) >= 0)
+		ok=1;
+
+error:
+	if (intr_signal == SIGINT)
+		ok=-1;
+	if (!echo) fprintf(tty_out,"\n");
+	if (ps >= 2 && !echo && !echo_console(ui))
+		ok=0;
+
+	if (ps >= 1)
+		popsig();
+#else
+	ok=1;
+#endif
+
+	OPENSSL_cleanse(result,BUFSIZ);
+	return ok;
+	}
+
+
+/* Internal functions to open, handle and close a channel to the console.  */
+static int open_console(UI *ui)
+	{
+	CRYPTO_w_lock(CRYPTO_LOCK_UI);
+	is_a_tty = 1;
+
+#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) || defined(OPENSSL_SYS_VXWORKS)
+	tty_in=stdin;
+	tty_out=stderr;
+#else
+#  ifdef OPENSSL_SYS_MSDOS
+#    define DEV_TTY "con"
+#  else
+#    define DEV_TTY "/dev/tty"
+#  endif
+	if ((tty_in=fopen(DEV_TTY,"r")) == NULL)
+		tty_in=stdin;
+	if ((tty_out=fopen(DEV_TTY,"w")) == NULL)
+		tty_out=stderr;
+#endif
+
+#if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
+	if (TTY_get(fileno(tty_in),&tty_orig) == -1)
+		{
+#ifdef ENOTTY
+		if (errno == ENOTTY)
+			is_a_tty=0;
+		else
+#endif
+#ifdef EINVAL
+		/* Ariel Glenn ariel@columbia.edu reports that solaris
+		 * can return EINVAL instead.  This should be ok */
+		if (errno == EINVAL)
+			is_a_tty=0;
+		else
+#endif
+			return 0;
+		}
+#endif
+#ifdef OPENSSL_SYS_VMS
+	status = sys$assign(&terminal,&channel,0,0);
+	if (status != SS$_NORMAL)
+		return 0;
+	status=sys$qiow(0,channel,IO$_SENSEMODE,&iosb,0,0,tty_orig,12,0,0,0,0);
+	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+		return 0;
+#endif
+	return 1;
+	}
+
+static int noecho_console(UI *ui)
+	{
+#ifdef TTY_FLAGS
+	memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
+	tty_new.TTY_FLAGS &= ~ECHO;
+#endif
+
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+	if (is_a_tty && (TTY_set(fileno(tty_in),&tty_new) == -1))
+		return 0;
+#endif
+#ifdef OPENSSL_SYS_VMS
+	tty_new[0] = tty_orig[0];
+	tty_new[1] = tty_orig[1] | TT$M_NOECHO;
+	tty_new[2] = tty_orig[2];
+	status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
+	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+		return 0;
+#endif
+	return 1;
+	}
+
+static int echo_console(UI *ui)
+	{
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+	memcpy(&(tty_new),&(tty_orig),sizeof(tty_orig));
+	tty_new.TTY_FLAGS |= ECHO;
+#endif
+
+#if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+	if (is_a_tty && (TTY_set(fileno(tty_in),&tty_new) == -1))
+		return 0;
+#endif
+#ifdef OPENSSL_SYS_VMS
+	tty_new[0] = tty_orig[0];
+	tty_new[1] = tty_orig[1] & ~TT$M_NOECHO;
+	tty_new[2] = tty_orig[2];
+	status = sys$qiow(0,channel,IO$_SETMODE,&iosb,0,0,tty_new,12,0,0,0,0);
+	if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+		return 0;
+#endif
+	return 1;
+	}
+
+static int close_console(UI *ui)
+	{
+	if (tty_in != stderr) fclose(tty_in);
+	if (tty_out != stderr) fclose(tty_out);
+#ifdef OPENSSL_SYS_VMS
+	status = sys$dassgn(channel);
+#endif
+	CRYPTO_w_unlock(CRYPTO_LOCK_UI);
+
+	return 1;
+	}
+
+
+#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+/* Internal functions to handle signals and act on them */
+static void pushsig(void)
+	{
+	int i;
+#ifdef SIGACTION
+	struct sigaction sa;
+
+	memset(&sa,0,sizeof sa);
+	sa.sa_handler=recsig;
+#endif
+
+	for (i=1; i<NX509_SIG; i++)
+		{
+#ifdef SIGUSR1
+		if (i == SIGUSR1)
+			continue;
+#endif
+#ifdef SIGUSR2
+		if (i == SIGUSR2)
+			continue;
+#endif
+#ifdef SIGKILL
+		if (i == SIGKILL) /* We can't make any action on that. */
+			continue;
+#endif
+#ifdef SIGACTION
+		sigaction(i,&sa,&savsig[i]);
+#else
+		savsig[i]=signal(i,recsig);
+#endif
+		}
+
+#ifdef SIGWINCH
+	signal(SIGWINCH,SIG_DFL);
+#endif
+	}
+
+static void popsig(void)
+	{
+	int i;
+
+	for (i=1; i<NX509_SIG; i++)
+		{
+#ifdef SIGUSR1
+		if (i == SIGUSR1)
+			continue;
+#endif
+#ifdef SIGUSR2
+		if (i == SIGUSR2)
+			continue;
+#endif
+#ifdef SIGACTION
+		sigaction(i,&savsig[i],NULL);
+#else
+		signal(i,savsig[i]);
+#endif
+		}
+	}
+
+static void recsig(int i)
+	{
+	intr_signal=i;
+	}
+#endif
+
+/* Internal functions specific for Windows */
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE)
+static int noecho_fgets(char *buf, int size, FILE *tty)
+	{
+	int i;
+	char *p;
+
+	p=buf;
+	for (;;)
+		{
+		if (size == 0)
+			{
+			*p='\0';
+			break;
+			}
+		size--;
+#ifdef WIN16TTY
+		i=_inchar();
+#else
+		i=getch();
+#endif
+		if (i == '\r') i='\n';
+		*(p++)=i;
+		if (i == '\n')
+			{
+			*p='\0';
+			break;
+			}
+		}
+#ifdef WIN_CONSOLE_BUG
+/* Win95 has several evil console bugs: one of these is that the
+ * last character read using getch() is passed to the next read: this is
+ * usually a CR so this can be trouble. No STDIO fix seems to work but
+ * flushing the console appears to do the trick.
+ */
+		{
+			HANDLE inh;
+			inh = GetStdHandle(STD_INPUT_HANDLE);
+			FlushConsoleInputBuffer(inh);
+		}
+#endif
+	return(strlen(buf));
+	}
+#endif
diff --git a/crypto/ui/ui_util.c b/crypto/ui/ui_util.c
new file mode 100644
index 0000000000..ee9730d5e2
--- /dev/null
+++ b/crypto/ui/ui_util.c
@@ -0,0 +1,89 @@
+/* crypto/ui/ui_util.c -*- mode:C; c-file-style: "eay" -*- */
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <string.h>
+#include <openssl/ui.h>
+
+int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify)
+	{
+	char buff[BUFSIZ];
+	int ret;
+
+	ret=UI_UTIL_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
+	OPENSSL_cleanse(buff,BUFSIZ);
+	return(ret);
+	}
+
+int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify)
+	{
+	int ok = 0;
+	UI *ui;
+
+	if (size < 1)
+		return -1;
+
+	ui = UI_new();
+	if (ui)
+		{
+		ok = UI_add_input_string(ui,prompt,0,buf,0,size-1);
+		if (ok == 0 && verify)
+			ok = UI_add_verify_string(ui,prompt,0,buff,0,size-1,
+				buf);
+		if (ok == 0)
+			ok=UI_process(ui);
+		UI_free(ui);
+		}
+	return(ok);
+	}
diff --git a/crypto/uid.c b/crypto/uid.c
new file mode 100644
index 0000000000..73205a4baa
--- /dev/null
+++ b/crypto/uid.c
@@ -0,0 +1,89 @@
+/* crypto/uid.c */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/opensslconf.h>
+
+#if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2)
+
+#include OPENSSL_UNISTD
+
+int OPENSSL_issetugid(void)
+	{
+	return issetugid();
+	}
+
+#elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS)
+
+int OPENSSL_issetugid(void)
+	{
+	return 0;
+	}
+
+#else
+
+#include OPENSSL_UNISTD
+#include <sys/types.h>
+
+int OPENSSL_issetugid(void)
+	{
+	if (getuid() != geteuid()) return 1;
+	if (getgid() != getegid()) return 1;
+	return 0;
+	}
+#endif
+
+
+
diff --git a/crypto/x509/.cvsignore b/crypto/x509/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/x509/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/x509/Makefile.ssl b/crypto/x509/Makefile.ssl
index 1c1ca2ffa0..f855364cc8 100644
--- a/crypto/x509/Makefile.ssl
+++ b/crypto/x509/Makefile.ssl
@@ -5,37 +5,36 @@
 DIR=	x509
 TOP=	../..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I.. -I$(TOP) -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=x509
-ERRC=x509_err
 GENERAL=Makefile README
 TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
 LIBSRC=	x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
-	x509_obj.c x509_req.c x509_vfy.c \
-	x509_set.c x509rset.c $(ERRC).c \
-	x509name.c x509_v3.c x509_ext.c x509pack.c \
+	x509_obj.c x509_req.c x509spki.c x509_vfy.c \
+	x509_set.c x509cset.c x509rset.c x509_err.c \
+	x509name.c x509_v3.c x509_ext.c x509_att.c \
 	x509type.c x509_lu.c x_all.c x509_txt.c \
-	by_file.c by_dir.c \
-	v3_net.c v3_x509.c
+	x509_trs.c by_file.c by_dir.c 
 LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
-	x509_obj.o x509_req.o x509_vfy.o \
-	x509_set.o x509rset.o $(ERRC).o \
-	x509name.o x509_v3.o x509_ext.o x509pack.o \
+	x509_obj.o x509_req.o x509spki.o x509_vfy.o \
+	x509_set.o x509cset.o x509rset.o x509_err.o \
+	x509name.o x509_v3.o x509_ext.o x509_att.o \
 	x509type.o x509_lu.o x_all.o x509_txt.o \
-	by_file.o by_dir.o \
-	v3_net.o v3_x509.o
+	x509_trs.o by_file.o by_dir.o
 
 SRC= $(LIBSRC)
 
@@ -51,24 +50,23 @@ all:	lib
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../../test $(TEST)
-	$(TOP)/util/mklink.sh ../../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -80,17 +78,550 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+by_dir.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+by_dir.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+by_dir.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+by_dir.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+by_dir.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+by_dir.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+by_dir.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+by_dir.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+by_dir.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+by_dir.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+by_dir.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+by_dir.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+by_dir.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+by_dir.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+by_dir.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+by_dir.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+by_dir.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+by_dir.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+by_dir.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+by_dir.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+by_dir.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_dir.c
+by_file.o: ../../e_os.h ../../include/openssl/aes.h
+by_file.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+by_file.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+by_file.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+by_file.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+by_file.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+by_file.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+by_file.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+by_file.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+by_file.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+by_file.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+by_file.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+by_file.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+by_file.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+by_file.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+by_file.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+by_file.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+by_file.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+by_file.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+by_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+by_file.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+by_file.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+by_file.o: ../cryptlib.h by_file.c
+x509_att.o: ../../e_os.h ../../include/openssl/aes.h
+x509_att.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_att.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_att.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_att.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_att.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_att.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_att.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_att.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_att.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_att.o: ../../include/openssl/opensslconf.h
+x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_att.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_att.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_att.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_att.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_att.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_att.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_att.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_att.c
+x509_cmp.o: ../../e_os.h ../../include/openssl/aes.h
+x509_cmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_cmp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_cmp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_cmp.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_cmp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_cmp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_cmp.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_cmp.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_cmp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_cmp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_cmp.o: ../../include/openssl/opensslconf.h
+x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_cmp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_cmp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_cmp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_cmp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_cmp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_cmp.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_cmp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_cmp.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_cmp.c
+x509_d2.o: ../../e_os.h ../../include/openssl/aes.h
+x509_d2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_d2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_d2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_d2.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_d2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_d2.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509_d2.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509_d2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_d2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_d2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_d2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_d2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_d2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_d2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_d2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_d2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_d2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_d2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_d2.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_d2.o: ../cryptlib.h x509_d2.c
+x509_def.o: ../../e_os.h ../../include/openssl/aes.h
+x509_def.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_def.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_def.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_def.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_def.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_def.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509_def.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509_def.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_def.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_def.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_def.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_def.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_def.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_def.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_def.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_def.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_def.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_def.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_def.o: ../cryptlib.h x509_def.c
+x509_err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x509_err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x509_err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x509_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x509_err.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_err.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_err.o: ../../include/openssl/opensslconf.h
+x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_err.o: x509_err.c
+x509_ext.o: ../../e_os.h ../../include/openssl/aes.h
+x509_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_ext.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_ext.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_ext.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_ext.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_ext.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_ext.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_ext.o: ../../include/openssl/opensslconf.h
+x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_ext.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_ext.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_ext.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_ext.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_ext.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_ext.c
+x509_lu.o: ../../e_os.h ../../include/openssl/aes.h
+x509_lu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_lu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_lu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_lu.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_lu.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_lu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_lu.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_lu.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_lu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_lu.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_lu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_lu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_lu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x509_lu.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x509_lu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_lu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_lu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_lu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_lu.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x509_lu.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x509_lu.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_lu.o: ../cryptlib.h x509_lu.c
+x509_obj.o: ../../e_os.h ../../include/openssl/aes.h
+x509_obj.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_obj.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_obj.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_obj.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_obj.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_obj.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509_obj.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509_obj.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_obj.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_obj.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_obj.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_obj.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_obj.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_obj.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_obj.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_obj.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_obj.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_obj.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_obj.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_obj.o: ../cryptlib.h x509_obj.c
+x509_r2x.o: ../../e_os.h ../../include/openssl/aes.h
+x509_r2x.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_r2x.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_r2x.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_r2x.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_r2x.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_r2x.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509_r2x.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509_r2x.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_r2x.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_r2x.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_r2x.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_r2x.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_r2x.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_r2x.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_r2x.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_r2x.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_r2x.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_r2x.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_r2x.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_r2x.o: ../cryptlib.h x509_r2x.c
+x509_req.o: ../../e_os.h ../../include/openssl/aes.h
+x509_req.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_req.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_req.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509_req.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509_req.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_req.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_req.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_req.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_req.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+x509_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_req.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_req.o: ../cryptlib.h x509_req.c
+x509_set.o: ../../e_os.h ../../include/openssl/aes.h
+x509_set.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_set.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_set.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_set.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_set.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_set.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509_set.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509_set.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_set.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_set.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_set.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_set.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_set.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_set.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_set.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_set.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_set.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_set.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_set.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_set.o: ../cryptlib.h x509_set.c
+x509_trs.o: ../../e_os.h ../../include/openssl/aes.h
+x509_trs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_trs.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_trs.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_trs.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_trs.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_trs.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_trs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_trs.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_trs.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_trs.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_trs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_trs.o: ../../include/openssl/opensslconf.h
+x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_trs.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_trs.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_trs.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_trs.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_trs.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_trs.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_trs.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_trs.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_trs.c
+x509_txt.o: ../../e_os.h ../../include/openssl/aes.h
+x509_txt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_txt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_txt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509_txt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509_txt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509_txt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509_txt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509_txt.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509_txt.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509_txt.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509_txt.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509_txt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_txt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_txt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_txt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_txt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_txt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_txt.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_txt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_txt.o: ../cryptlib.h x509_txt.c
+x509_v3.o: ../../e_os.h ../../include/openssl/aes.h
+x509_v3.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_v3.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_v3.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_v3.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_v3.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_v3.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_v3.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_v3.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_v3.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_v3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_v3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x509_v3.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x509_v3.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x509_v3.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x509_v3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x509_v3.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x509_v3.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x509_v3.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+x509_v3.o: ../cryptlib.h x509_v3.c
+x509_vfy.o: ../../e_os.h ../../include/openssl/aes.h
+x509_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509_vfy.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+x509_vfy.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x509_vfy.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x509_vfy.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x509_vfy.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x509_vfy.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x509_vfy.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x509_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x509_vfy.o: ../../include/openssl/opensslconf.h
+x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509_vfy.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509_vfy.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509_vfy.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509_vfy.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509_vfy.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509_vfy.o: ../../include/openssl/x509v3.h ../cryptlib.h x509_vfy.c
+x509cset.o: ../../e_os.h ../../include/openssl/aes.h
+x509cset.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509cset.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509cset.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509cset.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509cset.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509cset.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509cset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509cset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509cset.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509cset.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509cset.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509cset.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509cset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509cset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509cset.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509cset.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509cset.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509cset.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509cset.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509cset.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509cset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509cset.o: ../cryptlib.h x509cset.c
+x509name.o: ../../e_os.h ../../include/openssl/aes.h
+x509name.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509name.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509name.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509name.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509name.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509name.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509name.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509name.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509name.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509name.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509name.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509name.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509name.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509name.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509name.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509name.o: ../cryptlib.h x509name.c
+x509rset.o: ../../e_os.h ../../include/openssl/aes.h
+x509rset.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509rset.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509rset.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509rset.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509rset.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509rset.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509rset.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509rset.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509rset.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509rset.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509rset.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509rset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509rset.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509rset.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509rset.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509rset.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509rset.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509rset.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509rset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509rset.o: ../cryptlib.h x509rset.c
+x509spki.o: ../../e_os.h ../../include/openssl/aes.h
+x509spki.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509spki.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509spki.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509spki.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509spki.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509spki.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509spki.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509spki.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509spki.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509spki.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509spki.o: ../cryptlib.h x509spki.c
+x509type.o: ../../e_os.h ../../include/openssl/aes.h
+x509type.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+x509type.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+x509type.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+x509type.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+x509type.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+x509type.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+x509type.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+x509type.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+x509type.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+x509type.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+x509type.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+x509type.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+x509type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+x509type.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+x509type.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+x509type.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+x509type.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+x509type.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+x509type.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+x509type.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+x509type.o: ../cryptlib.h x509type.c
+x_all.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+x_all.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+x_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+x_all.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+x_all.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+x_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+x_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+x_all.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+x_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+x_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+x_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+x_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+x_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+x_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+x_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+x_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+x_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+x_all.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+x_all.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+x_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_all.c
diff --git a/crypto/x509/attrib b/crypto/x509/attrib
deleted file mode 100644
index 37f6cd755f..0000000000
--- a/crypto/x509/attrib
+++ /dev/null
@@ -1,38 +0,0 @@
-
-PKCS7
-	STACK of X509_ATTRIBUTES
-		ASN1_OBJECT
-		STACK of ASN1_TYPE
-
-So it is
-
-p7.xa[].obj
-p7.xa[].data[]
-
-get_obj_by_nid(STACK , nid)
-get_num_by_nid(STACK , nid)
-get_data_by_nid(STACK , nid, index)
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_new(void );
-void		X509_ATTRIBUTE_free(X509_ATTRIBUTE *a);
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **ex,
-			int nid, STACK *value);
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **ex,
-			int nid, STACK *value);
-
-int		X509_ATTRIBUTE_set_object(X509_ATTRIBUTE *ex,ASN1_OBJECT *obj);
-int		X509_ATTRIBUTE_add_data(X509_ATTRIBUTE *ex, int index,
-			ASN1_TYPE *value);
-
-ASN1_OBJECT *	X509_ATTRIBUTE_get_object(X509_ATTRIBUTE *ex);
-int 		X509_ATTRIBUTE_get_num(X509_ATTRIBUTE *ne);
-ASN1_TYPE *	X509_ATTRIBUTE_get_data(X509_ATTRIBUTE *ne,int index);
-
-ASN1_TYPE *	X509_ATTRIBUTE_get_data_by_NID(X509_ATTRIBUTE *ne,
-			ASN1_OBJECT *obj);
-
-X509_ATTRUBUTE *PKCS7_get_s_att_by_NID(PKCS7 *p7,int nid);
-X509_ATTRUBUTE *PKCS7_get_u_att_by_NID(PKCS7 *p7,int nid);
-
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index 11725ec94c..448bd7e69c 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -59,13 +59,20 @@
 #include <stdio.h>
 #include <time.h>
 #include <errno.h>
-#include <sys/types.h>
-#include <sys/stat.h>
 
 #include "cryptlib.h"
-#include "lhash.h"
-#include "x509.h"
-#include "pem.h"
+
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef MAC_OS_pre_X
+# include <stat.h>
+#else
+# include <sys/stat.h>
+#endif
+
+#include <openssl/lhash.h>
+#include <openssl/x509.h>
 
 typedef struct lookup_dir_st
 	{
@@ -76,21 +83,13 @@ typedef struct lookup_dir_st
 	int num_dirs_alloced;
 	} BY_DIR;
 
-#ifndef NOPROTO
-static int dir_ctrl(X509_LOOKUP *ctx,int cmd,char *argp,long argl,char **ret);
+static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
+	char **ret);
 static int new_dir(X509_LOOKUP *lu);
 static void free_dir(X509_LOOKUP *lu);
-static int add_cert_dir(BY_DIR *ctx,char *dir,int type);
+static int add_cert_dir(BY_DIR *ctx,const char *dir,int type);
 static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,
 	X509_OBJECT *ret);
-#else
-static int dir_ctrl();
-static int new_dir();
-static void free_dir();
-static int add_cert_dir();
-static int get_cert_by_subject();
-#endif
-
 X509_LOOKUP_METHOD x509_dir_lookup=
 	{
 	"Load certs from files in a directory",
@@ -105,17 +104,13 @@ X509_LOOKUP_METHOD x509_dir_lookup=
 	NULL,			/* get_by_alias */
 	};
 
-X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir()
+X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
 	{
 	return(&x509_dir_lookup);
 	}
 
-static int dir_ctrl(ctx,cmd,argp,argl,retp)
-X509_LOOKUP *ctx;
-int cmd;
-long argl;
-char *argp;
-char **retp;
+static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
+	     char **retp)
 	{
 	int ret=0;
 	BY_DIR *ld;
@@ -147,16 +142,15 @@ char **retp;
 	return(ret);
 	}
 
-static int new_dir(lu)
-X509_LOOKUP *lu;
+static int new_dir(X509_LOOKUP *lu)
 	{
 	BY_DIR *a;
 
-	if ((a=(BY_DIR *)Malloc(sizeof(BY_DIR))) == NULL)
+	if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL)
 		return(0);
 	if ((a->buffer=BUF_MEM_new()) == NULL)
 		{
-		Free(a);
+		OPENSSL_free(a);
 		return(0);
 		}
 	a->num_dirs=0;
@@ -167,32 +161,32 @@ X509_LOOKUP *lu;
 	return(1);
 	}
 
-static void free_dir(lu)
-X509_LOOKUP *lu;
+static void free_dir(X509_LOOKUP *lu)
 	{
 	BY_DIR *a;
 	int i;
 
 	a=(BY_DIR *)lu->method_data;
 	for (i=0; i<a->num_dirs; i++)
-		if (a->dirs[i] != NULL) Free(a->dirs[i]);
-	if (a->dirs != NULL) Free(a->dirs);
-	if (a->dirs_type != NULL) Free(a->dirs_type);
+		if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]);
+	if (a->dirs != NULL) OPENSSL_free(a->dirs);
+	if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type);
 	if (a->buffer != NULL) BUF_MEM_free(a->buffer);
-	Free(a);
+	OPENSSL_free(a);
 	}
 
-static int add_cert_dir(ctx,dir, type)
-BY_DIR *ctx;
-char *dir;
-int type;
+static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
 	{
 	int j,len;
 	int *ip;
-	char *s,*ss,*p;
+	const char *s,*ss,*p;
 	char **pp;
 
-	if (dir == NULL) return(0);
+	if (dir == NULL || !*dir)
+	    {
+	    X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY);
+	    return 0;
+	    }
 
 	s=dir;
 	p=s;
@@ -210,9 +204,9 @@ int type;
 			if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
 				{
 				ctx->num_dirs_alloced+=10;
-				pp=(char **)Malloc(ctx->num_dirs_alloced*
+				pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced*
 					sizeof(char *));
-				ip=(int *)Malloc(ctx->num_dirs_alloced*
+				ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced*
 					sizeof(int));
 				if ((pp == NULL) || (ip == NULL))
 					{
@@ -224,14 +218,14 @@ int type;
 				memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
 					sizeof(int));
 				if (ctx->dirs != NULL)
-					Free((char *)ctx->dirs);
+					OPENSSL_free(ctx->dirs);
 				if (ctx->dirs_type != NULL)
-					Free((char *)ctx->dirs_type);
+					OPENSSL_free(ctx->dirs_type);
 				ctx->dirs=pp;
 				ctx->dirs_type=ip;
 				}
 			ctx->dirs_type[ctx->num_dirs]=type;
-			ctx->dirs[ctx->num_dirs]=(char *)Malloc((unsigned int)len+1);
+			ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1);
 			if (ctx->dirs[ctx->num_dirs] == NULL) return(0);
 			strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len);
 			ctx->dirs[ctx->num_dirs][len]='\0';
@@ -243,11 +237,8 @@ int type;
 	return(1);
 	}
 
-static int get_cert_by_subject(xl,type,name,ret)
-X509_LOOKUP *xl;
-int type;
-X509_NAME *name;
-X509_OBJECT *ret;
+static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
+	     X509_OBJECT *ret)
 	{
 	BY_DIR *ctx;
 	union	{
@@ -266,7 +257,7 @@ X509_OBJECT *ret;
 	BUF_MEM *b=NULL;
 	struct stat st;
 	X509_OBJECT stmp,*tmp;
-	char *postfix="";
+	const char *postfix="";
 
 	if (name == NULL) return(0);
 
@@ -335,8 +326,9 @@ X509_OBJECT *ret;
 		/* we have added it to the cache so now pull
 		 * it out again */
 		CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE);
-		tmp=(X509_OBJECT *)lh_retrieve(xl->store_ctx->certs,
-			(char *)&stmp);
+		j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
+		if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j);
+		else tmp = NULL;
 		CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE);
 
 		if (tmp != NULL)
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index 09ebb9bf08..22be90cdcd 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -59,24 +59,17 @@
 #include <stdio.h>
 #include <time.h>
 #include <errno.h>
-#include <sys/types.h>
-#include <sys/stat.h>
 
 #include "cryptlib.h"
-#include "lhash.h"
-#include "buffer.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
-#ifndef NO_STDIO
-
-#ifndef NOPROTO
-static int by_file_ctrl(X509_LOOKUP *ctx,int cmd,char *argc,
-	long argl,char **ret);
-#else
-static int by_file_ctrl();
-#endif
+#ifndef OPENSSL_NO_STDIO
 
+static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
+	long argl, char **ret);
 X509_LOOKUP_METHOD x509_file_lookup=
 	{
 	"Load file into cache",
@@ -91,19 +84,15 @@ X509_LOOKUP_METHOD x509_file_lookup=
 	NULL,		/* get_by_alias */
 	};
 
-X509_LOOKUP_METHOD *X509_LOOKUP_file()
+X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
 	{
 	return(&x509_file_lookup);
 	}
 
-static int by_file_ctrl(ctx,cmd,argp,argl,ret)
-X509_LOOKUP *ctx;
-int cmd;
-char *argp;
-long argl;
-char **ret;
+static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
+	     char **ret)
 	{
-	int ok=0,ok2=0;
+	int ok=0;
 	char *file;
 
 	switch (cmd)
@@ -111,37 +100,34 @@ char **ret;
 	case X509_L_FILE_LOAD:
 		if (argl == X509_FILETYPE_DEFAULT)
 			{
-			ok=X509_load_cert_file(ctx,X509_get_default_cert_file(),
-				X509_FILETYPE_PEM);
-			ok2=X509_load_crl_file(ctx,X509_get_default_cert_file(),
-				X509_FILETYPE_PEM);
-			if (!ok || !ok2)
-				{
-				X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
-				}
+			file = (char *)Getenv(X509_get_default_cert_file_env());
+			if (file)
+				ok = (X509_load_cert_crl_file(ctx,file,
+					      X509_FILETYPE_PEM) != 0);
+
 			else
+				ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
+					      X509_FILETYPE_PEM) != 0);
+
+			if (!ok)
 				{
-				file=(char *)Getenv(X509_get_default_cert_file_env());
-				ok=X509_load_cert_file(ctx,file,
-					X509_FILETYPE_PEM);
-				ok2=X509_load_crl_file(ctx,file,
-					X509_FILETYPE_PEM);
+				X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
 				}
 			}
 		else
 			{
-			ok=X509_load_cert_file(ctx,argp,(int)argl);
-			ok2=X509_load_crl_file(ctx,argp,(int)argl);
+			if(argl == X509_FILETYPE_PEM)
+				ok = (X509_load_cert_crl_file(ctx,argp,
+					X509_FILETYPE_PEM) != 0);
+			else
+				ok = (X509_load_cert_file(ctx,argp,(int)argl) != 0);
 			}
 		break;
 		}
-	return((ok && ok2)?ok:0);
+	return(ok);
 	}
 
-int X509_load_cert_file(ctx,file,type)
-X509_LOOKUP *ctx;
-char *file;
-int type;
+int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
 	{
 	int ret=0;
 	BIO *in=NULL;
@@ -161,7 +147,7 @@ int type;
 		{
 		for (;;)
 			{
-			x=PEM_read_bio_X509(in,NULL,NULL);
+			x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL);
 			if (x == NULL)
 				{
 				if ((ERR_GET_REASON(ERR_peek_error()) ==
@@ -208,10 +194,7 @@ err:
 	return(ret);
 	}
 
-int X509_load_crl_file(ctx,file,type)
-X509_LOOKUP *ctx;
-char *file;
-int type;
+int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
 	{
 	int ret=0;
 	BIO *in=NULL;
@@ -231,7 +214,7 @@ int type;
 		{
 		for (;;)
 			{
-			x=PEM_read_bio_X509_CRL(in,NULL,NULL);
+			x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
 			if (x == NULL)
 				{
 				if ((ERR_GET_REASON(ERR_peek_error()) ==
@@ -278,5 +261,39 @@ err:
 	return(ret);
 	}
 
-#endif /* NO_STDIO */
+int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
+{
+	STACK_OF(X509_INFO) *inf;
+	X509_INFO *itmp;
+	BIO *in;
+	int i, count = 0;
+	if(type != X509_FILETYPE_PEM)
+		return X509_load_cert_file(ctx, file, type);
+	in = BIO_new_file(file, "r");
+	if(!in) {
+		X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB);
+		return 0;
+	}
+	inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
+	BIO_free(in);
+	if(!inf) {
+		X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB);
+		return 0;
+	}
+	for(i = 0; i < sk_X509_INFO_num(inf); i++) {
+		itmp = sk_X509_INFO_value(inf, i);
+		if(itmp->x509) {
+			X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
+			count++;
+		} else if(itmp->crl) {
+			X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
+			count++;
+		}
+	}
+	sk_X509_INFO_pop_free(inf, X509_INFO_free);
+	return count;
+}
+
+
+#endif /* OPENSSL_NO_STDIO */
 
diff --git a/crypto/x509/f b/crypto/x509/f
deleted file mode 100644
index 6ec986db87..0000000000
--- a/crypto/x509/f
+++ /dev/null
@@ -1,465 +0,0 @@
-*** x509name.c	Wed Jul  2 09:35:35 1997
---- /home/eay/play/x	Sat Jul  5 01:39:56 1997
-***************
-*** 1,202 ****
-! /* crypto/x509/x509name.c */
-! /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
-!  * All rights reserved.
-!  *
-!  * This package is an SSL implementation written
-!  * by Eric Young (eay@cryptsoft.com).
-!  * The implementation was written so as to conform with Netscapes SSL.
-!  * 
-!  * This library is free for commercial and non-commercial use as long as
-!  * the following conditions are aheared to.  The following conditions
-!  * apply to all code found in this distribution, be it the RC4, RSA,
-!  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
-!  * included with this distribution is covered by the same copyright terms
-!  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
-!  * 
-!  * Copyright remains Eric Young's, and as such any Copyright notices in
-!  * the code are not to be removed.
-!  * If this package is used in a product, Eric Young should be given attribution
-!  * as the author of the parts of the library used.
-!  * This can be in the form of a textual message at program startup or
-!  * in documentation (online or textual) provided with the package.
-!  * 
-!  * Redistribution and use in source and binary forms, with or without
-!  * modification, are permitted provided that the following conditions
-!  * are met:
-!  * 1. Redistributions of source code must retain the copyright
-!  *    notice, this list of conditions and the following disclaimer.
-!  * 2. Redistributions in binary form must reproduce the above copyright
-!  *    notice, this list of conditions and the following disclaimer in the
-!  *    documentation and/or other materials provided with the distribution.
-!  * 3. All advertising materials mentioning features or use of this software
-!  *    must display the following acknowledgement:
-!  *    "This product includes cryptographic software written by
-!  *     Eric Young (eay@cryptsoft.com)"
-!  *    The word 'cryptographic' can be left out if the rouines from the library
-!  *    being used are not cryptographic related :-).
-!  * 4. If you include any Windows specific code (or a derivative thereof) from 
-!  *    the apps directory (application code) you must include an acknowledgement:
-!  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
-!  * 
-!  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-!  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-!  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-!  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-!  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-!  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-!  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-!  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-!  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-!  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-!  * SUCH DAMAGE.
-!  * 
-!  * The licence and distribution terms for any publically available version or
-!  * derivative of this code cannot be changed.  i.e. this code cannot simply be
-!  * copied and put under another distribution licence
-!  * [including the GNU Public Licence.]
-!  */
-! 
-! #include <stdio.h>
-! #include "stack.h"
-! #include "cryptlib.h"
-! #include "asn1.h"
-! #include "objects.h"
-! #include "evp.h"
-! #include "x509.h"
-! 
-! int X509_NAME_get_text_by_NID(name,nid,buf,len)
-! X509_NAME *name;
-! int nid;
-! char *buf;
-! int len;
-  	{
-  	ASN1_OBJECT *obj;
-  
-  	obj=OBJ_nid2obj(nid);
-! 	if (obj == NULL) return(-1);
-! 	return(X509_NAME_get_text_by_OBJ(name,obj,buf,len));
-  	}
-  
-- int X509_NAME_get_text_by_OBJ(name,obj,buf,len)
-- X509_NAME *name;
-- ASN1_OBJECT *obj;
-- char *buf;
-- int len;
-- 	{
-- 	int i;
-- 	ASN1_STRING *data;
-  
-! 	i=X509_NAME_get_index_by_OBJ(name,obj,0);
-! 	if (i < 0) return(-1);
-! 	data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
-! 	i=(data->length > (len-1))?(len-1):data->length;
-! 	if (buf == NULL) return(data->length);
-! 	memcpy(buf,data->data,i);
-! 	buf[i]='\0';
-! 	return(i);
-! 	}
-  
-! int X509_NAME_entry_count(name)
-! X509_NAME *name;
-  	{
-! 	if (name == NULL) return(0);
-! 	return(sk_num(name->entries));
-  	}
-  
-! int X509_NAME_get_index_by_NID(name,nid,oldpos)
-! X509_NAME *name;
-! int nid;
-! int oldpos;
-! 	{
-! 	ASN1_OBJECT *obj;
-  
-! 	obj=OBJ_nid2obj(nid);
-! 	if (obj == NULL) return(-2);
-! 	return(X509_NAME_get_index_by_OBJ(name,obj,oldpos));
-  	}
-  
-- int X509_NAME_get_index_by_OBJ(name,obj,oldpos)
-- X509_NAME *name;
-- ASN1_OBJECT *obj;
-- int oldpos;
-- 	{
-- 	int n;
-- 	X509_NAME_ENTRY *ne;
-- 	STACK *sk;
-  
-! 	if (name == NULL) return(-1);
-! 	if (oldpos < 0)
-! 		oldpos= -1;
-! 	sk=name->entries;
-! 	n=sk_num(sk);
-! 	for (oldpos++; oldpos < n; oldpos++)
-  		{
-! 		ne=(X509_NAME_ENTRY *)sk_value(sk,oldpos);
-! 		if (OBJ_cmp(ne->object,obj) == 0)
-! 			return(oldpos);
-  		}
-! 	return(-1);
-  	}
-  
-- X509_NAME_ENTRY *X509_NAME_get_entry(name,loc)
-- X509_NAME *name;
-- int loc;
-- 	{
-- 	if (	(name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0))
-- 		return(NULL);
-- 	else
-- 		return((X509_NAME_ENTRY *)sk_value(name->entries,loc));
-- 	}
-  
-! X509_NAME_ENTRY *X509_NAME_delete_entry(name,loc)
-! X509_NAME *name;
-! int loc;
-  	{
-! 	X509_NAME_ENTRY *ret;
-! 	int i,j,n,set_prev,set_next;
-! 	STACK *sk;
-! 
-! 	if ((name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0))
-! 		return(NULL);
-! 	sk=name->entries;
-! 	ret=(X509_NAME_ENTRY *)sk_delete(sk,loc);
-! 	n=sk_num(sk);
-! 	name->modified=1;
-! 	if (loc == n) return(ret);
-! 
-! 	/* else we need to fixup the set field */
-! 	if (loc != 0)
-! 		set_prev=((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set;
-! 	else
-! 		set_prev=ret->set-1;
-! 	set_next=((X509_NAME_ENTRY *)sk_value(sk,loc))->set;
-  
-! 	/* set_prev is the previous set
-! 	 * set is the current set
-! 	 * set_next is the following
-! 	 * prev  1 1	1 1	1 1	1 1
-! 	 * set   1	1	2	2
-! 	 * next  1 1	2 2	2 2	3 2
-! 	 * so basically only if prev and next differ by 2, then
-! 	 * re-number down by 1 */
-! 	if (set_prev+1 < set_next)
-! 		{
-! 		j=set_next-set_prev-1;
-! 		for (i=loc; i<n; i++)
-! 			((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set-=j;
-! 		}
-! 	return(ret);
-  	}
-  
-  /* if set is -1, append to previous set, 0 'a new one', and 1,
-   * prepend to the guy we are about to stomp on. */
-! int X509_NAME_add_entry(name,ne,loc,set)
-! X509_NAME *name;
-! X509_NAME_ENTRY *ne;
-! int loc;
-! int set;
-  	{
-! 	X509_NAME_ENTRY *new_name=NULL;
-  	int n,i,inc;
-  	STACK *sk;
-  
---- 1,77 ----
-! X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
-! 			int type,unsigned char *bytes, int len)
-  	{
-  	ASN1_OBJECT *obj;
-  
-  	obj=OBJ_nid2obj(nid);
-! 	if (obj == NULL)
-! 		{
-! 		X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
-! 		return(NULL);
-! 		}
-! 	return(X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len));
-  	}
-  
-  
-! X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
-! 			ASN1_OBJECT *obj, int type,unsigned char *bytes,
-! 			int len)
-! 	{
-! 	X509_NAME_ENTRY *ret;
-  
-! 	if ((ne == NULL) || (*ne == NULL))
-  		{
-! 		if ((ret=X509_NAME_ENTRY_new()) == NULL)
-! 			return(NULL);
-  		}
-+ 	else
-+ 		ret= *ne;
-  
-! 	if (!X509_NAME_ENTRY_set_object(ret,obj))
-! 		goto err;
-! 	if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
-! 		goto err;
-  
-! 	if ((ne != NULL) && (*ne == NULL)) *ne=ret;
-! 	return(ret);
-! err:
-! 	if ((ne == NULL) || (ret != *ne))
-! 		X509_NAME_ENTRY_free(ret);
-! 	return(NULL);
-  	}
-  
-  
-! int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
-! 	{
-! 	if ((ne == NULL) || (obj == NULL))
-  		{
-! 		X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER);
-! 		return(0);
-  		}
-! 	ASN1_OBJECT_free(ne->object);
-! 	ne->object=OBJ_dup(obj);
-! 	return((ne->object == NULL)?0:1);
-  	}
-  
-  
-! int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne,int type,unsigned char *bytes,int len)
-  	{
-! 	int i;
-  
-! 	if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
-! 	if (len < 0) len=strlen((char *)bytes);
-! 	i=ASN1_STRING_set(ne->value,bytes,len);
-! 	if (!i) return(0);
-!     ne->value->type=ASN1_PRINTABLE_type(bytes,len);
-! 	return(1);
-  	}
-  
-  /* if set is -1, append to previous set, 0 'a new one', and 1,
-   * prepend to the guy we are about to stomp on. */
-! int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,int loc,int set)
-  	{
-! 	/* ERIC: renamed new to nenew for C++ users --tjh */
-! 	X509_NAME_ENTRY *nenew;
-  	int n,i,inc;
-      STACK *sk;
-  
-***************
-*** 206,213 ****
-  	if (loc > n) loc=n;
-  	else if (loc < 0) loc=n;
-  
-- 	name->modified=1;
-- 
-  	if (set == -1)
-  		{
-  		if (loc == 0)
---- 81,86 ----
-***************
-*** 223,245 ****
-  		}
-  	else /* if (set >= 0) */
-  		{
-- 		inc=(set == 0)?1:0;
-  		if (loc >= n)
-  			{
-  			if (loc != 0)
-  				set=((X509_NAME_ENTRY *)
-! 					sk_value(sk,n-1))->set+1;
-  			else
-  				set=0;
-  			}
-  		else
-  			set=((X509_NAME_ENTRY *)sk_value(sk,loc))->set;
-  		}
-  
-! 	if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL)
-  		goto err;
-! 	new_name->set=set;
-! 	if (!sk_insert(sk,(char *)new_name,loc))
-  		{
-  		X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);
-  		goto err;
---- 96,122 ----
-  		}
-  	else /* if (set >= 0) */
-  		{
-  		if (loc >= n)
-  			{
-  			if (loc != 0)
-  				set=((X509_NAME_ENTRY *)
-! 					sk_value(sk,loc-1))->set+1;
-  			else
-  				set=0;
-  			}
-  		else
-  			set=((X509_NAME_ENTRY *)sk_value(sk,loc))->set;
-+ 		inc=(set == 0)?1:0;
-  		}
-  
-! 	if ((nenew=X509_NAME_ENTRY_dup(ne)) == NULL)
-  		goto err;
-!         /* eric forgot to put this in when he cut the nice
-! 	 * interface so that I don't have to do the icky things
-! 	 * that req.c does --tjh :-)
-! 	 */
-! 	nenew->set=set;
-! 	if (!sk_insert(sk,(char *)nenew,loc))
-  		{
-  		X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);
-  		goto err;
-***************
-*** 252,357 ****
-  		}	
-  	return(1);
-  err:
-! 	if (new_name != NULL)
-  		X509_NAME_ENTRY_free(ne);
-  	return(0);
-- 	}
-- 
-- X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(ne,nid,type,bytes,len)
-- X509_NAME_ENTRY **ne;
-- int nid;
-- int type;
-- unsigned char *bytes;
-- int len;
-- 	{
-- 	ASN1_OBJECT *obj;
-- 
-- 	obj=OBJ_nid2obj(nid);
-- 	if (obj == NULL)
-- 		{
-- 		X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
-- 		return(NULL);
-- 		}
-- 	return(X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len));
-- 	}
-- 
-- X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len)
-- X509_NAME_ENTRY **ne;
-- ASN1_OBJECT *obj;
-- int type;
-- unsigned char *bytes;
-- int len;
-- 	{
-- 	X509_NAME_ENTRY *ret;
-- 
-- 	if ((ne == NULL) || (*ne == NULL))
-- 		{
-- 		if ((ret=X509_NAME_ENTRY_new()) == NULL)
-- 			return(NULL);
-- 		}
-- 	else
-- 		ret= *ne;
-- 
-- 	if (!X509_NAME_ENTRY_set_object(ret,obj))
-- 		goto err;
-- 	if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
-- 		goto err;
-- 	
-- 	if ((ne != NULL) && (*ne == NULL)) *ne=ret;
-- 	return(ret);
-- err:
-- 	if ((ne == NULL) || (ret != *ne))
-- 		X509_NAME_ENTRY_free(ret);
-- 	return(NULL);
-- 	}
-- 
-- int X509_NAME_ENTRY_set_object(ne,obj)
-- X509_NAME_ENTRY *ne;
-- ASN1_OBJECT *obj;
-- 	{
-- 	if ((ne == NULL) || (obj == NULL))
-- 		{
-- 		X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER);
-- 		return(0);
-- 		}
-- 	ASN1_OBJECT_free(ne->object);
-- 	ne->object=OBJ_dup(obj);
-- 	return((ne->object == NULL)?0:1);
-- 	}
-- 
-- int X509_NAME_ENTRY_set_data(ne,type,bytes,len)
-- X509_NAME_ENTRY *ne;
-- int type;
-- unsigned char *bytes;
-- int len;
-- 	{
-- 	int i;
-- 
-- 	if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
-- 	if (len < 0) len=strlen((char *)bytes);
-- 	i=ASN1_STRING_set(ne->value,bytes,len);
-- 	if (!i) return(0);
-- 	if (type != V_ASN1_UNDEF)
-- 		{
-- 		if (type == V_ASN1_APP_CHOOSE)
-- 			ne->value->type=ASN1_PRINTABLE_type(bytes,len);
-- 		else
-- 			ne->value->type=type;
-- 		}
-- 	return(1);
-- 	}
-- 
-- ASN1_OBJECT *X509_NAME_ENTRY_get_object(ne)
-- X509_NAME_ENTRY *ne;
-- 	{
-- 	if (ne == NULL) return(NULL);
-- 	return(ne->object);
-- 	}
-- 
-- ASN1_STRING *X509_NAME_ENTRY_get_data(ne)
-- X509_NAME_ENTRY *ne;
-- 	{
-- 	if (ne == NULL) return(NULL);
-- 	return(ne->value);
-  	}
-  
---- 129,136 ----
-  		}
-  	return(1);
-  err:
-! 	if (nenew != NULL)
-  		X509_NAME_ENTRY_free(ne);
-  	return(0);
-  	}
-  
diff --git a/crypto/x509/v3_net.c b/crypto/x509/v3_net.c
deleted file mode 100644
index 0c2d276d13..0000000000
--- a/crypto/x509/v3_net.c
+++ /dev/null
@@ -1,87 +0,0 @@
-/* crypto/x509/v3_net.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "stack.h"
-#include "cryptlib.h"
-#include "asn1.h"
-#include "objects.h"
-#include "x509.h"
-
-#define NETSCAPE_X509_EXT_NUM	8
-
-static X509_EXTENSION_METHOD netscape_x509_ext[NETSCAPE_X509_EXT_NUM]={
-{NID_netscape_ca_policy_url,	V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-{NID_netscape_ssl_server_name,	V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-{NID_netscape_revocation_url,	V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-{NID_netscape_base_url,V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-{NID_netscape_cert_type,V_ASN1_BIT_STRING,X509_EXT_PACK_STRING},
-{NID_netscape_ca_revocation_url,V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-{NID_netscape_renewal_url,V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-{NID_netscape_comment,V_ASN1_IA5STRING,X509_EXT_PACK_STRING},
-	};
-
-int X509v3_add_netscape_extensions()
-	{
-	int i;
-
-	for (i=0; i<NETSCAPE_X509_EXT_NUM; i++)
-		if (!X509v3_add_extension(&(netscape_x509_ext[i])))
-			return(0);
-	return(1);
-	}
diff --git a/crypto/x509/v3_x509.c b/crypto/x509/v3_x509.c
deleted file mode 100644
index fcf30f7452..0000000000
--- a/crypto/x509/v3_x509.c
+++ /dev/null
@@ -1,254 +0,0 @@
-/* crypto/x509/v3_x509.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "stack.h"
-#include "cryptlib.h"
-#include "bio.h"
-#include "asn1.h"
-#include "objects.h"
-#include "x509.h"
-
-#if 0
-static int i2a_key_usage(BIO *bp, X509 *x);
-static int a2i_key_usage(X509 *x, char *str, int len);
-#endif
-
-int X509v3_get_key_usage(X509 *x);
-int X509v3_set_key_usage(X509 *x,unsigned int use);
-int i2a_X509v3_key_usage(BIO *bp, unsigned int use);
-unsigned int a2i_X509v3_key_usage(char *p);
-
-#define STD_X509_EXT_NUM	9
-
-#if 0
-static X509_OBJECTS std_x509_ext[STD_X509_EXT_NUM]={
-{NID_subject_key_identifier,	NULL,NULL},
-{NID_key_usage,			a2i_key_usage,i2a_key_usage}, /**/
-{NID_private_key_usage_period,	NULL,NULL},
-{NID_subject_alt_name,		NULL,NULL},
-{NID_issuer_alt_name,		NULL,NULL},
-{NID_basic_constraints,		NULL,NULL},
-{NID_crl_number,		NULL,NULL},
-{NID_certificate_policies,	NULL,NULL},
-{NID_authority_key_identifier,  NULL,NULL},
-	};
-#endif
-
-int X509v3_add_standard_extensions()
-	{
-
-#if 0
-	for (i=0; i<STD_X509_EXT_NUM; i++)
-		if (!X509v3_add_extension(&(std_x509_ext[i])))
-			return(0);
-#endif
-	return(1);
-	}
-
-int X509v3_get_key_usage(x)
-X509 *x;
-	{
-	X509_EXTENSION *ext;
-	ASN1_STRING *st;
-	char *p;
-	int i;
-
-	i=X509_get_ext_by_NID(x,NID_key_usage,-1);
-	if (i < 0) return(X509v3_KU_UNDEF);
-	ext=X509_get_ext(x,i);
-	st=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,
-		X509_EXTENSION_get_data(X509_get_ext(x,i)));
-
-	p=(char *)ASN1_STRING_data(st);
-	if (ASN1_STRING_length(st) == 1)
-		i=p[0];
-	else if (ASN1_STRING_length(st) == 2)
-		i=p[0]|(p[1]<<8);
-	else
-		i=0;
-	return(i);
-	}
-
-static struct
-	{
-	char *name;
-	unsigned int value;
-	} key_usage_data[] ={
-	{"digitalSignature",	X509v3_KU_DIGITAL_SIGNATURE},
-	{"nonRepudiation",	X509v3_KU_NON_REPUDIATION},
-	{"keyEncipherment",	X509v3_KU_KEY_ENCIPHERMENT},
-	{"dataEncipherment",	X509v3_KU_DATA_ENCIPHERMENT},
-	{"keyAgreement",	X509v3_KU_KEY_AGREEMENT},
-	{"keyCertSign",		X509v3_KU_KEY_CERT_SIGN},
-	{"cRLSign",		X509v3_KU_CRL_SIGN},
-	{"encipherOnly",	X509v3_KU_ENCIPHER_ONLY},
-	{"decipherOnly",	X509v3_KU_DECIPHER_ONLY},
-	{NULL,0},
-	};
-
-#if 0
-static int a2i_key_usage(x,str,len)
-X509 *x;
-char *str;
-int len;
-	{
-	return(X509v3_set_key_usage(x,a2i_X509v3_key_usage(str)));
-	}
-
-static int i2a_key_usage(bp,x)
-BIO *bp;
-X509 *x;
-	{
-	return(i2a_X509v3_key_usage(bp,X509v3_get_key_usage(x)));
-	}
-#endif
-
-int i2a_X509v3_key_usage(bp,use)
-BIO *bp;
-unsigned int use;
-	{
-	int i=0,first=1;
-
-	for (;;)
-		{
-		if (use | key_usage_data[i].value)
-			{
-			BIO_printf(bp,"%s%s",((first)?"":" "),
-				key_usage_data[i].name);
-			first=0;
-			}
-		break;
-		}
-	return(1);
-	}
-
-unsigned int a2i_X509v3_key_usage(p)
-char *p;
-	{
-	unsigned int ret=0;
-	char *q,*s;
-	int i,n;
-
-	q=p;
-	for (;;)
-		{
-		while ((*q != '\0') && isalnum(*q))
-			q++;
-		if (*q == '\0') break;
-		s=q++;
-		while (isalnum(*q))
-			q++;
-		n=q-s;
-		i=0;
-		for (;;)
-			{
-			if (strncmp(key_usage_data[i].name,s,n) == 0)
-				{
-				ret|=key_usage_data[i].value;
-				break;
-				}
-			i++;
-			if (key_usage_data[i].name == NULL)
-				return(X509v3_KU_UNDEF);
-			}
-		}
-	return(ret);
-	}
-
-int X509v3_set_key_usage(x,use)
-X509 *x;
-unsigned int use;
-	{
-	ASN1_OCTET_STRING *os;
-	X509_EXTENSION *ext;
-	int i;
-	unsigned char data[4];
-
-	i=X509_get_ext_by_NID(x,NID_key_usage,-1);
-	if (i < 0)
-		{
-		i=X509_get_ext_count(x)+1;
-		if ((ext=X509_EXTENSION_new()) == NULL) return(0);
-		if (!X509_add_ext(x,ext,i))
-			{
-			X509_EXTENSION_free(ext);
-			return(0);
-			}
-		}
-	else
-		ext=X509_get_ext(x,i);
-
-	/* fill in 'ext' */
-	os=X509_EXTENSION_get_data(ext);
-
-	i=0;
-	if (use > 0)
-		{
-		i=1;
-		data[0]=use&0xff;
-		}
-	if (use > 0xff)
-		{
-		i=2;
-		data[1]=(use>>8)&0xff;
-		}
-	return((X509v3_pack_string(&os,V_ASN1_BIT_STRING,data,i) == NULL)?0:1);
-	}
-
diff --git a/crypto/x509/x509.doc b/crypto/x509/x509.doc
deleted file mode 100644
index 73cfc9f034..0000000000
--- a/crypto/x509/x509.doc
+++ /dev/null
@@ -1,27 +0,0 @@
-X509_verify()
-X509_sign()
-
-X509_get_version()
-X509_get_serialNumber()
-X509_get_issuer()
-X509_get_subject()
-X509_get_notBefore()
-X509_get_notAfter()
-X509_get_pubkey()
-
-X509_set_version()
-X509_set_serialNumber()
-X509_set_issuer()
-X509_set_subject()
-X509_set_notBefore()
-X509_set_notAfter()
-X509_set_pubkey()
-
-X509_get_extensions()
-X509_set_extensions()
-
-X509_EXTENSIONS_clear()
-X509_EXTENSIONS_retrieve()
-X509_EXTENSIONS_add()
-X509_EXTENSIONS_delete()
-
diff --git a/crypto/x509/x509.err b/crypto/x509/x509.err
deleted file mode 100644
index 8d0862d7d1..0000000000
--- a/crypto/x509/x509.err
+++ /dev/null
@@ -1,46 +0,0 @@
-/* Error codes for the X509 functions. */
-
-/* Function codes. */
-#define X509_F_ADD_CERT_DIR				 100
-#define X509_F_BY_FILE_CTRL				 101
-#define X509_F_DIR_CTRL					 102
-#define X509_F_GET_CERT_BY_SUBJECT			 103
-#define X509_F_X509V3_ADD_EXT				 104
-#define X509_F_X509V3_ADD_EXTENSION			 105
-#define X509_F_X509V3_PACK_STRING			 106
-#define X509_F_X509V3_UNPACK_STRING			 107
-#define X509_F_X509_EXTENSION_CREATE_BY_NID		 108
-#define X509_F_X509_EXTENSION_CREATE_BY_OBJ		 109
-#define X509_F_X509_GET_PUBKEY_PARAMETERS		 110
-#define X509_F_X509_LOAD_CERT_FILE			 111
-#define X509_F_X509_LOAD_CRL_FILE			 112
-#define X509_F_X509_NAME_ADD_ENTRY			 113
-#define X509_F_X509_NAME_ENTRY_CREATE_BY_NID		 114
-#define X509_F_X509_NAME_ENTRY_SET_OBJECT		 115
-#define X509_F_X509_NAME_ONELINE			 116
-#define X509_F_X509_NAME_PRINT				 117
-#define X509_F_X509_PRINT_FP				 118
-#define X509_F_X509_PUBKEY_GET				 119
-#define X509_F_X509_PUBKEY_SET				 120
-#define X509_F_X509_REQ_PRINT				 121
-#define X509_F_X509_REQ_PRINT_FP			 122
-#define X509_F_X509_REQ_TO_X509				 123
-#define X509_F_X509_STORE_ADD_CERT			 124
-#define X509_F_X509_STORE_ADD_CRL			 125
-#define X509_F_X509_TO_X509_REQ				 126
-#define X509_F_X509_VERIFY_CERT				 127
-
-/* Reason codes. */
-#define X509_R_BAD_X509_FILETYPE			 100
-#define X509_R_CERT_ALREADY_IN_HASH_TABLE		 101
-#define X509_R_ERR_ASN1_LIB				 102
-#define X509_R_LOADING_CERT_DIR				 103
-#define X509_R_LOADING_DEFAULTS				 104
-#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY		 105
-#define X509_R_SHOULD_RETRY				 106
-#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN	 107
-#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY		 108
-#define X509_R_UNKNOWN_NID				 109
-#define X509_R_UNKNOWN_STRING_TYPE			 110
-#define X509_R_UNSUPPORTED_ALGORITHM			 111
-#define X509_R_WRONG_LOOKUP_TYPE			 112
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 4ae05bc0de..f1ccc0f041 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -55,36 +55,66 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECDH support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
 #ifndef HEADER_X509_H
 #define HEADER_X509_H
 
-#ifdef  __cplusplus
-extern "C" {
+#include <openssl/symhacks.h>
+#ifndef OPENSSL_NO_BUFFER
+#include <openssl/buffer.h>
 #endif
+#ifndef OPENSSL_NO_EVP
+#include <openssl/evp.h>
+#endif
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#include <openssl/stack.h>
+#include <openssl/asn1.h>
+#include <openssl/safestack.h>
 
-#include "stack.h"
-#include "asn1.h"
+#ifndef OPENSSL_NO_RSA
+#include <openssl/rsa.h>
+#endif
 
-#ifndef NO_RSA
-#include "rsa.h"
-#else
-#define RSA	long
+#ifndef OPENSSL_NO_DSA
+#include <openssl/dsa.h>
 #endif
 
-#ifndef NO_DSA
-#include "dsa.h"
-#else
-#define DSA	long
+#ifndef OPENSSL_NO_EC
+#include <openssl/ec.h>
 #endif
 
-#ifndef NO_DH
-#include "dh.h"
-#else
-#define DH	long
+#ifndef OPENSSL_NO_ECDSA
+#include <openssl/ecdsa.h>
 #endif
 
-#include "evp.h"
+#ifndef OPENSSL_NO_ECDH
+#include <openssl/ecdh.h>
+#endif
+
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#endif
+#ifndef OPENSSL_NO_SHA
+#include <openssl/sha.h>
+#endif
+#include <openssl/e_os2.h>
+#include <openssl/ossl_typ.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_SYS_WIN32
+/* Under Win32 this is defined in wincrypt.h */
+#undef X509_NAME
+#endif
 
 #define X509_FILETYPE_PEM	1
 #define X509_FILETYPE_ASN1	2
@@ -108,23 +138,26 @@ typedef struct X509_objects_st
 	int (*i2a)();
 	} X509_OBJECTS;
 
-typedef struct X509_algor_st
+struct X509_algor_st
 	{
 	ASN1_OBJECT *algorithm;
 	ASN1_TYPE *parameter;
-	} X509_ALGOR;
+	} /* X509_ALGOR */;
+
+DECLARE_STACK_OF(X509_ALGOR)
+DECLARE_ASN1_SET_OF(X509_ALGOR)
 
 typedef struct X509_val_st
 	{
-	ASN1_UTCTIME *notBefore;
-	ASN1_UTCTIME *notAfter;
+	ASN1_TIME *notBefore;
+	ASN1_TIME *notAfter;
 	} X509_VAL;
 
 typedef struct X509_pubkey_st
 	{
 	X509_ALGOR *algor;
 	ASN1_BIT_STRING *public_key;
-	struct evp_pkey_st /* EVP_PKEY*/ *pkey;
+	EVP_PKEY *pkey;
 	} X509_PUBKEY;
 
 typedef struct X509_sig_st
@@ -141,58 +174,60 @@ typedef struct X509_name_entry_st
 	int size; 	/* temp variable */
 	} X509_NAME_ENTRY;
 
+DECLARE_STACK_OF(X509_NAME_ENTRY)
+DECLARE_ASN1_SET_OF(X509_NAME_ENTRY)
+
 /* we always keep X509_NAMEs in 2 forms. */
-typedef struct X509_name_st
+struct X509_name_st
 	{
-	STACK *entries; /* of X509_NAME_ENTRY */
+	STACK_OF(X509_NAME_ENTRY) *entries;
 	int modified;	/* true if 'bytes' needs to be built */
-#ifdef HEADER_BUFFER_H
+#ifndef OPENSSL_NO_BUFFER
 	BUF_MEM *bytes;
 #else
 	char *bytes;
 #endif
 	unsigned long hash; /* Keep the hash around for lookups */
-	} X509_NAME;
+	} /* X509_NAME */;
+
+DECLARE_STACK_OF(X509_NAME)
 
 #define X509_EX_V_NETSCAPE_HACK		0x8000
 #define X509_EX_V_INIT			0x0001
 typedef struct X509_extension_st
 	{
 	ASN1_OBJECT *object;
-	short critical;
-	short netscape_hack;
+	ASN1_BOOLEAN critical;
 	ASN1_OCTET_STRING *value;
-	long argl;			/* used when decoding */
-	char *argp;			/* used when decoding */
-	void (*ex_free)();		/* clear argp stuff */
 	} X509_EXTENSION;
 
-/* #if 1 */
-typedef struct x509_extension_method_st
+DECLARE_STACK_OF(X509_EXTENSION)
+DECLARE_ASN1_SET_OF(X509_EXTENSION)
+
+/* a sequence of these are used */
+typedef struct x509_attributes_st
 	{
-	int nid;
-	int data_type;
-	int pack_type;
-	void (*ex_clear)();
-	int (*ex_get_bool)();
-	int (*ex_set_bool)();
-	int (*ex_get_str)();
-	int (*ex_set_str)();
-	char *(*ex_get_struct)();
-	int (*ex_set_struct)();
-	int (*a2i)();
-	int (*i2a)();
-	} X509_EXTENSION_METHOD;
-/* #endif */
+	ASN1_OBJECT *object;
+	int single; /* 0 for a set, 1 for a single item (which is wrong) */
+	union	{
+		char		*ptr;
+/* 0 */		STACK_OF(ASN1_TYPE) *set;
+/* 1 */		ASN1_TYPE	*single;
+		} value;
+	} X509_ATTRIBUTE;
+
+DECLARE_STACK_OF(X509_ATTRIBUTE)
+DECLARE_ASN1_SET_OF(X509_ATTRIBUTE)
+
 
 typedef struct X509_req_info_st
 	{
+	ASN1_ENCODING enc;
 	ASN1_INTEGER *version;
 	X509_NAME *subject;
 	X509_PUBKEY *pubkey;
 	/*  d=2 hl=2 l=  0 cons: cont: 00 */
-	STACK /* X509_ATTRIBUTE */ *attributes; /* [ 0 ] */
-	int req_kludge;
+	STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
 	} X509_REQ_INFO;
 
 typedef struct X509_req_st
@@ -214,10 +249,25 @@ typedef struct x509_cinf_st
 	X509_PUBKEY *key;
 	ASN1_BIT_STRING *issuerUID;		/* [ 1 ] optional in v2 */
 	ASN1_BIT_STRING *subjectUID;		/* [ 2 ] optional in v2 */
-	STACK /* X509_EXTENSION */ *extensions;	/* [ 3 ] optional in v3 */
+	STACK_OF(X509_EXTENSION) *extensions;	/* [ 3 ] optional in v3 */
 	} X509_CINF;
 
-typedef struct x509_st
+/* This stuff is certificate "auxiliary info"
+ * it contains details which are useful in certificate
+ * stores and databases. When used this is tagged onto
+ * the end of the certificate itself
+ */
+
+typedef struct x509_cert_aux_st
+	{
+	STACK_OF(ASN1_OBJECT) *trust;		/* trusted uses */
+	STACK_OF(ASN1_OBJECT) *reject;		/* rejected uses */
+	ASN1_UTF8STRING *alias;			/* "friendly name" */
+	ASN1_OCTET_STRING *keyid;		/* key id of private key */
+	STACK_OF(X509_ALGOR) *other;		/* other unspecified info */
+	} X509_CERT_AUX;
+
+struct x509_st
 	{
 	X509_CINF *cert_info;
 	X509_ALGOR *sig_alg;
@@ -225,47 +275,176 @@ typedef struct x509_st
 	int valid;
 	int references;
 	char *name;
-	} X509;
+	CRYPTO_EX_DATA ex_data;
+	/* These contain copies of various extension values */
+	long ex_pathlen;
+	unsigned long ex_flags;
+	unsigned long ex_kusage;
+	unsigned long ex_xkusage;
+	unsigned long ex_nscert;
+	ASN1_OCTET_STRING *skid;
+	struct AUTHORITY_KEYID_st *akid;
+#ifndef OPENSSL_NO_SHA
+	unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+#endif
+	X509_CERT_AUX *aux;
+	} /* X509 */;
+
+DECLARE_STACK_OF(X509)
+DECLARE_ASN1_SET_OF(X509)
+
+/* This is used for a table of trust checking functions */
+
+typedef struct x509_trust_st {
+	int trust;
+	int flags;
+	int (*check_trust)(struct x509_trust_st *, X509 *, int);
+	char *name;
+	int arg1;
+	void *arg2;
+} X509_TRUST;
+
+DECLARE_STACK_OF(X509_TRUST)
+
+typedef struct x509_cert_pair_st {
+	X509 *forward;
+	X509 *reverse;
+} X509_CERT_PAIR;
+
+/* standard trust ids */
+
+#define X509_TRUST_DEFAULT	-1	/* Only valid in purpose settings */
+
+#define X509_TRUST_COMPAT	1
+#define X509_TRUST_SSL_CLIENT	2
+#define X509_TRUST_SSL_SERVER	3
+#define X509_TRUST_EMAIL	4
+#define X509_TRUST_OBJECT_SIGN	5
+#define X509_TRUST_OCSP_SIGN	6
+#define X509_TRUST_OCSP_REQUEST	7
+
+/* Keep these up to date! */
+#define X509_TRUST_MIN		1
+#define X509_TRUST_MAX		7
+
+
+/* trust_flags values */
+#define	X509_TRUST_DYNAMIC 	1
+#define	X509_TRUST_DYNAMIC_NAME	2
+
+/* check_trust return codes */
+
+#define X509_TRUST_TRUSTED	1
+#define X509_TRUST_REJECTED	2
+#define X509_TRUST_UNTRUSTED	3
+
+/* Flags for X509_print_ex() */
+
+#define	X509_FLAG_COMPAT		0
+#define	X509_FLAG_NO_HEADER		1L
+#define	X509_FLAG_NO_VERSION		(1L << 1)
+#define	X509_FLAG_NO_SERIAL		(1L << 2)
+#define	X509_FLAG_NO_SIGNAME		(1L << 3)
+#define	X509_FLAG_NO_ISSUER		(1L << 4)
+#define	X509_FLAG_NO_VALIDITY		(1L << 5)
+#define	X509_FLAG_NO_SUBJECT		(1L << 6)
+#define	X509_FLAG_NO_PUBKEY		(1L << 7)
+#define	X509_FLAG_NO_EXTENSIONS		(1L << 8)
+#define	X509_FLAG_NO_SIGDUMP		(1L << 9)
+#define	X509_FLAG_NO_AUX		(1L << 10)
+#define	X509_FLAG_NO_ATTRIBUTES		(1L << 11)
+
+/* Flags specific to X509_NAME_print_ex() */	
+
+/* The field separator information */
+
+#define XN_FLAG_SEP_MASK	(0xf << 16)
+
+#define XN_FLAG_COMPAT		0		/* Traditional SSLeay: use old X509_NAME_print */
+#define XN_FLAG_SEP_COMMA_PLUS	(1 << 16)	/* RFC2253 ,+ */
+#define XN_FLAG_SEP_CPLUS_SPC	(2 << 16)	/* ,+ spaced: more readable */
+#define XN_FLAG_SEP_SPLUS_SPC	(3 << 16)	/* ;+ spaced */
+#define XN_FLAG_SEP_MULTILINE	(4 << 16)	/* One line per field */
+
+#define XN_FLAG_DN_REV		(1 << 20)	/* Reverse DN order */
+
+/* How the field name is shown */
+
+#define XN_FLAG_FN_MASK		(0x3 << 21)
+
+#define XN_FLAG_FN_SN		0		/* Object short name */
+#define XN_FLAG_FN_LN		(1 << 21)	/* Object long name */
+#define XN_FLAG_FN_OID		(2 << 21)	/* Always use OIDs */
+#define XN_FLAG_FN_NONE		(3 << 21)	/* No field names */
+
+#define XN_FLAG_SPC_EQ		(1 << 23)	/* Put spaces round '=' */
+
+/* This determines if we dump fields we don't recognise:
+ * RFC2253 requires this.
+ */
+
+#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
+
+#define XN_FLAG_FN_ALIGN	(1 << 25)	/* Align field names to 20 characters */
+
+/* Complete set of RFC2253 flags */
+
+#define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
+			XN_FLAG_SEP_COMMA_PLUS | \
+			XN_FLAG_DN_REV | \
+			XN_FLAG_FN_SN | \
+			XN_FLAG_DUMP_UNKNOWN_FIELDS)
+
+/* readable oneline form */
+
+#define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
+			ASN1_STRFLGS_ESC_QUOTE | \
+			XN_FLAG_SEP_CPLUS_SPC | \
+			XN_FLAG_SPC_EQ | \
+			XN_FLAG_FN_SN)
+
+/* readable multiline form */
+
+#define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
+			ASN1_STRFLGS_ESC_MSB | \
+			XN_FLAG_SEP_MULTILINE | \
+			XN_FLAG_SPC_EQ | \
+			XN_FLAG_FN_LN | \
+			XN_FLAG_FN_ALIGN)
 
 typedef struct X509_revoked_st
 	{
 	ASN1_INTEGER *serialNumber;
-	ASN1_UTCTIME *revocationDate;
-	STACK /* optional X509_EXTENSION */ *extensions;
+	ASN1_TIME *revocationDate;
+	STACK_OF(X509_EXTENSION) /* optional */ *extensions;
 	int sequence; /* load sequence */
 	} X509_REVOKED;
 
+DECLARE_STACK_OF(X509_REVOKED)
+DECLARE_ASN1_SET_OF(X509_REVOKED)
+
 typedef struct X509_crl_info_st
 	{
 	ASN1_INTEGER *version;
 	X509_ALGOR *sig_alg;
 	X509_NAME *issuer;
-	ASN1_UTCTIME *lastUpdate;
-	ASN1_UTCTIME *nextUpdate;
-	STACK /* X509_REVOKED */ *revoked;
-	STACK /* [0] X509_EXTENSION */ *extensions;
+	ASN1_TIME *lastUpdate;
+	ASN1_TIME *nextUpdate;
+	STACK_OF(X509_REVOKED) *revoked;
+	STACK_OF(X509_EXTENSION) /* [0] */ *extensions;
 	} X509_CRL_INFO;
 
-typedef struct X509_crl_st
+struct X509_crl_st
 	{
 	/* actual signature */
 	X509_CRL_INFO *crl;
 	X509_ALGOR *sig_alg;
 	ASN1_BIT_STRING *signature;
 	int references;
-	} X509_CRL;
+	} /* X509_CRL */;
 
-/* a sequence of these are used */
-typedef struct x509_attributes_st
-	{
-	ASN1_OBJECT *object;
-	int set; /* 1 for a set, 0 for a single item (which is wrong) */
-	union	{
-		char		*ptr;
-/* 1 */		STACK /* ASN1_TYPE */ *set;
-/* 0 */		ASN1_TYPE	*single;
-		} value;
-	} X509_ATTRIBUTE;
+DECLARE_STACK_OF(X509_CRL)
+DECLARE_ASN1_SET_OF(X509_CRL)
 
 typedef struct private_key_st
 	{
@@ -288,7 +467,7 @@ typedef struct private_key_st
 	int references;
 	} X509_PKEY;
 
-#ifdef HEADER_ENVELOPE_H
+#ifndef OPENSSL_NO_EVP
 typedef struct X509_info_st
 	{
 	X509 *x509;
@@ -301,11 +480,13 @@ typedef struct X509_info_st
 
 	int references;
 	} X509_INFO;
+
+DECLARE_STACK_OF(X509_INFO)
 #endif
 
 /* The next 2 structures and their 8 routines were sent to me by
  * Pat Richard <patr@x509.com> and are used to manipulate
- * Netscapes spki strucutres - usefull if you are writing a CA web page
+ * Netscapes spki structures - useful if you are writing a CA web page
  */
 typedef struct Netscape_spkac_st
 	{
@@ -320,17 +501,67 @@ typedef struct Netscape_spki_st
 	ASN1_BIT_STRING *signature;
 	} NETSCAPE_SPKI;
 
-#ifndef HEADER_BN_H
-#define BIGNUM 		char
-#endif
+/* Netscape certificate sequence structure */
+typedef struct Netscape_certificate_sequence
+	{
+	ASN1_OBJECT *type;
+	STACK_OF(X509) *certs;
+	} NETSCAPE_CERT_SEQUENCE;
 
+/* Unused (and iv length is wrong)
 typedef struct CBCParameter_st
 	{
 	unsigned char iv[8];
 	} CBC_PARAM;
+*/
+
+/* Password based encryption structure */
+
+typedef struct PBEPARAM_st {
+ASN1_OCTET_STRING *salt;
+ASN1_INTEGER *iter;
+} PBEPARAM;
+
+/* Password based encryption V2 structures */
 
-#include "x509_vfy.h"
-#include "pkcs7.h"
+typedef struct PBE2PARAM_st {
+X509_ALGOR *keyfunc;
+X509_ALGOR *encryption;
+} PBE2PARAM;
+
+typedef struct PBKDF2PARAM_st {
+ASN1_TYPE *salt;	/* Usually OCTET STRING but could be anything */
+ASN1_INTEGER *iter;
+ASN1_INTEGER *keylength;
+X509_ALGOR *prf;
+} PBKDF2PARAM;
+
+
+/* PKCS#8 private key info structure */
+
+typedef struct pkcs8_priv_key_info_st
+        {
+        int broken;     /* Flag for various broken formats */
+#define PKCS8_OK		0
+#define PKCS8_NO_OCTET		1
+#define PKCS8_EMBEDDED_PARAM	2
+#define PKCS8_NS_DB		3
+        ASN1_INTEGER *version;
+        X509_ALGOR *pkeyalg;
+        ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */
+        STACK_OF(X509_ATTRIBUTE) *attributes;
+        } PKCS8_PRIV_KEY_INFO;
+
+#ifdef  __cplusplus
+}
+#endif
+
+#include <openssl/x509_vfy.h>
+#include <openssl/pkcs7.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
 
 #ifdef SSLEAY_MACROS
 #define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\
@@ -445,6 +676,17 @@ typedef struct CBCParameter_st
 #define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \
 		(unsigned char *)dsa)
 
+#define d2i_ECPrivateKey_fp(fp,ecdsa) (EC_KEY *)ASN1_d2i_fp((char *(*)())\
+		EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (fp), \
+		(unsigned char **)(ecdsa))
+#define i2d_ECPrivateKey_fp(fp,ecdsa) ASN1_i2d_fp(i2d_ECPrivateKey,fp, \
+		(unsigned char *)ecdsa)
+#define d2i_ECPrivateKey_bio(bp,ecdsa) (EC_KEY *)ASN1_d2i_bio((char *(*)())\
+		EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (bp), \
+		(unsigned char **)(ecdsa))
+#define i2d_ECPrivateKey_bio(bp,ecdsa) ASN1_i2d_bio(i2d_ECPrivateKey,bp, \
+		(unsigned char *)ecdsa)
+
 #define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\
 		(char *(*)())d2i_X509_ALGOR,(char *)xn)
 
@@ -480,59 +722,129 @@ typedef struct CBCParameter_st
 #define		X509_name_cmp(a,b)	X509_NAME_cmp((a),(b))
 #define		X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm))
 
+#define		X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version)
+#define 	X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate)
+#define 	X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate)
+#define		X509_CRL_get_issuer(x) ((x)->crl->issuer)
+#define		X509_CRL_get_REVOKED(x) ((x)->crl->revoked)
+
 /* This one is only used so that a binary form can output, as in
  * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */
 #define 	X509_get_X509_PUBKEY(x) ((x)->cert_info->key)
 
-#ifndef NOPROTO
+
+const char *X509_verify_cert_error_string(long n);
 
 #ifndef SSLEAY_MACROS
-#ifdef HEADER_ENVELOPE_H
+#ifndef OPENSSL_NO_EVP
 int X509_verify(X509 *a, EVP_PKEY *r);
-char *X509_verify_cert_error_string(long n);
 
 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
 int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
 int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
 
-int X509_sign(X509 *x, EVP_PKEY *pkey, EVP_MD *md);
-int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, EVP_MD *md);
-int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, EVP_MD *md);
-int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, EVP_MD *md);
-
-int X509_digest(X509 *data,EVP_MD *type,unsigned char *md,unsigned int *len);
-int X509_NAME_digest(X509_NAME *data,EVP_MD *type,
-	unsigned char *md,unsigned int *len);
+NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len);
+char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
+EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
+int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
+
+int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
+
+int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig);
+
+int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
+int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
+
+int X509_pubkey_digest(const X509 *data,const EVP_MD *type,
+		unsigned char *md, unsigned int *len);
+int X509_digest(const X509 *data,const EVP_MD *type,
+		unsigned char *md, unsigned int *len);
+int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type,
+		unsigned char *md, unsigned int *len);
+int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type,
+		unsigned char *md, unsigned int *len);
+int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type,
+		unsigned char *md, unsigned int *len);
 #endif
 
-#ifndef NO_FP_API
-X509 *d2i_X509_fp(FILE *fp, X509 *x509);
+#ifndef OPENSSL_NO_FP_API
+X509 *d2i_X509_fp(FILE *fp, X509 **x509);
 int i2d_X509_fp(FILE *fp,X509 *x509);
-X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL *crl);
+X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl);
 int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl);
-X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ *req);
+X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req);
 int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req);
-RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
+#ifndef OPENSSL_NO_RSA
+RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa);
 int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa);
-DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
-int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
-RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA *rsa);
+RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa);
 int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa);
+RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa);
+int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa);
+#endif
+#ifndef OPENSSL_NO_DSA
+DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
+int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
+DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
+int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
+#endif
+#ifndef OPENSSL_NO_EC
+EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
+int   i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);
+EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
+int   i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);
+#endif
+X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8);
+int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8);
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
+						PKCS8_PRIV_KEY_INFO **p8inf);
+int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
+int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
+int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
+int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
 #endif
 
-#ifdef HEADER_BIO_H
-X509 *d2i_X509_bio(BIO *bp,X509 *x509);
+#ifndef OPENSSL_NO_BIO
+X509 *d2i_X509_bio(BIO *bp,X509 **x509);
 int i2d_X509_bio(BIO *bp,X509 *x509);
-X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL *crl);
+X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl);
 int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl);
-X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ *req);
+X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req);
 int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req);
-RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
+#ifndef OPENSSL_NO_RSA
+RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa);
 int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa);
-DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
-int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
-RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA *rsa);
+RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa);
 int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa);
+RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa);
+int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa);
+#endif
+#ifndef OPENSSL_NO_DSA
+DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
+int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
+DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
+int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
+#endif
+#ifndef OPENSSL_NO_EC
+EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
+int   i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);
+EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
+int   i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);
+#endif
+X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8);
+int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8);
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
+						PKCS8_PRIV_KEY_INFO **p8inf);
+int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
+int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
+int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
+int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
 #endif
 
 X509 *X509_dup(X509 *x509);
@@ -543,134 +855,112 @@ X509_REQ *X509_REQ_dup(X509_REQ *req);
 X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
 X509_NAME *X509_NAME_dup(X509_NAME *xn);
 X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
+#ifndef OPENSSL_NO_RSA
 RSA *RSAPublicKey_dup(RSA *rsa);
 RSA *RSAPrivateKey_dup(RSA *rsa);
+#endif
 
 #endif /* !SSLEAY_MACROS */
 
-int		X509_cmp_current_time(ASN1_UTCTIME *s);
-ASN1_UTCTIME *	X509_gmtime_adj(ASN1_UTCTIME *s, long adj);
+int		X509_cmp_time(ASN1_TIME *s, time_t *t);
+int		X509_cmp_current_time(ASN1_TIME *s);
+ASN1_TIME *	X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
+ASN1_TIME *	X509_gmtime_adj(ASN1_TIME *s, long adj);
 
-char *		X509_get_default_cert_area(void );
-char *		X509_get_default_cert_dir(void );
-char *		X509_get_default_cert_file(void );
-char *		X509_get_default_cert_dir_env(void );
-char *		X509_get_default_cert_file_env(void );
-char *		X509_get_default_private_dir(void );
+const char *	X509_get_default_cert_area(void );
+const char *	X509_get_default_cert_dir(void );
+const char *	X509_get_default_cert_file(void );
+const char *	X509_get_default_cert_dir_env(void );
+const char *	X509_get_default_cert_file_env(void );
+const char *	X509_get_default_private_dir(void );
 
-X509_REQ *	X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, EVP_MD *md);
+X509_REQ *	X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
 X509 *		X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
-void ERR_load_X509_strings(void );
 
-X509_ALGOR *	X509_ALGOR_new(void );
-void		X509_ALGOR_free(X509_ALGOR *a);
-int		i2d_X509_ALGOR(X509_ALGOR *a,unsigned char **pp);
-X509_ALGOR *	d2i_X509_ALGOR(X509_ALGOR **a,unsigned char **pp,
-			long length);
+DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
+DECLARE_ASN1_FUNCTIONS(X509_VAL)
 
-X509_VAL *	X509_VAL_new(void );
-void		X509_VAL_free(X509_VAL *a);
-int		i2d_X509_VAL(X509_VAL *a,unsigned char **pp);
-X509_VAL *	d2i_X509_VAL(X509_VAL **a,unsigned char **pp,
-			long length);
+DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
 
-X509_PUBKEY *	X509_PUBKEY_new(void );
-void		X509_PUBKEY_free(X509_PUBKEY *a);
-int		i2d_X509_PUBKEY(X509_PUBKEY *a,unsigned char **pp);
-X509_PUBKEY *	d2i_X509_PUBKEY(X509_PUBKEY **a,unsigned char **pp,
-			long length);
 int		X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
 EVP_PKEY *	X509_PUBKEY_get(X509_PUBKEY *key);
-int		X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK *chain);
-
-
-X509_SIG *	X509_SIG_new(void );
-void		X509_SIG_free(X509_SIG *a);
-int		i2d_X509_SIG(X509_SIG *a,unsigned char **pp);
-X509_SIG *	d2i_X509_SIG(X509_SIG **a,unsigned char **pp,long length);
-
-X509_REQ_INFO *X509_REQ_INFO_new(void);
-void		X509_REQ_INFO_free(X509_REQ_INFO *a);
-int		i2d_X509_REQ_INFO(X509_REQ_INFO *a,unsigned char **pp);
-X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a,unsigned char **pp,
+int		X509_get_pubkey_parameters(EVP_PKEY *pkey,
+					   STACK_OF(X509) *chain);
+int		i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp);
+EVP_PKEY *	d2i_PUBKEY(EVP_PKEY **a,unsigned char **pp,
+			long length);
+#ifndef OPENSSL_NO_RSA
+int		i2d_RSA_PUBKEY(RSA *a,unsigned char **pp);
+RSA *		d2i_RSA_PUBKEY(RSA **a,unsigned char **pp,
 			long length);
+#endif
+#ifndef OPENSSL_NO_DSA
+int		i2d_DSA_PUBKEY(DSA *a,unsigned char **pp);
+DSA *		d2i_DSA_PUBKEY(DSA **a,unsigned char **pp,
+			long length);
+#endif
+#ifndef OPENSSL_NO_EC
+int		i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp);
+EC_KEY 		*d2i_EC_PUBKEY(EC_KEY **a, unsigned char **pp,
+			long length);
+#endif
 
-X509_REQ *	X509_REQ_new(void);
-void		X509_REQ_free(X509_REQ *a);
-int		i2d_X509_REQ(X509_REQ *a,unsigned char **pp);
-X509_REQ *	d2i_X509_REQ(X509_REQ **a,unsigned char **pp,long length);
+DECLARE_ASN1_FUNCTIONS(X509_SIG)
+DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
+DECLARE_ASN1_FUNCTIONS(X509_REQ)
 
-X509_ATTRIBUTE *X509_ATTRIBUTE_new(void );
-void		X509_ATTRIBUTE_free(X509_ATTRIBUTE *a);
-int		i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a,unsigned char **pp);
-X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a,unsigned char **pp,
-			long length);
-X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, char *value);
+DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
 
+DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
 
-X509_EXTENSION *X509_EXTENSION_new(void );
-void		X509_EXTENSION_free(X509_EXTENSION *a);
-int		i2d_X509_EXTENSION(X509_EXTENSION *a,unsigned char **pp);
-X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a,unsigned char **pp,
-			long length);
+DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
 
-X509_NAME_ENTRY *X509_NAME_ENTRY_new(void);
-void		X509_NAME_ENTRY_free(X509_NAME_ENTRY *a);
-int		i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a,unsigned char **pp);
-X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a,unsigned char **pp,
-			long length);
+DECLARE_ASN1_FUNCTIONS(X509_NAME)
 
-X509_NAME *	X509_NAME_new(void);
-void		X509_NAME_free(X509_NAME *a);
-int		i2d_X509_NAME(X509_NAME *a,unsigned char **pp);
-X509_NAME *	d2i_X509_NAME(X509_NAME **a,unsigned char **pp,long length);
 int		X509_NAME_set(X509_NAME **xn, X509_NAME *name);
 
+DECLARE_ASN1_FUNCTIONS(X509_CINF)
 
-X509_CINF *	X509_CINF_new(void);
-void		X509_CINF_free(X509_CINF *a);
-int		i2d_X509_CINF(X509_CINF *a,unsigned char **pp);
-X509_CINF *	d2i_X509_CINF(X509_CINF **a,unsigned char **pp,long length);
+DECLARE_ASN1_FUNCTIONS(X509)
+DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
 
-X509 *		X509_new(void);
-void		X509_free(X509 *a);
-int		i2d_X509(X509 *a,unsigned char **pp);
-X509 *		d2i_X509(X509 **a,unsigned char **pp,long length);
+DECLARE_ASN1_FUNCTIONS(X509_CERT_PAIR)
 
-X509_REVOKED *	X509_REVOKED_new(void);
-void		X509_REVOKED_free(X509_REVOKED *a);
-int		i2d_X509_REVOKED(X509_REVOKED *a,unsigned char **pp);
-X509_REVOKED *	d2i_X509_REVOKED(X509_REVOKED **a,unsigned char **pp,long length);
+int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int X509_set_ex_data(X509 *r, int idx, void *arg);
+void *X509_get_ex_data(X509 *r, int idx);
+int		i2d_X509_AUX(X509 *a,unsigned char **pp);
+X509 *		d2i_X509_AUX(X509 **a,unsigned char **pp,long length);
 
-X509_CRL_INFO *X509_CRL_INFO_new(void);
-void		X509_CRL_INFO_free(X509_CRL_INFO *a);
-int		i2d_X509_CRL_INFO(X509_CRL_INFO *a,unsigned char **pp);
-X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a,unsigned char **pp,
-			long length);
+int X509_alias_set1(X509 *x, unsigned char *name, int len);
+int X509_keyid_set1(X509 *x, unsigned char *id, int len);
+unsigned char * X509_alias_get0(X509 *x, int *len);
+unsigned char * X509_keyid_get0(X509 *x, int *len);
+int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int);
+int X509_TRUST_set(int *t, int trust);
+int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
+int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj);
+void X509_trust_clear(X509 *x);
+void X509_reject_clear(X509 *x);
+
+DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
+DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
+DECLARE_ASN1_FUNCTIONS(X509_CRL)
 
-X509_CRL *	X509_CRL_new(void);
-void		X509_CRL_free(X509_CRL *a);
-int		i2d_X509_CRL(X509_CRL *a,unsigned char **pp);
-X509_CRL *	d2i_X509_CRL(X509_CRL **a,unsigned char **pp,long length);
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
 
 X509_PKEY *	X509_PKEY_new(void );
 void		X509_PKEY_free(X509_PKEY *a);
 int		i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp);
 X509_PKEY *	d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length);
 
-NETSCAPE_SPKI *	NETSCAPE_SPKI_new(void );
-void		NETSCAPE_SPKI_free(NETSCAPE_SPKI *a);
-int		i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a,unsigned char **pp);
-NETSCAPE_SPKI *	d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a,unsigned char **pp,
-			long length);
-
-NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void );
-void		NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a);
-int		i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a,unsigned char **pp);
-NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a,unsigned char **pp,
-		long length);
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
 
-#ifdef HEADER_ENVELOPE_H
+#ifndef OPENSSL_NO_EVP
 X509_INFO *	X509_INFO_new(void);
 void		X509_INFO_free(X509_INFO *a);
 char *		X509_NAME_oneline(X509_NAME *a,char *buf,int size);
@@ -678,12 +968,22 @@ char *		X509_NAME_oneline(X509_NAME *a,char *buf,int size);
 int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1,
 	ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey);
 
-int ASN1_digest(int (*i2d)(),EVP_MD *type,char *data,
+int ASN1_digest(int (*i2d)(),const EVP_MD *type,char *data,
 	unsigned char *md,unsigned int *len);
 
 int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 	ASN1_BIT_STRING *signature,
-	char *data,EVP_PKEY *pkey, EVP_MD *type);
+	char *data,EVP_PKEY *pkey, const EVP_MD *type);
+
+int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data,
+	unsigned char *md,unsigned int *len);
+
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
+	ASN1_BIT_STRING *signature,void *data,EVP_PKEY *pkey);
+
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
+	ASN1_BIT_STRING *signature,
+	void *data, EVP_PKEY *pkey, const EVP_MD *type);
 #endif
 
 int 		X509_set_version(X509 *x,long version);
@@ -693,40 +993,84 @@ int 		X509_set_issuer_name(X509 *x, X509_NAME *name);
 X509_NAME *	X509_get_issuer_name(X509 *a);
 int 		X509_set_subject_name(X509 *x, X509_NAME *name);
 X509_NAME *	X509_get_subject_name(X509 *a);
-int 		X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm);
-int 		X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm);
+int 		X509_set_notBefore(X509 *x, ASN1_TIME *tm);
+int 		X509_set_notAfter(X509 *x, ASN1_TIME *tm);
 int 		X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
 EVP_PKEY *	X509_get_pubkey(X509 *x);
+ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x);
 int		X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */);
 
 int		X509_REQ_set_version(X509_REQ *x,long version);
 int		X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
 int		X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *	X509_REQ_get_pubkey(X509_REQ *req);
+int		X509_REQ_extension_nid(int nid);
+int *		X509_REQ_get_extension_nids(void);
+void		X509_REQ_set_extension_nids(int *nids);
+STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
+int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
+				int nid);
+int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
+int X509_REQ_get_attr_count(const X509_REQ *req);
+int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
+			  int lastpos);
+int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
+			  int lastpos);
+X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
+X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
+int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
+int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
+			const ASN1_OBJECT *obj, int type,
+			const unsigned char *bytes, int len);
+int X509_REQ_add1_attr_by_NID(X509_REQ *req,
+			int nid, int type,
+			const unsigned char *bytes, int len);
+int X509_REQ_add1_attr_by_txt(X509_REQ *req,
+			const char *attrname, int type,
+			const unsigned char *bytes, int len);
+
+int X509_CRL_set_version(X509_CRL *x, long version);
+int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
+int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm);
+int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm);
+int X509_CRL_sort(X509_CRL *crl);
+
+int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
+int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
 
 int		X509_check_private_key(X509 *x509,EVP_PKEY *pkey);
 
-int		X509_issuer_and_serial_cmp(X509 *a, X509 *b);
+int		X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
 unsigned long	X509_issuer_and_serial_hash(X509 *a);
 
-int		X509_issuer_name_cmp(X509 *a, X509 *b);
+int		X509_issuer_name_cmp(const X509 *a, const X509 *b);
 unsigned long	X509_issuer_name_hash(X509 *a);
 
-int		X509_subject_name_cmp(X509 *a,X509 *b);
+int		X509_subject_name_cmp(const X509 *a, const X509 *b);
 unsigned long	X509_subject_name_hash(X509 *x);
 
-int		X509_NAME_cmp (X509_NAME *a, X509_NAME *b);
+int		X509_cmp(const X509 *a, const X509 *b);
+int		X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
 unsigned long	X509_NAME_hash(X509_NAME *x);
 
-int		X509_CRL_cmp(X509_CRL *a,X509_CRL *b);
-#ifndef NO_FP_API
+int		X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
+#ifndef OPENSSL_NO_FP_API
+int		X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
 int		X509_print_fp(FILE *bp,X509 *x);
+int		X509_CRL_print_fp(FILE *bp,X509_CRL *x);
 int		X509_REQ_print_fp(FILE *bp,X509_REQ *req);
+int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
 #endif
 
-#ifdef HEADER_BIO_H
+#ifndef OPENSSL_NO_BIO
 int		X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
+int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
+int		X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
 int		X509_print(BIO *bp,X509 *x);
+int		X509_ocspid_print(BIO *bp,X509 *x);
+int		X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
+int		X509_CRL_print(BIO *bp,X509_CRL *x);
+int		X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag);
 int		X509_REQ_print(BIO *bp,X509_REQ *req);
 #endif
 
@@ -737,7 +1081,7 @@ int		X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
 			char *buf,int len);
 
 /* NOTE: you should be passsing -1, not 0 as lastpos.  The functions that use
- * lastpos, seach after that position on. */
+ * lastpos, search after that position on. */
 int 		X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
 int 		X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
 			int lastpos);
@@ -745,8 +1089,16 @@ X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
 X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
 int 		X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne,
 			int loc, int set);
+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
+			unsigned char *bytes, int len, int loc, int set);
+int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
+			unsigned char *bytes, int len, int loc, int set);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
+		char *field, int type, unsigned char *bytes, int len);
 X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
 			int type,unsigned char *bytes, int len);
+int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type,
+			unsigned char *bytes, int len, int loc, int set);
 X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
 			ASN1_OBJECT *obj, int type,unsigned char *bytes,
 			int len);
@@ -757,18 +1109,17 @@ int 		X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
 ASN1_OBJECT *	X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
 ASN1_STRING *	X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
 
-int		X509v3_get_ext_count(STACK *x);
-int		X509v3_get_ext_by_NID(STACK *x, int nid, int lastpos);
-int		X509v3_get_ext_by_OBJ(STACK *x,ASN1_OBJECT *obj,int lastpos);
-int		X509v3_get_ext_by_critical(STACK *x, int crit, int lastpos);
-X509_EXTENSION *X509v3_get_ext(STACK *x, int loc);
-X509_EXTENSION *X509v3_delete_ext(STACK *x, int loc);
-STACK *		X509v3_add_ext(STACK **x, X509_EXTENSION *ex, int loc);
-
-int		X509v3_data_type_by_OBJ(ASN1_OBJECT *obj);
-int		X509v3_data_type_by_NID(int nid);
-int		X509v3_pack_type_by_OBJ(ASN1_OBJECT *obj);
-int		X509v3_pack_type_by_NID(int nid);
+int		X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
+int		X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
+				      int nid, int lastpos);
+int		X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
+				      ASN1_OBJECT *obj,int lastpos);
+int		X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
+					   int crit, int lastpos);
+X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
+X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
+STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+					 X509_EXTENSION *ex, int loc);
 
 int		X509_get_ext_count(X509 *x);
 int		X509_get_ext_by_NID(X509 *x, int nid, int lastpos);
@@ -777,6 +1128,9 @@ int		X509_get_ext_by_critical(X509 *x, int crit, int lastpos);
 X509_EXTENSION *X509_get_ext(X509 *x, int loc);
 X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
 int		X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
+void	*	X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
+int		X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+							unsigned long flags);
 
 int		X509_CRL_get_ext_count(X509_CRL *x);
 int		X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos);
@@ -785,6 +1139,9 @@ int		X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos);
 X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc);
 X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
 int		X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
+void	*	X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
+int		X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
+							unsigned long flags);
 
 int		X509_REVOKED_get_ext_count(X509_REVOKED *x);
 int		X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos);
@@ -793,6 +1150,9 @@ int		X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos);
 X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc);
 X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
 int		X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
+void	*	X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
+int		X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
+							unsigned long flags);
 
 X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
 			int nid, int crit, ASN1_OCTET_STRING *data);
@@ -805,313 +1165,80 @@ int		X509_EXTENSION_set_data(X509_EXTENSION *ex,
 ASN1_OBJECT *	X509_EXTENSION_get_object(X509_EXTENSION *ex);
 ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
 int		X509_EXTENSION_get_critical(X509_EXTENSION *ex);
-ASN1_OCTET_STRING *X509v3_pack_string(ASN1_OCTET_STRING **ex,int type,
-			unsigned char *bytes, int len);
-ASN1_STRING *	X509v3_unpack_string(ASN1_STRING **ex,int type,
-			ASN1_OCTET_STRING *os);
-
-int		X509_verify_cert(X509_STORE_CTX *ctx);
-
-/* lookup a cert from a X509 STACK */
-X509 *X509_find_by_issuer_and_serial(STACK *sk,X509_NAME *name,
-                ASN1_INTEGER *serial);
-X509 *X509_find_by_subject(STACK *sk,X509_NAME *name);
-
-#else
-
-#ifndef SSLEAY_MACROS
-#ifdef HEADER_ENVELOPE_H
-int X509_verify();
-int X509_REQ_verify();
-int X509_CRL_verify();
-int NETSCAPE_SPKI_verify();
-
-int X509_sign();
-int X509_REQ_sign();
-int X509_CRL_sign();
-int NETSCAPE_SPKI_sign();
-
-int X509_digest();
-int X509_NAME_digest();
-#endif
-
-#ifndef NO_FP_API
-X509 *d2i_X509_fp();
-int i2d_X509_fp();
-X509_CRL *d2i_X509_CRL_fp();
-int i2d_X509_CRL_fp();
-X509_REQ *d2i_X509_REQ_fp();
-int i2d_X509_REQ_fp();
-RSA *d2i_RSAPrivateKey_fp();
-int i2d_RSAPrivateKey_fp();
-DSA *d2i_DSAPrivateKey_fp();
-int i2d_DSAPrivateKey_fp();
-RSA *d2i_RSAPublicKey_fp();
-int i2d_RSAPublicKey_fp();
-#endif
 
-X509 *d2i_X509_bio();
-int i2d_X509_bio();
-X509_CRL *d2i_X509_CRL_bio();
-int i2d_X509_CRL_bio();
-X509_REQ *d2i_X509_REQ_bio();
-int i2d_X509_REQ_bio();
-RSA *d2i_RSAPrivateKey_bio();
-int i2d_RSAPrivateKey_bio();
-DSA *d2i_DSAPrivateKey_bio();
-int i2d_DSAPrivateKey_bio();
-RSA *d2i_RSAPublicKey_bio();
-int i2d_RSAPublicKey_bio();
-
-X509 *X509_dup();
-X509_ATTRIBUTE *X509_ATTRIBUTE_dup();
-X509_EXTENSION *X509_EXTENSION_dup();
-X509_CRL *X509_CRL_dup();
-X509_REQ *X509_REQ_dup();
-X509_NAME *X509_NAME_dup();
-X509_NAME_ENTRY *X509_NAME_ENTRY_dup();
-RSA *RSAPublicKey_dup();
-RSA *RSAPrivateKey_dup();
+int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
+int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
+			  int lastpos);
+int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
+			  int lastpos);
+X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
+X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
+					 X509_ATTRIBUTE *attr);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
+			const ASN1_OBJECT *obj, int type,
+			const unsigned char *bytes, int len);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
+			int nid, int type,
+			const unsigned char *bytes, int len);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
+			const char *attrname, int type,
+			const unsigned char *bytes, int len);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
+	     int atrtype, const void *data, int len);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
+	     const ASN1_OBJECT *obj, int atrtype, const void *data, int len);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
+		const char *atrname, int type, const unsigned char *bytes, int len);
+int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len);
+void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
+					int atrtype, void *data);
+int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr);
+ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
+ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
 
-#endif /* !SSLEAY_MACROS */
-
-int		X509_cmp_current_time();
-ASN1_UTCTIME *	X509_gmtime_adj();
-
-char *		X509_get_default_cert_area();
-char *		X509_get_default_cert_dir();
-char *		X509_get_default_cert_file();
-char *		X509_get_default_cert_dir_env();
-char *		X509_get_default_cert_file_env();
-char *		X509_get_default_private_dir();
-
-X509_REQ *	X509_to_X509_REQ();
-X509 *		X509_REQ_to_X509();
-void ERR_load_X509_strings();
-
-X509_ALGOR *	X509_ALGOR_new();
-void		X509_ALGOR_free();
-int		i2d_X509_ALGOR();
-X509_ALGOR *	d2i_X509_ALGOR();
-
-X509_VAL *	X509_VAL_new();
-void		X509_VAL_free();
-int		i2d_X509_VAL();
-X509_VAL *	d2i_X509_VAL();
-
-X509_PUBKEY *	X509_PUBKEY_new();
-void		X509_PUBKEY_free();
-int		i2d_X509_PUBKEY();
-X509_PUBKEY *	d2i_X509_PUBKEY();
-int		X509_PUBKEY_set();
-EVP_PKEY *	X509_PUBKEY_get();
-int		X509_get_pubkey_parameters();
-
-X509_SIG *	X509_SIG_new();
-void		X509_SIG_free();
-int		i2d_X509_SIG();
-X509_SIG *	d2i_X509_SIG();
-
-X509_REQ_INFO *X509_REQ_INFO_new();
-void		X509_REQ_INFO_free();
-int		i2d_X509_REQ_INFO();
-X509_REQ_INFO *d2i_X509_REQ_INFO();
-
-X509_REQ *	X509_REQ_new();
-void		X509_REQ_free();
-int		i2d_X509_REQ();
-X509_REQ *	d2i_X509_REQ();
-
-X509_ATTRIBUTE *X509_ATTRIBUTE_new();
-void		X509_ATTRIBUTE_free();
-int		i2d_X509_ATTRIBUTE();
-X509_ATTRIBUTE *d2i_X509_ATTRIBUTE();
-X509_ATTRIBUTE *X509_ATTRIBUTE_create();
-
-X509_EXTENSION *X509_EXTENSION_new();
-void		X509_EXTENSION_free();
-int		i2d_X509_EXTENSION();
-X509_EXTENSION *d2i_X509_EXTENSION();
-
-X509_NAME_ENTRY *X509_NAME_ENTRY_new();
-void		X509_NAME_ENTRY_free();
-int		i2d_X509_NAME_ENTRY();
-X509_NAME_ENTRY *d2i_X509_NAME_ENTRY();
-
-X509_NAME *	X509_NAME_new();
-void		X509_NAME_free();
-int		i2d_X509_NAME();
-X509_NAME *	d2i_X509_NAME();
-int		X509_NAME_set();
-
-
-X509_CINF *	X509_CINF_new();
-void		X509_CINF_free();
-int		i2d_X509_CINF();
-X509_CINF *	d2i_X509_CINF();
-
-X509 *		X509_new();
-void		X509_free();
-int		i2d_X509();
-X509 *		d2i_X509();
-
-X509_REVOKED *	X509_REVOKED_new();
-void		X509_REVOKED_free();
-int		i2d_X509_REVOKED();
-X509_REVOKED *	d2i_X509_REVOKED();
-
-X509_CRL_INFO *X509_CRL_INFO_new();
-void		X509_CRL_INFO_free();
-int		i2d_X509_CRL_INFO();
-X509_CRL_INFO *d2i_X509_CRL_INFO();
-
-X509_CRL *	X509_CRL_new();
-void		X509_CRL_free();
-int		i2d_X509_CRL();
-X509_CRL *	d2i_X509_CRL();
-
-X509_PKEY *	X509_PKEY_new();
-void		X509_PKEY_free();
-int		i2d_X509_PKEY();
-X509_PKEY *	d2i_X509_PKEY();
-
-NETSCAPE_SPKI *	NETSCAPE_SPKI_new();
-void		NETSCAPE_SPKI_free();
-int		i2d_NETSCAPE_SPKI();
-NETSCAPE_SPKI *	d2i_NETSCAPE_SPKI();
-
-NETSCAPE_SPKAC *NETSCAPE_SPKAC_new();
-void		NETSCAPE_SPKAC_free();
-int		i2d_NETSCAPE_SPKAC();
-NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC();
-
-#ifdef HEADER_ENVELOPE_H
-X509_INFO *	X509_INFO_new();
-void		X509_INFO_free();
-#endif
-
-char *		X509_NAME_oneline();
-
-int ASN1_verify();
-int ASN1_digest();
-int ASN1_sign();
-
-int 		X509_set_version();
-int 		X509_set_serialNumber();
-ASN1_INTEGER *	X509_get_serialNumber();
-int 		X509_set_issuer_name();
-X509_NAME *	X509_get_issuer_name();
-int 		X509_set_subject_name();
-X509_NAME *	X509_get_subject_name();
-int 		X509_set_notBefore();
-int 		X509_set_notAfter();
-int 		X509_set_pubkey();
-EVP_PKEY *	X509_get_pubkey();
-int		X509_certificate_type();
-
-int		X509_REQ_set_version();
-int		X509_REQ_set_subject_name();
-int		X509_REQ_set_pubkey();
-EVP_PKEY *	X509_REQ_get_pubkey();
-
-int		X509_check_private_key();
-
-int		X509_issuer_and_serial_cmp();
-unsigned long	X509_issuer_and_serial_hash();
-
-int		X509_issuer_name_cmp();
-unsigned long	X509_issuer_name_hash();
-
-int		X509_subject_name_cmp();
-unsigned long	X509_subject_name_hash();
-
-int		X509_NAME_cmp ();
-unsigned long	X509_NAME_hash();
-
-int		X509_CRL_cmp();
-#ifndef NO_FP_API
-int		X509_print_fp();
-int		X509_REQ_print_fp();
-#endif
-
-int		X509_NAME_print();
-int		X509_print();
-int		X509_REQ_print();
-
-int 		X509_NAME_entry_count();
-int 		X509_NAME_get_text_by_NID();
-int		X509_NAME_get_text_by_OBJ();
-
-int 		X509_NAME_get_index_by_NID();
-int 		X509_NAME_get_index_by_OBJ();
-X509_NAME_ENTRY *X509_NAME_get_entry();
-X509_NAME_ENTRY *X509_NAME_delete_entry();
-int 		X509_NAME_add_entry();
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID();
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ();
-int 		X509_NAME_ENTRY_set_object();
-int 		X509_NAME_ENTRY_set_data();
-ASN1_OBJECT *	X509_NAME_ENTRY_get_object();
-ASN1_STRING *	X509_NAME_ENTRY_get_data();
-
-int		X509v3_get_ext_count();
-int		X509v3_get_ext_by_NID();
-int		X509v3_get_ext_by_OBJ();
-int		X509v3_get_ext_by_critical();
-X509_EXTENSION *X509v3_get_ext();
-X509_EXTENSION *X509v3_delete_ext();
-STACK *		X509v3_add_ext();
-
-int		X509v3_data_type_by_OBJ();
-int		X509v3_data_type_by_NID();
-int		X509v3_pack_type_by_OBJ();
-int		X509v3_pack_type_by_NID();
-
-int		X509_get_ext_count();
-int		X509_get_ext_by_NID();
-int		X509_get_ext_by_OBJ();
-int		X509_get_ext_by_critical();
-X509_EXTENSION *X509_get_ext();
-X509_EXTENSION *X509_delete_ext();
-int		X509_add_ext();
-
-int		X509_CRL_get_ext_count();
-int		X509_CRL_get_ext_by_NID();
-int		X509_CRL_get_ext_by_OBJ();
-int		X509_CRL_get_ext_by_critical();
-X509_EXTENSION *X509_CRL_get_ext();
-X509_EXTENSION *X509_CRL_delete_ext();
-int		X509_CRL_add_ext();
-
-int		X509_REVOKED_get_ext_count();
-int		X509_REVOKED_get_ext_by_NID();
-int		X509_REVOKED_get_ext_by_OBJ();
-int		X509_REVOKED_get_ext_by_critical();
-X509_EXTENSION *X509_REVOKED_get_ext();
-X509_EXTENSION *X509_REVOKED_delete_ext();
-int		X509_REVOKED_add_ext();
-
-X509_EXTENSION *X509_EXTENSION_create_by_NID();
-X509_EXTENSION *X509_EXTENSION_create_by_OBJ();
-int		X509_EXTENSION_set_object();
-int		X509_EXTENSION_set_critical();
-int		X509_EXTENSION_set_data();
-ASN1_OBJECT *	X509_EXTENSION_get_object();
-ASN1_OCTET_STRING *X509_EXTENSION_get_data();
-int		X509_EXTENSION_get_critical();
-ASN1_OCTET_STRING *X509v3_pack_string();
-ASN1_STRING *	X509v3_unpack_string();
-
-int		X509_verify_cert();
-char *          X509_verify_cert_error_string();
+int		X509_verify_cert(X509_STORE_CTX *ctx);
 
 /* lookup a cert from a X509 STACK */
-X509 *X509_find_by_issuer_and_serial();
-X509 *X509_find_by_subject();
-
-#endif
+X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name,
+				     ASN1_INTEGER *serial);
+X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name);
+
+DECLARE_ASN1_FUNCTIONS(PBEPARAM)
+DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
+DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
+
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen);
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+					 unsigned char *salt, int saltlen);
+
+/* PKCS#8 utilities */
+
+DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
+
+EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8);
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken);
+PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken);
+
+int X509_check_trust(X509 *x, int id, int flags);
+int X509_TRUST_get_count(void);
+X509_TRUST * X509_TRUST_get0(int idx);
+int X509_TRUST_get_by_id(int id);
+int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
+					char *name, int arg1, void *arg2);
+void X509_TRUST_cleanup(void);
+int X509_TRUST_get_flags(X509_TRUST *xp);
+char *X509_TRUST_get0_name(X509_TRUST *xp);
+int X509_TRUST_get_trust(X509_TRUST *xp);
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_X509_strings(void);
+
 /* Error codes for the X509 functions. */
 
 /* Function codes. */
@@ -1119,17 +1246,25 @@ X509 *X509_find_by_subject();
 #define X509_F_BY_FILE_CTRL				 101
 #define X509_F_DIR_CTRL					 102
 #define X509_F_GET_CERT_BY_SUBJECT			 103
+#define X509_F_NETSCAPE_SPKI_B64_DECODE			 129
+#define X509_F_NETSCAPE_SPKI_B64_ENCODE			 130
 #define X509_F_X509V3_ADD_EXT				 104
-#define X509_F_X509V3_ADD_EXTENSION			 105
-#define X509_F_X509V3_PACK_STRING			 106
-#define X509_F_X509V3_UNPACK_STRING			 107
+#define X509_F_X509_ADD_ATTR				 135
+#define X509_F_X509_ATTRIBUTE_CREATE_BY_NID		 136
+#define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ		 137
+#define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT		 140
+#define X509_F_X509_ATTRIBUTE_GET0_DATA			 139
+#define X509_F_X509_ATTRIBUTE_SET1_DATA			 138
+#define X509_F_X509_CHECK_PRIVATE_KEY			 128
 #define X509_F_X509_EXTENSION_CREATE_BY_NID		 108
 #define X509_F_X509_EXTENSION_CREATE_BY_OBJ		 109
 #define X509_F_X509_GET_PUBKEY_PARAMETERS		 110
+#define X509_F_X509_LOAD_CERT_CRL_FILE			 132
 #define X509_F_X509_LOAD_CERT_FILE			 111
 #define X509_F_X509_LOAD_CRL_FILE			 112
 #define X509_F_X509_NAME_ADD_ENTRY			 113
 #define X509_F_X509_NAME_ENTRY_CREATE_BY_NID		 114
+#define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT		 131
 #define X509_F_X509_NAME_ENTRY_SET_OBJECT		 115
 #define X509_F_X509_NAME_ONELINE			 116
 #define X509_F_X509_NAME_PRINT				 117
@@ -1141,26 +1276,40 @@ X509 *X509_find_by_subject();
 #define X509_F_X509_REQ_TO_X509				 123
 #define X509_F_X509_STORE_ADD_CERT			 124
 #define X509_F_X509_STORE_ADD_CRL			 125
+#define X509_F_X509_STORE_CTX_INIT			 143
+#define X509_F_X509_STORE_CTX_NEW			 142
+#define X509_F_X509_STORE_CTX_PURPOSE_INHERIT		 134
 #define X509_F_X509_TO_X509_REQ				 126
+#define X509_F_X509_TRUST_ADD				 133
+#define X509_F_X509_TRUST_SET				 141
 #define X509_F_X509_VERIFY_CERT				 127
 
 /* Reason codes. */
 #define X509_R_BAD_X509_FILETYPE			 100
+#define X509_R_BASE64_DECODE_ERROR			 118
+#define X509_R_CANT_CHECK_DH_KEY			 114
 #define X509_R_CERT_ALREADY_IN_HASH_TABLE		 101
 #define X509_R_ERR_ASN1_LIB				 102
+#define X509_R_INVALID_DIRECTORY			 113
+#define X509_R_INVALID_FIELD_NAME			 119
+#define X509_R_INVALID_TRUST				 123
+#define X509_R_KEY_TYPE_MISMATCH			 115
+#define X509_R_KEY_VALUES_MISMATCH			 116
 #define X509_R_LOADING_CERT_DIR				 103
 #define X509_R_LOADING_DEFAULTS				 104
 #define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY		 105
 #define X509_R_SHOULD_RETRY				 106
 #define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN	 107
 #define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY		 108
+#define X509_R_UNKNOWN_KEY_TYPE				 117
 #define X509_R_UNKNOWN_NID				 109
-#define X509_R_UNKNOWN_STRING_TYPE			 110
+#define X509_R_UNKNOWN_PURPOSE_ID			 121
+#define X509_R_UNKNOWN_TRUST_ID				 120
 #define X509_R_UNSUPPORTED_ALGORITHM			 111
 #define X509_R_WRONG_LOOKUP_TYPE			 112
- 
+#define X509_R_WRONG_TYPE				 122
+
 #ifdef  __cplusplus
 }
 #endif
 #endif
-
diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c
new file mode 100644
index 0000000000..0bae3d32a1
--- /dev/null
+++ b/crypto/x509/x509_att.c
@@ -0,0 +1,326 @@
+/* crypto/x509/x509_att.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <stdio.h>
+#include <openssl/stack.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
+{
+	if (!x) return 0;
+	return(sk_X509_ATTRIBUTE_num(x));
+}
+
+int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
+			  int lastpos)
+{
+	ASN1_OBJECT *obj;
+
+	obj=OBJ_nid2obj(nid);
+	if (obj == NULL) return(-2);
+	return(X509at_get_attr_by_OBJ(x,obj,lastpos));
+}
+
+int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
+			  int lastpos)
+{
+	int n;
+	X509_ATTRIBUTE *ex;
+
+	if (sk == NULL) return(-1);
+	lastpos++;
+	if (lastpos < 0)
+		lastpos=0;
+	n=sk_X509_ATTRIBUTE_num(sk);
+	for ( ; lastpos < n; lastpos++)
+		{
+		ex=sk_X509_ATTRIBUTE_value(sk,lastpos);
+		if (OBJ_cmp(ex->object,obj) == 0)
+			return(lastpos);
+		}
+	return(-1);
+}
+
+X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
+{
+	if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
+		return NULL;
+	else
+		return sk_X509_ATTRIBUTE_value(x,loc);
+}
+
+X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
+{
+	X509_ATTRIBUTE *ret;
+
+	if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
+		return(NULL);
+	ret=sk_X509_ATTRIBUTE_delete(x,loc);
+	return(ret);
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
+					 X509_ATTRIBUTE *attr)
+{
+	X509_ATTRIBUTE *new_attr=NULL;
+	STACK_OF(X509_ATTRIBUTE) *sk=NULL;
+
+	if ((x != NULL) && (*x == NULL))
+		{
+		if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL)
+			goto err;
+		}
+	else
+		sk= *x;
+
+	if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL)
+		goto err2;
+	if (!sk_X509_ATTRIBUTE_push(sk,new_attr))
+		goto err;
+	if ((x != NULL) && (*x == NULL))
+		*x=sk;
+	return(sk);
+err:
+	X509err(X509_F_X509_ADD_ATTR,ERR_R_MALLOC_FAILURE);
+err2:
+	if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr);
+	if (sk != NULL) sk_X509_ATTRIBUTE_free(sk);
+	return(NULL);
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
+			const ASN1_OBJECT *obj, int type,
+			const unsigned char *bytes, int len)
+{
+	X509_ATTRIBUTE *attr;
+	STACK_OF(X509_ATTRIBUTE) *ret;
+	attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
+	if(!attr) return 0;
+	ret = X509at_add1_attr(x, attr);
+	X509_ATTRIBUTE_free(attr);
+	return ret;
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
+			int nid, int type,
+			const unsigned char *bytes, int len)
+{
+	X509_ATTRIBUTE *attr;
+	STACK_OF(X509_ATTRIBUTE) *ret;
+	attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
+	if(!attr) return 0;
+	ret = X509at_add1_attr(x, attr);
+	X509_ATTRIBUTE_free(attr);
+	return ret;
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
+			const char *attrname, int type,
+			const unsigned char *bytes, int len)
+{
+	X509_ATTRIBUTE *attr;
+	STACK_OF(X509_ATTRIBUTE) *ret;
+	attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
+	if(!attr) return 0;
+	ret = X509at_add1_attr(x, attr);
+	X509_ATTRIBUTE_free(attr);
+	return ret;
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
+	     int atrtype, const void *data, int len)
+{
+	ASN1_OBJECT *obj;
+	X509_ATTRIBUTE *ret;
+
+	obj=OBJ_nid2obj(nid);
+	if (obj == NULL)
+		{
+		X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID);
+		return(NULL);
+		}
+	ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len);
+	if (ret == NULL) ASN1_OBJECT_free(obj);
+	return(ret);
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
+	     const ASN1_OBJECT *obj, int atrtype, const void *data, int len)
+{
+	X509_ATTRIBUTE *ret;
+
+	if ((attr == NULL) || (*attr == NULL))
+		{
+		if ((ret=X509_ATTRIBUTE_new()) == NULL)
+			{
+			X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
+			return(NULL);
+			}
+		}
+	else
+		ret= *attr;
+
+	if (!X509_ATTRIBUTE_set1_object(ret,obj))
+		goto err;
+	if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len))
+		goto err;
+	
+	if ((attr != NULL) && (*attr == NULL)) *attr=ret;
+	return(ret);
+err:
+	if ((attr == NULL) || (ret != *attr))
+		X509_ATTRIBUTE_free(ret);
+	return(NULL);
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
+		const char *atrname, int type, const unsigned char *bytes, int len)
+	{
+	ASN1_OBJECT *obj;
+	X509_ATTRIBUTE *nattr;
+
+	obj=OBJ_txt2obj(atrname, 0);
+	if (obj == NULL)
+		{
+		X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
+						X509_R_INVALID_FIELD_NAME);
+		ERR_add_error_data(2, "name=", atrname);
+		return(NULL);
+		}
+	nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len);
+	ASN1_OBJECT_free(obj);
+	return nattr;
+	}
+
+int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
+{
+	if ((attr == NULL) || (obj == NULL))
+		return(0);
+	ASN1_OBJECT_free(attr->object);
+	attr->object=OBJ_dup(obj);
+	return(1);
+}
+
+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len)
+{
+	ASN1_TYPE *ttmp;
+	ASN1_STRING *stmp;
+	int atype;
+	if (!attr) return 0;
+	if(attrtype & MBSTRING_FLAG) {
+		stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
+						OBJ_obj2nid(attr->object));
+		if(!stmp) {
+			X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
+			return 0;
+		}
+		atype = stmp->type;
+	} else {
+		if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;
+		if(!ASN1_STRING_set(stmp, data, len)) goto err;
+		atype = attrtype;
+	}
+	if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
+	if(!(ttmp = ASN1_TYPE_new())) goto err;
+	if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
+	attr->single = 0;
+	ASN1_TYPE_set(ttmp, atype, stmp);
+	return 1;
+	err:
+	X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
+	return 0;
+}
+
+int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
+{
+	if(!attr->single) return sk_ASN1_TYPE_num(attr->value.set);
+	if(attr->value.single) return 1;
+	return 0;
+}
+
+ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
+{
+	if (attr == NULL) return(NULL);
+	return(attr->object);
+}
+
+void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
+					int atrtype, void *data)
+{
+	ASN1_TYPE *ttmp;
+	ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
+	if(!ttmp) return NULL;
+	if(atrtype != ASN1_TYPE_get(ttmp)){
+		X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
+		return NULL;
+	}
+	return ttmp->value.ptr;
+}
+
+ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
+{
+	if (attr == NULL) return(NULL);
+	if(idx >= X509_ATTRIBUTE_count(attr)) return NULL;
+	if(!attr->single) return sk_ASN1_TYPE_value(attr->value.set, idx);
+	else return attr->value.single;
+}
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index ea6a65d2a1..9b28911409 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -57,118 +57,230 @@
  */
 
 #include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
+#include <ctype.h>
 #include "cryptlib.h"
-#include "asn1.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
 
-int X509_issuer_and_serial_cmp(a,b)
-X509 *a;
-X509 *b;
+int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
 	{
 	int i;
 	X509_CINF *ai,*bi;
 
 	ai=a->cert_info;
 	bi=b->cert_info;
-	i=ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
+	i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
 	if (i) return(i);
 	return(X509_NAME_cmp(ai->issuer,bi->issuer));
 	}
 
-#ifndef NO_MD5
-unsigned long X509_issuer_and_serial_hash(a)
-X509 *a;
+#ifndef OPENSSL_NO_MD5
+unsigned long X509_issuer_and_serial_hash(X509 *a)
 	{
 	unsigned long ret=0;
-	MD5_CTX ctx;
+	EVP_MD_CTX ctx;
 	unsigned char md[16];
-	char str[256];
+	char *f;
 
-	X509_NAME_oneline(a->cert_info->issuer,str,256);
-	ret=strlen(str);
-	MD5_Init(&ctx);
-	MD5_Update(&ctx,(unsigned char *)str,ret);
-	MD5_Update(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
+	EVP_MD_CTX_init(&ctx);
+	f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
+	ret=strlen(f);
+	EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
+	EVP_DigestUpdate(&ctx,(unsigned char *)f,ret);
+	OPENSSL_free(f);
+	EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
 		(unsigned long)a->cert_info->serialNumber->length);
-	MD5_Final(&(md[0]),&ctx);
+	EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);
 	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
 		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
 		)&0xffffffffL;
+	EVP_MD_CTX_cleanup(&ctx);
 	return(ret);
 	}
 #endif
 	
-int X509_issuer_name_cmp(a, b)
-X509 *a;
-X509 *b;
+int X509_issuer_name_cmp(const X509 *a, const X509 *b)
 	{
 	return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
 	}
 
-int X509_subject_name_cmp(a, b)
-X509 *a;
-X509 *b;
+int X509_subject_name_cmp(const X509 *a, const X509 *b)
 	{
 	return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
 	}
 
-int X509_CRL_cmp(a, b)
-X509_CRL *a;
-X509_CRL *b;
+int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
 	{
 	return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
 	}
 
-X509_NAME *X509_get_issuer_name(a)
-X509 *a;
+X509_NAME *X509_get_issuer_name(X509 *a)
 	{
 	return(a->cert_info->issuer);
 	}
 
-unsigned long X509_issuer_name_hash(x)
-X509 *x;
+unsigned long X509_issuer_name_hash(X509 *x)
 	{
 	return(X509_NAME_hash(x->cert_info->issuer));
 	}
 
-X509_NAME *X509_get_subject_name(a)
-X509 *a;
+X509_NAME *X509_get_subject_name(X509 *a)
 	{
 	return(a->cert_info->subject);
 	}
 
-ASN1_INTEGER *X509_get_serialNumber(a)
-X509 *a;
+ASN1_INTEGER *X509_get_serialNumber(X509 *a)
 	{
 	return(a->cert_info->serialNumber);
 	}
 
-unsigned long X509_subject_name_hash(x)
-X509 *x;
+unsigned long X509_subject_name_hash(X509 *x)
 	{
 	return(X509_NAME_hash(x->cert_info->subject));
 	}
 
-int X509_NAME_cmp(a, b)
-X509_NAME *a;
-X509_NAME *b;
+#ifndef OPENSSL_NO_SHA
+/* Compare two certificates: they must be identical for
+ * this to work. NB: Although "cmp" operations are generally
+ * prototyped to take "const" arguments (eg. for use in
+ * STACKs), the way X509 handling is - these operations may
+ * involve ensuring the hashes are up-to-date and ensuring
+ * certain cert information is cached. So this is the point
+ * where the "depth-first" constification tree has to halt
+ * with an evil cast.
+ */
+int X509_cmp(const X509 *a, const X509 *b)
+{
+	/* ensure hash is valid */
+	X509_check_purpose((X509 *)a, -1, 0);
+	X509_check_purpose((X509 *)b, -1, 0);
+
+	return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+}
+#endif
+
+
+/* Case insensitive string comparision */
+static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
+{
+	int i;
+
+	if (a->length != b->length)
+		return (a->length - b->length);
+
+	for (i=0; i<a->length; i++)
+	{
+		int ca, cb;
+
+		ca = tolower(a->data[i]);
+		cb = tolower(b->data[i]);
+
+		if (ca != cb)
+			return(ca-cb);
+	}
+	return 0;
+}
+
+/* Case insensitive string comparision with space normalization 
+ * Space normalization - ignore leading, trailing spaces, 
+ *       multiple spaces between characters are replaced by single space  
+ */
+static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
+{
+	unsigned char *pa = NULL, *pb = NULL;
+	int la, lb;
+	
+	la = a->length;
+	lb = b->length;
+	pa = a->data;
+	pb = b->data;
+
+	/* skip leading spaces */
+	while (la > 0 && isspace(*pa))
+	{
+		la--;
+		pa++;
+	}
+	while (lb > 0 && isspace(*pb))
+	{
+		lb--;
+		pb++;
+	}
+
+	/* skip trailing spaces */
+	while (la > 0 && isspace(pa[la-1]))
+		la--;
+	while (lb > 0 && isspace(pb[lb-1]))
+		lb--;
+
+	/* compare strings with space normalization */
+	while (la > 0 && lb > 0)
+	{
+		int ca, cb;
+
+		/* compare character */
+		ca = tolower(*pa);
+		cb = tolower(*pb);
+		if (ca != cb)
+			return (ca - cb);
+
+		pa++; pb++;
+		la--; lb--;
+
+		if (la <= 0 || lb <= 0)
+			break;
+
+		/* is white space next character ? */
+		if (isspace(*pa) && isspace(*pb))
+		{
+			/* skip remaining white spaces */
+			while (la > 0 && isspace(*pa))
+			{
+				la--;
+				pa++;
+			}
+			while (lb > 0 && isspace(*pb))
+			{
+				lb--;
+				pb++;
+			}
+		}
+	}
+	if (la > 0 || lb > 0)
+		return la - lb;
+
+	return 0;
+}
+
+int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
 	{
 	int i,j;
 	X509_NAME_ENTRY *na,*nb;
 
-	if (sk_num(a->entries) != sk_num(b->entries))
-		return(sk_num(a->entries)-sk_num(b->entries));
-	for (i=sk_num(a->entries)-1; i>=0; i--)
+	if (sk_X509_NAME_ENTRY_num(a->entries)
+	    != sk_X509_NAME_ENTRY_num(b->entries))
+		return sk_X509_NAME_ENTRY_num(a->entries)
+		  -sk_X509_NAME_ENTRY_num(b->entries);
+	for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
 		{
-		na=(X509_NAME_ENTRY *)sk_value(a->entries,i);
-		nb=(X509_NAME_ENTRY *)sk_value(b->entries,i);
-		j=na->value->length-nb->value->length;
+		na=sk_X509_NAME_ENTRY_value(a->entries,i);
+		nb=sk_X509_NAME_ENTRY_value(b->entries,i);
+		j=na->value->type-nb->value->type;
 		if (j) return(j);
-		j=memcmp(na->value->data,nb->value->data,
-			na->value->length);
+		if (na->value->type == V_ASN1_PRINTABLESTRING)
+			j=nocase_spacenorm_cmp(na->value, nb->value);
+		else if (na->value->type == V_ASN1_IA5STRING
+			&& OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
+			j=nocase_cmp(na->value, nb->value);
+		else
+			{
+			j=na->value->length-nb->value->length;
+			if (j) return(j);
+			j=memcmp(na->value->data,nb->value->data,
+				na->value->length);
+			}
 		if (j) return(j);
 		j=na->set-nb->set;
 		if (j) return(j);
@@ -177,37 +289,27 @@ X509_NAME *b;
 	/* We will check the object types after checking the values
 	 * since the values will more often be different than the object
 	 * types. */
-	for (i=sk_num(a->entries)-1; i>=0; i--)
+	for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
 		{
-		na=(X509_NAME_ENTRY *)sk_value(a->entries,i);
-		nb=(X509_NAME_ENTRY *)sk_value(b->entries,i);
+		na=sk_X509_NAME_ENTRY_value(a->entries,i);
+		nb=sk_X509_NAME_ENTRY_value(b->entries,i);
 		j=OBJ_cmp(na->object,nb->object);
 		if (j) return(j);
 		}
 	return(0);
 	}
 
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD5
 /* I now DER encode the name and hash it.  Since I cache the DER encoding,
- * this is reasonably effiecent. */
-unsigned long X509_NAME_hash(x)
-X509_NAME *x;
+ * this is reasonably efficient. */
+unsigned long X509_NAME_hash(X509_NAME *x)
 	{
 	unsigned long ret=0;
 	unsigned char md[16];
-	unsigned char str[256],*p,*pp;
-	int i;
 
-	i=i2d_X509_NAME(x,NULL);
-	if (i > sizeof(str))
-		p=Malloc(i);
-	else
-		p=str;
-
-	pp=p;
-	i2d_X509_NAME(x,&pp);
-	MD5((unsigned char *)p,i,&(md[0]));
-	if (p != str) Free(p);
+	/* Make sure X509_NAME structure contains valid cached encoding */
+	i2d_X509_NAME(x,NULL);
+	EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);
 
 	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
 		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
@@ -217,85 +319,117 @@ X509_NAME *x;
 #endif
 
 /* Search a stack of X509 for a match */
-X509 *X509_find_by_issuer_and_serial(sk,name,serial)
-STACK *sk;
-X509_NAME *name;
-ASN1_INTEGER *serial;
+X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
+		ASN1_INTEGER *serial)
 	{
 	int i;
 	X509_CINF cinf;
 	X509 x,*x509=NULL;
 
+	if(!sk) return NULL;
+
 	x.cert_info= &cinf;
 	cinf.serialNumber=serial;
 	cinf.issuer=name;
 
-	for (i=0; i<sk_num(sk); i++)
+	for (i=0; i<sk_X509_num(sk); i++)
 		{
-		x509=(X509 *)sk_value(sk,i);
+		x509=sk_X509_value(sk,i);
 		if (X509_issuer_and_serial_cmp(x509,&x) == 0)
 			return(x509);
 		}
 	return(NULL);
 	}
 
-X509 *X509_find_by_subject(sk,name)
-STACK *sk;
-X509_NAME *name;
+X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
 	{
 	X509 *x509;
 	int i;
 
-	for (i=0; i<sk_num(sk); i++)
+	for (i=0; i<sk_X509_num(sk); i++)
 		{
-		x509=(X509 *)sk_value(sk,i);
+		x509=sk_X509_value(sk,i);
 		if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
 			return(x509);
 		}
 	return(NULL);
 	}
 
-EVP_PKEY *X509_get_pubkey(x)
-X509 *x;
+EVP_PKEY *X509_get_pubkey(X509 *x)
 	{
 	if ((x == NULL) || (x->cert_info == NULL))
 		return(NULL);
 	return(X509_PUBKEY_get(x->cert_info->key));
 	}
 
-int X509_check_private_key(x,k)
-X509 *x;
-EVP_PKEY *k;
+ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
+	{
+	if(!x) return NULL;
+	return x->cert_info->key->public_key;
+	}
+
+int X509_check_private_key(X509 *x, EVP_PKEY *k)
 	{
 	EVP_PKEY *xk=NULL;
 	int ok=0;
 
 	xk=X509_get_pubkey(x);
-	if (xk->type != k->type) goto err;
+	if (xk->type != k->type)
+	    {
+	    X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
+	    goto err;
+	    }
 	switch (k->type)
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	case EVP_PKEY_RSA:
-		if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0) goto err;
-		if (BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) goto err;
+		if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0
+		    || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0)
+		    {
+		    X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+		    goto err;
+		    }
 		break;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	case EVP_PKEY_DSA:
 		if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0)
-			goto err;
+		    {
+		    X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+		    goto err;
+		    }
 		break;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_EC
+	case EVP_PKEY_EC:
+		{
+		int  r = EC_POINT_cmp(xk->pkey.eckey->group, 
+			xk->pkey.eckey->pub_key,k->pkey.eckey->pub_key,NULL);
+		if (r != 0)
+			{
+			if (r == 1)
+				X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_VALUES_MISMATCH);
+			else
+				X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
+			
+			goto err;
+			}
+		}
+ 		break;
+#endif
+#ifndef OPENSSL_NO_DH
 	case EVP_PKEY_DH:
 		/* No idea */
+	        X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
 		goto err;
 #endif
 	default:
+	        X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
 		goto err;
 		}
 
 	ok=1;
 err:
+	EVP_PKEY_free(xk);
 	return(ok);
 	}
diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.c
index 01e22f4cb4..51410cfd1a 100644
--- a/crypto/x509/x509_d2.c
+++ b/crypto/x509/x509_d2.c
@@ -57,15 +57,12 @@
  */
 
 #include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
 #include "cryptlib.h"
-#include "crypto.h"
-#include "x509.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
 
-#ifndef NO_STDIO
-int X509_STORE_set_default_paths(ctx)
-X509_STORE *ctx;
+#ifndef OPENSSL_NO_STDIO
+int X509_STORE_set_default_paths(X509_STORE *ctx)
 	{
 	X509_LOOKUP *lookup;
 
@@ -83,10 +80,8 @@ X509_STORE *ctx;
 	return(1);
 	}
 
-int X509_STORE_load_locations(ctx,file,path)
-X509_STORE *ctx;
-char *file;
-char *path;
+int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
+		const char *path)
 	{
 	X509_LOOKUP *lookup;
 
@@ -94,13 +89,15 @@ char *path;
 		{
 		lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
 		if (lookup == NULL) return(0);
-		X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM);
+		if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1)
+		    return(0);
 		}
 	if (path != NULL)
 		{
 		lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
 		if (lookup == NULL) return(0);
-		X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM);
+		if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1)
+		    return(0);
 		}
 	if ((path == NULL) && (file == NULL))
 		return(0);
diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c
index d9ab39b15a..e0ac151a76 100644
--- a/crypto/x509/x509_def.c
+++ b/crypto/x509/x509_def.c
@@ -57,27 +57,25 @@
  */
 
 #include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
 #include "cryptlib.h"
-#include "crypto.h"
-#include "x509.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
 
-char *X509_get_default_private_dir()
+const char *X509_get_default_private_dir(void)
 	{ return(X509_PRIVATE_DIR); }
 	
-char *X509_get_default_cert_area()
+const char *X509_get_default_cert_area(void)
 	{ return(X509_CERT_AREA); }
 
-char *X509_get_default_cert_dir()
+const char *X509_get_default_cert_dir(void)
 	{ return(X509_CERT_DIR); }
 
-char *X509_get_default_cert_file()
+const char *X509_get_default_cert_file(void)
 	{ return(X509_CERT_FILE); }
 
-char *X509_get_default_cert_dir_env()
+const char *X509_get_default_cert_dir_env(void)
 	{ return(X509_CERT_DIR_EVP); }
 
-char *X509_get_default_cert_file_env()
+const char *X509_get_default_cert_file_env(void)
 	{ return(X509_CERT_FILE_EVP); }
 
diff --git a/crypto/x509/x509_err.c b/crypto/x509/x509_err.c
index 0c7e30b2c9..5bbf4acf76 100644
--- a/crypto/x509/x509_err.c
+++ b/crypto/x509/x509_err.c
@@ -1,83 +1,94 @@
-/* lib/x509/x509_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* crypto/x509/x509_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "x509.h"
+#include <openssl/err.h>
+#include <openssl/x509.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA X509_str_functs[]=
 	{
 {ERR_PACK(0,X509_F_ADD_CERT_DIR,0),	"ADD_CERT_DIR"},
 {ERR_PACK(0,X509_F_BY_FILE_CTRL,0),	"BY_FILE_CTRL"},
 {ERR_PACK(0,X509_F_DIR_CTRL,0),	"DIR_CTRL"},
 {ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0),	"GET_CERT_BY_SUBJECT"},
+{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_DECODE,0),	"NETSCAPE_SPKI_b64_decode"},
+{ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_ENCODE,0),	"NETSCAPE_SPKI_b64_encode"},
 {ERR_PACK(0,X509_F_X509V3_ADD_EXT,0),	"X509v3_add_ext"},
-{ERR_PACK(0,X509_F_X509V3_ADD_EXTENSION,0),	"X509V3_ADD_EXTENSION"},
-{ERR_PACK(0,X509_F_X509V3_PACK_STRING,0),	"X509v3_pack_string"},
-{ERR_PACK(0,X509_F_X509V3_UNPACK_STRING,0),	"X509v3_unpack_string"},
+{ERR_PACK(0,X509_F_X509_ADD_ATTR,0),	"X509_ADD_ATTR"},
+{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_NID,0),	"X509_ATTRIBUTE_create_by_NID"},
+{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,0),	"X509_ATTRIBUTE_create_by_OBJ"},
+{ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,0),	"X509_ATTRIBUTE_create_by_txt"},
+{ERR_PACK(0,X509_F_X509_ATTRIBUTE_GET0_DATA,0),	"X509_ATTRIBUTE_get0_data"},
+{ERR_PACK(0,X509_F_X509_ATTRIBUTE_SET1_DATA,0),	"X509_ATTRIBUTE_set1_data"},
+{ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0),	"X509_check_private_key"},
 {ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0),	"X509_EXTENSION_create_by_NID"},
 {ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0),	"X509_EXTENSION_create_by_OBJ"},
 {ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0),	"X509_get_pubkey_parameters"},
-{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0),	"X509_LOAD_CERT_FILE"},
-{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0),	"X509_LOAD_CRL_FILE"},
+{ERR_PACK(0,X509_F_X509_LOAD_CERT_CRL_FILE,0),	"X509_load_cert_crl_file"},
+{ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0),	"X509_load_cert_file"},
+{ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0),	"X509_load_crl_file"},
 {ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0),	"X509_NAME_add_entry"},
 {ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0),	"X509_NAME_ENTRY_create_by_NID"},
+{ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,0),	"X509_NAME_ENTRY_create_by_txt"},
 {ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0),	"X509_NAME_ENTRY_set_object"},
 {ERR_PACK(0,X509_F_X509_NAME_ONELINE,0),	"X509_NAME_oneline"},
 {ERR_PACK(0,X509_F_X509_NAME_PRINT,0),	"X509_NAME_print"},
@@ -87,41 +98,56 @@ static ERR_STRING_DATA X509_str_functs[]=
 {ERR_PACK(0,X509_F_X509_REQ_PRINT,0),	"X509_REQ_print"},
 {ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0),	"X509_REQ_print_fp"},
 {ERR_PACK(0,X509_F_X509_REQ_TO_X509,0),	"X509_REQ_to_X509"},
-{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0),	"X509_STORE_ADD_CERT"},
-{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0),	"X509_STORE_ADD_CRL"},
+{ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0),	"X509_STORE_add_cert"},
+{ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0),	"X509_STORE_add_crl"},
+{ERR_PACK(0,X509_F_X509_STORE_CTX_INIT,0),	"X509_STORE_CTX_init"},
+{ERR_PACK(0,X509_F_X509_STORE_CTX_NEW,0),	"X509_STORE_CTX_new"},
+{ERR_PACK(0,X509_F_X509_STORE_CTX_PURPOSE_INHERIT,0),	"X509_STORE_CTX_purpose_inherit"},
 {ERR_PACK(0,X509_F_X509_TO_X509_REQ,0),	"X509_to_X509_REQ"},
+{ERR_PACK(0,X509_F_X509_TRUST_ADD,0),	"X509_TRUST_add"},
+{ERR_PACK(0,X509_F_X509_TRUST_SET,0),	"X509_TRUST_set"},
 {ERR_PACK(0,X509_F_X509_VERIFY_CERT,0),	"X509_verify_cert"},
-{0,NULL},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA X509_str_reasons[]=
 	{
 {X509_R_BAD_X509_FILETYPE                ,"bad x509 filetype"},
+{X509_R_BASE64_DECODE_ERROR              ,"base64 decode error"},
+{X509_R_CANT_CHECK_DH_KEY                ,"cant check dh key"},
 {X509_R_CERT_ALREADY_IN_HASH_TABLE       ,"cert already in hash table"},
 {X509_R_ERR_ASN1_LIB                     ,"err asn1 lib"},
+{X509_R_INVALID_DIRECTORY                ,"invalid directory"},
+{X509_R_INVALID_FIELD_NAME               ,"invalid field name"},
+{X509_R_INVALID_TRUST                    ,"invalid trust"},
+{X509_R_KEY_TYPE_MISMATCH                ,"key type mismatch"},
+{X509_R_KEY_VALUES_MISMATCH              ,"key values mismatch"},
 {X509_R_LOADING_CERT_DIR                 ,"loading cert dir"},
 {X509_R_LOADING_DEFAULTS                 ,"loading defaults"},
 {X509_R_NO_CERT_SET_FOR_US_TO_VERIFY     ,"no cert set for us to verify"},
 {X509_R_SHOULD_RETRY                     ,"should retry"},
 {X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"},
 {X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY   ,"unable to get certs public key"},
+{X509_R_UNKNOWN_KEY_TYPE                 ,"unknown key type"},
 {X509_R_UNKNOWN_NID                      ,"unknown nid"},
-{X509_R_UNKNOWN_STRING_TYPE              ,"unknown string type"},
+{X509_R_UNKNOWN_PURPOSE_ID               ,"unknown purpose id"},
+{X509_R_UNKNOWN_TRUST_ID                 ,"unknown trust id"},
 {X509_R_UNSUPPORTED_ALGORITHM            ,"unsupported algorithm"},
 {X509_R_WRONG_LOOKUP_TYPE                ,"wrong lookup type"},
-{0,NULL},
+{X509_R_WRONG_TYPE                       ,"wrong type"},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_X509_strings()
+void ERR_load_X509_strings(void)
 	{
 	static int init=1;
 
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_X509,X509_str_functs);
 		ERR_load_strings(ERR_LIB_X509,X509_str_reasons);
 #endif
diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c
index 1d76ecfcfd..e7fdacb5e4 100644
--- a/crypto/x509/x509_ext.c
+++ b/crypto/x509/x509_ext.c
@@ -57,166 +57,154 @@
  */
 
 #include <stdio.h>
-#include "stack.h"
+#include <openssl/stack.h>
 #include "cryptlib.h"
-#include "asn1.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
 
-int X509_CRL_get_ext_count(x)
-X509_CRL *x;
+
+int X509_CRL_get_ext_count(X509_CRL *x)
 	{
 	return(X509v3_get_ext_count(x->crl->extensions));
 	}
 
-int X509_CRL_get_ext_by_NID(x,nid,lastpos)
-X509_CRL *x;
-int nid;
-int lastpos;
+int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
 	{
 	return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos));
 	}
 
-int X509_CRL_get_ext_by_OBJ(x,obj,lastpos)
-X509_CRL *x;
-ASN1_OBJECT *obj;
-int lastpos;
+int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
 	{
 	return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos));
 	}
 
-int X509_CRL_get_ext_by_critical(x,crit,lastpos)
-X509_CRL *x;
-int crit;
-int lastpos;
+int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
 	{
 	return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos));
 	}
 
-X509_EXTENSION *X509_CRL_get_ext(x,loc)
-X509_CRL *x;
-int loc;
+X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
 	{
 	return(X509v3_get_ext(x->crl->extensions,loc));
 	}
 
-X509_EXTENSION *X509_CRL_delete_ext(x,loc)
-X509_CRL *x;
-int loc;
+X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
 	{
 	return(X509v3_delete_ext(x->crl->extensions,loc));
 	}
 
-int X509_CRL_add_ext(x,ex,loc)
-X509_CRL *x;
-X509_EXTENSION *ex;
-int loc;
+void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
+{
+	return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
+}
+
+int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
+							unsigned long flags)
+{
+	return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags);
+}
+
+int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
 	{
 	return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
 	}
 
-int X509_get_ext_count(x)
-X509 *x;
+int X509_get_ext_count(X509 *x)
 	{
 	return(X509v3_get_ext_count(x->cert_info->extensions));
 	}
 
-int X509_get_ext_by_NID(x,nid,lastpos)
-X509 *x;
-int nid;
-int lastpos;
+int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
 	{
 	return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos));
 	}
 
-int X509_get_ext_by_OBJ(x,obj,lastpos)
-X509 *x;
-ASN1_OBJECT *obj;
-int lastpos;
+int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
 	{
 	return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos));
 	}
 
-int X509_get_ext_by_critical(x,crit,lastpos)
-X509 *x;
-int crit;
-int lastpos;
+int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
 	{
 	return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos));
 	}
 
-X509_EXTENSION *X509_get_ext(x,loc)
-X509 *x;
-int loc;
+X509_EXTENSION *X509_get_ext(X509 *x, int loc)
 	{
 	return(X509v3_get_ext(x->cert_info->extensions,loc));
 	}
 
-X509_EXTENSION *X509_delete_ext(x,loc)
-X509 *x;
-int loc;
+X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
 	{
 	return(X509v3_delete_ext(x->cert_info->extensions,loc));
 	}
 
-int X509_add_ext(x,ex,loc)
-X509 *x;
-X509_EXTENSION *ex;
-int loc;
+int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
 	{
 	return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);
 	}
 
-int X509_REVOKED_get_ext_count(x)
-X509_REVOKED *x;
+void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
+{
+	return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
+}
+
+int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+							unsigned long flags)
+{
+	return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit,
+							flags);
+}
+
+int X509_REVOKED_get_ext_count(X509_REVOKED *x)
 	{
 	return(X509v3_get_ext_count(x->extensions));
 	}
 
-int X509_REVOKED_get_ext_by_NID(x,nid,lastpos)
-X509_REVOKED *x;
-int nid;
-int lastpos;
+int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
 	{
 	return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos));
 	}
 
-int X509_REVOKED_get_ext_by_OBJ(x,obj,lastpos)
-X509_REVOKED *x;
-ASN1_OBJECT *obj;
-int lastpos;
+int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
+	     int lastpos)
 	{
 	return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos));
 	}
 
-int X509_REVOKED_get_ext_by_critical(x,crit,lastpos)
-X509_REVOKED *x;
-int crit;
-int lastpos;
+int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
 	{
 	return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos));
 	}
 
-X509_EXTENSION *X509_REVOKED_get_ext(x,loc)
-X509_REVOKED *x;
-int loc;
+X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
 	{
 	return(X509v3_get_ext(x->extensions,loc));
 	}
 
-X509_EXTENSION *X509_REVOKED_delete_ext(x,loc)
-X509_REVOKED *x;
-int loc;
+X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
 	{
 	return(X509v3_delete_ext(x->extensions,loc));
 	}
 
-int X509_REVOKED_add_ext(x,ex,loc)
-X509_REVOKED *x;
-X509_EXTENSION *ex;
-int loc;
+int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
 	{
 	return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);
 	}
 
+void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
+{
+	return X509V3_get_d2i(x->extensions, nid, crit, idx);
+}
+
+int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
+							unsigned long flags)
+{
+	return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
+}
+
+IMPLEMENT_STACK_OF(X509_EXTENSION)
+IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index a740510b07..b780dae5e2 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -58,19 +58,16 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "lhash.h"
-#include "x509.h"
+#include <openssl/lhash.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
 
-static STACK *x509_store_meth=NULL;
-static STACK *x509_store_ctx_meth=NULL;
-
-X509_LOOKUP *X509_LOOKUP_new(method)
-X509_LOOKUP_METHOD *method;
+X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
 	{
 	X509_LOOKUP *ret;
 
-	ret=(X509_LOOKUP *)Malloc(sizeof(X509_LOOKUP));
-	if (ret == NULL) return(NULL);
+	ret=(X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));
+	if (ret == NULL) return NULL;
 
 	ret->init=0;
 	ret->skip=0;
@@ -79,163 +76,137 @@ X509_LOOKUP_METHOD *method;
 	ret->store_ctx=NULL;
 	if ((method->new_item != NULL) && !method->new_item(ret))
 		{
-		Free(ret);
-		return(NULL);
+		OPENSSL_free(ret);
+		return NULL;
 		}
-	return(ret);
+	return ret;
 	}
 
-void X509_LOOKUP_free(ctx)
-X509_LOOKUP *ctx;
+void X509_LOOKUP_free(X509_LOOKUP *ctx)
 	{
 	if (ctx == NULL) return;
 	if (	(ctx->method != NULL) &&
 		(ctx->method->free != NULL))
 		ctx->method->free(ctx);
-	Free(ctx);
+	OPENSSL_free(ctx);
 	}
 
-int X509_LOOKUP_init(ctx)
-X509_LOOKUP *ctx;
+int X509_LOOKUP_init(X509_LOOKUP *ctx)
 	{
-	if (ctx->method == NULL) return(0);
+	if (ctx->method == NULL) return 0;
 	if (ctx->method->init != NULL)
-		return(ctx->method->init(ctx));
+		return ctx->method->init(ctx);
 	else
-		return(1);
+		return 1;
 	}
 
-int X509_LOOKUP_shutdown(ctx)
-X509_LOOKUP *ctx;
+int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
 	{
-	if (ctx->method == NULL) return(0);
+	if (ctx->method == NULL) return 0;
 	if (ctx->method->shutdown != NULL)
-		return(ctx->method->shutdown(ctx));
+		return ctx->method->shutdown(ctx);
 	else
-		return(1);
+		return 1;
 	}
 
-int X509_LOOKUP_ctrl(ctx,cmd,argc,argl,ret)
-X509_LOOKUP *ctx;
-int cmd;
-char *argc;
-long argl;
-char **ret;
+int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
+	     char **ret)
 	{
-	if (ctx->method == NULL) return(-1);
+	if (ctx->method == NULL) return -1;
 	if (ctx->method->ctrl != NULL)
-		return(ctx->method->ctrl(ctx,cmd,argc,argl,ret));
+		return ctx->method->ctrl(ctx,cmd,argc,argl,ret);
 	else
-		return(1);
+		return 1;
 	}
 
-int X509_LOOKUP_by_subject(ctx,type,name,ret)
-X509_LOOKUP *ctx;
-int type;
-X509_NAME *name;
-X509_OBJECT *ret;
+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
+	     X509_OBJECT *ret)
 	{
 	if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
-		return(X509_LU_FAIL);
-	if (ctx->skip) return(0);
-	return(ctx->method->get_by_subject(ctx,type,name,ret));
+		return X509_LU_FAIL;
+	if (ctx->skip) return 0;
+	return ctx->method->get_by_subject(ctx,type,name,ret);
 	}
 
-int X509_LOOKUP_by_issuer_serial(ctx,type,name,serial,ret)
-X509_LOOKUP *ctx;
-int type;
-X509_NAME *name;
-ASN1_INTEGER *serial;
-X509_OBJECT *ret;
+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
+	     ASN1_INTEGER *serial, X509_OBJECT *ret)
 	{
 	if ((ctx->method == NULL) ||
 		(ctx->method->get_by_issuer_serial == NULL))
-		return(X509_LU_FAIL);
-	return(ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret));
+		return X509_LU_FAIL;
+	return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret);
 	}
 
-int X509_LOOKUP_by_fingerprint(ctx,type,bytes,len,ret)
-X509_LOOKUP *ctx;
-int type;
-unsigned char *bytes;
-int len;
-X509_OBJECT *ret;
+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
+	     unsigned char *bytes, int len, X509_OBJECT *ret)
 	{
 	if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
-		return(X509_LU_FAIL);
-	return(ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret));
+		return X509_LU_FAIL;
+	return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret);
 	}
 
-int X509_LOOKUP_by_alias(ctx,type,str,len,ret)
-X509_LOOKUP *ctx;
-int type;
-char *str;
-int len;
-X509_OBJECT *ret;
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
+	     X509_OBJECT *ret)
 	{
 	if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
-		return(X509_LU_FAIL);
-	return(ctx->method->get_by_alias(ctx,str,len,ret));
+		return X509_LU_FAIL;
+	return ctx->method->get_by_alias(ctx,type,str,len,ret);
 	}
 
-static unsigned long x509_object_hash(a)
-X509_OBJECT *a;
-	{
-	unsigned long h;
-
-	switch (a->type)
-		{
-	case X509_LU_X509:
-		h=X509_NAME_hash(a->data.x509->cert_info->subject);
-		break;
-	case X509_LU_CRL:
-		h=X509_NAME_hash(a->data.crl->crl->issuer);
-		break;
-	default:
-		abort();
-		}
-	return(h);
-	}
-
-static int x509_object_cmp(a,b)
-X509_OBJECT *a,*b;
-	{
-	int ret;
-
-	ret=(a->type - b->type);
-	if (ret) return(ret);
-	switch (a->type)
-		{
-	case X509_LU_X509:
-		ret=X509_subject_name_cmp(a->data.x509,b->data.x509);
-		break;
-	case X509_LU_CRL:
-		ret=X509_CRL_cmp(a->data.crl,b->data.crl);
-		break;
+  
+static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)
+  	{
+ 	int ret;
+
+ 	ret=((*a)->type - (*b)->type);
+ 	if (ret) return ret;
+ 	switch ((*a)->type)
+ 		{
+ 	case X509_LU_X509:
+ 		ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509);
+ 		break;
+ 	case X509_LU_CRL:
+ 		ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl);
+ 		break;
 	default:
-		abort();
+		/* abort(); */
+		return 0;
 		}
-	return(ret);
+	return ret;
 	}
 
-X509_STORE *X509_STORE_new()
+X509_STORE *X509_STORE_new(void)
 	{
 	X509_STORE *ret;
 
-	if ((ret=(X509_STORE *)Malloc(sizeof(X509_STORE))) == NULL)
-		return(NULL);
-	ret->certs=lh_new(x509_object_hash,x509_object_cmp);
+	if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
+		return NULL;
+	ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
 	ret->cache=1;
-	ret->get_cert_methods=sk_new_null();
-	ret->verify=NULL;
-	ret->verify_cb=NULL;
-	memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA));
+	ret->get_cert_methods=sk_X509_LOOKUP_new_null();
+	ret->verify=0;
+	ret->verify_cb=0;
+
+	ret->purpose = 0;
+	ret->trust = 0;
+
+	ret->flags = 0;
+
+	ret->get_issuer = 0;
+	ret->check_issued = 0;
+	ret->check_revocation = 0;
+	ret->get_crl = 0;
+	ret->check_crl = 0;
+	ret->cert_crl = 0;
+	ret->cleanup = 0;
+
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data);
 	ret->references=1;
-	return(ret);
+	ret->depth=0;
+	return ret;
 	}
 
-static void cleanup(a)
-X509_OBJECT *a;
+static void cleanup(X509_OBJECT *a)
 	{
 	if (a->type == X509_LU_X509)
 		{
@@ -246,90 +217,88 @@ X509_OBJECT *a;
 		X509_CRL_free(a->data.crl);
 		}
 	else
-		abort();
+		{
+		/* abort(); */
+		}
 
-	Free(a);
+	OPENSSL_free(a);
 	}
 
-void X509_STORE_free(vfy)
-X509_STORE *vfy;
+void X509_STORE_free(X509_STORE *vfy)
 	{
 	int i;
-	STACK *sk;
+	STACK_OF(X509_LOOKUP) *sk;
 	X509_LOOKUP *lu;
 
+	if (vfy == NULL)
+	    return;
+
 	sk=vfy->get_cert_methods;
-	for (i=0; i<sk_num(sk); i++)
+	for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
 		{
-		lu=(X509_LOOKUP *)sk_value(sk,i);
+		lu=sk_X509_LOOKUP_value(sk,i);
 		X509_LOOKUP_shutdown(lu);
 		X509_LOOKUP_free(lu);
 		}
-	sk_free(sk);
+	sk_X509_LOOKUP_free(sk);
+	sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
 
-	CRYPTO_free_ex_data(x509_store_meth,(char *)vfy,&vfy->ex_data);
-	lh_doall(vfy->certs,cleanup);
-	lh_free(vfy->certs);
-	Free(vfy);
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
+	OPENSSL_free(vfy);
 	}
 
-X509_LOOKUP *X509_STORE_add_lookup(v,m)
-X509_STORE *v;
-X509_LOOKUP_METHOD *m;
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
 	{
 	int i;
-	STACK *sk;
+	STACK_OF(X509_LOOKUP) *sk;
 	X509_LOOKUP *lu;
 
 	sk=v->get_cert_methods;
-	for (i=0; i<sk_num(sk); i++)
+	for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
 		{
-		lu=(X509_LOOKUP *)sk_value(sk,i);
+		lu=sk_X509_LOOKUP_value(sk,i);
 		if (m == lu->method)
 			{
-			return(lu);
+			return lu;
 			}
 		}
 	/* a new one */
 	lu=X509_LOOKUP_new(m);
 	if (lu == NULL)
-		return(NULL);
+		return NULL;
 	else
 		{
 		lu->store_ctx=v;
-		if (sk_push(v->get_cert_methods,(char *)lu))
-			return(lu);
+		if (sk_X509_LOOKUP_push(v->get_cert_methods,lu))
+			return lu;
 		else
 			{
 			X509_LOOKUP_free(lu);
-			return(NULL);
+			return NULL;
 			}
 		}
 	}
 
-int X509_STORE_get_by_subject(vs,type,name,ret)
-X509_STORE_CTX *vs;
-int type;
-X509_NAME *name;
-X509_OBJECT *ret;
+int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
+	     X509_OBJECT *ret)
 	{
 	X509_STORE *ctx=vs->ctx;
 	X509_LOOKUP *lu;
 	X509_OBJECT stmp,*tmp;
 	int i,j;
 
-	tmp=X509_OBJECT_retrieve_by_subject(ctx->certs,type,name);
+	tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name);
 
 	if (tmp == NULL)
 		{
-		for (i=vs->current_method; i<sk_num(ctx->get_cert_methods); i++)
+		for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++)
 			{
-			lu=(X509_LOOKUP *)sk_value(ctx->get_cert_methods,i);
+			lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i);
 			j=X509_LOOKUP_by_subject(lu,type,name,&stmp);
 			if (j < 0)
 				{
 				vs->current_method=j;
-				return(j);
+				return j;
 				}
 			else if (j)
 				{
@@ -339,7 +308,7 @@ X509_OBJECT *ret;
 			}
 		vs->current_method=0;
 		if (tmp == NULL)
-			return(0);
+			return 0;
 		}
 
 /*	if (ret->data.ptr != NULL)
@@ -350,11 +319,77 @@ X509_OBJECT *ret;
 
 	X509_OBJECT_up_ref_count(ret);
 
-	return(1);
+	return 1;
+	}
+
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
+	{
+	X509_OBJECT *obj;
+	int ret=1;
+
+	if (x == NULL) return 0;
+	obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
+	if (obj == NULL)
+		{
+		X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
+	obj->type=X509_LU_X509;
+	obj->data.x509=x;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+
+	X509_OBJECT_up_ref_count(obj);
+
+
+	if (X509_OBJECT_retrieve_match(ctx->objs, obj))
+		{
+		X509_OBJECT_free_contents(obj);
+		OPENSSL_free(obj);
+		X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
+		ret=0;
+		} 
+	else sk_X509_OBJECT_push(ctx->objs, obj);
+
+	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+
+	return ret;
 	}
 
-void X509_OBJECT_up_ref_count(a)
-X509_OBJECT *a;
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
+	{
+	X509_OBJECT *obj;
+	int ret=1;
+
+	if (x == NULL) return 0;
+	obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
+	if (obj == NULL)
+		{
+		X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
+	obj->type=X509_LU_CRL;
+	obj->data.crl=x;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+
+	X509_OBJECT_up_ref_count(obj);
+
+	if (X509_OBJECT_retrieve_match(ctx->objs, obj))
+		{
+		X509_OBJECT_free_contents(obj);
+		OPENSSL_free(obj);
+		X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
+		ret=0;
+		}
+	else sk_X509_OBJECT_push(ctx->objs, obj);
+
+	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+
+	return ret;
+	}
+
+void X509_OBJECT_up_ref_count(X509_OBJECT *a)
 	{
 	switch (a->type)
 		{
@@ -367,8 +402,7 @@ X509_OBJECT *a;
 		}
 	}
 
-void X509_OBJECT_free_contents(a)
-X509_OBJECT *a;
+void X509_OBJECT_free_contents(X509_OBJECT *a)
 	{
 	switch (a->type)
 		{
@@ -381,12 +415,10 @@ X509_OBJECT *a;
 		}
 	}
 
-X509_OBJECT *X509_OBJECT_retrieve_by_subject(h,type,name)
-LHASH *h;
-int type;
-X509_NAME *name;
+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
+	     X509_NAME *name)
 	{
-	X509_OBJECT stmp,*tmp;
+	X509_OBJECT stmp;
 	X509 x509_s;
 	X509_CINF cinf_s;
 	X509_CRL crl_s;
@@ -406,41 +438,120 @@ X509_NAME *name;
 		crl_info_s.issuer=name;
 		break;
 	default:
-		abort();
+		/* abort(); */
+		return -1;
+		}
+
+	return sk_X509_OBJECT_find(h,&stmp);
+	}
+
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
+	     X509_NAME *name)
+{
+	int idx;
+	idx = X509_OBJECT_idx_by_subject(h, type, name);
+	if (idx==-1) return NULL;
+	return sk_X509_OBJECT_value(h, idx);
+}
+
+X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)
+{
+	int idx, i;
+	X509_OBJECT *obj;
+	idx = sk_X509_OBJECT_find(h, x);
+	if (idx == -1) return NULL;
+	if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx);
+	for (i = idx; i < sk_X509_OBJECT_num(h); i++)
+		{
+		obj = sk_X509_OBJECT_value(h, i);
+		if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
+			return NULL;
+		if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509))
+			return obj;
+		}
+	return NULL;
+}
+
+
+/* Try to get issuer certificate from store. Due to limitations
+ * of the API this can only retrieve a single certificate matching
+ * a given subject name. However it will fill the cache with all
+ * matching certificates, so we can examine the cache for all 
+ * matches.
+ *
+ * Return values are:
+ *  1 lookup successful.
+ *  0 certificate not found.
+ * -1 some other error.
+ */
+
+
+int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
+{
+	X509_NAME *xn;
+	X509_OBJECT obj, *pobj;
+	int i, ok, idx;
+	xn=X509_get_issuer_name(x);
+	ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
+	if (ok != X509_LU_X509)
+		{
+		if (ok == X509_LU_RETRY)
+			{
+			X509_OBJECT_free_contents(&obj);
+			X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY);
+			return -1;
+			}
+		else if (ok != X509_LU_FAIL)
+			{
+			X509_OBJECT_free_contents(&obj);
+			/* not good :-(, break anyway */
+			return -1;
+			}
+		return 0;
+		}
+	/* If certificate matches all OK */
+	if (ctx->check_issued(ctx, x, obj.data.x509))
+		{
+		*issuer = obj.data.x509;
+		return 1;
+		}
+	X509_OBJECT_free_contents(&obj);
+	/* Else find index of first matching cert */
+	idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
+	/* This shouldn't normally happen since we already have one match */
+	if (idx == -1) return 0;
+
+	/* Look through all matching certificates for a suitable issuer */
+	for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++)
+		{
+		pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
+		/* See if we've ran out of matches */
+		if (pobj->type != X509_LU_X509) return 0;
+		if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) return 0;
+		if (ctx->check_issued(ctx, x, pobj->data.x509))
+			{
+			*issuer = pobj->data.x509;
+			X509_OBJECT_up_ref_count(pobj);
+			return 1;
+			}
 		}
+	return 0;
+}
 
-	tmp=(X509_OBJECT *)lh_retrieve(h,(char *)&stmp);
-	return(tmp);
+void X509_STORE_set_flags(X509_STORE *ctx, long flags)
+	{
+	ctx->flags |= flags;
 	}
 
-void X509_STORE_CTX_init(ctx,store,x509,chain)
-X509_STORE_CTX *ctx;
-X509_STORE *store;
-X509 *x509;
-STACK *chain;
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
 	{
-	ctx->ctx=store;
-	ctx->current_method=0;
-	ctx->cert=x509;
-	ctx->untrusted=chain;
-	ctx->last_untrusted=0;
-	ctx->valid=0;
-	ctx->chain=NULL;
-	ctx->depth=10;
-	ctx->error=0;
-	ctx->current_cert=NULL;
-	memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));
+	return X509_PURPOSE_set(&ctx->purpose, purpose);
 	}
 
-void X509_STORE_CTX_cleanup(ctx)
-X509_STORE_CTX *ctx;
+int X509_STORE_set_trust(X509_STORE *ctx, int trust)
 	{
-	if (ctx->chain != NULL)
-		{
-		sk_pop_free(ctx->chain,X509_free);
-		ctx->chain=NULL;
-		}
-	CRYPTO_free_ex_data(x509_store_ctx_meth,(char *)ctx,&(ctx->ex_data));
-	memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
+	return X509_TRUST_set(&ctx->trust, trust);
 	}
 
+IMPLEMENT_STACK_OF(X509_LOOKUP)
+IMPLEMENT_STACK_OF(X509_OBJECT)
diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
index c0576fd6f6..1e718f76eb 100644
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@@ -58,27 +58,27 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "lhash.h"
-#include "objects.h"
-#include "x509.h"
-#include "buffer.h"
+#include <openssl/lhash.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/buffer.h>
 
-char *X509_NAME_oneline(a,buf,len)
-X509_NAME *a;
-char *buf;
-int len;
+char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
 	{
 	X509_NAME_ENTRY *ne;
-	unsigned int i;
+int i;
 	int n,lold,l,l1,l2,num,j,type;
-	char *s,*p;
+	const char *s;
+	char *p;
 	unsigned char *q;
 	BUF_MEM *b=NULL;
 	static char hex[17]="0123456789ABCDEF";
 	int gs_doit[4];
 	char tmp_buf[80];
+#ifdef CHARSET_EBCDIC
+	char ebcdic_buf[1024];
+#endif
 
-	if (a == NULL) return("NO X509_NAME");
 	if (buf == NULL)
 		{
 		if ((b=BUF_MEM_new()) == NULL) goto err;
@@ -86,12 +86,23 @@ int len;
 		b->data[0]='\0';
 		len=200;
 		}
+	if (a == NULL)
+	    {
+	    if(b)
+		{
+		buf=b->data;
+		OPENSSL_free(b);
+		}
+	    strncpy(buf,"NO X509_NAME",len);
+	    buf[len-1]='\0';
+	    return buf;
+	    }
 
 	len--; /* space for '\0' */
 	l=0;
-	for (i=0; (int)i<sk_num(a->entries); i++)
+	for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++)
 		{
-		ne=(X509_NAME_ENTRY *)sk_value(a->entries,i);
+		ne=sk_X509_NAME_ENTRY_value(a->entries,i);
 		n=OBJ_obj2nid(ne->object);
 		if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))
 			{
@@ -103,6 +114,19 @@ int len;
 		type=ne->value->type;
 		num=ne->value->length;
 		q=ne->value->data;
+#ifdef CHARSET_EBCDIC
+                if (type == V_ASN1_GENERALSTRING ||
+		    type == V_ASN1_VISIBLESTRING ||
+		    type == V_ASN1_PRINTABLESTRING ||
+		    type == V_ASN1_TELETEXSTRING ||
+		    type == V_ASN1_VISIBLESTRING ||
+		    type == V_ASN1_IA5STRING) {
+                        ascii2ebcdic(ebcdic_buf, q,
+				     (num > sizeof ebcdic_buf)
+				     ? sizeof ebcdic_buf : num);
+                        q=ebcdic_buf;
+		}
+#endif
 
 		if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0))
 			{
@@ -125,7 +149,12 @@ int len;
 			{
 			if (!gs_doit[j&3]) continue;
 			l2++;
+#ifndef CHARSET_EBCDIC
 			if ((q[j] < ' ') || (q[j] > '~')) l2+=3;
+#else
+			if ((os_toascii[q[j]] < os_toascii[' ']) ||
+			    (os_toascii[q[j]] > os_toascii['~'])) l2+=3;
+#endif
 			}
 
 		lold=l;
@@ -145,11 +174,14 @@ int len;
 		memcpy(p,s,(unsigned int)l1); p+=l1;
 		*(p++)='=';
 
+#ifndef CHARSET_EBCDIC /* q was assigned above already. */
 		q=ne->value->data;
+#endif
 
 		for (j=0; j<num; j++)
 			{
 			if (!gs_doit[j&3]) continue;
+#ifndef CHARSET_EBCDIC
 			n=q[j];
 			if ((n < ' ') || (n > '~'))
 				{
@@ -160,16 +192,31 @@ int len;
 				}
 			else
 				*(p++)=n;
+#else
+			n=os_toascii[q[j]];
+			if ((n < os_toascii[' ']) ||
+			    (n > os_toascii['~']))
+				{
+				*(p++)='\\';
+				*(p++)='x';
+				*(p++)=hex[(n>>4)&0x0f];
+				*(p++)=hex[n&0x0f];
+				}
+			else
+				*(p++)=q[j];
+#endif
 			}
 		*p='\0';
 		}
 	if (b != NULL)
 		{
 		p=b->data;
-		Free((char *)b);
+		OPENSSL_free(b);
 		}
 	else
 		p=buf;
+	if (i == 0)
+		*p = '\0';
 	return(p);
 err:
 	X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c
index 2d8721306c..db051033d9 100644
--- a/crypto/x509/x509_r2x.c
+++ b/crypto/x509/x509_r2x.c
@@ -58,18 +58,14 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "evp.h"
-#include "asn1.h"
-#include "x509.h"
-#include "objects.h"
-#include "buffer.h"
-#include "pem.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
 
-X509 *X509_REQ_to_X509(r,days,pkey)
-X509_REQ *r;
-int days;
-EVP_PKEY *pkey;
+X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
 	{
 	X509 *ret=NULL;
 	X509_CINF *xi=NULL;
@@ -84,9 +80,9 @@ EVP_PKEY *pkey;
 	/* duplicate the request */
 	xi=ret->cert_info;
 
-	if (sk_num(r->req_info->attributes) != 0)
+	if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0)
 		{
-		if ((xi->version=ASN1_INTEGER_new()) == NULL) goto err;
+		if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
 		if (!ASN1_INTEGER_set(xi->version,2)) goto err;
 /*		xi->extensions=ri->attributes; <- bad, should not ever be done
 		ri->attributes=NULL; */
diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
index 5004365bad..0affa3bf30 100644
--- a/crypto/x509/x509_req.c
+++ b/crypto/x509/x509_req.c
@@ -58,22 +58,20 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
-#include "evp.h"
-#include "asn1.h"
-#include "x509.h"
-#include "objects.h"
-#include "buffer.h"
-#include "pem.h"
-
-X509_REQ *X509_to_X509_REQ(x,pkey,md)
-X509 *x;
-EVP_PKEY *pkey;
-EVP_MD *md;
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/pem.h>
+
+X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
 	X509_REQ *ret;
 	X509_REQ_INFO *ri;
 	int i;
+	EVP_PKEY *pktmp;
 
 	ret=X509_REQ_new();
 	if (ret == NULL)
@@ -85,14 +83,16 @@ EVP_MD *md;
 	ri=ret->req_info;
 
 	ri->version->length=1;
-	ri->version->data=(unsigned char *)Malloc(1);
+	ri->version->data=(unsigned char *)OPENSSL_malloc(1);
 	if (ri->version->data == NULL) goto err;
 	ri->version->data[0]=0; /* version == 0 */
 
 	if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x)))
 		goto err;
 
-	i=X509_REQ_set_pubkey(ret,X509_get_pubkey(x));
+	pktmp = X509_get_pubkey(x);
+	i=X509_REQ_set_pubkey(ret,pktmp);
+	EVP_PKEY_free(pktmp);
 	if (!i) goto err;
 
 	if (pkey != NULL)
@@ -106,11 +106,173 @@ err:
 	return(NULL);
 	}
 
-EVP_PKEY *X509_REQ_get_pubkey(req)
-X509_REQ *req;
+EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
 	{
 	if ((req == NULL) || (req->req_info == NULL))
 		return(NULL);
 	return(X509_PUBKEY_get(req->req_info->pubkey));
 	}
 
+/* It seems several organisations had the same idea of including a list of
+ * extensions in a certificate request. There are at least two OIDs that are
+ * used and there may be more: so the list is configurable.
+ */
+
+static int ext_nid_list[] = { NID_ms_ext_req, NID_ext_req, NID_undef};
+
+static int *ext_nids = ext_nid_list;
+
+int X509_REQ_extension_nid(int req_nid)
+{
+	int i, nid;
+	for(i = 0; ; i++) {
+		nid = ext_nids[i];
+		if(nid == NID_undef) return 0;
+		else if (req_nid == nid) return 1;
+	}
+}
+
+int *X509_REQ_get_extension_nids(void)
+{
+	return ext_nids;
+}
+	
+void X509_REQ_set_extension_nids(int *nids)
+{
+	ext_nids = nids;
+}
+
+STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
+{
+	X509_ATTRIBUTE *attr;
+	STACK_OF(X509_ATTRIBUTE) *sk;
+	ASN1_TYPE *ext = NULL;
+	int i;
+	unsigned char *p;
+	if ((req == NULL) || (req->req_info == NULL))
+		return(NULL);
+	sk=req->req_info->attributes;
+        if (!sk) return NULL;
+	for(i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+		attr = sk_X509_ATTRIBUTE_value(sk, i);
+		if(X509_REQ_extension_nid(OBJ_obj2nid(attr->object))) {
+			if(attr->single) ext = attr->value.single;
+			else if(sk_ASN1_TYPE_num(attr->value.set))
+				ext = sk_ASN1_TYPE_value(attr->value.set, 0);
+			break;
+		}
+	}
+	if(!ext || (ext->type != V_ASN1_SEQUENCE)) return NULL;
+	p = ext->value.sequence->data;
+	return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,
+			ext->value.sequence->length,
+			d2i_X509_EXTENSION, X509_EXTENSION_free,
+			V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+}
+
+/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
+ * in case we want to create a non standard one.
+ */
+
+int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
+				int nid)
+{
+	unsigned char *p = NULL, *q;
+	long len;
+	ASN1_TYPE *at = NULL;
+	X509_ATTRIBUTE *attr = NULL;
+	if(!(at = ASN1_TYPE_new()) ||
+		!(at->value.sequence = ASN1_STRING_new())) goto err;
+
+	at->type = V_ASN1_SEQUENCE;
+	/* Generate encoding of extensions */
+	len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
+			V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
+	if(!(p = OPENSSL_malloc(len))) goto err;
+	q = p;
+	i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
+			V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
+	at->value.sequence->data = p;
+	p = NULL;
+	at->value.sequence->length = len;
+	if(!(attr = X509_ATTRIBUTE_new())) goto err;
+	if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
+	if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
+	at = NULL;
+	attr->single = 0;
+	attr->object = OBJ_nid2obj(nid);
+	if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
+	return 1;
+	err:
+	if(p) OPENSSL_free(p);
+	X509_ATTRIBUTE_free(attr);
+	ASN1_TYPE_free(at);
+	return 0;
+}
+/* This is the normal usage: use the "official" OID */
+int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
+{
+	return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
+}
+
+/* Request attribute functions */
+
+int X509_REQ_get_attr_count(const X509_REQ *req)
+{
+	return X509at_get_attr_count(req->req_info->attributes);
+}
+
+int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
+			  int lastpos)
+{
+	return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
+}
+
+int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
+			  int lastpos)
+{
+	return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
+}
+
+X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
+{
+	return X509at_get_attr(req->req_info->attributes, loc);
+}
+
+X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
+{
+	return X509at_delete_attr(req->req_info->attributes, loc);
+}
+
+int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
+{
+	if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1;
+	return 0;
+}
+
+int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
+			const ASN1_OBJECT *obj, int type,
+			const unsigned char *bytes, int len)
+{
+	if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
+				type, bytes, len)) return 1;
+	return 0;
+}
+
+int X509_REQ_add1_attr_by_NID(X509_REQ *req,
+			int nid, int type,
+			const unsigned char *bytes, int len)
+{
+	if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
+				type, bytes, len)) return 1;
+	return 0;
+}
+
+int X509_REQ_add1_attr_by_txt(X509_REQ *req,
+			const char *attrname, int type,
+			const unsigned char *bytes, int len)
+{
+	if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
+				type, bytes, len)) return 1;
+	return 0;
+}
diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c
index 5d0a3a0c0e..aaf61ca062 100644
--- a/crypto/x509/x509_set.c
+++ b/crypto/x509/x509_set.c
@@ -58,27 +58,23 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
 
-int X509_set_version(x,version)
-X509 *x;
-long version;
+int X509_set_version(X509 *x, long version)
 	{
 	if (x == NULL) return(0);
 	if (x->cert_info->version == NULL)
 		{
-		if ((x->cert_info->version=ASN1_INTEGER_new()) == NULL)
+		if ((x->cert_info->version=M_ASN1_INTEGER_new()) == NULL)
 			return(0);
 		}
 	return(ASN1_INTEGER_set(x->cert_info->version,version));
 	}
 
-int X509_set_serialNumber(x,serial)
-X509 *x;
-ASN1_INTEGER *serial;
+int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
 	{
 	ASN1_INTEGER *in;
 
@@ -86,75 +82,65 @@ ASN1_INTEGER *serial;
 	in=x->cert_info->serialNumber;
 	if (in != serial)
 		{
-		in=ASN1_INTEGER_dup(serial);
+		in=M_ASN1_INTEGER_dup(serial);
 		if (in != NULL)
 			{
-			ASN1_INTEGER_free(x->cert_info->serialNumber);
+			M_ASN1_INTEGER_free(x->cert_info->serialNumber);
 			x->cert_info->serialNumber=in;
 			}
 		}
 	return(in != NULL);
 	}
 
-int X509_set_issuer_name(x,name)
-X509 *x;
-X509_NAME *name;
+int X509_set_issuer_name(X509 *x, X509_NAME *name)
 	{
 	if ((x == NULL) || (x->cert_info == NULL)) return(0);
 	return(X509_NAME_set(&x->cert_info->issuer,name));
 	}
 
-int X509_set_subject_name(x,name)
-X509 *x;
-X509_NAME *name;
+int X509_set_subject_name(X509 *x, X509_NAME *name)
 	{
 	if ((x == NULL) || (x->cert_info == NULL)) return(0);
 	return(X509_NAME_set(&x->cert_info->subject,name));
 	}
 
-int X509_set_notBefore(x,tm)
-X509 *x;
-ASN1_UTCTIME *tm;
+int X509_set_notBefore(X509 *x, ASN1_TIME *tm)
 	{
-	ASN1_UTCTIME *in;
+	ASN1_TIME *in;
 
 	if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
 	in=x->cert_info->validity->notBefore;
 	if (in != tm)
 		{
-		in=ASN1_UTCTIME_dup(tm);
+		in=M_ASN1_TIME_dup(tm);
 		if (in != NULL)
 			{
-			ASN1_UTCTIME_free(x->cert_info->validity->notBefore);
+			M_ASN1_TIME_free(x->cert_info->validity->notBefore);
 			x->cert_info->validity->notBefore=in;
 			}
 		}
 	return(in != NULL);
 	}
 
-int X509_set_notAfter(x,tm)
-X509 *x;
-ASN1_UTCTIME *tm;
+int X509_set_notAfter(X509 *x, ASN1_TIME *tm)
 	{
-	ASN1_UTCTIME *in;
+	ASN1_TIME *in;
 
 	if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
 	in=x->cert_info->validity->notAfter;
 	if (in != tm)
 		{
-		in=ASN1_UTCTIME_dup(tm);
+		in=M_ASN1_TIME_dup(tm);
 		if (in != NULL)
 			{
-			ASN1_UTCTIME_free(x->cert_info->validity->notAfter);
+			M_ASN1_TIME_free(x->cert_info->validity->notAfter);
 			x->cert_info->validity->notAfter=in;
 			}
 		}
 	return(in != NULL);
 	}
 
-int X509_set_pubkey(x,pkey)
-X509 *x;
-EVP_PKEY *pkey;
+int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
 	{
 	if ((x == NULL) || (x->cert_info == NULL)) return(0);
 	return(X509_PUBKEY_set(&(x->cert_info->key),pkey));
diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c
new file mode 100644
index 0000000000..17d69ac005
--- /dev/null
+++ b/crypto/x509/x509_trs.c
@@ -0,0 +1,286 @@
+/* x509_trs.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509v3.h>
+
+
+static int tr_cmp(const X509_TRUST * const *a,
+		const X509_TRUST * const *b);
+static void trtable_free(X509_TRUST *p);
+
+static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
+static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
+static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
+
+static int obj_trust(int id, X509 *x, int flags);
+static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
+
+/* WARNING: the following table should be kept in order of trust
+ * and without any gaps so we can just subtract the minimum trust
+ * value to get an index into the table
+ */
+
+static X509_TRUST trstandard[] = {
+{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
+{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
+{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
+{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
+{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
+{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}
+};
+
+#define X509_TRUST_COUNT	(sizeof(trstandard)/sizeof(X509_TRUST))
+
+IMPLEMENT_STACK_OF(X509_TRUST)
+
+static STACK_OF(X509_TRUST) *trtable = NULL;
+
+static int tr_cmp(const X509_TRUST * const *a,
+		const X509_TRUST * const *b)
+{
+	return (*a)->trust - (*b)->trust;
+}
+
+int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
+{
+	int (*oldtrust)(int , X509 *, int);
+	oldtrust = default_trust;
+	default_trust = trust;
+	return oldtrust;
+}
+
+
+int X509_check_trust(X509 *x, int id, int flags)
+{
+	X509_TRUST *pt;
+	int idx;
+	if(id == -1) return 1;
+	idx = X509_TRUST_get_by_id(id);
+	if(idx == -1) return default_trust(id, x, flags);
+	pt = X509_TRUST_get0(idx);
+	return pt->check_trust(pt, x, flags);
+}
+
+int X509_TRUST_get_count(void)
+{
+	if(!trtable) return X509_TRUST_COUNT;
+	return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
+}
+
+X509_TRUST * X509_TRUST_get0(int idx)
+{
+	if(idx < 0) return NULL;
+	if(idx < X509_TRUST_COUNT) return trstandard + idx;
+	return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
+}
+
+int X509_TRUST_get_by_id(int id)
+{
+	X509_TRUST tmp;
+	int idx;
+	if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
+				 return id - X509_TRUST_MIN;
+	tmp.trust = id;
+	if(!trtable) return -1;
+	idx = sk_X509_TRUST_find(trtable, &tmp);
+	if(idx == -1) return -1;
+	return idx + X509_TRUST_COUNT;
+}
+
+int X509_TRUST_set(int *t, int trust)
+{
+	if(X509_TRUST_get_by_id(trust) == -1) {
+		X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
+		return 0;
+	}
+	*t = trust;
+	return 1;
+}
+
+int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
+					char *name, int arg1, void *arg2)
+{
+	int idx;
+	X509_TRUST *trtmp;
+	/* This is set according to what we change: application can't set it */
+	flags &= ~X509_TRUST_DYNAMIC;
+	/* This will always be set for application modified trust entries */
+	flags |= X509_TRUST_DYNAMIC_NAME;
+	/* Get existing entry if any */
+	idx = X509_TRUST_get_by_id(id);
+	/* Need a new entry */
+	if(idx == -1) {
+		if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) {
+			X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
+			return 0;
+		}
+		trtmp->flags = X509_TRUST_DYNAMIC;
+	} else trtmp = X509_TRUST_get0(idx);
+
+	/* OPENSSL_free existing name if dynamic */
+	if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) OPENSSL_free(trtmp->name);
+	/* dup supplied name */
+	if(!(trtmp->name = BUF_strdup(name))) {
+		X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	/* Keep the dynamic flag of existing entry */
+	trtmp->flags &= X509_TRUST_DYNAMIC;
+	/* Set all other flags */
+	trtmp->flags |= flags;
+
+	trtmp->trust = id;
+	trtmp->check_trust = ck;
+	trtmp->arg1 = arg1;
+	trtmp->arg2 = arg2;
+
+	/* If its a new entry manage the dynamic table */
+	if(idx == -1) {
+		if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
+			X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
+			return 0;
+		}
+		if (!sk_X509_TRUST_push(trtable, trtmp)) {
+			X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
+			return 0;
+		}
+	}
+	return 1;
+}
+
+static void trtable_free(X509_TRUST *p)
+	{
+	if(!p) return;
+	if (p->flags & X509_TRUST_DYNAMIC) 
+		{
+		if (p->flags & X509_TRUST_DYNAMIC_NAME)
+			OPENSSL_free(p->name);
+		OPENSSL_free(p);
+		}
+	}
+
+void X509_TRUST_cleanup(void)
+{
+	int i;
+	for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i);
+	sk_X509_TRUST_pop_free(trtable, trtable_free);
+	trtable = NULL;
+}
+
+int X509_TRUST_get_flags(X509_TRUST *xp)
+{
+	return xp->flags;
+}
+
+char *X509_TRUST_get0_name(X509_TRUST *xp)
+{
+	return xp->name;
+}
+
+int X509_TRUST_get_trust(X509_TRUST *xp)
+{
+	return xp->trust;
+}
+
+static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
+{
+	if(x->aux && (x->aux->trust || x->aux->reject))
+		return obj_trust(trust->arg1, x, flags);
+	/* we don't have any trust settings: for compatibility
+	 * we return trusted if it is self signed
+	 */
+	return trust_compat(trust, x, flags);
+}
+
+static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
+{
+	if(x->aux) return obj_trust(trust->arg1, x, flags);
+	return X509_TRUST_UNTRUSTED;
+}
+
+static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
+{
+	X509_check_purpose(x, -1, 0);
+	if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED;
+	else return X509_TRUST_UNTRUSTED;
+}
+
+static int obj_trust(int id, X509 *x, int flags)
+{
+	ASN1_OBJECT *obj;
+	int i;
+	X509_CERT_AUX *ax;
+	ax = x->aux;
+	if(!ax) return X509_TRUST_UNTRUSTED;
+	if(ax->reject) {
+		for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
+			obj = sk_ASN1_OBJECT_value(ax->reject, i);
+			if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED;
+		}
+	}	
+	if(ax->trust) {
+		for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
+			obj = sk_ASN1_OBJECT_value(ax->trust, i);
+			if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED;
+		}
+	}
+	return X509_TRUST_UNTRUSTED;
+}
+
diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
index 408d1c277c..4f83db8ba2 100644
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -59,19 +59,16 @@
 #include <stdio.h>
 #include <time.h>
 #include <errno.h>
-#include <sys/types.h>
 
 #include "cryptlib.h"
-#include "lhash.h"
-#include "buffer.h"
-#include "evp.h"
-#include "asn1.h"
-#include "x509.h"
-#include "objects.h"
-#include "pem.h"
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
 
-char *X509_verify_cert_error_string(n)
-long n;
+const char *X509_verify_cert_error_string(long n)
 	{
 	static char buf[100];
 
@@ -86,7 +83,7 @@ long n;
 	case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
 		return("unable to decrypt certificate's signature");
 	case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
-		return("unable to decrypt CRL's's signature");
+		return("unable to decrypt CRL's signature");
 	case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
 		return("unable to decode issuer public key");
 	case X509_V_ERR_CERT_SIGNATURE_FAILURE:
@@ -98,7 +95,7 @@ long n;
 	case X509_V_ERR_CRL_NOT_YET_VALID:
 		return("CRL is not yet valid");
 	case X509_V_ERR_CERT_HAS_EXPIRED:
-		return("Certificate has expired");
+		return("certificate has expired");
 	case X509_V_ERR_CRL_HAS_EXPIRED:
 		return("CRL has expired");
 	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
@@ -121,8 +118,35 @@ long n;
 		return("unable to verify the first certificate");
 	case X509_V_ERR_CERT_CHAIN_TOO_LONG:
 		return("certificate chain too long");
+	case X509_V_ERR_CERT_REVOKED:
+		return("certificate revoked");
+	case X509_V_ERR_INVALID_CA:
+		return ("invalid CA certificate");
+	case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+		return ("path length constraint exceeded");
+	case X509_V_ERR_INVALID_PURPOSE:
+		return ("unsupported certificate purpose");
+	case X509_V_ERR_CERT_UNTRUSTED:
+		return ("certificate not trusted");
+	case X509_V_ERR_CERT_REJECTED:
+		return ("certificate rejected");
 	case X509_V_ERR_APPLICATION_VERIFICATION:
 		return("application verification failure");
+	case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
+		return("subject issuer mismatch");
+	case X509_V_ERR_AKID_SKID_MISMATCH:
+		return("authority and subject key identifier mismatch");
+	case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
+		return("authority and issuer serial number mismatch");
+	case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
+		return("key usage does not include certificate signing");
+
+	case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
+		return("unable to get CRL issuer certificate");
+
+	case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
+		return("unhandled critical extension");
+
 	default:
 		sprintf(buf,"error number %ld",n);
 		return(buf);
diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c
index 1c03602f0b..67b1796a92 100644
--- a/crypto/x509/x509_v3.c
+++ b/crypto/x509/x509_v3.c
@@ -57,34 +57,22 @@
  */
 
 #include <stdio.h>
-#include "stack.h"
+#include <openssl/stack.h>
 #include "cryptlib.h"
-#include "asn1.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
 
-#ifndef NOPROTO
-static X509_EXTENSION_METHOD *find_by_nid(int nid);
-static int xem_cmp(X509_EXTENSION_METHOD **a, X509_EXTENSION_METHOD **b);
-#else
-static X509_EXTENSION_METHOD *find_by_nid();
-static int xem_cmp();
-#endif
-
-static STACK *extensions=NULL;
-
-int X509v3_get_ext_count(x)
-STACK *x;
+int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
 	{
 	if (x == NULL) return(0);
-	return(sk_num(x));
+	return(sk_X509_EXTENSION_num(x));
 	}
 
-int X509v3_get_ext_by_NID(x,nid,lastpos)
-STACK *x;
-int nid;
-int lastpos;
+int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
+			  int lastpos)
 	{
 	ASN1_OBJECT *obj;
 
@@ -93,10 +81,8 @@ int lastpos;
 	return(X509v3_get_ext_by_OBJ(x,obj,lastpos));
 	}
 
-int X509v3_get_ext_by_OBJ(sk,obj,lastpos)
-STACK *sk;
-ASN1_OBJECT *obj;
-int lastpos;
+int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj,
+			  int lastpos)
 	{
 	int n;
 	X509_EXTENSION *ex;
@@ -105,20 +91,18 @@ int lastpos;
 	lastpos++;
 	if (lastpos < 0)
 		lastpos=0;
-	n=sk_num(sk);
+	n=sk_X509_EXTENSION_num(sk);
 	for ( ; lastpos < n; lastpos++)
 		{
-		ex=(X509_EXTENSION *)sk_value(sk,lastpos);
+		ex=sk_X509_EXTENSION_value(sk,lastpos);
 		if (OBJ_cmp(ex->object,obj) == 0)
 			return(lastpos);
 		}
 	return(-1);
 	}
 
-int X509v3_get_ext_by_critical(sk,crit,lastpos)
-STACK *sk;
-int crit;
-int lastpos;
+int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
+			       int lastpos)
 	{
 	int n;
 	X509_EXTENSION *ex;
@@ -127,63 +111,57 @@ int lastpos;
 	lastpos++;
 	if (lastpos < 0)
 		lastpos=0;
-	n=sk_num(sk);
+	n=sk_X509_EXTENSION_num(sk);
 	for ( ; lastpos < n; lastpos++)
 		{
-		ex=(X509_EXTENSION *)sk_value(sk,lastpos);
-		if (	(ex->critical && crit) ||
-			(!ex->critical && !crit))
+		ex=sk_X509_EXTENSION_value(sk,lastpos);
+		if (	((ex->critical > 0) && crit) ||
+			((ex->critical <= 0) && !crit))
 			return(lastpos);
 		}
 	return(-1);
 	}
 
-X509_EXTENSION *X509v3_get_ext(x,loc)
-STACK *x;
-int loc;
+X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
 	{
-	if ((x == NULL) || (sk_num(x) <= loc) || (loc < 0))
-		return(NULL);
+	if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
+		return NULL;
 	else
-		return((X509_EXTENSION *)sk_value(x,loc));
+		return sk_X509_EXTENSION_value(x,loc);
 	}
 
-X509_EXTENSION *X509v3_delete_ext(x,loc)
-STACK *x;
-int loc;
+X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
 	{
 	X509_EXTENSION *ret;
 
-	if ((x == NULL) || (sk_num(x) <= loc) || (loc < 0))
+	if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
 		return(NULL);
-	ret=(X509_EXTENSION *)sk_delete(x,loc);
+	ret=sk_X509_EXTENSION_delete(x,loc);
 	return(ret);
 	}
 
-STACK *X509v3_add_ext(x,ex,loc)
-STACK **x;
-X509_EXTENSION *ex;
-int loc;
+STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+					 X509_EXTENSION *ex, int loc)
 	{
 	X509_EXTENSION *new_ex=NULL;
 	int n;
-	STACK *sk=NULL;
+	STACK_OF(X509_EXTENSION) *sk=NULL;
 
 	if ((x != NULL) && (*x == NULL))
 		{
-		if ((sk=sk_new_null()) == NULL)
+		if ((sk=sk_X509_EXTENSION_new_null()) == NULL)
 			goto err;
 		}
 	else
 		sk= *x;
 
-	n=sk_num(sk);
+	n=sk_X509_EXTENSION_num(sk);
 	if (loc > n) loc=n;
 	else if (loc < 0) loc=n;
 
 	if ((new_ex=X509_EXTENSION_dup(ex)) == NULL)
 		goto err2;
-	if (!sk_insert(sk,(char *)new_ex,loc))
+	if (!sk_X509_EXTENSION_insert(sk,new_ex,loc))
 		goto err;
 	if ((x != NULL) && (*x == NULL))
 		*x=sk;
@@ -192,15 +170,12 @@ err:
 	X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
 err2:
 	if (new_ex != NULL) X509_EXTENSION_free(new_ex);
-	if (sk != NULL) sk_free(sk);
+	if (sk != NULL) sk_X509_EXTENSION_free(sk);
 	return(NULL);
 	}
 
-X509_EXTENSION *X509_EXTENSION_create_by_NID(ex,nid,crit,data)
-X509_EXTENSION **ex;
-int nid;
-int crit;
-ASN1_OCTET_STRING *data;
+X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
+	     int crit, ASN1_OCTET_STRING *data)
 	{
 	ASN1_OBJECT *obj;
 	X509_EXTENSION *ret;
@@ -216,11 +191,8 @@ ASN1_OCTET_STRING *data;
 	return(ret);
 	}
 
-X509_EXTENSION *X509_EXTENSION_create_by_OBJ(ex,obj,crit,data)
-X509_EXTENSION **ex;
-ASN1_OBJECT *obj;
-int crit;
-ASN1_OCTET_STRING *data;
+X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
+	     ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data)
 	{
 	X509_EXTENSION *ret;
 
@@ -250,9 +222,7 @@ err:
 	return(NULL);
 	}
 
-int X509_EXTENSION_set_object(ex,obj)
-X509_EXTENSION *ex;
-ASN1_OBJECT *obj;
+int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)
 	{
 	if ((ex == NULL) || (obj == NULL))
 		return(0);
@@ -261,149 +231,38 @@ ASN1_OBJECT *obj;
 	return(1);
 	}
 
-int X509_EXTENSION_set_critical(ex,crit)
-X509_EXTENSION *ex;
-int crit;
+int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
 	{
 	if (ex == NULL) return(0);
-	ex->critical=(crit)?0xFF:0;
+	ex->critical=(crit)?0xFF:-1;
 	return(1);
 	}
 
-int X509_EXTENSION_set_data(ex,data)
-X509_EXTENSION *ex;
-ASN1_OCTET_STRING *data;
+int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
 	{
 	int i;
 
 	if (ex == NULL) return(0);
-	i=ASN1_OCTET_STRING_set(ex->value,data->data,data->length);
+	i=M_ASN1_OCTET_STRING_set(ex->value,data->data,data->length);
 	if (!i) return(0);
 	return(1);
 	}
 
-ASN1_OBJECT *X509_EXTENSION_get_object(ex)
-X509_EXTENSION *ex;
+ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
 	{
 	if (ex == NULL) return(NULL);
 	return(ex->object);
 	}
 
-ASN1_OCTET_STRING *X509_EXTENSION_get_data(ex)
-X509_EXTENSION *ex;
+ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
 	{
 	if (ex == NULL) return(NULL);
 	return(ex->value);
 	}
 
-int X509_EXTENSION_get_critical(ex)
-X509_EXTENSION *ex;
+int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
 	{
 	if (ex == NULL) return(0);
-	return(ex->critical);
-	}
-
-int X509v3_data_type_by_OBJ(obj)
-ASN1_OBJECT *obj;
-	{
-	int nid;
-
-	nid=OBJ_obj2nid(obj);
-	if (nid == V_ASN1_UNDEF) return(V_ASN1_UNDEF);
-	return(X509v3_data_type_by_NID(nid));
-	}
-
-int X509v3_data_type_by_NID(nid)
-int nid;
-	{
-	X509_EXTENSION_METHOD *x;
-
-	x=find_by_nid(nid);
-	if (x == NULL)
-		return(V_ASN1_UNDEF);
-	else
-		return(x->data_type);
-	}
-
-int X509v3_pack_type_by_OBJ(obj)
-ASN1_OBJECT *obj;
-	{
-	int nid;
-
-	nid=OBJ_obj2nid(obj);
-	if (nid == NID_undef) return(X509_EXT_PACK_UNKNOWN);
-	return(X509v3_pack_type_by_NID(nid));
-	}
-
-int X509v3_pack_type_by_NID(nid)
-int nid;
-	{
-	X509_EXTENSION_METHOD *x;
-
-	x=find_by_nid(nid);
-	if (x == NULL)
-		return(X509_EXT_PACK_UNKNOWN);
-	else
-		return(x->pack_type);
-	}
-
-static X509_EXTENSION_METHOD *find_by_nid(nid)
-int nid;
-	{
-	X509_EXTENSION_METHOD x;
-	int i;
-
-	x.nid=nid;
-	if (extensions == NULL) return(NULL);
-	i=sk_find(extensions,(char *)&x);
-	if (i < 0)
-		return(NULL);
-	else
-		return((X509_EXTENSION_METHOD *)sk_value(extensions,i));
-	}
-
-static int xem_cmp(a,b)
-X509_EXTENSION_METHOD **a,**b;
-	{
-	return((*a)->nid-(*b)->nid);
-	}
-
-void X509v3_cleanup_extensions()
-	{
-	int i;
-
-	if (extensions != NULL)
-		{
-		for (i=0; i<sk_num(extensions); i++)
-			Free(sk_value(extensions,i));
-		sk_free(extensions);
-		extensions=NULL;
-		}
+	if(ex->critical > 0) return 1;
+	return 0;
 	}
-
-int X509v3_add_extension(x)
-X509_EXTENSION_METHOD *x;
-	{
-	X509_EXTENSION_METHOD *newx;
-
-	if (extensions == NULL)
-		{
-		extensions=sk_new(xem_cmp);
-		if (extensions == NULL) goto err;
-		}
-	newx=(X509_EXTENSION_METHOD *)Malloc(sizeof(X509_EXTENSION_METHOD));
-	if (newx == NULL) goto err;
-	newx->nid=x->nid;
-	newx->data_type=x->data_type;
-	newx->pack_type=x->pack_type;
-	if (!sk_push(extensions,(char *)newx))
-		{
-		Free(newx);
-		goto err;
-		}
-	return(1);
-err:
-	X509err(X509_F_X509V3_ADD_EXTENSION,ERR_R_MALLOC_FAILURE);
-	return(0);
-	}
-
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 1d62f2df93..568c629367 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -59,76 +59,63 @@
 #include <stdio.h>
 #include <time.h>
 #include <errno.h>
-#include <sys/types.h>
-#include <sys/stat.h>
 
-#include "crypto.h"
 #include "cryptlib.h"
-#include "lhash.h"
-#include "buffer.h"
-#include "evp.h"
-#include "asn1.h"
-#include "x509.h"
-#include "objects.h"
-#include "pem.h"
-
-#ifndef NOPROTO
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+
 static int null_callback(int ok,X509_STORE_CTX *e);
+static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
+static int check_chain_purpose(X509_STORE_CTX *ctx);
+static int check_trust(X509_STORE_CTX *ctx);
+static int check_revocation(X509_STORE_CTX *ctx);
+static int check_cert(X509_STORE_CTX *ctx);
 static int internal_verify(X509_STORE_CTX *ctx);
-#else
-static int null_callback();
-static int internal_verify();
-#endif
+const char *X509_version="X.509" OPENSSL_VERSION_PTEXT;
 
-char *X509_version="X509 part of SSLeay 0.9.1a 06-Jul-1998";
-static STACK *x509_store_ctx_method=NULL;
-static int x509_store_ctx_num=0;
-#if 0
-static int x509_store_num=1;
-static STACK *x509_store_method=NULL;
-#endif
 
-static int null_callback(ok,e)
-int ok;
-X509_STORE_CTX *e;
+static int null_callback(int ok, X509_STORE_CTX *e)
 	{
-	return(ok);
+	return ok;
 	}
 
 #if 0
-static int x509_subject_cmp(a,b)
-X509 **a,**b;
+static int x509_subject_cmp(X509 **a, X509 **b)
 	{
-	return(X509_subject_name_cmp(*a,*b));
+	return X509_subject_name_cmp(*a,*b);
 	}
 #endif
 
-int X509_verify_cert(ctx)
-X509_STORE_CTX *ctx;
+int X509_verify_cert(X509_STORE_CTX *ctx)
 	{
 	X509 *x,*xtmp,*chain_ss=NULL;
 	X509_NAME *xn;
-	X509_OBJECT obj;
 	int depth,i,ok=0;
 	int num;
 	int (*cb)();
-	STACK *sktmp=NULL;
+	STACK_OF(X509) *sktmp=NULL;
 
 	if (ctx->cert == NULL)
 		{
 		X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
-		return(-1);
+		return -1;
 		}
 
-	cb=ctx->ctx->verify_cb;
-	if (cb == NULL) cb=null_callback;
+	cb=ctx->verify_cb;
 
 	/* first we make sure the chain we are going to build is
 	 * present and that the first entry is in place */
 	if (ctx->chain == NULL)
 		{
-		if (	((ctx->chain=sk_new_null()) == NULL) ||
-			(!sk_push(ctx->chain,(char *)ctx->cert)))
+		if (	((ctx->chain=sk_X509_new_null()) == NULL) ||
+			(!sk_X509_push(ctx->chain,ctx->cert)))
 			{
 			X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
 			goto end;
@@ -137,41 +124,45 @@ X509_STORE_CTX *ctx;
 		ctx->last_untrusted=1;
 		}
 
-	/* We use a temporary so we can chop and hack at it */
-	if ((ctx->untrusted != NULL) && (sktmp=sk_dup(ctx->untrusted)) == NULL)
+	/* We use a temporary STACK so we can chop and hack at it */
+	if (ctx->untrusted != NULL
+	    && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL)
 		{
 		X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
 		goto end;
 		}
 
-	num=sk_num(ctx->chain);
-	x=(X509 *)sk_value(ctx->chain,num-1);
+	num=sk_X509_num(ctx->chain);
+	x=sk_X509_value(ctx->chain,num-1);
 	depth=ctx->depth;
 
 
 	for (;;)
 		{
 		/* If we have enough, we break */
-		if (depth <= num) break;
+		if (depth < num) break; /* FIXME: If this happens, we should take
+		                         * note of it and, if appropriate, use the
+		                         * X509_V_ERR_CERT_CHAIN_TOO_LONG error
+		                         * code later.
+		                         */
 
 		/* If we are self signed, we break */
 		xn=X509_get_issuer_name(x);
-		if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0)
-			break;
+		if (ctx->check_issued(ctx, x,x)) break;
 
 		/* If we were passed a cert chain, use it first */
 		if (ctx->untrusted != NULL)
 			{
-			xtmp=X509_find_by_subject(sktmp,xn);
+			xtmp=find_issuer(ctx, sktmp,x);
 			if (xtmp != NULL)
 				{
-				if (!sk_push(ctx->chain,(char *)xtmp))
+				if (!sk_X509_push(ctx->chain,xtmp))
 					{
 					X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
 					goto end;
 					}
 				CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
-				sk_delete_ptr(sktmp,(char *)xtmp);
+				sk_X509_delete_ptr(sktmp,xtmp);
 				ctx->last_untrusted++;
 				x=xtmp;
 				num++;
@@ -187,27 +178,50 @@ X509_STORE_CTX *ctx;
 	 * certificates.  We now need to add at least one trusted one,
 	 * if possible, otherwise we complain. */
 
-	i=sk_num(ctx->chain);
-	x=(X509 *)sk_value(ctx->chain,i-1);
-	if (X509_NAME_cmp(X509_get_subject_name(x),X509_get_issuer_name(x))
-		== 0)
+	/* Examine last certificate in chain and see if it
+ 	 * is self signed.
+ 	 */
+
+	i=sk_X509_num(ctx->chain);
+	x=sk_X509_value(ctx->chain,i-1);
+	xn = X509_get_subject_name(x);
+	if (ctx->check_issued(ctx, x, x))
 		{
 		/* we have a self signed certificate */
-		if (sk_num(ctx->chain) == 1)
+		if (sk_X509_num(ctx->chain) == 1)
 			{
-			ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
-			ctx->current_cert=x;
-			ctx->error_depth=i-1;
-			ok=cb(0,ctx);
-			if (!ok) goto end;
+			/* We have a single self signed certificate: see if
+			 * we can find it in the store. We must have an exact
+			 * match to avoid possible impersonation.
+			 */
+			ok = ctx->get_issuer(&xtmp, ctx, x);
+			if ((ok <= 0) || X509_cmp(x, xtmp)) 
+				{
+				ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
+				ctx->current_cert=x;
+				ctx->error_depth=i-1;
+				if (ok == 1) X509_free(xtmp);
+				ok=cb(0,ctx);
+				if (!ok) goto end;
+				}
+			else 
+				{
+				/* We have a match: replace certificate with store version
+				 * so we get any trust settings.
+				 */
+				X509_free(x);
+				x = xtmp;
+				sk_X509_set(ctx->chain, i - 1, x);
+				ctx->last_untrusted=0;
+				}
 			}
 		else
 			{
-			/* worry more about this one elsewhere */
-			chain_ss=(X509 *)sk_pop(ctx->chain);
+			/* extract and save self signed certificate for later use */
+			chain_ss=sk_X509_pop(ctx->chain);
 			ctx->last_untrusted--;
 			num--;
-			x=(X509 *)sk_value(ctx->chain,num-1);
+			x=sk_X509_value(ctx->chain,num-1);
 			}
 		}
 
@@ -215,45 +229,34 @@ X509_STORE_CTX *ctx;
 	for (;;)
 		{
 		/* If we have enough, we break */
-		if (depth <= num) break;
+		if (depth < num) break;
 
 		/* If we are self signed, we break */
 		xn=X509_get_issuer_name(x);
-		if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0)
-			break;
+		if (ctx->check_issued(ctx,x,x)) break;
 
-		ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
-		if (ok != X509_LU_X509)
-			{
-			if (ok == X509_LU_RETRY)
-				{
-				X509_OBJECT_free_contents(&obj);
-				X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY);
-				return(ok);
-				}
-			else if (ok != X509_LU_FAIL)
-				{
-				X509_OBJECT_free_contents(&obj);
-				/* not good :-(, break anyway */
-				return(ok);
-				}
-			break;
-			}
-		x=obj.data.x509;
-		if (!sk_push(ctx->chain,(char *)obj.data.x509))
+		ok = ctx->get_issuer(&xtmp, ctx, x);
+
+		if (ok < 0) return ok;
+		if (ok == 0) break;
+
+		x = xtmp;
+		if (!sk_X509_push(ctx->chain,x))
 			{
-			X509_OBJECT_free_contents(&obj);
+			X509_free(xtmp);
 			X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
-			return(0);
+			return 0;
 			}
 		num++;
 		}
 
 	/* we now have our chain, lets check it... */
 	xn=X509_get_issuer_name(x);
-	if (X509_NAME_cmp(X509_get_subject_name(x),xn) != 0)
+
+	/* Is last certificate looked up self signed? */
+	if (!ctx->check_issued(ctx,x,x))
 		{
-		if ((chain_ss == NULL) || (X509_NAME_cmp(X509_get_subject_name(chain_ss),xn) != 0))
+		if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss))
 			{
 			if (ctx->last_untrusted >= num)
 				ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
@@ -264,7 +267,7 @@ X509_STORE_CTX *ctx;
 		else
 			{
 
-			sk_push(ctx->chain,(char *)chain_ss);
+			sk_X509_push(ctx->chain,chain_ss);
 			num++;
 			ctx->last_untrusted=num;
 			ctx->current_cert=chain_ss;
@@ -277,12 +280,30 @@ X509_STORE_CTX *ctx;
 		if (!ok) goto end;
 		}
 
+	/* We have the chain complete: now we need to check its purpose */
+	if (ctx->purpose > 0) ok = check_chain_purpose(ctx);
+
+	if (!ok) goto end;
+
+	/* The chain extensions are OK: check trust */
+
+	if (ctx->trust > 0) ok = check_trust(ctx);
+
+	if (!ok) goto end;
+
 	/* We may as well copy down any DSA parameters that are required */
 	X509_get_pubkey_parameters(NULL,ctx->chain);
 
+	/* Check revocation status: we do this after copying parameters
+	 * because they may be needed for CRL signature verification.
+	 */
+
+	ok = ctx->check_revocation(ctx);
+	if(!ok) goto end;
+
 	/* At this point, we have a chain and just need to verify it */
-	if (ctx->ctx->verify != NULL)
-		ok=ctx->ctx->verify(ctx);
+	if (ctx->verify != NULL)
+		ok=ctx->verify(ctx);
 	else
 		ok=internal_verify(ctx);
 	if (0)
@@ -290,28 +311,338 @@ X509_STORE_CTX *ctx;
 end:
 		X509_get_pubkey_parameters(NULL,ctx->chain);
 		}
-	if (sktmp != NULL) sk_free(sktmp);
+	if (sktmp != NULL) sk_X509_free(sktmp);
 	if (chain_ss != NULL) X509_free(chain_ss);
-	return(ok);
+	return ok;
+	}
+
+
+/* Given a STACK_OF(X509) find the issuer of cert (if any)
+ */
+
+static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
+{
+	int i;
+	X509 *issuer;
+	for (i = 0; i < sk_X509_num(sk); i++)
+		{
+		issuer = sk_X509_value(sk, i);
+		if (ctx->check_issued(ctx, x, issuer))
+			return issuer;
+		}
+	return NULL;
+}
+
+/* Given a possible certificate and issuer check them */
+
+static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
+{
+	int ret;
+	ret = X509_check_issued(issuer, x);
+	if (ret == X509_V_OK)
+		return 1;
+	/* If we haven't asked for issuer errors don't set ctx */
+	if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK))
+		return 0;
+
+	ctx->error = ret;
+	ctx->current_cert = x;
+	ctx->current_issuer = issuer;
+	return ctx->verify_cb(0, ctx);
+	return 0;
+}
+
+/* Alternative lookup method: look from a STACK stored in other_ctx */
+
+static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
+{
+	*issuer = find_issuer(ctx, ctx->other_ctx, x);
+	if (*issuer)
+		{
+		CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509);
+		return 1;
+		}
+	else
+		return 0;
+}
+	
+
+/* Check a certificate chains extensions for consistency
+ * with the supplied purpose
+ */
+
+static int check_chain_purpose(X509_STORE_CTX *ctx)
+{
+#ifdef OPENSSL_NO_CHAIN_VERIFY
+	return 1;
+#else
+	int i, ok=0;
+	X509 *x;
+	int (*cb)();
+	cb=ctx->verify_cb;
+	/* Check all untrusted certificates */
+	for (i = 0; i < ctx->last_untrusted; i++)
+		{
+		x = sk_X509_value(ctx->chain, i);
+		if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL)
+			&& (x->ex_flags & EXFLAG_CRITICAL))
+			{
+			ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
+			ctx->error_depth = i;
+			ctx->current_cert = x;
+			ok=cb(0,ctx);
+			if (!ok) goto end;
+			}
+		if (!X509_check_purpose(x, ctx->purpose, i))
+			{
+			if (i)
+				ctx->error = X509_V_ERR_INVALID_CA;
+			else
+				ctx->error = X509_V_ERR_INVALID_PURPOSE;
+			ctx->error_depth = i;
+			ctx->current_cert = x;
+			ok=cb(0,ctx);
+			if (!ok) goto end;
+			}
+		/* Check pathlen */
+		if ((i > 1) && (x->ex_pathlen != -1)
+			   && (i > (x->ex_pathlen + 1)))
+			{
+			ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
+			ctx->error_depth = i;
+			ctx->current_cert = x;
+			ok=cb(0,ctx);
+			if (!ok) goto end;
+			}
+		}
+	ok = 1;
+ end:
+	return ok;
+#endif
+}
+
+static int check_trust(X509_STORE_CTX *ctx)
+{
+#ifdef OPENSSL_NO_CHAIN_VERIFY
+	return 1;
+#else
+	int i, ok;
+	X509 *x;
+	int (*cb)();
+	cb=ctx->verify_cb;
+/* For now just check the last certificate in the chain */
+	i = sk_X509_num(ctx->chain) - 1;
+	x = sk_X509_value(ctx->chain, i);
+	ok = X509_check_trust(x, ctx->trust, 0);
+	if (ok == X509_TRUST_TRUSTED)
+		return 1;
+	ctx->error_depth = i;
+	ctx->current_cert = x;
+	if (ok == X509_TRUST_REJECTED)
+		ctx->error = X509_V_ERR_CERT_REJECTED;
+	else
+		ctx->error = X509_V_ERR_CERT_UNTRUSTED;
+	ok = cb(0, ctx);
+	return ok;
+#endif
+}
+
+static int check_revocation(X509_STORE_CTX *ctx)
+	{
+	int i, last, ok;
+	if (!(ctx->flags & X509_V_FLAG_CRL_CHECK))
+		return 1;
+	if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL)
+		last = 0;
+	else
+		last = sk_X509_num(ctx->chain) - 1;
+	for(i = 0; i <= last; i++)
+		{
+		ctx->error_depth = i;
+		ok = check_cert(ctx);
+		if (!ok) return ok;
+		}
+	return 1;
+	}
+
+static int check_cert(X509_STORE_CTX *ctx)
+	{
+	X509_CRL *crl = NULL;
+	X509 *x;
+	int ok, cnum;
+	cnum = ctx->error_depth;
+	x = sk_X509_value(ctx->chain, cnum);
+	ctx->current_cert = x;
+	/* Try to retrieve relevant CRL */
+	ok = ctx->get_crl(ctx, &crl, x);
+	/* If error looking up CRL, nothing we can do except
+	 * notify callback
+	 */
+	if(!ok)
+		{
+		ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
+		ok = ctx->verify_cb(0, ctx);
+		goto err;
+		}
+	ctx->current_crl = crl;
+	ok = ctx->check_crl(ctx, crl);
+	if (!ok) goto err;
+	ok = ctx->cert_crl(ctx, crl, x);
+	err:
+	ctx->current_crl = NULL;
+	X509_CRL_free(crl);
+	return ok;
+
 	}
 
-static int internal_verify(ctx)
-X509_STORE_CTX *ctx;
+/* Retrieve CRL corresponding to certificate: currently just a
+ * subject lookup: maybe use AKID later...
+ * Also might look up any included CRLs too (e.g PKCS#7 signedData).
+ */
+static int get_crl(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x)
+	{
+	int ok;
+	X509_OBJECT xobj;
+	ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x), &xobj);
+	if (!ok) return 0;
+	*crl = xobj.data.crl;
+	return 1;
+	}
+
+/* Check CRL validity */
+static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
+	{
+	X509 *issuer = NULL;
+	EVP_PKEY *ikey = NULL;
+	int ok = 0, chnum, cnum, i;
+	time_t *ptime;
+	cnum = ctx->error_depth;
+	chnum = sk_X509_num(ctx->chain) - 1;
+	/* Find CRL issuer: if not last certificate then issuer
+	 * is next certificate in chain.
+	 */
+	if(cnum < chnum)
+		issuer = sk_X509_value(ctx->chain, cnum + 1);
+	else
+		{
+		issuer = sk_X509_value(ctx->chain, chnum);
+		/* If not self signed, can't check signature */
+		if(!ctx->check_issued(ctx, issuer, issuer))
+			{
+			ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
+			ok = ctx->verify_cb(0, ctx);
+			if(!ok) goto err;
+			}
+		}
+
+	if(issuer)
+		{
+
+		/* Attempt to get issuer certificate public key */
+		ikey = X509_get_pubkey(issuer);
+
+		if(!ikey)
+			{
+			ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
+			ok = ctx->verify_cb(0, ctx);
+			if (!ok) goto err;
+			}
+		else
+			{
+			/* Verify CRL signature */
+			if(X509_CRL_verify(crl, ikey) <= 0)
+				{
+				ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE;
+				ok = ctx->verify_cb(0, ctx);
+				if (!ok) goto err;
+				}
+			}
+		}
+
+	/* OK, CRL signature valid check times */
+	if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
+		ptime = &ctx->check_time;
+	else
+		ptime = NULL;
+
+	i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
+	if (i == 0)
+		{
+		ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
+		ok = ctx->verify_cb(0, ctx);
+		if (!ok) goto err;
+		}
+
+	if (i > 0)
+		{
+		ctx->error=X509_V_ERR_CRL_NOT_YET_VALID;
+		ok = ctx->verify_cb(0, ctx);
+		if (!ok) goto err;
+		}
+
+	if(X509_CRL_get_nextUpdate(crl))
+		{
+		i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
+
+		if (i == 0)
+			{
+			ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
+			ok = ctx->verify_cb(0, ctx);
+			if (!ok) goto err;
+			}
+
+		if (i < 0)
+			{
+			ctx->error=X509_V_ERR_CRL_HAS_EXPIRED;
+			ok = ctx->verify_cb(0, ctx);
+			if (!ok) goto err;
+			}
+		}
+
+	ok = 1;
+
+	err:
+	EVP_PKEY_free(ikey);
+	return ok;
+	}
+
+/* Check certificate against CRL */
+static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
+	{
+	int idx, ok;
+	X509_REVOKED rtmp;
+	/* Look for serial number of certificate in CRL */
+	rtmp.serialNumber = X509_get_serialNumber(x);
+	idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
+	/* Not found: OK */
+	if(idx == -1) return 1;
+	/* Otherwise revoked: want something cleverer than
+	 * this to handle entry extensions in V2 CRLs.
+	 */
+	ctx->error = X509_V_ERR_CERT_REVOKED;
+	ok = ctx->verify_cb(0, ctx);
+	return ok;
+	}
+
+static int internal_verify(X509_STORE_CTX *ctx)
 	{
 	int i,ok=0,n;
 	X509 *xs,*xi;
 	EVP_PKEY *pkey=NULL;
+	time_t *ptime;
 	int (*cb)();
 
-	cb=ctx->ctx->verify_cb;
-	if (cb == NULL) cb=null_callback;
+	cb=ctx->verify_cb;
 
-	n=sk_num(ctx->chain);
+	n=sk_X509_num(ctx->chain);
 	ctx->error_depth=n-1;
 	n--;
-	xi=(X509 *)sk_value(ctx->chain,n);
-	if (X509_NAME_cmp(X509_get_subject_name(xi),
-		X509_get_issuer_name(xi)) == 0)
+	xi=sk_X509_value(ctx->chain,n);
+	if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
+		ptime = &ctx->check_time;
+	else
+		ptime = NULL;
+	if (ctx->check_issued(ctx, xi, xi))
 		xs=xi;
 	else
 		{
@@ -326,7 +657,7 @@ X509_STORE_CTX *ctx;
 			{
 			n--;
 			ctx->error_depth=n;
-			xs=(X509 *)sk_value(ctx->chain,n);
+			xs=sk_X509_value(ctx->chain,n);
 			}
 		}
 
@@ -344,15 +675,27 @@ X509_STORE_CTX *ctx;
 				if (!ok) goto end;
 				}
 			if (X509_verify(xs,pkey) <= 0)
+				/* XXX  For the final trusted self-signed cert,
+				 * this is a waste of time.  That check should
+				 * optional so that e.g. 'openssl x509' can be
+				 * used to detect invalid self-signatures, but
+				 * we don't verify again and again in SSL
+				 * handshakes and the like once the cert has
+				 * been declared trusted. */
 				{
 				ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
 				ctx->current_cert=xs;
 				ok=(*cb)(0,ctx);
-				if (!ok) goto end;
+				if (!ok)
+					{
+					EVP_PKEY_free(pkey);
+					goto end;
+					}
 				}
+			EVP_PKEY_free(pkey);
 			pkey=NULL;
 
-			i=X509_cmp_current_time(X509_get_notBefore(xs));
+			i=X509_cmp_time(X509_get_notBefore(xs), ptime);
 			if (i == 0)
 				{
 				ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
@@ -370,7 +713,7 @@ X509_STORE_CTX *ctx;
 			xs->valid=1;
 			}
 
-		i=X509_cmp_current_time(X509_get_notAfter(xs));
+		i=X509_cmp_time(X509_get_notAfter(xs), ptime);
 		if (i == 0)
 			{
 			ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
@@ -387,8 +730,6 @@ X509_STORE_CTX *ctx;
 			if (!ok) goto end;
 			}
 
-		/* CRL CHECK */
-
 		/* The last error (if any) is still in the error value */
 		ctx->current_cert=xs;
 		ok=(*cb)(1,ctx);
@@ -398,34 +739,59 @@ X509_STORE_CTX *ctx;
 		if (n >= 0)
 			{
 			xi=xs;
-			xs=(X509 *)sk_value(ctx->chain,n);
+			xs=sk_X509_value(ctx->chain,n);
 			}
 		}
 	ok=1;
 end:
-	return(ok);
+	return ok;
 	}
 
-int X509_cmp_current_time(ctm)
-ASN1_UTCTIME *ctm;
+int X509_cmp_current_time(ASN1_TIME *ctm)
+{
+	return X509_cmp_time(ctm, NULL);
+}
+
+int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
 	{
 	char *str;
-	ASN1_UTCTIME atm;
-	time_t offset;
+	ASN1_TIME atm;
+	long offset;
 	char buff1[24],buff2[24],*p;
 	int i,j;
 
 	p=buff1;
 	i=ctm->length;
 	str=(char *)ctm->data;
-	if ((i < 11) || (i > 17)) return(0);
-	memcpy(p,str,10);
-	p+=10;
-	str+=10;
+	if (ctm->type == V_ASN1_UTCTIME)
+		{
+		if ((i < 11) || (i > 17)) return 0;
+		memcpy(p,str,10);
+		p+=10;
+		str+=10;
+		}
+	else
+		{
+		if (i < 13) return 0;
+		memcpy(p,str,12);
+		p+=12;
+		str+=12;
+		}
 
 	if ((*str == 'Z') || (*str == '-') || (*str == '+'))
 		{ *(p++)='0'; *(p++)='0'; }
-	else	{ *(p++)= *(str++); *(p++)= *(str++); }
+	else
+		{ 
+		*(p++)= *(str++);
+		*(p++)= *(str++);
+		/* Skip any fractional seconds... */
+		if (*str == '.')
+			{
+			str++;
+			while ((*str >= '0') && (*str <= '9')) str++;
+			}
+		
+		}
 	*(p++)='Z';
 	*(p++)='\0';
 
@@ -434,230 +800,388 @@ ASN1_UTCTIME *ctm;
 	else
 		{
 		if ((*str != '+') && (str[5] != '-'))
-			return(0);
+			return 0;
 		offset=((str[1]-'0')*10+(str[2]-'0'))*60;
 		offset+=(str[3]-'0')*10+(str[4]-'0');
 		if (*str == '-')
 			offset= -offset;
 		}
-	atm.type=V_ASN1_UTCTIME;
+	atm.type=ctm->type;
 	atm.length=sizeof(buff2);
 	atm.data=(unsigned char *)buff2;
 
-	X509_gmtime_adj(&atm,-offset);
+	X509_time_adj(&atm,-offset*60, cmp_time);
 
-	i=(buff1[0]-'0')*10+(buff1[1]-'0');
-	if (i < 70) i+=100;
-	j=(buff2[0]-'0')*10+(buff2[1]-'0');
-	if (j < 70) j+=100;
+	if (ctm->type == V_ASN1_UTCTIME)
+		{
+		i=(buff1[0]-'0')*10+(buff1[1]-'0');
+		if (i < 50) i+=100; /* cf. RFC 2459 */
+		j=(buff2[0]-'0')*10+(buff2[1]-'0');
+		if (j < 50) j+=100;
 
-	if (i < j) return (-1);
-	if (i > j) return (1);
+		if (i < j) return -1;
+		if (i > j) return 1;
+		}
 	i=strcmp(buff1,buff2);
 	if (i == 0) /* wait a second then return younger :-) */
-		return(-1);
+		return -1;
 	else
-		return(i);
+		return i;
 	}
 
-ASN1_UTCTIME *X509_gmtime_adj(s, adj)
-ASN1_UTCTIME *s;
-long adj;
+ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
+{
+	return X509_time_adj(s, adj, NULL);
+}
+
+ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)
 	{
 	time_t t;
+	int type = -1;
+
+	if (in_tm) t = *in_tm;
+	else time(&t);
 
-	time(&t);
 	t+=adj;
-	return(ASN1_UTCTIME_set(s,t));
+	if (s) type = s->type;
+	if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
+	if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t);
+	return ASN1_TIME_set(s, t);
 	}
 
-int X509_get_pubkey_parameters(pkey,chain)
-EVP_PKEY *pkey;
-STACK *chain;
+int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
 	{
 	EVP_PKEY *ktmp=NULL,*ktmp2;
 	int i,j;
 
-	if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return(1);
+	if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1;
 
-	for (i=0; i<sk_num(chain); i++)
+	for (i=0; i<sk_X509_num(chain); i++)
 		{
-		ktmp=X509_get_pubkey((X509 *)sk_value(chain,i));
+		ktmp=X509_get_pubkey(sk_X509_value(chain,i));
 		if (ktmp == NULL)
 			{
 			X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
-			return(0);
+			return 0;
 			}
 		if (!EVP_PKEY_missing_parameters(ktmp))
 			break;
 		else
 			{
+			EVP_PKEY_free(ktmp);
 			ktmp=NULL;
 			}
 		}
 	if (ktmp == NULL)
 		{
 		X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
-		return(0);
+		return 0;
 		}
 
 	/* first, populate the other certs */
 	for (j=i-1; j >= 0; j--)
 		{
-		ktmp2=X509_get_pubkey((X509 *)sk_value(chain,j));
+		ktmp2=X509_get_pubkey(sk_X509_value(chain,j));
 		EVP_PKEY_copy_parameters(ktmp2,ktmp);
+		EVP_PKEY_free(ktmp2);
 		}
 	
-	if (pkey != NULL)
-		EVP_PKEY_copy_parameters(pkey,ktmp);
-	return(1);
+	if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
+	EVP_PKEY_free(ktmp);
+	return 1;
 	}
 
-int X509_STORE_add_cert(ctx,x)
-X509_STORE *ctx;
-X509 *x;
+int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
 	{
-	X509_OBJECT *obj,*r;
-	int ret=1;
+	/* This function is (usually) called only once, by
+	 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp,
+			new_func, dup_func, free_func);
+	}
 
-	if (x == NULL) return(0);
-	obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT));
-	if (obj == NULL)
-		{
-		X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	obj->type=X509_LU_X509;
-	obj->data.x509=x;
+int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
+	{
+	return CRYPTO_set_ex_data(&ctx->ex_data,idx,data);
+	}
 
-	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
+	{
+	return CRYPTO_get_ex_data(&ctx->ex_data,idx);
+	}
 
-	X509_OBJECT_up_ref_count(obj);
+int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
+	{
+	return ctx->error;
+	}
 
-	r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj);
-	if (r != NULL)
-		{ /* oops, put it back */
-		lh_delete(ctx->certs,(char *)obj);
-		X509_OBJECT_free_contents(obj);
-		Free(obj);
-		lh_insert(ctx->certs,(char *)r);
-		X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
-		ret=0;
-		}
+void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
+	{
+	ctx->error=err;
+	}
 
-	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
+	{
+	return ctx->error_depth;
+	}
 
-	return(ret);	
+X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
+	{
+	return ctx->current_cert;
 	}
 
-int X509_STORE_add_crl(ctx,x)
-X509_STORE *ctx;
-X509_CRL *x;
+STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
 	{
-	X509_OBJECT *obj,*r;
-	int ret=1;
+	return ctx->chain;
+	}
 
-	if (x == NULL) return(0);
-	obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT));
-	if (obj == NULL)
+STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
+	{
+	int i;
+	X509 *x;
+	STACK_OF(X509) *chain;
+	if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
+	for (i = 0; i < sk_X509_num(chain); i++)
 		{
-		X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	obj->type=X509_LU_CRL;
-	obj->data.crl=x;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-
-	X509_OBJECT_up_ref_count(obj);
-
-	r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj);
-	if (r != NULL)
-		{ /* oops, put it back */
-		lh_delete(ctx->certs,(char *)obj);
-		X509_OBJECT_free_contents(obj);
-		Free(obj);
-		lh_insert(ctx->certs,(char *)r);
-		X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
-		ret=0;
+		x = sk_X509_value(chain, i);
+		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
 		}
-
-	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-
-	return(ret);	
+	return chain;
 	}
 
-int X509_STORE_CTX_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
-long argl;
-char *argp;
-int (*new_func)();
-int (*dup_func)();
-void (*free_func)();
-        {
-        x509_store_ctx_num++;
-        return(CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
-		&x509_store_ctx_method,
-                argl,argp,new_func,dup_func,free_func));
-        }
-
-int X509_STORE_CTX_set_ex_data(ctx,idx,data)
-X509_STORE_CTX *ctx;
-int idx;
-char *data;
+void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
 	{
-	return(CRYPTO_set_ex_data(&ctx->ex_data,idx,data));
+	ctx->cert=x;
 	}
 
-char *X509_STORE_CTX_get_ex_data(ctx,idx)
-X509_STORE_CTX *ctx;
-int idx;
+void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
 	{
-	return(CRYPTO_get_ex_data(&ctx->ex_data,idx));
+	ctx->untrusted=sk;
 	}
 
-int X509_STORE_CTX_get_error(ctx)
-X509_STORE_CTX *ctx;
+int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
 	{
-	return(ctx->error);
+	return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
 	}
 
-void X509_STORE_CTX_set_error(ctx,err)
-X509_STORE_CTX *ctx;
-int err;
+int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
 	{
-	ctx->error=err;
+	return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
 	}
 
-int X509_STORE_CTX_get_error_depth(ctx)
-X509_STORE_CTX *ctx;
+/* This function is used to set the X509_STORE_CTX purpose and trust
+ * values. This is intended to be used when another structure has its
+ * own trust and purpose values which (if set) will be inherited by
+ * the ctx. If they aren't set then we will usually have a default
+ * purpose in mind which should then be used to set the trust value.
+ * An example of this is SSL use: an SSL structure will have its own
+ * purpose and trust settings which the application can set: if they
+ * aren't set then we use the default of SSL client/server.
+ */
+
+int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
+				int purpose, int trust)
+{
+	int idx;
+	/* If purpose not set use default */
+	if (!purpose) purpose = def_purpose;
+	/* If we have a purpose then check it is valid */
+	if (purpose)
+		{
+		X509_PURPOSE *ptmp;
+		idx = X509_PURPOSE_get_by_id(purpose);
+		if (idx == -1)
+			{
+			X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+						X509_R_UNKNOWN_PURPOSE_ID);
+			return 0;
+			}
+		ptmp = X509_PURPOSE_get0(idx);
+		if (ptmp->trust == X509_TRUST_DEFAULT)
+			{
+			idx = X509_PURPOSE_get_by_id(def_purpose);
+			if (idx == -1)
+				{
+				X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+						X509_R_UNKNOWN_PURPOSE_ID);
+				return 0;
+				}
+			ptmp = X509_PURPOSE_get0(idx);
+			}
+		/* If trust not set then get from purpose default */
+		if (!trust) trust = ptmp->trust;
+		}
+	if (trust)
+		{
+		idx = X509_TRUST_get_by_id(trust);
+		if (idx == -1)
+			{
+			X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+						X509_R_UNKNOWN_TRUST_ID);
+			return 0;
+			}
+		}
+
+	if (purpose && !ctx->purpose) ctx->purpose = purpose;
+	if (trust && !ctx->trust) ctx->trust = trust;
+	return 1;
+}
+
+X509_STORE_CTX *X509_STORE_CTX_new(void)
+{
+	X509_STORE_CTX *ctx;
+	ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
+	if (!ctx)
+		{
+		X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE);
+		return NULL;
+		}
+	memset(ctx, 0, sizeof(X509_STORE_CTX));
+	return ctx;
+}
+
+void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
+{
+	X509_STORE_CTX_cleanup(ctx);
+	OPENSSL_free(ctx);
+}
+
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
+	     STACK_OF(X509) *chain)
 	{
-	return(ctx->error_depth);
+	ctx->ctx=store;
+	ctx->current_method=0;
+	ctx->cert=x509;
+	ctx->untrusted=chain;
+	ctx->last_untrusted=0;
+	ctx->check_time=0;
+	ctx->other_ctx=NULL;
+	ctx->valid=0;
+	ctx->chain=NULL;
+	ctx->depth=9;
+	ctx->error=0;
+	ctx->error_depth=0;
+	ctx->current_cert=NULL;
+	ctx->current_issuer=NULL;
+
+	/* Inherit callbacks and flags from X509_STORE if not set
+	 * use defaults.
+	 */
+
+
+	if (store)
+		{
+		ctx->purpose=store->purpose;
+		ctx->trust=store->trust;
+		ctx->flags = store->flags;
+		ctx->cleanup = store->cleanup;
+		}
+	else
+		{
+		ctx->purpose = 0;
+		ctx->trust = 0;
+		ctx->flags = 0;
+		ctx->cleanup = 0;
+		}
+
+	if (store && store->check_issued)
+		ctx->check_issued = store->check_issued;
+	else
+		ctx->check_issued = check_issued;
+
+	if (store && store->get_issuer)
+		ctx->get_issuer = store->get_issuer;
+	else
+		ctx->get_issuer = X509_STORE_CTX_get1_issuer;
+
+	if (store && store->verify_cb)
+		ctx->verify_cb = store->verify_cb;
+	else
+		ctx->verify_cb = null_callback;
+
+	if (store && store->verify)
+		ctx->verify = store->verify;
+	else
+		ctx->verify = internal_verify;
+
+	if (store && store->check_revocation)
+		ctx->check_revocation = store->check_revocation;
+	else
+		ctx->check_revocation = check_revocation;
+
+	if (store && store->get_crl)
+		ctx->get_crl = store->get_crl;
+	else
+		ctx->get_crl = get_crl;
+
+	if (store && store->check_crl)
+		ctx->check_crl = store->check_crl;
+	else
+		ctx->check_crl = check_crl;
+
+	if (store && store->cert_crl)
+		ctx->cert_crl = store->cert_crl;
+	else
+		ctx->cert_crl = cert_crl;
+
+
+	/* This memset() can't make any sense anyway, so it's removed. As
+	 * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
+	 * corresponding "new" here and remove this bogus initialisation. */
+	/* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
+	if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
+				&(ctx->ex_data)))
+		{
+		OPENSSL_free(ctx);
+		X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
+		return 0;
+		}
+	return 1;
 	}
 
-X509 *X509_STORE_CTX_get_current_cert(ctx)
-X509_STORE_CTX *ctx;
+/* Set alternative lookup method: just a STACK of trusted certificates.
+ * This avoids X509_STORE nastiness where it isn't needed.
+ */
+
+void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+{
+	ctx->other_ctx = sk;
+	ctx->get_issuer = get_issuer_sk;
+}
+
+void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
 	{
-	return(ctx->current_cert);
+	if (ctx->cleanup) ctx->cleanup(ctx);
+	if (ctx->chain != NULL)
+		{
+		sk_X509_pop_free(ctx->chain,X509_free);
+		ctx->chain=NULL;
+		}
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
+	OPENSSL_cleanse(&ctx->ex_data,sizeof(CRYPTO_EX_DATA));
 	}
 
-STACK *X509_STORE_CTX_get_chain(ctx)
-X509_STORE_CTX *ctx;
+void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags)
 	{
-	return(ctx->chain);
+	ctx->flags |= flags;
 	}
 
-void X509_STORE_CTX_set_cert(ctx,x)
-X509_STORE_CTX *ctx;
-X509 *x;
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t)
 	{
-	ctx->cert=x;
+	ctx->check_time = t;
+	ctx->flags |= X509_V_FLAG_USE_CHECK_TIME;
 	}
 
-void X509_STORE_CTX_set_chain(ctx,sk)
-X509_STORE_CTX *ctx;
-STACK *sk;
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+				  int (*verify_cb)(int, X509_STORE_CTX *))
 	{
-	ctx->untrusted=sk;
+	ctx->verify_cb=verify_cb;
 	}
 
+IMPLEMENT_STACK_OF(X509)
+IMPLEMENT_ASN1_SET_OF(X509)
+
+IMPLEMENT_STACK_OF(X509_NAME)
 
+IMPLEMENT_STACK_OF(X509_ATTRIBUTE)
+IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)
diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h
index 6849a8c749..f0be21f452 100644
--- a/crypto/x509/x509_vfy.h
+++ b/crypto/x509/x509_vfy.h
@@ -56,16 +56,26 @@
  * [including the GNU Public Licence.]
  */
 
+#ifndef HEADER_X509_H
+#include <openssl/x509.h>
+/* openssl/x509.h ends up #include-ing this file at about the only
+ * appropriate moment. */
+#endif
+
 #ifndef HEADER_X509_VFY_H
 #define HEADER_X509_VFY_H
 
+#ifndef OPENSSL_NO_LHASH
+#include <openssl/lhash.h>
+#endif
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/symhacks.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
-#include "bio.h"
-#include "crypto.h"
-
 /* Outer object */
 typedef struct x509_hash_dir_st
 	{
@@ -119,43 +129,66 @@ typedef struct x509_object_st
 		} data;
 	} X509_OBJECT;
 
+typedef struct x509_lookup_st X509_LOOKUP;
+
+DECLARE_STACK_OF(X509_LOOKUP)
+DECLARE_STACK_OF(X509_OBJECT)
+
 /* This is a static that defines the function interface */
 typedef struct x509_lookup_method_st
 	{
-	char *name;
-	int (*new_item)();
-	void (*free)();
-	int (*init)(/* meth, char ** */);
-	int (*shutdown)( /* meth, char ** */);
-	int (*ctrl)( /* meth, char **, int cmd, char *argp, int argi */);
-	int (*get_by_subject)(/* meth, char **, XNAME *, X509 **ret */);
-	int (*get_by_issuer_serial)();
-	int (*get_by_fingerprint)();
-	int (*get_by_alias)();
+	const char *name;
+	int (*new_item)(X509_LOOKUP *ctx);
+	void (*free)(X509_LOOKUP *ctx);
+	int (*init)(X509_LOOKUP *ctx);
+	int (*shutdown)(X509_LOOKUP *ctx);
+	int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl,
+			char **ret);
+	int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name,
+			      X509_OBJECT *ret);
+	int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name,
+				    ASN1_INTEGER *serial,X509_OBJECT *ret);
+	int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type,
+				  unsigned char *bytes,int len,
+				  X509_OBJECT *ret);
+	int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len,
+			    X509_OBJECT *ret);
 	} X509_LOOKUP_METHOD;
 
 /* This is used to hold everything.  It is used for all certificate
  * validation.  Once we have a certificate chain, the 'verify'
  * function is then called to actually check the cert chain. */
-typedef struct x509_store_st
+struct x509_store_st
 	{
 	/* The following is a cache of trusted certs */
 	int cache; 	/* if true, stash any hits */
-#ifdef HEADER_LHASH_H
-	LHASH *certs;	/* cached certs; */ 
-#else
-	char *certs;
-#endif
+	STACK_OF(X509_OBJECT) *objs;	/* Cache of all objects */
 
 	/* These are external lookup methods */
-	STACK *get_cert_methods;/* X509_LOOKUP */
-	int (*verify)();	/* called to verify a certificate */
-	int (*verify_cb)();	/* error callback */
+	STACK_OF(X509_LOOKUP) *get_cert_methods;
+
+	/* The following fields are not used by X509_STORE but are
+         * inherited by X509_STORE_CTX when it is initialised.
+	 */
+
+	unsigned long flags;	/* Various verify flags */
+	int purpose;
+	int trust;
+	/* Callbacks for various operations */
+	int (*verify)(X509_STORE_CTX *ctx);	/* called to verify a certificate */
+	int (*verify_cb)(int ok,X509_STORE_CTX *ctx);	/* error callback */
+	int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);	/* get issuers cert from ctx */
+	int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
+	int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
+	int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
+	int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
+	int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
+	int (*cleanup)(X509_STORE_CTX *ctx);
 
 	CRYPTO_EX_DATA ex_data;
 	int references;
-	int depth;		/* how deep to look */
-	}  X509_STORE;
+	int depth;		/* how deep to look (still unused -- X509_STORE_CTX's depth is used) */
+	} /* X509_STORE */;
 
 #define X509_STORE_set_depth(ctx,d)       ((ctx)->depth=(d))
 
@@ -163,7 +196,7 @@ typedef struct x509_store_st
 #define X509_STORE_set_verify_func(ctx,func)	((ctx)->verify=(func))
 
 /* This is the functions plus an instance of the local variables. */
-typedef struct x509_lookup_st
+struct x509_lookup_st
 	{
 	int init;			/* have we been started */
 	int skip;			/* don't use us. */
@@ -171,33 +204,53 @@ typedef struct x509_lookup_st
 	char *method_data;		/* method data */
 
 	X509_STORE *store_ctx;	/* who owns us */
-	} X509_LOOKUP;
+	} /* X509_LOOKUP */;
 
-/* This is a temporary used when processing cert chains.  Since the
+/* This is a used when verifying cert chains.  Since the
  * gathering of the cert chain can take some time (and have to be
  * 'retried', this needs to be kept and passed around. */
-typedef struct x509_store_state_st
+struct x509_store_ctx_st      /* X509_STORE_CTX */
 	{
 	X509_STORE *ctx;
 	int current_method;	/* used when looking up certs */
 
 	/* The following are set by the caller */
 	X509 *cert;		/* The cert to check */
-	STACK *untrusted;	/* chain of X509s - untrusted - passed in */
+	STACK_OF(X509) *untrusted;	/* chain of X509s - untrusted - passed in */
+	int purpose;		/* purpose to check untrusted certificates */
+	int trust;		/* trust setting to check */
+	time_t	check_time;	/* time to make verify at */
+	unsigned long flags;	/* Various verify flags */
+	void *other_ctx;	/* Other info for use with get_issuer() */
+
+	/* Callbacks for various operations */
+	int (*verify)(X509_STORE_CTX *ctx);	/* called to verify a certificate */
+	int (*verify_cb)(int ok,X509_STORE_CTX *ctx);		/* error callback */
+	int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);	/* get issuers cert from ctx */
+	int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
+	int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
+	int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
+	int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
+	int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
+	int (*cleanup)(X509_STORE_CTX *ctx);
 
 	/* The following is built up */
 	int depth;		/* how far to go looking up certs */
 	int valid;		/* if 0, rebuild chain */
 	int last_untrusted;	/* index of last untrusted cert */
-	STACK *chain; 		/* chain of X509s - built up and trusted */
+	STACK_OF(X509) *chain; 		/* chain of X509s - built up and trusted */
 
 	/* When something goes wrong, this is why */
 	int error_depth;
 	int error;
 	X509 *current_cert;
+	X509 *current_issuer;	/* cert currently being tested as valid issuer */
+	X509_CRL *current_crl;	/* current CRL */
 
 	CRYPTO_EX_DATA ex_data;
-	} X509_STORE_CTX;
+	} /* X509_STORE_CTX */;
+
+#define X509_STORE_CTX_set_depth(ctx,d)       ((ctx)->depth=(d))
 
 #define X509_STORE_CTX_set_app_data(ctx,data) \
 	X509_STORE_CTX_set_ex_data(ctx,0,data)
@@ -207,15 +260,14 @@ typedef struct x509_store_state_st
 #define X509_L_FILE_LOAD	1
 #define X509_L_ADD_DIR		2
 
-X509_LOOKUP_METHOD *X509_LOOKUP_file();
 #define X509_LOOKUP_load_file(x,name,type) \
 		X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
 
-X509_LOOKUP_METHOD *X509_LOOKUP_dir();
 #define X509_LOOKUP_add_dir(x,name,type) \
 		X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
 
 #define		X509_V_OK					0
+/* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */
 
 #define		X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT		2
 #define		X509_V_ERR_UNABLE_TO_GET_CRL			3
@@ -239,21 +291,52 @@ X509_LOOKUP_METHOD *X509_LOOKUP_dir();
 #define		X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE	21
 #define		X509_V_ERR_CERT_CHAIN_TOO_LONG			22
 #define		X509_V_ERR_CERT_REVOKED				23
+#define		X509_V_ERR_INVALID_CA				24
+#define		X509_V_ERR_PATH_LENGTH_EXCEEDED			25
+#define		X509_V_ERR_INVALID_PURPOSE			26
+#define		X509_V_ERR_CERT_UNTRUSTED			27
+#define		X509_V_ERR_CERT_REJECTED			28
+/* These are 'informational' when looking for issuer cert */
+#define		X509_V_ERR_SUBJECT_ISSUER_MISMATCH		29
+#define		X509_V_ERR_AKID_SKID_MISMATCH			30
+#define		X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH		31
+#define		X509_V_ERR_KEYUSAGE_NO_CERTSIGN			32
+
+#define		X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER		33
+#define		X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION		34
 
 /* The application is not happy */
 #define		X509_V_ERR_APPLICATION_VERIFICATION		50
 
-#ifndef NOPROTO
-#ifdef HEADER_LHASH_H
-X509_OBJECT *X509_OBJECT_retrieve_by_subject(LHASH *h,int type,X509_NAME *name);
-#endif
+/* Certificate verify flags */
+
+#define	X509_V_FLAG_CB_ISSUER_CHECK		0x1	/* Send issuer+subject checks to verify_cb */
+#define	X509_V_FLAG_USE_CHECK_TIME		0x2	/* Use check time instead of current time */
+#define	X509_V_FLAG_CRL_CHECK			0x4	/* Lookup CRLs */
+#define	X509_V_FLAG_CRL_CHECK_ALL		0x8	/* Lookup CRLs for whole chain */
+#define	X509_V_FLAG_IGNORE_CRITICAL		0x10	/* Ignore unhandled critical extensions */
+
+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
+	     X509_NAME *name);
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name);
+X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x);
 void X509_OBJECT_up_ref_count(X509_OBJECT *a);
 void X509_OBJECT_free_contents(X509_OBJECT *a);
 X509_STORE *X509_STORE_new(void );
 void X509_STORE_free(X509_STORE *v);
 
-void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
-	X509 *x509, STACK *chain);
+void X509_STORE_set_flags(X509_STORE *ctx, long flags);
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
+int X509_STORE_set_trust(X509_STORE *ctx, int trust);
+
+X509_STORE_CTX *X509_STORE_CTX_new(void);
+
+int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+
+void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+			 X509 *x509, STACK_OF(X509) *chain);
+void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 
 X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
@@ -267,17 +350,15 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
 int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name,
 	X509_OBJECT *ret);
 
-int X509_LOOKUP_ctrl(X509_LOOKUP *ctx,int cmd,char *argc,long argl,char **ret);
+int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
+	long argl, char **ret);
 
-#ifndef NO_STDIO
-int X509_load_cert_file(X509_LOOKUP *ctx, char *file, int type);
-int X509_load_crl_file(X509_LOOKUP *ctx, char *file, int type);
+#ifndef OPENSSL_NO_STDIO
+int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
 #endif
 
-void X509v3_cleanup_extensions(void );
-int X509v3_add_extension(X509_EXTENSION_METHOD *x);
-int X509v3_add_netscape_extensions(void );
-int X509v3_add_standard_extensions(void );
 
 X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
 void X509_LOOKUP_free(X509_LOOKUP *ctx);
@@ -292,85 +373,32 @@ int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str,
 	int len, X509_OBJECT *ret);
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
 
-#ifndef NO_STDIO
+#ifndef OPENSSL_NO_STDIO
 int	X509_STORE_load_locations (X509_STORE *ctx,
-		char *file, char *dir);
+		const char *file, const char *dir);
 int	X509_STORE_set_default_paths(X509_STORE *ctx);
 #endif
 
-int X509_STORE_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
-	int (*dup_func)(), void (*free_func)());
-int	X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,char *data);
-char *	X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
+int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int	X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data);
+void *	X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx);
 int	X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
 void	X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s);
 int	X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
 X509 *	X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
-STACK *	X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
+STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx);
+STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
 void	X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x);
-void	X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK /* X509 */ *sk);
-
-#else
-
-#ifdef HEADER_LHASH_H
-X509_OBJECT *X509_OBJECT_retrieve_by_subject();
-#endif
-void X509_OBJECT_up_ref_count();
-void X509_OBJECT_free_contents();
-X509_STORE *X509_STORE_new();
-void X509_STORE_free();
-
-void X509_STORE_CTX_init();
-void X509_STORE_CTX_cleanup();
-
-X509_LOOKUP *X509_STORE_add_lookup();
-
-X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir();
-X509_LOOKUP_METHOD *X509_LOOKUP_file();
-
-int X509_STORE_add_cert();
-int X509_STORE_add_crl();
-
-int X509_STORE_get_by_subject();
-
-int X509_LOOKUP_ctrl();
-
-#ifndef NO_STDIO
-int X509_load_cert_file();
-int X509_load_crl_file();
-#endif
-
-void X509v3_cleanup_extensions();
-int X509v3_add_extension();
-int X509v3_add_netscape_extensions();
-int X509v3_add_standard_extensions();
-
-X509_LOOKUP *X509_LOOKUP_new();
-void X509_LOOKUP_free();
-int X509_LOOKUP_init();
-int X509_LOOKUP_by_subject();
-int X509_LOOKUP_by_issuer_serial();
-int X509_LOOKUP_by_fingerprint();
-int X509_LOOKUP_by_alias();
-int X509_LOOKUP_shutdown();
-
-#ifndef NO_STDIO
-int	X509_STORE_load_locations ();
-int	X509_STORE_set_default_paths();
-#endif
-
-int X509_STORE_CTX_get_ex_new_index();
-int	X509_STORE_CTX_set_ex_data();
-char *	X509_STORE_CTX_get_ex_data();
-int	X509_STORE_CTX_get_error();
-void	X509_STORE_CTX_set_error();
-int	X509_STORE_CTX_get_error_depth();
-X509 *	X509_STORE_CTX_get_current_cert();
-STACK *	X509_STORE_CTX_get_chain();
-void	X509_STORE_CTX_set_cert();
-void	X509_STORE_CTX_set_chain();
-
-#endif
+void	X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk);
+int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
+int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
+int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
+				int purpose, int trust);
+void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags);
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t);
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+				  int (*verify_cb)(int, X509_STORE_CTX *));
 
 #ifdef  __cplusplus
 }
diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c
new file mode 100644
index 0000000000..6cac440ea9
--- /dev/null
+++ b/crypto/x509/x509cset.c
@@ -0,0 +1,169 @@
+/* crypto/x509/x509cset.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+int X509_CRL_set_version(X509_CRL *x, long version)
+	{
+	if (x == NULL) return(0);
+	if (x->crl->version == NULL)
+		{
+		if ((x->crl->version=M_ASN1_INTEGER_new()) == NULL)
+			return(0);
+		}
+	return(ASN1_INTEGER_set(x->crl->version,version));
+	}
+
+int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
+	{
+	if ((x == NULL) || (x->crl == NULL)) return(0);
+	return(X509_NAME_set(&x->crl->issuer,name));
+	}
+
+
+int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm)
+	{
+	ASN1_TIME *in;
+
+	if (x == NULL) return(0);
+	in=x->crl->lastUpdate;
+	if (in != tm)
+		{
+		in=M_ASN1_TIME_dup(tm);
+		if (in != NULL)
+			{
+			M_ASN1_TIME_free(x->crl->lastUpdate);
+			x->crl->lastUpdate=in;
+			}
+		}
+	return(in != NULL);
+	}
+
+int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm)
+	{
+	ASN1_TIME *in;
+
+	if (x == NULL) return(0);
+	in=x->crl->nextUpdate;
+	if (in != tm)
+		{
+		in=M_ASN1_TIME_dup(tm);
+		if (in != NULL)
+			{
+			M_ASN1_TIME_free(x->crl->nextUpdate);
+			x->crl->nextUpdate=in;
+			}
+		}
+	return(in != NULL);
+	}
+
+int X509_CRL_sort(X509_CRL *c)
+	{
+	int i;
+	X509_REVOKED *r;
+	/* sort the data so it will be written in serial
+	 * number order */
+	sk_X509_REVOKED_sort(c->crl->revoked);
+	for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++)
+		{
+		r=sk_X509_REVOKED_value(c->crl->revoked,i);
+		r->sequence=i;
+		}
+	return 1;
+	}
+
+int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
+	{
+	ASN1_TIME *in;
+
+	if (x == NULL) return(0);
+	in=x->revocationDate;
+	if (in != tm)
+		{
+		in=M_ASN1_TIME_dup(tm);
+		if (in != NULL)
+			{
+			M_ASN1_TIME_free(x->revocationDate);
+			x->revocationDate=in;
+			}
+		}
+	return(in != NULL);
+	}
+
+int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
+	{
+	ASN1_INTEGER *in;
+
+	if (x == NULL) return(0);
+	in=x->serialNumber;
+	if (in != serial)
+		{
+		in=M_ASN1_INTEGER_dup(serial);
+		if (in != NULL)
+			{
+			M_ASN1_INTEGER_free(x->serialNumber);
+			x->serialNumber=in;
+			}
+		}
+	return(in != NULL);
+	}
diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c
index 650e71b1b5..4c20e03ece 100644
--- a/crypto/x509/x509name.c
+++ b/crypto/x509/x509name.c
@@ -57,18 +57,14 @@
  */
 
 #include <stdio.h>
-#include "stack.h"
+#include <openssl/stack.h>
 #include "cryptlib.h"
-#include "asn1.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
-
-int X509_NAME_get_text_by_NID(name,nid,buf,len)
-X509_NAME *name;
-int nid;
-char *buf;
-int len;
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
 	{
 	ASN1_OBJECT *obj;
 
@@ -77,11 +73,8 @@ int len;
 	return(X509_NAME_get_text_by_OBJ(name,obj,buf,len));
 	}
 
-int X509_NAME_get_text_by_OBJ(name,obj,buf,len)
-X509_NAME *name;
-ASN1_OBJECT *obj;
-char *buf;
-int len;
+int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,
+	     int len)
 	{
 	int i;
 	ASN1_STRING *data;
@@ -96,17 +89,13 @@ int len;
 	return(i);
 	}
 
-int X509_NAME_entry_count(name)
-X509_NAME *name;
+int X509_NAME_entry_count(X509_NAME *name)
 	{
 	if (name == NULL) return(0);
-	return(sk_num(name->entries));
+	return(sk_X509_NAME_ENTRY_num(name->entries));
 	}
 
-int X509_NAME_get_index_by_NID(name,nid,lastpos)
-X509_NAME *name;
-int nid;
-int lastpos;
+int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
 	{
 	ASN1_OBJECT *obj;
 
@@ -116,61 +105,57 @@ int lastpos;
 	}
 
 /* NOTE: you should be passsing -1, not 0 as lastpos */
-int X509_NAME_get_index_by_OBJ(name,obj,lastpos)
-X509_NAME *name;
-ASN1_OBJECT *obj;
-int lastpos;
+int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
+	     int lastpos)
 	{
 	int n;
 	X509_NAME_ENTRY *ne;
-	STACK *sk;
+	STACK_OF(X509_NAME_ENTRY) *sk;
 
 	if (name == NULL) return(-1);
 	if (lastpos < 0)
 		lastpos= -1;
 	sk=name->entries;
-	n=sk_num(sk);
+	n=sk_X509_NAME_ENTRY_num(sk);
 	for (lastpos++; lastpos < n; lastpos++)
 		{
-		ne=(X509_NAME_ENTRY *)sk_value(sk,lastpos);
+		ne=sk_X509_NAME_ENTRY_value(sk,lastpos);
 		if (OBJ_cmp(ne->object,obj) == 0)
 			return(lastpos);
 		}
 	return(-1);
 	}
 
-X509_NAME_ENTRY *X509_NAME_get_entry(name,loc)
-X509_NAME *name;
-int loc;
+X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc)
 	{
-	if (	(name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0))
+	if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
+	   || loc < 0)
 		return(NULL);
 	else
-		return((X509_NAME_ENTRY *)sk_value(name->entries,loc));
+		return(sk_X509_NAME_ENTRY_value(name->entries,loc));
 	}
 
-X509_NAME_ENTRY *X509_NAME_delete_entry(name,loc)
-X509_NAME *name;
-int loc;
+X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
 	{
 	X509_NAME_ENTRY *ret;
-	int i,j,n,set_prev,set_next;
-	STACK *sk;
+	int i,n,set_prev,set_next;
+	STACK_OF(X509_NAME_ENTRY) *sk;
 
-	if ((name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0))
+	if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
+	    || loc < 0)
 		return(NULL);
 	sk=name->entries;
-	ret=(X509_NAME_ENTRY *)sk_delete(sk,loc);
-	n=sk_num(sk);
+	ret=sk_X509_NAME_ENTRY_delete(sk,loc);
+	n=sk_X509_NAME_ENTRY_num(sk);
 	name->modified=1;
 	if (loc == n) return(ret);
 
 	/* else we need to fixup the set field */
 	if (loc != 0)
-		set_prev=((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set;
+		set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set;
 	else
 		set_prev=ret->set-1;
-	set_next=((X509_NAME_ENTRY *)sk_value(sk,loc))->set;
+	set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set;
 
 	/* set_prev is the previous set
 	 * set is the current set
@@ -181,29 +166,59 @@ int loc;
 	 * so basically only if prev and next differ by 2, then
 	 * re-number down by 1 */
 	if (set_prev+1 < set_next)
-		{
-		j=set_next-set_prev-1;
 		for (i=loc; i<n; i++)
-			((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set-=j;
-		}
+			sk_X509_NAME_ENTRY_value(sk,i)->set--;
 	return(ret);
 	}
 
+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
+			unsigned char *bytes, int len, int loc, int set)
+{
+	X509_NAME_ENTRY *ne;
+	int ret;
+	ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
+	if(!ne) return 0;
+	ret = X509_NAME_add_entry(name, ne, loc, set);
+	X509_NAME_ENTRY_free(ne);
+	return ret;
+}
+
+int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
+			unsigned char *bytes, int len, int loc, int set)
+{
+	X509_NAME_ENTRY *ne;
+	int ret;
+	ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
+	if(!ne) return 0;
+	ret = X509_NAME_add_entry(name, ne, loc, set);
+	X509_NAME_ENTRY_free(ne);
+	return ret;
+}
+
+int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type,
+			unsigned char *bytes, int len, int loc, int set)
+{
+	X509_NAME_ENTRY *ne;
+	int ret;
+	ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
+	if(!ne) return 0;
+	ret = X509_NAME_add_entry(name, ne, loc, set);
+	X509_NAME_ENTRY_free(ne);
+	return ret;
+}
+
 /* if set is -1, append to previous set, 0 'a new one', and 1,
  * prepend to the guy we are about to stomp on. */
-int X509_NAME_add_entry(name,ne,loc,set)
-X509_NAME *name;
-X509_NAME_ENTRY *ne;
-int loc;
-int set;
+int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
+	     int set)
 	{
 	X509_NAME_ENTRY *new_name=NULL;
 	int n,i,inc;
-	STACK *sk;
+	STACK_OF(X509_NAME_ENTRY) *sk;
 
 	if (name == NULL) return(0);
 	sk=name->entries;
-	n=sk_num(sk);
+	n=sk_X509_NAME_ENTRY_num(sk);
 	if (loc > n) loc=n;
 	else if (loc < 0) loc=n;
 
@@ -218,7 +233,7 @@ int set;
 			}
 		else
 			{
-			set=((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set;
+			set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set;
 			inc=0;
 			}
 		}
@@ -227,45 +242,60 @@ int set;
 		if (loc >= n)
 			{
 			if (loc != 0)
-				set=((X509_NAME_ENTRY *)
-					sk_value(sk,loc-1))->set+1;
+				set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1;
 			else
 				set=0;
 			}
 		else
-			set=((X509_NAME_ENTRY *)sk_value(sk,loc))->set;
+			set=sk_X509_NAME_ENTRY_value(sk,loc)->set;
 		inc=(set == 0)?1:0;
 		}
 
 	if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL)
 		goto err;
 	new_name->set=set;
-	if (!sk_insert(sk,(char *)new_name,loc))
+	if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc))
 		{
 		X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
 	if (inc)
 		{
-		n=sk_num(sk);
+		n=sk_X509_NAME_ENTRY_num(sk);
 		for (i=loc+1; i<n; i++)
-			((X509_NAME_ENTRY *)sk_value(sk,i-1))->set+=1;
+			sk_X509_NAME_ENTRY_value(sk,i-1)->set+=1;
 		}	
 	return(1);
 err:
 	if (new_name != NULL)
-		X509_NAME_ENTRY_free(ne);
+		X509_NAME_ENTRY_free(new_name);
 	return(0);
 	}
 
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(ne,nid,type,bytes,len)
-X509_NAME_ENTRY **ne;
-int nid;
-int type;
-unsigned char *bytes;
-int len;
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
+		char *field, int type, unsigned char *bytes, int len)
 	{
 	ASN1_OBJECT *obj;
+	X509_NAME_ENTRY *nentry;
+
+	obj=OBJ_txt2obj(field, 0);
+	if (obj == NULL)
+		{
+		X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
+						X509_R_INVALID_FIELD_NAME);
+		ERR_add_error_data(2, "name=", field);
+		return(NULL);
+		}
+	nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
+	ASN1_OBJECT_free(obj);
+	return nentry;
+	}
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
+	     int type, unsigned char *bytes, int len)
+	{
+	ASN1_OBJECT *obj;
+	X509_NAME_ENTRY *nentry;
 
 	obj=OBJ_nid2obj(nid);
 	if (obj == NULL)
@@ -273,15 +303,13 @@ int len;
 		X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
 		return(NULL);
 		}
-	return(X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len));
+	nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
+	ASN1_OBJECT_free(obj);
+	return nentry;
 	}
 
-X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len)
-X509_NAME_ENTRY **ne;
-ASN1_OBJECT *obj;
-int type;
-unsigned char *bytes;
-int len;
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+	     ASN1_OBJECT *obj, int type, unsigned char *bytes, int len)
 	{
 	X509_NAME_ENTRY *ret;
 
@@ -297,7 +325,7 @@ int len;
 		goto err;
 	if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
 		goto err;
-	
+
 	if ((ne != NULL) && (*ne == NULL)) *ne=ret;
 	return(ret);
 err:
@@ -306,9 +334,7 @@ err:
 	return(NULL);
 	}
 
-int X509_NAME_ENTRY_set_object(ne,obj)
-X509_NAME_ENTRY *ne;
-ASN1_OBJECT *obj;
+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
 	{
 	if ((ne == NULL) || (obj == NULL))
 		{
@@ -320,15 +346,16 @@ ASN1_OBJECT *obj;
 	return((ne->object == NULL)?0:1);
 	}
 
-int X509_NAME_ENTRY_set_data(ne,type,bytes,len)
-X509_NAME_ENTRY *ne;
-int type;
-unsigned char *bytes;
-int len;
+int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+	     unsigned char *bytes, int len)
 	{
 	int i;
 
 	if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
+	if((type > 0) && (type & MBSTRING_FLAG)) 
+		return ASN1_STRING_set_by_NID(&ne->value, bytes,
+						len, type,
+					OBJ_obj2nid(ne->object)) ? 1 : 0;
 	if (len < 0) len=strlen((char *)bytes);
 	i=ASN1_STRING_set(ne->value,bytes,len);
 	if (!i) return(0);
@@ -342,15 +369,13 @@ int len;
 	return(1);
 	}
 
-ASN1_OBJECT *X509_NAME_ENTRY_get_object(ne)
-X509_NAME_ENTRY *ne;
+ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
 	{
 	if (ne == NULL) return(NULL);
 	return(ne->object);
 	}
 
-ASN1_STRING *X509_NAME_ENTRY_get_data(ne)
-X509_NAME_ENTRY *ne;
+ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
 	{
 	if (ne == NULL) return(NULL);
 	return(ne->value);
diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.c
index 323b25470a..d9f6b57372 100644
--- a/crypto/x509/x509rset.c
+++ b/crypto/x509/x509rset.c
@@ -58,30 +58,24 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "asn1.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
 
-int X509_REQ_set_version(x,version)
-X509_REQ *x;
-long version;
+int X509_REQ_set_version(X509_REQ *x, long version)
 	{
 	if (x == NULL) return(0);
 	return(ASN1_INTEGER_set(x->req_info->version,version));
 	}
 
-int X509_REQ_set_subject_name(x,name)
-X509_REQ *x;
-X509_NAME *name;
+int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
 	{
 	if ((x == NULL) || (x->req_info == NULL)) return(0);
 	return(X509_NAME_set(&x->req_info->subject,name));
 	}
 
-int X509_REQ_set_pubkey(x,pkey)
-X509_REQ *x;
-EVP_PKEY *pkey;
+int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
 	{
 	if ((x == NULL) || (x->req_info == NULL)) return(0);
 	return(X509_PUBKEY_set(&x->req_info->pubkey,pkey));
diff --git a/crypto/x509/x509spki.c b/crypto/x509/x509spki.c
new file mode 100644
index 0000000000..4c3af946ec
--- /dev/null
+++ b/crypto/x509/x509spki.c
@@ -0,0 +1,120 @@
+/* x509spki.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+
+int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
+{
+	if ((x == NULL) || (x->spkac == NULL)) return(0);
+	return(X509_PUBKEY_set(&(x->spkac->pubkey),pkey));
+}
+
+EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
+{
+	if ((x == NULL) || (x->spkac == NULL))
+		return(NULL);
+	return(X509_PUBKEY_get(x->spkac->pubkey));
+}
+
+/* Load a Netscape SPKI from a base64 encoded string */
+
+NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
+{
+	unsigned char *spki_der, *p;
+	int spki_len;
+	NETSCAPE_SPKI *spki;
+	if(len <= 0) len = strlen(str);
+	if (!(spki_der = OPENSSL_malloc(len + 1))) {
+		X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
+	if(spki_len < 0) {
+		X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,
+						X509_R_BASE64_DECODE_ERROR);
+		OPENSSL_free(spki_der);
+		return NULL;
+	}
+	p = spki_der;
+	spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
+	OPENSSL_free(spki_der);
+	return spki;
+}
+
+/* Generate a base64 encoded string from an SPKI */
+
+char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
+{
+	unsigned char *der_spki, *p;
+	char *b64_str;
+	int der_len;
+	der_len = i2d_NETSCAPE_SPKI(spki, NULL);
+	der_spki = OPENSSL_malloc(der_len);
+	b64_str = OPENSSL_malloc(der_len * 2);
+	if(!der_spki || !b64_str) {
+		X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	p = der_spki;
+	i2d_NETSCAPE_SPKI(spki, &p);
+	EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
+	OPENSSL_free(der_spki);
+	return b64_str;
+}
diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c
index 42c23bcfca..8eaf102480 100644
--- a/crypto/x509/x509type.c
+++ b/crypto/x509/x509type.c
@@ -58,13 +58,11 @@
 
 #include <stdio.h>
 #include "cryptlib.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
 
-int X509_certificate_type(x,pkey)
-X509 *x;
-EVP_PKEY *pkey;
+int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
 	{
 	EVP_PKEY *pk;
 	int ret=0,i;
@@ -88,6 +86,9 @@ EVP_PKEY *pkey;
 	case EVP_PKEY_DSA:
 		ret=EVP_PK_DSA|EVP_PKT_SIGN;
 		break;
+	case EVP_PKEY_EC:
+		ret=EVP_PK_EC|EVP_PKT_SIGN|EVP_PKT_EXCH;
+		break;
 	case EVP_PKEY_DH:
 		ret=EVP_PK_DH|EVP_PKT_EXCH;
 		break;
@@ -104,12 +105,16 @@ EVP_PKEY *pkey;
 	case EVP_PKS_DSA:
 		ret|=EVP_PKS_DSA;
 		break;
+	case EVP_PKS_EC:
+		ret|=EVP_PKS_EC;
+		break;
 	default:
 		break;
 		}
 
-	if (EVP_PKEY_size(pkey) <= 512)
+	if (EVP_PKEY_size(pk) <= 512)
 		ret|=EVP_PKT_EXP;
+	if(pkey==NULL) EVP_PKEY_free(pk);
 	return(ret);
 	}
 
diff --git a/crypto/x509/x509v3.doc b/crypto/x509/x509v3.doc
deleted file mode 100644
index 1e760a9469..0000000000
--- a/crypto/x509/x509v3.doc
+++ /dev/null
@@ -1,24 +0,0 @@
-The 'new' system.
-
-The X509_EXTENSION_METHOD includes extensions and attributes and/or names. 
-Basically everthing that can be added to an X509 with an OID identifying it.
-
-It operates via 2 methods per object id.
-int a2i_XXX(X509 *x,char *str,int len);
-int i2a_XXX(BIO *bp,X509 *x);
-
-The a2i_XXX function will add the object with a value converted from the
-string into the X509.  Len can be -1 in which case the length is calculated
-via strlen(str).   Applications can always use direct knowledge to load and
-unload the relevent objects themselves.
-
-i2a_XXX will print to the passed BIO, a text representation of the
-relevet object.  Use a memory BIO if you want it printed to a buffer :-).
-
-X509_add_by_NID(X509 *x,int nid,char *str,int len);
-X509_add_by_OBJ(X509 *x,ASN1_OBJECT *obj,char *str,int len);
-
-X509_print_by_name(BIO *bp,X509 *x);
-X509_print_by_NID(BIO *bp,X509 *x);
-X509_print_by_OBJ(BIO *bp,X509 *x);
-
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
index 682de167f7..801df78f08 100644
--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -58,422 +58,483 @@
 
 #include <stdio.h>
 #undef SSLEAY_MACROS
-#include "stack.h"
+#include <openssl/stack.h>
 #include "cryptlib.h"
-#include "buffer.h"
-#include "asn1.h"
-#include "evp.h"
-#include "x509.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
 
-int X509_verify(a,r)
-X509 *a;
-EVP_PKEY *r;
+int X509_verify(X509 *a, EVP_PKEY *r)
 	{
-	return(ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,
-		a->signature,(char *)a->cert_info,r));
+	return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
+		a->signature,a->cert_info,r));
 	}
 
-int X509_REQ_verify(a,r)
-X509_REQ *a;
-EVP_PKEY *r;
+int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
 	{
-	return( ASN1_verify((int (*)())i2d_X509_REQ_INFO,
-		a->sig_alg,a->signature,(char *)a->req_info,r));
+	return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
+		a->sig_alg,a->signature,a->req_info,r));
 	}
 
-int X509_CRL_verify(a,r)
-X509_CRL *a;
-EVP_PKEY *r;
+int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
 	{
-	return(ASN1_verify((int (*)())i2d_X509_CRL_INFO,
-		a->sig_alg, a->signature,(char *)a->crl,r));
+	return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
+		a->sig_alg, a->signature,a->crl,r));
 	}
 
-int NETSCAPE_SPKI_verify(a,r)
-NETSCAPE_SPKI *a;
-EVP_PKEY *r;
+int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
 	{
-	return(ASN1_verify((int (*)())i2d_NETSCAPE_SPKAC,
-		a->sig_algor,a->signature, (char *)a->spkac,r));
+	return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
+		a->sig_algor,a->signature,a->spkac,r));
 	}
 
-int X509_sign(x,pkey,md)
-X509 *x;
-EVP_PKEY *pkey;
-EVP_MD *md;
+int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
-	return(ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature,
-		x->sig_alg, x->signature, (char *)x->cert_info,pkey,md));
+	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
+		x->sig_alg, x->signature, x->cert_info,pkey,md));
 	}
 
-int X509_REQ_sign(x,pkey,md)
-X509_REQ *x;
-EVP_PKEY *pkey;
-EVP_MD *md;
+int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
-	return(ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL,
-		x->signature, (char *)x->req_info,pkey,md));
+	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL,
+		x->signature, x->req_info,pkey,md));
 	}
 
-int X509_CRL_sign(x,pkey,md)
-X509_CRL *x;
-EVP_PKEY *pkey;
-EVP_MD *md;
+int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
-	return(ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,
-		x->sig_alg, x->signature, (char *)x->crl,pkey,md));
+	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg,
+		x->sig_alg, x->signature, x->crl,pkey,md));
 	}
 
-int NETSCAPE_SPKI_sign(x,pkey,md)
-NETSCAPE_SPKI *x;
-EVP_PKEY *pkey;
-EVP_MD *md;
+int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
-	return(ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL,
-		x->signature, (char *)x->spkac,pkey,md));
+	return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL,
+		x->signature, x->spkac,pkey,md));
 	}
 
-X509_ATTRIBUTE *X509_ATTRIBUTE_dup(xa)
-X509_ATTRIBUTE *xa;
+#ifndef OPENSSL_NO_FP_API
+X509 *d2i_X509_fp(FILE *fp, X509 **x509)
 	{
-	return((X509_ATTRIBUTE *)ASN1_dup((int (*)())i2d_X509_ATTRIBUTE,
-		(char *(*)())d2i_X509_ATTRIBUTE,(char *)xa));
+	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
 	}
 
-X509 *X509_dup(x509)
-X509 *x509;
+int i2d_X509_fp(FILE *fp, X509 *x509)
 	{
-	return((X509 *)ASN1_dup((int (*)())i2d_X509,
-		(char *(*)())d2i_X509,(char *)x509));
+	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
 	}
+#endif
 
-X509_EXTENSION *X509_EXTENSION_dup(ex)
-X509_EXTENSION *ex;
+X509 *d2i_X509_bio(BIO *bp, X509 **x509)
 	{
-	return((X509_EXTENSION *)ASN1_dup(
-		(int (*)())i2d_X509_EXTENSION,
-		(char *(*)())d2i_X509_EXTENSION,(char *)ex));
+	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
 	}
 
-#ifndef NO_FP_API
-X509 *d2i_X509_fp(fp,x509)
-FILE *fp;
-X509 *x509;
+int i2d_X509_bio(BIO *bp, X509 *x509)
 	{
-	return((X509 *)ASN1_d2i_fp((char *(*)())X509_new,
-		(char *(*)())d2i_X509, (fp),(unsigned char **)(x509)));
+	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
 	}
 
-int i2d_X509_fp(fp,x509)
-FILE *fp;
-X509 *x509;
+#ifndef OPENSSL_NO_FP_API
+X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
 	{
-	return(ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509));
+	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
 	}
-#endif
 
-X509 *d2i_X509_bio(bp,x509)
-BIO *bp;
-X509 *x509;
+int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
 	{
-	return((X509 *)ASN1_d2i_bio((char *(*)())X509_new,
-		(char *(*)())d2i_X509, (bp),(unsigned char **)(x509)));
+	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
 	}
+#endif
 
-int i2d_X509_bio(bp,x509)
-BIO *bp;
-X509 *x509;
+X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
 	{
-	return(ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509));
+	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
 	}
 
-X509_CRL *X509_CRL_dup(crl)
-X509_CRL *crl;
+int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
 	{
-	return((X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL,
-		(char *(*)())d2i_X509_CRL,(char *)crl));
+	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
 	}
 
-#ifndef NO_FP_API
-X509_CRL *d2i_X509_CRL_fp(fp,crl)
-FILE *fp;
-X509_CRL *crl;
+#ifndef OPENSSL_NO_FP_API
+PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
 	{
-	return((X509_CRL *)ASN1_d2i_fp((char *(*)())
-		X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp),
-		(unsigned char **)(crl)));
+	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
 	}
 
-int i2d_X509_CRL_fp(fp,crl)
-FILE *fp;
-X509_CRL *crl;
+int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
 	{
-	return(ASN1_i2d_fp(i2d_X509_CRL,fp,(unsigned char *)crl));
+	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
 	}
 #endif
 
-X509_CRL *d2i_X509_CRL_bio(bp,crl)
-BIO *bp;
-X509_CRL *crl;
+PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
 	{
-	return((X509_CRL *)ASN1_d2i_bio((char *(*)())
-		X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp),
-		(unsigned char **)(crl)));
+	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
 	}
 
-int i2d_X509_CRL_bio(bp,crl)
-BIO *bp;
-X509_CRL *crl;
+int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
 	{
-	return(ASN1_i2d_bio(i2d_X509_CRL,bp,(unsigned char *)crl));
+	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
 	}
 
-PKCS7 *PKCS7_dup(p7)
-PKCS7 *p7;
+#ifndef OPENSSL_NO_FP_API
+X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
 	{
-	return((PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7,
-		(char *(*)())d2i_PKCS7,(char *)p7));
+	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
 	}
 
-#ifndef NO_FP_API
-PKCS7 *d2i_PKCS7_fp(fp,p7)
-FILE *fp;
-PKCS7 *p7;
+int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
 	{
-	return((PKCS7 *)ASN1_d2i_fp((char *(*)())
-		PKCS7_new,(char *(*)())d2i_PKCS7, (fp),
-		(unsigned char **)(p7)));
+	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
 	}
+#endif
 
-int i2d_PKCS7_fp(fp,p7)
-FILE *fp;
-PKCS7 *p7;
+X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
 	{
-	return(ASN1_i2d_fp(i2d_PKCS7,fp,(unsigned char *)p7));
+	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
 	}
-#endif
 
-PKCS7 *d2i_PKCS7_bio(bp,p7)
-BIO *bp;
-PKCS7 *p7;
+int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
 	{
-	return((PKCS7 *)ASN1_d2i_bio((char *(*)())
-		PKCS7_new,(char *(*)())d2i_PKCS7, (bp),
-		(unsigned char **)(p7)));
+	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
 	}
 
-int i2d_PKCS7_bio(bp,p7)
-BIO *bp;
-PKCS7 *p7;
+#ifndef OPENSSL_NO_RSA
+
+#ifndef OPENSSL_NO_FP_API
+RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
 	{
-	return(ASN1_i2d_bio(i2d_PKCS7,bp,(unsigned char *)p7));
+	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
 	}
 
-X509_REQ *X509_REQ_dup(req)
-X509_REQ *req;
+int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
 	{
-	return((X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ,
-		(char *(*)())d2i_X509_REQ,(char *)req));
+	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
 	}
 
-#ifndef NO_FP_API
-X509_REQ *d2i_X509_REQ_fp(fp,req)
-FILE *fp;
-X509_REQ *req;
+RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
 	{
-	return((X509_REQ *)ASN1_d2i_fp((char *(*)())
-		X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp),
-		(unsigned char **)(req)));
+	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
 	}
 
-int i2d_X509_REQ_fp(fp,req)
-FILE *fp;
-X509_REQ *req;
+
+RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
 	{
-	return(ASN1_i2d_fp(i2d_X509_REQ,fp,(unsigned char *)req));
+	return((RSA *)ASN1_d2i_fp((char *(*)())
+		RSA_new,(char *(*)())d2i_RSA_PUBKEY, (fp),
+		(unsigned char **)(rsa)));
 	}
-#endif
 
-X509_REQ *d2i_X509_REQ_bio(bp,req)
-BIO *bp;
-X509_REQ *req;
+int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
 	{
-	return((X509_REQ *)ASN1_d2i_bio((char *(*)())
-		X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp),
-		(unsigned char **)(req)));
+	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
 	}
 
-int i2d_X509_REQ_bio(bp,req)
-BIO *bp;
-X509_REQ *req;
+int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
 	{
-	return(ASN1_i2d_bio(i2d_X509_REQ,bp,(unsigned char *)req));
+	return(ASN1_i2d_fp(i2d_RSA_PUBKEY,fp,(unsigned char *)rsa));
 	}
+#endif
 
-#ifndef NO_RSA
-RSA *RSAPublicKey_dup(rsa)
-RSA *rsa;
+RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
 	{
-	return((RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey,
-		(char *(*)())d2i_RSAPublicKey,(char *)rsa));
+	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
 	}
 
-RSA *RSAPrivateKey_dup(rsa)
-RSA *rsa;
+int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
 	{
-	return((RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey,
-		(char *(*)())d2i_RSAPrivateKey,(char *)rsa));
+	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
 	}
 
-#ifndef NO_FP_API
-RSA *d2i_RSAPrivateKey_fp(fp,rsa)
-FILE *fp;
-RSA *rsa;
+RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
 	{
-	return((RSA *)ASN1_d2i_fp((char *(*)())
-		RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp),
-		(unsigned char **)(rsa)));
+	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
 	}
 
-int i2d_RSAPrivateKey_fp(fp,rsa)
-FILE *fp;
-RSA *rsa;
+
+RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
 	{
-	return(ASN1_i2d_fp(i2d_RSAPrivateKey,fp,(unsigned char *)rsa));
+	return((RSA *)ASN1_d2i_bio((char *(*)())
+		RSA_new,(char *(*)())d2i_RSA_PUBKEY, (bp),
+		(unsigned char **)(rsa)));
 	}
 
-RSA *d2i_RSAPublicKey_fp(fp,rsa)
-FILE *fp;
-RSA *rsa;
+int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
 	{
-	return((RSA *)ASN1_d2i_fp((char *(*)())
-		RSA_new,(char *(*)())d2i_RSAPublicKey, (fp),
-		(unsigned char **)(rsa)));
+	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
 	}
 
-int i2d_RSAPublicKey_fp(fp,rsa)
-FILE *fp;
-RSA *rsa;
+int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
 	{
-	return(ASN1_i2d_fp(i2d_RSAPublicKey,fp,(unsigned char *)rsa));
+	return(ASN1_i2d_bio(i2d_RSA_PUBKEY,bp,(unsigned char *)rsa));
 	}
 #endif
 
-RSA *d2i_RSAPrivateKey_bio(bp,rsa)
-BIO *bp;
-RSA *rsa;
+#ifndef OPENSSL_NO_DSA
+#ifndef OPENSSL_NO_FP_API
+DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
 	{
-	return((RSA *)ASN1_d2i_bio((char *(*)())
-		RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp),
-		(unsigned char **)(rsa)));
+	return((DSA *)ASN1_d2i_fp((char *(*)())
+		DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp),
+		(unsigned char **)(dsa)));
 	}
 
-int i2d_RSAPrivateKey_bio(bp,rsa)
-BIO *bp;
-RSA *rsa;
+int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
 	{
-	return(ASN1_i2d_bio(i2d_RSAPrivateKey,bp,(unsigned char *)rsa));
+	return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa));
 	}
 
-RSA *d2i_RSAPublicKey_bio(bp,rsa)
-BIO *bp;
-RSA *rsa;
+DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
 	{
-	return((RSA *)ASN1_d2i_bio((char *(*)())
-		RSA_new,(char *(*)())d2i_RSAPublicKey, (bp),
-		(unsigned char **)(rsa)));
+	return((DSA *)ASN1_d2i_fp((char *(*)())
+		DSA_new,(char *(*)())d2i_DSA_PUBKEY, (fp),
+		(unsigned char **)(dsa)));
 	}
 
-int i2d_RSAPublicKey_bio(bp,rsa)
-BIO *bp;
-RSA *rsa;
+int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
 	{
-	return(ASN1_i2d_bio(i2d_RSAPublicKey,bp,(unsigned char *)rsa));
+	return(ASN1_i2d_fp(i2d_DSA_PUBKEY,fp,(unsigned char *)dsa));
 	}
 #endif
 
-#ifndef NO_DSA
-#ifndef NO_FP_API
-DSA *d2i_DSAPrivateKey_fp(fp,dsa)
-FILE *fp;
-DSA *dsa;
+DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
 	{
-	return((DSA *)ASN1_d2i_fp((char *(*)())
-		DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp),
+	return((DSA *)ASN1_d2i_bio((char *(*)())
+		DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp),
 		(unsigned char **)(dsa)));
 	}
 
-int i2d_DSAPrivateKey_fp(fp,dsa)
-FILE *fp;
-DSA *dsa;
+int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
 	{
-	return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa));
+	return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa));
 	}
-#endif
 
-DSA *d2i_DSAPrivateKey_bio(bp,dsa)
-BIO *bp;
-DSA *dsa;
+DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
 	{
 	return((DSA *)ASN1_d2i_bio((char *(*)())
-		DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp),
+		DSA_new,(char *(*)())d2i_DSA_PUBKEY, (bp),
 		(unsigned char **)(dsa)));
 	}
 
-int i2d_DSAPrivateKey_bio(bp,dsa)
-BIO *bp;
-DSA *dsa;
+int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
 	{
-	return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa));
+	return(ASN1_i2d_bio(i2d_DSA_PUBKEY,bp,(unsigned char *)dsa));
+	}
+
+#endif
+
+#ifndef OPENSSL_NO_EC
+#ifndef OPENSSL_NO_FP_API
+EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey)
+	{
+	return((EC_KEY *)ASN1_d2i_fp((char *(*)())
+		EC_KEY_new,(char *(*)())d2i_EC_PUBKEY, (fp),
+		(unsigned char **)(eckey)));
+	}
+  
+int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey)
+	{
+	return(ASN1_i2d_fp(i2d_EC_PUBKEY,fp,(unsigned char *)eckey));
+	}
+
+EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey)
+	{
+	return((EC_KEY *)ASN1_d2i_fp((char *(*)())
+		EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (fp),
+		(unsigned char **)(eckey)));
+	}
+  
+int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey)
+	{
+	return(ASN1_i2d_fp(i2d_ECPrivateKey,fp,(unsigned char *)eckey));
 	}
 #endif
+EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey)
+	{
+	return((EC_KEY *)ASN1_d2i_bio((char *(*)())
+		EC_KEY_new,(char *(*)())d2i_EC_PUBKEY, (bp),
+		(unsigned char **)(eckey)));
+	}
+  
+int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa)
+	{
+	return(ASN1_i2d_bio(i2d_EC_PUBKEY,bp,(unsigned char *)ecdsa));
+	}
 
-X509_ALGOR *X509_ALGOR_dup(xn)
-X509_ALGOR *xn;
+EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey)
 	{
-	return((X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,
-	(char *(*)())d2i_X509_ALGOR,(char *)xn));
+	return((EC_KEY *)ASN1_d2i_bio((char *(*)())
+		EC_KEY_new,(char *(*)())d2i_ECPrivateKey, (bp),
+		(unsigned char **)(eckey)));
 	}
+  
+int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey)
+	{
+	return(ASN1_i2d_bio(i2d_ECPrivateKey,bp,(unsigned char *)eckey));
+	}
+#endif
+
 
-X509_NAME *X509_NAME_dup(xn)
-X509_NAME *xn;
+int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
+	     unsigned int *len)
 	{
-	return((X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME,
-		(char *(*)())d2i_X509_NAME,(char *)xn));
+	ASN1_BIT_STRING *key;
+	key = X509_get0_pubkey_bitstr(data);
+	if(!key) return 0;
+	return EVP_Digest(key->data, key->length, md, len, type, NULL);
 	}
 
-X509_NAME_ENTRY *X509_NAME_ENTRY_dup(ne)
-X509_NAME_ENTRY *ne;
+int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
+	     unsigned int *len)
 	{
-	return((X509_NAME_ENTRY *)ASN1_dup((int (*)())i2d_X509_NAME_ENTRY,
-		(char *(*)())d2i_X509_NAME_ENTRY,(char *)ne));
+	return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len));
 	}
 
-int X509_digest(data,type,md,len)
-X509 *data;
-EVP_MD *type;
-unsigned char *md;
-unsigned int *len;
+int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
+	     unsigned int *len)
 	{
-	return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len));
+	return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len));
 	}
 
-int X509_NAME_digest(data,type,md,len)
-X509_NAME *data;
-EVP_MD *type;
-unsigned char *md;
-unsigned int *len;
+int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
+	     unsigned int *len)
 	{
-	return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len));
+	return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len));
 	}
 
-int PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len)
-PKCS7_ISSUER_AND_SERIAL *data;
-EVP_MD *type;
-unsigned char *md;
-unsigned int *len;
+int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
+	     unsigned int *len)
 	{
-	return(ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,
+	return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len));
+	}
+
+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type,
+	     unsigned char *md, unsigned int *len)
+	{
+	return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type,
 		(char *)data,md,len));
 	}
 
+
+#ifndef OPENSSL_NO_FP_API
+X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
+	{
+	return((X509_SIG *)ASN1_d2i_fp((char *(*)())X509_SIG_new,
+		(char *(*)())d2i_X509_SIG, (fp),(unsigned char **)(p8)));
+	}
+
+int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
+	{
+	return(ASN1_i2d_fp(i2d_X509_SIG,fp,(unsigned char *)p8));
+	}
+#endif
+
+X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
+	{
+	return((X509_SIG *)ASN1_d2i_bio((char *(*)())X509_SIG_new,
+		(char *(*)())d2i_X509_SIG, (bp),(unsigned char **)(p8)));
+	}
+
+int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
+	{
+	return(ASN1_i2d_bio(i2d_X509_SIG,bp,(unsigned char *)p8));
+	}
+
+#ifndef OPENSSL_NO_FP_API
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
+						 PKCS8_PRIV_KEY_INFO **p8inf)
+	{
+	return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_fp(
+		(char *(*)())PKCS8_PRIV_KEY_INFO_new,
+		(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (fp),
+				(unsigned char **)(p8inf)));
+	}
+
+int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
+	{
+	return(ASN1_i2d_fp(i2d_PKCS8_PRIV_KEY_INFO,fp,(unsigned char *)p8inf));
+	}
+
+int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
+	{
+	PKCS8_PRIV_KEY_INFO *p8inf;
+	int ret;
+	p8inf = EVP_PKEY2PKCS8(key);
+	if(!p8inf) return 0;
+	ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
+	PKCS8_PRIV_KEY_INFO_free(p8inf);
+	return ret;
+	}
+
+int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
+	{
+	return(ASN1_i2d_fp(i2d_PrivateKey,fp,(unsigned char *)pkey));
+	}
+
+EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
+{
+	return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new,
+		(char *(*)())d2i_AutoPrivateKey, (fp),(unsigned char **)(a)));
+}
+
+int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
+	{
+	return(ASN1_i2d_fp(i2d_PUBKEY,fp,(unsigned char *)pkey));
+	}
+
+EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
+{
+	return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new,
+		(char *(*)())d2i_PUBKEY, (fp),(unsigned char **)(a)));
+}
+
+#endif
+
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
+						 PKCS8_PRIV_KEY_INFO **p8inf)
+	{
+	return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_bio(
+		(char *(*)())PKCS8_PRIV_KEY_INFO_new,
+		(char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (bp),
+				(unsigned char **)(p8inf)));
+	}
+
+int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
+	{
+	return(ASN1_i2d_bio(i2d_PKCS8_PRIV_KEY_INFO,bp,(unsigned char *)p8inf));
+	}
+
+int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
+	{
+	PKCS8_PRIV_KEY_INFO *p8inf;
+	int ret;
+	p8inf = EVP_PKEY2PKCS8(key);
+	if(!p8inf) return 0;
+	ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
+	PKCS8_PRIV_KEY_INFO_free(p8inf);
+	return ret;
+	}
+
+int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
+	{
+	return(ASN1_i2d_bio(i2d_PrivateKey,bp,(unsigned char *)pkey));
+	}
+
+EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
+	{
+	return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
+		(char *(*)())d2i_AutoPrivateKey, (bp),(unsigned char **)(a)));
+	}
+
+int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
+	{
+	return(ASN1_i2d_bio(i2d_PUBKEY,bp,(unsigned char *)pkey));
+	}
+
+EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
+	{
+	return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
+		(char *(*)())d2i_PUBKEY, (bp),(unsigned char **)(a)));
+	}
diff --git a/crypto/x509v3/.cvsignore b/crypto/x509v3/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/crypto/x509v3/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl
new file mode 100644
index 0000000000..2535c62ffd
--- /dev/null
+++ b/crypto/x509v3/Makefile.ssl
@@ -0,0 +1,632 @@
+#
+# SSLeay/crypto/x509v3/Makefile
+#
+
+DIR=	x509v3
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I$(TOP) -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC=	v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \
+v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \
+v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \
+v3_ocsp.c v3_akeya.c
+LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
+v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
+v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \
+v3_ocsp.o v3_akeya.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= x509v3.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB) || echo Never mind.
+	@touch lib
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+v3_akey.o: ../../e_os.h ../../include/openssl/aes.h
+v3_akey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_akey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_akey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_akey.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_akey.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_akey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_akey.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_akey.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_akey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_akey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_akey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_akey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_akey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_akey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_akey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_akey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_akey.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_akey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_akey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akey.c
+v3_akeya.o: ../../e_os.h ../../include/openssl/aes.h
+v3_akeya.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_akeya.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_akeya.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_akeya.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_akeya.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_akeya.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_akeya.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_akeya.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_akeya.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_akeya.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_akeya.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_akeya.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_akeya.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_akeya.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_akeya.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_akeya.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_akeya.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_akeya.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_akeya.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_akeya.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_akeya.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_akeya.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akeya.c
+v3_alt.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_alt.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_alt.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_alt.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_alt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_alt.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_alt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_alt.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_alt.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_alt.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_alt.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_alt.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_alt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_alt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_alt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_alt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_alt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_alt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_alt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_alt.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_alt.c
+v3_bcons.o: ../../e_os.h ../../include/openssl/aes.h
+v3_bcons.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_bcons.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_bcons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_bcons.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_bcons.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_bcons.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_bcons.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_bcons.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_bcons.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_bcons.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_bcons.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_bcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_bcons.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_bcons.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_bcons.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_bcons.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_bcons.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_bcons.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_bcons.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_bcons.c
+v3_bitst.o: ../../e_os.h ../../include/openssl/aes.h
+v3_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_bitst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_bitst.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_bitst.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_bitst.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_bitst.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_bitst.o: ../../include/openssl/opensslconf.h
+v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_bitst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_bitst.c
+v3_conf.o: ../../e_os.h ../../include/openssl/aes.h
+v3_conf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_conf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_conf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_conf.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_conf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_conf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_conf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_conf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_conf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_conf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_conf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_conf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_conf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_conf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_conf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_conf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_conf.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_conf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_conf.o: ../cryptlib.h v3_conf.c
+v3_cpols.o: ../../e_os.h ../../include/openssl/aes.h
+v3_cpols.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_cpols.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_cpols.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_cpols.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_cpols.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_cpols.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_cpols.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_cpols.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_cpols.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_cpols.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_cpols.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_cpols.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_cpols.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_cpols.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_cpols.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_cpols.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_cpols.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_cpols.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_cpols.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_cpols.c
+v3_crld.o: ../../e_os.h ../../include/openssl/aes.h
+v3_crld.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_crld.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_crld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_crld.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_crld.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_crld.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_crld.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_crld.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_crld.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_crld.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_crld.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_crld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_crld.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_crld.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_crld.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_crld.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_crld.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_crld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_crld.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_crld.c
+v3_enum.o: ../../e_os.h ../../include/openssl/aes.h
+v3_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_enum.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_enum.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_enum.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_enum.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_enum.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_enum.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_enum.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_enum.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_enum.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_enum.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_enum.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_enum.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_enum.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_enum.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_enum.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_enum.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_enum.o: ../cryptlib.h v3_enum.c
+v3_extku.o: ../../e_os.h ../../include/openssl/aes.h
+v3_extku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_extku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_extku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_extku.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_extku.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_extku.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_extku.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_extku.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_extku.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_extku.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_extku.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_extku.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_extku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_extku.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_extku.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_extku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_extku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_extku.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_extku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_extku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_extku.c
+v3_genn.o: ../../e_os.h ../../include/openssl/aes.h
+v3_genn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_genn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_genn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_genn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_genn.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_genn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_genn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_genn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_genn.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_genn.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_genn.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_genn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_genn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_genn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_genn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_genn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_genn.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_genn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_genn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_genn.c
+v3_ia5.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_ia5.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_ia5.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_ia5.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_ia5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_ia5.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_ia5.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_ia5.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_ia5.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_ia5.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_ia5.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_ia5.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_ia5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_ia5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_ia5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_ia5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_ia5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_ia5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_ia5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_ia5.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ia5.c
+v3_info.o: ../../e_os.h ../../include/openssl/aes.h
+v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_info.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_info.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_info.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_info.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_info.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_info.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_info.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_info.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_info.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_info.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_info.c
+v3_int.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_int.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_int.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_int.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_int.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_int.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_int.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_int.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_int.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_int.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_int.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_int.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_int.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_int.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_int.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_int.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_int.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_int.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_int.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_int.c
+v3_lib.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_lib.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_lib.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_lib.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_lib.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_lib.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h v3_lib.c
+v3_ocsp.o: ../../e_os.h ../../include/openssl/aes.h
+v3_ocsp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_ocsp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_ocsp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_ocsp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_ocsp.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_ocsp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_ocsp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_ocsp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_ocsp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_ocsp.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_ocsp.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_ocsp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_ocsp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_ocsp.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+v3_ocsp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_ocsp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_ocsp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_ocsp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_ocsp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_ocsp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_ocsp.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_ocsp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_ocsp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ocsp.c
+v3_pku.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_pku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+v3_pku.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_pku.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_pku.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_pku.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_pku.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_pku.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_pku.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_pku.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_pku.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_pku.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_pku.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_pku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_pku.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_pku.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_pku.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_pku.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_pku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_pku.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_pku.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_pku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_pku.o: ../cryptlib.h v3_pku.c
+v3_prn.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_prn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_prn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_prn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_prn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_prn.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_prn.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_prn.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_prn.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_prn.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_prn.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_prn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_prn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_prn.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_prn.c
+v3_purp.o: ../../e_os.h ../../include/openssl/aes.h
+v3_purp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_purp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_purp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_purp.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_purp.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_purp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_purp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_purp.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_purp.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_purp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_purp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_purp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_purp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_purp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_purp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_purp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_purp.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_purp.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_purp.o: ../cryptlib.h v3_purp.c
+v3_skey.o: ../../e_os.h ../../include/openssl/aes.h
+v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+v3_skey.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
+v3_skey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+v3_skey.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+v3_skey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_skey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_skey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+v3_skey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+v3_skey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+v3_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+v3_skey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+v3_skey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+v3_skey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+v3_skey.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+v3_skey.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
+v3_skey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_skey.o: ../cryptlib.h v3_skey.c
+v3_sxnet.o: ../../e_os.h ../../include/openssl/aes.h
+v3_sxnet.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+v3_sxnet.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_sxnet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_sxnet.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_sxnet.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_sxnet.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_sxnet.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_sxnet.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_sxnet.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_sxnet.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_sxnet.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_sxnet.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_sxnet.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_sxnet.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_sxnet.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_sxnet.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_sxnet.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_sxnet.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_sxnet.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_sxnet.c
+v3_utl.o: ../../e_os.h ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3_utl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_utl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_utl.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_utl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_utl.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3_utl.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3_utl.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3_utl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3_utl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3_utl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_utl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_utl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3_utl.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3_utl.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_utl.c
+v3err.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+v3err.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3err.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3err.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3err.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
+v3err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+v3err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+v3err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+v3err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+v3err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+v3err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+v3err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+v3err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+v3err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+v3err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+v3err.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
+v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+v3err.o: ../../include/openssl/x509v3.h v3err.c
diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
new file mode 100644
index 0000000000..2fb97d8925
--- /dev/null
+++ b/crypto/x509v3/ext_dat.h
@@ -0,0 +1,109 @@
+/* ext_dat.h */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* This file contains a table of "standard" extensions */
+
+extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
+extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
+extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
+extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate, v3_cpols, v3_crld;
+extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
+extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
+extern X509V3_EXT_METHOD v3_crl_hold;
+
+/* This table will be searched using OBJ_bsearch so it *must* kept in
+ * order of the ext_nid values.
+ */
+
+static X509V3_EXT_METHOD *standard_exts[] = {
+&v3_nscert,
+&v3_ns_ia5_list[0],
+&v3_ns_ia5_list[1],
+&v3_ns_ia5_list[2],
+&v3_ns_ia5_list[3],
+&v3_ns_ia5_list[4],
+&v3_ns_ia5_list[5],
+&v3_ns_ia5_list[6],
+&v3_skey_id,
+&v3_key_usage,
+&v3_pkey_usage_period,
+&v3_alt[0],
+&v3_alt[1],
+&v3_bcons,
+&v3_crl_num,
+&v3_cpols,
+&v3_akey_id,
+&v3_crld,
+&v3_ext_ku,
+&v3_crl_reason,
+&v3_crl_invdate,
+&v3_sxnet,
+&v3_info,
+&v3_ocsp_nonce,
+&v3_ocsp_crlid,
+&v3_ocsp_accresp,
+&v3_ocsp_nocheck,
+&v3_ocsp_acutoff,
+&v3_ocsp_serviceloc,
+&v3_sinfo,
+&v3_crl_hold
+};
+
+/* Number of standard extensions */
+
+#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
+
diff --git a/crypto/x509v3/format b/crypto/x509v3/format
deleted file mode 100644
index 3307978121..0000000000
--- a/crypto/x509v3/format
+++ /dev/null
@@ -1,92 +0,0 @@
-AuthorityKeyIdentifier
-	{
-	keyIdentifier		[0] OCTET_STRING	OPTIONAL
-	authorityCertIssuer	[1] GeneralNames	OPTIONAL
-	authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL
-	}
-
-SubjectKeyIdentifier	OCTET_STRING
-
-KeyUsage
-	{
-	BIT_STRING
-		digitalSignature	0
-		nonRepudiation		1
-		keyEncipherment		2
-		dataEncipherment	3
-		keyAgreement		4
-		keyCertSign		5
-		cRLSign			6
-		encipherOnly		7
-		decipherOnly		8
-	}
-
-extKeyUsage
-	{
-	SEQUENCE of OBJECT_IDENTIFIER
-	}
-
-privateKeyUsagePeriod
-	{
-	notBefore	[0]	GeneralizedTime OPTIONAL
-	notAfter	[1]	GeneralizedTime OPTIONAL
-	}
-
-certificatePoliciesSyntax
-	SEQUENCE of PoliciesInformation
-
-PoliciesInformation	XXX
-policyMappings		XXX
-supportedAlgorithms	XXX
-
-subjectAltName
-	GeneralNames sequence of GeneralName
-
-GeneralName
-	{
-	otherName	[0] INSTANCE OF OTHER-NAME
-	rfc882Name	[1] IA5String
-	dNSName		[2] IA5String
-	x400Address	[3] ORAddress
-	directoryName	[4] Name
-	ediPartyName	[5] 
-				{
-				nameAssigner	[0] DirectoryString OPTIONAL
-				partyName	[1] DirectoryString
-				}
-	uniformResourceIdentifier [6] IA5String
-	iPAddress	[7] OCTET_STRING
-	registeredID	[8] OBJECT_IDENTIFIER
-	}
-
-issuerAltName
-	GeneralNames sequence of GeneralName
-
-subjectDirectoryAttribute SEQUENCE of Attribute
-
-basicConstraints
-	{
-	cA 			BOOLEAN default FALSE
-	pathLenConstraint	INTEGER OPTIONAL
-	}
-
-nameConstraints
-	{
-	permittedSubtrees [0] sequence of GeneralSubtree OPTIONAL
-	excludedSubtrees [1] sequence of GeneralSubtree OPTIONAL
-	}
-
-GeneralSubtree
-	{
-	base	GeneralName
-	minimum	[0] BaseDistance DEFAULT 0
-	maximum	[1] BaseDistance OPTIONAL
-	}
-
-PolicyConstraints
-	{
-	requiredExplicitPolicy	[0] SkipCerts OPTIONAL
-	inhibitPolicyMapping	[1] SkipCerts OPTIONAL
-	}
-SkipCerts == INTEGER
-
diff --git a/crypto/x509v3/header b/crypto/x509v3/header
deleted file mode 100644
index 3d791ca3dd..0000000000
--- a/crypto/x509v3/header
+++ /dev/null
@@ -1,6 +0,0 @@
-int		a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size)
-int		i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
-int		i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp)
-ASN1_INTEGER *	d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,long length)
-
-
diff --git a/crypto/x509v3/tabtest.c b/crypto/x509v3/tabtest.c
new file mode 100644
index 0000000000..dad0d38dd5
--- /dev/null
+++ b/crypto/x509v3/tabtest.c
@@ -0,0 +1,88 @@
+/* tabtest.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* Simple program to check the ext_dat.h is correct and print out
+ * problems if it is not.
+ */
+
+#include <stdio.h>
+
+#include <openssl/x509v3.h>
+
+#include "ext_dat.h"
+
+main()
+{
+	int i, prev = -1, bad = 0;
+	X509V3_EXT_METHOD **tmp;
+	i = sizeof(standard_exts) / sizeof(X509V3_EXT_METHOD *);
+	if(i != STANDARD_EXTENSION_COUNT)
+		fprintf(stderr, "Extension number invalid expecting %d\n", i);
+	tmp = standard_exts;
+	for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++) {
+		if((*tmp)->ext_nid < prev) bad = 1;
+		prev = (*tmp)->ext_nid;
+		
+	}
+	if(bad) {
+		tmp = standard_exts;
+		fprintf(stderr, "Extensions out of order!\n");
+		for(i = 0; i < STANDARD_EXTENSION_COUNT; i++, tmp++)
+		printf("%d : %s\n", (*tmp)->ext_nid, OBJ_nid2sn((*tmp)->ext_nid));
+	} else fprintf(stderr, "Order OK\n");
+}
diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c
new file mode 100644
index 0000000000..97e686f97a
--- /dev/null
+++ b/crypto/x509v3/v3_akey.c
@@ -0,0 +1,190 @@
+/* v3_akey.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+			AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist);
+static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+			X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+
+X509V3_EXT_METHOD v3_akey_id = {
+NID_authority_key_identifier, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
+0,0,0,0,
+0,0,
+(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
+(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
+0,0,
+NULL
+};
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+	     AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)
+{
+	char *tmp;
+	if(akeyid->keyid) {
+		tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
+		X509V3_add_value("keyid", tmp, &extlist);
+		OPENSSL_free(tmp);
+	}
+	if(akeyid->issuer) 
+		extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
+	if(akeyid->serial) {
+		tmp = hex_to_string(akeyid->serial->data,
+						 akeyid->serial->length);
+		X509V3_add_value("serial", tmp, &extlist);
+		OPENSSL_free(tmp);
+	}
+	return extlist;
+}
+
+/* Currently two options:
+ * keyid: use the issuers subject keyid, the value 'always' means its is
+ * an error if the issuer certificate doesn't have a key id.
+ * issuer: use the issuers cert issuer and serial number. The default is
+ * to only use this if keyid is not present. With the option 'always'
+ * this is always included.
+ */
+
+static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
+{
+char keyid=0, issuer=0;
+int i;
+CONF_VALUE *cnf;
+ASN1_OCTET_STRING *ikeyid = NULL;
+X509_NAME *isname = NULL;
+GENERAL_NAMES * gens = NULL;
+GENERAL_NAME *gen = NULL;
+ASN1_INTEGER *serial = NULL;
+X509_EXTENSION *ext;
+X509 *cert;
+AUTHORITY_KEYID *akeyid;
+for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
+	cnf = sk_CONF_VALUE_value(values, i);
+	if(!strcmp(cnf->name, "keyid")) {
+		keyid = 1;
+		if(cnf->value && !strcmp(cnf->value, "always")) keyid = 2;
+	} else if(!strcmp(cnf->name, "issuer")) {
+		issuer = 1;
+		if(cnf->value && !strcmp(cnf->value, "always")) issuer = 2;
+	} else {
+		X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);
+		ERR_add_error_data(2, "name=", cnf->name);
+		return NULL;
+	}
+}
+
+if(!ctx || !ctx->issuer_cert) {
+	if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new();
+	X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
+	return NULL;
+}
+
+cert = ctx->issuer_cert;
+
+if(keyid) {
+	i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
+	if((i >= 0)  && (ext = X509_get_ext(cert, i)))
+						 ikeyid = X509V3_EXT_d2i(ext);
+	if(keyid==2 && !ikeyid) {
+		X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
+		return NULL;
+	}
+}
+
+if((issuer && !ikeyid) || (issuer == 2)) {
+	isname = X509_NAME_dup(X509_get_issuer_name(cert));
+	serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
+	if(!isname || !serial) {
+		X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
+		goto err;
+	}
+}
+
+if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
+
+if(isname) {
+	if(!(gens = sk_GENERAL_NAME_new_null()) || !(gen = GENERAL_NAME_new())
+		|| !sk_GENERAL_NAME_push(gens, gen)) {
+		X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+	gen->type = GEN_DIRNAME;
+	gen->d.dirn = isname;
+}
+
+akeyid->issuer = gens;
+akeyid->serial = serial;
+akeyid->keyid = ikeyid;
+
+return akeyid;
+
+err:
+X509_NAME_free(isname);
+M_ASN1_INTEGER_free(serial);
+M_ASN1_OCTET_STRING_free(ikeyid);
+return NULL;
+
+}
+
diff --git a/crypto/x509v3/v3_akeya.c b/crypto/x509v3/v3_akeya.c
new file mode 100644
index 0000000000..2aafa26ba7
--- /dev/null
+++ b/crypto/x509v3/v3_akeya.c
@@ -0,0 +1,72 @@
+/* v3_akey_asn1.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(AUTHORITY_KEYID) = {
+	ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0),
+	ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1),
+	ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2)
+} ASN1_SEQUENCE_END(AUTHORITY_KEYID)
+
+IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID)
diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c
new file mode 100644
index 0000000000..baa9ca103d
--- /dev/null
+++ b/crypto/x509v3/v3_alt.c
@@ -0,0 +1,491 @@
+/* v3_alt.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
+static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
+static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
+
+X509V3_EXT_METHOD v3_alt[] = {
+{ NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+0,0,0,0,
+0,0,
+(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+(X509V3_EXT_V2I)v2i_subject_alt,
+NULL, NULL, NULL},
+
+{ NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+0,0,0,0,
+0,0,
+(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
+(X509V3_EXT_V2I)v2i_issuer_alt,
+NULL, NULL, NULL},
+};
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+		GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret)
+{
+	int i;
+	GENERAL_NAME *gen;
+	for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+		gen = sk_GENERAL_NAME_value(gens, i);
+		ret = i2v_GENERAL_NAME(method, gen, ret);
+	}
+	if(!ret) return sk_CONF_VALUE_new_null();
+	return ret;
+}
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
+				GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)
+{
+	unsigned char *p;
+	char oline[256];
+	switch (gen->type)
+	{
+		case GEN_OTHERNAME:
+		X509V3_add_value("othername","<unsupported>", &ret);
+		break;
+
+		case GEN_X400:
+		X509V3_add_value("X400Name","<unsupported>", &ret);
+		break;
+
+		case GEN_EDIPARTY:
+		X509V3_add_value("EdiPartyName","<unsupported>", &ret);
+		break;
+
+		case GEN_EMAIL:
+		X509V3_add_value_uchar("email",gen->d.ia5->data, &ret);
+		break;
+
+		case GEN_DNS:
+		X509V3_add_value_uchar("DNS",gen->d.ia5->data, &ret);
+		break;
+
+		case GEN_URI:
+		X509V3_add_value_uchar("URI",gen->d.ia5->data, &ret);
+		break;
+
+		case GEN_DIRNAME:
+		X509_NAME_oneline(gen->d.dirn, oline, 256);
+		X509V3_add_value("DirName",oline, &ret);
+		break;
+
+		case GEN_IPADD:
+		p = gen->d.ip->data;
+		/* BUG: doesn't support IPV6 */
+		if(gen->d.ip->length != 4) {
+			X509V3_add_value("IP Address","<invalid>", &ret);
+			break;
+		}
+		sprintf(oline, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+		X509V3_add_value("IP Address",oline, &ret);
+		break;
+
+		case GEN_RID:
+		i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
+		X509V3_add_value("Registered ID",oline, &ret);
+		break;
+	}
+	return ret;
+}
+
+int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
+{
+	unsigned char *p;
+	switch (gen->type)
+	{
+		case GEN_OTHERNAME:
+		BIO_printf(out, "othername:<unsupported>");
+		break;
+
+		case GEN_X400:
+		BIO_printf(out, "X400Name:<unsupported>");
+		break;
+
+		case GEN_EDIPARTY:
+		/* Maybe fix this: it is supported now */
+		BIO_printf(out, "EdiPartyName:<unsupported>");
+		break;
+
+		case GEN_EMAIL:
+		BIO_printf(out, "email:%s",gen->d.ia5->data);
+		break;
+
+		case GEN_DNS:
+		BIO_printf(out, "DNS:%s",gen->d.ia5->data);
+		break;
+
+		case GEN_URI:
+		BIO_printf(out, "URI:%s",gen->d.ia5->data);
+		break;
+
+		case GEN_DIRNAME:
+		BIO_printf(out, "DirName: ");
+		X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
+		break;
+
+		case GEN_IPADD:
+		p = gen->d.ip->data;
+		/* BUG: doesn't support IPV6 */
+		if(gen->d.ip->length != 4) {
+			BIO_printf(out,"IP Address:<invalid>");
+			break;
+		}
+		BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+		break;
+
+		case GEN_RID:
+		BIO_printf(out, "Registered ID");
+		i2a_ASN1_OBJECT(out, gen->d.rid);
+		break;
+	}
+	return 1;
+}
+
+static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
+				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+	GENERAL_NAMES *gens = NULL;
+	CONF_VALUE *cnf;
+	int i;
+	if(!(gens = sk_GENERAL_NAME_new_null())) {
+		X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		cnf = sk_CONF_VALUE_value(nval, i);
+		if(!name_cmp(cnf->name, "issuer") && cnf->value &&
+						!strcmp(cnf->value, "copy")) {
+			if(!copy_issuer(ctx, gens)) goto err;
+		} else {
+			GENERAL_NAME *gen;
+			if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+								 goto err; 
+			sk_GENERAL_NAME_push(gens, gen);
+		}
+	}
+	return gens;
+	err:
+	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+	return NULL;
+}
+
+/* Append subject altname of issuer to issuer alt name of subject */
+
+static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
+{
+	GENERAL_NAMES *ialt;
+	GENERAL_NAME *gen;
+	X509_EXTENSION *ext;
+	int i;
+	if(ctx && (ctx->flags == CTX_TEST)) return 1;
+	if(!ctx || !ctx->issuer_cert) {
+		X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_NO_ISSUER_DETAILS);
+		goto err;
+	}
+        i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
+	if(i < 0) return 1;
+        if(!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
+                        !(ialt = X509V3_EXT_d2i(ext)) ) {
+		X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_ISSUER_DECODE_ERROR);
+		goto err;
+	}
+
+	for(i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
+		gen = sk_GENERAL_NAME_value(ialt, i);
+		if(!sk_GENERAL_NAME_push(gens, gen)) {
+			X509V3err(X509V3_F_COPY_ISSUER,ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+	}
+	sk_GENERAL_NAME_free(ialt);
+
+	return 1;
+		
+	err:
+	return 0;
+	
+}
+
+static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
+				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+	GENERAL_NAMES *gens = NULL;
+	CONF_VALUE *cnf;
+	int i;
+	if(!(gens = sk_GENERAL_NAME_new_null())) {
+		X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		cnf = sk_CONF_VALUE_value(nval, i);
+		if(!name_cmp(cnf->name, "email") && cnf->value &&
+						!strcmp(cnf->value, "copy")) {
+			if(!copy_email(ctx, gens, 0)) goto err;
+		} else if(!name_cmp(cnf->name, "email") && cnf->value &&
+						!strcmp(cnf->value, "move")) {
+			if(!copy_email(ctx, gens, 1)) goto err;
+		} else {
+			GENERAL_NAME *gen;
+			if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+								 goto err; 
+			sk_GENERAL_NAME_push(gens, gen);
+		}
+	}
+	return gens;
+	err:
+	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+	return NULL;
+}
+
+/* Copy any email addresses in a certificate or request to 
+ * GENERAL_NAMES
+ */
+
+static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
+{
+	X509_NAME *nm;
+	ASN1_IA5STRING *email = NULL;
+	X509_NAME_ENTRY *ne;
+	GENERAL_NAME *gen = NULL;
+	int i;
+	if(ctx->flags == CTX_TEST) return 1;
+	if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
+		X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS);
+		goto err;
+	}
+	/* Find the subject name */
+	if(ctx->subject_cert) nm = X509_get_subject_name(ctx->subject_cert);
+	else nm = X509_REQ_get_subject_name(ctx->subject_req);
+
+	/* Now add any email address(es) to STACK */
+	i = -1;
+	while((i = X509_NAME_get_index_by_NID(nm,
+					 NID_pkcs9_emailAddress, i)) >= 0) {
+		ne = X509_NAME_get_entry(nm, i);
+		email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
+                if (move_p)
+                        {
+                        X509_NAME_delete_entry(nm, i);
+                        i--;
+                        }
+		if(!email || !(gen = GENERAL_NAME_new())) {
+			X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+		gen->d.ia5 = email;
+		email = NULL;
+		gen->type = GEN_EMAIL;
+		if(!sk_GENERAL_NAME_push(gens, gen)) {
+			X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+		gen = NULL;
+	}
+
+	
+	return 1;
+		
+	err:
+	GENERAL_NAME_free(gen);
+	M_ASN1_IA5STRING_free(email);
+	return 0;
+	
+}
+
+GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+	GENERAL_NAME *gen;
+	GENERAL_NAMES *gens = NULL;
+	CONF_VALUE *cnf;
+	int i;
+	if(!(gens = sk_GENERAL_NAME_new_null())) {
+		X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		cnf = sk_CONF_VALUE_value(nval, i);
+		if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; 
+		sk_GENERAL_NAME_push(gens, gen);
+	}
+	return gens;
+	err:
+	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+	return NULL;
+}
+
+GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+							 CONF_VALUE *cnf)
+{
+char is_string = 0;
+int type;
+GENERAL_NAME *gen = NULL;
+
+char *name, *value;
+
+name = cnf->name;
+value = cnf->value;
+
+if(!value) {
+	X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE);
+	return NULL;
+}
+
+if(!(gen = GENERAL_NAME_new())) {
+	X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
+	return NULL;
+}
+
+if(!name_cmp(name, "email")) {
+	is_string = 1;
+	type = GEN_EMAIL;
+} else if(!name_cmp(name, "URI")) {
+	is_string = 1;
+	type = GEN_URI;
+} else if(!name_cmp(name, "DNS")) {
+	is_string = 1;
+	type = GEN_DNS;
+} else if(!name_cmp(name, "RID")) {
+	ASN1_OBJECT *obj;
+	if(!(obj = OBJ_txt2obj(value,0))) {
+		X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT);
+		ERR_add_error_data(2, "value=", value);
+		goto err;
+	}
+	gen->d.rid = obj;
+	type = GEN_RID;
+} else if(!name_cmp(name, "IP")) {
+	int i1,i2,i3,i4;
+	unsigned char ip[4];
+	if((sscanf(value, "%d.%d.%d.%d",&i1,&i2,&i3,&i4) != 4) ||
+	    (i1 < 0) || (i1 > 255) || (i2 < 0) || (i2 > 255) ||
+	    (i3 < 0) || (i3 > 255) || (i4 < 0) || (i4 > 255) ) {
+		X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS);
+		ERR_add_error_data(2, "value=", value);
+		goto err;
+	}
+	ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4;
+	if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) ||
+		!ASN1_STRING_set(gen->d.ip, ip, 4)) {
+			X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
+			goto err;
+	}
+	type = GEN_IPADD;
+} else if(!name_cmp(name, "otherName")) {
+	if (!do_othername(gen, value, ctx))
+		{
+		X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_OTHERNAME_ERROR);
+		goto err;
+		}
+	type = GEN_OTHERNAME;
+} else {
+	X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION);
+	ERR_add_error_data(2, "name=", name);
+	goto err;
+}
+
+if(is_string) {
+	if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
+		      !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
+				       strlen(value))) {
+		X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+}
+
+gen->type = type;
+
+return gen;
+
+err:
+GENERAL_NAME_free(gen);
+return NULL;
+}
+
+static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
+	{
+	char *objtmp = NULL, *p;
+	int objlen;
+	if (!(p = strchr(value, ';')))
+		return 0;
+	if (!(gen->d.otherName = OTHERNAME_new()))
+		return 0;
+	/* Free this up because we will overwrite it.
+	 * no need to free type_id because it is static
+	 */
+	ASN1_TYPE_free(gen->d.otherName->value);
+	if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)))
+		return 0;
+	objlen = p - value;
+	objtmp = OPENSSL_malloc(objlen + 1);
+	strncpy(objtmp, value, objlen);
+	objtmp[objlen] = 0;
+	gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
+	OPENSSL_free(objtmp);	
+	if (!gen->d.otherName->type_id)
+		return 0;
+	return 1;
+	}
diff --git a/crypto/x509v3/v3_bcons.c b/crypto/x509v3/v3_bcons.c
new file mode 100644
index 0000000000..cbb012715e
--- /dev/null
+++ b/crypto/x509v3/v3_bcons.c
@@ -0,0 +1,124 @@
+/* v3_bcons.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist);
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+
+X509V3_EXT_METHOD v3_bcons = {
+NID_basic_constraints, 0,
+ASN1_ITEM_ref(BASIC_CONSTRAINTS),
+0,0,0,0,
+0,0,
+(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
+(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
+NULL,NULL,
+NULL
+};
+
+ASN1_SEQUENCE(BASIC_CONSTRAINTS) = {
+	ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN),
+	ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(BASIC_CONSTRAINTS)
+
+IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
+
+
+static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+	     BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist)
+{
+	X509V3_add_value_bool("CA", bcons->ca, &extlist);
+	X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
+	return extlist;
+}
+
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
+{
+	BASIC_CONSTRAINTS *bcons=NULL;
+	CONF_VALUE *val;
+	int i;
+	if(!(bcons = BASIC_CONSTRAINTS_new())) {
+		X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
+		val = sk_CONF_VALUE_value(values, i);
+		if(!strcmp(val->name, "CA")) {
+			if(!X509V3_get_value_bool(val, &bcons->ca)) goto err;
+		} else if(!strcmp(val->name, "pathlen")) {
+			if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err;
+		} else {
+			X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);
+			X509V3_conf_err(val);
+			goto err;
+		}
+	}
+	return bcons;
+	err:
+	BASIC_CONSTRAINTS_free(bcons);
+	return NULL;
+}
+
diff --git a/crypto/x509v3/v3_bitst.c b/crypto/x509v3/v3_bitst.c
new file mode 100644
index 0000000000..16cf125562
--- /dev/null
+++ b/crypto/x509v3/v3_bitst.c
@@ -0,0 +1,142 @@
+/* v3_bitst.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+				ASN1_BIT_STRING *bits,
+				STACK_OF(CONF_VALUE) *extlist);
+
+static BIT_STRING_BITNAME ns_cert_type_table[] = {
+{0, "SSL Client", "client"},
+{1, "SSL Server", "server"},
+{2, "S/MIME", "email"},
+{3, "Object Signing", "objsign"},
+{4, "Unused", "reserved"},
+{5, "SSL CA", "sslCA"},
+{6, "S/MIME CA", "emailCA"},
+{7, "Object Signing CA", "objCA"},
+{-1, NULL, NULL}
+};
+
+static BIT_STRING_BITNAME key_usage_type_table[] = {
+{0, "Digital Signature", "digitalSignature"},
+{1, "Non Repudiation", "nonRepudiation"},
+{2, "Key Encipherment", "keyEncipherment"},
+{3, "Data Encipherment", "dataEncipherment"},
+{4, "Key Agreement", "keyAgreement"},
+{5, "Certificate Sign", "keyCertSign"},
+{6, "CRL Sign", "cRLSign"},
+{7, "Encipher Only", "encipherOnly"},
+{8, "Decipher Only", "decipherOnly"},
+{-1, NULL, NULL}
+};
+
+
+
+X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
+X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);
+
+static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+	     ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret)
+{
+	BIT_STRING_BITNAME *bnam;
+	for(bnam =method->usr_data; bnam->lname; bnam++) {
+		if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) 
+			X509V3_add_value(bnam->lname, NULL, &ret);
+	}
+	return ret;
+}
+	
+static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+	CONF_VALUE *val;
+	ASN1_BIT_STRING *bs;
+	int i;
+	BIT_STRING_BITNAME *bnam;
+	if(!(bs = M_ASN1_BIT_STRING_new())) {
+		X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		val = sk_CONF_VALUE_value(nval, i);
+		for(bnam = method->usr_data; bnam->lname; bnam++) {
+			if(!strcmp(bnam->sname, val->name) ||
+				!strcmp(bnam->lname, val->name) ) {
+				ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1);
+				break;
+			}
+		}
+		if(!bnam->lname) {
+			X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
+					X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
+			X509V3_conf_err(val);
+			M_ASN1_BIT_STRING_free(bs);
+			return NULL;
+		}
+	}
+	return bs;
+}
+	
+
diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c
new file mode 100644
index 0000000000..372c65d885
--- /dev/null
+++ b/crypto/x509v3/v3_conf.c
@@ -0,0 +1,514 @@
+/* v3_conf.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* extension creation utilities */
+
+
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+static int v3_check_critical(char **value);
+static int v3_check_generic(char **value);
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
+static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx);
+static char *conf_lhash_get_string(void *db, char *section, char *value);
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
+static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
+						 int crit, void *ext_struc);
+static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len);
+/* CONF *conf:  Config file    */
+/* char *name:  Name    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
+	     char *value)
+	{
+	int crit;
+	int ext_type;
+	X509_EXTENSION *ret;
+	crit = v3_check_critical(&value);
+	if ((ext_type = v3_check_generic(&value))) 
+		return v3_generic_extension(name, value, crit, ext_type, ctx);
+	ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
+	if (!ret)
+		{
+		X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION);
+		ERR_add_error_data(4,"name=", name, ", value=", value);
+		}
+	return ret;
+	}
+
+/* CONF *conf:  Config file    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+	     char *value)
+	{
+	int crit;
+	int ext_type;
+	crit = v3_check_critical(&value);
+	if ((ext_type = v3_check_generic(&value))) 
+		return v3_generic_extension(OBJ_nid2sn(ext_nid),
+						 value, crit, ext_type, ctx);
+	return do_ext_nconf(conf, ctx, ext_nid, crit, value);
+	}
+
+/* CONF *conf:  Config file    */
+/* char *value:  Value    */
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+	     int crit, char *value)
+	{
+	X509V3_EXT_METHOD *method;
+	X509_EXTENSION *ext;
+	STACK_OF(CONF_VALUE) *nval;
+	void *ext_struc;
+	if (ext_nid == NID_undef)
+		{
+		X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
+		return NULL;
+		}
+	if (!(method = X509V3_EXT_get_nid(ext_nid)))
+		{
+		X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION);
+		return NULL;
+		}
+	/* Now get internal extension representation based on type */
+	if (method->v2i)
+		{
+		if(*value == '@') nval = NCONF_get_section(conf, value + 1);
+		else nval = X509V3_parse_list(value);
+		if(!nval)
+			{
+			X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING);
+			ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
+			return NULL;
+			}
+		ext_struc = method->v2i(method, ctx, nval);
+		if(*value != '@') sk_CONF_VALUE_pop_free(nval,
+							 X509V3_conf_free);
+		if(!ext_struc) return NULL;
+		}
+	else if(method->s2i)
+		{
+		if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
+		}
+	else if(method->r2i)
+		{
+		if(!ctx->db)
+			{
+			X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE);
+			return NULL;
+			}
+		if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
+		}
+	else
+		{
+		X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
+		ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
+		return NULL;
+		}
+
+	ext  = do_ext_i2d(method, ext_nid, crit, ext_struc);
+	if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
+	else method->ext_free(ext_struc);
+	return ext;
+
+	}
+
+static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
+						 int crit, void *ext_struc)
+	{
+	unsigned char *ext_der;
+	int ext_len;
+	ASN1_OCTET_STRING *ext_oct;
+	X509_EXTENSION *ext;
+	/* Convert internal representation to DER */
+	if (method->it)
+		{
+		ext_der = NULL;
+		ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
+		if (ext_len < 0) goto merr;
+		}
+	 else
+		{
+		unsigned char *p;
+		ext_len = method->i2d(ext_struc, NULL);
+		if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
+		p = ext_der;
+		method->i2d(ext_struc, &p);
+		}
+	if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
+	ext_oct->data = ext_der;
+	ext_oct->length = ext_len;
+
+	ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
+	if (!ext) goto merr;
+	M_ASN1_OCTET_STRING_free(ext_oct);
+
+	return ext;
+
+	merr:
+	X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
+	return NULL;
+
+	}
+
+/* Given an internal structure, nid and critical flag create an extension */
+
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
+	{
+	X509V3_EXT_METHOD *method;
+	if (!(method = X509V3_EXT_get_nid(ext_nid))) {
+		X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
+		return NULL;
+	}
+	return do_ext_i2d(method, ext_nid, crit, ext_struc);
+}
+
+/* Check the extension string for critical flag */
+static int v3_check_critical(char **value)
+{
+	char *p = *value;
+	if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
+	p+=9;
+	while(isspace((unsigned char)*p)) p++;
+	*value = p;
+	return 1;
+}
+
+/* Check extension string for generic extension and return the type */
+static int v3_check_generic(char **value)
+{
+	int gen_type = 0;
+	char *p = *value;
+	if ((strlen(p) >= 4) && !strncmp(p, "DER:,", 4))
+		{
+		p+=4;
+		gen_type = 1;
+		}
+	if ((strlen(p) >= 5) && !strncmp(p, "ASN1:,", 5))
+		{
+		p+=5;
+		gen_type = 2;
+		}
+	else
+		return 0;
+
+	while (isspace((unsigned char)*p)) p++;
+	*value = p;
+	return gen_type;
+}
+
+/* Create a generic extension: for now just handle DER type */
+static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
+	     int crit, int gen_type, X509V3_CTX *ctx)
+	{
+	unsigned char *ext_der=NULL;
+	long ext_len;
+	ASN1_OBJECT *obj=NULL;
+	ASN1_OCTET_STRING *oct=NULL;
+	X509_EXTENSION *extension=NULL;
+	if (!(obj = OBJ_txt2obj(ext, 0)))
+		{
+		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
+		ERR_add_error_data(2, "name=", ext);
+		goto err;
+		}
+
+	if (gen_type == 1)
+		ext_der = string_to_hex(value, &ext_len);
+	else if (gen_type == 2)
+		ext_der = generic_asn1(value, ctx, &ext_len);
+
+	if (ext_der == NULL)
+		{
+		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
+		ERR_add_error_data(2, "value=", value);
+		goto err;
+		}
+
+	if (!(oct = M_ASN1_OCTET_STRING_new()))
+		{
+		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	oct->data = ext_der;
+	oct->length = ext_len;
+	ext_der = NULL;
+
+	extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
+
+	err:
+	ASN1_OBJECT_free(obj);
+	M_ASN1_OCTET_STRING_free(oct);
+	if(ext_der) OPENSSL_free(ext_der);
+	return extension;
+
+	}
+
+static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len)
+	{
+	ASN1_TYPE *typ;
+	unsigned char *ext_der = NULL;
+	typ = ASN1_generate_v3(value, ctx);
+	if (typ == NULL)
+		return NULL;
+	*ext_len = i2d_ASN1_TYPE(typ, &ext_der);
+	ASN1_TYPE_free(typ);
+	return ext_der;
+	}
+
+/* This is the main function: add a bunch of extensions based on a config file
+ * section to an extension STACK.
+ */
+
+
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
+	     STACK_OF(X509_EXTENSION) **sk)
+	{
+	X509_EXTENSION *ext;
+	STACK_OF(CONF_VALUE) *nval;
+	CONF_VALUE *val;	
+	int i;
+	if (!(nval = NCONF_get_section(conf, section))) return 0;
+	for (i = 0; i < sk_CONF_VALUE_num(nval); i++)
+		{
+		val = sk_CONF_VALUE_value(nval, i);
+		if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
+								return 0;
+		if (sk) X509v3_add_ext(sk, ext, -1);
+		X509_EXTENSION_free(ext);
+		}
+	return 1;
+	}
+
+/* Convenience functions to add extensions to a certificate, CRL and request */
+
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+	     X509 *cert)
+	{
+	STACK_OF(X509_EXTENSION) **sk = NULL;
+	if (cert)
+		sk = &cert->cert_info->extensions;
+	return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+	}
+
+/* Same as above but for a CRL */
+
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+	     X509_CRL *crl)
+	{
+	STACK_OF(X509_EXTENSION) **sk = NULL;
+	if (crl)
+		sk = &crl->crl->extensions;
+	return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+	}
+
+/* Add extensions to certificate request */
+
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
+	     X509_REQ *req)
+	{
+	STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
+	int i;
+	if (req)
+		sk = &extlist;
+	i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+	if (!i || !sk)
+		return i;
+	i = X509_REQ_add_extensions(req, extlist);
+	sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
+	return i;
+	}
+
+/* Config database functions */
+
+char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
+	{
+	if (ctx->db_meth->get_string)
+			return ctx->db_meth->get_string(ctx->db, name, section);
+	return NULL;
+	}
+
+STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
+	{
+	if (ctx->db_meth->get_section)
+			return ctx->db_meth->get_section(ctx->db, section);
+	return NULL;
+	}
+
+void X509V3_string_free(X509V3_CTX *ctx, char *str)
+	{
+	if (!str) return;
+	if (ctx->db_meth->free_string)
+			ctx->db_meth->free_string(ctx->db, str);
+	}
+
+void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
+	{
+	if (!section) return;
+	if (ctx->db_meth->free_section)
+			ctx->db_meth->free_section(ctx->db, section);
+	}
+
+static char *nconf_get_string(void *db, char *section, char *value)
+	{
+	return NCONF_get_string(db, section, value);
+	}
+
+static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
+	{
+	return NCONF_get_section(db, section);
+	}
+
+static X509V3_CONF_METHOD nconf_method = {
+nconf_get_string,
+nconf_get_section,
+NULL,
+NULL
+};
+
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
+	{
+	ctx->db_meth = &nconf_method;
+	ctx->db = conf;
+	}
+
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
+	     X509_CRL *crl, int flags)
+	{
+	ctx->issuer_cert = issuer;
+	ctx->subject_cert = subj;
+	ctx->crl = crl;
+	ctx->subject_req = req;
+	ctx->flags = flags;
+	}
+
+/* Old conf compatibility functions */
+
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
+	     char *value)
+	{
+	CONF ctmp;
+	CONF_set_nconf(&ctmp, conf);
+	return X509V3_EXT_nconf(&ctmp, ctx, name, value);
+	}
+
+/* LHASH *conf:  Config file    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
+	     char *value)
+	{
+	CONF ctmp;
+	CONF_set_nconf(&ctmp, conf);
+	return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
+	}
+
+static char *conf_lhash_get_string(void *db, char *section, char *value)
+	{
+	return CONF_get_string(db, section, value);
+	}
+
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
+	{
+	return CONF_get_section(db, section);
+	}
+
+static X509V3_CONF_METHOD conf_lhash_method = {
+conf_lhash_get_string,
+conf_lhash_get_section,
+NULL,
+NULL
+};
+
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
+	{
+	ctx->db_meth = &conf_lhash_method;
+	ctx->db = lhash;
+	}
+
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+	     X509 *cert)
+	{
+	CONF ctmp;
+	CONF_set_nconf(&ctmp, conf);
+	return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
+	}
+
+/* Same as above but for a CRL */
+
+int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+	     X509_CRL *crl)
+	{
+	CONF ctmp;
+	CONF_set_nconf(&ctmp, conf);
+	return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
+	}
+
+/* Add extensions to certificate request */
+
+int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+	     X509_REQ *req)
+	{
+	CONF ctmp;
+	CONF_set_nconf(&ctmp, conf);
+	return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
+	}
diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c
new file mode 100644
index 0000000000..0d4ab1f680
--- /dev/null
+++ b/crypto/x509v3/v3_cpols.c
@@ -0,0 +1,422 @@
+/* v3_cpols.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+/* Certificate policies extension support: this one is a bit complex... */
+
+static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent);
+static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value);
+static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent);
+static void print_notice(BIO *out, USERNOTICE *notice, int indent);
+static POLICYINFO *policy_section(X509V3_CTX *ctx,
+				 STACK_OF(CONF_VALUE) *polstrs, int ia5org);
+static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
+					STACK_OF(CONF_VALUE) *unot, int ia5org);
+static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos);
+
+X509V3_EXT_METHOD v3_cpols = {
+NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
+0,0,0,0,
+0,0,
+0,0,
+(X509V3_EXT_I2R)i2r_certpol,
+(X509V3_EXT_R2I)r2i_certpol,
+NULL
+};
+
+ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)
+ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
+
+IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
+
+ASN1_SEQUENCE(POLICYINFO) = {
+	ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),
+	ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)
+} ASN1_SEQUENCE_END(POLICYINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)
+
+ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
+
+ASN1_ADB(POLICYQUALINFO) = {
+	ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
+	ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))
+} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);
+
+ASN1_SEQUENCE(POLICYQUALINFO) = {
+	ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),
+	ASN1_ADB_OBJECT(POLICYQUALINFO)
+} ASN1_SEQUENCE_END(POLICYQUALINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO)
+
+ASN1_SEQUENCE(USERNOTICE) = {
+	ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),
+	ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)
+} ASN1_SEQUENCE_END(USERNOTICE)
+
+IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE)
+
+ASN1_SEQUENCE(NOTICEREF) = {
+	ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),
+	ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(NOTICEREF)
+
+IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
+
+static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
+		X509V3_CTX *ctx, char *value)
+{
+	STACK_OF(POLICYINFO) *pols = NULL;
+	char *pstr;
+	POLICYINFO *pol;
+	ASN1_OBJECT *pobj;
+	STACK_OF(CONF_VALUE) *vals;
+	CONF_VALUE *cnf;
+	int i, ia5org;
+	pols = sk_POLICYINFO_new_null();
+	vals =  X509V3_parse_list(value);
+	ia5org = 0;
+	for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+		cnf = sk_CONF_VALUE_value(vals, i);
+		if(cnf->value || !cnf->name ) {
+			X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);
+			X509V3_conf_err(cnf);
+			goto err;
+		}
+		pstr = cnf->name;
+		if(!strcmp(pstr,"ia5org")) {
+			ia5org = 1;
+			continue;
+		} else if(*pstr == '@') {
+			STACK_OF(CONF_VALUE) *polsect;
+			polsect = X509V3_get_section(ctx, pstr + 1);
+			if(!polsect) {
+				X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);
+
+				X509V3_conf_err(cnf);
+				goto err;
+			}
+			pol = policy_section(ctx, polsect, ia5org);
+			X509V3_section_free(ctx, polsect);
+			if(!pol) goto err;
+		} else {
+			if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {
+				X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+				X509V3_conf_err(cnf);
+				goto err;
+			}
+			pol = POLICYINFO_new();
+			pol->policyid = pobj;
+		}
+		sk_POLICYINFO_push(pols, pol);
+	}
+	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+	return pols;
+	err:
+	sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
+	return NULL;
+}
+
+static POLICYINFO *policy_section(X509V3_CTX *ctx,
+				STACK_OF(CONF_VALUE) *polstrs, int ia5org)
+{
+	int i;
+	CONF_VALUE *cnf;
+	POLICYINFO *pol;
+	POLICYQUALINFO *qual;
+	if(!(pol = POLICYINFO_new())) goto merr;
+	for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
+		cnf = sk_CONF_VALUE_value(polstrs, i);
+		if(!strcmp(cnf->name, "policyIdentifier")) {
+			ASN1_OBJECT *pobj;
+			if(!(pobj = OBJ_txt2obj(cnf->value, 0))) {
+				X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+				X509V3_conf_err(cnf);
+				goto err;
+			}
+			pol->policyid = pobj;
+
+		} else if(!name_cmp(cnf->name, "CPS")) {
+			if(!pol->qualifiers) pol->qualifiers =
+						 sk_POLICYQUALINFO_new_null();
+			if(!(qual = POLICYQUALINFO_new())) goto merr;
+			if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
+								 goto merr;
+			qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
+			qual->d.cpsuri = M_ASN1_IA5STRING_new();
+			if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
+						 strlen(cnf->value))) goto merr;
+		} else if(!name_cmp(cnf->name, "userNotice")) {
+			STACK_OF(CONF_VALUE) *unot;
+			if(*cnf->value != '@') {
+				X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME);
+				X509V3_conf_err(cnf);
+				goto err;
+			}
+			unot = X509V3_get_section(ctx, cnf->value + 1);
+			if(!unot) {
+				X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION);
+
+				X509V3_conf_err(cnf);
+				goto err;
+			}
+			qual = notice_section(ctx, unot, ia5org);
+			X509V3_section_free(ctx, unot);
+			if(!qual) goto err;
+			if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
+								 goto merr;
+		} else {
+			X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION);
+
+			X509V3_conf_err(cnf);
+			goto err;
+		}
+	}
+	if(!pol->policyid) {
+		X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER);
+		goto err;
+	}
+
+	return pol;
+
+	merr:
+	X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE);
+
+	err:
+	POLICYINFO_free(pol);
+	return NULL;
+	
+	
+}
+
+static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
+					STACK_OF(CONF_VALUE) *unot, int ia5org)
+{
+	int i;
+	CONF_VALUE *cnf;
+	USERNOTICE *not;
+	POLICYQUALINFO *qual;
+	if(!(qual = POLICYQUALINFO_new())) goto merr;
+	qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
+	if(!(not = USERNOTICE_new())) goto merr;
+	qual->d.usernotice = not;
+	for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {
+		cnf = sk_CONF_VALUE_value(unot, i);
+		if(!strcmp(cnf->name, "explicitText")) {
+			not->exptext = M_ASN1_VISIBLESTRING_new();
+			if(!ASN1_STRING_set(not->exptext, cnf->value,
+						 strlen(cnf->value))) goto merr;
+		} else if(!strcmp(cnf->name, "organization")) {
+			NOTICEREF *nref;
+			if(!not->noticeref) {
+				if(!(nref = NOTICEREF_new())) goto merr;
+				not->noticeref = nref;
+			} else nref = not->noticeref;
+			if(ia5org) nref->organization = M_ASN1_IA5STRING_new();
+			else nref->organization = M_ASN1_VISIBLESTRING_new();
+			if(!ASN1_STRING_set(nref->organization, cnf->value,
+						 strlen(cnf->value))) goto merr;
+		} else if(!strcmp(cnf->name, "noticeNumbers")) {
+			NOTICEREF *nref;
+			STACK_OF(CONF_VALUE) *nos;
+			if(!not->noticeref) {
+				if(!(nref = NOTICEREF_new())) goto merr;
+				not->noticeref = nref;
+			} else nref = not->noticeref;
+			nos = X509V3_parse_list(cnf->value);
+			if(!nos || !sk_CONF_VALUE_num(nos)) {
+				X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS);
+				X509V3_conf_err(cnf);
+				goto err;
+			}
+			nref->noticenos = nref_nos(nos);
+			sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
+			if(!nref->noticenos) goto err;
+		} else {
+			X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
+
+			X509V3_conf_err(cnf);
+			goto err;
+		}
+	}
+
+	if(not->noticeref && 
+	      (!not->noticeref->noticenos || !not->noticeref->organization)) {
+			X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
+			goto err;
+	}
+
+	return qual;
+
+	merr:
+	X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
+
+	err:
+	POLICYQUALINFO_free(qual);
+	return NULL;
+}
+
+static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos)
+{
+	STACK_OF(ASN1_INTEGER) *nnums;
+	CONF_VALUE *cnf;
+	ASN1_INTEGER *aint;
+
+	int i;
+
+	if(!(nnums = sk_ASN1_INTEGER_new_null())) goto merr;
+	for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
+		cnf = sk_CONF_VALUE_value(nos, i);
+		if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
+			X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER);
+			goto err;
+		}
+		if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;
+	}
+	return nnums;
+
+	merr:
+	X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
+
+	err:
+	sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
+	return NULL;
+}
+
+
+static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
+		BIO *out, int indent)
+{
+	int i;
+	POLICYINFO *pinfo;
+	/* First print out the policy OIDs */
+	for(i = 0; i < sk_POLICYINFO_num(pol); i++) {
+		pinfo = sk_POLICYINFO_value(pol, i);
+		BIO_printf(out, "%*sPolicy: ", indent, "");
+		i2a_ASN1_OBJECT(out, pinfo->policyid);
+		BIO_puts(out, "\n");
+		if(pinfo->qualifiers)
+			 print_qualifiers(out, pinfo->qualifiers, indent + 2);
+	}
+	return 1;
+}
+
+static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
+		int indent)
+{
+	POLICYQUALINFO *qualinfo;
+	int i;
+	for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
+		qualinfo = sk_POLICYQUALINFO_value(quals, i);
+		switch(OBJ_obj2nid(qualinfo->pqualid))
+		{
+			case NID_id_qt_cps:
+			BIO_printf(out, "%*sCPS: %s\n", indent, "",
+						qualinfo->d.cpsuri->data);
+			break;
+		
+			case NID_id_qt_unotice:
+			BIO_printf(out, "%*sUser Notice:\n", indent, "");
+			print_notice(out, qualinfo->d.usernotice, indent + 2);
+			break;
+
+			default:
+			BIO_printf(out, "%*sUnknown Qualifier: ",
+							 indent + 2, "");
+			
+			i2a_ASN1_OBJECT(out, qualinfo->pqualid);
+			BIO_puts(out, "\n");
+			break;
+		}
+	}
+}
+
+static void print_notice(BIO *out, USERNOTICE *notice, int indent)
+{
+	int i;
+	if(notice->noticeref) {
+		NOTICEREF *ref;
+		ref = notice->noticeref;
+		BIO_printf(out, "%*sOrganization: %s\n", indent, "",
+						 ref->organization->data);
+		BIO_printf(out, "%*sNumber%s: ", indent, "",
+			   sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
+		for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
+			ASN1_INTEGER *num;
+			char *tmp;
+			num = sk_ASN1_INTEGER_value(ref->noticenos, i);
+			if(i) BIO_puts(out, ", ");
+			tmp = i2s_ASN1_INTEGER(NULL, num);
+			BIO_puts(out, tmp);
+			OPENSSL_free(tmp);
+		}
+		BIO_puts(out, "\n");
+	}
+	if(notice->exptext)
+		BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
+							 notice->exptext->data);
+}
+
diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c
new file mode 100644
index 0000000000..894a8b94d8
--- /dev/null
+++ b/crypto/x509v3/v3_crld.c
@@ -0,0 +1,162 @@
+/* v3_crld.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
+		STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist);
+static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+
+X509V3_EXT_METHOD v3_crld = {
+NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS),
+0,0,0,0,
+0,0,
+(X509V3_EXT_I2V)i2v_crld,
+(X509V3_EXT_V2I)v2i_crld,
+0,0,
+NULL
+};
+
+static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
+			STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts)
+{
+	DIST_POINT *point;
+	int i;
+	for(i = 0; i < sk_DIST_POINT_num(crld); i++) {
+		point = sk_DIST_POINT_value(crld, i);
+		if(point->distpoint) {
+			if(point->distpoint->type == 0)
+				exts = i2v_GENERAL_NAMES(NULL,
+					 point->distpoint->name.fullname, exts);
+		        else X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
+		}
+		if(point->reasons) 
+			X509V3_add_value("reasons","<UNSUPPORTED>", &exts);
+		if(point->CRLissuer)
+			X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts);
+	}
+	return exts;
+}
+
+static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+	STACK_OF(DIST_POINT) *crld = NULL;
+	GENERAL_NAMES *gens = NULL;
+	GENERAL_NAME *gen = NULL;
+	CONF_VALUE *cnf;
+	int i;
+	if(!(crld = sk_DIST_POINT_new_null())) goto merr;
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		DIST_POINT *point;
+		cnf = sk_CONF_VALUE_value(nval, i);
+		if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; 
+		if(!(gens = GENERAL_NAMES_new())) goto merr;
+		if(!sk_GENERAL_NAME_push(gens, gen)) goto merr;
+		gen = NULL;
+		if(!(point = DIST_POINT_new())) goto merr;
+		if(!sk_DIST_POINT_push(crld, point)) {
+			DIST_POINT_free(point);
+			goto merr;
+		}
+		if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr;
+		point->distpoint->name.fullname = gens;
+		point->distpoint->type = 0;
+		gens = NULL;
+	}
+	return crld;
+
+	merr:
+	X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE);
+	err:
+	GENERAL_NAME_free(gen);
+	GENERAL_NAMES_free(gens);
+	sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
+	return NULL;
+}
+
+IMPLEMENT_STACK_OF(DIST_POINT)
+IMPLEMENT_ASN1_SET_OF(DIST_POINT)
+
+
+ASN1_CHOICE(DIST_POINT_NAME) = {
+	ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),
+	ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)
+} ASN1_CHOICE_END(DIST_POINT_NAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME)
+
+ASN1_SEQUENCE(DIST_POINT) = {
+	ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),
+	ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1),
+	ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2)
+} ASN1_SEQUENCE_END(DIST_POINT)
+
+IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
+
+ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, DIST_POINT, DIST_POINT)
+ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
+
+IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
diff --git a/crypto/x509v3/v3_enum.c b/crypto/x509v3/v3_enum.c
new file mode 100644
index 0000000000..010c9d6260
--- /dev/null
+++ b/crypto/x509v3/v3_enum.c
@@ -0,0 +1,94 @@
+/* v3_enum.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509v3.h>
+
+static ENUMERATED_NAMES crl_reasons[] = {
+{0, "Unspecified", "unspecified"},
+{1, "Key Compromise", "keyCompromise"},
+{2, "CA Compromise", "CACompromise"},
+{3, "Affiliation Changed", "affiliationChanged"},
+{4, "Superseded", "superseded"},
+{5, "Cessation Of Operation", "cessationOfOperation"},
+{6, "Certificate Hold", "certificateHold"},
+{8, "Remove From CRL", "removeFromCRL"},
+{-1, NULL, NULL}
+};
+
+X509V3_EXT_METHOD v3_crl_reason = { 
+NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
+0,0,0,0,
+(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
+0,
+0,0,0,0,
+crl_reasons};
+
+
+char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
+	     ASN1_ENUMERATED *e)
+{
+	ENUMERATED_NAMES *enam;
+	long strval;
+	strval = ASN1_ENUMERATED_get(e);
+	for(enam = method->usr_data; enam->lname; enam++) {
+		if(strval == enam->bitnum) return BUF_strdup(enam->lname);
+	}
+	return i2s_ASN1_ENUMERATED(method, e);
+}
diff --git a/crypto/x509v3/v3_extku.c b/crypto/x509v3/v3_extku.c
new file mode 100644
index 0000000000..b1cfaba1aa
--- /dev/null
+++ b/crypto/x509v3/v3_extku.c
@@ -0,0 +1,142 @@
+/* v3_extku.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+		void *eku, STACK_OF(CONF_VALUE) *extlist);
+
+X509V3_EXT_METHOD v3_ext_ku = {
+	NID_ext_key_usage, 0,
+	ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+	0,0,0,0,
+	0,0,
+	i2v_EXTENDED_KEY_USAGE,
+	v2i_EXTENDED_KEY_USAGE,
+	0,0,
+	NULL
+};
+
+/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
+X509V3_EXT_METHOD v3_ocsp_accresp = {
+	NID_id_pkix_OCSP_acceptableResponses, 0,
+	ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+	0,0,0,0,
+	0,0,
+	i2v_EXTENDED_KEY_USAGE,
+	v2i_EXTENDED_KEY_USAGE,
+	0,0,
+	NULL
+};
+
+ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT)
+ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
+
+IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
+
+static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+		void *a, STACK_OF(CONF_VALUE) *ext_list)
+{
+	EXTENDED_KEY_USAGE *eku = a;
+	int i;
+	ASN1_OBJECT *obj;
+	char obj_tmp[80];
+	for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
+		obj = sk_ASN1_OBJECT_value(eku, i);
+		i2t_ASN1_OBJECT(obj_tmp, 80, obj);
+		X509V3_add_value(NULL, obj_tmp, &ext_list);
+	}
+	return ext_list;
+}
+
+static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+	EXTENDED_KEY_USAGE *extku;
+	char *extval;
+	ASN1_OBJECT *objtmp;
+	CONF_VALUE *val;
+	int i;
+
+	if(!(extku = sk_ASN1_OBJECT_new_null())) {
+		X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		val = sk_CONF_VALUE_value(nval, i);
+		if(val->value) extval = val->value;
+		else extval = val->name;
+		if(!(objtmp = OBJ_txt2obj(extval, 0))) {
+			sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
+			X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+			X509V3_conf_err(val);
+			return NULL;
+		}
+		sk_ASN1_OBJECT_push(extku, objtmp);
+	}
+	return extku;
+}
diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c
new file mode 100644
index 0000000000..650b510980
--- /dev/null
+++ b/crypto/x509v3/v3_genn.c
@@ -0,0 +1,101 @@
+/* v3_genn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(OTHERNAME) = {
+	ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT),
+	/* Maybe have a true ANY DEFINED BY later */
+	ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0)
+} ASN1_SEQUENCE_END(OTHERNAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
+
+ASN1_SEQUENCE(EDIPARTYNAME) = {
+	ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
+	ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
+} ASN1_SEQUENCE_END(EDIPARTYNAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
+
+ASN1_CHOICE(GENERAL_NAME) = {
+	ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME),
+	ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL),
+	ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS),
+	/* Don't decode this */
+	ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400),
+	/* X509_NAME is a CHOICE type so use EXPLICIT */
+	ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME),
+	ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY),
+	ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI),
+	ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD),
+	ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID)
+} ASN1_CHOICE_END(GENERAL_NAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME)
+
+ASN1_ITEM_TEMPLATE(GENERAL_NAMES) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME)
+ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES)
+
+IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES)
diff --git a/crypto/x509v3/v3_ia5.c b/crypto/x509v3/v3_ia5.c
new file mode 100644
index 0000000000..f9414456de
--- /dev/null
+++ b/crypto/x509v3/v3_ia5.c
@@ -0,0 +1,113 @@
+/* v3_ia5.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
+static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+X509V3_EXT_METHOD v3_ns_ia5_list[] = { 
+EXT_IA5STRING(NID_netscape_base_url),
+EXT_IA5STRING(NID_netscape_revocation_url),
+EXT_IA5STRING(NID_netscape_ca_revocation_url),
+EXT_IA5STRING(NID_netscape_renewal_url),
+EXT_IA5STRING(NID_netscape_ca_policy_url),
+EXT_IA5STRING(NID_netscape_ssl_server_name),
+EXT_IA5STRING(NID_netscape_comment),
+EXT_END
+};
+
+
+static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+	     ASN1_IA5STRING *ia5)
+{
+	char *tmp;
+	if(!ia5 || !ia5->length) return NULL;
+	if (!(tmp = OPENSSL_malloc(ia5->length + 1))) return NULL;
+	memcpy(tmp, ia5->data, ia5->length);
+	tmp[ia5->length] = 0;
+	return tmp;
+}
+
+static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+	     X509V3_CTX *ctx, char *str)
+{
+	ASN1_IA5STRING *ia5;
+	if(!str) {
+		X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT);
+		return NULL;
+	}
+	if(!(ia5 = M_ASN1_IA5STRING_new())) goto err;
+	if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str,
+			    strlen(str))) {
+		M_ASN1_IA5STRING_free(ia5);
+		goto err;
+	}
+#ifdef CHARSET_EBCDIC
+        ebcdic2ascii(ia5->data, ia5->data, ia5->length);
+#endif /*CHARSET_EBCDIC*/
+	return ia5;
+	err:
+	X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
+	return NULL;
+}
+
diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c
new file mode 100644
index 0000000000..e269df1373
--- /dev/null
+++ b/crypto/x509v3/v3_info.c
@@ -0,0 +1,193 @@
+/* v3_info.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+				AUTHORITY_INFO_ACCESS *ainfo,
+						STACK_OF(CONF_VALUE) *ret);
+static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+
+X509V3_EXT_METHOD v3_info =
+{ NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+0,0,0,0,
+0,0,
+(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
+(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+0,0,
+NULL};
+
+X509V3_EXT_METHOD v3_sinfo =
+{ NID_sinfo_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+0,0,0,0,
+0,0,
+(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
+(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+0,0,
+NULL};
+
+ASN1_SEQUENCE(ACCESS_DESCRIPTION) = {
+	ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT),
+	ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME)
+} ASN1_SEQUENCE_END(ACCESS_DESCRIPTION)
+
+IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
+
+ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) = 
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION)
+ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS)
+
+IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+				AUTHORITY_INFO_ACCESS *ainfo,
+						STACK_OF(CONF_VALUE) *ret)
+{
+	ACCESS_DESCRIPTION *desc;
+	int i;
+	char objtmp[80], *ntmp;
+	CONF_VALUE *vtmp;
+	for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
+		desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
+		ret = i2v_GENERAL_NAME(method, desc->location, ret);
+		if(!ret) break;
+		vtmp = sk_CONF_VALUE_value(ret, i);
+		i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
+		ntmp = OPENSSL_malloc(strlen(objtmp) + strlen(vtmp->name) + 5);
+		if(!ntmp) {
+			X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
+					ERR_R_MALLOC_FAILURE);
+			return NULL;
+		}
+		strcpy(ntmp, objtmp);
+		strcat(ntmp, " - ");
+		strcat(ntmp, vtmp->name);
+		OPENSSL_free(vtmp->name);
+		vtmp->name = ntmp;
+		
+	}
+	if(!ret) return sk_CONF_VALUE_new_null();
+	return ret;
+}
+
+static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+	AUTHORITY_INFO_ACCESS *ainfo = NULL;
+	CONF_VALUE *cnf, ctmp;
+	ACCESS_DESCRIPTION *acc;
+	int i, objlen;
+	char *objtmp, *ptmp;
+	if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {
+		X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		cnf = sk_CONF_VALUE_value(nval, i);
+		if(!(acc = ACCESS_DESCRIPTION_new())
+			|| !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
+			X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+		ptmp = strchr(cnf->name, ';');
+		if(!ptmp) {
+			X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_INVALID_SYNTAX);
+			goto err;
+		}
+		objlen = ptmp - cnf->name;
+		ctmp.name = ptmp + 1;
+		ctmp.value = cnf->value;
+		GENERAL_NAME_free(acc->location);
+		if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp)))
+								 goto err; 
+		if(!(objtmp = OPENSSL_malloc(objlen + 1))) {
+			X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+		strncpy(objtmp, cnf->name, objlen);
+		objtmp[objlen] = 0;
+		acc->method = OBJ_txt2obj(objtmp, 0);
+		if(!acc->method) {
+			X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT);
+			ERR_add_error_data(2, "value=", objtmp);
+			OPENSSL_free(objtmp);
+			goto err;
+		}
+		OPENSSL_free(objtmp);
+
+	}
+	return ainfo;
+	err:
+	sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free);
+	return NULL;
+}
+
+int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a)
+        {
+	i2a_ASN1_OBJECT(bp, a->method);
+#ifdef UNDEF
+	i2a_GENERAL_NAME(bp, a->location);
+#endif
+	return 2;
+	}
diff --git a/crypto/x509v3/v3_int.c b/crypto/x509v3/v3_int.c
new file mode 100644
index 0000000000..f34cbfb731
--- /dev/null
+++ b/crypto/x509v3/v3_int.c
@@ -0,0 +1,69 @@
+/* v3_int.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509v3.h>
+
+X509V3_EXT_METHOD v3_crl_num = { 
+NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+0,0,0,0,
+(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+0,
+0,0,0,0, NULL};
+
diff --git a/crypto/x509v3/v3_ku.c b/crypto/x509v3/v3_ku.c
deleted file mode 100644
index 87c7402f43..0000000000
--- a/crypto/x509v3/v3_ku.c
+++ /dev/null
@@ -1,318 +0,0 @@
-/* crypto/x509v3/v3_ku.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <ctype.h>
-#include "stack.h"
-#include "cryptlib.h"
-#include "bio.h"
-#include "asn1.h"
-#include "objects.h"
-#include "x509.h"
-
-X509_EXTENSION_METHOD X509v3_key_usage_method=
-	{
-	NID_key_usage,
-	ku_clear,
-	ex_get_bool,
-	ex_set_bool,
-	NULL,
-	NULL,
-	NULL,
-	NULL,
-	ku_a2i,
-	ku_i2a,
-	};
-
-static void ku_clear(a)
-X509_EXTENSION *a;
-	{
-	}
-
-static int ku_expand(a)
-X509_EXTENSION *a;
-	{
-	ASN1_BIT_STRING *bs;
-
-	if (a->argp == NULL)
-		{
-		bs=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,value);
-		if (bs == NULL) return(0);
-		a->argp=(char *)bs;
-		a->ex_free=ASN1_STRING_free;
-		}
-	return(1);
-	}
-
-static int ku_get_bool(a,num)
-X509_EXTENSION *a;
-int num;
-	{
-	int ret;
-	ASN1_BIT_STRING *bs;
-
-	if ((a->argp == NULL) && !ku_expand(a))
-		return(-1);
-	bs=(ASN1_BIT_STRING *)a->argp;
-	ret=ASN1_BIT_STRING_get_bit(bs,num);
-	return(ret);
-	}
-
-static int ku_set_bool(a,num,value)
-X509_EXTENSION *a;
-int num;
-int value;
-	{
-	ASN1_BIT_STRING *a;
-
-	if ((a->argp == NULL) && !ku_expand(a))
-		return(0);
-	bs=(ASN1_BIT_STRING *)a->argp;
-	ret=ASN1_BIT_STRING_set_bit(bs,num,value);
-	}
-
-static int ku_a2i(bio,a,buf,len)
-BIO *bio;
-X509_EXTENSION *a;
-char *buf;
-int len;
-	{
-	get token
-	}
-
-static char ku_names[X509v3_N_KU_NUM]={
-	X509v3_S_KU_digitalSignature,
-	X509v3_S_KU_nonRepudiation,
-	X509v3_S_KU_keyEncipherment,
-	X509v3_S_KU_dataEncipherment,
-	X509v3_S_KU_keyAgreement,
-	X509v3_S_KU_keyCertSign,
-	X509v3_S_KU_cRLSign,
-	X509v3_S_KU_encipherOnly,
-	X509v3_S_KU_decipherOnly,
-	};
-
-static int ku_i2a(bio,a);
-BIO *bio;
-X509_EXTENSION *a;
-	{
-	int i,first=1;
-	char *c;
-
-	for (i=0; i<X509v3_N_KU_NUM; i++)
-		{
-		if (ku_get_bool(a,i) > 0)
-			{
-			BIO_printf(bio,"%s%s",((first)?"":" "),ku_names[i]);
-			first=0;
-			}
-		}
-	}
-
-/***********************/
-
-int X509v3_get_key_usage(x,ret)
-STACK *x;
-unsigned long *ret;
-	{
-	X509_EXTENSION *ext;
-	ASN1_STRING *st;
-	char *p;
-	int i;
-
-	i=X509_get_ext_by_NID(x,NID_key_usage,-1);
-	if (i < 0) return(X509v3_KU_UNDEF);
-	ext=X509_get_ext(x,i);
-	st=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,
-		X509_EXTENSION_get_data(X509_get_ext(x,i)));
-
-	p=ASN1_STRING_data(st);
-	if (ASN1_STRING_length(st) == 1)
-		i=p[0];
-	else if (ASN1_STRING_length(st) == 2)
-		i=p[0]|(p[1]<<8);
-	else
-		i=0;
-	return(i);
-	}
-
-static struct
-	{
-	char *name;
-	unsigned int value;
-	} key_usage_data[] ={
-	{"digitalSignature",	X509v3_KU_DIGITAL_SIGNATURE},
-	{"nonRepudiation",	X509v3_KU_NON_REPUDIATION},
-	{"keyEncipherment",	X509v3_KU_KEY_ENCIPHERMENT},
-	{"dataEncipherment",	X509v3_KU_DATA_ENCIPHERMENT},
-	{"keyAgreement",	X509v3_KU_KEY_AGREEMENT},
-	{"keyCertSign",		X509v3_KU_KEY_CERT_SIGN},
-	{"cRLSign",		X509v3_KU_CRL_SIGN},
-	{"encipherOnly",	X509v3_KU_ENCIPHER_ONLY},
-	{"decipherOnly",	X509v3_KU_DECIPHER_ONLY},
-	{NULL,0},
-	};
-
-#if 0
-static int a2i_key_usage(x,str,len)
-X509 *x;
-char *str;
-int len;
-	{
-	return(X509v3_set_key_usage(x,a2i_X509v3_key_usage(str)));
-	}
-
-static int i2a_key_usage(bp,x)
-BIO *bp;
-X509 *x;
-	{
-	return(i2a_X509v3_key_usage(bp,X509v3_get_key_usage(x)));
-	}
-#endif
-
-int i2a_X509v3_key_usage(bp,use)
-BIO *bp;
-unsigned int use;
-	{
-	int i=0,first=1;
-
-	for (;;)
-		{
-		if (use | key_usage_data[i].value)
-			{
-			BIO_printf(bp,"%s%s",((first)?"":" "),
-				key_usage_data[i].name);
-			first=0;
-			}
-		}
-	return(1);
-	}
-
-unsigned int a2i_X509v3_key_usage(p)
-char *p;
-	{
-	unsigned int ret=0;
-	char *q,*s;
-	int i,n;
-
-	q=p;
-	for (;;)
-		{
-		while ((*q != '\0') && isalnum(*q))
-			q++;
-		if (*q == '\0') break;
-		s=q++;
-		while (isalnum(*q))
-			q++;
-		n=q-s;
-		i=0;
-		for (;;)
-			{
-			if (strncmp(key_usage_data[i].name,s,n) == 0)
-				{
-				ret|=key_usage_data[i].value;
-				break;
-				}
-			i++;
-			if (key_usage_data[i].name == NULL)
-				return(X509v3_KU_UNDEF);
-			}
-		}
-	return(ret);
-	}
-
-int X509v3_set_key_usage(x,use)
-X509 *x;
-unsigned int use;
-	{
-	ASN1_OCTET_STRING *os;
-	X509_EXTENSION *ext;
-	int i;
-	unsigned char data[4];
-
-	i=X509_get_ext_by_NID(x,NID_key_usage,-1);
-	if (i < 0)
-		{
-		i=X509_get_ext_count(x)+1;
-		if ((ext=X509_EXTENSION_new()) == NULL) return(0);
-		if (!X509_add_ext(x,ext,i))
-			{
-			X509_EXTENSION_free(ext);
-			return(0);
-			}
-		}
-	else
-		ext=X509_get_ext(x,i);
-
-	/* fill in 'ext' */
-	os=X509_EXTENSION_get_data(ext);
-
-	i=0;
-	if (use > 0)
-		{
-		i=1;
-		data[0]=use&0xff;
-		}
-	if (use > 0xff)
-		{
-		i=2;
-		data[1]=(use>>8)&0xff;
-		}
-	return((X509v3_pack_string(&os,V_ASN1_BIT_STRING,data,i) == NULL)?0:1);
-	}
-
diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c
new file mode 100644
index 0000000000..482ca8ccf5
--- /dev/null
+++ b/crypto/x509v3/v3_lib.c
@@ -0,0 +1,301 @@
+/* v3_lib.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+#include "ext_dat.h"
+
+static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
+
+static int ext_cmp(const X509V3_EXT_METHOD * const *a,
+		const X509V3_EXT_METHOD * const *b);
+static void ext_list_free(X509V3_EXT_METHOD *ext);
+
+int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
+{
+	if(!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {
+		X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	if(!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
+		X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	return 1;
+}
+
+static int ext_cmp(const X509V3_EXT_METHOD * const *a,
+		const X509V3_EXT_METHOD * const *b)
+{
+	return ((*a)->ext_nid - (*b)->ext_nid);
+}
+
+X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
+{
+	X509V3_EXT_METHOD tmp, *t = &tmp, **ret;
+	int idx;
+	if(nid < 0) return NULL;
+	tmp.ext_nid = nid;
+	ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t,
+			(char *)standard_exts, STANDARD_EXTENSION_COUNT,
+			sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp);
+	if(ret) return *ret;
+	if(!ext_list) return NULL;
+	idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
+	if(idx == -1) return NULL;
+	return sk_X509V3_EXT_METHOD_value(ext_list, idx);
+}
+
+X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
+{
+	int nid;
+	if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
+	return X509V3_EXT_get_nid(nid);
+}
+
+
+int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
+{
+	for(;extlist->ext_nid!=-1;extlist++) 
+			if(!X509V3_EXT_add(extlist)) return 0;
+	return 1;
+}
+
+int X509V3_EXT_add_alias(int nid_to, int nid_from)
+{
+	X509V3_EXT_METHOD *ext, *tmpext;
+	if(!(ext = X509V3_EXT_get_nid(nid_from))) {
+		X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
+		return 0;
+	}
+	if(!(tmpext = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) {
+		X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	*tmpext = *ext;
+	tmpext->ext_nid = nid_to;
+	tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
+	return X509V3_EXT_add(tmpext);
+}
+
+void X509V3_EXT_cleanup(void)
+{
+	sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free);
+	ext_list = NULL;
+}
+
+static void ext_list_free(X509V3_EXT_METHOD *ext)
+{
+	if(ext->ext_flags & X509V3_EXT_DYNAMIC) OPENSSL_free(ext);
+}
+
+/* Legacy function: we don't need to add standard extensions
+ * any more because they are now kept in ext_dat.h.
+ */
+
+int X509V3_add_standard_extensions(void)
+{
+	return 1;
+}
+
+/* Return an extension internal structure */
+
+void *X509V3_EXT_d2i(X509_EXTENSION *ext)
+{
+	X509V3_EXT_METHOD *method;
+	unsigned char *p;
+	if(!(method = X509V3_EXT_get(ext))) return NULL;
+	p = ext->value->data;
+	if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
+	return method->d2i(NULL, &p, ext->value->length);
+}
+
+/* Get critical flag and decoded version of extension from a NID.
+ * The "idx" variable returns the last found extension and can
+ * be used to retrieve multiple extensions of the same NID.
+ * However multiple extensions with the same NID is usually
+ * due to a badly encoded certificate so if idx is NULL we
+ * choke if multiple extensions exist.
+ * The "crit" variable is set to the critical value.
+ * The return value is the decoded extension or NULL on
+ * error. The actual error can have several different causes,
+ * the value of *crit reflects the cause:
+ * >= 0, extension found but not decoded (reflects critical value).
+ * -1 extension not found.
+ * -2 extension occurs more than once.
+ */
+
+void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
+{
+	int lastpos, i;
+	X509_EXTENSION *ex, *found_ex = NULL;
+	if(!x) {
+		if(idx) *idx = -1;
+		if(crit) *crit = -1;
+		return NULL;
+	}
+	if(idx) lastpos = *idx + 1;
+	else lastpos = 0;
+	if(lastpos < 0) lastpos = 0;
+	for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++)
+	{
+		ex = sk_X509_EXTENSION_value(x, i);
+		if(OBJ_obj2nid(ex->object) == nid) {
+			if(idx) {
+				*idx = i;
+				break;
+			} else if(found_ex) {
+				/* Found more than one */
+				if(crit) *crit = -2;
+				return NULL;
+			}
+			found_ex = ex;
+		}
+	}
+	if(found_ex) {
+		/* Found it */
+		if(crit) *crit = X509_EXTENSION_get_critical(found_ex);
+		return X509V3_EXT_d2i(found_ex);
+	}
+
+	/* Extension not found */
+	if(idx) *idx = -1;
+	if(crit) *crit = -1;
+	return NULL;
+}
+
+/* This function is a general extension append, replace and delete utility.
+ * The precise operation is governed by the 'flags' value. The 'crit' and
+ * 'value' arguments (if relevant) are the extensions internal structure.
+ */
+
+int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
+					int crit, unsigned long flags)
+{
+	int extidx = -1;
+	int errcode;
+	X509_EXTENSION *ext, *extmp;
+	unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
+
+	/* If appending we don't care if it exists, otherwise
+	 * look for existing extension.
+	 */
+	if(ext_op != X509V3_ADD_APPEND)
+		extidx = X509v3_get_ext_by_NID(*x, nid, -1);
+
+	/* See if extension exists */
+	if(extidx >= 0) {
+		/* If keep existing, nothing to do */
+		if(ext_op == X509V3_ADD_KEEP_EXISTING)
+			return 1;
+		/* If default then its an error */
+		if(ext_op == X509V3_ADD_DEFAULT) {
+			errcode = X509V3_R_EXTENSION_EXISTS;
+			goto err;
+		}
+		/* If delete, just delete it */
+		if(ext_op == X509V3_ADD_DELETE) {
+			if(!sk_X509_EXTENSION_delete(*x, extidx)) return -1;
+			return 1;
+		}
+	} else {
+		/* If replace existing or delete, error since 
+		 * extension must exist
+		 */
+		if((ext_op == X509V3_ADD_REPLACE_EXISTING) ||
+		   (ext_op == X509V3_ADD_DELETE)) {
+			errcode = X509V3_R_EXTENSION_NOT_FOUND;
+			goto err;
+		}
+	}
+
+	/* If we get this far then we have to create an extension:
+	 * could have some flags for alternative encoding schemes...
+	 */
+
+	ext = X509V3_EXT_i2d(nid, crit, value);
+
+	if(!ext) {
+		X509V3err(X509V3_F_X509V3_ADD_I2D, X509V3_R_ERROR_CREATING_EXTENSION);
+		return 0;
+	}
+
+	/* If extension exists replace it.. */
+	if(extidx >= 0) {
+		extmp = sk_X509_EXTENSION_value(*x, extidx);
+		X509_EXTENSION_free(extmp);
+		if(!sk_X509_EXTENSION_set(*x, extidx, ext)) return -1;
+		return 1;
+	}
+
+	if(!*x && !(*x = sk_X509_EXTENSION_new_null())) return -1;
+	if(!sk_X509_EXTENSION_push(*x, ext)) return -1;
+
+	return 1;
+
+	err:
+	if(!(flags & X509V3_ADD_SILENT))
+		X509V3err(X509V3_F_X509V3_ADD_I2D, errcode);
+	return 0;
+}
+
+IMPLEMENT_STACK_OF(X509V3_EXT_METHOD)
diff --git a/crypto/x509v3/v3_ocsp.c b/crypto/x509v3/v3_ocsp.c
new file mode 100644
index 0000000000..083112314e
--- /dev/null
+++ b/crypto/x509v3/v3_ocsp.c
@@ -0,0 +1,272 @@
+/* v3_ocsp.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509v3.h>
+
+/* OCSP extensions and a couple of CRL entry extensions
+ */
+
+static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent);
+
+static void *ocsp_nonce_new(void);
+static int i2d_ocsp_nonce(void *a, unsigned char **pp);
+static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length);
+static void ocsp_nonce_free(void *a);
+static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+
+static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);
+
+X509V3_EXT_METHOD v3_ocsp_crlid = {
+	NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
+	0,0,0,0,
+	0,0,
+	0,0,
+	i2r_ocsp_crlid,0,
+	NULL
+};
+
+X509V3_EXT_METHOD v3_ocsp_acutoff = {
+	NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+	0,0,0,0,
+	0,0,
+	0,0,
+	i2r_ocsp_acutoff,0,
+	NULL
+};
+
+X509V3_EXT_METHOD v3_crl_invdate = {
+	NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+	0,0,0,0,
+	0,0,
+	0,0,
+	i2r_ocsp_acutoff,0,
+	NULL
+};
+
+X509V3_EXT_METHOD v3_crl_hold = {
+	NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
+	0,0,0,0,
+	0,0,
+	0,0,
+	i2r_object,0,
+	NULL
+};
+
+X509V3_EXT_METHOD v3_ocsp_nonce = {
+	NID_id_pkix_OCSP_Nonce, 0, NULL,
+	ocsp_nonce_new,
+	ocsp_nonce_free,
+	d2i_ocsp_nonce,
+	i2d_ocsp_nonce,
+	0,0,
+	0,0,
+	i2r_ocsp_nonce,0,
+	NULL
+};
+
+X509V3_EXT_METHOD v3_ocsp_nocheck = {
+	NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
+	0,0,0,0,
+	0,s2i_ocsp_nocheck,
+	0,0,
+	i2r_ocsp_nocheck,0,
+	NULL
+};
+
+X509V3_EXT_METHOD v3_ocsp_serviceloc = {
+	NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
+	0,0,0,0,
+	0,0,
+	0,0,
+	i2r_ocsp_serviceloc,0,
+	NULL
+};
+
+static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+{
+	OCSP_CRLID *a = in;
+	if (a->crlUrl)
+	        {
+		if (!BIO_printf(bp, "%*scrlUrl: ", ind, "")) goto err;
+		if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err;
+		if (!BIO_write(bp, "\n", 1)) goto err;
+		}
+	if (a->crlNum)
+	        {
+		if (!BIO_printf(bp, "%*scrlNum: ", ind, "")) goto err;
+		if (!i2a_ASN1_INTEGER(bp, a->crlNum)) goto err;
+		if (!BIO_write(bp, "\n", 1)) goto err;
+		}
+	if (a->crlTime)
+	        {
+		if (!BIO_printf(bp, "%*scrlTime: ", ind, "")) goto err;
+		if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err;
+		if (!BIO_write(bp, "\n", 1)) goto err;
+		}
+	return 1;
+	err:
+	return 0;
+}
+
+static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind)
+{
+	if (!BIO_printf(bp, "%*s", ind, "")) return 0;
+	if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;
+	return 1;
+}
+
+
+static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
+{
+	if (!BIO_printf(bp, "%*s", ind, "")) return 0;
+	if(!i2a_ASN1_OBJECT(bp, oid)) return 0;
+	return 1;
+}
+
+/* OCSP nonce. This is needs special treatment because it doesn't have
+ * an ASN1 encoding at all: it just contains arbitrary data.
+ */
+
+static void *ocsp_nonce_new(void)
+{
+	return ASN1_OCTET_STRING_new();
+}
+
+static int i2d_ocsp_nonce(void *a, unsigned char **pp)
+{
+	ASN1_OCTET_STRING *os = a;
+	if(pp) {
+		memcpy(*pp, os->data, os->length);
+		*pp += os->length;
+	}
+	return os->length;
+}
+
+static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length)
+{
+	ASN1_OCTET_STRING *os, **pos;
+	pos = a;
+	if(!pos || !*pos) os = ASN1_OCTET_STRING_new();
+	else os = *pos;
+	if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err;
+
+	*pp += length;
+
+	if(pos) *pos = os;
+	return os;
+
+	err:
+	if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os);
+	OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
+	return NULL;
+}
+
+static void ocsp_nonce_free(void *a)
+{
+	M_ASN1_OCTET_STRING_free(a);
+}
+
+static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent)
+{
+	if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
+	if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
+	return 1;
+}
+
+/* Nocheck is just a single NULL. Don't print anything and always set it */
+
+static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent)
+{
+	return 1;
+}
+
+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str)
+{
+	return ASN1_NULL_new();
+}
+
+static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+        {
+	int i;
+	OCSP_SERVICELOC *a = in;
+	ACCESS_DESCRIPTION *ad;
+
+        if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err;
+        if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err;
+	for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
+	        {
+				ad = sk_ACCESS_DESCRIPTION_value(a->locator,i);
+				if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0) 
+					goto err;
+				if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err;
+				if(BIO_puts(bp, " - ") <= 0) goto err;
+				if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err;
+		}
+	return 1;
+err:
+	return 0;
+	}
diff --git a/crypto/x509v3/v3_pku.c b/crypto/x509v3/v3_pku.c
new file mode 100644
index 0000000000..49a2e4697a
--- /dev/null
+++ b/crypto/x509v3/v3_pku.c
@@ -0,0 +1,108 @@
+/* v3_pku.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
+/*
+static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+*/
+X509V3_EXT_METHOD v3_pkey_usage_period = {
+NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
+0,0,0,0,
+0,0,0,0,
+(X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
+NULL
+};
+
+ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = {
+	ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0),
+	ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1)
+} ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
+
+static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
+	     PKEY_USAGE_PERIOD *usage, BIO *out, int indent)
+{
+	BIO_printf(out, "%*s", indent, "");
+	if(usage->notBefore) {
+		BIO_write(out, "Not Before: ", 12);
+		ASN1_GENERALIZEDTIME_print(out, usage->notBefore);
+		if(usage->notAfter) BIO_write(out, ", ", 2);
+	}
+	if(usage->notAfter) {
+		BIO_write(out, "Not After: ", 11);
+		ASN1_GENERALIZEDTIME_print(out, usage->notAfter);
+	}
+	return 1;
+}
+
+/*
+static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values)
+X509V3_EXT_METHOD *method;
+X509V3_CTX *ctx;
+STACK_OF(CONF_VALUE) *values;
+{
+return NULL;
+}
+*/
diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c
new file mode 100644
index 0000000000..aeaf6170fe
--- /dev/null
+++ b/crypto/x509v3/v3_prn.c
@@ -0,0 +1,233 @@
+/* v3_prn.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+/* Extension printing routines */
+
+static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported);
+
+/* Print out a name+value stack */
+
+void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
+{
+	int i;
+	CONF_VALUE *nval;
+	if(!val) return;
+	if(!ml || !sk_CONF_VALUE_num(val)) {
+		BIO_printf(out, "%*s", indent, "");
+		if(!sk_CONF_VALUE_num(val)) BIO_puts(out, "<EMPTY>\n");
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(val); i++) {
+		if(ml) BIO_printf(out, "%*s", indent, "");
+		else if(i > 0) BIO_printf(out, ", ");
+		nval = sk_CONF_VALUE_value(val, i);
+		if(!nval->name) BIO_puts(out, nval->value);
+		else if(!nval->value) BIO_puts(out, nval->name);
+#ifndef CHARSET_EBCDIC
+		else BIO_printf(out, "%s:%s", nval->name, nval->value);
+#else
+		else {
+			int len;
+			char *tmp;
+			len = strlen(nval->value)+1;
+			tmp = OPENSSL_malloc(len);
+			if (tmp)
+			{
+				ascii2ebcdic(tmp, nval->value, len);
+				BIO_printf(out, "%s:%s", nval->name, tmp);
+				OPENSSL_free(tmp);
+			}
+		}
+#endif
+		if(ml) BIO_puts(out, "\n");
+	}
+}
+
+/* Main routine: print out a general extension */
+
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent)
+{
+	void *ext_str = NULL;
+	char *value = NULL;
+	unsigned char *p;
+	X509V3_EXT_METHOD *method;	
+	STACK_OF(CONF_VALUE) *nval = NULL;
+	int ok = 1;
+	if(!(method = X509V3_EXT_get(ext)))
+		return unknown_ext_print(out, ext, flag, indent, 0);
+	p = ext->value->data;
+	if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
+	else ext_str = method->d2i(NULL, &p, ext->value->length);
+
+	if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1);
+
+	if(method->i2s) {
+		if(!(value = method->i2s(method, ext_str))) {
+			ok = 0;
+			goto err;
+		}
+#ifndef CHARSET_EBCDIC
+		BIO_printf(out, "%*s%s", indent, "", value);
+#else
+		{
+			int len;
+			char *tmp;
+			len = strlen(value)+1;
+			tmp = OPENSSL_malloc(len);
+			if (tmp)
+			{
+				ascii2ebcdic(tmp, value, len);
+				BIO_printf(out, "%*s%s", indent, "", tmp);
+				OPENSSL_free(tmp);
+			}
+		}
+#endif
+	} else if(method->i2v) {
+		if(!(nval = method->i2v(method, ext_str, NULL))) {
+			ok = 0;
+			goto err;
+		}
+		X509V3_EXT_val_prn(out, nval, indent,
+				 method->ext_flags & X509V3_EXT_MULTILINE);
+	} else if(method->i2r) {
+		if(!method->i2r(method, ext_str, out, indent)) ok = 0;
+	} else ok = 0;
+
+	err:
+		sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+		if(value) OPENSSL_free(value);
+		if(method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
+		else method->ext_free(ext_str);
+		return ok;
+}
+
+int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent)
+{
+	int i, j;
+
+	if(sk_X509_EXTENSION_num(exts) <= 0) return 1;
+
+	if(title) 
+		{
+		BIO_printf(bp,"%*s%s:\n",indent, "", title);
+		indent += 4;
+		}
+
+	for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
+		{
+		ASN1_OBJECT *obj;
+		X509_EXTENSION *ex;
+		ex=sk_X509_EXTENSION_value(exts, i);
+		if (BIO_printf(bp,"%*s",indent, "") <= 0) return 0;
+		obj=X509_EXTENSION_get_object(ex);
+		i2a_ASN1_OBJECT(bp,obj);
+		j=X509_EXTENSION_get_critical(ex);
+		if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
+			return 0;
+		if(!X509V3_EXT_print(bp, ex, flag, 12))
+			{
+			BIO_printf(bp, "%*s", indent + 4, "");
+			M_ASN1_OCTET_STRING_print(bp,ex->value);
+			}
+		if (BIO_write(bp,"\n",1) <= 0) return 0;
+		}
+	return 1;
+}
+
+static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported)
+{
+	switch(flag & X509V3_EXT_UNKNOWN_MASK) {
+
+		case X509V3_EXT_DEFAULT:
+		return 0;
+
+		case X509V3_EXT_ERROR_UNKNOWN:
+		if(supported)
+			BIO_printf(out, "%*s<Parse Error>", indent, "");
+		else
+			BIO_printf(out, "%*s<Not Supported>", indent, "");
+		return 1;
+
+		case X509V3_EXT_PARSE_UNKNOWN:
+			return ASN1_parse_dump(out,
+				ext->value->data, ext->value->length, indent, -1);
+		case X509V3_EXT_DUMP_UNKNOWN:
+			return BIO_dump_indent(out, (char *)ext->value->data, ext->value->length, indent);
+
+		default:
+		return 1;
+	}
+}
+	
+
+#ifndef OPENSSL_NO_FP_API
+int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
+{
+	BIO *bio_tmp;
+	int ret;
+	if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0;
+	ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
+	BIO_free(bio_tmp);
+	return ret;
+}
+#endif
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
new file mode 100644
index 0000000000..b739e4fd83
--- /dev/null
+++ b/crypto/x509v3/v3_purp.c
@@ -0,0 +1,625 @@
+/* v3_purp.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509v3.h>
+#include <openssl/x509_vfy.h>
+
+static void x509v3_cache_extensions(X509 *x);
+
+static int ca_check(const X509 *x);
+static int check_ssl_ca(const X509 *x);
+static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int purpose_smime(const X509 *x, int ca);
+static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
+
+static int xp_cmp(const X509_PURPOSE * const *a,
+		const X509_PURPOSE * const *b);
+static void xptable_free(X509_PURPOSE *p);
+
+static X509_PURPOSE xstandard[] = {
+	{X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL},
+	{X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL},
+	{X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
+	{X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},
+	{X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
+	{X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
+	{X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},
+	{X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},
+};
+
+#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
+
+IMPLEMENT_STACK_OF(X509_PURPOSE)
+
+static STACK_OF(X509_PURPOSE) *xptable = NULL;
+
+static int xp_cmp(const X509_PURPOSE * const *a,
+		const X509_PURPOSE * const *b)
+{
+	return (*a)->purpose - (*b)->purpose;
+}
+
+/* As much as I'd like to make X509_check_purpose use a "const" X509*
+ * I really can't because it does recalculate hashes and do other non-const
+ * things. */
+int X509_check_purpose(X509 *x, int id, int ca)
+{
+	int idx;
+	const X509_PURPOSE *pt;
+	if(!(x->ex_flags & EXFLAG_SET)) {
+		CRYPTO_w_lock(CRYPTO_LOCK_X509);
+		x509v3_cache_extensions(x);
+		CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+	}
+	if(id == -1) return 1;
+	idx = X509_PURPOSE_get_by_id(id);
+	if(idx == -1) return -1;
+	pt = X509_PURPOSE_get0(idx);
+	return pt->check_purpose(pt, x, ca);
+}
+
+int X509_PURPOSE_set(int *p, int purpose)
+{
+	if(X509_PURPOSE_get_by_id(purpose) == -1) {
+		X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);
+		return 0;
+	}
+	*p = purpose;
+	return 1;
+}
+
+int X509_PURPOSE_get_count(void)
+{
+	if(!xptable) return X509_PURPOSE_COUNT;
+	return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
+}
+
+X509_PURPOSE * X509_PURPOSE_get0(int idx)
+{
+	if(idx < 0) return NULL;
+	if(idx < X509_PURPOSE_COUNT) return xstandard + idx;
+	return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
+}
+
+int X509_PURPOSE_get_by_sname(char *sname)
+{
+	int i;
+	X509_PURPOSE *xptmp;
+	for(i = 0; i < X509_PURPOSE_get_count(); i++) {
+		xptmp = X509_PURPOSE_get0(i);
+		if(!strcmp(xptmp->sname, sname)) return i;
+	}
+	return -1;
+}
+
+int X509_PURPOSE_get_by_id(int purpose)
+{
+	X509_PURPOSE tmp;
+	int idx;
+	if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
+		return purpose - X509_PURPOSE_MIN;
+	tmp.purpose = purpose;
+	if(!xptable) return -1;
+	idx = sk_X509_PURPOSE_find(xptable, &tmp);
+	if(idx == -1) return -1;
+	return idx + X509_PURPOSE_COUNT;
+}
+
+int X509_PURPOSE_add(int id, int trust, int flags,
+			int (*ck)(const X509_PURPOSE *, const X509 *, int),
+					char *name, char *sname, void *arg)
+{
+	int idx;
+	X509_PURPOSE *ptmp;
+	/* This is set according to what we change: application can't set it */
+	flags &= ~X509_PURPOSE_DYNAMIC;
+	/* This will always be set for application modified trust entries */
+	flags |= X509_PURPOSE_DYNAMIC_NAME;
+	/* Get existing entry if any */
+	idx = X509_PURPOSE_get_by_id(id);
+	/* Need a new entry */
+	if(idx == -1) {
+		if(!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
+			X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
+			return 0;
+		}
+		ptmp->flags = X509_PURPOSE_DYNAMIC;
+	} else ptmp = X509_PURPOSE_get0(idx);
+
+	/* OPENSSL_free existing name if dynamic */
+	if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
+		OPENSSL_free(ptmp->name);
+		OPENSSL_free(ptmp->sname);
+	}
+	/* dup supplied name */
+	ptmp->name = BUF_strdup(name);
+	ptmp->sname = BUF_strdup(sname);
+	if(!ptmp->name || !ptmp->sname) {
+		X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+	/* Keep the dynamic flag of existing entry */
+	ptmp->flags &= X509_PURPOSE_DYNAMIC;
+	/* Set all other flags */
+	ptmp->flags |= flags;
+
+	ptmp->purpose = id;
+	ptmp->trust = trust;
+	ptmp->check_purpose = ck;
+	ptmp->usr_data = arg;
+
+	/* If its a new entry manage the dynamic table */
+	if(idx == -1) {
+		if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
+			X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
+			return 0;
+		}
+		if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
+			X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
+			return 0;
+		}
+	}
+	return 1;
+}
+
+static void xptable_free(X509_PURPOSE *p)
+	{
+	if(!p) return;
+	if (p->flags & X509_PURPOSE_DYNAMIC) 
+		{
+		if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
+			OPENSSL_free(p->name);
+			OPENSSL_free(p->sname);
+		}
+		OPENSSL_free(p);
+		}
+	}
+
+void X509_PURPOSE_cleanup(void)
+{
+	int i;
+	sk_X509_PURPOSE_pop_free(xptable, xptable_free);
+	for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i);
+	xptable = NULL;
+}
+
+int X509_PURPOSE_get_id(X509_PURPOSE *xp)
+{
+	return xp->purpose;
+}
+
+char *X509_PURPOSE_get0_name(X509_PURPOSE *xp)
+{
+	return xp->name;
+}
+
+char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp)
+{
+	return xp->sname;
+}
+
+int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
+{
+	return xp->trust;
+}
+
+static int nid_cmp(int *a, int *b)
+	{
+	return *a - *b;
+	}
+
+int X509_supported_extension(X509_EXTENSION *ex)
+	{
+	/* This table is a list of the NIDs of supported extensions:
+	 * that is those which are used by the verify process. If
+	 * an extension is critical and doesn't appear in this list
+	 * then the verify process will normally reject the certificate.
+	 * The list must be kept in numerical order because it will be
+	 * searched using bsearch.
+	 */
+
+	static int supported_nids[] = {
+		NID_netscape_cert_type, /* 71 */
+        	NID_key_usage,		/* 83 */
+		NID_subject_alt_name,	/* 85 */
+		NID_basic_constraints,	/* 87 */
+        	NID_ext_key_usage	/* 126 */
+	};
+
+	int ex_nid;
+
+	ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
+
+	if (ex_nid == NID_undef) 
+		return 0;
+
+	if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids,
+		sizeof(supported_nids)/sizeof(int), sizeof(int),
+		(int (*)(const void *, const void *))nid_cmp))
+		return 1;
+	return 0;
+	}
+ 
+
+static void x509v3_cache_extensions(X509 *x)
+{
+	BASIC_CONSTRAINTS *bs;
+	ASN1_BIT_STRING *usage;
+	ASN1_BIT_STRING *ns;
+	EXTENDED_KEY_USAGE *extusage;
+	X509_EXTENSION *ex;
+	
+	int i;
+	if(x->ex_flags & EXFLAG_SET) return;
+#ifndef OPENSSL_NO_SHA
+	X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
+#endif
+	/* Does subject name match issuer ? */
+	if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
+			 x->ex_flags |= EXFLAG_SS;
+	/* V1 should mean no extensions ... */
+	if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1;
+	/* Handle basic constraints */
+	if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
+		if(bs->ca) x->ex_flags |= EXFLAG_CA;
+		if(bs->pathlen) {
+			if((bs->pathlen->type == V_ASN1_NEG_INTEGER)
+						|| !bs->ca) {
+				x->ex_flags |= EXFLAG_INVALID;
+				x->ex_pathlen = 0;
+			} else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
+		} else x->ex_pathlen = -1;
+		BASIC_CONSTRAINTS_free(bs);
+		x->ex_flags |= EXFLAG_BCONS;
+	}
+	/* Handle key usage */
+	if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
+		if(usage->length > 0) {
+			x->ex_kusage = usage->data[0];
+			if(usage->length > 1) 
+				x->ex_kusage |= usage->data[1] << 8;
+		} else x->ex_kusage = 0;
+		x->ex_flags |= EXFLAG_KUSAGE;
+		ASN1_BIT_STRING_free(usage);
+	}
+	x->ex_xkusage = 0;
+	if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {
+		x->ex_flags |= EXFLAG_XKUSAGE;
+		for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
+			switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) {
+				case NID_server_auth:
+				x->ex_xkusage |= XKU_SSL_SERVER;
+				break;
+
+				case NID_client_auth:
+				x->ex_xkusage |= XKU_SSL_CLIENT;
+				break;
+
+				case NID_email_protect:
+				x->ex_xkusage |= XKU_SMIME;
+				break;
+
+				case NID_code_sign:
+				x->ex_xkusage |= XKU_CODE_SIGN;
+				break;
+
+				case NID_ms_sgc:
+				case NID_ns_sgc:
+				x->ex_xkusage |= XKU_SGC;
+				break;
+
+				case NID_OCSP_sign:
+				x->ex_xkusage |= XKU_OCSP_SIGN;
+				break;
+
+				case NID_time_stamp:
+				x->ex_xkusage |= XKU_TIMESTAMP;
+				break;
+			}
+		}
+		sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
+	}
+
+	if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {
+		if(ns->length > 0) x->ex_nscert = ns->data[0];
+		else x->ex_nscert = 0;
+		x->ex_flags |= EXFLAG_NSCERT;
+		ASN1_BIT_STRING_free(ns);
+	}
+	x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
+	x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
+	for (i = 0; i < X509_get_ext_count(x); i++)
+		{
+		ex = X509_get_ext(x, i);
+		if (!X509_EXTENSION_get_critical(ex))
+			continue;
+		if (!X509_supported_extension(ex))
+			{
+			x->ex_flags |= EXFLAG_CRITICAL;
+			break;
+			}
+		}
+	x->ex_flags |= EXFLAG_SET;
+}
+
+/* CA checks common to all purposes
+ * return codes:
+ * 0 not a CA
+ * 1 is a CA
+ * 2 basicConstraints absent so "maybe" a CA
+ * 3 basicConstraints absent but self signed V1.
+ */
+
+#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
+#define ku_reject(x, usage) \
+	(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
+#define xku_reject(x, usage) \
+	(((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
+#define ns_reject(x, usage) \
+	(((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
+
+static int ca_check(const X509 *x)
+{
+	/* keyUsage if present should allow cert signing */
+	if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0;
+	if(x->ex_flags & EXFLAG_BCONS) {
+		if(x->ex_flags & EXFLAG_CA) return 1;
+		/* If basicConstraints says not a CA then say so */
+		else return 0;
+	} else {
+		if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
+		/* If key usage present it must have certSign so tolerate it */
+		else if (x->ex_flags & EXFLAG_KUSAGE) return 3;
+		else return 2;
+	}
+}
+
+/* Check SSL CA: common checks for SSL client and server */
+static int check_ssl_ca(const X509 *x)
+{
+	int ca_ret;
+	ca_ret = ca_check(x);
+	if(!ca_ret) return 0;
+	/* check nsCertType if present */
+	if(x->ex_flags & EXFLAG_NSCERT) {
+		if(x->ex_nscert & NS_SSL_CA) return ca_ret;
+		return 0;
+	}
+	if(ca_ret != 2) return ca_ret;
+	else return 0;
+}
+
+
+static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+	if(xku_reject(x,XKU_SSL_CLIENT)) return 0;
+	if(ca) return check_ssl_ca(x);
+	/* We need to do digital signatures with it */
+	if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0;
+	/* nsCertType if present should allow SSL client use */	
+	if(ns_reject(x, NS_SSL_CLIENT)) return 0;
+	return 1;
+}
+
+static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+	if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0;
+	if(ca) return check_ssl_ca(x);
+
+	if(ns_reject(x, NS_SSL_SERVER)) return 0;
+	/* Now as for keyUsage: we'll at least need to sign OR encipher */
+	if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) return 0;
+	
+	return 1;
+
+}
+
+static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+	int ret;
+	ret = check_purpose_ssl_server(xp, x, ca);
+	if(!ret || ca) return ret;
+	/* We need to encipher or Netscape complains */
+	if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
+	return ret;
+}
+
+/* common S/MIME checks */
+static int purpose_smime(const X509 *x, int ca)
+{
+	if(xku_reject(x,XKU_SMIME)) return 0;
+	if(ca) {
+		int ca_ret;
+		ca_ret = ca_check(x);
+		if(!ca_ret) return 0;
+		/* check nsCertType if present */
+		if(x->ex_flags & EXFLAG_NSCERT) {
+			if(x->ex_nscert & NS_SMIME_CA) return ca_ret;
+			return 0;
+		}
+		if(ca_ret != 2) return ca_ret;
+		else return 0;
+	}
+	if(x->ex_flags & EXFLAG_NSCERT) {
+		if(x->ex_nscert & NS_SMIME) return 1;
+		/* Workaround for some buggy certificates */
+		if(x->ex_nscert & NS_SSL_CLIENT) return 2;
+		return 0;
+	}
+	return 1;
+}
+
+static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+	int ret;
+	ret = purpose_smime(x, ca);
+	if(!ret || ca) return ret;
+	if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0;
+	return ret;
+}
+
+static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+	int ret;
+	ret = purpose_smime(x, ca);
+	if(!ret || ca) return ret;
+	if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
+	return ret;
+}
+
+static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+	if(ca) {
+		int ca_ret;
+		if((ca_ret = ca_check(x)) != 2) return ca_ret;
+		else return 0;
+	}
+	if(ku_reject(x, KU_CRL_SIGN)) return 0;
+	return 1;
+}
+
+/* OCSP helper: this is *not* a full OCSP check. It just checks that
+ * each CA is valid. Additional checks must be made on the chain.
+ */
+
+static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+	/* Must be a valid CA */
+	if(ca) {
+		int ca_ret;
+		ca_ret = ca_check(x);
+		if(ca_ret != 2) return ca_ret;
+		if(x->ex_flags & EXFLAG_NSCERT) {
+			if(x->ex_nscert & NS_ANY_CA) return ca_ret;
+			return 0;
+		}
+		return 0;
+	}
+	/* leaf certificate is checked in OCSP_verify() */
+	return 1;
+}
+
+static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+	return 1;
+}
+
+/* Various checks to see if one certificate issued the second.
+ * This can be used to prune a set of possible issuer certificates
+ * which have been looked up using some simple method such as by
+ * subject name.
+ * These are:
+ * 1. Check issuer_name(subject) == subject_name(issuer)
+ * 2. If akid(subject) exists check it matches issuer
+ * 3. If key_usage(issuer) exists check it supports certificate signing
+ * returns 0 for OK, positive for reason for mismatch, reasons match
+ * codes for X509_verify_cert()
+ */
+
+int X509_check_issued(X509 *issuer, X509 *subject)
+{
+	if(X509_NAME_cmp(X509_get_subject_name(issuer),
+			X509_get_issuer_name(subject)))
+				return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
+	x509v3_cache_extensions(issuer);
+	x509v3_cache_extensions(subject);
+	if(subject->akid) {
+		/* Check key ids (if present) */
+		if(subject->akid->keyid && issuer->skid &&
+		 ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid) )
+				return X509_V_ERR_AKID_SKID_MISMATCH;
+		/* Check serial number */
+		if(subject->akid->serial &&
+			ASN1_INTEGER_cmp(X509_get_serialNumber(issuer),
+						subject->akid->serial))
+				return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+		/* Check issuer name */
+		if(subject->akid->issuer) {
+			/* Ugh, for some peculiar reason AKID includes
+			 * SEQUENCE OF GeneralName. So look for a DirName.
+			 * There may be more than one but we only take any
+			 * notice of the first.
+			 */
+			GENERAL_NAMES *gens;
+			GENERAL_NAME *gen;
+			X509_NAME *nm = NULL;
+			int i;
+			gens = subject->akid->issuer;
+			for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+				gen = sk_GENERAL_NAME_value(gens, i);
+				if(gen->type == GEN_DIRNAME) {
+					nm = gen->d.dirn;
+					break;
+				}
+			}
+			if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
+				return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+		}
+	}
+	if(ku_reject(issuer, KU_KEY_CERT_SIGN)) return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
+	return X509_V_OK;
+}
+
diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c
new file mode 100644
index 0000000000..c0f044ac1b
--- /dev/null
+++ b/crypto/x509v3/v3_skey.c
@@ -0,0 +1,144 @@
+/* v3_skey.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509v3.h>
+
+static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+X509V3_EXT_METHOD v3_skey_id = { 
+NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
+0,0,0,0,
+(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
+(X509V3_EXT_S2I)s2i_skey_id,
+0,0,0,0,
+NULL};
+
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+	     ASN1_OCTET_STRING *oct)
+{
+	return hex_to_string(oct->data, oct->length);
+}
+
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+	     X509V3_CTX *ctx, char *str)
+{
+	ASN1_OCTET_STRING *oct;
+	long length;
+
+	if(!(oct = M_ASN1_OCTET_STRING_new())) {
+		X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	if(!(oct->data = string_to_hex(str, &length))) {
+		M_ASN1_OCTET_STRING_free(oct);
+		return NULL;
+	}
+
+	oct->length = length;
+
+	return oct;
+
+}
+
+static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
+	     X509V3_CTX *ctx, char *str)
+{
+	ASN1_OCTET_STRING *oct;
+	ASN1_BIT_STRING *pk;
+	unsigned char pkey_dig[EVP_MAX_MD_SIZE];
+	unsigned int diglen;
+
+	if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
+
+	if(!(oct = M_ASN1_OCTET_STRING_new())) {
+		X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+
+	if(ctx && (ctx->flags == CTX_TEST)) return oct;
+
+	if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
+		X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
+		goto err;
+	}
+
+	if(ctx->subject_req) 
+		pk = ctx->subject_req->req_info->pubkey->public_key;
+	else pk = ctx->subject_cert->cert_info->key->public_key;
+
+	if(!pk) {
+		X509V3err(X509V3_F_S2I_ASN1_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
+		goto err;
+	}
+
+	EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL);
+
+	if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
+		X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+
+	return oct;
+	
+	err:
+	M_ASN1_OCTET_STRING_free(oct);
+	return NULL;
+}
diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c
new file mode 100644
index 0000000000..d3f4ba3a72
--- /dev/null
+++ b/crypto/x509v3/v3_sxnet.c
@@ -0,0 +1,262 @@
+/* v3_sxnet.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+/* Support for Thawte strong extranet extension */
+
+#define SXNET_TEST
+
+static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent);
+#ifdef SXNET_TEST
+static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+						STACK_OF(CONF_VALUE) *nval);
+#endif
+X509V3_EXT_METHOD v3_sxnet = {
+NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
+0,0,0,0,
+0,0,
+0, 
+#ifdef SXNET_TEST
+(X509V3_EXT_V2I)sxnet_v2i,
+#else
+0,
+#endif
+(X509V3_EXT_I2R)sxnet_i2r,
+0,
+NULL
+};
+
+ASN1_SEQUENCE(SXNETID) = {
+	ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
+	ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(SXNETID)
+
+IMPLEMENT_ASN1_FUNCTIONS(SXNETID)
+
+ASN1_SEQUENCE(SXNET) = {
+	ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
+	ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
+} ASN1_SEQUENCE_END(SXNET)
+
+IMPLEMENT_ASN1_FUNCTIONS(SXNET)
+
+static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
+	     int indent)
+{
+	long v;
+	char *tmp;
+	SXNETID *id;
+	int i;
+	v = ASN1_INTEGER_get(sx->version);
+	BIO_printf(out, "%*sVersion: %d (0x%X)", indent, "", v + 1, v);
+	for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
+		id = sk_SXNETID_value(sx->ids, i);
+		tmp = i2s_ASN1_INTEGER(NULL, id->zone);
+		BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
+		OPENSSL_free(tmp);
+		M_ASN1_OCTET_STRING_print(out, id->user);
+	}
+	return 1;
+}
+
+#ifdef SXNET_TEST
+
+/* NBB: this is used for testing only. It should *not* be used for anything
+ * else because it will just take static IDs from the configuration file and
+ * they should really be separate values for each user.
+ */
+
+
+static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+	     STACK_OF(CONF_VALUE) *nval)
+{
+	CONF_VALUE *cnf;
+	SXNET *sx = NULL;
+	int i;
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		cnf = sk_CONF_VALUE_value(nval, i);
+		if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
+								 return NULL;
+	}
+	return sx;
+}
+		
+	
+#endif
+
+/* Strong Extranet utility functions */
+
+/* Add an id given the zone as an ASCII number */
+
+int SXNET_add_id_asc(SXNET **psx, char *zone, char *user,
+	     int userlen)
+{
+	ASN1_INTEGER *izone = NULL;
+	if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
+		X509V3err(X509V3_F_SXNET_ADD_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
+		return 0;
+	}
+	return SXNET_add_id_INTEGER(psx, izone, user, userlen);
+}
+
+/* Add an id given the zone as an unsigned long */
+
+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
+	     int userlen)
+{
+	ASN1_INTEGER *izone = NULL;
+	if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
+		X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE);
+		M_ASN1_INTEGER_free(izone);
+		return 0;
+	}
+	return SXNET_add_id_INTEGER(psx, izone, user, userlen);
+	
+}
+
+/* Add an id given the zone as an ASN1_INTEGER.
+ * Note this version uses the passed integer and doesn't make a copy so don't
+ * free it up afterwards.
+ */
+
+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
+	     int userlen)
+{
+	SXNET *sx = NULL;
+	SXNETID *id = NULL;
+	if(!psx || !zone || !user) {
+		X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_INVALID_NULL_ARGUMENT);
+		return 0;
+	}
+	if(userlen == -1) userlen = strlen(user);
+	if(userlen > 64) {
+		X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_USER_TOO_LONG);
+		return 0;
+	}
+	if(!*psx) {
+		if(!(sx = SXNET_new())) goto err;
+		if(!ASN1_INTEGER_set(sx->version, 0)) goto err;
+		*psx = sx;
+	} else sx = *psx;
+	if(SXNET_get_id_INTEGER(sx, zone)) {
+		X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_DUPLICATE_ZONE_ID);
+		return 0;
+	}
+
+	if(!(id = SXNETID_new())) goto err;
+	if(userlen == -1) userlen = strlen(user);
+		
+	if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err;
+	if(!sk_SXNETID_push(sx->ids, id)) goto err;
+	id->zone = zone;
+	return 1;
+	
+	err:
+	X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,ERR_R_MALLOC_FAILURE);
+	SXNETID_free(id);
+	SXNET_free(sx);
+	*psx = NULL;
+	return 0;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
+{
+	ASN1_INTEGER *izone = NULL;
+	ASN1_OCTET_STRING *oct;
+	if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
+		X509V3err(X509V3_F_SXNET_GET_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
+		return NULL;
+	}
+	oct = SXNET_get_id_INTEGER(sx, izone);
+	M_ASN1_INTEGER_free(izone);
+	return oct;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
+{
+	ASN1_INTEGER *izone = NULL;
+	ASN1_OCTET_STRING *oct;
+	if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
+		X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE);
+		M_ASN1_INTEGER_free(izone);
+		return NULL;
+	}
+	oct = SXNET_get_id_INTEGER(sx, izone);
+	M_ASN1_INTEGER_free(izone);
+	return oct;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
+{
+	SXNETID *id;
+	int i;
+	for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
+		id = sk_SXNETID_value(sx->ids, i);
+		if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user;
+	}
+	return NULL;
+}
+
+IMPLEMENT_STACK_OF(SXNETID)
+IMPLEMENT_ASN1_SET_OF(SXNETID)
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
new file mode 100644
index 0000000000..a11243db8f
--- /dev/null
+++ b/crypto/x509v3/v3_utl.c
@@ -0,0 +1,536 @@
+/* v3_utl.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* X509 v3 extension utilities */
+
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+static char *strip_spaces(char *name);
+static int sk_strcmp(const char * const *a, const char * const *b);
+static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens);
+static void str_free(void *str);
+static int append_ia5(STACK **sk, ASN1_IA5STRING *email);
+
+/* Add a CONF_VALUE name value pair to stack */
+
+int X509V3_add_value(const char *name, const char *value,
+						STACK_OF(CONF_VALUE) **extlist)
+{
+	CONF_VALUE *vtmp = NULL;
+	char *tname = NULL, *tvalue = NULL;
+	if(name && !(tname = BUF_strdup(name))) goto err;
+	if(value && !(tvalue = BUF_strdup(value))) goto err;;
+	if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err;
+	if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err;
+	vtmp->section = NULL;
+	vtmp->name = tname;
+	vtmp->value = tvalue;
+	if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err;
+	return 1;
+	err:
+	X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
+	if(vtmp) OPENSSL_free(vtmp);
+	if(tname) OPENSSL_free(tname);
+	if(tvalue) OPENSSL_free(tvalue);
+	return 0;
+}
+
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+			   STACK_OF(CONF_VALUE) **extlist)
+    {
+    return X509V3_add_value(name,(const char *)value,extlist);
+    }
+
+/* Free function for STACK_OF(CONF_VALUE) */
+
+void X509V3_conf_free(CONF_VALUE *conf)
+{
+	if(!conf) return;
+	if(conf->name) OPENSSL_free(conf->name);
+	if(conf->value) OPENSSL_free(conf->value);
+	if(conf->section) OPENSSL_free(conf->section);
+	OPENSSL_free(conf);
+}
+
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+						STACK_OF(CONF_VALUE) **extlist)
+{
+	if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
+	return X509V3_add_value(name, "FALSE", extlist);
+}
+
+int X509V3_add_value_bool_nf(char *name, int asn1_bool,
+						STACK_OF(CONF_VALUE) **extlist)
+{
+	if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
+	return 1;
+}
+
+
+char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)
+{
+	BIGNUM *bntmp = NULL;
+	char *strtmp = NULL;
+	if(!a) return NULL;
+	if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
+	    !(strtmp = BN_bn2dec(bntmp)) )
+		X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
+	BN_free(bntmp);
+	return strtmp;
+}
+
+char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
+{
+	BIGNUM *bntmp = NULL;
+	char *strtmp = NULL;
+	if(!a) return NULL;
+	if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
+	    !(strtmp = BN_bn2dec(bntmp)) )
+		X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+	BN_free(bntmp);
+	return strtmp;
+}
+
+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
+{
+	BIGNUM *bn = NULL;
+	ASN1_INTEGER *aint;
+	int isneg, ishex;
+	int ret;
+	if (!value) {
+		X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE);
+		return 0;
+	}
+	bn = BN_new();
+	if (value[0] == '-') {
+		value++;
+		isneg = 1;
+	} else isneg = 0;
+
+	if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
+		value += 2;
+		ishex = 1;
+	} else ishex = 0;
+
+	if (ishex) ret = BN_hex2bn(&bn, value);
+	else ret = BN_dec2bn(&bn, value);
+
+	if (!ret || value[ret]) {
+		BN_free(bn);
+		X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR);
+		return 0;
+	}
+
+	if (isneg && BN_is_zero(bn)) isneg = 0;
+
+	aint = BN_to_ASN1_INTEGER(bn, NULL);
+	BN_free(bn);
+	if (!aint) {
+		X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
+		return 0;
+	}
+	if (isneg) aint->type |= V_ASN1_NEG;
+	return aint;
+}
+
+int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
+	     STACK_OF(CONF_VALUE) **extlist)
+{
+	char *strtmp;
+	int ret;
+	if(!aint) return 1;
+	if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
+	ret = X509V3_add_value(name, strtmp, extlist);
+	OPENSSL_free(strtmp);
+	return ret;
+}
+
+int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
+{
+	char *btmp;
+	if(!(btmp = value->value)) goto err;
+	if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
+		 || !strcmp(btmp, "Y") || !strcmp(btmp, "y")
+		|| !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
+		*asn1_bool = 0xff;
+		return 1;
+	} else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
+		 || !strcmp(btmp, "N") || !strcmp(btmp, "n")
+		|| !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
+		*asn1_bool = 0;
+		return 1;
+	}
+	err:
+	X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING);
+	X509V3_conf_err(value);
+	return 0;
+}
+
+int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
+{
+	ASN1_INTEGER *itmp;
+	if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
+		X509V3_conf_err(value);
+		return 0;
+	}
+	*aint = itmp;
+	return 1;
+}
+
+#define HDR_NAME	1
+#define HDR_VALUE	2
+
+/*#define DEBUG*/
+
+STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
+{
+	char *p, *q, c;
+	char *ntmp, *vtmp;
+	STACK_OF(CONF_VALUE) *values = NULL;
+	char *linebuf;
+	int state;
+	/* We are going to modify the line so copy it first */
+	linebuf = BUF_strdup(line);
+	state = HDR_NAME;
+	ntmp = NULL;
+	/* Go through all characters */
+	for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
+
+		switch(state) {
+			case HDR_NAME:
+			if(c == ':') {
+				state = HDR_VALUE;
+				*p = 0;
+				ntmp = strip_spaces(q);
+				if(!ntmp) {
+					X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+					goto err;
+				}
+				q = p + 1;
+			} else if(c == ',') {
+				*p = 0;
+				ntmp = strip_spaces(q);
+				q = p + 1;
+#if 0
+				printf("%s\n", ntmp);
+#endif
+				if(!ntmp) {
+					X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+					goto err;
+				}
+				X509V3_add_value(ntmp, NULL, &values);
+			}
+			break ;
+
+			case HDR_VALUE:
+			if(c == ',') {
+				state = HDR_NAME;
+				*p = 0;
+				vtmp = strip_spaces(q);
+#if 0
+				printf("%s\n", ntmp);
+#endif
+				if(!vtmp) {
+					X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
+					goto err;
+				}
+				X509V3_add_value(ntmp, vtmp, &values);
+				ntmp = NULL;
+				q = p + 1;
+			}
+
+		}
+	}
+
+	if(state == HDR_VALUE) {
+		vtmp = strip_spaces(q);
+#if 0
+		printf("%s=%s\n", ntmp, vtmp);
+#endif
+		if(!vtmp) {
+			X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
+			goto err;
+		}
+		X509V3_add_value(ntmp, vtmp, &values);
+	} else {
+		ntmp = strip_spaces(q);
+#if 0
+		printf("%s\n", ntmp);
+#endif
+		if(!ntmp) {
+			X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+			goto err;
+		}
+		X509V3_add_value(ntmp, NULL, &values);
+	}
+OPENSSL_free(linebuf);
+return values;
+
+err:
+OPENSSL_free(linebuf);
+sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
+return NULL;
+
+}
+
+/* Delete leading and trailing spaces from a string */
+static char *strip_spaces(char *name)
+{
+	char *p, *q;
+	/* Skip over leading spaces */
+	p = name;
+	while(*p && isspace((unsigned char)*p)) p++;
+	if(!*p) return NULL;
+	q = p + strlen(p) - 1;
+	while((q != p) && isspace((unsigned char)*q)) q--;
+	if(p != q) q[1] = 0;
+	if(!*p) return NULL;
+	return p;
+}
+
+/* hex string utilities */
+
+/* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
+ * hex representation
+ * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines)
+ */
+
+char *hex_to_string(unsigned char *buffer, long len)
+{
+	char *tmp, *q;
+	unsigned char *p;
+	int i;
+	static char hexdig[] = "0123456789ABCDEF";
+	if(!buffer || !len) return NULL;
+	if(!(tmp = OPENSSL_malloc(len * 3 + 1))) {
+		X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	q = tmp;
+	for(i = 0, p = buffer; i < len; i++,p++) {
+		*q++ = hexdig[(*p >> 4) & 0xf];
+		*q++ = hexdig[*p & 0xf];
+		*q++ = ':';
+	}
+	q[-1] = 0;
+#ifdef CHARSET_EBCDIC
+	ebcdic2ascii(tmp, tmp, q - tmp - 1);
+#endif
+
+	return tmp;
+}
+
+/* Give a string of hex digits convert to
+ * a buffer
+ */
+
+unsigned char *string_to_hex(char *str, long *len)
+{
+	unsigned char *hexbuf, *q;
+	unsigned char ch, cl, *p;
+	if(!str) {
+		X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT);
+		return NULL;
+	}
+	if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err;
+	for(p = (unsigned char *)str, q = hexbuf; *p;) {
+		ch = *p++;
+#ifdef CHARSET_EBCDIC
+		ch = os_toebcdic[ch];
+#endif
+		if(ch == ':') continue;
+		cl = *p++;
+#ifdef CHARSET_EBCDIC
+		cl = os_toebcdic[cl];
+#endif
+		if(!cl) {
+			X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS);
+			OPENSSL_free(hexbuf);
+			return NULL;
+		}
+		if(isupper(ch)) ch = tolower(ch);
+		if(isupper(cl)) cl = tolower(cl);
+
+		if((ch >= '0') && (ch <= '9')) ch -= '0';
+		else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10;
+		else goto badhex;
+
+		if((cl >= '0') && (cl <= '9')) cl -= '0';
+		else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10;
+		else goto badhex;
+
+		*q++ = (ch << 4) | cl;
+	}
+
+	if(len) *len = q - hexbuf;
+
+	return hexbuf;
+
+	err:
+	if(hexbuf) OPENSSL_free(hexbuf);
+	X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE);
+	return NULL;
+
+	badhex:
+	OPENSSL_free(hexbuf);
+	X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT);
+	return NULL;
+
+}
+
+/* V2I name comparison function: returns zero if 'name' matches
+ * cmp or cmp.*
+ */
+
+int name_cmp(const char *name, const char *cmp)
+{
+	int len, ret;
+	char c;
+	len = strlen(cmp);
+	if((ret = strncmp(name, cmp, len))) return ret;
+	c = name[len];
+	if(!c || (c=='.')) return 0;
+	return 1;
+}
+
+static int sk_strcmp(const char * const *a, const char * const *b)
+{
+	return strcmp(*a, *b);
+}
+
+STACK *X509_get1_email(X509 *x)
+{
+	GENERAL_NAMES *gens;
+	STACK *ret;
+	gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+	ret = get_email(X509_get_subject_name(x), gens);
+	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+	return ret;
+}
+
+STACK *X509_REQ_get1_email(X509_REQ *x)
+{
+	GENERAL_NAMES *gens;
+	STACK_OF(X509_EXTENSION) *exts;
+	STACK *ret;
+	exts = X509_REQ_get_extensions(x);
+	gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
+	ret = get_email(X509_REQ_get_subject_name(x), gens);
+	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+	sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+	return ret;
+}
+
+
+static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens)
+{
+	STACK *ret = NULL;
+	X509_NAME_ENTRY *ne;
+	ASN1_IA5STRING *email;
+	GENERAL_NAME *gen;
+	int i;
+	/* Now add any email address(es) to STACK */
+	i = -1;
+	/* First supplied X509_NAME */
+	while((i = X509_NAME_get_index_by_NID(name,
+					 NID_pkcs9_emailAddress, i)) >= 0) {
+		ne = X509_NAME_get_entry(name, i);
+		email = X509_NAME_ENTRY_get_data(ne);
+		if(!append_ia5(&ret, email)) return NULL;
+	}
+	for(i = 0; i < sk_GENERAL_NAME_num(gens); i++)
+	{
+		gen = sk_GENERAL_NAME_value(gens, i);
+		if(gen->type != GEN_EMAIL) continue;
+		if(!append_ia5(&ret, gen->d.ia5)) return NULL;
+	}
+	return ret;
+}
+
+static void str_free(void *str)
+{
+	OPENSSL_free(str);
+}
+
+static int append_ia5(STACK **sk, ASN1_IA5STRING *email)
+{
+	char *emtmp;
+	/* First some sanity checks */
+	if(email->type != V_ASN1_IA5STRING) return 1;
+	if(!email->data || !email->length) return 1;
+	if(!*sk) *sk = sk_new(sk_strcmp);
+	if(!*sk) return 0;
+	/* Don't add duplicates */
+	if(sk_find(*sk, (char *)email->data) != -1) return 1;
+	emtmp = BUF_strdup((char *)email->data);
+	if(!emtmp || !sk_push(*sk, emtmp)) {
+		X509_email_free(*sk);
+		*sk = NULL;
+		return 0;
+	}
+	return 1;
+}
+
+void X509_email_free(STACK *sk)
+{
+	sk_pop_free(sk, str_free);
+}
diff --git a/crypto/x509v3/v3conf.c b/crypto/x509v3/v3conf.c
new file mode 100644
index 0000000000..67ee14f334
--- /dev/null
+++ b/crypto/x509v3/v3conf.c
@@ -0,0 +1,127 @@
+/* v3conf.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+/* Test application to add extensions from a config file */
+
+int main(int argc, char **argv)
+{
+	LHASH *conf;
+	X509 *cert;
+	FILE *inf;
+	char *conf_file;
+	int i;
+	int count;
+	X509_EXTENSION *ext;
+	X509V3_add_standard_extensions();
+	ERR_load_crypto_strings();
+	if(!argv[1]) {
+		fprintf(stderr, "Usage: v3conf cert.pem [file.cnf]\n");
+		exit(1);
+	}
+	conf_file = argv[2];
+	if(!conf_file) conf_file = "test.cnf";
+	conf = CONF_load(NULL, "test.cnf", NULL);
+	if(!conf) {
+		fprintf(stderr, "Error opening Config file %s\n", conf_file);
+		ERR_print_errors_fp(stderr);
+		exit(1);
+	}
+
+	inf = fopen(argv[1], "r");
+	if(!inf) {
+		fprintf(stderr, "Can't open certificate file %s\n", argv[1]);
+		exit(1);
+	}
+	cert = PEM_read_X509(inf, NULL, NULL);
+	if(!cert) {
+		fprintf(stderr, "Error reading certificate file %s\n", argv[1]);
+		exit(1);
+	}
+	fclose(inf);
+
+	sk_pop_free(cert->cert_info->extensions, X509_EXTENSION_free);
+	cert->cert_info->extensions = NULL;
+
+	if(!X509V3_EXT_add_conf(conf, NULL, "test_section", cert)) {
+		fprintf(stderr, "Error adding extensions\n");
+		ERR_print_errors_fp(stderr);
+		exit(1);
+	}
+
+	count = X509_get_ext_count(cert);
+	printf("%d extensions\n", count);
+	for(i = 0; i < count; i++) {
+		ext = X509_get_ext(cert, i);
+		printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+		if(ext->critical) printf(",critical:\n");
+		else printf(":\n");
+		X509V3_EXT_print_fp(stdout, ext, 0);
+		printf("\n");
+		
+	}
+	return 0;
+}
+
diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c
new file mode 100644
index 0000000000..3cb543e629
--- /dev/null
+++ b/crypto/x509v3/v3err.c
@@ -0,0 +1,182 @@
+/* crypto/x509v3/v3err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA X509V3_str_functs[]=
+	{
+{ERR_PACK(0,X509V3_F_COPY_EMAIL,0),	"COPY_EMAIL"},
+{ERR_PACK(0,X509V3_F_COPY_ISSUER,0),	"COPY_ISSUER"},
+{ERR_PACK(0,X509V3_F_DO_EXT_CONF,0),	"DO_EXT_CONF"},
+{ERR_PACK(0,X509V3_F_DO_EXT_I2D,0),	"DO_EXT_I2D"},
+{ERR_PACK(0,X509V3_F_HEX_TO_STRING,0),	"hex_to_string"},
+{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0),	"i2s_ASN1_ENUMERATED"},
+{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0),	"i2s_ASN1_INTEGER"},
+{ERR_PACK(0,X509V3_F_I2V_AUTHORITY_INFO_ACCESS,0),	"I2V_AUTHORITY_INFO_ACCESS"},
+{ERR_PACK(0,X509V3_F_NOTICE_SECTION,0),	"NOTICE_SECTION"},
+{ERR_PACK(0,X509V3_F_NREF_NOS,0),	"NREF_NOS"},
+{ERR_PACK(0,X509V3_F_POLICY_SECTION,0),	"POLICY_SECTION"},
+{ERR_PACK(0,X509V3_F_R2I_CERTPOL,0),	"R2I_CERTPOL"},
+{ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0),	"S2I_ASN1_IA5STRING"},
+{ERR_PACK(0,X509V3_F_S2I_ASN1_INTEGER,0),	"s2i_ASN1_INTEGER"},
+{ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0),	"s2i_ASN1_OCTET_STRING"},
+{ERR_PACK(0,X509V3_F_S2I_ASN1_SKEY_ID,0),	"S2I_ASN1_SKEY_ID"},
+{ERR_PACK(0,X509V3_F_S2I_S2I_SKEY_ID,0),	"S2I_S2I_SKEY_ID"},
+{ERR_PACK(0,X509V3_F_STRING_TO_HEX,0),	"string_to_hex"},
+{ERR_PACK(0,X509V3_F_SXNET_ADD_ASC,0),	"SXNET_ADD_ASC"},
+{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_INTEGER,0),	"SXNET_add_id_INTEGER"},
+{ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0),	"SXNET_add_id_ulong"},
+{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0),	"SXNET_get_id_asc"},
+{ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0),	"SXNET_get_id_ulong"},
+{ERR_PACK(0,X509V3_F_V2I_ACCESS_DESCRIPTION,0),	"V2I_ACCESS_DESCRIPTION"},
+{ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0),	"V2I_ASN1_BIT_STRING"},
+{ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0),	"V2I_AUTHORITY_KEYID"},
+{ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0),	"V2I_BASIC_CONSTRAINTS"},
+{ERR_PACK(0,X509V3_F_V2I_CRLD,0),	"V2I_CRLD"},
+{ERR_PACK(0,X509V3_F_V2I_EXT_KU,0),	"V2I_EXT_KU"},
+{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0),	"v2i_GENERAL_NAME"},
+{ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0),	"v2i_GENERAL_NAMES"},
+{ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0),	"V3_GENERIC_EXTENSION"},
+{ERR_PACK(0,X509V3_F_X509V3_ADD_I2D,0),	"X509V3_ADD_I2D"},
+{ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0),	"X509V3_add_value"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0),	"X509V3_EXT_add"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0),	"X509V3_EXT_add_alias"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_CONF,0),	"X509V3_EXT_conf"},
+{ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0),	"X509V3_EXT_i2d"},
+{ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0),	"X509V3_get_value_bool"},
+{ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0),	"X509V3_parse_list"},
+{ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0),	"X509_PURPOSE_add"},
+{ERR_PACK(0,X509V3_F_X509_PURPOSE_SET,0),	"X509_PURPOSE_set"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA X509V3_str_reasons[]=
+	{
+{X509V3_R_BAD_IP_ADDRESS                 ,"bad ip address"},
+{X509V3_R_BAD_OBJECT                     ,"bad object"},
+{X509V3_R_BN_DEC2BN_ERROR                ,"bn dec2bn error"},
+{X509V3_R_BN_TO_ASN1_INTEGER_ERROR       ,"bn to asn1 integer error"},
+{X509V3_R_DUPLICATE_ZONE_ID              ,"duplicate zone id"},
+{X509V3_R_ERROR_CONVERTING_ZONE          ,"error converting zone"},
+{X509V3_R_ERROR_CREATING_EXTENSION       ,"error creating extension"},
+{X509V3_R_ERROR_IN_EXTENSION             ,"error in extension"},
+{X509V3_R_EXPECTED_A_SECTION_NAME        ,"expected a section name"},
+{X509V3_R_EXTENSION_EXISTS               ,"extension exists"},
+{X509V3_R_EXTENSION_NAME_ERROR           ,"extension name error"},
+{X509V3_R_EXTENSION_NOT_FOUND            ,"extension not found"},
+{X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"},
+{X509V3_R_EXTENSION_VALUE_ERROR          ,"extension value error"},
+{X509V3_R_ILLEGAL_HEX_DIGIT              ,"illegal hex digit"},
+{X509V3_R_INVALID_BOOLEAN_STRING         ,"invalid boolean string"},
+{X509V3_R_INVALID_EXTENSION_STRING       ,"invalid extension string"},
+{X509V3_R_INVALID_NAME                   ,"invalid name"},
+{X509V3_R_INVALID_NULL_ARGUMENT          ,"invalid null argument"},
+{X509V3_R_INVALID_NULL_NAME              ,"invalid null name"},
+{X509V3_R_INVALID_NULL_VALUE             ,"invalid null value"},
+{X509V3_R_INVALID_NUMBER                 ,"invalid number"},
+{X509V3_R_INVALID_NUMBERS                ,"invalid numbers"},
+{X509V3_R_INVALID_OBJECT_IDENTIFIER      ,"invalid object identifier"},
+{X509V3_R_INVALID_OPTION                 ,"invalid option"},
+{X509V3_R_INVALID_POLICY_IDENTIFIER      ,"invalid policy identifier"},
+{X509V3_R_INVALID_PURPOSE                ,"invalid purpose"},
+{X509V3_R_INVALID_SECTION                ,"invalid section"},
+{X509V3_R_INVALID_SYNTAX                 ,"invalid syntax"},
+{X509V3_R_ISSUER_DECODE_ERROR            ,"issuer decode error"},
+{X509V3_R_MISSING_VALUE                  ,"missing value"},
+{X509V3_R_NEED_ORGANIZATION_AND_NUMBERS  ,"need organization and numbers"},
+{X509V3_R_NO_CONFIG_DATABASE             ,"no config database"},
+{X509V3_R_NO_ISSUER_CERTIFICATE          ,"no issuer certificate"},
+{X509V3_R_NO_ISSUER_DETAILS              ,"no issuer details"},
+{X509V3_R_NO_POLICY_IDENTIFIER           ,"no policy identifier"},
+{X509V3_R_NO_PUBLIC_KEY                  ,"no public key"},
+{X509V3_R_NO_SUBJECT_DETAILS             ,"no subject details"},
+{X509V3_R_ODD_NUMBER_OF_DIGITS           ,"odd number of digits"},
+{X509V3_R_OTHERNAME_ERROR                ,"othername error"},
+{X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS   ,"unable to get issuer details"},
+{X509V3_R_UNABLE_TO_GET_ISSUER_KEYID     ,"unable to get issuer keyid"},
+{X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT    ,"unknown bit string argument"},
+{X509V3_R_UNKNOWN_EXTENSION              ,"unknown extension"},
+{X509V3_R_UNKNOWN_EXTENSION_NAME         ,"unknown extension name"},
+{X509V3_R_UNKNOWN_OPTION                 ,"unknown option"},
+{X509V3_R_UNSUPPORTED_OPTION             ,"unsupported option"},
+{X509V3_R_USER_TOO_LONG                  ,"user too long"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_X509V3_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs);
+		ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons);
+#endif
+
+		}
+	}
diff --git a/crypto/x509v3/v3prin.c b/crypto/x509v3/v3prin.c
new file mode 100644
index 0000000000..b529814319
--- /dev/null
+++ b/crypto/x509v3/v3prin.c
@@ -0,0 +1,99 @@
+/* v3prin.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+int main(int argc, char **argv)
+{
+	X509 *cert;
+	FILE *inf;
+	int i, count;
+	X509_EXTENSION *ext;
+	X509V3_add_standard_extensions();
+	ERR_load_crypto_strings();
+	if(!argv[1]) {
+		fprintf(stderr, "Usage v3prin cert.pem\n");
+		exit(1);
+	}
+	if(!(inf = fopen(argv[1], "r"))) {
+		fprintf(stderr, "Can't open %s\n", argv[1]);
+		exit(1);
+	}
+	if(!(cert = PEM_read_X509(inf, NULL, NULL))) {
+		fprintf(stderr, "Can't read certificate %s\n", argv[1]);
+		ERR_print_errors_fp(stderr);
+		exit(1);
+	}
+	fclose(inf);
+	count = X509_get_ext_count(cert);
+	printf("%d extensions\n", count);
+	for(i = 0; i < count; i++) {
+		ext = X509_get_ext(cert, i);
+		printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+		if(!X509V3_EXT_print_fp(stdout, ext, 0, 0)) ERR_print_errors_fp(stderr);
+		printf("\n");
+		
+	}
+	return 0;
+}
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index d7945bc9cd..e1334b4717 100644
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -1,87 +1,655 @@
-/* crypto/x509v3/x509v3.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* x509v3.h */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#ifndef HEADER_X509V3_H
+#define HEADER_X509V3_H
+
+#include <openssl/bio.h>
+#include <openssl/x509.h>
+#include <openssl/conf.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Forward reference */
+struct v3_ext_method;
+struct v3_ext_ctx;
+
+/* Useful typedefs */
+
+typedef void * (*X509V3_EXT_NEW)(void);
+typedef void (*X509V3_EXT_FREE)(void *);
+typedef void * (*X509V3_EXT_D2I)(void *, unsigned char ** , long);
+typedef int (*X509V3_EXT_I2D)(void *, unsigned char **);
+typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist);
+typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values);
+typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext);
+typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
+typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent);
+typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
+
+/* V3 extension structure */
+
+struct v3_ext_method {
+int ext_nid;
+int ext_flags;
+/* If this is set the following four fields are ignored */
+ASN1_ITEM_EXP *it;
+/* Old style ASN1 calls */
+X509V3_EXT_NEW ext_new;
+X509V3_EXT_FREE ext_free;
+X509V3_EXT_D2I d2i;
+X509V3_EXT_I2D i2d;
+
+/* The following pair is used for string extensions */
+X509V3_EXT_I2S i2s;
+X509V3_EXT_S2I s2i;
+
+/* The following pair is used for multi-valued extensions */
+X509V3_EXT_I2V i2v;
+X509V3_EXT_V2I v2i;
+
+/* The following are used for raw extensions */
+X509V3_EXT_I2R i2r;
+X509V3_EXT_R2I r2i;
+
+void *usr_data;	/* Any extension specific data */
+};
+
+typedef struct X509V3_CONF_METHOD_st {
+char * (*get_string)(void *db, char *section, char *value);
+STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
+void (*free_string)(void *db, char * string);
+void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
+} X509V3_CONF_METHOD;
+
+/* Context specific info */
+struct v3_ext_ctx {
+#define CTX_TEST 0x1
+int flags;
+X509 *issuer_cert;
+X509 *subject_cert;
+X509_REQ *subject_req;
+X509_CRL *crl;
+X509V3_CONF_METHOD *db_meth;
+void *db;
+/* Maybe more here */
+};
+
+typedef struct v3_ext_method X509V3_EXT_METHOD;
+
+DECLARE_STACK_OF(X509V3_EXT_METHOD)
+
+/* ext_flags values */
+#define X509V3_EXT_DYNAMIC	0x1
+#define X509V3_EXT_CTX_DEP	0x2
+#define X509V3_EXT_MULTILINE	0x4
+
+typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
+
+typedef struct BASIC_CONSTRAINTS_st {
+int ca;
+ASN1_INTEGER *pathlen;
+} BASIC_CONSTRAINTS;
+
+
+typedef struct PKEY_USAGE_PERIOD_st {
+ASN1_GENERALIZEDTIME *notBefore;
+ASN1_GENERALIZEDTIME *notAfter;
+} PKEY_USAGE_PERIOD;
+
+typedef struct otherName_st {
+ASN1_OBJECT *type_id;
+ASN1_TYPE *value;
+} OTHERNAME;
+
+typedef struct EDIPartyName_st {
+	ASN1_STRING *nameAssigner;
+	ASN1_STRING *partyName;
+} EDIPARTYNAME;
+
+typedef struct GENERAL_NAME_st {
+
+#define GEN_OTHERNAME	0
+#define GEN_EMAIL	1
+#define GEN_DNS		2
+#define GEN_X400	3
+#define GEN_DIRNAME	4
+#define GEN_EDIPARTY	5
+#define GEN_URI		6
+#define GEN_IPADD	7
+#define GEN_RID		8
+
+int type;
+union {
+	char *ptr;
+	OTHERNAME *otherName; /* otherName */
+	ASN1_IA5STRING *rfc822Name;
+	ASN1_IA5STRING *dNSName;
+	ASN1_TYPE *x400Address;
+	X509_NAME *directoryName;
+	EDIPARTYNAME *ediPartyName;
+	ASN1_IA5STRING *uniformResourceIdentifier;
+	ASN1_OCTET_STRING *iPAddress;
+	ASN1_OBJECT *registeredID;
+
+	/* Old names */
+	ASN1_OCTET_STRING *ip; /* iPAddress */
+	X509_NAME *dirn;		/* dirn */
+	ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */
+	ASN1_OBJECT *rid; /* registeredID */
+	ASN1_TYPE *other; /* x400Address */
+} d;
+} GENERAL_NAME;
+
+typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
+
+typedef struct ACCESS_DESCRIPTION_st {
+	ASN1_OBJECT *method;
+	GENERAL_NAME *location;
+} ACCESS_DESCRIPTION;
+
+typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
+
+typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
+
+DECLARE_STACK_OF(GENERAL_NAME)
+DECLARE_ASN1_SET_OF(GENERAL_NAME)
+
+DECLARE_STACK_OF(ACCESS_DESCRIPTION)
+DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)
+
+typedef struct DIST_POINT_NAME_st {
+int type;
+union {
+	GENERAL_NAMES *fullname;
+	STACK_OF(X509_NAME_ENTRY) *relativename;
+} name;
+} DIST_POINT_NAME;
+
+typedef struct DIST_POINT_st {
+DIST_POINT_NAME	*distpoint;
+ASN1_BIT_STRING *reasons;
+GENERAL_NAMES *CRLissuer;
+} DIST_POINT;
+
+typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
+
+DECLARE_STACK_OF(DIST_POINT)
+DECLARE_ASN1_SET_OF(DIST_POINT)
+
+typedef struct AUTHORITY_KEYID_st {
+ASN1_OCTET_STRING *keyid;
+GENERAL_NAMES *issuer;
+ASN1_INTEGER *serial;
+} AUTHORITY_KEYID;
+
+/* Strong extranet structures */
+
+typedef struct SXNET_ID_st {
+	ASN1_INTEGER *zone;
+	ASN1_OCTET_STRING *user;
+} SXNETID;
+
+DECLARE_STACK_OF(SXNETID)
+DECLARE_ASN1_SET_OF(SXNETID)
+
+typedef struct SXNET_st {
+	ASN1_INTEGER *version;
+	STACK_OF(SXNETID) *ids;
+} SXNET;
+
+typedef struct NOTICEREF_st {
+	ASN1_STRING *organization;
+	STACK_OF(ASN1_INTEGER) *noticenos;
+} NOTICEREF;
+
+typedef struct USERNOTICE_st {
+	NOTICEREF *noticeref;
+	ASN1_STRING *exptext;
+} USERNOTICE;
+
+typedef struct POLICYQUALINFO_st {
+	ASN1_OBJECT *pqualid;
+	union {
+		ASN1_IA5STRING *cpsuri;
+		USERNOTICE *usernotice;
+		ASN1_TYPE *other;
+	} d;
+} POLICYQUALINFO;
+
+DECLARE_STACK_OF(POLICYQUALINFO)
+DECLARE_ASN1_SET_OF(POLICYQUALINFO)
+
+typedef struct POLICYINFO_st {
+	ASN1_OBJECT *policyid;
+	STACK_OF(POLICYQUALINFO) *qualifiers;
+} POLICYINFO;
+
+typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
+
+DECLARE_STACK_OF(POLICYINFO)
+DECLARE_ASN1_SET_OF(POLICYINFO)
+
+#define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
+",name:", val->name, ",value:", val->value);
+
+#define X509V3_set_ctx_test(ctx) \
+			X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
+#define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
+
+#define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
+			0,0,0,0, \
+			0,0, \
+			(X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
+			(X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
+			NULL, NULL, \
+			table}
+
+#define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
+			0,0,0,0, \
+			(X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
+			(X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
+			0,0,0,0, \
+			NULL}
+
+#define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
+
+
+/* X509_PURPOSE stuff */
+
+#define EXFLAG_BCONS		0x1
+#define EXFLAG_KUSAGE		0x2
+#define EXFLAG_XKUSAGE		0x4
+#define EXFLAG_NSCERT		0x8
+
+#define EXFLAG_CA		0x10
+#define EXFLAG_SS		0x20
+#define EXFLAG_V1		0x40
+#define EXFLAG_INVALID		0x80
+#define EXFLAG_SET		0x100
+#define EXFLAG_CRITICAL		0x200
+
+#define KU_DIGITAL_SIGNATURE	0x0080
+#define KU_NON_REPUDIATION	0x0040
+#define KU_KEY_ENCIPHERMENT	0x0020
+#define KU_DATA_ENCIPHERMENT	0x0010
+#define KU_KEY_AGREEMENT	0x0008
+#define KU_KEY_CERT_SIGN	0x0004
+#define KU_CRL_SIGN		0x0002
+#define KU_ENCIPHER_ONLY	0x0001
+#define KU_DECIPHER_ONLY	0x8000
+
+#define NS_SSL_CLIENT		0x80
+#define NS_SSL_SERVER		0x40
+#define NS_SMIME		0x20
+#define NS_OBJSIGN		0x10
+#define NS_SSL_CA		0x04
+#define NS_SMIME_CA		0x02
+#define NS_OBJSIGN_CA		0x01
+#define NS_ANY_CA		(NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
+
+#define XKU_SSL_SERVER		0x1	
+#define XKU_SSL_CLIENT		0x2
+#define XKU_SMIME		0x4
+#define XKU_CODE_SIGN		0x8
+#define XKU_SGC			0x10
+#define XKU_OCSP_SIGN		0x20
+#define XKU_TIMESTAMP		0x40
+
+#define X509_PURPOSE_DYNAMIC	0x1
+#define X509_PURPOSE_DYNAMIC_NAME	0x2
+
+typedef struct x509_purpose_st {
+	int purpose;
+	int trust;		/* Default trust ID */
+	int flags;
+	int (*check_purpose)(const struct x509_purpose_st *,
+				const X509 *, int);
+	char *name;
+	char *sname;
+	void *usr_data;
+} X509_PURPOSE;
+
+#define X509_PURPOSE_SSL_CLIENT		1
+#define X509_PURPOSE_SSL_SERVER		2
+#define X509_PURPOSE_NS_SSL_SERVER	3
+#define X509_PURPOSE_SMIME_SIGN		4
+#define X509_PURPOSE_SMIME_ENCRYPT	5
+#define X509_PURPOSE_CRL_SIGN		6
+#define X509_PURPOSE_ANY		7
+#define X509_PURPOSE_OCSP_HELPER	8
+
+#define X509_PURPOSE_MIN		1
+#define X509_PURPOSE_MAX		8
+
+/* Flags for X509V3_EXT_print() */
+
+#define X509V3_EXT_UNKNOWN_MASK		(0xfL << 16)
+/* Return error for unknown extensions */
+#define X509V3_EXT_DEFAULT		0
+/* Print error for unknown extensions */
+#define X509V3_EXT_ERROR_UNKNOWN	(1L << 16)
+/* ASN1 parse unknown extensions */
+#define X509V3_EXT_PARSE_UNKNOWN	(2L << 16)
+/* BIO_dump unknown extensions */
+#define X509V3_EXT_DUMP_UNKNOWN		(3L << 16)
+
+/* Flags for X509V3_add1_i2d */
+
+#define X509V3_ADD_OP_MASK		0xfL
+#define X509V3_ADD_DEFAULT		0L
+#define X509V3_ADD_APPEND		1L
+#define X509V3_ADD_REPLACE		2L
+#define X509V3_ADD_REPLACE_EXISTING	3L
+#define X509V3_ADD_KEEP_EXISTING	4L
+#define X509V3_ADD_DELETE		5L
+#define X509V3_ADD_SILENT		0x10
+
+DECLARE_STACK_OF(X509_PURPOSE)
+
+DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
+
+DECLARE_ASN1_FUNCTIONS(SXNET)
+DECLARE_ASN1_FUNCTIONS(SXNETID)
+
+int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); 
+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); 
+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen); 
+
+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone);
+ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
+ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
+
+DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
+
+DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
+
+DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret);
+int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
+
+DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+		GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist);
+GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+
+DECLARE_ASN1_FUNCTIONS(OTHERNAME)
+DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
+
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5);
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
+
+DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
+int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);
+
+DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
+DECLARE_ASN1_FUNCTIONS(POLICYINFO)
+DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
+DECLARE_ASN1_FUNCTIONS(USERNOTICE)
+DECLARE_ASN1_FUNCTIONS(NOTICEREF)
+
+DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
+DECLARE_ASN1_FUNCTIONS(DIST_POINT)
+DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
+
+DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
+DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
+
+#ifdef HEADER_CONF_H
+GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
+void X509V3_conf_free(CONF_VALUE *val);
+
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value);
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value);
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk);
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert);
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
+
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value);
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value);
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert);
+int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req);
+int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl);
+
+int X509V3_add_value_bool_nf(char *name, int asn1_bool,
+						STACK_OF(CONF_VALUE) **extlist);
+int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
+int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
+#endif
+
+char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
+STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
+void X509V3_string_free(X509V3_CTX *ctx, char *str);
+void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
+				 X509_REQ *req, X509_CRL *crl, int flags);
+
+int X509V3_add_value(const char *name, const char *value,
+						STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+						STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+						STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
+						STACK_OF(CONF_VALUE) **extlist);
+char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
+ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
+char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
+char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
+int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
+int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
+int X509V3_EXT_add_alias(int nid_to, int nid_from);
+void X509V3_EXT_cleanup(void);
+
+X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
+X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
+int X509V3_add_standard_extensions(void);
+STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
+void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
+
+
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
+int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags);
+
+char *hex_to_string(unsigned char *buffer, long len);
+unsigned char *string_to_hex(char *str, long *len);
+int name_cmp(const char *name, const char *cmp);
+
+void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
+								 int ml);
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
+int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
+
+int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent);
+
+int X509_check_purpose(X509 *x, int id, int ca);
+int X509_supported_extension(X509_EXTENSION *ex);
+int X509_PURPOSE_set(int *p, int purpose);
+int X509_check_issued(X509 *issuer, X509 *subject);
+int X509_PURPOSE_get_count(void);
+X509_PURPOSE * X509_PURPOSE_get0(int idx);
+int X509_PURPOSE_get_by_sname(char *sname);
+int X509_PURPOSE_get_by_id(int id);
+int X509_PURPOSE_add(int id, int trust, int flags,
+			int (*ck)(const X509_PURPOSE *, const X509 *, int),
+				char *name, char *sname, void *arg);
+char *X509_PURPOSE_get0_name(X509_PURPOSE *xp);
+char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp);
+int X509_PURPOSE_get_trust(X509_PURPOSE *xp);
+void X509_PURPOSE_cleanup(void);
+int X509_PURPOSE_get_id(X509_PURPOSE *);
+
+STACK *X509_get1_email(X509 *x);
+STACK *X509_REQ_get1_email(X509_REQ *x);
+void X509_email_free(STACK *sk);
+
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
  */
-#define X509v3_N_KU_digitalSignature	0
-#define X509v3_N_KU_nonRepudiation	1
-#define X509v3_N_KU_keyEncipherment	2
-#define X509v3_N_KU_dataEncipherment	3
-#define X509v3_N_KU_keyAgreement	4
-#define X509v3_N_KU_keyCertSign		5
-#define X509v3_N_KU_cRLSign		6
-#define X509v3_N_KU_encipherOnly	7
-#define X509v3_N_KU_decipherOnly	8
-#define X509v3_N_KU_NUM			9
-#define X509v3_S_KU_digitalSignature	"digitalSignature"
-#define X509v3_S_KU_nonRepudiation	"nonRepudiation"
-#define X509v3_S_KU_keyEncipherment	"keyEncipherment"
-#define X509v3_S_KU_dataEncipherment	"dataEncipherment"
-#define X509v3_S_KU_keyAgreement	"keyAgreement"
-#define X509v3_S_KU_keyCertSign		"keyCertSign"
-#define X509v3_S_KU_cRLSign		"cRLSign"
-#define X509v3_S_KU_encipherOnly	"encipherOnly"
-#define X509v3_S_KU_decipherOnly	"decipherOnly"
-
-
-void X509_ex_clear(X509_EXTENSION *a);
-int X509_ex_get_bool(X509_EXTENSION *a,int num);
-int X509_ex_set_bool(X509_EXTENSION *a,int num,int value);
-int X509_ex_get_str(X509_EXTENSION *a,int index,char **p,int *len);
-int X509_ex_set_str(X509_EXTENSION *a,int oid,int index,char *p,int len);
-char *X509_ex_get_struct(X509_EXTENSION *a,int oid,int index,char **p);
-int X509_ex_set_struct(X509_EXTENSION *a,int index,char *p);
-int a2i_X509_EXTENSION(BIO *bp,X509_EXTENSION *a,char *buf,int len);
-int i2a_X509_EXTENSION(BIO *bp,X509_EXTENSION *a);
+void ERR_load_X509V3_strings(void);
+
+/* Error codes for the X509V3 functions. */
+
+/* Function codes. */
+#define X509V3_F_COPY_EMAIL				 122
+#define X509V3_F_COPY_ISSUER				 123
+#define X509V3_F_DO_EXT_CONF				 124
+#define X509V3_F_DO_EXT_I2D				 135
+#define X509V3_F_HEX_TO_STRING				 111
+#define X509V3_F_I2S_ASN1_ENUMERATED			 121
+#define X509V3_F_I2S_ASN1_INTEGER			 120
+#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS		 138
+#define X509V3_F_NOTICE_SECTION				 132
+#define X509V3_F_NREF_NOS				 133
+#define X509V3_F_POLICY_SECTION				 131
+#define X509V3_F_R2I_CERTPOL				 130
+#define X509V3_F_S2I_ASN1_IA5STRING			 100
+#define X509V3_F_S2I_ASN1_INTEGER			 108
+#define X509V3_F_S2I_ASN1_OCTET_STRING			 112
+#define X509V3_F_S2I_ASN1_SKEY_ID			 114
+#define X509V3_F_S2I_S2I_SKEY_ID			 115
+#define X509V3_F_STRING_TO_HEX				 113
+#define X509V3_F_SXNET_ADD_ASC				 125
+#define X509V3_F_SXNET_ADD_ID_INTEGER			 126
+#define X509V3_F_SXNET_ADD_ID_ULONG			 127
+#define X509V3_F_SXNET_GET_ID_ASC			 128
+#define X509V3_F_SXNET_GET_ID_ULONG			 129
+#define X509V3_F_V2I_ACCESS_DESCRIPTION			 139
+#define X509V3_F_V2I_ASN1_BIT_STRING			 101
+#define X509V3_F_V2I_AUTHORITY_KEYID			 119
+#define X509V3_F_V2I_BASIC_CONSTRAINTS			 102
+#define X509V3_F_V2I_CRLD				 134
+#define X509V3_F_V2I_EXT_KU				 103
+#define X509V3_F_V2I_GENERAL_NAME			 117
+#define X509V3_F_V2I_GENERAL_NAMES			 118
+#define X509V3_F_V3_GENERIC_EXTENSION			 116
+#define X509V3_F_X509V3_ADD_I2D				 140
+#define X509V3_F_X509V3_ADD_VALUE			 105
+#define X509V3_F_X509V3_EXT_ADD				 104
+#define X509V3_F_X509V3_EXT_ADD_ALIAS			 106
+#define X509V3_F_X509V3_EXT_CONF			 107
+#define X509V3_F_X509V3_EXT_I2D				 136
+#define X509V3_F_X509V3_GET_VALUE_BOOL			 110
+#define X509V3_F_X509V3_PARSE_LIST			 109
+#define X509V3_F_X509_PURPOSE_ADD			 137
+#define X509V3_F_X509_PURPOSE_SET			 141
+
+/* Reason codes. */
+#define X509V3_R_BAD_IP_ADDRESS				 118
+#define X509V3_R_BAD_OBJECT				 119
+#define X509V3_R_BN_DEC2BN_ERROR			 100
+#define X509V3_R_BN_TO_ASN1_INTEGER_ERROR		 101
+#define X509V3_R_DUPLICATE_ZONE_ID			 133
+#define X509V3_R_ERROR_CONVERTING_ZONE			 131
+#define X509V3_R_ERROR_CREATING_EXTENSION		 144
+#define X509V3_R_ERROR_IN_EXTENSION			 128
+#define X509V3_R_EXPECTED_A_SECTION_NAME		 137
+#define X509V3_R_EXTENSION_EXISTS			 145
+#define X509V3_R_EXTENSION_NAME_ERROR			 115
+#define X509V3_R_EXTENSION_NOT_FOUND			 102
+#define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED	 103
+#define X509V3_R_EXTENSION_VALUE_ERROR			 116
+#define X509V3_R_ILLEGAL_HEX_DIGIT			 113
+#define X509V3_R_INVALID_BOOLEAN_STRING			 104
+#define X509V3_R_INVALID_EXTENSION_STRING		 105
+#define X509V3_R_INVALID_NAME				 106
+#define X509V3_R_INVALID_NULL_ARGUMENT			 107
+#define X509V3_R_INVALID_NULL_NAME			 108
+#define X509V3_R_INVALID_NULL_VALUE			 109
+#define X509V3_R_INVALID_NUMBER				 140
+#define X509V3_R_INVALID_NUMBERS			 141
+#define X509V3_R_INVALID_OBJECT_IDENTIFIER		 110
+#define X509V3_R_INVALID_OPTION				 138
+#define X509V3_R_INVALID_POLICY_IDENTIFIER		 134
+#define X509V3_R_INVALID_PURPOSE			 146
+#define X509V3_R_INVALID_SECTION			 135
+#define X509V3_R_INVALID_SYNTAX				 143
+#define X509V3_R_ISSUER_DECODE_ERROR			 126
+#define X509V3_R_MISSING_VALUE				 124
+#define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS		 142
+#define X509V3_R_NO_CONFIG_DATABASE			 136
+#define X509V3_R_NO_ISSUER_CERTIFICATE			 121
+#define X509V3_R_NO_ISSUER_DETAILS			 127
+#define X509V3_R_NO_POLICY_IDENTIFIER			 139
+#define X509V3_R_NO_PUBLIC_KEY				 114
+#define X509V3_R_NO_SUBJECT_DETAILS			 125
+#define X509V3_R_ODD_NUMBER_OF_DIGITS			 112
+#define X509V3_R_OTHERNAME_ERROR			 147
+#define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS		 122
+#define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID		 123
+#define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT		 111
+#define X509V3_R_UNKNOWN_EXTENSION			 129
+#define X509V3_R_UNKNOWN_EXTENSION_NAME			 130
+#define X509V3_R_UNKNOWN_OPTION				 120
+#define X509V3_R_UNSUPPORTED_OPTION			 117
+#define X509V3_R_USER_TOO_LONG				 132
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/demos/README b/demos/README
index 769965ab83..d2155ef973 100644
--- a/demos/README
+++ b/demos/README
@@ -1,3 +1,9 @@
+NOTE: Don't expect any of these programs to work with current
+OpenSSL releases, or even with later SSLeay releases.
+
+Original README:
+=============================================================================
+
 Some demo programs sent to me by various people
 
 eric
diff --git a/demos/asn1/README.ASN1 b/demos/asn1/README.ASN1
new file mode 100644
index 0000000000..ac497be184
--- /dev/null
+++ b/demos/asn1/README.ASN1
@@ -0,0 +1,7 @@
+This is a demo of the new ASN1 code. Its an OCSP ASN1 module. Doesn't
+do much yet other than demonstrate what the new ASN1 modules might look
+like.
+
+It wont even compile yet: the new code isn't in place.
+
+
diff --git a/demos/asn1/ocsp.c b/demos/asn1/ocsp.c
new file mode 100644
index 0000000000..0199fe1004
--- /dev/null
+++ b/demos/asn1/ocsp.c
@@ -0,0 +1,366 @@
+/* ocsp.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+
+
+
+/* Example of new ASN1 code, OCSP request
+
+	OCSPRequest     ::=     SEQUENCE {
+	    tbsRequest                  TBSRequest,
+	    optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
+
+	TBSRequest      ::=     SEQUENCE {
+	    version             [0] EXPLICIT Version DEFAULT v1,
+	    requestorName       [1] EXPLICIT GeneralName OPTIONAL,
+	    requestList             SEQUENCE OF Request,
+	    requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
+
+	Signature       ::=     SEQUENCE {
+	    signatureAlgorithm   AlgorithmIdentifier,
+	    signature            BIT STRING,
+	    certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+
+	Version  ::=  INTEGER  {  v1(0) }
+
+	Request ::=     SEQUENCE {
+	    reqCert                    CertID,
+	    singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
+
+	CertID ::= SEQUENCE {
+	    hashAlgorithm            AlgorithmIdentifier,
+	    issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
+	    issuerKeyHash      OCTET STRING, -- Hash of Issuers public key
+	    serialNumber       CertificateSerialNumber }
+
+	OCSPResponse ::= SEQUENCE {
+	   responseStatus         OCSPResponseStatus,
+	   responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
+
+	OCSPResponseStatus ::= ENUMERATED {
+	    successful            (0),      --Response has valid confirmations
+	    malformedRequest      (1),      --Illegal confirmation request
+	    internalError         (2),      --Internal error in issuer
+	    tryLater              (3),      --Try again later
+					    --(4) is not used
+	    sigRequired           (5),      --Must sign the request
+	    unauthorized          (6)       --Request unauthorized
+	}
+
+	ResponseBytes ::=       SEQUENCE {
+	    responseType   OBJECT IDENTIFIER,
+	    response       OCTET STRING }
+
+	BasicOCSPResponse       ::= SEQUENCE {
+	   tbsResponseData      ResponseData,
+	   signatureAlgorithm   AlgorithmIdentifier,
+	   signature            BIT STRING,
+	   certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+
+	ResponseData ::= SEQUENCE {
+	   version              [0] EXPLICIT Version DEFAULT v1,
+	   responderID              ResponderID,
+	   producedAt               GeneralizedTime,
+	   responses                SEQUENCE OF SingleResponse,
+	   responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
+
+	ResponderID ::= CHOICE {
+	   byName   [1] Name,    --EXPLICIT
+	   byKey    [2] KeyHash }
+
+	KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
+				 --(excluding the tag and length fields)
+
+	SingleResponse ::= SEQUENCE {
+	   certID                       CertID,
+	   certStatus                   CertStatus,
+	   thisUpdate                   GeneralizedTime,
+	   nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
+	   singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
+
+	CertStatus ::= CHOICE {
+	    good                [0]     IMPLICIT NULL,
+	    revoked             [1]     IMPLICIT RevokedInfo,
+	    unknown             [2]     IMPLICIT UnknownInfo }
+
+	RevokedInfo ::= SEQUENCE {
+	    revocationTime              GeneralizedTime,
+	    revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
+
+	UnknownInfo ::= NULL -- this can be replaced with an enumeration
+
+	ArchiveCutoff ::= GeneralizedTime
+
+	AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
+
+	ServiceLocator ::= SEQUENCE {
+	    issuer    Name,
+	    locator   AuthorityInfoAccessSyntax }
+
+	-- Object Identifiers
+
+	id-kp-OCSPSigning            OBJECT IDENTIFIER ::= { id-kp 9 }
+	id-pkix-ocsp                 OBJECT IDENTIFIER ::= { id-ad-ocsp }
+	id-pkix-ocsp-basic           OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
+	id-pkix-ocsp-nonce           OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
+	id-pkix-ocsp-crl             OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
+	id-pkix-ocsp-response        OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
+	id-pkix-ocsp-nocheck         OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
+	id-pkix-ocsp-archive-cutoff  OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
+	id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
+
+*/
+
+/* Request Structures */
+
+DECLARE_STACK_OF(Request)
+
+typedef struct {
+	ASN1_INTEGER *version;
+	GENERAL_NAME *requestorName;
+	STACK_OF(Request) *requestList;
+	STACK_OF(X509_EXTENSION) *requestExtensions;
+} TBSRequest;
+
+typedef struct {
+	X509_ALGOR *signatureAlgorithm;
+	ASN1_BIT_STRING *signature;
+	STACK_OF(X509) *certs;
+} Signature;
+
+typedef struct {
+	TBSRequest *tbsRequest;
+	Signature *optionalSignature;
+} OCSPRequest;
+
+typedef struct {
+	X509_ALGOR *hashAlgorithm;
+	ASN1_OCTET_STRING *issuerNameHash;
+	ASN1_OCTET_STRING *issuerKeyHash;
+	ASN1_INTEGER *certificateSerialNumber;
+} CertID;
+
+typedef struct {
+	CertID *reqCert;
+	STACK_OF(X509_EXTENSION) *singleRequestExtensions;
+} Request;
+
+/* Response structures */
+
+typedef struct {
+	ASN1_OBJECT *responseType;
+	ASN1_OCTET_STRING *response;
+} ResponseBytes;
+
+typedef struct {
+	ASN1_ENUMERATED *responseStatus;
+	ResponseBytes *responseBytes;
+} OCSPResponse;
+
+typedef struct {
+	int type;
+	union {
+	   X509_NAME *byName;
+	   ASN1_OCTET_STRING *byKey;
+	}d;
+} ResponderID;
+
+typedef struct {
+	   ASN1_INTEGER *version;
+	   ResponderID *responderID;
+	   ASN1_GENERALIZEDTIME *producedAt;
+	   STACK_OF(SingleResponse) *responses;
+	   STACK_OF(X509_EXTENSION) *responseExtensions;
+} ResponseData;
+
+typedef struct {
+	   ResponseData *tbsResponseData;
+	   X509_ALGOR *signatureAlgorithm;
+	   ASN1_BIT_STRING *signature;
+	   STACK_OF(X509) *certs;
+} BasicOCSPResponse;
+
+typedef struct {
+	ASN1_GENERALIZEDTIME *revocationTime;
+	ASN1_ENUMERATED * revocationReason;
+} RevokedInfo;
+
+typedef struct {
+	int type;
+	union {
+	    ASN1_NULL *good;
+	    RevokedInfo *revoked;
+	    ASN1_NULL *unknown;
+	} d;
+} CertStatus;
+
+typedef struct {
+	   CertID *certID;
+	   CertStatus *certStatus;
+	   ASN1_GENERALIZEDTIME *thisUpdate;
+	   ASN1_GENERALIZEDTIME *nextUpdate;
+	   STACK_OF(X509_EXTENSION) *singleExtensions;
+} SingleResponse;
+
+
+typedef struct {
+    X509_NAME *issuer;
+    STACK_OF(ACCESS_DESCRIPTION) *locator;
+} ServiceLocator;
+
+
+/* Now the ASN1 templates */
+
+IMPLEMENT_COMPAT_ASN1(X509);
+IMPLEMENT_COMPAT_ASN1(X509_ALGOR);
+//IMPLEMENT_COMPAT_ASN1(X509_EXTENSION);
+IMPLEMENT_COMPAT_ASN1(GENERAL_NAME);
+IMPLEMENT_COMPAT_ASN1(X509_NAME);
+
+ASN1_SEQUENCE(X509_EXTENSION) = {
+	ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
+	ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
+	ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_EXTENSION);
+	
+
+ASN1_SEQUENCE(Signature) = {
+	ASN1_SIMPLE(Signature, signatureAlgorithm, X509_ALGOR),
+	ASN1_SIMPLE(Signature, signature, ASN1_BIT_STRING),
+	ASN1_SEQUENCE_OF(Signature, certs, X509)
+} ASN1_SEQUENCE_END(Signature);
+
+ASN1_SEQUENCE(CertID) = {
+	ASN1_SIMPLE(CertID, hashAlgorithm, X509_ALGOR),
+	ASN1_SIMPLE(CertID, issuerNameHash, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(CertID, issuerKeyHash, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(CertID, certificateSerialNumber, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(CertID);
+
+ASN1_SEQUENCE(Request) = {
+	ASN1_SIMPLE(Request, reqCert, CertID),
+	ASN1_EXP_SEQUENCE_OF_OPT(Request, singleRequestExtensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END(Request);
+
+ASN1_SEQUENCE(TBSRequest) = {
+	ASN1_EXP_OPT(TBSRequest, version, ASN1_INTEGER, 0),
+	ASN1_EXP_OPT(TBSRequest, requestorName, GENERAL_NAME, 1),
+	ASN1_SEQUENCE_OF(TBSRequest, requestList, Request),
+	ASN1_EXP_SEQUENCE_OF_OPT(TBSRequest, requestExtensions, X509_EXTENSION, 2)
+} ASN1_SEQUENCE_END(TBSRequest);
+
+ASN1_SEQUENCE(OCSPRequest) = {
+	ASN1_SIMPLE(OCSPRequest, tbsRequest, TBSRequest),
+	ASN1_EXP_OPT(OCSPRequest, optionalSignature, Signature, 0)
+} ASN1_SEQUENCE_END(OCSPRequest);
+
+
+/* Response templates */
+
+ASN1_SEQUENCE(ResponseBytes) = {
+	    ASN1_SIMPLE(ResponseBytes, responseType, ASN1_OBJECT),
+	    ASN1_SIMPLE(ResponseBytes, response, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(ResponseBytes);
+
+ASN1_SEQUENCE(OCSPResponse) = {
+	ASN1_SIMPLE(OCSPResponse, responseStatus, ASN1_ENUMERATED),
+	ASN1_EXP_OPT(OCSPResponse, responseBytes, ResponseBytes, 0)
+} ASN1_SEQUENCE_END(OCSPResponse);
+
+ASN1_CHOICE(ResponderID) = {
+	   ASN1_EXP(ResponderID, d.byName, X509_NAME, 1),
+	   ASN1_IMP(ResponderID, d.byKey, ASN1_OCTET_STRING, 2)
+} ASN1_CHOICE_END(ResponderID);
+
+ASN1_SEQUENCE(RevokedInfo) = {
+	ASN1_SIMPLE(RevokedInfo, revocationTime, ASN1_GENERALIZEDTIME),
+  	ASN1_EXP_OPT(RevokedInfo, revocationReason, ASN1_ENUMERATED, 0)
+} ASN1_SEQUENCE_END(RevokedInfo);
+
+ASN1_CHOICE(CertStatus) = {
+	ASN1_IMP(CertStatus, d.good, ASN1_NULL, 0),
+	ASN1_IMP(CertStatus, d.revoked, RevokedInfo, 1),
+	ASN1_IMP(CertStatus, d.unknown, ASN1_NULL, 2)
+} ASN1_CHOICE_END(CertStatus);
+
+ASN1_SEQUENCE(SingleResponse) = {
+	   ASN1_SIMPLE(SingleResponse, certID, CertID),
+	   ASN1_SIMPLE(SingleResponse, certStatus, CertStatus),
+	   ASN1_SIMPLE(SingleResponse, thisUpdate, ASN1_GENERALIZEDTIME),
+	   ASN1_EXP_OPT(SingleResponse, nextUpdate, ASN1_GENERALIZEDTIME, 0),
+	   ASN1_EXP_SEQUENCE_OF_OPT(SingleResponse, singleExtensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(SingleResponse);
+
+ASN1_SEQUENCE(ResponseData) = {
+	   ASN1_EXP_OPT(ResponseData, version, ASN1_INTEGER, 0),
+	   ASN1_SIMPLE(ResponseData, responderID, ResponderID),
+	   ASN1_SIMPLE(ResponseData, producedAt, ASN1_GENERALIZEDTIME),
+	   ASN1_SEQUENCE_OF(ResponseData, responses, SingleResponse),
+	   ASN1_EXP_SEQUENCE_OF_OPT(ResponseData, responseExtensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(ResponseData);
+
+ASN1_SEQUENCE(BasicOCSPResponse) = {
+	   ASN1_SIMPLE(BasicOCSPResponse, tbsResponseData, ResponseData),
+	   ASN1_SIMPLE(BasicOCSPResponse, signatureAlgorithm, X509_ALGOR),
+	   ASN1_SIMPLE(BasicOCSPResponse, signature, ASN1_BIT_STRING),
+	   ASN1_EXP_SEQUENCE_OF_OPT(BasicOCSPResponse, certs, X509, 0)
+} ASN1_SEQUENCE_END(BasicOCSPResponse);
+
diff --git a/demos/b64.c b/demos/b64.c
index 42abc42d33..efdd44457d 100644
--- a/demos/b64.c
+++ b/demos/b64.c
@@ -59,13 +59,13 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include "apps.h"
-#include "buffer.h"
-#include "err.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "pem.h"
+#include "../apps/apps.h"
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 #undef SIZE
 #undef BSIZE
@@ -83,7 +83,6 @@ char **argv;
 	unsigned char *buff=NULL,*bufsize=NULL;
 	int bsize=BSIZE,verbose=0;
 	int ret=1,inl;
-	unsigned char key[24],iv[MD5_DIGEST_LENGTH];
 	char *str=NULL;
 	char *hkey=NULL,*hiv=NULL;
 	int enc=1,printkey=0,i,base64=0;
@@ -91,8 +90,7 @@ char **argv;
 	EVP_CIPHER *cipher=NULL,*c;
 	char *inf=NULL,*outf=NULL;
 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
-#define PROG_NAME_SIZE  16
-        char pname[PROG_NAME_SIZE];
+#define PROG_NAME_SIZE  39
 
 
 	apps_startup();
@@ -177,11 +175,11 @@ bad:
 		if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
 		}
 
-	strbuf=Malloc(SIZE);
-	buff=(unsigned char *)Malloc(EVP_ENCODE_LENGTH(bsize));
+	strbuf=OPENSSL_malloc(SIZE);
+	buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
 	if ((buff == NULL) || (strbuf == NULL))
 		{
-		BIO_printf(bio_err,"Malloc failure\n");
+		BIO_printf(bio_err,"OPENSSL_malloc failure\n");
 		goto end;
 		}
 
@@ -259,8 +257,8 @@ bad:
 		BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
 		}
 end:
-	if (strbuf != NULL) Free(strbuf);
-	if (buff != NULL) Free(buff);
+	if (strbuf != NULL) OPENSSL_free(strbuf);
+	if (buff != NULL) OPENSSL_free(buff);
 	if (in != NULL) BIO_free(in);
 	if (out != NULL) BIO_free(out);
 	if (benc != NULL) BIO_free(benc);
diff --git a/demos/bio/Makefile b/demos/bio/Makefile
new file mode 100644
index 0000000000..4351540532
--- /dev/null
+++ b/demos/bio/Makefile
@@ -0,0 +1,16 @@
+CC=cc
+CFLAGS= -g -I../../include
+LIBS= -L../.. ../../libssl.a ../../libcrypto.a
+EXAMPLES=saccept sconnect
+
+all: $(EXAMPLES) 
+
+saccept: saccept.o
+	$(CC) -o saccept saccept.o $(LIBS)
+
+sconnect: sconnect.o
+	$(CC) -o sconnect sconnect.o $(LIBS)
+
+clean:	
+	rm -f $(EXAMPLES) *.o
+
diff --git a/demos/bio/saccept.c b/demos/bio/saccept.c
index 920eab397c..40cd4daad2 100644
--- a/demos/bio/saccept.c
+++ b/demos/bio/saccept.c
@@ -12,8 +12,8 @@
 
 #include <stdio.h>
 #include <signal.h>
-#include "err.h"
-#include "ssl.h"
+#include <openssl/err.h>
+#include <openssl/ssl.h>
 
 #define CERT_FILE	"server.pem"
 
@@ -45,8 +45,13 @@ char *argv[];
 
 	SSL_load_error_strings();
 
+#ifdef WATT32
+	dbug_init();
+	sock_init();
+#endif
+
 	/* Add ciphers and message digests */
-	SSLeay_add_ssl_algorithms();
+	OpenSSL_add_ssl_algorithms();
 
 	ctx=SSL_CTX_new(SSLv23_server_method());
 	if (!SSL_CTX_use_certificate_file(ctx,CERT_FILE,SSL_FILETYPE_PEM))
diff --git a/demos/bio/sconnect.c b/demos/bio/sconnect.c
index 68296da806..880344eb78 100644
--- a/demos/bio/sconnect.c
+++ b/demos/bio/sconnect.c
@@ -9,8 +9,9 @@
  */
 #include <stdio.h>
 #include <stdlib.h>
-#include "err.h"
-#include "ssl.h"
+#include <unistd.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
 
 extern int errno;
 
@@ -31,11 +32,16 @@ char *argv[];
 	else
 		host=argv[1];
 
+#ifdef WATT32
+	dbug_init();
+	sock_init();
+#endif
+
 	/* Lets get nice error messages */
 	SSL_load_error_strings();
 
 	/* Setup all the global SSL stuff */
-	SSLeay_add_ssl_algorithms();
+	OpenSSL_add_ssl_algorithms();
 	ssl_ctx=SSL_CTX_new(SSLv23_client_method());
 
 	/* Lets make a SSL structure */
diff --git a/demos/easy_tls/.cvsignore b/demos/easy_tls/.cvsignore
new file mode 100644
index 0000000000..9daeafb986
--- /dev/null
+++ b/demos/easy_tls/.cvsignore
@@ -0,0 +1 @@
+test
diff --git a/demos/easy_tls/Makefile b/demos/easy_tls/Makefile
new file mode 100644
index 0000000000..208070074c
--- /dev/null
+++ b/demos/easy_tls/Makefile
@@ -0,0 +1,123 @@
+# Makefile for easy-tls example application (rudimentary client and server)
+# $Id: Makefile,v 1.2 2001/09/18 09:15:40 bodo Exp $
+
+SOLARIS_CFLAGS=-Wall -pedantic -g -O2
+SOLARIS_LIBS=-lxnet
+
+LINUX_CFLAGS=-Wall -pedantic -g -O2
+LINUX_LIBS=
+
+
+auto-all:
+	case `uname -s` in \
+	SunOS) echo Using SunOS configuration; \
+	  make SYSCFLAGS="$(SOLARIS_CFLAGS)" SYSLIBS="$(SOLARIS_LIBS)" all;; \
+	Linux) echo Using Linux configuration; \
+	  make SYSCFLAGS="$(LINUX_CFLAGS)" SYSLIBS="$(LINUX_LIBS)" all;; \
+	*) echo "unknown system"; exit 1;; \
+	esac
+
+all: test TAGS
+
+# For adapting this Makefile to a different system, only the following
+# definitions should need customizing:
+
+OPENSSLDIR=../..
+CC=gcc
+
+SYSCFLAGS=whatever
+SYSLIBS=whatever
+
+
+#############################################################################
+#
+# SSLeay/OpenSSL imports
+#
+# OPENSSLDIR (set above) can be either the directory where OpenSSL is
+# installed or the directory where it was compiled.
+
+# We rely on having a new OpenSSL release where include files
+# have names like <openssl/ssl.h> (not just <ssl.h>).
+OPENSSLINCLUDES=-I$(OPENSSLDIR)/include
+
+# libcrypto.a and libssl.a are directly in $(OPENSSLDIR) if this is
+# the compile directory, or in $(OPENSSLDIR)/lib if we use an installed
+# library.  With the following definition, we can handle either case.
+OPENSSLLIBS=-L$(OPENSSLDIR) -L$(OPENSSLDIR)/lib -lssl -lcrypto
+
+
+#############################################################################
+#
+# Stuff for handling the source files
+#
+
+SOURCES=easy-tls.c test.c
+HEADERS=easy-tls.h test.h
+DOCSandEXAMPLESetc=Makefile cert.pem cacerts.pem
+EVERYTHING=$(SOURCES) $(HEADERS) $(DOCSandEXAMPLESetc)
+
+ls: ls-l
+ls-l:
+	ls -l $(EVERYTHING)
+# For RCS:
+tag:
+	-rcs -n_`date +%y%m%d`: $(EVERYTHING)
+	rcs -nMYTAG $(EVERYTHING)
+	rcs -nMYTAG: $(EVERYTHING)
+diff:
+	-rcsdiff -rMYTAG -u $(EVERYTHING)
+today:
+	-rcsdiff -r_`date +%y%m%d` -u $(EVERYTHING)
+ident:
+	for a in $(EVERYTHING); do ident $$a; done
+
+# Distribution .tar:
+easy-tls.tar.gz: $(EVERYTHING)
+	tar cvf - $(EVERYTHING) | \
+	gzip -9 > easy-tls.tar.gz
+
+# Working .tar:
+tls.tgz: $(EVERYTHING)
+	tar cfv - `find . -type f -a ! -name '*.tgz' -a ! -name '*.tar.gz'` | \
+	gzip -9 > tls.tgz
+
+# For emacs:
+etags: TAGS
+TAGS: $(SOURCES) $(HEADERS)
+	-etags $(SOURCES) $(HEADERS)
+
+
+#############################################################################
+#
+# Compilation
+#
+# The following definitions are system dependent (and hence defined
+# at the beginning of this Makefile, where they are more easily found):
+
+### CC=gcc
+### SYSCFLAGS=-Wall -pedantic -g -O2
+### SYSLIBS=-lxnet
+
+EXTRACFLAGS=-DTLS_APP=\"test.h\"
+# EXTRACFLAGS=-DTLS_APP=\"test.h\" -DDEBUG_TLS
+
+#
+# The rest shouldn't need to be touched.
+#
+LDFLAGS=$(SYSLIBS) $(OPENSSLLIBS)
+INCLUDES=$(OPENSSLINCLUDES)
+CFLAGS=$(SYSCFLAGS) $(EXTRACFLAGS) $(INCLUDES)
+
+OBJS=easy-tls.o test.o
+
+clean:
+	@rm -f test
+	@rm -f TAGS
+	@rm -f *.o
+	@rm -f core
+
+test: $(OBJS)
+	$(CC) $(OBJS) $(LDFLAGS) -o test
+
+test.o: $(HEADERS)
+easy-tls.o: $(HEADERS)
diff --git a/demos/easy_tls/README b/demos/easy_tls/README
new file mode 100644
index 0000000000..816a58009c
--- /dev/null
+++ b/demos/easy_tls/README
@@ -0,0 +1,65 @@
+easy_tls - generic SSL/TLS proxy
+========
+
+(... and example for non-blocking SSL/TLS I/O multiplexing.)
+
+
+  easy_tls.c, easy_tls.h:
+
+     Small generic SSL/TLS proxy library: With a few function calls,
+     an application socket will be replaced by a pipe handled by a
+     separate SSL/TLS proxy process.  This allows easily adding
+     SSL/TLS support to many programs not originally designed for it.
+
+     [Actually easy_tls.c is not a proper library: Customization
+     requires defining preprocessor macros while compiling it.
+     This is quite confusing, so I'll probably change it.]
+
+     These files may be used under the OpenSSL license.
+
+
+
+  test.c, test.h, Makefile, cert.pem, cacerts.pem:
+
+     Rudimentary example program using the easy_tls library, and
+     example key and certificates for it.  Usage examples:
+
+       $ ./test 8443     # create server listening at port 8443
+       $ ./test 127.0.0.1 8443  # create client, connect to port 8443
+                                # at IP address 127.0.0.1
+
+     'test' will not automatically do SSL/TLS, or even read or write
+     data -- it must be told to do so on input lines starting
+     with a command letter.  'W' means write a line, 'R' means
+     read a line, 'C' means close the connection, 'T' means
+     start an SSL/TLS proxy.  E.g. (user input tagged with '*'):
+
+     * R
+       <<< 220 mail.example.net
+     * WSTARTTLS
+       >>> STARTTLS
+     * R
+       <<< 220 Ready to start TLS
+     * T
+       test_process_init(fd = 3, client_p = 1, apparg = (nil))
+       +++ `E:self signed certificate in certificate chain'
+       +++ `<... certificate info ...>'
+     * WHELO localhost
+       >>> HELO localhost
+       R
+       <<< 250 mail.example.net
+
+     You can even do SSL/TLS over SSL/TLS over SSL/TLS ... by using
+     'T' multiple times.  I have no idea why you would want to though.
+
+
+This code is rather old.  When I find time I will update anything that
+should be changed, and improve code comments.  To compile the sample
+program 'test' on platforms other then Linux or Solaris, you will have
+to edit the Makefile.
+
+As noted above, easy_tls.c will be changed to become a library one
+day, which means that future revisions will not be fully compatible to
+the current version.
+
+Bodo Möller <bodo@openssl.org>
diff --git a/demos/easy_tls/cacerts.pem b/demos/easy_tls/cacerts.pem
new file mode 100644
index 0000000000..acc70baf19
--- /dev/null
+++ b/demos/easy_tls/cacerts.pem
@@ -0,0 +1,18 @@
+$Id: cacerts.pem,v 1.1 2001/09/17 19:06:57 bodo Exp $
+
+issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
+subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+-----BEGIN CERTIFICATE-----
+MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
+VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
+OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
+BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
+IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
+DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
+1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
+mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
+hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
+YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
+q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
+-----END CERTIFICATE-----
diff --git a/demos/easy_tls/cert.pem b/demos/easy_tls/cert.pem
new file mode 100644
index 0000000000..364fe10d5b
--- /dev/null
+++ b/demos/easy_tls/cert.pem
@@ -0,0 +1,31 @@
+$Id: cert.pem,v 1.1 2001/09/17 19:06:57 bodo Exp $
+
+Example certificate and key.
+
+-----BEGIN CERTIFICATE-----
+MIIB1jCCAT8CAQEwDQYJKoZIhvcNAQEEBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
+ZDAeFw05OTA1MDEwMTI2MzVaFw05OTA1MzEwMTI2MzVaMCIxCzAJBgNVBAYTAkRF
+MRMwEQYDVQQDEwpUZXN0c2VydmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQD6I3oDKiexwwlkzjar69AIFnVUaG85LtCege2R+CtIDlkQYw68/8MbT3ou0pdF
+AcL9IGiYY3Y0SHM9PqF00RO1MCtNpqTnF3ScLpbmggGjKilmWYn2ai7emdjMjXVL
+tzWW2xGgIGATWQN32KgfJng4jXi1UjEiyLhkw0Zf1I/ggwIDAQABMA0GCSqGSIb3
+DQEBBAUAA4GBAMgM+sbAk8DfjSfa+Rf2gcGXmbrvZAzKzC+5RU3kaq/NyxIXAGco
+9dZjozzWfN/xuGup5boFk+KrP+xdgsaqGHsyzlgEoqz4ekqLjQeVbnoj339hVFU9
+MhPi6JULPxjXKumjfX2LLNkikW5puz8Df3UiX0EiaJvd7EwP8J75tiUT
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQD6I3oDKiexwwlkzjar69AIFnVUaG85LtCege2R+CtIDlkQYw68
+/8MbT3ou0pdFAcL9IGiYY3Y0SHM9PqF00RO1MCtNpqTnF3ScLpbmggGjKilmWYn2
+ai7emdjMjXVLtzWW2xGgIGATWQN32KgfJng4jXi1UjEiyLhkw0Zf1I/ggwIDAQAB
+AoGANST8c1etf1MU19oIO5aqaE19OCXIG7oakNLCCtVTPMfvnE+vffBJH7BPIUuU
+4BBzwRv1nQrkvk72TPjVjOAu81B1SStKQueun2flVuYxp9NyupNWCBley4QdohlP
+I92ml2tzTSPmNIoA6jdGyNzFcGchapRRmejsC39F1RUbHQECQQD9KX81Wt8ZOrri
+dWiEXja1L3X8Bkb9vvUjVMQDTJJPxBJjehC6eurgE6PP6SJD5p/f3RHPCcLr8tSM
+D4P/OpKhAkEA/PFNlhIZUDKK6aTvG2mn7qQ5phbadOoyN1Js3ttWG5OMOZ6b/QlC
+Wvp84h44506BIlv+Tg2YAI0AdBUrf7oEowJAM4joAVd/ROaEtqbJ4PBA2L9RmD06
+5FqkEk4mHLnQqvYx/BgUIbH18ClvVlqSBBqFfw/EmU3WZSuogt6Bs0ocIQJBAOxB
+AoPiYcxbeQ5kZIVJOXaX49SzUdaUDNVJYrEBUzsspHQJJo/Avz606kJVkjbSR6Ft
+JWmIHuqcyMikIV4KxFsCQQCU2evoVjVsqkkbHi7W28f73PGBsyu0KIwlK7nu4h08
+Daf7TAI+A6jW/WRUsJ6dFhUYi7/Jvkcdrlnbgm2fxziX
+-----END RSA PRIVATE KEY-----
diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c
new file mode 100644
index 0000000000..9cd8314c3e
--- /dev/null
+++ b/demos/easy_tls/easy-tls.c
@@ -0,0 +1,1240 @@
+/* -*- Mode: C; c-file-style: "bsd" -*- */
+/*
+ * easy-tls.c -- generic TLS proxy.
+ * $Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $
+ */
+/*
+ (c) Copyright 1999 Bodo Moeller.  All rights reserved.
+
+ This is free software; you can redistributed and/or modify it
+ unter the terms of either
+   -  the GNU General Public License as published by the
+      Free Software Foundation, version 1, or (at your option)
+      any later version,
+ or
+   -  the following license:
+*/
+/*
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that each of the following
+ * conditions is met:
+ *
+ * 1. Redistributions qualify as "freeware" or "Open Source Software" under
+ *    one of the following terms:
+ * 
+ *    (a) Redistributions are made at no charge beyond the reasonable cost of
+ *        materials and delivery.
+ * 
+ *    (b) Redistributions are accompanied by a copy of the Source Code
+ *        or by an irrevocable offer to provide a copy of the Source Code
+ *        for up to three years at the cost of materials and delivery.
+ *        Such redistributions must allow further use, modification, and
+ *        redistribution of the Source Code under substantially the same
+ *        terms as this license.
+ *
+ * 2. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 3. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 4. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by Bodo Moeller."
+ *    (If available, substitute umlauted o for oe.)
+ *
+ * 5. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by Bodo Moeller."
+ *
+ * THIS SOFTWARE IS PROVIDED BY BODO MOELLER ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL BODO MOELLER OR
+ * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+/*
+ * Attribution for OpenSSL library:
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ * This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)
+ */
+
+static char const rcsid[] =
+"$Id: easy-tls.c,v 1.4 2002/03/05 09:07:16 bodo Exp $";
+
+#include <assert.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/select.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <sys/utsname.h>
+#include <unistd.h>
+
+#include <openssl/crypto.h>
+#include <openssl/dh.h>
+#include <openssl/dsa.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/opensslv.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#ifndef NO_RSA
+ #include <openssl/rsa.h>
+#endif
+#include <openssl/ssl.h>
+#include <openssl/x509.h>
+#include <openssl/x509_vfy.h>
+
+#if OPENSSL_VERSION_NUMBER < 0x00904000L /* 0.9.4-dev */
+# error "This program needs OpenSSL 0.9.4 or later."
+#endif
+
+#include "easy-tls.h" /* include after <openssl/ssl.h> if both are needed */
+
+#if TLS_INFO_SIZE > PIPE_BUF
+# if PIPE_BUF < 512
+#  error "PIPE_BUF < 512" /* non-POSIX */
+# endif
+# error "TLS_INFO_SIZE > PIPE_BUF"
+#endif
+
+/*****************************************************************************/
+
+#ifdef TLS_APP
+# include TLS_APP
+#endif
+
+/* Applications can define:
+ *   TLS_APP_PROCESS_INIT -- void ...(int fd, int client_p, void *apparg)
+ *   TLS_CUMULATE_ERRORS 
+ *   TLS_ERROR_BUFSIZ
+ *   TLS_APP_ERRFLUSH -- void ...(int child_p, char *, size_t, void *apparg)
+ */
+
+#ifndef TLS_APP_PROCESS_INIT
+# define TLS_APP_PROCESS_INIT(fd, client_p, apparg) ((void) 0)
+#endif
+
+#ifndef TLS_ERROR_BUFSIZ
+# define TLS_ERROR_BUFSIZ (10*160)
+#endif
+#if TLS_ERROR_BUFSIZ < 2 /* {'\n',0} */
+# error "TLS_ERROR_BUFSIZE is too small."
+#endif
+
+#ifndef TLS_APP_ERRFLUSH
+# define TLS_APP_ERRFLUSH tls_app_errflush
+static void
+tls_app_errflush(int child_p, char *errbuf, size_t num, void *apparg)
+{
+    fputs(errbuf, stderr);
+}
+#endif
+
+/*****************************************************************************/
+
+#ifdef DEBUG_TLS
+# define DEBUG_MSG(x) fprintf(stderr,"  %s\n",x)
+# define DEBUG_MSG2(x,y) fprintf(stderr, "  %s: %d\n",x,y)
+static int tls_loop_count = 0;
+static int tls_select_count = 0;
+#else
+# define DEBUG_MSG(x) (void)0
+# define DEBUG_MSG2(x,y) (void)0
+#endif
+
+static void tls_rand_seed_uniquely(void);
+static void tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p);
+static int tls_socket_nonblocking(int fd);
+
+static int tls_child_p = 0;
+static void *tls_child_apparg;
+
+
+struct tls_start_proxy_args
+tls_start_proxy_defaultargs(void)
+{
+    struct tls_start_proxy_args ret;
+
+    ret.fd = -1;
+    ret.client_p = -1;
+    ret.ctx = NULL;
+    ret.pid = NULL;
+    ret.infofd = NULL;
+    
+    return ret;
+}
+
+/* Slice in TLS proxy process at fd.
+ * Return value:
+ *   0    ok  (*pid is set to child's PID if pid != NULL),
+ *   < 0  look at errno
+ *   > 0  other error
+ *   (return value encodes place of error)
+ *
+ */
+int
+tls_start_proxy(struct tls_start_proxy_args a, void *apparg)
+{
+    int fds[2] = {-1, -1};
+    int infofds[2] = {-1, -1};
+    int r, getfd, getfl;
+    int ret;
+
+    DEBUG_MSG2("tls_start_proxy fd", a.fd);
+    DEBUG_MSG2("tls_start_proxy client_p", a.client_p);
+
+    if (a.fd == -1 || a.client_p == -1 || a.ctx == NULL)
+	return 1;
+
+    if (a.pid != NULL) {
+	*a.pid = 0;
+    }
+    if (a.infofd != NULL) {
+	*a.infofd = -1;
+    }
+
+    r = socketpair(AF_UNIX, SOCK_STREAM, 0, fds);
+    if (r == -1)
+	return -1;
+    if (a.fd >= FD_SETSIZE || fds[0] >= FD_SETSIZE) {
+	ret = 2;
+	goto err;
+    }
+    if (a.infofd != NULL) {
+	r = pipe(infofds);
+	if (r == -1) {
+	    ret = -3;
+	    goto err;
+	}
+    }
+
+    r = fork();
+    if (r == -1) {
+	ret = -4;
+	goto err;
+    }
+    if (r == 0) {
+	DEBUG_MSG("fork");
+	tls_child_p = 1;
+	tls_child_apparg = apparg;
+	close(fds[1]);
+	if (infofds[0] != -1)
+	    close(infofds[0]);
+	TLS_APP_PROCESS_INIT(a.fd, a.client_p, apparg);
+	DEBUG_MSG("TLS_APP_PROCESS_INIT");
+	tls_proxy(fds[0], a.fd, infofds[1], a.ctx, a.client_p);
+	exit(0);
+    }
+    if (a.pid != NULL)
+	*a.pid = r;
+    if (infofds[1] != -1) {
+	close(infofds[1]);
+	infofds[1] = -1;
+    }
+    /* install fds[1] in place of fd: */
+    close(fds[0]);
+    fds[0] = -1;
+    getfd = fcntl(a.fd, F_GETFD);
+    getfl = fcntl(a.fd, F_GETFL);
+    r = dup2(fds[1], a.fd);
+    close(fds[1]);
+    fds[1] = -1;
+    if (r == -1) {
+	ret = -5;
+	goto err;
+    }
+    if (getfd != 1)
+	fcntl(a.fd, F_SETFD, getfd);
+    if (getfl & O_NONBLOCK)
+	(void)tls_socket_nonblocking(a.fd);
+    if (a.infofd != NULL)
+	*a.infofd = infofds[0];
+    return 0;
+    
+  err:
+    if (fds[0] != -1)
+	close(fds[0]);
+    if (fds[1] != -1)
+	close(fds[1]);
+    if (infofds[0] != -1)
+	close(infofds[0]);
+    if (infofds[1] != -1)
+	close(infofds[1]);
+    return ret;
+}
+
+/*****************************************************************************/
+
+static char errbuf[TLS_ERROR_BUFSIZ];
+static size_t errbuf_i = 0;
+
+static void
+tls_errflush(void *apparg)
+{
+    if (errbuf_i == 0)
+	return;
+    
+    assert(errbuf_i < sizeof errbuf);
+    assert(errbuf[errbuf_i] == 0);
+    if (errbuf_i == sizeof errbuf - 1) {
+	/* make sure we have a newline, even if string has been truncated */
+	errbuf[errbuf_i - 1] = '\n';
+    }
+
+    /* TLS_APP_ERRFLUSH may modify the string as needed,
+     * e.g. substitute other characters for \n for convenience */
+    TLS_APP_ERRFLUSH(tls_child_p, errbuf, errbuf_i, apparg);
+
+    errbuf_i = 0;
+}
+
+static void
+tls_errprintf(int flush, void *apparg, const char *fmt, ...)
+{
+    va_list args;
+    int r;
+    
+    if (errbuf_i < sizeof errbuf - 1) {
+	size_t n;
+
+	va_start(args, fmt);
+	n = (sizeof errbuf) - errbuf_i;
+	r = vsnprintf(errbuf + errbuf_i, n, fmt, args);
+	if (r >= n)
+	    r = n - 1;
+	if (r >= 0) {
+	    errbuf_i += r;
+	} else {
+	    errbuf_i = sizeof errbuf - 1;
+	    errbuf[errbuf_i] = '\0';
+	}
+	assert(errbuf_i < sizeof errbuf);
+	assert(errbuf[errbuf_i] == 0);
+    }
+#ifndef TLS_CUMULATE_ERRORS
+    tls_errflush(apparg);
+#else
+    if (flush)
+	tls_errflush(apparg);
+#endif
+}
+
+/* app_prefix.. are for additional information provided by caller.
+ * If OpenSSL error queue is empty, print default_text ("???" if NULL).
+ */
+static char *
+tls_openssl_errors(const char *app_prefix_1, const char *app_prefix_2, const char *default_text, void *apparg)
+{
+    static char reasons[255];
+    size_t reasons_i;
+    unsigned long err;
+    const char *file;
+    int line;
+    const char *data;
+    int flags;
+    char *errstring;
+    int printed_something = 0;
+    
+    reasons_i = 0;
+
+    assert(app_prefix_1 != NULL);
+    assert(app_prefix_2 != NULL);
+
+    if (default_text == NULL)
+	default_text = "?""?""?";
+    
+    while ((err = ERR_get_error_line_data(&file,&line,&data,&flags)) != 0) {
+	if (reasons_i < sizeof reasons) {
+	    size_t n;
+	    int r;
+
+	    n = (sizeof reasons) - reasons_i;
+	    r = snprintf(reasons + reasons_i, n, "%s%s", (reasons_i > 0 ? ", " : ""), ERR_reason_error_string(err));
+	    if (r >= n)
+		r = n - 1;
+	    if (r >= 0) {
+		reasons_i += r;
+	    } else {
+		reasons_i = sizeof reasons;
+	    }
+	    assert(reasons_i <= sizeof reasons);
+	}
+	
+	errstring = ERR_error_string(err, NULL);
+	assert(errstring != NULL);
+	tls_errprintf(0, apparg, "OpenSSL error%s%s: %s:%s:%d:%s\n", app_prefix_1, app_prefix_2, errstring, file, line, (flags & ERR_TXT_STRING) ? data : "");
+	printed_something = 1;
+    }
+
+    if (!printed_something) {
+	assert(reasons_i == 0);
+	snprintf(reasons, sizeof reasons, "%s", default_text);
+	tls_errprintf(0, apparg, "OpenSSL error%s%s: %s\n", app_prefix_1, app_prefix_2, default_text);
+    }
+
+#ifdef TLS_CUMULATE_ERRORS    
+    tls_errflush(apparg);
+#endif
+    assert(errbuf_i == 0);
+
+    return reasons;
+}
+
+/*****************************************************************************/
+
+static int tls_init_done = 0;
+
+static int
+tls_init(void *apparg)
+{
+    if (tls_init_done)
+	return 0;
+    
+    SSL_load_error_strings();
+    if (!SSL_library_init() /* aka SSLeay_add_ssl_algorithms() */ ) {
+	tls_errprintf(1, apparg, "SSL_library_init failed.\n");
+	return -1;
+    }
+    tls_init_done = 1;
+    tls_rand_seed();
+    return 0;
+}
+
+/*****************************************************************************/
+
+static void
+tls_rand_seed_uniquely(void)
+{
+    struct {
+	pid_t pid;
+	time_t time;
+	void *stack;
+    } data;
+
+    data.pid = getpid();
+    data.time = time(NULL);
+    data.stack = (void *)&data;
+
+    RAND_seed((const void *)&data, sizeof data);
+}
+
+void
+tls_rand_seed(void)
+{
+    struct {
+	struct utsname uname;
+	int uname_1;
+	int uname_2;
+	uid_t uid;
+	uid_t euid;
+	gid_t gid;
+	gid_t egid;
+    } data;
+    
+    data.uname_1 = uname(&data.uname);
+    data.uname_2 = errno; /* Let's hope that uname fails randomly :-) */
+
+    data.uid = getuid();
+    data.euid = geteuid();
+    data.gid = getgid();
+    data.egid = getegid();
+    
+    RAND_seed((const void *)&data, sizeof data);
+    tls_rand_seed_uniquely();
+}
+
+static int tls_rand_seeded_p = 0;
+
+#define my_MIN_SEED_BYTES 256 /* struct stat can be larger than 128 */
+int
+tls_rand_seed_from_file(const char *filename, size_t n, void *apparg)
+{
+    /* Seed OpenSSL's random number generator from file.
+       Try to read n bytes if n > 0, whole file if n == 0. */
+
+    int r;
+
+    if (tls_init(apparg) == -1)
+	return -1;
+    tls_rand_seed();
+
+    r = RAND_load_file(filename, (n > 0 && n < LONG_MAX) ? (long)n : LONG_MAX);
+    /* r is the number of bytes filled into the random number generator,
+     * which are taken from "stat(filename, ...)" in addition to the
+     * file contents.
+     */
+    assert(1 < my_MIN_SEED_BYTES);
+    /* We need to detect at least those cases when the file does not exist
+     * at all.  With current versions of OpenSSL, this should do it: */
+    if (n == 0)
+	n = my_MIN_SEED_BYTES;
+    if (r < n) {
+	tls_errprintf(1, apparg, "rand_seed_from_file: could not read %d bytes from %s.\n", n, filename);
+	return -1;
+    } else {
+	tls_rand_seeded_p = 1;
+	return 0;
+    }
+}
+
+void
+tls_rand_seed_from_memory(const void *buf, size_t n)
+{
+    size_t i = 0;
+    
+    while (i < n) {
+	size_t rest = n - i;
+	int chunk = rest < INT_MAX ? (int)rest : INT_MAX;
+	RAND_seed((const char *)buf + i, chunk);
+	i += chunk;
+    }
+    tls_rand_seeded_p = 1;
+}
+
+
+/*****************************************************************************/
+
+struct tls_x509_name_string {
+    char str[100];
+};
+
+static void
+tls_get_x509_subject_name_oneline(X509 *cert, struct tls_x509_name_string *namestring)
+{
+    X509_NAME *name;
+
+    if (cert == NULL) {
+	namestring->str[0] = '\0';
+	return;
+    }
+    
+    name = X509_get_subject_name(cert); /* does not increment any reference counter */
+
+    assert(sizeof namestring->str >= 4); /* "?" or "...", plus 0 */
+    
+    if (name == NULL) {
+	namestring->str[0] = '?';
+	namestring->str[1] = 0;
+    } else {
+	size_t len;
+
+	X509_NAME_oneline(name, namestring->str, sizeof namestring->str);
+	len = strlen(namestring->str);
+	assert(namestring->str[len] == 0);
+	assert(len < sizeof namestring->str);
+
+	if (len+1 == sizeof namestring->str) {
+	    /* (Probably something was cut off.)
+	     * Does not really work -- X509_NAME_oneline truncates after
+	     * name components, we cannot tell from the result whether
+	     * anything is missing. */
+
+	    assert(namestring->str[len] == 0);
+	    namestring->str[--len] = '.';
+	    namestring->str[--len] = '.';
+	    namestring->str[--len] = '.';
+	}
+    }
+}
+
+/*****************************************************************************/
+
+/* to hinder OpenSSL from asking for passphrases */
+static int
+no_passphrase_callback(char *buf, int num, int w, void *arg)
+{
+    return -1;
+}
+
+#if OPENSSL_VERSION_NUMBER >= 0x00907000L
+static int
+verify_dont_fail_cb(X509_STORE_CTX *c, void *unused_arg)
+#else
+static int
+verify_dont_fail_cb(X509_STORE_CTX *c)
+#endif
+{
+    int i;
+    
+    i = X509_verify_cert(c); /* sets c->error */
+#if OPENSSL_VERSION_NUMBER >= 0x00905000L /* don't allow unverified
+					   * certificates -- they could
+					   * survive session reuse, but
+					   * OpenSSL < 0.9.5-dev does not
+					   * preserve their verify_result */
+    if (i == 0)
+	return 1;
+    else
+#endif
+	return i;
+}
+
+static DH *tls_dhe1024 = NULL; /* generating these takes a while, so do it just once */
+
+void
+tls_set_dhe1024(int i, void *apparg)
+{
+    DSA *dsaparams;
+    DH *dhparams;
+    const char *seed[] = { ";-)  :-(  :-)  :-(  ",
+			   ";-)  :-(  :-)  :-(  ",
+			   "Random String no. 12",
+			   ";-)  :-(  :-)  :-(  ",
+			   "hackers have even mo", /* from jargon file */
+    };
+    unsigned char seedbuf[20];
+    
+    tls_init(apparg);
+    if (i >= 0) {
+	i %= sizeof seed / sizeof seed[0];
+	assert(strlen(seed[i]) == 20);
+	memcpy(seedbuf, seed[i], 20);
+	dsaparams = DSA_generate_parameters(1024, seedbuf, 20, NULL, NULL, 0, NULL);
+    } else {
+	/* random parameters (may take a while) */
+	dsaparams = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL);
+    }
+    
+    if (dsaparams == NULL) {
+	tls_openssl_errors("", "", NULL, apparg);
+	return;
+    }
+    dhparams = DSA_dup_DH(dsaparams);
+    DSA_free(dsaparams);
+    if (dhparams == NULL) {
+	tls_openssl_errors("", "", NULL, apparg);
+	return;
+    }
+    if (tls_dhe1024 != NULL)
+	DH_free(tls_dhe1024);
+    tls_dhe1024 = dhparams;
+}
+
+struct tls_create_ctx_args
+tls_create_ctx_defaultargs(void)
+{
+	struct tls_create_ctx_args ret;
+
+	ret.client_p = 0;
+	ret.certificate_file = NULL;
+	ret.key_file = NULL;
+	ret.ca_file = NULL;
+	ret.verify_depth = -1;
+	ret.fail_unless_verified = 0;
+	ret.export_p = 0;
+
+	return ret;
+}
+
+SSL_CTX *
+tls_create_ctx(struct tls_create_ctx_args a, void *apparg)
+{
+    int r;
+    static long context_num = 0;
+    SSL_CTX *ret;
+    const char *err_pref_1 = "", *err_pref_2 = "";
+    
+    if (tls_init(apparg) == -1)
+	return NULL;
+
+    ret = SSL_CTX_new((a.client_p? SSLv23_client_method:SSLv23_server_method)());
+
+    if (ret == NULL)
+	goto err;
+
+    SSL_CTX_set_default_passwd_cb(ret, no_passphrase_callback);
+    SSL_CTX_set_mode(ret, SSL_MODE_ENABLE_PARTIAL_WRITE);
+    
+    if ((a.certificate_file != NULL) || (a.key_file != NULL)) {
+	if (a.key_file == NULL) {
+	    tls_errprintf(1, apparg, "Need a key file.\n");
+	    goto err_return;
+	}
+	if (a.certificate_file == NULL) {
+	    tls_errprintf(1, apparg, "Need a certificate chain file.\n");
+	    goto err_return;
+	}
+	
+	if (!SSL_CTX_use_PrivateKey_file(ret, a.key_file, SSL_FILETYPE_PEM))
+	    goto err;
+	if (!tls_rand_seeded_p) {
+	    /* particularly paranoid people may not like this --
+	     * so provide your own random seeding before calling this */
+	    if (tls_rand_seed_from_file(a.key_file, 0, apparg) == -1)
+		goto err_return;
+	}
+	if (!SSL_CTX_use_certificate_chain_file(ret, a.certificate_file))
+	    goto err;
+	if (!SSL_CTX_check_private_key(ret)) {
+	    tls_errprintf(1, apparg, "Private key \"%s\" does not match certificate \"%s\".\n", a.key_file, a.certificate_file);
+	    goto err_peek;
+	}
+    }
+    
+    if ((a.ca_file != NULL) || (a.verify_depth > 0)) {
+	context_num++;
+	r = SSL_CTX_set_session_id_context(ret, (const void *)&context_num, (unsigned int)sizeof context_num);
+	if (!r)
+	    goto err;
+	
+	SSL_CTX_set_verify(ret, SSL_VERIFY_PEER | (a.fail_unless_verified ? SSL_VERIFY_FAIL_IF_NO_PEER_CERT : 0), 0);
+	if (!a.fail_unless_verified)
+	    SSL_CTX_set_cert_verify_callback(ret, verify_dont_fail_cb, NULL);
+	    
+	if (a.verify_depth > 0)
+	    SSL_CTX_set_verify_depth(ret, a.verify_depth);
+	
+	if (a.ca_file != NULL) {
+	    r = SSL_CTX_load_verify_locations(ret, a.ca_file, NULL /* no CA-directory */); /* does not report failure if file does not exist ... */
+	    if (!r) {
+		err_pref_1 = " while processing certificate file ";
+		err_pref_2 = a.ca_file;
+		goto err;
+	    }
+	    
+	    if (!a.client_p) {
+		/* SSL_load_client_CA_file is a misnomer, it just creates a list of CNs. */
+		SSL_CTX_set_client_CA_list(ret, SSL_load_client_CA_file(a.ca_file));
+		/* SSL_CTX_set_client_CA_list does not have a return value;
+		 * it does not really need one, but make sure
+		 * (we really test if SSL_load_client_CA_file worked) */
+		if (SSL_CTX_get_client_CA_list(ret) == NULL) {
+		    tls_errprintf(1, apparg, "Could not set client CA list from \"%s\".\n", a.ca_file);
+		    goto err_peek;
+		}
+	    }
+	}
+    }
+    
+    if (!a.client_p) {
+	if (tls_dhe1024 == NULL) {
+	    int i;
+
+	    RAND_bytes((unsigned char *) &i, sizeof i);
+	    /* make sure that i is non-negative -- pick one of the provided
+	     * seeds */
+	    if (i < 0)
+		i = -i;
+	    if (i < 0)
+		i = 0;
+	    tls_set_dhe1024(i, apparg);
+	    if (tls_dhe1024 == NULL)
+		goto err_return;
+	}
+	
+	if (!SSL_CTX_set_tmp_dh(ret, tls_dhe1024))
+	    goto err;
+
+	/* avoid small subgroup attacks: */
+	SSL_CTX_set_options(ret, SSL_OP_SINGLE_DH_USE);
+    }
+	
+#ifndef NO_RSA
+    if (!a.client_p && a.export_p) {
+	RSA *tmpkey;
+
+	tmpkey = RSA_generate_key(512, RSA_F4, 0, NULL);
+	if (tmpkey == NULL)
+	    goto err;
+	if (!SSL_CTX_set_tmp_rsa(ret, tmpkey)) {
+	    RSA_free(tmpkey);
+	    goto err;
+	}
+	RSA_free(tmpkey); /* SSL_CTX_set_tmp_rsa uses a duplicate. */
+    }
+#endif
+	
+    return ret;
+    
+ err_peek:
+    if (!ERR_peek_error())
+	goto err_return;
+ err:
+    tls_openssl_errors(err_pref_1, err_pref_2, NULL, apparg);
+ err_return:
+    if (ret != NULL)
+	SSL_CTX_free(ret);
+    return NULL;
+}
+
+
+/*****************************************************************************/
+
+static int
+tls_socket_nonblocking(int fd)
+{
+    int v, r;
+
+    v = fcntl(fd, F_GETFL, 0);
+    if (v == -1) {
+	if (errno == EINVAL)
+	    return 0; /* already shut down -- ignore */
+	return -1;
+    }
+    r = fcntl(fd, F_SETFL, v | O_NONBLOCK);
+    if (r == -1) {
+	if (errno == EINVAL)
+	    return 0; /* already shut down -- ignore */
+	return -1;
+    }
+    return 0;
+}
+
+static int
+max(int a, int b)
+{
+    return a > b ? a : b;
+}
+
+static void
+tls_sockets_select(int read_select_1, int read_select_2, int write_select_1, int write_select_2, int seconds /* timeout, -1 means no timeout */)
+{
+    int maxfd, n;
+    fd_set reads, writes;
+    struct timeval timeout;
+    struct timeval *timeout_p;
+    
+    assert(read_select_1 >= -1 && read_select_2 >= -1 && write_select_1 >= -1 && write_select_2 >= -1);
+    assert(read_select_1 < FD_SETSIZE && read_select_2 < FD_SETSIZE -1 && write_select_1 < FD_SETSIZE -1 && write_select_2 < FD_SETSIZE -1);
+
+    maxfd = max(max(read_select_1, read_select_2), max(write_select_1, write_select_2));
+    assert(maxfd >= 0);
+
+    FD_ZERO(&reads);
+    FD_ZERO(&writes);
+    
+    for(n = 0; n < 4; ++n) {
+	int i = n % 2;
+	int w = n >= 2;
+	/* loop over all (i, w) in {0,1}x{0,1} */
+	int fd;
+	
+	if (i == 0 && w == 0)
+	    fd = read_select_1;
+	else if (i == 1 && w == 0)
+	    fd = read_select_2;
+	else if (i == 0 && w == 1)
+	    fd = write_select_1;
+	else {
+	    assert(i == 1 && w == 1);
+	    fd = write_select_2;
+	}
+	
+	if (fd >= 0) {
+	    if (w == 0)
+		FD_SET(fd, &reads);
+	    else /* w == 1 */
+		FD_SET(fd, &writes);
+	}
+    }
+
+    if (seconds >= 0) {
+	timeout.tv_sec = seconds;
+	timeout.tv_usec = 0;
+	timeout_p = &timeout;
+    } else 
+	timeout_p = NULL;
+
+    DEBUG_MSG2("select no.", ++tls_select_count);
+    select(maxfd + 1, &reads, &writes, (fd_set *) NULL, timeout_p);
+    DEBUG_MSG("cont.");
+}
+
+/*****************************************************************************/
+
+#define TUNNELBUFSIZE (16*1024)
+struct tunnelbuf {
+    char buf[TUNNELBUFSIZE];
+    size_t len;
+    size_t offset;
+};
+
+static int tls_connect_attempt(SSL *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);
+
+static int tls_accept_attempt(SSL *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);
+
+static int tls_write_attempt(SSL *, struct tunnelbuf *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);
+
+static int tls_read_attempt(SSL *, struct tunnelbuf *, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref);
+
+static int write_attempt(int fd, struct tunnelbuf *, int *select, int *closed, int *progress);
+
+static int read_attempt(int fd, struct tunnelbuf *, int *select, int *closed, int *progress);
+
+static void write_info(SSL *ssl, int *info_fd)
+{
+    if (*info_fd != -1) {
+	long v;
+	int v_ok;
+	struct tls_x509_name_string peer;
+	char infobuf[TLS_INFO_SIZE];
+	int r;
+
+	DEBUG_MSG("write_info");
+	v = SSL_get_verify_result(ssl);
+	v_ok = (v == X509_V_OK) ? 'A' : 'E'; /* Auth./Error */
+	{
+	    X509 *peercert;
+
+	    peercert = SSL_get_peer_certificate(ssl);
+	    tls_get_x509_subject_name_oneline(peercert, &peer);
+	    if (peercert != NULL)
+		X509_free(peercert);
+	}
+	if (peer.str[0] == '\0')
+	    v_ok = '0'; /* no cert at all */
+	else
+	    if (strchr(peer.str, '\n')) {
+		/* should not happen, but make sure */
+		*strchr(peer.str, '\n') = '\0';
+	    }
+	r = snprintf(infobuf, sizeof infobuf, "%c:%s\n%s\n", v_ok, X509_verify_cert_error_string(v), peer.str);
+	DEBUG_MSG2("snprintf", r);
+	if (r == -1 || r >= sizeof infobuf)
+	    r = sizeof infobuf - 1;
+	write(*info_fd, infobuf, r);
+	close (*info_fd);
+	*info_fd = -1;
+    }
+}
+
+
+/* tls_proxy expects that all fds are closed after return */
+static void
+tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p)
+{
+    struct tunnelbuf clear_to_tls, tls_to_clear;
+    SSL *ssl;
+    BIO *rbio, *wbio;
+    int closed, in_handshake;
+    const char *err_pref_1 = "", *err_pref_2 = "";
+    const char *err_def = NULL;
+
+    assert(clear_fd != -1);
+    assert(tls_fd != -1);
+    assert(clear_fd < FD_SETSIZE);
+    assert(tls_fd < FD_SETSIZE);
+    /* info_fd may be -1 */
+    assert(ctx != NULL);
+
+    tls_rand_seed_uniquely();
+
+    tls_socket_nonblocking(clear_fd);
+    DEBUG_MSG2("clear_fd", clear_fd);
+    tls_socket_nonblocking(tls_fd);
+    DEBUG_MSG2("tls_fd", tls_fd);
+
+    ssl = SSL_new(ctx);
+    if (ssl == NULL)
+	goto err;
+    DEBUG_MSG("SSL_new");
+    if (!SSL_set_fd(ssl, tls_fd))
+	goto err;
+    rbio = SSL_get_rbio(ssl);
+    wbio = SSL_get_wbio(ssl); /* should be the same, but who cares */
+    assert(rbio != NULL);
+    assert(wbio != NULL);
+    if (client_p)
+	SSL_set_connect_state(ssl);
+    else
+	SSL_set_accept_state(ssl);
+    
+    closed = 0;
+    in_handshake = 1;
+    tls_to_clear.len = 0;
+    tls_to_clear.offset = 0;
+    clear_to_tls.len = 0;
+    clear_to_tls.offset = 0;
+
+    err_def = "I/O error";
+    
+    /* loop finishes as soon as we detect that one side closed;
+     * when all (program and OS) buffers have enough space,
+     * the data from the last succesful read in each direction is transferred
+     * before close */
+    do {
+	int clear_read_select = 0, clear_write_select = 0,
+	    tls_read_select = 0, tls_write_select = 0,
+	    progress = 0;
+	int r;
+	unsigned long num_read = BIO_number_read(rbio),
+	    num_written = BIO_number_written(wbio);
+
+	DEBUG_MSG2("loop iteration", ++tls_loop_count);
+
+	if (in_handshake) {
+	    DEBUG_MSG("in_handshake");
+	    if (client_p)
+		r = tls_connect_attempt(ssl, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);
+	    else
+		r = tls_accept_attempt(ssl, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);
+	    if (r != 0) {
+		write_info(ssl, &info_fd);
+		goto err;
+	    }
+	    if (closed)
+		goto err_return;
+	    if (!SSL_in_init(ssl)) {
+		in_handshake = 0;
+		write_info(ssl, &info_fd);
+	    }
+	}
+	
+	if (clear_to_tls.len != 0 && !in_handshake) {
+	    assert(!closed);
+	    
+	    r = tls_write_attempt(ssl, &clear_to_tls, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);
+	    if (r != 0)
+		goto err;
+	    if (closed) {
+		assert(progress);
+		tls_to_clear.offset = 0;
+		tls_to_clear.len = 0;
+	    }
+	}
+	
+	if (tls_to_clear.len != 0) {
+	    assert(!closed);
+
+	    r = write_attempt(clear_fd, &tls_to_clear, &clear_write_select, &closed, &progress);
+	    if (r != 0)
+		goto err_return;
+	    if (closed) {
+		assert(progress);
+		clear_to_tls.offset = 0;
+		clear_to_tls.len = 0;
+	    }
+	}
+	
+	if (!closed) {
+	    if (clear_to_tls.offset + clear_to_tls.len < sizeof clear_to_tls.buf) {
+		r = read_attempt(clear_fd, &clear_to_tls, &clear_read_select, &closed, &progress);
+		if (r != 0)
+		    goto err_return;
+		if (closed) {
+		    r = SSL_shutdown(ssl);
+		    DEBUG_MSG2("SSL_shutdown", r);
+		}
+	    }
+	}
+	
+	if (!closed && !in_handshake) {
+	    if (tls_to_clear.offset + tls_to_clear.len < sizeof tls_to_clear.buf) {
+		r = tls_read_attempt(ssl, &tls_to_clear, &tls_write_select, &tls_read_select, &closed, &progress, &err_pref_1);
+		if (r != 0)
+		    goto err;
+		if (closed) {
+		    r = SSL_shutdown(ssl);
+		    DEBUG_MSG2("SSL_shutdown", r);
+		}
+	    }
+	}
+
+	if (!progress) {
+	    DEBUG_MSG("!progress?");
+	    if (num_read != BIO_number_read(rbio) || num_written != BIO_number_written(wbio))
+		progress = 1;
+
+	    if (!progress) {
+		DEBUG_MSG("!progress");
+		assert(clear_read_select || tls_read_select || clear_write_select || tls_write_select);
+		tls_sockets_select(clear_read_select ? clear_fd : -1, tls_read_select ? tls_fd : -1, clear_write_select ? clear_fd : -1, tls_write_select ? tls_fd : -1, -1);
+	    }
+	}
+    } while (!closed);
+    return;
+
+ err:
+    tls_openssl_errors(err_pref_1, err_pref_2, err_def, tls_child_apparg);
+ err_return:
+    return;
+}
+
+
+static int
+tls_get_error(SSL *ssl, int r, int *write_select, int *read_select, int *closed, int *progress)
+{
+    int err = SSL_get_error(ssl, r);
+
+    if (err == SSL_ERROR_NONE) {
+	assert(r > 0);
+	*progress = 1;
+	return 0;
+    }
+
+    assert(r <= 0);
+
+    switch (err) {
+    case SSL_ERROR_ZERO_RETURN:
+	assert(r == 0);
+	*closed = 1;
+	*progress = 1;
+	return 0;
+
+    case SSL_ERROR_WANT_WRITE:
+	*write_select = 1;
+	return 0;
+	
+    case SSL_ERROR_WANT_READ:
+	*read_select = 1;
+	return 0;
+    }
+
+    return -1;
+}
+
+static int
+tls_connect_attempt(SSL *ssl, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)
+{
+    int n, r;
+
+    DEBUG_MSG("tls_connect_attempt");
+    n = SSL_connect(ssl);
+    DEBUG_MSG2("SSL_connect",n);
+    r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
+    if (r == -1)
+	*err_pref = " during SSL_connect";
+    return r;
+}
+
+static int
+tls_accept_attempt(SSL *ssl, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)
+{
+    int n, r;
+
+    DEBUG_MSG("tls_accept_attempt");
+    n = SSL_accept(ssl);
+    DEBUG_MSG2("SSL_accept",n);
+    r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
+    if (r == -1)
+	*err_pref = " during SSL_accept";
+    return r;
+}
+
+static int
+tls_write_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)
+{
+    int n, r;
+
+    DEBUG_MSG("tls_write_attempt");
+    n = SSL_write(ssl, buf->buf + buf->offset, buf->len);
+    DEBUG_MSG2("SSL_write",n);
+    r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
+    if (n > 0) {
+	buf->len -= n;
+	assert(buf->len >= 0);
+	if (buf->len == 0)
+	    buf->offset = 0;
+	else
+	    buf->offset += n;
+    }
+    if (r == -1)
+	*err_pref = " during SSL_write";
+    return r;
+}
+
+static int
+tls_read_attempt(SSL *ssl, struct tunnelbuf *buf, int *write_select, int *read_select, int *closed, int *progress, const char **err_pref)
+{
+    int n, r;
+    size_t total;
+
+    DEBUG_MSG("tls_read_attempt");
+    total = buf->offset + buf->len;
+    assert(total < sizeof buf->buf);
+    n = SSL_read(ssl, buf->buf + total, (sizeof buf->buf) - total);
+    DEBUG_MSG2("SSL_read",n);
+    r = tls_get_error(ssl, n, write_select, read_select, closed, progress);
+    if (n > 0) {
+	buf->len += n;
+	assert(buf->offset + buf->len <= sizeof buf->buf);
+    }
+    if (r == -1)
+	*err_pref = " during SSL_read";
+    return r;
+}
+
+static int
+get_error(int r, int *select, int *closed, int *progress)
+{
+    if (r >= 0) {
+	*progress = 1;
+	if (r == 0)
+	    *closed = 1;
+	return 0;
+    } else {
+	assert(r == -1);
+	if (errno == EAGAIN || errno == EWOULDBLOCK) {
+	    *select = 1;
+	    return 0;
+	} else if (errno == EPIPE) {
+	    *progress = 1;
+	    *closed = 1;
+	    return 0;
+	} else
+	    return -1;
+    }
+}
+
+static int write_attempt(int fd, struct tunnelbuf *buf, int *select, int *closed, int *progress)
+{
+    int n, r;
+
+    DEBUG_MSG("write_attempt");
+    n = write(fd, buf->buf + buf->offset, buf->len);
+    DEBUG_MSG2("write",n);
+    r = get_error(n, select, closed, progress);
+    if (n > 0) {
+	buf->len -= n;
+	assert(buf->len >= 0);
+	if (buf->len == 0)
+	    buf->offset = 0;
+	else
+	    buf->offset += n;
+    }
+    if (r == -1)
+	tls_errprintf(1, tls_child_apparg, "write error: %s\n", strerror(errno));
+    return r;
+}
+    
+static int
+read_attempt(int fd, struct tunnelbuf *buf, int *select, int *closed, int *progress)
+{
+    int n, r;
+    size_t total;
+
+    DEBUG_MSG("read_attempt");
+    total = buf->offset + buf->len;
+    assert(total < sizeof buf->buf);
+    n = read(fd, buf->buf + total, (sizeof buf->buf) - total);
+    DEBUG_MSG2("read",n);
+    r = get_error(n, select, closed, progress);
+    if (n > 0) {
+	buf->len += n;
+	assert(buf->offset + buf->len <= sizeof buf->buf);
+    }
+    if (r == -1)
+	tls_errprintf(1, tls_child_apparg, "read error: %s\n", strerror(errno));
+    return r;
+}
diff --git a/demos/easy_tls/easy-tls.h b/demos/easy_tls/easy-tls.h
new file mode 100644
index 0000000000..52b298e654
--- /dev/null
+++ b/demos/easy_tls/easy-tls.h
@@ -0,0 +1,57 @@
+/* -*- Mode: C; c-file-style: "bsd" -*- */
+/*
+ * easy-tls.h -- generic TLS proxy.
+ * $Id: easy-tls.h,v 1.1 2001/09/17 19:06:59 bodo Exp $
+ */
+/*
+ * (c) Copyright 1999 Bodo Moeller.  All rights reserved.
+ */
+
+#ifndef HEADER_TLS_H
+#define HEADER_TLS_H
+
+#ifndef HEADER_SSL_H
+typedef struct ssl_ctx_st SSL_CTX;
+#endif
+
+#define TLS_INFO_SIZE 512 /* max. # of bytes written to infofd */
+
+void tls_set_dhe1024(int i, void* apparg);
+/* Generate DHE parameters:
+ * i >= 0 deterministic (i selects seed), i < 0 random (may take a while).
+ * tls_create_ctx calls this with random non-negative i if the application
+ * has never called it.*/
+
+void tls_rand_seed(void);
+int tls_rand_seed_from_file(const char *filename, size_t n, void *apparg);
+void tls_rand_seed_from_memory(const void *buf, size_t n);
+
+struct tls_create_ctx_args 
+{
+    int client_p;
+    const char *certificate_file;
+    const char *key_file;
+    const char *ca_file;
+    int verify_depth;
+    int fail_unless_verified;
+    int export_p;
+};
+struct tls_create_ctx_args tls_create_ctx_defaultargs(void);
+/* struct tls_create_ctx_args is similar to a conventional argument list,
+ * but it can provide default values and allows for future extension. */
+SSL_CTX *tls_create_ctx(struct tls_create_ctx_args, void *apparg);
+
+struct tls_start_proxy_args
+{
+    int fd;
+    int client_p;
+    SSL_CTX *ctx;
+    pid_t *pid;
+    int *infofd;
+};
+struct tls_start_proxy_args tls_start_proxy_defaultargs(void);
+/* tls_start_proxy return value *MUST* be checked!
+ * 0 means ok, otherwise we've probably run out of some resources. */
+int tls_start_proxy(struct tls_start_proxy_args, void *apparg);
+
+#endif
diff --git a/demos/easy_tls/test.c b/demos/easy_tls/test.c
new file mode 100644
index 0000000000..21f679afd1
--- /dev/null
+++ b/demos/easy_tls/test.c
@@ -0,0 +1,244 @@
+/* test.c */
+/* $Id: test.c,v 1.1 2001/09/17 19:06:59 bodo Exp $ */
+
+#define L_PORT 9999
+#define C_PORT 443
+
+#include <arpa/inet.h>
+#include <assert.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <netinet/in.h>
+#include <netinet/tcp.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/select.h>
+#include <sys/socket.h>
+#include <unistd.h>
+
+#include "test.h"
+#include "easy-tls.h"
+
+void
+test_process_init(int fd, int client_p, void *apparg)
+{
+    fprintf(stderr, "test_process_init(fd = %d, client_p = %d, apparg = %p)\n", fd, client_p, apparg);
+}
+
+void
+test_errflush(int child_p, char *errbuf, size_t num, void *apparg)
+{
+    fputs(errbuf, stderr);
+}
+
+
+int
+main(int argc, char *argv[])
+{
+    int s, fd, r;
+    FILE *conn_in;
+    FILE *conn_out;
+    char buf[256];
+    SSL_CTX *ctx;
+    int client_p = 0;
+    int port;
+    int tls = 0;
+    char infobuf[TLS_INFO_SIZE + 1];
+
+    if (argc > 1 && argv[1][0] == '-') {
+	fputs("Usage: test [port]                   -- server\n"
+	      "       test num.num.num.num [port]   -- client\n",
+	      stderr);
+	exit(1);
+    }
+
+    if (argc > 1) {
+	if (strchr(argv[1], '.')) {
+	    client_p = 1;
+	}
+    }
+    
+    fputs(client_p ? "Client\n" : "Server\n", stderr);
+    
+    {
+	struct tls_create_ctx_args a = tls_create_ctx_defaultargs();
+	a.client_p = client_p;
+	a.certificate_file = "cert.pem";
+	a.key_file = "cert.pem";
+	a.ca_file = "cacerts.pem";
+	
+	ctx = tls_create_ctx(a, NULL);
+	if (ctx == NULL)
+	    exit(1);
+    }
+    
+    s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+    if (s == -1) {
+	perror("socket");
+	exit(1);
+    }
+    
+    if (client_p) {
+	struct sockaddr_in addr;
+	size_t addr_len = sizeof addr;
+	    
+	addr.sin_family = AF_INET;
+	assert(argc > 1);
+	if (argc > 2)
+	    sscanf(argv[2], "%d", &port);
+	else
+	    port = C_PORT;
+	addr.sin_port = htons(port);
+	addr.sin_addr.s_addr = inet_addr(argv[1]);
+	    
+	r = connect(s, &addr, addr_len);
+	if (r != 0) {
+	    perror("connect");
+	    exit(1);
+	}
+	fd = s;
+	fprintf(stderr, "Connect (fd = %d).\n", fd);
+    } else {
+	/* server */
+	{
+	    int i = 1;
+
+	    r = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *) &i, sizeof i);
+	    if (r == -1) {
+		perror("setsockopt");
+		exit(1);
+	    }
+	}
+	
+	{
+	    struct sockaddr_in addr;
+	    size_t addr_len = sizeof addr;
+	    
+	    if (argc > 1)
+		sscanf(argv[1], "%d", &port);
+	    else
+		port = L_PORT;
+	    addr.sin_family = AF_INET;
+	    addr.sin_port = htons(port);
+	    addr.sin_addr.s_addr = INADDR_ANY;
+	    
+	    r = bind(s, &addr, addr_len);
+	    if (r != 0) {
+		perror("bind");
+		exit(1);
+	    }
+	}
+    
+	r = listen(s, 1);
+	if (r == -1) {
+	    perror("listen");
+	    exit(1);
+	}
+
+	fprintf(stderr, "Listening at port %i.\n", port);
+	
+	fd = accept(s, NULL, 0);
+	if (fd == -1) {
+	    perror("accept");
+	    exit(1);
+	}
+	
+	fprintf(stderr, "Accept (fd = %d).\n", fd);
+    }
+
+    conn_in = fdopen(fd, "r");
+    if (conn_in == NULL) {
+	perror("fdopen");
+	exit(1);
+    }
+    conn_out = fdopen(fd, "w");
+    if (conn_out == NULL) {
+	perror("fdopen");
+	exit(1);
+    }
+
+    setvbuf(conn_in, NULL, _IOLBF, 256);
+    setvbuf(conn_out, NULL, _IOLBF, 256);
+	
+    while (fgets(buf, sizeof buf, stdin) != NULL) {
+	if (buf[0] == 'W') {
+	    fprintf(conn_out, "%.*s\r\n", (int)(strlen(buf + 1) - 1), buf + 1);
+	    fprintf(stderr, ">>> %.*s\n", (int)(strlen(buf + 1) - 1), buf + 1);
+	} else if (buf[0] == 'C') {
+	    fprintf(stderr, "Closing.\n");
+	    fclose(conn_in);
+	    fclose(conn_out);
+	    exit(0);
+	} else if (buf[0] == 'R') {
+	    int lines = 0;
+
+	    sscanf(buf + 1, "%d", &lines);
+	    do {
+		if (fgets(buf, sizeof buf, conn_in) == NULL) {
+		    if (ferror(conn_in)) {
+			fprintf(stderr, "ERROR\n");
+			exit(1);
+		    }
+		    fprintf(stderr, "CLOSED\n");
+		    return 0;
+		}
+		fprintf(stderr, "<<< %s", buf);
+	    } while (--lines > 0);
+	} else if (buf[0] == 'T') {
+	    int infofd;
+
+	    tls++;
+	    {
+		struct tls_start_proxy_args a = tls_start_proxy_defaultargs();
+		a.fd = fd;
+		a.client_p = client_p;
+		a.ctx = ctx;
+		a.infofd = &infofd;
+		r = tls_start_proxy(a, NULL);
+	    }
+	    assert(r != 1);
+	    if (r != 0) {
+		fprintf(stderr, "tls_start_proxy failed: %d\n", r);
+		switch (r) {
+		case -1:
+		    fputs("socketpair", stderr); break;
+		case 2:
+		    fputs("FD_SETSIZE exceeded", stderr); break;
+		case -3:
+		    fputs("pipe", stderr); break;
+		case -4:
+		    fputs("fork", stderr); break;
+		case -5:
+		    fputs("dup2", stderr); break;
+		default:
+		    fputs("?", stderr);
+		}
+		if (r < 0)
+		    perror("");
+		else
+		    fputc('\n', stderr);
+		exit(1);
+	    }
+	    
+	    r = read(infofd, infobuf, sizeof infobuf - 1);
+	    if (r > 0) {
+		const char *info = infobuf;
+		const char *eol;
+		
+		infobuf[r] = '\0';
+		while ((eol = strchr(info, '\n')) != NULL) {
+		    fprintf(stderr, "+++ `%.*s'\n", eol - info, info);
+		    info = eol+1;
+		}
+		close (infofd);
+	    }
+	} else {
+	    fprintf(stderr, "W...  write line to network\n"
+		    "R[n]  read line (n lines) from network\n"
+		    "C     close\n"
+		    "T     start %sTLS proxy\n", tls ? "another " : "");
+	}
+    }
+    return 0;
+}
diff --git a/demos/easy_tls/test.h b/demos/easy_tls/test.h
new file mode 100644
index 0000000000..dda667843f
--- /dev/null
+++ b/demos/easy_tls/test.h
@@ -0,0 +1,11 @@
+/* test.h */
+/* $Id: test.h,v 1.1 2001/09/17 19:07:00 bodo Exp $ */
+
+
+void test_process_init(int fd, int client_p, void *apparg);
+#define TLS_APP_PROCESS_INIT test_process_init
+
+#undef TLS_CUMULATE_ERRORS
+
+void test_errflush(int child_p, char *errbuf, size_t num, void *apparg);
+#define TLS_APP_ERRFLUSH test_errflush
diff --git a/demos/eay/Makefile b/demos/eay/Makefile
new file mode 100644
index 0000000000..2d22eaca56
--- /dev/null
+++ b/demos/eay/Makefile
@@ -0,0 +1,24 @@
+CC=cc
+CFLAGS= -g -I../../include
+#LIBS=  -L../.. -lcrypto -lssl
+LIBS= -L../.. ../../libssl.a ../../libcrypto.a
+
+# the file conn.c requires a file "proxy.h" which I couldn't find...
+#EXAMPLES=base64 conn loadrsa
+EXAMPLES=base64 loadrsa
+
+all: $(EXAMPLES) 
+
+base64: base64.o
+	$(CC) -o base64 base64.o $(LIBS)
+#
+# sorry... can't find "proxy.h"
+#conn: conn.o
+#	$(CC) -o conn conn.o $(LIBS)
+
+loadrsa: loadrsa.o
+	$(CC) -o loadrsa loadrsa.o $(LIBS)
+
+clean:	
+	rm -f $(EXAMPLES) *.o
+
diff --git a/demos/eay/base64.c b/demos/eay/base64.c
index de080f617a..4b8b0627d1 100644
--- a/demos/eay/base64.c
+++ b/demos/eay/base64.c
@@ -2,8 +2,8 @@
  * getting the data.
  */
 #include <stdio.h>
-#include "bio.h"
-#include "evp.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
 
 main()
 	{
diff --git a/demos/eay/conn.c b/demos/eay/conn.c
index f44fc7f536..c4b8f5163e 100644
--- a/demos/eay/conn.c
+++ b/demos/eay/conn.c
@@ -7,9 +7,9 @@
  */
 #include <stdio.h>
 #include <stdlib.h>
-#include "err.h"
-#include "bio.h"
-#include "proxy.h"
+#include <openssl/err.h>
+#include <openssl/bio.h>
+/* #include "proxy.h" */
 
 extern int errno;
 
diff --git a/demos/eay/loadrsa.c b/demos/eay/loadrsa.c
index 91e62d74fe..79f1885ca4 100644
--- a/demos/eay/loadrsa.c
+++ b/demos/eay/loadrsa.c
@@ -1,5 +1,5 @@
 #include <stdio.h>
-#include "rsa.h"
+#include <openssl/rsa.h>
 
 /* This is a simple program to generate an RSA private key.  It then
  * saves both the public and private key into a char array, then
diff --git a/demos/engines/cluster_labs/.cvsignore b/demos/engines/cluster_labs/.cvsignore
new file mode 100644
index 0000000000..594223d400
--- /dev/null
+++ b/demos/engines/cluster_labs/.cvsignore
@@ -0,0 +1,4 @@
+*.exp
+*.so
+*.so.*
+*.a
diff --git a/demos/engines/cluster_labs/Makefile b/demos/engines/cluster_labs/Makefile
new file mode 100644
index 0000000000..956193f093
--- /dev/null
+++ b/demos/engines/cluster_labs/Makefile
@@ -0,0 +1,114 @@
+LIBNAME=	libclabs
+SRC=		hw_cluster_labs.c
+OBJ=		hw_cluster_labs.o
+HEADER=		hw_cluster_labs.h
+
+CC=		gcc
+PIC=		-fPIC
+CFLAGS=		-g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
+AR=		ar r
+RANLIB=		ranlib
+
+LIB=		$(LIBNAME).a
+SHLIB=		$(LIBNAME).so
+
+all:
+		@echo 'Please choose a system to build on:'
+		@echo ''
+		@echo 'tru64:    Tru64 Unix, Digital Unix, Digital OSF/1'
+		@echo 'solaris:  Solaris'
+		@echo 'irix:     IRIX'
+		@echo 'hpux32:   32-bit HP/UX'
+		@echo 'hpux64:   64-bit HP/UX'
+		@echo 'aix:      AIX'
+		@echo 'gnu:      Generic GNU-based system (gcc and GNU ld)'
+		@echo ''
+
+FORCE.update:
+update:		FORCE.update
+		perl ../../../util/mkerr.pl -conf hw_cluster_labs.ec \
+			-nostatic -staticloader -write hw_cluster_labs.c
+
+gnu:		$(SHLIB).gnu
+tru64:		$(SHLIB).tru64
+solaris:	$(SHLIB).solaris
+irix:		$(SHLIB).irix
+hpux32:		$(SHLIB).hpux32
+hpux64:		$(SHLIB).hpux64
+aix:		$(SHLIB).aix
+
+$(LIB):		$(OBJ)
+		$(AR) $(LIB) $(OBJ)
+		- $(RANLIB) $(LIB)
+
+LINK_SO=	\
+  ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
+  (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
+   $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
+
+$(SHLIB).gnu:	$(LIB)
+		ALLSYMSFLAGS='--whole-archive' \
+		SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).gnu
+$(SHLIB).tru64:	$(LIB)
+		ALLSYMSFLAGS='-all' \
+		SHAREDFLAGS='-shared' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).tru64
+$(SHLIB).solaris:	$(LIB)
+		ALLSYMSFLAGS='-z allextract' \
+		SHAREDFLAGS='-G -h $(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).solaris
+$(SHLIB).irix:	$(LIB)
+		ALLSYMSFLAGS='-all' \
+		SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).irix
+$(SHLIB).hpux32:	$(LIB)
+		ALLSYMSFLAGS='-Fl' \
+		SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
+		SHAREDCMD='/usr/ccs/bin/ld'; \
+		$(LINK_SO)
+		touch $(SHLIB).hpux32
+$(SHLIB).hpux64:	$(LIB)
+		ALLSYMSFLAGS='+forceload' \
+		SHAREDFLAGS='-b -z +h $(SHLIB)' \
+		SHAREDCMD='/usr/ccs/bin/ld'; \
+		$(LINK_SO)
+		touch $(SHLIB).hpux64
+$(SHLIB).aix:	$(LIB)
+		ALLSYMSFLAGS='-bnogc' \
+		SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).aix
+
+depend:
+		sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
+		echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
+		gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
+		perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
+		rm -f Makefile.tmp Makefile
+		mv Makefile.new Makefile
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
+rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
+rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
+rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
+rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
+rsaref.o: ../../../include/openssl/opensslconf.h
+rsaref.o: ../../../include/openssl/opensslv.h
+rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
+rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
+rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
+rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
+rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
+rsaref.o: source/rsaref.h
diff --git a/demos/engines/cluster_labs/cluster_labs.h b/demos/engines/cluster_labs/cluster_labs.h
new file mode 100644
index 0000000000..d0926796f0
--- /dev/null
+++ b/demos/engines/cluster_labs/cluster_labs.h
@@ -0,0 +1,35 @@
+typedef int cl_engine_init(void);
+typedef int cl_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			const BIGNUM *m, BN_CTX *cgx);
+typedef int cl_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
+		const BIGNUM *iqmp, BN_CTX *ctx);
+typedef int cl_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+typedef int cl_rsa_pub_enc(int flen, const unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding);
+typedef int cl_rsa_pub_dec(int flen, const unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding);
+typedef int cl_rsa_priv_enc(int flen, const unsigned char *from, 
+		unsigned char *to, RSA *rsa, int padding);
+typedef int cl_rsa_priv_dec(int flen, const unsigned char *from, 
+		unsigned char *to, RSA *rsa, int padding);		
+typedef int cl_rand_bytes(unsigned char *buf, int num);
+typedef DSA_SIG *cl_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+typedef int cl_dsa_verify(const unsigned char *dgst, int dgst_len,
+				DSA_SIG *sig, DSA *dsa);
+
+
+static const char *CLUSTER_LABS_LIB_NAME = "cluster_labs";
+static const char *CLUSTER_LABS_F1	 = "hw_engine_init";
+static const char *CLUSTER_LABS_F2	 = "hw_mod_exp";
+static const char *CLUSTER_LABS_F3	 = "hw_mod_exp_crt";
+static const char *CLUSTER_LABS_F4	 = "hw_rsa_mod_exp";
+static const char *CLUSTER_LABS_F5	 = "hw_rsa_priv_enc";
+static const char *CLUSTER_LABS_F6	 = "hw_rsa_priv_dec";
+static const char *CLUSTER_LABS_F7	 = "hw_rsa_pub_enc";
+static const char *CLUSTER_LABS_F8	 = "hw_rsa_pub_dec";
+static const char *CLUSTER_LABS_F20	 = "hw_rand_bytes";
+static const char *CLUSTER_LABS_F30	 = "hw_dsa_sign";
+static const char *CLUSTER_LABS_F31	 = "hw_dsa_verify";
+
+
diff --git a/demos/engines/cluster_labs/hw_cluster_labs.c b/demos/engines/cluster_labs/hw_cluster_labs.c
new file mode 100644
index 0000000000..00c14f2755
--- /dev/null
+++ b/demos/engines/cluster_labs/hw_cluster_labs.c
@@ -0,0 +1,718 @@
+/* crypto/engine/hw_cluster_labs.c */
+/* Written by Jan Tschirschwitz (jan.tschirschwitz@cluster-labs.com
+ * for the OpenSSL project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#define MSC_VER   /* only used cryptic.h */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include <openssl/dso.h>
+#include <openssl/des.h>
+#include <openssl/engine.h>
+
+#ifndef NO_HW
+#ifndef NO_HW_CLUSTER_LABS
+
+#ifdef FLAT_INC
+#include "cluster_labs.h"
+#else
+#include "vendor_defns/cluster_labs.h"
+#endif
+
+#define CL_LIB_NAME "cluster_labs engine"
+#include "hw_cluster_labs_err.c"
+
+
+static int cluster_labs_destroy(ENGINE *e);
+static int cluster_labs_init(ENGINE *e);
+static int cluster_labs_finish(ENGINE *e);
+static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+
+
+/* BIGNUM stuff */
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+		
+/* RSA stuff */
+#ifndef OPENSSL_NO_RSA
+static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding);
+static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding);
+static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from, 
+		unsigned char *to, RSA *rsa, int padding);
+static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from, 
+		unsigned char *to, RSA *rsa, int padding);
+static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+#endif
+
+/* DSA stuff */
+#ifndef OPENSSL_NO_DSA
+DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,
+				DSA_SIG *sig, DSA *dsa);
+static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+		BN_CTX *ctx, BN_MONT_CTX *in_mont);
+static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx);
+#endif
+								
+/* DH stuff */
+#ifndef OPENSSL_NO_DH
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
+		
+/* RANDOM stuff */						
+static int cluster_labs_rand_bytes(unsigned char *buf, int num);
+
+/* The definitions for control commands specific to this engine */
+#define CLUSTER_LABS_CMD_SO_PATH		ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN cluster_labs_cmd_defns[] =
+	{
+	{ CLUSTER_LABS_CMD_SO_PATH,
+	  "SO_PATH",
+	  "Specifies the path to the 'cluster labs' shared library",
+	  ENGINE_CMD_FLAG_STRING
+	},
+	{0, NULL, NULL, 0}
+	};
+
+/* Our internal RSA_METHOD that we provide pointers to */
+#ifndef OPENSSL_NO_RSA
+static RSA_METHOD cluster_labs_rsa =
+	{
+	"Cluster Labs RSA method",
+	cluster_labs_rsa_pub_enc,	/* rsa_pub_enc */
+	cluster_labs_rsa_pub_dec,	/* rsa_pub_dec */
+	cluster_labs_rsa_priv_enc,	/* rsa_priv_enc */
+	cluster_labs_rsa_priv_dec,	/* rsa_priv_dec */
+	cluster_labs_rsa_mod_exp,	/* rsa_mod_exp */
+	cluster_labs_mod_exp_mont,	/* bn_mod_exp */
+	NULL,				/* init */
+	NULL,				/* finish */
+	0, 				/* flags */
+	NULL,				/* apps_data */
+	NULL,				/* rsa_sign */
+	NULL				/* rsa_verify */
+	};
+#endif
+
+/* Our internal DSA_METHOD that we provide pointers to */
+#ifndef OPENSSL_NO_DSA
+static DSA_METHOD cluster_labs_dsa =
+	{
+	"Cluster Labs DSA method",
+	cluster_labs_dsa_sign,  	/* dsa_do_sign */
+	NULL, 				/* dsa_sign_setup */
+	cluster_labs_dsa_verify,	/* dsa_do_verify */
+	cluster_labs_dsa_mod_exp, 	/* dsa_mod_exp */
+	cluster_labs_mod_exp_dsa, 	/* bn_mod_exp */
+	NULL, 				/* init */
+	NULL, 				/* finish */
+	0, 				/* flags */
+	NULL 				/* app_data */
+	};
+#endif	
+
+/* Our internal DH_METHOD that we provide pointers to */
+#ifndef OPENSSL_NO_DH
+static DH_METHOD cluster_labs_dh =
+	{
+	"Cluster Labs DH method",
+	NULL,				/* generate key */
+	NULL,				/* compute key */
+	cluster_labs_mod_exp_dh,	/* bn_mod_exp */
+	NULL,				/* init */
+	NULL,				/* finish */
+	0,				/* flags */
+	NULL				/* app_data */
+	};
+#endif	
+	
+static RAND_METHOD cluster_labs_rand =
+	{
+	/* "Cluster Labs RAND method", */
+	NULL,				/* seed */
+	cluster_labs_rand_bytes,	/* bytes */
+	NULL,				/* cleanup */
+	NULL,				/* add */
+	cluster_labs_rand_bytes,	/* pseudorand */
+	NULL,				/* status */
+	};	
+
+static const char *engine_cluster_labs_id = "cluster_labs";
+static const char *engine_cluster_labs_name = "Cluster Labs hardware engine support";
+
+/* engine implementation */
+/*-----------------------*/
+static int bind_helper(ENGINE *e)
+	{
+	
+	if(!ENGINE_set_id(e, engine_cluster_labs_id) ||
+			!ENGINE_set_name(e, engine_cluster_labs_name) ||
+#ifndef OPENSSL_NO_RSA
+			!ENGINE_set_RSA(e, &cluster_labs_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+			!ENGINE_set_DSA(e, &cluster_labs_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+			!ENGINE_set_DH(e, &cluster_labs_dh) ||
+#endif
+			!ENGINE_set_RAND(e, &cluster_labs_rand) ||
+			!ENGINE_set_destroy_function(e, cluster_labs_destroy) ||
+			!ENGINE_set_init_function(e, cluster_labs_init) ||
+			!ENGINE_set_finish_function(e, cluster_labs_finish) ||
+			!ENGINE_set_ctrl_function(e, cluster_labs_ctrl) ||
+			!ENGINE_set_cmd_defns(e, cluster_labs_cmd_defns))
+		return 0;
+	/* Ensure the error handling is set up */
+	ERR_load_CL_strings();
+	return 1;
+	}
+	
+#ifndef ENGINE_DYNAMIC_SUPPORT
+static ENGINE *engine_cluster_labs(void)
+	{
+	ENGINE *ret = ENGINE_new();
+
+	if(!ret)
+		return NULL;
+	if(!bind_helper(ret))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_cluster_labs(void)
+	{
+
+	ENGINE *cluster_labs = engine_cluster_labs();
+	
+	if(!cluster_labs) return;
+	ENGINE_add(cluster_labs);
+	ENGINE_free(cluster_labs);
+	ERR_clear_error();
+	}
+#endif /* !ENGINE_DYNAMIC_SUPPORT */
+
+static int cluster_labs_destroy(ENGINE *e)
+	{
+	
+	ERR_unload_CL_strings();
+	return 1;
+	}
+
+
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the Cluster Labs library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *cluster_labs_dso = NULL;
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static cl_engine_init	  	*p_cl_engine_init 		 = NULL;
+static cl_mod_exp	 	*p_cl_mod_exp 			 = NULL;
+static cl_mod_exp_crt		*p_cl_mod_exp_crt 		 = NULL;
+static cl_rsa_mod_exp		*p_cl_rsa_mod_exp 		 = NULL;
+static cl_rsa_priv_enc		*p_cl_rsa_priv_enc 		 = NULL;
+static cl_rsa_priv_dec		*p_cl_rsa_priv_dec 		 = NULL;
+static cl_rsa_pub_enc		*p_cl_rsa_pub_enc 		 = NULL;
+static cl_rsa_pub_dec		*p_cl_rsa_pub_dec 		 = NULL;
+static cl_rand_bytes		*p_cl_rand_bytes	 	 = NULL;
+static cl_dsa_sign		*p_cl_dsa_sign		 	 = NULL;
+static cl_dsa_verify		*p_cl_dsa_verify	 	 = NULL;
+
+
+int cluster_labs_init(ENGINE *e)
+	{
+
+	cl_engine_init			*p1;
+	cl_mod_exp			*p2;
+	cl_mod_exp_crt			*p3;
+	cl_rsa_mod_exp			*p4;
+	cl_rsa_priv_enc			*p5;
+	cl_rsa_priv_dec			*p6;	
+	cl_rsa_pub_enc			*p7;
+	cl_rsa_pub_dec			*p8;
+	cl_rand_bytes			*p20;
+	cl_dsa_sign			*p30;	
+	cl_dsa_verify			*p31;		
+	
+	/* engine already loaded */
+	if(cluster_labs_dso != NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_ALREADY_LOADED);
+		goto err;
+		}
+	/* try to load engine	 */	
+	cluster_labs_dso = DSO_load(NULL, CLUSTER_LABS_LIB_NAME, NULL,0);
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_DSO_FAILURE);
+		goto err;
+		}
+	/* bind functions */
+	if(	!(p1 = (cl_engine_init *)DSO_bind_func(
+				cluster_labs_dso, CLUSTER_LABS_F1)) ||
+		!(p2 = (cl_mod_exp *)DSO_bind_func(
+				cluster_labs_dso, CLUSTER_LABS_F2)) ||			
+		!(p3 = (cl_mod_exp_crt *)DSO_bind_func(
+				cluster_labs_dso, CLUSTER_LABS_F3)) ||				
+		!(p4 = (cl_rsa_mod_exp *)DSO_bind_func(
+				cluster_labs_dso, CLUSTER_LABS_F4)) ||				
+		!(p5 = (cl_rsa_priv_enc *)DSO_bind_func(
+				cluster_labs_dso, CLUSTER_LABS_F5)) ||
+		!(p6 = (cl_rsa_priv_dec *)DSO_bind_func(
+				cluster_labs_dso, CLUSTER_LABS_F6)) ||
+		!(p7 = (cl_rsa_pub_enc *)DSO_bind_func(
+				cluster_labs_dso, CLUSTER_LABS_F7)) ||
+		!(p8 = (cl_rsa_pub_dec *)DSO_bind_func(
+				cluster_labs_dso, CLUSTER_LABS_F8)) ||
+		!(p20= (cl_rand_bytes *)DSO_bind_func(
+				cluster_labs_dso, CLUSTER_LABS_F20)) ||
+		!(p30= (cl_dsa_sign *)DSO_bind_func(
+				cluster_labs_dso, CLUSTER_LABS_F30)) ||
+		!(p31= (cl_dsa_verify *)DSO_bind_func(
+				cluster_labs_dso, CLUSTER_LABS_F31)))
+		{
+		CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_DSO_FAILURE);
+		goto err;
+		}
+		
+	/* copy function pointers */
+	p_cl_engine_init		= p1;
+	p_cl_mod_exp			= p2;
+	p_cl_mod_exp_crt		= p3;	
+	p_cl_rsa_mod_exp 		= p4;
+	p_cl_rsa_priv_enc	 	= p5;
+	p_cl_rsa_priv_dec	 	= p6;
+	p_cl_rsa_pub_enc	 	= p7;
+	p_cl_rsa_pub_dec	 	= p8;
+	p_cl_rand_bytes			= p20;	
+	p_cl_dsa_sign			= p30;
+	p_cl_dsa_verify			= p31;	
+	
+	
+	
+	/* cluster labs engine init */
+	if(p_cl_engine_init()== 0){
+		CLerr(CL_F_CLUSTER_LABS_INIT,CL_R_INIT_FAILED);		
+		goto err;
+	}
+
+	return(1);
+
+err:	
+	/* reset all pointers */
+	if(cluster_labs_dso)
+		DSO_free(cluster_labs_dso);
+
+	cluster_labs_dso		= NULL;
+	p_cl_engine_init		= NULL;	
+	p_cl_mod_exp			= NULL;
+	p_cl_mod_exp_crt		= NULL;
+	p_cl_rsa_mod_exp		= NULL;
+	p_cl_rsa_priv_enc		= NULL;
+	p_cl_rsa_priv_dec		= NULL;	
+	p_cl_rsa_pub_enc		= NULL;
+	p_cl_rsa_pub_dec		= NULL;	
+	p_cl_rand_bytes			= NULL;	
+	p_cl_dsa_sign			= NULL;
+	p_cl_dsa_verify			= NULL;	
+	
+	return(0);
+	}
+	
+
+static int cluster_labs_finish(ENGINE *e)
+	{
+
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_FINISH,CL_R_NOT_LOADED);
+		return 0;
+		}
+	if(!DSO_free(cluster_labs_dso))
+		{
+		CLerr(CL_F_CLUSTER_LABS_FINISH,CL_R_DSO_FAILURE);
+		return 0;
+		}
+		
+	cluster_labs_dso 		= NULL;
+	p_cl_engine_init		= NULL;		
+	p_cl_mod_exp			= NULL;
+	p_cl_rsa_mod_exp		= NULL;	
+	p_cl_mod_exp_crt		= NULL;	
+	p_cl_rsa_priv_enc		= NULL;	
+	p_cl_rsa_priv_dec		= NULL;	
+	p_cl_rsa_pub_enc		= NULL;
+	p_cl_rsa_pub_dec		= NULL;	
+	p_cl_rand_bytes			= NULL;		
+	p_cl_dsa_sign			= NULL;
+	p_cl_dsa_verify			= NULL;	
+	
+	return(1);	
+	
+	}
+	
+static int cluster_labs_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+	{
+	int initialised = ((cluster_labs_dso == NULL) ? 0 : 1);
+
+	switch(cmd)
+		{
+	case CLUSTER_LABS_CMD_SO_PATH:
+		if(p == NULL)
+			{
+			CLerr(CL_F_CLUSTER_LABS_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+			return 0;
+			}
+		if(initialised)
+			{
+			CLerr(CL_F_CLUSTER_LABS_CTRL,CL_R_ALREADY_LOADED);
+			return 0;
+			}
+		CLUSTER_LABS_LIB_NAME = (const char *)p;
+		return 1;
+	default:
+		break;
+		}
+	CLerr(CL_F_CLUSTER_LABS_CTRL,CL_R_COMMAND_NOT_IMPLEMENTED);
+	return 0;
+	}
+	
+
+static int cluster_labs_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx)
+	{
+
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_MOD_EXP,CL_R_NOT_LOADED);
+		return 0;
+		}	
+	if(p_cl_mod_exp == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_MOD_EXP,CL_R_FUNCTION_NOT_BINDED);
+		return 0;
+		}
+
+	return	p_cl_mod_exp(r, a, p, m, ctx);
+
+	}
+	
+static int cluster_labs_mod_exp_crt(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
+		const BIGNUM *iqmp, BN_CTX *ctx)
+	{
+
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT,CL_R_NOT_LOADED);		
+		return 0;
+		}
+	if(p_cl_mod_exp_crt == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_MOD_EXP_CRT,CL_R_FUNCTION_NOT_BINDED);		
+		return 0;
+		}
+	
+	return	p_cl_mod_exp_crt(r, a, p, q,dmp1, dmq1, iqmp, ctx);
+	
+	}
+	
+static int cluster_labs_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+	{
+
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP,CL_R_NOT_LOADED);		
+		return 0;
+		}
+	if(p_cl_rsa_mod_exp == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RSA_MOD_EXP,CL_R_FUNCTION_NOT_BINDED);				
+		return 0;
+		}
+
+	return p_cl_rsa_mod_exp(r0, I, rsa);
+
+	}
+	
+DSA_SIG *cluster_labs_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+	{
+
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_DSA_SIGN,CL_R_NOT_LOADED);		
+		return 0;
+		}
+	if(p_cl_dsa_sign == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_DSA_SIGN,CL_R_FUNCTION_NOT_BINDED);				
+		return 0;
+		}
+
+	return p_cl_dsa_sign(dgst, dlen, dsa);
+	
+	}
+	
+static int cluster_labs_dsa_verify(const unsigned char *dgst, int dgst_len,
+				DSA_SIG *sig, DSA *dsa)
+	{
+
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY,CL_R_NOT_LOADED);		
+		return 0;
+		}
+	
+	if(p_cl_dsa_verify == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_DSA_VERIFY,CL_R_FUNCTION_NOT_BINDED);				
+		return 0;
+		}
+
+	return p_cl_dsa_verify(dgst, dgst_len, sig, dsa);
+	
+	}			
+
+static int cluster_labs_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+		BN_CTX *ctx, BN_MONT_CTX *in_mont)
+	{
+	BIGNUM t;
+	int status = 0;
+		
+	BN_init(&t);
+	/* let rr = a1 ^ p1 mod m */
+	if (!cluster_labs_mod_exp(rr,a1,p1,m,ctx)) goto end;
+	/* let t = a2 ^ p2 mod m */
+	if (!cluster_labs_mod_exp(&t,a2,p2,m,ctx)) goto end;
+	/* let rr = rr * t mod m */
+	if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
+	status = 1;
+end:
+	BN_free(&t);
+	
+	return(1);
+
+	}
+
+static int cluster_labs_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx)
+	{
+	return 	cluster_labs_mod_exp(r, a, p, m, ctx);
+	}
+	
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int cluster_labs_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	return	cluster_labs_mod_exp(r, a, p, m, ctx);
+	}
+	
+
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int cluster_labs_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	return 	cluster_labs_mod_exp(r, a, p, m, ctx);
+	}
+
+
+static int cluster_labs_rsa_pub_enc(int flen, const unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding)
+	{
+
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC,CL_R_NOT_LOADED);		
+		return 0;
+		}
+	if(p_cl_rsa_priv_enc == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RSA_PUB_ENC,CL_R_FUNCTION_NOT_BINDED);				
+		return 0;
+		}
+		
+	return 	p_cl_rsa_pub_enc(flen, from, to, rsa, padding);
+	
+	}  
+	     
+static int cluster_labs_rsa_pub_dec(int flen, const unsigned char *from,
+	     unsigned char *to, RSA *rsa, int padding)
+	{
+
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC,CL_R_NOT_LOADED);		
+		return 0;
+		}
+	if(p_cl_rsa_priv_enc == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RSA_PUB_DEC,CL_R_FUNCTION_NOT_BINDED);				
+		return 0;
+		}
+		
+	return 	p_cl_rsa_pub_dec(flen, from, to, rsa, padding);
+	
+	}  
+
+
+static int cluster_labs_rsa_priv_enc(int flen, const unsigned char *from, 
+		unsigned char *to, RSA *rsa, int padding)
+	{
+
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC,CL_R_NOT_LOADED);		
+		return 0;
+		}
+
+	if(p_cl_rsa_priv_enc == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_ENC,CL_R_FUNCTION_NOT_BINDED);				
+		return 0;
+		}
+		
+	return 	p_cl_rsa_priv_enc(flen, from, to, rsa, padding);
+	
+	}  
+
+static int cluster_labs_rsa_priv_dec(int flen, const unsigned char *from, 
+		unsigned char *to, RSA *rsa, int padding)
+	{
+	
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC,CL_R_NOT_LOADED);		
+		return 0;
+		}
+	if(p_cl_rsa_priv_dec == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RSA_PRIV_DEC,CL_R_FUNCTION_NOT_BINDED);				
+		return 0;
+		}
+
+	return 	p_cl_rsa_priv_dec(flen, from, to, rsa, padding);
+		
+	}  
+
+/************************************************************************************
+* Symmetric algorithms
+************************************************************************************/
+/* this will be come soon! */
+
+/************************************************************************************
+* Random generator
+************************************************************************************/
+
+static int cluster_labs_rand_bytes(unsigned char *buf, int num){
+
+	if(cluster_labs_dso == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RAND_BYTES,CL_R_NOT_LOADED);		
+		return 0;
+		}
+	if(p_cl_mod_exp_crt == NULL)
+		{
+		CLerr(CL_F_CLUSTER_LABS_RAND_BYTES,CL_R_FUNCTION_NOT_BINDED);				
+		return 0;
+		}
+
+	return 	p_cl_rand_bytes(buf, num);
+
+}
+
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+	{
+	fprintf(stderr, "bind_fn CLUSTER_LABS\n");
+	if(id && (strcmp(id, engine_cluster_labs_id) != 0)) {
+		fprintf(stderr, "bind_fn return(0) first\n");
+		return 0;
+		}
+	if(!bind_helper(e)) {
+		fprintf(stderr, "bind_fn return(1) first\n");
+		return 0;
+		}
+	fprintf(stderr, "bind_fn return(1)\n");		
+	return 1;
+	}
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+						
+#endif /* !NO_HW_CLUSTER_LABS */
+#endif /* !NO_HW */
+
diff --git a/demos/engines/cluster_labs/hw_cluster_labs.ec b/demos/engines/cluster_labs/hw_cluster_labs.ec
new file mode 100644
index 0000000000..1f64786542
--- /dev/null
+++ b/demos/engines/cluster_labs/hw_cluster_labs.ec
@@ -0,0 +1,8 @@
+# configuration file for util/mkerr.pl
+#
+# use like this:
+#
+#	perl ../../../util/mkerr.pl -conf hw_cluster_labs.ec \
+#		-nostatic -staticloader -write *.c
+
+L CL		hw_cluster_labs_err.h		hw_cluster_labs_err.c
diff --git a/demos/engines/cluster_labs/hw_cluster_labs_err.c b/demos/engines/cluster_labs/hw_cluster_labs_err.c
new file mode 100644
index 0000000000..a7fa4083b1
--- /dev/null
+++ b/demos/engines/cluster_labs/hw_cluster_labs_err.c
@@ -0,0 +1,151 @@
+/* hw_cluster_labs_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_cluster_labs_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA CL_str_functs[]=
+	{
+{ERR_PACK(0,CL_F_CLUSTER_LABS_CTRL,0),	"CLUSTER_LABS_CTRL"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_DSA_SIGN,0),	"CLUSTER_LABS_DSA_SIGN"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_DSA_VERIFY,0),	"CLUSTER_LABS_DSA_VERIFY"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_FINISH,0),	"CLUSTER_LABS_FINISH"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_INIT,0),	"CLUSTER_LABS_INIT"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_MOD_EXP,0),	"CLUSTER_LABS_MOD_EXP"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_MOD_EXP_CRT,0),	"CLUSTER_LABS_MOD_EXP_CRT"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_RAND_BYTES,0),	"CLUSTER_LABS_RAND_BYTES"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_MOD_EXP,0),	"CLUSTER_LABS_RSA_MOD_EXP"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PRIV_DEC,0),	"CLUSTER_LABS_RSA_PRIV_DEC"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PRIV_ENC,0),	"CLUSTER_LABS_RSA_PRIV_ENC"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PUB_DEC,0),	"CLUSTER_LABS_RSA_PUB_DEC"},
+{ERR_PACK(0,CL_F_CLUSTER_LABS_RSA_PUB_ENC,0),	"CLUSTER_LABS_RSA_PUB_ENC"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA CL_str_reasons[]=
+	{
+{CL_R_ALREADY_LOADED                     ,"already loaded"},
+{CL_R_COMMAND_NOT_IMPLEMENTED            ,"command not implemented"},
+{CL_R_DSO_FAILURE                        ,"dso failure"},
+{CL_R_FUNCTION_NOT_BINDED                ,"function not binded"},
+{CL_R_INIT_FAILED                        ,"init failed"},
+{CL_R_NOT_LOADED                         ,"not loaded"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef CL_LIB_NAME
+static ERR_STRING_DATA CL_lib_name[]=
+        {
+{0	,CL_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int CL_lib_error_code=0;
+static int CL_error_init=1;
+
+static void ERR_load_CL_strings(void)
+	{
+	if (CL_lib_error_code == 0)
+		CL_lib_error_code=ERR_get_next_error_library();
+
+	if (CL_error_init)
+		{
+		CL_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(CL_lib_error_code,CL_str_functs);
+		ERR_load_strings(CL_lib_error_code,CL_str_reasons);
+#endif
+
+#ifdef CL_LIB_NAME
+		CL_lib_name->error = ERR_PACK(CL_lib_error_code,0,0);
+		ERR_load_strings(0,CL_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_CL_strings(void)
+	{
+	if (CL_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(CL_lib_error_code,CL_str_functs);
+		ERR_unload_strings(CL_lib_error_code,CL_str_reasons);
+#endif
+
+#ifdef CL_LIB_NAME
+		ERR_unload_strings(0,CL_lib_name);
+#endif
+		CL_error_init=1;
+		}
+	}
+
+static void ERR_CL_error(int function, int reason, char *file, int line)
+	{
+	if (CL_lib_error_code == 0)
+		CL_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(CL_lib_error_code,function,reason,file,line);
+	}
diff --git a/demos/engines/cluster_labs/hw_cluster_labs_err.h b/demos/engines/cluster_labs/hw_cluster_labs_err.h
new file mode 100644
index 0000000000..afc175b133
--- /dev/null
+++ b/demos/engines/cluster_labs/hw_cluster_labs_err.h
@@ -0,0 +1,95 @@
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_CL_ERR_H
+#define HEADER_CL_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_CL_strings(void);
+static void ERR_unload_CL_strings(void);
+static void ERR_CL_error(int function, int reason, char *file, int line);
+#define CLerr(f,r) ERR_CL_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the CL functions. */
+
+/* Function codes. */
+#define CL_F_CLUSTER_LABS_CTRL				 100
+#define CL_F_CLUSTER_LABS_DSA_SIGN			 101
+#define CL_F_CLUSTER_LABS_DSA_VERIFY			 102
+#define CL_F_CLUSTER_LABS_FINISH			 103
+#define CL_F_CLUSTER_LABS_INIT				 104
+#define CL_F_CLUSTER_LABS_MOD_EXP			 105
+#define CL_F_CLUSTER_LABS_MOD_EXP_CRT			 106
+#define CL_F_CLUSTER_LABS_RAND_BYTES			 107
+#define CL_F_CLUSTER_LABS_RSA_MOD_EXP			 108
+#define CL_F_CLUSTER_LABS_RSA_PRIV_DEC			 109
+#define CL_F_CLUSTER_LABS_RSA_PRIV_ENC			 110
+#define CL_F_CLUSTER_LABS_RSA_PUB_DEC			 111
+#define CL_F_CLUSTER_LABS_RSA_PUB_ENC			 112
+
+/* Reason codes. */
+#define CL_R_ALREADY_LOADED				 100
+#define CL_R_COMMAND_NOT_IMPLEMENTED			 101
+#define CL_R_DSO_FAILURE				 102
+#define CL_R_FUNCTION_NOT_BINDED			 103
+#define CL_R_INIT_FAILED				 104
+#define CL_R_NOT_LOADED					 105
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/demos/engines/ibmca/.cvsignore b/demos/engines/ibmca/.cvsignore
new file mode 100644
index 0000000000..594223d400
--- /dev/null
+++ b/demos/engines/ibmca/.cvsignore
@@ -0,0 +1,4 @@
+*.exp
+*.so
+*.so.*
+*.a
diff --git a/demos/engines/ibmca/Makefile b/demos/engines/ibmca/Makefile
new file mode 100644
index 0000000000..72f3546359
--- /dev/null
+++ b/demos/engines/ibmca/Makefile
@@ -0,0 +1,114 @@
+LIBNAME=	libibmca
+SRC=		hw_ibmca.c
+OBJ=		hw_ibmca.o
+HEADER=		hw_ibmca.h
+
+CC=		gcc
+PIC=		-fPIC
+CFLAGS=		-g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
+AR=		ar r
+RANLIB=		ranlib
+
+LIB=		$(LIBNAME).a
+SHLIB=		$(LIBNAME).so
+
+all:
+		@echo 'Please choose a system to build on:'
+		@echo ''
+		@echo 'tru64:    Tru64 Unix, Digital Unix, Digital OSF/1'
+		@echo 'solaris:  Solaris'
+		@echo 'irix:     IRIX'
+		@echo 'hpux32:   32-bit HP/UX'
+		@echo 'hpux64:   64-bit HP/UX'
+		@echo 'aix:      AIX'
+		@echo 'gnu:      Generic GNU-based system (gcc and GNU ld)'
+		@echo ''
+
+FORCE.update:
+update:		FORCE.update
+		perl ../../../util/mkerr.pl -conf hw_ibmca.ec \
+			-nostatic -staticloader -write hw_ibmca.c
+
+gnu:		$(SHLIB).gnu
+tru64:		$(SHLIB).tru64
+solaris:	$(SHLIB).solaris
+irix:		$(SHLIB).irix
+hpux32:		$(SHLIB).hpux32
+hpux64:		$(SHLIB).hpux64
+aix:		$(SHLIB).aix
+
+$(LIB):		$(OBJ)
+		$(AR) $(LIB) $(OBJ)
+		- $(RANLIB) $(LIB)
+
+LINK_SO=	\
+  ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
+  (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
+   $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
+
+$(SHLIB).gnu:	$(LIB)
+		ALLSYMSFLAGS='--whole-archive' \
+		SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).gnu
+$(SHLIB).tru64:	$(LIB)
+		ALLSYMSFLAGS='-all' \
+		SHAREDFLAGS='-shared' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).tru64
+$(SHLIB).solaris:	$(LIB)
+		ALLSYMSFLAGS='-z allextract' \
+		SHAREDFLAGS='-G -h $(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).solaris
+$(SHLIB).irix:	$(LIB)
+		ALLSYMSFLAGS='-all' \
+		SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).irix
+$(SHLIB).hpux32:	$(LIB)
+		ALLSYMSFLAGS='-Fl' \
+		SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
+		SHAREDCMD='/usr/ccs/bin/ld'; \
+		$(LINK_SO)
+		touch $(SHLIB).hpux32
+$(SHLIB).hpux64:	$(LIB)
+		ALLSYMSFLAGS='+forceload' \
+		SHAREDFLAGS='-b -z +h $(SHLIB)' \
+		SHAREDCMD='/usr/ccs/bin/ld'; \
+		$(LINK_SO)
+		touch $(SHLIB).hpux64
+$(SHLIB).aix:	$(LIB)
+		ALLSYMSFLAGS='-bnogc' \
+		SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).aix
+
+depend:
+		sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
+		echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
+		gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
+		perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
+		rm -f Makefile.tmp Makefile
+		mv Makefile.new Makefile
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
+rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
+rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
+rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
+rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
+rsaref.o: ../../../include/openssl/opensslconf.h
+rsaref.o: ../../../include/openssl/opensslv.h
+rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
+rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
+rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
+rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
+rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
+rsaref.o: source/rsaref.h
diff --git a/demos/engines/ibmca/hw_ibmca.c b/demos/engines/ibmca/hw_ibmca.c
new file mode 100644
index 0000000000..881b16a7cb
--- /dev/null
+++ b/demos/engines/ibmca/hw_ibmca.c
@@ -0,0 +1,917 @@
+/* crypto/engine/hw_ibmca.c */

+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL

+ * project 2000.

+ */

+/* ====================================================================

+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.

+ *

+ * Redistribution and use in source and binary forms, with or without

+ * modification, are permitted provided that the following conditions

+ * are met:

+ *

+ * 1. Redistributions of source code must retain the above copyright

+ *    notice, this list of conditions and the following disclaimer.

+ *

+ * 2. Redistributions in binary form must reproduce the above copyright

+ *    notice, this list of conditions and the following disclaimer in

+ *    the documentation and/or other materials provided with the

+ *    distribution.

+ *

+ * 3. All advertising materials mentioning features or use of this

+ *    software must display the following acknowledgment:

+ *    "This product includes software developed by the OpenSSL Project

+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

+ *

+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

+ *    endorse or promote products derived from this software without

+ *    prior written permission. For written permission, please contact

+ *    licensing@OpenSSL.org.

+ *

+ * 5. Products derived from this software may not be called "OpenSSL"

+ *    nor may "OpenSSL" appear in their names without prior written

+ *    permission of the OpenSSL Project.

+ *

+ * 6. Redistributions of any form whatsoever must retain the following

+ *    acknowledgment:

+ *    "This product includes software developed by the OpenSSL Project

+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

+ *

+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

+ * OF THE POSSIBILITY OF SUCH DAMAGE.

+ * ====================================================================

+ *

+ * This product includes cryptographic software written by Eric Young

+ * (eay@cryptsoft.com).  This product includes software written by Tim

+ * Hudson (tjh@cryptsoft.com).

+ *

+ */

+

+/* (C) COPYRIGHT International Business Machines Corp. 2001 */

+

+#include <stdio.h>

+#include <openssl/crypto.h>

+#include <openssl/dso.h>

+#include <openssl/engine.h>

+

+#ifndef OPENSSL_NO_HW

+#ifndef OPENSSL_NO_HW_IBMCA

+

+#ifdef FLAT_INC

+#include "ica_openssl_api.h"

+#else

+#include "vendor_defns/ica_openssl_api.h"

+#endif

+

+#define IBMCA_LIB_NAME "ibmca engine"

+#include "hw_ibmca_err.c"

+

+static int ibmca_destroy(ENGINE *e);

+static int ibmca_init(ENGINE *e);

+static int ibmca_finish(ENGINE *e);

+static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());

+

+static const char *IBMCA_F1 = "icaOpenAdapter";

+static const char *IBMCA_F2 = "icaCloseAdapter";

+static const char *IBMCA_F3 = "icaRsaModExpo";

+static const char *IBMCA_F4 = "icaRandomNumberGenerate";

+static const char *IBMCA_F5 = "icaRsaCrt";

+

+ICA_ADAPTER_HANDLE handle=0;

+

+/* BIGNUM stuff */

+static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

+        const BIGNUM *m, BN_CTX *ctx);

+

+static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

+        const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,

+        const BIGNUM *iqmp, BN_CTX *ctx);

+

+#ifndef OPENSSL_NO_RSA  

+/* RSA stuff */

+static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);

+#endif

+

+/* This function is aliased to mod_exp (with the mont stuff dropped). */

+static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

+        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

+

+#ifndef OPENSSL_NO_DSA 

+/* DSA stuff */

+static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,

+        BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,

+        BN_CTX *ctx, BN_MONT_CTX *in_mont);

+static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,

+        const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

+        BN_MONT_CTX *m_ctx);

+#endif

+

+#ifndef OPENSSL_NO_DH 

+/* DH stuff */

+/* This function is alised to mod_exp (with the DH and mont dropped). */

+static int ibmca_mod_exp_dh(const DH *dh, BIGNUM *r, 

+	const BIGNUM *a, const BIGNUM *p,

+	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);

+#endif

+

+/* RAND stuff */

+static int ibmca_rand_bytes(unsigned char *buf, int num);

+static int ibmca_rand_status(void);

+

+

+/* WJH - check for more commands, like in nuron */

+

+/* The definitions for control commands specific to this engine */

+#define IBMCA_CMD_SO_PATH		ENGINE_CMD_BASE

+static const ENGINE_CMD_DEFN ibmca_cmd_defns[] = {

+	{IBMCA_CMD_SO_PATH,

+		"SO_PATH",

+		"Specifies the path to the 'atasi' shared library",

+		ENGINE_CMD_FLAG_STRING},

+	{0, NULL, NULL, 0}

+	};

+

+#ifndef OPENSSL_NO_RSA  

+/* Our internal RSA_METHOD that we provide pointers to */

+static RSA_METHOD ibmca_rsa =

+        {

+        "Ibmca RSA method",

+        NULL,

+        NULL,

+        NULL,

+        NULL,

+        ibmca_rsa_mod_exp,

+        ibmca_mod_exp_mont,

+        NULL,

+        NULL,

+        0,

+        NULL,

+        NULL,

+        NULL

+        };

+#endif

+

+#ifndef OPENSSL_NO_DSA

+/* Our internal DSA_METHOD that we provide pointers to */

+static DSA_METHOD ibmca_dsa =

+        {

+        "Ibmca DSA method",

+        NULL, /* dsa_do_sign */

+        NULL, /* dsa_sign_setup */

+        NULL, /* dsa_do_verify */

+        ibmca_dsa_mod_exp, /* dsa_mod_exp */

+        ibmca_mod_exp_dsa, /* bn_mod_exp */

+        NULL, /* init */

+        NULL, /* finish */

+        0, /* flags */

+        NULL /* app_data */

+        };

+#endif

+

+#ifndef OPENSSL_NO_DH

+/* Our internal DH_METHOD that we provide pointers to */

+static DH_METHOD ibmca_dh =

+        {

+        "Ibmca DH method",

+        NULL,

+        NULL,

+        ibmca_mod_exp_dh,

+        NULL,

+        NULL,

+        0,

+        NULL

+        };

+#endif

+

+static RAND_METHOD ibmca_rand =

+        {

+        /* "IBMCA RAND method", */

+        NULL,

+        ibmca_rand_bytes,

+        NULL,

+        NULL,

+        ibmca_rand_bytes,

+        ibmca_rand_status,

+        };

+

+/* Constants used when creating the ENGINE */

+static const char *engine_ibmca_id = "ibmca";

+static const char *engine_ibmca_name = "Ibmca hardware engine support";

+

+/* This internal function is used by ENGINE_ibmca() and possibly by the

+ * "dynamic" ENGINE support too */

+static int bind_helper(ENGINE *e)

+	{

+#ifndef OPENSSL_NO_RSA

+	const RSA_METHOD *meth1;

+#endif

+#ifndef OPENSSL_NO_DSA

+	const DSA_METHOD *meth2;

+#endif

+#ifndef OPENSSL_NO_DH

+	const DH_METHOD *meth3;

+#endif

+	if(!ENGINE_set_id(e, engine_ibmca_id) ||

+		!ENGINE_set_name(e, engine_ibmca_name) ||

+#ifndef OPENSSL_NO_RSA

+		!ENGINE_set_RSA(e, &ibmca_rsa) ||

+#endif

+#ifndef OPENSSL_NO_DSA

+		!ENGINE_set_DSA(e, &ibmca_dsa) ||

+#endif

+#ifndef OPENSSL_NO_DH

+		!ENGINE_set_DH(e, &ibmca_dh) ||

+#endif

+		!ENGINE_set_RAND(e, &ibmca_rand) ||

+		!ENGINE_set_destroy_function(e, ibmca_destroy) ||

+		!ENGINE_set_init_function(e, ibmca_init) ||

+		!ENGINE_set_finish_function(e, ibmca_finish) ||

+		!ENGINE_set_ctrl_function(e, ibmca_ctrl) ||

+		!ENGINE_set_cmd_defns(e, ibmca_cmd_defns))

+		return 0;

+

+#ifndef OPENSSL_NO_RSA

+	/* We know that the "PKCS1_SSLeay()" functions hook properly

+	 * to the ibmca-specific mod_exp and mod_exp_crt so we use

+	 * those functions. NB: We don't use ENGINE_openssl() or

+	 * anything "more generic" because something like the RSAref

+	 * code may not hook properly, and if you own one of these

+	 * cards then you have the right to do RSA operations on it

+	 * anyway! */ 

+	meth1 = RSA_PKCS1_SSLeay();

+	ibmca_rsa.rsa_pub_enc = meth1->rsa_pub_enc;

+	ibmca_rsa.rsa_pub_dec = meth1->rsa_pub_dec;

+	ibmca_rsa.rsa_priv_enc = meth1->rsa_priv_enc;

+	ibmca_rsa.rsa_priv_dec = meth1->rsa_priv_dec;

+#endif

+

+#ifndef OPENSSL_NO_DSA

+	/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish

+	 * bits. */

+	meth2 = DSA_OpenSSL();

+	ibmca_dsa.dsa_do_sign = meth2->dsa_do_sign;

+	ibmca_dsa.dsa_sign_setup = meth2->dsa_sign_setup;

+	ibmca_dsa.dsa_do_verify = meth2->dsa_do_verify;

+#endif

+

+#ifndef OPENSSL_NO_DH

+	/* Much the same for Diffie-Hellman */

+	meth3 = DH_OpenSSL();

+	ibmca_dh.generate_key = meth3->generate_key;

+	ibmca_dh.compute_key = meth3->compute_key;

+#endif

+

+	/* Ensure the ibmca error handling is set up */

+	ERR_load_IBMCA_strings(); 

+	return 1;

+	}

+

+static ENGINE *engine_ibmca(void)

+	{

+	ENGINE *ret = ENGINE_new();

+	if(!ret)

+		return NULL;

+	if(!bind_helper(ret))

+		{

+		ENGINE_free(ret);

+		return NULL;

+		}

+	return ret;

+	}

+

+void ENGINE_load_ibmca(void)

+	{

+	/* Copied from eng_[openssl|dyn].c */

+	ENGINE *toadd = engine_ibmca();

+	if(!toadd) return;

+	ENGINE_add(toadd);

+	ENGINE_free(toadd);

+	ERR_clear_error();

+	}

+

+/* Destructor (complements the "ENGINE_ibmca()" constructor) */

+static int ibmca_destroy(ENGINE *e)

+	{

+	/* Unload the ibmca error strings so any error state including our

+	 * functs or reasons won't lead to a segfault (they simply get displayed

+	 * without corresponding string data because none will be found). */

+        ERR_unload_IBMCA_strings(); 

+	return 1;

+	}

+

+

+/* This is a process-global DSO handle used for loading and unloading

+ * the Ibmca library. NB: This is only set (or unset) during an

+ * init() or finish() call (reference counts permitting) and they're

+ * operating with global locks, so this should be thread-safe

+ * implicitly. */

+

+static DSO *ibmca_dso = NULL;

+

+/* These are the function pointers that are (un)set when the library has

+ * successfully (un)loaded. */

+

+static unsigned int    (ICA_CALL *p_icaOpenAdapter)();

+static unsigned int    (ICA_CALL *p_icaCloseAdapter)();

+static unsigned int    (ICA_CALL *p_icaRsaModExpo)();

+static unsigned int    (ICA_CALL *p_icaRandomNumberGenerate)();

+static unsigned int    (ICA_CALL *p_icaRsaCrt)();

+

+/* utility function to obtain a context */

+static int get_context(ICA_ADAPTER_HANDLE *p_handle)

+        {

+        unsigned int status=0;

+

+        status = p_icaOpenAdapter(0, p_handle);

+        if(status != 0)

+                return 0;

+        return 1;

+        }

+

+/* similarly to release one. */

+static void release_context(ICA_ADAPTER_HANDLE handle)

+        {

+        p_icaCloseAdapter(handle);

+        }

+

+/* (de)initialisation functions. */

+static int ibmca_init(ENGINE *e)

+        {

+

+        void          (*p1)();

+        void          (*p2)();

+        void          (*p3)();

+        void          (*p4)();

+        void          (*p5)();

+

+        if(ibmca_dso != NULL)

+                {

+                IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_ALREADY_LOADED);

+                goto err;

+                }

+        /* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be

+         * changed unfortunately because the Ibmca drivers don't have

+         * standard library names that can be platform-translated well. */

+        /* TODO: Work out how to actually map to the names the Ibmca

+         * drivers really use - for now a symbollic link needs to be

+         * created on the host system from libatasi.so to atasi.so on

+         * unix variants. */

+

+	/* WJH XXX check name translation */

+

+        ibmca_dso = DSO_load(NULL, IBMCA_LIBNAME, NULL,

+			     /* DSO_FLAG_NAME_TRANSLATION */ 0);

+        if(ibmca_dso == NULL)

+                {

+                IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_DSO_FAILURE);

+                goto err;

+                }

+

+        if(!(p1 = DSO_bind_func(

+                ibmca_dso, IBMCA_F1)) ||

+                !(p2 = DSO_bind_func(

+                        ibmca_dso, IBMCA_F2)) ||

+                !(p3 = DSO_bind_func(

+                        ibmca_dso, IBMCA_F3)) ||

+                !(p4 = DSO_bind_func(

+                        ibmca_dso, IBMCA_F4)) ||

+                !(p5 = DSO_bind_func(

+                        ibmca_dso, IBMCA_F5)))

+                {

+                IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_DSO_FAILURE);

+                goto err;

+                }

+

+        /* Copy the pointers */

+

+	p_icaOpenAdapter =           (unsigned int (ICA_CALL *)())p1;

+	p_icaCloseAdapter =          (unsigned int (ICA_CALL *)())p2;

+	p_icaRsaModExpo =            (unsigned int (ICA_CALL *)())p3;

+	p_icaRandomNumberGenerate =  (unsigned int (ICA_CALL *)())p4;

+	p_icaRsaCrt =                (unsigned int (ICA_CALL *)())p5;

+

+        if(!get_context(&handle))

+                {

+                IBMCAerr(IBMCA_F_IBMCA_INIT,IBMCA_R_UNIT_FAILURE);

+                goto err;

+                }

+

+        return 1;

+ err:

+        if(ibmca_dso)

+                DSO_free(ibmca_dso);

+

+        p_icaOpenAdapter = NULL;

+        p_icaCloseAdapter = NULL;

+        p_icaRsaModExpo = NULL;

+        p_icaRandomNumberGenerate = NULL;

+

+        return 0;

+        }

+

+static int ibmca_finish(ENGINE *e)

+        {

+        if(ibmca_dso == NULL)

+                {

+                IBMCAerr(IBMCA_F_IBMCA_FINISH,IBMCA_R_NOT_LOADED);

+                return 0;

+                }

+        release_context(handle);

+        if(!DSO_free(ibmca_dso))

+                {

+                IBMCAerr(IBMCA_F_IBMCA_FINISH,IBMCA_R_DSO_FAILURE);

+                return 0;

+                }

+        ibmca_dso = NULL;

+

+        return 1;

+        }

+

+static int ibmca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())

+	{

+	int initialised = ((ibmca_dso == NULL) ? 0 : 1);

+	switch(cmd)

+		{

+	case IBMCA_CMD_SO_PATH:

+		if(p == NULL)

+			{

+			IBMCAerr(IBMCA_F_IBMCA_CTRL,ERR_R_PASSED_NULL_PARAMETER);

+			return 0;

+			}

+		if(initialised)

+			{

+			IBMCAerr(IBMCA_F_IBMCA_CTRL,IBMCA_R_ALREADY_LOADED);

+			return 0;

+			}

+		IBMCA_LIBNAME = (const char *)p;

+		return 1;

+	default:

+		break;

+		}

+	IBMCAerr(IBMCA_F_IBMCA_CTRL,IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED);

+	return 0;

+	}

+

+

+static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

+        const BIGNUM *m, BN_CTX *ctx)

+        {

+        /* I need somewhere to store temporary serialised values for

+         * use with the Ibmca API calls. A neat cheat - I'll use

+         * BIGNUMs from the BN_CTX but access their arrays directly as

+         * byte arrays <grin>. This way I don't have to clean anything

+         * up. */

+

+        BIGNUM *argument=NULL;

+        BIGNUM *result=NULL;

+        BIGNUM *key=NULL;

+        int to_return;

+	int inLen, outLen, tmpLen;

+

+

+        ICA_KEY_RSA_MODEXPO *publKey=NULL;

+        unsigned int rc;

+

+        to_return = 0; /* expect failure */

+

+        if(!ibmca_dso)

+                {

+                IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_NOT_LOADED);

+                goto err;

+                }

+        /* Prepare the params */

+	BN_CTX_start(ctx);

+        argument = BN_CTX_get(ctx);

+        result = BN_CTX_get(ctx);

+        key = BN_CTX_get(ctx);

+

+        if( !argument || !result || !key)

+                {

+                IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_BN_CTX_FULL);

+                goto err;

+                }

+

+

+	if(!bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top) ||

+                !bn_wexpand(key, sizeof(*publKey)/BN_BYTES))

+

+                {

+                IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_BN_EXPAND_FAIL);

+                goto err;

+                }

+

+        publKey = (ICA_KEY_RSA_MODEXPO *)key->d;

+

+        if (publKey == NULL)

+                {

+                goto err;

+                }

+        memset(publKey, 0, sizeof(ICA_KEY_RSA_MODEXPO));

+

+        publKey->keyType   =  CORRECT_ENDIANNESS(ME_KEY_TYPE);

+        publKey->keyLength =  CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_MODEXPO));

+        publKey->expOffset =  (char *) publKey->keyRecord - (char *) publKey;

+

+        /* A quirk of the card: the exponent length has to be the same

+     as the modulus (key) length */

+

+	outLen = BN_num_bytes(m);

+

+/* check for modulus length SAB*/

+	if (outLen > 256 ) {

+		IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_MEXP_LENGTH_TO_LARGE);

+		goto err;

+	}

+/* check for modulus length SAB*/

+

+

+	publKey->expLength = publKey->nLength = outLen;

+/* SAB Check for underflow condition

+    the size of the exponent is less than the size of the parameter

+    then we have a big problem and will underflow the keyRecord

+   buffer.  Bad stuff could happen then

+*/

+if (outLen < BN_num_bytes(p)){

+	IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_UNDERFLOW_KEYRECORD);

+	goto err;

+}

+/* SAB End check for underflow */

+

+

+        BN_bn2bin(p, &publKey->keyRecord[publKey->expLength -

+                BN_num_bytes(p)]);

+        BN_bn2bin(m, &publKey->keyRecord[publKey->expLength]);

+

+

+

+        publKey->modulusBitLength = CORRECT_ENDIANNESS(publKey->nLength * 8);

+        publKey->nOffset   = CORRECT_ENDIANNESS(publKey->expOffset + 

+						publKey->expLength);

+

+        publKey->expOffset = CORRECT_ENDIANNESS((char *) publKey->keyRecord - 

+						(char *) publKey);

+

+	tmpLen = outLen;

+	publKey->expLength = publKey->nLength = CORRECT_ENDIANNESS(tmpLen);

+

+  /* Prepare the argument */

+

+	memset(argument->d, 0, outLen);

+	BN_bn2bin(a, (unsigned char *)argument->d + outLen -

+                 BN_num_bytes(a));

+

+	inLen = outLen;

+

+  /* Perform the operation */

+

+          if( (rc = p_icaRsaModExpo(handle, inLen,(unsigned char *)argument->d,

+                publKey, &outLen, (unsigned char *)result->d))

+                !=0 )

+

+                {

+                printf("rc = %d\n", rc);

+                IBMCAerr(IBMCA_F_IBMCA_MOD_EXP,IBMCA_R_REQUEST_FAILED);

+                goto err;

+                }

+

+

+        /* Convert the response */

+        BN_bin2bn((unsigned char *)result->d, outLen, r);

+        to_return = 1;

+ err:

+	BN_CTX_end(ctx);

+        return to_return;

+        }

+

+#ifndef OPENSSL_NO_RSA 

+static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)

+        {

+        BN_CTX *ctx;

+        int to_return = 0;

+

+        if((ctx = BN_CTX_new()) == NULL)

+                goto err;

+        if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)

+                {

+                if(!rsa->d || !rsa->n)

+                        {

+                        IBMCAerr(IBMCA_F_IBMCA_RSA_MOD_EXP,

+                                IBMCA_R_MISSING_KEY_COMPONENTS);

+                        goto err;

+                        }

+                to_return = ibmca_mod_exp(r0, I, rsa->d, rsa->n, ctx);

+                }

+        else

+                {

+                to_return = ibmca_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,

+                        rsa->dmq1, rsa->iqmp, ctx);

+                }

+ err:

+        if(ctx)

+                BN_CTX_free(ctx);

+        return to_return;

+        }

+#endif

+

+/* Ein kleines chinesisches "Restessen"  */

+static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

+        const BIGNUM *q, const BIGNUM *dmp1,

+        const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)

+        {

+

+        BIGNUM *argument = NULL;

+        BIGNUM *result = NULL;

+        BIGNUM *key = NULL;

+

+        int to_return = 0; /* expect failure */

+

+        char                *pkey=NULL;

+        ICA_KEY_RSA_CRT     *privKey=NULL;

+        int inLen, outLen;

+

+        int rc;

+        unsigned int        offset, pSize, qSize;

+/* SAB New variables */

+	unsigned int keyRecordSize;

+	unsigned int pbytes = BN_num_bytes(p);

+	unsigned int qbytes = BN_num_bytes(q);

+	unsigned int dmp1bytes = BN_num_bytes(dmp1);

+	unsigned int dmq1bytes = BN_num_bytes(dmq1);

+	unsigned int iqmpbytes = BN_num_bytes(iqmp);

+

+        /* Prepare the params */

+

+	BN_CTX_start(ctx);

+        argument = BN_CTX_get(ctx);

+        result = BN_CTX_get(ctx);

+        key = BN_CTX_get(ctx);

+

+        if(!argument || !result || !key)

+                {

+                IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_BN_CTX_FULL);

+                goto err;

+                }

+

+	if(!bn_wexpand(argument, p->top + q->top) ||

+                !bn_wexpand(result, p->top + q->top) ||

+                !bn_wexpand(key, sizeof(*privKey)/BN_BYTES ))

+                {

+                IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_BN_EXPAND_FAIL);

+                goto err;

+                }

+

+

+        privKey = (ICA_KEY_RSA_CRT *)key->d;

+/* SAB Add check for total size in bytes of the parms does not exceed

+   the buffer space we have

+   do this first

+*/

+      keyRecordSize = pbytes+qbytes+dmp1bytes+dmq1bytes+iqmpbytes;

+     if (  keyRecordSize > sizeof(privKey->keyRecord )) {

+	 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);

+         goto err;

+     }

+

+     if ( (qbytes + dmq1bytes)  > 256 ){

+	 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);

+         goto err;

+     }

+

+     if ( pbytes + dmp1bytes > 256 ) {

+	 IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OPERANDS_TO_LARGE);

+         goto err;

+     }

+

+/* end SAB additions */

+  

+        memset(privKey, 0, sizeof(ICA_KEY_RSA_CRT));

+        privKey->keyType =  CORRECT_ENDIANNESS(CRT_KEY_TYPE);

+        privKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_CRT));

+        privKey->modulusBitLength = 

+	  CORRECT_ENDIANNESS(BN_num_bytes(q) * 2 * 8);

+

+        /*

+         * p,dp & qInv are 1 QWORD Larger

+         */

+        privKey->pLength = CORRECT_ENDIANNESS(BN_num_bytes(p)+8);

+        privKey->qLength = CORRECT_ENDIANNESS(BN_num_bytes(q));

+        privKey->dpLength = CORRECT_ENDIANNESS(BN_num_bytes(dmp1)+8);

+        privKey->dqLength = CORRECT_ENDIANNESS(BN_num_bytes(dmq1));

+        privKey->qInvLength = CORRECT_ENDIANNESS(BN_num_bytes(iqmp)+8);

+

+        offset = (char *) privKey->keyRecord

+                  - (char *) privKey;

+

+        qSize = BN_num_bytes(q);

+        pSize = qSize + 8;   /*  1 QWORD larger */

+

+

+/* SAB  probably aittle redundant, but we'll verify that each of the

+   components which make up a key record sent ot the card does not exceed

+   the space that is allocated for it.  this handles the case where even if

+   the total length does not exceed keyrecord zied, if the operands are funny sized

+they could cause potential side affects on either the card or the result */

+

+     if ( (pbytes > pSize) || (dmp1bytes > pSize) ||

+          (iqmpbytes > pSize) || ( qbytes >qSize) ||

+          (dmq1bytes > qSize) ) {

+		IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_OPERANDS_TO_LARGE);

+		goto err;

+

+	}

+     

+

+        privKey->dpOffset = CORRECT_ENDIANNESS(offset);

+

+	offset += pSize;

+	privKey->dqOffset = CORRECT_ENDIANNESS(offset);

+

+	offset += qSize;

+	privKey->pOffset = CORRECT_ENDIANNESS(offset);

+

+	offset += pSize;

+	privKey->qOffset = CORRECT_ENDIANNESS(offset);

+

+	offset += qSize;

+	privKey->qInvOffset = CORRECT_ENDIANNESS(offset);

+

+        pkey = (char *) privKey->keyRecord;

+

+

+/* SAB first check that we don;t under flow the buffer */

+	if ( pSize < pbytes ) {

+		IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT, IBMCA_R_UNDERFLOW_CONDITION);

+		goto err;

+	}

+

+        /* pkey += pSize - BN_num_bytes(p); WROING this should be dmp1) */

+        pkey += pSize - BN_num_bytes(dmp1);

+        BN_bn2bin(dmp1, pkey);   

+        pkey += BN_num_bytes(dmp1);  /* move the pointer */

+

+        BN_bn2bin(dmq1, pkey);  /* Copy over dmq1 */

+

+        pkey += qSize;     /* move pointer */

+	pkey += pSize - BN_num_bytes(p);  /* set up for zero padding of next field */

+

+        BN_bn2bin(p, pkey);

+        pkey += BN_num_bytes(p);  /* increment pointer by number of bytes moved  */

+

+        BN_bn2bin(q, pkey);

+        pkey += qSize ;  /* move the pointer */

+	pkey +=  pSize - BN_num_bytes(iqmp); /* Adjust for padding */

+        BN_bn2bin(iqmp, pkey);

+

+        /* Prepare the argument and response */

+

+	outLen = CORRECT_ENDIANNESS(privKey->qLength) * 2;  /* Correct endianess is used 

+						because the fields were converted above */

+

+        if (outLen > 256) {

+		IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_OUTLEN_TO_LARGE);

+		goto err;

+	}

+

+	/* SAB check for underflow here on the argeument */

+	if ( outLen < BN_num_bytes(a)) {

+		IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_UNDERFLOW_CONDITION);

+		goto err;

+	}

+

+        BN_bn2bin(a, (unsigned char *)argument->d + outLen -

+                          BN_num_bytes(a));

+        inLen = outLen;

+

+        memset(result->d, 0, outLen);

+

+        /* Perform the operation */

+

+        if ( (rc = p_icaRsaCrt(handle, inLen, (unsigned char *)argument->d,

+                privKey, &outLen, (unsigned char *)result->d)) != 0)

+                {

+                printf("rc = %d\n", rc);

+                IBMCAerr(IBMCA_F_IBMCA_MOD_EXP_CRT,IBMCA_R_REQUEST_FAILED);

+                goto err;

+                }

+

+        /* Convert the response */

+

+        BN_bin2bn((unsigned char *)result->d, outLen, r);

+        to_return = 1;

+

+ err:

+	BN_CTX_end(ctx);

+        return to_return;

+

+        }

+

+#ifndef OPENSSL_NO_DSA

+/* This code was liberated and adapted from the commented-out code in

+ * dsa_ossl.c. Because of the unoptimised form of the Ibmca acceleration

+ * (it doesn't have a CRT form for RSA), this function means that an

+ * Ibmca system running with a DSA server certificate can handshake

+ * around 5 or 6 times faster/more than an equivalent system running with

+ * RSA. Just check out the "signs" statistics from the RSA and DSA parts

+ * of "openssl speed -engine ibmca dsa1024 rsa1024". */

+static int ibmca_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,

+        BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,

+        BN_CTX *ctx, BN_MONT_CTX *in_mont)

+        {

+        BIGNUM t;

+        int to_return = 0;

+

+        BN_init(&t);

+        /* let rr = a1 ^ p1 mod m */

+        if (!ibmca_mod_exp(rr,a1,p1,m,ctx)) goto end;

+        /* let t = a2 ^ p2 mod m */

+        if (!ibmca_mod_exp(&t,a2,p2,m,ctx)) goto end;

+        /* let rr = rr * t mod m */

+        if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;

+        to_return = 1;

+ end:

+        BN_free(&t);

+        return to_return;

+        }

+

+

+static int ibmca_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,

+        const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,

+        BN_MONT_CTX *m_ctx)

+        {

+        return ibmca_mod_exp(r, a, p, m, ctx);

+        }

+#endif

+

+/* This function is aliased to mod_exp (with the mont stuff dropped). */

+static int ibmca_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,

+        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

+        {

+        return ibmca_mod_exp(r, a, p, m, ctx);

+        }

+

+#ifndef OPENSSL_NO_DH 

+/* This function is aliased to mod_exp (with the dh and mont dropped). */

+static int ibmca_mod_exp_dh(DH const *dh, BIGNUM *r, 

+	const BIGNUM *a, const BIGNUM *p, 

+	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

+        {

+        return ibmca_mod_exp(r, a, p, m, ctx);

+        }

+#endif

+

+/* Random bytes are good */

+static int ibmca_rand_bytes(unsigned char *buf, int num)

+        {

+        int to_return = 0; /* assume failure */

+        unsigned int ret;

+

+

+        if(handle == 0)

+                {

+                IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES,IBMCA_R_NOT_INITIALISED);

+                goto err;

+                }

+

+        ret = p_icaRandomNumberGenerate(handle, num, buf);

+        if (ret < 0)

+                {

+                IBMCAerr(IBMCA_F_IBMCA_RAND_BYTES,IBMCA_R_REQUEST_FAILED);

+                goto err;

+                }

+        to_return = 1;

+ err:

+        return to_return;

+        }

+

+static int ibmca_rand_status(void)

+        {

+        return 1;

+        }

+

+/* This stuff is needed if this ENGINE is being compiled into a self-contained

+ * shared-library. */

+#ifdef ENGINE_DYNAMIC_SUPPORT

+static int bind_fn(ENGINE *e, const char *id)

+	{

+	if(id && (strcmp(id, engine_ibmca_id) != 0))  /* WJH XXX */

+		return 0;

+	if(!bind_helper(e))

+		return 0;

+	return 1;

+	}

+IMPLEMENT_DYNAMIC_CHECK_FN()

+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)

+#endif /* ENGINE_DYNAMIC_SUPPORT */

+

+

+#endif /* !OPENSSL_NO_HW_IBMCA */

+#endif /* !OPENSSL_NO_HW */

diff --git a/demos/engines/ibmca/hw_ibmca.ec b/demos/engines/ibmca/hw_ibmca.ec
new file mode 100644
index 0000000000..f68646d237
--- /dev/null
+++ b/demos/engines/ibmca/hw_ibmca.ec
@@ -0,0 +1,8 @@
+# configuration file for util/mkerr.pl
+#
+# use like this:
+#
+#	perl ../../../util/mkerr.pl -conf hw_ibmca.ec \
+#		-nostatic -staticloader -write *.c
+
+L IBMCA		hw_ibmca_err.h			hw_ibmca_err.c
diff --git a/demos/engines/ibmca/hw_ibmca_err.c b/demos/engines/ibmca/hw_ibmca_err.c
new file mode 100644
index 0000000000..c4053f6d30
--- /dev/null
+++ b/demos/engines/ibmca/hw_ibmca_err.c
@@ -0,0 +1,154 @@
+/* hw_ibmca_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_ibmca_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA IBMCA_str_functs[]=
+	{
+{ERR_PACK(0,IBMCA_F_IBMCA_CTRL,0),	"IBMCA_CTRL"},
+{ERR_PACK(0,IBMCA_F_IBMCA_FINISH,0),	"IBMCA_FINISH"},
+{ERR_PACK(0,IBMCA_F_IBMCA_INIT,0),	"IBMCA_INIT"},
+{ERR_PACK(0,IBMCA_F_IBMCA_MOD_EXP,0),	"IBMCA_MOD_EXP"},
+{ERR_PACK(0,IBMCA_F_IBMCA_MOD_EXP_CRT,0),	"IBMCA_MOD_EXP_CRT"},
+{ERR_PACK(0,IBMCA_F_IBMCA_RAND_BYTES,0),	"IBMCA_RAND_BYTES"},
+{ERR_PACK(0,IBMCA_F_IBMCA_RSA_MOD_EXP,0),	"IBMCA_RSA_MOD_EXP"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA IBMCA_str_reasons[]=
+	{
+{IBMCA_R_ALREADY_LOADED                  ,"already loaded"},
+{IBMCA_R_BN_CTX_FULL                     ,"bn ctx full"},
+{IBMCA_R_BN_EXPAND_FAIL                  ,"bn expand fail"},
+{IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED    ,"ctrl command not implemented"},
+{IBMCA_R_DSO_FAILURE                     ,"dso failure"},
+{IBMCA_R_MEXP_LENGTH_TO_LARGE            ,"mexp length to large"},
+{IBMCA_R_MISSING_KEY_COMPONENTS          ,"missing key components"},
+{IBMCA_R_NOT_INITIALISED                 ,"not initialised"},
+{IBMCA_R_NOT_LOADED                      ,"not loaded"},
+{IBMCA_R_OPERANDS_TO_LARGE               ,"operands to large"},
+{IBMCA_R_OUTLEN_TO_LARGE                 ,"outlen to large"},
+{IBMCA_R_REQUEST_FAILED                  ,"request failed"},
+{IBMCA_R_UNDERFLOW_CONDITION             ,"underflow condition"},
+{IBMCA_R_UNDERFLOW_KEYRECORD             ,"underflow keyrecord"},
+{IBMCA_R_UNIT_FAILURE                    ,"unit failure"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef IBMCA_LIB_NAME
+static ERR_STRING_DATA IBMCA_lib_name[]=
+        {
+{0	,IBMCA_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int IBMCA_lib_error_code=0;
+static int IBMCA_error_init=1;
+
+static void ERR_load_IBMCA_strings(void)
+	{
+	if (IBMCA_lib_error_code == 0)
+		IBMCA_lib_error_code=ERR_get_next_error_library();
+
+	if (IBMCA_error_init)
+		{
+		IBMCA_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(IBMCA_lib_error_code,IBMCA_str_functs);
+		ERR_load_strings(IBMCA_lib_error_code,IBMCA_str_reasons);
+#endif
+
+#ifdef IBMCA_LIB_NAME
+		IBMCA_lib_name->error = ERR_PACK(IBMCA_lib_error_code,0,0);
+		ERR_load_strings(0,IBMCA_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_IBMCA_strings(void)
+	{
+	if (IBMCA_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(IBMCA_lib_error_code,IBMCA_str_functs);
+		ERR_unload_strings(IBMCA_lib_error_code,IBMCA_str_reasons);
+#endif
+
+#ifdef IBMCA_LIB_NAME
+		ERR_unload_strings(0,IBMCA_lib_name);
+#endif
+		IBMCA_error_init=1;
+		}
+	}
+
+static void ERR_IBMCA_error(int function, int reason, char *file, int line)
+	{
+	if (IBMCA_lib_error_code == 0)
+		IBMCA_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(IBMCA_lib_error_code,function,reason,file,line);
+	}
diff --git a/demos/engines/ibmca/hw_ibmca_err.h b/demos/engines/ibmca/hw_ibmca_err.h
new file mode 100644
index 0000000000..da64bde5f2
--- /dev/null
+++ b/demos/engines/ibmca/hw_ibmca_err.h
@@ -0,0 +1,98 @@
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_IBMCA_ERR_H
+#define HEADER_IBMCA_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_IBMCA_strings(void);
+static void ERR_unload_IBMCA_strings(void);
+static void ERR_IBMCA_error(int function, int reason, char *file, int line);
+#define IBMCAerr(f,r) ERR_IBMCA_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the IBMCA functions. */
+
+/* Function codes. */
+#define IBMCA_F_IBMCA_CTRL				 100
+#define IBMCA_F_IBMCA_FINISH				 101
+#define IBMCA_F_IBMCA_INIT				 102
+#define IBMCA_F_IBMCA_MOD_EXP				 103
+#define IBMCA_F_IBMCA_MOD_EXP_CRT			 104
+#define IBMCA_F_IBMCA_RAND_BYTES			 105
+#define IBMCA_F_IBMCA_RSA_MOD_EXP			 106
+
+/* Reason codes. */
+#define IBMCA_R_ALREADY_LOADED				 100
+#define IBMCA_R_BN_CTX_FULL				 101
+#define IBMCA_R_BN_EXPAND_FAIL				 102
+#define IBMCA_R_CTRL_COMMAND_NOT_IMPLEMENTED		 103
+#define IBMCA_R_DSO_FAILURE				 104
+#define IBMCA_R_MEXP_LENGTH_TO_LARGE			 105
+#define IBMCA_R_MISSING_KEY_COMPONENTS			 106
+#define IBMCA_R_NOT_INITIALISED				 107
+#define IBMCA_R_NOT_LOADED				 108
+#define IBMCA_R_OPERANDS_TO_LARGE			 109
+#define IBMCA_R_OUTLEN_TO_LARGE				 110
+#define IBMCA_R_REQUEST_FAILED				 111
+#define IBMCA_R_UNDERFLOW_CONDITION			 112
+#define IBMCA_R_UNDERFLOW_KEYRECORD			 113
+#define IBMCA_R_UNIT_FAILURE				 114
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/demos/engines/ibmca/ica_openssl_api.h b/demos/engines/ibmca/ica_openssl_api.h
new file mode 100644
index 0000000000..c77e0fd5c0
--- /dev/null
+++ b/demos/engines/ibmca/ica_openssl_api.h
@@ -0,0 +1,189 @@
+
+#ifndef __ICA_OPENSSL_API_H__
+#define __ICA_OPENSSL_API_H__
+
+/**
+ ** abstract data types for API
+ **/
+
+#define ICA_ADAPTER_HANDLE int
+
+#if defined(linux) || defined (_AIX)
+#define ICA_CALL 
+#endif
+
+#if defined(WIN32) || defined(_WIN32)
+#define ICA_CALL  __stdcall
+#endif
+
+/*------------------------------------------------*
+ | RSA defines and typedefs                       |
+ *------------------------------------------------*/
+ /*
+ * All data elements of the RSA key are in big-endian format
+ * Modulus-Exponent form of key
+ *
+ */
+ #define MAX_EXP_SIZE 256
+ #define MAX_MODULUS_SIZE 256
+ #define MAX_MODEXP_SIZE  (MAX_EXP_SIZE + MAX_MODULUS_SIZE)
+
+ #define MAX_OPERAND_SIZE  MAX_EXP_SIZE
+
+ typedef unsigned char ICA_KEY_RSA_MODEXPO_REC[MAX_MODEXP_SIZE];
+ /*
+ * All data elements of the RSA key are in big-endian format
+ * Chinese Remainder Thereom(CRT) form of key
+ * Used only for Decrypt, the encrypt form is typically Modulus-Exponent
+ *
+ */
+ #define MAX_BP_SIZE 136
+ #define MAX_BQ_SIZE 128
+ #define MAX_NP_SIZE 136
+ #define MAX_NQ_SIZE 128
+ #define MAX_QINV_SIZE 136
+ #define MAX_RSACRT_SIZE (MAX_BP_SIZE+MAX_BQ_SIZE+MAX_NP_SIZE+MAX_NQ_SIZE+MAX_QINV_SIZE)
+
+#define RSA_GEN_OPERAND_MAX   256 /* bytes */
+
+typedef unsigned char ICA_KEY_RSA_CRT_REC[MAX_RSACRT_SIZE];
+/*------------------------------------------------*
+ | RSA key token types                            |
+ *------------------------------------------------*/
+
+#define  RSA_PUBLIC_MODULUS_EXPONENT        3
+#define  RSA_PKCS_PRIVATE_CHINESE_REMAINDER 6
+
+#define KEYTYPE_MODEXPO         1
+#define KEYTYPE_PKCSCRT         2
+
+
+/*------------------------------------------------*
+ | RSA Key Token format                           |
+ *------------------------------------------------*/
+
+/*
+ * NOTE:  All the fields in the ICA_KEY_RSA_MODEXPO structure
+ *        (lengths, offsets, exponents, modulus, etc.) are
+ *        stored in big-endian format
+ */
+
+typedef struct _ICA_KEY_RSA_MODEXPO
+{   unsigned int  keyType;             /* RSA key type.               */
+    unsigned int  keyLength;           /* Total length of the token.  */
+    unsigned int  modulusBitLength;    /* Modulus n bit length.       */
+                                       /* -- Start of the data length.*/
+    unsigned int  nLength;             /* Modulus n = p * q           */
+    unsigned int  expLength;           /* exponent (public or private)*/
+                                       /*   e = 1/d * mod(p-1)(q-1)   */
+                                       /* -- Start of the data offsets*/
+    unsigned int  nOffset;             /* Modulus n .                 */
+    unsigned int  expOffset;           /* exponent (public or private)*/
+    unsigned char reserved[112];       /* reserved area               */
+                                       /* -- Start of the variable -- */
+                                       /* -- length token data.    -- */
+    ICA_KEY_RSA_MODEXPO_REC keyRecord;
+} ICA_KEY_RSA_MODEXPO;
+#define SZ_HEADER_MODEXPO (sizeof(ICA_KEY_RSA_MODEXPO) - sizeof(ICA_KEY_RSA_MODEXPO_REC))
+
+/*
+ * NOTE:  All the fields in the ICA_KEY_RSA_CRT structure
+ *        (lengths, offsets, exponents, modulus, etc.) are
+ *        stored in big-endian format
+ */
+
+typedef struct _ICA_KEY_RSA_CRT
+{   unsigned int  keyType;             /* RSA key type.               */
+    unsigned int  keyLength;           /* Total length of the token.  */
+    unsigned int  modulusBitLength;    /* Modulus n bit length.       */
+                                       /* -- Start of the data length.*/
+#if _AIX
+    unsigned int  nLength;             /* Modulus n = p * q           */
+#endif
+    unsigned int  pLength;             /* Prime number p .            */
+    unsigned int  qLength;             /* Prime number q .            */
+    unsigned int  dpLength;            /* dp = d * mod(p-1) .         */
+    unsigned int  dqLength;            /* dq = d * mod(q-1) .         */
+    unsigned int  qInvLength;          /* PKCS: qInv = Ap/q           */
+                                       /* -- Start of the data offsets*/
+#if _AIX
+    unsigned int  nOffset;             /* Modulus n .                 */
+#endif
+    unsigned int  pOffset;             /* Prime number p .            */
+    unsigned int  qOffset;             /* Prime number q .            */
+    unsigned int  dpOffset;            /* dp .                        */
+    unsigned int  dqOffset;            /* dq .                        */
+    unsigned int  qInvOffset;          /* qInv for PKCS               */
+#if _AIX
+    unsigned char reserved[80];        /* reserved area               */
+#else
+    unsigned char reserved[88];        /* reserved area               */
+#endif
+                                       /* -- Start of the variable -- */
+                                       /* -- length token data.    -- */
+    ICA_KEY_RSA_CRT_REC keyRecord;
+} ICA_KEY_RSA_CRT;
+#define SZ_HEADER_CRT (sizeof(ICA_KEY_RSA_CRT) - sizeof(ICA_KEY_RSA_CRT_REC))
+
+unsigned int
+icaOpenAdapter( unsigned int        adapterId,
+	        ICA_ADAPTER_HANDLE *pAdapterHandle );
+
+unsigned int
+icaCloseAdapter( ICA_ADAPTER_HANDLE adapterHandle );
+
+unsigned int
+icaRsaModExpo( ICA_ADAPTER_HANDLE    hAdapterHandle,
+	       unsigned int          inputDataLength,
+	       unsigned char        *pInputData,
+	       ICA_KEY_RSA_MODEXPO  *pKeyModExpo,
+	       unsigned int         *pOutputDataLength,
+	       unsigned char        *pOutputData );
+
+unsigned int
+icaRsaCrt( ICA_ADAPTER_HANDLE     hAdapterHandle,
+	   unsigned int           inputDataLength,
+	   unsigned char         *pInputData,
+	   ICA_KEY_RSA_CRT       *pKeyCrt,
+	   unsigned int          *pOutputDataLength,
+	   unsigned char         *pOutputData );
+
+unsigned int
+icaRandomNumberGenerate( ICA_ADAPTER_HANDLE  hAdapterHandle,
+			 unsigned int        outputDataLength,
+			 unsigned char      *pOutputData );
+
+/* Specific macros and definitions to not have IFDEF;s all over the
+   main code */
+
+#if (_AIX)
+static const char *IBMCA_LIBNAME = "/lib/libica.a(shr.o)";
+#elif (WIN32)
+static const char *IBMCA_LIBNAME = "cryptica";
+#else
+static const char *IBMCA_LIBNAME = "ica";
+#endif
+
+#if (WIN32)
+/*
+ The ICA_KEY_RSA_MODEXPO & ICA_KEY_RSA_CRT lengths and
+ offsets must be in big-endian format.
+
+*/
+#define CORRECT_ENDIANNESS(b) (  \
+                             (((unsigned long) (b) & 0x000000ff) << 24) |  \
+                             (((unsigned long) (b) & 0x0000ff00) <<  8) |  \
+                             (((unsigned long) (b) & 0x00ff0000) >>  8) |  \
+                             (((unsigned long) (b) & 0xff000000) >> 24)    \
+                             )
+#define CRT_KEY_TYPE   RSA_PKCS_PRIVATE_CHINESE_REMAINDER
+#define ME_KEY_TYPE    RSA_PUBLIC_MODULUS_EXPONENT
+#else
+#define CORRECT_ENDIANNESS(b) (b)
+#define CRT_KEY_TYPE       KEYTYPE_PKCSCRT
+#define ME_KEY_TYPE        KEYTYPE_MODEXPO
+#endif
+
+
+
+#endif   /* __ICA_OPENSSL_API_H__ */
diff --git a/demos/engines/rsaref/.cvsignore b/demos/engines/rsaref/.cvsignore
new file mode 100644
index 0000000000..76776d9a59
--- /dev/null
+++ b/demos/engines/rsaref/.cvsignore
@@ -0,0 +1,12 @@
+librsaref.so.gnu
+librsaref.so.tru64
+librsaref.so.solaris
+librsaref.so.irix
+librsaref.so.hpux32
+librsaref.so.hpux64
+librsaref.so.aix
+librsaref.exp
+doc
+install
+rdemo
+source
diff --git a/demos/engines/rsaref/Makefile b/demos/engines/rsaref/Makefile
new file mode 100644
index 0000000000..63b8c79d27
--- /dev/null
+++ b/demos/engines/rsaref/Makefile
@@ -0,0 +1,135 @@
+LIBNAME=	librsaref
+SRC=		rsaref.c
+OBJ=		rsaref.o
+HEADER=		rsaref.h
+
+CC=		gcc
+PIC=		-fPIC
+CFLAGS=		-g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT
+AR=		ar r
+RANLIB=		ranlib
+
+LIB=		$(LIBNAME).a
+SHLIB=		$(LIBNAME).so
+
+all:
+		@echo 'Please choose a system to build on:'
+		@echo ''
+		@echo 'tru64:    Tru64 Unix, Digital Unix, Digital OSF/1'
+		@echo 'solaris:  Solaris'
+		@echo 'irix:     IRIX'
+		@echo 'hpux32:   32-bit HP/UX'
+		@echo 'hpux64:   64-bit HP/UX'
+		@echo 'aix:      AIX'
+		@echo 'gnu:      Generic GNU-based system (gcc and GNU ld)'
+		@echo ''
+
+FORCE.install:
+install:	FORCE.install
+		cd install; \
+			make -f unix/makefile CFLAGS='-I. -DPROTOTYPES=1 -O -c' RSAREFLIB=librsaref.a librsaref.a
+
+FORCE.update:
+update:		FORCE.update
+		perl ../../../util/mkerr.pl -conf rsaref.ec \
+			-nostatic -staticloader -write rsaref.c
+
+darwin:		install $(SHLIB).darwin
+cygwin:		install $(SHLIB).cygwin
+gnu:		install $(SHLIB).gnu
+alpha-osf1:	install $(SHLIB).alpha-osf1
+tru64:		install $(SHLIB).tru64
+solaris:	install $(SHLIB).solaris
+irix:		install $(SHLIB).irix
+hpux32:		install $(SHLIB).hpux32
+hpux64:		install $(SHLIB).hpux64
+aix:		install $(SHLIB).aix
+reliantunix:	install $(SHLIB).reliantunix
+
+$(LIB):		$(OBJ)
+		$(AR) $(LIB) $(OBJ)
+		- $(RANLIB) $(LIB)
+
+LINK_SO=	\
+  ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) install/librsaref.a && \
+  (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
+   $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
+
+$(SHLIB).darwin:	$(LIB) install/librsaref.a
+		ALLSYMSFLAGS='-all_load' \
+		SHAREDFLAGS='-dynamiclib -install_name $(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).darwin
+$(SHLIB).cygwin:	$(LIB) install/librsaref.a
+		ALLSYMSFLAGS='--whole-archive' \
+		SHAREDFLAGS='-shared -Wl,-Bsymbolic -Wl,--out-implib,$(LIBNAME).dll.a' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).cygwin
+$(SHLIB).gnu:	$(LIB) install/librsaref.a
+		ALLSYMSFLAGS='--whole-archive' \
+		SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).gnu
+$(SHLIB).tru64:	$(LIB) install/librsaref.a
+		ALLSYMSFLAGS='-all' \
+		SHAREDFLAGS='-shared' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).tru64
+$(SHLIB).solaris:	$(LIB) install/librsaref.a
+		ALLSYMSFLAGS='-z allextract' \
+		SHAREDFLAGS='-G -h $(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).solaris
+$(SHLIB).irix:	$(LIB) install/librsaref.a
+		ALLSYMSFLAGS='-all' \
+		SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).irix
+$(SHLIB).hpux32:	$(LIB) install/librsaref.a
+		ALLSYMSFLAGS='-Fl' \
+		SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
+		SHAREDCMD='/usr/ccs/bin/ld'; \
+		$(LINK_SO)
+		touch $(SHLIB).hpux32
+$(SHLIB).hpux64:	$(LIB) install/librsaref.a
+		ALLSYMSFLAGS='+forceload' \
+		SHAREDFLAGS='-b -z +h $(SHLIB)' \
+		SHAREDCMD='/usr/ccs/bin/ld'; \
+		$(LINK_SO)
+		touch $(SHLIB).hpux64
+$(SHLIB).aix:	$(LIB) install/librsaref.a
+		ALLSYMSFLAGS='-bnogc' \
+		SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).aix
+
+depend:
+		sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
+		echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
+		gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
+		perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
+		rm -f Makefile.tmp Makefile
+		mv Makefile.new Makefile
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
+rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
+rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
+rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
+rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
+rsaref.o: ../../../include/openssl/opensslconf.h
+rsaref.o: ../../../include/openssl/opensslv.h
+rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
+rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
+rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
+rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
+rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
+rsaref.o: source/rsaref.h
diff --git a/demos/engines/rsaref/README b/demos/engines/rsaref/README
new file mode 100644
index 0000000000..00b1f7473b
--- /dev/null
+++ b/demos/engines/rsaref/README
@@ -0,0 +1,22 @@
+librsaref.so is a demonstration dynamic engine that does RSA
+operations using the old RSAref 2.0 implementation.
+
+To make proper use of this engine, you must download RSAref 2.0
+(search the web for rsaref.tar.Z for example) and unpack it in this
+directory, so you'll end up having the subdirectories "install" and
+"source" among others.
+
+To build, do the following:
+
+	make
+
+This will list a number of available targets to choose from.  Most of
+them are architecture-specific.  The exception is "gnu" which is to be
+used on systems where GNU ld and gcc have been installed in such a way
+that gcc uses GNU ld to link together programs and shared libraries.
+
+The make file assumes you use gcc.  To change that, just reassign CC:
+
+	make CC=cc
+
+The result is librsaref.so, which you can copy to any place you wish.
diff --git a/demos/engines/rsaref/build.com b/demos/engines/rsaref/build.com
new file mode 100644
index 0000000000..b956912916
--- /dev/null
+++ b/demos/engines/rsaref/build.com
@@ -0,0 +1,85 @@
+$! BUILD.COM -- Building procedure for the RSAref engine
+$
+$	if f$search("source.dir") .eqs. "" -
+	   .or. f$search("install.dir") .eqs. ""
+$	then
+$	    write sys$error "RSAref 2.0 hasn't been properly extracted."
+$	    exit
+$	endif
+$
+$	_save_default = f$environment("default")
+$	set default [.install]
+$	files := desc,digit,md2c,md5c,nn,prime,-
+		rsa,r_encode,r_dh,r_enhanc,r_keygen,r_random,-
+		r_stdlib
+$	delete rsaref.olb;*
+$	library/create/object rsaref.olb
+$	files_i = 0
+$ rsaref_loop:
+$	files_e = f$edit(f$element(files_i,",",files),"trim")
+$	files_i = files_i + 1
+$	if files_e .eqs. "," then goto rsaref_loop_end
+$	cc/include=([-.source],[])/define=PROTOTYPES=1/object=[]'files_e'.obj -
+		[-.source]'files_e'.c
+$	library/replace/object rsaref.olb 'files_e'.obj
+$	goto rsaref_loop
+$ rsaref_loop_end:
+$
+$	set default [-]
+$	define/user openssl [---.include.openssl]
+$	cc/define=ENGINE_DYNAMIC_SUPPORT rsaref.c
+$
+$	if f$getsyi("CPU") .ge. 128
+$	then
+$	    link/share=librsaref.exe sys$input:/option
+[]rsaref.obj
+[.install]rsaref.olb/lib
+[---.axp.exe.crypto]libcrypto.olb/lib
+symbol_vector=(bind_engine=procedure,v_check=procedure)
+$	else
+$	    macro/object=rsaref_vec.obj sys$input:
+;
+; Transfer vector for VAX shareable image
+;
+	.TITLE librsaref
+;
+; Define macro to assist in building transfer vector entries.  Each entry
+; should take no more than 8 bytes.
+;
+	.MACRO FTRANSFER_ENTRY routine
+	.ALIGN QUAD
+	.TRANSFER routine
+	.MASK	routine
+	JMP	routine+2
+	.ENDM FTRANSFER_ENTRY
+;
+; Place entries in own program section.
+;
+	.PSECT $$LIBRSAREF,QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT
+
+LIBRSAREF_xfer:
+	FTRANSFER_ENTRY bind_engine
+	FTRANSFER_ENTRY v_check
+
+;
+; Allocate extra storage at end of vector to allow for expansion.
+;
+	.BLKB 512-<.-LIBRSAREF_xfer>	; 1 page.
+	.END
+$	    link/share=librsaref.exe sys$input:/option
+!
+! Ensure transfer vector is at beginning of image
+!
+CLUSTER=FIRST
+COLLECT=FIRST,$$LIBRSAREF
+!
+! make psects nonshareable so image can be installed.
+!
+PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT
+[]rsaref_vec.obj
+[]rsaref.obj
+[.install]rsaref.olb/lib
+[---.vax.exe.crypto]libcrypto.olb/lib
+$	endif
+$
+$	set default '_save_default'
diff --git a/demos/engines/rsaref/rsaref.c b/demos/engines/rsaref/rsaref.c
new file mode 100644
index 0000000000..872811b8f7
--- /dev/null
+++ b/demos/engines/rsaref/rsaref.c
@@ -0,0 +1,685 @@
+/* Demo of how to construct your own engine and using it.  The basis of this
+   engine is RSAref, an old reference of the RSA algorithm which can still
+   be found a little here and there. */
+
+#include <stdio.h>
+#include <string.h>
+#include "./source/global.h"
+#include "./source/rsaref.h"
+#include "./source/rsa.h"
+#include "./source/des.h"
+#include <openssl/err.h>
+#define OPENSSL_NO_MD2
+#define OPENSSL_NO_MD5
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/engine.h>
+
+#define RSAREF_LIB_NAME "rsaref engine"
+#include "rsaref_err.c"
+
+/*****************************************************************************
+ *** Function declarations and global variable definitions                 ***
+ *****************************************************************************/
+
+/*****************************************************************************
+ * Constants used when creating the ENGINE
+ **/
+static const char *engine_rsaref_id = "rsaref";
+static const char *engine_rsaref_name = "RSAref engine support";
+
+/*****************************************************************************
+ * Functions to handle the engine
+ **/
+static int rsaref_destroy(ENGINE *e);
+static int rsaref_init(ENGINE *e);
+static int rsaref_finish(ENGINE *e);
+#if 0
+static int rsaref_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); 
+#endif
+
+/*****************************************************************************
+ * Engine commands
+ **/
+static const ENGINE_CMD_DEFN rsaref_cmd_defns[] = {
+	{0, NULL, NULL, 0}
+	};
+
+/*****************************************************************************
+ * RSA functions
+ **/
+static int rsaref_private_decrypt(int len, const unsigned char *from,
+	unsigned char *to, RSA *rsa, int padding);
+static int rsaref_private_encrypt(int len, const unsigned char *from,
+	unsigned char *to, RSA *rsa, int padding);
+static int rsaref_public_encrypt(int len, const unsigned char *from,
+	unsigned char *to, RSA *rsa, int padding);
+static int rsaref_public_decrypt(int len, const unsigned char *from,
+	unsigned char *to, RSA *rsa, int padding);
+static int bnref_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,const BIGNUM *m,
+			  BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int rsaref_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+
+/*****************************************************************************
+ * Our RSA method
+ **/
+static RSA_METHOD rsaref_rsa =
+{
+  "RSAref PKCS#1 RSA",
+  rsaref_public_encrypt,
+  rsaref_public_decrypt,
+  rsaref_private_encrypt,
+  rsaref_private_decrypt,
+  rsaref_mod_exp,
+  bnref_mod_exp,
+  NULL,
+  NULL,
+  0,
+  NULL,
+  NULL,
+  NULL
+};
+
+/*****************************************************************************
+ * Symetric cipher and digest function registrars
+ **/
+static int rsaref_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+	const int **nids, int nid);
+static int rsaref_digests(ENGINE *e, const EVP_MD **digest,
+	const int **nids, int nid);
+
+static int rsaref_cipher_nids[] =
+	{ NID_des_cbc, NID_des_ede3_cbc, NID_desx_cbc, 0 };
+static int rsaref_digest_nids[] =
+	{ NID_md2, NID_md5, 0 };
+
+/*****************************************************************************
+ * DES functions
+ **/
+static int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+	const unsigned char *iv, int enc);
+static int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	const unsigned char *in, unsigned int inl);
+static int cipher_des_cbc_clean(EVP_CIPHER_CTX *);
+static int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+	const unsigned char *iv, int enc);
+static int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	const unsigned char *in, unsigned int inl);
+static int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *);
+static int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+	const unsigned char *iv, int enc);
+static int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	const unsigned char *in, unsigned int inl);
+static int cipher_desx_cbc_clean(EVP_CIPHER_CTX *);
+
+/*****************************************************************************
+ * Our DES ciphers
+ **/
+static const EVP_CIPHER cipher_des_cbc =
+	{
+	NID_des_cbc,
+	8, 8, 8,
+	0 | EVP_CIPH_CBC_MODE,
+	cipher_des_cbc_init,
+	cipher_des_cbc_code,
+	cipher_des_cbc_clean,
+	sizeof(DES_CBC_CTX),
+	NULL,
+	NULL,
+	NULL,
+	NULL
+	};
+
+static const EVP_CIPHER cipher_des_ede3_cbc =
+	{
+	NID_des_ede3_cbc,
+	8, 24, 8,
+	0 | EVP_CIPH_CBC_MODE,
+	cipher_des_ede3_cbc_init,
+	cipher_des_ede3_cbc_code,
+	cipher_des_ede3_cbc_clean,
+	sizeof(DES3_CBC_CTX),
+	NULL,
+	NULL,
+	NULL,
+	NULL
+	};
+
+static const EVP_CIPHER cipher_desx_cbc =
+	{
+	NID_desx_cbc,
+	8, 24, 8,
+	0 | EVP_CIPH_CBC_MODE,
+	cipher_desx_cbc_init,
+	cipher_desx_cbc_code,
+	cipher_desx_cbc_clean,
+	sizeof(DESX_CBC_CTX),
+	NULL,
+	NULL,
+	NULL,
+	NULL
+	};
+
+/*****************************************************************************
+ * MD functions
+ **/
+static int digest_md2_init(EVP_MD_CTX *ctx);
+static int digest_md2_update(EVP_MD_CTX *ctx,const void *data,
+	unsigned long count);
+static int digest_md2_final(EVP_MD_CTX *ctx,unsigned char *md);
+static int digest_md5_init(EVP_MD_CTX *ctx);
+static int digest_md5_update(EVP_MD_CTX *ctx,const void *data,
+	unsigned long count);
+static int digest_md5_final(EVP_MD_CTX *ctx,unsigned char *md);
+
+/*****************************************************************************
+ * Our MD digests
+ **/
+static const EVP_MD digest_md2 =
+	{
+	NID_md2,
+	NID_md2WithRSAEncryption,
+	16,
+	0,
+	digest_md2_init,
+	digest_md2_update,
+	digest_md2_final,
+	NULL,
+	NULL,
+	EVP_PKEY_RSA_method,
+	16,
+	sizeof(MD2_CTX)
+	};
+
+static const EVP_MD digest_md5 =
+	{
+	NID_md5,
+	NID_md5WithRSAEncryption,
+	16,
+	0,
+	digest_md5_init,
+	digest_md5_update,
+	digest_md5_final,
+	NULL,
+	NULL,
+	EVP_PKEY_RSA_method,
+	64,
+	sizeof(MD5_CTX)
+	};
+
+/*****************************************************************************
+ *** Function definitions                                                  ***
+ *****************************************************************************/
+
+/*****************************************************************************
+ * Functions to handle the engine
+ **/
+
+static int bind_rsaref(ENGINE *e)
+	{
+	const RSA_METHOD *meth1;
+	if(!ENGINE_set_id(e, engine_rsaref_id)
+		|| !ENGINE_set_name(e, engine_rsaref_name)
+		|| !ENGINE_set_RSA(e, &rsaref_rsa)
+		|| !ENGINE_set_ciphers(e, rsaref_ciphers)
+		|| !ENGINE_set_digests(e, rsaref_digests)
+		|| !ENGINE_set_destroy_function(e, rsaref_destroy)
+		|| !ENGINE_set_init_function(e, rsaref_init)
+		|| !ENGINE_set_finish_function(e, rsaref_finish)
+		/* || !ENGINE_set_ctrl_function(e, rsaref_ctrl) */
+		/* || !ENGINE_set_cmd_defns(e, rsaref_cmd_defns) */)
+		return 0;
+
+	/* Ensure the rsaref error handling is set up */
+	ERR_load_RSAREF_strings();
+	return 1;
+	}
+
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_helper(ENGINE *e, const char *id)
+	{
+	if(id && (strcmp(id, engine_rsaref_id) != 0))
+		return 0;
+	if(!bind_rsaref(e))
+		return 0;
+	return 1;
+	}       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+#else
+static ENGINE *engine_rsaref(void)
+	{
+	ENGINE *ret = ENGINE_new();
+	if(!ret)
+		return NULL;
+	if(!bind_rsaref(ret))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_rsaref(void)
+	{
+	/* Copied from eng_[openssl|dyn].c */
+	ENGINE *toadd = engine_rsaref();
+	if(!toadd) return;
+	ENGINE_add(toadd);
+	ENGINE_free(toadd);
+	ERR_clear_error();
+	}
+#endif
+
+/* Initiator which is only present to make sure this engine looks available */
+static int rsaref_init(ENGINE *e)
+	{
+	return 1;
+	}
+
+/* Finisher which is only present to make sure this engine looks available */
+static int rsaref_finish(ENGINE *e)
+	{
+	return 1;
+	}
+
+/* Destructor (complements the "ENGINE_ncipher()" constructor) */
+static int rsaref_destroy(ENGINE *e)
+	{
+	ERR_unload_RSAREF_strings();
+	return 1;
+	}
+
+/*****************************************************************************
+ * RSA functions
+ **/
+
+static int rsaref_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+	{
+	RSAREFerr(RSAREF_F_RSAREF_MOD_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+	return(0);
+	}
+
+static int bnref_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			  const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	RSAREFerr(RSAREF_F_BNREF_MOD_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+	return(0);
+	}
+
+/* unsigned char *to:  [max]    */
+static int RSAref_bn2bin(BIGNUM *from, unsigned char *to, int max)
+	{
+	int i;
+
+	i=BN_num_bytes(from);
+	if (i > max)
+		{
+		RSAREFerr(RSAREF_F_RSAREF_BN2BIN,RSAREF_R_LEN);
+		return(0);
+		}
+
+	memset(to,0,(unsigned int)max);
+	if (!BN_bn2bin(from,&(to[max-i])))
+		return(0);
+	return(1);
+	}
+
+#ifdef undef
+/* unsigned char *from:  [max]    */
+static BIGNUM *RSAref_bin2bn(unsigned char *from, BIGNUM *to, int max)
+	{
+	int i;
+	BIGNUM *ret;
+
+	for (i=0; i<max; i++)
+		if (from[i]) break;
+
+	ret=BN_bin2bn(&(from[i]),max-i,to);
+	return(ret);
+	}
+
+static int RSAref_Public_ref2eay(RSArefPublicKey *from, RSA *to)
+	{
+	to->n=RSAref_bin2bn(from->m,NULL,RSAref_MAX_LEN);
+	to->e=RSAref_bin2bn(from->e,NULL,RSAref_MAX_LEN);
+	if ((to->n == NULL) || (to->e == NULL)) return(0);
+	return(1);
+	}
+#endif
+
+static int RSAref_Public_eay2ref(RSA *from, R_RSA_PUBLIC_KEY *to)
+	{
+	to->bits=BN_num_bits(from->n);
+	if (!RSAref_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN)) return(0);
+	if (!RSAref_bn2bin(from->e,to->exponent,MAX_RSA_MODULUS_LEN)) return(0);
+	return(1);
+	}
+
+#ifdef undef
+static int RSAref_Private_ref2eay(RSArefPrivateKey *from, RSA *to)
+	{
+	if ((to->n=RSAref_bin2bn(from->m,NULL,RSAref_MAX_LEN)) == NULL)
+		return(0);
+	if ((to->e=RSAref_bin2bn(from->e,NULL,RSAref_MAX_LEN)) == NULL)
+		return(0);
+	if ((to->d=RSAref_bin2bn(from->d,NULL,RSAref_MAX_LEN)) == NULL)
+		return(0);
+	if ((to->p=RSAref_bin2bn(from->prime[0],NULL,RSAref_MAX_PLEN)) == NULL)
+		return(0);
+	if ((to->q=RSAref_bin2bn(from->prime[1],NULL,RSAref_MAX_PLEN)) == NULL)
+		return(0);
+	if ((to->dmp1=RSAref_bin2bn(from->pexp[0],NULL,RSAref_MAX_PLEN))
+		== NULL)
+		return(0);
+	if ((to->dmq1=RSAref_bin2bn(from->pexp[1],NULL,RSAref_MAX_PLEN))
+		== NULL)
+		return(0);
+	if ((to->iqmp=RSAref_bin2bn(from->coef,NULL,RSAref_MAX_PLEN)) == NULL)
+		return(0);
+	return(1);
+	}
+#endif
+
+static int RSAref_Private_eay2ref(RSA *from, R_RSA_PRIVATE_KEY *to)
+	{
+	to->bits=BN_num_bits(from->n);
+	if (!RSAref_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN)) return(0);
+	if (!RSAref_bn2bin(from->e,to->publicExponent,MAX_RSA_MODULUS_LEN)) return(0);
+	if (!RSAref_bn2bin(from->d,to->exponent,MAX_RSA_MODULUS_LEN)) return(0);
+	if (!RSAref_bn2bin(from->p,to->prime[0],MAX_RSA_PRIME_LEN)) return(0);
+	if (!RSAref_bn2bin(from->q,to->prime[1],MAX_RSA_PRIME_LEN)) return(0);
+	if (!RSAref_bn2bin(from->dmp1,to->primeExponent[0],MAX_RSA_PRIME_LEN)) return(0);
+	if (!RSAref_bn2bin(from->dmq1,to->primeExponent[1],MAX_RSA_PRIME_LEN)) return(0);
+	if (!RSAref_bn2bin(from->iqmp,to->coefficient,MAX_RSA_PRIME_LEN)) return(0);
+	return(1);
+	}
+
+static int rsaref_private_decrypt(int len, const unsigned char *from, unsigned char *to,
+	     RSA *rsa, int padding)
+	{
+	int i,outlen= -1;
+	R_RSA_PRIVATE_KEY RSAkey;
+
+	if (!RSAref_Private_eay2ref(rsa,&RSAkey))
+		goto err;
+	if ((i=RSAPrivateDecrypt(to,(unsigned int *)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
+		{
+		RSAREFerr(RSAREF_F_RSAREF_PRIVATE_DECRYPT,i);
+		outlen= -1;
+		}
+err:
+	memset(&RSAkey,0,sizeof(RSAkey));
+	return(outlen);
+	}
+
+static int rsaref_private_encrypt(int len, const unsigned char *from, unsigned char *to,
+	     RSA *rsa, int padding)
+	{
+	int i,outlen= -1;
+	R_RSA_PRIVATE_KEY RSAkey;
+
+	if (padding != RSA_PKCS1_PADDING)
+		{
+		RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+		goto err;
+	}
+	if (!RSAref_Private_eay2ref(rsa,&RSAkey))
+		goto err;
+	if ((i=RSAPrivateEncrypt(to,(unsigned int)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
+		{
+		RSAREFerr(RSAREF_F_RSAREF_PRIVATE_ENCRYPT,i);
+		outlen= -1;
+		}
+err:
+	memset(&RSAkey,0,sizeof(RSAkey));
+	return(outlen);
+	}
+
+static int rsaref_public_decrypt(int len, const unsigned char *from, unsigned char *to,
+	     RSA *rsa, int padding)
+	{
+	int i,outlen= -1;
+	R_RSA_PUBLIC_KEY RSAkey;
+
+	if (!RSAref_Public_eay2ref(rsa,&RSAkey))
+		goto err;
+	if ((i=RSAPublicDecrypt(to,(unsigned int)&outlen,(unsigned char *)from,len,&RSAkey)) != 0)
+		{
+		RSAREFerr(RSAREF_F_RSAREF_PUBLIC_DECRYPT,i);
+		outlen= -1;
+		}
+err:
+	memset(&RSAkey,0,sizeof(RSAkey));
+	return(outlen);
+	}
+
+static int rsaref_public_encrypt(int len, const unsigned char *from, unsigned char *to,
+	     RSA *rsa, int padding)
+	{
+	int outlen= -1;
+	int i;
+	R_RSA_PUBLIC_KEY RSAkey;
+	R_RANDOM_STRUCT rnd;
+	unsigned char buf[16];
+
+	if (padding != RSA_PKCS1_PADDING && padding != RSA_SSLV23_PADDING) 
+		{
+		RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+		goto err;
+		}
+	
+	R_RandomInit(&rnd);
+	R_GetRandomBytesNeeded((unsigned int *)&i,&rnd);
+	while (i > 0)
+		{
+		if (RAND_bytes(buf,16) <= 0)
+			goto err;
+		R_RandomUpdate(&rnd,buf,(unsigned int)((i>16)?16:i));
+		i-=16;
+		}
+
+	if (!RSAref_Public_eay2ref(rsa,&RSAkey))
+		goto err;
+	if ((i=RSAPublicEncrypt(to,(unsigned int)&outlen,(unsigned char *)from,len,&RSAkey,&rnd)) != 0)
+		{
+		RSAREFerr(RSAREF_F_RSAREF_PUBLIC_ENCRYPT,i);
+		outlen= -1;
+		goto err;
+		}
+err:
+	memset(&RSAkey,0,sizeof(RSAkey));
+	R_RandomFinal(&rnd);
+	memset(&rnd,0,sizeof(rnd));
+	return(outlen);
+	}
+
+/*****************************************************************************
+ * Symetric cipher and digest function registrars
+ **/
+static int rsaref_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+	const int **nids, int nid)
+	{
+	int ok = 1;
+	if(!cipher)
+		{
+		/* We are returning a list of supported nids */
+		*nids = rsaref_cipher_nids;
+		return (sizeof(rsaref_cipher_nids)-1)/sizeof(rsaref_cipher_nids[0]);
+		}
+	/* We are being asked for a specific cipher */
+	switch (nid)
+		{
+	case NID_des_cbc:
+		*cipher = &cipher_des_cbc; break;
+	case NID_des_ede3_cbc:
+		*cipher = &cipher_des_ede3_cbc; break;
+	case NID_desx_cbc:
+		*cipher = &cipher_desx_cbc; break;
+	default:
+		ok = 0;
+		*cipher = NULL;
+		break;
+		}
+	return ok;
+	}
+static int rsaref_digests(ENGINE *e, const EVP_MD **digest,
+	const int **nids, int nid)
+	{
+	int ok = 1;
+	if(!digest)
+		{
+		/* We are returning a list of supported nids */
+		*nids = rsaref_digest_nids;
+		return (sizeof(rsaref_digest_nids)-1)/sizeof(rsaref_digest_nids[0]);
+		}
+	/* We are being asked for a specific digest */
+	switch (nid)
+		{
+	case NID_md2:
+		*digest = &digest_md2; break;
+	case NID_md5:
+		*digest = &digest_md5; break;
+	default:
+		ok = 0;
+		*digest = NULL;
+		break;
+		}
+	return ok;
+	}
+
+/*****************************************************************************
+ * DES functions
+ **/
+#undef data
+#define data(ctx) ((DES_CBC_CTX *)(ctx)->cipher_data)
+static int cipher_des_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+	const unsigned char *iv, int enc)
+	{
+	DES_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv, enc);
+	return 1;
+	}
+static int cipher_des_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	const unsigned char *in, unsigned int inl)
+	{
+	int ret = DES_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
+	switch (ret)
+		{
+	case RE_LEN:
+		RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
+		break;
+	case 0:
+		break;
+	default:
+		RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_UNKNOWN_FAULT);
+		}
+	return !ret;
+	}
+static int cipher_des_cbc_clean(EVP_CIPHER_CTX *ctx)
+	{
+	memset(data(ctx), 0, ctx->cipher->ctx_size);
+	return 1;
+	}
+
+#undef data
+#define data(ctx) ((DES3_CBC_CTX *)(ctx)->cipher_data)
+static int cipher_des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+	const unsigned char *iv, int enc)
+	{
+	DES3_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv,
+		enc);
+	return 1;
+	}
+static int cipher_des_ede3_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	const unsigned char *in, unsigned int inl)
+	{
+	int ret = DES3_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
+	switch (ret)
+		{
+	case RE_LEN:
+		RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
+		break;
+	case 0:
+		break;
+	default:
+		RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_UNKNOWN_FAULT);
+		}
+	return !ret;
+	}
+static int cipher_des_ede3_cbc_clean(EVP_CIPHER_CTX *ctx)
+	{
+	memset(data(ctx), 0, ctx->cipher->ctx_size);
+	return 1;
+	}
+
+#undef data
+#define data(ctx) ((DESX_CBC_CTX *)(ctx)->cipher_data)
+static int cipher_desx_cbc_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+	const unsigned char *iv, int enc)
+	{
+	DESX_CBCInit(data(ctx), (unsigned char *)key, (unsigned char *)iv,
+		enc);
+	return 1;
+	}
+static int cipher_desx_cbc_code(EVP_CIPHER_CTX *ctx, unsigned char *out,
+	const unsigned char *in, unsigned int inl)
+	{
+	int ret = DESX_CBCUpdate(data(ctx), out, (unsigned char *)in, inl);
+	switch (ret)
+		{
+	case RE_LEN:
+		RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED);
+		break;
+	case 0:
+		break;
+	default:
+		RSAREFerr(RSAREF_F_CIPHER_DES_CBC_CODE,RSAREF_R_UNKNOWN_FAULT);
+		}
+	return !ret;
+	}
+static int cipher_desx_cbc_clean(EVP_CIPHER_CTX *ctx)
+	{
+	memset(data(ctx), 0, ctx->cipher->ctx_size);
+	return 1;
+	}
+
+/*****************************************************************************
+ * MD functions
+ **/
+#undef data
+#define data(ctx) ((MD2_CTX *)(ctx)->md_data)
+static int digest_md2_init(EVP_MD_CTX *ctx)
+	{
+	MD2Init(data(ctx));
+	return 1;
+	}
+static int digest_md2_update(EVP_MD_CTX *ctx,const void *data,
+	unsigned long count)
+	{
+	MD2Update(data(ctx), (unsigned char *)data, (unsigned int)count);
+	return 1;
+	}
+static int digest_md2_final(EVP_MD_CTX *ctx,unsigned char *md)
+	{
+	MD2Final(md, data(ctx));
+	return 1;
+	}
+
+#undef data
+#define data(ctx) ((MD5_CTX *)(ctx)->md_data)
+static int digest_md5_init(EVP_MD_CTX *ctx)
+	{
+	MD5Init(data(ctx));
+	return 1;
+	}
+static int digest_md5_update(EVP_MD_CTX *ctx,const void *data,
+	unsigned long count)
+	{
+	MD5Update(data(ctx), (unsigned char *)data, (unsigned int)count);
+	return 1;
+	}
+static int digest_md5_final(EVP_MD_CTX *ctx,unsigned char *md)
+	{
+	MD5Final(md, data(ctx));
+	return 1;
+	}
diff --git a/demos/engines/rsaref/rsaref.ec b/demos/engines/rsaref/rsaref.ec
new file mode 100644
index 0000000000..c690ae3883
--- /dev/null
+++ b/demos/engines/rsaref/rsaref.ec
@@ -0,0 +1,8 @@
+# configuration file for util/mkerr.pl
+#
+# use like this:
+#
+#	perl ../../../util/mkerr.pl -conf rsaref.ec \
+#		-nostatic -staticloader -write *.c
+
+L RSAREF	rsaref_err.h			rsaref_err.c
diff --git a/demos/engines/rsaref/rsaref_err.c b/demos/engines/rsaref/rsaref_err.c
new file mode 100644
index 0000000000..ceaf05706d
--- /dev/null
+++ b/demos/engines/rsaref/rsaref_err.c
@@ -0,0 +1,161 @@
+/* rsaref_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "rsaref_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA RSAREF_str_functs[]=
+	{
+{ERR_PACK(0,RSAREF_F_BNREF_MOD_EXP,0),	"BNREF_MOD_EXP"},
+{ERR_PACK(0,RSAREF_F_CIPHER_DES_CBC_CODE,0),	"CIPHER_DES_CBC_CODE"},
+{ERR_PACK(0,RSAREF_F_RSAREF_BN2BIN,0),	"RSAREF_BN2BIN"},
+{ERR_PACK(0,RSAREF_F_RSAREF_MOD_EXP,0),	"RSAREF_MOD_EXP"},
+{ERR_PACK(0,RSAREF_F_RSAREF_PRIVATE_DECRYPT,0),	"RSAREF_PRIVATE_DECRYPT"},
+{ERR_PACK(0,RSAREF_F_RSAREF_PRIVATE_ENCRYPT,0),	"RSAREF_PRIVATE_ENCRYPT"},
+{ERR_PACK(0,RSAREF_F_RSAREF_PUBLIC_DECRYPT,0),	"RSAREF_PUBLIC_DECRYPT"},
+{ERR_PACK(0,RSAREF_F_RSAREF_PUBLIC_ENCRYPT,0),	"RSAREF_PUBLIC_ENCRYPT"},
+{ERR_PACK(0,RSAREF_F_RSA_BN2BIN,0),	"RSA_BN2BIN"},
+{ERR_PACK(0,RSAREF_F_RSA_PRIVATE_DECRYPT,0),	"RSA_PRIVATE_DECRYPT"},
+{ERR_PACK(0,RSAREF_F_RSA_PRIVATE_ENCRYPT,0),	"RSA_PRIVATE_ENCRYPT"},
+{ERR_PACK(0,RSAREF_F_RSA_PUBLIC_DECRYPT,0),	"RSA_PUBLIC_DECRYPT"},
+{ERR_PACK(0,RSAREF_F_RSA_PUBLIC_ENCRYPT,0),	"RSA_PUBLIC_ENCRYPT"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA RSAREF_str_reasons[]=
+	{
+{RSAREF_R_CONTENT_ENCODING               ,"content encoding"},
+{RSAREF_R_DATA                           ,"data"},
+{RSAREF_R_DIGEST_ALGORITHM               ,"digest algorithm"},
+{RSAREF_R_ENCODING                       ,"encoding"},
+{RSAREF_R_ENCRYPTION_ALGORITHM           ,"encryption algorithm"},
+{RSAREF_R_KEY                            ,"key"},
+{RSAREF_R_KEY_ENCODING                   ,"key encoding"},
+{RSAREF_R_LEN                            ,"len"},
+{RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED       ,"length not block aligned"},
+{RSAREF_R_MODULUS_LEN                    ,"modulus len"},
+{RSAREF_R_NEED_RANDOM                    ,"need random"},
+{RSAREF_R_PRIVATE_KEY                    ,"private key"},
+{RSAREF_R_PUBLIC_KEY                     ,"public key"},
+{RSAREF_R_SIGNATURE                      ,"signature"},
+{RSAREF_R_SIGNATURE_ENCODING             ,"signature encoding"},
+{RSAREF_R_UNKNOWN_FAULT                  ,"unknown fault"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef RSAREF_LIB_NAME
+static ERR_STRING_DATA RSAREF_lib_name[]=
+        {
+{0	,RSAREF_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int RSAREF_lib_error_code=0;
+static int RSAREF_error_init=1;
+
+static void ERR_load_RSAREF_strings(void)
+	{
+	if (RSAREF_lib_error_code == 0)
+		RSAREF_lib_error_code=ERR_get_next_error_library();
+
+	if (RSAREF_error_init)
+		{
+		RSAREF_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(RSAREF_lib_error_code,RSAREF_str_functs);
+		ERR_load_strings(RSAREF_lib_error_code,RSAREF_str_reasons);
+#endif
+
+#ifdef RSAREF_LIB_NAME
+		RSAREF_lib_name->error = ERR_PACK(RSAREF_lib_error_code,0,0);
+		ERR_load_strings(0,RSAREF_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_RSAREF_strings(void)
+	{
+	if (RSAREF_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(RSAREF_lib_error_code,RSAREF_str_functs);
+		ERR_unload_strings(RSAREF_lib_error_code,RSAREF_str_reasons);
+#endif
+
+#ifdef RSAREF_LIB_NAME
+		ERR_unload_strings(0,RSAREF_lib_name);
+#endif
+		RSAREF_error_init=1;
+		}
+	}
+
+static void ERR_RSAREF_error(int function, int reason, char *file, int line)
+	{
+	if (RSAREF_lib_error_code == 0)
+		RSAREF_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(RSAREF_lib_error_code,function,reason,file,line);
+	}
diff --git a/demos/engines/rsaref/rsaref_err.h b/demos/engines/rsaref/rsaref_err.h
new file mode 100644
index 0000000000..19759709b7
--- /dev/null
+++ b/demos/engines/rsaref/rsaref_err.h
@@ -0,0 +1,109 @@
+/* rsaref_err.h */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_RSAREF_ERR_H
+#define HEADER_RSAREF_ERR_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_RSAREF_strings(void);
+static void ERR_unload_RSAREF_strings(void);
+static void ERR_RSAREF_error(int function, int reason, char *file, int line);
+#define RSAREFerr(f,r) ERR_RSAREF_error((f),(r),__FILE__,__LINE__)
+/* Error codes for the RSAREF functions. */
+
+/* Function codes. */
+#define RSAREF_F_BNREF_MOD_EXP				 100
+#define RSAREF_F_CIPHER_DES_CBC_CODE			 112
+#define RSAREF_F_RSAREF_BN2BIN				 101
+#define RSAREF_F_RSAREF_MOD_EXP				 102
+#define RSAREF_F_RSAREF_PRIVATE_DECRYPT			 103
+#define RSAREF_F_RSAREF_PRIVATE_ENCRYPT			 104
+#define RSAREF_F_RSAREF_PUBLIC_DECRYPT			 105
+#define RSAREF_F_RSAREF_PUBLIC_ENCRYPT			 106
+#define RSAREF_F_RSA_BN2BIN				 107
+#define RSAREF_F_RSA_PRIVATE_DECRYPT			 108
+#define RSAREF_F_RSA_PRIVATE_ENCRYPT			 109
+#define RSAREF_F_RSA_PUBLIC_DECRYPT			 110
+#define RSAREF_F_RSA_PUBLIC_ENCRYPT			 111
+
+/* Reason codes. */
+#define RSAREF_R_CONTENT_ENCODING			 100
+#define RSAREF_R_DATA					 101
+#define RSAREF_R_DIGEST_ALGORITHM			 102
+#define RSAREF_R_ENCODING				 103
+#define RSAREF_R_ENCRYPTION_ALGORITHM			 104
+#define RSAREF_R_KEY					 105
+#define RSAREF_R_KEY_ENCODING				 106
+#define RSAREF_R_LEN					 107
+#define RSAREF_R_LENGTH_NOT_BLOCK_ALIGNED		 114
+#define RSAREF_R_MODULUS_LEN				 108
+#define RSAREF_R_NEED_RANDOM				 109
+#define RSAREF_R_PRIVATE_KEY				 110
+#define RSAREF_R_PUBLIC_KEY				 111
+#define RSAREF_R_SIGNATURE				 112
+#define RSAREF_R_SIGNATURE_ENCODING			 113
+#define RSAREF_R_UNKNOWN_FAULT				 115
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/demos/engines/zencod/.cvsignore b/demos/engines/zencod/.cvsignore
new file mode 100644
index 0000000000..594223d400
--- /dev/null
+++ b/demos/engines/zencod/.cvsignore
@@ -0,0 +1,4 @@
+*.exp
+*.so
+*.so.*
+*.a
diff --git a/demos/engines/zencod/Makefile b/demos/engines/zencod/Makefile
new file mode 100644
index 0000000000..5b6a339ab2
--- /dev/null
+++ b/demos/engines/zencod/Makefile
@@ -0,0 +1,114 @@
+LIBNAME=	libzencod
+SRC=		hw_zencod.c
+OBJ=		hw_zencod.o
+HEADER=		hw_zencod.h
+
+CC=		gcc
+PIC=		-fPIC
+CFLAGS=		-g -I../../../include $(PIC) -DENGINE_DYNAMIC_SUPPORT -DFLAT_INC
+AR=		ar r
+RANLIB=		ranlib
+
+LIB=		$(LIBNAME).a
+SHLIB=		$(LIBNAME).so
+
+all:
+		@echo 'Please choose a system to build on:'
+		@echo ''
+		@echo 'tru64:    Tru64 Unix, Digital Unix, Digital OSF/1'
+		@echo 'solaris:  Solaris'
+		@echo 'irix:     IRIX'
+		@echo 'hpux32:   32-bit HP/UX'
+		@echo 'hpux64:   64-bit HP/UX'
+		@echo 'aix:      AIX'
+		@echo 'gnu:      Generic GNU-based system (gcc and GNU ld)'
+		@echo ''
+
+FORCE.update:
+update:		FORCE.update
+		perl ../../../util/mkerr.pl -conf hw_zencod.ec \
+			-nostatic -staticloader -write hw_zencod.c
+
+gnu:		$(SHLIB).gnu
+tru64:		$(SHLIB).tru64
+solaris:	$(SHLIB).solaris
+irix:		$(SHLIB).irix
+hpux32:		$(SHLIB).hpux32
+hpux64:		$(SHLIB).hpux64
+aix:		$(SHLIB).aix
+
+$(LIB):		$(OBJ)
+		$(AR) $(LIB) $(OBJ)
+		- $(RANLIB) $(LIB)
+
+LINK_SO=	\
+  ld -r -o $(LIBNAME).o $$ALLSYMSFLAGS $(LIB) && \
+  (nm -Pg $(LIBNAME).o | grep ' [BDT] ' | cut -f1 -d' ' > $(LIBNAME).exp; \
+   $$SHAREDCMD $$SHAREDFLAGS -o $(SHLIB) $(LIBNAME).o -L ../../.. -lcrypto -lc)
+
+$(SHLIB).gnu:	$(LIB)
+		ALLSYMSFLAGS='--whole-archive' \
+		SHAREDFLAGS='-shared -Wl,-soname=$(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).gnu
+$(SHLIB).tru64:	$(LIB)
+		ALLSYMSFLAGS='-all' \
+		SHAREDFLAGS='-shared' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).tru64
+$(SHLIB).solaris:	$(LIB)
+		ALLSYMSFLAGS='-z allextract' \
+		SHAREDFLAGS='-G -h $(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).solaris
+$(SHLIB).irix:	$(LIB)
+		ALLSYMSFLAGS='-all' \
+		SHAREDFLAGS='-shared -Wl,-soname,$(SHLIB)' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).irix
+$(SHLIB).hpux32:	$(LIB)
+		ALLSYMSFLAGS='-Fl' \
+		SHAREDFLAGS='+vnocompatwarnings -b -z +s +h $(SHLIB)' \
+		SHAREDCMD='/usr/ccs/bin/ld'; \
+		$(LINK_SO)
+		touch $(SHLIB).hpux32
+$(SHLIB).hpux64:	$(LIB)
+		ALLSYMSFLAGS='+forceload' \
+		SHAREDFLAGS='-b -z +h $(SHLIB)' \
+		SHAREDCMD='/usr/ccs/bin/ld'; \
+		$(LINK_SO)
+		touch $(SHLIB).hpux64
+$(SHLIB).aix:	$(LIB)
+		ALLSYMSFLAGS='-bnogc' \
+		SHAREDFLAGS='-G -bE:$(LIBNAME).exp -bM:SRE' \
+		SHAREDCMD='$(CC)'; \
+		$(LINK_SO)
+		touch $(SHLIB).aix
+
+depend:
+		sed -e '/^# DO NOT DELETE.*/,$$d' < Makefile > Makefile.tmp
+		echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
+		gcc -M $(CFLAGS) $(SRC) >> Makefile.tmp
+		perl ../../../util/clean-depend.pl < Makefile.tmp > Makefile.new
+		rm -f Makefile.tmp Makefile
+		mv Makefile.new Makefile
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+rsaref.o: ../../../include/openssl/asn1.h ../../../include/openssl/bio.h
+rsaref.o: ../../../include/openssl/bn.h ../../../include/openssl/crypto.h
+rsaref.o: ../../../include/openssl/dh.h ../../../include/openssl/dsa.h
+rsaref.o: ../../../include/openssl/e_os2.h ../../../include/openssl/engine.h
+rsaref.o: ../../../include/openssl/err.h ../../../include/openssl/lhash.h
+rsaref.o: ../../../include/openssl/opensslconf.h
+rsaref.o: ../../../include/openssl/opensslv.h
+rsaref.o: ../../../include/openssl/ossl_typ.h ../../../include/openssl/rand.h
+rsaref.o: ../../../include/openssl/rsa.h ../../../include/openssl/safestack.h
+rsaref.o: ../../../include/openssl/stack.h ../../../include/openssl/symhacks.h
+rsaref.o: ../../../include/openssl/ui.h rsaref.c rsaref_err.c rsaref_err.h
+rsaref.o: source/des.h source/global.h source/md2.h source/md5.h source/rsa.h
+rsaref.o: source/rsaref.h
diff --git a/demos/engines/zencod/hw_zencod.c b/demos/engines/zencod/hw_zencod.c
new file mode 100644
index 0000000000..308e18710f
--- /dev/null
+++ b/demos/engines/zencod/hw_zencod.c
@@ -0,0 +1,1736 @@
+/* crypto/engine/hw_zencod.c */
+ /* Written by Fred Donnat (frederic.donnat@zencod.com) for "zencod"
+ * engine integration in order to redirect crypto computing on a crypto
+ * hardware accelerator zenssl32  ;-)
+ *
+ * Date : 25 jun 2002
+ * Revision : 17 Ju7 2002
+ * Version : zencod_engine-0.9.7
+ */
+
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+/* ENGINE general include */
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_ZENCOD
+
+#ifdef FLAT_INC
+#  include "hw_zencod.h"
+#else
+#  include "vendor_defns/hw_zencod.h"
+#endif
+
+#define ZENCOD_LIB_NAME "zencod engine"
+#include "hw_zencod_err.c"
+
+#define FAIL_TO_SOFTWARE		-15
+
+#define	ZEN_LIBRARY	"zenbridge"
+
+#if 0
+#  define PERROR(s)	perror(s)
+#  define CHEESE()	fputs("## [ZenEngine] ## " __FUNCTION__ "\n", stderr)
+#else
+#  define PERROR(s)
+#  define CHEESE()
+#endif
+
+
+/* Sorry ;) */
+#ifndef WIN32
+static inline void esrever ( unsigned char *d, int l )
+{
+	for(;--l>0;--l,d++){*d^=*(d+l);*(d+l)^=*d;*d^=*(d+l);}
+}
+
+static inline void ypcmem ( unsigned char *d, const unsigned char *s, int l )
+{
+	for(d+=l;l--;)*--d=*s++;
+}
+#else
+static __inline void esrever ( unsigned char *d, int l )
+{
+	for(;--l>0;--l,d++){*d^=*(d+l);*(d+l)^=*d;*d^=*(d+l);}
+}
+
+static __inline void ypcmem ( unsigned char *d, const unsigned char *s, int l )
+{
+	for(d+=l;l--;)*--d=*s++;
+}
+#endif
+
+
+#define BIGNUM2ZEN(n, bn)	(ptr_zencod_init_number((n), \
+					(unsigned long) ((bn)->top * BN_BITS2), \
+					(unsigned char *) ((bn)->d)))
+
+#define ZEN_BITS(n, bytes)	(ptr_zencod_bytes2bits((unsigned char *) (n), (unsigned long) (bytes)))
+#define ZEN_BYTES(bits)	(ptr_zencod_bits2bytes((unsigned long) (bits)))
+
+
+/* Function for ENGINE detection and control */
+static int zencod_destroy ( ENGINE *e ) ;
+static int zencod_init ( ENGINE *e ) ;
+static int zencod_finish ( ENGINE *e ) ;
+static int zencod_ctrl ( ENGINE *e, int cmd, long i, void *p, void (*f) () ) ;
+
+/* BIGNUM stuff */
+static int zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx ) ;
+
+/* RSA stuff */
+#ifndef OPENSSL_NO_RSA
+static int RSA_zencod_rsa_mod_exp ( BIGNUM *r0, const BIGNUM *I, RSA *rsa ) ;
+static int RSA_zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx ) ;
+#endif
+
+/* DSA stuff */
+#ifndef OPENSSL_NO_DSA
+static int DSA_zencod_bn_mod_exp ( DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx ) ;
+
+static DSA_SIG *DSA_zencod_do_sign ( const unsigned char *dgst, int dlen, DSA *dsa ) ;
+static int DSA_zencod_do_verify ( const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+		DSA *dsa ) ;
+#endif
+
+/* DH stuff */
+#ifndef OPENSSL_NO_DH
+static int DH_zencod_bn_mod_exp ( const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx ) ;
+static int DH_zencod_generate_key ( DH *dh ) ;
+static int DH_zencod_compute_key ( unsigned char *key, const BIGNUM *pub_key, DH *dh ) ;
+#endif
+
+/* Rand stuff */
+static void RAND_zencod_seed ( const void *buf, int num ) ;
+static int RAND_zencod_rand_bytes ( unsigned char *buf, int num ) ;
+static int RAND_zencod_rand_status ( void ) ;
+
+/* Digest Stuff */
+static int engine_digests ( ENGINE *e, const EVP_MD **digest, const int **nids, int nid ) ;
+
+/* Cipher Stuff */
+static int engine_ciphers ( ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid ) ;
+
+
+#define ZENCOD_CMD_SO_PATH			ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN zencod_cmd_defns [ ] =
+{
+	{ ZENCOD_CMD_SO_PATH,
+	  "SO_PATH",
+	  "Specifies the path to the 'zenbridge' shared library",
+	  ENGINE_CMD_FLAG_STRING},
+	{ 0, NULL, NULL, 0 }
+} ;
+
+
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD specific to zencod ENGINE providing pointers to our function */
+static RSA_METHOD zencod_rsa =
+{
+	"ZENCOD RSA method",
+	NULL,
+	NULL,
+	NULL,
+	NULL,
+	RSA_zencod_rsa_mod_exp,
+	RSA_zencod_bn_mod_exp,
+	NULL,
+	NULL,
+	0,
+	NULL,
+	NULL,
+	NULL
+} ;
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD specific to zencod ENGINE providing pointers to our function */
+static DSA_METHOD zencod_dsa =
+{
+	"ZENCOD DSA method",
+	DSA_zencod_do_sign,
+	NULL,
+	DSA_zencod_do_verify,
+	NULL,
+	DSA_zencod_bn_mod_exp,
+	NULL,
+	NULL,
+	0,
+	NULL
+} ;
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD specific to zencod ENGINE providing pointers to our function */
+static DH_METHOD zencod_dh =
+{
+	"ZENCOD DH method",
+	DH_zencod_generate_key,
+	DH_zencod_compute_key,
+	DH_zencod_bn_mod_exp,
+	NULL,
+	NULL,
+	0,
+	NULL
+} ;
+#endif
+
+/* Our internal RAND_meth specific to zencod ZNGINE providing pointers to  our function */
+static RAND_METHOD zencod_rand =
+{
+	RAND_zencod_seed,
+	RAND_zencod_rand_bytes,
+	NULL,
+	NULL,
+	RAND_zencod_rand_bytes,
+	RAND_zencod_rand_status
+} ;
+
+
+/* Constants used when creating the ENGINE */
+static const char *engine_zencod_id = "zencod";
+static const char *engine_zencod_name = "ZENCOD hardware engine support";
+
+
+/* This internal function is used by ENGINE_zencod () and possibly by the
+ * "dynamic" ENGINE support too   ;-)
+ */
+static int bind_helper ( ENGINE *e )
+{
+
+#ifndef OPENSSL_NO_RSA
+	const RSA_METHOD *meth_rsa ;
+#endif
+#ifndef OPENSSL_NO_DSA
+	const DSA_METHOD *meth_dsa ;
+#endif
+#ifndef OPENSSL_NO_DH
+	const DH_METHOD *meth_dh ;
+#endif
+
+	const RAND_METHOD *meth_rand ;
+
+
+	if ( !ENGINE_set_id ( e, engine_zencod_id ) ||
+			!ENGINE_set_name ( e, engine_zencod_name ) ||
+#ifndef OPENSSL_NO_RSA
+			!ENGINE_set_RSA ( e, &zencod_rsa ) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+			!ENGINE_set_DSA ( e, &zencod_dsa ) ||
+#endif
+#ifndef OPENSSL_NO_DH
+			!ENGINE_set_DH ( e, &zencod_dh ) ||
+#endif
+			!ENGINE_set_RAND ( e, &zencod_rand ) ||
+
+			!ENGINE_set_destroy_function ( e, zencod_destroy ) ||
+			!ENGINE_set_init_function ( e, zencod_init ) ||
+			!ENGINE_set_finish_function ( e, zencod_finish ) ||
+			!ENGINE_set_ctrl_function ( e, zencod_ctrl ) ||
+			!ENGINE_set_cmd_defns ( e, zencod_cmd_defns ) ||
+			!ENGINE_set_digests ( e, engine_digests ) ||
+			!ENGINE_set_ciphers ( e, engine_ciphers ) ) {
+		return 0 ;
+	}
+
+#ifndef OPENSSL_NO_RSA
+	/* We know that the "PKCS1_SSLeay()" functions hook properly
+	 * to the Zencod-specific mod_exp and mod_exp_crt so we use
+	 * those functions. NB: We don't use ENGINE_openssl() or
+	 * anything "more generic" because something like the RSAref
+	 * code may not hook properly, and if you own one of these
+	 * cards then you have the right to do RSA operations on it
+	 * anyway!
+	 */
+	meth_rsa = RSA_PKCS1_SSLeay () ;
+
+	zencod_rsa.rsa_pub_enc = meth_rsa->rsa_pub_enc ;
+	zencod_rsa.rsa_pub_dec = meth_rsa->rsa_pub_dec ;
+	zencod_rsa.rsa_priv_enc = meth_rsa->rsa_priv_enc ;
+	zencod_rsa.rsa_priv_dec = meth_rsa->rsa_priv_dec ;
+	/* meth_rsa->rsa_mod_exp */
+	/* meth_rsa->bn_mod_exp */
+	zencod_rsa.init = meth_rsa->init ;
+	zencod_rsa.finish = meth_rsa->finish ;
+#endif
+
+#ifndef OPENSSL_NO_DSA
+	/* We use OpenSSL meth to supply what we don't provide ;-*)
+	 */
+	meth_dsa = DSA_OpenSSL () ;
+
+	/* meth_dsa->dsa_do_sign */
+	zencod_dsa.dsa_sign_setup = meth_dsa->dsa_sign_setup ;
+	/* meth_dsa->dsa_do_verify */
+	zencod_dsa.dsa_mod_exp = meth_dsa->dsa_mod_exp ;
+	/* zencod_dsa.bn_mod_exp = meth_dsa->bn_mod_exp ; */
+	zencod_dsa.init = meth_dsa->init ;
+	zencod_dsa.finish = meth_dsa->finish ;
+#endif
+
+#ifndef OPENSSL_NO_DH
+	/* We use OpenSSL meth to supply what we don't provide ;-*)
+	 */
+	meth_dh = DH_OpenSSL () ;
+
+	/* zencod_dh.generate_key = meth_dh->generate_key ; */
+	/* zencod_dh.compute_key = meth_dh->compute_key ; */
+	/* zencod_dh.bn_mod_exp = meth_dh->bn_mod_exp ; */
+	zencod_dh.init = meth_dh->init ;
+	zencod_dh.finish = meth_dh->finish ;
+
+#endif
+
+	/* We use OpenSSL (SSLeay) meth to supply what we don't provide ;-*)
+	 */
+	meth_rand = RAND_SSLeay () ;
+
+	/* meth_rand->seed ; */
+	/* zencod_rand.seed = meth_rand->seed ; */
+	/* meth_rand->bytes ; */
+	/* zencod_rand.bytes = meth_rand->bytes ; */
+	zencod_rand.cleanup = meth_rand->cleanup ;
+	zencod_rand.add = meth_rand->add ;
+	/* meth_rand->pseudorand ; */
+	/* zencod_rand.pseudorand = meth_rand->pseudorand ; */
+	/* zencod_rand.status = meth_rand->status ; */
+	/* meth_rand->status ; */
+
+	/* Ensure the zencod error handling is set up */
+	ERR_load_ZENCOD_strings () ;
+	return 1 ;
+}
+
+
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!)
+ */
+ENGINE *ENGINE_zencod ( void )
+{
+
+	ENGINE *eng = ENGINE_new () ;
+
+	if ( !eng ) {
+		return NULL ;
+	}
+	if ( !bind_helper ( eng ) ) {
+		ENGINE_free ( eng ) ;
+		return NULL ;
+	}
+
+	return eng ;
+}
+
+
+void ENGINE_load_zencod ( void )
+{
+	/* Copied from eng_[openssl|dyn].c */
+	ENGINE *toadd = ENGINE_zencod ( ) ;
+	if ( !toadd ) return ;
+	ENGINE_add ( toadd ) ;
+	ENGINE_free ( toadd ) ;
+	ERR_clear_error ( ) ;
+}
+
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the ZENBRIDGE library.
+ * NB: This is only set (or unset) during an * init () or finish () call
+ * (reference counts permitting) and they're  * operating with global locks,
+ * so this should be thread-safe * implicitly.
+ */
+static DSO *zencod_dso = NULL ;
+
+static t_zencod_test *ptr_zencod_test = NULL ;
+static t_zencod_bytes2bits *ptr_zencod_bytes2bits = NULL ;
+static t_zencod_bits2bytes *ptr_zencod_bits2bytes = NULL ;
+static t_zencod_new_number *ptr_zencod_new_number = NULL ;
+static t_zencod_init_number *ptr_zencod_init_number = NULL ;
+
+static t_zencod_rsa_mod_exp *ptr_zencod_rsa_mod_exp = NULL ;
+static t_zencod_rsa_mod_exp_crt *ptr_zencod_rsa_mod_exp_crt = NULL ;
+static t_zencod_dsa_do_sign *ptr_zencod_dsa_do_sign = NULL ;
+static t_zencod_dsa_do_verify *ptr_zencod_dsa_do_verify = NULL ;
+static t_zencod_dh_generate_key *ptr_zencod_dh_generate_key = NULL ;
+static t_zencod_dh_compute_key *ptr_zencod_dh_compute_key = NULL ;
+static t_zencod_rand_bytes *ptr_zencod_rand_bytes = NULL ;
+static t_zencod_math_mod_exp *ptr_zencod_math_mod_exp = NULL ;
+
+static t_zencod_md5_init *ptr_zencod_md5_init = NULL ;
+static t_zencod_md5_update *ptr_zencod_md5_update = NULL ;
+static t_zencod_md5_do_final *ptr_zencod_md5_do_final = NULL ;
+static t_zencod_sha1_init *ptr_zencod_sha1_init = NULL ;
+static t_zencod_sha1_update *ptr_zencod_sha1_update = NULL ;
+static t_zencod_sha1_do_final *ptr_zencod_sha1_do_final = NULL ;
+
+static t_zencod_xdes_cipher *ptr_zencod_xdes_cipher = NULL ;
+static t_zencod_rc4_cipher *ptr_zencod_rc4_cipher = NULL ;
+
+/* These are the static string constants for the DSO file name and the function
+ * symbol names to bind to.
+ */
+static const char *ZENCOD_LIBNAME = ZEN_LIBRARY ;
+
+static const char *ZENCOD_Fct_0 = "test_device" ;
+static const char *ZENCOD_Fct_1 = "zenbridge_bytes2bits" ;
+static const char *ZENCOD_Fct_2 = "zenbridge_bits2bytes" ;
+static const char *ZENCOD_Fct_3 = "zenbridge_new_number" ;
+static const char *ZENCOD_Fct_4 = "zenbridge_init_number" ;
+
+static const char *ZENCOD_Fct_exp_1 = "zenbridge_rsa_mod_exp" ;
+static const char *ZENCOD_Fct_exp_2 = "zenbridge_rsa_mod_exp_crt" ;
+static const char *ZENCOD_Fct_dsa_1 = "zenbridge_dsa_do_sign" ;
+static const char *ZENCOD_Fct_dsa_2 = "zenbridge_dsa_do_verify" ;
+static const char *ZENCOD_Fct_dh_1 = "zenbridge_dh_generate_key" ;
+static const char *ZENCOD_Fct_dh_2 = "zenbridge_dh_compute_key" ;
+static const char *ZENCOD_Fct_rand_1 = "zenbridge_rand_bytes" ;
+static const char *ZENCOD_Fct_math_1 = "zenbridge_math_mod_exp" ;
+
+static const char *ZENCOD_Fct_md5_1 = "zenbridge_md5_init" ;
+static const char *ZENCOD_Fct_md5_2 = "zenbridge_md5_update" ;
+static const char *ZENCOD_Fct_md5_3 = "zenbridge_md5_do_final" ;
+static const char *ZENCOD_Fct_sha1_1 = "zenbridge_sha1_init" ;
+static const char *ZENCOD_Fct_sha1_2 = "zenbridge_sha1_update" ;
+static const char *ZENCOD_Fct_sha1_3 = "zenbridge_sha1_do_final" ;
+
+static const char *ZENCOD_Fct_xdes_1 = "zenbridge_xdes_cipher" ;
+static const char *ZENCOD_Fct_rc4_1 = "zenbridge_rc4_cipher" ;
+
+/* Destructor (complements the "ENGINE_zencod ()" constructor)
+ */
+static int zencod_destroy (ENGINE *e )
+{
+
+	ERR_unload_ZENCOD_strings () ;
+
+	return 1 ;
+}
+
+
+/* (de)initialisation functions. Control Function
+ */
+static int zencod_init ( ENGINE *e )
+{
+
+	t_zencod_test *ptr_0 ;
+	t_zencod_bytes2bits *ptr_1 ;
+	t_zencod_bits2bytes *ptr_2 ;
+	t_zencod_new_number *ptr_3 ;
+	t_zencod_init_number *ptr_4 ;
+	t_zencod_rsa_mod_exp *ptr_exp_1 ;
+	t_zencod_rsa_mod_exp_crt *ptr_exp_2 ;
+	t_zencod_dsa_do_sign *ptr_dsa_1 ;
+	t_zencod_dsa_do_verify *ptr_dsa_2 ;
+	t_zencod_dh_generate_key *ptr_dh_1 ;
+	t_zencod_dh_compute_key *ptr_dh_2 ;
+	t_zencod_rand_bytes *ptr_rand_1 ;
+	t_zencod_math_mod_exp *ptr_math_1 ;
+	t_zencod_md5_init *ptr_md5_1 ;
+	t_zencod_md5_update *ptr_md5_2 ;
+	t_zencod_md5_do_final *ptr_md5_3 ;
+	t_zencod_sha1_init *ptr_sha1_1 ;
+	t_zencod_sha1_update *ptr_sha1_2 ;
+	t_zencod_sha1_do_final *ptr_sha1_3 ;
+	t_zencod_xdes_cipher *ptr_xdes_1 ;
+	t_zencod_rc4_cipher *ptr_rc4_1 ;
+
+	CHEESE () ;
+
+	/*
+	 * We Should add some tests for non NULL parameters or bad value !!
+	 * Stuff to be done ...
+	 */
+
+	if ( zencod_dso != NULL ) {
+		ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_ALREADY_LOADED ) ;
+		goto err ;
+	}
+	/* Trying to load the Library "cryptozen"
+	 */
+	zencod_dso = DSO_load ( NULL, ZENCOD_LIBNAME, NULL, 0 ) ;
+	if ( zencod_dso == NULL ) {
+		ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_DSO_FAILURE ) ;
+		goto err ;
+	}
+
+	/* Trying to load Function from the Library
+	 */
+	if ( ! ( ptr_1 = (t_zencod_bytes2bits*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_1 ) ) ||
+			! ( ptr_2 = (t_zencod_bits2bytes*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_2 ) ) ||
+			! ( ptr_3 = (t_zencod_new_number*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_3 ) ) ||
+			! ( ptr_4 = (t_zencod_init_number*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_4 ) ) ||
+			! ( ptr_exp_1 = (t_zencod_rsa_mod_exp*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_exp_1 ) ) ||
+			! ( ptr_exp_2 = (t_zencod_rsa_mod_exp_crt*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_exp_2 ) ) ||
+			! ( ptr_dsa_1 = (t_zencod_dsa_do_sign*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dsa_1 ) ) ||
+			! ( ptr_dsa_2 = (t_zencod_dsa_do_verify*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dsa_2 ) ) ||
+			! ( ptr_dh_1 = (t_zencod_dh_generate_key*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dh_1 ) ) ||
+			! ( ptr_dh_2 = (t_zencod_dh_compute_key*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_dh_2 ) ) ||
+			! ( ptr_rand_1 = (t_zencod_rand_bytes*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_rand_1 ) ) ||
+			! ( ptr_math_1 = (t_zencod_math_mod_exp*) DSO_bind_func ( zencod_dso, ZENCOD_Fct_math_1 ) ) ||
+			! ( ptr_0 = (t_zencod_test *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_0 ) ) ||
+			! ( ptr_md5_1 = (t_zencod_md5_init *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_1 ) ) ||
+			! ( ptr_md5_2 = (t_zencod_md5_update *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_2 ) ) ||
+			! ( ptr_md5_3 = (t_zencod_md5_do_final *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_md5_3 ) ) ||
+			! ( ptr_sha1_1 = (t_zencod_sha1_init *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_1 ) ) ||
+			! ( ptr_sha1_2 = (t_zencod_sha1_update *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_2 ) ) ||
+			! ( ptr_sha1_3 = (t_zencod_sha1_do_final *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_sha1_3 ) ) ||
+			! ( ptr_xdes_1 = (t_zencod_xdes_cipher *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_xdes_1 ) ) ||
+			! ( ptr_rc4_1 = (t_zencod_rc4_cipher *) DSO_bind_func ( zencod_dso, ZENCOD_Fct_rc4_1 ) ) ) {
+
+		ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_DSO_FAILURE ) ;
+		goto err ;
+	}
+
+	/* The function from "cryptozen" Library have been correctly loaded so copy them
+	 */
+	ptr_zencod_test = ptr_0 ;
+	ptr_zencod_bytes2bits = ptr_1 ;
+	ptr_zencod_bits2bytes = ptr_2 ;
+	ptr_zencod_new_number = ptr_3 ;
+	ptr_zencod_init_number = ptr_4 ;
+	ptr_zencod_rsa_mod_exp = ptr_exp_1 ;
+	ptr_zencod_rsa_mod_exp_crt = ptr_exp_2 ;
+	ptr_zencod_dsa_do_sign = ptr_dsa_1 ;
+	ptr_zencod_dsa_do_verify = ptr_dsa_2 ;
+	ptr_zencod_dh_generate_key = ptr_dh_1 ;
+	ptr_zencod_dh_compute_key = ptr_dh_2 ;
+	ptr_zencod_rand_bytes = ptr_rand_1 ;
+	ptr_zencod_math_mod_exp = ptr_math_1 ;
+	ptr_zencod_test = ptr_0 ;
+	ptr_zencod_md5_init = ptr_md5_1 ;
+	ptr_zencod_md5_update = ptr_md5_2 ;
+	ptr_zencod_md5_do_final = ptr_md5_3 ;
+	ptr_zencod_sha1_init = ptr_sha1_1 ;
+	ptr_zencod_sha1_update = ptr_sha1_2 ;
+	ptr_zencod_sha1_do_final = ptr_sha1_3 ;
+	ptr_zencod_xdes_cipher = ptr_xdes_1 ;
+	ptr_zencod_rc4_cipher = ptr_rc4_1 ;
+
+	/* We should peform a test to see if there is actually any unit runnig on the system ...
+	 * Even if the cryptozen library is loaded the module coul not be loaded on the system ...
+	 * For now we may just open and close the device !!
+	 */
+
+	if ( ptr_zencod_test () != 0 ) {
+		ZENCODerr ( ZENCOD_F_ZENCOD_INIT, ZENCOD_R_UNIT_FAILURE ) ;
+		goto err ;
+	}
+
+	return 1 ;
+err :
+	if ( zencod_dso ) {
+		DSO_free ( zencod_dso ) ;
+	}
+	zencod_dso = NULL ;
+	ptr_zencod_bytes2bits = NULL ;
+	ptr_zencod_bits2bytes = NULL ;
+	ptr_zencod_new_number = NULL ;
+	ptr_zencod_init_number = NULL ;
+	ptr_zencod_rsa_mod_exp = NULL ;
+	ptr_zencod_rsa_mod_exp_crt = NULL ;
+	ptr_zencod_dsa_do_sign = NULL ;
+	ptr_zencod_dsa_do_verify = NULL ;
+	ptr_zencod_dh_generate_key = NULL ;
+	ptr_zencod_dh_compute_key = NULL ;
+	ptr_zencod_rand_bytes = NULL ;
+	ptr_zencod_math_mod_exp = NULL ;
+	ptr_zencod_test = NULL ;
+	ptr_zencod_md5_init = NULL ;
+	ptr_zencod_md5_update = NULL ;
+	ptr_zencod_md5_do_final = NULL ;
+	ptr_zencod_sha1_init = NULL ;
+	ptr_zencod_sha1_update = NULL ;
+	ptr_zencod_sha1_do_final = NULL ;
+	ptr_zencod_xdes_cipher = NULL ;
+	ptr_zencod_rc4_cipher = NULL ;
+
+	return 0 ;
+}
+
+
+static int zencod_finish ( ENGINE *e )
+{
+
+	CHEESE () ;
+
+	/*
+	 * We Should add some tests for non NULL parameters or bad value !!
+	 * Stuff to be done ...
+	 */
+	if ( zencod_dso == NULL ) {
+		ZENCODerr ( ZENCOD_F_ZENCOD_FINISH, ZENCOD_R_NOT_LOADED ) ;
+		return 0 ;
+	}
+	if ( !DSO_free ( zencod_dso ) ) {
+		ZENCODerr ( ZENCOD_F_ZENCOD_FINISH, ZENCOD_R_DSO_FAILURE ) ;
+		return 0 ;
+	}
+
+	zencod_dso = NULL ;
+
+	ptr_zencod_bytes2bits = NULL ;
+	ptr_zencod_bits2bytes = NULL ;
+	ptr_zencod_new_number = NULL ;
+	ptr_zencod_init_number = NULL ;
+	ptr_zencod_rsa_mod_exp = NULL ;
+	ptr_zencod_rsa_mod_exp_crt = NULL ;
+	ptr_zencod_dsa_do_sign = NULL ;
+	ptr_zencod_dsa_do_verify = NULL ;
+	ptr_zencod_dh_generate_key = NULL ;
+	ptr_zencod_dh_compute_key = NULL ;
+	ptr_zencod_rand_bytes = NULL ;
+	ptr_zencod_math_mod_exp = NULL ;
+	ptr_zencod_test = NULL ;
+	ptr_zencod_md5_init = NULL ;
+	ptr_zencod_md5_update = NULL ;
+	ptr_zencod_md5_do_final = NULL ;
+	ptr_zencod_sha1_init = NULL ;
+	ptr_zencod_sha1_update = NULL ;
+	ptr_zencod_sha1_do_final = NULL ;
+	ptr_zencod_xdes_cipher = NULL ;
+	ptr_zencod_rc4_cipher = NULL ;
+
+	return 1 ;
+}
+
+
+static int zencod_ctrl ( ENGINE *e, int cmd, long i, void *p, void (*f) () )
+{
+
+	int initialised = ( ( zencod_dso == NULL ) ? 0 : 1 ) ;
+
+	CHEESE () ;
+
+	/*
+	 * We Should add some tests for non NULL parameters or bad value !!
+	 * Stuff to be done ...
+	 */
+	switch ( cmd ) {
+	case ZENCOD_CMD_SO_PATH :
+		if ( p == NULL ) {
+			ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ERR_R_PASSED_NULL_PARAMETER ) ;
+			return 0 ;
+		}
+		if ( initialised ) {
+			ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ZENCOD_R_ALREADY_LOADED ) ;
+			return 0 ;
+		}
+		ZENCOD_LIBNAME = (const char *) p ;
+		return 1 ;
+	default :
+		break ;
+	}
+
+	ZENCODerr ( ZENCOD_F_ZENCOD_CTRL, ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED ) ;
+
+	return 0 ;
+}
+
+
+/* BIGNUM stuff Functions
+ */
+static int zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx )
+{
+	zen_nb_t y, x, e, n;
+	int ret;
+
+	CHEESE () ;
+
+	if ( !zencod_dso ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_NOT_LOADED);
+		return 0;
+	}
+
+	if ( !bn_wexpand(r, m->top + 1) ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_BN_EXPAND_FAIL);
+		return 0;
+	}
+
+	memset(r->d, 0, BN_num_bytes(m));
+
+	ptr_zencod_init_number ( &y, (r->dmax - 1) * sizeof (BN_ULONG) * 8, (unsigned char *) r->d ) ;
+	BIGNUM2ZEN ( &x, a ) ;
+	BIGNUM2ZEN ( &e, p ) ;
+	BIGNUM2ZEN ( &n, m ) ;
+
+	/* Must invert x and e parameter due to BN mod exp prototype ... */
+	ret = ptr_zencod_math_mod_exp ( &y, &e, &x, &n ) ;
+
+	if ( ret )  {
+		PERROR("zenbridge_math_mod_exp");
+		ENGINEerr(ZENCOD_F_ZENCOD_BN_MOD_EXP, ZENCOD_R_REQUEST_FAILED);
+		return 0;
+	}
+
+	r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2;
+
+	return 1;
+}
+
+
+/* RSA stuff Functions
+ */
+#ifndef OPENSSL_NO_RSA
+static int RSA_zencod_rsa_mod_exp ( BIGNUM *r0, const BIGNUM *i, RSA *rsa )
+{
+
+	CHEESE () ;
+
+	if ( !zencod_dso ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_NOT_LOADED);
+		return 0;
+	}
+
+	if ( !rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_BAD_KEY_COMPONENTS);
+		return 0;
+	}
+
+	/* Do in software if argument is too large for hardware */
+	if ( RSA_size(rsa) * 8 > ZENBRIDGE_MAX_KEYSIZE_RSA_CRT ) {
+		const RSA_METHOD *meth;
+
+		meth = RSA_PKCS1_SSLeay();
+		return meth->rsa_mod_exp(r0, i, rsa);
+	} else {
+		zen_nb_t y, x, p, q, dmp1, dmq1, iqmp;
+
+		if ( !bn_expand(r0, RSA_size(rsa) * 8) ) {
+			ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_BN_EXPAND_FAIL);
+			return 0;
+		}
+		r0->top = (RSA_size(rsa) * 8 + BN_BITS2 - 1) / BN_BITS2;
+
+		BIGNUM2ZEN ( &x, i ) ;
+		BIGNUM2ZEN ( &y, r0 ) ;
+		BIGNUM2ZEN ( &p, rsa->p ) ;
+		BIGNUM2ZEN ( &q, rsa->q ) ;
+		BIGNUM2ZEN ( &dmp1, rsa->dmp1 ) ;
+		BIGNUM2ZEN ( &dmq1, rsa->dmq1 ) ;
+		BIGNUM2ZEN ( &iqmp, rsa->iqmp ) ;
+
+		if ( ptr_zencod_rsa_mod_exp_crt ( &y, &x, &p, &q, &dmp1, &dmq1, &iqmp ) < 0 ) {
+			PERROR("zenbridge_rsa_mod_exp_crt");
+			ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT, ZENCOD_R_REQUEST_FAILED);
+			return 0;
+		}
+
+		return 1;
+	}
+}
+
+
+/* This function is aliased to RSA_mod_exp (with the mont stuff dropped).
+ */
+static int RSA_zencod_bn_mod_exp ( BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx )
+{
+
+	CHEESE () ;
+
+	if ( !zencod_dso ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_NOT_LOADED);
+		return 0;
+	}
+
+	/* Do in software if argument is too large for hardware */
+	if ( BN_num_bits(m) > ZENBRIDGE_MAX_KEYSIZE_RSA ) {
+		const RSA_METHOD *meth;
+
+		meth = RSA_PKCS1_SSLeay();
+		return meth->bn_mod_exp(r, a, p, m, ctx, m_ctx);
+	} else {
+		zen_nb_t y, x, e, n;
+
+		if ( !bn_expand(r, BN_num_bits(m)) ) {
+			ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_BN_EXPAND_FAIL);
+			return 0;
+		}
+		r->top = (BN_num_bits(m) + BN_BITS2 - 1) / BN_BITS2;
+
+		BIGNUM2ZEN ( &x, a ) ;
+		BIGNUM2ZEN ( &y, r ) ;
+		BIGNUM2ZEN ( &e, p ) ;
+		BIGNUM2ZEN ( &n, m ) ;
+
+		if ( ptr_zencod_rsa_mod_exp ( &y, &x, &n, &e ) < 0 ) {
+			PERROR("zenbridge_rsa_mod_exp");
+			ENGINEerr(ZENCOD_F_ZENCOD_RSA_MOD_EXP, ZENCOD_R_REQUEST_FAILED);
+			return 0;
+		}
+
+		return 1;
+	}
+}
+#endif /* !OPENSSL_NO_RSA */
+
+
+#ifndef OPENSSL_NO_DSA
+/* DSA stuff Functions
+ */
+static DSA_SIG *DSA_zencod_do_sign ( const unsigned char *dgst, int dlen, DSA *dsa )
+{
+	zen_nb_t p, q, g, x, y, r, s, data;
+	DSA_SIG *sig;
+	BIGNUM *bn_r = NULL;
+	BIGNUM *bn_s = NULL;
+	char msg[20];
+
+	CHEESE();
+
+	if ( !zencod_dso ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_NOT_LOADED);
+		goto FAILED;
+	}
+
+	if ( dlen > 160 ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
+		goto FAILED;
+	}
+
+	/* Do in software if argument is too large for hardware */
+	if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||
+		BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) {
+		const DSA_METHOD *meth;
+		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
+		meth = DSA_OpenSSL();
+		return meth->dsa_do_sign(dgst, dlen, dsa);
+	}
+
+	if ( !(bn_s = BN_new()) || !(bn_r = BN_new()) ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
+		goto FAILED;
+	}
+
+	if ( !bn_expand(bn_r, 160) || !bn_expand(bn_s, 160) ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BN_EXPAND_FAIL);
+		goto FAILED;
+	}
+
+	bn_r->top = bn_s->top = (160 + BN_BITS2 - 1) / BN_BITS2;
+	BIGNUM2ZEN ( &p, dsa->p ) ;
+	BIGNUM2ZEN ( &q, dsa->q ) ;
+	BIGNUM2ZEN ( &g, dsa->g ) ;
+	BIGNUM2ZEN ( &x, dsa->priv_key ) ;
+	BIGNUM2ZEN ( &y, dsa->pub_key ) ;
+	BIGNUM2ZEN ( &r, bn_r ) ;
+	BIGNUM2ZEN ( &s, bn_s ) ;
+	q.len = x.len = 160;
+
+	ypcmem(msg, dgst, 20);
+	ptr_zencod_init_number ( &data, 160, msg ) ;
+
+	if ( ptr_zencod_dsa_do_sign ( 0, &data, &y, &p, &q, &g, &x, &r, &s ) < 0 ) {
+		PERROR("zenbridge_dsa_do_sign");
+		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
+		goto FAILED;
+	}
+
+	if ( !( sig = DSA_SIG_new () ) ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
+		goto FAILED;
+	}
+	sig->r = bn_r;
+	sig->s = bn_s;
+	return sig;
+
+ FAILED:
+	if (bn_r)
+		BN_free(bn_r);
+	if (bn_s)
+		BN_free(bn_s);
+	return NULL;
+}
+
+
+static int DSA_zencod_do_verify ( const unsigned char *dgst, int dlen, DSA_SIG *sig, DSA *dsa )
+{
+	zen_nb_t data, p, q, g, y, r, s, v;
+	char msg[20];
+	char v_data[20];
+	int ret;
+
+	CHEESE();
+
+	if ( !zencod_dso ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_NOT_LOADED);
+		return 0;
+	}
+
+	if ( dlen > 160 ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED);
+		return 0;
+	}
+
+	/* Do in software if argument is too large for hardware */
+	if ( BN_num_bits(dsa->p) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ||
+		BN_num_bits(dsa->g) > ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN ) {
+		const DSA_METHOD *meth;
+		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS);
+		meth = DSA_OpenSSL();
+		return meth->dsa_do_verify(dgst, dlen, sig, dsa);
+	}
+
+	BIGNUM2ZEN ( &p, dsa->p ) ;
+	BIGNUM2ZEN ( &q, dsa->q ) ;
+	BIGNUM2ZEN ( &g, dsa->g ) ;
+	BIGNUM2ZEN ( &y, dsa->pub_key ) ;
+	BIGNUM2ZEN ( &r, sig->r ) ;
+	BIGNUM2ZEN ( &s, sig->s ) ;
+	ptr_zencod_init_number ( &v, 160, v_data ) ;
+	ypcmem(msg, dgst, 20);
+	ptr_zencod_init_number ( &data, 160, msg ) ;
+
+	if ( ( ret = ptr_zencod_dsa_do_verify ( 0, &data, &p, &q, &g, &y, &r, &s, &v ) ) < 0 ) {
+		PERROR("zenbridge_dsa_do_verify");
+		ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_VERIFY, ZENCOD_R_REQUEST_FAILED);
+		return 0;
+	}
+
+	return ( ( ret == 0 ) ? 1 : ret ) ;
+}
+
+
+static int DSA_zencod_bn_mod_exp ( DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+			     BN_CTX *ctx, BN_MONT_CTX *m_ctx )
+{
+	CHEESE () ;
+
+	return zencod_bn_mod_exp ( r, a, p, m, ctx ) ;
+}
+#endif /* !OPENSSL_NO_DSA */
+
+
+#ifndef OPENSSl_NO_DH
+/* DH stuff Functions
+ */
+static int DH_zencod_generate_key ( DH *dh )
+{
+	BIGNUM *bn_prv = NULL;
+	BIGNUM *bn_pub = NULL;
+	zen_nb_t y, x, g, p;
+	int generate_x;
+
+	CHEESE();
+
+	if ( !zencod_dso ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_NOT_LOADED);
+		return 0;
+	}
+
+	/* Private key */
+	if ( dh->priv_key ) {
+		bn_prv = dh->priv_key;
+		generate_x = 0;
+	} else {
+		if (!(bn_prv = BN_new())) {
+			ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
+			goto FAILED;
+		}
+		generate_x = 1;
+	}
+
+	/* Public key */
+	if ( dh->pub_key )
+		bn_pub = dh->pub_key;
+	else
+		if ( !( bn_pub = BN_new () ) ) {
+			ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
+			goto FAILED;
+		}
+
+	/* Expand */
+	if ( !bn_wexpand ( bn_prv, dh->p->dmax ) ||
+	    !bn_wexpand ( bn_pub, dh->p->dmax ) ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL);
+		goto FAILED;
+	}
+	bn_prv->top = dh->p->top;
+	bn_pub->top = dh->p->top;
+
+	/* Convert all keys */
+	BIGNUM2ZEN ( &p, dh->p ) ;
+	BIGNUM2ZEN ( &g, dh->g ) ;
+	BIGNUM2ZEN ( &y, bn_pub ) ;
+	BIGNUM2ZEN ( &x, bn_prv ) ;
+	x.len = DH_size(dh) * 8;
+
+	/* Adjust the lengths of P and G */
+	p.len = ptr_zencod_bytes2bits ( p.data, ZEN_BYTES ( p.len ) ) ;
+	g.len = ptr_zencod_bytes2bits ( g.data, ZEN_BYTES ( g.len ) ) ;
+
+	/* Send the request to the driver */
+	if ( ptr_zencod_dh_generate_key ( &y, &x, &g, &p, generate_x ) < 0 ) {
+		perror("zenbridge_dh_generate_key");
+		ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_REQUEST_FAILED);
+		goto FAILED;
+	}
+
+	dh->priv_key = bn_prv;
+	dh->pub_key  = bn_pub;
+
+	return 1;
+
+ FAILED:
+	if (!dh->priv_key && bn_prv)
+		BN_free(bn_prv);
+	if (!dh->pub_key && bn_pub)
+		BN_free(bn_pub);
+
+	return 0;
+}
+
+
+static int DH_zencod_compute_key ( unsigned char *key, const BIGNUM *pub_key, DH *dh )
+{
+	zen_nb_t y, x, p, k;
+
+	CHEESE();
+
+	if ( !zencod_dso ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_NOT_LOADED);
+		return 0;
+	}
+
+	if ( !dh->priv_key ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_BAD_KEY_COMPONENTS);
+		return 0;
+	}
+
+	/* Convert all keys */
+	BIGNUM2ZEN ( &y, pub_key ) ;
+	BIGNUM2ZEN ( &x, dh->priv_key ) ;
+	BIGNUM2ZEN ( &p, dh->p ) ;
+	ptr_zencod_init_number ( &k, p.len, key ) ;
+
+	/* Adjust the lengths */
+	p.len = ptr_zencod_bytes2bits ( p.data, ZEN_BYTES ( p.len ) ) ;
+	y.len = ptr_zencod_bytes2bits ( y.data, ZEN_BYTES ( y.len ) ) ;
+	x.len = ptr_zencod_bytes2bits ( x.data, ZEN_BYTES ( x.len ) ) ;
+
+	/* Call the hardware */
+	if ( ptr_zencod_dh_compute_key ( &k, &y, &x, &p ) < 0 ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_DH_COMPUTE, ZENCOD_R_REQUEST_FAILED);
+		return 0;
+	}
+
+	/* The key must be written MSB -> LSB */
+	k.len = ptr_zencod_bytes2bits ( k.data, ZEN_BYTES ( k.len ) ) ;
+	esrever ( key, ZEN_BYTES ( k.len ) ) ;
+
+	return ZEN_BYTES ( k.len ) ;
+}
+
+
+static int DH_zencod_bn_mod_exp ( const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx )
+{
+	CHEESE () ;
+
+	return zencod_bn_mod_exp ( r, a, p, m, ctx ) ;
+}
+#endif	/* !OPENSSL_NO_DH */
+
+
+/* RAND stuff Functions
+ */
+static void RAND_zencod_seed ( const void *buf, int num )
+{
+	/* Nothing to do cause our crypto accelerator provide a true random generator */
+}
+
+
+static int RAND_zencod_rand_bytes ( unsigned char *buf, int num )
+{
+	zen_nb_t r;
+
+	CHEESE();
+
+	if ( !zencod_dso ) {
+		ENGINEerr(ZENCOD_F_ZENCOD_RAND, ZENCOD_R_NOT_LOADED);
+		return 0;
+	}
+
+	ptr_zencod_init_number ( &r, num * 8, buf ) ;
+
+	if ( ptr_zencod_rand_bytes ( &r, ZENBRIDGE_RNG_DIRECT ) < 0 ) {
+		PERROR("zenbridge_rand_bytes");
+		ENGINEerr(ZENCOD_F_ZENCOD_RAND, ZENCOD_R_REQUEST_FAILED);
+		return 0;
+	}
+
+	return 1;
+}
+
+
+static int RAND_zencod_rand_status ( void )
+{
+	CHEESE () ;
+
+	return 1;
+}
+
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library.
+ */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn ( ENGINE *e, const char *id )
+{
+
+	if ( id && ( strcmp ( id, engine_zencod_id ) != 0 ) ) {
+		return 0 ;
+	}
+	if ( !bind_helper ( e ) )  {
+		return 0 ;
+	}
+
+	return 1 ;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN ()
+IMPLEMENT_DYNAMIC_BIND_FN ( bind_fn )
+#endif /* ENGINE_DYNAMIC_SUPPORT */
+
+
+
+
+/*
+ * Adding "Digest" and "Cipher" tools ...
+ * This is in development ... ;-)
+ * In orfer to code this, i refer to hw_openbsd_dev_crypto and openssl engine made by Geoff Thorpe (if i'm rigth),
+ * and evp, sha md5 definitions etc ...
+ */
+/* First add some include ... */
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+#include <openssl/md5.h>
+#include <openssl/rc4.h>
+#include <openssl/des.h>
+
+
+/* Some variables declaration ... */
+/* DONS:
+ * Disable symetric computation except DES and 3DES, but let part of the code
+ */
+/* static int engine_digest_nids [ ] = { NID_sha1, NID_md5 } ; */
+static int engine_digest_nids [ ] = {  } ;
+static int engine_digest_nids_num = 0 ;
+/* static int engine_cipher_nids [ ] = { NID_rc4, NID_rc4_40, NID_des_cbc, NID_des_ede3_cbc } ; */
+static int engine_cipher_nids [ ] = { NID_des_cbc, NID_des_ede3_cbc } ;
+static int engine_cipher_nids_num = 2 ;
+
+
+/* Function prototype ... */
+/*  SHA stuff */
+static int engine_sha1_init ( EVP_MD_CTX *ctx ) ;
+static int engine_sha1_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count ) ;
+static int engine_sha1_final ( EVP_MD_CTX *ctx, unsigned char *md ) ;
+
+/*  MD5 stuff */
+static int engine_md5_init ( EVP_MD_CTX *ctx ) ;
+static int engine_md5_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count ) ;
+static int engine_md5_final ( EVP_MD_CTX *ctx, unsigned char *md ) ;
+
+static int engine_md_cleanup ( EVP_MD_CTX *ctx ) ;
+static int engine_md_copy ( EVP_MD_CTX *to, const EVP_MD_CTX *from ) ;
+
+
+/* RC4 Stuff */
+static int engine_rc4_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
+static int engine_rc4_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl ) ;
+
+/* DES Stuff */
+static int engine_des_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
+static int engine_des_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl ) ;
+
+/*  3DES Stuff */
+static int engine_des_ede3_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc ) ;
+static int engine_des_ede3_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out,const unsigned char *in, unsigned int inl ) ;
+
+static int engine_cipher_cleanup ( EVP_CIPHER_CTX *ctx ) ;	/* cleanup ctx */
+
+
+/* The one for SHA ... */
+static const EVP_MD engine_sha1_md =
+{
+	NID_sha1,
+	NID_sha1WithRSAEncryption,
+	SHA_DIGEST_LENGTH,
+	EVP_MD_FLAG_ONESHOT,
+	/* 0, */			/* EVP_MD_FLAG_ONESHOT = x0001 digest can only handle a single block
+				* XXX: set according to device info ... */
+	engine_sha1_init,
+	engine_sha1_update,
+	engine_sha1_final,
+	engine_md_copy,		/* dev_crypto_sha_copy */
+	engine_md_cleanup,		/* dev_crypto_sha_cleanup */
+	EVP_PKEY_RSA_method,
+	SHA_CBLOCK,
+	/* sizeof ( EVP_MD * ) + sizeof ( SHA_CTX ) */
+	sizeof ( ZEN_MD_DATA )
+	/* sizeof ( MD_CTX_DATA )	The message digest data stucture ... */
+} ;
+
+/* The one for MD5 ... */
+static const EVP_MD engine_md5_md =
+{
+	NID_md5,
+	NID_md5WithRSAEncryption,
+	MD5_DIGEST_LENGTH,
+	EVP_MD_FLAG_ONESHOT,
+	/* 0, */			/* EVP_MD_FLAG_ONESHOT = x0001 digest can only handle a single block
+				* XXX: set according to device info ... */
+	engine_md5_init,
+	engine_md5_update,
+	engine_md5_final,
+	engine_md_copy,		/* dev_crypto_md5_copy */
+	engine_md_cleanup,		/* dev_crypto_md5_cleanup */
+	EVP_PKEY_RSA_method,
+	MD5_CBLOCK,
+	/* sizeof ( EVP_MD * ) + sizeof ( MD5_CTX ) */
+	sizeof ( ZEN_MD_DATA )
+	/* sizeof ( MD_CTX_DATA )	The message digest data stucture ... */
+} ;
+
+
+/* The one for RC4 ... */
+#define EVP_RC4_KEY_SIZE			16
+
+/* Try something static ... */
+typedef struct
+{
+	unsigned int len ;
+	unsigned int first ;
+	unsigned char rc4_state [ 260 ] ;
+} NEW_ZEN_RC4_KEY ;
+
+#define rc4_data(ctx)				( (EVP_RC4_KEY *) ( ctx )->cipher_data )
+
+static const EVP_CIPHER engine_rc4 =
+{
+	NID_rc4,
+	1,
+	16,				/* EVP_RC4_KEY_SIZE should be 128 bits */
+	0,				/* FIXME: key should be up to 256 bytes */
+	EVP_CIPH_VARIABLE_LENGTH,
+	engine_rc4_init_key,
+	engine_rc4_cipher,
+	engine_cipher_cleanup,
+	sizeof ( NEW_ZEN_RC4_KEY ),
+	NULL,
+	NULL,
+	NULL
+} ;
+
+/* The one for RC4_40 ... */
+static const EVP_CIPHER engine_rc4_40 =
+{
+	NID_rc4_40,
+	1,
+	5,				/* 40 bits */
+	0,
+	EVP_CIPH_VARIABLE_LENGTH,
+	engine_rc4_init_key,
+	engine_rc4_cipher,
+	engine_cipher_cleanup,
+	sizeof ( NEW_ZEN_RC4_KEY ),
+	NULL,
+	NULL,
+	NULL
+} ;
+
+/* The one for DES ... */
+
+/* Try something static ... */
+typedef struct
+{
+	unsigned char des_key [ 24 ] ;
+	unsigned char des_iv [ 8 ] ;
+} ZEN_DES_KEY ;
+
+static const EVP_CIPHER engine_des_cbc =
+	{
+	NID_des_cbc,
+	8, 8, 8,
+	0 | EVP_CIPH_CBC_MODE,
+	engine_des_init_key,
+	engine_des_cbc_cipher,
+	engine_cipher_cleanup,
+	sizeof(ZEN_DES_KEY),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	NULL,
+	NULL
+	};
+
+/* The one for 3DES ... */
+
+/* Try something static ... */
+typedef struct
+{
+	unsigned char des3_key [ 24 ] ;
+	unsigned char des3_iv [ 8 ] ;
+} ZEN_3DES_KEY ;
+
+#define des_data(ctx)				 ( (DES_EDE_KEY *) ( ctx )->cipher_data )
+
+static const EVP_CIPHER engine_des_ede3_cbc =
+	{
+	NID_des_ede3_cbc,
+	8, 8, 8,
+	0 | EVP_CIPH_CBC_MODE,
+	engine_des_ede3_init_key,
+	engine_des_ede3_cbc_cipher,
+	engine_cipher_cleanup,
+	sizeof(ZEN_3DES_KEY),
+	EVP_CIPHER_set_asn1_iv,
+	EVP_CIPHER_get_asn1_iv,
+	NULL,
+	NULL
+	};
+
+
+/* General function cloned on hw_openbsd_dev_crypto one ... */
+static int engine_digests ( ENGINE *e, const EVP_MD **digest, const int **nids, int nid )
+{
+
+#ifdef DEBUG_ZENCOD_MD
+	fprintf ( stderr, "\t=>Function : static int engine_digests () called !\n" ) ;
+#endif
+
+	if ( !digest ) {
+		/* We are returning a list of supported nids */
+		*nids = engine_digest_nids ;
+		return engine_digest_nids_num ;
+	}
+	/* We are being asked for a specific digest */
+	if ( nid == NID_md5 ) {
+		*digest = &engine_md5_md ;
+	}
+	else if ( nid == NID_sha1 ) {
+		*digest = &engine_sha1_md ;
+	}
+	else {
+		*digest = NULL ;
+		return 0 ;
+	}
+	return 1 ;
+}
+
+
+/* SHA stuff Functions
+ */
+static int engine_sha1_init ( EVP_MD_CTX *ctx )
+{
+
+	int to_return = 0 ;
+
+	/* Test with zenbridge library ... */
+	to_return = ptr_zencod_sha1_init ( (ZEN_MD_DATA *) ctx->md_data ) ;
+	to_return = !to_return ;
+
+	return to_return ;
+}
+
+
+static int engine_sha1_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count )
+{
+
+	zen_nb_t input ;
+	int to_return = 0 ;
+
+	/* Convert parameters ... */
+	input.len = count ;
+	input.data = (unsigned char *) data ;
+
+	/* Test with zenbridge library ... */
+	to_return = ptr_zencod_sha1_update ( (ZEN_MD_DATA *) ctx->md_data, (const zen_nb_t *) &input ) ;
+	to_return = !to_return ;
+
+	return to_return ;
+}
+
+
+static int engine_sha1_final ( EVP_MD_CTX *ctx, unsigned char *md )
+{
+
+	zen_nb_t output ;
+	int to_return = 0 ;
+
+	/* Convert parameters ... */
+	output.len = SHA_DIGEST_LENGTH ;
+	output.data = md ;
+
+	/* Test with zenbridge library ... */
+	to_return = ptr_zencod_sha1_do_final ( (ZEN_MD_DATA *) ctx->md_data, (zen_nb_t *) &output ) ;
+	to_return = !to_return ;
+
+	return to_return ;
+}
+
+
+
+/* MD5 stuff Functions
+ */
+static int engine_md5_init ( EVP_MD_CTX *ctx )
+{
+
+	int to_return = 0 ;
+
+	/* Test with zenbridge library ... */
+	to_return = ptr_zencod_md5_init ( (ZEN_MD_DATA *) ctx->md_data ) ;
+	to_return = !to_return ;
+
+	return to_return ;
+}
+
+
+static int engine_md5_update ( EVP_MD_CTX *ctx, const void *data, unsigned long count )
+{
+
+	zen_nb_t input ;
+	int to_return = 0 ;
+
+	/* Convert parameters ... */
+	input.len = count ;
+	input.data = (unsigned char *) data ;
+
+	/* Test with zenbridge library ... */
+	to_return = ptr_zencod_md5_update ( (ZEN_MD_DATA *) ctx->md_data, (const zen_nb_t *) &input ) ;
+	to_return = !to_return ;
+
+	return to_return ;
+}
+
+
+static int engine_md5_final ( EVP_MD_CTX *ctx, unsigned char *md )
+{
+
+	zen_nb_t output ;
+	int to_return = 0 ;
+
+	/* Convert parameters ... */
+	output.len = MD5_DIGEST_LENGTH ;
+	output.data = md ;
+
+	/* Test with zenbridge library ... */
+	to_return = ptr_zencod_md5_do_final ( (ZEN_MD_DATA *) ctx->md_data, (zen_nb_t *) &output ) ;
+	to_return = !to_return ;
+
+	return to_return ;
+}
+
+
+static int engine_md_cleanup ( EVP_MD_CTX *ctx )
+{
+
+	ZEN_MD_DATA *zen_md_data = (ZEN_MD_DATA *) ctx->md_data ;
+
+	if ( zen_md_data->HashBuffer != NULL ) {
+		OPENSSL_free ( zen_md_data->HashBuffer ) ;
+		zen_md_data->HashBufferSize = 0 ;
+		ctx->md_data = NULL ;
+	}
+
+	return 1 ;
+}
+
+
+static int engine_md_copy ( EVP_MD_CTX *to, const EVP_MD_CTX *from )
+{
+	const ZEN_MD_DATA *from_md = (ZEN_MD_DATA *) from->md_data ;
+	ZEN_MD_DATA *to_md = (ZEN_MD_DATA *) to->md_data ;
+
+	to_md->HashBuffer = OPENSSL_malloc ( from_md->HashBufferSize ) ;
+	memcpy ( to_md->HashBuffer, from_md->HashBuffer, from_md->HashBufferSize ) ;
+
+	return 1;
+}
+
+
+/* General function cloned on hw_openbsd_dev_crypto one ... */
+static int engine_ciphers ( ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid )
+{
+
+	if ( !cipher ) {
+		/* We are returning a list of supported nids */
+		*nids = engine_cipher_nids ;
+		return engine_cipher_nids_num ;
+	}
+	/* We are being asked for a specific cipher */
+	if ( nid == NID_rc4 ) {
+		*cipher = &engine_rc4 ;
+	}
+	else if ( nid == NID_rc4_40 ) {
+		*cipher = &engine_rc4_40 ;
+	}
+	else if ( nid == NID_des_cbc ) {
+		*cipher = &engine_des_cbc ;
+	}
+	else if ( nid == NID_des_ede3_cbc ) {
+		*cipher = &engine_des_ede3_cbc ;
+	}
+	else {
+		*cipher = NULL ;
+		return 0 ;
+	}
+
+	return 1 ;
+}
+
+
+static int engine_rc4_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )
+{
+	int to_return = 0 ;
+	int i = 0 ;
+	int nb = 0 ;
+	NEW_ZEN_RC4_KEY *tmp_rc4_key = NULL ;
+
+	tmp_rc4_key = (NEW_ZEN_RC4_KEY *) ( ctx->cipher_data ) ;
+	tmp_rc4_key->first = 0 ;
+	tmp_rc4_key->len = ctx->key_len ;
+	tmp_rc4_key->rc4_state [ 0 ] = 0x00 ;
+	tmp_rc4_key->rc4_state [ 2 ] = 0x00 ;
+	nb = 256 / ctx->key_len ;
+	for ( i = 0; i < nb ; i++ ) {
+		memcpy ( &( tmp_rc4_key->rc4_state [ 4 + i*ctx->key_len ] ), key, ctx->key_len ) ;
+	}
+
+	to_return = 1 ;
+
+	return to_return ;
+}
+
+
+static int engine_rc4_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int in_len )
+{
+
+	zen_nb_t output, input ;
+	zen_nb_t rc4key ;
+	int to_return = 0 ;
+	NEW_ZEN_RC4_KEY *tmp_rc4_key = NULL ;
+
+	/* Convert parameters ... */
+	input.len = in_len ;
+	input.data = (unsigned char *) in ;
+	output.len = in_len ;
+	output.data = (unsigned char *) out ;
+
+	tmp_rc4_key = ( (NEW_ZEN_RC4_KEY *) ( ctx->cipher_data ) ) ;
+	rc4key.len = 260 ;
+	rc4key.data = &( tmp_rc4_key->rc4_state [ 0 ] ) ;
+
+	/* Test with zenbridge library ... */
+	to_return = ptr_zencod_rc4_cipher ( &output, &input, (const zen_nb_t *) &rc4key, &( tmp_rc4_key->rc4_state [0] ), &( tmp_rc4_key->rc4_state [3] ), !tmp_rc4_key->first ) ;
+	to_return = !to_return ;
+
+	/* Update encryption state ... */
+	tmp_rc4_key->first = 1 ;
+	tmp_rc4_key = NULL ;
+
+	return to_return ;
+}
+
+
+static int engine_des_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )
+{
+
+	ZEN_DES_KEY *tmp_des_key = NULL ;
+	int to_return = 0 ;
+
+	tmp_des_key = (ZEN_DES_KEY *) ( ctx->cipher_data ) ;
+	memcpy ( &( tmp_des_key->des_key [ 0 ] ), key, 8 ) ;
+	memcpy ( &( tmp_des_key->des_key [ 8 ] ), key, 8 ) ;
+	memcpy ( &( tmp_des_key->des_key [ 16 ] ), key, 8 ) ;
+	memcpy ( &( tmp_des_key->des_iv [ 0 ] ), iv, 8 ) ;
+
+	to_return = 1 ;
+
+	return to_return ;
+}
+
+
+static int engine_des_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl )
+{
+
+	zen_nb_t output, input ;
+	zen_nb_t deskey_1, deskey_2, deskey_3, iv ;
+	int to_return = 0 ;
+
+	/* Convert parameters ... */
+	input.len = inl ;
+	input.data = (unsigned char *) in ;
+	output.len = inl ;
+	output.data = out ;
+
+	/* Set key parameters ... */
+	deskey_1.len = 8 ;
+	deskey_2.len = 8 ;
+	deskey_3.len = 8 ;
+	deskey_1.data = (unsigned char *) ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key ;
+	deskey_2.data =  (unsigned char *) &( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key [ 8 ] ;
+	deskey_3.data =  (unsigned char *) &( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_key [ 16 ] ;
+
+	/* Key correct iv ... */
+	memcpy ( ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_iv, ctx->iv, 8 ) ;
+	iv.len = 8 ;
+	iv.data = (unsigned char *) ( (ZEN_DES_KEY *) ( ctx->cipher_data ) )->des_iv ;
+
+	if ( ctx->encrypt == 0 ) {
+		memcpy ( ctx->iv, &( input.data [ input.len - 8 ] ), 8 ) ;
+	}
+
+	/* Test with zenbridge library ... */
+	to_return = ptr_zencod_xdes_cipher ( &output, &input,
+			(zen_nb_t *) &deskey_1, (zen_nb_t *) &deskey_2, (zen_nb_t *) &deskey_3, &iv, ctx->encrypt ) ;
+	to_return = !to_return ;
+
+	/* But we need to set up the rigth iv ...
+	 * Test ENCRYPT or DECRYPT mode to set iv ... */
+	if ( ctx->encrypt == 1 ) {
+		memcpy ( ctx->iv, &( output.data [ output.len - 8 ] ), 8 ) ;
+	}
+
+	return to_return ;
+}
+
+
+static int engine_des_ede3_init_key ( EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc )
+{
+
+	ZEN_3DES_KEY *tmp_3des_key = NULL ;
+	int to_return = 0 ;
+
+	tmp_3des_key = (ZEN_3DES_KEY *) ( ctx->cipher_data ) ;
+	memcpy ( &( tmp_3des_key->des3_key [ 0 ] ), key, 24 ) ;
+	memcpy ( &( tmp_3des_key->des3_iv [ 0 ] ), iv, 8 ) ;
+
+	to_return = 1;
+
+	return to_return ;
+}
+
+
+static int engine_des_ede3_cbc_cipher ( EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in,
+	unsigned int in_len )
+{
+
+	zen_nb_t output, input ;
+	zen_nb_t deskey_1, deskey_2, deskey_3, iv ;
+	int to_return = 0 ;
+
+	/* Convert parameters ... */
+	input.len = in_len ;
+	input.data = (unsigned char *) in ;
+	output.len = in_len ;
+	output.data = out ;
+
+	/* Set key ... */
+	deskey_1.len = 8 ;
+	deskey_2.len = 8 ;
+	deskey_3.len = 8 ;
+	deskey_1.data =  (unsigned char *) ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key ;
+	deskey_2.data =  (unsigned char *) &( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key [ 8 ] ;
+	deskey_3.data =  (unsigned char *) &( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_key [ 16 ] ;
+
+	/* Key correct iv ... */
+	memcpy ( ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_iv, ctx->iv, 8 ) ;
+	iv.len = 8 ;
+	iv.data = (unsigned char *) ( (ZEN_3DES_KEY *) ( ctx->cipher_data ) )->des3_iv ;
+
+	if ( ctx->encrypt == 0 ) {
+		memcpy ( ctx->iv, &( input.data [ input.len - 8 ] ), 8 ) ;
+	}
+
+	/* Test with zenbridge library ... */
+	to_return = ptr_zencod_xdes_cipher ( &output, &input,
+			(zen_nb_t *) &deskey_1, (zen_nb_t *) &deskey_2, (zen_nb_t *) &deskey_3, &iv, ctx->encrypt ) ;
+	to_return = !to_return ;
+
+	if ( ctx->encrypt == 1 ) {
+		memcpy ( ctx->iv, &( output.data [ output.len - 8 ] ), 8 ) ;
+	}
+
+	return to_return ;
+}
+
+
+static int engine_cipher_cleanup ( EVP_CIPHER_CTX *ctx )
+{
+
+	/* Set the key pointer ... */
+	if ( ctx->cipher->nid == NID_rc4 || ctx->cipher->nid == NID_rc4_40 ) {
+	}
+	else if ( ctx->cipher->nid == NID_des_cbc ) {
+	}
+	else if ( ctx->cipher->nid == NID_des_ede3_cbc ) {
+	}
+
+	return 1 ;
+}
+
+
+#endif /* !OPENSSL_NO_HW_ZENCOD */
+#endif /* !OPENSSL_NO_HW */
diff --git a/demos/engines/zencod/hw_zencod.ec b/demos/engines/zencod/hw_zencod.ec
new file mode 100644
index 0000000000..1552c79be6
--- /dev/null
+++ b/demos/engines/zencod/hw_zencod.ec
@@ -0,0 +1,8 @@
+# configuration file for util/mkerr.pl
+#
+# use like this:
+#
+#	perl ../../../util/mkerr.pl -conf hw_zencod.ec \
+#		-nostatic -staticloader -write *.c
+
+L ZENCOD	hw_zencod_err.h			hw_zencod_err.c
diff --git a/demos/engines/zencod/hw_zencod.h b/demos/engines/zencod/hw_zencod.h
new file mode 100644
index 0000000000..195345d8c6
--- /dev/null
+++ b/demos/engines/zencod/hw_zencod.h
@@ -0,0 +1,160 @@
+/* File : /crypto/engine/vendor_defns/hw_zencod.h */
+/* ====================================================================
+ * Written by Donnat Frederic (frederic.donnat@zencod.com) from ZENCOD
+ * for "zencod" ENGINE integration in OpenSSL project.
+ */
+
+
+ #ifndef	_HW_ZENCOD_H_
+#define	_HW_ZENCOD_H_
+
+#include <stdio.h>
+
+#ifdef	__cplusplus
+extern "C" {
+#endif	/* __cplusplus */
+
+#define ZENBRIDGE_MAX_KEYSIZE_RSA	2048
+#define ZENBRIDGE_MAX_KEYSIZE_RSA_CRT	1024
+#define ZENBRIDGE_MAX_KEYSIZE_DSA_SIGN	1024
+#define ZENBRIDGE_MAX_KEYSIZE_DSA_VRFY	1024
+
+/* Library version computation */
+#define	ZENBRIDGE_VERSION_MAJOR(x)	(((x) >> 16) | 0xff)
+#define	ZENBRIDGE_VERSION_MINOR(x)	(((x) >>  8) | 0xff)
+#define	ZENBRIDGE_VERSION_PATCH(x)	(((x) >>  0) | 0xff)
+#define	ZENBRIDGE_VERSION(x, y, z)		((x) << 16 | (y) << 8 | (z))
+
+/*
+ * Memory type
+ */
+typedef struct zencod_number_s {
+	unsigned long len;
+	unsigned char *data;
+} zen_nb_t;
+
+#define KEY	zen_nb_t
+
+
+/*
+ * Misc
+ */
+typedef int t_zencod_lib_version (void);
+typedef int t_zencod_hw_version (void);
+typedef int t_zencod_test (void);
+typedef int t_zencod_dump_key (FILE *stream, char *msg, KEY *key);
+
+
+/*
+ * Key managment tools
+ */
+typedef KEY *t_zencod_new_number (unsigned long len, unsigned char *data);
+typedef int t_zencod_init_number (KEY *n, unsigned long len, unsigned char *data);
+typedef unsigned long t_zencod_bytes2bits (unsigned char *n, unsigned long bytes);
+typedef unsigned long t_zencod_bits2bytes (unsigned long bits);
+
+
+/*
+ * RSA API
+ */
+/* Compute modular exponential : y = x**e | n */
+typedef int t_zencod_rsa_mod_exp (KEY *y, KEY *x, KEY *n, KEY *e);
+/* Compute modular exponential : y1 = (x | p)**edp | p, y2 = (x | p)**edp | p, y = y2 + (qinv * (y1 - y2) | p) * q */
+typedef int t_zencod_rsa_mod_exp_crt (KEY *y, KEY *x, KEY *p, KEY *q,
+					KEY *edp, KEY *edq, KEY *qinv);
+
+
+/*
+ * DSA API
+ */
+typedef int t_zencod_dsa_do_sign (unsigned int hash, KEY *data, KEY *random,
+				    KEY *p, KEY *q, KEY *g, KEY *x, KEY *r, KEY *s);
+typedef int t_zencod_dsa_do_verify (unsigned int hash, KEY *data,
+				      KEY *p, KEY *q, KEY *g, KEY *y,
+				      KEY *r, KEY *s, KEY *v);
+
+
+/*
+ * DH API
+ */
+ /* Key generation : compute public value y = g**x | n */
+typedef int t_zencod_dh_generate_key (KEY *y, KEY *x, KEY *g, KEY *n, int gen_x);
+typedef int t_zencod_dh_compute_key (KEY *k, KEY *y, KEY *x, KEY *n);
+
+
+/*
+ * RNG API
+ */
+#define ZENBRIDGE_RNG_DIRECT		0
+#define ZENBRIDGE_RNG_SHA1		1
+typedef int t_zencod_rand_bytes (KEY *rand, unsigned int flags);
+
+
+/*
+ * Math API
+ */
+typedef int t_zencod_math_mod_exp (KEY *r, KEY *a, KEY *e, KEY *n);
+
+
+
+
+/*
+ * Symetric API
+ */
+/* Define a data structure for digests operations */
+typedef struct ZEN_data_st
+{
+	unsigned int HashBufferSize ;
+	unsigned char *HashBuffer ;
+} ZEN_MD_DATA ;
+
+/*
+ * Functions for Digest (MD5, SHA1) stuff
+ */
+/* output : output data buffer */
+/* input : input data buffer */
+/* algo : hash algorithm, MD5 or SHA1 */
+/* typedef int t_zencod_hash ( KEY *output, const KEY *input, int algo ) ;
+ * typedef int t_zencod_sha_hash ( KEY *output, const KEY *input, int algo ) ;
+ */
+/* For now separate this stuff that mad it easier to test */
+typedef int t_zencod_md5_init ( ZEN_MD_DATA *data ) ;
+typedef int t_zencod_md5_update ( ZEN_MD_DATA *data, const KEY *input ) ;
+typedef int t_zencod_md5_do_final ( ZEN_MD_DATA *data, KEY *output ) ;
+
+typedef int t_zencod_sha1_init ( ZEN_MD_DATA *data ) ;
+typedef int t_zencod_sha1_update ( ZEN_MD_DATA *data, const KEY *input ) ;
+typedef int t_zencod_sha1_do_final ( ZEN_MD_DATA *data, KEY *output ) ;
+
+
+/*
+ * Functions for Cipher (RC4, DES, 3DES) stuff
+ */
+/* output : output data buffer */
+/* input : input data buffer */
+/* key : rc4 key data */
+/* index_1 : value of index x from RC4 key structure */
+/* index_2 : value of index y from RC4 key structure */
+/* Be carefull : RC4 key should be expanded before calling this method (Should we provide an expand function ??) */
+typedef int t_zencod_rc4_cipher ( KEY *output, const KEY *input, const KEY *key,
+		unsigned char *index_1, unsigned char *index_2, int mode ) ;
+
+/* output : output data buffer */
+/* input : input data buffer */
+/* key_1 : des first key data */
+/* key_2 : des second key data */
+/* key_3 : des third key data */
+/* iv : initial vector */
+/* mode : xdes mode (encrypt or decrypt) */
+/* Be carefull : In DES mode key_1 = key_2 = key_3 (as far as i can see !!) */
+typedef int t_zencod_xdes_cipher ( KEY *output, const KEY *input, const KEY *key_1,
+		const KEY *key_2, const KEY *key_3, const KEY *iv, int mode ) ;
+
+
+#undef KEY
+
+#ifdef	__cplusplus
+}
+#endif	/* __cplusplus */
+
+#endif	/* !_HW_ZENCOD_H_ */
diff --git a/demos/engines/zencod/hw_zencod_err.c b/demos/engines/zencod/hw_zencod_err.c
new file mode 100644
index 0000000000..8ed0fffc9c
--- /dev/null
+++ b/demos/engines/zencod/hw_zencod_err.c
@@ -0,0 +1,151 @@
+/* hw_zencod_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "hw_zencod_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ZENCOD_str_functs[]=
+	{
+{ERR_PACK(0,ZENCOD_F_ZENCOD_BN_MOD_EXP,0),	"ZENCOD_BN_MOD_EXP"},
+{ERR_PACK(0,ZENCOD_F_ZENCOD_CTRL,0),	"ZENCOD_CTRL"},
+{ERR_PACK(0,ZENCOD_F_ZENCOD_DH_COMPUTE,0),	"ZENCOD_DH_COMPUTE"},
+{ERR_PACK(0,ZENCOD_F_ZENCOD_DH_GENERATE,0),	"ZENCOD_DH_GENERATE"},
+{ERR_PACK(0,ZENCOD_F_ZENCOD_DSA_DO_SIGN,0),	"ZENCOD_DSA_DO_SIGN"},
+{ERR_PACK(0,ZENCOD_F_ZENCOD_DSA_DO_VERIFY,0),	"ZENCOD_DSA_DO_VERIFY"},
+{ERR_PACK(0,ZENCOD_F_ZENCOD_FINISH,0),	"ZENCOD_FINISH"},
+{ERR_PACK(0,ZENCOD_F_ZENCOD_INIT,0),	"ZENCOD_INIT"},
+{ERR_PACK(0,ZENCOD_F_ZENCOD_RAND,0),	"ZENCOD_RAND"},
+{ERR_PACK(0,ZENCOD_F_ZENCOD_RSA_MOD_EXP,0),	"ZENCOD_RSA_MOD_EXP"},
+{ERR_PACK(0,ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT,0),	"ZENCOD_RSA_MOD_EXP_CRT"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA ZENCOD_str_reasons[]=
+	{
+{ZENCOD_R_ALREADY_LOADED                 ,"already loaded"},
+{ZENCOD_R_BAD_KEY_COMPONENTS             ,"bad key components"},
+{ZENCOD_R_BN_EXPAND_FAIL                 ,"bn expand fail"},
+{ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
+{ZENCOD_R_DSO_FAILURE                    ,"dso failure"},
+{ZENCOD_R_NOT_LOADED                     ,"not loaded"},
+{ZENCOD_R_REQUEST_FAILED                 ,"request failed"},
+{ZENCOD_R_UNIT_FAILURE                   ,"unit failure"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef ZENCOD_LIB_NAME
+static ERR_STRING_DATA ZENCOD_lib_name[]=
+        {
+{0	,ZENCOD_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int ZENCOD_lib_error_code=0;
+static int ZENCOD_error_init=1;
+
+static void ERR_load_ZENCOD_strings(void)
+	{
+	if (ZENCOD_lib_error_code == 0)
+		ZENCOD_lib_error_code=ERR_get_next_error_library();
+
+	if (ZENCOD_error_init)
+		{
+		ZENCOD_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(ZENCOD_lib_error_code,ZENCOD_str_functs);
+		ERR_load_strings(ZENCOD_lib_error_code,ZENCOD_str_reasons);
+#endif
+
+#ifdef ZENCOD_LIB_NAME
+		ZENCOD_lib_name->error = ERR_PACK(ZENCOD_lib_error_code,0,0);
+		ERR_load_strings(0,ZENCOD_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_ZENCOD_strings(void)
+	{
+	if (ZENCOD_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(ZENCOD_lib_error_code,ZENCOD_str_functs);
+		ERR_unload_strings(ZENCOD_lib_error_code,ZENCOD_str_reasons);
+#endif
+
+#ifdef ZENCOD_LIB_NAME
+		ERR_unload_strings(0,ZENCOD_lib_name);
+#endif
+		ZENCOD_error_init=1;
+		}
+	}
+
+static void ERR_ZENCOD_error(int function, int reason, char *file, int line)
+	{
+	if (ZENCOD_lib_error_code == 0)
+		ZENCOD_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(ZENCOD_lib_error_code,function,reason,file,line);
+	}
diff --git a/demos/engines/zencod/hw_zencod_err.h b/demos/engines/zencod/hw_zencod_err.h
new file mode 100644
index 0000000000..1b5dcb5685
--- /dev/null
+++ b/demos/engines/zencod/hw_zencod_err.h
@@ -0,0 +1,95 @@
+/* ====================================================================
+ * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ZENCOD_ERR_H
+#define HEADER_ZENCOD_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_ZENCOD_strings(void);
+static void ERR_unload_ZENCOD_strings(void);
+static void ERR_ZENCOD_error(int function, int reason, char *file, int line);
+#define ZENCODerr(f,r) ERR_ZENCOD_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the ZENCOD functions. */
+
+/* Function codes. */
+#define ZENCOD_F_ZENCOD_BN_MOD_EXP			 100
+#define ZENCOD_F_ZENCOD_CTRL				 101
+#define ZENCOD_F_ZENCOD_DH_COMPUTE			 102
+#define ZENCOD_F_ZENCOD_DH_GENERATE			 103
+#define ZENCOD_F_ZENCOD_DSA_DO_SIGN			 104
+#define ZENCOD_F_ZENCOD_DSA_DO_VERIFY			 105
+#define ZENCOD_F_ZENCOD_FINISH				 106
+#define ZENCOD_F_ZENCOD_INIT				 107
+#define ZENCOD_F_ZENCOD_RAND				 108
+#define ZENCOD_F_ZENCOD_RSA_MOD_EXP			 109
+#define ZENCOD_F_ZENCOD_RSA_MOD_EXP_CRT			 110
+
+/* Reason codes. */
+#define ZENCOD_R_ALREADY_LOADED				 100
+#define ZENCOD_R_BAD_KEY_COMPONENTS			 101
+#define ZENCOD_R_BN_EXPAND_FAIL				 102
+#define ZENCOD_R_CTRL_COMMAND_NOT_IMPLEMENTED		 103
+#define ZENCOD_R_DSO_FAILURE				 104
+#define ZENCOD_R_NOT_LOADED				 105
+#define ZENCOD_R_REQUEST_FAILED				 106
+#define ZENCOD_R_UNIT_FAILURE				 107
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/demos/maurice/.cvsignore b/demos/maurice/.cvsignore
new file mode 100644
index 0000000000..a99bec3448
--- /dev/null
+++ b/demos/maurice/.cvsignore
@@ -0,0 +1,4 @@
+example1
+example2
+example3
+example4
diff --git a/demos/maurice/Makefile b/demos/maurice/Makefile
index fa67dcca81..f9bf62276e 100644
--- a/demos/maurice/Makefile
+++ b/demos/maurice/Makefile
@@ -1,6 +1,6 @@
 CC=cc
-CFLAGS= -g -I../../include
-LIBS= -L/usr/local/ssl/lib -L../.. -lcrypto
+CFLAGS= -g -I../../include -Wall
+LIBS=  -L../.. -lcrypto
 EXAMPLES=example1 example2 example3 example4
 
 all: $(EXAMPLES) 
@@ -17,7 +17,43 @@ example3: example3.o
 example4: example4.o
 	$(CC) -o example4 example4.o $(LIBS)
 
-	
 clean:	
 	rm -f $(EXAMPLES) *.o
 
+test: all
+	@echo
+	@echo Example 1 Demonstrates the sealing and opening APIs
+	@echo Doing the encrypt side...
+	./example1 <README >t.t
+	@echo Doing the decrypt side...
+	./example1 -d <t.t >t.2
+	diff t.2 README
+	rm -f t.t t.2
+	@echo  example1 is OK
+
+	@echo
+	@echo Example2 Demonstrates rsa encryption and decryption
+	@echo   and it should just print \"This the clear text\"
+	./example2
+
+	@echo
+	@echo Example3 Demonstrates the use of symmetric block ciphers
+	@echo in this case it uses EVP_des_ede3_cbc
+	@echo i.e. triple DES in Cipher Block Chaining mode
+	@echo Doing the encrypt side...
+	./example3 ThisIsThePassword <README >t.t
+	@echo Doing the decrypt side...
+	./example3 -d ThisIsThePassword <t.t >t.2
+	diff t.2 README
+	rm -f t.t t.2
+	@echo  example3 is OK
+
+	@echo
+	@echo Example4 Demonstrates base64 encoding and decoding
+	@echo Doing the encrypt side...
+	./example4 <README >t.t
+	@echo Doing the decrypt side...
+	./example4 -d <t.t >t.2
+	diff t.2 README
+	rm -f t.t t.2
+	@echo example4 is OK
diff --git a/demos/maurice/example1.c b/demos/maurice/example1.c
index 77730d3232..1ef8299900 100644
--- a/demos/maurice/example1.c
+++ b/demos/maurice/example1.c
@@ -13,13 +13,13 @@
 #include <strings.h>
 #include <stdlib.h>
 
-#include "rsa.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "err.h"
-#include "pem.h"
-#include "ssl.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
 
 #include "loadkeys.h"
 
@@ -72,7 +72,7 @@ void main_encrypt(void)
 
         pubKey[0] = ReadPublicKey(PUBFILE);
 
-	if(!pubKey)
+	if(!pubKey[0])
 	{
            fprintf(stderr,"Error: can't load public key");
            exit(1);
@@ -126,11 +126,11 @@ void main_encrypt(void)
 
 void main_decrypt(void)
 {
-	char buf[512];
+	char buf[520];
 	char ebuf[512];
 	unsigned int buflen;
         EVP_CIPHER_CTX ectx;
-        unsigned char iv[8];
+        unsigned char iv[EVP_MAX_IV_LENGTH];
 	unsigned char *encryptKey; 
 	unsigned int ekeylen; 
 	EVP_PKEY *privateKey;
@@ -164,7 +164,6 @@ void main_decrypt(void)
 
 	read(STDIN, encryptKey, ekeylen);
 	read(STDIN, iv, sizeof(iv));
-
 	EVP_OpenInit(&ectx,
 		   EVP_des_ede3_cbc(), 
 		   encryptKey,
@@ -185,7 +184,6 @@ void main_decrypt(void)
 		}
 
 		EVP_OpenUpdate(&ectx, buf, &buflen, ebuf, readlen);
-
 		write(STDOUT, buf, buflen);
 	}
 
diff --git a/demos/maurice/example2.c b/demos/maurice/example2.c
index 99f7b22440..57bce10b5e 100644
--- a/demos/maurice/example2.c
+++ b/demos/maurice/example2.c
@@ -10,13 +10,13 @@
 #include <stdio.h>
 #include <strings.h>
 
-#include "rsa.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "err.h"
-#include "pem.h"
-#include "ssl.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
 
 #include "loadkeys.h"
 
@@ -33,7 +33,6 @@ int main()
   	EVP_PKEY *pubKey;
   	EVP_PKEY *privKey;
 	int len;
-	FILE *fp;
 
         ERR_load_crypto_strings();
 
@@ -72,6 +71,5 @@ int main()
 	EVP_PKEY_free(pubKey);
 	free(buf);
 	free(buf2);
+        return 0;
 }
-
-
diff --git a/demos/maurice/example3.c b/demos/maurice/example3.c
index fcaff00c37..03d8a20f62 100644
--- a/demos/maurice/example3.c
+++ b/demos/maurice/example3.c
@@ -8,9 +8,10 @@
 */
 
 #include <stdio.h>
+#include <unistd.h>
 #include <fcntl.h>
 #include <sys/stat.h>
-#include <evp.h>
+#include <openssl/evp.h>
 
 #define STDIN     	0
 #define STDOUT    	1
@@ -47,16 +48,17 @@ void do_cipher(char *pw, int operation)
 {
 	char buf[BUFLEN];
 	char ebuf[BUFLEN + 8];
-	unsigned int ebuflen, rc;
+	unsigned int ebuflen; /* rc; */
         unsigned char iv[EVP_MAX_IV_LENGTH], key[EVP_MAX_KEY_LENGTH];
-	unsigned int ekeylen, net_ekeylen; 
+	/* unsigned int ekeylen, net_ekeylen;  */
 	EVP_CIPHER_CTX ectx;
         
 	memcpy(iv, INIT_VECTOR, sizeof(iv));
 
 	EVP_BytesToKey(ALG, EVP_md5(), "salu", pw, strlen(pw), 1, key, iv);
 
-	EVP_CipherInit(&ectx, ALG, key, iv, operation);
+	EVP_CIPHER_CTX_init(&ectx);
+	EVP_CipherInit_ex(&ectx, ALG, NULL, key, iv, operation);
 
 	while(1)
 	{
@@ -78,9 +80,8 @@ void do_cipher(char *pw, int operation)
 		write(STDOUT, ebuf, ebuflen);
 	}
 
-        EVP_CipherFinal(&ectx, ebuf, &ebuflen); 
+        EVP_CipherFinal_ex(&ectx, ebuf, &ebuflen); 
+	EVP_CIPHER_CTX_cleanup(&ectx);
 
 	write(STDOUT, ebuf, ebuflen); 
 }
-
-
diff --git a/demos/maurice/example4.c b/demos/maurice/example4.c
index d436a20019..ce629848b7 100644
--- a/demos/maurice/example4.c
+++ b/demos/maurice/example4.c
@@ -8,9 +8,10 @@
 */
 
 #include <stdio.h>
+#include <unistd.h>
 #include <fcntl.h>
 #include <sys/stat.h>
-#include <evp.h>
+#include <openssl/evp.h>
 
 #define STDIN     	0
 #define STDOUT    	1
@@ -44,7 +45,7 @@ void do_encode()
 {
 	char buf[BUFLEN];
 	char ebuf[BUFLEN+24];
-	unsigned int ebuflen, rc;
+	unsigned int ebuflen;
 	EVP_ENCODE_CTX ectx;
         
 	EVP_EncodeInit(&ectx);
@@ -78,7 +79,7 @@ void do_decode()
 {
  	char buf[BUFLEN];
  	char ebuf[BUFLEN+24];
-	unsigned int ebuflen, rc;
+	unsigned int ebuflen;
 	EVP_ENCODE_CTX ectx;
         
 	EVP_DecodeInit(&ectx);
diff --git a/demos/maurice/loadkeys.c b/demos/maurice/loadkeys.c
index 7c89f071f3..82fd22a950 100644
--- a/demos/maurice/loadkeys.c
+++ b/demos/maurice/loadkeys.c
@@ -14,13 +14,13 @@
 #include <strings.h>
 #include <stdlib.h>
 
-#include "rsa.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "err.h"
-#include "pem.h"
-#include "ssl.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
 
 EVP_PKEY * ReadPublicKey(const char *certfile)
 {
@@ -31,9 +31,7 @@ EVP_PKEY * ReadPublicKey(const char *certfile)
   if (!fp) 
      return NULL; 
 
-  x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509,
-                                   PEM_STRING_X509,
-                                   fp, NULL, NULL);
+  x509 = PEM_read_X509(fp, NULL, 0, NULL);
 
   if (x509 == NULL) 
   {  
@@ -61,10 +59,7 @@ EVP_PKEY *ReadPrivateKey(const char *keyfile)
 	if (!fp)
 		return NULL;
 
-	pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
-                              PEM_STRING_EVP_PKEY,
-                              fp,
-                              NULL, NULL);
+	pkey = PEM_read_PrivateKey(fp, NULL, 0, NULL);
 
 	fclose (fp);
 
diff --git a/demos/maurice/loadkeys.h b/demos/maurice/loadkeys.h
index e42c6f8dc4..d8fde86eb7 100644
--- a/demos/maurice/loadkeys.h
+++ b/demos/maurice/loadkeys.h
@@ -10,7 +10,7 @@
 #ifndef LOADKEYS_H_SEEN
 #define LOADKEYS_H_SEEN
 
-#include "evp.h"
+#include <openssl/evp.h>
 
 EVP_PKEY * ReadPublicKey(const char *certfile);
 EVP_PKEY *ReadPrivateKey(const char *keyfile);
diff --git a/demos/pkcs12/README b/demos/pkcs12/README
new file mode 100644
index 0000000000..c87434b04f
--- /dev/null
+++ b/demos/pkcs12/README
@@ -0,0 +1,3 @@
+PKCS#12 demo applications
+
+Written by Steve Henson.
diff --git a/demos/pkcs12/pkread.c b/demos/pkcs12/pkread.c
new file mode 100644
index 0000000000..8e1b686312
--- /dev/null
+++ b/demos/pkcs12/pkread.c
@@ -0,0 +1,61 @@
+/* pkread.c */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+/* Simple PKCS#12 file reader */
+
+int main(int argc, char **argv)
+{
+	FILE *fp;
+	EVP_PKEY *pkey;
+	X509 *cert;
+	STACK_OF(X509) *ca = NULL;
+	PKCS12 *p12;
+	int i;
+	if (argc != 4) {
+		fprintf(stderr, "Usage: pkread p12file password opfile\n");
+		exit (1);
+	}
+	SSLeay_add_all_algorithms();
+	ERR_load_crypto_strings();
+	if (!(fp = fopen(argv[1], "rb"))) {
+		fprintf(stderr, "Error opening file %s\n", argv[1]);
+		exit(1);
+	}
+	p12 = d2i_PKCS12_fp(fp, NULL);
+	fclose (fp);
+	if (!p12) {
+		fprintf(stderr, "Error reading PKCS#12 file\n");
+		ERR_print_errors_fp(stderr);
+		exit (1);
+	}
+	if (!PKCS12_parse(p12, argv[2], &pkey, &cert, &ca)) {
+		fprintf(stderr, "Error parsing PKCS#12 file\n");
+		ERR_print_errors_fp(stderr);
+		exit (1);
+	}
+	PKCS12_free(p12);
+	if (!(fp = fopen(argv[3], "w"))) {
+		fprintf(stderr, "Error opening file %s\n", argv[1]);
+		exit(1);
+	}
+	if (pkey) {
+		fprintf(fp, "***Private Key***\n");
+		PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL);
+	}
+	if (cert) {
+		fprintf(fp, "***User Certificate***\n");
+		PEM_write_X509_AUX(fp, cert);
+	}
+	if (ca && sk_num(ca)) {
+		fprintf(fp, "***Other Certificates***\n");
+		for (i = 0; i < sk_X509_num(ca); i++) 
+		    PEM_write_X509_AUX(fp, sk_X509_value(ca, i));
+	}
+	fclose(fp);
+	return 0;
+}
diff --git a/demos/pkcs12/pkwrite.c b/demos/pkcs12/pkwrite.c
new file mode 100644
index 0000000000..15f839d1eb
--- /dev/null
+++ b/demos/pkcs12/pkwrite.c
@@ -0,0 +1,46 @@
+/* pkwrite.c */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+
+/* Simple PKCS#12 file creator */
+
+int main(int argc, char **argv)
+{
+	FILE *fp;
+	EVP_PKEY *pkey;
+	X509 *cert;
+	PKCS12 *p12;
+	if (argc != 5) {
+		fprintf(stderr, "Usage: pkwrite infile password name p12file\n");
+		exit(1);
+	}
+	SSLeay_add_all_algorithms();
+	ERR_load_crypto_strings();
+	if (!(fp = fopen(argv[1], "r"))) {
+		fprintf(stderr, "Error opening file %s\n", argv[1]);
+		exit(1);
+	}
+	cert = PEM_read_X509(fp, NULL, NULL, NULL);
+	rewind(fp);
+	pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
+	fclose(fp);
+	p12 = PKCS12_create(argv[2], argv[3], pkey, cert, NULL, 0,0,0,0,0);
+	if(!p12) {
+		fprintf(stderr, "Error creating PKCS#12 structure\n");
+		ERR_print_errors_fp(stderr);
+		exit(1);
+	}
+	if (!(fp = fopen(argv[4], "wb"))) {
+		fprintf(stderr, "Error opening file %s\n", argv[1]);
+		ERR_print_errors_fp(stderr);
+		exit(1);
+	}
+	i2d_PKCS12_fp(fp, p12);
+	PKCS12_free(p12);
+	fclose(fp);
+	return 0;
+}
diff --git a/demos/prime/Makefile b/demos/prime/Makefile
new file mode 100644
index 0000000000..0166cd46fe
--- /dev/null
+++ b/demos/prime/Makefile
@@ -0,0 +1,20 @@
+CC=cc
+CFLAGS= -g -I../../include -Wall
+LIBS=  -L../.. -lcrypto
+EXAMPLES=prime
+
+all: $(EXAMPLES) 
+
+prime: prime.o
+	$(CC) -o prime prime.o $(LIBS)
+
+clean:	
+	rm -f $(EXAMPLES) *.o
+
+test: all
+	@echo Test creating a 128-bit prime
+	./prime 128
+	@echo Test creating a 256-bit prime
+	./prime 256
+	@echo Test creating a 512-bit prime
+	./prime 512
diff --git a/demos/prime/prime.c b/demos/prime/prime.c
index e4a17765bb..103e0efc0c 100644
--- a/demos/prime/prime.c
+++ b/demos/prime/prime.c
@@ -57,7 +57,8 @@
  */
 
 #include <stdio.h>
-#include "bn.h"    
+#include <stdlib.h>
+#include <openssl/bn.h>    
 
 void callback(type,num)
 int type,num;
@@ -87,8 +88,8 @@ char *argv[];
 		}
 
 	fprintf(stderr,"generate a strong prime\n");
-	rand=BN_generate_prime(num,1,NULL,NULL,callback);
-	/* change the second parameter to 1 for a strong prime */
+        rand=BN_generate_prime(NULL,num,1,NULL,NULL,callback,NULL);
+	/* change the third parameter to 1 for a strong prime */
 	fprintf(stderr,"\n");
 
 	BN_print_fp(stdout,rand);           
diff --git a/demos/selfsign.c b/demos/selfsign.c
index 72146fc068..68904c611e 100644
--- a/demos/selfsign.c
+++ b/demos/selfsign.c
@@ -4,13 +4,9 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#include "buffer.h"
-#include "crypto.h"
-#include "objects.h"
-#include "asn1.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/pem.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
 
 int mkit(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
 
@@ -22,26 +18,27 @@ int main()
 
 	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 
-	X509v3_add_netscape_extensions();
-
-	if ((bio_err=BIO_new(BIO_s_file())) != NULL)
-		BIO_set_fp(bio_err,stderr,BIO_NOCLOSE);
+	bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
 
 	mkit(&x509,&pkey,512,0,365);
 
 	RSA_print_fp(stdout,pkey->pkey.rsa,0);
 	X509_print_fp(stdout,x509);
 
-	PEM_write_RSAPrivateKey(stdout,pkey->pkey.rsa,NULL,NULL,0,NULL);
+	PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL);
 	PEM_write_X509(stdout,x509);
 
 	X509_free(x509);
 	EVP_PKEY_free(pkey);
-	BIO_free(bio_err);
 
-	X509_cleanup_extensions();
+#ifdef CUSTOM_EXT
+	/* Only needed if we add objects or custom extensions */
+	X509V3_EXT_cleanup();
+	OBJ_cleanup();
+#endif
 
 	CRYPTO_mem_leaks(bio_err);
+	BIO_free(bio_err);
 	return(0);
 	}
 
@@ -53,9 +50,10 @@ int main()
 #  define MS_FAR
 #endif
 
-static void MS_CALLBACK callback(p, n)
+static void MS_CALLBACK callback(p, n, arg)
 int p;
 int n;
+void *arg;
 	{
 	char c='B';
 
@@ -76,11 +74,9 @@ int days;
 	X509 *x;
 	EVP_PKEY *pk;
 	RSA *rsa;
-	char *s;
 	X509_NAME *name=NULL;
 	X509_NAME_ENTRY *ne=NULL;
 	X509_EXTENSION *ex=NULL;
-	ASN1_OCTET_STRING *data=NULL;
 
 	
 	if ((pkeyp == NULL) || (*pkeyp == NULL))
@@ -102,7 +98,7 @@ int days;
 	else
 		x= *x509p;
 
-	rsa=RSA_generate_key(bits,RSA_F4,callback);
+	rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);
 	if (!EVP_PKEY_assign_RSA(pk,rsa))
 		{
 		abort();
@@ -116,43 +112,63 @@ int days;
 	X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
 	X509_set_pubkey(x,pk);
 
-	name=X509_NAME_new();
-
-	ne=X509_NAME_ENTRY_create_by_NID(NULL,NID_countryName,
-		V_ASN1_APP_CHOOSE,"AU",-1);
-	X509_NAME_add_entry(name,ne,0,0);
-
-	X509_NAME_ENTRY_create_by_NID(&ne,NID_commonName,
-		V_ASN1_APP_CHOOSE,"Eric Young",-1);
-	X509_NAME_add_entry(name,ne,1,0);
+	name=X509_get_subject_name(x);
 
-	/* finished with structure */
-	X509_NAME_ENTRY_free(ne);
+	/* This function creates and adds the entry, working out the
+	 * correct string type and performing checks on its length.
+	 * Normally we'd check the return value for errors...
+	 */
+	X509_NAME_add_entry_by_txt(name,"C",
+				MBSTRING_ASC, "UK", -1, -1, 0);
+	X509_NAME_add_entry_by_txt(name,"CN",
+				MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
 
-	X509_set_subject_name(x,name);
 	X509_set_issuer_name(x,name);
 
-	/* finished with structure */
-	X509_NAME_free(name);
+	/* Add extension using V3 code: we can set the config file as NULL
+	 * because we wont reference any other sections. We can also set
+         * the context to NULL because none of these extensions below will need
+	 * to access it.
+	 */
 
-	data=X509v3_pack_string(NULL,V_ASN1_BIT_STRING,
-		"\001",1);
-	ex=X509_EXTENSION_create_by_NID(NULL,NID_netscape_cert_type,0,data);
+	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_cert_type, "server");
 	X509_add_ext(x,ex,-1);
+	X509_EXTENSION_free(ex);
 
-	X509v3_pack_string(&data,V_ASN1_IA5STRING,
-		"example comment extension",-1);
-	X509_EXTENSION_create_by_NID(&ex,NID_netscape_comment,0,data);
+	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_comment,
+						"example comment extension");
 	X509_add_ext(x,ex,-1);
+	X509_EXTENSION_free(ex);
+
+	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_netscape_ssl_server_name,
+							"www.openssl.org");
 
-	X509v3_pack_string(&data,V_ASN1_BIT_STRING,
-		"www.cryptsoft.com",-1);
-	X509_EXTENSION_create_by_NID(&ex,NID_netscape_ssl_server_name,0,data);
 	X509_add_ext(x,ex,-1);
-	
 	X509_EXTENSION_free(ex);
-	ASN1_OCTET_STRING_free(data);
 
+#if 0
+	/* might want something like this too.... */
+	ex = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,
+							"critical,CA:TRUE");
+
+
+	X509_add_ext(x,ex,-1);
+	X509_EXTENSION_free(ex);
+#endif
+
+#ifdef CUSTOM_EXT
+	/* Maybe even add our own extension based on existing */
+	{
+		int nid;
+		nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
+		X509V3_EXT_add_alias(nid, NID_netscape_comment);
+		ex = X509V3_EXT_conf_nid(NULL, NULL, nid,
+						"example comment alias");
+		X509_add_ext(x,ex,-1);
+		X509_EXTENSION_free(ex);
+	}
+#endif
+	
 	if (!X509_sign(x,pk,EVP_md5()))
 		goto err;
 
@@ -162,7 +178,3 @@ int days;
 err:
 	return(0);
 	}
-			 
-
-
-
diff --git a/demos/sign/Makefile b/demos/sign/Makefile
new file mode 100644
index 0000000000..e6d391e4ad
--- /dev/null
+++ b/demos/sign/Makefile
@@ -0,0 +1,15 @@
+CC=cc
+CFLAGS= -g -I../../include -Wall
+LIBS=  -L../.. -lcrypto
+EXAMPLES=sign
+
+all: $(EXAMPLES) 
+
+sign: sign.o
+	$(CC) -o sign sign.o $(LIBS)
+
+clean:	
+	rm -f $(EXAMPLES) *.o
+
+test: all
+	./sign
diff --git a/demos/sign/sign.c b/demos/sign/sign.c
index 5cbce3cdc5..a6c66e17c3 100644
--- a/demos/sign/sign.c
+++ b/demos/sign/sign.c
@@ -61,16 +61,20 @@
 
 /* converted to C - eay :-) */
 
+/* reformated a bit and converted to use the more common functions: this was
+ * initially written at the dawn of time :-) - Steve.
+ */
+
 #include <stdio.h>
-#include "rsa.h"
-#include "evp.h"
-#include "objects.h"
-#include "x509.h"
-#include "err.h"
-#include "pem.h"
-#include "ssl.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
 
-void main ()
+int main ()
 {
   int err;
   int sig_len;
@@ -90,48 +94,60 @@ void main ()
   
   /* Read private key */
   
-  fp = fopen (keyfile, "r");   if (fp == NULL) exit (1);
-  pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
-				   PEM_STRING_EVP_PKEY,
-				   fp,
-				   NULL, NULL);
-  if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  fp = fopen (keyfile, "r");
+  if (fp == NULL) exit (1);
+  pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
   fclose (fp);
+
+  if (pkey == NULL) { 
+	ERR_print_errors_fp (stderr);
+	exit (1);
+  }
   
   /* Do the signature */
   
-  EVP_SignInit   (&md_ctx, EVP_md5());
+  EVP_SignInit   (&md_ctx, EVP_sha1());
   EVP_SignUpdate (&md_ctx, data, strlen(data));
   sig_len = sizeof(sig_buf);
-  err = EVP_SignFinal (&md_ctx,
-		       sig_buf, 
-		       &sig_len,
-		       pkey);
-  if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  err = EVP_SignFinal (&md_ctx, sig_buf, &sig_len, pkey);
+
+  if (err != 1) {
+	ERR_print_errors_fp(stderr);
+	exit (1);
+  }
+
   EVP_PKEY_free (pkey);
   
   /* Read public key */
   
-  fp = fopen (certfile, "r");   if (fp == NULL) exit (1);
-  x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509,
-				   PEM_STRING_X509,
-				   fp, NULL, NULL);
-  if (x509 == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  fp = fopen (certfile, "r");
+  if (fp == NULL) exit (1);
+  x509 = PEM_read_X509(fp, NULL, NULL, NULL);
   fclose (fp);
+
+  if (x509 == NULL) {
+	ERR_print_errors_fp (stderr);
+	exit (1);
+  }
   
   /* Get public key - eay */
-  pkey=X509_extract_key(x509);
-  if (pkey == NULL) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  pkey=X509_get_pubkey(x509);
+  if (pkey == NULL) {
+	ERR_print_errors_fp (stderr);
+	exit (1);
+  }
 
   /* Verify the signature */
   
-  EVP_VerifyInit   (&md_ctx, EVP_md5());
+  EVP_VerifyInit   (&md_ctx, EVP_sha1());
   EVP_VerifyUpdate (&md_ctx, data, strlen((char*)data));
-  err = EVP_VerifyFinal (&md_ctx,
-			 sig_buf,
-			 sig_len,
-			 pkey);
-  if (err != 1) {  ERR_print_errors_fp (stderr);    exit (1);  }
+  err = EVP_VerifyFinal (&md_ctx, sig_buf, sig_len, pkey);
   EVP_PKEY_free (pkey);
+
+  if (err != 1) {
+	ERR_print_errors_fp (stderr);
+	exit (1);
+  }
   printf ("Signature Verified Ok.\n");
+  return(0);
 }
diff --git a/demos/spkigen.c b/demos/spkigen.c
index 01fe6254f2..2cd5dfea97 100644
--- a/demos/spkigen.c
+++ b/demos/spkigen.c
@@ -6,12 +6,12 @@
  */
 #include <stdio.h>
 #include <stdlib.h>
-#include "err.h"
-#include "asn1.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
+#include <openssl/err.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
 /* The following two don't exist in SSLeay but they are in here as
  * examples */
@@ -65,7 +65,8 @@ char *argv[];
 
 	fprintf(stderr,"please enter challenge string:");
 	fflush(stderr);
-	fgets(buf,120,stdin);
+	buf[0]='\0';
+	fgets(buf,sizeof buf,stdin);
 	i=strlen(buf);
 	if (i > 0) buf[--i]='\0';
 	if (!ASN1_STRING_set((ASN1_STRING *)spki->spkac->challenge,
diff --git a/demos/ssl/cli.cpp b/demos/ssl/cli.cpp
index f52a9c025b..49cba5da0c 100644
--- a/demos/ssl/cli.cpp
+++ b/demos/ssl/cli.cpp
@@ -1,6 +1,10 @@
 /* cli.cpp  -  Minimal ssleay client for Unix
    30.9.1996, Sampo Kellomaki <sampo@iki.fi> */
 
+/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b
+   Simplified to be even more minimal
+   12/98 - 4/99 Wade Scholine <wades@mail.cybg.com> */
+
 #include <stdio.h>
 #include <memory.h>
 #include <errno.h>
@@ -10,12 +14,12 @@
 #include <arpa/inet.h>
 #include <netdb.h>
 
-#include "rsa.h"       /* SSLeay stuff */
-#include "crypto.h"
-#include "x509.h"
-#include "pem.h"
-#include "ssl.h"
-#include "err.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
 
 #define CHK_NULL(x) if ((x)==NULL) exit (1)
 #define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
@@ -31,9 +35,14 @@ void main ()
   X509*    server_cert;
   char*    str;
   char     buf [4096];
+  SSL_METHOD *meth;
 
+  SSLeay_add_ssl_algorithms();
+  meth = SSLv2_client_method();
   SSL_load_error_strings();
-  ctx = SSL_CTX_new ();                        CHK_NULL(ctx);
+  ctx = SSL_CTX_new (meth);                        CHK_NULL(ctx);
+
+  CHK_SSL(err);
   
   /* ----------------------------------------------- */
   /* Create a socket and connect to server using normal socket calls. */
@@ -67,15 +76,15 @@ void main ()
   server_cert = SSL_get_peer_certificate (ssl);       CHK_NULL(server_cert);
   printf ("Server certificate:\n");
   
-  str = X509_NAME_oneline (X509_get_subject_name (server_cert));
+  str = X509_NAME_oneline (X509_get_subject_name (server_cert),0,0);
   CHK_NULL(str);
   printf ("\t subject: %s\n", str);
-  Free (str);
+  OPENSSL_free (str);
 
-  str = X509_NAME_oneline (X509_get_issuer_name  (server_cert));
+  str = X509_NAME_oneline (X509_get_issuer_name  (server_cert),0,0);
   CHK_NULL(str);
   printf ("\t issuer: %s\n", str);
-  Free (str);
+  OPENSSL_free (str);
 
   /* We could do all sorts of certificate verification stuff here before
      deallocating the certificate. */
@@ -87,11 +96,10 @@ void main ()
 
   err = SSL_write (ssl, "Hello World!", strlen("Hello World!"));  CHK_SSL(err);
   
-  shutdown (sd, 1);  /* Half close, send EOF to server. */
-  
   err = SSL_read (ssl, buf, sizeof(buf) - 1);                     CHK_SSL(err);
   buf[err] = '\0';
   printf ("Got %d chars:'%s'\n", err, buf);
+  SSL_shutdown (ssl);  /* send SSL/TLS close_notify */
 
   /* Clean up. */
 
diff --git a/demos/ssl/inetdsrv.cpp b/demos/ssl/inetdsrv.cpp
index b09c8b6e0b..efd70d2771 100644
--- a/demos/ssl/inetdsrv.cpp
+++ b/demos/ssl/inetdsrv.cpp
@@ -8,11 +8,11 @@
 #include <errno.h>
 
 #include "rsa.h"       /* SSLeay stuff */
-#include "crypto.h"
-#include "x509.h"
-#include "pem.h"
-#include "ssl.h"
-#include "err.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
 
 #define HOME "/usr/users/sampo/demo/"
 #define CERTF HOME "plain-cert.pem"
@@ -65,12 +65,12 @@ void main ()
     str = X509_NAME_oneline (X509_get_subject_name (client_cert));
     CHK_NULL(str);
     fprintf (log, "\t subject: %s\n", str);
-    Free (str);
+    OPENSSL_free (str);
     
     str = X509_NAME_oneline (X509_get_issuer_name  (client_cert));
     CHK_NULL(str);
     fprintf (log, "\t issuer: %s\n", str);
-    Free (str);
+    OPENSSL_free (str);
     
     /* We could do all sorts of certificate verification stuff here before
        deallocating the certificate. */
diff --git a/demos/ssl/serv.cpp b/demos/ssl/serv.cpp
index 8681f2f22b..b142c758d2 100644
--- a/demos/ssl/serv.cpp
+++ b/demos/ssl/serv.cpp
@@ -1,7 +1,14 @@
 /* serv.cpp  -  Minimal ssleay server for Unix
    30.9.1996, Sampo Kellomaki <sampo@iki.fi> */
 
+
+/* mangled to work with SSLeay-0.9.0b and OpenSSL 0.9.2b
+   Simplified to be even more minimal
+   12/98 - 4/99 Wade Scholine <wades@mail.cybg.com> */
+
 #include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
 #include <memory.h>
 #include <errno.h>
 #include <sys/types.h>
@@ -10,16 +17,20 @@
 #include <arpa/inet.h>
 #include <netdb.h>
 
-#include "rsa.h"       /* SSLeay stuff */
-#include "crypto.h"
-#include "x509.h"
-#include "pem.h"
-#include "ssl.h"
-#include "err.h"
+#include <openssl/rsa.h>       /* SSLeay stuff */
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+
+/* define HOME to be dir for key and cert files... */
+#define HOME "./"
+/* Make these what you want for cert & key files */
+#define CERTF  HOME "foo-cert.pem"
+#define KEYF  HOME  "foo-cert.pem"
 
-#define HOME "/usr/users/sampo/sibs/tim/"
-#define CERTF HOME "plain-cert.pem"
-#define KEYF  HOME "plain-key.pem"
 
 #define CHK_NULL(x) if ((x)==NULL) exit (1)
 #define CHK_ERR(err,s) if ((err)==-1) { perror(s); exit(1); }
@@ -32,24 +43,39 @@ void main ()
   int sd;
   struct sockaddr_in sa_serv;
   struct sockaddr_in sa_cli;
-  int client_len;
+  size_t client_len;
   SSL_CTX* ctx;
   SSL*     ssl;
   X509*    client_cert;
   char*    str;
   char     buf [4096];
-
+  SSL_METHOD *meth;
+  
   /* SSL preliminaries. We keep the certificate and key with the context. */
 
   SSL_load_error_strings();
-  ctx = SSL_CTX_new ();   CHK_NULL(ctx);
-  
-  err = SSL_CTX_use_RSAPrivateKey_file (ctx, KEYF,  SSL_FILETYPE_PEM);
-  CHK_SSL(err);
-  
-  err = SSL_CTX_use_certificate_file   (ctx, CERTF, SSL_FILETYPE_PEM);
-  CHK_SSL(err);
+  SSLeay_add_ssl_algorithms();
+  meth = SSLv23_server_method();
+  ctx = SSL_CTX_new (meth);
+  if (!ctx) {
+    ERR_print_errors_fp(stderr);
+    exit(2);
+  }
   
+  if (SSL_CTX_use_certificate_file(ctx, CERTF, SSL_FILETYPE_PEM) <= 0) {
+    ERR_print_errors_fp(stderr);
+    exit(3);
+  }
+  if (SSL_CTX_use_PrivateKey_file(ctx, KEYF, SSL_FILETYPE_PEM) <= 0) {
+    ERR_print_errors_fp(stderr);
+    exit(4);
+  }
+
+  if (!SSL_CTX_check_private_key(ctx)) {
+    fprintf(stderr,"Private key does not match the certificate public key\n");
+    exit(5);
+  }
+
   /* ----------------------------------------------- */
   /* Prepare TCP socket for receiving connections */
 
@@ -92,15 +118,15 @@ void main ()
   if (client_cert != NULL) {
     printf ("Client certificate:\n");
     
-    str = X509_NAME_oneline (X509_get_subject_name (client_cert));
+    str = X509_NAME_oneline (X509_get_subject_name (client_cert), 0, 0);
     CHK_NULL(str);
     printf ("\t subject: %s\n", str);
-    Free (str);
+    OPENSSL_free (str);
     
-    str = X509_NAME_oneline (X509_get_issuer_name  (client_cert));
+    str = X509_NAME_oneline (X509_get_issuer_name  (client_cert), 0, 0);
     CHK_NULL(str);
     printf ("\t issuer: %s\n", str);
-    Free (str);
+    OPENSSL_free (str);
     
     /* We could do all sorts of certificate verification stuff here before
        deallocating the certificate. */
diff --git a/demos/ssltest-ecc/ECC-RSAcertgen.sh b/demos/ssltest-ecc/ECC-RSAcertgen.sh
new file mode 100755
index 0000000000..b31a4f1ee0
--- /dev/null
+++ b/demos/ssltest-ecc/ECC-RSAcertgen.sh
@@ -0,0 +1,98 @@
+#!/bin/sh
+
+# For a list of supported curves, use "apps/openssl ecparam -list_curves".
+
+# Path to the openssl distribution
+OPENSSL_DIR=../..
+# Path to the openssl program
+OPENSSL_CMD=$OPENSSL_DIR/apps/openssl
+# Option to find configuration file
+OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf"
+# Directory where certificates are stored
+CERTS_DIR=./Certs
+# Directory where private key files are stored
+KEYS_DIR=$CERTS_DIR
+# Directory where combo files (containing a certificate and corresponding
+# private key together) are stored
+COMBO_DIR=$CERTS_DIR
+# cat command
+CAT=/bin/cat
+# rm command
+RM=/bin/rm
+# mkdir command
+MKDIR=/bin/mkdir
+# The certificate will expire these many days after the issue date.
+DAYS=1500
+TEST_CA_FILE=rsa1024TestCA
+
+TEST_SERVER_CURVE=sect163r1
+TEST_SERVER_FILE=sect163r1-rsaTestServer
+TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (sect163r1 key signed with RSA)"
+
+TEST_CLIENT_CURVE=sect163r1
+TEST_CLIENT_FILE=sect163r1-rsaTestClient
+TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (sect163r1 key signed with RSA)"
+
+# Generating an EC certificate involves the following main steps
+# 1. Generating curve parameters (if needed)
+# 2. Generating a certificate request
+# 3. Signing the certificate request 
+# 4. [Optional] One can combine the cert and private key into a single
+#    file and also delete the certificate request
+
+$MKDIR -p $CERTS_DIR
+$MKDIR -p $KEYS_DIR
+$MKDIR -p $COMBO_DIR
+
+echo "GENERATING A TEST SERVER CERTIFICATE (ECC key signed with RSA)"
+echo "=============================================================="
+$OPENSSL_CMD ecparam -name $TEST_SERVER_CURVE -out $TEST_SERVER_CURVE.pem
+
+$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \
+    -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \
+    -newkey ec:$TEST_SERVER_CURVE.pem -new \
+    -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem
+
+$OPENSSL_CMD x509 -req -days $DAYS \
+    -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \
+    -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
+    -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
+    -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial
+
+# Display the certificate 
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text
+
+# Place the certificate and key in a common file
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \
+	 > $COMBO_DIR/$TEST_SERVER_FILE.pem
+$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem
+
+# Remove the cert request file (no longer needed)
+$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem
+
+echo "GENERATING A TEST CLIENT CERTIFICATE (ECC key signed with RSA)"
+echo "=============================================================="
+$OPENSSL_CMD ecparam -name $TEST_CLIENT_CURVE -out $TEST_CLIENT_CURVE.pem
+
+$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \
+	     -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \
+	     -newkey ec:$TEST_CLIENT_CURVE.pem -new \
+	     -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
+
+$OPENSSL_CMD x509 -req -days $DAYS \
+    -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \
+    -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
+    -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
+    -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial
+
+# Display the certificate 
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text
+
+# Place the certificate and key in a common file
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \
+	 > $COMBO_DIR/$TEST_CLIENT_FILE.pem
+$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem
+
+# Remove the cert request file (no longer needed)
+$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
+
diff --git a/demos/ssltest-ecc/ECCcertgen.sh b/demos/ssltest-ecc/ECCcertgen.sh
new file mode 100755
index 0000000000..a47b8bb0b5
--- /dev/null
+++ b/demos/ssltest-ecc/ECCcertgen.sh
@@ -0,0 +1,164 @@
+#!/bin/sh
+
+# For a list of supported curves, use "apps/openssl ecparam -list_curves".
+
+# Path to the openssl distribution
+OPENSSL_DIR=../..
+# Path to the openssl program
+OPENSSL_CMD=$OPENSSL_DIR/apps/openssl
+# Option to find configuration file
+OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf"
+# Directory where certificates are stored
+CERTS_DIR=./Certs
+# Directory where private key files are stored
+KEYS_DIR=$CERTS_DIR
+# Directory where combo files (containing a certificate and corresponding
+# private key together) are stored
+COMBO_DIR=$CERTS_DIR
+# cat command
+CAT=/bin/cat
+# rm command
+RM=/bin/rm
+# mkdir command
+MKDIR=/bin/mkdir
+# The certificate will expire these many days after the issue date.
+DAYS=1500
+TEST_CA_CURVE=secp160r1
+TEST_CA_FILE=secp160r1TestCA
+TEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (Elliptic curve secp160r1)"
+
+TEST_SERVER_CURVE=secp160r2
+TEST_SERVER_FILE=secp160r2TestServer
+TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (Elliptic curve secp160r2)"
+
+TEST_CLIENT_CURVE=secp160r2
+TEST_CLIENT_FILE=secp160r2TestClient
+TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (Elliptic curve secp160r2)"
+
+# Generating an EC certificate involves the following main steps
+# 1. Generating curve parameters (if needed)
+# 2. Generating a certificate request
+# 3. Signing the certificate request 
+# 4. [Optional] One can combine the cert and private key into a single
+#    file and also delete the certificate request
+
+$MKDIR -p $CERTS_DIR
+$MKDIR -p $KEYS_DIR
+$MKDIR -p $COMBO_DIR
+
+echo "Generating self-signed CA certificate (on curve $TEST_CA_CURVE)"
+echo "==============================================================="
+$OPENSSL_CMD ecparam -name $TEST_CA_CURVE -out $TEST_CA_CURVE.pem
+
+# Generate a new certificate request in $TEST_CA_FILE.req.pem. A 
+# new ecdsa (actually ECC) key pair is generated on the parameters in
+# $TEST_CA_CURVE.pem and the private key is saved in $TEST_CA_FILE.key.pem
+# WARNING: By using the -nodes option, we force the private key to be 
+# stored in the clear (rather than encrypted with a password).
+$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \
+    -keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \
+    -newkey ec:$TEST_CA_CURVE.pem -new \
+    -out $CERTS_DIR/$TEST_CA_FILE.req.pem
+
+# Sign the certificate request in $TEST_CA_FILE.req.pem using the
+# private key in $TEST_CA_FILE.key.pem and include the CA extension.
+# Make the certificate valid for 1500 days from the time of signing.
+# The certificate is written into $TEST_CA_FILE.cert.pem
+$OPENSSL_CMD x509 -req -days $DAYS \
+    -in $CERTS_DIR/$TEST_CA_FILE.req.pem \
+    -extfile $OPENSSL_DIR/apps/openssl.cnf \
+    -extensions v3_ca \
+    -signkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
+    -out $CERTS_DIR/$TEST_CA_FILE.cert.pem
+
+# Display the certificate
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -text
+
+# Place the certificate and key in a common file
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -issuer -subject \
+	 > $COMBO_DIR/$TEST_CA_FILE.pem
+$CAT $KEYS_DIR/$TEST_CA_FILE.key.pem >> $COMBO_DIR/$TEST_CA_FILE.pem
+
+# Remove the cert request file (no longer needed)
+$RM $CERTS_DIR/$TEST_CA_FILE.req.pem
+
+echo "GENERATING A TEST SERVER CERTIFICATE (on elliptic curve $TEST_SERVER_CURVE)"
+echo "=========================================================================="
+# Generate parameters for curve $TEST_SERVER_CURVE, if needed
+$OPENSSL_CMD ecparam -name $TEST_SERVER_CURVE -out $TEST_SERVER_CURVE.pem
+
+# Generate a new certificate request in $TEST_SERVER_FILE.req.pem. A 
+# new ecdsa (actually ECC) key pair is generated on the parameters in
+# $TEST_SERVER_CURVE.pem and the private key is saved in 
+# $TEST_SERVER_FILE.key.pem
+# WARNING: By using the -nodes option, we force the private key to be 
+# stored in the clear (rather than encrypted with a password).
+$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \
+    -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \
+    -newkey ec:$TEST_SERVER_CURVE.pem -new \
+    -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem
+
+# Sign the certificate request in $TEST_SERVER_FILE.req.pem using the
+# CA certificate in $TEST_CA_FILE.cert.pem and the CA private key in
+# $TEST_CA_FILE.key.pem. Since we do not have an existing serial number
+# file for this CA, create one. Make the certificate valid for $DAYS days
+# from the time of signing. The certificate is written into 
+# $TEST_SERVER_FILE.cert.pem
+$OPENSSL_CMD x509 -req -days $DAYS \
+    -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \
+    -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
+    -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
+    -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial
+
+# Display the certificate 
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text
+
+# Place the certificate and key in a common file
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \
+	 > $COMBO_DIR/$TEST_SERVER_FILE.pem
+$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem
+
+# Remove the cert request file (no longer needed)
+$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem
+
+echo "GENERATING A TEST CLIENT CERTIFICATE (on elliptic curve $TEST_CLIENT_CURVE)"
+echo "=========================================================================="
+# Generate parameters for curve $TEST_CLIENT_CURVE, if needed
+$OPENSSL_CMD ecparam -name $TEST_CLIENT_CURVE -out $TEST_CLIENT_CURVE.pem
+
+# Generate a new certificate request in $TEST_CLIENT_FILE.req.pem. A 
+# new ecdsa (actually ECC) key pair is generated on the parameters in
+# $TEST_CLIENT_CURVE.pem and the private key is saved in 
+# $TEST_CLIENT_FILE.key.pem
+# WARNING: By using the -nodes option, we force the private key to be 
+# stored in the clear (rather than encrypted with a password).
+$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \
+	     -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \
+	     -newkey ec:$TEST_CLIENT_CURVE.pem -new \
+	     -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
+
+# Sign the certificate request in $TEST_CLIENT_FILE.req.pem using the
+# CA certificate in $TEST_CA_FILE.cert.pem and the CA private key in
+# $TEST_CA_FILE.key.pem. Since we do not have an existing serial number
+# file for this CA, create one. Make the certificate valid for $DAYS days
+# from the time of signing. The certificate is written into 
+# $TEST_CLIENT_FILE.cert.pem
+$OPENSSL_CMD x509 -req -days $DAYS \
+    -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \
+    -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
+    -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
+    -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial
+
+# Display the certificate 
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text
+
+# Place the certificate and key in a common file
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \
+	 > $COMBO_DIR/$TEST_CLIENT_FILE.pem
+$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem
+
+# Remove the cert request file (no longer needed)
+$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
+
+
+
diff --git a/demos/ssltest-ecc/README b/demos/ssltest-ecc/README
new file mode 100644
index 0000000000..b045c28fb6
--- /dev/null
+++ b/demos/ssltest-ecc/README
@@ -0,0 +1,15 @@
+Scripts for using ECC ciphersuites with test/testssl
+(these ciphersuites are described in the Internet Draft available at
+http://www.ietf.org/internet-drafts/draft-ietf-tls-ecc-02.txt).
+
+Use ECCcertgen.sh, RSAcertgen.sh, ECC-RSAcertgen.sh to generate
+root, client and server certs of the following types:
+
+     ECC certs signed with ECDSA
+     RSA certs signed with RSA
+     ECC certs signed with RSA
+
+Afterwards, you can use ssltest.sh to run the various tests;
+specify one of the following options:
+
+     aecdh, ecdh-ecdsa, ecdhe-ecdsa, ecdh-rsa, ecdhe-rsa
diff --git a/demos/ssltest-ecc/RSAcertgen.sh b/demos/ssltest-ecc/RSAcertgen.sh
new file mode 100755
index 0000000000..0cb0153596
--- /dev/null
+++ b/demos/ssltest-ecc/RSAcertgen.sh
@@ -0,0 +1,121 @@
+#!/bin/sh
+
+# For a list of supported curves, use "apps/openssl ecparam -list_curves".
+
+# Path to the openssl distribution
+OPENSSL_DIR=../..
+# Path to the openssl program
+OPENSSL_CMD=$OPENSSL_DIR/apps/openssl
+# Option to find configuration file
+OPENSSL_CNF="-config $OPENSSL_DIR/apps/openssl.cnf"
+# Directory where certificates are stored
+CERTS_DIR=./Certs
+# Directory where private key files are stored
+KEYS_DIR=$CERTS_DIR
+# Directory where combo files (containing a certificate and corresponding
+# private key together) are stored
+COMBO_DIR=$CERTS_DIR
+# cat command
+CAT=/bin/cat
+# rm command
+RM=/bin/rm
+# mkdir command
+MKDIR=/bin/mkdir
+# The certificate will expire these many days after the issue date.
+DAYS=1500
+TEST_CA_FILE=rsa1024TestCA
+TEST_CA_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test CA (1024 bit RSA)"
+
+TEST_SERVER_FILE=rsa1024TestServer
+TEST_SERVER_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Server (1024 bit RSA)"
+
+TEST_CLIENT_FILE=rsa1024TestClient
+TEST_CLIENT_DN="/C=US/ST=CA/L=Mountain View/O=Sun Microsystems, Inc./OU=Sun Microsystems Laboratories/CN=Test Client (1024 bit RSA)"
+
+# Generating an EC certificate involves the following main steps
+# 1. Generating curve parameters (if needed)
+# 2. Generating a certificate request
+# 3. Signing the certificate request 
+# 4. [Optional] One can combine the cert and private key into a single
+#    file and also delete the certificate request
+
+$MKDIR -p $CERTS_DIR
+$MKDIR -p $KEYS_DIR
+$MKDIR -p $COMBO_DIR
+
+echo "Generating self-signed CA certificate (RSA)"
+echo "==========================================="
+
+$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CA_DN" \
+    -keyout $KEYS_DIR/$TEST_CA_FILE.key.pem \
+    -newkey rsa:1024 -new \
+    -out $CERTS_DIR/$TEST_CA_FILE.req.pem
+
+$OPENSSL_CMD x509 -req -days $DAYS \
+    -in $CERTS_DIR/$TEST_CA_FILE.req.pem \
+    -extfile $OPENSSL_DIR/apps/openssl.cnf \
+    -extensions v3_ca \
+    -signkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
+    -out $CERTS_DIR/$TEST_CA_FILE.cert.pem
+
+# Display the certificate
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -text
+
+# Place the certificate and key in a common file
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CA_FILE.cert.pem -issuer -subject \
+	 > $COMBO_DIR/$TEST_CA_FILE.pem
+$CAT $KEYS_DIR/$TEST_CA_FILE.key.pem >> $COMBO_DIR/$TEST_CA_FILE.pem
+
+# Remove the cert request file (no longer needed)
+$RM $CERTS_DIR/$TEST_CA_FILE.req.pem
+
+echo "GENERATING A TEST SERVER CERTIFICATE (RSA)"
+echo "=========================================="
+
+$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_SERVER_DN" \
+    -keyout $KEYS_DIR/$TEST_SERVER_FILE.key.pem \
+    -newkey rsa:1024 -new \
+    -out $CERTS_DIR/$TEST_SERVER_FILE.req.pem
+
+$OPENSSL_CMD x509 -req -days $DAYS \
+    -in $CERTS_DIR/$TEST_SERVER_FILE.req.pem \
+    -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
+    -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
+    -out $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -CAcreateserial
+
+# Display the certificate 
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -text
+
+# Place the certificate and key in a common file
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_SERVER_FILE.cert.pem -issuer -subject \
+	 > $COMBO_DIR/$TEST_SERVER_FILE.pem
+$CAT $KEYS_DIR/$TEST_SERVER_FILE.key.pem >> $COMBO_DIR/$TEST_SERVER_FILE.pem
+
+# Remove the cert request file (no longer needed)
+$RM $CERTS_DIR/$TEST_SERVER_FILE.req.pem
+
+echo "GENERATING A TEST CLIENT CERTIFICATE (RSA)"
+echo "=========================================="
+
+$OPENSSL_CMD req $OPENSSL_CNF -nodes -subj "$TEST_CLIENT_DN" \
+	     -keyout $KEYS_DIR/$TEST_CLIENT_FILE.key.pem \
+	     -newkey rsa:1024 -new \
+	     -out $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
+
+$OPENSSL_CMD x509 -req -days $DAYS \
+    -in $CERTS_DIR/$TEST_CLIENT_FILE.req.pem \
+    -CA $CERTS_DIR/$TEST_CA_FILE.cert.pem \
+    -CAkey $KEYS_DIR/$TEST_CA_FILE.key.pem \
+    -out $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -CAcreateserial
+
+# Display the certificate 
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -text
+
+# Place the certificate and key in a common file
+$OPENSSL_CMD x509 -in $CERTS_DIR/$TEST_CLIENT_FILE.cert.pem -issuer -subject \
+	 > $COMBO_DIR/$TEST_CLIENT_FILE.pem
+$CAT $KEYS_DIR/$TEST_CLIENT_FILE.key.pem >> $COMBO_DIR/$TEST_CLIENT_FILE.pem
+
+# Remove the cert request file (no longer needed)
+$RM $CERTS_DIR/$TEST_CLIENT_FILE.req.pem
+
diff --git a/demos/ssltest-ecc/ssltest.sh b/demos/ssltest-ecc/ssltest.sh
new file mode 100755
index 0000000000..2d6ff167f5
--- /dev/null
+++ b/demos/ssltest-ecc/ssltest.sh
@@ -0,0 +1,185 @@
+#! /bin/sh
+# Tests ECC cipher suites using ssltest. Requires one argument which could
+# be aecdh or ecdh-ecdsa or ecdhe-ecdsa or ecdh-rsa or ecdhe-rsa.
+# A second optional argument can be one of ssl2 ssl3 or tls1
+
+if [ "$1" = "" ]; then
+  (echo "Usage: $0 test [ protocol ]"
+   echo "   where test is one of aecdh, ecdh-ecdsa, ecdhe-ecdsa, ecdh-rsa, ecdhe-rsa"
+   echo "   and protocol (optional) is one of ssl2, ssl3, tls1"
+   echo "Run RSAcertgen.sh, ECC-RSAcertgen.sh, ECCcertgen.sh first."
+  ) >&2
+  exit 1
+fi
+
+
+OPENSSL_DIR=../..
+CERTS_DIR=./Certs
+SSLTEST=$OPENSSL_DIR/test/ssltest
+# SSL protocol version to test (one of ssl2 ssl3 or tls1)"
+SSLVERSION=
+
+# These don't really require any certificates
+AECDH_CIPHER_LIST="EXP-AECDH-RC4-40-SHA EXP-AECDH-DES-40-CBC-SHA AECDH-DES-CBC3-SHA AECDH-DES-CBC-SHA AECDH-RC4-SHA AECDH-NULL-SHA"
+
+# These require ECC certificates signed with ECDSA
+# The EC public key must be authorized for key agreement.
+ECDH_ECDSA_CIPHER_LIST="EXP-ECDH-ECDSA-RC4-56-SHA EXP-ECDH-ECDSA-RC4-40-SHA ECDH-ECDSA-AES256-SHA ECDH-ECDSA-AES128-SHA ECDH-ECDSA-DES-CBC3-SHA ECDH-ECDSA-DES-CBC-SHA ECDH-ECDSA-RC4-SHA ECDH-ECDSA-NULL-SHA"
+
+# These require ECC certificates.
+# The EC public key must be authorized for digital signature.
+ECDHE_ECDSA_CIPHER_LIST="ECDHE-ECDSA-AES128-SHA"
+
+# These require ECC certificates signed with RSA.
+# The EC public key must be authorized for key agreement.
+ECDH_RSA_CIPHER_LIST="EXP-ECDH-RSA-RC4-56-SHA EXP-ECDH-RSA-RC4-40-SHA ECDH-RSA-AES256-SHA ECDH-RSA-AES128-SHA ECDH-RSA-DES-CBC3-SHA ECDH-RSA-DES-CBC-SHA ECDH-RSA-RC4-SHA ECDH-RSA-NULL-SHA"
+
+# These require RSA certificates.
+# The RSA public key must be authorized for digital signature.
+ECDHE_RSA_CIPHER_LIST="ECDHE-RSA-AES128-SHA"
+
+# List of Elliptic curves over which we wish to test generation of
+# ephemeral ECDH keys when using AECDH or ECDHE ciphers
+# NOTE: secp192r1 = prime192v1 and secp256r1 = prime256v1
+#ELLIPTIC_CURVE_LIST="secp112r1 sect113r2 secp128r1 sect131r1 secp160k1 sect163r2 wap-wsg-idm-ecid-wtls7 c2pnb163v3 c2pnb176v3 c2tnb191v3 secp192r1 prime192v3 sect193r2 secp224r1 wap-wsg-idm-ecid-wtls10 sect239k1 prime239v2 secp256r1 prime256v1 sect283k1 secp384r1 sect409r1 secp521r1 sect571r1"
+ELLIPTIC_CURVE_LIST="sect163k1 sect163r1 sect163r2 sect193r1 sect193r2 sect233k1 sect233r1 sect239k1 sect283k1 sect283r1 sect409k1 sect409r1 sect571k1 sect571r1 secp160k1 secp160r1 secp160r2 secp192k1 prime192v1 secp224k1 secp224r1 secp256k1 prime256v1 secp384r1 secp521r1"
+
+DEFAULT_CURVE="sect163r2"
+
+if [ "$2" = "" ]; then
+    if [ "$SSL_VERSION" = "" ]; then
+	SSL_VERSION=""
+    else
+	SSL_VERSION="-$SSL_VERSION"
+    fi
+else
+    SSL_VERSION="-$2"
+fi
+
+#==============================================================
+# Anonymous cipher suites do not require key or certificate files
+# but ssltest expects a cert file and complains if it can't
+# open the default one.
+SERVER_PEM=$OPENSSL_DIR/apps/server.pem
+
+if [ "$1" = "aecdh" ]; then
+for cipher in $AECDH_CIPHER_LIST
+do
+    echo "Testing $cipher"
+    $SSLTEST $SSL_VERSION -cert $SERVER_PEM -cipher $cipher 
+done
+#--------------------------------------------------------------
+for curve in $ELLIPTIC_CURVE_LIST
+do
+    echo "Testing AECDH-NULL-SHA (with $curve)"
+    $SSLTEST $SSL_VERSION -cert $SERVER_PEM \
+	-named_curve $curve -cipher AECDH-NULL-SHA
+done
+
+for curve in $ELLIPTIC_CURVE_LIST
+do
+    echo "Testing EXP-AECDH-RC4-40-SHA (with $curve)"
+    $SSLTEST $SSL_VERSION -cert $SERVER_PEM \
+	-named_curve $curve -cipher EXP-AECDH-RC4-40-SHA
+done
+fi
+
+#==============================================================
+# Both ECDH-ECDSA and ECDHE-ECDSA cipher suites require 
+# the server to have an ECC certificate signed with ECDSA.
+CA_PEM=$CERTS_DIR/secp160r1TestCA.pem
+SERVER_PEM=$CERTS_DIR/secp160r2TestServer.pem
+CLIENT_PEM=$CERTS_DIR/secp160r2TestClient.pem
+
+if [ "$1" = "ecdh-ecdsa" ]; then
+for cipher in $ECDH_ECDSA_CIPHER_LIST
+do
+    echo "Testing $cipher (with server authentication)"
+    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
+	-cert $SERVER_PEM -server_auth \
+	-cipher $cipher
+
+    echo "Testing $cipher (with server and client authentication)"
+    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
+	-cert $SERVER_PEM -server_auth \
+	-c_cert $CLIENT_PEM -client_auth \
+	-cipher $cipher
+done
+fi
+
+#==============================================================
+if [ "$1" = "ecdhe-ecdsa" ]; then
+for cipher in $ECDHE_ECDSA_CIPHER_LIST
+do
+    echo "Testing $cipher (with server authentication)"
+    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
+	-cert $SERVER_PEM -server_auth \
+	-cipher $cipher -named_curve $DEFAULT_CURVE
+
+    echo "Testing $cipher (with server and client authentication)"
+    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
+	-cert $SERVER_PEM -server_auth \
+	-c_cert $CLIENT_PEM -client_auth \
+	-cipher $cipher -named_curve $DEFAULT_CURVE
+done
+
+#--------------------------------------------------------------
+for curve in $ELLIPTIC_CURVE_LIST
+do
+    echo "Testing ECDHE-ECDSA-AES128-SHA (2-way auth with $curve)"
+    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
+	-cert $SERVER_PEM -server_auth \
+	-c_cert $CLIENT_PEM -client_auth \
+	-cipher ECDHE-ECDSA-AES128-SHA -named_curve $curve 
+done
+fi
+
+#==============================================================
+# ECDH-RSA cipher suites require the server to have an ECC
+# certificate signed with RSA.
+CA_PEM=$CERTS_DIR/rsa1024TestCA.pem
+SERVER_PEM=$CERTS_DIR/sect163r1-rsaTestServer.pem
+CLIENT_PEM=$CERTS_DIR/sect163r1-rsaTestClient.pem
+
+if [ "$1" = "ecdh-rsa" ]; then
+for cipher in $ECDH_RSA_CIPHER_LIST
+do
+    echo "Testing $cipher (with server authentication)"
+    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
+	-cert $SERVER_PEM -server_auth \
+	-cipher $cipher
+
+    echo "Testing $cipher (with server and client authentication)"
+    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
+	-cert $SERVER_PEM -server_auth \
+	-c_cert $CLIENT_PEM -client_auth \
+	-cipher $cipher
+done
+fi
+
+#==============================================================
+# ECDHE-RSA cipher suites require the server to have an RSA cert.
+CA_PEM=$CERTS_DIR/rsa1024TestCA.pem
+SERVER_PEM=$CERTS_DIR/rsa1024TestServer.pem
+CLIENT_PEM=$CERTS_DIR/rsa1024TestClient.pem
+
+if [ "$1" = "ecdhe-rsa" ]; then
+for cipher in $ECDHE_RSA_CIPHER_LIST
+do
+    echo "Testing $cipher (with server authentication)"
+    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
+	-cert $SERVER_PEM -server_auth \
+	-cipher $cipher -named_curve $DEFAULT_CURVE
+
+    echo "Testing $cipher (with server and client authentication)"
+    $SSLTEST $SSL_VERSION -CAfile $CA_PEM \
+	-cert $SERVER_PEM -server_auth \
+	-c_cert $CLIENT_PEM -client_auth \
+	-cipher $cipher -named_curve $DEFAULT_CURVE
+done
+fi
+#==============================================================
+
+
+
+
diff --git a/demos/state_machine/.cvsignore b/demos/state_machine/.cvsignore
new file mode 100644
index 0000000000..9aef0f5d4c
--- /dev/null
+++ b/demos/state_machine/.cvsignore
@@ -0,0 +1 @@
+state_machine
diff --git a/demos/state_machine/Makefile b/demos/state_machine/Makefile
new file mode 100644
index 0000000000..c7a114540d
--- /dev/null
+++ b/demos/state_machine/Makefile
@@ -0,0 +1,9 @@
+CFLAGS=-I../../include -Wall -Werror -g
+
+all: state_machine
+
+state_machine: state_machine.o
+	$(CC) -o state_machine state_machine.o -L../.. -lssl -lcrypto
+
+test: state_machine
+	./state_machine 10000 ../../apps/server.pem ../../apps/server.pem
diff --git a/demos/state_machine/state_machine.c b/demos/state_machine/state_machine.c
new file mode 100644
index 0000000000..fef3f3e3d1
--- /dev/null
+++ b/demos/state_machine/state_machine.c
@@ -0,0 +1,416 @@
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+ * Nuron, a leader in hardware encryption technology, generously
+ * sponsored the development of this demo by Ben Laurie.
+ *
+ * See http://www.nuron.com/.
+ */
+
+/*
+ * the aim of this demo is to provide a fully working state-machine
+ * style SSL implementation, i.e. one where the main loop acquires
+ * some data, then converts it from or to SSL by feeding it into the
+ * SSL state machine. It then does any I/O required by the state machine
+ * and loops.
+ *
+ * In order to keep things as simple as possible, this implementation
+ * listens on a TCP socket, which it expects to get an SSL connection
+ * on (for example, from s_client) and from then on writes decrypted
+ * data to stdout and encrypts anything arriving on stdin. Verbose
+ * commentary is written to stderr.
+ *
+ * This implementation acts as a server, but it can also be done for a client.  */
+
+#include <openssl/ssl.h>
+#include <assert.h>
+#include <unistd.h>
+#include <string.h>
+#include <openssl/err.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+/* die_unless is intended to work like assert, except that it happens
+   always, even if NDEBUG is defined. Use assert as a stopgap. */
+
+#define die_unless(x)	assert(x)
+
+typedef struct
+    {
+    SSL_CTX *pCtx;
+    BIO *pbioRead;
+    BIO *pbioWrite;
+    SSL *pSSL;
+    } SSLStateMachine;
+
+void SSLStateMachine_print_error(SSLStateMachine *pMachine,const char *szErr)
+    {
+    unsigned long l;
+
+    fprintf(stderr,"%s\n",szErr);
+    while((l=ERR_get_error()))
+	{
+	char buf[1024];
+
+	ERR_error_string_n(l,buf,sizeof buf);
+	fprintf(stderr,"Error %lx: %s\n",l,buf);
+	}
+    }
+
+SSLStateMachine *SSLStateMachine_new(const char *szCertificateFile,
+				     const char *szKeyFile)
+    {
+    SSLStateMachine *pMachine=malloc(sizeof *pMachine);
+    int n;
+
+    die_unless(pMachine);
+
+    pMachine->pCtx=SSL_CTX_new(SSLv23_server_method());
+    die_unless(pMachine->pCtx);
+
+    n=SSL_CTX_use_certificate_file(pMachine->pCtx,szCertificateFile,
+				   SSL_FILETYPE_PEM);
+    die_unless(n > 0);
+
+    n=SSL_CTX_use_PrivateKey_file(pMachine->pCtx,szKeyFile,SSL_FILETYPE_PEM);
+    die_unless(n > 0);
+
+    pMachine->pSSL=SSL_new(pMachine->pCtx);
+    die_unless(pMachine->pSSL);
+
+    pMachine->pbioRead=BIO_new(BIO_s_mem());
+
+    pMachine->pbioWrite=BIO_new(BIO_s_mem());
+
+    SSL_set_bio(pMachine->pSSL,pMachine->pbioRead,pMachine->pbioWrite);
+
+    SSL_set_accept_state(pMachine->pSSL);
+
+    return pMachine;
+    }
+
+void SSLStateMachine_read_inject(SSLStateMachine *pMachine,
+				 const unsigned char *aucBuf,int nBuf)
+    {
+    int n=BIO_write(pMachine->pbioRead,aucBuf,nBuf);
+    /* If it turns out this assert fails, then buffer the data here
+     * and just feed it in in churn instead. Seems to me that it
+     * should be guaranteed to succeed, though.
+     */
+    assert(n == nBuf);
+    fprintf(stderr,"%d bytes of encrypted data fed to state machine\n",n);
+    }
+
+int SSLStateMachine_read_extract(SSLStateMachine *pMachine,
+				 unsigned char *aucBuf,int nBuf)
+    {
+    int n;
+
+    if(!SSL_is_init_finished(pMachine->pSSL))
+	{
+	fprintf(stderr,"Doing SSL_accept\n");
+	n=SSL_accept(pMachine->pSSL);
+	if(n == 0)
+	    fprintf(stderr,"SSL_accept returned zero\n");
+	if(n < 0)
+	    {
+	    int err;
+
+	    if((err=SSL_get_error(pMachine->pSSL,n)) == SSL_ERROR_WANT_READ)
+		{
+		fprintf(stderr,"SSL_accept wants more data\n");
+		return 0;
+		}
+
+	    SSLStateMachine_print_error(pMachine,"SSL_accept error");
+	    exit(7);
+	    }
+	return 0;
+	}
+
+    n=SSL_read(pMachine->pSSL,aucBuf,nBuf);
+    if(n < 0)
+	{
+	int err=SSL_get_error(pMachine->pSSL,n);
+
+	if(err == SSL_ERROR_WANT_READ)
+	    {
+	    fprintf(stderr,"SSL_read wants more data\n");
+	    return 0;
+	    }
+
+	SSLStateMachine_print_error(pMachine,"SSL_read error");
+	exit(8);
+	}
+
+    fprintf(stderr,"%d bytes of decrypted data read from state machine\n",n);
+    return n;
+    }
+
+int SSLStateMachine_write_can_extract(SSLStateMachine *pMachine)
+    {
+    int n=BIO_pending(pMachine->pbioWrite);
+    if(n)
+	fprintf(stderr,"There is encrypted data available to write\n");
+    else
+	fprintf(stderr,"There is no encrypted data available to write\n");
+
+    return n;
+    }
+
+int SSLStateMachine_write_extract(SSLStateMachine *pMachine,
+				  unsigned char *aucBuf,int nBuf)
+    {
+    int n;
+
+    n=BIO_read(pMachine->pbioWrite,aucBuf,nBuf);
+    fprintf(stderr,"%d bytes of encrypted data read from state machine\n",n);
+    return n;
+    }
+
+void SSLStateMachine_write_inject(SSLStateMachine *pMachine,
+				  const unsigned char *aucBuf,int nBuf)
+    {
+    int n=SSL_write(pMachine->pSSL,aucBuf,nBuf);
+    /* If it turns out this assert fails, then buffer the data here
+     * and just feed it in in churn instead. Seems to me that it
+     * should be guaranteed to succeed, though.
+     */
+    assert(n == nBuf);
+    fprintf(stderr,"%d bytes of unencrypted data fed to state machine\n",n);
+    }
+
+int OpenSocket(int nPort)
+    {
+    int nSocket;
+    struct sockaddr_in saServer;
+    struct sockaddr_in saClient;
+    int one=1;
+    int nSize;
+    int nFD;
+    int nLen;
+
+    nSocket=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
+    if(nSocket < 0)
+	{
+	perror("socket");
+	exit(1);
+	}
+
+    if(setsockopt(nSocket,SOL_SOCKET,SO_REUSEADDR,(char *)&one,sizeof one) < 0)
+	{
+	perror("setsockopt");
+        exit(2);
+	}
+
+    memset(&saServer,0,sizeof saServer);
+    saServer.sin_family=AF_INET;
+    saServer.sin_port=htons(nPort);
+    nSize=sizeof saServer;
+    if(bind(nSocket,(struct sockaddr *)&saServer,nSize) < 0)
+	{
+	perror("bind");
+	exit(3);
+	}
+
+    if(listen(nSocket,512) < 0)
+	{
+	perror("listen");
+	exit(4);
+	}
+
+    nLen=sizeof saClient;
+    nFD=accept(nSocket,(struct sockaddr *)&saClient,&nLen);
+    if(nFD < 0)
+	{
+	perror("accept");
+	exit(5);
+	}
+
+    fprintf(stderr,"Incoming accepted on port %d\n",nPort);
+
+    return nFD;
+    }
+
+int main(int argc,char **argv)
+    {
+    SSLStateMachine *pMachine;
+    int nPort;
+    int nFD;
+    const char *szCertificateFile;
+    const char *szKeyFile;
+    char rbuf[1];
+    int nrbuf=0;
+
+    if(argc != 4)
+	{
+	fprintf(stderr,"%s <port> <certificate file> <key file>\n",argv[0]);
+	exit(6);
+	}
+
+    nPort=atoi(argv[1]);
+    szCertificateFile=argv[2];
+    szKeyFile=argv[3];
+
+    SSL_library_init();
+    OpenSSL_add_ssl_algorithms();
+    SSL_load_error_strings();
+    ERR_load_crypto_strings();
+
+    nFD=OpenSocket(nPort);
+
+    pMachine=SSLStateMachine_new(szCertificateFile,szKeyFile);
+
+    for( ; ; )
+	{
+	fd_set rfds,wfds;
+	unsigned char buf[1024];
+	int n;
+
+	FD_ZERO(&rfds);
+	FD_ZERO(&wfds);
+
+	/* Select socket for input */
+	FD_SET(nFD,&rfds);
+
+	/* check whether there's decrypted data */
+	if(!nrbuf)
+	    nrbuf=SSLStateMachine_read_extract(pMachine,rbuf,1);
+
+	/* if there's decrypted data, check whether we can write it */
+	if(nrbuf)
+	    FD_SET(1,&wfds);
+
+	/* Select socket for output */
+	if(SSLStateMachine_write_can_extract(pMachine))
+	    FD_SET(nFD,&wfds);
+
+	/* Select stdin for input */
+	FD_SET(0,&rfds);
+
+	/* Wait for something to do something */
+	n=select(nFD+1,&rfds,&wfds,NULL,NULL);
+	assert(n > 0);
+
+	/* Socket is ready for input */
+	if(FD_ISSET(nFD,&rfds))
+	    {
+	    n=read(nFD,buf,sizeof buf);
+	    if(n == 0)
+		{
+		fprintf(stderr,"Got EOF on socket\n");
+		exit(0);
+		}
+	    assert(n > 0);
+
+	    SSLStateMachine_read_inject(pMachine,buf,n);
+	    }
+
+	/* stdout is ready for output (and hence we have some to send it) */
+	if(FD_ISSET(1,&wfds))
+	    {
+	    assert(nrbuf == 1);
+	    buf[0]=rbuf[0];
+	    nrbuf=0;
+
+	    n=SSLStateMachine_read_extract(pMachine,buf+1,sizeof buf-1);
+	    if(n < 0)
+		{
+		SSLStateMachine_print_error(pMachine,"read extract failed");
+		break;
+		}
+	    assert(n >= 0);
+	    ++n;
+	    if(n > 0) /* FIXME: has to be true now */
+		{
+		int w;
+		
+		w=write(1,buf,n);
+		/* FIXME: we should push back any unwritten data */
+		assert(w == n);
+		}
+	    }
+
+	/* Socket is ready for output (and therefore we have output to send) */
+	if(FD_ISSET(nFD,&wfds))
+	    {
+	    int w;
+
+	    n=SSLStateMachine_write_extract(pMachine,buf,sizeof buf);
+	    assert(n > 0);
+
+	    w=write(nFD,buf,n);
+	    /* FIXME: we should push back any unwritten data */
+	    assert(w == n);
+	    }
+
+	/* Stdin is ready for input */
+	if(FD_ISSET(0,&rfds))
+	    {
+	    n=read(0,buf,sizeof buf);
+	    if(n == 0)
+		{
+		fprintf(stderr,"Got EOF on stdin\n");
+		exit(0);
+		}
+	    assert(n > 0);
+
+	    SSLStateMachine_write_inject(pMachine,buf,n);
+	    }
+	}
+    /* not reached */
+    return 0;
+    }
diff --git a/demos/tunala/.cvsignore b/demos/tunala/.cvsignore
new file mode 100644
index 0000000000..1254a1ee29
--- /dev/null
+++ b/demos/tunala/.cvsignore
@@ -0,0 +1,2 @@
+tunala
+
diff --git a/demos/tunala/A-client.pem b/demos/tunala/A-client.pem
new file mode 100644
index 0000000000..a4caf6ef8a
--- /dev/null
+++ b/demos/tunala/A-client.pem
@@ -0,0 +1,84 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=NZ, L=Wellington, O=Really Irresponsible Authorisation Authority (RIAA), OU=Cert-stamping, CN=Jackov al-Trades/Email=none@fake.domain
+        Validity
+            Not Before: Jan 16 05:19:30 2002 GMT
+            Not After : Jan 14 05:19:30 2012 GMT
+        Subject: C=NZ, L=Auckland, O=Mordor, OU=SSL grunt things, CN=tunala-client/Email=client@fake.domain
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:b0:d3:56:5c:c8:7f:fb:f4:95:9d:04:84:4f:82:
+                    b7:a2:75:5c:81:48:8c:56:5d:52:ee:38:e1:5c:c8:
+                    9a:70:8e:72:f2:00:1c:17:ef:df:b7:06:59:82:04:
+                    f1:f6:49:11:12:a6:4d:cb:1e:ed:ac:59:1c:4a:d0:
+                    3d:de:e6:f2:8d:cd:39:c2:0f:e0:46:2f:db:cb:9f:
+                    47:f7:56:e7:f8:16:5f:68:71:fb:3a:e3:ab:d2:e5:
+                    05:b7:da:65:61:fe:6d:30:e4:12:a8:b5:c1:71:24:
+                    6b:aa:80:05:41:17:a0:8b:6e:8b:e6:04:cf:85:7b:
+                    2a:ac:a1:79:7d:f4:96:6e:77
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                F8:43:CB:4F:4D:4F:BC:6E:52:1A:FD:F9:7B:E1:12:3F:A7:A3:BA:93
+            X509v3 Authority Key Identifier: 
+                keyid:49:FB:45:72:12:C4:CC:E1:45:A1:D3:08:9E:95:C4:2C:6D:55:3F:17
+                DirName:/C=NZ/L=Wellington/O=Really Irresponsible Authorisation Authority (RIAA)/OU=Cert-stamping/CN=Jackov al-Trades/Email=none@fake.domain
+                serial:00
+
+    Signature Algorithm: md5WithRSAEncryption
+        8f:5f:0e:43:da:9d:61:43:7e:03:38:9a:e6:50:9d:42:e8:95:
+        34:49:75:ec:04:8d:5c:85:99:94:70:a0:e7:1f:1e:a0:8b:0f:
+        d6:e2:cb:f7:35:d9:96:72:bd:a6:e9:8d:4e:b1:e2:ac:97:7f:
+        2f:70:01:9d:aa:04:bc:d4:01:2b:63:77:a5:de:63:3c:a8:f5:
+        f2:72:af:ec:11:12:c0:d4:70:cf:71:a6:fb:e9:1d:b3:27:07:
+        aa:f2:b1:f3:87:d6:ab:8b:ce:c2:08:1b:3c:f9:ba:ff:77:71:
+        86:09:ef:9e:4e:04:06:63:44:e9:93:20:90:c7:2d:50:c6:50:
+        f8:66
+-----BEGIN CERTIFICATE-----
+MIID9TCCA16gAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBtDELMAkGA1UEBhMCTlox
+EzARBgNVBAcTCldlbGxpbmd0b24xPDA6BgNVBAoTM1JlYWxseSBJcnJlc3BvbnNp
+YmxlIEF1dGhvcmlzYXRpb24gQXV0aG9yaXR5IChSSUFBKTEWMBQGA1UECxMNQ2Vy
+dC1zdGFtcGluZzEZMBcGA1UEAxMQSmFja292IGFsLVRyYWRlczEfMB0GCSqGSIb3
+DQEJARYQbm9uZUBmYWtlLmRvbWFpbjAeFw0wMjAxMTYwNTE5MzBaFw0xMjAxMTQw
+NTE5MzBaMIGHMQswCQYDVQQGEwJOWjERMA8GA1UEBxMIQXVja2xhbmQxDzANBgNV
+BAoTBk1vcmRvcjEZMBcGA1UECxMQU1NMIGdydW50IHRoaW5nczEWMBQGA1UEAxMN
+dHVuYWxhLWNsaWVudDEhMB8GCSqGSIb3DQEJARYSY2xpZW50QGZha2UuZG9tYWlu
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw01ZcyH/79JWdBIRPgreidVyB
+SIxWXVLuOOFcyJpwjnLyABwX79+3BlmCBPH2SRESpk3LHu2sWRxK0D3e5vKNzTnC
+D+BGL9vLn0f3Vuf4Fl9ocfs646vS5QW32mVh/m0w5BKotcFxJGuqgAVBF6CLbovm
+BM+FeyqsoXl99JZudwIDAQABo4IBQDCCATwwCQYDVR0TBAIwADAsBglghkgBhvhC
+AQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPhD
+y09NT7xuUhr9+XvhEj+no7qTMIHhBgNVHSMEgdkwgdaAFEn7RXISxMzhRaHTCJ6V
+xCxtVT8XoYG6pIG3MIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3Rv
+bjE8MDoGA1UEChMzUmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNhdGlvbiBB
+dXRob3JpdHkgKFJJQUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkwFwYDVQQD
+ExBKYWNrb3YgYWwtVHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZha2UuZG9t
+YWluggEAMA0GCSqGSIb3DQEBBAUAA4GBAI9fDkPanWFDfgM4muZQnULolTRJdewE
+jVyFmZRwoOcfHqCLD9biy/c12ZZyvabpjU6x4qyXfy9wAZ2qBLzUAStjd6XeYzyo
+9fJyr+wREsDUcM9xpvvpHbMnB6rysfOH1quLzsIIGzz5uv93cYYJ755OBAZjROmT
+IJDHLVDGUPhm
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQCw01ZcyH/79JWdBIRPgreidVyBSIxWXVLuOOFcyJpwjnLyABwX
+79+3BlmCBPH2SRESpk3LHu2sWRxK0D3e5vKNzTnCD+BGL9vLn0f3Vuf4Fl9ocfs6
+46vS5QW32mVh/m0w5BKotcFxJGuqgAVBF6CLbovmBM+FeyqsoXl99JZudwIDAQAB
+AoGAU4chbqbPvkclPYzaq2yGLlneHrwUft+KwzlfS6L/QVgo+CQRIUWQmjaHpaGM
+YtjVFcg1S1QK1bUqZjTEZT0XKhfbYmqW8yYTfbcDEbnY7esoYlvIlW8qRlPRlTBE
+utKrtZafmVhLgoNawYGD0aLZofPqpYjbGUlrC7nrem2vNJECQQDVLD3Qb+OlEMET
+73ApnJhYsK3e+G2LTrtjrS8y5zS4+Xv61XUqvdV7ogzRl0tpvSAmMOItVyoYadkB
+S3xSIWX9AkEA1Fm1FhkQSZwGG5rf4c6gMN71jJ6JE3/kocdVa0sUjRevIupo4XQ2
+Vkykxi84MRP8cfHqyjewq7Ozv3op2MGWgwJBAKemsb66IJjzAkaBav7u70nhOf0/
++Dc1Zl7QF2y7NVW8sGrnccx5m+ot2lMD4AV6/kvK6jaqdKrapBZGnbGiHqkCQQDI
+T1r33mqz1R8Z2S2Jtzz6/McKf930a/dC+GLGVEutkILf39lRmytKmv/wB0jtWtoO
+rlJ5sLDSNzC+1cE1u997AkEAu3IrtGmLKiuS6kDj6W47m+iiTIsuSJtTJb1SbUaK
+fIoBNFxbvJYW6rUU9+PxpMRaEhzh5s24/jBOE+mlb17mRQ==
+-----END RSA PRIVATE KEY-----
diff --git a/demos/tunala/A-server.pem b/demos/tunala/A-server.pem
new file mode 100644
index 0000000000..e9f37b1895
--- /dev/null
+++ b/demos/tunala/A-server.pem
@@ -0,0 +1,84 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: md5WithRSAEncryption
+        Issuer: C=NZ, L=Wellington, O=Really Irresponsible Authorisation Authority (RIAA), OU=Cert-stamping, CN=Jackov al-Trades/Email=none@fake.domain
+        Validity
+            Not Before: Jan 16 05:14:06 2002 GMT
+            Not After : Jan 14 05:14:06 2012 GMT
+        Subject: C=NZ, L=Wellington, O=Middle Earth, OU=SSL dev things, CN=tunala-server/Email=server@fake.domain
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+            RSA Public Key: (1024 bit)
+                Modulus (1024 bit):
+                    00:a9:3e:62:87:97:13:6b:de:8f:bc:1d:0a:3f:65:
+                    0c:f9:76:a3:53:ce:97:30:27:0d:c6:df:72:1f:8d:
+                    5a:ce:58:23:6a:65:e5:e3:72:1a:8d:7f:fe:90:01:
+                    ea:42:f1:9f:6e:7b:0a:bd:eb:52:15:7b:f4:3d:9c:
+                    4e:db:74:29:2b:d1:81:9d:b9:9e:18:2b:87:e1:da:
+                    50:20:3c:59:6c:c9:83:3e:2c:11:0b:78:1e:03:f4:
+                    56:3a:db:95:6a:75:33:85:a9:7b:cc:3c:4a:67:96:
+                    f2:24:b2:a0:cb:2e:cc:52:18:16:6f:44:d9:29:64:
+                    07:2e:fb:56:cc:7c:dc:a2:d7
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                70:AC:7A:B5:6E:97:C2:82:AF:11:9E:32:CB:8D:48:49:93:B7:DC:22
+            X509v3 Authority Key Identifier: 
+                keyid:49:FB:45:72:12:C4:CC:E1:45:A1:D3:08:9E:95:C4:2C:6D:55:3F:17
+                DirName:/C=NZ/L=Wellington/O=Really Irresponsible Authorisation Authority (RIAA)/OU=Cert-stamping/CN=Jackov al-Trades/Email=none@fake.domain
+                serial:00
+
+    Signature Algorithm: md5WithRSAEncryption
+        2e:cb:a3:cd:6d:a8:9d:d1:dc:e5:f0:e0:27:7e:4b:5a:90:a8:
+        85:43:f0:05:f7:04:43:d7:5f:d1:a5:8f:5c:58:eb:fc:da:c6:
+        7c:e0:0b:2b:98:72:95:f6:79:48:96:7a:fa:0c:6b:09:ec:c6:
+        8c:91:74:45:9f:8f:0f:16:78:e3:66:14:fa:1e:f4:f0:23:ec:
+        cd:a9:52:77:20:4d:c5:05:2c:52:b6:7b:f3:42:33:fd:90:1f:
+        3e:88:6f:9b:23:61:c8:80:3b:e6:57:84:2e:f7:26:c7:35:ed:
+        00:8b:08:30:9b:aa:21:83:b6:6d:b8:7c:8a:9b:2a:ef:79:3d:
+        96:31
+-----BEGIN CERTIFICATE-----
+MIID+zCCA2SgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBtDELMAkGA1UEBhMCTlox
+EzARBgNVBAcTCldlbGxpbmd0b24xPDA6BgNVBAoTM1JlYWxseSBJcnJlc3BvbnNp
+YmxlIEF1dGhvcmlzYXRpb24gQXV0aG9yaXR5IChSSUFBKTEWMBQGA1UECxMNQ2Vy
+dC1zdGFtcGluZzEZMBcGA1UEAxMQSmFja292IGFsLVRyYWRlczEfMB0GCSqGSIb3
+DQEJARYQbm9uZUBmYWtlLmRvbWFpbjAeFw0wMjAxMTYwNTE0MDZaFw0xMjAxMTQw
+NTE0MDZaMIGNMQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3RvbjEVMBMG
+A1UEChMMTWlkZGxlIEVhcnRoMRcwFQYDVQQLEw5TU0wgZGV2IHRoaW5nczEWMBQG
+A1UEAxMNdHVuYWxhLXNlcnZlcjEhMB8GCSqGSIb3DQEJARYSc2VydmVyQGZha2Uu
+ZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpPmKHlxNr3o+8HQo/
+ZQz5dqNTzpcwJw3G33IfjVrOWCNqZeXjchqNf/6QAepC8Z9uewq961IVe/Q9nE7b
+dCkr0YGduZ4YK4fh2lAgPFlsyYM+LBELeB4D9FY625VqdTOFqXvMPEpnlvIksqDL
+LsxSGBZvRNkpZAcu+1bMfNyi1wIDAQABo4IBQDCCATwwCQYDVR0TBAIwADAsBglg
+hkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0O
+BBYEFHCserVul8KCrxGeMsuNSEmTt9wiMIHhBgNVHSMEgdkwgdaAFEn7RXISxMzh
+RaHTCJ6VxCxtVT8XoYG6pIG3MIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2Vs
+bGluZ3RvbjE8MDoGA1UEChMzUmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNh
+dGlvbiBBdXRob3JpdHkgKFJJQUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkw
+FwYDVQQDExBKYWNrb3YgYWwtVHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZh
+a2UuZG9tYWluggEAMA0GCSqGSIb3DQEBBAUAA4GBAC7Lo81tqJ3R3OXw4Cd+S1qQ
+qIVD8AX3BEPXX9Glj1xY6/zaxnzgCyuYcpX2eUiWevoMawnsxoyRdEWfjw8WeONm
+FPoe9PAj7M2pUncgTcUFLFK2e/NCM/2QHz6Ib5sjYciAO+ZXhC73Jsc17QCLCDCb
+qiGDtm24fIqbKu95PZYx
+-----END CERTIFICATE-----
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCpPmKHlxNr3o+8HQo/ZQz5dqNTzpcwJw3G33IfjVrOWCNqZeXj
+chqNf/6QAepC8Z9uewq961IVe/Q9nE7bdCkr0YGduZ4YK4fh2lAgPFlsyYM+LBEL
+eB4D9FY625VqdTOFqXvMPEpnlvIksqDLLsxSGBZvRNkpZAcu+1bMfNyi1wIDAQAB
+AoGANCwqHZhiAU/TyW6+WPqivEhpYw19p/dyFMuPF9DwnEmpaUROUQY8z0AUznn4
+qHhp6Jn/nrprTHowucl0ucweYIYVxZoUiUDFpxdFUbzMdFvo6HcyV1Pe4Rt81HaY
+KYWrTZ6PaPtN65hLms8NhPEdGcGAFlY1owYv4QNGq2bU1JECQQDd32LM0NSfyGmK
+4ziajqGcvzK9NO2XyV/nJsGlJZNgMh2zm1t7yR28l/6Q2uyU49cCN+2aYULZCAfs
+taNvxBspAkEAw0alNub+xj2AVQvaxOB1sGfKzsJjHCzKIxUXn/tJi3j0+2asmkBZ
+Umx1MWr9jKQBnCMciCRUbnMEZiElOxCN/wJAfAeQl6Z19gx206lJzzzEo3dOye54
+k02DSxijT8q9pBzf9bN3ZK987BybtiZr8p+bZiYVsSOF1wViSLURdD1QYQJAIaMU
+qH1n24wShBPTrmAfxbBLTgxL+Dl65Eoo1KT7iSvfv0JzbuqwuDL4iPeuD0DdCiE+
+M/FWHeRwGIuTFzaFzwJBANKwx0jZS/h093w9g0Clw6UzeA1P5VcAt9y+qMC9hO3c
+4KXwIxQAt9yRaFLpiIR9do5bjjKNnMguf3aO/XRSDQM=
+-----END RSA PRIVATE KEY-----
diff --git a/demos/tunala/CA.pem b/demos/tunala/CA.pem
new file mode 100644
index 0000000000..7a55b5463e
--- /dev/null
+++ b/demos/tunala/CA.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID9zCCA2CgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBtDELMAkGA1UEBhMCTlox
+EzARBgNVBAcTCldlbGxpbmd0b24xPDA6BgNVBAoTM1JlYWxseSBJcnJlc3BvbnNp
+YmxlIEF1dGhvcmlzYXRpb24gQXV0aG9yaXR5IChSSUFBKTEWMBQGA1UECxMNQ2Vy
+dC1zdGFtcGluZzEZMBcGA1UEAxMQSmFja292IGFsLVRyYWRlczEfMB0GCSqGSIb3
+DQEJARYQbm9uZUBmYWtlLmRvbWFpbjAeFw0wMjAxMTYwNTA5NTlaFw0xMjAxMTQw
+NTA5NTlaMIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3RvbjE8MDoG
+A1UEChMzUmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNhdGlvbiBBdXRob3Jp
+dHkgKFJJQUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkwFwYDVQQDExBKYWNr
+b3YgYWwtVHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZha2UuZG9tYWluMIGf
+MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7QdDfFIrJn3X24hKmpkyk3TG0Ivxd
+K2wWmDPXq1wjr8lUTwrA6hM5Ba9N36jLieWpXhviLOWu9DBza5GmtgCuXloATKTC
+94xOdKHlciTVujG3wDlLDB5e710Kar84nnj6VueL1RyZ0bmP5PANa4mbGW9Tqc7J
+CkBTTW2y9d0SgQIDAQABo4IBFTCCAREwHQYDVR0OBBYEFEn7RXISxMzhRaHTCJ6V
+xCxtVT8XMIHhBgNVHSMEgdkwgdaAFEn7RXISxMzhRaHTCJ6VxCxtVT8XoYG6pIG3
+MIG0MQswCQYDVQQGEwJOWjETMBEGA1UEBxMKV2VsbGluZ3RvbjE8MDoGA1UEChMz
+UmVhbGx5IElycmVzcG9uc2libGUgQXV0aG9yaXNhdGlvbiBBdXRob3JpdHkgKFJJ
+QUEpMRYwFAYDVQQLEw1DZXJ0LXN0YW1waW5nMRkwFwYDVQQDExBKYWNrb3YgYWwt
+VHJhZGVzMR8wHQYJKoZIhvcNAQkBFhBub25lQGZha2UuZG9tYWluggEAMAwGA1Ud
+EwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYQo95V/NY+eKxYxkhibZiUQygph+
+gTfgbDG20MsnH6+8//w5ArHauFCgDrf0P2VyACgq+N4pBTWFGaAaLwbjKy9HCe2E
+j9C91tO1CqDS4MJkDB5AP13FTkK6fP1ZCiTQranOAp3DlGWTTWsFVyW5kVfQ9diS
+ZOyJZ9Fit5XM2X0=
+-----END CERTIFICATE-----
diff --git a/demos/tunala/INSTALL b/demos/tunala/INSTALL
new file mode 100644
index 0000000000..a65bbeb8d1
--- /dev/null
+++ b/demos/tunala/INSTALL
@@ -0,0 +1,107 @@
+There are two ways to build this code;
+
+(1) Manually
+
+(2) Using all-singing all-dancing (all-confusing) autotools, ie. autoconf,
+automake, and their little friends (autoheader, etc).
+
+=================
+Building Manually
+=================
+
+There is a basic "Makefile" in this directory that gets moved out of the way and
+ignored when building with autoconf et al. This Makefile is suitable for
+building tunala on Linux using gcc. Any other platform probably requires some
+tweaking. Here are the various bits you might need to do if you want to build
+this way and the default Makefile isn't sufficient;
+
+* Compiler: Edit the "CC" definition in Makefile
+
+* Headers, features: tunala.h controls what happens in the non-autoconf world.
+  It, by default, assumes the system has *everything* (except autoconf's
+  "config.h") so if a target system is missing something it must define the
+  appropriate "NO_***" symbols in CFLAGS. These include;
+
+  - NO_HAVE_UNISTD_H, NO_HAVE_FCNTL_H, NO_HAVE_LIMITS_H
+    Indicates the compiling system doesn't have (or need) these header files.
+  - NO_HAVE_STRSTR, NO_HAVE_STRTOUL
+    Indicates the compiling system doesn't have these functions. Replacements
+    are compiled and used in breakage.c
+  - NO_HAVE_SELECT, NO_HAVE_SOCKET
+    Pointless symbols - these indicate select() and/or socket() are missing in
+    which case the program won't compile anyway.
+
+  If you want to specify any of these, add them with "-D" prefixed to each in
+  the CFLAGS definition in Makefile.
+
+* Compilation flags: edit DEBUG_FLAGS and/or CFLAGS directly to control the
+  flags passed to the compiler. This can also be used to change the degree of
+  optimisation.
+
+* Linker flags: some systems (eg. Solaris) require extra linker flags such as;
+  -ldl, -lsocket, -lnsl, etc. If unsure, bring up the man page for whichever
+  function is "undefined" when the linker fails - that usually indicates what
+  you need to add. Make changes to the LINK_FLAGS symbol.
+
+* Linker command: if a different linker syntax or even a different program is
+  required to link, edit the linker line directly in the "tunala:" target
+  definition - it currently assumes the "CC" (compiler) program is used to link.
+
+======================
+Building Automagically
+======================
+
+Automagic building is handled courtesy of autoconf, automake, etc. There are in
+fact two steps required to build, and only the first has to be done on a system
+with these tools installed (and if I was prepared to bloat out the CVS
+repository, I could store these extra files, but I'm not).
+
+First step: "autogunk.sh"
+-------------------------
+
+The "./autogunk.sh" script will call all the necessary autotool commands to
+create missing files and run automake and autoconf. The result is that a
+"./configure" script should be generated and a "Makefile.in" generated from the
+supplied "Makefile.am". NB: This script also moves the "manual" Makefile (see
+above) out of the way and calls it "Makefile.plain" - the "ungunk" script
+reverses this to leave the directory it was previously.
+
+Once "ungunk" has been run, the resulting directory should be able to build on
+other systems without autoconf, automake, or libtool. Which is what the second
+step describes;
+
+Second step: "./configure"
+--------------------------
+
+The second step is to run the generated "./configure" script to create a
+config.h header for your system and to generate a "Makefile" (generated from
+"Makefile.in") tweaked to compile on your system. This is the standard sort of
+thing you see in GNU packages, for example, and the standard tricks also work.
+Eg. to override "configure"'s choice of compiler, set the CC environment
+variable prior to running configure, eg.
+
+    CC=gcc ./configure
+
+would cause "gcc" to be used even if there is an otherwise preferable (to
+autoconf) native compiler on your system.
+
+After this run "make" and it should build the "tunala" executable.
+
+Notes
+-----
+
+- Some versions of autoconf (or automake?) generate a Makefile syntax that gives
+  trouble to some "make" programs on some systems (eg. OpenBSD). If this
+  happens, either build 'Manually' (see above) or use "gmake" instead of "make".
+  I don't like this either but like even less the idea of sifting into all the
+  script magic crud that's involved.
+
+- On a solaris system I tried, the "configure" script specified some broken
+  compiler flags in the resulting Makefile that don't even get echoed to
+  stdout/err when the error happens (evil!). If this happens, go into the
+  generated Makefile, find the two affected targets ("%.o:" and "%.lo"), and
+  remove the offending hidden option in the $(COMPILE) line all the sludge after
+  the two first lines of script (ie. after the "echo" and the "COMPILE" lines).
+  NB: This will probably only function if "--disable-shared" was used, otherwise
+  who knows what would result ...
+
diff --git a/demos/tunala/Makefile b/demos/tunala/Makefile
new file mode 100644
index 0000000000..bef1704a3c
--- /dev/null
+++ b/demos/tunala/Makefile
@@ -0,0 +1,41 @@
+# Edit these to suit
+#
+# Oh yeah, and please read the README too.
+
+
+SSL_HOMEDIR=../..
+SSL_INCLUDEDIR=$(SSL_HOMEDIR)/include
+SSL_LIBDIR=$(SSL_HOMEDIR)
+
+RM=rm -f
+CC=gcc
+DEBUG_FLAGS=-g -ggdb3 -Wall -Wshadow
+INCLUDE_FLAGS=-I$(SSL_INCLUDEDIR)
+CFLAGS=$(DEBUG_FLAGS) $(INCLUDE_FLAGS) -DNO_CONFIG_H
+COMPILE=$(CC) $(CFLAGS) -c
+
+# Edit, particularly the "-ldl" if not building with "dlfcn" support
+LINK_FLAGS=-L$(SSL_LIBDIR) -lssl -lcrypto -ldl
+
+SRCS=buffer.c cb.c ip.c sm.c tunala.c breakage.c
+OBJS=buffer.o cb.o ip.o sm.o tunala.o breakage.o
+
+TARGETS=tunala
+
+default: $(TARGETS)
+
+clean:
+	$(RM) $(OBJS) $(TARGETS) *.bak core
+
+.c.o:
+	$(COMPILE) $<
+
+tunala: $(OBJS)
+	$(CC) -o tunala $(OBJS) $(LINK_FLAGS)
+
+# Extra dependencies, should really use makedepend
+buffer.o: buffer.c tunala.h
+cb.o: cb.c tunala.h
+ip.o: ip.c tunala.h
+sm.o: sm.c tunala.h
+tunala.o: tunala.c tunala.h
diff --git a/demos/tunala/Makefile.am b/demos/tunala/Makefile.am
new file mode 100644
index 0000000000..706c7806c9
--- /dev/null
+++ b/demos/tunala/Makefile.am
@@ -0,0 +1,7 @@
+# Our includes come from the OpenSSL build-tree we're in
+INCLUDES		= -I$(top_builddir)/../../include
+
+bin_PROGRAMS		= tunala
+
+tunala_SOURCES		= tunala.c buffer.c cb.c ip.c sm.c breakage.c
+tunala_LDADD		= -L$(top_builddir)/../.. -lssl -lcrypto
diff --git a/demos/tunala/README b/demos/tunala/README
new file mode 100644
index 0000000000..15690088f3
--- /dev/null
+++ b/demos/tunala/README
@@ -0,0 +1,233 @@
+This is intended to be an example of a state-machine driven SSL application. It
+acts as an SSL tunneler (functioning as either the server or client half,
+depending on command-line arguments). *PLEASE* read the comments in tunala.h
+before you treat this stuff as anything more than a curiosity - YOU HAVE BEEN
+WARNED!! There, that's the draconian bit out of the way ...
+
+
+Why "tunala"??
+--------------
+
+I thought I asked you to read tunala.h?? :-)
+
+
+Show me
+-------
+
+If you want to simply see it running, skip to the end and see some example
+command-line arguments to demonstrate with.
+
+
+Where to look and what to do?
+-----------------------------
+
+The code is split up roughly coinciding with the detaching of an "abstract" SSL
+state machine (which is the purpose of all this) and its surrounding application
+specifics. This is primarily to make it possible for me to know when I could cut
+corners and when I needed to be rigorous (or at least maintain the pretense as
+such :-).
+
+Network stuff:
+
+Basically, the network part of all this is what is supposed to be abstracted out
+of the way. The intention is to illustrate one way to stick OpenSSL's mechanisms
+inside a little memory-driven sandbox and operate it like a pure state-machine.
+So, the network code is inside both ip.c (general utility functions and gory
+IPv4 details) and tunala.c itself, which takes care of application specifics
+like the main select() loop. The connectivity between the specifics of this
+application (TCP/IP tunneling and the associated network code) and the
+underlying abstract SSL state machine stuff is through the use of the "buffer_t"
+type, declared in tunala.h and implemented in buffer.c.
+
+State machine:
+
+Which leaves us, generally speaking, with the abstract "state machine" code left
+over and this is sitting inside sm.c, with declarations inside tunala.h. As can
+be seen by the definition of the state_machine_t structure and the associated
+functions to manipulate it, there are the 3 OpenSSL "handles" plus 4 buffer_t
+structures dealing with IO on both the encrypted and unencrypted sides ("dirty"
+and "clean" respectively). The "SSL" handle is what facilitates the reading and
+writing of the unencrypted (tunneled) data. The two "BIO" handles act as the
+read and write channels for encrypted tunnel traffic - in other applications
+these are often socket BIOs so that the OpenSSL framework operates with the
+network layer directly. In this example, those two BIOs are memory BIOs
+(BIO_s_mem()) so that the sending and receiving of the tunnel traffic stays
+within the state-machine, and we can handle where this gets send to (or read
+from) ourselves.
+
+
+Why?
+----
+
+If you take a look at the "state_machine_t" section of tunala.h and the code in
+sm.c, you will notice that nothing related to the concept of 'transport' is
+involved. The binding to TCP/IP networking occurs in tunala.c, specifically
+within the "tunala_item_t" structure that associates a state_machine_t object
+with 4 file-descriptors. The way to best see where the bridge between the
+outside world (TCP/IP reads, writes, select()s, file-descriptors, etc) and the
+state machine is, is to examine the "tunala_item_io()" function in tunala.c.
+This is currently around lines 641-732 but of course could be subject to change.
+
+
+And...?
+-------
+
+Well, although that function is around 90 lines of code, it could easily have
+been a lot less only I was trying to address an easily missed "gotcha" (item (2)
+below). The main() code that drives the select/accept/IO loop initialises new
+tunala_item_t structures when connections arrive, and works out which
+file-descriptors go where depending on whether we're an SSL client or server
+(client --> accepted connection is clean and proxied is dirty, server -->
+accepted connection is dirty and proxied is clean). What that tunala_item_io()
+function is attempting to do is 2 things;
+
+  (1) Perform all reads and writes on the network directly into the
+      state_machine_t's buffers (based on a previous select() result), and only
+      then allow the abstact state_machine_t to "churn()" using those buffers.
+      This will cause the SSL machine to consume as much input data from the two
+      "IN" buffers as possible, and generate as much output data into the two
+      "OUT" buffers as possible. Back up in the main() function, the next main
+      loop loop will examine these output buffers and select() for writability
+      on the corresponding sockets if the buffers are non-empty.
+
+  (2) Handle the complicated tunneling-specific issue of cascading "close"s.
+      This is the reason for most of the complexity in the logic - if one side
+      of the tunnel is closed, you can't simply close the other side and throw
+      away the whole thing - (a) there may still be outgoing data on the other
+      side of the tunnel that hasn't been sent yet, (b) the close (or things
+      happening during the close) may cause more data to be generated that needs
+      sending on the other side. Of course, this logic is complicated yet futher
+      by the fact that it's different depending on which side closes first :-)
+      state_machine_close_clean() will indicate to the state machine that the
+      unencrypted side of the tunnel has closed, so any existing outgoing data
+      needs to be flushed, and the SSL stream needs to be closed down using the
+      appropriate shutdown sequence. state_machine_close_dirty() is simpler
+      because it indicates that the SSL stream has been disconnected, so all
+      that remains before closing the other side is to flush out anything that
+      remains and wait for it to all be sent.
+
+Anyway, with those things in mind, the code should be a little easier to follow
+in terms of "what is *this* bit supposed to achieve??!!".
+
+
+How might this help?
+--------------------
+
+Well, the reason I wrote this is that there seemed to be rather a flood of
+questions of late on the openssl-dev and openssl-users lists about getting this
+whole IO logic thing sorted out, particularly by those who were trying to either
+use non-blocking IO, or wanted SSL in an environment where "something else" was
+handling the network already and they needed to operate in memory only. This
+code is loosely based on some other stuff I've been working on, although that
+stuff is far more complete, far more dependant on a whole slew of other
+network/framework code I don't want to incorporate here, and far harder to look
+at for 5 minutes and follow where everything is going. I will be trying over
+time to suck in a few things from that into this demo in the hopes it might be
+more useful, and maybe to even make this demo usable as a utility of its own.
+Possible things include:
+
+  * controlling multiple processes/threads - this can be used to combat
+    latencies and get passed file-descriptor limits on some systems, and it uses
+    a "controller" process/thread that maintains IPC links with the
+    processes/threads doing the real work.
+
+  * cert verification rules - having some say over which certs get in or out :-)
+
+  * control over SSL protocols and cipher suites
+
+  * A few other things you can already do in s_client and s_server :-)
+
+  * Support (and control over) session resuming, particularly when functioning
+    as an SSL client.
+
+If you have a particular environment where this model might work to let you "do
+SSL" without having OpenSSL be aware of the transport, then you should find you
+could use the state_machine_t structure (or your own variant thereof) and hook
+it up to your transport stuff in much the way tunala.c matches it up with those
+4 file-descriptors. The state_machine_churn(), state_machine_close_clean(), and
+state_machine_close_dirty() functions are the main things to understand - after
+that's done, you just have to ensure you're feeding and bleeding the 4
+state_machine buffers in a logical fashion. This state_machine loop handles not
+only handshakes and normal streaming, but also renegotiates - there's no special
+handling required beyond keeping an eye on those 4 buffers and keeping them in
+sync with your outer "loop" logic. Ie. if one of the OUT buffers is not empty,
+you need to find an opportunity to try and forward its data on. If one of the IN
+buffers is not full, you should keep an eye out for data arriving that should be
+placed there.
+
+This approach could hopefully also allow you to run the SSL protocol in very
+different environments. As an example, you could support encrypted event-driven
+IPC where threads/processes pass messages to each other inside an SSL layer;
+each IPC-message's payload would be in fact the "dirty" content, and the "clean"
+payload coming out of the tunnel at each end would be the real intended message.
+Likewise, this could *easily* be made to work across unix domain sockets, or
+even entirely different network/comms protocols.
+
+This is also a quick and easy way to do VPN if you (and the remote network's
+gateway) support virtual network devices that are encapsulted in a single
+network connection, perhaps PPP going through an SSL tunnel?
+
+
+Suggestions
+-----------
+
+Please let me know if you find this useful, or if there's anything wrong or
+simply too confusing about it. Patches are also welcome, but please attach a
+description of what it changes and why, and "diff -urN" format is preferred.
+Mail to geoff@openssl.org should do the trick.
+
+
+Example
+-------
+
+Here is an example of how to use "tunala" ...
+
+First, it's assumed that OpenSSL has already built, and that you are building
+inside the ./demos/tunala/ directory. If not - please correct the paths and
+flags inside the Makefile. Likewise, if you want to tweak the building, it's
+best to try and do so in the makefile (eg. removing the debug flags and adding
+optimisation flags).
+
+Secondly, this code has mostly only been tested on Linux. However, some
+autoconf/etc support has been added and the code has been compiled on openbsd
+and solaris using that.
+
+Thirdly, if you are Win32, you probably need to do some *major* rewriting of
+ip.c to stand a hope in hell. Good luck, and please mail me the diff if you do
+this, otherwise I will take a look at another time. It can certainly be done,
+but it's very non-POSIXy.
+
+See the INSTALL document for details on building.
+
+Now, if you don't have an executable "tunala" compiled, go back to "First,...".
+Rinse and repeat.
+
+Inside one console, try typing;
+
+(i)  ./tunala -listen localhost:8080 -proxy localhost:8081 -cacert CA.pem \
+              -cert A-client.pem -out_totals -v_peer -v_strict
+
+In another console, type;
+
+(ii) ./tunala -listen localhost:8081 -proxy localhost:23 -cacert CA.pem \
+              -cert A-server.pem -server 1 -out_totals -v_peer -v_strict
+
+Now if you open another console and "telnet localhost 8080", you should be
+tunneled through to the telnet service on your local machine (if it's running -
+you could change it to port "22" and tunnel ssh instead if you so desired). When
+you logout of the telnet session, the tunnel should cleanly shutdown and show
+you some traffic stats in both consoles. Feel free to experiment. :-)
+
+Notes:
+
+ - the format for the "-listen" argument can skip the host part (eg. "-listen
+   8080" is fine). If you do, the listening socket will listen on all interfaces
+   so you can connect from other machines for example. Using the "localhost"
+   form listens only on 127.0.0.1 so you can only connect locally (unless, of
+   course, you've set up weird stuff with your networking in which case probably
+   none of the above applies).
+
+ - ./tunala -? gives you a list of other command-line options, but tunala.c is
+   also a good place to look :-)
+
+
diff --git a/demos/tunala/autogunk.sh b/demos/tunala/autogunk.sh
new file mode 100755
index 0000000000..c9783c6261
--- /dev/null
+++ b/demos/tunala/autogunk.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+# This script tries to follow the "GNU way" w.r.t. the autobits.
+# This does of course generate a number of irritating files.
+# Try to get over it (I am getting there myself).
+
+# This should generate any missing crud, and then run autoconf which should turn
+# configure.in into a "./configure" script and "Makefile.am" into a
+# "Makefile.in". Then running "./configure" should turn "Makefile.in" into
+# "Makefile" and should generate the config.h containing your systems various
+# settings. I know ... what a hassle ...
+
+# Also, sometimes these autobits things generate bizarre output (looking like
+# errors). So I direct everything "elsewhere" ...
+
+(aclocal
+autoheader
+libtoolize --copy --force
+automake --foreign --add-missing --copy
+autoconf) 1> /dev/null 2>&1
+
+# Move the "no-autotools" Makefile out of the way
+if test ! -f Makefile.plain; then
+	mv Makefile Makefile.plain
+fi
diff --git a/demos/tunala/autoungunk.sh b/demos/tunala/autoungunk.sh
new file mode 100755
index 0000000000..0c9123b6cf
--- /dev/null
+++ b/demos/tunala/autoungunk.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+# This script tries to clean up as much as is possible from whatever diabolical
+# mess has been left in the directory thanks to autoconf, automake, and their
+# friends.
+
+if test -f Makefile.plain; then
+	if test -f Makefile; then
+		make distclean
+	fi
+	mv Makefile.plain Makefile
+else
+	make clean
+fi
+
+rm -f aclocal.m4 config.* configure install-sh \
+	missing mkinstalldirs stamp-h.* Makefile.in \
+	ltconfig ltmain.sh
diff --git a/demos/tunala/breakage.c b/demos/tunala/breakage.c
new file mode 100644
index 0000000000..dcdd64b0ef
--- /dev/null
+++ b/demos/tunala/breakage.c
@@ -0,0 +1,66 @@
+#include "tunala.h"
+
+int int_strtoul(const char *str, unsigned long *val)
+{
+#ifdef HAVE_STRTOUL
+	char *tmp;
+	unsigned long ret = strtoul(str, &tmp, 10);
+	if((str == tmp) || (*tmp != '\0'))
+		/* The value didn't parse cleanly */
+		return 0;
+	if(ret == ULONG_MAX)
+		/* We hit a limit */
+		return 0;
+	*val = ret;
+	return 1;
+#else
+	char buf[2];
+	unsigned long ret = 0;
+	buf[1] = '\0';
+	if(str == '\0')
+		/* An empty string ... */
+		return 0;
+	while(*str != '\0') {
+		/* We have to multiply 'ret' by 10 before absorbing the next
+		 * digit. If this will overflow, catch it now. */
+		if(ret && (((ULONG_MAX + 10) / ret) < 10))
+			return 0;
+		ret *= 10;
+		if(!isdigit(*str))
+			return 0;
+		buf[0] = *str;
+		ret += atoi(buf);
+		str++;
+	}
+	*val = ret;
+	return 1;
+#endif
+}
+
+#ifndef HAVE_STRSTR
+char *int_strstr(const char *haystack, const char *needle)
+{
+	const char *sub_haystack = haystack, *sub_needle = needle;
+	unsigned int offset = 0;
+	if(!needle)
+		return haystack;
+	if(!haystack)
+		return NULL;
+	while((*sub_haystack != '\0') && (*sub_needle != '\0')) {
+		if(sub_haystack[offset] == sub_needle) {
+			/* sub_haystack is still a candidate */
+			offset++;
+			sub_needle++;
+		} else {
+			/* sub_haystack is no longer a possibility */
+			sub_haystack++;
+			offset = 0;
+			sub_needle = needle;
+		}
+	}
+	if(*sub_haystack == '\0')
+		/* Found nothing */
+		return NULL;
+	return sub_haystack;
+}
+#endif
diff --git a/demos/tunala/buffer.c b/demos/tunala/buffer.c
new file mode 100644
index 0000000000..c5cd004209
--- /dev/null
+++ b/demos/tunala/buffer.c
@@ -0,0 +1,205 @@
+#include "tunala.h"
+
+#ifndef NO_BUFFER
+
+void buffer_init(buffer_t *buf)
+{
+	buf->used = 0;
+	buf->total_in = buf->total_out = 0;
+}
+
+void buffer_close(buffer_t *buf)
+{
+	/* Our data is static - nothing needs "release", just reset it */
+	buf->used = 0;
+}
+
+/* Code these simple ones in compact form */
+unsigned int buffer_used(buffer_t *buf) {
+	return buf->used; }
+unsigned int buffer_unused(buffer_t *buf) {
+	return (MAX_DATA_SIZE - buf->used); }
+int buffer_full(buffer_t *buf) {
+	return (buf->used == MAX_DATA_SIZE ? 1 : 0); }
+int buffer_notfull(buffer_t *buf) {
+	return (buf->used < MAX_DATA_SIZE ? 1 : 0); }
+int buffer_empty(buffer_t *buf) {
+	return (buf->used == 0 ? 1 : 0); }
+int buffer_notempty(buffer_t *buf) {
+	return (buf->used > 0 ? 1 : 0); }
+unsigned long buffer_total_in(buffer_t *buf) {
+	return buf->total_in; }
+unsigned long buffer_total_out(buffer_t *buf) {
+	return buf->total_out; }
+
+/* These 3 static (internal) functions don't adjust the "total" variables as
+ * it's not sure when they're called how it should be interpreted. Only the
+ * higher-level "buffer_[to|from]_[fd|SSL|BIO]" functions should alter these
+ * values. */
+#if 0 /* To avoid "unused" warnings */
+static unsigned int buffer_adddata(buffer_t *buf, const unsigned char *ptr,
+		unsigned int size)
+{
+	unsigned int added = MAX_DATA_SIZE - buf->used;
+	if(added > size)
+		added = size;
+	if(added == 0)
+		return 0;
+	memcpy(buf->data + buf->used, ptr, added);
+	buf->used += added;
+	buf->total_in += added;
+	return added;
+}
+
+static unsigned int buffer_tobuffer(buffer_t *to, buffer_t *from, int cap)
+{
+	unsigned int moved, tomove = from->used;
+	if((int)tomove > cap)
+		tomove = cap;
+	if(tomove == 0)
+		return 0;
+	moved = buffer_adddata(to, from->data, tomove);
+	if(moved == 0)
+		return 0;
+	buffer_takedata(from, NULL, moved);
+	return moved;
+}
+#endif
+
+static unsigned int buffer_takedata(buffer_t *buf, unsigned char *ptr,
+		unsigned int size)
+{
+	unsigned int taken = buf->used;
+	if(taken > size)
+		taken = size;
+	if(taken == 0)
+		return 0;
+	if(ptr)
+		memcpy(ptr, buf->data, taken);
+	buf->used -= taken;
+	/* Do we have to scroll? */
+	if(buf->used > 0)
+		memmove(buf->data, buf->data + taken, buf->used);
+	return taken;
+}
+
+#ifndef NO_IP
+
+int buffer_from_fd(buffer_t *buf, int fd)
+{
+	int toread = buffer_unused(buf);
+	if(toread == 0)
+		/* Shouldn't be called in this case! */
+		abort();
+	toread = read(fd, buf->data + buf->used, toread);
+	if(toread > 0) {
+		buf->used += toread;
+		buf->total_in += toread;
+	}
+	return toread;
+}
+
+int buffer_to_fd(buffer_t *buf, int fd)
+{
+	int towrite = buffer_used(buf);
+	if(towrite == 0)
+		/* Shouldn't be called in this case! */
+		abort();
+	towrite = write(fd, buf->data, towrite);
+	if(towrite > 0) {
+		buffer_takedata(buf, NULL, towrite);
+		buf->total_out += towrite;
+	}
+	return towrite;
+}
+
+#endif /* !defined(NO_IP) */
+
+#ifndef NO_OPENSSL
+
+static void int_ssl_check(SSL *s, int ret)
+{
+	int e = SSL_get_error(s, ret);
+	switch(e) {
+		/* These seem to be harmless and already "dealt with" by our
+		 * non-blocking environment. NB: "ZERO_RETURN" is the clean
+		 * "error" indicating a successfully closed SSL tunnel. We let
+		 * this happen because our IO loop should not appear to have
+		 * broken on this condition - and outside the IO loop, the
+		 * "shutdown" state is checked. */
+	case SSL_ERROR_NONE:
+	case SSL_ERROR_WANT_READ:
+	case SSL_ERROR_WANT_WRITE:
+	case SSL_ERROR_WANT_X509_LOOKUP:
+	case SSL_ERROR_ZERO_RETURN:
+		return;
+		/* These seem to be indications of a genuine error that should
+		 * result in the SSL tunnel being regarded as "dead". */
+	case SSL_ERROR_SYSCALL:
+	case SSL_ERROR_SSL:
+		SSL_set_app_data(s, (char *)1);
+		return;
+	default:
+		break;
+	}
+	/* For any other errors that (a) exist, and (b) crop up - we need to
+	 * interpret what to do with them - so "politely inform" the caller that
+	 * the code needs updating here. */
+	abort();
+}
+
+void buffer_from_SSL(buffer_t *buf, SSL *ssl)
+{
+	int ret;
+	if(!ssl || buffer_full(buf))
+		return;
+	ret = SSL_read(ssl, buf->data + buf->used, buffer_unused(buf));
+	if(ret > 0) {
+		buf->used += ret;
+		buf->total_in += ret;
+	}
+	if(ret < 0)
+		int_ssl_check(ssl, ret);
+}
+
+void buffer_to_SSL(buffer_t *buf, SSL *ssl)
+{
+	int ret;
+	if(!ssl || buffer_empty(buf))
+		return;
+	ret = SSL_write(ssl, buf->data, buf->used);
+	if(ret > 0) {
+		buffer_takedata(buf, NULL, ret);
+		buf->total_out += ret;
+	}
+	if(ret < 0)
+		int_ssl_check(ssl, ret);
+}
+
+void buffer_from_BIO(buffer_t *buf, BIO *bio)
+{
+	int ret;
+	if(!bio || buffer_full(buf))
+		return;
+	ret = BIO_read(bio, buf->data + buf->used, buffer_unused(buf));
+	if(ret > 0) {
+		buf->used += ret;
+		buf->total_in += ret;
+	}
+}
+
+void buffer_to_BIO(buffer_t *buf, BIO *bio)
+{
+	int ret;
+	if(!bio || buffer_empty(buf))
+		return;
+	ret = BIO_write(bio, buf->data, buf->used);
+	if(ret > 0) {
+		buffer_takedata(buf, NULL, ret);
+		buf->total_out += ret;
+	}
+}
+
+#endif /* !defined(NO_OPENSSL) */
+
+#endif /* !defined(NO_BUFFER) */
diff --git a/demos/tunala/cb.c b/demos/tunala/cb.c
new file mode 100644
index 0000000000..e64983896e
--- /dev/null
+++ b/demos/tunala/cb.c
@@ -0,0 +1,143 @@
+#include "tunala.h"
+
+#ifndef NO_OPENSSL
+
+/* For callbacks generating output, here are their file-descriptors. */
+static FILE *fp_cb_ssl_info = NULL;
+static FILE *fp_cb_ssl_verify = NULL;
+/* Output level:
+ *     0 = nothing,
+ *     1 = minimal, just errors,
+ *     2 = minimal, all steps,
+ *     3 = detail, all steps */
+static unsigned int cb_ssl_verify_level = 1;
+
+/* Other static rubbish (to mirror s_cb.c where required) */
+static int int_verify_depth = 10;
+
+/* This function is largely borrowed from the one used in OpenSSL's "s_client"
+ * and "s_server" utilities. */
+void cb_ssl_info(const SSL *s, int where, int ret)
+{
+	const char *str1, *str2;
+	int w;
+
+	if(!fp_cb_ssl_info)
+		return;
+
+	w = where & ~SSL_ST_MASK;
+	str1 = (w & SSL_ST_CONNECT ? "SSL_connect" : (w & SSL_ST_ACCEPT ?
+				"SSL_accept" : "undefined")),
+	str2 = SSL_state_string_long(s);
+
+	if (where & SSL_CB_LOOP)
+		fprintf(fp_cb_ssl_info, "(%s) %s\n", str1, str2);
+	else if (where & SSL_CB_EXIT) {
+		if (ret == 0)
+			fprintf(fp_cb_ssl_info, "(%s) failed in %s\n", str1, str2);
+/* In a non-blocking model, we get a few of these "error"s simply because we're
+ * calling "reads" and "writes" on the state-machine that are virtual NOPs
+ * simply to avoid wasting the time seeing if we *should* call them. Removing
+ * this case makes the "-out_state" output a lot easier on the eye. */
+#if 0
+		else if (ret < 0)
+			fprintf(fp_cb_ssl_info, "%s:error in %s\n", str1, str2);
+#endif
+	}
+}
+
+void cb_ssl_info_set_output(FILE *fp)
+{
+	fp_cb_ssl_info = fp;
+}
+
+static const char *int_reason_no_issuer = "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT";
+static const char *int_reason_not_yet = "X509_V_ERR_CERT_NOT_YET_VALID";
+static const char *int_reason_before = "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD";
+static const char *int_reason_expired = "X509_V_ERR_CERT_HAS_EXPIRED";
+static const char *int_reason_after = "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD";
+
+/* Stolen wholesale from apps/s_cb.c :-) And since then, mutilated ... */
+int cb_ssl_verify(int ok, X509_STORE_CTX *ctx)
+{
+	char buf1[256]; /* Used for the subject name */
+	char buf2[256]; /* Used for the issuer name */
+	const char *reason = NULL; /* Error reason (if any) */
+	X509 *err_cert;
+	int err, depth;
+
+	if(!fp_cb_ssl_verify || (cb_ssl_verify_level == 0))
+		return ok;
+	err_cert = X509_STORE_CTX_get_current_cert(ctx);
+	err = X509_STORE_CTX_get_error(ctx);
+	depth = X509_STORE_CTX_get_error_depth(ctx);
+
+	buf1[0] = buf2[0] = '\0';
+	/* Fill buf1 */
+	X509_NAME_oneline(X509_get_subject_name(err_cert), buf1, 256);
+	/* Fill buf2 */
+	X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf2, 256);
+	switch (ctx->error) {
+	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+		reason = int_reason_no_issuer;
+		break;
+	case X509_V_ERR_CERT_NOT_YET_VALID:
+		reason = int_reason_not_yet;
+		break;
+	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+		reason = int_reason_before;
+		break;
+	case X509_V_ERR_CERT_HAS_EXPIRED:
+		reason = int_reason_expired;
+		break;
+	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+		reason = int_reason_after;
+		break;
+	}
+
+	if((cb_ssl_verify_level == 1) && ok)
+		return ok;
+	fprintf(fp_cb_ssl_verify, "chain-depth=%d, ", depth);
+	if(reason)
+		fprintf(fp_cb_ssl_verify, "error=%s\n", reason);
+	else
+		fprintf(fp_cb_ssl_verify, "error=%d\n", err);
+	if(cb_ssl_verify_level < 3)
+		return ok;
+	fprintf(fp_cb_ssl_verify, "--> subject = %s\n", buf1);
+	fprintf(fp_cb_ssl_verify, "--> issuer  = %s\n", buf2);
+	if(!ok)
+		fprintf(fp_cb_ssl_verify,"--> verify error:num=%d:%s\n",err,
+			X509_verify_cert_error_string(err));
+	fprintf(fp_cb_ssl_verify, "--> verify return:%d\n",ok);
+	return ok;
+}
+
+void cb_ssl_verify_set_output(FILE *fp)
+{
+	fp_cb_ssl_verify = fp;
+}
+
+void cb_ssl_verify_set_depth(unsigned int verify_depth)
+{
+	int_verify_depth = verify_depth;
+}
+
+void cb_ssl_verify_set_level(unsigned int level)
+{
+	if(level < 4)
+		cb_ssl_verify_level = level;
+}
+
+RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength)
+{
+	/* TODO: Perhaps make it so our global key can be generated on-the-fly
+	 * after certain intervals? */
+	static RSA *rsa_tmp = NULL;
+	if(!rsa_tmp)
+		rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL, NULL);
+	return rsa_tmp;
+}
+
+#endif /* !defined(NO_OPENSSL) */
+
diff --git a/demos/tunala/configure.in b/demos/tunala/configure.in
new file mode 100644
index 0000000000..b2a6ffc756
--- /dev/null
+++ b/demos/tunala/configure.in
@@ -0,0 +1,28 @@
+dnl Process this file with autoconf to produce a configure script.
+AC_INIT(tunala.c)
+AM_CONFIG_HEADER(config.h)
+AM_INIT_AUTOMAKE(tunala, 0.0.1-dev)
+
+dnl Checks for programs. (Though skip libtool)
+AC_PROG_CC
+dnl AC_PROG_LIBTOOL
+dnl AM_PROG_LIBTOOL
+
+dnl Checks for libraries.
+AC_CHECK_LIB(dl, dlopen)
+AC_CHECK_LIB(socket, socket)
+AC_CHECK_LIB(nsl, gethostbyname)
+
+dnl Checks for header files.
+AC_HEADER_STDC
+AC_CHECK_HEADERS(fcntl.h limits.h unistd.h)
+
+dnl Checks for typedefs, structures, and compiler characteristics.
+AC_C_CONST
+
+dnl Checks for library functions.
+AC_CHECK_FUNCS(strstr strtoul)
+AC_CHECK_FUNCS(select socket)
+AC_CHECK_FUNCS(dlopen)
+
+AC_OUTPUT(Makefile)
diff --git a/demos/tunala/ip.c b/demos/tunala/ip.c
new file mode 100644
index 0000000000..96ef4e6536
--- /dev/null
+++ b/demos/tunala/ip.c
@@ -0,0 +1,146 @@
+#include "tunala.h"
+
+#ifndef NO_IP
+
+#define IP_LISTENER_BACKLOG 511 /* So if it gets masked by 256 or some other
+				   such value it'll still be respectable */
+
+/* Any IP-related initialisations. For now, this means blocking SIGPIPE */
+int ip_initialise(void)
+{
+	struct sigaction sa;
+
+	sa.sa_handler = SIG_IGN;
+	sa.sa_flags = 0;
+	sigemptyset(&sa.sa_mask);
+	if(sigaction(SIGPIPE, &sa, NULL) != 0)
+		return 0;
+	return 1;
+}
+
+int ip_create_listener_split(const char *ip, unsigned short port)
+{
+	struct sockaddr_in in_addr;
+	int fd = -1;
+	int reuseVal = 1;
+
+	/* Create the socket */
+	if((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
+		goto err;
+	/* Set the SO_REUSEADDR flag - servers act weird without it */
+	if(setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)(&reuseVal),
+				sizeof(reuseVal)) != 0)
+		goto err;
+	/* Prepare the listen address stuff */
+	in_addr.sin_family = AF_INET;
+	memcpy(&in_addr.sin_addr.s_addr, ip, 4);
+	in_addr.sin_port = htons(port);
+	/* Bind to the required port/address/interface */
+	if(bind(fd, (struct sockaddr *)&in_addr, sizeof(struct sockaddr_in)) != 0)
+		goto err;
+	/* Start "listening" */
+	if(listen(fd, IP_LISTENER_BACKLOG) != 0)
+		goto err;
+	return fd;
+err:
+	if(fd != -1)
+		close(fd);
+	return -1;
+}
+
+int ip_create_connection_split(const char *ip, unsigned short port)
+{
+	struct sockaddr_in in_addr;
+	int flags, fd = -1;
+
+	/* Create the socket */
+	if((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
+		goto err;
+	/* Make it non-blocking */
+	if(((flags = fcntl(fd, F_GETFL, 0)) < 0) ||
+			(fcntl(fd, F_SETFL, flags | O_NONBLOCK) < 0))
+		goto err;
+	/* Prepare the connection address stuff */
+	in_addr.sin_family = AF_INET;
+	memcpy(&in_addr.sin_addr.s_addr, ip, 4);
+	in_addr.sin_port = htons(port);
+	/* Start a connect (non-blocking, in all likelihood) */
+	if((connect(fd, (struct sockaddr *)&in_addr,
+			sizeof(struct sockaddr_in)) != 0) &&
+			(errno != EINPROGRESS))
+		goto err;
+	return fd;
+err:
+	if(fd != -1)
+		close(fd);
+	return -1;
+}
+
+static char all_local_ip[] = {0x00,0x00,0x00,0x00};
+
+int ip_parse_address(const char *address, const char **parsed_ip,
+		unsigned short *parsed_port, int accept_all_ip)
+{
+	char buf[256];
+	struct hostent *lookup;
+	unsigned long port;
+	const char *ptr = strstr(address, ":");
+	const char *ip = all_local_ip;
+
+	if(!ptr) {
+		/* We assume we're listening on all local interfaces and have
+		 * only specified a port. */
+		if(!accept_all_ip)
+			return 0;
+		ptr = address;
+		goto determine_port;
+	}
+	if((ptr - address) > 255)
+		return 0;
+	memset(buf, 0, 256);
+	memcpy(buf, address, ptr - address);
+	ptr++;
+	if((lookup = gethostbyname(buf)) == NULL) {
+		/* Spit a message to differentiate between lookup failures and
+		 * bad strings. */
+		fprintf(stderr, "hostname lookup for '%s' failed\n", buf);
+		return 0;
+	}
+	ip = lookup->h_addr_list[0];
+determine_port:
+	if(strlen(ptr) < 1)
+		return 0;
+	if(!int_strtoul(ptr, &port) || (port > 65535))
+		return 0;
+	*parsed_ip = ip;
+	*parsed_port = (unsigned short)port;
+	return 1;
+}
+
+int ip_create_listener(const char *address)
+{
+	const char *ip;
+	unsigned short port;
+
+	if(!ip_parse_address(address, &ip, &port, 1))
+		return -1;
+	return ip_create_listener_split(ip, port);
+}
+
+int ip_create_connection(const char *address)
+{
+	const char *ip;
+	unsigned short port;
+
+	if(!ip_parse_address(address, &ip, &port, 0))
+		return -1;
+	return ip_create_connection_split(ip, port);
+}
+
+int ip_accept_connection(int listen_fd)
+{
+	return accept(listen_fd, NULL, NULL);
+}
+
+#endif /* !defined(NO_IP) */
+
diff --git a/demos/tunala/sm.c b/demos/tunala/sm.c
new file mode 100644
index 0000000000..25359e67ef
--- /dev/null
+++ b/demos/tunala/sm.c
@@ -0,0 +1,151 @@
+#include "tunala.h"
+
+#ifndef NO_TUNALA
+
+void state_machine_init(state_machine_t *machine)
+{
+	machine->ssl = NULL;
+	machine->bio_intossl = machine->bio_fromssl = NULL;
+	buffer_init(&machine->clean_in);
+	buffer_init(&machine->clean_out);
+	buffer_init(&machine->dirty_in);
+	buffer_init(&machine->dirty_out);
+}
+
+void state_machine_close(state_machine_t *machine)
+{
+	if(machine->ssl)
+		SSL_free(machine->ssl);
+/* SSL_free seems to decrement the reference counts already so doing this goes
+ * kaboom. */
+#if 0
+	if(machine->bio_intossl)
+		BIO_free(machine->bio_intossl);
+	if(machine->bio_fromssl)
+		BIO_free(machine->bio_fromssl);
+#endif
+	buffer_close(&machine->clean_in);
+	buffer_close(&machine->clean_out);
+	buffer_close(&machine->dirty_in);
+	buffer_close(&machine->dirty_out);
+	state_machine_init(machine);
+}
+
+buffer_t *state_machine_get_buffer(state_machine_t *machine, sm_buffer_t type)
+{
+	switch(type) {
+	case SM_CLEAN_IN:
+		return &machine->clean_in;
+	case SM_CLEAN_OUT:
+		return &machine->clean_out;
+	case SM_DIRTY_IN:
+		return &machine->dirty_in;
+	case SM_DIRTY_OUT:
+		return &machine->dirty_out;
+	default:
+		break;
+	}
+	/* Should never get here */
+	abort();
+	return NULL;
+}
+
+SSL *state_machine_get_SSL(state_machine_t *machine)
+{
+	return machine->ssl;
+}
+
+int state_machine_set_SSL(state_machine_t *machine, SSL *ssl, int is_server)
+{
+	if(machine->ssl)
+		/* Shouldn't ever be set twice */
+		abort();
+	machine->ssl = ssl;
+	/* Create the BIOs to handle the dirty side of the SSL */
+	if((machine->bio_intossl = BIO_new(BIO_s_mem())) == NULL)
+		abort();
+	if((machine->bio_fromssl = BIO_new(BIO_s_mem())) == NULL)
+		abort();
+	/* Hook up the BIOs on the dirty side of the SSL */
+	SSL_set_bio(machine->ssl, machine->bio_intossl, machine->bio_fromssl);
+	if(is_server)
+		SSL_set_accept_state(machine->ssl);
+	else
+		SSL_set_connect_state(machine->ssl);
+	/* If we're the first one to generate traffic - do it now otherwise we
+	 * go into the next select empty-handed and our peer will not send data
+	 * but will similarly wait for us. */
+	return state_machine_churn(machine);
+}
+
+/* Performs the data-IO loop and returns zero if the machine should close */
+int state_machine_churn(state_machine_t *machine)
+{
+	unsigned int loop;
+	if(machine->ssl == NULL) {
+		if(buffer_empty(&machine->clean_out))
+			/* Time to close this state-machine altogether */
+			return 0;
+		else
+			/* Still buffered data on the clean side to go out */
+			return 1;
+	}
+	/* Do this loop twice to cover any dependencies about which precise
+	 * order of reads and writes is required. */
+	for(loop = 0; loop < 2; loop++) {
+		buffer_to_SSL(&machine->clean_in, machine->ssl);
+		buffer_to_BIO(&machine->dirty_in, machine->bio_intossl);
+		buffer_from_SSL(&machine->clean_out, machine->ssl);
+		buffer_from_BIO(&machine->dirty_out, machine->bio_fromssl);
+	}
+	/* We close on the SSL side if the info callback noticed some problems
+	 * or an SSL shutdown was underway and shutdown traffic had all been
+	 * sent. */
+	if(SSL_get_app_data(machine->ssl) || (SSL_get_shutdown(machine->ssl) &&
+				buffer_empty(&machine->dirty_out))) {
+		/* Great, we can seal off the dirty side completely */
+		if(!state_machine_close_dirty(machine))
+			return 0;
+	}
+	/* Either the SSL is alive and well, or the closing process still has
+	 * outgoing data waiting to be sent */
+	return 1;
+}
+
+/* Called when the clean side of the SSL has lost its connection */
+int state_machine_close_clean(state_machine_t *machine)
+{
+	/* Well, first thing to do is null out the clean-side buffers - they're
+	 * no use any more. */
+	buffer_close(&machine->clean_in);
+	buffer_close(&machine->clean_out);
+	/* And start an SSL shutdown */
+	if(machine->ssl)
+		SSL_shutdown(machine->ssl);
+	/* This is an "event", so flush the SSL of any generated traffic */
+	state_machine_churn(machine);
+	if(buffer_empty(&machine->dirty_in) &&
+			buffer_empty(&machine->dirty_out))
+		return 0;
+	return 1;
+}
+
+/* Called when the dirty side of the SSL has lost its connection. This is pretty
+ * terminal as all that can be left to do is send any buffered output on the
+ * clean side - after that, we're done. */
+int state_machine_close_dirty(state_machine_t *machine)
+{
+	buffer_close(&machine->dirty_in);
+	buffer_close(&machine->dirty_out);
+	buffer_close(&machine->clean_in);
+	if(machine->ssl)
+		SSL_free(machine->ssl);
+	machine->ssl = NULL;
+	machine->bio_intossl = machine->bio_fromssl = NULL;
+	if(buffer_empty(&machine->clean_out))
+		return 0;
+	return 1;
+}
+
+#endif /* !defined(NO_TUNALA) */
+
diff --git a/demos/tunala/test.sh b/demos/tunala/test.sh
new file mode 100755
index 0000000000..105b447333
--- /dev/null
+++ b/demos/tunala/test.sh
@@ -0,0 +1,107 @@
+#!/bin/sh
+
+HTTP="localhost:8080"
+CLIENT_PORT="9020"
+SERVER_PORT="9021"
+
+sub_test ()
+{
+	echo "STARTING - $VER $CIPHER"
+	./tunala -listen localhost:$CLIENT_PORT -proxy localhost:$SERVER_PORT \
+		-cacert CA.pem -cert A-client.pem -server 0 \
+		-dh_special standard -v_peer -v_strict \
+		$VER -cipher $CIPHER 1> tc1.txt 2> tc2.txt &
+	./tunala -listen localhost:$SERVER_PORT -proxy $HTTP \
+		-cacert CA.pem -cert A-server.pem -server 1 \
+		-dh_special standard -v_peer -v_strict \
+		$VER -cipher $CIPHER 1> ts1.txt 2> ts2.txt &
+	# Wait for the servers to be listening before starting the wget test
+	DONE="no"
+	while [ "$DONE" != "yes" ]; do
+		L1=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$CLIENT_PORT"`
+		L2=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$SERVER_PORT"`
+		if [ "x$L1" != "x" ]; then
+			DONE="yes"
+		elif [ "x$L2" != "x" ]; then
+			DONE="yes"
+		else
+			sleep 1
+		fi
+	done
+	HTML=`wget -O - -T 1 http://localhost:$CLIENT_PORT 2> /dev/null | grep "<HTML>"`
+	if [ "x$HTML" != "x" ]; then
+		echo "OK - $CIPHER ($VER)"
+	else
+		echo "FAIL - $CIPHER ($VER)"
+		killall tunala
+		exit 1
+	fi
+	killall tunala
+	# Wait for the servers to stop before returning - otherwise the next
+	# test my fail to start ... (fscking race conditions)
+	DONE="yes"
+	while [ "$DONE" != "no" ]; do
+		L1=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$CLIENT_PORT"`
+		L2=`netstat -a | egrep "LISTEN[\t ]*$" | grep ":$SERVER_PORT"`
+		if [ "x$L1" != "x" ]; then
+			DONE="yes"
+		elif [ "x$L2" != "x" ]; then
+			DONE="yes"
+		else
+			DONE="no"
+		fi
+	done
+	exit 0
+}
+
+run_test ()
+{
+	(sub_test 1> /dev/null) || exit 1
+}
+
+run_ssl_test ()
+{
+killall tunala 1> /dev/null 2> /dev/null
+echo ""
+echo "Starting all $PRETTY tests"
+if [ "$PRETTY" != "SSLv2" ]; then
+	if [ "$PRETTY" != "SSLv3" ]; then
+		export VER="-no_ssl2 -no_ssl3"
+		export OSSL="-tls1"
+	else
+		export VER="-no_ssl2 -no_tls1"
+		export OSSL="-ssl3"
+	fi
+else
+	export VER="-no_ssl3 -no_tls1"
+	export OSSL="-ssl2"
+fi
+LIST="`../../apps/openssl ciphers $OSSL | sed -e 's/:/ /g'`"
+#echo "$LIST"
+for i in $LIST; do \
+	DSS=`echo "$i" | grep "DSS"`
+	if [ "x$DSS" != "x" ]; then
+		echo "---- skipping $i (no DSA cert/keys) ----"
+	else
+		export CIPHER=$i
+		run_test
+		echo "SUCCESS: $i"
+	fi
+done;
+}
+
+# Welcome the user
+echo "Tests will assume an http server running at $HTTP"
+
+# TLSv1 test
+export PRETTY="TLSv1"
+run_ssl_test
+
+# SSLv3 test
+export PRETTY="SSLv3"
+run_ssl_test
+
+# SSLv2 test
+export PRETTY="SSLv2"
+run_ssl_test
+
diff --git a/demos/tunala/tunala.c b/demos/tunala/tunala.c
new file mode 100644
index 0000000000..e918cba2ce
--- /dev/null
+++ b/demos/tunala/tunala.c
@@ -0,0 +1,1107 @@
+#if defined(NO_BUFFER) || defined(NO_IP) || defined(NO_OPENSSL)
+#error "Badness, NO_BUFFER, NO_IP or NO_OPENSSL is defined, turn them *off*"
+#endif
+
+/* Include our bits'n'pieces */
+#include "tunala.h"
+
+
+/********************************************/
+/* Our local types that specify our "world" */
+/********************************************/
+
+/* These represent running "tunnels". Eg. if you wanted to do SSL in a
+ * "message-passing" scanario, the "int" file-descriptors might be replaced by
+ * thread or process IDs, and the "select" code might be replaced by message
+ * handling code. Whatever. */
+typedef struct _tunala_item_t {
+	/* The underlying SSL state machine. This is a data-only processing unit
+	 * and we communicate with it by talking to its four "buffers". */
+	state_machine_t sm;
+	/* The file-descriptors for the "dirty" (encrypted) side of the SSL
+	 * setup. In actuality, this is typically a socket and both values are
+	 * identical. */
+	int dirty_read, dirty_send;
+	/* The file-descriptors for the "clean" (unencrypted) side of the SSL
+	 * setup. These could be stdin/stdout, a socket (both values the same),
+	 * or whatever you like. */
+	int clean_read, clean_send;
+} tunala_item_t;
+
+/* This structure is used as the data for running the main loop. Namely, in a
+ * network format such as this, it is stuff for select() - but as pointed out,
+ * when moving the real-world to somewhere else, this might be replaced by
+ * something entirely different. It's basically the stuff that controls when
+ * it's time to do some "work". */
+typedef struct _select_sets_t {
+	int max; /* As required as the first argument to select() */
+	fd_set reads, sends, excepts; /* As passed to select() */
+} select_sets_t;
+typedef struct _tunala_selector_t {
+	select_sets_t last_selected; /* Results of the last select() */
+	select_sets_t next_select; /* What we'll next select on */
+} tunala_selector_t;
+
+/* This structure is *everything*. We do it to avoid the use of globals so that,
+ * for example, it would be easier to shift things around between async-IO,
+ * thread-based, or multi-fork()ed (or combinations thereof). */
+typedef struct _tunala_world_t {
+	/* The file-descriptor we "listen" on for new connections */
+	int listen_fd;
+	/* The array of tunnels */
+	tunala_item_t *tunnels;
+	/* the number of tunnels in use and allocated, respectively */
+	unsigned int tunnels_used, tunnels_size;
+	/* Our outside "loop" context stuff */
+	tunala_selector_t selector;
+	/* Our SSL_CTX, which is configured as the SSL client or server and has
+	 * the various cert-settings and callbacks configured. */
+	SSL_CTX *ssl_ctx;
+	/* Simple flag with complex logic :-) Indicates whether we're an SSL
+	 * server or an SSL client. */
+	int server_mode;
+} tunala_world_t;
+
+/*****************************/
+/* Internal static functions */
+/*****************************/
+
+static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id,
+		const char *CAfile, const char *cert, const char *key,
+		const char *dcert, const char *dkey, const char *cipher_list,
+		const char *dh_file, const char *dh_special, int tmp_rsa,
+		int ctx_options, int out_state, int out_verify, int verify_mode,
+		unsigned int verify_depth);
+static void selector_init(tunala_selector_t *selector);
+static void selector_add_listener(tunala_selector_t *selector, int fd);
+static void selector_add_tunala(tunala_selector_t *selector, tunala_item_t *t);
+static int selector_select(tunala_selector_t *selector);
+/* This returns -1 for error, 0 for no new connections, or 1 for success, in
+ * which case *newfd is populated. */
+static int selector_get_listener(tunala_selector_t *selector, int fd, int *newfd);
+static int tunala_world_new_item(tunala_world_t *world, int fd,
+		const char *ip, unsigned short port, int flipped);
+static void tunala_world_del_item(tunala_world_t *world, unsigned int idx);
+static int tunala_item_io(tunala_selector_t *selector, tunala_item_t *item);
+
+/*********************************************/
+/* MAIN FUNCTION (and its utility functions) */
+/*********************************************/
+
+static const char *def_proxyhost = "127.0.0.1:443";
+static const char *def_listenhost = "127.0.0.1:8080";
+static int def_max_tunnels = 50;
+static const char *def_cacert = NULL;
+static const char *def_cert = NULL;
+static const char *def_key = NULL;
+static const char *def_dcert = NULL;
+static const char *def_dkey = NULL;
+static const char *def_engine_id = NULL;
+static int def_server_mode = 0;
+static int def_flipped = 0;
+static const char *def_cipher_list = NULL;
+static const char *def_dh_file = NULL;
+static const char *def_dh_special = NULL;
+static int def_tmp_rsa = 1;
+static int def_ctx_options = 0;
+static int def_verify_mode = 0;
+static unsigned int def_verify_depth = 10;
+static int def_out_state = 0;
+static unsigned int def_out_verify = 0;
+static int def_out_totals = 0;
+static int def_out_conns = 0;
+
+static const char *helpstring =
+"\n'Tunala' (A tunneler with a New Zealand accent)\n"
+"Usage: tunala [options], where options are from;\n"
+" -listen [host:]<port>  (default = 127.0.0.1:8080)\n"
+" -proxy <host>:<port>   (default = 127.0.0.1:443)\n"
+" -maxtunnels <num>      (default = 50)\n"
+" -cacert <path|NULL>    (default = NULL)\n"
+" -cert <path|NULL>      (default = NULL)\n"
+" -key <path|NULL>       (default = whatever '-cert' is)\n"
+" -dcert <path|NULL>     (usually for DSA, default = NULL)\n"
+" -dkey <path|NULL>      (usually for DSA, default = whatever '-dcert' is)\n"
+" -engine <id|NULL>      (default = NULL)\n"
+" -server <0|1>          (default = 0, ie. an SSL client)\n"
+" -flipped <0|1>         (makes SSL servers be network clients, and vice versa)\n"
+" -cipher <list>         (specifies cipher list to use)\n"
+" -dh_file <path>        (a PEM file containing DH parameters to use)\n"
+" -dh_special <NULL|generate|standard> (see below: def=NULL)\n"
+" -no_tmp_rsa            (don't generate temporary RSA keys)\n"
+" -no_ssl2               (disable SSLv2)\n"
+" -no_ssl3               (disable SSLv3)\n"
+" -no_tls1               (disable TLSv1)\n"
+" -v_peer                (verify the peer certificate)\n"
+" -v_strict              (do not continue if peer doesn't authenticate)\n"
+" -v_once                (no verification in renegotiates)\n"
+" -v_depth <num>         (limit certificate chain depth, default = 10)\n"
+" -out_conns             (prints client connections and disconnections)\n"
+" -out_state             (prints SSL handshake states)\n"
+" -out_verify <0|1|2|3>  (prints certificate verification states: def=1)\n"
+" -out_totals            (prints out byte-totals when a tunnel closes)\n"
+" -<h|help|?>            (displays this help screen)\n"
+"Notes:\n"
+"(1) It is recommended to specify a cert+key when operating as an SSL server.\n"
+"    If you only specify '-cert', the same file must contain a matching\n"
+"    private key.\n"
+"(2) Either dh_file or dh_special can be used to specify where DH parameters\n"
+"    will be obtained from (or '-dh_special NULL' for the default choice) but\n"
+"    you cannot specify both. For dh_special, 'generate' will create new DH\n"
+"    parameters on startup, and 'standard' will use embedded parameters\n"
+"    instead.\n"
+"(3) Normally an ssl client connects to an ssl server - so that an 'ssl client\n"
+"    tunala' listens for 'clean' client connections and proxies ssl, and an\n"
+"    'ssl server tunala' listens for ssl connections and proxies 'clean'. With\n"
+"    '-flipped 1', this behaviour is reversed so that an 'ssl server tunala'\n"
+"    listens for clean client connections and proxies ssl (but participating\n"
+"    as an ssl *server* in the SSL/TLS protocol), and an 'ssl client tunala'\n"
+"    listens for ssl connections (participating as an ssl *client* in the\n"
+"    SSL/TLS protocol) and proxies 'clean' to the end destination. This can\n"
+"    be useful for allowing network access to 'servers' where only the server\n"
+"    needs to authenticate the client (ie. the other way is not required).\n"
+"    Even with client and server authentication, this 'technique' mitigates\n"
+"    some DoS (denial-of-service) potential as it will be the network client\n"
+"    having to perform the first private key operation rather than the other\n"
+"    way round.\n"
+"(4) The 'technique' used by setting '-flipped 1' is probably compatible with\n"
+"    absolutely nothing except another complimentary instance of 'tunala'\n"
+"    running with '-flipped 1'. :-)\n";
+
+/* Default DH parameters for use with "-dh_special standard" ... stolen striaght
+ * from s_server. */
+static unsigned char dh512_p[]={
+	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
+	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
+	0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
+	0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
+	0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
+	0x47,0x74,0xE8,0x33,
+	};
+static unsigned char dh512_g[]={
+	0x02,
+	};
+
+/* And the function that parses the above "standard" parameters, again, straight
+ * out of s_server. */
+static DH *get_dh512(void)
+	{
+	DH *dh=NULL;
+
+	if ((dh=DH_new()) == NULL) return(NULL);
+	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+	if ((dh->p == NULL) || (dh->g == NULL))
+		return(NULL);
+	return(dh);
+	}
+
+/* Various help/error messages used by main() */
+static int usage(const char *errstr, int isunknownarg)
+{
+	if(isunknownarg)
+		fprintf(stderr, "Error: unknown argument '%s'\n", errstr);
+	else
+		fprintf(stderr, "Error: %s\n", errstr);
+	fprintf(stderr, "%s\n", helpstring);
+	return 1;
+}
+
+static int err_str0(const char *str0)
+{
+	fprintf(stderr, "%s\n", str0);
+	return 1;
+}
+
+static int err_str1(const char *fmt, const char *str1)
+{
+	fprintf(stderr, fmt, str1);
+	fprintf(stderr, "\n");
+	return 1;
+}
+
+static int parse_max_tunnels(const char *s, unsigned int *maxtunnels)
+{
+	unsigned long l;
+	if(!int_strtoul(s, &l) || (l < 1) || (l > 1024)) {
+		fprintf(stderr, "Error, '%s' is an invalid value for "
+				"maxtunnels\n", s);
+		return 0;
+	}
+	*maxtunnels = (unsigned int)l;
+	return 1;
+}
+
+static int parse_server_mode(const char *s, int *servermode)
+{
+	unsigned long l;
+	if(!int_strtoul(s, &l) || (l > 1)) {
+		fprintf(stderr, "Error, '%s' is an invalid value for the "
+				"server mode\n", s);
+		return 0;
+	}
+	*servermode = (int)l;
+	return 1;
+}
+
+static int parse_dh_special(const char *s, const char **dh_special)
+{
+	if((strcmp(s, "NULL") == 0) || (strcmp(s, "generate") == 0) ||
+			(strcmp(s, "standard") == 0)) {
+		*dh_special = s;
+		return 1;
+	}
+	fprintf(stderr, "Error, '%s' is an invalid value for 'dh_special'\n", s);
+	return 0;
+}
+
+static int parse_verify_level(const char *s, unsigned int *verify_level)
+{
+	unsigned long l;
+	if(!int_strtoul(s, &l) || (l > 3)) {
+		fprintf(stderr, "Error, '%s' is an invalid value for "
+				"out_verify\n", s);
+		return 0;
+	}
+	*verify_level = (unsigned int)l;
+	return 1;
+}
+
+static int parse_verify_depth(const char *s, unsigned int *verify_depth)
+{
+	unsigned long l;
+	if(!int_strtoul(s, &l) || (l < 1) || (l > 50)) {
+		fprintf(stderr, "Error, '%s' is an invalid value for "
+				"verify_depth\n", s);
+		return 0;
+	}
+	*verify_depth = (unsigned int)l;
+	return 1;
+}
+
+/* Some fprintf format strings used when tunnels close */
+static const char *io_stats_dirty =
+"    SSL traffic;   %8lu bytes in, %8lu bytes out\n";
+static const char *io_stats_clean =
+"    clear traffic; %8lu bytes in, %8lu bytes out\n";
+
+int main(int argc, char *argv[])
+{
+	unsigned int loop;
+	int newfd;
+	tunala_world_t world;
+	tunala_item_t *t_item;
+	const char *proxy_ip;
+	unsigned short proxy_port;
+	/* Overridables */
+	const char *proxyhost = def_proxyhost;
+	const char *listenhost = def_listenhost;
+	unsigned int max_tunnels = def_max_tunnels;
+	const char *cacert = def_cacert;
+	const char *cert = def_cert;
+	const char *key = def_key;
+	const char *dcert = def_dcert;
+	const char *dkey = def_dkey;
+	const char *engine_id = def_engine_id;
+	int server_mode = def_server_mode;
+	int flipped = def_flipped;
+	const char *cipher_list = def_cipher_list;
+	const char *dh_file = def_dh_file;
+	const char *dh_special = def_dh_special;
+	int tmp_rsa = def_tmp_rsa;
+	int ctx_options = def_ctx_options;
+	int verify_mode = def_verify_mode;
+	unsigned int verify_depth = def_verify_depth;
+	int out_state = def_out_state;
+	unsigned int out_verify = def_out_verify;
+	int out_totals = def_out_totals;
+	int out_conns = def_out_conns;
+
+/* Parse command-line arguments */
+next_arg:
+	argc--; argv++;
+	if(argc > 0) {
+		if(strcmp(*argv, "-listen") == 0) {
+			if(argc < 2)
+				return usage("-listen requires an argument", 0);
+			argc--; argv++;
+			listenhost = *argv;
+			goto next_arg;
+		} else if(strcmp(*argv, "-proxy") == 0) {
+			if(argc < 2)
+				return usage("-proxy requires an argument", 0);
+			argc--; argv++;
+			proxyhost = *argv;
+			goto next_arg;
+		} else if(strcmp(*argv, "-maxtunnels") == 0) {
+			if(argc < 2)
+				return usage("-maxtunnels requires an argument", 0);
+			argc--; argv++;
+			if(!parse_max_tunnels(*argv, &max_tunnels))
+				return 1;
+			goto next_arg;
+		} else if(strcmp(*argv, "-cacert") == 0) {
+			if(argc < 2)
+				return usage("-cacert requires an argument", 0);
+			argc--; argv++;
+			if(strcmp(*argv, "NULL") == 0)
+				cacert = NULL;
+			else
+				cacert = *argv;
+			goto next_arg;
+		} else if(strcmp(*argv, "-cert") == 0) {
+			if(argc < 2)
+				return usage("-cert requires an argument", 0);
+			argc--; argv++;
+			if(strcmp(*argv, "NULL") == 0)
+				cert = NULL;
+			else
+				cert = *argv;
+			goto next_arg;
+		} else if(strcmp(*argv, "-key") == 0) {
+			if(argc < 2)
+				return usage("-key requires an argument", 0);
+			argc--; argv++;
+			if(strcmp(*argv, "NULL") == 0)
+				key = NULL;
+			else
+				key = *argv;
+			goto next_arg;
+		} else if(strcmp(*argv, "-dcert") == 0) {
+			if(argc < 2)
+				return usage("-dcert requires an argument", 0);
+			argc--; argv++;
+			if(strcmp(*argv, "NULL") == 0)
+				dcert = NULL;
+			else
+				dcert = *argv;
+			goto next_arg;
+		} else if(strcmp(*argv, "-dkey") == 0) {
+			if(argc < 2)
+				return usage("-dkey requires an argument", 0);
+			argc--; argv++;
+			if(strcmp(*argv, "NULL") == 0)
+				dkey = NULL;
+			else
+				dkey = *argv;
+			goto next_arg;
+		} else if(strcmp(*argv, "-engine") == 0) {
+			if(argc < 2)
+				return usage("-engine requires an argument", 0);
+			argc--; argv++;
+			engine_id = *argv;
+			goto next_arg;
+		} else if(strcmp(*argv, "-server") == 0) {
+			if(argc < 2)
+				return usage("-server requires an argument", 0);
+			argc--; argv++;
+			if(!parse_server_mode(*argv, &server_mode))
+				return 1;
+			goto next_arg;
+		} else if(strcmp(*argv, "-flipped") == 0) {
+			if(argc < 2)
+				return usage("-flipped requires an argument", 0);
+			argc--; argv++;
+			if(!parse_server_mode(*argv, &flipped))
+				return 1;
+			goto next_arg;
+		} else if(strcmp(*argv, "-cipher") == 0) {
+			if(argc < 2)
+				return usage("-cipher requires an argument", 0);
+			argc--; argv++;
+			cipher_list = *argv;
+			goto next_arg;
+		} else if(strcmp(*argv, "-dh_file") == 0) {
+			if(argc < 2)
+				return usage("-dh_file requires an argument", 0);
+			if(dh_special)
+				return usage("cannot mix -dh_file with "
+						"-dh_special", 0);
+			argc--; argv++;
+			dh_file = *argv;
+			goto next_arg;
+		} else if(strcmp(*argv, "-dh_special") == 0) {
+			if(argc < 2)
+				return usage("-dh_special requires an argument", 0);
+			if(dh_file)
+				return usage("cannot mix -dh_file with "
+						"-dh_special", 0);
+			argc--; argv++;
+			if(!parse_dh_special(*argv, &dh_special))
+				return 1;
+			goto next_arg;
+		} else if(strcmp(*argv, "-no_tmp_rsa") == 0) {
+			tmp_rsa = 0;
+			goto next_arg;
+		} else if(strcmp(*argv, "-no_ssl2") == 0) {
+			ctx_options |= SSL_OP_NO_SSLv2;
+			goto next_arg;
+		} else if(strcmp(*argv, "-no_ssl3") == 0) {
+			ctx_options |= SSL_OP_NO_SSLv3;
+			goto next_arg;
+		} else if(strcmp(*argv, "-no_tls1") == 0) {
+			ctx_options |= SSL_OP_NO_TLSv1;
+			goto next_arg;
+		} else if(strcmp(*argv, "-v_peer") == 0) {
+			verify_mode |= SSL_VERIFY_PEER;
+			goto next_arg;
+		} else if(strcmp(*argv, "-v_strict") == 0) {
+			verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+			goto next_arg;
+		} else if(strcmp(*argv, "-v_once") == 0) {
+			verify_mode |= SSL_VERIFY_CLIENT_ONCE;
+			goto next_arg;
+		} else if(strcmp(*argv, "-v_depth") == 0) {
+			if(argc < 2)
+				return usage("-v_depth requires an argument", 0);
+			argc--; argv++;
+			if(!parse_verify_depth(*argv, &verify_depth))
+				return 1;
+			goto next_arg;
+		} else if(strcmp(*argv, "-out_state") == 0) {
+			out_state = 1;
+			goto next_arg;
+		} else if(strcmp(*argv, "-out_verify") == 0) {
+			if(argc < 2)
+				return usage("-out_verify requires an argument", 0);
+			argc--; argv++;
+			if(!parse_verify_level(*argv, &out_verify))
+				return 1;
+			goto next_arg;
+		} else if(strcmp(*argv, "-out_totals") == 0) {
+			out_totals = 1;
+			goto next_arg;
+		} else if(strcmp(*argv, "-out_conns") == 0) {
+			out_conns = 1;
+			goto next_arg;
+		} else if((strcmp(*argv, "-h") == 0) ||
+				(strcmp(*argv, "-help") == 0) ||
+				(strcmp(*argv, "-?") == 0)) {
+			fprintf(stderr, "%s\n", helpstring);
+			return 0;
+		} else
+			return usage(*argv, 1);
+	}
+	/* Run any sanity checks we want here */
+	if(!cert && !dcert && server_mode)
+		fprintf(stderr, "WARNING: you are running an SSL server without "
+				"a certificate - this may not work!\n");
+
+	/* Initialise network stuff */
+	if(!ip_initialise())
+		return err_str0("ip_initialise failed");
+	/* Create the SSL_CTX */
+	if((world.ssl_ctx = initialise_ssl_ctx(server_mode, engine_id,
+			cacert, cert, key, dcert, dkey, cipher_list, dh_file,
+			dh_special, tmp_rsa, ctx_options, out_state, out_verify,
+			verify_mode, verify_depth)) == NULL)
+		return err_str1("initialise_ssl_ctx(engine_id=%s) failed",
+			(engine_id == NULL) ? "NULL" : engine_id);
+	if(engine_id)
+		fprintf(stderr, "Info, engine '%s' initialised\n", engine_id);
+	/* Create the listener */
+	if((world.listen_fd = ip_create_listener(listenhost)) == -1)
+		return err_str1("ip_create_listener(%s) failed", listenhost);
+	fprintf(stderr, "Info, listening on '%s'\n", listenhost);
+	if(!ip_parse_address(proxyhost, &proxy_ip, &proxy_port, 0))
+		return err_str1("ip_parse_address(%s) failed", proxyhost);
+	fprintf(stderr, "Info, proxying to '%s' (%d.%d.%d.%d:%d)\n", proxyhost,
+			(int)proxy_ip[0], (int)proxy_ip[1],
+			(int)proxy_ip[2], (int)proxy_ip[3], (int)proxy_port);
+	fprintf(stderr, "Info, set maxtunnels to %d\n", (int)max_tunnels);
+	fprintf(stderr, "Info, set to operate as an SSL %s\n",
+			(server_mode ? "server" : "client"));
+	/* Initialise the rest of the stuff */
+	world.tunnels_used = world.tunnels_size = 0;
+	world.tunnels = NULL;
+	world.server_mode = server_mode;
+	selector_init(&world.selector);
+
+/* We're ready to loop */
+main_loop:
+	/* Should we listen for *new* tunnels? */
+	if(world.tunnels_used < max_tunnels)
+		selector_add_listener(&world.selector, world.listen_fd);
+	/* We should add in our existing tunnels */
+	for(loop = 0; loop < world.tunnels_used; loop++)
+		selector_add_tunala(&world.selector, world.tunnels + loop);
+	/* Now do the select */
+	switch(selector_select(&world.selector)) {
+	case -1:
+		if(errno != EINTR) {
+			fprintf(stderr, "selector_select returned a "
+					"badness error.\n");
+			goto shouldnt_happen;
+		}
+		fprintf(stderr, "Warn, selector interrupted by a signal\n");
+		goto main_loop;
+	case 0:
+		fprintf(stderr, "Warn, selector_select returned 0 - signal?""?\n");
+		goto main_loop;
+	default:
+		break;
+	}
+	/* Accept new connection if we should and can */
+	if((world.tunnels_used < max_tunnels) && (selector_get_listener(
+					&world.selector, world.listen_fd,
+					&newfd) == 1)) {
+		/* We have a new connection */
+		if(!tunala_world_new_item(&world, newfd, proxy_ip,
+						proxy_port, flipped))
+			fprintf(stderr, "tunala_world_new_item failed\n");
+		else if(out_conns)
+			fprintf(stderr, "Info, new tunnel opened, now up to "
+					"%d\n", world.tunnels_used);
+	}
+	/* Give each tunnel its moment, note the while loop is because it makes
+	 * the logic easier than with "for" to deal with an array that may shift
+	 * because of deletes. */
+	loop = 0;
+	t_item = world.tunnels;
+	while(loop < world.tunnels_used) {
+		if(!tunala_item_io(&world.selector, t_item)) {
+			/* We're closing whether for reasons of an error or a
+			 * natural close. Don't increment loop or t_item because
+			 * the next item is moving to us! */
+			if(!out_totals)
+				goto skip_totals;
+			fprintf(stderr, "Tunnel closing, traffic stats follow\n");
+			/* Display the encrypted (over the network) stats */
+			fprintf(stderr, io_stats_dirty,
+				buffer_total_in(state_machine_get_buffer(
+						&t_item->sm,SM_DIRTY_IN)),
+				buffer_total_out(state_machine_get_buffer(
+						&t_item->sm,SM_DIRTY_OUT)));
+			/* Display the local (tunnelled) stats. NB: Data we
+			 * *receive* is data sent *out* of the state_machine on
+			 * its 'clean' side. Hence the apparent back-to-front
+			 * OUT/IN mixup here :-) */
+			fprintf(stderr, io_stats_clean,
+				buffer_total_out(state_machine_get_buffer(
+						&t_item->sm,SM_CLEAN_OUT)),
+				buffer_total_in(state_machine_get_buffer(
+						&t_item->sm,SM_CLEAN_IN)));
+skip_totals:
+			tunala_world_del_item(&world, loop);
+			if(out_conns)
+				fprintf(stderr, "Info, tunnel closed, down to %d\n",
+					world.tunnels_used);
+		}
+		else {
+			/* Move to the next item */
+			loop++;
+			t_item++;
+		}
+	}
+	goto main_loop;
+	/* Should never get here */
+shouldnt_happen:
+	abort();
+	return 1;
+}
+
+/****************/
+/* OpenSSL bits */
+/****************/
+
+static int ctx_set_cert(SSL_CTX *ctx, const char *cert, const char *key)
+{
+	FILE *fp = NULL;
+	X509 *x509 = NULL;
+	EVP_PKEY *pkey = NULL;
+	int toret = 0; /* Assume an error */
+
+	/* cert */
+	if(cert) {
+		if((fp = fopen(cert, "r")) == NULL) {
+			fprintf(stderr, "Error opening cert file '%s'\n", cert);
+			goto err;
+		}
+		if(!PEM_read_X509(fp, &x509, NULL, NULL)) {
+			fprintf(stderr, "Error reading PEM cert from '%s'\n",
+					cert);
+			goto err;
+		}
+		if(!SSL_CTX_use_certificate(ctx, x509)) {
+			fprintf(stderr, "Error, cert in '%s' can not be used\n",
+					cert);
+			goto err;
+		}
+		/* Clear the FILE* for reuse in the "key" code */
+		fclose(fp);
+		fp = NULL;
+		fprintf(stderr, "Info, operating with cert in '%s'\n", cert);
+		/* If a cert was given without matching key, we assume the same
+		 * file contains the required key. */
+		if(!key)
+			key = cert;
+	} else {
+		if(key)
+			fprintf(stderr, "Error, can't specify a key without a "
+					"corresponding certificate\n");
+		else
+			fprintf(stderr, "Error, ctx_set_cert called with "
+					"NULLs!\n");
+		goto err;
+	}
+	/* key */
+	if(key) {
+		if((fp = fopen(key, "r")) == NULL) {
+			fprintf(stderr, "Error opening key file '%s'\n", key);
+			goto err;
+		}
+		if(!PEM_read_PrivateKey(fp, &pkey, NULL, NULL)) {
+			fprintf(stderr, "Error reading PEM key from '%s'\n",
+					key);
+			goto err;
+		}
+		if(!SSL_CTX_use_PrivateKey(ctx, pkey)) {
+			fprintf(stderr, "Error, key in '%s' can not be used\n",
+					key);
+			goto err;
+		}
+		fprintf(stderr, "Info, operating with key in '%s'\n", key);
+	} else
+		fprintf(stderr, "Info, operating without a cert or key\n");
+	/* Success */
+	toret = 1; err:
+	if(x509)
+		X509_free(x509);
+	if(pkey)
+		EVP_PKEY_free(pkey);
+	if(fp)
+		fclose(fp);
+	return toret;
+}
+
+static int ctx_set_dh(SSL_CTX *ctx, const char *dh_file, const char *dh_special)
+{
+	DH *dh = NULL;
+	FILE *fp = NULL;
+
+	if(dh_special) {
+		if(strcmp(dh_special, "NULL") == 0)
+			return 1;
+		if(strcmp(dh_special, "standard") == 0) {
+			if((dh = get_dh512()) == NULL) {
+				fprintf(stderr, "Error, can't parse 'standard'"
+						" DH parameters\n");
+				return 0;
+			}
+			fprintf(stderr, "Info, using 'standard' DH parameters\n");
+			goto do_it;
+		}
+		if(strcmp(dh_special, "generate") != 0)
+			/* This shouldn't happen - screening values is handled
+			 * in main(). */
+			abort();
+		fprintf(stderr, "Info, generating DH parameters ... ");
+		fflush(stderr);
+		if((dh = DH_generate_parameters(512, DH_GENERATOR_5,
+					NULL, NULL)) == NULL) {
+			fprintf(stderr, "error!\n");
+			return 0;
+		}
+		fprintf(stderr, "complete\n");
+		goto do_it;
+	}
+	/* So, we're loading dh_file */
+	if((fp = fopen(dh_file, "r")) == NULL) {
+		fprintf(stderr, "Error, couldn't open '%s' for DH parameters\n",
+				dh_file);
+		return 0;
+	}
+	dh = PEM_read_DHparams(fp, NULL, NULL, NULL);
+	fclose(fp);
+	if(dh == NULL) {
+		fprintf(stderr, "Error, could not parse DH parameters from '%s'\n",
+				dh_file);
+		return 0;
+	}
+	fprintf(stderr, "Info, using DH parameters from file '%s'\n", dh_file);
+do_it:
+	SSL_CTX_set_tmp_dh(ctx, dh);
+	DH_free(dh);
+	return 1;
+}
+
+static SSL_CTX *initialise_ssl_ctx(int server_mode, const char *engine_id,
+		const char *CAfile, const char *cert, const char *key,
+		const char *dcert, const char *dkey, const char *cipher_list,
+		const char *dh_file, const char *dh_special, int tmp_rsa,
+		int ctx_options, int out_state, int out_verify, int verify_mode,
+		unsigned int verify_depth)
+{
+	SSL_CTX *ctx = NULL, *ret = NULL;
+	SSL_METHOD *meth;
+	ENGINE *e = NULL;
+
+        OpenSSL_add_ssl_algorithms();
+        SSL_load_error_strings();
+
+	meth = (server_mode ? SSLv23_server_method() : SSLv23_client_method());
+	if(meth == NULL)
+		goto err;
+	if(engine_id) {
+		ENGINE_load_builtin_engines();
+		if((e = ENGINE_by_id(engine_id)) == NULL) {
+			fprintf(stderr, "Error obtaining '%s' engine, openssl "
+					"errors follow\n", engine_id);
+			goto err;
+		}
+		if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+			fprintf(stderr, "Error assigning '%s' engine, openssl "
+					"errors follow\n", engine_id);
+			goto err;
+		}
+		ENGINE_free(e);
+	}
+	if((ctx = SSL_CTX_new(meth)) == NULL)
+		goto err;
+	/* cacert */
+	if(CAfile) {
+		if(!X509_STORE_load_locations(SSL_CTX_get_cert_store(ctx),
+					CAfile, NULL)) {
+			fprintf(stderr, "Error loading CA cert(s) in '%s'\n",
+					CAfile);
+			goto err;
+		}
+		fprintf(stderr, "Info, operating with CA cert(s) in '%s'\n",
+				CAfile);
+	} else
+		fprintf(stderr, "Info, operating without a CA cert(-list)\n");
+	if(!SSL_CTX_set_default_verify_paths(ctx)) {
+		fprintf(stderr, "Error setting default verify paths\n");
+		goto err;
+	}
+
+	/* cert and key */
+	if((cert || key) && !ctx_set_cert(ctx, cert, key))
+		goto err;
+	/* dcert and dkey */
+	if((dcert || dkey) && !ctx_set_cert(ctx, dcert, dkey))
+		goto err;
+	/* temporary RSA key generation */
+	if(tmp_rsa)
+		SSL_CTX_set_tmp_rsa_callback(ctx, cb_generate_tmp_rsa);
+
+	/* cipher_list */
+	if(cipher_list) {
+		if(!SSL_CTX_set_cipher_list(ctx, cipher_list)) {
+			fprintf(stderr, "Error setting cipher list '%s'\n",
+					cipher_list);
+			goto err;
+		}
+		fprintf(stderr, "Info, set cipher list '%s'\n", cipher_list);
+	} else
+		fprintf(stderr, "Info, operating with default cipher list\n");
+
+	/* dh_file & dh_special */
+	if((dh_file || dh_special) && !ctx_set_dh(ctx, dh_file, dh_special))
+		goto err;
+
+	/* ctx_options */
+	SSL_CTX_set_options(ctx, ctx_options);
+
+	/* out_state (output of SSL handshake states to screen). */
+	if(out_state)
+		cb_ssl_info_set_output(stderr);
+
+	/* out_verify */
+	if(out_verify > 0) {
+		cb_ssl_verify_set_output(stderr);
+		cb_ssl_verify_set_level(out_verify);
+	}
+
+	/* verify_depth */
+	cb_ssl_verify_set_depth(verify_depth);
+
+	/* Success! (includes setting verify_mode) */
+	SSL_CTX_set_info_callback(ctx, cb_ssl_info);
+	SSL_CTX_set_verify(ctx, verify_mode, cb_ssl_verify);
+	ret = ctx;
+err:
+	if(!ret) {
+		ERR_print_errors_fp(stderr);
+		if(ctx)
+			SSL_CTX_free(ctx);
+	}
+	return ret;
+}
+
+/*****************/
+/* Selector bits */
+/*****************/
+
+static void selector_sets_init(select_sets_t *s)
+{
+	s->max = 0;
+	FD_ZERO(&s->reads);
+	FD_ZERO(&s->sends);
+	FD_ZERO(&s->excepts);
+}
+static void selector_init(tunala_selector_t *selector)
+{
+	selector_sets_init(&selector->last_selected);
+	selector_sets_init(&selector->next_select);
+}
+
+#define SEL_EXCEPTS 0x00
+#define SEL_READS   0x01
+#define SEL_SENDS   0x02
+static void selector_add_raw_fd(tunala_selector_t *s, int fd, int flags)
+{
+	FD_SET(fd, &s->next_select.excepts);
+	if(flags & SEL_READS)
+		FD_SET(fd, &s->next_select.reads);
+	if(flags & SEL_SENDS)
+		FD_SET(fd, &s->next_select.sends);
+	/* Adjust "max" */
+	if(s->next_select.max < (fd + 1))
+		s->next_select.max = fd + 1;
+}
+
+static void selector_add_listener(tunala_selector_t *selector, int fd)
+{
+	selector_add_raw_fd(selector, fd, SEL_READS);
+}
+
+static void selector_add_tunala(tunala_selector_t *s, tunala_item_t *t)
+{
+	/* Set clean read if sm.clean_in is not full */
+	if(t->clean_read != -1) {
+		selector_add_raw_fd(s, t->clean_read,
+			(buffer_full(state_machine_get_buffer(&t->sm,
+				SM_CLEAN_IN)) ? SEL_EXCEPTS : SEL_READS));
+	}
+	/* Set clean send if sm.clean_out is not empty */
+	if(t->clean_send != -1) {
+		selector_add_raw_fd(s, t->clean_send,
+			(buffer_empty(state_machine_get_buffer(&t->sm,
+				SM_CLEAN_OUT)) ? SEL_EXCEPTS : SEL_SENDS));
+	}
+	/* Set dirty read if sm.dirty_in is not full */
+	if(t->dirty_read != -1) {
+		selector_add_raw_fd(s, t->dirty_read,
+			(buffer_full(state_machine_get_buffer(&t->sm,
+				SM_DIRTY_IN)) ? SEL_EXCEPTS : SEL_READS));
+	}
+	/* Set dirty send if sm.dirty_out is not empty */
+	if(t->dirty_send != -1) {
+		selector_add_raw_fd(s, t->dirty_send,
+			(buffer_empty(state_machine_get_buffer(&t->sm,
+				SM_DIRTY_OUT)) ? SEL_EXCEPTS : SEL_SENDS));
+	}
+}
+
+static int selector_select(tunala_selector_t *selector)
+{
+	memcpy(&selector->last_selected, &selector->next_select,
+			sizeof(select_sets_t));
+	selector_sets_init(&selector->next_select);
+	return select(selector->last_selected.max,
+			&selector->last_selected.reads,
+			&selector->last_selected.sends,
+			&selector->last_selected.excepts, NULL);
+}
+
+/* This returns -1 for error, 0 for no new connections, or 1 for success, in
+ * which case *newfd is populated. */
+static int selector_get_listener(tunala_selector_t *selector, int fd, int *newfd)
+{
+	if(FD_ISSET(fd, &selector->last_selected.excepts))
+		return -1;
+	if(!FD_ISSET(fd, &selector->last_selected.reads))
+		return 0;
+	if((*newfd = ip_accept_connection(fd)) == -1)
+		return -1;
+	return 1;
+}
+
+/************************/
+/* "Tunala" world stuff */
+/************************/
+
+static int tunala_world_make_room(tunala_world_t *world)
+{
+	unsigned int newsize;
+	tunala_item_t *newarray;
+
+	if(world->tunnels_used < world->tunnels_size)
+		return 1;
+	newsize = (world->tunnels_size == 0 ? 16 :
+			((world->tunnels_size * 3) / 2));
+	if((newarray = malloc(newsize * sizeof(tunala_item_t))) == NULL)
+		return 0;
+	memset(newarray, 0, newsize * sizeof(tunala_item_t));
+	if(world->tunnels_used > 0)
+		memcpy(newarray, world->tunnels,
+			world->tunnels_used * sizeof(tunala_item_t));
+	if(world->tunnels_size > 0)
+		free(world->tunnels);
+	/* migrate */
+	world->tunnels = newarray;
+	world->tunnels_size = newsize;
+	return 1;
+}
+
+static int tunala_world_new_item(tunala_world_t *world, int fd,
+		const char *ip, unsigned short port, int flipped)
+{
+	tunala_item_t *item;
+	int newfd;
+	SSL *new_ssl = NULL;
+
+	if(!tunala_world_make_room(world))
+		return 0;
+	if((new_ssl = SSL_new(world->ssl_ctx)) == NULL) {
+		fprintf(stderr, "Error creating new SSL\n");
+		ERR_print_errors_fp(stderr);
+		return 0;
+	}
+	item = world->tunnels + (world->tunnels_used++);
+	state_machine_init(&item->sm);
+	item->clean_read = item->clean_send =
+		item->dirty_read = item->dirty_send = -1;
+	if((newfd = ip_create_connection_split(ip, port)) == -1)
+		goto err;
+	/* Which way round? If we're a server, "fd" is the dirty side and the
+	 * connection we open is the clean one. For a client, it's the other way
+	 * around. Unless, of course, we're "flipped" in which case everything
+	 * gets reversed. :-) */
+	if((world->server_mode && !flipped) ||
+			(!world->server_mode && flipped)) {
+		item->dirty_read = item->dirty_send = fd;
+		item->clean_read = item->clean_send = newfd;
+	} else {
+		item->clean_read = item->clean_send = fd;
+		item->dirty_read = item->dirty_send = newfd;
+	}
+	/* We use the SSL's "app_data" to indicate a call-back induced "kill" */
+	SSL_set_app_data(new_ssl, NULL);
+	if(!state_machine_set_SSL(&item->sm, new_ssl, world->server_mode))
+		goto err;
+	return 1;
+err:
+	tunala_world_del_item(world, world->tunnels_used - 1);
+	return 0;
+
+}
+
+static void tunala_world_del_item(tunala_world_t *world, unsigned int idx)
+{
+	tunala_item_t *item = world->tunnels + idx;
+	if(item->clean_read != -1)
+		close(item->clean_read);
+	if(item->clean_send != item->clean_read)
+		close(item->clean_send);
+	item->clean_read = item->clean_send = -1;
+	if(item->dirty_read != -1)
+		close(item->dirty_read);
+	if(item->dirty_send != item->dirty_read)
+		close(item->dirty_send);
+	item->dirty_read = item->dirty_send = -1;
+	state_machine_close(&item->sm);
+	/* OK, now we fix the item array */
+	if(idx + 1 < world->tunnels_used)
+		/* We need to scroll entries to the left */
+		memmove(world->tunnels + idx,
+				world->tunnels + (idx + 1),
+				(world->tunnels_used - (idx + 1)) *
+					sizeof(tunala_item_t));
+	world->tunnels_used--;
+}
+
+static int tunala_item_io(tunala_selector_t *selector, tunala_item_t *item)
+{
+	int c_r, c_s, d_r, d_s; /* Four boolean flags */
+
+	/* Take ourselves out of the gene-pool if there was an except */
+	if((item->clean_read != -1) && FD_ISSET(item->clean_read,
+				&selector->last_selected.excepts))
+		return 0;
+	if((item->clean_send != -1) && FD_ISSET(item->clean_send,
+				&selector->last_selected.excepts))
+		return 0;
+	if((item->dirty_read != -1) && FD_ISSET(item->dirty_read,
+				&selector->last_selected.excepts))
+		return 0;
+	if((item->dirty_send != -1) && FD_ISSET(item->dirty_send,
+				&selector->last_selected.excepts))
+		return 0;
+	/* Grab our 4 IO flags */
+	c_r = c_s = d_r = d_s = 0;
+	if(item->clean_read != -1)
+		c_r = FD_ISSET(item->clean_read, &selector->last_selected.reads);
+	if(item->clean_send != -1)
+		c_s = FD_ISSET(item->clean_send, &selector->last_selected.sends);
+	if(item->dirty_read != -1)
+		d_r = FD_ISSET(item->dirty_read, &selector->last_selected.reads);
+	if(item->dirty_send != -1)
+		d_s = FD_ISSET(item->dirty_send, &selector->last_selected.sends);
+	/* If no IO has happened for us, skip needless data looping */
+	if(!c_r && !c_s && !d_r && !d_s)
+		return 1;
+	if(c_r)
+		c_r = (buffer_from_fd(state_machine_get_buffer(&item->sm,
+				SM_CLEAN_IN), item->clean_read) <= 0);
+	if(c_s)
+		c_s = (buffer_to_fd(state_machine_get_buffer(&item->sm,
+				SM_CLEAN_OUT), item->clean_send) <= 0);
+	if(d_r)
+		d_r = (buffer_from_fd(state_machine_get_buffer(&item->sm,
+				SM_DIRTY_IN), item->dirty_read) <= 0);
+	if(d_s)
+		d_s = (buffer_to_fd(state_machine_get_buffer(&item->sm,
+				SM_DIRTY_OUT), item->dirty_send) <= 0);
+	/* If any of the flags is non-zero, that means they need closing */
+	if(c_r) {
+		close(item->clean_read);
+		if(item->clean_send == item->clean_read)
+			item->clean_send = -1;
+		item->clean_read = -1;
+	}
+	if(c_s && (item->clean_send != -1)) {
+		close(item->clean_send);
+		if(item->clean_send == item->clean_read)
+			item->clean_read = -1;
+		item->clean_send = -1;
+	}
+	if(d_r) {
+		close(item->dirty_read);
+		if(item->dirty_send == item->dirty_read)
+			item->dirty_send = -1;
+		item->dirty_read = -1;
+	}
+	if(d_s && (item->dirty_send != -1)) {
+		close(item->dirty_send);
+		if(item->dirty_send == item->dirty_read)
+			item->dirty_read = -1;
+		item->dirty_send = -1;
+	}
+	/* This function name is attributed to the term donated by David
+	 * Schwartz on openssl-dev, message-ID:
+	 * <NCBBLIEPOCNJOAEKBEAKEEDGLIAA.davids@webmaster.com>. :-) */
+	if(!state_machine_churn(&item->sm))
+		/* If the SSL closes, it will also zero-out the _in buffers
+		 * and will in future process just outgoing data. As and
+		 * when the outgoing data has gone, it will return zero
+		 * here to tell us to bail out. */
+		return 0;
+	/* Otherwise, we return zero if both sides are dead. */
+	if(((item->clean_read == -1) || (item->clean_send == -1)) &&
+			((item->dirty_read == -1) || (item->dirty_send == -1)))
+		return 0;
+	/* If only one side closed, notify the SSL of this so it can take
+	 * appropriate action. */
+	if((item->clean_read == -1) || (item->clean_send == -1)) {
+		if(!state_machine_close_clean(&item->sm))
+			return 0;
+	}
+	if((item->dirty_read == -1) || (item->dirty_send == -1)) {
+		if(!state_machine_close_dirty(&item->sm))
+			return 0;
+	}
+	return 1;
+}
+
diff --git a/demos/tunala/tunala.h b/demos/tunala/tunala.h
new file mode 100644
index 0000000000..3a752f259a
--- /dev/null
+++ b/demos/tunala/tunala.h
@@ -0,0 +1,215 @@
+/* Tunala ("Tunneler with a New Zealand accent")
+ *
+ * Written by Geoff Thorpe, but endorsed/supported by noone. Please use this is
+ * if it's useful or informative to you, but it's only here as a scratchpad for
+ * ideas about how you might (or might not) program with OpenSSL. If you deploy
+ * this is in a mission-critical environment, and have not read, understood,
+ * audited, and modified this code to your satisfaction, and the result is that
+ * all hell breaks loose and you are looking for a new employer, then it proves
+ * nothing except perhaps that Darwinism is alive and well. Let's just say, *I*
+ * don't use this in a mission-critical environment, so it would be stupid for
+ * anyone to assume that it is solid and/or tested enough when even its author
+ * doesn't place that much trust in it. You have been warned.
+ *
+ * With thanks to Cryptographic Appliances, Inc.
+ */
+
+#ifndef _TUNALA_H
+#define _TUNALA_H
+
+/* pull in autoconf fluff */
+#ifndef NO_CONFIG_H
+#include "config.h"
+#else
+/* We don't have autoconf, we have to set all of these unless a tweaked Makefile
+ * tells us not to ... */
+/* headers */
+#ifndef NO_HAVE_SELECT
+#define HAVE_SELECT
+#endif
+#ifndef NO_HAVE_SOCKET
+#define HAVE_SOCKET
+#endif
+#ifndef NO_HAVE_UNISTD_H
+#define HAVE_UNISTD_H
+#endif
+#ifndef NO_HAVE_FCNTL_H
+#define HAVE_FCNTL_H
+#endif
+#ifndef NO_HAVE_LIMITS_H
+#define HAVE_LIMITS_H
+#endif
+/* features */
+#ifndef NO_HAVE_STRSTR
+#define HAVE_STRSTR
+#endif
+#ifndef NO_HAVE_STRTOUL
+#define HAVE_STRTOUL
+#endif
+#endif
+
+#if !defined(HAVE_SELECT) || !defined(HAVE_SOCKET)
+#error "can't build without some network basics like select() and socket()"
+#endif
+
+#include <stdlib.h>
+#ifndef NO_SYSTEM_H
+#include <string.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+#include <netdb.h>
+#include <signal.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <netinet/in.h>
+#endif /* !defined(NO_SYSTEM_H) */
+
+#ifndef NO_OPENSSL
+#include <openssl/err.h>
+#include <openssl/engine.h>
+#include <openssl/ssl.h>
+#endif /* !defined(NO_OPENSSL) */
+
+#ifndef OPENSSL_NO_BUFFER
+/* This is the generic "buffer" type that is used when feeding the
+ * state-machine. It's basically a FIFO with respect to the "adddata" &
+ * "takedata" type functions that operate on it. */
+#define MAX_DATA_SIZE 16384
+typedef struct _buffer_t {
+	unsigned char data[MAX_DATA_SIZE];
+	unsigned int used;
+	/* Statistical values - counts the total number of bytes read in and
+	 * read out (respectively) since "buffer_init()" */
+	unsigned long total_in, total_out;
+} buffer_t;
+
+/* Initialise a buffer structure before use */
+void buffer_init(buffer_t *buf);
+/* Cleanup a buffer structure - presently not needed, but if buffer_t is
+ * converted to using dynamic allocation, this would be required - so should be
+ * called to protect against an explosion of memory leaks later if the change is
+ * made. */
+void buffer_close(buffer_t *buf);
+
+/* Basic functions to manipulate buffers */
+
+unsigned int buffer_used(buffer_t *buf); /* How much data in the buffer */
+unsigned int buffer_unused(buffer_t *buf); /* How much space in the buffer */
+int buffer_full(buffer_t *buf); /* Boolean, is it full? */
+int buffer_notfull(buffer_t *buf); /* Boolean, is it not full? */
+int buffer_empty(buffer_t *buf); /* Boolean, is it empty? */
+int buffer_notempty(buffer_t *buf); /* Boolean, is it not empty? */
+unsigned long buffer_total_in(buffer_t *buf); /* Total bytes written to buffer */
+unsigned long buffer_total_out(buffer_t *buf); /* Total bytes read from buffer */
+
+#if 0 /* Currently used only within buffer.c - better to expose only
+       * higher-level functions anyway */
+/* Add data to the tail of the buffer, returns the amount that was actually
+ * added (so, you need to check if return value is less than size) */
+unsigned int buffer_adddata(buffer_t *buf, const unsigned char *ptr,
+		unsigned int size);
+
+/* Take data from the front of the buffer (and scroll the rest forward). If
+ * "ptr" is NULL, this just removes data off the front of the buffer. Return
+ * value is the amount actually removed (can be less than size if the buffer has
+ * too little data). */
+unsigned int buffer_takedata(buffer_t *buf, unsigned char *ptr,
+		unsigned int size);
+
+/* Flushes as much data as possible out of the "from" buffer into the "to"
+ * buffer. Return value is the amount moved. The amount moved can be restricted
+ * to a maximum by specifying "cap" - setting it to -1 means no limit. */
+unsigned int buffer_tobuffer(buffer_t *to, buffer_t *from, int cap);
+#endif
+
+#ifndef NO_IP
+/* Read or write between a file-descriptor and a buffer */
+int buffer_from_fd(buffer_t *buf, int fd);
+int buffer_to_fd(buffer_t *buf, int fd);
+#endif /* !defined(NO_IP) */
+
+#ifndef NO_OPENSSL
+/* Read or write between an SSL or BIO and a buffer */
+void buffer_from_SSL(buffer_t *buf, SSL *ssl);
+void buffer_to_SSL(buffer_t *buf, SSL *ssl);
+void buffer_from_BIO(buffer_t *buf, BIO *bio);
+void buffer_to_BIO(buffer_t *buf, BIO *bio);
+
+/* Callbacks */
+void cb_ssl_info(const SSL *s, int where, int ret);
+void cb_ssl_info_set_output(FILE *fp); /* Called if output should be sent too */
+int cb_ssl_verify(int ok, X509_STORE_CTX *ctx);
+void cb_ssl_verify_set_output(FILE *fp);
+void cb_ssl_verify_set_depth(unsigned int verify_depth);
+void cb_ssl_verify_set_level(unsigned int level);
+RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength);
+#endif /* !defined(NO_OPENSSL) */
+#endif /* !defined(OPENSSL_NO_BUFFER) */
+
+#ifndef NO_TUNALA
+#ifdef OPENSSL_NO_BUFFER
+#error "TUNALA section of tunala.h requires BUFFER support"
+#endif
+typedef struct _state_machine_t {
+	SSL *ssl;
+	BIO *bio_intossl;
+	BIO *bio_fromssl;
+	buffer_t clean_in, clean_out;
+	buffer_t dirty_in, dirty_out;
+} state_machine_t;
+typedef enum {
+	SM_CLEAN_IN, SM_CLEAN_OUT,
+	SM_DIRTY_IN, SM_DIRTY_OUT
+} sm_buffer_t;
+void state_machine_init(state_machine_t *machine);
+void state_machine_close(state_machine_t *machine);
+buffer_t *state_machine_get_buffer(state_machine_t *machine, sm_buffer_t type);
+SSL *state_machine_get_SSL(state_machine_t *machine);
+int state_machine_set_SSL(state_machine_t *machine, SSL *ssl, int is_server);
+/* Performs the data-IO loop and returns zero if the machine should close */
+int state_machine_churn(state_machine_t *machine);
+/* Is used to handle closing conditions - namely when one side of the tunnel has
+ * closed but the other should finish flushing. */
+int state_machine_close_clean(state_machine_t *machine);
+int state_machine_close_dirty(state_machine_t *machine);
+#endif /* !defined(NO_TUNALA) */
+
+#ifndef NO_IP
+/* Initialise anything related to the networking. This includes blocking pesky
+ * SIGPIPE signals. */
+int ip_initialise(void);
+/* ip is the 4-byte ip address (eg. 127.0.0.1 is {0x7F,0x00,0x00,0x01}), port is
+ * the port to listen on (host byte order), and the return value is the
+ * file-descriptor or -1 on error. */
+int ip_create_listener_split(const char *ip, unsigned short port);
+/* Same semantics as above. */
+int ip_create_connection_split(const char *ip, unsigned short port);
+/* Converts a string into the ip/port before calling the above */
+int ip_create_listener(const char *address);
+int ip_create_connection(const char *address);
+/* Just does a string conversion on its own. NB: If accept_all_ip is non-zero,
+ * then the address string could be just a port. Ie. it's suitable for a
+ * listening address but not a connecting address. */
+int ip_parse_address(const char *address, const char **parsed_ip,
+		unsigned short *port, int accept_all_ip);
+/* Accepts an incoming connection through the listener. Assumes selects and
+ * what-not have deemed it an appropriate thing to do. */
+int ip_accept_connection(int listen_fd);
+#endif /* !defined(NO_IP) */
+
+/* These functions wrap up things that can be portability hassles. */
+int int_strtoul(const char *str, unsigned long *val);
+#ifdef HAVE_STRSTR
+#define int_strstr strstr
+#else
+char *int_strstr(const char *haystack, const char *needle);
+#endif
+
+#endif /* !defined(_TUNALA_H) */
diff --git a/demos/x509/README b/demos/x509/README
new file mode 100644
index 0000000000..88f9d6c46e
--- /dev/null
+++ b/demos/x509/README
@@ -0,0 +1,3 @@
+This directory contains examples of how to contruct
+various X509 structures. Certificates, certificate requests
+and CRLs.
diff --git a/demos/x509/mkcert.c b/demos/x509/mkcert.c
new file mode 100644
index 0000000000..8304d30e0b
--- /dev/null
+++ b/demos/x509/mkcert.c
@@ -0,0 +1,168 @@
+/* Certificate creation. Demonstrates some certificate related
+ * operations.
+ */
+
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <openssl/pem.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include <openssl/engine.h>
+
+int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
+int add_ext(X509 *cert, int nid, char *value);
+
+int main(int argc, char **argv)
+	{
+	BIO *bio_err;
+	X509 *x509=NULL;
+	EVP_PKEY *pkey=NULL;
+
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+	bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
+
+	mkcert(&x509,&pkey,512,0,365);
+
+	RSA_print_fp(stdout,pkey->pkey.rsa,0);
+	X509_print_fp(stdout,x509);
+
+	PEM_write_PrivateKey(stdout,pkey,NULL,NULL,0,NULL, NULL);
+	PEM_write_X509(stdout,x509);
+
+	X509_free(x509);
+	EVP_PKEY_free(pkey);
+
+	ENGINE_cleanup();
+	CRYPTO_cleanup_all_ex_data();
+
+	CRYPTO_mem_leaks(bio_err);
+	BIO_free(bio_err);
+	return(0);
+	}
+
+static void callback(int p, int n, void *arg)
+	{
+	char c='B';
+
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
+	fputc(c,stderr);
+	}
+
+int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days)
+	{
+	X509 *x;
+	EVP_PKEY *pk;
+	RSA *rsa;
+	X509_NAME *name=NULL;
+	
+	if ((pkeyp == NULL) || (*pkeyp == NULL))
+		{
+		if ((pk=EVP_PKEY_new()) == NULL)
+			{
+			abort(); 
+			return(0);
+			}
+		}
+	else
+		pk= *pkeyp;
+
+	if ((x509p == NULL) || (*x509p == NULL))
+		{
+		if ((x=X509_new()) == NULL)
+			goto err;
+		}
+	else
+		x= *x509p;
+
+	rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);
+	if (!EVP_PKEY_assign_RSA(pk,rsa))
+		{
+		abort();
+		goto err;
+		}
+	rsa=NULL;
+
+	X509_set_version(x,2);
+	ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
+	X509_gmtime_adj(X509_get_notBefore(x),0);
+	X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
+	X509_set_pubkey(x,pk);
+
+	name=X509_get_subject_name(x);
+
+	/* This function creates and adds the entry, working out the
+	 * correct string type and performing checks on its length.
+	 * Normally we'd check the return value for errors...
+	 */
+	X509_NAME_add_entry_by_txt(name,"C",
+				MBSTRING_ASC, "UK", -1, -1, 0);
+	X509_NAME_add_entry_by_txt(name,"CN",
+				MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
+
+	/* Its self signed so set the issuer name to be the same as the
+ 	 * subject.
+	 */
+	X509_set_issuer_name(x,name);
+
+	/* Add various extensions: standard extensions */
+	add_ext(x, NID_basic_constraints, "critical,CA:TRUE");
+	add_ext(x, NID_key_usage, "critical,keyCertSign,cRLSign");
+
+	add_ext(x, NID_subject_key_identifier, "hash");
+
+	/* Some Netscape specific extensions */
+	add_ext(x, NID_netscape_cert_type, "sslCA");
+
+	add_ext(x, NID_netscape_comment, "example comment extension");
+
+
+#ifdef CUSTOM_EXT
+	/* Maybe even add our own extension based on existing */
+	{
+		int nid;
+		nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
+		X509V3_EXT_add_alias(nid, NID_netscape_comment);
+		add_ext(x, nid, "example comment alias");
+	}
+#endif
+	
+	if (!X509_sign(x,pk,EVP_md5()))
+		goto err;
+
+	*x509p=x;
+	*pkeyp=pk;
+	return(1);
+err:
+	return(0);
+	}
+
+/* Add extension using V3 code: we can set the config file as NULL
+ * because we wont reference any other sections.
+ */
+
+int add_ext(X509 *cert, int nid, char *value)
+	{
+	X509_EXTENSION *ex;
+	X509V3_CTX ctx;
+	/* This sets the 'context' of the extensions. */
+	/* No configuration database */
+	X509V3_set_ctx_nodb(&ctx);
+	/* Issuer and subject certs: both the target since it is self signed,
+	 * no request and no CRL
+	 */
+	X509V3_set_ctx(&ctx, cert, cert, NULL, NULL, 0);
+	ex = X509V3_EXT_conf_nid(NULL, &ctx, nid, value);
+	if (!ex)
+		return 0;
+
+	X509_add_ext(cert,ex,-1);
+	X509_EXTENSION_free(ex);
+	return 1;
+	}
+	
diff --git a/demos/x509/mkreq.c b/demos/x509/mkreq.c
new file mode 100644
index 0000000000..d69dcc392b
--- /dev/null
+++ b/demos/x509/mkreq.c
@@ -0,0 +1,157 @@
+/* Certificate request creation. Demonstrates some request related
+ * operations.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <openssl/pem.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include <openssl/engine.h>
+
+int mkreq(X509_REQ **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
+int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value);
+
+int main(int argc, char **argv)
+	{
+	BIO *bio_err;
+	X509_REQ *req=NULL;
+	EVP_PKEY *pkey=NULL;
+
+	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+	bio_err=BIO_new_fp(stderr, BIO_NOCLOSE);
+
+	mkreq(&req,&pkey,512,0,365);
+
+	RSA_print_fp(stdout,pkey->pkey.rsa,0);
+	X509_REQ_print_fp(stdout,req);
+
+	PEM_write_X509_REQ(stdout,req);
+
+	X509_REQ_free(req);
+	EVP_PKEY_free(pkey);
+
+	ENGINE_cleanup();
+	CRYPTO_cleanup_all_ex_data();
+
+	CRYPTO_mem_leaks(bio_err);
+	BIO_free(bio_err);
+	return(0);
+	}
+
+static void callback(int p, int n, void *arg)
+	{
+	char c='B';
+
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
+	fputc(c,stderr);
+	}
+
+int mkreq(X509_REQ **req, EVP_PKEY **pkeyp, int bits, int serial, int days)
+	{
+	X509_REQ *x;
+	EVP_PKEY *pk;
+	RSA *rsa;
+	X509_NAME *name=NULL;
+	STACK_OF(X509_EXTENSION) *exts = NULL;
+	
+	if ((pk=EVP_PKEY_new()) == NULL)
+		goto err;
+
+	if ((x=X509_REQ_new()) == NULL)
+		goto err;
+
+	rsa=RSA_generate_key(bits,RSA_F4,callback,NULL);
+	if (!EVP_PKEY_assign_RSA(pk,rsa))
+		goto err;
+
+	rsa=NULL;
+
+	X509_REQ_set_pubkey(x,pk);
+
+	name=X509_REQ_get_subject_name(x);
+
+	/* This function creates and adds the entry, working out the
+	 * correct string type and performing checks on its length.
+	 * Normally we'd check the return value for errors...
+	 */
+	X509_NAME_add_entry_by_txt(name,"C",
+				MBSTRING_ASC, "UK", -1, -1, 0);
+	X509_NAME_add_entry_by_txt(name,"CN",
+				MBSTRING_ASC, "OpenSSL Group", -1, -1, 0);
+
+#ifdef REQUEST_EXTENSIONS
+	/* Certificate requests can contain extensions, which can be used
+	 * to indicate the extensions the requestor would like added to 
+	 * their certificate. CAs might ignore them however or even choke
+	 * if they are present.
+	 */
+
+	/* For request extensions they are all packed in a single attribute.
+	 * We save them in a STACK and add them all at once later...
+	 */
+
+	exts = sk_X509_EXTENSION_new_null();
+	/* Standard extenions */
+
+	add_ext(exts, NID_key_usage, "critical,digitalSignature,keyEncipherment");
+
+	/* This is a typical use for request extensions: requesting a value for
+	 * subject alternative name.
+	 */
+
+	add_ext(exts, NID_subject_alt_name, "email:steve@openssl.org");
+
+	/* Some Netscape specific extensions */
+	add_ext(exts, NID_netscape_cert_type, "client,email");
+
+
+
+#ifdef CUSTOM_EXT
+	/* Maybe even add our own extension based on existing */
+	{
+		int nid;
+		nid = OBJ_create("1.2.3.4", "MyAlias", "My Test Alias Extension");
+		X509V3_EXT_add_alias(nid, NID_netscape_comment);
+		add_ext(x, nid, "example comment alias");
+	}
+#endif
+
+	/* Now we've created the extensions we add them to the request */
+
+	X509_REQ_add_extensions(x, exts);
+
+	sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+
+#endif
+	
+	if (!X509_REQ_sign(x,pk,EVP_md5()))
+		goto err;
+
+	*req=x;
+	*pkeyp=pk;
+	return(1);
+err:
+	return(0);
+	}
+
+/* Add extension using V3 code: we can set the config file as NULL
+ * because we wont reference any other sections.
+ */
+
+int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value)
+	{
+	X509_EXTENSION *ex;
+	ex = X509V3_EXT_conf_nid(NULL, NULL, nid, value);
+	if (!ex)
+		return 0;
+	sk_X509_EXTENSION_push(sk, ex);
+
+	return 1;
+	}
+	
diff --git a/dep/crypto.txt b/dep/crypto.txt
deleted file mode 100644
index 9e5144fec6..0000000000
--- a/dep/crypto.txt
+++ /dev/null
@@ -1,1043 +0,0 @@
-ASN1_BIT_STRING_asn1_meth
-ASN1_BIT_STRING_get_bit
-ASN1_BIT_STRING_set_bit
-ASN1_HEADER_free
-ASN1_HEADER_new
-ASN1_IA5STRING_asn1_meth
-ASN1_INTEGER_get
-ASN1_INTEGER_set
-ASN1_INTEGER_to_BN
-ASN1_OBJECT_create
-ASN1_OBJECT_free
-ASN1_OBJECT_new
-ASN1_PRINTABLE_type
-ASN1_STRING_cmp
-ASN1_STRING_dup
-ASN1_STRING_free
-ASN1_STRING_new
-ASN1_STRING_print
-ASN1_STRING_set
-ASN1_STRING_type_new
-ASN1_TYPE_free
-ASN1_TYPE_get
-ASN1_TYPE_new
-ASN1_TYPE_set
-ASN1_UNIVERSALSTRING_to_string
-ASN1_UTCTIME_check
-ASN1_UTCTIME_print
-ASN1_UTCTIME_set
-ASN1_check_infinite_end
-ASN1_d2i_bio
-ASN1_d2i_fp
-ASN1_digest
-ASN1_dup
-ASN1_get_object
-ASN1_i2d_bio
-ASN1_i2d_fp
-ASN1_object_size
-ASN1_parse
-ASN1_put_object
-ASN1_sign
-ASN1_verify
-BF_cbc_encrypt
-BF_cfb64_encrypt
-BF_decrypt
-BF_ecb_encrypt
-BF_encrypt
-BF_ofb64_encrypt
-BF_options
-BF_set_key
-BIO_ACCEPT_free
-BIO_ACCEPT_new
-BIO_CONNECT_free
-BIO_CONNECT_new
-BIO_accept
-BIO_copy_next_retry
-BIO_ctrl
-BIO_ctrl_int
-BIO_debug_callback
-BIO_dump
-BIO_dup_chain
-BIO_f_base64
-BIO_f_buffer
-BIO_f_cipher
-BIO_f_md
-BIO_f_nbio_test
-BIO_f_null
-BIO_f_proxy_server
-BIO_fd_non_fatal_error
-BIO_fd_should_retry
-BIO_find_type
-BIO_free
-BIO_free_all
-BIO_get_accept_socket
-BIO_get_ex_data
-BIO_get_ex_new_index
-BIO_get_filter_bio
-BIO_get_host_ip
-BIO_get_port
-BIO_get_retry_BIO
-BIO_get_retry_reason
-BIO_gethostbyname
-BIO_gets
-BIO_ghbn_ctrl
-BIO_new
-BIO_new_accept
-BIO_new_connect
-BIO_new_fd
-BIO_new_file
-BIO_new_fp
-BIO_new_socket
-BIO_pop
-BIO_printf
-BIO_ptr_ctrl
-BIO_push
-BIO_puts
-BIO_read
-BIO_s_accept
-BIO_s_connect
-BIO_s_fd
-BIO_s_file
-BIO_s_mem
-BIO_s_null
-BIO_s_proxy_client
-BIO_s_socket
-BIO_set
-BIO_set_cipher
-BIO_set_ex_data
-BIO_set_tcp_ndelay
-BIO_sock_cleanup
-BIO_sock_error
-BIO_sock_init
-BIO_sock_non_fatal_error
-BIO_sock_should_retry
-BIO_socket_ioctl
-BIO_write
-BN_BLINDING_convert
-BN_BLINDING_free
-BN_BLINDING_invert
-BN_BLINDING_new
-BN_BLINDING_update
-BN_CTX_free
-BN_CTX_new
-BN_MONT_CTX_free
-BN_MONT_CTX_new
-BN_MONT_CTX_set
-BN_add
-BN_add_word
-BN_bin2bn
-BN_bn2bin
-BN_bn2dec
-BN_bn2hex
-BN_bn2mpi
-BN_clear
-BN_clear_bit
-BN_clear_free
-BN_cmp
-BN_copy
-BN_dec2bn
-BN_div
-BN_div_word
-BN_dup
-BN_exp
-BN_free
-BN_from_montgomery
-BN_gcd
-BN_generate_prime
-BN_get_word
-BN_hex2bn
-BN_is_bit_set
-BN_is_prime
-BN_lshift
-BN_lshift1
-BN_mask_bits
-BN_mod
-BN_mod_exp
-BN_mod_exp_mont
-BN_mod_exp_recp
-BN_mod_exp_simple
-BN_mod_inverse
-BN_mod_mul
-BN_mod_mul_montgomery
-BN_mod_mul_reciprocal
-BN_mod_word
-BN_mpi2bn
-BN_mul
-BN_mul_word
-BN_new
-BN_num_bits
-BN_num_bits_word
-BN_options
-BN_print
-BN_print_fp
-BN_rand
-BN_reciprocal
-BN_rshift
-BN_rshift1
-BN_set_bit
-BN_set_word
-BN_sqr
-BN_sub
-BN_sub_word
-BN_to_ASN1_INTEGER
-BN_ucmp
-BN_value_one
-BUF_MEM_free
-BUF_MEM_grow
-BUF_MEM_new
-BUF_strdup
-CAST_cbc_encrypt
-CAST_cfb64_encrypt
-CAST_decrypt
-CAST_ecb_encrypt
-CAST_encrypt
-CAST_ofb64_encrypt
-CAST_set_key
-CONF_free
-CONF_get_number
-CONF_get_section
-CONF_get_string
-CONF_load
-CRYPTO_add_lock
-CRYPTO_dbg_free
-CRYPTO_dbg_malloc
-CRYPTO_dbg_realloc
-CRYPTO_dbg_remalloc
-CRYPTO_dup_ex_data
-CRYPTO_free
-CRYPTO_free_ex_data
-CRYPTO_get_add_lock_callback
-CRYPTO_get_ex_data
-CRYPTO_get_ex_new_index
-CRYPTO_get_id_callback
-CRYPTO_get_lock_name
-CRYPTO_get_locking_callback
-CRYPTO_get_mem_functions
-CRYPTO_get_new_lockid
-CRYPTO_lock
-CRYPTO_malloc
-CRYPTO_mem_ctrl
-CRYPTO_mem_leaks
-CRYPTO_mem_leaks_cb
-CRYPTO_mem_leaks_fp
-CRYPTO_new_ex_data
-CRYPTO_realloc
-CRYPTO_remalloc
-CRYPTO_set_add_lock_callback
-CRYPTO_set_ex_data
-CRYPTO_set_id_callback
-CRYPTO_set_locking_callback
-CRYPTO_set_mem_functions
-CRYPTO_thread_id
-DH_check
-DH_compute_key
-DH_free
-DH_generate_key
-DH_generate_parameters
-DH_new
-DH_size
-DHparams_print
-DHparams_print_fp
-DSA_free
-DSA_generate_key
-DSA_generate_parameters
-DSA_is_prime
-DSA_new
-DSA_print
-DSA_print_fp
-DSA_sign
-DSA_sign_setup
-DSA_size
-DSA_verify
-DSAparams_print
-DSAparams_print_fp
-ERR_clear_error
-ERR_error_string
-ERR_free_strings
-ERR_func_error_string
-ERR_get_err_state_table
-ERR_get_error
-ERR_get_error_line
-ERR_get_next_error_library
-ERR_get_state
-ERR_get_string_table
-ERR_lib_error_string
-ERR_load_ASN1_strings
-ERR_load_BIO_strings
-ERR_load_BN_strings
-ERR_load_BUF_strings
-ERR_load_CONF_strings
-ERR_load_CRYPTO_strings
-ERR_load_DH_strings
-ERR_load_DSA_strings
-ERR_load_ERR_strings
-ERR_load_EVP_strings
-ERR_load_OBJ_strings
-ERR_load_PEM_strings
-ERR_load_PKCS7_strings
-ERR_load_PROXY_strings
-ERR_load_RSA_strings
-ERR_load_X509_strings
-ERR_load_crypto_strings
-ERR_load_strings
-ERR_peek_error
-ERR_peek_error_line
-ERR_print_errors
-ERR_print_errors_fp
-ERR_put_error
-ERR_reason_error_string
-ERR_remove_state
-EVP_BytesToKey
-EVP_CIPHER_CTX_cleanup
-EVP_CIPHER_CTX_init
-EVP_CipherFinal
-EVP_CipherInit
-EVP_CipherUpdate
-EVP_DecodeBlock
-EVP_DecodeFinal
-EVP_DecodeInit
-EVP_DecodeUpdate
-EVP_DecryptFinal
-EVP_DecryptInit
-EVP_DecryptUpdate
-EVP_DigestFinal
-EVP_DigestInit
-EVP_DigestUpdate
-EVP_EncodeBlock
-EVP_EncodeFinal
-EVP_EncodeInit
-EVP_EncodeUpdate
-EVP_EncryptFinal
-EVP_EncryptInit
-EVP_EncryptUpdate
-EVP_OpenFinal
-EVP_OpenInit
-EVP_PKEY_assign
-EVP_PKEY_bits
-EVP_PKEY_cmp_parameters
-EVP_PKEY_copy_parameters
-EVP_PKEY_free
-EVP_PKEY_missing_parameters
-EVP_PKEY_new
-EVP_PKEY_save_parameters
-EVP_PKEY_size
-EVP_PKEY_type
-EVP_SealFinal
-EVP_SealInit
-EVP_SignFinal
-EVP_VerifyFinal
-EVP_add_alias
-EVP_add_cipher
-EVP_add_digest
-EVP_bf_cbc
-EVP_bf_cfb
-EVP_bf_ecb
-EVP_bf_ofb
-EVP_cast5_cbc
-EVP_cast5_cfb
-EVP_cast5_ecb
-EVP_cast5_ofb
-EVP_cleanup
-EVP_delete_alias
-EVP_des_cbc
-EVP_des_cfb
-EVP_des_ecb
-EVP_des_ede
-EVP_des_ede3
-EVP_des_ede3_cbc
-EVP_des_ede3_cfb
-EVP_des_ede3_ofb
-EVP_des_ede_cbc
-EVP_des_ede_cfb
-EVP_des_ede_ofb
-EVP_des_ofb
-EVP_desx_cbc
-EVP_dss
-EVP_dss1
-EVP_enc_null
-EVP_get_cipherbyname
-EVP_get_digestbyname
-EVP_get_pw_prompt
-EVP_idea_cbc
-EVP_idea_cfb
-EVP_idea_ecb
-EVP_idea_ofb
-EVP_md2
-EVP_md5
-EVP_md_null
-EVP_mdc2
-EVP_rc2_40_cbc
-EVP_rc2_cbc
-EVP_rc2_cfb
-EVP_rc2_ecb
-EVP_rc2_ofb
-EVP_rc4
-EVP_rc4_40
-EVP_read_pw_string
-EVP_set_pw_prompt
-EVP_sha
-EVP_sha1
-HMAC
-HMAC_Final
-HMAC_Init
-HMAC_Update
-HMAC_cleanup
-MD2
-MD2_Final
-MD2_Init
-MD2_Update
-MD2_options
-MD5
-MD5_Final
-MD5_Init
-MD5_Transform
-MD5_Update
-MDC2
-MDC2_Final
-MDC2_Init
-MDC2_Update
-NETSCAPE_SPKAC_free
-NETSCAPE_SPKAC_new
-NETSCAPE_SPKI_free
-NETSCAPE_SPKI_new
-NETSCAPE_SPKI_sign
-NETSCAPE_SPKI_verify
-OBJ_add_object
-OBJ_bsearch
-OBJ_cleanup
-OBJ_cmp
-OBJ_create
-OBJ_create_objects
-OBJ_dup
-OBJ_ln2nid
-OBJ_new_nid
-OBJ_nid2ln
-OBJ_nid2obj
-OBJ_nid2sn
-OBJ_obj2nid
-OBJ_sn2nid
-OBJ_txt2nid
-PEM_ASN1_read
-PEM_ASN1_read_bio
-PEM_ASN1_write
-PEM_ASN1_write_bio
-PEM_SealFinal
-PEM_SealInit
-PEM_SealUpdate
-PEM_SignFinal
-PEM_SignInit
-PEM_SignUpdate
-PEM_X509_INFO_read
-PEM_X509_INFO_read_bio
-PEM_X509_INFO_write_bio
-PEM_dek_info
-PEM_do_header
-PEM_get_EVP_CIPHER_INFO
-PEM_proc_type
-PEM_read
-PEM_read_DHparams
-PEM_read_DSAPrivateKey
-PEM_read_DSAparams
-PEM_read_PKCS7
-PEM_read_PrivateKey
-PEM_read_RSAPrivateKey
-PEM_read_RSAPublicKey
-PEM_read_X509
-PEM_read_X509_CRL
-PEM_read_X509_REQ
-PEM_read_bio
-PEM_read_bio_DHparams
-PEM_read_bio_DSAPrivateKey
-PEM_read_bio_DSAparams
-PEM_read_bio_PKCS7
-PEM_read_bio_PrivateKey
-PEM_read_bio_RSAPrivateKey
-PEM_read_bio_RSAPublicKey
-PEM_read_bio_X509
-PEM_read_bio_X509_CRL
-PEM_read_bio_X509_REQ
-PEM_write
-PEM_write_DHparams
-PEM_write_DSAPrivateKey
-PEM_write_DSAparams
-PEM_write_PKCS7
-PEM_write_PrivateKey
-PEM_write_RSAPrivateKey
-PEM_write_RSAPublicKey
-PEM_write_X509
-PEM_write_X509_CRL
-PEM_write_X509_REQ
-PEM_write_bio
-PEM_write_bio_DHparams
-PEM_write_bio_DSAPrivateKey
-PEM_write_bio_DSAparams
-PEM_write_bio_PKCS7
-PEM_write_bio_PrivateKey
-PEM_write_bio_RSAPrivateKey
-PEM_write_bio_RSAPublicKey
-PEM_write_bio_X509
-PEM_write_bio_X509_CRL
-PEM_write_bio_X509_REQ
-PKCS7_DIGEST_free
-PKCS7_DIGEST_new
-PKCS7_ENCRYPT_free
-PKCS7_ENCRYPT_new
-PKCS7_ENC_CONTENT_free
-PKCS7_ENC_CONTENT_new
-PKCS7_ENVELOPE_free
-PKCS7_ENVELOPE_new
-PKCS7_ISSUER_AND_SERIAL_digest
-PKCS7_ISSUER_AND_SERIAL_free
-PKCS7_ISSUER_AND_SERIAL_new
-PKCS7_RECIP_INFO_free
-PKCS7_RECIP_INFO_new
-PKCS7_SIGNED_free
-PKCS7_SIGNED_new
-PKCS7_SIGNER_INFO_free
-PKCS7_SIGNER_INFO_new
-PKCS7_SIGNER_INFO_set
-PKCS7_SIGN_ENVELOPE_free
-PKCS7_SIGN_ENVELOPE_new
-PKCS7_add_certificate
-PKCS7_add_crl
-PKCS7_add_signature
-PKCS7_add_signer
-PKCS7_cert_from_signer_info
-PKCS7_content_free
-PKCS7_content_new
-PKCS7_ctrl
-PKCS7_dataInit
-PKCS7_dataSign
-PKCS7_dataVerify
-PKCS7_dup
-PKCS7_free
-PKCS7_get_signer_info
-PKCS7_new
-PKCS7_set_content
-PKCS7_set_type
-PROXY_ENTRY_add_noproxy
-PROXY_ENTRY_clear_noproxy
-PROXY_ENTRY_free
-PROXY_ENTRY_get_noproxy
-PROXY_ENTRY_new
-PROXY_ENTRY_set_server
-PROXY_add_noproxy
-PROXY_add_server
-PROXY_check_by_host
-PROXY_check_url
-PROXY_clear_noproxy
-PROXY_free
-PROXY_get_noproxy
-PROXY_get_proxies
-PROXY_get_proxy_entry
-PROXY_load_conf
-PROXY_new
-PROXY_print
-RAND_bytes
-RAND_cleanup
-RAND_file_name
-RAND_load_file
-RAND_seed
-RAND_write_file
-RC2_cbc_encrypt
-RC2_cfb64_encrypt
-RC2_decrypt
-RC2_ecb_encrypt
-RC2_encrypt
-RC2_ofb64_encrypt
-RC2_set_key
-RC4
-RC4_options
-RC4_set_key
-RC5_32_cbc_encrypt
-RC5_32_cfb64_encrypt
-RC5_32_decrypt
-RC5_32_ecb_encrypt
-RC5_32_encrypt
-RC5_32_ofb64_encrypt
-RC5_32_set_key
-RIPEMD160
-RIPEMD160_Final
-RIPEMD160_Init
-RIPEMD160_Transform
-RIPEMD160_Update
-RSAPrivateKey_asn1_meth
-RSAPrivateKey_dup
-RSAPublicKey_dup
-RSA_PKCS1_SSLeay
-RSA_blinding_off
-RSA_blinding_on
-RSA_flags
-RSA_free
-RSA_generate_key
-RSA_get_ex_data
-RSA_get_ex_new_index
-RSA_new
-RSA_new_method
-RSA_padding_add_PKCS1_type_1
-RSA_padding_add_PKCS1_type_2
-RSA_padding_add_SSLv23
-RSA_padding_add_none
-RSA_padding_check_PKCS1_type_1
-RSA_padding_check_PKCS1_type_2
-RSA_padding_check_SSLv23
-RSA_padding_check_none
-RSA_print
-RSA_print_fp
-RSA_private_decrypt
-RSA_private_encrypt
-RSA_public_decrypt
-RSA_public_encrypt
-RSA_set_default_method
-RSA_set_ex_data
-RSA_sign
-RSA_sign_ASN1_OCTET_STRING
-RSA_size
-RSA_verify
-RSA_verify_ASN1_OCTET_STRING
-SHA
-SHA1
-SHA1_Final
-SHA1_Init
-SHA1_Transform
-SHA1_Update
-SHA_Final
-SHA_Init
-SHA_Transform
-SHA_Update
-SSLeay
-SSLeay_add_all_algorithms
-SSLeay_add_all_ciphers
-SSLeay_add_all_digests
-SSLeay_version
-TXT_DB_create_index
-TXT_DB_free
-TXT_DB_get_by_index
-TXT_DB_insert
-TXT_DB_read
-TXT_DB_write
-X509_ALGOR_free
-X509_ALGOR_new
-X509_ATTRIBUTE_free
-X509_ATTRIBUTE_new
-X509_CINF_free
-X509_CINF_new
-X509_CRL_INFO_free
-X509_CRL_INFO_new
-X509_CRL_add_ext
-X509_CRL_cmp
-X509_CRL_delete_ext
-X509_CRL_dup
-X509_CRL_free
-X509_CRL_get_ext
-X509_CRL_get_ext_by_NID
-X509_CRL_get_ext_by_OBJ
-X509_CRL_get_ext_by_critical
-X509_CRL_get_ext_count
-X509_CRL_new
-X509_CRL_sign
-X509_CRL_verify
-X509_EXTENSION_create_by_NID
-X509_EXTENSION_create_by_OBJ
-X509_EXTENSION_dup
-X509_EXTENSION_free
-X509_EXTENSION_get_critical
-X509_EXTENSION_get_data
-X509_EXTENSION_get_object
-X509_EXTENSION_new
-X509_EXTENSION_set_critical
-X509_EXTENSION_set_data
-X509_EXTENSION_set_object
-X509_INFO_free
-X509_INFO_new
-X509_LOOKUP_by_alias
-X509_LOOKUP_by_fingerprint
-X509_LOOKUP_by_issuer_serial
-X509_LOOKUP_by_subject
-X509_LOOKUP_ctrl
-X509_LOOKUP_file
-X509_LOOKUP_free
-X509_LOOKUP_hash_dir
-X509_LOOKUP_init
-X509_LOOKUP_new
-X509_LOOKUP_shutdown
-X509_NAME_ENTRY_create_by_NID
-X509_NAME_ENTRY_create_by_OBJ
-X509_NAME_ENTRY_dup
-X509_NAME_ENTRY_free
-X509_NAME_ENTRY_get_data
-X509_NAME_ENTRY_get_object
-X509_NAME_ENTRY_new
-X509_NAME_ENTRY_set_data
-X509_NAME_ENTRY_set_object
-X509_NAME_add_entry
-X509_NAME_cmp
-X509_NAME_delete_entry
-X509_NAME_digest
-X509_NAME_dup
-X509_NAME_entry_count
-X509_NAME_free
-X509_NAME_get_entry
-X509_NAME_get_index_by_NID
-X509_NAME_get_index_by_OBJ
-X509_NAME_get_text_by_NID
-X509_NAME_get_text_by_OBJ
-X509_NAME_hash
-X509_NAME_new
-X509_NAME_oneline
-X509_NAME_print
-X509_NAME_set
-X509_OBJECT_free_contents
-X509_OBJECT_retrive_by_subject
-X509_OBJECT_up_ref_count
-X509_PKEY_free
-X509_PKEY_new
-X509_PUBKEY_free
-X509_PUBKEY_get
-X509_PUBKEY_new
-X509_PUBKEY_set
-X509_REQ_INFO_free
-X509_REQ_INFO_new
-X509_REQ_dup
-X509_REQ_free
-X509_REQ_get_pubkey
-X509_REQ_new
-X509_REQ_print
-X509_REQ_print_fp
-X509_REQ_set_pubkey
-X509_REQ_set_subject_name
-X509_REQ_set_version
-X509_REQ_sign
-X509_REQ_to_X509
-X509_REQ_verify
-X509_REVOKED_add_ext
-X509_REVOKED_delete_ext
-X509_REVOKED_free
-X509_REVOKED_get_ext
-X509_REVOKED_get_ext_by_NID
-X509_REVOKED_get_ext_by_OBJ
-X509_REVOKED_get_ext_by_critical
-X509_REVOKED_get_ext_count
-X509_REVOKED_new
-X509_SIG_free
-X509_SIG_new
-X509_STORE_CTX_cleanup
-X509_STORE_CTX_get_chain
-X509_STORE_CTX_get_current_cert
-X509_STORE_CTX_get_error
-X509_STORE_CTX_get_error_depth
-X509_STORE_CTX_get_ex_data
-X509_STORE_CTX_get_ex_new_index
-X509_STORE_CTX_init
-X509_STORE_CTX_set_cert
-X509_STORE_CTX_set_chain
-X509_STORE_CTX_set_error
-X509_STORE_CTX_set_ex_data
-X509_STORE_add_cert
-X509_STORE_add_crl
-X509_STORE_add_lookup
-X509_STORE_free
-X509_STORE_get_by_subject
-X509_STORE_load_locations
-X509_STORE_new
-X509_STORE_set_default_paths
-X509_VAL_free
-X509_VAL_new
-X509_add_ext
-X509_asn1_meth
-X509_certificate_type
-X509_check_private_key
-X509_cmp_current_time
-X509_delete_ext
-X509_digest
-X509_dup
-X509_find_by_issuer_and_serial
-X509_find_by_subject
-X509_free
-X509_get_default_cert_area
-X509_get_default_cert_dir
-X509_get_default_cert_dir_env
-X509_get_default_cert_file
-X509_get_default_cert_file_env
-X509_get_default_private_dir
-X509_get_ext
-X509_get_ext_by_NID
-X509_get_ext_by_OBJ
-X509_get_ext_by_critical
-X509_get_ext_count
-X509_get_issuer_name
-X509_get_pubkey
-X509_get_pubkey_parameters
-X509_get_serialNumber
-X509_get_subject_name
-X509_gmtime_adj
-X509_issuer_and_serial_cmp
-X509_issuer_and_serial_hash
-X509_issuer_name_cmp
-X509_issuer_name_hash
-X509_load_cert_file
-X509_load_crl_file
-X509_new
-X509_print
-X509_print_fp
-X509_set_issuer_name
-X509_set_notAfter
-X509_set_notBefore
-X509_set_pubkey
-X509_set_serialNumber
-X509_set_subject_name
-X509_set_version
-X509_sign
-X509_subject_name_cmp
-X509_subject_name_hash
-X509_to_X509_REQ
-X509_verify
-X509_verify_cert
-X509_verify_cert_error_string
-X509v3_add_ext
-X509v3_add_extension
-X509v3_add_netscape_extensions
-X509v3_add_standard_extensions
-X509v3_cleanup_extensions
-X509v3_data_type_by_NID
-X509v3_data_type_by_OBJ
-X509v3_delete_ext
-X509v3_get_ext
-X509v3_get_ext_by_NID
-X509v3_get_ext_by_OBJ
-X509v3_get_ext_by_critical
-X509v3_get_ext_count
-X509v3_get_key_usage
-X509v3_pack_string
-X509v3_pack_type_by_NID
-X509v3_pack_type_by_OBJ
-X509v3_set_key_usage
-X509v3_unpack_string
-_des_crypt
-a2d_ASN1_OBJECT
-a2i_ASN1_INTEGER
-a2i_ASN1_STRING
-a2i_X509v3_key_usage
-asn1_Finish
-asn1_GetSequence
-bn_add_words
-bn_div64
-bn_expand2
-bn_mul_add_words
-bn_mul_words
-bn_qadd
-bn_qsub
-bn_sqr_words
-crypt
-d2i_ASN1_BIT_STRING
-d2i_ASN1_BOOLEAN
-d2i_ASN1_HEADER
-d2i_ASN1_IA5STRING
-d2i_ASN1_INTEGER
-d2i_ASN1_OBJECT
-d2i_ASN1_OCTET_STRING
-d2i_ASN1_PRINTABLE
-d2i_ASN1_PRINTABLESTRING
-d2i_ASN1_SET
-d2i_ASN1_T61STRING
-d2i_ASN1_TYPE
-d2i_ASN1_UTCTIME
-d2i_ASN1_bytes
-d2i_ASN1_type_bytes
-d2i_DHparams
-d2i_DSAPrivateKey
-d2i_DSAPrivateKey_bio
-d2i_DSAPrivateKey_fp
-d2i_DSAPublicKey
-d2i_DSAparams
-d2i_NETSCAPE_SPKAC
-d2i_NETSCAPE_SPKI
-d2i_Netscape_RSA
-d2i_Netscape_RSA_2
-d2i_PKCS7
-d2i_PKCS7_DIGEST
-d2i_PKCS7_ENCRYPT
-d2i_PKCS7_ENC_CONTENT
-d2i_PKCS7_ENVELOPE
-d2i_PKCS7_ISSUER_AND_SERIAL
-d2i_PKCS7_RECIP_INFO
-d2i_PKCS7_SIGNED
-d2i_PKCS7_SIGNER_INFO
-d2i_PKCS7_SIGN_ENVELOPE
-d2i_PKCS7_bio
-d2i_PKCS7_fp
-d2i_PrivateKey
-d2i_PublicKey
-d2i_RSAPrivateKey
-d2i_RSAPrivateKey_bio
-d2i_RSAPrivateKey_fp
-d2i_RSAPublicKey
-d2i_RSAPublicKey_bio
-d2i_RSAPublicKey_fp
-d2i_X509
-d2i_X509_ALGOR
-d2i_X509_ATTRIBUTE
-d2i_X509_CINF
-d2i_X509_CRL
-d2i_X509_CRL_INFO
-d2i_X509_CRL_bio
-d2i_X509_CRL_fp
-d2i_X509_EXTENSION
-d2i_X509_NAME
-d2i_X509_NAME_ENTRY
-d2i_X509_PKEY
-d2i_X509_PUBKEY
-d2i_X509_REQ
-d2i_X509_REQ_INFO
-d2i_X509_REQ_bio
-d2i_X509_REQ_fp
-d2i_X509_REVOKED
-d2i_X509_SIG
-d2i_X509_VAL
-d2i_X509_bio
-d2i_X509_fp
-des_cbc_cksum
-des_cbc_encrypt
-des_cblock_print_file
-des_cfb64_encrypt
-des_cfb_encrypt
-des_decrypt3
-des_ecb3_encrypt
-des_ecb_encrypt
-des_ede3_cbc_encrypt
-des_ede3_cfb64_encrypt
-des_ede3_ofb64_encrypt
-des_enc_read
-des_enc_write
-des_encrypt
-des_encrypt2
-des_encrypt3
-des_fcrypt
-des_is_weak_key
-des_key_sched
-des_ncbc_encrypt
-des_ofb64_encrypt
-des_ofb_encrypt
-des_options
-des_pcbc_encrypt
-des_quad_cksum
-des_random_key
-des_random_seed
-des_read_2passwords
-des_read_password
-des_read_pw
-des_read_pw_string
-des_set_key
-des_set_odd_parity
-des_string_to_2keys
-des_string_to_key
-des_xcbc_encrypt
-des_xwhite_in2out
-fcrypt_body
-i2a_ASN1_INTEGER
-i2a_ASN1_OBJECT
-i2a_ASN1_STRING
-i2a_X509v3_key_usage
-i2d_ASN1_BIT_STRING
-i2d_ASN1_BOOLEAN
-i2d_ASN1_HEADER
-i2d_ASN1_IA5STRING
-i2d_ASN1_INTEGER
-i2d_ASN1_OBJECT
-i2d_ASN1_OCTET_STRING
-i2d_ASN1_PRINTABLE
-i2d_ASN1_SET
-i2d_ASN1_TYPE
-i2d_ASN1_UTCTIME
-i2d_ASN1_bytes
-i2d_DHparams
-i2d_DSAPrivateKey
-i2d_DSAPrivateKey_bio
-i2d_DSAPrivateKey_fp
-i2d_DSAPublicKey
-i2d_DSAparams
-i2d_NETSCAPE_SPKAC
-i2d_NETSCAPE_SPKI
-i2d_Netscape_RSA
-i2d_PKCS7
-i2d_PKCS7_DIGEST
-i2d_PKCS7_ENCRYPT
-i2d_PKCS7_ENC_CONTENT
-i2d_PKCS7_ENVELOPE
-i2d_PKCS7_ISSUER_AND_SERIAL
-i2d_PKCS7_RECIP_INFO
-i2d_PKCS7_SIGNED
-i2d_PKCS7_SIGNER_INFO
-i2d_PKCS7_SIGN_ENVELOPE
-i2d_PKCS7_bio
-i2d_PKCS7_fp
-i2d_PrivateKey
-i2d_PublicKey
-i2d_RSAPrivateKey
-i2d_RSAPrivateKey_bio
-i2d_RSAPrivateKey_fp
-i2d_RSAPublicKey
-i2d_RSAPublicKey_bio
-i2d_RSAPublicKey_fp
-i2d_X509
-i2d_X509_ALGOR
-i2d_X509_ATTRIBUTE
-i2d_X509_CINF
-i2d_X509_CRL
-i2d_X509_CRL_INFO
-i2d_X509_CRL_bio
-i2d_X509_CRL_fp
-i2d_X509_EXTENSION
-i2d_X509_NAME
-i2d_X509_NAME_ENTRY
-i2d_X509_PKEY
-i2d_X509_PUBKEY
-i2d_X509_REQ
-i2d_X509_REQ_INFO
-i2d_X509_REQ_bio
-i2d_X509_REQ_fp
-i2d_X509_REVOKED
-i2d_X509_SIG
-i2d_X509_VAL
-i2d_X509_bio
-i2d_X509_fp
-i2t_ASN1_OBJECT
-idea_cbc_encrypt
-idea_cfb64_encrypt
-idea_ecb_encrypt
-idea_encrypt
-idea_ofb64_encrypt
-idea_options
-idea_set_decrypt_key
-idea_set_encrypt_key
-lh_delete
-lh_doall
-lh_doall_arg
-lh_free
-lh_insert
-lh_new
-lh_node_stats
-lh_node_stats_bio
-lh_node_usage_stats
-lh_node_usage_stats_bio
-lh_retrieve
-lh_stats
-lh_stats_bio
-lh_strhash
-ripemd160_block
-sha1_block
-sha_block
-sk_delete
-sk_delete_ptr
-sk_dup
-sk_find
-sk_free
-sk_insert
-sk_new
-sk_pop
-sk_pop_free
-sk_push
-sk_set_cmp_func
-sk_shift
-sk_unshift
-sk_zero
diff --git a/dep/files b/dep/files
deleted file mode 100644
index 85cd7a3ff9..0000000000
--- a/dep/files
+++ /dev/null
@@ -1,566 +0,0 @@
-./e_os.h
-
-./crypto/cryptall.h		CRYPTO
-./crypto/cryptlib.h		CRYPTO
-./crypto/crypto.c		CRYPTO
-./crypto/cversion.c		CRYPTO
-./crypto/date.h			CRYPTO
-./crypto/mem.c			CRYPTO
-./crypto/cpt_err.c		CRYPTO
-./crypto/ex_data.c		CRYPTO
-./crypto/crypto.h		CRYPTO
-./crypto/cryptlib.c		CRYPTO
-./crypto/tmdiff.c		CRYPTO
-
-./crypto/asn1/asn1.h		ASN1
-./crypto/asn1/asn1_mac.h	ASN1
-./crypto/asn1/asn1_err.c	ASN1
-./crypto/asn1/asn1_lib.c	ASN1
-./crypto/asn1/asn1_par.c	ASN1
-./crypto/asn1/a_bitstr.c	ASN1
-./crypto/asn1/a_bmp.c		ASN1
-./crypto/asn1/a_bool.c		ASN1
-./crypto/asn1/a_bytes.c		ASN1
-./crypto/asn1/a_d2i_fp.c	ASN1
-./crypto/asn1/a_digest.c	ASN1
-./crypto/asn1/a_dup.c		ASN1
-./crypto/asn1/a_hdr.c		ASN1
-./crypto/asn1/a_i2d_fp.c	ASN1
-./crypto/asn1/a_int.c		ASN1
-./crypto/asn1/a_meth.c		ASN1
-./crypto/asn1/a_object.c	ASN1
-./crypto/asn1/a_octet.c		ASN1
-./crypto/asn1/a_print.c		ASN1
-./crypto/asn1/a_set.c		ASN1
-./crypto/asn1/a_sign.c		ASN1
-./crypto/asn1/a_type.c		ASN1
-./crypto/asn1/a_utctm.c		ASN1
-./crypto/asn1/a_verify.c	ASN1
-./crypto/asn1/d2i_dhp.c		ASN1
-./crypto/asn1/d2i_dsap.c	ASN1
-./crypto/asn1/d2i_pr.c		ASN1
-./crypto/asn1/d2i_pu.c		ASN1
-./crypto/asn1/d2i_r_pr.c	ASN1
-./crypto/asn1/d2i_r_pu.c	ASN1
-./crypto/asn1/d2i_s_pr.c	ASN1
-./crypto/asn1/d2i_s_pu.c	ASN1
-./crypto/asn1/f_int.c		ASN1
-./crypto/asn1/f_string.c	ASN1
-./crypto/asn1/i2d_dhp.c		ASN1
-./crypto/asn1/i2d_dsap.c	ASN1
-./crypto/asn1/i2d_pr.c		ASN1
-./crypto/asn1/i2d_pu.c		ASN1
-./crypto/asn1/i2d_r_pr.c	ASN1
-./crypto/asn1/i2d_r_pu.c	ASN1
-./crypto/asn1/i2d_s_pr.c	ASN1
-./crypto/asn1/i2d_s_pu.c	ASN1
-./crypto/asn1/n_pkey.c		ASN1
-./crypto/asn1/p7_dgst.c		ASN1
-./crypto/asn1/p7_enc.c		ASN1
-./crypto/asn1/p7_enc_c.c	ASN1
-./crypto/asn1/p7_evp.c		ASN1
-./crypto/asn1/p7_i_s.c		ASN1
-./crypto/asn1/p7_lib.c		ASN1
-./crypto/asn1/p7_recip.c	ASN1
-./crypto/asn1/p7_signd.c	ASN1
-./crypto/asn1/p7_signi.c	ASN1
-./crypto/asn1/p7_s_e.c		ASN1
-./crypto/asn1/pk.c		ASN1
-./crypto/asn1/pkcs8.c		ASN1
-./crypto/asn1/t_pkey.c		ASN1
-./crypto/asn1/t_req.c		ASN1
-./crypto/asn1/t_x509.c		ASN1
-./crypto/asn1/x_algor.c		ASN1
-./crypto/asn1/x_attrib.c	ASN1
-./crypto/asn1/x_cinf.c		ASN1
-./crypto/asn1/x_crl.c		ASN1
-./crypto/asn1/x_exten.c		ASN1
-./crypto/asn1/x_info.c		ASN1
-./crypto/asn1/x_name.c		ASN1
-./crypto/asn1/x_pkey.c		ASN1
-./crypto/asn1/x_pubkey.c	ASN1
-./crypto/asn1/x_req.c		ASN1
-./crypto/asn1/x_sig.c		ASN1
-./crypto/asn1/x_spki.c		ASN1
-./crypto/asn1/x_val.c		ASN1
-./crypto/asn1/x_x509.c		ASN1
-
-./crypto/bf/blowfish.h		BF
-./crypto/bf/bf_pi.h		BF
-./crypto/bf/bf_locl.h		BF
-./crypto/bf/bfspeed.c		BF
-./crypto/bf/bftest.c		BF
-./crypto/bf/bf_cbc.c		BF
-./crypto/bf/bf_cfb64.c		BF
-./crypto/bf/bf_ecb.c		BF
-./crypto/bf/bf_enc.c		BF
-./crypto/bf/bf_ofb64.c		BF
-./crypto/bf/bf_opts.c		BF
-./crypto/bf/bf_skey.c		BF
-
-./crypto/bio/bio.h		BIO
-./crypto/bio/bf_buff.c		BIO
-./crypto/bio/bf_nbio.c		BIO
-./crypto/bio/bf_null.c		BIO
-./crypto/bio/bio_cb.c		BIO
-./crypto/bio/bio_err.c		BIO
-./crypto/bio/bio_lib.c		BIO
-./crypto/bio/bss_acpt.c		BIO
-./crypto/bio/bss_conn.c		BIO
-./crypto/bio/bss_fd.c		BIO
-./crypto/bio/bss_file.c		BIO
-./crypto/bio/bss_mem.c		BIO
-./crypto/bio/bss_null.c		BIO
-./crypto/bio/bss_rtcp.c		BIO
-./crypto/bio/bss_sock.c		BIO
-./crypto/bio/b_dump.c		BIO
-./crypto/bio/b_print.c		BIO
-./crypto/bio/b_sock.c		BIO
-
-./crypto/bn/bn.h		BN
-./crypto/bn/bn_lcl.h		BN
-./crypto/bn/bn_prime.h		BN
-./crypto/bn/bnspeed.c		BN
-./crypto/bn/bntest.c		BN
-./crypto/bn/bn_add.c		BN
-./crypto/bn/bn_bld.c		BN
-./crypto/bn/bn_blind.c		BN
-./crypto/bn/bn_div.c		BN
-./crypto/bn/bn_err.c		BN
-./crypto/bn/bn_exp.c		BN
-./crypto/bn/bn_gcd.c		BN
-./crypto/bn/bn_lib.c		BN
-./crypto/bn/bn_mod.c		BN
-./crypto/bn/bn_mont.c		BN
-./crypto/bn/bn_mul.c		BN
-./crypto/bn/bn_mulw.c		BN
-./crypto/bn/bn_prime.c		BN
-./crypto/bn/bn_print.c		BN
-./crypto/bn/bn_rand.c		BN
-./crypto/bn/bn_recp.c		BN
-./crypto/bn/bn_shift.c		BN
-./crypto/bn/bn_sqr.c		BN
-./crypto/bn/bn_sub.c		BN
-./crypto/bn/bn_word.c		BN
-./crypto/bn/bn_m.c		BN
-./crypto/bn/m.c			BN
-./crypto/bn/expspeed.c		BN
-./crypto/bn/bn_mpi.c		BN
-./crypto/bn/exptest.c		BN
-
-./crypto/buffer/buffer.c	BUFF
-./crypto/buffer/buffer.h	BUFF
-./crypto/buffer/buf_err.c	BUFF
-
-./crypto/cast/cast.h		CAST
-./crypto/cast/castopts.c	CAST
-./crypto/cast/casttest.c	CAST
-./crypto/cast/cast_lcl.h	CAST
-./crypto/cast/cast_s.h		CAST
-./crypto/cast/cast_spd.c	CAST
-./crypto/cast/c_cfb64.c		CAST
-./crypto/cast/c_ecb.c		CAST
-./crypto/cast/c_enc.c		CAST
-./crypto/cast/c_ofb64.c		CAST
-./crypto/cast/c_skey.c		CAST
-
-./crypto/conf/conf_lcl.h	CONF
-./crypto/conf/cnf_save.c	CONF
-./crypto/conf/conf.c		CONF
-./crypto/conf/conf.h		CONF
-./crypto/conf/conf_err.c	CONF
-
-./crypto/des/des.h		DES
-./crypto/des/des_locl.h		DES
-./crypto/des/spr.h		DES
-./crypto/des/podd.h		DES
-./crypto/des/sk.h		DES
-./crypto/des/cbc3_enc.c		DES
-./crypto/des/cbc_cksm.c		DES
-./crypto/des/cbc_enc.c		DES
-./crypto/des/cfb64ede.c		DES
-./crypto/des/cfb64enc.c		DES
-./crypto/des/cfb_enc.c		DES
-./crypto/des/des.c		DES
-./crypto/des/destest.c		DES
-./crypto/des/des_enc.c		DES
-./crypto/des/des_opts.c		DES
-./crypto/des/des_ver.h		DES
-./crypto/des/ecb3_enc.c		DES
-./crypto/des/ecb_enc.c		DES
-./crypto/des/ede_enc.c		DES
-./crypto/des/enc_read.c		DES
-./crypto/des/enc_writ.c		DES
-./crypto/des/fcrypt.c		DES
-./crypto/des/fcrypt_b.c		DES
-./crypto/des/ncbc_enc.c		DES
-./crypto/des/ofb64ede.c		DES
-./crypto/des/ofb64enc.c		DES
-./crypto/des/ofb_enc.c		DES
-./crypto/des/pcbc_enc.c		DES
-./crypto/des/qud_cksm.c		DES
-./crypto/des/rand_key.c		DES
-./crypto/des/read2pwd.c		DES
-./crypto/des/read_pwd.c		DES
-./crypto/des/rpc_des.h		DES
-./crypto/des/rpc_enc.c		DES
-./crypto/des/rpw.c		DES
-./crypto/des/set_key.c		DES
-./crypto/des/str2key.c		DES
-./crypto/des/supp.c		DES
-./crypto/des/xcbc_enc.c		DES
-
-./crypto/dh/dh.h		DH
-./crypto/dh/dh_check.c		DH
-./crypto/dh/dh_err.c		DH
-./crypto/dh/dh_gen.c		DH
-./crypto/dh/dh_key.c		DH
-./crypto/dh/dh_lib.c		DH
-./crypto/dh/p1024.c		DH
-./crypto/dh/p192.c		DH
-./crypto/dh/p512.c		DH
-./crypto/dh/dhtest.c		DH
-
-./crypto/dsa/dsa.h		DSA
-./crypto/dsa/dsagen.c		DSA
-./crypto/dsa/dsa_err.c		DSA
-./crypto/dsa/dsa_gen.c		DSA
-./crypto/dsa/dsa_key.c		DSA
-./crypto/dsa/dsa_lib.c		DSA
-./crypto/dsa/dsa_sign.c		DSA
-./crypto/dsa/dsa_vrf.c		DSA
-./crypto/dsa/dsatest.c		DSA
-
-./crypto/err/err.c		ERR
-./crypto/err/err.h		ERR
-./crypto/err/err_all.c		ERR
-./crypto/err/err_prn.c		ERR
-
-./crypto/evp/evp.h		EVP
-./crypto/evp/bio_b64.c		EVP
-./crypto/evp/bio_enc.c		EVP
-./crypto/evp/bio_md.c		EVP
-./crypto/evp/c_all.c		EVP
-./crypto/evp/digest.c		EVP
-./crypto/evp/encode.c		EVP
-./crypto/evp/evp_enc.c		EVP
-./crypto/evp/evp_err.c		EVP
-./crypto/evp/evp_key.c		EVP
-./crypto/evp/e_cbc_3d.c		EVP
-./crypto/evp/e_cbc_bf.c		EVP
-./crypto/evp/e_cbc_c.c		EVP
-./crypto/evp/e_cbc_d.c		EVP
-./crypto/evp/e_cbc_i.c		EVP
-./crypto/evp/e_cbc_r2.c		EVP
-./crypto/evp/e_cfb_3d.c		EVP
-./crypto/evp/e_cfb_bf.c		EVP
-./crypto/evp/e_cfb_c.c		EVP
-./crypto/evp/e_cfb_d.c		EVP
-./crypto/evp/e_cfb_i.c		EVP
-./crypto/evp/e_cfb_r2.c		EVP
-./crypto/evp/e_dsa.c		EVP
-./crypto/evp/e_ecb_3d.c		EVP
-./crypto/evp/e_ecb_bf.c		EVP
-./crypto/evp/e_ecb_c.c		EVP
-./crypto/evp/e_ecb_d.c		EVP
-./crypto/evp/e_ecb_i.c		EVP
-./crypto/evp/e_ecb_r2.c		EVP
-./crypto/evp/e_null.c		EVP
-./crypto/evp/e_ofb_3d.c		EVP
-./crypto/evp/e_ofb_bf.c		EVP
-./crypto/evp/e_ofb_c.c		EVP
-./crypto/evp/e_ofb_d.c		EVP
-./crypto/evp/e_ofb_i.c		EVP
-./crypto/evp/e_ofb_r2.c		EVP
-./crypto/evp/e_rc4.c		EVP
-./crypto/evp/e_xcbc_d.c		EVP
-./crypto/evp/m_dss.c		EVP
-./crypto/evp/m_dss1.c		EVP
-./crypto/evp/m_md2.c		EVP
-./crypto/evp/m_md5.c		EVP
-./crypto/evp/m_mdc2.c		EVP
-./crypto/evp/m_null.c		EVP
-./crypto/evp/m_sha.c		EVP
-./crypto/evp/m_sha1.c		EVP
-./crypto/evp/names.c		EVP
-./crypto/evp/p_lib.c		EVP
-./crypto/evp/p_open.c		EVP
-./crypto/evp/p_seal.c		EVP
-./crypto/evp/p_sign.c		EVP
-./crypto/evp/p_verify.c		EVP
-
-./crypto/hmac/hmac.c		HMAC
-./crypto/hmac/hmac.h		HMAC
-./crypto/hmac/hmactest.c	HMAC
-
-./crypto/idea/ideatest.c	IDEA
-./crypto/idea/idea_lcl.h	IDEA
-./crypto/idea/idea_spd.c	IDEA
-./crypto/idea/i_cbc.c		IDEA
-./crypto/idea/i_cfb64.c		IDEA
-./crypto/idea/i_ecb.c		IDEA
-./crypto/idea/i_ofb64.c		IDEA
-./crypto/idea/i_skey.c		IDEA
-./crypto/idea/idea.h		IDEA
-
-./crypto/lhash/lhash.c		LHASH
-./crypto/lhash/lhash.h		LHASH
-./crypto/lhash/lh_stats.c	LHASH
-./crypto/lhash/lh_test.c	LHASH
-
-./crypto/md2/md2.c		MD2
-./crypto/md2/md2test.c		MD2
-./crypto/md2/md2_dgst.c		MD2
-./crypto/md2/md2_one.c		MD2
-./crypto/md2/md2.h		MD2
-
-./crypto/md5/md5.c		MD5
-./crypto/md5/md5.h		MD5
-./crypto/md5/md5test.c		MD5
-./crypto/md5/md5_dgst.c		MD5
-./crypto/md5/md5_locl.h		MD5
-./crypto/md5/md5_one.c		MD5
-
-./crypto/mdc2/mdc2.h		MDC2
-./crypto/mdc2/mdc2dgst.c	MDC2
-./crypto/mdc2/mdc2test.c	MDC2
-./crypto/mdc2/mdc2_one.c	MDC2
-
-./crypto/objects/objects.h	OBJ
-./crypto/objects/obj_dat.c	OBJ
-./crypto/objects/obj_dat.h	OBJ
-./crypto/objects/obj_err.c	OBJ
-./crypto/objects/obj_lib.c	OBJ
-
-./crypto/pem/ctx_size.c		PEM
-./crypto/pem/pem.h		PEM
-./crypto/pem/pem_all.c		PEM
-./crypto/pem/pem_err.c		PEM
-./crypto/pem/pem_info.c		PEM
-./crypto/pem/pem_lib.c		PEM
-./crypto/pem/pem_seal.c		PEM
-./crypto/pem/pem_sign.c		PEM
-
-./crypto/pkcs7/pk7_dgst.c	PKCS7
-./crypto/pkcs7/pk7_doit.c	PKCS7
-./crypto/pkcs7/pk7_enc.c	PKCS7
-./crypto/pkcs7/pk7_lib.c	PKCS7
-./crypto/pkcs7/pkcs7.h		PKCS7
-./crypto/pkcs7/pkcs7err.c	PKCS7
-./crypto/pkcs7/sign.c		PKCS7
-
-./crypto/proxy/bf_proxy.c	PROXY
-./crypto/proxy/p2test.c		PROXY
-./crypto/proxy/p3test.c		PROXY
-./crypto/proxy/paccept.c	PROXY
-./crypto/proxy/proxy.c		PROXY
-./crypto/proxy/proxy.h		PROXY
-./crypto/proxy/ptest.c		PROXY
-./crypto/proxy/pxy_conf.c	PROXY
-./crypto/proxy/pxy_err.c	PROXY
-./crypto/proxy/pxy_txt.c	PROXY
-
-./crypto/rand/md_rand.c		RAND
-./crypto/rand/rand.h		RAND
-./crypto/rand/randfile.c	RAND
-./crypto/rand/randtest.c	RAND
-
-./crypto/rc2/rc2cfb64.c		RC2
-./crypto/rc2/rc2ofb64.c		RC2
-./crypto/rc2/rc2speed.c		RC2
-./crypto/rc2/rc2test.c		RC2
-./crypto/rc2/rc2_cbc.c		RC2
-./crypto/rc2/rc2_ecb.c		RC2
-./crypto/rc2/rc2_locl.h		RC2
-./crypto/rc2/rc2_skey.c		RC2
-./crypto/rc2/rc2.h		RC2
-
-./crypto/rc4/rc4.c		RC4
-./crypto/rc4/rc4speed.c		RC4
-./crypto/rc4/rc4test.c		RC4
-./crypto/rc4/rc4_enc.c		RC4
-./crypto/rc4/rc4_skey.c		RC4
-./crypto/rc4/rc4.h		RC4
-./crypto/rc4/rc4_locl.h		RC4
-
-./crypto/rsa/rsa.h		RSA
-./crypto/rsa/rsa_eay.c		RSA
-./crypto/rsa/rsa_err.c		RSA
-./crypto/rsa/rsa_gen.c		RSA
-./crypto/rsa/rsa_lib.c		RSA
-./crypto/rsa/rsa_saos.c		RSA
-./crypto/rsa/rsa_sign.c		RSA
-./crypto/rsa/rsa_ssl.c		RSA
-./crypto/rsa/rsa_pk1.c		RSA
-./crypto/rsa/rsa_none.c		RSA
-
-./crypto/sha/sha.h		SHA
-./crypto/sha/sha_locl.h		SHA
-./crypto/sha/sha.c		SHA0
-./crypto/sha/sha_dgst.c		SHA0
-./crypto/sha/sha_one.c		SHA0
-./crypto/sha/sha_sgst.c		SHA0
-./crypto/sha/shatest.c		SHA0
-./crypto/sha/sha1.c		SHA1
-./crypto/sha/sha1dgst.c		SHA1
-./crypto/sha/sha1_one.c		SHA1
-./crypto/sha/sha1test.c		SHA1
-
-./crypto/stack/stack.c		STACK
-./crypto/stack/stack.h		STACK
-
-./crypto/txt_db/txt_db.c	TXTDB
-./crypto/txt_db/txt_db.h	TXTDB
-
-./crypto/x509/by_dir.c		X509
-./crypto/x509/by_file.c		X509
-./crypto/x509/v3_net.c		X509
-./crypto/x509/v3_x509.c		X509
-./crypto/x509/x509.h		X509
-./crypto/x509/x509name.c	X509
-./crypto/x509/x509pack.c	X509
-./crypto/x509/x509rset.c	X509
-./crypto/x509/x509type.c	X509
-./crypto/x509/x509_cmp.c	X509
-./crypto/x509/x509_d2.c		X509
-./crypto/x509/x509_def.c	X509
-./crypto/x509/x509_err.c	X509
-./crypto/x509/x509_ext.c	X509
-./crypto/x509/x509_lu.c		X509
-./crypto/x509/x509_obj.c	X509
-./crypto/x509/x509_r2x.c	X509
-./crypto/x509/x509_req.c	X509
-./crypto/x509/x509_set.c	X509
-./crypto/x509/x509_txt.c	X509
-./crypto/x509/x509_v3.c		X509
-./crypto/x509/x509_vfy.c	X509
-./crypto/x509/x_all.c		X509
-./crypto/x509/x509_vfy.h	X509
-./crypto/x509v3/v3_ku.c		X509
-./crypto/x509v3/x509v3.h	X509
-
-./crypto/threads/mttest.c	THREADS
-./crypto/threads/th-lock.c	THREADS
-
-./crypto/ripemd/rmdtest.c	RMD160
-./crypto/ripemd/ripemd.h	RMD160
-./crypto/ripemd/rmdconst.h	RMD160
-./crypto/ripemd/rmd_locl.h	RMD160
-./crypto/ripemd/rmd_one.c	RMD160
-./crypto/ripemd/rmd160.c	RMD160
-./crypto/ripemd/rmd_dgst.c	RMD160
-
-./crypto/rc5/rc5_ecb.c		RC5
-./crypto/rc5/rc5cfb64.c		RC5
-./crypto/rc5/rc5ofb64.c		RC5
-./crypto/rc5/rc5speed.c		RC5
-./crypto/rc5/rc5test.c		RC5
-./crypto/rc5/rc5_enc.c		RC5
-./crypto/rc5/rc5.h		RC5
-./crypto/rc5/rc5_locl.h		RC5
-./crypto/rc5/rc5_skey.c		RC5
-
-./ssl/bio_ssl.c			SSL
-./ssl/pxy_ssl.c			SSL
-./ssl/s23_clnt.c		SSL
-./ssl/s23_lib.c			SSL
-./ssl/s23_meth.c		SSL
-./ssl/s23_pkt.c			SSL
-./ssl/s23_srvr.c		SSL
-./ssl/s2_clnt.c			SSL
-./ssl/s2_enc.c			SSL
-./ssl/s2_lib.c			SSL
-./ssl/s2_meth.c			SSL
-./ssl/s2_pkt.c			SSL
-./ssl/s2_srvr.c			SSL
-./ssl/s3_both.c			SSL
-./ssl/s3_clnt.c			SSL
-./ssl/s3_enc.c			SSL
-./ssl/s3_lib.c			SSL
-./ssl/s3_meth.c			SSL
-./ssl/s3_pkt.c			SSL
-./ssl/s3_srvr.c			SSL
-./ssl/ssl.c			SSL
-./ssl/ssl2.h			SSL
-./ssl/ssl23.h			SSL
-./ssl/ssl3.h			SSL
-./ssl/ssl_algs.c		SSL
-./ssl/ssl_asn1.c		SSL
-./ssl/ssl_cert.c		SSL
-./ssl/ssl_ciph.c		SSL
-./ssl/ssl_err.c			SSL
-./ssl/ssl_err2.c		SSL
-./ssl/ssl_lib.c			SSL
-./ssl/ssl_locl.h		SSL
-./ssl/ssl_rsa.c			SSL
-./ssl/ssl_sess.c		SSL
-./ssl/ssl_stat.c		SSL
-./ssl/ssl_task.c		SSL
-./ssl/ssl_txt.c			SSL
-./ssl/tls1.h			SSL
-./ssl/t1_lib.c			SSL
-./ssl/t1_enc.c			SSL
-./ssl/t1_meth.c			SSL
-./ssl/t1_srvr.c			SSL
-./ssl/t1_clnt.c			SSL
-./ssl/ssl.h			SSL
-./ssl/ssltest.c			SSL
-
-./rsaref/rsaref.c		RSAREF
-./rsaref/rsaref.h		RSAREF
-./rsaref/rsar_err.c		RSAREF
-
-./apps/apps.c			APPS
-./apps/apps.h			APPS
-./apps/asn1pars.c		APPS
-./apps/bf_perm.c		APPS
-./apps/bf_perm.h		APPS
-./apps/ca.c			APPS
-./apps/ciphers.c		APPS
-./apps/crl.c			APPS
-./apps/crl2p7.c			APPS
-./apps/dgst.c			APPS
-./apps/dh.c			APPS
-./apps/dsa.c			APPS
-./apps/dsaparam.c		APPS
-./apps/eay.c			APPS
-./apps/enc.c			APPS
-./apps/errstr.c			APPS
-./apps/speed.c			APPS
-./apps/gendh.c			APPS
-./apps/gendsa.c			APPS
-./apps/genrsa.c			APPS
-./apps/mybio_cb.c		APPS
-./apps/pem_mail.c		APPS
-./apps/pkcs7.c			APPS
-./apps/progs.h			APPS
-./apps/req.c			APPS
-./apps/rsa.c			APPS
-./apps/sess_id.c		APPS
-./apps/s_apps.h			APPS
-./apps/s_cb.c			APPS
-./apps/s_client.c		APPS
-./apps/s_server.c		APPS
-./apps/s_socket.c		APPS
-./apps/s_time.c			APPS
-./apps/testdsa.h		APPS
-./apps/testrsa.h		APPS
-./apps/verify.c			APPS
-./apps/version.c		APPS
-./apps/x509.c			APPS
-./apps/ssleay.c			APPS
-./apps/sp.c			APPS
-
-./demos/b64.c			DEMO
-./demos/bio/saccept.c		DEMO
-./demos/bio/sconnect.c		DEMO
-./demos/maurice/example1.c	DEMO
-./demos/maurice/example2.c	DEMO
-./demos/maurice/example3.c	DEMO
-./demos/maurice/example4.c	DEMO
-./demos/maurice/loadkeys.c	DEMO
-./demos/maurice/loadkeys.h	DEMO
-./demos/prime/prime.c		DEMO
-./demos/selfsign.c		DEMO
-./demos/spkigen.c		DEMO
-
diff --git a/dep/gen.pl b/dep/gen.pl
deleted file mode 100644
index 8ab6db5c53..0000000000
--- a/dep/gen.pl
+++ /dev/null
@@ -1,113 +0,0 @@
-#!/usr/local/bin/perl
-
-require 'getopts.pl';
-
-$files="files";
-%have=();
-%missing=();
-%name=();
-%func=();
-
-&Getopts('Ff:');
-
-&load_file("files");
-foreach $file (@ARGV)
-	{ &do_nm($file); }
-
-if (defined($opt_f))
-	{
-	%a=();
-	$r=&list_files($opt_f,"",*a);
-	if ($opt_F)
-		{
-		foreach (sort split(/\n/,$r))
-			{ print "$_\n"; }
-		}
-	else
-		{ print $r; }
-	}
-else
-	{
-	for (sort keys %have)
-		{
-		print "$_:$have{$_}\n";
-		}
-	}
-
-sub list_files
-	{
-	local($f,$o,*done)=@_;
-	local($a,$_,$ff,$ret);
-
-	return if $f =~ /^\s*$/;
-
-	$done{$f}=1;
-	$ret.=$f."\n" if $opt_F;
-	foreach (split(/ /,$have{$f}))
-		{
-		$ret.="$o$f:$_\n" unless $opt_F;
-		}
-
-	foreach (split(/ /,$missing{$f}))
-		{
-		$ff=$func{$_};
-		next if defined($done{$ff});
-		$ret.=&list_files($ff,$o."	");
-		}
-	$ret;
-	}
-
-sub do_nm
-	{
-	local($file)=@_;
-	local($fname)="";
-
-	open(IN,"nm $file|") || die "unable to run 'nm $file|':$!\n";
-	while (<IN>)
-		{
-		chop;
-		next if /^\s*$/;
-		if (/^(.*)\.o:\s*$/)
-			{
-			$fname="$1.c";
-			next;
-			}
-		($type,$name)=/^.{8} (.) (.+)/;
-#		print "$fname $type $name\n";
-
-		if ($type eq "T")
-			{
-			$have{$fname}.="$name ";
-			$func{$name}=$fname;
-			}
-		elsif ($type eq "U")
-			{
-			$missing{$fname}.="$name ";
-			}
-		}
-	close(IN);
-	}
-
-sub load_file
-	{
-	local($file)=@_;
-
-	open(IN,"<$files") || die "unable to open $files:$!\n";
-
-	while (<IN>)
-		{
-		chop;
-		next if /^\s*$/;
-		($n)=/\/([^\/\s]+)\s+/;
-		($fn)=/^(\S+)\s/;
-#		print "$n - $fn\n";
-		if (defined($name{$n}))
-			{ print "$n already exists\n"; }
-		else
-			{ $name{$n}=$fn; }
-		}
-	close(IN);
-	@name=%name;
-	}
-
-
diff --git a/dep/ssl.txt b/dep/ssl.txt
deleted file mode 100644
index 7cd125a0d1..0000000000
--- a/dep/ssl.txt
+++ /dev/null
@@ -1,156 +0,0 @@
-BIO_f_ssl
-BIO_new_buffer_ssl_connect
-BIO_new_ssl
-BIO_new_ssl_connect
-BIO_proxy_ssl_copy_session_id
-BIO_ssl_copy_session_id
-BIO_ssl_shutdown
-ERR_load_SSL_strings
-SSL_CIPHER_description
-SSL_CIPHER_get_bits
-SSL_CIPHER_get_name
-SSL_CIPHER_get_version
-SSL_CTX_add_client_CA
-SSL_CTX_add_session
-SSL_CTX_check_private_key
-SSL_CTX_ctrl
-SSL_CTX_flush_sessions
-SSL_CTX_free
-SSL_CTX_get_client_CA_list
-SSL_CTX_get_ex_data
-SSL_CTX_get_ex_new_index
-SSL_CTX_get_quiet_shutdown
-SSL_CTX_get_verify_callback
-SSL_CTX_get_verify_mode
-SSL_CTX_load_verify_locations
-SSL_CTX_new
-SSL_CTX_remove_session
-SSL_CTX_set_cert_verify_cb
-SSL_CTX_set_cipher_list
-SSL_CTX_set_client_CA_list
-SSL_CTX_set_default_passwd_cb
-SSL_CTX_set_default_verify_paths
-SSL_CTX_set_ex_data
-SSL_CTX_set_quiet_shutdown
-SSL_CTX_set_ssl_version
-SSL_CTX_set_verify
-SSL_CTX_use_PrivateKey
-SSL_CTX_use_PrivateKey_ASN1
-SSL_CTX_use_PrivateKey_file
-SSL_CTX_use_RSAPrivateKey
-SSL_CTX_use_RSAPrivateKey_ASN1
-SSL_CTX_use_RSAPrivateKey_file
-SSL_CTX_use_certificate
-SSL_CTX_use_certificate_ASN1
-SSL_CTX_use_certificate_file
-SSL_SESSION_cmp
-SSL_SESSION_free
-SSL_SESSION_get_ex_data
-SSL_SESSION_get_ex_new_index
-SSL_SESSION_get_time
-SSL_SESSION_get_timeout
-SSL_SESSION_hash
-SSL_SESSION_new
-SSL_SESSION_print
-SSL_SESSION_print_fp
-SSL_SESSION_set_ex_data
-SSL_SESSION_set_time
-SSL_SESSION_set_timeout
-SSL_accept
-SSL_add_client_CA
-SSL_alert_desc_string
-SSL_alert_desc_string_long
-SSL_alert_type_string
-SSL_alert_type_string_long
-SSL_check_private_key
-SSL_clear
-SSL_connect
-SSL_copy_session_id
-SSL_ctrl
-SSL_do_handshake
-SSL_dup
-SSL_dup_CA_list
-SSL_free
-SSL_get_SSL_CTX
-SSL_get_certificate
-SSL_get_cipher_list
-SSL_get_ciphers
-SSL_get_client_CA_list
-SSL_get_current_cipher
-SSL_get_default_timeout
-SSL_get_error
-SSL_get_ex_data
-SSL_get_ex_new_index
-SSL_get_fd
-SSL_get_info_callback
-SSL_get_peer_cert_chain
-SSL_get_peer_certificate
-SSL_get_privatekey
-SSL_get_quiet_shutdown
-SSL_get_rbio
-SSL_get_read_ahead
-SSL_get_session
-SSL_get_shared_ciphers
-SSL_get_shutdown
-SSL_get_ssl_method
-SSL_get_verify_callback
-SSL_get_verify_mode
-SSL_get_verify_result
-SSL_get_version
-SSL_get_wbio
-SSL_load_client_CA_file
-SSL_load_error_strings
-SSL_new
-SSL_peek
-SSL_pending
-SSL_read
-SSL_renegotiate
-SSL_rstate_string
-SSL_rstate_string_long
-SSL_set_accept_state
-SSL_set_bio
-SSL_set_cipher_list
-SSL_set_client_CA_list
-SSL_set_connect_state
-SSL_set_ex_data
-SSL_set_fd
-SSL_set_info_callback
-SSL_set_quiet_shutdown
-SSL_set_read_ahead
-SSL_set_rfd
-SSL_set_session
-SSL_set_shutdown
-SSL_set_ssl_method
-SSL_set_verify
-SSL_set_verify_result
-SSL_set_wfd
-SSL_shutdown
-SSL_state
-SSL_state_string
-SSL_state_string_long
-SSL_use_PrivateKey
-SSL_use_PrivateKey_ASN1
-SSL_use_PrivateKey_file
-SSL_use_RSAPrivateKey
-SSL_use_RSAPrivateKey_ASN1
-SSL_use_RSAPrivateKey_file
-SSL_use_certificate
-SSL_use_certificate_ASN1
-SSL_use_certificate_file
-SSL_version
-SSL_write
-SSLeay_add_ssl_algorithms
-SSLv23_client_method
-SSLv23_method
-SSLv23_server_method
-SSLv2_client_method
-SSLv2_method
-SSLv2_server_method
-SSLv3_client_method
-SSLv3_method
-SSLv3_server_method
-TLSv1_client_method
-TLSv1_method
-TLSv1_server_method
-d2i_SSL_SESSION
-i2d_SSL_SESSION
diff --git a/doc/API.doc b/doc/API.doc
deleted file mode 100644
index fe2820259a..0000000000
--- a/doc/API.doc
+++ /dev/null
@@ -1,24 +0,0 @@
-SSL - SSLv2/v3/v23 etc.
-
-BIO - methods and how they plug together
-
-MEM - memory allocation callback
-
-CRYPTO - locking for threads
-
-EVP - Ciphers/Digests/signatures
-
-RSA - methods
-
-X509 - certificate retrieval
-
-X509 - validation
-
-X509 - X509v3 extensions
-
-Objects - adding object identifiers
-
-ASN.1 - parsing
-
-PEM - parsing
-
diff --git a/doc/HOWTO/certificates.txt b/doc/HOWTO/certificates.txt
new file mode 100644
index 0000000000..88048645db
--- /dev/null
+++ b/doc/HOWTO/certificates.txt
@@ -0,0 +1,85 @@
+<DRAFT!>
+			HOWTO certificates
+
+How you handle certificates depend a great deal on what your role is.
+Your role can be one or several of:
+
+  - User of some client software
+  - User of some server software
+  - Certificate authority
+
+This file is for users who wish to get a certificate of their own.
+Certificate authorities should read ca.txt.
+
+In all the cases shown below, the standard configuration file, as
+compiled into openssl, will be used.  You may find it in /etc/,
+/usr/local/ssr/ or somewhere else.  The name is openssl.cnf, and
+is better described in another HOWTO <config.txt?>.  If you want to
+use a different configuration file, use the argument '-config {file}'
+with the command shown below.
+
+
+Certificates are related to public key cryptography by containing a
+public key.  To be useful, there must be a corresponding private key
+somewhere.  With OpenSSL, public keys are easily derived from private
+keys, so before you create a certificate or a certificate request, you
+need to create a private key.
+
+Private keys are generated with 'openssl genrsa' if you want a RSA
+private key, or 'openssl gendsa' if you want a DSA private key.  More
+info on how to handle these commands are found in the manual pages for
+those commands or by running them with the argument '-h'.  For the
+sake of the description in this file, let's assume that the private
+key ended up in the file privkey.pem (which is the default in some
+cases).
+
+
+Let's start with the most normal way of getting a certificate.  Most
+often, you want or need to get a certificate from a certificate
+authority.  To handle that, the certificate authority needs a
+certificate request (or, as some certificate authorities like to put
+it, "certificate signing request", since that's exactly what they do,
+they sign it and give you the result back, thus making it authentic
+according to their policies) from you.  To generate a request, use the
+command 'openssl req' like this:
+
+  openssl req -new -key privkey.pem -out cert.csr
+
+Now, cert.csr can be sent to the certificate authority, if they can
+handle files in PEM format.  If not, use the extra argument '-outform'
+followed by the keyword for the format to use (see another HOWTO
+<formats.txt?>).  In some cases, that isn't sufficient and you will
+have to be more creative.
+
+When the certificate authority has then done the checks the need to
+do (and probably gotten payment from you), they will hand over your
+new certificate to you.
+
+
+[fill in on how to create a self-signed certificate]
+
+
+If you created everything yourself, or if the certificate authority
+was kind enough, your certificate is a raw DER thing in PEM format.
+Your key most definitely is if you have followed the examples above.
+However, some (most?) certificate authorities will encode them with
+things like PKCS7 or PKCS12, or something else.  Depending on your
+applications, this may be perfectly OK, it all depends on what they
+know how to decode.  If not, There are a number of OpenSSL tools to
+convert between some (most?) formats.
+
+So, depending on your application, you may have to convert your
+certificate and your key to various formats, most often also putting
+them together into one file.  The ways to do this is described in
+another HOWTO <formats.txt?>, I will just mention the simplest case.
+In the case of a raw DER thing in PEM format, and assuming that's all
+right for yor applications, simply concatenating the certificate and
+the key into a new file and using that one should be enough.  With
+some applications, you don't even have to do that.
+
+
+By now, you have your cetificate and your private key and can start
+using the software that depend on it.
+
+-- 
+Richard Levitte
diff --git a/doc/README b/doc/README
new file mode 100644
index 0000000000..6ecc14d994
--- /dev/null
+++ b/doc/README
@@ -0,0 +1,12 @@
+
+ apps/openssl.pod .... Documentation of OpenSSL `openssl' command
+ crypto/crypto.pod ... Documentation of OpenSSL crypto.h+libcrypto.a
+ ssl/ssl.pod ......... Documentation of OpenSSL ssl.h+libssl.a
+ openssl.txt ......... Assembled documentation files for OpenSSL [not final]
+ ssleay.txt .......... Assembled documentation of ancestor SSLeay [obsolete]
+ standards.txt ....... Assembled pointers to standards, RFCs or internet drafts
+                       that are related to OpenSSL.
+
+ An archive of HTML documents for the SSLeay library is available from
+ http://www.columbia.edu/~ariel/ssleay/
+
diff --git a/doc/a_verify.doc b/doc/a_verify.doc
deleted file mode 100644
index 06eec17c2b..0000000000
--- a/doc/a_verify.doc
+++ /dev/null
@@ -1,85 +0,0 @@
-From eay@mincom.com Fri Oct  4 18:29:06 1996
-Received: by orb.mincom.oz.au id AA29080
-  (5.65c/IDA-1.4.4 for eay); Fri, 4 Oct 1996 08:29:07 +1000
-Date: Fri, 4 Oct 1996 08:29:06 +1000 (EST)
-From: Eric Young <eay@mincom.oz.au>
-X-Sender: eay@orb
-To: wplatzer <wplatzer@iaik.tu-graz.ac.at>
-Cc: Eric Young <eay@mincom.oz.au>, SSL Mailing List <ssl-users@mincom.com>
-Subject: Re: Netscape's Public Key
-In-Reply-To: <19961003134837.NTM0049@iaik.tu-graz.ac.at>
-Message-Id: <Pine.SOL.3.91.961004081346.8018K-100000@orb>
-Mime-Version: 1.0
-Content-Type: TEXT/PLAIN; charset=US-ASCII
-Status: RO
-X-Status: 
-
-On Thu, 3 Oct 1996, wplatzer wrote:
-> I get Public Key from Netscape (Gold 3.0b4), but cannot do anything
-> with it... It looks like (asn1parse):
-> 
-> 0:d=0 hl=3 l=180 cons: SEQUENCE
-> 3:d=1 hl=2 l= 96 cons: SEQUENCE
-> 5:d=2 hl=2 l= 92 cons: SEQUENCE
-> 7:d=3 hl=2 l= 13 cons: SEQUENCE
-> 9:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
-> 20:d=4 hl=2 l= 0 prim: NULL
-> 22:d=3 hl=2 l= 75 prim: BIT STRING
-> 99:d=2 hl=2 l= 0 prim: IA5STRING :
-> 101:d=1 hl=2 l= 13 cons: SEQUENCE
-> 103:d=2 hl=2 l= 9 prim: OBJECT :md5withRSAEncryption
-> 114:d=2 hl=2 l= 0 prim: NULL
-> 116:d=1 hl=2 l= 65 prim: BIT STRING
-> 
-> The first BIT STRING is the public key and the second BIT STRING is 
-> the signature.
-> But a public key consists of the public exponent and the modulus. Are 
-> both numbers in the first BIT STRING?
-> Is there a document simply describing this coding stuff (checking 
-> signature, get the public key, etc.)?
-
-Minimal in SSLeay.  If you want to see what the modulus and exponent are,
-try asn1parse -offset 25 -length 75 <key.pem
-asn1parse will currently stuff up on the 'length 75' part (fixed in next 
-release) but it will print the stuff.  If you are after more 
-documentation on ASN.1, have a look at www.rsa.com and get their PKCS 
-documents, most of my initial work on SSLeay was done using them.
-
-As for SSLeay,
-util/crypto.num and util/ssl.num are lists of all exported functions in 
-the library (but not macros :-(.
-
-The ones for extracting public keys from certificates and certificate 
-requests are EVP_PKEY *      X509_REQ_extract_key(X509_REQ *req);
-EVP_PKEY *      X509_extract_key(X509 *x509);
-
-To verify a signature on a signed ASN.1 object
-int X509_verify(X509 *a,EVP_PKEY *key);
-int X509_REQ_verify(X509_REQ *a,EVP_PKEY *key);
-int X509_CRL_verify(X509_CRL *a,EVP_PKEY *key);
-int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a,EVP_PKEY *key);
-
-I should mention that EVP_PKEY can be used to hold a public or a private key,
-since for  things like RSA and DSS, a public key is just a subset of what 
-is stored for the private key.
-
-To sign any of the above structures
-
-int X509_sign(X509 *a,EVP_PKEY *key,EVP_MD *md);
-int X509_REQ_sign(X509_REQ *a,EVP_PKEY *key,EVP_MD *md);
-int X509_CRL_sign(X509_CRL *a,EVP_PKEY *key,EVP_MD *md);
-int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *a,EVP_PKEY *key,EVP_MD *md);
-
-where md is the message digest to sign with.
-
-There are all defined in x509.h and all the _sign and _verify functions are
-actually macros to the ASN1_sign() and ASN1_verify() functions.
-These functions will put the correct algorithm identifiers in the correct 
-places in the structures.
-
-eric
---
-Eric Young                  | BOOL is tri-state according to Bill Gates.
-AARNet: eay@mincom.oz.au    | RTFM Win32 GetMessage().
-
-
diff --git a/doc/apps.doc b/doc/apps.doc
deleted file mode 100644
index a2a4e0de72..0000000000
--- a/doc/apps.doc
+++ /dev/null
@@ -1,53 +0,0 @@
-The applications
-
-Ok, where to begin....
-In the begining, when SSLeay was small (April 1995), there
-were but few applications, they did happily cohabit in
-the one bin directory.  Then over time, they did multiply and grow,
-and they started to look like microsoft software; 500k to print 'hello world'.
-A new approach was needed.  They were coalessed into one 'Monolithic'
-application, ssleay.  This one program is composed of many programs that
-can all be compiled independantly.
-
-ssleay has 3 modes of operation.
-1) If the ssleay binaray has the name of one of its component programs, it
-executes that program and then exits.  This can be achieve by using hard or
-symbolic links, or failing that, just renaming the binary.
-2) If the first argument to ssleay is the name of one of the component
-programs, that program runs that program and then exits.
-3) If there are no arguments, ssleay enters a 'command' mode.  Each line is
-interpreted as a program name plus arguments.  After each 'program' is run,
-ssleay returns to the comand line.
-
-dgst	- message digests
-enc	- encryption and base64 encoding
-
-ans1parse - 'pulls' appart ASN.1 encoded objects like certificates.
-
-dh	- Diffle-Hellman parameter manipulation.
-rsa	- RSA manipulations.
-crl	- Certificate revokion list manipulations
-x509	- X509 cert fiddles, including signing.
-pkcs7	- pkcs7 manipulation, only DER versions right now.
-
-genrsa	- generate an RSA private key.
-gendh	- Generate a set of Diffle-Hellman parameters.
-req	- Generate a PKCS#10 object, a certificate request.
-
-s_client - SSL client program
-s_server - SSL server program
-s_time	 - A SSL protocol timing program
-s_mult	 - Another SSL server, but it multiplexes
-	   connections.
-s_filter - under development
-
-errstr	- Convert SSLeay error numbers to strings.
-ca	- Sign certificate requests, and generate
-	  certificate revokion lists
-crl2pkcs7 - put a crl and certifcates into a pkcs7 object.
-speed	- Benchmark the ciphers.
-verify	- Check certificates
-hashdir - under development
-
-[ there a now a few more options, play with the program to see what they
-  are ]
diff --git a/doc/apps/CA.pl.pod b/doc/apps/CA.pl.pod
new file mode 100644
index 0000000000..58e0f52001
--- /dev/null
+++ b/doc/apps/CA.pl.pod
@@ -0,0 +1,179 @@
+
+=pod
+
+=head1 NAME
+
+CA.pl - friendlier interface for OpenSSL certificate programs
+
+=head1 SYNOPSIS
+
+B<CA.pl>
+[B<-?>]
+[B<-h>]
+[B<-help>]
+[B<-newcert>]
+[B<-newreq>]
+[B<-newreq-nodes>]
+[B<-newca>]
+[B<-xsign>]
+[B<-sign>]
+[B<-signreq>]
+[B<-signcert>]
+[B<-verify>]
+[B<files>]
+
+=head1 DESCRIPTION
+
+The B<CA.pl> script is a perl script that supplies the relevant command line
+arguments to the B<openssl> command for some common certificate operations.
+It is intended to simplify the process of certificate creation and management
+by the use of some simple options.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<?>, B<-h>, B<-help>
+
+prints a usage message.
+
+=item B<-newcert>
+
+creates a new self signed certificate. The private key and certificate are
+written to the file "newreq.pem".
+
+=item B<-newreq>
+
+creates a new certificate request. The private key and request are
+written to the file "newreq.pem".
+
+=item B<-newreq-nowdes>
+
+is like B<-newreq> except that the private key will not be encrypted.
+
+=item B<-newca>
+
+creates a new CA hierarchy for use with the B<ca> program (or the B<-signcert>
+and B<-xsign> options). The user is prompted to enter the filename of the CA
+certificates (which should also contain the private key) or by hitting ENTER
+details of the CA will be prompted for. The relevant files and directories
+are created in a directory called "demoCA" in the current directory.
+
+=item B<-pkcs12>
+
+create a PKCS#12 file containing the user certificate, private key and CA
+certificate. It expects the user certificate and private key to be in the
+file "newcert.pem" and the CA certificate to be in the file demoCA/cacert.pem,
+it creates a file "newcert.p12". This command can thus be called after the
+B<-sign> option. The PKCS#12 file can be imported directly into a browser.
+If there is an additional argument on the command line it will be used as the
+"friendly name" for the certificate (which is typically displayed in the browser
+list box), otherwise the name "My Certificate" is used.
+
+=item B<-sign>, B<-signreq>, B<-xsign>
+
+calls the B<ca> program to sign a certificate request. It expects the request
+to be in the file "newreq.pem". The new certificate is written to the file
+"newcert.pem" except in the case of the B<-xsign> option when it is written
+to standard output.
+
+
+=item B<-signCA>
+
+this option is the same as the B<-signreq> option except it uses the configuration
+file section B<v3_ca> and so makes the signed request a valid CA certificate. This
+is useful when creating intermediate CA from a root CA.
+
+=item B<-signcert>
+
+this option is the same as B<-sign> except it expects a self signed certificate
+to be present in the file "newreq.pem".
+
+=item B<-verify>
+
+verifies certificates against the CA certificate for "demoCA". If no certificates
+are specified on the command line it tries to verify the file "newcert.pem". 
+
+=item B<files>
+
+one or more optional certificate file names for use with the B<-verify> command.
+
+=back
+
+=head1 EXAMPLES
+
+Create a CA hierarchy:
+
+ CA.pl -newca
+
+Complete certificate creation example: create a CA, create a request, sign
+the request and finally create a PKCS#12 file containing it.
+
+ CA.pl -newca
+ CA.pl -newreq
+ CA.pl -signreq
+ CA.pl -pkcs12 "My Test Certificate"
+
+=head1 DSA CERTIFICATES
+
+Although the B<CA.pl> creates RSA CAs and requests it is still possible to
+use it with DSA certificates and requests using the L<req(1)|req(1)> command
+directly. The following example shows the steps that would typically be taken.
+
+Create some DSA parameters:
+
+ openssl dsaparam -out dsap.pem 1024
+
+Create a DSA CA certificate and private key:
+
+ openssl req -x509 -newkey dsa:dsap.pem -keyout cacert.pem -out cacert.pem
+
+Create the CA directories and files:
+
+ CA.pl -newca
+
+enter cacert.pem when prompted for the CA file name.
+
+Create a DSA certificate request and private key (a different set of parameters
+can optionally be created first):
+
+ openssl req -out newreq.pem -newkey dsa:dsap.pem 
+
+Sign the request:
+
+ CA.pl -signreq
+
+=head1 NOTES
+
+Most of the filenames mentioned can be modified by editing the B<CA.pl> script.
+
+If the demoCA directory already exists then the B<-newca> command will not
+overwrite it and will do nothing. This can happen if a previous call using
+the B<-newca> option terminated abnormally. To get the correct behaviour
+delete the demoCA directory if it already exists.
+
+Under some environments it may not be possible to run the B<CA.pl> script
+directly (for example Win32) and the default configuration file location may
+be wrong. In this case the command:
+
+ perl -S CA.pl
+
+can be used and the B<OPENSSL_CONF> environment variable changed to point to 
+the correct path of the configuration file "openssl.cnf".
+
+The script is intended as a simple front end for the B<openssl> program for use
+by a beginner. Its behaviour isn't always what is wanted. For more control over the
+behaviour of the certificate commands call the B<openssl> command directly.
+
+=head1 ENVIRONMENT VARIABLES
+
+The variable B<OPENSSL_CONF> if defined allows an alternative configuration
+file location to be specified, it should contain the full path to the
+configuration file, not just its directory.
+
+=head1 SEE ALSO
+
+L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<req(1)|req(1)>, L<pkcs12(1)|pkcs12(1)>,
+L<config(5)|config(5)>
+
+=cut
diff --git a/doc/apps/asn1parse.pod b/doc/apps/asn1parse.pod
new file mode 100644
index 0000000000..e3462aabf1
--- /dev/null
+++ b/doc/apps/asn1parse.pod
@@ -0,0 +1,171 @@
+=pod
+
+=head1 NAME
+
+asn1parse - ASN.1 parsing tool
+
+=head1 SYNOPSIS
+
+B<openssl> B<asn1parse>
+[B<-inform PEM|DER>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-noout>]
+[B<-offset number>]
+[B<-length number>]
+[B<-i>]
+[B<-oid filename>]
+[B<-strparse offset>]
+[B<-genstr string>]
+[B<-genconf file>]
+
+=head1 DESCRIPTION
+
+The B<asn1parse> command is a diagnostic utility that can parse ASN.1
+structures. It can also be used to extract data from ASN.1 formatted data.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-inform> B<DER|PEM>
+
+the input format. B<DER> is binary format and B<PEM> (the default) is base64
+encoded.
+
+=item B<-in filename>
+
+the input file, default is standard input
+
+=item B<-out filename>
+
+output file to place the DER encoded data into. If this
+option is not present then no data will be output. This is most useful when
+combined with the B<-strparse> option.
+
+=item B<-noout>
+
+don't output the parsed version of the input file.
+
+=item B<-offset number>
+
+starting offset to begin parsing, default is start of file.
+
+=item B<-length number>
+
+number of bytes to parse, default is until end of file.
+
+=item B<-i>
+
+indents the output according to the "depth" of the structures.
+
+=item B<-oid filename>
+
+a file containing additional OBJECT IDENTIFIERs (OIDs). The format of this
+file is described in the NOTES section below.
+
+=item B<-strparse offset>
+
+parse the contents octets of the ASN.1 object starting at B<offset>. This
+option can be used multiple times to "drill down" into a nested structure.
+
+=item B<-genstr string>, B<-genconf file>
+
+generate encoded data based on B<string>, B<file> or both using
+ASN1_generate_nconf() format. If B<file> only is present then the string
+is obtained from the default section using the name B<asn1>. The encoded
+data is passed through the ASN1 parser and printed out as though it came
+from a file, the contents can thus be examined and written to a file
+using the B<out> option. 
+
+=back
+
+=head2 OUTPUT
+
+The output will typically contain lines like this:
+
+  0:d=0  hl=4 l= 681 cons: SEQUENCE          
+
+.....
+
+  229:d=3  hl=3 l= 141 prim: BIT STRING        
+  373:d=2  hl=3 l= 162 cons: cont [ 3 ]        
+  376:d=3  hl=3 l= 159 cons: SEQUENCE          
+  379:d=4  hl=2 l=  29 cons: SEQUENCE          
+  381:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Subject Key Identifier
+  386:d=5  hl=2 l=  22 prim: OCTET STRING      
+  410:d=4  hl=2 l= 112 cons: SEQUENCE          
+  412:d=5  hl=2 l=   3 prim: OBJECT            :X509v3 Authority Key Identifier
+  417:d=5  hl=2 l= 105 prim: OCTET STRING      
+  524:d=4  hl=2 l=  12 cons: SEQUENCE          
+
+.....
+
+This example is part of a self signed certificate. Each line starts with the
+offset in decimal. B<d=XX> specifies the current depth. The depth is increased
+within the scope of any SET or SEQUENCE. B<hl=XX> gives the header length
+(tag and length octets) of the current type. B<l=XX> gives the length of
+the contents octets.
+
+The B<-i> option can be used to make the output more readable.
+
+Some knowledge of the ASN.1 structure is needed to interpret the output. 
+
+In this example the BIT STRING at offset 229 is the certificate public key.
+The contents octets of this will contain the public key information. This can
+be examined using the option B<-strparse 229> to yield:
+
+    0:d=0  hl=3 l= 137 cons: SEQUENCE          
+    3:d=1  hl=3 l= 129 prim: INTEGER           :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897
+  135:d=1  hl=2 l=   3 prim: INTEGER           :010001
+
+=head1 NOTES
+
+If an OID is not part of OpenSSL's internal table it will be represented in
+numerical form (for example 1.2.3.4). The file passed to the B<-oid> option 
+allows additional OIDs to be included. Each line consists of three columns,
+the first column is the OID in numerical format and should be followed by white
+space. The second column is the "short name" which is a single word followed
+by white space. The final column is the rest of the line and is the
+"long name". B<asn1parse> displays the long name. Example:
+
+C<1.2.3.4	shortName	A long name>
+
+=head1 EXAMPLES
+
+Parse a file:
+
+ openssl asn1parse -in file.pem
+
+Parse a DER file:
+
+ openssl asn1parse -inform DER -in file.der
+
+Generate a simple UTF8String:
+
+ openssl asn1parse -genstr 'UTF8:Hello World'
+
+Generate and write out a UTF8String, don't print parsed output:
+
+ openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der
+
+Generate using a config file:
+
+ openssl asn1parse -genconf asn1.cnf -noout -out asn1.der
+
+Example config file:
+
+ asn1=SEQUENCE:seq_sect
+
+ [seq_sect]
+
+ field1=BOOL:TRUE
+ field2=EXP:0, UTF8:some random string
+
+
+=head1 BUGS
+
+There should be options to change the format of input lines. The output of some
+ASN.1 types is not well handled (if at all).
+
+=cut
diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod
new file mode 100644
index 0000000000..183cd475c8
--- /dev/null
+++ b/doc/apps/ca.pod
@@ -0,0 +1,621 @@
+
+=pod
+
+=head1 NAME
+
+ca - sample minimal CA application
+
+=head1 SYNOPSIS
+
+B<openssl> B<ca>
+[B<-verbose>]
+[B<-config filename>]
+[B<-name section>]
+[B<-gencrl>]
+[B<-revoke file>]
+[B<-crl_reason reason>]
+[B<-crl_hold instruction>]
+[B<-crl_compromise time>]
+[B<-crl_CA_compromise time>]
+[B<-subj arg>]
+[B<-crldays days>]
+[B<-crlhours hours>]
+[B<-crlexts section>]
+[B<-startdate date>]
+[B<-enddate date>]
+[B<-days arg>]
+[B<-md arg>]
+[B<-policy arg>]
+[B<-keyfile arg>]
+[B<-key arg>]
+[B<-passin arg>]
+[B<-cert file>]
+[B<-in file>]
+[B<-out file>]
+[B<-notext>]
+[B<-outdir dir>]
+[B<-infiles>]
+[B<-spkac file>]
+[B<-ss_cert file>]
+[B<-preserveDN>]
+[B<-noemailDN>]
+[B<-batch>]
+[B<-msie_hack>]
+[B<-extensions section>]
+[B<-extfile section>]
+
+=head1 DESCRIPTION
+
+The B<ca> command is a minimal CA application. It can be used
+to sign certificate requests in a variety of forms and generate
+CRLs it also maintains a text database of issued certificates
+and their status.
+
+The options descriptions will be divided into each purpose.
+
+=head1 CA OPTIONS
+
+=over 4
+
+=item B<-config filename>
+
+specifies the configuration file to use.
+
+=item B<-name section>
+
+specifies the configuration file section to use (overrides
+B<default_ca> in the B<ca> section).
+
+=item B<-in filename>
+
+an input filename containing a single certificate request to be
+signed by the CA.
+
+=item B<-ss_cert filename>
+
+a single self signed certificate to be signed by the CA.
+
+=item B<-spkac filename>
+
+a file containing a single Netscape signed public key and challenge
+and additional field values to be signed by the CA. See the B<SPKAC FORMAT>
+section for information on the required format.
+
+=item B<-infiles>
+
+if present this should be the last option, all subsequent arguments
+are assumed to the the names of files containing certificate requests. 
+
+=item B<-out filename>
+
+the output file to output certificates to. The default is standard
+output. The certificate details will also be printed out to this
+file.
+
+=item B<-outdir directory>
+
+the directory to output certificates to. The certificate will be
+written to a filename consisting of the serial number in hex with
+".pem" appended.
+
+=item B<-cert>
+
+the CA certificate file.
+
+=item B<-keyfile filename>
+
+the private key to sign requests with.
+
+=item B<-key password>
+
+the password used to encrypt the private key. Since on some
+systems the command line arguments are visible (e.g. Unix with
+the 'ps' utility) this option should be used with caution.
+
+=item B<-passin arg>
+
+the key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-verbose>
+
+this prints extra details about the operations being performed.
+
+=item B<-notext>
+
+don't output the text form of a certificate to the output file.
+
+=item B<-startdate date>
+
+this allows the start date to be explicitly set. The format of the
+date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure).
+
+=item B<-enddate date>
+
+this allows the expiry date to be explicitly set. The format of the
+date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure).
+
+=item B<-days arg>
+
+the number of days to certify the certificate for.
+
+=item B<-md alg>
+
+the message digest to use. Possible values include md5, sha1 and mdc2.
+This option also applies to CRLs.
+
+=item B<-policy arg>
+
+this option defines the CA "policy" to use. This is a section in
+the configuration file which decides which fields should be mandatory
+or match the CA certificate. Check out the B<POLICY FORMAT> section
+for more information.
+
+=item B<-msie_hack>
+
+this is a legacy option to make B<ca> work with very old versions of
+the IE certificate enrollment control "certenr3". It used UniversalStrings
+for almost everything. Since the old control has various security bugs
+its use is strongly discouraged. The newer control "Xenroll" does not
+need this option.
+
+=item B<-preserveDN>
+
+Normally the DN order of a certificate is the same as the order of the
+fields in the relevant policy section. When this option is set the order 
+is the same as the request. This is largely for compatibility with the
+older IE enrollment control which would only accept certificates if their
+DNs match the order of the request. This is not needed for Xenroll.
+
+=item B<-noemailDN>
+
+The DN of a certificate can contain the EMAIL field if present in the
+request DN, however it is good policy just having the e-mail set into
+the altName extension of the certificate. When this option is set the
+EMAIL field is removed from the certificate' subject and set only in
+the, eventually present, extensions. The B<email_in_dn> keyword can be
+used in the configuration file to enable this behaviour.
+
+=item B<-batch>
+
+this sets the batch mode. In this mode no questions will be asked
+and all certificates will be certified automatically.
+
+=item B<-extensions section>
+
+the section of the configuration file containing certificate extensions
+to be added when a certificate is issued (defaults to B<x509_extensions>
+unless the B<-extfile> option is used). If no extension section is
+present then, a V1 certificate is created. If the extension section
+is present (even if it is empty), then a V3 certificate is created.
+
+=item B<-extfile file>
+
+an additional configuration file to read certificate extensions from
+(using the default section unless the B<-extensions> option is also
+used).
+
+=back
+
+=head1 CRL OPTIONS
+
+=over 4
+
+=item B<-gencrl>
+
+this option generates a CRL based on information in the index file.
+
+=item B<-crldays num>
+
+the number of days before the next CRL is due. That is the days from
+now to place in the CRL nextUpdate field.
+
+=item B<-crlhours num>
+
+the number of hours before the next CRL is due.
+
+=item B<-revoke filename>
+
+a filename containing a certificate to revoke.
+
+=item B<-crl_reason reason>
+
+revocation reason, where B<reason> is one of: B<unspecified>, B<keyCompromise>,
+B<CACompromise>, B<affiliationChanged>, B<superseded>, B<cessationOfOperation>,
+B<certificateHold> or B<removeFromCRL>. The matching of B<reason> is case
+insensitive. Setting any revocation reason will make the CRL v2.
+
+In practive B<removeFromCRL> is not particularly useful because it is only used
+in delta CRLs which are not currently implemented.
+
+=item B<-crl_hold instruction>
+
+This sets the CRL revocation reason code to B<certificateHold> and the hold
+instruction to B<instruction> which must be an OID. Although any OID can be
+used only B<holdInstructionNone> (the use of which is discouraged by RFC2459)
+B<holdInstructionCallIssuer> or B<holdInstructionReject> will normally be used.
+
+=item B<-crl_compromise time>
+
+This sets the revocation reason to B<keyCompromise> and the compromise time to
+B<time>. B<time> should be in GeneralizedTime format that is B<YYYYMMDDHHMMSSZ>.
+
+=item B<-crl_CA_compromise time>
+
+This is the same as B<crl_compromise> except the revocation reason is set to
+B<CACompromise>.
+
+=item B<-subj arg>
+
+supersedes subject name given in the request.
+The arg must be formatted as I</type0=value0/type1=value1/type2=...>,
+characters may be escaped by \ (backslash), no spaces are skipped.
+
+=item B<-crlexts section>
+
+the section of the configuration file containing CRL extensions to
+include. If no CRL extension section is present then a V1 CRL is
+created, if the CRL extension section is present (even if it is
+empty) then a V2 CRL is created. The CRL extensions specified are
+CRL extensions and B<not> CRL entry extensions.  It should be noted
+that some software (for example Netscape) can't handle V2 CRLs. 
+
+=back
+
+=head1 CONFIGURATION FILE OPTIONS
+
+The section of the configuration file containing options for B<ca>
+is found as follows: If the B<-name> command line option is used,
+then it names the section to be used. Otherwise the section to
+be used must be named in the B<default_ca> option of the B<ca> section
+of the configuration file (or in the default section of the
+configuration file). Besides B<default_ca>, the following options are
+read directly from the B<ca> section:
+ RANDFILE
+ preserve
+ msie_hack
+With the exception of B<RANDFILE>, this is probably a bug and may
+change in future releases.
+
+Many of the configuration file options are identical to command line
+options. Where the option is present in the configuration file
+and the command line the command line value is used. Where an
+option is described as mandatory then it must be present in
+the configuration file or the command line equivalent (if
+any) used.
+
+=over 4
+
+=item B<oid_file>
+
+This specifies a file containing additional B<OBJECT IDENTIFIERS>.
+Each line of the file should consist of the numerical form of the
+object identifier followed by white space then the short name followed
+by white space and finally the long name. 
+
+=item B<oid_section>
+
+This specifies a section in the configuration file containing extra
+object identifiers. Each line should consist of the short name of the
+object identifier followed by B<=> and the numerical form. The short
+and long names are the same when this option is used.
+
+=item B<new_certs_dir>
+
+the same as the B<-outdir> command line option. It specifies
+the directory where new certificates will be placed. Mandatory.
+
+=item B<certificate>
+
+the same as B<-cert>. It gives the file containing the CA
+certificate. Mandatory.
+
+=item B<private_key>
+
+same as the B<-keyfile> option. The file containing the
+CA private key. Mandatory.
+
+=item B<RANDFILE>
+
+a file used to read and write random number seed information, or
+an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+
+=item B<default_days>
+
+the same as the B<-days> option. The number of days to certify
+a certificate for. 
+
+=item B<default_startdate>
+
+the same as the B<-startdate> option. The start date to certify
+a certificate for. If not set the current time is used.
+
+=item B<default_enddate>
+
+the same as the B<-enddate> option. Either this option or
+B<default_days> (or the command line equivalents) must be
+present.
+
+=item B<default_crl_hours default_crl_days>
+
+the same as the B<-crlhours> and the B<-crldays> options. These
+will only be used if neither command line option is present. At
+least one of these must be present to generate a CRL.
+
+=item B<default_md>
+
+the same as the B<-md> option. The message digest to use. Mandatory.
+
+=item B<database>
+
+the text database file to use. Mandatory. This file must be present
+though initially it will be empty.
+
+=item B<serialfile>
+
+a text file containing the next serial number to use in hex. Mandatory.
+This file must be present and contain a valid serial number.
+
+=item B<x509_extensions>
+
+the same as B<-extensions>.
+
+=item B<crl_extensions>
+
+the same as B<-crlexts>.
+
+=item B<preserve>
+
+the same as B<-preserveDN>
+
+=item B<email_in_dn>
+
+the same as B<-noemailDN>. If you want the EMAIL field to be removed
+from the DN of the certificate simply set this to 'no'. If not present
+the default is to allow for the EMAIL filed in the certificate's DN.
+
+=item B<msie_hack>
+
+the same as B<-msie_hack>
+
+=item B<policy>
+
+the same as B<-policy>. Mandatory. See the B<POLICY FORMAT> section
+for more information.
+
+=item B<nameopt>, B<certopt>
+
+these options allow the format used to display the certificate details
+when asking the user to confirm signing. All the options supported by
+the B<x509> utilities B<-nameopt> and B<-certopt> switches can be used
+here, except the B<no_signame> and B<no_sigdump> are permanently set
+and cannot be disabled (this is because the certificate signature cannot
+be displayed because the certificate has not been signed at this point).
+
+For convenience the values B<default_ca> are accepted by both to produce
+a reasonable output.
+
+If neither option is present the format used in earlier versions of
+OpenSSL is used. Use of the old format is B<strongly> discouraged because
+it only displays fields mentioned in the B<policy> section, mishandles
+multicharacter string types and does not display extensions.
+
+=item B<copy_extensions>
+
+determines how extensions in certificate requests should be handled.
+If set to B<none> or this option is not present then extensions are
+ignored and not copied to the certificate. If set to B<copy> then any
+extensions present in the request that are not already present are copied
+to the certificate. If set to B<copyall> then all extensions in the
+request are copied to the certificate: if the extension is already present
+in the certificate it is deleted first. See the B<WARNINGS> section before
+using this option.
+
+The main use of this option is to allow a certificate request to supply
+values for certain extensions such as subjectAltName.
+
+=back
+
+=head1 POLICY FORMAT
+
+The policy section consists of a set of variables corresponding to
+certificate DN fields. If the value is "match" then the field value
+must match the same field in the CA certificate. If the value is
+"supplied" then it must be present. If the value is "optional" then
+it may be present. Any fields not mentioned in the policy section
+are silently deleted, unless the B<-preserveDN> option is set but
+this can be regarded more of a quirk than intended behaviour.
+
+=head1 SPKAC FORMAT
+
+The input to the B<-spkac> command line option is a Netscape
+signed public key and challenge. This will usually come from
+the B<KEYGEN> tag in an HTML form to create a new private key. 
+It is however possible to create SPKACs using the B<spkac> utility.
+
+The file should contain the variable SPKAC set to the value of
+the SPKAC and also the required DN components as name value pairs.
+If you need to include the same component twice then it can be
+preceded by a number and a '.'.
+
+=head1 EXAMPLES
+
+Note: these examples assume that the B<ca> directory structure is
+already set up and the relevant files already exist. This usually
+involves creating a CA certificate and private key with B<req>, a
+serial number file and an empty index file and placing them in
+the relevant directories.
+
+To use the sample configuration file below the directories demoCA,
+demoCA/private and demoCA/newcerts would be created. The CA
+certificate would be copied to demoCA/cacert.pem and its private
+key to demoCA/private/cakey.pem. A file demoCA/serial would be
+created containing for example "01" and the empty index file
+demoCA/index.txt.
+
+
+Sign a certificate request:
+
+ openssl ca -in req.pem -out newcert.pem
+
+Sign a certificate request, using CA extensions:
+
+ openssl ca -in req.pem -extensions v3_ca -out newcert.pem
+
+Generate a CRL
+
+ openssl ca -gencrl -out crl.pem
+
+Sign several requests:
+
+ openssl ca -infiles req1.pem req2.pem req3.pem
+
+Certify a Netscape SPKAC:
+
+ openssl ca -spkac spkac.txt
+
+A sample SPKAC file (the SPKAC line has been truncated for clarity):
+
+ SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5
+ CN=Steve Test
+ emailAddress=steve@openssl.org
+ 0.OU=OpenSSL Group
+ 1.OU=Another Group
+
+A sample configuration file with the relevant sections for B<ca>:
+
+ [ ca ]
+ default_ca      = CA_default            # The default ca section
+ 
+ [ CA_default ]
+
+ dir            = ./demoCA              # top dir
+ database       = $dir/index.txt        # index file.
+ new_certs_dir	= $dir/newcerts         # new certs dir
+ 
+ certificate    = $dir/cacert.pem       # The CA cert
+ serial         = $dir/serial           # serial no file
+ private_key    = $dir/private/cakey.pem# CA private key
+ RANDFILE       = $dir/private/.rand    # random number file
+ 
+ default_days   = 365                   # how long to certify for
+ default_crl_days= 30                   # how long before next CRL
+ default_md     = md5                   # md to use
+
+ policy         = policy_any            # default policy
+ email_in_dn    = no                    # Don't add the email into cert DN
+
+ nameopt	= default_ca		# Subject name display option
+ certopt	= default_ca		# Certificate display option
+ copy_extensions = none			# Don't copy extensions from request
+
+ [ policy_any ]
+ countryName            = supplied
+ stateOrProvinceName    = optional
+ organizationName       = optional
+ organizationalUnitName = optional
+ commonName             = supplied
+ emailAddress           = optional
+
+=head1 FILES
+
+Note: the location of all files can change either by compile time options,
+configuration file entries, environment variables or command line options.
+The values below reflect the default values.
+
+ /usr/local/ssl/lib/openssl.cnf - master configuration file
+ ./demoCA                       - main CA directory
+ ./demoCA/cacert.pem            - CA certificate
+ ./demoCA/private/cakey.pem     - CA private key
+ ./demoCA/serial                - CA serial number file
+ ./demoCA/serial.old            - CA serial number backup file
+ ./demoCA/index.txt             - CA text database file
+ ./demoCA/index.txt.old         - CA text database backup file
+ ./demoCA/certs                 - certificate output file
+ ./demoCA/.rnd                  - CA random seed information
+
+=head1 ENVIRONMENT VARIABLES
+
+B<OPENSSL_CONF> reflects the location of master configuration file it can
+be overridden by the B<-config> command line option.
+
+=head1 RESTRICTIONS
+
+The text database index file is a critical part of the process and 
+if corrupted it can be difficult to fix. It is theoretically possible
+to rebuild the index file from all the issued certificates and a current
+CRL: however there is no option to do this.
+
+V2 CRL features like delta CRL support and CRL numbers are not currently
+supported.
+
+Although several requests can be input and handled at once it is only
+possible to include one SPKAC or self signed certificate.
+
+=head1 BUGS
+
+The use of an in memory text database can cause problems when large
+numbers of certificates are present because, as the name implies
+the database has to be kept in memory.
+
+It is not possible to certify two certificates with the same DN: this
+is a side effect of how the text database is indexed and it cannot easily
+be fixed without introducing other problems. Some S/MIME clients can use
+two certificates with the same DN for separate signing and encryption
+keys.
+
+The B<ca> command really needs rewriting or the required functionality
+exposed at either a command or interface level so a more friendly utility
+(perl script or GUI) can handle things properly. The scripts B<CA.sh> and
+B<CA.pl> help a little but not very much.
+
+Any fields in a request that are not present in a policy are silently
+deleted. This does not happen if the B<-preserveDN> option is used. To
+enforce the absence of the EMAIL field within the DN, as suggested by
+RFCs, regardless the contents of the request' subject the B<-noemailDN>
+option can be used. The behaviour should be more friendly and
+configurable.
+
+Cancelling some commands by refusing to certify a certificate can
+create an empty file.
+
+=head1 WARNINGS
+
+The B<ca> command is quirky and at times downright unfriendly.
+
+The B<ca> utility was originally meant as an example of how to do things
+in a CA. It was not supposed to be used as a full blown CA itself:
+nevertheless some people are using it for this purpose.
+
+The B<ca> command is effectively a single user command: no locking is
+done on the various files and attempts to run more than one B<ca> command
+on the same database can have unpredictable results.
+
+The B<copy_extensions> option should be used with caution. If care is
+not taken then it can be a security risk. For example if a certificate
+request contains a basicConstraints extension with CA:TRUE and the
+B<copy_extensions> value is set to B<copyall> and the user does not spot
+this when the certificate is displayed then this will hand the requestor
+a valid CA certificate.
+
+This situation can be avoided by setting B<copy_extensions> to B<copy>
+and including basicConstraints with CA:FALSE in the configuration file.
+Then if the request contains a basicConstraints extension it will be
+ignored.
+
+It is advisable to also include values for other extensions such
+as B<keyUsage> to prevent a request supplying its own values.
+
+Additional restrictions can be placed on the CA certificate itself.
+For example if the CA certificate has:
+
+ basicConstraints = CA:TRUE, pathlen:0
+
+then even if a certificate is issued with CA:TRUE it will not be valid.
+
+=head1 SEE ALSO
+
+L<req(1)|req(1)>, L<spkac(1)|spkac(1)>, L<x509(1)|x509(1)>, L<CA.pl(1)|CA.pl(1)>,
+L<config(5)|config(5)>
+
+=cut
diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
new file mode 100644
index 0000000000..b7e577b24f
--- /dev/null
+++ b/doc/apps/ciphers.pod
@@ -0,0 +1,370 @@
+=pod
+
+=head1 NAME
+
+ciphers - SSL cipher display and cipher list tool.
+
+=head1 SYNOPSIS
+
+B<openssl> B<ciphers>
+[B<-v>]
+[B<-ssl2>]
+[B<-ssl3>]
+[B<-tls1>]
+[B<cipherlist>]
+
+=head1 DESCRIPTION
+
+The B<cipherlist> command converts OpenSSL cipher lists into ordered
+SSL cipher preference lists. It can be used as a test tool to determine
+the appropriate cipherlist.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-v>
+
+verbose option. List ciphers with a complete description of
+protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange,
+authentication, encryption and mac algorithms used along with any key size
+restrictions and whether the algorithm is classed as an "export" cipher.
+Note that without the B<-v> option, ciphers may seem to appear twice
+in a cipher list; this is when similar ciphers are available for
+SSL v2 and for SSL v3/TLS v1.
+
+=item B<-ssl3>
+
+only include SSL v3 ciphers.
+
+=item B<-ssl2>
+
+only include SSL v2 ciphers.
+
+=item B<-tls1>
+
+only include TLS v1 ciphers.
+
+=item B<-h>, B<-?>
+
+print a brief usage message.
+
+=item B<cipherlist>
+
+a cipher list to convert to a cipher preference list. If it is not included
+then the default cipher list will be used. The format is described below.
+
+=back
+
+=head1 CIPHER LIST FORMAT
+
+The cipher list consists of one or more I<cipher strings> separated by colons.
+Commas or spaces are also acceptable separators but colons are normally used.
+
+The actual cipher string can take several different forms.
+
+It can consist of a single cipher suite such as B<RC4-SHA>.
+
+It can represent a list of cipher suites containing a certain algorithm, or
+cipher suites of a certain type. For example B<SHA1> represents all ciphers
+suites using the digest algorithm SHA1 and B<SSLv3> represents all SSL v3
+algorithms.
+
+Lists of cipher suites can be combined in a single cipher string using the
+B<+> character. This is used as a logical B<and> operation. For example
+B<SHA1+DES> represents all cipher suites containing the SHA1 B<and> the DES
+algorithms.
+
+Each cipher string can be optionally preceded by the characters B<!>,
+B<-> or B<+>.
+
+If B<!> is used then the ciphers are permanently deleted from the list.
+The ciphers deleted can never reappear in the list even if they are
+explicitly stated.
+
+If B<-> is used then the ciphers are deleted from the list, but some or
+all of the ciphers can be added again by later options.
+
+If B<+> is used then the ciphers are moved to the end of the list. This
+option doesn't add any new ciphers it just moves matching existing ones.
+
+If none of these characters is present then the string is just interpreted
+as a list of ciphers to be appended to the current preference list. If the
+list includes any ciphers already present they will be ignored: that is they
+will not moved to the end of the list.
+
+Additionally the cipher string B<@STRENGTH> can be used at any point to sort
+the current cipher list in order of encryption algorithm key length.
+
+=head1 CIPHER STRINGS
+
+The following is a list of all permitted cipher strings and their meanings.
+
+=over 4
+
+=item B<DEFAULT>
+
+the default cipher list. This is determined at compile time and is normally
+B<ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH>. This must be the first cipher string
+specified.
+
+=item B<COMPLEMENTOFDEFAULT>
+
+the ciphers included in B<ALL>, but not enabled by default. Currently
+this is B<ADH>. Note that this rule does not cover B<eNULL>, which is
+not included by B<ALL> (use B<COMPLEMENTOFALL> if necessary).
+
+=item B<ALL>
+
+all ciphers suites except the B<eNULL> ciphers which must be explicitly enabled.
+
+=item B<COMPLEMENTOFALL>
+
+the cipher suites not enabled by B<ALL>, currently being B<eNULL>.
+
+=item B<HIGH>
+
+"high" encryption cipher suites. This currently means those with key lengths larger
+than 128 bits.
+
+=item B<MEDIUM>
+
+"medium" encryption cipher suites, currently those using 128 bit encryption.
+
+=item B<LOW>
+
+"low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms
+but excluding export cipher suites.
+
+=item B<EXP>, B<EXPORT>
+
+export encryption algorithms. Including 40 and 56 bits algorithms.
+
+=item B<EXPORT40>
+
+40 bit export encryption algorithms
+
+=item B<EXPORT56>
+
+56 bit export encryption algorithms.
+
+=item B<eNULL>, B<NULL>
+
+the "NULL" ciphers that is those offering no encryption. Because these offer no
+encryption at all and are a security risk they are disabled unless explicitly
+included.
+
+=item B<aNULL>
+
+the cipher suites offering no authentication. This is currently the anonymous
+DH algorithms. These cipher suites are vulnerable to a "man in the middle"
+attack and so their use is normally discouraged.
+
+=item B<kRSA>, B<RSA>
+
+cipher suites using RSA key exchange.
+
+=item B<kEDH>
+
+cipher suites using ephemeral DH key agreement.
+
+=item B<kDHr>, B<kDHd>
+
+cipher suites using DH key agreement and DH certificates signed by CAs with RSA
+and DSS keys respectively. Not implemented.
+
+=item B<aRSA>
+
+cipher suites using RSA authentication, i.e. the certificates carry RSA keys.
+
+=item B<aDSS>, B<DSS>
+
+cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
+
+=item B<aDH>
+
+cipher suites effectively using DH authentication, i.e. the certificates carry
+DH keys.  Not implemented.
+
+=item B<kFZA>, B<aFZA>, B<eFZA>, B<FZA>
+
+ciphers suites using FORTEZZA key exchange, authentication, encryption or all
+FORTEZZA algorithms. Not implemented.
+
+=item B<TLSv1>, B<SSLv3>, B<SSLv2>
+
+TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively.
+
+=item B<DH>
+
+cipher suites using DH, including anonymous DH.
+
+=item B<ADH>
+
+anonymous DH cipher suites.
+
+=item B<3DES>
+
+cipher suites using triple DES.
+
+=item B<DES>
+
+cipher suites using DES (not triple DES).
+
+=item B<RC4>
+
+cipher suites using RC4.
+
+=item B<RC2>
+
+cipher suites using RC2.
+
+=item B<IDEA>
+
+cipher suites using IDEA.
+
+=item B<MD5>
+
+cipher suites using MD5.
+
+=item B<SHA1>, B<SHA>
+
+cipher suites using SHA1.
+
+=back
+
+=head1 CIPHER SUITE NAMES
+
+The following lists give the SSL or TLS cipher suites names from the
+relevant specification and their OpenSSL equivalents.
+
+=head2 SSL v3.0 cipher suites.
+
+ SSL_RSA_WITH_NULL_MD5                   NULL-MD5
+ SSL_RSA_WITH_NULL_SHA                   NULL-SHA
+ SSL_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5
+ SSL_RSA_WITH_RC4_128_MD5                RC4-MD5
+ SSL_RSA_WITH_RC4_128_SHA                RC4-SHA
+ SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5      EXP-RC2-CBC-MD5
+ SSL_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
+ SSL_RSA_EXPORT_WITH_DES40_CBC_SHA       EXP-DES-CBC-SHA
+ SSL_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
+ SSL_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
+
+ SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
+ SSL_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
+ SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
+ SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
+ SSL_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
+ SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
+ SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-DSS-DES-CBC-SHA
+ SSL_DHE_DSS_WITH_DES_CBC_SHA            EDH-DSS-CBC-SHA
+ SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA       EDH-DSS-DES-CBC3-SHA
+ SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-RSA-DES-CBC-SHA
+ SSL_DHE_RSA_WITH_DES_CBC_SHA            EDH-RSA-DES-CBC-SHA
+ SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA       EDH-RSA-DES-CBC3-SHA
+
+ SSL_DH_anon_EXPORT_WITH_RC4_40_MD5      EXP-ADH-RC4-MD5
+ SSL_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
+ SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA   EXP-ADH-DES-CBC-SHA
+ SSL_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
+ SSL_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
+
+ SSL_FORTEZZA_KEA_WITH_NULL_SHA          Not implemented.
+ SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA  Not implemented.
+ SSL_FORTEZZA_KEA_WITH_RC4_128_SHA       Not implemented.
+
+=head2 TLS v1.0 cipher suites.
+
+ TLS_RSA_WITH_NULL_MD5                   NULL-MD5
+ TLS_RSA_WITH_NULL_SHA                   NULL-SHA
+ TLS_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5
+ TLS_RSA_WITH_RC4_128_MD5                RC4-MD5
+ TLS_RSA_WITH_RC4_128_SHA                RC4-SHA
+ TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5      EXP-RC2-CBC-MD5
+ TLS_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
+ TLS_RSA_EXPORT_WITH_DES40_CBC_SHA       EXP-DES-CBC-SHA
+ TLS_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
+
+ TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
+ TLS_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
+ TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
+ TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
+ TLS_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
+ TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
+ TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-DSS-DES-CBC-SHA
+ TLS_DHE_DSS_WITH_DES_CBC_SHA            EDH-DSS-CBC-SHA
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       EDH-DSS-DES-CBC3-SHA
+ TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA   EXP-EDH-RSA-DES-CBC-SHA
+ TLS_DHE_RSA_WITH_DES_CBC_SHA            EDH-RSA-DES-CBC-SHA
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       EDH-RSA-DES-CBC3-SHA
+
+ TLS_DH_anon_EXPORT_WITH_RC4_40_MD5      EXP-ADH-RC4-MD5
+ TLS_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
+ TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA   EXP-ADH-DES-CBC-SHA
+ TLS_DH_anon_WITH_DES_CBC_SHA            ADH-DES-CBC-SHA
+ TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
+
+=head2 Additional Export 1024 and other cipher suites
+
+Note: these ciphers can also be used in SSL v3.
+
+ TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA     EXP1024-DES-CBC-SHA
+ TLS_RSA_EXPORT1024_WITH_RC4_56_SHA      EXP1024-RC4-SHA
+ TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA
+ TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  EXP1024-DHE-DSS-RC4-SHA
+ TLS_DHE_DSS_WITH_RC4_128_SHA            DHE-DSS-RC4-SHA
+
+=head2 SSL v2.0 cipher suites.
+
+ SSL_CK_RC4_128_WITH_MD5                 RC4-MD5
+ SSL_CK_RC4_128_EXPORT40_WITH_MD5        EXP-RC4-MD5
+ SSL_CK_RC2_128_CBC_WITH_MD5             RC2-MD5
+ SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5    EXP-RC2-MD5
+ SSL_CK_IDEA_128_CBC_WITH_MD5            IDEA-CBC-MD5
+ SSL_CK_DES_64_CBC_WITH_MD5              DES-CBC-MD5
+ SSL_CK_DES_192_EDE3_CBC_WITH_MD5        DES-CBC3-MD5
+
+=head1 NOTES
+
+The non-ephemeral DH modes are currently unimplemented in OpenSSL
+because there is no support for DH certificates.
+
+Some compiled versions of OpenSSL may not include all the ciphers
+listed here because some ciphers were excluded at compile time.
+
+=head1 EXAMPLES
+
+Verbose listing of all OpenSSL ciphers including NULL ciphers:
+
+ openssl ciphers -v 'ALL:eNULL'
+
+Include all ciphers except NULL and anonymous DH then sort by
+strength:
+
+ openssl ciphers -v 'ALL:!ADH:@STRENGTH'
+
+Include only 3DES ciphers and then place RSA ciphers last:
+
+ openssl ciphers -v '3DES:+RSA'
+
+Include all RC4 ciphers but leave out those without authentication:
+
+ openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
+
+Include all chiphers with RSA authentication but leave out ciphers without
+encryption.
+
+ openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
+
+=head1 SEE ALSO
+
+L<s_client(1)|s_client(1)>, L<s_server(1)|s_server(1)>, L<ssl(3)|ssl(3)>
+
+=head1 HISTORY
+
+The B<COMPLENTOFALL> and B<COMPLEMENTOFDEFAULT> selection options were
+added in version 0.9.7.
+
+=cut
diff --git a/doc/apps/config.pod b/doc/apps/config.pod
new file mode 100644
index 0000000000..ce874a42ce
--- /dev/null
+++ b/doc/apps/config.pod
@@ -0,0 +1,138 @@
+
+=pod
+
+=head1 NAME
+
+config - OpenSSL CONF library configuration files
+
+=head1 DESCRIPTION
+
+The OpenSSL CONF library can be used to read configuration files.
+It is used for the OpenSSL master configuration file B<openssl.cnf>
+and in a few other places like B<SPKAC> files and certificate extension
+files for the B<x509> utility.
+
+A configuration file is divided into a number of sections. Each section
+starts with a line B<[ section_name ]> and ends when a new section is
+started or end of file is reached. A section name can consist of
+alphanumeric characters and underscores.
+
+The first section of a configuration file is special and is referred
+to as the B<default> section this is usually unnamed and is from the
+start of file until the first named section. When a name is being looked up
+it is first looked up in a named section (if any) and then the
+default section.
+
+The environment is mapped onto a section called B<ENV>.
+
+Comments can be included by preceding them with the B<#> character
+
+Each section in a configuration file consists of a number of name and
+value pairs of the form B<name=value>
+
+The B<name> string can contain any alphanumeric characters as well as
+a few punctuation symbols such as B<.> B<,> B<;> and B<_>.
+
+The B<value> string consists of the string following the B<=> character
+until end of line with any leading and trailing white space removed.
+
+The value string undergoes variable expansion. This can be done by
+including the form B<$var> or B<${var}>: this will substitute the value
+of the named variable in the current section. It is also possible to
+substitute a value from another section using the syntax B<$section::name>
+or B<${section::name}>. By using the form B<$ENV::name> environment
+variables can be substituted. It is also possible to assign values to
+environment variables by using the name B<ENV::name>, this will work
+if the program looks up environment variables using the B<CONF> library
+instead of calling B<getenv()> directly.
+
+It is possible to escape certain characters by using any kind of quote
+or the B<\> character. By making the last character of a line a B<\>
+a B<value> string can be spread across multiple lines. In addition
+the sequences B<\n>, B<\r>, B<\b> and B<\t> are recognized.
+
+=head1 NOTES
+
+If a configuration file attempts to expand a variable that doesn't exist
+then an error is flagged and the file will not load. This can happen
+if an attempt is made to expand an environment variable that doesn't
+exist. For example the default OpenSSL master configuration file used
+the value of B<HOME> which may not be defined on non Unix systems.
+
+This can be worked around by including a B<default> section to provide
+a default value: then if the environment lookup fails the default value
+will be used instead. For this to work properly the default value must
+be defined earlier in the configuration file than the expansion. See
+the B<EXAMPLES> section for an example of how to do this.
+
+If the same variable exists in the same section then all but the last
+value will be silently ignored. In certain circumstances such as with
+DNs the same field may occur multiple times. This is usually worked
+around by ignoring any characters before an initial B<.> e.g.
+
+ 1.OU="My first OU"
+ 2.OU="My Second OU"
+
+=head1 EXAMPLES
+
+Here is a sample configuration file using some of the features
+mentioned above.
+
+ # This is the default section.
+ 
+ HOME=/temp
+ RANDFILE= ${ENV::HOME}/.rnd
+ configdir=$ENV::HOME/config
+
+ [ section_one ]
+
+ # We are now in section one.
+
+ # Quotes permit leading and trailing whitespace
+ any = " any variable name "
+
+ other = A string that can \
+ cover several lines \
+ by including \\ characters
+
+ message = Hello World\n
+
+ [ section_two ]
+
+ greeting = $section_one::message
+
+This next example shows how to expand environment variables safely.
+
+Suppose you want a variable called B<tmpfile> to refer to a
+temporary filename. The directory it is placed in can determined by
+the the B<TEMP> or B<TMP> environment variables but they may not be
+set to any value at all. If you just include the environment variable
+names and the variable doesn't exist then this will cause an error when
+an attempt is made to load the configuration file. By making use of the
+default section both values can be looked up with B<TEMP> taking 
+priority and B</tmp> used if neither is defined:
+
+ TMP=/tmp
+ # The above value is used if TMP isn't in the environment
+ TEMP=$ENV::TMP
+ # The above value is used if TEMP isn't in the environment
+ tmpfile=${ENV::TEMP}/tmp.filename
+
+=head1 BUGS
+
+Currently there is no way to include characters using the octal B<\nnn>
+form. Strings are all null terminated so nulls cannot form part of
+the value.
+
+The escaping isn't quite right: if you want to use sequences like B<\n>
+you can't use any quote escaping on the same line.
+
+Files are loaded in a single pass. This means that an variable expansion
+will only work if the variables referenced are defined earlier in the
+file.
+
+=head1 SEE ALSO
+
+L<x509(1)|x509(1)>, L<req(1)|req(1)>, L<ca(1)|ca(1)>
+
+=cut
diff --git a/doc/apps/crl.pod b/doc/apps/crl.pod
new file mode 100644
index 0000000000..a40c873b95
--- /dev/null
+++ b/doc/apps/crl.pod
@@ -0,0 +1,117 @@
+=pod
+
+=head1 NAME
+
+crl - CRL utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<crl>
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-text>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-noout>]
+[B<-hash>]
+[B<-issuer>]
+[B<-lastupdate>]
+[B<-nextupdate>]
+[B<-CAfile file>]
+[B<-CApath dir>]
+
+=head1 DESCRIPTION
+
+The B<crl> command processes CRL files in DER or PEM format.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. B<DER> format is DER encoded CRL
+structure. B<PEM> (the default) is a base64 encoded version of
+the DER form with header and footer lines.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the 
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read from or standard input if this
+option is not specified.
+
+=item B<-out filename>
+
+specifies the output filename to write to or standard output by
+default.
+
+=item B<-text>
+
+print out the CRL in text form.
+
+=item B<-noout>
+
+don't output the encoded version of the CRL.
+
+=item B<-hash>
+
+output a hash of the issuer name. This can be use to lookup CRLs in
+a directory by issuer name.
+
+=item B<-issuer>
+
+output the issuer name.
+
+=item B<-lastupdate>
+
+output the lastUpdate field.
+
+=item B<-nextupdate>
+
+output the nextUpdate field.
+
+=item B<-CAfile file>
+
+verify the signature on a CRL by looking up the issuing certificate in
+B<file>
+
+=item B<-CApath dir>
+
+verify the signature on a CRL by looking up the issuing certificate in
+B<dir>. This directory must be a standard certificate directory: that
+is a hash of each subject name (using B<x509 -hash>) should be linked
+to each certificate.
+
+=back
+
+=head1 NOTES
+
+The PEM CRL format uses the header and footer lines:
+
+ -----BEGIN X509 CRL-----
+ -----END X509 CRL-----
+
+=head1 EXAMPLES
+
+Convert a CRL file from PEM to DER:
+
+ openssl crl -in crl.pem -outform DER -out crl.der
+
+Output the text form of a DER encoded certificate:
+
+ openssl crl -in crl.der -text -noout
+
+=head1 BUGS
+
+Ideally it should be possible to create a CRL using appropriate options
+and files too.
+
+=head1 SEE ALSO
+
+L<crl2pkcs7(1)|crl2pkcs7(1)>, L<ca(1)|ca(1)>, L<x509(1)|x509(1)>
+
+=cut
diff --git a/doc/apps/crl2pkcs7.pod b/doc/apps/crl2pkcs7.pod
new file mode 100644
index 0000000000..3797bc0df4
--- /dev/null
+++ b/doc/apps/crl2pkcs7.pod
@@ -0,0 +1,91 @@
+=pod
+
+=head1 NAME
+
+crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates.
+
+=head1 SYNOPSIS
+
+B<openssl> B<crl2pkcs7>
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-certfile filename>]
+[B<-nocrl>]
+
+=head1 DESCRIPTION
+
+The B<crl2pkcs7> command takes an optional CRL and one or more
+certificates and converts them into a PKCS#7 degenerate "certificates
+only" structure.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-inform DER|PEM>
+
+This specifies the CRL input format. B<DER> format is DER encoded CRL
+structure.B<PEM> (the default) is a base64 encoded version of
+the DER form with header and footer lines.
+
+=item B<-outform DER|PEM>
+
+This specifies the PKCS#7 structure output format. B<DER> format is DER
+encoded PKCS#7 structure.B<PEM> (the default) is a base64 encoded version of
+the DER form with header and footer lines.
+
+=item B<-in filename>
+
+This specifies the input filename to read a CRL from or standard input if this
+option is not specified.
+
+=item B<-out filename>
+
+specifies the output filename to write the PKCS#7 structure to or standard
+output by default.
+
+=item B<-certfile filename>
+
+specifies a filename containing one or more certificates in B<PEM> format.
+All certificates in the file will be added to the PKCS#7 structure. This
+option can be used more than once to read certificates form multiple
+files.
+
+=item B<-nocrl>
+
+normally a CRL is included in the output file. With this option no CRL is
+included in the output file and a CRL is not read from the input file.
+
+=back
+
+=head1 EXAMPLES
+
+Create a PKCS#7 structure from a certificate and CRL:
+
+ openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
+
+Creates a PKCS#7 structure in DER format with no CRL from several
+different certificates:
+
+ openssl crl2pkcs7 -nocrl -certfile newcert.pem 
+	-certfile demoCA/cacert.pem -outform DER -out p7.der
+
+=head1 NOTES
+
+The output file is a PKCS#7 signed data structure containing no signers and
+just certificates and an optional CRL.
+
+This utility can be used to send certificates and CAs to Netscape as part of
+the certificate enrollment process. This involves sending the DER encoded output
+as MIME type application/x-x509-user-cert.
+
+The B<PEM> encoded form with the header and footer lines removed can be used to
+install user certificates and CAs in MSIE using the Xenroll control.
+
+=head1 SEE ALSO
+
+L<pkcs7(1)|pkcs7(1)>
+
+=cut
diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod
new file mode 100644
index 0000000000..1648742bcf
--- /dev/null
+++ b/doc/apps/dgst.pod
@@ -0,0 +1,104 @@
+=pod
+
+=head1 NAME
+
+dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 - message digests
+
+=head1 SYNOPSIS
+
+B<openssl> B<dgst> 
+[B<-md5|-md4|-md2|-sha1|-sha|-mdc2|-ripemd160|-dss1>]
+[B<-c>]
+[B<-d>]
+[B<-hex>]
+[B<-binary>]
+[B<-out filename>]
+[B<-sign filename>]
+[B<-verify filename>]
+[B<-prverify filename>]
+[B<-signature filename>]
+[B<file...>]
+
+[B<md5|md4|md2|sha1|sha|mdc2|ripemd160>]
+[B<-c>]
+[B<-d>]
+[B<file...>]
+
+=head1 DESCRIPTION
+
+The digest functions output the message digest of a supplied file or files
+in hexadecimal form. They can also be used for digital signing and verification.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-c>
+
+print out the digest in two digit groups separated by colons, only relevant if
+B<hex> format output is used.
+
+=item B<-d>
+
+print out BIO debugging information.
+
+=item B<-hex>
+
+digest is to be output as a hex dump. This is the default case for a "normal"
+digest as opposed to a digital signature.
+
+=item B<-binary>
+
+output the digest or signature in binary form.
+
+=item B<-out filename>
+
+filename to output to, or standard output by default.
+
+=item B<-sign filename>
+
+digitally sign the digest using the private key in "filename".
+
+=item B<-verify filename>
+
+verify the signature using the the public key in "filename".
+The output is either "Verification OK" or "Verification Failure".
+
+=item B<-prverify filename>
+
+verify the signature using the  the private key in "filename".
+
+=item B<-signature filename>
+
+the actual signature to verify.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others. 
+
+=item B<file...>
+
+file or files to digest. If no files are specified then standard input is
+used.
+
+=back
+
+=head1 NOTES
+
+The digest of choice for all new applications is SHA1. Other digests are
+however still widely used.
+
+If you wish to sign or verify data using the DSA algorithm then the dss1
+digest must be used.
+
+A source of random numbers is required for certain signing algorithms, in
+particular DSA.
+
+The signing and verify options should only be used if a single file is
+being signed or verified.
+
+=cut
diff --git a/doc/apps/dhparam.pod b/doc/apps/dhparam.pod
new file mode 100644
index 0000000000..ff8a6e5e5b
--- /dev/null
+++ b/doc/apps/dhparam.pod
@@ -0,0 +1,133 @@
+=pod
+
+=head1 NAME
+
+dhparam - DH parameter manipulation and generation
+
+=head1 SYNOPSIS
+
+B<openssl dhparam>
+[B<-inform DER|PEM>]
+[B<-outform DER|PEM>]
+[B<-in> I<filename>]
+[B<-out> I<filename>]
+[B<-dsaparam>]
+[B<-noout>]
+[B<-text>]
+[B<-C>]
+[B<-2>]
+[B<-5>]
+[B<-rand> I<file(s)>]
+[I<numbits>]
+
+=head1 DESCRIPTION
+
+This command is used to manipulate DH parameter files.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. The B<DER> option uses an ASN1 DER encoded
+form compatible with the PKCS#3 DHparameter structure. The PEM form is the
+default format: it consists of the B<DER> format base64 encoded with
+additional header and footer lines.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the 
+B<-inform> option.
+
+=item B<-in> I<filename>
+
+This specifies the input filename to read parameters from or standard input if
+this option is not specified.
+
+=item B<-out> I<filename>
+
+This specifies the output filename parameters to. Standard output is used
+if this option is not present. The output filename should B<not> be the same
+as the input filename.
+
+=item B<-dsaparam>
+
+If this option is used, DSA rather than DH parameters are read or created;
+they are converted to DH format.  Otherwise, "strong" primes (such
+that (p-1)/2 is also prime) will be used for DH parameter generation.
+
+DH parameter generation with the B<-dsaparam> option is much faster,
+and the recommended exponent length is shorter, which makes DH key
+exchange more efficient.  Beware that with such DSA-style DH
+parameters, a fresh DH key should be created for each use to
+avoid small-subgroup attacks that may be possible otherwise.
+
+=item B<-2>, B<-5>
+
+The generator to use, either 2 or 5. 2 is the default. If present then the
+input file is ignored and parameters are generated instead.
+
+=item B<-rand> I<file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item I<numbits>
+
+this option specifies that a parameter set should be generated of size
+I<numbits>. It must be the last option. If not present then a value of 512
+is used. If this option is present then the input file is ignored and 
+parameters are generated instead.
+
+=item B<-noout>
+
+this option inhibits the output of the encoded version of the parameters.
+
+=item B<-text>
+
+this option prints out the DH parameters in human readable form.
+
+=item B<-C>
+
+this option converts the parameters into C code. The parameters can then
+be loaded by calling the B<get_dh>I<numbits>B<()> function.
+
+=back
+
+=head1 WARNINGS
+
+The program B<dhparam> combines the functionality of the programs B<dh> and
+B<gendh> in previous versions of OpenSSL and SSLeay. The B<dh> and B<gendh>
+programs are retained for now but may have different purposes in future 
+versions of OpenSSL.
+
+=head1 NOTES
+
+PEM format DH parameters use the header and footer lines:
+
+ -----BEGIN DH PARAMETERS-----
+ -----END DH PARAMETERS-----
+
+OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42
+DH.
+
+This program manipulates DH parameters not keys.
+
+=head1 BUGS
+
+There should be a way to generate and manipulate DH keys.
+
+=head1 SEE ALSO
+
+L<dsaparam(1)|dsaparam(1)>
+
+=head1 HISTORY
+
+The B<dhparam> command was added in OpenSSL 0.9.5.
+The B<-dsaparam> option was added in OpenSSL 0.9.6.
+
+=cut
diff --git a/doc/apps/dsa.pod b/doc/apps/dsa.pod
new file mode 100644
index 0000000000..28e534bb95
--- /dev/null
+++ b/doc/apps/dsa.pod
@@ -0,0 +1,150 @@
+=pod
+
+=head1 NAME
+
+dsa - DSA key processing
+
+=head1 SYNOPSIS
+
+B<openssl> B<dsa>
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-passin arg>]
+[B<-out filename>]
+[B<-passout arg>]
+[B<-des>]
+[B<-des3>]
+[B<-idea>]
+[B<-text>]
+[B<-noout>]
+[B<-modulus>]
+[B<-pubin>]
+[B<-pubout>]
+
+=head1 DESCRIPTION
+
+The B<dsa> command processes DSA keys. They can be converted between various
+forms and their components printed out. B<Note> This command uses the
+traditional SSLeay compatible format for private key encryption: newer
+applications should use the more secure PKCS#8 format using the B<pkcs8>
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. The B<DER> option with a private key uses
+an ASN1 DER encoded form of an ASN.1 SEQUENCE consisting of the values of
+version (currently zero), p, q, g, the public and private key components
+respectively as ASN.1 INTEGERs. When used with a public key it uses a
+SubjectPublicKeyInfo structure: it is an error if the key is not DSA.
+
+The B<PEM> form is the default format: it consists of the B<DER> format base64
+encoded with additional header and footer lines. In the case of a private key
+PKCS#8 format is also accepted.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the 
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read a key from or standard input if this
+option is not specified. If the key is encrypted a pass phrase will be
+prompted for.
+
+=item B<-passin arg>
+
+the input file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-out filename>
+
+This specifies the output filename to write a key to or standard output by
+is not specified. If any encryption options are set then a pass phrase will be
+prompted for. The output filename should B<not> be the same as the input
+filename.
+
+=item B<-passout arg>
+
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-des|-des3|-idea>
+
+These options encrypt the private key with the DES, triple DES, or the 
+IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
+If none of these options is specified the key is written in plain text. This
+means that using the B<dsa> utility to read in an encrypted key with no
+encryption option can be used to remove the pass phrase from a key, or by
+setting the encryption options it can be use to add or change the pass phrase.
+These options can only be used with PEM format output files.
+
+=item B<-text>
+
+prints out the public, private key components and parameters.
+
+=item B<-noout>
+
+this option prevents output of the encoded version of the key.
+
+=item B<-modulus>
+
+this option prints out the value of the public key component of the key.
+
+=item B<-pubin>
+
+by default a private key is read from the input file: with this option a
+public key is read instead.
+
+=item B<-pubout>
+
+by default a private key is output. With this option a public
+key will be output instead. This option is automatically set if the input is
+a public key.
+
+=back
+
+=head1 NOTES
+
+The PEM private key format uses the header and footer lines:
+
+ -----BEGIN DSA PRIVATE KEY-----
+ -----END DSA PRIVATE KEY-----
+
+The PEM public key format uses the header and footer lines:
+
+ -----BEGIN PUBLIC KEY-----
+ -----END PUBLIC KEY-----
+
+=head1 EXAMPLES
+
+To remove the pass phrase on a DSA private key:
+
+ openssl dsa -in key.pem -out keyout.pem
+
+To encrypt a private key using triple DES:
+
+ openssl dsa -in key.pem -des3 -out keyout.pem
+
+To convert a private key from PEM to DER format: 
+
+ openssl dsa -in key.pem -outform DER -out keyout.der
+
+To print out the components of a private key to standard output:
+
+ openssl dsa -in key.pem -text -noout
+
+To just output the public part of a private key:
+
+ openssl dsa -in key.pem -pubout -out pubkey.pem
+
+=head1 SEE ALSO
+
+L<dsaparam(1)|dsaparam(1)>, L<gendsa(1)|gendsa(1)>, L<rsa(1)|rsa(1)>,
+L<genrsa(1)|genrsa(1)>
+
+=cut
diff --git a/doc/apps/dsaparam.pod b/doc/apps/dsaparam.pod
new file mode 100644
index 0000000000..50c2f61242
--- /dev/null
+++ b/doc/apps/dsaparam.pod
@@ -0,0 +1,102 @@
+=pod
+
+=head1 NAME
+
+dsaparam - DSA parameter manipulation and generation
+
+=head1 SYNOPSIS
+
+B<openssl dsaparam>
+[B<-inform DER|PEM>]
+[B<-outform DER|PEM>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-noout>]
+[B<-text>]
+[B<-C>]
+[B<-rand file(s)>]
+[B<-genkey>]
+[B<numbits>]
+
+=head1 DESCRIPTION
+
+This command is used to manipulate or generate DSA parameter files.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. The B<DER> option uses an ASN1 DER encoded
+form compatible with RFC2459 (PKIX) DSS-Parms that is a SEQUENCE consisting
+of p, q and g respectively. The PEM form is the default format: it consists
+of the B<DER> format base64 encoded with additional header and footer lines.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the 
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read parameters from or standard input if
+this option is not specified. If the B<numbits> parameter is included then
+this option will be ignored.
+
+=item B<-out filename>
+
+This specifies the output filename parameters to. Standard output is used
+if this option is not present. The output filename should B<not> be the same
+as the input filename.
+
+=item B<-noout>
+
+this option inhibits the output of the encoded version of the parameters.
+
+=item B<-text>
+
+this option prints out the DSA parameters in human readable form.
+
+=item B<-C>
+
+this option converts the parameters into C code. The parameters can then
+be loaded by calling the B<get_dsaXXX()> function.
+
+=item B<-genkey>
+
+this option will generate a DSA either using the specified or generated
+parameters.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item B<numbits>
+
+this option specifies that a parameter set should be generated of size
+B<numbits>. It must be the last option. If this option is included then
+the input file (if any) is ignored.
+
+=back
+
+=head1 NOTES
+
+PEM format DSA parameters use the header and footer lines:
+
+ -----BEGIN DSA PARAMETERS-----
+ -----END DSA PARAMETERS-----
+
+DSA parameter generation is a slow process and as a result the same set of
+DSA parameters is often used to generate several distinct keys.
+
+=head1 SEE ALSO
+
+L<gendsa(1)|gendsa(1)>, L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>,
+L<rsa(1)|rsa(1)>
+
+=cut
diff --git a/doc/apps/enc.pod b/doc/apps/enc.pod
new file mode 100644
index 0000000000..ddf081617f
--- /dev/null
+++ b/doc/apps/enc.pod
@@ -0,0 +1,271 @@
+=pod
+
+=head1 NAME
+
+enc - symmetric cipher routines
+
+=head1 SYNOPSIS
+
+B<openssl enc -ciphername>
+[B<-in filename>]
+[B<-out filename>]
+[B<-pass arg>]
+[B<-e>]
+[B<-d>]
+[B<-a>]
+[B<-A>]
+[B<-k password>]
+[B<-kfile filename>]
+[B<-K key>]
+[B<-iv IV>]
+[B<-p>]
+[B<-P>]
+[B<-bufsize number>]
+[B<-nopad>]
+[B<-debug>]
+
+=head1 DESCRIPTION
+
+The symmetric cipher commands allow data to be encrypted or decrypted
+using various block and stream ciphers using keys based on passwords
+or explicitly provided. Base64 encoding or decoding can also be performed
+either by itself or in addition to the encryption or decryption.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-in filename>
+
+the input filename, standard input by default.
+
+=item B<-out filename>
+
+the output filename, standard output by default.
+
+=item B<-pass arg>
+
+the password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-salt>
+
+use a salt in the key derivation routines. This option should B<ALWAYS>
+be used unless compatibility with previous versions of OpenSSL or SSLeay
+is required. This option is only present on OpenSSL versions 0.9.5 or
+above.
+
+=item B<-nosalt>
+
+don't use a salt in the key derivation routines. This is the default for
+compatibility with previous versions of OpenSSL and SSLeay.
+
+=item B<-e>
+
+encrypt the input data: this is the default.
+
+=item B<-d>
+
+decrypt the input data.
+
+=item B<-a>
+
+base64 process the data. This means that if encryption is taking place
+the data is base64 encoded after encryption. If decryption is set then
+the input data is base64 decoded before being decrypted.
+
+=item B<-A>
+
+if the B<-a> option is set then base64 process the data on one line.
+
+=item B<-k password>
+
+the password to derive the key from. This is for compatibility with previous
+versions of OpenSSL. Superseded by the B<-pass> argument.
+
+=item B<-kfile filename>
+
+read the password to derive the key from the first line of B<filename>.
+This is for computability with previous versions of OpenSSL. Superseded by
+the B<-pass> argument.
+
+=item B<-S salt>
+
+the actual salt to use: this must be represented as a string comprised only
+of hex digits.
+
+=item B<-K key>
+
+the actual key to use: this must be represented as a string comprised only
+of hex digits. If only the key is specified, the IV must additionally specified
+using the B<-iv> option. When both a key and a password are specified, the
+key given with the B<-K> option will be used and the IV generated from the
+password will be taken. It probably does not make much sense to specify
+both key and password.
+
+=item B<-iv IV>
+
+the actual IV to use: this must be represented as a string comprised only
+of hex digits. When only the key is specified using the B<-K> option, the
+IV must explicitly be defined. When a password is being specified using
+one of the other options, the IV is generated from this password.
+
+=item B<-p>
+
+print out the key and IV used.
+
+=item B<-P>
+
+print out the key and IV used then immediately exit: don't do any encryption
+or decryption.
+
+=item B<-bufsize number>
+
+set the buffer size for I/O
+
+=item B<-nopad>
+
+disable standard block padding
+
+=item B<-debug>
+
+debug the BIOs used for I/O.
+
+=back
+
+=head1 NOTES
+
+The program can be called either as B<openssl ciphername> or
+B<openssl enc -ciphername>.
+
+A password will be prompted for to derive the key and IV if necessary.
+
+The B<-salt> option should B<ALWAYS> be used if the key is being derived
+from a password unless you want compatibility with previous versions of
+OpenSSL and SSLeay.
+
+Without the B<-salt> option it is possible to perform efficient dictionary
+attacks on the password and to attack stream cipher encrypted data. The reason
+for this is that without the salt the same password always generates the same
+encryption key. When the salt is being used the first eight bytes of the
+encrypted data are reserved for the salt: it is generated at random when
+encrypting a file and read from the encrypted file when it is decrypted.
+
+Some of the ciphers do not have large keys and others have security
+implications if not used correctly. A beginner is advised to just use
+a strong block cipher in CBC mode such as bf or des3.
+
+All the block ciphers normally use PKCS#5 padding also known as standard block
+padding: this allows a rudimentary integrity or password check to be
+performed. However since the chance of random data passing the test is
+better than 1 in 256 it isn't a very good test.
+
+If padding is disabled then the input data must be a multiple of the cipher
+block length.
+
+All RC2 ciphers have the same key and effective key length.
+
+Blowfish and RC5 algorithms use a 128 bit key.
+
+=head1 SUPPORTED CIPHERS
+
+ base64             Base 64
+
+ bf-cbc             Blowfish in CBC mode
+ bf                 Alias for bf-cbc
+ bf-cfb             Blowfish in CFB mode
+ bf-ecb             Blowfish in ECB mode
+ bf-ofb             Blowfish in OFB mode
+
+ cast-cbc           CAST in CBC mode
+ cast               Alias for cast-cbc
+ cast5-cbc          CAST5 in CBC mode
+ cast5-cfb          CAST5 in CFB mode
+ cast5-ecb          CAST5 in ECB mode
+ cast5-ofb          CAST5 in OFB mode
+
+ des-cbc            DES in CBC mode
+ des                Alias for des-cbc
+ des-cfb            DES in CBC mode
+ des-ofb            DES in OFB mode
+ des-ecb            DES in ECB mode
+
+ des-ede-cbc        Two key triple DES EDE in CBC mode
+ des-ede            Alias for des-ede
+ des-ede-cfb        Two key triple DES EDE in CFB mode
+ des-ede-ofb        Two key triple DES EDE in OFB mode
+
+ des-ede3-cbc       Three key triple DES EDE in CBC mode
+ des-ede3           Alias for des-ede3-cbc
+ des3               Alias for des-ede3-cbc
+ des-ede3-cfb       Three key triple DES EDE CFB mode
+ des-ede3-ofb       Three key triple DES EDE in OFB mode
+
+ desx               DESX algorithm.
+
+ idea-cbc           IDEA algorithm in CBC mode
+ idea               same as idea-cbc
+ idea-cfb           IDEA in CFB mode
+ idea-ecb           IDEA in ECB mode
+ idea-ofb           IDEA in OFB mode
+
+ rc2-cbc            128 bit RC2 in CBC mode
+ rc2                Alias for rc2-cbc
+ rc2-cfb            128 bit RC2 in CBC mode
+ rc2-ecb            128 bit RC2 in CBC mode
+ rc2-ofb            128 bit RC2 in CBC mode
+ rc2-64-cbc         64 bit RC2 in CBC mode
+ rc2-40-cbc         40 bit RC2 in CBC mode
+
+ rc4                128 bit RC4
+ rc4-64             64 bit RC4
+ rc4-40             40 bit RC4
+
+ rc5-cbc            RC5 cipher in CBC mode
+ rc5                Alias for rc5-cbc
+ rc5-cfb            RC5 cipher in CBC mode
+ rc5-ecb            RC5 cipher in CBC mode
+ rc5-ofb            RC5 cipher in CBC mode
+
+=head1 EXAMPLES
+
+Just base64 encode a binary file:
+
+ openssl base64 -in file.bin -out file.b64
+
+Decode the same file
+
+ openssl base64 -d -in file.b64 -out file.bin 
+
+Encrypt a file using triple DES in CBC mode using a prompted password:
+
+ openssl des3 -salt -in file.txt -out file.des3 
+
+Decrypt a file using a supplied password:
+
+ openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword
+
+Encrypt a file then base64 encode it (so it can be sent via mail for example)
+using Blowfish in CBC mode:
+
+ openssl bf -a -salt -in file.txt -out file.bf
+
+Base64 decode a file then decrypt it:
+
+ openssl bf -d -salt -a -in file.bf -out file.txt
+
+Decrypt some data using a supplied 40 bit RC4 key:
+
+ openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405
+
+=head1 BUGS
+
+The B<-A> option when used with large files doesn't work properly.
+
+There should be an option to allow an iteration count to be included.
+
+The B<enc> program only supports a fixed number of algorithms with
+certain parameters. So if, for example, you want to use RC2 with a
+76 bit key or RC4 with an 84 bit key you can't use this program.
+
+=cut
diff --git a/doc/apps/gendsa.pod b/doc/apps/gendsa.pod
new file mode 100644
index 0000000000..74318fe7fb
--- /dev/null
+++ b/doc/apps/gendsa.pod
@@ -0,0 +1,58 @@
+=pod
+
+=head1 NAME
+
+gendsa - generate a DSA private key from a set of parameters
+
+=head1 SYNOPSIS
+
+B<openssl> B<gendsa>
+[B<-out filename>]
+[B<-des>]
+[B<-des3>]
+[B<-idea>]
+[B<-rand file(s)>]
+[B<paramfile>]
+
+=head1 DESCRIPTION
+
+The B<gendsa> command generates a DSA private key from a DSA parameter file
+(which will be typically generated by the B<openssl dsaparam> command).
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-des|-des3|-idea>
+
+These options encrypt the private key with the DES, triple DES, or the 
+IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
+If none of these options is specified no encryption is used.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item B<paramfile>
+
+This option specifies the DSA parameter file to use. The parameters in this
+file determine the size of the private key. DSA parameters can be generated
+and examined using the B<openssl dsaparam> command.
+
+=back
+
+=head1 NOTES
+
+DSA key generation is little more than random number generation so it is
+much quicker that RSA key generation for example.
+
+=head1 SEE ALSO
+
+L<dsaparam(1)|dsaparam(1)>, L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>,
+L<rsa(1)|rsa(1)>
+
+=cut
diff --git a/doc/apps/genrsa.pod b/doc/apps/genrsa.pod
new file mode 100644
index 0000000000..cdcc03c123
--- /dev/null
+++ b/doc/apps/genrsa.pod
@@ -0,0 +1,88 @@
+=pod
+
+=head1 NAME
+
+genrsa - generate an RSA private key
+
+=head1 SYNOPSIS
+
+B<openssl> B<genrsa>
+[B<-out filename>]
+[B<-passout arg>]
+[B<-des>]
+[B<-des3>]
+[B<-idea>]
+[B<-f4>]
+[B<-3>]
+[B<-rand file(s)>]
+[B<numbits>]
+
+=head1 DESCRIPTION
+
+The B<genrsa> command generates an RSA private key.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-out filename>
+
+the output filename. If this argument is not specified then standard output is
+used.  
+
+=item B<-passout arg>
+
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-des|-des3|-idea>
+
+These options encrypt the private key with the DES, triple DES, or the 
+IDEA ciphers respectively before outputting it. If none of these options is
+specified no encryption is used. If encryption is used a pass phrase is prompted
+for if it is not supplied via the B<-passout> argument.
+
+=item B<-F4|-3>
+
+the public exponent to use, either 65537 or 3. The default is 65537.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item B<numbits>
+
+the size of the private key to generate in bits. This must be the last option
+specified. The default is 512.
+
+=back
+
+=head1 NOTES
+
+RSA private key generation essentially involves the generation of two prime
+numbers. When generating a private key various symbols will be output to
+indicate the progress of the generation. A B<.> represents each number which
+has passed an initial sieve test, B<+> means a number has passed a single
+round of the Miller-Rabin primality test. A newline means that the number has
+passed all the prime tests (the actual number depends on the key size).
+
+Because key generation is a random process the time taken to generate a key
+may vary somewhat.
+
+=head1 BUGS
+
+A quirk of the prime generation algorithm is that it cannot generate small
+primes. Therefore the number of bits should not be less that 64. For typical
+private keys this will not matter because for security reasons they will
+be much larger (typically 1024 bits).
+
+=head1 SEE ALSO
+
+L<gendsa(1)|gendsa(1)>
+
+=cut
+
diff --git a/doc/apps/nseq.pod b/doc/apps/nseq.pod
new file mode 100644
index 0000000000..989c3108fb
--- /dev/null
+++ b/doc/apps/nseq.pod
@@ -0,0 +1,70 @@
+=pod
+
+=head1 NAME
+
+nseq - create or examine a netscape certificate sequence
+
+=head1 SYNOPSIS
+
+B<openssl> B<nseq>
+[B<-in filename>]
+[B<-out filename>]
+[B<-toseq>]
+
+=head1 DESCRIPTION
+
+The B<nseq> command takes a file containing a Netscape certificate
+sequence and prints out the certificates contained in it or takes a
+file of certificates and converts it into a Netscape certificate
+sequence.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-in filename>
+
+This specifies the input filename to read or standard input if this
+option is not specified.
+
+=item B<-out filename>
+
+specifies the output filename or standard output by default.
+
+=item B<-toseq>
+
+normally a Netscape certificate sequence will be input and the output
+is the certificates contained in it. With the B<-toseq> option the
+situation is reversed: a Netscape certificate sequence is created from
+a file of certificates.
+
+=back
+
+=head1 EXAMPLES
+
+Output the certificates in a Netscape certificate sequence
+
+ openssl nseq -in nseq.pem -out certs.pem
+
+Create a Netscape certificate sequence
+
+ openssl nseq -in certs.pem -toseq -out nseq.pem
+
+=head1 NOTES
+
+The B<PEM> encoded form uses the same headers and footers as a certificate:
+
+ -----BEGIN CERTIFICATE-----
+ -----END CERTIFICATE-----
+
+A Netscape certificate sequence is a Netscape specific form that can be sent
+to browsers as an alternative to the standard PKCS#7 format when several
+certificates are sent to the browser: for example during certificate enrollment.
+It is used by Netscape certificate server for example.
+
+=head1 BUGS
+
+This program needs a few more options: like allowing DER or PEM input and
+output files and allowing multiple certificate files to be used.
+
+=cut
diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod
new file mode 100644
index 0000000000..da201b95e6
--- /dev/null
+++ b/doc/apps/ocsp.pod
@@ -0,0 +1,348 @@
+=pod
+
+=head1 NAME
+
+ocsp - Online Certificate Status Protocol utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<ocsp>
+[B<-out file>]
+[B<-issuer file>]
+[B<-cert file>]
+[B<-serial n>]
+[B<-req_text>]
+[B<-resp_text>]
+[B<-text>]
+[B<-reqout file>]
+[B<-respout file>]
+[B<-reqin file>]
+[B<-respin file>]
+[B<-nonce>]
+[B<-no_nonce>]
+[B<-url responder_url>]
+[B<-host host:n>]
+[B<-path>]
+[B<-CApath file>]
+[B<-CAfile file>]
+[B<-VAfile file>]
+[B<-verify_certs file>]
+[B<-noverify>]
+[B<-trust_other>]
+[B<-no_intern>]
+[B<-no_sig_verify>]
+[B<-no_cert_verify>]
+[B<-no_chain>]
+[B<-no_cert_checks>]
+[B<-validity_period nsec>]
+[B<-status_age nsec>]
+
+=head1 DESCRIPTION
+
+B<WARNING: this documentation is preliminary and subject to change.>
+
+The Online Certificate Status Protocol (OCSP) enables applications to
+determine the (revocation) state of an identified certificate (RFC 2560).
+
+The B<ocsp> command performs many common OCSP tasks. It can be used
+to print out requests and responses, create requests and send queries
+to an OCSP responder and behave like a mini OCSP server itself.
+
+=head1 OCSP CLIENT OPTIONS
+
+=over 4
+
+=item B<-out filename>
+
+specify output filename, default is standard output.
+
+=item B<-issuer filename>
+
+This specifies the current issuer certificate. This option can be used
+multiple times. The certificate specified in B<filename> must be in
+PEM format.
+
+=item B<-cert filename>
+
+Add the certificate B<filename> to the request. The issuer certificate
+is taken from the previous B<issuer> option, or an error occurs if no
+issuer certificate is specified.
+
+=item B<-serial num>
+
+Same as the B<cert> option except the certificate with serial number
+B<num> is added to the request. The serial number is interpreted as a
+decimal integer unless preceded by B<0x>. Negative integers can also
+be specified by preceding the value by a B<-> sign.
+
+=item B<-signer filename>, B<-signkey filename>
+
+Sign the OCSP request using the certificate specified in the B<signer>
+option and the private key specified by the B<signkey> option. If
+the B<signkey> option is not present then the private key is read
+from the same file as the certificate. If neither option is specified then
+the OCSP request is not signed.
+
+=item B<-nonce>, B<-no_nonce>
+
+Add an OCSP nonce extension to a request or disable OCSP nonce addition.
+Normally if an OCSP request is input using the B<respin> option no
+nonce is added: using the B<nonce> option will force addition of a nonce.
+If an OCSP request is being created (using B<cert> and B<serial> options)
+a nonce is automatically added specifying B<no_nonce> overrides this.
+
+=item B<-req_text>, B<-resp_text>, B<-text>
+
+print out the text form of the OCSP request, response or both respectively.
+
+=item B<-reqout file>, B<-respout file>
+
+write out the DER encoded certificate request or response to B<file>.
+
+=item B<-reqin file>, B<-respin file>
+
+read OCSP request or response file from B<file>. These option are ignored
+if OCSP request or response creation is implied by other options (for example
+with B<serial>, B<cert> and B<host> options).
+
+=item B<-url responder_url>
+
+specify the responder URL. Both HTTP and HTTPS (SSL/TLS) URLs can be specified.
+
+=item B<-host hostname:port>, B<-path pathname>
+
+if the B<host> option is present then the OCSP request is sent to the host
+B<hostname> on port B<port>. B<path> specifies the HTTP path name to use
+or "/" by default.
+
+=item B<-CAfile file>, B<-CApath pathname>
+
+file or pathname containing trusted CA certificates. These are used to verify
+the signature on the OCSP response.
+
+=item B<-verify_certs file>
+
+file containing additional certificates to search when attempting to locate
+the OCSP response signing certificate. Some responders omit the actual signer's
+certificate from the response: this option can be used to supply the necessary
+certificate in such cases.
+
+=item B<-trust_other>
+
+the certificates specified by the B<-verify_certs> option should be explicitly
+trusted and no additional checks will be performed on them. This is useful
+when the complete responder certificate chain is not available or trusting a
+root CA is not appropriate.
+
+=item B<-VAfile file>
+
+file containing explicitly trusted responder certificates. Equivalent to the
+B<-verify_certs> and B<-trust_other> options.
+
+=item B<-noverify>
+
+don't attempt to verify the OCSP response signature or the nonce values. This
+option will normally only be used for debugging since it disables all verification
+of the responders certificate.
+
+=item B<-no_intern>
+
+ignore certificates contained in the OCSP response when searching for the
+signers certificate. With this option the signers certificate must be specified
+with either the B<-verify_certs> or B<-VAfile> options.
+
+=item B<-no_sig_verify>
+
+don't check the signature on the OCSP response. Since this option tolerates invalid
+signatures on OCSP responses it will normally only be used for testing purposes.
+
+=item B<-no_cert_verify>
+
+don't verify the OCSP response signers certificate at all. Since this option allows
+the OCSP response to be signed by any certificate it should only be used for
+testing purposes.
+
+=item B<-no_chain>
+
+do not use certificates in the response as additional untrusted CA
+certificates.
+
+=item B<-no_cert_checks>
+
+don't perform any additional checks on the OCSP response signers certificate.
+That is do not make any checks to see if the signers certificate is authorised
+to provide the necessary status information: as a result this option should
+only be used for testing purposes.
+
+=item B<-validity_period nsec>, B<-status_age age>
+
+these options specify the range of times, in seconds, which will be tolerated
+in an OCSP response. Each certificate status response includes a B<notBefore> time and
+an optional B<notAfter> time. The current time should fall between these two values, but
+the interval between the two times may be only a few seconds. In practice the OCSP
+responder and clients clocks may not be precisely synchronised and so such a check
+may fail. To avoid this the B<-validity_period> option can be used to specify an
+acceptable error range in seconds, the default value is 5 minutes.
+
+If the B<notAfter> time is omitted from a response then this means that new status
+information is immediately available. In this case the age of the B<notBefore> field
+is checked to see it is not older than B<age> seconds old. By default this additional
+check is not performed.
+
+=back
+
+=head1 OCSP SERVER OPTIONS
+
+=over 4
+
+=item B<-index indexfile>
+
+B<indexfile> is a text index file in B<ca> format containing certificate revocation
+information.
+
+If the B<index> option is specified the B<ocsp> utility is in responder mode, otherwise
+it is in client mode. The request(s) the responder processes can be either specified on
+the command line (using B<issuer> and B<serial> options), supplied in a file (using the
+B<respin> option) or via external OCSP clients (if B<port> or B<url> is specified).
+
+If the B<index> option is present then the B<CA> and B<rsigner> options must also be
+present.
+
+=item B<-CA file>
+
+CA certificate corresponding to the revocation information in B<indexfile>.
+
+=item B<-rsigner file>
+
+The certificate to sign OCSP responses with.
+
+=item B<-rother file>
+
+Additional certificates to include in the OCSP response.
+
+=item B<-resp_no_certs>
+
+Don't include any certificates in the OCSP response.
+
+=item B<-resp_key_id>
+
+Identify the signer certificate using the key ID, default is to use the subject name.
+
+=item B<-rkey file>
+
+The private key to sign OCSP responses with: if not present the file specified in the
+B<rsigner> option is used.
+
+=item B<-port portnum>
+
+Port to listen for OCSP requests on. The port may also be specified using the B<url>
+option.
+
+=item B<-nrequest number>
+
+The OCSP server will exit after receiving B<number> requests, default unlimited. 
+
+=item B<-nmin minutes>, B<-ndays days>
+
+Number of minutes or days when fresh revocation information is available: used in the
+B<nextUpdate> field. If neither option is present then the B<nextUpdate> field is 
+omitted meaning fresh revocation information is immediately available.
+
+=back
+
+=head1 OCSP Response verification.
+
+OCSP Response follows the rules specified in RFC2560.
+
+Initially the OCSP responder certificate is located and the signature on
+the OCSP request checked using the responder certificate's public key.
+
+Then a normal certificate verify is performed on the OCSP responder certificate
+building up a certificate chain in the process. The locations of the trusted
+certificates used to build the chain can be specified by the B<CAfile>
+and B<CApath> options or they will be looked for in the standard OpenSSL
+certificates directory.
+
+If the initial verify fails then the OCSP verify process halts with an
+error.
+
+Otherwise the issuing CA certificate in the request is compared to the OCSP
+responder certificate: if there is a match then the OCSP verify succeeds.
+
+Otherwise the OCSP responder certificate's CA is checked against the issuing
+CA certificate in the request. If there is a match and the OCSPSigning
+extended key usage is present in the OCSP responder certificate then the
+OCSP verify succeeds.
+
+Otherwise the root CA of the OCSP responders CA is checked to see if it
+is trusted for OCSP signing. If it is the OCSP verify succeeds.
+
+If none of these checks is successful then the OCSP verify fails.
+
+What this effectively means if that if the OCSP responder certificate is
+authorised directly by the CA it is issuing revocation information about
+(and it is correctly configured) then verification will succeed.
+
+If the OCSP responder is a "global responder" which can give details about
+multiple CAs and has its own separate certificate chain then its root
+CA can be trusted for OCSP signing. For example:
+
+ openssl x509 -in ocspCA.pem -addtrust OCSPSigning -out trustedCA.pem
+
+Alternatively the responder certificate itself can be explicitly trusted
+with the B<-VAfile> option.
+
+=head1 NOTES
+
+As noted, most of the verify options are for testing or debugging purposes.
+Normally only the B<-CApath>, B<-CAfile> and (if the responder is a 'global
+VA') B<-VAfile> options need to be used.
+
+The OCSP server is only useful for test and demonstration purposes: it is
+not really usable as a full OCSP responder. It contains only a very
+simple HTTP request handling and can only handle the POST form of OCSP
+queries. It also handles requests serially meaning it cannot respond to
+new requests until it has processed the current one. The text index file
+format of revocation is also inefficient for large quantities of revocation
+data.
+
+It is possible to run the B<ocsp> application in responder mode via a CGI
+script using the B<respin> and B<respout> options.
+
+=head1 EXAMPLES
+
+Create an OCSP request and write it to a file:
+
+ openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der
+
+Send a query to an OCSP responder with URL http://ocsp.myhost.com/ save the 
+response to a file and print it out in text form
+
+ openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \
+     -url http://ocsp.myhost.com/ -resp_text -respout resp.der
+
+Read in an OCSP response and print out text form:
+
+ openssl ocsp -respin resp.der -text
+
+OCSP server on port 8888 using a standard B<ca> configuration, and a separate
+responder certificate. All requests and responses are printed to a file.
+
+ openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
+	-text -out log.txt
+
+As above but exit after processing one request:
+
+ openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
+     -nrequest 1
+
+Query status information using internally generated request:
+
+ openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
+     -issuer demoCA/cacert.pem -serial 1
+
+Query status information using request read from a file, write response to a
+second file.
+
+ openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
+     -reqin req.der -respout resp.der
diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod
new file mode 100644
index 0000000000..07dd80eabe
--- /dev/null
+++ b/doc/apps/openssl.pod
@@ -0,0 +1,344 @@
+
+=pod
+
+=head1 NAME
+
+openssl - OpenSSL command line tool
+
+=head1 SYNOPSIS
+
+B<openssl>
+I<command>
+[ I<command_opts> ]
+[ I<command_args> ]
+
+B<openssl> [ B<list-standard-commands> | B<list-message-digest-commands> | B<list-cipher-commands> ]
+
+B<openssl> B<no->I<XXX> [ I<arbitrary options> ]
+
+=head1 DESCRIPTION
+
+OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL
+v2/v3) and Transport Layer Security (TLS v1) network protocols and related
+cryptography standards required by them.
+
+The B<openssl> program is a command line tool for using the various
+cryptography functions of OpenSSL's B<crypto> library from the shell. 
+It can be used for 
+
+ o  Creation of RSA, DH and DSA key parameters
+ o  Creation of X.509 certificates, CSRs and CRLs 
+ o  Calculation of Message Digests
+ o  Encryption and Decryption with Ciphers
+ o  SSL/TLS Client and Server Tests
+ o  Handling of S/MIME signed or encrypted mail
+
+=head1 COMMAND SUMMARY
+
+The B<openssl> program provides a rich variety of commands (I<command> in the
+SYNOPSIS above), each of which often has a wealth of options and arguments
+(I<command_opts> and I<command_args> in the SYNOPSIS).
+
+The pseudo-commands B<list-standard-commands>, B<list-message-digest-commands>,
+and B<list-cipher-commands> output a list (one entry per line) of the names
+of all standard commands, message digest commands, or cipher commands,
+respectively, that are available in the present B<openssl> utility.
+
+The pseudo-command B<no->I<XXX> tests whether a command of the
+specified name is available.  If no command named I<XXX> exists, it
+returns 0 (success) and prints B<no->I<XXX>; otherwise it returns 1
+and prints I<XXX>.  In both cases, the output goes to B<stdout> and
+nothing is printed to B<stderr>.  Additional command line arguments
+are always ignored.  Since for each cipher there is a command of the
+same name, this provides an easy way for shell scripts to test for the
+availability of ciphers in the B<openssl> program.  (B<no->I<XXX> is
+not able to detect pseudo-commands such as B<quit>,
+B<list->I<...>B<-commands>, or B<no->I<XXX> itself.)
+
+=head2 STANDARD COMMANDS
+
+=over 10
+
+=item L<B<asn1parse>|asn1parse(1)>
+
+Parse an ASN.1 sequence.
+
+=item L<B<ca>|ca(1)>
+
+Certificate Authority (CA) Management.  
+
+=item L<B<ciphers>|ciphers(1)>
+
+Cipher Suite Description Determination.
+
+=item L<B<crl>|crl(1)>
+
+Certificate Revocation List (CRL) Management.
+
+=item L<B<crl2pkcs7>|crl2pkcs7(1)>
+
+CRL to PKCS#7 Conversion.
+
+=item L<B<dgst>|dgst(1)>
+
+Message Digest Calculation.
+
+=item B<dh>
+
+Diffie-Hellman Parameter Management.
+Obsoleted by L<B<dhparam>|dhparam(1)>.
+
+=item L<B<dsa>|dsa(1)>
+
+DSA Data Management.
+
+=item L<B<dsaparam>|dsaparam(1)>
+
+DSA Parameter Generation.
+
+=item L<B<enc>|enc(1)>
+
+Encoding with Ciphers.
+
+=item L<B<errstr>|errstr(1)>
+
+Error Number to Error String Conversion.
+
+=item L<B<dhparam>|dhparam(1)>
+
+Generation and Management of Diffie-Hellman Parameters.
+
+=item B<gendh>
+
+Generation of Diffie-Hellman Parameters.
+Obsoleted by L<B<dhparam>|dhparam(1)>.
+
+=item L<B<gendsa>|gendsa(1)>
+
+Generation of DSA Parameters.
+
+=item L<B<genrsa>|genrsa(1)>
+
+Generation of RSA Parameters.
+
+=item L<B<ocsp>|ocsp(1)>
+
+Online Certificate Status Protocol utility.
+
+=item L<B<passwd>|passwd(1)>
+
+Generation of hashed passwords.
+
+=item L<B<pkcs12>|pkcs12(1)>
+
+PKCS#12 Data Management.
+
+=item L<B<pkcs7>|pkcs7(1)>
+
+PKCS#7 Data Management.
+
+=item L<B<rand>|rand(1)>
+
+Generate pseudo-random bytes.
+
+=item L<B<req>|req(1)>
+
+X.509 Certificate Signing Request (CSR) Management.
+
+=item L<B<rsa>|rsa(1)>
+
+RSA Data Management.
+
+=item L<B<rsautl>|rsautl(1)>
+
+RSA utility for signing, verification, encryption, and decryption.
+
+=item L<B<s_client>|s_client(1)>
+
+This implements a generic SSL/TLS client which can establish a transparent
+connection to a remote server speaking SSL/TLS. It's intended for testing
+purposes only and provides only rudimentary interface functionality but
+internally uses mostly all functionality of the OpenSSL B<ssl> library.
+
+=item L<B<s_server>|s_server(1)>
+
+This implements a generic SSL/TLS server which accepts connections from remote
+clients speaking SSL/TLS. It's intended for testing purposes only and provides
+only rudimentary interface functionality but internally uses mostly all
+functionality of the OpenSSL B<ssl> library.  It provides both an own command
+line oriented protocol for testing SSL functions and a simple HTTP response
+facility to emulate an SSL/TLS-aware webserver.
+
+=item L<B<s_time>|s_time(1)>
+
+SSL Connection Timer.
+
+=item L<B<sess_id>|sess_id(1)>
+
+SSL Session Data Management.
+
+=item L<B<smime>|smime(1)>
+
+S/MIME mail processing.
+
+=item L<B<speed>|speed(1)>
+
+Algorithm Speed Measurement.
+
+=item L<B<verify>|verify(1)>
+
+X.509 Certificate Verification.
+
+=item L<B<version>|version(1)>
+
+OpenSSL Version Information.
+
+=item L<B<x509>|x509(1)>
+
+X.509 Certificate Data Management.
+
+=back
+
+=head2 MESSAGE DIGEST COMMANDS
+
+=over 10
+
+=item B<md2>
+
+MD2 Digest
+
+=item B<md5>
+
+MD5 Digest
+
+=item B<mdc2>
+
+MDC2 Digest
+
+=item B<rmd160>
+
+RMD-160 Digest
+
+=item B<sha>            
+
+SHA Digest
+
+=item B<sha1>           
+
+SHA-1 Digest
+
+=back
+
+=head2 ENCODING AND CIPHER COMMANDS
+
+=over 10
+
+=item B<base64>
+
+Base64 Encoding
+
+=item B<bf bf-cbc bf-cfb bf-ecb bf-ofb>
+
+Blowfish Cipher
+
+=item B<cast cast-cbc>
+
+CAST Cipher
+
+=item B<cast5-cbc cast5-cfb cast5-ecb cast5-ofb>
+
+CAST5 Cipher
+
+=item B<des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb>
+
+DES Cipher
+
+=item B<des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb>
+
+Triple-DES Cipher
+
+=item B<idea idea-cbc idea-cfb idea-ecb idea-ofb>
+
+IDEA Cipher
+
+=item B<rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb>
+
+RC2 Cipher
+
+=item B<rc4>
+
+RC4 Cipher
+
+=item B<rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb>
+
+RC5 Cipher
+
+=back
+
+=head1 PASS PHRASE ARGUMENTS
+
+Several commands accept password arguments, typically using B<-passin>
+and B<-passout> for input and output passwords respectively. These allow
+the password to be obtained from a variety of sources. Both of these
+options take a single argument whose format is described below. If no
+password argument is given and a password is required then the user is
+prompted to enter one: this will typically be read from the current
+terminal with echoing turned off.
+
+=over 10
+
+=item B<pass:password>
+
+the actual password is B<password>. Since the password is visible
+to utilities (like 'ps' under Unix) this form should only be used
+where security is not important.
+
+=item B<env:var>
+
+obtain the password from the environment variable B<var>. Since
+the environment of other processes is visible on certain platforms
+(e.g. ps under certain Unix OSes) this option should be used with caution.
+
+=item B<file:pathname>
+
+the first line of B<pathname> is the password. If the same B<pathname>
+argument is supplied to B<-passin> and B<-passout> arguments then the first
+line will be used for the input password and the next line for the output
+password. B<pathname> need not refer to a regular file: it could for example
+refer to a device or named pipe.
+
+=item B<fd:number>
+
+read the password from the file descriptor B<number>. This can be used to
+send the data via a pipe for example.
+
+=item B<stdin>
+
+read the password from standard input.
+
+=back
+
+=head1 SEE ALSO
+
+L<asn1parse(1)|asn1parse(1)>, L<ca(1)|ca(1)>, L<config(5)|config(5)>,
+L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkcs7(1)>, L<dgst(1)|dgst(1)>,
+L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>,
+L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>,
+L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>,
+L<passwd(1)|passwd(1)>,
+L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
+L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>,
+L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>,
+L<s_server(1)|s_server(1)>, L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
+L<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>,
+L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)> 
+
+=head1 HISTORY
+
+The openssl(1) document appeared in OpenSSL 0.9.2.
+The B<list->I<XXX>B<-commands> pseudo-commands were added in OpenSSL 0.9.3;
+the B<no->I<XXX> pseudo-commands were added in OpenSSL 0.9.5a.
+For notes on the availability of other commands, see their individual
+manual pages.
+
+=cut
diff --git a/doc/apps/passwd.pod b/doc/apps/passwd.pod
new file mode 100644
index 0000000000..f44982549b
--- /dev/null
+++ b/doc/apps/passwd.pod
@@ -0,0 +1,82 @@
+=pod
+
+=head1 NAME
+
+passwd - compute password hashes
+
+=head1 SYNOPSIS
+
+B<openssl passwd>
+[B<-crypt>]
+[B<-1>]
+[B<-apr1>]
+[B<-salt> I<string>]
+[B<-in> I<file>]
+[B<-stdin>]
+[B<-noverify>]
+[B<-quiet>]
+[B<-table>]
+{I<password>}
+
+=head1 DESCRIPTION
+
+The B<passwd> command computes the hash of a password typed at
+run-time or the hash of each password in a list.  The password list is
+taken from the named file for option B<-in file>, from stdin for
+option B<-stdin>, or from the command line, or from the terminal otherwise.
+The Unix standard algorithm B<crypt> and the MD5-based BSD password
+algorithm B<1> and its Apache variant B<apr1> are available.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-crypt>
+
+Use the B<crypt> algorithm (default).
+
+=item B<-1>
+
+Use the MD5 based BSD password algorithm B<1>.
+
+=item B<-apr1>
+
+Use the B<apr1> algorithm (Apache variant of the BSD algorithm).
+
+=item B<-salt> I<string>
+
+Use the specified salt.
+When reading a password from the terminal, this implies B<-noverify>.
+
+=item B<-in> I<file>
+
+Read passwords from I<file>.
+
+=item B<-stdin>
+
+Read passwords from B<stdin>.
+
+=item B<-noverify>
+
+Don't verify when reading a password from the terminal.
+
+=item B<-quiet>
+
+Don't output warnings when passwords given at the command line are truncated.
+
+=item B<-table>
+
+In the output list, prepend the cleartext password and a TAB character
+to each password hash.
+
+=back
+
+=head1 EXAMPLES
+
+B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
+
+B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>.
+
+B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
+
+=cut
diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod
new file mode 100644
index 0000000000..7d84146293
--- /dev/null
+++ b/doc/apps/pkcs12.pod
@@ -0,0 +1,330 @@
+
+=pod
+
+=head1 NAME
+
+pkcs12 - PKCS#12 file utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<pkcs12>
+[B<-export>]
+[B<-chain>]
+[B<-inkey filename>]
+[B<-certfile filename>]
+[B<-name name>]
+[B<-caname name>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-noout>]
+[B<-nomacver>]
+[B<-nocerts>]
+[B<-clcerts>]
+[B<-cacerts>]
+[B<-nokeys>]
+[B<-info>]
+[B<-des>]
+[B<-des3>]
+[B<-idea>]
+[B<-nodes>]
+[B<-noiter>]
+[B<-maciter>]
+[B<-twopass>]
+[B<-descert>]
+[B<-certpbe>]
+[B<-keypbe>]
+[B<-keyex>]
+[B<-keysig>]
+[B<-password arg>]
+[B<-passin arg>]
+[B<-passout arg>]
+[B<-rand file(s)>]
+
+=head1 DESCRIPTION
+
+The B<pkcs12> command allows PKCS#12 files (sometimes referred to as
+PFX files) to be created and parsed. PKCS#12 files are used by several
+programs including Netscape, MSIE and MS Outlook.
+
+=head1 COMMAND OPTIONS
+
+There are a lot of options the meaning of some depends of whether a PKCS#12 file
+is being created or parsed. By default a PKCS#12 file is parsed a PKCS#12
+file can be created by using the B<-export> option (see below).
+
+=head1 PARSING OPTIONS
+
+=over 4
+
+=item B<-in filename>
+
+This specifies filename of the PKCS#12 file to be parsed. Standard input is used
+by default.
+
+=item B<-out filename>
+
+The filename to write certificates and private keys to, standard output by default.
+They are all written in PEM format.
+
+=item B<-pass arg>, B<-passin arg>
+
+the PKCS#12 file (i.e. input file) password source. For more information about the
+format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
+L<openssl(1)|openssl(1)>.
+
+=item B<-passout arg>
+
+pass phrase source to encrypt any outputed private keys with. For more information
+about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
+L<openssl(1)|openssl(1)>.
+
+=item B<-noout>
+
+this option inhibits output of the keys and certificates to the output file version
+of the PKCS#12 file.
+
+=item B<-clcerts>
+
+only output client certificates (not CA certificates).
+
+=item B<-cacerts>
+
+only output CA certificates (not client certificates).
+
+=item B<-nocerts>
+
+no certificates at all will be output.
+
+=item B<-nokeys>
+
+no private keys will be output.
+
+=item B<-info>
+
+output additional information about the PKCS#12 file structure, algorithms used and
+iteration counts.
+
+=item B<-des>
+
+use DES to encrypt private keys before outputting.
+
+=item B<-des3>
+
+use triple DES to encrypt private keys before outputting, this is the default.
+
+=item B<-idea>
+
+use IDEA to encrypt private keys before outputting.
+
+=item B<-nodes>
+
+don't encrypt the private keys at all.
+
+=item B<-nomacver>
+
+don't attempt to verify the integrity MAC before reading the file.
+
+=item B<-twopass>
+
+prompt for separate integrity and encryption passwords: most software
+always assumes these are the same so this option will render such
+PKCS#12 files unreadable.
+
+=back
+
+=head1 FILE CREATION OPTIONS
+
+=over 4
+
+=item B<-export>
+
+This option specifies that a PKCS#12 file will be created rather than
+parsed.
+
+=item B<-out filename>
+
+This specifies filename to write the PKCS#12 file to. Standard output is used
+by default.
+
+=item B<-in filename>
+
+The filename to read certificates and private keys from, standard input by default.
+They must all be in PEM format. The order doesn't matter but one private key and
+its corresponding certificate should be present. If additional certificates are
+present they will also be included in the PKCS#12 file.
+
+=item B<-inkey filename>
+
+file to read private key from. If not present then a private key must be present
+in the input file.
+
+=item B<-name friendlyname>
+
+This specifies the "friendly name" for the certificate and private key. This name
+is typically displayed in list boxes by software importing the file.
+
+=item B<-certfile filename>
+
+A filename to read additional certificates from.
+
+=item B<-caname friendlyname>
+
+This specifies the "friendly name" for other certificates. This option may be
+used multiple times to specify names for all certificates in the order they
+appear. Netscape ignores friendly names on other certificates whereas MSIE
+displays them.
+
+=item B<-pass arg>, B<-passout arg>
+
+the PKCS#12 file (i.e. output file) password source. For more information about
+the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
+L<openssl(1)|openssl(1)>.
+
+=item B<-passin password>
+
+pass phrase source to decrypt any input private keys with. For more information
+about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
+L<openssl(1)|openssl(1)>.
+
+=item B<-chain>
+
+if this option is present then an attempt is made to include the entire
+certificate chain of the user certificate. The standard CA store is used
+for this search. If the search fails it is considered a fatal error.
+
+=item B<-descert>
+
+encrypt the certificate using triple DES, this may render the PKCS#12
+file unreadable by some "export grade" software. By default the private
+key is encrypted using triple DES and the certificate using 40 bit RC2.
+
+=item B<-keypbe alg>, B<-certpbe alg>
+
+these options allow the algorithm used to encrypt the private key and
+certificates to be selected. Although any PKCS#5 v1.5 or PKCS#12 algorithms
+can be selected it is advisable only to use PKCS#12 algorithms. See the list
+in the B<NOTES> section for more information.
+
+=item B<-keyex|-keysig>
+
+specifies that the private key is to be used for key exchange or just signing.
+This option is only interpreted by MSIE and similar MS software. Normally
+"export grade" software will only allow 512 bit RSA keys to be used for
+encryption purposes but arbitrary length keys for signing. The B<-keysig>
+option marks the key for signing only. Signing only keys can be used for
+S/MIME signing, authenticode (ActiveX control signing)  and SSL client
+authentication, however due to a bug only MSIE 5.0 and later support
+the use of signing only keys for SSL client authentication.
+
+=item B<-nomaciter>, B<-noiter>
+
+these options affect the iteration counts on the MAC and key algorithms.
+Unless you wish to produce files compatible with MSIE 4.0 you should leave
+these options alone.
+
+To discourage attacks by using large dictionaries of common passwords the
+algorithm that derives keys from passwords can have an iteration count applied
+to it: this causes a certain part of the algorithm to be repeated and slows it
+down. The MAC is used to check the file integrity but since it will normally
+have the same password as the keys and certificates it could also be attacked.
+By default both MAC and encryption iteration counts are set to 2048, using
+these options the MAC and encryption iteration counts can be set to 1, since
+this reduces the file security you should not use these options unless you
+really have to. Most software supports both MAC and key iteration counts.
+MSIE 4.0 doesn't support MAC iteration counts so it needs the B<-nomaciter>
+option.
+
+=item B<-maciter>
+
+This option is included for compatibility with previous versions, it used
+to be needed to use MAC iterations counts but they are now used by default.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=back
+
+=head1 NOTES
+
+Although there are a large number of options most of them are very rarely
+used. For PKCS#12 file parsing only B<-in> and B<-out> need to be used
+for PKCS#12 file creation B<-export> and B<-name> are also used.
+
+If none of the B<-clcerts>, B<-cacerts> or B<-nocerts> options are present
+then all certificates will be output in the order they appear in the input
+PKCS#12 files. There is no guarantee that the first certificate present is
+the one corresponding to the private key. Certain software which requires
+a private key and certificate and assumes the first certificate in the
+file is the one corresponding to the private key: this may not always
+be the case. Using the B<-clcerts> option will solve this problem by only
+outputting the certificate corresponding to the private key. If the CA
+certificates are required then they can be output to a separate file using
+the B<-nokeys -cacerts> options to just output CA certificates.
+
+The B<-keypbe> and B<-certpbe> algorithms allow the precise encryption
+algorithms for private keys and certificates to be specified. Normally
+the defaults are fine but occasionally software can't handle triple DES
+encrypted private keys, then the option B<-keypbe PBE-SHA1-RC2-40> can
+be used to reduce the private key encryption to 40 bit RC2. A complete
+description of all algorithms is contained in the B<pkcs8> manual page.
+
+=head1 EXAMPLES
+
+Parse a PKCS#12 file and output it to a file:
+
+ openssl pkcs12 -in file.p12 -out file.pem
+
+Output only client certificates to a file:
+
+ openssl pkcs12 -in file.p12 -clcerts -out file.pem
+
+Don't encrypt the private key:
+ 
+ openssl pkcs12 -in file.p12 -out file.pem -nodes
+
+Print some info about a PKCS#12 file:
+
+ openssl pkcs12 -in file.p12 -info -noout
+
+Create a PKCS#12 file:
+
+ openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate"
+
+Include some extra certificates:
+
+ openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" \
+  -certfile othercerts.pem
+
+=head1 BUGS
+
+Some would argue that the PKCS#12 standard is one big bug :-)
+
+Versions of OpenSSL before 0.9.6a had a bug in the PKCS#12 key generation
+routines. Under rare circumstances this could produce a PKCS#12 file encrypted
+with an invalid key. As a result some PKCS#12 files which triggered this bug
+from other implementations (MSIE or Netscape) could not be decrypted
+by OpenSSL and similarly OpenSSL could produce PKCS#12 files which could
+not be decrypted by other implementations. The chances of producing such
+a file are relatively small: less than 1 in 256.
+
+A side effect of fixing this bug is that any old invalidly encrypted PKCS#12
+files cannot no longer be parsed by the fixed version. Under such circumstances
+the B<pkcs12> utility will report that the MAC is OK but fail with a decryption
+error when extracting private keys.
+
+This problem can be resolved by extracting the private keys and certificates
+from the PKCS#12 file using an older version of OpenSSL and recreating the PKCS#12
+file from the keys and certificates using a newer version of OpenSSL. For example:
+
+ old-openssl -in bad.p12 -out keycerts.pem
+ openssl -in keycerts.pem -export -name "My PKCS#12 file" -out fixed.p12
+
+=head1 SEE ALSO
+
+L<pkcs8(1)|pkcs8(1)>
+
diff --git a/doc/apps/pkcs7.pod b/doc/apps/pkcs7.pod
new file mode 100644
index 0000000000..9871c0e0cd
--- /dev/null
+++ b/doc/apps/pkcs7.pod
@@ -0,0 +1,97 @@
+=pod
+
+=head1 NAME
+
+pkcs7 - PKCS#7 utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<pkcs7>
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-print_certs>]
+[B<-text>]
+[B<-noout>]
+
+=head1 DESCRIPTION
+
+The B<pkcs7> command processes PKCS#7 files in DER or PEM format.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. B<DER> format is DER encoded PKCS#7
+v1.5 structure.B<PEM> (the default) is a base64 encoded version of
+the DER form with header and footer lines.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the 
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read from or standard input if this
+option is not specified.
+
+=item B<-out filename>
+
+specifies the output filename to write to or standard output by
+default.
+
+=item B<-print_certs>
+
+prints out any certificates or CRLs contained in the file. They are
+preceded by their subject and issuer names in one line format.
+
+=item B<-text>
+
+prints out certificates details in full rather than just subject and
+issuer names.
+
+=item B<-noout>
+
+don't output the encoded version of the PKCS#7 structure (or certificates
+is B<-print_certs> is set).
+
+=back
+
+=head1 EXAMPLES
+
+Convert a PKCS#7 file from PEM to DER:
+
+ openssl pkcs7 -in file.pem -outform DER -out file.der
+
+Output all certificates in a file:
+
+ openssl pkcs7 -in file.pem -print_certs -out certs.pem
+
+=head1 NOTES
+
+The PEM PKCS#7 format uses the header and footer lines:
+
+ -----BEGIN PKCS7-----
+ -----END PKCS7-----
+
+For compatibility with some CAs it will also accept:
+
+ -----BEGIN CERTIFICATE-----
+ -----END CERTIFICATE-----
+
+=head1 RESTRICTIONS
+
+There is no option to print out all the fields of a PKCS#7 file.
+
+This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC2315 they 
+cannot currently parse, for example, the new CMS as described in RFC2630.
+
+=head1 SEE ALSO
+
+L<crl2pkcs7(1)|crl2pkcs7(1)>
+
+=cut
diff --git a/doc/apps/pkcs8.pod b/doc/apps/pkcs8.pod
new file mode 100644
index 0000000000..a56b2dd002
--- /dev/null
+++ b/doc/apps/pkcs8.pod
@@ -0,0 +1,235 @@
+=pod
+
+=head1 NAME
+
+pkcs8 - PKCS#8 format private key conversion tool
+
+=head1 SYNOPSIS
+
+B<openssl> B<pkcs8>
+[B<-topk8>]
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-passin arg>]
+[B<-out filename>]
+[B<-passout arg>]
+[B<-noiter>]
+[B<-nocrypt>]
+[B<-nooct>]
+[B<-embed>]
+[B<-nsdb>]
+[B<-v2 alg>]
+[B<-v1 alg>]
+
+=head1 DESCRIPTION
+
+The B<pkcs8> command processes private keys in PKCS#8 format. It can handle
+both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo
+format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-topk8>
+
+Normally a PKCS#8 private key is expected on input and a traditional format
+private key will be written. With the B<-topk8> option the situation is
+reversed: it reads a traditional format private key and writes a PKCS#8
+format key.
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. If a PKCS#8 format key is expected on input
+then either a B<DER> or B<PEM> encoded version of a PKCS#8 key will be
+expected. Otherwise the B<DER> or B<PEM> format of the traditional format
+private key is used.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the 
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read a key from or standard input if this
+option is not specified. If the key is encrypted a pass phrase will be
+prompted for.
+
+=item B<-passin arg>
+
+the input file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-out filename>
+
+This specifies the output filename to write a key to or standard output by
+default. If any encryption options are set then a pass phrase will be
+prompted for. The output filename should B<not> be the same as the input
+filename.
+
+=item B<-passout arg>
+
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-nocrypt>
+
+PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo
+structures using an appropriate password based encryption algorithm. With
+this option an unencrypted PrivateKeyInfo structure is expected or output.
+This option does not encrypt private keys at all and should only be used
+when absolutely necessary. Certain software such as some versions of Java
+code signing software used unencrypted private keys.
+
+=item B<-nooct>
+
+This option generates RSA private keys in a broken format that some software
+uses. Specifically the private key should be enclosed in a OCTET STRING
+but some software just includes the structure itself without the
+surrounding OCTET STRING.
+
+=item B<-embed>
+
+This option generates DSA keys in a broken format. The DSA parameters are
+embedded inside the PrivateKey structure. In this form the OCTET STRING
+contains an ASN1 SEQUENCE consisting of two structures: a SEQUENCE containing
+the parameters and an ASN1 INTEGER containing the private key.
+
+=item B<-nsdb>
+
+This option generates DSA keys in a broken format compatible with Netscape
+private key databases. The PrivateKey contains a SEQUENCE consisting of
+the public and private keys respectively.
+
+=item B<-v2 alg>
+
+This option enables the use of PKCS#5 v2.0 algorithms. Normally PKCS#8
+private keys are encrypted with the password based encryption algorithm
+called B<pbeWithMD5AndDES-CBC> this uses 56 bit DES encryption but it
+was the strongest encryption algorithm supported in PKCS#5 v1.5. Using 
+the B<-v2> option PKCS#5 v2.0 algorithms are used which can use any
+encryption algorithm such as 168 bit triple DES or 128 bit RC2 however
+not many implementations support PKCS#5 v2.0 yet. If you are just using
+private keys with OpenSSL then this doesn't matter.
+
+The B<alg> argument is the encryption algorithm to use, valid values include
+B<des>, B<des3> and B<rc2>. It is recommended that B<des3> is used.
+
+=item B<-v1 alg>
+
+This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete
+list of possible algorithms is included below.
+
+=back
+
+=head1 NOTES
+
+The encrypted form of a PEM encode PKCS#8 files uses the following
+headers and footers:
+
+ -----BEGIN ENCRYPTED PRIVATE KEY-----
+ -----END ENCRYPTED PRIVATE KEY-----
+
+The unencrypted form uses:
+
+ -----BEGIN PRIVATE KEY-----
+ -----END PRIVATE KEY-----
+
+Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration
+counts are more secure that those encrypted using the traditional
+SSLeay compatible formats. So if additional security is considered
+important the keys should be converted.
+
+The default encryption is only 56 bits because this is the encryption
+that most current implementations of PKCS#8 will support.
+
+Some software may use PKCS#12 password based encryption algorithms
+with PKCS#8 format private keys: these are handled automatically
+but there is no option to produce them.
+
+It is possible to write out DER encoded encrypted private keys in
+PKCS#8 format because the encryption details are included at an ASN1
+level whereas the traditional format includes them at a PEM level.
+
+=head1 PKCS#5 v1.5 and PKCS#12 algorithms.
+
+Various algorithms can be used with the B<-v1> command line option,
+including PKCS#5 v1.5 and PKCS#12. These are described in more detail
+below.
+
+=over 4
+
+=item B<PBE-MD2-DES PBE-MD5-DES>
+
+These algorithms were included in the original PKCS#5 v1.5 specification.
+They only offer 56 bits of protection since they both use DES.
+
+=item B<PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES>
+
+These algorithms are not mentioned in the original PKCS#5 v1.5 specification
+but they use the same key derivation algorithm and are supported by some
+software. They are mentioned in PKCS#5 v2.0. They use either 64 bit RC2 or
+56 bit DES.
+
+=item B<PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40>
+
+These algorithms use the PKCS#12 password based encryption algorithm and
+allow strong encryption algorithms like triple DES or 128 bit RC2 to be used.
+
+=back
+
+=head1 EXAMPLES
+
+Convert a private from traditional to PKCS#5 v2.0 format using triple
+DES:
+
+ openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem
+
+Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm
+(DES):
+
+ openssl pkcs8 -in key.pem -topk8 -out enckey.pem
+
+Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm
+(3DES):
+
+ openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES
+
+Read a DER unencrypted PKCS#8 format private key:
+
+ openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem
+
+Convert a private key from any PKCS#8 format to traditional format:
+
+ openssl pkcs8 -in pk8.pem -out key.pem
+
+=head1 STANDARDS
+
+Test vectors from this PKCS#5 v2.0 implementation were posted to the
+pkcs-tng mailing list using triple DES, DES and RC2 with high iteration
+counts, several people confirmed that they could decrypt the private
+keys produced and Therefore it can be assumed that the PKCS#5 v2.0
+implementation is reasonably accurate at least as far as these
+algorithms are concerned.
+
+The format of PKCS#8 DSA (and other) private keys is not well documented:
+it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default DSA
+PKCS#8 private key format complies with this standard.
+
+=head1 BUGS
+
+There should be an option that prints out the encryption algorithm
+in use and other details such as the iteration count.
+
+PKCS#8 using triple DES and PKCS#5 v2.0 should be the default private
+key format for OpenSSL: for compatibility several of the utilities use
+the old format at present.
+
+=head1 SEE ALSO
+
+L<dsa(1)|dsa(1)>, L<rsa(1)|rsa(1)>, L<genrsa(1)|genrsa(1)>,
+L<gendsa(1)|gendsa(1)> 
+
+=cut
diff --git a/doc/apps/rand.pod b/doc/apps/rand.pod
new file mode 100644
index 0000000000..75745ca002
--- /dev/null
+++ b/doc/apps/rand.pod
@@ -0,0 +1,50 @@
+=pod
+
+=head1 NAME
+
+rand - generate pseudo-random bytes
+
+=head1 SYNOPSIS
+
+B<openssl rand>
+[B<-out> I<file>]
+[B<-rand> I<file(s)>]
+[B<-base64>]
+I<num>
+
+=head1 DESCRIPTION
+
+The B<rand> command outputs I<num> pseudo-random bytes after seeding
+the random number generator once.  As in other B<openssl> command
+line tools, PRNG seeding uses the file I<$HOME/>B<.rnd> or B<.rnd>
+in addition to the files given in the B<-rand> option.  A new
+I<$HOME>/B<.rnd> or B<.rnd> file will be written back if enough
+seeding was obtained from these sources.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-out> I<file>
+
+Write to I<file> instead of standard output.
+
+=item B<-rand> I<file(s)>
+
+Use specified file or files or EGD socket (see L<RAND_egd(3)|RAND_egd(3)>)
+for seeding the random number generator.
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item B<-base64>
+
+Perform base64 encoding on the output.
+
+=back
+
+=head1 SEE ALSO
+
+L<RAND_bytes(3)|RAND_bytes(3)>
+
+=cut
diff --git a/doc/apps/req.pod b/doc/apps/req.pod
new file mode 100644
index 0000000000..7a3b6bb99d
--- /dev/null
+++ b/doc/apps/req.pod
@@ -0,0 +1,593 @@
+
+=pod
+
+=head1 NAME
+
+req - PKCS#10 certificate request and certificate generating utility.
+
+=head1 SYNOPSIS
+
+B<openssl> B<req>
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-passin arg>]
+[B<-out filename>]
+[B<-passout arg>]
+[B<-text>]
+[B<-pubkey>]
+[B<-noout>]
+[B<-verify>]
+[B<-modulus>]
+[B<-new>]
+[B<-rand file(s)>]
+[B<-newkey rsa:bits>]
+[B<-newkey dsa:file>]
+[B<-nodes>]
+[B<-key filename>]
+[B<-keyform PEM|DER>]
+[B<-keyout filename>]
+[B<-[md5|sha1|md2|mdc2]>]
+[B<-config filename>]
+[B<-subj arg>]
+[B<-x509>]
+[B<-days n>]
+[B<-set_serial n>]
+[B<-asn1-kludge>]
+[B<-newhdr>]
+[B<-extensions section>]
+[B<-reqexts section>]
+[B<-utf8>]
+[B<-nameopt>]
+[B<-batch>]
+[B<-verbose>]
+
+=head1 DESCRIPTION
+
+The B<req> command primarily creates and processes certificate requests
+in PKCS#10 format. It can additionally create self signed certificates
+for use as root CAs for example.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. The B<DER> option uses an ASN1 DER encoded
+form compatible with the PKCS#10. The B<PEM> form is the default format: it
+consists of the B<DER> format base64 encoded with additional header and
+footer lines.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the 
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read a request from or standard input
+if this option is not specified. A request is only read if the creation
+options (B<-new> and B<-newkey>) are not specified.
+
+=item B<-passin arg>
+
+the input file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-out filename>
+
+This specifies the output filename to write to or standard output by
+default.
+
+=item B<-passout arg>
+
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-text>
+
+prints out the certificate request in text form.
+
+=item B<-pubkey>
+
+outputs the public key.
+
+=item B<-noout>
+
+this option prevents output of the encoded version of the request.
+
+=item B<-modulus>
+
+this option prints out the value of the modulus of the public key
+contained in the request.
+
+=item B<-verify>
+
+verifies the signature on the request.
+
+=item B<-new>
+
+this option generates a new certificate request. It will prompt
+the user for the relevant field values. The actual fields
+prompted for and their maximum and minimum sizes are specified
+in the configuration file and any requested extensions.
+
+If the B<-key> option is not used it will generate a new RSA private
+key using information specified in the configuration file.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item B<-newkey arg>
+
+this option creates a new certificate request and a new private
+key. The argument takes one of two forms. B<rsa:nbits>, where
+B<nbits> is the number of bits, generates an RSA key B<nbits>
+in size. B<dsa:filename> generates a DSA key using the parameters
+in the file B<filename>.
+
+=item B<-key filename>
+
+This specifies the file to read the private key from. It also
+accepts PKCS#8 format private keys for PEM format files.
+
+=item B<-keyform PEM|DER>
+
+the format of the private key file specified in the B<-key>
+argument. PEM is the default.
+
+=item B<-keyout filename>
+
+this gives the filename to write the newly created private key to.
+If this option is not specified then the filename present in the
+configuration file is used.
+
+=item B<-nodes>
+
+if this option is specified then if a private key is created it
+will not be encrypted.
+
+=item B<-[md5|sha1|md2|mdc2]>
+
+this specifies the message digest to sign the request with. This
+overrides the digest algorithm specified in the configuration file.
+This option is ignored for DSA requests: they always use SHA1.
+
+=item B<-config filename>
+
+this allows an alternative configuration file to be specified,
+this overrides the compile time filename or any specified in
+the B<OPENSSL_CONF> environment variable.
+
+=item B<-subj arg>
+
+sets subject name for new request or supersedes the subject name
+when processing a request.
+The arg must be formatted as I</type0=value0/type1=value1/type2=...>,
+characters may be escaped by \ (backslash), no spaces are skipped.
+
+=item B<-x509>
+
+this option outputs a self signed certificate instead of a certificate
+request. This is typically used to generate a test certificate or
+a self signed root CA. The extensions added to the certificate
+(if any) are specified in the configuration file. Unless specified
+using the B<set_serial> option B<0> will be used for the serial
+number.
+
+=item B<-days n>
+
+when the B<-x509> option is being used this specifies the number of
+days to certify the certificate for. The default is 30 days.
+
+=item B<-set_serial n>
+
+serial number to use when outputting a self signed certificate. This
+may be specified as a decimal value or a hex value if preceded by B<0x>.
+It is possible to use negative serial numbers but this is not recommended.
+
+=item B<-extensions section>
+
+=item B<-reqexts section>
+
+these options specify alternative sections to include certificate
+extensions (if the B<-x509> option is present) or certificate
+request extensions. This allows several different sections to
+be used in the same configuration file to specify requests for
+a variety of purposes.
+
+=item B<-utf8>
+
+this option causes field values to be interpreted as UTF8 strings, by 
+default they are interpreted as ASCII. This means that the field
+values, whether prompted from a terminal or obtained from a
+configuration file, must be valid UTF8 strings.
+
+=item B<-nameopt option>
+
+option which determines how the subject or issuer names are displayed. The
+B<option> argument can be a single option or multiple options separated by
+commas.  Alternatively the B<-nameopt> switch may be used more than once to
+set multiple options. See the L<x509(1)|x509(1)> manual page for details.
+
+=item B<-asn1-kludge>
+
+by default the B<req> command outputs certificate requests containing
+no attributes in the correct PKCS#10 format. However certain CAs will only
+accept requests containing no attributes in an invalid form: this
+option produces this invalid format.
+
+More precisely the B<Attributes> in a PKCS#10 certificate request
+are defined as a B<SET OF Attribute>. They are B<not OPTIONAL> so
+if no attributes are present then they should be encoded as an
+empty B<SET OF>. The invalid form does not include the empty
+B<SET OF> whereas the correct form does.
+
+It should be noted that very few CAs still require the use of this option.
+
+=item B<-newhdr>
+
+Adds the word B<NEW> to the PEM file header and footer lines on the outputed
+request. Some software (Netscape certificate server) and some CAs need this.
+
+=item B<-batch>
+
+non-interactive mode.
+
+=item B<-verbose>
+
+print extra details about the operations being performed.
+
+=back
+
+=head1 CONFIGURATION FILE FORMAT
+
+The configuration options are specified in the B<req> section of
+the configuration file. As with all configuration files if no
+value is specified in the specific section (i.e. B<req>) then
+the initial unnamed or B<default> section is searched too.
+
+The options available are described in detail below.
+
+=over 4
+
+=item B<input_password output_password>
+
+The passwords for the input private key file (if present) and
+the output private key file (if one will be created). The
+command line options B<passin> and B<passout> override the
+configuration file values.
+
+=item B<default_bits>
+
+This specifies the default key size in bits. If not specified then
+512 is used. It is used if the B<-new> option is used. It can be
+overridden by using the B<-newkey> option.
+
+=item B<default_keyfile>
+
+This is the default filename to write a private key to. If not
+specified the key is written to standard output. This can be
+overridden by the B<-keyout> option.
+
+=item B<oid_file>
+
+This specifies a file containing additional B<OBJECT IDENTIFIERS>.
+Each line of the file should consist of the numerical form of the
+object identifier followed by white space then the short name followed
+by white space and finally the long name. 
+
+=item B<oid_section>
+
+This specifies a section in the configuration file containing extra
+object identifiers. Each line should consist of the short name of the
+object identifier followed by B<=> and the numerical form. The short
+and long names are the same when this option is used.
+
+=item B<RANDFILE>
+
+This specifies a filename in which random number seed information is
+placed and read from, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+It is used for private key generation.
+
+=item B<encrypt_key>
+
+If this is set to B<no> then if a private key is generated it is
+B<not> encrypted. This is equivalent to the B<-nodes> command line
+option. For compatibility B<encrypt_rsa_key> is an equivalent option.
+
+=item B<default_md>
+
+This option specifies the digest algorithm to use. Possible values
+include B<md5 sha1 mdc2>. If not present then MD5 is used. This
+option can be overridden on the command line.
+
+=item B<string_mask>
+
+This option masks out the use of certain string types in certain
+fields. Most users will not need to change this option.
+
+It can be set to several values B<default> which is also the default
+option uses PrintableStrings, T61Strings and BMPStrings if the 
+B<pkix> value is used then only PrintableStrings and BMPStrings will
+be used. This follows the PKIX recommendation in RFC2459. If the
+B<utf8only> option is used then only UTF8Strings will be used: this
+is the PKIX recommendation in RFC2459 after 2003. Finally the B<nombstr>
+option just uses PrintableStrings and T61Strings: certain software has
+problems with BMPStrings and UTF8Strings: in particular Netscape.
+
+=item B<req_extensions>
+
+this specifies the configuration file section containing a list of
+extensions to add to the certificate request. It can be overridden
+by the B<-reqexts> command line switch.
+
+=item B<x509_extensions>
+
+this specifies the configuration file section containing a list of
+extensions to add to certificate generated when the B<-x509> switch
+is used. It can be overridden by the B<-extensions> command line switch.
+
+=item B<prompt>
+
+if set to the value B<no> this disables prompting of certificate fields
+and just takes values from the config file directly. It also changes the
+expected format of the B<distinguished_name> and B<attributes> sections.
+
+=item B<utf8>
+
+if set to the value B<yes> then field values to be interpreted as UTF8
+strings, by default they are interpreted as ASCII. This means that
+the field values, whether prompted from a terminal or obtained from a
+configuration file, must be valid UTF8 strings.
+
+=item B<attributes>
+
+this specifies the section containing any request attributes: its format
+is the same as B<distinguished_name>. Typically these may contain the
+challengePassword or unstructuredName types. They are currently ignored
+by OpenSSL's request signing utilities but some CAs might want them.
+
+=item B<distinguished_name>
+
+This specifies the section containing the distinguished name fields to
+prompt for when generating a certificate or certificate request. The format
+is described in the next section.
+
+=back
+
+=head1 DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT
+
+There are two separate formats for the distinguished name and attribute
+sections. If the B<prompt> option is set to B<no> then these sections
+just consist of field names and values: for example,
+
+ CN=My Name
+ OU=My Organization
+ emailAddress=someone@somewhere.org
+
+This allows external programs (e.g. GUI based) to generate a template file
+with all the field names and values and just pass it to B<req>. An example
+of this kind of configuration file is contained in the B<EXAMPLES> section.
+
+Alternatively if the B<prompt> option is absent or not set to B<no> then the
+file contains field prompting information. It consists of lines of the form:
+
+ fieldName="prompt"
+ fieldName_default="default field value"
+ fieldName_min= 2
+ fieldName_max= 4
+
+"fieldName" is the field name being used, for example commonName (or CN).
+The "prompt" string is used to ask the user to enter the relevant
+details. If the user enters nothing then the default value is used if no
+default value is present then the field is omitted. A field can
+still be omitted if a default value is present if the user just
+enters the '.' character.
+
+The number of characters entered must be between the fieldName_min and
+fieldName_max limits: there may be additional restrictions based
+on the field being used (for example countryName can only ever be
+two characters long and must fit in a PrintableString).
+
+Some fields (such as organizationName) can be used more than once
+in a DN. This presents a problem because configuration files will
+not recognize the same name occurring twice. To avoid this problem
+if the fieldName contains some characters followed by a full stop
+they will be ignored. So for example a second organizationName can
+be input by calling it "1.organizationName".
+
+The actual permitted field names are any object identifier short or
+long names. These are compiled into OpenSSL and include the usual
+values such as commonName, countryName, localityName, organizationName,
+organizationUnitName, stateOrPrivinceName. Additionally emailAddress
+is include as well as name, surname, givenName initials and dnQualifier.
+
+Additional object identifiers can be defined with the B<oid_file> or
+B<oid_section> options in the configuration file. Any additional fields
+will be treated as though they were a DirectoryString.
+
+
+=head1 EXAMPLES
+
+Examine and verify certificate request:
+
+ openssl req -in req.pem -text -verify -noout
+
+Create a private key and then generate a certificate request from it:
+
+ openssl genrsa -out key.pem 1024
+ openssl req -new -key key.pem -out req.pem
+
+The same but just using req:
+
+ openssl req -newkey rsa:1024 -keyout key.pem -out req.pem
+
+Generate a self signed root certificate:
+
+ openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem
+
+Example of a file pointed to by the B<oid_file> option:
+
+ 1.2.3.4	shortName	A longer Name
+ 1.2.3.6	otherName	Other longer Name
+
+Example of a section pointed to by B<oid_section> making use of variable
+expansion:
+
+ testoid1=1.2.3.5
+ testoid2=${testoid1}.6
+
+Sample configuration file prompting for field values:
+
+ [ req ]
+ default_bits		= 1024
+ default_keyfile 	= privkey.pem
+ distinguished_name	= req_distinguished_name
+ attributes		= req_attributes
+ x509_extensions	= v3_ca
+
+ dirstring_type = nobmp
+
+ [ req_distinguished_name ]
+ countryName			= Country Name (2 letter code)
+ countryName_default		= AU
+ countryName_min		= 2
+ countryName_max		= 2
+
+ localityName			= Locality Name (eg, city)
+
+ organizationalUnitName		= Organizational Unit Name (eg, section)
+
+ commonName			= Common Name (eg, YOUR name)
+ commonName_max			= 64
+
+ emailAddress			= Email Address
+ emailAddress_max		= 40
+
+ [ req_attributes ]
+ challengePassword		= A challenge password
+ challengePassword_min		= 4
+ challengePassword_max		= 20
+
+ [ v3_ca ]
+
+ subjectKeyIdentifier=hash
+ authorityKeyIdentifier=keyid:always,issuer:always
+ basicConstraints = CA:true
+
+Sample configuration containing all field values:
+
+
+ RANDFILE		= $ENV::HOME/.rnd
+
+ [ req ]
+ default_bits		= 1024
+ default_keyfile 	= keyfile.pem
+ distinguished_name	= req_distinguished_name
+ attributes		= req_attributes
+ prompt			= no
+ output_password	= mypass
+
+ [ req_distinguished_name ]
+ C			= GB
+ ST			= Test State or Province
+ L			= Test Locality
+ O			= Organization Name
+ OU			= Organizational Unit Name
+ CN			= Common Name
+ emailAddress		= test@email.address
+
+ [ req_attributes ]
+ challengePassword		= A challenge password
+
+
+=head1 NOTES
+
+The header and footer lines in the B<PEM> format are normally:
+
+ -----BEGIN CERTIFICATE REQUEST-----
+ -----END CERTIFICATE REQUEST-----
+
+some software (some versions of Netscape certificate server) instead needs:
+
+ -----BEGIN NEW CERTIFICATE REQUEST-----
+ -----END NEW CERTIFICATE REQUEST-----
+
+which is produced with the B<-newhdr> option but is otherwise compatible.
+Either form is accepted transparently on input.
+
+The certificate requests generated by B<Xenroll> with MSIE have extensions
+added. It includes the B<keyUsage> extension which determines the type of
+key (signature only or general purpose) and any additional OIDs entered
+by the script in an extendedKeyUsage extension.
+
+=head1 DIAGNOSTICS
+
+The following messages are frequently asked about:
+
+	Using configuration from /some/path/openssl.cnf
+	Unable to load config info
+
+This is followed some time later by...
+
+	unable to find 'distinguished_name' in config
+	problems making Certificate Request
+
+The first error message is the clue: it can't find the configuration
+file! Certain operations (like examining a certificate request) don't
+need a configuration file so its use isn't enforced. Generation of
+certificates or requests however does need a configuration file. This
+could be regarded as a bug.
+
+Another puzzling message is this:
+
+        Attributes:
+            a0:00
+
+this is displayed when no attributes are present and the request includes
+the correct empty B<SET OF> structure (the DER encoding of which is 0xa0
+0x00). If you just see:
+
+        Attributes:
+
+then the B<SET OF> is missing and the encoding is technically invalid (but
+it is tolerated). See the description of the command line option B<-asn1-kludge>
+for more information.
+
+=head1 ENVIRONMENT VARIABLES
+
+The variable B<OPENSSL_CONF> if defined allows an alternative configuration
+file location to be specified, it will be overridden by the B<-config> command
+line switch if it is present. For compatibility reasons the B<SSLEAY_CONF>
+environment variable serves the same purpose but its use is discouraged.
+
+=head1 BUGS
+
+OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively
+treats them as ISO-8859-1 (Latin 1), Netscape and MSIE have similar behaviour.
+This can cause problems if you need characters that aren't available in
+PrintableStrings and you don't want to or can't use BMPStrings.
+
+As a consequence of the T61String handling the only correct way to represent
+accented characters in OpenSSL is to use a BMPString: unfortunately Netscape
+currently chokes on these. If you have to use accented characters with Netscape
+and MSIE then you currently need to use the invalid T61String form.
+
+The current prompting is not very friendly. It doesn't allow you to confirm what
+you've just entered. Other things like extensions in certificate requests are
+statically defined in the configuration file. Some of these: like an email
+address in subjectAltName should be input by the user.
+
+=head1 SEE ALSO
+
+L<x509(1)|x509(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>,
+L<gendsa(1)|gendsa(1)>, L<config(5)|config(5)>
+
+=cut
diff --git a/doc/apps/rsa.pod b/doc/apps/rsa.pod
new file mode 100644
index 0000000000..ef74f1adff
--- /dev/null
+++ b/doc/apps/rsa.pod
@@ -0,0 +1,181 @@
+
+=pod
+
+=head1 NAME
+
+rsa - RSA key processing tool
+
+=head1 SYNOPSIS
+
+B<openssl> B<rsa>
+[B<-inform PEM|NET|DER>]
+[B<-outform PEM|NET|DER>]
+[B<-in filename>]
+[B<-passin arg>]
+[B<-out filename>]
+[B<-passout arg>]
+[B<-sgckey>]
+[B<-des>]
+[B<-des3>]
+[B<-idea>]
+[B<-text>]
+[B<-noout>]
+[B<-modulus>]
+[B<-check>]
+[B<-pubin>]
+[B<-pubout>]
+
+=head1 DESCRIPTION
+
+The B<rsa> command processes RSA keys. They can be converted between various
+forms and their components printed out. B<Note> this command uses the
+traditional SSLeay compatible format for private key encryption: newer
+applications should use the more secure PKCS#8 format using the B<pkcs8>
+utility.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-inform DER|NET|PEM>
+
+This specifies the input format. The B<DER> option uses an ASN1 DER encoded
+form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format.
+The B<PEM> form is the default format: it consists of the B<DER> format base64
+encoded with additional header and footer lines. On input PKCS#8 format private
+keys are also accepted. The B<NET> form is a format is described in the B<NOTES>
+section.
+
+=item B<-outform DER|NET|PEM>
+
+This specifies the output format, the options have the same meaning as the 
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read a key from or standard input if this
+option is not specified. If the key is encrypted a pass phrase will be
+prompted for.
+
+=item B<-passin arg>
+
+the input file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-out filename>
+
+This specifies the output filename to write a key to or standard output if this
+option is not specified. If any encryption options are set then a pass phrase
+will be prompted for. The output filename should B<not> be the same as the input
+filename.
+
+=item B<-passout password>
+
+the output file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-sgckey>
+
+use the modified NET algorithm used with some versions of Microsoft IIS and SGC
+keys.
+
+=item B<-des|-des3|-idea>
+
+These options encrypt the private key with the DES, triple DES, or the 
+IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
+If none of these options is specified the key is written in plain text. This
+means that using the B<rsa> utility to read in an encrypted key with no
+encryption option can be used to remove the pass phrase from a key, or by
+setting the encryption options it can be use to add or change the pass phrase.
+These options can only be used with PEM format output files.
+
+=item B<-text>
+
+prints out the various public or private key components in
+plain text in addition to the encoded version. 
+
+=item B<-noout>
+
+this option prevents output of the encoded version of the key.
+
+=item B<-modulus>
+
+this option prints out the value of the modulus of the key.
+
+=item B<-check>
+
+this option checks the consistency of an RSA private key.
+
+=item B<-pubin>
+
+by default a private key is read from the input file: with this
+option a public key is read instead.
+
+=item B<-pubout>
+
+by default a private key is output: with this option a public
+key will be output instead. This option is automatically set if
+the input is a public key.
+
+=back
+
+=head1 NOTES
+
+The PEM private key format uses the header and footer lines:
+
+ -----BEGIN RSA PRIVATE KEY-----
+ -----END RSA PRIVATE KEY-----
+
+The PEM public key format uses the header and footer lines:
+
+ -----BEGIN PUBLIC KEY-----
+ -----END PUBLIC KEY-----
+
+The B<NET> form is a format compatible with older Netscape servers
+and Microsoft IIS .key files, this uses unsalted RC4 for its encryption.
+It is not very secure and so should only be used when necessary.
+
+Some newer version of IIS have additional data in the exported .key
+files. To use these with the utility, view the file with a binary editor
+and look for the string "private-key", then trace back to the byte
+sequence 0x30, 0x82 (this is an ASN1 SEQUENCE). Copy all the data
+from this point onwards to another file and use that as the input
+to the B<rsa> utility with the B<-inform NET> option. If you get
+an error after entering the password try the B<-sgckey> option.
+
+=head1 EXAMPLES
+
+To remove the pass phrase on an RSA private key:
+
+ openssl rsa -in key.pem -out keyout.pem
+
+To encrypt a private key using triple DES:
+
+ openssl rsa -in key.pem -des3 -out keyout.pem
+
+To convert a private key from PEM to DER format: 
+
+ openssl rsa -in key.pem -outform DER -out keyout.der
+
+To print out the components of a private key to standard output:
+
+ openssl rsa -in key.pem -text -noout
+
+To just output the public part of a private key:
+
+ openssl rsa -in key.pem -pubout -out pubkey.pem
+
+=head1 BUGS
+
+The command line password arguments don't currently work with
+B<NET> format.
+
+There should be an option that automatically handles .key files,
+without having to manually edit them.
+
+=head1 SEE ALSO
+
+L<pkcs8(1)|pkcs8(1)>, L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>,
+L<gendsa(1)|gendsa(1)> 
+
+=cut
diff --git a/doc/apps/rsautl.pod b/doc/apps/rsautl.pod
new file mode 100644
index 0000000000..a7c1681d98
--- /dev/null
+++ b/doc/apps/rsautl.pod
@@ -0,0 +1,183 @@
+=pod
+
+=head1 NAME
+
+rsautl - RSA utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<rsautl>
+[B<-in file>]
+[B<-out file>]
+[B<-inkey file>]
+[B<-pubin>]
+[B<-certin>]
+[B<-sign>]
+[B<-verify>]
+[B<-encrypt>]
+[B<-decrypt>]
+[B<-pkcs>]
+[B<-ssl>]
+[B<-raw>]
+[B<-hexdump>]
+[B<-asn1parse>]
+
+=head1 DESCRIPTION
+
+The B<rsautl> command can be used to sign, verify, encrypt and decrypt
+data using the RSA algorithm.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-in filename>
+
+This specifies the input filename to read data from or standard input
+if this option is not specified.
+
+=item B<-out filename>
+
+specifies the output filename to write to or standard output by
+default.
+
+=item B<-inkey file>
+
+the input key file, by default it should be an RSA private key.
+
+=item B<-pubin>
+
+the input file is an RSA public key. 
+
+=item B<-certin>
+
+the input is a certificate containing an RSA public key. 
+
+=item B<-sign>
+
+sign the input data and output the signed result. This requires
+and RSA private key.
+
+=item B<-verify>
+
+verify the input data and output the recovered data.
+
+=item B<-encrypt>
+
+encrypt the input data using an RSA public key.
+
+=item B<-decrypt>
+
+decrypt the input data using an RSA private key.
+
+=item B<-pkcs, -oaep, -ssl, -raw>
+
+the padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
+special padding used in SSL v2 backwards compatible handshakes,
+or no padding, respectively.
+For signatures, only B<-pkcs> and B<-raw> can be used.
+
+=item B<-hexdump>
+
+hex dump the output data.
+
+=item B<-asn1parse>
+
+asn1parse the output data, this is useful when combined with the
+B<-verify> option.
+
+=back
+
+=head1 NOTES
+
+B<rsautl> because it uses the RSA algorithm directly can only be
+used to sign or verify small pieces of data.
+
+=head1 EXAMPLES
+
+Sign some data using a private key:
+
+ openssl rsautl -sign -in file -inkey key.pem -out sig
+
+Recover the signed data
+
+ openssl rsautl -verify -in sig -inkey key.pem
+
+Examine the raw signed data:
+
+ openssl rsautl -verify -in file -inkey key.pem -raw -hexdump
+
+ 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+ 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64   .....hello world
+
+The PKCS#1 block formatting is evident from this. If this was done using
+encrypt and decrypt the block would have been of type 2 (the second byte)
+and random padding data visible instead of the 0xff bytes.
+
+It is possible to analyse the signature of certificates using this
+utility in conjunction with B<asn1parse>. Consider the self signed
+example in certs/pca-cert.pem . Running B<asn1parse> as follows yields:
+
+ openssl asn1parse -in pca-cert.pem
+
+    0:d=0  hl=4 l= 742 cons: SEQUENCE          
+    4:d=1  hl=4 l= 591 cons:  SEQUENCE          
+    8:d=2  hl=2 l=   3 cons:   cont [ 0 ]        
+   10:d=3  hl=2 l=   1 prim:    INTEGER           :02
+   13:d=2  hl=2 l=   1 prim:   INTEGER           :00
+   16:d=2  hl=2 l=  13 cons:   SEQUENCE          
+   18:d=3  hl=2 l=   9 prim:    OBJECT            :md5WithRSAEncryption
+   29:d=3  hl=2 l=   0 prim:    NULL              
+   31:d=2  hl=2 l=  92 cons:   SEQUENCE          
+   33:d=3  hl=2 l=  11 cons:    SET               
+   35:d=4  hl=2 l=   9 cons:     SEQUENCE          
+   37:d=5  hl=2 l=   3 prim:      OBJECT            :countryName
+   42:d=5  hl=2 l=   2 prim:      PRINTABLESTRING   :AU
+  ....
+  599:d=1  hl=2 l=  13 cons:  SEQUENCE          
+  601:d=2  hl=2 l=   9 prim:   OBJECT            :md5WithRSAEncryption
+  612:d=2  hl=2 l=   0 prim:   NULL              
+  614:d=1  hl=3 l= 129 prim:  BIT STRING        
+
+
+The final BIT STRING contains the actual signature. It can be extracted with:
+
+ openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
+
+The certificate public key can be extracted with:
+ 
+ openssl x509 -in test/testx509.pem -pubout -noout >pubkey.pem
+
+The signature can be analysed with:
+
+ openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
+
+    0:d=0  hl=2 l=  32 cons: SEQUENCE          
+    2:d=1  hl=2 l=  12 cons:  SEQUENCE          
+    4:d=2  hl=2 l=   8 prim:   OBJECT            :md5
+   14:d=2  hl=2 l=   0 prim:   NULL              
+   16:d=1  hl=2 l=  16 prim:  OCTET STRING      
+      0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5   .F...Js.7...H%..
+
+This is the parsed version of an ASN1 DigestInfo structure. It can be seen that
+the digest used was md5. The actual part of the certificate that was signed can
+be extracted with:
+
+ openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
+
+and its digest computed with:
+
+ openssl md5 -c tbs
+ MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
+
+which it can be seen agrees with the recovered value above.
+
+=head1 SEE ALSO
+
+L<dgst(1)|dgst(1)>, L<rsa(1)|rsa(1)>, L<genrsa(1)|genrsa(1)>
diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
new file mode 100644
index 0000000000..7fca9cbdbd
--- /dev/null
+++ b/doc/apps/s_client.pod
@@ -0,0 +1,243 @@
+
+=pod
+
+=head1 NAME
+
+s_client - SSL/TLS client program
+
+=head1 SYNOPSIS
+
+B<openssl> B<s_client>
+[B<-connect> host:port>]
+[B<-verify depth>]
+[B<-cert filename>]
+[B<-key filename>]
+[B<-CApath directory>]
+[B<-CAfile filename>]
+[B<-reconnect>]
+[B<-pause>]
+[B<-showcerts>]
+[B<-debug>]
+[B<-msg>]
+[B<-nbio_test>]
+[B<-state>]
+[B<-nbio>]
+[B<-crlf>]
+[B<-ign_eof>]
+[B<-quiet>]
+[B<-ssl2>]
+[B<-ssl3>]
+[B<-tls1>]
+[B<-no_ssl2>]
+[B<-no_ssl3>]
+[B<-no_tls1>]
+[B<-bugs>]
+[B<-cipher cipherlist>]
+[B<-engine id>]
+[B<-rand file(s)>]
+
+=head1 DESCRIPTION
+
+The B<s_client> command implements a generic SSL/TLS client which connects
+to a remote host using SSL/TLS. It is a I<very> useful diagnostic tool for
+SSL servers.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-connect host:port>
+
+This specifies the host and optional port to connect to. If not specified
+then an attempt is made to connect to the local host on port 4433.
+
+=item B<-cert certname>
+
+The certificate to use, if one is requested by the server. The default is
+not to use a certificate.
+
+=item B<-key keyfile>
+
+The private key to use. If not specified then the certificate file will
+be used.
+
+=item B<-verify depth>
+
+The verify depth to use. This specifies the maximum length of the
+server certificate chain and turns on server certificate verification.
+Currently the verify operation continues after errors so all the problems
+with a certificate chain can be seen. As a side effect the connection
+will never fail due to a server certificate verify failure.
+
+=item B<-CApath directory>
+
+The directory to use for server certificate verification. This directory
+must be in "hash format", see B<verify> for more information. These are
+also used when building the client certificate chain.
+
+=item B<-CAfile file>
+
+A file containing trusted certificates to use during server authentication
+and to use when attempting to build the client certificate chain.
+
+=item B<-reconnect>
+
+reconnects to the same server 5 times using the same session ID, this can
+be used as a test that session caching is working.
+
+=item B<-pause>
+
+pauses 1 second between each read and write call.
+
+=item B<-showcerts>
+
+display the whole server certificate chain: normally only the server
+certificate itself is displayed.
+
+=item B<-prexit>
+
+print session information when the program exits. This will always attempt
+to print out information even if the connection fails. Normally information
+will only be printed out once if the connection succeeds. This option is useful
+because the cipher in use may be renegotiated or the connection may fail
+because a client certificate is required or is requested only after an
+attempt is made to access a certain URL. Note: the output produced by this
+option is not always accurate because a connection might never have been
+established.
+
+=item B<-state>
+
+prints out the SSL session states.
+
+=item B<-debug>
+
+print extensive debugging information including a hex dump of all traffic.
+
+=item B<-msg>
+
+show all protocol messages with hex dump.
+
+=item B<-nbio_test>
+
+tests non-blocking I/O
+
+=item B<-nbio>
+
+turns on non-blocking I/O
+
+=item B<-crlf>
+
+this option translated a line feed from the terminal into CR+LF as required
+by some servers.
+
+=item B<-ign_eof>
+
+inhibit shutting down the connection when end of file is reached in the
+input.
+
+=item B<-quiet>
+
+inhibit printing of session and certificate information.  This implicitly
+turns on B<-ign_eof> as well.
+
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
+
+these options disable the use of certain SSL or TLS protocols. By default
+the initial handshake uses a method which should be compatible with all
+servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
+
+Unfortunately there are a lot of ancient and broken servers in use which
+cannot handle this technique and will fail to connect. Some servers only
+work if TLS is turned off with the B<-no_tls> option others will only
+support SSL v2 and may need the B<-ssl2> option.
+
+=item B<-bugs>
+
+there are several known bug in SSL and TLS implementations. Adding this
+option enables various workarounds.
+
+=item B<-cipher cipherlist>
+
+this allows the cipher list sent by the client to be modified. Although
+the server determines which cipher suite is used it should take the first
+supported cipher in the list sent by the client. See the B<ciphers>
+command for more information.
+
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<s_client>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=back
+
+=head1 CONNECTED COMMANDS
+
+If a connection is established with an SSL server then any data received
+from the server is displayed and any key presses will be sent to the
+server. When used interactively (which means neither B<-quiet> nor B<-ign_eof>
+have been given), the session will be renegotiated if the line begins with an
+B<R>, and if the line begins with a B<Q> or if end of file is reached, the
+connection will be closed down.
+
+=head1 NOTES
+
+B<s_client> can be used to debug SSL servers. To connect to an SSL HTTP
+server the command:
+
+ openssl s_client -connect servername:443
+
+would typically be used (https uses port 443). If the connection succeeds
+then an HTTP command can be given such as "GET /" to retrieve a web page.
+
+If the handshake fails then there are several possible causes, if it is
+nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>,
+B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> can be tried
+in case it is a buggy server. In particular you should play with these
+options B<before> submitting a bug report to an OpenSSL mailing list.
+
+A frequent problem when attempting to get client certificates working
+is that a web client complains it has no certificates or gives an empty
+list to choose from. This is normally because the server is not sending
+the clients certificate authority in its "acceptable CA list" when it
+requests a certificate. By using B<s_client> the CA list can be viewed
+and checked. However some servers only request client authentication
+after a specific URL is requested. To obtain the list in this case it
+is necessary to use the B<-prexit> command and send an HTTP request
+for an appropriate page.
+
+If a certificate is specified on the command line using the B<-cert>
+option it will not be used unless the server specifically requests
+a client certificate. Therefor merely including a client certificate
+on the command line is no guarantee that the certificate works.
+
+If there are problems verifying a server certificate then the
+B<-showcerts> option can be used to show the whole chain.
+
+=head1 BUGS
+
+Because this program has a lot of options and also because some of
+the techniques used are rather old, the C source of s_client is rather
+hard to read and not a model of how things should be done. A typical
+SSL client program would be much simpler.
+
+The B<-verify> option should really exit if the server verification
+fails.
+
+The B<-prexit> option is a bit of a hack. We should really report
+information whenever a session is renegotiated.
+
+=head1 SEE ALSO
+
+L<sess_id(1)|sess_id(1)>, L<s_server(1)|s_server(1)>, L<ciphers(1)|ciphers(1)>
+
+=cut
diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod
new file mode 100644
index 0000000000..4b1e4260ef
--- /dev/null
+++ b/doc/apps/s_server.pod
@@ -0,0 +1,296 @@
+
+=pod
+
+=head1 NAME
+
+s_server - SSL/TLS server program
+
+=head1 SYNOPSIS
+
+B<openssl> B<s_server>
+[B<-accept port>]
+[B<-context id>]
+[B<-verify depth>]
+[B<-Verify depth>]
+[B<-cert filename>]
+[B<-key keyfile>]
+[B<-dcert filename>]
+[B<-dkey keyfile>]
+[B<-dhparam filename>]
+[B<-nbio>]
+[B<-nbio_test>]
+[B<-crlf>]
+[B<-debug>]
+[B<-msg>]
+[B<-state>]
+[B<-CApath directory>]
+[B<-CAfile filename>]
+[B<-nocert>]
+[B<-cipher cipherlist>]
+[B<-quiet>]
+[B<-no_tmp_rsa>]
+[B<-ssl2>]
+[B<-ssl3>]
+[B<-tls1>]
+[B<-no_ssl2>]
+[B<-no_ssl3>]
+[B<-no_tls1>]
+[B<-no_dhe>]
+[B<-bugs>]
+[B<-hack>]
+[B<-www>]
+[B<-WWW>]
+[B<-HTTP>]
+[B<-engine id>]
+[B<-rand file(s)>]
+
+=head1 DESCRIPTION
+
+The B<s_server> command implements a generic SSL/TLS server which listens
+for connections on a given port using SSL/TLS.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-accept port>
+
+the TCP port to listen on for connections. If not specified 4433 is used.
+
+=item B<-context id>
+
+sets the SSL context id. It can be given any string value. If this option
+is not present a default value will be used.
+
+=item B<-cert certname>
+
+The certificate to use, most servers cipher suites require the use of a
+certificate and some require a certificate with a certain public key type:
+for example the DSS cipher suites require a certificate containing a DSS
+(DSA) key. If not specified then the filename "server.pem" will be used.
+
+=item B<-key keyfile>
+
+The private key to use. If not specified then the certificate file will
+be used.
+
+=item B<-dcert filename>, B<-dkey keyname>
+
+specify an additional certificate and private key, these behave in the
+same manner as the B<-cert> and B<-key> options except there is no default
+if they are not specified (no additional certificate and key is used). As
+noted above some cipher suites require a certificate containing a key of
+a certain type. Some cipher suites need a certificate carrying an RSA key
+and some a DSS (DSA) key. By using RSA and DSS certificates and keys
+a server can support clients which only support RSA or DSS cipher suites
+by using an appropriate certificate.
+
+=item B<-nocert>
+
+if this option is set then no certificate is used. This restricts the
+cipher suites available to the anonymous ones (currently just anonymous
+DH).
+
+=item B<-dhparam filename>
+
+the DH parameter file to use. The ephemeral DH cipher suites generate keys
+using a set of DH parameters. If not specified then an attempt is made to
+load the parameters from the server certificate file. If this fails then
+a static set of parameters hard coded into the s_server program will be used.
+
+=item B<-no_dhe>
+
+if this option is set then no DH parameters will be loaded effectively
+disabling the ephemeral DH cipher suites.
+
+=item B<-no_tmp_rsa>
+
+certain export cipher suites sometimes use a temporary RSA key, this option
+disables temporary RSA key generation.
+
+=item B<-verify depth>, B<-Verify depth>
+
+The verify depth to use. This specifies the maximum length of the
+client certificate chain and makes the server request a certificate from
+the client. With the B<-verify> option a certificate is requested but the
+client does not have to send one, with the B<-Verify> option the client
+must supply a certificate or an error occurs.
+
+=item B<-CApath directory>
+
+The directory to use for client certificate verification. This directory
+must be in "hash format", see B<verify> for more information. These are
+also used when building the server certificate chain.
+
+=item B<-CAfile file>
+
+A file containing trusted certificates to use during client authentication
+and to use when attempting to build the server certificate chain. The list
+is also used in the list of acceptable client CAs passed to the client when
+a certificate is requested.
+
+=item B<-state>
+
+prints out the SSL session states.
+
+=item B<-debug>
+
+print extensive debugging information including a hex dump of all traffic.
+
+=item B<-msg>
+
+show all protocol messages with hex dump.
+
+=item B<-nbio_test>
+
+tests non blocking I/O
+
+=item B<-nbio>
+
+turns on non blocking I/O
+
+=item B<-crlf>
+
+this option translated a line feed from the terminal into CR+LF.
+
+=item B<-quiet>
+
+inhibit printing of session and certificate information.
+
+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
+
+these options disable the use of certain SSL or TLS protocols. By default
+the initial handshake uses a method which should be compatible with all
+servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
+
+=item B<-bugs>
+
+there are several known bug in SSL and TLS implementations. Adding this
+option enables various workarounds.
+
+=item B<-hack>
+
+this option enables a further workaround for some some early Netscape
+SSL code (?).
+
+=item B<-cipher cipherlist>
+
+this allows the cipher list used by the server to be modified.  When
+the client sends a list of supported ciphers the first client cipher
+also included in the server list is used. Because the client specifies
+the preference order, the order of the server cipherlist irrelevant. See
+the B<ciphers> command for more information.
+
+=item B<-www>
+
+sends a status message back to the client when it connects. This includes
+lots of information about the ciphers used and various session parameters.
+The output is in HTML format so this option will normally be used with a
+web browser.
+
+=item B<-WWW>
+
+emulates a simple web server. Pages will be resolved relative to the
+current directory, for example if the URL https://myhost/page.html is
+requested the file ./page.html will be loaded.
+
+=item B<-HTTP>
+
+emulates a simple web server. Pages will be resolved relative to the
+current directory, for example if the URL https://myhost/page.html is
+requested the file ./page.html will be loaded. The files loaded are
+assumed to contain a complete and correct HTTP response (lines that
+are part of the HTTP response line and headers must end with CRLF).
+
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<s_server>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=back
+
+=head1 CONNECTED COMMANDS
+
+If a connection request is established with an SSL client and neither the
+B<-www> nor the B<-WWW> option has been used then normally any data received
+from the client is displayed and any key presses will be sent to the client. 
+
+Certain single letter commands are also recognized which perform special
+operations: these are listed below.
+
+=over 4
+
+=item B<q>
+
+end the current SSL connection but still accept new connections.
+
+=item B<Q>
+
+end the current SSL connection and exit.
+
+=item B<r>
+
+renegotiate the SSL session.
+
+=item B<R>
+
+renegotiate the SSL session and request a client certificate.
+
+=item B<P>
+
+send some plain text down the underlying TCP connection: this should
+cause the client to disconnect due to a protocol violation.
+
+=item B<S>
+
+print out some session cache status information.
+
+=back
+
+=head1 NOTES
+
+B<s_server> can be used to debug SSL clients. To accept connections from
+a web browser the command:
+
+ openssl s_server -accept 443 -www
+
+can be used for example.
+
+Most web browsers (in particular Netscape and MSIE) only support RSA cipher
+suites, so they cannot connect to servers which don't use a certificate
+carrying an RSA key or a version of OpenSSL with RSA disabled.
+
+Although specifying an empty list of CAs when requesting a client certificate
+is strictly speaking a protocol violation, some SSL clients interpret this to
+mean any CA is acceptable. This is useful for debugging purposes.
+
+The session parameters can printed out using the B<sess_id> program.
+
+=head1 BUGS
+
+Because this program has a lot of options and also because some of
+the techniques used are rather old, the C source of s_server is rather
+hard to read and not a model of how things should be done. A typical
+SSL server program would be much simpler.
+
+The output of common ciphers is wrong: it just gives the list of ciphers that
+OpenSSL recognizes and the client supports.
+
+There should be a way for the B<s_server> program to print out details of any
+unknown cipher suites a client says it supports.
+
+=head1 SEE ALSO
+
+L<sess_id(1)|sess_id(1)>, L<s_client(1)|s_client(1)>, L<ciphers(1)|ciphers(1)>
+
+=cut
diff --git a/doc/apps/sess_id.pod b/doc/apps/sess_id.pod
new file mode 100644
index 0000000000..9988d2cd3d
--- /dev/null
+++ b/doc/apps/sess_id.pod
@@ -0,0 +1,151 @@
+
+=pod
+
+=head1 NAME
+
+sess_id - SSL/TLS session handling utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<sess_id>
+[B<-inform PEM|DER>]
+[B<-outform PEM|DER>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-text>]
+[B<-noout>]
+[B<-context ID>]
+
+=head1 DESCRIPTION
+
+The B<sess_id> process the encoded version of the SSL session structure
+and optionally prints out SSL session details (for example the SSL session
+master key) in human readable format. Since this is a diagnostic tool that
+needs some knowledge of the SSL protocol to use properly, most users will
+not need to use it.
+
+=over 4
+
+=item B<-inform DER|PEM>
+
+This specifies the input format. The B<DER> option uses an ASN1 DER encoded
+format containing session details. The precise format can vary from one version
+to the next.  The B<PEM> form is the default format: it consists of the B<DER>
+format base64 encoded with additional header and footer lines.
+
+=item B<-outform DER|PEM>
+
+This specifies the output format, the options have the same meaning as the 
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read session information from or standard
+input by default.
+
+=item B<-out filename>
+
+This specifies the output filename to write session information to or standard
+output if this option is not specified.
+
+=item B<-text>
+
+prints out the various public or private key components in
+plain text in addition to the encoded version. 
+
+=item B<-cert>
+
+if a certificate is present in the session it will be output using this option,
+if the B<-text> option is also present then it will be printed out in text form.
+
+=item B<-noout>
+
+this option prevents output of the encoded version of the session.
+
+=item B<-context ID>
+
+this option can set the session id so the output session information uses the
+supplied ID. The ID can be any string of characters. This option wont normally
+be used.
+
+=back
+
+=head1 OUTPUT
+
+Typical output:
+
+ SSL-Session:
+     Protocol  : TLSv1
+     Cipher    : 0016
+     Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED
+     Session-ID-ctx: 01000000
+     Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD
+     Key-Arg   : None
+     Start Time: 948459261
+     Timeout   : 300 (sec)
+     Verify return code 0 (ok)
+
+Theses are described below in more detail.
+
+=over 4
+
+=item B<Protocol>
+
+this is the protocol in use TLSv1, SSLv3 or SSLv2.
+
+=item B<Cipher>
+
+the cipher used this is the actual raw SSL or TLS cipher code, see the SSL
+or TLS specifications for more information.
+
+=item B<Session-ID>
+
+the SSL session ID in hex format.
+
+=item B<Session-ID-ctx>
+
+the session ID context in hex format.
+
+=item B<Master-Key>
+
+this is the SSL session master key.
+
+=item B<Key-Arg>
+
+the key argument, this is only used in SSL v2.
+
+=item B<Start Time>
+
+this is the session start time represented as an integer in standard Unix format.
+
+=item B<Timeout>
+
+the timeout in seconds.
+
+=item B<Verify return code>
+
+this is the return code when an SSL client certificate is verified.
+
+=back
+
+=head1 NOTES
+
+The PEM encoded session format uses the header and footer lines:
+
+ -----BEGIN SSL SESSION PARAMETERS-----
+ -----END SSL SESSION PARAMETERS-----
+
+Since the SSL session output contains the master key it is possible to read the contents
+of an encrypted session using this information. Therefore appropriate security precautions
+should be taken if the information is being output by a "real" application. This is
+however strongly discouraged and should only be used for debugging purposes.
+
+=head1 BUGS
+
+The cipher and start time should be printed out in human readable form.
+
+=head1 SEE ALSO
+
+L<ciphers(1)|ciphers(1)>, L<s_server(1)|s_server(1)>
+
+=cut
diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod
new file mode 100644
index 0000000000..2453dd2738
--- /dev/null
+++ b/doc/apps/smime.pod
@@ -0,0 +1,375 @@
+=pod
+
+=head1 NAME
+
+smime - S/MIME utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<smime>
+[B<-encrypt>]
+[B<-decrypt>]
+[B<-sign>]
+[B<-verify>]
+[B<-pk7out>]
+[B<-des>]
+[B<-des3>]
+[B<-rc2-40>]
+[B<-rc2-64>]
+[B<-rc2-128>]
+[B<-in file>]
+[B<-certfile file>]
+[B<-signer file>]
+[B<-recip  file>]
+[B<-inform SMIME|PEM|DER>]
+[B<-passin arg>]
+[B<-inkey file>]
+[B<-out file>]
+[B<-outform SMIME|PEM|DER>]
+[B<-content file>]
+[B<-to addr>]
+[B<-from ad>]
+[B<-subject s>]
+[B<-text>]
+[B<-rand file(s)>]
+[cert.pem]...
+
+=head1 DESCRIPTION
+
+The B<smime> command handles S/MIME mail. It can encrypt, decrypt, sign and
+verify S/MIME messages.
+
+=head1 COMMAND OPTIONS
+
+There are five operation options that set the type of operation to be performed.
+The meaning of the other options varies according to the operation type.
+
+=over 4
+
+=item B<-encrypt>
+
+encrypt mail for the given recipient certificates. Input file is the message
+to be encrypted. The output file is the encrypted mail in MIME format.
+
+=item B<-decrypt>
+
+decrypt mail using the supplied certificate and private key. Expects an
+encrypted mail message in MIME format for the input file. The decrypted mail
+is written to the output file.
+
+=item B<-sign>
+
+sign mail using the supplied certificate and private key. Input file is
+the message to be signed. The signed message in MIME format is written
+to the output file.
+
+=item B<-verify>
+
+verify signed mail. Expects a signed mail message on input and outputs
+the signed data. Both clear text and opaque signing is supported.
+
+=item B<-pk7out>
+
+takes an input message and writes out a PEM encoded PKCS#7 structure.
+
+=item B<-in filename>
+
+the input message to be encrypted or signed or the MIME message to
+be decrypted or verified.
+
+=item B<-inform SMIME|PEM|DER>
+
+this specifies the input format for the PKCS#7 structure. The default
+is B<SMIME> which reads an S/MIME format message. B<PEM> and B<DER>
+format change this to expect PEM and DER format PKCS#7 structures
+instead. This currently only affects the input format of the PKCS#7
+structure, if no PKCS#7 structure is being input (for example with
+B<-encrypt> or B<-sign>) this option has no effect.
+
+=item B<-out filename>
+
+the message text that has been decrypted or verified or the output MIME
+format message that has been signed or verified.
+
+=item B<-outform SMIME|PEM|DER>
+
+this specifies the output format for the PKCS#7 structure. The default
+is B<SMIME> which write an S/MIME format message. B<PEM> and B<DER>
+format change this to write PEM and DER format PKCS#7 structures
+instead. This currently only affects the output format of the PKCS#7
+structure, if no PKCS#7 structure is being output (for example with
+B<-verify> or B<-decrypt>) this option has no effect.
+
+=item B<-content filename>
+
+This specifies a file containing the detached content, this is only
+useful with the B<-verify> command. This is only usable if the PKCS#7
+structure is using the detached signature form where the content is
+not included. This option will override any content if the input format
+is S/MIME and it uses the multipart/signed MIME content type.
+
+=item B<-text>
+
+this option adds plain text (text/plain) MIME headers to the supplied
+message if encrypting or signing. If decrypting or verifying it strips
+off text headers: if the decrypted or verified message is not of MIME 
+type text/plain then an error occurs.
+
+=item B<-CAfile file>
+
+a file containing trusted CA certificates, only used with B<-verify>.
+
+=item B<-CApath dir>
+
+a directory containing trusted CA certificates, only used with
+B<-verify>. This directory must be a standard certificate directory: that
+is a hash of each subject name (using B<x509 -hash>) should be linked
+to each certificate.
+
+=item B<-des -des3 -rc2-40 -rc2-64 -rc2-128>
+
+the encryption algorithm to use. DES (56 bits), triple DES (168 bits)
+or 40, 64 or 128 bit RC2 respectively if not specified 40 bit RC2 is
+used. Only used with B<-encrypt>.
+
+=item B<-nointern>
+
+when verifying a message normally certificates (if any) included in
+the message are searched for the signing certificate. With this option
+only the certificates specified in the B<-certfile> option are used.
+The supplied certificates can still be used as untrusted CAs however.
+
+=item B<-noverify>
+
+do not verify the signers certificate of a signed message.
+
+=item B<-nochain>
+
+do not do chain verification of signers certificates: that is don't
+use the certificates in the signed message as untrusted CAs.
+
+=item B<-nosigs>
+
+don't try to verify the signatures on the message.
+
+=item B<-nocerts>
+
+when signing a message the signer's certificate is normally included
+with this option it is excluded. This will reduce the size of the
+signed message but the verifier must have a copy of the signers certificate
+available locally (passed using the B<-certfile> option for example).
+
+=item B<-noattr>
+
+normally when a message is signed a set of attributes are included which
+include the signing time and supported symmetric algorithms. With this
+option they are not included.
+
+=item B<-binary>
+
+normally the input message is converted to "canonical" format which is
+effectively using CR and LF as end of line: as required by the S/MIME
+specification. When this option is present no translation occurs. This
+is useful when handling binary data which may not be in MIME format.
+
+=item B<-nodetach>
+
+when signing a message use opaque signing: this form is more resistant
+to translation by mail relays but it cannot be read by mail agents that
+do not support S/MIME.  Without this option cleartext signing with
+the MIME type multipart/signed is used.
+
+=item B<-certfile file>
+
+allows additional certificates to be specified. When signing these will
+be included with the message. When verifying these will be searched for
+the signers certificates. The certificates should be in PEM format.
+
+=item B<-signer file>
+
+the signers certificate when signing a message. If a message is
+being verified then the signers certificates will be written to this
+file if the verification was successful.
+
+=item B<-recip file>
+
+the recipients certificate when decrypting a message. This certificate
+must match one of the recipients of the message or an error occurs.
+
+=item B<-inkey file>
+
+the private key to use when signing or decrypting. This must match the
+corresponding certificate. If this option is not specified then the
+private key must be included in the certificate file specified with
+the B<-recip> or B<-signer> file.
+
+=item B<-passin arg>
+
+the private key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-rand file(s)>
+
+a file or files containing random data used to seed the random number
+generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>).
+Multiple files can be specified separated by a OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item B<cert.pem...>
+
+one or more certificates of message recipients: used when encrypting
+a message. 
+
+=item B<-to, -from, -subject>
+
+the relevant mail headers. These are included outside the signed
+portion of a message so they may be included manually. If signing
+then many S/MIME mail clients check the signers certificate's email
+address matches that specified in the From: address.
+
+=back
+
+=head1 NOTES
+
+The MIME message must be sent without any blank lines between the
+headers and the output. Some mail programs will automatically add
+a blank line. Piping the mail directly to sendmail is one way to
+achieve the correct format.
+
+The supplied message to be signed or encrypted must include the
+necessary MIME headers or many S/MIME clients wont display it
+properly (if at all). You can use the B<-text> option to automatically
+add plain text headers.
+
+A "signed and encrypted" message is one where a signed message is
+then encrypted. This can be produced by encrypting an already signed
+message: see the examples section.
+
+This version of the program only allows one signer per message but it
+will verify multiple signers on received messages. Some S/MIME clients
+choke if a message contains multiple signers. It is possible to sign
+messages "in parallel" by signing an already signed message.
+
+The options B<-encrypt> and B<-decrypt> reflect common usage in S/MIME
+clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7
+encrypted data is used for other purposes.
+
+=head1 EXIT CODES
+
+=over 4
+
+=item 0
+
+the operation was completely successfully.
+
+=item 1 
+
+an error occurred parsing the command options.
+
+=item 2
+
+one of the input files could not be read.
+
+=item 3
+
+an error occurred creating the PKCS#7 file or when reading the MIME
+message.
+
+=item 4
+
+an error occurred decrypting or verifying the message.
+
+=item 5
+
+the message was verified correctly but an error occurred writing out
+the signers certificates.
+
+=back
+
+=head1 EXAMPLES
+
+Create a cleartext signed message:
+
+ openssl smime -sign -in message.txt -text -out mail.msg \
+	-signer mycert.pem
+
+Create and opaque signed message
+
+ openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
+	-signer mycert.pem
+
+Create a signed message, include some additional certificates and
+read the private key from another file:
+
+ openssl smime -sign -in in.txt -text -out mail.msg \
+	-signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
+
+Send a signed message under Unix directly to sendmail, including headers:
+
+ openssl smime -sign -in in.txt -text -signer mycert.pem \
+	-from steve@openssl.org -to someone@somewhere \
+	-subject "Signed message" | sendmail someone@somewhere
+
+Verify a message and extract the signer's certificate if successful:
+
+ openssl smime -verify -in mail.msg -signer user.pem -out signedtext.txt
+
+Send encrypted mail using triple DES:
+
+ openssl smime -encrypt -in in.txt -from steve@openssl.org \
+	-to someone@somewhere -subject "Encrypted message" \
+	-des3 user.pem -out mail.msg
+
+Sign and encrypt mail:
+
+ openssl smime -sign -in ml.txt -signer my.pem -text \
+	| openssl smime -encrypt -out mail.msg \
+	-from steve@openssl.org -to someone@somewhere \
+	-subject "Signed and Encrypted message" -des3 user.pem
+
+Note: the encryption command does not include the B<-text> option because the message
+being encrypted already has MIME headers.
+
+Decrypt mail:
+
+ openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
+
+The output from Netscape form signing is a PKCS#7 structure with the
+detached signature format. You can use this program to verify the
+signature by line wrapping the base64 encoded structure and surrounding
+it with:
+
+ -----BEGIN PKCS7-----
+ -----END PKCS7-----
+
+and using the command, 
+
+ openssl smime -verify -inform PEM -in signature.pem -content content.txt
+
+alternatively you can base64 decode the signature and use
+
+ openssl smime -verify -inform DER -in signature.der -content content.txt
+
+=head1 BUGS
+
+The MIME parser isn't very clever: it seems to handle most messages that I've thrown
+at it but it may choke on others.
+
+The code currently will only write out the signer's certificate to a file: if the
+signer has a separate encryption certificate this must be manually extracted. There
+should be some heuristic that determines the correct encryption certificate.
+
+Ideally a database should be maintained of a certificates for each email address.
+
+The code doesn't currently take note of the permitted symmetric encryption
+algorithms as supplied in the SMIMECapabilities signed attribute. this means the
+user has to manually include the correct encryption algorithm. It should store
+the list of permitted ciphers in a database and only use those.
+
+No revocation checking is done on the signer's certificate.
+
+The current code can only handle S/MIME v2 messages, the more complex S/MIME v3
+structures may cause parsing errors.
+
+=cut
diff --git a/doc/apps/speed.pod b/doc/apps/speed.pod
new file mode 100644
index 0000000000..0dcdba873e
--- /dev/null
+++ b/doc/apps/speed.pod
@@ -0,0 +1,59 @@
+=pod
+
+=head1 NAME
+
+speed - test library performance
+
+=head1 SYNOPSIS
+
+B<openssl speed>
+[B<-engine id>]
+[B<md2>]
+[B<mdc2>]
+[B<md5>]
+[B<hmac>]
+[B<sha1>]
+[B<rmd160>]
+[B<idea-cbc>]
+[B<rc2-cbc>]
+[B<rc5-cbc>]
+[B<bf-cbc>]
+[B<des-cbc>]
+[B<des-ede3>]
+[B<rc4>]
+[B<rsa512>]
+[B<rsa1024>]
+[B<rsa2048>]
+[B<rsa4096>]
+[B<dsa512>]
+[B<dsa1024>]
+[B<dsa2048>]
+[B<idea>]
+[B<rc2>]
+[B<des>]
+[B<rsa>]
+[B<blowfish>]
+
+=head1 DESCRIPTION
+
+This command is used to test the performance of cryptographic algorithms.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-engine id>
+
+specifying an engine (by it's unique B<id> string) will cause B<speed>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+
+=item B<[zero or more test algorithms]>
+
+If any options are given, B<speed> tests those algorithms, otherwise all of
+the above are tested.
+
+=back
+
+=cut
diff --git a/doc/apps/spkac.pod b/doc/apps/spkac.pod
new file mode 100644
index 0000000000..bb84dfbe33
--- /dev/null
+++ b/doc/apps/spkac.pod
@@ -0,0 +1,127 @@
+=pod
+
+=head1 NAME
+
+spkac - SPKAC printing and generating utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<spkac>
+[B<-in filename>]
+[B<-out filename>]
+[B<-key keyfile>]
+[B<-passin arg>]
+[B<-challenge string>]
+[B<-pubkey>]
+[B<-spkac spkacname>]
+[B<-spksect section>]
+[B<-noout>]
+[B<-verify>]
+
+
+=head1 DESCRIPTION
+
+The B<spkac> command processes Netscape signed public key and challenge
+(SPKAC) files. It can print out their contents, verify the signature and
+produce its own SPKACs from a supplied private key.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-in filename>
+
+This specifies the input filename to read from or standard input if this
+option is not specified. Ignored if the B<-key> option is used.
+
+=item B<-out filename>
+
+specifies the output filename to write to or standard output by
+default.
+
+=item B<-key keyfile>
+
+create an SPKAC file using the private key in B<keyfile>. The
+B<-in>, B<-noout>, B<-spksect> and B<-verify> options are ignored if
+present.
+
+=item B<-passin password>
+
+the input file password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+
+=item B<-challenge string>
+
+specifies the challenge string if an SPKAC is being created.
+
+=item B<-spkac spkacname>
+
+allows an alternative name form the variable containing the
+SPKAC. The default is "SPKAC". This option affects both
+generated and input SPKAC files.
+
+=item B<-spksect section>
+
+allows an alternative name form the section containing the
+SPKAC. The default is the default section.
+
+=item B<-noout>
+
+don't output the text version of the SPKAC (not used if an
+SPKAC is being created).
+
+=item B<-pubkey>
+
+output the public key of an SPKAC (not used if an SPKAC is
+being created).
+
+=item B<-verify>
+
+verifies the digital signature on the supplied SPKAC.
+
+
+=back
+
+=head1 EXAMPLES
+
+Print out the contents of an SPKAC:
+
+ openssl spkac -in spkac.cnf
+
+Verify the signature of an SPKAC:
+
+ openssl spkac -in spkac.cnf -noout -verify
+
+Create an SPKAC using the challenge string "hello":
+
+ openssl spkac -key key.pem -challenge hello -out spkac.cnf
+
+Example of an SPKAC, (long lines split up for clarity):
+
+ SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\
+ PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\
+ PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\
+ 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\
+ 4=
+
+=head1 NOTES
+
+A created SPKAC with suitable DN components appended can be fed into
+the B<ca> utility.
+
+SPKACs are typically generated by Netscape when a form is submitted
+containing the B<KEYGEN> tag as part of the certificate enrollment
+process.
+
+The challenge string permits a primitive form of proof of possession
+of private key. By checking the SPKAC signature and a random challenge
+string some guarantee is given that the user knows the private key
+corresponding to the public key being certified. This is important in
+some applications. Without this it is possible for a previous SPKAC
+to be used in a "replay attack".
+
+=head1 SEE ALSO
+
+L<ca(1)|ca(1)>
+
+=cut
diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod
new file mode 100644
index 0000000000..ea5c29c150
--- /dev/null
+++ b/doc/apps/verify.pod
@@ -0,0 +1,328 @@
+=pod
+
+=head1 NAME
+
+verify - Utility to verify certificates.
+
+=head1 SYNOPSIS
+
+B<openssl> B<verify>
+[B<-CApath directory>]
+[B<-CAfile file>]
+[B<-purpose purpose>]
+[B<-untrusted file>]
+[B<-help>]
+[B<-issuer_checks>]
+[B<-verbose>]
+[B<->]
+[certificates]
+
+
+=head1 DESCRIPTION
+
+The B<verify> command verifies certificate chains.
+
+=head1 COMMAND OPTIONS
+
+=over 4
+
+=item B<-CApath directory>
+
+A directory of trusted certificates. The certificates should have names
+of the form: hash.0 or have symbolic links to them of this
+form ("hash" is the hashed certificate subject name: see the B<-hash> option
+of the B<x509> utility). Under Unix the B<c_rehash> script will automatically
+create symbolic links to a directory of certificates.
+
+=item B<-CAfile file>
+
+A file of trusted certificates. The file should contain multiple certificates
+in PEM format concatenated together.
+
+=item B<-untrusted file>
+
+A file of untrusted certificates. The file should contain multiple certificates
+
+=item B<-purpose purpose>
+
+the intended use for the certificate. Without this option no chain verification
+will be done. Currently accepted uses are B<sslclient>, B<sslserver>,
+B<nssslserver>, B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION>
+section for more information.
+
+=item B<-help>
+
+prints out a usage message.
+
+=item B<-verbose>
+
+print extra information about the operations being performed.
+
+=item B<-issuer_checks>
+
+print out diagnostics relating to searches for the issuer certificate
+of the current certificate. This shows why each candidate issuer
+certificate was rejected. However the presence of rejection messages
+does not itself imply that anything is wrong: during the normal
+verify process several rejections may take place.
+
+=item B<->
+
+marks the last option. All arguments following this are assumed to be
+certificate files. This is useful if the first certificate filename begins
+with a B<->.
+
+=item B<certificates>
+
+one or more certificates to verify. If no certificate filenames are included
+then an attempt is made to read a certificate from standard input. They should
+all be in PEM format.
+
+
+=back
+
+=head1 VERIFY OPERATION
+
+The B<verify> program uses the same functions as the internal SSL and S/MIME
+verification, therefore this description applies to these verify operations
+too.
+
+There is one crucial difference between the verify operations performed
+by the B<verify> program: wherever possible an attempt is made to continue
+after an error whereas normally the verify operation would halt on the
+first error. This allows all the problems with a certificate chain to be
+determined.
+
+The verify operation consists of a number of separate steps.
+
+Firstly a certificate chain is built up starting from the supplied certificate
+and ending in the root CA. It is an error if the whole chain cannot be built
+up. The chain is built up by looking up the issuers certificate of the current
+certificate. If a certificate is found which is its own issuer it is assumed 
+to be the root CA.
+
+The process of 'looking up the issuers certificate' itself involves a number
+of steps. In versions of OpenSSL before 0.9.5a the first certificate whose
+subject name matched the issuer of the current certificate was assumed to be
+the issuers certificate. In OpenSSL 0.9.6 and later all certificates
+whose subject name matches the issuer name of the current certificate are 
+subject to further tests. The relevant authority key identifier components
+of the current certificate (if present) must match the subject key identifier
+(if present) and issuer and serial number of the candidate issuer, in addition
+the keyUsage extension of the candidate issuer (if present) must permit
+certificate signing.
+
+The lookup first looks in the list of untrusted certificates and if no match
+is found the remaining lookups are from the trusted certificates. The root CA
+is always looked up in the trusted certificate list: if the certificate to
+verify is a root certificate then an exact match must be found in the trusted
+list.
+
+The second operation is to check every untrusted certificate's extensions for
+consistency with the supplied purpose. If the B<-purpose> option is not included
+then no checks are done. The supplied or "leaf" certificate must have extensions
+compatible with the supplied purpose and all other certificates must also be valid
+CA certificates. The precise extensions required are described in more detail in
+the B<CERTIFICATE EXTENSIONS> section of the B<x509> utility.
+
+The third operation is to check the trust settings on the root CA. The root
+CA should be trusted for the supplied purpose. For compatibility with previous
+versions of SSLeay and OpenSSL a certificate with no trust settings is considered
+to be valid for all purposes. 
+
+The final operation is to check the validity of the certificate chain. The validity
+period is checked against the current system time and the notBefore and notAfter
+dates in the certificate. The certificate signatures are also checked at this
+point.
+
+If all operations complete successfully then certificate is considered valid. If
+any operation fails then the certificate is not valid.
+
+=head1 DIAGNOSTICS
+
+When a verify operation fails the output messages can be somewhat cryptic. The
+general form of the error message is:
+
+ server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
+ error 24 at 1 depth lookup:invalid CA certificate
+
+The first line contains the name of the certificate being verified followed by
+the subject name of the certificate. The second line contains the error number
+and the depth. The depth is number of the certificate being verified when a
+problem was detected starting with zero for the certificate being verified itself
+then 1 for the CA that signed the certificate and so on. Finally a text version
+of the error number is presented.
+
+An exhaustive list of the error codes and messages is shown below, this also
+includes the name of the error code as defined in the header file x509_vfy.h
+Some of the error codes are defined but never returned: these are described
+as "unused".
+
+=over 4
+
+=item B<0 X509_V_OK: ok>
+
+the operation was successful.
+
+=item B<2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: unable to get issuer certificate>
+
+the issuer certificate could not be found: this occurs if the issuer certificate
+of an untrusted certificate cannot be found.
+
+=item B<3 X509_V_ERR_UNABLE_TO_GET_CRL unable to get certificate CRL>
+
+the CRL of a certificate could not be found. Unused.
+
+=item B<4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: unable to decrypt certificate's signature>
+
+the certificate signature could not be decrypted. This means that the actual signature value
+could not be determined rather than it not matching the expected value, this is only
+meaningful for RSA keys.
+
+=item B<5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: unable to decrypt CRL's signature>
+
+the CRL signature could not be decrypted: this means that the actual signature value
+could not be determined rather than it not matching the expected value. Unused.
+
+=item B<6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: unable to decode issuer public key>
+
+the public key in the certificate SubjectPublicKeyInfo could not be read.
+
+=item B<7 X509_V_ERR_CERT_SIGNATURE_FAILURE: certificate signature failure>
+
+the signature of the certificate is invalid.
+
+=item B<8 X509_V_ERR_CRL_SIGNATURE_FAILURE: CRL signature failure>
+
+the signature of the certificate is invalid. Unused.
+
+=item B<9 X509_V_ERR_CERT_NOT_YET_VALID: certificate is not yet valid>
+
+the certificate is not yet valid: the notBefore date is after the current time.
+
+=item B<10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired>
+
+the certificate has expired: that is the notAfter date is before the current time.
+
+=item B<11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
+
+the CRL is not yet valid. Unused.
+
+=item B<12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
+
+the CRL has expired. Unused.
+
+=item B<13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: format error in certificate's notBefore field>
+
+the certificate notBefore field contains an invalid time.
+
+=item B<14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: format error in certificate's notAfter field>
+
+the certificate notAfter field contains an invalid time.
+
+=item B<15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD: format error in CRL's lastUpdate field>
+
+the CRL lastUpdate field contains an invalid time. Unused.
+
+=item B<16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: format error in CRL's nextUpdate field>
+
+the CRL nextUpdate field contains an invalid time. Unused.
+
+=item B<17 X509_V_ERR_OUT_OF_MEM: out of memory>
+
+an error occurred trying to allocate memory. This should never happen.
+
+=item B<18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: self signed certificate>
+
+the passed certificate is self signed and the same certificate cannot be found in the list of
+trusted certificates.
+
+=item B<19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain>
+
+the certificate chain could be built up using the untrusted certificates but the root could not
+be found locally.
+
+=item B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate>
+
+the issuer certificate of a locally looked up certificate could not be found. This normally means
+the list of trusted certificates is not complete.
+
+=item B<21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: unable to verify the first certificate>
+
+no signatures could be verified because the chain contains only one certificate and it is not
+self signed.
+
+=item B<22 X509_V_ERR_CERT_CHAIN_TOO_LONG: certificate chain too long>
+
+the certificate chain length is greater than the supplied maximum depth. Unused.
+
+=item B<23 X509_V_ERR_CERT_REVOKED: certificate revoked>
+
+the certificate has been revoked. Unused.
+
+=item B<24 X509_V_ERR_INVALID_CA: invalid CA certificate>
+
+a CA certificate is invalid. Either it is not a CA or its extensions are not consistent
+with the supplied purpose.
+
+=item B<25 X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded>
+
+the basicConstraints pathlength parameter has been exceeded.
+
+=item B<26 X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose>
+
+the supplied certificate cannot be used for the specified purpose.
+
+=item B<27 X509_V_ERR_CERT_UNTRUSTED: certificate not trusted>
+
+the root CA is not marked as trusted for the specified purpose.
+
+=item B<28 X509_V_ERR_CERT_REJECTED: certificate rejected>
+
+the root CA is marked to reject the specified purpose.
+
+=item B<29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH: subject issuer mismatch>
+
+the current candidate issuer certificate was rejected because its subject name
+did not match the issuer name of the current certificate. Only displayed when
+the B<-issuer_checks> option is set.
+
+=item B<30 X509_V_ERR_AKID_SKID_MISMATCH: authority and subject key identifier mismatch>
+
+the current candidate issuer certificate was rejected because its subject key
+identifier was present and did not match the authority key identifier current
+certificate. Only displayed when the B<-issuer_checks> option is set.
+
+=item B<31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: authority and issuer serial number mismatch>
+
+the current candidate issuer certificate was rejected because its issuer name
+and serial number was present and did not match the authority key identifier
+of the current certificate. Only displayed when the B<-issuer_checks> option is set.
+
+=item B<32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN:key usage does not include certificate signing>
+
+the current candidate issuer certificate was rejected because its keyUsage extension
+does not permit certificate signing.
+
+=item B<50 X509_V_ERR_APPLICATION_VERIFICATION: application verification failure>
+
+an application specific error. Unused.
+
+=back
+
+=head1 BUGS
+
+Although the issuer checks are a considerably improvement over the old technique they still
+suffer from limitations in the underlying X509_LOOKUP API. One consequence of this is that
+trusted certificates with matching subject name must either appear in a file (as specified by the
+B<-CAfile> option) or a directory (as specified by B<-CApath>. If they occur in both then only
+the certificates in the file will be recognised.
+
+Previous versions of OpenSSL assume certificates with matching subject name are identical and
+mishandled them.
+
+=head1 SEE ALSO
+
+L<x509(1)|x509(1)>
+
+=cut
diff --git a/doc/apps/version.pod b/doc/apps/version.pod
new file mode 100644
index 0000000000..e00324c446
--- /dev/null
+++ b/doc/apps/version.pod
@@ -0,0 +1,64 @@
+=pod
+
+=head1 NAME
+
+version - print OpenSSL version information
+
+=head1 SYNOPSIS
+
+B<openssl version>
+[B<-a>]
+[B<-v>]
+[B<-b>]
+[B<-o>]
+[B<-f>]
+[B<-p>]
+
+=head1 DESCRIPTION
+
+This command is used to print out version information about OpenSSL.
+
+=head1 OPTIONS
+
+=over 4
+
+=item B<-a>
+
+all information, this is the same as setting all the other flags.
+
+=item B<-v>
+
+the current OpenSSL version.
+
+=item B<-b>
+
+the date the current version of OpenSSL was built.
+
+=item B<-o>
+
+option information: various options set when the library was built.
+
+=item B<-c>
+
+compilation flags.
+
+=item B<-p>
+
+platform setting.
+
+=item B<-d>
+
+OPENSSLDIR setting.
+
+=back
+
+=head1 NOTES
+
+The output of B<openssl version -a> would typically be used when sending
+in a bug report.
+
+=head1 HISTORY
+
+The B<-d> option was added in OpenSSL 0.9.7.
+
+=cut
diff --git a/doc/apps/x509.pod b/doc/apps/x509.pod
new file mode 100644
index 0000000000..674bfd17cd
--- /dev/null
+++ b/doc/apps/x509.pod
@@ -0,0 +1,811 @@
+
+=pod
+
+=head1 NAME
+
+x509 - Certificate display and signing utility
+
+=head1 SYNOPSIS
+
+B<openssl> B<x509>
+[B<-inform DER|PEM|NET>]
+[B<-outform DER|PEM|NET>]
+[B<-keyform DER|PEM>]
+[B<-CAform DER|PEM>]
+[B<-CAkeyform DER|PEM>]
+[B<-in filename>]
+[B<-out filename>]
+[B<-serial>]
+[B<-hash>]
+[B<-subject>]
+[B<-issuer>]
+[B<-nameopt option>]
+[B<-email>]
+[B<-startdate>]
+[B<-enddate>]
+[B<-purpose>]
+[B<-dates>]
+[B<-modulus>]
+[B<-fingerprint>]
+[B<-alias>]
+[B<-noout>]
+[B<-trustout>]
+[B<-clrtrust>]
+[B<-clrreject>]
+[B<-addtrust arg>]
+[B<-addreject arg>]
+[B<-setalias arg>]
+[B<-days arg>]
+[B<-set_serial n>]
+[B<-signkey filename>]
+[B<-x509toreq>]
+[B<-req>]
+[B<-CA filename>]
+[B<-CAkey filename>]
+[B<-CAcreateserial>]
+[B<-CAserial filename>]
+[B<-text>]
+[B<-C>]
+[B<-md2|-md5|-sha1|-mdc2>]
+[B<-clrext>]
+[B<-extfile filename>]
+[B<-extensions section>]
+
+=head1 DESCRIPTION
+
+The B<x509> command is a multi purpose certificate utility. It can be
+used to display certificate information, convert certificates to
+various forms, sign certificate requests like a "mini CA" or edit
+certificate trust settings.
+
+Since there are a large number of options they will split up into
+various sections.
+
+=head1 OPTIONS
+
+=head2 INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS
+
+=over 4
+
+=item B<-inform DER|PEM|NET>
+
+This specifies the input format normally the command will expect an X509
+certificate but this can change if other options such as B<-req> are
+present. The DER format is the DER encoding of the certificate and PEM
+is the base64 encoding of the DER encoding with header and footer lines
+added. The NET option is an obscure Netscape server format that is now
+obsolete.
+
+=item B<-outform DER|PEM|NET>
+
+This specifies the output format, the options have the same meaning as the 
+B<-inform> option.
+
+=item B<-in filename>
+
+This specifies the input filename to read a certificate from or standard input
+if this option is not specified.
+
+=item B<-out filename>
+
+This specifies the output filename to write to or standard output by
+default.
+
+=item B<-md2|-md5|-sha1|-mdc2>
+
+the digest to use. This affects any signing or display option that uses a message
+digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not
+specified then MD5 is used. If the key being used to sign with is a DSA key then
+this option has no effect: SHA1 is always used with DSA keys.
+
+
+=back
+
+=head2 DISPLAY OPTIONS
+
+Note: the B<-alias> and B<-purpose> options are also display options
+but are described in the B<TRUST SETTINGS> section.
+
+=over 4
+
+=item B<-text>
+
+prints out the certificate in text form. Full details are output including the
+public key, signature algorithms, issuer and subject names, serial number
+any extensions present and any trust settings.
+
+=item B<-certopt option>
+
+customise the output format used with B<-text>. The B<option> argument can be
+a single option or multiple options separated by commas. The B<-certopt> switch
+may be also be used more than once to set multiple options. See the B<TEXT OPTIONS>
+section for more information.
+
+=item B<-noout>
+
+this option prevents output of the encoded version of the request.
+
+=item B<-modulus>
+
+this option prints out the value of the modulus of the public key
+contained in the certificate.
+
+=item B<-serial>
+
+outputs the certificate serial number.
+
+=item B<-hash>
+
+outputs the "hash" of the certificate subject name. This is used in OpenSSL to
+form an index to allow certificates in a directory to be looked up by subject
+name.
+
+=item B<-subject>
+
+outputs the subject name.
+
+=item B<-issuer>
+
+outputs the issuer name.
+
+=item B<-nameopt option>
+
+option which determines how the subject or issuer names are displayed. The
+B<option> argument can be a single option or multiple options separated by
+commas.  Alternatively the B<-nameopt> switch may be used more than once to
+set multiple options. See the B<NAME OPTIONS> section for more information.
+
+=item B<-email>
+
+outputs the email address(es) if any.
+
+=item B<-startdate>
+
+prints out the start date of the certificate, that is the notBefore date.
+
+=item B<-enddate>
+
+prints out the expiry date of the certificate, that is the notAfter date.
+
+=item B<-dates>
+
+prints out the start and expiry dates of a certificate.
+
+=item B<-fingerprint>
+
+prints out the digest of the DER encoded version of the whole certificate
+(see digest options).
+
+=item B<-C>
+
+this outputs the certificate in the form of a C source file.
+
+=back
+
+=head2 TRUST SETTINGS
+
+Please note these options are currently experimental and may well change.
+
+A B<trusted certificate> is an ordinary certificate which has several
+additional pieces of information attached to it such as the permitted
+and prohibited uses of the certificate and an "alias".
+
+Normally when a certificate is being verified at least one certificate
+must be "trusted". By default a trusted certificate must be stored
+locally and must be a root CA: any certificate chain ending in this CA
+is then usable for any purpose.
+
+Trust settings currently are only used with a root CA. They allow a finer
+control over the purposes the root CA can be used for. For example a CA
+may be trusted for SSL client but not SSL server use.
+
+See the description of the B<verify> utility for more information on the
+meaning of trust settings.
+
+Future versions of OpenSSL will recognize trust settings on any
+certificate: not just root CAs.
+
+
+=over 4
+
+=item B<-trustout>
+
+this causes B<x509> to output a B<trusted> certificate. An ordinary
+or trusted certificate can be input but by default an ordinary
+certificate is output and any trust settings are discarded. With the
+B<-trustout> option a trusted certificate is output. A trusted
+certificate is automatically output if any trust settings are modified.
+
+=item B<-setalias arg>
+
+sets the alias of the certificate. This will allow the certificate
+to be referred to using a nickname for example "Steve's Certificate".
+
+=item B<-alias>
+
+outputs the certificate alias, if any.
+
+=item B<-clrtrust>
+
+clears all the permitted or trusted uses of the certificate.
+
+=item B<-clrreject>
+
+clears all the prohibited or rejected uses of the certificate.
+
+=item B<-addtrust arg>
+
+adds a trusted certificate use. Any object name can be used here
+but currently only B<clientAuth> (SSL client use), B<serverAuth>
+(SSL server use) and B<emailProtection> (S/MIME email) are used.
+Other OpenSSL applications may define additional uses.
+
+=item B<-addreject arg>
+
+adds a prohibited use. It accepts the same values as the B<-addtrust>
+option.
+
+=item B<-purpose>
+
+this option performs tests on the certificate extensions and outputs
+the results. For a more complete description see the B<CERTIFICATE
+EXTENSIONS> section.
+
+=back
+
+=head2 SIGNING OPTIONS
+
+The B<x509> utility can be used to sign certificates and requests: it
+can thus behave like a "mini CA".
+
+=over 4
+
+=item B<-signkey filename>
+
+this option causes the input file to be self signed using the supplied
+private key. 
+
+If the input file is a certificate it sets the issuer name to the
+subject name (i.e.  makes it self signed) changes the public key to the
+supplied value and changes the start and end dates. The start date is
+set to the current time and the end date is set to a value determined
+by the B<-days> option. Any certificate extensions are retained unless
+the B<-clrext> option is supplied.
+
+If the input is a certificate request then a self signed certificate
+is created using the supplied private key using the subject name in
+the request.
+
+=item B<-clrext>
+
+delete any extensions from a certificate. This option is used when a
+certificate is being created from another certificate (for example with
+the B<-signkey> or the B<-CA> options). Normally all extensions are
+retained.
+
+=item B<-keyform PEM|DER>
+
+specifies the format (DER or PEM) of the private key file used in the
+B<-signkey> option.
+
+=item B<-days arg>
+
+specifies the number of days to make a certificate valid for. The default
+is 30 days.
+
+=item B<-x509toreq>
+
+converts a certificate into a certificate request. The B<-signkey> option
+is used to pass the required private key.
+
+=item B<-req>
+
+by default a certificate is expected on input. With this option a
+certificate request is expected instead.
+
+=item B<-set_serial n>
+
+specifies the serial number to use. This option can be used with either
+the B<-signkey> or B<-CA> options. If used in conjunction with the B<-CA>
+option the serial number file (as specified by the B<-CAserial> or
+B<-CAcreateserial> options) is not used.
+
+The serial number can be decimal or hex (if preceded by B<0x>). Negative
+serial numbers can also be specified but their use is not recommended.
+
+=item B<-CA filename>
+
+specifies the CA certificate to be used for signing. When this option is
+present B<x509> behaves like a "mini CA". The input file is signed by this
+CA using this option: that is its issuer name is set to the subject name
+of the CA and it is digitally signed using the CAs private key.
+
+This option is normally combined with the B<-req> option. Without the
+B<-req> option the input is a certificate which must be self signed.
+
+=item B<-CAkey filename>
+
+sets the CA private key to sign a certificate with. If this option is
+not specified then it is assumed that the CA private key is present in
+the CA certificate file.
+
+=item B<-CAserial filename>
+
+sets the CA serial number file to use.
+
+When the B<-CA> option is used to sign a certificate it uses a serial
+number specified in a file. This file consist of one line containing
+an even number of hex digits with the serial number to use. After each
+use the serial number is incremented and written out to the file again.
+
+The default filename consists of the CA certificate file base name with
+".srl" appended. For example if the CA certificate file is called 
+"mycacert.pem" it expects to find a serial number file called "mycacert.srl".
+
+=item B<-CAcreateserial>
+
+with this option the CA serial number file is created if it does not exist:
+it will contain the serial number "02" and the certificate being signed will
+have the 1 as its serial number. Normally if the B<-CA> option is specified
+and the serial number file does not exist it is an error.
+
+=item B<-extfile filename>
+
+file containing certificate extensions to use. If not specified then
+no extensions are added to the certificate.
+
+=item B<-extensions section>
+
+the section to add certificate extensions from. If this option is not
+specified then the extensions should either be contained in the unnamed
+(default) section or the default section should contain a variable called
+"extensions" which contains the section to use.
+
+=back
+
+=head2 NAME OPTIONS
+
+The B<nameopt> command line switch determines how the subject and issuer
+names are displayed. If no B<nameopt> switch is present the default "oneline"
+format is used which is compatible with previous versions of OpenSSL.
+Each option is described in detail below, all options can be preceded by
+a B<-> to turn the option off. Only the first four will normally be used.
+
+=over 4
+
+=item B<compat>
+
+use the old format. This is equivalent to specifying no name options at all.
+
+=item B<RFC2253>
+
+displays names compatible with RFC2253 equivalent to B<esc_2253>, B<esc_ctrl>,
+B<esc_msb>, B<utf8>, B<dump_nostr>, B<dump_unknown>, B<dump_der>,
+B<sep_comma_plus>, B<dn_rev> and B<sname>.
+
+=item B<oneline>
+
+a oneline format which is more readable than RFC2253. It is equivalent to
+specifying the  B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, B<dump_nostr>,
+B<dump_der>, B<use_quote>, B<sep_comma_plus_spc>, B<spc_eq> and B<sname>
+options.
+
+=item B<multiline>
+
+a multiline format. It is equivalent B<esc_ctrl>, B<esc_msb>, B<sep_multiline>,
+B<spc_eq>, B<lname> and B<align>.
+
+=item B<esc_2253>
+
+escape the "special" characters required by RFC2253 in a field That is
+B<,+"E<lt>E<gt>;>. Additionally B<#> is escaped at the beginning of a string
+and a space character at the beginning or end of a string.
+
+=item B<esc_ctrl>
+
+escape control characters. That is those with ASCII values less than
+0x20 (space) and the delete (0x7f) character. They are escaped using the
+RFC2253 \XX notation (where XX are two hex digits representing the
+character value).
+
+=item B<esc_msb>
+
+escape characters with the MSB set, that is with ASCII values larger than
+127.
+
+=item B<use_quote>
+
+escapes some characters by surrounding the whole string with B<"> characters,
+without the option all escaping is done with the B<\> character.
+
+=item B<utf8>
+
+convert all strings to UTF8 format first. This is required by RFC2253. If
+you are lucky enough to have a UTF8 compatible terminal then the use
+of this option (and B<not> setting B<esc_msb>) may result in the correct
+display of multibyte (international) characters. Is this option is not
+present then multibyte characters larger than 0xff will be represented
+using the format \UXXXX for 16 bits and \WXXXXXXXX for 32 bits.
+Also if this option is off any UTF8Strings will be converted to their
+character form first.
+
+=item B<no_type>
+
+this option does not attempt to interpret multibyte characters in any
+way. That is their content octets are merely dumped as though one octet
+represents each character. This is useful for diagnostic purposes but
+will result in rather odd looking output.
+
+=item B<show_type>
+
+show the type of the ASN1 character string. The type precedes the
+field contents. For example "BMPSTRING: Hello World".
+
+=item B<dump_der>
+
+when this option is set any fields that need to be hexdumped will
+be dumped using the DER encoding of the field. Otherwise just the
+content octets will be displayed. Both options use the RFC2253
+B<#XXXX...> format.
+
+=item B<dump_nostr>
+
+dump non character string types (for example OCTET STRING) if this
+option is not set then non character string types will be displayed
+as though each content octet represents a single character.
+
+=item B<dump_all>
+
+dump all fields. This option when used with B<dump_der> allows the
+DER encoding of the structure to be unambiguously determined.
+
+=item B<dump_unknown>
+
+dump any field whose OID is not recognised by OpenSSL.
+
+=item B<sep_comma_plus>, B<sep_comma_plus_space>, B<sep_semi_plus_space>,
+B<sep_multiline>
+
+these options determine the field separators. The first character is
+between RDNs and the second between multiple AVAs (multiple AVAs are
+very rare and their use is discouraged). The options ending in
+"space" additionally place a space after the separator to make it
+more readable. The B<sep_multiline> uses a linefeed character for
+the RDN separator and a spaced B<+> for the AVA separator. It also
+indents the fields by four characters.
+
+=item B<dn_rev>
+
+reverse the fields of the DN. This is required by RFC2253. As a side
+effect this also reverses the order of multiple AVAs but this is
+permissible.
+
+=item B<nofname>, B<sname>, B<lname>, B<oid>
+
+these options alter how the field name is displayed. B<nofname> does
+not display the field at all. B<sname> uses the "short name" form
+(CN for commonName for example). B<lname> uses the long form.
+B<oid> represents the OID in numerical form and is useful for
+diagnostic purpose.
+
+=item B<align>
+
+align field values for a more readable output. Only usable with
+B<sep_multiline>.
+
+=item B<spc_eq>
+
+places spaces round the B<=> character which follows the field
+name.
+
+=back
+
+=head2 TEXT OPTIONS
+
+As well as customising the name output format, it is also possible to
+customise the actual fields printed using the B<certopt> options when
+the B<text> option is present. The default behaviour is to print all fields.
+
+=over 4
+
+=item B<compatible>
+
+use the old format. This is equivalent to specifying no output options at all.
+
+=item B<no_header>
+
+don't print header information: that is the lines saying "Certificate" and "Data".
+
+=item B<no_version>
+
+don't print out the version number.
+
+=item B<no_serial>
+
+don't print out the serial number.
+
+=item B<no_signame>
+
+don't print out the signature algorithm used.
+
+=item B<no_validity>
+
+don't print the validity, that is the B<notBefore> and B<notAfter> fields.
+
+=item B<no_subject>
+
+don't print out the subject name.
+
+=item B<no_issuer>
+
+don't print out the issuer name.
+
+=item B<no_pubkey>
+
+don't print out the public key.
+
+=item B<no_sigdump>
+
+don't give a hexadecimal dump of the certificate signature.
+
+=item B<no_aux>
+
+don't print out certificate trust information.
+
+=item B<no_extensions>
+
+don't print out any X509V3 extensions.
+
+=item B<ext_default>
+
+retain default extension behaviour: attempt to print out unsupported certificate extensions.
+
+=item B<ext_error>
+
+print an error message for unsupported certificate extensions.
+
+=item B<ext_parse>
+
+ASN1 parse unsupported extensions.
+
+=item B<ext_dump>
+
+hex dump unsupported extensions.
+
+=item B<ca_default>
+
+the value used by the B<ca> utility, equivalent to B<no_issuer>, B<no_pubkey>, B<no_header>,
+B<no_version>, B<no_sigdump> and B<no_signame>.
+
+=back
+
+=head1 EXAMPLES
+
+Note: in these examples the '\' means the example should be all on one
+line.
+
+Display the contents of a certificate:
+
+ openssl x509 -in cert.pem -noout -text
+
+Display the certificate serial number:
+
+ openssl x509 -in cert.pem -noout -serial
+
+Display the certificate subject name:
+
+ openssl x509 -in cert.pem -noout -subject
+
+Display the certificate subject name in RFC2253 form:
+
+ openssl x509 -in cert.pem -noout -subject -nameopt RFC2253
+
+Display the certificate subject name in oneline form on a terminal
+supporting UTF8:
+
+ openssl x509 -in cert.pem -noout -subject -nameopt oneline,-escmsb
+
+Display the certificate MD5 fingerprint:
+
+ openssl x509 -in cert.pem -noout -fingerprint
+
+Display the certificate SHA1 fingerprint:
+
+ openssl x509 -sha1 -in cert.pem -noout -fingerprint
+
+Convert a certificate from PEM to DER format:
+
+ openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
+
+Convert a certificate to a certificate request:
+
+ openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem
+
+Convert a certificate request into a self signed certificate using
+extensions for a CA:
+
+ openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \
+	-signkey key.pem -out cacert.pem
+
+Sign a certificate request using the CA certificate above and add user
+certificate extensions:
+
+ openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \
+	-CA cacert.pem -CAkey key.pem -CAcreateserial
+
+
+Set a certificate to be trusted for SSL client use and change set its alias to
+"Steve's Class 1 CA"
+
+ openssl x509 -in cert.pem -addtrust sslclient \
+	-alias "Steve's Class 1 CA" -out trust.pem
+
+=head1 NOTES
+
+The PEM format uses the header and footer lines:
+
+ -----BEGIN CERTIFICATE-----
+ -----END CERTIFICATE-----
+
+it will also handle files containing:
+
+ -----BEGIN X509 CERTIFICATE-----
+ -----END X509 CERTIFICATE-----
+
+Trusted certificates have the lines
+
+ -----BEGIN TRUSTED CERTIFICATE-----
+ -----END TRUSTED CERTIFICATE-----
+
+The conversion to UTF8 format used with the name options assumes that
+T61Strings use the ISO8859-1 character set. This is wrong but Netscape
+and MSIE do this as do many certificates. So although this is incorrect
+it is more likely to display the majority of certificates correctly.
+
+The B<-fingerprint> option takes the digest of the DER encoded certificate.
+This is commonly called a "fingerprint". Because of the nature of message
+digests the fingerprint of a certificate is unique to that certificate and
+two certificates with the same fingerprint can be considered to be the same.
+
+The Netscape fingerprint uses MD5 whereas MSIE uses SHA1.
+
+The B<-email> option searches the subject name and the subject alternative
+name extension. Only unique email addresses will be printed out: it will
+not print the same address more than once.
+
+=head1 CERTIFICATE EXTENSIONS
+
+The B<-purpose> option checks the certificate extensions and determines
+what the certificate can be used for. The actual checks done are rather
+complex and include various hacks and workarounds to handle broken
+certificates and software.
+
+The same code is used when verifying untrusted certificates in chains
+so this section is useful if a chain is rejected by the verify code.
+
+The basicConstraints extension CA flag is used to determine whether the
+certificate can be used as a CA. If the CA flag is true then it is a CA,
+if the CA flag is false then it is not a CA. B<All> CAs should have the
+CA flag set to true.
+
+If the basicConstraints extension is absent then the certificate is
+considered to be a "possible CA" other extensions are checked according
+to the intended use of the certificate. A warning is given in this case
+because the certificate should really not be regarded as a CA: however
+it is allowed to be a CA to work around some broken software.
+
+If the certificate is a V1 certificate (and thus has no extensions) and
+it is self signed it is also assumed to be a CA but a warning is again
+given: this is to work around the problem of Verisign roots which are V1
+self signed certificates.
+
+If the keyUsage extension is present then additional restraints are
+made on the uses of the certificate. A CA certificate B<must> have the
+keyCertSign bit set if the keyUsage extension is present.
+
+The extended key usage extension places additional restrictions on the
+certificate uses. If this extension is present (whether critical or not)
+the key can only be used for the purposes specified.
+
+A complete description of each test is given below. The comments about
+basicConstraints and keyUsage and V1 certificates above apply to B<all>
+CA certificates.
+
+
+=over 4
+
+=item B<SSL Client>
+
+The extended key usage extension must be absent or include the "web client
+authentication" OID.  keyUsage must be absent or it must have the
+digitalSignature bit set. Netscape certificate type must be absent or it must
+have the SSL client bit set.
+
+=item B<SSL Client CA>
+
+The extended key usage extension must be absent or include the "web client
+authentication" OID. Netscape certificate type must be absent or it must have
+the SSL CA bit set: this is used as a work around if the basicConstraints
+extension is absent.
+
+=item B<SSL Server>
+
+The extended key usage extension must be absent or include the "web server
+authentication" and/or one of the SGC OIDs.  keyUsage must be absent or it
+must have the digitalSignature, the keyEncipherment set or both bits set.
+Netscape certificate type must be absent or have the SSL server bit set.
+
+=item B<SSL Server CA>
+
+The extended key usage extension must be absent or include the "web server
+authentication" and/or one of the SGC OIDs.  Netscape certificate type must
+be absent or the SSL CA bit must be set: this is used as a work around if the
+basicConstraints extension is absent.
+
+=item B<Netscape SSL Server>
+
+For Netscape SSL clients to connect to an SSL server it must have the
+keyEncipherment bit set if the keyUsage extension is present. This isn't
+always valid because some cipher suites use the key for digital signing.
+Otherwise it is the same as a normal SSL server.
+
+=item B<Common S/MIME Client Tests>
+
+The extended key usage extension must be absent or include the "email
+protection" OID. Netscape certificate type must be absent or should have the
+S/MIME bit set. If the S/MIME bit is not set in netscape certificate type
+then the SSL client bit is tolerated as an alternative but a warning is shown:
+this is because some Verisign certificates don't set the S/MIME bit.
+
+=item B<S/MIME Signing>
+
+In addition to the common S/MIME client tests the digitalSignature bit must
+be set if the keyUsage extension is present.
+
+=item B<S/MIME Encryption>
+
+In addition to the common S/MIME tests the keyEncipherment bit must be set
+if the keyUsage extension is present.
+
+=item B<S/MIME CA>
+
+The extended key usage extension must be absent or include the "email
+protection" OID. Netscape certificate type must be absent or must have the
+S/MIME CA bit set: this is used as a work around if the basicConstraints
+extension is absent. 
+
+=item B<CRL Signing>
+
+The keyUsage extension must be absent or it must have the CRL signing bit
+set.
+
+=item B<CRL Signing CA>
+
+The normal CA tests apply. Except in this case the basicConstraints extension
+must be present.
+
+=back
+
+=head1 BUGS
+
+Extensions in certificates are not transferred to certificate requests and
+vice versa.
+
+It is possible to produce invalid certificates or requests by specifying the
+wrong private key or using inconsistent options in some cases: these should
+be checked.
+
+There should be options to explicitly set such things as start and end
+dates rather than an offset from the current time.
+
+The code to implement the verify behaviour described in the B<TRUST SETTINGS>
+is currently being developed. It thus describes the intended behaviour rather
+than the current behaviour. It is hoped that it will represent reality in
+OpenSSL 0.9.5 and later.
+
+=head1 SEE ALSO
+
+L<req(1)|req(1)>, L<ca(1)|ca(1)>, L<genrsa(1)|genrsa(1)>,
+L<gendsa(1)|gendsa(1)>, L<verify(1)|verify(1)>
+
+=cut
diff --git a/doc/asn1.doc b/doc/asn1.doc
deleted file mode 100644
index fdad17c05c..0000000000
--- a/doc/asn1.doc
+++ /dev/null
@@ -1,401 +0,0 @@
-The ASN.1 Routines.
-
-ASN.1 is a specification for how to encode structured 'data' in binary form.
-The approach I have take to the manipulation of structures and their encoding
-into ASN.1 is as follows.
-
-For each distinct structure there are 4 function of the following form
-TYPE *TYPE_new(void);
-void TYPE_free(TYPE *);
-TYPE *d2i_TYPE(TYPE **a,unsigned char **pp,long length);
-long i2d_TYPE(TYPE *a,unsigned char **pp); 	/* CHECK RETURN VALUE */
-
-where TYPE is the type of the 'object'.  The TYPE that have these functions
-can be in one of 2 forms, either the internal C malloc()ed data structure
-or in the DER (a variant of ASN.1 encoding) binary encoding which is just
-an array of unsigned bytes.  The 'i2d' functions converts from the internal
-form to the DER form and the 'd2i' functions convert from the DER form to
-the internal form.
-
-The 'new' function returns a malloc()ed version of the structure with all
-substructures either created or left as NULL pointers.  For 'optional'
-fields, they are normally left as NULL to indicate no value.  For variable
-size sub structures (often 'SET OF' or 'SEQUENCE OF' in ASN.1 syntax) the
-STACK data type is used to hold the values.  Have a read of stack.doc
-and have a look at the relevant header files to see what I mean.  If there
-is an error while malloc()ing the structure, NULL is returned.
-
-The 'free' function will free() all the sub components of a particular
-structure.  If any of those sub components have been 'removed', replace
-them with NULL pointers, the 'free' functions are tolerant of NULL fields.
-
-The 'd2i' function copies a binary representation into a C structure.  It
-operates as follows.  'a' is a pointer to a pointer to
-the structure to populate, 'pp' is a pointer to a pointer to where the DER
-byte string is located and 'length' is the length of the '*pp' data.
-If there are no errors, a pointer to the populated structure is returned.
-If there is an error, NULL is returned.  Errors can occur because of
-malloc() failures but normally they will be due to syntax errors in the DER
-encoded data being parsed. It is also an error if there was an
-attempt to read more that 'length' bytes from '*p'.  If
-everything works correctly, the value in '*p' is updated
-to point at the location just beyond where the DER
-structure was read from.  In this way, chained calls to 'd2i' type
-functions can be made, with the pointer into the 'data' array being
-'walked' along the input byte array.
-Depending on the value passed for 'a', different things will be done.  If
-'a' is NULL, a new structure will be malloc()ed and returned.  If '*a' is
-NULL, a new structure will be malloc()ed and put into '*a' and returned.
-If '*a' is not NULL, the structure in '*a' will be populated, or in the
-case of an error, free()ed and then returned.
-Having these semantics means that a structure
-can call a 'd2i' function to populate a field and if the field is currently
-NULL, the structure will be created.
-
-The 'i2d' function type is used to copy a C structure to a byte array.
-The parameter 'a' is the structure to convert and '*p' is where to put it.
-As for the 'd2i' type structure, 'p' is updated to point after the last
-byte written.  If p is NULL, no data is written.  The function also returns
-the number of bytes written.  Where this becomes useful is that if the
-function is called with a NULL 'p' value, the length is returned.  This can
-then be used to malloc() an array of bytes and then the same function can
-be recalled passing the malloced array to be written to. e.g.
-
-int len;
-unsigned char *bytes,*p;
-len=i2d_X509(x,NULL);	/* get the size of the ASN1 encoding of 'x' */
-if ((bytes=(unsigned char *)malloc(len)) == NULL)
-	goto err;
-p=bytes;
-i2d_X509(x,&p);
-
-Please note that a new variable, 'p' was passed to i2d_X509.  After the
-call to i2d_X509 p has been incremented by len bytes.
-
-Now the reason for this functional organisation is that it allows nested
-structures to be built up by calling these functions as required.  There
-are various macros used to help write the general 'i2d', 'd2i', 'new' and
-'free' functions.  They are discussed in another file and would only be
-used by some-one wanting to add new structures to the library.  As you
-might be able to guess, the process of writing ASN.1 files can be a bit CPU
-expensive for complex structures.  I'm willing to live with this since the
-simpler library code make my life easier and hopefully most programs using
-these routines will have their execution profiles dominated by cipher or
-message digest routines.
-What follows is a list of 'TYPE' values and the corresponding ASN.1
-structure and where it is used.
-
-TYPE			ASN.1
-ASN1_INTEGER		INTEGER
-ASN1_BIT_STRING		BIT STRING
-ASN1_OCTET_STRING	OCTET STRING
-ASN1_OBJECT		OBJECT IDENTIFIER
-ASN1_PRINTABLESTRING	PrintableString
-ASN1_T61STRING		T61String
-ASN1_IA5STRING		IA5String
-ASN1_UTCTIME		UTCTime
-ASN1_TYPE		Any of the above mentioned types plus SEQUENCE and SET
-
-Most of the above mentioned types are actualled stored in the
-ASN1_BIT_STRING type and macros are used to differentiate between them.
-The 3 types used are
-
-typedef struct asn1_object_st
-	{
-	/* both null if a dynamic ASN1_OBJECT, one is
-	 * defined if a 'static' ASN1_OBJECT */
-	char *sn,*ln;
-	int nid;
-	int length;
-	unsigned char *data;
-	} ASN1_OBJECT;
-This is used to store ASN1 OBJECTS.  Read 'objects.doc' for details ono
-routines to manipulate this structure.  'sn' and 'ln' are used to hold text
-strings that represent the object (short name and long or lower case name).
-These are used by the 'OBJ' library.  'nid' is a number used by the OBJ
-library to uniquely identify objects.  The ASN1 routines will populate the
-'length' and 'data' fields which will contain the bit string representing
-the object.
-
-typedef struct asn1_bit_string_st
-	{
-	int length;
-	int type;
-	unsigned char *data;
-	} ASN1_BIT_STRING;
-This structure is used to hold all the other base ASN1 types except for
-ASN1_UTCTIME (which is really just a 'char *').  Length is the number of
-bytes held in data and type is the ASN1 type of the object (there is a list
-in asn1.h).
-
-typedef struct asn1_type_st
-	{
-	int type;
-	union	{
-		char *ptr;
-		ASN1_INTEGER *		integer;
-		ASN1_BIT_STRING *	bit_string;
-		ASN1_OCTET_STRING *	octet_string;
-		ASN1_OBJECT *		object;
-		ASN1_PRINTABLESTRING *	printablestring;
-		ASN1_T61STRING *	t61string;
-		ASN1_IA5STRING *	ia5string;
-		ASN1_UTCTIME *		utctime;
-		ASN1_BIT_STRING *	set;
-		ASN1_BIT_STRING *	sequence;
-		} value;
-	} ASN1_TYPE;
-This structure is used in a few places when 'any' type of object can be
-expected.
-
-X509			Certificate
-X509_CINF		CertificateInfo
-X509_ALGOR		AlgorithmIdentifier
-X509_NAME		Name			
-X509_NAME_ENTRY		A single sub component of the name.
-X509_VAL		Validity
-X509_PUBKEY		SubjectPublicKeyInfo
-The above mentioned types are declared in x509.h. They are all quite
-straight forward except for the X509_NAME/X509_NAME_ENTRY pair.
-A X509_NAME is a STACK (see stack.doc) of X509_NAME_ENTRY's.
-typedef struct X509_name_entry_st
-	{
-	ASN1_OBJECT *object;
-	ASN1_BIT_STRING *value;
-	int set;
-	int size; 	/* temp variable */
-	} X509_NAME_ENTRY;
-The size is a temporary variable used by i2d_NAME and set is the set number
-for the particular NAME_ENTRY.  A X509_NAME is encoded as a sequence of
-sequence of sets.  Normally each set contains only a single item.
-Sometimes it contains more.  Normally throughout this library there will be
-only one item per set.  The set field contains the 'set' that this entry is
-a member of.  So if you have just created a X509_NAME structure and
-populated it with X509_NAME_ENTRYs, you should then traverse the X509_NAME
-(which is just a STACK) and set the 'set/' field to incrementing numbers.
-For more details on why this is done, read the ASN.1 spec for Distinguished
-Names.
-
-X509_REQ		CertificateRequest
-X509_REQ_INFO		CertificateRequestInfo
-These are used to hold certificate requests.
-
-X509_CRL		CertificateRevocationList
-These are used to hold a certificate revocation list
-
-RSAPrivateKey		PrivateKeyInfo
-RSAPublicKey		PublicKeyInfo
-Both these 'function groups' operate on 'RSA' structures (see rsa.doc).
-The difference is that the RSAPublicKey operations only manipulate the m
-and e fields in the RSA structure.
-
-DSAPrivateKey		DSS private key
-DSAPublicKey		DSS public key
-Both these 'function groups' operate on 'DSS' structures (see dsa.doc).
-The difference is that the RSAPublicKey operations only manipulate the 
-XXX fields in the DSA structure.
-
-DHparams		DHParameter
-This is used to hold the p and g value for The Diffie-Hellman operation.
-The function deal with the 'DH' strucure (see dh.doc).
-
-Now all of these function types can be used with several other functions to give
-quite useful set of general manipulation routines.  Normally one would
-not uses these functions directly but use them via macros. 
-
-char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);
-'x' is the input structure case to a 'char *', 'i2d' is the 'i2d_TYPE'
-function for the type that 'x' is and d2i is the 'd2i_TYPE' function for the
-type that 'x' is.  As is obvious from the parameters, this function
-duplicates the strucutre by transforming it into the DER form and then
-re-loading it into a new strucutre and returning the new strucutre.  This
-is obviously a bit cpu intensive but when faced with a complex dynamic
-structure this is the simplest programming approach.  There are macros for
-duplicating the major data types but is simple to add extras.
-
-char *ASN1_d2i_fp(char *(*new)(),char *(*d2i)(),FILE *fp,unsigned char **x);
-'x' is a pointer to a pointer of the 'desired type'.  new and d2i are the
-corresponding 'TYPE_new' and 'd2i_TYPE' functions for the type and 'fp' is
-an open file pointer to read from.  This function reads from 'fp' as much
-data as it can and then uses 'd2i' to parse the bytes to load and return
-the parsed strucutre in 'x' (if it was non-NULL) and to actually return the
-strucutre.  The behavior of 'x' is as per all the other d2i functions.
-
-char *ASN1_d2i_bio(char *(*new)(),char *(*d2i)(),BIO *fp,unsigned char **x);
-The 'BIO' is the new IO type being used in SSLeay (see bio.doc).  This
-function is the same as ASN1_d2i_fp() except for the BIO argument.
-ASN1_d2i_fp() actually calls this function.
-
-int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
-'x' is converted to bytes by 'i2d' and then written to 'out'.  ASN1_i2d_fp
-and ASN1_d2i_fp are not really symetric since ASN1_i2d_fp will read all
-available data from the file pointer before parsing a single item while
-ASN1_i2d_fp can be used to write a sequence of data objects.  To read a
-series of objects from a file I would sugest loading the file into a buffer
-and calling the relevent 'd2i' functions.
-
-char *ASN1_d2i_bio(char *(*new)(),char *(*d2i)(),BIO *fp,unsigned char **x);
-This function is the same as ASN1_i2d_fp() except for the BIO argument.
-ASN1_i2d_fp() actually calls this function.
-
-char *	PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x,int (*cb)());
-This function will read the next PEM encoded (base64) object of the same
-type as 'x' (loaded by the d2i function).  'name' is the name that is in
-the '-----BEGIN name-----' that designates the start of that object type.
-If the data is encrypted, 'cb' will be called to prompt for a password.  If
-it is NULL a default function will be used to prompt from the password.
-'x' is delt with as per the standard 'd2i' function interface.  This
-function can be used to read a series of objects from a file.  While any
-data type can be encrypted (see PEM_ASN1_write) only RSA private keys tend
-to be encrypted.
-
-char *	PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *fp,
-	char **x,int (*cb)());
-Same as PEM_ASN1_read() except using a BIO.  This is called by
-PEM_ASN1_read().
-
-int	PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x,EVP_CIPHER *enc,
-		unsigned char *kstr,int klen,int (*callback)());
-
-int	PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *fp,
-		char *x,EVP_CIPHER *enc,unsigned char *kstr,int klen,
-		int (*callback)());
-
-int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
-	ASN1_BIT_STRING *signature, char *data, RSA *rsa, EVP_MD *type);
-int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1,
-	ASN1_BIT_STRING *signature,char *data, RSA *rsa);
-
-int ASN1_BIT_STRING_cmp(ASN1_BIT_STRING *a, ASN1_BIT_STRING *b);
-ASN1_BIT_STRING *ASN1_BIT_STRING_type_new(int type );
-
-int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
-void ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
-ASN1_UTCTIME *ASN1_UTCTIME_dup(ASN1_UTCTIME *a);
-
-ASN1_BIT_STRING *d2i_asn1_print_type(ASN1_BIT_STRING **a,unsigned char **pp,
-		long length,int type);
-
-int		i2d_ASN1_SET(STACK *a, unsigned char **pp,
-			int (*func)(), int ex_tag, int ex_class);
-STACK *		d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
-			char *(*func)(), int ex_tag, int ex_class);
-
-int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *object);
-int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
-int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
-
-int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
-long ASN1_INTEGER_get(ASN1_INTEGER *a);
-ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
-BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
-
-/* given a string, return the correct type.  Max is the maximum number
- * of bytes to parse.  It stops parsing when 'max' bytes have been
- * processed or a '\0' is hit */
-int ASN1_PRINTABLE_type(unsigned char *s,int max);
-
-void ASN1_parse(BIO *fp,unsigned char *pp,long len);
-
-int i2d_ASN1_bytes(ASN1_BIT_STRING *a, unsigned char **pp, int tag, int class);
-ASN1_BIT_STRING *d2i_ASN1_bytes(ASN1_OCTET_STRING **a, unsigned char **pp,
-	long length, int Ptag, int Pclass);
-
-/* PARSING */
-int asn1_Finish(ASN1_CTX *c);
-
-/* SPECIALS */
-int ASN1_get_object(unsigned char **pp, long *plength, int *ptag,
-	int *pclass, long omax);
-int ASN1_check_infinite_end(unsigned char **p,long len);
-void ASN1_put_object(unsigned char **pp, int constructed, int length,
-	int tag, int class);
-int ASN1_object_size(int constructed, int length, int tag);
-
-X509 *	X509_get_cert(CERTIFICATE_CTX *ctx,X509_NAME * name,X509 *tmp_x509);
-int  	X509_add_cert(CERTIFICATE_CTX *ctx,X509 *);
-
-char *	X509_cert_verify_error_string(int n);
-int 	X509_add_cert_file(CERTIFICATE_CTX *c,char *file, int type);
-char *	X509_gmtime (char *s, long adj);
-int	X509_add_cert_dir (CERTIFICATE_CTX *c,char *dir, int type);
-int	X509_load_verify_locations (CERTIFICATE_CTX *ctx,
-		char *file_env, char *dir_env);
-int	X509_set_default_verify_paths(CERTIFICATE_CTX *cts);
-X509 *	X509_new_D2i_X509(int len, unsigned char *p);
-char *	X509_get_default_cert_area(void );
-char *	X509_get_default_cert_dir(void );
-char *	X509_get_default_cert_file(void );
-char *	X509_get_default_cert_dir_env(void );
-char *	X509_get_default_cert_file_env(void );
-char *	X509_get_default_private_dir(void );
-X509_REQ *X509_X509_TO_req(X509 *x, RSA *rsa);
-int	X509_cert_verify(CERTIFICATE_CTX *ctx,X509 *xs, int (*cb)()); 
-
-CERTIFICATE_CTX *CERTIFICATE_CTX_new();
-void CERTIFICATE_CTX_free(CERTIFICATE_CTX *c);
-
-void X509_NAME_print(BIO *fp, X509_NAME *name, int obase);
-int		X509_print_fp(FILE *fp,X509 *x);
-int		X509_print(BIO *fp,X509 *x);
-
-X509_INFO *	X509_INFO_new(void);
-void		X509_INFO_free(X509_INFO *a);
-
-char *		X509_NAME_oneline(X509_NAME *a);
-
-#define X509_verify(x,rsa)
-#define X509_REQ_verify(x,rsa)
-#define X509_CRL_verify(x,rsa)
-
-#define X509_sign(x,rsa,md)
-#define X509_REQ_sign(x,rsa,md)
-#define X509_CRL_sign(x,rsa,md)
-
-#define X509_dup(x509)
-#define d2i_X509_fp(fp,x509)
-#define i2d_X509_fp(fp,x509)
-#define d2i_X509_bio(bp,x509)
-#define i2d_X509_bio(bp,x509)
-
-#define X509_CRL_dup(crl)
-#define d2i_X509_CRL_fp(fp,crl)
-#define i2d_X509_CRL_fp(fp,crl)
-#define d2i_X509_CRL_bio(bp,crl)
-#define i2d_X509_CRL_bio(bp,crl)
-
-#define X509_REQ_dup(req)
-#define d2i_X509_REQ_fp(fp,req)
-#define i2d_X509_REQ_fp(fp,req)
-#define d2i_X509_REQ_bio(bp,req)
-#define i2d_X509_REQ_bio(bp,req)
-
-#define RSAPrivateKey_dup(rsa)
-#define d2i_RSAPrivateKey_fp(fp,rsa)
-#define i2d_RSAPrivateKey_fp(fp,rsa)
-#define d2i_RSAPrivateKey_bio(bp,rsa)
-#define i2d_RSAPrivateKey_bio(bp,rsa)
-
-#define X509_NAME_dup(xn)
-#define X509_NAME_ENTRY_dup(ne)
-
-void X509_REQ_print_fp(FILE *fp,X509_REQ *req);
-void X509_REQ_print(BIO *fp,X509_REQ *req);
-
-RSA *X509_REQ_extract_key(X509_REQ *req);
-RSA *X509_extract_key(X509 *x509);
-
-int		X509_issuer_and_serial_cmp(X509 *a, X509 *b);
-unsigned long	X509_issuer_and_serial_hash(X509 *a);
-
-X509_NAME *	X509_get_issuer_name(X509 *a);
-int		X509_issuer_name_cmp(X509 *a, X509 *b);
-unsigned long	X509_issuer_name_hash(X509 *a);
-
-X509_NAME *	X509_get_subject_name(X509 *a);
-int		X509_subject_name_cmp(X509 *a,X509 *b);
-unsigned long	X509_subject_name_hash(X509 *x);
-
-int		X509_NAME_cmp (X509_NAME *a, X509_NAME *b);
-unsigned long	X509_NAME_hash(X509_NAME *x);
-
diff --git a/doc/bio.doc b/doc/bio.doc
deleted file mode 100644
index 545a57cdff..0000000000
--- a/doc/bio.doc
+++ /dev/null
@@ -1,423 +0,0 @@
-BIO Routines
-
-This documentation is rather sparse, you are probably best 
-off looking at the code for specific details.
-
-The BIO library is a IO abstraction that was originally 
-inspired by the need to have callbacks to perform IO to FILE 
-pointers when using Windows 3.1 DLLs.  There are two types 
-of BIO; a source/sink type and a filter type.
-The source/sink methods are as follows:
--	BIO_s_mem()  memory buffer - a read/write byte array that
-	grows until memory runs out :-).
--	BIO_s_file()  FILE pointer - A wrapper around the normal 
-	'FILE *' commands, good for use with stdin/stdout.
--	BIO_s_fd()  File descriptor - A wrapper around file 
-	descriptors, often used with pipes.
--	BIO_s_socket()  Socket - Used around sockets.  It is 
-	mostly in the Microsoft world that sockets are different 
-	from file descriptors and there are all those ugly winsock 
-	commands.
--	BIO_s_null()  Null - read nothing and write nothing.; a 
-	useful endpoint for filter type BIO's specifically things 
-	like the message digest BIO.
-
-The filter types are
--	BIO_f_buffer()  IO buffering - does output buffering into 
-	larger chunks and performs input buffering to allow gets() 
-	type functions.
--	BIO_f_md()  Message digest - a transparent filter that can 
-	be asked to return a message digest for the data that has 
-	passed through it.
--	BIO_f_cipher()  Encrypt or decrypt all data passing 
-	through the filter.
--	BIO_f_base64()  Base64 decode on read and encode on write.
--	BIO_f_ssl()  A filter that performs SSL encryption on the 
-	data sent through it.
-
-Base BIO functions.
-The BIO library has a set of base functions that are 
-implemented for each particular type.  Filter BIOs will 
-normally call the equivalent function on the source/sink BIO 
-that they are layered on top of after they have performed 
-some modification to the data stream.  Multiple filter BIOs 
-can be 'push' into a stack of modifers, so to read from a 
-file, unbase64 it, then decrypt it, a BIO_f_cipher, 
-BIO_f_base64 and a BIO_s_file would probably be used.  If a 
-sha-1 and md5 message digest needed to be generated, a stack 
-two BIO_f_md() BIOs and a BIO_s_null() BIO could be used.
-The base functions are
--	BIO *BIO_new(BIO_METHOD *type); Create  a new BIO of  type 'type'.
--	int BIO_free(BIO *a); Free a BIO structure.  Depending on 
-	the configuration, this will free the underlying data 
-	object for a source/sink BIO.
--	int BIO_read(BIO *b, char *data, int len); Read upto 'len' 
-	bytes into 'data'. 
--	int BIO_gets(BIO *bp,char *buf, int size); Depending on 
-	the BIO, this can either be a 'get special' or a get one 
-	line of data, as per fgets();
--	int BIO_write(BIO *b, char *data, int len); Write 'len' 
-	bytes from 'data' to the 'b' BIO.
--	int BIO_puts(BIO *bp,char *buf); Either a 'put special' or 
-	a write null terminated string as per fputs().
--	long BIO_ctrl(BIO *bp,int cmd,long larg,char *parg);  A 
-	control function which is used to manipulate the BIO 
-	structure and modify it's state and or report on it.  This 
-	function is just about never used directly, rather it 
-	should be used in conjunction with BIO_METHOD specific 
-	macros.
--	BIO *BIO_push(BIO *new_top, BIO *old); new_top is apped to the
-	top of the 'old' BIO list.  new_top should be a filter BIO.
-	All writes will go through 'new_top' first and last on read.
-	'old' is returned.
--	BIO *BIO_pop(BIO *bio); the new topmost BIO is returned, NULL if
-	there are no more.
-
-If a particular low level BIO method is not supported 
-(normally BIO_gets()), -2 will be returned if that method is 
-called.  Otherwise the IO methods (read, write, gets, puts) 
-will return the number of bytes read or written, and 0 or -1 
-for error (or end of input).  For the -1 case, 
-BIO_should_retry(bio) can be called to determine if it was a 
-genuine error or a temporary problem.  -2 will also be 
-returned if the BIO has not been initalised yet, in all 
-cases, the correct error codes are set (accessible via the 
-ERR library).
-
-
-The following functions are convenience functions:
--	int BIO_printf(BIO *bio, char * format, ..);  printf but 
-	to a BIO handle.
--	long BIO_ctrl_int(BIO *bp,int cmd,long larg,int iarg); a 
-	convenience function to allow a different argument types 
-	to be passed to BIO_ctrl().
--	int BIO_dump(BIO *b,char *bytes,int len); output 'len' 
-	bytes from 'bytes' in a hex dump debug format.
--	long BIO_debug_callback(BIO *bio, int cmd, char *argp, int 
-	argi, long argl, long ret) - a default debug BIO callback, 
-	this is mentioned below.  To use this one normally has to 
-	use the BIO_set_callback_arg() function to assign an 
-	output BIO for the callback to use.
--	BIO *BIO_find_type(BIO *bio,int type); when there is a 'stack'
-	of BIOs, this function scan the list and returns the first
-	that is of type 'type', as listed in buffer.h under BIO_TYPE_XXX.
--	void BIO_free_all(BIO *bio); Free the bio and all other BIOs
-	in the list.  It walks the bio->next_bio list.
-
-
-
-Extra commands are normally implemented as macros calling BIO_ctrl().
--	BIO_number_read(BIO *bio) - the number of bytes processed 
-	by BIO_read(bio,.).
--	BIO_number_written(BIO *bio) - the number of bytes written 
-	by BIO_write(bio,.).
--	BIO_reset(BIO *bio) - 'reset' the BIO.
--	BIO_eof(BIO *bio) - non zero if we are at the current end 
-	of input.
--	BIO_set_close(BIO *bio, int close_flag) - set the close flag.
--	BIO_get_close(BIO *bio) - return the close flag.
-	BIO_pending(BIO *bio) - return the number of bytes waiting 
-	to be read (normally buffered internally).
--	BIO_flush(BIO *bio) - output any data waiting to be output.
--	BIO_should_retry(BIO *io) - after a BIO_read/BIO_write 
-	operation returns 0 or -1, a call to this function will 
-	return non zero if you should retry the call later (this 
-	is for non-blocking IO).
--	BIO_should_read(BIO *io) - we should retry when data can 
-	be read.
--	BIO_should_write(BIO *io) - we should retry when data can 
-	be written.
--	BIO_method_name(BIO *io) - return a string for the method name.
--	BIO_method_type(BIO *io) - return the unique ID of the BIO method.
--	BIO_set_callback(BIO *io,  long (*callback)(BIO *io, int 
-	cmd, char *argp, int argi, long argl, long ret); - sets 
-	the debug callback.
--	BIO_get_callback(BIO *io) - return the assigned function 
-	as mentioned above.
--	BIO_set_callback_arg(BIO *io, char *arg)  - assign some 
-	data against the BIO.  This is normally used by the debug 
-	callback but could in reality be used for anything.  To 
-	get an idea of how all this works, have a look at the code 
-	in the default debug callback mentioned above.  The 
-	callback can modify the return values.
-
-Details of the BIO_METHOD structure.
-typedef struct bio_method_st
-        {
-	int type;
-	char *name;
-	int (*bwrite)();
-	int (*bread)();
-	int (*bputs)();
-	int (*bgets)();
-	long (*ctrl)();
-	int (*create)();
-	int (*destroy)();
-	} BIO_METHOD;
-
-The 'type' is the numeric type of the BIO, these are listed in buffer.h;
-'Name' is a textual representation of the BIO 'type'.
-The 7 function pointers point to the respective function 
-methods, some of which can be NULL if not implemented.
-The BIO structure
-typedef struct bio_st
-	{
-	BIO_METHOD *method;
-	long (*callback)(BIO * bio, int mode, char *argp, int 
-		argi, long argl, long ret);
-	char *cb_arg; /* first argument for the callback */
-	int init;
-	int shutdown;
-	int flags;      /* extra storage */
-	int num;
-	char *ptr;
-	struct bio_st *next_bio; /* used by filter BIOs */
-	int references;
-	unsigned long num_read;
-	unsigned long num_write;
-	} BIO;
-
--	'Method' is the BIO method.
--	'callback', when configured, is called before and after 
-	each BIO method is called for that particular BIO.  This 
-	is intended primarily for debugging and of informational feedback.
--	'init' is 0 when the BIO can be used for operation.  
-	Often, after a BIO is created, a number of operations may 
-	need to be performed before it is available for use.  An 
-	example is for BIO_s_sock().  A socket needs to be 
-	assigned to the BIO before it can be used.
--	'shutdown', this flag indicates if the underlying 
-	comunication primative being used should be closed/freed 
-	when the BIO is closed.
--	'flags' is used to hold extra state.  It is primarily used 
-	to hold information about why a non-blocking operation 
-	failed and to record startup protocol information for the 
-	SSL BIO.
--	'num' and 'ptr' are used to hold instance specific state 
-	like file descriptors or local data structures.
--	'next_bio' is used by filter BIOs to hold the pointer of the
-	next BIO in the chain. written data is sent to this BIO and
-	data read is taken from it.
--	'references' is used to indicate the number of pointers to 
-	this structure.  This needs to be '1' before a call to 
-	BIO_free() is made if the BIO_free() function is to 
-	actually free() the structure, otherwise the reference 
-	count is just decreased.  The actual BIO subsystem does 
-	not really use this functionality but it is useful when 
-	used in more advanced applicaion.
--	num_read and num_write are the total number of bytes 
-	read/written via the 'read()' and 'write()' methods.
-
-BIO_ctrl operations.
-The following is the list of standard commands passed as the 
-second parameter to BIO_ctrl() and should be supported by 
-all BIO as best as possible.  Some are optional, some are 
-manditory, in any case, where is makes sense, a filter BIO 
-should pass such requests to underlying BIO's.
--	BIO_CTRL_RESET	- Reset the BIO back to an initial state.
--	BIO_CTRL_EOF	- return 0 if we are not at the end of input, 
-	non 0 if we are.
--	BIO_CTRL_INFO	- BIO specific special command, normal
-	information return.
--	BIO_CTRL_SET	- set IO specific parameter.
--	BIO_CTRL_GET	- get IO specific parameter.
--	BIO_CTRL_GET_CLOSE - Get the close on BIO_free() flag, one 
-	of BIO_CLOSE or BIO_NOCLOSE.
--	BIO_CTRL_SET_CLOSE - Set the close on BIO_free() flag.
--	BIO_CTRL_PENDING - Return the number of bytes available 
-	for instant reading
--	BIO_CTRL_FLUSH	- Output pending data, return number of bytes output.
--	BIO_CTRL_SHOULD_RETRY - After an IO error (-1 returned) 
-	should we 'retry' when IO is possible on the underlying IO object.
--	BIO_CTRL_RETRY_TYPE - What kind of IO are we waiting on.
-
-The following command is a special BIO_s_file() specific option.
--	BIO_CTRL_SET_FILENAME - specify a file to open for IO.
-
-The BIO_CTRL_RETRY_TYPE needs a little more explanation.  
-When performing non-blocking IO, or say reading on a memory 
-BIO, when no data is present (or cannot be written), 
-BIO_read() and/or BIO_write() will return -1.  
-BIO_should_retry(bio) will return true if this is due to an 
-IO condition rather than an actual error.  In the case of 
-BIO_s_mem(), a read when there is no data will return -1 and 
-a should retry when there is more 'read' data.
-The retry type is deduced from 2 macros
-BIO_should_read(bio) and BIO_should_write(bio).
-Now while it may appear obvious that a BIO_read() failure 
-should indicate that a retry should be performed when more 
-read data is available, this is often not true when using 
-things like an SSL BIO.  During the SSL protocol startup 
-multiple reads and writes are performed, triggered by any 
-SSL_read or SSL_write.
-So to write code that will transparently handle either a 
-socket or SSL BIO,
-	i=BIO_read(bio,..)
-	if (I == -1)
-		{
-		if (BIO_should_retry(bio))
-			{
-			if (BIO_should_read(bio))
-				{
-				/* call us again when BIO can be read */
-				}
-			if (BIO_should_write(bio))
-				{
-				/* call us again when BIO can be written */
-				}
-			}
-		}
-
-At this point in time only read and write conditions can be 
-used but in the future I can see the situation for other 
-conditions, specifically with SSL there could be a condition 
-of a X509 certificate lookup taking place and so the non-
-blocking BIO_read would require a retry when the certificate 
-lookup subsystem has finished it's lookup.  This is all 
-makes more sense and is easy to use in a event loop type 
-setup.
-When using the SSL BIO, either SSL_read() or SSL_write()s 
-can be called during the protocol startup and things will 
-still work correctly.
-The nice aspect of the use of the BIO_should_retry() macro 
-is that all the errno codes that indicate a non-fatal error 
-are encapsulated in one place.  The Windows specific error 
-codes and WSAGetLastError() calls are also hidden from the 
-application.
-
-Notes on each BIO method.
-Normally buffer.h is just required but depending on the 
-BIO_METHOD, ssl.h or evp.h will also be required.
-
-BIO_METHOD *BIO_s_mem(void);
--	BIO_set_mem_buf(BIO *bio, BUF_MEM *bm, int close_flag) - 
-	set the underlying BUF_MEM structure for the BIO to use.
--	BIO_get_mem_ptr(BIO *bio, char **pp) - if pp is not NULL, 
-	set it to point to the memory array and return the number 
-	of bytes available.
-A read/write BIO.  Any data written is appended to the 
-memory array and any read is read from the front.  This BIO 
-can be used for read/write at the same time. BIO_gets() is 
-supported in the fgets() sense.
-BIO_CTRL_INFO can be used to retrieve pointers to the memory 
-buffer and it's length.
-
-BIO_METHOD *BIO_s_file(void);
--	BIO_set_fp(BIO *bio, FILE *fp, int close_flag) - set 'FILE *' to use.
--	BIO_get_fp(BIO *bio, FILE **fp) - get the 'FILE *' in use.
--	BIO_read_filename(BIO *bio, char *name) - read from file.
--	BIO_write_filename(BIO *bio, char *name) - write to file.
--	BIO_append_filename(BIO *bio, char *name) - append to file.
-This BIO sits over the normal system fread()/fgets() type 
-functions. Gets() is supported.  This BIO in theory could be 
-used for read and write but it is best to think of each BIO 
-of this type as either a read or a write BIO, not both.
-
-BIO_METHOD *BIO_s_socket(void);
-BIO_METHOD *BIO_s_fd(void);
--	BIO_sock_should_retry(int i) - the underlying function 
-	used to determine if a call should be retried; the 
-	argument is the '0' or '-1' returned by the previous BIO 
-	operation.
--	BIO_fd_should_retry(int i) - same as the 
--	BIO_sock_should_retry() except that it is different internally.
--	BIO_set_fd(BIO *bio, int fd, int close_flag) - set the 
-	file descriptor to use
--	BIO_get_fd(BIO *bio, int *fd) - get the file descriptor.
-These two methods are very similar.  Gets() is not 
-supported, if you want this functionality, put a 
-BIO_f_buffer() onto it.  This BIO is bi-directional if the 
-underlying file descriptor is.  This is normally the case 
-for sockets but not the case for stdio descriptors.
-
-BIO_METHOD *BIO_s_null(void);
-Read and write as much data as you like, it all disappears 
-into this BIO.
-
-BIO_METHOD *BIO_f_buffer(void);
--	BIO_get_buffer_num_lines(BIO *bio) - return the number of 
-	complete lines in the buffer.
--	BIO_set_buffer_size(BIO *bio, long size) - set the size of 
-	the buffers.
-This type performs input and output buffering.  It performs 
-both at the same time.  The size of the buffer can be set 
-via the set buffer size option.  Data buffered for output is 
-only written when the buffer fills.
-
-BIO_METHOD *BIO_f_ssl(void);
--	BIO_set_ssl(BIO *bio, SSL *ssl, int close_flag) - the SSL 
-	structure to use.
--	BIO_get_ssl(BIO *bio, SSL **ssl) - get the SSL structure 
-	in use.
-The SSL bio is a little different from normal BIOs because 
-the underlying SSL structure is a little different.  A SSL 
-structure performs IO via a read and write BIO.  These can 
-be different and are normally set via the
-SSL_set_rbio()/SSL_set_wbio() calls.  The SSL_set_fd() calls 
-are just wrappers that create socket BIOs and then call 
-SSL_set_bio() where the read and write BIOs are the same.  
-The BIO_push() operation makes the SSLs IO BIOs the same, so 
-make sure the BIO pushed is capable of two directional 
-traffic.  If it is not, you will have to install the BIOs 
-via the more conventional SSL_set_bio() call.  BIO_pop() will retrieve
-the 'SSL read' BIO.
-
-BIO_METHOD *BIO_f_md(void);
--	BIO_set_md(BIO *bio, EVP_MD *md) - set the message digest 
-	to use.
--	BIO_get_md(BIO *bio, EVP_MD **mdp) - return the digest 
-	method in use in mdp, return 0 if not set yet.
--	BIO_reset() reinitializes the digest (EVP_DigestInit()) 
-	and passes the reset to the underlying BIOs.
-All data read or written via BIO_read() or BIO_write() to 
-this BIO will be added to the calculated digest.  This 
-implies that this BIO is only one directional.  If read and 
-write operations are performed, two separate BIO_f_md() BIOs 
-are reuqired to generate digests on both the input and the 
-output.  BIO_gets(BIO *bio, char *md, int size) will place the 
-generated digest into 'md' and return the number of bytes.  
-The EVP_MAX_MD_SIZE should probably be used to size the 'md' 
-array.  Reading the digest will also reset it.
-
-BIO_METHOD *BIO_f_cipher(void);
--	BIO_reset() reinitializes the cipher.
--	BIO_flush() should be called when the last bytes have been 
-	output to flush the final block of block ciphers.
--	BIO_get_cipher_status(BIO *b), when called after the last 
-	read from a cipher BIO, returns non-zero if the data 
-	decrypted correctly, otherwise, 0.
--	BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *key, 
-	unsigned char *iv, int encrypt)   This function is used to 
-	setup a cipher BIO.  The length of key and iv are 
-	specified by the choice of EVP_CIPHER.  Encrypt is 1 to 
-	encrypt and 0 to decrypt.
-
-BIO_METHOD *BIO_f_base64(void);
--	BIO_flush() should be called when the last bytes have been output.
-This BIO base64 encodes when writing and base64 decodes when 
-reading.  It will scan the input until a suitable begin line 
-is found.  After reading data, BIO_reset() will reset the 
-BIO to start scanning again.  Do not mix reading and writing 
-on the same base64 BIO.  It is meant as a single stream BIO.
-
-Directions	type
-both		BIO_s_mem()
-one/both	BIO_s_file()
-both		BIO_s_fd()
-both		BIO_s_socket() 
-both		BIO_s_null()
-both		BIO_f_buffer()
-one		BIO_f_md()  
-one		BIO_f_cipher()  
-one		BIO_f_base64()  
-both		BIO_f_ssl()
-
-It is easy to mix one and two directional BIOs, all one has 
-to do is to keep two separate BIO pointers for reading and 
-writing and be careful about usage of underlying BIOs.  The 
-SSL bio by it's very nature has to be two directional but 
-the BIO_push() command will push the one BIO into the SSL 
-BIO for both reading and writing.
-
-The best example program to look at is apps/enc.c and/or perhaps apps/dgst.c.
-
diff --git a/doc/blowfish.doc b/doc/blowfish.doc
deleted file mode 100644
index 8a7f425b32..0000000000
--- a/doc/blowfish.doc
+++ /dev/null
@@ -1,146 +0,0 @@
-The Blowfish library.
-
-Blowfish is a block cipher that operates on 64bit (8 byte) quantities.  It
-uses variable size key, but 128bit (16 byte) key would normally be considered
-good.  It can be used in all the modes that DES can be used.  This
-library implements the ecb, cbc, cfb64, ofb64 modes.
-
-Blowfish is quite a bit faster that DES, and much faster than IDEA or
-RC2.  It is one of the faster block ciphers.
-
-For all calls that have an 'input' and 'output' variables, they can be the
-same.
-
-This library requires the inclusion of 'blowfish.h'.
-
-All of the encryption functions take what is called an BF_KEY as an 
-argument.  An BF_KEY is an expanded form of the Blowfish key.
-For all modes of the Blowfish algorithm, the BF_KEY used for
-decryption is the same one that was used for encryption.
-
-The define BF_ENCRYPT is passed to specify encryption for the functions
-that require an encryption/decryption flag. BF_DECRYPT is passed to
-specify decryption.
-
-Please note that any of the encryption modes specified in my DES library
-could be used with Blowfish.  I have only implemented ecb, cbc, cfb64 and
-ofb64 for the following reasons.
-- ecb is the basic Blowfish encryption.
-- cbc is the normal 'chaining' form for block ciphers.
-- cfb64 can be used to encrypt single characters, therefore input and output
-  do not need to be a multiple of 8.
-- ofb64 is similar to cfb64 but is more like a stream cipher, not as
-  secure (not cipher feedback) but it does not have an encrypt/decrypt mode.
-- If you want triple Blowfish, thats 384 bits of key and you must be totally
-  obsessed with security.  Still, if you want it, it is simple enough to
-  copy the function from the DES library and change the des_encrypt to
-  BF_encrypt; an exercise left for the paranoid reader :-).
-
-The functions are as follows:
-
-void BF_set_key(
-BF_KEY *ks;
-int len;
-unsigned char *key;
-        BF_set_key converts an 'len' byte key into a BF_KEY.
-        A 'ks' is an expanded form of the 'key' which is used to
-        perform actual encryption.  It can be regenerated from the Blowfish key
-        so it only needs to be kept when encryption or decryption is about
-        to occur.  Don't save or pass around BF_KEY's since they
-        are CPU architecture dependent, 'key's are not.  Blowfish is an
-	interesting cipher in that it can be used with a variable length
-	key.  'len' is the length of 'key' to be used as the key.
-	A 'len' of 16 is recomended by me, but blowfish can use upto
-	72 bytes.  As a warning, blowfish has a very very slow set_key
-	function, it actually runs BF_encrypt 521 times.
-	
-void BF_encrypt(unsigned long *data, BF_KEY *key);
-void BF_decrypt(unsigned long *data, BF_KEY *key);
-	These are the Blowfish encryption function that gets called by just
-	about every other Blowfish routine in the library.  You should not
-	use this function except to implement 'modes' of Blowfish.
-	I say this because the
-	functions that call this routine do the conversion from 'char *' to
-	long, and this needs to be done to make sure 'non-aligned' memory
-	access do not occur.
-	Data is a pointer to 2 unsigned long's and key is the
-	BF_KEY to use. 
-
-void BF_ecb_encrypt(
-unsigned char *in,
-unsigned char *out,
-BF_KEY *key,
-int encrypt);
-	This is the basic Electronic Code Book form of Blowfish (in DES this
-	mode is called Electronic Code Book so I'm going to use the term
-	for blowfish as well.
-	Input is encrypted into output using the key represented by
-	key.  Depending on the encrypt, encryption or
-	decryption occurs.  Input is 8 bytes long and output is 8 bytes.
-	
-void BF_cbc_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-BF_KEY *ks,
-unsigned char *ivec,
-int encrypt);
-	This routine implements Blowfish in Cipher Block Chaining mode.
-	Input, which should be a multiple of 8 bytes is encrypted
-	(or decrypted) to output which will also be a multiple of 8 bytes.
-	The number of bytes is in length (and from what I've said above,
-	should be a multiple of 8).  If length is not a multiple of 8, bad 
-	things will probably happen.  ivec is the initialisation vector.
-	This function updates iv after each call so that it can be passed to
-	the next call to BF_cbc_encrypt().
-	
-void BF_cfb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-BF_KEY *schedule,
-unsigned char *ivec,
-int *num,
-int encrypt);
-	This is one of the more useful functions in this Blowfish library, it
-	implements CFB mode of Blowfish with 64bit feedback.
-	This allows you to encrypt an arbitrary number of bytes,
-	you do not require 8 byte padding.  Each call to this
-	routine will encrypt the input bytes to output and then update ivec
-	and num.  Num contains 'how far' we are though ivec.
-	'Encrypt' is used to indicate encryption or decryption.
-	CFB64 mode operates by using the cipher to generate a stream
-	of bytes which is used to encrypt the plain text.
-	The cipher text is then encrypted to generate the next 64 bits to
-	be xored (incrementally) with the next 64 bits of plain
-	text.  As can be seen from this, to encrypt or decrypt,
-	the same 'cipher stream' needs to be generated but the way the next
-	block of data is gathered for encryption is different for
-	encryption and decryption.
-	
-void BF_ofb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-BF_KEY *schedule,
-unsigned char *ivec,
-int *num);
-	This functions implements OFB mode of Blowfish with 64bit feedback.
-	This allows you to encrypt an arbitrary number of bytes,
-	you do not require 8 byte padding.  Each call to this
-	routine will encrypt the input bytes to output and then update ivec
-	and num.  Num contains 'how far' we are though ivec.
-	This is in effect a stream cipher, there is no encryption or
-	decryption mode.
-	
-For reading passwords, I suggest using des_read_pw_string() from my DES library.
-To generate a password from a text string, I suggest using MD5 (or MD2) to
-produce a 16 byte message digest that can then be passed directly to
-BF_set_key().
-
-=====
-For more information about the specific Blowfish modes in this library
-(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the
-documentation on my DES library.  What is said about DES is directly
-applicable for Blowfish.
-
diff --git a/doc/bn.doc b/doc/bn.doc
deleted file mode 100644
index 47be23b6ea..0000000000
--- a/doc/bn.doc
+++ /dev/null
@@ -1,381 +0,0 @@
-The Big Number library.
-
-#include "bn.h" when using this library.
-
-This big number library was written for use in implementing the RSA and DH
-public key encryption algorithms.  As such, features such as negative
-numbers have not been extensively tested but they should work as expected.
-This library uses dynamic memory allocation for storing its data structures
-and so there are no limit on the size of the numbers manipulated by these
-routines but there is always the requirement to check return codes from
-functions just in case a memory allocation error has occurred.
-
-The basic object in this library is a BIGNUM.  It is used to hold a single
-large integer.  This type should be considered opaque and fields should not
-be modified or accessed directly.
-typedef struct bignum_st
-	{
-	int top;	/* Index of last used d. */
-	BN_ULONG *d;	/* Pointer to an array of 'BITS2' bit chunks. */
-	int max;	/* Size of the d array. */
-	int neg;
-	} BIGNUM;
-The big number is stored in a malloced array of BN_ULONG's.  A BN_ULONG can
-be either 16, 32 or 64 bits in size, depending on the 'number of  bits'
-specified in bn.h. 
-The 'd' field is this array.  'max' is the size of the 'd' array that has
-been allocated.  'top' is the 'last' entry being used, so for a value of 4,
-bn.d[0]=4 and bn.top=1.  'neg' is 1 if the number is negative.
-When a BIGNUM is '0', the 'd' field can be NULL and top == 0.
-
-Various routines in this library require the use of 'temporary' BIGNUM
-variables during their execution.  Due to the use of dynamic memory
-allocation to create BIGNUMs being rather expensive when used in
-conjunction with repeated subroutine calls, the BN_CTX structure is
-used.  This structure contains BN_CTX BIGNUMs.  BN_CTX
-is the maximum number of temporary BIGNUMs any publicly exported 
-function will use.
-
-#define BN_CTX	12
-typedef struct bignum_ctx
-	{
-	int tos;			/* top of stack */
-	BIGNUM *bn[BN_CTX];	/* The variables */
-	} BN_CTX;
-
-The functions that follow have been grouped according to function.  Most
-arithmetic functions return a result in the first argument, sometimes this
-first argument can also be an input parameter, sometimes it cannot.  These
-restrictions are documented.
-
-extern BIGNUM *BN_value_one;
-There is one variable defined by this library, a BIGNUM which contains the
-number 1.  This variable is useful for use in comparisons and assignment.
-
-Get Size functions.
-
-int BN_num_bits(BIGNUM *a);
-	This function returns the size of 'a' in bits.
-	
-int BN_num_bytes(BIGNUM *a);
-	This function (macro) returns the size of 'a' in bytes.
-	For conversion of BIGNUMs to byte streams, this is the number of
-	bytes the output string will occupy.  If the output byte
-	format specifies that the 'top' bit indicates if the number is
-	signed, so an extra '0' byte is required if the top bit on a
-	positive number is being written, it is upto the application to
-	make this adjustment.  Like I said at the start, I don't
-	really support negative numbers :-).
-
-Creation/Destruction routines.
-
-BIGNUM *BN_new();
-	Return a new BIGNUM object.  The number initially has a value of 0.  If
-	there is an error, NULL is returned.
-	
-void	BN_free(BIGNUM *a);
-	Free()s a BIGNUM.
-	
-void	BN_clear(BIGNUM *a);
-	Sets 'a' to a value of 0 and also zeros all unused allocated
-	memory.  This function is used to clear a variable of 'sensitive'
-	data that was held in it.
-	
-void	BN_clear_free(BIGNUM *a);
-	This function zeros the memory used by 'a' and then free()'s it.
-	This function should be used to BN_free() BIGNUMS that have held
-	sensitive numeric values like RSA private key values.  Both this
-	function and BN_clear tend to only be used by RSA and DH routines.
-
-BN_CTX *BN_CTX_new(void);
-	Returns a new BN_CTX.  NULL on error.
-	
-void	BN_CTX_free(BN_CTX *c);
-	Free a BN_CTX structure.  The BIGNUMs in 'c' are BN_clear_free()ed.
-	
-BIGNUM *bn_expand(BIGNUM *b, int bits);
-	This is an internal function that should not normally be used.  It
-	ensures that 'b' has enough room for a 'bits' bit number.  It is
-	mostly used by the various BIGNUM routines.  If there is an error,
-	NULL is returned. if not, 'b' is returned.
-	
-BIGNUM *BN_copy(BIGNUM *to, BIGNUM *from);
-	The 'from' is copied into 'to'.  NULL is returned if there is an
-	error, otherwise 'to' is returned.
-
-BIGNUM *BN_dup(BIGNUM *a);
-	A new BIGNUM is created and returned containing the value of 'a'.
-	NULL is returned on error.
-
-Comparison and Test Functions.
-
-int BN_is_zero(BIGNUM *a)
-	Return 1 if 'a' is zero, else 0.
-
-int BN_is_one(a)
-	Return 1 is 'a' is one, else 0.
-
-int BN_is_word(a,w)
-	Return 1 if 'a' == w, else 0.  'w' is a BN_ULONG.
-
-int BN_cmp(BIGNUM *a, BIGNUM *b);
-	Return -1 if 'a' is less than 'b', 0 if 'a' and 'b' are the same
-	and 1 is 'a' is greater than 'b'.  This is a signed comparison.
-	
-int BN_ucmp(BIGNUM *a, BIGNUM *b);
-	This function is the same as BN_cmp except that the comparison
-	ignores the sign of the numbers.
-	
-Arithmetic Functions
-For all of these functions, 0 is returned if there is an error and 1 is
-returned for success.  The return value should always be checked.  eg.
-if (!BN_add(r,a,b)) goto err;
-Unless explicitly mentioned, the 'return' value can be one of the
-'parameters' to the function.
-
-int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b);
-	Add 'a' and 'b' and return the result in 'r'.  This is r=a+b.
-	
-int BN_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b);
-	Subtract 'a' from 'b' and put the result in 'r'. This is r=a-b.
-	
-int BN_lshift(BIGNUM *r, BIGNUM *a, int n);
-	Shift 'a' left by 'n' bits.  This is r=a*(2^n).
-	
-int BN_lshift1(BIGNUM *r, BIGNUM *a);
-	Shift 'a' left by 1 bit.  This form is more efficient than
-	BN_lshift(r,a,1).  This is r=a*2.
-	
-int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
-	Shift 'a' right by 'n' bits.  This is r=int(a/(2^n)).
-	
-int BN_rshift1(BIGNUM *r, BIGNUM *a);
-	Shift 'a' right by 1 bit.  This form is more efficient than
-	BN_rshift(r,a,1).  This is r=int(a/2).
-	
-int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b);
-	Multiply a by b and return the result in 'r'. 'r' must not be
-	either 'a' or 'b'.  It has to be a different BIGNUM.
-	This is r=a*b.
-
-int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
-	Multiply a by a and return the result in 'r'. 'r' must not be
-	'a'.  This function is alot faster than BN_mul(r,a,a).  This is r=a*a.
-
-int BN_div(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
-	Divide 'm' by 'd' and return the result in 'dv' and the remainder
-	in 'rem'.  Either of 'dv' or 'rem' can be NULL in which case that
-	value is not returned.  'ctx' needs to be passed as a source of
-	temporary BIGNUM variables.
-	This is dv=int(m/d), rem=m%d.
-	
-int BN_mod(BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
-	Find the remainder of 'm' divided by 'd' and return it in 'rem'.
-	'ctx' holds the temporary BIGNUMs required by this function.
-	This function is more efficient than BN_div(NULL,rem,m,d,ctx);
-	This is rem=m%d.
-
-int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *m,BN_CTX *ctx);
-	Multiply 'a' by 'b' and return the remainder when divided by 'm'.
-	'ctx' holds the temporary BIGNUMs required by this function.
-	This is r=(a*b)%m.
-
-int BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
-	Raise 'a' to the 'p' power and return the remainder when divided by
-	'm'.  'ctx' holds the temporary BIGNUMs required by this function.
-	This is r=(a^p)%m.
-
-int BN_reciprocal(BIGNUM *r, BIGNUM *m, BN_CTX *ctx);
-	Return the reciprocal of 'm'.  'ctx' holds the temporary variables
-	required.  This function returns -1 on error, otherwise it returns
-	the number of bits 'r' is shifted left to make 'r' into an integer.
-	This number of bits shifted is required in BN_mod_mul_reciprocal().
-	This is r=(1/m)<<(BN_num_bits(m)+1).
-	
-int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BIGNUM *m, 
-	BIGNUM *i, int nb, BN_CTX *ctx);
-	This function is used to perform an efficient BN_mod_mul()
-	operation.  If one is going to repeatedly perform BN_mod_mul() with
-	the same modulus is worth calculating the reciprocal of the modulus
-	and then using this function.  This operation uses the fact that
-	a/b == a*r where r is the reciprocal of b.  On modern computers
-	multiplication is very fast and big number division is very slow.
-	'x' is multiplied by 'y' and then divided by 'm' and the remainder
-	is returned.  'i' is the reciprocal of 'm' and 'nb' is the number
-	of bits as returned from BN_reciprocal().  Normal usage is as follows.
-	bn=BN_reciprocal(i,m);
-	for (...)
-		{ BN_mod_mul_reciprocal(r,x,y,m,i,bn,ctx); }
-	This is r=(x*y)%m.  Internally it is approximately
-	r=(x*y)-m*(x*y/m) or r=(x*y)-m*((x*y*i) >> bn)
-	This function is used in BN_mod_exp() and BN_is_prime().
-
-Assignment Operations
-
-int BN_one(BIGNUM *a)
-	Set 'a' to hold the value one.
-	This is a=1.
-	
-int BN_zero(BIGNUM *a)
-	Set 'a' to hold the value zero.
-	This is a=0.
-	
-int BN_set_word(BIGNUM *a, unsigned long w);
-	Set 'a' to hold the value of 'w'.  'w' is an unsigned long.
-	This is a=w.
-
-unsigned long BN_get_word(BIGNUM *a);
-	Returns 'a' in an unsigned long.  Not remarkably, often 'a' will
-	be biger than a word, in which case 0xffffffffL is returned.
-
-Word Operations
-These functions are much more efficient that the normal bignum arithmetic
-operations.
-
-BN_ULONG BN_mod_word(BIGNUM *a, unsigned long w);
-	Return the remainder of 'a' divided by 'w'.
-	This is return(a%w).
-	
-int BN_add_word(BIGNUM *a, unsigned long w);
-	Add 'w' to 'a'.  This function does not take the sign of 'a' into
-	account.  This is a+=w;
-	
-Bit operations.
-
-int BN_is_bit_set(BIGNUM *a, int n);
-	This function return 1 if bit 'n' is set in 'a' else 0.
-
-int BN_set_bit(BIGNUM *a, int n);
-	This function sets bit 'n' to 1 in 'a'. 
-	This is a&= ~(1<<n);
-
-int BN_clear_bit(BIGNUM *a, int n);
-	This function sets bit 'n' to zero in 'a'.  Return 0 if less
-	than 'n' bits in 'a' else 1.  This is a&= ~(1<<n);
-
-int BN_mask_bits(BIGNUM *a, int n);
-	Truncate 'a' to n bits long.  This is a&= ~((~0)<<n)
-
-Format conversion routines.
-
-BIGNUM *BN_bin2bn(unsigned char *s, int len,BIGNUM *ret);
-	This function converts 'len' bytes in 's' into a BIGNUM which
-	is put in 'ret'.  If ret is NULL, a new BIGNUM is created.
-	Either this new BIGNUM or ret is returned.  The number is
-	assumed to be in bigendian form in 's'.  By this I mean that
-	to 'ret' is created as follows for 'len' == 5.
-	ret = s[0]*2^32 + s[1]*2^24 + s[2]*2^16 + s[3]*2^8 + s[4];
-	This function cannot be used to convert negative numbers.  It
-	is always assumed the number is positive.  The application
-	needs to diddle the 'neg' field of th BIGNUM its self.
-	The better solution would be to save the numbers in ASN.1 format
-	since this is a defined standard for storing big numbers.
-	Look at the functions
-
-	ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
-	BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
-	int i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
-	ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
-		long length;
-
-int BN_bn2bin(BIGNUM *a, unsigned char *to);
-	This function converts 'a' to a byte string which is put into
-	'to'.  The representation is big-endian in that the most
-	significant byte of 'a' is put into to[0].  This function
-	returns the number of bytes used to hold 'a'.  BN_num_bytes(a)
-	would return the same value and can be used to determine how
-	large 'to' needs to be.  If the number is negative, this
-	information is lost.  Since this library was written to
-	manipulate large positive integers, the inability to save and
-	restore them is not considered to be a problem by me :-).
-	As for BN_bin2bn(), look at the ASN.1 integer encoding funtions
-	for SSLeay.  They use BN_bin2bn() and BN_bn2bin() internally.
-	
-char *BN_bn2ascii(BIGNUM *a);
-	This function returns a malloc()ed string that contains the
-	ascii hexadecimal encoding of 'a'.  The number is in bigendian
-	format with a '-' in front if the number is negative.
-
-int BN_ascii2bn(BIGNUM **bn, char *a);
-	The inverse of BN_bn2ascii.  The function returns the number of
-	characters from 'a' were processed in generating a the bignum.
-	error is inticated by 0 being returned.  The number is a
-	hex digit string, optionally with a leading '-'.  If *bn
-	is null, a BIGNUM is created and returned via that variable.
-	
-int BN_print_fp(FILE *fp, BIGNUM *a);
-	'a' is printed to file pointer 'fp'.  It is in the same format
-	that is output from BN_bn2ascii().  0 is returned on error,
-	1 if things are ok.
-
-int BN_print(BIO *bp, BIGNUM *a);
-	Same as BN_print except that the output is done to the SSLeay libraries
-	BIO routines.  BN_print_fp() actually calls this function.
-
-Miscellaneous Routines.
-
-int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
-	This function returns in 'rnd' a random BIGNUM that is bits
-	long.  If bottom is 1, the number returned is odd.  If top is set,
-	the top 2 bits of the number are set.  This is useful because if
-	this is set, 2 'n; bit numbers multiplied together will return a 2n
-	bit number.  If top was not set, they could produce a 2n-1 bit
-	number.
-
-BIGNUM *BN_mod_inverse(BIGNUM *a, BIGNUM *n,BN_CTX *ctx);
-	This function create a new BIGNUM and returns it.  This number
-	is the inverse mod 'n' of 'a'.  By this it is meant that the
-	returned value 'r' satisfies (a*r)%n == 1.  This function is
-	used in the generation of RSA keys.  'ctx', as per usual,
-	is used to hold temporary variables that are required by the
-	function.  NULL is returned on error.
-
-int BN_gcd(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_CTX *ctx);
-	'r' has the greatest common divisor of 'a' and 'b'.  'ctx' is
-	used for temporary variables and 0 is returned on error.
-
-int BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(),BN_CTX *ctx,
-	char *cb_arg);
-	This function is used to check if a BIGNUM ('p') is prime.
-	It performs this test by using the Miller-Rabin randomised
-	primality test.  This is a probalistic test that requires a
-	number of rounds to ensure the number is prime to a high
-	degree of probability.  Since this can take quite some time, a
-	callback function can be passed and it will be called each
-	time 'p' passes a round of the prime testing.  'callback' will
-	be called as follows, callback(1,n,cb_arg) where n is the number of
-	the round, just passed.  As per usual 'ctx' contains temporary
-	variables used.  If ctx is NULL, it does not matter, a local version
-	will be malloced.  This parameter is present to save some mallocing
-	inside the function but probably could be removed.
-	0 is returned on error.
-	'ncheck' is the number of Miller-Rabin tests to run.  It is
-	suggested to use the value 'BN_prime_checks' by default.
-
-BIGNUM *BN_generate_prime(
-int bits,
-int strong,
-BIGNUM *a,
-BIGNUM *rems,
-void (*callback)());
-char *cb_arg
-	This function is used to generate prime numbers.  It returns a
-	new BIGNUM that has a high probability of being a prime.
-	'bits' is the number of bits that
-	are to be in the prime.  If 'strong' is true, the returned prime
-	will also be a strong prime ((p-1)/2 is also prime).
-	While searching for the prime ('p'), we
-	can add the requirement that the prime fill the following
-	condition p%a == rem.  This can be used to help search for
-	primes with specific features, which is required when looking
-	for primes suitable for use with certain 'g' values in the
-	Diffie-Hellman key exchange algorithm.  If 'a' is NULL,
-	this condition is not checked.  If rem is NULL, rem is assumed
-	to be 1.  Since this search for a prime
-	can take quite some time, if callback is not NULL, it is called
-	in the following situations.
-	We have a suspected prime (from a quick sieve),
-	callback(0,sus_prime++,cb_arg). Each item to be passed to BN_is_prime().
-	callback(1,round++,cb_arg).  Each successful 'round' in BN_is_prime().
-	callback(2,round,cb_arg). For each successful BN_is_prime() test.
-
diff --git a/doc/c-indentation.el b/doc/c-indentation.el
new file mode 100644
index 0000000000..cbf01cb172
--- /dev/null
+++ b/doc/c-indentation.el
@@ -0,0 +1,44 @@
+; This Emacs Lisp file defines a C indentation style that closely
+; follows most aspects of the one that is used throughout SSLeay,
+; and hence in OpenSSL.
+; 
+; This definition is for the "CC mode" package, which is the default
+; mode for editing C source files in Emacs 20, not for the older
+; c-mode.el (which was the default in less recent releaes of Emacs 19).
+;
+; Copy the definition in your .emacs file or use M-x eval-buffer.
+; To activate this indentation style, visit a C file, type
+; M-x c-set-style <RET> (or C-c . for short), and enter "eay".
+; To toggle the auto-newline feature of CC mode, type C-c C-a.
+;
+; Apparently statement blocks that are not introduced by a statement
+; such as "if" and that are not the body of a function cannot
+; be handled too well by CC mode with this indentation style,
+; so you have to indent them manually (you can use C-q tab).
+; 
+; For suggesting improvements, please send e-mail to bodo@openssl.org.
+
+(c-add-style "eay"
+	     '((c-basic-offset . 8)
+	       (c-comment-only-line-offset . 0)
+	       (c-hanging-braces-alist)
+	       (c-offsets-alist	. ((defun-open . +)
+				   (defun-block-intro . 0)
+				   (class-open . +)
+				   (class-close . +)
+				   (block-open . 0)
+				   (block-close . 0)
+				   (substatement-open . +)
+				   (statement . 0)
+				   (statement-block-intro . 0)
+				   (statement-case-open . +)
+				   (statement-case-intro . +)
+				   (case-label . -)
+				   (label . -)
+				   (arglist-cont-nonempty . +)
+				   (topmost-intro . -)
+				   (brace-list-close . 0)
+				   (brace-list-intro . 0)
+				   (brace-list-open . +)
+				   ))))
+
diff --git a/doc/ca.1 b/doc/ca.1
deleted file mode 100644
index 5b0c5a198d..0000000000
--- a/doc/ca.1
+++ /dev/null
@@ -1,121 +0,0 @@
-From eay@orb.mincom.oz.au Thu Dec 28 23:56:45 1995
-Received: by orb.mincom.oz.au id AA07374
-  (5.65c/IDA-1.4.4 for eay); Thu, 28 Dec 1995 13:56:45 +1000
-Date: Thu, 28 Dec 1995 13:56:45 +1000 (EST)
-From: Eric Young <eay@mincom.oz.au>
-X-Sender: eay@orb
-To: sameer <sameer@c2.org>
-Cc: ssleay@mincom.oz.au
-Subject: Re: 'ca'
-In-Reply-To: <199512230440.UAA23410@infinity.c2.org>
-Message-Id: <Pine.SOL.3.91.951228133525.7269A-100000@orb>
-Mime-Version: 1.0
-Content-Type: TEXT/PLAIN; charset=US-ASCII
-Status: RO
-X-Status: 
-
-On Fri, 22 Dec 1995, sameer wrote:
-> 	I could use documentation on 'ca'. Thanks.
-
-Very quickly.
-The ca program uses the ssleay.conf file for most of its configuration
-
-./ca -help
-
- -verbose        - Talk alot while doing things
- -config file    - A config file. If you don't want to use the
-		   default config file
- -name arg       - The particular CA definition to use
-	In the config file, the section to use for parameters.  This lets 
-	multiple setups to be contained in the one file.  By default, the 
-	default_ca variable is looked up in the [ ca ] section.  So in the 
-	shipped ssleay.conf, the CA definition used is CA_default.  It could be 
-	any other name.
- -gencrl days    - Generate a new CRL, days is when the next CRL is due
-	This will generate a new certificate revocion list.
- -days arg       - number of days to certify the certificate for
-	When certifiying certificates, this is the number of days to use.
- -md arg         - md to use, one of md2, md5, sha or sha1
- -policy arg     - The CA 'policy' to support
-	I'll describe this later, but there are 2 policies definied in the 
-	shipped ssleay.conf
- -keyfile arg    - PEM RSA private key file
- -key arg        - key to decode the RSA private key if it is encrypted
-	since we need to keep the CA's RSA key encrypted
- -cert           - The CA certificate
- -in file        - The input PEM encoded certificate request(s)
- -out file       - Where to put the output file(s)
- -outdir dir     - Where to put output certificates
-	The -out options concatinates all the output certificied
-	certificates to one file, -outdir puts them in a directory,
-	named by serial number.
- -infiles ....   - The last argument, requests to process
-	The certificate requests to process, -in is the same.
-
-Just about all the above have default values defined in ssleay.conf.
-
-The key variables in ssleay.conf are (for the pariticular '-name' being 
-used, in the default, it is CA_default).
-
-dir is where all the CA database stuff is kept.
-certs is where all the previously issued certificates are kept.
-The database is a simple text database containing the following tab separated 
-fields.
-status: a value of 'R' - revoked, 'E' -expired or 'V' valid.
-issued date:  When the certificate was certified.
-revoked date:  When it was revoked, blank if not revoked.
-serial number:  The certificate serial number.
-certificate:	Where the certificate is located.
-CN:	The name of the certificate.
-
-The demo file has quite a few made up values it it.  The last 2 were 
-added by the ca program and are acurate.
-The CA program does not update the 'certificate' file correctly right now.
-The serial field should be unique as should the CN/status combination.
-The ca program checks these at startup.  What still needs to be 
-wrtten is a program to 'regenerate' the data base file from the issued 
-certificate list (and a CRL list).
-
-Back to the CA_default variables.
-
-Most of the variables are commented.
-
-policy is the default policy.
-
-Ok for policies, they define the order and which fields must be present 
-in the certificate request and what gets filled in.
-
-So a value of
-countryName             = match
-means that the country name must match the CA certificate.
-organizationalUnitName  = optional
-The org.Unit,Name does not have to be present and
-commonName              = supplied
-commonName must be supplied in the certificate request.
-
-For the 'policy_match' polocy, the order of the attributes in the 
-generated certiticate would be
-countryName
-stateOrProvinceName
-organizationName
-organizationalUnitName
-commonName
-emailAddress
-
-Have a play, it sort of makes sense.  If you think about how the persona 
-requests operate, it is similar to the 'policy_match' policy and the
-'policy_anything' is similar to what versign is doing.
-
-I hope this helps a bit.  Some backend scripts are definitly needed to 
-update the database and to make certificate revocion easy.  All 
-certificates issued should also be kept forever (or until they expire?)
-
-hope this helps
-eric (who has to run off an buy some cheap knee pads for the caving in 4 
-days time :-)
-
---
-Eric Young                  | Signature removed since it was generating
-AARNet: eay@mincom.oz.au    | more followups than the message contents :-)
-
-
diff --git a/doc/callback.doc b/doc/callback.doc
deleted file mode 100644
index 7ad0f7f7d2..0000000000
--- a/doc/callback.doc
+++ /dev/null
@@ -1,240 +0,0 @@
-Callback functions used in SSLeay.
-
---------------------------
-The BIO library.  
-
-Each BIO structure can have a callback defined against it.  This callback is
-called 2 times for each BIO 'function'.  It is passed 6 parameters.
-BIO_debug_callback() is an example callback which is defined in
-crypto/buffer/bio_cb.c and is used in apps/dgst.c  This is intended mostly
-for debuging or to notify the application of IO.
-
-long BIO_debug_callback(BIO *bio,int cmd,char *argp,int argi,long argl,
-	long ret);
-bio is the BIO being called, cmd is the type of BIO function being called.
-Look at the BIO_CB_* defines in buffer.h.  Argp and argi are the arguments
-passed to BIO_read(), BIO_write, BIO_gets(), BIO_puts().  In the case of
-BIO_ctrl(), argl is also defined.  The first time the callback is called,
-before the underlying function has been executed, 0 is passed as 'ret', and
-if the return code from the callback is not > 0, the call is aborted
-and the returned <= 0 value is returned.
-The second time the callback is called, the 'cmd' value also has
-BIO_CB_RETURN logically 'or'ed with it.  The 'ret' value is the value returned
-from the actuall function call and whatever the callback returns is returned
-from the BIO function.
-
-BIO_set_callback(b,cb) can be used to set the callback function
-(b is a BIO), and BIO_set_callback_arg(b,arg) can be used to
-set the cb_arg argument in the BIO strucutre.  This field is only intended
-to be used by application, primarily in the callback function since it is
-accessable since the BIO is passed.
-
---------------------------
-The PEM library.
-
-The pem library only really uses one type of callback,
-static int def_callback(char *buf, int num, int verify);
-which is used to return a password string if required.
-'buf' is the buffer to put the string in.  'num' is the size of 'buf'
-and 'verify' is used to indicate that the password should be checked.
-This last flag is mostly used when reading a password for encryption.
-
-For all of these functions, a NULL callback will call the above mentioned
-default callback.  This default function does not work under Windows 3.1.
-For other machines, it will use an application defined prompt string
-(EVP_set_pw_prompt(), which defines a library wide prompt string)
-if defined, otherwise it will use it's own PEM password prompt.
-It will then call EVP_read_pw_string() to get a password from the console.
-If your application wishes to use nice fancy windows to retrieve passwords,
-replace this function.  The callback should return the number of bytes read
-into 'buf'.  If the number of bytes <= 0, it is considered an error.
-
-Functions that take this callback are listed below.  For the 'read' type
-functions, the callback will only be required if the PEM data is encrypted.
-
-For the Write functions, normally a password can be passed in 'kstr', of
-'klen' bytes which will be used if the 'enc' cipher is not NULL.  If
-'kstr' is NULL, the callback will be used to retrieve a password.
-
-int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
-	int (*callback)());
-char *PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *bp,char **x,int (*cb)());
-char *PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x,int (*cb)());
-int PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *bp,char *x,
-	EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
-int PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x,
-	EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
-STACK *PEM_X509_INFO_read(FILE *fp, STACK *sk, int (*cb)());
-STACK *PEM_X509_INFO_read_bio(BIO *fp, STACK *sk, int (*cb)());
-
-#define	PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb)
-#define	PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb)
-#define	PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb)
-#define	PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb)
-#define	PEM_read_SSL_SESSION(fp,x,cb)
-#define	PEM_read_X509(fp,x,cb)
-#define	PEM_read_X509_REQ(fp,x,cb)
-#define	PEM_read_X509_CRL(fp,x,cb)
-#define	PEM_read_RSAPrivateKey(fp,x,cb)
-#define	PEM_read_DSAPrivateKey(fp,x,cb)
-#define	PEM_read_PrivateKey(fp,x,cb)
-#define	PEM_read_PKCS7(fp,x,cb)
-#define	PEM_read_DHparams(fp,x,cb)
-#define	PEM_read_bio_SSL_SESSION(bp,x,cb)
-#define	PEM_read_bio_X509(bp,x,cb)
-#define	PEM_read_bio_X509_REQ(bp,x,cb)
-#define	PEM_read_bio_X509_CRL(bp,x,cb)
-#define	PEM_read_bio_RSAPrivateKey(bp,x,cb)
-#define	PEM_read_bio_DSAPrivateKey(bp,x,cb)
-#define	PEM_read_bio_PrivateKey(bp,x,cb)
-#define	PEM_read_bio_PKCS7(bp,x,cb)
-#define	PEM_read_bio_DHparams(bp,x,cb)
-int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
-RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
-
-Now you will notice that macros like
-#define PEM_write_X509(fp,x) \
-                PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
-		                        (char *)x, NULL,NULL,0,NULL)
-Don't do encryption normally.  If you want to PEM encrypt your X509 structure,
-either just call PEM_ASN1_write directly or just define you own
-macro variant.  As you can see, this macro just sets all encryption related
-parameters to NULL.
-
-
---------------------------
-The SSL library.
-
-#define SSL_set_info_callback(ssl,cb)
-#define SSL_CTX_set_info_callback(ctx,cb)
-void callback(SSL *ssl,int location,int ret)
-This callback is called each time around the SSL_connect()/SSL_accept() 
-state machine.  So it will be called each time the SSL protocol progresses.
-It is mostly present for use when debugging.  When SSL_connect() or
-SSL_accept() return, the location flag is SSL_CB_ACCEPT_EXIT or
-SSL_CB_CONNECT_EXIT and 'ret' is the value about to be returned.
-Have a look at the SSL_CB_* defines in ssl.h.  If an info callback is defined
-against the SSL_CTX, it is called unless there is one set against the SSL.
-Have a look at
-void client_info_callback() in apps/s_client() for an example.
-
-Certificate verification.
-void SSL_set_verify(SSL *s, int mode, int (*callback) ());
-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*callback)());
-This callback is used to help verify client and server X509 certificates.
-It is actually passed to X509_cert_verify(), along with the SSL structure
-so you have to read about X509_cert_verify() :-).  The SSL_CTX version is used
-if the SSL version is not defined.  X509_cert_verify() is the function used
-by the SSL part of the library to verify certificates.  This function is
-nearly always defined by the application.
-
-void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(),char *arg);
-int callback(char *arg,SSL *s,X509 *xs,STACK *cert_chain);
-This call is used to replace the SSLeay certificate verification code.
-The 'arg' is kept in the SSL_CTX and is passed to the callback.
-If the callback returns 0, the certificate is rejected, otherwise it
-is accepted.  The callback is replacing the X509_cert_verify() call.
-This feature is not often used, but if you wished to implement
-some totally different certificate authentication system, this 'hook' is
-vital.
-
-SSLeay keeps a cache of session-ids against each SSL_CTX.  These callbacks can
-be used to notify the application when a SSL_SESSION is added to the cache
-or to retrieve a SSL_SESSION that is not in the cache from the application.
-#define SSL_CTX_sess_set_get_cb(ctx,cb)
-SSL_SESSION *callback(SSL *s,char *session_id,int session_id_len,int *copy);
-If defined, this callback is called to return the SESSION_ID for the
-session-id in 'session_id', of 'session_id_len' bytes.  'copy' is set to 1
-if the server is to 'take a copy' of the SSL_SESSION structure.  It is 0
-if the SSL_SESSION is being 'passed in' so the SSLeay library is now
-responsible for 'free()ing' the structure.  Basically it is used to indicate
-if the reference count on the SSL_SESSION structure needs to be incremented.
-
-#define SSL_CTX_sess_set_new_cb(ctx,cb)
-int callback(SSL *s, SSL_SESSION *sess);
-When a new connection is established, if the SSL_SESSION is going to be added
-to the cache, this callback is called.  Return 1 if a 'copy' is required,
-otherwise, return 0.  This return value just causes the reference count
-to be incremented (on return of a 1), this means the application does
-not need to worry about incrementing the refernece count (and the
-locking that implies in a multi-threaded application).
-
-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx,int (*cb)());
-This sets the SSL password reading function.
-It is mostly used for windowing applications
-and used by PEM_read_bio_X509() and PEM_read_bio_RSAPrivateKey()
-calls inside the SSL library.   The only reason this is present is because the
-calls to PEM_* functions is hidden in the SSLeay library so you have to
-pass in the callback some how.
-
-#define SSL_CTX_set_client_cert_cb(ctx,cb)
-int callback(SSL *s,X509 **x509, EVP_PKEY **pkey);
-Called when a client certificate is requested but there is not one set
-against the SSL_CTX or the SSL.  If the callback returns 1, x509 and
-pkey need to point to valid data.  The library will free these when
-required so if the application wants to keep these around, increment
-their reference counts.  If 0 is returned, no client cert is
-available.  If -1 is returned, it is assumed that the callback needs
-to be called again at a later point in time.  SSL_connect will return
--1 and SSL_want_x509_lookup(ssl) returns true.  Remember that
-application data can be attached to an SSL structure via the
-SSL_set_app_data(SSL *ssl,char *data) call.
-
---------------------------
-The X509 library.
-
-int X509_cert_verify(CERTIFICATE_CTX *ctx,X509 *xs, int (*cb)(),
-	int *error,char *arg,STACK *cert_chain);
-int verify_callback(int ok,X509 *xs,X509 *xi,int depth,int error,char *arg,
-	STACK *cert_chain);
-
-X509_cert_verify() is used to authenticate X509 certificates.  The 'ctx' holds
-the details of the various caches and files used to locate certificates.
-'xs' is the certificate to verify and 'cb' is the application callback (more
-detail later).  'error' will be set to the error code and 'arg' is passed
-to the 'cb' callback.  Look at the VERIFY_* defines in crypto/x509/x509.h
-
-When ever X509_cert_verify() makes a 'negative' decision about a
-certitificate, the callback is called.  If everything checks out, the
-callback is called with 'VERIFY_OK' or 'VERIFY_ROOT_OK' (for a self
-signed cert that is not the passed certificate).
-
-The callback is passed the X509_cert_verify opinion of the certificate 
-in 'ok', the certificate in 'xs', the issuer certificate in 'xi',
-the 'depth' of the certificate in the verification 'chain', the
-VERIFY_* code in 'error' and the argument passed to X509_cert_verify()
-in 'arg'. cert_chain is a list of extra certs to use if they are not
-in the cache.
-
-The callback can be used to look at the error reason, and then return 0
-for an 'error' or '1' for ok.  This will override the X509_cert_verify()
-opinion of the certificates validity.  Processing will continue depending on
-the return value.  If one just wishes to use the callback for informational
-reason, just return the 'ok' parameter.
-
---------------------------
-The BN and DH library.
-
-BIGNUM *BN_generate_prime(int bits,int strong,BIGNUM *add,
-	BIGNUM *rem,void (*callback)(int,int));
-int BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(int,int),
-
-Read doc/bn.doc for the description of these 2.
-
-DH *DH_generate_parameters(int prime_len,int generator,
-	void (*callback)(int,int));
-Read doc/bn.doc for the description of the callback, since it is just passed
-to BN_generate_prime(), except that it is also called as
-callback(3,0) by this function.
-
---------------------------
-The CRYPTO library.
-
-void CRYPTO_set_locking_callback(void (*func)(int mode,int type,char *file,
-	int line));
-void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,
-	int type,char *file, int line));
-void CRYPTO_set_id_callback(unsigned long (*func)(void));
-
-Read threads.doc for info on these ones.
-
diff --git a/doc/cipher.doc b/doc/cipher.doc
deleted file mode 100644
index d49ba78c5c..0000000000
--- a/doc/cipher.doc
+++ /dev/null
@@ -1,345 +0,0 @@
-The Cipher subroutines.
-
-These routines require "evp.h" to be included.
-
-These functions are a higher level interface to the various cipher
-routines found in this library.  As such, they allow the same code to be
-used to encrypt and decrypt via different ciphers with only a change
-in an initial parameter.  These routines also provide buffering for block
-ciphers.
-
-These routines all take a pointer to the following structure to specify
-which cipher to use.  If you wish to use a new cipher with these routines,
-you would probably be best off looking an how an existing cipher is
-implemented and copying it.  At this point in time, I'm not going to go
-into many details.  This structure should be considered opaque
-
-typedef struct pem_cipher_st
-	{
-	int type;
-	int block_size;
-	int key_len;
-	int iv_len;
-	void (*enc_init)();	/* init for encryption */
-	void (*dec_init)();	/* init for decryption */
-	void (*do_cipher)();	/* encrypt data */
-	} EVP_CIPHER;
-	
-The type field is the object NID of the cipher type
-(read the section on Objects for an explanation of what a NID is).
-The cipher block_size is how many bytes need to be passed
-to the cipher at a time.  Key_len is the
-length of the key the cipher requires and iv_len is the length of the
-initialisation vector required.  enc_init is the function
-called to initialise the ciphers context for encryption and dec_init is the
-function to initialise for decryption (they need to be different, especially
-for the IDEA cipher).
-
-One reason for specifying the Cipher via a pointer to a structure
-is that if you only use des-cbc, only the des-cbc routines will
-be included when you link the program.  If you passed an integer
-that specified which cipher to use, the routine that mapped that
-integer to a set of cipher functions would cause all the ciphers
-to be link into the code.  This setup also allows new ciphers
-to be added by the application (with some restrictions).
-
-The thirteen ciphers currently defined in this library are
-
-EVP_CIPHER *EVP_des_ecb();     /* DES in ecb mode,     iv=0, block=8, key= 8 */
-EVP_CIPHER *EVP_des_ede();     /* DES in ecb ede mode, iv=0, block=8, key=16 */
-EVP_CIPHER *EVP_des_ede3();    /* DES in ecb ede mode, iv=0, block=8, key=24 */
-EVP_CIPHER *EVP_des_cfb();     /* DES in cfb mode,     iv=8, block=1, key= 8 */
-EVP_CIPHER *EVP_des_ede_cfb(); /* DES in ede cfb mode, iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_des_ede3_cfb();/* DES in ede cfb mode, iv=8, block=1, key=24 */
-EVP_CIPHER *EVP_des_ofb();     /* DES in ofb mode,     iv=8, block=1, key= 8 */
-EVP_CIPHER *EVP_des_ede_ofb(); /* DES in ede ofb mode, iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_des_ede3_ofb();/* DES in ede ofb mode, iv=8, block=1, key=24 */
-EVP_CIPHER *EVP_des_cbc();     /* DES in cbc mode,     iv=8, block=8, key= 8 */
-EVP_CIPHER *EVP_des_ede_cbc(); /* DES in cbc ede mode, iv=8, block=8, key=16 */
-EVP_CIPHER *EVP_des_ede3_cbc();/* DES in cbc ede mode, iv=8, block=8, key=24 */
-EVP_CIPHER *EVP_desx_cbc();    /* DES in desx cbc mode,iv=8, block=8, key=24 */
-EVP_CIPHER *EVP_rc4();         /* RC4,                 iv=0, block=1, key=16 */
-EVP_CIPHER *EVP_idea_ecb();    /* IDEA in ecb mode,    iv=0, block=8, key=16 */
-EVP_CIPHER *EVP_idea_cfb();    /* IDEA in cfb mode,    iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_idea_ofb();    /* IDEA in ofb mode,    iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_idea_cbc();    /* IDEA in cbc mode,    iv=8, block=8, key=16 */
-EVP_CIPHER *EVP_rc2_ecb();     /* RC2 in ecb mode,     iv=0, block=8, key=16 */
-EVP_CIPHER *EVP_rc2_cfb();     /* RC2 in cfb mode,     iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_rc2_ofb();     /* RC2 in ofb mode,     iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_rc2_cbc();     /* RC2 in cbc mode,     iv=8, block=8, key=16 */
-EVP_CIPHER *EVP_bf_ecb();      /* Blowfish in ecb mode,iv=0, block=8, key=16 */
-EVP_CIPHER *EVP_bf_cfb();      /* Blowfish in cfb mode,iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_bf_ofb();      /* Blowfish in ofb mode,iv=8, block=1, key=16 */
-EVP_CIPHER *EVP_bf_cbc();      /* Blowfish in cbc mode,iv=8, block=8, key=16 */
-
-The meaning of the compound names is as follows.
-des	The base cipher is DES.
-idea	The base cipher is IDEA
-rc4	The base cipher is RC4-128
-rc2	The base cipher is RC2-128
-ecb	Electronic Code Book form of the cipher.
-cbc	Cipher Block Chaining form of the cipher.
-cfb	64 bit Cipher Feedback form of the cipher.
-ofb	64 bit Output Feedback form of the cipher.
-ede	The cipher is used in Encrypt, Decrypt, Encrypt mode.  The first
-	and last keys are the same.
-ede3	The cipher is used in Encrypt, Decrypt, Encrypt mode.
-
-All the Cipher routines take a EVP_CIPHER_CTX pointer as an argument.
-The state of the cipher is kept in this structure.
-
-typedef struct EVP_CIPHER_Ctx_st
-	{
-	EVP_CIPHER *cipher;
-	int encrypt;		/* encrypt or decrypt */
-	int buf_len;		/* number we have left */
-	unsigned char buf[8];
-	union	{
-		.... /* cipher specific stuff */
-		} c;
-	} EVP_CIPHER_CTX;
-
-Cipher is a pointer the the EVP_CIPHER for the current context.  The encrypt
-flag indicates encryption or decryption.  buf_len is the number of bytes
-currently being held in buf.
-The 'c' union holds the cipher specify context.
-
-The following functions are to be used.
-
-int EVP_read_pw_string(
-char *buf,
-int len,
-char *prompt,
-int verify,
-	This function is the same as des_read_pw_string() (des.doc).
-
-void EVP_set_pw_prompt(char *prompt);
-	This function sets the 'default' prompt to use to use in
-	EVP_read_pw_string when the prompt parameter is NULL.  If the
-	prompt parameter is NULL, this 'default prompt' feature is turned
-	off.  Be warned, this is a global variable so weird things
-	will happen if it is used under Win16 and care must be taken
-	with a multi-threaded version of the library.
-
-char *EVP_get_pw_prompt();
-	This returns a pointer to the default prompt string.  NULL
-	if it is not set.
-
-int EVP_BytesToKey(
-EVP_CIPHER *type,
-EVP_MD *md,
-unsigned char *salt,
-unsigned char *data,
-int datal,
-int count,
-unsigned char *key,
-unsigned char *iv);
-	This function is used to generate a key and an initialisation vector
-	for a specified cipher from a key string and a salt.  Type
-	specifies the cipher the 'key' is being generated for.  Md is the
-	message digest algorithm to use to generate the key and iv.  The salt
-	is an optional 8 byte object that is used to help seed the key
-	generator.
-	If the salt value is NULL, it is just not used.  Datal is the
-	number of bytes to use from 'data' in the key generation.  
-	This function returns the key size for the specified cipher, if
-	data is NULL, this value is returns and no other
-	computation is performed.  Count is
-	the number of times to loop around the key generator.  I would
-	suggest leaving it's value as 1.  Key and iv are the structures to
-	place the returning iv and key in.  If they are NULL, no value is
-	generated for that particular value.
-	The algorithm used is as follows
-	
-	/* M[] is an array of message digests
-	 * MD() is the message digest function */
-	M[0]=MD(data . salt);
-	for (i=1; i<count; i++) M[0]=MD(M[0]);
-
-	i=1
-	while (data still needed for key and iv)
-		{
-		M[i]=MD(M[i-1] . data . salt);
-		for (i=1; i<count; i++) M[i]=MD(M[i]);
-		i++;
-		}
-
-	If the salt is NULL, it is not used.
-	The digests are concatenated together.
-	M = M[0] . M[1] . M[2] .......
-
-	For key= 8, iv=8 => key=M[0.. 8], iv=M[ 9 .. 16].
-	For key=16, iv=0 => key=M[0..16].
-	For key=16, iv=8 => key=M[0..16], iv=M[17 .. 24].
-	For key=24, iv=8 => key=M[0..24], iv=M[25 .. 32].
-
-	This routine will produce DES-CBC keys and iv that are compatible
-	with the PKCS-5 standard when md2 or md5 are used.  If md5 is
-	used, the salt is NULL and count is 1, this routine will produce
-	the password to key mapping normally used with RC4.
-	I have attempted to logically extend the PKCS-5 standard to
-	generate keys and iv for ciphers that require more than 16 bytes,
-	if anyone knows what the correct standard is, please inform me.
-	When using sha or sha1, things are a bit different under this scheme,
-	since sha produces a 20 byte digest.  So for ciphers requiring
-	24 bits of data, 20 will come from the first MD and 4 will
-	come from the second.
-
-	I have considered having a separate function so this 'routine'
-	can be used without the requirement of passing a EVP_CIPHER *,
-	but I have decided to not bother.  If you wish to use the
-	function without official EVP_CIPHER structures, just declare
-	a local one and set the key_len and iv_len fields to the
-	length you desire.
-
-The following routines perform encryption and decryption 'by parts'.  By
-this I mean that there are groups of 3 routines.  An Init function that is
-used to specify a cipher and initialise data structures.  An Update routine
-that does encryption/decryption, one 'chunk' at a time.  And finally a
-'Final' function that finishes the encryption/decryption process.
-All these functions take a EVP_CIPHER pointer to specify which cipher to
-encrypt/decrypt with.  They also take a EVP_CIPHER_CTX object as an
-argument.  This structure is used to hold the state information associated
-with the operation in progress.
-
-void EVP_EncryptInit(
-EVP_CIPHER_CTX *ctx,
-EVP_CIPHER *type,
-unsigned char *key,
-unsigned char *iv);
-	This function initialise a EVP_CIPHER_CTX for encryption using the
-	cipher passed in the 'type' field.  The cipher is initialised to use
-	'key' as the key and 'iv' for the initialisation vector (if one is
-	required).  If the type, key or iv is NULL, the value currently in the
-	EVP_CIPHER_CTX is reused.  So to perform several decrypt
-	using the same cipher, key and iv, initialise with the cipher,
-	key and iv the first time and then for subsequent calls,
-	reuse 'ctx' but pass NULL for type, key and iv.  You must make sure
-	to pass a key that is large enough for a particular cipher.  I
-	would suggest using the EVP_BytesToKey() function.
-
-void EVP_EncryptUpdate(
-EVP_CIPHER_CTX *ctx,
-unsigned char *out,
-int *outl,
-unsigned char *in,
-int inl);
-	This function takes 'inl' bytes from 'in' and outputs bytes
-	encrypted by the cipher 'ctx' was initialised with into 'out'.  The
-	number of bytes written to 'out' is put into outl.  If a particular
-	cipher encrypts in blocks, less or more bytes than input may be
-	output.  Currently the largest block size used by supported ciphers
-	is 8 bytes, so 'out' should have room for 'inl+7' bytes.  Normally
-	EVP_EncryptInit() is called once, followed by lots and lots of
-	calls to EVP_EncryptUpdate, followed by a single EVP_EncryptFinal
-	call.
-
-void EVP_EncryptFinal(
-EVP_CIPHER_CTX *ctx,
-unsigned char *out,
-int *outl);
-	Because quite a large number of ciphers are block ciphers, there is
-	often an incomplete block to write out at the end of the
-	encryption.  EVP_EncryptFinal() performs processing on this last
-	block.  The last block in encoded in such a way that it is possible
-	to determine how many bytes in the last block are valid.  For 8 byte
-	block size ciphers, if only 5 bytes in the last block are valid, the
-	last three bytes will be filled with the value 3.  If only 2 were
-	valid, the other 6 would be filled with sixes.  If all 8 bytes are
-	valid, a extra 8 bytes are appended to the cipher stream containing
-	nothing but 8 eights.  These last bytes are output into 'out' and
-	the number of bytes written is put into 'outl'  These last bytes
-	are output into 'out' and the number of bytes written is put into
-	'outl'.  This form of block cipher finalisation is compatible with
-	PKCS-5.  Please remember that even if you are using ciphers like
-	RC4 that has no blocking and so the function will not write
-	anything into 'out', it would still be a good idea to pass a
-	variable for 'out' that can hold 8 bytes just in case the cipher is
-	changed some time in the future.  It should also be remembered
-	that the EVP_CIPHER_CTX contains the password and so when one has
-	finished encryption with a particular EVP_CIPHER_CTX, it is good
-	practice to zero the structure 
-	(ie. memset(ctx,0,sizeof(EVP_CIPHER_CTX)).
-	
-void EVP_DecryptInit(
-EVP_CIPHER_CTX *ctx,
-EVP_CIPHER *type,
-unsigned char *key,
-unsigned char *iv);
-	This function is basically the same as EVP_EncryptInit() accept that
-	is prepares the EVP_CIPHER_CTX for decryption.
-
-void EVP_DecryptUpdate(
-EVP_CIPHER_CTX *ctx,
-unsigned char *out,
-int *outl,
-unsigned char *in,
-int inl);
-	This function is basically the same as EVP_EncryptUpdate()
-	except that it performs decryption.  There is one
-	fundamental difference though.  'out' can not be the same as
-	'in' for any ciphers with a block size greater than 1 if more
-	than one call to EVP_DecryptUpdate() will be made.  This
-	is because this routine can hold a 'partial' block between
-	calls.  When a partial block is decrypted (due to more bytes
-	being passed via this function, they will be written to 'out'
-	overwriting the input bytes in 'in' that have not been read
-	yet.  From this it should also be noted that 'out' should
-	be at least one 'block size' larger than 'inl'.  This problem
-	only occurs on the second and subsequent call to
-	EVP_DecryptUpdate() when using a block cipher.
-
-int EVP_DecryptFinal(
-EVP_CIPHER_CTX *ctx,
-unsigned char *out,
-int *outl);
-	This function is different to EVP_EncryptFinal in that it 'removes'
-	any padding bytes appended when the data was encrypted.  Due to the
-	way in which 1 to 8 bytes may have been appended when encryption
-	using a block cipher, 'out' can end up with 0 to 7 bytes being put
-	into it.  When decoding the padding bytes, it is possible to detect
-	an incorrect decryption.  If the decryption appears to be wrong, 0
-	is returned.  If everything seems ok, 1 is returned.  For ciphers
-	with a block size of 1 (RC4), this function would normally not
-	return any bytes and would always return 1.  Just because this
-	function returns 1 does not mean the decryption was correct. It
-	would normally be wrong due to either the wrong key/iv or
-	corruption of the cipher data fed to EVP_DecryptUpdate().
-	As for EVP_EncryptFinal, it is a good idea to zero the
-	EVP_CIPHER_CTX after use since the structure contains the key used
-	to decrypt the data.
-	
-The following Cipher routines are convenience routines that call either
-EVP_EncryptXxx or EVP_DecryptXxx depending on weather the EVP_CIPHER_CTX
-was setup to encrypt or decrypt.  
-
-void EVP_CipherInit(
-EVP_CIPHER_CTX *ctx,
-EVP_CIPHER *type,
-unsigned char *key,
-unsigned char *iv,
-int enc);
-	This function take arguments that are the same as EVP_EncryptInit()
-	and EVP_DecryptInit() except for the extra 'enc' flag.  If 1, the
-	EVP_CIPHER_CTX is setup for encryption, if 0, decryption.
-
-void EVP_CipherUpdate(
-EVP_CIPHER_CTX *ctx,
-unsigned char *out,
-int *outl,
-unsigned char *in,
-int inl);
-	Again this function calls either EVP_EncryptUpdate() or
-	EVP_DecryptUpdate() depending on state in the 'ctx' structure.
-	As noted for EVP_DecryptUpdate(), when this routine is used
-	for decryption with block ciphers, 'out' should not be the
-	same as 'in'.
-
-int EVP_CipherFinal(
-EVP_CIPHER_CTX *ctx,
-unsigned char *outm,
-int *outl);
-	This routine call EVP_EncryptFinal() or EVP_DecryptFinal()
-	depending on the state information in 'ctx'.  1 is always returned
-	if the mode is encryption, otherwise the return value is the return
-	value of EVP_DecryptFinal().
diff --git a/doc/cipher.m b/doc/cipher.m
deleted file mode 100644
index 9f74917135..0000000000
--- a/doc/cipher.m
+++ /dev/null
@@ -1,128 +0,0 @@
-From ssl-lists-owner@mincom.com Tue Oct 15 18:16:14 1996
-Received: from cygnus.mincom.oz.au by orb.mincom.oz.au with SMTP id AA11550
-  (5.65c/IDA-1.4.4 for eay); Tue, 15 Oct 1996 08:17:41 +1000
-Received: (from daemon@localhost) by cygnus.mincom.oz.au (8.7.5/8.7.3) id IAA12472 for ssl-users-outgoing; Tue, 15 Oct 1996 08:16:35 +1000 (EST)
-Received: from orb.mincom.oz.au (eay@orb.mincom.oz.au [192.55.197.1]) by cygnus.mincom.oz.au (8.7.5/8.7.3) with SMTP id IAA12463 for <ssl-users@listserv.mincom.oz.au>; Tue, 15 Oct 1996 08:16:32 +1000 (EST)
-Received: by orb.mincom.oz.au id AA11544
-  (5.65c/IDA-1.4.4 for ssl-users@listserv.mincom.oz.au); Tue, 15 Oct 1996 08:16:15 +1000
-Date: Tue, 15 Oct 1996 08:16:14 +1000 (EST)
-From: Eric Young <eay@mincom.com>
-X-Sender: eay@orb
-To: Roland Haring <rharing@tandem.cl>
-Cc: ssl-users@mincom.com
-Subject: Re: Symmetric encryption with ssleay
-In-Reply-To: <m0vBpyq-00001aC@tandemnet.tandem.cl>
-Message-Id: <Pine.SOL.3.91.961015075623.11394A-100000@orb>
-Mime-Version: 1.0
-Content-Type: TEXT/PLAIN; charset=US-ASCII
-Sender: ssl-lists-owner@mincom.com
-Precedence: bulk
-Status: RO
-X-Status: 
-
-
-On Fri, 11 Oct 1996, Roland Haring wrote:
-> THE_POINT:
-> 	Would somebody be so kind to give me the minimum basic 
-> 	calls I need to do to libcrypto.a to get some text encrypted
-> 	and decrypted again? ...hopefully with code included to do
-> 	base64 encryption and decryption ... e.g. that sign-it.c code
-> 	posted some while ago was a big help :-) (please, do not point
-> 	me to apps/enc.c where I suspect my Heissenbug to be hidden :-)
-
-Ok, the base64 encoding stuff in 'enc.c' does the wrong thing sometimes 
-when the data is less than a line long (this is for decoding).  I'll dig 
-up the exact fix today and post it.  I am taking longer on 0.6.5 than I 
-intended so I'll just post this patch.
-
-The documentation to read is in
-doc/cipher.doc,
-doc/encode.doc (very sparse :-).
-and perhaps
-doc/digest.doc,
-
-The basic calls to encrypt with say triple DES are
-
-Given
-char key[EVP_MAX_KEY_LENGTH];
-char iv[EVP_MAX_IV_LENGTH];
-EVP_CIPHER_CTX ctx;
-unsigned char out[512+8];
-int outl;
-
-/* optional generation of key/iv data from text password using md5
- * via an upward compatable verson of PKCS#5. */
-EVP_BytesToKey(EVP_des_ede3_cbc,EVP_md5,NULL,passwd,strlen(passwd),
-	key,iv);
-
-/* Initalise the EVP_CIPHER_CTX */
-EVP_EncryptInit(ctx,EVP_des_ede3_cbc,key,iv);
-
-while (....)
-	{
-	/* This is processing 512 bytes at a time, the bytes are being
-	 * copied into 'out', outl bytes are output.  'out' should not be the
-	 * same as 'in' for reasons mentioned in the documentation. */
-	EVP_EncryptUpdate(ctx,out,&outl,in,512);
-	}
-
-/* Output the last 'block'.  If the cipher is a block cipher, the last
- * block is encoded in such a way so that a wrong decryption will normally be
- * detected - again, one of the PKCS standards. */
-
-EVP_EncryptFinal(ctx,out,&outl);
-
-To decrypt, use the EVP_DecryptXXXXX functions except that EVP_DecryptFinal()
-will return 0 if the decryption fails (only detectable on block ciphers).
-
-You can also use
-EVP_CipherInit()
-EVP_CipherUpdate()
-EVP_CipherFinal()
-which does either encryption or decryption depending on an extra 
-parameter to EVP_CipherInit().
-
-
-To do the base64 encoding,
-EVP_EncodeInit()
-EVP_EncodeUpdate()
-EVP_EncodeFinal()
-
-EVP_DecodeInit()
-EVP_DecodeUpdate()
-EVP_DecodeFinal()
-
-where the encoding is quite simple, but the decoding can be a bit more 
-fun (due to dud input).
-
-EVP_DecodeUpdate() returns -1 for an error on an input line, 0 if the 
-'last line' was just processed, and 1 if more lines should be submitted.
-
-EVP_DecodeFinal() returns -1 for an error or 1 if things are ok.
-
-So the loop becomes
-EVP_DecodeInit(....)
-for (;;)
-	{
-	i=EVP_DecodeUpdate(....);
-	if (i < 0) goto err;
-
-	/* process the data */
-
-	if (i == 0) break;
-	}
-EVP_DecodeFinal(....);
-/* process the data */
-
-The problem in 'enc.c' is that I was stuff the processing up after the 
-EVP_DecodeFinal(...) when the for(..) loop was not being run (one line of 
-base64 data) and this was because 'enc.c' tries to scan over a file until
-it hits the first valid base64 encoded line.
-
-hope this helps a bit.
-eric
---
-Eric Young                  | BOOL is tri-state according to Bill Gates.
-AARNet: eay@mincom.oz.au    | RTFM Win32 GetMessage().
-
-
diff --git a/doc/conf.doc b/doc/conf.doc
deleted file mode 100644
index f12fe884f5..0000000000
--- a/doc/conf.doc
+++ /dev/null
@@ -1,89 +0,0 @@
-The CONF library.
-
-The CONF library is a simple set of routines that can be used to configure
-programs.  It is a superset of the genenv() function with some extra
-structure.
-
-The library consists of 5 functions.
-
-LHASH *CONF_load(LHASH *config,char *file);
-This function is called to load in a configuration file.  Multiple
-configuration files can be loaded, with each subsequent 'load' overwriting
-any already defined 'variables'.  If there is an error, NULL is returned.
-If config is NULL, a new LHASH structure is created and returned, otherwise
-the new data in the 'file' is loaded into the 'config' structure.
-
-void CONF_free(LHASH *config);
-This function free()s the data in config.
-
-char *CONF_get_string(LHASH *config,char *section,char *name);
-This function returns the string found in 'config' that corresponds to the
-'section' and 'name' specified.  Classes and the naming system used will be
-discussed later in this document.  If the variable is not defined, an NULL
-is returned.
-
-long CONF_get_long(LHASH *config,char *section, char *name);
-This function is the same as CONF_get_string() except that it converts the
-string to an long and returns it.  If variable is not a number or the
-variable does not exist, 0 is returned.  This is a little problematic but I
-don't know of a simple way around it.
-
-STACK *CONF_get_section(LHASH *config, char *section);
-This function returns a 'stack' of CONF_VALUE items that are all the
-items defined in a particular section.  DO NOT free() any of the
-variable returned.  They will disappear when CONF_free() is called.
-
-The 'lookup' model.
-The configuration file is divided into 'sections'.  Each section is started by
-a line of the form '[ section ]'.  All subsequent variable definitions are
-of this section.  A variable definition is a simple alpha-numeric name
-followed by an '=' and then the data.  A section or variable name can be
-described by a regular expression of the following form '[A-Za-z0-9_]+'.
-The value of the variable is the text after the '=' until the end of the
-line, stripped of leading and trailing white space.
-At this point I should mention that a '#' is a comment character, \ is the
-escape character, and all three types of quote can be used to stop any
-special interpretation of the data.
-Now when the data is being loaded, variable expansion can occur.  This is
-done by expanding any $NAME sequences into the value represented by the
-variable NAME.  If the variable is not in the current section, the different
-section can be specified by using the $SECTION::NAME form.  The ${NAME} form
-also works and is very useful for expanding variables inside strings.
-
-When a variable is looked up, there are 2 special section. 'default', which
-is the initial section, and 'ENV' which is the processes environment
-variables (accessed via getenv()).  When a variable is looked up, it is
-first 'matched' with it's section (if one was specified), if this fails, the
-'default' section is matched.
-If the 'lhash' variable passed was NULL, the environment is searched.
-
-Now why do we bother with sections?  So we can have multiple programs using
-the same configuration file, or multiple instances of the same program
-using different variables.  It also provides a nice mechanism to override
-the processes environment variables (eg ENV::HOME=/tmp).  If there is a
-program specific variable missing, we can have default values.
-Multiple configuration files can be loaded, with each new value clearing
-any predefined values.  A system config file can provide 'default' values,
-and application/usr specific files can provide overriding values.
-
-Examples
-
-# This is a simple example
-SSLEAY_HOME	= /usr/local/ssl
-ENV::PATH	= $SSLEAY_HOME/bin:$PATH	# override my path
-
-[X509]
-cert_dir	= $SSLEAY_HOME/certs	# /usr/local/ssl/certs
-
-[SSL]
-CIPHER		= DES-EDE-MD5:RC4-MD5
-USER_CERT	= $HOME/${USER}di'r 5'	# /home/eay/eaydir 5
-USER_CERT	= $HOME/\${USER}di\'r	# /home/eay/${USER}di'r
-USER_CERT	= "$HOME/${US"ER}di\'r	# $HOME/${USER}di'r
-
-TEST		= 1234\
-5678\
-9ab					# TEST=123456789ab
-TTT		= 1234\n\n		# TTT=1234<nl><nl>
-
-
diff --git a/doc/crypto/ASN1_OBJECT_new.pod b/doc/crypto/ASN1_OBJECT_new.pod
new file mode 100644
index 0000000000..51679bfcd9
--- /dev/null
+++ b/doc/crypto/ASN1_OBJECT_new.pod
@@ -0,0 +1,43 @@
+=pod
+
+=head1 NAME
+
+ASN1_OBJECT_new, ASN1_OBJECT_free, - object allocation functions
+
+=head1 SYNOPSIS
+
+ ASN1_OBJECT *ASN1_OBJECT_new(void);
+ void ASN1_OBJECT_free(ASN1_OBJECT *a);
+
+=head1 DESCRIPTION
+
+The ASN1_OBJECT allocation routines, allocate and free an
+ASN1_OBJECT structure, which represents an ASN1 OBJECT IDENTIFIER.
+
+ASN1_OBJECT_new() allocates and initializes a ASN1_OBJECT structure.
+
+ASN1_OBJECT_free() frees up the B<ASN1_OBJECT> structure B<a>.
+
+=head1 NOTES
+
+Although ASN1_OBJECT_new() allocates a new ASN1_OBJECT structure it
+is almost never used in applications. The ASN1 object utility functions
+such as OBJ_nid2obj() are used instead.
+
+=head1 RETURN VALUES
+
+If the allocation fails, ASN1_OBJECT_new() returns B<NULL> and sets an error
+code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+Otherwise it returns a pointer to the newly allocated structure.
+
+ASN1_OBJECT_free() returns no value.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_ASN1_OBJECT(3)|d2i_ASN1_OBJECT(3)>
+
+=head1 HISTORY
+
+ASN1_OBJECT_new() and ASN1_OBJECT_free() are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/doc/crypto/ASN1_STRING_length.pod b/doc/crypto/ASN1_STRING_length.pod
new file mode 100644
index 0000000000..c4ec693f17
--- /dev/null
+++ b/doc/crypto/ASN1_STRING_length.pod
@@ -0,0 +1,81 @@
+=pod
+
+=head1 NAME
+
+ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length,
+ASN1_STRING_length_set, ASN1_STRING_type, ASN1_STRING_data -
+ASN1_STRING utility functions
+
+=head1 SYNOPSIS
+
+ int ASN1_STRING_length(ASN1_STRING *x);
+ unsigned char * ASN1_STRING_data(ASN1_STRING *x);
+
+ ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a);
+
+ int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b);
+
+ int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
+
+ int ASN1_STRING_type(ASN1_STRING *x);
+
+ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in);
+
+=head1 DESCRIPTION
+
+These functions allow an B<ASN1_STRING> structure to be manipulated.
+
+ASN1_STRING_length() returns the length of the content of B<x>.
+
+ASN1_STRING_data() returns an internal pointer to the data of B<x>.
+Since this is an internal pointer it should B<not> be freed or
+modified in any way.
+
+ASN1_STRING_dup() returns a copy of the structure B<a>.
+
+ASN1_STRING_cmp() compares B<a> and B<b> returning 0 if the two
+are identical. The string types and content are compared.
+
+ASN1_STRING_set() sets the data of string B<str> to the buffer
+B<data> or length B<len>. The supplied data is copied. If B<len>
+is -1 then the length is determined by strlen(data).
+
+ASN1_STRING_type() returns the type of B<x>, using standard constants
+such as B<V_ASN1_OCTET_STRING>.
+
+ASN1_STRING_to_UTF8() converts the string B<in> to UTF8 format, the
+converted data is allocated in a buffer in B<*out>. The length of
+B<out> is returned or a negative error code. The buffer B<*out>
+should be free using OPENSSL_free().
+
+=head1 NOTES
+
+Almost all ASN1 types in OpenSSL are represented as an B<ASN1_STRING>
+structure. Other types such as B<ASN1_OCTET_STRING> are simply typedefed
+to B<ASN1_STRING> and the functions call the B<ASN1_STRING> equivalents.
+B<ASN1_STRING> is also used for some B<CHOICE> types which consist
+entirely of primitive string types such as B<DirectoryString> and
+B<Time>.
+
+These functions should B<not> be used to examine or modify B<ASN1_INTEGER>
+or B<ASN1_ENUMERATED> types: the relevant B<INTEGER> or B<ENUMERATED>
+utility functions should be used instead.
+
+In general it cannot be assumed that the data returned by ASN1_STRING_data()
+is null terminated or does not contain embedded nulls. The actual format
+of the data will depend on the actual string type itself: for example
+for and IA5String the data will be ASCII, for a BMPString two bytes per
+character in big endian format, UTF8String will be in UTF8 format.
+
+Similar care should be take to ensure the data is in the correct format
+when calling ASN1_STRING_set().
+
+=head1 RETURN VALUES
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+=cut
diff --git a/doc/crypto/ASN1_STRING_new.pod b/doc/crypto/ASN1_STRING_new.pod
new file mode 100644
index 0000000000..5b1bbb7eb2
--- /dev/null
+++ b/doc/crypto/ASN1_STRING_new.pod
@@ -0,0 +1,44 @@
+=pod
+
+=head1 NAME
+
+ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free -
+ASN1_STRING allocation functions
+
+=head1 SYNOPSIS
+
+ ASN1_STRING * ASN1_STRING_new(void);
+ ASN1_STRING * ASN1_STRING_type_new(int type);
+ void ASN1_STRING_free(ASN1_STRING *a);
+
+=head1 DESCRIPTION
+
+ASN1_STRING_new() returns an allocated B<ASN1_STRING> structure. Its type
+is undefined.
+
+ASN1_STRING_type_new() returns an allocated B<ASN1_STRING> structure of
+type B<type>.
+
+ASN1_STRING_free() frees up B<a>.
+
+=head1 NOTES
+
+Other string types call the B<ASN1_STRING> functions. For example
+ASN1_OCTET_STRING_new() calls ASN1_STRING_type(V_ASN1_OCTET_STRING).
+
+=head1 RETURN VALUES
+
+ASN1_STRING_new() and ASN1_STRING_type_new() return a valid
+ASN1_STRING structure or B<NULL> if an error occurred.
+
+ASN1_STRING_free() does not return a value.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/doc/crypto/ASN1_STRING_print_ex.pod b/doc/crypto/ASN1_STRING_print_ex.pod
new file mode 100644
index 0000000000..fbf9a1f141
--- /dev/null
+++ b/doc/crypto/ASN1_STRING_print_ex.pod
@@ -0,0 +1,96 @@
+=pod
+
+=head1 NAME
+
+ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp - ASN1_STRING output routines.
+
+=head1 SYNOPSIS
+
+ #include <openssl/asn1.h>
+
+ int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags);
+ int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags);
+ int ASN1_STRING_print(BIO *out, ASN1_STRING *str);
+
+
+=head1 DESCRIPTION
+
+These functions output an B<ASN1_STRING> structure. B<ASN1_STRING> is used to
+represent all the ASN1 string types.
+
+ASN1_STRING_print_ex() outputs B<str> to B<out>, the format is determined by
+the options B<flags>. ASN1_STRING_print_ex_fp() is identical except it outputs
+to B<fp> instead.
+
+ASN1_STRING_print() prints B<str> to B<out> but using a different format to
+ASN1_STRING_print_ex(). It replaces unprintable characters (other than CR, LF)
+with '.'.
+
+=head1 NOTES
+
+ASN1_STRING_print() is a legacy function which should be avoided in new applications.
+
+Although there are a large number of options frequently B<ASN1_STRFLAGS_RFC2253> is 
+suitable, or on UTF8 terminals B<ASN1_STRFLAGS_RFC2253 & ~ASN1_STRFLAGS_ESC_MSB>.
+
+The complete set of supported options for B<flags> is listed below.
+
+Various characters can be escaped. If B<ASN1_STRFLGS_ESC_2253> is set the characters
+determined by RFC2253 are escaped. If B<ASN1_STRFLGS_ESC_CTRL> is set control
+characters are escaped. If B<ASN1_STRFLGS_ESC_MSB> is set characters with the
+MSB set are escaped: this option should B<not> be used if the terminal correctly
+interprets UTF8 sequences.
+
+Escaping takes several forms.
+
+If the character being escaped is a 16 bit character then the form "\WXXXX" is used
+using exactly four characters for the hex representation. If it is 32 bits then
+"\UXXXXXXXX" is used using eight characters of its hex representation. These forms
+will only be used if UTF8 conversion is not set (see below).
+
+Printable characters are normally escaped using the backslash '\' character. If
+B<ASN1_STRFLGS_ESC_QUOTE> is set then the whole string is instead surrounded by
+double quote characters: this is arguably more readable than the backslash
+notation. Other characters use the "\XX" using exactly two characters of the hex
+representation.
+
+If B<ASN1_STRFLGS_UTF8_CONVERT> is set then characters are converted to UTF8
+format first. If the terminal supports the display of UTF8 sequences then this
+option will correctly display multi byte characters.
+
+If B<ASN1_STRFLGS_IGNORE_TYPE> is set then the string type is not interpreted at
+all: everything is assumed to be one byte per character. This is primarily for
+debugging purposes and can result in confusing output in multi character strings.
+
+If B<ASN1_STRFLGS_SHOW_TYPE> is set then the string type itself is printed out
+before its value (for example "BMPSTRING"), this actually uses ASN1_tag2str().
+
+The content of a string instead of being interpreted can be "dumped": this just
+outputs the value of the string using the form #XXXX using hex format for each
+octet.
+
+If B<ASN1_STRFLGS_DUMP_ALL> is set then any type is dumped.
+
+Normally non character string types (such as OCTET STRING) are assumed to be
+one byte per character, if B<ASN1_STRFLAGS_DUMP_UNKNOWN> is set then they will
+be dumped instead.
+
+When a type is dumped normally just the content octets are printed, if 
+B<ASN1_STRFLGS_DUMP_DER> is set then the complete encoding is dumped
+instead (including tag and length octets).
+
+B<ASN1_STRFLGS_RFC2253> includes all the flags required by RFC2253. It is
+equivalent to:
+ ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB |
+ ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_DUMP_UNKNOWN ASN1_STRFLGS_DUMP_DER
+
+=head1 SEE ALSO
+
+L<X509_NAME_print_ex(3)|X509_NAME_print_ex(3)>,
+L<ASN1_tag2str(3)|ASN1_tag2str(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/doc/crypto/ASN1_generate_nconf.pod b/doc/crypto/ASN1_generate_nconf.pod
new file mode 100644
index 0000000000..b4c89377f6
--- /dev/null
+++ b/doc/crypto/ASN1_generate_nconf.pod
@@ -0,0 +1,253 @@
+=pod
+
+=head1 NAME
+
+ASN1_generate_nconf, ASN1_generate_v3 - ASN1 generation functions
+
+=head1 SYNOPSIS
+
+ ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
+ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
+
+=head1 DESCRIPTION
+
+These functions generate the ASN1 encoding of a string
+in an B<ASN1_TYPE> structure.
+
+B<str> contains the string to encode B<nconf> or B<cnf> contains
+the optional configuration information where additional strings
+will be read from. B<nconf> will typically come from a config
+file wherease B<cnf> is obtained from an B<X509V3_CTX> structure
+which will typically be used by X509 v3 certificate extension
+functions. B<cnf> or B<nconf> can be set to B<NULL> if no additional
+configuration will be used.
+
+=head1 GENERATION STRING FORMAT
+
+The actual data encoded is determined by the string B<str> and
+the configuration information. The general format of the string
+is:
+
+ B<[modifier,]type[:value]>
+
+That is zero or more comma separated modifiers followed by a type
+followed by an optional colon and a value. The formats of B<type>,
+B<value> and B<modifier> are explained below.
+
+=head2 SUPPORTED TYPES
+
+The supported types are listed below. Unless otherwise specified
+only the B<ASCII> format is permissible.
+
+=over 2
+
+=item B<BOOLEAN>, B<BOOL>
+
+This encodes a boolean type. The B<value> string is mandatory and
+should be B<TRUE> or B<FALSE>. Additionally B<TRUE>, B<true>, B<Y>,
+B<y>, B<YES>, B<yes>, B<FALSE>, B<false>, B<N>, B<n>, B<NO> and B<no>
+are acceptable. 
+
+=item B<NULL>
+
+Encode the B<NULL> type, the B<value> string must not be present.
+
+=item B<INTEGER>, B<INT>
+
+Encodes an ASN1 B<INTEGER> type. The B<value> string represents
+the value of the integer, it can be preceeded by a minus sign and
+is normally interpreted as a decimal value unless the prefix B<0x>
+is included.
+
+=item B<ENUMERATED>, B<ENUM>
+
+Encodes the ASN1 B<ENUMERATED> type, it is otherwise identical to
+B<INTEGER>.
+
+=item B<OBJECT>, B<OID>
+
+Encodes an ASN1 B<OBJECT IDENTIFIER>, the B<value> string can be
+a short name, a long name or numerical format.
+
+=item B<UTCTIME>, B<UTC>
+
+Encodes an ASN1 B<UTCTime> structure, the value should be in
+the format B<YYMMDDHHMMSSZ>. 
+
+=item B<GENERALIZEDTIME>, B<GENTIME>
+
+Encodes an ASN1 B<GeneralizedTime> structure, the value should be in
+the format B<YYYYMMDDHHMMSSZ>. 
+
+=item B<OCTETSTRING>, B<OCT>
+
+Emcodes an ASN1 B<OCTET STRING>. B<value> represents the contents
+of this structure, the format strings B<ASCII> and B<HEX> can be
+used to specify the format of B<value>.
+
+=item B<BITSRING>, B<BITSTR>
+
+Emcodes an ASN1 B<BIT STRING>. B<value> represents the contents
+of this structure, the format strings B<ASCII>, B<HEX> and B<BITLIST>
+can be used to specify the format of B<value>.
+
+If the format is anything other than B<BITLIST> the number of unused
+bits is set to zero.
+
+=item B<UNIVERSALSTRING>, B<UNIV>, B<IA5>, B<IA5STRING>, B<UTF8>,
+B<UTF8String>, B<BMP>, B<BMPSTRING>, B<VISIBLESTRING>,
+B<VISIBLE>, B<PRINTABLESTRING>, B<PRINTABLE>, B<T61>,
+B<T61STRING>, B<TELETEXSTRING>
+
+These encode the corresponding string types. B<value> represents the
+contents of this structure. The format can be B<ASCII> or B<UTF8>.
+
+=item B<SEQUENCE>, B<SEQ>, B<SET>
+
+Formats the result as an ASN1 B<SEQUENCE> or B<SET> type. B<value>
+should be a section name which will contain the contents. The
+field names in the section are ignored and the values are in the
+generated string format. If B<value> is absent then an empty SEQUENCE
+will be encoded.
+
+=back
+
+=head2 MODIFIERS
+
+Modifiers affect the following structure, they can be used to
+add EXPLICIT or IMPLICIT tagging, add wrappers or to change
+the string format of the final type and value. The supported
+formats are documented below.
+
+=over 2
+
+=item B<EXPLICIT>, B<EXP>
+
+Add an explicit tag to the following structure. This string
+should be followed by a colon and the tag value to use as a
+decimal value.
+
+By following the number with B<U>, B<A>, B<P> or B<C> UNIVERSAL,
+APPLICATION, PRIVATE or CONTEXT SPECIFIC tagging can be used,
+the default is CONTEXT SPECIFIC.
+
+=item B<IMPLICIT>, B<IMP>
+
+This is the same as B<EXPLICIT> except IMPLICIT tagging is used
+instead.
+
+=item B<OCTWRAP>, B<SEQWRAP>, B<SETWRAP>, B<BITWRAP>
+
+The following structure is surrounded by an OCTET STRING, a SEQUENCE,
+a SET or a BIT STRING respectively. For a BIT STRING the number of unused
+bits is set to zero.
+
+=item B<FORMAT>
+
+This specifies the format of the ultimate value. It should be followed
+by a colon and one of the strings B<ASCII>, B<UTF8>, B<HEX> or B<BITLIST>.
+
+If no format specifier is included then B<ASCII> is used. If B<UTF8> is specified
+then the value string must be a valid B<UTF8> string. For B<HEX> the output must
+be a set of hex digits. B<BITLIST> (which is only valid for a BIT STRING) is a
+comma separated list of set bits.
+
+=back
+
+=head1 EXAMPLES
+
+A simple IA5String:
+
+ IA5STRING:Hello World
+
+An IA5String explicitly tagged:
+
+ EXPLICIT:0,IA5STRING:Hello World
+
+An IA5String explicitly tagged using APPLICATION tagging:
+
+ EXPLICIT:0A,IA5STRING:Hello World
+
+A more complex example using a config file to produce a
+SEQUENCE consiting of a BOOL an OID and a UTF8String:
+
+asn1 = SEQUENCE:seq_section
+
+[seq_section]
+
+field1 = BOOLEAN:TRUE
+field2 = OID:commonName
+field3 = UTF8:Third field
+
+This example produces an RSAPrivateKey structure, this is the
+key contained in the file client.pem in all OpenSSL distributions
+(note: the field names such as 'coeff' are ignored and are present just
+for clarity):
+
+ asn1=SEQUENCE:private_key
+ [private_key]
+ version=INTEGER:0
+
+ n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\
+ D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9
+
+ e=INTEGER:0x010001
+
+ d=INTEGER:0x6F05EAD2F27FFAEC84BEC360C4B928FD5F3A9865D0FCAAD291E2A52F4A\
+ F810DC6373278C006A0ABBA27DC8C63BF97F7E666E27C5284D7D3B1FFFE16B7A87B51D
+
+ p=INTEGER:0xF3929B9435608F8A22C208D86795271D54EBDFB09DDEF539AB083DA912\
+ D4BD57
+
+ q=INTEGER:0xC50016F89DFF2561347ED1186A46E150E28BF2D0F539A1594BBD7FE467\
+ 46EC4F
+
+ exp1=INTEGER:0x9E7D4326C924AFC1DEA40B45650134966D6F9DFA3A7F9D698CD4ABEA\
+ 9C0A39B9
+
+ exp2=INTEGER:0xBA84003BB95355AFB7C50DF140C60513D0BA51D637272E355E397779\
+ E7B2458F
+
+ coeff=INTEGER:0x30B9E4F2AFA5AC679F920FC83F1F2DF1BAF1779CF989447FABC2F5\
+ 628657053A
+
+This example is the corresponding public key in a SubjectPublicKeyInfo
+structure:
+
+ # Start with a SEQUENCE
+ asn1=SEQUENCE:pubkeyinfo
+
+ # pubkeyinfo contains an algorithm identifier and the public key wrapped
+ # in a BIT STRING
+ [pubkeyinfo]
+ algorithm=SEQUENCE:rsa_alg
+ pubkey=BITWRAP,SEQUENCE:rsapubkey
+
+ # algorithm ID for RSA is just an OID and a NULL
+ [rsa_alg]
+ algorithm=OID:rsaEncryption
+ parameter=NULL
+
+ # Actual public key: modulus and exponent
+ [rsapubkey]
+ n=INTEGER:0xBB6FE79432CC6EA2D8F970675A5A87BFBE1AFF0BE63E879F2AFFB93644\
+ D4D2C6D000430DEC66ABF47829E74B8C5108623A1C0EE8BE217B3AD8D36D5EB4FCA1D9
+
+ e=INTEGER:0x010001
+
+=head1 RETURN VALUES
+
+ASN1_generate_nconf() and ASN1_generate_v3() return the encoded
+data as an B<ASN1_TYPE> structure or B<NULL> if an error occurred.
+
+The error codes that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+ASN1_generate_nconf() and ASN1_generate_v3() were added to OpenSSL 0.9.8
+
+=cut
diff --git a/doc/crypto/BIO_ctrl.pod b/doc/crypto/BIO_ctrl.pod
new file mode 100644
index 0000000000..722e8b8f46
--- /dev/null
+++ b/doc/crypto/BIO_ctrl.pod
@@ -0,0 +1,128 @@
+=pod
+
+=head1 NAME
+
+BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset,
+BIO_seek, BIO_tell, BIO_flush, BIO_eof, BIO_set_close, BIO_get_close,
+BIO_pending, BIO_wpending, BIO_ctrl_pending, BIO_ctrl_wpending,
+BIO_get_info_callback, BIO_set_info_callback - BIO control operations
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg);
+ long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long));
+ char *	BIO_ptr_ctrl(BIO *bp,int cmd,long larg);
+ long BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg);
+
+ int BIO_reset(BIO *b);
+ int BIO_seek(BIO *b, int ofs);
+ int BIO_tell(BIO *b);
+ int BIO_flush(BIO *b);
+ int BIO_eof(BIO *b);
+ int BIO_set_close(BIO *b,long flag);
+ int BIO_get_close(BIO *b);
+ int BIO_pending(BIO *b);
+ int BIO_wpending(BIO *b);
+ size_t BIO_ctrl_pending(BIO *b);
+ size_t BIO_ctrl_wpending(BIO *b);
+
+ int BIO_get_info_callback(BIO *b,bio_info_cb **cbp);
+ int BIO_set_info_callback(BIO *b,bio_info_cb *cb);
+
+ typedef void bio_info_cb(BIO *b, int oper, const char *ptr, int arg1, long arg2, long arg3);
+
+=head1 DESCRIPTION
+
+BIO_ctrl(), BIO_callback_ctrl(), BIO_ptr_ctrl() and BIO_int_ctrl()
+are BIO "control" operations taking arguments of various types.
+These functions are not normally called directly, various macros
+are used instead. The standard macros are described below, macros
+specific to a particular type of BIO are described in the specific
+BIOs manual page as well as any special features of the standard
+calls.
+
+BIO_reset() typically resets a BIO to some initial state, in the case
+of file related BIOs for example it rewinds the file pointer to the
+start of the file.
+
+BIO_seek() resets a file related BIO's (that is file descriptor and
+FILE BIOs) file position pointer to B<ofs> bytes from start of file.
+
+BIO_tell() returns the current file position of a file related BIO.
+
+BIO_flush() normally writes out any internally buffered data, in some
+cases it is used to signal EOF and that no more data will be written.
+
+BIO_eof() returns 1 if the BIO has read EOF, the precise meaning of
+"EOF" varies according to the BIO type.
+
+BIO_set_close() sets the BIO B<b> close flag to B<flag>. B<flag> can
+take the value BIO_CLOSE or BIO_NOCLOSE. Typically BIO_CLOSE is used
+in a source/sink BIO to indicate that the underlying I/O stream should
+be closed when the BIO is freed.
+
+BIO_get_close() returns the BIOs close flag.
+
+BIO_pending(), BIO_ctrl_pending(), BIO_wpending() and BIO_ctrl_wpending()
+return the number of pending characters in the BIOs read and write buffers.
+Not all BIOs support these calls. BIO_ctrl_pending() and BIO_ctrl_wpending()
+return a size_t type and are functions, BIO_pending() and BIO_wpending() are
+macros which call BIO_ctrl().
+
+=head1 RETURN VALUES
+
+BIO_reset() normally returns 1 for success and 0 or -1 for failure. File
+BIOs are an exception, they return 0 for success and -1 for failure.
+
+BIO_seek() and BIO_tell() both return the current file position on success
+and -1 for failure, except file BIOs which for BIO_seek() always return 0
+for success and -1 for failure.
+
+BIO_flush() returns 1 for success and 0 or -1 for failure.
+
+BIO_eof() returns 1 if EOF has been reached 0 otherwise.
+
+BIO_set_close() always returns 1.
+
+BIO_get_close() returns the close flag value: BIO_CLOSE or BIO_NOCLOSE.
+
+BIO_pending(), BIO_ctrl_pending(), BIO_wpending() and BIO_ctrl_wpending()
+return the amount of pending data.
+
+=head1 NOTES
+
+BIO_flush(), because it can write data may return 0 or -1 indicating
+that the call should be retried later in a similar manner to BIO_write(). 
+The BIO_should_retry() call should be used and appropriate action taken
+is the call fails.
+
+The return values of BIO_pending() and BIO_wpending() may not reliably
+determine the amount of pending data in all cases. For example in the
+case of a file BIO some data may be available in the FILE structures
+internal buffers but it is not possible to determine this in a
+portably way. For other types of BIO they may not be supported.
+
+Filter BIOs if they do not internally handle a particular BIO_ctrl()
+operation usually pass the operation to the next BIO in the chain.
+This often means there is no need to locate the required BIO for
+a particular operation, it can be called on a chain and it will
+be automatically passed to the relevant BIO. However this can cause
+unexpected results: for example no current filter BIOs implement
+BIO_seek(), but this may still succeed if the chain ends in a FILE
+or file descriptor BIO.
+
+Source/sink BIOs return an 0 if they do not recognize the BIO_ctrl()
+operation.
+
+=head1 BUGS
+
+Some of the return values are ambiguous and care should be taken. In
+particular a return value of 0 can be returned if an operation is not
+supported, if an error occurred, if EOF has not been reached and in
+the case of BIO_seek() on a file BIO for a successful operation. 
+
+=head1 SEE ALSO
+
+TBA
diff --git a/doc/crypto/BIO_f_base64.pod b/doc/crypto/BIO_f_base64.pod
new file mode 100644
index 0000000000..fdb603b38e
--- /dev/null
+++ b/doc/crypto/BIO_f_base64.pod
@@ -0,0 +1,82 @@
+=pod
+
+=head1 NAME
+
+BIO_f_base64 - base64 BIO filter
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+ #include <openssl/evp.h>
+
+ BIO_METHOD *	BIO_f_base64(void);
+
+=head1 DESCRIPTION
+
+BIO_f_base64() returns the base64 BIO method. This is a filter
+BIO that base64 encodes any data written through it and decodes
+any data read through it.
+
+Base64 BIOs do not support BIO_gets() or BIO_puts(). 
+
+BIO_flush() on a base64 BIO that is being written through is
+used to signal that no more data is to be encoded: this is used
+to flush the final block through the BIO.
+
+The flag BIO_FLAGS_BASE64_NO_NL can be set with BIO_set_flags()
+to encode the data all on one line or expect the data to be all
+on one line.
+
+=head1 NOTES
+
+Because of the format of base64 encoding the end of the encoded
+block cannot always be reliably determined.
+
+=head1 RETURN VALUES
+
+BIO_f_base64() returns the base64 BIO method.
+
+=head1 EXAMPLES
+
+Base64 encode the string "Hello World\n" and write the result
+to standard output:
+
+ BIO *bio, *b64;
+ char message[] = "Hello World \n";
+
+ b64 = BIO_new(BIO_f_base64());
+ bio = BIO_new_fp(stdout, BIO_NOCLOSE);
+ bio = BIO_push(b64, bio);
+ BIO_write(bio, message, strlen(message));
+ BIO_flush(bio);
+
+ BIO_free_all(bio);
+
+Read Base64 encoded data from standard input and write the decoded
+data to standard output:
+
+ BIO *bio, *b64, bio_out;
+ char inbuf[512];
+ int inlen;
+ char message[] = "Hello World \n";
+
+ b64 = BIO_new(BIO_f_base64());
+ bio = BIO_new_fp(stdin, BIO_NOCLOSE);
+ bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ bio = BIO_push(b64, bio);
+ while((inlen = BIO_read(bio, inbuf, strlen(message))) > 0) 
+	BIO_write(bio_out, inbuf, inlen);
+
+ BIO_free_all(bio);
+
+=head1 BUGS
+
+The ambiguity of EOF in base64 encoded data can cause additional
+data following the base64 encoded block to be misinterpreted.
+
+There should be some way of specifying a test that the BIO can perform
+to reliably determine EOF (for example a MIME boundary).
+
+=head1 SEE ALSO
+
+TBA
diff --git a/doc/crypto/BIO_f_buffer.pod b/doc/crypto/BIO_f_buffer.pod
new file mode 100644
index 0000000000..c9093c6a57
--- /dev/null
+++ b/doc/crypto/BIO_f_buffer.pod
@@ -0,0 +1,69 @@
+=pod
+
+=head1 NAME
+
+BIO_f_buffer - buffering BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO_METHOD * BIO_f_buffer(void);
+
+ #define BIO_get_buffer_num_lines(b)	BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
+ #define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)
+ #define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)
+ #define BIO_set_buffer_size(b,size)	BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)
+ #define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)
+
+=head1 DESCRIPTION
+
+BIO_f_buffer() returns the buffering BIO method.
+
+Data written to a buffering BIO is buffered and periodically written
+to the next BIO in the chain. Data read from a buffering BIO comes from
+an internal buffer which is filled from the next BIO in the chain.
+Both BIO_gets() and BIO_puts() are supported.
+
+Calling BIO_reset() on a buffering BIO clears any buffered data.
+
+BIO_get_buffer_num_lines() returns the number of lines currently buffered.
+
+BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size()
+set the read, write or both read and write buffer sizes to B<size>. The initial
+buffer size is DEFAULT_BUFFER_SIZE, currently 1024. Any attempt to reduce the
+buffer size below DEFAULT_BUFFER_SIZE is ignored. Any buffered data is cleared
+when the buffer is resized.
+
+BIO_set_buffer_read_data() clears the read buffer and fills it with B<num>
+bytes of B<buf>. If B<num> is larger than the current buffer size the buffer
+is expanded.
+
+=head1 NOTES
+
+Buffering BIOs implement BIO_gets() by using BIO_read() operations on the
+next BIO in the chain. By prepending a buffering BIO to a chain it is therefore
+possible to provide BIO_gets() functionality if the following BIOs do not
+support it (for example SSL BIOs).
+
+Data is only written to the next BIO in the chain when the write buffer fills
+or when BIO_flush() is called. It is therefore important to call BIO_flush()
+whenever any pending data should be written such as when removing a buffering
+BIO using BIO_pop(). BIO_flush() may need to be retried if the ultimate
+source/sink BIO is non blocking.
+
+=head1 RETURN VALUES
+
+BIO_f_buffer() returns the buffering BIO method.
+
+BIO_get_buffer_num_lines() returns the number of lines buffered (may be 0).
+
+BIO_set_read_buffer_size(), BIO_set_write_buffer_size() and BIO_set_buffer_size()
+return 1 if the buffer was successfully resized or 0 for failure.
+
+BIO_set_buffer_read_data() returns 1 if the data was set correctly or 0 if
+there was an error.
+
+=head1 SEE ALSO
+
+TBA
diff --git a/doc/crypto/BIO_f_cipher.pod b/doc/crypto/BIO_f_cipher.pod
new file mode 100644
index 0000000000..4182f2c309
--- /dev/null
+++ b/doc/crypto/BIO_f_cipher.pod
@@ -0,0 +1,76 @@
+=pod
+
+=head1 NAME
+
+BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx - cipher BIO filter
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+ #include <openssl/evp.h>
+
+ BIO_METHOD *	BIO_f_cipher(void);
+ void BIO_set_cipher(BIO *b,const EVP_CIPHER *cipher,
+		unsigned char *key, unsigned char *iv, int enc);
+ int BIO_get_cipher_status(BIO *b)
+ int BIO_get_cipher_ctx(BIO *b, EVP_CIPHER_CTX **pctx)
+
+=head1 DESCRIPTION
+
+BIO_f_cipher() returns the cipher BIO method. This is a filter
+BIO that encrypts any data written through it, and decrypts any data
+read from it. It is a BIO wrapper for the cipher routines
+EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal().
+
+Cipher BIOs do not support BIO_gets() or BIO_puts(). 
+
+BIO_flush() on an encryption BIO that is being written through is
+used to signal that no more data is to be encrypted: this is used
+to flush and possibly pad the final block through the BIO.
+
+BIO_set_cipher() sets the cipher of BIO <b> to B<cipher> using key B<key>
+and IV B<iv>. B<enc> should be set to 1 for encryption and zero for
+decryption.
+
+When reading from an encryption BIO the final block is automatically
+decrypted and checked when EOF is detected. BIO_get_cipher_status()
+is a BIO_ctrl() macro which can be called to determine whether the
+decryption operation was successful.
+
+BIO_get_cipher_ctx() is a BIO_ctrl() macro which retrieves the internal
+BIO cipher context. The retrieved context can be used in conjunction
+with the standard cipher routines to set it up. This is useful when
+BIO_set_cipher() is not flexible enough for the applications needs.
+
+=head1 NOTES
+
+When encrypting BIO_flush() B<must> be called to flush the final block
+through the BIO. If it is not then the final block will fail a subsequent
+decrypt.
+
+When decrypting an error on the final block is signalled by a zero
+return value from the read operation. A successful decrypt followed
+by EOF will also return zero for the final read. BIO_get_cipher_status()
+should be called to determine if the decrypt was successful.
+
+As always, if BIO_gets() or BIO_puts() support is needed then it can
+be achieved by preceding the cipher BIO with a buffering BIO.
+
+=head1 RETURN VALUES
+
+BIO_f_cipher() returns the cipher BIO method.
+
+BIO_set_cipher() does not return a value.
+
+BIO_get_cipher_status() returns 1 for a successful decrypt and 0
+for failure.
+
+BIO_get_cipher_ctx() currently always returns 1.
+
+=head1 EXAMPLES
+
+TBA
+
+=head1 SEE ALSO
+
+TBA
diff --git a/doc/crypto/BIO_f_md.pod b/doc/crypto/BIO_f_md.pod
new file mode 100644
index 0000000000..0d24083e6d
--- /dev/null
+++ b/doc/crypto/BIO_f_md.pod
@@ -0,0 +1,138 @@
+=pod
+
+=head1 NAME
+
+BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx - message digest BIO filter
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+ #include <openssl/evp.h>
+
+ BIO_METHOD *	BIO_f_md(void);
+ int BIO_set_md(BIO *b,EVP_MD *md);
+ int BIO_get_md(BIO *b,EVP_MD **mdp);
+ int BIO_get_md_ctx(BIO *b,EVP_MD_CTX **mdcp);
+
+=head1 DESCRIPTION
+
+BIO_f_md() returns the message digest BIO method. This is a filter
+BIO that digests any data passed through it, it is a BIO wrapper
+for the digest routines EVP_DigestInit(), EVP_DigestUpdate()
+and EVP_DigestFinal().
+
+Any data written or read through a digest BIO using BIO_read() and
+BIO_write() is digested.
+
+BIO_gets(), if its B<size> parameter is large enough finishes the
+digest calculation and returns the digest value. BIO_puts() is
+not supported.
+
+BIO_reset() reinitialises a digest BIO.
+
+BIO_set_md() sets the message digest of BIO B<b> to B<md>: this
+must be called to initialize a digest BIO before any data is
+passed through it. It is a BIO_ctrl() macro.
+
+BIO_get_md() places the a pointer to the digest BIOs digest method
+in B<mdp>, it is a BIO_ctrl() macro.
+
+BIO_get_md_ctx() returns the digest BIOs context into B<mdcp>.
+
+=head1 NOTES
+
+The context returned by BIO_get_md_ctx() can be used in calls
+to EVP_DigestFinal() and also the signature routines EVP_SignFinal()
+and EVP_VerifyFinal().
+
+The context returned by BIO_get_md_ctx() is an internal context
+structure. Changes made to this context will affect the digest
+BIO itself and the context pointer will become invalid when the digest
+BIO is freed.
+
+After the digest has been retrieved from a digest BIO it must be
+reinitialized by calling BIO_reset(), or BIO_set_md() before any more
+data is passed through it.
+
+If an application needs to call BIO_gets() or BIO_puts() through
+a chain containing digest BIOs then this can be done by prepending
+a buffering BIO.
+
+=head1 RETURN VALUES
+
+BIO_f_md() returns the digest BIO method.
+
+BIO_set_md(), BIO_get_md() and BIO_md_ctx() return 1 for success and
+0 for failure.
+
+=head1 EXAMPLES
+
+The following example creates a BIO chain containing an SHA1 and MD5
+digest BIO and passes the string "Hello World" through it. Error
+checking has been omitted for clarity.
+
+ BIO *bio, *mdtmp;
+ char message[] = "Hello World";
+ bio = BIO_new(BIO_s_null());
+ mdtmp = BIO_new(BIO_f_md());
+ BIO_set_md(mdtmp, EVP_sha1());
+ /* For BIO_push() we want to append the sink BIO and keep a note of
+  * the start of the chain.
+  */
+ bio = BIO_push(mdtmp, bio);
+ mdtmp = BIO_new(BIO_f_md());
+ BIO_set_md(mdtmp, EVP_md5());
+ bio = BIO_push(mdtmp, bio);
+ /* Note: mdtmp can now be discarded */
+ BIO_write(bio, message, strlen(message));
+
+The next example digests data by reading through a chain instead:
+
+ BIO *bio, *mdtmp;
+ char buf[1024];
+ int rdlen;
+ bio = BIO_new_file(file, "rb");
+ mdtmp = BIO_new(BIO_f_md());
+ BIO_set_md(mdtmp, EVP_sha1());
+ bio = BIO_push(mdtmp, bio);
+ mdtmp = BIO_new(BIO_f_md());
+ BIO_set_md(mdtmp, EVP_md5());
+ bio = BIO_push(mdtmp, bio);
+ do {
+ 	rdlen = BIO_read(bio, buf, sizeof(buf));
+        /* Might want to do something with the data here */
+ } while(rdlen > 0);
+
+This next example retrieves the message digests from a BIO chain and
+outputs them. This could be used with the examples above.
+
+ BIO *mdtmp;
+ unsigned char mdbuf[EVP_MAX_MD_SIZE];
+ int mdlen;
+ int i;
+ mdtmp = bio;	/* Assume bio has previously been set up */
+ do {
+	EVP_MD *md;
+ 	mdtmp = BIO_find_type(mdtmp, BIO_TYPE_MD);
+        if(!mdtmp) break;
+	BIO_get_md(mdtmp, &md);
+        printf("%s digest", OBJ_nid2sn(EVP_MD_type(md)));
+	mdlen = BIO_gets(mdtmp, mdbuf, EVP_MAX_MD_SIZE);
+	for(i = 0; i < mdlen; i++) printf(":%02X", mdbuf[i]);
+	printf("\n");
+	mdtmp = BIO_next(mdtmp);
+ } while(mdtmp);
+
+ BIO_free_all(bio);
+
+=head1 BUGS
+
+The lack of support for BIO_puts() and the non standard behaviour of
+BIO_gets() could be regarded as anomalous. It could be argued that BIO_gets()
+and BIO_puts() should be passed to the next BIO in the chain and digest
+the data passed through and that digests should be retrieved using a
+separate BIO_ctrl() call.
+
+=head1 SEE ALSO
+
+TBA
diff --git a/doc/crypto/BIO_f_null.pod b/doc/crypto/BIO_f_null.pod
new file mode 100644
index 0000000000..b057c18408
--- /dev/null
+++ b/doc/crypto/BIO_f_null.pod
@@ -0,0 +1,32 @@
+=pod
+
+=head1 NAME
+
+BIO_f_null - null filter
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO_METHOD *	BIO_f_null(void);
+
+=head1 DESCRIPTION
+
+BIO_f_null() returns the null filter BIO method. This is a filter BIO
+that does nothing.
+
+All requests to a null filter BIO are passed through to the next BIO in
+the chain: this means that a BIO chain containing a null filter BIO
+behaves just as though the BIO was not there.
+
+=head1 NOTES
+
+As may be apparent a null filter BIO is not particularly useful.
+
+=head1 RETURN VALUES
+
+BIO_f_null() returns the null filter BIO method.
+
+=head1 SEE ALSO
+
+TBA
diff --git a/doc/crypto/BIO_f_ssl.pod b/doc/crypto/BIO_f_ssl.pod
new file mode 100644
index 0000000000..a56ee2b92f
--- /dev/null
+++ b/doc/crypto/BIO_f_ssl.pod
@@ -0,0 +1,313 @@
+=pod
+
+=head1 NAME
+
+BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes,
+BIO_get_num_renegotiates, BIO_set_ssl_renegotiate_timeout, BIO_new_ssl,
+BIO_new_ssl_connect, BIO_new_buffer_ssl_connect, BIO_ssl_copy_session_id,
+BIO_ssl_shutdown - SSL BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+ #include <openssl/ssl.h>
+
+ BIO_METHOD *BIO_f_ssl(void);
+
+ #define BIO_set_ssl(b,ssl,c)	BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)ssl)
+ #define BIO_get_ssl(b,sslp)	BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
+ #define BIO_set_ssl_mode(b,client)	BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
+ #define BIO_set_ssl_renegotiate_bytes(b,num) \
+	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
+ #define BIO_set_ssl_renegotiate_timeout(b,seconds) \
+	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
+ #define BIO_get_num_renegotiates(b) \
+	BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
+
+ BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
+ BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
+ BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
+ int BIO_ssl_copy_session_id(BIO *to,BIO *from);
+ void BIO_ssl_shutdown(BIO *bio);
+
+ #define BIO_do_handshake(b)	BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
+
+=head1 DESCRIPTION
+
+BIO_f_ssl() returns the SSL BIO method. This is a filter BIO which
+is a wrapper round the OpenSSL SSL routines adding a BIO "flavour" to
+SSL I/O. 
+
+I/O performed on an SSL BIO communicates using the SSL protocol with
+the SSLs read and write BIOs. If an SSL connection is not established
+then an attempt is made to establish one on the first I/O call.
+
+If a BIO is appended to an SSL BIO using BIO_push() it is automatically
+used as the SSL BIOs read and write BIOs.
+
+Calling BIO_reset() on an SSL BIO closes down any current SSL connection
+by calling SSL_shutdown(). BIO_reset() is then sent to the next BIO in
+the chain: this will typically disconnect the underlying transport.
+The SSL BIO is then reset to the initial accept or connect state.
+
+If the close flag is set when an SSL BIO is freed then the internal
+SSL structure is also freed using SSL_free().
+
+BIO_set_ssl() sets the internal SSL pointer of BIO B<b> to B<ssl> using
+the close flag B<c>.
+
+BIO_get_ssl() retrieves the SSL pointer of BIO B<b>, it can then be
+manipulated using the standard SSL library functions.
+
+BIO_set_ssl_mode() sets the SSL BIO mode to B<client>. If B<client>
+is 1 client mode is set. If B<client> is 0 server mode is set.
+
+BIO_set_ssl_renegotiate_bytes() sets the renegotiate byte count
+to B<num>. When set after every B<num> bytes of I/O (read and write) 
+the SSL session is automatically renegotiated. B<num> must be at
+least 512 bytes.
+
+BIO_set_ssl_renegotiate_timeout() sets the renegotiate timeout to
+B<seconds>. When the renegotiate timeout elapses the session is
+automatically renegotiated.
+
+BIO_get_num_renegotiates() returns the total number of session
+renegotiations due to I/O or timeout.
+
+BIO_new_ssl() allocates an SSL BIO using SSL_CTX B<ctx> and using
+client mode if B<client> is non zero.
+
+BIO_new_ssl_connect() creates a new BIO chain consisting of an
+SSL BIO (using B<ctx>) followed by a connect BIO.
+
+BIO_new_buffer_ssl_connect() creates a new BIO chain consisting
+of a buffering BIO, an SSL BIO (using B<ctx>) and a connect
+BIO.
+
+BIO_ssl_copy_session_id() copies an SSL session id between 
+BIO chains B<from> and B<to>. It does this by locating the
+SSL BIOs in each chain and calling SSL_copy_session_id() on
+the internal SSL pointer.
+
+BIO_ssl_shutdown() closes down an SSL connection on BIO
+chain B<bio>. It does this by locating the SSL BIO in the
+chain and calling SSL_shutdown() on its internal SSL
+pointer.
+
+BIO_do_handshake() attempts to complete an SSL handshake on the
+supplied BIO and establish the SSL connection. It returns 1
+if the connection was established successfully. A zero or negative
+value is returned if the connection could not be established, the
+call BIO_should_retry() should be used for non blocking connect BIOs
+to determine if the call should be retried. If an SSL connection has
+already been established this call has no effect.
+
+=head1 NOTES
+
+SSL BIOs are exceptional in that if the underlying transport
+is non blocking they can still request a retry in exceptional
+circumstances. Specifically this will happen if a session
+renegotiation takes place during a BIO_read() operation, one
+case where this happens is when SGC or step up occurs.
+
+In OpenSSL 0.9.6 and later the SSL flag SSL_AUTO_RETRY can be
+set to disable this behaviour. That is when this flag is set
+an SSL BIO using a blocking transport will never request a
+retry.
+
+Since unknown BIO_ctrl() operations are sent through filter
+BIOs the servers name and port can be set using BIO_set_host()
+on the BIO returned by BIO_new_ssl_connect() without having
+to locate the connect BIO first.
+
+Applications do not have to call BIO_do_handshake() but may wish
+to do so to separate the handshake process from other I/O
+processing.
+
+=head1 RETURN VALUES
+
+TBA
+
+=head1 EXAMPLE
+
+This SSL/TLS client example, attempts to retrieve a page from an
+SSL/TLS web server. The I/O routines are identical to those of the
+unencrypted example in L<BIO_s_connect(3)|BIO_s_connect(3)>.
+
+ BIO *sbio, *out;
+ int len;
+ char tmpbuf[1024];
+ SSL_CTX *ctx;
+ SSL *ssl;
+
+ ERR_load_crypto_strings();
+ ERR_load_SSL_strings();
+ OpenSSL_add_all_algorithms();
+
+ /* We would seed the PRNG here if the platform didn't
+  * do it automatically
+  */
+
+ ctx = SSL_CTX_new(SSLv23_client_method());
+
+ /* We'd normally set some stuff like the verify paths and
+  * mode here because as things stand this will connect to
+  * any server whose certificate is signed by any CA.
+  */
+
+ sbio = BIO_new_ssl_connect(ctx);
+
+ BIO_get_ssl(sbio, &ssl);
+
+ if(!ssl) {
+   fprintf(stderr, "Can't locate SSL pointer\n");
+   /* whatever ... */
+ }
+
+ /* Don't want any retries */
+ SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+
+ /* We might want to do other things with ssl here */
+
+ BIO_set_conn_hostname(sbio, "localhost:https");
+
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ if(BIO_do_connect(sbio) <= 0) {
+	fprintf(stderr, "Error connecting to server\n");
+	ERR_print_errors_fp(stderr);
+	/* whatever ... */
+ }
+
+ if(BIO_do_handshake(sbio) <= 0) {
+	fprintf(stderr, "Error establishing SSL connection\n");
+	ERR_print_errors_fp(stderr);
+	/* whatever ... */
+ }
+
+ /* Could examine ssl here to get connection info */
+
+ BIO_puts(sbio, "GET / HTTP/1.0\n\n");
+ for(;;) {	
+	len = BIO_read(sbio, tmpbuf, 1024);
+	if(len <= 0) break;
+	BIO_write(out, tmpbuf, len);
+ }
+ BIO_free_all(sbio);
+ BIO_free(out);
+
+Here is a simple server example. It makes use of a buffering
+BIO to allow lines to be read from the SSL BIO using BIO_gets.
+It creates a pseudo web page containing the actual request from
+a client and also echoes the request to standard output.
+
+ BIO *sbio, *bbio, *acpt, *out;
+ int len;
+ char tmpbuf[1024];
+ SSL_CTX *ctx;
+ SSL *ssl;
+
+ ERR_load_crypto_strings();
+ ERR_load_SSL_strings();
+ OpenSSL_add_all_algorithms();
+
+ /* Might seed PRNG here */
+
+ ctx = SSL_CTX_new(SSLv23_server_method());
+
+ if (!SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM)
+	|| !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM)
+	|| !SSL_CTX_check_private_key(ctx)) {
+
+	fprintf(stderr, "Error setting up SSL_CTX\n");
+	ERR_print_errors_fp(stderr);
+	return 0;
+ }
+
+ /* Might do other things here like setting verify locations and
+  * DH and/or RSA temporary key callbacks
+  */
+
+ /* New SSL BIO setup as server */
+ sbio=BIO_new_ssl(ctx,0);
+
+ BIO_get_ssl(sbio, &ssl);
+
+ if(!ssl) {
+   fprintf(stderr, "Can't locate SSL pointer\n");
+   /* whatever ... */
+ }
+
+ /* Don't want any retries */
+ SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
+
+ /* Create the buffering BIO */
+
+ bbio = BIO_new(BIO_f_buffer());
+
+ /* Add to chain */
+ sbio = BIO_push(bbio, sbio);
+
+ acpt=BIO_new_accept("4433");
+
+ /* By doing this when a new connection is established
+  * we automatically have sbio inserted into it. The
+  * BIO chain is now 'swallowed' by the accept BIO and
+  * will be freed when the accept BIO is freed. 
+  */
+ 
+ BIO_set_accept_bios(acpt,sbio);
+
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+ /* Setup accept BIO */
+ if(BIO_do_accept(acpt) <= 0) {
+	fprintf(stderr, "Error setting up accept BIO\n");
+	ERR_print_errors_fp(stderr);
+	return 0;
+ }
+
+ /* Now wait for incoming connection */
+ if(BIO_do_accept(acpt) <= 0) {
+	fprintf(stderr, "Error in connection\n");
+	ERR_print_errors_fp(stderr);
+	return 0;
+ }
+
+ /* We only want one connection so remove and free
+  * accept BIO
+  */
+
+ sbio = BIO_pop(acpt);
+
+ BIO_free_all(acpt);
+
+ if(BIO_do_handshake(sbio) <= 0) {
+	fprintf(stderr, "Error in SSL handshake\n");
+	ERR_print_errors_fp(stderr);
+	return 0;
+ }
+
+ BIO_puts(sbio, "HTTP/1.0 200 OK\r\nContent-type: text/html\r\n\r\n");
+ BIO_puts(sbio, "<pre>\r\nConnection Established\r\nRequest headers:\r\n");
+ BIO_puts(sbio, "--------------------------------------------------\r\n");
+
+ for(;;) {
+ 	len = BIO_gets(sbio, tmpbuf, 1024);
+        if(len <= 0) break;
+	BIO_write(sbio, tmpbuf, len);
+	BIO_write(out, tmpbuf, len);
+	/* Look for blank line signifying end of headers*/
+	if((tmpbuf[0] == '\r') || (tmpbuf[0] == '\n')) break;
+ }
+
+ BIO_puts(sbio, "--------------------------------------------------\r\n");
+ BIO_puts(sbio, "</pre>\r\n");
+
+ /* Since there is a buffering BIO present we had better flush it */
+ BIO_flush(sbio);
+
+ BIO_free_all(sbio);
+
+=head1 SEE ALSO
+
+TBA
diff --git a/doc/crypto/BIO_find_type.pod b/doc/crypto/BIO_find_type.pod
new file mode 100644
index 0000000000..bd3b256196
--- /dev/null
+++ b/doc/crypto/BIO_find_type.pod
@@ -0,0 +1,98 @@
+=pod
+
+=head1 NAME
+
+BIO_find_type, BIO_next - BIO chain traversal
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO *	BIO_find_type(BIO *b,int bio_type);
+ BIO *	BIO_next(BIO *b);
+
+ #define BIO_method_type(b)		((b)->method->type)
+
+ #define BIO_TYPE_NONE		0
+ #define BIO_TYPE_MEM		(1|0x0400)
+ #define BIO_TYPE_FILE		(2|0x0400)
+
+ #define BIO_TYPE_FD		(4|0x0400|0x0100)
+ #define BIO_TYPE_SOCKET		(5|0x0400|0x0100)
+ #define BIO_TYPE_NULL		(6|0x0400)
+ #define BIO_TYPE_SSL		(7|0x0200)
+ #define BIO_TYPE_MD		(8|0x0200)
+ #define BIO_TYPE_BUFFER		(9|0x0200)
+ #define BIO_TYPE_CIPHER		(10|0x0200)
+ #define BIO_TYPE_BASE64		(11|0x0200)
+ #define BIO_TYPE_CONNECT	(12|0x0400|0x0100)
+ #define BIO_TYPE_ACCEPT		(13|0x0400|0x0100)
+ #define BIO_TYPE_PROXY_CLIENT	(14|0x0200)
+ #define BIO_TYPE_PROXY_SERVER	(15|0x0200)
+ #define BIO_TYPE_NBIO_TEST	(16|0x0200)
+ #define BIO_TYPE_NULL_FILTER	(17|0x0200)
+ #define BIO_TYPE_BER		(18|0x0200)
+ #define BIO_TYPE_BIO		(19|0x0400)
+
+ #define BIO_TYPE_DESCRIPTOR	0x0100
+ #define BIO_TYPE_FILTER		0x0200
+ #define BIO_TYPE_SOURCE_SINK	0x0400
+
+=head1 DESCRIPTION
+
+The BIO_find_type() searches for a BIO of a given type in a chain, starting
+at BIO B<b>. If B<type> is a specific type (such as BIO_TYPE_MEM) then a search
+is made for a BIO of that type. If B<type> is a general type (such as
+B<BIO_TYPE_SOURCE_SINK>) then the next matching BIO of the given general type is
+searched for. BIO_find_type() returns the next matching BIO or NULL if none is
+found.
+
+Note: not all the B<BIO_TYPE_*> types above have corresponding BIO implementations.
+
+BIO_next() returns the next BIO in a chain. It can be used to traverse all BIOs
+in a chain or used in conjunction with BIO_find_type() to find all BIOs of a
+certain type.
+
+BIO_method_type() returns the type of a BIO.
+
+=head1 RETURN VALUES
+
+BIO_find_type() returns a matching BIO or NULL for no match.
+
+BIO_next() returns the next BIO in a chain.
+
+BIO_method_type() returns the type of the BIO B<b>.
+
+=head1 NOTES
+
+BIO_next() was added to OpenSSL 0.9.6 to provide a 'clean' way to traverse a BIO
+chain or find multiple matches using BIO_find_type(). Previous versions had to
+use:
+
+ next = bio->next_bio;
+
+=head1 BUGS
+
+BIO_find_type() in OpenSSL 0.9.5a and earlier could not be safely passed a
+NULL pointer for the B<b> argument.
+
+=head1 EXAMPLE
+
+Traverse a chain looking for digest BIOs:
+
+ BIO *btmp;
+ btmp = in_bio;	/* in_bio is chain to search through */
+
+ do {
+ 	btmp = BIO_find_type(btmp, BIO_TYPE_MD);
+	if(btmp == NULL) break;	/* Not found */
+	/* btmp is a digest BIO, do something with it ...*/
+   	...
+
+	btmp = BIO_next(btmp);
+ } while(btmp);
+
+
+=head1 SEE ALSO
+
+TBA
diff --git a/doc/crypto/BIO_new.pod b/doc/crypto/BIO_new.pod
new file mode 100644
index 0000000000..2a245fc8de
--- /dev/null
+++ b/doc/crypto/BIO_new.pod
@@ -0,0 +1,65 @@
+=pod
+
+=head1 NAME
+
+BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_all - BIO allocation and freeing functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO *	BIO_new(BIO_METHOD *type);
+ int	BIO_set(BIO *a,BIO_METHOD *type);
+ int	BIO_free(BIO *a);
+ void	BIO_vfree(BIO *a);
+ void	BIO_free_all(BIO *a);
+
+=head1 DESCRIPTION
+
+The BIO_new() function returns a new BIO using method B<type>.
+
+BIO_set() sets the method of an already existing BIO.
+
+BIO_free() frees up a single BIO, BIO_vfree() also frees up a single BIO
+but it does not return a value. Calling BIO_free() may also have some effect
+on the underlying I/O structure, for example it may close the file being
+referred to under certain circumstances. For more details see the individual
+BIO_METHOD descriptions.
+
+BIO_free_all() frees up an entire BIO chain, it does not halt if an error
+occurs freeing up an individual BIO in the chain.
+
+=head1 RETURN VALUES
+
+BIO_new() returns a newly created BIO or NULL if the call fails.
+
+BIO_set(), BIO_free() return 1 for success and 0 for failure.
+
+BIO_free_all() and BIO_vfree() do not return values.
+
+=head1 NOTES
+
+Some BIOs (such as memory BIOs) can be used immediately after calling
+BIO_new(). Others (such as file BIOs) need some additional initialization,
+and frequently a utility function exists to create and initialize such BIOs.
+
+If BIO_free() is called on a BIO chain it will only free one BIO resulting
+in a memory leak.
+
+Calling BIO_free_all() a single BIO has the same effect as calling BIO_free()
+on it other than the discarded return value.
+
+Normally the B<type> argument is supplied by a function which returns a
+pointer to a BIO_METHOD. There is a naming convention for such functions:
+a source/sink BIO is normally called BIO_s_*() and a filter BIO
+BIO_f_*();
+
+=head1 EXAMPLE
+
+Create a memory BIO:
+
+ BIO *mem = BIO_new(BIO_s_mem());
+
+=head1 SEE ALSO
+
+TBA
diff --git a/doc/crypto/BIO_new_bio_pair.pod b/doc/crypto/BIO_new_bio_pair.pod
new file mode 100644
index 0000000000..1a8dbc577b
--- /dev/null
+++ b/doc/crypto/BIO_new_bio_pair.pod
@@ -0,0 +1,103 @@
+=pod
+
+=head1 NAME
+
+BIO_new_bio_pair - create a new BIO pair
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2);
+
+=head1 DESCRIPTION
+
+BIO_new_bio_pair() creates a buffering BIO pair based on the
+L<SSL_set_bio(3)|SSL_set_bio(3)> method. The BIO pair has two endpoints between which
+data can be buffered. Its typical use is to connect one endpoint as underlying
+input/output BIO to an SSL and access the other one controlled by the program
+instead of accessing the network connection directly.
+
+The two new BIOs B<bio1> and B<bio2> are symmetric with respect to their
+functionality. The size of their buffers is determined by B<writebuf1> and
+B<writebuf2>. If the size give is 0, the default size is used.
+
+BIO_new_bio_pair() does not check whether B<bio1> or B<bio2> do point to
+some other BIO, the values are overwritten, BIO_free() is not called.
+
+The two BIOs, even though forming a BIO pair and must be BIO_free()'ed
+separately. This can be of importance, as some SSL-functions like SSL_set_bio()
+or SSL_free() call BIO_free() implicitly, so that the peer-BIO is left
+untouched and must also be BIO_free()'ed.
+
+=head1 EXAMPLE
+
+The BIO pair can be used to have full control over the network access of an
+application. The application can call select() on the socket as required
+without having to go through the SSL-interface.
+
+ BIO *internal_bio, *network_bio;
+ ...
+ BIO_new_bio_pair(internal_bio, 0, network_bio, 0);
+ SSL_set_bio(ssl, internal_bio, internal_bio);
+ SSL_operations();
+ ...
+
+ application |   TLS-engine
+    |        |
+    +----------> SSL_operations()
+             |     /\    ||
+             |     ||    \/
+             |   BIO-pair (internal_bio)
+    +----------< BIO-pair (network_bio)
+    |        |
+  socket     |
+
+  ...
+  SSL_free(ssl);		/* implicitly frees internal_bio */
+  BIO_free(network_bio);
+  ...
+
+As the BIO pair will only buffer the data and never directly access the
+connection, it behaves non-blocking and will return as soon as the write
+buffer is full or the read buffer is drained. Then the application has to
+flush the write buffer and/or fill the read buffer.
+
+Use the BIO_ctrl_pending(), to find out whether data is buffered in the BIO
+and must be transfered to the network. Use BIO_ctrl_get_read_request() to
+find out, how many bytes must be written into the buffer before the
+SSL_operation() can successfully be continued.
+
+=head1 WARNING
+
+As the data is buffered, SSL_operation() may return with a ERROR_SSL_WANT_READ
+condition, but there is still data in the write buffer. An application must
+not rely on the error value of SSL_operation() but must assure that the
+write buffer is always flushed first. Otherwise a deadlock may occur as
+the peer might be waiting for the data before being able to continue.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item 1
+
+The BIO pair was created successfully. The new BIOs are available in
+B<bio1> and B<bio2>.
+
+=item 0
+
+The operation failed. The NULL pointer is stored into the locations for
+B<bio1> and B<bio2>. Check the error stack for more information.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_set_bio(3)|SSL_set_bio(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
+L<BIO_ctrl_pending(3)|BIO_ctrl_pending(3)>,
+L<BIO_ctrl_get_read_request(3)|BIO_ctrl_get_read_request(3)>
+
+=cut
diff --git a/doc/crypto/BIO_push.pod b/doc/crypto/BIO_push.pod
new file mode 100644
index 0000000000..8af1d3c097
--- /dev/null
+++ b/doc/crypto/BIO_push.pod
@@ -0,0 +1,69 @@
+=pod
+
+=head1 NAME
+
+BIO_push, BIO_pop - add and remove BIOs from a chain.
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO *	BIO_push(BIO *b,BIO *append);
+ BIO *	BIO_pop(BIO *b);
+
+=head1 DESCRIPTION
+
+The BIO_push() function appends the BIO B<append> to B<b>, it returns
+B<b>.
+
+BIO_pop() removes the BIO B<b> from a chain and returns the next BIO
+in the chain, or NULL if there is no next BIO. The removed BIO then
+becomes a single BIO with no association with the original chain,
+it can thus be freed or attached to a different chain.
+
+=head1 NOTES
+
+The names of these functions are perhaps a little misleading. BIO_push()
+joins two BIO chains whereas BIO_pop() deletes a single BIO from a chain,
+the deleted BIO does not need to be at the end of a chain.
+
+The process of calling BIO_push() and BIO_pop() on a BIO may have additional
+consequences (a control call is made to the affected BIOs) any effects will
+be noted in the descriptions of individual BIOs.
+
+=head1 EXAMPLES
+
+For these examples suppose B<md1> and B<md2> are digest BIOs, B<b64> is
+a base64 BIO and B<f> is a file BIO.
+
+If the call:
+
+ BIO_push(b64, f);
+
+is made then the new chain will be B<b64-chain>. After making the calls
+
+ BIO_push(md2, b64);
+ BIO_push(md1, md2);
+
+the new chain is B<md1-md2-b64-f>. Data written to B<md1> will be digested
+by B<md1> and B<md2>, B<base64> encoded and written to B<f>.
+
+It should be noted that reading causes data to pass in the reverse
+direction, that is data is read from B<f>, base64 B<decoded> and digested
+by B<md1> and B<md2>. If the call:
+
+ BIO_pop(md2);
+
+The call will return B<b64> and the new chain will be B<md1-b64-f> data can
+be written to B<md1> as before.
+
+=head1 RETURN VALUES
+
+BIO_push() returns the end of the chain, B<b>.
+
+BIO_pop() returns the next BIO in the chain, or NULL if there is no next
+BIO.
+
+=head1 SEE ALSO
+
+TBA
diff --git a/doc/crypto/BIO_read.pod b/doc/crypto/BIO_read.pod
new file mode 100644
index 0000000000..b34528104d
--- /dev/null
+++ b/doc/crypto/BIO_read.pod
@@ -0,0 +1,66 @@
+=pod
+
+=head1 NAME
+
+BIO_read, BIO_write, BIO_gets, BIO_puts - BIO I/O functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ int	BIO_read(BIO *b, void *buf, int len);
+ int	BIO_gets(BIO *b,char *buf, int size);
+ int	BIO_write(BIO *b, const void *buf, int len);
+ int	BIO_puts(BIO *b,const char *buf);
+
+=head1 DESCRIPTION
+
+BIO_read() attempts to read B<len> bytes from BIO B<b> and places
+the data in B<buf>.
+
+BIO_gets() performs the BIOs "gets" operation and places the data
+in B<buf>. Usually this operation will attempt to read a line of data
+from the BIO of maximum length B<len>. There are exceptions to this
+however, for example BIO_gets() on a digest BIO will calculate and
+return the digest and other BIOs may not support BIO_gets() at all.
+
+BIO_write() attempts to write B<len> bytes from B<buf> to BIO B<b>.
+
+BIO_puts() attempts to write a null terminated string B<buf> to BIO B<b>
+
+=head1 RETURN VALUES
+
+All these functions return either the amount of data successfully read or
+written (if the return value is positive) or that no data was successfully
+read or written if the result is 0 or -1. If the return value is -2 then
+the operation is not implemented in the specific BIO type.
+
+=head1 NOTES
+
+A 0 or -1 return is not necessarily an indication of an error. In
+particular when the source/sink is non-blocking or of a certain type
+it may merely be an indication that no data is currently available and that
+the application should retry the operation later.
+
+One technique sometimes used with blocking sockets is to use a system call
+(such as select(), poll() or equivalent) to determine when data is available
+and then call read() to read the data. The equivalent with BIOs (that is call
+select() on the underlying I/O structure and then call BIO_read() to
+read the data) should B<not> be used because a single call to BIO_read()
+can cause several reads (and writes in the case of SSL BIOs) on the underlying
+I/O structure and may block as a result. Instead select() (or equivalent)
+should be combined with non blocking I/O so successive reads will request
+a retry instead of blocking.
+
+See L<BIO_should_retry(3)|BIO_should_retry(3)> for details of how to
+determine the cause of a retry and other I/O issues.
+
+If the BIO_gets() function is not supported by a BIO then it possible to
+work around this by adding a buffering BIO L<BIO_f_buffer(3)|BIO_f_buffer(3)>
+to the chain.
+
+=head1 SEE ALSO
+
+L<BIO_should_retry(3)|BIO_should_retry(3)>
+
+TBA
diff --git a/doc/crypto/BIO_s_accept.pod b/doc/crypto/BIO_s_accept.pod
new file mode 100644
index 0000000000..55e4b730b9
--- /dev/null
+++ b/doc/crypto/BIO_s_accept.pod
@@ -0,0 +1,195 @@
+=pod
+
+=head1 NAME
+
+BIO_s_accept, BIO_set_nbio, BIO_set_accept_port, BIO_get_accept_port,
+BIO_set_nbio_accept, BIO_set_accept_bios, BIO_set_bind_mode,
+BIO_get_bind_mode, BIO_do_accept - accept BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO_METHOD *BIO_s_accept(void);
+
+ long BIO_set_accept_port(BIO *b, char *name);
+ char *BIO_get_accept_port(BIO *b);
+
+ BIO *BIO_new_accept(char *host_port);
+
+ long BIO_set_nbio_accept(BIO *b, int n);
+ long BIO_set_accept_bios(BIO *b, char *bio);
+
+ long BIO_set_bind_mode(BIO *b, long mode);
+ long BIO_get_bind_mode(BIO *b, long dummy);
+
+ #define BIO_BIND_NORMAL		0
+ #define BIO_BIND_REUSEADDR_IF_UNUSED	1
+ #define BIO_BIND_REUSEADDR		2
+
+ int BIO_do_accept(BIO *b);
+
+=head1 DESCRIPTION
+
+BIO_s_accept() returns the accept BIO method. This is a wrapper
+round the platform's TCP/IP socket accept routines.
+
+Using accept BIOs, TCP/IP connections can be accepted and data
+transferred using only BIO routines. In this way any platform
+specific operations are hidden by the BIO abstraction.
+
+Read and write operations on an accept BIO will perform I/O
+on the underlying connection. If no connection is established
+and the port (see below) is set up properly then the BIO
+waits for an incoming connection.
+
+Accept BIOs support BIO_puts() but not BIO_gets().
+
+If the close flag is set on an accept BIO then any active
+connection on that chain is shutdown and the socket closed when
+the BIO is freed.
+
+Calling BIO_reset() on a accept BIO will close any active
+connection and reset the BIO into a state where it awaits another
+incoming connection.
+
+BIO_get_fd() and BIO_set_fd() can be called to retrieve or set
+the accept socket. See L<BIO_s_fd(3)|BIO_s_fd(3)>
+
+BIO_set_accept_port() uses the string B<name> to set the accept
+port. The port is represented as a string of the form "host:port",
+where "host" is the interface to use and "port" is the port.
+Either or both values can be "*" which is interpreted as meaning
+any interface or port respectively. "port" has the same syntax
+as the port specified in BIO_set_conn_port() for connect BIOs,
+that is it can be a numerical port string or a string to lookup
+using getservbyname() and a string table.
+
+BIO_new_accept() combines BIO_new() and BIO_set_accept_port() into
+a single call: that is it creates a new accept BIO with port
+B<host_port>.
+
+BIO_set_nbio_accept() sets the accept socket to blocking mode
+(the default) if B<n> is 0 or non blocking mode if B<n> is 1.
+
+BIO_set_accept_bios() can be used to set a chain of BIOs which
+will be duplicated and prepended to the chain when an incoming
+connection is received. This is useful if, for example, a 
+buffering or SSL BIO is required for each connection. The
+chain of BIOs must not be freed after this call, they will
+be automatically freed when the accept BIO is freed.
+
+BIO_set_bind_mode() and BIO_get_bind_mode() set and retrieve
+the current bind mode. If BIO_BIND_NORMAL (the default) is set
+then another socket cannot be bound to the same port. If
+BIO_BIND_REUSEADDR is set then other sockets can bind to the
+same port. If BIO_BIND_REUSEADDR_IF_UNUSED is set then and
+attempt is first made to use BIO_BIN_NORMAL, if this fails
+and the port is not in use then a second attempt is made
+using BIO_BIND_REUSEADDR.
+
+BIO_do_accept() serves two functions. When it is first
+called, after the accept BIO has been setup, it will attempt
+to create the accept socket and bind an address to it. Second
+and subsequent calls to BIO_do_accept() will await an incoming
+connection, or request a retry in non blocking mode.
+
+=head1 NOTES
+
+When an accept BIO is at the end of a chain it will await an
+incoming connection before processing I/O calls. When an accept
+BIO is not at then end of a chain it passes I/O calls to the next
+BIO in the chain.
+
+When a connection is established a new socket BIO is created for
+the connection and appended to the chain. That is the chain is now
+accept->socket. This effectively means that attempting I/O on
+an initial accept socket will await an incoming connection then
+perform I/O on it.
+
+If any additional BIOs have been set using BIO_set_accept_bios()
+then they are placed between the socket and the accept BIO,
+that is the chain will be accept->otherbios->socket.
+
+If a server wishes to process multiple connections (as is normally
+the case) then the accept BIO must be made available for further
+incoming connections. This can be done by waiting for a connection and
+then calling:
+
+ connection = BIO_pop(accept);
+
+After this call B<connection> will contain a BIO for the recently
+established connection and B<accept> will now be a single BIO
+again which can be used to await further incoming connections.
+If no further connections will be accepted the B<accept> can
+be freed using BIO_free().
+
+If only a single connection will be processed it is possible to
+perform I/O using the accept BIO itself. This is often undesirable
+however because the accept BIO will still accept additional incoming
+connections. This can be resolved by using BIO_pop() (see above)
+and freeing up the accept BIO after the initial connection.
+
+If the underlying accept socket is non-blocking and BIO_do_accept() is
+called to await an incoming connection it is possible for
+BIO_should_io_special() with the reason BIO_RR_ACCEPT. If this happens
+then it is an indication that an accept attempt would block: the application
+should take appropriate action to wait until the underlying socket has
+accepted a connection and retry the call.
+
+BIO_set_accept_port(), BIO_get_accept_port(), BIO_set_nbio_accept(),
+BIO_set_accept_bios(), BIO_set_bind_mode(), BIO_get_bind_mode() and
+BIO_do_accept() are macros.
+
+=head1 RETURN VALUES
+
+TBA
+
+=head1 EXAMPLE
+
+This example accepts two connections on port 4444, sends messages
+down each and finally closes both down.
+
+ BIO *abio, *cbio, *cbio2;
+ ERR_load_crypto_strings();
+ abio = BIO_new_accept("4444");
+
+ /* First call to BIO_accept() sets up accept BIO */
+ if(BIO_do_accept(abio) <= 0) {
+	fprintf(stderr, "Error setting up accept\n");
+	ERR_print_errors_fp(stderr);
+	exit(0);		
+ }
+
+ /* Wait for incoming connection */
+ if(BIO_do_accept(abio) <= 0) {
+	fprintf(stderr, "Error accepting connection\n");
+	ERR_print_errors_fp(stderr);
+	exit(0);		
+ }
+ fprintf(stderr, "Connection 1 established\n");
+ /* Retrieve BIO for connection */
+ cbio = BIO_pop(abio);
+ BIO_puts(cbio, "Connection 1: Sending out Data on initial connection\n");
+ fprintf(stderr, "Sent out data on connection 1\n");
+ /* Wait for another connection */
+ if(BIO_do_accept(abio) <= 0) {
+	fprintf(stderr, "Error accepting connection\n");
+	ERR_print_errors_fp(stderr);
+	exit(0);		
+ }
+ fprintf(stderr, "Connection 2 established\n");
+ /* Close accept BIO to refuse further connections */
+ cbio2 = BIO_pop(abio);
+ BIO_free(abio);
+ BIO_puts(cbio2, "Connection 2: Sending out Data on second\n");
+ fprintf(stderr, "Sent out data on connection 2\n");
+
+ BIO_puts(cbio, "Connection 1: Second connection established\n");
+ /* Close the two established connections */
+ BIO_free(cbio);
+ BIO_free(cbio2);
+
+=head1 SEE ALSO
+
+TBA
diff --git a/doc/crypto/BIO_s_bio.pod b/doc/crypto/BIO_s_bio.pod
new file mode 100644
index 0000000000..95ae802e47
--- /dev/null
+++ b/doc/crypto/BIO_s_bio.pod
@@ -0,0 +1,130 @@
+=pod
+
+=head1 NAME
+
+BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, 
+BIO_set_write_buf_size, BIO_get_write_buf_size, BIO_new_bio_pair,
+BIO_get_write_guarantee, BIO_ctrl_get_write_guarantee, BIO_get_read_request,
+BIO_ctrl_get_read_request, BIO_ctrl_reset_read_request - BIO pair BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO_METHOD *BIO_s_bio(void);
+
+ #define BIO_make_bio_pair(b1,b2)   (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
+ #define BIO_destroy_bio_pair(b)    (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
+
+ #define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)
+
+ #define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
+ #define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
+
+ int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, BIO **bio2, size_t writebuf2);
+
+ #define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
+ size_t BIO_ctrl_get_write_guarantee(BIO *b);
+
+ #define BIO_get_read_request(b)    (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
+ size_t BIO_ctrl_get_read_request(BIO *b);
+
+ int BIO_ctrl_reset_read_request(BIO *b);
+
+=head1 DESCRIPTION
+
+BIO_s_bio() returns the method for a BIO pair. A BIO pair is a pair of source/sink
+BIOs where data written to either half of the pair is buffered and can be read from
+the other half. Both halves must usually by handled by the same application thread
+since no locking is done on the internal data structures.
+
+Since BIO chains typically end in a source/sink BIO it is possible to make this
+one half of a BIO pair and have all the data processed by the chain under application
+control.
+
+One typical use of BIO pairs is to place TLS/SSL I/O under application control, this
+can be used when the application wishes to use a non standard transport for
+TLS/SSL or the normal socket routines are inappropriate.
+
+Calls to BIO_read() will read data from the buffer or request a retry if no
+data is available.
+
+Calls to BIO_write() will place data in the buffer or request a retry if the
+buffer is full.
+
+The standard calls BIO_ctrl_pending() and BIO_ctrl_wpending() can be used to
+determine the amount of pending data in the read or write buffer.
+
+BIO_reset() clears any data in the write buffer.
+
+BIO_make_bio_pair() joins two separate BIOs into a connected pair.
+
+BIO_destroy_pair() destroys the association between two connected BIOs. Freeing
+up any half of the pair will automatically destroy the association.
+
+BIO_shutdown_wr() is used to close down a BIO B<b>. After this call no further
+writes on BIO B<b> are allowed (they will return an error). Reads on the other
+half of the pair will return any pending data or EOF when all pending data has
+been read. 
+
+BIO_set_write_buf_size() sets the write buffer size of BIO B<b> to B<size>.
+If the size is not initialized a default value is used. This is currently
+17K, sufficient for a maximum size TLS record.
+
+BIO_get_write_buf_size() returns the size of the write buffer.
+
+BIO_new_bio_pair() combines the calls to BIO_new(), BIO_make_bio_pair() and
+BIO_set_write_buf_size() to create a connected pair of BIOs B<bio1>, B<bio2>
+with write buffer sizes B<writebuf1> and B<writebuf2>. If either size is
+zero then the default size is used.
+
+BIO_get_write_guarantee() and BIO_ctrl_get_write_guarantee() return the maximum
+length of data that can be currently written to the BIO. Writes larger than this
+value will return a value from BIO_write() less than the amount requested or if the
+buffer is full request a retry. BIO_ctrl_get_write_guarantee() is a function
+whereas BIO_get_write_guarantee() is a macro.
+
+BIO_get_read_request() and BIO_ctrl_get_read_request() return the
+amount of data requested, or the buffer size if it is less, if the
+last read attempt at the other half of the BIO pair failed due to an
+empty buffer.  This can be used to determine how much data should be
+written to the BIO so the next read will succeed: this is most useful
+in TLS/SSL applications where the amount of data read is usually
+meaningful rather than just a buffer size. After a successful read
+this call will return zero.  It also will return zero once new data
+has been written satisfying the read request or part of it.
+Note that BIO_get_read_request() never returns an amount larger
+than that returned by BIO_get_write_guarantee().
+
+BIO_ctrl_reset_read_request() can also be used to reset the value returned by
+BIO_get_read_request() to zero.
+
+=head1 NOTES
+
+Both halves of a BIO pair should be freed. That is even if one half is implicit
+freed due to a BIO_free_all() or SSL_free() call the other half needs to be freed.
+
+When used in bidirectional applications (such as TLS/SSL) care should be taken to
+flush any data in the write buffer. This can be done by calling BIO_pending()
+on the other half of the pair and, if any data is pending, reading it and sending
+it to the underlying transport. This must be done before any normal processing
+(such as calling select() ) due to a request and BIO_should_read() being true.
+
+To see why this is important consider a case where a request is sent using
+BIO_write() and a response read with BIO_read(), this can occur during an
+TLS/SSL handshake for example. BIO_write() will succeed and place data in the write
+buffer. BIO_read() will initially fail and BIO_should_read() will be true. If
+the application then waits for data to be available on the underlying transport
+before flushing the write buffer it will never succeed because the request was
+never sent!
+
+=head1 EXAMPLE
+
+TBA
+
+=head1 SEE ALSO
+
+L<SSL_set_bio(3)|SSL_set_bio(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
+L<BIO_should_retry(3)|BIO_should_retry(3)>, L<BIO_read(3)|BIO_read(3)>
+
+=cut
diff --git a/doc/crypto/BIO_s_connect.pod b/doc/crypto/BIO_s_connect.pod
new file mode 100644
index 0000000000..bcf7d8dcac
--- /dev/null
+++ b/doc/crypto/BIO_s_connect.pod
@@ -0,0 +1,192 @@
+=pod
+
+=head1 NAME
+
+BIO_s_connect, BIO_set_conn_hostname, BIO_set_conn_port,
+BIO_set_conn_ip, BIO_set_conn_int_port, BIO_get_conn_hostname,
+BIO_get_conn_port, BIO_get_conn_ip, BIO_get_conn_int_port,
+BIO_set_nbio, BIO_do_connect - connect BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO_METHOD * BIO_s_connect(void);
+
+ BIO *BIO_new_connect(char *name);
+
+ long BIO_set_conn_hostname(BIO *b, char *name);
+ long BIO_set_conn_port(BIO *b, char *port);
+ long BIO_set_conn_ip(BIO *b, char *ip);
+ long BIO_set_conn_int_port(BIO *b, char *port);
+ char *BIO_get_conn_hostname(BIO *b);
+ char *BIO_get_conn_port(BIO *b);
+ char *BIO_get_conn_ip(BIO *b, dummy);
+ long BIO_get_conn_int_port(BIO *b, int port);
+
+ long BIO_set_nbio(BIO *b, long n);
+
+ int BIO_do_connect(BIO *b);
+
+=head1 DESCRIPTION
+
+BIO_s_connect() returns the connect BIO method. This is a wrapper
+round the platform's TCP/IP socket connection routines.
+
+Using connect BIOs, TCP/IP connections can be made and data
+transferred using only BIO routines. In this way any platform
+specific operations are hidden by the BIO abstraction.
+
+Read and write operations on a connect BIO will perform I/O
+on the underlying connection. If no connection is established
+and the port and hostname (see below) is set up properly then
+a connection is established first.
+
+Connect BIOs support BIO_puts() but not BIO_gets().
+
+If the close flag is set on a connect BIO then any active
+connection is shutdown and the socket closed when the BIO
+is freed.
+
+Calling BIO_reset() on a connect BIO will close any active
+connection and reset the BIO into a state where it can connect
+to the same host again.
+
+BIO_get_fd() places the underlying socket in B<c> if it is not NULL,
+it also returns the socket . If B<c> is not NULL it should be of
+type (int *).
+
+BIO_set_conn_hostname() uses the string B<name> to set the hostname.
+The hostname can be an IP address. The hostname can also include the
+port in the form hostname:port . It is also acceptable to use the
+form "hostname/any/other/path" or "hostname:port/any/other/path".
+
+BIO_set_conn_port() sets the port to B<port>. B<port> can be the
+numerical form or a string such as "http". A string will be looked
+up first using getservbyname() on the host platform but if that
+fails a standard table of port names will be used. Currently the
+list is http, telnet, socks, https, ssl, ftp, gopher and wais.
+
+BIO_set_conn_ip() sets the IP address to B<ip> using binary form,
+that is four bytes specifying the IP address in big-endian form.
+
+BIO_set_conn_int_port() sets the port using B<port>. B<port> should
+be of type (int *).
+
+BIO_get_conn_hostname() returns the hostname of the connect BIO or
+NULL if the BIO is initialized but no hostname is set.
+This return value is an internal pointer which should not be modified.
+
+BIO_get_conn_port() returns the port as a string.
+
+BIO_get_conn_ip() returns the IP address in binary form.
+
+BIO_get_conn_int_port() returns the port as an int.
+
+BIO_set_nbio() sets the non blocking I/O flag to B<n>. If B<n> is
+zero then blocking I/O is set. If B<n> is 1 then non blocking I/O
+is set. Blocking I/O is the default. The call to BIO_set_nbio()
+should be made before the connection is established because 
+non blocking I/O is set during the connect process.
+
+BIO_new_connect() combines BIO_new() and BIO_set_conn_hostname() into
+a single call: that is it creates a new connect BIO with B<name>.
+
+BIO_do_connect() attempts to connect the supplied BIO. It returns 1
+if the connection was established successfully. A zero or negative
+value is returned if the connection could not be established, the
+call BIO_should_retry() should be used for non blocking connect BIOs
+to determine if the call should be retried.
+
+=head1 NOTES
+
+If blocking I/O is set then a non positive return value from any
+I/O call is caused by an error condition, although a zero return
+will normally mean that the connection was closed.
+
+If the port name is supplied as part of the host name then this will
+override any value set with BIO_set_conn_port(). This may be undesirable
+if the application does not wish to allow connection to arbitrary
+ports. This can be avoided by checking for the presence of the ':'
+character in the passed hostname and either indicating an error or
+truncating the string at that point.
+
+The values returned by BIO_get_conn_hostname(), BIO_get_conn_port(),
+BIO_get_conn_ip() and BIO_get_conn_int_port() are updated when a
+connection attempt is made. Before any connection attempt the values
+returned are those set by the application itself.
+
+Applications do not have to call BIO_do_connect() but may wish to do
+so to separate the connection process from other I/O processing.
+
+If non blocking I/O is set then retries will be requested as appropriate.
+
+It addition to BIO_should_read() and BIO_should_write() it is also
+possible for BIO_should_io_special() to be true during the initial
+connection process with the reason BIO_RR_CONNECT. If this is returned
+then this is an indication that a connection attempt would block,
+the application should then take appropriate action to wait until
+the underlying socket has connected and retry the call.
+
+BIO_set_conn_hostname(), BIO_set_conn_port(), BIO_set_conn_ip(),
+BIO_set_conn_int_port(), BIO_get_conn_hostname(), BIO_get_conn_port(),
+BIO_get_conn_ip(), BIO_get_conn_int_port(), BIO_set_nbio() and
+BIO_do_connect() are macros.
+
+=head1 RETURN VALUES
+
+BIO_s_connect() returns the connect BIO method.
+
+BIO_get_fd() returns the socket or -1 if the BIO has not
+been initialized.
+
+BIO_set_conn_hostname(), BIO_set_conn_port(), BIO_set_conn_ip() and
+BIO_set_conn_int_port() always return 1.
+
+BIO_get_conn_hostname() returns the connected hostname or NULL is
+none was set.
+
+BIO_get_conn_port() returns a string representing the connected
+port or NULL if not set.
+
+BIO_get_conn_ip() returns a pointer to the connected IP address in
+binary form or all zeros if not set.
+
+BIO_get_conn_int_port() returns the connected port or 0 if none was
+set.
+
+BIO_set_nbio() always returns 1.
+
+BIO_do_connect() returns 1 if the connection was successfully
+established and 0 or -1 if the connection failed.
+
+=head1 EXAMPLE
+
+This is example connects to a webserver on the local host and attempts
+to retrieve a page and copy the result to standard output.
+
+
+ BIO *cbio, *out;
+ int len;
+ char tmpbuf[1024];
+ ERR_load_crypto_strings();
+ cbio = BIO_new_connect("localhost:http");
+ out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ if(BIO_do_connect(cbio) <= 0) {
+	fprintf(stderr, "Error connecting to server\n");
+	ERR_print_errors_fp(stderr);
+	/* whatever ... */
+	}
+ BIO_puts(cbio, "GET / HTTP/1.0\n\n");
+ for(;;) {	
+	len = BIO_read(cbio, tmpbuf, 1024);
+	if(len <= 0) break;
+	BIO_write(out, tmpbuf, len);
+ }
+ BIO_free(cbio);
+ BIO_free(out);
+
+
+=head1 SEE ALSO
+
+TBA
diff --git a/doc/crypto/BIO_s_fd.pod b/doc/crypto/BIO_s_fd.pod
new file mode 100644
index 0000000000..b1de1d1015
--- /dev/null
+++ b/doc/crypto/BIO_s_fd.pod
@@ -0,0 +1,89 @@
+=pod
+
+=head1 NAME
+
+BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd - file descriptor BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO_METHOD *	BIO_s_fd(void);
+
+ #define BIO_set_fd(b,fd,c)	BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
+ #define BIO_get_fd(b,c)	BIO_ctrl(b,BIO_C_GET_FD,0,(char *)c)
+
+ BIO *BIO_new_fd(int fd, int close_flag);
+
+=head1 DESCRIPTION
+
+BIO_s_fd() returns the file descriptor BIO method. This is a wrapper
+round the platforms file descriptor routines such as read() and write().
+
+BIO_read() and BIO_write() read or write the underlying descriptor.
+BIO_puts() is supported but BIO_gets() is not.
+
+If the close flag is set then then close() is called on the underlying
+file descriptor when the BIO is freed.
+
+BIO_reset() attempts to change the file pointer to the start of file
+using lseek(fd, 0, 0).
+
+BIO_seek() sets the file pointer to position B<ofs> from start of file
+using lseek(fd, ofs, 0).
+
+BIO_tell() returns the current file position by calling lseek(fd, 0, 1).
+
+BIO_set_fd() sets the file descriptor of BIO B<b> to B<fd> and the close
+flag to B<c>.
+
+BIO_get_fd() places the file descriptor in B<c> if it is not NULL, it also
+returns the file descriptor. If B<c> is not NULL it should be of type
+(int *).
+
+BIO_new_fd() returns a file descriptor BIO using B<fd> and B<close_flag>.
+
+=head1 NOTES
+
+The behaviour of BIO_read() and BIO_write() depends on the behavior of the
+platforms read() and write() calls on the descriptor. If the underlying 
+file descriptor is in a non blocking mode then the BIO will behave in the
+manner described in the L<BIO_read(3)|BIO_read(3)> and L<BIO_should_retry(3)|BIO_should_retry(3)>
+manual pages.
+
+File descriptor BIOs should not be used for socket I/O. Use socket BIOs
+instead.
+
+=head1 RETURN VALUES
+
+BIO_s_fd() returns the file descriptor BIO method.
+
+BIO_reset() returns zero for success and -1 if an error occurred.
+BIO_seek() and BIO_tell() return the current file position or -1
+is an error occurred. These values reflect the underlying lseek()
+behaviour.
+
+BIO_set_fd() always returns 1.
+
+BIO_get_fd() returns the file descriptor or -1 if the BIO has not
+been initialized.
+
+BIO_new_fd() returns the newly allocated BIO or NULL is an error
+occurred.
+
+=head1 EXAMPLE
+
+This is a file descriptor BIO version of "Hello World":
+
+ BIO *out;
+ out = BIO_new_fd(fileno(stdout), BIO_NOCLOSE);
+ BIO_printf(out, "Hello World\n");
+ BIO_free(out);
+
+=head1 SEE ALSO
+
+L<BIO_seek(3)|BIO_seek(3)>, L<BIO_tell(3)|BIO_tell(3)>,
+L<BIO_reset(3)|BIO_reset(3)>, L<BIO_read(3)|BIO_read(3)>,
+L<BIO_write(3)|BIO_write(3)>, L<BIO_puts(3)|BIO_puts(3)>,
+L<BIO_gets(3)|BIO_gets(3)>, L<BIO_printf(3)|BIO_printf(3)>,
+L<BIO_set_close(3)|BIO_set_close(3)>, L<BIO_get_close(3)|BIO_get_close(3)>
diff --git a/doc/crypto/BIO_s_file.pod b/doc/crypto/BIO_s_file.pod
new file mode 100644
index 0000000000..b2a29263f4
--- /dev/null
+++ b/doc/crypto/BIO_s_file.pod
@@ -0,0 +1,144 @@
+=pod
+
+=head1 NAME
+
+BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp,
+BIO_read_filename, BIO_write_filename, BIO_append_filename,
+BIO_rw_filename - FILE bio
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO_METHOD *	BIO_s_file(void);
+ BIO *BIO_new_file(const char *filename, const char *mode);
+ BIO *BIO_new_fp(FILE *stream, int flags);
+
+ BIO_set_fp(BIO *b,FILE *fp, int flags);
+ BIO_get_fp(BIO *b,FILE **fpp);
+
+ int BIO_read_filename(BIO *b, char *name)
+ int BIO_write_filename(BIO *b, char *name)
+ int BIO_append_filename(BIO *b, char *name)
+ int BIO_rw_filename(BIO *b, char *name)
+
+=head1 DESCRIPTION
+
+BIO_s_file() returns the BIO file method. As its name implies it
+is a wrapper round the stdio FILE structure and it is a
+source/sink BIO.
+
+Calls to BIO_read() and BIO_write() read and write data to the
+underlying stream. BIO_gets() and BIO_puts() are supported on file BIOs.
+
+BIO_flush() on a file BIO calls the fflush() function on the wrapped
+stream.
+
+BIO_reset() attempts to change the file pointer to the start of file
+using fseek(stream, 0, 0).
+
+BIO_seek() sets the file pointer to position B<ofs> from start of file
+using fseek(stream, ofs, 0).
+
+BIO_eof() calls feof().
+
+Setting the BIO_CLOSE flag calls fclose() on the stream when the BIO
+is freed.
+
+BIO_new_file() creates a new file BIO with mode B<mode> the meaning
+of B<mode> is the same as the stdio function fopen(). The BIO_CLOSE
+flag is set on the returned BIO.
+
+BIO_new_fp() creates a file BIO wrapping B<stream>. Flags can be:
+BIO_CLOSE, BIO_NOCLOSE (the close flag) BIO_FP_TEXT (sets the underlying
+stream to text mode, default is binary: this only has any effect under
+Win32).
+
+BIO_set_fp() set the fp of a file BIO to B<fp>. B<flags> has the same
+meaning as in BIO_new_fp(), it is a macro.
+
+BIO_get_fp() retrieves the fp of a file BIO, it is a macro.
+
+BIO_seek() is a macro that sets the position pointer to B<offset> bytes
+from the start of file.
+
+BIO_tell() returns the value of the position pointer.
+
+BIO_read_filename(), BIO_write_filename(), BIO_append_filename() and
+BIO_rw_filename() set the file BIO B<b> to use file B<name> for
+reading, writing, append or read write respectively.
+
+=head1 NOTES
+
+When wrapping stdout, stdin or stderr the underlying stream should not
+normally be closed so the BIO_NOCLOSE flag should be set.
+
+Because the file BIO calls the underlying stdio functions any quirks
+in stdio behaviour will be mirrored by the corresponding BIO.
+
+=head1 EXAMPLES
+
+File BIO "hello world":
+
+ BIO *bio_out;
+ bio_out = BIO_new_fp(stdout, BIO_NOCLOSE);
+ BIO_printf(bio_out, "Hello World\n");
+
+Alternative technique:
+
+ BIO *bio_out;
+ bio_out = BIO_new(BIO_s_file());
+ if(bio_out == NULL) /* Error ... */
+ if(!BIO_set_fp(bio_out, stdout, BIO_NOCLOSE)) /* Error ... */
+ BIO_printf(bio_out, "Hello World\n");
+
+Write to a file:
+
+ BIO *out;
+ out = BIO_new_file("filename.txt", "w");
+ if(!out) /* Error occurred */
+ BIO_printf(out, "Hello World\n");
+ BIO_free(out);
+
+Alternative technique:
+
+ BIO *out;
+ out = BIO_new(BIO_s_file());
+ if(out == NULL) /* Error ... */
+ if(!BIO_write_filename(out, "filename.txt")) /* Error ... */
+ BIO_printf(out, "Hello World\n");
+ BIO_free(out);
+
+=head1 RETURN VALUES
+
+BIO_s_file() returns the file BIO method.
+
+BIO_new_file() and BIO_new_fp() return a file BIO or NULL if an error
+occurred.
+
+BIO_set_fp() and BIO_get_fp() return 1 for success or 0 for failure
+(although the current implementation never return 0).
+
+BIO_seek() returns the same value as the underlying fseek() function:
+0 for success or -1 for failure.
+
+BIO_tell() returns the current file position.
+
+BIO_read_filename(), BIO_write_filename(),  BIO_append_filename() and
+BIO_rw_filename() return 1 for success or 0 for failure.
+
+=head1 BUGS
+
+BIO_reset() and BIO_seek() are implemented using fseek() on the underlying
+stream. The return value for fseek() is 0 for success or -1 if an error
+occurred this differs from other types of BIO which will typically return
+1 for success and a non positive value if an error occurred.
+
+=head1 SEE ALSO
+
+L<BIO_seek(3)|BIO_seek(3)>, L<BIO_tell(3)|BIO_tell(3)>,
+L<BIO_reset(3)|BIO_reset(3)>, L<BIO_flush(3)|BIO_flush(3)>,
+L<BIO_read(3)|BIO_read(3)>,
+L<BIO_write(3)|BIO_write(3)>, L<BIO_puts(3)|BIO_puts(3)>,
+L<BIO_gets(3)|BIO_gets(3)>, L<BIO_printf(3)|BIO_printf(3)>,
+L<BIO_set_close(3)|BIO_set_close(3)>, L<BIO_get_close(3)|BIO_get_close(3)>
diff --git a/doc/crypto/BIO_s_mem.pod b/doc/crypto/BIO_s_mem.pod
new file mode 100644
index 0000000000..19648acfae
--- /dev/null
+++ b/doc/crypto/BIO_s_mem.pod
@@ -0,0 +1,115 @@
+=pod
+
+=head1 NAME
+
+BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf,
+BIO_get_mem_ptr, BIO_new_mem_buf - memory BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO_METHOD *	BIO_s_mem(void);
+
+ BIO_set_mem_eof_return(BIO *b,int v)
+ long BIO_get_mem_data(BIO *b, char **pp)
+ BIO_set_mem_buf(BIO *b,BUF_MEM *bm,int c)
+ BIO_get_mem_ptr(BIO *b,BUF_MEM **pp)
+
+ BIO *BIO_new_mem_buf(void *buf, int len);
+
+=head1 DESCRIPTION
+
+BIO_s_mem() return the memory BIO method function. 
+
+A memory BIO is a source/sink BIO which uses memory for its I/O. Data
+written to a memory BIO is stored in a BUF_MEM structure which is extended
+as appropriate to accommodate the stored data.
+
+Any data written to a memory BIO can be recalled by reading from it.
+Unless the memory BIO is read only any data read from it is deleted from
+the BIO.
+
+Memory BIOs support BIO_gets() and BIO_puts().
+
+If the BIO_CLOSE flag is set when a memory BIO is freed then the underlying
+BUF_MEM structure is also freed.
+
+Calling BIO_reset() on a read write memory BIO clears any data in it. On a
+read only BIO it restores the BIO to its original state and the read only
+data can be read again.
+
+BIO_eof() is true if no data is in the BIO.
+
+BIO_ctrl_pending() returns the number of bytes currently stored.
+
+BIO_set_mem_eof_return() sets the behaviour of memory BIO B<b> when it is
+empty. If the B<v> is zero then an empty memory BIO will return EOF (that is
+it will return zero and BIO_should_retry(b) will be false. If B<v> is non
+zero then it will return B<v> when it is empty and it will set the read retry
+flag (that is BIO_read_retry(b) is true). To avoid ambiguity with a normal
+positive return value B<v> should be set to a negative value, typically -1.
+
+BIO_get_mem_data() sets B<pp> to a pointer to the start of the memory BIOs data
+and returns the total amount of data available. It is implemented as a macro.
+
+BIO_set_mem_buf() sets the internal BUF_MEM structure to B<bm> and sets the
+close flag to B<c>, that is B<c> should be either BIO_CLOSE or BIO_NOCLOSE.
+It is a macro.
+
+BIO_get_mem_ptr() places the underlying BUF_MEM structure in B<pp>. It is
+a macro.
+
+BIO_new_mem_buf() creates a memory BIO using B<len> bytes of data at B<buf>,
+if B<len> is -1 then the B<buf> is assumed to be null terminated and its
+length is determined by B<strlen>. The BIO is set to a read only state and
+as a result cannot be written to. This is useful when some data needs to be
+made available from a static area of memory in the form of a BIO. The
+supplied data is read directly from the supplied buffer: it is B<not> copied
+first, so the supplied area of memory must be unchanged until the BIO is freed.
+
+=head1 NOTES
+
+Writes to memory BIOs will always succeed if memory is available: that is
+their size can grow indefinitely.
+
+Every read from a read write memory BIO will remove the data just read with
+an internal copy operation, if a BIO contains a lots of data and it is
+read in small chunks the operation can be very slow. The use of a read only
+memory BIO avoids this problem. If the BIO must be read write then adding
+a buffering BIO to the chain will speed up the process.
+
+=head1 BUGS
+
+There should be an option to set the maximum size of a memory BIO.
+
+There should be a way to "rewind" a read write BIO without destroying
+its contents.
+
+The copying operation should not occur after every small read of a large BIO
+to improve efficiency.
+
+=head1 EXAMPLE
+
+Create a memory BIO and write some data to it:
+
+ BIO *mem = BIO_new(BIO_s_mem());
+ BIO_puts(mem, "Hello World\n"); 
+
+Create a read only memory BIO:
+
+ char data[] = "Hello World";
+ BIO *mem;
+ mem = BIO_new_mem_buf(data, -1);
+
+Extract the BUF_MEM structure from a memory BIO and then free up the BIO:
+
+ BUF_MEM *bptr;
+ BIO_get_mem_ptr(mem, &bptr);
+ BIO_set_close(mem, BIO_NOCLOSE); /* So BIO_free() leaves BUF_MEM alone */
+ BIO_free(mem);
+ 
+
+=head1 SEE ALSO
+
+TBA
diff --git a/doc/crypto/BIO_s_null.pod b/doc/crypto/BIO_s_null.pod
new file mode 100644
index 0000000000..e5514f7238
--- /dev/null
+++ b/doc/crypto/BIO_s_null.pod
@@ -0,0 +1,37 @@
+=pod
+
+=head1 NAME
+
+BIO_s_null - null data sink
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO_METHOD *	BIO_s_null(void);
+
+=head1 DESCRIPTION
+
+BIO_s_null() returns the null sink BIO method. Data written to
+the null sink is discarded, reads return EOF.
+
+=head1 NOTES
+
+A null sink BIO behaves in a similar manner to the Unix /dev/null
+device.
+
+A null bio can be placed on the end of a chain to discard any data
+passed through it.
+
+A null sink is useful if, for example, an application wishes to digest some
+data by writing through a digest bio but not send the digested data anywhere.
+Since a BIO chain must normally include a source/sink BIO this can be achieved
+by adding a null sink BIO to the end of the chain
+
+=head1 RETURN VALUES
+
+BIO_s_null() returns the null sink BIO method.
+
+=head1 SEE ALSO
+
+TBA
diff --git a/doc/crypto/BIO_s_socket.pod b/doc/crypto/BIO_s_socket.pod
new file mode 100644
index 0000000000..1c8d3a9110
--- /dev/null
+++ b/doc/crypto/BIO_s_socket.pod
@@ -0,0 +1,63 @@
+=pod
+
+=head1 NAME
+
+BIO_s_socket, BIO_new_socket - socket BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ BIO_METHOD *BIO_s_socket(void);
+
+ long BIO_set_fd(BIO *b, int fd, long close_flag);
+ long BIO_get_fd(BIO *b, int *c);
+
+ BIO *BIO_new_socket(int sock, int close_flag);
+
+=head1 DESCRIPTION
+
+BIO_s_socket() returns the socket BIO method. This is a wrapper
+round the platform's socket routines.
+
+BIO_read() and BIO_write() read or write the underlying socket.
+BIO_puts() is supported but BIO_gets() is not.
+
+If the close flag is set then the socket is shut down and closed
+when the BIO is freed.
+
+BIO_set_fd() sets the socket of BIO B<b> to B<fd> and the close
+flag to B<close_flag>.
+
+BIO_get_fd() places the socket in B<c> if it is not NULL, it also
+returns the socket. If B<c> is not NULL it should be of type (int *).
+
+BIO_new_socket() returns a socket BIO using B<sock> and B<close_flag>.
+
+=head1 NOTES
+
+Socket BIOs also support any relevant functionality of file descriptor
+BIOs.
+
+The reason for having separate file descriptor and socket BIOs is that on some
+platforms sockets are not file descriptors and use distinct I/O routines,
+Windows is one such platform. Any code mixing the two will not work on
+all platforms.
+
+BIO_set_fd() and BIO_get_fd() are macros.
+
+=head1 RETURN VALUES
+
+BIO_s_socket() returns the socket BIO method.
+
+BIO_set_fd() always returns 1.
+
+BIO_get_fd() returns the socket or -1 if the BIO has not been
+initialized.
+
+BIO_new_socket() returns the newly allocated BIO or NULL is an error
+occurred.
+
+=head1 SEE ALSO
+
+TBA
diff --git a/doc/crypto/BIO_set_callback.pod b/doc/crypto/BIO_set_callback.pod
new file mode 100644
index 0000000000..9b6961ca8d
--- /dev/null
+++ b/doc/crypto/BIO_set_callback.pod
@@ -0,0 +1,108 @@
+=pod
+
+=head1 NAME
+
+BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg,
+BIO_debug_callback - BIO callback functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ #define BIO_set_callback(b,cb)		((b)->callback=(cb))
+ #define BIO_get_callback(b)		((b)->callback)
+ #define BIO_set_callback_arg(b,arg)	((b)->cb_arg=(char *)(arg))
+ #define BIO_get_callback_arg(b)		((b)->cb_arg)
+
+ long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi,
+	long argl,long ret);
+
+ typedef long callback(BIO *b, int oper, const char *argp,
+			int argi, long argl, long retvalue);
+
+=head1 DESCRIPTION
+
+BIO_set_callback() and BIO_get_callback() set and retrieve the BIO callback,
+they are both macros. The callback is called during most high level BIO
+operations. It can be used for debugging purposes to trace operations on
+a BIO or to modify its operation.
+
+BIO_set_callback_arg() and BIO_get_callback_arg() are macros which can be
+used to set and retrieve an argument for use in the callback.
+
+BIO_debug_callback() is a standard debugging callback which prints
+out information relating to each BIO operation. If the callback
+argument is set if is interpreted as a BIO to send the information
+to, otherwise stderr is used.
+
+callback() is the callback function itself. The meaning of each
+argument is described below.
+
+The BIO the callback is attached to is passed in B<b>.
+
+B<oper> is set to the operation being performed. For some operations
+the callback is called twice, once before and once after the actual
+operation, the latter case has B<oper> or'ed with BIO_CB_RETURN.
+
+The meaning of the arguments B<argp>, B<argi> and B<argl> depends on
+the value of B<oper>, that is the operation being performed.
+
+B<retvalue> is the return value that would be returned to the
+application if no callback were present. The actual value returned
+is the return value of the callback itself. In the case of callbacks
+called before the actual BIO operation 1 is placed in retvalue, if
+the return value is not positive it will be immediately returned to
+the application and the BIO operation will not be performed.
+
+The callback should normally simply return B<retvalue> when it has
+finished processing, unless if specifically wishes to modify the
+value returned to the application.
+
+=head1 CALLBACK OPERATIONS
+
+=over 4
+
+=item B<BIO_free(b)>
+
+callback(b, BIO_CB_FREE, NULL, 0L, 0L, 1L) is called before the
+free operation.
+
+=item B<BIO_read(b, out, outl)>
+
+callback(b, BIO_CB_READ, out, outl, 0L, 1L) is called before
+the read and callback(b, BIO_CB_READ|BIO_CB_RETURN, out, outl, 0L, retvalue)
+after.
+
+=item B<BIO_write(b, in, inl)>
+
+callback(b, BIO_CB_WRITE, in, inl, 0L, 1L) is called before
+the write and callback(b, BIO_CB_WRITE|BIO_CB_RETURN, in, inl, 0L, retvalue)
+after.
+
+=item B<BIO_gets(b, out, outl)>
+
+callback(b, BIO_CB_GETS, out, outl, 0L, 1L) is called before
+the operation and callback(b, BIO_CB_GETS|BIO_CB_RETURN, out, outl, 0L, retvalue)
+after.
+
+=item B<BIO_puts(b, in)>
+
+callback(b, BIO_CB_WRITE, in, 0, 0L, 1L) is called before
+the operation and callback(b, BIO_CB_WRITE|BIO_CB_RETURN, in, 0, 0L, retvalue)
+after.
+
+=item B<BIO_ctrl(BIO *b, int cmd, long larg, void *parg)>
+
+callback(b,BIO_CB_CTRL,parg,cmd,larg,1L) is called before the call and
+callback(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd, larg,ret) after.
+
+=back
+
+=head1 EXAMPLE
+
+The BIO_debug_callback() function is a good example, its source is
+in crypto/bio/bio_cb.c
+
+=head1 SEE ALSO
+
+TBA
diff --git a/doc/crypto/BIO_should_retry.pod b/doc/crypto/BIO_should_retry.pod
new file mode 100644
index 0000000000..539c391272
--- /dev/null
+++ b/doc/crypto/BIO_should_retry.pod
@@ -0,0 +1,114 @@
+=pod
+
+=head1 NAME
+
+BIO_should_retry, BIO_should_read, BIO_should_write,
+BIO_should_io_special, BIO_retry_type, BIO_should_retry,
+BIO_get_retry_BIO, BIO_get_retry_reason - BIO retry functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+ #define BIO_should_read(a)		((a)->flags & BIO_FLAGS_READ)
+ #define BIO_should_write(a)		((a)->flags & BIO_FLAGS_WRITE)
+ #define BIO_should_io_special(a)	((a)->flags & BIO_FLAGS_IO_SPECIAL)
+ #define BIO_retry_type(a)		((a)->flags & BIO_FLAGS_RWS)
+ #define BIO_should_retry(a)		((a)->flags & BIO_FLAGS_SHOULD_RETRY)
+
+ #define BIO_FLAGS_READ		0x01
+ #define BIO_FLAGS_WRITE	0x02
+ #define BIO_FLAGS_IO_SPECIAL	0x04
+ #define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
+ #define BIO_FLAGS_SHOULD_RETRY	0x08
+
+ BIO *	BIO_get_retry_BIO(BIO *bio, int *reason);
+ int	BIO_get_retry_reason(BIO *bio);
+
+=head1 DESCRIPTION
+
+These functions determine why a BIO is not able to read or write data.
+They will typically be called after a failed BIO_read() or BIO_write()
+call.
+
+BIO_should_retry() is true if the call that produced this condition
+should then be retried at a later time.
+
+If BIO_should_retry() is false then the cause is an error condition.
+
+BIO_should_read() is true if the cause of the condition is that a BIO
+needs to read data.
+
+BIO_should_write() is true if the cause of the condition is that a BIO
+needs to read data.
+
+BIO_should_io_special() is true if some "special" condition, that is a
+reason other than reading or writing is the cause of the condition.
+
+BIO_get_retry_reason() returns a mask of the cause of a retry condition
+consisting of the values B<BIO_FLAGS_READ>, B<BIO_FLAGS_WRITE>,
+B<BIO_FLAGS_IO_SPECIAL> though current BIO types will only set one of
+these.
+
+BIO_get_retry_BIO() determines the precise reason for the special
+condition, it returns the BIO that caused this condition and if 
+B<reason> is not NULL it contains the reason code. The meaning of
+the reason code and the action that should be taken depends on
+the type of BIO that resulted in this condition.
+
+BIO_get_retry_reason() returns the reason for a special condition if
+passed the relevant BIO, for example as returned by BIO_get_retry_BIO().
+
+=head1 NOTES
+
+If BIO_should_retry() returns false then the precise "error condition"
+depends on the BIO type that caused it and the return code of the BIO
+operation. For example if a call to BIO_read() on a socket BIO returns
+0 and BIO_should_retry() is false then the cause will be that the
+connection closed. A similar condition on a file BIO will mean that it
+has reached EOF. Some BIO types may place additional information on
+the error queue. For more details see the individual BIO type manual
+pages.
+
+If the underlying I/O structure is in a blocking mode almost all current
+BIO types will not request a retry, because the underlying I/O
+calls will not. If the application knows that the BIO type will never
+signal a retry then it need not call BIO_should_retry() after a failed
+BIO I/O call. This is typically done with file BIOs.
+
+SSL BIOs are the only current exception to this rule: they can request a
+retry even if the underlying I/O structure is blocking, if a handshake
+occurs during a call to BIO_read(). An application can retry the failed
+call immediately or avoid this situation by setting SSL_MODE_AUTO_RETRY
+on the underlying SSL structure.
+
+While an application may retry a failed non blocking call immediately
+this is likely to be very inefficient because the call will fail
+repeatedly until data can be processed or is available. An application
+will normally wait until the necessary condition is satisfied. How
+this is done depends on the underlying I/O structure.
+
+For example if the cause is ultimately a socket and BIO_should_read()
+is true then a call to select() may be made to wait until data is
+available and then retry the BIO operation. By combining the retry
+conditions of several non blocking BIOs in a single select() call
+it is possible to service several BIOs in a single thread, though
+the performance may be poor if SSL BIOs are present because long delays
+can occur during the initial handshake process. 
+
+It is possible for a BIO to block indefinitely if the underlying I/O
+structure cannot process or return any data. This depends on the behaviour of
+the platforms I/O functions. This is often not desirable: one solution
+is to use non blocking I/O and use a timeout on the select() (or
+equivalent) call.
+
+=head1 BUGS
+
+The OpenSSL ASN1 functions cannot gracefully deal with non blocking I/O:
+that is they cannot retry after a partial read or write. This is usually
+worked around by only passing the relevant data to ASN1 functions when
+the entire structure can be read or written.
+
+=head1 SEE ALSO
+
+TBA
diff --git a/doc/crypto/BN_CTX_new.pod b/doc/crypto/BN_CTX_new.pod
new file mode 100644
index 0000000000..ad8d07db89
--- /dev/null
+++ b/doc/crypto/BN_CTX_new.pod
@@ -0,0 +1,53 @@
+=pod
+
+=head1 NAME
+
+BN_CTX_new, BN_CTX_init, BN_CTX_free - allocate and free BN_CTX structures
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BN_CTX *BN_CTX_new(void);
+
+ void BN_CTX_init(BN_CTX *c);
+
+ void BN_CTX_free(BN_CTX *c);
+
+=head1 DESCRIPTION
+
+A B<BN_CTX> is a structure that holds B<BIGNUM> temporary variables used by
+library functions. Since dynamic memory allocation to create B<BIGNUM>s
+is rather expensive when used in conjunction with repeated subroutine
+calls, the B<BN_CTX> structure is used.
+
+BN_CTX_new() allocates and initializes a B<BN_CTX>
+structure. BN_CTX_init() initializes an existing uninitialized
+B<BN_CTX>.
+
+BN_CTX_free() frees the components of the B<BN_CTX>, and if it was
+created by BN_CTX_new(), also the structure itself.
+If L<BN_CTX_start(3)|BN_CTX_start(3)> has been used on the B<BN_CTX>,
+L<BN_CTX_end(3)|BN_CTX_end(3)> must be called before the B<BN_CTX>
+may be freed by BN_CTX_free().
+
+
+=head1 RETURN VALUES
+
+BN_CTX_new() returns a pointer to the B<BN_CTX>. If the allocation fails,
+it returns B<NULL> and sets an error code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>.
+
+BN_CTX_init() and BN_CTX_free() have no return values.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
+L<BN_CTX_start(3)|BN_CTX_start(3)>
+
+=head1 HISTORY
+
+BN_CTX_new() and BN_CTX_free() are available in all versions on SSLeay
+and OpenSSL. BN_CTX_init() was added in SSLeay 0.9.1b.
+
+=cut
diff --git a/doc/crypto/BN_CTX_start.pod b/doc/crypto/BN_CTX_start.pod
new file mode 100644
index 0000000000..dfcefe1a88
--- /dev/null
+++ b/doc/crypto/BN_CTX_start.pod
@@ -0,0 +1,52 @@
+=pod
+
+=head1 NAME
+
+BN_CTX_start, BN_CTX_get, BN_CTX_end - use temporary BIGNUM variables
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ void BN_CTX_start(BN_CTX *ctx);
+
+ BIGNUM *BN_CTX_get(BN_CTX *ctx);
+
+ void BN_CTX_end(BN_CTX *ctx);
+
+=head1 DESCRIPTION
+
+These functions are used to obtain temporary B<BIGNUM> variables from
+a B<BN_CTX> (which can been created by using L<BN_CTX_new(3)|BN_CTX_new(3)>)
+in order to save the overhead of repeatedly creating and
+freeing B<BIGNUM>s in functions that are called from inside a loop.
+
+A function must call BN_CTX_start() first. Then, BN_CTX_get() may be
+called repeatedly to obtain temporary B<BIGNUM>s. All BN_CTX_get()
+calls must be made before calling any other functions that use the
+B<ctx> as an argument.
+
+Finally, BN_CTX_end() must be called before returning from the function.
+When BN_CTX_end() is called, the B<BIGNUM> pointers obtained from
+BN_CTX_get() become invalid.
+
+=head1 RETURN VALUES
+
+BN_CTX_start() and BN_CTX_end() return no values.
+
+BN_CTX_get() returns a pointer to the B<BIGNUM>, or B<NULL> on error.
+Once BN_CTX_get() has failed, the subsequent calls will return B<NULL>
+as well, so it is sufficient to check the return value of the last
+BN_CTX_get() call. In case of an error, an error code is set, which
+can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+
+=head1 SEE ALSO
+
+L<BN_CTX_new(3)|BN_CTX_new(3)>
+
+=head1 HISTORY
+
+BN_CTX_start(), BN_CTX_get() and BN_CTX_end() were added in OpenSSL 0.9.5.
+
+=cut
diff --git a/doc/crypto/BN_add.pod b/doc/crypto/BN_add.pod
new file mode 100644
index 0000000000..88c7a799ee
--- /dev/null
+++ b/doc/crypto/BN_add.pod
@@ -0,0 +1,126 @@
+=pod
+
+=head1 NAME
+
+BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add,
+BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd -
+arithmetic operations on BIGNUMs
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+
+ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+
+ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+
+ int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
+
+ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
+         BN_CTX *ctx);
+
+ int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+
+ int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+
+ int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+         BN_CTX *ctx);
+
+ int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+         BN_CTX *ctx);
+
+ int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+         BN_CTX *ctx);
+
+ int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+
+ int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
+
+ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+         const BIGNUM *m, BN_CTX *ctx);
+
+ int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+
+=head1 DESCRIPTION
+
+BN_add() adds I<a> and I<b> and places the result in I<r> (C<r=a+b>).
+I<r> may be the same B<BIGNUM> as I<a> or I<b>.
+
+BN_sub() subtracts I<b> from I<a> and places the result in I<r> (C<r=a-b>).
+
+BN_mul() multiplies I<a> and I<b> and places the result in I<r> (C<r=a*b>).
+I<r> may be the same B<BIGNUM> as I<a> or I<b>.
+For multiplication by powers of 2, use L<BN_lshift(3)|BN_lshift(3)>.
+
+BN_sqr() takes the square of I<a> and places the result in I<r>
+(C<r=a^2>). I<r> and I<a> may be the same B<BIGNUM>.
+This function is faster than BN_mul(r,a,a).
+
+BN_div() divides I<a> by I<d> and places the result in I<dv> and the
+remainder in I<rem> (C<dv=a/d, rem=a%d>). Either of I<dv> and I<rem> may
+be B<NULL>, in which case the respective value is not returned.
+The result is rounded towards zero; thus if I<a> is negative, the
+remainder will be zero or negative.
+For division by powers of 2, use BN_rshift(3).
+
+BN_mod() corresponds to BN_div() with I<dv> set to B<NULL>.
+
+BN_nnmod() reduces I<a> modulo I<m> and places the non-negative
+remainder in I<r>.
+
+BN_mod_add() adds I<a> to I<b> modulo I<m> and places the non-negative
+result in I<r>.
+
+BN_mod_sub() subtracts I<b> from I<a> modulo I<m> and places the
+non-negative result in I<r>.
+
+BN_mod_mul() multiplies I<a> by I<b> and finds the non-negative
+remainder respective to modulus I<m> (C<r=(a*b) mod m>). I<r> may be
+the same B<BIGNUM> as I<a> or I<b>. For more efficient algorithms for
+repeated computations using the same modulus, see
+L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)> and
+L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>.
+
+BN_mod_sqr() takes the square of I<a> modulo B<m> and places the
+result in I<r>.
+
+BN_exp() raises I<a> to the I<p>-th power and places the result in I<r>
+(C<r=a^p>). This function is faster than repeated applications of
+BN_mul().
+
+BN_mod_exp() computes I<a> to the I<p>-th power modulo I<m> (C<r=a^p %
+m>). This function uses less time and space than BN_exp().
+
+BN_gcd() computes the greatest common divisor of I<a> and I<b> and
+places the result in I<r>. I<r> may be the same B<BIGNUM> as I<a> or
+I<b>.
+
+For all functions, I<ctx> is a previously allocated B<BN_CTX> used for
+temporary variables; see L<BN_CTX_new(3)|BN_CTX_new(3)>.
+
+Unless noted otherwise, the result B<BIGNUM> must be different from
+the arguments.
+
+=head1 RETURN VALUES
+
+For all functions, 1 is returned for success, 0 on error. The return
+value should always be checked (e.g., C<if (!BN_add(r,a,b)) goto err;>).
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
+L<BN_add_word(3)|BN_add_word(3)>, L<BN_set_bit(3)|BN_set_bit(3)>
+
+=head1 HISTORY
+
+BN_add(), BN_sub(), BN_sqr(), BN_div(), BN_mod(), BN_mod_mul(),
+BN_mod_exp() and BN_gcd() are available in all versions of SSLeay and
+OpenSSL. The I<ctx> argument to BN_mul() was added in SSLeay
+0.9.1b. BN_exp() appeared in SSLeay 0.9.0.
+BN_nnmod(), BN_mod_add(), BN_mod_sub(), and BN_mod_sqr() were added in
+OpenSSL 0.9.7.
+
+=cut
diff --git a/doc/crypto/BN_add_word.pod b/doc/crypto/BN_add_word.pod
new file mode 100644
index 0000000000..94244adea4
--- /dev/null
+++ b/doc/crypto/BN_add_word.pod
@@ -0,0 +1,57 @@
+=pod
+
+=head1 NAME
+
+BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word - arithmetic
+functions on BIGNUMs with integers
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_add_word(BIGNUM *a, BN_ULONG w);
+
+ int BN_sub_word(BIGNUM *a, BN_ULONG w);
+
+ int BN_mul_word(BIGNUM *a, BN_ULONG w);
+
+ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+
+ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+
+=head1 DESCRIPTION
+
+These functions perform arithmetic operations on BIGNUMs with unsigned
+integers. They are much more efficient than the normal BIGNUM
+arithmetic operations.
+
+BN_add_word() adds B<w> to B<a> (C<a+=w>).
+
+BN_sub_word() subtracts B<w> from B<a> (C<a-=w>).
+
+BN_mul_word() multiplies B<a> and B<w> (C<a*=b>).
+
+BN_div_word() divides B<a> by B<w> (C<a/=w>) and returns the remainder.
+
+BN_mod_word() returns the remainder of B<a> divided by B<w> (C<a%m>).
+
+For BN_div_word() and BN_mod_word(), B<w> must not be 0.
+
+=head1 RETURN VALUES
+
+BN_add_word(), BN_sub_word() and BN_mul_word() return 1 for success, 0
+on error. The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+BN_mod_word() and BN_div_word() return B<a>%B<w>.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>
+
+=head1 HISTORY
+
+BN_add_word() and BN_mod_word() are available in all versions of
+SSLeay and OpenSSL. BN_div_word() was added in SSLeay 0.8, and
+BN_sub_word() and BN_mul_word() in SSLeay 0.9.0.
+
+=cut
diff --git a/doc/crypto/BN_bn2bin.pod b/doc/crypto/BN_bn2bin.pod
new file mode 100644
index 0000000000..a4b17ca60a
--- /dev/null
+++ b/doc/crypto/BN_bn2bin.pod
@@ -0,0 +1,95 @@
+=pod
+
+=head1 NAME
+
+BN_bn2bin, BN_bin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn,
+BN_print, BN_print_fp, BN_bn2mpi, BN_mpi2bn - format conversions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+
+ char *BN_bn2hex(const BIGNUM *a);
+ char *BN_bn2dec(const BIGNUM *a);
+ int BN_hex2bn(BIGNUM **a, const char *str);
+ int BN_dec2bn(BIGNUM **a, const char *str);
+
+ int BN_print(BIO *fp, const BIGNUM *a);
+ int BN_print_fp(FILE *fp, const BIGNUM *a);
+
+ int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+ BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
+
+=head1 DESCRIPTION
+
+BN_bn2bin() converts the absolute value of B<a> into big-endian form
+and stores it at B<to>. B<to> must point to BN_num_bytes(B<a>) bytes of
+memory.
+
+BN_bin2bn() converts the positive integer in big-endian form of length
+B<len> at B<s> into a B<BIGNUM> and places it in B<ret>. If B<ret> is
+NULL, a new B<BIGNUM> is created.
+
+BN_bn2hex() and BN_bn2dec() return printable strings containing the
+hexadecimal and decimal encoding of B<a> respectively. For negative
+numbers, the string is prefaced with a leading '-'. The string must be
+freed later using OPENSSL_free().
+
+BN_hex2bn() converts the string B<str> containing a hexadecimal number
+to a B<BIGNUM> and stores it in **B<bn>. If *B<bn> is NULL, a new
+B<BIGNUM> is created. If B<bn> is NULL, it only computes the number's
+length in hexadecimal digits. If the string starts with '-', the
+number is negative. BN_dec2bn() is the same using the decimal system.
+
+BN_print() and BN_print_fp() write the hexadecimal encoding of B<a>,
+with a leading '-' for negative numbers, to the B<BIO> or B<FILE>
+B<fp>.
+
+BN_bn2mpi() and BN_mpi2bn() convert B<BIGNUM>s from and to a format
+that consists of the number's length in bytes represented as a 4-byte
+big-endian number, and the number itself in big-endian format, where
+the most significant bit signals a negative number (the representation
+of numbers with the MSB set is prefixed with null byte).
+
+BN_bn2mpi() stores the representation of B<a> at B<to>, where B<to>
+must be large enough to hold the result. The size can be determined by
+calling BN_bn2mpi(B<a>, NULL).
+
+BN_mpi2bn() converts the B<len> bytes long representation at B<s> to
+a B<BIGNUM> and stores it at B<ret>, or in a newly allocated B<BIGNUM>
+if B<ret> is NULL.
+
+=head1 RETURN VALUES
+
+BN_bn2bin() returns the length of the big-endian number placed at B<to>.
+BN_bin2bn() returns the B<BIGNUM>, NULL on error.
+
+BN_bn2hex() and BN_bn2dec() return a null-terminated string, or NULL
+on error. BN_hex2bn() and BN_dec2bn() return the number's length in
+hexadecimal or decimal digits, and 0 on error.
+
+BN_print_fp() and BN_print() return 1 on success, 0 on write errors.
+
+BN_bn2mpi() returns the length of the representation. BN_mpi2bn()
+returns the B<BIGNUM>, and NULL on error.
+
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_zero(3)|BN_zero(3)>,
+L<ASN1_INTEGER_to_BN(3)|ASN1_INTEGER_to_BN(3)>,
+L<BN_num_bytes(3)|BN_num_bytes(3)>
+
+=head1 HISTORY
+
+BN_bn2bin(), BN_bin2bn(), BN_print_fp() and BN_print() are available
+in all versions of SSLeay and OpenSSL.
+
+BN_bn2hex(), BN_bn2dec(), BN_hex2bn(), BN_dec2bn(), BN_bn2mpi() and
+BN_mpi2bn() were added in SSLeay 0.9.0.
+
+=cut
diff --git a/doc/crypto/BN_cmp.pod b/doc/crypto/BN_cmp.pod
new file mode 100644
index 0000000000..23e9ed0b4f
--- /dev/null
+++ b/doc/crypto/BN_cmp.pod
@@ -0,0 +1,48 @@
+=pod
+
+=head1 NAME
+
+BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd - BIGNUM comparison and test functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_cmp(BIGNUM *a, BIGNUM *b);
+ int BN_ucmp(BIGNUM *a, BIGNUM *b);
+
+ int BN_is_zero(BIGNUM *a);
+ int BN_is_one(BIGNUM *a);
+ int BN_is_word(BIGNUM *a, BN_ULONG w);
+ int BN_is_odd(BIGNUM *a);
+
+=head1 DESCRIPTION
+
+BN_cmp() compares the numbers B<a> and B<b>. BN_ucmp() compares their
+absolute values.
+
+BN_is_zero(), BN_is_one() and BN_is_word() test if B<a> equals 0, 1,
+or B<w> respectively. BN_is_odd() tests if a is odd.
+
+BN_is_zero(), BN_is_one(), BN_is_word() and BN_is_odd() are macros.
+
+=head1 RETURN VALUES
+
+BN_cmp() returns -1 if B<a> E<lt> B<b>, 0 if B<a> == B<b> and 1 if
+B<a> E<gt> B<b>. BN_ucmp() is the same using the absolute values
+of B<a> and B<b>.
+
+BN_is_zero(), BN_is_one() BN_is_word() and BN_is_odd() return 1 if
+the condition is true, 0 otherwise.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>
+
+=head1 HISTORY
+
+BN_cmp(), BN_ucmp(), BN_is_zero(), BN_is_one() and BN_is_word() are
+available in all versions of SSLeay and OpenSSL.
+BN_is_odd() was added in SSLeay 0.8.
+
+=cut
diff --git a/doc/crypto/BN_copy.pod b/doc/crypto/BN_copy.pod
new file mode 100644
index 0000000000..388dd7df26
--- /dev/null
+++ b/doc/crypto/BN_copy.pod
@@ -0,0 +1,34 @@
+=pod
+
+=head1 NAME
+
+BN_copy, BN_dup - copy BIGNUMs
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BIGNUM *BN_copy(BIGNUM *to, const BIGNUM *from);
+
+ BIGNUM *BN_dup(const BIGNUM *from);
+
+=head1 DESCRIPTION
+
+BN_copy() copies B<from> to B<to>. BN_dup() creates a new B<BIGNUM>
+containing the value B<from>.
+
+=head1 RETURN VALUES
+
+BN_copy() returns B<to> on success, NULL on error. BN_dup() returns
+the new B<BIGNUM>, and NULL on error. The error codes can be obtained
+by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+BN_copy() and BN_dup() are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod
new file mode 100644
index 0000000000..6ea23791d1
--- /dev/null
+++ b/doc/crypto/BN_generate_prime.pod
@@ -0,0 +1,102 @@
+=pod
+
+=head1 NAME
+
+BN_generate_prime, BN_is_prime, BN_is_prime_fasttest - generate primes and test for primality
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BIGNUM *BN_generate_prime(BIGNUM *ret, int num, int safe, BIGNUM *add,
+     BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
+
+ int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int, int, 
+     void *), BN_CTX *ctx, void *cb_arg);
+
+ int BN_is_prime_fasttest(const BIGNUM *a, int checks,
+     void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg,
+     int do_trial_division);
+
+=head1 DESCRIPTION
+
+BN_generate_prime() generates a pseudo-random prime number of B<num>
+bits.
+If B<ret> is not B<NULL>, it will be used to store the number.
+
+If B<callback> is not B<NULL>, it is called as follows:
+
+=over 4
+
+=item *
+
+B<callback(0, i, cb_arg)> is called after generating the i-th
+potential prime number.
+
+=item *
+
+While the number is being tested for primality, B<callback(1, j,
+cb_arg)> is called as described below.
+
+=item *
+
+When a prime has been found, B<callback(2, i, cb_arg)> is called.
+
+=back
+
+The prime may have to fulfill additional requirements for use in
+Diffie-Hellman key exchange:
+
+If B<add> is not B<NULL>, the prime will fulfill the condition p % B<add>
+== B<rem> (p % B<add> == 1 if B<rem> == B<NULL>) in order to suit a given
+generator.
+
+If B<safe> is true, it will be a safe prime (i.e. a prime p so
+that (p-1)/2 is also prime).
+
+The PRNG must be seeded prior to calling BN_generate_prime().
+The prime number generation has a negligible error probability.
+
+BN_is_prime() and BN_is_prime_fasttest() test if the number B<a> is
+prime.  The following tests are performed until one of them shows that
+B<a> is composite; if B<a> passes all these tests, it is considered
+prime.
+
+BN_is_prime_fasttest(), when called with B<do_trial_division == 1>,
+first attempts trial division by a number of small primes;
+if no divisors are found by this test and B<callback> is not B<NULL>,
+B<callback(1, -1, cb_arg)> is called.
+If B<do_trial_division == 0>, this test is skipped.
+
+Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin
+probabilistic primality test with B<checks> iterations. If
+B<checks == BN_prime_check>, a number of iterations is used that
+yields a false positive rate of at most 2^-80 for random input.
+
+If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called
+after the j-th iteration (j = 0, 1, ...). B<ctx> is a
+pre-allocated B<BN_CTX> (to save the overhead of allocating and
+freeing the structure in a loop), or B<NULL>.
+
+=head1 RETURN VALUES
+
+BN_generate_prime() returns the prime number on success, B<NULL> otherwise.
+
+BN_is_prime() returns 0 if the number is composite, 1 if it is
+prime with an error probability of less than 0.25^B<checks>, and
+-1 on error.
+
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>
+
+=head1 HISTORY
+
+The B<cb_arg> arguments to BN_generate_prime() and to BN_is_prime()
+were added in SSLeay 0.9.0. The B<ret> argument to BN_generate_prime()
+was added in SSLeay 0.9.1.
+BN_is_prime_fasttest() was added in OpenSSL 0.9.5.
+
+=cut
diff --git a/doc/crypto/BN_mod_inverse.pod b/doc/crypto/BN_mod_inverse.pod
new file mode 100644
index 0000000000..3ea3975c74
--- /dev/null
+++ b/doc/crypto/BN_mod_inverse.pod
@@ -0,0 +1,36 @@
+=pod
+
+=head1 NAME
+
+BN_mod_inverse - compute inverse modulo n
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
+           BN_CTX *ctx);
+
+=head1 DESCRIPTION
+
+BN_mod_inverse() computes the inverse of B<a> modulo B<n>
+places the result in B<r> (C<(a*r)%n==1>). If B<r> is NULL,
+a new B<BIGNUM> is created.
+
+B<ctx> is a previously allocated B<BN_CTX> used for temporary
+variables. B<r> may be the same B<BIGNUM> as B<a> or B<n>.
+
+=head1 RETURN VALUES
+
+BN_mod_inverse() returns the B<BIGNUM> containing the inverse, and
+NULL on error. The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>
+
+=head1 HISTORY
+
+BN_mod_inverse() is available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/doc/crypto/BN_mod_mul_montgomery.pod b/doc/crypto/BN_mod_mul_montgomery.pod
new file mode 100644
index 0000000000..6b16351b92
--- /dev/null
+++ b/doc/crypto/BN_mod_mul_montgomery.pod
@@ -0,0 +1,101 @@
+=pod
+
+=head1 NAME
+
+BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init,
+BN_MONT_CTX_free, BN_MONT_CTX_set, BN_MONT_CTX_copy,
+BN_from_montgomery, BN_to_montgomery - Montgomery multiplication
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BN_MONT_CTX *BN_MONT_CTX_new(void);
+ void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
+ void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+
+ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
+ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
+
+ int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+         BN_MONT_CTX *mont, BN_CTX *ctx);
+
+ int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+         BN_CTX *ctx);
+
+ int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+         BN_CTX *ctx);
+
+=head1 DESCRIPTION
+
+These functions implement Montgomery multiplication. They are used
+automatically when L<BN_mod_exp(3)|BN_mod_exp(3)> is called with suitable input,
+but they may be useful when several operations are to be performed
+using the same modulus.
+
+BN_MONT_CTX_new() allocates and initializes a B<BN_MONT_CTX> structure.
+BN_MONT_CTX_init() initializes an existing uninitialized B<BN_MONT_CTX>.
+
+BN_MONT_CTX_set() sets up the I<mont> structure from the modulus I<m>
+by precomputing its inverse and a value R.
+
+BN_MONT_CTX_copy() copies the B<BN_MONT_CTX> I<from> to I<to>.
+
+BN_MONT_CTX_free() frees the components of the B<BN_MONT_CTX>, and, if
+it was created by BN_MONT_CTX_new(), also the structure itself.
+
+BN_mod_mul_montgomery() computes Mont(I<a>,I<b>):=I<a>*I<b>*R^-1 and places
+the result in I<r>.
+
+BN_from_montgomery() performs the Montgomery reduction I<r> = I<a>*R^-1.
+
+BN_to_montgomery() computes Mont(I<a>,R^2), i.e. I<a>*R.
+Note that I<a> must be non-negative and smaller than the modulus.
+
+For all functions, I<ctx> is a previously allocated B<BN_CTX> used for
+temporary variables.
+
+The B<BN_MONT_CTX> structure is defined as follows:
+
+ typedef struct bn_mont_ctx_st
+        {
+        int ri;         /* number of bits in R */
+        BIGNUM RR;      /* R^2 (used to convert to Montgomery form) */
+        BIGNUM N;       /* The modulus */
+        BIGNUM Ni;      /* R*(1/R mod N) - N*Ni = 1
+                         * (Ni is only stored for bignum algorithm) */
+        BN_ULONG n0;    /* least significant word of Ni */
+        int flags;
+        } BN_MONT_CTX;
+
+BN_to_montgomery() is a macro.
+
+=head1 RETURN VALUES
+
+BN_MONT_CTX_new() returns the newly allocated B<BN_MONT_CTX>, and NULL
+on error.
+
+BN_MONT_CTX_init() and BN_MONT_CTX_free() have no return values.
+
+For the other functions, 1 is returned for success, 0 on error.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 WARNING
+
+The inputs must be reduced modulo B<m>, otherwise the result will be
+outside the expected range.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
+L<BN_CTX_new(3)|BN_CTX_new(3)>
+
+=head1 HISTORY
+
+BN_MONT_CTX_new(), BN_MONT_CTX_free(), BN_MONT_CTX_set(),
+BN_mod_mul_montgomery(), BN_from_montgomery() and BN_to_montgomery()
+are available in all versions of SSLeay and OpenSSL.
+
+BN_MONT_CTX_init() and BN_MONT_CTX_copy() were added in SSLeay 0.9.1b.
+
+=cut
diff --git a/doc/crypto/BN_mod_mul_reciprocal.pod b/doc/crypto/BN_mod_mul_reciprocal.pod
new file mode 100644
index 0000000000..74a216ddc2
--- /dev/null
+++ b/doc/crypto/BN_mod_mul_reciprocal.pod
@@ -0,0 +1,81 @@
+=pod
+
+=head1 NAME
+
+BN_mod_mul_reciprocal,  BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_init,
+BN_RECP_CTX_free, BN_RECP_CTX_set - modular multiplication using
+reciprocal
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BN_RECP_CTX *BN_RECP_CTX_new(void);
+ void BN_RECP_CTX_init(BN_RECP_CTX *recp);
+ void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+
+ int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
+
+ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *a, BN_RECP_CTX *recp,
+        BN_CTX *ctx);
+
+ int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+        BN_RECP_CTX *recp, BN_CTX *ctx);
+
+=head1 DESCRIPTION
+
+BN_mod_mul_reciprocal() can be used to perform an efficient
+L<BN_mod_mul(3)|BN_mod_mul(3)> operation when the operation will be performed
+repeatedly with the same modulus. It computes B<r>=(B<a>*B<b>)%B<m>
+using B<recp>=1/B<m>, which is set as described below.  B<ctx> is a
+previously allocated B<BN_CTX> used for temporary variables.
+
+BN_RECP_CTX_new() allocates and initializes a B<BN_RECP> structure.
+BN_RECP_CTX_init() initializes an existing uninitialized B<BN_RECP>.
+
+BN_RECP_CTX_free() frees the components of the B<BN_RECP>, and, if it
+was created by BN_RECP_CTX_new(), also the structure itself.
+
+BN_RECP_CTX_set() stores B<m> in B<recp> and sets it up for computing
+1/B<m> and shifting it left by BN_num_bits(B<m>)+1 to make it an
+integer. The result and the number of bits it was shifted left will
+later be stored in B<recp>.
+
+BN_div_recp() divides B<a> by B<m> using B<recp>. It places the quotient
+in B<dv> and the remainder in B<rem>.
+
+The B<BN_RECP_CTX> structure is defined as follows:
+
+ typedef struct bn_recp_ctx_st
+	{
+	BIGNUM N;	/* the divisor */
+	BIGNUM Nr;	/* the reciprocal */
+	int num_bits;
+	int shift;
+	int flags;
+	} BN_RECP_CTX;
+
+It cannot be shared between threads.
+
+=head1 RETURN VALUES
+
+BN_RECP_CTX_new() returns the newly allocated B<BN_RECP_CTX>, and NULL
+on error.
+
+BN_RECP_CTX_init() and BN_RECP_CTX_free() have no return values.
+
+For the other functions, 1 is returned for success, 0 on error.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
+L<BN_CTX_new(3)|BN_CTX_new(3)>
+
+=head1 HISTORY
+
+B<BN_RECP_CTX> was added in SSLeay 0.9.0. Before that, the function
+BN_reciprocal() was used instead, and the BN_mod_mul_reciprocal()
+arguments were different.
+
+=cut
diff --git a/doc/crypto/BN_new.pod b/doc/crypto/BN_new.pod
new file mode 100644
index 0000000000..3033789c51
--- /dev/null
+++ b/doc/crypto/BN_new.pod
@@ -0,0 +1,53 @@
+=pod
+
+=head1 NAME
+
+BN_new, BN_init, BN_clear, BN_free, BN_clear_free - allocate and free BIGNUMs
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BIGNUM *BN_new(void);
+
+ void BN_init(BIGNUM *);
+
+ void BN_clear(BIGNUM *a);
+
+ void BN_free(BIGNUM *a);
+
+ void BN_clear_free(BIGNUM *a);
+
+=head1 DESCRIPTION
+
+BN_new() allocated and initializes a B<BIGNUM> structure. BN_init()
+initializes an existing uninitialized B<BIGNUM>.
+
+BN_clear() is used to destroy sensitive data such as keys when they
+are no longer needed. It erases the memory used by B<a> and sets it
+to the value 0.
+
+BN_free() frees the components of the B<BIGNUM>, and if it was created
+by BN_new(), also the structure itself. BN_clear_free() additionally
+overwrites the data before the memory is returned to the system.
+
+=head1 RETURN VALUES
+
+BN_new() returns a pointer to the B<BIGNUM>. If the allocation fails,
+it returns B<NULL> and sets an error code that can be obtained
+by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+BN_init(), BN_clear(), BN_free() and BN_clear_free() have no return
+values.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+BN_new(), BN_clear(), BN_free() and BN_clear_free() are available in
+all versions on SSLeay and OpenSSL.  BN_init() was added in SSLeay
+0.9.1b.
+
+=cut
diff --git a/doc/crypto/BN_num_bytes.pod b/doc/crypto/BN_num_bytes.pod
new file mode 100644
index 0000000000..61589fb9ac
--- /dev/null
+++ b/doc/crypto/BN_num_bytes.pod
@@ -0,0 +1,37 @@
+=pod
+
+=head1 NAME
+
+BN_num_bits, BN_num_bytes, BN_num_bits_word - get BIGNUM size
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_num_bytes(const BIGNUM *a);
+
+ int BN_num_bits(const BIGNUM *a);
+
+ int BN_num_bits_word(BN_ULONG w);
+
+=head1 DESCRIPTION
+
+These functions return the size of a B<BIGNUM> in bytes or bits,
+and the size of an unsigned integer in bits.
+
+BN_num_bytes() is a macro.
+
+=head1 RETURN VALUES
+
+The size.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>
+
+=head1 HISTORY
+
+BN_num_bytes(), BN_num_bits() and BN_num_bits_word() are available in
+all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod
new file mode 100644
index 0000000000..81f93c2eb3
--- /dev/null
+++ b/doc/crypto/BN_rand.pod
@@ -0,0 +1,58 @@
+=pod
+
+=head1 NAME
+
+BN_rand, BN_pseudo_rand - generate pseudo-random number
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+
+ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+
+ int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
+
+ int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
+
+=head1 DESCRIPTION
+
+BN_rand() generates a cryptographically strong pseudo-random number of
+B<bits> bits in length and stores it in B<rnd>. If B<top> is -1, the
+most significant bit of the random number can be zero. If B<top> is 0,
+it is set to 1, and if B<top> is 1, the two most significant bits of
+the number will be set to 1, so that the product of two such random
+numbers will always have 2*B<bits> length.  If B<bottom> is true, the
+number will be odd.
+
+BN_pseudo_rand() does the same, but pseudo-random numbers generated by
+this function are not necessarily unpredictable. They can be used for
+non-cryptographic purposes and for certain purposes in cryptographic
+protocols, but usually not for key generation etc.
+
+BN_rand_range() generates a cryptographically strong pseudo-random
+number B<rnd> in the range 0 <lt>= B<rnd> E<lt> B<range>.
+BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(),
+and hence numbers generated by it are not necessarily unpredictable.
+
+The PRNG must be seeded prior to calling BN_rand() or BN_rand_range().
+
+=head1 RETURN VALUES
+
+The functions return 1 on success, 0 on error.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
+
+=head1 HISTORY
+
+BN_rand() is available in all versions of SSLeay and OpenSSL.
+BN_pseudo_rand() was added in OpenSSL 0.9.5. The B<top> == -1 case
+and the function BN_rand_range() were added in OpenSSL 0.9.6a.
+BN_pseudo_rand_range() was added in OpenSSL 0.9.6c.
+
+=cut
diff --git a/doc/crypto/BN_set_bit.pod b/doc/crypto/BN_set_bit.pod
new file mode 100644
index 0000000000..b7c47b9b01
--- /dev/null
+++ b/doc/crypto/BN_set_bit.pod
@@ -0,0 +1,66 @@
+=pod
+
+=head1 NAME
+
+BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift,
+BN_lshift1, BN_rshift, BN_rshift1 - bit operations on BIGNUMs
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_set_bit(BIGNUM *a, int n);
+ int BN_clear_bit(BIGNUM *a, int n);
+
+ int BN_is_bit_set(const BIGNUM *a, int n);
+
+ int BN_mask_bits(BIGNUM *a, int n);
+
+ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+ int BN_lshift1(BIGNUM *r, BIGNUM *a);
+
+ int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+ int BN_rshift1(BIGNUM *r, BIGNUM *a);
+
+=head1 DESCRIPTION
+
+BN_set_bit() sets bit B<n> in B<a> to 1 (C<a|=(1E<lt>E<lt>n)>). The
+number is expanded if necessary.
+
+BN_clear_bit() sets bit B<n> in B<a> to 0 (C<a&=~(1E<lt>E<lt>n)>). An
+error occurs if B<a> is shorter than B<n> bits.
+
+BN_is_bit_set() tests if bit B<n> in B<a> is set.
+
+BN_mask_bits() truncates B<a> to an B<n> bit number
+(C<a&=~((~0)E<gt>E<gt>n)>).  An error occurs if B<a> already is
+shorter than B<n> bits.
+
+BN_lshift() shifts B<a> left by B<n> bits and places the result in
+B<r> (C<r=a*2^n>). BN_lshift1() shifts B<a> left by one and places
+the result in B<r> (C<r=2*a>).
+
+BN_rshift() shifts B<a> right by B<n> bits and places the result in
+B<r> (C<r=a/2^n>). BN_rshift1() shifts B<a> right by one and places
+the result in B<r> (C<r=a/2>).
+
+For the shift functions, B<r> and B<a> may be the same variable.
+
+=head1 RETURN VALUES
+
+BN_is_bit_set() returns 1 if the bit is set, 0 otherwise.
+
+All other functions return 1 for success, 0 on error. The error codes
+can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>, L<BN_add(3)|BN_add(3)>
+
+=head1 HISTORY
+
+BN_set_bit(), BN_clear_bit(), BN_is_bit_set(), BN_mask_bits(),
+BN_lshift(), BN_lshift1(), BN_rshift(), and BN_rshift1() are available
+in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/doc/crypto/BN_swap.pod b/doc/crypto/BN_swap.pod
new file mode 100644
index 0000000000..79efaa1446
--- /dev/null
+++ b/doc/crypto/BN_swap.pod
@@ -0,0 +1,23 @@
+=pod
+
+=head1 NAME
+
+BN_swap - exchange BIGNUMs
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ void BN_swap(BIGNUM *a, BIGNUM *b);
+
+=head1 DESCRIPTION
+
+BN_swap() exchanges the values of I<a> and I<b>.
+
+L<bn(3)|bn(3)>
+
+=head1 HISTORY
+
+BN_swap was added in OpenSSL 0.9.7.
+
+=cut
diff --git a/doc/crypto/BN_zero.pod b/doc/crypto/BN_zero.pod
new file mode 100644
index 0000000000..b555ec3988
--- /dev/null
+++ b/doc/crypto/BN_zero.pod
@@ -0,0 +1,59 @@
+=pod
+
+=head1 NAME
+
+BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word - BIGNUM assignment
+operations
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ int BN_zero(BIGNUM *a);
+ int BN_one(BIGNUM *a);
+
+ const BIGNUM *BN_value_one(void);
+
+ int BN_set_word(BIGNUM *a, unsigned long w);
+ unsigned long BN_get_word(BIGNUM *a);
+
+=head1 DESCRIPTION
+
+BN_zero(), BN_one() and BN_set_word() set B<a> to the values 0, 1 and
+B<w> respectively.  BN_zero() and BN_one() are macros.
+
+BN_value_one() returns a B<BIGNUM> constant of value 1. This constant
+is useful for use in comparisons and assignment.
+
+BN_get_word() returns B<a>, if it can be represented as an unsigned
+long.
+
+=head1 RETURN VALUES
+
+BN_get_word() returns the value B<a>, and 0xffffffffL if B<a> cannot
+be represented as an unsigned long.
+
+BN_zero(), BN_one() and BN_set_word() return 1 on success, 0 otherwise.
+BN_value_one() returns the constant.
+
+=head1 BUGS
+
+Someone might change the constant.
+
+If a B<BIGNUM> is equal to 0xffffffffL it can be represented as an
+unsigned long but this value is also returned on error.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)>
+
+=head1 HISTORY
+
+BN_zero(), BN_one() and BN_set_word() are available in all versions of
+SSLeay and OpenSSL. BN_value_one() and BN_get_word() were added in
+SSLeay 0.8.
+
+BN_value_one() was changed to return a true const BIGNUM * in OpenSSL
+0.9.7.
+
+=cut
diff --git a/doc/crypto/CRYPTO_set_ex_data.pod b/doc/crypto/CRYPTO_set_ex_data.pod
new file mode 100644
index 0000000000..1bd5bed67d
--- /dev/null
+++ b/doc/crypto/CRYPTO_set_ex_data.pod
@@ -0,0 +1,51 @@
+=pod
+
+=head1 NAME
+
+CRYPTO_set_ex_data, CRYPTO_get_ex_data - internal application specific data functions
+
+=head1 SYNOPSIS
+
+ int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg);
+
+ void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx);
+
+=head1 DESCRIPTION
+
+Several OpenSSL structures can have application specific data attached to them.
+These functions are used internally by OpenSSL to manipulate application
+specific data attached to a specific structure.
+
+These functions should only be used by applications to manipulate
+B<CRYPTO_EX_DATA> structures passed to the B<new_func()>, B<free_func()> and
+B<dup_func()> callbacks: as passed to B<RSA_get_ex_new_index()> for example.
+
+B<CRYPTO_set_ex_data()> is used to set application specific data, the data is
+supplied in the B<arg> parameter and its precise meaning is up to the
+application.
+
+B<CRYPTO_get_ex_data()> is used to retrieve application specific data. The data
+is returned to the application, this will be the same value as supplied to
+a previous B<CRYPTO_set_ex_data()> call.
+
+=head1 RETURN VALUES
+
+B<CRYPTO_set_ex_data()> returns 1 on success or 0 on failure.
+
+B<CRYPTO_get_ex_data()> returns the application data or 0 on failure. 0 may also
+be valid application data but currently it can only fail if given an invalid B<idx>
+parameter.
+
+On failure an error code can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
+L<DSA_get_ex_new_index(3)|DSA_get_ex_new_index(3)>,
+L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>
+
+=head1 HISTORY
+
+CRYPTO_set_ex_data() and CRYPTO_get_ex_data() have been available since SSLeay 0.9.0.
+
+=cut
diff --git a/doc/crypto/DH_generate_key.pod b/doc/crypto/DH_generate_key.pod
new file mode 100644
index 0000000000..81f09fdf45
--- /dev/null
+++ b/doc/crypto/DH_generate_key.pod
@@ -0,0 +1,50 @@
+=pod
+
+=head1 NAME
+
+DH_generate_key, DH_compute_key - perform Diffie-Hellman key exchange
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ int DH_generate_key(DH *dh);
+
+ int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
+
+=head1 DESCRIPTION
+
+DH_generate_key() performs the first step of a Diffie-Hellman key
+exchange by generating private and public DH values. By calling
+DH_compute_key(), these are combined with the other party's public
+value to compute the shared key.
+
+DH_generate_key() expects B<dh> to contain the shared parameters
+B<dh-E<gt>p> and B<dh-E<gt>g>. It generates a random private DH value
+unless B<dh-E<gt>priv_key> is already set, and computes the
+corresponding public value B<dh-E<gt>pub_key>, which can then be
+published.
+
+DH_compute_key() computes the shared secret from the private DH value
+in B<dh> and the other party's public value in B<pub_key> and stores
+it in B<key>. B<key> must point to B<DH_size(dh)> bytes of memory.
+
+=head1 RETURN VALUES
+
+DH_generate_key() returns 1 on success, 0 otherwise.
+
+DH_compute_key() returns the size of the shared secret on success, -1
+on error.
+
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
+
+=head1 HISTORY
+
+DH_generate_key() and DH_compute_key() are available in all versions
+of SSLeay and OpenSSL.
+
+=cut
diff --git a/doc/crypto/DH_generate_parameters.pod b/doc/crypto/DH_generate_parameters.pod
new file mode 100644
index 0000000000..9081e9ea7c
--- /dev/null
+++ b/doc/crypto/DH_generate_parameters.pod
@@ -0,0 +1,73 @@
+=pod
+
+=head1 NAME
+
+DH_generate_parameters, DH_check - generate and check Diffie-Hellman parameters
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ DH *DH_generate_parameters(int prime_len, int generator,
+     void (*callback)(int, int, void *), void *cb_arg);
+
+ int DH_check(DH *dh, int *codes);
+
+=head1 DESCRIPTION
+
+DH_generate_parameters() generates Diffie-Hellman parameters that can
+be shared among a group of users, and returns them in a newly
+allocated B<DH> structure. The pseudo-random number generator must be
+seeded prior to calling DH_generate_parameters().
+
+B<prime_len> is the length in bits of the safe prime to be generated.
+B<generator> is a small number E<gt> 1, typically 2 or 5. 
+
+A callback function may be used to provide feedback about the progress
+of the key generation. If B<callback> is not B<NULL>, it will be
+called as described in L<BN_generate_prime(3)|BN_generate_prime(3)> while a random prime
+number is generated, and when a prime has been found, B<callback(3,
+0, cb_arg)> is called.
+
+DH_check() validates Diffie-Hellman parameters. It checks that B<p> is
+a safe prime, and that B<g> is a suitable generator. In the case of an
+error, the bit flags DH_CHECK_P_NOT_SAFE_PRIME or
+DH_NOT_SUITABLE_GENERATOR are set in B<*codes>.
+DH_UNABLE_TO_CHECK_GENERATOR is set if the generator cannot be
+checked, i.e. it does not equal 2 or 5.
+
+=head1 RETURN VALUES
+
+DH_generate_parameters() returns a pointer to the DH structure, or
+NULL if the parameter generation fails. The error codes can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+DH_check() returns 1 if the check could be performed, 0 otherwise.
+
+=head1 NOTES
+
+DH_generate_parameters() may run for several hours before finding a
+suitable prime.
+
+The parameters generated by DH_generate_parameters() are not to be
+used in signature schemes.
+
+=head1 BUGS
+
+If B<generator> is not 2 or 5, B<dh-E<gt>g>=B<generator> is not
+a usable generator.
+
+=head1 SEE ALSO
+
+L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+L<DH_free(3)|DH_free(3)>
+
+=head1 HISTORY
+
+DH_check() is available in all versions of SSLeay and OpenSSL.
+The B<cb_arg> argument to DH_generate_parameters() was added in SSLeay 0.9.0.
+
+In versions before OpenSSL 0.9.5, DH_CHECK_P_NOT_STRONG_PRIME is used
+instead of DH_CHECK_P_NOT_SAFE_PRIME.
+
+=cut
diff --git a/doc/crypto/DH_get_ex_new_index.pod b/doc/crypto/DH_get_ex_new_index.pod
new file mode 100644
index 0000000000..fa5eab2650
--- /dev/null
+++ b/doc/crypto/DH_get_ex_new_index.pod
@@ -0,0 +1,36 @@
+=pod
+
+=head1 NAME
+
+DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data - add application specific data to DH structures
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ int DH_get_ex_new_index(long argl, void *argp,
+		CRYPTO_EX_new *new_func,
+		CRYPTO_EX_dup *dup_func,
+		CRYPTO_EX_free *free_func);
+
+ int DH_set_ex_data(DH *d, int idx, void *arg);
+
+ char *DH_get_ex_data(DH *d, int idx);
+
+=head1 DESCRIPTION
+
+These functions handle application specific data in DH
+structures. Their usage is identical to that of
+RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data()
+as described in L<RSA_get_ex_new_index(3)>.
+
+=head1 SEE ALSO
+
+L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, L<dh(3)|dh(3)>
+
+=head1 HISTORY
+
+DH_get_ex_new_index(), DH_set_ex_data() and DH_get_ex_data() are
+available since OpenSSL 0.9.5.
+
+=cut
diff --git a/doc/crypto/DH_new.pod b/doc/crypto/DH_new.pod
new file mode 100644
index 0000000000..60c930093e
--- /dev/null
+++ b/doc/crypto/DH_new.pod
@@ -0,0 +1,40 @@
+=pod
+
+=head1 NAME
+
+DH_new, DH_free - allocate and free DH objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ DH* DH_new(void);
+
+ void DH_free(DH *dh);
+
+=head1 DESCRIPTION
+
+DH_new() allocates and initializes a B<DH> structure.
+
+DH_free() frees the B<DH> structure and its components. The values are
+erased before the memory is returned to the system.
+
+=head1 RETURN VALUES
+
+If the allocation fails, DH_new() returns B<NULL> and sets an error
+code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns
+a pointer to the newly allocated structure.
+
+DH_free() returns no value.
+
+=head1 SEE ALSO
+
+L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
+L<DH_generate_key(3)|DH_generate_key(3)>
+
+=head1 HISTORY
+
+DH_new() and DH_free() are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/doc/crypto/DH_set_method.pod b/doc/crypto/DH_set_method.pod
new file mode 100644
index 0000000000..73261fc467
--- /dev/null
+++ b/doc/crypto/DH_set_method.pod
@@ -0,0 +1,129 @@
+=pod
+
+=head1 NAME
+
+DH_set_default_method, DH_get_default_method,
+DH_set_method, DH_new_method, DH_OpenSSL - select DH method
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+ #include <openssl/engine.h>
+
+ void DH_set_default_method(const DH_METHOD *meth);
+
+ const DH_METHOD *DH_get_default_method(void);
+
+ int DH_set_method(DH *dh, const DH_METHOD *meth);
+
+ DH *DH_new_method(ENGINE *engine);
+
+ const DH_METHOD *DH_OpenSSL(void);
+
+=head1 DESCRIPTION
+
+A B<DH_METHOD> specifies the functions that OpenSSL uses for Diffie-Hellman
+operations. By modifying the method, alternative implementations
+such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these DH API functions are affected by the use
+of B<ENGINE> API calls.
+
+Initially, the default DH_METHOD is the OpenSSL internal implementation, as
+returned by DH_OpenSSL().
+
+DH_set_default_method() makes B<meth> the default method for all DH
+structures created later. B<NB>: This is true only whilst no ENGINE has been set
+as a default for DH, so this function is no longer recommended.
+
+DH_get_default_method() returns a pointer to the current default DH_METHOD.
+However, the meaningfulness of this result is dependant on whether the ENGINE
+API is being used, so this function is no longer recommended.
+
+DH_set_method() selects B<meth> to perform all operations using the key B<dh>.
+This will replace the DH_METHOD used by the DH key and if the previous method
+was supplied by an ENGINE, the handle to that ENGINE will be released during the
+change. It is possible to have DH keys that only work with certain DH_METHOD
+implementations (eg. from an ENGINE module that supports embedded
+hardware-protected keys), and in such cases attempting to change the DH_METHOD
+for the key can have unexpected results.
+
+DH_new_method() allocates and initializes a DH structure so that B<engine> will
+be used for the DH operations. If B<engine> is NULL, the default ENGINE for DH
+operations is used, and if no default ENGINE is set, the DH_METHOD controlled by
+DH_set_default_method() is used.
+
+=head1 THE DH_METHOD STRUCTURE
+
+ typedef struct dh_meth_st
+ {
+     /* name of the implementation */
+	const char *name;
+
+     /* generate private and public DH values for key agreement */
+        int (*generate_key)(DH *dh);
+
+     /* compute shared secret */
+        int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh);
+
+     /* compute r = a ^ p mod m (May be NULL for some implementations) */
+        int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+                                const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx);
+
+     /* called at DH_new */
+        int (*init)(DH *dh);
+
+     /* called at DH_free */
+        int (*finish)(DH *dh);
+
+        int flags;
+
+        char *app_data; /* ?? */
+
+ } DH_METHOD;
+
+=head1 RETURN VALUES
+
+DH_OpenSSL() and DH_get_default_method() return pointers to the respective
+B<DH_METHOD>s.
+
+DH_set_default_method() returns no value.
+
+DH_set_method() returns non-zero if the provided B<meth> was successfully set as
+the method for B<dh> (including unloading the ENGINE handle if the previous
+method was supplied by an ENGINE).
+
+DH_new_method() returns NULL and sets an error code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it
+returns a pointer to the newly allocated structure.
+
+=head1 NOTES
+
+As of version 0.9.7, DH_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for DH functionality using an ENGINE API function,
+that will override any DH defaults set using the DH API (ie.
+DH_set_default_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in DH and other cryptographic
+algorithms.
+
+=head1 SEE ALSO
+
+L<dh(3)|dh(3)>, L<DH_new(3)|DH_new(3)>
+
+=head1 HISTORY
+
+DH_set_default_method(), DH_get_default_method(), DH_set_method(),
+DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4.
+
+DH_set_default_openssl_method() and DH_get_default_openssl_method() replaced
+DH_set_default_method() and DH_get_default_method() respectively, and
+DH_set_method() and DH_new_method() were altered to use B<ENGINE>s rather than
+B<DH_METHOD>s during development of the engine version of OpenSSL 0.9.6. For
+0.9.7, the handling of defaults in the ENGINE API was restructured so that this
+change was reversed, and behaviour of the other functions resembled more closely
+the previous behaviour. The behaviour of defaults in the ENGINE API now
+transparently overrides the behaviour of defaults in the DH API without
+requiring changing these function prototypes.
+
+=cut
diff --git a/doc/crypto/DH_size.pod b/doc/crypto/DH_size.pod
new file mode 100644
index 0000000000..97f26fda78
--- /dev/null
+++ b/doc/crypto/DH_size.pod
@@ -0,0 +1,33 @@
+=pod
+
+=head1 NAME
+
+DH_size - get Diffie-Hellman prime size
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ int DH_size(DH *dh);
+
+=head1 DESCRIPTION
+
+This function returns the Diffie-Hellman size in bytes. It can be used
+to determine how much memory must be allocated for the shared secret
+computed by DH_compute_key().
+
+B<dh-E<gt>p> must not be B<NULL>.
+
+=head1 RETURN VALUE
+
+The size in bytes.
+
+=head1 SEE ALSO
+
+L<dh(3)|dh(3)>, L<DH_generate_key(3)|DH_generate_key(3)>
+
+=head1 HISTORY
+
+DH_size() is available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/doc/crypto/DSA_SIG_new.pod b/doc/crypto/DSA_SIG_new.pod
new file mode 100644
index 0000000000..3ac6140038
--- /dev/null
+++ b/doc/crypto/DSA_SIG_new.pod
@@ -0,0 +1,40 @@
+=pod
+
+=head1 NAME
+
+DSA_SIG_new, DSA_SIG_free - allocate and free DSA signature objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DSA_SIG *DSA_SIG_new(void);
+
+ void	DSA_SIG_free(DSA_SIG *a);
+
+=head1 DESCRIPTION
+
+DSA_SIG_new() allocates and initializes a B<DSA_SIG> structure.
+
+DSA_SIG_free() frees the B<DSA_SIG> structure and its components. The
+values are erased before the memory is returned to the system.
+
+=head1 RETURN VALUES
+
+If the allocation fails, DSA_SIG_new() returns B<NULL> and sets an
+error code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns a pointer
+to the newly allocated structure.
+
+DSA_SIG_free() returns no value.
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<DSA_do_sign(3)|DSA_do_sign(3)>
+
+=head1 HISTORY
+
+DSA_SIG_new() and DSA_SIG_free() were added in OpenSSL 0.9.3.
+
+=cut
diff --git a/doc/crypto/DSA_do_sign.pod b/doc/crypto/DSA_do_sign.pod
new file mode 100644
index 0000000000..5dfc733b20
--- /dev/null
+++ b/doc/crypto/DSA_do_sign.pod
@@ -0,0 +1,47 @@
+=pod
+
+=head1 NAME
+
+DSA_do_sign, DSA_do_verify - raw DSA signature operations
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+
+ int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+	     DSA_SIG *sig, DSA *dsa);
+
+=head1 DESCRIPTION
+
+DSA_do_sign() computes a digital signature on the B<len> byte message
+digest B<dgst> using the private key B<dsa> and returns it in a
+newly allocated B<DSA_SIG> structure.
+
+L<DSA_sign_setup(3)|DSA_sign_setup(3)> may be used to precompute part
+of the signing operation in case signature generation is
+time-critical.
+
+DSA_do_verify() verifies that the signature B<sig> matches a given
+message digest B<dgst> of size B<len>.  B<dsa> is the signer's public
+key.
+
+=head1 RETURN VALUES
+
+DSA_do_sign() returns the signature, NULL on error.  DSA_do_verify()
+returns 1 for a valid signature, 0 for an incorrect signature and -1
+on error. The error codes can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
+L<DSA_sign(3)|DSA_sign(3)>
+
+=head1 HISTORY
+
+DSA_do_sign() and DSA_do_verify() were added in OpenSSL 0.9.3.
+
+=cut
diff --git a/doc/crypto/DSA_dup_DH.pod b/doc/crypto/DSA_dup_DH.pod
new file mode 100644
index 0000000000..7f6f0d1115
--- /dev/null
+++ b/doc/crypto/DSA_dup_DH.pod
@@ -0,0 +1,36 @@
+=pod
+
+=head1 NAME
+
+DSA_dup_DH - create a DH structure out of DSA structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DH * DSA_dup_DH(const DSA *r);
+
+=head1 DESCRIPTION
+
+DSA_dup_DH() duplicates DSA parameters/keys as DH parameters/keys. q
+is lost during that conversion, but the resulting DH parameters
+contain its length.
+
+=head1 RETURN VALUE
+
+DSA_dup_DH() returns the new B<DH> structure, and NULL on error. The
+error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 NOTE
+
+Be careful to avoid small subgroup attacks when using this.
+
+=head1 SEE ALSO
+
+L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+DSA_dup_DH() was added in OpenSSL 0.9.4.
+
+=cut
diff --git a/doc/crypto/DSA_generate_key.pod b/doc/crypto/DSA_generate_key.pod
new file mode 100644
index 0000000000..af83ccfaa1
--- /dev/null
+++ b/doc/crypto/DSA_generate_key.pod
@@ -0,0 +1,34 @@
+=pod
+
+=head1 NAME
+
+DSA_generate_key - generate DSA key pair
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ int DSA_generate_key(DSA *a);
+
+=head1 DESCRIPTION
+
+DSA_generate_key() expects B<a> to contain DSA parameters. It generates
+a new key pair and stores it in B<a-E<gt>pub_key> and B<a-E<gt>priv_key>.
+
+The PRNG must be seeded prior to calling DSA_generate_key().
+
+=head1 RETURN VALUE
+
+DSA_generate_key() returns 1 on success, 0 otherwise.
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
+
+=head1 HISTORY
+
+DSA_generate_key() is available since SSLeay 0.8.
+
+=cut
diff --git a/doc/crypto/DSA_generate_parameters.pod b/doc/crypto/DSA_generate_parameters.pod
new file mode 100644
index 0000000000..be7c924ff8
--- /dev/null
+++ b/doc/crypto/DSA_generate_parameters.pod
@@ -0,0 +1,105 @@
+=pod
+
+=head1 NAME
+
+DSA_generate_parameters - generate DSA parameters
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DSA *DSA_generate_parameters(int bits, unsigned char *seed,
+                int seed_len, int *counter_ret, unsigned long *h_ret,
+		void (*callback)(int, int, void *), void *cb_arg);
+
+=head1 DESCRIPTION
+
+DSA_generate_parameters() generates primes p and q and a generator g
+for use in the DSA.
+
+B<bits> is the length of the prime to be generated; the DSS allows a
+maximum of 1024 bits.
+
+If B<seed> is B<NULL> or B<seed_len> E<lt> 20, the primes will be
+generated at random. Otherwise, the seed is used to generate
+them. If the given seed does not yield a prime q, a new random
+seed is chosen and placed at B<seed>.
+
+DSA_generate_parameters() places the iteration count in
+*B<counter_ret> and a counter used for finding a generator in
+*B<h_ret>, unless these are B<NULL>.
+
+A callback function may be used to provide feedback about the progress
+of the key generation. If B<callback> is not B<NULL>, it will be
+called as follows:
+
+=over 4
+
+=item *
+
+When a candidate for q is generated, B<callback(0, m++, cb_arg)> is called
+(m is 0 for the first candidate).
+
+=item *
+
+When a candidate for q has passed a test by trial division,
+B<callback(1, -1, cb_arg)> is called.
+While a candidate for q is tested by Miller-Rabin primality tests,
+B<callback(1, i, cb_arg)> is called in the outer loop
+(once for each witness that confirms that the candidate may be prime);
+i is the loop counter (starting at 0).
+
+=item *
+
+When a prime q has been found, B<callback(2, 0, cb_arg)> and
+B<callback(3, 0, cb_arg)> are called.
+
+=item *
+
+Before a candidate for p (other than the first) is generated and tested,
+B<callback(0, counter, cb_arg)> is called.
+
+=item *
+
+When a candidate for p has passed the test by trial division,
+B<callback(1, -1, cb_arg)> is called.
+While it is tested by the Miller-Rabin primality test,
+B<callback(1, i, cb_arg)> is called in the outer loop
+(once for each witness that confirms that the candidate may be prime).
+i is the loop counter (starting at 0).
+
+=item *
+
+When p has been found, B<callback(2, 1, cb_arg)> is called.
+
+=item *
+
+When the generator has been found, B<callback(3, 1, cb_arg)> is called.
+
+=back
+
+=head1 RETURN VALUE
+
+DSA_generate_parameters() returns a pointer to the DSA structure, or
+B<NULL> if the parameter generation fails. The error codes can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 BUGS
+
+Seed lengths E<gt> 20 are not supported.
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+L<DSA_free(3)|DSA_free(3)>
+
+=head1 HISTORY
+
+DSA_generate_parameters() appeared in SSLeay 0.8. The B<cb_arg>
+argument was added in SSLeay 0.9.0.
+In versions up to OpenSSL 0.9.4, B<callback(1, ...)> was called
+in the inner loop of the Miller-Rabin test whenever it reached the
+squaring step (the parameters to B<callback> did not reveal how many
+witnesses had been tested); since OpenSSL 0.9.5, B<callback(1, ...)>
+is called as in BN_is_prime(3), i.e. once for each witness.
+=cut
diff --git a/doc/crypto/DSA_get_ex_new_index.pod b/doc/crypto/DSA_get_ex_new_index.pod
new file mode 100644
index 0000000000..4612e708ec
--- /dev/null
+++ b/doc/crypto/DSA_get_ex_new_index.pod
@@ -0,0 +1,36 @@
+=pod
+
+=head1 NAME
+
+DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data - add application specific data to DSA structures
+
+=head1 SYNOPSIS
+
+ #include <openssl/DSA.h>
+
+ int DSA_get_ex_new_index(long argl, void *argp,
+		CRYPTO_EX_new *new_func,
+		CRYPTO_EX_dup *dup_func,
+		CRYPTO_EX_free *free_func);
+
+ int DSA_set_ex_data(DSA *d, int idx, void *arg);
+
+ char *DSA_get_ex_data(DSA *d, int idx);
+
+=head1 DESCRIPTION
+
+These functions handle application specific data in DSA
+structures. Their usage is identical to that of
+RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data()
+as described in L<RSA_get_ex_new_index(3)>.
+
+=head1 SEE ALSO
+
+L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, L<dsa(3)|dsa(3)>
+
+=head1 HISTORY
+
+DSA_get_ex_new_index(), DSA_set_ex_data() and DSA_get_ex_data() are
+available since OpenSSL 0.9.5.
+
+=cut
diff --git a/doc/crypto/DSA_new.pod b/doc/crypto/DSA_new.pod
new file mode 100644
index 0000000000..48e9b82a09
--- /dev/null
+++ b/doc/crypto/DSA_new.pod
@@ -0,0 +1,42 @@
+=pod
+
+=head1 NAME
+
+DSA_new, DSA_free - allocate and free DSA objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DSA* DSA_new(void);
+
+ void DSA_free(DSA *dsa);
+
+=head1 DESCRIPTION
+
+DSA_new() allocates and initializes a B<DSA> structure. It is equivalent to
+calling DSA_new_method(NULL).
+
+DSA_free() frees the B<DSA> structure and its components. The values are
+erased before the memory is returned to the system.
+
+=head1 RETURN VALUES
+
+If the allocation fails, DSA_new() returns B<NULL> and sets an error
+code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns a pointer
+to the newly allocated structure.
+
+DSA_free() returns no value.
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
+L<DSA_generate_key(3)|DSA_generate_key(3)>
+
+=head1 HISTORY
+
+DSA_new() and DSA_free() are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/doc/crypto/DSA_set_method.pod b/doc/crypto/DSA_set_method.pod
new file mode 100644
index 0000000000..bc3cfb1f0a
--- /dev/null
+++ b/doc/crypto/DSA_set_method.pod
@@ -0,0 +1,143 @@
+=pod
+
+=head1 NAME
+
+DSA_set_default_method, DSA_get_default_method,
+DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+ #include <openssl/engine.h>
+
+ void DSA_set_default_method(const DSA_METHOD *meth);
+
+ const DSA_METHOD *DSA_get_default_method(void);
+
+ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
+
+ DSA *DSA_new_method(ENGINE *engine);
+
+ DSA_METHOD *DSA_OpenSSL(void);
+
+=head1 DESCRIPTION
+
+A B<DSA_METHOD> specifies the functions that OpenSSL uses for DSA
+operations. By modifying the method, alternative implementations
+such as hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these DSA API functions are affected by the use
+of B<ENGINE> API calls.
+
+Initially, the default DSA_METHOD is the OpenSSL internal implementation,
+as returned by DSA_OpenSSL().
+
+DSA_set_default_method() makes B<meth> the default method for all DSA
+structures created later. B<NB>: This is true only whilst no ENGINE has
+been set as a default for DSA, so this function is no longer recommended.
+
+DSA_get_default_method() returns a pointer to the current default
+DSA_METHOD. However, the meaningfulness of this result is dependant on
+whether the ENGINE API is being used, so this function is no longer 
+recommended.
+
+DSA_set_method() selects B<meth> to perform all operations using the key
+B<rsa>. This will replace the DSA_METHOD used by the DSA key and if the
+previous method was supplied by an ENGINE, the handle to that ENGINE will
+be released during the change. It is possible to have DSA keys that only
+work with certain DSA_METHOD implementations (eg. from an ENGINE module
+that supports embedded hardware-protected keys), and in such cases
+attempting to change the DSA_METHOD for the key can have unexpected
+results.
+
+DSA_new_method() allocates and initializes a DSA structure so that B<engine>
+will be used for the DSA operations. If B<engine> is NULL, the default engine
+for DSA operations is used, and if no default ENGINE is set, the DSA_METHOD
+controlled by DSA_set_default_method() is used.
+
+=head1 THE DSA_METHOD STRUCTURE
+
+struct
+ {
+     /* name of the implementation */
+        const char *name;
+
+     /* sign */
+	DSA_SIG *(*dsa_do_sign)(const unsigned char *dgst, int dlen,
+                                 DSA *dsa);
+
+     /* pre-compute k^-1 and r */
+	int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+                                 BIGNUM **rp);
+
+     /* verify */
+	int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len,
+                                 DSA_SIG *sig, DSA *dsa);
+
+     /* compute rr = a1^p1 * a2^p2 mod m (May be NULL for some
+                                          implementations) */
+	int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1,
+                                 BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+                                 BN_CTX *ctx, BN_MONT_CTX *in_mont);
+
+     /* compute r = a ^ p mod m (May be NULL for some implementations) */
+        int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a,
+                                 const BIGNUM *p, const BIGNUM *m,
+                                 BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+     /* called at DSA_new */
+        int (*init)(DSA *DSA);
+
+     /* called at DSA_free */
+        int (*finish)(DSA *DSA);
+
+        int flags;
+
+        char *app_data; /* ?? */
+
+ } DSA_METHOD;
+
+=head1 RETURN VALUES
+
+DSA_OpenSSL() and DSA_get_default_method() return pointers to the respective
+B<DSA_METHOD>s.
+
+DSA_set_default_method() returns no value.
+
+DSA_set_method() returns non-zero if the provided B<meth> was successfully set as
+the method for B<dsa> (including unloading the ENGINE handle if the previous
+method was supplied by an ENGINE).
+
+DSA_new_method() returns NULL and sets an error code that can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation
+fails. Otherwise it returns a pointer to the newly allocated structure.
+
+=head1 NOTES
+
+As of version 0.9.7, DSA_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for DSA functionality using an ENGINE API function,
+that will override any DSA defaults set using the DSA API (ie.
+DSA_set_default_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in DSA and other cryptographic
+algorithms.
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)>
+
+=head1 HISTORY
+
+DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(),
+DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4.
+
+DSA_set_default_openssl_method() and DSA_get_default_openssl_method() replaced
+DSA_set_default_method() and DSA_get_default_method() respectively, and
+DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s rather than
+B<DSA_METHOD>s during development of the engine version of OpenSSL 0.9.6. For
+0.9.7, the handling of defaults in the ENGINE API was restructured so that this
+change was reversed, and behaviour of the other functions resembled more closely
+the previous behaviour. The behaviour of defaults in the ENGINE API now
+transparently overrides the behaviour of defaults in the DSA API without
+requiring changing these function prototypes.
+
+=cut
diff --git a/doc/crypto/DSA_sign.pod b/doc/crypto/DSA_sign.pod
new file mode 100644
index 0000000000..97389e8ec8
--- /dev/null
+++ b/doc/crypto/DSA_sign.pod
@@ -0,0 +1,66 @@
+=pod
+
+=head1 NAME
+
+DSA_sign, DSA_sign_setup, DSA_verify - DSA signatures
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ int	DSA_sign(int type, const unsigned char *dgst, int len,
+		unsigned char *sigret, unsigned int *siglen, DSA *dsa);
+
+ int	DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
+                BIGNUM **rp);
+
+ int	DSA_verify(int type, const unsigned char *dgst, int len,
+		unsigned char *sigbuf, int siglen, DSA *dsa);
+
+=head1 DESCRIPTION
+
+DSA_sign() computes a digital signature on the B<len> byte message
+digest B<dgst> using the private key B<dsa> and places its ASN.1 DER
+encoding at B<sigret>. The length of the signature is places in
+*B<siglen>. B<sigret> must point to DSA_size(B<dsa>) bytes of memory.
+
+DSA_sign_setup() may be used to precompute part of the signing
+operation in case signature generation is time-critical. It expects
+B<dsa> to contain DSA parameters. It places the precomputed values
+in newly allocated B<BIGNUM>s at *B<kinvp> and *B<rp>, after freeing
+the old ones unless *B<kinvp> and *B<rp> are NULL. These values may
+be passed to DSA_sign() in B<dsa-E<gt>kinv> and B<dsa-E<gt>r>.
+B<ctx> is a pre-allocated B<BN_CTX> or NULL.
+
+DSA_verify() verifies that the signature B<sigbuf> of size B<siglen>
+matches a given message digest B<dgst> of size B<len>.
+B<dsa> is the signer's public key.
+
+The B<type> parameter is ignored.
+
+The PRNG must be seeded before DSA_sign() (or DSA_sign_setup())
+is called.
+
+=head1 RETURN VALUES
+
+DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error.
+DSA_verify() returns 1 for a valid signature, 0 for an incorrect
+signature and -1 on error. The error codes can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 CONFORMING TO
+
+US Federal Information Processing Standard FIPS 186 (Digital Signature
+Standard, DSS), ANSI X9.30
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+L<DSA_do_sign(3)|DSA_do_sign(3)>
+
+=head1 HISTORY
+
+DSA_sign() and DSA_verify() are available in all versions of SSLeay.
+DSA_sign_setup() was added in SSLeay 0.8.
+
+=cut
diff --git a/doc/crypto/DSA_size.pod b/doc/crypto/DSA_size.pod
new file mode 100644
index 0000000000..ba4f650361
--- /dev/null
+++ b/doc/crypto/DSA_size.pod
@@ -0,0 +1,33 @@
+=pod
+
+=head1 NAME
+
+DSA_size - get DSA signature size
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ int DSA_size(const DSA *dsa);
+
+=head1 DESCRIPTION
+
+This function returns the size of an ASN.1 encoded DSA signature in
+bytes. It can be used to determine how much memory must be allocated
+for a DSA signature.
+
+B<dsa-E<gt>q> must not be B<NULL>.
+
+=head1 RETURN VALUE
+
+The size in bytes.
+
+=head1 SEE ALSO
+
+L<dsa(3)|dsa(3)>, L<DSA_sign(3)|DSA_sign(3)>
+
+=head1 HISTORY
+
+DSA_size() is available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/doc/crypto/ERR_GET_LIB.pod b/doc/crypto/ERR_GET_LIB.pod
new file mode 100644
index 0000000000..2a129da036
--- /dev/null
+++ b/doc/crypto/ERR_GET_LIB.pod
@@ -0,0 +1,51 @@
+=pod
+
+=head1 NAME
+
+ERR_GET_LIB, ERR_GET_FUNC, ERR_GET_REASON - get library, function and
+reason code
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ int ERR_GET_LIB(unsigned long e);
+
+ int ERR_GET_FUNC(unsigned long e);
+
+ int ERR_GET_REASON(unsigned long e);
+
+=head1 DESCRIPTION
+
+The error code returned by ERR_get_error() consists of a library
+number, function code and reason code. ERR_GET_LIB(), ERR_GET_FUNC()
+and ERR_GET_REASON() can be used to extract these.
+
+The library number and function code describe where the error
+occurred, the reason code is the information about what went wrong.
+
+Each sub-library of OpenSSL has a unique library number; function and
+reason codes are unique within each sub-library.  Note that different
+libraries may use the same value to signal different functions and
+reasons.
+
+B<ERR_R_...> reason codes such as B<ERR_R_MALLOC_FAILURE> are globally
+unique. However, when checking for sub-library specific reason codes,
+be sure to also compare the library number.
+
+ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are macros.
+
+=head1 RETURN VALUES
+
+The library number, function code and reason code respectively.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+ERR_GET_LIB(), ERR_GET_FUNC() and ERR_GET_REASON() are available in
+all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/doc/crypto/ERR_clear_error.pod b/doc/crypto/ERR_clear_error.pod
new file mode 100644
index 0000000000..566e1f4e31
--- /dev/null
+++ b/doc/crypto/ERR_clear_error.pod
@@ -0,0 +1,29 @@
+=pod
+
+=head1 NAME
+
+ERR_clear_error - clear the error queue
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ void ERR_clear_error(void);
+
+=head1 DESCRIPTION
+
+ERR_clear_error() empties the current thread's error queue.
+
+=head1 RETURN VALUES
+
+ERR_clear_error() has no return value.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+ERR_clear_error() is available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/doc/crypto/ERR_error_string.pod b/doc/crypto/ERR_error_string.pod
new file mode 100644
index 0000000000..e01beb817a
--- /dev/null
+++ b/doc/crypto/ERR_error_string.pod
@@ -0,0 +1,73 @@
+=pod
+
+=head1 NAME
+
+ERR_error_string, ERR_error_string_n, ERR_lib_error_string,
+ERR_func_error_string, ERR_reason_error_string - obtain human-readable
+error message
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ char *ERR_error_string(unsigned long e, char *buf);
+ char *ERR_error_string_n(unsigned long e, char *buf, size_t len);
+
+ const char *ERR_lib_error_string(unsigned long e);
+ const char *ERR_func_error_string(unsigned long e);
+ const char *ERR_reason_error_string(unsigned long e);
+
+=head1 DESCRIPTION
+
+ERR_error_string() generates a human-readable string representing the
+error code I<e>, and places it at I<buf>. I<buf> must be at least 120
+bytes long. If I<buf> is B<NULL>, the error string is placed in a
+static buffer.
+ERR_error_string_n() is a variant of ERR_error_string() that writes
+at most I<len> characters (including the terminating 0)
+and truncates the string if necessary.
+For ERR_error_string_n(), I<buf> may not be B<NULL>.
+
+The string will have the following format:
+
+ error:[error code]:[library name]:[function name]:[reason string]
+
+I<error code> is an 8 digit hexadecimal number, I<library name>,
+I<function name> and I<reason string> are ASCII text.
+
+ERR_lib_error_string(), ERR_func_error_string() and
+ERR_reason_error_string() return the library name, function
+name and reason string respectively.
+
+The OpenSSL error strings should be loaded by calling
+L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)> or, for SSL
+applications, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
+first.
+If there is no text string registered for the given error code,
+the error string will contain the numeric code.
+
+L<ERR_print_errors(3)|ERR_print_errors(3)> can be used to print
+all error codes currently in the queue.
+
+=head1 RETURN VALUES
+
+ERR_error_string() returns a pointer to a static buffer containing the
+string if I<buf> B<== NULL>, I<buf> otherwise.
+
+ERR_lib_error_string(), ERR_func_error_string() and
+ERR_reason_error_string() return the strings, and B<NULL> if
+none is registered for the error code.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>,
+L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
+L<ERR_print_errors(3)|ERR_print_errors(3)>
+
+=head1 HISTORY
+
+ERR_error_string() is available in all versions of SSLeay and OpenSSL.
+ERR_error_string_n() was added in OpenSSL 0.9.6.
+
+=cut
diff --git a/doc/crypto/ERR_get_error.pod b/doc/crypto/ERR_get_error.pod
new file mode 100644
index 0000000000..34443045fc
--- /dev/null
+++ b/doc/crypto/ERR_get_error.pod
@@ -0,0 +1,76 @@
+=pod
+
+=head1 NAME
+
+ERR_get_error, ERR_peek_error, ERR_peek_last_error,
+ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line,
+ERR_get_error_line_data, ERR_peek_error_line_data,
+ERR_peek_last_error_line_data - obtain error code and data
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ unsigned long ERR_get_error(void);
+ unsigned long ERR_peek_error(void);
+ unsigned long ERR_peek_last_error(void);
+
+ unsigned long ERR_get_error_line(const char **file, int *line);
+ unsigned long ERR_peek_error_line(const char **file, int *line);
+ unsigned long ERR_peek_last_error_line(const char **file, int *line);
+
+ unsigned long ERR_get_error_line_data(const char **file, int *line,
+         const char **data, int *flags);
+ unsigned long ERR_peek_error_line_data(const char **file, int *line,
+         const char **data, int *flags);
+ unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+         const char **data, int *flags);
+
+=head1 DESCRIPTION
+
+ERR_get_error() returns the earliest error code from the thread's error
+queue and removes the entry. This function can be called repeatedly
+until there are no more error codes to return.
+
+ERR_peek_error() returns the earliest error code from the thread's
+error queue without modifying it.
+
+ERR_peek_last_error() returns the latest error code from the thread's
+error queue without modifying it.
+
+See L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> for obtaining information about
+location and reason of the error, and
+L<ERR_error_string(3)|ERR_error_string(3)> for human-readable error
+messages.
+
+ERR_get_error_line(), ERR_peek_error_line() and
+ERR_peek_last_error_line() are the same as the above, but they
+additionally store the file name and line number where
+the error occurred in *B<file> and *B<line>, unless these are B<NULL>.
+
+ERR_get_error_line_data(), ERR_peek_error_line_data() and
+ERR_get_last_error_line_data() store additional data and flags
+associated with the error code in *B<data>
+and *B<flags>, unless these are B<NULL>. *B<data> contains a string
+if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by OPENSSL_malloc(),
+*B<flags>&B<ERR_TXT_MALLOCED> is true.
+
+=head1 RETURN VALUES
+
+The error code, or 0 if there is no error in the queue.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>,
+L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>
+
+=head1 HISTORY
+
+ERR_get_error(), ERR_peek_error(), ERR_get_error_line() and
+ERR_peek_error_line() are available in all versions of SSLeay and
+OpenSSL. ERR_get_error_line_data() and ERR_peek_error_line_data()
+were added in SSLeay 0.9.0.
+ERR_peek_last_error(), ERR_peek_last_error_line() and
+ERR_peek_last_error_line_data() were added in OpenSSL 0.9.7.
+
+=cut
diff --git a/doc/crypto/ERR_load_crypto_strings.pod b/doc/crypto/ERR_load_crypto_strings.pod
new file mode 100644
index 0000000000..9bdec75a46
--- /dev/null
+++ b/doc/crypto/ERR_load_crypto_strings.pod
@@ -0,0 +1,46 @@
+=pod
+
+=head1 NAME
+
+ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings -
+load and free error strings
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ void ERR_load_crypto_strings(void);
+ void ERR_free_strings(void);
+
+ #include <openssl/ssl.h>
+
+ void SSL_load_error_strings(void);
+
+=head1 DESCRIPTION
+
+ERR_load_crypto_strings() registers the error strings for all
+B<libcrypto> functions. SSL_load_error_strings() does the same,
+but also registers the B<libssl> error strings.
+
+One of these functions should be called before generating
+textual error messages. However, this is not required when memory
+usage is an issue.
+
+ERR_free_strings() frees all previously loaded error strings.
+
+=head1 RETURN VALUES
+
+ERR_load_crypto_strings(), SSL_load_error_strings() and
+ERR_free_strings() return no values.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>
+
+=head1 HISTORY
+
+ERR_load_error_strings(), SSL_load_error_strings() and
+ERR_free_strings() are available in all versions of SSLeay and
+OpenSSL.
+
+=cut
diff --git a/doc/crypto/ERR_load_strings.pod b/doc/crypto/ERR_load_strings.pod
new file mode 100644
index 0000000000..5acdd0edbc
--- /dev/null
+++ b/doc/crypto/ERR_load_strings.pod
@@ -0,0 +1,54 @@
+=pod
+
+=head1 NAME
+
+ERR_load_strings, ERR_PACK, ERR_get_next_error_library - load
+arbitrary error strings
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ void ERR_load_strings(int lib, ERR_STRING_DATA str[]);
+
+ int ERR_get_next_error_library(void);
+
+ unsigned long ERR_PACK(int lib, int func, int reason);
+
+=head1 DESCRIPTION
+
+ERR_load_strings() registers error strings for library number B<lib>.
+
+B<str> is an array of error string data:
+
+ typedef struct ERR_string_data_st
+ {
+        unsigned long error;
+        char *string;
+ } ERR_STRING_DATA;
+
+The error code is generated from the library number and a function and
+reason code: B<error> = ERR_PACK(B<lib>, B<func>, B<reason>).
+ERR_PACK() is a macro.
+
+The last entry in the array is {0,0}.
+
+ERR_get_next_error_library() can be used to assign library numbers
+to user libraries at runtime.
+
+=head1 RETURN VALUE
+
+ERR_load_strings() returns no value. ERR_PACK() return the error code.
+ERR_get_next_error_library() returns a new library number.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)>
+
+=head1 HISTORY
+
+ERR_load_error_strings() and ERR_PACK() are available in all versions
+of SSLeay and OpenSSL. ERR_get_next_error_library() was added in
+SSLeay 0.9.0.
+
+=cut
diff --git a/doc/crypto/ERR_print_errors.pod b/doc/crypto/ERR_print_errors.pod
new file mode 100644
index 0000000000..b100a5fa2b
--- /dev/null
+++ b/doc/crypto/ERR_print_errors.pod
@@ -0,0 +1,51 @@
+=pod
+
+=head1 NAME
+
+ERR_print_errors, ERR_print_errors_fp - print error messages
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ void ERR_print_errors(BIO *bp);
+ void ERR_print_errors_fp(FILE *fp);
+
+=head1 DESCRIPTION
+
+ERR_print_errors() is a convenience function that prints the error
+strings for all errors that OpenSSL has recorded to B<bp>, thus
+emptying the error queue.
+
+ERR_print_errors_fp() is the same, except that the output goes to a
+B<FILE>.
+
+
+The error strings will have the following format:
+
+ [pid]:error:[error code]:[library name]:[function name]:[reason string]:[file name]:[line]:[optional text message]
+
+I<error code> is an 8 digit hexadecimal number. I<library name>,
+I<function name> and I<reason string> are ASCII text, as is I<optional
+text message> if one was set for the respective error code.
+
+If there is no text string registered for the given error code,
+the error string will contain the numeric code.
+
+=head1 RETURN VALUES
+
+ERR_print_errors() and ERR_print_errors_fp() return no values.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_error_string(3)|ERR_error_string(3)>,
+L<ERR_get_error(3)|ERR_get_error(3)>,
+L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>,
+L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>
+
+=head1 HISTORY
+
+ERR_print_errors() and ERR_print_errors_fp()
+are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/doc/crypto/ERR_put_error.pod b/doc/crypto/ERR_put_error.pod
new file mode 100644
index 0000000000..acd241fbe4
--- /dev/null
+++ b/doc/crypto/ERR_put_error.pod
@@ -0,0 +1,44 @@
+=pod
+
+=head1 NAME
+
+ERR_put_error, ERR_add_error_data - record an error
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ void ERR_put_error(int lib, int func, int reason, const char *file,
+         int line);
+
+ void ERR_add_error_data(int num, ...);
+
+=head1 DESCRIPTION
+
+ERR_put_error() adds an error code to the thread's error queue. It
+signals that the error of reason code B<reason> occurred in function
+B<func> of library B<lib>, in line number B<line> of B<file>.
+This function is usually called by a macro.
+
+ERR_add_error_data() associates the concatenation of its B<num> string
+arguments with the error code added last.
+
+L<ERR_load_strings(3)|ERR_load_strings(3)> can be used to register
+error strings so that the application can a generate human-readable
+error messages for the error code.
+
+=head1 RETURN VALUES
+
+ERR_put_error() and ERR_add_error_data() return
+no values.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>, L<ERR_load_strings(3)|ERR_load_strings(3)>
+
+=head1 HISTORY
+
+ERR_put_error() is available in all versions of SSLeay and OpenSSL.
+ERR_add_error_data() was added in SSLeay 0.9.0.
+
+=cut
diff --git a/doc/crypto/ERR_remove_state.pod b/doc/crypto/ERR_remove_state.pod
new file mode 100644
index 0000000000..72925fb9f4
--- /dev/null
+++ b/doc/crypto/ERR_remove_state.pod
@@ -0,0 +1,34 @@
+=pod
+
+=head1 NAME
+
+ERR_remove_state - free a thread's error queue
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ void ERR_remove_state(unsigned long pid);
+
+=head1 DESCRIPTION
+
+ERR_remove_state() frees the error queue associated with thread B<pid>.
+If B<pid> == 0, the current thread will have its error queue removed.
+
+Since error queue data structures are allocated automatically for new
+threads, they must be freed when threads are terminated in order to
+avoid memory leaks.
+
+=head1 RETURN VALUE
+
+ERR_remove_state() returns no value.
+
+=head1 SEE ALSO
+
+L<err(3)|err(3)>
+
+=head1 HISTORY
+
+ERR_remove_state() is available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/doc/crypto/EVP_BytesToKey.pod b/doc/crypto/EVP_BytesToKey.pod
new file mode 100644
index 0000000000..5ce4add082
--- /dev/null
+++ b/doc/crypto/EVP_BytesToKey.pod
@@ -0,0 +1,67 @@
+=pod
+
+=head1 NAME
+
+ EVP_BytesToKey - password based encryption routine
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md,
+                       const unsigned char *salt,
+                       const unsigned char *data, int datal, int count,
+                       unsigned char *key,unsigned char *iv);
+
+=head1 DESCRIPTION
+
+EVP_BytesToKey() derives a key and IV from various parameters. B<type> is
+the cipher to derive the key and IV for. B<md> is the message digest to use.
+The B<salt> paramter is used as a salt in the derivation: it should point to
+an 8 byte buffer or NULL if no salt is used. B<data> is a buffer containing
+B<datal> bytes which is used to derive the keying data. B<count> is the
+iteration count to use. The derived key and IV will be written to B<key>
+and B<iv> respectively.
+
+=head1 NOTES
+
+A typical application of this function is to derive keying material for an
+encryption algorithm from a password in the B<data> parameter.
+
+Increasing the B<count> parameter slows down the algorithm which makes it
+harder for an attacker to peform a brute force attack using a large number
+of candidate passwords.
+
+If the total key and IV length is less than the digest length and
+B<MD5> is used then the derivation algorithm is compatible with PKCS#5 v1.5
+otherwise a non standard extension is used to derive the extra data.
+
+Newer applications should use more standard algorithms such as PKCS#5
+v2.0 for key derivation.
+
+=head1 KEY DERIVATION ALGORITHM
+
+The key and IV is derived by concatenating D_1, D_2, etc until
+enough data is available for the key and IV. D_i is defined as:
+
+	D_i = HASH^count(D_(i-1) || data || salt)
+
+where || denotes concatentaion, D_0 is empty, HASH is the digest
+algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data)
+is HASH(HASH(data)) and so on.
+
+The initial bytes are used for the key and the subsequent bytes for
+the IV.
+
+=head1 RETURN VALUES
+
+EVP_BytesToKey() returns the size of the derived key in bytes.
+
+=head1 SEE ALSO
+
+L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
+
+=head1 HISTORY
+
+=cut
diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod
new file mode 100644
index 0000000000..5901c39526
--- /dev/null
+++ b/doc/crypto/EVP_DigestInit.pod
@@ -0,0 +1,256 @@
+=pod
+
+=head1 NAME
+
+EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
+EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
+EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
+EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
+EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
+EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
+EVP digest routines
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
+ EVP_MD_CTX *EVP_MD_CTX_create(void);
+
+ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
+        unsigned int *s);
+
+ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
+ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);
+
+ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);  
+
+ int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
+        unsigned int *s);
+
+ int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);  
+
+ #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
+
+
+ #define EVP_MD_type(e)			((e)->type)
+ #define EVP_MD_pkey_type(e)		((e)->pkey_type)
+ #define EVP_MD_size(e)			((e)->md_size)
+ #define EVP_MD_block_size(e)		((e)->block_size)
+
+ #define EVP_MD_CTX_md(e)		(e)->digest)
+ #define EVP_MD_CTX_size(e)		EVP_MD_size((e)->digest)
+ #define EVP_MD_CTX_block_size(e)	EVP_MD_block_size((e)->digest)
+ #define EVP_MD_CTX_type(e)		EVP_MD_type((e)->digest)
+
+ const EVP_MD *EVP_md_null(void);
+ const EVP_MD *EVP_md2(void);
+ const EVP_MD *EVP_md5(void);
+ const EVP_MD *EVP_sha(void);
+ const EVP_MD *EVP_sha1(void);
+ const EVP_MD *EVP_dss(void);
+ const EVP_MD *EVP_dss1(void);
+ const EVP_MD *EVP_mdc2(void);
+ const EVP_MD *EVP_ripemd160(void);
+
+ const EVP_MD *EVP_get_digestbyname(const char *name);
+ #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
+ #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
+
+=head1 DESCRIPTION
+
+The EVP digest routines are a high level interface to message digests.
+
+EVP_MD_CTX_init() initializes digest contet B<ctx>.
+
+EVP_MD_CTX_create() allocates, initializes and returns a digest contet.
+
+EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest
+B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this
+function. B<type> will typically be supplied by a functionsuch as EVP_sha1().
+If B<impl> is NULL then the default implementation of digest B<type> is used.
+
+EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the
+digest context B<ctx>. This function can be called several times on the
+same B<ctx> to hash additional data.
+
+EVP_DigestFinal_ex() retrieves the digest value from B<ctx> and places
+it in B<md>. If the B<s> parameter is not NULL then the number of
+bytes of data written (i.e. the length of the digest) will be written
+to the integer at B<s>, at most B<EVP_MAX_MD_SIZE> bytes will be written.
+After calling EVP_DigestFinal_ex() no additional calls to EVP_DigestUpdate()
+can be made, but EVP_DigestInit_ex() can be called to initialize a new
+digest operation.
+
+EVP_MD_CTX_cleanup() cleans up digest context B<ctx>, it should be called
+after a digest context is no longer needed.
+
+EVP_MD_CTX_destroy() cleans up digest context B<ctx> and frees up the
+space allocated to it, it should be called only on a context created
+using EVP_MD_CTX_create().
+
+EVP_MD_CTX_copy_ex() can be used to copy the message digest state from
+B<in> to B<out>. This is useful if large amounts of data are to be
+hashed which only differ in the last few bytes. B<out> must be initialized
+before calling this function.
+
+EVP_DigestInit() behaves in the same way as EVP_DigestInit_ex() except
+the passed context B<ctx> does not have to be initialized, and it always
+uses the default digest implementation.
+
+EVP_DigestFinal() is similar to EVP_DigestFinal_ex() except the digest
+contet B<ctx> is automatically cleaned up.
+
+EVP_MD_CTX_copy() is similar to EVP_MD_CTX_copy_ex() except the destination
+B<out> does not have to be initialized.
+
+EVP_MD_size() and EVP_MD_CTX_size() return the size of the message digest
+when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure, i.e. the size of the
+hash.
+
+EVP_MD_block_size() and EVP_MD_CTX_block_size() return the block size of the
+message digest when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure.
+
+EVP_MD_type() and EVP_MD_CTX_type() return the NID of the OBJECT IDENTIFIER
+representing the given message digest when passed an B<EVP_MD> structure.
+For example EVP_MD_type(EVP_sha1()) returns B<NID_sha1>. This function is
+normally used when setting ASN1 OIDs.
+
+EVP_MD_CTX_md() returns the B<EVP_MD> structure corresponding to the passed
+B<EVP_MD_CTX>.
+
+EVP_MD_pkey_type() returns the NID of the public key signing algorithm associated
+with this digest. For example EVP_sha1() is associated with RSA so this will
+return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature
+algorithms may not be retained in future versions of OpenSSL.
+
+EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and EVP_ripemd160()
+return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest
+algorithms respectively. The associated signature algorithm is RSA in each case.
+
+EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
+algorithms but using DSS (DSA) for the signature algorithm.
+
+EVP_md_null() is a "null" message digest that does nothing: i.e. the hash it
+returns is of zero length.
+
+EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
+return an B<EVP_MD> structure when passed a digest name, a digest NID or
+an ASN1_OBJECT structure respectively. The digest table must be initialized
+using, for example, OpenSSL_add_all_digests() for these functions to work.
+
+=head1 RETURN VALUES
+
+EVP_DigestInit_ex(), EVP_DigestUpdate() and EVP_DigestFinal_ex() return 1 for
+success and 0 for failure.
+
+EVP_MD_CTX_copy_ex() returns 1 if successful or 0 for failure.
+
+EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the
+corresponding OBJECT IDENTIFIER or NID_undef if none exists.
+
+EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(),
+EVP_MD_CTX_block_size()	and EVP_MD_block_size() return the digest or block
+size in bytes.
+
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
+EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the
+corresponding EVP_MD structures.
+
+EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
+return either an B<EVP_MD> structure or NULL if an error occurs.
+
+=head1 NOTES
+
+The B<EVP> interface to message digests should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the digest used and much more flexible.
+
+SHA1 is the digest of choice for new applications. The other digest algorithms
+are still in common use.
+
+For most applications the B<impl> parameter to EVP_DigestInit_ex() will be
+set to NULL to use the default digest implementation.
+
+The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are 
+obsolete but are retained to maintain compatibility with existing code. New
+applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and 
+EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context
+instead of initializing and cleaning it up on each call and allow non default
+implementations of digests to be specified.
+
+In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use
+memory leaks will occur. 
+
+=head1 EXAMPLE
+
+This example digests the data "Test Message\n" and "Hello World\n", using the
+digest name passed on the command line.
+
+ #include <stdio.h>
+ #include <openssl/evp.h>
+
+ main(int argc, char *argv[])
+ {
+ EVP_MD_CTX mdctx;
+ const EVP_MD *md;
+ char mess1[] = "Test Message\n";
+ char mess2[] = "Hello World\n";
+ unsigned char md_value[EVP_MAX_MD_SIZE];
+ int md_len, i;
+
+ OpenSSL_add_all_digests();
+
+ if(!argv[1]) {
+ 	printf("Usage: mdtest digestname\n");
+	exit(1);
+ }
+
+ md = EVP_get_digestbyname(argv[1]);
+
+ if(!md) {
+ 	printf("Unknown message digest %s\n", argv[1]);
+	exit(1);
+ }
+
+ EVP_MD_CTX_init(&mdctx);
+ EVP_DigestInit_ex(&mdctx, md, NULL);
+ EVP_DigestUpdate(&mdctx, mess1, strlen(mess1));
+ EVP_DigestUpdate(&mdctx, mess2, strlen(mess2));
+ EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
+ EVP_MD_CTX_cleanup(&mdctx);
+
+ printf("Digest is: ");
+ for(i = 0; i < md_len; i++) printf("%02x", md_value[i]);
+ printf("\n");
+ }
+
+=head1 BUGS
+
+The link between digests and signing algorithms results in a situation where
+EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS
+even though they are identical digests.
+
+=head1 SEE ALSO
+
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+
+=head1 HISTORY
+
+EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() are
+available in all versions of SSLeay and OpenSSL.
+
+EVP_MD_CTX_init(), EVP_MD_CTX_create(), EVP_MD_CTX_copy_ex(),
+EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex()
+and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7.
+
+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
+EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were
+changed to return truely const EVP_MD * in OpenSSL 0.9.7.
+
+=cut
diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod
new file mode 100644
index 0000000000..daf57e5895
--- /dev/null
+++ b/doc/crypto/EVP_EncryptInit.pod
@@ -0,0 +1,509 @@
+=pod
+
+=head1 NAME
+
+EVP_CIPHER_CTX_init, EVP_EncryptInit_ex, EVP_EncryptUpdate,
+EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate,
+EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate,
+EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length,
+EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX_cleanup, EVP_EncryptInit,
+EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal,
+EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname,
+EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid,
+EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length,
+EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher,
+EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length,
+EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data,
+EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags,
+EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param,
+EVP_CIPHER_CTX_set_padding - EVP cipher routines
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
+
+ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+	 ENGINE *impl, unsigned char *key, unsigned char *iv);
+ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, unsigned char *in, int inl);
+ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl);
+
+ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+	 ENGINE *impl, unsigned char *key, unsigned char *iv);
+ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, unsigned char *in, int inl);
+ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+         int *outl);
+
+ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         ENGINE *impl, unsigned char *key, unsigned char *iv, int enc);
+ int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, unsigned char *in, int inl);
+ int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+         int *outl);
+
+ int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         unsigned char *key, unsigned char *iv);
+ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl);
+
+ int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         unsigned char *key, unsigned char *iv);
+ int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+         int *outl);
+
+ int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+         unsigned char *key, unsigned char *iv, int enc);
+ int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+         int *outl);
+
+ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding);
+ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
+ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
+ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
+
+ const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
+ #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
+ #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
+
+ #define EVP_CIPHER_nid(e)		((e)->nid)
+ #define EVP_CIPHER_block_size(e)	((e)->block_size)
+ #define EVP_CIPHER_key_length(e)	((e)->key_len)
+ #define EVP_CIPHER_iv_length(e)		((e)->iv_len)
+ #define EVP_CIPHER_flags(e)		((e)->flags)
+ #define EVP_CIPHER_mode(e)		((e)->flags) & EVP_CIPH_MODE)
+ int EVP_CIPHER_type(const EVP_CIPHER *ctx);
+
+ #define EVP_CIPHER_CTX_cipher(e)	((e)->cipher)
+ #define EVP_CIPHER_CTX_nid(e)		((e)->cipher->nid)
+ #define EVP_CIPHER_CTX_block_size(e)	((e)->cipher->block_size)
+ #define EVP_CIPHER_CTX_key_length(e)	((e)->key_len)
+ #define EVP_CIPHER_CTX_iv_length(e)	((e)->cipher->iv_len)
+ #define EVP_CIPHER_CTX_get_app_data(e)	((e)->app_data)
+ #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d))
+ #define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
+ #define EVP_CIPHER_CTX_flags(e)		((e)->cipher->flags)
+ #define EVP_CIPHER_CTX_mode(e)		((e)->cipher->flags & EVP_CIPH_MODE)
+
+ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+
+=head1 DESCRIPTION
+
+The EVP cipher routines are a high level interface to certain
+symmetric ciphers.
+
+EVP_CIPHER_CTX_init() initializes cipher contex B<ctx>.
+
+EVP_EncryptInit_ex() sets up cipher context B<ctx> for encryption
+with cipher B<type> from ENGINE B<impl>. B<ctx> must be initialized
+before calling this function. B<type> is normally supplied
+by a function such as EVP_des_cbc(). If B<impl> is NULL then the
+default implementation is used. B<key> is the symmetric key to use
+and B<iv> is the IV to use (if necessary), the actual number of bytes
+used for the key and IV depends on the cipher. It is possible to set
+all parameters to NULL except B<type> in an initial call and supply
+the remaining parameters in subsequent calls, all of which have B<type>
+set to NULL. This is done when the default cipher parameters are not
+appropriate.
+
+EVP_EncryptUpdate() encrypts B<inl> bytes from the buffer B<in> and
+writes the encrypted version to B<out>. This function can be called
+multiple times to encrypt successive blocks of data. The amount
+of data written depends on the block alignment of the encrypted data:
+as a result the amount of data written may be anything from zero bytes
+to (inl + cipher_block_size - 1) so B<outl> should contain sufficient
+room. The actual number of bytes written is placed in B<outl>.
+
+If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts
+the "final" data, that is any data that remains in a partial block.
+It uses L<standard block padding|/NOTES> (aka PKCS padding). The encrypted
+final data is written to B<out> which should have sufficient space for
+one cipher block. The number of bytes written is placed in B<outl>. After
+this function is called the encryption operation is finished and no further
+calls to EVP_EncryptUpdate() should be made.
+
+If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more
+data and it will return an error if any data remains in a partial block:
+that is if the total data length is not a multiple of the block size. 
+
+EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex() are the
+corresponding decryption operations. EVP_DecryptFinal() will return an
+error code if padding is enabled and the final block is not correctly
+formatted. The parameters and restrictions are identical to the encryption
+operations except that if padding is enabled the decrypted data buffer B<out>
+passed to EVP_DecryptUpdate() should have sufficient room for
+(B<inl> + cipher_block_size) bytes unless the cipher block size is 1 in
+which case B<inl> bytes is sufficient.
+
+EVP_CipherInit_ex(), EVP_CipherUpdate() and EVP_CipherFinal_ex() are
+functions that can be used for decryption or encryption. The operation
+performed depends on the value of the B<enc> parameter. It should be set
+to 1 for encryption, 0 for decryption and -1 to leave the value unchanged
+(the actual value of 'enc' being supplied in a previous call).
+
+EVP_CIPHER_CTX_cleanup() clears all information from a cipher context
+and free up any allocated memory associate with it. It should be called
+after all operations using a cipher are complete so sensitive information
+does not remain in memory.
+
+EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a
+similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and
+EVP_CipherInit_ex() except the B<ctx> paramter does not need to be
+initialized and they always use the default cipher implementation.
+
+EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a
+similar way to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and
+EVP_CipherFinal_ex() except B<ctx> is automatically cleaned up 
+after the call.
+
+EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
+return an EVP_CIPHER structure when passed a cipher name, a NID or an
+ASN1_OBJECT structure.
+
+EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return the NID of a cipher when
+passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> structure.  The actual NID
+value is an internal value which may not have a corresponding OBJECT
+IDENTIFIER.
+
+EVP_CIPHER_CTX_set_padding() enables or disables padding. By default
+encryption operations are padded using standard block padding and the
+padding is checked and removed when decrypting. If the B<pad> parameter
+is zero then no padding is performed, the total amount of data encrypted
+or decrypted must then be a multiple of the block size or an error will
+occur.
+
+EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
+length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
+structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum key length
+for all ciphers. Note: although EVP_CIPHER_key_length() is fixed for a
+given cipher, the value of EVP_CIPHER_CTX_key_length() may be different
+for variable key length ciphers.
+
+EVP_CIPHER_CTX_set_key_length() sets the key length of the cipher ctx.
+If the cipher is a fixed length cipher then attempting to set the key
+length to any value other than the fixed value is an error.
+
+EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
+length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>.
+It will return zero if the cipher does not use an IV.  The constant
+B<EVP_MAX_IV_LENGTH> is the maximum IV length for all ciphers.
+
+EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
+size of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>
+structure. The constant B<EVP_MAX_IV_LENGTH> is also the maximum block
+length for all ciphers.
+
+EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the type of the passed
+cipher or context. This "type" is the actual NID of the cipher OBJECT
+IDENTIFIER as such it ignores the cipher parameters and 40 bit RC2 and
+128 bit RC2 have the same NID. If the cipher does not have an object
+identifier or does not have ASN1 support this function will return
+B<NID_undef>.
+
+EVP_CIPHER_CTX_cipher() returns the B<EVP_CIPHER> structure when passed
+an B<EVP_CIPHER_CTX> structure.
+
+EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() return the block cipher mode:
+EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE or
+EVP_CIPH_OFB_MODE. If the cipher is a stream cipher then
+EVP_CIPH_STREAM_CIPHER is returned.
+
+EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based
+on the passed cipher. This will typically include any parameters and an
+IV. The cipher IV (if any) must be set when this call is made. This call
+should be made before the cipher is actually "used" (before any
+EVP_EncryptUpdate(), EVP_DecryptUpdate() calls for example). This function
+may fail if the cipher does not have any ASN1 support.
+
+EVP_CIPHER_asn1_to_param() sets the cipher parameters based on an ASN1
+AlgorithmIdentifier "parameter". The precise effect depends on the cipher
+In the case of RC2, for example, it will set the IV and effective key length.
+This function should be called after the base cipher type is set but before
+the key is set. For example EVP_CipherInit() will be called with the IV and
+key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally
+EVP_CipherInit() again with all parameters except the key set to NULL. It is
+possible for this function to fail if the cipher does not have any ASN1 support
+or the parameters cannot be set (for example the RC2 effective key length
+is not supported.
+
+EVP_CIPHER_CTX_ctrl() allows various cipher specific parameters to be determined
+and set. Currently only the RC2 effective key length and the number of rounds of
+RC5 can be set.
+
+=head1 RETURN VALUES
+
+EVP_CIPHER_CTX_init, EVP_EncryptInit_ex(), EVP_EncryptUpdate() and
+EVP_EncryptFinal_ex() return 1 for success and 0 for failure.
+
+EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for failure.
+EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success.
+
+EVP_CipherInit_ex() and EVP_CipherUpdate() return 1 for success and 0 for failure.
+EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success.
+
+EVP_CIPHER_CTX_cleanup() returns 1 for success and 0 for failure.
+
+EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj()
+return an B<EVP_CIPHER> structure or NULL on error.
+
+EVP_CIPHER_nid() and EVP_CIPHER_CTX_nid() return a NID.
+
+EVP_CIPHER_block_size() and EVP_CIPHER_CTX_block_size() return the block
+size.
+
+EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key
+length.
+
+EVP_CIPHER_CTX_set_padding() always returns 1.
+
+EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV
+length or zero if the cipher does not use an IV.
+
+EVP_CIPHER_type() and EVP_CIPHER_CTX_type() return the NID of the cipher's
+OBJECT IDENTIFIER or NID_undef if it has no defined OBJECT IDENTIFIER.
+
+EVP_CIPHER_CTX_cipher() returns an B<EVP_CIPHER> structure.
+
+EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return 1 for 
+success or zero for failure.
+
+=head1 CIPHER LISTING
+
+All algorithms have a fixed key length unless otherwise stated.
+
+=over 4
+
+=item EVP_enc_null()
+
+Null cipher: does nothing.
+
+=item EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void)
+
+DES in CBC, ECB, CFB and OFB modes respectively. 
+
+=item EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void),  EVP_des_ede_cfb(void)
+
+Two key triple DES in CBC, ECB, CFB and OFB modes respectively.
+
+=item EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void),  EVP_des_ede3_cfb(void)
+
+Three key triple DES in CBC, ECB, CFB and OFB modes respectively.
+
+=item EVP_desx_cbc(void)
+
+DESX algorithm in CBC mode.
+
+=item EVP_rc4(void)
+
+RC4 stream cipher. This is a variable key length cipher with default key length 128 bits.
+
+=item EVP_rc4_40(void)
+
+RC4 stream cipher with 40 bit key length. This is obsolete and new code should use EVP_rc4()
+and the EVP_CIPHER_CTX_set_key_length() function.
+
+=item EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void)
+
+IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively.
+
+=item EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void)
+
+RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key
+length cipher with an additional parameter called "effective key bits" or "effective key length".
+By default both are set to 128 bits.
+
+=item EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void)
+
+RC2 algorithm in CBC mode with a default key length and effective key length of 40 and 64 bits.
+These are obsolete and new code should use EVP_rc2_cbc(), EVP_CIPHER_CTX_set_key_length() and
+EVP_CIPHER_CTX_ctrl() to set the key length and effective key length.
+
+=item EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void);
+
+Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key
+length cipher.
+
+=item EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void)
+
+CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key
+length cipher.
+
+=item EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void)
+
+RC5 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key length
+cipher with an additional "number of rounds" parameter. By default the key length is set to 128
+bits and 12 rounds.
+
+=back
+
+=head1 NOTES
+
+Where possible the B<EVP> interface to symmetric ciphers should be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the cipher used and much more flexible.
+
+PKCS padding works by adding B<n> padding bytes of value B<n> to make the total 
+length of the encrypted data a multiple of the block size. Padding is always
+added so if the data is already a multiple of the block size B<n> will equal
+the block size. For example if the block size is 8 and 11 bytes are to be
+encrypted then 5 padding bytes of value 5 will be added.
+
+When decrypting the final block is checked to see if it has the correct form.
+
+Although the decryption operation can produce an error if padding is enabled,
+it is not a strong test that the input data or key is correct. A random block
+has better than 1 in 256 chance of being of the correct format and problems with
+the input data earlier on will not produce a final decrypt error.
+
+If padding is disabled then the decryption operation will always succeed if
+the total amount of data decrypted is a multiple of the block size.
+
+The functions EVP_EncryptInit(), EVP_EncryptFinal(), EVP_DecryptInit(),
+EVP_CipherInit() and EVP_CipherFinal() are obsolete but are retained for
+compatibility with existing code. New code should use EVP_EncryptInit_ex(),
+EVP_EncryptFinal_ex(), EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(),
+EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an
+existing context without allocating and freeing it up on each call.
+
+=head1 BUGS
+
+For RC5 the number of rounds can currently only be set to 8, 12 or 16. This is
+a limitation of the current RC5 code rather than the EVP interface.
+
+EVP_MAX_KEY_LENGTH and EVP_MAX_IV_LENGTH only refer to the internal ciphers with
+default key lengths. If custom ciphers exceed these values the results are
+unpredictable. This is because it has become standard practice to define a 
+generic key as a fixed unsigned char array containing EVP_MAX_KEY_LENGTH bytes.
+
+The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested
+for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode.
+
+=head1 EXAMPLES
+
+Get the number of rounds used in RC5:
+
+ int nrounds;
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds);
+
+Get the RC2 effective key length:
+
+ int key_bits;
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits);
+
+Set the number of rounds used in RC5:
+
+ int nrounds;
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL);
+
+Set the effective key length used in RC2:
+
+ int key_bits;
+ EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
+
+Encrypt a string using blowfish:
+
+ int do_crypt(char *outfile)
+ 	{
+	unsigned char outbuf[1024];
+	int outlen, tmplen;
+	/* Bogus key and IV: we'd normally set these from
+	 * another source.
+	 */
+	unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
+	unsigned char iv[] = {1,2,3,4,5,6,7,8};
+	char intext[] = "Some Crypto Text";
+	EVP_CIPHER_CTX ctx;
+	FILE *out;
+	EVP_CIPHER_CTX_init(&ctx);
+	EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv);
+
+	if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext)))
+		{
+		/* Error */
+		return 0;
+		}
+	/* Buffer passed to EVP_EncryptFinal() must be after data just
+	 * encrypted to avoid overwriting it.
+	 */
+	if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen))
+		{
+		/* Error */
+		return 0;
+		}
+	outlen += tmplen;
+	EVP_CIPHER_CTX_cleanup(&ctx);
+	/* Need binary mode for fopen because encrypted data is
+	 * binary data. Also cannot use strlen() on it because
+         * it wont be null terminated and may contain embedded
+	 * nulls.
+	 */
+	out = fopen(outfile, "wb");
+	fwrite(outbuf, 1, outlen, out);
+	fclose(out);
+	return 1;
+	}
+
+The ciphertext from the above example can be decrypted using the B<openssl>
+utility with the command line:
+ 
+ S<openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 -d>
+
+General encryption, decryption function example using FILE I/O and RC2 with an
+80 bit key:
+
+ int do_crypt(FILE *in, FILE *out, int do_encrypt)
+ 	{
+	/* Allow enough space in output buffer for additional block */
+	inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH];
+	int inlen, outlen;
+	/* Bogus key and IV: we'd normally set these from
+	 * another source.
+	 */
+	unsigned char key[] = "0123456789";
+	unsigned char iv[] = "12345678";
+	/* Don't set key or IV because we will modify the parameters */
+	EVP_CIPHER_CTX_init(&ctx);
+	EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt);
+	EVP_CIPHER_CTX_set_key_length(&ctx, 10);
+	/* We finished modifying parameters so now we can set key and IV */
+	EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt);
+
+	for(;;) 
+		{
+		inlen = fread(inbuf, 1, 1024, in);
+		if(inlen <= 0) break;
+		if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen))
+			{
+			/* Error */
+			return 0;
+			}
+		fwrite(outbuf, 1, outlen, out);
+		}
+	if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen))
+		{
+		/* Error */
+		return 0;
+		}
+	fwrite(outbuf, 1, outlen, out);
+
+	EVP_CIPHER_CTX_cleanup(&ctx);
+	return 1;
+	}
+
+
+=head1 SEE ALSO
+
+L<evp(3)|evp(3)>
+
+=head1 HISTORY
+
+EVP_CIPHER_CTX_init(), EVP_EncryptInit_ex(), EVP_EncryptFinal_ex(),
+EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), EVP_CipherInit_ex(),
+EVP_CipherFinal_ex() and EVP_CIPHER_CTX_set_padding() appeared in
+OpenSSL 0.9.7.
+
+=cut
diff --git a/doc/crypto/EVP_OpenInit.pod b/doc/crypto/EVP_OpenInit.pod
new file mode 100644
index 0000000000..2e710da945
--- /dev/null
+++ b/doc/crypto/EVP_OpenInit.pod
@@ -0,0 +1,63 @@
+=pod
+
+=head1 NAME
+
+EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
+		int ekl,unsigned char *iv,EVP_PKEY *priv);
+ int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, unsigned char *in, int inl);
+ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl);
+
+=head1 DESCRIPTION
+
+The EVP envelope routines are a high level interface to envelope
+decryption. They decrypt a public key encrypted symmetric key and
+then decrypt data using it.
+
+EVP_OpenInit() initializes a cipher context B<ctx> for decryption
+with cipher B<type>. It decrypts the encrypted symmetric key of length
+B<ekl> bytes passed in the B<ek> parameter using the private key B<priv>.
+The IV is supplied in the B<iv> parameter.
+
+EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties
+as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as 
+documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
+page.
+
+=head1 NOTES
+
+It is possible to call EVP_OpenInit() twice in the same way as
+EVP_DecryptInit(). The first call should have B<priv> set to NULL
+and (after setting any cipher parameters) it should be called again
+with B<type> set to NULL.
+
+If the cipher passed in the B<type> parameter is a variable length
+cipher then the key length will be set to the value of the recovered
+key length. If the cipher is a fixed length cipher then the recovered
+key length must match the fixed cipher length.
+
+=head1 RETURN VALUES
+
+EVP_OpenInit() returns 0 on error or a non zero integer (actually the
+recovered secret key size) if successful.
+
+EVP_OpenUpdate() returns 1 for success or 0 for failure.
+
+EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success.
+
+=head1 SEE ALSO
+
+L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
+L<EVP_SealInit(3)|EVP_SealInit(3)>
+
+=head1 HISTORY
+
+=cut
diff --git a/doc/crypto/EVP_PKEY_new.pod b/doc/crypto/EVP_PKEY_new.pod
new file mode 100644
index 0000000000..10687e458d
--- /dev/null
+++ b/doc/crypto/EVP_PKEY_new.pod
@@ -0,0 +1,47 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_new, EVP_PKEY_free - private key allocation functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ EVP_PKEY *EVP_PKEY_new(void);
+ void EVP_PKEY_free(EVP_PKEY *key);
+
+
+=head1 DESCRIPTION
+
+The EVP_PKEY_new() function allocates an empty B<EVP_PKEY> 
+structure which is used by OpenSSL to store private keys.
+
+EVP_PKEY_free() frees up the private key B<key>.
+
+=head1 NOTES
+
+The B<EVP_PKEY> structure is used by various OpenSSL functions
+which require a general private key without reference to any
+particular algorithm.
+
+The structure returned by EVP_PKEY_new() is empty. To add a
+private key to this empty structure the functions described in
+L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)> should be used.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_new() returns either the newly allocated B<EVP_PKEY>
+structure of B<NULL> if an error occurred.
+
+EVP_PKEY_free() does not return a value.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_set1_RSA(3)|EVP_PKEY_set1_RSA(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/doc/crypto/EVP_PKEY_set1_RSA.pod b/doc/crypto/EVP_PKEY_set1_RSA.pod
new file mode 100644
index 0000000000..2db692e271
--- /dev/null
+++ b/doc/crypto/EVP_PKEY_set1_RSA.pod
@@ -0,0 +1,80 @@
+=pod
+
+=head1 NAME
+
+EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
+EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
+EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH, EVP_PKEY_assign_EC_KEY,
+EVP_PKEY_type - EVP_PKEY assignment functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,RSA *key);
+ int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,DSA *key);
+ int EVP_PKEY_set1_DH(EVP_PKEY *pkey,DH *key);
+ int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
+
+ RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
+ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
+ DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+ EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
+
+ int EVP_PKEY_assign_RSA(EVP_PKEY *pkey,RSA *key);
+ int EVP_PKEY_assign_DSA(EVP_PKEY *pkey,DSA *key);
+ int EVP_PKEY_assign_DH(EVP_PKEY *pkey,DH *key);
+ int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey,EC_KEY *key);
+
+ int EVP_PKEY_type(int type);
+
+=head1 DESCRIPTION
+
+EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
+EVP_PKEY_set1_EC_KEY() set the key referenced by B<pkey> to B<key>.
+
+EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
+EVP_PKEY_get1_EC_KEY() return the referenced key in B<pkey> or
+B<NULL> if the key is not of the correct type.
+
+EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
+and EVP_PKEY_assign_EC_KEY() also set the referenced key to B<key>
+however these use the supplied B<key> internally and so B<key>
+will be freed when the parent B<pkey> is freed.
+
+EVP_PKEY_type() returns the type of key corresponding to the value
+B<type>. The type of a key can be obtained with
+EVP_PKEY_type(pkey->type). The return value will be EVP_PKEY_RSA,
+EVP_PKEY_DSA, EVP_PKEY_DH or EVP_PKEY_EC for the corresponding
+key types or NID_undef if the key type is unassigned.
+
+=head1 NOTES
+
+In accordance with the OpenSSL naming convention the key obtained
+from or assigned to the B<pkey> using the B<1> functions must be
+freed as well as B<pkey>.
+
+EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
+EVP_PKEY_assign_EC_KEY() are implemented as macros.
+
+=head1 RETURN VALUES
+
+EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
+EVP_PKEY_set1_EC_KEY() return 1 for success or 0 for failure.
+
+EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
+EVP_PKEY_get1_EC_KEY() return the referenced key or B<NULL> if 
+an error occurred.
+
+EVP_PKEY_assign_RSA() EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH()
+and EVP_PKEY_assign_EC_KEY() return 1 for success and 0 for failure.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_new(3)|EVP_PKEY_new(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/doc/crypto/EVP_SealInit.pod b/doc/crypto/EVP_SealInit.pod
new file mode 100644
index 0000000000..25ef07f7c7
--- /dev/null
+++ b/doc/crypto/EVP_SealInit.pod
@@ -0,0 +1,78 @@
+=pod
+
+=head1 NAME
+
+EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
+		int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
+ int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl, unsigned char *in, int inl);
+ int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+         int *outl);
+
+=head1 DESCRIPTION
+
+The EVP envelope routines are a high level interface to envelope
+encryption. They generate a random key and then "envelope" it by
+using public key encryption. Data can then be encrypted using this
+key.
+
+EVP_SealInit() initializes a cipher context B<ctx> for encryption
+with cipher B<type> using a random secret key and IV supplied in
+the B<iv> parameter. B<type> is normally supplied by a function such
+as EVP_des_cbc(). The secret key is encrypted using one or more public
+keys, this allows the same encrypted data to be decrypted using any
+of the corresponding private keys. B<ek> is an array of buffers where
+the public key encrypted secret key will be written, each buffer must
+contain enough room for the corresponding encrypted key: that is
+B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual
+size of each encrypted secret key is written to the array B<ekl>. B<pubk> is
+an array of B<npubk> public keys.
+
+EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties
+as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as 
+documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual
+page. 
+
+=head1 RETURN VALUES
+
+EVP_SealInit() returns 0 on error or B<npubk> if successful.
+
+EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for
+failure.
+
+=head1 NOTES
+
+Because a random secret key is generated the random number generator
+must be seeded before calling EVP_SealInit().
+
+The public key must be RSA because it is the only OpenSSL public key
+algorithm that supports key transport.
+
+Envelope encryption is the usual method of using public key encryption
+on large amounts of data, this is because public key encryption is slow
+but symmetric encryption is fast. So symmetric encryption is used for
+bulk encryption and the small random symmetric key used is transferred
+using public key encryption.
+
+It is possible to call EVP_SealInit() twice in the same way as
+EVP_EncryptInit(). The first call should have B<npubk> set to 0
+and (after setting any cipher parameters) it should be called again
+with B<type> set to NULL.
+
+=head1 SEE ALSO
+
+L<evp(3)|evp(3)>, L<rand(3)|rand(3)>,
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
+L<EVP_OpenInit(3)|EVP_OpenInit(3)>
+
+=head1 HISTORY
+
+EVP_SealFinal() did not return a value before OpenSSL 0.9.7.
+
+=cut
diff --git a/doc/crypto/EVP_SignInit.pod b/doc/crypto/EVP_SignInit.pod
new file mode 100644
index 0000000000..b203c3a1c5
--- /dev/null
+++ b/doc/crypto/EVP_SignInit.pod
@@ -0,0 +1,96 @@
+=pod
+
+=head1 NAME
+
+EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey);
+
+ void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+
+ int EVP_PKEY_size(EVP_PKEY *pkey);
+
+=head1 DESCRIPTION
+
+The EVP signature routines are a high level interface to digital
+signatures.
+
+EVP_SignInit_ex() sets up signing context B<ctx> to use digest
+B<type> from ENGINE B<impl>. B<ctx> must be initialized with
+EVP_MD_CTX_init() before calling this function.
+
+EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the
+signature context B<ctx>. This function can be called several times on the
+same B<ctx> to include additional data.
+
+EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey>
+and places the signature in B<sig>. If the B<s> parameter is not NULL
+then the number of bytes of data written (i.e. the length of the signature)
+will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes
+will be written. 
+
+EVP_SignInit() initializes a signing context B<ctx> to use the default
+implementation of digest B<type>.
+
+EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual
+signature returned by EVP_SignFinal() may be smaller.
+
+=head1 RETURN VALUES
+
+EVP_SignInit_ex(), EVP_SignUpdate() and EVP_SignFinal() return 1
+for success and 0 for failure.
+
+EVP_PKEY_size() returns the maximum size of a signature in bytes.
+
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 NOTES
+
+The B<EVP> interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+
+Due to the link between message digests and public key algorithms the correct
+digest algorithm must be used with the correct public key type. A list of
+algorithms and associated public key algorithms appears in 
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
+
+When signing with DSA private keys the random number generator must be seeded
+or the operation will fail. The random number generator does not need to be
+seeded for RSA signatures.
+
+The call to EVP_SignFinal() internally finalizes a copy of the digest context.
+This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called
+later to digest and sign additional data.
+
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
+will occur.
+
+=head1 BUGS
+
+Older versions of this documentation wrongly stated that calls to 
+EVP_SignUpdate() could not be made after calling EVP_SignFinal().
+
+=head1 SEE ALSO
+
+L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+
+=head1 HISTORY
+
+EVP_SignInit(), EVP_SignUpdate() and EVP_SignFinal() are
+available in all versions of SSLeay and OpenSSL.
+
+EVP_SignInit_ex() was added in OpenSSL 0.9.7.
+
+=cut
diff --git a/doc/crypto/EVP_VerifyInit.pod b/doc/crypto/EVP_VerifyInit.pod
new file mode 100644
index 0000000000..b6afaedee5
--- /dev/null
+++ b/doc/crypto/EVP_VerifyInit.pod
@@ -0,0 +1,86 @@
+=pod
+
+=head1 NAME
+
+EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
+ int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
+ int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey);
+
+ int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+
+=head1 DESCRIPTION
+
+The EVP signature verification routines are a high level interface to digital
+signatures.
+
+EVP_VerifyInit_ex() sets up verification context B<ctx> to use digest
+B<type> from ENGINE B<impl>. B<ctx> must be initialized by calling
+EVP_MD_CTX_init() before calling this function.
+
+EVP_VerifyUpdate() hashes B<cnt> bytes of data at B<d> into the
+verification context B<ctx>. This function can be called several times on the
+same B<ctx> to include additional data.
+
+EVP_VerifyFinal() verifies the data in B<ctx> using the public key B<pkey>
+and against the B<siglen> bytes at B<sigbuf>.
+
+EVP_VerifyInit() initializes verification context B<ctx> to use the default
+implementation of digest B<type>.
+
+=head1 RETURN VALUES
+
+EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for
+failure.
+
+EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some
+other error occurred.
+
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 NOTES
+
+The B<EVP> interface to digital signatures should almost always be used in
+preference to the low level interfaces. This is because the code then becomes
+transparent to the algorithm used and much more flexible.
+
+Due to the link between message digests and public key algorithms the correct
+digest algorithm must be used with the correct public key type. A list of
+algorithms and associated public key algorithms appears in 
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>.
+
+The call to EVP_VerifyFinal() internally finalizes a copy of the digest context.
+This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called
+later to digest and verify additional data.
+
+Since only a copy of the digest context is ever finalized the context must
+be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak
+will occur.
+
+=head1 BUGS
+
+Older versions of this documentation wrongly stated that calls to 
+EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal().
+
+=head1 SEE ALSO
+
+L<evp(3)|evp(3)>,
+L<EVP_SignInit(3)|EVP_SignInit(3)>,
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+
+=head1 HISTORY
+
+EVP_VerifyInit(), EVP_VerifyUpdate() and EVP_VerifyFinal() are
+available in all versions of SSLeay and OpenSSL.
+
+EVP_VerifyInit_ex() was added in OpenSSL 0.9.7
+
+=cut
diff --git a/doc/crypto/OBJ_nid2obj.pod b/doc/crypto/OBJ_nid2obj.pod
new file mode 100644
index 0000000000..7dcc07923f
--- /dev/null
+++ b/doc/crypto/OBJ_nid2obj.pod
@@ -0,0 +1,149 @@
+=pod
+
+=head1 NAME
+
+OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid,
+OBJ_cmp, OBJ_dup, OBJ_txt2obj, OBJ_obj2txt, OBJ_create, OBJ_cleanup - ASN1 object utility
+functions
+
+=head1 SYNOPSIS
+
+ ASN1_OBJECT * OBJ_nid2obj(int n);
+ const char *  OBJ_nid2ln(int n);
+ const char *  OBJ_nid2sn(int n);
+
+ int OBJ_obj2nid(const ASN1_OBJECT *o);
+ int OBJ_ln2nid(const char *ln);
+ int OBJ_sn2nid(const char *sn);
+
+ int OBJ_txt2nid(const char *s);
+
+ ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name);
+ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
+
+ int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b);
+ ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o);
+
+ int OBJ_create(const char *oid,const char *sn,const char *ln);
+ void OBJ_cleanup(void);
+
+=head1 DESCRIPTION
+
+The ASN1 object utility functions process ASN1_OBJECT structures which are
+a representation of the ASN1 OBJECT IDENTIFIER (OID) type.
+
+OBJ_nid2obj(), OBJ_nid2ln() and OBJ_nid2sn() convert the NID B<n> to 
+an ASN1_OBJECT structure, its long name and its short name respectively,
+or B<NULL> is an error occurred.
+
+OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() return the corresponding NID
+for the object B<o>, the long name <ln> or the short name <sn> respectively
+or NID_undef if an error occurred.
+
+OBJ_txt2nid() returns NID corresponding to text string <s>. B<s> can be
+a long name, a short name or the numerical respresentation of an object.
+
+OBJ_txt2obj() converts the text string B<s> into an ASN1_OBJECT structure.
+If B<no_name> is 0 then long names and short names will be interpreted
+as well as numerical forms. If B<no_name> is 1 only the numerical form
+is acceptable.
+
+OBJ_obj2txt() converts the B<ASN1_OBJECT> B<a> into a textual representation.
+The representation is written as a null terminated string to B<buf>
+at most B<buf_len> bytes are written, truncating the result if necessary.
+The total amount of space required is returned. If B<no_name> is 0 then
+if the object has a long or short name then that will be used, otherwise
+the numerical form will be used. If B<no_name> is 1 then the numerical
+form will always be used.
+
+OBJ_cmp() compares B<a> to B<b>. If the two are identical 0 is returned.
+
+OBJ_dup() returns a copy of B<o>.
+
+OBJ_create() adds a new object to the internal table. B<oid> is the 
+numerical form of the object, B<sn> the short name and B<ln> the
+long name. A new NID is returned for the created object.
+
+OBJ_cleanup() cleans up OpenSSLs internal object table: this should
+be called before an application exits if any new objects were added
+using OBJ_create().
+
+=head1 NOTES
+
+Objects in OpenSSL can have a short name, a long name and a numerical
+identifier (NID) associated with them. A standard set of objects is
+represented in an internal table. The appropriate values are defined
+in the header file B<objects.h>.
+
+For example the OID for commonName has the following definitions:
+
+ #define SN_commonName                   "CN"
+ #define LN_commonName                   "commonName"
+ #define NID_commonName                  13
+
+New objects can be added by calling OBJ_create().
+
+Table objects have certain advantages over other objects: for example
+their NIDs can be used in a C language switch statement. They are
+also static constant structures which are shared: that is there
+is only a single constant structure for each table object.
+
+Objects which are not in the table have the NID value NID_undef.
+
+Objects do not need to be in the internal tables to be processed,
+the functions OBJ_txt2obj() and OBJ_obj2txt() can process the numerical
+form of an OID.
+
+=head1 EXAMPLES
+
+Create an object for B<commonName>:
+
+ ASN1_OBJECT *o;
+ o = OBJ_nid2obj(NID_commonName);
+
+Check if an object is B<commonName>
+
+ if (OBJ_obj2nid(obj) == NID_commonName)
+	/* Do something */
+
+Create a new NID and initialize an object from it:
+
+ int new_nid;
+ ASN1_OBJECT *obj;
+ new_nid = OBJ_create("1.2.3.4", "NewOID", "New Object Identifier");
+
+ obj = OBJ_nid2obj(new_nid);
+ 
+Create a new object directly:
+
+ obj = OBJ_txt2obj("1.2.3.4", 1);
+
+=head1 BUGS
+
+OBJ_obj2txt() is awkward and messy to use: it doesn't follow the 
+convention of other OpenSSL functions where the buffer can be set
+to B<NULL> to determine the amount of data that should be written.
+Instead B<buf> must point to a valid buffer and B<buf_len> should
+be set to a positive value. A buffer length of 80 should be more
+than enough to handle any OID encountered in practice.
+
+=head1 RETURN VALUES
+
+OBJ_nid2obj() returns an B<ASN1_OBJECT> structure or B<NULL> is an
+error occurred.
+
+OBJ_nid2ln() and OBJ_nid2sn() returns a valid string or B<NULL>
+on error.
+
+OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() and OBJ_txt2nid() return
+a NID or B<NID_undef> on error.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/doc/crypto/OPENSSL_VERSION_NUMBER.pod b/doc/crypto/OPENSSL_VERSION_NUMBER.pod
new file mode 100644
index 0000000000..c39ac35e78
--- /dev/null
+++ b/doc/crypto/OPENSSL_VERSION_NUMBER.pod
@@ -0,0 +1,101 @@
+=pod
+
+=head1 NAME
+
+OPENSSL_VERSION_NUMBER, SSLeay, SSLeay_version - get OpenSSL version number
+
+=head1 SYNOPSIS
+
+ #include <openssl/opensslv.h>
+ #define OPENSSL_VERSION_NUMBER 0xnnnnnnnnnL
+
+ #include <openssl/crypto.h>
+ long SSLeay(void);
+ const char *SSLeay_version(int t);
+
+=head1 DESCRIPTION
+
+OPENSSL_VERSION_NUMBER is a numeric release version identifier:
+
+ MMNNFFPPS: major minor fix patch status
+
+The status nibble has one of the values 0 for development, 1 to e for betas
+1 to 14, and f for release.
+
+for example
+
+ 0x000906000 == 0.9.6 dev
+ 0x000906023 == 0.9.6b beta 3
+ 0x00090605f == 0.9.6e release
+
+Versions prior to 0.9.3 have identifiers E<lt> 0x0930.
+Versions between 0.9.3 and 0.9.5 had a version identifier with this
+interpretation:
+
+ MMNNFFRBB major minor fix final beta/patch
+
+for example
+
+ 0x000904100 == 0.9.4 release
+ 0x000905000 == 0.9.5 dev
+
+Version 0.9.5a had an interim interpretation that is like the current one,
+except the patch level got the highest bit set, to keep continuity.  The
+number was therefore 0x0090581f.
+
+
+For backward compatibility, SSLEAY_VERSION_NUMBER is also defined.
+
+SSLeay() returns this number. The return value can be compared to the
+macro to make sure that the correct version of the library has been
+loaded, especially when using DLLs on Windows systems.
+
+SSLeay_version() returns different strings depending on B<t>:
+
+=over 4
+
+=item SSLEAY_VERSION
+
+The text variant of the version number and the release date.  For example,
+"OpenSSL 0.9.5a 1 Apr 2000".
+
+=item SSLEAY_CFLAGS
+
+The compiler flags set for the compilation process in the form
+"compiler: ..."  if available or "compiler: information not available"
+otherwise.
+
+=item SSLEAY_BUILT_ON
+
+The date of the build process in the form "built on: ..." if available
+or "built on: date not available" otherwise.
+
+=item SSLEAY_PLATFORM
+
+The "Configure" target of the library build in the form "platform: ..."
+if available or "platform: information not available" otherwise.
+
+=item SSLEAY_DIR
+
+The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "...""
+if available or "OPENSSLDIR: N/A" otherwise.
+
+=back
+
+For an unknown B<t>, the text "not available" is returned.
+
+=head1 RETURN VALUE
+
+The version number.
+
+=head1 SEE ALSO
+
+L<crypto(3)|crypto(3)>
+
+=head1 HISTORY
+
+SSLeay() and SSLEAY_VERSION_NUMBER are available in all versions of SSLeay and OpenSSL.
+OPENSSL_VERSION_NUMBER is available in all versions of OpenSSL.
+B<SSLEAY_DIR> was added in OpenSSL 0.9.7.
+
+=cut
diff --git a/doc/crypto/OpenSSL_add_all_algorithms.pod b/doc/crypto/OpenSSL_add_all_algorithms.pod
new file mode 100644
index 0000000000..486c903430
--- /dev/null
+++ b/doc/crypto/OpenSSL_add_all_algorithms.pod
@@ -0,0 +1,66 @@
+=pod
+
+=head1 NAME
+
+OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests -
+add algorithms to internal table
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ void OpenSSL_add_all_algorithms(void);
+ void OpenSSL_add_all_ciphers(void);
+ void OpenSSL_add_all_digests(void);
+
+ void EVP_cleanup(void);
+
+=head1 DESCRIPTION
+
+OpenSSL keeps an internal table of digest algorithms and ciphers. It uses
+this table to lookup ciphers via functions such as EVP_get_cipher_byname().
+
+OpenSSL_add_all_digests() adds all digest algorithms to the table.
+
+OpenSSL_add_all_algorithms() adds all algorithms to the table (digests and
+ciphers).
+
+OpenSSL_add_all_ciphers() adds all encryption algorithms to the table including
+password based encryption algorithms.
+
+EVP_cleanup() removes all ciphers and digests from the table.
+
+=head1 RETURN VALUES
+
+None of the functions return a value.
+
+=head1 NOTES
+
+A typical application will will call OpenSSL_add_all_algorithms() initially and
+EVP_cleanup() before exiting.
+
+An application does not need to add algorithms to use them explicitly, for example
+by EVP_sha1(). It just needs to add them if it (or any of the functions it calls)
+needs to lookup algorithms.
+
+The cipher and digest lookup functions are used in many parts of the library. If
+the table is not initialized several functions will misbehave and complain they
+cannot find algorithms. This includes the PEM, PKCS#12, SSL and S/MIME libraries.
+This is a common query in the OpenSSL mailing lists.
+
+Calling OpenSSL_add_all_algorithms() links in all algorithms: as a result a
+statically linked executable can be quite large. If this is important it is possible
+to just add the required ciphers and digests.
+
+=head1 BUGS
+
+Although the functions do not return error codes it is possible for them to fail.
+This will only happen as a result of a memory allocation failure so this is not
+too much of a problem in practice.
+
+=head1 SEE ALSO
+
+L<evp(3)|evp(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>
+
+=cut
diff --git a/doc/crypto/PKCS12_create.pod b/doc/crypto/PKCS12_create.pod
new file mode 100644
index 0000000000..de7cab2bdf
--- /dev/null
+++ b/doc/crypto/PKCS12_create.pod
@@ -0,0 +1,75 @@
+=pod
+
+=head1 NAME
+
+PKCS12_create - create a PKCS#12 structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs12.h>
+
+ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, STACK_OF(X509) *ca,
+				int nid_key, int nid_cert, int iter, int mac_iter, int keytype);
+
+=head1 DESCRIPTION
+
+PKCS12_create() creates a PKCS#12 structure.
+
+B<pass> is the passphrase to use. B<name> is the B<friendlyName> to use for
+the supplied certifictate and key. B<pkey> is the private key to include in
+the structure and B<cert> its corresponding certificates. B<ca>, if not B<NULL>
+is an optional set of certificates to also include in the structure.
+
+B<nid_key> and B<nid_cert> are the encryption algorithms that should be used
+for the key and certificate respectively. B<iter> is the encryption algorithm
+iteration count to use and B<mac_iter> is the MAC iteration count to use.
+B<keytype> is the type of key.
+
+=head1 NOTES
+
+The parameters B<nid_key>, B<nid_cert>, B<iter>, B<mac_iter> and B<keytype>
+can all be set to zero and sensible defaults will be used.
+
+These defaults are: 40 bit RC2 encryption for certificates, triple DES
+encryption for private keys, a key iteration count of PKCS12_DEFAULT_ITER
+(currently 2048) and a MAC iteration count of 1.
+
+The default MAC iteration count is 1 in order to retain compatibility with
+old software which did not interpret MAC iteration counts. If such compatibility
+is not required then B<mac_iter> should be set to PKCS12_DEFAULT_ITER.
+
+B<keytype> adds a flag to the store private key. This is a non standard extension
+that is only currently interpreted by MSIE. If set to zero the flag is omitted,
+if set to B<KEY_SIG> the key can be used for signing only, if set to B<KEY_EX>
+it can be used for signing and encryption. This option was useful for old
+export grade software which could use signing only keys of arbitrary size but
+had restrictions on the permissible sizes of keys which could be used for
+encryption.
+
+=head1 NEW FUNCTIONALITY IN OPENSSL 0.9.8
+
+Some additional functionality was added to PKCS12_create() in OpenSSL
+0.9.8. These extensions are detailed below.
+
+If a certificate contains an B<alias> or B<keyid> then this will be
+used for the corresponding B<friendlyName> or B<localKeyID> in the
+PKCS12 structure.
+
+Either B<pkey>, B<cert> or both can be B<NULL> to indicate that no key or
+certficate is required. In previous versions both had to be present or
+a fatal error is returned.
+
+B<nid_key> or B<nid_cert> can be set to -1 indicating that no encryption
+should be used. 
+
+B<mac_iter> can be set to -1 and the MAC will then be omitted entirely.
+
+=head1 SEE ALSO
+
+L<d2i_PKCS12(3)|d2i_PKCS12(3)>
+
+=head1 HISTORY
+
+PKCS12_create was added in OpenSSL 0.9.3
+
+=cut
diff --git a/doc/crypto/PKCS12_parse.pod b/doc/crypto/PKCS12_parse.pod
new file mode 100644
index 0000000000..51344f883a
--- /dev/null
+++ b/doc/crypto/PKCS12_parse.pod
@@ -0,0 +1,50 @@
+=pod
+
+=head1 NAME
+
+PKCS12_parse - parse a PKCS#12 structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/pkcs12.h>
+
+int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
+
+=head1 DESCRIPTION
+
+PKCS12_parse() parses a PKCS12 structure.
+
+B<p12> is the B<PKCS12> structure to parse. B<pass> is the passphrase to use.
+If successful the private key will be written to B<*pkey>, the corresponding
+certificate to B<*cert> and any additional certificates to B<*ca>.
+
+=head1 NOTES
+
+The parameters B<pkey> and B<cert> cannot be B<NULL>. B<ca> can be <NULL>
+in which case additional certificates will be discarded. B<*ca> can also
+be a valid STACK in which case additional certificates are appended to
+B<*ca>. If B<*ca> is B<NULL> a new STACK will be allocated.
+
+The B<friendlyName> and B<localKeyID> attributes (if present) on each certificate
+will be stored in the B<alias> and B<keyid> attributes of the B<X509> structure.
+
+=head1 BUGS
+
+Only a single private key and corresponding certificate is returned by this function.
+More complex PKCS#12 files with multiple private keys will only return the first
+match.
+
+Only B<friendlyName> and B<localKeyID> attributes are currently stored in certificates.
+Other attributes are discarded.
+
+Attributes currently cannot be store in the private key B<EVP_PKEY> structure.
+
+=head1 SEE ALSO
+
+L<d2i_PKCS12(3)|d2i_PKCS12(3)>
+
+=head1 HISTORY
+
+PKCS12_parse was added in OpenSSL 0.9.3
+
+=cut
diff --git a/doc/crypto/PKCS7_decrypt.pod b/doc/crypto/PKCS7_decrypt.pod
new file mode 100644
index 0000000000..b0ca067b89
--- /dev/null
+++ b/doc/crypto/PKCS7_decrypt.pod
@@ -0,0 +1,53 @@
+=pod
+
+=head1 NAME
+
+PKCS7_decrypt - decrypt content from a PKCS#7 envelopedData structure
+
+=head1 SYNOPSIS
+
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
+
+=head1 DESCRIPTION
+
+PKCS7_decrypt() extracts and decrypts the content from a PKCS#7 envelopedData
+structure. B<pkey> is the private key of the recipient, B<cert> is the
+recipients certificate, B<data> is a BIO to write the content to and
+B<flags> is an optional set of flags.
+
+=head1 NOTES
+
+OpenSSL_add_all_algorithms() (or equivalent) should be called before using this
+function or errors about unknown algorithms will occur.
+
+Although the recipients certificate is not needed to decrypt the data it is needed
+to locate the appropriate (of possible several) recipients in the PKCS#7 structure.
+
+The following flags can be passed in the B<flags> parameter.
+
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are deleted
+from the content. If the content is not of type B<text/plain> then an error is
+returned.
+
+=head1 RETURN VALUES
+
+PKCS7_decrypt() returns either 1 for success or 0 for failure.
+The error can be obtained from ERR_get_error(3)
+
+=head1 BUGS
+
+PKCS7_decrypt() must be passed the correct recipient key and certificate. It would
+be better if it could look up the correct key and certificate from a database.
+
+The lack of single pass processing and need to hold all data in memory as
+mentioned in PKCS7_sign() also applies to PKCS7_verify().
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
+
+=head1 HISTORY
+
+PKCS7_decrypt() was added to OpenSSL 0.9.5
+
+=cut
diff --git a/doc/crypto/PKCS7_encrypt.pod b/doc/crypto/PKCS7_encrypt.pod
new file mode 100644
index 0000000000..1a507b22a2
--- /dev/null
+++ b/doc/crypto/PKCS7_encrypt.pod
@@ -0,0 +1,65 @@
+=pod
+
+=head1 NAME
+
+PKCS7_encrypt - create a PKCS#7 envelopedData structure
+
+=head1 SYNOPSIS
+
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
+
+=head1 DESCRIPTION
+
+PKCS7_encrypt() creates and returns a PKCS#7 envelopedData structure. B<certs>
+is a list of recipient certificates. B<in> is the content to be encrypted.
+B<cipher> is the symmetric cipher to use. B<flags> is an optional set of flags.
+
+=head1 NOTES
+
+Only RSA keys are supported in PKCS#7 and envelopedData so the recipient certificates
+supplied to this function must all contain RSA public keys, though they do not have to
+be signed using the RSA algorithm.
+
+EVP_des_ede3_cbc() (triple DES) is the algorithm of choice for S/MIME use because
+most clients will support it.
+
+Some old "export grade" clients may only support weak encryption using 40 or 64 bit
+RC2. These can be used by passing EVP_rc2_40_cbc() and EVP_rc2_64_cbc() respectively.
+
+The algorithm passed in the B<cipher> parameter must support ASN1 encoding of its
+parameters. 
+
+Many browsers implement a "sign and encrypt" option which is simply an S/MIME 
+envelopedData containing an S/MIME signed message. This can be readily produced
+by storing the S/MIME signed message in a memory BIO and passing it to
+PKCS7_encrypt().
+
+The following flags can be passed in the B<flags> parameter.
+
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
+to the data.
+
+Normally the supplied content is translated into MIME canonical format (as required
+by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This
+option should be used if the supplied data is in binary format otherwise the translation
+will corrupt it. If B<PKCS7_BINARY> is set then B<PKCS7_TEXT> is ignored.
+
+=head1 RETURN VALUES
+
+PKCS7_encrypt() returns either a valid PKCS7 structure or NULL if an error occurred.
+The error can be obtained from ERR_get_error(3).
+
+=head1 BUGS
+
+The lack of single pass processing and need to hold all data in memory as
+mentioned in PKCS7_sign() also applies to PKCS7_verify().
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
+
+=head1 HISTORY
+
+PKCS7_decrypt() was added to OpenSSL 0.9.5
+
+=cut
diff --git a/doc/crypto/PKCS7_sign.pod b/doc/crypto/PKCS7_sign.pod
new file mode 100644
index 0000000000..fc7e649b34
--- /dev/null
+++ b/doc/crypto/PKCS7_sign.pod
@@ -0,0 +1,85 @@
+=pod
+
+=head1 NAME
+
+PKCS7_sign - create a PKCS#7 signedData structure
+
+=head1 SYNOPSIS
+
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);
+
+=head1 DESCRIPTION
+
+PKCS7_sign() creates and returns a PKCS#7 signedData structure. B<signcert>
+is the certificate to sign with, B<pkey> is the corresponsding private key.
+B<certs> is an optional additional set of certificates to include in the
+PKCS#7 structure (for example any intermediate CAs in the chain). 
+
+The data to be signed is read from BIO B<data>.
+
+B<flags> is an optional set of flags.
+
+=head1 NOTES
+
+Any of the following flags (ored together) can be passed in the B<flags> parameter.
+
+Many S/MIME clients expect the signed content to include valid MIME headers. If
+the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are prepended
+to the data.
+
+If B<PKCS7_NOCERTS> is set the signer's certificate will not be included in the
+PKCS7 structure, the signer's certificate must still be supplied in the B<signcert>
+parameter though. This can reduce the size of the signature if the signers certificate
+can be obtained by other means: for example a previously signed message.
+
+The data being signed is included in the PKCS7 structure, unless B<PKCS7_DETACHED> 
+is set in which case it is omitted. This is used for PKCS7 detached signatures
+which are used in S/MIME plaintext signed messages for example.
+
+Normally the supplied content is translated into MIME canonical format (as required
+by the S/MIME specifications) if B<PKCS7_BINARY> is set no translation occurs. This
+option should be used if the supplied data is in binary format otherwise the translation
+will corrupt it.
+
+The signedData structure includes several PKCS#7 autenticatedAttributes including
+the signing time, the PKCS#7 content type and the supported list of ciphers in
+an SMIMECapabilities attribute. If B<PKCS7_NOATTR> is set then no authenticatedAttributes
+will be used. If B<PKCS7_NOSMIMECAP> is set then just the SMIMECapabilities are
+omitted.
+
+If present the SMIMECapabilities attribute indicates support for the following
+algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any
+of these algorithms is disabled then it will not be included.
+
+=head1 BUGS
+
+PKCS7_sign() is somewhat limited. It does not support multiple signers, some
+advanced attributes such as counter signatures are not supported.
+
+The SHA1 digest algorithm is currently always used.
+
+When the signed data is not detached it will be stored in memory within the
+B<PKCS7> structure. This effectively limits the size of messages which can be
+signed due to memory restraints. There should be a way to sign data without
+having to hold it all in memory, this would however require fairly major
+revisions of the OpenSSL ASN1 code.
+
+Clear text signing does not store the content in memory but the way PKCS7_sign()
+operates means that two passes of the data must typically be made: one to compute
+the signatures and a second to output the data along with the signature. There
+should be a way to process the data with only a single pass.
+
+=head1 RETURN VALUES
+
+PKCS7_sign() returns either a valid PKCS7 structure or NULL if an error occurred.
+The error can be obtained from ERR_get_error(3).
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_verify(3)|PKCS7_verify(3)>
+
+=head1 HISTORY
+
+PKCS7_sign() was added to OpenSSL 0.9.5
+
+=cut
diff --git a/doc/crypto/PKCS7_verify.pod b/doc/crypto/PKCS7_verify.pod
new file mode 100644
index 0000000000..07c9fdad40
--- /dev/null
+++ b/doc/crypto/PKCS7_verify.pod
@@ -0,0 +1,116 @@
+=pod
+
+=head1 NAME
+
+PKCS7_verify - verify a PKCS#7 signedData structure
+
+=head1 SYNOPSIS
+
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
+
+int PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
+
+=head1 DESCRIPTION
+
+PKCS7_verify() verifies a PKCS#7 signedData structure. B<p7> is the PKCS7
+structure to verify. B<certs> is a set of certificates in which to search for
+the signer's certificate. B<store> is a trusted certficate store (used for
+chain verification). B<indata> is the signed data if the content is not
+present in B<p7> (that is it is detached). The content is written to B<out>
+if it is not NULL.
+
+B<flags> is an optional set of flags, which can be used to modify the verify
+operation.
+
+PKCS7_get0_signers() retrieves the signer's certificates from B<p7>, it does
+B<not> check their validity or whether any signatures are valid. The B<certs>
+and B<flags> parameters have the same meanings as in PKCS7_verify().
+
+=head1 VERIFY PROCESS
+
+Normally the verify process proceeds as follows.
+
+Initially some sanity checks are performed on B<p7>. The type of B<p7> must
+be signedData. There must be at least one signature on the data and if
+the content is detached B<indata> cannot be B<NULL>.
+
+An attempt is made to locate all the signer's certificates, first looking in
+the B<certs> parameter (if it is not B<NULL>) and then looking in any certificates
+contained in the B<p7> structure itself. If any signer's certificates cannot be
+located the operation fails.
+
+Each signer's certificate is chain verified using the B<smimesign> purpose and
+the supplied trusted certificate store. Any internal certificates in the message
+are used as untrusted CAs. If any chain verify fails an error code is returned.
+
+Finally the signed content is read (and written to B<out> is it is not NULL) and
+the signature's checked.
+
+If all signature's verify correctly then the function is successful.
+
+Any of the following flags (ored together) can be passed in the B<flags> parameter
+to change the default verify behaviour. Only the flag B<PKCS7_NOINTERN> is
+meaningful to PKCS7_get0_signers().
+
+If B<PKCS7_NOINTERN> is set the certificates in the message itself are not 
+searched when locating the signer's certificate. This means that all the signers
+certificates must be in the B<certs> parameter.
+
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain> are deleted
+from the content. If the content is not of type B<text/plain> then an error is
+returned.
+
+If B<PKCS7_NOVERIFY> is set the signer's certificates are not chain verified.
+
+If B<PKCS7_NOCHAIN> is set then the certificates contained in the message are
+not used as untrusted CAs. This means that the whole verify chain (apart from
+the signer's certificate) must be contained in the trusted store.
+
+If B<PKCS7_NOSIGS> is set then the signatures on the data are not checked.
+
+=head1 NOTES
+
+One application of B<PKCS7_NOINTERN> is to only accept messages signed by
+a small number of certificates. The acceptable certificates would be passed
+in the B<certs> parameter. In this case if the signer is not one of the
+certificates supplied in B<certs> then the verify will fail because the
+signer cannot be found.
+
+Care should be taken when modifying the default verify behaviour, for example
+setting B<PKCS7_NOVERIFY|PKCS7_NOSIGS> will totally disable all verification 
+and any signed message will be considered valid. This combination is however
+useful if one merely wishes to write the content to B<out> and its validity
+is not considered important.
+
+Chain verification should arguably be performed  using the signing time rather
+than the current time. However since the signing time is supplied by the
+signer it cannot be trusted without additional evidence (such as a trusted
+timestamp).
+
+=head1 RETURN VALUES
+
+PKCS7_verify() returns 1 for a successful verification and zero or a negative
+value if an error occurs.
+
+PKCS7_get0_signers() returns all signers or B<NULL> if an error occurred.
+
+The error can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 BUGS
+
+The trusted certificate store is not searched for the signers certificate,
+this is primarily due to the inadequacies of the current B<X509_STORE>
+functionality.
+
+The lack of single pass processing and need to hold all data in memory as
+mentioned in PKCS7_sign() also applies to PKCS7_verify().
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>
+
+=head1 HISTORY
+
+PKCS7_verify() was added to OpenSSL 0.9.5
+
+=cut
diff --git a/doc/crypto/RAND_add.pod b/doc/crypto/RAND_add.pod
new file mode 100644
index 0000000000..67c66f3e0c
--- /dev/null
+++ b/doc/crypto/RAND_add.pod
@@ -0,0 +1,77 @@
+=pod
+
+=head1 NAME
+
+RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen - add
+entropy to the PRNG
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ void RAND_seed(const void *buf, int num);
+
+ void RAND_add(const void *buf, int num, double entropy);
+
+ int  RAND_status(void);
+
+ int  RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam);
+ void RAND_screen(void);
+
+=head1 DESCRIPTION
+
+RAND_add() mixes the B<num> bytes at B<buf> into the PRNG state. Thus,
+if the data at B<buf> are unpredictable to an adversary, this
+increases the uncertainty about the state and makes the PRNG output
+less predictable. Suitable input comes from user interaction (random
+key presses, mouse movements) and certain hardware events. The
+B<entropy> argument is (the lower bound of) an estimate of how much
+randomness is contained in B<buf>, measured in bytes. Details about
+sources of randomness and how to estimate their entropy can be found
+in the literature, e.g. RFC 1750.
+
+RAND_add() may be called with sensitive data such as user entered
+passwords. The seed values cannot be recovered from the PRNG output.
+
+OpenSSL makes sure that the PRNG state is unique for each thread. On
+systems that provide C</dev/urandom>, the randomness device is used
+to seed the PRNG transparently. However, on all other systems, the
+application is responsible for seeding the PRNG by calling RAND_add(),
+L<RAND_egd(3)|RAND_egd(3)>
+or L<RAND_load_file(3)|RAND_load_file(3)>.
+
+RAND_seed() is equivalent to RAND_add() when B<num == entropy>.
+
+RAND_event() collects the entropy from Windows events such as mouse
+movements and other user interaction. It should be called with the
+B<iMsg>, B<wParam> and B<lParam> arguments of I<all> messages sent to
+the window procedure. It will estimate the entropy contained in the
+event message (if any), and add it to the PRNG. The program can then
+process the messages as usual.
+
+The RAND_screen() function is available for the convenience of Windows
+programmers. It adds the current contents of the screen to the PRNG.
+For applications that can catch Windows events, seeding the PRNG by
+calling RAND_event() is a significantly better source of
+randomness. It should be noted that both methods cannot be used on
+servers that run without user interaction.
+
+=head1 RETURN VALUES
+
+RAND_status() and RAND_event() return 1 if the PRNG has been seeded
+with enough data, 0 otherwise.
+
+The other functions do not return values.
+
+=head1 SEE ALSO
+
+L<rand(3)|rand(3)>, L<RAND_egd(3)|RAND_egd(3)>,
+L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
+
+=head1 HISTORY
+
+RAND_seed() and RAND_screen() are available in all versions of SSLeay
+and OpenSSL. RAND_add() and RAND_status() have been added in OpenSSL
+0.9.5, RAND_event() in OpenSSL 0.9.5a.
+
+=cut
diff --git a/doc/crypto/RAND_bytes.pod b/doc/crypto/RAND_bytes.pod
new file mode 100644
index 0000000000..ce6329ce54
--- /dev/null
+++ b/doc/crypto/RAND_bytes.pod
@@ -0,0 +1,47 @@
+=pod
+
+=head1 NAME
+
+RAND_bytes, RAND_pseudo_bytes - generate random data
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ int RAND_bytes(unsigned char *buf, int num);
+
+ int RAND_pseudo_bytes(unsigned char *buf, int num);
+
+=head1 DESCRIPTION
+
+RAND_bytes() puts B<num> cryptographically strong pseudo-random bytes
+into B<buf>. An error occurs if the PRNG has not been seeded with
+enough randomness to ensure an unpredictable byte sequence.
+
+RAND_pseudo_bytes() puts B<num> pseudo-random bytes into B<buf>.
+Pseudo-random byte sequences generated by RAND_pseudo_bytes() will be
+unique if they are of sufficient length, but are not necessarily
+unpredictable. They can be used for non-cryptographic purposes and for
+certain purposes in cryptographic protocols, but usually not for key
+generation etc.
+
+=head1 RETURN VALUES
+
+RAND_bytes() returns 1 on success, 0 otherwise. The error code can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>. RAND_pseudo_bytes() returns 1 if the
+bytes generated are cryptographically strong, 0 otherwise. Both
+functions return -1 if they are not supported by the current RAND
+method.
+
+=head1 SEE ALSO
+
+L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+L<RAND_add(3)|RAND_add(3)>
+
+=head1 HISTORY
+
+RAND_bytes() is available in all versions of SSLeay and OpenSSL.  It
+has a return value since OpenSSL 0.9.5. RAND_pseudo_bytes() was added
+in OpenSSL 0.9.5.
+
+=cut
diff --git a/doc/crypto/RAND_cleanup.pod b/doc/crypto/RAND_cleanup.pod
new file mode 100644
index 0000000000..3a8f0749a8
--- /dev/null
+++ b/doc/crypto/RAND_cleanup.pod
@@ -0,0 +1,29 @@
+=pod
+
+=head1 NAME
+
+RAND_cleanup - erase the PRNG state
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ void RAND_cleanup(void);
+
+=head1 DESCRIPTION
+
+RAND_cleanup() erases the memory used by the PRNG.
+
+=head1 RETURN VALUE
+
+RAND_cleanup() returns no value.
+
+=head1 SEE ALSO
+
+L<rand(3)|rand(3)>
+
+=head1 HISTORY
+
+RAND_cleanup() is available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/doc/crypto/RAND_egd.pod b/doc/crypto/RAND_egd.pod
new file mode 100644
index 0000000000..62adbe19b2
--- /dev/null
+++ b/doc/crypto/RAND_egd.pod
@@ -0,0 +1,85 @@
+=pod
+
+=head1 NAME
+
+RAND_egd - query entropy gathering daemon
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ int RAND_egd(const char *path);
+ int RAND_egd_bytes(const char *path, int bytes);
+
+ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
+
+=head1 DESCRIPTION
+
+RAND_egd() queries the entropy gathering daemon EGD on socket B<path>.
+It queries 255 bytes and uses L<RAND_add(3)|RAND_add(3)> to seed the
+OpenSSL built-in PRNG. RAND_egd(path) is a wrapper for
+RAND_egd_bytes(path, 255);
+
+RAND_egd_bytes() queries the entropy gathering daemon EGD on socket B<path>.
+It queries B<bytes> bytes and uses L<RAND_add(3)|RAND_add(3)> to seed the
+OpenSSL built-in PRNG.
+This function is more flexible than RAND_egd().
+When only one secret key must
+be generated, it is not necessary to request the full amount 255 bytes from
+the EGD socket. This can be advantageous, since the amount of entropy
+that can be retrieved from EGD over time is limited.
+
+RAND_query_egd_bytes() performs the actual query of the EGD daemon on socket
+B<path>. If B<buf> is given, B<bytes> bytes are queried and written into
+B<buf>. If B<buf> is NULL, B<bytes> bytes are queried and used to seed the
+OpenSSL built-in PRNG using L<RAND_add(3)|RAND_add(3)>.
+
+=head1 NOTES
+
+On systems without /dev/*random devices providing entropy from the kernel,
+the EGD entropy gathering daemon can be used to collect entropy. It provides
+a socket interface through which entropy can be gathered in chunks up to
+255 bytes. Several chunks can be queried during one connection.
+
+EGD is available from http://www.lothar.com/tech/crypto/ (C<perl
+Makefile.PL; make; make install> to install). It is run as B<egd>
+I<path>, where I<path> is an absolute path designating a socket. When
+RAND_egd() is called with that path as an argument, it tries to read
+random bytes that EGD has collected. The read is performed in
+non-blocking mode.
+
+Alternatively, the EGD-interface compatible daemon PRNGD can be used. It is
+available from
+http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html .
+PRNGD does employ an internal PRNG itself and can therefore never run
+out of entropy.
+
+OpenSSL automatically queries EGD when entropy is requested via RAND_bytes()
+or the status is checked via RAND_status() for the first time, if the socket
+is located at /var/run/egd-pool, /dev/egd-pool or /etc/egd-pool.
+
+=head1 RETURN VALUE
+
+RAND_egd() and RAND_egd_bytes() return the number of bytes read from the
+daemon on success, and -1 if the connection failed or the daemon did not
+return enough data to fully seed the PRNG.
+
+RAND_query_egd_bytes() returns the number of bytes read from the daemon on
+success, and -1 if the connection failed. The PRNG state is not considered.
+
+=head1 SEE ALSO
+
+L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>,
+L<RAND_cleanup(3)|RAND_cleanup(3)>
+
+=head1 HISTORY
+
+RAND_egd() is available since OpenSSL 0.9.5.
+
+RAND_egd_bytes() is available since OpenSSL 0.9.6.
+
+RAND_query_egd_bytes() is available since OpenSSL 0.9.7.
+
+The automatic query of /var/run/egd-pool et al was added in OpenSSL 0.9.7.
+
+=cut
diff --git a/doc/crypto/RAND_load_file.pod b/doc/crypto/RAND_load_file.pod
new file mode 100644
index 0000000000..d8c134e621
--- /dev/null
+++ b/doc/crypto/RAND_load_file.pod
@@ -0,0 +1,53 @@
+=pod
+
+=head1 NAME
+
+RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ const char *RAND_file_name(char *buf, size_t num);
+
+ int RAND_load_file(const char *filename, long max_bytes);
+
+ int RAND_write_file(const char *filename);
+
+=head1 DESCRIPTION
+
+RAND_file_name() generates a default path for the random seed
+file. B<buf> points to a buffer of size B<num> in which to store the
+filename. The seed file is $RANDFILE if that environment variable is
+set, $HOME/.rnd otherwise. If $HOME is not set either, or B<num> is
+too small for the path name, an error occurs.
+
+RAND_load_file() reads a number of bytes from file B<filename> and
+adds them to the PRNG. If B<max_bytes> is non-negative,
+up to to B<max_bytes> are read; starting with OpenSSL 0.9.5,
+if B<max_bytes> is -1, the complete file is read.
+
+RAND_write_file() writes a number of random bytes (currently 1024) to
+file B<filename> which can be used to initialize the PRNG by calling
+RAND_load_file() in a later session.
+
+=head1 RETURN VALUES
+
+RAND_load_file() returns the number of bytes read.
+
+RAND_write_file() returns the number of bytes written, and -1 if the
+bytes written were generated without appropriate seed.
+
+RAND_file_name() returns a pointer to B<buf> on success, and NULL on
+error.
+
+=head1 SEE ALSO
+
+L<rand(3)|rand(3)>, L<RAND_add(3)|RAND_add(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)>
+
+=head1 HISTORY
+
+RAND_load_file(), RAND_write_file() and RAND_file_name() are available in
+all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/doc/crypto/RAND_set_rand_method.pod b/doc/crypto/RAND_set_rand_method.pod
new file mode 100644
index 0000000000..c9bb6d9f27
--- /dev/null
+++ b/doc/crypto/RAND_set_rand_method.pod
@@ -0,0 +1,83 @@
+=pod
+
+=head1 NAME
+
+RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay - select RAND method
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ void RAND_set_rand_method(const RAND_METHOD *meth);
+
+ const RAND_METHOD *RAND_get_rand_method(void);
+
+ RAND_METHOD *RAND_SSLeay(void);
+
+=head1 DESCRIPTION
+
+A B<RAND_METHOD> specifies the functions that OpenSSL uses for random number
+generation. By modifying the method, alternative implementations such as
+hardware RNGs may be used. IMPORTANT: See the NOTES section for important
+information about how these RAND API functions are affected by the use of
+B<ENGINE> API calls.
+
+Initially, the default RAND_METHOD is the OpenSSL internal implementation, as
+returned by RAND_SSLeay().
+
+RAND_set_default_method() makes B<meth> the method for PRNG use. B<NB>: This is
+true only whilst no ENGINE has been set as a default for RAND, so this function
+is no longer recommended.
+
+RAND_get_default_method() returns a pointer to the current RAND_METHOD.
+However, the meaningfulness of this result is dependant on whether the ENGINE
+API is being used, so this function is no longer recommended.
+
+=head1 THE RAND_METHOD STRUCTURE
+
+ typedef struct rand_meth_st
+ {
+        void (*seed)(const void *buf, int num);
+        int (*bytes)(unsigned char *buf, int num);
+        void (*cleanup)(void);
+        void (*add)(const void *buf, int num, int entropy);
+        int (*pseudorand)(unsigned char *buf, int num);
+	int (*status)(void);
+ } RAND_METHOD;
+
+The components point to the implementation of RAND_seed(),
+RAND_bytes(), RAND_cleanup(), RAND_add(), RAND_pseudo_rand()
+and RAND_status().
+Each component may be NULL if the function is not implemented.
+
+=head1 RETURN VALUES
+
+RAND_set_rand_method() returns no value. RAND_get_rand_method() and
+RAND_SSLeay() return pointers to the respective methods.
+
+=head1 NOTES
+
+As of version 0.9.7, RAND_METHOD implementations are grouped together with other
+algorithmic APIs (eg. RSA_METHOD, EVP_CIPHER, etc) in B<ENGINE> modules. If a
+default ENGINE is specified for RAND functionality using an ENGINE API function,
+that will override any RAND defaults set using the RAND API (ie.
+RAND_set_rand_method()). For this reason, the ENGINE API is the recommended way
+to control default implementations for use in RAND and other cryptographic
+algorithms.
+
+=head1 SEE ALSO
+
+L<rand(3)|rand(3)>, L<engine(3)|engine(3)>
+
+=head1 HISTORY
+
+RAND_set_rand_method(), RAND_get_rand_method() and RAND_SSLeay() are
+available in all versions of OpenSSL.
+
+In the engine version of version 0.9.6, RAND_set_rand_method() was altered to
+take an ENGINE pointer as its argument. As of version 0.9.7, that has been
+reverted as the ENGINE API transparently overrides RAND defaults if used,
+otherwise RAND API functions work as before. RAND_set_rand_engine() was also
+introduced in version 0.9.7.
+
+=cut
diff --git a/doc/crypto/RSA_blinding_on.pod b/doc/crypto/RSA_blinding_on.pod
new file mode 100644
index 0000000000..fd2c69abd8
--- /dev/null
+++ b/doc/crypto/RSA_blinding_on.pod
@@ -0,0 +1,43 @@
+=pod
+
+=head1 NAME
+
+RSA_blinding_on, RSA_blinding_off - protect the RSA operation from timing attacks
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+
+ void RSA_blinding_off(RSA *rsa);
+
+=head1 DESCRIPTION
+
+RSA is vulnerable to timing attacks. In a setup where attackers can
+measure the time of RSA decryption or signature operations, blinding
+must be used to protect the RSA operation from that attack.
+
+RSA_blinding_on() turns blinding on for key B<rsa> and generates a
+random blinding factor. B<ctx> is B<NULL> or a pre-allocated and
+initialized B<BN_CTX>. The random number generator must be seeded
+prior to calling RSA_blinding_on().
+
+RSA_blinding_off() turns blinding off and frees the memory used for
+the blinding factor.
+
+=head1 RETURN VALUES
+
+RSA_blinding_on() returns 1 on success, and 0 if an error occurred.
+
+RSA_blinding_off() returns no value.
+
+=head1 SEE ALSO
+
+L<rsa(3)|rsa(3)>, L<rand(3)|rand(3)>
+
+=head1 HISTORY
+
+RSA_blinding_on() and RSA_blinding_off() appeared in SSLeay 0.9.0.
+
+=cut
diff --git a/doc/crypto/RSA_check_key.pod b/doc/crypto/RSA_check_key.pod
new file mode 100644
index 0000000000..a5198f3db5
--- /dev/null
+++ b/doc/crypto/RSA_check_key.pod
@@ -0,0 +1,67 @@
+=pod
+
+=head1 NAME
+
+RSA_check_key - validate private RSA keys
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_check_key(RSA *rsa);
+
+=head1 DESCRIPTION
+
+This function validates RSA keys. It checks that B<p> and B<q> are
+in fact prime, and that B<n = p*q>.
+
+It also checks that B<d*e = 1 mod (p-1*q-1)>,
+and that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>.
+
+As such, this function can not be used with any arbitrary RSA key object,
+even if it is otherwise fit for regular RSA operation. See B<NOTES> for more
+information.
+
+=head1 RETURN VALUE
+
+RSA_check_key() returns 1 if B<rsa> is a valid RSA key, and 0 otherwise.
+-1 is returned if an error occurs while checking the key.
+
+If the key is invalid or an error occurred, the reason code can be
+obtained using L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 NOTES
+
+This function does not work on RSA public keys that have only the modulus
+and public exponent elements populated. It performs integrity checks on all
+the RSA key material, so the RSA key structure must contain all the private
+key data too.
+
+Unlike most other RSA functions, this function does B<not> work
+transparently with any underlying ENGINE implementation because it uses the
+key data in the RSA structure directly. An ENGINE implementation can
+override the way key data is stored and handled, and can even provide
+support for HSM keys - in which case the RSA structure may contain B<no>
+key data at all! If the ENGINE in question is only being used for
+acceleration or analysis purposes, then in all likelihood the RSA key data
+is complete and untouched, but this can't be assumed in the general case.
+
+=head1 BUGS
+
+A method of verifying the RSA key using opaque RSA API functions might need
+to be considered. Right now RSA_check_key() simply uses the RSA structure
+elements directly, bypassing the RSA_METHOD table altogether (and
+completely violating encapsulation and object-orientation in the process).
+The best fix will probably be to introduce a "check_key()" handler to the
+RSA_METHOD function table so that alternative implementations can also
+provide their own verifiers.
+
+=head1 SEE ALSO
+
+L<rsa(3)|rsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+RSA_check_key() appeared in OpenSSL 0.9.4.
+
+=cut
diff --git a/doc/crypto/RSA_generate_key.pod b/doc/crypto/RSA_generate_key.pod
new file mode 100644
index 0000000000..52dbb14a53
--- /dev/null
+++ b/doc/crypto/RSA_generate_key.pod
@@ -0,0 +1,69 @@
+=pod
+
+=head1 NAME
+
+RSA_generate_key - generate RSA key pair
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ RSA *RSA_generate_key(int num, unsigned long e,
+    void (*callback)(int,int,void *), void *cb_arg);
+
+=head1 DESCRIPTION
+
+RSA_generate_key() generates a key pair and returns it in a newly
+allocated B<RSA> structure. The pseudo-random number generator must
+be seeded prior to calling RSA_generate_key().
+
+The modulus size will be B<num> bits, and the public exponent will be
+B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure.
+The exponent is an odd number, typically 3, 17 or 65537.
+
+A callback function may be used to provide feedback about the
+progress of the key generation. If B<callback> is not B<NULL>, it
+will be called as follows:
+
+=over 4
+
+=item *
+
+While a random prime number is generated, it is called as
+described in L<BN_generate_prime(3)|BN_generate_prime(3)>.
+
+=item *
+
+When the n-th randomly generated prime is rejected as not
+suitable for the key, B<callback(2, n, cb_arg)> is called.
+
+=item *
+
+When a random p has been found with p-1 relatively prime to B<e>,
+it is called as B<callback(3, 0, cb_arg)>.
+
+=back
+
+The process is then repeated for prime q with B<callback(3, 1, cb_arg)>.
+
+=head1 RETURN VALUE
+
+If key generation fails, RSA_generate_key() returns B<NULL>; the
+error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 BUGS
+
+B<callback(2, x, cb_arg)> is used with two different meanings.
+
+RSA_generate_key() goes into an infinite loop for illegal input values.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_free(3)|RSA_free(3)>
+
+=head1 HISTORY
+
+The B<cb_arg> argument was added in SSLeay 0.9.0.
+
+=cut
diff --git a/doc/crypto/RSA_get_ex_new_index.pod b/doc/crypto/RSA_get_ex_new_index.pod
new file mode 100644
index 0000000000..46cc8f5359
--- /dev/null
+++ b/doc/crypto/RSA_get_ex_new_index.pod
@@ -0,0 +1,120 @@
+=pod
+
+=head1 NAME
+
+RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - add application specific data to RSA structures
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_get_ex_new_index(long argl, void *argp,
+		CRYPTO_EX_new *new_func,
+		CRYPTO_EX_dup *dup_func,
+		CRYPTO_EX_free *free_func);
+
+ int RSA_set_ex_data(RSA *r, int idx, void *arg);
+
+ void *RSA_get_ex_data(RSA *r, int idx);
+
+ typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+		int idx, long argl, void *argp);
+ typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+		int idx, long argl, void *argp);
+ typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, 
+		int idx, long argl, void *argp);
+
+=head1 DESCRIPTION
+
+Several OpenSSL structures can have application specific data attached to them.
+This has several potential uses, it can be used to cache data associated with
+a structure (for example the hash of some part of the structure) or some
+additional data (for example a handle to the data in an external library).
+
+Since the application data can be anything at all it is passed and retrieved
+as a B<void *> type.
+
+The B<RSA_get_ex_new_index()> function is initially called to "register" some
+new application specific data. It takes three optional function pointers which
+are called when the parent structure (in this case an RSA structure) is
+initially created, when it is copied and when it is freed up. If any or all of
+these function pointer arguments are not used they should be set to NULL. The
+precise manner in which these function pointers are called is described in more
+detail below. B<RSA_get_ex_new_index()> also takes additional long and pointer
+parameters which will be passed to the supplied functions but which otherwise
+have no special meaning. It returns an B<index> which should be stored
+(typically in a static variable) and passed used in the B<idx> parameter in
+the remaining functions. Each successful call to B<RSA_get_ex_new_index()>
+will return an index greater than any previously returned, this is important
+because the optional functions are called in order of increasing index value.
+
+B<RSA_set_ex_data()> is used to set application specific data, the data is
+supplied in the B<arg> parameter and its precise meaning is up to the
+application.
+
+B<RSA_get_ex_data()> is used to retrieve application specific data. The data
+is returned to the application, this will be the same value as supplied to
+a previous B<RSA_set_ex_data()> call.
+
+B<new_func()> is called when a structure is initially allocated (for example
+with B<RSA_new()>. The parent structure members will not have any meaningful
+values at this point. This function will typically be used to allocate any
+application specific structure.
+
+B<free_func()> is called when a structure is being freed up. The dynamic parent
+structure members should not be accessed because they will be freed up when
+this function is called.
+
+B<new_func()> and B<free_func()> take the same parameters. B<parent> is a
+pointer to the parent RSA structure. B<ptr> is a the application specific data
+(this wont be of much use in B<new_func()>. B<ad> is a pointer to the
+B<CRYPTO_EX_DATA> structure from the parent RSA structure: the functions
+B<CRYPTO_get_ex_data()> and B<CRYPTO_set_ex_data()> can be called to manipulate
+it. The B<idx> parameter is the index: this will be the same value returned by
+B<RSA_get_ex_new_index()> when the functions were initially registered. Finally
+the B<argl> and B<argp> parameters are the values originally passed to the same
+corresponding parameters when B<RSA_get_ex_new_index()> was called.
+
+B<dup_func()> is called when a structure is being copied. Pointers to the
+destination and source B<CRYPTO_EX_DATA> structures are passed in the B<to> and
+B<from> parameters respectively. The B<from_d> parameter is passed a pointer to
+the source application data when the function is called, when the function returns
+the value is copied to the destination: the application can thus modify the data
+pointed to by B<from_d> and have different values in the source and destination.
+The B<idx>, B<argl> and B<argp> parameters are the same as those in B<new_func()>
+and B<free_func()>.
+
+=head1 RETURN VALUES
+
+B<RSA_get_ex_new_index()> returns a new index or -1 on failure (note 0 is a valid
+index value).
+
+B<RSA_set_ex_data()> returns 1 on success or 0 on failure.
+
+B<RSA_get_ex_data()> returns the application data or 0 on failure. 0 may also
+be valid application data but currently it can only fail if given an invalid B<idx>
+parameter.
+
+B<new_func()> and B<dup_func()> should return 0 for failure and 1 for success.
+
+On failure an error code can be obtained from L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 BUGS
+
+B<dup_func()> is currently never called.
+
+The return value of B<new_func()> is ignored.
+
+The B<new_func()> function isn't very useful because no meaningful values are
+present in the parent RSA structure when it is called.
+
+=head1 SEE ALSO
+
+L<rsa(3)|rsa(3)>, L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
+
+=head1 HISTORY
+
+RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data() are
+available since SSLeay 0.9.0.
+
+=cut
diff --git a/doc/crypto/RSA_new.pod b/doc/crypto/RSA_new.pod
new file mode 100644
index 0000000000..3d15b92824
--- /dev/null
+++ b/doc/crypto/RSA_new.pod
@@ -0,0 +1,41 @@
+=pod
+
+=head1 NAME
+
+RSA_new, RSA_free - allocate and free RSA objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ RSA * RSA_new(void);
+
+ void RSA_free(RSA *rsa);
+
+=head1 DESCRIPTION
+
+RSA_new() allocates and initializes an B<RSA> structure. It is equivalent to
+calling RSA_new_method(NULL).
+
+RSA_free() frees the B<RSA> structure and its components. The key is
+erased before the memory is returned to the system.
+
+=head1 RETURN VALUES
+
+If the allocation fails, RSA_new() returns B<NULL> and sets an error
+code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. Otherwise it returns
+a pointer to the newly allocated structure.
+
+RSA_free() returns no value.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_generate_key(3)|RSA_generate_key(3)>,
+L<RSA_new_method(3)|RSA_new_method(3)>
+
+=head1 HISTORY
+
+RSA_new() and RSA_free() are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/doc/crypto/RSA_padding_add_PKCS1_type_1.pod b/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
new file mode 100644
index 0000000000..b8f678fe72
--- /dev/null
+++ b/doc/crypto/RSA_padding_add_PKCS1_type_1.pod
@@ -0,0 +1,124 @@
+=pod
+
+=head1 NAME
+
+RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
+RSA_padding_add_PKCS1_type_2, RSA_padding_check_PKCS1_type_2,
+RSA_padding_add_PKCS1_OAEP, RSA_padding_check_PKCS1_OAEP,
+RSA_padding_add_SSLv23, RSA_padding_check_SSLv23,
+RSA_padding_add_none, RSA_padding_check_none - asymmetric encryption
+padding
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+    unsigned char *f, int fl);
+
+ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+    unsigned char *f, int fl, int rsa_len);
+
+ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+    unsigned char *f, int fl);
+
+ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+    unsigned char *f, int fl, int rsa_len);
+
+ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+    unsigned char *f, int fl, unsigned char *p, int pl);
+
+ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+    unsigned char *f, int fl, int rsa_len, unsigned char *p, int pl);
+
+ int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+    unsigned char *f, int fl);
+
+ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+    unsigned char *f, int fl, int rsa_len);
+
+ int RSA_padding_add_none(unsigned char *to, int tlen,
+    unsigned char *f, int fl);
+
+ int RSA_padding_check_none(unsigned char *to, int tlen,
+    unsigned char *f, int fl, int rsa_len);
+
+=head1 DESCRIPTION
+
+The RSA_padding_xxx_xxx() functions are called from the RSA encrypt,
+decrypt, sign and verify functions. Normally they should not be called
+from application programs.
+
+However, they can also be called directly to implement padding for other
+asymmetric ciphers. RSA_padding_add_PKCS1_OAEP() and
+RSA_padding_check_PKCS1_OAEP() may be used in an application combined
+with B<RSA_NO_PADDING> in order to implement OAEP with an encoding
+parameter.
+
+RSA_padding_add_xxx() encodes B<fl> bytes from B<f> so as to fit into
+B<tlen> bytes and stores the result at B<to>. An error occurs if B<fl>
+does not meet the size requirements of the encoding method.
+
+The following encoding methods are implemented:
+
+=over 4
+
+=item PKCS1_type_1
+
+PKCS #1 v2.0 EMSA-PKCS1-v1_5 (PKCS #1 v1.5 block type 1); used for signatures
+
+=item PKCS1_type_2
+
+PKCS #1 v2.0 EME-PKCS1-v1_5 (PKCS #1 v1.5 block type 2)
+
+=item PKCS1_OAEP
+
+PKCS #1 v2.0 EME-OAEP
+
+=item SSLv23
+
+PKCS #1 EME-PKCS1-v1_5 with SSL-specific modification
+
+=item none
+
+simply copy the data
+
+=back
+
+The random number generator must be seeded prior to calling
+RSA_padding_add_xxx().
+
+RSA_padding_check_xxx() verifies that the B<fl> bytes at B<f> contain
+a valid encoding for a B<rsa_len> byte RSA key in the respective
+encoding method and stores the recovered data of at most B<tlen> bytes
+(for B<RSA_NO_PADDING>: of size B<tlen>)
+at B<to>.
+
+For RSA_padding_xxx_OAEP(), B<p> points to the encoding parameter
+of length B<pl>. B<p> may be B<NULL> if B<pl> is 0.
+
+=head1 RETURN VALUES
+
+The RSA_padding_add_xxx() functions return 1 on success, 0 on error.
+The RSA_padding_check_xxx() functions return the length of the
+recovered data, -1 on error. Error codes can be obtained by calling
+L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>,
+L<RSA_private_decrypt(3)|RSA_private_decrypt(3)>,
+L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
+
+=head1 HISTORY
+
+RSA_padding_add_PKCS1_type_1(), RSA_padding_check_PKCS1_type_1(),
+RSA_padding_add_PKCS1_type_2(), RSA_padding_check_PKCS1_type_2(),
+RSA_padding_add_SSLv23(), RSA_padding_check_SSLv23(),
+RSA_padding_add_none() and RSA_padding_check_none() appeared in
+SSLeay 0.9.0.
+
+RSA_padding_add_PKCS1_OAEP() and RSA_padding_check_PKCS1_OAEP() were
+added in OpenSSL 0.9.2b.
+
+=cut
diff --git a/doc/crypto/RSA_print.pod b/doc/crypto/RSA_print.pod
new file mode 100644
index 0000000000..e28d107d1c
--- /dev/null
+++ b/doc/crypto/RSA_print.pod
@@ -0,0 +1,49 @@
+=pod
+
+=head1 NAME
+
+RSA_print, RSA_print_fp,
+DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp,
+DHparams_print, DHparams_print_fp - print cryptographic parameters
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_print(BIO *bp, RSA *x, int offset);
+ int RSA_print_fp(FILE *fp, RSA *x, int offset);
+
+ #include <openssl/dsa.h>
+
+ int DSAparams_print(BIO *bp, DSA *x);
+ int DSAparams_print_fp(FILE *fp, DSA *x);
+ int DSA_print(BIO *bp, DSA *x, int offset);
+ int DSA_print_fp(FILE *fp, DSA *x, int offset);
+
+ #include <openssl/dh.h>
+
+ int DHparams_print(BIO *bp, DH *x);
+ int DHparams_print_fp(FILE *fp, DH *x);
+
+=head1 DESCRIPTION
+
+A human-readable hexadecimal output of the components of the RSA
+key, DSA parameters or key or DH parameters is printed to B<bp> or B<fp>.
+
+The output lines are indented by B<offset> spaces.
+
+=head1 RETURN VALUES
+
+These functions return 1 on success, 0 on error.
+
+=head1 SEE ALSO
+
+L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)>
+
+=head1 HISTORY
+
+RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(),
+DH_print_fp() are available in all versions of SSLeay and OpenSSL.
+DSAparams_print() and DSAparams_print_pf() were added in SSLeay 0.8.
+
+=cut
diff --git a/doc/crypto/RSA_private_encrypt.pod b/doc/crypto/RSA_private_encrypt.pod
new file mode 100644
index 0000000000..746a80c79e
--- /dev/null
+++ b/doc/crypto/RSA_private_encrypt.pod
@@ -0,0 +1,70 @@
+=pod
+
+=head1 NAME
+
+RSA_private_encrypt, RSA_public_decrypt - low level signature operations
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_private_encrypt(int flen, unsigned char *from,
+    unsigned char *to, RSA *rsa, int padding);
+
+ int RSA_public_decrypt(int flen, unsigned char *from, 
+    unsigned char *to, RSA *rsa, int padding);
+
+=head1 DESCRIPTION
+
+These functions handle RSA signatures at a low level.
+
+RSA_private_encrypt() signs the B<flen> bytes at B<from> (usually a
+message digest with an algorithm identifier) using the private key
+B<rsa> and stores the signature in B<to>. B<to> must point to
+B<RSA_size(rsa)> bytes of memory.
+
+B<padding> denotes one of the following modes:
+
+=over 4
+
+=item RSA_PKCS1_PADDING
+
+PKCS #1 v1.5 padding. This function does not handle the
+B<algorithmIdentifier> specified in PKCS #1. When generating or
+verifying PKCS #1 signatures, L<RSA_sign(3)|RSA_sign(3)> and L<RSA_verify(3)|RSA_verify(3)> should be
+used.
+
+=item RSA_NO_PADDING
+
+Raw RSA signature. This mode should I<only> be used to implement
+cryptographically sound padding modes in the application code.
+Signing user data directly with RSA is insecure.
+
+=back
+
+RSA_public_decrypt() recovers the message digest from the B<flen>
+bytes long signature at B<from> using the signer's public key
+B<rsa>. B<to> must point to a memory section large enough to hold the
+message digest (which is smaller than B<RSA_size(rsa) -
+11>). B<padding> is the padding mode that was used to sign the data.
+
+=head1 RETURN VALUES
+
+RSA_private_encrypt() returns the size of the signature (i.e.,
+RSA_size(rsa)). RSA_public_decrypt() returns the size of the
+recovered message digest.
+
+On error, -1 is returned; the error codes can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
+
+=head1 HISTORY
+
+The B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is
+available since SSLeay 0.9.0.
+
+=cut
diff --git a/doc/crypto/RSA_public_encrypt.pod b/doc/crypto/RSA_public_encrypt.pod
new file mode 100644
index 0000000000..d53e19d2b7
--- /dev/null
+++ b/doc/crypto/RSA_public_encrypt.pod
@@ -0,0 +1,83 @@
+=pod
+
+=head1 NAME
+
+RSA_public_encrypt, RSA_private_decrypt - RSA public key cryptography
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_public_encrypt(int flen, unsigned char *from,
+    unsigned char *to, RSA *rsa, int padding);
+
+ int RSA_private_decrypt(int flen, unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding);
+
+=head1 DESCRIPTION
+
+RSA_public_encrypt() encrypts the B<flen> bytes at B<from> (usually a
+session key) using the public key B<rsa> and stores the ciphertext in
+B<to>. B<to> must point to RSA_size(B<rsa>) bytes of memory.
+
+B<padding> denotes one of the following modes:
+
+=over 4
+
+=item RSA_PKCS1_PADDING
+
+PKCS #1 v1.5 padding. This currently is the most widely used mode.
+
+=item RSA_PKCS1_OAEP_PADDING
+
+EME-OAEP as defined in PKCS #1 v2.0 with SHA-1, MGF1 and an empty
+encoding parameter. This mode is recommended for all new applications.
+
+=item RSA_SSLV23_PADDING
+
+PKCS #1 v1.5 padding with an SSL-specific modification that denotes
+that the server is SSL3 capable.
+
+=item RSA_NO_PADDING
+
+Raw RSA encryption. This mode should I<only> be used to implement
+cryptographically sound padding modes in the application code.
+Encrypting user data directly with RSA is insecure.
+
+=back
+
+B<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5
+based padding modes, and less than RSA_size(B<rsa>) - 41 for
+RSA_PKCS1_OAEP_PADDING. The random number generator must be seeded
+prior to calling RSA_public_encrypt().
+
+RSA_private_decrypt() decrypts the B<flen> bytes at B<from> using the
+private key B<rsa> and stores the plaintext in B<to>. B<to> must point
+to a memory section large enough to hold the decrypted data (which is
+smaller than RSA_size(B<rsa>)). B<padding> is the padding mode that
+was used to encrypt the data.
+
+=head1 RETURN VALUES
+
+RSA_public_encrypt() returns the size of the encrypted data (i.e.,
+RSA_size(B<rsa>)). RSA_private_decrypt() returns the size of the
+recovered plaintext.
+
+On error, -1 is returned; the error codes can be
+obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 CONFORMING TO
+
+SSL, PKCS #1 v2.0
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+L<RSA_size(3)|RSA_size(3)>
+
+=head1 HISTORY
+
+The B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is
+available since SSLeay 0.9.0, OAEP was added in OpenSSL 0.9.2b.
+
+=cut
diff --git a/doc/crypto/RSA_set_method.pod b/doc/crypto/RSA_set_method.pod
new file mode 100644
index 0000000000..0a305f6b14
--- /dev/null
+++ b/doc/crypto/RSA_set_method.pod
@@ -0,0 +1,202 @@
+=pod
+
+=head1 NAME
+
+RSA_set_default_method, RSA_get_default_method, RSA_set_method,
+RSA_get_method, RSA_PKCS1_SSLeay, RSA_null_method, RSA_flags,
+RSA_new_method - select RSA method
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ void RSA_set_default_method(const RSA_METHOD *meth);
+
+ RSA_METHOD *RSA_get_default_method(void);
+
+ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+
+ RSA_METHOD *RSA_get_method(const RSA *rsa);
+
+ RSA_METHOD *RSA_PKCS1_SSLeay(void);
+
+ RSA_METHOD *RSA_null_method(void);
+
+ int RSA_flags(const RSA *rsa);
+
+ RSA *RSA_new_method(RSA_METHOD *method);
+
+=head1 DESCRIPTION
+
+An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA
+operations. By modifying the method, alternative implementations such as
+hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these RSA API functions are affected by the
+use of B<ENGINE> API calls.
+
+Initially, the default RSA_METHOD is the OpenSSL internal implementation,
+as returned by RSA_PKCS1_SSLeay().
+
+RSA_set_default_method() makes B<meth> the default method for all RSA
+structures created later. B<NB>: This is true only whilst no ENGINE has
+been set as a default for RSA, so this function is no longer recommended.
+
+RSA_get_default_method() returns a pointer to the current default
+RSA_METHOD. However, the meaningfulness of this result is dependant on
+whether the ENGINE API is being used, so this function is no longer 
+recommended.
+
+RSA_set_method() selects B<meth> to perform all operations using the key
+B<rsa>. This will replace the RSA_METHOD used by the RSA key and if the
+previous method was supplied by an ENGINE, the handle to that ENGINE will
+be released during the change. It is possible to have RSA keys that only
+work with certain RSA_METHOD implementations (eg. from an ENGINE module
+that supports embedded hardware-protected keys), and in such cases
+attempting to change the RSA_METHOD for the key can have unexpected
+results.
+
+RSA_get_method() returns a pointer to the RSA_METHOD being used by B<rsa>.
+This method may or may not be supplied by an ENGINE implementation, but if
+it is, the return value can only be guaranteed to be valid as long as the
+RSA key itself is valid and does not have its implementation changed by
+RSA_set_method().
+
+RSA_flags() returns the B<flags> that are set for B<rsa>'s current
+RSA_METHOD. See the BUGS section.
+
+RSA_new_method() allocates and initializes an RSA structure so that
+B<engine> will be used for the RSA operations. If B<engine> is NULL, the
+default ENGINE for RSA operations is used, and if no default ENGINE is set,
+the RSA_METHOD controlled by RSA_set_default_method() is used.
+
+RSA_flags() returns the B<flags> that are set for B<rsa>'s current method.
+
+RSA_new_method() allocates and initializes an B<RSA> structure so that
+B<method> will be used for the RSA operations. If B<method> is B<NULL>,
+the default method is used.
+
+=head1 THE RSA_METHOD STRUCTURE
+
+ typedef struct rsa_meth_st
+ {
+     /* name of the implementation */
+	const char *name;
+
+     /* encrypt */
+	int (*rsa_pub_enc)(int flen, unsigned char *from,
+          unsigned char *to, RSA *rsa, int padding);
+
+     /* verify arbitrary data */
+	int (*rsa_pub_dec)(int flen, unsigned char *from,
+          unsigned char *to, RSA *rsa, int padding);
+
+     /* sign arbitrary data */
+	int (*rsa_priv_enc)(int flen, unsigned char *from,
+          unsigned char *to, RSA *rsa, int padding);
+
+     /* decrypt */
+	int (*rsa_priv_dec)(int flen, unsigned char *from,
+          unsigned char *to, RSA *rsa, int padding);
+
+     /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some
+                                        implementations) */
+	int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa);
+
+     /* compute r = a ^ p mod m (May be NULL for some implementations) */
+	int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+     /* called at RSA_new */
+	int (*init)(RSA *rsa);
+
+     /* called at RSA_free */
+	int (*finish)(RSA *rsa);
+
+     /* RSA_FLAG_EXT_PKEY        - rsa_mod_exp is called for private key
+      *                            operations, even if p,q,dmp1,dmq1,iqmp
+      *                            are NULL
+      * RSA_FLAG_SIGN_VER        - enable rsa_sign and rsa_verify
+      * RSA_METHOD_FLAG_NO_CHECK - don't check pub/private match
+      */
+	int flags;
+
+	char *app_data; /* ?? */
+
+     /* sign. For backward compatibility, this is used only
+      * if (flags & RSA_FLAG_SIGN_VER)
+      */
+	int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
+           unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+
+     /* verify. For backward compatibility, this is used only
+      * if (flags & RSA_FLAG_SIGN_VER)
+      */
+	int (*rsa_verify)(int type, unsigned char *m, unsigned int m_len,
+           unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+
+ } RSA_METHOD;
+
+=head1 RETURN VALUES
+
+RSA_PKCS1_SSLeay(), RSA_PKCS1_null_method(), RSA_get_default_method()
+and RSA_get_method() return pointers to the respective RSA_METHODs.
+
+RSA_set_default_method() returns no value.
+
+RSA_set_method() returns a pointer to the old RSA_METHOD implementation
+that was replaced. However, this return value should probably be ignored
+because if it was supplied by an ENGINE, the pointer could be invalidated
+at any time if the ENGINE is unloaded (in fact it could be unloaded as a
+result of the RSA_set_method() function releasing its handle to the
+ENGINE). For this reason, the return type may be replaced with a B<void>
+declaration in a future release.
+
+RSA_new_method() returns NULL and sets an error code that can be obtained
+by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise
+it returns a pointer to the newly allocated structure.
+
+=head1 NOTES
+
+As of version 0.9.7, RSA_METHOD implementations are grouped together with
+other algorithmic APIs (eg. DSA_METHOD, EVP_CIPHER, etc) into B<ENGINE>
+modules. If a default ENGINE is specified for RSA functionality using an
+ENGINE API function, that will override any RSA defaults set using the RSA
+API (ie.  RSA_set_default_method()). For this reason, the ENGINE API is the
+recommended way to control default implementations for use in RSA and other
+cryptographic algorithms.
+
+=head1 BUGS
+
+The behaviour of RSA_flags() is a mis-feature that is left as-is for now
+to avoid creating compatibility problems. RSA functionality, such as the
+encryption functions, are controlled by the B<flags> value in the RSA key
+itself, not by the B<flags> value in the RSA_METHOD attached to the RSA key
+(which is what this function returns). If the flags element of an RSA key
+is changed, the changes will be honoured by RSA functionality but will not
+be reflected in the return value of the RSA_flags() function - in effect
+RSA_flags() behaves more like an RSA_default_flags() function (which does
+not currently exist).
+
+=head1 SEE ALSO
+
+L<rsa(3)|rsa(3)>, L<RSA_new(3)|RSA_new(3)>
+
+=head1 HISTORY
+
+RSA_new_method() and RSA_set_default_method() appeared in SSLeay 0.8.
+RSA_get_default_method(), RSA_set_method() and RSA_get_method() as
+well as the rsa_sign and rsa_verify components of RSA_METHOD were
+added in OpenSSL 0.9.4.
+
+RSA_set_default_openssl_method() and RSA_get_default_openssl_method()
+replaced RSA_set_default_method() and RSA_get_default_method()
+respectively, and RSA_set_method() and RSA_new_method() were altered to use
+B<ENGINE>s rather than B<RSA_METHOD>s during development of the engine
+version of OpenSSL 0.9.6. For 0.9.7, the handling of defaults in the ENGINE
+API was restructured so that this change was reversed, and behaviour of the
+other functions resembled more closely the previous behaviour. The
+behaviour of defaults in the ENGINE API now transparently overrides the
+behaviour of defaults in the RSA API without requiring changing these
+function prototypes.
+
+=cut
diff --git a/doc/crypto/RSA_sign.pod b/doc/crypto/RSA_sign.pod
new file mode 100644
index 0000000000..71688a665e
--- /dev/null
+++ b/doc/crypto/RSA_sign.pod
@@ -0,0 +1,62 @@
+=pod
+
+=head1 NAME
+
+RSA_sign, RSA_verify - RSA signatures
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
+    unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+
+ int RSA_verify(int type, unsigned char *m, unsigned int m_len,
+    unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+
+=head1 DESCRIPTION
+
+RSA_sign() signs the message digest B<m> of size B<m_len> using the
+private key B<rsa> as specified in PKCS #1 v2.0. It stores the
+signature in B<sigret> and the signature size in B<siglen>. B<sigret>
+must point to RSA_size(B<rsa>) bytes of memory.
+
+B<type> denotes the message digest algorithm that was used to generate
+B<m>. It usually is one of B<NID_sha1>, B<NID_ripemd160> and B<NID_md5>;
+see L<objects(3)|objects(3)> for details. If B<type> is B<NID_md5_sha1>,
+an SSL signature (MD5 and SHA1 message digests with PKCS #1 padding
+and no algorithm identifier) is created.
+
+RSA_verify() verifies that the signature B<sigbuf> of size B<siglen>
+matches a given message digest B<m> of size B<m_len>. B<type> denotes
+the message digest algorithm that was used to generate the signature.
+B<rsa> is the signer's public key.
+
+=head1 RETURN VALUES
+
+RSA_sign() returns 1 on success, 0 otherwise.  RSA_verify() returns 1
+on successful verification, 0 otherwise.
+
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 BUGS
+
+Certain signatures with an improper algorithm identifier are accepted
+for compatibility with SSLeay 0.4.5 :-)
+
+=head1 CONFORMING TO
+
+SSL, PKCS #1 v2.0
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
+L<rsa(3)|rsa(3)>, L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
+L<RSA_public_decrypt(3)|RSA_public_decrypt(3)> 
+
+=head1 HISTORY
+
+RSA_sign() and RSA_verify() are available in all versions of SSLeay
+and OpenSSL.
+
+=cut
diff --git a/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod b/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
new file mode 100644
index 0000000000..e70380bbfc
--- /dev/null
+++ b/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
@@ -0,0 +1,59 @@
+=pod
+
+=head1 NAME
+
+RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING - RSA signatures
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+    unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
+    RSA *rsa);
+
+ int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+    unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
+    RSA *rsa);
+
+=head1 DESCRIPTION
+
+RSA_sign_ASN1_OCTET_STRING() signs the octet string B<m> of size
+B<m_len> using the private key B<rsa> represented in DER using PKCS #1
+padding. It stores the signature in B<sigret> and the signature size
+in B<siglen>. B<sigret> must point to B<RSA_size(rsa)> bytes of
+memory.
+
+B<dummy> is ignored.
+
+The random number generator must be seeded prior to calling RSA_sign_ASN1_OCTET_STRING().
+
+RSA_verify_ASN1_OCTET_STRING() verifies that the signature B<sigbuf>
+of size B<siglen> is the DER representation of a given octet string
+B<m> of size B<m_len>. B<dummy> is ignored. B<rsa> is the signer's
+public key.
+
+=head1 RETURN VALUES
+
+RSA_sign_ASN1_OCTET_STRING() returns 1 on success, 0 otherwise.
+RSA_verify_ASN1_OCTET_STRING() returns 1 on successful verification, 0
+otherwise.
+
+The error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+
+=head1 BUGS
+
+These functions serve no recognizable purpose.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
+L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
+L<RSA_verify(3)|RSA_verify(3)>
+
+=head1 HISTORY
+
+RSA_sign_ASN1_OCTET_STRING() and RSA_verify_ASN1_OCTET_STRING() were
+added in SSLeay 0.8.
+
+=cut
diff --git a/doc/crypto/RSA_size.pod b/doc/crypto/RSA_size.pod
new file mode 100644
index 0000000000..5b7f835f95
--- /dev/null
+++ b/doc/crypto/RSA_size.pod
@@ -0,0 +1,33 @@
+=pod
+
+=head1 NAME
+
+RSA_size - get RSA modulus size
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ int RSA_size(const RSA *rsa);
+
+=head1 DESCRIPTION
+
+This function returns the RSA modulus size in bytes. It can be used to
+determine how much memory must be allocated for an RSA encrypted
+value.
+
+B<rsa-E<gt>n> must not be B<NULL>.
+
+=head1 RETURN VALUE
+
+The size in bytes.
+
+=head1 SEE ALSO
+
+L<rsa(3)|rsa(3)>
+
+=head1 HISTORY
+
+RSA_size() is available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/doc/crypto/SMIME_read_PKCS7.pod b/doc/crypto/SMIME_read_PKCS7.pod
new file mode 100644
index 0000000000..ffafa37887
--- /dev/null
+++ b/doc/crypto/SMIME_read_PKCS7.pod
@@ -0,0 +1,71 @@
+=pod
+
+=head1 NAME
+
+SMIME_read_PKCS7 - parse S/MIME message.
+
+=head1 SYNOPSIS
+
+PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
+
+=head1 DESCRIPTION
+
+SMIME_read_PKCS7() parses a message in S/MIME format.
+
+B<in> is a BIO to read the message from.
+
+If cleartext signing is used then the content is saved in
+a memory bio which is written to B<*bcont>, otherwise
+B<*bcont> is set to B<NULL>.
+
+The parsed PKCS#7 structure is returned or B<NULL> if an
+error occurred.
+
+=head1 NOTES
+
+If B<*bcont> is not B<NULL> then the message is clear text
+signed. B<*bcont> can then be passed to PKCS7_verify() with
+the B<PKCS7_DETACHED> flag set.
+
+Otherwise the type of the returned structure can be determined
+using PKCS7_type().
+
+To support future functionality if B<bcont> is not B<NULL>
+B<*bcont> should be initialized to B<NULL>. For example:
+
+ BIO *cont = NULL;
+ PKCS7 *p7;
+
+ p7 = SMIME_read_PKCS7(in, &cont);
+
+=head1 BUGS
+
+The MIME parser used by SMIME_read_PKCS7() is somewhat primitive.
+While it will handle most S/MIME messages more complex compound
+formats may not work.
+
+The parser assumes that the PKCS7 structure is always base64
+encoded and will not handle the case where it is in binary format
+or uses quoted printable format.
+
+The use of a memory BIO to hold the signed content limits the size
+of message which can be processed due to memory restraints: a
+streaming single pass option should be available.
+
+=head1 RETURN VALUES
+
+SMIME_read_PKCS7() returns a valid B<PKCS7> structure or B<NULL>
+is an error occurred. The error can be obtained from ERR_get_error(3).
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_type(3)|PKCS7_type(3)>
+L<SMIME_read_PKCS7(3)|SMIME_read_PKCS7(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
+L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
+L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
+
+=head1 HISTORY
+
+SMIME_read_PKCS7() was added to OpenSSL 0.9.5
+
+=cut
diff --git a/doc/crypto/SMIME_write_PKCS7.pod b/doc/crypto/SMIME_write_PKCS7.pod
new file mode 100644
index 0000000000..2cfad2e049
--- /dev/null
+++ b/doc/crypto/SMIME_write_PKCS7.pod
@@ -0,0 +1,59 @@
+=pod
+
+=head1 NAME
+
+SMIME_write_PKCS7 - convert PKCS#7 structure to S/MIME format.
+
+=head1 SYNOPSIS
+
+int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
+
+=head1 DESCRIPTION
+
+SMIME_write_PKCS7() adds the appropriate MIME headers to a PKCS#7
+structure to produce an S/MIME message.
+
+B<out> is the BIO to write the data to. B<p7> is the appropriate
+B<PKCS7> structure. If cleartext signing (B<multipart/signed>) is
+being used then the signed data must be supplied in the B<data> 
+argument. B<flags> is an optional set of flags.
+
+=head1 NOTES
+
+The following flags can be passed in the B<flags> parameter.
+
+If B<PKCS7_DETACHED> is set then cleartext signing will be used,
+this option only makes sense for signedData where B<PKCS7_DETACHED>
+is also set when PKCS7_sign() is also called.
+
+If the B<PKCS7_TEXT> flag is set MIME headers for type B<text/plain>
+are added to the content, this only makes sense if B<PKCS7_DETACHED>
+is also set.
+
+If cleartext signing is being used then the data must be read twice:
+once to compute the signature in PKCS7_sign() and once to output the
+S/MIME message.
+
+=head1 BUGS
+
+SMIME_write_PKCS7() always base64 encodes PKCS#7 structures, there
+should be an option to disable this.
+
+There should really be a way to produce cleartext signing using only
+a single pass of the data.
+
+=head1 RETURN VALUES
+
+SMIME_write_PKCS7() returns 1 for success or 0 for failure.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>,
+L<PKCS7_verify(3)|PKCS7_verify(3)>, L<PKCS7_encrypt(3)|PKCS7_encrypt(3)>
+L<PKCS7_decrypt(3)|PKCS7_decrypt(3)>
+
+=head1 HISTORY
+
+SMIME_write_PKCS7() was added to OpenSSL 0.9.5
+
+=cut
diff --git a/doc/crypto/X509_NAME_ENTRY_get_object.pod b/doc/crypto/X509_NAME_ENTRY_get_object.pod
new file mode 100644
index 0000000000..d287c18564
--- /dev/null
+++ b/doc/crypto/X509_NAME_ENTRY_get_object.pod
@@ -0,0 +1,72 @@
+=pod
+
+=head1 NAME
+
+X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data,
+X509_NAME_ENTRY_set_object, X509_NAME_ENTRY_set_data,
+X509_NAME_ENTRY_create_by_txt, X509_NAME_ENTRY_create_by_NID,
+X509_NAME_ENTRY_create_by_OBJ - X509_NAME_ENTRY utility functions
+
+=head1 SYNOPSIS
+
+ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
+ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
+
+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
+int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, unsigned char *bytes, int len);
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, char *field, int type, unsigned char *bytes, int len);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type,unsigned char *bytes, int len);
+
+=head1 DESCRIPTION
+
+X509_NAME_ENTRY_get_object() retrieves the field name of B<ne> in
+and B<ASN1_OBJECT> structure.
+
+X509_NAME_ENTRY_get_data() retrieves the field value of B<ne> in
+and B<ASN1_STRING> structure.
+
+X509_NAME_ENTRY_set_object() sets the field name of B<ne> to B<obj>.
+
+X509_NAME_ENTRY_set_data() sets the field value of B<ne> to string type
+B<type> and value determined by B<bytes> and B<len>.
+
+X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID()
+and X509_NAME_ENTRY_create_by_OBJ() create and return an 
+B<X509_NAME_ENTRY> structure.
+
+=head1 NOTES
+
+X509_NAME_ENTRY_get_object() and X509_NAME_ENTRY_get_data() can be
+used to examine an B<X509_NAME_ENTRY> function as returned by 
+X509_NAME_get_entry() for example.
+
+X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_NID(),
+and X509_NAME_ENTRY_create_by_OBJ() create and return an 
+
+X509_NAME_ENTRY_create_by_txt(), X509_NAME_ENTRY_create_by_OBJ(),
+X509_NAME_ENTRY_create_by_NID() and X509_NAME_ENTRY_set_data()
+are seldom used in practice because B<X509_NAME_ENTRY> structures
+are almost always part of B<X509_NAME> structures and the
+corresponding B<X509_NAME> functions are typically used to
+create and add new entries in a single operation.
+
+The arguments of these functions support similar options to the similarly
+named ones of the corresponding B<X509_NAME> functions such as
+X509_NAME_add_entry_by_txt(). So for example B<type> can be set to
+B<MBSTRING_ASC> but in the case of X509_set_data() the field name must be
+set first so the relevant field information can be looked up internally.
+
+=head1 RETURN VALUES
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>,
+L<OBJ_nid2obj(3),OBJ_nid2obj(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/doc/crypto/X509_NAME_add_entry_by_txt.pod b/doc/crypto/X509_NAME_add_entry_by_txt.pod
new file mode 100644
index 0000000000..4472a1c5cf
--- /dev/null
+++ b/doc/crypto/X509_NAME_add_entry_by_txt.pod
@@ -0,0 +1,110 @@
+=pod
+
+=head1 NAME
+
+X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID,
+X509_NAME_add_entry, X509_NAME_delete_entry - X509_NAME modification functions
+
+=head1 SYNOPSIS
+
+int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, unsigned char *bytes, int len, int loc, int set);
+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
+int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
+int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
+X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
+
+=head1 DESCRIPTION
+
+X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ() and
+X509_NAME_add_entry_by_NID() add a field whose name is defined
+by a string B<field>, an object B<obj> or a NID B<nid> respectively.
+The field value to be added is in B<bytes> of length B<len>. If
+B<len> is -1 then the field length is calculated internally using
+strlen(bytes).
+
+The type of field is determined by B<type> which can either be a
+definition of the type of B<bytes> (such as B<MBSTRING_ASC>) or a
+standard ASN1 type (such as B<V_ASN1_IA5STRING>). The new entry is
+added to a position determined by B<loc> and B<set>.
+
+X509_NAME_add_entry() adds a copy of B<X509_NAME_ENTRY> structure B<ne>
+to B<name>. The new entry is added to a position determined by B<loc>
+and B<set>. Since a copy of B<ne> is added B<ne> must be freed up after
+the call.
+
+X509_NAME_delete_entry() deletes an entry from B<name> at position
+B<loc>. The deleted entry is returned and must be freed up.
+
+=head1 NOTES
+
+The use of string types such as B<MBSTRING_ASC> or B<MBSTRING_UTF8>
+is strongly recommened for the B<type> parameter. This allows the
+internal code to correctly determine the type of the field and to
+apply length checks according to the relevant standards. This is
+done using ASN1_STRING_set_by_NID().
+
+If instead an ASN1 type is used no checks are performed and the
+supplied data in B<bytes> is used directly.
+
+In X509_NAME_add_entry_by_txt() the B<field> string represents
+the field name using OBJ_txt2obj(field, 0).
+
+The B<loc> and B<set> parameters determine where a new entry should
+be added. For almost all applications B<loc> can be set to -1 and B<set>
+to 0. This adds a new entry to the end of B<name> as a single valued
+RelativeDistinguishedName (RDN).
+
+B<loc> actually determines the index where the new entry is inserted:
+if it is -1 it is appended. 
+
+B<set> determines how the new type is added. If it is zero a
+new RDN is created.
+
+If B<set> is -1 or 1 it is added to the previous or next RDN
+structure respectively. This will then be a multivalued RDN:
+since multivalues RDNs are very seldom used B<set> is almost
+always set to zero.
+
+=head1 EXAMPLES
+
+Create an B<X509_NAME> structure:
+
+"C=UK, O=Disorganized Organization, CN=Joe Bloggs"
+
+ X509_NAME *nm;
+ nm = X509_NAME_new();
+ if (nm == NULL)
+	/* Some error */
+ if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
+			"C", "UK", -1, -1, 0))
+	/* Error */
+ if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
+			"O", "Disorganized Organization", -1, -1, 0))
+	/* Error */
+ if (!X509_NAME_add_entry_by_txt(nm, MBSTRING_ASC,
+			"CN", "Joe Bloggs", -1, -1, 0))
+	/* Error */
+
+=head1 RETURN VALUES
+
+X509_NAME_add_entry_by_txt(), X509_NAME_add_entry_by_OBJ(),
+X509_NAME_add_entry_by_NID() and X509_NAME_add_entry() return 1 for
+success of 0 if an error occurred.
+
+X509_NAME_delete_entry() returns either the deleted B<X509_NAME_ENTRY>
+structure of B<NULL> if an error occurred.
+
+=head1 BUGS
+
+B<type> can still be set to B<V_ASN1_APP_CHOOSE> to use a
+different algorithm to determine field types. Since this form does
+not understand multicharacter types, performs no length checks and
+can result in invalid field types its use is strongly discouraged.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>
+
+=head1 HISTORY
+
+=cut
diff --git a/doc/crypto/X509_NAME_get_index_by_NID.pod b/doc/crypto/X509_NAME_get_index_by_NID.pod
new file mode 100644
index 0000000000..333323d734
--- /dev/null
+++ b/doc/crypto/X509_NAME_get_index_by_NID.pod
@@ -0,0 +1,106 @@
+=pod
+
+=head1 NAME
+
+X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry,
+X509_NAME_entry_count, X509_NAME_get_text_by_NID, X509_NAME_get_text_by_OBJ -
+X509_NAME lookup and enumeration functions
+
+=head1 SYNOPSIS
+
+int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
+int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
+
+int X509_NAME_entry_count(X509_NAME *name);
+X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
+
+int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
+int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
+
+=head1 DESCRIPTION
+
+These functions allow an B<X509_NAME> structure to be examined. The
+B<X509_NAME> structure is the same as the B<Name> type defined in
+RFC2459 (and elsewhere) and used for example in certificate subject
+and issuer names.
+
+X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ() retrieve
+the next index matching B<nid> or B<obj> after B<lastpos>. B<lastpos>
+should initially be set to -1. If there are no more entries -1 is returned.
+
+X509_NAME_entry_count() returns the total number of entries in B<name>.
+
+X509_NAME_get_entry() retrieves the B<X509_NAME_ENTRY> from B<name>
+corresponding to index B<loc>. Acceptable values for B<loc> run from
+0 to (X509_NAME_entry_count(name) - 1). The value returned is an
+internal pointer which must not be freed.
+
+X509_NAME_get_text_by_NID(), X509_NAME_get_text_by_OBJ() retrieve
+the "text" from the first entry in B<name> which matches B<nid> or
+B<obj>, if no such entry exists -1 is returned. At most B<len> bytes
+will be written and the text written to B<buf> will be null
+terminated. The length of the output string written is returned
+excluding the terminating null. If B<buf> is <NULL> then the amount
+of space needed in B<buf> (excluding the final null) is returned. 
+
+=head1 NOTES
+
+X509_NAME_get_text_by_NID() and X509_NAME_get_text_by_OBJ() are
+legacy functions which have various limitations which make them
+of minimal use in practice. They can only find the first matching
+entry and will copy the contents of the field verbatim: this can
+be highly confusing if the target is a muticharacter string type
+like a BMPString or a UTF8String.
+
+For a more general solution X509_NAME_get_index_by_NID() or
+X509_NAME_get_index_by_OBJ() should be used followed by
+X509_NAME_get_entry() on any matching indices and then the
+various B<X509_NAME_ENTRY> utility functions on the result.
+
+=head1 EXAMPLES
+
+Process all entries:
+
+ int i;
+ X509_NAME_ENTRY *e;
+
+ for (i = 0; i < X509_NAME_entry_count(nm); i++)
+	{
+	e = X509_NAME_get_entry(nm, i);
+	/* Do something with e */
+	}
+
+Process all commonName entries:
+
+ int loc;
+ X509_NAME_ENTRY *e;
+
+ loc = -1;
+ for (;;)
+	{
+	lastpos = X509_NAME_get_index_by_NID(nm, NID_commonName, lastpos);
+	if (lastpos == -1)
+		break;
+	e = X509_NAME_get_entry(nm, lastpos);
+	/* Do something with e */
+	}
+
+=head1 RETURN VALUES
+
+X509_NAME_get_index_by_NID() and X509_NAME_get_index_by_OBJ()
+return the index of the next matching entry or -1 if not found.
+
+X509_NAME_entry_count() returns the total number of entries.
+
+X509_NAME_get_entry() returns an B<X509_NAME> pointer to the
+requested entry or B<NULL> if the index is invalid.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509_NAME(3)|d2i_X509_NAME(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/doc/crypto/X509_NAME_print_ex.pod b/doc/crypto/X509_NAME_print_ex.pod
new file mode 100644
index 0000000000..907c04f684
--- /dev/null
+++ b/doc/crypto/X509_NAME_print_ex.pod
@@ -0,0 +1,105 @@
+=pod
+
+=head1 NAME
+
+X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print,
+X509_NAME_oneline - X509_NAME printing routines.
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
+ int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags);
+ char *	X509_NAME_oneline(X509_NAME *a,char *buf,int size);
+ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
+
+=head1 DESCRIPTION
+
+X509_NAME_print_ex() prints a human readable version of B<nm> to BIO B<out>. Each
+line (for multiline formats) is indented by B<indent> spaces. The output format
+can be extensively customised by use of the B<flags> parameter.
+
+X509_NAME_print_ex_fp() is identical to X509_NAME_print_ex() except the output is
+written to FILE pointer B<fp>.
+
+X509_NAME_oneline() prints an ASCII version of B<a> to B<buf>. At most B<size>
+bytes will be written. If B<buf> is B<NULL> then a buffer is dynamically allocated
+and returned, otherwise B<buf> is returned.
+
+X509_NAME_print() prints out B<name> to B<bp> indenting each line by B<obase> 
+characters. Multiple lines are used if the output (including indent) exceeds
+80 characters.
+
+=head1 NOTES
+
+The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions which
+produce a non standard output form, they don't handle multi character fields and
+have various quirks and inconsistencies. Their use is strongly discouraged in new
+applications.
+
+Although there are a large number of possible flags for most purposes
+B<XN_FLAG_ONELINE>, B<XN_FLAG_MULTILINE> or B<XN_FLAG_RFC2253> will suffice.
+As noted on the L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)> manual page
+for UTF8 terminals the B<ASN1_STRFLAGS_ESC_MSB> should be unset: so for example
+B<XN_FLAG_ONELINE & ~ASN1_STRFLAGS_ESC_MSB> would be used.
+
+The complete set of the flags supported by X509_NAME_print_ex() is listed below.
+
+Several options can be ored together.
+
+The options B<XN_FLAG_SEP_COMMA_PLUS>, B<XN_FLAG_SEP_CPLUS_SPC>,
+B<XN_FLAG_SEP_SPLUS_SPC> and B<XN_FLAG_SEP_MULTILINE> determine the field separators
+to use. Two distinct separators are used between distinct RelativeDistinguishedName
+components and separate values in the same RDN for a multi-valued RDN. Multi-valued
+RDNs are currently very rare so the second separator will hardly ever be used.
+
+B<XN_FLAG_SEP_COMMA_PLUS> uses comma and plus as separators. B<XN_FLAG_SEP_CPLUS_SPC>
+uses comma and plus with spaces: this is more readable that plain comma and plus.
+B<XN_FLAG_SEP_SPLUS_SPC> uses spaced semicolon and plus. B<XN_FLAG_SEP_MULTILINE> uses
+spaced newline and plus respectively.
+
+If B<XN_FLAG_DN_REV> is set the whole DN is printed in reversed order.
+
+The fields B<XN_FLAG_FN_SN>, B<XN_FLAG_FN_LN>, B<XN_FLAG_FN_OID>,
+B<XN_FLAG_FN_NONE> determine how a field name is displayed. It will
+use the short name (e.g. CN) the long name (e.g. commonName) always
+use OID numerical form (normally OIDs are only used if the field name is not
+recognised) and no field name respectively.
+
+If B<XN_FLAG_SPC_EQ> is set then spaces will be placed around the '=' character
+separating field names and values.
+
+If B<XN_FLAG_DUMP_UNKNOWN_FIELDS> is set then the encoding of unknown fields is
+printed instead of the values.
+
+If B<XN_FLAG_FN_ALIGN> is set then field names are padded to 20 characters: this
+is only of use for multiline format.
+
+Additionally all the options supported by ASN1_STRING_print_ex() can be used to 
+control how each field value is displayed.
+
+In addition a number options can be set for commonly used formats.
+
+B<XN_FLAG_RFC2253> sets options which produce an output compatible with RFC2253 it
+is equivalent to:
+ B<ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | XN_FLAG_FN_SN | XN_FLAG_DUMP_UNKNOWN_FIELDS>
+
+
+B<XN_FLAG_ONELINE> is a more readable one line format it is the same as:
+ B<ASN1_STRFLGS_RFC2253 | ASN1_STRFLGS_ESC_QUOTE | XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_SPC_EQ | XN_FLAG_FN_SN>
+
+B<XN_FLAG_MULTILINE> is a multiline format is is the same as:
+ B<ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | XN_FLAG_SEP_MULTILINE | XN_FLAG_SPC_EQ | XN_FLAG_FN_LN | XN_FLAG_FN_ALIGN>
+
+B<XN_FLAG_COMPAT> uses a format identical to X509_NAME_print(): in fact it calls X509_NAME_print() internally.
+
+=head1 SEE ALSO
+
+L<ASN1_STRING_print_ex(3)|ASN1_STRING_print_ex(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/doc/crypto/X509_new.pod b/doc/crypto/X509_new.pod
new file mode 100644
index 0000000000..fd5fc65ce1
--- /dev/null
+++ b/doc/crypto/X509_new.pod
@@ -0,0 +1,37 @@
+=pod
+
+=head1 NAME
+
+X509_new, X509_free - X509 certificate ASN1 allocation functions
+
+=head1 SYNOPSIS
+
+ X509 *X509_new(void);
+ void X509_free(X509 *a);
+
+=head1 DESCRIPTION
+
+The X509 ASN1 allocation routines, allocate and free an
+X509 structure, which represents an X509 certificate.
+
+X509_new() allocates and initializes a X509 structure.
+
+X509_free() frees up the B<X509> structure B<a>.
+
+=head1 RETURN VALUES
+
+If the allocation fails, X509_new() returns B<NULL> and sets an error
+code that can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
+Otherwise it returns a pointer to the newly allocated structure.
+
+X509_free() returns no value.
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>, L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+X509_new() and X509_free() are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/doc/crypto/bio.pod b/doc/crypto/bio.pod
new file mode 100644
index 0000000000..f9239226ff
--- /dev/null
+++ b/doc/crypto/bio.pod
@@ -0,0 +1,54 @@
+=pod
+
+=head1 NAME
+
+bio - I/O abstraction
+
+=head1 SYNOPSIS
+
+ #include <openssl/bio.h>
+
+TBA
+
+
+=head1 DESCRIPTION
+
+A BIO is an I/O abstraction, it hides many of the underlying I/O
+details from an application. If an application uses a BIO for its
+I/O it can transparently handle SSL connections, unencrypted network
+connections and file I/O.
+
+There are two type of BIO, a source/sink BIO and a filter BIO.
+
+As its name implies a source/sink BIO is a source and/or sink of data,
+examples include a socket BIO and a file BIO.
+
+A filter BIO takes data from one BIO and passes it through to
+another, or the application. The data may be left unmodified (for
+example a message digest BIO) or translated (for example an
+encryption BIO). The effect of a filter BIO may change according
+to the I/O operation it is performing: for example an encryption
+BIO will encrypt data if it is being written to and decrypt data
+if it is being read from.
+
+BIOs can be joined together to form a chain (a single BIO is a chain
+with one component). A chain normally consist of one source/sink
+BIO and one or more filter BIOs. Data read from or written to the
+first BIO then traverses the chain to the end (normally a source/sink
+BIO).
+
+=head1 SEE ALSO
+
+L<BIO_ctrl(3)|BIO_ctrl(3)>,
+L<BIO_f_base64(3)|BIO_f_base64(3)>, L<BIO_f_buffer(3)|BIO_f_buffer(3)>,
+L<BIO_f_cipher(3)|BIO_f_cipher(3)>, L<BIO_f_md(3)|BIO_f_md(3)>,
+L<BIO_f_null(3)|BIO_f_null(3)>, L<BIO_f_ssl(3)|BIO_f_ssl(3)>,
+L<BIO_find_type(3)|BIO_find_type(3)>, L<BIO_new(3)|BIO_new(3)>,
+L<BIO_new_bio_pair(3)|BIO_new_bio_pair(3)>,
+L<BIO_push(3)|BIO_push(3)>, L<BIO_read(3)|BIO_read(3)>,
+L<BIO_s_accept(3)|BIO_s_accept(3)>, L<BIO_s_bio(3)|BIO_s_bio(3)>,
+L<BIO_s_connect(3)|BIO_s_connect(3)>, L<BIO_s_fd(3)|BIO_s_fd(3)>,
+L<BIO_s_file(3)|BIO_s_file(3)>, L<BIO_s_mem(3)|BIO_s_mem(3)>,
+L<BIO_s_null(3)|BIO_s_null(3)>, L<BIO_s_socket(3)|BIO_s_socket(3)>,
+L<BIO_set_callback(3)|BIO_set_callback(3)>,
+L<BIO_should_retry(3)|BIO_should_retry(3)>
diff --git a/doc/crypto/blowfish.pod b/doc/crypto/blowfish.pod
new file mode 100644
index 0000000000..ed71334f56
--- /dev/null
+++ b/doc/crypto/blowfish.pod
@@ -0,0 +1,112 @@
+=pod
+
+=head1 NAME
+
+blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt,
+BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options - Blowfish encryption
+
+=head1 SYNOPSIS
+
+ #include <openssl/blowfish.h>
+
+ void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+
+ void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+         BF_KEY *key, int enc);
+ void BF_cbc_encrypt(const unsigned char *in, unsigned char *out,
+ 	 long length, BF_KEY *schedule, unsigned char *ivec, int enc);
+ void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+ 	 long length, BF_KEY *schedule, unsigned char *ivec, int *num,
+         int enc);
+ void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+ 	 long length, BF_KEY *schedule, unsigned char *ivec, int *num);
+ const char *BF_options(void);
+
+ void BF_encrypt(BF_LONG *data,const BF_KEY *key);
+ void BF_decrypt(BF_LONG *data,const BF_KEY *key);
+
+=head1 DESCRIPTION
+
+This library implements the Blowfish cipher, which was invented and described
+by Counterpane (see http://www.counterpane.com/blowfish.html ).
+
+Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data.
+It uses a variable size key, but typically, 128 bit (16 byte) keys are
+a considered good for strong encryption.  Blowfish can be used in the same
+modes as DES (see L<des_modes(7)|des_modes(7)>).  Blowfish is currently one
+of the faster block ciphers.  It is quite a bit faster than DES, and much
+faster than IDEA or RC2.
+
+Blowfish consists of a key setup phase and the actual encryption or decryption
+phase.
+
+BF_set_key() sets up the B<BF_KEY> B<key> using the B<len> bytes long key
+at B<data>.
+
+BF_ecb_encrypt() is the basic Blowfish encryption and decryption function.
+It encrypts or decrypts the first 64 bits of B<in> using the key B<key>,
+putting the result in B<out>.  B<enc> decides if encryption (B<BF_ENCRYPT>)
+or decryption (B<BF_DECRYPT>) shall be performed.  The vector pointed at by
+B<in> and B<out> must be 64 bits in length, no less.  If they are larger,
+everything after the first 64 bits is ignored.
+
+The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and BF_ofb64_encrypt()
+all operate on variable length data.  They all take an initialization vector
+B<ivec> which needs to be passed along into the next call of the same function 
+for the same message.  B<ivec> may be initialized with anything, but the
+recipient needs to know what it was initialized with, or it won't be able
+to decrypt.  Some programs and protocols simplify this, like SSH, where
+B<ivec> is simply initialized to zero.
+BF_cbc_encrypt() operates on data that is a multiple of 8 bytes long, while
+BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable
+number of bytes (the amount does not have to be an exact multiple of 8).  The
+purpose of the latter two is to simulate stream ciphers, and therefore, they
+need the parameter B<num>, which is a pointer to an integer where the current
+offset in B<ivec> is stored between calls.  This integer must be initialized
+to zero when B<ivec> is initialized.
+
+BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish.  It
+encrypts or decrypts the 64 bits chunks of B<in> using the key B<schedule>,
+putting the result in B<out>.  B<enc> decides if encryption (BF_ENCRYPT) or
+decryption (BF_DECRYPT) shall be performed.  B<ivec> must point at an 8 byte
+long initialization vector.
+
+BF_cfb64_encrypt() is the CFB mode for Blowfish with 64 bit feedback.
+It encrypts or decrypts the bytes in B<in> using the key B<schedule>,
+putting the result in B<out>.  B<enc> decides if encryption (B<BF_ENCRYPT>)
+or decryption (B<BF_DECRYPT>) shall be performed.  B<ivec> must point at an
+8 byte long initialization vector. B<num> must point at an integer which must
+be initially zero.
+
+BF_ofb64_encrypt() is the OFB mode for Blowfish with 64 bit feedback.
+It uses the same parameters as BF_cfb64_encrypt(), which must be initialized
+the same way.
+
+BF_encrypt() and BF_decrypt() are the lowest level functions for Blowfish
+encryption.  They encrypt/decrypt the first 64 bits of the vector pointed by
+B<data>, using the key B<key>.  These functions should not be used unless you
+implement 'modes' of Blowfish.  The alternative is to use BF_ecb_encrypt().
+If you still want to use these functions, you should be aware that they take
+each 32-bit chunk in host-byte order, which is little-endian on little-endian
+platforms and big-endian on big-endian ones.
+
+=head1 RETURN VALUES
+
+None of the functions presented here return any value.
+
+=head1 NOTE
+
+Applications should use the higher level functions
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> etc. instead of calling the
+blowfish functions directly.
+
+=head1 SEE ALSO
+
+L<des_modes(7)|des_modes(7)>
+
+=head1 HISTORY
+
+The Blowfish functions are available in all versions of SSLeay and OpenSSL.
+
+=cut
+
diff --git a/doc/crypto/bn.pod b/doc/crypto/bn.pod
new file mode 100644
index 0000000000..210dfeac08
--- /dev/null
+++ b/doc/crypto/bn.pod
@@ -0,0 +1,158 @@
+=pod
+
+=head1 NAME
+
+bn - multiprecision integer arithmetics
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BIGNUM *BN_new(void);
+ void BN_free(BIGNUM *a);
+ void BN_init(BIGNUM *);
+ void BN_clear(BIGNUM *a);
+ void BN_clear_free(BIGNUM *a);
+
+ BN_CTX *BN_CTX_new(void);
+ void BN_CTX_init(BN_CTX *c);
+ void BN_CTX_free(BN_CTX *c);
+
+ BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
+ BIGNUM *BN_dup(const BIGNUM *a);
+
+ BIGNUM *BN_swap(BIGNUM *a, BIGNUM *b);
+
+ int BN_num_bytes(const BIGNUM *a);
+ int BN_num_bits(const BIGNUM *a);
+ int BN_num_bits_word(BN_ULONG w);
+
+ int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+ int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+ int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
+ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
+         BN_CTX *ctx);
+ int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+ int BN_nnmod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+ int BN_mod_add(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+         BN_CTX *ctx);
+ int BN_mod_sub(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+         BN_CTX *ctx);
+ int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+         BN_CTX *ctx);
+ int BN_mod_sqr(BIGNUM *ret, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+ int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
+ int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+         const BIGNUM *m, BN_CTX *ctx);
+ int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+
+ int BN_add_word(BIGNUM *a, BN_ULONG w);
+ int BN_sub_word(BIGNUM *a, BN_ULONG w);
+ int BN_mul_word(BIGNUM *a, BN_ULONG w);
+ BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+ BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+
+ int BN_cmp(BIGNUM *a, BIGNUM *b);
+ int BN_ucmp(BIGNUM *a, BIGNUM *b);
+ int BN_is_zero(BIGNUM *a);
+ int BN_is_one(BIGNUM *a);
+ int BN_is_word(BIGNUM *a, BN_ULONG w);
+ int BN_is_odd(BIGNUM *a);
+
+ int BN_zero(BIGNUM *a);
+ int BN_one(BIGNUM *a);
+ const BIGNUM *BN_value_one(void);
+ int BN_set_word(BIGNUM *a, unsigned long w);
+ unsigned long BN_get_word(BIGNUM *a);
+
+ int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+ int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+ int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
+ int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
+
+ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add,
+         BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
+ int BN_is_prime(const BIGNUM *p, int nchecks,
+         void (*callback)(int, int, void *), BN_CTX *ctx, void *cb_arg);
+
+ int BN_set_bit(BIGNUM *a, int n);
+ int BN_clear_bit(BIGNUM *a, int n);
+ int BN_is_bit_set(const BIGNUM *a, int n);
+ int BN_mask_bits(BIGNUM *a, int n);
+ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+ int BN_lshift1(BIGNUM *r, BIGNUM *a);
+ int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+ int BN_rshift1(BIGNUM *r, BIGNUM *a);
+
+ int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+ char *BN_bn2hex(const BIGNUM *a);
+ char *BN_bn2dec(const BIGNUM *a);
+ int BN_hex2bn(BIGNUM **a, const char *str);
+ int BN_dec2bn(BIGNUM **a, const char *str);
+ int BN_print(BIO *fp, const BIGNUM *a);
+ int BN_print_fp(FILE *fp, const BIGNUM *a);
+ int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+ BIGNUM *BN_mpi2bn(unsigned char *s, int len, BIGNUM *ret);
+
+ BIGNUM *BN_mod_inverse(BIGNUM *r, BIGNUM *a, const BIGNUM *n,
+     BN_CTX *ctx);
+
+ BN_RECP_CTX *BN_RECP_CTX_new(void);
+ void BN_RECP_CTX_init(BN_RECP_CTX *recp);
+ void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+ int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *m, BN_CTX *ctx);
+ int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+        BN_RECP_CTX *recp, BN_CTX *ctx);
+
+ BN_MONT_CTX *BN_MONT_CTX_new(void);
+ void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
+ void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *m, BN_CTX *ctx);
+ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
+ int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b,
+         BN_MONT_CTX *mont, BN_CTX *ctx);
+ int BN_from_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+         BN_CTX *ctx);
+ int BN_to_montgomery(BIGNUM *r, BIGNUM *a, BN_MONT_CTX *mont,
+         BN_CTX *ctx);
+
+
+=head1 DESCRIPTION
+
+This library performs arithmetic operations on integers of arbitrary
+size. It was written for use in public key cryptography, such as RSA
+and Diffie-Hellman.
+
+It uses dynamic memory allocation for storing its data structures.
+That means that there is no limit on the size of the numbers
+manipulated by these functions, but return values must always be
+checked in case a memory allocation error has occurred.
+
+The basic object in this library is a B<BIGNUM>. It is used to hold a
+single large integer. This type should be considered opaque and fields
+should not be modified or accessed directly.
+
+The creation of B<BIGNUM> objects is described in L<BN_new(3)|BN_new(3)>;
+L<BN_add(3)|BN_add(3)> describes most of the arithmetic operations.
+Comparison is described in L<BN_cmp(3)|BN_cmp(3)>; L<BN_zero(3)|BN_zero(3)>
+describes certain assignments, L<BN_rand(3)|BN_rand(3)> the generation of
+random numbers, L<BN_generate_prime(3)|BN_generate_prime(3)> deals with prime
+numbers and L<BN_set_bit(3)|BN_set_bit(3)> with bit operations. The conversion
+of B<BIGNUM>s to external formats is described in L<BN_bn2bin(3)|BN_bn2bin(3)>.
+
+=head1 SEE ALSO
+
+L<bn_internal(3)|bn_internal(3)>,
+L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+L<BN_new(3)|BN_new(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
+L<BN_copy(3)|BN_copy(3)>, L<BN_swap(3)|BN_swap(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>,
+L<BN_add(3)|BN_add(3)>, L<BN_add_word(3)|BN_add_word(3)>,
+L<BN_cmp(3)|BN_cmp(3)>, L<BN_zero(3)|BN_zero(3)>, L<BN_rand(3)|BN_rand(3)>,
+L<BN_generate_prime(3)|BN_generate_prime(3)>, L<BN_set_bit(3)|BN_set_bit(3)>,
+L<BN_bn2bin(3)|BN_bn2bin(3)>, L<BN_mod_inverse(3)|BN_mod_inverse(3)>,
+L<BN_mod_mul_reciprocal(3)|BN_mod_mul_reciprocal(3)>,
+L<BN_mod_mul_montgomery(3)|BN_mod_mul_montgomery(3)> 
+
+=cut
diff --git a/doc/crypto/bn_internal.pod b/doc/crypto/bn_internal.pod
new file mode 100644
index 0000000000..9805a7c9f2
--- /dev/null
+++ b/doc/crypto/bn_internal.pod
@@ -0,0 +1,226 @@
+=pod
+
+=head1 NAME
+
+bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
+bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8,
+bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal,
+bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive,
+bn_mul_low_recursive, bn_mul_high, bn_sqr_normal, bn_sqr_recursive,
+bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top,
+bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low - BIGNUM
+library internal functions
+
+=head1 SYNOPSIS
+
+ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
+ BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num,
+   BN_ULONG w);
+ void     bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
+ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+ BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
+   int num);
+ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
+   int num);
+
+ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+ void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+ void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a);
+ void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a);
+
+ int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n);
+
+ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b,
+   int nb);
+ void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
+ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+   int dna,int dnb,BN_ULONG *tmp);
+ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+   int n, int tna,int tnb, BN_ULONG *tmp);
+ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+   int n2, BN_ULONG *tmp);
+ void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l,
+   int n2, BN_ULONG *tmp);
+
+ void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
+ void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp);
+
+ void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
+ void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
+ void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a);
+
+ BIGNUM *bn_expand(BIGNUM *a, int bits);
+ BIGNUM *bn_wexpand(BIGNUM *a, int n);
+ BIGNUM *bn_expand2(BIGNUM *a, int n);
+ void bn_fix_top(BIGNUM *a);
+
+ void bn_check_top(BIGNUM *a);
+ void bn_print(BIGNUM *a);
+ void bn_dump(BN_ULONG *d, int n);
+ void bn_set_max(BIGNUM *a);
+ void bn_set_high(BIGNUM *r, BIGNUM *a, int n);
+ void bn_set_low(BIGNUM *r, BIGNUM *a, int n);
+
+=head1 DESCRIPTION
+
+This page documents the internal functions used by the OpenSSL
+B<BIGNUM> implementation. They are described here to facilitate
+debugging and extending the library. They are I<not> to be used by
+applications.
+
+=head2 The BIGNUM structure
+
+ typedef struct bignum_st
+        {
+        int top;      /* index of last used d (most significant word) */
+        BN_ULONG *d;  /* pointer to an array of 'BITS2' bit chunks */
+        int max;      /* size of the d array */
+        int neg;      /* sign */
+        } BIGNUM;
+
+The big number is stored in B<d>, a malloc()ed array of B<BN_ULONG>s,
+least significant first. A B<BN_ULONG> can be either 16, 32 or 64 bits
+in size (B<BITS2>), depending on the 'number of bits' specified in
+C<openssl/bn.h>.
+
+B<max> is the size of the B<d> array that has been allocated.  B<top>
+is the 'last' entry being used, so for a value of 4, bn.d[0]=4 and
+bn.top=1.  B<neg> is 1 if the number is negative.  When a B<BIGNUM> is
+B<0>, the B<d> field can be B<NULL> and B<top> == B<0>.
+
+Various routines in this library require the use of temporary
+B<BIGNUM> variables during their execution.  Since dynamic memory
+allocation to create B<BIGNUM>s is rather expensive when used in
+conjunction with repeated subroutine calls, the B<BN_CTX> structure is
+used.  This structure contains B<BN_CTX_NUM> B<BIGNUM>s, see
+L<BN_CTX_start(3)|BN_CTX_start(3)>.
+
+=head2 Low-level arithmetic operations
+
+These functions are implemented in C and for several platforms in
+assembly language:
+
+bn_mul_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num> word
+arrays B<rp> and B<ap>.  It computes B<ap> * B<w>, places the result
+in B<rp>, and returns the high word (carry).
+
+bn_mul_add_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num>
+word arrays B<rp> and B<ap>.  It computes B<ap> * B<w> + B<rp>, places
+the result in B<rp>, and returns the high word (carry).
+
+bn_sqr_words(B<rp>, B<ap>, B<n>) operates on the B<num> word array
+B<ap> and the 2*B<num> word array B<ap>.  It computes B<ap> * B<ap>
+word-wise, and places the low and high bytes of the result in B<rp>.
+
+bn_div_words(B<h>, B<l>, B<d>) divides the two word number (B<h>,B<l>)
+by B<d> and returns the result.
+
+bn_add_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
+arrays B<ap>, B<bp> and B<rp>.  It computes B<ap> + B<bp>, places the
+result in B<rp>, and returns the high word (carry).
+
+bn_sub_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
+arrays B<ap>, B<bp> and B<rp>.  It computes B<ap> - B<bp>, places the
+result in B<rp>, and returns the carry (1 if B<bp> E<gt> B<ap>, 0
+otherwise).
+
+bn_mul_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
+B<b> and the 8 word array B<r>.  It computes B<a>*B<b> and places the
+result in B<r>.
+
+bn_mul_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
+B<b> and the 16 word array B<r>.  It computes B<a>*B<b> and places the
+result in B<r>.
+
+bn_sqr_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
+B<b> and the 8 word array B<r>.
+
+bn_sqr_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
+B<b> and the 16 word array B<r>.
+
+The following functions are implemented in C:
+
+bn_cmp_words(B<a>, B<b>, B<n>) operates on the B<n> word arrays B<a>
+and B<b>.  It returns 1, 0 and -1 if B<a> is greater than, equal and
+less than B<b>.
+
+bn_mul_normal(B<r>, B<a>, B<na>, B<b>, B<nb>) operates on the B<na>
+word array B<a>, the B<nb> word array B<b> and the B<na>+B<nb> word
+array B<r>.  It computes B<a>*B<b> and places the result in B<r>.
+
+bn_mul_low_normal(B<r>, B<a>, B<b>, B<n>) operates on the B<n> word
+arrays B<r>, B<a> and B<b>.  It computes the B<n> low words of
+B<a>*B<b> and places the result in B<r>.
+
+bn_mul_recursive(B<r>, B<a>, B<b>, B<n2>, B<dna>, B<dnb>, B<t>) operates
+on the word arrays B<a> and B<b> of length B<n2>+B<dna> and B<n2>+B<dnb>
+(B<dna> and B<dnb> are currently allowed to be 0 or negative) and the 2*B<n2>
+word arrays B<r> and B<t>.  B<n2> must be a power of 2.  It computes
+B<a>*B<b> and places the result in B<r>.
+
+bn_mul_part_recursive(B<r>, B<a>, B<b>, B<n>, B<tna>, B<tnb>, B<tmp>)
+operates on the word arrays B<a> and B<b> of length B<n>+B<tna> and
+B<n>+B<tnb> and the 4*B<n> word arrays B<r> and B<tmp>.
+
+bn_mul_low_recursive(B<r>, B<a>, B<b>, B<n2>, B<tmp>) operates on the
+B<n2> word arrays B<r> and B<tmp> and the B<n2>/2 word arrays B<a>
+and B<b>.
+
+bn_mul_high(B<r>, B<a>, B<b>, B<l>, B<n2>, B<tmp>) operates on the
+B<n2> word arrays B<r>, B<a>, B<b> and B<l> (?) and the 3*B<n2> word
+array B<tmp>.
+
+BN_mul() calls bn_mul_normal(), or an optimized implementation if the
+factors have the same size: bn_mul_comba8() is used if they are 8
+words long, bn_mul_recursive() if they are larger than
+B<BN_MULL_SIZE_NORMAL> and the size is an exact multiple of the word
+size, and bn_mul_part_recursive() for others that are larger than
+B<BN_MULL_SIZE_NORMAL>.
+
+bn_sqr_normal(B<r>, B<a>, B<n>, B<tmp>) operates on the B<n> word array
+B<a> and the 2*B<n> word arrays B<tmp> and B<r>.
+
+The implementations use the following macros which, depending on the
+architecture, may use "long long" C operations or inline assembler.
+They are defined in C<bn_lcl.h>.
+
+mul(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<c> and places the
+low word of the result in B<r> and the high word in B<c>.
+
+mul_add(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<r>+B<c> and
+places the low word of the result in B<r> and the high word in B<c>.
+
+sqr(B<r0>, B<r1>, B<a>) computes B<a>*B<a> and places the low word
+of the result in B<r0> and the high word in B<r1>.
+
+=head2 Size changes
+
+bn_expand() ensures that B<b> has enough space for a B<bits> bit
+number.  bn_wexpand() ensures that B<b> has enough space for an
+B<n> word number.  If the number has to be expanded, both macros
+call bn_expand2(), which allocates a new B<d> array and copies the
+data.  They return B<NULL> on error, B<b> otherwise.
+
+The bn_fix_top() macro reduces B<a-E<gt>top> to point to the most
+significant non-zero word when B<a> has shrunk.
+
+=head2 Debugging
+
+bn_check_top() verifies that C<((a)-E<gt>top E<gt>= 0 && (a)-E<gt>top
+E<lt>= (a)-E<gt>max)>.  A violation will cause the program to abort.
+
+bn_print() prints B<a> to stderr. bn_dump() prints B<n> words at B<d>
+(in reverse order, i.e. most significant word first) to stderr.
+
+bn_set_max() makes B<a> a static number with a B<max> of its current size.
+This is used by bn_set_low() and bn_set_high() to make B<r> a read-only
+B<BIGNUM> that contains the B<n> low or high words of B<a>.
+
+If B<BN_DEBUG> is not defined, bn_check_top(), bn_print(), bn_dump()
+and bn_set_max() are defined as empty macros.
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>
+
+=cut
diff --git a/doc/crypto/buffer.pod b/doc/crypto/buffer.pod
new file mode 100644
index 0000000000..781f5b11ee
--- /dev/null
+++ b/doc/crypto/buffer.pod
@@ -0,0 +1,73 @@
+=pod
+
+=head1 NAME
+
+BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup - simple
+character arrays structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/buffer.h>
+
+ BUF_MEM *BUF_MEM_new(void);
+
+ void	BUF_MEM_free(BUF_MEM *a);
+
+ int	BUF_MEM_grow(BUF_MEM *str, int len);
+
+ char *	BUF_strdup(const char *str);
+
+=head1 DESCRIPTION
+
+The buffer library handles simple character arrays. Buffers are used for
+various purposes in the library, most notably memory BIOs.
+
+The library uses the BUF_MEM structure defined in buffer.h:
+
+ typedef struct buf_mem_st
+ {
+        int length;     /* current number of bytes */
+        char *data;
+        int max;        /* size of buffer */
+ } BUF_MEM;
+
+B<length> is the current size of the buffer in bytes, B<max> is the amount of
+memory allocated to the buffer. There are three functions which handle these
+and one "miscellaneous" function.
+
+BUF_MEM_new() allocates a new buffer of zero size.
+
+BUF_MEM_free() frees up an already existing buffer. The data is zeroed
+before freeing up in case the buffer contains sensitive data.
+
+BUF_MEM_grow() changes the size of an already existing buffer to
+B<len>. Any data already in the buffer is preserved if it increases in
+size.
+
+BUF_strdup() copies a null terminated string into a block of allocated
+memory and returns a pointer to the allocated block.
+Unlike the standard C library strdup() this function uses OPENSSL_malloc() and so
+should be used in preference to the standard library strdup() because it can
+be used for memory leak checking or replacing the malloc() function.
+
+The memory allocated from BUF_strdup() should be freed up using the OPENSSL_free()
+function.
+
+=head1 RETURN VALUES
+
+BUF_MEM_new() returns the buffer or NULL on error.
+
+BUF_MEM_free() has no return value.
+
+BUF_MEM_grow() returns zero on error or the new size (i.e. B<len>).
+
+=head1 SEE ALSO
+
+L<bio(3)|bio(3)>
+
+=head1 HISTORY
+
+BUF_MEM_new(), BUF_MEM_free() and BUF_MEM_grow() are available in all
+versions of SSLeay and OpenSSL. BUF_strdup() was added in SSLeay 0.8.
+
+=cut
diff --git a/doc/crypto/crypto.pod b/doc/crypto/crypto.pod
new file mode 100644
index 0000000000..7a527992bb
--- /dev/null
+++ b/doc/crypto/crypto.pod
@@ -0,0 +1,85 @@
+=pod
+
+=head1 NAME
+
+crypto - OpenSSL cryptographic library
+
+=head1 SYNOPSIS
+
+=head1 DESCRIPTION
+
+The OpenSSL B<crypto> library implements a wide range of cryptographic
+algorithms used in various Internet standards. The services provided
+by this library are used by the OpenSSL implementations of SSL, TLS
+and S/MIME, and they have also been used to implement SSH, OpenPGP, and
+other cryptographic standards.
+
+=head1 OVERVIEW
+
+B<libcrypto> consists of a number of sub-libraries that implement the
+individual algorithms.
+
+The functionality includes symmetric encryption, public key
+cryptography and key agreement, certificate handling, cryptographic
+hash functions and a cryptographic pseudo-random number generator.
+
+=over 4
+
+=item SYMMETRIC CIPHERS
+
+L<blowfish(3)|blowfish(3)>, L<cast(3)|cast(3)>, L<des(3)|des(3)>,
+L<idea(3)|idea(3)>, L<rc2(3)|rc2(3)>, L<rc4(3)|rc4(3)>, L<rc5(3)|rc5(3)> 
+
+=item PUBLIC KEY CRYPTOGRAPHY AND KEY AGREEMENT
+
+L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<rsa(3)|rsa(3)>
+
+=item CERTIFICATES
+
+L<x509(3)|x509(3)>, L<x509v3(3)|x509v3(3)>
+
+=item AUTHENTICATION CODES, HASH FUNCTIONS
+
+L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, L<md4(3)|md4(3)>,
+L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+L<sha(3)|sha(3)>
+
+=item AUXILIARY FUNCTIONS
+
+L<err(3)|err(3)>, L<threads(3)|threads(3)>, L<rand(3)|rand(3)>,
+L<OPENSSL_VERSION_NUMBER(3)|OPENSSL_VERSION_NUMBER(3)>
+
+=item INPUT/OUTPUT, DATA ENCODING
+
+L<asn1(3)|asn1(3)>, L<bio(3)|bio(3)>, L<evp(3)|evp(3)>, L<pem(3)|pem(3)>,
+L<pkcs7(3)|pkcs7(3)>, L<pkcs12(3)|pkcs12(3)> 
+
+=item INTERNAL FUNCTIONS
+
+L<bn(3)|bn(3)>, L<buffer(3)|buffer(3)>, L<lhash(3)|lhash(3)>,
+L<objects(3)|objects(3)>, L<stack(3)|stack(3)>,
+L<txt_db(3)|txt_db(3)> 
+
+=back
+
+=head1 NOTES
+
+Some of the newer functions follow a naming convention using the numbers
+B<0> and B<1>. For example the functions:
+
+ int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
+ int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj);
+
+The B<0> version uses the supplied structure pointer directly
+in the parent and it will be freed up when the parent is freed.
+In the above example B<crl> would be freed but B<rev> would not.
+
+The B<1> function uses a copy of the supplied structure pointer
+(or in some cases increases its link count) in the parent and
+so both (B<x> and B<obj> above) should be freed up.
+
+=head1 SEE ALSO
+
+L<openssl(1)|openssl(1)>, L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/doc/crypto/d2i_ASN1_OBJECT.pod b/doc/crypto/d2i_ASN1_OBJECT.pod
new file mode 100644
index 0000000000..45bb18492c
--- /dev/null
+++ b/doc/crypto/d2i_ASN1_OBJECT.pod
@@ -0,0 +1,29 @@
+=pod
+
+=head1 NAME
+
+d2i_ASN1_OBJECT, i2d_ASN1_OBJECT - ASN1 OBJECT IDENTIFIER functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/objects.h>
+
+ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, long length);
+ int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+These functions decode and encode an ASN1 OBJECT IDENTIFIER.
+
+Othewise these behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/doc/crypto/d2i_DHparams.pod b/doc/crypto/d2i_DHparams.pod
new file mode 100644
index 0000000000..1e98aebeca
--- /dev/null
+++ b/doc/crypto/d2i_DHparams.pod
@@ -0,0 +1,30 @@
+=pod
+
+=head1 NAME
+
+d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+
+ DH *d2i_DHparams(DH **a, unsigned char **pp, long length);
+ int i2d_DHparams(DH *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+These functions decode and encode PKCS#3 DH parameters using the
+DHparameter structure described in PKCS#3.
+
+Othewise these behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/doc/crypto/d2i_DSAPublicKey.pod b/doc/crypto/d2i_DSAPublicKey.pod
new file mode 100644
index 0000000000..6ebd30427b
--- /dev/null
+++ b/doc/crypto/d2i_DSAPublicKey.pod
@@ -0,0 +1,82 @@
+=pod
+
+=head1 NAME
+
+d2i_DSAPublicKey, i2d_DSAPublicKey, d2i_DSAPrivateKey, i2d_DSAPrivateKey,
+d2i_DSA_PUBKEY, i2d_DSA_PUBKEY, d2i_DSA_SIG, i2d_DSA_SIG - DSA key encoding
+and parsing functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+
+ DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
+
+ int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+
+ DSA * d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
+
+ int i2d_DSA_PUBKEY(const DSA *a, unsigned char **pp);
+
+ DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
+
+ int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+
+ DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
+
+ int i2d_DSAparams(const DSA *a, unsigned char **pp);
+
+ DSA * d2i_DSA_SIG(DSA_SIG **a, const unsigned char **pp, long length);
+
+ int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+d2i_DSAPublicKey() and i2d_DSAPublicKey() decode and encode the DSA public key
+components structure.
+
+d2i_DSA_PUKEY() and i2d_DSA_PUKEY() decode and encode an DSA public key using a
+SubjectPublicKeyInfo (certificate public key) structure.
+
+d2i_DSAPrivateKey(), i2d_DSAPrivateKey() decode and encode the DSA private key
+components.
+
+d2i_DSAparams(), i2d_DSAparams() decode and encode the DSA parameters using
+a B<Dss-Parms> structure as defined in RFC2459.
+
+d2i_DSA_SIG(), i2d_DSA_SIG() decode and encode a DSA signature using a
+B<Dss-Sig-Value> structure as defined in RFC2459.
+
+The usage of all of these functions is similar to the d2i_X509() and
+i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 NOTES
+
+The B<DSA> structure passed to the private key encoding functions should have
+all the private key components present.
+
+The data encoded by the private key functions is unencrypted and therefore 
+offers no private key security.
+
+The B<DSA_PUBKEY> functions should be used in preference to the B<DSAPublicKey>
+functions when encoding public keys because they use a standard format.
+
+The B<DSAPublicKey> functions use an non standard format the actual data encoded
+depends on the value of the B<write_params> field of the B<a> key parameter.
+If B<write_params> is zero then only the B<pub_key> field is encoded as an
+B<INTEGER>. If B<write_params> is 1 then a B<SEQUENCE> consisting of the
+B<p>, B<q>, B<g> and B<pub_key> respectively fields are encoded.
+
+The B<DSAPrivateKey> functions also use a non standard structure consiting
+consisting of a SEQUENCE containing the B<p>, B<q>, B<g> and B<pub_key> and
+B<priv_key> fields respectively.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/doc/crypto/d2i_PKCS8PrivateKey.pod b/doc/crypto/d2i_PKCS8PrivateKey.pod
new file mode 100644
index 0000000000..a54b779088
--- /dev/null
+++ b/doc/crypto/d2i_PKCS8PrivateKey.pod
@@ -0,0 +1,56 @@
+=pod
+
+=head1 NAME
+
+d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp,
+i2d_PKCS8PrivateKey_bio, i2d_PKCS8PrivateKey_fp,
+i2d_PKCS8PrivateKey_nid_bio, i2d_PKCS8PrivateKey_nid_fp - PKCS#8 format private key functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u);
+ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u);
+
+ int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u);
+
+ int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u);
+
+ int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u);
+
+ int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
+				  char *kstr, int klen,
+				  pem_password_cb *cb, void *u);
+
+=head1 DESCRIPTION
+
+The PKCS#8 functions encode and decode private keys in PKCS#8 format using both
+PKCS#5 v1.5 and PKCS#5 v2.0 password based encryption algorithms.
+
+Other than the use of DER as opposed to PEM these functions are identical to the
+corresponding B<PEM> function as described in the L<pem(3)|pem(3)> manual page.
+
+=head1 NOTES
+
+Before using these functions L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>
+should be called to initialize the internal algorithm lookup tables otherwise errors about
+unknown algorithms will occur if an attempt is made to decrypt a private key. 
+
+These functions are currently the only way to store encrypted private keys using DER format.
+
+Currently all the functions use BIOs or FILE pointers, there are no functions which
+work directly on memory: this can be readily worked around by converting the buffers
+to memory BIOs, see L<BIO_s_mem(3)|BIO_s_mem(3)> for details.
+
+=head1 SEE ALSO
+
+L<pem(3)|pem(3)>
+
+=cut
diff --git a/doc/crypto/d2i_RSAPublicKey.pod b/doc/crypto/d2i_RSAPublicKey.pod
new file mode 100644
index 0000000000..7c71bcbf3d
--- /dev/null
+++ b/doc/crypto/d2i_RSAPublicKey.pod
@@ -0,0 +1,66 @@
+=pod
+
+=head1 NAME
+
+d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey,
+d2i_RSA_PUBKEY, i2d_RSA_PUBKEY, i2d_Netscape_RSA,
+d2i_Netscape_RSA - RSA public and private key encoding functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+
+ RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
+
+ int i2d_RSAPublicKey(RSA *a, unsigned char **pp);
+
+ RSA * d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, long length);
+
+ int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
+
+ RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
+
+ int i2d_RSAPrivateKey(RSA *a, unsigned char **pp);
+
+ int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
+
+ RSA * d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
+
+=head1 DESCRIPTION
+
+d2i_RSAPublicKey() and i2d_RSAPublicKey() decode and encode a PKCS#1 RSAPublicKey
+structure.
+
+d2i_RSA_PUKEY() and i2d_RSA_PUKEY() decode and encode an RSA public key using a
+SubjectPublicKeyInfo (certificate public key) structure.
+
+d2i_RSAPrivateKey(), i2d_RSAPrivateKey() decode and encode a PKCS#1 RSAPrivateKey
+structure.
+
+d2i_Netscape_RSA(), i2d_Netscape_RSA() decode and encode an RSA private key in
+NET format.
+
+The usage of all of these functions is similar to the d2i_X509() and
+i2d_X509() described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 NOTES
+
+The B<RSA> structure passed to the private key encoding functions should have
+all the PKCS#1 private key components present.
+
+The data encoded by the private key functions is unencrypted and therefore 
+offers no private key security. 
+
+The NET format functions are present to provide compatibility with certain very
+old software. This format has some severe security weaknesses and should be
+avoided if possible.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/doc/crypto/d2i_X509.pod b/doc/crypto/d2i_X509.pod
new file mode 100644
index 0000000000..5e3c3d0985
--- /dev/null
+++ b/doc/crypto/d2i_X509.pod
@@ -0,0 +1,231 @@
+=pod
+
+=head1 NAME
+
+d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio,
+i2d_X509_fp - X509 encode and decode functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509 *d2i_X509(X509 **px, unsigned char **in, int len);
+ int i2d_X509(X509 *x, unsigned char **out);
+
+ X509 *d2i_X509_bio(BIO *bp, X509 **x);
+ X509 *d2i_X509_fp(FILE *fp, X509 **x);
+
+ int i2d_X509_bio(X509 *x, BIO *bp);
+ int i2d_X509_fp(X509 *x, FILE *fp);
+
+=head1 DESCRIPTION
+
+The X509 encode and decode routines encode and parse an
+B<X509> structure, which represents an X509 certificate.
+
+d2i_X509() attempts to decode B<len> bytes at B<*out>. If 
+successful a pointer to the B<X509> structure is returned. If an error
+occurred then B<NULL> is returned. If B<px> is not B<NULL> then the
+returned structure is written to B<*px>. If B<*px> is not B<NULL>
+then it is assumed that B<*px> contains a valid B<X509>
+structure and an attempt is made to reuse it. If the call is
+successful B<*out> is incremented to the byte following the
+parsed data.
+
+i2d_X509() encodes the structure pointed to by B<x> into DER format.
+If B<out> is not B<NULL> is writes the DER encoded data to the buffer
+at B<*out>, and increments it to point after the data just written.
+If the return value is negative an error occurred, otherwise it
+returns the length of the encoded data. 
+
+For OpenSSL 0.9.7 and later if B<*out> is B<NULL> memory will be
+allocated for a buffer and the encoded data written to it. In this
+case B<*out> is not incremented and it points to the start of the
+data just written.
+
+d2i_X509_bio() is similar to d2i_X509() except it attempts
+to parse data from BIO B<bp>.
+
+d2i_X509_fp() is similar to d2i_X509() except it attempts
+to parse data from FILE pointer B<fp>.
+
+i2d_X509_bio() is similar to i2d_X509() except it writes
+the encoding of the structure B<x> to BIO B<bp> and it
+returns 1 for success and 0 for failure.
+
+i2d_X509_fp() is similar to i2d_X509() except it writes
+the encoding of the structure B<x> to BIO B<bp> and it
+returns 1 for success and 0 for failure.
+
+=head1 NOTES
+
+The letters B<i> and B<d> in for example B<i2d_X509> stand for
+"internal" (that is an internal C structure) and "DER". So that
+B<i2d_X509> converts from internal to DER.
+
+The functions can also understand B<BER> forms.
+
+The actual X509 structure passed to i2d_X509() must be a valid
+populated B<X509> structure it can B<not> simply be fed with an
+empty structure such as that returned by X509_new().
+
+The encoded data is in binary form and may contain embedded zeroes.
+Therefore any FILE pointers or BIOs should be opened in binary mode.
+Functions such as B<strlen()> will B<not> return the correct length
+of the encoded structure.
+
+The ways that B<*in> and B<*out> are incremented after the operation
+can trap the unwary. See the B<WARNINGS> section for some common
+errors.
+
+The reason for the auto increment behaviour is to reflect a typical
+usage of ASN1 functions: after one structure is encoded or decoded
+another will processed after it.
+
+=head1 EXAMPLES
+
+Allocate and encode the DER encoding of an X509 structure:
+
+ int len;
+ unsigned char *buf, *p;
+
+ len = i2d_X509(x, NULL);
+
+ buf = OPENSSL_malloc(len);
+
+ if (buf == NULL)
+	/* error */
+
+ p = buf;
+
+ i2d_X509(x, &p);
+
+If you are using OpenSSL 0.9.7 or later then this can be
+simplified to:
+
+
+ int len;
+ unsigned char *buf;
+
+ buf = NULL;
+
+ len = i2d_X509(x, &buf);
+
+ if (len < 0)
+	/* error */
+
+Attempt to decode a buffer:
+
+ X509 *x;
+
+ unsigned char *buf, *p;
+
+ int len;
+
+ /* Something to setup buf and len */
+
+ p = buf;
+
+ x = d2i_X509(NULL, &p, len);
+
+ if (x == NULL)
+    /* Some error */
+
+Alternative technique:
+
+ X509 *x;
+
+ unsigned char *buf, *p;
+
+ int len;
+
+ /* Something to setup buf and len */
+
+ p = buf;
+
+ x = NULL;
+
+ if(!d2i_X509(&x, &p, len))
+    /* Some error */
+
+
+=head1 WARNINGS
+
+The use of temporary variable is mandatory. A common
+mistake is to attempt to use a buffer directly as follows:
+
+ int len;
+ unsigned char *buf;
+
+ len = i2d_X509(x, NULL);
+
+ buf = OPENSSL_malloc(len);
+
+ if (buf == NULL)
+	/* error */
+
+ i2d_X509(x, &buf);
+
+ /* Other stuff ... */
+
+ OPENSSL_free(buf);
+
+This code will result in B<buf> apparently containing garbage because
+it was incremented after the call to point after the data just written.
+Also B<buf> will no longer contain the pointer allocated by B<OPENSSL_malloc()>
+and the subsequent call to B<OPENSSL_free()> may well crash.
+
+The auto allocation feature (setting buf to NULL) only works on OpenSSL
+0.9.7 and later. Attempts to use it on earlier versions will typically
+cause a segmentation violation.
+
+Another trap to avoid is misuse of the B<xp> argument to B<d2i_X509()>:
+
+ X509 *x;
+
+ if (!d2i_X509(&x, &p, len))
+	/* Some error */
+
+This will probably crash somewhere in B<d2i_X509()>. The reason for this
+is that the variable B<x> is uninitialized and an attempt will be made to
+interpret its (invalid) value as an B<X509> structure, typically causing
+a segmentation violation. If B<x> is set to NULL first then this will not
+happen.
+
+=head1 BUGS
+
+In some versions of OpenSSL the "reuse" behaviour of d2i_X509() when 
+B<*px> is valid is broken and some parts of the reused structure may
+persist if they are not present in the new one. As a result the use
+of this "reuse" behaviour is strongly discouraged.
+
+i2d_X509() will not return an error in many versions of OpenSSL,
+if mandatory fields are not initialized due to a programming error
+then the encoded structure may contain invalid data or omit the
+fields entirely and will not be parsed by d2i_X509(). This may be
+fixed in future so code should not assume that i2d_X509() will
+always succeed.
+
+=head1 RETURN VALUES
+
+d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
+or B<NULL> if an error occurs. The error code that can be obtained by
+L<ERR_get_error(3)|ERR_get_error(3)>. 
+
+i2d_X509(), i2d_X509_bio() and i2d_X509_fp() return a the number of bytes
+successfully encoded or a negative value if an error occurs. The error code
+can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. 
+
+i2d_X509_bio() and i2d_X509_fp() returns 1 for success and 0 if an error 
+occurs The error code can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>. 
+
+=head1 SEE ALSO
+
+L<ERR_get_error(3)|ERR_get_error(3)>
+
+=head1 HISTORY
+
+d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio and i2d_X509_fp
+are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/doc/crypto/d2i_X509_ALGOR.pod b/doc/crypto/d2i_X509_ALGOR.pod
new file mode 100644
index 0000000000..9e5cd92ca7
--- /dev/null
+++ b/doc/crypto/d2i_X509_ALGOR.pod
@@ -0,0 +1,30 @@
+=pod
+
+=head1 NAME
+
+d2i_X509_ALGOR, i2d_X509_ALGOR - AlgorithmIdentifier functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, unsigned char **pp, long length);
+ int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+These functions decode and encode an B<X509_ALGOR> structure which is
+equivalent to the B<AlgorithmIdentifier> structure.
+
+Othewise these behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/doc/crypto/d2i_X509_CRL.pod b/doc/crypto/d2i_X509_CRL.pod
new file mode 100644
index 0000000000..06c5b23c09
--- /dev/null
+++ b/doc/crypto/d2i_X509_CRL.pod
@@ -0,0 +1,37 @@
+=pod
+
+=head1 NAME
+
+d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_509_CRL_fp,
+i2d_X509_CRL_bio, i2d_X509_CRL_fp - PKCS#10 certificate request functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509_CRL *d2i_X509_CRL(X509_CRL **a, unsigned char **pp, long length);
+ int i2d_X509_CRL(X509_CRL *a, unsigned char **pp);
+
+ X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **x);
+ X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **x);
+
+ int i2d_X509_CRL_bio(X509_CRL *x, BIO *bp);
+ int i2d_X509_CRL_fp(X509_CRL *x, FILE *fp);
+
+=head1 DESCRIPTION
+
+These functions decode and encode an X509 CRL (certificate revocation
+list).
+
+Othewise the functions behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/doc/crypto/d2i_X509_NAME.pod b/doc/crypto/d2i_X509_NAME.pod
new file mode 100644
index 0000000000..343ffe1519
--- /dev/null
+++ b/doc/crypto/d2i_X509_NAME.pod
@@ -0,0 +1,31 @@
+=pod
+
+=head1 NAME
+
+d2i_X509_NAME, i2d_X509_NAME - X509_NAME encoding functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509_NAME *d2i_X509_NAME(X509_NAME **a, unsigned char **pp, long length);
+ int i2d_X509_NAME(X509_NAME *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+These functions decode and encode an B<X509_NAME> structure which is the
+the same as the B<Name> type defined in RFC2459 (and elsewhere) and used
+for example in certificate subject and issuer names.
+
+Othewise the functions behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/doc/crypto/d2i_X509_REQ.pod b/doc/crypto/d2i_X509_REQ.pod
new file mode 100644
index 0000000000..be4ad68257
--- /dev/null
+++ b/doc/crypto/d2i_X509_REQ.pod
@@ -0,0 +1,36 @@
+=pod
+
+=head1 NAME
+
+d2i_X509_REQ, i2d_X509_REQ, d2i_X509_REQ_bio, d2i_X509_REQ_fp,
+i2d_X509_REQ_bio, i2d_X509_REQ_fp - PKCS#10 certificate request functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509_REQ *d2i_X509_REQ(X509_REQ **a, unsigned char **pp, long length);
+ int i2d_X509_REQ(X509_REQ *a, unsigned char **pp);
+
+ X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **x);
+ X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **x);
+
+ int i2d_X509_REQ_bio(X509_REQ *x, BIO *bp);
+ int i2d_X509_REQ_fp(X509_REQ *x, FILE *fp);
+
+=head1 DESCRIPTION
+
+These functions decode and encode a PKCS#10 certificate request.
+
+Othewise these behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/doc/crypto/d2i_X509_SIG.pod b/doc/crypto/d2i_X509_SIG.pod
new file mode 100644
index 0000000000..e48fd79a51
--- /dev/null
+++ b/doc/crypto/d2i_X509_SIG.pod
@@ -0,0 +1,30 @@
+=pod
+
+=head1 NAME
+
+d2i_X509_SIG, i2d_X509_SIG - DigestInfo functions.
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509.h>
+
+ X509_SIG *d2i_X509_SIG(X509_SIG **a, unsigned char **pp, long length);
+ int i2d_X509_SIG(X509_SIG *a, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+These functions decode and encode an X509_SIG structure which is
+equivalent to the B<DigestInfo> structure defined in PKCS#1 and PKCS#7.
+
+Othewise these behave in a similar way to d2i_X509() and i2d_X509()
+described in the L<d2i_X509(3)|d2i_X509(3)> manual page.
+
+=head1 SEE ALSO
+
+L<d2i_X509(3)|d2i_X509(3)>
+
+=head1 HISTORY
+
+TBA
+
+=cut
diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod
new file mode 100644
index 0000000000..528c73acac
--- /dev/null
+++ b/doc/crypto/des.pod
@@ -0,0 +1,358 @@
+=pod
+
+=head1 NAME
+
+DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked,
+DES_set_key_unchecked, DES_set_odd_parity, DES_is_weak_key,
+DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt,
+DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt,
+DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt,
+DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt,
+DES_ede3_cbcm_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt,
+DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys,
+DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption
+
+=head1 SYNOPSIS
+
+ #include <openssl/des.h>
+
+ void DES_random_key(DES_cblock *ret);
+
+ int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
+ int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
+ int DES_set_key_checked(const_DES_cblock *key,
+        DES_key_schedule *schedule);
+ void DES_set_key_unchecked(const_DES_cblock *key,
+        DES_key_schedule *schedule);
+
+ void DES_set_odd_parity(DES_cblock *key);
+ int DES_is_weak_key(const_DES_cblock *key);
+
+ void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, 
+        DES_key_schedule *ks, int enc);
+ void DES_ecb2_encrypt(const_DES_cblock *input, DES_cblock *output, 
+        DES_key_schedule *ks1, DES_key_schedule *ks2, int enc);
+ void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, 
+        DES_key_schedule *ks1, DES_key_schedule *ks2, 
+        DES_key_schedule *ks3, int enc);
+
+ void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output, 
+        long length, DES_key_schedule *schedule, DES_cblock *ivec, 
+        int enc);
+ void DES_cfb_encrypt(const unsigned char *in, unsigned char *out,
+        int numbits, long length, DES_key_schedule *schedule,
+        DES_cblock *ivec, int enc);
+ void DES_ofb_encrypt(const unsigned char *in, unsigned char *out,
+        int numbits, long length, DES_key_schedule *schedule,
+        DES_cblock *ivec);
+ void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, 
+        long length, DES_key_schedule *schedule, DES_cblock *ivec, 
+        int enc);
+ void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+        long length, DES_key_schedule *schedule, DES_cblock *ivec,
+        int *num, int enc);
+ void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+        long length, DES_key_schedule *schedule, DES_cblock *ivec,
+        int *num);
+
+ void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output, 
+        long length, DES_key_schedule *schedule, DES_cblock *ivec, 
+        const_DES_cblock *inw, const_DES_cblock *outw, int enc);
+
+ void DES_ede2_cbc_encrypt(const unsigned char *input,
+        unsigned char *output, long length, DES_key_schedule *ks1,
+        DES_key_schedule *ks2, DES_cblock *ivec, int enc);
+ void DES_ede2_cfb64_encrypt(const unsigned char *in,
+        unsigned char *out, long length, DES_key_schedule *ks1,
+        DES_key_schedule *ks2, DES_cblock *ivec, int *num, int enc);
+ void DES_ede2_ofb64_encrypt(const unsigned char *in,
+        unsigned char *out, long length, DES_key_schedule *ks1,
+        DES_key_schedule *ks2, DES_cblock *ivec, int *num);
+
+ void DES_ede3_cbc_encrypt(const unsigned char *input,
+        unsigned char *output, long length, DES_key_schedule *ks1,
+        DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec,
+        int enc);
+ void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, 
+        long length, DES_key_schedule *ks1, DES_key_schedule *ks2, 
+        DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2, 
+        int enc);
+ void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, 
+        long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
+        DES_key_schedule *ks3, DES_cblock *ivec, int *num, int enc);
+ void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, 
+        long length, DES_key_schedule *ks1, 
+        DES_key_schedule *ks2, DES_key_schedule *ks3, 
+        DES_cblock *ivec, int *num);
+
+ DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output, 
+        long length, DES_key_schedule *schedule, 
+        const_DES_cblock *ivec);
+ DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], 
+        long length, int out_count, DES_cblock *seed);
+ void DES_string_to_key(const char *str, DES_cblock *key);
+ void DES_string_to_2keys(const char *str, DES_cblock *key1,
+        DES_cblock *key2);
+
+ char *DES_fcrypt(const char *buf, const char *salt, char *ret);
+ char *DES_crypt(const char *buf, const char *salt);
+
+ int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
+        DES_cblock *iv);
+ int DES_enc_write(int fd, const void *buf, int len,
+        DES_key_schedule *sched, DES_cblock *iv);
+
+=head1 DESCRIPTION
+
+This library contains a fast implementation of the DES encryption
+algorithm.
+
+There are two phases to the use of DES encryption.  The first is the
+generation of a I<DES_key_schedule> from a key, the second is the
+actual encryption.  A DES key is of type I<DES_cblock>. This type is
+consists of 8 bytes with odd parity.  The least significant bit in
+each byte is the parity bit.  The key schedule is an expanded form of
+the key; it is used to speed the encryption process.
+
+DES_random_key() generates a random key.  The PRNG must be seeded
+prior to using this function (see L<rand(3)|rand(3)>).  If the PRNG
+could not generate a secure key, 0 is returned.
+
+Before a DES key can be used, it must be converted into the
+architecture dependent I<DES_key_schedule> via the
+DES_set_key_checked() or DES_set_key_unchecked() function.
+
+DES_set_key_checked() will check that the key passed is of odd parity
+and is not a week or semi-weak key.  If the parity is wrong, then -1
+is returned.  If the key is a weak key, then -2 is returned.  If an
+error is returned, the key schedule is not generated.
+
+DES_set_key() works like
+DES_set_key_checked() if the I<DES_check_key> flag is non-zero,
+otherwise like DES_set_key_unchecked().  These functions are available
+for compatibility; it is recommended to use a function that does not
+depend on a global variable.
+
+DES_set_odd_parity() sets the parity of the passed I<key> to odd.
+
+DES_is_weak_key() returns 1 is the passed key is a weak key, 0 if it
+is ok.  The probability that a randomly generated key is weak is
+1/2^52, so it is not really worth checking for them.
+
+The following routines mostly operate on an input and output stream of
+I<DES_cblock>s.
+
+DES_ecb_encrypt() is the basic DES encryption routine that encrypts or
+decrypts a single 8-byte I<DES_cblock> in I<electronic code book>
+(ECB) mode.  It always transforms the input data, pointed to by
+I<input>, into the output data, pointed to by the I<output> argument.
+If the I<encrypt> argument is non-zero (DES_ENCRYPT), the I<input>
+(cleartext) is encrypted in to the I<output> (ciphertext) using the
+key_schedule specified by the I<schedule> argument, previously set via
+I<DES_set_key>. If I<encrypt> is zero (DES_DECRYPT), the I<input> (now
+ciphertext) is decrypted into the I<output> (now cleartext).  Input
+and output may overlap.  DES_ecb_encrypt() does not return a value.
+
+DES_ecb3_encrypt() encrypts/decrypts the I<input> block by using
+three-key Triple-DES encryption in ECB mode.  This involves encrypting
+the input with I<ks1>, decrypting with the key schedule I<ks2>, and
+then encrypting with I<ks3>.  This routine greatly reduces the chances
+of brute force breaking of DES and has the advantage of if I<ks1>,
+I<ks2> and I<ks3> are the same, it is equivalent to just encryption
+using ECB mode and I<ks1> as the key.
+
+The macro DES_ecb2_encrypt() is provided to perform two-key Triple-DES
+encryption by using I<ks1> for the final encryption.
+
+DES_ncbc_encrypt() encrypts/decrypts using the I<cipher-block-chaining>
+(CBC) mode of DES.  If the I<encrypt> argument is non-zero, the
+routine cipher-block-chain encrypts the cleartext data pointed to by
+the I<input> argument into the ciphertext pointed to by the I<output>
+argument, using the key schedule provided by the I<schedule> argument,
+and initialization vector provided by the I<ivec> argument.  If the
+I<length> argument is not an integral multiple of eight bytes, the
+last block is copied to a temporary area and zero filled.  The output
+is always an integral multiple of eight bytes.
+
+DES_xcbc_encrypt() is RSA's DESX mode of DES.  It uses I<inw> and
+I<outw> to 'whiten' the encryption.  I<inw> and I<outw> are secret
+(unlike the iv) and are as such, part of the key.  So the key is sort
+of 24 bytes.  This is much better than CBC DES.
+
+DES_ede3_cbc_encrypt() implements outer triple CBC DES encryption with
+three keys. This means that each DES operation inside the CBC mode is
+really an C<C=E(ks3,D(ks2,E(ks1,M)))>.  This mode is used by SSL.
+
+The DES_ede2_cbc_encrypt() macro implements two-key Triple-DES by
+reusing I<ks1> for the final encryption.  C<C=E(ks1,D(ks2,E(ks1,M)))>.
+This form of Triple-DES is used by the RSAREF library.
+
+DES_pcbc_encrypt() encrypt/decrypts using the propagating cipher block
+chaining mode used by Kerberos v4. Its parameters are the same as
+DES_ncbc_encrypt().
+
+DES_cfb_encrypt() encrypt/decrypts using cipher feedback mode.  This
+method takes an array of characters as input and outputs and array of
+characters.  It does not require any padding to 8 character groups.
+Note: the I<ivec> variable is changed and the new changed value needs to
+be passed to the next call to this function.  Since this function runs
+a complete DES ECB encryption per I<numbits>, this function is only
+suggested for use when sending small numbers of characters.
+
+DES_cfb64_encrypt()
+implements CFB mode of DES with 64bit feedback.  Why is this
+useful you ask?  Because this routine will allow you to encrypt an
+arbitrary number of bytes, no 8 byte padding.  Each call to this
+routine will encrypt the input bytes to output and then update ivec
+and num.  num contains 'how far' we are though ivec.  If this does
+not make much sense, read more about cfb mode of DES :-).
+
+DES_ede3_cfb64_encrypt() and DES_ede2_cfb64_encrypt() is the same as
+DES_cfb64_encrypt() except that Triple-DES is used.
+
+DES_ofb_encrypt() encrypts using output feedback mode.  This method
+takes an array of characters as input and outputs and array of
+characters.  It does not require any padding to 8 character groups.
+Note: the I<ivec> variable is changed and the new changed value needs to
+be passed to the next call to this function.  Since this function runs
+a complete DES ECB encryption per numbits, this function is only
+suggested for use when sending small numbers of characters.
+
+DES_ofb64_encrypt() is the same as DES_cfb64_encrypt() using Output
+Feed Back mode.
+
+DES_ede3_ofb64_encrypt() and DES_ede2_ofb64_encrypt() is the same as
+DES_ofb64_encrypt(), using Triple-DES.
+
+The following functions are included in the DES library for
+compatibility with the MIT Kerberos library.
+
+DES_cbc_cksum() produces an 8 byte checksum based on the input stream
+(via CBC encryption).  The last 4 bytes of the checksum are returned
+and the complete 8 bytes are placed in I<output>. This function is
+used by Kerberos v4.  Other applications should use
+L<EVP_DigestInit(3)|EVP_DigestInit(3)> etc. instead.
+
+DES_quad_cksum() is a Kerberos v4 function.  It returns a 4 byte
+checksum from the input bytes.  The algorithm can be iterated over the
+input, depending on I<out_count>, 1, 2, 3 or 4 times.  If I<output> is
+non-NULL, the 8 bytes generated by each pass are written into
+I<output>.
+
+The following are DES-based transformations:
+
+DES_fcrypt() is a fast version of the Unix crypt(3) function.  This
+version takes only a small amount of space relative to other fast
+crypt() implementations.  This is different to the normal crypt in
+that the third parameter is the buffer that the return value is
+written into.  It needs to be at least 14 bytes long.  This function
+is thread safe, unlike the normal crypt.
+
+DES_crypt() is a faster replacement for the normal system crypt().
+This function calls DES_fcrypt() with a static array passed as the
+third parameter.  This emulates the normal non-thread safe semantics
+of crypt(3).
+
+DES_enc_write() writes I<len> bytes to file descriptor I<fd> from
+buffer I<buf>. The data is encrypted via I<pcbc_encrypt> (default)
+using I<sched> for the key and I<iv> as a starting vector.  The actual
+data send down I<fd> consists of 4 bytes (in network byte order)
+containing the length of the following encrypted data.  The encrypted
+data then follows, padded with random data out to a multiple of 8
+bytes.
+
+DES_enc_read() is used to read I<len> bytes from file descriptor
+I<fd> into buffer I<buf>. The data being read from I<fd> is assumed to
+have come from DES_enc_write() and is decrypted using I<sched> for
+the key schedule and I<iv> for the initial vector.
+
+B<Warning:> The data format used by DES_enc_write() and DES_enc_read()
+has a cryptographic weakness: When asked to write more than MAXWRITE
+bytes, DES_enc_write() will split the data into several chunks that
+are all encrypted using the same IV.  So don't use these functions
+unless you are sure you know what you do (in which case you might not
+want to use them anyway).  They cannot handle non-blocking sockets.
+DES_enc_read() uses an internal state and thus cannot be used on
+multiple files.
+
+I<DES_rw_mode> is used to specify the encryption mode to use with
+DES_enc_read() and DES_end_write().  If set to I<DES_PCBC_MODE> (the
+default), DES_pcbc_encrypt is used.  If set to I<DES_CBC_MODE>
+DES_cbc_encrypt is used.
+
+=head1 NOTES
+
+Single-key DES is insecure due to its short key size.  ECB mode is
+not suitable for most applications; see L<DES_modes(7)|DES_modes(7)>.
+
+The L<evp(3)|evp(3)> library provides higher-level encryption functions.
+
+=head1 BUGS
+
+DES_3cbc_encrypt() is flawed and must not be used in applications.
+
+DES_cbc_encrypt() does not modify B<ivec>; use DES_ncbc_encrypt()
+instead.
+
+DES_cfb_encrypt() and DES_ofb_encrypt() operates on input of 8 bits.
+What this means is that if you set numbits to 12, and length to 2, the
+first 12 bits will come from the 1st input byte and the low half of
+the second input byte.  The second 12 bits will have the low 8 bits
+taken from the 3rd input byte and the top 4 bits taken from the 4th
+input byte.  The same holds for output.  This function has been
+implemented this way because most people will be using a multiple of 8
+and because once you get into pulling bytes input bytes apart things
+get ugly!
+
+DES_string_to_key() is available for backward compatibility with the
+MIT library.  New applications should use a cryptographic hash function.
+The same applies for DES_string_to_2key().
+
+=head1 CONFORMING TO
+
+ANSI X3.106
+
+The B<des> library was written to be source code compatible with
+the MIT Kerberos library.
+
+=head1 SEE ALSO
+
+crypt(3), L<des_modes(7)|des_modes(7)>, L<evp(3)|evp(3)>, L<rand(3)|rand(3)>
+
+=head1 HISTORY
+
+In OpenSSL 0.9.7, all des_ functions were renamed to DES_ to avoid
+clashes with older versions of libdes.  Compatibility des_ functions
+are provided for a short while, as well as crypt().
+Declarations for these are in <openssl/des_old.h>. There is no DES_
+variant for des_random_seed().
+This will happen to other functions
+as well if they are deemed redundant (des_random_seed() just calls
+RAND_seed() and is present for backward compatibility only), buggy or
+already scheduled for removal.
+
+des_cbc_cksum(), des_cbc_encrypt(), des_ecb_encrypt(),
+des_is_weak_key(), des_key_sched(), des_pcbc_encrypt(),
+des_quad_cksum(), des_random_key() and des_string_to_key()
+are available in the MIT Kerberos library;
+des_check_key_parity(), des_fixup_key_parity() and des_is_weak_key()
+are available in newer versions of that library.
+
+des_set_key_checked() and des_set_key_unchecked() were added in
+OpenSSL 0.9.5.
+
+des_generate_random_block(), des_init_random_number_generator(),
+des_new_random_key(), des_set_random_generator_seed() and
+des_set_sequence_number() and des_rand_data() are used in newer
+versions of Kerberos but are not implemented here.
+
+des_random_key() generated cryptographically weak random data in
+SSLeay and in OpenSSL prior version 0.9.5, as well as in the original
+MIT library.
+
+=head1 AUTHOR
+
+Eric Young (eay@cryptsoft.com). Modified for the OpenSSL project
+(http://www.openssl.org).
+
+=cut
diff --git a/doc/crypto/des_modes.pod b/doc/crypto/des_modes.pod
new file mode 100644
index 0000000000..da75e8007d
--- /dev/null
+++ b/doc/crypto/des_modes.pod
@@ -0,0 +1,253 @@
+=pod
+
+=head1 NAME
+
+Modes of DES - the variants of DES and other crypto algorithms of OpenSSL
+
+=head1 DESCRIPTION
+
+Several crypto algorithms for OpenSSL can be used in a number of modes.  Those
+are used for using block ciphers in a way similar to stream ciphers, among
+other things.
+
+=head1 OVERVIEW
+
+=head2 Electronic Codebook Mode (ECB)
+
+Normally, this is found as the function I<algorithm>_ecb_encrypt().
+
+=over 2
+
+=item *
+
+64 bits are enciphered at a time.
+
+=item *
+
+The order of the blocks can be rearranged without detection.
+
+=item *
+
+The same plaintext block always produces the same ciphertext block
+(for the same key) making it vulnerable to a 'dictionary attack'.
+
+=item *
+
+An error will only affect one ciphertext block.
+
+=back
+
+=head2 Cipher Block Chaining Mode (CBC)
+
+Normally, this is found as the function I<algorithm>_cbc_encrypt().
+Be aware that des_cbc_encrypt() is not really DES CBC (it does
+not update the IV); use des_ncbc_encrypt() instead.
+
+=over 2
+
+=item *
+
+a multiple of 64 bits are enciphered at a time.
+
+=item *
+
+The CBC mode produces the same ciphertext whenever the same
+plaintext is encrypted using the same key and starting variable.
+
+=item *
+
+The chaining operation makes the ciphertext blocks dependent on the
+current and all preceding plaintext blocks and therefore blocks can not
+be rearranged.
+
+=item *
+
+The use of different starting variables prevents the same plaintext
+enciphering to the same ciphertext.
+
+=item *
+
+An error will affect the current and the following ciphertext blocks.
+
+=back
+
+=head2 Cipher Feedback Mode (CFB)
+
+Normally, this is found as the function I<algorithm>_cfb_encrypt().
+
+=over 2
+
+=item *
+
+a number of bits (j) <= 64 are enciphered at a time.
+
+=item *
+
+The CFB mode produces the same ciphertext whenever the same
+plaintext is encrypted using the same key and starting variable.
+
+=item *
+
+The chaining operation makes the ciphertext variables dependent on the
+current and all preceding variables and therefore j-bit variables are
+chained together and can not be rearranged.
+
+=item *
+
+The use of different starting variables prevents the same plaintext
+enciphering to the same ciphertext.
+
+=item *
+
+The strength of the CFB mode depends on the size of k (maximal if
+j == k).  In my implementation this is always the case.
+
+=item *
+
+Selection of a small value for j will require more cycles through
+the encipherment algorithm per unit of plaintext and thus cause
+greater processing overheads.
+
+=item *
+
+Only multiples of j bits can be enciphered.
+
+=item *
+
+An error will affect the current and the following ciphertext variables.
+
+=back
+
+=head2 Output Feedback Mode (OFB)
+
+Normally, this is found as the function I<algorithm>_ofb_encrypt().
+
+=over 2
+
+
+=item *
+
+a number of bits (j) <= 64 are enciphered at a time.
+
+=item *
+
+The OFB mode produces the same ciphertext whenever the same
+plaintext enciphered using the same key and starting variable.  More
+over, in the OFB mode the same key stream is produced when the same
+key and start variable are used.  Consequently, for security reasons
+a specific start variable should be used only once for a given key.
+
+=item *
+
+The absence of chaining makes the OFB more vulnerable to specific attacks.
+
+=item *
+
+The use of different start variables values prevents the same
+plaintext enciphering to the same ciphertext, by producing different
+key streams.
+
+=item *
+
+Selection of a small value for j will require more cycles through
+the encipherment algorithm per unit of plaintext and thus cause
+greater processing overheads.
+
+=item *
+
+Only multiples of j bits can be enciphered.
+
+=item *
+
+OFB mode of operation does not extend ciphertext errors in the
+resultant plaintext output.  Every bit error in the ciphertext causes
+only one bit to be in error in the deciphered plaintext.
+
+=item *
+
+OFB mode is not self-synchronizing.  If the two operation of
+encipherment and decipherment get out of synchronism, the system needs
+to be re-initialized.
+
+=item *
+
+Each re-initialization should use a value of the start variable
+different from the start variable values used before with the same
+key.  The reason for this is that an identical bit stream would be
+produced each time from the same parameters.  This would be
+susceptible to a 'known plaintext' attack.
+
+=back
+
+=head2 Triple ECB Mode
+
+Normally, this is found as the function I<algorithm>_ecb3_encrypt().
+
+=over 2
+
+=item *
+
+Encrypt with key1, decrypt with key2 and encrypt with key3 again.
+
+=item *
+
+As for ECB encryption but increases the key length to 168 bits.
+There are theoretic attacks that can be used that make the effective
+key length 112 bits, but this attack also requires 2^56 blocks of
+memory, not very likely, even for the NSA.
+
+=item *
+
+If both keys are the same it is equivalent to encrypting once with
+just one key.
+
+=item *
+
+If the first and last key are the same, the key length is 112 bits.
+There are attacks that could reduce the effective key strength
+to only slightly more than 56 bits, but these require a lot of memory.
+
+=item *
+
+If all 3 keys are the same, this is effectively the same as normal
+ecb mode.
+
+=back
+
+=head2 Triple CBC Mode
+
+Normally, this is found as the function I<algorithm>_ede3_cbc_encrypt().
+
+=over 2
+
+
+=item *
+
+Encrypt with key1, decrypt with key2 and then encrypt with key3.
+
+=item *
+
+As for CBC encryption but increases the key length to 168 bits with
+the same restrictions as for triple ecb mode.
+
+=back
+
+=head1 NOTES
+
+This text was been written in large parts by Eric Young in his original
+documentation for SSLeay, the predecessor of OpenSSL.  In turn, he attributed
+it to:
+
+	AS 2805.5.2
+	Australian Standard
+	Electronic funds transfer - Requirements for interfaces,
+	Part 5.2: Modes of operation for an n-bit block cipher algorithm
+	Appendix A
+
+=head1 SEE ALSO
+
+L<blowfish(3)|blowfish(3)>, L<des(3)|des(3)>, L<idea(3)|idea(3)>,
+L<rc2(3)|rc2(3)>
+
+=cut
+
diff --git a/doc/crypto/dh.pod b/doc/crypto/dh.pod
new file mode 100644
index 0000000000..c3ccd06207
--- /dev/null
+++ b/doc/crypto/dh.pod
@@ -0,0 +1,78 @@
+=pod
+
+=head1 NAME
+
+dh - Diffie-Hellman key agreement
+
+=head1 SYNOPSIS
+
+ #include <openssl/dh.h>
+ #include <openssl/engine.h>
+
+ DH *	DH_new(void);
+ void	DH_free(DH *dh);
+
+ int	DH_size(const DH *dh);
+
+ DH *	DH_generate_parameters(int prime_len, int generator,
+		void (*callback)(int, int, void *), void *cb_arg);
+ int	DH_check(const DH *dh, int *codes);
+
+ int	DH_generate_key(DH *dh);
+ int	DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh);
+
+ void DH_set_default_method(const DH_METHOD *meth);
+ const DH_METHOD *DH_get_default_method(void);
+ int DH_set_method(DH *dh, const DH_METHOD *meth);
+ DH *DH_new_method(ENGINE *engine);
+ const DH_METHOD *DH_OpenSSL(void);
+
+ int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+	     int (*dup_func)(), void (*free_func)());
+ int DH_set_ex_data(DH *d, int idx, char *arg);
+ char *DH_get_ex_data(DH *d, int idx);
+
+ DH *	d2i_DHparams(DH **a, unsigned char **pp, long length);
+ int	i2d_DHparams(const DH *a, unsigned char **pp);
+
+ int	DHparams_print_fp(FILE *fp, const DH *x);
+ int	DHparams_print(BIO *bp, const DH *x);
+
+=head1 DESCRIPTION
+
+These functions implement the Diffie-Hellman key agreement protocol.
+The generation of shared DH parameters is described in
+L<DH_generate_parameters(3)|DH_generate_parameters(3)>; L<DH_generate_key(3)|DH_generate_key(3)> describes how
+to perform a key agreement.
+
+The B<DH> structure consists of several BIGNUM components.
+
+ struct
+        {
+        BIGNUM *p;		// prime number (shared)
+        BIGNUM *g;		// generator of Z_p (shared)
+        BIGNUM *priv_key;	// private DH value x
+        BIGNUM *pub_key;	// public DH value g^x
+        // ...
+        };
+ DH
+
+Note that DH keys may use non-standard B<DH_METHOD> implementations,
+either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+ENGINE providing support for hardware-embedded keys), these BIGNUM values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using DH
+structure elements directly and instead use API functions to query or
+modify keys.
+
+=head1 SEE ALSO
+
+L<dhparam(1)|dhparam(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
+L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<engine(3)|engine(3)>,
+L<DH_set_method(3)|DH_set_method(3)>, L<DH_new(3)|DH_new(3)>,
+L<DH_get_ex_new_index(3)|DH_get_ex_new_index(3)>,
+L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
+L<DH_compute_key(3)|DH_compute_key(3)>, L<d2i_DHparams(3)|d2i_DHparams(3)>,
+L<RSA_print(3)|RSA_print(3)> 
+
+=cut
diff --git a/doc/crypto/dsa.pod b/doc/crypto/dsa.pod
new file mode 100644
index 0000000000..da07d2b930
--- /dev/null
+++ b/doc/crypto/dsa.pod
@@ -0,0 +1,114 @@
+=pod
+
+=head1 NAME
+
+dsa - Digital Signature Algorithm
+
+=head1 SYNOPSIS
+
+ #include <openssl/dsa.h>
+ #include <openssl/engine.h>
+
+ DSA *	DSA_new(void);
+ void	DSA_free(DSA *dsa);
+
+ int	DSA_size(const DSA *dsa);
+
+ DSA *	DSA_generate_parameters(int bits, unsigned char *seed,
+                int seed_len, int *counter_ret, unsigned long *h_ret,
+		void (*callback)(int, int, void *), void *cb_arg);
+
+ DH *	DSA_dup_DH(const DSA *r);
+
+ int	DSA_generate_key(DSA *dsa);
+
+ int	DSA_sign(int dummy, const unsigned char *dgst, int len,
+		unsigned char *sigret, unsigned int *siglen, DSA *dsa);
+ int	DSA_sign_setup(DSA *dsa, BN_CTX *ctx, BIGNUM **kinvp,
+                BIGNUM **rp);
+ int	DSA_verify(int dummy, const unsigned char *dgst, int len,
+		const unsigned char *sigbuf, int siglen, DSA *dsa);
+
+ void DSA_set_default_method(const DSA_METHOD *meth);
+ const DSA_METHOD *DSA_get_default_method(void);
+ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth);
+ DSA *DSA_new_method(ENGINE *engine);
+ const DSA_METHOD *DSA_OpenSSL(void);
+
+ int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+	     int (*dup_func)(), void (*free_func)());
+ int DSA_set_ex_data(DSA *d, int idx, char *arg);
+ char *DSA_get_ex_data(DSA *d, int idx);
+
+ DSA_SIG *DSA_SIG_new(void);
+ void	DSA_SIG_free(DSA_SIG *a);
+ int	i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
+ DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, unsigned char **pp, long length);
+
+ DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+ int	DSA_do_verify(const unsigned char *dgst, int dgst_len,
+	     DSA_SIG *sig, DSA *dsa);
+
+ DSA *	d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
+ DSA *	d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
+ DSA * 	d2i_DSAparams(DSA **a, unsigned char **pp, long length);
+ int	i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+ int 	i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+ int	i2d_DSAparams(const DSA *a,unsigned char **pp);
+
+ int	DSAparams_print(BIO *bp, const DSA *x);
+ int	DSAparams_print_fp(FILE *fp, const DSA *x);
+ int	DSA_print(BIO *bp, const DSA *x, int off);
+ int	DSA_print_fp(FILE *bp, const DSA *x, int off);
+
+=head1 DESCRIPTION
+
+These functions implement the Digital Signature Algorithm (DSA).  The
+generation of shared DSA parameters is described in
+L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>;
+L<DSA_generate_key(3)|DSA_generate_key(3)> describes how to
+generate a signature key. Signature generation and verification are
+described in L<DSA_sign(3)|DSA_sign(3)>.
+
+The B<DSA> structure consists of several BIGNUM components.
+
+ struct
+        {
+        BIGNUM *p;		// prime number (public)
+        BIGNUM *q;		// 160-bit subprime, q | p-1 (public)
+        BIGNUM *g;		// generator of subgroup (public)
+        BIGNUM *priv_key;	// private key x
+        BIGNUM *pub_key;	// public key y = g^x
+        // ...
+        }
+ DSA;
+
+In public keys, B<priv_key> is NULL.
+
+Note that DSA keys may use non-standard B<DSA_METHOD> implementations,
+either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+ENGINE providing support for hardware-embedded keys), these BIGNUM values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using DSA
+structure elements directly and instead use API functions to query or
+modify keys.
+
+=head1 CONFORMING TO
+
+US Federal Information Processing Standard FIPS 186 (Digital Signature
+Standard, DSS), ANSI X9.30
+
+=head1 SEE ALSO
+
+L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<engine(3)|engine(3)>,
+L<DSA_new(3)|DSA_new(3)>,
+L<DSA_size(3)|DSA_size(3)>,
+L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
+L<DSA_dup_DH(3)|DSA_dup_DH(3)>,
+L<DSA_generate_key(3)|DSA_generate_key(3)>,
+L<DSA_sign(3)|DSA_sign(3)>, L<DSA_set_method(3)|DSA_set_method(3)>,
+L<DSA_get_ex_new_index(3)|DSA_get_ex_new_index(3)>,
+L<RSA_print(3)|RSA_print(3)>
+
+=cut
diff --git a/doc/crypto/engine.pod b/doc/crypto/engine.pod
new file mode 100644
index 0000000000..61e0264bb7
--- /dev/null
+++ b/doc/crypto/engine.pod
@@ -0,0 +1,621 @@
+=pod
+
+=head1 NAME
+
+engine - ENGINE cryptographic module support
+
+=head1 SYNOPSIS
+
+ #include <openssl/engine.h>
+
+ ENGINE *ENGINE_get_first(void);
+ ENGINE *ENGINE_get_last(void);
+ ENGINE *ENGINE_get_next(ENGINE *e);
+ ENGINE *ENGINE_get_prev(ENGINE *e);
+
+ int ENGINE_add(ENGINE *e);
+ int ENGINE_remove(ENGINE *e);
+
+ ENGINE *ENGINE_by_id(const char *id);
+
+ int ENGINE_init(ENGINE *e);
+ int ENGINE_finish(ENGINE *e);
+
+ void ENGINE_load_openssl(void);
+ void ENGINE_load_dynamic(void);
+ void ENGINE_load_cswift(void);
+ void ENGINE_load_chil(void);
+ void ENGINE_load_atalla(void);
+ void ENGINE_load_nuron(void);
+ void ENGINE_load_ubsec(void);
+ void ENGINE_load_aep(void);
+ void ENGINE_load_sureware(void);
+ void ENGINE_load_4758cca(void);
+ void ENGINE_load_openbsd_dev_crypto(void);
+ void ENGINE_load_builtin_engines(void);
+
+ void ENGINE_cleanup(void);
+
+ ENGINE *ENGINE_get_default_RSA(void);
+ ENGINE *ENGINE_get_default_DSA(void);
+ ENGINE *ENGINE_get_default_DH(void);
+ ENGINE *ENGINE_get_default_RAND(void);
+ ENGINE *ENGINE_get_cipher_engine(int nid);
+ ENGINE *ENGINE_get_digest_engine(int nid);
+
+ int ENGINE_set_default_RSA(ENGINE *e);
+ int ENGINE_set_default_DSA(ENGINE *e);
+ int ENGINE_set_default_DH(ENGINE *e);
+ int ENGINE_set_default_RAND(ENGINE *e);
+ int ENGINE_set_default_ciphers(ENGINE *e);
+ int ENGINE_set_default_digests(ENGINE *e);
+ int ENGINE_set_default_string(ENGINE *e, const char *list);
+
+ int ENGINE_set_default(ENGINE *e, unsigned int flags);
+
+ unsigned int ENGINE_get_table_flags(void);
+ void ENGINE_set_table_flags(unsigned int flags);
+
+ int ENGINE_register_RSA(ENGINE *e);
+ void ENGINE_unregister_RSA(ENGINE *e);
+ void ENGINE_register_all_RSA(void);
+ int ENGINE_register_DSA(ENGINE *e);
+ void ENGINE_unregister_DSA(ENGINE *e);
+ void ENGINE_register_all_DSA(void);
+ int ENGINE_register_DH(ENGINE *e);
+ void ENGINE_unregister_DH(ENGINE *e);
+ void ENGINE_register_all_DH(void);
+ int ENGINE_register_RAND(ENGINE *e);
+ void ENGINE_unregister_RAND(ENGINE *e);
+ void ENGINE_register_all_RAND(void);
+ int ENGINE_register_ciphers(ENGINE *e);
+ void ENGINE_unregister_ciphers(ENGINE *e);
+ void ENGINE_register_all_ciphers(void);
+ int ENGINE_register_digests(ENGINE *e);
+ void ENGINE_unregister_digests(ENGINE *e);
+ void ENGINE_register_all_digests(void);
+ int ENGINE_register_complete(ENGINE *e);
+ int ENGINE_register_all_complete(void);
+
+ int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+ int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
+ int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+         long i, void *p, void (*f)(), int cmd_optional);
+ int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+                 int cmd_optional);
+
+ int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
+ void *ENGINE_get_ex_data(const ENGINE *e, int idx);
+
+ int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+
+ ENGINE *ENGINE_new(void);
+ int ENGINE_free(ENGINE *e);
+
+ int ENGINE_set_id(ENGINE *e, const char *id);
+ int ENGINE_set_name(ENGINE *e, const char *name);
+ int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+ int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+ int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
+ int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
+ int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
+ int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+ int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+ int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
+ int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f);
+ int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+ int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
+ int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+ int ENGINE_set_flags(ENGINE *e, int flags);
+ int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
+
+ const char *ENGINE_get_id(const ENGINE *e);
+ const char *ENGINE_get_name(const ENGINE *e);
+ const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
+ const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
+ const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
+ const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
+ ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
+ ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
+ ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
+ ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+ ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
+ ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+ const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
+ const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+ int ENGINE_get_flags(const ENGINE *e);
+ const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
+
+ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+     UI_METHOD *ui_method, void *callback_data);
+ EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+     UI_METHOD *ui_method, void *callback_data);
+
+ void ENGINE_add_conf_module(void);
+
+=head1 DESCRIPTION
+
+These functions create, manipulate, and use cryptographic modules in the
+form of B<ENGINE> objects. These objects act as containers for
+implementations of cryptographic algorithms, and support a
+reference-counted mechanism to allow them to be dynamically loaded in and
+out of the running application.
+
+The cryptographic functionality that can be provided by an B<ENGINE>
+implementation includes the following abstractions;
+
+ RSA_METHOD - for providing alternative RSA implementations
+ DSA_METHOD, DH_METHOD, RAND_METHOD - alternative DSA, DH, and RAND
+ EVP_CIPHER - potentially multiple cipher algorithms (indexed by 'nid')
+ EVP_DIGEST - potentially multiple hash algorithms (indexed by 'nid')
+ key-loading - loading public and/or private EVP_PKEY keys
+
+=head2 Reference counting and handles
+
+Due to the modular nature of the ENGINE API, pointers to ENGINEs need to be
+treated as handles - ie. not only as pointers, but also as references to
+the underlying ENGINE object. Ie. you should obtain a new reference when
+making copies of an ENGINE pointer if the copies will be used (and
+released) independantly.
+
+ENGINE objects have two levels of reference-counting to match the way in
+which the objects are used. At the most basic level, each ENGINE pointer is
+inherently a B<structural> reference - you need a structural reference
+simply to refer to the pointer value at all, as this kind of reference is
+your guarantee that the structure can not be deallocated until you release
+your reference.
+
+However, a structural reference provides no guarantee that the ENGINE has
+been initiliased to be usable to perform any of its cryptographic
+implementations - and indeed it's quite possible that most ENGINEs will not
+initialised at all on standard setups, as ENGINEs are typically used to
+support specialised hardware. To use an ENGINE's functionality, you need a
+B<functional> reference. This kind of reference can be considered a
+specialised form of structural reference, because each functional reference
+implicitly contains a structural reference as well - however to avoid
+difficult-to-find programming bugs, it is recommended to treat the two
+kinds of reference independantly. If you have a functional reference to an
+ENGINE, you have a guarantee that the ENGINE has been initialised ready to
+perform cryptographic operations and will not be uninitialised or cleaned
+up until after you have released your reference.
+
+We will discuss the two kinds of reference separately, including how to
+tell which one you are dealing with at any given point in time (after all
+they are both simply (ENGINE *) pointers, the difference is in the way they
+are used).
+
+=head3 Structural references
+
+This basic type of reference is typically used for creating new ENGINEs
+dynamically, iterating across OpenSSL's internal linked-list of loaded
+ENGINEs, reading information about an ENGINE, etc. Essentially a structural
+reference is sufficient if you only need to query or manipulate the data of
+an ENGINE implementation rather than use its functionality.
+
+The ENGINE_new() function returns a structural reference to a new (empty)
+ENGINE object. Other than that, structural references come from return
+values to various ENGINE API functions such as; ENGINE_by_id(),
+ENGINE_get_first(), ENGINE_get_last(), ENGINE_get_next(),
+ENGINE_get_prev(). All structural references should be released by a
+corresponding to call to the ENGINE_free() function - the ENGINE object
+itself will only actually be cleaned up and deallocated when the last
+structural reference is released.
+
+It should also be noted that many ENGINE API function calls that accept a
+structural reference will internally obtain another reference - typically
+this happens whenever the supplied ENGINE will be needed by OpenSSL after
+the function has returned. Eg. the function to add a new ENGINE to
+OpenSSL's internal list is ENGINE_add() - if this function returns success,
+then OpenSSL will have stored a new structural reference internally so the
+caller is still responsible for freeing their own reference with
+ENGINE_free() when they are finished with it. In a similar way, some
+functions will automatically release the structural reference passed to it
+if part of the function's job is to do so. Eg. the ENGINE_get_next() and
+ENGINE_get_prev() functions are used for iterating across the internal
+ENGINE list - they will return a new structural reference to the next (or
+previous) ENGINE in the list or NULL if at the end (or beginning) of the
+list, but in either case the structural reference passed to the function is
+released on behalf of the caller.
+
+To clarify a particular function's handling of references, one should
+always consult that function's documentation "man" page, or failing that
+the openssl/engine.h header file includes some hints.
+
+=head3 Functional references
+
+As mentioned, functional references exist when the cryptographic
+functionality of an ENGINE is required to be available. A functional
+reference can be obtained in one of two ways; from an existing structural
+reference to the required ENGINE, or by asking OpenSSL for the default
+operational ENGINE for a given cryptographic purpose.
+
+To obtain a functional reference from an existing structural reference,
+call the ENGINE_init() function. This returns zero if the ENGINE was not
+already operational and couldn't be successfully initialised (eg. lack of
+system drivers, no special hardware attached, etc), otherwise it will
+return non-zero to indicate that the ENGINE is now operational and will
+have allocated a new B<functional> reference to the ENGINE. In this case,
+the supplied ENGINE pointer is, from the point of the view of the caller,
+both a structural reference and a functional reference - so if the caller
+intends to use it as a functional reference it should free the structural
+reference with ENGINE_free() first. If the caller wishes to use it only as
+a structural reference (eg. if the ENGINE_init() call was simply to test if
+the ENGINE seems available/online), then it should free the functional
+reference; all functional references are released by the ENGINE_finish()
+function.
+
+The second way to get a functional reference is by asking OpenSSL for a
+default implementation for a given task, eg. by ENGINE_get_default_RSA(),
+ENGINE_get_default_cipher_engine(), etc. These are discussed in the next
+section, though they are not usually required by application programmers as
+they are used automatically when creating and using the relevant
+algorithm-specific types in OpenSSL, such as RSA, DSA, EVP_CIPHER_CTX, etc.
+
+=head2 Default implementations
+
+For each supported abstraction, the ENGINE code maintains an internal table
+of state to control which implementations are available for a given
+abstraction and which should be used by default. These implementations are
+registered in the tables separated-out by an 'nid' index, because
+abstractions like EVP_CIPHER and EVP_DIGEST support many distinct
+algorithms and modes - ENGINEs will support different numbers and
+combinations of these. In the case of other abstractions like RSA, DSA,
+etc, there is only one "algorithm" so all implementations implicitly
+register using the same 'nid' index. ENGINEs can be B<registered> into
+these tables to make themselves available for use automatically by the
+various abstractions, eg. RSA. For illustrative purposes, we continue with
+the RSA example, though all comments apply similarly to the other
+abstractions (they each get their own table and linkage to the
+corresponding section of openssl code).
+
+When a new RSA key is being created, ie. in RSA_new_method(), a
+"get_default" call will be made to the ENGINE subsystem to process the RSA
+state table and return a functional reference to an initialised ENGINE
+whose RSA_METHOD should be used. If no ENGINE should (or can) be used, it
+will return NULL and the RSA key will operate with a NULL ENGINE handle by
+using the conventional RSA implementation in OpenSSL (and will from then on
+behave the way it used to before the ENGINE API existed - for details see
+L<RSA_new_method(3)|RSA_new_method(3)>).
+
+Each state table has a flag to note whether it has processed this
+"get_default" query since the table was last modified, because to process
+this question it must iterate across all the registered ENGINEs in the
+table trying to initialise each of them in turn, in case one of them is
+operational. If it returns a functional reference to an ENGINE, it will
+also cache another reference to speed up processing future queries (without
+needing to iterate across the table). Likewise, it will cache a NULL
+response if no ENGINE was available so that future queries won't repeat the
+same iteration unless the state table changes. This behaviour can also be
+changed; if the ENGINE_TABLE_FLAG_NOINIT flag is set (using
+ENGINE_set_table_flags()), no attempted initialisations will take place,
+instead the only way for the state table to return a non-NULL ENGINE to the
+"get_default" query will be if one is expressly set in the table. Eg.
+ENGINE_set_default_RSA() does the same job as ENGINE_register_RSA() except
+that it also sets the state table's cached response for the "get_default"
+query.
+
+In the case of abstractions like EVP_CIPHER, where implementations are
+indexed by 'nid', these flags and cached-responses are distinct for each
+'nid' value.
+
+It is worth illustrating the difference between "registration" of ENGINEs
+into these per-algorithm state tables and using the alternative
+"set_default" functions. The latter handles both "registration" and also
+setting the cached "default" ENGINE in each relevant state table - so
+registered ENGINEs will only have a chance to be initialised for use as a
+default if a default ENGINE wasn't already set for the same state table.
+Eg. if ENGINE X supports cipher nids {A,B} and RSA, ENGINE Y supports
+ciphers {A} and DSA, and the following code is executed;
+
+ ENGINE_register_complete(X);
+ ENGINE_set_default(Y, ENGINE_METHOD_ALL);
+ e1 = ENGINE_get_default_RSA();
+ e2 = ENGINE_get_cipher_engine(A);
+ e3 = ENGINE_get_cipher_engine(B);
+ e4 = ENGINE_get_default_DSA();
+ e5 = ENGINE_get_cipher_engine(C);
+
+The results would be as follows;
+
+ assert(e1 == X);
+ assert(e2 == Y);
+ assert(e3 == X);
+ assert(e4 == Y);
+ assert(e5 == NULL);
+
+=head2 Application requirements
+
+This section will explain the basic things an application programmer should
+support to make the most useful elements of the ENGINE functionality
+available to the user. The first thing to consider is whether the
+programmer wishes to make alternative ENGINE modules available to the
+application and user. OpenSSL maintains an internal linked list of
+"visible" ENGINEs from which it has to operate - at start-up, this list is
+empty and in fact if an application does not call any ENGINE API calls and
+it uses static linking against openssl, then the resulting application
+binary will not contain any alternative ENGINE code at all. So the first
+consideration is whether any/all available ENGINE implementations should be
+made visible to OpenSSL - this is controlled by calling the various "load"
+functions, eg.
+
+ /* Make the "dynamic" ENGINE available */
+ void ENGINE_load_dynamic(void);
+ /* Make the CryptoSwift hardware acceleration support available */
+ void ENGINE_load_cswift(void);
+ /* Make support for nCipher's "CHIL" hardware available */
+ void ENGINE_load_chil(void);
+ ...
+ /* Make ALL ENGINE implementations bundled with OpenSSL available */
+ void ENGINE_load_builtin_engines(void);
+
+Having called any of these functions, ENGINE objects would have been
+dynamically allocated and populated with these implementations and linked
+into OpenSSL's internal linked list. At this point it is important to
+mention an important API function;
+
+ void ENGINE_cleanup(void);
+
+If no ENGINE API functions are called at all in an application, then there
+are no inherent memory leaks to worry about from the ENGINE functionality,
+however if any ENGINEs are "load"ed, even if they are never registered or
+used, it is necessary to use the ENGINE_cleanup() function to
+correspondingly cleanup before program exit, if the caller wishes to avoid
+memory leaks. This mechanism uses an internal callback registration table
+so that any ENGINE API functionality that knows it requires cleanup can
+register its cleanup details to be called during ENGINE_cleanup(). This
+approach allows ENGINE_cleanup() to clean up after any ENGINE functionality
+at all that your program uses, yet doesn't automatically create linker
+dependencies to all possible ENGINE functionality - only the cleanup
+callbacks required by the functionality you do use will be required by the
+linker.
+
+The fact that ENGINEs are made visible to OpenSSL (and thus are linked into
+the program and loaded into memory at run-time) does not mean they are
+"registered" or called into use by OpenSSL automatically - that behaviour
+is something for the application to have control over. Some applications
+will want to allow the user to specify exactly which ENGINE they want used
+if any is to be used at all. Others may prefer to load all support and have
+OpenSSL automatically use at run-time any ENGINE that is able to
+successfully initialise - ie. to assume that this corresponds to
+acceleration hardware attached to the machine or some such thing. There are
+probably numerous other ways in which applications may prefer to handle
+things, so we will simply illustrate the consequences as they apply to a
+couple of simple cases and leave developers to consider these and the
+source code to openssl's builtin utilities as guides.
+
+=head3 Using a specific ENGINE implementation
+
+Here we'll assume an application has been configured by its user or admin
+to want to use the "ACME" ENGINE if it is available in the version of
+OpenSSL the application was compiled with. If it is available, it should be
+used by default for all RSA, DSA, and symmetric cipher operation, otherwise
+OpenSSL should use its builtin software as per usual. The following code
+illustrates how to approach this;
+
+ ENGINE *e;
+ const char *engine_id = "ACME";
+ ENGINE_load_builtin_engines();
+ e = ENGINE_by_id(engine_id);
+ if(!e)
+     /* the engine isn't available */
+     return;
+ if(!ENGINE_init(e)) {
+     /* the engine couldn't initialise, release 'e' */
+     ENGINE_free(e);
+     return;
+ }
+ if(!ENGINE_set_default_RSA(e))
+     /* This should only happen when 'e' can't initialise, but the previous
+      * statement suggests it did. */
+     abort();
+ ENGINE_set_default_DSA(e);
+ ENGINE_set_default_ciphers(e);
+ /* Release the functional reference from ENGINE_init() */
+ ENGINE_finish(e);
+ /* Release the structural reference from ENGINE_by_id() */
+ ENGINE_free(e);
+
+=head3 Automatically using builtin ENGINE implementations
+
+Here we'll assume we want to load and register all ENGINE implementations
+bundled with OpenSSL, such that for any cryptographic algorithm required by
+OpenSSL - if there is an ENGINE that implements it and can be initialise,
+it should be used. The following code illustrates how this can work;
+
+ /* Load all bundled ENGINEs into memory and make them visible */
+ ENGINE_load_builtin_engines();
+ /* Register all of them for every algorithm they collectively implement */
+ ENGINE_register_all_complete();
+
+That's all that's required. Eg. the next time OpenSSL tries to set up an
+RSA key, any bundled ENGINEs that implement RSA_METHOD will be passed to
+ENGINE_init() and if any of those succeed, that ENGINE will be set as the
+default for use with RSA from then on.
+
+=head2 Advanced configuration support
+
+There is a mechanism supported by the ENGINE framework that allows each
+ENGINE implementation to define an arbitrary set of configuration
+"commands" and expose them to OpenSSL and any applications based on
+OpenSSL. This mechanism is entirely based on the use of name-value pairs
+and and assumes ASCII input (no unicode or UTF for now!), so it is ideal if
+applications want to provide a transparent way for users to provide
+arbitrary configuration "directives" directly to such ENGINEs. It is also
+possible for the application to dynamically interrogate the loaded ENGINE
+implementations for the names, descriptions, and input flags of their
+available "control commands", providing a more flexible configuration
+scheme. However, if the user is expected to know which ENGINE device he/she
+is using (in the case of specialised hardware, this goes without saying)
+then applications may not need to concern themselves with discovering the
+supported control commands and simply prefer to allow settings to passed
+into ENGINEs exactly as they are provided by the user.
+
+Before illustrating how control commands work, it is worth mentioning what
+they are typically used for. Broadly speaking there are two uses for
+control commands; the first is to provide the necessary details to the
+implementation (which may know nothing at all specific to the host system)
+so that it can be initialised for use. This could include the path to any
+driver or config files it needs to load, required network addresses,
+smart-card identifiers, passwords to initialise password-protected devices,
+logging information, etc etc. This class of commands typically needs to be
+passed to an ENGINE B<before> attempting to initialise it, ie. before
+calling ENGINE_init(). The other class of commands consist of settings or
+operations that tweak certain behaviour or cause certain operations to take
+place, and these commands may work either before or after ENGINE_init(), or
+in same cases both. ENGINE implementations should provide indications of
+this in the descriptions attached to builtin control commands and/or in
+external product documentation.
+
+=head3 Issuing control commands to an ENGINE
+
+Let's illustrate by example; a function for which the caller supplies the
+name of the ENGINE it wishes to use, a table of string-pairs for use before
+initialisation, and another table for use after initialisation. Note that
+the string-pairs used for control commands consist of a command "name"
+followed by the command "parameter" - the parameter could be NULL in some
+cases but the name can not. This function should initialise the ENGINE
+(issuing the "pre" commands beforehand and the "post" commands afterwards)
+and set it as the default for everything except RAND and then return a
+boolean success or failure.
+
+ int generic_load_engine_fn(const char *engine_id,
+                            const char **pre_cmds, int pre_num,
+                            const char **post_cmds, int post_num)
+ {
+     ENGINE *e = ENGINE_by_id(engine_id);
+     if(!e) return 0;
+     while(pre_num--) {
+         if(!ENGINE_ctrl_cmd_string(e, pre_cmds[0], pre_cmds[1], 0)) {
+             fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
+                 pre_cmds[0], pre_cmds[1] ? pre_cmds[1] : "(NULL)");
+             ENGINE_free(e);
+             return 0;
+         }
+	 pre_cmds += 2;
+     }
+     if(!ENGINE_init(e)) {
+         fprintf(stderr, "Failed initialisation\n");
+         ENGINE_free(e);
+         return 0;
+     }
+     /* ENGINE_init() returned a functional reference, so free the structural
+      * reference from ENGINE_by_id(). */
+     ENGINE_free(e);
+     while(post_num--) {
+         if(!ENGINE_ctrl_cmd_string(e, post_cmds[0], post_cmds[1], 0)) {
+             fprintf(stderr, "Failed command (%s - %s:%s)\n", engine_id,
+                 post_cmds[0], post_cmds[1] ? post_cmds[1] : "(NULL)");
+             ENGINE_finish(e);
+             return 0;
+         }
+	 post_cmds += 2;
+     }
+     ENGINE_set_default(e, ENGINE_METHOD_ALL & ~ENGINE_METHOD_RAND);
+     /* Success */
+     return 1;
+ }
+
+Note that ENGINE_ctrl_cmd_string() accepts a boolean argument that can
+relax the semantics of the function - if set non-zero it will only return
+failure if the ENGINE supported the given command name but failed while
+executing it, if the ENGINE doesn't support the command name it will simply
+return success without doing anything. In this case we assume the user is
+only supplying commands specific to the given ENGINE so we set this to
+FALSE.
+
+=head3 Discovering supported control commands
+
+It is possible to discover at run-time the names, numerical-ids, descriptions
+and input parameters of the control commands supported from a structural
+reference to any ENGINE. It is first important to note that some control
+commands are defined by OpenSSL itself and it will intercept and handle these
+control commands on behalf of the ENGINE, ie. the ENGINE's ctrl() handler is not
+used for the control command. openssl/engine.h defines a symbol,
+ENGINE_CMD_BASE, that all control commands implemented by ENGINEs from. Any
+command value lower than this symbol is considered a "generic" command is
+handled directly by the OpenSSL core routines.
+
+It is using these "core" control commands that one can discover the the control
+commands implemented by a given ENGINE, specifically the commands;
+
+ #define ENGINE_HAS_CTRL_FUNCTION		10
+ #define ENGINE_CTRL_GET_FIRST_CMD_TYPE		11
+ #define ENGINE_CTRL_GET_NEXT_CMD_TYPE		12
+ #define ENGINE_CTRL_GET_CMD_FROM_NAME		13
+ #define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD	14
+ #define ENGINE_CTRL_GET_NAME_FROM_CMD		15
+ #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD	16
+ #define ENGINE_CTRL_GET_DESC_FROM_CMD		17
+ #define ENGINE_CTRL_GET_CMD_FLAGS		18
+
+Whilst these commands are automatically processed by the OpenSSL framework code,
+they use various properties exposed by each ENGINE by which to process these
+queries. An ENGINE has 3 properties it exposes that can affect this behaviour;
+it can supply a ctrl() handler, it can specify ENGINE_FLAGS_MANUAL_CMD_CTRL in
+the ENGINE's flags, and it can expose an array of control command descriptions.
+If an ENGINE specifies the ENGINE_FLAGS_MANUAL_CMD_CTRL flag, then it will
+simply pass all these "core" control commands directly to the ENGINE's ctrl()
+handler (and thus, it must have supplied one), so it is up to the ENGINE to
+reply to these "discovery" commands itself. If that flag is not set, then the
+OpenSSL framework code will work with the following rules;
+
+ if no ctrl() handler supplied;
+     ENGINE_HAS_CTRL_FUNCTION returns FALSE (zero),
+     all other commands fail.
+ if a ctrl() handler was supplied but no array of control commands;
+     ENGINE_HAS_CTRL_FUNCTION returns TRUE,
+     all other commands fail.
+ if a ctrl() handler and array of control commands was supplied;
+     ENGINE_HAS_CTRL_FUNCTION returns TRUE,
+     all other commands proceed processing ...
+
+If the ENGINE's array of control commands is empty then all other commands will
+fail, otherwise; ENGINE_CTRL_GET_FIRST_CMD_TYPE returns the identifier of
+the first command supported by the ENGINE, ENGINE_GET_NEXT_CMD_TYPE takes the
+identifier of a command supported by the ENGINE and returns the next command
+identifier or fails if there are no more, ENGINE_CMD_FROM_NAME takes a string
+name for a command and returns the corresponding identifier or fails if no such
+command name exists, and the remaining commands take a command identifier and
+return properties of the corresponding commands. All except
+ENGINE_CTRL_GET_FLAGS return the string length of a command name or description,
+or populate a supplied character buffer with a copy of the command name or
+description. ENGINE_CTRL_GET_FLAGS returns a bitwise-OR'd mask of the following
+possible values;
+
+ #define ENGINE_CMD_FLAG_NUMERIC		(unsigned int)0x0001
+ #define ENGINE_CMD_FLAG_STRING			(unsigned int)0x0002
+ #define ENGINE_CMD_FLAG_NO_INPUT		(unsigned int)0x0004
+ #define ENGINE_CMD_FLAG_INTERNAL		(unsigned int)0x0008
+
+If the ENGINE_CMD_FLAG_INTERNAL flag is set, then any other flags are purely
+informational to the caller - this flag will prevent the command being usable
+for any higher-level ENGINE functions such as ENGINE_ctrl_cmd_string().
+"INTERNAL" commands are not intended to be exposed to text-based configuration
+by applications, administrations, users, etc. These can support arbitrary
+operations via ENGINE_ctrl(), including passing to and/or from the control
+commands data of any arbitrary type. These commands are supported in the
+discovery mechanisms simply to allow applications determinie if an ENGINE
+supports certain specific commands it might want to use (eg. application "foo"
+might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" -
+and ENGINE could therefore decide whether or not to support this "foo"-specific
+extension).
+
+=head2 Future developments
+
+The ENGINE API and internal architecture is currently being reviewed. Slated for
+possible release in 0.9.8 is support for transparent loading of "dynamic"
+ENGINEs (built as self-contained shared-libraries). This would allow ENGINE
+implementations to be provided independantly of OpenSSL libraries and/or
+OpenSSL-based applications, and would also remove any requirement for
+applications to explicitly use the "dynamic" ENGINE to bind to shared-library
+implementations.
+
+=head1 SEE ALSO
+
+L<rsa(3)|rsa(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>, L<rand(3)|rand(3)>,
+L<RSA_new_method(3)|RSA_new_method(3)>
+
+=cut
diff --git a/doc/crypto/err.pod b/doc/crypto/err.pod
new file mode 100644
index 0000000000..6f729554d2
--- /dev/null
+++ b/doc/crypto/err.pod
@@ -0,0 +1,187 @@
+=pod
+
+=head1 NAME
+
+err - error codes
+
+=head1 SYNOPSIS
+
+ #include <openssl/err.h>
+
+ unsigned long ERR_get_error(void);
+ unsigned long ERR_peek_error(void);
+ unsigned long ERR_get_error_line(const char **file, int *line);
+ unsigned long ERR_peek_error_line(const char **file, int *line);
+ unsigned long ERR_get_error_line_data(const char **file, int *line,
+         const char **data, int *flags);
+ unsigned long ERR_peek_error_line_data(const char **file, int *line,
+         const char **data, int *flags);
+
+ int ERR_GET_LIB(unsigned long e);
+ int ERR_GET_FUNC(unsigned long e);
+ int ERR_GET_REASON(unsigned long e);
+
+ void ERR_clear_error(void);
+
+ char *ERR_error_string(unsigned long e, char *buf);
+ const char *ERR_lib_error_string(unsigned long e);
+ const char *ERR_func_error_string(unsigned long e);
+ const char *ERR_reason_error_string(unsigned long e);
+
+ void ERR_print_errors(BIO *bp);
+ void ERR_print_errors_fp(FILE *fp);
+
+ void ERR_load_crypto_strings(void);
+ void ERR_free_strings(void);
+
+ void ERR_remove_state(unsigned long pid);
+
+ void ERR_put_error(int lib, int func, int reason, const char *file,
+         int line);
+ void ERR_add_error_data(int num, ...);
+
+ void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
+ unsigned long ERR_PACK(int lib, int func, int reason);
+ int ERR_get_next_error_library(void);
+
+=head1 DESCRIPTION
+
+When a call to the OpenSSL library fails, this is usually signalled
+by the return value, and an error code is stored in an error queue
+associated with the current thread. The B<err> library provides
+functions to obtain these error codes and textual error messages.
+
+The L<ERR_get_error(3)|ERR_get_error(3)> manpage describes how to
+access error codes.
+
+Error codes contain information about where the error occurred, and
+what went wrong. L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> describes how to
+extract this information. A method to obtain human-readable error
+messages is described in L<ERR_error_string(3)|ERR_error_string(3)>.
+
+L<ERR_clear_error(3)|ERR_clear_error(3)> can be used to clear the
+error queue.
+
+Note that L<ERR_remove_state(3)|ERR_remove_state(3)> should be used to
+avoid memory leaks when threads are terminated.
+
+=head1 ADDING NEW ERROR CODES TO OPENSSL
+
+See L<ERR_put_error(3)> if you want to record error codes in the
+OpenSSL error system from within your application.
+
+The remainder of this section is of interest only if you want to add
+new error codes to OpenSSL or add error codes from external libraries.
+
+=head2 Reporting errors
+
+Each sub-library has a specific macro XXXerr() that is used to report
+errors. Its first argument is a function code B<XXX_F_...>, the second
+argument is a reason code B<XXX_R_...>. Function codes are derived
+from the function names; reason codes consist of textual error
+descriptions. For example, the function ssl23_read() reports a
+"handshake failure" as follows:
+
+ SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE);
+
+Function and reason codes should consist of upper case characters,
+numbers and underscores only. The error file generation script translates
+function codes into function names by looking in the header files
+for an appropriate function name, if none is found it just uses
+the capitalized form such as "SSL23_READ" in the above example.
+
+The trailing section of a reason code (after the "_R_") is translated
+into lower case and underscores changed to spaces.
+
+When you are using new function or reason codes, run B<make errors>.
+The necessary B<#define>s will then automatically be added to the
+sub-library's header file.
+
+Although a library will normally report errors using its own specific
+XXXerr macro, another library's macro can be used. This is normally
+only done when a library wants to include ASN1 code which must use
+the ASN1err() macro.
+
+=head2 Adding new libraries
+
+When adding a new sub-library to OpenSSL, assign it a library number
+B<ERR_LIB_XXX>, define a macro XXXerr() (both in B<err.h>), add its
+name to B<ERR_str_libraries[]> (in B<crypto/err/err.c>), and add
+C<ERR_load_XXX_strings()> to the ERR_load_crypto_strings() function
+(in B<crypto/err/err_all.c>). Finally, add an entry
+
+ L	XXX	xxx.h	xxx_err.c
+
+to B<crypto/err/openssl.ec>, and add B<xxx_err.c> to the Makefile.
+Running B<make errors> will then generate a file B<xxx_err.c>, and
+add all error codes used in the library to B<xxx.h>.
+
+Additionally the library include file must have a certain form.
+Typically it will initially look like this:
+
+ #ifndef HEADER_XXX_H
+ #define HEADER_XXX_H
+
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+
+ /* Include files */
+
+ #include <openssl/bio.h>
+ #include <openssl/x509.h>
+
+ /* Macros, structures and function prototypes */
+
+
+ /* BEGIN ERROR CODES */
+
+The B<BEGIN ERROR CODES> sequence is used by the error code
+generation script as the point to place new error codes, any text
+after this point will be overwritten when B<make errors> is run.
+The closing #endif etc will be automatically added by the script.
+
+The generated C error code file B<xxx_err.c> will load the header
+files B<stdio.h>, B<openssl/err.h> and B<openssl/xxx.h> so the
+header file must load any additional header files containing any
+definitions it uses.
+
+=head1 USING ERROR CODES IN EXTERNAL LIBRARIES
+
+It is also possible to use OpenSSL's error code scheme in external
+libraries. The library needs to load its own codes and call the OpenSSL
+error code insertion script B<mkerr.pl> explicitly to add codes to
+the header file and generate the C error code file. This will normally
+be done if the external library needs to generate new ASN1 structures
+but it can also be used to add more general purpose error code handling.
+
+TBA more details
+
+=head1 INTERNALS
+
+The error queues are stored in a hash table with one B<ERR_STATE>
+entry for each pid. ERR_get_state() returns the current thread's
+B<ERR_STATE>. An B<ERR_STATE> can hold up to B<ERR_NUM_ERRORS> error
+codes. When more error codes are added, the old ones are overwritten,
+on the assumption that the most recent errors are most important.
+
+Error strings are also stored in hash table. The hash tables can
+be obtained by calling ERR_get_err_state_table(void) and
+ERR_get_string_table(void) respectively.
+
+=head1 SEE ALSO
+
+L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>,
+L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>,
+L<ERR_get_error(3)|ERR_get_error(3)>,
+L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>,
+L<ERR_clear_error(3)|ERR_clear_error(3)>,
+L<ERR_error_string(3)|ERR_error_string(3)>,
+L<ERR_print_errors(3)|ERR_print_errors(3)>,
+L<ERR_load_crypto_strings(3)|ERR_load_crypto_strings(3)>,
+L<ERR_remove_state(3)|ERR_remove_state(3)>,
+L<ERR_put_error(3)|ERR_put_error(3)>,
+L<ERR_load_strings(3)|ERR_load_strings(3)>,
+L<SSL_get_error(3)|SSL_get_error(3)>
+
+=cut
diff --git a/doc/crypto/evp.pod b/doc/crypto/evp.pod
new file mode 100644
index 0000000000..b3ca14314f
--- /dev/null
+++ b/doc/crypto/evp.pod
@@ -0,0 +1,45 @@
+=pod
+
+=head1 NAME
+
+evp - high-level cryptographic functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/evp.h>
+
+=head1 DESCRIPTION
+
+The EVP library provides a high-level interface to cryptographic
+functions.
+
+B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption
+and decryption to implement digital "envelopes".
+
+The B<EVP_Sign>I<...> and B<EVP_Verify>I<...> functions implement
+digital signatures.
+
+Symmetric encryption is available with the B<EVP_Encrypt>I<...>
+functions.  The B<EVP_Digest>I<...> functions provide message digests.
+
+Algorithms are loaded with OpenSSL_add_all_algorithms(3).
+
+All the symmetric algorithms (ciphers) and digests can be replaced by ENGINE
+modules providing alternative implementations. If ENGINE implementations of
+ciphers or digests are registered as defaults, then the various EVP functions
+will automatically use those implementations automatically in preference to
+built in software implementations. For more information, consult the engine(3)
+man page.
+
+=head1 SEE ALSO
+
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>,
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>,
+L<EVP_OpenInit(3)|EVP_OpenInit(3)>,
+L<EVP_SealInit(3)|EVP_SealInit(3)>,
+L<EVP_SignInit(3)|EVP_SignInit(3)>,
+L<EVP_VerifyInit(3)|EVP_VerifyInit(3)>,
+L<OpenSSL_add_all_algorithms(3)|OpenSSL_add_all_algorithms(3)>,
+L<engine(3)|engine(3)>
+
+=cut
diff --git a/doc/crypto/hmac.pod b/doc/crypto/hmac.pod
new file mode 100644
index 0000000000..3976baf226
--- /dev/null
+++ b/doc/crypto/hmac.pod
@@ -0,0 +1,102 @@
+=pod
+
+=head1 NAME
+
+HMAC, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup - HMAC message
+authentication code
+
+=head1 SYNOPSIS
+
+ #include <openssl/hmac.h>
+
+ unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
+               int key_len, const unsigned char *d, int n,
+               unsigned char *md, unsigned int *md_len);
+
+ void HMAC_CTX_init(HMAC_CTX *ctx);
+
+ void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
+               const EVP_MD *md);
+ void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
+               	   const EVP_MD *md);
+ void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
+ void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
+
+ void HMAC_CTX_cleanup(HMAC_CTX *ctx);
+ void HMAC_cleanup(HMAC_CTX *ctx);
+
+=head1 DESCRIPTION
+
+HMAC is a MAC (message authentication code), i.e. a keyed hash
+function used for message authentication, which is based on a hash
+function.
+
+HMAC() computes the message authentication code of the B<n> bytes at
+B<d> using the hash function B<evp_md> and the key B<key> which is
+B<key_len> bytes long.
+
+It places the result in B<md> (which must have space for the output of
+the hash function, which is no more than B<EVP_MAX_MD_SIZE> bytes).
+If B<md> is NULL, the digest is placed in a static array.  The size of
+the output is placed in B<md_len>, unless it is B<NULL>.
+
+B<evp_md> can be EVP_sha1(), EVP_ripemd160() etc.
+B<key> and B<evp_md> may be B<NULL> if a key and hash function have
+been set in a previous call to HMAC_Init() for that B<HMAC_CTX>.
+
+HMAC_CTX_init() initialises a B<HMAC_CTX> before first use. It must be
+called.
+
+HMAC_CTX_cleanup() erases the key and other data from the B<HMAC_CTX>
+and releases any associated resources. It must be called when an
+B<HMAC_CTX> is no longer required.
+
+HMAC_cleanup() is an alias for HMAC_CTX_cleanup() included for back
+compatibility with 0.9.6b, it is deprecated.
+
+The following functions may be used if the message is not completely
+stored in memory:
+
+HMAC_Init() initializes a B<HMAC_CTX> structure to use the hash
+function B<evp_md> and the key B<key> which is B<key_len> bytes
+long. It is deprecated and only included for backward compatibility
+with OpenSSL 0.9.6b.
+
+HMAC_Init_ex() initializes or reuses a B<HMAC_CTX> structure to use
+the function B<evp_md> and key B<key>. Either can be NULL, in which
+case the existing one will be reused. HMAC_CTX_init() must have been
+called before the first use of an B<HMAC_CTX> in this
+function. B<N.B. HMAC_Init() had this undocumented behaviour in
+previous versions of OpenSSL - failure to switch to HMAC_Init_ex() in
+programs that expect it will cause them to stop working>.
+
+HMAC_Update() can be called repeatedly with chunks of the message to
+be authenticated (B<len> bytes at B<data>).
+
+HMAC_Final() places the message authentication code in B<md>, which
+must have space for the hash function output.
+
+=head1 RETURN VALUES
+
+HMAC() returns a pointer to the message authentication code.
+
+HMAC_CTX_init(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and
+HMAC_CTX_cleanup() do not return values.
+
+=head1 CONFORMING TO
+
+RFC 2104
+
+=head1 SEE ALSO
+
+L<sha(3)|sha(3)>, L<evp(3)|evp(3)>
+
+=head1 HISTORY
+
+HMAC(), HMAC_Init(), HMAC_Update(), HMAC_Final() and HMAC_cleanup()
+are available since SSLeay 0.9.0.
+
+HMAC_CTX_init(), HMAC_Init_ex() and HMAC_CTX_cleanup() are available
+since OpenSSL 0.9.7.
+
+=cut
diff --git a/doc/crypto/lh_stats.pod b/doc/crypto/lh_stats.pod
new file mode 100644
index 0000000000..3eeaa72e52
--- /dev/null
+++ b/doc/crypto/lh_stats.pod
@@ -0,0 +1,60 @@
+=pod
+
+=head1 NAME
+
+lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio,
+lh_node_stats_bio, lh_node_usage_stats_bio - LHASH statistics
+
+=head1 SYNOPSIS
+
+ #include <openssl/lhash.h>
+
+ void lh_stats(LHASH *table, FILE *out);
+ void lh_node_stats(LHASH *table, FILE *out);
+ void lh_node_usage_stats(LHASH *table, FILE *out);
+
+ void lh_stats_bio(LHASH *table, BIO *out);
+ void lh_node_stats_bio(LHASH *table, BIO *out);
+ void lh_node_usage_stats_bio(LHASH *table, BIO *out);
+
+=head1 DESCRIPTION
+
+The B<LHASH> structure records statistics about most aspects of
+accessing the hash table.  This is mostly a legacy of Eric Young
+writing this library for the reasons of implementing what looked like
+a nice algorithm rather than for a particular software product.
+
+lh_stats() prints out statistics on the size of the hash table, how
+many entries are in it, and the number and result of calls to the
+routines in this library.
+
+lh_node_stats() prints the number of entries for each 'bucket' in the
+hash table.
+
+lh_node_usage_stats() prints out a short summary of the state of the
+hash table.  It prints the 'load' and the 'actual load'.  The load is
+the average number of data items per 'bucket' in the hash table.  The
+'actual load' is the average number of items per 'bucket', but only
+for buckets which contain entries.  So the 'actual load' is the
+average number of searches that will need to find an item in the hash
+table, while the 'load' is the average number that will be done to
+record a miss.
+
+lh_stats_bio(), lh_node_stats_bio() and lh_node_usage_stats_bio()
+are the same as the above, except that the output goes to a B<BIO>.
+
+=head1 RETURN VALUES
+
+These functions do not return values.
+
+=head1 SEE ALSO
+
+L<bio(3)|bio(3)>, L<lhash(3)|lhash(3)>
+
+=head1 HISTORY
+
+These functions are available in all versions of SSLeay and OpenSSL.
+
+This manpage is derived from the SSLeay documentation.
+
+=cut
diff --git a/doc/crypto/lhash.pod b/doc/crypto/lhash.pod
new file mode 100644
index 0000000000..dcdbb43a8e
--- /dev/null
+++ b/doc/crypto/lhash.pod
@@ -0,0 +1,294 @@
+=pod
+
+=head1 NAME
+
+lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, lh_doall_arg, lh_error - dynamic hash table
+
+=head1 SYNOPSIS
+
+ #include <openssl/lhash.h>
+
+ LHASH *lh_new(LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE compare);
+ void lh_free(LHASH *table);
+
+ void *lh_insert(LHASH *table, void *data);
+ void *lh_delete(LHASH *table, void *data);
+ void *lh_retrieve(LHASH *table, void *data);
+
+ void lh_doall(LHASH *table, LHASH_DOALL_FN_TYPE func);
+ void lh_doall_arg(LHASH *table, LHASH_DOALL_ARG_FN_TYPE func,
+          void *arg);
+
+ int lh_error(LHASH *table);
+
+ typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *);
+ typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *);
+ typedef void (*LHASH_DOALL_FN_TYPE)(const void *);
+ typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, const void *);
+
+=head1 DESCRIPTION
+
+This library implements dynamic hash tables. The hash table entries
+can be arbitrary structures. Usually they consist of key and value
+fields.
+
+lh_new() creates a new B<LHASH> structure to store arbitrary data
+entries, and provides the 'hash' and 'compare' callbacks to be used in
+organising the table's entries.  The B<hash> callback takes a pointer
+to a table entry as its argument and returns an unsigned long hash
+value for its key field.  The hash value is normally truncated to a
+power of 2, so make sure that your hash function returns well mixed
+low order bits.  The B<compare> callback takes two arguments (pointers
+to two hash table entries), and returns 0 if their keys are equal,
+non-zero otherwise.  If your hash table will contain items of some
+particular type and the B<hash> and B<compare> callbacks hash/compare
+these types, then the B<DECLARE_LHASH_HASH_FN> and
+B<IMPLEMENT_LHASH_COMP_FN> macros can be used to create callback
+wrappers of the prototypes required by lh_new().  These provide
+per-variable casts before calling the type-specific callbacks written
+by the application author.  These macros, as well as those used for
+the "doall" callbacks, are defined as;
+
+ #define DECLARE_LHASH_HASH_FN(f_name,o_type) \
+         unsigned long f_name##_LHASH_HASH(const void *);
+ #define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \
+         unsigned long f_name##_LHASH_HASH(const void *arg) { \
+                 o_type a = (o_type)arg; \
+                 return f_name(a); }
+ #define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH
+
+ #define DECLARE_LHASH_COMP_FN(f_name,o_type) \
+         int f_name##_LHASH_COMP(const void *, const void *);
+ #define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \
+         int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \
+                 o_type a = (o_type)arg1; \
+                 o_type b = (o_type)arg2; \
+                 return f_name(a,b); }
+ #define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP
+
+ #define DECLARE_LHASH_DOALL_FN(f_name,o_type) \
+         void f_name##_LHASH_DOALL(const void *);
+ #define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \
+         void f_name##_LHASH_DOALL(const void *arg) { \
+                 o_type a = (o_type)arg; \
+                 f_name(a); }
+ #define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL
+
+ #define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
+         void f_name##_LHASH_DOALL_ARG(const void *, const void *);
+ #define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \
+         void f_name##_LHASH_DOALL_ARG(const void *arg1, const void *arg2) { \
+                 o_type a = (o_type)arg1; \
+                 a_type b = (a_type)arg2; \
+                 f_name(a,b); }
+ #define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG
+
+An example of a hash table storing (pointers to) structures of type 'STUFF'
+could be defined as follows;
+
+ /* Calculates the hash value of 'tohash' (implemented elsewhere) */
+ unsigned long STUFF_hash(const STUFF *tohash);
+ /* Orders 'arg1' and 'arg2' (implemented elsewhere) */
+ int STUFF_cmp(const STUFF *arg1, const STUFF *arg2);
+ /* Create the type-safe wrapper functions for use in the LHASH internals */
+ static IMPLEMENT_LHASH_HASH_FN(STUFF_hash, const STUFF *)
+ static IMPLEMENT_LHASH_COMP_FN(STUFF_cmp, const STUFF *);
+ /* ... */
+ int main(int argc, char *argv[]) {
+         /* Create the new hash table using the hash/compare wrappers */
+         LHASH *hashtable = lh_new(LHASH_HASH_FN(STUFF_hash),
+                                   LHASH_COMP_FN(STUFF_cmp));
+	 /* ... */
+ }
+
+lh_free() frees the B<LHASH> structure B<table>. Allocated hash table
+entries will not be freed; consider using lh_doall() to deallocate any
+remaining entries in the hash table (see below).
+
+lh_insert() inserts the structure pointed to by B<data> into B<table>.
+If there already is an entry with the same key, the old value is
+replaced. Note that lh_insert() stores pointers, the data are not
+copied.
+
+lh_delete() deletes an entry from B<table>.
+
+lh_retrieve() looks up an entry in B<table>. Normally, B<data> is
+a structure with the key field(s) set; the function will return a
+pointer to a fully populated structure.
+
+lh_doall() will, for every entry in the hash table, call B<func> with
+the data item as its parameter.  For lh_doall() and lh_doall_arg(),
+function pointer casting should be avoided in the callbacks (see
+B<NOTE>) - instead, either declare the callbacks to match the
+prototype required in lh_new() or use the declare/implement macros to
+create type-safe wrappers that cast variables prior to calling your
+type-specific callbacks.  An example of this is illustrated here where
+the callback is used to cleanup resources for items in the hash table
+prior to the hashtable itself being deallocated:
+
+ /* Cleans up resources belonging to 'a' (this is implemented elsewhere) */
+ void STUFF_cleanup(STUFF *a);
+ /* Implement a prototype-compatible wrapper for "STUFF_cleanup" */
+ IMPLEMENT_LHASH_DOALL_FN(STUFF_cleanup, STUFF *)
+         /* ... then later in the code ... */
+ /* So to run "STUFF_cleanup" against all items in a hash table ... */
+ lh_doall(hashtable, LHASH_DOALL_FN(STUFF_cleanup));
+ /* Then the hash table itself can be deallocated */
+ lh_free(hashtable);
+
+When doing this, be careful if you delete entries from the hash table
+in your callbacks: the table may decrease in size, moving the item
+that you are currently on down lower in the hash table - this could
+cause some entries to be skipped during the iteration.  The second
+best solution to this problem is to set hash-E<gt>down_load=0 before
+you start (which will stop the hash table ever decreasing in size).
+The best solution is probably to avoid deleting items from the hash
+table inside a "doall" callback!
+
+lh_doall_arg() is the same as lh_doall() except that B<func> will be
+called with B<arg> as the second argument and B<func> should be of
+type B<LHASH_DOALL_ARG_FN_TYPE> (a callback prototype that is passed
+both the table entry and an extra argument).  As with lh_doall(), you
+can instead choose to declare your callback with a prototype matching
+the types you are dealing with and use the declare/implement macros to
+create compatible wrappers that cast variables before calling your
+type-specific callbacks.  An example of this is demonstrated here
+(printing all hash table entries to a BIO that is provided by the
+caller):
+
+ /* Prints item 'a' to 'output_bio' (this is implemented elsewhere) */
+ void STUFF_print(const STUFF *a, BIO *output_bio);
+ /* Implement a prototype-compatible wrapper for "STUFF_print" */
+ static IMPLEMENT_LHASH_DOALL_ARG_FN(STUFF_print, const STUFF *, BIO *)
+         /* ... then later in the code ... */
+ /* Print out the entire hashtable to a particular BIO */
+ lh_doall_arg(hashtable, LHASH_DOALL_ARG_FN(STUFF_print), logging_bio);
+ 
+lh_error() can be used to determine if an error occurred in the last
+operation. lh_error() is a macro.
+
+=head1 RETURN VALUES
+
+lh_new() returns B<NULL> on error, otherwise a pointer to the new
+B<LHASH> structure.
+
+When a hash table entry is replaced, lh_insert() returns the value
+being replaced. B<NULL> is returned on normal operation and on error.
+
+lh_delete() returns the entry being deleted.  B<NULL> is returned if
+there is no such value in the hash table.
+
+lh_retrieve() returns the hash table entry if it has been found,
+B<NULL> otherwise.
+
+lh_error() returns 1 if an error occurred in the last operation, 0
+otherwise.
+
+lh_free(), lh_doall() and lh_doall_arg() return no values.
+
+=head1 NOTE
+
+The various LHASH macros and callback types exist to make it possible
+to write type-safe code without resorting to function-prototype
+casting - an evil that makes application code much harder to
+audit/verify and also opens the window of opportunity for stack
+corruption and other hard-to-find bugs.  It also, apparently, violates
+ANSI-C.
+
+The LHASH code regards table entries as constant data.  As such, it
+internally represents lh_insert()'d items with a "const void *"
+pointer type.  This is why callbacks such as those used by lh_doall()
+and lh_doall_arg() declare their prototypes with "const", even for the
+parameters that pass back the table items' data pointers - for
+consistency, user-provided data is "const" at all times as far as the
+LHASH code is concerned.  However, as callers are themselves providing
+these pointers, they can choose whether they too should be treating
+all such parameters as constant.
+
+As an example, a hash table may be maintained by code that, for
+reasons of encapsulation, has only "const" access to the data being
+indexed in the hash table (ie. it is returned as "const" from
+elsewhere in their code) - in this case the LHASH prototypes are
+appropriate as-is.  Conversely, if the caller is responsible for the
+life-time of the data in question, then they may well wish to make
+modifications to table item passed back in the lh_doall() or
+lh_doall_arg() callbacks (see the "STUFF_cleanup" example above).  If
+so, the caller can either cast the "const" away (if they're providing
+the raw callbacks themselves) or use the macros to declare/implement
+the wrapper functions without "const" types.
+
+Callers that only have "const" access to data they're indexing in a
+table, yet declare callbacks without constant types (or cast the
+"const" away themselves), are therefore creating their own risks/bugs
+without being encouraged to do so by the API.  On a related note,
+those auditing code should pay special attention to any instances of
+DECLARE/IMPLEMENT_LHASH_DOALL_[ARG_]_FN macros that provide types
+without any "const" qualifiers.
+
+=head1 BUGS
+
+lh_insert() returns B<NULL> both for success and error.
+
+=head1 INTERNALS
+
+The following description is based on the SSLeay documentation:
+
+The B<lhash> library implements a hash table described in the
+I<Communications of the ACM> in 1991.  What makes this hash table
+different is that as the table fills, the hash table is increased (or
+decreased) in size via OPENSSL_realloc().  When a 'resize' is done, instead of
+all hashes being redistributed over twice as many 'buckets', one
+bucket is split.  So when an 'expand' is done, there is only a minimal
+cost to redistribute some values.  Subsequent inserts will cause more
+single 'bucket' redistributions but there will never be a sudden large
+cost due to redistributing all the 'buckets'.
+
+The state for a particular hash table is kept in the B<LHASH> structure.
+The decision to increase or decrease the hash table size is made
+depending on the 'load' of the hash table.  The load is the number of
+items in the hash table divided by the size of the hash table.  The
+default values are as follows.  If (hash->up_load E<lt> load) =E<gt>
+expand.  if (hash-E<gt>down_load E<gt> load) =E<gt> contract.  The
+B<up_load> has a default value of 1 and B<down_load> has a default value
+of 2.  These numbers can be modified by the application by just
+playing with the B<up_load> and B<down_load> variables.  The 'load' is
+kept in a form which is multiplied by 256.  So
+hash-E<gt>up_load=8*256; will cause a load of 8 to be set.
+
+If you are interested in performance the field to watch is
+num_comp_calls.  The hash library keeps track of the 'hash' value for
+each item so when a lookup is done, the 'hashes' are compared, if
+there is a match, then a full compare is done, and
+hash-E<gt>num_comp_calls is incremented.  If num_comp_calls is not equal
+to num_delete plus num_retrieve it means that your hash function is
+generating hashes that are the same for different values.  It is
+probably worth changing your hash function if this is the case because
+even if your hash table has 10 items in a 'bucket', it can be searched
+with 10 B<unsigned long> compares and 10 linked list traverses.  This
+will be much less expensive that 10 calls to your compare function.
+
+lh_strhash() is a demo string hashing function:
+
+ unsigned long lh_strhash(const char *c);
+
+Since the B<LHASH> routines would normally be passed structures, this
+routine would not normally be passed to lh_new(), rather it would be
+used in the function passed to lh_new().
+
+=head1 SEE ALSO
+
+L<lh_stats(3)|lh_stats(3)>
+
+=head1 HISTORY
+
+The B<lhash> library is available in all versions of SSLeay and OpenSSL.
+lh_error() was added in SSLeay 0.9.1b.
+
+This manpage is derived from the SSLeay documentation.
+
+In OpenSSL 0.9.7, all lhash functions that were passed function pointers
+were changed for better type safety, and the function types LHASH_COMP_FN_TYPE,
+LHASH_HASH_FN_TYPE, LHASH_DOALL_FN_TYPE and LHASH_DOALL_ARG_FN_TYPE 
+became available.
+
+=cut
diff --git a/doc/crypto/md5.pod b/doc/crypto/md5.pod
new file mode 100644
index 0000000000..6e6322dcdc
--- /dev/null
+++ b/doc/crypto/md5.pod
@@ -0,0 +1,101 @@
+=pod
+
+=head1 NAME
+
+MD2, MD4, MD5, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update,
+MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/md2.h>
+
+ unsigned char *MD2(const unsigned char *d, unsigned long n,
+                  unsigned char *md);
+
+ void MD2_Init(MD2_CTX *c);
+ void MD2_Update(MD2_CTX *c, const unsigned char *data,
+                  unsigned long len);
+ void MD2_Final(unsigned char *md, MD2_CTX *c);
+
+
+ #include <openssl/md4.h>
+
+ unsigned char *MD4(const unsigned char *d, unsigned long n,
+                  unsigned char *md);
+
+ void MD4_Init(MD4_CTX *c);
+ void MD4_Update(MD4_CTX *c, const void *data,
+                  unsigned long len);
+ void MD4_Final(unsigned char *md, MD4_CTX *c);
+
+
+ #include <openssl/md5.h>
+
+ unsigned char *MD5(const unsigned char *d, unsigned long n,
+                  unsigned char *md);
+
+ void MD5_Init(MD5_CTX *c);
+ void MD5_Update(MD5_CTX *c, const void *data,
+                  unsigned long len);
+ void MD5_Final(unsigned char *md, MD5_CTX *c);
+
+=head1 DESCRIPTION
+
+MD2, MD4, and MD5 are cryptographic hash functions with a 128 bit output.
+
+MD2(), MD4(), and MD5() compute the MD2, MD4, and MD5 message digest
+of the B<n> bytes at B<d> and place it in B<md> (which must have space
+for MD2_DIGEST_LENGTH == MD4_DIGEST_LENGTH == MD5_DIGEST_LENGTH == 16
+bytes of output). If B<md> is NULL, the digest is placed in a static
+array.
+
+The following functions may be used if the message is not completely
+stored in memory:
+
+MD2_Init() initializes a B<MD2_CTX> structure.
+
+MD2_Update() can be called repeatedly with chunks of the message to
+be hashed (B<len> bytes at B<data>).
+
+MD2_Final() places the message digest in B<md>, which must have space
+for MD2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MD2_CTX>.
+
+MD4_Init(), MD4_Update(), MD4_Final(), MD5_Init(), MD5_Update(), and
+MD5_Final() are analogous using an B<MD4_CTX> and B<MD5_CTX> structure.
+
+Applications should use the higher level functions
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+etc. instead of calling the hash functions directly.
+
+=head1 NOTE
+
+MD2, MD4, and MD5 are recommended only for compatibility with existing
+applications. In new applications, SHA-1 or RIPEMD-160 should be
+preferred.
+
+=head1 RETURN VALUES
+
+MD2(), MD4(), and MD5() return pointers to the hash value. 
+
+MD2_Init(), MD2_Update(), MD2_Final(), MD4_Init(), MD4_Update(),
+MD4_Final(), MD5_Init(), MD5_Update(), and MD5_Final() do not return
+values.
+
+=head1 CONFORMING TO
+
+RFC 1319, RFC 1320, RFC 1321
+
+=head1 SEE ALSO
+
+L<sha(3)|sha(3)>, L<ripemd(3)|ripemd(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+
+=head1 HISTORY
+
+MD2(), MD2_Init(), MD2_Update() MD2_Final(), MD5(), MD5_Init(),
+MD5_Update() and MD5_Final() are available in all versions of SSLeay
+and OpenSSL.
+
+MD4(), MD4_Init(), and MD4_Update() are available in OpenSSL 0.9.6 and
+above.
+
+=cut
diff --git a/doc/crypto/mdc2.pod b/doc/crypto/mdc2.pod
new file mode 100644
index 0000000000..11dc303e04
--- /dev/null
+++ b/doc/crypto/mdc2.pod
@@ -0,0 +1,64 @@
+=pod
+
+=head1 NAME
+
+MDC2, MDC2_Init, MDC2_Update, MDC2_Final - MDC2 hash function
+
+=head1 SYNOPSIS
+
+ #include <openssl/mdc2.h>
+
+ unsigned char *MDC2(const unsigned char *d, unsigned long n,
+                  unsigned char *md);
+
+ void MDC2_Init(MDC2_CTX *c);
+ void MDC2_Update(MDC2_CTX *c, const unsigned char *data,
+                  unsigned long len);
+ void MDC2_Final(unsigned char *md, MDC2_CTX *c);
+
+=head1 DESCRIPTION
+
+MDC2 is a method to construct hash functions with 128 bit output from
+block ciphers.  These functions are an implementation of MDC2 with
+DES.
+
+MDC2() computes the MDC2 message digest of the B<n>
+bytes at B<d> and places it in B<md> (which must have space for
+MDC2_DIGEST_LENGTH == 16 bytes of output). If B<md> is NULL, the digest
+is placed in a static array.
+
+The following functions may be used if the message is not completely
+stored in memory:
+
+MDC2_Init() initializes a B<MDC2_CTX> structure.
+
+MDC2_Update() can be called repeatedly with chunks of the message to
+be hashed (B<len> bytes at B<data>).
+
+MDC2_Final() places the message digest in B<md>, which must have space
+for MDC2_DIGEST_LENGTH == 16 bytes of output, and erases the B<MDC2_CTX>.
+
+Applications should use the higher level functions
+L<EVP_DigestInit(3)|EVP_DigestInit(3)> etc. instead of calling the
+hash functions directly.
+
+=head1 RETURN VALUES
+
+MDC2() returns a pointer to the hash value. 
+
+MDC2_Init(), MDC2_Update() and MDC2_Final() do not return values.
+
+=head1 CONFORMING TO
+
+ISO/IEC 10118-2, with DES
+
+=head1 SEE ALSO
+
+L<sha(3)|sha(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+
+=head1 HISTORY
+
+MDC2(), MDC2_Init(), MDC2_Update() and MDC2_Final() are available since
+SSLeay 0.8.
+
+=cut
diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod
new file mode 100644
index 0000000000..a4f8cc3337
--- /dev/null
+++ b/doc/crypto/pem.pod
@@ -0,0 +1,476 @@
+=pod
+
+=head1 NAME
+
+PEM - PEM routines
+
+=head1 SYNOPSIS
+
+ #include <openssl/pem.h>
+
+ EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x,
+					pem_password_cb *cb, void *u);
+
+ EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+					unsigned char *kstr, int klen,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+					unsigned char *kstr, int klen,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+					char *kstr, int klen,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+					char *kstr, int klen,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
+					char *kstr, int klen,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
+					char *kstr, int klen,
+					pem_password_cb *cb, void *u);
+
+ EVP_PKEY *PEM_read_bio_PUBKEY(BIO *bp, EVP_PKEY **x,
+					pem_password_cb *cb, void *u);
+
+ EVP_PKEY *PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_PUBKEY(BIO *bp, EVP_PKEY *x);
+ int PEM_write_PUBKEY(FILE *fp, EVP_PKEY *x);
+
+ RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **x,
+					pem_password_cb *cb, void *u);
+
+ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **x,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
+					unsigned char *kstr, int klen,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
+					unsigned char *kstr, int klen,
+					pem_password_cb *cb, void *u);
+
+ RSA *PEM_read_bio_RSAPublicKey(BIO *bp, RSA **x,
+					pem_password_cb *cb, void *u);
+
+ RSA *PEM_read_RSAPublicKey(FILE *fp, RSA **x,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_RSAPublicKey(BIO *bp, RSA *x);
+
+ int PEM_write_RSAPublicKey(FILE *fp, RSA *x);
+
+ RSA *PEM_read_bio_RSA_PUBKEY(BIO *bp, RSA **x,
+					pem_password_cb *cb, void *u);
+
+ RSA *PEM_read_RSA_PUBKEY(FILE *fp, RSA **x,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_RSA_PUBKEY(BIO *bp, RSA *x);
+
+ int PEM_write_RSA_PUBKEY(FILE *fp, RSA *x);
+
+ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **x,
+					pem_password_cb *cb, void *u);
+
+ DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **x,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
+					unsigned char *kstr, int klen,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
+					unsigned char *kstr, int klen,
+					pem_password_cb *cb, void *u);
+
+ DSA *PEM_read_bio_DSA_PUBKEY(BIO *bp, DSA **x,
+					pem_password_cb *cb, void *u);
+
+ DSA *PEM_read_DSA_PUBKEY(FILE *fp, DSA **x,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_DSA_PUBKEY(BIO *bp, DSA *x);
+
+ int PEM_write_DSA_PUBKEY(FILE *fp, DSA *x);
+
+ DSA *PEM_read_bio_DSAparams(BIO *bp, DSA **x, pem_password_cb *cb, void *u);
+
+ DSA *PEM_read_DSAparams(FILE *fp, DSA **x, pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_DSAparams(BIO *bp, DSA *x);
+
+ int PEM_write_DSAparams(FILE *fp, DSA *x);
+
+ DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
+
+ DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_DHparams(BIO *bp, DH *x);
+
+ int PEM_write_DHparams(FILE *fp, DH *x);
+
+ X509 *PEM_read_bio_X509(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
+
+ X509 *PEM_read_X509(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_X509(BIO *bp, X509 *x);
+
+ int PEM_write_X509(FILE *fp, X509 *x);
+
+ X509 *PEM_read_bio_X509_AUX(BIO *bp, X509 **x, pem_password_cb *cb, void *u);
+
+ X509 *PEM_read_X509_AUX(FILE *fp, X509 **x, pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_X509_AUX(BIO *bp, X509 *x);
+
+ int PEM_write_X509_AUX(FILE *fp, X509 *x);
+
+ X509_REQ *PEM_read_bio_X509_REQ(BIO *bp, X509_REQ **x,
+					pem_password_cb *cb, void *u);
+
+ X509_REQ *PEM_read_X509_REQ(FILE *fp, X509_REQ **x,
+					pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_X509_REQ(BIO *bp, X509_REQ *x);
+
+ int PEM_write_X509_REQ(FILE *fp, X509_REQ *x);
+
+ int PEM_write_bio_X509_REQ_NEW(BIO *bp, X509_REQ *x);
+
+ int PEM_write_X509_REQ_NEW(FILE *fp, X509_REQ *x);
+
+ X509_CRL *PEM_read_bio_X509_CRL(BIO *bp, X509_CRL **x,
+					pem_password_cb *cb, void *u);
+ X509_CRL *PEM_read_X509_CRL(FILE *fp, X509_CRL **x,
+					pem_password_cb *cb, void *u);
+ int PEM_write_bio_X509_CRL(BIO *bp, X509_CRL *x);
+ int PEM_write_X509_CRL(FILE *fp, X509_CRL *x);
+
+ PKCS7 *PEM_read_bio_PKCS7(BIO *bp, PKCS7 **x, pem_password_cb *cb, void *u);
+
+ PKCS7 *PEM_read_PKCS7(FILE *fp, PKCS7 **x, pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_PKCS7(BIO *bp, PKCS7 *x);
+
+ int PEM_write_PKCS7(FILE *fp, PKCS7 *x);
+
+ NETSCAPE_CERT_SEQUENCE *PEM_read_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp,
+						NETSCAPE_CERT_SEQUENCE **x,
+						pem_password_cb *cb, void *u);
+
+ NETSCAPE_CERT_SEQUENCE *PEM_read_NETSCAPE_CERT_SEQUENCE(FILE *fp,
+						NETSCAPE_CERT_SEQUENCE **x,
+						pem_password_cb *cb, void *u);
+
+ int PEM_write_bio_NETSCAPE_CERT_SEQUENCE(BIO *bp, NETSCAPE_CERT_SEQUENCE *x);
+
+ int PEM_write_NETSCAPE_CERT_SEQUENCE(FILE *fp, NETSCAPE_CERT_SEQUENCE *x);
+
+=head1 DESCRIPTION
+
+The PEM functions read or write structures in PEM format. In
+this sense PEM format is simply base64 encoded data surrounded
+by header lines.
+
+For more details about the meaning of arguments see the
+B<PEM FUNCTION ARGUMENTS> section.
+
+Each operation has four functions associated with it. For
+clarity the term "B<foobar> functions" will be used to collectively
+refer to the PEM_read_bio_foobar(), PEM_read_foobar(),
+PEM_write_bio_foobar() and PEM_write_foobar() functions.
+
+The B<PrivateKey> functions read or write a private key in
+PEM format using an EVP_PKEY structure. The write routines use
+"traditional" private key format and can handle both RSA and DSA
+private keys. The read functions can additionally transparently
+handle PKCS#8 format encrypted and unencrypted keys too.
+
+PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey()
+write a private key in an EVP_PKEY structure in PKCS#8
+EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption
+algorithms. The B<cipher> argument specifies the encryption algoritm to
+use: unlike all other PEM routines the encryption is applied at the
+PKCS#8 level and not in the PEM headers. If B<cipher> is NULL then no
+encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead.
+
+PEM_write_bio_PKCS8PrivateKey_nid() and PEM_write_PKCS8PrivateKey_nid()
+also write out a private key as a PKCS#8 EncryptedPrivateKeyInfo however
+it uses PKCS#5 v1.5 or PKCS#12 encryption algorithms instead. The algorithm
+to use is specified in the B<nid> parameter and should be the NID of the
+corresponding OBJECT IDENTIFIER (see NOTES section).
+
+The B<PUBKEY> functions process a public key using an EVP_PKEY
+structure. The public key is encoded as a SubjectPublicKeyInfo
+structure.
+
+The B<RSAPrivateKey> functions process an RSA private key using an
+RSA structure. It handles the same formats as the B<PrivateKey>
+functions but an error occurs if the private key is not RSA.
+
+The B<RSAPublicKey> functions process an RSA public key using an
+RSA structure. The public key is encoded using a PKCS#1 RSAPublicKey
+structure.
+
+The B<RSA_PUBKEY> functions also process an RSA public key using
+an RSA structure. However the public key is encoded using a
+SubjectPublicKeyInfo structure and an error occurs if the public
+key is not RSA.
+
+The B<DSAPrivateKey> functions process a DSA private key using a
+DSA structure. It handles the same formats as the B<PrivateKey>
+functions but an error occurs if the private key is not DSA.
+
+The B<DSA_PUBKEY> functions process a DSA public key using
+a DSA structure. The public key is encoded using a
+SubjectPublicKeyInfo structure and an error occurs if the public
+key is not DSA.
+
+The B<DSAparams> functions process DSA parameters using a DSA
+structure. The parameters are encoded using a foobar structure.
+
+The B<DHparams> functions process DH parameters using a DH
+structure. The parameters are encoded using a PKCS#3 DHparameter
+structure.
+
+The B<X509> functions process an X509 certificate using an X509
+structure. They will also process a trusted X509 certificate but
+any trust settings are discarded.
+
+The B<X509_AUX> functions process a trusted X509 certificate using
+an X509 structure. 
+
+The B<X509_REQ> and B<X509_REQ_NEW> functions process a PKCS#10
+certificate request using an X509_REQ structure. The B<X509_REQ>
+write functions use B<CERTIFICATE REQUEST> in the header whereas
+the B<X509_REQ_NEW> functions use B<NEW CERTIFICATE REQUEST>
+(as required by some CAs). The B<X509_REQ> read functions will
+handle either form so there are no B<X509_REQ_NEW> read functions.
+
+The B<X509_CRL> functions process an X509 CRL using an X509_CRL
+structure.
+
+The B<PKCS7> functions process a PKCS#7 ContentInfo using a PKCS7
+structure.
+
+The B<NETSCAPE_CERT_SEQUENCE> functions process a Netscape Certificate
+Sequence using a NETSCAPE_CERT_SEQUENCE structure.
+
+=head1 PEM FUNCTION ARGUMENTS
+
+The PEM functions have many common arguments.
+
+The B<bp> BIO parameter (if present) specifies the BIO to read from
+or write to.
+
+The B<fp> FILE parameter (if present) specifies the FILE pointer to
+read from or write to.
+
+The PEM read functions all take an argument B<TYPE **x> and return
+a B<TYPE *> pointer. Where B<TYPE> is whatever structure the function
+uses. If B<x> is NULL then the parameter is ignored. If B<x> is not
+NULL but B<*x> is NULL then the structure returned will be written
+to B<*x>. If neither B<x> nor B<*x> is NULL then an attempt is made
+to reuse the structure at B<*x> (but see BUGS and EXAMPLES sections).
+Irrespective of the value of B<x> a pointer to the structure is always
+returned (or NULL if an error occurred).
+
+The PEM functions which write private keys take an B<enc> parameter
+which specifies the encryption algorithm to use, encryption is done
+at the PEM level. If this parameter is set to NULL then the private
+key is written in unencrypted form.
+
+The B<cb> argument is the callback to use when querying for the pass
+phrase used for encrypted PEM structures (normally only private keys).
+
+For the PEM write routines if the B<kstr> parameter is not NULL then
+B<klen> bytes at B<kstr> are used as the passphrase and B<cb> is
+ignored.
+
+If the B<cb> parameters is set to NULL and the B<u> parameter is not
+NULL then the B<u> parameter is interpreted as a null terminated string
+to use as the passphrase. If both B<cb> and B<u> are NULL then the
+default callback routine is used which will typically prompt for the
+passphrase on the current terminal with echoing turned off.
+
+The default passphrase callback is sometimes inappropriate (for example
+in a GUI application) so an alternative can be supplied. The callback
+routine has the following form:
+
+ int cb(char *buf, int size, int rwflag, void *u);
+
+B<buf> is the buffer to write the passphrase to. B<size> is the maximum
+length of the passphrase (i.e. the size of buf). B<rwflag> is a flag
+which is set to 0 when reading and 1 when writing. A typical routine
+will ask the user to verify the passphrase (for example by prompting
+for it twice) if B<rwflag> is 1. The B<u> parameter has the same
+value as the B<u> parameter passed to the PEM routine. It allows
+arbitrary data to be passed to the callback by the application
+(for example a window handle in a GUI application). The callback
+B<must> return the number of characters in the passphrase or 0 if
+an error occurred.
+
+=head1 EXAMPLES
+
+Although the PEM routines take several arguments in almost all applications
+most of them are set to 0 or NULL.
+
+Read a certificate in PEM format from a BIO:
+
+ X509 *x;
+ x = PEM_read_bio(bp, NULL, 0, NULL);
+ if (x == NULL)
+	{
+	/* Error */
+	}
+
+Alternative method:
+
+ X509 *x = NULL;
+ if (!PEM_read_bio_X509(bp, &x, 0, NULL))
+	{
+	/* Error */
+	}
+
+Write a certificate to a BIO:
+
+ if (!PEM_write_bio_X509(bp, x))
+	{
+	/* Error */
+	}
+
+Write an unencrypted private key to a FILE pointer:
+
+ if (!PEM_write_PrivateKey(fp, key, NULL, NULL, 0, 0, NULL))
+	{
+	/* Error */
+	}
+
+Write a private key (using traditional format) to a BIO using
+triple DES encryption, the pass phrase is prompted for:
+
+ if (!PEM_write_bio_PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, NULL))
+	{
+	/* Error */
+	}
+
+Write a private key (using PKCS#8 format) to a BIO using triple
+DES encryption, using the pass phrase "hello":
+
+ if (!PEM_write_bio_PKCS8PrivateKey(bp, key, EVP_des_ede3_cbc(), NULL, 0, 0, "hello"))
+	{
+	/* Error */
+	}
+
+Read a private key from a BIO using the pass phrase "hello":
+
+ key = PEM_read_bio_PrivateKey(bp, NULL, 0, "hello");
+ if (key == NULL)
+	{
+	/* Error */
+	}
+
+Read a private key from a BIO using a pass phrase callback:
+
+ key = PEM_read_bio_PrivateKey(bp, NULL, pass_cb, "My Private Key");
+ if (key == NULL)
+	{
+	/* Error */
+	}
+
+Skeleton pass phrase callback:
+
+ int pass_cb(char *buf, int size, int rwflag, void *u);
+	{
+	int len;
+	char *tmp;
+	/* We'd probably do something else if 'rwflag' is 1 */
+	printf("Enter pass phrase for \"%s\"\n", u);
+
+	/* get pass phrase, length 'len' into 'tmp' */
+	tmp = "hello";
+	len = strlen(tmp);
+
+	if (len <= 0) return 0;
+	/* if too long, truncate */
+	if (len > size) len = size;
+	memcpy(buf, tmp, len);
+	return len;
+	}
+
+=head1 NOTES
+
+The old B<PrivateKey> write routines are retained for compatibility.
+New applications should write private keys using the
+PEM_write_bio_PKCS8PrivateKey() or PEM_write_PKCS8PrivateKey() routines
+because they are more secure (they use an iteration count of 2048 whereas
+the traditional routines use a count of 1) unless compatibility with older
+versions of OpenSSL is important.
+
+The B<PrivateKey> read routines can be used in all applications because
+they handle all formats transparently.
+
+A frequent cause of problems is attempting to use the PEM routines like
+this:
+
+ X509 *x;
+ PEM_read_bio_X509(bp, &x, 0, NULL);
+
+this is a bug because an attempt will be made to reuse the data at B<x>
+which is an uninitialised pointer.
+
+=head1 PEM ENCRYPTION FORMAT
+
+This old B<PrivateKey> routines use a non standard technique for encryption.
+
+The private key (or other data) takes the following form: 
+
+ -----BEGIN RSA PRIVATE KEY-----
+ Proc-Type: 4,ENCRYPTED
+ DEK-Info: DES-EDE3-CBC,3F17F5316E2BAC89
+
+ ...base64 encoded data...
+ -----END RSA PRIVATE KEY-----
+
+The line beginning DEK-Info contains two comma separated pieces of information:
+the encryption algorithm name as used by EVP_get_cipherbyname() and an 8
+byte B<salt> encoded as a set of hexadecimal digits.
+
+After this is the base64 encoded encrypted data.
+
+The encryption key is determined using EVP_bytestokey(), using B<salt> and an
+iteration count of 1. The IV used is the value of B<salt> and *not* the IV
+returned by EVP_bytestokey().
+
+=head1 BUGS
+
+The PEM read routines in some versions of OpenSSL will not correctly reuse
+an existing structure. Therefore the following:
+
+ PEM_read_bio(bp, &x, 0, NULL);
+
+where B<x> already contains a valid certificate, may not work, whereas: 
+
+ X509_free(x);
+ x = PEM_read_bio(bp, NULL, 0, NULL);
+
+is guaranteed to work.
+
+=head1 RETURN CODES
+
+The read routines return either a pointer to the structure read or NULL
+is an error occurred.
+
+The write routines return 1 for success or 0 for failure.
diff --git a/doc/crypto/rand.pod b/doc/crypto/rand.pod
new file mode 100644
index 0000000000..1c068c85b3
--- /dev/null
+++ b/doc/crypto/rand.pod
@@ -0,0 +1,175 @@
+=pod
+
+=head1 NAME
+
+rand - pseudo-random number generator
+
+=head1 SYNOPSIS
+
+ #include <openssl/rand.h>
+
+ int  RAND_set_rand_engine(ENGINE *engine);
+
+ int  RAND_bytes(unsigned char *buf, int num);
+ int  RAND_pseudo_bytes(unsigned char *buf, int num);
+
+ void RAND_seed(const void *buf, int num);
+ void RAND_add(const void *buf, int num, int entropy);
+ int  RAND_status(void);
+
+ int  RAND_load_file(const char *file, long max_bytes);
+ int  RAND_write_file(const char *file);
+ const char *RAND_file_name(char *file, size_t num);
+
+ int  RAND_egd(const char *path);
+
+ void RAND_set_rand_method(const RAND_METHOD *meth);
+ const RAND_METHOD *RAND_get_rand_method(void);
+ RAND_METHOD *RAND_SSLeay(void);
+
+ void RAND_cleanup(void);
+
+ /* For Win32 only */
+ void RAND_screen(void);
+ int RAND_event(UINT, WPARAM, LPARAM);
+
+=head1 DESCRIPTION
+
+Since the introduction of the ENGINE API, the recommended way of controlling
+default implementations is by using the ENGINE API functions. The default
+B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by
+RAND_get_rand_method(), is only used if no ENGINE has been set as the default
+"rand" implementation. Hence, these two functions are no longer the recommened
+way to control defaults.
+
+If an alternative B<RAND_METHOD> implementation is being used (either set
+directly or as provided by an ENGINE module), then it is entirely responsible
+for the generation and management of a cryptographically secure PRNG stream. The
+mechanisms described below relate solely to the software PRNG implementation
+built in to OpenSSL and used by default.
+
+These functions implement a cryptographically secure pseudo-random
+number generator (PRNG). It is used by other library functions for
+example to generate random keys, and applications can use it when they
+need randomness.
+
+A cryptographic PRNG must be seeded with unpredictable data such as
+mouse movements or keys pressed at random by the user. This is
+described in L<RAND_add(3)|RAND_add(3)>. Its state can be saved in a seed file
+(see L<RAND_load_file(3)|RAND_load_file(3)>) to avoid having to go through the
+seeding process whenever the application is started.
+
+L<RAND_bytes(3)|RAND_bytes(3)> describes how to obtain random data from the
+PRNG. 
+
+=head1 INTERNALS
+
+The RAND_SSLeay() method implements a PRNG based on a cryptographic
+hash function.
+
+The following description of its design is based on the SSLeay
+documentation:
+
+First up I will state the things I believe I need for a good RNG.
+
+=over 4
+
+=item 1
+
+A good hashing algorithm to mix things up and to convert the RNG 'state'
+to random numbers.
+
+=item 2
+
+An initial source of random 'state'.
+
+=item 3
+
+The state should be very large.  If the RNG is being used to generate
+4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum).
+If your RNG state only has 128 bits, you are obviously limiting the
+search space to 128 bits, not 2048.  I'm probably getting a little
+carried away on this last point but it does indicate that it may not be
+a bad idea to keep quite a lot of RNG state.  It should be easier to
+break a cipher than guess the RNG seed data.
+
+=item 4
+
+Any RNG seed data should influence all subsequent random numbers
+generated.  This implies that any random seed data entered will have
+an influence on all subsequent random numbers generated.
+
+=item 5
+
+When using data to seed the RNG state, the data used should not be
+extractable from the RNG state.  I believe this should be a
+requirement because one possible source of 'secret' semi random
+data would be a private key or a password.  This data must
+not be disclosed by either subsequent random numbers or a
+'core' dump left by a program crash.
+
+=item 6
+
+Given the same initial 'state', 2 systems should deviate in their RNG state
+(and hence the random numbers generated) over time if at all possible.
+
+=item 7
+
+Given the random number output stream, it should not be possible to determine
+the RNG state or the next random number.
+
+=back
+
+The algorithm is as follows.
+
+There is global state made up of a 1023 byte buffer (the 'state'), a
+working hash value ('md'), and a counter ('count').
+
+Whenever seed data is added, it is inserted into the 'state' as
+follows.
+
+The input is chopped up into units of 20 bytes (or less for
+the last block).  Each of these blocks is run through the hash
+function as follows:  The data passed to the hash function
+is the current 'md', the same number of bytes from the 'state'
+(the location determined by in incremented looping index) as
+the current 'block', the new key data 'block', and 'count'
+(which is incremented after each use).
+The result of this is kept in 'md' and also xored into the
+'state' at the same locations that were used as input into the
+hash function. I
+believe this system addresses points 1 (hash function; currently
+SHA-1), 3 (the 'state'), 4 (via the 'md'), 5 (by the use of a hash
+function and xor).
+
+When bytes are extracted from the RNG, the following process is used.
+For each group of 10 bytes (or less), we do the following:
+
+Input into the hash function the local 'md' (which is initialized from
+the global 'md' before any bytes are generated), the bytes that are to
+be overwritten by the random bytes, and bytes from the 'state'
+(incrementing looping index). From this digest output (which is kept
+in 'md'), the top (up to) 10 bytes are returned to the caller and the
+bottom 10 bytes are xored into the 'state'.
+
+Finally, after we have finished 'num' random bytes for the caller,
+'count' (which is incremented) and the local and global 'md' are fed
+into the hash function and the results are kept in the global 'md'.
+
+I believe the above addressed points 1 (use of SHA-1), 6 (by hashing
+into the 'state' the 'old' data from the caller that is about to be
+overwritten) and 7 (by not using the 10 bytes given to the caller to
+update the 'state', but they are used to update 'md').
+
+So of the points raised, only 2 is not addressed (but see
+L<RAND_add(3)|RAND_add(3)>).
+
+=head1 SEE ALSO
+
+L<BN_rand(3)|BN_rand(3)>, L<RAND_add(3)|RAND_add(3)>,
+L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_egd(3)|RAND_egd(3)>,
+L<RAND_bytes(3)|RAND_bytes(3)>,
+L<RAND_set_rand_method(3)|RAND_set_rand_method(3)>,
+L<RAND_cleanup(3)|RAND_cleanup(3)> 
+
+=cut
diff --git a/doc/crypto/rc4.pod b/doc/crypto/rc4.pod
new file mode 100644
index 0000000000..b6d3a4342c
--- /dev/null
+++ b/doc/crypto/rc4.pod
@@ -0,0 +1,62 @@
+=pod
+
+=head1 NAME
+
+RC4_set_key, RC4 - RC4 encryption
+
+=head1 SYNOPSIS
+
+ #include <openssl/rc4.h>
+
+ void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+
+ void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
+          unsigned char *outdata);
+
+=head1 DESCRIPTION
+
+This library implements the Alleged RC4 cipher, which is described for
+example in I<Applied Cryptography>.  It is believed to be compatible
+with RC4[TM], a proprietary cipher of RSA Security Inc.
+
+RC4 is a stream cipher with variable key length.  Typically, 128 bit
+(16 byte) keys are used for strong encryption, but shorter insecure
+key sizes have been widely used due to export restrictions.
+
+RC4 consists of a key setup phase and the actual encryption or
+decryption phase.
+
+RC4_set_key() sets up the B<RC4_KEY> B<key> using the B<len> bytes long
+key at B<data>.
+
+RC4() encrypts or decrypts the B<len> bytes of data at B<indata> using
+B<key> and places the result at B<outdata>.  Repeated RC4() calls with
+the same B<key> yield a continuous key stream.
+
+Since RC4 is a stream cipher (the input is XORed with a pseudo-random
+key stream to produce the output), decryption uses the same function
+calls as encryption.
+
+Applications should use the higher level functions
+L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>
+etc. instead of calling the RC4 functions directly.
+
+=head1 RETURN VALUES
+
+RC4_set_key() and RC4() do not return values.
+
+=head1 NOTE
+
+Certain conditions have to be observed to securely use stream ciphers.
+It is not permissible to perform multiple encryptions using the same
+key stream.
+
+=head1 SEE ALSO
+
+L<blowfish(3)|blowfish(3)>, L<des(3)|des(3)>, L<rc2(3)|rc2(3)>
+
+=head1 HISTORY
+
+RC4_set_key() and RC4() are available in all versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/doc/crypto/ripemd.pod b/doc/crypto/ripemd.pod
new file mode 100644
index 0000000000..31054b6a8c
--- /dev/null
+++ b/doc/crypto/ripemd.pod
@@ -0,0 +1,66 @@
+=pod
+
+=head1 NAME
+
+RIPEMD160, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final -
+RIPEMD-160 hash function
+
+=head1 SYNOPSIS
+
+ #include <openssl/ripemd.h>
+
+ unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
+                  unsigned char *md);
+
+ void RIPEMD160_Init(RIPEMD160_CTX *c);
+ void RIPEMD160_Update(RIPEMD_CTX *c, const void *data,
+                  unsigned long len);
+ void RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
+
+=head1 DESCRIPTION
+
+RIPEMD-160 is a cryptographic hash function with a
+160 bit output.
+
+RIPEMD160() computes the RIPEMD-160 message digest of the B<n>
+bytes at B<d> and places it in B<md> (which must have space for
+RIPEMD160_DIGEST_LENGTH == 20 bytes of output). If B<md> is NULL, the digest
+is placed in a static array.
+
+The following functions may be used if the message is not completely
+stored in memory:
+
+RIPEMD160_Init() initializes a B<RIPEMD160_CTX> structure.
+
+RIPEMD160_Update() can be called repeatedly with chunks of the message to
+be hashed (B<len> bytes at B<data>).
+
+RIPEMD160_Final() places the message digest in B<md>, which must have
+space for RIPEMD160_DIGEST_LENGTH == 20 bytes of output, and erases
+the B<RIPEMD160_CTX>.
+
+Applications should use the higher level functions
+L<EVP_DigestInit(3)|EVP_DigestInit(3)> etc. instead of calling the
+hash functions directly.
+
+=head1 RETURN VALUES
+
+RIPEMD160() returns a pointer to the hash value. 
+
+RIPEMD160_Init(), RIPEMD160_Update() and RIPEMD160_Final() do not
+return values.
+
+=head1 CONFORMING TO
+
+ISO/IEC 10118-3 (draft) (??)
+
+=head1 SEE ALSO
+
+L<sha(3)|sha(3)>, L<hmac(3)|hmac(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+
+=head1 HISTORY
+
+RIPEMD160(), RIPEMD160_Init(), RIPEMD160_Update() and
+RIPEMD160_Final() are available since SSLeay 0.9.0.
+
+=cut
diff --git a/doc/crypto/rsa.pod b/doc/crypto/rsa.pod
new file mode 100644
index 0000000000..45ac53ffc1
--- /dev/null
+++ b/doc/crypto/rsa.pod
@@ -0,0 +1,123 @@
+=pod
+
+=head1 NAME
+
+rsa - RSA public key cryptosystem
+
+=head1 SYNOPSIS
+
+ #include <openssl/rsa.h>
+ #include <openssl/engine.h>
+
+ RSA * RSA_new(void);
+ void RSA_free(RSA *rsa);
+
+ int RSA_public_encrypt(int flen, unsigned char *from,
+    unsigned char *to, RSA *rsa, int padding);
+ int RSA_private_decrypt(int flen, unsigned char *from,
+    unsigned char *to, RSA *rsa, int padding);
+ int RSA_private_encrypt(int flen, unsigned char *from,
+    unsigned char *to, RSA *rsa,int padding);
+ int RSA_public_decrypt(int flen, unsigned char *from, 
+    unsigned char *to, RSA *rsa,int padding);
+
+ int RSA_sign(int type, unsigned char *m, unsigned int m_len,
+    unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+ int RSA_verify(int type, unsigned char *m, unsigned int m_len,
+    unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+
+ int RSA_size(const RSA *rsa);
+
+ RSA *RSA_generate_key(int num, unsigned long e,
+    void (*callback)(int,int,void *), void *cb_arg);
+
+ int RSA_check_key(RSA *rsa);
+
+ int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+ void RSA_blinding_off(RSA *rsa);
+
+ void RSA_set_default_method(const RSA_METHOD *meth);
+ const RSA_METHOD *RSA_get_default_method(void);
+ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+ const RSA_METHOD *RSA_get_method(const RSA *rsa);
+ RSA_METHOD *RSA_PKCS1_SSLeay(void);
+ RSA_METHOD *RSA_null_method(void);
+ int RSA_flags(const RSA *rsa);
+ RSA *RSA_new_method(ENGINE *engine);
+
+ int RSA_print(BIO *bp, RSA *x, int offset);
+ int RSA_print_fp(FILE *fp, RSA *x, int offset);
+
+ int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
+    int (*dup_func)(), void (*free_func)());
+ int RSA_set_ex_data(RSA *r,int idx,char *arg);
+ char *RSA_get_ex_data(RSA *r, int idx);
+
+ int RSA_sign_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+    unsigned int m_len, unsigned char *sigret, unsigned int *siglen,
+    RSA *rsa);
+ int RSA_verify_ASN1_OCTET_STRING(int dummy, unsigned char *m,
+    unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
+    RSA *rsa);
+
+=head1 DESCRIPTION
+
+These functions implement RSA public key encryption and signatures
+as defined in PKCS #1 v2.0 [RFC 2437].
+
+The B<RSA> structure consists of several BIGNUM components. It can
+contain public as well as private RSA keys:
+
+ struct
+        {
+        BIGNUM *n;		// public modulus
+        BIGNUM *e;		// public exponent
+        BIGNUM *d;		// private exponent
+        BIGNUM *p;		// secret prime factor
+        BIGNUM *q;		// secret prime factor
+        BIGNUM *dmp1;		// d mod (p-1)
+        BIGNUM *dmq1;		// d mod (q-1)
+        BIGNUM *iqmp;		// q^-1 mod p
+	// ...
+        };
+ RSA
+
+In public keys, the private exponent and the related secret values are
+B<NULL>.
+
+B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private
+keys, but the RSA operations are much faster when these values are
+available.
+
+Note that RSA keys may use non-standard B<RSA_METHOD> implementations,
+either directly or by the use of B<ENGINE> modules. In some cases (eg. an
+ENGINE providing support for hardware-embedded keys), these BIGNUM values
+will not be used by the implementation or may be used for alternative data
+storage. For this reason, applications should generally avoid using RSA
+structure elements directly and instead use API functions to query or
+modify keys.
+
+=head1 CONFORMING TO
+
+SSL, PKCS #1 v2.0
+
+=head1 PATENTS
+
+RSA was covered by a US patent which expired in September 2000.
+
+=head1 SEE ALSO
+
+L<rsa(1)|rsa(1)>, L<bn(3)|bn(3)>, L<dsa(3)|dsa(3)>, L<dh(3)|dh(3)>,
+L<rand(3)|rand(3)>, L<engine(3)|engine(3)>, L<RSA_new(3)|RSA_new(3)>,
+L<RSA_public_encrypt(3)|RSA_public_encrypt(3)>,
+L<RSA_sign(3)|RSA_sign(3)>, L<RSA_size(3)|RSA_size(3)>,
+L<RSA_generate_key(3)|RSA_generate_key(3)>,
+L<RSA_check_key(3)|RSA_check_key(3)>,
+L<RSA_blinding_on(3)|RSA_blinding_on(3)>,
+L<RSA_set_method(3)|RSA_set_method(3)>, L<RSA_print(3)|RSA_print(3)>,
+L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
+L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
+L<RSA_sign_ASN1_OCTET_STRING(3)|RSA_sign_ASN1_OCTET_STRING(3)>,
+L<RSA_padding_add_PKCS1_type_1(3)|RSA_padding_add_PKCS1_type_1(3)> 
+
+=cut
diff --git a/doc/crypto/sha.pod b/doc/crypto/sha.pod
new file mode 100644
index 0000000000..0ba315d6d7
--- /dev/null
+++ b/doc/crypto/sha.pod
@@ -0,0 +1,70 @@
+=pod
+
+=head1 NAME
+
+SHA1, SHA1_Init, SHA1_Update, SHA1_Final - Secure Hash Algorithm
+
+=head1 SYNOPSIS
+
+ #include <openssl/sha.h>
+
+ unsigned char *SHA1(const unsigned char *d, unsigned long n,
+                  unsigned char *md);
+
+ void SHA1_Init(SHA_CTX *c);
+ void SHA1_Update(SHA_CTX *c, const void *data,
+                  unsigned long len);
+ void SHA1_Final(unsigned char *md, SHA_CTX *c);
+
+=head1 DESCRIPTION
+
+SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a
+160 bit output.
+
+SHA1() computes the SHA-1 message digest of the B<n>
+bytes at B<d> and places it in B<md> (which must have space for
+SHA_DIGEST_LENGTH == 20 bytes of output). If B<md> is NULL, the digest
+is placed in a static array.
+
+The following functions may be used if the message is not completely
+stored in memory:
+
+SHA1_Init() initializes a B<SHA_CTX> structure.
+
+SHA1_Update() can be called repeatedly with chunks of the message to
+be hashed (B<len> bytes at B<data>).
+
+SHA1_Final() places the message digest in B<md>, which must have space
+for SHA_DIGEST_LENGTH == 20 bytes of output, and erases the B<SHA_CTX>.
+
+Applications should use the higher level functions
+L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+etc. instead of calling the hash functions directly.
+
+The predecessor of SHA-1, SHA, is also implemented, but it should be
+used only when backward compatibility is required.
+
+=head1 RETURN VALUES
+
+SHA1() returns a pointer to the hash value. 
+
+SHA1_Init(), SHA1_Update() and SHA1_Final() do not return values.
+
+=head1 CONFORMING TO
+
+SHA: US Federal Information Processing Standard FIPS PUB 180 (Secure Hash
+Standard),
+SHA-1: US Federal Information Processing Standard FIPS PUB 180-1 (Secure Hash
+Standard),
+ANSI X9.30
+
+=head1 SEE ALSO
+
+L<ripemd(3)|ripemd(3)>, L<hmac(3)|hmac(3)>, L<EVP_DigestInit(3)|EVP_DigestInit(3)>
+
+=head1 HISTORY
+
+SHA1(), SHA1_Init(), SHA1_Update() and SHA1_Final() are available in all
+versions of SSLeay and OpenSSL.
+
+=cut
diff --git a/doc/crypto/threads.pod b/doc/crypto/threads.pod
new file mode 100644
index 0000000000..afa45cd76c
--- /dev/null
+++ b/doc/crypto/threads.pod
@@ -0,0 +1,158 @@
+=pod
+
+=head1 NAME
+
+CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks,
+CRYPTO_set_dynlock_create_callback, CRYPTO_set_dynlock_lock_callback,
+CRYPTO_set_dynlock_destroy_callback, CRYPTO_get_new_dynlockid,
+CRYPTO_destroy_dynlockid, CRYPTO_lock - OpenSSL thread support
+
+=head1 SYNOPSIS
+
+ #include <openssl/crypto.h>
+
+ void CRYPTO_set_locking_callback(void (*locking_function)(int mode,
+        int n, const char *file, int line));
+
+ void CRYPTO_set_id_callback(unsigned long (*id_function)(void));
+
+ int CRYPTO_num_locks(void);
+
+
+ /* struct CRYPTO_dynlock_value needs to be defined by the user */
+ struct CRYPTO_dynlock_value;
+
+ void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *
+	(*dyn_create_function)(char *file, int line));
+ void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)
+	(int mode, struct CRYPTO_dynlock_value *l,
+	const char *file, int line));
+ void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)
+	(struct CRYPTO_dynlock_value *l, const char *file, int line));
+
+ int CRYPTO_get_new_dynlockid(void);
+
+ void CRYPTO_destroy_dynlockid(int i);
+
+ void CRYPTO_lock(int mode, int n, const char *file, int line);
+
+ #define CRYPTO_w_lock(type)	\
+	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+ #define CRYPTO_w_unlock(type)	\
+	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,__FILE__,__LINE__)
+ #define CRYPTO_r_lock(type)	\
+	CRYPTO_lock(CRYPTO_LOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+ #define CRYPTO_r_unlock(type)	\
+	CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__)
+ #define CRYPTO_add(addr,amount,type)	\
+	CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__)
+
+=head1 DESCRIPTION
+
+OpenSSL can safely be used in multi-threaded applications provided
+that at least two callback functions are set.
+
+locking_function(int mode, int n, const char *file, int line) is
+needed to perform locking on shared data structures. 
+(Note that OpenSSL uses a number of global data structures that
+will be implicitly shared whenever multiple threads use OpenSSL.)
+Multi-threaded applications will crash at random if it is not set.
+
+locking_function() must be able to handle up to CRYPTO_num_locks()
+different mutex locks. It sets the B<n>-th lock if B<mode> &
+B<CRYPTO_LOCK>, and releases it otherwise.
+
+B<file> and B<line> are the file number of the function setting the
+lock. They can be useful for debugging.
+
+id_function(void) is a function that returns a thread ID. It is not
+needed on Windows nor on platforms where getpid() returns a different
+ID for each thread (most notably Linux).
+
+Additionally, OpenSSL supports dynamic locks, and sometimes, some parts
+of OpenSSL need it for better performance.  To enable this, the following
+is required:
+
+=over 4
+
+=item *
+Three additional callback function, dyn_create_function, dyn_lock_function
+and dyn_destroy_function.
+
+=item *
+A structure defined with the data that each lock needs to handle.
+
+=back
+
+struct CRYPTO_dynlock_value has to be defined to contain whatever structure
+is needed to handle locks.
+
+dyn_create_function(const char *file, int line) is needed to create a
+lock.  Multi-threaded applications might crash at random if it is not set.
+
+dyn_lock_function(int mode, CRYPTO_dynlock *l, const char *file, int line)
+is needed to perform locking off dynamic lock numbered n. Multi-threaded
+applications might crash at random if it is not set.
+
+dyn_destroy_function(CRYPTO_dynlock *l, const char *file, int line) is
+needed to destroy the lock l. Multi-threaded applications might crash at
+random if it is not set.
+
+CRYPTO_get_new_dynlockid() is used to create locks.  It will call
+dyn_create_function for the actual creation.
+
+CRYPTO_destroy_dynlockid() is used to destroy locks.  It will call
+dyn_destroy_function for the actual destruction.
+
+CRYPTO_lock() is used to lock and unlock the locks.  mode is a bitfield
+describing what should be done with the lock.  n is the number of the
+lock as returned from CRYPTO_get_new_dynlockid().  mode can be combined
+from the following values.  These values are pairwise exclusive, with
+undefined behaviour if misused (for example, CRYPTO_READ and CRYPTO_WRITE
+should not be used together):
+
+	CRYPTO_LOCK	0x01
+	CRYPTO_UNLOCK	0x02
+	CRYPTO_READ	0x04
+	CRYPTO_WRITE	0x08
+
+=head1 RETURN VALUES
+
+CRYPTO_num_locks() returns the required number of locks.
+
+CRYPTO_get_new_dynlockid() returns the index to the newly created lock.
+
+The other functions return no values.
+
+=head1 NOTE
+
+You can find out if OpenSSL was configured with thread support:
+
+ #define OPENSSL_THREAD_DEFINES
+ #include <openssl/opensslconf.h>
+ #if defined(THREADS)
+   // thread support enabled
+ #else
+   // no thread support
+ #endif
+
+Also, dynamic locks are currently not used internally by OpenSSL, but
+may do so in the future.
+
+=head1 EXAMPLES
+
+B<crypto/threads/mttest.c> shows examples of the callback functions on
+Solaris, Irix and Win32.
+
+=head1 HISTORY
+
+CRYPTO_set_locking_callback() and CRYPTO_set_id_callback() are
+available in all versions of SSLeay and OpenSSL.
+CRYPTO_num_locks() was added in OpenSSL 0.9.4.
+All functions dealing with dynamic locks were added in OpenSSL 0.9.5b-dev.
+
+=head1 SEE ALSO
+
+L<crypto(3)|crypto(3)>
+
+=cut
diff --git a/doc/crypto/ui.pod b/doc/crypto/ui.pod
new file mode 100644
index 0000000000..2b3535a746
--- /dev/null
+++ b/doc/crypto/ui.pod
@@ -0,0 +1,194 @@
+=pod
+
+=head1 NAME
+
+UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
+UI_add_verify_string, UI_dup_verify_string, UI_add_input_boolean,
+UI_dup_input_boolean, UI_add_info_string, UI_dup_info_string,
+UI_add_error_string, UI_dup_error_string, UI_construct_prompt
+UI_add_user_data, UI_get0_user_data, UI_get0_result, UI_process,
+UI_ctrl, UI_set_default_method, UI_get_default_method, UI_get_method,
+UI_set_method, UI_OpenSSL, ERR_load_UI_strings - New User Interface
+
+=head1 SYNOPSIS
+
+ #include <openssl/ui.h>
+
+ typedef struct ui_st UI;
+ typedef struct ui_method_st UI_METHOD;
+
+ UI *UI_new(void);
+ UI *UI_new_method(const UI_METHOD *method);
+ void UI_free(UI *ui);
+
+ int UI_add_input_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize);
+ int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize);
+ int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize, const char *test_buf);
+ int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+	char *result_buf, int minsize, int maxsize, const char *test_buf);
+ int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+	const char *ok_chars, const char *cancel_chars,
+	int flags, char *result_buf);
+ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+	const char *ok_chars, const char *cancel_chars,
+	int flags, char *result_buf);
+ int UI_add_info_string(UI *ui, const char *text);
+ int UI_dup_info_string(UI *ui, const char *text);
+ int UI_add_error_string(UI *ui, const char *text);
+ int UI_dup_error_string(UI *ui, const char *text);
+
+ /* These are the possible flags.  They can be or'ed together. */
+ #define UI_INPUT_FLAG_ECHO		0x01
+ #define UI_INPUT_FLAG_DEFAULT_PWD	0x02
+
+ char *UI_construct_prompt(UI *ui_method,
+	const char *object_desc, const char *object_name);
+
+ void *UI_add_user_data(UI *ui, void *user_data);
+ void *UI_get0_user_data(UI *ui);
+
+ const char *UI_get0_result(UI *ui, int i);
+
+ int UI_process(UI *ui);
+
+ int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)());
+ #define UI_CTRL_PRINT_ERRORS		1
+ #define UI_CTRL_IS_REDOABLE		2
+
+ void UI_set_default_method(const UI_METHOD *meth);
+ const UI_METHOD *UI_get_default_method(void);
+ const UI_METHOD *UI_get_method(UI *ui);
+ const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
+
+ UI_METHOD *UI_OpenSSL(void);
+
+=head1 DESCRIPTION
+
+UI stands for User Interface, and is general purpose set of routines to
+prompt the user for text-based information.  Through user-written methods
+(see L<ui_create(3)|ui_create(3)>), prompting can be done in any way
+imaginable, be it plain text prompting, through dialog boxes or from a
+cell phone.
+
+All the functions work through a context of the type UI.  This context
+contains all the information needed to prompt correctly as well as a
+reference to a UI_METHOD, which is an ordered vector of functions that
+carry out the actual prompting.
+
+The first thing to do is to create a UI with UI_new() or UI_new_method(),
+then add information to it with the UI_add or UI_dup functions.  Also,
+user-defined random data can be passed down to the underlying method
+through calls to UI_add_user_data.  The default UI method doesn't care
+about these data, but other methods might.  Finally, use UI_process()
+to actually perform the prompting and UI_get0_result() to find the result
+to the prompt.
+
+A UI can contain more than one prompt, which are performed in the given
+sequence.  Each prompt gets an index number which is returned by the
+UI_add and UI_dup functions, and has to be used to get the corresponding
+result with UI_get0_result().
+
+The functions are as follows:
+
+UI_new() creates a new UI using the default UI method.  When done with
+this UI, it should be freed using UI_free().
+
+UI_new_method() creates a new UI using the given UI method.  When done with
+this UI, it should be freed using UI_free().
+
+UI_OpenSSL() returns the built-in UI method (note: not the default one,
+since the default can be changed.  See further on).  This method is the
+most machine/OS dependent part of OpenSSL and normally generates the
+most problems when porting.
+
+UI_free() removes a UI from memory, along with all other pieces of memory
+that's connected to it, like duplicated input strings, results and others.
+
+UI_add_input_string() and UI_add_verify_string() add a prompt to the UI,
+as well as flags and a result buffer and the desired minimum and maximum
+sizes of the result.  The given information is used to prompt for
+information, for example a password, and to verify a password (i.e. having
+the user enter it twice and check that the same string was entered twice).
+UI_add_verify_string() takes and extra argument that should be a pointer
+to the result buffer of the input string that it's supposed to verify, or
+verification will fail.
+
+UI_add_input_boolean() adds a prompt to the UI that's supposed to be answered
+in a boolean way, with a single character for yes and a different character
+for no.  A set of characters that can be used to cancel the prompt is given
+as well.  The prompt itself is really divided in two, one part being the
+descriptive text (given through the I<prompt> argument) and one describing
+the possible answers (given through the I<action_desc> argument).
+
+UI_add_info_string() and UI_add_error_string() add strings that are shown at
+the same time as the prompt for extra information or to show an error string.
+The difference between the two is only conceptual.  With the builtin method,
+there's no technical difference between them.  Other methods may make a
+difference between them, however.
+
+The flags currently supported are UI_INPUT_FLAG_ECHO, which is relevant for
+UI_add_input_string() and will have the users response be echoed (when
+prompting for a password, this flag should obviously not be used, and
+UI_INPUT_FLAG_DEFAULT_PWD, which means that a default password of some
+sort will be used (completely depending on the application and the UI
+method).
+
+UI_dup_input_string(), UI_dup_verify_string(), UI_dup_input_boolean(),
+UI_dup_info_string() and UI_dup_error_string() are basically the same
+as their UI_add counterparts, except that they make their own copies
+of all strings.
+
+UI_construct_prompt() is a helper function that can be used to create
+a prompt from two pieces of information: an description and a name.
+The default constructor (if there is none provided by the method used)
+creates a string "Enter I<description> for I<name>:".  With the
+description "pass phrase" and the file name "foo.key", that becomes
+"Enter pass phrase for foo.key:".  Other methods may create whatever
+string and may include encodings that will be processed by the other
+method functions.
+
+UI_add_user_data() adds a piece of memory for the method to use at any
+time.  The builtin UI method doesn't care about this info.  Note that several
+calls to this function doesn't add data, it replaces the previous blob
+with the one given as argument.
+
+UI_get0_user_data() retrieves the data that has last been given to the
+UI with UI_add_user_data().
+
+UI_get0_result() returns a pointer to the result buffer associated with
+the information indexed by I<i>.
+
+UI_process() goes through the information given so far, does all the printing
+and prompting and returns.
+
+UI_ctrl() adds extra control for the application author.  For now, it
+understands two commands: UI_CTRL_PRINT_ERRORS, which makes UI_process()
+print the OpenSSL error stack as part of processing the UI, and
+UI_CTRL_IS_REDOABLE, which returns a flag saying if the used UI can
+be used again or not.
+
+UI_set_default_method() changes the default UI method to the one given.
+
+UI_get_default_method() returns a pointer to the current default UI method.
+
+UI_get_method() returns the UI method associated with a given UI.
+
+UI_set_method() changes the UI method associated with a given UI.
+
+=head1 SEE ALSO
+
+L<ui_create(3)|ui_create(3)>, L<ui_compat(3)|ui_compat(3)>
+
+=head1 HISTORY
+
+The UI section was first introduced in OpenSSL 0.9.7.
+
+=head1 AUTHOR
+
+Richard Levitte (richard@levitte.org) for the OpenSSL project
+(http://www.openssl.org).
+
+=cut
diff --git a/doc/crypto/ui_compat.pod b/doc/crypto/ui_compat.pod
new file mode 100644
index 0000000000..9ab3c69bf2
--- /dev/null
+++ b/doc/crypto/ui_compat.pod
@@ -0,0 +1,55 @@
+=pod
+
+=head1 NAME
+
+des_read_password, des_read_2passwords, des_read_pw_string, des_read_pw -
+Compatibility user interface functions
+
+=head1 SYNOPSIS
+
+ int des_read_password(DES_cblock *key,const char *prompt,int verify);
+ int des_read_2passwords(DES_cblock *key1,DES_cblock *key2,
+ 	const char *prompt,int verify);
+
+ int des_read_pw_string(char *buf,int length,const char *prompt,int verify);
+ int des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
+
+=head1 DESCRIPTION
+
+The DES library contained a few routines to prompt for passwords.  These
+aren't necessarely dependent on DES, and have therefore become part of the
+UI compatibility library.
+
+des_read_pw() writes the string specified by I<prompt> to standard output
+turns echo off and reads an input string from the terminal.  The string is
+returned in I<buf>, which must have spac for at least I<size> bytes.
+If I<verify> is set, the user is asked for the password twice and unless
+the two copies match, an error is returned.  The second password is stored
+in I<buff>, which must therefore also be at least I<size> bytes.  A return
+code of -1 indicates a system error, 1 failure due to use interaction, and
+0 is success.  All other functions described here use des_read_pw() to do
+the work.
+
+des_read_pw_string() is a variant of des_read_pw() that provides a buffer
+for you if I<verify> is set.
+
+des_read_password() calls des_read_pw() and converts the password to a
+DES key by calling DES_string_to_key(); des_read_2password() operates in
+the same way as des_read_password() except that it generates two keys
+by using the DES_string_to_2key() function.
+
+=head1 NOTES
+
+des_read_pw_string() is available in the MIT Kerberos library as well, and
+is also available under the name EVP_read_pw_string().
+
+=head1 SEE ALSO
+
+L<ui(3)|ui(3)>, L<ui_create(3)|ui_create(3)>
+
+=head1 AUTHOR
+
+Richard Levitte (richard@levitte.org) for the OpenSSL project
+(http://www.openssl.org).
+
+=cut
diff --git a/doc/danger b/doc/danger
deleted file mode 100644
index d71b1b7489..0000000000
--- a/doc/danger
+++ /dev/null
@@ -1,8 +0,0 @@
-If you specify a SSLv2 cipher, and the mode is SSLv23 and the server
-can talk SSLv3, it will claim there is no cipher since you should be
-using SSLv3.
-
-When tracing debug stuff, remember BIO_s_socket() is different to
-BIO_s_connect().
-
-BSD/OS assember is not working
diff --git a/doc/des.doc b/doc/des.doc
deleted file mode 100644
index 5879d968f3..0000000000
--- a/doc/des.doc
+++ /dev/null
@@ -1,505 +0,0 @@
-The DES library.
-
-Please note that this library was originally written to operate with
-eBones, a version of Kerberos that had had encryption removed when it left
-the USA and then put back in.  As such there are some routines that I will
-advise not using but they are still in the library for historical reasons.
-For all calls that have an 'input' and 'output' variables, they can be the
-same.
-
-This library requires the inclusion of 'des.h'.
-
-All of the encryption functions take what is called a des_key_schedule as an 
-argument.  A des_key_schedule is an expanded form of the des key.
-A des_key is 8 bytes of odd parity, the type used to hold the key is a
-des_cblock.  A des_cblock is an array of 8 bytes, often in this library
-description I will refer to input bytes when the function specifies
-des_cblock's as input or output, this just means that the variable should
-be a multiple of 8 bytes.
-
-The define DES_ENCRYPT is passed to specify encryption, DES_DECRYPT to
-specify decryption.  The functions and global variable are as follows:
-
-int des_check_key;
-	DES keys are supposed to be odd parity.  If this variable is set to
-	a non-zero value, des_set_key() will check that the key has odd
-	parity and is not one of the known weak DES keys.  By default this
-	variable is turned off;
-	
-void des_set_odd_parity(
-des_cblock *key );
-	This function takes a DES key (8 bytes) and sets the parity to odd.
-	
-int des_is_weak_key(
-des_cblock *key );
-	This function returns a non-zero value if the DES key passed is a
-	weak, DES key.  If it is a weak key, don't use it, try a different
-	one.  If you are using 'random' keys, the chances of hitting a weak
-	key are 1/2^52 so it is probably not worth checking for them.
-	
-int des_set_key(
-des_cblock *key,
-des_key_schedule schedule);
-	Des_set_key converts an 8 byte DES key into a des_key_schedule.
-	A des_key_schedule is an expanded form of the key which is used to
-	perform actual encryption.  It can be regenerated from the DES key
-	so it only needs to be kept when encryption or decryption is about
-	to occur.  Don't save or pass around des_key_schedule's since they
-	are CPU architecture dependent, DES keys are not.  If des_check_key
-	is non zero, zero is returned if the key has the wrong parity or
-	the key is a weak key, else 1 is returned.
-	
-int des_key_sched(
-des_cblock *key,
-des_key_schedule schedule);
-	An alternative name for des_set_key().
-
-int des_rw_mode;		/* defaults to DES_PCBC_MODE */
-	This flag holds either DES_CBC_MODE or DES_PCBC_MODE (default).
-	This specifies the function to use in the enc_read() and enc_write()
-	functions.
-
-void des_encrypt(
-unsigned long *data,
-des_key_schedule ks,
-int enc);
-	This is the DES encryption function that gets called by just about
-	every other DES routine in the library.  You should not use this
-	function except to implement 'modes' of DES.  I say this because the
-	functions that call this routine do the conversion from 'char *' to
-	long, and this needs to be done to make sure 'non-aligned' memory
-	access do not occur.  The characters are loaded 'little endian',
-	have a look at my source code for more details on how I use this
-	function.
-	Data is a pointer to 2 unsigned long's and ks is the
-	des_key_schedule to use.  enc, is non zero specifies encryption,
-	zero if decryption.
-
-void des_encrypt2(
-unsigned long *data,
-des_key_schedule ks,
-int enc);
-	This functions is the same as des_encrypt() except that the DES
-	initial permutation (IP) and final permutation (FP) have been left
-	out.  As for des_encrypt(), you should not use this function.
-	It is used by the routines in my library that implement triple DES.
-	IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same
-	as des_encrypt() des_encrypt() des_encrypt() except faster :-).
-
-void des_ecb_encrypt(
-des_cblock *input,
-des_cblock *output,
-des_key_schedule ks,
-int enc);
-	This is the basic Electronic Code Book form of DES, the most basic
-	form.  Input is encrypted into output using the key represented by
-	ks.  If enc is non zero (DES_ENCRYPT), encryption occurs, otherwise
-	decryption occurs.  Input is 8 bytes long and output is 8 bytes.
-	(the des_cblock structure is 8 chars).
-	
-void des_ecb3_encrypt(
-des_cblock *input,
-des_cblock *output,
-des_key_schedule ks1,
-des_key_schedule ks2,
-des_key_schedule ks3,
-int enc);
-	This is the 3 key EDE mode of ECB DES.  What this means is that 
-	the 8 bytes of input is encrypted with ks1, decrypted with ks2 and
-	then encrypted again with ks3, before being put into output;
-	C=E(ks3,D(ks2,E(ks1,M))).  There is a macro, des_ecb2_encrypt()
-	that only takes 2 des_key_schedules that implements,
-	C=E(ks1,D(ks2,E(ks1,M))) in that the final encrypt is done with ks1.
-	
-void des_cbc_encrypt(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int enc);
-	This routine implements DES in Cipher Block Chaining mode.
-	Input, which should be a multiple of 8 bytes is encrypted
-	(or decrypted) to output which will also be a multiple of 8 bytes.
-	The number of bytes is in length (and from what I've said above,
-	should be a multiple of 8).  If length is not a multiple of 8, I'm
-	not being held responsible :-).  ivec is the initialisation vector.
-	This function does not modify this variable.  To correctly implement
-	cbc mode, you need to do one of 2 things; copy the last 8 bytes of
-	cipher text for use as the next ivec in your application,
-	or use des_ncbc_encrypt(). 
-	Only this routine has this problem with updating the ivec, all
-	other routines that are implementing cbc mode update ivec.
-	
-void des_ncbc_encrypt(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule sk,
-des_cblock *ivec,
-int enc);
-	For historical reasons, des_cbc_encrypt() did not update the
-	ivec with the value requires so that subsequent calls to
-	des_cbc_encrypt() would 'chain'.  This was needed so that the same
-	'length' values would not need to be used when decrypting.
-	des_ncbc_encrypt() does the right thing.  It is the same as
-	des_cbc_encrypt accept that ivec is updates with the correct value
-	to pass in subsequent calls to des_ncbc_encrypt().  I advise using
-	des_ncbc_encrypt() instead of des_cbc_encrypt();
-
-void des_xcbc_encrypt(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule sk,
-des_cblock *ivec,
-des_cblock *inw,
-des_cblock *outw,
-int enc);
-	This is RSA's DESX mode of DES.  It uses inw and outw to
-	'whiten' the encryption.  inw and outw are secret (unlike the iv)
-	and are as such, part of the key.  So the key is sort of 24 bytes.
-	This is much better than cbc des.
-	
-void des_3cbc_encrypt(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule sk1,
-des_key_schedule sk2,
-des_cblock *ivec1,
-des_cblock *ivec2,
-int enc);
-	This function is flawed, do not use it.  I have left it in the
-	library because it is used in my des(1) program and will function
-	correctly when used by des(1).  If I removed the function, people
-	could end up unable to decrypt files.
-	This routine implements outer triple cbc encryption using 2 ks and
-	2 ivec's.  Use des_ede2_cbc_encrypt() instead.
-	
-void des_ede3_cbc_encrypt(
-des_cblock *input,
-des_cblock *output, 
-long length,
-des_key_schedule ks1,
-des_key_schedule ks2, 
-des_key_schedule ks3, 
-des_cblock *ivec,
-int enc);
-	This function implements outer triple CBC DES encryption with 3
-	keys.  What this means is that each 'DES' operation
-	inside the cbc mode is really an C=E(ks3,D(ks2,E(ks1,M))).
-	Again, this is cbc mode so an ivec is requires.
-	This mode is used by SSL.
-	There is also a des_ede2_cbc_encrypt() that only uses 2
-	des_key_schedule's, the first being reused for the final
-	encryption.  C=E(ks1,D(ks2,E(ks1,M))).  This form of triple DES
-	is used by the RSAref library.
-	
-void des_pcbc_encrypt(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int enc);
-	This is Propagating Cipher Block Chaining mode of DES.  It is used
-	by Kerberos v4.  It's parameters are the same as des_ncbc_encrypt().
-	
-void des_cfb_encrypt(
-unsigned char *in,
-unsigned char *out,
-int numbits,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int enc);
-	Cipher Feedback Back mode of DES.  This implementation 'feeds back'
-	in numbit blocks.  The input (and output) is in multiples of numbits
-	bits.  numbits should to be a multiple of 8 bits.  Length is the
-	number of bytes input.  If numbits is not a multiple of 8 bits,
-	the extra bits in the bytes will be considered padding.  So if
-	numbits is 12, for each 2 input bytes, the 4 high bits of the
-	second byte will be ignored.  So to encode 72 bits when using
-	a numbits of 12 take 12 bytes.  To encode 72 bits when using
-	numbits of 9 will take 16 bytes.  To encode 80 bits when using
-	numbits of 16 will take 10 bytes. etc, etc.  This padding will
-	apply to both input and output.
-
-	
-void des_cfb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int *num,
-int enc);
-	This is one of the more useful functions in this DES library, it
-	implements CFB mode of DES with 64bit feedback.  Why is this
-	useful you ask?  Because this routine will allow you to encrypt an
-	arbitrary number of bytes, no 8 byte padding.  Each call to this
-	routine will encrypt the input bytes to output and then update ivec
-	and num.  num contains 'how far' we are though ivec.  If this does
-	not make much sense, read more about cfb mode of DES :-).
-	
-void des_ede3_cfb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-des_key_schedule ks1,
-des_key_schedule ks2,
-des_key_schedule ks3,
-des_cblock *ivec,
-int *num,
-int enc);
-	Same as des_cfb64_encrypt() accept that the DES operation is
-	triple DES.  As usual, there is a macro for
-	des_ede2_cfb64_encrypt() which reuses ks1.
-
-void des_ofb_encrypt(
-unsigned char *in,
-unsigned char *out,
-int numbits,
-long length,
-des_key_schedule ks,
-des_cblock *ivec);
-	This is a implementation of Output Feed Back mode of DES.  It is
-	the same as des_cfb_encrypt() in that numbits is the size of the
-	units dealt with during input and output (in bits).
-	
-void des_ofb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int *num);
-	The same as des_cfb64_encrypt() except that it is Output Feed Back
-	mode.
-
-void des_ede3_ofb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-des_key_schedule ks1,
-des_key_schedule ks2,
-des_key_schedule ks3,
-des_cblock *ivec,
-int *num);
-	Same as des_ofb64_encrypt() accept that the DES operation is
-	triple DES.  As usual, there is a macro for
-	des_ede2_ofb64_encrypt() which reuses ks1.
-
-int des_read_pw_string(
-char *buf,
-int length,
-char *prompt,
-int verify);
-	This routine is used to get a password from the terminal with echo
-	turned off.  Buf is where the string will end up and length is the
-	size of buf.  Prompt is a string presented to the 'user' and if
-	verify is set, the key is asked for twice and unless the 2 copies
-	match, an error is returned.  A return code of -1 indicates a
-	system error, 1 failure due to use interaction, and 0 is success.
-
-unsigned long des_cbc_cksum(
-des_cblock *input,
-des_cblock *output,
-long length,
-des_key_schedule ks,
-des_cblock *ivec);
-	This function produces an 8 byte checksum from input that it puts in
-	output and returns the last 4 bytes as a long.  The checksum is
-	generated via cbc mode of DES in which only the last 8 byes are
-	kept.  I would recommend not using this function but instead using
-	the EVP_Digest routines, or at least using MD5 or SHA.  This
-	function is used by Kerberos v4 so that is why it stays in the
-	library.
-	
-char *des_fcrypt(
-const char *buf,
-const char *salt
-char *ret);
-	This is my fast version of the unix crypt(3) function.  This version
-	takes only a small amount of space relative to other fast
-	crypt() implementations.  This is different to the normal crypt
-	in that the third parameter is the buffer that the return value
-	is written into.  It needs to be at least 14 bytes long.  This
-	function is thread safe, unlike the normal crypt.
-
-char *crypt(
-const char *buf,
-const char *salt);
-	This function calls des_fcrypt() with a static array passed as the
-	third parameter.  This emulates the normal non-thread safe semantics
-	of crypt(3).
-
-void des_string_to_key(
-char *str,
-des_cblock *key);
-	This function takes str and converts it into a DES key.  I would
-	recommend using MD5 instead and use the first 8 bytes of output.
-	When I wrote the first version of these routines back in 1990, MD5
-	did not exist but I feel these routines are still sound.  This
-	routines is compatible with the one in MIT's libdes.
-	
-void des_string_to_2keys(
-char *str,
-des_cblock *key1,
-des_cblock *key2);
-	This function takes str and converts it into 2 DES keys.
-	I would recommend using MD5 and using the 16 bytes as the 2 keys.
-	I have nothing against these 2 'string_to_key' routines, it's just
-	that if you say that your encryption key is generated by using the
-	16 bytes of an MD5 hash, every-one knows how you generated your
-	keys.
-
-int des_read_password(
-des_cblock *key,
-char *prompt,
-int verify);
-	This routine combines des_read_pw_string() with des_string_to_key().
-
-int des_read_2passwords(
-des_cblock *key1,
-des_cblock *key2,
-char *prompt,
-int verify);
-	This routine combines des_read_pw_string() with des_string_to_2key().
-
-void des_random_seed(
-des_cblock key);
-	This routine sets a starting point for des_random_key().
-	
-void des_random_key(
-des_cblock ret);
-	This function return a random key.  Make sure to 'seed' the random
-	number generator (with des_random_seed()) before using this function.
-	I personally now use a MD5 based random number system.
-
-int des_enc_read(
-int fd,
-char *buf,
-int len,
-des_key_schedule ks,
-des_cblock *iv);
-	This function will write to a file descriptor the encrypted data
-	from buf.  This data will be preceded by a 4 byte 'byte count' and
-	will be padded out to 8 bytes.  The encryption is either CBC of
-	PCBC depending on the value of des_rw_mode.  If it is DES_PCBC_MODE,
-	pcbc is used, if DES_CBC_MODE, cbc is used.  The default is to use
-	DES_PCBC_MODE.
-
-int des_enc_write(
-int fd,
-char *buf,
-int len,
-des_key_schedule ks,
-des_cblock *iv);
-	This routines read stuff written by des_enc_read() and decrypts it.
-	I have used these routines quite a lot but I don't believe they are
-	suitable for non-blocking io.  If you are after a full
-	authentication/encryption over networks, have a look at SSL instead.
-
-unsigned long des_quad_cksum(
-des_cblock *input,
-des_cblock *output,
-long length,
-int out_count,
-des_cblock *seed);
-	This is a function from Kerberos v4 that is not anything to do with
-	DES but was needed.  It is a cksum that is quicker to generate than
-	des_cbc_cksum();  I personally would use MD5 routines now.
-=====
-Modes of DES
-Quite a bit of the following information has been taken from
-	AS 2805.5.2
-	Australian Standard
-	Electronic funds transfer - Requirements for interfaces,
-	Part 5.2: Modes of operation for an n-bit block cipher algorithm
-	Appendix A
-
-There are several different modes in which DES can be used, they are
-as follows.
-
-Electronic Codebook Mode (ECB) (des_ecb_encrypt())
-- 64 bits are enciphered at a time.
-- The order of the blocks can be rearranged without detection.
-- The same plaintext block always produces the same ciphertext block
-  (for the same key) making it vulnerable to a 'dictionary attack'.
-- An error will only affect one ciphertext block.
-
-Cipher Block Chaining Mode (CBC) (des_cbc_encrypt())
-- a multiple of 64 bits are enciphered at a time.
-- The CBC mode produces the same ciphertext whenever the same
-  plaintext is encrypted using the same key and starting variable.
-- The chaining operation makes the ciphertext blocks dependent on the
-  current and all preceding plaintext blocks and therefore blocks can not
-  be rearranged.
-- The use of different starting variables prevents the same plaintext
-  enciphering to the same ciphertext.
-- An error will affect the current and the following ciphertext blocks.
-
-Cipher Feedback Mode (CFB) (des_cfb_encrypt())
-- a number of bits (j) <= 64 are enciphered at a time.
-- The CFB mode produces the same ciphertext whenever the same
-  plaintext is encrypted using the same key and starting variable.
-- The chaining operation makes the ciphertext variables dependent on the
-  current and all preceding variables and therefore j-bit variables are
-  chained together and can not be rearranged.
-- The use of different starting variables prevents the same plaintext
-  enciphering to the same ciphertext.
-- The strength of the CFB mode depends on the size of k (maximal if
-  j == k).  In my implementation this is always the case.
-- Selection of a small value for j will require more cycles through
-  the encipherment algorithm per unit of plaintext and thus cause
-  greater processing overheads.
-- Only multiples of j bits can be enciphered.
-- An error will affect the current and the following ciphertext variables.
-
-Output Feedback Mode (OFB) (des_ofb_encrypt())
-- a number of bits (j) <= 64 are enciphered at a time.
-- The OFB mode produces the same ciphertext whenever the same
-  plaintext enciphered using the same key and starting variable.  More
-  over, in the OFB mode the same key stream is produced when the same
-  key and start variable are used.  Consequently, for security reasons
-  a specific start variable should be used only once for a given key.
-- The absence of chaining makes the OFB more vulnerable to specific attacks.
-- The use of different start variables values prevents the same
-  plaintext enciphering to the same ciphertext, by producing different
-  key streams.
-- Selection of a small value for j will require more cycles through
-  the encipherment algorithm per unit of plaintext and thus cause
-  greater processing overheads.
-- Only multiples of j bits can be enciphered.
-- OFB mode of operation does not extend ciphertext errors in the
-  resultant plaintext output.  Every bit error in the ciphertext causes
-  only one bit to be in error in the deciphered plaintext.
-- OFB mode is not self-synchronising.  If the two operation of
-  encipherment and decipherment get out of synchronism, the system needs
-  to be re-initialised.
-- Each re-initialisation should use a value of the start variable
- different from the start variable values used before with the same
- key.  The reason for this is that an identical bit stream would be
- produced each time from the same parameters.  This would be
- susceptible to a ' known plaintext' attack.
-
-Triple ECB Mode (des_ecb3_encrypt())
-- Encrypt with key1, decrypt with key2 and encrypt with key3 again.
-- As for ECB encryption but increases the key length to 168 bits.
-  There are theoretic attacks that can be used that make the effective
-  key length 112 bits, but this attack also requires 2^56 blocks of
-  memory, not very likely, even for the NSA.
-- If both keys are the same it is equivalent to encrypting once with
-  just one key.
-- If the first and last key are the same, the key length is 112 bits.
-  There are attacks that could reduce the key space to 55 bit's but it
-  requires 2^56 blocks of memory.
-- If all 3 keys are the same, this is effectively the same as normal
-  ecb mode.
-
-Triple CBC Mode (des_ede3_cbc_encrypt())
-- Encrypt with key1, decrypt with key2 and then encrypt with key3.
-- As for CBC encryption but increases the key length to 168 bits with
-  the same restrictions as for triple ecb mode.
diff --git a/doc/digest.doc b/doc/digest.doc
deleted file mode 100644
index d2fb987591..0000000000
--- a/doc/digest.doc
+++ /dev/null
@@ -1,94 +0,0 @@
-
-The Message Digest subroutines.
-
-These routines require "evp.h" to be included.
-
-These functions are a higher level interface to the various message digest
-routines found in this library.  As such, they allow the same code to be
-used to digest via different algorithms with only a change in an initial
-parameter.  They are basically just a front-end to the MD2, MD5, SHA
-and SHA1
-routines.
-
-These routines all take a pointer to the following structure to specify
-which message digest algorithm to use.
-typedef struct evp_md_st
-	{
-	int type;
-	int pkey_type;
-	int md_size;
-	void (*init)();
-	void (*update)();
-	void (*final)();
-
-	int required_pkey_type; /*EVP_PKEY_xxx */
-	int (*sign)();
-	int (*verify)();
-	} EVP_MD;
-
-If additional message digest algorithms are to be supported, a structure of
-this type needs to be declared and populated and then the Digest routines
-can be used with that algorithm.  The type field is the object NID of the
-digest type (read the section on Objects for an explanation).  The pkey_type
-is the Object type to use when the a message digest is generated by there
-routines and then is to be signed with the pkey algorithm.  Md_size is
-the size of the message digest returned.  Init, update
-and final are the relevant functions to perform the message digest function
-by parts.  One reason for specifying the message digest to use via this
-mechanism is that if you only use md5, only the md5 routines will
-be included in you linked program.  If you passed an integer
-that specified which message digest to use, the routine that mapped that
-integer to a set of message digest functions would cause all the message
-digests functions to be link into the code.  This setup also allows new
-message digest functions to be added by the application.
-
-The six message digests defined in this library are
-
-EVP_MD *EVP_md2(void);	/* RSA sign/verify */
-EVP_MD *EVP_md5(void);	/* RSA sign/verify */
-EVP_MD *EVP_sha(void);	/* RSA sign/verify */
-EVP_MD *EVP_sha1(void);	/* RSA sign/verify */
-EVP_MD *EVP_dss(void);	/* DSA sign/verify */
-EVP_MD *EVP_dss1(void);	/* DSA sign/verify */
-
-All the message digest routines take a EVP_MD_CTX pointer as an argument.
-The state of the message digest is kept in this structure.
-
-typedef struct pem_md_ctx_st
-	{
-	EVP_MD *digest;
-	union	{
-		unsigned char base[4]; /* this is used in my library as a
-					* 'pointer' to all union elements
-					* structures. */
-		MD2_CTX md2;
-		MD5_CTX md5;
-		SHA_CTX sha;
-		} md;
-	} EVP_MD_CTX;
-
-The Digest functions are as follows.
-
-void EVP_DigestInit(
-EVP_MD_CTX *ctx,
-EVP_MD *type);
-	This function is used to initialise the EVP_MD_CTX.  The message
-	digest that will associated with 'ctx' is specified by 'type'.
-
-void EVP_DigestUpdate(
-EVP_MD_CTX *ctx,
-unsigned char *data,
-unsigned int cnt);
-	This function is used to pass more data to the message digest
-	function.  'cnt' bytes are digested from 'data'.
-
-void EVP_DigestFinal(
-EVP_MD_CTX *ctx,
-unsigned char *md,
-unsigned int *len);
-	This function finishes the digestion and puts the message digest
-	into 'md'.  The length of the message digest is put into len;
-	EVP_MAX_MD_SIZE is the size of the largest message digest that
-	can be returned from this function.  Len can be NULL if the
-	size of the digest is not required.
-	
diff --git a/doc/encode.doc b/doc/encode.doc
deleted file mode 100644
index af17549289..0000000000
--- a/doc/encode.doc
+++ /dev/null
@@ -1,15 +0,0 @@
-
-void    EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
-void    EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,
-		int *outl,unsigned char *in,int inl);
-void    EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl);
-int     EVP_EncodeBlock(unsigned char *t, unsigned char *f, int n);
-
-void    EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
-int     EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
-		unsigned char *in, int inl);
-int     EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
-		char *out, int *outl);
-int     EVP_DecodeBlock(unsigned char *t, unsigned
-		char *f, int n);
-
diff --git a/doc/envelope.doc b/doc/envelope.doc
deleted file mode 100644
index 483e4fca6b..0000000000
--- a/doc/envelope.doc
+++ /dev/null
@@ -1,67 +0,0 @@
-The following routines are use to create 'digital' envelopes.
-By this I mean that they perform various 'higher' level cryptographic
-functions.  Have a read of 'cipher.doc' and 'digest.doc' since those
-routines are used by these functions.
-cipher.doc contains documentation about the cipher part of the
-envelope library and digest.doc contatins the description of the
-message digests supported.
-
-To 'sign' a document involves generating a message digest and then encrypting
-the digest with an private key.
-
-#define EVP_SignInit(a,b)		EVP_DigestInit(a,b)
-#define EVP_SignUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)
-Due to the fact this operation is basically just an extended message
-digest, the first 2 functions are macro calls to Digest generating
-functions.
-
-int     EVP_SignFinal(
-EVP_MD_CTX *ctx,
-unsigned char *md,
-unsigned int *s,
-EVP_PKEY *pkey);
-	This finalisation function finishes the generation of the message
-digest and then encrypts the digest (with the correct message digest 
-object identifier) with the EVP_PKEY private key.  'ctx' is the message digest
-context.  'md' will end up containing the encrypted message digest.  This
-array needs to be EVP_PKEY_size(pkey) bytes long.  's' will actually
-contain the exact length.  'pkey' of course is the private key.  It is
-one of EVP_PKEY_RSA or EVP_PKEY_DSA type.
-If there is an error, 0 is returned, otherwise 1.
-		
-Verify is used to check an signed message digest.
-
-#define EVP_VerifyInit(a,b)		EVP_DigestInit(a,b)
-#define EVP_VerifyUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)
-Since the first step is to generate a message digest, the first 2 functions
-are macros.
-
-int EVP_VerifyFinal(
-EVP_MD_CTX *ctx,
-unsigned char *md,
-unsigned int s,
-EVP_PKEY *pkey);
-	This function finishes the generation of the message digest and then
-compares it with the supplied encrypted message digest.  'md' contains the
-'s' bytes of encrypted message digest.  'pkey' is used to public key decrypt
-the digest.  It is then compared with the message digest just generated.
-If they match, 1 is returned else 0.
-
-int	EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
-		int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk);
-Must have at least one public key, error is 0.  I should also mention that
-the buffers pointed to by 'ek' need to be EVP_PKEY_size(pubk[n]) is size.
-
-#define EVP_SealUpdate(a,b,c,d,e)	EVP_EncryptUpdate(a,b,c,d,e)	
-void	EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
-
-
-int	EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
-		int ekl,unsigned char *iv,EVP_PKEY *priv);
-0 on failure
-
-#define EVP_OpenUpdate(a,b,c,d,e)	EVP_DecryptUpdate(a,b,c,d,e)
-
-int	EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
-Decrypt final return code
-
diff --git a/doc/error.doc b/doc/error.doc
deleted file mode 100644
index a91654999a..0000000000
--- a/doc/error.doc
+++ /dev/null
@@ -1,115 +0,0 @@
-The error routines.
-
-The 'error' system I've implemented is intended to server 2 purpose, to
-record the reason why a command failed and to record where in the libraries
-the failure occurred.  It is more or less setup to record a 'trace' of which
-library components were being traversed when the error occurred.
-
-When an error is recorded, it is done so a as single unsigned long which is
-composed of three parts.  The top byte is the 'library' number, the middle
-12 bytes is the function code, and the bottom 12 bits is the 'reason' code.
-
-Each 'library', or should a say, 'section' of the SSLeay library has a
-different unique 'library' error number.  Each function in the library has
-a number that is unique for that library.  Each 'library' also has a number
-for each 'error reason' that is only unique for that 'library'.
-
-Due to the way these error routines record a 'error trace', there is an
-array per thread that is used to store the error codes.
-The various functions in this library are used to access
-and manipulate this array.
-
-void ERR_put_error(int lib, int func,int reason);
-	This routine records an error in library 'lib', function 'func'
-and reason 'reason'.  As errors get 'put' into the buffer, they wrap
-around and overwrite old errors if too many are written.  It is assumed
-that the last errors are the most important.
-
-unsigned long ERR_get_error(void );
-	This function returns the last error added to the error buffer.
-In effect it is popping the value off the buffer so repeated calls will
-continue to return values until there are no more errors to return in which
-case 0 is returned.
-
-unsigned long ERR_peek_error(void );
-	This function returns the value of the last error added to the
-error buffer but does not 'pop' it from the buffer.
-
-void ERR_clear_error(void );
-	This function clears the error buffer, discarding all unread
-errors.
-
-While the above described error system obviously produces lots of different
-error number, a method for 'reporting' these errors in a human readable
-form is required.  To achieve this, each library has the option of
-'registering' error strings.
-
-typedef struct ERR_string_data_st
-	{
-	unsigned long error;
-	char *string;
-	} ERR_STRING_DATA;
-
-The 'ERR_STRING_DATA' contains an error code and the corresponding text
-string.  To add new function error strings for a library, the
-ERR_STRING_DATA needs to be 'registered' with the library.
-
-void ERR_load_strings(unsigned long lib,ERR_STRING_DATA *err);
-	This function 'registers' the array of ERR_STRING_DATA pointed to by
-'err' as error text strings for the error library 'lib'.
-
-void ERR_free_strings(void);
-	This function free()s all the loaded error strings.
-
-char *ERR_error_string(unsigned long error,char *buf);
-	This function returns a text string that is a human readable
-version of the error represented by 'error'.  Buff should be at least 120
-bytes long and if it is NULL, the return value is a pointer to a static
-variable that will contain the error string, otherwise 'buf' is returned.
-If there is not a text string registered for a particular error, a text
-string containing the error number is returned instead.
-
-void ERR_print_errors(BIO *bp);
-void ERR_print_errors_fp(FILE *fp);
-	This function is a convenience routine that prints the error string
-for each error until all errors have been accounted for.
-
-char *ERR_lib_error_string(unsigned long e);
-char *ERR_func_error_string(unsigned long e);
-char *ERR_reason_error_string(unsigned long e);
-The above three functions return the 3 different components strings for the
-error 'e'.  ERR_error_string() uses these functions.
-
-void ERR_load_ERR_strings(void );
-	This function 'registers' the error strings for the 'ERR' module.
-
-void ERR_load_crypto_strings(void );
-	This function 'register' the error strings for just about every
-library in the SSLeay package except for the SSL routines.  There is no
-need to ever register any error text strings and you will probably save in
-program size.  If on the other hand you do 'register' all errors, it is
-quite easy to determine why a particular routine failed.
-
-As a final footnote as to why the error system is designed as it is.
-1) I did not want a single 'global' error code.
-2) I wanted to know which subroutine a failure occurred in.
-3) For Windows NT etc, it should be simple to replace the 'key' routines
-   with code to pass error codes back to the application.
-4) I wanted the option of meaningful error text strings.
-
-Late breaking news - the changes to support threads.
-
-Each 'thread' has an 'ERR_STATE' state associated with it.
-ERR_STATE *ERR_get_state(void ) will return the 'state' for the calling
-thread/process.
-
-ERR_remove_state(unsigned long pid); will 'free()' this state.  If pid == 0
-the current 'thread/process' will have it's error state removed.
-If you do not remove the error state of a thread, this could be considered a
-form of memory leak, so just after 'reaping' a thread that has died,
-call ERR_remove_state(pid).
-
-Have a read of thread.doc for more details for what is required for
-multi-threading support.  All the other error routines will
-work correctly when using threads.
-
diff --git a/doc/idea.doc b/doc/idea.doc
deleted file mode 100644
index 68a22a6cae..0000000000
--- a/doc/idea.doc
+++ /dev/null
@@ -1,176 +0,0 @@
-The IDEA library.
-IDEA is a block cipher that operates on 64bit (8 byte) quantities.  It
-uses a 128bit (16 byte) key.  It can be used in all the modes that DES can
-be used.  This library implements the ecb, cbc, cfb64 and ofb64 modes.
-
-For all calls that have an 'input' and 'output' variables, they can be the
-same.
-
-This library requires the inclusion of 'idea.h'.
-
-All of the encryption functions take what is called an IDEA_KEY_SCHEDULE as an 
-argument.  An IDEA_KEY_SCHEDULE is an expanded form of the idea key.
-For all modes of the IDEA algorithm, the IDEA_KEY_SCHEDULE used for
-decryption is different to the one used for encryption.
-
-The define IDEA_ENCRYPT is passed to specify encryption for the functions
-that require an encryption/decryption flag. IDEA_DECRYPT is passed to
-specify decryption.  For some mode there is no encryption/decryption
-flag since this is determined by the IDEA_KEY_SCHEDULE.
-
-So to encrypt you would do the following
-idea_set_encrypt_key(key,encrypt_ks);
-idea_ecb_encrypt(...,encrypt_ks);
-idea_cbc_encrypt(....,encrypt_ks,...,IDEA_ENCRYPT);
-
-To Decrypt
-idea_set_encrypt_key(key,encrypt_ks);
-idea_set_decrypt_key(encrypt_ks,decrypt_ks);
-idea_ecb_encrypt(...,decrypt_ks);
-idea_cbc_encrypt(....,decrypt_ks,...,IDEA_DECRYPT);
-
-Please note that any of the encryption modes specified in my DES library
-could be used with IDEA.  I have only implemented ecb, cbc, cfb64 and
-ofb64 for the following reasons.
-- ecb is the basic IDEA encryption.
-- cbc is the normal 'chaining' form for block ciphers.
-- cfb64 can be used to encrypt single characters, therefore input and output
-  do not need to be a multiple of 8.
-- ofb64 is similar to cfb64 but is more like a stream cipher, not as
-  secure (not cipher feedback) but it does not have an encrypt/decrypt mode.
-- If you want triple IDEA, thats 384 bits of key and you must be totally
-  obsessed with security.  Still, if you want it, it is simple enough to
-  copy the function from the DES library and change the des_encrypt to
-  idea_encrypt; an exercise left for the paranoid reader :-).
-
-The functions are as follows:
-
-void idea_set_encrypt_key(
-unsigned char *key;
-IDEA_KEY_SCHEDULE *ks);
-	idea_set_encrypt_key converts a 16 byte IDEA key into an
-	IDEA_KEY_SCHEDULE.  The IDEA_KEY_SCHEDULE is an expanded form of
-	the key which can be used to perform IDEA encryption.
-	An IDEA_KEY_SCHEDULE is an expanded form of the key which is used to
-	perform actual encryption.  It can be regenerated from the IDEA key
-	so it only needs to be kept when encryption is about
-	to occur.  Don't save or pass around IDEA_KEY_SCHEDULE's since they
-	are CPU architecture dependent, IDEA keys are not.
-	
-void idea_set_decrypt_key(
-IDEA_KEY_SCHEDULE *encrypt_ks,
-IDEA_KEY_SCHEDULE *decrypt_ks);
-	This functions converts an encryption IDEA_KEY_SCHEDULE into a
-	decryption IDEA_KEY_SCHEDULE.  For all decryption, this conversion
-	of the key must be done.  In some modes of IDEA, an
-	encryption/decryption flag is also required, this is because these
-	functions involve block chaining and the way this is done changes
-	depending on which of encryption of decryption is being done.
-	Please note that there is no quick way to generate the decryption
-	key schedule other than generating the encryption key schedule and
-	then converting it.
-
-void idea_encrypt(
-unsigned long *data,
-IDEA_KEY_SCHEDULE *ks);
-	This is the IDEA encryption function that gets called by just about
-	every other IDEA routine in the library.  You should not use this
-	function except to implement 'modes' of IDEA.  I say this because the
-	functions that call this routine do the conversion from 'char *' to
-	long, and this needs to be done to make sure 'non-aligned' memory
-	access do not occur.
-	Data is a pointer to 2 unsigned long's and ks is the
-	IDEA_KEY_SCHEDULE to use.  Encryption or decryption depends on the
-	IDEA_KEY_SCHEDULE.
-
-void idea_ecb_encrypt(
-unsigned char *input,
-unsigned char *output,
-IDEA_KEY_SCHEDULE *ks);
-	This is the basic Electronic Code Book form of IDEA (in DES this
-	mode is called Electronic Code Book so I'm going to use the term
-	for idea as well :-).
-	Input is encrypted into output using the key represented by
-	ks.  Depending on the IDEA_KEY_SCHEDULE, encryption or
-	decryption occurs.  Input is 8 bytes long and output is 8 bytes.
-	
-void idea_cbc_encrypt(
-unsigned char *input,
-unsigned char *output,
-long length,
-IDEA_KEY_SCHEDULE *ks,
-unsigned char *ivec,
-int enc);
-	This routine implements IDEA in Cipher Block Chaining mode.
-	Input, which should be a multiple of 8 bytes is encrypted
-	(or decrypted) to output which will also be a multiple of 8 bytes.
-	The number of bytes is in length (and from what I've said above,
-	should be a multiple of 8).  If length is not a multiple of 8, bad 
-	things will probably happen.  ivec is the initialisation vector.
-	This function updates iv after each call so that it can be passed to
-	the next call to idea_cbc_encrypt().
-	
-void idea_cfb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int *num,
-int enc);
-	This is one of the more useful functions in this IDEA library, it
-	implements CFB mode of IDEA with 64bit feedback.
-	This allows you to encrypt an arbitrary number of bytes,
-	you do not require 8 byte padding.  Each call to this
-	routine will encrypt the input bytes to output and then update ivec
-	and num.  Num contains 'how far' we are though ivec.
-	Enc is used to indicate encryption or decryption.
-	One very important thing to remember is that when decrypting, use
-	the encryption form of the key.
-	CFB64 mode operates by using the cipher to
-	generate a stream of bytes which is used to encrypt the plain text.
-	The cipher text is then encrypted to generate the next 64 bits to
-	be xored (incrementally) with the next 64 bits of plain
-	text.  As can be seen from this, to encrypt or decrypt,
-	the same 'cipher stream' needs to be generated but the way the next
-	block of data is gathered for encryption is different for
-	encryption and decryption.  What this means is that to encrypt
-	idea_set_encrypt_key(key,ks);
-	idea_cfb64_encrypt(...,ks,..,IDEA_ENCRYPT)
-	do decrypt
-	idea_set_encrypt_key(key,ks)
-	idea_cfb64_encrypt(...,ks,...,IDEA_DECRYPT)
-	Note: The same IDEA_KEY_SCHEDULE but different encryption flags.
-	For idea_cbc or idea_ecb, idea_set_decrypt_key() would need to be
-	used to generate the IDEA_KEY_SCHEDULE for decryption.
-	The reason I'm stressing this point is that I just wasted 3 hours
-	today trying to decrypt using this mode and the decryption form of
-	the key :-(.
-	
-void idea_ofb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-des_key_schedule ks,
-des_cblock *ivec,
-int *num);
-	This functions implements OFB mode of IDEA with 64bit feedback.
-	This allows you to encrypt an arbitrary number of bytes,
-	you do not require 8 byte padding.  Each call to this
-	routine will encrypt the input bytes to output and then update ivec
-	and num.  Num contains 'how far' we are though ivec.
-	This is in effect a stream cipher, there is no encryption or
-	decryption mode.  The same key and iv should be used to
-	encrypt and decrypt.
-	
-For reading passwords, I suggest using des_read_pw_string() from my DES library.
-To generate a password from a text string, I suggest using MD5 (or MD2) to
-produce a 16 byte message digest that can then be passed directly to
-idea_set_encrypt_key().
-
-=====
-For more information about the specific IDEA modes in this library
-(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the
-documentation on my DES library.  What is said about DES is directly
-applicable for IDEA.
-
diff --git a/doc/legal.doc b/doc/legal.doc
deleted file mode 100644
index b55ed5ce6a..0000000000
--- a/doc/legal.doc
+++ /dev/null
@@ -1,117 +0,0 @@
-From eay@mincom.com Thu Jun 27 00:25:45 1996
-Received: by orb.mincom.oz.au id AA15821
-  (5.65c/IDA-1.4.4 for eay); Wed, 26 Jun 1996 14:25:45 +1000
-Date: Wed, 26 Jun 1996 14:25:45 +1000 (EST)
-From: Eric Young <eay@mincom.oz.au>
-X-Sender: eay@orb
-To: Ken Toll <ktoll@ren.digitalage.com>
-Cc: Eric Young <eay@mincom.oz.au>, ssl-talk@netscape.com
-Subject: Re: Unidentified subject!
-In-Reply-To: <9606261950.ZM28943@ren.digitalage.com>
-Message-Id: <Pine.SOL.3.91.960626131156.28573K-100000@orb>
-Mime-Version: 1.0
-Content-Type: TEXT/PLAIN; charset=US-ASCII
-Status: O
-X-Status: 
-
-
-This is a little off topic but since SSLeay is a free implementation of
-the SSLv2 protocol, I feel it is worth responding on the topic of if it 
-is actually legal for Americans to use free cryptographic software.
-
-On Wed, 26 Jun 1996, Ken Toll wrote:
-> Is the U.S the only country that SSLeay cannot be used commercially 
-> (because of RSAref) or is that going to be an issue with every country 
-> that a client/server application (non-web browser/server) is deployed 
-> and sold?
-
->From what I understand, the software patents that apply to algorithms 
-like RSA and DH only apply in the USA.  The IDEA algorithm I believe is 
-patened in europe (USA?), but considing how little it is used by other SSL 
-implementations, it quite easily be left out of the SSLeay build
-(this can be done with a compile flag).
-
-Actually if the RSA patent did apply outside the USA, it could be rather
-interesting since RSA is not alowed to let RSA toolkits outside of the USA
-[1], and since these are the only forms that they will alow the algorithm
-to be used in, it would mean that non-one outside of the USA could produce
-public key software which would be a very strong statment for
-international patent law to make :-).  This logic is a little flawed but
-it still points out some of the more interesting permutations of USA
-patent law and ITAR restrictions. 
-
-Inside the USA there is also the unresolved issue of RC4/RC2 which were
-made public on sci.crypt in Sep 1994 (RC4) and Feb 1996 (RC2).  I have
-copies of the origional postings if people are interested.  RSA I believe 
-claim that they were 'trade-secrets' and that some-one broke an NDA in 
-revealing them.  Other claim they reverse engineered the algorithms from 
-compiled binaries.  If the algorithms were reverse engineered, I belive 
-RSA had no legal leg to stand on.  If an NDA was broken, I don't know.
-Regardless, RSA, I belive, is willing to go to court over the issue so 
-licencing is probably the best idea, or at least talk to them.
-If there are people who actually know more about this, pease let me know, I 
-don't want to vilify or spread miss-information if I can help it.
-
-If you are not producing a web browser, it is easy to build SSLeay with
-RC2/RC4 removed. Since RC4 is the defacto standard cipher in 
-all web software (and it is damn fast) it is more or less required for 
-www use. For non www use of SSL, especially for an application where 
-interoperability with other vendors is not critical just leave it out.
-
-Removing IDEA, RC2 and RC4 would only leave DES and Triple DES but 
-they should be ok.  Considing that Triple DES can encrypt at rates of
-410k/sec on a pentium 100, and 940k/sec on a P6/200, this is quite 
-reasonable performance.  Single DES clocks in at 1160k/s and 2467k/s
-respectivly is actually quite fast for those not so paranoid (56 bit key).[1]
-
-> Is it possible to get a certificate for commercial use outside of the U.S.?
-yes.
-
-Thawte Consulting issues certificates (they are the people who sell the
-	Sioux httpd server and are based in South Africa)
-Verisign will issue certificates for Sioux (sold from South Africa), so this
-	proves that they will issue certificate for OS use if they are
-	happy with the quality of the software.
-
-(The above mentioned companies just the ones that I know for sure are issuing
- certificates outside the USA).
-
-There is always the point that if you are using SSL for an intra net, 
-SSLeay provides programs that can be used so you can issue your own 
-certificates.  They need polishing but at least it is a good starting point.
-
-I am not doing anything outside Australian law by implementing these
-algorithms (to the best of my knowedge).  It is another example of how 
-the world legal system does not cope with the internet very well.
-
-I may start making shared libraries available (I have now got DLL's for 
-Windows).  This will mean that distributions into the usa could be 
-shipped with a version with a reduced cipher set and the versions outside 
-could use the DLL/shared library with all the ciphers (and without RSAref).
-
-This could be completly hidden from the application, so this would not 
-even require a re-linking.
-
-This is the reverse of what people were talking about doing to get around 
-USA export regulations :-)
-
-eric
-
-[1]:	The RSAref2.0 tookit is available on at least 3 ftp sites in Europe
-	and one in South Africa.
-
-[2]:	Since I always get questions when I post benchmark numbers :-),
-	DES performace figures are in 1000's of bytes per second in cbc 
-	mode using an 8192 byte buffer.  The pentium 100 was running Windows NT 
-	3.51 DLLs and the 686/200 was running NextStep.
-	I quote pentium 100 benchmarks because it is basically the
-	'entry level' computer that most people buy for personal use.
-	Windows 95 is the OS shipping on those boxes, so I'll give
-	NT numbers (the same Win32 runtime environment).  The 686
-	numbers are present as an indication of where we will be in a
-	few years.
---
-Eric Young                  | BOOL is tri-state according to Bill Gates.
-AARNet: eay@mincom.oz.au    | RTFM Win32 GetMessage().
-
-
diff --git a/doc/lhash.doc b/doc/lhash.doc
deleted file mode 100644
index 5a2aeb4b38..0000000000
--- a/doc/lhash.doc
+++ /dev/null
@@ -1,151 +0,0 @@
-The LHASH library.
-
-I wrote this library in 1991 and have since forgotten why I called it lhash.
-It implements a hash table from an article I read at the
-time from 'Communications of the ACM'.  What makes this hash
-table different is that as the table fills, the hash table is
-increased (or decreased) in size via realloc().
-When a 'resize' is done, instead of all hashes being redistributed over
-twice as many 'buckets', one bucket is split.  So when an 'expand' is done,
-there is only a minimal cost to redistribute some values.  Subsequent
-inserts will cause more single 'bucket' redistributions but there will
-never be a sudden large cost due to redistributing all the 'buckets'.
-
-The state for a particular hash table is kept in the LHASH structure.
-The LHASH structure also records statistics about most aspects of accessing
-the hash table.  This is mostly a legacy of my writing this library for
-the reasons of implementing what looked like a nice algorithm rather than
-for a particular software product.
-
-Internal stuff you probably don't want to know about.
-The decision to increase or decrease the hash table size is made depending
-on the 'load' of the hash table.  The load is the number of items in the
-hash table divided by the size of the hash table.  The default values are
-as follows.  If (hash->up_load < load) => expand.
-if (hash->down_load > load) =>  contract.  The 'up_load' has a default value of
-1 and 'down_load' has a default value of 2.  These numbers can be modified
-by the application by just playing with the 'up_load' and 'down_load'
-variables.  The 'load' is kept in a form which is multiplied by 256.  So
-hash->up_load=8*256; will cause a load of 8 to be set.
-
-If you are interested in performance the field to watch is
-num_comp_calls.  The hash library keeps track of the 'hash' value for
-each item so when a lookup is done, the 'hashes' are compared, if
-there is a match, then a full compare is done, and
-hash->num_comp_calls is incremented.  If num_comp_calls is not equal
-to num_delete plus num_retrieve it means that your hash function is
-generating hashes that are the same for different values.  It is
-probably worth changing your hash function if this is the case because
-even if your hash table has 10 items in a 'bucked', it can be searched
-with 10 'unsigned long' compares and 10 linked list traverses.  This
-will be much less expensive that 10 calls to you compare function.
-
-LHASH *lh_new(
-unsigned long (*hash)(),
-int (*cmp)());
-	This function is used to create a new LHASH structure.  It is passed
-	function pointers that are used to store and retrieve values passed
-	into the hash table.  The 'hash'
-	function is a hashing function that will return a hashed value of
-	it's passed structure.  'cmp' is passed 2 parameters, it returns 0
-	is they are equal, otherwise, non zero.
-	If there are any problems (usually malloc failures), NULL is
-	returned, otherwise a new LHASH structure is returned.  The
-	hash value is normally truncated to a power of 2, so make sure
-	that your hash function returns well mixed low order bits.
-	
-void lh_free(
-LHASH *lh);
-	This function free()s a LHASH structure.  If there is malloced
-	data in the hash table, it will not be freed.  Consider using the
-	lh_doall function to deallocate any remaining entries in the hash
-	table.
-	
-char *lh_insert(
-LHASH *lh,
-char *data);
-	This function inserts the data pointed to by data into the lh hash
-	table.  If there is already and entry in the hash table entry, the
-	value being replaced is returned.  A NULL is returned if the new
-	entry does not clash with an entry already in the table (the normal
-	case) or on a malloc() failure (perhaps I should change this....).
-	The 'char *data' is exactly what is passed to the hash and
-	comparison functions specified in lh_new().
-	
-char *lh_delete(
-LHASH *lh,
-char *data);
-	This routine deletes an entry from the hash table.  The value being
-	deleted is returned.  NULL is returned if there is no such value in
-	the hash table.
-
-char *lh_retrieve(
-LHASH *lh,
-char *data);
-	If 'data' is in the hash table it is returned, else NULL is
-	returned.  The way these routines would normally be uses is that a
-	dummy structure would have key fields populated and then
-	ret=lh_retrieve(hash,&dummy);.  Ret would now be a pointer to a fully
-	populated structure.
-
-void lh_doall(
-LHASH *lh,
-void (*func)(char *a));
-	This function will, for every entry in the hash table, call function
-	'func' with the data item as parameters.
-	This function can be quite useful when used as follows.
-	void cleanup(STUFF *a)
-		{ STUFF_free(a); }
-	lh_doall(hash,cleanup);
-	lh_free(hash);
-	This can be used to free all the entries, lh_free() then
-	cleans up the 'buckets' that point to nothing.  Be careful
-	when doing this.  If you delete entries from the hash table,
-	in the call back function, the table may decrease in size,
-	moving item that you are
-	currently on down lower in the hash table.  This could cause
-	some entries to be skipped.  The best solution to this problem
-	is to set lh->down_load=0 before you start.  This will stop
-	the hash table ever being decreased in size.
-
-void lh_doall_arg(
-LHASH *lh;
-void(*func)(char *a,char *arg));
-char *arg;
-	This function is the same as lh_doall except that the function
-	called will be passed 'arg' as the second argument.
-	
-unsigned long lh_strhash(
-char *c);
-	This function is a demo string hashing function.  Since the LHASH
-	routines would normally be passed structures, this routine would
-	not normally be passed to lh_new(), rather it would be used in the
-	function passed to lh_new().
-
-The next three routines print out various statistics about the state of the
-passed hash table.  These numbers are all kept in the lhash structure.
-
-void lh_stats(
-LHASH *lh,
-FILE *out);
-	This function prints out statistics on the size of the hash table,
-	how many entries are in it, and the number and result of calls to
-	the routines in this library.
-
-void lh_node_stats(
-LHASH *lh,
-FILE *out);
-	For each 'bucket' in the hash table, the number of entries is
-	printed.
-	
-void lh_node_usage_stats(
-LHASH *lh,
-FILE *out);
-	This function prints out a short summary of the state of the hash
-	table.  It prints what I call the 'load' and the 'actual load'.
-	The load is the average number of data items per 'bucket' in the
-	hash table.  The 'actual load' is the average number of items per
-	'bucket', but only for buckets which contain entries.  So the
-	'actual load' is the average number of searches that will need to
-	find an item in the hash table, while the 'load' is the average number
-	that will be done to record a miss.
diff --git a/doc/md2.doc b/doc/md2.doc
deleted file mode 100644
index b106bc675d..0000000000
--- a/doc/md2.doc
+++ /dev/null
@@ -1,49 +0,0 @@
-The MD2 library.
-MD2 is a message digest algorithm that can be used to condense an arbitrary
-length message down to a 16 byte hash.  The functions all need to be passed
-a MD2_CTX which is used to hold the MD2 context during multiple MD2_Update()
-function calls.  The normal method of use for this library is as follows
-
-MD2_Init(...);
-MD2_Update(...);
-...
-MD2_Update(...);
-MD2_Final(...);
-
-This library requires the inclusion of 'md2.h'.
-
-The main negative about MD2 is that it is slow, especially when compared
-to MD5.
-
-The functions are as follows:
-
-void MD2_Init(
-MD2_CTX *c);
-	This function needs to be called to initiate a MD2_CTX structure for
-	use.
-	
-void MD2_Update(
-MD2_CTX *c;
-unsigned char *data;
-unsigned long len);
-	This updates the message digest context being generated with 'len'
-	bytes from the 'data' pointer.  The number of bytes can be any
-	length.
-
-void MD2_Final(
-unsigned char *md;
-MD2_CTX *c;
-	This function is called when a message digest of the data digested
-	with MD2_Update() is wanted.  The message digest is put in the 'md'
-	array and is MD2_DIGEST_LENGTH (16) bytes long.
-
-unsigned char *MD2(
-unsigned long n;
-unsigned char *d;
-unsigned char *md;
-	This function performs a MD2_Init(), followed by a MD2_Update()
-	followed by a MD2_Final() (using a local MD2_CTX).
-	The resulting digest is put into 'md' if it is not NULL.
-	Regardless of the value of 'md', the message
-	digest is returned from the function.  If 'md' was NULL, the message
-	digest returned is being stored in a static structure.
diff --git a/doc/md5.doc b/doc/md5.doc
deleted file mode 100644
index 519dbdc61a..0000000000
--- a/doc/md5.doc
+++ /dev/null
@@ -1,50 +0,0 @@
-The MD5 library.
-MD5 is a message digest algorithm that can be used to condense an arbitrary
-length message down to a 16 byte hash.  The functions all need to be passed
-a MD5_CTX which is used to hold the MD5 context during multiple MD5_Update()
-function calls.  This library also contains random number routines that are
-based on MD5
-
-The normal method of use for this library is as follows
-
-MD5_Init(...);
-MD5_Update(...);
-...
-MD5_Update(...);
-MD5_Final(...);
-
-This library requires the inclusion of 'md5.h'.
-
-The functions are as follows:
-
-void MD5_Init(
-MD5_CTX *c);
-	This function needs to be called to initiate a MD5_CTX structure for
-	use.
-	
-void MD5_Update(
-MD5_CTX *c;
-unsigned char *data;
-unsigned long len);
-	This updates the message digest context being generated with 'len'
-	bytes from the 'data' pointer.  The number of bytes can be any
-	length.
-
-void MD5_Final(
-unsigned char *md;
-MD5_CTX *c;
-	This function is called when a message digest of the data digested
-	with MD5_Update() is wanted.  The message digest is put in the 'md'
-	array and is MD5_DIGEST_LENGTH (16) bytes long.
-
-unsigned char *MD5(
-unsigned char *d;
-unsigned long n;
-unsigned char *md;
-	This function performs a MD5_Init(), followed by a MD5_Update()
-	followed by a MD5_Final() (using a local MD5_CTX).
-	The resulting digest is put into 'md' if it is not NULL.
-	Regardless of the value of 'md', the message
-	digest is returned from the function.  If 'md' was NULL, the message
-	digest returned is being stored in a static structure.
-
diff --git a/doc/memory.doc b/doc/memory.doc
deleted file mode 100644
index b9aa33ace0..0000000000
--- a/doc/memory.doc
+++ /dev/null
@@ -1,27 +0,0 @@
-In the interests of debugging SSLeay, there is an option to compile
-using some simple memory leak checking.
-
-All malloc(), free() and realloc() calls in SSLeay now go via
-Malloc(), Free() and Realloc() (except those in crypto/lhash).
-
-If CRYPTO_MDEBUG is defined, these calls are #defined to
-CRYPTO_malloc(), CRYPTO_free() and CRYPTO_realloc().
-If it is not defined, they are #defined to malloc(), free() and realloc().
-
-the CRYPTO_malloc() routines by default just call the underlying library
-functons.
-
-If CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) is called, memory leak detection is
-turned on.  CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) turns it off.
-
-When turned on, each Malloc() or Realloc() call is recored along with the file
-and line number from where the call was made.   (This is done using the
-lhash library which always uses normal system malloc(3) routines).
-
-void CRYPTO_mem_leaks(BIO *b);
-void CRYPTO_mem_leaks_fp(FILE *fp);
-These both print out the list of memory that has not been free()ed.
-This will probably be rather hard to read, but if you look for the 'top level'
-structure allocation, this will often give an idea as to what is not being
-free()ed.  I don't expect people to use this stuff normally.
-
diff --git a/doc/ms3-ca.doc b/doc/ms3-ca.doc
deleted file mode 100644
index f8350aadc2..0000000000
--- a/doc/ms3-ca.doc
+++ /dev/null
@@ -1,398 +0,0 @@
-Date: Mon, 9 Jun 97 08:00:33 +0200
-From: Holger.Reif@PrakInf.TU-Ilmenau.DE (Holger Reif)
-Subject: ms3-ca.doc
-Organization: TU Ilmenau, Fak. IA, FG Telematik
-Content-Length: 14575
-Status: RO
-X-Status: 
-
-Loading client certs into MSIE 3.01
-===================================
-
-This document conatains all the information necessary to succesfully set up 
-some scripts to issue client certs to Microsoft Internet Explorer. It 
-includes the required knowledge about the model MSIE uses for client 
-certification and includes complete sample scripts ready to play with. The 
-scripts were tested against a modified ca program of SSLeay 0.6.6 and should 
-work with the regular ca program that comes with version 0.8.0. I haven't 
-tested against MSIE 4.0
-
-You can use the information contained in this document in either way you 
-want. However if you feel it saved you a lot of time I ask you to be as fair 
-as to mention my name: Holger Reif <reif@prakinf.tu-ilmenau.de>.
-
-1.) The model used by MSIE
---------------------------
-
-The Internet Explorer doesn't come with a embedded engine for installing 
-client certs like Netscape's Navigator. It rather uses the CryptoAPI (CAPI) 
-defined by Microsoft. CAPI comes with WindowsNT 4.0 or is installed together 
-with Internet Explorer since 3.01. The advantage of this approach is a higher 
-flexibility because the certificates in the (per user) system open 
-certificate store may be used by other applications as well. The drawback 
-however is that you need to do a bit more work to get a client cert issued.
-
-CAPI defines functions which will handle basic cryptographic work, eg. 
-generating keys, encrypting some data, signing text or building a certificate 
-request. The procedure is as follows: A CAPI function generates you a key 
-pair and saves it into the certificate store. After that one builds a 
-Distinguished Name. Together with that key pair another CAPI function forms a 
-PKCS#10 request which you somehow need to submit to a CA. Finally the issued 
-cert is given to a yet another CAPI function which saves it into the 
-certificate store.
-
-The certificate store with the user's keys and certs is in the registry. You 
-will find it under HKEY_CURRENT_USER/Software/Microsoft/Cryptography/ (I 
-leave it to you as a little exercise to figure out what all the entries mean 
-;-). Note that the keys are protected only with the user's usual Windows 
-login password.
-
-2.) The practical usage
------------------------
-
-Unfortunatly since CAPI is a system API you can't access its functions from 
-HTML code directly. For this purpose Microsoft provides a wrapper called 
-certenr3.dll. This DLL accesses the CAPI functions and provides an interface 
-usable from Visual Basic Script. One needs to install that library on the 
-computer which wants to have client cert. The easiest way is to load it as an 
-ActiveX control (certenr3.dll is properly authenticode signed by MS ;-). If 
-you have ever enrolled e cert request at a CA you will have installed it.
-
-At time of writing certenr3.dll is contained in 
-http://www.microsoft.com/workshop/prog/security/csa/certenr3.exe. It comes 
-with an README file which explains the available functions. It is labeled 
-beta but every CA seems to use it anyway. The license.txt allows you the 
-usage for your own purposes (as far as I understood) and a somehow limited 
-distribution. 
-
-The two functions of main interest are GenerateKeyPair and AcceptCredentials. 
-For complete explanation of all possible parameters see the README file. Here 
-are only minimal required parameters and their values.
-
-GenerateKeyPair(sessionID, FASLE, szName, 0, "ClientAuth", TRUE, FALSE, 1)
-- sessionID is a (locally to that computer) unique string to correlate the 
-generated key pair with a cert installed later.
-- szName is the DN of the form "C=DE; S=Thueringen; L=Ilmenau; CN=Holger 
-Reif; 1.2.840.113549.1.9.1=reif@prakinf.tu-ilmenau.de". Note that S is the 
-abreviation for StateOrProvince. The recognized abreviation include CN, O, C, 
-OU, G, I, L, S, T. If the abreviation is unknown (eg. for PKCS#9 email addr) 
-you need to use the full object identifier. The starting point for searching 
-them could be crypto/objects.h since all OIDs know to SSLeay are listed 
-there.
-- note: the possible ninth parameter which should give a default name to the 
-certificate storage location doesn't seem to work. Changes to the constant 
-values in the call above doesn't seem to make sense. You can't generate 
-PKCS#10 extensions with that function.
-
-The result of GenerateKeyPair is the base64 encoded PKCS#10 request. However 
-it has a little strange format that SSLeay doesn't accept. (BTW I feel the 
-decision of rejecting that format as standard conforming.) It looks like 
-follows:
-	1st line with 76 chars
-	2nd line with 76 chars
-	...
-	(n-2)th line with 76 chars
-	(n-1)th line contains a multiple of 4 chars less then 76 (possible 
-empty)
-	(n)th line has zero or 4 chars (then with 1 or 2 equal signs - the 
-		original text's lenght wasn'T a multiple of 3) 
-	The line separator has two chars: 0x0d 0x0a
-
-AcceptCredentials(sessionID, credentials, 0, FALSE)
-- sessionID needs to be the same as while generating the key pair
-- credentials is the base64 encoded PKCS#7 object containing the cert. 
-
-CRL's and CA certs are not required simply just the client cert. (It seems to 
-me that both are not even checked somehow.) The only format of the base64 
-encoded object I succesfully used was all characters in a very long string 
-without line feeds or carriage returns. (Hey, it doesn't matter, only a 
-computer reads it!)
-
-The result should be S_OK. For error handling see the example that comes with 
-certenr3.dll.
-
-A note about ASN.1 character encodings. certenr3.dll seems to know only about 
-2 of them: UniversalString and PrintableString. First it is definitely wrong 
-for an email address which is IA5STRING (checked by ssleay's ca). Second 
-unfortunately MSIE (at least until version 3.02) can't handle UniversalString 
-correctly - they just blow up you cert store! Therefore ssleay's ca (starting 
-from version 0.8.0) tries to convert the encodings automatically to IA5STRING 
-or TeletexString. The beef is it will work only for the latin-1 (western) 
-charset. Microsoft still has to do abit of homework...
-
-3.) An example
---------------
-
-At least you need two steps: generating the key & request and then installing 
-the certificate. A real world CA would have some more steps involved, eg. 
-accepting some license. Note that both scripts shown below are just 
-experimental state without any warrenty!
-
-First how to generate a request. Note that we can't use a static page because 
-of the sessionID. I generate it from system time plus pid and hope it is 
-unique enough. Your are free to feed it through md5 to get more impressive 
-ID's ;-) Then the intended text is read in with sed which inserts the 
-sessionID. 
-
------BEGIN ms-enroll.cgi-----
-#!/bin/sh
-SESSION_ID=`date '+%y%m%d%H%M%S'`$$
-echo Content-type: text/html
-echo
-sed s/template_for_sessId/$SESSION_ID/ <<EOF
-<HTML><HEAD>
-<TITLE>Certificate Enrollment Test Page</TITLE>
-</HEAD><BODY>
-
-<OBJECT
-    classid="clsid:33BEC9E0-F78F-11cf-B782-00C04FD7BF43"
-    codebase=certenr3.dll
-    id=certHelper
-    >
-</OBJECT>
-
-<CENTER>
-<H2>enrollment for a personal cert</H2>
-<BR><HR WIDTH=50%><BR><P>
-<FORM NAME="MSIE_Enrollment" ACTION="ms-gencert.cgi" ENCTYPE=x-www-form-
-encoded METHOD=POST>
-<TABLE>
-    <TR><TD>Country</TD><TD><INPUT NAME="Country" VALUE=""></TD></TR>
-    <TR><TD>State</TD><TD><INPUT NAME="StateOrProvince" VALUE=""></TD></TR>
-    <TR><TD>Location</TD><TD><INPUT NAME="Location" VALUE=""></TD></TR>
-    <TR><TD>Organization</TD><TD><INPUT NAME="Organization" 
-VALUE=""></TD></TR>
-    <TR><TD>Organizational Unit</TD>
-        <TD><INPUT NAME="OrganizationalUnit" VALUE=""></TD></TR>
-    <TR><TD>Name</TD><TD><INPUT NAME="CommonName" VALUE=""></TD></TR>
-    <TR><TD>eMail Address</TD>
-        <TD><INPUT NAME="EmailAddress" VALUE=""></TD></TR>
-    <TR><TD></TD>
-        <TD><INPUT TYPE="BUTTON" NAME="submit" VALUE="Beantragen"></TD></TR>
-</TABLE>
-	<INPUT TYPE="hidden" NAME="SessionId" VALUE="template_for_sessId">
-	<INPUT TYPE="hidden" NAME="Request" VALUE="">
-</FORM>
-<BR><HR WIDTH=50%><BR><P>
-</CENTER>
-
-<SCRIPT LANGUAGE=VBS>
-    Dim DN
-
-    Sub Submit_OnClick
-	Dim TheForm
-	Set TheForm = Document.MSIE_Enrollment
-	sessionId	= TheForm.SessionId.value
-	reqHardware     = FALSE
-	C		= TheForm.Country.value
-	SP		= TheForm.StateOrProvince.value
-	L		= TheForm.Location.value
-	O		= TheForm.Organization.value
-	OU		= TheForm.OrganizationalUnit.value
-	CN              = TheForm.CommonName.value
-	Email		= TheForm.EmailAddress.value
-        szPurpose       = "ClientAuth"
-        doAcceptanceUINow   = FALSE
-        doOnline        = TRUE
-
-	DN = ""
-
-	Call Add_RDN("C", C)
-	Call Add_RDN("S", SP)
-	Call Add_RDN("L", L)
-	Call Add_RDN("O", O)
-	Call Add_RDN("OU", OU)
-	Call Add_RDN("CN", CN)
-	Call Add_RDN("1.2.840.113549.1.9.1", Email)
-		      ' rsadsi
-				     ' pkcs
-				       ' pkcs9
-					 ' eMailAddress
-        On Error Resume Next
-        sz10 = certHelper.GenerateKeyPair(sessionId, _
-                FALSE, DN, 0, ClientAuth, FASLE, TRUE, 1)_
-        theError = Err.Number
-        On Error Goto 0
-        if (sz10 = Empty OR theError <> 0) Then
-            sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & _
-                chr(10) & "Your credentials could not be generated."
-            result = MsgBox(sz, 0, "Credentials Enrollment")
-            Exit Sub
-	else 
-	    TheForm.Request.value = sz10
-	    TheForm.Submit
-        end if
-    End Sub
-
-    Sub Add_RDN(sn, value)
-	if (value <> "") then
-	    if (DN <> "") then
-		DN = DN & "; "
-	    end if
-	    DN = DN & sn & "=" & value
-	end if
-    End Sub
-</SCRIPT>
-</BODY>
-</HTML>
-EOF
------END ms-enroll.cgi-----
-
-Second, how to extract the request and feed the certificate back? We need to 
-"normalize" the base64 encoding of the PKCS#10 format which means 
-regenerating the lines and wrapping with BEGIN and END line. This is done by 
-gawk. The request is taken by ca the normal way. Then the cert needs to be 
-packed into a PKCS#7 structure (note: the use of a CRL is necessary for 
-crl2pkcs7 as of version 0.6.6. Starting with 0.8.0 it it might probably be 
-ommited). Finally we need to format the PKCS#7 object and generate the HTML 
-text. I use two templates to have a clearer script.
-
-1st note: postit2 is slightly modified from a program I found at ncsa's ftp 
-site. Grab it from http://www.easterngraphics.com/certs/IX9704/postit2.c. You 
-need utils.c from there too.
-
-2nd note: I'm note quite sure wether the gawk script really handles all 
-possible inputs for the request right! Today I don't use this construction 
-anymore myself.
-
-3d note: the cert must be of version 3! This could be done with the nsComment 
-line in ssleay.cnf...
-
-------BEGIN ms-gencert.cgi-----
-#!/bin/sh
-FILE="/tmp/"`date '+%y%m%d%H%M%S'-`$$
-rm -f "$FILE".*
-
-HOME=`pwd`; export HOME  # as ssleay.cnf insists on having such an env var
-cd /usr/local/ssl #where demoCA (as named in ssleay.conf) is located
-
-postit2 -s " " -i 0x0d > "$FILE".inp  # process the FORM vars
-
-SESSION_ID=`gawk '$1 == "SessionId" { print $2; exit }' "$FILE".inp`
-
-gawk \
-	'BEGIN { \
-		OFS = ""; \
-		print "-----BEGIN CERTIFICATE REQUEST-----"; \
-		req_seen=0 \
-	} \
-	$1 == "Request" { \
-		req_seen=1; \
-		if (length($2) == 72) print($2); \
-		lastline=$2; \
-		next; \
-	} \
-	{ \
-		if (req_seen == 1) { \
-			if (length($1) >= 72) print($1); \
-			else if (length(lastline) < 72) { \
-				req_seen=0; \
-				print (lastline,$1); \
-			} \
-		lastline=$1; \
-		} \
-	} \
-	END { \
-		print "-----END CERTIFICATE REQUEST-----"; \
-	}' > "$FILE".pem < "$FILE".inp 
-
-ssleay ca -batch -in "$FILE".pem -key passwd -out "$FILE".out
-ssleay crl2pkcs7 -certfile "$FILE".out -out "$FILE".pkcs7 -in demoCA/crl.pem
-
-sed s/template_for_sessId/$SESSION_ID/ <ms-enroll2a.html >"$FILE".cert
-/usr/local/bin/gawk \
-	'BEGIN	{ \
-		OFS = ""; \
-		dq = sprintf("%c",34); \
-	} \
-	$0 ~ "PKCS7" { next; } \
-	{ \
-		print dq$0dq" & _"; \
-	}' <"$FILE".pkcs7 >> "$FILE".cert
-cat  ms-enroll2b.html >>"$FILE".cert
-
-echo Content-type: text/html
-echo Content-length: `wc -c "$FILE".cert`
-echo
-cat "$FILE".cert
-rm -f "$FILE".*
------END ms-gencert.cgi-----
-
-----BEGIN ms-enroll2a.html----
-<HTML><HEAD><TITLE>Certificate Acceptance Test Page</TITLE></HEAD><BODY>
-
-<OBJECT
-    classid="clsid:33BEC9E0-F78F-11cf-B782-00C04FD7BF43"
-    codebase=certenr3.dll
-    id=certHelper
-    >
-</OBJECT>
-
-<CENTER>
-<H2>Your personal certificate</H2>
-<BR><HR WIDTH=50%><BR><P>
-Press the button!
-<P><INPUT TYPE=BUTTON VALUE="Nimm mich!" NAME="InstallCert">
-</CENTER>
-<BR><HR WIDTH=50%><BR>
-
-<SCRIPT LANGUAGE=VBS>
-    Sub InstallCert_OnClick
-
-	sessionId	= "template_for_sessId"
-credentials = "" & _
-----END ms-enroll2a.html----
-
-----BEGIN ms-enroll2b.html----
-""
-        On Error Resume Next
-        result = certHelper.AcceptCredentials(sessionId, credentials, 0, 
-FALSE)
-        if (IsEmpty(result)) Then
-           sz = "The error '" & Err.Number & "' occurred." & chr(13) & 
-chr(10) & "This Digital ID could not be registered."
-           msgOut = MsgBox(sz, 0, "Credentials Registration Error")
-           navigate "error.html"
-        else
-           sz = "Digital ID successfully registered."
-           msgOut = MsgBox(sz, 0, "Credentials Registration")
-           navigate "success.html"
-        end if
-	Exit Sub
-    End Sub
-</SCRIPT>
-</BODY>
-</HTML>
-----END ms-enroll2b.html----
-
-4.) What do do with the cert?
------------------------------
-
-The cert is visible (without restarting MSIE) under the following menu:
-View->Options->Security->Personal certs. You can examine it's contents at 
-least partially.
-
-To use it for client authentication you need to use SSL3.0 (fortunately 
-SSLeay supports it with 0.8.0). Furthermore MSIE is told to only supports a 
-kind of automatic selection of certs (I personally wasn't able to test it 
-myself). But there is a requirement that the issuer of the server cert and 
-the issuer of the client cert needs to be the same (according to a developer 
-from MS). Which means: you need may more then one cert to talk to all 
-servers...
-
-I'm sure we will get a bit more experience after ApacheSSL is available for 
-SSLeay 0.8.8.
-
-
-I hope you enjoyed reading and that in future questions on this topic will 
-rarely appear on ssl-users@moncom.com ;-)
-
-Ilmenau, 9th of June 1997
-Holger Reif <reif@prakinf.tu-ilmenau.de>
--- 
-read you later  -  Holger Reif
-----------------------------------------  Signaturprojekt Deutsche Einheit
-TU Ilmenau - Informatik - Telematik                      (Verdamp lang her)
-Holger.Reif@PrakInf.TU-Ilmenau.DE         Alt wie ein Baum werden, um ueber
-http://Remus.PrakInf.TU-Ilmenau.DE/Reif/  alle 7 Bruecken gehen zu koennen
-
diff --git a/doc/ns-ca.doc b/doc/ns-ca.doc
deleted file mode 100644
index 836883e1a0..0000000000
--- a/doc/ns-ca.doc
+++ /dev/null
@@ -1,154 +0,0 @@
-The following documentation was supplied by Jeff Barber, who provided the
-patch to the CA program to add this functionality.
-
-eric
---
-Jeff Barber                                Email: jeffb@issl.atl.hp.com
-
-Hewlett Packard                            Phone: (404) 648-9503
-Internet and System Security Lab           Fax:   (404) 648-9516
-
-                         oo
----------------------cut /\ here for ns-ca.doc ------------------------------
-
-This document briefly describes how to use SSLeay to implement a 
-certificate authority capable of dynamically serving up client
-certificates for version 3.0 beta 5 (and presumably later) versions of
-the Netscape Navigator.  Before describing how this is done, it's
-important to understand a little about how the browser implements its
-client certificate support.  This is documented in some detail in the
-URLs based at <URL:http://home.netscape.com/eng/security/certs.html>.
-Here's a brief overview:
-
--	The Navigator supports a new HTML tag "KEYGEN" which will cause
-	the browser to generate an RSA key pair when you submit a form
-	containing the tag.  The public key, along with an optional
-	challenge (supposedly provided for use in certificate revocation
-	but I don't use it) is signed, DER-encoded, base-64 encoded
-	and sent to the web server as the value of the variable
-	whose NAME is provided in the KEYGEN tag.  The private key is
-	stored by the browser in a local key database.
-
-	This "Signed Public Key And Challenge" (SPKAC) arrives formatted
-	into 64 character lines (which are of course URL-encoded when 
-	sent via HTTP -- i.e. spaces, newlines and most punctuatation are
-	encoded as "%HH" where HH is the hex equivalent of the ASCII code).
-	Note that the SPKAC does not contain the other usual attributes
-	of a certificate request, especially the subject name fields.
-	These must be otherwise encoded in the form for submission along
-	with the SPKAC.
-
--	Either immediately (in response to this form submission), or at
-	some later date (a real CA will probably verify your identity in
-	some way before issuing the certificate), a web server can send a
-	certificate based on the public key and other attributes back to
-	the browser by encoding it in DER (the binary form) and sending it
-	to the browser as MIME type:
-	"Content-type: application/x-x509-user-cert"
-
-	The browser uses the public key encoded in the certificate to
-	associate the certificate with the appropriate private key in
-	its local key database.  Now, the certificate is "installed".
-
--	When a server wants to require authentication based on client
-	certificates, it uses the right signals via the SSL protocol to
-	trigger the Navigator to ask you which certificate you want to
-	send.  Whether the certificate is accepted is dependent on CA
-	certificates and so forth installed in the server and is beyond
-	the scope of this document.
-
-
-Now, here's how the SSLeay package can be used to provide client 
-certficates:
-
--	You prepare a file for input to the SSLeay ca application.
-	The file contains a number of "name = value" pairs that identify
-	the subject.  The names here are the same subject name component
-	identifiers used in the CA section of the lib/ssleay.conf file,
-	such as "emailAddress", "commonName" "organizationName" and so
-	forth.  Both the long version and the short version (e.g. "Email",
-	"CN", "O") can be used.
-
-	One more name is supported: this one is "SPKAC".  Its value
-	is simply the value of the base-64 encoded SPKAC sent by the
-	browser (with all the newlines and other space charaters
-	removed -- and newline escapes are NOT supported).
-
-	[ As of SSLeay 0.6.4, multiple lines are supported.
-	  Put a \ at the end of each line and it will be joined with the
-	  previous line with the '\n' removed - eay ]
-	
-	Here's a sample input file:
-
-C = US
-SP = Georgia
-O = Some Organization, Inc.
-OU = Netscape Compatibility Group
-CN = John X. Doe
-Email = jxdoe@someorg.com
-SPKAC = MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAwmk6FMJ4uAVIYbcvIOx5+bDGTfvL8X5gE+R67ccMk6rCSGbVQz2cetyQtnI+VIs0NwdD6wjuSuVtVFbLoHonowIDAQABFgAwDQYJKoZIhvcNAQEEBQADQQBFZDUWFl6BJdomtN1Bi53mwijy1rRgJ4YirF15yBEDM3DjAQkKXHYOIX+qpz4KXKnl6EYxTnGSFL5wWt8X2iyx
-
--	You execute the ca command (either from a CGI program run out of
-	the web server, or as a later manual task) giving it the above
-	file as input.  For example, if the file were named /tmp/cert.req,
-	you'd run:
-	$SSLDIR/bin/ca -spkac /tmp/cert.req -out /tmp/cert
-
-	The output is in DER format (binary) if a -out argument is 
-	provided, as above; otherwise, it's in the PEM format (base-64
-	encoded DER).  Also, the "-batch" switch is implied by the
-	"-spkac" so you don't get asked whether to complete the signing
-	(probably it shouldn't work this way but I was only interested
-	in hacking together an online CA that could be used for issuing
-	test certificates).
-
-	The "-spkac" capability doesn't support multiple files (I think).
-
-	Any CHALLENGE provided in the SPKAC is simply ignored.
-
-	The interactions between the identification fields you provide
-	and those identified in your lib/ssleay.conf are the same as if
-	you did an ordinary "ca -in infile -out outfile" -- that is, if
-	something is marked as required in the ssleay.conf file and it
-	isn't found in the -spkac file, the certificate won't be issued.
-
--	Now, you pick up the output from /tmp/cert and pass it back to
-	the Navigator prepending the Content-type string described earlier.
-
--	In order to run the ca command out of a CGI program, you must
-	provide a password to decrypt the CA's private key.  You can
-	do this by using "echo MyKeyPassword | $SSLDIR/bin/ca ..."
-	I think there's a way to not encrypt the key file in the first
-	place, but I didn't see how to do that, so I made a small change
-	to the library that allows the password to be accepted from a pipe.
-	Either way is UTTERLY INSECURE and a real CA would never do that.
-
-	[ You can use the 'ssleay rsa' command to remove the password
-	  from the private key, or you can use the '-key' option to the
-	  ca command to specify the decryption key on the command line
-	  or use the -nodes option when generating the key.
-	  ca will try to clear the command line version of the password
-	  but for quite a few operating systems, this is not possible.
-	  - eric ]
-
-So, what do you have to do to make use of this stuff to create an online 
-demo CA capability with SSLeay?
-
-1	Create an HTML form for your users.  The form should contain
-	fields for all of the required or optional fields in ssleay.conf.
-	The form must contain a KEYGEN tag somewhere with at least a NAME
-	attribute.
-
-2	Create a CGI program to process the form input submitted by the
-	browser.  The CGI program must URL-decode the variables and create
-	the file described above, containing subject identification info
-	as well as the SPKAC block.  It should then run the the ca program
-	with the -spkac option.  If it works (check the exit status),
-	return the new certificate with the appropriate MIME type.  If not,
-	return the output of the ca command with MIME type "text/plain".
-
-3	Set up your web server to accept connections signed by your demo
-	CA.  This probably involves obtaining the PEM-encoded CA certificate
-	(ordinarily in $SSLDIR/CA/cacert.pem) and installing it into a
-	server database.  See your server manual for instructions.
-
diff --git a/doc/obj.doc b/doc/obj.doc
deleted file mode 100644
index bad347c936..0000000000
--- a/doc/obj.doc
+++ /dev/null
@@ -1,69 +0,0 @@
-The Object library.
-
-As part of my Crypto library, I found I required a method of identifying various
-objects.  These objects normally had 3 different values associated with
-them, a short text name, a long (or lower case) text name, and an
-ASN.1 Object Identifier (which is a sequence of numbers).
-This library contains a static list of objects and functions to lookup
-according to one type and to return the other types.
-
-To use these routines, 'Object.h' needs to be included.
-
-For each supported object, #define entries are defined as follows
-#define SN_Algorithm			"Algorithm"
-#define LN_algorithm			"algorithm"
-#define NID_algorithm			38
-#define OBJ_algorithm			1L,3L,14L,3L,2L
-
-SN_  stands for short name.
-LN_  stands for either long name or lowercase name.
-NID_ stands for Numeric ID.  I each object has a unique NID and this
-     should be used internally to identify objects.
-OBJ_ stands for ASN.1 Object Identifier or ASN1_OBJECT as defined in the
-     ASN1 routines.  These values are used in ASN1 encoding.
-
-The following functions are to be used to return pointers into a static
-definition of these types.  What this means is "don't try to free() any
-pointers returned from these functions.
-
-ASN1_OBJECT *OBJ_nid2obj(
-int n);
-	Return the ASN1_OBJECT that corresponds to a NID of n.
-	
-char *OBJ_nid2ln(
-int n);
-	Return the long/lower case name of the object represented by the
-	NID of n.
-	
-char *OBJ_nid2sn(
-int n);
-	Return the short name for the object represented by the NID of n.
-
-ASN1_OBJECT *OBJ_dup(
-ASN1_OBJECT *o);
-	Duplicate and return a new ASN1_OBJECT that is the same as the
-	passed parameter.
-	
-int OBJ_obj2nid(
-ASN1_OBJECT *o);
-	Given ASN1_OBJECT o, return the NID that corresponds.
-	
-int OBJ_ln2nid(
-char *s);
-	Given the long/lower case name 's', return the NID of the object.
-	
-int OBJ_sn2nid(
-char *s);
-	Given the short name 's', return the NID of the object.
-	
-char *OBJ_bsearch(
-char *key,
-char *base,
-int num,
-int size,
-int (*cmp)());
-	Since I have come across a few platforms that do not have the
-	bsearch() function, OBJ_bsearch is my version of that function.
-	Feel free to use this function, but you may as well just use the
-	normal system bsearch(3) if it is present.  This version also
-	has tolerance of being passed NULL pointers.
diff --git a/doc/openssl.txt b/doc/openssl.txt
new file mode 100644
index 0000000000..37730b2cbd
--- /dev/null
+++ b/doc/openssl.txt
@@ -0,0 +1,1254 @@
+
+This is some preliminary documentation for OpenSSL.
+
+Contents:
+
+ OpenSSL X509V3 extension configuration
+ X509V3 Extension code: programmers guide
+ PKCS#12 Library
+
+
+==============================================================================
+               OpenSSL X509V3 extension configuration
+==============================================================================
+
+OpenSSL X509V3 extension configuration: preliminary documentation.
+
+INTRODUCTION.
+
+For OpenSSL 0.9.2 the extension code has be considerably enhanced. It is now
+possible to add and print out common X509 V3 certificate and CRL extensions.
+
+BEGINNERS NOTE
+
+For most simple applications you don't need to know too much about extensions:
+the default openssl.cnf values will usually do sensible things.
+
+If you want to know more you can initially quickly look through the sections
+describing how the standard OpenSSL utilities display and add extensions and
+then the list of supported extensions.
+
+For more technical information about the meaning of extensions see:
+
+http://www.imc.org/ietf-pkix/
+http://home.netscape.com/eng/security/certs.html
+
+PRINTING EXTENSIONS.
+
+Extension values are automatically printed out for supported extensions.
+
+openssl x509 -in cert.pem -text
+openssl crl -in crl.pem -text
+
+will give information in the extension printout, for example:
+
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:TRUE
+            X509v3 Subject Key Identifier: 
+                73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15
+            X509v3 Authority Key Identifier: 
+                keyid:73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15, DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/Email=email@1.address/Email=email@2.address, serial:00
+            X509v3 Key Usage: 
+                Certificate Sign, CRL Sign
+            X509v3 Subject Alternative Name: 
+                email:email@1.address, email:email@2.address
+
+CONFIGURATION FILES.
+
+The OpenSSL utilities 'ca' and 'req' can now have extension sections listing
+which certificate extensions to include. In each case a line:
+
+x509_extensions = extension_section
+
+indicates which section contains the extensions. In the case of 'req' the
+extension section is used when the -x509 option is present to create a
+self signed root certificate.
+
+The 'x509' utility also supports extensions when it signs a certificate.
+The -extfile option is used to set the configuration file containing the
+extensions. In this case a line with:
+
+extensions = extension_section
+
+in the nameless (default) section is used. If no such line is included then
+it uses the default section.
+
+You can also add extensions to CRLs: a line
+
+crl_extensions = crl_extension_section
+
+will include extensions when the -gencrl option is used with the 'ca' utility.
+You can add any extension to a CRL but of the supported extensions only
+issuerAltName and authorityKeyIdentifier make any real sense. Note: these are
+CRL extensions NOT CRL *entry* extensions which cannot currently be generated.
+CRL entry extensions can be displayed.
+
+NB. At this time Netscape Communicator rejects V2 CRLs: to get an old V1 CRL
+you should not include a crl_extensions line in the configuration file.
+
+As with all configuration files you can use the inbuilt environment expansion
+to allow the values to be passed in the environment. Therefore if you have
+several extension sections used for different purposes you can have a line:
+
+x509_extensions = $ENV::ENV_EXT
+
+and set the ENV_EXT environment variable before calling the relevant utility.
+
+EXTENSION SYNTAX.
+
+Extensions have the basic form:
+
+extension_name=[critical,] extension_options
+
+the use of the critical option makes the extension critical. Extreme caution
+should be made when using the critical flag. If an extension is marked
+as critical then any client that does not understand the extension should
+reject it as invalid. Some broken software will reject certificates which
+have *any* critical extensions (these violates PKIX but we have to live
+with it).
+
+There are three main types of extension: string extensions, multi-valued
+extensions, and raw extensions.
+
+String extensions simply have a string which contains either the value itself
+or how it is obtained.
+
+For example:
+
+nsComment="This is a Comment"
+
+Multi-valued extensions have a short form and a long form. The short form
+is a list of names and values:
+
+basicConstraints=critical,CA:true,pathlen:1
+
+The long form allows the values to be placed in a separate section:
+
+basicConstraints=critical,@bs_section
+
+[bs_section]
+
+CA=true
+pathlen=1
+
+Both forms are equivalent. However it should be noted that in some cases the
+same name can appear multiple times, for example,
+
+subjectAltName=email:steve@here,email:steve@there
+
+in this case an equivalent long form is:
+
+subjectAltName=@alt_section
+
+[alt_section]
+
+email.1=steve@here
+email.2=steve@there
+
+This is because the configuration file code cannot handle the same name
+occurring twice in the same section.
+
+The syntax of raw extensions is governed by the extension code: it can
+for example contain data in multiple sections. The correct syntax to
+use is defined by the extension code itself: check out the certificate
+policies extension for an example.
+
+There are two ways to encode arbitrary extensions.
+
+The first way is to use the word ASN1 followed by the extension content
+using the same syntax as ASN1_generate_nconf(). For example:
+
+1.2.3.4=critical,ASN1:UTF8String:Some random data
+
+1.2.3.4=ASN1:SEQUENCE:seq_sect
+
+[seq_sect]
+
+field1 = UTF8:field1
+field2 = UTF8:field2
+
+It is also possible to use the word DER to include arbitrary data in any
+extension.
+
+1.2.3.4=critical,DER:01:02:03:04
+1.2.3.4=DER:01020304
+
+The value following DER is a hex dump of the DER encoding of the extension
+Any extension can be placed in this form to override the default behaviour.
+For example:
+
+basicConstraints=critical,DER:00:01:02:03
+
+WARNING: DER should be used with caution. It is possible to create totally
+invalid extensions unless care is taken.
+
+CURRENTLY SUPPORTED EXTENSIONS.
+
+If you aren't sure about extensions then they can be largely ignored: its only
+when you want to do things like restrict certificate usage when you need to
+worry about them. 
+
+The only extension that a beginner might want to look at is Basic Constraints.
+If in addition you want to try Netscape object signing the you should also
+look at Netscape Certificate Type.
+
+Literal String extensions.
+
+In each case the 'value' of the extension is placed directly in the
+extension. Currently supported extensions in this category are: nsBaseUrl,
+nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl,
+nsSslServerName and nsComment.
+
+For example:
+
+nsComment="This is a test comment"
+
+Bit Strings.
+
+Bit string extensions just consist of a list of supported bits, currently
+two extensions are in this category: PKIX keyUsage and the Netscape specific
+nsCertType.
+
+nsCertType (netscape certificate type) takes the flags: client, server, email,
+objsign, reserved, sslCA, emailCA, objCA.
+
+keyUsage (PKIX key usage) takes the flags: digitalSignature, nonRepudiation,
+keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign,
+encipherOnly, decipherOnly.
+
+For example:
+
+nsCertType=server
+
+keyUsage=digitalSignature, nonRepudiation
+
+Hints on Netscape Certificate Type.
+
+Other than Basic Constraints this is the only extension a beginner might
+want to use, if you want to try Netscape object signing, otherwise it can
+be ignored.
+
+If you want a certificate that can be used just for object signing then:
+
+nsCertType=objsign
+
+will do the job. If you want to use it as a normal end user and server
+certificate as well then
+
+nsCertType=objsign,email,server
+
+is more appropriate. You cannot use a self signed certificate for object
+signing (well Netscape signtool can but it cheats!) so you need to create
+a CA certificate and sign an end user certificate with it.
+
+Side note: If you want to conform to the Netscape specifications then you
+should really also set:
+
+nsCertType=objCA
+
+in the *CA* certificate for just an object signing CA and
+
+nsCertType=objCA,emailCA,sslCA
+
+for everything. Current Netscape software doesn't enforce this so it can
+be omitted.
+
+Basic Constraints.
+
+This is generally the only extension you need to worry about for simple
+applications. If you want your certificate to be usable as a CA certificate
+(in addition to an end user certificate) then you set this to:
+
+basicConstraints=CA:TRUE
+
+if you want to be certain the certificate cannot be used as a CA then do:
+
+basicConstraints=CA:FALSE
+
+The rest of this section describes more advanced usage.
+
+Basic constraints is a multi-valued extension that supports a CA and an
+optional pathlen option. The CA option takes the values true and false and
+pathlen takes an integer. Note if the CA option is false the pathlen option
+should be omitted. 
+
+The pathlen parameter indicates the maximum number of CAs that can appear
+below this one in a chain. So if you have a CA with a pathlen of zero it can
+only be used to sign end user certificates and not further CAs. This all
+assumes that the software correctly interprets this extension of course.
+
+Examples:
+
+basicConstraints=CA:TRUE
+basicConstraints=critical,CA:TRUE, pathlen:0
+
+NOTE: for a CA to be considered valid it must have the CA option set to
+TRUE. An end user certificate MUST NOT have the CA value set to true.
+According to PKIX recommendations it should exclude the extension entirely,
+however some software may require CA set to FALSE for end entity certificates.
+
+Extended Key Usage.
+
+This extensions consists of a list of usages.
+
+These can either be object short names of the dotted numerical form of OIDs.
+While any OID can be used only certain values make sense. In particular the
+following PKIX, NS and MS values are meaningful:
+
+Value			Meaning
+-----			-------
+serverAuth		SSL/TLS Web Server Authentication.
+clientAuth		SSL/TLS Web Client Authentication.
+codeSigning		Code signing.
+emailProtection		E-mail Protection (S/MIME).
+timeStamping		Trusted Timestamping
+msCodeInd		Microsoft Individual Code Signing (authenticode)
+msCodeCom		Microsoft Commercial Code Signing (authenticode)
+msCTLSign		Microsoft Trust List Signing
+msSGC			Microsoft Server Gated Crypto
+msEFS			Microsoft Encrypted File System
+nsSGC			Netscape Server Gated Crypto
+
+For example, under IE5 a CA can be used for any purpose: by including a list
+of the above usages the CA can be restricted to only authorised uses.
+
+Note: software packages may place additional interpretations on certificate 
+use, in particular some usages may only work for selected CAs. Don't for example
+expect just including msSGC or nsSGC will automatically mean that a certificate
+can be used for SGC ("step up" encryption) otherwise anyone could use it.
+
+Examples:
+
+extendedKeyUsage=critical,codeSigning,1.2.3.4
+extendedKeyUsage=nsSGC,msSGC
+
+Subject Key Identifier.
+
+This is really a string extension and can take two possible values. Either
+a hex string giving details of the extension value to include or the word
+'hash' which then automatically follow PKIX guidelines in selecting and
+appropriate key identifier. The use of the hex string is strongly discouraged.
+
+Example: subjectKeyIdentifier=hash
+
+Authority Key Identifier.
+
+The authority key identifier extension permits two options. keyid and issuer:
+both can take the optional value "always".
+
+If the keyid option is present an attempt is made to copy the subject key
+identifier from the parent certificate. If the value "always" is present
+then an error is returned if the option fails.
+
+The issuer option copies the issuer and serial number from the issuer
+certificate. Normally this will only be done if the keyid option fails or
+is not included: the "always" flag will always include the value.
+
+Subject Alternative Name.
+
+The subject alternative name extension allows various literal values to be
+included in the configuration file. These include "email" (an email address)
+"URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a
+registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName.
+
+Also the email option include a special 'copy' value. This will automatically
+include and email addresses contained in the certificate subject name in
+the extension.
+
+otherName can include arbitrary data associated with an OID: the value
+should be the OID followed by a semicolon and the content in standard
+ASN1_generate_nconf() format.
+
+Examples:
+
+subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
+subjectAltName=email:my@other.address,RID:1.2.3.4
+subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
+
+Issuer Alternative Name.
+
+The issuer alternative name option supports all the literal options of
+subject alternative name. It does *not* support the email:copy option because
+that would not make sense. It does support an additional issuer:copy option
+that will copy all the subject alternative name values from the issuer 
+certificate (if possible).
+
+Example:
+
+issuserAltName = issuer:copy
+
+Authority Info Access.
+
+The authority information access extension gives details about how to access
+certain information relating to the CA. Its syntax is accessOID;location
+where 'location' has the same syntax as subject alternative name (except
+that email:copy is not supported). accessOID can be any valid OID but only
+certain values are meaningful for example OCSP and caIssuers. OCSP gives the
+location of an OCSP responder: this is used by Netscape PSM and other software.
+
+Example:
+
+authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
+authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
+
+CRL distribution points.
+
+This is a multi-valued extension that supports all the literal options of
+subject alternative name. Of the few software packages that currently interpret
+this extension most only interpret the URI option.
+
+Currently each option will set a new DistributionPoint with the fullName
+field set to the given value.
+
+Other fields like cRLissuer and reasons cannot currently be set or displayed:
+at this time no examples were available that used these fields.
+
+If you see this extension with <UNSUPPORTED> when you attempt to print it out
+or it doesn't appear to display correctly then let me know, including the
+certificate (mail me at steve@openssl.org) .
+
+Examples:
+
+crlDistributionPoints=URI:http://www.myhost.com/myca.crl
+crlDistributionPoints=URI:http://www.my.com/my.crl,URI:http://www.oth.com/my.crl
+
+Certificate Policies.
+
+This is a RAW extension. It attempts to display the contents of this extension:
+unfortunately this extension is often improperly encoded.
+
+The certificate policies extension will rarely be used in practice: few
+software packages interpret it correctly or at all. IE5 does partially
+support this extension: but it needs the 'ia5org' option because it will
+only correctly support a broken encoding. Of the options below only the
+policy OID, explicitText and CPS options are displayed with IE5.
+
+All the fields of this extension can be set by using the appropriate syntax.
+
+If you follow the PKIX recommendations of not including any qualifiers and just
+using only one OID then you just include the value of that OID. Multiple OIDs
+can be set separated by commas, for example:
+
+certificatePolicies= 1.2.4.5, 1.1.3.4
+
+If you wish to include qualifiers then the policy OID and qualifiers need to
+be specified in a separate section: this is done by using the @section syntax
+instead of a literal OID value.
+
+The section referred to must include the policy OID using the name
+policyIdentifier, cPSuri qualifiers can be included using the syntax:
+
+CPS.nnn=value
+
+userNotice qualifiers can be set using the syntax:
+
+userNotice.nnn=@notice
+
+The value of the userNotice qualifier is specified in the relevant section.
+This section can include explicitText, organization and noticeNumbers
+options. explicitText and organization are text strings, noticeNumbers is a
+comma separated list of numbers. The organization and noticeNumbers options
+(if included) must BOTH be present. If you use the userNotice option with IE5
+then you need the 'ia5org' option at the top level to modify the encoding:
+otherwise it will not be interpreted properly.
+
+Example:
+
+certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect
+
+[polsect]
+
+policyIdentifier = 1.3.5.8
+CPS.1="http://my.host.name/"
+CPS.2="http://my.your.name/"
+userNotice.1=@notice
+
+[notice]
+
+explicitText="Explicit Text Here"
+organization="Organisation Name"
+noticeNumbers=1,2,3,4
+
+TECHNICAL NOTE: the ia5org option changes the type of the 'organization' field,
+according to PKIX it should be of type DisplayText but Verisign uses an 
+IA5STRING and IE5 needs this too.
+
+Display only extensions.
+
+Some extensions are only partially supported and currently are only displayed
+but cannot be set. These include private key usage period, CRL number, and
+CRL reason.
+
+==============================================================================
+		X509V3 Extension code: programmers guide
+==============================================================================
+
+The purpose of the extension code is twofold. It allows an extension to be
+created from a string or structure describing its contents and it prints out an
+extension in a human or machine readable form.
+
+1. Initialisation and cleanup.
+
+No special initialisation is needed before calling the extension functions.
+You used to have to call X509V3_add_standard_extensions(); but this is no longer
+required and this function no longer does anything.
+
+void X509V3_EXT_cleanup(void);
+
+This function should be called to cleanup the extension code if any custom
+extensions have been added. If no custom extensions have been added then this
+call does nothing. After this call all custom extension code is freed up but
+you can still use the standard extensions.
+
+2. Printing and parsing extensions.
+
+The simplest way to print out extensions is via the standard X509 printing
+routines: if you use the standard X509_print() function, the supported
+extensions will be printed out automatically.
+
+The following functions allow finer control over extension display:
+
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
+int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
+
+These two functions print out an individual extension to a BIO or FILE pointer.
+Currently the flag argument is unused and should be set to 0. The 'indent'
+argument is the number of spaces to indent each line.
+
+void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+
+This function parses an extension and returns its internal structure. The
+precise structure you get back depends on the extension being parsed. If the
+extension if basicConstraints you will get back a pointer to a
+BASIC_CONSTRAINTS structure. Check out the source in crypto/x509v3 for more
+details about the structures returned. The returned structure should be freed
+after use using the relevant free function, BASIC_CONSTRAINTS_free() for 
+example.
+
+void	*	X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
+void	*	X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
+void	*	X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
+void 	*	X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
+
+These functions combine the operations of searching for extensions and
+parsing them. They search a certificate, a CRL a CRL entry or a stack
+of extensions respectively for extension whose NID is 'nid' and return
+the parsed result of NULL if an error occurred. For example:
+
+BASIC_CONSTRAINTS *bs;
+bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
+
+This will search for the basicConstraints extension and either return
+it value or NULL. NULL can mean either the extension was not found, it
+occurred more than once or it could not be parsed.
+
+If 'idx' is NULL then an extension is only parsed if it occurs precisely
+once. This is standard behaviour because extensions normally cannot occur
+more than once. If however more than one extension of the same type can
+occur it can be used to parse successive extensions for example:
+
+int i;
+void *ext;
+
+i = -1;
+for(;;) {
+	ext = X509_get_ext_d2i(x, nid, crit, &idx);
+	if(ext == NULL) break;
+	 /* Do something with ext */
+}
+
+If 'crit' is not NULL and the extension was found then the int it points to
+is set to 1 for critical extensions and 0 for non critical. Therefore if the
+function returns NULL but 'crit' is set to 0 or 1 then the extension was
+found but it could not be parsed.
+
+The int pointed to by crit will be set to -1 if the extension was not found
+and -2 if the extension occurred more than once (this will only happen if
+idx is NULL). In both cases the function will return NULL.
+
+3. Generating extensions.
+
+An extension will typically be generated from a configuration file, or some
+other kind of configuration database.
+
+int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+								 X509 *cert);
+int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
+								 X509_CRL *crl);
+
+These functions add all the extensions in the given section to the given
+certificate or CRL. They will normally be called just before the certificate
+or CRL is due to be signed. Both return 0 on error on non zero for success.
+
+In each case 'conf' is the LHASH pointer of the configuration file to use
+and 'section' is the section containing the extension details.
+
+See the 'context functions' section for a description of the ctx parameter.
+
+
+X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
+								 char *value);
+
+This function returns an extension based on a name and value pair, if the
+pair will not need to access other sections in a config file (or there is no
+config file) then the 'conf' parameter can be set to NULL.
+
+X509_EXTENSION *X509V3_EXT_conf_nid(char *conf, X509V3_CTX *ctx, int nid,
+								 char *value);
+
+This function creates an extension in the same way as X509V3_EXT_conf() but
+takes the NID of the extension rather than its name.
+
+For example to produce basicConstraints with the CA flag and a path length of
+10:
+
+x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10");
+
+
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
+
+This function sets up an extension from its internal structure. The ext_nid
+parameter is the NID of the extension and 'crit' is the critical flag.
+
+4. Context functions.
+
+The following functions set and manipulate an extension context structure.
+The purpose of the extension context is to allow the extension code to
+access various structures relating to the "environment" of the certificate:
+for example the issuers certificate or the certificate request.
+
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
+                                 X509_REQ *req, X509_CRL *crl, int flags);
+
+This function sets up an X509V3_CTX structure with details of the certificate
+environment: specifically the issuers certificate, the subject certificate,
+the certificate request and the CRL: if these are not relevant or not
+available then they can be set to NULL. The 'flags' parameter should be set
+to zero.
+
+X509V3_set_ctx_test(ctx)
+
+This macro is used to set the 'ctx' structure to a 'test' value: this is to
+allow the syntax of an extension (or configuration file) to be tested.
+
+X509V3_set_ctx_nodb(ctx)
+
+This macro is used when no configuration database is present.
+
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
+
+This function is used to set the configuration database when it is an LHASH
+structure: typically a configuration file.
+
+The following functions are used to access a configuration database: they
+should only be used in RAW extensions.
+
+char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
+
+This function returns the value of the parameter "name" in "section", or NULL
+if there has been an error.
+
+void X509V3_string_free(X509V3_CTX *ctx, char *str);
+
+This function frees up the string returned by the above function.
+
+STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
+
+This function returns a whole section as a STACK_OF(CONF_VALUE) .
+
+void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
+
+This function frees up the STACK returned by the above function.
+
+Note: it is possible to use the extension code with a custom configuration
+database. To do this the "db_meth" element of the X509V3_CTX structure should
+be set to an X509V3_CTX_METHOD structure. This structure contains the following
+function pointers:
+
+char * (*get_string)(void *db, char *section, char *value);
+STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
+void (*free_string)(void *db, char * string);
+void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
+
+these will be called and passed the 'db' element in the X509V3_CTX structure
+to access the database. If a given function is not implemented or not required
+it can be set to NULL.
+
+5. String helper functions.
+
+There are several "i2s" and "s2i" functions that convert structures to and
+from ASCII strings. In all the "i2s" cases the returned string should be
+freed using Free() after use. Since some of these are part of other extension
+code they may take a 'method' parameter. Unless otherwise stated it can be
+safely set to NULL.
+
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct);
+
+This returns a hex string from an ASN1_OCTET_STRING.
+
+char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
+char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
+
+These return a string decimal representations of an ASN1_INTEGER and an
+ASN1_ENUMERATED type, respectively.
+
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+                                                   X509V3_CTX *ctx, char *str);
+
+This converts an ASCII hex string to an ASN1_OCTET_STRING.
+
+ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
+
+This converts a decimal ASCII string into an ASN1_INTEGER.
+
+6. Multi valued extension helper functions.
+
+The following functions can be used to manipulate STACKs of CONF_VALUE
+structures, as used by multi valued extensions.
+
+int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
+
+This function expects a boolean value in 'value' and sets 'asn1_bool' to
+it. That is it sets it to 0 for FALSE or 0xff for TRUE. The following
+strings are acceptable: "TRUE", "true", "Y", "y", "YES", "yes", "FALSE"
+"false", "N", "n", "NO" or "no".
+
+int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
+
+This accepts a decimal integer of arbitrary length and sets an ASN1_INTEGER.
+
+int X509V3_add_value(const char *name, const char *value,
+						STACK_OF(CONF_VALUE) **extlist);
+
+This simply adds a string name and value pair.
+
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+                          			STACK_OF(CONF_VALUE) **extlist);
+
+The same as above but for an unsigned character value.
+
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+						STACK_OF(CONF_VALUE) **extlist);
+
+This adds either "TRUE" or "FALSE" depending on the value of 'asn1_bool'
+
+int X509V3_add_value_bool_nf(char *name, int asn1_bool,
+						STACK_OF(CONF_VALUE) **extlist);
+
+This is the same as above except it adds nothing if asn1_bool is FALSE.
+
+int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
+						STACK_OF(CONF_VALUE) **extlist);
+
+This function adds the value of the ASN1_INTEGER in decimal form.
+
+7. Other helper functions.
+
+<to be added>
+
+ADDING CUSTOM EXTENSIONS.
+
+Currently there are three types of supported extensions. 
+
+String extensions are simple strings where the value is placed directly in the
+extensions, and the string returned is printed out.
+
+Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs
+or return a STACK_OF(CONF_VALUE).
+
+Raw extensions are just passed a BIO or a value and it is the extensions
+responsibility to handle all the necessary printing.
+
+There are two ways to add an extension. One is simply as an alias to an already
+existing extension. An alias is an extension that is identical in ASN1 structure
+to an existing extension but has a different OBJECT IDENTIFIER. This can be
+done by calling:
+
+int X509V3_EXT_add_alias(int nid_to, int nid_from);
+
+'nid_to' is the new extension NID and 'nid_from' is the already existing
+extension NID.
+
+Alternatively an extension can be written from scratch. This involves writing
+the ASN1 code to encode and decode the extension and functions to print out and
+generate the extension from strings. The relevant functions are then placed in
+a X509V3_EXT_METHOD structure and int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
+called.
+
+The X509V3_EXT_METHOD structure is described below.
+
+strut {
+int ext_nid;
+int ext_flags;
+X509V3_EXT_NEW ext_new;
+X509V3_EXT_FREE ext_free;
+X509V3_EXT_D2I d2i;
+X509V3_EXT_I2D i2d;
+X509V3_EXT_I2S i2s;
+X509V3_EXT_S2I s2i;
+X509V3_EXT_I2V i2v;
+X509V3_EXT_V2I v2i;
+X509V3_EXT_R2I r2i;
+X509V3_EXT_I2R i2r;
+
+void *usr_data;
+};
+
+The elements have the following meanings.
+
+ext_nid		is the NID of the object identifier of the extension.
+
+ext_flags	is set of flags. Currently the only external flag is
+		X509V3_EXT_MULTILINE which means a multi valued extensions
+		should be printed on separate lines.
+
+usr_data	is an extension specific pointer to any relevant data. This
+		allows extensions to share identical code but have different
+		uses. An example of this is the bit string extension which uses
+		usr_data to contain a list of the bit names.
+
+All the remaining elements are function pointers.
+
+ext_new		is a pointer to a function that allocates memory for the
+		extension ASN1 structure: for example ASN1_OBJECT_new().
+
+ext_free	is a pointer to a function that free up memory of the extension
+		ASN1 structure: for example ASN1_OBJECT_free().
+
+d2i		is the standard ASN1 function that converts a DER buffer into
+		the internal ASN1 structure: for example d2i_ASN1_IA5STRING().
+
+i2d		is the standard ASN1 function that converts the internal
+		structure into the DER representation: for example
+		i2d_ASN1_IA5STRING().
+
+The remaining functions are depend on the type of extension. One i2X and
+one X2i should be set and the rest set to NULL. The types set do not need
+to match up, for example the extension could be set using the multi valued
+v2i function and printed out using the raw i2r.
+
+All functions have the X509V3_EXT_METHOD passed to them in the 'method'
+parameter and an X509V3_CTX structure. Extension code can then access the
+parent structure via the 'method' parameter to for example make use of the value
+of usr_data. If the code needs to use detail relating to the request it can
+use the 'ctx' parameter.
+
+A note should be given here about the 'flags' member of the 'ctx' parameter.
+If it has the value CTX_TEST then the configuration syntax is being checked
+and no actual certificate or CRL exists. Therefore any attempt in the config
+file to access such information should silently succeed. If the syntax is OK
+then it should simply return a (possibly bogus) extension, otherwise it
+should return NULL.
+
+char *i2s(struct v3_ext_method *method, void *ext);
+
+This function takes the internal structure in the ext parameter and returns
+a Malloc'ed string representing its value.
+
+void * s2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
+
+This function takes the string representation in the ext parameter and returns
+an allocated internal structure: ext_free() will be used on this internal
+structure after use.
+
+i2v and v2i handle a STACK_OF(CONF_VALUE):
+
+typedef struct
+{
+        char *section;
+        char *name;
+        char *value;
+} CONF_VALUE;
+
+Only the name and value members are currently used.
+
+STACK_OF(CONF_VALUE) * i2v(struct v3_ext_method *method, void *ext);
+
+This function is passed the internal structure in the ext parameter and
+returns a STACK of CONF_VALUE structures. The values of name, value,
+section and the structure itself will be freed up with Free after use.
+Several helper functions are available to add values to this STACK.
+
+void * v2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx,
+						STACK_OF(CONF_VALUE) *values);
+
+This function takes a STACK_OF(CONF_VALUE) structures and should set the
+values of the external structure. This typically uses the name element to
+determine which structure element to set and the value element to determine
+what to set it to. Several helper functions are available for this
+purpose (see above).
+
+int i2r(struct v3_ext_method *method, void *ext, BIO *out, int indent);
+
+This function is passed the internal extension structure in the ext parameter
+and sends out a human readable version of the extension to out. The 'indent'
+parameter should be noted to determine the necessary amount of indentation
+needed on the output.
+
+void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
+
+This is just passed the string representation of the extension. It is intended
+to be used for more elaborate extensions where the standard single and multi
+valued options are insufficient. They can use the 'ctx' parameter to parse the
+configuration database themselves. See the context functions section for details
+of how to do this.
+
+Note: although this type takes the same parameters as the "r2s" function there
+is a subtle difference. Whereas an "r2i" function can access a configuration
+database an "s2i" function MUST NOT. This is so the internal code can safely
+assume that an "s2i" function will work without a configuration database.
+
+==============================================================================
+                            PKCS#12 Library
+==============================================================================
+
+This section describes the internal PKCS#12 support. There are very few
+differences between the old external library and the new internal code at
+present. This may well change because the external library will not be updated
+much in future.
+
+This version now includes a couple of high level PKCS#12 functions which
+generally "do the right thing" and should make it much easier to handle PKCS#12
+structures.
+
+HIGH LEVEL FUNCTIONS.
+
+For most applications you only need concern yourself with the high level
+functions. They can parse and generate simple PKCS#12 files as produced by
+Netscape and MSIE or indeed any compliant PKCS#12 file containing a single
+private key and certificate pair.
+
+1. Initialisation and cleanup.
+
+No special initialisation is needed for the internal PKCS#12 library: the 
+standard SSLeay_add_all_algorithms() is sufficient. If you do not wish to
+add all algorithms (you should at least add SHA1 though) then you can manually
+initialise the PKCS#12 library with:
+
+PKCS12_PBE_add();
+
+The memory allocated by the PKCS#12 library is freed up when EVP_cleanup() is
+called or it can be directly freed with:
+
+EVP_PBE_cleanup();
+
+after this call (or EVP_cleanup() ) no more PKCS#12 library functions should
+be called.
+
+2. I/O functions.
+
+i2d_PKCS12_bio(bp, p12)
+
+This writes out a PKCS12 structure to a BIO.
+
+i2d_PKCS12_fp(fp, p12)
+
+This is the same but for a FILE pointer.
+
+d2i_PKCS12_bio(bp, p12)
+
+This reads in a PKCS12 structure from a BIO.
+
+d2i_PKCS12_fp(fp, p12)
+
+This is the same but for a FILE pointer.
+
+3. High level functions.
+
+3.1 Parsing with PKCS12_parse().
+
+int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert,
+								 STACK **ca);
+
+This function takes a PKCS12 structure and a password (ASCII, null terminated)
+and returns the private key, the corresponding certificate and any CA
+certificates. If any of these is not required it can be passed as a NULL.
+The 'ca' parameter should be either NULL, a pointer to NULL or a valid STACK
+structure. Typically to read in a PKCS#12 file you might do:
+
+p12 = d2i_PKCS12_fp(fp, NULL);
+PKCS12_parse(p12, password, &pkey, &cert, NULL); 	/* CAs not wanted */
+PKCS12_free(p12);
+
+3.2 PKCS#12 creation with PKCS12_create().
+
+PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
+			STACK *ca, int nid_key, int nid_cert, int iter,
+						 int mac_iter, int keytype);
+
+This function will create a PKCS12 structure from a given password, name,
+private key, certificate and optional STACK of CA certificates. The remaining
+5 parameters can be set to 0 and sensible defaults will be used.
+
+The parameters nid_key and nid_cert are the key and certificate encryption
+algorithms, iter is the encryption iteration count, mac_iter is the MAC
+iteration count and keytype is the type of private key. If you really want
+to know what these last 5 parameters do then read the low level section.
+
+Typically to create a PKCS#12 file the following could be used:
+
+p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0);
+i2d_PKCS12_fp(fp, p12);
+PKCS12_free(p12);
+
+3.3 Changing a PKCS#12 structure password.
+
+int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
+
+This changes the password of an already existing PKCS#12 structure. oldpass
+is the old password and newpass is the new one. An error occurs if the old
+password is incorrect.
+
+LOW LEVEL FUNCTIONS.
+
+In some cases the high level functions do not provide the necessary
+functionality. For example if you want to generate or parse more complex
+PKCS#12 files. The sample pkcs12 application uses the low level functions
+to display details about the internal structure of a PKCS#12 file.
+
+Introduction.
+
+This is a brief description of how a PKCS#12 file is represented internally:
+some knowledge of PKCS#12 is assumed.
+
+A PKCS#12 object contains several levels.
+
+At the lowest level is a PKCS12_SAFEBAG. This can contain a certificate, a
+CRL, a private key, encrypted or unencrypted, a set of safebags (so the
+structure can be nested) or other secrets (not documented at present). 
+A safebag can optionally have attributes, currently these are: a unicode
+friendlyName (a Unicode string) or a localKeyID (a string of bytes).
+
+At the next level is an authSafe which is a set of safebags collected into
+a PKCS#7 ContentInfo. This can be just plain data, or encrypted itself.
+
+At the top level is the PKCS12 structure itself which contains a set of
+authSafes in an embedded PKCS#7 Contentinfo of type data. In addition it
+contains a MAC which is a kind of password protected digest to preserve
+integrity (so any unencrypted stuff below can't be tampered with).
+
+The reason for these levels is so various objects can be encrypted in various
+ways. For example you might want to encrypt a set of private keys with
+triple-DES and then include the related certificates either unencrypted or
+with lower encryption. Yes it's the dreaded crypto laws at work again which
+allow strong encryption on private keys and only weak encryption on other
+stuff.
+
+To build one of these things you turn all certificates and keys into safebags
+(with optional attributes). You collect the safebags into (one or more) STACKS
+and convert these into authsafes (encrypted or unencrypted).  The authsafes
+are collected into a STACK and added to a PKCS12 structure.  Finally a MAC
+inserted.
+
+Pulling one apart is basically the reverse process. The MAC is verified against
+the given password. The authsafes are extracted and each authsafe split into
+a set of safebags (possibly involving decryption). Finally the safebags are
+decomposed into the original keys and certificates and the attributes used to
+match up private key and certificate pairs.
+
+Anyway here are the functions that do the dirty work.
+
+1. Construction functions.
+
+1.1 Safebag functions.
+
+M_PKCS12_x5092certbag(x509)
+
+This macro takes an X509 structure and returns a certificate bag. The
+X509 structure can be freed up after calling this function.
+
+M_PKCS12_x509crl2certbag(crl)
+
+As above but for a CRL.
+
+PKCS8_PRIV_KEY_INFO *PKEY2PKCS8(EVP_PKEY *pkey)
+
+Take a private key and convert it into a PKCS#8 PrivateKeyInfo structure.
+Works for both RSA and DSA private keys. NB since the PKCS#8 PrivateKeyInfo
+structure contains a private key data in plain text form it should be free'd
+up as soon as it has been encrypted for security reasons (freeing up the
+structure zeros out the sensitive data). This can be done with
+PKCS8_PRIV_KEY_INFO_free().
+
+PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
+
+This sets the key type when a key is imported into MSIE or Outlook 98. Two
+values are currently supported: KEY_EX and KEY_SIG. KEY_EX is an exchange type
+key that can also be used for signing but its size is limited in the export
+versions of MS software to 512 bits, it is also the default. KEY_SIG is a
+signing only key but the keysize is unlimited (well 16K is supposed to work).
+If you are using the domestic version of MSIE then you can ignore this because
+KEY_EX is not limited and can be used for both.
+
+PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
+
+Convert a PKCS8 private key structure into a keybag. This routine embeds the
+p8 structure in the keybag so p8 should not be freed up or used after it is
+called.  The p8 structure will be freed up when the safebag is freed.
+
+PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8)
+
+Convert a PKCS#8 structure into a shrouded key bag (encrypted). p8 is not
+embedded and can be freed up after use.
+
+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
+int PKCS12_add_friendlyname(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
+
+Add a local key id or a friendlyname to a safebag.
+
+1.2 Authsafe functions.
+
+PKCS7 *PKCS12_pack_p7data(STACK *sk)
+Take a stack of safebags and convert them into an unencrypted authsafe. The
+stack of safebags can be freed up after calling this function.
+
+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, STACK *bags);
+
+As above but encrypted.
+
+1.3 PKCS12 functions.
+
+PKCS12 *PKCS12_init(int mode)
+
+Initialise a PKCS12 structure (currently mode should be NID_pkcs7_data).
+
+M_PKCS12_pack_authsafes(p12, safes)
+
+This macro takes a STACK of authsafes and adds them to a PKCS#12 structure.
+
+int PKCS12_set_mac(PKCS12 *p12, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, EVP_MD *md_type);
+
+Add a MAC to a PKCS12 structure. If EVP_MD is NULL use SHA-1, the spec suggests
+that SHA-1 should be used.
+
+2. Extraction Functions.
+
+2.1 Safebags.
+
+M_PKCS12_bag_type(bag)
+
+Return the type of "bag". Returns one of the following
+
+NID_keyBag
+NID_pkcs8ShroudedKeyBag			7
+NID_certBag				8
+NID_crlBag				9
+NID_secretBag				10
+NID_safeContentsBag			11
+
+M_PKCS12_cert_bag_type(bag)
+
+Returns type of certificate bag, following are understood.
+
+NID_x509Certificate			14
+NID_sdsiCertificate			15
+
+M_PKCS12_crl_bag_type(bag)
+
+Returns crl bag type, currently only NID_crlBag is recognised.
+
+M_PKCS12_certbag2x509(bag)
+
+This macro extracts an X509 certificate from a certificate bag.
+
+M_PKCS12_certbag2x509crl(bag)
+
+As above but for a CRL.
+
+EVP_PKEY * PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
+
+Extract a private key from a PKCS8 private key info structure.
+
+M_PKCS12_decrypt_skey(bag, pass, passlen) 
+
+Decrypt a shrouded key bag and return a PKCS8 private key info structure.
+Works with both RSA and DSA keys
+
+char *PKCS12_get_friendlyname(bag)
+
+Returns the friendlyName of a bag if present or NULL if none. The returned
+string is a null terminated ASCII string allocated with Malloc(). It should 
+thus be freed up with Free() after use.
+
+2.2 AuthSafe functions.
+
+M_PKCS12_unpack_p7data(p7)
+
+Extract a STACK of safe bags from a PKCS#7 data ContentInfo.
+
+#define M_PKCS12_unpack_p7encdata(p7, pass, passlen)
+
+As above but for an encrypted content info.
+
+2.3 PKCS12 functions.
+
+M_PKCS12_unpack_authsafes(p12)
+
+Extract a STACK of authsafes from a PKCS12 structure.
+
+M_PKCS12_mac_present(p12)
+
+Check to see if a MAC is present.
+
+int PKCS12_verify_mac(PKCS12 *p12, unsigned char *pass, int passlen)
+
+Verify a MAC on a PKCS12 structure. Returns an error if MAC not present.
+
+
+Notes.
+
+1. All the function return 0 or NULL on error.
+2. Encryption based functions take a common set of parameters. These are
+described below.
+
+pass, passlen
+ASCII password and length. The password on the MAC is called the "integrity
+password" the encryption password is called the "privacy password" in the
+PKCS#12 documentation. The passwords do not have to be the same. If -1 is
+passed for the length it is worked out by the function itself (currently
+this is sometimes done whatever is passed as the length but that may change).
+
+salt, saltlen
+A 'salt' if salt is NULL a random salt is used. If saltlen is also zero a
+default length is used.
+
+iter
+Iteration count. This is a measure of how many times an internal function is
+called to encrypt the data. The larger this value is the longer it takes, it
+makes dictionary attacks on passwords harder. NOTE: Some implementations do
+not support an iteration count on the MAC. If the password for the MAC and
+encryption is the same then there is no point in having a high iteration
+count for encryption if the MAC has no count. The MAC could be attacked
+and the password used for the main decryption.
+
+pbe_nid
+This is the NID of the password based encryption method used. The following are
+supported.
+NID_pbe_WithSHA1And128BitRC4
+NID_pbe_WithSHA1And40BitRC4
+NID_pbe_WithSHA1And3_Key_TripleDES_CBC
+NID_pbe_WithSHA1And2_Key_TripleDES_CBC
+NID_pbe_WithSHA1And128BitRC2_CBC
+NID_pbe_WithSHA1And40BitRC2_CBC
+
+Which you use depends on the implementation you are exporting to. "Export
+grade" (i.e. cryptographically challenged) products cannot support all
+algorithms. Typically you may be able to use any encryption on shrouded key
+bags but they must then be placed in an unencrypted authsafe. Other authsafes
+may only support 40bit encryption. Of course if you are using SSLeay
+throughout you can strongly encrypt everything and have high iteration counts
+on everything.
+
+3. For decryption routines only the password and length are needed.
+
+4. Unlike the external version the nid's of objects are the values of the
+constants: that is NID_certBag is the real nid, therefore there is no 
+PKCS12_obj_offset() function.  Note the object constants are not the same as
+those of the external version. If you use these constants then you will need
+to recompile your code.
+
+5. With the exception of PKCS12_MAKE_KEYBAG(), after calling any function or 
+macro of the form PKCS12_MAKE_SOMETHING(other) the "other" structure can be
+reused or freed up safely.
+
diff --git a/doc/openssl_button.gif b/doc/openssl_button.gif
new file mode 100644
index 0000000000..3d3c90c9f8
--- /dev/null
+++ b/doc/openssl_button.gif
diff --git a/doc/openssl_button.html b/doc/openssl_button.html
new file mode 100644
index 0000000000..44c91bd3d0
--- /dev/null
+++ b/doc/openssl_button.html
@@ -0,0 +1,7 @@
+
+<!-- the `Includes OpenSSL Cryptogaphy Software' button      -->
+<!-- freely usable by any application linked against OpenSSL -->
+<a   href="http://www.openssl.org/">
+<img src="openssl_button.gif" 
+     width=102 height=47 border=0></a>
+
diff --git a/doc/rand.doc b/doc/rand.doc
deleted file mode 100644
index da02a07f64..0000000000
--- a/doc/rand.doc
+++ /dev/null
@@ -1,141 +0,0 @@
-My Random number library.
-
-These routines can be used to generate pseudo random numbers and can be
-used to 'seed' the pseudo random number generator (RNG).  The RNG make no
-effort to reproduce the same random number stream with each execution.
-Various other routines in the SSLeay library 'seed' the RNG when suitable
-'random' input data is available.  Read the section at the end for details
-on the design of the RNG.
-
-void RAND_bytes(
-unsigned char *buf,
-int num);
-	This routine puts 'num' random bytes into 'buf'.  One should make
-	sure RAND_seed() has been called before using this routine.
-	
-void RAND_seed(
-unsigned char *buf,
-int num);
-	This routine adds more 'seed' data the RNG state.  'num' bytes
-	are added to the RNG state, they are taken from 'buf'.  This
-	routine can be called with sensitive data such as user entered
-	passwords.  This sensitive data is in no way recoverable from
-	the RAND library routines or state.  Try to pass as much data
-	from 'random' sources as possible into the RNG via this function.
-	Also strongly consider using the RAND_load_file() and
-	RAND_write_file() routines.
-
-void RAND_cleanup();
-	When a program has finished with the RAND library, if it so
-	desires, it can 'zero' all RNG state.
-	
-The following 3 routines are convenience routines that can be used to
-'save' and 'restore' data from/to the RNG and it's state.
-Since the more 'random' data that is feed as seed data the better, why not
-keep it around between executions of the program?  Of course the
-application should pass more 'random' data in via RAND_seed() and 
-make sure no-one can read the 'random' data file.
-	
-char *RAND_file_name(
-char *buf,
-int size);
-	This routine returns a 'default' name for the location of a 'rand'
-	file.  The 'rand' file should keep a sequence of random bytes used
-	to initialise the RNG.  The filename is put in 'buf'.  Buf is 'size'
-	bytes long.  Buf is returned if things go well, if they do not,
-	NULL is returned.  The 'rand' file name is generated in the
-	following way.  First, if there is a 'RANDFILE' environment
-	variable, it is returned.  Second, if there is a 'HOME' environment
-	variable, $HOME/.rand is returned.  Third, NULL is returned.  NULL
-	is also returned if a buf would overflow.
-
-int RAND_load_file(
-char *file,
-long number);
-	This function 'adds' the 'file' into the RNG state.  It does this by
-	doing a RAND_seed() on the value returned from a stat() system call
-	on the file and if 'number' is non-zero, upto 'number' bytes read
-	from the file.  The number of bytes passed to RAND_seed() is returned.
-
-int RAND_write_file(
-char *file),
-	RAND_write_file() writes N random bytes to the file 'file', where
-	N is the size of the internal RND state (currently 1k).
-	This is a suitable method of saving RNG state for reloading via
-	RAND_load_file().
-
-What follows is a description of this RNG and a description of the rational
-behind it's design.
-
-It should be noted that this RNG is intended to be used to generate
-'random' keys for various ciphers including generation of DH and RSA keys.  
-
-It should also be noted that I have just created a system that I am happy with.
-It may be overkill but that does not worry me.  I have not spent that much
-time on this algorithm so if there are glaring errors, please let me know.
-Speed has not been a consideration in the design of these routines.
-
-First up I will state the things I believe I need for a good RNG.
-1) A good hashing algorithm to mix things up and to convert the RNG 'state'
-   to random numbers.
-2) An initial source of random 'state'.
-3) The state should be very large.  If the RNG is being used to generate
-   4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum).
-   If your RNG state only has 128 bits, you are obviously limiting the
-   search space to 128 bits, not 2048.  I'm probably getting a little
-   carried away on this last point but it does indicate that it may not be
-   a bad idea to keep quite a lot of RNG state.  It should be easier to
-   break a cipher than guess the RNG seed data.
-4) Any RNG seed data should influence all subsequent random numbers
-   generated.  This implies that any random seed data entered will have
-   an influence on all subsequent random numbers generated.
-5) When using data to seed the RNG state, the data used should not be
-   extractable from the RNG state.  I believe this should be a
-   requirement because one possible source of 'secret' semi random
-   data would be a private key or a password.  This data must
-   not be disclosed by either subsequent random numbers or a
-   'core' dump left by a program crash.
-6) Given the same initial 'state', 2 systems should deviate in their RNG state
-   (and hence the random numbers generated) over time if at all possible.
-7) Given the random number output stream, it should not be possible to determine
-   the RNG state or the next random number.
-
-
-The algorithm is as follows.
-
-There is global state made up of a 1023 byte buffer (the 'state'), a
-working message digest ('md') and a counter ('count').
-
-Whenever seed data is added, it is inserted into the 'state' as
-follows.
-	The input is chopped up into units of 16 bytes (or less for
-	the last block).  Each of these blocks is run through the MD5
-	message digest.  The data passed to the MD5 digest is the
-	current 'md', the same number of bytes from the 'state'
-	(the location determined by in incremented looping index) as
-	the current 'block' and the new key data 'block'.  The result
-	of this is kept in 'md' and also xored into the 'state' at the
-	same locations that were used as input into the MD5.
-	I believe this system addresses points 1 (MD5), 3 (the 'state'),
-	4 (via the 'md'), 5 (by the use of MD5 and xor).
-
-When bytes are extracted from the RNG, the following process is used.
-For each group of 8 bytes (or less), we do the following,
-	Input into MD5, the top 8 bytes from 'md', the byte that are
-	to be overwritten by the random bytes and bytes from the
-	'state' (incrementing looping index).  From this digest output
-	(which is kept in 'md'), the top (upto) 8 bytes are
-	returned to the caller and the bottom (upto) 8 bytes are xored
-	into the 'state'.
-	Finally, after we have finished 'generation' random bytes for the
-	called, 'count' (which is incremented) and 'md' are fed into MD5 and
-	the results are kept in 'md'.
-	I believe the above addressed points 1 (use of MD5), 6 (by
-	hashing into the 'state' the 'old' data from the caller that
-	is about to be overwritten) and 7 (by not using the 8 bytes
-	given to the caller to update the 'state', but they are used
-	to update 'md').
-
-So of the points raised, only 2 is not addressed, but sources of
-random data will always be a problem.
-	
diff --git a/doc/rc2.doc b/doc/rc2.doc
deleted file mode 100644
index efab015bd1..0000000000
--- a/doc/rc2.doc
+++ /dev/null
@@ -1,165 +0,0 @@
-The RC2 library.
-
-RC2 is a block cipher that operates on 64bit (8 byte) quantities.  It
-uses variable size key, but 128bit (16 byte) key would normally be considered
-good.  It can be used in all the modes that DES can be used.  This
-library implements the ecb, cbc, cfb64, ofb64 modes.
-
-I have implemented this library from an article posted to sci.crypt on
-11-Feb-1996.  I personally don't know how far to trust the RC2 cipher.
-While it is capable of having a key of any size, not much reseach has
-publically been done on it at this point in time (Apr-1996)
-since the cipher has only been public for a few months :-)
-It is of a similar speed to DES and IDEA, so unless it is required for
-meeting some standard (SSLv2, perhaps S/MIME), it would probably be advisable
-to stick to IDEA, or for the paranoid, Tripple DES.
-
-Mind you, having said all that, I should mention that I just read alot and
-implement ciphers, I'm a 'babe in the woods' when it comes to evaluating
-ciphers :-).
-
-For all calls that have an 'input' and 'output' variables, they can be the
-same.
-
-This library requires the inclusion of 'rc2.h'.
-
-All of the encryption functions take what is called an RC2_KEY as an 
-argument.  An RC2_KEY is an expanded form of the RC2 key.
-For all modes of the RC2 algorithm, the RC2_KEY used for
-decryption is the same one that was used for encryption.
-
-The define RC2_ENCRYPT is passed to specify encryption for the functions
-that require an encryption/decryption flag. RC2_DECRYPT is passed to
-specify decryption.
-
-Please note that any of the encryption modes specified in my DES library
-could be used with RC2.  I have only implemented ecb, cbc, cfb64 and
-ofb64 for the following reasons.
-- ecb is the basic RC2 encryption.
-- cbc is the normal 'chaining' form for block ciphers.
-- cfb64 can be used to encrypt single characters, therefore input and output
-  do not need to be a multiple of 8.
-- ofb64 is similar to cfb64 but is more like a stream cipher, not as
-  secure (not cipher feedback) but it does not have an encrypt/decrypt mode.
-- If you want triple RC2, thats 384 bits of key and you must be totally
-  obsessed with security.  Still, if you want it, it is simple enough to
-  copy the function from the DES library and change the des_encrypt to
-  RC2_encrypt; an exercise left for the paranoid reader :-).
-
-The functions are as follows:
-
-void RC2_set_key(
-RC2_KEY *ks;
-int len;
-unsigned char *key;
-int bits;
-        RC2_set_key converts an 'len' byte key into a RC2_KEY.
-        A 'ks' is an expanded form of the 'key' which is used to
-        perform actual encryption.  It can be regenerated from the RC2 key
-        so it only needs to be kept when encryption or decryption is about
-        to occur.  Don't save or pass around RC2_KEY's since they
-        are CPU architecture dependent, 'key's are not.  RC2 is an
-	interesting cipher in that it can be used with a variable length
-	key.  'len' is the length of 'key' to be used as the key.
-	A 'len' of 16 is recomended.  The 'bits' argument is an
-	interesting addition which I only found out about in Aug 96.
-	BSAFE uses this parameter to 'limit' the number of bits used
-	for the key.  To use the 'key' unmodified, set bits to 1024.
-	This is what old versions of my RC2 library did (SSLeay 0.6.3).
-	RSAs BSAFE library sets this parameter to be 128 if 128 bit
-	keys are being used.  So to be compatable with BSAFE, set it
-	to 128, if you don't want to reduce RC2's key length, leave it
-	at 1024.
-	
-void RC2_encrypt(
-unsigned long *data,
-RC2_KEY *key,
-int encrypt);
-	This is the RC2 encryption function that gets called by just about
-	every other RC2 routine in the library.  You should not use this
-	function except to implement 'modes' of RC2.  I say this because the
-	functions that call this routine do the conversion from 'char *' to
-	long, and this needs to be done to make sure 'non-aligned' memory
-	access do not occur.
-	Data is a pointer to 2 unsigned long's and key is the
-	RC2_KEY to use.  Encryption or decryption is indicated by 'encrypt'.
-	which can have the values RC2_ENCRYPT or RC2_DECRYPT.
-
-void RC2_ecb_encrypt(
-unsigned char *in,
-unsigned char *out,
-RC2_KEY *key,
-int encrypt);
-	This is the basic Electronic Code Book form of RC2 (in DES this
-	mode is called Electronic Code Book so I'm going to use the term
-	for rc2 as well.
-	Input is encrypted into output using the key represented by
-	key.  Depending on the encrypt, encryption or
-	decryption occurs.  Input is 8 bytes long and output is 8 bytes.
-	
-void RC2_cbc_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-RC2_KEY *ks,
-unsigned char *ivec,
-int encrypt);
-	This routine implements RC2 in Cipher Block Chaining mode.
-	Input, which should be a multiple of 8 bytes is encrypted
-	(or decrypted) to output which will also be a multiple of 8 bytes.
-	The number of bytes is in length (and from what I've said above,
-	should be a multiple of 8).  If length is not a multiple of 8, bad 
-	things will probably happen.  ivec is the initialisation vector.
-	This function updates iv after each call so that it can be passed to
-	the next call to RC2_cbc_encrypt().
-	
-void RC2_cfb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-RC2_KEY *schedule,
-unsigned char *ivec,
-int *num,
-int encrypt);
-	This is one of the more useful functions in this RC2 library, it
-	implements CFB mode of RC2 with 64bit feedback.
-	This allows you to encrypt an arbitrary number of bytes,
-	you do not require 8 byte padding.  Each call to this
-	routine will encrypt the input bytes to output and then update ivec
-	and num.  Num contains 'how far' we are though ivec.
-	'Encrypt' is used to indicate encryption or decryption.
-	CFB64 mode operates by using the cipher to generate a stream
-	of bytes which is used to encrypt the plain text.
-	The cipher text is then encrypted to generate the next 64 bits to
-	be xored (incrementally) with the next 64 bits of plain
-	text.  As can be seen from this, to encrypt or decrypt,
-	the same 'cipher stream' needs to be generated but the way the next
-	block of data is gathered for encryption is different for
-	encryption and decryption.
-	
-void RC2_ofb64_encrypt(
-unsigned char *in,
-unsigned char *out,
-long length,
-RC2_KEY *schedule,
-unsigned char *ivec,
-int *num);
-	This functions implements OFB mode of RC2 with 64bit feedback.
-	This allows you to encrypt an arbitrary number of bytes,
-	you do not require 8 byte padding.  Each call to this
-	routine will encrypt the input bytes to output and then update ivec
-	and num.  Num contains 'how far' we are though ivec.
-	This is in effect a stream cipher, there is no encryption or
-	decryption mode.
-	
-For reading passwords, I suggest using des_read_pw_string() from my DES library.
-To generate a password from a text string, I suggest using MD5 (or MD2) to
-produce a 16 byte message digest that can then be passed directly to
-RC2_set_key().
-
-=====
-For more information about the specific RC2 modes in this library
-(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the
-documentation on my DES library.  What is said about DES is directly
-applicable for RC2.
-
diff --git a/doc/rc4.doc b/doc/rc4.doc
deleted file mode 100644
index 4b2897eb74..0000000000
--- a/doc/rc4.doc
+++ /dev/null
@@ -1,44 +0,0 @@
-The RC4 library.
-RC4 is a stream cipher that operates on a byte stream.  It can be used with
-any length key but I would recommend normally using 16 bytes.
-
-This library requires the inclusion of 'rc4.h'.
-
-The RC4 encryption function takes what is called an RC4_KEY as an argument.
-The RC4_KEY is generated by the RC4_set_key function from the key bytes.
-
-RC4, being a stream cipher, does not have an encryption or decryption mode.
-It produces a stream of bytes that the input stream is xor'ed against and
-so decryption is just a case of 'encrypting' again with the same key.
-
-I have only put in one 'mode' for RC4 which is the normal one.  This means
-there is no initialisation vector and there is no feedback of the cipher
-text into the cipher.  This implies that you should not ever use the
-same key twice if you can help it.  If you do, you leave yourself open to
-known plain text attacks; if you know the plain text and
-corresponding cipher text in one message, all messages that used the same
-key can have the cipher text decoded for the corresponding positions in the
-cipher stream.
-
-The main positive feature of RC4 is that it is a very fast cipher; about 4
-times faster that DES.  This makes it ideally suited to protocols where the
-key is randomly chosen, like SSL.
-
-The functions are as follows:
-
-void RC4_set_key(
-RC4_KEY *key;
-int len;
-unsigned char *data);
-	This function initialises the RC4_KEY structure with the key passed
-	in 'data', which is 'len' bytes long.  The key data can be any
-	length but 16 bytes seems to be a good number.
-
-void RC4(
-RC4_KEY *key;
-unsigned long len;
-unsigned char *in;
-unsigned char *out);
-	Do the actual RC4 encryption/decryption.  Using the 'key', 'len'
-	bytes are transformed from 'in' to 'out'.  As mentioned above,
-	decryption is the operation as encryption.
diff --git a/doc/readme b/doc/readme
deleted file mode 100644
index 824d4fd0e2..0000000000
--- a/doc/readme
+++ /dev/null
@@ -1,6 +0,0 @@
-This is the old 0.6.6 docuementation.  Most of the cipher stuff is still
-relevent but I'm working (very slowly) on new docuemtation.
-The current version can be found online at
-
-http://www.cryptsoft.com/ssleay/doc
-
diff --git a/doc/ref.doc b/doc/ref.doc
deleted file mode 100644
index 211559900d..0000000000
--- a/doc/ref.doc
+++ /dev/null
@@ -1,48 +0,0 @@
-I have lots more references etc, and will update this list in the future,
-30 Aug 1996 - eay
-
-
-SSL	The SSL Protocol - from Netscapes.
-
-RC4	Newsgroups: sci.crypt
-	From: sterndark@netcom.com (David Sterndark)
-	Subject: RC4 Algorithm revealed.
-	Message-ID: <sternCvKL4B.Hyy@netcom.com>
-
-RC2	Newsgroups: sci.crypt
-	From: pgut01@cs.auckland.ac.nz (Peter Gutmann)
-	Subject: Specification for Ron Rivests Cipher No.2
-	Message-ID: <4fk39f$f70@net.auckland.ac.nz>
-
-MD2	RFC1319 The MD2 Message-Digest Algorithm
-MD5	RFC1321 The MD5 Message-Digest Algorithm
-
-X509 Certificates
-	RFC1421 Privacy Enhancement for Internet Electronic Mail: Part I
-	RFC1422 Privacy Enhancement for Internet Electronic Mail: Part II
-	RFC1423 Privacy Enhancement for Internet Electronic Mail: Part III
-	RFC1424 Privacy Enhancement for Internet Electronic Mail: Part IV
-
-RSA and various standard encoding
-	PKCS#1 RSA Encryption Standard
-	PKCS#5 Password-Based Encryption Standard
-	PKCS#7 Cryptographic Message Syntax Standard
-	A Layman's Guide to a Subset of ASN.1, BER, and DER
-	An Overview of the PKCS Standards
-	Some Examples of the PKCS Standards
-
-IDEA	Chapter 3 The Block Cipher IDEA
-
-RSA, prime number generation and bignum algorithms
-	Introduction To Algorithms,
-	Thomas Cormen, Charles Leiserson, Ronald Rivest,
-	Section 29 Arithmetic Circuits
-	Section 33 Number-Theoretic Algorithms
-
-Fast Private Key algorithm
-	Fast Decipherment Algorithm for RSA Public-Key Cryptosystem
-	J.-J. Quisquater and C. Couvreur, Electronics Letters,
-	14th October 1982, Vol. 18 No. 21
-
-Prime number generation and bignum algorithms.
-	PGP-2.3a
diff --git a/doc/req.1 b/doc/req.1
deleted file mode 100644
index 684fda580e..0000000000
--- a/doc/req.1
+++ /dev/null
@@ -1,137 +0,0 @@
-The 'req' command is used to manipulate and deal with pkcs#10
-certificate requests.
-
-It's default mode of operation is to load a certificate and then
-write it out again.
-
-By default the 'req' is read from stdin in 'PEM' format.
-The -inform option can be used to specify 'pem' format or 'der'
-format.  PEM format is the base64 encoding of the DER format.
-
-By default 'req' then writes the request back out. -outform can be used
-to indicate the desired output format, be it 'pem' or 'der'.
-
-To specify an input file, use the '-in' option and the '-out' option
-can be used to specify the output file.
-
-If you wish to perform a command and not output the certificate
-request afterwards, use the '-noout' option.
-
-When a certificate is loaded, it can be printed in a human readable
-ascii format via the '-text' option.
-
-To check that the signature on a certificate request is correct, use
-the '-verify' option to make sure that the private key contained in the
-certificate request corresponds to the signature.
-
-Besides the default mode, there is also the 'generate a certificate
-request' mode.  There are several flags that trigger this mode.
-
--new will generate a new RSA key (if required) and then prompts
-the user for details for the certificate request.
--newkey has an argument that is the number of bits to make the new
-key.  This function also triggers '-new'.
-
-The '-new' option can have a key to use specified instead of having to
-load one, '-key' is used to specify the file containg the key.
--keyform can be used to specify the format of the key.  Only
-'pem' and 'der' formats are supported, later, 'netscape' format may be added.
-
-Finally there is the '-x509' options which makes req output a self
-signed x509 certificate instead of a certificate request.
-
-Now as you may have noticed, there are lots of default options that
-cannot be specified via the command line.  They are held in a 'template'
-or 'configuration file'.  The -config option specifies which configuration
-file to use.  See conf.doc for details on the syntax of this file.
-
-The req command uses the 'req' section of the config file.
-
----
-# The following variables are defined.  For this example I will populate
-# the various values
-[ req ]
-default_bits	= 512		# default number of bits to use.
-default_keyfile	= testkey.pem	# Where to write the generated keyfile
-				# if not specified.
-distinguished_name= req_dn	# The section that contains the
-				# information about which 'object' we
-				# want to put in the DN.
-attributes	= req_attr	# The objects we want for the
-				# attributes field.
-encrypt_rsa_key	= no		# Should we encrypt newly generated
-				# keys.  I strongly recommend 'yes'.
-
-# The distinguished name section.  For the following entries, the
-# object names must exist in the SSLeay header file objects.h.  If they
-# do not, they will be silently ignored.  The entries have the following
-# format.
-# <object_name>		=> string to prompt with
-# <object_name>_default	=> default value for people
-# <object_name>_value	=> Automatically use this value for this field.
-# <object_name>_min	=> minimum number of characters for data (def. 0)
-# <object_name>_max	=> maximum number of characters for data (def. inf.)
-# All of these entries are optional except for the first one.
-[ req_dn ]
-countryName			= Country Name (2 letter code)
-countryName_default		= AU
-
-stateOrProvinceName		= State or Province Name (full name)
-stateOrProvinceName_default	= Queensland
-
-localityName			= Locality Name (eg, city)
-
-organizationName		= Organization Name (eg, company)
-organizationName_default	= Mincom Pty Ltd
-
-organizationalUnitName		= Organizational Unit Name (eg, section)
-organizationalUnitName_default	= MTR
-
-commonName			= Common Name (eg, YOUR name)
-commonName_max			= 64
-
-emailAddress			= Email Address
-emailAddress_max		= 40
-
-# The next section is the attributes section.  This is exactly the
-# same as for the previous section except that the resulting objects are
-# put in the attributes field. 
-[ req_attr ]
-challengePassword		= A challenge password
-challengePassword_min		= 4
-challengePassword_max		= 20
-
-unstructuredName		= An optional company name
-
-----
-Also note that the order that attributes appear in this file is the
-order they will be put into the distinguished name.
-
-Once this request has been generated, it can be sent to a CA for
-certifying.
-
-----
-A few quick examples....
-
-To generate a new request and a new key
-req -new
-
-To generate a new request and a 1058 bit key
-req -newkey 1058
-
-To generate a new request using a pre-existing key
-req -new -key key.pem
-
-To generate a self signed x509 certificate from a certificate
-request using a supplied key, and we want to see the text form of the
-output certificate (which we will put in the file selfSign.pem
-req -x509 -in req.pem -key key.pem -text -out selfSign.pem
-
-Verify that the signature is correct on a certificate request.
-req -verify -in req.pem
-
-Verify that the signature was made using a specified public key.
-req -verify -in req.pem -key key.pem
-
-Print the contents of a certificate request
-req -text -in req.pem
diff --git a/doc/rsa.doc b/doc/rsa.doc
deleted file mode 100644
index f260452bc6..0000000000
--- a/doc/rsa.doc
+++ /dev/null
@@ -1,135 +0,0 @@
-The RSA encryption and utility routines.
-
-The RSA routines are built on top of a big number library (the BN library).
-There are support routines in the X509 library for loading and manipulating
-the various objects in the RSA library.  When errors are returned, read
-about the ERR library for how to access the error codes.
-
-All RSA encryption is done according to the PKCS-1 standard which is
-compatible with PEM and RSAref.  This means that any values being encrypted
-must be less than the size of the modulus in bytes, minus 10, bytes long.
-
-This library uses RAND_bytes()() for it's random data, make sure to feed
-RAND_seed() with lots of interesting and varied data before using these
-routines.
-
-The RSA library has one specific data type, the RSA structure.
-It is composed of 8 BIGNUM variables (see the BN library for details) and
-can hold either a private RSA key or a public RSA key.
-Some RSA libraries have different structures for public and private keys, I
-don't.  For my libraries, a public key is determined by the fact that the
-RSA->d value is NULL.  These routines will operate on any size RSA keys.
-While I'm sure 4096 bit keys are very very secure, they take a lot longer
-to process that 1024 bit keys :-).
-
-The function in the RSA library are as follows.
-
-RSA *RSA_new();
-	This function creates a new RSA object.  The sub-fields of the RSA
-	type are also malloced so you should always use this routine to
-	create RSA variables.
-	
-void RSA_free(
-RSA *rsa);
-	This function 'frees' an RSA structure.  This routine should always
-	be used to free the RSA structure since it will also 'free' any
-	sub-fields of the RSA type that need freeing.
-	
-int RSA_size(
-RSA *rsa);	
-	This function returns the size of the RSA modulus in bytes.  Why do
-	I need this you may ask, well the reason is that when you encrypt
-	with RSA, the output string will be the size of the RSA modulus.
-	So the output for the RSA_encrypt and the input for the RSA_decrypt
-	routines need to be RSA_size() bytes long, because this is how many
-	bytes are expected.
-	
-For the following 4 RSA encryption routines, it should be noted that
-RSA_private_decrypt() should be used on the output from 
-RSA_public_encrypt() and RSA_public_decrypt() should be used on
-the output from RSA_private_encrypt().
-	
-int RSA_public_encrypt(
-int from_len;
-unsigned char *from	
-unsigned char *to	
-RSA *rsa);
-	This function implements RSA public encryption, the rsa variable
-	should be a public key (but can be a private key).  'from_len'
-	bytes taken from 'from' and encrypted and put into 'to'.  'to' needs
-	to be at least RSA_size(rsa) bytes long.  The number of bytes
-	written into 'to' is returned.  -1 is returned on an error.  The
-	operation performed is
-	to = from^rsa->e mod rsa->n.
-	
-int RSA_private_encrypt(
-int from_len;
-unsigned char *from	
-unsigned char *to	
-RSA *rsa);
-	This function implements RSA private encryption, the rsa variable
-	should be a private key.  'from_len' bytes taken from
-	'from' and encrypted and put into 'to'.  'to' needs
-	to be at least RSA_size(rsa) bytes long.  The number of bytes
-	written into 'to' is returned.  -1 is returned on an error.  The
-	operation performed is
-	to = from^rsa->d mod rsa->n.
-
-int RSA_public_decrypt(
-int from_len;
-unsigned char *from	
-unsigned char *to	
-RSA *rsa);
-	This function implements RSA public decryption, the rsa variable
-	should be a public key (but can be a private key).  'from_len'
-	bytes are taken from 'from' and decrypted.  The decrypted data is
-	put into 'to'.  The number of bytes encrypted is returned.  -1 is
-	returned to indicate an error. The operation performed is
-	to = from^rsa->e mod rsa->n.
-
-int RSA_private_decrypt(
-int from_len;
-unsigned char *from	
-unsigned char *to	
-RSA *rsa);
-	This function implements RSA private decryption, the rsa variable
-	should be a private key.  'from_len' bytes are taken
-	from 'from' and decrypted.  The decrypted data is
-	put into 'to'.  The number of bytes encrypted is returned.  -1 is
-	returned to indicate an error. The operation performed is
-	to = from^rsa->d mod rsa->n.
-
-int RSA_mod_exp(
-BIGNUM *n;
-BIGNUM *p;
-RSA *rsa);
-	Normally you will never use this routine.
-	This is really an internal function which is called by
-	RSA_private_encrypt() and RSA_private_decrypt().  It performs
-	n=n^p mod rsa->n except that it uses the 5 extra variables in the
-	RSA structure to make this more efficient.
-	
-RSA *RSA_generate_key(
-int bits;
-unsigned long e;
-void (*callback)();
-char *cb_arg;
-	This routine is used to generate RSA private keys.  It takes
-	quite a period of time to run and should only be used to
-	generate initial private keys that should then be stored
-	for later use.  The passed callback function 
-	will be called periodically so that feedback can be given
-	as to how this function is progressing.
-	'bits' is the length desired for the modulus, so it would be 1024
-	to generate a 1024 bit private key.
-	'e' is the value to use for the public exponent 'e'.  Traditionally
-	it is set to either 3 or 0x10001.
-	The callback function (if not NULL) is called in the following
-	situations.
-	when we have generated a suspected prime number to test,
-	callback(0,num1++,cb_arg).  When it passes a prime number test,
-	callback(1,num2++,cb_arg).  When it is rejected as one of
-	the 2 primes required due to gcd(prime,e value) != 0,
-	callback(2,num3++,cb_arg).  When finally accepted as one
-	of the 2 primes, callback(3,num4++,cb_arg).
-
diff --git a/doc/rsaref.doc b/doc/rsaref.doc
deleted file mode 100644
index 0505b76f76..0000000000
--- a/doc/rsaref.doc
+++ /dev/null
@@ -1,35 +0,0 @@
-This package can be compiled to use the RSAref library.
-This library is not allowed outside of the USA but inside the USA it is
-claimed by RSA to be the only RSA public key library that can be used
-besides BSAFE..
-
-There are 2 files, rsaref/rsaref.c and rsaref/rsaref.h that contain the glue
-code to use RSAref.  These files were written by looking at the PGP
-source code and seeing which routines it used to access RSAref.
-I have also been sent by some-one a copy of the RSAref header file that
-contains the library error codes.
-
-[ Jun 1996 update - I have recently gotten hold of RSAref 2.0 from
-  South Africa and have been doing some performace tests. ]
-	
-They have now been tested against the recently announced RSAEURO
-library.
-
-There are 2 ways to use SSLeay and RSAref.  First, to build so that
-the programs must be linked with RSAref, add '-DRSAref' to CFLAG in the top
-level makefile and -lrsaref (or where ever you are keeping RSAref) to
-EX_LIBS.
-
-To build a makefile via util/mk1mf.pl to do this, use the 'rsaref' option.
-
-The second method is to build as per normal and link applications with
-the RSAglue library.  The correct library order would be
-cc -o cmd cmd.o -lssl -lRSAglue -lcrypto -lrsaref -ldes
-The RSAglue library is built in the rsa directory and is NOT
-automatically installed.
-
-Be warned that the RSAEURO library, that is claimed to be compatible
-with RSAref contains a different value for the maximum number of bits
-supported.  This changes structure sizes and so if you are using
-RSAEURO, change the value of RSAref_MAX_BITS in rsa/rsaref.h
-
diff --git a/doc/s_mult.doc b/doc/s_mult.doc
deleted file mode 100644
index 726085bc57..0000000000
--- a/doc/s_mult.doc
+++ /dev/null
@@ -1,17 +0,0 @@
-s_mult is a test program I hacked up on a Sunday for testing non-blocking
-IO.  It has a select loop at it's centre that handles multiple readers
-and writers.
-
-Try the following command
-ssleay s_mult -echo -nbio -ssl -v
-echo - sends any sent text back to the sender
-nbio - turns on non-blocking IO
-ssl  - accept SSL connections, default is normal text
-v    - print lots
-	type Q<cr> to quit
-
-In another window, run the following
-ssleay s_client -pause </etc/termcap
-
-The pause option puts in a 1 second pause in each read(2)/write(2) call
-so the other end will have read()s fail.
diff --git a/doc/session.doc b/doc/session.doc
deleted file mode 100644
index ffccb0306e..0000000000
--- a/doc/session.doc
+++ /dev/null
@@ -1,297 +0,0 @@
-I have just checked over and re-worked the session stuff.
-The following brief example will ignore all setup information to do with
-authentication.
-
-Things operate as follows.
-
-The SSL environment has a 'context', a SSL_CTX structure.  This holds the
-cached SSL_SESSIONS (which can be reused) and the certificate lookup
-information.  Each SSL structure needs to be associated with a SSL_CTX.
-Normally only one SSL_CTX structure is needed per program.
-
-SSL_CTX *SSL_CTX_new(void ); 
-void    SSL_CTX_free(SSL_CTX *);
-These 2 functions create and destroy SSL_CTX structures
-
-The SSL_CTX has a session_cache_mode which is by default,
-in SSL_SESS_CACHE_SERVER mode.  What this means is that the library
-will automatically add new session-id's to the cache apon sucsessful
-SSL_accept() calls.
-If SSL_SESS_CACHE_CLIENT is set, then client certificates are also added
-to the cache.
-SSL_set_session_cache_mode(ctx,mode)  will set the 'mode' and
-SSL_get_session_cache_mode(ctx) will get the cache 'mode'.
-The modes can be
-SSL_SESS_CACHE_OFF	- no caching
-SSL_SESS_CACHE_CLIENT	- only SSL_connect()
-SSL_SESS_CACHE_SERVER	- only SSL_accept()
-SSL_SESS_NO_CACHE_BOTH	- Either SSL_accept() or SSL_connect().
-If SSL_SESS_CACHE_NO_AUTO_CLEAR is set, old timed out sessions are
-not automatically removed each 255, SSL_connect()s or SSL_accept()s.
-
-By default, apon every 255 successful SSL_connect() or SSL_accept()s,
-the cache is flush.  Please note that this could be expensive on
-a heavily loaded SSL server, in which case, turn this off and
-clear the cache of old entries 'manually' (with one of the functions
-listed below) every few hours.  Perhaps I should up this number, it is hard
-to say.  Remember, the '255' new calls is just a mechanims to get called
-every now and then, in theory at most 255 new session-id's will have been
-added but if 100 are added every minute, you would still have
-500 in the cache before any would start being flushed (assuming a 3 minute
-timeout)..
-
-int SSL_CTX_sess_hits(SSL_CTX *ctx);
-int SSL_CTX_sess_misses(SSL_CTX *ctx);
-int SSL_CTX_sess_timeouts(SSL_CTX *ctx);
-These 3 functions return statistics about the SSL_CTX.  These 3 are the
-number of session id reuses.  hits is the number of reuses, misses are the
-number of lookups that failed, and timeouts is the number of cached
-entries ignored because they had timeouted.
-
-ctx->new_session_cb is a function pointer to a function of type
-int new_session_callback(SSL *ssl,SSL_SESSION *new);
-This function, if set in the SSL_CTX structure is called whenever a new
-SSL_SESSION is added to the cache.  If the callback returns non-zero, it
-means that the application will have to do a SSL_SESSION_free()
-on the structure (this is
-to do with the cache keeping the reference counts correct, without the
-application needing to know about it.
-The 'active' parameter is the current SSL session for which this connection
-was created.
-
-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,int (*cb)());
-to set the callback,
-int (*cb)() SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)
-to get the callback.
-
-If the 'get session' callback is set, when a session id is looked up and
-it is not in the session-id cache, this callback is called.  The callback is
-of the form
-SSL_SESSION *get_session_callback(unsigned char *sess_id,int sess_id_len,
-	int *copy);
-
-The get_session_callback is intended to return null if no session id is found.
-The reference count on the SSL_SESSION in incremented by the SSL library,
-if copy is 1.  Otherwise, the reference count is not modified.
-
-void SSL_CTX_sess_set_get_cb(ctx,cb) sets the callback and
-int (*cb)()SSL_CTX_sess_get_get_cb(ctx) returns the callback.
-
-These callbacks are basically indended to be used by processes to
-send their session-id's to other processes.  I currently have not implemented
-non-blocking semantics for these callbacks, it is upto the appication
-to make the callbacks effiecent if they require blocking (perhaps
-by 'saving' them and then 'posting them' when control returns from
-the SSL_accept().
-
-LHASH *SSL_CTX_sessions(SSL_CTX *ctx)
-This returns the session cache.  The lhash strucutre can be accessed for
-statistics about the cache.
-
-void lh_stats(LHASH *lh, FILE *out);
-void lh_node_stats(LHASH *lh, FILE *out);
-void lh_node_usage_stats(LHASH *lh, FILE *out);
-
-can be used to print details about it's activity and current state.
-You can also delve directly into the lhash structure for 14 different
-counters that are kept against the structure.  When I wrote the lhash library,
-I was interested in gathering statistics :-).
-Have a read of doc/lhash.doc in the SSLeay distribution area for more details
-on the lhash library.
-
-Now as mentioned ealier, when a SSL is created, it needs a SSL_CTX.
-SSL *   SSL_new(SSL_CTX *);
-
-This stores a session.  A session is secret information shared between 2
-SSL contexts.  It will only be created if both ends of the connection have
-authenticated their peer to their satisfaction.  It basically contains
-the information required to use a particular secret key cipher.
-
-To retrieve the SSL_CTX being used by a SSL,
-SSL_CTX *SSL_get_SSL_CTX(SSL *s);
-
-Now when a SSL session is established between to programs, the 'session'
-information that is cached in the SSL_CTX can me manipulated by the
-following functions.
-int SSL_set_session(SSL *s, SSL_SESSION *session);
-This will set the SSL_SESSION to use for the next SSL_connect().  If you use
-this function on an already 'open' established SSL connection, 'bad things
-will happen'.  This function is meaning-less when used on a ssl strucutre
-that is just about to be used in a SSL_accept() call since the
-SSL_accept() will either create a new session or retrieve one from the
-cache.
-
-SSL_SESSION *SSL_get_session(SSL *s);
-This will return the SSL_SESSION for the current SSL, NULL if there is
-no session associated with the SSL structure.
-
-The SSL sessions are kept in the SSL_CTX in a hash table, to remove a
-session
-void    SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
-and to add one
-int    SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
-SSL_CTX_add_session() returns 1 if the session was already in the cache (so it
-was not added).
-Whenever a new session is created via SSL_connect()/SSL_accept(),
-they are automatically added to the cache, depending on the session_cache_mode
-settings.  SSL_set_session()
-does not add it to the cache.  Just call SSL_CTX_add_session() if you do want the
-session added.  For a 'client' this would not normally be the case.
-SSL_CTX_add_session() is not normally ever used, except for doing 'evil' things
-which the next 2 funtions help you do.
-
-int     i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length);
-These 2 functions are in the standard ASN1 library form and can be used to
-load and save to a byte format, the SSL_SESSION structure.
-With these functions, you can save and read these structures to a files or
-arbitary byte string.
-The PEM_write_SSL_SESSION(fp,x) and PEM_read_SSL_SESSION(fp,x,cb) will
-write to a file pointer in base64 encoding.
-
-What you can do with this, is pass session information between separate
-processes.  Please note, that you will probably also need to modify the
-timeout information on the SSL_SESSIONs.
-
-long SSL_get_time(SSL_SESSION *s)
-will return the 'time' that the session
-was loaded.  The timeout is relative to this time.  This information is
-saved when the SSL_SESSION is converted to binarary but it is stored
-in as a unix long, which is rather OS dependant, but easy to convert back.
-
-long SSL_set_time(SSL_SESSION *s,long t) will set the above mentioned time.
-The time value is just the value returned from time(3), and should really
-be defined by be to be time_t.
-
-long SSL_get_timeout(SSL_SESSION *s);
-long SSL_set_timeout(SSL_SESSION *s,long t);
-These 2 retrieve and set the timeout which is just a number of secconds
-from the 'SSL_get_time()' value.  When this time period has elapesed,
-the session will no longer be in the cache (well it will actually be removed
-the next time it is attempted to be retrieved, so you could 'bump'
-the timeout so it remains valid).
-The 'time' and 'timeout' are set on a session when it is created, not reset
-each time it is reused.  If you did wish to 'bump it', just after establishing
-a connection, do a
-SSL_set_time(ssl,time(NULL));
-
-You can also use
-SSL_CTX_set_timeout(SSL_CTX *ctx,unsigned long t) and
-SSL_CTX_get_timeout(SSL_CTX *ctx) to manipulate the default timeouts for
-all SSL connections created against a SSL_CTX.  If you set a timeout in
-an SSL_CTX, all new SSL's created will inherit the timeout.  It can be over
-written by the SSL_set_timeout(SSL *s,unsigned long t) function call.
-If you 'set' the timeout back to 0, the system default will be used.
-
-SSL_SESSION *SSL_SESSION_new();
-void SSL_SESSION_free(SSL_SESSION *ses);
-These 2 functions are used to create and dispose of SSL_SESSION functions.
-You should not ever normally need to use them unless you are using 
-i2d_SSL_SESSION() and/or d2i_SSL_SESSION().  If you 'load' a SSL_SESSION
-via d2i_SSL_SESSION(), you will need to SSL_SESSION_free() it.
-Both SSL_set_session() and SSL_CTX_add_session() will 'take copies' of the
-structure (via reference counts) when it is passed to them.
-
-SSL_CTX_flush_sessions(ctx,time);
-The first function will clear all sessions from the cache, which have expired
-relative to 'time' (which could just be time(NULL)).
-
-SSL_CTX_flush_sessions(ctx,0);
-This is a special case that clears everything.
-
-As a final comment, a 'session' is not enough to establish a new
-connection.  If a session has timed out, a certificate and private key
-need to have been associated with the SSL structure.
-SSL_copy_session_id(SSL *to,SSL *from); will copy not only the session
-strucutre but also the private key and certificate associated with
-'from'.
-
-EXAMPLES.
-
-So lets play at being a wierd SSL server.
-
-/* setup a context */
-ctx=SSL_CTX_new();
-
-/* Lets load some session from binary into the cache, why one would do
- * this is not toally clear, but passing between programs does make sense
- * Perhaps you are using 4096 bit keys and are happy to keep them
- * valid for a week, to avoid the RSA overhead of 15 seconds, I'm not toally
- * sure, perhaps this is a process called from an SSL inetd and this is being 
- * passed to the application. */
-session=d2i_SSL_SESSION(....)
-SSL_CTX_add_session(ctx,session);
-
-/* Lets even add a session from a file */
-session=PEM_read_SSL_SESSION(....)
-SSL_CTX_add_session(ctx,session);
-
-/* create a new SSL structure */
-ssl=SSL_new(ctx);
-
-/* At this point we want to be able to 'create' new session if
- * required, so we need a certificate and RSAkey. */
-SSL_use_RSAPrivateKey_file(ssl,...)
-SSL_use_certificate_file(ssl,...)
-
-/* Now since we are a server, it make little sence to load a session against
- * the ssl strucutre since a SSL_accept() will either create a new session or
- * grab an existing one from the cache. */
-
-/* grab a socket descriptor */
-fd=accept(...);
-
-/* associated it with the ssl strucutre */
-SSL_set_fd(ssl,fd);
-
-SSL_accept(ssl); /* 'do' SSL using out cert and RSA key */
-
-/* Lets print out the session details or lets save it to a file,
- * perhaps with a secret key cipher, so that we can pass it to the FBI
- * when they want to decode the session :-).  While we have RSA
- * this does not matter much but when I do SSLv3, this will allow a mechanism
- * for the server/client to record the information needed to decode
- * the traffic that went over the wire, even when using Diffie-Hellman */
-PEM_write_SSL_SESSION(SSL_get_session(ssl),stdout,....)
-
-Lets 'connect' back to the caller using the same session id.
-
-ssl2=SSL_new(ctx);
-fd2=connect(them);
-SSL_set_fd(ssl2,fd2);
-SSL_set_session(ssl2,SSL_get_session(ssl));
-SSL_connect(ssl2);
-
-/* what the hell, lets accept no more connections using this session */
-SSL_CTX_remove_session(SSL_get_SSL_CTX(ssl),SSL_get_session(ssl));
-
-/* we could have just as easily used ssl2 since they both are using the
- * same session.
- * You will note that both ssl and ssl2 are still using the session, and
- * the SSL_SESSION structure will be free()ed when both ssl and ssl2
- * finish using the session.  Also note that you could continue to initiate
- * connections using this session by doing SSL_get_session(ssl) to get the
- * existing session, but SSL_accept() will not be able to find it to
- * use for incoming connections.
- * Of corse, the session will timeout at the far end and it will no
- * longer be accepted after a while.  The time and timeout are ignored except
- * by SSL_accept(). */
-
-/* Since we have had our server running for 10 weeks, and memory is getting
- * short, perhaps we should clear the session cache to remove those
- * 100000 session entries that have expired.  Some may consider this
- * a memory leak :-) */
-
-SSL_CTX_flush_sessions(ctx,time(NULL));
-
-/* Ok, after a bit more time we wish to flush all sessions from the cache
- * so that all new connections will be authenticated and incure the
- * public key operation overhead */
-
-SSL_CTX_flush_sessions(ctx,0);
-
-/* As a final note, to copy everything to do with a SSL, use */
-SSL_copy_session_id(SSL *to,SSL *from);
-/* as this also copies the certificate and RSA key so new session can
- * be established using the same details */
-
diff --git a/doc/sha.doc b/doc/sha.doc
deleted file mode 100644
index 895fa182ed..0000000000
--- a/doc/sha.doc
+++ /dev/null
@@ -1,52 +0,0 @@
-The SHA (Secure Hash Algorithm) library.
-SHA is a message digest algorithm that can be used to condense an arbitrary
-length message down to a 20 byte hash.  The functions all need to be passed
-a SHA_CTX which is used to hold the SHA context during multiple SHA_Update()
-function calls.  The normal method of use for this library is as follows
-This library contains both SHA and SHA-1 digest algorithms.  SHA-1 is
-an update to SHA (which should really be called SHA-0 now) which
-tweaks the algorithm slightly.  The SHA-1 algorithm is used by simply
-using SHA1_Init(), SHA1_Update(), SHA1_Final() and SHA1() instead of the
-SHA*() calls
-
-SHA_Init(...);
-SHA_Update(...);
-...
-SHA_Update(...);
-SHA_Final(...);
-
-This library requires the inclusion of 'sha.h'.
-
-The functions are as follows:
-
-void SHA_Init(
-SHA_CTX *c);
-	This function needs to be called to initiate a SHA_CTX structure for
-	use.
-	
-void SHA_Update(
-SHA_CTX *c;
-unsigned char *data;
-unsigned long len);
-	This updates the message digest context being generated with 'len'
-	bytes from the 'data' pointer.  The number of bytes can be any
-	length.
-
-void SHA_Final(
-unsigned char *md;
-SHA_CTX *c;
-	This function is called when a message digest of the data digested
-	with SHA_Update() is wanted.  The message digest is put in the 'md'
-	array and is SHA_DIGEST_LENGTH (20) bytes long.
-
-unsigned char *SHA(
-unsigned char *d;
-unsigned long n;
-unsigned char *md;
-	This function performs a SHA_Init(), followed by a SHA_Update()
-	followed by a SHA_Final() (using a local SHA_CTX).
-	The resulting digest is put into 'md' if it is not NULL.
-	Regardless of the value of 'md', the message
-	digest is returned from the function.  If 'md' was NULL, the message
-	digest returned is being stored in a static structure.
-	
diff --git a/doc/speed.doc b/doc/speed.doc
deleted file mode 100644
index 11dfa85f08..0000000000
--- a/doc/speed.doc
+++ /dev/null
@@ -1,96 +0,0 @@
-To get an idea of the performance of this library, use
-ssleay speed
-
-perl util/sp-diff.pl file1 file2
-
-will print out the relative differences between the 2 files which are
-expected to be the output from the speed program.
-
-The performace of the library is very dependant on the Compiler
-quality and various flags used to build.
-
----
-
-These are some numbers I did comparing RSAref and SSLeay on a Pentium 100.
-[ These numbers are all out of date, as of SSL - 0.6.1 the RSA
-operations are about 2 times faster, so check the version number ]
-
-RSA performance.
-
-SSLeay 0.6.0
-Pentium 100, 32meg, Windows NT Workstation 3.51
-linux - gcc v 2.7.0 -O3 -fomit-frame-pointer -m486
-and
-Windows NT  - Windows NT 3.51 - Visual C++ 4.1   - 586 code + 32bit assember
-Windows 3.1 - Windows NT 3.51 - Visual C++ 1.52c - 286 code + 32bit assember
-NT Dos Shell- Windows NT 3.51 - Visual C++ 1.52c - 286 code + 16bit assember
-
-Times are how long it takes to do an RSA private key operation.
-
-	       512bits 1024bits
--------------------------------
-SSLeay NT dll	0.042s   0.202s see above
-SSLeay linux	0.046s   0.218s	Assember inner loops (normal build) 
-SSLeay linux	0.067s   0.380s Pure C code with BN_LLONG defined
-SSLeay W3.1 dll	0.108s 	 0.478s see above
-SSLeay linux	0.109s   0.713s C without BN_LLONG.
-RSAref2.0 linux	0.149s   0.936s
-SSLeay MS-DOS	0.197s   1.049s see above
-
-486DX66, 32meg, Windows NT Server 3.51
-	       512bits 1024bits
--------------------------------
-SSLeay NT dll   0.084s	 0.495s	<- SSLeay 0.6.3
-SSLeay NT dll   0.154s   0.882s
-SSLeay W3.1 dll 0.335s   1.538s
-SSLeay MS-DOS	0.490s   2.790s
-
-What I find cute is that I'm still faster than RSAref when using standard C,
-without using the 'long long' data type :-), %35 faster for 512bit and we
-scale up to 3.2 times faster for the 'default linux' build.  I should mention
-that people should 'try' to use either x86-lnx.s (elf), x86-lnxa.s or
-x86-sol.s for any x86 based unix they are building on.  The only problems
-with be with syntax but the performance gain is quite large, especially for
-servers.  The code is very simple, you just need to modify the 'header'.
-
-The message is, if you are stuck using RSAref, the RSA performance will be
-bad. Considering the code was compiled for a pentium, the 486DX66 number
-would indicate 'Use RSAref and turn you Pentium 100 into a 486DX66' :-). 
-[ As of verson 0.6.1, it would be correct to say 'turn you pentium 100
- into a 486DX33' :-) ]
-
-I won't tell people if the DLL's are using RSAref or my stuff if no-one
-asks :-).
-
-eric
-
-PS while I know I could speed things up further, I will probably not do
-   so due to the effort involved.  I did do some timings on the
-   SSLeay bignum format -> RSAref number format conversion that occurs
-   each time RSAref is used by SSLeay, and the numbers are trivial.
-   0.00012s a call for 512bit vs 0.149s for the time spent in the function.
-   0.00018s for 1024bit vs 0.938s.  Insignificant.
-   So the 'way to go', to support faster RSA libraries, if people are keen,
-   is to write 'glue' code in a similar way that I do for RSAref and send it
-   to me :-).
-   My base library still has the advantage of being able to operate on 
-   any size numbers, and is not that far from the performance from the
-   leaders in the field. (-%30?)
-   [ Well as of 0.6.1 I am now the leader in the filed on x86 (we at
-     least very close :-) ]
-
-   I suppose I should also mention some other numbers RSAref numbers, again
-   on my Pentium.
-		DES CBC		EDE-DES		MD5
-   RSAref linux	 830k/s		 302k/s		4390k/s
-   SSLeay linux  855k/s          319k/s        10025k/s
-   SSLeay NT	1158k/s		 410k/s	       10470k/s
-   SSLeay w31	 378k/s		 143k/s         2383k/s (fully 16bit)
-
-   Got to admit that Visual C++ 4.[01] is a damn fine compiler :-)
---
-Eric Young                  | BOOL is tri-state according to Bill Gates.
-AARNet: eay@cryptsoft.com   | RTFM Win32 GetMessage().
-
-
-
diff --git a/doc/ssl-ciph.doc b/doc/ssl-ciph.doc
deleted file mode 100644
index 33a7e41f0e..0000000000
--- a/doc/ssl-ciph.doc
+++ /dev/null
@@ -1,84 +0,0 @@
-This is a quick high level summery of how things work now.
-
-Each SSLv2 and SSLv3 cipher is composed of 4 major attributes plus a few extra
-minor ones.
-
-They are 'The key exchange algorithm', which is RSA for SSLv2 but can also
-be Diffle-Hellman for SSLv3.
-
-An 'Authenticion algorithm', which can be RSA, Diffle-Helman, DSS or
-none.
-
-The cipher
-
-The MAC digest.
-
-A cipher can also be an export cipher and is either an SSLv2 or a
-SSLv3 ciphers.
-
-To specify which ciphers to use, one can either specify all the ciphers,
-one at a time, or use 'aliases' to specify the preference and order for
-the ciphers.
-
-There are a large number of aliases, but the most importaint are
-kRSA, kDHr, kDHd and kEDH for key exchange types.
-
-aRSA, aDSS, aNULL and aDH for authentication
-DES, 3DES, RC4, RC2, IDEA and eNULL for ciphers
-MD5, SHA0 and SHA1 digests
-
-Now where this becomes interesting is that these can be put together to
-specify the order and ciphers you wish to use.
-
-To speed this up there are also aliases for certian groups of ciphers.
-The main ones are
-SSLv2	- all SSLv2 ciphers
-SSLv3	- all SSLv3 ciphers
-EXP	- all export ciphers
-LOW	- all low strngth ciphers (no export ciphers, normally single DES)
-MEDIUM	- 128 bit encryption
-HIGH	- Triple DES
-
-These aliases can be joined in a : separated list which specifies to
-add ciphers, move them to the current location and delete them.
-
-A simpler way to look at all of this is to use the 'ssleay ciphers -v' command.
-The default library cipher spec is
-!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP
-which means, first, remove from consideration any ciphers that do not
-authenticate.  Next up, use ciphers using RC4 and RSA.  Next include the HIGH,
-MEDIUM and the LOW security ciphers.  Finish up by adding all the export
-ciphers on the end, then 'pull' all the SSLv2 and export ciphers to
-the end of the list.
-
-The results are
-$ ssleay ciphers -v '!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP'
-
-RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
-RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
-EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
-EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
-DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
-IDEA-CBC-MD5            SSLv3 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=SHA1
-EDH-RSA-DES-CBC-SHA     SSLv3 Kx=DH       Au=RSA  Enc=DES(56)   Mac=SHA1
-EDH-DSS-DES-CBC-SHA     SSLv3 Kx=DH       Au=DSS  Enc=DES(56)   Mac=SHA1
-DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1
-DES-CBC3-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=MD5 
-DES-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=MD5 
-IDEA-CBC-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=MD5 
-RC2-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=RC2(128)  Mac=MD5 
-RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
-EXP-EDH-RSA-DES-CBC     SSLv3 Kx=DH(512)  Au=RSA  Enc=DES(40)   Mac=SHA1 export
-EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=DSS  Enc=DES(40)   Mac=SHA1 export
-EXP-DES-CBC-SHA         SSLv3 Kx=RSA(512) Au=RSA  Enc=DES(40)   Mac=SHA1 export
-EXP-RC2-CBC-MD5         SSLv3 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
-EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
-EXP-RC2-CBC-MD5         SSLv2 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
-EXP-RC4-MD5             SSLv2 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
-
-I would recoment people use the 'ssleay ciphers -v "text"'
-command to check what they are going to use.
-
-Anyway, I'm falling asleep here so I'll do some more tomorrow.
-
-eric
diff --git a/doc/ssl.doc b/doc/ssl.doc
deleted file mode 100644
index 1f89cd5db2..0000000000
--- a/doc/ssl.doc
+++ /dev/null
@@ -1,172 +0,0 @@
-SSL_CTX_sessions(SSL_CTX *ctx) - the session-id hash table.
-
-/* Session-id cache stats */
-SSL_CTX_sess_number
-SSL_CTX_sess_connect
-SSL_CTX_sess_connect_good
-SSL_CTX_sess_accept
-SSL_CTX_sess_accept_good
-SSL_CTX_sess_hits
-SSL_CTX_sess_cb_hits
-SSL_CTX_sess_misses
-SSL_CTX_sess_timeouts
-
-/* Session-id application notification callbacks */
-SSL_CTX_sess_set_new_cb
-SSL_CTX_sess_get_new_cb
-SSL_CTX_sess_set_get_cb
-SSL_CTX_sess_get_get_cb
-
-/* Session-id cache operation mode */
-SSL_CTX_set_session_cache_mode
-SSL_CTX_get_session_cache_mode
-
-/* Set default timeout values to use. */
-SSL_CTX_set_timeout
-SSL_CTX_get_timeout
-
-/* Global  SSL initalisation informational callback */
-SSL_CTX_set_info_callback
-SSL_CTX_get_info_callback
-SSL_set_info_callback
-SSL_get_info_callback
-
-/* If the SSL_accept/SSL_connect returned with -1, these indicate when
- * we should re-call *.
-SSL_want
-SSL_want_nothing
-SSL_want_read
-SSL_want_write
-SSL_want_x509_lookup
-
-/* Where we are in SSL initalisation, used in non-blocking, perhaps
- * have a look at ssl/bio_ssl.c */
-SSL_state
-SSL_is_init_finished
-SSL_in_init
-SSL_in_connect_init
-SSL_in_accept_init
-
-/* Used to set the 'inital' state so SSL_in_connect_init and SSL_in_accept_init
- * can be used to work out which function to call. */
-SSL_set_connect_state
-SSL_set_accept_state
-
-/* Where to look for certificates for authentication */
-SSL_set_default_verify_paths /* calles SSL_load_verify_locations */
-SSL_load_verify_locations
-
-/* get info from an established connection */
-SSL_get_session
-SSL_get_certificate
-SSL_get_SSL_CTX
-
-SSL_CTX_new
-SSL_CTX_free
-SSL_new
-SSL_clear
-SSL_free
-
-SSL_CTX_set_cipher_list
-SSL_get_cipher
-SSL_set_cipher_list
-SSL_get_cipher_list
-SSL_get_shared_ciphers
-
-SSL_accept
-SSL_connect
-SSL_read
-SSL_write
-
-SSL_debug
-
-SSL_get_read_ahead
-SSL_set_read_ahead
-SSL_set_verify
-
-SSL_pending
-
-SSL_set_fd
-SSL_set_rfd
-SSL_set_wfd
-SSL_set_bio
-SSL_get_fd
-SSL_get_rbio
-SSL_get_wbio
-
-SSL_use_RSAPrivateKey
-SSL_use_RSAPrivateKey_ASN1
-SSL_use_RSAPrivateKey_file
-SSL_use_PrivateKey
-SSL_use_PrivateKey_ASN1
-SSL_use_PrivateKey_file
-SSL_use_certificate
-SSL_use_certificate_ASN1
-SSL_use_certificate_file
-
-ERR_load_SSL_strings
-SSL_load_error_strings
-
-/* human readable version of the 'state' of the SSL connection. */
-SSL_state_string
-SSL_state_string_long
-/* These 2 report what kind of IO operation the library was trying to
- * perform last.  Probably not very usefull. */
-SSL_rstate_string
-SSL_rstate_string_long
-
-SSL_get_peer_certificate
-
-SSL_SESSION_new
-SSL_SESSION_print_fp
-SSL_SESSION_print
-SSL_SESSION_free
-i2d_SSL_SESSION
-d2i_SSL_SESSION
-
-SSL_get_time
-SSL_set_time
-SSL_get_timeout
-SSL_set_timeout
-SSL_copy_session_id
-SSL_set_session
-SSL_CTX_add_session
-SSL_CTX_remove_session
-SSL_CTX_flush_sessions
-
-BIO_f_ssl
-
-/* used to hold information as to why a certificate verification failed */
-SSL_set_verify_result
-SSL_get_verify_result
-
-/* can be used by the application to associate data with an SSL structure.
- * It needs to be 'free()ed' by the application */
-SSL_set_app_data
-SSL_get_app_data
-
-/* The following all set values that are kept in the SSL_CTX but
- * are used as the default values when an SSL session is created.
- * They are over writen by the relevent SSL_xxxx functions */
-
-/* SSL_set_verify */
-void SSL_CTX_set_default_verify
-
-/* This callback, if set, totaly overrides the normal SSLeay verification
- * functions and should return 1 on sucesss and 0 on failure */
-void SSL_CTX_set_cert_verify_callback
-
-/* The following are the same as the equivilent SSL_xxx functions.
- * Only one copy of this information is kept and if a particular
- * SSL structure has a local override, it is totally separate structure.
- */
-int SSL_CTX_use_RSAPrivateKey
-int SSL_CTX_use_RSAPrivateKey_ASN1
-int SSL_CTX_use_RSAPrivateKey_file
-int SSL_CTX_use_PrivateKey
-int SSL_CTX_use_PrivateKey_ASN1
-int SSL_CTX_use_PrivateKey_file
-int SSL_CTX_use_certificate
-int SSL_CTX_use_certificate_ASN1
-int SSL_CTX_use_certificate_file
-
diff --git a/doc/ssl/SSL_CIPHER_get_name.pod b/doc/ssl/SSL_CIPHER_get_name.pod
new file mode 100644
index 0000000000..4b91c63ba0
--- /dev/null
+++ b/doc/ssl/SSL_CIPHER_get_name.pod
@@ -0,0 +1,112 @@
+=pod
+
+=head1 NAME
+
+SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description - get SSL_CIPHER properties
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ const char *SSL_CIPHER_get_name(SSL_CIPHER *cipher);
+ int SSL_CIPHER_get_bits(SSL_CIPHER *cipher, int *alg_bits);
+ char *SSL_CIPHER_get_version(SSL_CIPHER *cipher);
+ char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int size);
+
+=head1 DESCRIPTION
+
+SSL_CIPHER_get_name() returns a pointer to the name of B<cipher>. If the
+argument is the NULL pointer, a pointer to the constant value "NONE" is
+returned.
+
+SSL_CIPHER_get_bits() returns the number of secret bits used for B<cipher>. If
+B<alg_bits> is not NULL, it contains the number of bits processed by the
+chosen algorithm. If B<cipher> is NULL, 0 is returned.
+
+SSL_CIPHER_get_version() returns the protocol version for B<cipher>, currently
+"SSLv2", "SSLv3", or "TLSv1". If B<cipher> is NULL, "(NONE)" is returned.
+
+SSL_CIPHER_description() returns a textual description of the cipher used
+into the buffer B<buf> of length B<len> provided. B<len> must be at least
+128 bytes, otherwise a pointer to the the string "Buffer too small" is
+returned. If B<buf> is NULL, a buffer of 128 bytes is allocated using
+OPENSSL_malloc(). If the allocation fails, a pointer to the string
+"OPENSSL_malloc Error" is returned.
+
+=head1 NOTES
+
+The number of bits processed can be different from the secret bits. An
+export cipher like e.g. EXP-RC4-MD5 has only 40 secret bits. The algorithm
+does use the full 128 bits (which would be returned for B<alg_bits>), of
+which however 88bits are fixed. The search space is hence only 40 bits.
+
+The string returned by SSL_CIPHER_description() in case of success consists
+of cleartext information separated by one or more blanks in the following
+sequence:
+
+=over 4
+
+=item <ciphername>
+
+Textual representation of the cipher name.
+
+=item <protocol version>
+
+Protocol version: B<SSLv2>, B<SSLv3>. The TLSv1 ciphers are flagged with SSLv3.
+
+=item Kx=<key exchange>
+
+Key exchange method: B<RSA> (for export ciphers as B<RSA(512)> or
+B<RSA(1024)>), B<DH> (for export ciphers as B<DH(512)> or B<DH(1024)>),
+B<DH/RSA>, B<DH/DSS>, B<Fortezza>.
+
+=item Au=<authentication>
+
+Authentication method: B<RSA>, B<DSS>, B<DH>, B<None>. None is the
+representation of anonymous ciphers.
+
+=item Enc=<symmetric encryption method>
+
+Encryption method with number of secret bits: B<DES(40)>, B<DES(56)>,
+B<3DES(168)>, B<RC4(40)>, B<RC4(56)>, B<RC4(64)>, B<RC4(128)>,
+B<RC2(40)>, B<RC2(56)>, B<RC2(128)>, B<IDEA(128)>, B<Fortezza>, B<None>.
+
+=item Mac=<message authentication code>
+
+Message digest: B<MD5>, B<SHA1>.
+
+=item <export flag>
+
+If the cipher is flagged exportable with respect to old US crypto
+regulations, the word "B<export>" is printed.
+
+=back
+
+=head1 EXAMPLES
+
+Some examples for the output of SSL_CIPHER_description():
+
+ EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
+ EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
+ RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
+ EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
+
+=head1 BUGS
+
+If SSL_CIPHER_description() is called with B<cipher> being NULL, the
+library crashes.
+
+If SSL_CIPHER_description() cannot handle a built-in cipher, the according
+description of the cipher property is B<unknown>. This case should not
+occur.
+
+=head1 RETURN VALUES
+
+See DESCRIPTION
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_get_current_cipher(3)|SSL_get_current_cipher(3)>,
+L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>, L<ciphers(1)|ciphers(1)>
+
+=cut
diff --git a/doc/ssl/SSL_COMP_add_compression_method.pod b/doc/ssl/SSL_COMP_add_compression_method.pod
new file mode 100644
index 0000000000..2a98739114
--- /dev/null
+++ b/doc/ssl/SSL_COMP_add_compression_method.pod
@@ -0,0 +1,70 @@
+=pod
+
+=head1 NAME
+
+SSL_COMP_add_compression_method - handle SSL/TLS integrated compression methods
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
+
+=head1 DESCRIPTION
+
+SSL_COMP_add_compression_method() adds the compression method B<cm> with
+the identifier B<id> to the list of available compression methods. This
+list is globally maintained for all SSL operations within this application.
+It cannot be set for specific SSL_CTX or SSL objects.
+
+=head1 NOTES
+
+The TLS standard (or SSLv3) allows the integration of compression methods
+into the communication. The TLS RFC does however not specify compression
+methods or their corresponding identifiers, so there is currently no compatible
+way to integrate compression with unknown peers. It is therefore currently not
+recommended to integrate compression into applications. Applications for
+non-public use may agree on certain compression methods. Using different
+compression methods with the same identifier will lead to connection failure.
+
+An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1)
+will unconditionally send the list of all compression methods enabled with
+SSL_COMP_add_compression_method() to the server during the handshake.
+Unlike the mechanisms to set a cipher list, there is no method available to
+restrict the list of compression method on a per connection basis.
+
+An OpenSSL server will match the identifiers listed by a client against
+its own compression methods and will unconditionally activate compression
+when a matching identifier is found. There is no way to restrict the list
+of compression methods supported on a per connection basis.
+
+The OpenSSL library has the compression methods B<COMP_rle()> and (when
+especially enabled during compilation) B<COMP_zlib()> available.
+
+=head1 WARNINGS
+
+Once the identities of the compression methods for the TLS protocol have
+been standardized, the compression API will most likely be changed. Using
+it in the current state is not recommended.
+
+=head1 RETURN VALUES
+
+SSL_COMP_add_compression_method() may return the following values:
+
+=over 4
+
+=item 1
+
+The operation succeeded.
+
+=item 0
+
+The operation failed. Check the error queue to find out the reason.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_add_extra_chain_cert.pod b/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
new file mode 100644
index 0000000000..ee28f5ccc3
--- /dev/null
+++ b/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
@@ -0,0 +1,39 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_add_extra_chain_cert - add certificate to chain
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 *x509)
+
+=head1 DESCRIPTION
+
+SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the certificate
+chain presented together with the certificate. Several certificates
+can be added one after the other.
+
+=head1 NOTES
+
+When constructing the certificate chain, the chain will be formed from
+these certificates explicitly specified. If no chain is specified,
+the library will try to complete the chain from the available CA
+certificates in the trusted CA storage, see
+L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.
+
+=head1 RETURN VALUES
+
+SSL_CTX_add_extra_chain_cert() returns 1 on success. Check out the
+error stack to find out the reason for failure otherwise.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>,
+L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
+L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>,
+L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_add_session.pod b/doc/ssl/SSL_CTX_add_session.pod
new file mode 100644
index 0000000000..82676b26b2
--- /dev/null
+++ b/doc/ssl/SSL_CTX_add_session.pod
@@ -0,0 +1,73 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session - manipulate session cache
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c);
+ int SSL_add_session(SSL_CTX *ctx, SSL_SESSION *c);
+
+ int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c);
+ int SSL_remove_session(SSL_CTX *ctx, SSL_SESSION *c);
+
+=head1 DESCRIPTION
+
+SSL_CTX_add_session() adds the session B<c> to the context B<ctx>. The
+reference count for session B<c> is incremented by 1. If a session with
+the same session id already exists, the old session is removed by calling
+L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>.
+
+SSL_CTX_remove_session() removes the session B<c> from the context B<ctx>.
+L<SSL_SESSION_free(3)|SSL_SESSION_free(3)> is called once for B<c>.
+
+SSL_add_session() and SSL_remove_session() are synonyms for their
+SSL_CTX_*() counterparts.
+
+=head1 NOTES
+
+When adding a new session to the internal session cache, it is examined
+whether a session with the same session id already exists. In this case
+it is assumed that both sessions are identical. If the same session is
+stored in a different SSL_SESSION object, The old session is
+removed and replaced by the new session. If the session is actually
+identical (the SSL_SESSION object is identical), SSL_CTX_add_session()
+is a no-op, and the return value is 0.
+
+If a server SSL_CTX is configured with the SSL_SESS_CACHE_NO_INTERNAL_STORE
+flag then the internal cache will not be populated automatically by new
+sessions negotiated by the SSL/TLS implementation, even though the internal
+cache will be searched automatically for session-resume requests (the
+latter can be surpressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the
+application can use SSL_CTX_add_session() directly to have full control
+over the sessions that can be resumed if desired.
+
+
+=head1 RETURN VALUES
+
+The following values are returned by all functions:
+
+=over 4
+
+=item 0
+
+ The operation failed. In case of the add operation, it was tried to add
+ the same (identical) session twice. In case of the remove operation, the
+ session was not found in the cache.
+
+=item 1
+ 
+ The operation succeeded.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>,
+L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_ctrl.pod b/doc/ssl/SSL_CTX_ctrl.pod
new file mode 100644
index 0000000000..fb6adcf50c
--- /dev/null
+++ b/doc/ssl/SSL_CTX_ctrl.pod
@@ -0,0 +1,34 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl - internal handling functions for SSL_CTX and SSL objects
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
+ long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)());
+
+ long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
+ long SSL_callback_ctrl(SSL *, int cmd, void (*fp)());
+
+=head1 DESCRIPTION
+
+The SSL_*_ctrl() family of functions is used to manipulate settings of
+the SSL_CTX and SSL objects. Depending on the command B<cmd> the arguments
+B<larg>, B<parg>, or B<fp> are evaluated. These functions should never
+be called directly. All functionalities needed are made available via
+other functions or macros.
+
+=head1 RETURN VALUES
+
+The return values of the SSL*_ctrl() functions depend on the command
+supplied via the B<cmd> parameter.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_flush_sessions.pod b/doc/ssl/SSL_CTX_flush_sessions.pod
new file mode 100644
index 0000000000..148c36c871
--- /dev/null
+++ b/doc/ssl/SSL_CTX_flush_sessions.pod
@@ -0,0 +1,49 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_flush_sessions, SSL_flush_sessions - remove expired sessions
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
+ void SSL_flush_sessions(SSL_CTX *ctx, long tm);
+
+=head1 DESCRIPTION
+
+SSL_CTX_flush_sessions() causes a run through the session cache of
+B<ctx> to remove sessions expired at time B<tm>.
+
+SSL_flush_sessions() is a synonym for SSL_CTX_flush_sessions().
+
+=head1 NOTES
+
+If enabled, the internal session cache will collect all sessions established
+up to the specified maximum number (see SSL_CTX_sess_set_cache_size()).
+As sessions will not be reused ones they are expired, they should be
+removed from the cache to save resources. This can either be done
+ automatically whenever 255 new sessions were established (see
+L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>)
+or manually by calling SSL_CTX_flush_sessions(). 
+
+The parameter B<tm> specifies the time which should be used for the
+expiration test, in most cases the actual time given by time(0)
+will be used.
+
+SSL_CTX_flush_sessions() will only check sessions stored in the internal
+cache. When a session is found and removed, the remove_session_cb is however
+called to synchronize with the external cache (see
+L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>).
+
+=head1 RETURN VALUES
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>,
+L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
+L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_free.pod b/doc/ssl/SSL_CTX_free.pod
new file mode 100644
index 0000000000..55e592f5f8
--- /dev/null
+++ b/doc/ssl/SSL_CTX_free.pod
@@ -0,0 +1,31 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_free - free an allocated SSL_CTX object
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_free(SSL_CTX *ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_free() decrements the reference count of B<ctx>, and removes the
+SSL_CTX object pointed to by B<ctx> and frees up the allocated memory if the
+the reference count has reached 0.
+
+It also calls the free()ing procedures for indirectly affected items, if
+applicable: the session cache, the list of ciphers, the list of Client CAs,
+the certificates and keys.
+
+=head1 RETURN VALUES
+
+SSL_CTX_free() does not provide diagnostic information.
+
+=head1 SEE ALSO
+
+L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_get_ex_new_index.pod b/doc/ssl/SSL_CTX_get_ex_new_index.pod
new file mode 100644
index 0000000000..5686faf299
--- /dev/null
+++ b/doc/ssl/SSL_CTX_get_ex_new_index.pod
@@ -0,0 +1,53 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data - internal application specific data functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_get_ex_new_index(long argl, void *argp,
+                CRYPTO_EX_new *new_func,
+                CRYPTO_EX_dup *dup_func,
+                CRYPTO_EX_free *free_func);
+
+ int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *arg);
+
+ void *SSL_CTX_get_ex_data(SSL_CTX *ctx, int idx);
+
+ typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                int idx, long argl, void *argp);
+ typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                int idx, long argl, void *argp);
+ typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
+                int idx, long argl, void *argp);
+
+=head1 DESCRIPTION
+
+Several OpenSSL structures can have application specific data attached to them.
+These functions are used internally by OpenSSL to manipulate application
+specific data attached to a specific structure.
+
+SSL_CTX_get_ex_new_index() is used to register a new index for application
+specific data.
+
+SSL_CTX_set_ex_data() is used to store application data at B<arg> for B<idx>
+into the B<ctx> object.
+
+SSL_CTX_get_ex_data() is used to retrieve the information for B<idx> from
+B<ctx>.
+
+A detailed description for the B<*_get_ex_new_index()> functionality
+can be found in L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>.
+The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
+L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>,
+L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
+L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_get_verify_mode.pod b/doc/ssl/SSL_CTX_get_verify_mode.pod
new file mode 100644
index 0000000000..7f10c6e945
--- /dev/null
+++ b/doc/ssl/SSL_CTX_get_verify_mode.pod
@@ -0,0 +1,50 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback - get currently set verification parameters
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_get_verify_mode(SSL_CTX *ctx);
+ int SSL_get_verify_mode(SSL *ssl);
+ int SSL_CTX_get_verify_depth(SSL_CTX *ctx);
+ int SSL_get_verify_depth(SSL *ssl);
+ int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int, X509_STORE_CTX *);
+ int (*SSL_get_verify_callback(SSL *ssl))(int, X509_STORE_CTX *);
+
+=head1 DESCRIPTION
+
+SSL_CTX_get_verify_mode() returns the verification mode currently set in
+B<ctx>.
+
+SSL_get_verify_mode() returns the verification mode currently set in
+B<ssl>.
+
+SSL_CTX_get_verify_depth() returns the verification depth limit currently set
+in B<ctx>. If no limit has been explicitly set, -1 is returned and the
+default value will be used.
+
+SSL_get_verify_depth() returns the verification depth limit currently set
+in B<ssl>. If no limit has been explicitly set, -1 is returned and the
+default value will be used.
+
+SSL_CTX_get_verify_callback() returns a function pointer to the verification
+callback currently set in B<ctx>. If no callback was explicitly set, the
+NULL pointer is returned and the default callback will be used.
+
+SSL_get_verify_callback() returns a function pointer to the verification
+callback currently set in B<ssl>. If no callback was explicitly set, the
+NULL pointer is returned and the default callback will be used.
+
+=head1 RETURN VALUES
+
+See DESCRIPTION
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_load_verify_locations.pod b/doc/ssl/SSL_CTX_load_verify_locations.pod
new file mode 100644
index 0000000000..84a799fc71
--- /dev/null
+++ b/doc/ssl/SSL_CTX_load_verify_locations.pod
@@ -0,0 +1,124 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_load_verify_locations - set default locations for trusted CA
+certificates
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                   const char *CApath);
+
+=head1 DESCRIPTION
+
+SSL_CTX_load_verify_locations() specifies the locations for B<ctx>, at
+which CA certificates for verification purposes are located. The certificates
+available via B<CAfile> and B<CApath> are trusted.
+
+=head1 NOTES
+
+If B<CAfile> is not NULL, it points to a file of CA certificates in PEM
+format. The file can contain several CA certificates identified by
+
+ -----BEGIN CERTIFICATE-----
+ ... (CA certificate in base64 encoding) ...
+ -----END CERTIFICATE-----
+
+sequences. Before, between, and after the certificates text is allowed
+which can be used e.g. for descriptions of the certificates.
+
+The B<CAfile> is processed on execution of the SSL_CTX_load_verify_locations()
+function.
+
+If B<CApath> is not NULL, it points to a directory containing CA certificates
+in PEM format. The files each contain one CA certificate. The files are
+looked up by the CA subject name hash value, which must hence be available.
+If more than one CA certificate with the same name hash value exist, the
+extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search
+is performed in the ordering of the extension number, regardless of other
+properties of the certificates.
+Use the B<c_rehash> utility to create the necessary links.
+
+The certificates in B<CApath> are only looked up when required, e.g. when
+building the certificate chain or when actually performing the verification
+of a peer certificate.
+
+When looking up CA certificates, the OpenSSL library will first search the
+certificates in B<CAfile>, then those in B<CApath>. Certificate matching
+is done based on the subject name, the key identifier (if present), and the
+serial number as taken from the certificate to be verified. If these data
+do not match, the next certificate will be tried. If a first certificate
+matching the parameters is found, the verification process will be performed;
+no other certificates for the same parameters will be searched in case of
+failure.
+
+In server mode, when requesting a client certificate, the server must send
+the list of CAs of which it will accept client certificates. This list
+is not influenced by the contents of B<CAfile> or B<CApath> and must
+explicitly be set using the
+L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>
+family of functions.
+
+When building its own certificate chain, an OpenSSL client/server will
+try to fill in missing certificates from B<CAfile>/B<CApath>, if the
+certificate chain was not explicitly specified (see
+L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
+L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>.
+
+=head1 WARNINGS
+
+If several CA certificates matching the name, key identifier, and serial
+number condition are available, only the first one will be examined. This
+may lead to unexpected results if the same CA certificate is available
+with different expiration dates. If a "certificate expired" verification
+error occurs, no other certificate will be searched. Make sure to not
+have expired certificates mixed with valid ones.
+
+=head1 EXAMPLES
+
+Generate a CA certificate file with descriptive text from the CA certificates
+ca1.pem ca2.pem ca3.pem:
+
+ #!/bin/sh
+ rm CAfile.pem
+ for i in ca1.pem ca2.pem ca3.pem ; do
+   openssl x509 -in $i -text >> CAfile.pem
+ done
+
+Prepare the directory /some/where/certs containing several CA certificates
+for use as B<CApath>:
+
+ cd /some/where/certs
+ c_rehash .
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item 0
+
+The operation failed because B<CAfile> and B<CApath> are NULL or the
+processing at one of the locations specified failed. Check the error
+stack to find out the reason.
+
+=item 1
+
+The operation succeeded.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>,
+L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
+L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
+L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
+L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
+L<SSL_CTX_set_cert_store(3)|SSL_CTX_set_cert_store(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod
new file mode 100644
index 0000000000..465220a75c
--- /dev/null
+++ b/doc/ssl/SSL_CTX_new.pod
@@ -0,0 +1,94 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ SSL_CTX *SSL_CTX_new(SSL_METHOD *method);
+
+=head1 DESCRIPTION
+
+SSL_CTX_new() creates a new B<SSL_CTX> object as framework to establish
+TLS/SSL enabled connections.
+
+=head1 NOTES
+
+The SSL_CTX object uses B<method> as connection method. The methods exist
+in a generic type (for client and server use), a server only type, and a
+client only type. B<method> can be of the following types:
+
+=over 4
+
+=item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)
+
+A TLS/SSL connection established with these methods will only understand
+the SSLv2 protocol. A client will send out SSLv2 client hello messages
+and will also indicate that it only understand SSLv2. A server will only
+understand SSLv2 client hello messages.
+
+=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)
+
+A TLS/SSL connection established with these methods will only understand the
+SSLv3 protocol. A client will send out SSLv3 client hello messages
+and will indicate that it only understands SSLv3. A server will only understand
+SSLv3 client hello messages. This especially means, that it will
+not understand SSLv2 client hello messages which are widely used for
+compatibility reasons, see SSLv23_*_method().
+
+=item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)
+
+A TLS/SSL connection established with these methods will only understand the
+TLSv1 protocol. A client will send out TLSv1 client hello messages
+and will indicate that it only understands TLSv1. A server will only understand
+TLSv1 client hello messages. This especially means, that it will
+not understand SSLv2 client hello messages which are widely used for
+compatibility reasons, see SSLv23_*_method(). It will also not understand
+SSLv3 client hello messages.
+
+=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)
+
+A TLS/SSL connection established with these methods will understand the SSLv2,
+SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages
+and will indicate that it also understands SSLv3 and TLSv1. A server will
+understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best
+choice when compatibility is a concern.
+
+=back
+
+The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
+SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or
+B<SSL_set_options()> functions. Using these options it is possible to choose
+e.g. SSLv23_server_method() and be able to negotiate with all possible
+clients, but to only allow newer protocols like SSLv3 or TLSv1.
+
+SSL_CTX_new() initializes the list of ciphers, the session cache setting,
+the callbacks, the keys and certificates, and the options to its default
+values.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item NULL
+
+The creation of a new SSL_CTX object failed. Check the error stack to
+find out the reason.
+
+=item Pointer to an SSL_CTX object
+
+The return value points to an allocated SSL_CTX object.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>,
+L<ssl(3)|ssl(3)>,  L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_sess_number.pod b/doc/ssl/SSL_CTX_sess_number.pod
new file mode 100644
index 0000000000..19aa4e2902
--- /dev/null
+++ b/doc/ssl/SSL_CTX_sess_number.pod
@@ -0,0 +1,76 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full - obtain session cache statistics
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_sess_number(SSL_CTX *ctx);
+ long SSL_CTX_sess_connect(SSL_CTX *ctx);
+ long SSL_CTX_sess_connect_good(SSL_CTX *ctx);
+ long SSL_CTX_sess_connect_renegotiate(SSL_CTX *ctx);
+ long SSL_CTX_sess_accept(SSL_CTX *ctx);
+ long SSL_CTX_sess_accept_good(SSL_CTX *ctx);
+ long SSL_CTX_sess_accept_renegotiate(SSL_CTX *ctx);
+ long SSL_CTX_sess_hits(SSL_CTX *ctx);
+ long SSL_CTX_sess_cb_hits(SSL_CTX *ctx);
+ long SSL_CTX_sess_misses(SSL_CTX *ctx);
+ long SSL_CTX_sess_timeouts(SSL_CTX *ctx);
+ long SSL_CTX_sess_cache_full(SSL_CTX *ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_sess_number() returns the current number of sessions in the internal
+session cache.
+
+SSL_CTX_sess_connect() returns the number of started SSL/TLS handshakes in
+client mode.
+
+SSL_CTX_sess_connect_good() returns the number of successfully established
+SSL/TLS sessions in client mode.
+
+SSL_CTX_sess_connect_renegotiate() returns the number of start renegotiations
+in client mode.
+
+SSL_CTX_sess_accept() returns the number of started SSL/TLS handshakes in
+server mode.
+
+SSL_CTX_sess_accept_good() returns the number of successfully established
+SSL/TLS sessions in server mode.
+
+SSL_CTX_sess_accept_renegotiate() returns the number of start renegotiations
+in server mode.
+
+SSL_CTX_sess_hits() returns the number of successfully reused sessions.
+In client mode a session set with L<SSL_set_session(3)|SSL_set_session(3)>
+successfully reused is counted as a hit. In server mode a session successfully
+retrieved from internal or external cache is counted as a hit.
+
+SSL_CTX_sess_cb_hits() returns the number of successfully retrieved sessions
+from the external session cache in server mode.
+
+SSL_CTX_sess_misses() returns the number of sessions proposed by clients
+that were not found in the internal session cache in server mode.
+
+SSL_CTX_sess_timeouts() returns the number of sessions proposed by clients
+and either found in the internal or external session cache in server mode,
+ but that were invalid due to timeout. These sessions are not included in
+the SSL_CTX_sess_hits() count.
+
+SSL_CTX_sess_cache_full() returns the number of sessions that were removed
+because the maximum session cache size was exceeded.
+
+=head1 RETURN VALUES
+
+The functions return the values indicated in the DESCRIPTION section.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
+L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>
+L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_sess_set_cache_size.pod b/doc/ssl/SSL_CTX_sess_set_cache_size.pod
new file mode 100644
index 0000000000..c8b99f4eef
--- /dev/null
+++ b/doc/ssl/SSL_CTX_sess_set_cache_size.pod
@@ -0,0 +1,51 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size - manipulate session cache size
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_sess_set_cache_size(SSL_CTX *ctx, long t);
+ long SSL_CTX_sess_get_cache_size(SSL_CTX *ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_sess_set_cache_size() sets the size of the internal session cache
+of context B<ctx> to B<t>.
+
+SSL_CTX_sess_get_cache_size() returns the currently valid session cache size.
+
+=head1 NOTES
+
+The internal session cache size is SSL_SESSION_CACHE_MAX_SIZE_DEFAULT,
+currently 1024*20, so that up to 20000 sessions can be held. This size
+can be modified using the SSL_CTX_sess_set_cache_size() call. A special
+case is the size 0, which is used for unlimited size.
+
+When the maximum number of sessions is reached, no more new sessions are
+added to the cache. New space may be added by calling
+L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> to remove
+expired sessions.
+
+If the size of the session cache is reduced and more sessions are already
+in the session cache, old session will be removed at the next time a
+session shall be added. This removal is not synchronized with the
+expiration of sessions.
+
+=head1 RETURN VALUES
+
+SSL_CTX_sess_set_cache_size() returns the previously valid size.
+
+SSL_CTX_sess_get_cache_size() returns the currently valid size.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>,
+L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
+L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_sess_set_get_cb.pod b/doc/ssl/SSL_CTX_sess_set_get_cb.pod
new file mode 100644
index 0000000000..7c0b2baf6c
--- /dev/null
+++ b/doc/ssl/SSL_CTX_sess_set_get_cb.pod
@@ -0,0 +1,85 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb - provide callback functions for server side external session caching
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+			      int (*new_session_cb)(SSL *, SSL_SESSION *));
+ void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+	   void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *));
+ void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+	   SSL_SESSION (*get_session_cb)(SSL *, unsigned char *, int, int *));
+
+ int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
+ void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
+ SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *data, int len, int *copy);
+
+ int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
+ void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
+ SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,
+	       int len, int *copy);
+
+=head1 DESCRIPTION
+
+SSL_CTX_sess_set_new_cb() sets the callback function, which is automatically
+called whenever a new session was negotiated.
+
+SSL_CTX_sess_set_remove_cb() sets the callback function, which is
+automatically called whenever a session is removed by the SSL engine,
+because it is considered faulty or the session has become obsolete because
+of exceeding the timeout value.
+
+SSL_CTX_sess_set_get_cb() sets the callback function which is called,
+whenever a SSL/TLS client proposed to resume a session but the session
+could not be found in the internal session cache (see
+L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>).
+(SSL/TLS server only.)
+
+SSL_CTX_sess_get_new_cb(), SSL_CTX_sess_get_remove_cb(), and
+SSL_CTX_sess_get_get_cb() allow to retrieve the function pointers of the
+provided callback functions. If a callback function has not been set,
+the NULL pointer is returned.
+
+=head1 NOTES
+
+In order to allow external session caching, synchronization with the internal
+session cache is realized via callback functions. Inside these callback
+functions, session can be saved to disk or put into a database using the
+L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)> interface.
+
+The new_session_cb() is called, whenever a new session has been negotiated
+and session caching is enabled (see
+L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>).
+The new_session_cb() is passed the B<ssl> connection and the ssl session
+B<sess>. If the callback returns B<0>, the session will be immediately
+removed again.
+
+The remove_session_cb() is called, whenever the SSL engine removes a session
+from the internal cache. This happens if the session is removed because
+it is expired or when a connection was not shutdown cleanly. The
+remove_session_cb() is passed the B<ctx> and the ssl session B<sess>.
+It does not provide any feedback.
+
+The get_session_cb() is only called on SSL/TLS servers with the session id
+proposed by the client. The get_session_cb() is always called, also when
+session caching was disabled. The get_session_cb() is passed the
+B<ssl> connection, the session id of length B<length> at the memory location
+B<data>. With the parameter B<copy> the callback can require the
+SSL engine to increment the reference count of the SSL_SESSION object,
+Normally the reference count is not incremented and therefore the
+session must not be explicitly freed with
+L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>,
+L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
+L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_sessions.pod b/doc/ssl/SSL_CTX_sessions.pod
new file mode 100644
index 0000000000..e05aab3c1b
--- /dev/null
+++ b/doc/ssl/SSL_CTX_sessions.pod
@@ -0,0 +1,34 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_sessions - access internal session cache
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_sessions() returns a pointer to the lhash databases containing the
+internal session cache for B<ctx>.
+
+=head1 NOTES
+
+The sessions in the internal session cache are kept in an
+L<lhash(3)|lhash(3)> type database. It is possible to directly
+access this database e.g. for searching. In parallel, the sessions
+form a linked list which is maintained separately from the
+L<lhash(3)|lhash(3)> operations, so that the database must not be
+modified directly but by using the
+L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)> family of functions.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<lhash(3)|lhash(3)>,
+L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
+L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set_cert_store.pod b/doc/ssl/SSL_CTX_set_cert_store.pod
new file mode 100644
index 0000000000..3a240c4d37
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_cert_store.pod
@@ -0,0 +1,57 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store);
+ X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_cert_store() sets/replaces the certificate verification storage
+of B<ctx> to/with B<store>. If another X509_STORE object is currently
+set in B<ctx>, it will be X509_STORE_free()ed.
+
+SSL_CTX_get_cert_store() returns a pointer to the current certificate
+verification storage.
+
+=head1 NOTES
+
+In order to verify the certificates presented by the peer, trusted CA
+certificates must be accessed. These CA certificates are made available
+via lookup methods, handled inside the X509_STORE. From the X509_STORE
+the X509_STORE_CTX used when verifying certificates is created.
+
+Typically the trusted certificate store is handled indirectly via using
+L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.
+Using the SSL_CTX_set_cert_store() and SSL_CTX_get_cert_store() functions
+it is possible to manipulate the X509_STORE object beyond the
+L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
+call.
+
+Currently no detailed documentation on how to use the X509_STORE
+object is available. Not all members of the X509_STORE are used when
+the verification takes place. So will e.g. the verify_callback() be
+overridden with the verify_callback() set via the
+L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> family of functions.
+This document must therefore be updated when documentation about the
+X509_STORE object and its handling becomes available.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_cert_store() does not return diagnostic output.
+
+SSL_CTX_get_cert_store() returns the current setting.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>,
+L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>,
+L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set_cert_verify_callback.pod b/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
new file mode 100644
index 0000000000..c0f4f85708
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
@@ -0,0 +1,75 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_cert_verify_callback - set peer certificate verification procedure
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *,void *), void *arg);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_cert_verify_callback() sets the verification callback function for
+I<ctx>. SSL objects that are created from I<ctx> inherit the setting valid at
+the time when L<SSL_new(3)|SSL_new(3)> is called.
+
+=head1 NOTES
+
+Whenever a certificate is verified during a SSL/TLS handshake, a verification
+function is called. If the application does not explicitly specify a
+verification callback function, the built-in verification function is used.
+If a verification callback I<callback> is specified via
+SSL_CTX_set_cert_verify_callback(), the supplied callback function is called
+instead. By setting I<callback> to NULL, the default behaviour is restored.
+
+When the verification must be performed, I<callback> will be called with
+the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The 
+argument I<arg> is specified by the application when setting I<callback>.
+
+I<callback> should return 1 to indicate verification success and 0 to
+indicate verification failure. If SSL_VERIFY_PEER is set and I<callback>
+returns 0, the handshake will fail. As the verification procedure may
+allow to continue the connection in case of failure (by always returning 1)
+the verification result must be set in any case using the B<error>
+member of I<x509_store_ctx> so that the calling application will be informed
+about the detailed result of the verification procedure! 
+
+Within I<x509_store_ctx>, I<callback> has access to the I<verify_callback>
+function set using L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>.
+
+=head1 WARNINGS
+
+Do not mix the verification callback described in this function with the
+B<verify_callback> function called during the verification process. The
+latter is set using the L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
+family of functions.
+
+Providing a complete verification procedure including certificate purpose
+settings etc is a complex task. The built-in procedure is quite powerful
+and in most cases it should be sufficient to modify its behaviour using
+the B<verify_callback> function.
+
+=head1 BUGS
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_cert_verify_callback() does not provide diagnostic information.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
+L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
+L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
+
+=head1 HISTORY
+
+Previous to OpenSSL 0.9.7, the I<arg> argument to B<SSL_CTX_set_cert_verify_callback>
+was ignored, and I<callback> was called simply as
+ int (*callback)(X509_STORE_CTX *)
+To compile software written for previous versions of OpenSSL, a dummy
+argument will have to be added to I<callback>.
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set_cipher_list.pod b/doc/ssl/SSL_CTX_set_cipher_list.pod
new file mode 100644
index 0000000000..ed64f64157
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_cipher_list.pod
@@ -0,0 +1,70 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_cipher_list, SSL_set_cipher_list - choose list of available SSL_CIPHERs
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str);
+ int SSL_set_cipher_list(SSL *ssl, const char *str);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_cipher_list() sets the list of available ciphers for B<ctx>
+using the control string B<str>. The format of the string is described
+in L<ciphers(1)|ciphers(1)>. The list of ciphers is inherited by all
+B<ssl> objects created from B<ctx>.
+
+SSL_set_cipher_list() sets the list of ciphers only for B<ssl>.
+
+=head1 NOTES
+
+The control string B<str> should be universally usable and not depend
+on details of the library configuration (ciphers compiled in). Thus no
+syntax checking takes place. Items that are not recognized, because the
+corresponding ciphers are not compiled in or because they are mistyped,
+are simply ignored. Failure is only flagged if no ciphers could be collected
+at all.
+
+It should be noted, that inclusion of a cipher to be used into the list is
+a necessary condition. On the client side, the inclusion into the list is
+also sufficient. On the server side, additional restrictions apply. All ciphers
+have additional requirements. ADH ciphers don't need a certificate, but
+DH-parameters must have been set. All other ciphers need a corresponding
+certificate and key.
+
+A RSA cipher can only be chosen, when a RSA certificate is available.
+RSA export ciphers with a keylength of 512 bits for the RSA key require
+a temporary 512 bit RSA key, as typically the supplied key has a length
+of 1024 bit (see
+L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>).
+RSA ciphers using EDH need a certificate and key and additional DH-parameters
+(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
+
+A DSA cipher can only be chosen, when a DSA certificate is available.
+DSA ciphers always use DH key exchange and therefore need DH-parameters
+(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
+
+When these conditions are not met for any cipher in the list (e.g. a
+client only supports export RSA ciphers with a asymmetric key length
+of 512 bits and the server is not configured to use temporary RSA
+keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated
+and the handshake will fail.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher
+could be selected and 0 on complete failure.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
+L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
+L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
+L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
+L<ciphers(1)|ciphers(1)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set_client_CA_list.pod b/doc/ssl/SSL_CTX_set_client_CA_list.pod
new file mode 100644
index 0000000000..632b556d12
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_client_CA_list.pod
@@ -0,0 +1,94 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA,
+SSL_add_client_CA - set list of CAs sent to the client when requesting a
+client certificate
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+ 
+ void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
+ void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
+ int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert);
+ int SSL_add_client_CA(SSL *ssl, X509 *cacert);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_client_CA_list() sets the B<list> of CAs sent to the client when
+requesting a client certificate for B<ctx>.
+
+SSL_set_client_CA_list() sets the B<list> of CAs sent to the client when
+requesting a client certificate for the chosen B<ssl>, overriding the
+setting valid for B<ssl>'s SSL_CTX object.
+
+SSL_CTX_add_client_CA() adds the CA name extracted from B<cacert> to the
+list of CAs sent to the client when requesting a client certificate for
+B<ctx>.
+
+SSL_add_client_CA() adds the CA name extracted from B<cacert> to the
+list of CAs sent to the client when requesting a client certificate for
+the chosen B<ssl>, overriding the setting valid for B<ssl>'s SSL_CTX object.
+
+=head1 NOTES
+
+When a TLS/SSL server requests a client certificate (see
+B<SSL_CTX_set_verify_options()>), it sends a list of CAs, for which
+it will accept certificates, to the client.
+
+This list must explicitly be set using SSL_CTX_set_client_CA_list() for
+B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list
+specified overrides the previous setting. The CAs listed do not become
+trusted (B<list> only contains the names, not the complete certificates); use
+L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> 
+to additionally load them for verification.
+
+If the list of acceptable CAs is compiled in a file, the
+L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>
+function can be used to help importing the necessary data.
+
+SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional
+items the list of client CAs. If no list was specified before using
+SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(), a new client
+CA list for B<ctx> or B<ssl> (as appropriate) is opened.
+
+These functions are only useful for TLS/SSL servers.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return
+diagnostic information.
+
+SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return
+values:
+
+=over 4
+
+=item 1
+
+The operation succeeded.
+
+=item 0
+
+A failure while manipulating the STACK_OF(X509_NAME) object occurred or
+the X509_NAME could not be extracted from B<cacert>. Check the error stack
+to find out the reason.
+
+=back
+
+=head1 EXAMPLES
+
+Scan all certificates in B<CAfile> and list them as acceptable CAs:
+
+  SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>,
+L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
+L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>,
+L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set_client_cert_cb.pod b/doc/ssl/SSL_CTX_set_client_cert_cb.pod
new file mode 100644
index 0000000000..3465b5c7bb
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_client_cert_cb.pod
@@ -0,0 +1,94 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - handle client certificate callback function
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+ int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+ int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_client_cert_cb() sets the B<client_cert_cb()> callback, that is
+called when a client certificate is requested by a server and no certificate
+was yet set for the SSL object.
+
+When B<client_cert_cb()> is NULL, no callback function is used.
+
+SSL_CTX_get_client_cert_cb() returns a pointer to the currently set callback
+function.
+
+client_cert_cb() is the application defined callback. If it wants to
+set a certificate, a certificate/private key combination must be set
+using the B<x509> and B<pkey> arguments and "1" must be returned. The
+certificate will be installed into B<ssl>, see the NOTES and BUGS sections.
+If no certificate should be set, "0" has to be returned and no certificate
+will be sent. A negative return value will suspend the handshake and the
+handshake function will return immediatly. L<SSL_get_error(3)|SSL_get_error(3)>
+will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was
+suspended. The next call to the handshake function will again lead to the call
+of client_cert_cb(). It is the job of the client_cert_cb() to store information
+about the state of the last call, if required to continue.
+
+=head1 NOTES
+
+During a handshake (or renegotiation) a server may request a certificate
+from the client. A client certificate must only be sent, when the server
+did send the request.
+
+When a certificate was set using the
+L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)> family of functions,
+it will be sent to the server. The TLS standard requires that only a
+certificate is sent, if it matches the list of acceptable CAs sent by the
+server. This constraint is violated by the default behavior of the OpenSSL
+library. Using the callback function it is possible to implement a proper
+selection routine or to allow a user interaction to choose the certificate to
+be sent.
+
+If a callback function is defined and no certificate was yet defined for the
+SSL object, the callback function will be called.
+If the callback function returns a certificate, the OpenSSL library
+will try to load the private key and certificate data into the SSL
+object using the SSL_use_certificate() and SSL_use_private_key() functions.
+Thus it will permanently install the certificate and key for this SSL
+object. It will not be reset by calling L<SSL_clear(3)|SSL_clear(3)>.
+If the callback returns no certificate, the OpenSSL library will not send
+a certificate.
+
+=head1 BUGS
+
+The client_cert_cb() cannot return a complete certificate chain, it can
+only return one client certificate. If the chain only has a length of 2,
+the root CA certificate may be omitted according to the TLS standard and
+thus a standard conforming answer can be sent to the server. For a
+longer chain, the client must send the complete chain (with the option
+to leave out the root CA certificate). This can only be accomplished by
+either adding the intermediate CA certificates into the trusted
+certificate store for the SSL_CTX object (resulting in having to add
+CA certificates that otherwise maybe would not be trusted), or by adding
+the chain certificates using the
+L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
+function, which is only available for the SSL_CTX object as a whole and that
+therefore probably can only apply for one client certificate, making
+the concept of the callback function (to allow the choice from several
+certificates) questionable.
+
+Once the SSL object has been used in conjunction with the callback function,
+the certificate will be set for the SSL object and will not be cleared
+even when L<SSL_clear(3)|SSL_clear(3)> is being called. It is therefore
+mandatory to destroy the SSL object using L<SSL_free(3)|SSL_free(3)>
+and create a new one to return to the previous state.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
+L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
+L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
+L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set_default_passwd_cb.pod b/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
new file mode 100644
index 0000000000..2b87f01ca1
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
@@ -0,0 +1,76 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata - set passwd callback for encrypted PEM file handling
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
+ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
+
+ int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_default_passwd_cb() sets the default password callback called
+when loading/storing a PEM certificate with encryption.
+
+SSL_CTX_set_default_passwd_cb_userdata() sets a pointer to B<userdata> which
+will be provided to the password callback on invocation.
+
+The pem_passwd_cb(), which must be provided by the application, hands back the
+password to be used during decryption. On invocation a pointer to B<userdata>
+is provided. The pem_passwd_cb must write the password into the provided buffer
+B<buf> which is of size B<size>. The actual length of the password must
+be returned to the calling function. B<rwflag> indicates whether the
+callback is used for reading/decryption (rwflag=0) or writing/encryption
+(rwflag=1).
+
+=head1 NOTES
+
+When loading or storing private keys, a password might be supplied to
+protect the private key. The way this password can be supplied may depend
+on the application. If only one private key is handled, it can be practical
+to have pem_passwd_cb() handle the password dialog interactively. If several
+keys have to be handled, it can be practical to ask for the password once,
+then keep it in memory and use it several times. In the last case, the
+password could be stored into the B<userdata> storage and the
+pem_passwd_cb() only returns the password already stored.
+
+When asking for the password interactively, pem_passwd_cb() can use
+B<rwflag> to check, whether an item shall be encrypted (rwflag=1).
+In this case the password dialog may ask for the same password twice
+for comparison in order to catch typos, that would make decryption
+impossible.
+
+Other items in PEM formatting (certificates) can also be encrypted, it is
+however not usual, as certificate information is considered public.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_default_passwd_cb() and SSL_CTX_set_default_passwd_cb_userdata()
+do not provide diagnostic information.
+
+=head1 EXAMPLES
+
+The following example returns the password provided as B<userdata> to the
+calling function. The password is considered to be a '\0' terminated
+string. If the password does not fit into the buffer, the password is
+truncated.
+
+ int pem_passwd_cb(char *buf, int size, int rwflag, void *password)
+ {
+  strncpy(buf, (char *)(password), size);
+  buf[size - 1] = '\0';
+  return(strlen(buf));
+ }
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>,
+L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set_generate_session_id.pod b/doc/ssl/SSL_CTX_set_generate_session_id.pod
new file mode 100644
index 0000000000..798e8443a7
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_generate_session_id.pod
@@ -0,0 +1,150 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id - manipulate generation of SSL session IDs (server only)
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
+                               unsigned int *id_len);
+
+ int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb);
+ int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB, cb);
+ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+				 unsigned int id_len);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_generate_session_id() sets the callback function for generating
+new session ids for SSL/TLS sessions for B<ctx> to be B<cb>.
+
+SSL_set_generate_session_id() sets the callback function for generating
+new session ids for SSL/TLS sessions for B<ssl> to be B<cb>.
+
+SSL_has_matching_session_id() checks, whether a session with id B<id>
+(of length B<id_len>) is already contained in the internal session cache
+of the parent context of B<ssl>.
+
+=head1 NOTES
+
+When a new session is established between client and server, the server
+generates a session id. The session id is an arbitrary sequence of bytes.
+The length of the session id is 16 bytes for SSLv2 sessions and between
+1 and 32 bytes for SSLv3/TLSv1. The session id is not security critical
+but must be unique for the server. Additionally, the session id is
+transmitted in the clear when reusing the session so it must not contain
+sensitive information.
+
+Without a callback being set, an OpenSSL server will generate a unique
+session id from pseudo random numbers of the maximum possible length.
+Using the callback function, the session id can be changed to contain
+additional information like e.g. a host id in order to improve load balancing
+or external caching techniques.
+
+The callback function receives a pointer to the memory location to put
+B<id> into and a pointer to the maximum allowed length B<id_len>. The
+buffer at location B<id> is only guaranteed to have the size B<id_len>.
+The callback is only allowed to generate a shorter id and reduce B<id_len>;
+the callback B<must never> increase B<id_len> or write to the location
+B<id> exceeding the given limit.
+
+If a SSLv2 session id is generated and B<id_len> is reduced, it will be
+restored after the callback has finished and the session id will be padded
+with 0x00. It is not recommended to change the B<id_len> for SSLv2 sessions.
+The callback can use the L<SSL_get_version(3)|SSL_get_version(3)> function
+to check, whether the session is of type SSLv2.
+
+The location B<id> is filled with 0x00 before the callback is called, so the
+callback may only fill part of the possible length and leave B<id_len>
+untouched while maintaining reproducibility.
+
+Since the sessions must be distinguished, session ids must be unique.
+Without the callback a random number is used, so that the probability
+of generating the same session id is extremely small (2^128 possible ids
+for an SSLv2 session, 2^256 for SSLv3/TLSv1). In order to assure the
+uniqueness of the generated session id, the callback must call
+SSL_has_matching_session_id() and generate another id if a conflict occurs.
+If an id conflict is not resolved, the handshake will fail.
+If the application codes e.g. a unique host id, a unique process number, and
+a unique sequence number into the session id, uniqueness could easily be
+achieved without randomness added (it should however be taken care that
+no confidential information is leaked this way). If the application can not
+guarantee uniqueness, it is recommended to use the maximum B<id_len> and
+fill in the bytes not used to code special information with random data
+to avoid collisions.
+
+SSL_has_matching_session_id() will only query the internal session cache,
+not the external one. Since the session id is generated before the
+handshake is completed, it is not immediately added to the cache. If
+another thread is using the same internal session cache, a race condition
+can occur in that another thread generates the same session id.
+Collisions can also occur when using an external session cache, since
+the external cache is not tested with SSL_has_matching_session_id()
+and the same race condition applies.
+
+When calling SSL_has_matching_session_id() for an SSLv2 session with
+reduced B<id_len>, the match operation will be performed using the
+fixed length required and with a 0x00 padded id.
+
+The callback must return 0 if it cannot generate a session id for whatever
+reason and return 1 on success.
+
+=head1 EXAMPLES
+
+The callback function listed will generate a session id with the
+server id given, and will fill the rest with pseudo random bytes:
+
+ const char session_id_prefix = "www-18";
+
+ #define MAX_SESSION_ID_ATTEMPTS 10
+ static int generate_session_id(const SSL *ssl, unsigned char *id,
+                              unsigned int *id_len)
+      {
+      unsigned int count = 0;
+      const char *version;
+
+      version = SSL_get_version(ssl);
+      if (!strcmp(version, "SSLv2"))
+	  /* we must not change id_len */;
+
+      do      {
+              RAND_pseudo_bytes(id, *id_len);
+              /* Prefix the session_id with the required prefix. NB: If our
+               * prefix is too long, clip it - but there will be worse effects
+               * anyway, eg. the server could only possibly create 1 session
+               * ID (ie. the prefix!) so all future session negotiations will
+               * fail due to conflicts. */
+              memcpy(id, session_id_prefix,
+                      (strlen(session_id_prefix) < *id_len) ?
+                      strlen(session_id_prefix) : *id_len);
+              }
+      while(SSL_has_matching_session_id(ssl, id, *id_len) &&
+              (++count < MAX_SESSION_ID_ATTEMPTS));
+      if(count >= MAX_SESSION_ID_ATTEMPTS)
+              return 0;
+      return 1;
+      }
+
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_generate_session_id() and SSL_set_generate_session_id()
+always return 1.
+
+SSL_has_matching_session_id() returns 1 if another session with the
+same id is already in the cache.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_get_version(3)|SSL_get_version(3)>
+
+=head1 HISTORY
+
+SSL_CTX_set_generate_session_id(), SSL_set_generate_session_id()
+and SSL_has_matching_session_id() have been introduced in
+OpenSSL 0.9.7.
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set_info_callback.pod b/doc/ssl/SSL_CTX_set_info_callback.pod
new file mode 100644
index 0000000000..63d0b8d33f
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_info_callback.pod
@@ -0,0 +1,153 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback - handle information callback for SSL connections
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)());
+ void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))();
+
+ void SSL_set_info_callback(SSL *ssl, void (*callback)());
+ void (*SSL_get_info_callback(SSL *ssl))();
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_info_callback() sets the B<callback> function, that can be used to
+obtain state information for SSL objects created from B<ctx> during connection
+setup and use. The setting for B<ctx> is overridden from the setting for
+a specific SSL object, if specified.
+When B<callback> is NULL, not callback function is used.
+
+SSL_set_info_callback() sets the B<callback> function, that can be used to
+obtain state information for B<ssl> during connection setup and use.
+When B<callback> is NULL, the callback setting currently valid for
+B<ctx> is used.
+
+SSL_CTX_get_info_callback() returns a pointer to the currently set information
+callback function for B<ctx>.
+
+SSL_get_info_callback() returns a pointer to the currently set information
+callback function for B<ssl>.
+
+=head1 NOTES
+
+When setting up a connection and during use, it is possible to obtain state
+information from the SSL/TLS engine. When set, an information callback function
+is called whenever the state changes, an alert appears, or an error occurs.
+
+The callback function is called as B<callback(SSL *ssl, int where, int ret)>.
+The B<where> argument specifies information about where (in which context)
+the callback function was called. If B<ret> is 0, an error condition occurred.
+If an alert is handled, SSL_CB_ALERT is set and B<ret> specifies the alert
+information.
+
+B<where> is a bitmask made up of the following bits:
+
+=over 4
+
+=item SSL_CB_LOOP
+
+Callback has been called to indicate state change inside a loop.
+
+=item SSL_CB_EXIT
+
+Callback has been called to indicate error exit of a handshake function.
+(May be soft error with retry option for non-blocking setups.)
+
+=item SSL_CB_READ
+
+Callback has been called during read operation.
+
+=item SSL_CB_WRITE
+
+Callback has been called during write operation.
+
+=item SSL_CB_ALERT
+
+Callback has been called due to an alert being sent or received.
+
+=item SSL_CB_READ_ALERT               (SSL_CB_ALERT|SSL_CB_READ)
+
+=item SSL_CB_WRITE_ALERT              (SSL_CB_ALERT|SSL_CB_WRITE)
+
+=item SSL_CB_ACCEPT_LOOP              (SSL_ST_ACCEPT|SSL_CB_LOOP)
+
+=item SSL_CB_ACCEPT_EXIT              (SSL_ST_ACCEPT|SSL_CB_EXIT)
+
+=item SSL_CB_CONNECT_LOOP             (SSL_ST_CONNECT|SSL_CB_LOOP)
+
+=item SSL_CB_CONNECT_EXIT             (SSL_ST_CONNECT|SSL_CB_EXIT)
+
+=item SSL_CB_HANDSHAKE_START
+
+Callback has been called because a new handshake is started.
+
+=item SSL_CB_HANDSHAKE_DONE           0x20
+
+Callback has been called because a handshake is finished.
+
+=back
+
+The current state information can be obtained using the
+L<SSL_state_string(3)|SSL_state_string(3)> family of functions.
+
+The B<ret> information can be evaluated using the
+L<SSL_alert_type_string(3)|SSL_alert_type_string(3)> family of functions.
+
+=head1 RETURN VALUES
+
+SSL_set_info_callback() does not provide diagnostic information.
+
+SSL_get_info_callback() returns the current setting.
+
+=head1 EXAMPLES
+
+The following example callback function prints state strings, information
+about alerts being handled and error messages to the B<bio_err> BIO.
+
+ void apps_ssl_info_callback(SSL *s, int where, int ret)
+	{
+	const char *str;
+	int w;
+
+	w=where& ~SSL_ST_MASK;
+
+	if (w & SSL_ST_CONNECT) str="SSL_connect";
+	else if (w & SSL_ST_ACCEPT) str="SSL_accept";
+	else str="undefined";
+
+	if (where & SSL_CB_LOOP)
+		{
+		BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
+		}
+	else if (where & SSL_CB_ALERT)
+		{
+		str=(where & SSL_CB_READ)?"read":"write";
+		BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
+			str,
+			SSL_alert_type_string_long(ret),
+			SSL_alert_desc_string_long(ret));
+		}
+	else if (where & SSL_CB_EXIT)
+		{
+		if (ret == 0)
+			BIO_printf(bio_err,"%s:failed in %s\n",
+				str,SSL_state_string_long(s));
+		else if (ret < 0)
+			{
+			BIO_printf(bio_err,"%s:error in %s\n",
+				str,SSL_state_string_long(s));
+			}
+		}
+	}
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_state_string(3)|SSL_state_string(3)>,
+L<SSL_alert_type_string(3)|SSL_alert_type_string(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set_max_cert_list.pod b/doc/ssl/SSL_CTX_set_max_cert_list.pod
new file mode 100644
index 0000000000..da68cb9fc2
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_max_cert_list.pod
@@ -0,0 +1,77 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list, - manipulate allowed for the peer's certificate chain
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_set_max_cert_list(SSL_CTX *ctx, long size);
+ long SSL_CTX_get_max_cert_list(SSL_CTX *ctx);
+
+ long SSL_set_max_cert_list(SSL *ssl, long size);
+ long SSL_get_max_cert_list(SSL *ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_max_cert_list() sets the maximum size allowed for the peer's
+certificate chain for all SSL objects created from B<ctx> to be <size> bytes.
+The SSL objects inherit the setting valid for B<ctx> at the time
+L<SSL_new(3)|SSL_new(3)> is being called.
+
+SSL_CTX_get_max_cert_list() returns the currently set maximum size for B<ctx>.
+
+SSL_set_max_cert_list() sets the maximum size allowed for the peer's
+certificate chain for B<ssl> to be <size> bytes. This setting stays valid
+until a new value is set.
+
+SSL_get_max_cert_list() returns the currently set maximum size for B<ssl>.
+
+=head1 NOTES
+
+During the handshake process, the peer may send a certificate chain.
+The TLS/SSL standard does not give any maximum size of the certificate chain.
+The OpenSSL library handles incoming data by a dynamically allocated buffer.
+In order to prevent this buffer from growing without bounds due to data
+received from a faulty or malicious peer, a maximum size for the certificate
+chain is set.
+
+The default value for the maximum certificate chain size is 100kB (30kB
+on the 16bit DOS platform). This should be sufficient for usual certificate
+chains (OpenSSL's default maximum chain length is 10, see
+L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>, and certificates
+without special extensions have a typical size of 1-2kB).
+
+For special applications it can be necessary to extend the maximum certificate
+chain size allowed to be sent by the peer, see e.g. the work on
+"Internet X.509 Public Key Infrastructure Proxy Certificate Profile"
+and "TLS Delegation Protocol" at http://www.ietf.org/ and
+http://www.globus.org/ .
+
+Under normal conditions it should never be necessary to set a value smaller
+than the default, as the buffer is handled dynamically and only uses the
+memory actually required by the data sent by the peer.
+
+If the maximum certificate chain size allowed is exceeded, the handshake will
+fail with a SSL_R_EXCESSIVE_MESSAGE_SIZE error.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_max_cert_list() and SSL_set_max_cert_list() return the previously
+set value.
+
+SSL_CTX_get_max_cert_list() and SSL_get_max_cert_list() return the currently
+set value.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>,
+L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
+
+=head1 HISTORY
+
+SSL*_set/get_max_cert_list() have been introduced in OpenSSL 0.9.7.
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set_mode.pod b/doc/ssl/SSL_CTX_set_mode.pod
new file mode 100644
index 0000000000..9822544e5e
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_mode.pod
@@ -0,0 +1,81 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode - manipulate SSL engine mode
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_set_mode(SSL_CTX *ctx, long mode);
+ long SSL_set_mode(SSL *ssl, long mode);
+
+ long SSL_CTX_get_mode(SSL_CTX *ctx);
+ long SSL_get_mode(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_mode() adds the mode set via bitmask in B<mode> to B<ctx>.
+Options already set before are not cleared.
+
+SSL_set_mode() adds the mode set via bitmask in B<mode> to B<ssl>.
+Options already set before are not cleared.
+
+SSL_CTX_get_mode() returns the mode set for B<ctx>.
+
+SSL_get_mode() returns the mode set for B<ssl>.
+
+=head1 NOTES
+
+The following mode changes are available:
+
+=over 4
+
+=item SSL_MODE_ENABLE_PARTIAL_WRITE
+
+Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
+when just a single record has been written). When not set (the default),
+SSL_write() will only report success once the complete chunk was written.
+Once SSL_write() returns with r, r bytes have been successfully written
+and the next call to SSL_write() must only send the n-r bytes left,
+imitating the behaviour of write().
+
+=item SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
+
+Make it possible to retry SSL_write() with changed buffer location
+(the buffer contents must stay the same). This is not the default to avoid
+the misconception that non-blocking SSL_write() behaves like
+non-blocking write().
+
+=item SSL_MODE_AUTO_RETRY
+
+Never bother the application with retries if the transport is blocking.
+If a renegotiation take place during normal operation, a
+L<SSL_read(3)|SSL_read(3)> or L<SSL_write(3)|SSL_write(3)> would return
+with -1 and indicate the need to retry with SSL_ERROR_WANT_READ.
+In a non-blocking environment applications must be prepared to handle
+incomplete read/write operations.
+In a blocking environment, applications are not always prepared to
+deal with read/write operations returning without success report. The
+flag SSL_MODE_AUTO_RETRY will cause read/write operations to only
+return after the handshake and successful completion.
+
+=back
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_mode() and SSL_set_mode() return the new mode bitmask
+after adding B<mode>.
+
+SSL_CTX_get_mode() and SSL_get_mode() return the current bitmask.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_read(3)|SSL_read(3)>, L<SSL_write(3)|SSL_write(3)>
+
+=head1 HISTORY
+
+SSL_MODE_AUTO_RETRY as been added in OpenSSL 0.9.6.
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set_msg_callback.pod b/doc/ssl/SSL_CTX_set_msg_callback.pod
new file mode 100644
index 0000000000..0015e6ea79
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_msg_callback.pod
@@ -0,0 +1,99 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_get_msg_callback_arg - install callback for observing protocol messages
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+ void SSL_CTX_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
+
+ void SSL_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+ void SSL_set_msg_callback_arg(SSL_CTX *ctx, void *arg);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_msg_callback() or SSL_set_msg_callback() can be used to
+define a message callback function I<cb> for observing all SSL/TLS
+protocol messages (such as handshake messages) that are received or
+sent.  SSL_CTX_set_msg_callback_arg() and SSL_set_msg_callback_arg()
+can be used to set argument I<arg> to the callback function, which is
+available for arbitrary application use.
+
+SSL_CTX_set_msg_callback() and SSL_CTX_set_msg_callback_arg() specify
+default settings that will be copied to new B<SSL> objects by
+L<SSL_new(3)|SSL_new(3)>. SSL_set_msg_callback() and
+SSL_set_msg_callback_arg() modify the actual settings of an B<SSL>
+object. Using a B<0> pointer for I<cb> disables the message callback.
+
+When I<cb> is called by the SSL/TLS library for a protocol message,
+the function arguments have the following meaning:
+
+=over 4
+
+=item I<write_p>
+
+This flag is B<0> when a protocol message has been received and B<1>
+when a protocol message has been sent.
+
+=item I<version>
+
+The protocol version according to which the protocol message is
+interpreted by the library. Currently, this is one of
+B<SSL2_VERSION>, B<SSL3_VERSION> and B<TLS1_VERSION> (for SSL 2.0, SSL
+3.0 and TLS 1.0, respectively).
+
+=item I<content_type>
+
+In the case of SSL 2.0, this is always B<0>.  In the case of SSL 3.0
+or TLS 1.0, this is one of the B<ContentType> values defined in the
+protocol specification (B<change_cipher_spec(20)>, B<alert(21)>,
+B<handshake(22)>; but never B<application_data(23)> because the
+callback will only be called for protocol messages).
+
+=item I<buf>, I<len>
+
+I<buf> points to a buffer containing the protocol message, which
+consists of I<len> bytes. The buffer is no longer valid after the
+callback function has returned.
+
+=item I<ssl>
+
+The B<SSL> object that received or sent the message.
+
+=item I<arg>
+
+The user-defined argument optionally defined by
+SSL_CTX_set_msg_callback_arg() or SSL_set_msg_callback_arg().
+
+=back
+
+=head1 NOTES
+
+Protocol messages are passed to the callback function after decryption
+and fragment collection where applicable. (Thus record boundaries are
+not visible.)
+
+If processing a received protocol message results in an error,
+the callback function may not be called.  For example, the callback
+function will never see messages that are considered too large to be
+processed.
+
+Due to automatic protocol version negotiation, I<version> is not
+necessarily the protocol version used by the sender of the message: If
+a TLS 1.0 ClientHello message is received by an SSL 3.0-only server,
+I<version> will be B<SSL3_VERSION>.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>
+
+=head1 HISTORY
+
+SSL_CTX_set_msg_callback(), SSL_CTX_set_msg_callback_arg(),
+SSL_set_msg_callback() and SSL_get_msg_callback_arg() were added in OpenSSL 0.9.7.
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod
new file mode 100644
index 0000000000..f5e2ec3555
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_options.pod
@@ -0,0 +1,235 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options - manipulate SSL engine options
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_set_options(SSL_CTX *ctx, long options);
+ long SSL_set_options(SSL *ssl, long options);
+
+ long SSL_CTX_get_options(SSL_CTX *ctx);
+ long SSL_get_options(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>.
+Options already set before are not cleared!
+
+SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>.
+Options already set before are not cleared!
+
+SSL_CTX_get_options() returns the options set for B<ctx>.
+
+SSL_get_options() returns the options set for B<ssl>.
+
+=head1 NOTES
+
+The behaviour of the SSL library can be changed by setting several options.
+The options are coded as bitmasks and can be combined by a logical B<or>
+operation (|). Options can only be added but can never be reset.
+
+SSL_CTX_set_options() and SSL_set_options() affect the (external)
+protocol behaviour of the SSL library. The (internal) behaviour of
+the API can be changed by using the similar
+L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> and SSL_set_mode() functions.
+
+During a handshake, the option settings of the SSL object are used. When
+a new SSL object is created from a context using SSL_new(), the current
+option setting is copied. Changes to B<ctx> do not affect already created
+SSL objects. SSL_clear() does not affect the settings.
+
+The following B<bug workaround> options are available:
+
+=over 4
+
+=item SSL_OP_MICROSOFT_SESS_ID_BUG
+
+www.microsoft.com - when talking SSLv2, if session-id reuse is
+performed, the session-id passed back in the server-finished message
+is different from the one decided upon.
+
+=item SSL_OP_NETSCAPE_CHALLENGE_BUG
+
+Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte
+challenge but then appears to only use 16 bytes when generating the
+encryption keys.  Using 16 bytes is ok but it should be ok to use 32.
+According to the SSLv3 spec, one should use 32 bytes for the challenge
+when operating in SSLv2/v3 compatibility mode, but as mentioned above,
+this breaks this server so 16 bytes is the way to go.
+
+=item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+
+ssl3.netscape.com:443, first a connection is established with RC4-MD5.
+If it is then resumed, we end up using DES-CBC3-SHA.  It should be
+RC4-MD5 according to 7.6.1.3, 'cipher_suite'.
+
+Netscape-Enterprise/2.01 (https://merchant.netscape.com) has this bug.
+It only really shows up when connecting via SSLv2/v3 then reconnecting
+via SSLv3. The cipher list changes....
+
+NEW INFORMATION.  Try connecting with a cipher list of just
+DES-CBC-SHA:RC4-MD5.  For some weird reason, each new connection uses
+RC4-MD5, but a re-connect tries to use DES-CBC-SHA.  So netscape, when
+doing a re-connect, always takes the first cipher in the cipher list.
+
+=item SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
+
+...
+
+=item SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
+
+...
+
+=item SSL_OP_MSIE_SSLV2_RSA_PADDING
+
+...
+
+=item SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+
+...
+
+=item SSL_OP_TLS_D5_BUG
+
+...
+
+=item SSL_OP_TLS_BLOCK_PADDING_BUG
+
+...
+
+=item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+
+Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol
+vulnerability affecting CBC ciphers, which cannot be handled by some
+broken SSL implementations.  This option has no effect for connections
+using other ciphers.
+
+=item SSL_OP_ALL
+
+All of the above bug workarounds.
+
+=back
+
+It is usually safe to use B<SSL_OP_ALL> to enable the bug workaround
+options if compatibility with somewhat broken implementations is
+desired.
+
+The following B<modifying> options are available:
+
+=over 4
+
+=item SSL_OP_TLS_ROLLBACK_BUG
+
+Disable version rollback attack detection.
+
+During the client key exchange, the client must send the same information
+about acceptable SSL/TLS protocol levels as during the first hello. Some
+clients violate this rule by adapting to the server's answer. (Example:
+the client sends a SSLv2 hello and accepts up to SSLv3.1=TLSv1, the server
+only understands up to SSLv3. In this case the client must still use the
+same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect
+to the server's answer and violate the version rollback protection.)
+
+=item SSL_OP_SINGLE_DH_USE
+
+Always create a new key when using temporary/ephemeral DH parameters
+(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
+This option must be used to prevent small subgroup attacks, when
+the DH parameters were not generated using "strong" primes
+(e.g. when using DSA-parameters, see L<dhparam(1)|dhparam(1)>).
+If "strong" primes were used, it is not strictly necessary to generate
+a new DH key during each handshake but it is also recommended.
+B<SSL_OP_SINGLE_DH_USE> should therefore be enabled whenever
+temporary/ephemeral DH parameters are used.
+
+=item SSL_OP_EPHEMERAL_RSA
+
+Always use ephemeral (temporary) RSA key when doing RSA operations
+(see L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>).
+According to the specifications this is only done, when a RSA key
+can only be used for signature operations (namely under export ciphers
+with restricted RSA keylength). By setting this option, ephemeral
+RSA keys are always used. This option breaks compatibility with the
+SSL/TLS specifications and may lead to interoperability problems with
+clients and should therefore never be used. Ciphers with EDH (ephemeral
+Diffie-Hellman) key exchange should be used instead.
+
+=item SSL_OP_CIPHER_SERVER_PREFERENCE
+
+When choosing a cipher, use the server's preferences instead of the client
+preferences. When not set, the SSL server will always follow the clients
+preferences. When set, the SSLv3/TLSv1 server will choose following its
+own preferences. Because of the different protocol, for SSLv2 the server
+will send his list of preferences to the client and the client chooses.
+
+=item SSL_OP_PKCS1_CHECK_1
+
+...
+
+=item SSL_OP_PKCS1_CHECK_2
+
+...
+
+=item SSL_OP_NETSCAPE_CA_DN_BUG
+
+If we accept a netscape connection, demand a client cert, have a
+non-self-sighed CA which does not have it's CA in netscape, and the
+browser has a cert, it will crash/hang.  Works for 3.x and 4.xbeta 
+
+=item SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
+
+...
+
+=item SSL_OP_NO_SSLv2
+
+Do not use the SSLv2 protocol.
+
+=item SSL_OP_NO_SSLv3
+
+Do not use the SSLv3 protocol.
+
+=item SSL_OP_NO_TLSv1
+
+Do not use the TLSv1 protocol.
+
+=item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+
+When performing renegotiation as a server, always start a new session
+(i.e., session resumption requests are only accepted in the initial
+handshake).  This option is not needed for clients.
+
+=back
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_options() and SSL_set_options() return the new options bitmask
+after adding B<options>.
+
+SSL_CTX_get_options() and SSL_get_options() return the current bitmask.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
+L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
+L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
+L<dhparam(1)|dhparam(1)>
+
+=head1 HISTORY
+
+B<SSL_OP_CIPHER_SERVER_PREFERENCE> and
+B<SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION> have been added in
+OpenSSL 0.9.7.
+
+B<SSL_OP_TLS_ROLLBACK_BUG> has been added in OpenSSL 0.9.6 and was automatically
+enabled with B<SSL_OP_ALL>. As of 0.9.7, it is no longer included in B<SSL_OP_ALL>
+and must be explicitly set.
+
+B<SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS> has been added in OpenSSL 0.9.6e.
+Versions up to OpenSSL 0.9.6c do not include the countermeasure that
+can be disabled with this option (in OpenSSL 0.9.6d, it was always
+enabled).
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set_quiet_shutdown.pod b/doc/ssl/SSL_CTX_set_quiet_shutdown.pod
new file mode 100644
index 0000000000..1d0526d59a
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_quiet_shutdown.pod
@@ -0,0 +1,63 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown - manipulate shutdown behaviour
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
+ int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx);
+
+ void SSL_set_quiet_shutdown(SSL *ssl, int mode);
+ int SSL_get_quiet_shutdown(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_quiet_shutdown() sets the "quiet shutdown" flag for B<ctx> to be
+B<mode>. SSL objects created from B<ctx> inherit the B<mode> valid at the time
+L<SSL_new(3)|SSL_new(3)> is called. B<mode> may be 0 or 1.
+
+SSL_CTX_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ctx>.
+
+SSL_set_quiet_shutdown() sets the "quiet shutdown" flag for B<ssl> to be
+B<mode>. The setting stays valid until B<ssl> is removed with
+L<SSL_free(3)|SSL_free(3)> or SSL_set_quiet_shutdown() is called again.
+It is not changed when L<SSL_clear(3)|SSL_clear(3)> is called.
+B<mode> may be 0 or 1.
+
+SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ssl>.
+
+=head1 NOTES
+
+Normally when a SSL connection is finished, the parties must send out
+"close notify" alert messages using L<SSL_shutdown(3)|SSL_shutdown(3)>
+for a clean shutdown.
+
+When setting the "quiet shutdown" flag to 1, L<SSL_shutdown(3)|SSL_shutdown(3)>
+will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.
+(L<SSL_shutdown(3)|SSL_shutdown(3)> then behaves like
+L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> called with
+SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.)
+The session is thus considered to be shutdown, but no "close notify" alert
+is sent to the peer. This behaviour violates the TLS standard.
+
+The default is normal shutdown behaviour as described by the TLS standard.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_quiet_shutdown() and SSL_set_quiet_shutdown() do not return
+diagnostic information.
+
+SSL_CTX_get_quiet_shutdown() and SSL_get_quiet_shutdown return the current
+setting.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_shutdown(3)|SSL_shutdown(3)>,
+L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, L<SSL_new(3)|SSL_new(3)>,
+L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set_session_cache_mode.pod b/doc/ssl/SSL_CTX_set_session_cache_mode.pod
new file mode 100644
index 0000000000..c5d2f43dff
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_session_cache_mode.pod
@@ -0,0 +1,137 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode - enable/disable session caching
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_set_session_cache_mode(SSL_CTX ctx, long mode);
+ long SSL_CTX_get_session_cache_mode(SSL_CTX ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_session_cache_mode() enables/disables session caching
+by setting the operational mode for B<ctx> to <mode>.
+
+SSL_CTX_get_session_cache_mode() returns the currently used cache mode.
+
+=head1 NOTES
+
+The OpenSSL library can store/retrieve SSL/TLS sessions for later reuse.
+The sessions can be held in memory for each B<ctx>, if more than one
+SSL_CTX object is being maintained, the sessions are unique for each SSL_CTX
+object.
+
+In order to reuse a session, a client must send the session's id to the
+server. It can only send exactly one id.  The server then either 
+agrees to reuse the session or it starts a full handshake (to create a new
+session).
+
+A server will lookup up the session in its internal session storage. If the
+session is not found in internal storage or lookups for the internal storage
+have been deactivated (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will try
+the external storage if available.
+
+Since a client may try to reuse a session intended for use in a different
+context, the session id context must be set by the server (see
+L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>).
+
+The following session cache modes and modifiers are available:
+
+=over 4
+
+=item SSL_SESS_CACHE_OFF
+
+No session caching for client or server takes place.
+
+=item SSL_SESS_CACHE_CLIENT
+
+Client sessions are added to the session cache. As there is no reliable way
+for the OpenSSL library to know whether a session should be reused or which
+session to choose (due to the abstract BIO layer the SSL engine does not
+have details about the connection), the application must select the session
+to be reused by using the L<SSL_set_session(3)|SSL_set_session(3)>
+function. This option is not activated by default.
+
+=item SSL_SESS_CACHE_SERVER
+
+Server sessions are added to the session cache. When a client proposes a
+session to be reused, the server looks for the corresponding session in (first)
+the internal session cache (unless SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is set),
+then (second) in the external cache if available. If the session is found, the
+server will try to reuse the session.  This is the default.
+
+=item SSL_SESS_CACHE_BOTH
+
+Enable both SSL_SESS_CACHE_CLIENT and SSL_SESS_CACHE_SERVER at the same time.
+
+=item SSL_SESS_CACHE_NO_AUTO_CLEAR
+
+Normally the session cache is checked for expired sessions every
+255 connections using the
+L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> function. Since
+this may lead to a delay which cannot be controlled, the automatic
+flushing may be disabled and
+L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> can be called
+explicitly by the application.
+
+=item SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
+
+By setting this flag, session-resume operations in an SSL/TLS server will not
+automatically look up sessions in the internal cache, even if sessions are
+automatically stored there. If external session caching callbacks are in use,
+this flag guarantees that all lookups are directed to the external cache.
+As automatic lookup only applies for SSL/TLS servers, the flag has no effect on
+clients.
+
+=item SSL_SESS_CACHE_NO_INTERNAL_STORE
+
+Depending on the presence of SSL_SESS_CACHE_CLIENT and/or SSL_SESS_CACHE_SERVER,
+sessions negotiated in an SSL/TLS handshake may be cached for possible reuse.
+Normally a new session is added to the internal cache as well as any external
+session caching (callback) that is configured for the SSL_CTX. This flag will
+prevent sessions being stored in the internal cache (though the application can
+add them manually using L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>). Note:
+in any SSL/TLS servers where external caching is configured, any successful
+session lookups in the external cache (ie. for session-resume requests) would
+normally be copied into the local cache before processing continues - this flag
+prevents these additions to the internal cache as well.
+
+=item SSL_SESS_CACHE_NO_INTERNAL
+
+Enable both SSL_SESS_CACHE_NO_INTERNAL_LOOKUP and
+SSL_SESS_CACHE_NO_INTERNAL_STORE at the same time.
+
+
+=back
+
+The default mode is SSL_SESS_CACHE_SERVER.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_session_cache_mode() returns the previously set cache mode.
+
+SSL_CTX_get_session_cache_mode() returns the currently set cache mode.
+
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
+L<SSL_session_reused(3)|SSL_session_reused(3)>,
+L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
+L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
+L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
+L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
+L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
+L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
+L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
+
+=head1 HISTORY
+
+SSL_SESS_CACHE_NO_INTERNAL_STORE and SSL_SESS_CACHE_NO_INTERNAL
+were introduced in OpenSSL 0.9.6h.
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set_session_id_context.pod b/doc/ssl/SSL_CTX_set_session_id_context.pod
new file mode 100644
index 0000000000..5949395159
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_session_id_context.pod
@@ -0,0 +1,82 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_session_id_context, SSL_set_session_id_context - set context within which session can be reused (server side only)
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
+                                    unsigned int sid_ctx_len);
+ int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
+                                unsigned int sid_ctx_len);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_session_id_context() sets the context B<sid_ctx> of length
+B<sid_ctx_len> within which a session can be reused for the B<ctx> object.
+
+SSL_set_session_id_context() sets the context B<sid_ctx> of length
+B<sid_ctx_len> within which a session can be reused for the B<ssl> object.
+
+=head1 NOTES
+
+Sessions are generated within a certain context. When exporting/importing
+sessions with B<i2d_SSL_SESSION>/B<d2i_SSL_SESSION> it would be possible,
+to re-import a session generated from another context (e.g. another
+application), which might lead to malfunctions. Therefore each application
+must set its own session id context B<sid_ctx> which is used to distinguish
+the contexts and is stored in exported sessions. The B<sid_ctx> can be
+any kind of binary data with a given length, it is therefore possible
+to use e.g. the name of the application and/or the hostname and/or service
+name ...
+
+The session id context becomes part of the session. The session id context
+is set by the SSL/TLS server. The SSL_CTX_set_session_id_context() and
+SSL_set_session_id_context() functions are therefore only useful on the
+server side.
+
+OpenSSL clients will check the session id context returned by the server
+when reusing a session.
+
+The maximum length of the B<sid_ctx> is limited to
+B<SSL_MAX_SSL_SESSION_ID_LENGTH>.
+
+=head1 WARNINGS
+
+If the session id context is not set on an SSL/TLS server, stored sessions
+will not be reused but a fatal error will be flagged and the handshake
+will fail.
+
+If a server returns a different session id context to an OpenSSL client
+when reusing a session, an error will be flagged and the handshake will
+fail. OpenSSL servers will always return the correct session id context,
+as an OpenSSL server checks the session id context itself before reusing
+a session as described above.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_session_id_context() and SSL_set_session_id_context()
+return the following values:
+
+=over 4
+
+=item 0
+
+The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
+the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
+is logged to the error stack.
+
+=item 1
+
+The operation succeeded.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set_ssl_version.pod b/doc/ssl/SSL_CTX_set_ssl_version.pod
new file mode 100644
index 0000000000..0020180965
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_ssl_version.pod
@@ -0,0 +1,61 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method
+- choose a new TLS/SSL method
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, SSL_METHOD *method);
+ int SSL_set_ssl_method(SSL *s, SSL_METHOD *method);
+ SSL_METHOD *SSL_get_ssl_method(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_ssl_version() sets a new default TLS/SSL B<method> for SSL objects
+newly created from this B<ctx>. SSL objects already created with
+L<SSL_new(3)|SSL_new(3)> are not affected, except when
+L<SSL_clear(3)|SSL_clear(3)> is being called.
+
+SSL_set_ssl_method() sets a new TLS/SSL B<method> for a particular B<ssl>
+object. It may be reset, when SSL_clear() is called.
+
+SSL_get_ssl_method() returns a function pointer to the TLS/SSL method
+set in B<ssl>.
+
+=head1 NOTES
+
+The available B<method> choices are described in
+L<SSL_CTX_new(3)|SSL_CTX_new(3)>.
+
+When L<SSL_clear(3)|SSL_clear(3)> is called and no session is connected to
+an SSL object, the method of the SSL object is reset to the method currently
+set in the corresponding SSL_CTX object.
+
+=head1 RETURN VALUES
+
+The following return values can occur for SSL_CTX_set_ssl_version()
+and SSL_set_ssl_method():
+
+=over 4
+
+=item 0
+
+The new choice failed, check the error stack to find out the reason.
+
+=item 1
+
+The operation succeeded.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<SSL_new(3)|SSL_new(3)>,
+L<SSL_clear(3)|SSL_clear(3)>, L<ssl(3)|ssl(3)>,
+L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set_timeout.pod b/doc/ssl/SSL_CTX_set_timeout.pod
new file mode 100644
index 0000000000..e3de27c473
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_timeout.pod
@@ -0,0 +1,59 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_timeout, SSL_CTX_get_timeout - manipulate timeout values for session caching
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
+ long SSL_CTX_get_timeout(SSL_CTX *ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_timeout() sets the timeout for newly created sessions for
+B<ctx> to B<t>. The timeout value B<t> must be given in seconds.
+
+SSL_CTX_get_timeout() returns the currently set timeout value for B<ctx>.
+
+=head1 NOTES
+
+Whenever a new session is created, it is assigned a maximum lifetime. This
+lifetime is specified by storing the creation time of the session and the
+timeout value valid at this time. If the actual time is later than creation
+time plus timeout, the session is not reused.
+
+Due to this realization, all sessions behave according to the timeout value
+valid at the time of the session negotiation. Changes of the timeout value
+do not affect already established sessions.
+
+The expiration time of a single session can be modified using the
+L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)> family of functions.
+
+Expired sessions are removed from the internal session cache, whenever
+L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> is called, either
+directly by the application or automatically (see
+L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>)
+
+The default value for session timeout is decided on a per protocol
+basis, see L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>.
+All currently supported protocols have the same default timeout value
+of 300 seconds.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_timeout() returns the previously set timeout value.
+
+SSL_CTX_get_timeout() returns the currently set timeout value.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>,
+L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
+L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
+L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod b/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
new file mode 100644
index 0000000000..29d1f8a6fb
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
@@ -0,0 +1,170 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh - handle DH keys for ephemeral key exchange
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+            DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
+ long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
+
+ void SSL_set_tmp_dh_callback(SSL_CTX *ctx,
+            DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
+ long SSL_set_tmp_dh(SSL *ssl, DH *dh)
+
+ DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_tmp_dh_callback() sets the callback function for B<ctx> to be
+used when a DH parameters are required to B<tmp_dh_callback>.
+The callback is inherited by all B<ssl> objects created from B<ctx>.
+
+SSL_CTX_set_tmp_dh() sets DH parameters to be used to be B<dh>.
+The key is inherited by all B<ssl> objects created from B<ctx>.
+
+SSL_set_tmp_dh_callback() sets the callback only for B<ssl>.
+
+SSL_set_tmp_dh() sets the parameters only for B<ssl>.
+
+These functions apply to SSL/TLS servers only.
+
+=head1 NOTES
+
+When using a cipher with RSA authentication, an ephemeral DH key exchange
+can take place. Ciphers with DSA keys always use ephemeral DH keys as well.
+In these cases, the session data are negotiated using the
+ephemeral/temporary DH key and the key supplied and certified
+by the certificate chain is only used for signing.
+Anonymous ciphers (without a permanent server key) also use ephemeral DH keys.
+
+Using ephemeral DH key exchange yields forward secrecy, as the connection
+can only be decrypted, when the DH key is known. By generating a temporary
+DH key inside the server application that is lost when the application
+is left, it becomes impossible for an attacker to decrypt past sessions,
+even if he gets hold of the normal (certified) key, as this key was
+only used for signing.
+
+In order to perform a DH key exchange the server must use a DH group
+(DH parameters) and generate a DH key. The server will always generate a new
+DH key during the negotiation, when the DH parameters are supplied via
+callback and/or when the SSL_OP_SINGLE_DH_USE option of
+L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)> is set. It will
+immediately create a DH key, when DH parameters are supplied via
+SSL_CTX_set_tmp_dh() and SSL_OP_SINGLE_DH_USE is not set. In this case,
+it may happen that a key is generated on initialization without later
+being needed, while on the other hand the computer time during the
+negotiation is being saved.
+
+If "strong" primes were used to generate the DH parameters, it is not strictly
+necessary to generate a new key for each handshake but it does improve forward
+secrecy. If it is not assured, that "strong" primes were used (see especially
+the section about DSA parameters below), SSL_OP_SINGLE_DH_USE must be used
+in order to prevent small subgroup attacks. Always using SSL_OP_SINGLE_DH_USE
+has an impact on the computer time needed during negotiation, but it is not
+very large, so application authors/users should consider to always enable
+this option.
+
+As generating DH parameters is extremely time consuming, an application
+should not generate the parameters on the fly but supply the parameters.
+DH parameters can be reused, as the actual key is newly generated during
+the negotiation. The risk in reusing DH parameters is that an attacker
+may specialize on a very often used DH group. Applications should therefore
+generate their own DH parameters during the installation process using the
+openssl L<dhparam(1)|dhparam(1)> application. In order to reduce the computer
+time needed for this generation, it is possible to use DSA parameters
+instead (see L<dhparam(1)|dhparam(1)>), but in this case SSL_OP_SINGLE_DH_USE
+is mandatory.
+
+Application authors may compile in DH parameters. Files dh512.pem,
+dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current
+version of the OpenSSL distribution contain the 'SKIP' DH parameters,
+which use safe primes and were generated verifiably pseudo-randomly.
+These files can be converted into C code using the B<-C> option of the
+L<dhparam(1)|dhparam(1)> application.
+Authors may also generate their own set of parameters using
+L<dhparam(1)|dhparam(1)>, but a user may not be sure how the parameters were
+generated. The generation of DH parameters during installation is therefore
+recommended.
+
+An application may either directly specify the DH parameters or
+can supply the DH parameters via a callback function. The callback approach
+has the advantage, that the callback may supply DH parameters for different
+key lengths.
+
+The B<tmp_dh_callback> is called with the B<keylength> needed and
+the B<is_export> information. The B<is_export> flag is set, when the
+ephemeral DH key exchange is performed with an export cipher.
+
+=head1 EXAMPLES
+
+Handle DH parameters for key lengths of 512 and 1024 bits. (Error handling
+partly left out.)
+
+ ...
+ /* Set up ephemeral DH stuff */
+ DH *dh_512 = NULL;
+ DH *dh_1024 = NULL;
+ FILE *paramfile;
+
+ ...
+ /* "openssl dhparam -out dh_param_512.pem -2 512" */
+ paramfile = fopen("dh_param_512.pem", "r");
+ if (paramfile) {
+   dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
+   fclose(paramfile);
+ }
+ /* "openssl dhparam -out dh_param_1024.pem -2 1024" */
+ paramfile = fopen("dh_param_1024.pem", "r");
+ if (paramfile) {
+   dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
+   fclose(paramfile);
+ }
+ ...
+
+ /* "openssl dhparam -C -2 512" etc... */
+ DH *get_dh512() { ... }
+ DH *get_dh1024() { ... }
+
+ DH *tmp_dh_callback(SSL *s, int is_export, int keylength)
+ {
+    DH *dh_tmp=NULL;
+
+    switch (keylength) {
+    case 512:
+      if (!dh_512)
+        dh_512 = get_dh512();
+      dh_tmp = dh_512;
+      break;
+    case 1024:
+      if (!dh_1024) 
+        dh_1024 = get_dh1024();
+      dh_tmp = dh_1024;
+      break;
+    default:
+      /* Generating a key on the fly is very costly, so use what is there */
+      setup_dh_parameters_like_above();
+    }
+    return(dh_tmp);
+ }
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_tmp_dh_callback() and SSL_set_tmp_dh_callback() do not return
+diagnostic output.
+
+SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() do return 1 on success and 0
+on failure. Check the error queue to find out the reason of failure.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
+L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
+L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
+L<ciphers(1)|ciphers(1)>, L<dhparam(1)|dhparam(1)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod b/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
new file mode 100644
index 0000000000..f85775927d
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
@@ -0,0 +1,166 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa - handle RSA keys for ephemeral key exchange
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
+            RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
+ long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa);
+ long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx);
+
+ void SSL_set_tmp_rsa_callback(SSL_CTX *ctx,
+            RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
+ long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa)
+ long SSL_need_tmp_rsa(SSL *ssl)
+
+ RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_tmp_rsa_callback() sets the callback function for B<ctx> to be
+used when a temporary/ephemeral RSA key is required to B<tmp_rsa_callback>.
+The callback is inherited by all SSL objects newly created from B<ctx>
+with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected.
+
+SSL_CTX_set_tmp_rsa() sets the temporary/ephemeral RSA key to be used to be
+B<rsa>. The key is inherited by all SSL objects newly created from B<ctx>
+with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected.
+
+SSL_CTX_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed
+for RSA-based strength-limited 'exportable' ciphersuites because a RSA key
+with a keysize larger than 512 bits is installed.
+
+SSL_set_tmp_rsa_callback() sets the callback only for B<ssl>.
+
+SSL_set_tmp_rsa() sets the key only for B<ssl>.
+
+SSL_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed,
+for RSA-based strength-limited 'exportable' ciphersuites because a RSA key
+with a keysize larger than 512 bits is installed.
+
+These functions apply to SSL/TLS servers only.
+
+=head1 NOTES
+
+When using a cipher with RSA authentication, an ephemeral RSA key exchange
+can take place. In this case the session data are negotiated using the
+ephemeral/temporary RSA key and the RSA key supplied and certified
+by the certificate chain is only used for signing.
+
+Under previous export restrictions, ciphers with RSA keys shorter (512 bits)
+than the usual key length of 1024 bits were created. To use these ciphers
+with RSA keys of usual length, an ephemeral key exchange must be performed,
+as the normal (certified) key cannot be directly used.
+
+Using ephemeral RSA key exchange yields forward secrecy, as the connection
+can only be decrypted, when the RSA key is known. By generating a temporary
+RSA key inside the server application that is lost when the application
+is left, it becomes impossible for an attacker to decrypt past sessions,
+even if he gets hold of the normal (certified) RSA key, as this key was
+used for signing only. The downside is that creating a RSA key is
+computationally expensive.
+
+Additionally, the use of ephemeral RSA key exchange is only allowed in
+the TLS standard, when the RSA key can be used for signing only, that is
+for export ciphers. Using ephemeral RSA key exchange for other purposes
+violates the standard and can break interoperability with clients.
+It is therefore strongly recommended to not use ephemeral RSA key
+exchange and use EDH (Ephemeral Diffie-Hellman) key exchange instead
+in order to achieve forward secrecy (see
+L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
+
+On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default
+and must be explicitly enabled  using the SSL_OP_EPHEMERAL_RSA option of
+L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, violating the TLS/SSL
+standard. When ephemeral RSA key exchange is required for export ciphers,
+it will automatically be used without this option!
+
+An application may either directly specify the key or can supply the key via
+a callback function. The callback approach has the advantage, that the
+callback may generate the key only in case it is actually needed. As the
+generation of a RSA key is however costly, it will lead to a significant
+delay in the handshake procedure.  Another advantage of the callback function
+is that it can supply keys of different size (e.g. for SSL_OP_EPHEMERAL_RSA
+usage) while the explicit setting of the key is only useful for key size of
+512 bits to satisfy the export restricted ciphers and does give away key length
+if a longer key would be allowed.
+
+The B<tmp_rsa_callback> is called with the B<keylength> needed and
+the B<is_export> information. The B<is_export> flag is set, when the
+ephemeral RSA key exchange is performed with an export cipher.
+
+=head1 EXAMPLES
+
+Generate temporary RSA keys to prepare ephemeral RSA key exchange. As the
+generation of a RSA key costs a lot of computer time, they saved for later
+reuse. For demonstration purposes, two keys for 512 bits and 1024 bits
+respectively are generated.
+
+ ...
+ /* Set up ephemeral RSA stuff */
+ RSA *rsa_512 = NULL;
+ RSA *rsa_1024 = NULL;
+
+ rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL);
+ if (rsa_512 == NULL)
+     evaluate_error_queue();
+
+ rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL);
+ if (rsa_1024 == NULL)
+   evaluate_error_queue();
+
+ ...
+
+ RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength)
+ {
+    RSA *rsa_tmp=NULL;
+
+    switch (keylength) {
+    case 512:
+      if (rsa_512)
+        rsa_tmp = rsa_512;
+      else { /* generate on the fly, should not happen in this example */
+        rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL);
+        rsa_512 = rsa_tmp; /* Remember for later reuse */
+      }
+      break;
+    case 1024:
+      if (rsa_1024)
+        rsa_tmp=rsa_1024;
+      else
+        should_not_happen_in_this_example();
+      break;
+    default:
+      /* Generating a key on the fly is very costly, so use what is there */
+      if (rsa_1024)
+        rsa_tmp=rsa_1024;
+      else
+        rsa_tmp=rsa_512; /* Use at least a shorter key */
+    }
+    return(rsa_tmp);
+ }
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_tmp_rsa_callback() and SSL_set_tmp_rsa_callback() do not return
+diagnostic output.
+
+SSL_CTX_set_tmp_rsa() and SSL_set_tmp_rsa() do return 1 on success and 0
+on failure. Check the error queue to find out the reason of failure.
+
+SSL_CTX_need_tmp_rsa() and SSL_need_tmp_rsa() return 1 if a temporary
+RSA key is needed and 0 otherwise.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
+L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
+L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
+L<SSL_new(3)|SSL_new(3)>, L<ciphers(1)|ciphers(1)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_set_verify.pod b/doc/ssl/SSL_CTX_set_verify.pod
new file mode 100644
index 0000000000..d15b2a3a1a
--- /dev/null
+++ b/doc/ssl/SSL_CTX_set_verify.pod
@@ -0,0 +1,294 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth - set peer certificate verification parameters
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
+                         int (*verify_callback)(int, X509_STORE_CTX *));
+ void SSL_set_verify(SSL *s, int mode,
+                     int (*verify_callback)(int, X509_STORE_CTX *));
+ void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
+ void SSL_set_verify_depth(SSL *s, int depth);
+
+ int verify_callback(int preverify_ok, X509_STORE_CTX *x509_ctx);
+
+=head1 DESCRIPTION
+
+SSL_CTX_set_verify() sets the verification flags for B<ctx> to be B<mode> and
+specifies the B<verify_callback> function to be used. If no callback function
+shall be specified, the NULL pointer can be used for B<verify_callback>.
+
+SSL_set_verify() sets the verification flags for B<ssl> to be B<mode> and
+specifies the B<verify_callback> function to be used. If no callback function
+shall be specified, the NULL pointer can be used for B<verify_callback>. In
+this case last B<verify_callback> set specifically for this B<ssl> remains. If
+no special B<callback> was set before, the default callback for the underlying
+B<ctx> is used, that was valid at the the time B<ssl> was created with
+L<SSL_new(3)|SSL_new(3)>.
+
+SSL_CTX_set_verify_depth() sets the maximum B<depth> for the certificate chain
+verification that shall be allowed for B<ctx>. (See the BUGS section.)
+
+SSL_set_verify_depth() sets the maximum B<depth> for the certificate chain
+verification that shall be allowed for B<ssl>. (See the BUGS section.)
+
+=head1 NOTES
+
+The verification of certificates can be controlled by a set of logically
+or'ed B<mode> flags:
+
+=over 4
+
+=item SSL_VERIFY_NONE
+
+B<Server mode:> the server will not send a client certificate request to the
+client, so the client will not send a certificate.
+
+B<Client mode:> if not using an anonymous cipher (by default disabled), the
+server will send a certificate which will be checked. The result of the
+certificate verification process can be checked after the TLS/SSL handshake
+using the L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> function.
+The handshake will be continued regardless of the verification result.
+
+=item SSL_VERIFY_PEER
+
+B<Server mode:> the server sends a client certificate request to the client.
+The certificate returned (if any) is checked. If the verification process
+fails, the TLS/SSL handshake is
+immediately terminated with an alert message containing the reason for
+the verification failure.
+The behaviour can be controlled by the additional
+SSL_VERIFY_FAIL_IF_NO_PEER_CERT and SSL_VERIFY_CLIENT_ONCE flags.
+
+B<Client mode:> the server certificate is verified. If the verification process
+fails, the TLS/SSL handshake is
+immediately terminated with an alert message containing the reason for
+the verification failure. If no server certificate is sent, because an
+anonymous cipher is used, SSL_VERIFY_PEER is ignored.
+
+=item SSL_VERIFY_FAIL_IF_NO_PEER_CERT
+
+B<Server mode:> if the client did not return a certificate, the TLS/SSL
+handshake is immediately terminated with a "handshake failure" alert.
+This flag must be used together with SSL_VERIFY_PEER.
+
+B<Client mode:> ignored
+
+=item SSL_VERIFY_CLIENT_ONCE
+
+B<Server mode:> only request a client certificate on the initial TLS/SSL
+handshake. Do not ask for a client certificate again in case of a
+renegotiation. This flag must be used together with SSL_VERIFY_PEER.
+
+B<Client mode:> ignored
+
+=back
+
+Exactly one of the B<mode> flags SSL_VERIFY_NONE and SSL_VERIFY_PEER must be
+set at any time.
+
+The actual verification procedure is performed either using the built-in
+verification procedure or using another application provided verification
+function set with
+L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>.
+The following descriptions apply in the case of the built-in procedure. An
+application provided procedure also has access to the verify depth information
+and the verify_callback() function, but the way this information is used
+may be different.
+
+SSL_CTX_set_verify_depth() and SSL_set_verify_depth() set the limit up
+to which depth certificates in a chain are used during the verification
+procedure. If the certificate chain is longer than allowed, the certificates
+above the limit are ignored. Error messages are generated as if these
+certificates would not be present, most likely a
+X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY will be issued.
+The depth count is "level 0:peer certificate", "level 1: CA certificate",
+"level 2: higher level CA certificate", and so on. Setting the maximum
+depth to 2 allows the levels 0, 1, and 2. The default depth limit is 9,
+allowing for the peer certificate and additional 9 CA certificates.
+
+The B<verify_callback> function is used to control the behaviour when the
+SSL_VERIFY_PEER flag is set. It must be supplied by the application and
+receives two arguments: B<preverify_ok> indicates, whether the verification of
+the certificate in question was passed (preverify_ok=1) or not
+(preverify_ok=0). B<x509_ctx> is a pointer to the complete context used
+for the certificate chain verification.
+
+The certificate chain is checked starting with the deepest nesting level
+(the root CA certificate) and worked upward to the peer's certificate.
+At each level signatures and issuer attributes are checked. Whenever
+a verification error is found, the error number is stored in B<x509_ctx>
+and B<verify_callback> is called with B<preverify_ok>=0. By applying
+X509_CTX_store_* functions B<verify_callback> can locate the certificate
+in question and perform additional steps (see EXAMPLES). If no error is
+found for a certificate, B<verify_callback> is called with B<preverify_ok>=1
+before advancing to the next level.
+
+The return value of B<verify_callback> controls the strategy of the further
+verification process. If B<verify_callback> returns 0, the verification
+process is immediately stopped with "verification failed" state. If
+SSL_VERIFY_PEER is set, a verification failure alert is sent to the peer and
+the TLS/SSL handshake is terminated. If B<verify_callback> returns 1,
+the verification process is continued. If B<verify_callback> always returns
+1, the TLS/SSL handshake will never be terminated because of this application
+experiencing a verification failure. The calling process can however
+retrieve the error code of the last verification error using
+L<SSL_get_verify_result(3)|SSL_get_verify_result(3)> or by maintaining its
+own error storage managed by B<verify_callback>.
+
+If no B<verify_callback> is specified, the default callback will be used.
+Its return value is identical to B<preverify_ok>, so that any verification
+failure will lead to a termination of the TLS/SSL handshake with an
+alert message, if SSL_VERIFY_PEER is set.
+
+=head1 BUGS
+
+In client mode, it is not checked whether the SSL_VERIFY_PEER flag
+is set, but whether SSL_VERIFY_NONE is not set. This can lead to
+unexpected behaviour, if the SSL_VERIFY_PEER and SSL_VERIFY_NONE are not
+used as required (exactly one must be set at any time).
+
+The certificate verification depth set with SSL[_CTX]_verify_depth()
+stops the verification at a certain depth. The error message produced
+will be that of an incomplete certificate chain and not
+X509_V_ERR_CERT_CHAIN_TOO_LONG as may be expected.
+
+=head1 RETURN VALUES
+
+The SSL*_set_verify*() functions do not provide diagnostic information.
+
+=head1 EXAMPLES
+
+The following code sequence realizes an example B<verify_callback> function
+that will always continue the TLS/SSL handshake regardless of verification
+failure, if wished. The callback realizes a verification depth limit with
+more informational output.
+
+All verification errors are printed, informations about the certificate chain
+are printed on request.
+The example is realized for a server that does allow but not require client
+certificates.
+
+The example makes use of the ex_data technique to store application data
+into/retrieve application data from the SSL structure
+(see L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>,
+L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>).
+
+ ...
+ typedef struct {
+   int verbose_mode;
+   int verify_depth;
+   int always_continue;
+ } mydata_t;
+ int mydata_index;
+ ...
+ static int verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
+ {
+    char    buf[256];
+    X509   *err_cert;
+    int     err, depth;
+    SSL    *ssl;
+    mydata_t *mydata;
+
+    err_cert = X509_STORE_CTX_get_current_cert(ctx);
+    err = X509_STORE_CTX_get_error(ctx);
+    depth = X509_STORE_CTX_get_error_depth(ctx);
+
+    /*
+     * Retrieve the pointer to the SSL of the connection currently treated
+     * and the application specific data stored into the SSL object.
+     */
+    ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
+    mydata = SSL_get_ex_data(ssl, mydata_index);
+
+    X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
+
+    /*
+     * Catch a too long certificate chain. The depth limit set using
+     * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so
+     * that whenever the "depth>verify_depth" condition is met, we
+     * have violated the limit and want to log this error condition.
+     * We must do it here, because the CHAIN_TOO_LONG error would not
+     * be found explicitly; only errors introduced by cutting off the
+     * additional certificates would be logged.
+     */
+    if (depth > mydata->verify_depth) {
+        preverify_ok = 0;
+        err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
+        X509_STORE_CTX_set_error(ctx, err);
+    } 
+    if (!preverify_ok) {
+        printf("verify error:num=%d:%s:depth=%d:%s\n", err,
+                 X509_verify_cert_error_string(err), depth, buf);
+    }
+    else if (mydata->verbose_mode)
+    {
+        printf("depth=%d:%s\n", depth, buf);
+    }
+
+    /*
+     * At this point, err contains the last verification error. We can use
+     * it for something special
+     */
+    if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))
+    {
+      X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
+      printf("issuer= %s\n", buf);
+    }
+
+    if (mydata->always_continue)
+      return 1;
+    else
+      return preverify_ok;
+ }
+ ...
+
+ mydata_t mydata;
+
+ ...
+ mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL);
+
+ ...
+ SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
+                    verify_callback);
+
+ /*
+  * Let the verify_callback catch the verify_depth error so that we get
+  * an appropriate error in the logfile.
+  */
+ SSL_CTX_set_verify_depth(verify_depth + 1);
+
+ /*
+  * Set up the SSL specific data into "mydata" and store it into th SSL
+  * structure.
+  */
+ mydata.verify_depth = verify_depth; ...
+ SSL_set_ex_data(ssl, mydata_index, &mydata);
+					     
+ ...
+ SSL_accept(ssl);	/* check of success left out for clarity */
+ if (peer = SSL_get_peer_certificate(ssl))
+ {
+   if (SSL_get_verify_result(ssl) == X509_V_OK)
+   {
+     /* The client sent a certificate which verified OK */
+   }
+ }
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>,
+L<SSL_CTX_get_verify_mode(3)|SSL_CTX_get_verify_mode(3)>,
+L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
+L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>,
+L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>,
+L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>,
+L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>,
+L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>
+
+=cut
diff --git a/doc/ssl/SSL_CTX_use_certificate.pod b/doc/ssl/SSL_CTX_use_certificate.pod
new file mode 100644
index 0000000000..b8868f18bf
--- /dev/null
+++ b/doc/ssl/SSL_CTX_use_certificate.pod
@@ -0,0 +1,155 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key - load certificate and key data
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
+ int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
+ int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
+ int SSL_use_certificate(SSL *ssl, X509 *x);
+ int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
+ int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
+
+ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
+
+ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
+ int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d,
+				 long len);
+ int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+ int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
+ int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
+ int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
+ int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+ int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
+ int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+
+ int SSL_CTX_check_private_key(SSL_CTX *ctx);
+ int SSL_check_private_key(SSL *ssl);
+
+=head1 DESCRIPTION
+
+These functions load the certificates and private keys into the SSL_CTX
+or SSL object, respectively.
+
+The SSL_CTX_* class of functions loads the certificates and keys into the
+SSL_CTX object B<ctx>. The information is passed to SSL objects B<ssl>
+created from B<ctx> with L<SSL_new(3)|SSL_new(3)> by copying, so that
+changes applied to B<ctx> do not propagate to already existing SSL objects.
+
+The SSL_* class of functions only loads certificates and keys into a
+specific SSL object. The specific information is kept, when
+L<SSL_clear(3)|SSL_clear(3)> is called for this SSL object.
+
+SSL_CTX_use_certificate() loads the certificate B<x> into B<ctx>,
+SSL_use_certificate() loads B<x> into B<ssl>. The rest of the
+certificates needed to form the complete certificate chain can be
+specified using the
+L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
+function.
+
+SSL_CTX_use_certificate_ASN1() loads the ASN1 encoded certificate from
+the memory location B<d> (with length B<len>) into B<ctx>,
+SSL_use_certificate_ASN1() loads the ASN1 encoded certificate into B<ssl>.
+
+SSL_CTX_use_certificate_file() loads the first certificate stored in B<file>
+into B<ctx>. The formatting B<type> of the certificate must be specified
+from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.
+SSL_use_certificate_file() loads the certificate from B<file> into B<ssl>.
+See the NOTES section on why SSL_CTX_use_certificate_chain_file()
+should be preferred.
+
+SSL_CTX_use_certificate_chain_file() loads a certificate chain from 
+B<file> into B<ctx>. The certificates must be in PEM format and must
+be sorted starting with the certificate to the highest level (root CA).
+There is no corresponding function working on a single SSL object.
+
+SSL_CTX_use_PrivateKey() adds B<pkey> as private key to B<ctx>.
+SSL_CTX_use_RSAPrivateKey() adds the private key B<rsa> of type RSA
+to B<ctx>. SSL_use_PrivateKey() adds B<pkey> as private key to B<ssl>;
+SSL_use_RSAPrivateKey() adds B<rsa> as private key of type RSA to B<ssl>.
+
+SSL_CTX_use_PrivateKey_ASN1() adds the private key of type B<pk>
+stored at memory location B<d> (length B<len>) to B<ctx>.
+SSL_CTX_use_RSAPrivateKey_ASN1() adds the private key of type RSA
+stored at memory location B<d> (length B<len>) to B<ctx>.
+SSL_use_PrivateKey_ASN1() and SSL_use_RSAPrivateKey_ASN1() add the private
+key to B<ssl>.
+
+SSL_CTX_use_PrivateKey_file() adds the first private key found in
+B<file> to B<ctx>. The formatting B<type> of the certificate must be specified
+from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.
+SSL_CTX_use_RSAPrivateKey_file() adds the first private RSA key found in
+B<file> to B<ctx>. SSL_use_PrivateKey_file() adds the first private key found
+in B<file> to B<ssl>; SSL_use_RSAPrivateKey_file() adds the first private
+RSA key found to B<ssl>.
+
+SSL_CTX_check_private_key() checks the consistency of a private key with
+the corresponding certificate loaded into B<ctx>. If more than one
+key/certificate pair (RSA/DSA) is installed, the last item installed will
+be checked. If e.g. the last item was a RSA certificate or key, the RSA
+key/certificate pair will be checked. SSL_check_private_key() performs
+the same check for B<ssl>. If no key/certificate was explicitly added for
+this B<ssl>, the last item added into B<ctx> will be checked.
+
+=head1 NOTES
+  
+The internal certificate store of OpenSSL can hold two private key/certificate
+pairs at a time: one key/certificate of type RSA and one key/certificate
+of type DSA. The certificate used depends on the cipher select, see
+also L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>.
+
+When reading certificates and private keys from file, files of type
+SSL_FILETYPE_ASN1 (also known as B<DER>, binary encoding) can only contain
+one certificate or private key, consequently 
+SSL_CTX_use_certificate_chain_file() is only applicable to PEM formatting.
+Files of type SSL_FILETYPE_PEM can contain more than one item.
+
+SSL_CTX_use_certificate_chain_file() adds the first certificate found
+in the file to the certificate store. The other certificates are added
+to the store of chain certificates using
+L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>.
+There exists only one extra chain store, so that the same chain is appended
+to both types of certificates, RSA and DSA! If it is not intended to use
+both type of certificate at the same time, it is recommended to use the
+SSL_CTX_use_certificate_chain_file() instead of the
+SSL_CTX_use_certificate_file() function in order to allow the use of
+complete certificate chains even when no trusted CA storage is used or
+when the CA issuing the certificate shall not be added to the trusted
+CA storage.
+
+If additional certificates are needed to complete the chain during the
+TLS negotiation, CA certificates are additionally looked up in the
+locations of trusted CA certificates, see
+L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.
+
+The private keys loaded from file can be encrypted. In order to successfully
+load encrypted keys, a function returning the passphrase must have been
+supplied, see
+L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>.
+(Certificate files might be encrypted as well from the technical point
+of view, it however does not make sense as the data in the certificate
+is considered public anyway.)
+
+=head1 RETURN VALUES
+
+On success, the functions return 1.
+Otherwise check out the error stack to find out the reason.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
+L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>,
+L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>,
+L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
+L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>,
+L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
+
+=cut
diff --git a/doc/ssl/SSL_SESSION_free.pod b/doc/ssl/SSL_SESSION_free.pod
new file mode 100644
index 0000000000..558de01df9
--- /dev/null
+++ b/doc/ssl/SSL_SESSION_free.pod
@@ -0,0 +1,55 @@
+=pod
+
+=head1 NAME
+
+SSL_SESSION_free - free an allocated SSL_SESSION structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_SESSION_free(SSL_SESSION *session);
+
+=head1 DESCRIPTION
+
+SSL_SESSION_free() decrements the reference count of B<session> and removes
+the B<SSL_SESSION> structure pointed to by B<session> and frees up the allocated
+memory, if the the reference count has reached 0.
+
+=head1 NOTES
+
+SSL_SESSION objects are allocated, when a TLS/SSL handshake operation
+is successfully completed. Depending on the settings, see
+L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+the SSL_SESSION objects are internally referenced by the SSL_CTX and
+linked into its session cache. SSL objects may be using the SSL_SESSION object;
+as a session may be reused, several SSL objects may be using one SSL_SESSION
+object at the same time. It is therefore crucial to keep the reference
+count (usage information) correct and not delete a SSL_SESSION object
+that is still used, as this may lead to program failures due to
+dangling pointers. These failures may also appear delayed, e.g.
+when an SSL_SESSION object was completely freed as the reference count
+incorrectly became 0, but it is still referenced in the internal
+session cache and the cache list is processed during a
+L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> operation.
+
+SSL_SESSION_free() must only be called for SSL_SESSION objects, for
+which the reference count was explicitly incremented (e.g.
+by calling SSL_get1_session(), see L<SSL_get_session(3)|SSL_get_session(3)>)
+or when the SSL_SESSION object was generated outside a TLS handshake
+operation, e.g. by using L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>.
+It must not be called on other SSL_SESSION objects, as this would cause
+incorrect reference counts and therefore program failures.
+
+=head1 RETURN VALUES
+
+SSL_SESSION_free() does not provide diagnostic information.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_get_session(3)|SSL_get_session(3)>,
+L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
+ L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>
+
+=cut
diff --git a/doc/ssl/SSL_SESSION_get_ex_new_index.pod b/doc/ssl/SSL_SESSION_get_ex_new_index.pod
new file mode 100644
index 0000000000..da0bcf1590
--- /dev/null
+++ b/doc/ssl/SSL_SESSION_get_ex_new_index.pod
@@ -0,0 +1,61 @@
+=pod
+
+=head1 NAME
+
+SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data - internal application specific data functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_SESSION_get_ex_new_index(long argl, void *argp,
+                CRYPTO_EX_new *new_func,
+                CRYPTO_EX_dup *dup_func,
+                CRYPTO_EX_free *free_func);
+
+ int SSL_SESSION_set_ex_data(SSL_SESSION *session, int idx, void *arg);
+
+ void *SSL_SESSION_get_ex_data(SSL_SESSION *session, int idx);
+
+ typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                int idx, long argl, void *argp);
+ typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                int idx, long argl, void *argp);
+ typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
+                int idx, long argl, void *argp);
+
+=head1 DESCRIPTION
+
+Several OpenSSL structures can have application specific data attached to them.
+These functions are used internally by OpenSSL to manipulate application
+specific data attached to a specific structure.
+
+SSL_SESSION_get_ex_new_index() is used to register a new index for application
+specific data.
+
+SSL_SESSION_set_ex_data() is used to store application data at B<arg> for B<idx>
+into the B<session> object.
+
+SSL_SESSION_get_ex_data() is used to retrieve the information for B<idx> from
+B<session>.
+
+A detailed description for the B<*_get_ex_new_index()> functionality
+can be found in L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>.
+The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
+L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
+
+=head1 WARNINGS
+
+The application data is only maintained for sessions held in memory. The
+application data is not included when dumping the session with
+i2d_SSL_SESSION() (and all functions indirectly calling the dump functions
+like PEM_write_SSL_SESSION() and PEM_write_bio_SSL_SESSION()) and can
+therefore not be restored.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>,
+L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
+L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
+
+=cut
diff --git a/doc/ssl/SSL_SESSION_get_time.pod b/doc/ssl/SSL_SESSION_get_time.pod
new file mode 100644
index 0000000000..ea3c2bcfe6
--- /dev/null
+++ b/doc/ssl/SSL_SESSION_get_time.pod
@@ -0,0 +1,64 @@
+=pod
+
+=head1 NAME
+
+SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_get_timeout - retrieve and manipulate session time and timeout settings
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_SESSION_get_time(SSL_SESSION *s);
+ long SSL_SESSION_set_time(SSL_SESSION *s, long tm);
+ long SSL_SESSION_get_timeout(SSL_SESSION *s);
+ long SSL_SESSION_set_timeout(SSL_SESSION *s, long tm);
+
+ long SSL_get_time(SSL_SESSION *s);
+ long SSL_set_time(SSL_SESSION *s, long tm);
+ long SSL_get_timeout(SSL_SESSION *s);
+ long SSL_set_timeout(SSL_SESSION *s, long tm);
+
+=head1 DESCRIPTION
+
+SSL_SESSION_get_time() returns the time at which the session B<s> was
+established. The time is given in seconds since the Epoch and therefore
+compatible to the time delivered by the time() call.
+
+SSL_SESSION_set_time() replaces the creation time of the session B<s> with
+the chosen value B<tm>.
+
+SSL_SESSION_get_timeout() returns the timeout value set for session B<s>
+in seconds.
+
+SSL_SESSION_set_timeout() sets the timeout value for session B<s> in seconds
+to B<tm>.
+
+The SSL_get_time(), SSL_set_time(), SSL_get_timeout(), and SSL_set_timeout()
+functions are synonyms for the SSL_SESSION_*() counterparts.
+
+=head1 NOTES
+
+Sessions are expired by examining the creation time and the timeout value.
+Both are set at creation time of the session to the actual time and the
+default timeout value at creation, respectively, as set by
+L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>.
+Using these functions it is possible to extend or shorten the lifetime
+of the session.
+
+=head1 RETURN VALUES
+
+SSL_SESSION_get_time() and SSL_SESSION_get_timeout() return the currently
+valid values.
+
+SSL_SESSION_set_time() and SSL_SESSION_set_timeout() return 1 on success.
+
+If any of the function is passed the NULL pointer for the session B<s>, 
+0 is returned.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>,
+L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
+L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>
+
+=cut
diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod
new file mode 100644
index 0000000000..a673edba85
--- /dev/null
+++ b/doc/ssl/SSL_accept.pod
@@ -0,0 +1,75 @@
+=pod
+
+=head1 NAME
+
+SSL_accept - wait for a TLS/SSL client to initiate a TLS/SSL handshake
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_accept(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_accept() waits for a TLS/SSL client to initiate the TLS/SSL handshake.
+The communication channel must already have been set and assigned to the
+B<ssl> by setting an underlying B<BIO>.
+
+=head1 NOTES
+
+The behaviour of SSL_accept() depends on the underlying BIO. 
+
+If the underlying BIO is B<blocking>, SSL_accept() will only return once the
+handshake has been finished or an error occurred, except for SGC (Server
+Gated Cryptography). For SGC, SSL_accept() may return with -1, but
+SSL_get_error() will yield B<SSL_ERROR_WANT_READ/WRITE> and SSL_accept()
+should be called again.
+
+If the underlying BIO is B<non-blocking>, SSL_accept() will also return
+when the underlying BIO could not satisfy the needs of SSL_accept()
+to continue the handshake. In this case a call to SSL_get_error() with the
+return value of SSL_accept() will yield B<SSL_ERROR_WANT_READ> or
+B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
+taking appropriate action to satisfy the needs of SSL_accept().
+The action depends on the underlying BIO. When using a non-blocking socket,
+nothing is to be done, but select() can be used to check for the required
+condition. When using a buffering BIO, like a BIO pair, data must be written
+into or retrieved out of the BIO before being able to continue.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item 1
+
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+established.
+
+=item 0
+
+The TLS/SSL handshake was not successful but was shut down controlled and
+by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+return value B<ret> to find out the reason.
+
+=item E<lt>0
+
+The TLS/SSL handshake was not successful because a fatal error occurred either
+at the protocol level or a connection failure occurred. The shutdown was
+not clean. It can also occur of action is need to continue the operation
+for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
+to find out the reason.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
+L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
+L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
+L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
+L<SSL_CTX_new(3)|SSL_CTX_new(3)>
+
+=cut
diff --git a/doc/ssl/SSL_alert_type_string.pod b/doc/ssl/SSL_alert_type_string.pod
new file mode 100644
index 0000000000..94e28cc307
--- /dev/null
+++ b/doc/ssl/SSL_alert_type_string.pod
@@ -0,0 +1,228 @@
+=pod
+
+=head1 NAME
+
+SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long - get textual description of alert information
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ const char *SSL_alert_type_string(int value);
+ const char *SSL_alert_type_string_long(int value);
+
+ const char *SSL_alert_desc_string(int value);
+ const char *SSL_alert_desc_string_long(int value);
+
+=head1 DESCRIPTION
+
+SSL_alert_type_string() returns a one letter string indicating the
+type of the alert specified by B<value>.
+
+SSL_alert_type_string_long() returns a string indicating the type of the alert
+specified by B<value>.
+
+SSL_alert_desc_string() returns a two letter string as a short form
+describing the reason of the alert specified by B<value>.
+
+SSL_alert_desc_string_long() returns a string describing the reason
+of the alert specified by B<value>.
+
+=head1 NOTES
+
+When one side of an SSL/TLS communication wants to inform the peer about
+a special situation, it sends an alert. The alert is sent as a special message
+and does not influence the normal data stream (unless its contents results
+in the communication being canceled).
+
+A warning alert is sent, when a non-fatal error condition occurs. The
+"close notify" alert is sent as a warning alert. Other examples for
+non-fatal errors are certificate errors ("certificate expired",
+"unsupported certificate"), for which a warning alert may be sent.
+(The sending party may however decide to send a fatal error.) The
+receiving side may cancel the connection on reception of a warning
+alert on it discretion.
+
+Several alert messages must be sent as fatal alert messages as specified
+by the TLS RFC. A fatal alert always leads to a connection abort.
+
+=head1 RETURN VALUES
+
+The following strings can occur for SSL_alert_type_string() or
+SSL_alert_type_string_long():
+
+=over 4
+
+=item "W"/"warning"
+
+=item "F"/"fatal"
+
+=item "U"/"unknown"
+
+This indicates that no support is available for this alert type.
+Probably B<value> does not contain a correct alert message.
+
+=back
+
+The following strings can occur for SSL_alert_desc_string() or
+SSL_alert_desc_string_long():
+
+=over 4
+
+=item "CN"/"close notify"
+
+The connection shall be closed. This is a warning alert.
+
+=item "UM"/"unexpected message"
+
+An inappropriate message was received. This alert is always fatal
+and should never be observed in communication between proper
+implementations.
+
+=item "BM"/"bad record mac"
+
+This alert is returned if a record is received with an incorrect
+MAC. This message is always fatal.
+
+=item "DF"/"decompression failure"
+
+The decompression function received improper input (e.g. data
+that would expand to excessive length). This message is always
+fatal.
+
+=item "HF"/"handshake failure"
+
+Reception of a handshake_failure alert message indicates that the
+sender was unable to negotiate an acceptable set of security
+parameters given the options available. This is a fatal error.
+
+=item "NC"/"no certificate"
+
+A client, that was asked to send a certificate, does not send a certificate
+(SSLv3 only).
+
+=item "BC"/"bad certificate"
+
+A certificate was corrupt, contained signatures that did not
+verify correctly, etc
+
+=item "UC"/"unsupported certificate"
+
+A certificate was of an unsupported type.
+
+=item "CR"/"certificate revoked"
+
+A certificate was revoked by its signer.
+
+=item "CE"/"certificate expired"
+
+A certificate has expired or is not currently valid.
+
+=item "CU"/"certificate unknown"
+
+Some other (unspecified) issue arose in processing the
+certificate, rendering it unacceptable.
+
+=item "IP"/"illegal parameter"
+
+A field in the handshake was out of range or inconsistent with
+other fields. This is always fatal.
+
+=item "DC"/"decryption failed"
+
+A TLSCiphertext decrypted in an invalid way: either it wasn't an
+even multiple of the block length or its padding values, when
+checked, weren't correct. This message is always fatal.
+
+=item "RO"/"record overflow"
+
+A TLSCiphertext record was received which had a length more than
+2^14+2048 bytes, or a record decrypted to a TLSCompressed record
+with more than 2^14+1024 bytes. This message is always fatal.
+
+=item "CA"/"unknown CA"
+
+A valid certificate chain or partial chain was received, but the
+certificate was not accepted because the CA certificate could not
+be located or couldn't be matched with a known, trusted CA.  This
+message is always fatal.
+
+=item "AD"/"access denied"
+
+A valid certificate was received, but when access control was
+applied, the sender decided not to proceed with negotiation.
+This message is always fatal.
+
+=item "DE"/"decode error"
+
+A message could not be decoded because some field was out of the
+specified range or the length of the message was incorrect. This
+message is always fatal.
+
+=item "CY"/"decrypt error"
+
+A handshake cryptographic operation failed, including being
+unable to correctly verify a signature, decrypt a key exchange,
+or validate a finished message.
+
+=item "ER"/"export restriction"
+
+A negotiation not in compliance with export restrictions was
+detected; for example, attempting to transfer a 1024 bit
+ephemeral RSA key for the RSA_EXPORT handshake method. This
+message is always fatal.
+
+=item "PV"/"protocol version"
+
+The protocol version the client has attempted to negotiate is
+recognized, but not supported. (For example, old protocol
+versions might be avoided for security reasons). This message is
+always fatal.
+
+=item "IS"/"insufficient security"
+
+Returned instead of handshake_failure when a negotiation has
+failed specifically because the server requires ciphers more
+secure than those supported by the client. This message is always
+fatal.
+
+=item "IE"/"internal error"
+
+An internal error unrelated to the peer or the correctness of the
+protocol makes it impossible to continue (such as a memory
+allocation failure). This message is always fatal.
+
+=item "US"/"user canceled"
+
+This handshake is being canceled for some reason unrelated to a
+protocol failure. If the user cancels an operation after the
+handshake is complete, just closing the connection by sending a
+close_notify is more appropriate. This alert should be followed
+by a close_notify. This message is generally a warning.
+
+=item "NR"/"no renegotiation"
+
+Sent by the client in response to a hello request or by the
+server in response to a client hello after initial handshaking.
+Either of these would normally lead to renegotiation; when that
+is not appropriate, the recipient should respond with this alert;
+at that point, the original requester can decide whether to
+proceed with the connection. One case where this would be
+appropriate would be where a server has spawned a process to
+satisfy a request; the process might receive security parameters
+(key length, authentication, etc.) at startup and it might be
+difficult to communicate changes to these parameters after that
+point. This message is always a warning.
+
+=item "UK"/"unknown"
+
+This indicates that no description is available for this alert type.
+Probably B<value> does not contain a correct alert message.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)>
+
+=cut
diff --git a/doc/ssl/SSL_clear.pod b/doc/ssl/SSL_clear.pod
new file mode 100644
index 0000000000..8e077e31c9
--- /dev/null
+++ b/doc/ssl/SSL_clear.pod
@@ -0,0 +1,69 @@
+=pod
+
+=head1 NAME
+
+SSL_clear - reset SSL object to allow another connection
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_clear(SSL *ssl);
+
+=head1 DESCRIPTION
+
+Reset B<ssl> to allow another connection. All settings (method, ciphers,
+BIOs) are kept.
+
+=head1 NOTES
+
+SSL_clear is used to prepare an SSL object for a new connection. While all
+settings are kept, a side effect is the handling of the current SSL session.
+If a session is still B<open>, it is considered bad and will be removed
+from the session cache, as required by RFC2246. A session is considered open,
+if L<SSL_shutdown(3)|SSL_shutdown(3)> was not called for the connection
+or at least L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> was used to
+set the SSL_SENT_SHUTDOWN state.
+
+If a session was closed cleanly, the session object will be kept and all
+settings corresponding. This explicitly means, that e.g. the special method
+used during the session will be kept for the next handshake. So if the
+session was a TLSv1 session, a SSL client object will use a TLSv1 client
+method for the next handshake and a SSL server object will use a TLSv1
+server method, even if SSLv23_*_methods were chosen on startup. This
+will might lead to connection failures (see L<SSL_new(3)|SSL_new(3)>)
+for a description of the method's properties.
+
+=head1 WARNINGS
+
+SSL_clear() resets the SSL object to allow for another connection. The
+reset operation however keeps several settings of the last sessions
+(some of these settings were made automatically during the last
+handshake). It only makes sense when opening a new session (or reusing
+an old one) with the same peer that shares these settings.
+SSL_clear() is not a short form for the sequence
+L<SSL_free(3)|SSL_free(3)>; L<SSL_new(3)|SSL_new(3)>; .
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item 0
+
+The SSL_clear() operation could not be performed. Check the error stack to
+find out the reason.
+
+=item 1
+
+The SSL_clear() operation was successful.
+
+=back
+
+L<SSL_new(3)|SSL_new(3)>, L<SSL_free(3)|SSL_free(3)>,
+L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
+L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, L<ssl(3)|ssl(3)>,
+L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>
+
+=cut
diff --git a/doc/ssl/SSL_connect.pod b/doc/ssl/SSL_connect.pod
new file mode 100644
index 0000000000..8426310c0d
--- /dev/null
+++ b/doc/ssl/SSL_connect.pod
@@ -0,0 +1,72 @@
+=pod
+
+=head1 NAME
+
+SSL_connect - initiate the TLS/SSL handshake with an TLS/SSL server
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_connect(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_connect() initiates the TLS/SSL handshake with a server. The communication
+channel must already have been set and assigned to the B<ssl> by setting an
+underlying B<BIO>.
+
+=head1 NOTES
+
+The behaviour of SSL_connect() depends on the underlying BIO. 
+
+If the underlying BIO is B<blocking>, SSL_connect() will only return once the
+handshake has been finished or an error occurred.
+
+If the underlying BIO is B<non-blocking>, SSL_connect() will also return
+when the underlying BIO could not satisfy the needs of SSL_connect()
+to continue the handshake. In this case a call to SSL_get_error() with the
+return value of SSL_connect() will yield B<SSL_ERROR_WANT_READ> or
+B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
+taking appropriate action to satisfy the needs of SSL_connect().
+The action depends on the underlying BIO. When using a non-blocking socket,
+nothing is to be done, but select() can be used to check for the required
+condition. When using a buffering BIO, like a BIO pair, data must be written
+into or retrieved out of the BIO before being able to continue.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item 1
+
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+established.
+
+=item 0
+
+The TLS/SSL handshake was not successful but was shut down controlled and
+by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+return value B<ret> to find out the reason.
+
+=item E<lt>0
+
+The TLS/SSL handshake was not successful, because a fatal error occurred either
+at the protocol level or a connection failure occurred. The shutdown was
+not clean. It can also occur of action is need to continue the operation
+for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
+to find out the reason.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_accept(3)|SSL_accept(3)>,
+L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
+L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
+L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
+L<SSL_CTX_new(3)|SSL_CTX_new(3)>
+
+=cut
diff --git a/doc/ssl/SSL_do_handshake.pod b/doc/ssl/SSL_do_handshake.pod
new file mode 100644
index 0000000000..243576451b
--- /dev/null
+++ b/doc/ssl/SSL_do_handshake.pod
@@ -0,0 +1,75 @@
+=pod
+
+=head1 NAME
+
+SSL_do_handshake - perform a TLS/SSL handshake
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_do_handshake(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_do_handshake() will wait for a SSL/TLS handshake to take place. If the
+connection is in client mode, the handshake will be started. The handshake
+routines may have to be explicitly set in advance using either
+L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or
+L<SSL_set_accept_state(3)|SSL_set_accept_state(3)>.
+
+=head1 NOTES
+
+The behaviour of SSL_do_handshake() depends on the underlying BIO.
+
+If the underlying BIO is B<blocking>, SSL_do_handshake() will only return
+once the handshake has been finished or an error occurred, except for SGC
+(Server Gated Cryptography). For SGC, SSL_do_handshake() may return with -1,
+but SSL_get_error() will yield B<SSL_ERROR_WANT_READ/WRITE> and
+SSL_do_handshake() should be called again.
+
+If the underlying BIO is B<non-blocking>, SSL_do_handshake() will also return
+when the underlying BIO could not satisfy the needs of SSL_do_handshake()
+to continue the handshake. In this case a call to SSL_get_error() with the
+return value of SSL_do_handshake() will yield B<SSL_ERROR_WANT_READ> or
+B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
+taking appropriate action to satisfy the needs of SSL_do_handshake().
+The action depends on the underlying BIO. When using a non-blocking socket,
+nothing is to be done, but select() can be used to check for the required
+condition. When using a buffering BIO, like a BIO pair, data must be written
+into or retrieved out of the BIO before being able to continue.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item 1
+
+The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+established.
+
+=item 0
+
+The TLS/SSL handshake was not successful but was shut down controlled and
+by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+return value B<ret> to find out the reason.
+
+=item E<lt>0
+
+The TLS/SSL handshake was not successful because a fatal error occurred either
+at the protocol level or a connection failure occurred. The shutdown was
+not clean. It can also occur of action is need to continue the operation
+for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
+to find out the reason.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
+L<SSL_accept(3)|SSL_accept(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
+L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
+
+=cut
diff --git a/doc/ssl/SSL_free.pod b/doc/ssl/SSL_free.pod
new file mode 100644
index 0000000000..2d4f8b6168
--- /dev/null
+++ b/doc/ssl/SSL_free.pod
@@ -0,0 +1,44 @@
+=pod
+
+=head1 NAME
+
+SSL_free - free an allocated SSL structure
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_free(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_free() decrements the reference count of B<ssl>, and removes the SSL
+structure pointed to by B<ssl> and frees up the allocated memory if the
+the reference count has reached 0.
+
+=head1 NOTES
+
+SSL_free() also calls the free()ing procedures for indirectly affected items, if
+applicable: the buffering BIO, the read and write BIOs,
+cipher lists specially created for this B<ssl>, the B<SSL_SESSION>.
+Do not explicitly free these indirectly freed up items before or after
+calling SSL_free(), as trying to free things twice may lead to program
+failure.
+
+The ssl session has reference counts from two users: the SSL object, for
+which the reference count is removed by SSL_free() and the internal
+session cache. If the session is considered bad, because
+L<SSL_shutdown(3)|SSL_shutdown(3)> was not called for the connection
+and L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> was not used to set the
+SSL_SENT_SHUTDOWN state, the session will also be removed
+from the session cache as required by RFC2246.
+
+=head1 RETURN VALUES
+
+SSL_free() does not provide diagnostic information.
+
+L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
+L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
+L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/doc/ssl/SSL_get_SSL_CTX.pod b/doc/ssl/SSL_get_SSL_CTX.pod
new file mode 100644
index 0000000000..52d0227b19
--- /dev/null
+++ b/doc/ssl/SSL_get_SSL_CTX.pod
@@ -0,0 +1,26 @@
+=pod
+
+=head1 NAME
+
+SSL_get_SSL_CTX - get the SSL_CTX from which an SSL is created
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_SSL_CTX() returns a pointer to the SSL_CTX object, from which
+B<ssl> was created with L<SSL_new(3)|SSL_new(3)>.
+
+=head1 RETURN VALUES
+
+The pointer to the SSL_CTX object is returned.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>
+
+=cut
diff --git a/doc/ssl/SSL_get_ciphers.pod b/doc/ssl/SSL_get_ciphers.pod
new file mode 100644
index 0000000000..2a57455c23
--- /dev/null
+++ b/doc/ssl/SSL_get_ciphers.pod
@@ -0,0 +1,42 @@
+=pod
+
+=head1 NAME
+
+SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *ssl);
+ const char *SSL_get_cipher_list(SSL *ssl, int priority);
+
+=head1 DESCRIPTION
+
+SSL_get_ciphers() returns the stack of available SSL_CIPHERs for B<ssl>,
+sorted by preference. If B<ssl> is NULL or no ciphers are available, NULL
+is returned.
+
+SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER
+listed for B<ssl> with B<priority>. If B<ssl> is NULL, no ciphers are
+available, or there are less ciphers than B<priority> available, NULL
+is returned.
+
+=head1 NOTES
+
+The details of the ciphers obtained by SSL_get_ciphers() can be obtained using
+the L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)> family of functions.
+
+Call SSL_get_cipher_list() with B<priority> starting from 0 to obtain the
+sorted list of available ciphers, until NULL is returned.
+
+=head1 RETURN VALUES
+
+See DESCRIPTION
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
+L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)>
+
+=cut
diff --git a/doc/ssl/SSL_get_client_CA_list.pod b/doc/ssl/SSL_get_client_CA_list.pod
new file mode 100644
index 0000000000..5693fdebb2
--- /dev/null
+++ b/doc/ssl/SSL_get_client_CA_list.pod
@@ -0,0 +1,53 @@
+=pod
+
+=head1 NAME
+
+SSL_get_client_CA_list, SSL_CTX_get_client_CA_list - get list of client CAs
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
+ STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx); 
+
+=head1 DESCRIPTION
+
+SSL_CTX_get_client_CA_list() returns the list of client CAs explicitly set for
+B<ctx> using L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>.
+
+SSL_get_client_CA_list() returns the list of client CAs explicitly
+set for B<ssl> using SSL_set_client_CA_list() or B<ssl>'s SSL_CTX object with
+L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>, when in
+server mode. In client mode, SSL_get_client_CA_list returns the list of
+client CAs sent from the server, if any.
+
+=head1 RETURN VALUES
+
+SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return
+diagnostic information.
+
+SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return
+values:
+
+=over 4
+
+=item STACK_OF(X509_NAMES)
+
+List of CA names explicitly set (for B<ctx> or in server mode) or send
+by the server (client mode).
+
+=item NULL
+
+No client CA list was explicitly set (for B<ctx> or in server mode) or
+the server did not send a list of CAs (client mode).
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>,
+L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
+L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>
+
+=cut
diff --git a/doc/ssl/SSL_get_current_cipher.pod b/doc/ssl/SSL_get_current_cipher.pod
new file mode 100644
index 0000000000..2dd7261d89
--- /dev/null
+++ b/doc/ssl/SSL_get_current_cipher.pod
@@ -0,0 +1,43 @@
+=pod
+
+=head1 NAME
+
+SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name,
+SSL_get_cipher_bits, SSL_get_cipher_version - get SSL_CIPHER of a connection
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ SSL_CIPHER *SSL_get_current_cipher(SSL *ssl);
+ #define SSL_get_cipher(s) \
+                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+ #define SSL_get_cipher_name(s) \
+                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+ #define SSL_get_cipher_bits(s,np) \
+                SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
+ #define SSL_get_cipher_version(s) \
+                SSL_CIPHER_get_version(SSL_get_current_cipher(s))
+
+=head1 DESCRIPTION
+
+SSL_get_current_cipher() returns a pointer to an SSL_CIPHER object containing
+the description of the actually used cipher of a connection established with
+the B<ssl> object.
+
+SSL_get_cipher() and SSL_get_cipher_name() are identical macros to obtain the
+name of the currently used cipher. SSL_get_cipher_bits() is a
+macro to obtain the number of secret/algorithm bits used and 
+SSL_get_cipher_version() returns the protocol name.
+See L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)> for more details.
+
+=head1 RETURN VALUES
+
+SSL_get_current_cipher() returns the cipher actually used or NULL, when
+no session has been established.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)>
+
+=cut
diff --git a/doc/ssl/SSL_get_default_timeout.pod b/doc/ssl/SSL_get_default_timeout.pod
new file mode 100644
index 0000000000..8d43b31345
--- /dev/null
+++ b/doc/ssl/SSL_get_default_timeout.pod
@@ -0,0 +1,41 @@
+=pod
+
+=head1 NAME
+
+SSL_get_default_timeout - get default session timeout value
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_get_default_timeout(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_default_timeout() returns the default timeout value assigned to
+SSL_SESSION objects negotiated for the protocol valid for B<ssl>.
+
+=head1 NOTES
+
+Whenever a new session is negotiated, it is assigned a timeout value,
+after which it will not be accepted for session reuse. If the timeout
+value was not explicitly set using
+L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>, the hardcoded default
+timeout for the protocol will be used.
+
+SSL_get_default_timeout() return this hardcoded value, which is 300 seconds
+for all currently supported protocols (SSLv2, SSLv3, and TLSv1).
+
+=head1 RETURN VALUES
+
+See description.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>,
+L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
+L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
+L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>
+
+=cut
diff --git a/doc/ssl/SSL_get_error.pod b/doc/ssl/SSL_get_error.pod
new file mode 100644
index 0000000000..fe28dd942a
--- /dev/null
+++ b/doc/ssl/SSL_get_error.pod
@@ -0,0 +1,114 @@
+=pod
+
+=head1 NAME
+
+SSL_get_error - obtain result code for TLS/SSL I/O operation
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_get_error(SSL *ssl, int ret);
+
+=head1 DESCRIPTION
+
+SSL_get_error() returns a result code (suitable for the C "switch"
+statement) for a preceding call to SSL_connect(), SSL_accept(), SSL_do_handshake(),
+SSL_read(), SSL_peek(), or SSL_write() on B<ssl>.  The value returned by
+that TLS/SSL I/O function must be passed to SSL_get_error() in parameter
+B<ret>.
+
+In addition to B<ssl> and B<ret>, SSL_get_error() inspects the
+current thread's OpenSSL error queue.  Thus, SSL_get_error() must be
+used in the same thread that performed the TLS/SSL I/O operation, and no
+other OpenSSL function calls should appear in between.  The current
+thread's error queue must be empty before the TLS/SSL I/O operation is
+attempted, or SSL_get_error() will not work reliably.
+
+=head1 RETURN VALUES
+
+The following return values can currently occur:
+
+=over 4
+
+=item SSL_ERROR_NONE
+
+The TLS/SSL I/O operation completed.  This result code is returned
+if and only if B<ret E<gt> 0>.
+
+=item SSL_ERROR_ZERO_RETURN
+
+The TLS/SSL connection has been closed.  If the protocol version is SSL 3.0
+or TLS 1.0, this result code is returned only if a closure
+alert has occurred in the protocol, i.e. if the connection has been
+closed cleanly. Note that in this case B<SSL_ERROR_ZERO_RETURN>
+does not necessarily indicate that the underlying transport
+has been closed.
+
+=item SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE
+
+The operation did not complete; the same TLS/SSL I/O function should be
+called again later.  If, by then, the underlying B<BIO> has data
+available for reading (if the result code is B<SSL_ERROR_WANT_READ>)
+or allows writing data (B<SSL_ERROR_WANT_WRITE>), then some TLS/SSL
+protocol progress will take place, i.e. at least part of an TLS/SSL
+record will be read or written.  Note that the retry may again lead to
+a B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE> condition.
+There is no fixed upper limit for the number of iterations that
+may be necessary until progress becomes visible at application
+protocol level.
+
+For socket B<BIO>s (e.g. when SSL_set_fd() was used), select() or
+poll() on the underlying socket can be used to find out when the
+TLS/SSL I/O function should be retried.
+
+Caveat: Any TLS/SSL I/O function can lead to either of
+B<SSL_ERROR_WANT_READ> and B<SSL_ERROR_WANT_WRITE>.  In particular,
+SSL_read() or SSL_peek() may want to write data and SSL_write() may want
+to read data.  This is mainly because TLS/SSL handshakes may occur at any
+time during the protocol (initiated by either the client or the server);
+SSL_read(), SSL_peek(), and SSL_write() will handle any pending handshakes.
+
+=item SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT
+
+The operation did not complete; the same TLS/SSL I/O function should be
+called again later. The underlying BIO was not connected yet to the peer
+and the call would block in connect()/accept(). The SSL function should be
+called again when the connection is established. These messages can only
+appear with a BIO_s_connect() or BIO_s_accept() BIO, respectively.
+In order to find out, when the connection has been successfully established,
+on many platforms select() or poll() for writing on the socket file descriptor
+can be used.
+
+=item SSL_ERROR_WANT_X509_LOOKUP
+
+The operation did not complete because an application callback set by
+SSL_CTX_set_client_cert_cb() has asked to be called again.
+The TLS/SSL I/O function should be called again later.
+Details depend on the application.
+
+=item SSL_ERROR_SYSCALL
+
+Some I/O error occurred.  The OpenSSL error queue may contain more
+information on the error.  If the error queue is empty
+(i.e. ERR_get_error() returns 0), B<ret> can be used to find out more
+about the error: If B<ret == 0>, an EOF was observed that violates
+the protocol.  If B<ret == -1>, the underlying B<BIO> reported an
+I/O error (for socket I/O on Unix systems, consult B<errno> for details).
+
+=item SSL_ERROR_SSL
+
+A failure in the SSL library occurred, usually a protocol error.  The
+OpenSSL error queue contains more information on the error.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<err(3)|err(3)>
+
+=head1 HISTORY
+
+SSL_get_error() was added in SSLeay 0.8.
+
+=cut
diff --git a/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod b/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod
new file mode 100644
index 0000000000..165c6a5b2c
--- /dev/null
+++ b/doc/ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod
@@ -0,0 +1,61 @@
+=pod
+
+=head1 NAME
+
+SSL_get_ex_data_X509_STORE_CTX_idx - get ex_data index to access SSL structure
+from X509_STORE_CTX
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_get_ex_data_X509_STORE_CTX_idx(void);
+
+=head1 DESCRIPTION
+
+SSL_get_ex_data_X509_STORE_CTX_idx() returns the index number under which
+the pointer to the SSL object is stored into the X509_STORE_CTX object.
+
+=head1 NOTES
+
+Whenever a X509_STORE_CTX object is created for the verification of the
+peers certificate during a handshake, a pointer to the SSL object is
+stored into the X509_STORE_CTX object to identify the connection affected.
+To retrieve this pointer the X509_STORE_CTX_get_ex_data() function can
+be used with the correct index. This index is globally the same for all
+X509_STORE_CTX objects and can be retrieved using
+SSL_get_ex_data_X509_STORE_CTX_idx(). The index value is set when
+SSL_get_ex_data_X509_STORE_CTX_idx() is first called either by the application
+program directly or indirectly during other SSL setup functions or during
+the handshake.
+
+The value depends on other index values defined for X509_STORE_CTX objects
+before the SSL index is created.
+
+=head1 RETURN VALUES
+
+=over 4
+
+=item E<gt>=0
+
+The index value to access the pointer.
+
+=item E<lt>0
+
+An error occurred, check the error stack for a detailed error message.
+
+=back
+
+=head1 EXAMPLES
+
+The index returned from SSL_get_ex_data_X509_STORE_CTX_idx() allows to
+access the SSL object for the connection to be accessed during the
+verify_callback() when checking the peers certificate. Please check
+the example in L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
+L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
+
+=cut
diff --git a/doc/ssl/SSL_get_ex_new_index.pod b/doc/ssl/SSL_get_ex_new_index.pod
new file mode 100644
index 0000000000..6644ef8fbc
--- /dev/null
+++ b/doc/ssl/SSL_get_ex_new_index.pod
@@ -0,0 +1,59 @@
+=pod
+
+=head1 NAME
+
+SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data - internal application specific data functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_get_ex_new_index(long argl, void *argp,
+                CRYPTO_EX_new *new_func,
+                CRYPTO_EX_dup *dup_func,
+                CRYPTO_EX_free *free_func);
+
+ int SSL_set_ex_data(SSL *ssl, int idx, void *arg);
+
+ void *SSL_get_ex_data(SSL *ssl, int idx);
+
+ typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                int idx, long argl, void *argp);
+ typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                int idx, long argl, void *argp);
+ typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
+                int idx, long argl, void *argp);
+
+=head1 DESCRIPTION
+
+Several OpenSSL structures can have application specific data attached to them.
+These functions are used internally by OpenSSL to manipulate application
+specific data attached to a specific structure.
+
+SSL_get_ex_new_index() is used to register a new index for application
+specific data.
+
+SSL_set_ex_data() is used to store application data at B<arg> for B<idx> into
+the B<ssl> object.
+
+SSL_get_ex_data() is used to retrieve the information for B<idx> from
+B<ssl>.
+
+A detailed description for the B<*_get_ex_new_index()> functionality
+can be found in L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>.
+The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
+L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
+
+=head1 EXAMPLES
+
+An example on how to use the functionality is included in the example
+verify_callback() in L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>,
+L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
+L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>,
+L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
+
+=cut
diff --git a/doc/ssl/SSL_get_fd.pod b/doc/ssl/SSL_get_fd.pod
new file mode 100644
index 0000000000..a3f7625931
--- /dev/null
+++ b/doc/ssl/SSL_get_fd.pod
@@ -0,0 +1,44 @@
+=pod
+
+=head1 NAME
+
+SSL_get_fd - get file descriptor linked to an SSL object
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_get_fd(SSL *ssl);
+ int SSL_get_rfd(SSL *ssl);
+ int SSL_get_wfd(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_fd() returns the file descriptor which is linked to B<ssl>.
+SSL_get_rfd() and SSL_get_wfd() return the file descriptors for the
+read or the write channel, which can be different. If the read and the
+write channel are different, SSL_get_fd() will return the file descriptor
+of the read channel.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item -1
+
+The operation failed, because the underlying BIO is not of the correct type
+(suitable for file descriptors).
+
+=item E<gt>=0
+
+The file descriptor linked to B<ssl>.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_set_fd(3)|SSL_set_fd(3)>, L<ssl(3)|ssl(3)> , L<bio(3)|bio(3)>
+
+=cut
diff --git a/doc/ssl/SSL_get_peer_cert_chain.pod b/doc/ssl/SSL_get_peer_cert_chain.pod
new file mode 100644
index 0000000000..390ce0b41b
--- /dev/null
+++ b/doc/ssl/SSL_get_peer_cert_chain.pod
@@ -0,0 +1,52 @@
+=pod
+
+=head1 NAME
+
+SSL_get_peer_cert_chain - get the X509 certificate chain of the peer
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ STACKOF(X509) *SSL_get_peer_cert_chain(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_peer_cert_chain() returns a pointer to STACKOF(X509) certificates
+forming the certificate chain of the peer. If called on the client side,
+the stack also contains the peer's certificate; if called on the server
+side, the peer's certificate must be obtained separately using
+L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>.
+If the peer did not present a certificate, NULL is returned.
+
+=head1 NOTES
+
+The peer certificate chain is not necessarily available after reusing
+a session, in which case a NULL pointer is returned.
+
+The reference count of the STACKOF(X509) object is not incremented.
+If the corresponding session is freed, the pointer must not be used
+any longer.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item NULL
+
+No certificate was presented by the peer or no connection was established
+or the certificate chain is no longer available when a session is reused.
+
+=item Pointer to a STACKOF(X509)
+
+The return value points to the certificate chain presented by the peer.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>
+
+=cut
diff --git a/doc/ssl/SSL_get_peer_certificate.pod b/doc/ssl/SSL_get_peer_certificate.pod
new file mode 100644
index 0000000000..60635a9660
--- /dev/null
+++ b/doc/ssl/SSL_get_peer_certificate.pod
@@ -0,0 +1,55 @@
+=pod
+
+=head1 NAME
+
+SSL_get_peer_certificate - get the X509 certificate of the peer
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ X509 *SSL_get_peer_certificate(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_peer_certificate() returns a pointer to the X509 certificate the
+peer presented. If the peer did not present a certificate, NULL is returned.
+
+=head1 NOTES
+
+Due to the protocol definition, a TLS/SSL server will always send a
+certificate, if present. A client will only send a certificate when
+explicitly requested to do so by the server (see
+L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>). If an anonymous cipher
+is used, no certificates are sent.
+
+That a certificate is returned does not indicate information about the
+verification state, use L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>
+to check the verification state.
+
+The reference count of the X509 object is incremented by one, so that it
+will not be destroyed when the session containing the peer certificate is
+freed. The X509 object must be explicitly freed using X509_free().
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item NULL
+
+No certificate was presented by the peer or no connection was established.
+
+=item Pointer to an X509 certificate
+
+The return value points to the certificate presented by the peer.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
+L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
+
+=cut
diff --git a/doc/ssl/SSL_get_rbio.pod b/doc/ssl/SSL_get_rbio.pod
new file mode 100644
index 0000000000..3d98233cac
--- /dev/null
+++ b/doc/ssl/SSL_get_rbio.pod
@@ -0,0 +1,40 @@
+=pod
+
+=head1 NAME
+
+SSL_get_rbio - get BIO linked to an SSL object
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ BIO *SSL_get_rbio(SSL *ssl);
+ BIO *SSL_get_wbio(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_rbio() and SSL_get_wbio() return pointers to the BIOs for the
+read or the write channel, which can be different. The reference count
+of the BIO is not incremented.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item NULL
+
+No BIO was connected to the SSL object
+
+=item Any other pointer
+
+The BIO linked to B<ssl>.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_set_bio(3)|SSL_set_bio(3)>, L<ssl(3)|ssl(3)> , L<bio(3)|bio(3)>
+
+=cut
diff --git a/doc/ssl/SSL_get_session.pod b/doc/ssl/SSL_get_session.pod
new file mode 100644
index 0000000000..dd9aba40b6
--- /dev/null
+++ b/doc/ssl/SSL_get_session.pod
@@ -0,0 +1,73 @@
+=pod
+
+=head1 NAME
+
+SSL_get_session - retrieve TLS/SSL session data
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ SSL_SESSION *SSL_get_session(SSL *ssl);
+ SSL_SESSION *SSL_get0_session(SSL *ssl);
+ SSL_SESSION *SSL_get1_session(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_session() returns a pointer to the B<SSL_SESSION> actually used in
+B<ssl>. The reference count of the B<SSL_SESSION> is not incremented, so
+that the pointer can become invalid by other operations.
+
+SSL_get0_session() is the same as SSL_get_session().
+
+SSL_get1_session() is the same as SSL_get_session(), but the reference
+count of the B<SSL_SESSION> is incremented by one.
+
+=head1 NOTES
+
+The ssl session contains all information required to re-establish the
+connection without a new handshake.
+
+SSL_get0_session() returns a pointer to the actual session. As the
+reference counter is not incremented, the pointer is only valid while
+the connection is in use. If L<SSL_clear(3)|SSL_clear(3)> or
+L<SSL_free(3)|SSL_free(3)> is called, the session may be removed completely
+(if considered bad), and the pointer obtained will become invalid. Even
+if the session is valid, it can be removed at any time due to timeout
+during L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>.
+
+If the data is to be kept, SSL_get1_session() will increment the reference
+count, so that the session will not be implicitly removed by other operations
+but stays in memory. In order to remove the session
+L<SSL_SESSION_free(3)|SSL_SESSION_free(3)> must be explicitly called once
+to decrement the reference count again.
+
+SSL_SESSION objects keep internal link information about the session cache
+list, when being inserted into one SSL_CTX object's session cache.
+One SSL_SESSION object, regardless of its reference count, must therefore
+only be used with one SSL_CTX object (and the SSL objects created
+from this SSL_CTX object).
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item NULL
+
+There is no session available in B<ssl>.
+
+=item Pointer to an SSL
+
+The return value points to the data of an SSL session.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_free(3)|SSL_free(3)>,
+L<SSL_clear(3)|SSL_clear(3)>,
+L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
+
+=cut
diff --git a/doc/ssl/SSL_get_verify_result.pod b/doc/ssl/SSL_get_verify_result.pod
new file mode 100644
index 0000000000..e6bac9c35a
--- /dev/null
+++ b/doc/ssl/SSL_get_verify_result.pod
@@ -0,0 +1,57 @@
+=pod
+
+=head1 NAME
+
+SSL_get_verify_result - get result of peer certificate verification
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ long SSL_get_verify_result(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_verify_result() returns the result of the verification of the
+X509 certificate presented by the peer, if any.
+
+=head1 NOTES
+
+SSL_get_verify_result() can only return one error code while the verification
+of a certificate can fail because of many reasons at the same time. Only
+the last verification error that occurred during the processing is available
+from SSL_get_verify_result().
+
+The verification result is part of the established session and is restored
+when a session is reused.
+
+=head1 BUGS
+
+If no peer certificate was presented, the returned result code is
+X509_V_OK. This is because no verification error occurred, it does however
+not indicate success. SSL_get_verify_result() is only useful in connection
+with L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>.
+
+=head1 RETURN VALUES
+
+The following return values can currently occur:
+
+=over 4
+
+=item X509_V_OK
+
+The verification succeeded or no peer certificate was presented.
+
+=item Any other value
+
+Documented in L<verify(1)|verify(1)>.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_set_verify_result(3)|SSL_set_verify_result(3)>,
+L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>,
+L<verify(1)|verify(1)>
+
+=cut
diff --git a/doc/ssl/SSL_get_version.pod b/doc/ssl/SSL_get_version.pod
new file mode 100644
index 0000000000..24d5291256
--- /dev/null
+++ b/doc/ssl/SSL_get_version.pod
@@ -0,0 +1,46 @@
+=pod
+
+=head1 NAME
+
+SSL_get_version - get the protocol version of a connection.
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ const char *SSL_get_version(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_get_cipher_version() returns the name of the protocol used for the
+connection B<ssl>.
+
+=head1 RETURN VALUES
+
+The following strings can occur:
+
+=over 4
+
+=item SSLv2
+
+The connection uses the SSLv2 protocol.
+
+=item SSLv3
+
+The connection uses the SSLv3 protocol.
+
+=item TLSv1
+
+The connection uses the TLSv1 protocol.
+
+=item unknown
+
+This indicates that no version has been set (no connection established).
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/doc/ssl/SSL_library_init.pod b/doc/ssl/SSL_library_init.pod
new file mode 100644
index 0000000000..ecf3c4858e
--- /dev/null
+++ b/doc/ssl/SSL_library_init.pod
@@ -0,0 +1,52 @@
+=pod
+
+=head1 NAME
+
+SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms
+- initialize SSL library by registering algorithms
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_library_init(void);
+ #define OpenSSL_add_ssl_algorithms()    SSL_library_init()
+ #define SSLeay_add_ssl_algorithms()     SSL_library_init()
+
+=head1 DESCRIPTION
+
+SSL_library_init() registers the available ciphers and digests.
+
+OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are synonyms
+for SSL_library_init().
+
+=head1 NOTES
+
+SSL_library_init() must be called before any other action takes place.
+
+=head1 WARNING
+
+SSL_library_init() only registers ciphers. Another important initialization
+is the seeding of the PRNG (Pseudo Random Number Generator), which has to
+be performed separately.
+
+=head1 EXAMPLES
+
+A typical TLS/SSL application will start with the library initialization,
+will provide readable error messages and will seed the PRNG.
+
+ SSL_load_error_strings();                /* readable error messages */
+ SSL_library_init();                      /* initialize library */
+ actions_to_seed_PRNG(); 
+
+=head1 RETURN VALUES
+
+SSL_library_init() always returns "1", so it is safe to discard the return
+value.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_load_error_strings(3)|SSL_load_error_strings(3)>,
+L<RAND_add(3)|RAND_add(3)>
+
+=cut
diff --git a/doc/ssl/SSL_load_client_CA_file.pod b/doc/ssl/SSL_load_client_CA_file.pod
new file mode 100644
index 0000000000..02527dc2ed
--- /dev/null
+++ b/doc/ssl/SSL_load_client_CA_file.pod
@@ -0,0 +1,62 @@
+=pod
+
+=head1 NAME
+
+SSL_load_client_CA_file - load certificate names from file
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
+
+=head1 DESCRIPTION
+
+SSL_load_client_CA_file() reads certificates from B<file> and returns
+a STACK_OF(X509_NAME) with the subject names found.
+
+=head1 NOTES
+
+SSL_load_client_CA_file() reads a file of PEM formatted certificates and
+extracts the X509_NAMES of the certificates found. While the name suggests
+the specific usage as support function for
+L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
+it is not limited to CA certificates.
+
+=head1 EXAMPLES
+
+Load names of CAs from file and use it as a client CA list:
+
+ SSL_CTX *ctx;
+ STACK_OF(X509_NAME) *cert_names;
+
+ ... 
+ cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
+ if (cert_names != NULL)
+   SSL_CTX_set_client_CA_list(ctx, cert_names);
+ else
+   error_handling();
+ ...
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item NULL
+
+The operation failed, check out the error stack for the reason.
+
+=item Pointer to STACK_OF(X509_NAME)
+
+Pointer to the subject names of the successfully read certificates.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>,
+L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>
+
+=cut
diff --git a/doc/ssl/SSL_new.pod b/doc/ssl/SSL_new.pod
new file mode 100644
index 0000000000..25300e978f
--- /dev/null
+++ b/doc/ssl/SSL_new.pod
@@ -0,0 +1,44 @@
+=pod
+
+=head1 NAME
+
+SSL_new - create a new SSL structure for a connection
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ SSL *SSL_new(SSL_CTX *ctx);
+
+=head1 DESCRIPTION
+
+SSL_new() creates a new B<SSL> structure which is needed to hold the
+data for a TLS/SSL connection. The new structure inherits the settings
+of the underlying context B<ctx>: connection method (SSLv2/v3/TLSv1),
+options, verification settings, timeout settings.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item NULL
+
+The creation of a new SSL structure failed. Check the error stack to
+find out the reason.
+
+=item Pointer to an SSL structure
+
+The return value points to an allocated SSL structure.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_free(3)|SSL_free(3)>, L<SSL_clear(3)|SSL_clear(3)>,
+L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
+L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>,
+L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/doc/ssl/SSL_pending.pod b/doc/ssl/SSL_pending.pod
new file mode 100644
index 0000000000..b4c48598b2
--- /dev/null
+++ b/doc/ssl/SSL_pending.pod
@@ -0,0 +1,43 @@
+=pod
+
+=head1 NAME
+
+SSL_pending - obtain number of readable bytes buffered in an SSL object
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_pending(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_pending() returns the number of bytes which are available inside
+B<ssl> for immediate read.
+
+=head1 NOTES
+
+Data are received in blocks from the peer. Therefore data can be buffered
+inside B<ssl> and are ready for immediate retrieval with
+L<SSL_read(3)|SSL_read(3)>.
+
+=head1 RETURN VALUES
+
+The number of bytes pending is returned.
+
+=head1 BUGS
+
+SSL_pending() takes into account only bytes from the TLS/SSL record
+that is currently being processed (if any).  If the B<SSL> object's
+I<read_ahead> flag is set, additional protocol bytes may have been
+read containing more TLS/SSL records; these are ignored by
+SSL_pending().
+
+Up to OpenSSL 0.9.6, SSL_pending() does not check if the record type
+of pending data is application data.
+
+=head1 SEE ALSO
+
+L<SSL_read(3)|SSL_read(3)>, L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/doc/ssl/SSL_read.pod b/doc/ssl/SSL_read.pod
new file mode 100644
index 0000000000..f6c37f77e4
--- /dev/null
+++ b/doc/ssl/SSL_read.pod
@@ -0,0 +1,118 @@
+=pod
+
+=head1 NAME
+
+SSL_read - read bytes from a TLS/SSL connection.
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_read(SSL *ssl, void *buf, int num);
+
+=head1 DESCRIPTION
+
+SSL_read() tries to read B<num> bytes from the specified B<ssl> into the
+buffer B<buf>.
+
+=head1 NOTES
+
+If necessary, SSL_read() will negotiate a TLS/SSL session, if
+not already explicitly performed by L<SSL_connect(3)|SSL_connect(3)> or
+L<SSL_accept(3)|SSL_accept(3)>. If the
+peer requests a re-negotiation, it will be performed transparently during
+the SSL_read() operation. The behaviour of SSL_read() depends on the
+underlying BIO. 
+
+For the transparent negotiation to succeed, the B<ssl> must have been
+initialized to client or server mode. This is being done by calling
+L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
+before the first call to an SSL_read() or L<SSL_write(3)|SSL_write(3)>
+function.
+
+SSL_read() works based on the SSL/TLS records. The data are received in
+records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a
+record has been completely received, it can be processed (decryption and
+check of integrity). Therefore data that was not retrieved at the last
+call of SSL_read() can still be buffered inside the SSL layer and will be
+retrieved on the next call to SSL_read(). If B<num> is higher than the
+number of bytes buffered, SSL_read() will return with the bytes buffered.
+If no more bytes are in the buffer, SSL_read() will trigger the processing
+of the next record. Only when the record has been received and processed
+completely, SSL_read() will return reporting success. At most the contents
+of the record will be returned. As the size of an SSL/TLS record may exceed
+the maximum packet size of the underlying transport (e.g. TCP), it may
+be necessary to read several packets from the transport layer before the
+record is complete and SSL_read() can succeed.
+
+If the underlying BIO is B<blocking>, SSL_read() will only return, once the
+read operation has been finished or an error occurred, except when a
+renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. 
+This behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the
+L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> call.
+
+If the underlying BIO is B<non-blocking>, SSL_read() will also return
+when the underlying BIO could not satisfy the needs of SSL_read()
+to continue the operation. In this case a call to
+L<SSL_get_error(3)|SSL_get_error(3)> with the
+return value of SSL_read() will yield B<SSL_ERROR_WANT_READ> or
+B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a
+call to SSL_read() can also cause write operations! The calling process
+then must repeat the call after taking appropriate action to satisfy the
+needs of SSL_read(). The action depends on the underlying BIO. When using a
+non-blocking socket, nothing is to be done, but select() can be used to check
+for the required condition. When using a buffering BIO, like a BIO pair, data
+must be written into or retrieved out of the BIO before being able to continue.
+
+=head1 WARNING
+
+When an SSL_read() operation has to be repeated because of
+B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated
+with the same arguments.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item E<gt>0
+
+The read operation was successful; the return value is the number of
+bytes actually read from the TLS/SSL connection.
+
+=item 0
+
+The read operation was not successful. The reason may either be a clean
+shutdown due to a "close notify" alert sent by the peer (in which case
+the SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set
+(see L<SSL_shutdown(3)|SSL_shutdown(3)>,
+L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>). It is also possible, that
+the peer simply shut down the underlying transport and the shutdown is
+incomplete. Call SSL_get_error() with the return value B<ret> to find out,
+whether an error occurred or the connection was shut down cleanly
+(SSL_ERROR_ZERO_RETURN).
+
+SSLv2 (deprecated) does not support a shutdown alert protocol, so it can
+only be detected, whether the underlying connection was closed. It cannot
+be checked, whether the closure was initiated by the peer or by something
+else.
+
+=item E<lt>0
+
+The read operation was not successful, because either an error occurred
+or action must be taken by the calling process. Call SSL_get_error() with the
+return value B<ret> to find out the reason.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_write(3)|SSL_write(3)>,
+L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
+L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>
+L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
+L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
+L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
+
+=cut
diff --git a/doc/ssl/SSL_rstate_string.pod b/doc/ssl/SSL_rstate_string.pod
new file mode 100644
index 0000000000..bdb8a1fcd5
--- /dev/null
+++ b/doc/ssl/SSL_rstate_string.pod
@@ -0,0 +1,59 @@
+=pod
+
+=head1 NAME
+
+SSL_rstate_string, SSL_rstate_string_long - get textual description of state of an SSL object during read operation
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ const char *SSL_rstate_string(SSL *ssl);
+ const char *SSL_rstate_string_long(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_rstate_string() returns a 2 letter string indicating the current read state
+of the SSL object B<ssl>.
+
+SSL_rstate_string_long() returns a string indicating the current read state of
+the SSL object B<ssl>.
+
+=head1 NOTES
+
+When performing a read operation, the SSL/TLS engine must parse the record,
+consisting of header and body. When working in a blocking environment,
+SSL_rstate_string[_long]() should always return "RD"/"read done".
+
+This function should only seldom be needed in applications.
+
+=head1 RETURN VALUES
+
+SSL_rstate_string() and SSL_rstate_string_long() can return the following
+values:
+
+=over 4
+
+=item "RH"/"read header"
+
+The header of the record is being evaluated.
+
+=item "RB"/"read body"
+
+The body of the record is being evaluated.
+
+=item "RD"/"read done"
+
+The record has been completely processed.
+
+=item "unknown"/"unknown"
+
+The read state is unknown. This should never happen.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>
+
+=cut
diff --git a/doc/ssl/SSL_session_reused.pod b/doc/ssl/SSL_session_reused.pod
new file mode 100644
index 0000000000..da7d06264d
--- /dev/null
+++ b/doc/ssl/SSL_session_reused.pod
@@ -0,0 +1,45 @@
+=pod
+
+=head1 NAME
+
+SSL_session_reused - query whether a reused session was negotiated during handshake
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_session_reused(SSL *ssl);
+
+=head1 DESCRIPTION
+
+Query, whether a reused session was negotiated during the handshake.
+
+=head1 NOTES
+
+During the negotiation, a client can propose to reuse a session. The server
+then looks up the session in its cache. If both client and server agree
+on the session, it will be reused and a flag is being set that can be
+queried by the application.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item 0
+
+A new session was negotiated.
+
+=item 1
+
+A session was reused.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
+L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>
+
+=cut
diff --git a/doc/ssl/SSL_set_bio.pod b/doc/ssl/SSL_set_bio.pod
new file mode 100644
index 0000000000..67c9756d3f
--- /dev/null
+++ b/doc/ssl/SSL_set_bio.pod
@@ -0,0 +1,34 @@
+=pod
+
+=head1 NAME
+
+SSL_set_bio - connect the SSL object with a BIO
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_set_bio(SSL *ssl, BIO *rbio, BIO *wbio);
+
+=head1 DESCRIPTION
+
+SSL_set_bio() connects the BIOs B<rbio> and B<wbio> for the read and write
+operations of the TLS/SSL (encrypted) side of B<ssl>.
+
+The SSL engine inherits the behaviour of B<rbio> and B<wbio>, respectively.
+If a BIO is non-blocking, the B<ssl> will also have non-blocking behaviour.
+
+If there was already a BIO connected to B<ssl>, BIO_free() will be called
+(for both the reading and writing side, if different).
+
+=head1 RETURN VALUES
+
+SSL_set_bio() cannot fail.
+
+=head1 SEE ALSO
+
+L<SSL_get_rbio(3)|SSL_get_rbio(3)>,
+L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>,
+L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
+
+=cut
diff --git a/doc/ssl/SSL_set_connect_state.pod b/doc/ssl/SSL_set_connect_state.pod
new file mode 100644
index 0000000000..d88a057def
--- /dev/null
+++ b/doc/ssl/SSL_set_connect_state.pod
@@ -0,0 +1,55 @@
+=pod
+
+=head1 NAME
+
+SSL_set_connect_state, SSL_get_accept_state - prepare SSL object to work in client or server mode
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_set_connect_state(SSL *ssl);
+
+ void SSL_set_accept_state(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_set_connect_state() sets B<ssl> to work in client mode.
+
+SSL_set_accept_state() sets B<ssl> to work in server mode.
+
+=head1 NOTES
+
+When the SSL_CTX object was created with L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
+it was either assigned a dedicated client method, a dedicated server
+method, or a generic method, that can be used for both client and
+server connections. (The method might have been changed with
+L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)> or
+SSL_set_ssl_method().)
+
+When beginning a new handshake, the SSL engine must know whether it must
+call the connect (client) or accept (server) routines. Even though it may
+be clear from the method chosen, whether client or server mode was
+requested, the handshake routines must be explicitly set.
+
+When using the L<SSL_connect(3)|SSL_connect(3)> or
+L<SSL_accept(3)|SSL_accept(3)> routines, the correct handshake
+routines are automatically set. When performing a transparent negotiation
+using L<SSL_write(3)|SSL_write(3)> or L<SSL_read(3)|SSL_read(3)>, the
+handshake routines must be explicitly set in advance using either
+SSL_set_connect_state() or SSL_set_accept_state().
+
+=head1 RETURN VALUES
+
+SSL_set_connect_state() and SSL_set_accept_state() do not return diagnostic
+information.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
+L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>,
+L<SSL_write(3)|SSL_write(3)>, L<SSL_read(3)|SSL_read(3)>,
+L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
+L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>
+
+=cut
diff --git a/doc/ssl/SSL_set_fd.pod b/doc/ssl/SSL_set_fd.pod
new file mode 100644
index 0000000000..70291128fc
--- /dev/null
+++ b/doc/ssl/SSL_set_fd.pod
@@ -0,0 +1,54 @@
+=pod
+
+=head1 NAME
+
+SSL_set_fd - connect the SSL object with a file descriptor
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_set_fd(SSL *ssl, int fd);
+ int SSL_set_rfd(SSL *ssl, int fd);
+ int SSL_set_wfd(SSL *ssl, int fd);
+
+=head1 DESCRIPTION
+
+SSL_set_fd() sets the file descriptor B<fd> as the input/output facility
+for the TLS/SSL (encrypted) side of B<ssl>. B<fd> will typically be the
+socket file descriptor of a network connection.
+
+When performing the operation, a B<socket BIO> is automatically created to
+interface between the B<ssl> and B<fd>. The BIO and hence the SSL engine
+inherit the behaviour of B<fd>. If B<fd> is non-blocking, the B<ssl> will
+also have non-blocking behaviour.
+
+If there was already a BIO connected to B<ssl>, BIO_free() will be called
+(for both the reading and writing side, if different).
+
+SSL_set_rfd() and SSL_set_wfd() perform the respective action, but only
+for the read channel or the write channel, which can be set independently.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item 0
+
+The operation failed. Check the error stack to find out why.
+
+=item 1
+
+The operation succeeded.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_get_fd(3)|SSL_get_fd(3)>, L<SSL_set_bio(3)|SSL_set_bio(3)>,
+L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>,
+L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)> , L<bio(3)|bio(3)>
+
+=cut
diff --git a/doc/ssl/SSL_set_session.pod b/doc/ssl/SSL_set_session.pod
new file mode 100644
index 0000000000..5f54714ad8
--- /dev/null
+++ b/doc/ssl/SSL_set_session.pod
@@ -0,0 +1,57 @@
+=pod
+
+=head1 NAME
+
+SSL_set_session - set a TLS/SSL session to be used during TLS/SSL connect
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_set_session(SSL *ssl, SSL_SESSION *session);
+
+=head1 DESCRIPTION
+
+SSL_set_session() sets B<session> to be used when the TLS/SSL connection
+is to be established. SSL_set_session() is only useful for TLS/SSL clients.
+When the session is set, the reference count of B<session> is incremented
+by 1. If the session is not reused, the reference count is decremented
+again during SSL_connect(). Whether the session was reused can be queried
+with the L<SSL_session_reused(3)|SSL_session_reused(3)> call.
+
+If there is already a session set inside B<ssl> (because it was set with
+SSL_set_session() before or because the same B<ssl> was already used for
+a connection), SSL_SESSION_free() will be called for that session.
+
+=head1 NOTES
+
+SSL_SESSION objects keep internal link information about the session cache
+list, when being inserted into one SSL_CTX object's session cache.
+One SSL_SESSION object, regardless of its reference count, must therefore
+only be used with one SSL_CTX object (and the SSL objects created
+from this SSL_CTX object).
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item 0
+
+The operation failed; check the error stack to find out the reason.
+
+=item 1
+
+The operation succeeded.
+
+=back
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
+L<SSL_get_session(3)|SSL_get_session(3)>,
+L<SSL_session_reused(3)|SSL_session_reused(3)>,
+L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>
+
+=cut
diff --git a/doc/ssl/SSL_set_shutdown.pod b/doc/ssl/SSL_set_shutdown.pod
new file mode 100644
index 0000000000..6289e635d9
--- /dev/null
+++ b/doc/ssl/SSL_set_shutdown.pod
@@ -0,0 +1,72 @@
+=pod
+
+=head1 NAME
+
+SSL_set_shutdown, SSL_get_shutdown - manipulate shutdown state of an SSL connection
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_set_shutdown(SSL *ssl, int mode);
+
+ int SSL_get_shutdown(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_set_shutdown() sets the shutdown state of B<ssl> to B<mode>.
+
+SSL_get_shutdown() returns the shutdown mode of B<ssl>.
+
+=head1 NOTES
+
+The shutdown state of an ssl connection is a bitmask of:
+
+=over 4
+
+=item 0
+
+No shutdown setting, yet.
+
+=item SSL_SENT_SHUTDOWN
+
+A "close notify" shutdown alert was sent to the peer, the connection is being
+considered closed and the session is closed and correct.
+
+=item SSL_RECEIVED_SHUTDOWN
+
+A shutdown alert was received form the peer, either a normal "close notify"
+or a fatal error.
+
+=back
+
+SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN can be set at the same time.
+
+The shutdown state of the connection is used to determine the state of
+the ssl session. If the session is still open, when
+L<SSL_clear(3)|SSL_clear(3)> or L<SSL_free(3)|SSL_free(3)> is called,
+it is considered bad and removed according to RFC2246.
+The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN
+(according to the TLS RFC, it is acceptable to only send the "close notify"
+alert but to not wait for the peer's answer, when the underlying connection
+is closed).
+SSL_set_shutdown() can be used to set this state without sending a
+close alert to the peer (see L<SSL_shutdown(3)|SSL_shutdown(3)>).
+
+If a "close notify" was received, SSL_RECEIVED_SHUTDOWN will be set,
+for setting SSL_SENT_SHUTDOWN the application must however still call
+L<SSL_shutdown(3)|SSL_shutdown(3)> or SSL_set_shutdown() itself.
+
+=head1 RETURN VALUES
+
+SSL_set_shutdown() does not return diagnostic information.
+
+SSL_get_shutdown() returns the current setting.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_shutdown(3)|SSL_shutdown(3)>,
+L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
+L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>
+
+=cut
diff --git a/doc/ssl/SSL_set_verify_result.pod b/doc/ssl/SSL_set_verify_result.pod
new file mode 100644
index 0000000000..04ab101aad
--- /dev/null
+++ b/doc/ssl/SSL_set_verify_result.pod
@@ -0,0 +1,38 @@
+=pod
+
+=head1 NAME
+
+SSL_set_verify_result - override result of peer certificate verification
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ void SSL_set_verify_result(SSL *ssl, long verify_result);
+
+=head1 DESCRIPTION
+
+SSL_set_verify_result() sets B<verify_result> of the object B<ssl> to be the
+result of the verification of the X509 certificate presented by the peer,
+if any.
+
+=head1 NOTES
+
+SSL_set_verify_result() overrides the verification result. It only changes
+the verification result of the B<ssl> object. It does not become part of the
+established session, so if the session is to be reused later, the original
+value will reappear.
+
+The valid codes for B<verify_result> are documented in L<verify(1)|verify(1)>.
+
+=head1 RETURN VALUES
+
+SSL_set_verify_result() does not provide a return value.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
+L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>,
+L<verify(1)|verify(1)>
+
+=cut
diff --git a/doc/ssl/SSL_shutdown.pod b/doc/ssl/SSL_shutdown.pod
new file mode 100644
index 0000000000..6b5012be7a
--- /dev/null
+++ b/doc/ssl/SSL_shutdown.pod
@@ -0,0 +1,125 @@
+=pod
+
+=head1 NAME
+
+SSL_shutdown - shut down a TLS/SSL connection
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_shutdown(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_shutdown() shuts down an active TLS/SSL connection. It sends the 
+"close notify" shutdown alert to the peer.
+
+=head1 NOTES
+
+SSL_shutdown() tries to send the "close notify" shutdown alert to the peer.
+Whether the operation succeeds or not, the SSL_SENT_SHUTDOWN flag is set and
+a currently open session is considered closed and good and will be kept in the
+session cache for further reuse.
+
+The shutdown procedure consists of 2 steps: the sending of the "close notify"
+shutdown alert and the reception of the peer's "close notify" shutdown
+alert. According to the TLS standard, it is acceptable for an application
+to only send its shutdown alert and then close the underlying connection
+without waiting for the peer's response (this way resources can be saved,
+as the process can already terminate or serve another connection).
+When the underlying connection shall be used for more communications, the
+complete shutdown procedure (bidirectional "close notify" alerts) must be
+performed, so that the peers stay synchronized.
+
+SSL_shutdown() supports both uni- and bidirectional shutdown by its 2 step
+behaviour.
+
+=over 4
+
+=item When the application is the first party to send the "close notify"
+alert, SSL_shutdown() will only send the alert and the set the
+SSL_SENT_SHUTDOWN flag (so that the session is considered good and will
+be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional
+shutdown is enough (the underlying connection shall be closed anyway), this
+first call to SSL_shutdown() is sufficient. In order to complete the
+bidirectional shutdown handshake, SSL_shutdown() must be called again.
+The second call will make SSL_shutdown() wait for the peer's "close notify"
+shutdown alert. On success, the second call to SSL_shutdown() will return
+with 1.
+
+=item If the peer already sent the "close notify" alert B<and> it was
+already processed implicitly inside another function
+(L<SSL_read(3)|SSL_read(3)>), the SSL_RECEIVED_SHUTDOWN flag is set.
+SSL_shutdown() will send the "close notify" alert, set the SSL_SENT_SHUTDOWN
+flag and will immediately return with 1.
+Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the
+SSL_get_shutdown() (see also L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> call.
+
+=back
+
+It is therefore recommended, to check the return value of SSL_shutdown()
+and call SSL_shutdown() again, if the bidirectional shutdown is not yet
+complete (return value of the first call is 0). As the shutdown is not
+specially handled in the SSLv2 protocol, SSL_shutdown() will succeed on
+the first call.
+
+The behaviour of SSL_shutdown() additionally depends on the underlying BIO. 
+
+If the underlying BIO is B<blocking>, SSL_shutdown() will only return once the
+handshake step has been finished or an error occurred.
+
+If the underlying BIO is B<non-blocking>, SSL_shutdown() will also return
+when the underlying BIO could not satisfy the needs of SSL_shutdown()
+to continue the handshake. In this case a call to SSL_get_error() with the
+return value of SSL_shutdown() will yield B<SSL_ERROR_WANT_READ> or
+B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
+taking appropriate action to satisfy the needs of SSL_shutdown().
+The action depends on the underlying BIO. When using a non-blocking socket,
+nothing is to be done, but select() can be used to check for the required
+condition. When using a buffering BIO, like a BIO pair, data must be written
+into or retrieved out of the BIO before being able to continue.
+
+SSL_shutdown() can be modified to only set the connection to "shutdown"
+state but not actually send the "close notify" alert messages,
+see L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>.
+When "quiet shutdown" is enabled, SSL_shutdown() will always succeed
+and return 1.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item 1
+
+The shutdown was successfully completed. The "close notify" alert was sent
+and the peer's "close notify" alert was received.
+
+=item 0
+
+The shutdown is not yet finished. Call SSL_shutdown() for a second time,
+if a bidirectional shutdown shall be performed.
+The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
+erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
+
+=item -1
+
+The shutdown was not successful because a fatal error occurred either
+at the protocol level or a connection failure occurred. It can also occur if
+action is need to continue the operation for non-blocking BIOs.
+Call L<SSL_get_error(3)|SSL_get_error(3)> with the return value B<ret>
+to find out the reason.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
+L<SSL_accept(3)|SSL_accept(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
+L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
+L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>,
+L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
+
+=cut
diff --git a/doc/ssl/SSL_state_string.pod b/doc/ssl/SSL_state_string.pod
new file mode 100644
index 0000000000..b4be1aaa48
--- /dev/null
+++ b/doc/ssl/SSL_state_string.pod
@@ -0,0 +1,45 @@
+=pod
+
+=head1 NAME
+
+SSL_state_string, SSL_state_string_long - get textual description of state of an SSL object
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ const char *SSL_state_string(SSL *ssl);
+ const char *SSL_state_string_long(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_state_string() returns a 6 letter string indicating the current state
+of the SSL object B<ssl>.
+
+SSL_state_string_long() returns a string indicating the current state of
+the SSL object B<ssl>.
+
+=head1 NOTES
+
+During its use, an SSL objects passes several states. The state is internally
+maintained. Querying the state information is not very informative before
+or when a connection has been established. It however can be of significant
+interest during the handshake.
+
+When using non-blocking sockets, the function call performing the handshake
+may return with SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition,
+so that SSL_state_string[_long]() may be called.
+
+For both blocking or non-blocking sockets, the details state information
+can be used within the info_callback function set with the
+SSL_set_info_callback() call.
+
+=head1 RETURN VALUES
+
+Detailed description of possible states to be included later.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)>
+
+=cut
diff --git a/doc/ssl/SSL_want.pod b/doc/ssl/SSL_want.pod
new file mode 100644
index 0000000000..50cc89db80
--- /dev/null
+++ b/doc/ssl/SSL_want.pod
@@ -0,0 +1,77 @@
+=pod
+
+=head1 NAME
+
+SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup - obtain state information TLS/SSL I/O operation
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_want(SSL *ssl);
+ int SSL_want_nothing(SSL *ssl);
+ int SSL_want_read(SSL *ssl);
+ int SSL_want_write(SSL *ssl);
+ int SSL_want_x509_lookup(SSL *ssl);
+
+=head1 DESCRIPTION
+
+SSL_want() returns state information for the SSL object B<ssl>.
+
+The other SSL_want_*() calls are shortcuts for the possible states returned
+by SSL_want().
+
+=head1 NOTES
+
+SSL_want() examines the internal state information of the SSL object. Its
+return values are similar to that of L<SSL_get_error(3)|SSL_get_error(3)>.
+Unlike L<SSL_get_error(3)|SSL_get_error(3)>, which also evaluates the
+error queue, the results are obtained by examining an internal state flag
+only. The information must therefore only be used for normal operation under
+non-blocking I/O. Error conditions are not handled and must be treated
+using L<SSL_get_error(3)|SSL_get_error(3)>.
+
+The result returned by SSL_want() should always be consistent with
+the result of L<SSL_get_error(3)|SSL_get_error(3)>.
+
+=head1 RETURN VALUES
+
+The following return values can currently occur for SSL_want():
+
+=over 4
+
+=item SSL_NOTHING
+
+There is no data to be written or to be read.
+
+=item SSL_WRITING
+
+There are data in the SSL buffer that must be written to the underlying
+B<BIO> layer in order to complete the actual SSL_*() operation.
+A call to L<SSL_get_error(3)|SSL_get_error(3)> should return
+SSL_ERROR_WANT_WRITE.
+
+=item SSL_READING
+
+More data must be read from the underlying B<BIO> layer in order to
+complete the actual SSL_*() operation.
+A call to L<SSL_get_error(3)|SSL_get_error(3)> should return
+SSL_ERROR_WANT_READ.
+
+=item SSL_X509_LOOKUP
+
+The operation did not complete because an application callback set by
+SSL_CTX_set_client_cert_cb() has asked to be called again.
+A call to L<SSL_get_error(3)|SSL_get_error(3)> should return
+SSL_ERROR_WANT_X509_LOOKUP.
+
+=back
+
+SSL_want_nothing(), SSL_want_read(), SSL_want_write(), SSL_want_x509_lookup()
+return 1, when the corresponding condition is true or 0 otherwise.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<err(3)|err(3)>, L<SSL_get_error(3)|SSL_get_error(3)>
+
+=cut
diff --git a/doc/ssl/SSL_write.pod b/doc/ssl/SSL_write.pod
new file mode 100644
index 0000000000..e013c12d52
--- /dev/null
+++ b/doc/ssl/SSL_write.pod
@@ -0,0 +1,109 @@
+=pod
+
+=head1 NAME
+
+SSL_write - write bytes to a TLS/SSL connection.
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ int SSL_write(SSL *ssl, const void *buf, int num);
+
+=head1 DESCRIPTION
+
+SSL_write() writes B<num> bytes from the buffer B<buf> into the specified
+B<ssl> connection.
+
+=head1 NOTES
+
+If necessary, SSL_write() will negotiate a TLS/SSL session, if
+not already explicitly performed by L<SSL_connect(3)|SSL_connect(3)> or
+L<SSL_accept(3)|SSL_accept(3)>. If the
+peer requests a re-negotiation, it will be performed transparently during
+the SSL_write() operation. The behaviour of SSL_write() depends on the
+underlying BIO. 
+
+For the transparent negotiation to succeed, the B<ssl> must have been
+initialized to client or server mode. This is being done by calling
+L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
+before the first call to an L<SSL_read(3)|SSL_read(3)> or SSL_write() function.
+
+If the underlying BIO is B<blocking>, SSL_write() will only return, once the
+write operation has been finished or an error occurred, except when a
+renegotiation take place, in which case a SSL_ERROR_WANT_READ may occur. 
+This behaviour can be controlled with the SSL_MODE_AUTO_RETRY flag of the
+L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> call.
+
+If the underlying BIO is B<non-blocking>, SSL_write() will also return,
+when the underlying BIO could not satisfy the needs of SSL_write()
+to continue the operation. In this case a call to
+L<SSL_get_error(3)|SSL_get_error(3)> with the
+return value of SSL_write() will yield B<SSL_ERROR_WANT_READ> or
+B<SSL_ERROR_WANT_WRITE>. As at any time a re-negotiation is possible, a
+call to SSL_write() can also cause read operations! The calling process
+then must repeat the call after taking appropriate action to satisfy the
+needs of SSL_write(). The action depends on the underlying BIO. When using a
+non-blocking socket, nothing is to be done, but select() can be used to check
+for the required condition. When using a buffering BIO, like a BIO pair, data
+must be written into or retrieved out of the BIO before being able to continue.
+
+SSL_write() will only return with success, when the complete contents
+of B<buf> of length B<num> has been written. This default behaviour
+can be changed with the SSL_MODE_ENABLE_PARTIAL_WRITE option of
+L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>. When this flag is set,
+SSL_write() will also return with success, when a partial write has been
+successfully completed. In this case the SSL_write() operation is considered
+completed. The bytes are sent and a new SSL_write() operation with a new
+buffer (with the already sent bytes removed) must be started.
+A partial write is performed with the size of a message block, which is
+16kB for SSLv3/TLSv1.
+
+=head1 WARNING
+
+When an SSL_write() operation has to be repeated because of
+B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated
+with the same arguments.
+
+When calling SSL_write() with num=0 bytes to be sent the behaviour is
+undefined.
+
+=head1 RETURN VALUES
+
+The following return values can occur:
+
+=over 4
+
+=item E<gt>0
+
+The write operation was successful, the return value is the number of
+bytes actually written to the TLS/SSL connection.
+
+=item 0
+
+The write operation was not successful. Probably the underlying connection
+was closed. Call SSL_get_error() with the return value B<ret> to find out,
+whether an error occurred or the connection was shut down cleanly
+(SSL_ERROR_ZERO_RETURN).
+
+SSLv2 (deprecated) does not support a shutdown alert protocol, so it can
+only be detected, whether the underlying connection was closed. It cannot
+be checked, why the closure happened.
+
+=item E<lt>0
+
+The write operation was not successful, because either an error occurred
+or action must be taken by the calling process. Call SSL_get_error() with the
+return value B<ret> to find out the reason.
+
+=back
+
+=head1 SEE ALSO
+
+L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_read(3)|SSL_read(3)>,
+L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
+L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>
+L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
+L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
+
+=cut
diff --git a/doc/ssl/d2i_SSL_SESSION.pod b/doc/ssl/d2i_SSL_SESSION.pod
new file mode 100644
index 0000000000..0321a5a36f
--- /dev/null
+++ b/doc/ssl/d2i_SSL_SESSION.pod
@@ -0,0 +1,66 @@
+=pod
+
+=head1 NAME
+
+d2i_SSL_SESSION, i2d_SSL_SESSION - convert SSL_SESSION object from/to ASN1 representation
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, long length);
+ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
+
+=head1 DESCRIPTION
+
+d2i_SSL_SESSION() transforms the external ASN1 representation of an SSL/TLS
+session, stored as binary data at location B<pp> with length B<length>, into
+an SSL_SESSION object.
+
+i2d_SSL_SESSION() transforms the SSL_SESSION object B<in> into the ASN1
+representation and stores it into the memory location pointed to by B<pp>.
+The length of the resulting ASN1 representation is returned. If B<pp> is
+the NULL pointer, only the length is calculated and returned.
+
+=head1 NOTES
+
+The SSL_SESSION object is built from several malloc()ed parts, it can
+therefore not be moved, copied or stored directly. In order to store
+session data on disk or into a database, it must be transformed into
+a binary ASN1 representation.
+
+When using d2i_SSL_SESSION(), the SSL_SESSION object is automatically
+allocated. The reference count is 1, so that the session must be
+explicitly removed using L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
+unless the SSL_SESSION object is completely taken over, when being called
+inside the get_session_cb() (see
+L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>).
+
+SSL_SESSION objects keep internal link information about the session cache
+list, when being inserted into one SSL_CTX object's session cache.
+One SSL_SESSION object, regardless of its reference count, must therefore
+only be used with one SSL_CTX object (and the SSL objects created
+from this SSL_CTX object).
+
+When using i2d_SSL_SESSION(), the memory location pointed to by B<pp> must be
+large enough to hold the binary representation of the session. There is no
+known limit on the size of the created ASN1 representation, so the necessary
+amount of space should be obtained by first calling i2d_SSL_SESSION() with
+B<pp=NULL>, and obtain the size needed, then allocate the memory and
+call i2d_SSL_SESSION() again.
+
+=head1 RETURN VALUES
+
+d2i_SSL_SESSION() returns a pointer to the newly allocated SSL_SESSION
+object. In case of failure the NULL-pointer is returned and the error message
+can be retrieved from the error stack.
+
+i2d_SSL_SESSION() returns the size of the ASN1 representation in bytes.
+When the session is not valid, B<0> is returned and no operation is performed.
+
+=head1 SEE ALSO
+
+L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
+L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>
+
+=cut
diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod
new file mode 100644
index 0000000000..3dc5358ef6
--- /dev/null
+++ b/doc/ssl/ssl.pod
@@ -0,0 +1,736 @@
+
+=pod
+
+=head1 NAME
+
+SSL - OpenSSL SSL/TLS library
+
+=head1 SYNOPSIS
+
+=head1 DESCRIPTION
+
+The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and
+Transport Layer Security (TLS v1) protocols. It provides a rich API which is
+documented here.
+
+At first the library must be initialized; see
+L<SSL_library_init(3)|SSL_library_init(3)>.
+
+Then an B<SSL_CTX> object is created as a framework to establish
+TLS/SSL enabled connections (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>).
+Various options regarding certificates, algorithms etc. can be set
+in this object.
+
+When a network connection has been created, it can be assigned to an
+B<SSL> object. After the B<SSL> object has been created using
+L<SSL_new(3)|SSL_new(3)>, L<SSL_set_fd(3)|SSL_set_fd(3)> or
+L<SSL_set_bio(3)|SSL_set_bio(3)> can be used to associate the network
+connection with the object.
+
+Then the TLS/SSL handshake is performed using
+L<SSL_accept(3)|SSL_accept(3)> or L<SSL_connect(3)|SSL_connect(3)>
+respectively.
+L<SSL_read(3)|SSL_read(3)> and L<SSL_write(3)|SSL_write(3)> are used
+to read and write data on the TLS/SSL connection.
+L<SSL_shutdown(3)|SSL_shutdown(3)> can be used to shut down the
+TLS/SSL connection.
+
+=head1 DATA STRUCTURES
+
+Currently the OpenSSL B<ssl> library functions deals with the following data
+structures:
+
+=over 4
+
+=item B<SSL_METHOD> (SSL Method)
+
+That's a dispatch structure describing the internal B<ssl> library
+methods/functions which implement the various protocol versions (SSLv1, SSLv2
+and TLSv1). It's needed to create an B<SSL_CTX>.
+
+=item B<SSL_CIPHER> (SSL Cipher)
+
+This structure holds the algorithm information for a particular cipher which
+are a core part of the SSL/TLS protocol. The available ciphers are configured
+on a B<SSL_CTX> basis and the actually used ones are then part of the
+B<SSL_SESSION>.
+
+=item B<SSL_CTX> (SSL Context)
+
+That's the global context structure which is created by a server or client
+once per program life-time and which holds mainly default values for the
+B<SSL> structures which are later created for the connections.
+
+=item B<SSL_SESSION> (SSL Session)
+
+This is a structure containing the current TLS/SSL session details for a
+connection: B<SSL_CIPHER>s, client and server certificates, keys, etc.
+
+=item B<SSL> (SSL Connection)
+
+That's the main SSL/TLS structure which is created by a server or client per
+established connection. This actually is the core structure in the SSL API.
+Under run-time the application usually deals with this structure which has
+links to mostly all other structures.
+
+=back
+
+
+=head1 HEADER FILES
+
+Currently the OpenSSL B<ssl> library provides the following C header files
+containing the prototypes for the data structures and and functions:
+
+=over 4
+
+=item B<ssl.h>
+
+That's the common header file for the SSL/TLS API.  Include it into your
+program to make the API of the B<ssl> library available. It internally
+includes both more private SSL headers and headers from the B<crypto> library.
+Whenever you need hard-core details on the internals of the SSL API, look
+inside this header file.
+
+=item B<ssl2.h>
+
+That's the sub header file dealing with the SSLv2 protocol only.
+I<Usually you don't have to include it explicitly because
+it's already included by ssl.h>.
+
+=item B<ssl3.h>
+
+That's the sub header file dealing with the SSLv3 protocol only.
+I<Usually you don't have to include it explicitly because
+it's already included by ssl.h>.
+
+=item B<ssl23.h>
+
+That's the sub header file dealing with the combined use of the SSLv2 and
+SSLv3 protocols.
+I<Usually you don't have to include it explicitly because
+it's already included by ssl.h>.
+
+=item B<tls1.h>
+
+That's the sub header file dealing with the TLSv1 protocol only.
+I<Usually you don't have to include it explicitly because
+it's already included by ssl.h>.
+
+=back
+
+=head1 API FUNCTIONS
+
+Currently the OpenSSL B<ssl> library exports 214 API functions.
+They are documented in the following:
+
+=head2 DEALING WITH PROTOCOL METHODS
+
+Here we document the various API functions which deal with the SSL/TLS
+protocol methods defined in B<SSL_METHOD> structures.
+
+=over 4
+
+=item SSL_METHOD *B<SSLv2_client_method>(void);
+
+Constructor for the SSLv2 SSL_METHOD structure for a dedicated client.
+
+=item SSL_METHOD *B<SSLv2_server_method>(void);
+
+Constructor for the SSLv2 SSL_METHOD structure for a dedicated server.
+
+=item SSL_METHOD *B<SSLv2_method>(void);
+
+Constructor for the SSLv2 SSL_METHOD structure for combined client and server.
+
+=item SSL_METHOD *B<SSLv3_client_method>(void);
+
+Constructor for the SSLv3 SSL_METHOD structure for a dedicated client.
+
+=item SSL_METHOD *B<SSLv3_server_method>(void);
+
+Constructor for the SSLv3 SSL_METHOD structure for a dedicated server.
+
+=item SSL_METHOD *B<SSLv3_method>(void);
+
+Constructor for the SSLv3 SSL_METHOD structure for combined client and server.
+
+=item SSL_METHOD *B<TLSv1_client_method>(void);
+
+Constructor for the TLSv1 SSL_METHOD structure for a dedicated client.
+
+=item SSL_METHOD *B<TLSv1_server_method>(void);
+
+Constructor for the TLSv1 SSL_METHOD structure for a dedicated server.
+
+=item SSL_METHOD *B<TLSv1_method>(void);
+
+Constructor for the TLSv1 SSL_METHOD structure for combined client and server.
+
+=back
+
+=head2 DEALING WITH CIPHERS
+
+Here we document the various API functions which deal with the SSL/TLS
+ciphers defined in B<SSL_CIPHER> structures.
+
+=over 4
+
+=item char *B<SSL_CIPHER_description>(SSL_CIPHER *cipher, char *buf, int len);
+
+Write a string to I<buf> (with a maximum size of I<len>) containing a human
+readable description of I<cipher>. Returns I<buf>.
+
+=item int B<SSL_CIPHER_get_bits>(SSL_CIPHER *cipher, int *alg_bits);
+
+Determine the number of bits in I<cipher>. Because of export crippled ciphers
+there are two bits: The bits the algorithm supports in general (stored to
+I<alg_bits>) and the bits which are actually used (the return value).
+
+=item const char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher);
+
+Return the internal name of I<cipher> as a string. These are the various
+strings defined by the I<SSL2_TXT_xxx>, I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx>
+definitions in the header files.
+
+=item char *B<SSL_CIPHER_get_version>(SSL_CIPHER *cipher);
+
+Returns a string like "C<TLSv1/SSLv3>" or "C<SSLv2>" which indicates the
+SSL/TLS protocol version to which I<cipher> belongs (i.e. where it was defined
+in the specification the first time).
+
+=back
+
+=head2 DEALING WITH PROTOCOL CONTEXTS
+
+Here we document the various API functions which deal with the SSL/TLS
+protocol context defined in the B<SSL_CTX> structure.
+
+=over 4
+
+=item int B<SSL_CTX_add_client_CA>(SSL_CTX *ctx, X509 *x);
+
+=item long B<SSL_CTX_add_extra_chain_cert>(SSL_CTX *ctx, X509 *x509);
+
+=item int B<SSL_CTX_add_session>(SSL_CTX *ctx, SSL_SESSION *c);
+
+=item int B<SSL_CTX_check_private_key>(SSL_CTX *ctx);
+
+=item long B<SSL_CTX_ctrl>(SSL_CTX *ctx, int cmd, long larg, char *parg);
+
+=item void B<SSL_CTX_flush_sessions>(SSL_CTX *s, long t);
+
+=item void B<SSL_CTX_free>(SSL_CTX *a);
+
+=item char *B<SSL_CTX_get_app_data>(SSL_CTX *ctx);
+
+=item X509_STORE *B<SSL_CTX_get_cert_store>(SSL_CTX *ctx);
+
+=item STACK *B<SSL_CTX_get_client_CA_list>(SSL_CTX *ctx);
+
+=item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+
+=item char *B<SSL_CTX_get_ex_data>(SSL_CTX *s, int idx);
+
+=item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+=item void (*B<SSL_CTX_get_info_callback>(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);
+
+=item int B<SSL_CTX_get_quiet_shutdown>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx);
+
+=item long B<SSL_CTX_get_timeout>(SSL_CTX *ctx);
+
+=item int (*B<SSL_CTX_get_verify_callback>(SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);
+
+=item int B<SSL_CTX_get_verify_mode>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_load_verify_locations>(SSL_CTX *ctx, char *CAfile, char *CApath);
+
+=item long B<SSL_CTX_need_tmp_RSA>(SSL_CTX *ctx);
+
+=item SSL_CTX *B<SSL_CTX_new>(SSL_METHOD *meth);
+
+=item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c);
+
+=item int B<SSL_CTX_sess_accept>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_accept_good>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_accept_renegotiate>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_cache_full>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_cb_hits>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_connect>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_connect_good>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_connect_renegotiate>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_get_cache_size>(SSL_CTX *ctx);
+
+=item SSL_SESSION *(*B<SSL_CTX_sess_get_get_cb>(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);
+
+=item int (*B<SSL_CTX_sess_get_new_cb>(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);
+
+=item void (*B<SSL_CTX_sess_get_remove_cb>(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);
+
+=item int B<SSL_CTX_sess_hits>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_misses>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_sess_number>(SSL_CTX *ctx);
+
+=item void B<SSL_CTX_sess_set_cache_size>(SSL_CTX *ctx,t);
+
+=item void B<SSL_CTX_sess_set_get_cb>(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));
+
+=item void B<SSL_CTX_sess_set_new_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));
+
+=item void B<SSL_CTX_sess_set_remove_cb>(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));
+
+=item int B<SSL_CTX_sess_timeouts>(SSL_CTX *ctx);
+
+=item LHASH *B<SSL_CTX_sessions>(SSL_CTX *ctx);
+
+=item void B<SSL_CTX_set_app_data>(SSL_CTX *ctx, void *arg);
+
+=item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs);
+
+=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(), char *arg)
+
+=item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str);
+
+=item void B<SSL_CTX_set_client_CA_list>(SSL_CTX *ctx, STACK *list);
+
+=item void B<SSL_CTX_set_client_cert_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+
+=item void B<SSL_CTX_set_default_passwd_cb>(SSL_CTX *ctx, int (*cb);(void))
+
+=item void B<SSL_CTX_set_default_read_ahead>(SSL_CTX *ctx, int m);
+
+=item int B<SSL_CTX_set_default_verify_paths>(SSL_CTX *ctx);
+
+=item int B<SSL_CTX_set_ex_data>(SSL_CTX *s, int idx, char *arg);
+
+=item void B<SSL_CTX_set_info_callback>(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));
+
+=item void B<SSL_CTX_set_msg_callback>(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+
+=item void B<SSL_CTX_set_msg_callback_arg>(SSL_CTX *ctx, void *arg);
+
+=item void B<SSL_CTX_set_options>(SSL_CTX *ctx, unsigned long op);
+
+=item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode);
+
+=item void B<SSL_CTX_set_session_cache_mode>(SSL_CTX *ctx, int mode);
+
+=item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, SSL_METHOD *meth);
+
+=item void B<SSL_CTX_set_timeout>(SSL_CTX *ctx, long t);
+
+=item long B<SSL_CTX_set_tmp_dh>(SSL_CTX* ctx, DH *dh);
+
+=item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void));
+
+=item long B<SSL_CTX_set_tmp_rsa>(SSL_CTX *ctx, RSA *rsa);
+
+=item SSL_CTX_set_tmp_rsa_callback
+
+C<long B<SSL_CTX_set_tmp_rsa_callback>(SSL_CTX *B<ctx>, RSA *(*B<cb>)(SSL *B<ssl>, int B<export>, int B<keylength>));>
+
+Sets the callback which will be called when a temporary private key is
+required. The B<C<export>> flag will be set if the reason for needing
+a temp key is that an export ciphersuite is in use, in which case,
+B<C<keylength>> will contain the required keylength in bits. Generate a key of
+appropriate size (using ???) and return it.
+
+=item SSL_set_tmp_rsa_callback
+
+long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
+
+The same as B<SSL_CTX_set_tmp_rsa_callback>, except it operates on an SSL
+session instead of a context.
+
+=item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
+
+=item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey);
+
+=item int B<SSL_CTX_use_PrivateKey_ASN1>(int type, SSL_CTX *ctx, unsigned char *d, long len);
+
+=item int B<SSL_CTX_use_PrivateKey_file>(SSL_CTX *ctx, char *file, int type);
+
+=item int B<SSL_CTX_use_RSAPrivateKey>(SSL_CTX *ctx, RSA *rsa);
+
+=item int B<SSL_CTX_use_RSAPrivateKey_ASN1>(SSL_CTX *ctx, unsigned char *d, long len);
+
+=item int B<SSL_CTX_use_RSAPrivateKey_file>(SSL_CTX *ctx, char *file, int type);
+
+=item int B<SSL_CTX_use_certificate>(SSL_CTX *ctx, X509 *x);
+
+=item int B<SSL_CTX_use_certificate_ASN1>(SSL_CTX *ctx, int len, unsigned char *d);
+
+=item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, char *file, int type);
+
+=back
+
+=head2 DEALING WITH SESSIONS
+
+Here we document the various API functions which deal with the SSL/TLS
+sessions defined in the B<SSL_SESSION> structures.
+
+=over 4
+
+=item int B<SSL_SESSION_cmp>(SSL_SESSION *a, SSL_SESSION *b);
+
+=item void B<SSL_SESSION_free>(SSL_SESSION *ss);
+
+=item char *B<SSL_SESSION_get_app_data>(SSL_SESSION *s);
+
+=item char *B<SSL_SESSION_get_ex_data>(SSL_SESSION *s, int idx);
+
+=item int B<SSL_SESSION_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+=item long B<SSL_SESSION_get_time>(SSL_SESSION *s);
+
+=item long B<SSL_SESSION_get_timeout>(SSL_SESSION *s);
+
+=item unsigned long B<SSL_SESSION_hash>(SSL_SESSION *a);
+
+=item SSL_SESSION *B<SSL_SESSION_new>(void);
+
+=item int B<SSL_SESSION_print>(BIO *bp, SSL_SESSION *x);
+
+=item int B<SSL_SESSION_print_fp>(FILE *fp, SSL_SESSION *x);
+
+=item void B<SSL_SESSION_set_app_data>(SSL_SESSION *s, char *a);
+
+=item int B<SSL_SESSION_set_ex_data>(SSL_SESSION *s, int idx, char *arg);
+
+=item long B<SSL_SESSION_set_time>(SSL_SESSION *s, long t);
+
+=item long B<SSL_SESSION_set_timeout>(SSL_SESSION *s, long t);
+
+=back
+
+=head2 DEALING WITH CONNECTIONS
+
+Here we document the various API functions which deal with the SSL/TLS
+connection defined in the B<SSL> structure.
+
+=over 4
+
+=item int B<SSL_accept>(SSL *ssl);
+
+=item int B<SSL_add_dir_cert_subjects_to_stack>(STACK *stack, const char *dir);
+
+=item int B<SSL_add_file_cert_subjects_to_stack>(STACK *stack, const char *file);
+
+=item int B<SSL_add_client_CA>(SSL *ssl, X509 *x);
+
+=item char *B<SSL_alert_desc_string>(int value);
+
+=item char *B<SSL_alert_desc_string_long>(int value);
+
+=item char *B<SSL_alert_type_string>(int value);
+
+=item char *B<SSL_alert_type_string_long>(int value);
+
+=item int B<SSL_check_private_key>(SSL *ssl);
+
+=item void B<SSL_clear>(SSL *ssl);
+
+=item long B<SSL_clear_num_renegotiations>(SSL *ssl);
+
+=item int B<SSL_connect>(SSL *ssl);
+
+=item void B<SSL_copy_session_id>(SSL *t, SSL *f);
+
+=item long B<SSL_ctrl>(SSL *ssl, int cmd, long larg, char *parg);
+
+=item int B<SSL_do_handshake>(SSL *ssl);
+
+=item SSL *B<SSL_dup>(SSL *ssl);
+
+=item STACK *B<SSL_dup_CA_list>(STACK *sk);
+
+=item void B<SSL_free>(SSL *ssl);
+
+=item SSL_CTX *B<SSL_get_SSL_CTX>(SSL *ssl);
+
+=item char *B<SSL_get_app_data>(SSL *ssl);
+
+=item X509 *B<SSL_get_certificate>(SSL *ssl);
+
+=item const char *B<SSL_get_cipher>(SSL *ssl);
+
+=item int B<SSL_get_cipher_bits>(SSL *ssl, int *alg_bits);
+
+=item char *B<SSL_get_cipher_list>(SSL *ssl, int n);
+
+=item char *B<SSL_get_cipher_name>(SSL *ssl);
+
+=item char *B<SSL_get_cipher_version>(SSL *ssl);
+
+=item STACK *B<SSL_get_ciphers>(SSL *ssl);
+
+=item STACK *B<SSL_get_client_CA_list>(SSL *ssl);
+
+=item SSL_CIPHER *B<SSL_get_current_cipher>(SSL *ssl);
+
+=item long B<SSL_get_default_timeout>(SSL *ssl);
+
+=item int B<SSL_get_error>(SSL *ssl, int i);
+
+=item char *B<SSL_get_ex_data>(SSL *ssl, int idx);
+
+=item int B<SSL_get_ex_data_X509_STORE_CTX_idx>(void);
+
+=item int B<SSL_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+
+=item int B<SSL_get_fd>(SSL *ssl);
+
+=item void (*B<SSL_get_info_callback>(SSL *ssl);)(void)
+
+=item STACK *B<SSL_get_peer_cert_chain>(SSL *ssl);
+
+=item X509 *B<SSL_get_peer_certificate>(SSL *ssl);
+
+=item EVP_PKEY *B<SSL_get_privatekey>(SSL *ssl);
+
+=item int B<SSL_get_quiet_shutdown>(SSL *ssl);
+
+=item BIO *B<SSL_get_rbio>(SSL *ssl);
+
+=item int B<SSL_get_read_ahead>(SSL *ssl);
+
+=item SSL_SESSION *B<SSL_get_session>(SSL *ssl);
+
+=item char *B<SSL_get_shared_ciphers>(SSL *ssl, char *buf, int len);
+
+=item int B<SSL_get_shutdown>(SSL *ssl);
+
+=item SSL_METHOD *B<SSL_get_ssl_method>(SSL *ssl);
+
+=item int B<SSL_get_state>(SSL *ssl);
+
+=item long B<SSL_get_time>(SSL *ssl);
+
+=item long B<SSL_get_timeout>(SSL *ssl);
+
+=item int (*B<SSL_get_verify_callback>(SSL *ssl);)(void)
+
+=item int B<SSL_get_verify_mode>(SSL *ssl);
+
+=item long B<SSL_get_verify_result>(SSL *ssl);
+
+=item char *B<SSL_get_version>(SSL *ssl);
+
+=item BIO *B<SSL_get_wbio>(SSL *ssl);
+
+=item int B<SSL_in_accept_init>(SSL *ssl);
+
+=item int B<SSL_in_before>(SSL *ssl);
+
+=item int B<SSL_in_connect_init>(SSL *ssl);
+
+=item int B<SSL_in_init>(SSL *ssl);
+
+=item int B<SSL_is_init_finished>(SSL *ssl);
+
+=item STACK *B<SSL_load_client_CA_file>(char *file);
+
+=item void B<SSL_load_error_strings>(void);
+
+=item SSL *B<SSL_new>(SSL_CTX *ctx);
+
+=item long B<SSL_num_renegotiations>(SSL *ssl);
+
+=item int B<SSL_peek>(SSL *ssl, void *buf, int num);
+
+=item int B<SSL_pending>(SSL *ssl);
+
+=item int B<SSL_read>(SSL *ssl, void *buf, int num);
+
+=item int B<SSL_renegotiate>(SSL *ssl);
+
+=item char *B<SSL_rstate_string>(SSL *ssl);
+
+=item char *B<SSL_rstate_string_long>(SSL *ssl);
+
+=item long B<SSL_session_reused>(SSL *ssl);
+
+=item void B<SSL_set_accept_state>(SSL *ssl);
+
+=item void B<SSL_set_app_data>(SSL *ssl, char *arg);
+
+=item void B<SSL_set_bio>(SSL *ssl, BIO *rbio, BIO *wbio);
+
+=item int B<SSL_set_cipher_list>(SSL *ssl, char *str);
+
+=item void B<SSL_set_client_CA_list>(SSL *ssl, STACK *list);
+
+=item void B<SSL_set_connect_state>(SSL *ssl);
+
+=item int B<SSL_set_ex_data>(SSL *ssl, int idx, char *arg);
+
+=item int B<SSL_set_fd>(SSL *ssl, int fd);
+
+=item void B<SSL_set_info_callback>(SSL *ssl, void (*cb);(void))
+
+=item void B<SSL_set_msg_callback>(SSL *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+
+=item void B<SSL_set_msg_callback_arg>(SSL *ctx, void *arg);
+
+=item void B<SSL_set_options>(SSL *ssl, unsigned long op);
+
+=item void B<SSL_set_quiet_shutdown>(SSL *ssl, int mode);
+
+=item void B<SSL_set_read_ahead>(SSL *ssl, int yes);
+
+=item int B<SSL_set_rfd>(SSL *ssl, int fd);
+
+=item int B<SSL_set_session>(SSL *ssl, SSL_SESSION *session);
+
+=item void B<SSL_set_shutdown>(SSL *ssl, int mode);
+
+=item int B<SSL_set_ssl_method>(SSL *ssl, SSL_METHOD *meth);
+
+=item void B<SSL_set_time>(SSL *ssl, long t);
+
+=item void B<SSL_set_timeout>(SSL *ssl, long t);
+
+=item void B<SSL_set_verify>(SSL *ssl, int mode, int (*callback);(void))
+
+=item void B<SSL_set_verify_result>(SSL *ssl, long arg);
+
+=item int B<SSL_set_wfd>(SSL *ssl, int fd);
+
+=item int B<SSL_shutdown>(SSL *ssl);
+
+=item int B<SSL_state>(SSL *ssl);
+
+=item char *B<SSL_state_string>(SSL *ssl);
+
+=item char *B<SSL_state_string_long>(SSL *ssl);
+
+=item long B<SSL_total_renegotiations>(SSL *ssl);
+
+=item int B<SSL_use_PrivateKey>(SSL *ssl, EVP_PKEY *pkey);
+
+=item int B<SSL_use_PrivateKey_ASN1>(int type, SSL *ssl, unsigned char *d, long len);
+
+=item int B<SSL_use_PrivateKey_file>(SSL *ssl, char *file, int type);
+
+=item int B<SSL_use_RSAPrivateKey>(SSL *ssl, RSA *rsa);
+
+=item int B<SSL_use_RSAPrivateKey_ASN1>(SSL *ssl, unsigned char *d, long len);
+
+=item int B<SSL_use_RSAPrivateKey_file>(SSL *ssl, char *file, int type);
+
+=item int B<SSL_use_certificate>(SSL *ssl, X509 *x);
+
+=item int B<SSL_use_certificate_ASN1>(SSL *ssl, int len, unsigned char *d);
+
+=item int B<SSL_use_certificate_file>(SSL *ssl, char *file, int type);
+
+=item int B<SSL_version>(SSL *ssl);
+
+=item int B<SSL_want>(SSL *ssl);
+
+=item int B<SSL_want_nothing>(SSL *ssl);
+
+=item int B<SSL_want_read>(SSL *ssl);
+
+=item int B<SSL_want_write>(SSL *ssl);
+
+=item int B<SSL_want_x509_lookup>(s);
+
+=item int B<SSL_write>(SSL *ssl, const void *buf, int num);
+
+=back
+
+=head1 SEE ALSO
+
+L<openssl(1)|openssl(1)>, L<crypto(3)|crypto(3)>,
+L<SSL_accept(3)|SSL_accept(3)>, L<SSL_clear(3)|SSL_clear(3)>,
+L<SSL_connect(3)|SSL_connect(3)>,
+L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)>,
+L<SSL_COMP_add_compression_method(3)|SSL_COMP_add_compression_method(3)>,
+L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
+L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
+L<SSL_CTX_ctrl(3)|SSL_CTX_ctrl(3)>,
+L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
+L<SSL_CTX_get_ex_new_index(3)|SSL_CTX_get_ex_new_index(3)>,
+L<SSL_CTX_get_verify_mode(3)|SSL_CTX_get_verify_mode(3)>,
+L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
+L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
+L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
+L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
+L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
+L<SSL_CTX_sessions(3)|SSL_CTX_sessions(3)>,
+L<SSL_CTX_set_cert_store(3)|SSL_CTX_set_cert_store(3)>,
+L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>,
+L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
+L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
+L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>,
+L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>,
+L<SSL_CTX_set_generate_session_id(3)|SSL_CTX_set_generate_session_id(3)>,
+L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)>,
+L<SSL_CTX_set_max_cert_list(3)|SSL_CTX_set_max_cert_list(3)>,
+L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>,
+L<SSL_CTX_set_msg_callback(3)|SSL_CTX_set_msg_callback(3)>,
+L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
+L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
+L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
+L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>,
+L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
+L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
+L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
+L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
+L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
+L<SSL_alert_type_string(3)|SSL_alert_type_string(3)>,
+L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
+L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>,
+L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
+L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
+L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>,
+L<SSL_get_error(3)|SSL_get_error(3)>,
+L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>,
+L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>,
+L<SSL_get_fd(3)|SSL_get_fd(3)>,
+L<SSL_get_peer_cert_chain(3)|SSL_get_peer_cert_chain(3)>,
+L<SSL_get_rbio(3)|SSL_get_rbio(3)>,
+L<SSL_get_session(3)|SSL_get_session(3)>,
+L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
+L<SSL_get_version(3)|SSL_get_version(3)>,
+L<SSL_library_init(3)|SSL_library_init(3)>,
+L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>,
+L<SSL_new(3)|SSL_new(3)>,
+L<SSL_pending(3)|SSL_pending(3)>,
+L<SSL_read(3)|SSL_read(3)>,
+L<SSL_rstate_string(3)|SSL_rstate_string(3)>,
+L<SSL_session_reused(3)|SSL_session_reused(3)>,
+L<SSL_set_bio(3)|SSL_set_bio(3)>,
+L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
+L<SSL_set_fd(3)|SSL_set_fd(3)>,
+L<SSL_set_session(3)|SSL_set_session(3)>,
+L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
+L<SSL_shutdown(3)|SSL_shutdown(3)>,
+L<SSL_state_string(3)|SSL_state_string(3)>,
+L<SSL_want(3)|SSL_want(3)>,
+L<SSL_write(3)|SSL_write(3)>,
+L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
+L<SSL_SESSION_get_ex_new_index(3)|SSL_SESSION_get_ex_new_index(3)>,
+L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
+L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>
+
+=head1 HISTORY
+
+The L<ssl(3)|ssl(3)> document appeared in OpenSSL 0.9.2
+
+=cut
+
diff --git a/doc/ssl_ctx.doc b/doc/ssl_ctx.doc
deleted file mode 100644
index 508394e75f..0000000000
--- a/doc/ssl_ctx.doc
+++ /dev/null
@@ -1,68 +0,0 @@
-This is now a bit dated, quite a few of the SSL_ functions could be
-SSL_CTX_ functions.  I will update this in the future. 30 Aug 1996
-
-From eay@orb.mincom.oz.au Mon Dec 11 21:37:08 1995
-Received: by orb.mincom.oz.au id AA00696
-  (5.65c/IDA-1.4.4 for eay); Mon, 11 Dec 1995 11:37:08 +1000
-Date: Mon, 11 Dec 1995 11:37:08 +1000 (EST)
-From: Eric Young <eay@mincom.oz.au>
-X-Sender: eay@orb
-To: sameer <sameer@c2.org>
-Cc: Eric Young <eay@mincom.oz.au>
-Subject: Re: PEM_readX509 oesn't seem to be working
-In-Reply-To: <199512110102.RAA12521@infinity.c2.org>
-Message-Id: <Pine.SOL.3.91.951211112115.28608D-100000@orb>
-Mime-Version: 1.0
-Content-Type: TEXT/PLAIN; charset=US-ASCII
-Status: RO
-X-Status: 
-
-On Sun, 10 Dec 1995, sameer wrote:
-> 	OK, that's solved. I've found out that it is saying "no
-> certificate set" in SSL_accept because s->conn == NULL
-> so there is some place I need to initialize s->conn that I am
-> not initializing it.
-
-The full order of things for a server should be.
-
-ctx=SSL_CTX_new();
-
-/* The next line should not really be using ctx->cert but I'll leave it 
- * this way right now... I don't want a X509_ routine to know about an SSL
- * structure, there should be an SSL_load_verify_locations... hmm, I may 
- * add it tonight.
- */
-X509_load_verify_locations(ctx->cert,CAfile,CApath);
-
-/* Ok now for each new connection we do the following */
-con=SSL_new(ctx);
-SSL_set_fd(con,s);
-SSL_set_verify(con,verify,verify_callback);
-
-/* set the certificate and private key to use. */
-SSL_use_certificate_ASN1(con,X509_certificate);
-SSL_use_RSAPrivateKey_ASN1(con,RSA_private_key);
-
-SSL_accept(con);
-
-SSL_read(con)/SSL_write(con);
-
-There is a bit more than that but that is basically the structure.
-
-Create a context and specify where to lookup certificates.
-
-foreach connection
-	{
-	create a SSL structure
-	set the certificate and private key
-	do a SSL_accept
-	
-	we should now be ok
-	}
-
-eric
---
-Eric Young                  | Signature removed since it was generating
-AARNet: eay@mincom.oz.au    | more followups than the message contents :-)
-
-
diff --git a/doc/ssleay.doc b/doc/ssleay.doc
deleted file mode 100644
index a0e86aef7c..0000000000
--- a/doc/ssleay.doc
+++ /dev/null
@@ -1,213 +0,0 @@
-SSLeay: a cryptographic kitchen sink.
-
-1st December 1995
-Way back at the start of April 1995, I was looking for a mindless
-programming project.  A friend of mine (Tim Hudson) said "why don't you do SSL,
-it has DES encryption in it and I would not mind using it in a SSL telnet".
-While it was true I had written a DES library in previous years, litle
-did I know what an expansive task SSL would turn into.
-
-First of all, the SSL protocol contains DES encryption.  Well and good.  My
-DES library was fast and portable.  It also contained the RSA's RC4 stream
-cipher.  Again, not a problem, some-one had just posted to sci.crypt
-something that was claimed to be RC4.  It also contained IDEA, I had the
-specifications, not a problem to implement.  MD5, an RFC, trivial, at most
-I could spend a week or so trying to see if I could speed up the
-implementation.  All in all a nice set of ciphers.
-Then the first 'expantion of the scope', RSA public key
-encryption.  Since I did not knowing a thing about public key encryption
-or number theory, this appeared quite a daunting task.  Just writing a
-big number library would be problomatic in itself, let alone making it fast.
-At this point the scope of 'implementing SSL' expands eponentialy.
-First of all, the RSA private keys  were being kept in ASN.1 format.
-Thankfully the RSA PKCS series of documents explains this format.  So I now
-needed to be able to encode and decode arbitary ASN.1 objects.  The Public
-keys were embeded in X509 certificates.  Hmm... these are not only
-ASN.1 objects but they make up a heirachy of authentication.  To
-authenticate a X509 certificate one needs to retrieve it's issuers
-certificate etc etc.  Hmm..., so I also need to implement some kind
-of certificate management software.  I would also have to implement
-software to authenticate certificates.  At this point the support code made
-the SSL part of my library look quite small.
-Around this time, the first version of SSLeay was released.
-
-Ah, but here was the problem, I was not happy with the code so far.  As may
-have become obvious, I had been treating all of this as a learning
-exersize, so I have completely written the library myself.  As such, due
-to the way it had grown like a fungus, much of the library was not
-'elagent' or neat.  There were global and static variables all over the
-place, the SSL part did not even handle non-blocking IO.
-The Great rewrite began.
-
-As of this point in time, the 'Great rewrite' has almost finished.  So what
-follows is an approximate list of what is actually SSLeay 0.5.0
-
-/********* This needs to be updated for 0.6.0+ *************/
-
----
-The library contains the following routines.  Please note that most of these
-functions are not specfic for SSL or any other particular cipher
-implementation.  I have tried to make all the routines as general purpose
-as possible.  So you should not think of this library as an SSL
-implemtation, but rather as a library of cryptographic functions
-that also contains SSL.  I refer to each of these function groupings as
-libraries since they are often capable of functioning as independant
-libraries
-
-First up, the general ciphers and message digests supported by the library.
-
-MD2	rfc???, a standard 'by parts' interface to this algorithm.
-MD5	rfc???, the same type of interface as for the MD2 library except a
-	different algorithm.
-SHA	THe Secure Hash Algorithm.  Again the same type of interface as
-	MD2/MD5 except the digest is 20 bytes.
-SHA1	The 'revised' version of SHA.  Just about identical to SHA except
-	for one tweak of an inner loop.
-DES	This is my libdes library that has been floating around for the last
-	few years.  It has been enhanced for no other reason than completeness.
-	It now supports ecb, cbc, cfb, ofb, cfb64, ofb64 in normal mode and
-	triple DES modes of ecb, cbc, cfb64 and ofb64.  cfb64 and ofb64 are
-	functional interfaces to the 64 bit modes of cfb and ofb used in
-	such a way thay they function as single character interfaces.
-RC4	The RSA Inc. stream cipher.
-RC2	The RSA Inc. block cipher.
-IDEA	An implmentation of the IDEA cipher, the library supports ecb, cbc,
-	cfb64 and ofb64 modes of operation.
-
-Now all the above mentioned ciphers and digests libraries support high
-speed, minimal 'crap in the way' type interfaces.  For fastest and
-lowest level access, these routines should be used directly.
-
-Now there was also the matter of public key crypto systems.  These are
-based on large integer arithmatic.
-
-BN	This is my large integer library.  It supports all the normal
-	arithmentic operations.  It uses malloc extensivly and as such has
-	no limits of the size of the numbers being manipulated.  If you
-	wish to use 4000 bit RSA moduli, these routines will handle it.
-	This library also contains routines to 'generate' prime numbers and
-	to test for primality.  The RSA and DH libraries sit on top of this
-	library.  As of this point in time, I don't support SHA, but
-	when I do add it, it will just sit on top of the routines contained
-	in this library.
-RSA	This implements the RSA public key algorithm.  It also contains
-	routines that will generate a new private/public key pair.
-	All the RSA functions conform to the PKCS#1 standard.
-DH	This is an implementation of the
-	Diffie-Hellman protocol.  There are all the require routines for
-	the protocol, plus extra routines that can be used to generate a
-	strong prime for use with a specified generator.  While this last
-	routine is not generally required by applications implementing DH,
-	It is present for completeness and because I thing it is much
-	better to be able to 'generate' your own 'magic' numbers as oposed
-	to using numbers suplied by others.  I conform to the PKCS#3
-	standard where required.
-
-You may have noticed the preceeding section mentions the 'generation' of
-prime numbers.  Now this requries the use of 'random numbers'. 
-
-RAND	This psuedo-random number library is based on MD5 at it's core
-	and a large internal state (2k bytes).  Once you have entered enough
-	seed data into this random number algorithm I don't feel
-	you will ever need to worry about it generating predictable output.
-	Due to the way I am writing a portable library, I have left the
-	issue of how to get good initial random seed data upto the
-	application but I do have support routines for saving and loading a
-	persistant random number state for use between program runs.
-	
-Now to make all these ciphers easier to use, a higher level
-interface was required.  In this form, the same function would be used to
-encrypt 'by parts', via any one of the above mentioned ciphers.
-
-EVP	The Digital EnVeloPe library is quite large.  At it's core are
-	function to perform encryption and decryption by parts while using
-	an initial parameter to specify which of the 17 different ciphers
-	or 4 different message digests to use.  On top of these are implmented
-	the digital signature functions, sign, verify, seal and open.
-	Base64 encoding of binary data is also done in this library.
-
-PEM	rfc???? describe the format for Privacy Enhanced eMail.
-	As part of this standard, methods of encoding digital enveloped
-	data is an ascii format are defined.  As such, I use a form of these
-	to encode enveloped data.  While at this point in time full support
-	for PEM has not been built into the library, a minimal subset of
-	the secret key and Base64 encoding is present.  These reoutines are
-	mostly used to Ascii encode binary data with a 'type' associated
-	with it and perhaps details of private key encryption used to
-	encrypt the data.
-	
-PKCS7	This is another Digital Envelope encoding standard which uses ASN.1
-	to encode the data.  At this point in time, while there are some
-	routines to encode and decode this binary format, full support is
-	not present.
-	
-As Mentioned, above, there are several different ways to encode
-data structures.
-
-ASN1	This library is more a set of primatives used to encode the packing
-	and unpacking of data structures.  It is used by the X509
-	certificate standard and by the PKCS standards which are used by
-	this library.  It also contains routines for duplicating and signing
-	the structures asocisated with X509.
-	
-X509	The X509 library contains routines for packing and unpacking,
-	verifying and just about every thing else you would want to do with
-	X509 certificates.
-
-PKCS7	PKCS-7 is a standard for encoding digital envelope data
-	structures.  At this point in time the routines will load and save
-	DER forms of these structees.  They need to be re-worked to support
-	the BER form which is the normal way PKCS-7 is encoded.  If the
-	previous 2 sentances don't make much sense, don't worry, this
-	library is not used by this version of SSLeay anyway.
-
-OBJ	ASN.1 uses 'object identifiers' to identify objects.  A set of
-	functions were requred to translate from ASN.1 to an intenger, to a
-	character string.  This library provieds these translations
-	
-Now I mentioned an X509 library.  X509 specified a hieachy of certificates
-which needs to be traversed to authenticate particular certificates.
-
-METH	This library is used to push 'methods' of retrieving certificates
-	into the library.  There are some supplied 'methods' with SSLeay
-	but applications can add new methods if they so desire.
-	This library has not been finished and is not being used in this
-	version.
-	
-Now all the above are required for use in the initial point of this project.
-
-SSL	The SSL protocol.  This is a full implmentation of SSL v 2.  It
-	support both server and client authentication.  SSL v 3 support
-	will be added when the SSL v 3 specification is released in it's
-	final form.
-
-Now quite a few of the above mentioned libraries rely on a few 'complex'
-data structures.  For each of these I have a library.
-
-Lhash	This is a hash table library which is used extensivly.
-
-STACK	An implemetation of a Stack data structure.
-
-BUF	A simple character array structure that also support a function to
-	check that the array is greater that a certain size, if it is not,
-	it is realloced so that is it.
-	
-TXT_DB	A simple memory based text file data base.  The application can specify
-	unique indexes that will be enforced at update time.
-
-CONF	Most of the programs written for this library require a configuration
-	file.  Instead of letting programs constantly re-implment this
-	subsystem, the CONF library provides a consistant and flexable
-	interface to not only configuration files but also environment
-	variables.
-
-But what about when something goes wrong?
-The one advantage (and perhaps disadvantage) of all of these
-functions being in one library was the ability to implement a
-single error reporting system.
-	
-ERR	This library is used to report errors.  The error system records
-	library number, function number (in the library) and reason
-	number.  Multiple errors can be reported so that an 'error' trace
-	is created.  The errors can be printed in numeric or textual form.
-
diff --git a/doc/ssleay.txt b/doc/ssleay.txt
new file mode 100644
index 0000000000..c6049d5e53
--- /dev/null
+++ b/doc/ssleay.txt
@@ -0,0 +1,7030 @@
+
+Bundle of old SSLeay documentation files [OBSOLETE!]
+
+*** WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! ***
+
+OBSOLETE means that nothing in this document should be trusted.  This
+document is provided mostly for historical purposes (it wasn't even up
+to date at the time SSLeay 0.8.1 was released) and as inspiration.  If
+you copy some snippet of code from this document, please _check_ that
+it really is correct from all points of view.  For example, you can
+check with the other documents in this directory tree, or by comparing
+with relevant parts of the include files.
+
+People have done the mistake of trusting what's written here.  Please
+don't do that.
+
+*** WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! ***
+
+
+==== readme ========================================================
+
+This is the old 0.6.6 docuementation.  Most of the cipher stuff is still
+relevent but I'm working (very slowly) on new docuemtation.
+The current version can be found online at
+
+http://www.cryptsoft.com/ssleay/doc
+
+==== API.doc ========================================================
+
+SSL - SSLv2/v3/v23 etc.
+
+BIO - methods and how they plug together
+
+MEM - memory allocation callback
+
+CRYPTO - locking for threads
+
+EVP - Ciphers/Digests/signatures
+
+RSA - methods
+
+X509 - certificate retrieval
+
+X509 - validation
+
+X509 - X509v3 extensions
+
+Objects - adding object identifiers
+
+ASN.1 - parsing
+
+PEM - parsing
+
+==== ssl/readme =====================================================
+
+22 Jun 1996
+This file belongs in ../apps, but I'll leave it here because it deals
+with SSL :-)  It is rather dated but it gives you an idea of how
+things work.
+===
+
+17 Jul 1995
+I have been changing things quite a bit and have not fully updated
+this file, so take what you read with a grain of salt
+eric
+===
+The s_client and s_server programs can be used to test SSL capable
+IP/port addresses and the verification of the X509 certificates in use
+by these services.  I strongly advise having a look at the code to get
+an idea of how to use the authentication under SSLeay.  Any feedback
+on changes and improvements would be greatly accepted.
+
+This file will probably be gibberish unless you have read
+rfc1421, rfc1422, rfc1423 and rfc1424 which describe PEM
+authentication.
+
+A Brief outline (and examples) how to use them to do so.
+
+NOTE:
+The environment variable SSL_CIPER is used to specify the prefered
+cipher to use, play around with setting it's value to combinations of
+RC4-MD5, EXP-RC4-MD5, CBC-DES-MD5, CBC3-DES-MD5, CFB-DES-NULL
+in a : separated list.
+
+This directory contains 3 X509 certificates which can be used by these programs.
+client.pem: a file containing a certificate and private key to be used
+	by s_client.
+server.pem :a file containing a certificate and private key to be used
+	by s_server.
+eay1024.pem:the certificate used to sign client.pem and server.pem.
+	This would be your CA's certificate.  There is also a link
+	from the file a8556381.0 to eay1024.PEM.  The value a8556381
+	is returned by 'x509 -hash -noout <eay1024.pem' and is the
+	value used by X509 verification routines to 'find' this
+	certificte when search a directory for it.
+	[the above is not true any more, the CA cert is 
+	 ../certs/testca.pem which is signed by ../certs/mincomca.pem]
+
+When testing the s_server, you may get
+bind: Address already in use
+errors.  These indicate the port is still being held by the unix
+kernel and you are going to have to wait for it to let go of it.  If
+this is the case, remember to use the port commands on the s_server and
+s_client to talk on an alternative port.
+
+=====
+s_client.
+This program can be used to connect to any IP/hostname:port that is
+talking SSL.  Once connected, it will attempt to authenticate the
+certificate it was passed and if everything works as expected, a 2
+directional channel will be open.  Any text typed will be sent to the
+other end.  type Q<cr> to exit.  Flags are as follows.
+-host arg	: Arg is the host or IP address to connect to.
+-port arg	: Arg is the port to connect to (https is 443).
+-verify arg	: Turn on authentication of the server certificate.
+		: Arg specifies the 'depth', this will covered below.
+-cert arg	: The optional certificate to use.  This certificate
+		: will be returned to the server if the server
+		: requests it for client authentication.
+-key arg	: The private key that matches the certificate
+		: specified by the -cert option.  If this is not
+		: specified (but -cert is), the -cert file will be
+		: searched for the Private key.  Both files are
+		: assumed to be in PEM format.
+-CApath arg	: When to look for certificates when 'verifying' the
+		: certificate from the server.
+-CAfile arg	: A file containing certificates to be used for
+		: 'verifying' the server certificate.
+-reconnect	: Once a connection has been made, drop it and
+		: reconnect with same session-id.  This is for testing :-).
+
+The '-verify n' parameter specifies not only to verify the servers
+certificate but to also only take notice of 'n' levels.  The best way
+to explain is to show via examples.
+Given
+s_server -cert server.PEM is running.
+
+s_client
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify error:num=1:unable to get issuer certificate
+	verify return:1
+	CIPHER is CBC-DES-MD5
+What has happened is that the 'SSLeay demo server' certificate's
+issuer ('CA') could not be found but because verify is not on, we
+don't care and the connection has been made anyway.  It is now 'up'
+using CBC-DES-MD5 mode.  This is an unauthenticate secure channel.
+You may not be talking to the right person but the data going to them
+is encrypted.
+
+s_client -verify 0
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify error:num=1:unable to get issuer certificate
+	verify return:1
+	CIPHER is CBC-DES-MD5
+We are 'verifying' but only to depth 0, so since the 'SSLeay demo server'
+certificate passed the date and checksum, we are happy to proceed.
+
+s_client -verify 1
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify error:num=1:unable to get issuer certificate
+	verify return:0
+	ERROR
+	verify error:unable to get issuer certificate
+In this case we failed to make the connection because we could not
+authenticate the certificate because we could not find the
+'CA' certificate.
+
+s_client -verify 1 -CAfile eay1024.PEM
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+	verify return:1
+	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify return:1
+	CIPHER is CBC-DES-MD5
+We loaded the certificates from the file eay1024.PEM.  Everything
+checked out and so we made the connection.
+
+s_client -verify 1 -CApath .
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+	verify return:1
+	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify return:1
+	CIPHER is CBC-DES-MD5
+We looked in out local directory for issuer certificates and 'found'
+a8556381.0 and so everything is ok.
+
+It is worth noting that 'CA' is a self certified certificate.  If you
+are passed one of these, it will fail to 'verify' at depth 0 because
+we need to lookup the certifier of a certificate from some information
+that we trust and keep locally.
+
+SSL_CIPHER=CBC3-DES-MD5:RC4-MD5
+export SSL_CIPHER
+s_client -verify 10 -CApath . -reconnect
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+	verify return:1
+	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify return:1
+	drop the connection and reconnect with the same session id
+	CIPHER is CBC3-DES-MD5
+This has done a full connection and then re-estabished it with the
+same session id but a new socket.  No RSA stuff occures on the second
+connection.  Note that we said we would prefer to use CBC3-DES-MD5
+encryption and so, since the server supports it, we are.
+
+=====
+s_server
+This program accepts SSL connections on a specified port
+Once connected, it will estabish an SSL connection and optionaly
+attempt to authenticate the client.  A 2 directional channel will be
+open.  Any text typed will be sent to the other end.  Type Q<cr> to exit.
+Flags are as follows.
+-port arg	: Arg is the port to listen on.
+-verify arg	: Turn on authentication of the client if they have a
+		: certificate.  Arg specifies the 'depth'.
+-Verify arg	: Turn on authentication of the client. If they don't
+		: have a valid certificate, drop the connection.
+-cert arg	: The certificate to use.  This certificate
+		: will be passed to the client.  If it is not
+		: specified, it will default to server.PEM
+-key arg	: The private key that matches the certificate
+		: specified by the -cert option.  If this is not
+		: specified (but -cert is), the -cert file will be
+		: searched for the Private key.  Both files are
+		: assumed to be in PEM format.  Default is server.PEM
+-CApath arg	: When to look for certificates when 'verifying' the
+		: certificate from the client.
+-CAfile arg	: A file containing certificates to be used for
+		: 'verifying' the client certificate.
+
+For the following 'demo'  I will specify the s_server command and
+the s_client command and then list the output from the s_server.
+s_server
+s_client
+	CONNECTED
+	CIPHER is CBC-DES-MD5
+Everything up and running
+
+s_server -verify 0
+s_client  
+	CONNECTED
+	CIPHER is CBC-DES-MD5
+Ok since no certificate was returned and we don't care.
+
+s_server -verify 0
+./s_client -cert client.PEM
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
+	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify error:num=1:unable to get issuer certificate
+	verify return:1
+	CIPHER is CBC-DES-MD5
+Ok since we were only verifying to level 0
+
+s_server -verify 4
+s_client -cert client.PEM
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
+	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify error:num=1:unable to get issuer certificate
+	verify return:0
+	ERROR
+	verify error:unable to get issuer certificate
+Bad because we could not authenticate the returned certificate.
+
+s_server -verify 4 -CApath .
+s_client -cert client.PEM
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
+	verify return:1
+	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify return:1
+	CIPHER is CBC-DES-MD5
+Ok because we could authenticate the returned certificate :-).
+
+s_server -Verify 0 -CApath .
+s_client
+	CONNECTED
+	ERROR
+	SSL error:function is:REQUEST_CERTIFICATE
+		 :error is   :client end did not return a certificate
+Error because no certificate returned.
+
+s_server -Verify 4 -CApath .
+s_client -cert client.PEM
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
+	verify return:1
+	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify return:1
+	CIPHER is CBC-DES-MD5
+Full authentication of the client.
+
+So in summary to do full authentication of both ends
+s_server -Verify 9 -CApath .
+s_client -cert client.PEM -CApath . -verify 9
+From the server side
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
+	verify return:1
+	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify return:1
+	CIPHER is CBC-DES-MD5
+From the client side
+	CONNECTED
+	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
+	verify return:1
+	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
+	verify return:1
+	CIPHER is CBC-DES-MD5
+
+For general probing of the 'internet https' servers for the
+distribution area, run
+s_client -host www.netscape.com -port 443 -verify 4 -CApath ../rsa/hash
+Then enter
+GET /
+and you should be talking to the https server on that host.
+
+www.rsa.com was refusing to respond to connections on 443 when I was
+testing.
+
+have fun :-).
+
+eric
+
+==== a_verify.doc ========================================================
+
+From eay@mincom.com Fri Oct  4 18:29:06 1996
+Received: by orb.mincom.oz.au id AA29080
+  (5.65c/IDA-1.4.4 for eay); Fri, 4 Oct 1996 08:29:07 +1000
+Date: Fri, 4 Oct 1996 08:29:06 +1000 (EST)
+From: Eric Young <eay@mincom.oz.au>
+X-Sender: eay@orb
+To: wplatzer <wplatzer@iaik.tu-graz.ac.at>
+Cc: Eric Young <eay@mincom.oz.au>, SSL Mailing List <ssl-users@mincom.com>
+Subject: Re: Netscape's Public Key
+In-Reply-To: <19961003134837.NTM0049@iaik.tu-graz.ac.at>
+Message-Id: <Pine.SOL.3.91.961004081346.8018K-100000@orb>
+Mime-Version: 1.0
+Content-Type: TEXT/PLAIN; charset=US-ASCII
+Status: RO
+X-Status: 
+
+On Thu, 3 Oct 1996, wplatzer wrote:
+> I get Public Key from Netscape (Gold 3.0b4), but cannot do anything
+> with it... It looks like (asn1parse):
+> 
+> 0:d=0 hl=3 l=180 cons: SEQUENCE
+> 3:d=1 hl=2 l= 96 cons: SEQUENCE
+> 5:d=2 hl=2 l= 92 cons: SEQUENCE
+> 7:d=3 hl=2 l= 13 cons: SEQUENCE
+> 9:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
+> 20:d=4 hl=2 l= 0 prim: NULL
+> 22:d=3 hl=2 l= 75 prim: BIT STRING
+> 99:d=2 hl=2 l= 0 prim: IA5STRING :
+> 101:d=1 hl=2 l= 13 cons: SEQUENCE
+> 103:d=2 hl=2 l= 9 prim: OBJECT :md5withRSAEncryption
+> 114:d=2 hl=2 l= 0 prim: NULL
+> 116:d=1 hl=2 l= 65 prim: BIT STRING
+> 
+> The first BIT STRING is the public key and the second BIT STRING is 
+> the signature.
+> But a public key consists of the public exponent and the modulus. Are 
+> both numbers in the first BIT STRING?
+> Is there a document simply describing this coding stuff (checking 
+> signature, get the public key, etc.)?
+
+Minimal in SSLeay.  If you want to see what the modulus and exponent are,
+try asn1parse -offset 25 -length 75 <key.pem
+asn1parse will currently stuff up on the 'length 75' part (fixed in next 
+release) but it will print the stuff.  If you are after more 
+documentation on ASN.1, have a look at www.rsa.com and get their PKCS 
+documents, most of my initial work on SSLeay was done using them.
+
+As for SSLeay,
+util/crypto.num and util/ssl.num are lists of all exported functions in 
+the library (but not macros :-(.
+
+The ones for extracting public keys from certificates and certificate 
+requests are EVP_PKEY *      X509_REQ_extract_key(X509_REQ *req);
+EVP_PKEY *      X509_extract_key(X509 *x509);
+
+To verify a signature on a signed ASN.1 object
+int X509_verify(X509 *a,EVP_PKEY *key);
+int X509_REQ_verify(X509_REQ *a,EVP_PKEY *key);
+int X509_CRL_verify(X509_CRL *a,EVP_PKEY *key);
+int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a,EVP_PKEY *key);
+
+I should mention that EVP_PKEY can be used to hold a public or a private key,
+since for  things like RSA and DSS, a public key is just a subset of what 
+is stored for the private key.
+
+To sign any of the above structures
+
+int X509_sign(X509 *a,EVP_PKEY *key,EVP_MD *md);
+int X509_REQ_sign(X509_REQ *a,EVP_PKEY *key,EVP_MD *md);
+int X509_CRL_sign(X509_CRL *a,EVP_PKEY *key,EVP_MD *md);
+int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *a,EVP_PKEY *key,EVP_MD *md);
+
+where md is the message digest to sign with.
+
+There are all defined in x509.h and all the _sign and _verify functions are
+actually macros to the ASN1_sign() and ASN1_verify() functions.
+These functions will put the correct algorithm identifiers in the correct 
+places in the structures.
+
+eric
+--
+Eric Young                  | BOOL is tri-state according to Bill Gates.
+AARNet: eay@mincom.oz.au    | RTFM Win32 GetMessage().
+
+==== x509 =======================================================
+
+X509_verify()
+X509_sign()
+
+X509_get_version()
+X509_get_serialNumber()
+X509_get_issuer()
+X509_get_subject()
+X509_get_notBefore()
+X509_get_notAfter()
+X509_get_pubkey()
+
+X509_set_version()
+X509_set_serialNumber()
+X509_set_issuer()
+X509_set_subject()
+X509_set_notBefore()
+X509_set_notAfter()
+X509_set_pubkey()
+
+X509_get_extensions()
+X509_set_extensions()
+
+X509_EXTENSIONS_clear()
+X509_EXTENSIONS_retrieve()
+X509_EXTENSIONS_add()
+X509_EXTENSIONS_delete()
+
+==== x509 attribute ================================================
+
+PKCS7
+	STACK of X509_ATTRIBUTES
+		ASN1_OBJECT
+		STACK of ASN1_TYPE
+
+So it is
+
+p7.xa[].obj
+p7.xa[].data[]
+
+get_obj_by_nid(STACK , nid)
+get_num_by_nid(STACK , nid)
+get_data_by_nid(STACK , nid, index)
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_new(void );
+void		X509_ATTRIBUTE_free(X509_ATTRIBUTE *a);
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **ex,
+			int nid, STACK *value);
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **ex,
+			int nid, STACK *value);
+
+int		X509_ATTRIBUTE_set_object(X509_ATTRIBUTE *ex,ASN1_OBJECT *obj);
+int		X509_ATTRIBUTE_add_data(X509_ATTRIBUTE *ex, int index,
+			ASN1_TYPE *value);
+
+ASN1_OBJECT *	X509_ATTRIBUTE_get_object(X509_ATTRIBUTE *ex);
+int 		X509_ATTRIBUTE_get_num(X509_ATTRIBUTE *ne);
+ASN1_TYPE *	X509_ATTRIBUTE_get_data(X509_ATTRIBUTE *ne,int index);
+
+ASN1_TYPE *	X509_ATTRIBUTE_get_data_by_NID(X509_ATTRIBUTE *ne,
+			ASN1_OBJECT *obj);
+
+X509_ATTRIBUTE *PKCS7_get_s_att_by_NID(PKCS7 *p7,int nid);
+X509_ATTRIBUTE *PKCS7_get_u_att_by_NID(PKCS7 *p7,int nid);
+
+==== x509 v3 ========================================================
+
+The 'new' system.
+
+The X509_EXTENSION_METHOD includes extensions and attributes and/or names. 
+Basically everthing that can be added to an X509 with an OID identifying it.
+
+It operates via 2 methods per object id.
+int a2i_XXX(X509 *x,char *str,int len);
+int i2a_XXX(BIO *bp,X509 *x);
+
+The a2i_XXX function will add the object with a value converted from the
+string into the X509.  Len can be -1 in which case the length is calculated
+via strlen(str).   Applications can always use direct knowledge to load and
+unload the relevent objects themselves.
+
+i2a_XXX will print to the passed BIO, a text representation of the
+relevet object.  Use a memory BIO if you want it printed to a buffer :-).
+
+X509_add_by_NID(X509 *x,int nid,char *str,int len);
+X509_add_by_OBJ(X509 *x,ASN1_OBJECT *obj,char *str,int len);
+
+X509_print_by_name(BIO *bp,X509 *x);
+X509_print_by_NID(BIO *bp,X509 *x);
+X509_print_by_OBJ(BIO *bp,X509 *x);
+
+==== verify ========================================================
+
+X509_verify_cert_chain(
+	CERT_STORE *cert_store,
+	STACK /* X509 */ *certs,
+	int *verify_result,
+	int (*verify_error_callback)()
+	char *argument_to_callback, /* SSL */
+
+app_verify_callback(
+	char *app_verify_arg, /* from SSL_CTX */
+	STACK /* X509 */ *certs,
+	int *verify_result,
+	int (*verify_error_callback)()
+	SSL *s,
+
+int X509_verify_cert(
+	CERT_STORE *cert_store,
+	X509 *x509,
+	int *verify_result,
+	int (*verify_error_callback)(),
+	char *arg,
+
+==== apps.doc ========================================================
+
+The applications
+
+Ok, where to begin....
+In the begining, when SSLeay was small (April 1995), there
+were but few applications, they did happily cohabit in
+the one bin directory.  Then over time, they did multiply and grow,
+and they started to look like microsoft software; 500k to print 'hello world'.
+A new approach was needed.  They were coalessed into one 'Monolithic'
+application, ssleay.  This one program is composed of many programs that
+can all be compiled independantly.
+
+ssleay has 3 modes of operation.
+1) If the ssleay binaray has the name of one of its component programs, it
+executes that program and then exits.  This can be achieve by using hard or
+symbolic links, or failing that, just renaming the binary.
+2) If the first argument to ssleay is the name of one of the component
+programs, that program runs that program and then exits.
+3) If there are no arguments, ssleay enters a 'command' mode.  Each line is
+interpreted as a program name plus arguments.  After each 'program' is run,
+ssleay returns to the comand line.
+
+dgst	- message digests
+enc	- encryption and base64 encoding
+
+ans1parse - 'pulls' appart ASN.1 encoded objects like certificates.
+
+dh	- Diffle-Hellman parameter manipulation.
+rsa	- RSA manipulations.
+crl	- Certificate revokion list manipulations
+x509	- X509 cert fiddles, including signing.
+pkcs7	- pkcs7 manipulation, only DER versions right now.
+
+genrsa	- generate an RSA private key.
+gendh	- Generate a set of Diffle-Hellman parameters.
+req	- Generate a PKCS#10 object, a certificate request.
+
+s_client - SSL client program
+s_server - SSL server program
+s_time	 - A SSL protocol timing program
+s_mult	 - Another SSL server, but it multiplexes
+	   connections.
+s_filter - under development
+
+errstr	- Convert SSLeay error numbers to strings.
+ca	- Sign certificate requests, and generate
+	  certificate revokion lists
+crl2pkcs7 - put a crl and certifcates into a pkcs7 object.
+speed	- Benchmark the ciphers.
+verify	- Check certificates
+hashdir - under development
+
+[ there a now a few more options, play with the program to see what they
+  are ]
+
+==== asn1.doc ========================================================
+
+The ASN.1 Routines.
+
+ASN.1 is a specification for how to encode structured 'data' in binary form.
+The approach I have take to the manipulation of structures and their encoding
+into ASN.1 is as follows.
+
+For each distinct structure there are 4 function of the following form
+TYPE *TYPE_new(void);
+void TYPE_free(TYPE *);
+TYPE *d2i_TYPE(TYPE **a,unsigned char **pp,long length);
+long i2d_TYPE(TYPE *a,unsigned char **pp); 	/* CHECK RETURN VALUE */
+
+where TYPE is the type of the 'object'.  The TYPE that have these functions
+can be in one of 2 forms, either the internal C malloc()ed data structure
+or in the DER (a variant of ASN.1 encoding) binary encoding which is just
+an array of unsigned bytes.  The 'i2d' functions converts from the internal
+form to the DER form and the 'd2i' functions convert from the DER form to
+the internal form.
+
+The 'new' function returns a malloc()ed version of the structure with all
+substructures either created or left as NULL pointers.  For 'optional'
+fields, they are normally left as NULL to indicate no value.  For variable
+size sub structures (often 'SET OF' or 'SEQUENCE OF' in ASN.1 syntax) the
+STACK data type is used to hold the values.  Have a read of stack.doc
+and have a look at the relevant header files to see what I mean.  If there
+is an error while malloc()ing the structure, NULL is returned.
+
+The 'free' function will free() all the sub components of a particular
+structure.  If any of those sub components have been 'removed', replace
+them with NULL pointers, the 'free' functions are tolerant of NULL fields.
+
+The 'd2i' function copies a binary representation into a C structure.  It
+operates as follows.  'a' is a pointer to a pointer to
+the structure to populate, 'pp' is a pointer to a pointer to where the DER
+byte string is located and 'length' is the length of the '*pp' data.
+If there are no errors, a pointer to the populated structure is returned.
+If there is an error, NULL is returned.  Errors can occur because of
+malloc() failures but normally they will be due to syntax errors in the DER
+encoded data being parsed. It is also an error if there was an
+attempt to read more that 'length' bytes from '*p'.  If
+everything works correctly, the value in '*p' is updated
+to point at the location just beyond where the DER
+structure was read from.  In this way, chained calls to 'd2i' type
+functions can be made, with the pointer into the 'data' array being
+'walked' along the input byte array.
+Depending on the value passed for 'a', different things will be done.  If
+'a' is NULL, a new structure will be malloc()ed and returned.  If '*a' is
+NULL, a new structure will be malloc()ed and put into '*a' and returned.
+If '*a' is not NULL, the structure in '*a' will be populated, or in the
+case of an error, free()ed and then returned.
+Having these semantics means that a structure
+can call a 'd2i' function to populate a field and if the field is currently
+NULL, the structure will be created.
+
+The 'i2d' function type is used to copy a C structure to a byte array.
+The parameter 'a' is the structure to convert and '*p' is where to put it.
+As for the 'd2i' type structure, 'p' is updated to point after the last
+byte written.  If p is NULL, no data is written.  The function also returns
+the number of bytes written.  Where this becomes useful is that if the
+function is called with a NULL 'p' value, the length is returned.  This can
+then be used to malloc() an array of bytes and then the same function can
+be recalled passing the malloced array to be written to. e.g.
+
+int len;
+unsigned char *bytes,*p;
+len=i2d_X509(x,NULL);	/* get the size of the ASN1 encoding of 'x' */
+if ((bytes=(unsigned char *)malloc(len)) == NULL)
+	goto err;
+p=bytes;
+i2d_X509(x,&p);
+
+Please note that a new variable, 'p' was passed to i2d_X509.  After the
+call to i2d_X509 p has been incremented by len bytes.
+
+Now the reason for this functional organisation is that it allows nested
+structures to be built up by calling these functions as required.  There
+are various macros used to help write the general 'i2d', 'd2i', 'new' and
+'free' functions.  They are discussed in another file and would only be
+used by some-one wanting to add new structures to the library.  As you
+might be able to guess, the process of writing ASN.1 files can be a bit CPU
+expensive for complex structures.  I'm willing to live with this since the
+simpler library code make my life easier and hopefully most programs using
+these routines will have their execution profiles dominated by cipher or
+message digest routines.
+What follows is a list of 'TYPE' values and the corresponding ASN.1
+structure and where it is used.
+
+TYPE			ASN.1
+ASN1_INTEGER		INTEGER
+ASN1_BIT_STRING		BIT STRING
+ASN1_OCTET_STRING	OCTET STRING
+ASN1_OBJECT		OBJECT IDENTIFIER
+ASN1_PRINTABLESTRING	PrintableString
+ASN1_T61STRING		T61String
+ASN1_IA5STRING		IA5String
+ASN1_UTCTIME		UTCTime
+ASN1_TYPE		Any of the above mentioned types plus SEQUENCE and SET
+
+Most of the above mentioned types are actualled stored in the
+ASN1_BIT_STRING type and macros are used to differentiate between them.
+The 3 types used are
+
+typedef struct asn1_object_st
+	{
+	/* both null if a dynamic ASN1_OBJECT, one is
+	 * defined if a 'static' ASN1_OBJECT */
+	char *sn,*ln;
+	int nid;
+	int length;
+	unsigned char *data;
+	} ASN1_OBJECT;
+This is used to store ASN1 OBJECTS.  Read 'objects.doc' for details ono
+routines to manipulate this structure.  'sn' and 'ln' are used to hold text
+strings that represent the object (short name and long or lower case name).
+These are used by the 'OBJ' library.  'nid' is a number used by the OBJ
+library to uniquely identify objects.  The ASN1 routines will populate the
+'length' and 'data' fields which will contain the bit string representing
+the object.
+
+typedef struct asn1_bit_string_st
+	{
+	int length;
+	int type;
+	unsigned char *data;
+	} ASN1_BIT_STRING;
+This structure is used to hold all the other base ASN1 types except for
+ASN1_UTCTIME (which is really just a 'char *').  Length is the number of
+bytes held in data and type is the ASN1 type of the object (there is a list
+in asn1.h).
+
+typedef struct asn1_type_st
+	{
+	int type;
+	union	{
+		char *ptr;
+		ASN1_INTEGER *		integer;
+		ASN1_BIT_STRING *	bit_string;
+		ASN1_OCTET_STRING *	octet_string;
+		ASN1_OBJECT *		object;
+		ASN1_PRINTABLESTRING *	printablestring;
+		ASN1_T61STRING *	t61string;
+		ASN1_IA5STRING *	ia5string;
+		ASN1_UTCTIME *		utctime;
+		ASN1_BIT_STRING *	set;
+		ASN1_BIT_STRING *	sequence;
+		} value;
+	} ASN1_TYPE;
+This structure is used in a few places when 'any' type of object can be
+expected.
+
+X509			Certificate
+X509_CINF		CertificateInfo
+X509_ALGOR		AlgorithmIdentifier
+X509_NAME		Name			
+X509_NAME_ENTRY		A single sub component of the name.
+X509_VAL		Validity
+X509_PUBKEY		SubjectPublicKeyInfo
+The above mentioned types are declared in x509.h. They are all quite
+straight forward except for the X509_NAME/X509_NAME_ENTRY pair.
+A X509_NAME is a STACK (see stack.doc) of X509_NAME_ENTRY's.
+typedef struct X509_name_entry_st
+	{
+	ASN1_OBJECT *object;
+	ASN1_BIT_STRING *value;
+	int set;
+	int size; 	/* temp variable */
+	} X509_NAME_ENTRY;
+The size is a temporary variable used by i2d_NAME and set is the set number
+for the particular NAME_ENTRY.  A X509_NAME is encoded as a sequence of
+sequence of sets.  Normally each set contains only a single item.
+Sometimes it contains more.  Normally throughout this library there will be
+only one item per set.  The set field contains the 'set' that this entry is
+a member of.  So if you have just created a X509_NAME structure and
+populated it with X509_NAME_ENTRYs, you should then traverse the X509_NAME
+(which is just a STACK) and set the 'set/' field to incrementing numbers.
+For more details on why this is done, read the ASN.1 spec for Distinguished
+Names.
+
+X509_REQ		CertificateRequest
+X509_REQ_INFO		CertificateRequestInfo
+These are used to hold certificate requests.
+
+X509_CRL		CertificateRevocationList
+These are used to hold a certificate revocation list
+
+RSAPrivateKey		PrivateKeyInfo
+RSAPublicKey		PublicKeyInfo
+Both these 'function groups' operate on 'RSA' structures (see rsa.doc).
+The difference is that the RSAPublicKey operations only manipulate the m
+and e fields in the RSA structure.
+
+DSAPrivateKey		DSS private key
+DSAPublicKey		DSS public key
+Both these 'function groups' operate on 'DSS' structures (see dsa.doc).
+The difference is that the RSAPublicKey operations only manipulate the 
+XXX fields in the DSA structure.
+
+DHparams		DHParameter
+This is used to hold the p and g value for The Diffie-Hellman operation.
+The function deal with the 'DH' strucure (see dh.doc).
+
+Now all of these function types can be used with several other functions to give
+quite useful set of general manipulation routines.  Normally one would
+not uses these functions directly but use them via macros. 
+
+char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x);
+'x' is the input structure case to a 'char *', 'i2d' is the 'i2d_TYPE'
+function for the type that 'x' is and d2i is the 'd2i_TYPE' function for the
+type that 'x' is.  As is obvious from the parameters, this function
+duplicates the strucutre by transforming it into the DER form and then
+re-loading it into a new strucutre and returning the new strucutre.  This
+is obviously a bit cpu intensive but when faced with a complex dynamic
+structure this is the simplest programming approach.  There are macros for
+duplicating the major data types but is simple to add extras.
+
+char *ASN1_d2i_fp(char *(*new)(),char *(*d2i)(),FILE *fp,unsigned char **x);
+'x' is a pointer to a pointer of the 'desired type'.  new and d2i are the
+corresponding 'TYPE_new' and 'd2i_TYPE' functions for the type and 'fp' is
+an open file pointer to read from.  This function reads from 'fp' as much
+data as it can and then uses 'd2i' to parse the bytes to load and return
+the parsed strucutre in 'x' (if it was non-NULL) and to actually return the
+strucutre.  The behavior of 'x' is as per all the other d2i functions.
+
+char *ASN1_d2i_bio(char *(*new)(),char *(*d2i)(),BIO *fp,unsigned char **x);
+The 'BIO' is the new IO type being used in SSLeay (see bio.doc).  This
+function is the same as ASN1_d2i_fp() except for the BIO argument.
+ASN1_d2i_fp() actually calls this function.
+
+int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x);
+'x' is converted to bytes by 'i2d' and then written to 'out'.  ASN1_i2d_fp
+and ASN1_d2i_fp are not really symetric since ASN1_i2d_fp will read all
+available data from the file pointer before parsing a single item while
+ASN1_i2d_fp can be used to write a sequence of data objects.  To read a
+series of objects from a file I would sugest loading the file into a buffer
+and calling the relevent 'd2i' functions.
+
+char *ASN1_d2i_bio(char *(*new)(),char *(*d2i)(),BIO *fp,unsigned char **x);
+This function is the same as ASN1_i2d_fp() except for the BIO argument.
+ASN1_i2d_fp() actually calls this function.
+
+char *	PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x,int (*cb)());
+This function will read the next PEM encoded (base64) object of the same
+type as 'x' (loaded by the d2i function).  'name' is the name that is in
+the '-----BEGIN name-----' that designates the start of that object type.
+If the data is encrypted, 'cb' will be called to prompt for a password.  If
+it is NULL a default function will be used to prompt from the password.
+'x' is delt with as per the standard 'd2i' function interface.  This
+function can be used to read a series of objects from a file.  While any
+data type can be encrypted (see PEM_ASN1_write) only RSA private keys tend
+to be encrypted.
+
+char *	PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *fp,
+	char **x,int (*cb)());
+Same as PEM_ASN1_read() except using a BIO.  This is called by
+PEM_ASN1_read().
+
+int	PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x,EVP_CIPHER *enc,
+		unsigned char *kstr,int klen,int (*callback)());
+
+int	PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *fp,
+		char *x,EVP_CIPHER *enc,unsigned char *kstr,int klen,
+		int (*callback)());
+
+int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
+	ASN1_BIT_STRING *signature, char *data, RSA *rsa, EVP_MD *type);
+int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1,
+	ASN1_BIT_STRING *signature,char *data, RSA *rsa);
+
+int ASN1_BIT_STRING_cmp(ASN1_BIT_STRING *a, ASN1_BIT_STRING *b);
+ASN1_BIT_STRING *ASN1_BIT_STRING_type_new(int type );
+
+int ASN1_UTCTIME_check(ASN1_UTCTIME *a);
+void ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a);
+ASN1_UTCTIME *ASN1_UTCTIME_dup(ASN1_UTCTIME *a);
+
+ASN1_BIT_STRING *d2i_asn1_print_type(ASN1_BIT_STRING **a,unsigned char **pp,
+		long length,int type);
+
+int		i2d_ASN1_SET(STACK *a, unsigned char **pp,
+			int (*func)(), int ex_tag, int ex_class);
+STACK *		d2i_ASN1_SET(STACK **a, unsigned char **pp, long length,
+			char *(*func)(), int ex_tag, int ex_class);
+
+int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *object);
+int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a);
+int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size);
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
+long ASN1_INTEGER_get(ASN1_INTEGER *a);
+ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
+BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
+
+/* given a string, return the correct type.  Max is the maximum number
+ * of bytes to parse.  It stops parsing when 'max' bytes have been
+ * processed or a '\0' is hit */
+int ASN1_PRINTABLE_type(unsigned char *s,int max);
+
+void ASN1_parse(BIO *fp,unsigned char *pp,long len);
+
+int i2d_ASN1_bytes(ASN1_BIT_STRING *a, unsigned char **pp, int tag, int class);
+ASN1_BIT_STRING *d2i_ASN1_bytes(ASN1_OCTET_STRING **a, unsigned char **pp,
+	long length, int Ptag, int Pclass);
+
+/* PARSING */
+int asn1_Finish(ASN1_CTX *c);
+
+/* SPECIALS */
+int ASN1_get_object(unsigned char **pp, long *plength, int *ptag,
+	int *pclass, long omax);
+int ASN1_check_infinite_end(unsigned char **p,long len);
+void ASN1_put_object(unsigned char **pp, int constructed, int length,
+	int tag, int class);
+int ASN1_object_size(int constructed, int length, int tag);
+
+X509 *	X509_get_cert(CERTIFICATE_CTX *ctx,X509_NAME * name,X509 *tmp_x509);
+int  	X509_add_cert(CERTIFICATE_CTX *ctx,X509 *);
+
+char *	X509_cert_verify_error_string(int n);
+int 	X509_add_cert_file(CERTIFICATE_CTX *c,char *file, int type);
+char *	X509_gmtime (char *s, long adj);
+int	X509_add_cert_dir (CERTIFICATE_CTX *c,char *dir, int type);
+int	X509_load_verify_locations (CERTIFICATE_CTX *ctx,
+		char *file_env, char *dir_env);
+int	X509_set_default_verify_paths(CERTIFICATE_CTX *cts);
+X509 *	X509_new_D2i_X509(int len, unsigned char *p);
+char *	X509_get_default_cert_area(void );
+char *	X509_get_default_cert_dir(void );
+char *	X509_get_default_cert_file(void );
+char *	X509_get_default_cert_dir_env(void );
+char *	X509_get_default_cert_file_env(void );
+char *	X509_get_default_private_dir(void );
+X509_REQ *X509_X509_TO_req(X509 *x, RSA *rsa);
+int	X509_cert_verify(CERTIFICATE_CTX *ctx,X509 *xs, int (*cb)()); 
+
+CERTIFICATE_CTX *CERTIFICATE_CTX_new();
+void CERTIFICATE_CTX_free(CERTIFICATE_CTX *c);
+
+void X509_NAME_print(BIO *fp, X509_NAME *name, int obase);
+int		X509_print_fp(FILE *fp,X509 *x);
+int		X509_print(BIO *fp,X509 *x);
+
+X509_INFO *	X509_INFO_new(void);
+void		X509_INFO_free(X509_INFO *a);
+
+char *		X509_NAME_oneline(X509_NAME *a);
+
+#define X509_verify(x,rsa)
+#define X509_REQ_verify(x,rsa)
+#define X509_CRL_verify(x,rsa)
+
+#define X509_sign(x,rsa,md)
+#define X509_REQ_sign(x,rsa,md)
+#define X509_CRL_sign(x,rsa,md)
+
+#define X509_dup(x509)
+#define d2i_X509_fp(fp,x509)
+#define i2d_X509_fp(fp,x509)
+#define d2i_X509_bio(bp,x509)
+#define i2d_X509_bio(bp,x509)
+
+#define X509_CRL_dup(crl)
+#define d2i_X509_CRL_fp(fp,crl)
+#define i2d_X509_CRL_fp(fp,crl)
+#define d2i_X509_CRL_bio(bp,crl)
+#define i2d_X509_CRL_bio(bp,crl)
+
+#define X509_REQ_dup(req)
+#define d2i_X509_REQ_fp(fp,req)
+#define i2d_X509_REQ_fp(fp,req)
+#define d2i_X509_REQ_bio(bp,req)
+#define i2d_X509_REQ_bio(bp,req)
+
+#define RSAPrivateKey_dup(rsa)
+#define d2i_RSAPrivateKey_fp(fp,rsa)
+#define i2d_RSAPrivateKey_fp(fp,rsa)
+#define d2i_RSAPrivateKey_bio(bp,rsa)
+#define i2d_RSAPrivateKey_bio(bp,rsa)
+
+#define X509_NAME_dup(xn)
+#define X509_NAME_ENTRY_dup(ne)
+
+void X509_REQ_print_fp(FILE *fp,X509_REQ *req);
+void X509_REQ_print(BIO *fp,X509_REQ *req);
+
+RSA *X509_REQ_extract_key(X509_REQ *req);
+RSA *X509_extract_key(X509 *x509);
+
+int		X509_issuer_and_serial_cmp(X509 *a, X509 *b);
+unsigned long	X509_issuer_and_serial_hash(X509 *a);
+
+X509_NAME *	X509_get_issuer_name(X509 *a);
+int		X509_issuer_name_cmp(X509 *a, X509 *b);
+unsigned long	X509_issuer_name_hash(X509 *a);
+
+X509_NAME *	X509_get_subject_name(X509 *a);
+int		X509_subject_name_cmp(X509 *a,X509 *b);
+unsigned long	X509_subject_name_hash(X509 *x);
+
+int		X509_NAME_cmp (X509_NAME *a, X509_NAME *b);
+unsigned long	X509_NAME_hash(X509_NAME *x);
+
+
+==== bio.doc ========================================================
+
+BIO Routines
+
+This documentation is rather sparse, you are probably best 
+off looking at the code for specific details.
+
+The BIO library is a IO abstraction that was originally 
+inspired by the need to have callbacks to perform IO to FILE 
+pointers when using Windows 3.1 DLLs.  There are two types 
+of BIO; a source/sink type and a filter type.
+The source/sink methods are as follows:
+-	BIO_s_mem()  memory buffer - a read/write byte array that
+	grows until memory runs out :-).
+-	BIO_s_file()  FILE pointer - A wrapper around the normal 
+	'FILE *' commands, good for use with stdin/stdout.
+-	BIO_s_fd()  File descriptor - A wrapper around file 
+	descriptors, often used with pipes.
+-	BIO_s_socket()  Socket - Used around sockets.  It is 
+	mostly in the Microsoft world that sockets are different 
+	from file descriptors and there are all those ugly winsock 
+	commands.
+-	BIO_s_null()  Null - read nothing and write nothing.; a 
+	useful endpoint for filter type BIO's specifically things 
+	like the message digest BIO.
+
+The filter types are
+-	BIO_f_buffer()  IO buffering - does output buffering into 
+	larger chunks and performs input buffering to allow gets() 
+	type functions.
+-	BIO_f_md()  Message digest - a transparent filter that can 
+	be asked to return a message digest for the data that has 
+	passed through it.
+-	BIO_f_cipher()  Encrypt or decrypt all data passing 
+	through the filter.
+-	BIO_f_base64()  Base64 decode on read and encode on write.
+-	BIO_f_ssl()  A filter that performs SSL encryption on the 
+	data sent through it.
+
+Base BIO functions.
+The BIO library has a set of base functions that are 
+implemented for each particular type.  Filter BIOs will 
+normally call the equivalent function on the source/sink BIO 
+that they are layered on top of after they have performed 
+some modification to the data stream.  Multiple filter BIOs 
+can be 'push' into a stack of modifers, so to read from a 
+file, unbase64 it, then decrypt it, a BIO_f_cipher, 
+BIO_f_base64 and a BIO_s_file would probably be used.  If a 
+sha-1 and md5 message digest needed to be generated, a stack 
+two BIO_f_md() BIOs and a BIO_s_null() BIO could be used.
+The base functions are
+-	BIO *BIO_new(BIO_METHOD *type); Create  a new BIO of  type 'type'.
+-	int BIO_free(BIO *a); Free a BIO structure.  Depending on 
+	the configuration, this will free the underlying data 
+	object for a source/sink BIO.
+-	int BIO_read(BIO *b, char *data, int len); Read upto 'len' 
+	bytes into 'data'. 
+-	int BIO_gets(BIO *bp,char *buf, int size); Depending on 
+	the BIO, this can either be a 'get special' or a get one 
+	line of data, as per fgets();
+-	int BIO_write(BIO *b, char *data, int len); Write 'len' 
+	bytes from 'data' to the 'b' BIO.
+-	int BIO_puts(BIO *bp,char *buf); Either a 'put special' or 
+	a write null terminated string as per fputs().
+-	long BIO_ctrl(BIO *bp,int cmd,long larg,char *parg);  A 
+	control function which is used to manipulate the BIO 
+	structure and modify it's state and or report on it.  This 
+	function is just about never used directly, rather it 
+	should be used in conjunction with BIO_METHOD specific 
+	macros.
+-	BIO *BIO_push(BIO *new_top, BIO *old); new_top is apped to the
+	top of the 'old' BIO list.  new_top should be a filter BIO.
+	All writes will go through 'new_top' first and last on read.
+	'old' is returned.
+-	BIO *BIO_pop(BIO *bio); the new topmost BIO is returned, NULL if
+	there are no more.
+
+If a particular low level BIO method is not supported 
+(normally BIO_gets()), -2 will be returned if that method is 
+called.  Otherwise the IO methods (read, write, gets, puts) 
+will return the number of bytes read or written, and 0 or -1 
+for error (or end of input).  For the -1 case, 
+BIO_should_retry(bio) can be called to determine if it was a 
+genuine error or a temporary problem.  -2 will also be 
+returned if the BIO has not been initalised yet, in all 
+cases, the correct error codes are set (accessible via the 
+ERR library).
+
+
+The following functions are convenience functions:
+-	int BIO_printf(BIO *bio, char * format, ..);  printf but 
+	to a BIO handle.
+-	long BIO_ctrl_int(BIO *bp,int cmd,long larg,int iarg); a 
+	convenience function to allow a different argument types 
+	to be passed to BIO_ctrl().
+-	int BIO_dump(BIO *b,char *bytes,int len); output 'len' 
+	bytes from 'bytes' in a hex dump debug format.
+-	long BIO_debug_callback(BIO *bio, int cmd, char *argp, int 
+	argi, long argl, long ret) - a default debug BIO callback, 
+	this is mentioned below.  To use this one normally has to 
+	use the BIO_set_callback_arg() function to assign an 
+	output BIO for the callback to use.
+-	BIO *BIO_find_type(BIO *bio,int type); when there is a 'stack'
+	of BIOs, this function scan the list and returns the first
+	that is of type 'type', as listed in buffer.h under BIO_TYPE_XXX.
+-	void BIO_free_all(BIO *bio); Free the bio and all other BIOs
+	in the list.  It walks the bio->next_bio list.
+
+
+
+Extra commands are normally implemented as macros calling BIO_ctrl().
+-	BIO_number_read(BIO *bio) - the number of bytes processed 
+	by BIO_read(bio,.).
+-	BIO_number_written(BIO *bio) - the number of bytes written 
+	by BIO_write(bio,.).
+-	BIO_reset(BIO *bio) - 'reset' the BIO.
+-	BIO_eof(BIO *bio) - non zero if we are at the current end 
+	of input.
+-	BIO_set_close(BIO *bio, int close_flag) - set the close flag.
+-	BIO_get_close(BIO *bio) - return the close flag.
+	BIO_pending(BIO *bio) - return the number of bytes waiting 
+	to be read (normally buffered internally).
+-	BIO_flush(BIO *bio) - output any data waiting to be output.
+-	BIO_should_retry(BIO *io) - after a BIO_read/BIO_write 
+	operation returns 0 or -1, a call to this function will 
+	return non zero if you should retry the call later (this 
+	is for non-blocking IO).
+-	BIO_should_read(BIO *io) - we should retry when data can 
+	be read.
+-	BIO_should_write(BIO *io) - we should retry when data can 
+	be written.
+-	BIO_method_name(BIO *io) - return a string for the method name.
+-	BIO_method_type(BIO *io) - return the unique ID of the BIO method.
+-	BIO_set_callback(BIO *io,  long (*callback)(BIO *io, int 
+	cmd, char *argp, int argi, long argl, long ret); - sets 
+	the debug callback.
+-	BIO_get_callback(BIO *io) - return the assigned function 
+	as mentioned above.
+-	BIO_set_callback_arg(BIO *io, char *arg)  - assign some 
+	data against the BIO.  This is normally used by the debug 
+	callback but could in reality be used for anything.  To 
+	get an idea of how all this works, have a look at the code 
+	in the default debug callback mentioned above.  The 
+	callback can modify the return values.
+
+Details of the BIO_METHOD structure.
+typedef struct bio_method_st
+        {
+	int type;
+	char *name;
+	int (*bwrite)();
+	int (*bread)();
+	int (*bputs)();
+	int (*bgets)();
+	long (*ctrl)();
+	int (*create)();
+	int (*destroy)();
+	} BIO_METHOD;
+
+The 'type' is the numeric type of the BIO, these are listed in buffer.h;
+'Name' is a textual representation of the BIO 'type'.
+The 7 function pointers point to the respective function 
+methods, some of which can be NULL if not implemented.
+The BIO structure
+typedef struct bio_st
+	{
+	BIO_METHOD *method;
+	long (*callback)(BIO * bio, int mode, char *argp, int 
+		argi, long argl, long ret);
+	char *cb_arg; /* first argument for the callback */
+	int init;
+	int shutdown;
+	int flags;      /* extra storage */
+	int num;
+	char *ptr;
+	struct bio_st *next_bio; /* used by filter BIOs */
+	int references;
+	unsigned long num_read;
+	unsigned long num_write;
+	} BIO;
+
+-	'Method' is the BIO method.
+-	'callback', when configured, is called before and after 
+	each BIO method is called for that particular BIO.  This 
+	is intended primarily for debugging and of informational feedback.
+-	'init' is 0 when the BIO can be used for operation.  
+	Often, after a BIO is created, a number of operations may 
+	need to be performed before it is available for use.  An 
+	example is for BIO_s_sock().  A socket needs to be 
+	assigned to the BIO before it can be used.
+-	'shutdown', this flag indicates if the underlying 
+	comunication primative being used should be closed/freed 
+	when the BIO is closed.
+-	'flags' is used to hold extra state.  It is primarily used 
+	to hold information about why a non-blocking operation 
+	failed and to record startup protocol information for the 
+	SSL BIO.
+-	'num' and 'ptr' are used to hold instance specific state 
+	like file descriptors or local data structures.
+-	'next_bio' is used by filter BIOs to hold the pointer of the
+	next BIO in the chain. written data is sent to this BIO and
+	data read is taken from it.
+-	'references' is used to indicate the number of pointers to 
+	this structure.  This needs to be '1' before a call to 
+	BIO_free() is made if the BIO_free() function is to 
+	actually free() the structure, otherwise the reference 
+	count is just decreased.  The actual BIO subsystem does 
+	not really use this functionality but it is useful when 
+	used in more advanced applicaion.
+-	num_read and num_write are the total number of bytes 
+	read/written via the 'read()' and 'write()' methods.
+
+BIO_ctrl operations.
+The following is the list of standard commands passed as the 
+second parameter to BIO_ctrl() and should be supported by 
+all BIO as best as possible.  Some are optional, some are 
+manditory, in any case, where is makes sense, a filter BIO 
+should pass such requests to underlying BIO's.
+-	BIO_CTRL_RESET	- Reset the BIO back to an initial state.
+-	BIO_CTRL_EOF	- return 0 if we are not at the end of input, 
+	non 0 if we are.
+-	BIO_CTRL_INFO	- BIO specific special command, normal
+	information return.
+-	BIO_CTRL_SET	- set IO specific parameter.
+-	BIO_CTRL_GET	- get IO specific parameter.
+-	BIO_CTRL_GET_CLOSE - Get the close on BIO_free() flag, one 
+	of BIO_CLOSE or BIO_NOCLOSE.
+-	BIO_CTRL_SET_CLOSE - Set the close on BIO_free() flag.
+-	BIO_CTRL_PENDING - Return the number of bytes available 
+	for instant reading
+-	BIO_CTRL_FLUSH	- Output pending data, return number of bytes output.
+-	BIO_CTRL_SHOULD_RETRY - After an IO error (-1 returned) 
+	should we 'retry' when IO is possible on the underlying IO object.
+-	BIO_CTRL_RETRY_TYPE - What kind of IO are we waiting on.
+
+The following command is a special BIO_s_file() specific option.
+-	BIO_CTRL_SET_FILENAME - specify a file to open for IO.
+
+The BIO_CTRL_RETRY_TYPE needs a little more explanation.  
+When performing non-blocking IO, or say reading on a memory 
+BIO, when no data is present (or cannot be written), 
+BIO_read() and/or BIO_write() will return -1.  
+BIO_should_retry(bio) will return true if this is due to an 
+IO condition rather than an actual error.  In the case of 
+BIO_s_mem(), a read when there is no data will return -1 and 
+a should retry when there is more 'read' data.
+The retry type is deduced from 2 macros
+BIO_should_read(bio) and BIO_should_write(bio).
+Now while it may appear obvious that a BIO_read() failure 
+should indicate that a retry should be performed when more 
+read data is available, this is often not true when using 
+things like an SSL BIO.  During the SSL protocol startup 
+multiple reads and writes are performed, triggered by any 
+SSL_read or SSL_write.
+So to write code that will transparently handle either a 
+socket or SSL BIO,
+	i=BIO_read(bio,..)
+	if (I == -1)
+		{
+		if (BIO_should_retry(bio))
+			{
+			if (BIO_should_read(bio))
+				{
+				/* call us again when BIO can be read */
+				}
+			if (BIO_should_write(bio))
+				{
+				/* call us again when BIO can be written */
+				}
+			}
+		}
+
+At this point in time only read and write conditions can be 
+used but in the future I can see the situation for other 
+conditions, specifically with SSL there could be a condition 
+of a X509 certificate lookup taking place and so the non-
+blocking BIO_read would require a retry when the certificate 
+lookup subsystem has finished it's lookup.  This is all 
+makes more sense and is easy to use in a event loop type 
+setup.
+When using the SSL BIO, either SSL_read() or SSL_write()s 
+can be called during the protocol startup and things will 
+still work correctly.
+The nice aspect of the use of the BIO_should_retry() macro 
+is that all the errno codes that indicate a non-fatal error 
+are encapsulated in one place.  The Windows specific error 
+codes and WSAGetLastError() calls are also hidden from the 
+application.
+
+Notes on each BIO method.
+Normally buffer.h is just required but depending on the 
+BIO_METHOD, ssl.h or evp.h will also be required.
+
+BIO_METHOD *BIO_s_mem(void);
+-	BIO_set_mem_buf(BIO *bio, BUF_MEM *bm, int close_flag) - 
+	set the underlying BUF_MEM structure for the BIO to use.
+-	BIO_get_mem_ptr(BIO *bio, char **pp) - if pp is not NULL, 
+	set it to point to the memory array and return the number 
+	of bytes available.
+A read/write BIO.  Any data written is appended to the 
+memory array and any read is read from the front.  This BIO 
+can be used for read/write at the same time. BIO_gets() is 
+supported in the fgets() sense.
+BIO_CTRL_INFO can be used to retrieve pointers to the memory 
+buffer and it's length.
+
+BIO_METHOD *BIO_s_file(void);
+-	BIO_set_fp(BIO *bio, FILE *fp, int close_flag) - set 'FILE *' to use.
+-	BIO_get_fp(BIO *bio, FILE **fp) - get the 'FILE *' in use.
+-	BIO_read_filename(BIO *bio, char *name) - read from file.
+-	BIO_write_filename(BIO *bio, char *name) - write to file.
+-	BIO_append_filename(BIO *bio, char *name) - append to file.
+This BIO sits over the normal system fread()/fgets() type 
+functions. Gets() is supported.  This BIO in theory could be 
+used for read and write but it is best to think of each BIO 
+of this type as either a read or a write BIO, not both.
+
+BIO_METHOD *BIO_s_socket(void);
+BIO_METHOD *BIO_s_fd(void);
+-	BIO_sock_should_retry(int i) - the underlying function 
+	used to determine if a call should be retried; the 
+	argument is the '0' or '-1' returned by the previous BIO 
+	operation.
+-	BIO_fd_should_retry(int i) - same as the 
+-	BIO_sock_should_retry() except that it is different internally.
+-	BIO_set_fd(BIO *bio, int fd, int close_flag) - set the 
+	file descriptor to use
+-	BIO_get_fd(BIO *bio, int *fd) - get the file descriptor.
+These two methods are very similar.  Gets() is not 
+supported, if you want this functionality, put a 
+BIO_f_buffer() onto it.  This BIO is bi-directional if the 
+underlying file descriptor is.  This is normally the case 
+for sockets but not the case for stdio descriptors.
+
+BIO_METHOD *BIO_s_null(void);
+Read and write as much data as you like, it all disappears 
+into this BIO.
+
+BIO_METHOD *BIO_f_buffer(void);
+-	BIO_get_buffer_num_lines(BIO *bio) - return the number of 
+	complete lines in the buffer.
+-	BIO_set_buffer_size(BIO *bio, long size) - set the size of 
+	the buffers.
+This type performs input and output buffering.  It performs 
+both at the same time.  The size of the buffer can be set 
+via the set buffer size option.  Data buffered for output is 
+only written when the buffer fills.
+
+BIO_METHOD *BIO_f_ssl(void);
+-	BIO_set_ssl(BIO *bio, SSL *ssl, int close_flag) - the SSL 
+	structure to use.
+-	BIO_get_ssl(BIO *bio, SSL **ssl) - get the SSL structure 
+	in use.
+The SSL bio is a little different from normal BIOs because 
+the underlying SSL structure is a little different.  A SSL 
+structure performs IO via a read and write BIO.  These can 
+be different and are normally set via the
+SSL_set_rbio()/SSL_set_wbio() calls.  The SSL_set_fd() calls 
+are just wrappers that create socket BIOs and then call 
+SSL_set_bio() where the read and write BIOs are the same.  
+The BIO_push() operation makes the SSLs IO BIOs the same, so 
+make sure the BIO pushed is capable of two directional 
+traffic.  If it is not, you will have to install the BIOs 
+via the more conventional SSL_set_bio() call.  BIO_pop() will retrieve
+the 'SSL read' BIO.
+
+BIO_METHOD *BIO_f_md(void);
+-	BIO_set_md(BIO *bio, EVP_MD *md) - set the message digest 
+	to use.
+-	BIO_get_md(BIO *bio, EVP_MD **mdp) - return the digest 
+	method in use in mdp, return 0 if not set yet.
+-	BIO_reset() reinitializes the digest (EVP_DigestInit()) 
+	and passes the reset to the underlying BIOs.
+All data read or written via BIO_read() or BIO_write() to 
+this BIO will be added to the calculated digest.  This 
+implies that this BIO is only one directional.  If read and 
+write operations are performed, two separate BIO_f_md() BIOs 
+are reuqired to generate digests on both the input and the 
+output.  BIO_gets(BIO *bio, char *md, int size) will place the 
+generated digest into 'md' and return the number of bytes.  
+The EVP_MAX_MD_SIZE should probably be used to size the 'md' 
+array.  Reading the digest will also reset it.
+
+BIO_METHOD *BIO_f_cipher(void);
+-	BIO_reset() reinitializes the cipher.
+-	BIO_flush() should be called when the last bytes have been 
+	output to flush the final block of block ciphers.
+-	BIO_get_cipher_status(BIO *b), when called after the last 
+	read from a cipher BIO, returns non-zero if the data 
+	decrypted correctly, otherwise, 0.
+-	BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *key, 
+	unsigned char *iv, int encrypt)   This function is used to 
+	setup a cipher BIO.  The length of key and iv are 
+	specified by the choice of EVP_CIPHER.  Encrypt is 1 to 
+	encrypt and 0 to decrypt.
+
+BIO_METHOD *BIO_f_base64(void);
+-	BIO_flush() should be called when the last bytes have been output.
+This BIO base64 encodes when writing and base64 decodes when 
+reading.  It will scan the input until a suitable begin line 
+is found.  After reading data, BIO_reset() will reset the 
+BIO to start scanning again.  Do not mix reading and writing 
+on the same base64 BIO.  It is meant as a single stream BIO.
+
+Directions	type
+both		BIO_s_mem()
+one/both	BIO_s_file()
+both		BIO_s_fd()
+both		BIO_s_socket() 
+both		BIO_s_null()
+both		BIO_f_buffer()
+one		BIO_f_md()  
+one		BIO_f_cipher()  
+one		BIO_f_base64()  
+both		BIO_f_ssl()
+
+It is easy to mix one and two directional BIOs, all one has 
+to do is to keep two separate BIO pointers for reading and 
+writing and be careful about usage of underlying BIOs.  The 
+SSL bio by it's very nature has to be two directional but 
+the BIO_push() command will push the one BIO into the SSL 
+BIO for both reading and writing.
+
+The best example program to look at is apps/enc.c and/or perhaps apps/dgst.c.
+
+
+==== blowfish.doc ========================================================
+
+The Blowfish library.
+
+Blowfish is a block cipher that operates on 64bit (8 byte) quantities.  It
+uses variable size key, but 128bit (16 byte) key would normally be considered
+good.  It can be used in all the modes that DES can be used.  This
+library implements the ecb, cbc, cfb64, ofb64 modes.
+
+Blowfish is quite a bit faster that DES, and much faster than IDEA or
+RC2.  It is one of the faster block ciphers.
+
+For all calls that have an 'input' and 'output' variables, they can be the
+same.
+
+This library requires the inclusion of 'blowfish.h'.
+
+All of the encryption functions take what is called an BF_KEY as an 
+argument.  An BF_KEY is an expanded form of the Blowfish key.
+For all modes of the Blowfish algorithm, the BF_KEY used for
+decryption is the same one that was used for encryption.
+
+The define BF_ENCRYPT is passed to specify encryption for the functions
+that require an encryption/decryption flag. BF_DECRYPT is passed to
+specify decryption.
+
+Please note that any of the encryption modes specified in my DES library
+could be used with Blowfish.  I have only implemented ecb, cbc, cfb64 and
+ofb64 for the following reasons.
+- ecb is the basic Blowfish encryption.
+- cbc is the normal 'chaining' form for block ciphers.
+- cfb64 can be used to encrypt single characters, therefore input and output
+  do not need to be a multiple of 8.
+- ofb64 is similar to cfb64 but is more like a stream cipher, not as
+  secure (not cipher feedback) but it does not have an encrypt/decrypt mode.
+- If you want triple Blowfish, thats 384 bits of key and you must be totally
+  obsessed with security.  Still, if you want it, it is simple enough to
+  copy the function from the DES library and change the des_encrypt to
+  BF_encrypt; an exercise left for the paranoid reader :-).
+
+The functions are as follows:
+
+void BF_set_key(
+BF_KEY *ks;
+int len;
+unsigned char *key;
+        BF_set_key converts an 'len' byte key into a BF_KEY.
+        A 'ks' is an expanded form of the 'key' which is used to
+        perform actual encryption.  It can be regenerated from the Blowfish key
+        so it only needs to be kept when encryption or decryption is about
+        to occur.  Don't save or pass around BF_KEY's since they
+        are CPU architecture dependent, 'key's are not.  Blowfish is an
+	interesting cipher in that it can be used with a variable length
+	key.  'len' is the length of 'key' to be used as the key.
+	A 'len' of 16 is recomended by me, but blowfish can use upto
+	72 bytes.  As a warning, blowfish has a very very slow set_key
+	function, it actually runs BF_encrypt 521 times.
+	
+void BF_encrypt(unsigned long *data, BF_KEY *key);
+void BF_decrypt(unsigned long *data, BF_KEY *key);
+	These are the Blowfish encryption function that gets called by just
+	about every other Blowfish routine in the library.  You should not
+	use this function except to implement 'modes' of Blowfish.
+	I say this because the
+	functions that call this routine do the conversion from 'char *' to
+	long, and this needs to be done to make sure 'non-aligned' memory
+	access do not occur.
+	Data is a pointer to 2 unsigned long's and key is the
+	BF_KEY to use. 
+
+void BF_ecb_encrypt(
+unsigned char *in,
+unsigned char *out,
+BF_KEY *key,
+int encrypt);
+	This is the basic Electronic Code Book form of Blowfish (in DES this
+	mode is called Electronic Code Book so I'm going to use the term
+	for blowfish as well.
+	Input is encrypted into output using the key represented by
+	key.  Depending on the encrypt, encryption or
+	decryption occurs.  Input is 8 bytes long and output is 8 bytes.
+	
+void BF_cbc_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+BF_KEY *ks,
+unsigned char *ivec,
+int encrypt);
+	This routine implements Blowfish in Cipher Block Chaining mode.
+	Input, which should be a multiple of 8 bytes is encrypted
+	(or decrypted) to output which will also be a multiple of 8 bytes.
+	The number of bytes is in length (and from what I've said above,
+	should be a multiple of 8).  If length is not a multiple of 8, bad 
+	things will probably happen.  ivec is the initialisation vector.
+	This function updates iv after each call so that it can be passed to
+	the next call to BF_cbc_encrypt().
+	
+void BF_cfb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+BF_KEY *schedule,
+unsigned char *ivec,
+int *num,
+int encrypt);
+	This is one of the more useful functions in this Blowfish library, it
+	implements CFB mode of Blowfish with 64bit feedback.
+	This allows you to encrypt an arbitrary number of bytes,
+	you do not require 8 byte padding.  Each call to this
+	routine will encrypt the input bytes to output and then update ivec
+	and num.  Num contains 'how far' we are though ivec.
+	'Encrypt' is used to indicate encryption or decryption.
+	CFB64 mode operates by using the cipher to generate a stream
+	of bytes which is used to encrypt the plain text.
+	The cipher text is then encrypted to generate the next 64 bits to
+	be xored (incrementally) with the next 64 bits of plain
+	text.  As can be seen from this, to encrypt or decrypt,
+	the same 'cipher stream' needs to be generated but the way the next
+	block of data is gathered for encryption is different for
+	encryption and decryption.
+	
+void BF_ofb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+BF_KEY *schedule,
+unsigned char *ivec,
+int *num);
+	This functions implements OFB mode of Blowfish with 64bit feedback.
+	This allows you to encrypt an arbitrary number of bytes,
+	you do not require 8 byte padding.  Each call to this
+	routine will encrypt the input bytes to output and then update ivec
+	and num.  Num contains 'how far' we are though ivec.
+	This is in effect a stream cipher, there is no encryption or
+	decryption mode.
+	
+For reading passwords, I suggest using des_read_pw_string() from my DES library.
+To generate a password from a text string, I suggest using MD5 (or MD2) to
+produce a 16 byte message digest that can then be passed directly to
+BF_set_key().
+
+=====
+For more information about the specific Blowfish modes in this library
+(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the
+documentation on my DES library.  What is said about DES is directly
+applicable for Blowfish.
+
+
+==== bn.doc ========================================================
+
+The Big Number library.
+
+#include "bn.h" when using this library.
+
+This big number library was written for use in implementing the RSA and DH
+public key encryption algorithms.  As such, features such as negative
+numbers have not been extensively tested but they should work as expected.
+This library uses dynamic memory allocation for storing its data structures
+and so there are no limit on the size of the numbers manipulated by these
+routines but there is always the requirement to check return codes from
+functions just in case a memory allocation error has occurred.
+
+The basic object in this library is a BIGNUM.  It is used to hold a single
+large integer.  This type should be considered opaque and fields should not
+be modified or accessed directly.
+typedef struct bignum_st
+	{
+	int top;	/* Index of last used d. */
+	BN_ULONG *d;	/* Pointer to an array of 'BITS2' bit chunks. */
+	int max;	/* Size of the d array. */
+	int neg;
+	} BIGNUM;
+The big number is stored in a malloced array of BN_ULONG's.  A BN_ULONG can
+be either 16, 32 or 64 bits in size, depending on the 'number of  bits'
+specified in bn.h. 
+The 'd' field is this array.  'max' is the size of the 'd' array that has
+been allocated.  'top' is the 'last' entry being used, so for a value of 4,
+bn.d[0]=4 and bn.top=1.  'neg' is 1 if the number is negative.
+When a BIGNUM is '0', the 'd' field can be NULL and top == 0.
+
+Various routines in this library require the use of 'temporary' BIGNUM
+variables during their execution.  Due to the use of dynamic memory
+allocation to create BIGNUMs being rather expensive when used in
+conjunction with repeated subroutine calls, the BN_CTX structure is
+used.  This structure contains BN_CTX BIGNUMs.  BN_CTX
+is the maximum number of temporary BIGNUMs any publicly exported 
+function will use.
+
+#define BN_CTX	12
+typedef struct bignum_ctx
+	{
+	int tos;			/* top of stack */
+	BIGNUM *bn[BN_CTX];	/* The variables */
+	} BN_CTX;
+
+The functions that follow have been grouped according to function.  Most
+arithmetic functions return a result in the first argument, sometimes this
+first argument can also be an input parameter, sometimes it cannot.  These
+restrictions are documented.
+
+extern BIGNUM *BN_value_one;
+There is one variable defined by this library, a BIGNUM which contains the
+number 1.  This variable is useful for use in comparisons and assignment.
+
+Get Size functions.
+
+int BN_num_bits(BIGNUM *a);
+	This function returns the size of 'a' in bits.
+	
+int BN_num_bytes(BIGNUM *a);
+	This function (macro) returns the size of 'a' in bytes.
+	For conversion of BIGNUMs to byte streams, this is the number of
+	bytes the output string will occupy.  If the output byte
+	format specifies that the 'top' bit indicates if the number is
+	signed, so an extra '0' byte is required if the top bit on a
+	positive number is being written, it is upto the application to
+	make this adjustment.  Like I said at the start, I don't
+	really support negative numbers :-).
+
+Creation/Destruction routines.
+
+BIGNUM *BN_new();
+	Return a new BIGNUM object.  The number initially has a value of 0.  If
+	there is an error, NULL is returned.
+	
+void	BN_free(BIGNUM *a);
+	Free()s a BIGNUM.
+	
+void	BN_clear(BIGNUM *a);
+	Sets 'a' to a value of 0 and also zeros all unused allocated
+	memory.  This function is used to clear a variable of 'sensitive'
+	data that was held in it.
+	
+void	BN_clear_free(BIGNUM *a);
+	This function zeros the memory used by 'a' and then free()'s it.
+	This function should be used to BN_free() BIGNUMS that have held
+	sensitive numeric values like RSA private key values.  Both this
+	function and BN_clear tend to only be used by RSA and DH routines.
+
+BN_CTX *BN_CTX_new(void);
+	Returns a new BN_CTX.  NULL on error.
+	
+void	BN_CTX_free(BN_CTX *c);
+	Free a BN_CTX structure.  The BIGNUMs in 'c' are BN_clear_free()ed.
+	
+BIGNUM *bn_expand(BIGNUM *b, int bits);
+	This is an internal function that should not normally be used.  It
+	ensures that 'b' has enough room for a 'bits' bit number.  It is
+	mostly used by the various BIGNUM routines.  If there is an error,
+	NULL is returned. if not, 'b' is returned.
+	
+BIGNUM *BN_copy(BIGNUM *to, BIGNUM *from);
+	The 'from' is copied into 'to'.  NULL is returned if there is an
+	error, otherwise 'to' is returned.
+
+BIGNUM *BN_dup(BIGNUM *a);
+	A new BIGNUM is created and returned containing the value of 'a'.
+	NULL is returned on error.
+
+Comparison and Test Functions.
+
+int BN_is_zero(BIGNUM *a)
+	Return 1 if 'a' is zero, else 0.
+
+int BN_is_one(a)
+	Return 1 is 'a' is one, else 0.
+
+int BN_is_word(a,w)
+	Return 1 if 'a' == w, else 0.  'w' is a BN_ULONG.
+
+int BN_cmp(BIGNUM *a, BIGNUM *b);
+	Return -1 if 'a' is less than 'b', 0 if 'a' and 'b' are the same
+	and 1 is 'a' is greater than 'b'.  This is a signed comparison.
+	
+int BN_ucmp(BIGNUM *a, BIGNUM *b);
+	This function is the same as BN_cmp except that the comparison
+	ignores the sign of the numbers.
+	
+Arithmetic Functions
+For all of these functions, 0 is returned if there is an error and 1 is
+returned for success.  The return value should always be checked.  eg.
+if (!BN_add(r,a,b)) goto err;
+Unless explicitly mentioned, the 'return' value can be one of the
+'parameters' to the function.
+
+int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+	Add 'a' and 'b' and return the result in 'r'.  This is r=a+b.
+	
+int BN_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+	Subtract 'a' from 'b' and put the result in 'r'. This is r=a-b.
+	
+int BN_lshift(BIGNUM *r, BIGNUM *a, int n);
+	Shift 'a' left by 'n' bits.  This is r=a*(2^n).
+	
+int BN_lshift1(BIGNUM *r, BIGNUM *a);
+	Shift 'a' left by 1 bit.  This form is more efficient than
+	BN_lshift(r,a,1).  This is r=a*2.
+	
+int BN_rshift(BIGNUM *r, BIGNUM *a, int n);
+	Shift 'a' right by 'n' bits.  This is r=int(a/(2^n)).
+	
+int BN_rshift1(BIGNUM *r, BIGNUM *a);
+	Shift 'a' right by 1 bit.  This form is more efficient than
+	BN_rshift(r,a,1).  This is r=int(a/2).
+	
+int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b);
+	Multiply a by b and return the result in 'r'. 'r' must not be
+	either 'a' or 'b'.  It has to be a different BIGNUM.
+	This is r=a*b.
+
+int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
+	Multiply a by a and return the result in 'r'. 'r' must not be
+	'a'.  This function is alot faster than BN_mul(r,a,a).  This is r=a*a.
+
+int BN_div(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
+	Divide 'm' by 'd' and return the result in 'dv' and the remainder
+	in 'rem'.  Either of 'dv' or 'rem' can be NULL in which case that
+	value is not returned.  'ctx' needs to be passed as a source of
+	temporary BIGNUM variables.
+	This is dv=int(m/d), rem=m%d.
+	
+int BN_mod(BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
+	Find the remainder of 'm' divided by 'd' and return it in 'rem'.
+	'ctx' holds the temporary BIGNUMs required by this function.
+	This function is more efficient than BN_div(NULL,rem,m,d,ctx);
+	This is rem=m%d.
+
+int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *m,BN_CTX *ctx);
+	Multiply 'a' by 'b' and return the remainder when divided by 'm'.
+	'ctx' holds the temporary BIGNUMs required by this function.
+	This is r=(a*b)%m.
+
+int BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx);
+	Raise 'a' to the 'p' power and return the remainder when divided by
+	'm'.  'ctx' holds the temporary BIGNUMs required by this function.
+	This is r=(a^p)%m.
+
+int BN_reciprocal(BIGNUM *r, BIGNUM *m, BN_CTX *ctx);
+	Return the reciprocal of 'm'.  'ctx' holds the temporary variables
+	required.  This function returns -1 on error, otherwise it returns
+	the number of bits 'r' is shifted left to make 'r' into an integer.
+	This number of bits shifted is required in BN_mod_mul_reciprocal().
+	This is r=(1/m)<<(BN_num_bits(m)+1).
+	
+int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BIGNUM *m, 
+	BIGNUM *i, int nb, BN_CTX *ctx);
+	This function is used to perform an efficient BN_mod_mul()
+	operation.  If one is going to repeatedly perform BN_mod_mul() with
+	the same modulus is worth calculating the reciprocal of the modulus
+	and then using this function.  This operation uses the fact that
+	a/b == a*r where r is the reciprocal of b.  On modern computers
+	multiplication is very fast and big number division is very slow.
+	'x' is multiplied by 'y' and then divided by 'm' and the remainder
+	is returned.  'i' is the reciprocal of 'm' and 'nb' is the number
+	of bits as returned from BN_reciprocal().  Normal usage is as follows.
+	bn=BN_reciprocal(i,m);
+	for (...)
+		{ BN_mod_mul_reciprocal(r,x,y,m,i,bn,ctx); }
+	This is r=(x*y)%m.  Internally it is approximately
+	r=(x*y)-m*(x*y/m) or r=(x*y)-m*((x*y*i) >> bn)
+	This function is used in BN_mod_exp() and BN_is_prime().
+
+Assignment Operations
+
+int BN_one(BIGNUM *a)
+	Set 'a' to hold the value one.
+	This is a=1.
+	
+int BN_zero(BIGNUM *a)
+	Set 'a' to hold the value zero.
+	This is a=0.
+	
+int BN_set_word(BIGNUM *a, unsigned long w);
+	Set 'a' to hold the value of 'w'.  'w' is an unsigned long.
+	This is a=w.
+
+unsigned long BN_get_word(BIGNUM *a);
+	Returns 'a' in an unsigned long.  Not remarkably, often 'a' will
+	be biger than a word, in which case 0xffffffffL is returned.
+
+Word Operations
+These functions are much more efficient that the normal bignum arithmetic
+operations.
+
+BN_ULONG BN_mod_word(BIGNUM *a, unsigned long w);
+	Return the remainder of 'a' divided by 'w'.
+	This is return(a%w).
+	
+int BN_add_word(BIGNUM *a, unsigned long w);
+	Add 'w' to 'a'.  This function does not take the sign of 'a' into
+	account.  This is a+=w;
+	
+Bit operations.
+
+int BN_is_bit_set(BIGNUM *a, int n);
+	This function return 1 if bit 'n' is set in 'a' else 0.
+
+int BN_set_bit(BIGNUM *a, int n);
+	This function sets bit 'n' to 1 in 'a'. 
+	This is a&= ~(1<<n);
+
+int BN_clear_bit(BIGNUM *a, int n);
+	This function sets bit 'n' to zero in 'a'.  Return 0 if less
+	than 'n' bits in 'a' else 1.  This is a&= ~(1<<n);
+
+int BN_mask_bits(BIGNUM *a, int n);
+	Truncate 'a' to n bits long.  This is a&= ~((~0)<<n)
+
+Format conversion routines.
+
+BIGNUM *BN_bin2bn(unsigned char *s, int len,BIGNUM *ret);
+	This function converts 'len' bytes in 's' into a BIGNUM which
+	is put in 'ret'.  If ret is NULL, a new BIGNUM is created.
+	Either this new BIGNUM or ret is returned.  The number is
+	assumed to be in bigendian form in 's'.  By this I mean that
+	to 'ret' is created as follows for 'len' == 5.
+	ret = s[0]*2^32 + s[1]*2^24 + s[2]*2^16 + s[3]*2^8 + s[4];
+	This function cannot be used to convert negative numbers.  It
+	is always assumed the number is positive.  The application
+	needs to diddle the 'neg' field of th BIGNUM its self.
+	The better solution would be to save the numbers in ASN.1 format
+	since this is a defined standard for storing big numbers.
+	Look at the functions
+
+	ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai);
+	BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn);
+	int i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp);
+	ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,
+		long length;
+
+int BN_bn2bin(BIGNUM *a, unsigned char *to);
+	This function converts 'a' to a byte string which is put into
+	'to'.  The representation is big-endian in that the most
+	significant byte of 'a' is put into to[0].  This function
+	returns the number of bytes used to hold 'a'.  BN_num_bytes(a)
+	would return the same value and can be used to determine how
+	large 'to' needs to be.  If the number is negative, this
+	information is lost.  Since this library was written to
+	manipulate large positive integers, the inability to save and
+	restore them is not considered to be a problem by me :-).
+	As for BN_bin2bn(), look at the ASN.1 integer encoding funtions
+	for SSLeay.  They use BN_bin2bn() and BN_bn2bin() internally.
+	
+char *BN_bn2ascii(BIGNUM *a);
+	This function returns a malloc()ed string that contains the
+	ascii hexadecimal encoding of 'a'.  The number is in bigendian
+	format with a '-' in front if the number is negative.
+
+int BN_ascii2bn(BIGNUM **bn, char *a);
+	The inverse of BN_bn2ascii.  The function returns the number of
+	characters from 'a' were processed in generating a the bignum.
+	error is inticated by 0 being returned.  The number is a
+	hex digit string, optionally with a leading '-'.  If *bn
+	is null, a BIGNUM is created and returned via that variable.
+	
+int BN_print_fp(FILE *fp, BIGNUM *a);
+	'a' is printed to file pointer 'fp'.  It is in the same format
+	that is output from BN_bn2ascii().  0 is returned on error,
+	1 if things are ok.
+
+int BN_print(BIO *bp, BIGNUM *a);
+	Same as BN_print except that the output is done to the SSLeay libraries
+	BIO routines.  BN_print_fp() actually calls this function.
+
+Miscellaneous Routines.
+
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+	This function returns in 'rnd' a random BIGNUM that is bits
+	long.  If bottom is 1, the number returned is odd.  If top is set,
+	the top 2 bits of the number are set.  This is useful because if
+	this is set, 2 'n; bit numbers multiplied together will return a 2n
+	bit number.  If top was not set, they could produce a 2n-1 bit
+	number.
+
+BIGNUM *BN_mod_inverse(BIGNUM *a, BIGNUM *n,BN_CTX *ctx);
+	This function create a new BIGNUM and returns it.  This number
+	is the inverse mod 'n' of 'a'.  By this it is meant that the
+	returned value 'r' satisfies (a*r)%n == 1.  This function is
+	used in the generation of RSA keys.  'ctx', as per usual,
+	is used to hold temporary variables that are required by the
+	function.  NULL is returned on error.
+
+int BN_gcd(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_CTX *ctx);
+	'r' has the greatest common divisor of 'a' and 'b'.  'ctx' is
+	used for temporary variables and 0 is returned on error.
+
+int BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(),BN_CTX *ctx,
+	char *cb_arg);
+	This function is used to check if a BIGNUM ('p') is prime.
+	It performs this test by using the Miller-Rabin randomised
+	primality test.  This is a probalistic test that requires a
+	number of rounds to ensure the number is prime to a high
+	degree of probability.  Since this can take quite some time, a
+	callback function can be passed and it will be called each
+	time 'p' passes a round of the prime testing.  'callback' will
+	be called as follows, callback(1,n,cb_arg) where n is the number of
+	the round, just passed.  As per usual 'ctx' contains temporary
+	variables used.  If ctx is NULL, it does not matter, a local version
+	will be malloced.  This parameter is present to save some mallocing
+	inside the function but probably could be removed.
+	0 is returned on error.
+	'ncheck' is the number of Miller-Rabin tests to run.  It is
+	suggested to use the value 'BN_prime_checks' by default.
+
+BIGNUM *BN_generate_prime(
+int bits,
+int strong,
+BIGNUM *a,
+BIGNUM *rems,
+void (*callback)());
+char *cb_arg
+	This function is used to generate prime numbers.  It returns a
+	new BIGNUM that has a high probability of being a prime.
+	'bits' is the number of bits that
+	are to be in the prime.  If 'strong' is true, the returned prime
+	will also be a strong prime ((p-1)/2 is also prime).
+	While searching for the prime ('p'), we
+	can add the requirement that the prime fill the following
+	condition p%a == rem.  This can be used to help search for
+	primes with specific features, which is required when looking
+	for primes suitable for use with certain 'g' values in the
+	Diffie-Hellman key exchange algorithm.  If 'a' is NULL,
+	this condition is not checked.  If rem is NULL, rem is assumed
+	to be 1.  Since this search for a prime
+	can take quite some time, if callback is not NULL, it is called
+	in the following situations.
+	We have a suspected prime (from a quick sieve),
+	callback(0,sus_prime++,cb_arg). Each item to be passed to BN_is_prime().
+	callback(1,round++,cb_arg).  Each successful 'round' in BN_is_prime().
+	callback(2,round,cb_arg). For each successful BN_is_prime() test.
+
+Hints
+-----
+
+DSA wants 64*32 to use word mont mul, but RSA wants to use full.
+
+==== callback.doc ========================================================
+
+Callback functions used in SSLeay.
+
+--------------------------
+The BIO library.  
+
+Each BIO structure can have a callback defined against it.  This callback is
+called 2 times for each BIO 'function'.  It is passed 6 parameters.
+BIO_debug_callback() is an example callback which is defined in
+crypto/buffer/bio_cb.c and is used in apps/dgst.c  This is intended mostly
+for debuging or to notify the application of IO.
+
+long BIO_debug_callback(BIO *bio,int cmd,char *argp,int argi,long argl,
+	long ret);
+bio is the BIO being called, cmd is the type of BIO function being called.
+Look at the BIO_CB_* defines in buffer.h.  Argp and argi are the arguments
+passed to BIO_read(), BIO_write, BIO_gets(), BIO_puts().  In the case of
+BIO_ctrl(), argl is also defined.  The first time the callback is called,
+before the underlying function has been executed, 0 is passed as 'ret', and
+if the return code from the callback is not > 0, the call is aborted
+and the returned <= 0 value is returned.
+The second time the callback is called, the 'cmd' value also has
+BIO_CB_RETURN logically 'or'ed with it.  The 'ret' value is the value returned
+from the actuall function call and whatever the callback returns is returned
+from the BIO function.
+
+BIO_set_callback(b,cb) can be used to set the callback function
+(b is a BIO), and BIO_set_callback_arg(b,arg) can be used to
+set the cb_arg argument in the BIO strucutre.  This field is only intended
+to be used by application, primarily in the callback function since it is
+accessable since the BIO is passed.
+
+--------------------------
+The PEM library.
+
+The pem library only really uses one type of callback,
+static int def_callback(char *buf, int num, int verify);
+which is used to return a password string if required.
+'buf' is the buffer to put the string in.  'num' is the size of 'buf'
+and 'verify' is used to indicate that the password should be checked.
+This last flag is mostly used when reading a password for encryption.
+
+For all of these functions, a NULL callback will call the above mentioned
+default callback.  This default function does not work under Windows 3.1.
+For other machines, it will use an application defined prompt string
+(EVP_set_pw_prompt(), which defines a library wide prompt string)
+if defined, otherwise it will use it's own PEM password prompt.
+It will then call EVP_read_pw_string() to get a password from the console.
+If your application wishes to use nice fancy windows to retrieve passwords,
+replace this function.  The callback should return the number of bytes read
+into 'buf'.  If the number of bytes <= 0, it is considered an error.
+
+Functions that take this callback are listed below.  For the 'read' type
+functions, the callback will only be required if the PEM data is encrypted.
+
+For the Write functions, normally a password can be passed in 'kstr', of
+'klen' bytes which will be used if the 'enc' cipher is not NULL.  If
+'kstr' is NULL, the callback will be used to retrieve a password.
+
+int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len,
+	int (*callback)());
+char *PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *bp,char **x,int (*cb)());
+char *PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x,int (*cb)());
+int PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *bp,char *x,
+	EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
+int PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x,
+	EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)());
+STACK *PEM_X509_INFO_read(FILE *fp, STACK *sk, int (*cb)());
+STACK *PEM_X509_INFO_read_bio(BIO *fp, STACK *sk, int (*cb)());
+
+#define	PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb)
+#define	PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb)
+#define	PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb)
+#define	PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb)
+#define	PEM_read_SSL_SESSION(fp,x,cb)
+#define	PEM_read_X509(fp,x,cb)
+#define	PEM_read_X509_REQ(fp,x,cb)
+#define	PEM_read_X509_CRL(fp,x,cb)
+#define	PEM_read_RSAPrivateKey(fp,x,cb)
+#define	PEM_read_DSAPrivateKey(fp,x,cb)
+#define	PEM_read_PrivateKey(fp,x,cb)
+#define	PEM_read_PKCS7(fp,x,cb)
+#define	PEM_read_DHparams(fp,x,cb)
+#define	PEM_read_bio_SSL_SESSION(bp,x,cb)
+#define	PEM_read_bio_X509(bp,x,cb)
+#define	PEM_read_bio_X509_REQ(bp,x,cb)
+#define	PEM_read_bio_X509_CRL(bp,x,cb)
+#define	PEM_read_bio_RSAPrivateKey(bp,x,cb)
+#define	PEM_read_bio_DSAPrivateKey(bp,x,cb)
+#define	PEM_read_bio_PrivateKey(bp,x,cb)
+#define	PEM_read_bio_PKCS7(bp,x,cb)
+#define	PEM_read_bio_DHparams(bp,x,cb)
+int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)());
+RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)());
+
+Now you will notice that macros like
+#define PEM_write_X509(fp,x) \
+                PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \
+		                        (char *)x, NULL,NULL,0,NULL)
+Don't do encryption normally.  If you want to PEM encrypt your X509 structure,
+either just call PEM_ASN1_write directly or just define you own
+macro variant.  As you can see, this macro just sets all encryption related
+parameters to NULL.
+
+
+--------------------------
+The SSL library.
+
+#define SSL_set_info_callback(ssl,cb)
+#define SSL_CTX_set_info_callback(ctx,cb)
+void callback(SSL *ssl,int location,int ret)
+This callback is called each time around the SSL_connect()/SSL_accept() 
+state machine.  So it will be called each time the SSL protocol progresses.
+It is mostly present for use when debugging.  When SSL_connect() or
+SSL_accept() return, the location flag is SSL_CB_ACCEPT_EXIT or
+SSL_CB_CONNECT_EXIT and 'ret' is the value about to be returned.
+Have a look at the SSL_CB_* defines in ssl.h.  If an info callback is defined
+against the SSL_CTX, it is called unless there is one set against the SSL.
+Have a look at
+void client_info_callback() in apps/s_client() for an example.
+
+Certificate verification.
+void SSL_set_verify(SSL *s, int mode, int (*callback) ());
+void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*callback)());
+This callback is used to help verify client and server X509 certificates.
+It is actually passed to X509_cert_verify(), along with the SSL structure
+so you have to read about X509_cert_verify() :-).  The SSL_CTX version is used
+if the SSL version is not defined.  X509_cert_verify() is the function used
+by the SSL part of the library to verify certificates.  This function is
+nearly always defined by the application.
+
+void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(),char *arg);
+int callback(char *arg,SSL *s,X509 *xs,STACK *cert_chain);
+This call is used to replace the SSLeay certificate verification code.
+The 'arg' is kept in the SSL_CTX and is passed to the callback.
+If the callback returns 0, the certificate is rejected, otherwise it
+is accepted.  The callback is replacing the X509_cert_verify() call.
+This feature is not often used, but if you wished to implement
+some totally different certificate authentication system, this 'hook' is
+vital.
+
+SSLeay keeps a cache of session-ids against each SSL_CTX.  These callbacks can
+be used to notify the application when a SSL_SESSION is added to the cache
+or to retrieve a SSL_SESSION that is not in the cache from the application.
+#define SSL_CTX_sess_set_get_cb(ctx,cb)
+SSL_SESSION *callback(SSL *s,char *session_id,int session_id_len,int *copy);
+If defined, this callback is called to return the SESSION_ID for the
+session-id in 'session_id', of 'session_id_len' bytes.  'copy' is set to 1
+if the server is to 'take a copy' of the SSL_SESSION structure.  It is 0
+if the SSL_SESSION is being 'passed in' so the SSLeay library is now
+responsible for 'free()ing' the structure.  Basically it is used to indicate
+if the reference count on the SSL_SESSION structure needs to be incremented.
+
+#define SSL_CTX_sess_set_new_cb(ctx,cb)
+int callback(SSL *s, SSL_SESSION *sess);
+When a new connection is established, if the SSL_SESSION is going to be added
+to the cache, this callback is called.  Return 1 if a 'copy' is required,
+otherwise, return 0.  This return value just causes the reference count
+to be incremented (on return of a 1), this means the application does
+not need to worry about incrementing the refernece count (and the
+locking that implies in a multi-threaded application).
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx,int (*cb)());
+This sets the SSL password reading function.
+It is mostly used for windowing applications
+and used by PEM_read_bio_X509() and PEM_read_bio_RSAPrivateKey()
+calls inside the SSL library.   The only reason this is present is because the
+calls to PEM_* functions is hidden in the SSLeay library so you have to
+pass in the callback some how.
+
+#define SSL_CTX_set_client_cert_cb(ctx,cb)
+int callback(SSL *s,X509 **x509, EVP_PKEY **pkey);
+Called when a client certificate is requested but there is not one set
+against the SSL_CTX or the SSL.  If the callback returns 1, x509 and
+pkey need to point to valid data.  The library will free these when
+required so if the application wants to keep these around, increment
+their reference counts.  If 0 is returned, no client cert is
+available.  If -1 is returned, it is assumed that the callback needs
+to be called again at a later point in time.  SSL_connect will return
+-1 and SSL_want_x509_lookup(ssl) returns true.  Remember that
+application data can be attached to an SSL structure via the
+SSL_set_app_data(SSL *ssl,char *data) call.
+
+--------------------------
+The X509 library.
+
+int X509_cert_verify(CERTIFICATE_CTX *ctx,X509 *xs, int (*cb)(),
+	int *error,char *arg,STACK *cert_chain);
+int verify_callback(int ok,X509 *xs,X509 *xi,int depth,int error,char *arg,
+	STACK *cert_chain);
+
+X509_cert_verify() is used to authenticate X509 certificates.  The 'ctx' holds
+the details of the various caches and files used to locate certificates.
+'xs' is the certificate to verify and 'cb' is the application callback (more
+detail later).  'error' will be set to the error code and 'arg' is passed
+to the 'cb' callback.  Look at the VERIFY_* defines in crypto/x509/x509.h
+
+When ever X509_cert_verify() makes a 'negative' decision about a
+certitificate, the callback is called.  If everything checks out, the
+callback is called with 'VERIFY_OK' or 'VERIFY_ROOT_OK' (for a self
+signed cert that is not the passed certificate).
+
+The callback is passed the X509_cert_verify opinion of the certificate 
+in 'ok', the certificate in 'xs', the issuer certificate in 'xi',
+the 'depth' of the certificate in the verification 'chain', the
+VERIFY_* code in 'error' and the argument passed to X509_cert_verify()
+in 'arg'. cert_chain is a list of extra certs to use if they are not
+in the cache.
+
+The callback can be used to look at the error reason, and then return 0
+for an 'error' or '1' for ok.  This will override the X509_cert_verify()
+opinion of the certificates validity.  Processing will continue depending on
+the return value.  If one just wishes to use the callback for informational
+reason, just return the 'ok' parameter.
+
+--------------------------
+The BN and DH library.
+
+BIGNUM *BN_generate_prime(int bits,int strong,BIGNUM *add,
+	BIGNUM *rem,void (*callback)(int,int));
+int BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(int,int),
+
+Read doc/bn.doc for the description of these 2.
+
+DH *DH_generate_parameters(int prime_len,int generator,
+	void (*callback)(int,int));
+Read doc/bn.doc for the description of the callback, since it is just passed
+to BN_generate_prime(), except that it is also called as
+callback(3,0) by this function.
+
+--------------------------
+The CRYPTO library.
+
+void CRYPTO_set_locking_callback(void (*func)(int mode,int type,char *file,
+	int line));
+void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,
+	int type,char *file, int line));
+void CRYPTO_set_id_callback(unsigned long (*func)(void));
+
+Read threads.doc for info on these ones.
+
+
+==== cipher.doc ========================================================
+
+The Cipher subroutines.
+
+These routines require "evp.h" to be included.
+
+These functions are a higher level interface to the various cipher
+routines found in this library.  As such, they allow the same code to be
+used to encrypt and decrypt via different ciphers with only a change
+in an initial parameter.  These routines also provide buffering for block
+ciphers.
+
+These routines all take a pointer to the following structure to specify
+which cipher to use.  If you wish to use a new cipher with these routines,
+you would probably be best off looking an how an existing cipher is
+implemented and copying it.  At this point in time, I'm not going to go
+into many details.  This structure should be considered opaque
+
+typedef struct pem_cipher_st
+	{
+	int type;
+	int block_size;
+	int key_len;
+	int iv_len;
+	void (*enc_init)();	/* init for encryption */
+	void (*dec_init)();	/* init for decryption */
+	void (*do_cipher)();	/* encrypt data */
+	} EVP_CIPHER;
+	
+The type field is the object NID of the cipher type
+(read the section on Objects for an explanation of what a NID is).
+The cipher block_size is how many bytes need to be passed
+to the cipher at a time.  Key_len is the
+length of the key the cipher requires and iv_len is the length of the
+initialisation vector required.  enc_init is the function
+called to initialise the ciphers context for encryption and dec_init is the
+function to initialise for decryption (they need to be different, especially
+for the IDEA cipher).
+
+One reason for specifying the Cipher via a pointer to a structure
+is that if you only use des-cbc, only the des-cbc routines will
+be included when you link the program.  If you passed an integer
+that specified which cipher to use, the routine that mapped that
+integer to a set of cipher functions would cause all the ciphers
+to be link into the code.  This setup also allows new ciphers
+to be added by the application (with some restrictions).
+
+The thirteen ciphers currently defined in this library are
+
+EVP_CIPHER *EVP_des_ecb();     /* DES in ecb mode,     iv=0, block=8, key= 8 */
+EVP_CIPHER *EVP_des_ede();     /* DES in ecb ede mode, iv=0, block=8, key=16 */
+EVP_CIPHER *EVP_des_ede3();    /* DES in ecb ede mode, iv=0, block=8, key=24 */
+EVP_CIPHER *EVP_des_cfb();     /* DES in cfb mode,     iv=8, block=1, key= 8 */
+EVP_CIPHER *EVP_des_ede_cfb(); /* DES in ede cfb mode, iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_des_ede3_cfb();/* DES in ede cfb mode, iv=8, block=1, key=24 */
+EVP_CIPHER *EVP_des_ofb();     /* DES in ofb mode,     iv=8, block=1, key= 8 */
+EVP_CIPHER *EVP_des_ede_ofb(); /* DES in ede ofb mode, iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_des_ede3_ofb();/* DES in ede ofb mode, iv=8, block=1, key=24 */
+EVP_CIPHER *EVP_des_cbc();     /* DES in cbc mode,     iv=8, block=8, key= 8 */
+EVP_CIPHER *EVP_des_ede_cbc(); /* DES in cbc ede mode, iv=8, block=8, key=16 */
+EVP_CIPHER *EVP_des_ede3_cbc();/* DES in cbc ede mode, iv=8, block=8, key=24 */
+EVP_CIPHER *EVP_desx_cbc();    /* DES in desx cbc mode,iv=8, block=8, key=24 */
+EVP_CIPHER *EVP_rc4();         /* RC4,                 iv=0, block=1, key=16 */
+EVP_CIPHER *EVP_idea_ecb();    /* IDEA in ecb mode,    iv=0, block=8, key=16 */
+EVP_CIPHER *EVP_idea_cfb();    /* IDEA in cfb mode,    iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_idea_ofb();    /* IDEA in ofb mode,    iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_idea_cbc();    /* IDEA in cbc mode,    iv=8, block=8, key=16 */
+EVP_CIPHER *EVP_rc2_ecb();     /* RC2 in ecb mode,     iv=0, block=8, key=16 */
+EVP_CIPHER *EVP_rc2_cfb();     /* RC2 in cfb mode,     iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_rc2_ofb();     /* RC2 in ofb mode,     iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_rc2_cbc();     /* RC2 in cbc mode,     iv=8, block=8, key=16 */
+EVP_CIPHER *EVP_bf_ecb();      /* Blowfish in ecb mode,iv=0, block=8, key=16 */
+EVP_CIPHER *EVP_bf_cfb();      /* Blowfish in cfb mode,iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_bf_ofb();      /* Blowfish in ofb mode,iv=8, block=1, key=16 */
+EVP_CIPHER *EVP_bf_cbc();      /* Blowfish in cbc mode,iv=8, block=8, key=16 */
+
+The meaning of the compound names is as follows.
+des	The base cipher is DES.
+idea	The base cipher is IDEA
+rc4	The base cipher is RC4-128
+rc2	The base cipher is RC2-128
+ecb	Electronic Code Book form of the cipher.
+cbc	Cipher Block Chaining form of the cipher.
+cfb	64 bit Cipher Feedback form of the cipher.
+ofb	64 bit Output Feedback form of the cipher.
+ede	The cipher is used in Encrypt, Decrypt, Encrypt mode.  The first
+	and last keys are the same.
+ede3	The cipher is used in Encrypt, Decrypt, Encrypt mode.
+
+All the Cipher routines take a EVP_CIPHER_CTX pointer as an argument.
+The state of the cipher is kept in this structure.
+
+typedef struct EVP_CIPHER_Ctx_st
+	{
+	EVP_CIPHER *cipher;
+	int encrypt;		/* encrypt or decrypt */
+	int buf_len;		/* number we have left */
+	unsigned char buf[8];
+	union	{
+		.... /* cipher specific stuff */
+		} c;
+	} EVP_CIPHER_CTX;
+
+Cipher is a pointer the the EVP_CIPHER for the current context.  The encrypt
+flag indicates encryption or decryption.  buf_len is the number of bytes
+currently being held in buf.
+The 'c' union holds the cipher specify context.
+
+The following functions are to be used.
+
+int EVP_read_pw_string(
+char *buf,
+int len,
+char *prompt,
+int verify,
+	This function is the same as des_read_pw_string() (des.doc).
+
+void EVP_set_pw_prompt(char *prompt);
+	This function sets the 'default' prompt to use to use in
+	EVP_read_pw_string when the prompt parameter is NULL.  If the
+	prompt parameter is NULL, this 'default prompt' feature is turned
+	off.  Be warned, this is a global variable so weird things
+	will happen if it is used under Win16 and care must be taken
+	with a multi-threaded version of the library.
+
+char *EVP_get_pw_prompt();
+	This returns a pointer to the default prompt string.  NULL
+	if it is not set.
+
+int EVP_BytesToKey(
+EVP_CIPHER *type,
+EVP_MD *md,
+unsigned char *salt,
+unsigned char *data,
+int datal,
+int count,
+unsigned char *key,
+unsigned char *iv);
+	This function is used to generate a key and an initialisation vector
+	for a specified cipher from a key string and a salt.  Type
+	specifies the cipher the 'key' is being generated for.  Md is the
+	message digest algorithm to use to generate the key and iv.  The salt
+	is an optional 8 byte object that is used to help seed the key
+	generator.
+	If the salt value is NULL, it is just not used.  Datal is the
+	number of bytes to use from 'data' in the key generation.  
+	This function returns the key size for the specified cipher, if
+	data is NULL, this value is returns and no other
+	computation is performed.  Count is
+	the number of times to loop around the key generator.  I would
+	suggest leaving it's value as 1.  Key and iv are the structures to
+	place the returning iv and key in.  If they are NULL, no value is
+	generated for that particular value.
+	The algorithm used is as follows
+	
+	/* M[] is an array of message digests
+	 * MD() is the message digest function */
+	M[0]=MD(data . salt);
+	for (i=1; i<count; i++) M[0]=MD(M[0]);
+
+	i=1
+	while (data still needed for key and iv)
+		{
+		M[i]=MD(M[i-1] . data . salt);
+		for (i=1; i<count; i++) M[i]=MD(M[i]);
+		i++;
+		}
+
+	If the salt is NULL, it is not used.
+	The digests are concatenated together.
+	M = M[0] . M[1] . M[2] .......
+
+	For key= 8, iv=8 => key=M[0.. 8], iv=M[ 9 .. 16].
+	For key=16, iv=0 => key=M[0..16].
+	For key=16, iv=8 => key=M[0..16], iv=M[17 .. 24].
+	For key=24, iv=8 => key=M[0..24], iv=M[25 .. 32].
+
+	This routine will produce DES-CBC keys and iv that are compatible
+	with the PKCS-5 standard when md2 or md5 are used.  If md5 is
+	used, the salt is NULL and count is 1, this routine will produce
+	the password to key mapping normally used with RC4.
+	I have attempted to logically extend the PKCS-5 standard to
+	generate keys and iv for ciphers that require more than 16 bytes,
+	if anyone knows what the correct standard is, please inform me.
+	When using sha or sha1, things are a bit different under this scheme,
+	since sha produces a 20 byte digest.  So for ciphers requiring
+	24 bits of data, 20 will come from the first MD and 4 will
+	come from the second.
+
+	I have considered having a separate function so this 'routine'
+	can be used without the requirement of passing a EVP_CIPHER *,
+	but I have decided to not bother.  If you wish to use the
+	function without official EVP_CIPHER structures, just declare
+	a local one and set the key_len and iv_len fields to the
+	length you desire.
+
+The following routines perform encryption and decryption 'by parts'.  By
+this I mean that there are groups of 3 routines.  An Init function that is
+used to specify a cipher and initialise data structures.  An Update routine
+that does encryption/decryption, one 'chunk' at a time.  And finally a
+'Final' function that finishes the encryption/decryption process.
+All these functions take a EVP_CIPHER pointer to specify which cipher to
+encrypt/decrypt with.  They also take a EVP_CIPHER_CTX object as an
+argument.  This structure is used to hold the state information associated
+with the operation in progress.
+
+void EVP_EncryptInit(
+EVP_CIPHER_CTX *ctx,
+EVP_CIPHER *type,
+unsigned char *key,
+unsigned char *iv);
+	This function initialise a EVP_CIPHER_CTX for encryption using the
+	cipher passed in the 'type' field.  The cipher is initialised to use
+	'key' as the key and 'iv' for the initialisation vector (if one is
+	required).  If the type, key or iv is NULL, the value currently in the
+	EVP_CIPHER_CTX is reused.  So to perform several decrypt
+	using the same cipher, key and iv, initialise with the cipher,
+	key and iv the first time and then for subsequent calls,
+	reuse 'ctx' but pass NULL for type, key and iv.  You must make sure
+	to pass a key that is large enough for a particular cipher.  I
+	would suggest using the EVP_BytesToKey() function.
+
+void EVP_EncryptUpdate(
+EVP_CIPHER_CTX *ctx,
+unsigned char *out,
+int *outl,
+unsigned char *in,
+int inl);
+	This function takes 'inl' bytes from 'in' and outputs bytes
+	encrypted by the cipher 'ctx' was initialised with into 'out'.  The
+	number of bytes written to 'out' is put into outl.  If a particular
+	cipher encrypts in blocks, less or more bytes than input may be
+	output.  Currently the largest block size used by supported ciphers
+	is 8 bytes, so 'out' should have room for 'inl+7' bytes.  Normally
+	EVP_EncryptInit() is called once, followed by lots and lots of
+	calls to EVP_EncryptUpdate, followed by a single EVP_EncryptFinal
+	call.
+
+void EVP_EncryptFinal(
+EVP_CIPHER_CTX *ctx,
+unsigned char *out,
+int *outl);
+	Because quite a large number of ciphers are block ciphers, there is
+	often an incomplete block to write out at the end of the
+	encryption.  EVP_EncryptFinal() performs processing on this last
+	block.  The last block in encoded in such a way that it is possible
+	to determine how many bytes in the last block are valid.  For 8 byte
+	block size ciphers, if only 5 bytes in the last block are valid, the
+	last three bytes will be filled with the value 3.  If only 2 were
+	valid, the other 6 would be filled with sixes.  If all 8 bytes are
+	valid, a extra 8 bytes are appended to the cipher stream containing
+	nothing but 8 eights.  These last bytes are output into 'out' and
+	the number of bytes written is put into 'outl'  These last bytes
+	are output into 'out' and the number of bytes written is put into
+	'outl'.  This form of block cipher finalisation is compatible with
+	PKCS-5.  Please remember that even if you are using ciphers like
+	RC4 that has no blocking and so the function will not write
+	anything into 'out', it would still be a good idea to pass a
+	variable for 'out' that can hold 8 bytes just in case the cipher is
+	changed some time in the future.  It should also be remembered
+	that the EVP_CIPHER_CTX contains the password and so when one has
+	finished encryption with a particular EVP_CIPHER_CTX, it is good
+	practice to zero the structure 
+	(ie. memset(ctx,0,sizeof(EVP_CIPHER_CTX)).
+	
+void EVP_DecryptInit(
+EVP_CIPHER_CTX *ctx,
+EVP_CIPHER *type,
+unsigned char *key,
+unsigned char *iv);
+	This function is basically the same as EVP_EncryptInit() accept that
+	is prepares the EVP_CIPHER_CTX for decryption.
+
+void EVP_DecryptUpdate(
+EVP_CIPHER_CTX *ctx,
+unsigned char *out,
+int *outl,
+unsigned char *in,
+int inl);
+	This function is basically the same as EVP_EncryptUpdate()
+	except that it performs decryption.  There is one
+	fundamental difference though.  'out' can not be the same as
+	'in' for any ciphers with a block size greater than 1 if more
+	than one call to EVP_DecryptUpdate() will be made.  This
+	is because this routine can hold a 'partial' block between
+	calls.  When a partial block is decrypted (due to more bytes
+	being passed via this function, they will be written to 'out'
+	overwriting the input bytes in 'in' that have not been read
+	yet.  From this it should also be noted that 'out' should
+	be at least one 'block size' larger than 'inl'.  This problem
+	only occurs on the second and subsequent call to
+	EVP_DecryptUpdate() when using a block cipher.
+
+int EVP_DecryptFinal(
+EVP_CIPHER_CTX *ctx,
+unsigned char *out,
+int *outl);
+	This function is different to EVP_EncryptFinal in that it 'removes'
+	any padding bytes appended when the data was encrypted.  Due to the
+	way in which 1 to 8 bytes may have been appended when encryption
+	using a block cipher, 'out' can end up with 0 to 7 bytes being put
+	into it.  When decoding the padding bytes, it is possible to detect
+	an incorrect decryption.  If the decryption appears to be wrong, 0
+	is returned.  If everything seems ok, 1 is returned.  For ciphers
+	with a block size of 1 (RC4), this function would normally not
+	return any bytes and would always return 1.  Just because this
+	function returns 1 does not mean the decryption was correct. It
+	would normally be wrong due to either the wrong key/iv or
+	corruption of the cipher data fed to EVP_DecryptUpdate().
+	As for EVP_EncryptFinal, it is a good idea to zero the
+	EVP_CIPHER_CTX after use since the structure contains the key used
+	to decrypt the data.
+	
+The following Cipher routines are convenience routines that call either
+EVP_EncryptXxx or EVP_DecryptXxx depending on weather the EVP_CIPHER_CTX
+was setup to encrypt or decrypt.  
+
+void EVP_CipherInit(
+EVP_CIPHER_CTX *ctx,
+EVP_CIPHER *type,
+unsigned char *key,
+unsigned char *iv,
+int enc);
+	This function take arguments that are the same as EVP_EncryptInit()
+	and EVP_DecryptInit() except for the extra 'enc' flag.  If 1, the
+	EVP_CIPHER_CTX is setup for encryption, if 0, decryption.
+
+void EVP_CipherUpdate(
+EVP_CIPHER_CTX *ctx,
+unsigned char *out,
+int *outl,
+unsigned char *in,
+int inl);
+	Again this function calls either EVP_EncryptUpdate() or
+	EVP_DecryptUpdate() depending on state in the 'ctx' structure.
+	As noted for EVP_DecryptUpdate(), when this routine is used
+	for decryption with block ciphers, 'out' should not be the
+	same as 'in'.
+
+int EVP_CipherFinal(
+EVP_CIPHER_CTX *ctx,
+unsigned char *outm,
+int *outl);
+	This routine call EVP_EncryptFinal() or EVP_DecryptFinal()
+	depending on the state information in 'ctx'.  1 is always returned
+	if the mode is encryption, otherwise the return value is the return
+	value of EVP_DecryptFinal().
+
+==== cipher.m ========================================================
+
+Date: Tue, 15 Oct 1996 08:16:14 +1000 (EST)
+From: Eric Young <eay@mincom.com>
+X-Sender: eay@orb
+To: Roland Haring <rharing@tandem.cl>
+Cc: ssl-users@mincom.com
+Subject: Re: Symmetric encryption with ssleay
+In-Reply-To: <m0vBpyq-00001aC@tandemnet.tandem.cl>
+Message-Id: <Pine.SOL.3.91.961015075623.11394A-100000@orb>
+Mime-Version: 1.0
+Content-Type: TEXT/PLAIN; charset=US-ASCII
+Sender: ssl-lists-owner@mincom.com
+Precedence: bulk
+Status: RO
+X-Status: 
+
+On Fri, 11 Oct 1996, Roland Haring wrote:
+> THE_POINT:
+> 	Would somebody be so kind to give me the minimum basic 
+> 	calls I need to do to libcrypto.a to get some text encrypted
+> 	and decrypted again? ...hopefully with code included to do
+> 	base64 encryption and decryption ... e.g. that sign-it.c code
+> 	posted some while ago was a big help :-) (please, do not point
+> 	me to apps/enc.c where I suspect my Heissenbug to be hidden :-)
+
+Ok, the base64 encoding stuff in 'enc.c' does the wrong thing sometimes 
+when the data is less than a line long (this is for decoding).  I'll dig 
+up the exact fix today and post it.  I am taking longer on 0.6.5 than I 
+intended so I'll just post this patch.
+
+The documentation to read is in
+doc/cipher.doc,
+doc/encode.doc (very sparse :-).
+and perhaps
+doc/digest.doc,
+
+The basic calls to encrypt with say triple DES are
+
+Given
+char key[EVP_MAX_KEY_LENGTH];
+char iv[EVP_MAX_IV_LENGTH];
+EVP_CIPHER_CTX ctx;
+unsigned char out[512+8];
+int outl;
+
+/* optional generation of key/iv data from text password using md5
+ * via an upward compatable verson of PKCS#5. */
+EVP_BytesToKey(EVP_des_ede3_cbc,EVP_md5,NULL,passwd,strlen(passwd),
+	key,iv);
+
+/* Initalise the EVP_CIPHER_CTX */
+EVP_EncryptInit(ctx,EVP_des_ede3_cbc,key,iv);
+
+while (....)
+	{
+	/* This is processing 512 bytes at a time, the bytes are being
+	 * copied into 'out', outl bytes are output.  'out' should not be the
+	 * same as 'in' for reasons mentioned in the documentation. */
+	EVP_EncryptUpdate(ctx,out,&outl,in,512);
+	}
+
+/* Output the last 'block'.  If the cipher is a block cipher, the last
+ * block is encoded in such a way so that a wrong decryption will normally be
+ * detected - again, one of the PKCS standards. */
+
+EVP_EncryptFinal(ctx,out,&outl);
+
+To decrypt, use the EVP_DecryptXXXXX functions except that EVP_DecryptFinal()
+will return 0 if the decryption fails (only detectable on block ciphers).
+
+You can also use
+EVP_CipherInit()
+EVP_CipherUpdate()
+EVP_CipherFinal()
+which does either encryption or decryption depending on an extra 
+parameter to EVP_CipherInit().
+
+
+To do the base64 encoding,
+EVP_EncodeInit()
+EVP_EncodeUpdate()
+EVP_EncodeFinal()
+
+EVP_DecodeInit()
+EVP_DecodeUpdate()
+EVP_DecodeFinal()
+
+where the encoding is quite simple, but the decoding can be a bit more 
+fun (due to dud input).
+
+EVP_DecodeUpdate() returns -1 for an error on an input line, 0 if the 
+'last line' was just processed, and 1 if more lines should be submitted.
+
+EVP_DecodeFinal() returns -1 for an error or 1 if things are ok.
+
+So the loop becomes
+EVP_DecodeInit(....)
+for (;;)
+	{
+	i=EVP_DecodeUpdate(....);
+	if (i < 0) goto err;
+
+	/* process the data */
+
+	if (i == 0) break;
+	}
+EVP_DecodeFinal(....);
+/* process the data */
+
+The problem in 'enc.c' is that I was stuff the processing up after the 
+EVP_DecodeFinal(...) when the for(..) loop was not being run (one line of 
+base64 data) and this was because 'enc.c' tries to scan over a file until
+it hits the first valid base64 encoded line.
+
+hope this helps a bit.
+eric
+--
+Eric Young                  | BOOL is tri-state according to Bill Gates.
+AARNet: eay@mincom.oz.au    | RTFM Win32 GetMessage().
+
+==== conf.doc ========================================================
+
+The CONF library.
+
+The CONF library is a simple set of routines that can be used to configure
+programs.  It is a superset of the genenv() function with some extra
+structure.
+
+The library consists of 5 functions.
+
+LHASH *CONF_load(LHASH *config,char *file);
+This function is called to load in a configuration file.  Multiple
+configuration files can be loaded, with each subsequent 'load' overwriting
+any already defined 'variables'.  If there is an error, NULL is returned.
+If config is NULL, a new LHASH structure is created and returned, otherwise
+the new data in the 'file' is loaded into the 'config' structure.
+
+void CONF_free(LHASH *config);
+This function free()s the data in config.
+
+char *CONF_get_string(LHASH *config,char *section,char *name);
+This function returns the string found in 'config' that corresponds to the
+'section' and 'name' specified.  Classes and the naming system used will be
+discussed later in this document.  If the variable is not defined, an NULL
+is returned.
+
+long CONF_get_long(LHASH *config,char *section, char *name);
+This function is the same as CONF_get_string() except that it converts the
+string to an long and returns it.  If variable is not a number or the
+variable does not exist, 0 is returned.  This is a little problematic but I
+don't know of a simple way around it.
+
+STACK *CONF_get_section(LHASH *config, char *section);
+This function returns a 'stack' of CONF_VALUE items that are all the
+items defined in a particular section.  DO NOT free() any of the
+variable returned.  They will disappear when CONF_free() is called.
+
+The 'lookup' model.
+The configuration file is divided into 'sections'.  Each section is started by
+a line of the form '[ section ]'.  All subsequent variable definitions are
+of this section.  A variable definition is a simple alpha-numeric name
+followed by an '=' and then the data.  A section or variable name can be
+described by a regular expression of the following form '[A-Za-z0-9_]+'.
+The value of the variable is the text after the '=' until the end of the
+line, stripped of leading and trailing white space.
+At this point I should mention that a '#' is a comment character, \ is the
+escape character, and all three types of quote can be used to stop any
+special interpretation of the data.
+Now when the data is being loaded, variable expansion can occur.  This is
+done by expanding any $NAME sequences into the value represented by the
+variable NAME.  If the variable is not in the current section, the different
+section can be specified by using the $SECTION::NAME form.  The ${NAME} form
+also works and is very useful for expanding variables inside strings.
+
+When a variable is looked up, there are 2 special section. 'default', which
+is the initial section, and 'ENV' which is the processes environment
+variables (accessed via getenv()).  When a variable is looked up, it is
+first 'matched' with it's section (if one was specified), if this fails, the
+'default' section is matched.
+If the 'lhash' variable passed was NULL, the environment is searched.
+
+Now why do we bother with sections?  So we can have multiple programs using
+the same configuration file, or multiple instances of the same program
+using different variables.  It also provides a nice mechanism to override
+the processes environment variables (eg ENV::HOME=/tmp).  If there is a
+program specific variable missing, we can have default values.
+Multiple configuration files can be loaded, with each new value clearing
+any predefined values.  A system config file can provide 'default' values,
+and application/usr specific files can provide overriding values.
+
+Examples
+
+# This is a simple example
+SSLEAY_HOME	= /usr/local/ssl
+ENV::PATH	= $SSLEAY_HOME/bin:$PATH	# override my path
+
+[X509]
+cert_dir	= $SSLEAY_HOME/certs	# /usr/local/ssl/certs
+
+[SSL]
+CIPHER		= DES-EDE-MD5:RC4-MD5
+USER_CERT	= $HOME/${USER}di'r 5'	# /home/eay/eaydir 5
+USER_CERT	= $HOME/\${USER}di\'r	# /home/eay/${USER}di'r
+USER_CERT	= "$HOME/${US"ER}di\'r	# $HOME/${USER}di'r
+
+TEST		= 1234\
+5678\
+9ab					# TEST=123456789ab
+TTT		= 1234\n\n		# TTT=1234<nl><nl>
+
+
+
+==== des.doc ========================================================
+
+The DES library.
+
+Please note that this library was originally written to operate with
+eBones, a version of Kerberos that had had encryption removed when it left
+the USA and then put back in.  As such there are some routines that I will
+advise not using but they are still in the library for historical reasons.
+For all calls that have an 'input' and 'output' variables, they can be the
+same.
+
+This library requires the inclusion of 'des.h'.
+
+All of the encryption functions take what is called a des_key_schedule as an 
+argument.  A des_key_schedule is an expanded form of the des key.
+A des_key is 8 bytes of odd parity, the type used to hold the key is a
+des_cblock.  A des_cblock is an array of 8 bytes, often in this library
+description I will refer to input bytes when the function specifies
+des_cblock's as input or output, this just means that the variable should
+be a multiple of 8 bytes.
+
+The define DES_ENCRYPT is passed to specify encryption, DES_DECRYPT to
+specify decryption.  The functions and global variable are as follows:
+
+int des_check_key;
+	DES keys are supposed to be odd parity.  If this variable is set to
+	a non-zero value, des_set_key() will check that the key has odd
+	parity and is not one of the known weak DES keys.  By default this
+	variable is turned off;
+	
+void des_set_odd_parity(
+des_cblock *key );
+	This function takes a DES key (8 bytes) and sets the parity to odd.
+	
+int des_is_weak_key(
+des_cblock *key );
+	This function returns a non-zero value if the DES key passed is a
+	weak, DES key.  If it is a weak key, don't use it, try a different
+	one.  If you are using 'random' keys, the chances of hitting a weak
+	key are 1/2^52 so it is probably not worth checking for them.
+	
+int des_set_key(
+des_cblock *key,
+des_key_schedule schedule);
+	Des_set_key converts an 8 byte DES key into a des_key_schedule.
+	A des_key_schedule is an expanded form of the key which is used to
+	perform actual encryption.  It can be regenerated from the DES key
+	so it only needs to be kept when encryption or decryption is about
+	to occur.  Don't save or pass around des_key_schedule's since they
+	are CPU architecture dependent, DES keys are not.  If des_check_key
+	is non zero, zero is returned if the key has the wrong parity or
+	the key is a weak key, else 1 is returned.
+	
+int des_key_sched(
+des_cblock *key,
+des_key_schedule schedule);
+	An alternative name for des_set_key().
+
+int des_rw_mode;		/* defaults to DES_PCBC_MODE */
+	This flag holds either DES_CBC_MODE or DES_PCBC_MODE (default).
+	This specifies the function to use in the enc_read() and enc_write()
+	functions.
+
+void des_encrypt(
+unsigned long *data,
+des_key_schedule ks,
+int enc);
+	This is the DES encryption function that gets called by just about
+	every other DES routine in the library.  You should not use this
+	function except to implement 'modes' of DES.  I say this because the
+	functions that call this routine do the conversion from 'char *' to
+	long, and this needs to be done to make sure 'non-aligned' memory
+	access do not occur.  The characters are loaded 'little endian',
+	have a look at my source code for more details on how I use this
+	function.
+	Data is a pointer to 2 unsigned long's and ks is the
+	des_key_schedule to use.  enc, is non zero specifies encryption,
+	zero if decryption.
+
+void des_encrypt2(
+unsigned long *data,
+des_key_schedule ks,
+int enc);
+	This functions is the same as des_encrypt() except that the DES
+	initial permutation (IP) and final permutation (FP) have been left
+	out.  As for des_encrypt(), you should not use this function.
+	It is used by the routines in my library that implement triple DES.
+	IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same
+	as des_encrypt() des_encrypt() des_encrypt() except faster :-).
+
+void des_ecb_encrypt(
+des_cblock *input,
+des_cblock *output,
+des_key_schedule ks,
+int enc);
+	This is the basic Electronic Code Book form of DES, the most basic
+	form.  Input is encrypted into output using the key represented by
+	ks.  If enc is non zero (DES_ENCRYPT), encryption occurs, otherwise
+	decryption occurs.  Input is 8 bytes long and output is 8 bytes.
+	(the des_cblock structure is 8 chars).
+	
+void des_ecb3_encrypt(
+des_cblock *input,
+des_cblock *output,
+des_key_schedule ks1,
+des_key_schedule ks2,
+des_key_schedule ks3,
+int enc);
+	This is the 3 key EDE mode of ECB DES.  What this means is that 
+	the 8 bytes of input is encrypted with ks1, decrypted with ks2 and
+	then encrypted again with ks3, before being put into output;
+	C=E(ks3,D(ks2,E(ks1,M))).  There is a macro, des_ecb2_encrypt()
+	that only takes 2 des_key_schedules that implements,
+	C=E(ks1,D(ks2,E(ks1,M))) in that the final encrypt is done with ks1.
+	
+void des_cbc_encrypt(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int enc);
+	This routine implements DES in Cipher Block Chaining mode.
+	Input, which should be a multiple of 8 bytes is encrypted
+	(or decrypted) to output which will also be a multiple of 8 bytes.
+	The number of bytes is in length (and from what I've said above,
+	should be a multiple of 8).  If length is not a multiple of 8, I'm
+	not being held responsible :-).  ivec is the initialisation vector.
+	This function does not modify this variable.  To correctly implement
+	cbc mode, you need to do one of 2 things; copy the last 8 bytes of
+	cipher text for use as the next ivec in your application,
+	or use des_ncbc_encrypt(). 
+	Only this routine has this problem with updating the ivec, all
+	other routines that are implementing cbc mode update ivec.
+	
+void des_ncbc_encrypt(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule sk,
+des_cblock *ivec,
+int enc);
+	For historical reasons, des_cbc_encrypt() did not update the
+	ivec with the value requires so that subsequent calls to
+	des_cbc_encrypt() would 'chain'.  This was needed so that the same
+	'length' values would not need to be used when decrypting.
+	des_ncbc_encrypt() does the right thing.  It is the same as
+	des_cbc_encrypt accept that ivec is updates with the correct value
+	to pass in subsequent calls to des_ncbc_encrypt().  I advise using
+	des_ncbc_encrypt() instead of des_cbc_encrypt();
+
+void des_xcbc_encrypt(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule sk,
+des_cblock *ivec,
+des_cblock *inw,
+des_cblock *outw,
+int enc);
+	This is RSA's DESX mode of DES.  It uses inw and outw to
+	'whiten' the encryption.  inw and outw are secret (unlike the iv)
+	and are as such, part of the key.  So the key is sort of 24 bytes.
+	This is much better than cbc des.
+	
+void des_3cbc_encrypt(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule sk1,
+des_key_schedule sk2,
+des_cblock *ivec1,
+des_cblock *ivec2,
+int enc);
+	This function is flawed, do not use it.  I have left it in the
+	library because it is used in my des(1) program and will function
+	correctly when used by des(1).  If I removed the function, people
+	could end up unable to decrypt files.
+	This routine implements outer triple cbc encryption using 2 ks and
+	2 ivec's.  Use des_ede2_cbc_encrypt() instead.
+	
+void des_ede3_cbc_encrypt(
+des_cblock *input,
+des_cblock *output, 
+long length,
+des_key_schedule ks1,
+des_key_schedule ks2, 
+des_key_schedule ks3, 
+des_cblock *ivec,
+int enc);
+	This function implements outer triple CBC DES encryption with 3
+	keys.  What this means is that each 'DES' operation
+	inside the cbc mode is really an C=E(ks3,D(ks2,E(ks1,M))).
+	Again, this is cbc mode so an ivec is requires.
+	This mode is used by SSL.
+	There is also a des_ede2_cbc_encrypt() that only uses 2
+	des_key_schedule's, the first being reused for the final
+	encryption.  C=E(ks1,D(ks2,E(ks1,M))).  This form of triple DES
+	is used by the RSAref library.
+	
+void des_pcbc_encrypt(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int enc);
+	This is Propagating Cipher Block Chaining mode of DES.  It is used
+	by Kerberos v4.  It's parameters are the same as des_ncbc_encrypt().
+	
+void des_cfb_encrypt(
+unsigned char *in,
+unsigned char *out,
+int numbits,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int enc);
+	Cipher Feedback Back mode of DES.  This implementation 'feeds back'
+	in numbit blocks.  The input (and output) is in multiples of numbits
+	bits.  numbits should to be a multiple of 8 bits.  Length is the
+	number of bytes input.  If numbits is not a multiple of 8 bits,
+	the extra bits in the bytes will be considered padding.  So if
+	numbits is 12, for each 2 input bytes, the 4 high bits of the
+	second byte will be ignored.  So to encode 72 bits when using
+	a numbits of 12 take 12 bytes.  To encode 72 bits when using
+	numbits of 9 will take 16 bytes.  To encode 80 bits when using
+	numbits of 16 will take 10 bytes. etc, etc.  This padding will
+	apply to both input and output.
+
+	
+void des_cfb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int *num,
+int enc);
+	This is one of the more useful functions in this DES library, it
+	implements CFB mode of DES with 64bit feedback.  Why is this
+	useful you ask?  Because this routine will allow you to encrypt an
+	arbitrary number of bytes, no 8 byte padding.  Each call to this
+	routine will encrypt the input bytes to output and then update ivec
+	and num.  num contains 'how far' we are though ivec.  If this does
+	not make much sense, read more about cfb mode of DES :-).
+	
+void des_ede3_cfb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks1,
+des_key_schedule ks2,
+des_key_schedule ks3,
+des_cblock *ivec,
+int *num,
+int enc);
+	Same as des_cfb64_encrypt() accept that the DES operation is
+	triple DES.  As usual, there is a macro for
+	des_ede2_cfb64_encrypt() which reuses ks1.
+
+void des_ofb_encrypt(
+unsigned char *in,
+unsigned char *out,
+int numbits,
+long length,
+des_key_schedule ks,
+des_cblock *ivec);
+	This is a implementation of Output Feed Back mode of DES.  It is
+	the same as des_cfb_encrypt() in that numbits is the size of the
+	units dealt with during input and output (in bits).
+	
+void des_ofb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int *num);
+	The same as des_cfb64_encrypt() except that it is Output Feed Back
+	mode.
+
+void des_ede3_ofb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks1,
+des_key_schedule ks2,
+des_key_schedule ks3,
+des_cblock *ivec,
+int *num);
+	Same as des_ofb64_encrypt() accept that the DES operation is
+	triple DES.  As usual, there is a macro for
+	des_ede2_ofb64_encrypt() which reuses ks1.
+
+int des_read_pw_string(
+char *buf,
+int length,
+char *prompt,
+int verify);
+	This routine is used to get a password from the terminal with echo
+	turned off.  Buf is where the string will end up and length is the
+	size of buf.  Prompt is a string presented to the 'user' and if
+	verify is set, the key is asked for twice and unless the 2 copies
+	match, an error is returned.  A return code of -1 indicates a
+	system error, 1 failure due to use interaction, and 0 is success.
+
+unsigned long des_cbc_cksum(
+des_cblock *input,
+des_cblock *output,
+long length,
+des_key_schedule ks,
+des_cblock *ivec);
+	This function produces an 8 byte checksum from input that it puts in
+	output and returns the last 4 bytes as a long.  The checksum is
+	generated via cbc mode of DES in which only the last 8 byes are
+	kept.  I would recommend not using this function but instead using
+	the EVP_Digest routines, or at least using MD5 or SHA.  This
+	function is used by Kerberos v4 so that is why it stays in the
+	library.
+	
+char *des_fcrypt(
+const char *buf,
+const char *salt
+char *ret);
+	This is my fast version of the unix crypt(3) function.  This version
+	takes only a small amount of space relative to other fast
+	crypt() implementations.  This is different to the normal crypt
+	in that the third parameter is the buffer that the return value
+	is written into.  It needs to be at least 14 bytes long.  This
+	function is thread safe, unlike the normal crypt.
+
+char *crypt(
+const char *buf,
+const char *salt);
+	This function calls des_fcrypt() with a static array passed as the
+	third parameter.  This emulates the normal non-thread safe semantics
+	of crypt(3).
+
+void des_string_to_key(
+char *str,
+des_cblock *key);
+	This function takes str and converts it into a DES key.  I would
+	recommend using MD5 instead and use the first 8 bytes of output.
+	When I wrote the first version of these routines back in 1990, MD5
+	did not exist but I feel these routines are still sound.  This
+	routines is compatible with the one in MIT's libdes.
+	
+void des_string_to_2keys(
+char *str,
+des_cblock *key1,
+des_cblock *key2);
+	This function takes str and converts it into 2 DES keys.
+	I would recommend using MD5 and using the 16 bytes as the 2 keys.
+	I have nothing against these 2 'string_to_key' routines, it's just
+	that if you say that your encryption key is generated by using the
+	16 bytes of an MD5 hash, every-one knows how you generated your
+	keys.
+
+int des_read_password(
+des_cblock *key,
+char *prompt,
+int verify);
+	This routine combines des_read_pw_string() with des_string_to_key().
+
+int des_read_2passwords(
+des_cblock *key1,
+des_cblock *key2,
+char *prompt,
+int verify);
+	This routine combines des_read_pw_string() with des_string_to_2key().
+
+void des_random_seed(
+des_cblock key);
+	This routine sets a starting point for des_random_key().
+	
+void des_random_key(
+des_cblock ret);
+	This function return a random key.  Make sure to 'seed' the random
+	number generator (with des_random_seed()) before using this function.
+	I personally now use a MD5 based random number system.
+
+int des_enc_read(
+int fd,
+char *buf,
+int len,
+des_key_schedule ks,
+des_cblock *iv);
+	This function will write to a file descriptor the encrypted data
+	from buf.  This data will be preceded by a 4 byte 'byte count' and
+	will be padded out to 8 bytes.  The encryption is either CBC of
+	PCBC depending on the value of des_rw_mode.  If it is DES_PCBC_MODE,
+	pcbc is used, if DES_CBC_MODE, cbc is used.  The default is to use
+	DES_PCBC_MODE.
+
+int des_enc_write(
+int fd,
+char *buf,
+int len,
+des_key_schedule ks,
+des_cblock *iv);
+	This routines read stuff written by des_enc_read() and decrypts it.
+	I have used these routines quite a lot but I don't believe they are
+	suitable for non-blocking io.  If you are after a full
+	authentication/encryption over networks, have a look at SSL instead.
+
+unsigned long des_quad_cksum(
+des_cblock *input,
+des_cblock *output,
+long length,
+int out_count,
+des_cblock *seed);
+	This is a function from Kerberos v4 that is not anything to do with
+	DES but was needed.  It is a cksum that is quicker to generate than
+	des_cbc_cksum();  I personally would use MD5 routines now.
+=====
+Modes of DES
+Quite a bit of the following information has been taken from
+	AS 2805.5.2
+	Australian Standard
+	Electronic funds transfer - Requirements for interfaces,
+	Part 5.2: Modes of operation for an n-bit block cipher algorithm
+	Appendix A
+
+There are several different modes in which DES can be used, they are
+as follows.
+
+Electronic Codebook Mode (ECB) (des_ecb_encrypt())
+- 64 bits are enciphered at a time.
+- The order of the blocks can be rearranged without detection.
+- The same plaintext block always produces the same ciphertext block
+  (for the same key) making it vulnerable to a 'dictionary attack'.
+- An error will only affect one ciphertext block.
+
+Cipher Block Chaining Mode (CBC) (des_cbc_encrypt())
+- a multiple of 64 bits are enciphered at a time.
+- The CBC mode produces the same ciphertext whenever the same
+  plaintext is encrypted using the same key and starting variable.
+- The chaining operation makes the ciphertext blocks dependent on the
+  current and all preceding plaintext blocks and therefore blocks can not
+  be rearranged.
+- The use of different starting variables prevents the same plaintext
+  enciphering to the same ciphertext.
+- An error will affect the current and the following ciphertext blocks.
+
+Cipher Feedback Mode (CFB) (des_cfb_encrypt())
+- a number of bits (j) <= 64 are enciphered at a time.
+- The CFB mode produces the same ciphertext whenever the same
+  plaintext is encrypted using the same key and starting variable.
+- The chaining operation makes the ciphertext variables dependent on the
+  current and all preceding variables and therefore j-bit variables are
+  chained together and can not be rearranged.
+- The use of different starting variables prevents the same plaintext
+  enciphering to the same ciphertext.
+- The strength of the CFB mode depends on the size of k (maximal if
+  j == k).  In my implementation this is always the case.
+- Selection of a small value for j will require more cycles through
+  the encipherment algorithm per unit of plaintext and thus cause
+  greater processing overheads.
+- Only multiples of j bits can be enciphered.
+- An error will affect the current and the following ciphertext variables.
+
+Output Feedback Mode (OFB) (des_ofb_encrypt())
+- a number of bits (j) <= 64 are enciphered at a time.
+- The OFB mode produces the same ciphertext whenever the same
+  plaintext enciphered using the same key and starting variable.  More
+  over, in the OFB mode the same key stream is produced when the same
+  key and start variable are used.  Consequently, for security reasons
+  a specific start variable should be used only once for a given key.
+- The absence of chaining makes the OFB more vulnerable to specific attacks.
+- The use of different start variables values prevents the same
+  plaintext enciphering to the same ciphertext, by producing different
+  key streams.
+- Selection of a small value for j will require more cycles through
+  the encipherment algorithm per unit of plaintext and thus cause
+  greater processing overheads.
+- Only multiples of j bits can be enciphered.
+- OFB mode of operation does not extend ciphertext errors in the
+  resultant plaintext output.  Every bit error in the ciphertext causes
+  only one bit to be in error in the deciphered plaintext.
+- OFB mode is not self-synchronising.  If the two operation of
+  encipherment and decipherment get out of synchronism, the system needs
+  to be re-initialised.
+- Each re-initialisation should use a value of the start variable
+ different from the start variable values used before with the same
+ key.  The reason for this is that an identical bit stream would be
+ produced each time from the same parameters.  This would be
+ susceptible to a ' known plaintext' attack.
+
+Triple ECB Mode (des_ecb3_encrypt())
+- Encrypt with key1, decrypt with key2 and encrypt with key3 again.
+- As for ECB encryption but increases the key length to 168 bits.
+  There are theoretic attacks that can be used that make the effective
+  key length 112 bits, but this attack also requires 2^56 blocks of
+  memory, not very likely, even for the NSA.
+- If both keys are the same it is equivalent to encrypting once with
+  just one key.
+- If the first and last key are the same, the key length is 112 bits.
+  There are attacks that could reduce the key space to 55 bit's but it
+  requires 2^56 blocks of memory.
+- If all 3 keys are the same, this is effectively the same as normal
+  ecb mode.
+
+Triple CBC Mode (des_ede3_cbc_encrypt())
+- Encrypt with key1, decrypt with key2 and then encrypt with key3.
+- As for CBC encryption but increases the key length to 168 bits with
+  the same restrictions as for triple ecb mode.
+
+==== digest.doc ========================================================
+
+
+The Message Digest subroutines.
+
+These routines require "evp.h" to be included.
+
+These functions are a higher level interface to the various message digest
+routines found in this library.  As such, they allow the same code to be
+used to digest via different algorithms with only a change in an initial
+parameter.  They are basically just a front-end to the MD2, MD5, SHA
+and SHA1
+routines.
+
+These routines all take a pointer to the following structure to specify
+which message digest algorithm to use.
+typedef struct evp_md_st
+	{
+	int type;
+	int pkey_type;
+	int md_size;
+	void (*init)();
+	void (*update)();
+	void (*final)();
+
+	int required_pkey_type; /*EVP_PKEY_xxx */
+	int (*sign)();
+	int (*verify)();
+	} EVP_MD;
+
+If additional message digest algorithms are to be supported, a structure of
+this type needs to be declared and populated and then the Digest routines
+can be used with that algorithm.  The type field is the object NID of the
+digest type (read the section on Objects for an explanation).  The pkey_type
+is the Object type to use when the a message digest is generated by there
+routines and then is to be signed with the pkey algorithm.  Md_size is
+the size of the message digest returned.  Init, update
+and final are the relevant functions to perform the message digest function
+by parts.  One reason for specifying the message digest to use via this
+mechanism is that if you only use md5, only the md5 routines will
+be included in you linked program.  If you passed an integer
+that specified which message digest to use, the routine that mapped that
+integer to a set of message digest functions would cause all the message
+digests functions to be link into the code.  This setup also allows new
+message digest functions to be added by the application.
+
+The six message digests defined in this library are
+
+EVP_MD *EVP_md2(void);	/* RSA sign/verify */
+EVP_MD *EVP_md5(void);	/* RSA sign/verify */
+EVP_MD *EVP_sha(void);	/* RSA sign/verify */
+EVP_MD *EVP_sha1(void);	/* RSA sign/verify */
+EVP_MD *EVP_dss(void);	/* DSA sign/verify */
+EVP_MD *EVP_dss1(void);	/* DSA sign/verify */
+
+All the message digest routines take a EVP_MD_CTX pointer as an argument.
+The state of the message digest is kept in this structure.
+
+typedef struct pem_md_ctx_st
+	{
+	EVP_MD *digest;
+	union	{
+		unsigned char base[4]; /* this is used in my library as a
+					* 'pointer' to all union elements
+					* structures. */
+		MD2_CTX md2;
+		MD5_CTX md5;
+		SHA_CTX sha;
+		} md;
+	} EVP_MD_CTX;
+
+The Digest functions are as follows.
+
+void EVP_DigestInit(
+EVP_MD_CTX *ctx,
+EVP_MD *type);
+	This function is used to initialise the EVP_MD_CTX.  The message
+	digest that will associated with 'ctx' is specified by 'type'.
+
+void EVP_DigestUpdate(
+EVP_MD_CTX *ctx,
+unsigned char *data,
+unsigned int cnt);
+	This function is used to pass more data to the message digest
+	function.  'cnt' bytes are digested from 'data'.
+
+void EVP_DigestFinal(
+EVP_MD_CTX *ctx,
+unsigned char *md,
+unsigned int *len);
+	This function finishes the digestion and puts the message digest
+	into 'md'.  The length of the message digest is put into len;
+	EVP_MAX_MD_SIZE is the size of the largest message digest that
+	can be returned from this function.  Len can be NULL if the
+	size of the digest is not required.
+	
+
+==== encode.doc ========================================================
+
+
+void    EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
+void    EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,
+		int *outl,unsigned char *in,int inl);
+void    EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl);
+int     EVP_EncodeBlock(unsigned char *t, unsigned char *f, int n);
+
+void    EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
+int     EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl,
+		unsigned char *in, int inl);
+int     EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
+		char *out, int *outl);
+int     EVP_DecodeBlock(unsigned char *t, unsigned
+		char *f, int n);
+
+
+==== envelope.doc ========================================================
+
+The following routines are use to create 'digital' envelopes.
+By this I mean that they perform various 'higher' level cryptographic
+functions.  Have a read of 'cipher.doc' and 'digest.doc' since those
+routines are used by these functions.
+cipher.doc contains documentation about the cipher part of the
+envelope library and digest.doc contatins the description of the
+message digests supported.
+
+To 'sign' a document involves generating a message digest and then encrypting
+the digest with an private key.
+
+#define EVP_SignInit(a,b)		EVP_DigestInit(a,b)
+#define EVP_SignUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)
+Due to the fact this operation is basically just an extended message
+digest, the first 2 functions are macro calls to Digest generating
+functions.
+
+int     EVP_SignFinal(
+EVP_MD_CTX *ctx,
+unsigned char *md,
+unsigned int *s,
+EVP_PKEY *pkey);
+	This finalisation function finishes the generation of the message
+digest and then encrypts the digest (with the correct message digest 
+object identifier) with the EVP_PKEY private key.  'ctx' is the message digest
+context.  'md' will end up containing the encrypted message digest.  This
+array needs to be EVP_PKEY_size(pkey) bytes long.  's' will actually
+contain the exact length.  'pkey' of course is the private key.  It is
+one of EVP_PKEY_RSA or EVP_PKEY_DSA type.
+If there is an error, 0 is returned, otherwise 1.
+		
+Verify is used to check an signed message digest.
+
+#define EVP_VerifyInit(a,b)		EVP_DigestInit(a,b)
+#define EVP_VerifyUpdate(a,b,c)		EVP_DigestUpdate(a,b,c)
+Since the first step is to generate a message digest, the first 2 functions
+are macros.
+
+int EVP_VerifyFinal(
+EVP_MD_CTX *ctx,
+unsigned char *md,
+unsigned int s,
+EVP_PKEY *pkey);
+	This function finishes the generation of the message digest and then
+compares it with the supplied encrypted message digest.  'md' contains the
+'s' bytes of encrypted message digest.  'pkey' is used to public key decrypt
+the digest.  It is then compared with the message digest just generated.
+If they match, 1 is returned else 0.
+
+int	EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek,
+		int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk);
+Must have at least one public key, error is 0.  I should also mention that
+the buffers pointed to by 'ek' need to be EVP_PKEY_size(pubk[n]) is size.
+
+#define EVP_SealUpdate(a,b,c,d,e)	EVP_EncryptUpdate(a,b,c,d,e)	
+void	EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl);
+
+
+int	EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek,
+		int ekl,unsigned char *iv,EVP_PKEY *priv);
+0 on failure
+
+#define EVP_OpenUpdate(a,b,c,d,e)	EVP_DecryptUpdate(a,b,c,d,e)
+
+int	EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+Decrypt final return code
+
+
+==== error.doc ========================================================
+
+The error routines.
+
+The 'error' system I've implemented is intended to server 2 purpose, to
+record the reason why a command failed and to record where in the libraries
+the failure occurred.  It is more or less setup to record a 'trace' of which
+library components were being traversed when the error occurred.
+
+When an error is recorded, it is done so a as single unsigned long which is
+composed of three parts.  The top byte is the 'library' number, the middle
+12 bytes is the function code, and the bottom 12 bits is the 'reason' code.
+
+Each 'library', or should a say, 'section' of the SSLeay library has a
+different unique 'library' error number.  Each function in the library has
+a number that is unique for that library.  Each 'library' also has a number
+for each 'error reason' that is only unique for that 'library'.
+
+Due to the way these error routines record a 'error trace', there is an
+array per thread that is used to store the error codes.
+The various functions in this library are used to access
+and manipulate this array.
+
+void ERR_put_error(int lib, int func,int reason);
+	This routine records an error in library 'lib', function 'func'
+and reason 'reason'.  As errors get 'put' into the buffer, they wrap
+around and overwrite old errors if too many are written.  It is assumed
+that the last errors are the most important.
+
+unsigned long ERR_get_error(void );
+	This function returns the last error added to the error buffer.
+In effect it is popping the value off the buffer so repeated calls will
+continue to return values until there are no more errors to return in which
+case 0 is returned.
+
+unsigned long ERR_peek_error(void );
+	This function returns the value of the last error added to the
+error buffer but does not 'pop' it from the buffer.
+
+void ERR_clear_error(void );
+	This function clears the error buffer, discarding all unread
+errors.
+
+While the above described error system obviously produces lots of different
+error number, a method for 'reporting' these errors in a human readable
+form is required.  To achieve this, each library has the option of
+'registering' error strings.
+
+typedef struct ERR_string_data_st
+	{
+	unsigned long error;
+	char *string;
+	} ERR_STRING_DATA;
+
+The 'ERR_STRING_DATA' contains an error code and the corresponding text
+string.  To add new function error strings for a library, the
+ERR_STRING_DATA needs to be 'registered' with the library.
+
+void ERR_load_strings(unsigned long lib,ERR_STRING_DATA *err);
+	This function 'registers' the array of ERR_STRING_DATA pointed to by
+'err' as error text strings for the error library 'lib'.
+
+void ERR_free_strings(void);
+	This function free()s all the loaded error strings.
+
+char *ERR_error_string(unsigned long error,char *buf);
+	This function returns a text string that is a human readable
+version of the error represented by 'error'.  Buff should be at least 120
+bytes long and if it is NULL, the return value is a pointer to a static
+variable that will contain the error string, otherwise 'buf' is returned.
+If there is not a text string registered for a particular error, a text
+string containing the error number is returned instead.
+
+void ERR_print_errors(BIO *bp);
+void ERR_print_errors_fp(FILE *fp);
+	This function is a convenience routine that prints the error string
+for each error until all errors have been accounted for.
+
+char *ERR_lib_error_string(unsigned long e);
+char *ERR_func_error_string(unsigned long e);
+char *ERR_reason_error_string(unsigned long e);
+The above three functions return the 3 different components strings for the
+error 'e'.  ERR_error_string() uses these functions.
+
+void ERR_load_ERR_strings(void );
+	This function 'registers' the error strings for the 'ERR' module.
+
+void ERR_load_crypto_strings(void );
+	This function 'register' the error strings for just about every
+library in the SSLeay package except for the SSL routines.  There is no
+need to ever register any error text strings and you will probably save in
+program size.  If on the other hand you do 'register' all errors, it is
+quite easy to determine why a particular routine failed.
+
+As a final footnote as to why the error system is designed as it is.
+1) I did not want a single 'global' error code.
+2) I wanted to know which subroutine a failure occurred in.
+3) For Windows NT etc, it should be simple to replace the 'key' routines
+   with code to pass error codes back to the application.
+4) I wanted the option of meaningful error text strings.
+
+Late breaking news - the changes to support threads.
+
+Each 'thread' has an 'ERR_STATE' state associated with it.
+ERR_STATE *ERR_get_state(void ) will return the 'state' for the calling
+thread/process.
+
+ERR_remove_state(unsigned long pid); will 'free()' this state.  If pid == 0
+the current 'thread/process' will have it's error state removed.
+If you do not remove the error state of a thread, this could be considered a
+form of memory leak, so just after 'reaping' a thread that has died,
+call ERR_remove_state(pid).
+
+Have a read of thread.doc for more details for what is required for
+multi-threading support.  All the other error routines will
+work correctly when using threads.
+
+
+==== idea.doc ========================================================
+
+The IDEA library.
+IDEA is a block cipher that operates on 64bit (8 byte) quantities.  It
+uses a 128bit (16 byte) key.  It can be used in all the modes that DES can
+be used.  This library implements the ecb, cbc, cfb64 and ofb64 modes.
+
+For all calls that have an 'input' and 'output' variables, they can be the
+same.
+
+This library requires the inclusion of 'idea.h'.
+
+All of the encryption functions take what is called an IDEA_KEY_SCHEDULE as an 
+argument.  An IDEA_KEY_SCHEDULE is an expanded form of the idea key.
+For all modes of the IDEA algorithm, the IDEA_KEY_SCHEDULE used for
+decryption is different to the one used for encryption.
+
+The define IDEA_ENCRYPT is passed to specify encryption for the functions
+that require an encryption/decryption flag. IDEA_DECRYPT is passed to
+specify decryption.  For some mode there is no encryption/decryption
+flag since this is determined by the IDEA_KEY_SCHEDULE.
+
+So to encrypt you would do the following
+idea_set_encrypt_key(key,encrypt_ks);
+idea_ecb_encrypt(...,encrypt_ks);
+idea_cbc_encrypt(....,encrypt_ks,...,IDEA_ENCRYPT);
+
+To Decrypt
+idea_set_encrypt_key(key,encrypt_ks);
+idea_set_decrypt_key(encrypt_ks,decrypt_ks);
+idea_ecb_encrypt(...,decrypt_ks);
+idea_cbc_encrypt(....,decrypt_ks,...,IDEA_DECRYPT);
+
+Please note that any of the encryption modes specified in my DES library
+could be used with IDEA.  I have only implemented ecb, cbc, cfb64 and
+ofb64 for the following reasons.
+- ecb is the basic IDEA encryption.
+- cbc is the normal 'chaining' form for block ciphers.
+- cfb64 can be used to encrypt single characters, therefore input and output
+  do not need to be a multiple of 8.
+- ofb64 is similar to cfb64 but is more like a stream cipher, not as
+  secure (not cipher feedback) but it does not have an encrypt/decrypt mode.
+- If you want triple IDEA, thats 384 bits of key and you must be totally
+  obsessed with security.  Still, if you want it, it is simple enough to
+  copy the function from the DES library and change the des_encrypt to
+  idea_encrypt; an exercise left for the paranoid reader :-).
+
+The functions are as follows:
+
+void idea_set_encrypt_key(
+unsigned char *key;
+IDEA_KEY_SCHEDULE *ks);
+	idea_set_encrypt_key converts a 16 byte IDEA key into an
+	IDEA_KEY_SCHEDULE.  The IDEA_KEY_SCHEDULE is an expanded form of
+	the key which can be used to perform IDEA encryption.
+	An IDEA_KEY_SCHEDULE is an expanded form of the key which is used to
+	perform actual encryption.  It can be regenerated from the IDEA key
+	so it only needs to be kept when encryption is about
+	to occur.  Don't save or pass around IDEA_KEY_SCHEDULE's since they
+	are CPU architecture dependent, IDEA keys are not.
+	
+void idea_set_decrypt_key(
+IDEA_KEY_SCHEDULE *encrypt_ks,
+IDEA_KEY_SCHEDULE *decrypt_ks);
+	This functions converts an encryption IDEA_KEY_SCHEDULE into a
+	decryption IDEA_KEY_SCHEDULE.  For all decryption, this conversion
+	of the key must be done.  In some modes of IDEA, an
+	encryption/decryption flag is also required, this is because these
+	functions involve block chaining and the way this is done changes
+	depending on which of encryption of decryption is being done.
+	Please note that there is no quick way to generate the decryption
+	key schedule other than generating the encryption key schedule and
+	then converting it.
+
+void idea_encrypt(
+unsigned long *data,
+IDEA_KEY_SCHEDULE *ks);
+	This is the IDEA encryption function that gets called by just about
+	every other IDEA routine in the library.  You should not use this
+	function except to implement 'modes' of IDEA.  I say this because the
+	functions that call this routine do the conversion from 'char *' to
+	long, and this needs to be done to make sure 'non-aligned' memory
+	access do not occur.
+	Data is a pointer to 2 unsigned long's and ks is the
+	IDEA_KEY_SCHEDULE to use.  Encryption or decryption depends on the
+	IDEA_KEY_SCHEDULE.
+
+void idea_ecb_encrypt(
+unsigned char *input,
+unsigned char *output,
+IDEA_KEY_SCHEDULE *ks);
+	This is the basic Electronic Code Book form of IDEA (in DES this
+	mode is called Electronic Code Book so I'm going to use the term
+	for idea as well :-).
+	Input is encrypted into output using the key represented by
+	ks.  Depending on the IDEA_KEY_SCHEDULE, encryption or
+	decryption occurs.  Input is 8 bytes long and output is 8 bytes.
+	
+void idea_cbc_encrypt(
+unsigned char *input,
+unsigned char *output,
+long length,
+IDEA_KEY_SCHEDULE *ks,
+unsigned char *ivec,
+int enc);
+	This routine implements IDEA in Cipher Block Chaining mode.
+	Input, which should be a multiple of 8 bytes is encrypted
+	(or decrypted) to output which will also be a multiple of 8 bytes.
+	The number of bytes is in length (and from what I've said above,
+	should be a multiple of 8).  If length is not a multiple of 8, bad 
+	things will probably happen.  ivec is the initialisation vector.
+	This function updates iv after each call so that it can be passed to
+	the next call to idea_cbc_encrypt().
+	
+void idea_cfb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int *num,
+int enc);
+	This is one of the more useful functions in this IDEA library, it
+	implements CFB mode of IDEA with 64bit feedback.
+	This allows you to encrypt an arbitrary number of bytes,
+	you do not require 8 byte padding.  Each call to this
+	routine will encrypt the input bytes to output and then update ivec
+	and num.  Num contains 'how far' we are though ivec.
+	Enc is used to indicate encryption or decryption.
+	One very important thing to remember is that when decrypting, use
+	the encryption form of the key.
+	CFB64 mode operates by using the cipher to
+	generate a stream of bytes which is used to encrypt the plain text.
+	The cipher text is then encrypted to generate the next 64 bits to
+	be xored (incrementally) with the next 64 bits of plain
+	text.  As can be seen from this, to encrypt or decrypt,
+	the same 'cipher stream' needs to be generated but the way the next
+	block of data is gathered for encryption is different for
+	encryption and decryption.  What this means is that to encrypt
+	idea_set_encrypt_key(key,ks);
+	idea_cfb64_encrypt(...,ks,..,IDEA_ENCRYPT)
+	do decrypt
+	idea_set_encrypt_key(key,ks)
+	idea_cfb64_encrypt(...,ks,...,IDEA_DECRYPT)
+	Note: The same IDEA_KEY_SCHEDULE but different encryption flags.
+	For idea_cbc or idea_ecb, idea_set_decrypt_key() would need to be
+	used to generate the IDEA_KEY_SCHEDULE for decryption.
+	The reason I'm stressing this point is that I just wasted 3 hours
+	today trying to decrypt using this mode and the decryption form of
+	the key :-(.
+	
+void idea_ofb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+des_key_schedule ks,
+des_cblock *ivec,
+int *num);
+	This functions implements OFB mode of IDEA with 64bit feedback.
+	This allows you to encrypt an arbitrary number of bytes,
+	you do not require 8 byte padding.  Each call to this
+	routine will encrypt the input bytes to output and then update ivec
+	and num.  Num contains 'how far' we are though ivec.
+	This is in effect a stream cipher, there is no encryption or
+	decryption mode.  The same key and iv should be used to
+	encrypt and decrypt.
+	
+For reading passwords, I suggest using des_read_pw_string() from my DES library.
+To generate a password from a text string, I suggest using MD5 (or MD2) to
+produce a 16 byte message digest that can then be passed directly to
+idea_set_encrypt_key().
+
+=====
+For more information about the specific IDEA modes in this library
+(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the
+documentation on my DES library.  What is said about DES is directly
+applicable for IDEA.
+
+
+==== legal.doc ========================================================
+
+From eay@mincom.com Thu Jun 27 00:25:45 1996
+Received: by orb.mincom.oz.au id AA15821
+  (5.65c/IDA-1.4.4 for eay); Wed, 26 Jun 1996 14:25:45 +1000
+Date: Wed, 26 Jun 1996 14:25:45 +1000 (EST)
+From: Eric Young <eay@mincom.oz.au>
+X-Sender: eay@orb
+To: Ken Toll <ktoll@ren.digitalage.com>
+Cc: Eric Young <eay@mincom.oz.au>, ssl-talk@netscape.com
+Subject: Re: Unidentified subject!
+In-Reply-To: <9606261950.ZM28943@ren.digitalage.com>
+Message-Id: <Pine.SOL.3.91.960626131156.28573K-100000@orb>
+Mime-Version: 1.0
+Content-Type: TEXT/PLAIN; charset=US-ASCII
+Status: O
+X-Status: 
+
+
+This is a little off topic but since SSLeay is a free implementation of
+the SSLv2 protocol, I feel it is worth responding on the topic of if it 
+is actually legal for Americans to use free cryptographic software.
+
+On Wed, 26 Jun 1996, Ken Toll wrote:
+> Is the U.S the only country that SSLeay cannot be used commercially 
+> (because of RSAref) or is that going to be an issue with every country 
+> that a client/server application (non-web browser/server) is deployed 
+> and sold?
+
+>From what I understand, the software patents that apply to algorithms 
+like RSA and DH only apply in the USA.  The IDEA algorithm I believe is 
+patened in europe (USA?), but considing how little it is used by other SSL 
+implementations, it quite easily be left out of the SSLeay build
+(this can be done with a compile flag).
+
+Actually if the RSA patent did apply outside the USA, it could be rather
+interesting since RSA is not alowed to let RSA toolkits outside of the USA
+[1], and since these are the only forms that they will alow the algorithm
+to be used in, it would mean that non-one outside of the USA could produce
+public key software which would be a very strong statment for
+international patent law to make :-).  This logic is a little flawed but
+it still points out some of the more interesting permutations of USA
+patent law and ITAR restrictions. 
+
+Inside the USA there is also the unresolved issue of RC4/RC2 which were
+made public on sci.crypt in Sep 1994 (RC4) and Feb 1996 (RC2).  I have
+copies of the origional postings if people are interested.  RSA I believe 
+claim that they were 'trade-secrets' and that some-one broke an NDA in 
+revealing them.  Other claim they reverse engineered the algorithms from 
+compiled binaries.  If the algorithms were reverse engineered, I belive 
+RSA had no legal leg to stand on.  If an NDA was broken, I don't know.
+Regardless, RSA, I belive, is willing to go to court over the issue so 
+licencing is probably the best idea, or at least talk to them.
+If there are people who actually know more about this, pease let me know, I 
+don't want to vilify or spread miss-information if I can help it.
+
+If you are not producing a web browser, it is easy to build SSLeay with
+RC2/RC4 removed. Since RC4 is the defacto standard cipher in 
+all web software (and it is damn fast) it is more or less required for 
+www use. For non www use of SSL, especially for an application where 
+interoperability with other vendors is not critical just leave it out.
+
+Removing IDEA, RC2 and RC4 would only leave DES and Triple DES but 
+they should be ok.  Considing that Triple DES can encrypt at rates of
+410k/sec on a pentium 100, and 940k/sec on a P6/200, this is quite 
+reasonable performance.  Single DES clocks in at 1160k/s and 2467k/s
+respectivly is actually quite fast for those not so paranoid (56 bit key).[1]
+
+> Is it possible to get a certificate for commercial use outside of the U.S.?
+yes.
+
+Thawte Consulting issues certificates (they are the people who sell the
+	Sioux httpd server and are based in South Africa)
+Verisign will issue certificates for Sioux (sold from South Africa), so this
+	proves that they will issue certificate for OS use if they are
+	happy with the quality of the software.
+
+(The above mentioned companies just the ones that I know for sure are issuing
+ certificates outside the USA).
+
+There is always the point that if you are using SSL for an intra net, 
+SSLeay provides programs that can be used so you can issue your own 
+certificates.  They need polishing but at least it is a good starting point.
+
+I am not doing anything outside Australian law by implementing these
+algorithms (to the best of my knowedge).  It is another example of how 
+the world legal system does not cope with the internet very well.
+
+I may start making shared libraries available (I have now got DLL's for 
+Windows).  This will mean that distributions into the usa could be 
+shipped with a version with a reduced cipher set and the versions outside 
+could use the DLL/shared library with all the ciphers (and without RSAref).
+
+This could be completly hidden from the application, so this would not 
+even require a re-linking.
+
+This is the reverse of what people were talking about doing to get around 
+USA export regulations :-)
+
+eric
+
+[1]:	The RSAref2.0 tookit is available on at least 3 ftp sites in Europe
+	and one in South Africa.
+
+[2]:	Since I always get questions when I post benchmark numbers :-),
+	DES performace figures are in 1000's of bytes per second in cbc 
+	mode using an 8192 byte buffer.  The pentium 100 was running Windows NT 
+	3.51 DLLs and the 686/200 was running NextStep.
+	I quote pentium 100 benchmarks because it is basically the
+	'entry level' computer that most people buy for personal use.
+	Windows 95 is the OS shipping on those boxes, so I'll give
+	NT numbers (the same Win32 runtime environment).  The 686
+	numbers are present as an indication of where we will be in a
+	few years.
+--
+Eric Young                  | BOOL is tri-state according to Bill Gates.
+AARNet: eay@mincom.oz.au    | RTFM Win32 GetMessage().
+
+
+
+==== lhash.doc ========================================================
+
+The LHASH library.
+
+I wrote this library in 1991 and have since forgotten why I called it lhash.
+It implements a hash table from an article I read at the
+time from 'Communications of the ACM'.  What makes this hash
+table different is that as the table fills, the hash table is
+increased (or decreased) in size via realloc().
+When a 'resize' is done, instead of all hashes being redistributed over
+twice as many 'buckets', one bucket is split.  So when an 'expand' is done,
+there is only a minimal cost to redistribute some values.  Subsequent
+inserts will cause more single 'bucket' redistributions but there will
+never be a sudden large cost due to redistributing all the 'buckets'.
+
+The state for a particular hash table is kept in the LHASH structure.
+The LHASH structure also records statistics about most aspects of accessing
+the hash table.  This is mostly a legacy of my writing this library for
+the reasons of implementing what looked like a nice algorithm rather than
+for a particular software product.
+
+Internal stuff you probably don't want to know about.
+The decision to increase or decrease the hash table size is made depending
+on the 'load' of the hash table.  The load is the number of items in the
+hash table divided by the size of the hash table.  The default values are
+as follows.  If (hash->up_load < load) => expand.
+if (hash->down_load > load) =>  contract.  The 'up_load' has a default value of
+1 and 'down_load' has a default value of 2.  These numbers can be modified
+by the application by just playing with the 'up_load' and 'down_load'
+variables.  The 'load' is kept in a form which is multiplied by 256.  So
+hash->up_load=8*256; will cause a load of 8 to be set.
+
+If you are interested in performance the field to watch is
+num_comp_calls.  The hash library keeps track of the 'hash' value for
+each item so when a lookup is done, the 'hashes' are compared, if
+there is a match, then a full compare is done, and
+hash->num_comp_calls is incremented.  If num_comp_calls is not equal
+to num_delete plus num_retrieve it means that your hash function is
+generating hashes that are the same for different values.  It is
+probably worth changing your hash function if this is the case because
+even if your hash table has 10 items in a 'bucked', it can be searched
+with 10 'unsigned long' compares and 10 linked list traverses.  This
+will be much less expensive that 10 calls to you compare function.
+
+LHASH *lh_new(
+unsigned long (*hash)(),
+int (*cmp)());
+	This function is used to create a new LHASH structure.  It is passed
+	function pointers that are used to store and retrieve values passed
+	into the hash table.  The 'hash'
+	function is a hashing function that will return a hashed value of
+	it's passed structure.  'cmp' is passed 2 parameters, it returns 0
+	is they are equal, otherwise, non zero.
+	If there are any problems (usually malloc failures), NULL is
+	returned, otherwise a new LHASH structure is returned.  The
+	hash value is normally truncated to a power of 2, so make sure
+	that your hash function returns well mixed low order bits.
+	
+void lh_free(
+LHASH *lh);
+	This function free()s a LHASH structure.  If there is malloced
+	data in the hash table, it will not be freed.  Consider using the
+	lh_doall function to deallocate any remaining entries in the hash
+	table.
+	
+char *lh_insert(
+LHASH *lh,
+char *data);
+	This function inserts the data pointed to by data into the lh hash
+	table.  If there is already and entry in the hash table entry, the
+	value being replaced is returned.  A NULL is returned if the new
+	entry does not clash with an entry already in the table (the normal
+	case) or on a malloc() failure (perhaps I should change this....).
+	The 'char *data' is exactly what is passed to the hash and
+	comparison functions specified in lh_new().
+	
+char *lh_delete(
+LHASH *lh,
+char *data);
+	This routine deletes an entry from the hash table.  The value being
+	deleted is returned.  NULL is returned if there is no such value in
+	the hash table.
+
+char *lh_retrieve(
+LHASH *lh,
+char *data);
+	If 'data' is in the hash table it is returned, else NULL is
+	returned.  The way these routines would normally be uses is that a
+	dummy structure would have key fields populated and then
+	ret=lh_retrieve(hash,&dummy);.  Ret would now be a pointer to a fully
+	populated structure.
+
+void lh_doall(
+LHASH *lh,
+void (*func)(char *a));
+	This function will, for every entry in the hash table, call function
+	'func' with the data item as parameters.
+	This function can be quite useful when used as follows.
+	void cleanup(STUFF *a)
+		{ STUFF_free(a); }
+	lh_doall(hash,cleanup);
+	lh_free(hash);
+	This can be used to free all the entries, lh_free() then
+	cleans up the 'buckets' that point to nothing.  Be careful
+	when doing this.  If you delete entries from the hash table,
+	in the call back function, the table may decrease in size,
+	moving item that you are
+	currently on down lower in the hash table.  This could cause
+	some entries to be skipped.  The best solution to this problem
+	is to set lh->down_load=0 before you start.  This will stop
+	the hash table ever being decreased in size.
+
+void lh_doall_arg(
+LHASH *lh;
+void(*func)(char *a,char *arg));
+char *arg;
+	This function is the same as lh_doall except that the function
+	called will be passed 'arg' as the second argument.
+	
+unsigned long lh_strhash(
+char *c);
+	This function is a demo string hashing function.  Since the LHASH
+	routines would normally be passed structures, this routine would
+	not normally be passed to lh_new(), rather it would be used in the
+	function passed to lh_new().
+
+The next three routines print out various statistics about the state of the
+passed hash table.  These numbers are all kept in the lhash structure.
+
+void lh_stats(
+LHASH *lh,
+FILE *out);
+	This function prints out statistics on the size of the hash table,
+	how many entries are in it, and the number and result of calls to
+	the routines in this library.
+
+void lh_node_stats(
+LHASH *lh,
+FILE *out);
+	For each 'bucket' in the hash table, the number of entries is
+	printed.
+	
+void lh_node_usage_stats(
+LHASH *lh,
+FILE *out);
+	This function prints out a short summary of the state of the hash
+	table.  It prints what I call the 'load' and the 'actual load'.
+	The load is the average number of data items per 'bucket' in the
+	hash table.  The 'actual load' is the average number of items per
+	'bucket', but only for buckets which contain entries.  So the
+	'actual load' is the average number of searches that will need to
+	find an item in the hash table, while the 'load' is the average number
+	that will be done to record a miss.
+
+==== md2.doc ========================================================
+
+The MD2 library.
+MD2 is a message digest algorithm that can be used to condense an arbitrary
+length message down to a 16 byte hash.  The functions all need to be passed
+a MD2_CTX which is used to hold the MD2 context during multiple MD2_Update()
+function calls.  The normal method of use for this library is as follows
+
+MD2_Init(...);
+MD2_Update(...);
+...
+MD2_Update(...);
+MD2_Final(...);
+
+This library requires the inclusion of 'md2.h'.
+
+The main negative about MD2 is that it is slow, especially when compared
+to MD5.
+
+The functions are as follows:
+
+void MD2_Init(
+MD2_CTX *c);
+	This function needs to be called to initiate a MD2_CTX structure for
+	use.
+	
+void MD2_Update(
+MD2_CTX *c;
+unsigned char *data;
+unsigned long len);
+	This updates the message digest context being generated with 'len'
+	bytes from the 'data' pointer.  The number of bytes can be any
+	length.
+
+void MD2_Final(
+unsigned char *md;
+MD2_CTX *c;
+	This function is called when a message digest of the data digested
+	with MD2_Update() is wanted.  The message digest is put in the 'md'
+	array and is MD2_DIGEST_LENGTH (16) bytes long.
+
+unsigned char *MD2(
+unsigned long n;
+unsigned char *d;
+unsigned char *md;
+	This function performs a MD2_Init(), followed by a MD2_Update()
+	followed by a MD2_Final() (using a local MD2_CTX).
+	The resulting digest is put into 'md' if it is not NULL.
+	Regardless of the value of 'md', the message
+	digest is returned from the function.  If 'md' was NULL, the message
+	digest returned is being stored in a static structure.
+
+==== md5.doc ========================================================
+
+The MD5 library.
+MD5 is a message digest algorithm that can be used to condense an arbitrary
+length message down to a 16 byte hash.  The functions all need to be passed
+a MD5_CTX which is used to hold the MD5 context during multiple MD5_Update()
+function calls.  This library also contains random number routines that are
+based on MD5
+
+The normal method of use for this library is as follows
+
+MD5_Init(...);
+MD5_Update(...);
+...
+MD5_Update(...);
+MD5_Final(...);
+
+This library requires the inclusion of 'md5.h'.
+
+The functions are as follows:
+
+void MD5_Init(
+MD5_CTX *c);
+	This function needs to be called to initiate a MD5_CTX structure for
+	use.
+	
+void MD5_Update(
+MD5_CTX *c;
+unsigned char *data;
+unsigned long len);
+	This updates the message digest context being generated with 'len'
+	bytes from the 'data' pointer.  The number of bytes can be any
+	length.
+
+void MD5_Final(
+unsigned char *md;
+MD5_CTX *c;
+	This function is called when a message digest of the data digested
+	with MD5_Update() is wanted.  The message digest is put in the 'md'
+	array and is MD5_DIGEST_LENGTH (16) bytes long.
+
+unsigned char *MD5(
+unsigned char *d;
+unsigned long n;
+unsigned char *md;
+	This function performs a MD5_Init(), followed by a MD5_Update()
+	followed by a MD5_Final() (using a local MD5_CTX).
+	The resulting digest is put into 'md' if it is not NULL.
+	Regardless of the value of 'md', the message
+	digest is returned from the function.  If 'md' was NULL, the message
+	digest returned is being stored in a static structure.
+
+
+==== memory.doc ========================================================
+
+In the interests of debugging SSLeay, there is an option to compile
+using some simple memory leak checking.
+
+All malloc(), free() and realloc() calls in SSLeay now go via
+Malloc(), Free() and Realloc() (except those in crypto/lhash).
+
+If CRYPTO_MDEBUG is defined, these calls are #defined to
+CRYPTO_malloc(), CRYPTO_free() and CRYPTO_realloc().
+If it is not defined, they are #defined to malloc(), free() and realloc().
+
+the CRYPTO_malloc() routines by default just call the underlying library
+functons.
+
+If CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) is called, memory leak detection is
+turned on.  CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) turns it off.
+
+When turned on, each Malloc() or Realloc() call is recored along with the file
+and line number from where the call was made.   (This is done using the
+lhash library which always uses normal system malloc(3) routines).
+
+void CRYPTO_mem_leaks(BIO *b);
+void CRYPTO_mem_leaks_fp(FILE *fp);
+These both print out the list of memory that has not been free()ed.
+This will probably be rather hard to read, but if you look for the 'top level'
+structure allocation, this will often give an idea as to what is not being
+free()ed.  I don't expect people to use this stuff normally.
+
+==== ca.1 ========================================================
+
+From eay@orb.mincom.oz.au Thu Dec 28 23:56:45 1995
+Received: by orb.mincom.oz.au id AA07374
+  (5.65c/IDA-1.4.4 for eay); Thu, 28 Dec 1995 13:56:45 +1000
+Date: Thu, 28 Dec 1995 13:56:45 +1000 (EST)
+From: Eric Young <eay@mincom.oz.au>
+X-Sender: eay@orb
+To: sameer <sameer@c2.org>
+Cc: ssleay@mincom.oz.au
+Subject: Re: 'ca'
+In-Reply-To: <199512230440.UAA23410@infinity.c2.org>
+Message-Id: <Pine.SOL.3.91.951228133525.7269A-100000@orb>
+Mime-Version: 1.0
+Content-Type: TEXT/PLAIN; charset=US-ASCII
+Status: RO
+X-Status: 
+
+On Fri, 22 Dec 1995, sameer wrote:
+> 	I could use documentation on 'ca'. Thanks.
+
+Very quickly.
+The ca program uses the ssleay.conf file for most of its configuration
+
+./ca -help
+
+ -verbose        - Talk alot while doing things
+ -config file    - A config file. If you don't want to use the
+		   default config file
+ -name arg       - The particular CA definition to use
+	In the config file, the section to use for parameters.  This lets 
+	multiple setups to be contained in the one file.  By default, the 
+	default_ca variable is looked up in the [ ca ] section.  So in the 
+	shipped ssleay.conf, the CA definition used is CA_default.  It could be 
+	any other name.
+ -gencrl days    - Generate a new CRL, days is when the next CRL is due
+	This will generate a new certificate revocion list.
+ -days arg       - number of days to certify the certificate for
+	When certifiying certificates, this is the number of days to use.
+ -md arg         - md to use, one of md2, md5, sha or sha1
+ -policy arg     - The CA 'policy' to support
+	I'll describe this later, but there are 2 policies definied in the 
+	shipped ssleay.conf
+ -keyfile arg    - PEM RSA private key file
+ -key arg        - key to decode the RSA private key if it is encrypted
+	since we need to keep the CA's RSA key encrypted
+ -cert           - The CA certificate
+ -in file        - The input PEM encoded certificate request(s)
+ -out file       - Where to put the output file(s)
+ -outdir dir     - Where to put output certificates
+	The -out options concatinates all the output certificied
+	certificates to one file, -outdir puts them in a directory,
+	named by serial number.
+ -infiles ....   - The last argument, requests to process
+	The certificate requests to process, -in is the same.
+
+Just about all the above have default values defined in ssleay.conf.
+
+The key variables in ssleay.conf are (for the pariticular '-name' being 
+used, in the default, it is CA_default).
+
+dir is where all the CA database stuff is kept.
+certs is where all the previously issued certificates are kept.
+The database is a simple text database containing the following tab separated 
+fields.
+status: a value of 'R' - revoked, 'E' -expired or 'V' valid.
+issued date:  When the certificate was certified.
+revoked date:  When it was revoked, blank if not revoked.
+serial number:  The certificate serial number.
+certificate:	Where the certificate is located.
+CN:	The name of the certificate.
+
+The demo file has quite a few made up values it it.  The last 2 were 
+added by the ca program and are acurate.
+The CA program does not update the 'certificate' file correctly right now.
+The serial field should be unique as should the CN/status combination.
+The ca program checks these at startup.  What still needs to be 
+wrtten is a program to 'regenerate' the data base file from the issued 
+certificate list (and a CRL list).
+
+Back to the CA_default variables.
+
+Most of the variables are commented.
+
+policy is the default policy.
+
+Ok for policies, they define the order and which fields must be present 
+in the certificate request and what gets filled in.
+
+So a value of
+countryName             = match
+means that the country name must match the CA certificate.
+organizationalUnitName  = optional
+The org.Unit,Name does not have to be present and
+commonName              = supplied
+commonName must be supplied in the certificate request.
+
+For the 'policy_match' polocy, the order of the attributes in the 
+generated certiticate would be
+countryName
+stateOrProvinceName
+organizationName
+organizationalUnitName
+commonName
+emailAddress
+
+Have a play, it sort of makes sense.  If you think about how the persona 
+requests operate, it is similar to the 'policy_match' policy and the
+'policy_anything' is similar to what versign is doing.
+
+I hope this helps a bit.  Some backend scripts are definitly needed to 
+update the database and to make certificate revocion easy.  All 
+certificates issued should also be kept forever (or until they expire?)
+
+hope this helps
+eric (who has to run off an buy some cheap knee pads for the caving in 4 
+days time :-)
+
+--
+Eric Young                  | Signature removed since it was generating
+AARNet: eay@mincom.oz.au    | more followups than the message contents :-)
+
+
+==== ms3-ca.doc ========================================================
+
+Date: Mon, 9 Jun 97 08:00:33 +0200
+From: Holger.Reif@PrakInf.TU-Ilmenau.DE (Holger Reif)
+Subject: ms3-ca.doc
+Organization: TU Ilmenau, Fak. IA, FG Telematik
+Content-Length: 14575
+Status: RO
+X-Status: 
+
+Loading client certs into MSIE 3.01
+===================================
+
+This document conatains all the information necessary to succesfully set up 
+some scripts to issue client certs to Microsoft Internet Explorer. It 
+includes the required knowledge about the model MSIE uses for client 
+certification and includes complete sample scripts ready to play with. The 
+scripts were tested against a modified ca program of SSLeay 0.6.6 and should 
+work with the regular ca program that comes with version 0.8.0. I haven't 
+tested against MSIE 4.0
+
+You can use the information contained in this document in either way you 
+want. However if you feel it saved you a lot of time I ask you to be as fair 
+as to mention my name: Holger Reif <reif@prakinf.tu-ilmenau.de>.
+
+1.) The model used by MSIE
+--------------------------
+
+The Internet Explorer doesn't come with a embedded engine for installing 
+client certs like Netscape's Navigator. It rather uses the CryptoAPI (CAPI) 
+defined by Microsoft. CAPI comes with WindowsNT 4.0 or is installed together 
+with Internet Explorer since 3.01. The advantage of this approach is a higher 
+flexibility because the certificates in the (per user) system open 
+certificate store may be used by other applications as well. The drawback 
+however is that you need to do a bit more work to get a client cert issued.
+
+CAPI defines functions which will handle basic cryptographic work, eg. 
+generating keys, encrypting some data, signing text or building a certificate 
+request. The procedure is as follows: A CAPI function generates you a key 
+pair and saves it into the certificate store. After that one builds a 
+Distinguished Name. Together with that key pair another CAPI function forms a 
+PKCS#10 request which you somehow need to submit to a CA. Finally the issued 
+cert is given to a yet another CAPI function which saves it into the 
+certificate store.
+
+The certificate store with the user's keys and certs is in the registry. You 
+will find it under HKEY_CURRENT_USER/Software/Microsoft/Cryptography/ (I 
+leave it to you as a little exercise to figure out what all the entries mean 
+;-). Note that the keys are protected only with the user's usual Windows 
+login password.
+
+2.) The practical usage
+-----------------------
+
+Unfortunatly since CAPI is a system API you can't access its functions from 
+HTML code directly. For this purpose Microsoft provides a wrapper called 
+certenr3.dll. This DLL accesses the CAPI functions and provides an interface 
+usable from Visual Basic Script. One needs to install that library on the 
+computer which wants to have client cert. The easiest way is to load it as an 
+ActiveX control (certenr3.dll is properly authenticode signed by MS ;-). If 
+you have ever enrolled e cert request at a CA you will have installed it.
+
+At time of writing certenr3.dll is contained in 
+http://www.microsoft.com/workshop/prog/security/csa/certenr3.exe. It comes 
+with an README file which explains the available functions. It is labeled 
+beta but every CA seems to use it anyway. The license.txt allows you the 
+usage for your own purposes (as far as I understood) and a somehow limited 
+distribution. 
+
+The two functions of main interest are GenerateKeyPair and AcceptCredentials. 
+For complete explanation of all possible parameters see the README file. Here 
+are only minimal required parameters and their values.
+
+GenerateKeyPair(sessionID, FASLE, szName, 0, "ClientAuth", TRUE, FALSE, 1)
+- sessionID is a (locally to that computer) unique string to correlate the 
+generated key pair with a cert installed later.
+- szName is the DN of the form "C=DE; S=Thueringen; L=Ilmenau; CN=Holger 
+Reif; 1.2.840.113549.1.9.1=reif@prakinf.tu-ilmenau.de". Note that S is the 
+abreviation for StateOrProvince. The recognized abreviation include CN, O, C, 
+OU, G, I, L, S, T. If the abreviation is unknown (eg. for PKCS#9 email addr) 
+you need to use the full object identifier. The starting point for searching 
+them could be crypto/objects.h since all OIDs know to SSLeay are listed 
+there.
+- note: the possible ninth parameter which should give a default name to the 
+certificate storage location doesn't seem to work. Changes to the constant 
+values in the call above doesn't seem to make sense. You can't generate 
+PKCS#10 extensions with that function.
+
+The result of GenerateKeyPair is the base64 encoded PKCS#10 request. However 
+it has a little strange format that SSLeay doesn't accept. (BTW I feel the 
+decision of rejecting that format as standard conforming.) It looks like 
+follows:
+	1st line with 76 chars
+	2nd line with 76 chars
+	...
+	(n-2)th line with 76 chars
+	(n-1)th line contains a multiple of 4 chars less then 76 (possible 
+empty)
+	(n)th line has zero or 4 chars (then with 1 or 2 equal signs - the 
+		original text's lenght wasn'T a multiple of 3) 
+	The line separator has two chars: 0x0d 0x0a
+
+AcceptCredentials(sessionID, credentials, 0, FALSE)
+- sessionID needs to be the same as while generating the key pair
+- credentials is the base64 encoded PKCS#7 object containing the cert. 
+
+CRL's and CA certs are not required simply just the client cert. (It seems to 
+me that both are not even checked somehow.) The only format of the base64 
+encoded object I succesfully used was all characters in a very long string 
+without line feeds or carriage returns. (Hey, it doesn't matter, only a 
+computer reads it!)
+
+The result should be S_OK. For error handling see the example that comes with 
+certenr3.dll.
+
+A note about ASN.1 character encodings. certenr3.dll seems to know only about 
+2 of them: UniversalString and PrintableString. First it is definitely wrong 
+for an email address which is IA5STRING (checked by ssleay's ca). Second 
+unfortunately MSIE (at least until version 3.02) can't handle UniversalString 
+correctly - they just blow up you cert store! Therefore ssleay's ca (starting 
+from version 0.8.0) tries to convert the encodings automatically to IA5STRING 
+or TeletexString. The beef is it will work only for the latin-1 (western) 
+charset. Microsoft still has to do abit of homework...
+
+3.) An example
+--------------
+
+At least you need two steps: generating the key & request and then installing 
+the certificate. A real world CA would have some more steps involved, eg. 
+accepting some license. Note that both scripts shown below are just 
+experimental state without any warrenty!
+
+First how to generate a request. Note that we can't use a static page because 
+of the sessionID. I generate it from system time plus pid and hope it is 
+unique enough. Your are free to feed it through md5 to get more impressive 
+ID's ;-) Then the intended text is read in with sed which inserts the 
+sessionID. 
+
+-----BEGIN ms-enroll.cgi-----
+#!/bin/sh
+SESSION_ID=`date '+%y%m%d%H%M%S'`$$
+echo Content-type: text/html
+echo
+sed s/template_for_sessId/$SESSION_ID/ <<EOF
+<HTML><HEAD>
+<TITLE>Certificate Enrollment Test Page</TITLE>
+</HEAD><BODY>
+
+<OBJECT
+    classid="clsid:33BEC9E0-F78F-11cf-B782-00C04FD7BF43"
+    codebase=certenr3.dll
+    id=certHelper
+    >
+</OBJECT>
+
+<CENTER>
+<H2>enrollment for a personal cert</H2>
+<BR><HR WIDTH=50%><BR><P>
+<FORM NAME="MSIE_Enrollment" ACTION="ms-gencert.cgi" ENCTYPE=x-www-form-
+encoded METHOD=POST>
+<TABLE>
+    <TR><TD>Country</TD><TD><INPUT NAME="Country" VALUE=""></TD></TR>
+    <TR><TD>State</TD><TD><INPUT NAME="StateOrProvince" VALUE=""></TD></TR>
+    <TR><TD>Location</TD><TD><INPUT NAME="Location" VALUE=""></TD></TR>
+    <TR><TD>Organization</TD><TD><INPUT NAME="Organization" 
+VALUE=""></TD></TR>
+    <TR><TD>Organizational Unit</TD>
+        <TD><INPUT NAME="OrganizationalUnit" VALUE=""></TD></TR>
+    <TR><TD>Name</TD><TD><INPUT NAME="CommonName" VALUE=""></TD></TR>
+    <TR><TD>eMail Address</TD>
+        <TD><INPUT NAME="EmailAddress" VALUE=""></TD></TR>
+    <TR><TD></TD>
+        <TD><INPUT TYPE="BUTTON" NAME="submit" VALUE="Beantragen"></TD></TR>
+</TABLE>
+	<INPUT TYPE="hidden" NAME="SessionId" VALUE="template_for_sessId">
+	<INPUT TYPE="hidden" NAME="Request" VALUE="">
+</FORM>
+<BR><HR WIDTH=50%><BR><P>
+</CENTER>
+
+<SCRIPT LANGUAGE=VBS>
+    Dim DN
+
+    Sub Submit_OnClick
+	Dim TheForm
+	Set TheForm = Document.MSIE_Enrollment
+	sessionId	= TheForm.SessionId.value
+	reqHardware     = FALSE
+	C		= TheForm.Country.value
+	SP		= TheForm.StateOrProvince.value
+	L		= TheForm.Location.value
+	O		= TheForm.Organization.value
+	OU		= TheForm.OrganizationalUnit.value
+	CN              = TheForm.CommonName.value
+	Email		= TheForm.EmailAddress.value
+        szPurpose       = "ClientAuth"
+        doAcceptanceUINow   = FALSE
+        doOnline        = TRUE
+
+	DN = ""
+
+	Call Add_RDN("C", C)
+	Call Add_RDN("S", SP)
+	Call Add_RDN("L", L)
+	Call Add_RDN("O", O)
+	Call Add_RDN("OU", OU)
+	Call Add_RDN("CN", CN)
+	Call Add_RDN("1.2.840.113549.1.9.1", Email)
+		      ' rsadsi
+				     ' pkcs
+				       ' pkcs9
+					 ' eMailAddress
+        On Error Resume Next
+        sz10 = certHelper.GenerateKeyPair(sessionId, _
+                FALSE, DN, 0, ClientAuth, FASLE, TRUE, 1)_
+        theError = Err.Number
+        On Error Goto 0
+        if (sz10 = Empty OR theError <> 0) Then
+            sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & _
+                chr(10) & "Your credentials could not be generated."
+            result = MsgBox(sz, 0, "Credentials Enrollment")
+            Exit Sub
+	else 
+	    TheForm.Request.value = sz10
+	    TheForm.Submit
+        end if
+    End Sub
+
+    Sub Add_RDN(sn, value)
+	if (value <> "") then
+	    if (DN <> "") then
+		DN = DN & "; "
+	    end if
+	    DN = DN & sn & "=" & value
+	end if
+    End Sub
+</SCRIPT>
+</BODY>
+</HTML>
+EOF
+-----END ms-enroll.cgi-----
+
+Second, how to extract the request and feed the certificate back? We need to 
+"normalize" the base64 encoding of the PKCS#10 format which means 
+regenerating the lines and wrapping with BEGIN and END line. This is done by 
+gawk. The request is taken by ca the normal way. Then the cert needs to be 
+packed into a PKCS#7 structure (note: the use of a CRL is necessary for 
+crl2pkcs7 as of version 0.6.6. Starting with 0.8.0 it it might probably be 
+ommited). Finally we need to format the PKCS#7 object and generate the HTML 
+text. I use two templates to have a clearer script.
+
+1st note: postit2 is slightly modified from a program I found at ncsa's ftp 
+site. Grab it from http://www.easterngraphics.com/certs/IX9704/postit2.c. You 
+need utils.c from there too.
+
+2nd note: I'm note quite sure wether the gawk script really handles all 
+possible inputs for the request right! Today I don't use this construction 
+anymore myself.
+
+3d note: the cert must be of version 3! This could be done with the nsComment 
+line in ssleay.cnf...
+
+------BEGIN ms-gencert.cgi-----
+#!/bin/sh
+FILE="/tmp/"`date '+%y%m%d%H%M%S'-`$$
+rm -f "$FILE".*
+
+HOME=`pwd`; export HOME  # as ssleay.cnf insists on having such an env var
+cd /usr/local/ssl #where demoCA (as named in ssleay.conf) is located
+
+postit2 -s " " -i 0x0d > "$FILE".inp  # process the FORM vars
+
+SESSION_ID=`gawk '$1 == "SessionId" { print $2; exit }' "$FILE".inp`
+
+gawk \
+	'BEGIN { \
+		OFS = ""; \
+		print "-----BEGIN CERTIFICATE REQUEST-----"; \
+		req_seen=0 \
+	} \
+	$1 == "Request" { \
+		req_seen=1; \
+		if (length($2) == 72) print($2); \
+		lastline=$2; \
+		next; \
+	} \
+	{ \
+		if (req_seen == 1) { \
+			if (length($1) >= 72) print($1); \
+			else if (length(lastline) < 72) { \
+				req_seen=0; \
+				print (lastline,$1); \
+			} \
+		lastline=$1; \
+		} \
+	} \
+	END { \
+		print "-----END CERTIFICATE REQUEST-----"; \
+	}' > "$FILE".pem < "$FILE".inp 
+
+ssleay ca -batch -in "$FILE".pem -key passwd -out "$FILE".out
+ssleay crl2pkcs7 -certfile "$FILE".out -out "$FILE".pkcs7 -in demoCA/crl.pem
+
+sed s/template_for_sessId/$SESSION_ID/ <ms-enroll2a.html >"$FILE".cert
+/usr/local/bin/gawk \
+	'BEGIN	{ \
+		OFS = ""; \
+		dq = sprintf("%c",34); \
+	} \
+	$0 ~ "PKCS7" { next; } \
+	{ \
+		print dq$0dq" & _"; \
+	}' <"$FILE".pkcs7 >> "$FILE".cert
+cat  ms-enroll2b.html >>"$FILE".cert
+
+echo Content-type: text/html
+echo Content-length: `wc -c "$FILE".cert`
+echo
+cat "$FILE".cert
+rm -f "$FILE".*
+-----END ms-gencert.cgi-----
+
+----BEGIN ms-enroll2a.html----
+<HTML><HEAD><TITLE>Certificate Acceptance Test Page</TITLE></HEAD><BODY>
+
+<OBJECT
+    classid="clsid:33BEC9E0-F78F-11cf-B782-00C04FD7BF43"
+    codebase=certenr3.dll
+    id=certHelper
+    >
+</OBJECT>
+
+<CENTER>
+<H2>Your personal certificate</H2>
+<BR><HR WIDTH=50%><BR><P>
+Press the button!
+<P><INPUT TYPE=BUTTON VALUE="Nimm mich!" NAME="InstallCert">
+</CENTER>
+<BR><HR WIDTH=50%><BR>
+
+<SCRIPT LANGUAGE=VBS>
+    Sub InstallCert_OnClick
+
+	sessionId	= "template_for_sessId"
+credentials = "" & _
+----END ms-enroll2a.html----
+
+----BEGIN ms-enroll2b.html----
+""
+        On Error Resume Next
+        result = certHelper.AcceptCredentials(sessionId, credentials, 0, 
+FALSE)
+        if (IsEmpty(result)) Then
+           sz = "The error '" & Err.Number & "' occurred." & chr(13) & 
+chr(10) & "This Digital ID could not be registered."
+           msgOut = MsgBox(sz, 0, "Credentials Registration Error")
+           navigate "error.html"
+        else
+           sz = "Digital ID successfully registered."
+           msgOut = MsgBox(sz, 0, "Credentials Registration")
+           navigate "success.html"
+        end if
+	Exit Sub
+    End Sub
+</SCRIPT>
+</BODY>
+</HTML>
+----END ms-enroll2b.html----
+
+4.) What do do with the cert?
+-----------------------------
+
+The cert is visible (without restarting MSIE) under the following menu:
+View->Options->Security->Personal certs. You can examine it's contents at 
+least partially.
+
+To use it for client authentication you need to use SSL3.0 (fortunately 
+SSLeay supports it with 0.8.0). Furthermore MSIE is told to only supports a 
+kind of automatic selection of certs (I personally wasn't able to test it 
+myself). But there is a requirement that the issuer of the server cert and 
+the issuer of the client cert needs to be the same (according to a developer 
+from MS). Which means: you need may more then one cert to talk to all 
+servers...
+
+I'm sure we will get a bit more experience after ApacheSSL is available for 
+SSLeay 0.8.8.
+
+
+I hope you enjoyed reading and that in future questions on this topic will 
+rarely appear on ssl-users@moncom.com ;-)
+
+Ilmenau, 9th of June 1997
+Holger Reif <reif@prakinf.tu-ilmenau.de>
+-- 
+read you later  -  Holger Reif
+----------------------------------------  Signaturprojekt Deutsche Einheit
+TU Ilmenau - Informatik - Telematik                      (Verdamp lang her)
+Holger.Reif@PrakInf.TU-Ilmenau.DE         Alt wie ein Baum werden, um ueber
+http://Remus.PrakInf.TU-Ilmenau.DE/Reif/  alle 7 Bruecken gehen zu koennen
+
+
+==== ns-ca.doc ========================================================
+
+The following documentation was supplied by Jeff Barber, who provided the
+patch to the CA program to add this functionality.
+
+eric
+--
+Jeff Barber                                Email: jeffb@issl.atl.hp.com
+
+Hewlett Packard                            Phone: (404) 648-9503
+Internet and System Security Lab           Fax:   (404) 648-9516
+
+                         oo
+---------------------cut /\ here for ns-ca.doc ------------------------------
+
+This document briefly describes how to use SSLeay to implement a 
+certificate authority capable of dynamically serving up client
+certificates for version 3.0 beta 5 (and presumably later) versions of
+the Netscape Navigator.  Before describing how this is done, it's
+important to understand a little about how the browser implements its
+client certificate support.  This is documented in some detail in the
+URLs based at <URL:http://home.netscape.com/eng/security/certs.html>.
+Here's a brief overview:
+
+-	The Navigator supports a new HTML tag "KEYGEN" which will cause
+	the browser to generate an RSA key pair when you submit a form
+	containing the tag.  The public key, along with an optional
+	challenge (supposedly provided for use in certificate revocation
+	but I don't use it) is signed, DER-encoded, base-64 encoded
+	and sent to the web server as the value of the variable
+	whose NAME is provided in the KEYGEN tag.  The private key is
+	stored by the browser in a local key database.
+
+	This "Signed Public Key And Challenge" (SPKAC) arrives formatted
+	into 64 character lines (which are of course URL-encoded when 
+	sent via HTTP -- i.e. spaces, newlines and most punctuatation are
+	encoded as "%HH" where HH is the hex equivalent of the ASCII code).
+	Note that the SPKAC does not contain the other usual attributes
+	of a certificate request, especially the subject name fields.
+	These must be otherwise encoded in the form for submission along
+	with the SPKAC.
+
+-	Either immediately (in response to this form submission), or at
+	some later date (a real CA will probably verify your identity in
+	some way before issuing the certificate), a web server can send a
+	certificate based on the public key and other attributes back to
+	the browser by encoding it in DER (the binary form) and sending it
+	to the browser as MIME type:
+	"Content-type: application/x-x509-user-cert"
+
+	The browser uses the public key encoded in the certificate to
+	associate the certificate with the appropriate private key in
+	its local key database.  Now, the certificate is "installed".
+
+-	When a server wants to require authentication based on client
+	certificates, it uses the right signals via the SSL protocol to
+	trigger the Navigator to ask you which certificate you want to
+	send.  Whether the certificate is accepted is dependent on CA
+	certificates and so forth installed in the server and is beyond
+	the scope of this document.
+
+
+Now, here's how the SSLeay package can be used to provide client 
+certficates:
+
+-	You prepare a file for input to the SSLeay ca application.
+	The file contains a number of "name = value" pairs that identify
+	the subject.  The names here are the same subject name component
+	identifiers used in the CA section of the lib/ssleay.conf file,
+	such as "emailAddress", "commonName" "organizationName" and so
+	forth.  Both the long version and the short version (e.g. "Email",
+	"CN", "O") can be used.
+
+	One more name is supported: this one is "SPKAC".  Its value
+	is simply the value of the base-64 encoded SPKAC sent by the
+	browser (with all the newlines and other space charaters
+	removed -- and newline escapes are NOT supported).
+
+	[ As of SSLeay 0.6.4, multiple lines are supported.
+	  Put a \ at the end of each line and it will be joined with the
+	  previous line with the '\n' removed - eay ]
+	
+	Here's a sample input file:
+
+C = US
+SP = Georgia
+O = Some Organization, Inc.
+OU = Netscape Compatibility Group
+CN = John X. Doe
+Email = jxdoe@someorg.com
+SPKAC = MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAwmk6FMJ4uAVIYbcvIOx5+bDGTfvL8X5gE+R67ccMk6rCSGbVQz2cetyQtnI+VIs0NwdD6wjuSuVtVFbLoHonowIDAQABFgAwDQYJKoZIhvcNAQEEBQADQQBFZDUWFl6BJdomtN1Bi53mwijy1rRgJ4YirF15yBEDM3DjAQkKXHYOIX+qpz4KXKnl6EYxTnGSFL5wWt8X2iyx
+
+-	You execute the ca command (either from a CGI program run out of
+	the web server, or as a later manual task) giving it the above
+	file as input.  For example, if the file were named /tmp/cert.req,
+	you'd run:
+	$SSLDIR/bin/ca -spkac /tmp/cert.req -out /tmp/cert
+
+	The output is in DER format (binary) if a -out argument is 
+	provided, as above; otherwise, it's in the PEM format (base-64
+	encoded DER).  Also, the "-batch" switch is implied by the
+	"-spkac" so you don't get asked whether to complete the signing
+	(probably it shouldn't work this way but I was only interested
+	in hacking together an online CA that could be used for issuing
+	test certificates).
+
+	The "-spkac" capability doesn't support multiple files (I think).
+
+	Any CHALLENGE provided in the SPKAC is simply ignored.
+
+	The interactions between the identification fields you provide
+	and those identified in your lib/ssleay.conf are the same as if
+	you did an ordinary "ca -in infile -out outfile" -- that is, if
+	something is marked as required in the ssleay.conf file and it
+	isn't found in the -spkac file, the certificate won't be issued.
+
+-	Now, you pick up the output from /tmp/cert and pass it back to
+	the Navigator prepending the Content-type string described earlier.
+
+-	In order to run the ca command out of a CGI program, you must
+	provide a password to decrypt the CA's private key.  You can
+	do this by using "echo MyKeyPassword | $SSLDIR/bin/ca ..."
+	I think there's a way to not encrypt the key file in the first
+	place, but I didn't see how to do that, so I made a small change
+	to the library that allows the password to be accepted from a pipe.
+	Either way is UTTERLY INSECURE and a real CA would never do that.
+
+	[ You can use the 'ssleay rsa' command to remove the password
+	  from the private key, or you can use the '-key' option to the
+	  ca command to specify the decryption key on the command line
+	  or use the -nodes option when generating the key.
+	  ca will try to clear the command line version of the password
+	  but for quite a few operating systems, this is not possible.
+	  - eric ]
+
+So, what do you have to do to make use of this stuff to create an online 
+demo CA capability with SSLeay?
+
+1	Create an HTML form for your users.  The form should contain
+	fields for all of the required or optional fields in ssleay.conf.
+	The form must contain a KEYGEN tag somewhere with at least a NAME
+	attribute.
+
+2	Create a CGI program to process the form input submitted by the
+	browser.  The CGI program must URL-decode the variables and create
+	the file described above, containing subject identification info
+	as well as the SPKAC block.  It should then run the the ca program
+	with the -spkac option.  If it works (check the exit status),
+	return the new certificate with the appropriate MIME type.  If not,
+	return the output of the ca command with MIME type "text/plain".
+
+3	Set up your web server to accept connections signed by your demo
+	CA.  This probably involves obtaining the PEM-encoded CA certificate
+	(ordinarily in $SSLDIR/CA/cacert.pem) and installing it into a
+	server database.  See your server manual for instructions.
+
+
+==== obj.doc ========================================================
+
+The Object library.
+
+As part of my Crypto library, I found I required a method of identifying various
+objects.  These objects normally had 3 different values associated with
+them, a short text name, a long (or lower case) text name, and an
+ASN.1 Object Identifier (which is a sequence of numbers).
+This library contains a static list of objects and functions to lookup
+according to one type and to return the other types.
+
+To use these routines, 'Object.h' needs to be included.
+
+For each supported object, #define entries are defined as follows
+#define SN_Algorithm			"Algorithm"
+#define LN_algorithm			"algorithm"
+#define NID_algorithm			38
+#define OBJ_algorithm			1L,3L,14L,3L,2L
+
+SN_  stands for short name.
+LN_  stands for either long name or lowercase name.
+NID_ stands for Numeric ID.  I each object has a unique NID and this
+     should be used internally to identify objects.
+OBJ_ stands for ASN.1 Object Identifier or ASN1_OBJECT as defined in the
+     ASN1 routines.  These values are used in ASN1 encoding.
+
+The following functions are to be used to return pointers into a static
+definition of these types.  What this means is "don't try to free() any
+pointers returned from these functions.
+
+ASN1_OBJECT *OBJ_nid2obj(
+int n);
+	Return the ASN1_OBJECT that corresponds to a NID of n.
+	
+char *OBJ_nid2ln(
+int n);
+	Return the long/lower case name of the object represented by the
+	NID of n.
+	
+char *OBJ_nid2sn(
+int n);
+	Return the short name for the object represented by the NID of n.
+
+ASN1_OBJECT *OBJ_dup(
+ASN1_OBJECT *o);
+	Duplicate and return a new ASN1_OBJECT that is the same as the
+	passed parameter.
+	
+int OBJ_obj2nid(
+ASN1_OBJECT *o);
+	Given ASN1_OBJECT o, return the NID that corresponds.
+	
+int OBJ_ln2nid(
+char *s);
+	Given the long/lower case name 's', return the NID of the object.
+	
+int OBJ_sn2nid(
+char *s);
+	Given the short name 's', return the NID of the object.
+	
+char *OBJ_bsearch(
+char *key,
+char *base,
+int num,
+int size,
+int (*cmp)());
+	Since I have come across a few platforms that do not have the
+	bsearch() function, OBJ_bsearch is my version of that function.
+	Feel free to use this function, but you may as well just use the
+	normal system bsearch(3) if it is present.  This version also
+	has tolerance of being passed NULL pointers.
+
+==== keys ===========================================================
+
+EVP_PKEY_DSA
+EVP_PKEY_DSA2
+EVP_PKEY_DSA3
+EVP_PKEY_DSA4
+
+EVP_PKEY_RSA
+EVP_PKEY_RSA2
+
+valid DSA pkey types
+	NID_dsa
+	NID_dsaWithSHA
+	NID_dsaWithSHA1
+	NID_dsaWithSHA1_2
+
+valid RSA pkey types
+	NID_rsaEncryption
+	NID_rsa
+
+NID_dsaWithSHA	NID_dsaWithSHA			DSA		SHA
+NID_dsa		NID_dsaWithSHA1			DSA		SHA1
+NID_md2		NID_md2WithRSAEncryption	RSA-pkcs1	MD2
+NID_md5		NID_md5WithRSAEncryption	RSA-pkcs1	MD5
+NID_mdc2	NID_mdc2WithRSA			RSA-none	MDC2
+NID_ripemd160	NID_ripemd160WithRSA		RSA-pkcs1	RIPEMD160
+NID_sha		NID_shaWithRSAEncryption	RSA-pkcs1	SHA
+NID_sha1	NID_sha1WithRSAEncryption	RSA-pkcs1	SHA1
+
+==== rand.doc ========================================================
+
+My Random number library.
+
+These routines can be used to generate pseudo random numbers and can be
+used to 'seed' the pseudo random number generator (RNG).  The RNG make no
+effort to reproduce the same random number stream with each execution.
+Various other routines in the SSLeay library 'seed' the RNG when suitable
+'random' input data is available.  Read the section at the end for details
+on the design of the RNG.
+
+void RAND_bytes(
+unsigned char *buf,
+int num);
+	This routine puts 'num' random bytes into 'buf'.  One should make
+	sure RAND_seed() has been called before using this routine.
+	
+void RAND_seed(
+unsigned char *buf,
+int num);
+	This routine adds more 'seed' data the RNG state.  'num' bytes
+	are added to the RNG state, they are taken from 'buf'.  This
+	routine can be called with sensitive data such as user entered
+	passwords.  This sensitive data is in no way recoverable from
+	the RAND library routines or state.  Try to pass as much data
+	from 'random' sources as possible into the RNG via this function.
+	Also strongly consider using the RAND_load_file() and
+	RAND_write_file() routines.
+
+void RAND_cleanup();
+	When a program has finished with the RAND library, if it so
+	desires, it can 'zero' all RNG state.
+	
+The following 3 routines are convenience routines that can be used to
+'save' and 'restore' data from/to the RNG and it's state.
+Since the more 'random' data that is feed as seed data the better, why not
+keep it around between executions of the program?  Of course the
+application should pass more 'random' data in via RAND_seed() and 
+make sure no-one can read the 'random' data file.
+	
+char *RAND_file_name(
+char *buf,
+int size);
+	This routine returns a 'default' name for the location of a 'rand'
+	file.  The 'rand' file should keep a sequence of random bytes used
+	to initialise the RNG.  The filename is put in 'buf'.  Buf is 'size'
+	bytes long.  Buf is returned if things go well, if they do not,
+	NULL is returned.  The 'rand' file name is generated in the
+	following way.  First, if there is a 'RANDFILE' environment
+	variable, it is returned.  Second, if there is a 'HOME' environment
+	variable, $HOME/.rand is returned.  Third, NULL is returned.  NULL
+	is also returned if a buf would overflow.
+
+int RAND_load_file(
+char *file,
+long number);
+	This function 'adds' the 'file' into the RNG state.  It does this by
+	doing a RAND_seed() on the value returned from a stat() system call
+	on the file and if 'number' is non-zero, upto 'number' bytes read
+	from the file.  The number of bytes passed to RAND_seed() is returned.
+
+int RAND_write_file(
+char *file),
+	RAND_write_file() writes N random bytes to the file 'file', where
+	N is the size of the internal RND state (currently 1k).
+	This is a suitable method of saving RNG state for reloading via
+	RAND_load_file().
+
+What follows is a description of this RNG and a description of the rational
+behind it's design.
+
+It should be noted that this RNG is intended to be used to generate
+'random' keys for various ciphers including generation of DH and RSA keys.  
+
+It should also be noted that I have just created a system that I am happy with.
+It may be overkill but that does not worry me.  I have not spent that much
+time on this algorithm so if there are glaring errors, please let me know.
+Speed has not been a consideration in the design of these routines.
+
+First up I will state the things I believe I need for a good RNG.
+1) A good hashing algorithm to mix things up and to convert the RNG 'state'
+   to random numbers.
+2) An initial source of random 'state'.
+3) The state should be very large.  If the RNG is being used to generate
+   4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum).
+   If your RNG state only has 128 bits, you are obviously limiting the
+   search space to 128 bits, not 2048.  I'm probably getting a little
+   carried away on this last point but it does indicate that it may not be
+   a bad idea to keep quite a lot of RNG state.  It should be easier to
+   break a cipher than guess the RNG seed data.
+4) Any RNG seed data should influence all subsequent random numbers
+   generated.  This implies that any random seed data entered will have
+   an influence on all subsequent random numbers generated.
+5) When using data to seed the RNG state, the data used should not be
+   extractable from the RNG state.  I believe this should be a
+   requirement because one possible source of 'secret' semi random
+   data would be a private key or a password.  This data must
+   not be disclosed by either subsequent random numbers or a
+   'core' dump left by a program crash.
+6) Given the same initial 'state', 2 systems should deviate in their RNG state
+   (and hence the random numbers generated) over time if at all possible.
+7) Given the random number output stream, it should not be possible to determine
+   the RNG state or the next random number.
+
+
+The algorithm is as follows.
+
+There is global state made up of a 1023 byte buffer (the 'state'), a
+working message digest ('md') and a counter ('count').
+
+Whenever seed data is added, it is inserted into the 'state' as
+follows.
+	The input is chopped up into units of 16 bytes (or less for
+	the last block).  Each of these blocks is run through the MD5
+	message digest.  The data passed to the MD5 digest is the
+	current 'md', the same number of bytes from the 'state'
+	(the location determined by in incremented looping index) as
+	the current 'block' and the new key data 'block'.  The result
+	of this is kept in 'md' and also xored into the 'state' at the
+	same locations that were used as input into the MD5.
+	I believe this system addresses points 1 (MD5), 3 (the 'state'),
+	4 (via the 'md'), 5 (by the use of MD5 and xor).
+
+When bytes are extracted from the RNG, the following process is used.
+For each group of 8 bytes (or less), we do the following,
+	Input into MD5, the top 8 bytes from 'md', the byte that are
+	to be overwritten by the random bytes and bytes from the
+	'state' (incrementing looping index).  From this digest output
+	(which is kept in 'md'), the top (upto) 8 bytes are
+	returned to the caller and the bottom (upto) 8 bytes are xored
+	into the 'state'.
+	Finally, after we have finished 'generation' random bytes for the
+	called, 'count' (which is incremented) and 'md' are fed into MD5 and
+	the results are kept in 'md'.
+	I believe the above addressed points 1 (use of MD5), 6 (by
+	hashing into the 'state' the 'old' data from the caller that
+	is about to be overwritten) and 7 (by not using the 8 bytes
+	given to the caller to update the 'state', but they are used
+	to update 'md').
+
+So of the points raised, only 2 is not addressed, but sources of
+random data will always be a problem.
+	
+
+==== rc2.doc ========================================================
+
+The RC2 library.
+
+RC2 is a block cipher that operates on 64bit (8 byte) quantities.  It
+uses variable size key, but 128bit (16 byte) key would normally be considered
+good.  It can be used in all the modes that DES can be used.  This
+library implements the ecb, cbc, cfb64, ofb64 modes.
+
+I have implemented this library from an article posted to sci.crypt on
+11-Feb-1996.  I personally don't know how far to trust the RC2 cipher.
+While it is capable of having a key of any size, not much reseach has
+publically been done on it at this point in time (Apr-1996)
+since the cipher has only been public for a few months :-)
+It is of a similar speed to DES and IDEA, so unless it is required for
+meeting some standard (SSLv2, perhaps S/MIME), it would probably be advisable
+to stick to IDEA, or for the paranoid, Tripple DES.
+
+Mind you, having said all that, I should mention that I just read alot and
+implement ciphers, I'm a 'babe in the woods' when it comes to evaluating
+ciphers :-).
+
+For all calls that have an 'input' and 'output' variables, they can be the
+same.
+
+This library requires the inclusion of 'rc2.h'.
+
+All of the encryption functions take what is called an RC2_KEY as an 
+argument.  An RC2_KEY is an expanded form of the RC2 key.
+For all modes of the RC2 algorithm, the RC2_KEY used for
+decryption is the same one that was used for encryption.
+
+The define RC2_ENCRYPT is passed to specify encryption for the functions
+that require an encryption/decryption flag. RC2_DECRYPT is passed to
+specify decryption.
+
+Please note that any of the encryption modes specified in my DES library
+could be used with RC2.  I have only implemented ecb, cbc, cfb64 and
+ofb64 for the following reasons.
+- ecb is the basic RC2 encryption.
+- cbc is the normal 'chaining' form for block ciphers.
+- cfb64 can be used to encrypt single characters, therefore input and output
+  do not need to be a multiple of 8.
+- ofb64 is similar to cfb64 but is more like a stream cipher, not as
+  secure (not cipher feedback) but it does not have an encrypt/decrypt mode.
+- If you want triple RC2, thats 384 bits of key and you must be totally
+  obsessed with security.  Still, if you want it, it is simple enough to
+  copy the function from the DES library and change the des_encrypt to
+  RC2_encrypt; an exercise left for the paranoid reader :-).
+
+The functions are as follows:
+
+void RC2_set_key(
+RC2_KEY *ks;
+int len;
+unsigned char *key;
+int bits;
+        RC2_set_key converts an 'len' byte key into a RC2_KEY.
+        A 'ks' is an expanded form of the 'key' which is used to
+        perform actual encryption.  It can be regenerated from the RC2 key
+        so it only needs to be kept when encryption or decryption is about
+        to occur.  Don't save or pass around RC2_KEY's since they
+        are CPU architecture dependent, 'key's are not.  RC2 is an
+	interesting cipher in that it can be used with a variable length
+	key.  'len' is the length of 'key' to be used as the key.
+	A 'len' of 16 is recomended.  The 'bits' argument is an
+	interesting addition which I only found out about in Aug 96.
+	BSAFE uses this parameter to 'limit' the number of bits used
+	for the key.  To use the 'key' unmodified, set bits to 1024.
+	This is what old versions of my RC2 library did (SSLeay 0.6.3).
+	RSAs BSAFE library sets this parameter to be 128 if 128 bit
+	keys are being used.  So to be compatable with BSAFE, set it
+	to 128, if you don't want to reduce RC2's key length, leave it
+	at 1024.
+	
+void RC2_encrypt(
+unsigned long *data,
+RC2_KEY *key,
+int encrypt);
+	This is the RC2 encryption function that gets called by just about
+	every other RC2 routine in the library.  You should not use this
+	function except to implement 'modes' of RC2.  I say this because the
+	functions that call this routine do the conversion from 'char *' to
+	long, and this needs to be done to make sure 'non-aligned' memory
+	access do not occur.
+	Data is a pointer to 2 unsigned long's and key is the
+	RC2_KEY to use.  Encryption or decryption is indicated by 'encrypt'.
+	which can have the values RC2_ENCRYPT or RC2_DECRYPT.
+
+void RC2_ecb_encrypt(
+unsigned char *in,
+unsigned char *out,
+RC2_KEY *key,
+int encrypt);
+	This is the basic Electronic Code Book form of RC2 (in DES this
+	mode is called Electronic Code Book so I'm going to use the term
+	for rc2 as well.
+	Input is encrypted into output using the key represented by
+	key.  Depending on the encrypt, encryption or
+	decryption occurs.  Input is 8 bytes long and output is 8 bytes.
+	
+void RC2_cbc_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+RC2_KEY *ks,
+unsigned char *ivec,
+int encrypt);
+	This routine implements RC2 in Cipher Block Chaining mode.
+	Input, which should be a multiple of 8 bytes is encrypted
+	(or decrypted) to output which will also be a multiple of 8 bytes.
+	The number of bytes is in length (and from what I've said above,
+	should be a multiple of 8).  If length is not a multiple of 8, bad 
+	things will probably happen.  ivec is the initialisation vector.
+	This function updates iv after each call so that it can be passed to
+	the next call to RC2_cbc_encrypt().
+	
+void RC2_cfb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+RC2_KEY *schedule,
+unsigned char *ivec,
+int *num,
+int encrypt);
+	This is one of the more useful functions in this RC2 library, it
+	implements CFB mode of RC2 with 64bit feedback.
+	This allows you to encrypt an arbitrary number of bytes,
+	you do not require 8 byte padding.  Each call to this
+	routine will encrypt the input bytes to output and then update ivec
+	and num.  Num contains 'how far' we are though ivec.
+	'Encrypt' is used to indicate encryption or decryption.
+	CFB64 mode operates by using the cipher to generate a stream
+	of bytes which is used to encrypt the plain text.
+	The cipher text is then encrypted to generate the next 64 bits to
+	be xored (incrementally) with the next 64 bits of plain
+	text.  As can be seen from this, to encrypt or decrypt,
+	the same 'cipher stream' needs to be generated but the way the next
+	block of data is gathered for encryption is different for
+	encryption and decryption.
+	
+void RC2_ofb64_encrypt(
+unsigned char *in,
+unsigned char *out,
+long length,
+RC2_KEY *schedule,
+unsigned char *ivec,
+int *num);
+	This functions implements OFB mode of RC2 with 64bit feedback.
+	This allows you to encrypt an arbitrary number of bytes,
+	you do not require 8 byte padding.  Each call to this
+	routine will encrypt the input bytes to output and then update ivec
+	and num.  Num contains 'how far' we are though ivec.
+	This is in effect a stream cipher, there is no encryption or
+	decryption mode.
+	
+For reading passwords, I suggest using des_read_pw_string() from my DES library.
+To generate a password from a text string, I suggest using MD5 (or MD2) to
+produce a 16 byte message digest that can then be passed directly to
+RC2_set_key().
+
+=====
+For more information about the specific RC2 modes in this library
+(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the
+documentation on my DES library.  What is said about DES is directly
+applicable for RC2.
+
+
+==== rc4.doc ========================================================
+
+The RC4 library.
+RC4 is a stream cipher that operates on a byte stream.  It can be used with
+any length key but I would recommend normally using 16 bytes.
+
+This library requires the inclusion of 'rc4.h'.
+
+The RC4 encryption function takes what is called an RC4_KEY as an argument.
+The RC4_KEY is generated by the RC4_set_key function from the key bytes.
+
+RC4, being a stream cipher, does not have an encryption or decryption mode.
+It produces a stream of bytes that the input stream is xor'ed against and
+so decryption is just a case of 'encrypting' again with the same key.
+
+I have only put in one 'mode' for RC4 which is the normal one.  This means
+there is no initialisation vector and there is no feedback of the cipher
+text into the cipher.  This implies that you should not ever use the
+same key twice if you can help it.  If you do, you leave yourself open to
+known plain text attacks; if you know the plain text and
+corresponding cipher text in one message, all messages that used the same
+key can have the cipher text decoded for the corresponding positions in the
+cipher stream.
+
+The main positive feature of RC4 is that it is a very fast cipher; about 4
+times faster that DES.  This makes it ideally suited to protocols where the
+key is randomly chosen, like SSL.
+
+The functions are as follows:
+
+void RC4_set_key(
+RC4_KEY *key;
+int len;
+unsigned char *data);
+	This function initialises the RC4_KEY structure with the key passed
+	in 'data', which is 'len' bytes long.  The key data can be any
+	length but 16 bytes seems to be a good number.
+
+void RC4(
+RC4_KEY *key;
+unsigned long len;
+unsigned char *in;
+unsigned char *out);
+	Do the actual RC4 encryption/decryption.  Using the 'key', 'len'
+	bytes are transformed from 'in' to 'out'.  As mentioned above,
+	decryption is the operation as encryption.
+
+==== ref.doc ========================================================
+
+I have lots more references etc, and will update this list in the future,
+30 Aug 1996 - eay
+
+
+SSL	The SSL Protocol - from Netscapes.
+
+RC4	Newsgroups: sci.crypt
+	From: sterndark@netcom.com (David Sterndark)
+	Subject: RC4 Algorithm revealed.
+	Message-ID: <sternCvKL4B.Hyy@netcom.com>
+
+RC2	Newsgroups: sci.crypt
+	From: pgut01@cs.auckland.ac.nz (Peter Gutmann)
+	Subject: Specification for Ron Rivests Cipher No.2
+	Message-ID: <4fk39f$f70@net.auckland.ac.nz>
+
+MD2	RFC1319 The MD2 Message-Digest Algorithm
+MD5	RFC1321 The MD5 Message-Digest Algorithm
+
+X509 Certificates
+	RFC1421 Privacy Enhancement for Internet Electronic Mail: Part I
+	RFC1422 Privacy Enhancement for Internet Electronic Mail: Part II
+	RFC1423 Privacy Enhancement for Internet Electronic Mail: Part III
+	RFC1424 Privacy Enhancement for Internet Electronic Mail: Part IV
+
+RSA and various standard encoding
+	PKCS#1 RSA Encryption Standard
+	PKCS#5 Password-Based Encryption Standard
+	PKCS#7 Cryptographic Message Syntax Standard
+	A Layman's Guide to a Subset of ASN.1, BER, and DER
+	An Overview of the PKCS Standards
+	Some Examples of the PKCS Standards
+
+IDEA	Chapter 3 The Block Cipher IDEA
+
+RSA, prime number generation and bignum algorithms
+	Introduction To Algorithms,
+	Thomas Cormen, Charles Leiserson, Ronald Rivest,
+	Section 29 Arithmetic Circuits
+	Section 33 Number-Theoretic Algorithms
+
+Fast Private Key algorithm
+	Fast Decipherment Algorithm for RSA Public-Key Cryptosystem
+	J.-J. Quisquater and C. Couvreur, Electronics Letters,
+	14th October 1982, Vol. 18 No. 21
+
+Prime number generation and bignum algorithms.
+	PGP-2.3a
+
+==== rsa.doc ========================================================
+
+The RSA encryption and utility routines.
+
+The RSA routines are built on top of a big number library (the BN library).
+There are support routines in the X509 library for loading and manipulating
+the various objects in the RSA library.  When errors are returned, read
+about the ERR library for how to access the error codes.
+
+All RSA encryption is done according to the PKCS-1 standard which is
+compatible with PEM and RSAref.  This means that any values being encrypted
+must be less than the size of the modulus in bytes, minus 10, bytes long.
+
+This library uses RAND_bytes()() for it's random data, make sure to feed
+RAND_seed() with lots of interesting and varied data before using these
+routines.
+
+The RSA library has one specific data type, the RSA structure.
+It is composed of 8 BIGNUM variables (see the BN library for details) and
+can hold either a private RSA key or a public RSA key.
+Some RSA libraries have different structures for public and private keys, I
+don't.  For my libraries, a public key is determined by the fact that the
+RSA->d value is NULL.  These routines will operate on any size RSA keys.
+While I'm sure 4096 bit keys are very very secure, they take a lot longer
+to process that 1024 bit keys :-).
+
+The function in the RSA library are as follows.
+
+RSA *RSA_new();
+	This function creates a new RSA object.  The sub-fields of the RSA
+	type are also malloced so you should always use this routine to
+	create RSA variables.
+	
+void RSA_free(
+RSA *rsa);
+	This function 'frees' an RSA structure.  This routine should always
+	be used to free the RSA structure since it will also 'free' any
+	sub-fields of the RSA type that need freeing.
+	
+int RSA_size(
+RSA *rsa);	
+	This function returns the size of the RSA modulus in bytes.  Why do
+	I need this you may ask, well the reason is that when you encrypt
+	with RSA, the output string will be the size of the RSA modulus.
+	So the output for the RSA_encrypt and the input for the RSA_decrypt
+	routines need to be RSA_size() bytes long, because this is how many
+	bytes are expected.
+	
+For the following 4 RSA encryption routines, it should be noted that
+RSA_private_decrypt() should be used on the output from 
+RSA_public_encrypt() and RSA_public_decrypt() should be used on
+the output from RSA_private_encrypt().
+	
+int RSA_public_encrypt(
+int from_len;
+unsigned char *from	
+unsigned char *to	
+RSA *rsa);
+	This function implements RSA public encryption, the rsa variable
+	should be a public key (but can be a private key).  'from_len'
+	bytes taken from 'from' and encrypted and put into 'to'.  'to' needs
+	to be at least RSA_size(rsa) bytes long.  The number of bytes
+	written into 'to' is returned.  -1 is returned on an error.  The
+	operation performed is
+	to = from^rsa->e mod rsa->n.
+	
+int RSA_private_encrypt(
+int from_len;
+unsigned char *from	
+unsigned char *to	
+RSA *rsa);
+	This function implements RSA private encryption, the rsa variable
+	should be a private key.  'from_len' bytes taken from
+	'from' and encrypted and put into 'to'.  'to' needs
+	to be at least RSA_size(rsa) bytes long.  The number of bytes
+	written into 'to' is returned.  -1 is returned on an error.  The
+	operation performed is
+	to = from^rsa->d mod rsa->n.
+
+int RSA_public_decrypt(
+int from_len;
+unsigned char *from	
+unsigned char *to	
+RSA *rsa);
+	This function implements RSA public decryption, the rsa variable
+	should be a public key (but can be a private key).  'from_len'
+	bytes are taken from 'from' and decrypted.  The decrypted data is
+	put into 'to'.  The number of bytes encrypted is returned.  -1 is
+	returned to indicate an error. The operation performed is
+	to = from^rsa->e mod rsa->n.
+
+int RSA_private_decrypt(
+int from_len;
+unsigned char *from	
+unsigned char *to	
+RSA *rsa);
+	This function implements RSA private decryption, the rsa variable
+	should be a private key.  'from_len' bytes are taken
+	from 'from' and decrypted.  The decrypted data is
+	put into 'to'.  The number of bytes encrypted is returned.  -1 is
+	returned to indicate an error. The operation performed is
+	to = from^rsa->d mod rsa->n.
+
+int RSA_mod_exp(
+BIGNUM *n;
+BIGNUM *p;
+RSA *rsa);
+	Normally you will never use this routine.
+	This is really an internal function which is called by
+	RSA_private_encrypt() and RSA_private_decrypt().  It performs
+	n=n^p mod rsa->n except that it uses the 5 extra variables in the
+	RSA structure to make this more efficient.
+	
+RSA *RSA_generate_key(
+int bits;
+unsigned long e;
+void (*callback)();
+char *cb_arg;
+	This routine is used to generate RSA private keys.  It takes
+	quite a period of time to run and should only be used to
+	generate initial private keys that should then be stored
+	for later use.  The passed callback function 
+	will be called periodically so that feedback can be given
+	as to how this function is progressing.
+	'bits' is the length desired for the modulus, so it would be 1024
+	to generate a 1024 bit private key.
+	'e' is the value to use for the public exponent 'e'.  Traditionally
+	it is set to either 3 or 0x10001.
+	The callback function (if not NULL) is called in the following
+	situations.
+	when we have generated a suspected prime number to test,
+	callback(0,num1++,cb_arg).  When it passes a prime number test,
+	callback(1,num2++,cb_arg).  When it is rejected as one of
+	the 2 primes required due to gcd(prime,e value) != 0,
+	callback(2,num3++,cb_arg).  When finally accepted as one
+	of the 2 primes, callback(3,num4++,cb_arg).
+
+
+==== rsaref.doc ========================================================
+
+This package can be compiled to use the RSAref library.
+This library is not allowed outside of the USA but inside the USA it is
+claimed by RSA to be the only RSA public key library that can be used
+besides BSAFE..
+
+There are 2 files, rsaref/rsaref.c and rsaref/rsaref.h that contain the glue
+code to use RSAref.  These files were written by looking at the PGP
+source code and seeing which routines it used to access RSAref.
+I have also been sent by some-one a copy of the RSAref header file that
+contains the library error codes.
+
+[ Jun 1996 update - I have recently gotten hold of RSAref 2.0 from
+  South Africa and have been doing some performace tests. ]
+	
+They have now been tested against the recently announced RSAEURO
+library.
+
+There are 2 ways to use SSLeay and RSAref.  First, to build so that
+the programs must be linked with RSAref, add '-DRSAref' to CFLAG in the top
+level makefile and -lrsaref (or where ever you are keeping RSAref) to
+EX_LIBS.
+
+To build a makefile via util/mk1mf.pl to do this, use the 'rsaref' option.
+
+The second method is to build as per normal and link applications with
+the RSAglue library.  The correct library order would be
+cc -o cmd cmd.o -lssl -lRSAglue -lcrypto -lrsaref -ldes
+The RSAglue library is built in the rsa directory and is NOT
+automatically installed.
+
+Be warned that the RSAEURO library, that is claimed to be compatible
+with RSAref contains a different value for the maximum number of bits
+supported.  This changes structure sizes and so if you are using
+RSAEURO, change the value of RSAref_MAX_BITS in rsa/rsaref.h
+
+
+==== s_mult.doc ========================================================
+
+s_mult is a test program I hacked up on a Sunday for testing non-blocking
+IO.  It has a select loop at it's centre that handles multiple readers
+and writers.
+
+Try the following command
+ssleay s_mult -echo -nbio -ssl -v
+echo - sends any sent text back to the sender
+nbio - turns on non-blocking IO
+ssl  - accept SSL connections, default is normal text
+v    - print lots
+	type Q<cr> to quit
+
+In another window, run the following
+ssleay s_client -pause </etc/termcap
+
+The pause option puts in a 1 second pause in each read(2)/write(2) call
+so the other end will have read()s fail.
+
+==== session.doc ========================================================
+
+I have just checked over and re-worked the session stuff.
+The following brief example will ignore all setup information to do with
+authentication.
+
+Things operate as follows.
+
+The SSL environment has a 'context', a SSL_CTX structure.  This holds the
+cached SSL_SESSIONS (which can be reused) and the certificate lookup
+information.  Each SSL structure needs to be associated with a SSL_CTX.
+Normally only one SSL_CTX structure is needed per program.
+
+SSL_CTX *SSL_CTX_new(void ); 
+void    SSL_CTX_free(SSL_CTX *);
+These 2 functions create and destroy SSL_CTX structures
+
+The SSL_CTX has a session_cache_mode which is by default,
+in SSL_SESS_CACHE_SERVER mode.  What this means is that the library
+will automatically add new session-id's to the cache apon sucsessful
+SSL_accept() calls.
+If SSL_SESS_CACHE_CLIENT is set, then client certificates are also added
+to the cache.
+SSL_set_session_cache_mode(ctx,mode)  will set the 'mode' and
+SSL_get_session_cache_mode(ctx) will get the cache 'mode'.
+The modes can be
+SSL_SESS_CACHE_OFF	- no caching
+SSL_SESS_CACHE_CLIENT	- only SSL_connect()
+SSL_SESS_CACHE_SERVER	- only SSL_accept()
+SSL_SESS_NO_CACHE_BOTH	- Either SSL_accept() or SSL_connect().
+If SSL_SESS_CACHE_NO_AUTO_CLEAR is set, old timed out sessions are
+not automatically removed each 255, SSL_connect()s or SSL_accept()s.
+
+By default, apon every 255 successful SSL_connect() or SSL_accept()s,
+the cache is flush.  Please note that this could be expensive on
+a heavily loaded SSL server, in which case, turn this off and
+clear the cache of old entries 'manually' (with one of the functions
+listed below) every few hours.  Perhaps I should up this number, it is hard
+to say.  Remember, the '255' new calls is just a mechanims to get called
+every now and then, in theory at most 255 new session-id's will have been
+added but if 100 are added every minute, you would still have
+500 in the cache before any would start being flushed (assuming a 3 minute
+timeout)..
+
+int SSL_CTX_sess_hits(SSL_CTX *ctx);
+int SSL_CTX_sess_misses(SSL_CTX *ctx);
+int SSL_CTX_sess_timeouts(SSL_CTX *ctx);
+These 3 functions return statistics about the SSL_CTX.  These 3 are the
+number of session id reuses.  hits is the number of reuses, misses are the
+number of lookups that failed, and timeouts is the number of cached
+entries ignored because they had timeouted.
+
+ctx->new_session_cb is a function pointer to a function of type
+int new_session_callback(SSL *ssl,SSL_SESSION *new);
+This function, if set in the SSL_CTX structure is called whenever a new
+SSL_SESSION is added to the cache.  If the callback returns non-zero, it
+means that the application will have to do a SSL_SESSION_free()
+on the structure (this is
+to do with the cache keeping the reference counts correct, without the
+application needing to know about it.
+The 'active' parameter is the current SSL session for which this connection
+was created.
+
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,int (*cb)());
+to set the callback,
+int (*cb)() SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)
+to get the callback.
+
+If the 'get session' callback is set, when a session id is looked up and
+it is not in the session-id cache, this callback is called.  The callback is
+of the form
+SSL_SESSION *get_session_callback(unsigned char *sess_id,int sess_id_len,
+	int *copy);
+
+The get_session_callback is intended to return null if no session id is found.
+The reference count on the SSL_SESSION in incremented by the SSL library,
+if copy is 1.  Otherwise, the reference count is not modified.
+
+void SSL_CTX_sess_set_get_cb(ctx,cb) sets the callback and
+int (*cb)()SSL_CTX_sess_get_get_cb(ctx) returns the callback.
+
+These callbacks are basically indended to be used by processes to
+send their session-id's to other processes.  I currently have not implemented
+non-blocking semantics for these callbacks, it is upto the appication
+to make the callbacks effiecent if they require blocking (perhaps
+by 'saving' them and then 'posting them' when control returns from
+the SSL_accept().
+
+LHASH *SSL_CTX_sessions(SSL_CTX *ctx)
+This returns the session cache.  The lhash strucutre can be accessed for
+statistics about the cache.
+
+void lh_stats(LHASH *lh, FILE *out);
+void lh_node_stats(LHASH *lh, FILE *out);
+void lh_node_usage_stats(LHASH *lh, FILE *out);
+
+can be used to print details about it's activity and current state.
+You can also delve directly into the lhash structure for 14 different
+counters that are kept against the structure.  When I wrote the lhash library,
+I was interested in gathering statistics :-).
+Have a read of doc/lhash.doc in the SSLeay distribution area for more details
+on the lhash library.
+
+Now as mentioned ealier, when a SSL is created, it needs a SSL_CTX.
+SSL *   SSL_new(SSL_CTX *);
+
+This stores a session.  A session is secret information shared between 2
+SSL contexts.  It will only be created if both ends of the connection have
+authenticated their peer to their satisfaction.  It basically contains
+the information required to use a particular secret key cipher.
+
+To retrieve the SSL_CTX being used by a SSL,
+SSL_CTX *SSL_get_SSL_CTX(SSL *s);
+
+Now when a SSL session is established between to programs, the 'session'
+information that is cached in the SSL_CTX can me manipulated by the
+following functions.
+int SSL_set_session(SSL *s, SSL_SESSION *session);
+This will set the SSL_SESSION to use for the next SSL_connect().  If you use
+this function on an already 'open' established SSL connection, 'bad things
+will happen'.  This function is meaning-less when used on a ssl strucutre
+that is just about to be used in a SSL_accept() call since the
+SSL_accept() will either create a new session or retrieve one from the
+cache.
+
+SSL_SESSION *SSL_get_session(SSL *s);
+This will return the SSL_SESSION for the current SSL, NULL if there is
+no session associated with the SSL structure.
+
+The SSL sessions are kept in the SSL_CTX in a hash table, to remove a
+session
+void    SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
+and to add one
+int    SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
+SSL_CTX_add_session() returns 1 if the session was already in the cache (so it
+was not added).
+Whenever a new session is created via SSL_connect()/SSL_accept(),
+they are automatically added to the cache, depending on the session_cache_mode
+settings.  SSL_set_session()
+does not add it to the cache.  Just call SSL_CTX_add_session() if you do want the
+session added.  For a 'client' this would not normally be the case.
+SSL_CTX_add_session() is not normally ever used, except for doing 'evil' things
+which the next 2 funtions help you do.
+
+int     i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length);
+These 2 functions are in the standard ASN1 library form and can be used to
+load and save to a byte format, the SSL_SESSION structure.
+With these functions, you can save and read these structures to a files or
+arbitary byte string.
+The PEM_write_SSL_SESSION(fp,x) and PEM_read_SSL_SESSION(fp,x,cb) will
+write to a file pointer in base64 encoding.
+
+What you can do with this, is pass session information between separate
+processes.  Please note, that you will probably also need to modify the
+timeout information on the SSL_SESSIONs.
+
+long SSL_get_time(SSL_SESSION *s)
+will return the 'time' that the session
+was loaded.  The timeout is relative to this time.  This information is
+saved when the SSL_SESSION is converted to binarary but it is stored
+in as a unix long, which is rather OS dependant, but easy to convert back.
+
+long SSL_set_time(SSL_SESSION *s,long t) will set the above mentioned time.
+The time value is just the value returned from time(3), and should really
+be defined by be to be time_t.
+
+long SSL_get_timeout(SSL_SESSION *s);
+long SSL_set_timeout(SSL_SESSION *s,long t);
+These 2 retrieve and set the timeout which is just a number of secconds
+from the 'SSL_get_time()' value.  When this time period has elapesed,
+the session will no longer be in the cache (well it will actually be removed
+the next time it is attempted to be retrieved, so you could 'bump'
+the timeout so it remains valid).
+The 'time' and 'timeout' are set on a session when it is created, not reset
+each time it is reused.  If you did wish to 'bump it', just after establishing
+a connection, do a
+SSL_set_time(ssl,time(NULL));
+
+You can also use
+SSL_CTX_set_timeout(SSL_CTX *ctx,unsigned long t) and
+SSL_CTX_get_timeout(SSL_CTX *ctx) to manipulate the default timeouts for
+all SSL connections created against a SSL_CTX.  If you set a timeout in
+an SSL_CTX, all new SSL's created will inherit the timeout.  It can be over
+written by the SSL_set_timeout(SSL *s,unsigned long t) function call.
+If you 'set' the timeout back to 0, the system default will be used.
+
+SSL_SESSION *SSL_SESSION_new();
+void SSL_SESSION_free(SSL_SESSION *ses);
+These 2 functions are used to create and dispose of SSL_SESSION functions.
+You should not ever normally need to use them unless you are using 
+i2d_SSL_SESSION() and/or d2i_SSL_SESSION().  If you 'load' a SSL_SESSION
+via d2i_SSL_SESSION(), you will need to SSL_SESSION_free() it.
+Both SSL_set_session() and SSL_CTX_add_session() will 'take copies' of the
+structure (via reference counts) when it is passed to them.
+
+SSL_CTX_flush_sessions(ctx,time);
+The first function will clear all sessions from the cache, which have expired
+relative to 'time' (which could just be time(NULL)).
+
+SSL_CTX_flush_sessions(ctx,0);
+This is a special case that clears everything.
+
+As a final comment, a 'session' is not enough to establish a new
+connection.  If a session has timed out, a certificate and private key
+need to have been associated with the SSL structure.
+SSL_copy_session_id(SSL *to,SSL *from); will copy not only the session
+strucutre but also the private key and certificate associated with
+'from'.
+
+EXAMPLES.
+
+So lets play at being a weird SSL server.
+
+/* setup a context */
+ctx=SSL_CTX_new();
+
+/* Lets load some session from binary into the cache, why one would do
+ * this is not toally clear, but passing between programs does make sense
+ * Perhaps you are using 4096 bit keys and are happy to keep them
+ * valid for a week, to avoid the RSA overhead of 15 seconds, I'm not toally
+ * sure, perhaps this is a process called from an SSL inetd and this is being 
+ * passed to the application. */
+session=d2i_SSL_SESSION(....)
+SSL_CTX_add_session(ctx,session);
+
+/* Lets even add a session from a file */
+session=PEM_read_SSL_SESSION(....)
+SSL_CTX_add_session(ctx,session);
+
+/* create a new SSL structure */
+ssl=SSL_new(ctx);
+
+/* At this point we want to be able to 'create' new session if
+ * required, so we need a certificate and RSAkey. */
+SSL_use_RSAPrivateKey_file(ssl,...)
+SSL_use_certificate_file(ssl,...)
+
+/* Now since we are a server, it make little sence to load a session against
+ * the ssl strucutre since a SSL_accept() will either create a new session or
+ * grab an existing one from the cache. */
+
+/* grab a socket descriptor */
+fd=accept(...);
+
+/* associated it with the ssl strucutre */
+SSL_set_fd(ssl,fd);
+
+SSL_accept(ssl); /* 'do' SSL using out cert and RSA key */
+
+/* Lets print out the session details or lets save it to a file,
+ * perhaps with a secret key cipher, so that we can pass it to the FBI
+ * when they want to decode the session :-).  While we have RSA
+ * this does not matter much but when I do SSLv3, this will allow a mechanism
+ * for the server/client to record the information needed to decode
+ * the traffic that went over the wire, even when using Diffie-Hellman */
+PEM_write_SSL_SESSION(SSL_get_session(ssl),stdout,....)
+
+Lets 'connect' back to the caller using the same session id.
+
+ssl2=SSL_new(ctx);
+fd2=connect(them);
+SSL_set_fd(ssl2,fd2);
+SSL_set_session(ssl2,SSL_get_session(ssl));
+SSL_connect(ssl2);
+
+/* what the hell, lets accept no more connections using this session */
+SSL_CTX_remove_session(SSL_get_SSL_CTX(ssl),SSL_get_session(ssl));
+
+/* we could have just as easily used ssl2 since they both are using the
+ * same session.
+ * You will note that both ssl and ssl2 are still using the session, and
+ * the SSL_SESSION structure will be free()ed when both ssl and ssl2
+ * finish using the session.  Also note that you could continue to initiate
+ * connections using this session by doing SSL_get_session(ssl) to get the
+ * existing session, but SSL_accept() will not be able to find it to
+ * use for incoming connections.
+ * Of corse, the session will timeout at the far end and it will no
+ * longer be accepted after a while.  The time and timeout are ignored except
+ * by SSL_accept(). */
+
+/* Since we have had our server running for 10 weeks, and memory is getting
+ * short, perhaps we should clear the session cache to remove those
+ * 100000 session entries that have expired.  Some may consider this
+ * a memory leak :-) */
+
+SSL_CTX_flush_sessions(ctx,time(NULL));
+
+/* Ok, after a bit more time we wish to flush all sessions from the cache
+ * so that all new connections will be authenticated and incure the
+ * public key operation overhead */
+
+SSL_CTX_flush_sessions(ctx,0);
+
+/* As a final note, to copy everything to do with a SSL, use */
+SSL_copy_session_id(SSL *to,SSL *from);
+/* as this also copies the certificate and RSA key so new session can
+ * be established using the same details */
+
+
+==== sha.doc ========================================================
+
+The SHA (Secure Hash Algorithm) library.
+SHA is a message digest algorithm that can be used to condense an arbitrary
+length message down to a 20 byte hash.  The functions all need to be passed
+a SHA_CTX which is used to hold the SHA context during multiple SHA_Update()
+function calls.  The normal method of use for this library is as follows
+This library contains both SHA and SHA-1 digest algorithms.  SHA-1 is
+an update to SHA (which should really be called SHA-0 now) which
+tweaks the algorithm slightly.  The SHA-1 algorithm is used by simply
+using SHA1_Init(), SHA1_Update(), SHA1_Final() and SHA1() instead of the
+SHA*() calls
+
+SHA_Init(...);
+SHA_Update(...);
+...
+SHA_Update(...);
+SHA_Final(...);
+
+This library requires the inclusion of 'sha.h'.
+
+The functions are as follows:
+
+void SHA_Init(
+SHA_CTX *c);
+	This function needs to be called to initiate a SHA_CTX structure for
+	use.
+	
+void SHA_Update(
+SHA_CTX *c;
+unsigned char *data;
+unsigned long len);
+	This updates the message digest context being generated with 'len'
+	bytes from the 'data' pointer.  The number of bytes can be any
+	length.
+
+void SHA_Final(
+unsigned char *md;
+SHA_CTX *c;
+	This function is called when a message digest of the data digested
+	with SHA_Update() is wanted.  The message digest is put in the 'md'
+	array and is SHA_DIGEST_LENGTH (20) bytes long.
+
+unsigned char *SHA(
+unsigned char *d;
+unsigned long n;
+unsigned char *md;
+	This function performs a SHA_Init(), followed by a SHA_Update()
+	followed by a SHA_Final() (using a local SHA_CTX).
+	The resulting digest is put into 'md' if it is not NULL.
+	Regardless of the value of 'md', the message
+	digest is returned from the function.  If 'md' was NULL, the message
+	digest returned is being stored in a static structure.
+	
+
+==== speed.doc ========================================================
+
+To get an idea of the performance of this library, use
+ssleay speed
+
+perl util/sp-diff.pl file1 file2
+
+will print out the relative differences between the 2 files which are
+expected to be the output from the speed program.
+
+The performace of the library is very dependant on the Compiler
+quality and various flags used to build.
+
+---
+
+These are some numbers I did comparing RSAref and SSLeay on a Pentium 100.
+[ These numbers are all out of date, as of SSL - 0.6.1 the RSA
+operations are about 2 times faster, so check the version number ]
+
+RSA performance.
+
+SSLeay 0.6.0
+Pentium 100, 32meg, Windows NT Workstation 3.51
+linux - gcc v 2.7.0 -O3 -fomit-frame-pointer -m486
+and
+Windows NT  - Windows NT 3.51 - Visual C++ 4.1   - 586 code + 32bit assember
+Windows 3.1 - Windows NT 3.51 - Visual C++ 1.52c - 286 code + 32bit assember
+NT Dos Shell- Windows NT 3.51 - Visual C++ 1.52c - 286 code + 16bit assember
+
+Times are how long it takes to do an RSA private key operation.
+
+	       512bits 1024bits
+-------------------------------
+SSLeay NT dll	0.042s   0.202s see above
+SSLeay linux	0.046s   0.218s	Assember inner loops (normal build) 
+SSLeay linux	0.067s   0.380s Pure C code with BN_LLONG defined
+SSLeay W3.1 dll	0.108s 	 0.478s see above
+SSLeay linux	0.109s   0.713s C without BN_LLONG.
+RSAref2.0 linux	0.149s   0.936s
+SSLeay MS-DOS	0.197s   1.049s see above
+
+486DX66, 32meg, Windows NT Server 3.51
+	       512bits 1024bits
+-------------------------------
+SSLeay NT dll   0.084s	 0.495s	<- SSLeay 0.6.3
+SSLeay NT dll   0.154s   0.882s
+SSLeay W3.1 dll 0.335s   1.538s
+SSLeay MS-DOS	0.490s   2.790s
+
+What I find cute is that I'm still faster than RSAref when using standard C,
+without using the 'long long' data type :-), %35 faster for 512bit and we
+scale up to 3.2 times faster for the 'default linux' build.  I should mention
+that people should 'try' to use either x86-lnx.s (elf), x86-lnxa.s or
+x86-sol.s for any x86 based unix they are building on.  The only problems
+with be with syntax but the performance gain is quite large, especially for
+servers.  The code is very simple, you just need to modify the 'header'.
+
+The message is, if you are stuck using RSAref, the RSA performance will be
+bad. Considering the code was compiled for a pentium, the 486DX66 number
+would indicate 'Use RSAref and turn you Pentium 100 into a 486DX66' :-). 
+[ As of verson 0.6.1, it would be correct to say 'turn you pentium 100
+ into a 486DX33' :-) ]
+
+I won't tell people if the DLL's are using RSAref or my stuff if no-one
+asks :-).
+
+eric
+
+PS while I know I could speed things up further, I will probably not do
+   so due to the effort involved.  I did do some timings on the
+   SSLeay bignum format -> RSAref number format conversion that occurs
+   each time RSAref is used by SSLeay, and the numbers are trivial.
+   0.00012s a call for 512bit vs 0.149s for the time spent in the function.
+   0.00018s for 1024bit vs 0.938s.  Insignificant.
+   So the 'way to go', to support faster RSA libraries, if people are keen,
+   is to write 'glue' code in a similar way that I do for RSAref and send it
+   to me :-).
+   My base library still has the advantage of being able to operate on 
+   any size numbers, and is not that far from the performance from the
+   leaders in the field. (-%30?)
+   [ Well as of 0.6.1 I am now the leader in the filed on x86 (we at
+     least very close :-) ]
+
+   I suppose I should also mention some other numbers RSAref numbers, again
+   on my Pentium.
+		DES CBC		EDE-DES		MD5
+   RSAref linux	 830k/s		 302k/s		4390k/s
+   SSLeay linux  855k/s          319k/s        10025k/s
+   SSLeay NT	1158k/s		 410k/s	       10470k/s
+   SSLeay w31	 378k/s		 143k/s         2383k/s (fully 16bit)
+
+   Got to admit that Visual C++ 4.[01] is a damn fine compiler :-)
+--
+Eric Young                  | BOOL is tri-state according to Bill Gates.
+AARNet: eay@cryptsoft.com   | RTFM Win32 GetMessage().
+
+
+
+
+==== ssl-ciph.doc ========================================================
+
+This is a quick high level summery of how things work now.
+
+Each SSLv2 and SSLv3 cipher is composed of 4 major attributes plus a few extra
+minor ones.
+
+They are 'The key exchange algorithm', which is RSA for SSLv2 but can also
+be Diffle-Hellman for SSLv3.
+
+An 'Authenticion algorithm', which can be RSA, Diffle-Helman, DSS or
+none.
+
+The cipher
+
+The MAC digest.
+
+A cipher can also be an export cipher and is either an SSLv2 or a
+SSLv3 ciphers.
+
+To specify which ciphers to use, one can either specify all the ciphers,
+one at a time, or use 'aliases' to specify the preference and order for
+the ciphers.
+
+There are a large number of aliases, but the most importaint are
+kRSA, kDHr, kDHd and kEDH for key exchange types.
+
+aRSA, aDSS, aNULL and aDH for authentication
+DES, 3DES, RC4, RC2, IDEA and eNULL for ciphers
+MD5, SHA0 and SHA1 digests
+
+Now where this becomes interesting is that these can be put together to
+specify the order and ciphers you wish to use.
+
+To speed this up there are also aliases for certian groups of ciphers.
+The main ones are
+SSLv2	- all SSLv2 ciphers
+SSLv3	- all SSLv3 ciphers
+EXP	- all export ciphers
+LOW	- all low strngth ciphers (no export ciphers, normally single DES)
+MEDIUM	- 128 bit encryption
+HIGH	- Triple DES
+
+These aliases can be joined in a : separated list which specifies to
+add ciphers, move them to the current location and delete them.
+
+A simpler way to look at all of this is to use the 'ssleay ciphers -v' command.
+The default library cipher spec is
+!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP
+which means, first, remove from consideration any ciphers that do not
+authenticate.  Next up, use ciphers using RC4 and RSA.  Next include the HIGH,
+MEDIUM and the LOW security ciphers.  Finish up by adding all the export
+ciphers on the end, then 'pull' all the SSLv2 and export ciphers to
+the end of the list.
+
+The results are
+$ ssleay ciphers -v '!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP'
+
+RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
+RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
+EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
+EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
+DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
+IDEA-CBC-MD5            SSLv3 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=SHA1
+EDH-RSA-DES-CBC-SHA     SSLv3 Kx=DH       Au=RSA  Enc=DES(56)   Mac=SHA1
+EDH-DSS-DES-CBC-SHA     SSLv3 Kx=DH       Au=DSS  Enc=DES(56)   Mac=SHA1
+DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1
+DES-CBC3-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=MD5 
+DES-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=MD5 
+IDEA-CBC-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=MD5 
+RC2-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=RC2(128)  Mac=MD5 
+RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5 
+EXP-EDH-RSA-DES-CBC     SSLv3 Kx=DH(512)  Au=RSA  Enc=DES(40)   Mac=SHA1 export
+EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=DSS  Enc=DES(40)   Mac=SHA1 export
+EXP-DES-CBC-SHA         SSLv3 Kx=RSA(512) Au=RSA  Enc=DES(40)   Mac=SHA1 export
+EXP-RC2-CBC-MD5         SSLv3 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
+EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
+EXP-RC2-CBC-MD5         SSLv2 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
+EXP-RC4-MD5             SSLv2 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
+
+I would recoment people use the 'ssleay ciphers -v "text"'
+command to check what they are going to use.
+
+Anyway, I'm falling asleep here so I'll do some more tomorrow.
+
+eric
+
+==== ssl.doc ========================================================
+
+SSL_CTX_sessions(SSL_CTX *ctx) - the session-id hash table.
+
+/* Session-id cache stats */
+SSL_CTX_sess_number
+SSL_CTX_sess_connect
+SSL_CTX_sess_connect_good
+SSL_CTX_sess_accept
+SSL_CTX_sess_accept_good
+SSL_CTX_sess_hits
+SSL_CTX_sess_cb_hits
+SSL_CTX_sess_misses
+SSL_CTX_sess_timeouts
+
+/* Session-id application notification callbacks */
+SSL_CTX_sess_set_new_cb
+SSL_CTX_sess_get_new_cb
+SSL_CTX_sess_set_get_cb
+SSL_CTX_sess_get_get_cb
+
+/* Session-id cache operation mode */
+SSL_CTX_set_session_cache_mode
+SSL_CTX_get_session_cache_mode
+
+/* Set default timeout values to use. */
+SSL_CTX_set_timeout
+SSL_CTX_get_timeout
+
+/* Global  SSL initalisation informational callback */
+SSL_CTX_set_info_callback
+SSL_CTX_get_info_callback
+SSL_set_info_callback
+SSL_get_info_callback
+
+/* If the SSL_accept/SSL_connect returned with -1, these indicate when
+ * we should re-call *.
+SSL_want
+SSL_want_nothing
+SSL_want_read
+SSL_want_write
+SSL_want_x509_lookup
+
+/* Where we are in SSL initalisation, used in non-blocking, perhaps
+ * have a look at ssl/bio_ssl.c */
+SSL_state
+SSL_is_init_finished
+SSL_in_init
+SSL_in_connect_init
+SSL_in_accept_init
+
+/* Used to set the 'inital' state so SSL_in_connect_init and SSL_in_accept_init
+ * can be used to work out which function to call. */
+SSL_set_connect_state
+SSL_set_accept_state
+
+/* Where to look for certificates for authentication */
+SSL_set_default_verify_paths /* calles SSL_load_verify_locations */
+SSL_load_verify_locations
+
+/* get info from an established connection */
+SSL_get_session
+SSL_get_certificate
+SSL_get_SSL_CTX
+
+SSL_CTX_new
+SSL_CTX_free
+SSL_new
+SSL_clear
+SSL_free
+
+SSL_CTX_set_cipher_list
+SSL_get_cipher
+SSL_set_cipher_list
+SSL_get_cipher_list
+SSL_get_shared_ciphers
+
+SSL_accept
+SSL_connect
+SSL_read
+SSL_write
+
+SSL_debug
+
+SSL_get_read_ahead
+SSL_set_read_ahead
+SSL_set_verify
+
+SSL_pending
+
+SSL_set_fd
+SSL_set_rfd
+SSL_set_wfd
+SSL_set_bio
+SSL_get_fd
+SSL_get_rbio
+SSL_get_wbio
+
+SSL_use_RSAPrivateKey
+SSL_use_RSAPrivateKey_ASN1
+SSL_use_RSAPrivateKey_file
+SSL_use_PrivateKey
+SSL_use_PrivateKey_ASN1
+SSL_use_PrivateKey_file
+SSL_use_certificate
+SSL_use_certificate_ASN1
+SSL_use_certificate_file
+
+ERR_load_SSL_strings
+SSL_load_error_strings
+
+/* human readable version of the 'state' of the SSL connection. */
+SSL_state_string
+SSL_state_string_long
+/* These 2 report what kind of IO operation the library was trying to
+ * perform last.  Probably not very usefull. */
+SSL_rstate_string
+SSL_rstate_string_long
+
+SSL_get_peer_certificate
+
+SSL_SESSION_new
+SSL_SESSION_print_fp
+SSL_SESSION_print
+SSL_SESSION_free
+i2d_SSL_SESSION
+d2i_SSL_SESSION
+
+SSL_get_time
+SSL_set_time
+SSL_get_timeout
+SSL_set_timeout
+SSL_copy_session_id
+SSL_set_session
+SSL_CTX_add_session
+SSL_CTX_remove_session
+SSL_CTX_flush_sessions
+
+BIO_f_ssl
+
+/* used to hold information as to why a certificate verification failed */
+SSL_set_verify_result
+SSL_get_verify_result
+
+/* can be used by the application to associate data with an SSL structure.
+ * It needs to be 'free()ed' by the application */
+SSL_set_app_data
+SSL_get_app_data
+
+/* The following all set values that are kept in the SSL_CTX but
+ * are used as the default values when an SSL session is created.
+ * They are over writen by the relevent SSL_xxxx functions */
+
+/* SSL_set_verify */
+void SSL_CTX_set_default_verify
+
+/* This callback, if set, totaly overrides the normal SSLeay verification
+ * functions and should return 1 on sucesss and 0 on failure */
+void SSL_CTX_set_cert_verify_callback
+
+/* The following are the same as the equivilent SSL_xxx functions.
+ * Only one copy of this information is kept and if a particular
+ * SSL structure has a local override, it is totally separate structure.
+ */
+int SSL_CTX_use_RSAPrivateKey
+int SSL_CTX_use_RSAPrivateKey_ASN1
+int SSL_CTX_use_RSAPrivateKey_file
+int SSL_CTX_use_PrivateKey
+int SSL_CTX_use_PrivateKey_ASN1
+int SSL_CTX_use_PrivateKey_file
+int SSL_CTX_use_certificate
+int SSL_CTX_use_certificate_ASN1
+int SSL_CTX_use_certificate_file
+
+
+==== ssl_ctx.doc ========================================================
+
+This is now a bit dated, quite a few of the SSL_ functions could be
+SSL_CTX_ functions.  I will update this in the future. 30 Aug 1996
+
+From eay@orb.mincom.oz.au Mon Dec 11 21:37:08 1995
+Received: by orb.mincom.oz.au id AA00696
+  (5.65c/IDA-1.4.4 for eay); Mon, 11 Dec 1995 11:37:08 +1000
+Date: Mon, 11 Dec 1995 11:37:08 +1000 (EST)
+From: Eric Young <eay@mincom.oz.au>
+X-Sender: eay@orb
+To: sameer <sameer@c2.org>
+Cc: Eric Young <eay@mincom.oz.au>
+Subject: Re: PEM_readX509 oesn't seem to be working
+In-Reply-To: <199512110102.RAA12521@infinity.c2.org>
+Message-Id: <Pine.SOL.3.91.951211112115.28608D-100000@orb>
+Mime-Version: 1.0
+Content-Type: TEXT/PLAIN; charset=US-ASCII
+Status: RO
+X-Status: 
+
+On Sun, 10 Dec 1995, sameer wrote:
+> 	OK, that's solved. I've found out that it is saying "no
+> certificate set" in SSL_accept because s->conn == NULL
+> so there is some place I need to initialize s->conn that I am
+> not initializing it.
+
+The full order of things for a server should be.
+
+ctx=SSL_CTX_new();
+
+/* The next line should not really be using ctx->cert but I'll leave it 
+ * this way right now... I don't want a X509_ routine to know about an SSL
+ * structure, there should be an SSL_load_verify_locations... hmm, I may 
+ * add it tonight.
+ */
+X509_load_verify_locations(ctx->cert,CAfile,CApath);
+
+/* Ok now for each new connection we do the following */
+con=SSL_new(ctx);
+SSL_set_fd(con,s);
+SSL_set_verify(con,verify,verify_callback);
+
+/* set the certificate and private key to use. */
+SSL_use_certificate_ASN1(con,X509_certificate);
+SSL_use_RSAPrivateKey_ASN1(con,RSA_private_key);
+
+SSL_accept(con);
+
+SSL_read(con)/SSL_write(con);
+
+There is a bit more than that but that is basically the structure.
+
+Create a context and specify where to lookup certificates.
+
+foreach connection
+	{
+	create a SSL structure
+	set the certificate and private key
+	do a SSL_accept
+	
+	we should now be ok
+	}
+
+eric
+--
+Eric Young                  | Signature removed since it was generating
+AARNet: eay@mincom.oz.au    | more followups than the message contents :-)
+
+
+
+==== ssleay.doc ========================================================
+
+SSLeay: a cryptographic kitchen sink.
+
+1st December 1995
+Way back at the start of April 1995, I was looking for a mindless
+programming project.  A friend of mine (Tim Hudson) said "why don't you do SSL,
+it has DES encryption in it and I would not mind using it in a SSL telnet".
+While it was true I had written a DES library in previous years, litle
+did I know what an expansive task SSL would turn into.
+
+First of all, the SSL protocol contains DES encryption.  Well and good.  My
+DES library was fast and portable.  It also contained the RSA's RC4 stream
+cipher.  Again, not a problem, some-one had just posted to sci.crypt
+something that was claimed to be RC4.  It also contained IDEA, I had the
+specifications, not a problem to implement.  MD5, an RFC, trivial, at most
+I could spend a week or so trying to see if I could speed up the
+implementation.  All in all a nice set of ciphers.
+Then the first 'expantion of the scope', RSA public key
+encryption.  Since I did not knowing a thing about public key encryption
+or number theory, this appeared quite a daunting task.  Just writing a
+big number library would be problomatic in itself, let alone making it fast.
+At this point the scope of 'implementing SSL' expands eponentialy.
+First of all, the RSA private keys  were being kept in ASN.1 format.
+Thankfully the RSA PKCS series of documents explains this format.  So I now
+needed to be able to encode and decode arbitary ASN.1 objects.  The Public
+keys were embeded in X509 certificates.  Hmm... these are not only
+ASN.1 objects but they make up a heirachy of authentication.  To
+authenticate a X509 certificate one needs to retrieve it's issuers
+certificate etc etc.  Hmm..., so I also need to implement some kind
+of certificate management software.  I would also have to implement
+software to authenticate certificates.  At this point the support code made
+the SSL part of my library look quite small.
+Around this time, the first version of SSLeay was released.
+
+Ah, but here was the problem, I was not happy with the code so far.  As may
+have become obvious, I had been treating all of this as a learning
+exersize, so I have completely written the library myself.  As such, due
+to the way it had grown like a fungus, much of the library was not
+'elagent' or neat.  There were global and static variables all over the
+place, the SSL part did not even handle non-blocking IO.
+The Great rewrite began.
+
+As of this point in time, the 'Great rewrite' has almost finished.  So what
+follows is an approximate list of what is actually SSLeay 0.5.0
+
+/********* This needs to be updated for 0.6.0+ *************/
+
+---
+The library contains the following routines.  Please note that most of these
+functions are not specfic for SSL or any other particular cipher
+implementation.  I have tried to make all the routines as general purpose
+as possible.  So you should not think of this library as an SSL
+implemtation, but rather as a library of cryptographic functions
+that also contains SSL.  I refer to each of these function groupings as
+libraries since they are often capable of functioning as independant
+libraries
+
+First up, the general ciphers and message digests supported by the library.
+
+MD2	rfc???, a standard 'by parts' interface to this algorithm.
+MD5	rfc???, the same type of interface as for the MD2 library except a
+	different algorithm.
+SHA	THe Secure Hash Algorithm.  Again the same type of interface as
+	MD2/MD5 except the digest is 20 bytes.
+SHA1	The 'revised' version of SHA.  Just about identical to SHA except
+	for one tweak of an inner loop.
+DES	This is my libdes library that has been floating around for the last
+	few years.  It has been enhanced for no other reason than completeness.
+	It now supports ecb, cbc, cfb, ofb, cfb64, ofb64 in normal mode and
+	triple DES modes of ecb, cbc, cfb64 and ofb64.  cfb64 and ofb64 are
+	functional interfaces to the 64 bit modes of cfb and ofb used in
+	such a way thay they function as single character interfaces.
+RC4	The RSA Inc. stream cipher.
+RC2	The RSA Inc. block cipher.
+IDEA	An implmentation of the IDEA cipher, the library supports ecb, cbc,
+	cfb64 and ofb64 modes of operation.
+
+Now all the above mentioned ciphers and digests libraries support high
+speed, minimal 'crap in the way' type interfaces.  For fastest and
+lowest level access, these routines should be used directly.
+
+Now there was also the matter of public key crypto systems.  These are
+based on large integer arithmatic.
+
+BN	This is my large integer library.  It supports all the normal
+	arithmentic operations.  It uses malloc extensivly and as such has
+	no limits of the size of the numbers being manipulated.  If you
+	wish to use 4000 bit RSA moduli, these routines will handle it.
+	This library also contains routines to 'generate' prime numbers and
+	to test for primality.  The RSA and DH libraries sit on top of this
+	library.  As of this point in time, I don't support SHA, but
+	when I do add it, it will just sit on top of the routines contained
+	in this library.
+RSA	This implements the RSA public key algorithm.  It also contains
+	routines that will generate a new private/public key pair.
+	All the RSA functions conform to the PKCS#1 standard.
+DH	This is an implementation of the
+	Diffie-Hellman protocol.  There are all the require routines for
+	the protocol, plus extra routines that can be used to generate a
+	strong prime for use with a specified generator.  While this last
+	routine is not generally required by applications implementing DH,
+	It is present for completeness and because I thing it is much
+	better to be able to 'generate' your own 'magic' numbers as oposed
+	to using numbers suplied by others.  I conform to the PKCS#3
+	standard where required.
+
+You may have noticed the preceeding section mentions the 'generation' of
+prime numbers.  Now this requries the use of 'random numbers'. 
+
+RAND	This psuedo-random number library is based on MD5 at it's core
+	and a large internal state (2k bytes).  Once you have entered enough
+	seed data into this random number algorithm I don't feel
+	you will ever need to worry about it generating predictable output.
+	Due to the way I am writing a portable library, I have left the
+	issue of how to get good initial random seed data upto the
+	application but I do have support routines for saving and loading a
+	persistant random number state for use between program runs.
+	
+Now to make all these ciphers easier to use, a higher level
+interface was required.  In this form, the same function would be used to
+encrypt 'by parts', via any one of the above mentioned ciphers.
+
+EVP	The Digital EnVeloPe library is quite large.  At it's core are
+	function to perform encryption and decryption by parts while using
+	an initial parameter to specify which of the 17 different ciphers
+	or 4 different message digests to use.  On top of these are implmented
+	the digital signature functions, sign, verify, seal and open.
+	Base64 encoding of binary data is also done in this library.
+
+PEM	rfc???? describe the format for Privacy Enhanced eMail.
+	As part of this standard, methods of encoding digital enveloped
+	data is an ascii format are defined.  As such, I use a form of these
+	to encode enveloped data.  While at this point in time full support
+	for PEM has not been built into the library, a minimal subset of
+	the secret key and Base64 encoding is present.  These reoutines are
+	mostly used to Ascii encode binary data with a 'type' associated
+	with it and perhaps details of private key encryption used to
+	encrypt the data.
+	
+PKCS7	This is another Digital Envelope encoding standard which uses ASN.1
+	to encode the data.  At this point in time, while there are some
+	routines to encode and decode this binary format, full support is
+	not present.
+	
+As Mentioned, above, there are several different ways to encode
+data structures.
+
+ASN1	This library is more a set of primatives used to encode the packing
+	and unpacking of data structures.  It is used by the X509
+	certificate standard and by the PKCS standards which are used by
+	this library.  It also contains routines for duplicating and signing
+	the structures asocisated with X509.
+	
+X509	The X509 library contains routines for packing and unpacking,
+	verifying and just about every thing else you would want to do with
+	X509 certificates.
+
+PKCS7	PKCS-7 is a standard for encoding digital envelope data
+	structures.  At this point in time the routines will load and save
+	DER forms of these structees.  They need to be re-worked to support
+	the BER form which is the normal way PKCS-7 is encoded.  If the
+	previous 2 sentances don't make much sense, don't worry, this
+	library is not used by this version of SSLeay anyway.
+
+OBJ	ASN.1 uses 'object identifiers' to identify objects.  A set of
+	functions were requred to translate from ASN.1 to an intenger, to a
+	character string.  This library provieds these translations
+	
+Now I mentioned an X509 library.  X509 specified a hieachy of certificates
+which needs to be traversed to authenticate particular certificates.
+
+METH	This library is used to push 'methods' of retrieving certificates
+	into the library.  There are some supplied 'methods' with SSLeay
+	but applications can add new methods if they so desire.
+	This library has not been finished and is not being used in this
+	version.
+	
+Now all the above are required for use in the initial point of this project.
+
+SSL	The SSL protocol.  This is a full implmentation of SSL v 2.  It
+	support both server and client authentication.  SSL v 3 support
+	will be added when the SSL v 3 specification is released in it's
+	final form.
+
+Now quite a few of the above mentioned libraries rely on a few 'complex'
+data structures.  For each of these I have a library.
+
+Lhash	This is a hash table library which is used extensivly.
+
+STACK	An implemetation of a Stack data structure.
+
+BUF	A simple character array structure that also support a function to
+	check that the array is greater that a certain size, if it is not,
+	it is realloced so that is it.
+	
+TXT_DB	A simple memory based text file data base.  The application can specify
+	unique indexes that will be enforced at update time.
+
+CONF	Most of the programs written for this library require a configuration
+	file.  Instead of letting programs constantly re-implment this
+	subsystem, the CONF library provides a consistant and flexable
+	interface to not only configuration files but also environment
+	variables.
+
+But what about when something goes wrong?
+The one advantage (and perhaps disadvantage) of all of these
+functions being in one library was the ability to implement a
+single error reporting system.
+	
+ERR	This library is used to report errors.  The error system records
+	library number, function number (in the library) and reason
+	number.  Multiple errors can be reported so that an 'error' trace
+	is created.  The errors can be printed in numeric or textual form.
+
+
+==== ssluse.doc ========================================================
+
+We have an SSL_CTX which contains global information for lots of
+SSL connections.  The session-id cache and the certificate verificate cache.
+It also contains default values for use when certificates are used.
+
+SSL_CTX
+	default cipher list
+	session-id cache
+	certificate cache
+	default session-id timeout period
+	New session-id callback
+	Required session-id callback
+	session-id stats
+	Informational callback
+	Callback that is set, overrides the SSLeay X509 certificate
+	  verification
+	The default Certificate/Private Key pair
+	Default read ahead mode.
+	Default verify mode and verify callback.  These are not used
+	  if the over ride callback mentioned above is used.
+	
+Each SSL can have the following defined for it before a connection is made.
+
+Certificate
+Private key
+Ciphers to use
+Certificate verify mode and callback
+IO object to use in the comunication.
+Some 'read-ahead' mode information.
+A previous session-id to re-use.
+
+A connection is made by using SSL_connect or SSL_accept.
+When non-blocking IO is being used, there are functions that can be used
+to determin where and why the SSL_connect or SSL_accept did not complete.
+This information can be used to recall the functions when the 'error'
+condition has dissapeared.
+
+After the connection has been made, information can be retrived about the
+SSL session and the session-id values that have been decided apon.
+The 'peer' certificate can be retrieved.
+
+The session-id values include
+'start time'
+'timeout length'
+
+
+
+==== stack.doc ========================================================
+
+The stack data structure is used to store an ordered list of objects.
+It is basically misnamed to call it a stack but it can function that way
+and that is what I originally used it for.  Due to the way element
+pointers are kept in a malloc()ed array, the most efficient way to use this
+structure is to add and delete elements from the end via sk_pop() and
+sk_push().  If you wish to do 'lookups' sk_find() is quite efficient since
+it will sort the stack (if required) and then do a binary search to lookup 
+the requested item.  This sorting occurs automatically so just sk_push()
+elements on the stack and don't worry about the order.  Do remember that if
+you do a sk_find(), the order of the elements will change.
+
+You should never need to 'touch' this structure directly.
+typedef struct stack_st
+	{
+	unsigned int num;
+	char **data;
+	int sorted;
+
+	unsigned int num_alloc;
+	int (*comp)();
+	} STACK;
+
+'num' holds the number of elements in the stack, 'data' is the array of
+elements.  'sorted' is 1 is the list has been sorted, 0 if not.
+
+num_alloc is the number of 'nodes' allocated in 'data'.  When num becomes
+larger than num_alloc, data is realloced to a larger size.
+If 'comp' is set, it is a function that is used to compare 2 of the items
+in the stack.  The function should return -1, 0 or 1, depending on the
+ordering.
+
+#define sk_num(sk)	((sk)->num)
+#define sk_value(sk,n)	((sk)->data[n])
+
+These 2 macros should be used to access the number of elements in the
+'stack' and to access a pointer to one of the values.
+
+STACK *sk_new(int (*c)());
+	This creates a new stack.  If 'c', the comparison function, is not
+specified, the various functions that operate on a sorted 'stack' will not
+work (sk_find()).  NULL is returned on failure.
+
+void sk_free(STACK *);
+	This function free()'s a stack structure.  The elements in the
+stack will not be freed so one should 'pop' and free all elements from the
+stack before calling this function or call sk_pop_free() instead.
+
+void sk_pop_free(STACK *st; void (*func)());
+	This function calls 'func' for each element on the stack, passing
+the element as the argument.  sk_free() is then called to free the 'stack'
+structure.
+
+int sk_insert(STACK *sk,char *data,int where);
+	This function inserts 'data' into stack 'sk' at location 'where'.
+If 'where' is larger that the number of elements in the stack, the element
+is put at the end.  This function tends to be used by other 'stack'
+functions.  Returns 0 on failure, otherwise the number of elements in the
+new stack.
+
+char *sk_delete(STACK *st,int loc);
+	Remove the item a location 'loc' from the stack and returns it.
+Returns NULL if the 'loc' is out of range.
+
+char *sk_delete_ptr(STACK *st, char *p);
+	If the data item pointed to by 'p' is in the stack, it is deleted
+from the stack and returned.  NULL is returned if the element is not in the
+stack.
+
+int sk_find(STACK *st,char *data);
+	Returns the location that contains a value that is equal to 
+the 'data' item.  If the comparison function was not set, this function
+does a linear search.  This function actually qsort()s the stack if it is not
+in order and then uses bsearch() to do the initial search.  If the
+search fails,, -1 is returned.  For mutliple items with the same
+value, the index of the first in the array is returned.
+
+int sk_push(STACK *st,char *data);
+	Append 'data' to the stack.  0 is returned if there is a failure
+(due to a malloc failure), else 1.  This is 
+sk_insert(st,data,sk_num(st));
+
+int sk_unshift(STACK *st,char *data);
+	Prepend 'data' to the front (location 0) of the stack.  This is
+sk_insert(st,data,0);
+
+char *sk_shift(STACK *st);
+	Return and delete from the stack the first element in the stack.
+This is sk_delete(st,0);
+
+char *sk_pop(STACK *st);
+	Return and delete the last element on the stack.  This is
+sk_delete(st,sk_num(sk)-1);
+
+void sk_zero(STACK *st);
+	Removes all items from the stack.  It does not 'free'
+pointers but is a quick way to clear a 'stack of references'.
+
+==== threads.doc ========================================================
+
+How to compile SSLeay for multi-threading.
+
+Well basically it is quite simple, set the compiler flags and build.
+I have only really done much testing under Solaris and Windows NT.
+If you library supports localtime_r() and gmtime_r() add,
+-DTHREADS to the makefile parameters.  You can probably survive with out
+this define unless you are going to have multiple threads generating
+certificates at once.  It will not affect the SSL side of things.
+
+The approach I have taken to doing locking is to make the application provide
+callbacks to perform locking and so that the SSLeay library can distinguish
+between threads (for the error state).
+
+To have a look at an example program, 'cd mt; vi mttest.c'.
+To build under solaris, sh solaris.sh, for Windows NT or Windows 95,
+win32.bat
+
+This will build mttest which will fire up 10 threads that talk SSL
+to each other 10 times.
+To enable everything to work, the application needs to call
+
+CRYPTO_set_id_callback(id_function);
+CRYPTO_set_locking_callback(locking_function);
+
+before any multithreading is started.
+id_function does not need to be defined under Windows NT or 95, the
+correct function will be called if it is not.  Under unix, getpid()
+is call if the id_callback is not defined, for Solaris this is wrong
+(since threads id's are not pid's) but under Linux it is correct
+(threads are just processes sharing the data segement).
+
+The locking_callback is used to perform locking by the SSLeay library.
+eg.
+
+void solaris_locking_callback(mode,type,file,line)
+int mode;
+int type;
+char *file;
+int line;
+	{
+	if (mode & CRYPTO_LOCK)
+		mutex_lock(&(lock_cs[type]));
+	else
+		mutex_unlock(&(lock_cs[type]));
+	}
+
+Now in this case I have used mutexes instead of read/write locks, since they
+are faster and there are not many read locks in SSLeay, you may as well
+always use write locks.  file and line are __FILE__ and __LINE__ from
+the compile and can be usefull when debugging.
+
+Now as you can see, 'type' can be one of a range of values, these values are
+defined in crypto/crypto.h
+CRYPTO_get_lock_name(type) will return a text version of what the lock is.
+There are CRYPTO_NUM_LOCKS locks required, so under solaris, the setup
+for multi-threading can be
+
+static mutex_t lock_cs[CRYPTO_NUM_LOCKS];
+
+void thread_setup()
+	{
+	int i;
+
+	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+		mutex_init(&(lock_cs[i]),USYNC_THREAD,NULL);
+	CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
+	CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
+	}
+
+As a final note, under Windows NT or Windows 95, you have to be careful
+not to mix the various threaded, unthreaded and debug libraries.
+Normally if they are mixed incorrectly, mttest will crash just after printing
+out some usage statistics at the end.  This is because the
+different system libraries use different malloc routines and if
+data is malloc()ed inside crypt32.dll or ssl32.dll and then free()ed by a
+different library malloc, things get very confused.
+
+The default SSLeay DLL builds use /MD, so if you use this on your
+application, things will work as expected.  If you use /MDd,
+you will probably have to rebuild SSLeay using this flag.
+I should modify util/mk1mf.pl so it does all this correctly, but 
+this has not been done yet.
+
+One last warning.  Because locking overheads are actually quite large, the
+statistics collected against the SSL_CTX for successfull connections etc
+are not locked when updated.  This does make it possible for these
+values to be slightly lower than they should be, if you are
+running multithreaded on a multi-processor box, but this does not really
+matter much.
+
+
+==== txt_db.doc ========================================================
+
+TXT_DB, a simple text based in memory database.
+
+It holds rows of ascii data, for which the only special character is '\0'.
+The rows can be of an unlimited length.
+
+==== why.doc ========================================================
+
+This file is more of a note for other people who wish to understand why
+the build environment is the way it is :-).
+
+The include files 'depend' as follows.
+Each of 
+crypto/*/*.c includes crypto/cryptlib.h
+ssl/*.c include ssl/ssl_locl.h
+apps/*.c include apps/apps.h
+crypto/cryptlib.h, ssl/ssl_locl.h and apps/apps.h
+all include e_os.h which contains OS/environment specific information.
+If you need to add something todo with a particular environment,
+add it to this file.  It is worth remembering that quite a few libraries,
+like lhash, des, md, sha etc etc do not include crypto/cryptlib.h.  This
+is because these libraries should be 'independantly compilable' and so I
+try to keep them this way.
+e_os.h is not so much a part of SSLeay, as the placing in one spot all the
+evil OS dependant muck.
+
+I wanted to automate as many things as possible.  This includes
+error number generation.  A
+make errors
+will scan the source files for error codes, append them to the correct
+header files, and generate the functions to print the text version
+of the error numbers.  So don't even think about adding error numbers by
+hand, put them in the form
+XXXerr(XXXX_F_XXXX,YYYY_R_YYYY);
+on line and it will be automatically picked up my a make errors.
+
+In a similar vein, programs to be added into ssleay in the apps directory
+just need to have an entry added to E_EXE in makefile.ssl and
+everthing will work as expected.  Don't edit progs.h by hand.
+
+make links re-generates the symbolic links that are used.  The reason why
+I keep everything in its own directory, and don't put all the
+test programs and header files in 'test' and 'include' is because I want
+to keep the 'sub-libraries' independant.  I still 'pull' out
+indervidual libraries for use in specific projects where the code is
+required.  I have used the 'lhash' library in just about every software
+project I have worked on :-).
+
+make depend generates dependancies and
+make dclean removes them.
+
+You will notice that I use perl quite a bit when I could be using 'sed'.
+The reason I decided to do this was to just stick to one 'extra' program.
+For Windows NT, I have perl and no sed.
+
+The util/mk1mf.pl program can be used to generate a single makefile.
+I use this because makefiles under Microsoft are horrific.
+Each C compiler seems to have different linker formats, which have
+to be used because the retarted C compilers explode when you do
+cl -o file *.o.
+
+Now some would argue that I should just use the single makefile.  I don't
+like it during develoment for 2 reasons.  First, the actuall make
+command takes a long time.  For my current setup, if I'm in
+crypto/bn and I type make, only the crypto/bn directory gets rebuilt,
+which is nice when you are modifying prototypes in bn.h which
+half the SSLeay depends on.  The second is that to add a new souce file
+I just plonk it in at the required spot in the local makefile.  This
+then alows me to keep things local, I don't need to modify a 'global'
+tables (the make for unix, the make for NT, the make for w31...).
+When I am ripping apart a library structure, it is nice to only
+have to worry about one directory :-).
+
+Having said all this, for the hell of it I put together 2 files that
+#include all the souce code (generated by doing a ls */*.o after a build).
+crypto.c takes only 30 seconds to build under NT and 2 minutes under linux
+for my pentium100.  Much faster that the normal build :-).
+Again, the problem is that when using libraries, every program linked
+to libcrypto.a would suddenly get 330k of library when it may only need
+1k.  This technique does look like a nice way to do shared libraries though.
+
+Oh yes, as a final note, to 'build' a distribution, I just type
+make dist.
+This cleans and packages everything.  The directory needs to be called
+SSLeay since the make does a 'cd ..' and renames and tars things up.
+
+==== req.1 ========================================================
+
+The 'req' command is used to manipulate and deal with pkcs#10
+certificate requests.
+
+It's default mode of operation is to load a certificate and then
+write it out again.
+
+By default the 'req' is read from stdin in 'PEM' format.
+The -inform option can be used to specify 'pem' format or 'der'
+format.  PEM format is the base64 encoding of the DER format.
+
+By default 'req' then writes the request back out. -outform can be used
+to indicate the desired output format, be it 'pem' or 'der'.
+
+To specify an input file, use the '-in' option and the '-out' option
+can be used to specify the output file.
+
+If you wish to perform a command and not output the certificate
+request afterwards, use the '-noout' option.
+
+When a certificate is loaded, it can be printed in a human readable
+ascii format via the '-text' option.
+
+To check that the signature on a certificate request is correct, use
+the '-verify' option to make sure that the private key contained in the
+certificate request corresponds to the signature.
+
+Besides the default mode, there is also the 'generate a certificate
+request' mode.  There are several flags that trigger this mode.
+
+-new will generate a new RSA key (if required) and then prompts
+the user for details for the certificate request.
+-newkey has an argument that is the number of bits to make the new
+key.  This function also triggers '-new'.
+
+The '-new' option can have a key to use specified instead of having to
+load one, '-key' is used to specify the file containg the key.
+-keyform can be used to specify the format of the key.  Only
+'pem' and 'der' formats are supported, later, 'netscape' format may be added.
+
+Finally there is the '-x509' options which makes req output a self
+signed x509 certificate instead of a certificate request.
+
+Now as you may have noticed, there are lots of default options that
+cannot be specified via the command line.  They are held in a 'template'
+or 'configuration file'.  The -config option specifies which configuration
+file to use.  See conf.doc for details on the syntax of this file.
+
+The req command uses the 'req' section of the config file.
+
+---
+# The following variables are defined.  For this example I will populate
+# the various values
+[ req ]
+default_bits	= 512		# default number of bits to use.
+default_keyfile	= testkey.pem	# Where to write the generated keyfile
+				# if not specified.
+distinguished_name= req_dn	# The section that contains the
+				# information about which 'object' we
+				# want to put in the DN.
+attributes	= req_attr	# The objects we want for the
+				# attributes field.
+encrypt_rsa_key	= no		# Should we encrypt newly generated
+				# keys.  I strongly recommend 'yes'.
+
+# The distinguished name section.  For the following entries, the
+# object names must exist in the SSLeay header file objects.h.  If they
+# do not, they will be silently ignored.  The entries have the following
+# format.
+# <object_name>		=> string to prompt with
+# <object_name>_default	=> default value for people
+# <object_name>_value	=> Automatically use this value for this field.
+# <object_name>_min	=> minimum number of characters for data (def. 0)
+# <object_name>_max	=> maximum number of characters for data (def. inf.)
+# All of these entries are optional except for the first one.
+[ req_dn ]
+countryName			= Country Name (2 letter code)
+countryName_default		= AU
+
+stateOrProvinceName		= State or Province Name (full name)
+stateOrProvinceName_default	= Queensland
+
+localityName			= Locality Name (eg, city)
+
+organizationName		= Organization Name (eg, company)
+organizationName_default	= Mincom Pty Ltd
+
+organizationalUnitName		= Organizational Unit Name (eg, section)
+organizationalUnitName_default	= MTR
+
+commonName			= Common Name (eg, YOUR name)
+commonName_max			= 64
+
+emailAddress			= Email Address
+emailAddress_max		= 40
+
+# The next section is the attributes section.  This is exactly the
+# same as for the previous section except that the resulting objects are
+# put in the attributes field. 
+[ req_attr ]
+challengePassword		= A challenge password
+challengePassword_min		= 4
+challengePassword_max		= 20
+
+unstructuredName		= An optional company name
+
+----
+Also note that the order that attributes appear in this file is the
+order they will be put into the distinguished name.
+
+Once this request has been generated, it can be sent to a CA for
+certifying.
+
+----
+A few quick examples....
+
+To generate a new request and a new key
+req -new
+
+To generate a new request and a 1058 bit key
+req -newkey 1058
+
+To generate a new request using a pre-existing key
+req -new -key key.pem
+
+To generate a self signed x509 certificate from a certificate
+request using a supplied key, and we want to see the text form of the
+output certificate (which we will put in the file selfSign.pem
+req -x509 -in req.pem -key key.pem -text -out selfSign.pem
+
+Verify that the signature is correct on a certificate request.
+req -verify -in req.pem
+
+Verify that the signature was made using a specified public key.
+req -verify -in req.pem -key key.pem
+
+Print the contents of a certificate request
+req -text -in req.pem
+
+==== danger ========================================================
+
+If you specify a SSLv2 cipher, and the mode is SSLv23 and the server
+can talk SSLv3, it will claim there is no cipher since you should be
+using SSLv3.
+
+When tracing debug stuff, remember BIO_s_socket() is different to
+BIO_s_connect().
+
+BSD/OS assember is not working
+
diff --git a/doc/ssluse.doc b/doc/ssluse.doc
deleted file mode 100644
index 2e3a26cbf3..0000000000
--- a/doc/ssluse.doc
+++ /dev/null
@@ -1,45 +0,0 @@
-We have an SSL_CTX which contains global information for lots of
-SSL connections.  The session-id cache and the certificate verificate cache.
-It also contains default values for use when certificates are used.
-
-SSL_CTX
-	default cipher list
-	session-id cache
-	certificate cache
-	default session-id timeout period
-	New session-id callback
-	Required session-id callback
-	session-id stats
-	Informational callback
-	Callback that is set, overrides the SSLeay X509 certificate
-	  verification
-	The default Certificate/Private Key pair
-	Default read ahead mode.
-	Default verify mode and verify callback.  These are not used
-	  if the over ride callback mentioned above is used.
-	
-Each SSL can have the following defined for it before a connection is made.
-
-Certificate
-Private key
-Ciphers to use
-Certificate verify mode and callback
-IO object to use in the comunication.
-Some 'read-ahead' mode information.
-A previous session-id to re-use.
-
-A connection is made by using SSL_connect or SSL_accept.
-When non-blocking IO is being used, there are functions that can be used
-to determin where and why the SSL_connect or SSL_accept did not complete.
-This information can be used to recall the functions when the 'error'
-condition has dissapeared.
-
-After the connection has been made, information can be retrived about the
-SSL session and the session-id values that have been decided apon.
-The 'peer' certificate can be retrieved.
-
-The session-id values include
-'start time'
-'timeout length'
-
-
diff --git a/doc/stack.doc b/doc/stack.doc
deleted file mode 100644
index 7c20b1b664..0000000000
--- a/doc/stack.doc
+++ /dev/null
@@ -1,96 +0,0 @@
-The stack data structure is used to store an ordered list of objects.
-It is basically misnamed to call it a stack but it can function that way
-and that is what I originally used it for.  Due to the way element
-pointers are kept in a malloc()ed array, the most efficient way to use this
-structure is to add and delete elements from the end via sk_pop() and
-sk_push().  If you wish to do 'lookups' sk_find() is quite efficient since
-it will sort the stack (if required) and then do a binary search to lookup 
-the requested item.  This sorting occurs automatically so just sk_push()
-elements on the stack and don't worry about the order.  Do remember that if
-you do a sk_find(), the order of the elements will change.
-
-You should never need to 'touch' this structure directly.
-typedef struct stack_st
-	{
-	unsigned int num;
-	char **data;
-	int sorted;
-
-	unsigned int num_alloc;
-	int (*comp)();
-	} STACK;
-
-'num' holds the number of elements in the stack, 'data' is the array of
-elements.  'sorted' is 1 is the list has been sorted, 0 if not.
-
-num_alloc is the number of 'nodes' allocated in 'data'.  When num becomes
-larger than num_alloc, data is realloced to a larger size.
-If 'comp' is set, it is a function that is used to compare 2 of the items
-in the stack.  The function should return -1, 0 or 1, depending on the
-ordering.
-
-#define sk_num(sk)	((sk)->num)
-#define sk_value(sk,n)	((sk)->data[n])
-
-These 2 macros should be used to access the number of elements in the
-'stack' and to access a pointer to one of the values.
-
-STACK *sk_new(int (*c)());
-	This creates a new stack.  If 'c', the comparison function, is not
-specified, the various functions that operate on a sorted 'stack' will not
-work (sk_find()).  NULL is returned on failure.
-
-void sk_free(STACK *);
-	This function free()'s a stack structure.  The elements in the
-stack will not be freed so one should 'pop' and free all elements from the
-stack before calling this function or call sk_pop_free() instead.
-
-void sk_pop_free(STACK *st; void (*func)());
-	This function calls 'func' for each element on the stack, passing
-the element as the argument.  sk_free() is then called to free the 'stack'
-structure.
-
-int sk_insert(STACK *sk,char *data,int where);
-	This function inserts 'data' into stack 'sk' at location 'where'.
-If 'where' is larger that the number of elements in the stack, the element
-is put at the end.  This function tends to be used by other 'stack'
-functions.  Returns 0 on failure, otherwise the number of elements in the
-new stack.
-
-char *sk_delete(STACK *st,int loc);
-	Remove the item a location 'loc' from the stack and returns it.
-Returns NULL if the 'loc' is out of range.
-
-char *sk_delete_ptr(STACK *st, char *p);
-	If the data item pointed to by 'p' is in the stack, it is deleted
-from the stack and returned.  NULL is returned if the element is not in the
-stack.
-
-int sk_find(STACK *st,char *data);
-	Returns the location that contains a value that is equal to 
-the 'data' item.  If the comparison function was not set, this function
-does a linear search.  This function actually qsort()s the stack if it is not
-in order and then uses bsearch() to do the initial search.  If the
-search fails,, -1 is returned.  For mutliple items with the same
-value, the index of the first in the array is returned.
-
-int sk_push(STACK *st,char *data);
-	Append 'data' to the stack.  0 is returned if there is a failure
-(due to a malloc failure), else 1.  This is 
-sk_insert(st,data,sk_num(st));
-
-int sk_unshift(STACK *st,char *data);
-	Prepend 'data' to the front (location 0) of the stack.  This is
-sk_insert(st,data,0);
-
-char *sk_shift(STACK *st);
-	Return and delete from the stack the first element in the stack.
-This is sk_delete(st,0);
-
-char *sk_pop(STACK *st);
-	Return and delete the last element on the stack.  This is
-sk_delete(st,sk_num(sk)-1);
-
-void sk_zero(STACK *st);
-	Removes all items from the stack.  It does not 'free'
-pointers but is a quick way to clear a 'stack of references'.
diff --git a/doc/standards.txt b/doc/standards.txt
new file mode 100644
index 0000000000..596d9001e6
--- /dev/null
+++ b/doc/standards.txt
@@ -0,0 +1,130 @@
+Standards related to OpenSSL
+============================
+
+[Please, this is currently a draft.  I made a first try at finding
+ documents that describe parts of what OpenSSL implements.  There are
+ big gaps, and I've most certainly done something wrong.  Please
+ correct whatever is...  Also, this note should be removed when this
+ file is reaching a somewhat correct state.        -- Richard Levitte]
+
+
+All pointers in here will be either URL's or blobs of text borrowed
+from miscellaneous indexes, like rfc-index.txt (index of RFCs),
+1id-index.txt (index of Internet drafts) and the like.
+
+To find the latest possible RFCs, it's recommended to either browse
+ftp://ftp.isi.edu/in-notes/ or go to http://www.rfc-editor.org/ and
+use the search mechanism found there.
+To find the latest possible Internet drafts, it's recommended to
+browse ftp://ftp.isi.edu/internet-drafts/.
+To find the latest possible PKCS, it's recommended to browse
+http://www.rsasecurity.com/rsalabs/pkcs/.
+
+
+Implemented:
+------------
+
+These are documents that describe things that are implemented (in
+whole or at least great parts) in OpenSSL.
+
+1319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992.
+     (Format: TXT=25661 bytes) (Status: INFORMATIONAL)
+
+1320 The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
+     TXT=32407 bytes) (Status: INFORMATIONAL)
+
+1321 The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
+     TXT=35222 bytes) (Status: INFORMATIONAL)
+
+2246 The TLS Protocol Version 1.0. T. Dierks, C. Allen. January 1999.
+     (Format: TXT=170401 bytes) (Status: PROPOSED STANDARD)
+
+2268 A Description of the RC2(r) Encryption Algorithm. R. Rivest.
+     January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL)
+
+2314 PKCS 10: Certification Request Syntax Version 1.5. B. Kaliski.
+     March 1998. (Format: TXT=15814 bytes) (Status: INFORMATIONAL)
+
+2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski.
+     March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL)
+
+2437 PKCS #1: RSA Cryptography Specifications Version 2.0. B. Kaliski,
+     J. Staddon. October 1998. (Format: TXT=73529 bytes) (Obsoletes
+     RFC2313) (Status: INFORMATIONAL)
+
+2459 Internet X.509 Public Key Infrastructure Certificate and CRL
+     Profile. R. Housley, W. Ford, W. Polk, D. Solo. January 1999.
+     (Format: TXT=278438 bytes) (Status: PROPOSED STANDARD)
+
+PKCS#8: Private-Key Information Syntax Standard
+
+PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
+
+2560 X.509 Internet Public Key Infrastructure Online Certificate
+     Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin,
+     C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED
+     STANDARD)
+
+
+Related:
+--------
+
+These are documents that are close to OpenSSL, for example the
+STARTTLS documents.
+
+1421 Privacy Enhancement for Internet Electronic Mail: Part I: Message
+     Encryption and Authentication Procedures. J. Linn. February 1993.
+     (Format: TXT=103894 bytes) (Obsoletes RFC1113) (Status: PROPOSED
+     STANDARD)
+
+1422 Privacy Enhancement for Internet Electronic Mail: Part II:
+     Certificate-Based Key Management. S. Kent. February 1993. (Format:
+     TXT=86085 bytes) (Obsoletes RFC1114) (Status: PROPOSED STANDARD)
+
+1423 Privacy Enhancement for Internet Electronic Mail: Part III:
+     Algorithms, Modes, and Identifiers. D. Balenson. February 1993.
+     (Format: TXT=33277 bytes) (Obsoletes RFC1115) (Status: PROPOSED
+     STANDARD)
+
+1424 Privacy Enhancement for Internet Electronic Mail: Part IV: Key
+     Certification and Related Services. B. Kaliski. February 1993.
+     (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD)
+
+2256 A Summary of the X.500(96) User Schema for use with LDAPv3. M.
+     Wahl. December 1997. (Format: TXT=32377 bytes) (Status: PROPOSED
+     STANDARD)
+
+2487 SMTP Service Extension for Secure SMTP over TLS. P. Hoffman.
+     January 1999. (Format: TXT=15120 bytes) (Status: PROPOSED STANDARD)
+
+2585 Internet X.509 Public Key Infrastructure Operational Protocols:
+     FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813
+     bytes) (Status: PROPOSED STANDARD)
+
+2595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999.
+     (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD)
+
+2712 Addition of Kerberos Cipher Suites to Transport Layer Security
+     (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes)
+     (Status: PROPOSED STANDARD)
+
+2817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May
+     2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED
+     STANDARD)
+
+2818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes)
+     (Status: INFORMATIONAL)
+
+  "Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt>  
+ 
+
+To be implemented:
+------------------
+
+These are documents that describe things that are planed to be
+implemented in the hopefully short future.
+
+2712 Addition of Kerberos Cipher Suites to Transport Layer Security
+     (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes)
+     (Status: PROPOSED STANDARD)
+
diff --git a/doc/threads.doc b/doc/threads.doc
deleted file mode 100644
index 251061e896..0000000000
--- a/doc/threads.doc
+++ /dev/null
@@ -1,90 +0,0 @@
-How to compile SSLeay for multi-threading.
-
-Well basically it is quite simple, set the compiler flags and build.
-I have only really done much testing under Solaris and Windows NT.
-If you library supports localtime_r() and gmtime_r() add,
--DTHREADS to the makefile parameters.  You can probably survive with out
-this define unless you are going to have multiple threads generating
-certificates at once.  It will not affect the SSL side of things.
-
-The approach I have taken to doing locking is to make the application provide
-callbacks to perform locking and so that the SSLeay library can distinguish
-between threads (for the error state).
-
-To have a look at an example program, 'cd mt; vi mttest.c'.
-To build under solaris, sh solaris.sh, for Windows NT or Windows 95,
-win32.bat
-
-This will build mttest which will fire up 10 threads that talk SSL
-to each other 10 times.
-To enable everything to work, the application needs to call
-
-CRYPTO_set_id_callback(id_function);
-CRYPTO_set_locking_callback(locking_function);
-
-before any multithreading is started.
-id_function does not need to be defined under Windows NT or 95, the
-correct function will be called if it is not.  Under unix, getpid()
-is call if the id_callback is not defined, for solaris this is wrong
-(since threads id's are not pid's) but under IRIX it is correct
-(threads are just processes sharing the data segement).
-
-The locking_callback is used to perform locking by the SSLeay library.
-eg.
-
-void solaris_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
-	{
-	if (mode & CRYPTO_LOCK)
-		mutex_lock(&(lock_cs[type]));
-	else
-		mutex_unlock(&(lock_cs[type]));
-	}
-
-Now in this case I have used mutexes instead of read/write locks, since they
-are faster and there are not many read locks in SSLeay, you may as well
-always use write locks.  file and line are __FILE__ and __LINE__ from
-the compile and can be usefull when debugging.
-
-Now as you can see, 'type' can be one of a range of values, these values are
-defined in crypto/crypto.h
-CRYPTO_get_lock_name(type) will return a text version of what the lock is.
-There are CRYPTO_NUM_LOCKS locks required, so under solaris, the setup
-for multi-threading can be
-
-static mutex_t lock_cs[CRYPTO_NUM_LOCKS];
-
-void thread_setup()
-	{
-	int i;
-
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
-		mutex_init(&(lock_cs[i]),USYNC_THREAD,NULL);
-	CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
-	CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
-	}
-
-As a final note, under Windows NT or Windows 95, you have to be careful
-not to mix the various threaded, unthreaded and debug libraries.
-Normally if they are mixed incorrectly, mttest will crash just after printing
-out some usage statistics at the end.  This is because the
-different system libraries use different malloc routines and if
-data is malloc()ed inside crypt32.dll or ssl32.dll and then free()ed by a
-different library malloc, things get very confused.
-
-The default SSLeay DLL builds use /MD, so if you use this on your
-application, things will work as expected.  If you use /MDd,
-you will probably have to rebuild SSLeay using this flag.
-I should modify util/mk1mf.pl so it does all this correctly, but 
-this has not been done yet.
-
-One last warning.  Because locking overheads are actually quite large, the
-statistics collected against the SSL_CTX for successfull connections etc
-are not locked when updated.  This does make it possible for these
-values to be slightly lower than they should be, if you are
-running multithreaded on a multi-processor box, but this does not really
-matter much.
-
diff --git a/doc/txt_db.doc b/doc/txt_db.doc
deleted file mode 100644
index 3a5b0d50a1..0000000000
--- a/doc/txt_db.doc
+++ /dev/null
@@ -1,4 +0,0 @@
-TXT_DB, a simple text based in memory database.
-
-It holds rows of ascii data, for which the only special character is '\0'.
-The rows can be of an unlimited length.
diff --git a/doc/verify b/doc/verify
deleted file mode 100644
index b78d96159d..0000000000
--- a/doc/verify
+++ /dev/null
@@ -1,22 +0,0 @@
-X509_verify_cert_chain(
-	CERT_STORE *cert_store,
-	STACK /* X509 */ *certs,
-	int *verify_result,
-	int (*verify_error_callback)()
-	char *argument_to_callback, /* SSL */
-
-app_verify_callback(
-	char *app_verify_arg, /* from SSL_CTX */
-	STACK /* X509 */ *certs,
-	int *verify_result,
-	int (*verify_error_callback)()
-	SSL *s,
-
-int X509_verify_cert(
-	CERT_STORE *cert_store,
-	X509 *x509,
-	int *verify_result,
-	int (*verify_error_callback)(),
-	char *arg,
-
-
diff --git a/doc/why.doc b/doc/why.doc
deleted file mode 100644
index a1ac84bd27..0000000000
--- a/doc/why.doc
+++ /dev/null
@@ -1,79 +0,0 @@
-This file is more of a note for other people who wish to understand why
-the build environment is the way it is :-).
-
-The include files 'depend' as follows.
-Each of 
-crypto/*/*.c includes crypto/cryptlib.h
-ssl/*.c include ssl/ssl_locl.h
-apps/*.c include apps/apps.h
-crypto/cryptlib.h, ssl/ssl_locl.h and apps/apps.h
-all include e_os.h which contains OS/environment specific information.
-If you need to add something todo with a particular environment,
-add it to this file.  It is worth remembering that quite a few libraries,
-like lhash, des, md, sha etc etc do not include crypto/cryptlib.h.  This
-is because these libraries should be 'independantly compilable' and so I
-try to keep them this way.
-e_os.h is not so much a part of SSLeay, as the placing in one spot all the
-evil OS dependant muck.
-
-I wanted to automate as many things as possible.  This includes
-error number generation.  A
-make errors
-will scan the source files for error codes, append them to the correct
-header files, and generate the functions to print the text version
-of the error numbers.  So don't even think about adding error numbers by
-hand, put them in the form
-XXXerr(XXXX_F_XXXX,YYYY_R_YYYY);
-on line and it will be automatically picked up my a make errors.
-
-In a similar vein, programs to be added into ssleay in the apps directory
-just need to have an entry added to E_EXE in makefile.ssl and
-everthing will work as expected.  Don't edit progs.h by hand.
-
-make links re-generates the symbolic links that are used.  The reason why
-I keep everything in its own directory, and don't put all the
-test programs and header files in 'test' and 'include' is because I want
-to keep the 'sub-libraries' independant.  I still 'pull' out
-indervidual libraries for use in specific projects where the code is
-required.  I have used the 'lhash' library in just about every software
-project I have worked on :-).
-
-make depend generates dependancies and
-make dclean removes them.
-
-You will notice that I use perl quite a bit when I could be using 'sed'.
-The reason I decided to do this was to just stick to one 'extra' program.
-For Windows NT, I have perl and no sed.
-
-The util/mk1mf.pl program can be used to generate a single makefile.
-I use this because makefiles under Microsoft are horrific.
-Each C compiler seems to have different linker formats, which have
-to be used because the retarted C compilers explode when you do
-cl -o file *.o.
-
-Now some would argue that I should just use the single makefile.  I don't
-like it during develoment for 2 reasons.  First, the actuall make
-command takes a long time.  For my current setup, if I'm in
-crypto/bn and I type make, only the crypto/bn directory gets rebuilt,
-which is nice when you are modifying prototypes in bn.h which
-half the SSLeay depends on.  The second is that to add a new souce file
-I just plonk it in at the required spot in the local makefile.  This
-then alows me to keep things local, I don't need to modify a 'global'
-tables (the make for unix, the make for NT, the make for w31...).
-When I am ripping apart a library structure, it is nice to only
-have to worry about one directory :-).
-
-Having said all this, for the hell of it I put together 2 files that
-#include all the souce code (generated by doing a ls */*.o after a build).
-crypto.c takes only 30 seconds to build under NT and 2 minutes under linux
-for my pentium100.  Much faster that the normal build :-).
-Again, the problem is that when using libraries, every program linked
-to libcrypto.a would suddenly get 330k of library when it may only need
-1k.  This technique does look like a nice way to do shared libraries though.
-
-Oh yes, as a final note, to 'build' a distribution, I just type
-make dist.
-This cleans and packages everything.  The directory needs to be called
-SSLeay since the make does a 'cd ..' and renames and tars things up.
-
-
diff --git a/e_os.h b/e_os.h
index 510db0e9ac..f7d09c5295 100644
--- a/e_os.h
+++ b/e_os.h
@@ -59,6 +59,13 @@
 #ifndef HEADER_E_OS_H
 #define HEADER_E_OS_H
 
+#include <openssl/opensslconf.h>
+
+#include <openssl/e_os2.h>
+/* <openssl/e_os2.h> contains what we can justify to make visible
+ * to the outside; this file e_os.h is not part of the exported
+ * interface. */
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -70,13 +77,36 @@ extern "C" {
 #endif
 
 #ifndef DEVRANDOM
-/* set this to your 'random' device if you have one.
- * My default, we will try to read this file */
-#define DEVRANDOM "/dev/urandom"
+/* set this to a comma-separated list of 'random' device files to try out.
+ * My default, we will try to read at least one of these files */
+#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
+#endif
+#ifndef DEVRANDOM_EGD
+/* set this to a comma-seperated list of 'egd' sockets to try out. These
+ * sockets will be tried in the order listed in case accessing the device files
+ * listed in DEVRANDOM did not return enough entropy. */
+#define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy"
 #endif
 
-#if defined(NOCONST)
-#define const
+#if defined(OPENSSL_SYS_VXWORKS)
+#  define NO_SYS_PARAM_H
+#  define NO_CHMOD
+#  define NO_SYSLOG
+#endif
+  
+#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
+# if macintosh==1
+#  ifndef MAC_OS_GUSI_SOURCE
+#    define MAC_OS_pre_X
+#    define NO_SYS_TYPES_H
+     typedef long ssize_t;
+#  endif
+#  define NO_SYS_PARAM_H
+#  define NO_CHMOD
+#  define NO_SYSLOG
+#  undef  DEVRANDOM
+#  define GETPID_IS_MEANINGLESS
+# endif
 #endif
 
 /********************************************************************
@@ -84,35 +114,66 @@ extern "C" {
  ********************************************************************/
 /* The following is used becaue of the small stack in some
  * Microsoft operating systems */
-#if defined(WIN16) || defined(MSDOS)
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYSNAME_WIN32)
 #  define MS_STATIC	static
 #else
 #  define MS_STATIC
 #endif
 
-#if defined(WIN32) || defined(WIN16)
-#  ifndef WINDOWS
-#    define WINDOWS
-#  endif
-#  ifndef MSDOS
-#    define MSDOS
-#  endif
+#if defined(OPENSSL_SYS_WIN32) && !defined(WIN32)
+#  define WIN32
+#endif
+#if defined(OPENSSL_SYS_WIN16) && !defined(WIN16)
+#  define WIN16
+#endif
+#if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS)
+#  define WINDOWS
+#endif
+#if defined(OPENSSL_SYS_MSDOS) && !defined(MSDOS)
+#  define MSDOS
+#endif
+
+#if defined(MSDOS) && !defined(GETPID_IS_MEANINGLESS)
+#  define GETPID_IS_MEANINGLESS
 #endif
 
 #ifdef WIN32
 #define get_last_sys_error()	GetLastError()
 #define clear_sys_error()	SetLastError(0)
+#if !defined(WINNT)
+#define WIN_CONSOLE_BUG
+#endif
 #else
 #define get_last_sys_error()	errno
 #define clear_sys_error()	errno=0
 #endif
 
-#ifdef WINDOWS
+#if defined(WINDOWS)
 #define get_last_socket_error()	WSAGetLastError()
 #define clear_socket_error()	WSASetLastError(0)
 #define readsocket(s,b,n)	recv((s),(b),(n),0)
 #define writesocket(s,b,n)	send((s),(b),(n),0)
 #define EADDRINUSE		WSAEADDRINUSE
+#elif defined(__DJGPP__)
+#define WATT32
+#define get_last_socket_error()	errno
+#define clear_socket_error()	errno=0
+#define closesocket(s)		close_s(s)
+#define readsocket(s,b,n)	read_s(s,b,n)
+#define writesocket(s,b,n)	send(s,b,n,0)
+#elif defined(MAC_OS_pre_X)
+#define get_last_socket_error()	errno
+#define clear_socket_error()	errno=0
+#define closesocket(s)		MacSocket_close(s)
+#define readsocket(s,b,n)	MacSocket_recv((s),(b),(n),true)
+#define writesocket(s,b,n)	MacSocket_send((s),(b),(n))
+#elif defined(OPENSSL_SYS_VMS)
+#define get_last_socket_error() errno
+#define clear_socket_error()    errno=0
+#define ioctlsocket(a,b,c)      ioctl(a,b,c)
+#define closesocket(s)          close(s)
+#define readsocket(s,b,n)       recv((s),(b),(n),0)
+#define writesocket(s,b,n)      send((s),(b),(n),0)
 #else
 #define get_last_socket_error()	errno
 #define clear_socket_error()	errno=0
@@ -123,7 +184,7 @@ extern "C" {
 #endif
 
 #ifdef WIN16
-#  define NO_FP_API
+#  define OPENSSL_NO_FP_API
 #  define MS_CALLBACK	_far _loadds
 #  define MS_FAR	_far
 #else
@@ -131,21 +192,35 @@ extern "C" {
 #  define MS_FAR
 #endif
 
-#ifdef NO_STDIO
-#  define NO_FP_API
+#ifdef OPENSSL_NO_STDIO
+#  define OPENSSL_NO_FP_API
 #endif
 
-#if defined(WINDOWS) || defined(MSDOS)
+#if (defined(WINDOWS) || defined(MSDOS))
 
-#ifndef S_IFDIR
-#define S_IFDIR	_S_IFDIR
-#endif
+#  ifdef __DJGPP__
+#    include <unistd.h>
+#    include <sys/stat.h>
+#    include <sys/socket.h>
+#    include <tcp.h>
+#    include <netdb.h>
+#    define _setmode setmode
+#    define _O_TEXT O_TEXT
+#    define _O_BINARY O_BINARY
+#  endif /* __DJGPP__ */
+
+#  ifndef S_IFDIR
+#    define S_IFDIR	_S_IFDIR
+#  endif
 
-#ifndef S_IFMT
-#define S_IFMT	_S_IFMT
-#endif
+#  ifndef S_IFMT
+#    define S_IFMT	_S_IFMT
+#  endif
 
-#define strncasecmp(a,b,c)	strnicmp((a),(b),(c))
+#  if !defined(WINNT) && !defined(__DJGPP__)
+#    define NO_SYSLOG
+#  endif
+#  define NO_DIRENT
 
 #  ifdef WINDOWS
 #    include <windows.h>
@@ -157,81 +232,181 @@ extern "C" {
 #  include <io.h>
 #  include <fcntl.h>
 
-#if defined(WIN16) && !defined(MONOLITH) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
-#  define EXIT(n) { if (n == 0) _wsetexit(_WINEXITNOPERSIST); return(n); }
-#else
-#  define EXIT(n)		return(n);
-#endif
+#  ifdef OPENSSL_SYS_WINCE
+#    include <winsock_extras.h>
+#  endif
+
+#  define ssize_t long
+
+#  if defined (__BORLANDC__)
+#    define _setmode setmode
+#    define _O_TEXT O_TEXT
+#    define _O_BINARY O_BINARY
+#    define _int64 __int64
+#    define _kbhit kbhit
+#  endif
+
+#  if defined(WIN16) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
+#    define EXIT(n) _wsetexit(_WINEXITNOPERSIST)
+#    define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0)
+#  else
+#    define EXIT(n) return(n)
+#  endif
 #  define LIST_SEPARATOR_CHAR ';'
-#ifndef X_OK
-#  define X_OK	0
-#endif
-#ifndef W_OK
-#  define W_OK	2
-#endif
-#ifndef R_OK
-#  define R_OK	4
-#endif
-#  define SSLEAY_CONF	"ssleay.cnf"
+#  ifndef X_OK
+#    define X_OK	0
+#  endif
+#  ifndef W_OK
+#    define W_OK	2
+#  endif
+#  ifndef R_OK
+#    define R_OK	4
+#  endif
+#  define OPENSSL_CONF	"openssl.cnf"
+#  define SSLEAY_CONF	OPENSSL_CONF
 #  define NUL_DEV	"nul"
 #  define RFILE		".rnd"
+#  ifdef OPENSSL_SYS_WINCE
+#    define DEFAULT_HOME  ""
+#  else
+#    define DEFAULT_HOME  "C:"
+#  endif
 
 #else /* The non-microsoft world world */
 
-#  ifdef VMS
-#    include <unixlib.h>
+#  ifdef OPENSSL_SYS_VMS
+#    define VMS 1
+  /* some programs don't include stdlib, so exit() and others give implicit 
+     function warnings */
+#    include <stdlib.h>
+#    if defined(__DECC)
+#      include <unistd.h>
+#    else
+#      include <unixlib.h>
+#    endif
+#    define OPENSSL_CONF	"openssl.cnf"
+#    define SSLEAY_CONF		OPENSSL_CONF
+#    define RFILE		".rnd"
+#    define LIST_SEPARATOR_CHAR ','
+#    define NUL_DEV		"NLA0:"
+  /* We don't have any well-defined random devices on VMS, yet... */
+#    undef DEVRANDOM
+  /* We need to do this since VMS has the following coding on status codes:
+
+     Bits 0-2: status type: 0 = warning, 1 = success, 2 = error, 3 = info ...
+               The important thing to know is that odd numbers are considered
+	       good, while even ones are considered errors.
+     Bits 3-15: actual status number
+     Bits 16-27: facility number.  0 is considered "unknown"
+     Bits 28-31: control bits.  If bit 28 is set, the shell won't try to
+                 output the message (which, for random codes, just looks ugly)
+
+     So, what we do here is to change 0 to 1 to get the default success status,
+     and everything else is shifted up to fit into the status number field, and
+     the status is tagged as an error, which I believe is what is wanted here.
+     -- Richard Levitte
+  */
+#    define EXIT(n)		do { int __VMS_EXIT = n; \
+                                     if (__VMS_EXIT == 0) \
+				       __VMS_EXIT = 1; \
+				     else \
+				       __VMS_EXIT = (n << 3) | 2; \
+                                     __VMS_EXIT |= 0x10000000; \
+				     exit(__VMS_EXIT); } while(0)
+#    define NO_SYS_PARAM_H
 #  else
-#    include <unistd.h>
-#  endif
+     /* !defined VMS */
+#    ifdef OPENSSL_SYS_MPE
+#      define NO_SYS_PARAM_H
+#    endif
+#    ifdef OPENSSL_UNISTD
+#      include OPENSSL_UNISTD
+#    else
+#      include <unistd.h>
+#    endif
+#    ifndef NO_SYS_TYPES_H
+#      include <sys/types.h>
+#    endif
+#    if defined(NeXT) || defined(OPENSSL_SYS_NEWS4)
+#      define pid_t int /* pid_t is missing on NEXTSTEP/OPENSTEP
+                         * (unless when compiling with -D_POSIX_SOURCE,
+                         * which doesn't work for us) */
+#      define ssize_t int /* ditto */
+#    endif
+#    ifdef OPENSSL_SYS_NEWS4 /* setvbuf is missing on mips-sony-bsd */
+#      define setvbuf(a, b, c, d) setbuffer((a), (b), (d))
+       typedef unsigned long clock_t;
+#    endif
 
-#  define SSLEAY_CONF	"ssleay.cnf"
-#  define RFILE		".rnd"
-#  define LIST_SEPARATOR_CHAR ':'
-#  ifndef MONOLITH
-#    define EXIT(n)		exit(n); return(n)
-#  else
-#    define EXIT(n)		return(n)
+#    define OPENSSL_CONF	"openssl.cnf"
+#    define SSLEAY_CONF		OPENSSL_CONF
+#    define RFILE		".rnd"
+#    define LIST_SEPARATOR_CHAR ':'
+#    define NUL_DEV		"/dev/null"
+#    define EXIT(n)		exit(n)
 #  endif
-#  define NUL_DEV		"/dev/null"
 
 #  define SSLeay_getpid()	getpid()
 
 #endif
 
+
 /*************/
 
 #ifdef USE_SOCKETS
 #  if defined(WINDOWS) || defined(MSDOS)
       /* windows world */
 
-#    ifdef NO_SOCK
+#    ifdef OPENSSL_NO_SOCK
 #      define SSLeay_Write(a,b,c)	(-1)
 #      define SSLeay_Read(a,b,c)	(-1)
 #      define SHUTDOWN(fd)		close(fd)
 #      define SHUTDOWN2(fd)		close(fd)
-#    else
+#    elif !defined(__DJGPP__)
 #      include <winsock.h>
 extern HINSTANCE _hInstance;
 #      define SSLeay_Write(a,b,c)	send((a),(b),(c),0)
 #      define SSLeay_Read(a,b,c)	recv((a),(b),(c),0)
 #      define SHUTDOWN(fd)		{ shutdown((fd),0); closesocket(fd); }
 #      define SHUTDOWN2(fd)		{ shutdown((fd),2); closesocket(fd); }
+#    else
+#      define SSLeay_Write(a,b,c)	write_s(a,b,c,0)
+#      define SSLeay_Read(a,b,c)	read_s(a,b,c)
+#      define SHUTDOWN(fd)		close_s(fd)
+#      define SHUTDOWN2(fd)		close_s(fd)
 #    endif
 
+#  elif defined(MAC_OS_pre_X)
+
+#    include "MacSocket.h"
+#    define SSLeay_Write(a,b,c)		MacSocket_send((a),(b),(c))
+#    define SSLeay_Read(a,b,c)		MacSocket_recv((a),(b),(c),true)
+#    define SHUTDOWN(fd)		MacSocket_close(fd)
+#    define SHUTDOWN2(fd)		MacSocket_close(fd)
 
 #  else
 
-#    ifndef VMS
-      /* unix world */
-#      include <netdb.h>
-#      include <sys/types.h>
+#    ifndef NO_SYS_PARAM_H
+#      include <sys/param.h>
+#    endif
+#    ifdef OPENSSL_SYS_VXWORKS
+#      include <time.h> 
+#    elif !defined(OPENSSL_SYS_MPE)
+#      include <sys/time.h> /* Needed under linux for FD_XXX */
+#    endif
+
+#    include <netdb.h>
+#    if defined(OPENSSL_SYS_VMS_NODECC)
+#      include <socket.h>
+#      include <in.h>
+#      include <inet.h>
+#    else
 #      include <sys/socket.h>
 #      ifdef FILIO_H
 #        include <sys/filio.h> /* Added for FIONBIO under unixware */
 #      endif
-#      include <sys/param.h>
-#      include <sys/time.h> /* Needed under linux for FD_XXX */
 #      include <netinet/in.h>
+#      include <arpa/inet.h>
 #    endif
 
 #    if defined(NeXT) || defined(_NEXT_SOURCE)
@@ -239,55 +414,71 @@ extern HINSTANCE _hInstance;
 #      include <sys/types.h>
 #    endif
 
-#    ifdef AIX
+#    ifdef OPENSSL_SYS_AIX
+#      include <sys/select.h>
+#    endif
+
+#    ifdef __QNX__
 #      include <sys/select.h>
 #    endif
 
 #    if defined(sun)
 #      include <sys/filio.h>
 #    else
-#      include <sys/ioctl.h>
+#      ifndef VMS
+#        include <sys/ioctl.h>
+#      else
+	 /* ioctl is only in VMS > 7.0 and when socketshr is not used */
+#        if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000)
+#          include <sys/ioctl.h>
+#        endif
+#      endif
 #    endif
 
 #    ifdef VMS
 #      include <unixio.h>
+#      if defined(TCPIP_TYPE_SOCKETSHR)
+#        include <socketshr.h>
+#      endif
 #    endif
 
 #    define SSLeay_Read(a,b,c)     read((a),(b),(c))
 #    define SSLeay_Write(a,b,c)    write((a),(b),(c))
-#    define SHUTDOWN(fd)    { shutdown((fd),0); close((fd)); }
-#    define SHUTDOWN2(fd)   { shutdown((fd),2); close((fd)); }
+#    define SHUTDOWN(fd)    { shutdown((fd),0); closesocket((fd)); }
+#    define SHUTDOWN2(fd)   { shutdown((fd),2); closesocket((fd)); }
+#    ifndef INVALID_SOCKET
 #    define INVALID_SOCKET	(-1)
+#    endif /* INVALID_SOCKET */
 #  endif
 #endif
 
-#if defined(THREADS) || defined(sun)
-#ifndef _REENTRANT
-#define _REENTRANT
-#endif
+#if defined(__ultrix)
+#  ifndef ssize_t
+#    define ssize_t int 
+#  endif
 #endif
 
-/***********************************************/
+#if defined(sun) && !defined(__svr4__) && !defined(__SVR4)
+  /* include headers first, so our defines don't break it */
+#include <stdlib.h>
+#include <string.h>
+  /* bcopy can handle overlapping moves according to SunOS 4.1.4 manpage */
+# define memmove(s1,s2,n) bcopy((s2),(s1),(n))
+# define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b)))
+extern char *sys_errlist[]; extern int sys_nerr;
+# define strerror(errnum) \
+	(((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum])
+#endif
 
-#ifndef NOPROTO
-#define P_CC_CC	const void *,const void *
-#define P_I_I		int,int 
-#define P_I_I_P		int,int,char *
-#define P_I_I_P_I	int,int,char *,int
-#define P_IP_I_I_P_I	int *,int,int,char *,int
-#define P_V		void 
-#else
-#define P_CC_CC
-#define P_I_I
-#define P_I_I_P
-#define P_IP_I_I_P_I
-#define P_I_I_P_I
-#define P_V
+#ifndef OPENSSL_EXIT
+# if defined(MONOLITH) && !defined(OPENSSL_C)
+#  define OPENSSL_EXIT(n) return(n)
+# else
+#  define OPENSSL_EXIT(n) do { EXIT(n); return(n); } while(0)
+# endif
 #endif
 
-/* not used yet */
-#define	CS_BEGIN
-#define CS_END
+/***********************************************/
 
 /* do we need to do this for getenv.
  * Just define getenv for use under windows */
@@ -306,19 +497,46 @@ extern HINSTANCE _hInstance;
 #ifdef sgi
 #define IRIX_CC_BUG	/* all version of IRIX I've tested (4.* 5.*) */
 #endif
+#ifdef OPENSSL_SYS_SNI
+#define IRIX_CC_BUG	/* CDS++ up to V2.0Bsomething suffered from the same bug.*/
+#endif
+
+#if defined(OPENSSL_SYS_OS2) && defined(__EMX__)
+# include <io.h>
+# include <fcntl.h>
+# define NO_SYSLOG
+# define strcasecmp stricmp
+#endif
+
+/* vxworks */
+#if defined(OPENSSL_SYS_VXWORKS)
+#include <ioLib.h>
+#include <tickLib.h>
+#include <sysLib.h>
 
-#ifdef NO_MD2
-#define MD2_Init MD2Init
-#define MD2_Update MD2Update
-#define MD2_Final MD2Final
-#define MD2_DIGEST_LENGTH 16
+#define TTY_STRUCT int
+
+#define sleep(a) taskDelay((a) * sysClkRateGet())
+#if defined(ioctlsocket)
+#undef ioctlsocket
 #endif
-#ifdef NO_MD5
-#define MD5_Init MD5Init 
-#define MD5_Update MD5Update
-#define MD5_Final MD5Final
-#define MD5_DIGEST_LENGTH 16
+#define ioctlsocket(a,b,c) ioctl((a),(b),*(c))
+
+#include <vxWorks.h>
+#include <sockLib.h>
+#include <taskLib.h>
+
+#define getpid taskIdSelf
+
+/* NOTE: these are implemented by helpers in database app!
+ * if the database is not linked, we need to implement them
+ * elswhere */
+struct hostent *gethostbyname(const char *name);
+struct hostent *gethostbyaddr(const char *addr, int length, int type);
+struct servent *getservbyname(const char *name, const char *proto);
+
 #endif
+/* end vxworks */
 
 #ifdef  __cplusplus
 }
diff --git a/e_os2.h b/e_os2.h
new file mode 100644
index 0000000000..81be3025f6
--- /dev/null
+++ b/e_os2.h
@@ -0,0 +1,270 @@
+/* e_os2.h */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/opensslconf.h>
+
+#ifndef HEADER_E_OS2_H
+#define HEADER_E_OS2_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/******************************************************************************
+ * Detect operating systems.  This probably needs completing.
+ * The result is that at least one OPENSSL_SYS_os macro should be defined.
+ * However, if none is defined, Unix is assumed.
+ **/
+
+#define OPENSSL_SYS_UNIX
+
+/* ----------------------- Macintosh, before MacOS X ----------------------- */
+#if defined(__MWERKS__) && defined(macintosh) || defined(OPENSSL_SYSNAME_MAC)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_MACINTOSH_CLASSIC
+#endif
+
+/* ---------------------- Microsoft operating systems ---------------------- */
+
+/* The 16 bit environments are pretty straightforward */
+#if defined(OPENSSL_SYSNAME_WIN16) || defined(OPENSSL_SYSNAME_MSDOS)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_MSDOS
+#endif
+#if defined(OPENSSL_SYSNAME_WIN16)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_WIN16
+#endif
+
+/* For 32 bit environment, there seems to be the CygWin environment and then
+   all the others that try to do the same thing Microsoft does... */
+#if defined(OPENSSL_SYSNAME_UWIN)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_WIN32_UWIN
+#else
+# if defined(__CYGWIN32__) || defined(OPENSSL_SYSNAME_CYGWIN32)
+#  undef OPENSSL_SYS_UNIX
+#  define OPENSSL_SYS_WIN32_CYGWIN
+# else
+#  if defined(_WIN32) || defined(OPENSSL_SYSNAME_WIN32)
+#   undef OPENSSL_SYS_UNIX
+#   define OPENSSL_SYS_WIN32
+#  endif
+#  if defined(OPENSSL_SYSNAME_WINNT)
+#   undef OPENSSL_SYS_UNIX
+#   define OPENSSL_SYS_WINNT
+#  endif
+#  if defined(OPENSSL_SYSNAME_WINCE)
+#   undef OPENSSL_SYS_UNIX
+#   define OPENSSL_SYS_WINCE
+#  endif
+# endif
+#endif
+
+/* Anything that tries to look like Microsoft is "Windows" */
+#if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_WINDOWS
+# ifndef OPENSSL_SYS_MSDOS
+#  define OPENSSL_SYS_MSDOS
+# endif
+#endif
+
+/* DLL settings.  This part is a bit tough, because it's up to the application
+   implementor how he or she will link the application, so it requires some
+   macro to be used. */
+#ifdef OPENSSL_SYS_WINDOWS
+# ifndef OPENSSL_OPT_WINDLL
+#  if defined(_WINDLL) /* This is used when building OpenSSL to indicate that
+                          DLL linkage should be used */
+#   define OPENSSL_OPT_WINDLL
+#  endif
+# endif
+#endif
+
+/* -------------------------------- OpenVMS -------------------------------- */
+#if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYSNAME_VMS)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_VMS
+# if defined(__DECC)
+#  define OPENSSL_SYS_VMS_DECC
+# elif defined(__DECCXX)
+#  define OPENSSL_SYS_VMS_DECC
+#  define OPENSSL_SYS_VMS_DECCXX
+# else
+#  define OPENSSL_SYS_VMS_NODECC
+# endif
+#endif
+
+/* --------------------------------- OS/2 ---------------------------------- */
+#if defined(__EMX__) || defined(__OS2__)
+# undef OPENSSL_SYS_UNIX
+# define OPENSSL_SYS_OS2
+#endif
+
+/* --------------------------------- Unix ---------------------------------- */
+#ifdef OPENSSL_SYS_UNIX
+# if defined(linux) || defined(__linux__) || defined(OPENSSL_SYSNAME_LINUX)
+#  define OPENSSL_SYS_LINUX
+# endif
+# ifdef OPENSSL_SYSNAME_MPE
+#  define OPENSSL_SYS_MPE
+# endif
+# ifdef OPENSSL_SYSNAME_SNI
+#  define OPENSSL_SYS_SNI
+# endif
+# ifdef OPENSSL_SYSNAME_ULTRASPARC
+#  define OPENSSL_SYS_ULTRASPARC
+# endif
+# ifdef OPENSSL_SYSNAME_NEWS4
+#  define OPENSSL_SYS_NEWS4
+# endif
+# ifdef OPENSSL_SYSNAME_MACOSX
+#  define OPENSSL_SYS_MACOSX
+# endif
+# ifdef OPENSSL_SYSNAME_MACOSX_RHAPSODY
+#  define OPENSSL_SYS_MACOSX_RHAPSODY
+#  define OPENSSL_SYS_MACOSX
+# endif
+# ifdef OPENSSL_SYSNAME_SUNOS
+#  define OPENSSL_SYS_SUNOS
+#endif
+# if defined(_CRAY) || defined(OPENSSL_SYSNAME_CRAY)
+#  define OPENSSL_SYS_CRAY
+# endif
+# if defined(_AIX) || defined(OPENSSL_SYSNAME_AIX)
+#  define OPENSSL_SYS_AIX
+# endif
+#endif
+
+/* ------------------------------- VxWorks --------------------------------- */
+#ifdef OPENSSL_SYSNAME_VXWORKS
+# define OPENSSL_SYS_VXWORKS
+#endif
+
+/**
+ * That's it for OS-specific stuff
+ *****************************************************************************/
+
+
+/* Specials for I/O an exit */
+#ifdef OPENSSL_SYS_MSDOS
+# define OPENSSL_UNISTD_IO <io.h>
+# define OPENSSL_DECLARE_EXIT extern void exit(int);
+#else
+# define OPENSSL_UNISTD_IO OPENSSL_UNISTD
+# define OPENSSL_DECLARE_EXIT /* declared in unistd.h */
+#endif
+
+/* Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare
+   certain global symbols that, with some compilers under VMS, have to be
+   defined and declared explicitely with globaldef and globalref.
+   Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare
+   DLL exports and imports for compilers under Win32.  These are a little
+   more complicated to use.  Basically, for any library that exports some
+   global variables, the following code must be present in the header file
+   that declares them, before OPENSSL_EXTERN is used:
+
+   #ifdef SOME_BUILD_FLAG_MACRO
+   # undef OPENSSL_EXTERN
+   # define OPENSSL_EXTERN OPENSSL_EXPORT
+   #endif
+
+   The default is to have OPENSSL_EXPORT, OPENSSL_IMPORT and OPENSSL_GLOBAL
+   have some generally sensible values, and for OPENSSL_EXTERN to have the
+   value OPENSSL_IMPORT.
+*/
+
+#if defined(OPENSSL_SYS_VMS_NODECC)
+# define OPENSSL_EXPORT globalref
+# define OPENSSL_IMPORT globalref
+# define OPENSSL_GLOBAL globaldef
+#elif defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL)
+# define OPENSSL_EXPORT extern _declspec(dllexport)
+# define OPENSSL_IMPORT extern _declspec(dllimport)
+# define OPENSSL_GLOBAL
+#else
+# define OPENSSL_EXPORT extern
+# define OPENSSL_IMPORT extern
+# define OPENSSL_GLOBAL
+#endif
+#define OPENSSL_EXTERN OPENSSL_IMPORT
+
+/* Macros to allow global variables to be reached through function calls when
+   required (if a shared library version requvres it, for example.
+   The way it's done allows definitions like this:
+
+	// in foobar.c
+	OPENSSL_IMPLEMENT_GLOBAL(int,foobar) = 0;
+	// in foobar.h
+	OPENSSL_DECLARE_GLOBAL(int,foobar);
+	#define foobar OPENSSL_GLOBAL_REF(foobar)
+*/
+#ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION
+# define OPENSSL_IMPLEMENT_GLOBAL(type,name) static type _hide_##name; \
+        type *_shadow_##name(void) { return &_hide_##name; } \
+        static type _hide_##name
+# define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void)
+# define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name()))
+#else
+# define OPENSSL_IMPLEMENT_GLOBAL(type,name) OPENSSL_GLOBAL type _shadow_##name
+# define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name
+# define OPENSSL_GLOBAL_REF(name) _shadow_##name
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/engines/.cvsignore b/engines/.cvsignore
new file mode 100644
index 0000000000..bb22714f15
--- /dev/null
+++ b/engines/.cvsignore
@@ -0,0 +1,2 @@
+Makefile.save
+libs
diff --git a/engines/Makefile.ssl b/engines/Makefile.ssl
new file mode 100644
index 0000000000..fe0690622e
--- /dev/null
+++ b/engines/Makefile.ssl
@@ -0,0 +1,269 @@
+#
+# SSLeay/engines/Makefile
+#
+
+DIR=	engines
+TOP=	..
+CC=	cc
+INCLUDES= -I../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+NEWMAKE=	make
+MAKE=		$(NEWMAKE) -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+PEX_LIBS=
+EX_LIBS=
+ 
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile engines.com install.com engine_vector.mar
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBNAMES= 4758_cca aep atalla cswift ncipher nuron sureware ubsec
+	
+LIBSRC=	e_4758_cca.c \
+	e_aep.c \
+	e_atalla.c \
+	e_cswift.c \
+	e_ncipher.c \
+	e_nuron.c \
+	e_sureware.c \
+	e_ubsec.c
+LIBOBJ= e_4758_cca.o \
+	e_aep.o \
+	e_atalla.o \
+	e_cswift.o \
+	e_ncipher.o \
+	e_nuron.o \
+	e_sureware.o \
+	e_ubsec.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= 
+HEADER=	e_4758_cca_err.c e_4758_cca_err.h \
+	e_aep_err.c e_aep_err.h \
+	e_atalla_err.c e_atalla_err.h \
+	e_cswift_err.c e_cswift_err.h \
+	e_ncipher_err.c e_ncipher_err.h \
+	e_nuron_err.c e_nuron_err.h \
+	e_sureware_err.c e_sureware_err.h \
+	e_ubsec_err.c e_ubsec_err.h
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ..; $(MAKE) DIRS=$(DIR) all)
+
+all:	libs
+
+libs:	$(LIBOBJ)
+	@if [ -n "$(SHARED_LIBS)" ]; then \
+		set -e; \
+		for l in $(LIBNAMES); do \
+			$(NEWMAKE) -f ../Makefile.shared \
+				CC="$(CC)" LIBNAME=$$l LIBEXTRAS=e_$$l.o \
+				LIBDEPS='-L.. -lcrypto $(EX_LIBS)' \
+				link_o.$(SHLIB_TARGET); \
+		done; \
+	else \
+		$(AR) $(LIB) $(LIBOBJ); \
+		$(RANLIB) $(LIB) || echo Never mind.; \
+	fi; \
+	touch libs
+
+files:
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+
+# XXXXX This currently only works on systems that use .so as suffix
+# for shared libraries.
+install:
+	@if [ -n "$(SHARED_LIBS)" ]; then \
+		set -e; \
+		for l in $(LIBNAMES); do \
+			( echo installing $$l; \
+			  cp lib$$l.so $(INSTALL_PREFIX)$(OPENSSLDIR)/engines/lib$$l.so.new; \
+			  chmod 555 $(INSTALL_PREFIX)$(OPENSSLDIR)/engines/lib$$l.so.new; \
+			  mv $(INSTALL_PREFIX)$(OPENSSLDIR)/engines/lib$$l.so.new $(INSTALL_PREFIX)$(OPENSSLDIR)/engines/lib$$l.so ); \
+		done; \
+	fi
+
+tags:
+	ctags $(SRC)
+
+errors:
+	set -e; for l in $(LIBNAMES); do \
+		$(PERL) ../util/mkerr.pl -conf e_$$l.ec \
+			-nostatic -staticloader -write e_$$l.c; \
+	done
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+e_4758_cca.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+e_4758_cca.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+e_4758_cca.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+e_4758_cca.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+e_4758_cca.o: ../include/openssl/des.h ../include/openssl/des_old.h
+e_4758_cca.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+e_4758_cca.o: ../include/openssl/dso.h ../include/openssl/e_os2.h
+e_4758_cca.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+e_4758_cca.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+e_4758_cca.o: ../include/openssl/err.h ../include/openssl/evp.h
+e_4758_cca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+e_4758_cca.o: ../include/openssl/md2.h ../include/openssl/md4.h
+e_4758_cca.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+e_4758_cca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+e_4758_cca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+e_4758_cca.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+e_4758_cca.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+e_4758_cca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+e_4758_cca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+e_4758_cca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+e_4758_cca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+e_4758_cca.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+e_4758_cca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+e_4758_cca.o: e_4758_cca.c e_4758_cca_err.c e_4758_cca_err.h
+e_4758_cca.o: vendor_defns/hw_4758_cca.h
+e_aep.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+e_aep.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+e_aep.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+e_aep.o: ../include/openssl/dsa.h ../include/openssl/dso.h
+e_aep.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+e_aep.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+e_aep.o: ../include/openssl/engine.h ../include/openssl/err.h
+e_aep.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+e_aep.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+e_aep.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+e_aep.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+e_aep.o: ../include/openssl/symhacks.h ../include/openssl/ui.h e_aep.c
+e_aep.o: e_aep_err.c e_aep_err.h vendor_defns/aep.h
+e_atalla.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+e_atalla.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+e_atalla.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+e_atalla.o: ../include/openssl/dsa.h ../include/openssl/dso.h
+e_atalla.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+e_atalla.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+e_atalla.o: ../include/openssl/engine.h ../include/openssl/err.h
+e_atalla.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+e_atalla.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+e_atalla.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+e_atalla.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+e_atalla.o: ../include/openssl/symhacks.h ../include/openssl/ui.h e_atalla.c
+e_atalla.o: e_atalla_err.c e_atalla_err.h vendor_defns/atalla.h
+e_cswift.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+e_cswift.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+e_cswift.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+e_cswift.o: ../include/openssl/dsa.h ../include/openssl/dso.h
+e_cswift.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+e_cswift.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+e_cswift.o: ../include/openssl/engine.h ../include/openssl/err.h
+e_cswift.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+e_cswift.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+e_cswift.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+e_cswift.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+e_cswift.o: ../include/openssl/symhacks.h ../include/openssl/ui.h e_cswift.c
+e_cswift.o: e_cswift_err.c e_cswift_err.h vendor_defns/cswift.h
+e_ncipher.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+e_ncipher.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+e_ncipher.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+e_ncipher.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+e_ncipher.o: ../include/openssl/des.h ../include/openssl/des_old.h
+e_ncipher.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+e_ncipher.o: ../include/openssl/dso.h ../include/openssl/e_os2.h
+e_ncipher.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+e_ncipher.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+e_ncipher.o: ../include/openssl/err.h ../include/openssl/evp.h
+e_ncipher.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+e_ncipher.o: ../include/openssl/md2.h ../include/openssl/md4.h
+e_ncipher.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+e_ncipher.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+e_ncipher.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+e_ncipher.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+e_ncipher.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+e_ncipher.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+e_ncipher.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+e_ncipher.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+e_ncipher.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+e_ncipher.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+e_ncipher.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+e_ncipher.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+e_ncipher.o: e_ncipher.c e_ncipher_err.c e_ncipher_err.h
+e_ncipher.o: vendor_defns/hwcryptohook.h
+e_nuron.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+e_nuron.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+e_nuron.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+e_nuron.o: ../include/openssl/dsa.h ../include/openssl/dso.h
+e_nuron.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+e_nuron.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+e_nuron.o: ../include/openssl/engine.h ../include/openssl/err.h
+e_nuron.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+e_nuron.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+e_nuron.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+e_nuron.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+e_nuron.o: ../include/openssl/symhacks.h ../include/openssl/ui.h e_nuron.c
+e_nuron.o: e_nuron_err.c e_nuron_err.h
+e_sureware.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+e_sureware.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+e_sureware.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+e_sureware.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+e_sureware.o: ../include/openssl/des.h ../include/openssl/des_old.h
+e_sureware.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+e_sureware.o: ../include/openssl/dso.h ../include/openssl/e_os2.h
+e_sureware.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+e_sureware.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+e_sureware.o: ../include/openssl/err.h ../include/openssl/evp.h
+e_sureware.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+e_sureware.o: ../include/openssl/md2.h ../include/openssl/md4.h
+e_sureware.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+e_sureware.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+e_sureware.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+e_sureware.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+e_sureware.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+e_sureware.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+e_sureware.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+e_sureware.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+e_sureware.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+e_sureware.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+e_sureware.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+e_sureware.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+e_sureware.o: e_sureware.c e_sureware_err.c e_sureware_err.h
+e_sureware.o: vendor_defns/sureware.h
+e_ubsec.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+e_ubsec.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+e_ubsec.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+e_ubsec.o: ../include/openssl/dsa.h ../include/openssl/dso.h
+e_ubsec.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+e_ubsec.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+e_ubsec.o: ../include/openssl/engine.h ../include/openssl/err.h
+e_ubsec.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+e_ubsec.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+e_ubsec.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+e_ubsec.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+e_ubsec.o: ../include/openssl/symhacks.h ../include/openssl/ui.h e_ubsec.c
+e_ubsec.o: e_ubsec_err.c e_ubsec_err.h vendor_defns/hw_ubsec.h
diff --git a/engines/axp.opt b/engines/axp.opt
new file mode 100644
index 0000000000..1dc71bf4b7
--- /dev/null
+++ b/engines/axp.opt
@@ -0,0 +1 @@
+SYMBOL_VECTOR=(bind_engine=PROCEDURE,v_check=PROCEDURE)
diff --git a/engines/e_4758_cca.c b/engines/e_4758_cca.c
new file mode 100644
index 0000000000..091e2dd317
--- /dev/null
+++ b/engines/e_4758_cca.c
@@ -0,0 +1,969 @@
+/* Author: Maurice Gittens <maurice@gittens.nl>                       */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+/* #include <openssl/pem.h> */
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/engine.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_4758_CCA
+
+#ifdef FLAT_INC
+#include "hw_4758_cca.h"
+#else
+#include "vendor_defns/hw_4758_cca.h"
+#endif
+
+#include "e_4758_cca_err.c"
+
+static int ibm_4758_cca_destroy(ENGINE *e);
+static int ibm_4758_cca_init(ENGINE *e);
+static int ibm_4758_cca_finish(ENGINE *e);
+static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+
+/* rsa functions */
+/*---------------*/
+#ifndef OPENSSL_NO_RSA
+static int cca_rsa_pub_enc(int flen, const unsigned char *from,
+		unsigned char *to, RSA *rsa,int padding);
+static int cca_rsa_priv_dec(int flen, const unsigned char *from,
+		unsigned char *to, RSA *rsa,int padding);
+static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
+		unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
+static int cca_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
+		unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
+
+/* utility functions */
+/*-----------------------*/
+static EVP_PKEY *ibm_4758_load_privkey(ENGINE*, const char*,
+		UI_METHOD *ui_method, void *callback_data);
+static EVP_PKEY *ibm_4758_load_pubkey(ENGINE*, const char*,
+		UI_METHOD *ui_method, void *callback_data);
+
+static int getModulusAndExponent(const unsigned char *token, long *exponentLength,
+		unsigned char *exponent, long *modulusLength,
+		long *modulusFieldLength, unsigned char *modulus);
+#endif
+
+/* RAND number functions */
+/*-----------------------*/
+static int cca_get_random_bytes(unsigned char*, int );
+static int cca_random_status(void);
+
+static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+		int idx,long argl, void *argp);
+
+/* Function pointers for CCA verbs */
+/*---------------------------------*/
+#ifndef OPENSSL_NO_RSA
+static F_KEYRECORDREAD keyRecordRead;
+static F_DIGITALSIGNATUREGENERATE digitalSignatureGenerate;
+static F_DIGITALSIGNATUREVERIFY digitalSignatureVerify;
+static F_PUBLICKEYEXTRACT publicKeyExtract;
+static F_PKAENCRYPT pkaEncrypt;
+static F_PKADECRYPT pkaDecrypt;
+#endif
+static F_RANDOMNUMBERGENERATE randomNumberGenerate;
+
+/* static variables */
+/*------------------*/
+static const char *CCA4758_LIB_NAME = NULL;
+static const char *get_CCA4758_LIB_NAME(void)
+	{
+	if(CCA4758_LIB_NAME)
+		return CCA4758_LIB_NAME;
+	return CCA_LIB_NAME;
+	}
+static void free_CCA4758_LIB_NAME(void)
+	{
+	if(CCA4758_LIB_NAME)
+		OPENSSL_free((void*)CCA4758_LIB_NAME);
+	CCA4758_LIB_NAME = NULL;
+	}
+static long set_CCA4758_LIB_NAME(const char *name)
+	{
+	free_CCA4758_LIB_NAME();
+	return (((CCA4758_LIB_NAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+	}
+#ifndef OPENSSL_NO_RSA
+static const char* n_keyRecordRead = CSNDKRR;
+static const char* n_digitalSignatureGenerate = CSNDDSG;
+static const char* n_digitalSignatureVerify = CSNDDSV;
+static const char* n_publicKeyExtract = CSNDPKX;
+static const char* n_pkaEncrypt = CSNDPKE;
+static const char* n_pkaDecrypt = CSNDPKD;
+#endif
+static const char* n_randomNumberGenerate = CSNBRNG;
+
+static int hndidx = -1;
+static DSO *dso = NULL;
+
+/* openssl engine initialization structures */
+/*------------------------------------------*/
+
+#define CCA4758_CMD_SO_PATH		ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN	cca4758_cmd_defns[] = {
+	{CCA4758_CMD_SO_PATH,
+		"SO_PATH",
+		"Specifies the path to the '4758cca' shared library",
+		ENGINE_CMD_FLAG_STRING},
+	{0, NULL, NULL, 0}
+	};
+
+#ifndef OPENSSL_NO_RSA
+static RSA_METHOD ibm_4758_cca_rsa =
+	{
+	"IBM 4758 CCA RSA method",
+	cca_rsa_pub_enc,
+	NULL,
+	NULL,
+	cca_rsa_priv_dec,
+	NULL, /*rsa_mod_exp,*/
+	NULL, /*mod_exp_mont,*/
+	NULL, /* init */
+	NULL, /* finish */
+	RSA_FLAG_SIGN_VER,	  /* flags */
+	NULL, /* app_data */
+	cca_rsa_sign, /* rsa_sign */
+	cca_rsa_verify  /* rsa_verify */
+	};
+#endif
+
+static RAND_METHOD ibm_4758_cca_rand =
+	{
+	/* "IBM 4758 RAND method", */
+	NULL, /* seed */
+	cca_get_random_bytes, /* get random bytes from the card */
+	NULL, /* cleanup */
+	NULL, /* add */
+	cca_get_random_bytes, /* pseudo rand */
+	cca_random_status, /* status */
+	};
+
+static const char *engine_4758_cca_id = "4758cca";
+static const char *engine_4758_cca_name = "IBM 4758 CCA hardware engine support";
+
+/* engine implementation */
+/*-----------------------*/
+static int bind_helper(ENGINE *e)
+	{
+	if(!ENGINE_set_id(e, engine_4758_cca_id) ||
+			!ENGINE_set_name(e, engine_4758_cca_name) ||
+#ifndef OPENSSL_NO_RSA
+			!ENGINE_set_RSA(e, &ibm_4758_cca_rsa) ||
+#endif
+			!ENGINE_set_RAND(e, &ibm_4758_cca_rand) ||
+			!ENGINE_set_destroy_function(e, ibm_4758_cca_destroy) ||
+			!ENGINE_set_init_function(e, ibm_4758_cca_init) ||
+			!ENGINE_set_finish_function(e, ibm_4758_cca_finish) ||
+			!ENGINE_set_ctrl_function(e, ibm_4758_cca_ctrl) ||
+			!ENGINE_set_load_privkey_function(e, ibm_4758_load_privkey) ||
+			!ENGINE_set_load_pubkey_function(e, ibm_4758_load_pubkey) ||
+			!ENGINE_set_cmd_defns(e, cca4758_cmd_defns))
+		return 0;
+	/* Ensure the error handling is set up */
+	ERR_load_CCA4758_strings();
+	return 1;
+	}
+
+#ifdef OPENSSL_NO_DYNAMIC_ENGINE
+static ENGINE *engine_4758_cca(void)
+	{
+	ENGINE *ret = ENGINE_new();
+	if(!ret)
+		return NULL;
+	if(!bind_helper(ret))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_4758cca(void)
+	{
+	ENGINE *e_4758 = engine_4758_cca();
+	if (!e_4758) return;
+	ENGINE_add(e_4758);
+	ENGINE_free(e_4758);
+	ERR_clear_error();   
+	}
+#endif
+
+static int ibm_4758_cca_destroy(ENGINE *e)
+	{
+	ERR_unload_CCA4758_strings();
+	free_CCA4758_LIB_NAME();
+	return 1;
+	}
+
+static int ibm_4758_cca_init(ENGINE *e)
+	{
+	if(dso)
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_ALREADY_LOADED);
+		goto err;
+		}
+
+	dso = DSO_load(NULL, get_CCA4758_LIB_NAME(), NULL, 0);
+	if(!dso)
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
+		goto err;
+		}
+
+#ifndef OPENSSL_NO_RSA
+	if(!(keyRecordRead = (F_KEYRECORDREAD)
+				DSO_bind_func(dso, n_keyRecordRead)) ||
+			!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
+				DSO_bind_func(dso, n_randomNumberGenerate)) ||
+			!(digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)
+				DSO_bind_func(dso, n_digitalSignatureGenerate)) ||
+			!(digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)
+				DSO_bind_func(dso, n_digitalSignatureVerify)) ||
+			!(publicKeyExtract = (F_PUBLICKEYEXTRACT)
+				DSO_bind_func(dso, n_publicKeyExtract)) ||
+			!(pkaEncrypt = (F_PKAENCRYPT)
+				DSO_bind_func(dso, n_pkaEncrypt)) ||
+			!(pkaDecrypt = (F_PKADECRYPT)
+				DSO_bind_func(dso, n_pkaDecrypt)))
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
+		goto err;
+		}
+#else
+	if(!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE)
+				DSO_bind_func(dso, n_randomNumberGenerate)))
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_INIT,CCA4758_R_DSO_FAILURE);
+		goto err;
+		}
+#endif
+
+	hndidx = RSA_get_ex_new_index(0, "IBM 4758 CCA RSA key handle",
+		NULL, NULL, cca_ex_free);
+
+	return 1;
+err:
+	if(dso)
+		DSO_free(dso);
+	dso = NULL;
+
+	keyRecordRead = (F_KEYRECORDREAD)0;
+	randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
+	digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
+	digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
+	publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
+	pkaEncrypt = (F_PKAENCRYPT)0;
+	pkaDecrypt = (F_PKADECRYPT)0;
+	return 0;
+	}
+
+static int ibm_4758_cca_finish(ENGINE *e)
+	{
+	free_CCA4758_LIB_NAME();
+	if(!dso)
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH,
+				CCA4758_R_NOT_LOADED);
+		return 0;
+		}
+	if(!DSO_free(dso))
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_FINISH,
+				CCA4758_R_UNIT_FAILURE);
+		return 0;
+		}
+	dso = NULL;
+	keyRecordRead = (F_KEYRECORDREAD)0;
+	randomNumberGenerate = (F_RANDOMNUMBERGENERATE)0;
+	digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE)0;
+	digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY)0;
+	publicKeyExtract = (F_PUBLICKEYEXTRACT)0;
+	pkaEncrypt = (F_PKAENCRYPT)0;
+	pkaDecrypt = (F_PKADECRYPT)0;
+	return 1;
+	}
+
+static int ibm_4758_cca_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+	{
+	int initialised = ((dso == NULL) ? 0 : 1);
+	switch(cmd)
+		{
+	case CCA4758_CMD_SO_PATH:
+		if(p == NULL)
+			{
+			CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
+					ERR_R_PASSED_NULL_PARAMETER);
+			return 0;
+			}
+		if(initialised)
+			{
+			CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
+					CCA4758_R_ALREADY_LOADED);
+			return 0;
+			}
+		return set_CCA4758_LIB_NAME((const char *)p);
+	default:
+		break;
+		}
+	CCA4758err(CCA4758_F_IBM_4758_CCA_CTRL,
+			CCA4758_R_COMMAND_NOT_IMPLEMENTED);
+	return 0;
+	}
+
+#ifndef OPENSSL_NO_RSA
+
+#define MAX_CCA_PKA_TOKEN_SIZE 2500
+
+static EVP_PKEY *ibm_4758_load_privkey(ENGINE* e, const char* key_id,
+			UI_METHOD *ui_method, void *callback_data)
+	{
+	RSA *rtmp = NULL;
+	EVP_PKEY *res = NULL;
+	unsigned char* keyToken = NULL;
+	unsigned char pubKeyToken[MAX_CCA_PKA_TOKEN_SIZE];
+	long pubKeyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
+	long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
+	long returnCode;
+	long reasonCode;
+	long exitDataLength = 0;
+	long ruleArrayLength = 0;
+	unsigned char exitData[8];
+	unsigned char ruleArray[8];
+	unsigned char keyLabel[64];
+	long keyLabelLength = strlen(key_id);
+	unsigned char modulus[256];
+	long modulusFieldLength = sizeof(modulus);
+	long modulusLength = 0;
+	unsigned char exponent[256];
+	long exponentLength = sizeof(exponent);
+
+	if (keyLabelLength > sizeof(keyLabel))
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+		CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+		return NULL;
+		}
+
+	memset(keyLabel,' ', sizeof(keyLabel));
+	memcpy(keyLabel, key_id, keyLabelLength);
+
+	keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
+	if (!keyToken)
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+				ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	keyRecordRead(&returnCode, &reasonCode, &exitDataLength,
+		exitData, &ruleArrayLength, ruleArray, keyLabel,
+		&keyTokenLength, keyToken+sizeof(long));
+
+	if (returnCode)
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+			CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
+		goto err;
+		}
+
+	publicKeyExtract(&returnCode, &reasonCode, &exitDataLength,
+		exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
+		keyToken+sizeof(long), &pubKeyTokenLength, pubKeyToken);
+
+	if (returnCode)
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+			CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
+		goto err;
+		}
+
+	if (!getModulusAndExponent(pubKeyToken, &exponentLength,
+			exponent, &modulusLength, &modulusFieldLength,
+			modulus))
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+			CCA4758_R_FAILED_LOADING_PRIVATE_KEY);
+		goto err;
+		}
+
+	(*(long*)keyToken) = keyTokenLength;
+	rtmp = RSA_new_method(e);
+	RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
+
+	rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
+	rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
+	rtmp->flags |= RSA_FLAG_EXT_PKEY;
+
+	res = EVP_PKEY_new();
+	EVP_PKEY_assign_RSA(res, rtmp);
+
+	return res;
+err:
+	if (keyToken)
+		OPENSSL_free(keyToken);
+	if (res)
+		EVP_PKEY_free(res);
+	if (rtmp)
+		RSA_free(rtmp);
+	return NULL;
+	}
+
+static EVP_PKEY *ibm_4758_load_pubkey(ENGINE* e, const char* key_id,
+			UI_METHOD *ui_method, void *callback_data)
+	{
+	RSA *rtmp = NULL;
+	EVP_PKEY *res = NULL;
+	unsigned char* keyToken = NULL;
+	long keyTokenLength = MAX_CCA_PKA_TOKEN_SIZE;
+	long returnCode;
+	long reasonCode;
+	long exitDataLength = 0;
+	long ruleArrayLength = 0;
+	unsigned char exitData[8];
+	unsigned char ruleArray[8];
+	unsigned char keyLabel[64];
+	long keyLabelLength = strlen(key_id);
+	unsigned char modulus[512];
+	long modulusFieldLength = sizeof(modulus);
+	long modulusLength = 0;
+	unsigned char exponent[512];
+	long exponentLength = sizeof(exponent);
+
+	if (keyLabelLength > sizeof(keyLabel))
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+			CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+		return NULL;
+		}
+
+	memset(keyLabel,' ', sizeof(keyLabel));
+	memcpy(keyLabel, key_id, keyLabelLength);
+
+	keyToken = OPENSSL_malloc(MAX_CCA_PKA_TOKEN_SIZE + sizeof(long));
+	if (!keyToken)
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY,
+				ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	keyRecordRead(&returnCode, &reasonCode, &exitDataLength, exitData,
+		&ruleArrayLength, ruleArray, keyLabel, &keyTokenLength,
+		keyToken+sizeof(long));
+
+	if (returnCode)
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+				ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+
+	if (!getModulusAndExponent(keyToken+sizeof(long), &exponentLength,
+			exponent, &modulusLength, &modulusFieldLength, modulus))
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,
+			CCA4758_R_FAILED_LOADING_PUBLIC_KEY);
+		goto err;
+		}
+
+	(*(long*)keyToken) = keyTokenLength;
+	rtmp = RSA_new_method(e);
+	RSA_set_ex_data(rtmp, hndidx, (char *)keyToken);
+	rtmp->e = BN_bin2bn(exponent, exponentLength, NULL);
+	rtmp->n = BN_bin2bn(modulus, modulusFieldLength, NULL);
+	rtmp->flags |= RSA_FLAG_EXT_PKEY;
+	res = EVP_PKEY_new();
+	EVP_PKEY_assign_RSA(res, rtmp);
+
+	return res;
+err:
+	if (keyToken)
+		OPENSSL_free(keyToken);
+	if (res)
+		EVP_PKEY_free(res);
+	if (rtmp)
+		RSA_free(rtmp);
+	return NULL;
+	}
+
+static int cca_rsa_pub_enc(int flen, const unsigned char *from,
+			unsigned char *to, RSA *rsa,int padding)
+	{
+	long returnCode;
+	long reasonCode;
+	long lflen = flen;
+	long exitDataLength = 0;
+	unsigned char exitData[8];
+	long ruleArrayLength = 1;
+	unsigned char ruleArray[8] = "PKCS-1.2";
+	long dataStructureLength = 0;
+	unsigned char dataStructure[8];
+	long outputLength = RSA_size(rsa);
+	long keyTokenLength;
+	unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
+
+	keyTokenLength = *(long*)keyToken;
+	keyToken+=sizeof(long);
+
+	pkaEncrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
+		&ruleArrayLength, ruleArray, &lflen, (unsigned char*)from,
+		&dataStructureLength, dataStructure, &keyTokenLength,
+		keyToken, &outputLength, to);
+
+	if (returnCode || reasonCode)
+		return -(returnCode << 16 | reasonCode);
+	return outputLength;
+	}
+
+static int cca_rsa_priv_dec(int flen, const unsigned char *from,
+			unsigned char *to, RSA *rsa,int padding)
+	{
+	long returnCode;
+	long reasonCode;
+	long lflen = flen;
+	long exitDataLength = 0;
+	unsigned char exitData[8];
+	long ruleArrayLength = 1;
+	unsigned char ruleArray[8] = "PKCS-1.2";
+	long dataStructureLength = 0;
+	unsigned char dataStructure[8];
+	long outputLength = RSA_size(rsa);
+	long keyTokenLength;
+	unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
+
+	keyTokenLength = *(long*)keyToken;
+	keyToken+=sizeof(long);
+
+	pkaDecrypt(&returnCode, &reasonCode, &exitDataLength, exitData,
+		&ruleArrayLength, ruleArray, &lflen, (unsigned char*)from,
+		&dataStructureLength, dataStructure, &keyTokenLength,
+		keyToken, &outputLength, to);
+
+	return (returnCode | reasonCode) ? 0 : 1;
+	}
+
+#define SSL_SIG_LEN 36
+
+static int cca_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
+		unsigned char *sigbuf, unsigned int siglen, const RSA *rsa)
+	{
+	long returnCode;
+	long reasonCode;
+	long lsiglen = siglen;
+	long exitDataLength = 0;
+	unsigned char exitData[8];
+	long ruleArrayLength = 1;
+	unsigned char ruleArray[8] = "PKCS-1.1";
+	long keyTokenLength;
+	unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
+	long length = SSL_SIG_LEN;
+	long keyLength ;
+	unsigned char *hashBuffer = NULL;
+	X509_SIG sig;
+	ASN1_TYPE parameter;
+	X509_ALGOR algorithm;
+	ASN1_OCTET_STRING digest;
+
+	keyTokenLength = *(long*)keyToken;
+	keyToken+=sizeof(long);
+
+	if (type == NID_md5 || type == NID_sha1)
+		{
+		sig.algor = &algorithm;
+		algorithm.algorithm = OBJ_nid2obj(type);
+
+		if (!algorithm.algorithm)
+			{
+			CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+				CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
+			return 0;
+			}
+
+		if (!algorithm.algorithm->length)
+			{
+			CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+				CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
+			return 0;
+			}
+
+		parameter.type = V_ASN1_NULL;
+		parameter.value.ptr = NULL;
+		algorithm.parameter = &parameter;
+
+		sig.digest = &digest;
+		sig.digest->data = (unsigned char*)m;
+		sig.digest->length = m_len;
+
+		length = i2d_X509_SIG(&sig, NULL);
+		}
+
+	keyLength = RSA_size(rsa);
+
+	if (length - RSA_PKCS1_PADDING > keyLength)
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+			CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+		return 0;
+		}
+
+	switch (type)
+		{
+		case NID_md5_sha1 :
+			if (m_len != SSL_SIG_LEN)
+				{
+				CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+				CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+				return 0;
+				}
+
+			hashBuffer = (unsigned char *)m;
+			length = m_len;
+			break;
+		case NID_md5 :
+			{
+			unsigned char *ptr;
+			ptr = hashBuffer = OPENSSL_malloc(
+					(unsigned int)keyLength+1);
+			if (!hashBuffer)
+				{
+				CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+						ERR_R_MALLOC_FAILURE);
+				return 0;
+				}
+
+			i2d_X509_SIG(&sig, &ptr);
+			}
+			break;
+		case NID_sha1 :
+			{
+			unsigned char *ptr;
+			ptr = hashBuffer = OPENSSL_malloc(
+					(unsigned int)keyLength+1);
+			if (!hashBuffer)
+				{
+				CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+						ERR_R_MALLOC_FAILURE);
+				return 0;
+				}
+			i2d_X509_SIG(&sig, &ptr);
+			}
+			break;
+		default:
+			return 0;
+		}
+
+	digitalSignatureVerify(&returnCode, &reasonCode, &exitDataLength,
+		exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
+		keyToken, &length, hashBuffer, &lsiglen, sigbuf);
+
+	if (type == NID_sha1 || type == NID_md5)
+		{
+		OPENSSL_cleanse(hashBuffer, keyLength+1);
+		OPENSSL_free(hashBuffer);
+		}
+
+	return ((returnCode || reasonCode) ? 0 : 1);
+	}
+
+#define SSL_SIG_LEN 36
+
+static int cca_rsa_sign(int type, const unsigned char *m, unsigned int m_len,
+		unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
+	{
+	long returnCode;
+	long reasonCode;
+	long exitDataLength = 0;
+	unsigned char exitData[8];
+	long ruleArrayLength = 1;
+	unsigned char ruleArray[8] = "PKCS-1.1";
+	long outputLength=256;
+	long outputBitLength;
+	long keyTokenLength;
+	unsigned char *hashBuffer = NULL;
+	unsigned char* keyToken = (unsigned char*)RSA_get_ex_data(rsa, hndidx);
+	long length = SSL_SIG_LEN;
+	long keyLength ;
+	X509_SIG sig;
+	ASN1_TYPE parameter;
+	X509_ALGOR algorithm;
+	ASN1_OCTET_STRING digest;
+
+	keyTokenLength = *(long*)keyToken;
+	keyToken+=sizeof(long);
+
+	if (type == NID_md5 || type == NID_sha1)
+		{
+		sig.algor = &algorithm;
+		algorithm.algorithm = OBJ_nid2obj(type);
+
+		if (!algorithm.algorithm)
+			{
+			CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
+				CCA4758_R_UNKNOWN_ALGORITHM_TYPE);
+			return 0;
+			}
+
+		if (!algorithm.algorithm->length)
+			{
+			CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
+				CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD);
+			return 0;
+			}
+
+		parameter.type = V_ASN1_NULL;
+		parameter.value.ptr = NULL;
+		algorithm.parameter = &parameter;
+
+		sig.digest = &digest;
+		sig.digest->data = (unsigned char*)m;
+		sig.digest->length = m_len;
+
+		length = i2d_X509_SIG(&sig, NULL);
+		}
+
+	keyLength = RSA_size(rsa);
+
+	if (length - RSA_PKCS1_PADDING > keyLength)
+		{
+		CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
+			CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+		return 0;
+		}
+
+	switch (type)
+		{
+		case NID_md5_sha1 :
+			if (m_len != SSL_SIG_LEN)
+				{
+				CCA4758err(CCA4758_F_IBM_4758_CCA_SIGN,
+				CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+				return 0;
+				}
+			hashBuffer = (unsigned char*)m;
+			length = m_len;
+			break;
+		case NID_md5 :
+			{
+			unsigned char *ptr;
+			ptr = hashBuffer = OPENSSL_malloc(
+					(unsigned int)keyLength+1);
+			if (!hashBuffer)
+				{
+				CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+						ERR_R_MALLOC_FAILURE);
+				return 0;
+				}
+			i2d_X509_SIG(&sig, &ptr);
+			}
+			break;
+		case NID_sha1 :
+			{
+			unsigned char *ptr;
+			ptr = hashBuffer = OPENSSL_malloc(
+					(unsigned int)keyLength+1);
+			if (!hashBuffer)
+				{
+				CCA4758err(CCA4758_F_IBM_4758_CCA_VERIFY,
+						ERR_R_MALLOC_FAILURE);
+				return 0;
+				}
+			i2d_X509_SIG(&sig, &ptr);
+			}
+			break;
+		default:
+			return 0;
+		}
+
+	digitalSignatureGenerate(&returnCode, &reasonCode, &exitDataLength,
+		exitData, &ruleArrayLength, ruleArray, &keyTokenLength,
+		keyToken, &length, hashBuffer, &outputLength, &outputBitLength,
+		sigret);
+
+	if (type == NID_sha1 || type == NID_md5)
+		{
+		OPENSSL_cleanse(hashBuffer, keyLength+1);
+		OPENSSL_free(hashBuffer);
+		}
+
+	*siglen = outputLength;
+
+	return ((returnCode || reasonCode) ? 0 : 1);
+	}
+
+static int getModulusAndExponent(const unsigned char*token, long *exponentLength,
+		unsigned char *exponent, long *modulusLength, long *modulusFieldLength,
+		unsigned char *modulus)
+	{
+	unsigned long len;
+
+	if (*token++ != (char)0x1E) /* internal PKA token? */
+		return 0;
+
+	if (*token++) /* token version must be zero */
+		return 0;
+
+	len = *token++;
+	len = len << 8;
+	len |= (unsigned char)*token++;
+
+	token += 4; /* skip reserved bytes */
+
+	if (*token++ == (char)0x04)
+		{
+		if (*token++) /* token version must be zero */
+			return 0;
+
+		len = *token++;
+		len = len << 8;
+		len |= (unsigned char)*token++;
+
+		token+=2; /* skip reserved section */
+
+		len = *token++;
+		len = len << 8;
+		len |= (unsigned char)*token++;
+
+		*exponentLength = len;
+
+		len = *token++;
+		len = len << 8;
+		len |= (unsigned char)*token++;
+
+		*modulusLength = len;
+
+		len = *token++;
+		len = len << 8;
+		len |= (unsigned char)*token++;
+
+		*modulusFieldLength = len;
+
+		memcpy(exponent, token, *exponentLength);
+		token+= *exponentLength;
+
+		memcpy(modulus, token, *modulusFieldLength);
+		return 1;
+		}
+	return 0;
+	}
+
+#endif /* OPENSSL_NO_RSA */
+
+static int cca_random_status(void)
+	{
+	return 1;
+	}
+
+static int cca_get_random_bytes(unsigned char* buf, int num)
+	{
+	long ret_code;
+	long reason_code;
+	long exit_data_length;
+	unsigned char exit_data[4];
+	unsigned char form[] = "RANDOM  ";
+	unsigned char rand_buf[8];
+
+	while(num >= sizeof(rand_buf))
+		{
+		randomNumberGenerate(&ret_code, &reason_code, &exit_data_length,
+			exit_data, form, rand_buf);
+		if (ret_code)
+			return 0;
+		num -= sizeof(rand_buf);
+		memcpy(buf, rand_buf, sizeof(rand_buf));
+		buf += sizeof(rand_buf);
+		}
+
+	if (num)
+		{
+		randomNumberGenerate(&ret_code, &reason_code, NULL, NULL,
+			form, rand_buf);
+		if (ret_code)
+			return 0;
+		memcpy(buf, rand_buf, num);
+		}
+
+	return 1;
+	}
+
+static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx,
+		long argl, void *argp)
+	{
+	if (item)
+		OPENSSL_free(item);
+	}
+
+/* Goo to handle building as a dynamic engine */
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE 
+static int bind_fn(ENGINE *e, const char *id)
+	{
+	if(id && (strcmp(id, engine_4758_cca_id) != 0))
+		return 0;
+	if(!bind_helper(e))
+		return 0;
+	return 1;
+	}       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+
+#endif /* !OPENSSL_NO_HW_4758_CCA */
+#endif /* !OPENSSL_NO_HW */
diff --git a/engines/e_4758_cca.ec b/engines/e_4758_cca.ec
new file mode 100644
index 0000000000..2919969466
--- /dev/null
+++ b/engines/e_4758_cca.ec
@@ -0,0 +1 @@
+L CCA4758	e_4758_cca_err.h		e_4758_cca_err.c
diff --git a/engines/e_4758_cca_err.c b/engines/e_4758_cca_err.c
new file mode 100644
index 0000000000..12c6d2eeda
--- /dev/null
+++ b/engines/e_4758_cca_err.c
@@ -0,0 +1,149 @@
+/* hw_4758_cca_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_4758_cca_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA CCA4758_str_functs[]=
+	{
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_CTRL,0),	"IBM_4758_CCA_CTRL"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_FINISH,0),	"IBM_4758_CCA_FINISH"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_INIT,0),	"IBM_4758_CCA_INIT"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY,0),	"IBM_4758_CCA_LOAD_PRIVKEY"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY,0),	"IBM_4758_CCA_LOAD_PUBKEY"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_SIGN,0),	"IBM_4758_CCA_SIGN"},
+{ERR_PACK(0,CCA4758_F_IBM_4758_CCA_VERIFY,0),	"IBM_4758_CCA_VERIFY"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA CCA4758_str_reasons[]=
+	{
+{CCA4758_R_ALREADY_LOADED                ,"already loaded"},
+{CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD       ,"asn1 oid unknown for md"},
+{CCA4758_R_COMMAND_NOT_IMPLEMENTED       ,"command not implemented"},
+{CCA4758_R_DSO_FAILURE                   ,"dso failure"},
+{CCA4758_R_FAILED_LOADING_PRIVATE_KEY    ,"failed loading private key"},
+{CCA4758_R_FAILED_LOADING_PUBLIC_KEY     ,"failed loading public key"},
+{CCA4758_R_NOT_LOADED                    ,"not loaded"},
+{CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL   ,"size too large or too small"},
+{CCA4758_R_UNIT_FAILURE                  ,"unit failure"},
+{CCA4758_R_UNKNOWN_ALGORITHM_TYPE        ,"unknown algorithm type"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef CCA4758_LIB_NAME
+static ERR_STRING_DATA CCA4758_lib_name[]=
+        {
+{0	,CCA4758_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int CCA4758_lib_error_code=0;
+static int CCA4758_error_init=1;
+
+static void ERR_load_CCA4758_strings(void)
+	{
+	if (CCA4758_lib_error_code == 0)
+		CCA4758_lib_error_code=ERR_get_next_error_library();
+
+	if (CCA4758_error_init)
+		{
+		CCA4758_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_functs);
+		ERR_load_strings(CCA4758_lib_error_code,CCA4758_str_reasons);
+#endif
+
+#ifdef CCA4758_LIB_NAME
+		CCA4758_lib_name->error = ERR_PACK(CCA4758_lib_error_code,0,0);
+		ERR_load_strings(0,CCA4758_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_CCA4758_strings(void)
+	{
+	if (CCA4758_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_functs);
+		ERR_unload_strings(CCA4758_lib_error_code,CCA4758_str_reasons);
+#endif
+
+#ifdef CCA4758_LIB_NAME
+		ERR_unload_strings(0,CCA4758_lib_name);
+#endif
+		CCA4758_error_init=1;
+		}
+	}
+
+static void ERR_CCA4758_error(int function, int reason, char *file, int line)
+	{
+	if (CCA4758_lib_error_code == 0)
+		CCA4758_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(CCA4758_lib_error_code,function,reason,file,line);
+	}
diff --git a/engines/e_4758_cca_err.h b/engines/e_4758_cca_err.h
new file mode 100644
index 0000000000..2fc563ab11
--- /dev/null
+++ b/engines/e_4758_cca_err.h
@@ -0,0 +1,93 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_CCA4758_ERR_H
+#define HEADER_CCA4758_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_CCA4758_strings(void);
+static void ERR_unload_CCA4758_strings(void);
+static void ERR_CCA4758_error(int function, int reason, char *file, int line);
+#define CCA4758err(f,r) ERR_CCA4758_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the CCA4758 functions. */
+
+/* Function codes. */
+#define CCA4758_F_IBM_4758_CCA_CTRL			 100
+#define CCA4758_F_IBM_4758_CCA_FINISH			 101
+#define CCA4758_F_IBM_4758_CCA_INIT			 102
+#define CCA4758_F_IBM_4758_CCA_LOAD_PRIVKEY		 103
+#define CCA4758_F_IBM_4758_CCA_LOAD_PUBKEY		 104
+#define CCA4758_F_IBM_4758_CCA_SIGN			 105
+#define CCA4758_F_IBM_4758_CCA_VERIFY			 106
+
+/* Reason codes. */
+#define CCA4758_R_ALREADY_LOADED			 100
+#define CCA4758_R_ASN1_OID_UNKNOWN_FOR_MD		 101
+#define CCA4758_R_COMMAND_NOT_IMPLEMENTED		 102
+#define CCA4758_R_DSO_FAILURE				 103
+#define CCA4758_R_FAILED_LOADING_PRIVATE_KEY		 104
+#define CCA4758_R_FAILED_LOADING_PUBLIC_KEY		 105
+#define CCA4758_R_NOT_LOADED				 106
+#define CCA4758_R_SIZE_TOO_LARGE_OR_TOO_SMALL		 107
+#define CCA4758_R_UNIT_FAILURE				 108
+#define CCA4758_R_UNKNOWN_ALGORITHM_TYPE		 109
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/engines/e_aep.c b/engines/e_aep.c
new file mode 100644
index 0000000000..b01d7094f4
--- /dev/null
+++ b/engines/e_aep.c
@@ -0,0 +1,1119 @@
+/* crypto/engine/hw_aep.c */
+/*
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include <string.h>
+
+#include <openssl/e_os2.h>
+#if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
+#include <sys/types.h>
+#include <unistd.h>
+#else
+#include <process.h>
+typedef int pid_t;
+#endif
+
+#include <openssl/crypto.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#include <openssl/buffer.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_AEP
+#ifdef FLAT_INC
+#include "aep.h"
+#else
+#include "vendor_defns/aep.h"
+#endif
+
+#define AEP_LIB_NAME "aep engine"
+#define FAIL_TO_SW 0x10101010
+
+#include "e_aep_err.c"
+
+static int aep_init(ENGINE *e);
+static int aep_finish(ENGINE *e);
+static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+static int aep_destroy(ENGINE *e);
+
+static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR hConnection);
+static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection);
+static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection);
+static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use);
+
+/* BIGNUM stuff */
+static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *m, BN_CTX *ctx);
+
+static AEP_RV aep_mod_exp_crt(BIGNUM *r,const  BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *q, const BIGNUM *dmp1,const BIGNUM *dmq1,
+	const BIGNUM *iqmp, BN_CTX *ctx);
+
+/* RSA stuff */
+#ifndef OPENSSL_NO_RSA
+static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+#endif
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+/* DSA stuff */
+#ifndef OPENSSL_NO_DSA
+static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+	BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+	BN_CTX *ctx, BN_MONT_CTX *in_mont);
+
+static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+	const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+	BN_MONT_CTX *m_ctx);
+#endif
+
+/* DH stuff */
+/* This function is aliased to mod_exp (with the DH and mont dropped). */
+#ifndef OPENSSL_NO_DH
+static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+	const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
+
+/* rand stuff   */
+#ifdef AEPRAND
+static int aep_rand(unsigned char *buf, int num);
+static int aep_rand_status(void);
+#endif
+
+/* Bignum conversion stuff */
+static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize);
+static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
+	unsigned char* AEP_BigNum);
+static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
+	unsigned char* AEP_BigNum);
+
+/* The definitions for control commands specific to this engine */
+#define AEP_CMD_SO_PATH		ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN aep_cmd_defns[] =
+	{
+	{ AEP_CMD_SO_PATH,
+	  "SO_PATH",
+	  "Specifies the path to the 'aep' shared library",
+	  ENGINE_CMD_FLAG_STRING
+	},
+	{0, NULL, NULL, 0}
+	};
+
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD aep_rsa =
+	{
+	"Aep RSA method",
+	NULL,                /*rsa_pub_encrypt*/
+	NULL,                /*rsa_pub_decrypt*/
+	NULL,                /*rsa_priv_encrypt*/
+	NULL,                /*rsa_priv_encrypt*/
+	aep_rsa_mod_exp,     /*rsa_mod_exp*/
+	aep_mod_exp_mont,    /*bn_mod_exp*/
+	NULL,                /*init*/
+	NULL,                /*finish*/
+	0,                   /*flags*/
+	NULL,                /*app_data*/
+	NULL,                /*rsa_sign*/
+	NULL                 /*rsa_verify*/
+	};
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD aep_dsa =
+	{
+	"Aep DSA method",
+	NULL,                /* dsa_do_sign */
+	NULL,                /* dsa_sign_setup */
+	NULL,                /* dsa_do_verify */
+	aep_dsa_mod_exp,     /* dsa_mod_exp */
+	aep_mod_exp_dsa,     /* bn_mod_exp */
+	NULL,                /* init */
+	NULL,                /* finish */
+	0,                   /* flags */
+	NULL                 /* app_data */
+	};
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD aep_dh =
+	{
+	"Aep DH method",
+	NULL,
+	NULL,
+	aep_mod_exp_dh,
+	NULL,
+	NULL,
+	0,
+	NULL
+	};
+#endif
+
+#ifdef AEPRAND
+/* our internal RAND_method that we provide pointers to  */
+static RAND_METHOD aep_random =
+	{
+	/*"AEP RAND method", */
+	NULL,
+	aep_rand,
+	NULL,
+	NULL,
+	aep_rand,
+	aep_rand_status,
+	};
+#endif
+
+/*Define an array of structures to hold connections*/
+static AEP_CONNECTION_ENTRY aep_app_conn_table[MAX_PROCESS_CONNECTIONS];
+
+/*Used to determine if this is a new process*/
+static pid_t    recorded_pid = 0;
+
+#ifdef AEPRAND
+static AEP_U8   rand_block[RAND_BLK_SIZE];
+static AEP_U32  rand_block_bytes = 0;
+#endif
+
+/* Constants used when creating the ENGINE */
+static const char *engine_aep_id = "aep";
+static const char *engine_aep_name = "Aep hardware engine support";
+
+static int max_key_len = 2176;
+
+
+/* This internal function is used by ENGINE_aep() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_aep(ENGINE *e)
+	{
+#ifndef OPENSSL_NO_RSA
+	const RSA_METHOD  *meth1;
+#endif
+#ifndef OPENSSL_NO_DSA
+	const DSA_METHOD  *meth2;
+#endif
+#ifndef OPENSSL_NO_DH
+	const DH_METHOD	  *meth3;
+#endif
+
+	if(!ENGINE_set_id(e, engine_aep_id) ||
+		!ENGINE_set_name(e, engine_aep_name) ||
+#ifndef OPENSSL_NO_RSA
+		!ENGINE_set_RSA(e, &aep_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+		!ENGINE_set_DSA(e, &aep_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+		!ENGINE_set_DH(e, &aep_dh) ||
+#endif
+#ifdef AEPRAND
+		!ENGINE_set_RAND(e, &aep_random) ||
+#endif
+		!ENGINE_set_init_function(e, aep_init) ||
+		!ENGINE_set_destroy_function(e, aep_destroy) ||
+		!ENGINE_set_finish_function(e, aep_finish) ||
+		!ENGINE_set_ctrl_function(e, aep_ctrl) ||
+		!ENGINE_set_cmd_defns(e, aep_cmd_defns))
+		return 0;
+
+#ifndef OPENSSL_NO_RSA
+	/* We know that the "PKCS1_SSLeay()" functions hook properly
+	 * to the aep-specific mod_exp and mod_exp_crt so we use
+	 * those functions. NB: We don't use ENGINE_openssl() or
+	 * anything "more generic" because something like the RSAref
+	 * code may not hook properly, and if you own one of these
+	 * cards then you have the right to do RSA operations on it
+	 * anyway! */
+	meth1 = RSA_PKCS1_SSLeay();
+	aep_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+	aep_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+	aep_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+	aep_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+
+
+#ifndef OPENSSL_NO_DSA
+	/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
+	 * bits. */
+	meth2 = DSA_OpenSSL();
+	aep_dsa.dsa_do_sign    = meth2->dsa_do_sign;
+	aep_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
+	aep_dsa.dsa_do_verify  = meth2->dsa_do_verify;
+
+	aep_dsa = *DSA_get_default_method(); 
+	aep_dsa.dsa_mod_exp = aep_dsa_mod_exp; 
+	aep_dsa.bn_mod_exp = aep_mod_exp_dsa;
+#endif
+
+#ifndef OPENSSL_NO_DH
+	/* Much the same for Diffie-Hellman */
+	meth3 = DH_OpenSSL();
+	aep_dh.generate_key = meth3->generate_key;
+	aep_dh.compute_key  = meth3->compute_key;
+	aep_dh.bn_mod_exp   = meth3->bn_mod_exp;
+#endif
+
+	/* Ensure the aep error handling is set up */
+	ERR_load_AEPHK_strings();
+
+	return 1;
+}
+
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_helper(ENGINE *e, const char *id)
+	{
+	if(id && (strcmp(id, engine_aep_id) != 0))
+		return 0;
+	if(!bind_aep(e))
+		return 0;
+	return 1;
+	}       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+#else
+static ENGINE *engine_aep(void)
+	{
+	ENGINE *ret = ENGINE_new();
+	if(!ret)
+		return NULL;
+	if(!bind_aep(ret))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_aep(void)
+	{
+	/* Copied from eng_[openssl|dyn].c */
+	ENGINE *toadd = engine_aep();
+	if(!toadd) return;
+	ENGINE_add(toadd);
+	ENGINE_free(toadd);
+	ERR_clear_error();
+	}
+#endif
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the Aep library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *aep_dso = NULL;
+
+/* These are the static string constants for the DSO file name and the function
+ * symbol names to bind to. 
+*/
+static const char *AEP_LIBNAME = NULL;
+static const char *get_AEP_LIBNAME(void)
+	{
+	if(AEP_LIBNAME)
+		return AEP_LIBNAME;
+	return "aep";
+	}
+static void free_AEP_LIBNAME(void)
+	{
+	if(AEP_LIBNAME)
+		OPENSSL_free((void*)AEP_LIBNAME);
+	AEP_LIBNAME = NULL;
+	}
+static long set_AEP_LIBNAME(const char *name)
+	{
+	free_AEP_LIBNAME();
+	return ((AEP_LIBNAME = BUF_strdup(name)) != NULL ? 1 : 0);
+	}
+
+static const char *AEP_F1    = "AEP_ModExp";
+static const char *AEP_F2    = "AEP_ModExpCrt";
+#ifdef AEPRAND
+static const char *AEP_F3    = "AEP_GenRandom";
+#endif
+static const char *AEP_F4    = "AEP_Finalize";
+static const char *AEP_F5    = "AEP_Initialize";
+static const char *AEP_F6    = "AEP_OpenConnection";
+static const char *AEP_F7    = "AEP_SetBNCallBacks";
+static const char *AEP_F8    = "AEP_CloseConnection";
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static t_AEP_OpenConnection    *p_AEP_OpenConnection  = NULL;
+static t_AEP_CloseConnection   *p_AEP_CloseConnection = NULL;
+static t_AEP_ModExp            *p_AEP_ModExp          = NULL;
+static t_AEP_ModExpCrt         *p_AEP_ModExpCrt       = NULL;
+#ifdef AEPRAND
+static t_AEP_GenRandom         *p_AEP_GenRandom       = NULL;
+#endif
+static t_AEP_Initialize        *p_AEP_Initialize      = NULL;
+static t_AEP_Finalize          *p_AEP_Finalize        = NULL;
+static t_AEP_SetBNCallBacks    *p_AEP_SetBNCallBacks  = NULL;
+
+/* (de)initialisation functions. */
+static int aep_init(ENGINE *e)
+	{
+	t_AEP_ModExp          *p1;
+	t_AEP_ModExpCrt       *p2;
+#ifdef AEPRAND
+	t_AEP_GenRandom       *p3;
+#endif
+	t_AEP_Finalize        *p4;
+	t_AEP_Initialize      *p5;
+	t_AEP_OpenConnection  *p6;
+	t_AEP_SetBNCallBacks  *p7;
+	t_AEP_CloseConnection *p8;
+
+	int to_return = 0;
+ 
+	if(aep_dso != NULL)
+		{
+		AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_ALREADY_LOADED);
+		goto err;
+		}
+	/* Attempt to load libaep.so. */
+
+	aep_dso = DSO_load(NULL, get_AEP_LIBNAME(), NULL, 0);
+  
+	if(aep_dso == NULL)
+		{
+		AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_NOT_LOADED);
+		goto err;
+		}
+
+	if(	!(p1 = (t_AEP_ModExp *)     DSO_bind_func( aep_dso,AEP_F1))  ||
+		!(p2 = (t_AEP_ModExpCrt*)   DSO_bind_func( aep_dso,AEP_F2))  ||
+#ifdef AEPRAND
+		!(p3 = (t_AEP_GenRandom*)   DSO_bind_func( aep_dso,AEP_F3))  ||
+#endif
+		!(p4 = (t_AEP_Finalize*)    DSO_bind_func( aep_dso,AEP_F4))  ||
+		!(p5 = (t_AEP_Initialize*)  DSO_bind_func( aep_dso,AEP_F5))  ||
+		!(p6 = (t_AEP_OpenConnection*) DSO_bind_func( aep_dso,AEP_F6))  ||
+		!(p7 = (t_AEP_SetBNCallBacks*) DSO_bind_func( aep_dso,AEP_F7))  ||
+		!(p8 = (t_AEP_CloseConnection*) DSO_bind_func( aep_dso,AEP_F8)))
+		{
+		AEPHKerr(AEPHK_F_AEP_INIT,AEPHK_R_NOT_LOADED);
+		goto err;
+		}
+
+	/* Copy the pointers */
+  
+	p_AEP_ModExp           = p1;
+	p_AEP_ModExpCrt        = p2;
+#ifdef AEPRAND
+	p_AEP_GenRandom        = p3;
+#endif
+	p_AEP_Finalize         = p4;
+	p_AEP_Initialize       = p5;
+	p_AEP_OpenConnection   = p6;
+	p_AEP_SetBNCallBacks   = p7;
+	p_AEP_CloseConnection  = p8;
+ 
+	to_return = 1;
+ 
+	return to_return;
+
+ err: 
+
+	if(aep_dso)
+		DSO_free(aep_dso);
+		
+	p_AEP_OpenConnection    = NULL;
+	p_AEP_ModExp            = NULL;
+	p_AEP_ModExpCrt         = NULL;
+#ifdef AEPRAND
+	p_AEP_GenRandom         = NULL;
+#endif
+	p_AEP_Initialize        = NULL;
+	p_AEP_Finalize          = NULL;
+	p_AEP_SetBNCallBacks    = NULL;
+	p_AEP_CloseConnection   = NULL;
+
+	return to_return;
+	}
+
+/* Destructor (complements the "ENGINE_aep()" constructor) */
+static int aep_destroy(ENGINE *e)
+	{
+	free_AEP_LIBNAME();
+	ERR_unload_AEPHK_strings();
+	return 1;
+	}
+
+static int aep_finish(ENGINE *e)
+	{
+	int to_return = 0, in_use;
+	AEP_RV rv;
+
+	if(aep_dso == NULL)
+		{
+		AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_NOT_LOADED);
+		goto err;
+		}
+
+	rv = aep_close_all_connections(0, &in_use);
+	if (rv != AEP_R_OK)
+		{
+		AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_CLOSE_HANDLES_FAILED);
+		goto err;
+		}
+	if (in_use)
+		{
+		AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_CONNECTIONS_IN_USE);
+		goto err;
+		}
+
+	rv = p_AEP_Finalize();
+	if (rv != AEP_R_OK)
+		{
+		AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_FINALIZE_FAILED);
+		goto err;
+		}
+
+	if(!DSO_free(aep_dso))
+		{
+		AEPHKerr(AEPHK_F_AEP_FINISH,AEPHK_R_UNIT_FAILURE);
+		goto err;
+		}
+
+	aep_dso = NULL;
+	p_AEP_CloseConnection   = NULL;
+	p_AEP_OpenConnection    = NULL;
+	p_AEP_ModExp            = NULL;
+	p_AEP_ModExpCrt         = NULL;
+#ifdef AEPRAND
+	p_AEP_GenRandom         = NULL;
+#endif
+	p_AEP_Initialize        = NULL;
+	p_AEP_Finalize          = NULL;
+	p_AEP_SetBNCallBacks    = NULL;
+
+	to_return = 1;
+ err:
+	return to_return;
+	}
+
+static int aep_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+	{
+	int initialised = ((aep_dso == NULL) ? 0 : 1);
+	switch(cmd)
+		{
+	case AEP_CMD_SO_PATH:
+		if(p == NULL)
+			{
+			AEPHKerr(AEPHK_F_AEP_CTRL,
+				ERR_R_PASSED_NULL_PARAMETER);
+			return 0;
+			}
+		if(initialised)
+			{
+			AEPHKerr(AEPHK_F_AEP_CTRL,
+				AEPHK_R_ALREADY_LOADED);
+			return 0;
+			}
+		return set_AEP_LIBNAME((const char*)p);
+	default:
+		break;
+		}
+	AEPHKerr(AEPHK_F_AEP_CTRL,AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+	return 0;
+	}
+
+static int aep_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *m, BN_CTX *ctx)
+	{
+	int to_return = 0;
+	int 	r_len = 0;
+	AEP_CONNECTION_HNDL hConnection;
+	AEP_RV rv;
+	
+	r_len = BN_num_bits(m);
+
+	/* Perform in software if modulus is too large for hardware. */
+
+	if (r_len > max_key_len){
+		AEPHKerr(AEPHK_F_AEP_MOD_EXP, AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+		return BN_mod_exp(r, a, p, m, ctx);
+	} 
+
+	/*Grab a connection from the pool*/
+	rv = aep_get_connection(&hConnection);
+	if (rv != AEP_R_OK)
+		{     
+		AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_GET_HANDLE_FAILED);
+		return BN_mod_exp(r, a, p, m, ctx);
+		}
+
+	/*To the card with the mod exp*/
+	rv = p_AEP_ModExp(hConnection,(void*)a, (void*)p,(void*)m, (void*)r,NULL);
+
+	if (rv !=  AEP_R_OK)
+		{
+		AEPHKerr(AEPHK_F_AEP_MOD_EXP,AEPHK_R_MOD_EXP_FAILED);
+		rv = aep_close_connection(hConnection);
+		return BN_mod_exp(r, a, p, m, ctx);
+		}
+
+	/*Return the connection to the pool*/
+	rv = aep_return_connection(hConnection);
+	if (rv != AEP_R_OK)
+		{
+		AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED); 
+		goto err;
+		}
+
+	to_return = 1;
+ err:
+	return to_return;
+	}
+	
+static AEP_RV aep_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *q, const BIGNUM *dmp1,
+	const BIGNUM *dmq1,const BIGNUM *iqmp, BN_CTX *ctx)
+	{
+	AEP_RV rv = AEP_R_OK;
+	AEP_CONNECTION_HNDL hConnection;
+
+	/*Grab a connection from the pool*/
+	rv = aep_get_connection(&hConnection);
+	if (rv != AEP_R_OK)
+		{
+		AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_GET_HANDLE_FAILED);
+		return FAIL_TO_SW;
+		}
+
+	/*To the card with the mod exp*/
+	rv = p_AEP_ModExpCrt(hConnection,(void*)a, (void*)p, (void*)q, (void*)dmp1,(void*)dmq1,
+		(void*)iqmp,(void*)r,NULL);
+	if (rv != AEP_R_OK)
+		{
+		AEPHKerr(AEPHK_F_AEP_MOD_EXP_CRT,AEPHK_R_MOD_EXP_CRT_FAILED);
+		rv = aep_close_connection(hConnection);
+		return FAIL_TO_SW;
+		}
+
+	/*Return the connection to the pool*/
+	rv = aep_return_connection(hConnection);
+	if (rv != AEP_R_OK)
+		{
+		AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED); 
+		goto err;
+		}
+ 
+ err:
+	return rv;
+	}
+	
+
+#ifdef AEPRAND
+static int aep_rand(unsigned char *buf,int len )
+	{
+	AEP_RV rv = AEP_R_OK;
+	AEP_CONNECTION_HNDL hConnection;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+
+	/*Can the request be serviced with what's already in the buffer?*/
+	if (len <= rand_block_bytes)
+		{
+		memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
+		rand_block_bytes -= len;
+		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+		}
+	else
+		/*If not the get another block of random bytes*/
+		{
+		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+		rv = aep_get_connection(&hConnection);
+		if (rv !=  AEP_R_OK)
+			{ 
+			AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_HANDLE_FAILED);             
+			goto err_nounlock;
+			}
+
+		if (len > RAND_BLK_SIZE)
+			{
+			rv = p_AEP_GenRandom(hConnection, len, 2, buf, NULL);
+			if (rv !=  AEP_R_OK)
+				{  
+				AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_RANDOM_FAILED); 
+				goto err_nounlock;
+				}
+			}
+		else
+			{
+			CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+
+			rv = p_AEP_GenRandom(hConnection, RAND_BLK_SIZE, 2, &rand_block[0], NULL);
+			if (rv !=  AEP_R_OK)
+				{       
+				AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_GET_RANDOM_FAILED); 
+	      
+				goto err;
+				}
+
+			rand_block_bytes = RAND_BLK_SIZE;
+
+			memcpy(buf, &rand_block[RAND_BLK_SIZE - rand_block_bytes], len);
+			rand_block_bytes -= len;
+
+			CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+			}
+
+		rv = aep_return_connection(hConnection);
+		if (rv != AEP_R_OK)
+			{
+			AEPHKerr(AEPHK_F_AEP_RAND,AEPHK_R_RETURN_CONNECTION_FAILED); 
+	  
+			goto err_nounlock;
+			}
+		}
+  
+	return 1;
+ err:
+	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ err_nounlock:
+	return 0;
+	}
+	
+static int aep_rand_status(void)
+{
+	return 1;
+}
+#endif
+
+#ifndef OPENSSL_NO_RSA
+static int aep_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+	{
+	BN_CTX *ctx = NULL;
+	int to_return = 0;
+	AEP_RV rv = AEP_R_OK;
+
+	if ((ctx = BN_CTX_new()) == NULL)
+		goto err;
+
+	if (!aep_dso)
+		{
+		AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_NOT_LOADED);
+		goto err;
+		}
+
+	/*See if we have all the necessary bits for a crt*/
+	if (rsa->q && rsa->dmp1 && rsa->dmq1 && rsa->iqmp)
+		{
+		rv =  aep_mod_exp_crt(r0,I,rsa->p,rsa->q, rsa->dmp1,rsa->dmq1,rsa->iqmp,ctx);
+
+		if (rv == FAIL_TO_SW){
+			const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+			to_return = (*meth->rsa_mod_exp)(r0, I, rsa);
+			goto err;
+		}
+		else if (rv != AEP_R_OK)
+			goto err;
+		}
+	else
+		{
+		if (!rsa->d || !rsa->n)
+			{
+			AEPHKerr(AEPHK_F_AEP_RSA_MOD_EXP,AEPHK_R_MISSING_KEY_COMPONENTS);
+			goto err;
+			}
+ 
+		rv = aep_mod_exp(r0,I,rsa->d,rsa->n,ctx);
+		if  (rv != AEP_R_OK)
+			goto err;
+	
+		}
+
+	to_return = 1;
+
+ err:
+	if(ctx)
+		BN_CTX_free(ctx);
+	return to_return;
+}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+static int aep_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+	BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+	BN_CTX *ctx, BN_MONT_CTX *in_mont)
+	{
+	BIGNUM t;
+	int to_return = 0;
+	BN_init(&t);
+
+	/* let rr = a1 ^ p1 mod m */
+	if (!aep_mod_exp(rr,a1,p1,m,ctx)) goto end;
+	/* let t = a2 ^ p2 mod m */
+	if (!aep_mod_exp(&t,a2,p2,m,ctx)) goto end;
+	/* let rr = rr * t mod m */
+	if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
+	to_return = 1;
+ end: 
+	BN_free(&t);
+	return to_return;
+	}
+
+static int aep_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+	const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+	BN_MONT_CTX *m_ctx)
+	{  
+	return aep_mod_exp(r, a, p, m, ctx); 
+	}
+#endif
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int aep_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	return aep_mod_exp(r, a, p, m, ctx);
+	}
+
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int aep_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+	const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+	BN_MONT_CTX *m_ctx)
+	{
+	return aep_mod_exp(r, a, p, m, ctx);
+	}
+#endif
+
+static AEP_RV aep_get_connection(AEP_CONNECTION_HNDL_PTR phConnection)
+	{
+	int count;
+	AEP_RV rv = AEP_R_OK;
+
+	/*Get the current process id*/
+	pid_t curr_pid;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+
+	curr_pid = getpid();
+
+	/*Check if this is the first time this is being called from the current
+	  process*/
+	if (recorded_pid != curr_pid)
+		{
+		/*Remember our pid so we can check if we're in a new process*/
+		recorded_pid = curr_pid;
+
+		/*Call Finalize to make sure we have not inherited some data
+		  from a parent process*/
+		p_AEP_Finalize();
+     
+		/*Initialise the AEP API*/
+		rv = p_AEP_Initialize(NULL);
+
+		if (rv != AEP_R_OK)
+			{
+			AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_INIT_FAILURE);
+			recorded_pid = 0;
+			goto end;
+			}
+
+		/*Set the AEP big num call back functions*/
+		rv = p_AEP_SetBNCallBacks(&GetBigNumSize, &MakeAEPBigNum,
+			&ConvertAEPBigNum);
+
+		if (rv != AEP_R_OK)
+			{
+			AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_SETBNCALLBACK_FAILURE);
+			recorded_pid = 0;
+			goto end;
+			}
+
+#ifdef AEPRAND
+		/*Reset the rand byte count*/
+		rand_block_bytes = 0;
+#endif
+
+		/*Init the structures*/
+		for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+			{
+			aep_app_conn_table[count].conn_state = NotConnected;
+			aep_app_conn_table[count].conn_hndl  = 0;
+			}
+
+		/*Open a connection*/
+		rv = p_AEP_OpenConnection(phConnection);
+
+		if (rv != AEP_R_OK)
+			{
+			AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_UNIT_FAILURE);
+			recorded_pid = 0;
+			goto end;
+			}
+
+		aep_app_conn_table[0].conn_state = InUse;
+		aep_app_conn_table[0].conn_hndl = *phConnection;
+		goto end;
+		}
+	/*Check the existing connections to see if we can find a free one*/
+	for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+		{
+		if (aep_app_conn_table[count].conn_state == Connected)
+			{
+			aep_app_conn_table[count].conn_state = InUse;
+			*phConnection = aep_app_conn_table[count].conn_hndl;
+			goto end;
+			}
+		}
+	/*If no connections available, we're going to have to try
+	  to open a new one*/
+	for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+		{
+		if (aep_app_conn_table[count].conn_state == NotConnected)
+			{
+			/*Open a connection*/
+			rv = p_AEP_OpenConnection(phConnection);
+
+			if (rv != AEP_R_OK)
+				{	      
+				AEPHKerr(AEPHK_F_AEP_GET_CONNECTION,AEPHK_R_UNIT_FAILURE);
+				goto end;
+				}
+
+			aep_app_conn_table[count].conn_state = InUse;
+			aep_app_conn_table[count].conn_hndl = *phConnection;
+			goto end;
+			}
+		}
+	rv = AEP_R_GENERAL_ERROR;
+ end:
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	return rv;
+	}
+
+
+static AEP_RV aep_return_connection(AEP_CONNECTION_HNDL hConnection)
+	{
+	int count;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+
+	/*Find the connection item that matches this connection handle*/
+	for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+		{
+		if (aep_app_conn_table[count].conn_hndl == hConnection)
+			{
+			aep_app_conn_table[count].conn_state = Connected;
+			break;
+			}
+		}
+
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+
+	return AEP_R_OK;
+	}
+
+static AEP_RV aep_close_connection(AEP_CONNECTION_HNDL hConnection)
+	{
+	int count;
+	AEP_RV rv = AEP_R_OK;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+
+	/*Find the connection item that matches this connection handle*/
+	for(count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+		{
+		if (aep_app_conn_table[count].conn_hndl == hConnection)
+			{
+			rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
+			if (rv != AEP_R_OK)
+				goto end;
+			aep_app_conn_table[count].conn_state = NotConnected;
+			aep_app_conn_table[count].conn_hndl  = 0;
+			break;
+			}
+		}
+
+ end:
+	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	return rv;
+	}
+
+static AEP_RV aep_close_all_connections(int use_engine_lock, int *in_use)
+	{
+	int count;
+	AEP_RV rv = AEP_R_OK;
+
+	*in_use = 0;
+	if (use_engine_lock) CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+	for (count = 0;count < MAX_PROCESS_CONNECTIONS;count ++)
+		{
+		switch (aep_app_conn_table[count].conn_state)
+			{
+		case Connected:
+			rv = p_AEP_CloseConnection(aep_app_conn_table[count].conn_hndl);
+			if (rv != AEP_R_OK)
+				goto end;
+			aep_app_conn_table[count].conn_state = NotConnected;
+			aep_app_conn_table[count].conn_hndl  = 0;
+			break;
+		case InUse:
+			(*in_use)++;
+			break;
+		case NotConnected:
+			break;
+			}
+		}
+ end:
+	if (use_engine_lock) CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+	return rv;
+	}
+
+/*BigNum call back functions, used to convert OpenSSL bignums into AEP bignums.
+  Note only 32bit Openssl build support*/
+
+static AEP_RV GetBigNumSize(AEP_VOID_PTR ArbBigNum, AEP_U32* BigNumSize)
+	{
+	BIGNUM* bn;
+
+	/*Cast the ArbBigNum pointer to our BIGNUM struct*/
+	bn = (BIGNUM*) ArbBigNum;
+
+#ifdef SIXTY_FOUR_BIT_LONG
+	*BigNumSize = bn->top << 3;
+#else
+	/*Size of the bignum in bytes is equal to the bn->top (no of 32 bit
+	  words) multiplies by 4*/
+	*BigNumSize = bn->top << 2;
+#endif
+
+	return AEP_R_OK;
+	}
+
+static AEP_RV MakeAEPBigNum(AEP_VOID_PTR ArbBigNum, AEP_U32 BigNumSize,
+	unsigned char* AEP_BigNum)
+	{
+	BIGNUM* bn;
+
+#ifndef SIXTY_FOUR_BIT_LONG
+	unsigned char* buf;
+	int i;
+#endif
+
+	/*Cast the ArbBigNum pointer to our BIGNUM struct*/
+	bn = (BIGNUM*) ArbBigNum;
+
+#ifdef SIXTY_FOUR_BIT_LONG
+  	memcpy(AEP_BigNum, bn->d, BigNumSize);
+#else
+	/*Must copy data into a (monotone) least significant byte first format
+	  performing endian conversion if necessary*/
+	for(i=0;i<bn->top;i++)
+		{
+		buf = (unsigned char*)&bn->d[i];
+
+		*((AEP_U32*)AEP_BigNum) = (AEP_U32)
+			((unsigned) buf[1] << 8 | buf[0]) |
+			((unsigned) buf[3] << 8 | buf[2])  << 16;
+
+		AEP_BigNum += 4;
+		}
+#endif
+
+	return AEP_R_OK;
+	}
+
+/*Turn an AEP Big Num back to a user big num*/
+static AEP_RV ConvertAEPBigNum(void* ArbBigNum, AEP_U32 BigNumSize,
+	unsigned char* AEP_BigNum)
+	{
+	BIGNUM* bn;
+#ifndef SIXTY_FOUR_BIT_LONG
+	int i;
+#endif
+
+	bn = (BIGNUM*)ArbBigNum;
+
+	/*Expand the result bn so that it can hold our big num.
+	  Size is in bits*/
+	bn_expand(bn, (int)(BigNumSize << 3));
+
+#ifdef SIXTY_FOUR_BIT_LONG
+	bn->top = BigNumSize >> 3;
+	
+	if((BigNumSize & 7) != 0)
+		bn->top++;
+
+	memset(bn->d, 0, bn->top << 3);	
+
+	memcpy(bn->d, AEP_BigNum, BigNumSize);
+#else
+	bn->top = BigNumSize >> 2;
+ 
+	for(i=0;i<bn->top;i++)
+		{
+		bn->d[i] = (AEP_U32)
+			((unsigned) AEP_BigNum[3] << 8 | AEP_BigNum[2]) << 16 |
+			((unsigned) AEP_BigNum[1] << 8 | AEP_BigNum[0]);
+		AEP_BigNum += 4;
+		}
+#endif
+
+	return AEP_R_OK;
+}	
+	
+#endif /* !OPENSSL_NO_HW_AEP */
+#endif /* !OPENSSL_NO_HW */
diff --git a/engines/e_aep.ec b/engines/e_aep.ec
new file mode 100644
index 0000000000..8eae642e06
--- /dev/null
+++ b/engines/e_aep.ec
@@ -0,0 +1 @@
+L AEPHK		e_aep_err.h			e_aep_err.c
diff --git a/engines/e_aep_err.c b/engines/e_aep_err.c
new file mode 100644
index 0000000000..3a0e72463c
--- /dev/null
+++ b/engines/e_aep_err.c
@@ -0,0 +1,157 @@
+/* hw_aep_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_aep_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA AEPHK_str_functs[]=
+	{
+{ERR_PACK(0,AEPHK_F_AEP_CTRL,0),	"AEP_CTRL"},
+{ERR_PACK(0,AEPHK_F_AEP_FINISH,0),	"AEP_FINISH"},
+{ERR_PACK(0,AEPHK_F_AEP_GET_CONNECTION,0),	"AEP_GET_CONNECTION"},
+{ERR_PACK(0,AEPHK_F_AEP_INIT,0),	"AEP_INIT"},
+{ERR_PACK(0,AEPHK_F_AEP_MOD_EXP,0),	"AEP_MOD_EXP"},
+{ERR_PACK(0,AEPHK_F_AEP_MOD_EXP_CRT,0),	"AEP_MOD_EXP_CRT"},
+{ERR_PACK(0,AEPHK_F_AEP_RAND,0),	"AEP_RAND"},
+{ERR_PACK(0,AEPHK_F_AEP_RSA_MOD_EXP,0),	"AEP_RSA_MOD_EXP"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA AEPHK_str_reasons[]=
+	{
+{AEPHK_R_ALREADY_LOADED                  ,"already loaded"},
+{AEPHK_R_CLOSE_HANDLES_FAILED            ,"close handles failed"},
+{AEPHK_R_CONNECTIONS_IN_USE              ,"connections in use"},
+{AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED    ,"ctrl command not implemented"},
+{AEPHK_R_FINALIZE_FAILED                 ,"finalize failed"},
+{AEPHK_R_GET_HANDLE_FAILED               ,"get handle failed"},
+{AEPHK_R_GET_RANDOM_FAILED               ,"get random failed"},
+{AEPHK_R_INIT_FAILURE                    ,"init failure"},
+{AEPHK_R_MISSING_KEY_COMPONENTS          ,"missing key components"},
+{AEPHK_R_MOD_EXP_CRT_FAILED              ,"mod exp crt failed"},
+{AEPHK_R_MOD_EXP_FAILED                  ,"mod exp failed"},
+{AEPHK_R_NOT_LOADED                      ,"not loaded"},
+{AEPHK_R_OK                              ,"ok"},
+{AEPHK_R_RETURN_CONNECTION_FAILED        ,"return connection failed"},
+{AEPHK_R_SETBNCALLBACK_FAILURE           ,"setbncallback failure"},
+{AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL     ,"size too large or too small"},
+{AEPHK_R_UNIT_FAILURE                    ,"unit failure"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef AEPHK_LIB_NAME
+static ERR_STRING_DATA AEPHK_lib_name[]=
+        {
+{0	,AEPHK_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int AEPHK_lib_error_code=0;
+static int AEPHK_error_init=1;
+
+static void ERR_load_AEPHK_strings(void)
+	{
+	if (AEPHK_lib_error_code == 0)
+		AEPHK_lib_error_code=ERR_get_next_error_library();
+
+	if (AEPHK_error_init)
+		{
+		AEPHK_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(AEPHK_lib_error_code,AEPHK_str_functs);
+		ERR_load_strings(AEPHK_lib_error_code,AEPHK_str_reasons);
+#endif
+
+#ifdef AEPHK_LIB_NAME
+		AEPHK_lib_name->error = ERR_PACK(AEPHK_lib_error_code,0,0);
+		ERR_load_strings(0,AEPHK_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_AEPHK_strings(void)
+	{
+	if (AEPHK_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(AEPHK_lib_error_code,AEPHK_str_functs);
+		ERR_unload_strings(AEPHK_lib_error_code,AEPHK_str_reasons);
+#endif
+
+#ifdef AEPHK_LIB_NAME
+		ERR_unload_strings(0,AEPHK_lib_name);
+#endif
+		AEPHK_error_init=1;
+		}
+	}
+
+static void ERR_AEPHK_error(int function, int reason, char *file, int line)
+	{
+	if (AEPHK_lib_error_code == 0)
+		AEPHK_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(AEPHK_lib_error_code,function,reason,file,line);
+	}
diff --git a/engines/e_aep_err.h b/engines/e_aep_err.h
new file mode 100644
index 0000000000..8fe4cf921f
--- /dev/null
+++ b/engines/e_aep_err.h
@@ -0,0 +1,101 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_AEPHK_ERR_H
+#define HEADER_AEPHK_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_AEPHK_strings(void);
+static void ERR_unload_AEPHK_strings(void);
+static void ERR_AEPHK_error(int function, int reason, char *file, int line);
+#define AEPHKerr(f,r) ERR_AEPHK_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the AEPHK functions. */
+
+/* Function codes. */
+#define AEPHK_F_AEP_CTRL				 100
+#define AEPHK_F_AEP_FINISH				 101
+#define AEPHK_F_AEP_GET_CONNECTION			 102
+#define AEPHK_F_AEP_INIT				 103
+#define AEPHK_F_AEP_MOD_EXP				 104
+#define AEPHK_F_AEP_MOD_EXP_CRT				 105
+#define AEPHK_F_AEP_RAND				 106
+#define AEPHK_F_AEP_RSA_MOD_EXP				 107
+
+/* Reason codes. */
+#define AEPHK_R_ALREADY_LOADED				 100
+#define AEPHK_R_CLOSE_HANDLES_FAILED			 101
+#define AEPHK_R_CONNECTIONS_IN_USE			 102
+#define AEPHK_R_CTRL_COMMAND_NOT_IMPLEMENTED		 103
+#define AEPHK_R_FINALIZE_FAILED				 104
+#define AEPHK_R_GET_HANDLE_FAILED			 105
+#define AEPHK_R_GET_RANDOM_FAILED			 106
+#define AEPHK_R_INIT_FAILURE				 107
+#define AEPHK_R_MISSING_KEY_COMPONENTS			 108
+#define AEPHK_R_MOD_EXP_CRT_FAILED			 109
+#define AEPHK_R_MOD_EXP_FAILED				 110
+#define AEPHK_R_NOT_LOADED				 111
+#define AEPHK_R_OK					 112
+#define AEPHK_R_RETURN_CONNECTION_FAILED		 113
+#define AEPHK_R_SETBNCALLBACK_FAILURE			 114
+#define AEPHK_R_SIZE_TOO_LARGE_OR_TOO_SMALL		 116
+#define AEPHK_R_UNIT_FAILURE				 115
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/engines/e_atalla.c b/engines/e_atalla.c
new file mode 100644
index 0000000000..9922189420
--- /dev/null
+++ b/engines/e_atalla.c
@@ -0,0 +1,595 @@
+/* crypto/engine/hw_atalla.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_ATALLA
+
+#ifdef FLAT_INC
+#include "atalla.h"
+#else
+#include "vendor_defns/atalla.h"
+#endif
+
+#define ATALLA_LIB_NAME "atalla engine"
+#include "e_atalla_err.c"
+
+static int atalla_destroy(ENGINE *e);
+static int atalla_init(ENGINE *e);
+static int atalla_finish(ENGINE *e);
+static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+
+/* BIGNUM stuff */
+static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx);
+
+#ifndef OPENSSL_NO_RSA
+/* RSA stuff */
+static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+#endif
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+#ifndef OPENSSL_NO_DSA
+/* DSA stuff */
+static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+		BN_CTX *ctx, BN_MONT_CTX *in_mont);
+static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx);
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
+		const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
+
+/* The definitions for control commands specific to this engine */
+#define ATALLA_CMD_SO_PATH		ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN atalla_cmd_defns[] = {
+	{ATALLA_CMD_SO_PATH,
+		"SO_PATH",
+		"Specifies the path to the 'atasi' shared library",
+		ENGINE_CMD_FLAG_STRING},
+	{0, NULL, NULL, 0}
+	};
+
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD atalla_rsa =
+	{
+	"Atalla RSA method",
+	NULL,
+	NULL,
+	NULL,
+	NULL,
+	atalla_rsa_mod_exp,
+	atalla_mod_exp_mont,
+	NULL,
+	NULL,
+	0,
+	NULL,
+	NULL,
+	NULL
+	};
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD atalla_dsa =
+	{
+	"Atalla DSA method",
+	NULL, /* dsa_do_sign */
+	NULL, /* dsa_sign_setup */
+	NULL, /* dsa_do_verify */
+	atalla_dsa_mod_exp, /* dsa_mod_exp */
+	atalla_mod_exp_dsa, /* bn_mod_exp */
+	NULL, /* init */
+	NULL, /* finish */
+	0, /* flags */
+	NULL /* app_data */
+	};
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD atalla_dh =
+	{
+	"Atalla DH method",
+	NULL,
+	NULL,
+	atalla_mod_exp_dh,
+	NULL,
+	NULL,
+	0,
+	NULL
+	};
+#endif
+
+/* Constants used when creating the ENGINE */
+static const char *engine_atalla_id = "atalla";
+static const char *engine_atalla_name = "Atalla hardware engine support";
+
+/* This internal function is used by ENGINE_atalla() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+	{
+#ifndef OPENSSL_NO_RSA
+	const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DSA
+	const DSA_METHOD *meth2;
+#endif
+#ifndef OPENSSL_NO_DH
+	const DH_METHOD *meth3;
+#endif
+	if(!ENGINE_set_id(e, engine_atalla_id) ||
+			!ENGINE_set_name(e, engine_atalla_name) ||
+#ifndef OPENSSL_NO_RSA
+			!ENGINE_set_RSA(e, &atalla_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+			!ENGINE_set_DSA(e, &atalla_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+			!ENGINE_set_DH(e, &atalla_dh) ||
+#endif
+			!ENGINE_set_destroy_function(e, atalla_destroy) ||
+			!ENGINE_set_init_function(e, atalla_init) ||
+			!ENGINE_set_finish_function(e, atalla_finish) ||
+			!ENGINE_set_ctrl_function(e, atalla_ctrl) ||
+			!ENGINE_set_cmd_defns(e, atalla_cmd_defns))
+		return 0;
+
+#ifndef OPENSSL_NO_RSA
+	/* We know that the "PKCS1_SSLeay()" functions hook properly
+	 * to the atalla-specific mod_exp and mod_exp_crt so we use
+	 * those functions. NB: We don't use ENGINE_openssl() or
+	 * anything "more generic" because something like the RSAref
+	 * code may not hook properly, and if you own one of these
+	 * cards then you have the right to do RSA operations on it
+	 * anyway! */ 
+	meth1 = RSA_PKCS1_SSLeay();
+	atalla_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+	atalla_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+	atalla_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+	atalla_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+
+#ifndef OPENSSL_NO_DSA
+	/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
+	 * bits. */
+	meth2 = DSA_OpenSSL();
+	atalla_dsa.dsa_do_sign = meth2->dsa_do_sign;
+	atalla_dsa.dsa_sign_setup = meth2->dsa_sign_setup;
+	atalla_dsa.dsa_do_verify = meth2->dsa_do_verify;
+#endif
+
+#ifndef OPENSSL_NO_DH
+	/* Much the same for Diffie-Hellman */
+	meth3 = DH_OpenSSL();
+	atalla_dh.generate_key = meth3->generate_key;
+	atalla_dh.compute_key = meth3->compute_key;
+#endif
+
+	/* Ensure the atalla error handling is set up */
+	ERR_load_ATALLA_strings();
+	return 1;
+	}
+
+#ifdef OPENSSL_NO_DYNAMIC_ENGINE
+static ENGINE *engine_atalla(void)
+	{
+	ENGINE *ret = ENGINE_new();
+	if(!ret)
+		return NULL;
+	if(!bind_helper(ret))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_atalla(void)
+	{
+	/* Copied from eng_[openssl|dyn].c */
+	ENGINE *toadd = engine_atalla();
+	if(!toadd) return;
+	ENGINE_add(toadd);
+	ENGINE_free(toadd);
+	ERR_clear_error();
+	}
+#endif
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the Atalla library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *atalla_dso = NULL;
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static tfnASI_GetHardwareConfig *p_Atalla_GetHardwareConfig = NULL;
+static tfnASI_RSAPrivateKeyOpFn *p_Atalla_RSAPrivateKeyOpFn = NULL;
+static tfnASI_GetPerformanceStatistics *p_Atalla_GetPerformanceStatistics = NULL;
+
+/* These are the static string constants for the DSO file name and the function
+ * symbol names to bind to. Regrettably, the DSO name on *nix appears to be
+ * "atasi.so" rather than something more consistent like "libatasi.so". At the
+ * time of writing, I'm not sure what the file name on win32 is but clearly
+ * native name translation is not possible (eg libatasi.so on *nix, and
+ * atasi.dll on win32). For the purposes of testing, I have created a symbollic
+ * link called "libatasi.so" so that we can use native name-translation - a
+ * better solution will be needed. */
+static const char *ATALLA_LIBNAME = NULL;
+static const char *get_ATALLA_LIBNAME(void)
+	{
+		if(ATALLA_LIBNAME)
+			return ATALLA_LIBNAME;
+		return "atasi";
+	}
+static void free_ATALLA_LIBNAME(void)
+	{
+		if(ATALLA_LIBNAME)
+			OPENSSL_free((void*)ATALLA_LIBNAME);
+		ATALLA_LIBNAME = NULL;
+	}
+static long set_ATALLA_LIBNAME(const char *name)
+	{
+	free_ATALLA_LIBNAME();
+	return (((ATALLA_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+	}
+static const char *ATALLA_F1 = "ASI_GetHardwareConfig";
+static const char *ATALLA_F2 = "ASI_RSAPrivateKeyOpFn";
+static const char *ATALLA_F3 = "ASI_GetPerformanceStatistics";
+
+/* Destructor (complements the "ENGINE_atalla()" constructor) */
+static int atalla_destroy(ENGINE *e)
+	{
+	free_ATALLA_LIBNAME();
+	/* Unload the atalla error strings so any error state including our
+	 * functs or reasons won't lead to a segfault (they simply get displayed
+	 * without corresponding string data because none will be found). */
+	ERR_unload_ATALLA_strings();
+	return 1;
+	}
+
+/* (de)initialisation functions. */
+static int atalla_init(ENGINE *e)
+	{
+	tfnASI_GetHardwareConfig *p1;
+	tfnASI_RSAPrivateKeyOpFn *p2;
+	tfnASI_GetPerformanceStatistics *p3;
+	/* Not sure of the origin of this magic value, but Ben's code had it
+	 * and it seemed to have been working for a few people. :-) */
+	unsigned int config_buf[1024];
+
+	if(atalla_dso != NULL)
+		{
+		ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_ALREADY_LOADED);
+		goto err;
+		}
+	/* Attempt to load libatasi.so/atasi.dll/whatever. Needs to be
+	 * changed unfortunately because the Atalla drivers don't have
+	 * standard library names that can be platform-translated well. */
+	/* TODO: Work out how to actually map to the names the Atalla
+	 * drivers really use - for now a symbollic link needs to be
+	 * created on the host system from libatasi.so to atasi.so on
+	 * unix variants. */
+	atalla_dso = DSO_load(NULL, get_ATALLA_LIBNAME(), NULL, 0);
+	if(atalla_dso == NULL)
+		{
+		ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);
+		goto err;
+		}
+	if(!(p1 = (tfnASI_GetHardwareConfig *)DSO_bind_func(
+				atalla_dso, ATALLA_F1)) ||
+			!(p2 = (tfnASI_RSAPrivateKeyOpFn *)DSO_bind_func(
+				atalla_dso, ATALLA_F2)) ||
+			!(p3 = (tfnASI_GetPerformanceStatistics *)DSO_bind_func(
+				atalla_dso, ATALLA_F3)))
+		{
+		ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_NOT_LOADED);
+		goto err;
+		}
+	/* Copy the pointers */
+	p_Atalla_GetHardwareConfig = p1;
+	p_Atalla_RSAPrivateKeyOpFn = p2;
+	p_Atalla_GetPerformanceStatistics = p3;
+	/* Perform a basic test to see if there's actually any unit
+	 * running. */
+	if(p1(0L, config_buf) != 0)
+		{
+		ATALLAerr(ATALLA_F_ATALLA_INIT,ATALLA_R_UNIT_FAILURE);
+		goto err;
+		}
+	/* Everything's fine. */
+	return 1;
+err:
+	if(atalla_dso)
+		DSO_free(atalla_dso);
+	p_Atalla_GetHardwareConfig = NULL;
+	p_Atalla_RSAPrivateKeyOpFn = NULL;
+	p_Atalla_GetPerformanceStatistics = NULL;
+	return 0;
+	}
+
+static int atalla_finish(ENGINE *e)
+	{
+	free_ATALLA_LIBNAME();
+	if(atalla_dso == NULL)
+		{
+		ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_NOT_LOADED);
+		return 0;
+		}
+	if(!DSO_free(atalla_dso))
+		{
+		ATALLAerr(ATALLA_F_ATALLA_FINISH,ATALLA_R_UNIT_FAILURE);
+		return 0;
+		}
+	atalla_dso = NULL;
+	p_Atalla_GetHardwareConfig = NULL;
+	p_Atalla_RSAPrivateKeyOpFn = NULL;
+	p_Atalla_GetPerformanceStatistics = NULL;
+	return 1;
+	}
+
+static int atalla_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+	{
+	int initialised = ((atalla_dso == NULL) ? 0 : 1);
+	switch(cmd)
+		{
+	case ATALLA_CMD_SO_PATH:
+		if(p == NULL)
+			{
+			ATALLAerr(ATALLA_F_ATALLA_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+			return 0;
+			}
+		if(initialised)
+			{
+			ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_ALREADY_LOADED);
+			return 0;
+			}
+		return set_ATALLA_LIBNAME((const char *)p);
+	default:
+		break;
+		}
+	ATALLAerr(ATALLA_F_ATALLA_CTRL,ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+	return 0;
+	}
+
+static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			const BIGNUM *m, BN_CTX *ctx)
+	{
+	/* I need somewhere to store temporary serialised values for
+	 * use with the Atalla API calls. A neat cheat - I'll use
+	 * BIGNUMs from the BN_CTX but access their arrays directly as
+	 * byte arrays <grin>. This way I don't have to clean anything
+	 * up. */
+	BIGNUM *modulus;
+	BIGNUM *exponent;
+	BIGNUM *argument;
+	BIGNUM *result;
+	RSAPrivateKey keydata;
+	int to_return, numbytes;
+
+	modulus = exponent = argument = result = NULL;
+	to_return = 0; /* expect failure */
+
+	if(!atalla_dso)
+		{
+		ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_NOT_LOADED);
+		goto err;
+		}
+	/* Prepare the params */
+	BN_CTX_start(ctx);
+	modulus = BN_CTX_get(ctx);
+	exponent = BN_CTX_get(ctx);
+	argument = BN_CTX_get(ctx);
+	result = BN_CTX_get(ctx);
+	if (!result)
+		{
+		ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_CTX_FULL);
+		goto err;
+		}
+	if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, m->top) ||
+	   !bn_wexpand(argument, m->top) || !bn_wexpand(result, m->top))
+		{
+		ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_BN_EXPAND_FAIL);
+		goto err;
+		}
+	/* Prepare the key-data */
+	memset(&keydata, 0,sizeof keydata);
+	numbytes = BN_num_bytes(m);
+	memset(exponent->d, 0, numbytes);
+	memset(modulus->d, 0, numbytes);
+	BN_bn2bin(p, (unsigned char *)exponent->d + numbytes - BN_num_bytes(p));
+	BN_bn2bin(m, (unsigned char *)modulus->d + numbytes - BN_num_bytes(m));
+	keydata.privateExponent.data = (unsigned char *)exponent->d;
+	keydata.privateExponent.len = numbytes;
+	keydata.modulus.data = (unsigned char *)modulus->d;
+	keydata.modulus.len = numbytes;
+	/* Prepare the argument */
+	memset(argument->d, 0, numbytes);
+	memset(result->d, 0, numbytes);
+	BN_bn2bin(a, (unsigned char *)argument->d + numbytes - BN_num_bytes(a));
+	/* Perform the operation */
+	if(p_Atalla_RSAPrivateKeyOpFn(&keydata, (unsigned char *)result->d,
+			(unsigned char *)argument->d,
+			keydata.modulus.len) != 0)
+		{
+		ATALLAerr(ATALLA_F_ATALLA_MOD_EXP,ATALLA_R_REQUEST_FAILED);
+		goto err;
+		}
+	/* Convert the response */
+	BN_bin2bn((unsigned char *)result->d, numbytes, r);
+	to_return = 1;
+err:
+	BN_CTX_end(ctx);
+	return to_return;
+	}
+
+#ifndef OPENSSL_NO_RSA
+static int atalla_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+	{
+	BN_CTX *ctx = NULL;
+	int to_return = 0;
+
+	if(!atalla_dso)
+		{
+		ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_NOT_LOADED);
+		goto err;
+		}
+	if((ctx = BN_CTX_new()) == NULL)
+		goto err;
+	if(!rsa->d || !rsa->n)
+		{
+		ATALLAerr(ATALLA_F_ATALLA_RSA_MOD_EXP,ATALLA_R_MISSING_KEY_COMPONENTS);
+		goto err;
+		}
+	to_return = atalla_mod_exp(r0, I, rsa->d, rsa->n, ctx);
+err:
+	if(ctx)
+		BN_CTX_free(ctx);
+	return to_return;
+	}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* This code was liberated and adapted from the commented-out code in
+ * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
+ * (it doesn't have a CRT form for RSA), this function means that an
+ * Atalla system running with a DSA server certificate can handshake
+ * around 5 or 6 times faster/more than an equivalent system running with
+ * RSA. Just check out the "signs" statistics from the RSA and DSA parts
+ * of "openssl speed -engine atalla dsa1024 rsa1024". */
+static int atalla_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+		BN_CTX *ctx, BN_MONT_CTX *in_mont)
+	{
+	BIGNUM t;
+	int to_return = 0;
+ 
+	BN_init(&t);
+	/* let rr = a1 ^ p1 mod m */
+	if (!atalla_mod_exp(rr,a1,p1,m,ctx)) goto end;
+	/* let t = a2 ^ p2 mod m */
+	if (!atalla_mod_exp(&t,a2,p2,m,ctx)) goto end;
+	/* let rr = rr * t mod m */
+	if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
+	to_return = 1;
+end:
+	BN_free(&t);
+	return to_return;
+	}
+
+static int atalla_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx)
+	{
+	return atalla_mod_exp(r, a, p, m, ctx);
+	}
+#endif
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int atalla_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	return atalla_mod_exp(r, a, p, m, ctx);
+	}
+
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int atalla_mod_exp_dh(const DH *dh, BIGNUM *r,
+		const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	return atalla_mod_exp(r, a, p, m, ctx);
+	}
+#endif
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_fn(ENGINE *e, const char *id)
+	{
+	if(id && (strcmp(id, engine_atalla_id) != 0))
+		return 0;
+	if(!bind_helper(e))
+		return 0;
+	return 1;
+	}
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+
+#endif /* !OPENSSL_NO_HW_ATALLA */
+#endif /* !OPENSSL_NO_HW */
diff --git a/engines/e_atalla.ec b/engines/e_atalla.ec
new file mode 100644
index 0000000000..1d735e1b20
--- /dev/null
+++ b/engines/e_atalla.ec
@@ -0,0 +1 @@
+L ATALLA	e_atalla_err.h			e_atalla_err.c
diff --git a/engines/e_atalla_err.c b/engines/e_atalla_err.c
new file mode 100644
index 0000000000..94f637a613
--- /dev/null
+++ b/engines/e_atalla_err.c
@@ -0,0 +1,145 @@
+/* hw_atalla_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_atalla_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ATALLA_str_functs[]=
+	{
+{ERR_PACK(0,ATALLA_F_ATALLA_CTRL,0),	"ATALLA_CTRL"},
+{ERR_PACK(0,ATALLA_F_ATALLA_FINISH,0),	"ATALLA_FINISH"},
+{ERR_PACK(0,ATALLA_F_ATALLA_INIT,0),	"ATALLA_INIT"},
+{ERR_PACK(0,ATALLA_F_ATALLA_MOD_EXP,0),	"ATALLA_MOD_EXP"},
+{ERR_PACK(0,ATALLA_F_ATALLA_RSA_MOD_EXP,0),	"ATALLA_RSA_MOD_EXP"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA ATALLA_str_reasons[]=
+	{
+{ATALLA_R_ALREADY_LOADED                 ,"already loaded"},
+{ATALLA_R_BN_CTX_FULL                    ,"bn ctx full"},
+{ATALLA_R_BN_EXPAND_FAIL                 ,"bn expand fail"},
+{ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
+{ATALLA_R_MISSING_KEY_COMPONENTS         ,"missing key components"},
+{ATALLA_R_NOT_LOADED                     ,"not loaded"},
+{ATALLA_R_REQUEST_FAILED                 ,"request failed"},
+{ATALLA_R_UNIT_FAILURE                   ,"unit failure"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef ATALLA_LIB_NAME
+static ERR_STRING_DATA ATALLA_lib_name[]=
+        {
+{0	,ATALLA_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int ATALLA_lib_error_code=0;
+static int ATALLA_error_init=1;
+
+static void ERR_load_ATALLA_strings(void)
+	{
+	if (ATALLA_lib_error_code == 0)
+		ATALLA_lib_error_code=ERR_get_next_error_library();
+
+	if (ATALLA_error_init)
+		{
+		ATALLA_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_functs);
+		ERR_load_strings(ATALLA_lib_error_code,ATALLA_str_reasons);
+#endif
+
+#ifdef ATALLA_LIB_NAME
+		ATALLA_lib_name->error = ERR_PACK(ATALLA_lib_error_code,0,0);
+		ERR_load_strings(0,ATALLA_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_ATALLA_strings(void)
+	{
+	if (ATALLA_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_functs);
+		ERR_unload_strings(ATALLA_lib_error_code,ATALLA_str_reasons);
+#endif
+
+#ifdef ATALLA_LIB_NAME
+		ERR_unload_strings(0,ATALLA_lib_name);
+#endif
+		ATALLA_error_init=1;
+		}
+	}
+
+static void ERR_ATALLA_error(int function, int reason, char *file, int line)
+	{
+	if (ATALLA_lib_error_code == 0)
+		ATALLA_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(ATALLA_lib_error_code,function,reason,file,line);
+	}
diff --git a/engines/e_atalla_err.h b/engines/e_atalla_err.h
new file mode 100644
index 0000000000..cdac052d8c
--- /dev/null
+++ b/engines/e_atalla_err.h
@@ -0,0 +1,89 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_ATALLA_ERR_H
+#define HEADER_ATALLA_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_ATALLA_strings(void);
+static void ERR_unload_ATALLA_strings(void);
+static void ERR_ATALLA_error(int function, int reason, char *file, int line);
+#define ATALLAerr(f,r) ERR_ATALLA_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the ATALLA functions. */
+
+/* Function codes. */
+#define ATALLA_F_ATALLA_CTRL				 100
+#define ATALLA_F_ATALLA_FINISH				 101
+#define ATALLA_F_ATALLA_INIT				 102
+#define ATALLA_F_ATALLA_MOD_EXP				 103
+#define ATALLA_F_ATALLA_RSA_MOD_EXP			 104
+
+/* Reason codes. */
+#define ATALLA_R_ALREADY_LOADED				 100
+#define ATALLA_R_BN_CTX_FULL				 101
+#define ATALLA_R_BN_EXPAND_FAIL				 102
+#define ATALLA_R_CTRL_COMMAND_NOT_IMPLEMENTED		 103
+#define ATALLA_R_MISSING_KEY_COMPONENTS			 104
+#define ATALLA_R_NOT_LOADED				 105
+#define ATALLA_R_REQUEST_FAILED				 106
+#define ATALLA_R_UNIT_FAILURE				 107
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/engines/e_cswift.c b/engines/e_cswift.c
new file mode 100644
index 0000000000..ac4909857a
--- /dev/null
+++ b/engines/e_cswift.c
@@ -0,0 +1,1000 @@
+/* crypto/engine/hw_cswift.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_CSWIFT
+
+/* Attribution notice: Rainbow have generously allowed me to reproduce
+ * the necessary definitions here from their API. This means the support
+ * can build independently of whether application builders have the
+ * API or hardware. This will allow developers to easily produce software
+ * that has latent hardware support for any users that have accelerators
+ * installed, without the developers themselves needing anything extra.
+ *
+ * I have only clipped the parts from the CryptoSwift header files that
+ * are (or seem) relevant to the CryptoSwift support code. This is
+ * simply to keep the file sizes reasonable.
+ * [Geoff]
+ */
+#ifdef FLAT_INC
+#include "cswift.h"
+#else
+#include "vendor_defns/cswift.h"
+#endif
+
+#define CSWIFT_LIB_NAME "cswift engine"
+#include "e_cswift_err.c"
+
+#define DECIMAL_SIZE(type)	((sizeof(type)*8+2)/3+1)
+
+static int cswift_destroy(ENGINE *e);
+static int cswift_init(ENGINE *e);
+static int cswift_finish(ENGINE *e);
+static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+
+/* BIGNUM stuff */
+static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx);
+static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1,
+		const BIGNUM *iqmp, BN_CTX *ctx);
+
+#ifndef OPENSSL_NO_RSA
+/* RSA stuff */
+static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+#endif
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+#ifndef OPENSSL_NO_DSA
+/* DSA stuff */
+static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
+				DSA_SIG *sig, DSA *dsa);
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
+		const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
+
+/* RAND stuff */
+static int cswift_rand_bytes(unsigned char *buf, int num);
+static int cswift_rand_status(void);
+
+/* The definitions for control commands specific to this engine */
+#define CSWIFT_CMD_SO_PATH		ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN cswift_cmd_defns[] = {
+	{CSWIFT_CMD_SO_PATH,
+		"SO_PATH",
+		"Specifies the path to the 'cswift' shared library",
+		ENGINE_CMD_FLAG_STRING},
+	{0, NULL, NULL, 0}
+	};
+
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD cswift_rsa =
+	{
+	"CryptoSwift RSA method",
+	NULL,
+	NULL,
+	NULL,
+	NULL,
+	cswift_rsa_mod_exp,
+	cswift_mod_exp_mont,
+	NULL,
+	NULL,
+	0,
+	NULL,
+	NULL,
+	NULL
+	};
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD cswift_dsa =
+	{
+	"CryptoSwift DSA method",
+	cswift_dsa_sign,
+	NULL, /* dsa_sign_setup */
+	cswift_dsa_verify,
+	NULL, /* dsa_mod_exp */
+	NULL, /* bn_mod_exp */
+	NULL, /* init */
+	NULL, /* finish */
+	0, /* flags */
+	NULL /* app_data */
+	};
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD cswift_dh =
+	{
+	"CryptoSwift DH method",
+	NULL,
+	NULL,
+	cswift_mod_exp_dh,
+	NULL,
+	NULL,
+	0,
+	NULL
+	};
+#endif
+
+static RAND_METHOD cswift_random =
+    {
+    /* "CryptoSwift RAND method", */
+    NULL,
+    cswift_rand_bytes,
+    NULL,
+    NULL,
+    cswift_rand_bytes,
+    cswift_rand_status,
+    };
+
+
+/* Constants used when creating the ENGINE */
+static const char *engine_cswift_id = "cswift";
+static const char *engine_cswift_name = "CryptoSwift hardware engine support";
+
+/* This internal function is used by ENGINE_cswift() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+	{
+#ifndef OPENSSL_NO_RSA
+	const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DH
+	const DH_METHOD *meth2;
+#endif
+	if(!ENGINE_set_id(e, engine_cswift_id) ||
+			!ENGINE_set_name(e, engine_cswift_name) ||
+#ifndef OPENSSL_NO_RSA
+			!ENGINE_set_RSA(e, &cswift_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+			!ENGINE_set_DSA(e, &cswift_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+			!ENGINE_set_DH(e, &cswift_dh) ||
+#endif
+			!ENGINE_set_RAND(e, &cswift_random) ||
+			!ENGINE_set_destroy_function(e, cswift_destroy) ||
+			!ENGINE_set_init_function(e, cswift_init) ||
+			!ENGINE_set_finish_function(e, cswift_finish) ||
+			!ENGINE_set_ctrl_function(e, cswift_ctrl) ||
+			!ENGINE_set_cmd_defns(e, cswift_cmd_defns))
+		return 0;
+
+#ifndef OPENSSL_NO_RSA
+	/* We know that the "PKCS1_SSLeay()" functions hook properly
+	 * to the cswift-specific mod_exp and mod_exp_crt so we use
+	 * those functions. NB: We don't use ENGINE_openssl() or
+	 * anything "more generic" because something like the RSAref
+	 * code may not hook properly, and if you own one of these
+	 * cards then you have the right to do RSA operations on it
+	 * anyway! */ 
+	meth1 = RSA_PKCS1_SSLeay();
+	cswift_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+	cswift_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+	cswift_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+	cswift_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+
+#ifndef OPENSSL_NO_DH
+	/* Much the same for Diffie-Hellman */
+	meth2 = DH_OpenSSL();
+	cswift_dh.generate_key = meth2->generate_key;
+	cswift_dh.compute_key = meth2->compute_key;
+#endif
+
+	/* Ensure the cswift error handling is set up */
+	ERR_load_CSWIFT_strings();
+	return 1;
+	}
+
+#ifdef OPENSSL_NO_DYNAMIC_ENGINE
+static ENGINE *engine_cswift(void)
+	{
+	ENGINE *ret = ENGINE_new();
+	if(!ret)
+		return NULL;
+	if(!bind_helper(ret))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_cswift(void)
+	{
+	/* Copied from eng_[openssl|dyn].c */
+	ENGINE *toadd = engine_cswift();
+	if(!toadd) return;
+	ENGINE_add(toadd);
+	ENGINE_free(toadd);
+	ERR_clear_error();
+	}
+#endif
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the CryptoSwift library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *cswift_dso = NULL;
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+t_swAcquireAccContext *p_CSwift_AcquireAccContext = NULL;
+t_swAttachKeyParam *p_CSwift_AttachKeyParam = NULL;
+t_swSimpleRequest *p_CSwift_SimpleRequest = NULL;
+t_swReleaseAccContext *p_CSwift_ReleaseAccContext = NULL;
+
+/* Used in the DSO operations. */
+static const char *CSWIFT_LIBNAME = NULL;
+static const char *get_CSWIFT_LIBNAME(void)
+	{
+	if(CSWIFT_LIBNAME)
+		return CSWIFT_LIBNAME;
+	return "swift";
+	}
+static void free_CSWIFT_LIBNAME(void)
+	{
+	if(CSWIFT_LIBNAME)
+		OPENSSL_free((void*)CSWIFT_LIBNAME);
+	CSWIFT_LIBNAME = NULL;
+	}
+static long set_CSWIFT_LIBNAME(const char *name)
+	{
+	free_CSWIFT_LIBNAME();
+	return (((CSWIFT_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+	}
+static const char *CSWIFT_F1 = "swAcquireAccContext";
+static const char *CSWIFT_F2 = "swAttachKeyParam";
+static const char *CSWIFT_F3 = "swSimpleRequest";
+static const char *CSWIFT_F4 = "swReleaseAccContext";
+
+
+/* CryptoSwift library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no
+ * error checking, take a look lower down where these functions are
+ * called, the checking and error handling is probably down there. */
+
+/* utility function to obtain a context */
+static int get_context(SW_CONTEXT_HANDLE *hac)
+	{
+        SW_STATUS status;
+ 
+        status = p_CSwift_AcquireAccContext(hac);
+        if(status != SW_OK)
+                return 0;
+        return 1;
+	}
+ 
+/* similarly to release one. */
+static void release_context(SW_CONTEXT_HANDLE hac)
+	{
+        p_CSwift_ReleaseAccContext(hac);
+	}
+
+/* Destructor (complements the "ENGINE_cswift()" constructor) */
+static int cswift_destroy(ENGINE *e)
+	{
+	free_CSWIFT_LIBNAME();
+	ERR_unload_CSWIFT_strings();
+	return 1;
+	}
+
+/* (de)initialisation functions. */
+static int cswift_init(ENGINE *e)
+	{
+        SW_CONTEXT_HANDLE hac;
+        t_swAcquireAccContext *p1;
+        t_swAttachKeyParam *p2;
+        t_swSimpleRequest *p3;
+        t_swReleaseAccContext *p4;
+
+	if(cswift_dso != NULL)
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_ALREADY_LOADED);
+		goto err;
+		}
+	/* Attempt to load libswift.so/swift.dll/whatever. */
+	cswift_dso = DSO_load(NULL, get_CSWIFT_LIBNAME(), NULL, 0);
+	if(cswift_dso == NULL)
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
+		goto err;
+		}
+	if(!(p1 = (t_swAcquireAccContext *)
+				DSO_bind_func(cswift_dso, CSWIFT_F1)) ||
+			!(p2 = (t_swAttachKeyParam *)
+				DSO_bind_func(cswift_dso, CSWIFT_F2)) ||
+			!(p3 = (t_swSimpleRequest *)
+				DSO_bind_func(cswift_dso, CSWIFT_F3)) ||
+			!(p4 = (t_swReleaseAccContext *)
+				DSO_bind_func(cswift_dso, CSWIFT_F4)))
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_NOT_LOADED);
+		goto err;
+		}
+	/* Copy the pointers */
+	p_CSwift_AcquireAccContext = p1;
+	p_CSwift_AttachKeyParam = p2;
+	p_CSwift_SimpleRequest = p3;
+	p_CSwift_ReleaseAccContext = p4;
+	/* Try and get a context - if not, we may have a DSO but no
+	 * accelerator! */
+	if(!get_context(&hac))
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_INIT,CSWIFT_R_UNIT_FAILURE);
+		goto err;
+		}
+	release_context(hac);
+	/* Everything's fine. */
+	return 1;
+err:
+	if(cswift_dso)
+		DSO_free(cswift_dso);
+	p_CSwift_AcquireAccContext = NULL;
+	p_CSwift_AttachKeyParam = NULL;
+	p_CSwift_SimpleRequest = NULL;
+	p_CSwift_ReleaseAccContext = NULL;
+	return 0;
+	}
+
+static int cswift_finish(ENGINE *e)
+	{
+	free_CSWIFT_LIBNAME();
+	if(cswift_dso == NULL)
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_NOT_LOADED);
+		return 0;
+		}
+	if(!DSO_free(cswift_dso))
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_FINISH,CSWIFT_R_UNIT_FAILURE);
+		return 0;
+		}
+	cswift_dso = NULL;
+	p_CSwift_AcquireAccContext = NULL;
+	p_CSwift_AttachKeyParam = NULL;
+	p_CSwift_SimpleRequest = NULL;
+	p_CSwift_ReleaseAccContext = NULL;
+	return 1;
+	}
+
+static int cswift_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+	{
+	int initialised = ((cswift_dso == NULL) ? 0 : 1);
+	switch(cmd)
+		{
+	case CSWIFT_CMD_SO_PATH:
+		if(p == NULL)
+			{
+			CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+			return 0;
+			}
+		if(initialised)
+			{
+			CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_ALREADY_LOADED);
+			return 0;
+			}
+		return set_CSWIFT_LIBNAME((const char *)p);
+	default:
+		break;
+		}
+	CSWIFTerr(CSWIFT_F_CSWIFT_CTRL,CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+	return 0;
+	}
+
+/* Un petit mod_exp */
+static int cswift_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			const BIGNUM *m, BN_CTX *ctx)
+	{
+	/* I need somewhere to store temporary serialised values for
+	 * use with the CryptoSwift API calls. A neat cheat - I'll use
+	 * BIGNUMs from the BN_CTX but access their arrays directly as
+	 * byte arrays <grin>. This way I don't have to clean anything
+	 * up. */
+	BIGNUM *modulus;
+	BIGNUM *exponent;
+	BIGNUM *argument;
+	BIGNUM *result;
+	SW_STATUS sw_status;
+	SW_LARGENUMBER arg, res;
+	SW_PARAM sw_param;
+	SW_CONTEXT_HANDLE hac;
+	int to_return, acquired;
+ 
+	modulus = exponent = argument = result = NULL;
+	to_return = 0; /* expect failure */
+	acquired = 0;
+ 
+	if(!get_context(&hac))
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_UNIT_FAILURE);
+		goto err;
+		}
+	acquired = 1;
+	/* Prepare the params */
+	BN_CTX_start(ctx);
+	modulus = BN_CTX_get(ctx);
+	exponent = BN_CTX_get(ctx);
+	argument = BN_CTX_get(ctx);
+	result = BN_CTX_get(ctx);
+	if(!result)
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_CTX_FULL);
+		goto err;
+		}
+	if(!bn_wexpand(modulus, m->top) || !bn_wexpand(exponent, p->top) ||
+		!bn_wexpand(argument, a->top) || !bn_wexpand(result, m->top))
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BN_EXPAND_FAIL);
+		goto err;
+		}
+	sw_param.type = SW_ALG_EXP;
+	sw_param.up.exp.modulus.nbytes = BN_bn2bin(m,
+		(unsigned char *)modulus->d);
+	sw_param.up.exp.modulus.value = (unsigned char *)modulus->d;
+	sw_param.up.exp.exponent.nbytes = BN_bn2bin(p,
+		(unsigned char *)exponent->d);
+	sw_param.up.exp.exponent.value = (unsigned char *)exponent->d;
+	/* Attach the key params */
+	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+	switch(sw_status)
+		{
+	case SW_OK:
+		break;
+	case SW_ERR_INPUT_SIZE:
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_BAD_KEY_SIZE);
+		goto err;
+	default:
+		{
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
+		sprintf(tmpbuf, "%ld", sw_status);
+		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+		}
+		goto err;
+		}
+	/* Prepare the argument and response */
+	arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
+	arg.value = (unsigned char *)argument->d;
+	res.nbytes = BN_num_bytes(m);
+	memset(result->d, 0, res.nbytes);
+	res.value = (unsigned char *)result->d;
+	/* Perform the operation */
+	if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP, &arg, 1,
+		&res, 1)) != SW_OK)
+		{
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP,CSWIFT_R_REQUEST_FAILED);
+		sprintf(tmpbuf, "%ld", sw_status);
+		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+		goto err;
+		}
+	/* Convert the response */
+	BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
+	to_return = 1;
+err:
+	if(acquired)
+		release_context(hac);
+	BN_CTX_end(ctx);
+	return to_return;
+	}
+
+/* Un petit mod_exp chinois */
+static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			const BIGNUM *q, const BIGNUM *dmp1,
+			const BIGNUM *dmq1, const BIGNUM *iqmp, BN_CTX *ctx)
+	{
+	SW_STATUS sw_status;
+	SW_LARGENUMBER arg, res;
+	SW_PARAM sw_param;
+	SW_CONTEXT_HANDLE hac;
+	BIGNUM *rsa_p = NULL;
+	BIGNUM *rsa_q = NULL;
+	BIGNUM *rsa_dmp1 = NULL;
+	BIGNUM *rsa_dmq1 = NULL;
+	BIGNUM *rsa_iqmp = NULL;
+	BIGNUM *argument = NULL;
+	BIGNUM *result = NULL;
+	int to_return = 0; /* expect failure */
+	int acquired = 0;
+ 
+	if(!get_context(&hac))
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_UNIT_FAILURE);
+		goto err;
+		}
+	acquired = 1;
+	/* Prepare the params */
+	BN_CTX_start(ctx);
+	rsa_p = BN_CTX_get(ctx);
+	rsa_q = BN_CTX_get(ctx);
+	rsa_dmp1 = BN_CTX_get(ctx);
+	rsa_dmq1 = BN_CTX_get(ctx);
+	rsa_iqmp = BN_CTX_get(ctx);
+	argument = BN_CTX_get(ctx);
+	result = BN_CTX_get(ctx);
+	if(!result)
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_CTX_FULL);
+		goto err;
+		}
+	if(!bn_wexpand(rsa_p, p->top) || !bn_wexpand(rsa_q, q->top) ||
+			!bn_wexpand(rsa_dmp1, dmp1->top) ||
+			!bn_wexpand(rsa_dmq1, dmq1->top) ||
+			!bn_wexpand(rsa_iqmp, iqmp->top) ||
+			!bn_wexpand(argument, a->top) ||
+			!bn_wexpand(result, p->top + q->top))
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BN_EXPAND_FAIL);
+		goto err;
+		}
+	sw_param.type = SW_ALG_CRT;
+	sw_param.up.crt.p.nbytes = BN_bn2bin(p, (unsigned char *)rsa_p->d);
+	sw_param.up.crt.p.value = (unsigned char *)rsa_p->d;
+	sw_param.up.crt.q.nbytes = BN_bn2bin(q, (unsigned char *)rsa_q->d);
+	sw_param.up.crt.q.value = (unsigned char *)rsa_q->d;
+	sw_param.up.crt.dmp1.nbytes = BN_bn2bin(dmp1,
+		(unsigned char *)rsa_dmp1->d);
+	sw_param.up.crt.dmp1.value = (unsigned char *)rsa_dmp1->d;
+	sw_param.up.crt.dmq1.nbytes = BN_bn2bin(dmq1,
+		(unsigned char *)rsa_dmq1->d);
+	sw_param.up.crt.dmq1.value = (unsigned char *)rsa_dmq1->d;
+	sw_param.up.crt.iqmp.nbytes = BN_bn2bin(iqmp,
+		(unsigned char *)rsa_iqmp->d);
+	sw_param.up.crt.iqmp.value = (unsigned char *)rsa_iqmp->d;
+	/* Attach the key params */
+	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+	switch(sw_status)
+		{
+	case SW_OK:
+		break;
+	case SW_ERR_INPUT_SIZE:
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_BAD_KEY_SIZE);
+		goto err;
+	default:
+		{
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
+		sprintf(tmpbuf, "%ld", sw_status);
+		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+		}
+		goto err;
+		}
+	/* Prepare the argument and response */
+	arg.nbytes = BN_bn2bin(a, (unsigned char *)argument->d);
+	arg.value = (unsigned char *)argument->d;
+	res.nbytes = 2 * BN_num_bytes(p);
+	memset(result->d, 0, res.nbytes);
+	res.value = (unsigned char *)result->d;
+	/* Perform the operation */
+	if((sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_MODEXP_CRT, &arg, 1,
+		&res, 1)) != SW_OK)
+		{
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+		CSWIFTerr(CSWIFT_F_CSWIFT_MOD_EXP_CRT,CSWIFT_R_REQUEST_FAILED);
+		sprintf(tmpbuf, "%ld", sw_status);
+		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+		goto err;
+		}
+	/* Convert the response */
+	BN_bin2bn((unsigned char *)result->d, res.nbytes, r);
+	to_return = 1;
+err:
+	if(acquired)
+		release_context(hac);
+	BN_CTX_end(ctx);
+	return to_return;
+	}
+ 
+#ifndef OPENSSL_NO_RSA
+static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+	{
+	BN_CTX *ctx;
+	int to_return = 0;
+
+	if((ctx = BN_CTX_new()) == NULL)
+		goto err;
+	if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS);
+		goto err;
+		}
+	to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
+		rsa->dmq1, rsa->iqmp, ctx);
+err:
+	if(ctx)
+		BN_CTX_free(ctx);
+	return to_return;
+	}
+#endif
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	return cswift_mod_exp(r, a, p, m, ctx);
+	}
+
+#ifndef OPENSSL_NO_DSA
+static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+	{
+	SW_CONTEXT_HANDLE hac;
+	SW_PARAM sw_param;
+	SW_STATUS sw_status;
+	SW_LARGENUMBER arg, res;
+	unsigned char *ptr;
+	BN_CTX *ctx;
+	BIGNUM *dsa_p = NULL;
+	BIGNUM *dsa_q = NULL;
+	BIGNUM *dsa_g = NULL;
+	BIGNUM *dsa_key = NULL;
+	BIGNUM *result = NULL;
+	DSA_SIG *to_return = NULL;
+	int acquired = 0;
+
+	if((ctx = BN_CTX_new()) == NULL)
+		goto err;
+	if(!get_context(&hac))
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_UNIT_FAILURE);
+		goto err;
+		}
+	acquired = 1;
+	/* Prepare the params */
+	BN_CTX_start(ctx);
+	dsa_p = BN_CTX_get(ctx);
+	dsa_q = BN_CTX_get(ctx);
+	dsa_g = BN_CTX_get(ctx);
+	dsa_key = BN_CTX_get(ctx);
+	result = BN_CTX_get(ctx);
+	if(!result)
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_CTX_FULL);
+		goto err;
+		}
+	if(!bn_wexpand(dsa_p, dsa->p->top) ||
+			!bn_wexpand(dsa_q, dsa->q->top) ||
+			!bn_wexpand(dsa_g, dsa->g->top) ||
+			!bn_wexpand(dsa_key, dsa->priv_key->top) ||
+			!bn_wexpand(result, dsa->p->top))
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BN_EXPAND_FAIL);
+		goto err;
+		}
+	sw_param.type = SW_ALG_DSA;
+	sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
+				(unsigned char *)dsa_p->d);
+	sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
+	sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
+				(unsigned char *)dsa_q->d);
+	sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
+	sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
+				(unsigned char *)dsa_g->d);
+	sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
+	sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->priv_key,
+				(unsigned char *)dsa_key->d);
+	sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
+	/* Attach the key params */
+	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+	switch(sw_status)
+		{
+	case SW_OK:
+		break;
+	case SW_ERR_INPUT_SIZE:
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_BAD_KEY_SIZE);
+		goto err;
+	default:
+		{
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
+		sprintf(tmpbuf, "%ld", sw_status);
+		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+		}
+		goto err;
+		}
+	/* Prepare the argument and response */
+	arg.nbytes = dlen;
+	arg.value = (unsigned char *)dgst;
+	res.nbytes = BN_num_bytes(dsa->p);
+	memset(result->d, 0, res.nbytes);
+	res.value = (unsigned char *)result->d;
+	/* Perform the operation */
+	sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_SIGN, &arg, 1,
+		&res, 1);
+	if(sw_status != SW_OK)
+		{
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_SIGN,CSWIFT_R_REQUEST_FAILED);
+		sprintf(tmpbuf, "%ld", sw_status);
+		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+		goto err;
+		}
+	/* Convert the response */
+	ptr = (unsigned char *)result->d;
+	if((to_return = DSA_SIG_new()) == NULL)
+		goto err;
+	to_return->r = BN_bin2bn((unsigned char *)result->d, 20, NULL);
+	to_return->s = BN_bin2bn((unsigned char *)result->d + 20, 20, NULL);
+
+err:
+	if(acquired)
+		release_context(hac);
+	if(ctx)
+		{
+		BN_CTX_end(ctx);
+		BN_CTX_free(ctx);
+		}
+	return to_return;
+	}
+
+static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len,
+				DSA_SIG *sig, DSA *dsa)
+	{
+	SW_CONTEXT_HANDLE hac;
+	SW_PARAM sw_param;
+	SW_STATUS sw_status;
+	SW_LARGENUMBER arg[2], res;
+	unsigned long sig_result;
+	BN_CTX *ctx;
+	BIGNUM *dsa_p = NULL;
+	BIGNUM *dsa_q = NULL;
+	BIGNUM *dsa_g = NULL;
+	BIGNUM *dsa_key = NULL;
+	BIGNUM *argument = NULL;
+	int to_return = -1;
+	int acquired = 0;
+
+	if((ctx = BN_CTX_new()) == NULL)
+		goto err;
+	if(!get_context(&hac))
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_UNIT_FAILURE);
+		goto err;
+		}
+	acquired = 1;
+	/* Prepare the params */
+	BN_CTX_start(ctx);
+	dsa_p = BN_CTX_get(ctx);
+	dsa_q = BN_CTX_get(ctx);
+	dsa_g = BN_CTX_get(ctx);
+	dsa_key = BN_CTX_get(ctx);
+	argument = BN_CTX_get(ctx);
+	if(!argument)
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_CTX_FULL);
+		goto err;
+		}
+	if(!bn_wexpand(dsa_p, dsa->p->top) ||
+			!bn_wexpand(dsa_q, dsa->q->top) ||
+			!bn_wexpand(dsa_g, dsa->g->top) ||
+			!bn_wexpand(dsa_key, dsa->pub_key->top) ||
+			!bn_wexpand(argument, 40))
+		{
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BN_EXPAND_FAIL);
+		goto err;
+		}
+	sw_param.type = SW_ALG_DSA;
+	sw_param.up.dsa.p.nbytes = BN_bn2bin(dsa->p,
+				(unsigned char *)dsa_p->d);
+	sw_param.up.dsa.p.value = (unsigned char *)dsa_p->d;
+	sw_param.up.dsa.q.nbytes = BN_bn2bin(dsa->q,
+				(unsigned char *)dsa_q->d);
+	sw_param.up.dsa.q.value = (unsigned char *)dsa_q->d;
+	sw_param.up.dsa.g.nbytes = BN_bn2bin(dsa->g,
+				(unsigned char *)dsa_g->d);
+	sw_param.up.dsa.g.value = (unsigned char *)dsa_g->d;
+	sw_param.up.dsa.key.nbytes = BN_bn2bin(dsa->pub_key,
+				(unsigned char *)dsa_key->d);
+	sw_param.up.dsa.key.value = (unsigned char *)dsa_key->d;
+	/* Attach the key params */
+	sw_status = p_CSwift_AttachKeyParam(hac, &sw_param);
+	switch(sw_status)
+		{
+	case SW_OK:
+		break;
+	case SW_ERR_INPUT_SIZE:
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_BAD_KEY_SIZE);
+		goto err;
+	default:
+		{
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
+		sprintf(tmpbuf, "%ld", sw_status);
+		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+		}
+		goto err;
+		}
+	/* Prepare the argument and response */
+	arg[0].nbytes = dgst_len;
+	arg[0].value = (unsigned char *)dgst;
+	arg[1].nbytes = 40;
+	arg[1].value = (unsigned char *)argument->d;
+	memset(arg[1].value, 0, 40);
+	BN_bn2bin(sig->r, arg[1].value + 20 - BN_num_bytes(sig->r));
+	BN_bn2bin(sig->s, arg[1].value + 40 - BN_num_bytes(sig->s));
+	res.nbytes = 4; /* unsigned long */
+	res.value = (unsigned char *)(&sig_result);
+	/* Perform the operation */
+	sw_status = p_CSwift_SimpleRequest(hac, SW_CMD_DSS_VERIFY, arg, 2,
+		&res, 1);
+	if(sw_status != SW_OK)
+		{
+		char tmpbuf[DECIMAL_SIZE(sw_status)+1];
+		CSWIFTerr(CSWIFT_F_CSWIFT_DSA_VERIFY,CSWIFT_R_REQUEST_FAILED);
+		sprintf(tmpbuf, "%ld", sw_status);
+		ERR_add_error_data(2, "CryptoSwift error number is ",tmpbuf);
+		goto err;
+		}
+	/* Convert the response */
+	to_return = ((sig_result == 0) ? 0 : 1);
+
+err:
+	if(acquired)
+		release_context(hac);
+	if(ctx)
+		{
+		BN_CTX_end(ctx);
+		BN_CTX_free(ctx);
+		}
+	return to_return;
+	}
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int cswift_mod_exp_dh(const DH *dh, BIGNUM *r,
+		const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	return cswift_mod_exp(r, a, p, m, ctx);
+	}
+#endif
+
+/* Random bytes are good */
+static int cswift_rand_bytes(unsigned char *buf, int num)
+{
+	SW_CONTEXT_HANDLE hac;
+	SW_STATUS swrc;
+	SW_LARGENUMBER largenum;
+	size_t nbytes = 0;
+	int acquired = 0;
+	int to_return = 0; /* assume failure */
+
+	if (!get_context(&hac))
+	{
+		CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_UNIT_FAILURE);
+		goto err;
+	}
+	acquired = 1;
+
+	while (nbytes < (size_t)num)
+	{
+		/* tell CryptoSwift how many bytes we want and where we want it.
+		 * Note: - CryptoSwift cannot do more than 4096 bytes at a time.
+		 *       - CryptoSwift can only do multiple of 32-bits. */
+		largenum.value = (SW_BYTE *) buf + nbytes;
+		if (4096 > num - nbytes)
+			largenum.nbytes = num - nbytes;
+		else
+			largenum.nbytes = 4096;
+
+		swrc = p_CSwift_SimpleRequest(hac, SW_CMD_RAND, NULL, 0, &largenum, 1);
+		if (swrc != SW_OK)
+		{
+			char tmpbuf[20];
+			CSWIFTerr(CSWIFT_F_CSWIFT_CTRL, CSWIFT_R_REQUEST_FAILED);
+			sprintf(tmpbuf, "%ld", swrc);
+			ERR_add_error_data(2, "CryptoSwift error number is ", tmpbuf);
+			goto err;
+		}
+
+		nbytes += largenum.nbytes;
+	}
+	to_return = 1;  /* success */
+
+err:
+	if (acquired)
+		release_context(hac);
+	return to_return;
+}
+
+static int cswift_rand_status(void)
+{
+	return 1;
+}
+
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_fn(ENGINE *e, const char *id)
+	{
+	if(id && (strcmp(id, engine_cswift_id) != 0))
+		return 0;
+	if(!bind_helper(e))
+		return 0;
+	return 1;
+	}       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+
+#endif /* !OPENSSL_NO_HW_CSWIFT */
+#endif /* !OPENSSL_NO_HW */
diff --git a/engines/e_cswift.ec b/engines/e_cswift.ec
new file mode 100644
index 0000000000..a7f9d11434
--- /dev/null
+++ b/engines/e_cswift.ec
@@ -0,0 +1 @@
+L CSWIFT	e_cswift_err.h			e_cswift_err.c
diff --git a/engines/e_cswift_err.c b/engines/e_cswift_err.c
new file mode 100644
index 0000000000..3c1111ba40
--- /dev/null
+++ b/engines/e_cswift_err.c
@@ -0,0 +1,149 @@
+/* hw_cswift_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_cswift_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA CSWIFT_str_functs[]=
+	{
+{ERR_PACK(0,CSWIFT_F_CSWIFT_CTRL,0),	"CSWIFT_CTRL"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_DSA_SIGN,0),	"CSWIFT_DSA_SIGN"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_DSA_VERIFY,0),	"CSWIFT_DSA_VERIFY"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_FINISH,0),	"CSWIFT_FINISH"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_INIT,0),	"CSWIFT_INIT"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_MOD_EXP,0),	"CSWIFT_MOD_EXP"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_MOD_EXP_CRT,0),	"CSWIFT_MOD_EXP_CRT"},
+{ERR_PACK(0,CSWIFT_F_CSWIFT_RSA_MOD_EXP,0),	"CSWIFT_RSA_MOD_EXP"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA CSWIFT_str_reasons[]=
+	{
+{CSWIFT_R_ALREADY_LOADED                 ,"already loaded"},
+{CSWIFT_R_BAD_KEY_SIZE                   ,"bad key size"},
+{CSWIFT_R_BN_CTX_FULL                    ,"bn ctx full"},
+{CSWIFT_R_BN_EXPAND_FAIL                 ,"bn expand fail"},
+{CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
+{CSWIFT_R_MISSING_KEY_COMPONENTS         ,"missing key components"},
+{CSWIFT_R_NOT_LOADED                     ,"not loaded"},
+{CSWIFT_R_REQUEST_FAILED                 ,"request failed"},
+{CSWIFT_R_UNIT_FAILURE                   ,"unit failure"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef CSWIFT_LIB_NAME
+static ERR_STRING_DATA CSWIFT_lib_name[]=
+        {
+{0	,CSWIFT_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int CSWIFT_lib_error_code=0;
+static int CSWIFT_error_init=1;
+
+static void ERR_load_CSWIFT_strings(void)
+	{
+	if (CSWIFT_lib_error_code == 0)
+		CSWIFT_lib_error_code=ERR_get_next_error_library();
+
+	if (CSWIFT_error_init)
+		{
+		CSWIFT_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(CSWIFT_lib_error_code,CSWIFT_str_functs);
+		ERR_load_strings(CSWIFT_lib_error_code,CSWIFT_str_reasons);
+#endif
+
+#ifdef CSWIFT_LIB_NAME
+		CSWIFT_lib_name->error = ERR_PACK(CSWIFT_lib_error_code,0,0);
+		ERR_load_strings(0,CSWIFT_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_CSWIFT_strings(void)
+	{
+	if (CSWIFT_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(CSWIFT_lib_error_code,CSWIFT_str_functs);
+		ERR_unload_strings(CSWIFT_lib_error_code,CSWIFT_str_reasons);
+#endif
+
+#ifdef CSWIFT_LIB_NAME
+		ERR_unload_strings(0,CSWIFT_lib_name);
+#endif
+		CSWIFT_error_init=1;
+		}
+	}
+
+static void ERR_CSWIFT_error(int function, int reason, char *file, int line)
+	{
+	if (CSWIFT_lib_error_code == 0)
+		CSWIFT_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(CSWIFT_lib_error_code,function,reason,file,line);
+	}
diff --git a/engines/e_cswift_err.h b/engines/e_cswift_err.h
new file mode 100644
index 0000000000..7120c3216f
--- /dev/null
+++ b/engines/e_cswift_err.h
@@ -0,0 +1,93 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_CSWIFT_ERR_H
+#define HEADER_CSWIFT_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_CSWIFT_strings(void);
+static void ERR_unload_CSWIFT_strings(void);
+static void ERR_CSWIFT_error(int function, int reason, char *file, int line);
+#define CSWIFTerr(f,r) ERR_CSWIFT_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the CSWIFT functions. */
+
+/* Function codes. */
+#define CSWIFT_F_CSWIFT_CTRL				 100
+#define CSWIFT_F_CSWIFT_DSA_SIGN			 101
+#define CSWIFT_F_CSWIFT_DSA_VERIFY			 102
+#define CSWIFT_F_CSWIFT_FINISH				 103
+#define CSWIFT_F_CSWIFT_INIT				 104
+#define CSWIFT_F_CSWIFT_MOD_EXP				 105
+#define CSWIFT_F_CSWIFT_MOD_EXP_CRT			 106
+#define CSWIFT_F_CSWIFT_RSA_MOD_EXP			 107
+
+/* Reason codes. */
+#define CSWIFT_R_ALREADY_LOADED				 100
+#define CSWIFT_R_BAD_KEY_SIZE				 101
+#define CSWIFT_R_BN_CTX_FULL				 102
+#define CSWIFT_R_BN_EXPAND_FAIL				 103
+#define CSWIFT_R_CTRL_COMMAND_NOT_IMPLEMENTED		 104
+#define CSWIFT_R_MISSING_KEY_COMPONENTS			 105
+#define CSWIFT_R_NOT_LOADED				 106
+#define CSWIFT_R_REQUEST_FAILED				 107
+#define CSWIFT_R_UNIT_FAILURE				 108
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/engines/e_ncipher.c b/engines/e_ncipher.c
new file mode 100644
index 0000000000..817c5a677c
--- /dev/null
+++ b/engines/e_ncipher.c
@@ -0,0 +1,1351 @@
+/* crypto/engine/hw_ncipher.c -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte (richard@levitte.org), Geoff Thorpe
+ * (geoff@geoffthorpe.net) and Dr Stephen N Henson (shenson@bigfoot.com)
+ * for the OpenSSL project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+#include <openssl/ui.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_NCIPHER
+
+/* Attribution notice: nCipher have said several times that it's OK for
+ * us to implement a general interface to their boxes, and recently declared
+ * their HWCryptoHook to be public, and therefore available for us to use.
+ * Thanks, nCipher.
+ *
+ * The hwcryptohook.h included here is from May 2000.
+ * [Richard Levitte]
+ */
+#ifdef FLAT_INC
+#include "hwcryptohook.h"
+#else
+#include "vendor_defns/hwcryptohook.h"
+#endif
+
+#define HWCRHK_LIB_NAME "hwcrhk engine"
+#include "e_ncipher_err.c"
+
+static int hwcrhk_destroy(ENGINE *e);
+static int hwcrhk_init(ENGINE *e);
+static int hwcrhk_finish(ENGINE *e);
+static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); 
+
+/* Functions to handle mutexes */
+static int hwcrhk_mutex_init(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext*);
+static int hwcrhk_mutex_lock(HWCryptoHook_Mutex*);
+static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex*);
+static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex*);
+
+/* BIGNUM stuff */
+static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx);
+
+#ifndef OPENSSL_NO_RSA
+/* RSA stuff */
+static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa);
+#endif
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+
+#ifndef OPENSSL_NO_DH
+/* DH stuff */
+/* This function is alised to mod_exp (with the DH and mont dropped). */
+static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
+	const BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#endif
+
+/* RAND stuff */
+static int hwcrhk_rand_bytes(unsigned char *buf, int num);
+static int hwcrhk_rand_status(void);
+
+/* KM stuff */
+static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data);
+static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data);
+static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+	int ind,long argl, void *argp);
+
+/* Interaction stuff */
+static int hwcrhk_insert_card(const char *prompt_info,
+	const char *wrong_info,
+	HWCryptoHook_PassphraseContext *ppctx,
+	HWCryptoHook_CallerContext *cactx);
+static int hwcrhk_get_pass(const char *prompt_info,
+	int *len_io, char *buf,
+	HWCryptoHook_PassphraseContext *ppctx,
+	HWCryptoHook_CallerContext *cactx);
+static void hwcrhk_log_message(void *logstr, const char *message);
+
+/* The definitions for control commands specific to this engine */
+#define HWCRHK_CMD_SO_PATH		ENGINE_CMD_BASE
+#define HWCRHK_CMD_FORK_CHECK		(ENGINE_CMD_BASE + 1)
+#define HWCRHK_CMD_THREAD_LOCKING	(ENGINE_CMD_BASE + 2)
+#define HWCRHK_CMD_SET_USER_INTERFACE   (ENGINE_CMD_BASE + 3)
+#define HWCRHK_CMD_SET_CALLBACK_DATA    (ENGINE_CMD_BASE + 4)
+static const ENGINE_CMD_DEFN hwcrhk_cmd_defns[] = {
+	{HWCRHK_CMD_SO_PATH,
+		"SO_PATH",
+		"Specifies the path to the 'hwcrhk' shared library",
+		ENGINE_CMD_FLAG_STRING},
+	{HWCRHK_CMD_FORK_CHECK,
+		"FORK_CHECK",
+		"Turns fork() checking on or off (boolean)",
+		ENGINE_CMD_FLAG_NUMERIC},
+	{HWCRHK_CMD_THREAD_LOCKING,
+		"THREAD_LOCKING",
+		"Turns thread-safe locking on or off (boolean)",
+		ENGINE_CMD_FLAG_NUMERIC},
+	{HWCRHK_CMD_SET_USER_INTERFACE,
+		"SET_USER_INTERFACE",
+		"Set the global user interface (internal)",
+		ENGINE_CMD_FLAG_INTERNAL},
+	{HWCRHK_CMD_SET_CALLBACK_DATA,
+		"SET_CALLBACK_DATA",
+		"Set the global user interface extra data (internal)",
+		ENGINE_CMD_FLAG_INTERNAL},
+	{0, NULL, NULL, 0}
+	};
+
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD hwcrhk_rsa =
+	{
+	"nCipher RSA method",
+	NULL,
+	NULL,
+	NULL,
+	NULL,
+	hwcrhk_rsa_mod_exp,
+	hwcrhk_mod_exp_mont,
+	NULL,
+	NULL,
+	0,
+	NULL,
+	NULL,
+	NULL
+	};
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD hwcrhk_dh =
+	{
+	"nCipher DH method",
+	NULL,
+	NULL,
+	hwcrhk_mod_exp_dh,
+	NULL,
+	NULL,
+	0,
+	NULL
+	};
+#endif
+
+static RAND_METHOD hwcrhk_rand =
+	{
+	/* "nCipher RAND method", */
+	NULL,
+	hwcrhk_rand_bytes,
+	NULL,
+	NULL,
+	hwcrhk_rand_bytes,
+	hwcrhk_rand_status,
+	};
+
+/* Constants used when creating the ENGINE */
+static const char *engine_hwcrhk_id = "chil";
+static const char *engine_hwcrhk_name = "nCipher hardware engine support";
+
+/* Internal stuff for HWCryptoHook */
+
+/* Some structures needed for proper use of thread locks */
+/* hwcryptohook.h has some typedefs that turn struct HWCryptoHook_MutexValue
+   into HWCryptoHook_Mutex */
+struct HWCryptoHook_MutexValue
+	{
+	int lockid;
+	};
+
+/* hwcryptohook.h has some typedefs that turn
+   struct HWCryptoHook_PassphraseContextValue
+   into HWCryptoHook_PassphraseContext */
+struct HWCryptoHook_PassphraseContextValue
+	{
+        UI_METHOD *ui_method;
+	void *callback_data;
+	};
+
+/* hwcryptohook.h has some typedefs that turn
+   struct HWCryptoHook_CallerContextValue
+   into HWCryptoHook_CallerContext */
+struct HWCryptoHook_CallerContextValue
+	{
+	pem_password_cb *password_callback; /* Deprecated!  Only present for
+                                               backward compatibility! */
+        UI_METHOD *ui_method;
+	void *callback_data;
+	};
+
+/* The MPI structure in HWCryptoHook is pretty compatible with OpenSSL
+   BIGNUM's, so lets define a couple of conversion macros */
+#define BN2MPI(mp, bn) \
+    {mp.size = bn->top * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
+#define MPI2BN(bn, mp) \
+    {mp.size = bn->dmax * sizeof(BN_ULONG); mp.buf = (unsigned char *)bn->d;}
+
+static BIO *logstream = NULL;
+static int disable_mutex_callbacks = 0;
+
+/* One might wonder why these are needed, since one can pass down at least
+   a UI_METHOD and a pointer to callback data to the key-loading functions.
+   The thing is that the ModExp and RSAImmed functions can load keys as well,
+   if the data they get is in a special, nCipher-defined format (hint: if you
+   look at the private exponent of the RSA data as a string, you'll see this
+   string: "nCipher KM tool key id", followed by some bytes, followed a key
+   identity string, followed by more bytes.  This happens when you use "embed"
+   keys instead of "hwcrhk" keys).  Unfortunately, those functions do not take
+   any passphrase or caller context, and our functions can't really take any
+   callback data either.  Still, the "insert_card" and "get_passphrase"
+   callbacks may be called down the line, and will need to know what user
+   interface callbacks to call, and having callback data from the application
+   may be a nice thing as well, so we need to keep track of that globally. */
+static HWCryptoHook_CallerContext password_context = { NULL, NULL, NULL };
+
+/* Stuff to pass to the HWCryptoHook library */
+static HWCryptoHook_InitInfo hwcrhk_globals = {
+	HWCryptoHook_InitFlags_SimpleForkCheck,	/* Flags */
+	&logstream,		/* logstream */
+	sizeof(BN_ULONG),	/* limbsize */
+	0,			/* mslimb first: false for BNs */
+	-1,			/* msbyte first: use native */
+	0,			/* Max mutexes, 0 = no small limit */
+	0,			/* Max simultaneous, 0 = default */
+
+	/* The next few are mutex stuff: we write wrapper functions
+	   around the OS mutex functions.  We initialise them to 0
+	   here, and change that to actual function pointers in hwcrhk_init()
+	   if dynamic locks are supported (that is, if the application
+	   programmer has made sure of setting up callbacks bafore starting
+	   this engine) *and* if disable_mutex_callbacks hasn't been set by
+	   a call to ENGINE_ctrl(ENGINE_CTRL_CHIL_NO_LOCKING). */
+	sizeof(HWCryptoHook_Mutex),
+	0,
+	0,
+	0,
+	0,
+
+	/* The next few are condvar stuff: we write wrapper functions
+	   round the OS functions.  Currently not implemented and not
+	   and absolute necessity even in threaded programs, therefore
+	   0'ed.  Will hopefully be implemented some day, since it
+	   enhances the efficiency of HWCryptoHook.  */
+	0, /* sizeof(HWCryptoHook_CondVar), */
+	0, /* hwcrhk_cv_init, */
+	0, /* hwcrhk_cv_wait, */
+	0, /* hwcrhk_cv_signal, */
+	0, /* hwcrhk_cv_broadcast, */
+	0, /* hwcrhk_cv_destroy, */
+
+	hwcrhk_get_pass,	/* pass phrase */
+	hwcrhk_insert_card,	/* insert a card */
+	hwcrhk_log_message	/* Log message */
+};
+
+
+/* Now, to our own code */
+
+/* This internal function is used by ENGINE_ncipher() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+	{
+#ifndef OPENSSL_NO_RSA
+	const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DH
+	const DH_METHOD *meth2;
+#endif
+	if(!ENGINE_set_id(e, engine_hwcrhk_id) ||
+			!ENGINE_set_name(e, engine_hwcrhk_name) ||
+#ifndef OPENSSL_NO_RSA
+			!ENGINE_set_RSA(e, &hwcrhk_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+			!ENGINE_set_DH(e, &hwcrhk_dh) ||
+#endif
+			!ENGINE_set_RAND(e, &hwcrhk_rand) ||
+			!ENGINE_set_destroy_function(e, hwcrhk_destroy) ||
+			!ENGINE_set_init_function(e, hwcrhk_init) ||
+			!ENGINE_set_finish_function(e, hwcrhk_finish) ||
+			!ENGINE_set_ctrl_function(e, hwcrhk_ctrl) ||
+			!ENGINE_set_load_privkey_function(e, hwcrhk_load_privkey) ||
+			!ENGINE_set_load_pubkey_function(e, hwcrhk_load_pubkey) ||
+			!ENGINE_set_cmd_defns(e, hwcrhk_cmd_defns))
+		return 0;
+
+#ifndef OPENSSL_NO_RSA
+	/* We know that the "PKCS1_SSLeay()" functions hook properly
+	 * to the cswift-specific mod_exp and mod_exp_crt so we use
+	 * those functions. NB: We don't use ENGINE_openssl() or
+	 * anything "more generic" because something like the RSAref
+	 * code may not hook properly, and if you own one of these
+	 * cards then you have the right to do RSA operations on it
+	 * anyway! */ 
+	meth1 = RSA_PKCS1_SSLeay();
+	hwcrhk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+	hwcrhk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+	hwcrhk_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+	hwcrhk_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+
+#ifndef OPENSSL_NO_DH
+	/* Much the same for Diffie-Hellman */
+	meth2 = DH_OpenSSL();
+	hwcrhk_dh.generate_key = meth2->generate_key;
+	hwcrhk_dh.compute_key = meth2->compute_key;
+#endif
+
+	/* Ensure the hwcrhk error handling is set up */
+	ERR_load_HWCRHK_strings();
+	return 1;
+	}
+
+#ifdef OPENSSL_NO_DYNAMIC_ENGINE
+static ENGINE *engine_ncipher(void)
+	{
+	ENGINE *ret = ENGINE_new();
+	if(!ret)
+		return NULL;
+	if(!bind_helper(ret))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_chil(void)
+	{
+	/* Copied from eng_[openssl|dyn].c */
+	ENGINE *toadd = engine_ncipher();
+	if(!toadd) return;
+	ENGINE_add(toadd);
+	ENGINE_free(toadd);
+	ERR_clear_error();
+	}
+#endif
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the HWCryptoHook library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *hwcrhk_dso = NULL;
+static HWCryptoHook_ContextHandle hwcrhk_context = 0;
+#ifndef OPENSSL_NO_RSA
+static int hndidx_rsa = -1;    /* Index for KM handle.  Not really used yet. */
+#endif
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static HWCryptoHook_Init_t *p_hwcrhk_Init = NULL;
+static HWCryptoHook_Finish_t *p_hwcrhk_Finish = NULL;
+static HWCryptoHook_ModExp_t *p_hwcrhk_ModExp = NULL;
+#ifndef OPENSSL_NO_RSA
+static HWCryptoHook_RSA_t *p_hwcrhk_RSA = NULL;
+#endif
+static HWCryptoHook_RandomBytes_t *p_hwcrhk_RandomBytes = NULL;
+#ifndef OPENSSL_NO_RSA
+static HWCryptoHook_RSALoadKey_t *p_hwcrhk_RSALoadKey = NULL;
+static HWCryptoHook_RSAGetPublicKey_t *p_hwcrhk_RSAGetPublicKey = NULL;
+static HWCryptoHook_RSAUnloadKey_t *p_hwcrhk_RSAUnloadKey = NULL;
+#endif
+static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL;
+
+/* Used in the DSO operations. */
+static const char *HWCRHK_LIBNAME = NULL;
+static void free_HWCRHK_LIBNAME(void)
+	{
+	if(HWCRHK_LIBNAME)
+		OPENSSL_free((void*)HWCRHK_LIBNAME);
+	HWCRHK_LIBNAME = NULL;
+	}
+static const char *get_HWCRHK_LIBNAME(void)
+	{
+	if(HWCRHK_LIBNAME)
+		return HWCRHK_LIBNAME;
+	return "nfhwcrhk";
+	}
+static long set_HWCRHK_LIBNAME(const char *name)
+	{
+	free_HWCRHK_LIBNAME();
+	return (((HWCRHK_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+	}
+static const char *n_hwcrhk_Init = "HWCryptoHook_Init";
+static const char *n_hwcrhk_Finish = "HWCryptoHook_Finish";
+static const char *n_hwcrhk_ModExp = "HWCryptoHook_ModExp";
+#ifndef OPENSSL_NO_RSA
+static const char *n_hwcrhk_RSA = "HWCryptoHook_RSA";
+#endif
+static const char *n_hwcrhk_RandomBytes = "HWCryptoHook_RandomBytes";
+#ifndef OPENSSL_NO_RSA
+static const char *n_hwcrhk_RSALoadKey = "HWCryptoHook_RSALoadKey";
+static const char *n_hwcrhk_RSAGetPublicKey = "HWCryptoHook_RSAGetPublicKey";
+static const char *n_hwcrhk_RSAUnloadKey = "HWCryptoHook_RSAUnloadKey";
+#endif
+static const char *n_hwcrhk_ModExpCRT = "HWCryptoHook_ModExpCRT";
+
+/* HWCryptoHook library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no
+ * error checking, take a look lower down where these functions are
+ * called, the checking and error handling is probably down there. */
+
+/* utility function to obtain a context */
+static int get_context(HWCryptoHook_ContextHandle *hac,
+        HWCryptoHook_CallerContext *cac)
+	{
+	char tempbuf[1024];
+	HWCryptoHook_ErrMsgBuf rmsg;
+
+	rmsg.buf = tempbuf;
+	rmsg.size = sizeof(tempbuf);
+
+        *hac = p_hwcrhk_Init(&hwcrhk_globals, sizeof(hwcrhk_globals), &rmsg,
+		cac);
+	if (!*hac)
+                return 0;
+        return 1;
+	}
+ 
+/* similarly to release one. */
+static void release_context(HWCryptoHook_ContextHandle hac)
+	{
+	p_hwcrhk_Finish(hac);
+	}
+
+/* Destructor (complements the "ENGINE_ncipher()" constructor) */
+static int hwcrhk_destroy(ENGINE *e)
+	{
+	free_HWCRHK_LIBNAME();
+	ERR_unload_HWCRHK_strings();
+	return 1;
+	}
+
+/* (de)initialisation functions. */
+static int hwcrhk_init(ENGINE *e)
+	{
+	HWCryptoHook_Init_t *p1;
+	HWCryptoHook_Finish_t *p2;
+	HWCryptoHook_ModExp_t *p3;
+#ifndef OPENSSL_NO_RSA
+	HWCryptoHook_RSA_t *p4;
+	HWCryptoHook_RSALoadKey_t *p5;
+	HWCryptoHook_RSAGetPublicKey_t *p6;
+	HWCryptoHook_RSAUnloadKey_t *p7;
+#endif
+	HWCryptoHook_RandomBytes_t *p8;
+	HWCryptoHook_ModExpCRT_t *p9;
+
+	if(hwcrhk_dso != NULL)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_ALREADY_LOADED);
+		goto err;
+		}
+	/* Attempt to load libnfhwcrhk.so/nfhwcrhk.dll/whatever. */
+	hwcrhk_dso = DSO_load(NULL, get_HWCRHK_LIBNAME(), NULL, 0);
+	if(hwcrhk_dso == NULL)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
+		goto err;
+		}
+	if(!(p1 = (HWCryptoHook_Init_t *)
+			DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) ||
+		!(p2 = (HWCryptoHook_Finish_t *)
+			DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) ||
+		!(p3 = (HWCryptoHook_ModExp_t *)
+			DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) ||
+#ifndef OPENSSL_NO_RSA
+		!(p4 = (HWCryptoHook_RSA_t *)
+			DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) ||
+		!(p5 = (HWCryptoHook_RSALoadKey_t *)
+			DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) ||
+		!(p6 = (HWCryptoHook_RSAGetPublicKey_t *)
+			DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) ||
+		!(p7 = (HWCryptoHook_RSAUnloadKey_t *)
+			DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) ||
+#endif
+		!(p8 = (HWCryptoHook_RandomBytes_t *)
+			DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) ||
+		!(p9 = (HWCryptoHook_ModExpCRT_t *)
+			DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT)))
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_DSO_FAILURE);
+		goto err;
+		}
+	/* Copy the pointers */
+	p_hwcrhk_Init = p1;
+	p_hwcrhk_Finish = p2;
+	p_hwcrhk_ModExp = p3;
+#ifndef OPENSSL_NO_RSA
+	p_hwcrhk_RSA = p4;
+	p_hwcrhk_RSALoadKey = p5;
+	p_hwcrhk_RSAGetPublicKey = p6;
+	p_hwcrhk_RSAUnloadKey = p7;
+#endif
+	p_hwcrhk_RandomBytes = p8;
+	p_hwcrhk_ModExpCRT = p9;
+
+	/* Check if the application decided to support dynamic locks,
+	   and if it does, use them. */
+	if (disable_mutex_callbacks == 0)
+		{
+		if (CRYPTO_get_dynlock_create_callback() != NULL &&
+			CRYPTO_get_dynlock_lock_callback() != NULL &&
+			CRYPTO_get_dynlock_destroy_callback() != NULL)
+			{
+			hwcrhk_globals.mutex_init = hwcrhk_mutex_init;
+			hwcrhk_globals.mutex_acquire = hwcrhk_mutex_lock;
+			hwcrhk_globals.mutex_release = hwcrhk_mutex_unlock;
+			hwcrhk_globals.mutex_destroy = hwcrhk_mutex_destroy;
+			}
+		else if (CRYPTO_get_locking_callback() != NULL)
+			{
+			HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_LOCKING_MISSING);
+			ERR_add_error_data(1,"You HAVE to add dynamic locking callbacks via CRYPTO_set_dynlock_{create,lock,destroy}_callback()");
+			goto err;
+			}
+		}
+
+	/* Try and get a context - if not, we may have a DSO but no
+	 * accelerator! */
+	if(!get_context(&hwcrhk_context, &password_context))
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_INIT,HWCRHK_R_UNIT_FAILURE);
+		goto err;
+		}
+	/* Everything's fine. */
+#ifndef OPENSSL_NO_RSA
+	if (hndidx_rsa == -1)
+		hndidx_rsa = RSA_get_ex_new_index(0,
+			"nFast HWCryptoHook RSA key handle",
+			NULL, NULL, hwcrhk_ex_free);
+#endif
+	return 1;
+err:
+	if(hwcrhk_dso)
+		DSO_free(hwcrhk_dso);
+	hwcrhk_dso = NULL;
+	p_hwcrhk_Init = NULL;
+	p_hwcrhk_Finish = NULL;
+	p_hwcrhk_ModExp = NULL;
+#ifndef OPENSSL_NO_RSA
+	p_hwcrhk_RSA = NULL;
+	p_hwcrhk_RSALoadKey = NULL;
+	p_hwcrhk_RSAGetPublicKey = NULL;
+	p_hwcrhk_RSAUnloadKey = NULL;
+#endif
+	p_hwcrhk_ModExpCRT = NULL;
+	p_hwcrhk_RandomBytes = NULL;
+	return 0;
+	}
+
+static int hwcrhk_finish(ENGINE *e)
+	{
+	int to_return = 1;
+	free_HWCRHK_LIBNAME();
+	if(hwcrhk_dso == NULL)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_NOT_LOADED);
+		to_return = 0;
+		goto err;
+		}
+	release_context(hwcrhk_context);
+	if(!DSO_free(hwcrhk_dso))
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_FINISH,HWCRHK_R_DSO_FAILURE);
+		to_return = 0;
+		goto err;
+		}
+ err:
+	if (logstream)
+		BIO_free(logstream);
+	hwcrhk_dso = NULL;
+	p_hwcrhk_Init = NULL;
+	p_hwcrhk_Finish = NULL;
+	p_hwcrhk_ModExp = NULL;
+#ifndef OPENSSL_NO_RSA
+	p_hwcrhk_RSA = NULL;
+	p_hwcrhk_RSALoadKey = NULL;
+	p_hwcrhk_RSAGetPublicKey = NULL;
+	p_hwcrhk_RSAUnloadKey = NULL;
+#endif
+	p_hwcrhk_ModExpCRT = NULL;
+	p_hwcrhk_RandomBytes = NULL;
+	return to_return;
+	}
+
+static int hwcrhk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+	{
+	int to_return = 1;
+
+	switch(cmd)
+		{
+	case HWCRHK_CMD_SO_PATH:
+		if(hwcrhk_dso)
+			{
+			HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_ALREADY_LOADED);
+			return 0;
+			}
+		if(p == NULL)
+			{
+			HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+			return 0;
+			}
+		return set_HWCRHK_LIBNAME((const char *)p);
+	case ENGINE_CTRL_SET_LOGSTREAM:
+		{
+		BIO *bio = (BIO *)p;
+
+		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+		if (logstream)
+			{
+			BIO_free(logstream);
+			logstream = NULL;
+			}
+		if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
+			logstream = bio;
+		else
+			HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,HWCRHK_R_BIO_WAS_FREED);
+		}
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		break;
+	case ENGINE_CTRL_SET_PASSWORD_CALLBACK:
+		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+		password_context.password_callback = (pem_password_cb *)f;
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		break;
+	case ENGINE_CTRL_SET_USER_INTERFACE:
+	case HWCRHK_CMD_SET_USER_INTERFACE:
+		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+		password_context.ui_method = (UI_METHOD *)p;
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		break;
+	case ENGINE_CTRL_SET_CALLBACK_DATA:
+	case HWCRHK_CMD_SET_CALLBACK_DATA:
+		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+		password_context.callback_data = p;
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		break;
+	/* this enables or disables the "SimpleForkCheck" flag used in the
+	 * initialisation structure. */
+	case ENGINE_CTRL_CHIL_SET_FORKCHECK:
+	case HWCRHK_CMD_FORK_CHECK:
+		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+		if(i)
+			hwcrhk_globals.flags |=
+				HWCryptoHook_InitFlags_SimpleForkCheck;
+		else
+			hwcrhk_globals.flags &=
+				~HWCryptoHook_InitFlags_SimpleForkCheck;
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		break;
+	/* This will prevent the initialisation function from "installing"
+	 * the mutex-handling callbacks, even if they are available from
+	 * within the library (or were provided to the library from the
+	 * calling application). This is to remove any baggage for
+	 * applications not using multithreading. */
+	case ENGINE_CTRL_CHIL_NO_LOCKING:
+		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+		disable_mutex_callbacks = 1;
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		break;
+	case HWCRHK_CMD_THREAD_LOCKING:
+		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+		disable_mutex_callbacks = ((i == 0) ? 0 : 1);
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		break;
+
+	/* The command isn't understood by this engine */
+	default:
+		HWCRHKerr(HWCRHK_F_HWCRHK_CTRL,
+			HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+		to_return = 0;
+		break;
+		}
+
+	return to_return;
+	}
+
+static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data)
+	{
+#ifndef OPENSSL_NO_RSA
+	RSA *rtmp = NULL;
+#endif
+	EVP_PKEY *res = NULL;
+#ifndef OPENSSL_NO_RSA
+	HWCryptoHook_MPI e, n;
+	HWCryptoHook_RSAKeyHandle *hptr;
+#endif
+#if !defined(OPENSSL_NO_RSA)
+	char tempbuf[1024];
+	HWCryptoHook_ErrMsgBuf rmsg;
+#endif
+	HWCryptoHook_PassphraseContext ppctx;
+
+#if !defined(OPENSSL_NO_RSA)
+	rmsg.buf = tempbuf;
+	rmsg.size = sizeof(tempbuf);
+#endif
+
+	if(!hwcrhk_context)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+			HWCRHK_R_NOT_INITIALISED);
+		goto err;
+		}
+#ifndef OPENSSL_NO_RSA
+	hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle));
+	if (!hptr)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+			ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+        ppctx.ui_method = ui_method;
+	ppctx.callback_data = callback_data;
+	if (p_hwcrhk_RSALoadKey(hwcrhk_context, key_id, hptr,
+		&rmsg, &ppctx))
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+			HWCRHK_R_CHIL_ERROR);
+		ERR_add_error_data(1,rmsg.buf);
+		goto err;
+		}
+	if (!*hptr)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY,
+			HWCRHK_R_NO_KEY);
+		goto err;
+		}
+#endif
+#ifndef OPENSSL_NO_RSA
+	rtmp = RSA_new_method(eng);
+	RSA_set_ex_data(rtmp, hndidx_rsa, (char *)hptr);
+	rtmp->e = BN_new();
+	rtmp->n = BN_new();
+	rtmp->flags |= RSA_FLAG_EXT_PKEY;
+	MPI2BN(rtmp->e, e);
+	MPI2BN(rtmp->n, n);
+	if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg)
+		!= HWCRYPTOHOOK_ERROR_MPISIZE)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,HWCRHK_R_CHIL_ERROR);
+		ERR_add_error_data(1,rmsg.buf);
+		goto err;
+		}
+
+	bn_expand2(rtmp->e, e.size/sizeof(BN_ULONG));
+	bn_expand2(rtmp->n, n.size/sizeof(BN_ULONG));
+	MPI2BN(rtmp->e, e);
+	MPI2BN(rtmp->n, n);
+
+	if (p_hwcrhk_RSAGetPublicKey(*hptr, &n, &e, &rmsg))
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
+			HWCRHK_R_CHIL_ERROR);
+		ERR_add_error_data(1,rmsg.buf);
+		goto err;
+		}
+	rtmp->e->top = e.size / sizeof(BN_ULONG);
+	bn_fix_top(rtmp->e);
+	rtmp->n->top = n.size / sizeof(BN_ULONG);
+	bn_fix_top(rtmp->n);
+
+	res = EVP_PKEY_new();
+	EVP_PKEY_assign_RSA(res, rtmp);
+#endif
+
+        if (!res)
+                HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
+                        HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED);
+
+	return res;
+ err:
+	if (res)
+		EVP_PKEY_free(res);
+#ifndef OPENSSL_NO_RSA
+	if (rtmp)
+		RSA_free(rtmp);
+#endif
+	return NULL;
+	}
+
+static EVP_PKEY *hwcrhk_load_pubkey(ENGINE *eng, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data)
+	{
+	EVP_PKEY *res = NULL;
+
+#ifndef OPENSSL_NO_RSA
+        res = hwcrhk_load_privkey(eng, key_id,
+                ui_method, callback_data);
+#endif
+
+	if (res)
+		switch(res->type)
+			{
+#ifndef OPENSSL_NO_RSA
+		case EVP_PKEY_RSA:
+			{
+			RSA *rsa = NULL;
+
+			CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
+			rsa = res->pkey.rsa;
+			res->pkey.rsa = RSA_new();
+			res->pkey.rsa->n = rsa->n;
+			res->pkey.rsa->e = rsa->e;
+			rsa->n = NULL;
+			rsa->e = NULL;
+			CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+			RSA_free(rsa);
+			}
+			break;
+#endif
+		default:
+			HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PUBKEY,
+				HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+			goto err;
+			}
+
+	return res;
+ err:
+	if (res)
+		EVP_PKEY_free(res);
+	return NULL;
+	}
+
+/* A little mod_exp */
+static int hwcrhk_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			const BIGNUM *m, BN_CTX *ctx)
+	{
+	char tempbuf[1024];
+	HWCryptoHook_ErrMsgBuf rmsg;
+	/* Since HWCryptoHook_MPI is pretty compatible with BIGNUM's,
+	   we use them directly, plus a little macro magic.  We only
+	   thing we need to make sure of is that enough space is allocated. */
+	HWCryptoHook_MPI m_a, m_p, m_n, m_r;
+	int to_return, ret;
+ 
+	to_return = 0; /* expect failure */
+	rmsg.buf = tempbuf;
+	rmsg.size = sizeof(tempbuf);
+
+	if(!hwcrhk_context)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
+		goto err;
+		}
+	/* Prepare the params */
+	bn_expand2(r, m->top);	/* Check for error !! */
+	BN2MPI(m_a, a);
+	BN2MPI(m_p, p);
+	BN2MPI(m_n, m);
+	MPI2BN(r, m_r);
+
+	/* Perform the operation */
+	ret = p_hwcrhk_ModExp(hwcrhk_context, m_a, m_p, m_n, &m_r, &rmsg);
+
+	/* Convert the response */
+	r->top = m_r.size / sizeof(BN_ULONG);
+	bn_fix_top(r);
+
+	if (ret < 0)
+		{
+		/* FIXME: When this error is returned, HWCryptoHook is
+		   telling us that falling back to software computation
+		   might be a good thing. */
+		if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+			{
+			HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FALLBACK);
+			}
+		else
+			{
+			HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_REQUEST_FAILED);
+			}
+		ERR_add_error_data(1,rmsg.buf);
+		goto err;
+		}
+
+	to_return = 1;
+err:
+	return to_return;
+	}
+
+#ifndef OPENSSL_NO_RSA 
+static int hwcrhk_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa)
+	{
+	char tempbuf[1024];
+	HWCryptoHook_ErrMsgBuf rmsg;
+	HWCryptoHook_RSAKeyHandle *hptr;
+	int to_return = 0, ret;
+
+	rmsg.buf = tempbuf;
+	rmsg.size = sizeof(tempbuf);
+
+	if(!hwcrhk_context)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_MOD_EXP,HWCRHK_R_NOT_INITIALISED);
+		goto err;
+		}
+
+	/* This provides support for nForce keys.  Since that's opaque data
+	   all we do is provide a handle to the proper key and let HWCryptoHook
+	   take care of the rest. */
+	if ((hptr = (HWCryptoHook_RSAKeyHandle *) RSA_get_ex_data(rsa, hndidx_rsa))
+		!= NULL)
+		{
+		HWCryptoHook_MPI m_a, m_r;
+
+		if(!rsa->n)
+			{
+			HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+				HWCRHK_R_MISSING_KEY_COMPONENTS);
+			goto err;
+			}
+
+		/* Prepare the params */
+		bn_expand2(r, rsa->n->top); /* Check for error !! */
+		BN2MPI(m_a, I);
+		MPI2BN(r, m_r);
+
+		/* Perform the operation */
+		ret = p_hwcrhk_RSA(m_a, *hptr, &m_r, &rmsg);
+
+		/* Convert the response */
+		r->top = m_r.size / sizeof(BN_ULONG);
+		bn_fix_top(r);
+
+		if (ret < 0)
+			{
+			/* FIXME: When this error is returned, HWCryptoHook is
+			   telling us that falling back to software computation
+			   might be a good thing. */
+			if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+				{
+				HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+					HWCRHK_R_REQUEST_FALLBACK);
+				}
+			else
+				{
+				HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+					HWCRHK_R_REQUEST_FAILED);
+				}
+			ERR_add_error_data(1,rmsg.buf);
+			goto err;
+			}
+		}
+	else
+		{
+		HWCryptoHook_MPI m_a, m_p, m_q, m_dmp1, m_dmq1, m_iqmp, m_r;
+
+		if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
+			{
+			HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+				HWCRHK_R_MISSING_KEY_COMPONENTS);
+			goto err;
+			}
+
+		/* Prepare the params */
+		bn_expand2(r, rsa->n->top); /* Check for error !! */
+		BN2MPI(m_a, I);
+		BN2MPI(m_p, rsa->p);
+		BN2MPI(m_q, rsa->q);
+		BN2MPI(m_dmp1, rsa->dmp1);
+		BN2MPI(m_dmq1, rsa->dmq1);
+		BN2MPI(m_iqmp, rsa->iqmp);
+		MPI2BN(r, m_r);
+
+		/* Perform the operation */
+		ret = p_hwcrhk_ModExpCRT(hwcrhk_context, m_a, m_p, m_q,
+			m_dmp1, m_dmq1, m_iqmp, &m_r, &rmsg);
+
+		/* Convert the response */
+		r->top = m_r.size / sizeof(BN_ULONG);
+		bn_fix_top(r);
+
+		if (ret < 0)
+			{
+			/* FIXME: When this error is returned, HWCryptoHook is
+			   telling us that falling back to software computation
+			   might be a good thing. */
+			if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+				{
+				HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+					HWCRHK_R_REQUEST_FALLBACK);
+				}
+			else
+				{
+				HWCRHKerr(HWCRHK_F_HWCRHK_RSA_MOD_EXP,
+					HWCRHK_R_REQUEST_FAILED);
+				}
+			ERR_add_error_data(1,rmsg.buf);
+			goto err;
+			}
+		}
+	/* If we're here, we must be here with some semblance of success :-) */
+	to_return = 1;
+err:
+	return to_return;
+	}
+#endif
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int hwcrhk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	return hwcrhk_mod_exp(r, a, p, m, ctx);
+	}
+
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int hwcrhk_mod_exp_dh(const DH *dh, BIGNUM *r,
+		const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	return hwcrhk_mod_exp(r, a, p, m, ctx);
+	}
+#endif
+
+/* Random bytes are good */
+static int hwcrhk_rand_bytes(unsigned char *buf, int num)
+	{
+	char tempbuf[1024];
+	HWCryptoHook_ErrMsgBuf rmsg;
+	int to_return = 0; /* assume failure */
+	int ret;
+
+	rmsg.buf = tempbuf;
+	rmsg.size = sizeof(tempbuf);
+
+	if(!hwcrhk_context)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,HWCRHK_R_NOT_INITIALISED);
+		goto err;
+		}
+
+	ret = p_hwcrhk_RandomBytes(hwcrhk_context, buf, num, &rmsg);
+	if (ret < 0)
+		{
+		/* FIXME: When this error is returned, HWCryptoHook is
+		   telling us that falling back to software computation
+		   might be a good thing. */
+		if(ret == HWCRYPTOHOOK_ERROR_FALLBACK)
+			{
+			HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,
+				HWCRHK_R_REQUEST_FALLBACK);
+			}
+		else
+			{
+			HWCRHKerr(HWCRHK_F_HWCRHK_RAND_BYTES,
+				HWCRHK_R_REQUEST_FAILED);
+			}
+		ERR_add_error_data(1,rmsg.buf);
+		goto err;
+		}
+	to_return = 1;
+ err:
+	return to_return;
+	}
+
+static int hwcrhk_rand_status(void)
+	{
+	return 1;
+	}
+
+/* This cleans up an RSA KM key, called when ex_data is freed */
+
+static void hwcrhk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+	int ind,long argl, void *argp)
+{
+	char tempbuf[1024];
+	HWCryptoHook_ErrMsgBuf rmsg;
+#ifndef OPENSSL_NO_RSA
+	HWCryptoHook_RSAKeyHandle *hptr;
+#endif
+#if !defined(OPENSSL_NO_RSA)
+	int ret;
+#endif
+
+	rmsg.buf = tempbuf;
+	rmsg.size = sizeof(tempbuf);
+
+#ifndef OPENSSL_NO_RSA
+	hptr = (HWCryptoHook_RSAKeyHandle *) item;
+	if(hptr)
+                {
+                ret = p_hwcrhk_RSAUnloadKey(*hptr, NULL);
+                OPENSSL_free(hptr);
+                }
+#endif
+}
+
+/* Mutex calls: since the HWCryptoHook model closely follows the POSIX model
+ * these just wrap the POSIX functions and add some logging.
+ */
+
+static int hwcrhk_mutex_init(HWCryptoHook_Mutex* mt,
+	HWCryptoHook_CallerContext *cactx)
+	{
+	mt->lockid = CRYPTO_get_new_dynlockid();
+	if (mt->lockid == 0)
+		return 1; /* failure */
+	return 0; /* success */
+	}
+
+static int hwcrhk_mutex_lock(HWCryptoHook_Mutex *mt)
+	{
+	CRYPTO_w_lock(mt->lockid);
+	return 0;
+	}
+
+static void hwcrhk_mutex_unlock(HWCryptoHook_Mutex * mt)
+	{
+	CRYPTO_w_unlock(mt->lockid);
+	}
+
+static void hwcrhk_mutex_destroy(HWCryptoHook_Mutex *mt)
+	{
+	CRYPTO_destroy_dynlockid(mt->lockid);
+	}
+
+static int hwcrhk_get_pass(const char *prompt_info,
+	int *len_io, char *buf,
+	HWCryptoHook_PassphraseContext *ppctx,
+	HWCryptoHook_CallerContext *cactx)
+	{
+	pem_password_cb *callback = NULL;
+	void *callback_data = NULL;
+        UI_METHOD *ui_method = NULL;
+
+        if (cactx)
+                {
+                if (cactx->ui_method)
+                        ui_method = cactx->ui_method;
+		if (cactx->password_callback)
+			callback = cactx->password_callback;
+		if (cactx->callback_data)
+			callback_data = cactx->callback_data;
+                }
+	if (ppctx)
+		{
+                if (ppctx->ui_method)
+                        {
+                        ui_method = ppctx->ui_method;
+                        callback = NULL;
+                        }
+		if (ppctx->callback_data)
+			callback_data = ppctx->callback_data;
+		}
+	if (callback == NULL && ui_method == NULL)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_GET_PASS,HWCRHK_R_NO_CALLBACK);
+		return -1;
+		}
+
+        if (ui_method)
+                {
+                UI *ui = UI_new_method(ui_method);
+                if (ui)
+                        {
+                        int ok;
+                        char *prompt = UI_construct_prompt(ui,
+                                "pass phrase", prompt_info);
+
+                        ok = UI_add_input_string(ui,prompt,
+                                UI_INPUT_FLAG_DEFAULT_PWD,
+				buf,0,(*len_io) - 1);
+                        UI_add_user_data(ui, callback_data);
+			UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+
+			if (ok >= 0)
+				do
+					{
+					ok=UI_process(ui);
+					}
+				while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+
+                        if (ok >= 0)
+                                *len_io = strlen(buf);
+
+                        UI_free(ui);
+                        OPENSSL_free(prompt);
+                        }
+                }
+        else
+                {
+                *len_io = callback(buf, *len_io, 0, callback_data);
+                }
+	if(!*len_io)
+		return -1;
+	return 0;
+	}
+
+static int hwcrhk_insert_card(const char *prompt_info,
+		      const char *wrong_info,
+		      HWCryptoHook_PassphraseContext *ppctx,
+		      HWCryptoHook_CallerContext *cactx)
+        {
+        int ok = -1;
+        UI *ui;
+	void *callback_data = NULL;
+        UI_METHOD *ui_method = NULL;
+
+        if (cactx)
+                {
+                if (cactx->ui_method)
+                        ui_method = cactx->ui_method;
+		if (cactx->callback_data)
+			callback_data = cactx->callback_data;
+                }
+	if (ppctx)
+		{
+                if (ppctx->ui_method)
+                        ui_method = ppctx->ui_method;
+		if (ppctx->callback_data)
+			callback_data = ppctx->callback_data;
+		}
+	if (ui_method == NULL)
+		{
+		HWCRHKerr(HWCRHK_F_HWCRHK_INSERT_CARD,
+			HWCRHK_R_NO_CALLBACK);
+		return -1;
+		}
+
+	ui = UI_new_method(ui_method);
+
+	if (ui)
+		{
+		char answer;
+		char buf[BUFSIZ];
+
+		if (wrong_info)
+			BIO_snprintf(buf, sizeof(buf)-1,
+				"Current card: \"%s\"\n", wrong_info);
+		ok = UI_dup_info_string(ui, buf);
+		if (ok >= 0 && prompt_info)
+			{
+			BIO_snprintf(buf, sizeof(buf)-1,
+				"Insert card \"%s\"", prompt_info);
+			ok = UI_dup_input_boolean(ui, buf,
+				"\n then hit <enter> or C<enter> to cancel\n",
+				"\r\n", "Cc", UI_INPUT_FLAG_ECHO, &answer);
+			}
+		UI_add_user_data(ui, callback_data);
+
+		if (ok >= 0)
+			ok = UI_process(ui);
+		UI_free(ui);
+
+		if (ok == -2 || (ok >= 0 && answer == 'C'))
+			ok = 1;
+		else if (ok < 0)
+			ok = -1;
+		else
+			ok = 0;
+		}
+	return ok;
+	}
+
+static void hwcrhk_log_message(void *logstr, const char *message)
+	{
+	BIO *lstream = NULL;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_BIO);
+	if (logstr)
+		lstream=*(BIO **)logstr;
+	if (lstream)
+		{
+		BIO_printf(lstream, "%s\n", message);
+		}
+	CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
+	}
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */	   
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_fn(ENGINE *e, const char *id)
+	{
+	if(id && (strcmp(id, engine_hwcrhk_id) != 0))
+		return 0;
+	if(!bind_helper(e))
+		return 0;
+	return 1;
+	}       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+
+#endif /* !OPENSSL_NO_HW_NCIPHER */
+#endif /* !OPENSSL_NO_HW */
diff --git a/engines/e_ncipher.ec b/engines/e_ncipher.ec
new file mode 100644
index 0000000000..561db41e52
--- /dev/null
+++ b/engines/e_ncipher.ec
@@ -0,0 +1 @@
+L HWCRHK	e_ncipher_err.h			e_ncipher_err.c
diff --git a/engines/e_ncipher_err.c b/engines/e_ncipher_err.c
new file mode 100644
index 0000000000..6716517d9e
--- /dev/null
+++ b/engines/e_ncipher_err.c
@@ -0,0 +1,157 @@
+/* e_ncipher_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_ncipher_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA HWCRHK_str_functs[]=
+	{
+{ERR_PACK(0,HWCRHK_F_HWCRHK_CTRL,0),	"HWCRHK_CTRL"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_FINISH,0),	"HWCRHK_FINISH"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_GET_PASS,0),	"HWCRHK_GET_PASS"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_INIT,0),	"HWCRHK_INIT"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_INSERT_CARD,0),	"HWCRHK_INSERT_CARD"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_LOAD_PRIVKEY,0),	"HWCRHK_LOAD_PRIVKEY"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_LOAD_PUBKEY,0),	"HWCRHK_LOAD_PUBKEY"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_MOD_EXP,0),	"HWCRHK_MOD_EXP"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_RAND_BYTES,0),	"HWCRHK_RAND_BYTES"},
+{ERR_PACK(0,HWCRHK_F_HWCRHK_RSA_MOD_EXP,0),	"HWCRHK_RSA_MOD_EXP"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA HWCRHK_str_reasons[]=
+	{
+{HWCRHK_R_ALREADY_LOADED                 ,"already loaded"},
+{HWCRHK_R_BIO_WAS_FREED                  ,"bio was freed"},
+{HWCRHK_R_CHIL_ERROR                     ,"chil error"},
+{HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED   ,"ctrl command not implemented"},
+{HWCRHK_R_DSO_FAILURE                    ,"dso failure"},
+{HWCRHK_R_LOCKING_MISSING                ,"locking missing"},
+{HWCRHK_R_MISSING_KEY_COMPONENTS         ,"missing key components"},
+{HWCRHK_R_NOT_INITIALISED                ,"not initialised"},
+{HWCRHK_R_NOT_LOADED                     ,"not loaded"},
+{HWCRHK_R_NO_CALLBACK                    ,"no callback"},
+{HWCRHK_R_NO_KEY                         ,"no key"},
+{HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED,"private key algorithms disabled"},
+{HWCRHK_R_REQUEST_FAILED                 ,"request failed"},
+{HWCRHK_R_REQUEST_FALLBACK               ,"request fallback"},
+{HWCRHK_R_UNIT_FAILURE                   ,"unit failure"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef HWCRHK_LIB_NAME
+static ERR_STRING_DATA HWCRHK_lib_name[]=
+        {
+{0	,HWCRHK_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int HWCRHK_lib_error_code=0;
+static int HWCRHK_error_init=1;
+
+static void ERR_load_HWCRHK_strings(void)
+	{
+	if (HWCRHK_lib_error_code == 0)
+		HWCRHK_lib_error_code=ERR_get_next_error_library();
+
+	if (HWCRHK_error_init)
+		{
+		HWCRHK_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_functs);
+		ERR_load_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons);
+#endif
+
+#ifdef HWCRHK_LIB_NAME
+		HWCRHK_lib_name->error = ERR_PACK(HWCRHK_lib_error_code,0,0);
+		ERR_load_strings(0,HWCRHK_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_HWCRHK_strings(void)
+	{
+	if (HWCRHK_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_functs);
+		ERR_unload_strings(HWCRHK_lib_error_code,HWCRHK_str_reasons);
+#endif
+
+#ifdef HWCRHK_LIB_NAME
+		ERR_unload_strings(0,HWCRHK_lib_name);
+#endif
+		HWCRHK_error_init=1;
+		}
+	}
+
+static void ERR_HWCRHK_error(int function, int reason, char *file, int line)
+	{
+	if (HWCRHK_lib_error_code == 0)
+		HWCRHK_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(HWCRHK_lib_error_code,function,reason,file,line);
+	}
diff --git a/engines/e_ncipher_err.h b/engines/e_ncipher_err.h
new file mode 100644
index 0000000000..482086e3b5
--- /dev/null
+++ b/engines/e_ncipher_err.h
@@ -0,0 +1,101 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_HWCRHK_ERR_H
+#define HEADER_HWCRHK_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_HWCRHK_strings(void);
+static void ERR_unload_HWCRHK_strings(void);
+static void ERR_HWCRHK_error(int function, int reason, char *file, int line);
+#define HWCRHKerr(f,r) ERR_HWCRHK_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the HWCRHK functions. */
+
+/* Function codes. */
+#define HWCRHK_F_HWCRHK_CTRL				 100
+#define HWCRHK_F_HWCRHK_FINISH				 101
+#define HWCRHK_F_HWCRHK_GET_PASS			 102
+#define HWCRHK_F_HWCRHK_INIT				 103
+#define HWCRHK_F_HWCRHK_INSERT_CARD			 104
+#define HWCRHK_F_HWCRHK_LOAD_PRIVKEY			 105
+#define HWCRHK_F_HWCRHK_LOAD_PUBKEY			 106
+#define HWCRHK_F_HWCRHK_MOD_EXP				 107
+#define HWCRHK_F_HWCRHK_RAND_BYTES			 108
+#define HWCRHK_F_HWCRHK_RSA_MOD_EXP			 109
+
+/* Reason codes. */
+#define HWCRHK_R_ALREADY_LOADED				 100
+#define HWCRHK_R_BIO_WAS_FREED				 101
+#define HWCRHK_R_CHIL_ERROR				 102
+#define HWCRHK_R_CTRL_COMMAND_NOT_IMPLEMENTED		 103
+#define HWCRHK_R_DSO_FAILURE				 104
+#define HWCRHK_R_LOCKING_MISSING			 114
+#define HWCRHK_R_MISSING_KEY_COMPONENTS			 105
+#define HWCRHK_R_NOT_INITIALISED			 106
+#define HWCRHK_R_NOT_LOADED				 107
+#define HWCRHK_R_NO_CALLBACK				 108
+#define HWCRHK_R_NO_KEY					 109
+#define HWCRHK_R_PRIVATE_KEY_ALGORITHMS_DISABLED	 110
+#define HWCRHK_R_REQUEST_FAILED				 111
+#define HWCRHK_R_REQUEST_FALLBACK			 112
+#define HWCRHK_R_UNIT_FAILURE				 113
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/engines/e_nuron.c b/engines/e_nuron.c
new file mode 100644
index 0000000000..88f29640ec
--- /dev/null
+++ b/engines/e_nuron.c
@@ -0,0 +1,419 @@
+/* crypto/engine/hw_nuron.c */
+/* Written by Ben Laurie for the OpenSSL Project, leaning heavily on Geoff
+ * Thorpe's Atalla implementation.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_NURON
+
+#define NURON_LIB_NAME "nuron engine"
+#include "e_nuron_err.c"
+
+static const char *NURON_LIBNAME = NULL;
+static const char *get_NURON_LIBNAME(void)
+	{
+	if(NURON_LIBNAME)
+		return NURON_LIBNAME;
+	return "nuronssl";
+	}
+static void free_NURON_LIBNAME(void)
+	{
+	if(NURON_LIBNAME)
+		OPENSSL_free((void*)NURON_LIBNAME);
+	NURON_LIBNAME = NULL;
+	}
+static long set_NURON_LIBNAME(const char *name)
+	{
+	free_NURON_LIBNAME();
+	return (((NURON_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+	}
+static const char *NURON_F1 = "nuron_mod_exp";
+
+/* The definitions for control commands specific to this engine */
+#define NURON_CMD_SO_PATH		ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN nuron_cmd_defns[] = {
+	{NURON_CMD_SO_PATH,
+		"SO_PATH",
+		"Specifies the path to the 'nuronssl' shared library",
+		ENGINE_CMD_FLAG_STRING},
+	{0, NULL, NULL, 0}
+	};
+
+typedef int tfnModExp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,const BIGNUM *m);
+static tfnModExp *pfnModExp = NULL;
+
+static DSO *pvDSOHandle = NULL;
+
+static int nuron_destroy(ENGINE *e)
+	{
+	free_NURON_LIBNAME();
+	ERR_unload_NURON_strings();
+	return 1;
+	}
+
+static int nuron_init(ENGINE *e)
+	{
+	if(pvDSOHandle != NULL)
+		{
+		NURONerr(NURON_F_NURON_INIT,NURON_R_ALREADY_LOADED);
+		return 0;
+		}
+
+	pvDSOHandle = DSO_load(NULL, get_NURON_LIBNAME(), NULL,
+		DSO_FLAG_NAME_TRANSLATION_EXT_ONLY);
+	if(!pvDSOHandle)
+		{
+		NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_NOT_FOUND);
+		return 0;
+		}
+
+	pfnModExp = (tfnModExp *)DSO_bind_func(pvDSOHandle, NURON_F1);
+	if(!pfnModExp)
+		{
+		NURONerr(NURON_F_NURON_INIT,NURON_R_DSO_FUNCTION_NOT_FOUND);
+		return 0;
+		}
+
+	return 1;
+	}
+
+static int nuron_finish(ENGINE *e)
+	{
+	free_NURON_LIBNAME();
+	if(pvDSOHandle == NULL)
+		{
+		NURONerr(NURON_F_NURON_FINISH,NURON_R_NOT_LOADED);
+		return 0;
+		}
+	if(!DSO_free(pvDSOHandle))
+		{
+		NURONerr(NURON_F_NURON_FINISH,NURON_R_DSO_FAILURE);
+		return 0;
+		}
+	pvDSOHandle=NULL;
+	pfnModExp=NULL;
+	return 1;
+	}
+
+static int nuron_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+	{
+	int initialised = ((pvDSOHandle == NULL) ? 0 : 1);
+	switch(cmd)
+		{
+	case NURON_CMD_SO_PATH:
+		if(p == NULL)
+			{
+			NURONerr(NURON_F_NURON_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+			return 0;
+			}
+		if(initialised)
+			{
+			NURONerr(NURON_F_NURON_CTRL,NURON_R_ALREADY_LOADED);
+			return 0;
+			}
+		return set_NURON_LIBNAME((const char *)p);
+	default:
+		break;
+		}
+	NURONerr(NURON_F_NURON_CTRL,NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+	return 0;
+}
+
+static int nuron_mod_exp(BIGNUM *r,const BIGNUM *a,const BIGNUM *p,
+			 const BIGNUM *m,BN_CTX *ctx)
+	{
+	if(!pvDSOHandle)
+		{
+		NURONerr(NURON_F_NURON_MOD_EXP,NURON_R_NOT_LOADED);
+		return 0;
+		}
+	return pfnModExp(r,a,p,m);
+	}
+
+#ifndef OPENSSL_NO_RSA
+static int nuron_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+	{
+	return nuron_mod_exp(r0,I,rsa->d,rsa->n,NULL);
+	}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* This code was liberated and adapted from the commented-out code in
+ * dsa_ossl.c. Because of the unoptimised form of the Atalla acceleration
+ * (it doesn't have a CRT form for RSA), this function means that an
+ * Atalla system running with a DSA server certificate can handshake
+ * around 5 or 6 times faster/more than an equivalent system running with
+ * RSA. Just check out the "signs" statistics from the RSA and DSA parts
+ * of "openssl speed -engine atalla dsa1024 rsa1024". */
+static int nuron_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+			     BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+			     BN_CTX *ctx, BN_MONT_CTX *in_mont)
+	{
+	BIGNUM t;
+	int to_return = 0;
+ 
+	BN_init(&t);
+	/* let rr = a1 ^ p1 mod m */
+	if (!nuron_mod_exp(rr,a1,p1,m,ctx))
+		goto end;
+	/* let t = a2 ^ p2 mod m */
+	if (!nuron_mod_exp(&t,a2,p2,m,ctx))
+		goto end;
+	/* let rr = rr * t mod m */
+	if (!BN_mod_mul(rr,rr,&t,m,ctx))
+		goto end;
+	to_return = 1;
+end:
+	BN_free(&t);
+	return to_return;
+	}
+
+
+static int nuron_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+			     const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+			     BN_MONT_CTX *m_ctx)
+	{
+	return nuron_mod_exp(r, a, p, m, ctx);
+	}
+#endif
+
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int nuron_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			      const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	return nuron_mod_exp(r, a, p, m, ctx);
+	}
+
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int nuron_mod_exp_dh(const DH *dh, BIGNUM *r,
+		const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+	{
+	return nuron_mod_exp(r, a, p, m, ctx);
+	}
+#endif
+
+#ifndef OPENSSL_NO_RSA
+static RSA_METHOD nuron_rsa =
+	{
+	"Nuron RSA method",
+	NULL,
+	NULL,
+	NULL,
+	NULL,
+	nuron_rsa_mod_exp,
+	nuron_mod_exp_mont,
+	NULL,
+	NULL,
+	0,
+	NULL,
+	NULL,
+	NULL
+	};
+#endif
+
+#ifndef OPENSSL_NO_DSA
+static DSA_METHOD nuron_dsa =
+	{
+	"Nuron DSA method",
+	NULL, /* dsa_do_sign */
+	NULL, /* dsa_sign_setup */
+	NULL, /* dsa_do_verify */
+	nuron_dsa_mod_exp, /* dsa_mod_exp */
+	nuron_mod_exp_dsa, /* bn_mod_exp */
+	NULL, /* init */
+	NULL, /* finish */
+	0, /* flags */
+	NULL /* app_data */
+	};
+#endif
+
+#ifndef OPENSSL_NO_DH
+static DH_METHOD nuron_dh =
+	{
+	"Nuron DH method",
+	NULL,
+	NULL,
+	nuron_mod_exp_dh,
+	NULL,
+	NULL,
+	0,
+	NULL
+	};
+#endif
+
+/* Constants used when creating the ENGINE */
+static const char *engine_nuron_id = "nuron";
+static const char *engine_nuron_name = "Nuron hardware engine support";
+
+/* This internal function is used by ENGINE_nuron() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+	{
+#ifndef OPENSSL_NO_RSA
+	const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DSA
+	const DSA_METHOD *meth2;
+#endif
+#ifndef OPENSSL_NO_DH
+	const DH_METHOD *meth3;
+#endif
+	if(!ENGINE_set_id(e, engine_nuron_id) ||
+			!ENGINE_set_name(e, engine_nuron_name) ||
+#ifndef OPENSSL_NO_RSA
+			!ENGINE_set_RSA(e, &nuron_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+			!ENGINE_set_DSA(e, &nuron_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+			!ENGINE_set_DH(e, &nuron_dh) ||
+#endif
+			!ENGINE_set_destroy_function(e, nuron_destroy) ||
+			!ENGINE_set_init_function(e, nuron_init) ||
+			!ENGINE_set_finish_function(e, nuron_finish) ||
+			!ENGINE_set_ctrl_function(e, nuron_ctrl) ||
+			!ENGINE_set_cmd_defns(e, nuron_cmd_defns))
+		return 0;
+
+#ifndef OPENSSL_NO_RSA
+	/* We know that the "PKCS1_SSLeay()" functions hook properly
+	 * to the nuron-specific mod_exp and mod_exp_crt so we use
+	 * those functions. NB: We don't use ENGINE_openssl() or
+	 * anything "more generic" because something like the RSAref
+	 * code may not hook properly, and if you own one of these
+	 * cards then you have the right to do RSA operations on it
+	 * anyway! */ 
+	meth1=RSA_PKCS1_SSLeay();
+	nuron_rsa.rsa_pub_enc=meth1->rsa_pub_enc;
+	nuron_rsa.rsa_pub_dec=meth1->rsa_pub_dec;
+	nuron_rsa.rsa_priv_enc=meth1->rsa_priv_enc;
+	nuron_rsa.rsa_priv_dec=meth1->rsa_priv_dec;
+#endif
+
+#ifndef OPENSSL_NO_DSA
+	/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
+	 * bits. */
+	meth2=DSA_OpenSSL();
+	nuron_dsa.dsa_do_sign=meth2->dsa_do_sign;
+	nuron_dsa.dsa_sign_setup=meth2->dsa_sign_setup;
+	nuron_dsa.dsa_do_verify=meth2->dsa_do_verify;
+#endif
+
+#ifndef OPENSSL_NO_DH
+	/* Much the same for Diffie-Hellman */
+	meth3=DH_OpenSSL();
+	nuron_dh.generate_key=meth3->generate_key;
+	nuron_dh.compute_key=meth3->compute_key;
+#endif
+
+	/* Ensure the nuron error handling is set up */
+	ERR_load_NURON_strings();
+	return 1;
+	}
+
+#ifdef OPENSSL_NO_DYNAMIC_ENGINE
+static ENGINE *engine_nuron(void)
+	{
+	ENGINE *ret = ENGINE_new();
+	if(!ret)
+		return NULL;
+	if(!bind_helper(ret))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_nuron(void)
+	{
+	/* Copied from eng_[openssl|dyn].c */
+	ENGINE *toadd = engine_nuron();
+	if(!toadd) return;
+	ENGINE_add(toadd);
+	ENGINE_free(toadd);
+	ERR_clear_error();
+	}
+#endif
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */	   
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_fn(ENGINE *e, const char *id)
+	{
+	if(id && (strcmp(id, engine_nuron_id) != 0))
+		return 0;
+	if(!bind_helper(e))
+		return 0;
+	return 1;
+	}       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+
+#endif /* !OPENSSL_NO_HW_NURON */
+#endif /* !OPENSSL_NO_HW */
diff --git a/engines/e_nuron.ec b/engines/e_nuron.ec
new file mode 100644
index 0000000000..cfa430dfcd
--- /dev/null
+++ b/engines/e_nuron.ec
@@ -0,0 +1 @@
+L NURON		e_nuron_err.h			e_nuron_err.c
diff --git a/engines/e_nuron_err.c b/engines/e_nuron_err.c
new file mode 100644
index 0000000000..739529a1fa
--- /dev/null
+++ b/engines/e_nuron_err.c
@@ -0,0 +1,142 @@
+/* hw_nuron_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_nuron_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA NURON_str_functs[]=
+	{
+{ERR_PACK(0,NURON_F_NURON_CTRL,0),	"NURON_CTRL"},
+{ERR_PACK(0,NURON_F_NURON_FINISH,0),	"NURON_FINISH"},
+{ERR_PACK(0,NURON_F_NURON_INIT,0),	"NURON_INIT"},
+{ERR_PACK(0,NURON_F_NURON_MOD_EXP,0),	"NURON_MOD_EXP"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA NURON_str_reasons[]=
+	{
+{NURON_R_ALREADY_LOADED                  ,"already loaded"},
+{NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED    ,"ctrl command not implemented"},
+{NURON_R_DSO_FAILURE                     ,"dso failure"},
+{NURON_R_DSO_FUNCTION_NOT_FOUND          ,"dso function not found"},
+{NURON_R_DSO_NOT_FOUND                   ,"dso not found"},
+{NURON_R_NOT_LOADED                      ,"not loaded"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef NURON_LIB_NAME
+static ERR_STRING_DATA NURON_lib_name[]=
+        {
+{0	,NURON_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int NURON_lib_error_code=0;
+static int NURON_error_init=1;
+
+static void ERR_load_NURON_strings(void)
+	{
+	if (NURON_lib_error_code == 0)
+		NURON_lib_error_code=ERR_get_next_error_library();
+
+	if (NURON_error_init)
+		{
+		NURON_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(NURON_lib_error_code,NURON_str_functs);
+		ERR_load_strings(NURON_lib_error_code,NURON_str_reasons);
+#endif
+
+#ifdef NURON_LIB_NAME
+		NURON_lib_name->error = ERR_PACK(NURON_lib_error_code,0,0);
+		ERR_load_strings(0,NURON_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_NURON_strings(void)
+	{
+	if (NURON_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(NURON_lib_error_code,NURON_str_functs);
+		ERR_unload_strings(NURON_lib_error_code,NURON_str_reasons);
+#endif
+
+#ifdef NURON_LIB_NAME
+		ERR_unload_strings(0,NURON_lib_name);
+#endif
+		NURON_error_init=1;
+		}
+	}
+
+static void ERR_NURON_error(int function, int reason, char *file, int line)
+	{
+	if (NURON_lib_error_code == 0)
+		NURON_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(NURON_lib_error_code,function,reason,file,line);
+	}
diff --git a/engines/e_nuron_err.h b/engines/e_nuron_err.h
new file mode 100644
index 0000000000..a56bfdf303
--- /dev/null
+++ b/engines/e_nuron_err.h
@@ -0,0 +1,86 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_NURON_ERR_H
+#define HEADER_NURON_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_NURON_strings(void);
+static void ERR_unload_NURON_strings(void);
+static void ERR_NURON_error(int function, int reason, char *file, int line);
+#define NURONerr(f,r) ERR_NURON_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the NURON functions. */
+
+/* Function codes. */
+#define NURON_F_NURON_CTRL				 100
+#define NURON_F_NURON_FINISH				 101
+#define NURON_F_NURON_INIT				 102
+#define NURON_F_NURON_MOD_EXP				 103
+
+/* Reason codes. */
+#define NURON_R_ALREADY_LOADED				 100
+#define NURON_R_CTRL_COMMAND_NOT_IMPLEMENTED		 101
+#define NURON_R_DSO_FAILURE				 102
+#define NURON_R_DSO_FUNCTION_NOT_FOUND			 103
+#define NURON_R_DSO_NOT_FOUND				 104
+#define NURON_R_NOT_LOADED				 105
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/engines/e_sureware.c b/engines/e_sureware.c
new file mode 100644
index 0000000000..270ee0934e
--- /dev/null
+++ b/engines/e_sureware.c
@@ -0,0 +1,1038 @@
+/* Written by Corinne Dive-Reclus(cdive@baltimore.com)
+* 
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions
+* are met:
+*
+* 1. Redistributions of source code must retain the above copyright
+*    notice, this list of conditions and the following disclaimer. 
+*
+* 2. Redistributions in binary form must reproduce the above copyright
+*    notice, this list of conditions and the following disclaimer in
+*    the documentation and/or other materials provided with the
+*    distribution.
+*
+* 3. All advertising materials mentioning features or use of this
+*    software must display the following acknowledgment:
+*    "This product includes software developed by the OpenSSL Project
+*    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+*
+* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+*    endorse or promote products derived from this software without
+*    prior written permission. For written permission, please contact
+*    licensing@OpenSSL.org.
+*
+* 5. Products derived from this software may not be called "OpenSSL"
+*    nor may "OpenSSL" appear in their names without prior written
+*    permission of the OpenSSL Project.
+*
+* 6. Redistributions of any form whatsoever must retain the following
+*    acknowledgment:
+*    "This product includes software developed by the OpenSSL Project
+*    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+*
+* Written by Corinne Dive-Reclus(cdive@baltimore.com)
+*
+* Copyright@2001 Baltimore Technologies Ltd.
+* All right Reserved.
+*																								*	
+*		THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND																			*
+*		ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE					* 
+*		IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE				*
+*		ARE DISCLAIMED.  IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE						*
+*		FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL				*
+*		DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS					*
+*		OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)					*
+*		HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT				*
+*		LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY				*
+*		OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF					*
+*		SUCH DAMAGE.																			*
+====================================================================*/
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_SUREWARE
+
+#ifdef FLAT_INC
+#include "sureware.h"
+#else
+#include "vendor_defns/sureware.h"
+#endif
+
+#define SUREWARE_LIB_NAME "sureware engine"
+#include "e_sureware_err.c"
+
+static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+static int surewarehk_destroy(ENGINE *e);
+static int surewarehk_init(ENGINE *e);
+static int surewarehk_finish(ENGINE *e);
+static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+	const BIGNUM *m, BN_CTX *ctx);
+
+/* RSA stuff */
+static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
+			RSA *rsa,int padding);
+static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
+			    RSA *rsa,int padding);
+
+/* RAND stuff */
+static int surewarehk_rand_bytes(unsigned char *buf, int num);
+static void surewarehk_rand_seed(const void *buf, int num);
+static void surewarehk_rand_add(const void *buf, int num, double entropy);
+
+/* KM stuff */
+static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data);
+static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
+	UI_METHOD *ui_method, void *callback_data);
+static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+	int idx,long argl, void *argp);
+#if 0
+static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+	int idx,long argl, void *argp);
+#endif
+
+#ifndef OPENSSL_NO_RSA
+/* This function is aliased to mod_exp (with the mont stuff dropped). */
+static int surewarehk_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+	return surewarehk_modexp(r, a, p, m, ctx);
+}
+
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD surewarehk_rsa =
+	{
+	"SureWare RSA method",
+	NULL, /* pub_enc*/
+	NULL, /* pub_dec*/
+	surewarehk_rsa_sign, /* our rsa_sign is OpenSSL priv_enc*/
+	surewarehk_rsa_priv_dec, /* priv_dec*/
+	NULL, /*mod_exp*/
+	surewarehk_mod_exp_mont, /*mod_exp_mongomery*/
+	NULL, /* init*/
+	NULL, /* finish*/
+	0,	/* RSA flag*/
+	NULL, 
+	NULL, /* OpenSSL sign*/
+	NULL  /* OpenSSL verify*/
+	};
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int surewarehk_modexp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+	const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+	return surewarehk_modexp(r, a, p, m, ctx);
+}
+
+static DH_METHOD surewarehk_dh =
+	{
+	"SureWare DH method",
+	NULL,/*gen_key*/
+	NULL,/*agree,*/
+	surewarehk_modexp_dh, /*dh mod exp*/
+	NULL, /* init*/
+	NULL, /* finish*/
+	0,    /* flags*/
+	NULL 
+	};
+#endif
+
+static RAND_METHOD surewarehk_rand =
+	{
+	/* "SureWare RAND method", */
+	surewarehk_rand_seed,
+	surewarehk_rand_bytes,
+	NULL,/*cleanup*/
+	surewarehk_rand_add,
+	surewarehk_rand_bytes,
+	NULL,/*rand_status*/
+	};
+
+#ifndef OPENSSL_NO_DSA
+/* DSA stuff */
+static	DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int surewarehk_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+		BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+	BIGNUM t;
+	int to_return = 0;
+	BN_init(&t);
+	/* let rr = a1 ^ p1 mod m */
+	if (!surewarehk_modexp(rr,a1,p1,m,ctx)) goto end;
+	/* let t = a2 ^ p2 mod m */
+	if (!surewarehk_modexp(&t,a2,p2,m,ctx)) goto end;
+	/* let rr = rr * t mod m */
+	if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
+	to_return = 1;
+end:
+	BN_free(&t);
+	return to_return;
+}
+
+static DSA_METHOD surewarehk_dsa =
+	{
+	 "SureWare DSA method", 
+	surewarehk_dsa_do_sign,
+	NULL,/*sign setup*/
+	NULL,/*verify,*/
+	surewarehk_dsa_mod_exp,/*mod exp*/
+	NULL,/*bn mod exp*/
+	NULL, /*init*/
+	NULL,/*finish*/
+	0,
+	NULL,
+	};
+#endif
+
+static const char *engine_sureware_id = "sureware";
+static const char *engine_sureware_name = "SureWare hardware engine support";
+
+/* Now, to our own code */
+
+/* As this is only ever called once, there's no need for locking
+ * (indeed - the lock will already be held by our caller!!!) */
+static int bind_sureware(ENGINE *e)
+{
+#ifndef OPENSSL_NO_RSA
+	const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DSA
+	const DSA_METHOD *meth2;
+#endif
+#ifndef OPENSSL_NO_DH
+	const DH_METHOD *meth3;
+#endif
+
+	if(!ENGINE_set_id(e, engine_sureware_id) ||
+	   !ENGINE_set_name(e, engine_sureware_name) ||
+#ifndef OPENSSL_NO_RSA
+	   !ENGINE_set_RSA(e, &surewarehk_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+	   !ENGINE_set_DSA(e, &surewarehk_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+	   !ENGINE_set_DH(e, &surewarehk_dh) ||
+#endif
+	   !ENGINE_set_RAND(e, &surewarehk_rand) ||
+	   !ENGINE_set_destroy_function(e, surewarehk_destroy) ||
+	   !ENGINE_set_init_function(e, surewarehk_init) ||
+	   !ENGINE_set_finish_function(e, surewarehk_finish) ||
+	   !ENGINE_set_ctrl_function(e, surewarehk_ctrl) ||
+	   !ENGINE_set_load_privkey_function(e, surewarehk_load_privkey) ||
+	   !ENGINE_set_load_pubkey_function(e, surewarehk_load_pubkey))
+	  return 0;
+
+#ifndef OPENSSL_NO_RSA
+	/* We know that the "PKCS1_SSLeay()" functions hook properly
+	 * to the cswift-specific mod_exp and mod_exp_crt so we use
+	 * those functions. NB: We don't use ENGINE_openssl() or
+	 * anything "more generic" because something like the RSAref
+	 * code may not hook properly, and if you own one of these
+	 * cards then you have the right to do RSA operations on it
+	 * anyway! */ 
+	meth1 = RSA_PKCS1_SSLeay();
+	if (meth1)
+	{
+		surewarehk_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+		surewarehk_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+	}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+	/* Use the DSA_OpenSSL() method and just hook the mod_exp-ish
+	 * bits. */
+	meth2 = DSA_OpenSSL();
+	if (meth2)
+	{
+		surewarehk_dsa.dsa_do_verify = meth2->dsa_do_verify;
+	}
+#endif
+
+#ifndef OPENSSL_NO_DH
+	/* Much the same for Diffie-Hellman */
+	meth3 = DH_OpenSSL();
+	if (meth3)
+	{
+		surewarehk_dh.generate_key = meth3->generate_key;
+		surewarehk_dh.compute_key = meth3->compute_key;
+	}
+#endif
+
+	/* Ensure the sureware error handling is set up */
+	ERR_load_SUREWARE_strings();
+	return 1;
+}
+
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_helper(ENGINE *e, const char *id)
+	{
+	if(id && (strcmp(id, engine_sureware_id) != 0))
+		return 0;
+	if(!bind_sureware(e))
+		return 0;
+	return 1;
+	}       
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+#else
+static ENGINE *engine_sureware(void)
+	{
+	ENGINE *ret = ENGINE_new();
+	if(!ret)
+		return NULL;
+	if(!bind_sureware(ret))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_sureware(void)
+	{
+	/* Copied from eng_[openssl|dyn].c */
+	ENGINE *toadd = engine_sureware();
+	if(!toadd) return;
+	ENGINE_add(toadd);
+	ENGINE_free(toadd);
+	ERR_clear_error();
+	}
+#endif
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the SureWareHook library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+static DSO *surewarehk_dso = NULL;
+#ifndef OPENSSL_NO_RSA
+static int rsaHndidx = -1;	/* Index for KM handle.  Not really used yet. */
+#endif
+#ifndef OPENSSL_NO_DSA
+static int dsaHndidx = -1;	/* Index for KM handle.  Not really used yet. */
+#endif
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+static SureWareHook_Init_t *p_surewarehk_Init = NULL;
+static SureWareHook_Finish_t *p_surewarehk_Finish = NULL;
+static SureWareHook_Rand_Bytes_t *p_surewarehk_Rand_Bytes = NULL;
+static SureWareHook_Rand_Seed_t *p_surewarehk_Rand_Seed = NULL;
+static SureWareHook_Load_Privkey_t *p_surewarehk_Load_Privkey = NULL;
+static SureWareHook_Info_Pubkey_t *p_surewarehk_Info_Pubkey = NULL;
+static SureWareHook_Load_Rsa_Pubkey_t *p_surewarehk_Load_Rsa_Pubkey = NULL;
+static SureWareHook_Load_Dsa_Pubkey_t *p_surewarehk_Load_Dsa_Pubkey = NULL;
+static SureWareHook_Free_t *p_surewarehk_Free=NULL;
+static SureWareHook_Rsa_Priv_Dec_t *p_surewarehk_Rsa_Priv_Dec=NULL;
+static SureWareHook_Rsa_Sign_t *p_surewarehk_Rsa_Sign=NULL;
+static SureWareHook_Dsa_Sign_t *p_surewarehk_Dsa_Sign=NULL;
+static SureWareHook_Mod_Exp_t *p_surewarehk_Mod_Exp=NULL;
+
+/* Used in the DSO operations. */
+static const char *surewarehk_LIBNAME = "SureWareHook";
+static const char *n_surewarehk_Init = "SureWareHook_Init";
+static const char *n_surewarehk_Finish = "SureWareHook_Finish";
+static const char *n_surewarehk_Rand_Bytes="SureWareHook_Rand_Bytes";
+static const char *n_surewarehk_Rand_Seed="SureWareHook_Rand_Seed";
+static const char *n_surewarehk_Load_Privkey="SureWareHook_Load_Privkey";
+static const char *n_surewarehk_Info_Pubkey="SureWareHook_Info_Pubkey";
+static const char *n_surewarehk_Load_Rsa_Pubkey="SureWareHook_Load_Rsa_Pubkey";
+static const char *n_surewarehk_Load_Dsa_Pubkey="SureWareHook_Load_Dsa_Pubkey";
+static const char *n_surewarehk_Free="SureWareHook_Free";
+static const char *n_surewarehk_Rsa_Priv_Dec="SureWareHook_Rsa_Priv_Dec";
+static const char *n_surewarehk_Rsa_Sign="SureWareHook_Rsa_Sign";
+static const char *n_surewarehk_Dsa_Sign="SureWareHook_Dsa_Sign";
+static const char *n_surewarehk_Mod_Exp="SureWareHook_Mod_Exp";
+static BIO *logstream = NULL;
+
+/* SureWareHook library functions and mechanics - these are used by the
+ * higher-level functions further down. NB: As and where there's no
+ * error checking, take a look lower down where these functions are
+ * called, the checking and error handling is probably down there. 
+*/
+static int threadsafe=1;
+static int surewarehk_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+{
+	int to_return = 1;
+
+	switch(cmd)
+	{
+		case ENGINE_CTRL_SET_LOGSTREAM:
+		{
+			BIO *bio = (BIO *)p;
+			CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+			if (logstream)
+			{
+				BIO_free(logstream);
+				logstream = NULL;
+			}
+			if (CRYPTO_add(&bio->references,1,CRYPTO_LOCK_BIO) > 1)
+				logstream = bio;
+			else
+				SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,SUREWARE_R_BIO_WAS_FREED);
+		}
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		break;
+	/* This will prevent the initialisation function from "installing"
+	 * the mutex-handling callbacks, even if they are available from
+	 * within the library (or were provided to the library from the
+	 * calling application). This is to remove any baggage for
+	 * applications not using multithreading. */
+	case ENGINE_CTRL_CHIL_NO_LOCKING:
+		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+		threadsafe = 0;
+		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+		break;
+
+	/* The command isn't understood by this engine */
+	default:
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_CTRL,
+			ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+		to_return = 0;
+		break;
+		}
+
+	return to_return;
+}
+
+/* Destructor (complements the "ENGINE_surewarehk()" constructor) */
+static int surewarehk_destroy(ENGINE *e)
+{
+	ERR_unload_SUREWARE_strings();
+	return 1;
+}
+
+/* (de)initialisation functions. */
+static int surewarehk_init(ENGINE *e)
+{
+	char msg[64]="ENGINE_init";
+	SureWareHook_Init_t *p1=NULL;
+	SureWareHook_Finish_t *p2=NULL;
+	SureWareHook_Rand_Bytes_t *p3=NULL;
+	SureWareHook_Rand_Seed_t *p4=NULL;
+	SureWareHook_Load_Privkey_t *p5=NULL;
+	SureWareHook_Load_Rsa_Pubkey_t *p6=NULL;
+	SureWareHook_Free_t *p7=NULL;
+	SureWareHook_Rsa_Priv_Dec_t *p8=NULL;
+	SureWareHook_Rsa_Sign_t *p9=NULL;
+	SureWareHook_Dsa_Sign_t *p12=NULL;
+	SureWareHook_Info_Pubkey_t *p13=NULL;
+	SureWareHook_Load_Dsa_Pubkey_t *p14=NULL;
+	SureWareHook_Mod_Exp_t *p15=NULL;
+
+	if(surewarehk_dso != NULL)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_ALREADY_LOADED);
+		goto err;
+	}
+	/* Attempt to load libsurewarehk.so/surewarehk.dll/whatever. */
+	surewarehk_dso = DSO_load(NULL, surewarehk_LIBNAME, NULL, 0);
+	if(surewarehk_dso == NULL)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
+		goto err;
+	}
+	if(!(p1=(SureWareHook_Init_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Init)) ||
+	   !(p2=(SureWareHook_Finish_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Finish)) ||
+	   !(p3=(SureWareHook_Rand_Bytes_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Bytes)) ||
+	   !(p4=(SureWareHook_Rand_Seed_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rand_Seed)) ||
+	   !(p5=(SureWareHook_Load_Privkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Privkey)) ||
+	   !(p6=(SureWareHook_Load_Rsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Rsa_Pubkey)) ||
+	   !(p7=(SureWareHook_Free_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Free)) ||
+	   !(p8=(SureWareHook_Rsa_Priv_Dec_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Priv_Dec)) ||
+	   !(p9=(SureWareHook_Rsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Rsa_Sign)) ||
+	   !(p12=(SureWareHook_Dsa_Sign_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Dsa_Sign)) ||
+	   !(p13=(SureWareHook_Info_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Info_Pubkey)) ||
+	   !(p14=(SureWareHook_Load_Dsa_Pubkey_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Load_Dsa_Pubkey)) ||
+	   !(p15=(SureWareHook_Mod_Exp_t*)DSO_bind_func(surewarehk_dso, n_surewarehk_Mod_Exp)))
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,ENGINE_R_DSO_FAILURE);
+		goto err;
+	}
+	/* Copy the pointers */
+	p_surewarehk_Init = p1;
+	p_surewarehk_Finish = p2;
+	p_surewarehk_Rand_Bytes = p3;
+	p_surewarehk_Rand_Seed = p4;
+	p_surewarehk_Load_Privkey = p5;
+	p_surewarehk_Load_Rsa_Pubkey = p6;
+	p_surewarehk_Free = p7;
+	p_surewarehk_Rsa_Priv_Dec = p8;
+	p_surewarehk_Rsa_Sign = p9;
+	p_surewarehk_Dsa_Sign = p12;
+	p_surewarehk_Info_Pubkey = p13;
+	p_surewarehk_Load_Dsa_Pubkey = p14;
+	p_surewarehk_Mod_Exp = p15;
+	/* Contact the hardware and initialises it. */
+	if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
+		goto err;
+	}
+	if(p_surewarehk_Init(msg,threadsafe)==SUREWAREHOOK_ERROR_UNIT_FAILURE)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_INIT,SUREWARE_R_UNIT_FAILURE);
+		goto err;
+	}
+	/* try to load the default private key, if failed does not return a failure but
+           wait for an explicit ENGINE_load_privakey */
+	surewarehk_load_privkey(e,NULL,NULL,NULL);
+
+	/* Everything's fine. */
+#ifndef OPENSSL_NO_RSA
+	if (rsaHndidx == -1)
+		rsaHndidx = RSA_get_ex_new_index(0,
+						"SureWareHook RSA key handle",
+						NULL, NULL, surewarehk_ex_free);
+#endif
+#ifndef OPENSSL_NO_DSA
+	if (dsaHndidx == -1)
+		dsaHndidx = DSA_get_ex_new_index(0,
+						"SureWareHook DSA key handle",
+						NULL, NULL, surewarehk_ex_free);
+#endif
+
+	return 1;
+err:
+	if(surewarehk_dso)
+		DSO_free(surewarehk_dso);
+	surewarehk_dso = NULL;
+	p_surewarehk_Init = NULL;
+	p_surewarehk_Finish = NULL;
+	p_surewarehk_Rand_Bytes = NULL;
+	p_surewarehk_Rand_Seed = NULL;
+	p_surewarehk_Load_Privkey = NULL;
+	p_surewarehk_Load_Rsa_Pubkey = NULL;
+	p_surewarehk_Free = NULL;
+	p_surewarehk_Rsa_Priv_Dec = NULL;
+	p_surewarehk_Rsa_Sign = NULL;
+	p_surewarehk_Dsa_Sign = NULL;
+	p_surewarehk_Info_Pubkey = NULL;
+	p_surewarehk_Load_Dsa_Pubkey = NULL;
+	p_surewarehk_Mod_Exp = NULL;
+	return 0;
+}
+
+static int surewarehk_finish(ENGINE *e)
+{
+	int to_return = 1;
+	if(surewarehk_dso == NULL)
+		{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_NOT_LOADED);
+		to_return = 0;
+		goto err;
+		}
+	p_surewarehk_Finish();
+	if(!DSO_free(surewarehk_dso))
+		{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_FINISH,ENGINE_R_DSO_FAILURE);
+		to_return = 0;
+		goto err;
+		}
+ err:
+	if (logstream)
+		BIO_free(logstream);
+	surewarehk_dso = NULL;
+	p_surewarehk_Init = NULL;
+	p_surewarehk_Finish = NULL;
+	p_surewarehk_Rand_Bytes = NULL;
+	p_surewarehk_Rand_Seed = NULL;
+	p_surewarehk_Load_Privkey = NULL;
+	p_surewarehk_Load_Rsa_Pubkey = NULL;
+	p_surewarehk_Free = NULL;
+	p_surewarehk_Rsa_Priv_Dec = NULL;
+	p_surewarehk_Rsa_Sign = NULL;
+	p_surewarehk_Dsa_Sign = NULL;
+	p_surewarehk_Info_Pubkey = NULL;
+	p_surewarehk_Load_Dsa_Pubkey = NULL;
+	p_surewarehk_Mod_Exp = NULL;
+	return to_return;
+}
+
+static void surewarehk_error_handling(char *const msg,int func,int ret)
+{
+	switch (ret)
+	{
+		case SUREWAREHOOK_ERROR_UNIT_FAILURE:
+			ENGINEerr(func,SUREWARE_R_UNIT_FAILURE);
+			break;
+		case SUREWAREHOOK_ERROR_FALLBACK:
+			ENGINEerr(func,SUREWARE_R_REQUEST_FALLBACK);
+			break;
+		case SUREWAREHOOK_ERROR_DATA_SIZE:
+			ENGINEerr(func,SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+			break;
+		case SUREWAREHOOK_ERROR_INVALID_PAD:
+			ENGINEerr(func,RSA_R_PADDING_CHECK_FAILED);
+			break;
+		default:
+			ENGINEerr(func,SUREWARE_R_REQUEST_FAILED);
+			break;
+		case 1:/*nothing*/
+			msg[0]='\0';
+	}
+	if (*msg)
+	{
+		ERR_add_error_data(1,msg);
+		if (logstream)
+		{
+			CRYPTO_w_lock(CRYPTO_LOCK_BIO);
+			BIO_write(logstream, msg, strlen(msg));
+			CRYPTO_w_unlock(CRYPTO_LOCK_BIO);
+		}
+	}
+}
+
+static int surewarehk_rand_bytes(unsigned char *buf, int num)
+{
+	int ret=0;
+	char msg[64]="ENGINE_rand_bytes";
+	if(!p_surewarehk_Rand_Bytes)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_BYTES,ENGINE_R_NOT_INITIALISED);
+	}
+	else
+	{
+		ret = p_surewarehk_Rand_Bytes(msg,buf, num);
+		surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_BYTES,ret);
+	}
+	return ret==1 ? 1 : 0;
+}
+
+static void surewarehk_rand_seed(const void *buf, int num)
+{
+	int ret=0;
+	char msg[64]="ENGINE_rand_seed";
+	if(!p_surewarehk_Rand_Seed)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_RAND_SEED,ENGINE_R_NOT_INITIALISED);
+	}
+	else
+	{
+		ret = p_surewarehk_Rand_Seed(msg,buf, num);
+		surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RAND_SEED,ret);
+	}
+}
+
+static void surewarehk_rand_add(const void *buf, int num, double entropy)
+{
+	surewarehk_rand_seed(buf,num);
+}
+
+static EVP_PKEY* sureware_load_public(ENGINE *e,const char *key_id,char *hptr,unsigned long el,char keytype)
+{
+	EVP_PKEY *res = NULL;
+#ifndef OPENSSL_NO_RSA
+	RSA *rsatmp = NULL;
+#endif
+#ifndef OPENSSL_NO_DSA
+	DSA *dsatmp=NULL;
+#endif
+	char msg[64]="sureware_load_public";
+	int ret=0;
+	if(!p_surewarehk_Load_Rsa_Pubkey || !p_surewarehk_Load_Dsa_Pubkey)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_NOT_INITIALISED);
+		goto err;
+	}
+	switch (keytype)
+	{
+#ifndef OPENSSL_NO_RSA
+	case 1: /*RSA*/
+		/* set private external reference */
+		rsatmp = RSA_new_method(e);
+		RSA_set_ex_data(rsatmp,rsaHndidx,hptr);
+		rsatmp->flags |= RSA_FLAG_EXT_PKEY;
+
+		/* set public big nums*/
+		rsatmp->e = BN_new();
+		rsatmp->n = BN_new();
+		bn_expand2(rsatmp->e, el/sizeof(BN_ULONG));
+		bn_expand2(rsatmp->n, el/sizeof(BN_ULONG));
+		if (!rsatmp->e || rsatmp->e->dmax!=(int)(el/sizeof(BN_ULONG))|| 
+			!rsatmp->n || rsatmp->n->dmax!=(int)(el/sizeof(BN_ULONG)))
+			goto err;
+		ret=p_surewarehk_Load_Rsa_Pubkey(msg,key_id,el,
+						 (unsigned long *)rsatmp->n->d,
+						 (unsigned long *)rsatmp->e->d);
+		surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret);
+		if (ret!=1)
+		{
+			SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+			goto err;
+		}
+		/* normalise pub e and pub n */
+		rsatmp->e->top=el/sizeof(BN_ULONG);
+		bn_fix_top(rsatmp->e);
+		rsatmp->n->top=el/sizeof(BN_ULONG);
+		bn_fix_top(rsatmp->n);
+		/* create an EVP object: engine + rsa key */
+		res = EVP_PKEY_new();
+		EVP_PKEY_assign_RSA(res, rsatmp);
+		break;
+#endif
+
+#ifndef OPENSSL_NO_DSA
+	case 2:/*DSA*/
+		/* set private/public external reference */
+		dsatmp = DSA_new_method(e);
+		DSA_set_ex_data(dsatmp,dsaHndidx,hptr);
+		/*dsatmp->flags |= DSA_FLAG_EXT_PKEY;*/
+
+		/* set public key*/
+		dsatmp->pub_key = BN_new();
+		dsatmp->p = BN_new();
+		dsatmp->q = BN_new();
+		dsatmp->g = BN_new();
+		bn_expand2(dsatmp->pub_key, el/sizeof(BN_ULONG));
+		bn_expand2(dsatmp->p, el/sizeof(BN_ULONG));
+		bn_expand2(dsatmp->q, 20/sizeof(BN_ULONG));
+		bn_expand2(dsatmp->g, el/sizeof(BN_ULONG));
+		if (!dsatmp->pub_key || dsatmp->pub_key->dmax!=(int)(el/sizeof(BN_ULONG))|| 
+			!dsatmp->p || dsatmp->p->dmax!=(int)(el/sizeof(BN_ULONG)) ||
+			!dsatmp->q || dsatmp->q->dmax!=20/sizeof(BN_ULONG) ||
+			!dsatmp->g || dsatmp->g->dmax!=(int)(el/sizeof(BN_ULONG)))
+			goto err;
+
+		ret=p_surewarehk_Load_Dsa_Pubkey(msg,key_id,el,
+						 (unsigned long *)dsatmp->pub_key->d, 
+						 (unsigned long *)dsatmp->p->d,
+						 (unsigned long *)dsatmp->q->d,
+						 (unsigned long *)dsatmp->g->d);
+		surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ret);
+		if (ret!=1)
+		{
+			SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+			goto err;
+		}
+		/* set parameters */
+		/* normalise pubkey and parameters in case of */
+		dsatmp->pub_key->top=el/sizeof(BN_ULONG);
+		bn_fix_top(dsatmp->pub_key);
+		dsatmp->p->top=el/sizeof(BN_ULONG);
+		bn_fix_top(dsatmp->p);
+		dsatmp->q->top=20/sizeof(BN_ULONG);
+		bn_fix_top(dsatmp->q);
+		dsatmp->g->top=el/sizeof(BN_ULONG);
+		bn_fix_top(dsatmp->g);
+
+		/* create an EVP object: engine + rsa key */
+		res = EVP_PKEY_new();
+		EVP_PKEY_assign_DSA(res, dsatmp);
+		break;
+#endif
+
+	default:
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+		goto err;
+	}
+	return res;
+ err:
+	if (res)
+		EVP_PKEY_free(res);
+#ifndef OPENSSL_NO_RSA
+	if (rsatmp)
+		RSA_free(rsatmp);
+#endif
+#ifndef OPENSSL_NO_DSA
+	if (dsatmp)
+		DSA_free(dsatmp);
+#endif
+	return NULL;
+}
+
+static EVP_PKEY *surewarehk_load_privkey(ENGINE *e, const char *key_id,
+					 UI_METHOD *ui_method, void *callback_data)
+{
+	EVP_PKEY *res = NULL;
+	int ret=0;
+	unsigned long el=0;
+	char *hptr=NULL;
+	char keytype=0;
+	char msg[64]="ENGINE_load_privkey";
+
+	if(!p_surewarehk_Load_Privkey)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_NOT_INITIALISED);
+	}
+	else
+	{
+		ret=p_surewarehk_Load_Privkey(msg,key_id,&hptr,&el,&keytype);
+		if (ret!=1)
+		{
+			SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+			ERR_add_error_data(1,msg);		
+		}
+		else
+			res=sureware_load_public(e,key_id,hptr,el,keytype);
+	}
+	return res;
+}
+
+static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id,
+					 UI_METHOD *ui_method, void *callback_data)
+{
+	EVP_PKEY *res = NULL;
+	int ret=0;
+	unsigned long el=0;
+	char *hptr=NULL;
+	char keytype=0;
+	char msg[64]="ENGINE_load_pubkey";
+
+	if(!p_surewarehk_Info_Pubkey)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_NOT_INITIALISED);
+	}
+	else
+	{
+		/* call once to identify if DSA or RSA */
+		ret=p_surewarehk_Info_Pubkey(msg,key_id,&el,&keytype);
+		if (ret!=1)
+		{
+			SUREWAREerr(SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+			ERR_add_error_data(1,msg);
+		}
+		else
+			res=sureware_load_public(e,key_id,hptr,el,keytype);
+	}
+	return res;
+}
+
+/* This cleans up an RSA/DSA KM key(do not destroy the key into the hardware)
+, called when ex_data is freed */
+static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+	int idx,long argl, void *argp)
+{
+	if(!p_surewarehk_Free)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
+	}
+	else
+		p_surewarehk_Free((char *)item,0);
+}
+
+#if 0
+/* not currently used (bug?) */
+/* This cleans up an DH KM key (destroys the key into hardware), 
+called when ex_data is freed */
+static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad,
+	int idx,long argl, void *argp)
+{
+	if(!p_surewarehk_Free)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_EX_FREE,ENGINE_R_NOT_INITIALISED);
+	}
+	else
+		p_surewarehk_Free((char *)item,1);
+}
+#endif
+
+/*
+* return number of decrypted bytes
+*/
+#ifndef OPENSSL_NO_RSA
+static int surewarehk_rsa_priv_dec(int flen,const unsigned char *from,unsigned char *to,
+			RSA *rsa,int padding)
+{
+	int ret=0,tlen;
+	char *buf=NULL,*hptr=NULL;
+	char msg[64]="ENGINE_rsa_priv_dec";
+	if (!p_surewarehk_Rsa_Priv_Dec)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ENGINE_R_NOT_INITIALISED);
+	}
+	/* extract ref to private key */
+	else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,SUREWARE_R_MISSING_KEY_COMPONENTS);
+		goto err;
+	}
+	/* analyse what padding we can do into the hardware */
+	if (padding==RSA_PKCS1_PADDING)
+	{
+		/* do it one shot */
+		ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
+		surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
+		if (ret!=1)
+			goto err;
+		ret=tlen;
+	}
+	else /* do with no padding into hardware */
+	{
+		ret=p_surewarehk_Rsa_Priv_Dec(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_NO_PAD);
+		surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ret);
+		if (ret!=1)
+			goto err;
+		/* intermediate buffer for padding */
+		if ((buf=OPENSSL_malloc(tlen)) == NULL)
+		{
+			RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+		memcpy(buf,to,tlen);/* transfert to into buf */
+		switch (padding) /* check padding in software */
+		{
+#ifndef OPENSSL_NO_SHA
+		case RSA_PKCS1_OAEP_PADDING:
+			ret=RSA_padding_check_PKCS1_OAEP(to,tlen,(unsigned char *)buf,tlen,tlen,NULL,0);
+			break;
+#endif
+ 		case RSA_SSLV23_PADDING:
+			ret=RSA_padding_check_SSLv23(to,tlen,(unsigned char *)buf,flen,tlen);
+			break;
+		case RSA_NO_PADDING:
+			ret=RSA_padding_check_none(to,tlen,(unsigned char *)buf,flen,tlen);
+			break;
+		default:
+			RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,RSA_R_UNKNOWN_PADDING_TYPE);
+			goto err;
+		}
+		if (ret < 0)
+			RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,RSA_R_PADDING_CHECK_FAILED);
+	}
+err:
+	if (buf)
+	{
+		OPENSSL_cleanse(buf,tlen);
+		OPENSSL_free(buf);
+	}
+	return ret;
+}
+
+/*
+* Does what OpenSSL rsa_priv_enc does.
+*/
+static int surewarehk_rsa_sign(int flen,const unsigned char *from,unsigned char *to,
+			    RSA *rsa,int padding)
+{
+	int ret=0,tlen;
+	char *hptr=NULL;
+	char msg[64]="ENGINE_rsa_sign";
+	if (!p_surewarehk_Rsa_Sign)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,ENGINE_R_NOT_INITIALISED);
+	}
+	/* extract ref to private key */
+	else if (!(hptr=RSA_get_ex_data(rsa, rsaHndidx)))
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,SUREWARE_R_MISSING_KEY_COMPONENTS);
+	}
+	else
+	{
+		switch (padding)
+		{
+		case RSA_PKCS1_PADDING: /* do it in one shot */
+			ret=p_surewarehk_Rsa_Sign(msg,flen,(unsigned char *)from,&tlen,to,hptr,SUREWARE_PKCS1_PAD);
+			surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,ret);
+			break;
+		case RSA_NO_PADDING:
+		default:
+			RSAerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,RSA_R_UNKNOWN_PADDING_TYPE);
+		}
+	}
+	return ret==1 ? tlen : ret;
+}
+
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* DSA sign and verify */
+static	DSA_SIG * surewarehk_dsa_do_sign(const unsigned char *from, int flen, DSA *dsa)
+{
+	int ret=0;
+	char *hptr=NULL;
+	DSA_SIG *psign=NULL;
+	char msg[64]="ENGINE_dsa_do_sign";
+	if (!p_surewarehk_Dsa_Sign)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ENGINE_R_NOT_INITIALISED);
+	}
+	/* extract ref to private key */
+	else if (!(hptr=DSA_get_ex_data(dsa, dsaHndidx)))
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,SUREWARE_R_MISSING_KEY_COMPONENTS);
+	}
+	else
+	{
+		if((psign = DSA_SIG_new()) == NULL)
+		{
+			SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+		psign->r=BN_new();
+		psign->s=BN_new();
+		bn_expand2(psign->r, 20/sizeof(BN_ULONG));
+		bn_expand2(psign->s, 20/sizeof(BN_ULONG));
+		if (!psign->r || psign->r->dmax!=20/sizeof(BN_ULONG) ||
+			!psign->s || psign->s->dmax!=20/sizeof(BN_ULONG))
+			goto err;
+		ret=p_surewarehk_Dsa_Sign(msg,flen,from,
+					  (unsigned long *)psign->r->d,
+					  (unsigned long *)psign->s->d,
+					  hptr);
+		surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,ret);
+	}
+	psign->r->top=20/sizeof(BN_ULONG);
+	bn_fix_top(psign->r);
+	psign->s->top=20/sizeof(BN_ULONG);
+	bn_fix_top(psign->s);
+
+err:	
+	if (psign)
+	{
+		DSA_SIG_free(psign);
+		psign=NULL;
+	}
+	return psign;
+}
+#endif
+
+static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			     const BIGNUM *m, BN_CTX *ctx)
+{
+	int ret=0;
+	char msg[64]="ENGINE_modexp";
+	if (!p_surewarehk_Mod_Exp)
+	{
+		SUREWAREerr(SUREWARE_F_SUREWAREHK_MOD_EXP,ENGINE_R_NOT_INITIALISED);
+	}
+	else
+	{
+		bn_expand2(r,m->top);
+		if (r && r->dmax==m->top)
+		{
+			/* do it*/
+			ret=p_surewarehk_Mod_Exp(msg,
+						 m->top*sizeof(BN_ULONG),
+						 (unsigned long *)m->d,
+						 p->top*sizeof(BN_ULONG),
+						 (unsigned long *)p->d,
+						 a->top*sizeof(BN_ULONG),
+						 (unsigned long *)a->d,
+						 (unsigned long *)r->d);
+			surewarehk_error_handling(msg,SUREWARE_F_SUREWAREHK_MOD_EXP,ret);
+			if (ret==1)
+			{
+				/* normalise result */
+				r->top=m->top;
+				bn_fix_top(r);
+			}
+		}
+	}
+	return ret;
+}
+#endif /* !OPENSSL_NO_HW_SureWare */
+#endif /* !OPENSSL_NO_HW */
diff --git a/engines/e_sureware.ec b/engines/e_sureware.ec
new file mode 100644
index 0000000000..3d266b8b7c
--- /dev/null
+++ b/engines/e_sureware.ec
@@ -0,0 +1 @@
+L SUREWARE	e_sureware_err.h		e_sureware_err.c
diff --git a/engines/e_sureware_err.c b/engines/e_sureware_err.c
new file mode 100644
index 0000000000..3ca03367b2
--- /dev/null
+++ b/engines/e_sureware_err.c
@@ -0,0 +1,150 @@
+/* hw_sureware_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_sureware_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA SUREWARE_str_functs[]=
+	{
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_CTRL,0),	"SUREWAREHK_CTRL"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_DSA_DO_SIGN,0),	"SUREWAREHK_DSA_DO_SIGN"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_EX_FREE,0),	"SUREWAREHK_EX_FREE"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_FINISH,0),	"SUREWAREHK_FINISH"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_INIT,0),	"SUREWAREHK_INIT"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY,0),	"SUREWAREHK_LOAD_PRIVATE_KEY"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY,0),	"SUREWAREHK_LOAD_PUBLIC_KEY"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_MOD_EXP,0),	"SUREWAREHK_MOD_EXP"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RAND_BYTES,0),	"SUREWAREHK_RAND_BYTES"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RAND_SEED,0),	"SUREWAREHK_RAND_SEED"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC,0),	"SUREWAREHK_RSA_PRIV_DEC"},
+{ERR_PACK(0,SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC,0),	"SUREWAREHK_RSA_PRIV_ENC"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA SUREWARE_str_reasons[]=
+	{
+{SUREWARE_R_BIO_WAS_FREED                ,"bio was freed"},
+{SUREWARE_R_MISSING_KEY_COMPONENTS       ,"missing key components"},
+{SUREWARE_R_REQUEST_FAILED               ,"request failed"},
+{SUREWARE_R_REQUEST_FALLBACK             ,"request fallback"},
+{SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL  ,"size too large or too small"},
+{SUREWARE_R_UNIT_FAILURE                 ,"unit failure"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef SUREWARE_LIB_NAME
+static ERR_STRING_DATA SUREWARE_lib_name[]=
+        {
+{0	,SUREWARE_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int SUREWARE_lib_error_code=0;
+static int SUREWARE_error_init=1;
+
+static void ERR_load_SUREWARE_strings(void)
+	{
+	if (SUREWARE_lib_error_code == 0)
+		SUREWARE_lib_error_code=ERR_get_next_error_library();
+
+	if (SUREWARE_error_init)
+		{
+		SUREWARE_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(SUREWARE_lib_error_code,SUREWARE_str_functs);
+		ERR_load_strings(SUREWARE_lib_error_code,SUREWARE_str_reasons);
+#endif
+
+#ifdef SUREWARE_LIB_NAME
+		SUREWARE_lib_name->error = ERR_PACK(SUREWARE_lib_error_code,0,0);
+		ERR_load_strings(0,SUREWARE_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_SUREWARE_strings(void)
+	{
+	if (SUREWARE_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(SUREWARE_lib_error_code,SUREWARE_str_functs);
+		ERR_unload_strings(SUREWARE_lib_error_code,SUREWARE_str_reasons);
+#endif
+
+#ifdef SUREWARE_LIB_NAME
+		ERR_unload_strings(0,SUREWARE_lib_name);
+#endif
+		SUREWARE_error_init=1;
+		}
+	}
+
+static void ERR_SUREWARE_error(int function, int reason, char *file, int line)
+	{
+	if (SUREWARE_lib_error_code == 0)
+		SUREWARE_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(SUREWARE_lib_error_code,function,reason,file,line);
+	}
diff --git a/engines/e_sureware_err.h b/engines/e_sureware_err.h
new file mode 100644
index 0000000000..bc52af5e05
--- /dev/null
+++ b/engines/e_sureware_err.h
@@ -0,0 +1,94 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_SUREWARE_ERR_H
+#define HEADER_SUREWARE_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_SUREWARE_strings(void);
+static void ERR_unload_SUREWARE_strings(void);
+static void ERR_SUREWARE_error(int function, int reason, char *file, int line);
+#define SUREWAREerr(f,r) ERR_SUREWARE_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the SUREWARE functions. */
+
+/* Function codes. */
+#define SUREWARE_F_SUREWAREHK_CTRL			 100
+#define SUREWARE_F_SUREWAREHK_DSA_DO_SIGN		 101
+#define SUREWARE_F_SUREWAREHK_EX_FREE			 102
+#define SUREWARE_F_SUREWAREHK_FINISH			 103
+#define SUREWARE_F_SUREWAREHK_INIT			 104
+#define SUREWARE_F_SUREWAREHK_LOAD_PRIVATE_KEY		 105
+#define SUREWARE_F_SUREWAREHK_LOAD_PUBLIC_KEY		 106
+#define SUREWARE_F_SUREWAREHK_MOD_EXP			 107
+#define SUREWARE_F_SUREWAREHK_RAND_BYTES		 108
+#define SUREWARE_F_SUREWAREHK_RAND_SEED			 109
+#define SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC		 110
+#define SUREWARE_F_SUREWAREHK_RSA_PRIV_ENC		 111
+
+/* Reason codes. */
+#define SUREWARE_R_BIO_WAS_FREED			 100
+#define SUREWARE_R_MISSING_KEY_COMPONENTS		 105
+#define SUREWARE_R_REQUEST_FAILED			 101
+#define SUREWARE_R_REQUEST_FALLBACK			 102
+#define SUREWARE_R_SIZE_TOO_LARGE_OR_TOO_SMALL		 103
+#define SUREWARE_R_UNIT_FAILURE				 104
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c
new file mode 100644
index 0000000000..c5d1f5829a
--- /dev/null
+++ b/engines/e_ubsec.c
@@ -0,0 +1,1062 @@
+/* crypto/engine/hw_ubsec.c */
+/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
+ * project 2000.
+ *
+ * Cloned shamelessly by Joe Tardo. 
+ */
+/* ====================================================================
+ * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/dso.h>
+#include <openssl/engine.h>
+
+#ifndef OPENSSL_NO_HW
+#ifndef OPENSSL_NO_HW_UBSEC
+
+#ifdef FLAT_INC
+#include "hw_ubsec.h"
+#else
+#include "vendor_defns/hw_ubsec.h"
+#endif
+
+#define UBSEC_LIB_NAME "ubsec engine"
+#include "e_ubsec_err.c"
+
+#define FAIL_TO_SOFTWARE -15
+
+static int ubsec_destroy(ENGINE *e);
+static int ubsec_init(ENGINE *e);
+static int ubsec_finish(ENGINE *e);
+static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)());
+static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx);
+static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			const BIGNUM *q, const BIGNUM *dp,
+			const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx);
+#ifndef OPENSSL_NO_RSA
+static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa);
+#endif
+static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+#ifndef OPENSSL_NO_DSA
+#ifdef NOT_USED
+static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+		BN_CTX *ctx, BN_MONT_CTX *in_mont);
+static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx);
+#endif
+static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
+                                DSA_SIG *sig, DSA *dsa);
+#endif
+#ifndef OPENSSL_NO_DH
+static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx);
+static int ubsec_dh_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh);
+static int ubsec_dh_generate_key(DH *dh);
+#endif
+
+#ifdef NOT_USED
+static int ubsec_rand_bytes(unsigned char *buf, int num);
+static int ubsec_rand_status(void);
+#endif
+
+#define UBSEC_CMD_SO_PATH		ENGINE_CMD_BASE
+static const ENGINE_CMD_DEFN ubsec_cmd_defns[] = {
+	{UBSEC_CMD_SO_PATH,
+		"SO_PATH",
+		"Specifies the path to the 'ubsec' shared library",
+		ENGINE_CMD_FLAG_STRING},
+	{0, NULL, NULL, 0}
+	};
+
+#ifndef OPENSSL_NO_RSA
+/* Our internal RSA_METHOD that we provide pointers to */
+static RSA_METHOD ubsec_rsa =
+	{
+	"UBSEC RSA method",
+	NULL,
+	NULL,
+	NULL,
+	NULL,
+	ubsec_rsa_mod_exp,
+	ubsec_mod_exp_mont,
+	NULL,
+	NULL,
+	0,
+	NULL,
+	NULL,
+	NULL
+	};
+#endif
+
+#ifndef OPENSSL_NO_DSA
+/* Our internal DSA_METHOD that we provide pointers to */
+static DSA_METHOD ubsec_dsa =
+	{
+	"UBSEC DSA method",
+	ubsec_dsa_do_sign, /* dsa_do_sign */
+	NULL, /* dsa_sign_setup */
+	ubsec_dsa_verify, /* dsa_do_verify */
+	NULL, /* ubsec_dsa_mod_exp */ /* dsa_mod_exp */
+	NULL, /* ubsec_mod_exp_dsa */ /* bn_mod_exp */
+	NULL, /* init */
+	NULL, /* finish */
+	0, /* flags */
+	NULL /* app_data */
+	};
+#endif
+
+#ifndef OPENSSL_NO_DH
+/* Our internal DH_METHOD that we provide pointers to */
+static DH_METHOD ubsec_dh =
+	{
+	"UBSEC DH method",
+	ubsec_dh_generate_key,
+	ubsec_dh_compute_key,
+	ubsec_mod_exp_dh,
+	NULL,
+	NULL,
+	0,
+	NULL
+	};
+#endif
+
+/* Constants used when creating the ENGINE */
+static const char *engine_ubsec_id = "ubsec";
+static const char *engine_ubsec_name = "UBSEC hardware engine support";
+
+/* This internal function is used by ENGINE_ubsec() and possibly by the
+ * "dynamic" ENGINE support too */
+static int bind_helper(ENGINE *e)
+	{
+#ifndef OPENSSL_NO_RSA
+	const RSA_METHOD *meth1;
+#endif
+#ifndef OPENSSL_NO_DH
+#ifndef HAVE_UBSEC_DH
+	const DH_METHOD *meth3;
+#endif /* HAVE_UBSEC_DH */
+#endif
+	if(!ENGINE_set_id(e, engine_ubsec_id) ||
+			!ENGINE_set_name(e, engine_ubsec_name) ||
+#ifndef OPENSSL_NO_RSA
+			!ENGINE_set_RSA(e, &ubsec_rsa) ||
+#endif
+#ifndef OPENSSL_NO_DSA
+			!ENGINE_set_DSA(e, &ubsec_dsa) ||
+#endif
+#ifndef OPENSSL_NO_DH
+			!ENGINE_set_DH(e, &ubsec_dh) ||
+#endif
+			!ENGINE_set_destroy_function(e, ubsec_destroy) ||
+			!ENGINE_set_init_function(e, ubsec_init) ||
+			!ENGINE_set_finish_function(e, ubsec_finish) ||
+			!ENGINE_set_ctrl_function(e, ubsec_ctrl) ||
+			!ENGINE_set_cmd_defns(e, ubsec_cmd_defns))
+		return 0;
+
+#ifndef OPENSSL_NO_RSA
+	/* We know that the "PKCS1_SSLeay()" functions hook properly
+	 * to the Broadcom-specific mod_exp and mod_exp_crt so we use
+	 * those functions. NB: We don't use ENGINE_openssl() or
+	 * anything "more generic" because something like the RSAref
+	 * code may not hook properly, and if you own one of these
+	 * cards then you have the right to do RSA operations on it
+	 * anyway! */ 
+	meth1 = RSA_PKCS1_SSLeay();
+	ubsec_rsa.rsa_pub_enc = meth1->rsa_pub_enc;
+	ubsec_rsa.rsa_pub_dec = meth1->rsa_pub_dec;
+	ubsec_rsa.rsa_priv_enc = meth1->rsa_priv_enc;
+	ubsec_rsa.rsa_priv_dec = meth1->rsa_priv_dec;
+#endif
+
+#ifndef OPENSSL_NO_DH
+#ifndef HAVE_UBSEC_DH
+	/* Much the same for Diffie-Hellman */
+	meth3 = DH_OpenSSL();
+	ubsec_dh.generate_key = meth3->generate_key;
+	ubsec_dh.compute_key = meth3->compute_key;
+#endif /* HAVE_UBSEC_DH */
+#endif
+
+	/* Ensure the ubsec error handling is set up */
+	ERR_load_UBSEC_strings();
+	return 1;
+	}
+
+#ifdef OPENSSL_NO_DYNAMIC_ENGINE
+static ENGINE *engine_ubsec(void)
+	{
+	ENGINE *ret = ENGINE_new();
+	if(!ret)
+		return NULL;
+	if(!bind_helper(ret))
+		{
+		ENGINE_free(ret);
+		return NULL;
+		}
+	return ret;
+	}
+
+void ENGINE_load_ubsec(void)
+	{
+	/* Copied from eng_[openssl|dyn].c */
+	ENGINE *toadd = engine_ubsec();
+	if(!toadd) return;
+	ENGINE_add(toadd);
+	ENGINE_free(toadd);
+	ERR_clear_error();
+	}
+#endif
+
+/* This is a process-global DSO handle used for loading and unloading
+ * the UBSEC library. NB: This is only set (or unset) during an
+ * init() or finish() call (reference counts permitting) and they're
+ * operating with global locks, so this should be thread-safe
+ * implicitly. */
+
+static DSO *ubsec_dso = NULL;
+
+/* These are the function pointers that are (un)set when the library has
+ * successfully (un)loaded. */
+
+static t_UBSEC_ubsec_bytes_to_bits *p_UBSEC_ubsec_bytes_to_bits = NULL;
+static t_UBSEC_ubsec_bits_to_bytes *p_UBSEC_ubsec_bits_to_bytes = NULL;
+static t_UBSEC_ubsec_open *p_UBSEC_ubsec_open = NULL;
+static t_UBSEC_ubsec_close *p_UBSEC_ubsec_close = NULL;
+#ifndef OPENSSL_NO_DH
+static t_UBSEC_diffie_hellman_generate_ioctl 
+	*p_UBSEC_diffie_hellman_generate_ioctl = NULL;
+static t_UBSEC_diffie_hellman_agree_ioctl *p_UBSEC_diffie_hellman_agree_ioctl = NULL;
+#endif
+/* #ifndef OPENSSL_NO_RSA */
+static t_UBSEC_rsa_mod_exp_ioctl *p_UBSEC_rsa_mod_exp_ioctl = NULL;
+static t_UBSEC_rsa_mod_exp_crt_ioctl *p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
+/* #endif */
+#ifndef OPENSSL_NO_DSA
+static t_UBSEC_dsa_sign_ioctl *p_UBSEC_dsa_sign_ioctl = NULL;
+static t_UBSEC_dsa_verify_ioctl *p_UBSEC_dsa_verify_ioctl = NULL;
+#endif
+static t_UBSEC_math_accelerate_ioctl *p_UBSEC_math_accelerate_ioctl = NULL;
+static t_UBSEC_rng_ioctl *p_UBSEC_rng_ioctl = NULL;
+static t_UBSEC_max_key_len_ioctl *p_UBSEC_max_key_len_ioctl = NULL;
+
+static int max_key_len = 1024;  /* ??? */
+
+/* 
+ * These are the static string constants for the DSO file name and the function
+ * symbol names to bind to. 
+ */
+
+static const char *UBSEC_LIBNAME = NULL;
+static const char *get_UBSEC_LIBNAME(void)
+	{
+	if(UBSEC_LIBNAME)
+		return UBSEC_LIBNAME;
+	return "ubsec";
+	}
+static void free_UBSEC_LIBNAME(void)
+	{
+	if(UBSEC_LIBNAME)
+		OPENSSL_free((void*)UBSEC_LIBNAME);
+	UBSEC_LIBNAME = NULL;
+	}
+static long set_UBSEC_LIBNAME(const char *name)
+	{
+	free_UBSEC_LIBNAME();
+	return (((UBSEC_LIBNAME = BUF_strdup(name)) != NULL) ? 1 : 0);
+	}
+static const char *UBSEC_F1 = "ubsec_bytes_to_bits";
+static const char *UBSEC_F2 = "ubsec_bits_to_bytes";
+static const char *UBSEC_F3 = "ubsec_open";
+static const char *UBSEC_F4 = "ubsec_close";
+#ifndef OPENSSL_NO_DH
+static const char *UBSEC_F5 = "diffie_hellman_generate_ioctl";
+static const char *UBSEC_F6 = "diffie_hellman_agree_ioctl";
+#endif
+/* #ifndef OPENSSL_NO_RSA */
+static const char *UBSEC_F7 = "rsa_mod_exp_ioctl";
+static const char *UBSEC_F8 = "rsa_mod_exp_crt_ioctl";
+/* #endif */
+#ifndef OPENSSL_NO_DSA
+static const char *UBSEC_F9 = "dsa_sign_ioctl";
+static const char *UBSEC_F10 = "dsa_verify_ioctl";
+#endif
+static const char *UBSEC_F11 = "math_accelerate_ioctl";
+static const char *UBSEC_F12 = "rng_ioctl";
+static const char *UBSEC_F13 = "ubsec_max_key_len_ioctl";
+
+/* Destructor (complements the "ENGINE_ubsec()" constructor) */
+static int ubsec_destroy(ENGINE *e)
+	{
+	free_UBSEC_LIBNAME();
+	ERR_unload_UBSEC_strings();
+	return 1;
+	}
+
+/* (de)initialisation functions. */
+static int ubsec_init(ENGINE *e)
+	{
+	t_UBSEC_ubsec_bytes_to_bits *p1;
+	t_UBSEC_ubsec_bits_to_bytes *p2;
+	t_UBSEC_ubsec_open *p3;
+	t_UBSEC_ubsec_close *p4;
+#ifndef OPENSSL_NO_DH
+	t_UBSEC_diffie_hellman_generate_ioctl *p5;
+	t_UBSEC_diffie_hellman_agree_ioctl *p6;
+#endif
+/* #ifndef OPENSSL_NO_RSA */
+	t_UBSEC_rsa_mod_exp_ioctl *p7;
+	t_UBSEC_rsa_mod_exp_crt_ioctl *p8;
+/* #endif */
+#ifndef OPENSSL_NO_DSA
+	t_UBSEC_dsa_sign_ioctl *p9;
+	t_UBSEC_dsa_verify_ioctl *p10;
+#endif
+	t_UBSEC_math_accelerate_ioctl *p11;
+	t_UBSEC_rng_ioctl *p12;
+        t_UBSEC_max_key_len_ioctl *p13;
+	int fd = 0;
+
+	if(ubsec_dso != NULL)
+		{
+		UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_ALREADY_LOADED);
+		goto err;
+		}
+	/* 
+	 * Attempt to load libubsec.so/ubsec.dll/whatever. 
+	 */
+	ubsec_dso = DSO_load(NULL, get_UBSEC_LIBNAME(), NULL, 0);
+	if(ubsec_dso == NULL)
+		{
+		UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
+		goto err;
+		}
+
+	if (
+	!(p1 = (t_UBSEC_ubsec_bytes_to_bits *) DSO_bind_func(ubsec_dso, UBSEC_F1)) ||
+	!(p2 = (t_UBSEC_ubsec_bits_to_bytes *) DSO_bind_func(ubsec_dso, UBSEC_F2)) ||
+	!(p3 = (t_UBSEC_ubsec_open *) DSO_bind_func(ubsec_dso, UBSEC_F3)) ||
+	!(p4 = (t_UBSEC_ubsec_close *) DSO_bind_func(ubsec_dso, UBSEC_F4)) ||
+#ifndef OPENSSL_NO_DH
+	!(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *) 
+				DSO_bind_func(ubsec_dso, UBSEC_F5)) ||
+	!(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *) 
+				DSO_bind_func(ubsec_dso, UBSEC_F6)) ||
+#endif
+/* #ifndef OPENSSL_NO_RSA */
+	!(p7 = (t_UBSEC_rsa_mod_exp_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F7)) ||
+	!(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F8)) ||
+/* #endif */
+#ifndef OPENSSL_NO_DSA
+	!(p9 = (t_UBSEC_dsa_sign_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F9)) ||
+	!(p10 = (t_UBSEC_dsa_verify_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F10)) ||
+#endif
+	!(p11 = (t_UBSEC_math_accelerate_ioctl *) 
+				DSO_bind_func(ubsec_dso, UBSEC_F11)) ||
+	!(p12 = (t_UBSEC_rng_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F12)) ||
+        !(p13 = (t_UBSEC_max_key_len_ioctl *) DSO_bind_func(ubsec_dso, UBSEC_F13)))
+		{
+		UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE);
+		goto err;
+		}
+
+	/* Copy the pointers */
+	p_UBSEC_ubsec_bytes_to_bits = p1;
+	p_UBSEC_ubsec_bits_to_bytes = p2;
+	p_UBSEC_ubsec_open = p3;
+	p_UBSEC_ubsec_close = p4;
+#ifndef OPENSSL_NO_DH
+	p_UBSEC_diffie_hellman_generate_ioctl = p5;
+	p_UBSEC_diffie_hellman_agree_ioctl = p6;
+#endif
+#ifndef OPENSSL_NO_RSA
+	p_UBSEC_rsa_mod_exp_ioctl = p7;
+	p_UBSEC_rsa_mod_exp_crt_ioctl = p8;
+#endif
+#ifndef OPENSSL_NO_DSA
+	p_UBSEC_dsa_sign_ioctl = p9;
+	p_UBSEC_dsa_verify_ioctl = p10;
+#endif
+	p_UBSEC_math_accelerate_ioctl = p11;
+	p_UBSEC_rng_ioctl = p12;
+        p_UBSEC_max_key_len_ioctl = p13;
+
+	/* Perform an open to see if there's actually any unit running. */
+	if (((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) > 0) && (p_UBSEC_max_key_len_ioctl(fd, &max_key_len) == 0))
+	{
+	   p_UBSEC_ubsec_close(fd);
+	   return 1;
+	}
+	else
+	{
+	  UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+	}
+
+err:
+	if(ubsec_dso)
+		DSO_free(ubsec_dso);
+	p_UBSEC_ubsec_bytes_to_bits = NULL;
+	p_UBSEC_ubsec_bits_to_bytes = NULL;
+	p_UBSEC_ubsec_open = NULL;
+	p_UBSEC_ubsec_close = NULL;
+#ifndef OPENSSL_NO_DH
+	p_UBSEC_diffie_hellman_generate_ioctl = NULL;
+	p_UBSEC_diffie_hellman_agree_ioctl = NULL;
+#endif
+#ifndef OPENSSL_NO_RSA
+	p_UBSEC_rsa_mod_exp_ioctl = NULL;
+	p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
+#endif
+#ifndef OPENSSL_NO_DSA
+	p_UBSEC_dsa_sign_ioctl = NULL;
+	p_UBSEC_dsa_verify_ioctl = NULL;
+#endif
+	p_UBSEC_math_accelerate_ioctl = NULL;
+	p_UBSEC_rng_ioctl = NULL;
+        p_UBSEC_max_key_len_ioctl = NULL;
+
+	return 0;
+	}
+
+static int ubsec_finish(ENGINE *e)
+	{
+	free_UBSEC_LIBNAME();
+	if(ubsec_dso == NULL)
+		{
+		UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_NOT_LOADED);
+		return 0;
+		}
+	if(!DSO_free(ubsec_dso))
+		{
+		UBSECerr(UBSEC_F_UBSEC_FINISH, UBSEC_R_DSO_FAILURE);
+		return 0;
+		}
+	ubsec_dso = NULL;
+	p_UBSEC_ubsec_bytes_to_bits = NULL;
+	p_UBSEC_ubsec_bits_to_bytes = NULL;
+	p_UBSEC_ubsec_open = NULL;
+	p_UBSEC_ubsec_close = NULL;
+#ifndef OPENSSL_NO_DH
+	p_UBSEC_diffie_hellman_generate_ioctl = NULL;
+	p_UBSEC_diffie_hellman_agree_ioctl = NULL;
+#endif
+#ifndef OPENSSL_NO_RSA
+	p_UBSEC_rsa_mod_exp_ioctl = NULL;
+	p_UBSEC_rsa_mod_exp_crt_ioctl = NULL;
+#endif
+#ifndef OPENSSL_NO_DSA
+	p_UBSEC_dsa_sign_ioctl = NULL;
+	p_UBSEC_dsa_verify_ioctl = NULL;
+#endif
+	p_UBSEC_math_accelerate_ioctl = NULL;
+	p_UBSEC_rng_ioctl = NULL;
+        p_UBSEC_max_key_len_ioctl = NULL;
+	return 1;
+	}
+
+static int ubsec_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+	{
+	int initialised = ((ubsec_dso == NULL) ? 0 : 1);
+	switch(cmd)
+		{
+	case UBSEC_CMD_SO_PATH:
+		if(p == NULL)
+			{
+			UBSECerr(UBSEC_F_UBSEC_CTRL,ERR_R_PASSED_NULL_PARAMETER);
+			return 0;
+			}
+		if(initialised)
+			{
+			UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_ALREADY_LOADED);
+			return 0;
+			}
+		return set_UBSEC_LIBNAME((const char *)p);
+	default:
+		break;
+		}
+	UBSECerr(UBSEC_F_UBSEC_CTRL,UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+	return 0;
+	}
+
+static int ubsec_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx)
+	{
+	int 	y_len = 0;
+	int 	fd;
+
+	if(ubsec_dso == NULL)
+	{
+		UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_NOT_LOADED);
+		return 0;
+	}
+
+	/* Check if hardware can't handle this argument. */
+	y_len = BN_num_bits(m);
+	if (y_len > max_key_len) {
+		UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+                return BN_mod_exp(r, a, p, m, ctx);
+	} 
+
+	if(!bn_wexpand(r, m->top))
+	{
+		UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_BN_EXPAND_FAIL);
+		return 0;
+	}
+	memset(r->d, 0, BN_num_bytes(m));
+
+	if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+		fd = 0;
+		UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                return BN_mod_exp(r, a, p, m, ctx);
+	}
+
+	if (p_UBSEC_rsa_mod_exp_ioctl(fd, (unsigned char *)a->d, BN_num_bits(a),
+		(unsigned char *)m->d, BN_num_bits(m), (unsigned char *)p->d, 
+		BN_num_bits(p), (unsigned char *)r->d, &y_len) != 0)
+	{
+		UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+
+                return BN_mod_exp(r, a, p, m, ctx);
+	}
+
+	p_UBSEC_ubsec_close(fd);
+
+	r->top = (BN_num_bits(m)+BN_BITS2-1)/BN_BITS2;
+	return 1;
+	}
+
+#ifndef OPENSSL_NO_RSA
+static int ubsec_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
+	{
+	BN_CTX *ctx;
+	int to_return = 0;
+
+	if((ctx = BN_CTX_new()) == NULL)
+		goto err;
+
+	if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
+		{
+		UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP, UBSEC_R_MISSING_KEY_COMPONENTS);
+		goto err;
+		}
+
+	to_return = ubsec_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
+		    rsa->dmq1, rsa->iqmp, ctx);
+	if (to_return == FAIL_TO_SOFTWARE)
+	{
+	  /*
+	   * Do in software as hardware failed.
+	   */
+	   const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+	   to_return = (*meth->rsa_mod_exp)(r0, I, rsa);
+	}
+err:
+	if(ctx)
+		BN_CTX_free(ctx);
+	return to_return;
+	}
+#endif
+
+static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+			const BIGNUM *q, const BIGNUM *dp,
+			const BIGNUM *dq, const BIGNUM *qinv, BN_CTX *ctx)
+	{
+	int	y_len,
+		m_len,
+		fd;
+
+	m_len = BN_num_bytes(p) + BN_num_bytes(q) + 1;
+	y_len = BN_num_bits(p) + BN_num_bits(q);
+
+	/* Check if hardware can't handle this argument. */
+	if (y_len > max_key_len) {
+		UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL);
+		return FAIL_TO_SOFTWARE;
+	} 
+
+	if (!bn_wexpand(r, p->top + q->top + 1)) {
+		UBSECerr(UBSEC_F_UBSEC_RSA_MOD_EXP_CRT, UBSEC_R_BN_EXPAND_FAIL);
+		return 0;
+	}
+
+	if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+		fd = 0;
+		UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+		return FAIL_TO_SOFTWARE;
+	}
+
+	if (p_UBSEC_rsa_mod_exp_crt_ioctl(fd,
+		(unsigned char *)a->d, BN_num_bits(a), 
+		(unsigned char *)qinv->d, BN_num_bits(qinv),
+		(unsigned char *)dp->d, BN_num_bits(dp),
+		(unsigned char *)p->d, BN_num_bits(p),
+		(unsigned char *)dq->d, BN_num_bits(dq),
+		(unsigned char *)q->d, BN_num_bits(q),
+		(unsigned char *)r->d,  &y_len) != 0) {
+		UBSECerr(UBSEC_F_UBSEC_MOD_EXP, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+		return FAIL_TO_SOFTWARE;
+	}
+
+	p_UBSEC_ubsec_close(fd);
+
+	r->top = (BN_num_bits(p) + BN_num_bits(q) + BN_BITS2 - 1)/BN_BITS2;
+	return 1;
+}
+
+#ifndef OPENSSL_NO_DSA
+#ifdef NOT_USED
+static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1,
+		BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m,
+		BN_CTX *ctx, BN_MONT_CTX *in_mont)
+	{
+	BIGNUM t;
+	int to_return = 0;
+ 
+	BN_init(&t);
+	/* let rr = a1 ^ p1 mod m */
+	if (!ubsec_mod_exp(rr,a1,p1,m,ctx)) goto end;
+	/* let t = a2 ^ p2 mod m */
+	if (!ubsec_mod_exp(&t,a2,p2,m,ctx)) goto end;
+	/* let rr = rr * t mod m */
+	if (!BN_mod_mul(rr,rr,&t,m,ctx)) goto end;
+	to_return = 1;
+end:
+	BN_free(&t);
+	return to_return;
+	}
+
+static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a,
+		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx)
+	{
+	return ubsec_mod_exp(r, a, p, m, ctx);
+	}
+#endif
+#endif
+
+/*
+ * This function is aliased to mod_exp (with the mont stuff dropped).
+ */
+static int ubsec_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+		const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+        {
+	int ret = 0;
+
+#ifndef OPENSSL_NO_RSA
+ 	/* Do in software if the key is too large for the hardware. */
+	if (BN_num_bits(m) > max_key_len)
+                {
+		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+		ret = (*meth->bn_mod_exp)(r, a, p, m, ctx, m_ctx);
+                }
+        else
+#endif
+                {
+		ret = ubsec_mod_exp(r, a, p, m, ctx);
+                }
+	
+	return ret;
+        }
+
+#ifndef OPENSSL_NO_DH
+/* This function is aliased to mod_exp (with the dh and mont dropped). */
+static int ubsec_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
+		const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+		BN_MONT_CTX *m_ctx)
+	{
+	return ubsec_mod_exp(r, a, p, m, ctx);
+	}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+	{
+	DSA_SIG *to_return = NULL;
+	int s_len = 160, r_len = 160, d_len, fd;
+	BIGNUM m, *r=NULL, *s=NULL;
+
+	BN_init(&m);
+
+	s = BN_new();
+	r = BN_new();
+	if ((s == NULL) || (r==NULL))
+		goto err;
+
+	d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dlen);
+
+        if(!bn_wexpand(r, (160+BN_BITS2-1)/BN_BITS2) ||
+       	   (!bn_wexpand(s, (160+BN_BITS2-1)/BN_BITS2))) {
+		UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
+		goto err;
+	}
+
+	if (BN_bin2bn(dgst,dlen,&m) == NULL) {
+		UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
+		goto err;
+	} 
+
+	if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+                const DSA_METHOD *meth;
+		fd = 0;
+		UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                meth = DSA_OpenSSL();
+                to_return =  meth->dsa_do_sign(dgst, dlen, dsa);
+		goto err;
+	}
+
+	if (p_UBSEC_dsa_sign_ioctl(fd, 0, /* compute hash before signing */
+		(unsigned char *)dgst, d_len,
+		NULL, 0,  /* compute random value */
+		(unsigned char *)dsa->p->d, BN_num_bits(dsa->p), 
+		(unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
+		(unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
+		(unsigned char *)dsa->priv_key->d, BN_num_bits(dsa->priv_key),
+		(unsigned char *)r->d, &r_len,
+		(unsigned char *)s->d, &s_len ) != 0) {
+                const DSA_METHOD *meth;
+
+		UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+                meth = DSA_OpenSSL();
+                to_return = meth->dsa_do_sign(dgst, dlen, dsa);
+
+		goto err;
+	}
+
+	p_UBSEC_ubsec_close(fd);
+
+	r->top = (160+BN_BITS2-1)/BN_BITS2;
+	s->top = (160+BN_BITS2-1)/BN_BITS2;
+
+	to_return = DSA_SIG_new();
+	if(to_return == NULL) {
+		UBSECerr(UBSEC_F_UBSEC_DSA_SIGN, UBSEC_R_BN_EXPAND_FAIL);
+		goto err;
+	}
+
+	to_return->r = r;
+	to_return->s = s;
+
+err:
+	if (!to_return) {
+		if (r) BN_free(r);
+		if (s) BN_free(s);
+	}                                 
+	BN_clear_free(&m);
+	return to_return;
+}
+
+static int ubsec_dsa_verify(const unsigned char *dgst, int dgst_len,
+                                DSA_SIG *sig, DSA *dsa)
+	{
+	int v_len, d_len;
+	int to_return = 0;
+	int fd;
+	BIGNUM v;
+
+	BN_init(&v);
+
+	if(!bn_wexpand(&v, dsa->p->top)) {
+		UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY ,UBSEC_R_BN_EXPAND_FAIL);
+		goto err;
+	}
+
+	v_len = BN_num_bits(dsa->p);
+
+	d_len = p_UBSEC_ubsec_bytes_to_bits((unsigned char *)dgst, dgst_len);
+
+	if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0) {
+                const DSA_METHOD *meth;
+		fd = 0;
+		UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                meth = DSA_OpenSSL();
+                to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+		goto err;
+	}
+
+	if (p_UBSEC_dsa_verify_ioctl(fd, 0, /* compute hash before signing */
+		(unsigned char *)dgst, d_len,
+		(unsigned char *)dsa->p->d, BN_num_bits(dsa->p), 
+		(unsigned char *)dsa->q->d, BN_num_bits(dsa->q),
+		(unsigned char *)dsa->g->d, BN_num_bits(dsa->g),
+		(unsigned char *)dsa->pub_key->d, BN_num_bits(dsa->pub_key),
+		(unsigned char *)sig->r->d, BN_num_bits(sig->r),
+		(unsigned char *)sig->s->d, BN_num_bits(sig->s),
+		(unsigned char *)v.d, &v_len) != 0) {
+                const DSA_METHOD *meth;
+		UBSECerr(UBSEC_F_UBSEC_DSA_VERIFY , UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+
+                meth = DSA_OpenSSL();
+                to_return = meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+
+		goto err;
+	}
+
+	p_UBSEC_ubsec_close(fd);
+
+	to_return = 1;
+err:
+	BN_clear_free(&v);
+	return to_return;
+	}
+#endif
+
+#ifndef OPENSSL_NO_DH
+static int ubsec_dh_compute_key (unsigned char *key,const BIGNUM *pub_key,DH *dh)
+        {
+        int      ret      = -1,
+                 k_len,
+                 fd;
+
+        k_len = BN_num_bits(dh->p);
+
+        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
+                {
+                const DH_METHOD *meth;
+                ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                meth = DH_OpenSSL();
+                ret = meth->compute_key(key, pub_key, dh);
+                goto err;
+                }
+
+        if (p_UBSEC_diffie_hellman_agree_ioctl(fd,
+                                               (unsigned char *)dh->priv_key->d, BN_num_bits(dh->priv_key),
+                                               (unsigned char *)pub_key->d, BN_num_bits(pub_key),
+                                               (unsigned char *)dh->p->d, BN_num_bits(dh->p),
+                                               key, &k_len) != 0)
+                {
+                /* Hardware's a no go, failover to software */
+                const DH_METHOD *meth;
+                ENGINEerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+
+                meth = DH_OpenSSL();
+                ret = meth->compute_key(key, pub_key, dh);
+
+                goto err;
+                }
+
+        p_UBSEC_ubsec_close(fd);
+
+        ret = p_UBSEC_ubsec_bits_to_bytes(k_len);
+err:
+        return ret;
+        }
+
+static int ubsec_dh_generate_key (DH *dh)
+        {
+        int      ret               = 0,
+                 random_bits       = 0,
+                 pub_key_len       = 0,
+                 priv_key_len      = 0,
+                 fd;
+        BIGNUM   *pub_key          = NULL;
+        BIGNUM   *priv_key         = NULL;
+
+        /* 
+         *  How many bits should Random x be? dh_key.c
+         *  sets the range from 0 to num_bits(modulus) ???
+         */
+
+        if (dh->priv_key == NULL)
+                {
+                priv_key = BN_new();
+                if (priv_key == NULL) goto err;
+                priv_key_len = BN_num_bits(dh->p);
+                bn_wexpand(priv_key, dh->p->top);
+                do
+                        if (!BN_rand_range(priv_key, dh->p)) goto err;
+                while (BN_is_zero(priv_key));
+                random_bits = BN_num_bits(priv_key);
+                }
+        else
+                {
+                priv_key = dh->priv_key;
+                }
+
+        if (dh->pub_key == NULL)
+                {
+                pub_key = BN_new();
+                pub_key_len = BN_num_bits(dh->p);
+                bn_wexpand(pub_key, dh->p->top);
+                if(pub_key == NULL) goto err;
+                }
+        else
+                {
+                pub_key = dh->pub_key;
+                }
+
+        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
+                {
+                const DH_METHOD *meth;
+                ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                meth = DH_OpenSSL();
+                ret = meth->generate_key(dh);
+                goto err;
+                }
+
+        if (p_UBSEC_diffie_hellman_generate_ioctl(fd,
+                                                  (unsigned char *)priv_key->d, &priv_key_len,
+                                                  (unsigned char *)pub_key->d,  &pub_key_len,
+                                                  (unsigned char *)dh->g->d, BN_num_bits(dh->g),
+                                                  (unsigned char *)dh->p->d, BN_num_bits(dh->p),
+                                                  0, 0, random_bits) != 0)
+                {
+                /* Hardware's a no go, failover to software */
+                const DH_METHOD *meth;
+
+                ENGINEerr(UBSEC_F_UBSEC_DH_COMPUTE_KEY, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+
+                meth = DH_OpenSSL();
+                ret = meth->generate_key(dh);
+
+                goto err;
+                }
+
+        p_UBSEC_ubsec_close(fd);
+
+        dh->pub_key = pub_key;
+        dh->pub_key->top = (pub_key_len + BN_BITS2-1) / BN_BITS2;
+        dh->priv_key = priv_key;
+        dh->priv_key->top = (priv_key_len + BN_BITS2-1) / BN_BITS2;
+
+        ret = 1;
+err:
+        return ret;
+        }
+#endif
+
+#ifdef NOT_USED
+static int ubsec_rand_bytes(unsigned char * buf,
+                            int num)
+        {
+        int      ret      = 0,
+                 fd;
+
+        if ((fd = p_UBSEC_ubsec_open(UBSEC_KEY_DEVICE_NAME)) <= 0)
+                {
+                const RAND_METHOD *meth;
+                ENGINEerr(UBSEC_F_UBSEC_INIT, UBSEC_R_UNIT_FAILURE);
+                num = p_UBSEC_ubsec_bits_to_bytes(num);
+                meth = RAND_SSLeay();
+                meth->seed(buf, num);
+                ret = meth->bytes(buf, num);
+                goto err;
+                }
+
+        num *= 8; /* bytes to bits */
+
+        if (p_UBSEC_rng_ioctl(fd,
+                              UBSEC_RNG_DIRECT,
+                              buf,
+                              &num) != 0)
+                {
+                /* Hardware's a no go, failover to software */
+                const RAND_METHOD *meth;
+
+                ENGINEerr(UBSEC_F_UBSEC_RNG_BYTES, UBSEC_R_REQUEST_FAILED);
+                p_UBSEC_ubsec_close(fd);
+
+                num = p_UBSEC_ubsec_bits_to_bytes(num);
+                meth = RAND_SSLeay();
+                meth->seed(buf, num);
+                ret = meth->bytes(buf, num);
+
+                goto err;
+                }
+
+        p_UBSEC_ubsec_close(fd);
+
+        ret = 1;
+err:
+        return(ret);
+        }
+
+
+static int ubsec_rand_status(void)
+	{
+	return 0;
+	}
+#endif
+
+/* This stuff is needed if this ENGINE is being compiled into a self-contained
+ * shared-library. */
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_fn(ENGINE *e, const char *id)
+	{
+	if(id && (strcmp(id, engine_ubsec_id) != 0))
+		return 0;
+	if(!bind_helper(e))
+		return 0;
+	return 1;
+	}
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif /* OPENSSL_NO_DYNAMIC_ENGINE */
+
+#endif /* !OPENSSL_NO_HW_UBSEC */
+#endif /* !OPENSSL_NO_HW */
diff --git a/engines/e_ubsec.ec b/engines/e_ubsec.ec
new file mode 100644
index 0000000000..99b9233569
--- /dev/null
+++ b/engines/e_ubsec.ec
@@ -0,0 +1 @@
+L UBSEC		e_ubsec_err.h			e_ubsec_err.c
diff --git a/engines/e_ubsec_err.c b/engines/e_ubsec_err.c
new file mode 100644
index 0000000000..5504116511
--- /dev/null
+++ b/engines/e_ubsec_err.c
@@ -0,0 +1,151 @@
+/* hw_ubsec_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "e_ubsec_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA UBSEC_str_functs[]=
+	{
+{ERR_PACK(0,UBSEC_F_UBSEC_CTRL,0),	"UBSEC_CTRL"},
+{ERR_PACK(0,UBSEC_F_UBSEC_DH_COMPUTE_KEY,0),	"UBSEC_DH_COMPUTE_KEY"},
+{ERR_PACK(0,UBSEC_F_UBSEC_DSA_SIGN,0),	"UBSEC_DSA_SIGN"},
+{ERR_PACK(0,UBSEC_F_UBSEC_DSA_VERIFY,0),	"UBSEC_DSA_VERIFY"},
+{ERR_PACK(0,UBSEC_F_UBSEC_FINISH,0),	"UBSEC_FINISH"},
+{ERR_PACK(0,UBSEC_F_UBSEC_INIT,0),	"UBSEC_INIT"},
+{ERR_PACK(0,UBSEC_F_UBSEC_MOD_EXP,0),	"UBSEC_MOD_EXP"},
+{ERR_PACK(0,UBSEC_F_UBSEC_RNG_BYTES,0),	"UBSEC_RNG_BYTES"},
+{ERR_PACK(0,UBSEC_F_UBSEC_RSA_MOD_EXP,0),	"UBSEC_RSA_MOD_EXP"},
+{ERR_PACK(0,UBSEC_F_UBSEC_RSA_MOD_EXP_CRT,0),	"UBSEC_RSA_MOD_EXP_CRT"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA UBSEC_str_reasons[]=
+	{
+{UBSEC_R_ALREADY_LOADED                  ,"already loaded"},
+{UBSEC_R_BN_EXPAND_FAIL                  ,"bn expand fail"},
+{UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED    ,"ctrl command not implemented"},
+{UBSEC_R_DSO_FAILURE                     ,"dso failure"},
+{UBSEC_R_MISSING_KEY_COMPONENTS          ,"missing key components"},
+{UBSEC_R_NOT_LOADED                      ,"not loaded"},
+{UBSEC_R_REQUEST_FAILED                  ,"request failed"},
+{UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL     ,"size too large or too small"},
+{UBSEC_R_UNIT_FAILURE                    ,"unit failure"},
+{0,NULL}
+	};
+
+#endif
+
+#ifdef UBSEC_LIB_NAME
+static ERR_STRING_DATA UBSEC_lib_name[]=
+        {
+{0	,UBSEC_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int UBSEC_lib_error_code=0;
+static int UBSEC_error_init=1;
+
+static void ERR_load_UBSEC_strings(void)
+	{
+	if (UBSEC_lib_error_code == 0)
+		UBSEC_lib_error_code=ERR_get_next_error_library();
+
+	if (UBSEC_error_init)
+		{
+		UBSEC_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(UBSEC_lib_error_code,UBSEC_str_functs);
+		ERR_load_strings(UBSEC_lib_error_code,UBSEC_str_reasons);
+#endif
+
+#ifdef UBSEC_LIB_NAME
+		UBSEC_lib_name->error = ERR_PACK(UBSEC_lib_error_code,0,0);
+		ERR_load_strings(0,UBSEC_lib_name);
+#endif
+		}
+	}
+
+static void ERR_unload_UBSEC_strings(void)
+	{
+	if (UBSEC_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(UBSEC_lib_error_code,UBSEC_str_functs);
+		ERR_unload_strings(UBSEC_lib_error_code,UBSEC_str_reasons);
+#endif
+
+#ifdef UBSEC_LIB_NAME
+		ERR_unload_strings(0,UBSEC_lib_name);
+#endif
+		UBSEC_error_init=1;
+		}
+	}
+
+static void ERR_UBSEC_error(int function, int reason, char *file, int line)
+	{
+	if (UBSEC_lib_error_code == 0)
+		UBSEC_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(UBSEC_lib_error_code,function,reason,file,line);
+	}
diff --git a/engines/e_ubsec_err.h b/engines/e_ubsec_err.h
new file mode 100644
index 0000000000..023d3be771
--- /dev/null
+++ b/engines/e_ubsec_err.h
@@ -0,0 +1,95 @@
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_UBSEC_ERR_H
+#define HEADER_UBSEC_ERR_H
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+static void ERR_load_UBSEC_strings(void);
+static void ERR_unload_UBSEC_strings(void);
+static void ERR_UBSEC_error(int function, int reason, char *file, int line);
+#define UBSECerr(f,r) ERR_UBSEC_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the UBSEC functions. */
+
+/* Function codes. */
+#define UBSEC_F_UBSEC_CTRL				 100
+#define UBSEC_F_UBSEC_DH_COMPUTE_KEY			 101
+#define UBSEC_F_UBSEC_DSA_SIGN				 102
+#define UBSEC_F_UBSEC_DSA_VERIFY			 103
+#define UBSEC_F_UBSEC_FINISH				 104
+#define UBSEC_F_UBSEC_INIT				 105
+#define UBSEC_F_UBSEC_MOD_EXP				 106
+#define UBSEC_F_UBSEC_RNG_BYTES				 107
+#define UBSEC_F_UBSEC_RSA_MOD_EXP			 108
+#define UBSEC_F_UBSEC_RSA_MOD_EXP_CRT			 109
+
+/* Reason codes. */
+#define UBSEC_R_ALREADY_LOADED				 100
+#define UBSEC_R_BN_EXPAND_FAIL				 101
+#define UBSEC_R_CTRL_COMMAND_NOT_IMPLEMENTED		 102
+#define UBSEC_R_DSO_FAILURE				 103
+#define UBSEC_R_MISSING_KEY_COMPONENTS			 104
+#define UBSEC_R_NOT_LOADED				 105
+#define UBSEC_R_REQUEST_FAILED				 106
+#define UBSEC_R_SIZE_TOO_LARGE_OR_TOO_SMALL		 107
+#define UBSEC_R_UNIT_FAILURE				 108
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/engines/engine_vector.mar b/engines/engine_vector.mar
new file mode 100644
index 0000000000..7d968e7b40
--- /dev/null
+++ b/engines/engine_vector.mar
@@ -0,0 +1,24 @@
+;
+; Transfer vector for VAX shareable image
+;
+	.TITLE ENGINE
+	.IDENT /ENGINE/
+;
+; Define macro to assist in building transfer vector entries.  Each entry
+; should take no more than 8 bytes.
+;
+	.MACRO FTRANSFER_ENTRY routine
+	.ALIGN QUAD
+	.TRANSFER routine
+	.MASK	routine
+	JMP	routine+2
+	.ENDM FTRANSFER_ENTRY
+;
+; Place entries in own program section.
+;
+	.PSECT $$ENGINE,QUAD,PIC,USR,CON,REL,LCL,SHR,EXE,RD,NOWRT
+ENGINE_xfer:
+	FTRANSFER_ENTRY bind_engine
+	FTRANSFER_ENTRY v_check
+	.BLKB 32768-<.-ENGINE_xfer>	; 64 pages total.
+	.END
diff --git a/engines/makeengines.com b/engines/makeengines.com
new file mode 100644
index 0000000000..b2d191653d
--- /dev/null
+++ b/engines/makeengines.com
@@ -0,0 +1,901 @@
+$!
+$!  MAKEAPPS.COM
+$!  Written By:  Richard Levitte
+$!               richard@levitte.org
+$!
+$!  This command file compiles and creates the various engines in form
+$!  of shared images.  They are placed in [.xxx.EXE.ENGINES], where "xxx"
+$!  is either AXP or VAX depending on your hardware.
+$!
+$!  P1	if this is ENGINES or ALL, the engines will build, otherwise not.
+$!
+$!  P2	DEBUG or NODEBUG to compile with or without debugger information.
+$!
+$!  P3  VAXC		for VAX C
+$!	DECC		for DEC C
+$!	GNUC		for GNU C (untested)
+$!
+$!  P4	if defined, sets the TCP/IP libraries to use.  UCX or TCPIP is
+$!	used by default since most other implementations come with a
+$!	compatibility library.  The value must be one of the following:
+$!
+$!	UCX		for UCX
+$!	SOCKETSHR	for SOCKETSHR+NETLIB
+$!	TCPIP		for TCPIP (post UCX)
+$!
+$!  P5	if defined, tells the compiler not to use special threads.
+$!
+$!  P6	if defined, denotes which engines to build.  If not defined,
+$!	all available engines are built.
+$!
+$!-----------------------------------------------------------------------------
+$!
+$! Set the names of the engines we want to build
+$!
+$ ENGINES = "," + P6
+$ IF ENGINES .EQS. "," THEN -
+	ENGINES = ",4758_cca,aep,atalla,cswift,ncipher,nuron,sureware,ubsec"
+$!
+$! Set the default TCP/IP library to link against if needed
+$!
+$ TCPIP_LIB = ""
+$!
+$! Set the architecture name
+$!
+$ ARCH := VAX
+$ IF F$GETSYI("CPU") .GE. 128 THEN ARCH := AXP
+$!
+$! Set the goal directories, and creat them if necessary
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.ENGINES]
+$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.ENGINES]
+$ IF F$PARSE(OBJ_DIR) .EQS. "" THEN CREATE/DIRECTORY 'OBJ_DIR'
+$ IF F$PARSE(EXE_DIR) .EQS. "" THEN CREATE/DIRECTORY 'EXE_DIR'
+$!
+$! Set the goal files, and create them if necessary
+$!
+$ CRYPTO_LIB :=SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
+$ CRYPTO_EXE :=SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.EXE
+$ IF F$SEARCH(CRYPTO_LIB) .EQS. "" THEN LIBRARY/CREATE/OBJECT 'CRYPTO_LIB'
+$!
+$! OK, time to check options and initialise
+$!
+$ OPT_PHASE = P1
+$ ACCEPT_PHASE = "ALL,ENGINES"
+$ OPT_DEBUG = P2
+$ OPT_COMPILER = P3
+$ OPT_TCPIP_LIB = P4
+$ OPT_SPECIAL_THREADS = P5
+$
+$ GOSUB CHECK_OPTIONS
+$ GOSUB INITIALISE
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Define what goes into each engine
+$!
+$ ENGINE_ = ""
+$ IF ARCH .EQS. "VAX"
+$ THEN
+$   ENGINE_ = "engine_vector.mar"
+$   EXTRA_OBJ := ,'OBJ_DIR'ENGINE_VECTOR.OBJ
+$ ENDIF
+$ ENGINE_4758_CCA = "e_4758_cca"
+$ ENGINE_aep = "e_aep"
+$ ENGINE_atalla = "e_atalla"
+$ ENGINE_cswift = "e_cswift"
+$ ENGINE_ncipher = "e_ncipher"
+$ ENGINE_nuron = "e_nuron"
+$ ENGINE_sureware = "e_sureware"
+$ ENGINE_ubsec = "e_ubsec"
+$!
+$! Define which programs need to be linked with a TCP/IP library
+$!
+$ TCPIP_ENGINES = ",,"
+$ IF COMPILER .EQS. "VAXC" THEN -
+     TCPIP_ENGINES = ",,"
+$!
+$! Set up two loops, one that keeps track of the engines,
+$! and one that keeps track of all the files going into
+$! the current engine.
+$!
+$! Here's the start of the engine loop.
+$!
+$ ENGINE_COUNTER = 0
+$ ENGINE_NEXT:
+$!
+$! Extract the current engine name, and if we've reached the end, stop
+$!
+$ ENGINE_NAME = F$ELEMENT(ENGINE_COUNTER,",",ENGINES)
+$ IF (ENGINE_NAME.EQS.",") THEN GOTO ENGINE_DONE
+$!
+$ ENGINE_COUNTER = ENGINE_COUNTER + 1
+$!
+$! Set up the engine library names.
+$!
+$ LIB_ENGINE = "ENGINE_" + ENGINE_NAME
+$!
+$! Check if the library module name actually is defined
+$!
+$ IF F$TYPE('LIB_ENGINE') .EQS. ""
+$ THEN
+$   WRITE SYS$ERROR ""
+$   WRITE SYS$ERROR "The module ",ENGINE_NAME," does not exist.  Continuing..."
+$   WRITE SYS$ERROR ""
+$   GOTO ENGINE_NEXT
+$ ENDIF
+$!
+$! Talk to the user
+$!
+$ IF ENGINE_NAME .NES. ""
+$ THEN
+$   WRITE SYS$OUTPUT "Compiling The ",ENGINE_NAME," Library Files. (",BUILDALL,")"
+$ ELSE
+$   WRITE SYS$OUTPUT "Compiling Support Files. (",BUILDALL,")"
+$ ENDIF
+$!
+$! Here's the start of per-engine module loop.
+$!
+$ FILE_COUNTER = 0
+$ FILE_NEXT:
+$!
+$! Extract the file name from the file list, and if we've reached the end, stop
+$!
+$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",'LIB_ENGINE')
+$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE
+$!
+$ FILE_COUNTER = FILE_COUNTER + 1
+$!
+$ IF FILE_NAME .EQS. "" THEN GOTO FILE_NEXT
+$!
+$! Set up the source and object reference
+$!
+$ SOURCE_FILE = F$PARSE(FILE_NAME,"SYS$DISK:[].C",,,"SYNTAX_ONLY")
+$ OBJECT_FILE = OBJ_DIR + F$PARSE(FILE_NAME,,,"NAME","SYNTAX_ONLY") + ".OBJ"
+$!
+$! If we get some problem, we just go on trying to build the next module.
+$ ON WARNING THEN GOTO FILE_NEXT
+$!
+$! Check if the module we want to compile is actually there.
+$!
+$ IF F$SEARCH(SOURCE_FILE) .EQS. ""
+$ THEN
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Doesn't Exist."
+$   WRITE SYS$OUTPUT ""
+$   GOTO EXIT
+$ ENDIF
+$!
+$! Talk to the user.
+$!
+$ WRITE SYS$OUTPUT "	",FILE_NAME,""
+$!
+$! Do the dirty work.
+$!
+$ ON ERROR THEN GOTO FILE_NEXT
+$ IF FILE_NAME - ".MAR" .NES. FILE_NAME
+$ THEN
+$   MACRO/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ELSE
+$   CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ENDIF
+$!
+$! Now, there are two ways to handle this.  We can either build 
+$! shareable images or stick the engine object file into libcrypto.
+$! For now, the latter is NOT supported.
+$!
+$!!!!! LIBRARY/REPLACE 'CRYPTO_LIB' 'OBJECT_FILE'
+$!
+$! For shareable libraries, we need to do things a little differently
+$! depending on if we link with a TCP/IP library or not.
+$!
+$ ENGINE_OPT := SYS$DISK:[]'ARCH'.OPT
+$ IF TCPIP_LIB .NES. ""
+$ THEN
+$   LINK/'DEBUGGER'/'TRACEBACK' /SHARE='EXE_DIR''ENGINE_NAME'.EXE -
+	'OBJECT_FILE''EXTRA_OBJ', -
+	'ENGINE_OPT'/OPTION,'TCPIP_LIB','OPT_FILE'/OPTION
+$ ELSE
+$   LINK/'DEBUGGER'/'TRACEBACK' /SHARE='EXE_DIR''ENGINE_NAME'.EXE -
+	'OBJECT_FILE''EXTRA_OBJ', -
+        'CRYPTO_LIB'/LIBRARY, -
+	'ENGINE_OPT'/OPTION,'OPT_FILE'/OPTION
+$ ENDIF
+$!
+$! Clean up
+$!
+$ DELETE 'OBJECT_FILE';*
+$!
+$! Next file
+$!
+$ GOTO FILE_NEXT
+$!
+$ FILE_DONE:
+$!
+$! Next engine
+$!
+$ GOTO ENGINE_NEXT
+$!
+$ ENGINE_DONE:
+$!
+$! Talk to the user
+$!
+$ WRITE SYS$OUTPUT "All Done..."
+$ EXIT:
+$ GOSUB CLEANUP
+$ EXIT
+$!
+$! Check For The Link Option FIle.
+$!
+$ CHECK_OPT_FILE:
+$!
+$! Check To See If We Need To Make A VAX C Option File.
+$!
+$ IF (COMPILER.EQS."VAXC")
+$ THEN
+$!
+$!  Check To See If We Already Have A VAX C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A VAX C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable VAX C Runtime Library.
+!
+SYS$SHARE:VAXCRTL.EXE/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The VAXC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A GNU C Option File.
+$!
+$ IF (COMPILER.EQS."GNUC")
+$ THEN
+$!
+$!  Check To See If We Already Have A GNU C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A GNU C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable C Runtime Library.
+!
+GNU_CC:[000000]GCCLIB/LIBRARY
+SYS$SHARE:VAXCRTL/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A DEC C Option File.
+$!
+$ IF (COMPILER.EQS."DECC")
+$ THEN
+$!
+$!  Check To See If We Already Have A DEC C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!
+$     IF ARCH .EQS. "VAX"
+$     THEN
+$!
+$!      We Need A DEC C Linker Option File For VAX.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable DEC C Runtime Library.
+!
+SYS$SHARE:DECC$SHR.EXE/SHARE
+$EOD
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Create The AXP Linker Option File.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File For AXP To Link Agianst 
+! The Sharable C Runtime Library.
+!
+SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
+SYS$SHARE:CMA$OPEN_RTL/SHARE
+$EOD
+$!
+$!    End The VAX/AXP DEC C Option File Check.
+$!
+$     ENDIF
+$!
+$!  End The Option File Search.
+$!
+$   ENDIF
+$!
+$! End The DEC C Check.
+$!
+$ ENDIF
+$!
+$!  Tell The User What Linker Option File We Are Using.
+$!
+$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."	
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$!
+$! Check The User's Options.
+$!
+$ CHECK_OPTIONS:
+$!
+$! Check To See If OPT_PHASE Is Blank.
+$!
+$ IF (OPT_PHASE.EQS."ALL")
+$ THEN
+$!
+$!   OPT_PHASE Is Blank, So Build Everything.
+$!
+$    BUILDALL = "ALL"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Else, Check To See If OPT_PHASE Has A Valid Arguement.
+$!
+$   IF ("," + ACCEPT_PHASE + ",") - ("," + OPT_PHASE + ",") -
+       .NES. ("," + ACCEPT_PHASE + ",")
+$   THEN
+$!
+$!    A Valid Arguement.
+$!
+$     BUILDALL = OPT_PHASE
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User We Don't Know What They Want.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The option ",OPT_PHASE," is invalid.  The valid options are:"
+$     WRITE SYS$OUTPUT ""
+$     IF ("," + ACCEPT_PHASE + ",") - ",ALL," -
+	.NES. ("," + ACCEPT_PHASE + ",") THEN -
+	WRITE SYS$OUTPUT "    ALL      :  just build everything."
+$     IF ("," + ACCEPT_PHASE + ",") - ",ENGINES," -
+	.NES. ("," + ACCEPT_PHASE + ",") THEN -
+	WRITE SYS$OUTPUT "    ENGINES  :  to compile just the [.xxx.EXE.ENGINES]*.EXE hareable images."
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT " where 'xxx' stands for:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "        AXP  :  Alpha architecture."
+$     WRITE SYS$OUTPUT "        VAX  :  VAX architecture."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The OPT_PHASE Check.
+$!
+$ ENDIF
+$!
+$! Check To See If OPT_DEBUG Is Blank.
+$!
+$ IF (OPT_DEBUG.EQS."NODEBUG")
+$ THEN
+$!
+$!   OPT_DEBUG Is NODEBUG, So Compile Without The Debugger Information.
+$!
+$    DEBUGGER = "NODEBUG"
+$    TRACEBACK = "NOTRACEBACK" 
+$    GCC_OPTIMIZE = "OPTIMIZE"
+$    CC_OPTIMIZE = "OPTIMIZE"
+$    MACRO_OPTIMIZE = "OPTIMIZE"
+$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$ ELSE
+$!
+$!  Check To See If We Are To Compile With Debugger Information.
+$!
+$   IF (OPT_DEBUG.EQS."DEBUG")
+$   THEN
+$!
+$!    Compile With Debugger Information.
+$!
+$     DEBUGGER = "DEBUG"
+$     TRACEBACK = "TRACEBACK"
+$     GCC_OPTIMIZE = "NOOPTIMIZE"
+$     CC_OPTIMIZE = "NOOPTIMIZE"
+$     MACRO_OPTIMIZE = "NOOPTIMIZE"
+$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
+$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
+$   ELSE 
+$!
+$!    They Entered An Invalid Option..
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",OPT_DEBUG," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "     DEBUG   :  Compile With The Debugger Information."
+$     WRITE SYS$OUTPUT "     NODEBUG :  Compile Without The Debugger Information."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The OPT_DEBUG Check.
+$!
+$ ENDIF
+$!
+$! Special Threads For OpenVMS v7.1 Or Later
+$!
+$! Written By:  Richard Levitte
+$!              richard@levitte.org
+$!
+$!
+$! Check To See If We Have A Option For OPT_SPECIAL_THREADS.
+$!
+$ IF (OPT_SPECIAL_THREADS.EQS."")
+$ THEN
+$!
+$!  Get The Version Of VMS We Are Using.
+$!
+$   ISSEVEN :=
+$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
+$!
+$!  Check To See If The VMS Version Is v7.1 Or Later.
+$!
+$   IF (TMP.GE.71)
+$   THEN
+$!
+$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
+$!
+$     ISSEVEN := ,PTHREAD_USE_D4
+$!
+$!  End The VMS Version Check.
+$!
+$   ENDIF
+$!
+$! End The OPT_SPECIAL_THREADS Check.
+$!
+$ ENDIF
+$!
+$! Check To See If OPT_COMPILER Is Blank.
+$!
+$ IF (OPT_COMPILER.EQS."")
+$ THEN
+$!
+$!  O.K., The User Didn't Specify A Compiler, Let's Try To
+$!  Find Out Which One To Use.
+$!
+$!  Check To See If We Have GNU C.
+$!
+$   IF (F$TRNLNM("GNU_CC").NES."")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     OPT_COMPILER = "GNUC"
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Check To See If We Have VAXC Or DECC.
+$!
+$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     THEN 
+$!
+$!      Looks Like DECC, Set To Use DECC.
+$!
+$       OPT_COMPILER = "DECC"
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Looks Like VAXC, Set To Use VAXC.
+$!
+$       OPT_COMPILER = "VAXC"
+$!
+$!    End The VAXC Compiler Check.
+$!
+$     ENDIF
+$!
+$!  End The DECC & VAXC Compiler Check.
+$!
+$   ENDIF
+$!
+$!  End The Compiler Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Have A Option For OPT_TCPIP_LIB.
+$!
+$ IF (OPT_TCPIP_LIB.EQS."")
+$ THEN
+$!
+$!  Find out what socket library we have available
+$!
+$   IF F$PARSE("SOCKETSHR:") .NES. ""
+$   THEN
+$!
+$!    We have SOCKETSHR, and it is my opinion that it's the best to use.
+$!
+$     OPT_TCPIP_LIB = "SOCKETSHR"
+$!
+$!    Tell the user
+$!
+$     WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
+$!
+$!    Else, let's look for something else
+$!
+$   ELSE
+$!
+$!    Like UCX (the reason to do this before Multinet is that the UCX
+$!    emulation is easier to use...)
+$!
+$     IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
+	 .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
+	 .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
+$     THEN
+$!
+$!	Last resort: a UCX or UCX-compatible library
+$!
+$	OPT_TCPIP_LIB = "UCX"
+$!
+$!      Tell the user
+$!
+$       WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
+$!
+$!	That was all...
+$!
+$     ENDIF
+$   ENDIF
+$ ENDIF
+$!
+$! Set Up Initial CC Definitions, Possibly With User Ones
+$!
+$ CCDEFS = "TCPIP_TYPE_''OPT_TCPIP_LIB',DSO_VMS"
+$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
+$ CCEXTRAFLAGS = ""
+$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
+	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
+$!
+$!  Check To See If The User Entered A Valid Paramter.
+$!
+$ IF (OPT_COMPILER.EQS."VAXC").OR.(OPT_COMPILER.EQS."DECC").OR.(OPT_COMPILER.EQS."GNUC")
+$ THEN
+$!
+$!    Check To See If The User Wanted DECC.
+$!
+$   IF (OPT_COMPILER.EQS."DECC")
+$   THEN
+$!
+$!    Looks Like DECC, Set To Use DECC.
+$!
+$     COMPILER = "DECC"
+$!
+$!    Tell The User We Are Using DECC.
+$!
+$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$!    Use DECC...
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
+	 THEN CC = "CC/DECC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+           "/NOLIST/PREFIX=ALL" + -
+	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[.VENDOR_DEFNS])" + -
+	   CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$!
+$!  End DECC Check.
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use VAXC.
+$!
+$   IF (OPT_COMPILER.EQS."VAXC")
+$   THEN
+$!
+$!    Looks Like VAXC, Set To Use VAXC.
+$!
+$     COMPILER = "VAXC"
+$!
+$!    Tell The User We Are Using VAX C.
+$!
+$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$!    Compile Using VAXC.
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."AXP"
+$     THEN
+$	WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$	EXIT
+$     ENDIF
+$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+	   CCEXTRAFLAGS
+$     CCDEFS = """VAXC""," + CCDEFS
+$!
+$!    Define <sys> As SYS$COMMON:[SYSLIB]
+$!
+$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$!
+$!  End VAXC Check
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use GNU C.
+$!
+$   IF (OPT_COMPILER.EQS."GNUC")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     COMPILER = "GNUC"
+$!
+$!    Tell The User We Are Using GNUC.
+$!
+$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$!    Use GNU C...
+$!
+$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+	   "/INCLUDE=(SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[.ENGINE.VENDOR_DEFNS])" + -
+	   CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$!
+$!  End The GNU C Check.
+$!
+$   ENDIF
+$!
+$!  Set up default defines
+$!
+$   CCDEFS = """FLAT_INC=1""," + CCDEFS
+$!
+$!  Finish up the definition of CC.
+$!
+$   IF COMPILER .EQS. "DECC"
+$   THEN
+$     IF CCDISABLEWARNINGS .NES. ""
+$     THEN
+$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$     ENDIF
+$   ELSE
+$     CCDISABLEWARNINGS = ""
+$   ENDIF
+$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$!
+$!  Show user the result
+$!
+$   WRITE/SYMBOL SYS$OUTPUT "Main C Compiling Command: ",CC
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",OPT_COMPILER," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
+$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
+$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$!
+$! End The Valid Arguement Check.
+$!
+$ ENDIF
+$!
+$! Build a MACRO command for the architecture at hand
+$!
+$ IF ARCH .EQS. "VAX" THEN MACRO = "MACRO/''DEBUGGER'"
+$ IF ARCH .EQS. "AXP" THEN MACRO = "MACRO/MIGRATION/''DEBUGGER'/''MACRO_OPTIMIZE'"
+$!
+$!  Show user the result
+$!
+$ WRITE/SYMBOL SYS$OUTPUT "Main MACRO Compiling Command: ",MACRO
+$!
+$! Time to check the contents, and to make sure we get the correct library.
+$!
+$ IF OPT_TCPIP_LIB.EQS."SOCKETSHR" .OR. OPT_TCPIP_LIB.EQS."MULTINET" -
+     .OR. OPT_TCPIP_LIB.EQS."UCX" .OR. OPT_TCPIP_LIB.EQS."TCPIP" -
+     .OR. OPT_TCPIP_LIB.EQS."NONE"
+$ THEN
+$!
+$!  Check to see if SOCKETSHR was chosen
+$!
+$   IF OPT_TCPIP_LIB.EQS."SOCKETSHR"
+$   THEN
+$!
+$!    Set the library to use SOCKETSHR
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$!
+$!    Done with SOCKETSHR
+$!
+$   ENDIF
+$!
+$!  Check to see if MULTINET was chosen
+$!
+$   IF OPT_TCPIP_LIB.EQS."MULTINET"
+$   THEN
+$!
+$!    Set the library to use UCX emulation.
+$!
+$     OPT_TCPIP_LIB = "UCX"
+$!
+$!    Done with MULTINET
+$!
+$   ENDIF
+$!
+$!  Check to see if UCX was chosen
+$!
+$   IF OPT_TCPIP_LIB.EQS."UCX"
+$   THEN
+$!
+$!    Set the library to use UCX.
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
+$     THEN
+$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$     ELSE
+$       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
+	  TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+$     ENDIF
+$!
+$!    Done with UCX
+$!
+$   ENDIF
+$!
+$!  Check to see if TCPIP was chosen
+$!
+$   IF OPT_TCPIP_LIB.EQS."TCPIP"
+$   THEN
+$!
+$!    Set the library to use TCPIP (post UCX).
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$!
+$!    Done with TCPIP
+$!
+$   ENDIF
+$!
+$!  Check to see if NONE was chosen
+$!
+$   IF OPT_TCPIP_LIB.EQS."NONE"
+$   THEN
+$!
+$!    Do not use a TCPIP library.
+$!
+$     TCPIP_LIB = ""
+$!
+$!    Done with TCPIP
+$!
+$   ENDIF
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",OPT_TCPIP_LIB," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
+$   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
+$   WRITE SYS$OUTPUT "    TCPIP      :  To link with TCPIP (post UCX) TCP/IP library."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$!
+$!  Done with TCP/IP libraries
+$!
+$ ENDIF
+$!
+$!  Time To RETURN...
+$!
+$ RETURN
+$!
+$ INITIALISE:
+$!
+$! Save old value of the logical name OPENSSL
+$!
+$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
+$!
+$! Save directory information
+$!
+$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
+$ __HERE = F$EDIT(__HERE,"UPCASE")
+$ __TOP = __HERE - "ENGINES]"
+$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
+$!
+$! Set up the logical name OPENSSL to point at the include directory
+$!
+$ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$!
+$! Done
+$!
+$ RETURN
+$!
+$ CLEANUP:
+$!
+$! Restore the logical name OPENSSL if it had a value
+$!
+$ IF __SAVE_OPENSSL .EQS. ""
+$ THEN
+$   DEASSIGN OPENSSL
+$ ELSE
+$   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
+$ ENDIF
+$!
+$! Done
+$!
+$ RETURN
diff --git a/engines/vax.opt b/engines/vax.opt
new file mode 100644
index 0000000000..72e6bd895f
--- /dev/null
+++ b/engines/vax.opt
@@ -0,0 +1,9 @@
+!
+! Ensure transfer vector is at beginning of image
+!
+CLUSTER=FIRST
+COLLECT=FIRST,$$ENGINE
+!
+! make psects nonshareable so image can be installed.
+!
+PSECT_ATTR=$CHAR_STRING_CONSTANTS,NOWRT
diff --git a/engines/vendor_defns/aep.h b/engines/vendor_defns/aep.h
new file mode 100644
index 0000000000..2b2792d2d6
--- /dev/null
+++ b/engines/vendor_defns/aep.h
@@ -0,0 +1,178 @@
+/* This header declares the necessary definitions for using the exponentiation
+ * acceleration capabilities, and rnd number generation of the AEP card. 
+ *
+ */
+
+/*
+ *
+ * Some AEP defines
+ *
+ */
+
+/*Successful return value*/
+#define AEP_R_OK                                0x00000000
+
+/*Miscelleanous unsuccessful return value*/
+#define AEP_R_GENERAL_ERROR                     0x10000001
+
+/*Insufficient host memory*/
+#define AEP_R_HOST_MEMORY                       0x10000002
+
+#define AEP_R_FUNCTION_FAILED                   0x10000006
+
+/*Invalid arguments in function call*/
+#define AEP_R_ARGUMENTS_BAD                     0x10020000
+
+#define AEP_R_NO_TARGET_RESOURCES				0x10030000
+
+/*Error occuring on socket operation*/
+#define AEP_R_SOCKERROR							0x10000010
+
+/*Socket has been closed from the other end*/
+#define AEP_R_SOCKEOF							0x10000011
+
+/*Invalid handles*/
+#define AEP_R_CONNECTION_HANDLE_INVALID         0x100000B3
+
+#define AEP_R_TRANSACTION_HANDLE_INVALID		0x10040000
+
+/*Transaction has not yet returned from accelerator*/
+#define AEP_R_TRANSACTION_NOT_READY				0x00010000
+
+/*There is already a thread waiting on this transaction*/
+#define AEP_R_TRANSACTION_CLAIMED				0x10050000
+
+/*The transaction timed out*/
+#define AEP_R_TIMED_OUT							0x10060000
+
+#define AEP_R_FXN_NOT_IMPLEMENTED				0x10070000
+
+#define AEP_R_TARGET_ERROR						0x10080000
+
+/*Error in the AEP daemon process*/
+#define AEP_R_DAEMON_ERROR						0x10090000
+
+/*Invalid ctx id*/
+#define AEP_R_INVALID_CTX_ID					0x10009000
+
+#define AEP_R_NO_KEY_MANAGER					0x1000a000
+
+/*Error obtaining a mutex*/
+#define AEP_R_MUTEX_BAD                         0x000001A0
+
+/*Fxn call before AEP_Initialise ot after AEP_Finialise*/
+#define AEP_R_AEPAPI_NOT_INITIALIZED			0x10000190
+
+/*AEP_Initialise has already been called*/
+#define AEP_R_AEPAPI_ALREADY_INITIALIZED		0x10000191
+
+/*Maximum number of connections to daemon reached*/
+#define AEP_R_NO_MORE_CONNECTION_HNDLS			0x10000200
+
+/*
+ *
+ * Some AEP Type definitions
+ *
+ */
+
+/* an unsigned 8-bit value */
+typedef unsigned char				AEP_U8;
+
+/* an unsigned 8-bit character */
+typedef char					AEP_CHAR;
+
+/* a BYTE-sized Boolean flag */
+typedef AEP_U8					AEP_BBOOL;
+
+/*Unsigned value, at least 16 bits long*/
+typedef unsigned short				AEP_U16;
+
+/* an unsigned value, at least 32 bits long */
+#ifdef SIXTY_FOUR_BIT_LONG
+typedef unsigned int				AEP_U32;
+#else
+typedef unsigned long				AEP_U32;
+#endif
+
+#ifdef SIXTY_FOUR_BIT_LONG
+typedef unsigned long				AEP_U64;
+#else
+typedef struct { unsigned long l1, l2; }	AEP_U64;
+#endif
+
+/* at least 32 bits; each bit is a Boolean flag */
+typedef AEP_U32			AEP_FLAGS;
+
+typedef AEP_U8	    	*AEP_U8_PTR;
+typedef AEP_CHAR    	*AEP_CHAR_PTR;
+typedef AEP_U32			*AEP_U32_PTR;
+typedef AEP_U64			*AEP_U64_PTR;
+typedef void        	*AEP_VOID_PTR;
+
+/* Pointer to a AEP_VOID_PTR-- i.e., pointer to pointer to void */
+typedef AEP_VOID_PTR 	*AEP_VOID_PTR_PTR;
+
+/*Used to identify an AEP connection handle*/
+typedef AEP_U32					AEP_CONNECTION_HNDL;
+
+/*Pointer to an AEP connection handle*/
+typedef AEP_CONNECTION_HNDL 	*AEP_CONNECTION_HNDL_PTR;
+
+/*Used by an application (in conjunction with the apps process id) to 
+identify an individual transaction*/
+typedef AEP_U32					AEP_TRANSACTION_ID;
+
+/*Pointer to an applications transaction identifier*/
+typedef AEP_TRANSACTION_ID 		*AEP_TRANSACTION_ID_PTR;
+
+/*Return value type*/
+typedef AEP_U32					AEP_RV;
+
+#define MAX_PROCESS_CONNECTIONS 256
+
+#define RAND_BLK_SIZE 1024
+
+typedef enum{
+        NotConnected=   0,
+        Connected=              1,
+        InUse=                  2
+} AEP_CONNECTION_STATE;
+
+
+typedef struct AEP_CONNECTION_ENTRY{
+        AEP_CONNECTION_STATE    conn_state;
+        AEP_CONNECTION_HNDL     conn_hndl;
+} AEP_CONNECTION_ENTRY;
+
+
+typedef AEP_RV t_AEP_OpenConnection(AEP_CONNECTION_HNDL_PTR phConnection);
+typedef AEP_RV t_AEP_CloseConnection(AEP_CONNECTION_HNDL hConnection);
+
+typedef AEP_RV t_AEP_ModExp(AEP_CONNECTION_HNDL hConnection,
+			    AEP_VOID_PTR pA, AEP_VOID_PTR pP,
+			    AEP_VOID_PTR pN,
+			    AEP_VOID_PTR pResult,
+			    AEP_TRANSACTION_ID* pidTransID);
+
+typedef AEP_RV t_AEP_ModExpCrt(AEP_CONNECTION_HNDL hConnection,
+			       AEP_VOID_PTR pA, AEP_VOID_PTR pP,
+			       AEP_VOID_PTR pQ,
+			       AEP_VOID_PTR pDmp1, AEP_VOID_PTR pDmq1,
+			       AEP_VOID_PTR pIqmp,
+			       AEP_VOID_PTR pResult,
+			       AEP_TRANSACTION_ID* pidTransID);
+
+#ifdef AEPRAND
+typedef AEP_RV t_AEP_GenRandom(AEP_CONNECTION_HNDL hConnection,
+			       AEP_U32 Len,
+			       AEP_U32 Type,
+			       AEP_VOID_PTR pResult,
+			       AEP_TRANSACTION_ID* pidTransID);
+#endif
+
+typedef AEP_RV t_AEP_Initialize(AEP_VOID_PTR pInitArgs);
+typedef AEP_RV t_AEP_Finalize();
+typedef AEP_RV t_AEP_SetBNCallBacks(AEP_RV (*GetBigNumSizeFunc)(),
+				    AEP_RV (*MakeAEPBigNumFunc)(),
+				    AEP_RV (*ConverAEPBigNumFunc)());
+
diff --git a/engines/vendor_defns/atalla.h b/engines/vendor_defns/atalla.h
new file mode 100644
index 0000000000..149970d441
--- /dev/null
+++ b/engines/vendor_defns/atalla.h
@@ -0,0 +1,48 @@
+/* This header declares the necessary definitions for using the exponentiation
+ * acceleration capabilities of Atalla cards. The only cryptographic operation
+ * is performed by "ASI_RSAPrivateKeyOpFn" and this takes a structure that
+ * defines an "RSA private key". However, it is really only performing a
+ * regular mod_exp using the supplied modulus and exponent - no CRT form is
+ * being used. Hence, it is a generic mod_exp function in disguise, and we use
+ * it as such.
+ *
+ * Thanks to the people at Atalla for letting me know these definitions are
+ * fine and that they can be reproduced here.
+ *
+ * Geoff.
+ */
+
+typedef struct ItemStr
+	{
+	unsigned char *data;
+	int len;
+	} Item;
+
+typedef struct RSAPrivateKeyStr
+	{
+	void *reserved;
+	Item version;
+	Item modulus;
+	Item publicExponent;
+	Item privateExponent;
+	Item prime[2];
+	Item exponent[2];
+	Item coefficient;
+	} RSAPrivateKey;
+
+/* Predeclare the function pointer types that we dynamically load from the DSO.
+ * These use the same names and form that Ben's original support code had (in
+ * crypto/bn/bn_exp.c) unless of course I've inadvertently changed the style
+ * somewhere along the way!
+ */
+
+typedef int tfnASI_GetPerformanceStatistics(int reset_flag,
+					unsigned int *ret_buf);
+
+typedef int tfnASI_GetHardwareConfig(long card_num, unsigned int *ret_buf);
+
+typedef int tfnASI_RSAPrivateKeyOpFn(RSAPrivateKey * rsaKey,
+					unsigned char *output,
+					unsigned char *input,
+					unsigned int modulus_len);
+
diff --git a/engines/vendor_defns/cswift.h b/engines/vendor_defns/cswift.h
new file mode 100644
index 0000000000..60079326bb
--- /dev/null
+++ b/engines/vendor_defns/cswift.h
@@ -0,0 +1,234 @@
+/* Attribution notice: Rainbow have generously allowed me to reproduce
+ * the necessary definitions here from their API. This means the support
+ * can build independently of whether application builders have the
+ * API or hardware. This will allow developers to easily produce software
+ * that has latent hardware support for any users that have accelertors
+ * installed, without the developers themselves needing anything extra.
+ *
+ * I have only clipped the parts from the CryptoSwift header files that
+ * are (or seem) relevant to the CryptoSwift support code. This is
+ * simply to keep the file sizes reasonable.
+ * [Geoff]
+ */
+
+
+/* NB: These type widths do *not* seem right in general, in particular
+ * they're not terribly friendly to 64-bit architectures (unsigned long)
+ * will be 64-bit on IA-64 for a start. I'm leaving these alone as they
+ * agree with Rainbow's API and this will only be called into question
+ * on platforms with Rainbow support anyway! ;-) */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+typedef long              SW_STATUS;              /* status           */
+typedef unsigned char     SW_BYTE;                /* 8 bit byte       */
+typedef unsigned short    SW_U16;                 /* 16 bit number    */
+#if defined(_IRIX)
+#include <sgidefs.h>
+typedef __uint32_t        SW_U32;
+#else
+typedef unsigned long     SW_U32;                 /* 32 bit integer   */
+#endif
+ 
+#if defined(OPENSSL_SYS_WIN32)
+  typedef struct _SW_U64 {
+      SW_U32 low32;
+      SW_U32 high32;
+  } SW_U64;                                         /* 64 bit integer   */
+#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
+  typedef longlong SW_U64
+#else /* Unix variants */
+  typedef struct _SW_U64 {
+      SW_U32 low32;
+      SW_U32 high32;
+  } SW_U64;                                         /* 64 bit integer   */
+#endif
+
+/* status codes */
+#define SW_OK                 (0L)
+#define SW_ERR_BASE           (-10000L)
+#define SW_ERR_NO_CARD        (SW_ERR_BASE-1) /* The Card is not present   */
+#define SW_ERR_CARD_NOT_READY (SW_ERR_BASE-2) /* The card has not powered  */
+                                              /*    up yet                 */
+#define SW_ERR_TIME_OUT       (SW_ERR_BASE-3) /* Execution of a command    */
+                                              /*    time out               */
+#define SW_ERR_NO_EXECUTE     (SW_ERR_BASE-4) /* The Card failed to        */
+                                              /*    execute the command    */
+#define SW_ERR_INPUT_NULL_PTR (SW_ERR_BASE-5) /* a required pointer is     */
+                                              /*    NULL                   */
+#define SW_ERR_INPUT_SIZE     (SW_ERR_BASE-6) /* size is invalid, too      */
+                                              /*    small, too large.      */
+#define SW_ERR_INVALID_HANDLE (SW_ERR_BASE-7) /* Invalid SW_ACC_CONTEXT    */
+                                              /*    handle                 */
+#define SW_ERR_PENDING        (SW_ERR_BASE-8) /* A request is already out- */
+                                              /*    standing at this       */
+                                              /*    context handle         */
+#define SW_ERR_AVAILABLE      (SW_ERR_BASE-9) /* A result is available.    */
+#define SW_ERR_NO_PENDING     (SW_ERR_BASE-10)/* No request is pending.    */
+#define SW_ERR_NO_MEMORY      (SW_ERR_BASE-11)/* Not enough memory         */
+#define SW_ERR_BAD_ALGORITHM  (SW_ERR_BASE-12)/* Invalid algorithm type    */
+                                              /*    in SW_PARAM structure  */
+#define SW_ERR_MISSING_KEY    (SW_ERR_BASE-13)/* No key is associated with */
+                                              /*    context.               */
+                                              /*    swAttachKeyParam() is  */
+                                              /*    not called.            */
+#define SW_ERR_KEY_CMD_MISMATCH \
+                              (SW_ERR_BASE-14)/* Cannot perform requested  */
+                                              /*    SW_COMMAND_CODE since  */
+                                              /*    key attached via       */
+                                              /*    swAttachKeyParam()     */
+                                              /*    cannot be used for this*/
+                                              /*    SW_COMMAND_CODE.       */
+#define SW_ERR_NOT_IMPLEMENTED \
+                              (SW_ERR_BASE-15)/* Not implemented           */
+#define SW_ERR_BAD_COMMAND    (SW_ERR_BASE-16)/* Bad command code          */
+#define SW_ERR_BAD_ITEM_SIZE  (SW_ERR_BASE-17)/* too small or too large in */
+                                              /*    the "initems" or       */
+                                              /*    "outitems".            */
+#define SW_ERR_BAD_ACCNUM     (SW_ERR_BASE-18)/* Bad accelerator number    */
+#define SW_ERR_SELFTEST_FAIL  (SW_ERR_BASE-19)/* At least one of the self  */
+                                              /*    test fail, look at the */
+                                              /*    selfTestBitmap in      */
+                                              /*    SW_ACCELERATOR_INFO for*/
+                                              /*    details.               */
+#define SW_ERR_MISALIGN       (SW_ERR_BASE-20)/* Certain alogrithms require*/
+                                              /*    key materials aligned  */
+                                              /*    in certain order, e.g. */
+                                              /*    128 bit for CRT        */
+#define SW_ERR_OUTPUT_NULL_PTR \
+                              (SW_ERR_BASE-21)/* a required pointer is     */
+                                              /*    NULL                   */
+#define SW_ERR_OUTPUT_SIZE \
+                              (SW_ERR_BASE-22)/* size is invalid, too      */
+                                              /*    small, too large.      */
+#define SW_ERR_FIRMWARE_CHECKSUM \
+                              (SW_ERR_BASE-23)/* firmware checksum mismatch*/
+                                              /*    download failed.       */
+#define SW_ERR_UNKNOWN_FIRMWARE \
+                              (SW_ERR_BASE-24)/* unknown firmware error    */
+#define SW_ERR_INTERRUPT      (SW_ERR_BASE-25)/* request is abort when     */
+                                              /*    it's waiting to be     */
+                                              /*    completed.             */
+#define SW_ERR_NVWRITE_FAIL   (SW_ERR_BASE-26)/* error in writing to Non-  */
+                                              /*    volatile memory        */
+#define SW_ERR_NVWRITE_RANGE  (SW_ERR_BASE-27)/* out of range error in     */
+                                              /*    writing to NV memory   */
+#define SW_ERR_RNG_ERROR      (SW_ERR_BASE-28)/* Random Number Generation  */
+                                              /*    failure                */
+#define SW_ERR_DSS_FAILURE    (SW_ERR_BASE-29)/* DSS Sign or Verify failure*/
+#define SW_ERR_MODEXP_FAILURE (SW_ERR_BASE-30)/* Failure in various math   */
+                                              /*    calculations           */
+#define SW_ERR_ONBOARD_MEMORY (SW_ERR_BASE-31)/* Error in accessing on -   */
+                                              /*    board memory           */
+#define SW_ERR_FIRMWARE_VERSION \
+                              (SW_ERR_BASE-32)/* Wrong version in firmware */
+                                              /*    update                 */
+#define SW_ERR_ZERO_WORKING_ACCELERATOR \
+                              (SW_ERR_BASE-44)/* All accelerators are bad  */
+
+
+  /* algorithm type */
+#define SW_ALG_CRT          1
+#define SW_ALG_EXP          2
+#define SW_ALG_DSA          3
+#define SW_ALG_NVDATA       4
+
+  /* command code */
+#define SW_CMD_MODEXP_CRT   1 /* perform Modular Exponentiation using  */
+                              /*  Chinese Remainder Theorem (CRT)      */
+#define SW_CMD_MODEXP       2 /* perform Modular Exponentiation        */
+#define SW_CMD_DSS_SIGN     3 /* perform DSS sign                      */
+#define SW_CMD_DSS_VERIFY   4 /* perform DSS verify                    */
+#define SW_CMD_RAND         5 /* perform random number generation      */
+#define SW_CMD_NVREAD       6 /* perform read to nonvolatile RAM       */
+#define SW_CMD_NVWRITE      7 /* perform write to nonvolatile RAM      */
+
+typedef SW_U32            SW_ALGTYPE;             /* alogrithm type   */
+typedef SW_U32            SW_STATE;               /* state            */
+typedef SW_U32            SW_COMMAND_CODE;        /* command code     */
+typedef SW_U32            SW_COMMAND_BITMAP[4];   /* bitmap           */
+
+typedef struct _SW_LARGENUMBER {
+    SW_U32    nbytes;       /* number of bytes in the buffer "value"  */
+    SW_BYTE*  value;        /* the large integer as a string of       */
+                            /*   bytes in network (big endian) order  */
+} SW_LARGENUMBER;               
+
+#if defined(OPENSSL_SYS_WIN32)
+    #include <windows.h>
+    typedef HANDLE          SW_OSHANDLE;          /* handle to kernel object */
+    #define SW_OS_INVALID_HANDLE  INVALID_HANDLE_VALUE
+    #define SW_CALLCONV _stdcall
+#elif defined(OPENSSL_SYS_MACINTOSH_CLASSIC)
+    /* async callback mechanisms */
+    /* swiftCallbackLevel */
+    #define SW_MAC_CALLBACK_LEVEL_NO         0		
+    #define SW_MAC_CALLBACK_LEVEL_HARDWARE   1	/* from the hardware ISR */
+    #define SW_MAC_CALLBACK_LEVEL_SECONDARY  2	/* as secondary ISR */
+    typedef int             SW_MAC_CALLBACK_LEVEL;
+    typedef int             SW_OSHANDLE;
+    #define SW_OS_INVALID_HANDLE  (-1)
+    #define SW_CALLCONV
+#else /* Unix variants */
+    typedef int             SW_OSHANDLE;          /* handle to driver */
+    #define SW_OS_INVALID_HANDLE  (-1)
+    #define SW_CALLCONV
+#endif 
+
+typedef struct _SW_CRT {
+    SW_LARGENUMBER  p;      /* prime number p                         */
+    SW_LARGENUMBER  q;      /* prime number q                         */
+    SW_LARGENUMBER  dmp1;   /* exponent1                              */
+    SW_LARGENUMBER  dmq1;   /* exponent2                              */
+    SW_LARGENUMBER  iqmp;   /* CRT coefficient                        */
+} SW_CRT;
+
+typedef struct _SW_EXP {
+    SW_LARGENUMBER  modulus; /* modulus                                */
+    SW_LARGENUMBER  exponent;/* exponent                               */
+} SW_EXP;
+
+typedef struct _SW_DSA {
+    SW_LARGENUMBER  p;      /*                                        */
+    SW_LARGENUMBER  q;      /*                                        */
+    SW_LARGENUMBER  g;      /*                                        */
+    SW_LARGENUMBER  key;    /* private/public key                     */
+} SW_DSA;
+
+typedef struct _SW_NVDATA {
+    SW_U32 accnum;          /* accelerator board number               */
+    SW_U32 offset;          /* offset in byte                         */
+} SW_NVDATA;
+
+typedef struct _SW_PARAM {
+    SW_ALGTYPE    type;     /* type of the alogrithm                  */
+    union {
+        SW_CRT    crt;
+        SW_EXP    exp;
+        SW_DSA    dsa;
+        SW_NVDATA nvdata;
+    } up;
+} SW_PARAM;
+
+typedef SW_U32 SW_CONTEXT_HANDLE; /* opaque context handle */
+
+
+/* Now the OpenSSL bits, these function types are the for the function
+ * pointers that will bound into the Rainbow shared libraries. */
+typedef SW_STATUS SW_CALLCONV t_swAcquireAccContext(SW_CONTEXT_HANDLE *hac);
+typedef SW_STATUS SW_CALLCONV t_swAttachKeyParam(SW_CONTEXT_HANDLE hac,
+                                                SW_PARAM *key_params);
+typedef SW_STATUS SW_CALLCONV t_swSimpleRequest(SW_CONTEXT_HANDLE hac,
+                                                SW_COMMAND_CODE cmd,
+                				SW_LARGENUMBER pin[],
+                                		SW_U32 pin_count,
+                                                SW_LARGENUMBER pout[],
+                				SW_U32 pout_count);
+typedef SW_STATUS SW_CALLCONV t_swReleaseAccContext(SW_CONTEXT_HANDLE hac);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
diff --git a/engines/vendor_defns/hw_4758_cca.h b/engines/vendor_defns/hw_4758_cca.h
new file mode 100644
index 0000000000..296636e81a
--- /dev/null
+++ b/engines/vendor_defns/hw_4758_cca.h
@@ -0,0 +1,149 @@
+/**********************************************************************/
+/*                                                                    */
+/*  Prototypes of the CCA verbs used by the 4758 CCA openssl driver   */
+/*                                                                    */
+/*  Maurice Gittens <maurice@gittens.nl>                              */
+/*                                                                    */
+/**********************************************************************/
+
+#ifndef __HW_4758_CCA__
+#define __HW_4758_CCA__
+
+/*
+ *  Only WIN32 support for now
+ */
+#if defined(WIN32)
+
+  #define CCA_LIB_NAME "CSUNSAPI"
+
+  #define CSNDPKX   "CSNDPKX_32"
+  #define CSNDKRR   "CSNDKRR_32"
+  #define CSNDPKE   "CSNDPKE_32"
+  #define CSNDPKD   "CSNDPKD_32"
+  #define CSNDDSV   "CSNDDSV_32"
+  #define CSNDDSG   "CSNDDSG_32"
+  #define CSNBRNG   "CSNBRNG_32"
+
+  #define SECURITYAPI __stdcall
+#else
+    /* Fixme!!         
+      Find out the values of these constants for other platforms.
+    */
+  #define CCA_LIB_NAME "CSUNSAPI"
+
+  #define CSNDPKX   "CSNDPKX"
+  #define CSNDKRR   "CSNDKRR"
+  #define CSNDPKE   "CSNDPKE"
+  #define CSNDPKD   "CSNDPKD"
+  #define CSNDDSV   "CSNDDSV"
+  #define CSNDDSG   "CSNDDSG"
+  #define CSNBRNG   "CSNBRNG"
+
+  #define SECURITYAPI
+#endif
+
+/*
+ * security API prototypes
+ */
+
+/* PKA Key Record Read */
+typedef void (SECURITYAPI *F_KEYRECORDREAD)
+             (long          * return_code,
+              long          * reason_code,
+              long          * exit_data_length,
+              unsigned char * exit_data,
+              long          * rule_array_count,
+              unsigned char * rule_array,
+              unsigned char * key_label,
+              long          * key_token_length,
+              unsigned char * key_token);
+
+/* Random Number Generate */
+typedef void (SECURITYAPI *F_RANDOMNUMBERGENERATE)
+             (long          * return_code,
+              long          * reason_code,
+              long          * exit_data_length,
+              unsigned char * exit_data,
+              unsigned char * form,
+              unsigned char * random_number);
+
+/* Digital Signature Generate */
+typedef void (SECURITYAPI *F_DIGITALSIGNATUREGENERATE)
+             (long          * return_code,
+              long          * reason_code,
+              long          * exit_data_length,
+              unsigned char * exit_data,
+              long          * rule_array_count,
+              unsigned char * rule_array,
+              long          * PKA_private_key_id_length,
+              unsigned char * PKA_private_key_id,
+              long          * hash_length,
+              unsigned char * hash,
+              long          * signature_field_length,
+              long          * signature_bit_length,
+              unsigned char * signature_field);
+
+/* Digital Signature Verify */
+typedef void (SECURITYAPI *F_DIGITALSIGNATUREVERIFY)(
+              long          * return_code,
+              long          * reason_code,
+              long          * exit_data_length,
+              unsigned char * exit_data,
+              long          * rule_array_count,
+              unsigned char * rule_array,
+              long          * PKA_public_key_id_length,
+              unsigned char * PKA_public_key_id,
+              long          * hash_length,
+              unsigned char * hash,
+              long          * signature_field_length,
+              unsigned char * signature_field);
+
+/* PKA Public Key Extract */
+typedef void (SECURITYAPI *F_PUBLICKEYEXTRACT)(
+              long          * return_code,
+              long          * reason_code,
+              long          * exit_data_length,
+              unsigned char * exit_data,
+              long          * rule_array_count,
+              unsigned char * rule_array,
+              long          * source_key_identifier_length,
+              unsigned char * source_key_identifier,
+              long          * target_key_token_length,
+              unsigned char * target_key_token);
+
+/* PKA Encrypt */
+typedef void   (SECURITYAPI *F_PKAENCRYPT)
+               (long          *  return_code,
+                 long          *  reason_code,
+                 long          *  exit_data_length,
+                 unsigned char *  exit_data,
+                 long          *  rule_array_count,
+                 unsigned char *  rule_array,
+                 long          *  key_value_length,
+                 unsigned char *  key_value,
+                 long          *  data_struct_length,
+                 unsigned char *  data_struct,
+                 long          *  RSA_public_key_length,
+                 unsigned char *  RSA_public_key,
+                 long          *  RSA_encipher_length,
+                 unsigned char *  RSA_encipher );
+
+/* PKA Decrypt */
+typedef void    (SECURITYAPI *F_PKADECRYPT)
+                (long          *  return_code,
+                 long          *  reason_code,
+                 long          *  exit_data_length,
+                 unsigned char *  exit_data,
+                 long          *  rule_array_count,
+                 unsigned char *  rule_array,
+                 long          *  enciphered_key_length,
+                 unsigned char *  enciphered_key,
+                 long          *  data_struct_length,
+                 unsigned char *  data_struct,
+                 long          *  RSA_private_key_length,
+                 unsigned char *  RSA_private_key,
+                 long          *  key_value_length,
+                 unsigned char *  key_value    );
+
+
+#endif
diff --git a/engines/vendor_defns/hw_ubsec.h b/engines/vendor_defns/hw_ubsec.h
new file mode 100644
index 0000000000..b6619d40f2
--- /dev/null
+++ b/engines/vendor_defns/hw_ubsec.h
@@ -0,0 +1,100 @@
+/******************************************************************************
+ *
+ *  Copyright 2000
+ *  Broadcom Corporation
+ *  16215 Alton Parkway
+ *  PO Box 57013
+ *  Irvine CA 92619-7013
+ *
+ *****************************************************************************/
+/* 
+ * Broadcom Corporation uBSec SDK 
+ */
+/*
+ * Character device header file.
+ */
+/*
+ * Revision History:
+ *
+ * October 2000 JTT Created.
+ */
+
+#define MAX_PUBLIC_KEY_BITS (1024)
+#define MAX_PUBLIC_KEY_BYTES (1024/8)
+#define SHA_BIT_SIZE  (160)
+#define MAX_CRYPTO_KEY_LENGTH 24
+#define MAX_MAC_KEY_LENGTH 64
+#define UBSEC_CRYPTO_DEVICE_NAME ((unsigned char *)"/dev/ubscrypt")
+#define UBSEC_KEY_DEVICE_NAME ((unsigned char *)"/dev/ubskey")
+
+/* Math command types. */
+#define UBSEC_MATH_MODADD 0x0001
+#define UBSEC_MATH_MODSUB 0x0002
+#define UBSEC_MATH_MODMUL 0x0004
+#define UBSEC_MATH_MODEXP 0x0008
+#define UBSEC_MATH_MODREM 0x0010
+#define UBSEC_MATH_MODINV 0x0020
+
+typedef long ubsec_MathCommand_t;
+typedef long ubsec_RNGCommand_t;
+
+typedef struct ubsec_crypto_context_s {
+	unsigned int	flags;
+	unsigned char	crypto[MAX_CRYPTO_KEY_LENGTH];
+	unsigned char 	auth[MAX_MAC_KEY_LENGTH];
+} ubsec_crypto_context_t, *ubsec_crypto_context_p;
+
+/* 
+ * Predeclare the function pointer types that we dynamically load from the DSO.
+ */
+
+typedef int t_UBSEC_ubsec_bytes_to_bits(unsigned char *n, int bytes);
+
+typedef int t_UBSEC_ubsec_bits_to_bytes(int bits);
+
+typedef int t_UBSEC_ubsec_open(unsigned char *device);
+
+typedef int t_UBSEC_ubsec_close(int fd);
+
+typedef int t_UBSEC_diffie_hellman_generate_ioctl (int fd,
+	unsigned char *x, int *x_len, unsigned char *y, int *y_len, 
+	unsigned char *g, int g_len, unsigned char *m, int m_len,
+	unsigned char *userX, int userX_len, int random_bits);
+
+typedef int t_UBSEC_diffie_hellman_agree_ioctl (int fd,
+	unsigned char *x, int x_len, unsigned char *y, int y_len, 
+	unsigned char *m, int m_len, unsigned char *k, int *k_len);
+
+typedef int t_UBSEC_rsa_mod_exp_ioctl (int fd,
+	unsigned char *x, int x_len, unsigned char *m, int m_len,
+	unsigned char *e, int e_len, unsigned char *y, int *y_len);
+
+typedef int t_UBSEC_rsa_mod_exp_crt_ioctl (int fd,
+	unsigned char *x, int x_len, unsigned char *qinv, int qinv_len,
+	unsigned char *edq, int edq_len, unsigned char *q, int q_len,
+	unsigned char *edp, int edp_len, unsigned char *p, int p_len,
+	unsigned char *y, int *y_len);
+
+typedef int t_UBSEC_dsa_sign_ioctl (int fd,
+	int hash, unsigned char *data, int data_len, 
+	unsigned char *rndom, int random_len, 
+	unsigned char *p, int p_len, unsigned char *q, int q_len,
+	unsigned char *g, int g_len, unsigned char *key, int key_len,
+	unsigned char *r, int *r_len, unsigned char *s, int *s_len);
+
+typedef int t_UBSEC_dsa_verify_ioctl (int fd,
+	int hash, unsigned char *data, int data_len,
+	unsigned char *p, int p_len, unsigned char *q, int q_len,
+	unsigned char *g, int g_len, unsigned char *key, int key_len,
+	unsigned char *r, int r_len, unsigned char *s, int s_len,
+	unsigned char *v, int *v_len);
+
+typedef int t_UBSEC_math_accelerate_ioctl(int fd, ubsec_MathCommand_t command,
+	unsigned char *ModN, int *ModN_len, unsigned char *ExpE, int *ExpE_len, 
+	unsigned char *ParamA, int *ParamA_len, unsigned char *ParamB, int *ParamB_len,
+	unsigned char *Result, int *Result_len);
+
+typedef int t_UBSEC_rng_ioctl(int fd, ubsec_RNGCommand_t command,
+	unsigned char *Result, int *Result_len);
+
+typedef int t_UBSEC_max_key_len_ioctl(int fd, int *max_key_len);
diff --git a/engines/vendor_defns/hwcryptohook.h b/engines/vendor_defns/hwcryptohook.h
new file mode 100644
index 0000000000..482f1f2d11
--- /dev/null
+++ b/engines/vendor_defns/hwcryptohook.h
@@ -0,0 +1,486 @@
+/*
+ * ModExp / RSA (with/without KM) plugin API
+ *
+ * The application will load a dynamic library which
+ * exports entrypoint(s) defined in this file.
+ *
+ * This set of entrypoints provides only a multithreaded,
+ * synchronous-within-each-thread, facility.
+ *
+ *
+ * This file is Copyright 1998-2000 nCipher Corporation Limited.
+ *
+ * Redistribution and use in source and binary forms, with opr without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the copyright notice,
+ *    this list of conditions, and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above
+ *    copyright notice, this list of conditions, and the following
+ *    disclaimer, in the documentation and/or other materials provided
+ *    with the distribution
+ *
+ * IN NO EVENT SHALL NCIPHER CORPORATION LIMITED (`NCIPHER') AND/OR
+ * ANY OTHER AUTHORS OR DISTRIBUTORS OF THIS FILE BE LIABLE for any
+ * damages arising directly or indirectly from this file, its use or
+ * this licence.  Without prejudice to the generality of the
+ * foregoing: all liability shall be excluded for direct, indirect,
+ * special, incidental, consequential or other damages or any loss of
+ * profits, business, revenue goodwill or anticipated savings;
+ * liability shall be excluded even if nCipher or anyone else has been
+ * advised of the possibility of damage.  In any event, if the
+ * exclusion of liability is not effective, the liability of nCipher
+ * or any author or distributor shall be limited to the lesser of the
+ * price paid and 1,000 pounds sterling. This licence only fails to
+ * exclude or limit liability for death or personal injury arising out
+ * of negligence, and only to the extent that such an exclusion or
+ * limitation is not effective.
+ *
+ * NCIPHER AND THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ALL
+ * AND ANY WARRANTIES (WHETHER EXPRESS OR IMPLIED), including, but not
+ * limited to, any implied warranties of merchantability, fitness for
+ * a particular purpose, satisfactory quality, and/or non-infringement
+ * of any third party rights.
+ *
+ * US Government use: This software and documentation is Commercial
+ * Computer Software and Computer Software Documentation, as defined in
+ * sub-paragraphs (a)(1) and (a)(5) of DFAR 252.227-7014, "Rights in
+ * Noncommercial Computer Software and Noncommercial Computer Software
+ * Documentation."  Use, duplication or disclosure by the Government is
+ * subject to the terms and conditions specified here.
+ *
+ * By using or distributing this file you will be accepting these
+ * terms and conditions, including the limitation of liability and
+ * lack of warranty.  If you do not wish to accept these terms and
+ * conditions, DO NOT USE THE FILE.
+ *
+ *
+ * The actual dynamically loadable plugin, and the library files for
+ * static linking, which are also provided in some distributions, are
+ * not covered by the licence described above.  You should have
+ * received a separate licence with terms and conditions for these
+ * library files; if you received the library files without a licence,
+ * please contact nCipher.
+ *
+ *
+ * $Id: hwcryptohook.h,v 1.1 2002/10/11 17:10:59 levitte Exp $
+ */
+
+#ifndef HWCRYPTOHOOK_H
+#define HWCRYPTOHOOK_H
+
+#include <sys/types.h>
+#include <stdio.h>
+
+#ifndef HWCRYPTOHOOK_DECLARE_APPTYPES
+#define HWCRYPTOHOOK_DECLARE_APPTYPES 1
+#endif
+
+#define HWCRYPTOHOOK_ERROR_FAILED   -1
+#define HWCRYPTOHOOK_ERROR_FALLBACK -2
+#define HWCRYPTOHOOK_ERROR_MPISIZE  -3
+
+#if HWCRYPTOHOOK_DECLARE_APPTYPES
+
+/* These structs are defined by the application and opaque to the
+ * crypto plugin.  The application may define these as it sees fit.
+ * Default declarations are provided here, but the application may
+ *  #define HWCRYPTOHOOK_DECLARE_APPTYPES 0
+ * to prevent these declarations, and instead provide its own
+ * declarations of these types.  (Pointers to them must still be
+ * ordinary pointers to structs or unions, or the resulting combined
+ * program will have a type inconsistency.)
+ */
+typedef struct HWCryptoHook_MutexValue HWCryptoHook_Mutex;
+typedef struct HWCryptoHook_CondVarValue HWCryptoHook_CondVar;
+typedef struct HWCryptoHook_PassphraseContextValue HWCryptoHook_PassphraseContext;
+typedef struct HWCryptoHook_CallerContextValue HWCryptoHook_CallerContext;
+
+#endif /* HWCRYPTOHOOK_DECLARE_APPTYPES */
+
+/* These next two structs are opaque to the application.  The crypto
+ * plugin will return pointers to them; the caller simply manipulates
+ * the pointers.
+ */
+typedef struct HWCryptoHook_Context *HWCryptoHook_ContextHandle;
+typedef struct HWCryptoHook_RSAKey *HWCryptoHook_RSAKeyHandle;
+
+typedef struct {
+  char *buf;
+  size_t size;
+} HWCryptoHook_ErrMsgBuf;
+/* Used for error reporting.  When a HWCryptoHook function fails it
+ * will return a sentinel value (0 for pointer-valued functions, or a
+ * negative number, usually HWCRYPTOHOOK_ERROR_FAILED, for
+ * integer-valued ones).  It will, if an ErrMsgBuf is passed, also put
+ * an error message there.
+ * 
+ * size is the size of the buffer, and will not be modified.  If you
+ * pass 0 for size you must pass 0 for buf, and nothing will be
+ * recorded (just as if you passed 0 for the struct pointer).
+ * Messages written to the buffer will always be null-terminated, even
+ * when truncated to fit within size bytes.
+ *
+ * The contents of the buffer are not defined if there is no error.
+ */
+
+typedef struct HWCryptoHook_MPIStruct {
+  unsigned char *buf;
+  size_t size;
+} HWCryptoHook_MPI;
+/* When one of these is returned, a pointer is passed to the function.
+ * At call, size is the space available.  Afterwards it is updated to
+ * be set to the actual length (which may be more than the space available,
+ * if there was not enough room and the result was truncated).
+ * buf (the pointer) is not updated.
+ *
+ * size is in bytes and may be zero at call or return, but must be a
+ * multiple of the limb size.  Zero limbs at the MS end are not
+ * permitted.
+ */
+
+#define HWCryptoHook_InitFlags_FallbackModExp    0x0002UL
+#define HWCryptoHook_InitFlags_FallbackRSAImmed  0x0004UL
+/* Enable requesting fallback to software in case of problems with the
+ * hardware support.  This indicates to the crypto provider that the
+ * application is prepared to fall back to software operation if the
+ * ModExp* or RSAImmed* functions return HWCRYPTOHOOK_ERROR_FALLBACK.
+ * Without this flag those calls will never return
+ * HWCRYPTOHOOK_ERROR_FALLBACK.  The flag will also cause the crypto
+ * provider to avoid repeatedly attempting to contact dead hardware
+ * within a short interval, if appropriate.
+ */
+
+#define HWCryptoHook_InitFlags_SimpleForkCheck   0x0010UL
+/* Without _SimpleForkCheck the library is allowed to assume that the
+ * application will not fork and call the library in the child(ren).
+ *
+ * When it is specified, this is allowed.  However, after a fork
+ * neither parent nor child may unload any loaded keys or call
+ * _Finish.  Instead, they should call exit (or die with a signal)
+ * without calling _Finish.  After all the children have died the
+ * parent may unload keys or call _Finish.
+ *
+ * This flag only has any effect on UN*X platforms.
+ */
+
+typedef struct {
+  unsigned long flags;
+  void *logstream; /* usually a FILE*.  See below. */
+
+  size_t limbsize; /* bignum format - size of radix type, must be power of 2 */
+  int mslimbfirst; /* 0 or 1 */
+  int msbytefirst; /* 0 or 1; -1 = native */
+
+  /* All the callback functions should return 0 on success, or a
+   * nonzero integer (whose value will be visible in the error message
+   * put in the buffer passed to the call).
+   *
+   * If a callback is not available pass a null function pointer.
+   *
+   * The callbacks may not call down again into the crypto plugin.
+   */
+  
+  /* For thread-safety.  Set everything to 0 if you promise only to be
+   * singlethreaded.  maxsimultaneous is the number of calls to
+   * ModExp[Crt]/RSAImmed{Priv,Pub}/RSA.  If you don't know what to
+   * put there then say 0 and the hook library will use a default.
+   *
+   * maxmutexes is a small limit on the number of simultaneous mutexes
+   * which will be requested by the library.  If there is no small
+   * limit, set it to 0.  If the crypto plugin cannot create the
+   * advertised number of mutexes the calls to its functions may fail.
+   * If a low number of mutexes is advertised the plugin will try to
+   * do the best it can.  Making larger numbers of mutexes available
+   * may improve performance and parallelism by reducing contention
+   * over critical sections.  Unavailability of any mutexes, implying
+   * single-threaded operation, should be indicated by the setting
+   * mutex_init et al to 0.
+   */
+  int maxmutexes;
+  int maxsimultaneous;
+  size_t mutexsize;
+  int (*mutex_init)(HWCryptoHook_Mutex*, HWCryptoHook_CallerContext *cactx);
+  int (*mutex_acquire)(HWCryptoHook_Mutex*);
+  void (*mutex_release)(HWCryptoHook_Mutex*);
+  void (*mutex_destroy)(HWCryptoHook_Mutex*);
+
+  /* For greater efficiency, can use condition vars internally for
+   * synchronisation.  In this case maxsimultaneous is ignored, but
+   * the other mutex stuff must be available.  In singlethreaded
+   * programs, set everything to 0.
+   */
+  size_t condvarsize;
+  int (*condvar_init)(HWCryptoHook_CondVar*, HWCryptoHook_CallerContext *cactx);
+  int (*condvar_wait)(HWCryptoHook_CondVar*, HWCryptoHook_Mutex*);
+  void (*condvar_signal)(HWCryptoHook_CondVar*);
+  void (*condvar_broadcast)(HWCryptoHook_CondVar*);
+  void (*condvar_destroy)(HWCryptoHook_CondVar*);
+  
+  /* The semantics of acquiring and releasing mutexes and broadcasting
+   * and waiting on condition variables are expected to be those from
+   * POSIX threads (pthreads).  The mutexes may be (in pthread-speak)
+   * fast mutexes, recursive mutexes, or nonrecursive ones.
+   * 
+   * The _release/_signal/_broadcast and _destroy functions must
+   * always succeed when given a valid argument; if they are given an
+   * invalid argument then the program (crypto plugin + application)
+   * has an internal error, and they should abort the program.
+   */
+
+  int (*getpassphrase)(const char *prompt_info,
+                       int *len_io, char *buf,
+                       HWCryptoHook_PassphraseContext *ppctx,
+                       HWCryptoHook_CallerContext *cactx);
+  /* Passphrases and the prompt_info, if they contain high-bit-set
+   * characters, are UTF-8.  The prompt_info may be a null pointer if
+   * no prompt information is available (it should not be an empty
+   * string).  It will not contain text like `enter passphrase';
+   * instead it might say something like `Operator Card for John
+   * Smith' or `SmartCard in nFast Module #1, Slot #1'.
+   *
+   * buf points to a buffer in which to return the passphrase; on
+   * entry *len_io is the length of the buffer.  It should be updated
+   * by the callback.  The returned passphrase should not be
+   * null-terminated by the callback.
+   */
+  
+  int (*getphystoken)(const char *prompt_info,
+                      const char *wrong_info,
+                      HWCryptoHook_PassphraseContext *ppctx,
+                      HWCryptoHook_CallerContext *cactx);
+  /* Requests that the human user physically insert a different
+   * smartcard, DataKey, etc.  The plugin should check whether the
+   * currently inserted token(s) are appropriate, and if they are it
+   * should not make this call.
+   *
+   * prompt_info is as before.  wrong_info is a description of the
+   * currently inserted token(s) so that the user is told what
+   * something is.  wrong_info, like prompt_info, may be null, but
+   * should not be an empty string.  Its contents should be
+   * syntactically similar to that of prompt_info. 
+   */
+  
+  /* Note that a single LoadKey operation might cause several calls to
+   * getpassphrase and/or requestphystoken.  If requestphystoken is
+   * not provided (ie, a null pointer is passed) then the plugin may
+   * not support loading keys for which authorisation by several cards
+   * is required.  If getpassphrase is not provided then cards with
+   * passphrases may not be supported.
+   *
+   * getpassphrase and getphystoken do not need to check that the
+   * passphrase has been entered correctly or the correct token
+   * inserted; the crypto plugin will do that.  If this is not the
+   * case then the crypto plugin is responsible for calling these
+   * routines again as appropriate until the correct token(s) and
+   * passphrase(s) are supplied as required, or until any retry limits
+   * implemented by the crypto plugin are reached.
+   *
+   * In either case, the application must allow the user to say `no'
+   * or `cancel' to indicate that they do not know the passphrase or
+   * have the appropriate token; this should cause the callback to
+   * return nonzero indicating error.
+   */
+
+  void (*logmessage)(void *logstream, const char *message);
+  /* A log message will be generated at least every time something goes
+   * wrong and an ErrMsgBuf is filled in (or would be if one was
+   * provided).  Other diagnostic information may be written there too,
+   * including more detailed reasons for errors which are reported in an
+   * ErrMsgBuf.
+   *
+   * When a log message is generated, this callback is called.  It
+   * should write a message to the relevant logging arrangements.
+   *
+   * The message string passed will be null-terminated and may be of arbitrary
+   * length.  It will not be prefixed by the time and date, nor by the
+   * name of the library that is generating it - if this is required,
+   * the logmessage callback must do it.  The message will not have a
+   * trailing newline (though it may contain internal newlines).
+   *
+   * If a null pointer is passed for logmessage a default function is
+   * used.  The default function treats logstream as a FILE* which has
+   * been converted to a void*.  If logstream is 0 it does nothing.
+   * Otherwise it prepends the date and time and library name and
+   * writes the message to logstream.  Each line will be prefixed by a
+   * descriptive string containing the date, time and identity of the
+   * crypto plugin.  Errors on the logstream are not reported
+   * anywhere, and the default function doesn't flush the stream, so
+   * the application must set the buffering how it wants it.
+   *
+   * The crypto plugin may also provide a facility to have copies of
+   * log messages sent elsewhere, and or for adjusting the verbosity
+   * of the log messages; any such facilities will be configured by
+   * external means.
+   */
+
+} HWCryptoHook_InitInfo;
+
+typedef
+HWCryptoHook_ContextHandle HWCryptoHook_Init_t(const HWCryptoHook_InitInfo *initinfo,
+                                               size_t initinfosize,
+                                               const HWCryptoHook_ErrMsgBuf *errors,
+                                               HWCryptoHook_CallerContext *cactx);
+extern HWCryptoHook_Init_t HWCryptoHook_Init;
+
+/* Caller should set initinfosize to the size of the HWCryptoHook struct,
+ * so it can be extended later.
+ *
+ * On success, a message for display or logging by the server,
+ * including the name and version number of the plugin, will be filled
+ * in into *errors; on failure *errors is used for error handling, as
+ * usual.
+ */
+
+/* All these functions return 0 on success, HWCRYPTOHOOK_ERROR_FAILED
+ * on most failures.  HWCRYPTOHOOK_ERROR_MPISIZE means at least one of
+ * the output MPI buffer(s) was too small; the sizes of all have been
+ * set to the desired size (and for those where the buffer was large
+ * enough, the value may have been copied in), and no error message
+ * has been recorded.
+ *
+ * You may pass 0 for the errors struct.  In any case, unless you set
+ * _NoStderr at init time then messages may be reported to stderr.
+ */
+
+/* The RSAImmed* functions (and key managed RSA) only work with
+ * modules which have an RSA patent licence - currently that means KM
+ * units; the ModExp* ones work with all modules, so you need a patent
+ * licence in the software in the US.  They are otherwise identical.
+ */
+
+typedef
+void HWCryptoHook_Finish_t(HWCryptoHook_ContextHandle hwctx);
+extern HWCryptoHook_Finish_t HWCryptoHook_Finish;
+/* You must not have any calls going or keys loaded when you call this. */
+
+typedef
+int HWCryptoHook_RandomBytes_t(HWCryptoHook_ContextHandle hwctx,
+                               unsigned char *buf, size_t len,
+                               const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RandomBytes_t HWCryptoHook_RandomBytes;
+
+typedef
+int HWCryptoHook_ModExp_t(HWCryptoHook_ContextHandle hwctx,
+                          HWCryptoHook_MPI a,
+                          HWCryptoHook_MPI p,
+                          HWCryptoHook_MPI n,
+                          HWCryptoHook_MPI *r,
+                          const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_ModExp_t HWCryptoHook_ModExp;
+
+typedef
+int HWCryptoHook_RSAImmedPub_t(HWCryptoHook_ContextHandle hwctx,
+                               HWCryptoHook_MPI m,
+                               HWCryptoHook_MPI e,
+                               HWCryptoHook_MPI n,
+                               HWCryptoHook_MPI *r,
+                               const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSAImmedPub_t HWCryptoHook_RSAImmedPub;
+
+typedef
+int HWCryptoHook_ModExpCRT_t(HWCryptoHook_ContextHandle hwctx,
+                             HWCryptoHook_MPI a,
+                             HWCryptoHook_MPI p,
+                             HWCryptoHook_MPI q,
+                             HWCryptoHook_MPI dmp1,
+                             HWCryptoHook_MPI dmq1,
+                             HWCryptoHook_MPI iqmp,
+                             HWCryptoHook_MPI *r,
+                             const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_ModExpCRT_t HWCryptoHook_ModExpCRT;
+
+typedef
+int HWCryptoHook_RSAImmedPriv_t(HWCryptoHook_ContextHandle hwctx,
+                                HWCryptoHook_MPI m,
+                                HWCryptoHook_MPI p,
+                                HWCryptoHook_MPI q,
+                                HWCryptoHook_MPI dmp1,
+                                HWCryptoHook_MPI dmq1,
+                                HWCryptoHook_MPI iqmp,
+                                HWCryptoHook_MPI *r,
+                                const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSAImmedPriv_t HWCryptoHook_RSAImmedPriv;
+
+/* The RSAImmed* and ModExp* functions may return E_FAILED or
+ * E_FALLBACK for failure.
+ *
+ * E_FAILED means the failure is permanent and definite and there
+ *    should be no attempt to fall back to software.  (Eg, for some
+ *    applications, which support only the acceleration-only
+ *    functions, the `key material' may actually be an encoded key
+ *    identifier, and doing the operation in software would give wrong
+ *    answers.)
+ *
+ * E_FALLBACK means that doing the computation in software would seem
+ *    reasonable.  If an application pays attention to this and is
+ *    able to fall back, it should also set the Fallback init flags.
+ */
+
+typedef
+int HWCryptoHook_RSALoadKey_t(HWCryptoHook_ContextHandle hwctx,
+                              const char *key_ident,
+                              HWCryptoHook_RSAKeyHandle *keyhandle_r,
+                              const HWCryptoHook_ErrMsgBuf *errors,
+                              HWCryptoHook_PassphraseContext *ppctx);
+extern HWCryptoHook_RSALoadKey_t HWCryptoHook_RSALoadKey;
+/* The key_ident is a null-terminated string configured by the
+ * user via the application's usual configuration mechanisms.
+ * It is provided to the user by the crypto provider's key management
+ * system.  The user must be able to enter at least any string of between
+ * 1 and 1023 characters inclusive, consisting of printable 7-bit
+ * ASCII characters.  The provider should avoid using
+ * any characters except alphanumerics and the punctuation
+ * characters  _ - + . / @ ~  (the user is expected to be able
+ * to enter these without quoting).  The string may be case-sensitive.
+ * The application may allow the user to enter other NULL-terminated strings,
+ * and the provider must cope (returning an error if the string is not
+ * valid).
+ *
+ * If the key does not exist, no error is recorded and 0 is returned;
+ * keyhandle_r will be set to 0 instead of to a key handle.
+ */
+
+typedef
+int HWCryptoHook_RSAGetPublicKey_t(HWCryptoHook_RSAKeyHandle k,
+                                   HWCryptoHook_MPI *n,
+                                   HWCryptoHook_MPI *e,
+                                   const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSAGetPublicKey_t HWCryptoHook_RSAGetPublicKey;
+/* The crypto plugin will not store certificates.
+ *
+ * Although this function for acquiring the public key value is
+ * provided, it is not the purpose of this API to deal fully with the
+ * handling of the public key.
+ *
+ * It is expected that the crypto supplier's key generation program
+ * will provide general facilities for producing X.509
+ * self-certificates and certificate requests in PEM format.  These
+ * will be given to the user so that they can configure them in the
+ * application, send them to CAs, or whatever.
+ *
+ * In case this kind of certificate handling is not appropriate, the
+ * crypto supplier's key generation program should be able to be
+ * configured not to generate such a self-certificate or certificate
+ * request.  Then the application will need to do all of this, and
+ * will need to store and handle the public key and certificates
+ * itself.
+ */
+
+typedef
+int HWCryptoHook_RSAUnloadKey_t(HWCryptoHook_RSAKeyHandle k,
+                                const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSAUnloadKey_t HWCryptoHook_RSAUnloadKey;
+/* Might fail due to locking problems, or other serious internal problems. */
+
+typedef
+int HWCryptoHook_RSA_t(HWCryptoHook_MPI m,
+                       HWCryptoHook_RSAKeyHandle k,
+                       HWCryptoHook_MPI *r,
+                       const HWCryptoHook_ErrMsgBuf *errors);
+extern HWCryptoHook_RSA_t HWCryptoHook_RSA;
+/* RSA private key operation (sign or decrypt) - raw, unpadded. */
+
+#endif /*HWCRYPTOHOOK_H*/
diff --git a/engines/vendor_defns/sureware.h b/engines/vendor_defns/sureware.h
new file mode 100644
index 0000000000..1d3789219d
--- /dev/null
+++ b/engines/vendor_defns/sureware.h
@@ -0,0 +1,239 @@
+/*
+* Written by Corinne Dive-Reclus(cdive@baltimore.com)
+*
+* Copyright@2001 Baltimore Technologies Ltd.
+*																								*	
+*		THIS FILE IS PROVIDED BY BALTIMORE TECHNOLOGIES ``AS IS'' AND																			*
+*		ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE					* 
+*		IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE				*
+*		ARE DISCLAIMED.  IN NO EVENT SHALL BALTIMORE TECHNOLOGIES BE LIABLE						*
+*		FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL				*
+*		DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS					*
+*		OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)					*
+*		HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT				*
+*		LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY				*
+*		OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF					*
+*		SUCH DAMAGE.																			*
+*
+* 
+*/
+#ifdef WIN32
+#define SW_EXPORT	__declspec ( dllexport )
+#else
+#define SW_EXPORT
+#endif
+
+/*
+*	List of exposed SureWare errors
+*/
+#define SUREWAREHOOK_ERROR_FAILED		-1
+#define SUREWAREHOOK_ERROR_FALLBACK		-2
+#define SUREWAREHOOK_ERROR_UNIT_FAILURE -3
+#define SUREWAREHOOK_ERROR_DATA_SIZE -4
+#define SUREWAREHOOK_ERROR_INVALID_PAD -5
+/*
+* -----------------WARNING-----------------------------------
+* In all the following functions:
+* msg is a string with at least 24 bytes free.
+* A 24 bytes string will be concatenated to the existing content of msg. 
+*/
+/*
+*	SureWare Initialisation function
+*	in param threadsafe, if !=0, thread safe enabled
+*	return SureWareHOOK_ERROR_UNIT_FAILURE if failure, 1 if success
+*/
+typedef int SureWareHook_Init_t(char*const msg,int threadsafe);
+extern SW_EXPORT SureWareHook_Init_t SureWareHook_Init;
+/*
+*	SureWare Finish function
+*/
+typedef void SureWareHook_Finish_t();
+extern SW_EXPORT SureWareHook_Finish_t SureWareHook_Finish;
+/*
+*	 PRE_CONDITION:
+*		DO NOT CALL ANY OF THE FOLLOWING FUNCTIONS IN CASE OF INIT FAILURE
+*/
+/*
+*	SureWare RAND Bytes function
+*	In case of failure, the content of buf is unpredictable.
+*	return 1 if success
+*			SureWareHOOK_ERROR_FALLBACK if function not available in hardware
+*			SureWareHOOK_ERROR_FAILED if error while processing
+*			SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*			SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*	in/out param buf : a num bytes long buffer where random bytes will be put
+*	in param num : the number of bytes into buf
+*/
+typedef int SureWareHook_Rand_Bytes_t(char*const msg,unsigned char *buf, int num);
+extern SW_EXPORT SureWareHook_Rand_Bytes_t SureWareHook_Rand_Bytes;
+
+/*
+*	SureWare RAND Seed function
+*	Adds some seed to the Hardware Random Number Generator
+*	return 1 if success
+*			SureWareHOOK_ERROR_FALLBACK if function not available in hardware
+*			SureWareHOOK_ERROR_FAILED if error while processing
+*			SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*			SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*	in param buf : the seed to add into the HRNG
+*	in param num : the number of bytes into buf
+*/
+typedef int SureWareHook_Rand_Seed_t(char*const msg,const void *buf, int num);
+extern SW_EXPORT SureWareHook_Rand_Seed_t SureWareHook_Rand_Seed;
+
+/*
+*	SureWare Load Private Key function
+*	return 1 if success
+*			SureWareHOOK_ERROR_FAILED if error while processing
+*	No hardware is contact for this function.
+*
+*	in param key_id :the name of the private protected key file without the extension
+						".sws"
+*	out param hptr : a pointer to a buffer allocated by SureWare_Hook
+*	out param num: the effective key length in bytes
+*	out param keytype: 1 if RSA 2 if DSA
+*/
+typedef int SureWareHook_Load_Privkey_t(char*const msg,const char *key_id,char **hptr,unsigned long *num,char *keytype);
+extern SW_EXPORT SureWareHook_Load_Privkey_t SureWareHook_Load_Privkey;
+
+/*
+*	SureWare Info Public Key function
+*	return 1 if success
+*			SureWareHOOK_ERROR_FAILED if error while processing
+*	No hardware is contact for this function.
+*
+*	in param key_id :the name of the private protected key file without the extension
+						".swp"
+*	out param hptr : a pointer to a buffer allocated by SureWare_Hook
+*	out param num: the effective key length in bytes
+*	out param keytype: 1 if RSA 2 if DSA
+*/
+typedef int SureWareHook_Info_Pubkey_t(char*const msg,const char *key_id,unsigned long *num,
+										char *keytype);
+extern SW_EXPORT SureWareHook_Info_Pubkey_t SureWareHook_Info_Pubkey;
+
+/*
+*	SureWare Load Public Key function
+*	return 1 if success
+*			SureWareHOOK_ERROR_FAILED if error while processing
+*	No hardware is contact for this function.
+*
+*	in param key_id :the name of the public protected key file without the extension
+						".swp"
+*	in param num : the bytes size of n and e
+*	out param n: where to write modulus in bn format
+*	out param e: where to write exponent in bn format
+*/
+typedef int SureWareHook_Load_Rsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,
+										unsigned long *n, unsigned long *e);
+extern SW_EXPORT SureWareHook_Load_Rsa_Pubkey_t SureWareHook_Load_Rsa_Pubkey;
+
+/*
+*	SureWare Load DSA Public Key function
+*	return 1 if success
+*			SureWareHOOK_ERROR_FAILED if error while processing
+*	No hardware is contact for this function.
+*
+*	in param key_id :the name of the public protected key file without the extension
+						".swp"
+*	in param num : the bytes size of n and e
+*	out param pub: where to write pub key in bn format
+*	out param p: where to write prime in bn format
+*	out param q: where to write sunprime (length 20 bytes) in bn format
+*	out param g: where to write base in bn format
+*/
+typedef int SureWareHook_Load_Dsa_Pubkey_t(char*const msg,const char *key_id,unsigned long num,
+										unsigned long *pub, unsigned long *p,unsigned long*q,
+										unsigned long *g);
+extern SW_EXPORT SureWareHook_Load_Dsa_Pubkey_t SureWareHook_Load_Dsa_Pubkey;
+
+/*
+*	SureWare Free function
+*	Destroy the key into the hardware if destroy==1
+*/
+typedef void SureWareHook_Free_t(char *p,int destroy);
+extern SW_EXPORT SureWareHook_Free_t SureWareHook_Free;
+
+#define SUREWARE_PKCS1_PAD 1
+#define SUREWARE_ISO9796_PAD 2
+#define SUREWARE_NO_PAD 0
+/*
+* SureWare RSA Private Decryption
+* return 1 if success
+*			SureWareHOOK_ERROR_FAILED if error while processing
+*			SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*			SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*	in param flen : byte size of from and to
+*	in param from : encrypted data buffer, should be a not-null valid pointer
+*	out param tlen: byte size of decrypted data, if error, unexpected value
+*	out param to : decrypted data buffer, should be a not-null valid pointer
+*   in param prsa: a protected key pointer, should be a not-null valid pointer
+*   int padding: padding id as follow
+*					SUREWARE_PKCS1_PAD
+*					SUREWARE_NO_PAD
+*
+*/
+typedef int SureWareHook_Rsa_Priv_Dec_t(char*const msg,int flen,unsigned char *from,
+										int *tlen,unsigned char *to,
+										char *prsa,int padding);
+extern SW_EXPORT SureWareHook_Rsa_Priv_Dec_t SureWareHook_Rsa_Priv_Dec;
+/*
+* SureWare RSA Signature
+* return 1 if success
+*			SureWareHOOK_ERROR_FAILED if error while processing
+*			SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*			SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*	in param flen : byte size of from and to
+*	in param from : encrypted data buffer, should be a not-null valid pointer
+*	out param tlen: byte size of decrypted data, if error, unexpected value
+*	out param to : decrypted data buffer, should be a not-null valid pointer
+*   in param prsa: a protected key pointer, should be a not-null valid pointer
+*   int padding: padding id as follow
+*					SUREWARE_PKCS1_PAD
+*					SUREWARE_ISO9796_PAD
+*
+*/
+typedef int SureWareHook_Rsa_Sign_t(char*const msg,int flen,unsigned char *from,
+										int *tlen,unsigned char *to,
+										char *prsa,int padding);
+extern SW_EXPORT SureWareHook_Rsa_Sign_t SureWareHook_Rsa_Sign;
+/*
+* SureWare DSA Signature
+* return 1 if success
+*			SureWareHOOK_ERROR_FAILED if error while processing
+*			SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*			SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*	in param flen : byte size of from and to
+*	in param from : encrypted data buffer, should be a not-null valid pointer
+*	out param to : decrypted data buffer, should be a 40bytes valid pointer
+*   in param pdsa: a protected key pointer, should be a not-null valid pointer
+*
+*/
+typedef int SureWareHook_Dsa_Sign_t(char*const msg,int flen,const unsigned char *from,
+										unsigned long *r,unsigned long *s,char *pdsa);
+extern SW_EXPORT SureWareHook_Dsa_Sign_t SureWareHook_Dsa_Sign;
+
+
+/*
+* SureWare Mod Exp
+* return 1 if success
+*			SureWareHOOK_ERROR_FAILED if error while processing
+*			SureWareHOOK_ERROR_UNIT_FAILURE if hardware failure
+*			SUREWAREHOOK_ERROR_DATA_SIZE wrong size for buf
+*
+*	mod and res are mlen bytes long.
+*	exp is elen bytes long
+*	data is dlen bytes long
+*	mlen,elen and dlen are all multiple of sizeof(unsigned long)
+*/
+typedef int SureWareHook_Mod_Exp_t(char*const msg,int mlen,const unsigned long *mod,
+									int elen,const unsigned long *exp,
+									int dlen,unsigned long *data,
+									unsigned long *res);
+extern SW_EXPORT SureWareHook_Mod_Exp_t SureWareHook_Mod_Exp;
+
diff --git a/include/.cvsignore b/include/.cvsignore
new file mode 100644
index 0000000000..72e8ffc0db
--- /dev/null
+++ b/include/.cvsignore
@@ -0,0 +1 @@
+*
diff --git a/install.com b/install.com
new file mode 100644
index 0000000000..4e4fe80dfe
--- /dev/null
+++ b/install.com
@@ -0,0 +1,89 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 22-MAY-1998 10:13
+$!
+$! P1	root of the directory tree
+$!
+$	IF P1 .EQS. ""
+$	THEN
+$	    WRITE SYS$OUTPUT "First argument missing."
+$	    WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$	    EXIT
+$	ENDIF
+$
+$	ARCH = "AXP"
+$	IF F$GETSYI("CPU") .LT. 128 THEN ARCH = "VAX"
+$
+$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
+$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
+$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
+		   - ".][000000" - "[000000." - "][" - "[" - "]"
+$	ROOT = ROOT_DEV + "[" + ROOT_DIR
+$
+$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
+$	DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB]
+$	DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB]
+$	DEFINE/NOLOG WRK_SSLLIB WRK_SSLROOT:[LIB]
+$	DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
+$	DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
+$	DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
+$	DEFINE/NOLOG WRK_SSLCERTS WRK_SSLROOT:[CERTS]
+$	DEFINE/NOLOG WRK_SSLPRIVATE WRK_SSLROOT:[PRIVATE]
+$
+$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
+$	IF F$PARSE("WRK_SSLVEXE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLVEXE:
+$	IF F$PARSE("WRK_SSLAEXE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLAEXE:
+$	IF F$PARSE("WRK_SSLVLIB:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLVLIB:
+$	IF F$PARSE("WRK_SSLALIB:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLALIB:
+$	IF F$PARSE("WRK_SSLLIB:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLLIB:
+$	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLINCLUDE:
+$	IF F$PARSE("WRK_SSLCERTS:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLCERTS:
+$	IF F$PARSE("WRK_SSLPRIVATE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLPRIVATE:
+$	IF F$PARSE("WRK_SSLROOT:[VMS]") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLROOT:[VMS]
+$
+$	SDIRS := CRYPTO,SSL,APPS,VMS!,RSAREF,TEST,TOOLS
+$	EXHEADER := e_os2.h
+$
+$	COPY 'EXHEADER' WRK_SSLINCLUDE: /LOG
+$	SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'EXHEADER'
+$
+$	I = 0
+$ LOOP_SDIRS: 
+$	D = F$ELEMENT(I, ",", SDIRS)
+$	I = I + 1
+$	IF D .EQS. "," THEN GOTO LOOP_SDIRS_END
+$	WRITE SYS$OUTPUT "Installing ",D," files."
+$	SET DEFAULT [.'D']
+$	@INSTALL 'ROOT']
+$	SET DEFAULT [-]
+$	GOTO LOOP_SDIRS
+$ LOOP_SDIRS_END:
+$
+$	DEASSIGN WRK_SSLROOT
+$	DEASSIGN WRK_SSLVLIB
+$	DEASSIGN WRK_SSLALIB
+$	DEASSIGN WRK_SSLLIB
+$	DEASSIGN WRK_SSLINCLUDE
+$	DEASSIGN WRK_SSLVEXE
+$	DEASSIGN WRK_SSLAEXE
+$	DEASSIGN WRK_SSLCERTS
+$	DEASSIGN WRK_SSLPRIVATE
+$
+$	WRITE SYS$OUTPUT ""
+$	WRITE SYS$OUTPUT "	Installation done!"
+$	WRITE SYS$OUTPUT ""
+$	WRITE SYS$OUTPUT "	You might want to purge ",ROOT,"...]"
+$	WRITE SYS$OUTPUT ""
+$
+$	EXIT
diff --git a/makefile.one b/makefile.one
deleted file mode 100644
index a0aaaf9476..0000000000
--- a/makefile.one
+++ /dev/null
@@ -1,1837 +0,0 @@
-# This makefile has been automatically generated from the SSLeay distribution.
-# This single makefile will build the complete SSLeay distribution and
-# by default leave the 'intertesting' output files in ./out and the stuff
-# that needs deleting in ./tmp.
-# The file was generated by running 'make makefile.one', which
-# does a 'make files', which writes all the environment variables from all
-# the makefiles to the file call MINFO.  This file is used by
-# util/mk1mf.pl to generate makefile.one.
-# The 'makefile per directory' system suites me when developing this
-# library and also so I can 'distribute' indervidual library sections.
-# The one monster makefile better suits building in non-unix
-# environments.
-
-INSTALLTOP=/usr/local/ssl
-
-# Set your compiler options
-PLATFORM=
-CC=cc
-CFLAG=-O -DTERMIO
-APP_CFLAG=
-LIB_CFLAG=
-SHLIB_CFLAG=
-APP_EX_OBJ=
-SHLIB_EX_OBJ=
-# add extra libraries to this define, for solaris -lsocket -lnsl would
-# be added
-EX_LIBS=
-
-# The SSLeay directory
-SRC_D=.
-
-LINK=${CC}
-LFLAGS=${CFLAGS}
-
-BN_MULW_OBJ=
-BN_MULW_SRC=
-DES_ENC_OBJ=
-DES_ENC_SRC=
-BF_ENC_OBJ=
-BF_ENC_SRC=
-CAST_ENC_OBJ=
-CAST_ENC_SRC=
-RC4_ENC_OBJ=
-RC4_ENC_SRC=
-RC5_ENC_OBJ=
-RC5_ENC_SRC=
-MD5_ASM_OBJ=
-MD5_ASM_SRC=
-SHA1_ASM_OBJ=
-SHA1_ASM_SRC=
-RMD160_ASM_OBJ=
-RMD160_ASM_SRC=
-
-# The output directory for everything intersting
-OUT_D=out
-# The output directory for all the temporary muck
-TMP_D=tmp
-# The output directory for the header files
-INC_D=outinc
-
-CP=/bin/cp
-RM=/bin/rm -f
-RANLIB=$(SRC_D)/util/ranlib.sh
-MKDIR=mkdir
-MKLIB=ar r
-MLFLAGS=
-ASM=as
-
-######################################################
-# You should not need to touch anything below this point
-######################################################
-
-E_EXE=ssleay
-SSL=ssl
-CRYPTO=crypto
-RSAGLUE=RSAglue
-
-# BIN_D  - Binary output directory
-# TEST_D - Binary test file output directory
-# LIB_D  - library output directory
-BIN_D=$(OUT_D)
-TEST_D=$(OUT_D)
-LIB_D=$(OUT_D)
-
-# INCL_D - local library directory
-# OBJ_D  - temp object file directory
-OBJ_D=$(TMP_D)
-INCL_D=$(TMP_D)
-
-O_SSL=     $(LIB_D)/lib$(SSL).a
-O_CRYPTO=  $(LIB_D)/lib$(CRYPTO).a
-O_RSAGLUE= $(LIB_D)/lib$(RSAGLUE).a
-SO_SSL=    lib$(SSL)
-SO_CRYPTO= lib$(CRYPTO)
-L_SSL=     $(LIB_D)/$(SSL).a
-L_CRYPTO=  $(LIB_D)/$(CRYPTO).a
-
-L_LIBS= $(O_SSL) $(O_CRYPTO)
-#L_LIBS= $(O_SSL) $(O_RSAGLUE) -lrsaref $(O_CRYPTO)
-
-######################################################
-# Don't touch anything below this point
-######################################################
-
-INC=-I$(INC_D) -I$(INCL_D)
-APP_CFLAGS=$(INC) $(CFLAG) $(APP_CFLAG)
-LIB_CFLAGS=$(INC) $(CFLAG) $(LIB_CFLAG)
-SHLIB_CFLAGS=$(INC) $(CFLAG) $(LIB_CFLAG) $(SHLIB_CFLAG)
-LIBS_DEP=$(O_CRYPTO) $(O_RSAGLUE) $(O_SSL)
-
-#############################################
-HEADER=$(INCL_D)/cryptlib.h \
-	$(INCL_D)/date.h $(INCL_D)/md5_locl.h $(INCL_D)/sha_locl.h \
-	$(INCL_D)/rmd_locl.h $(INCL_D)/rmdconst.h $(INCL_D)/des_locl.h \
-	$(INCL_D)/rpc_des.h $(INCL_D)/podd.h $(INCL_D)/sk.h \
-	$(INCL_D)/spr.h $(INCL_D)/des_ver.h $(INCL_D)/rc2_locl.h \
-	$(INCL_D)/rc4_locl.h $(INCL_D)/rc5_locl.h $(INCL_D)/idea_lcl.h \
-	$(INCL_D)/bf_pi.h $(INCL_D)/bf_locl.h $(INCL_D)/cast_s.h \
-	$(INCL_D)/cast_lcl.h $(INCL_D)/bn_lcl.h $(INCL_D)/bn_prime.h \
-	$(INCL_D)/obj_dat.h $(INCL_D)/conf_lcl.h $(INCL_D)/ssl_locl.h \
-	$(INCL_D)/rsaref.h $(INCL_D)/apps.h $(INCL_D)/progs.h \
-	$(INCL_D)/testdsa.h $(INCL_D)/testrsa.h
-
-EXHEADER=$(INC_D)/e_os.h \
-	$(INC_D)/crypto.h $(INC_D)/cryptall.h $(INC_D)/tmdiff.h \
-	$(INC_D)/md2.h $(INC_D)/md5.h $(INC_D)/sha.h \
-	$(INC_D)/mdc2.h $(INC_D)/hmac.h $(INC_D)/ripemd.h \
-	$(INC_D)/des.h $(INC_D)/rc2.h $(INC_D)/rc4.h \
-	$(INC_D)/rc5.h $(INC_D)/idea.h $(INC_D)/blowfish.h \
-	$(INC_D)/cast.h $(INC_D)/bn.h $(INC_D)/rsa.h \
-	$(INC_D)/dsa.h $(INC_D)/dh.h $(INC_D)/buffer.h \
-	$(INC_D)/bio.h $(INC_D)/bss_file.c $(INC_D)/stack.h \
-	$(INC_D)/lhash.h $(INC_D)/rand.h $(INC_D)/err.h \
-	$(INC_D)/objects.h $(INC_D)/evp.h $(INC_D)/pem.h \
-	$(INC_D)/asn1.h $(INC_D)/asn1_mac.h $(INC_D)/x509.h \
-	$(INC_D)/x509_vfy.h $(INC_D)/conf.h $(INC_D)/txt_db.h \
-	$(INC_D)/pkcs7.h $(INC_D)/proxy.h $(INC_D)/comp.h \
-	$(INC_D)/ssl.h $(INC_D)/ssl2.h $(INC_D)/ssl3.h \
-	$(INC_D)/ssl23.h $(INC_D)/tls1.h
-
-T_OBJ=$(OBJ_D)/md2test.o \
-	$(OBJ_D)/md5test.o $(OBJ_D)/shatest.o $(OBJ_D)/sha1test.o \
-	$(OBJ_D)/mdc2test.o $(OBJ_D)/hmactest.o $(OBJ_D)/rmdtest.o \
-	$(OBJ_D)/destest.o $(OBJ_D)/rc2test.o $(OBJ_D)/rc4test.o \
-	$(OBJ_D)/rc5test.o $(OBJ_D)/ideatest.o $(OBJ_D)/bftest.o \
-	$(OBJ_D)/casttest.o $(OBJ_D)/bntest.o $(OBJ_D)/exptest.o \
-	$(OBJ_D)/dsatest.o $(OBJ_D)/dhtest.o $(OBJ_D)/randtest.o \
-	$(OBJ_D)/ssltest.o
-
-E_OBJ=$(OBJ_D)/verify.o \
-	$(OBJ_D)/asn1pars.o $(OBJ_D)/req.o $(OBJ_D)/dgst.o \
-	$(OBJ_D)/dh.o $(OBJ_D)/enc.o $(OBJ_D)/gendh.o \
-	$(OBJ_D)/errstr.o $(OBJ_D)/ca.o $(OBJ_D)/pkcs7.o \
-	$(OBJ_D)/crl2p7.o $(OBJ_D)/crl.o $(OBJ_D)/rsa.o \
-	$(OBJ_D)/dsa.o $(OBJ_D)/dsaparam.o $(OBJ_D)/x509.o \
-	$(OBJ_D)/genrsa.o $(OBJ_D)/s_server.o $(OBJ_D)/s_client.o \
-	$(OBJ_D)/speed.o $(OBJ_D)/s_time.o \
-	$(OBJ_D)/apps.o $(OBJ_D)/s_cb.o $(OBJ_D)/s_socket.o \
-	$(OBJ_D)/bf_perm.o $(OBJ_D)/version.o \
-	$(OBJ_D)/sess_id.o $(OBJ_D)/ciphers.o $(OBJ_D)/ssleay.o
-
-CRYPTOOBJ=$(OBJ_D)/cryptlib.o \
-	$(OBJ_D)/mem.o $(OBJ_D)/cversion.o $(OBJ_D)/ex_data.o \
-	$(OBJ_D)/tmdiff.o $(OBJ_D)/cpt_err.o $(OBJ_D)/md2_dgst.o \
-	$(OBJ_D)/md2_one.o $(OBJ_D)/md5_dgst.o $(OBJ_D)/md5_one.o \
-	$(OBJ_D)/sha_dgst.o $(OBJ_D)/sha1dgst.o $(OBJ_D)/sha_one.o \
-	$(OBJ_D)/sha1_one.o $(OBJ_D)/mdc2dgst.o $(OBJ_D)/mdc2_one.o \
-	$(OBJ_D)/hmac.o $(OBJ_D)/rmd_dgst.o $(OBJ_D)/rmd_one.o \
-	$(OBJ_D)/set_key.o $(OBJ_D)/ecb_enc.o $(OBJ_D)/cbc_enc.o \
-	$(OBJ_D)/ecb3_enc.o $(OBJ_D)/cfb64enc.o $(OBJ_D)/cfb64ede.o \
-	$(OBJ_D)/cfb_enc.o $(OBJ_D)/ofb64ede.o $(OBJ_D)/enc_read.o \
-	$(OBJ_D)/enc_writ.o $(OBJ_D)/ofb64enc.o $(OBJ_D)/ofb_enc.o \
-	$(OBJ_D)/str2key.o $(OBJ_D)/pcbc_enc.o $(OBJ_D)/qud_cksm.o \
-	$(OBJ_D)/rand_key.o $(OBJ_D)/des_enc.o $(OBJ_D)/fcrypt_b.o \
-	$(OBJ_D)/read2pwd.o $(OBJ_D)/fcrypt.o $(OBJ_D)/xcbc_enc.o \
-	$(OBJ_D)/read_pwd.o $(OBJ_D)/rpc_enc.o $(OBJ_D)/cbc_cksm.o \
-	$(OBJ_D)/supp.o $(OBJ_D)/rc2_ecb.o $(OBJ_D)/rc2_skey.o \
-	$(OBJ_D)/rc2_cbc.o $(OBJ_D)/rc2cfb64.o $(OBJ_D)/rc2ofb64.o \
-	$(OBJ_D)/rc4_skey.o $(OBJ_D)/rc4_enc.o $(OBJ_D)/rc5_skey.o \
-	$(OBJ_D)/rc5_ecb.o $(OBJ_D)/rc5_enc.o $(OBJ_D)/rc5cfb64.o \
-	$(OBJ_D)/rc5ofb64.o $(OBJ_D)/i_cbc.o $(OBJ_D)/i_cfb64.o \
-	$(OBJ_D)/i_ofb64.o $(OBJ_D)/i_ecb.o $(OBJ_D)/i_skey.o \
-	$(OBJ_D)/bf_skey.o $(OBJ_D)/bf_ecb.o $(OBJ_D)/bf_enc.o \
-	$(OBJ_D)/bf_cfb64.o $(OBJ_D)/bf_ofb64.o $(OBJ_D)/c_skey.o \
-	$(OBJ_D)/c_ecb.o $(OBJ_D)/c_enc.o $(OBJ_D)/c_cfb64.o \
-	$(OBJ_D)/c_ofb64.o $(OBJ_D)/bn_add.o $(OBJ_D)/bn_div.o \
-	$(OBJ_D)/bn_exp.o $(OBJ_D)/bn_lib.o $(OBJ_D)/bn_mul.o \
-	$(OBJ_D)/bn_print.o $(OBJ_D)/bn_rand.o $(OBJ_D)/bn_shift.o \
-	$(OBJ_D)/bn_word.o $(OBJ_D)/bn_blind.o $(OBJ_D)/bn_gcd.o \
-	$(OBJ_D)/bn_prime.o $(OBJ_D)/bn_err.o $(OBJ_D)/bn_sqr.o \
-	$(OBJ_D)/bn_asm.o $(OBJ_D)/bn_recp.o $(OBJ_D)/bn_mont.o \
-	$(OBJ_D)/bn_mpi.o $(OBJ_D)/bn_exp2.o $(OBJ_D)/rsa_eay.o \
-	$(OBJ_D)/rsa_gen.o $(OBJ_D)/rsa_lib.o $(OBJ_D)/rsa_sign.o \
-	$(OBJ_D)/rsa_saos.o $(OBJ_D)/rsa_err.o $(OBJ_D)/rsa_pk1.o \
-	$(OBJ_D)/rsa_ssl.o $(OBJ_D)/rsa_none.o $(OBJ_D)/dsa_gen.o \
-	$(OBJ_D)/dsa_key.o $(OBJ_D)/dsa_lib.o $(OBJ_D)/dsa_vrf.o \
-	$(OBJ_D)/dsa_sign.o $(OBJ_D)/dsa_err.o $(OBJ_D)/dh_gen.o \
-	$(OBJ_D)/dh_key.o $(OBJ_D)/dh_lib.o $(OBJ_D)/dh_check.o \
-	$(OBJ_D)/dh_err.o $(OBJ_D)/buffer.o $(OBJ_D)/buf_err.o \
-	$(OBJ_D)/bio_lib.o $(OBJ_D)/bio_cb.o $(OBJ_D)/bio_err.o \
-	$(OBJ_D)/bss_mem.o $(OBJ_D)/bss_null.o $(OBJ_D)/bss_fd.o \
-	$(OBJ_D)/bss_file.o $(OBJ_D)/bss_sock.o $(OBJ_D)/bss_conn.o \
-	$(OBJ_D)/bf_null.o $(OBJ_D)/bf_buff.o $(OBJ_D)/b_print.o \
-	$(OBJ_D)/b_dump.o $(OBJ_D)/b_sock.o $(OBJ_D)/bss_acpt.o \
-	$(OBJ_D)/bf_nbio.o $(OBJ_D)/bss_cs4a.o $(OBJ_D)/stack.o \
-	$(OBJ_D)/lhash.o $(OBJ_D)/lh_stats.o $(OBJ_D)/md_rand.o \
-	$(OBJ_D)/randfile.o $(OBJ_D)/rand_lib.o $(OBJ_D)/err.o \
-	$(OBJ_D)/err_all.o $(OBJ_D)/err_prn.o $(OBJ_D)/o_names.o \
-	$(OBJ_D)/obj_dat.o $(OBJ_D)/obj_lib.o $(OBJ_D)/obj_err.o \
-	$(OBJ_D)/encode.o $(OBJ_D)/digest.o $(OBJ_D)/evp_enc.o \
-	$(OBJ_D)/evp_key.o $(OBJ_D)/e_ecb_d.o $(OBJ_D)/e_cbc_d.o \
-	$(OBJ_D)/e_cfb_d.o $(OBJ_D)/e_ofb_d.o $(OBJ_D)/e_ecb_i.o \
-	$(OBJ_D)/e_cbc_i.o $(OBJ_D)/e_cfb_i.o $(OBJ_D)/e_ofb_i.o \
-	$(OBJ_D)/e_ecb_3d.o $(OBJ_D)/e_cbc_3d.o $(OBJ_D)/e_rc4.o \
-	$(OBJ_D)/names.o $(OBJ_D)/e_cfb_3d.o $(OBJ_D)/e_ofb_3d.o \
-	$(OBJ_D)/e_xcbc_d.o $(OBJ_D)/e_ecb_r2.o $(OBJ_D)/e_cbc_r2.o \
-	$(OBJ_D)/e_cfb_r2.o $(OBJ_D)/e_ofb_r2.o $(OBJ_D)/e_ecb_bf.o \
-	$(OBJ_D)/e_cbc_bf.o $(OBJ_D)/e_cfb_bf.o $(OBJ_D)/e_ofb_bf.o \
-	$(OBJ_D)/e_ecb_c.o $(OBJ_D)/e_cbc_c.o $(OBJ_D)/e_cfb_c.o \
-	$(OBJ_D)/e_ofb_c.o $(OBJ_D)/e_ecb_r5.o $(OBJ_D)/e_cbc_r5.o \
-	$(OBJ_D)/e_cfb_r5.o $(OBJ_D)/e_ofb_r5.o $(OBJ_D)/m_null.o \
-	$(OBJ_D)/m_md2.o $(OBJ_D)/m_md5.o $(OBJ_D)/m_sha.o \
-	$(OBJ_D)/m_sha1.o $(OBJ_D)/m_dss.o $(OBJ_D)/m_dss1.o \
-	$(OBJ_D)/m_mdc2.o $(OBJ_D)/m_ripemd.o $(OBJ_D)/p_open.o \
-	$(OBJ_D)/p_seal.o $(OBJ_D)/p_sign.o $(OBJ_D)/p_verify.o \
-	$(OBJ_D)/p_lib.o $(OBJ_D)/p_enc.o $(OBJ_D)/p_dec.o \
-	$(OBJ_D)/bio_md.o $(OBJ_D)/bio_b64.o $(OBJ_D)/bio_enc.o \
-	$(OBJ_D)/evp_err.o $(OBJ_D)/e_null.o $(OBJ_D)/c_all.o \
-	$(OBJ_D)/evp_lib.o $(OBJ_D)/pem_sign.o $(OBJ_D)/pem_seal.o \
-	$(OBJ_D)/pem_info.o $(OBJ_D)/pem_lib.o $(OBJ_D)/pem_all.o \
-	$(OBJ_D)/pem_err.o $(OBJ_D)/a_object.o $(OBJ_D)/a_bitstr.o \
-	$(OBJ_D)/a_utctm.o $(OBJ_D)/a_int.o $(OBJ_D)/a_octet.o \
-	$(OBJ_D)/a_print.o $(OBJ_D)/a_type.o $(OBJ_D)/a_set.o \
-	$(OBJ_D)/a_dup.o $(OBJ_D)/a_d2i_fp.o $(OBJ_D)/a_i2d_fp.o \
-	$(OBJ_D)/a_bmp.o $(OBJ_D)/a_sign.o $(OBJ_D)/a_digest.o \
-	$(OBJ_D)/a_verify.o $(OBJ_D)/x_algor.o $(OBJ_D)/x_val.o \
-	$(OBJ_D)/x_pubkey.o $(OBJ_D)/x_sig.o $(OBJ_D)/x_req.o \
-	$(OBJ_D)/x_attrib.o $(OBJ_D)/x_name.o $(OBJ_D)/x_cinf.o \
-	$(OBJ_D)/x_x509.o $(OBJ_D)/x_crl.o $(OBJ_D)/x_info.o \
-	$(OBJ_D)/x_spki.o $(OBJ_D)/d2i_r_pr.o $(OBJ_D)/i2d_r_pr.o \
-	$(OBJ_D)/d2i_r_pu.o $(OBJ_D)/i2d_r_pu.o $(OBJ_D)/d2i_s_pr.o \
-	$(OBJ_D)/i2d_s_pr.o $(OBJ_D)/d2i_s_pu.o $(OBJ_D)/i2d_s_pu.o \
-	$(OBJ_D)/d2i_pu.o $(OBJ_D)/d2i_pr.o $(OBJ_D)/i2d_pu.o \
-	$(OBJ_D)/i2d_pr.o $(OBJ_D)/t_req.o $(OBJ_D)/t_x509.o \
-	$(OBJ_D)/t_pkey.o $(OBJ_D)/p7_i_s.o $(OBJ_D)/p7_signi.o \
-	$(OBJ_D)/p7_signd.o $(OBJ_D)/p7_recip.o $(OBJ_D)/p7_enc_c.o \
-	$(OBJ_D)/p7_evp.o $(OBJ_D)/p7_dgst.o $(OBJ_D)/p7_s_e.o \
-	$(OBJ_D)/p7_enc.o $(OBJ_D)/p7_lib.o $(OBJ_D)/f_int.o \
-	$(OBJ_D)/f_string.o $(OBJ_D)/i2d_dhp.o $(OBJ_D)/i2d_dsap.o \
-	$(OBJ_D)/d2i_dhp.o $(OBJ_D)/d2i_dsap.o $(OBJ_D)/n_pkey.o \
-	$(OBJ_D)/a_hdr.o $(OBJ_D)/x_pkey.o $(OBJ_D)/a_bool.o \
-	$(OBJ_D)/x_exten.o $(OBJ_D)/asn1_par.o $(OBJ_D)/asn1_lib.o \
-	$(OBJ_D)/asn1_err.o $(OBJ_D)/a_meth.o $(OBJ_D)/a_bytes.o \
-	$(OBJ_D)/evp_asn1.o $(OBJ_D)/x509_def.o $(OBJ_D)/x509_d2.o \
-	$(OBJ_D)/x509_r2x.o $(OBJ_D)/x509_cmp.o $(OBJ_D)/x509_obj.o \
-	$(OBJ_D)/x509_req.o $(OBJ_D)/x509_vfy.o $(OBJ_D)/x509_set.o \
-	$(OBJ_D)/x509rset.o $(OBJ_D)/x509_err.o $(OBJ_D)/x509name.o \
-	$(OBJ_D)/x509_v3.o $(OBJ_D)/x509_ext.o $(OBJ_D)/x509pack.o \
-	$(OBJ_D)/x509type.o $(OBJ_D)/x509_lu.o $(OBJ_D)/x_all.o \
-	$(OBJ_D)/x509_txt.o $(OBJ_D)/by_file.o $(OBJ_D)/by_dir.o \
-	$(OBJ_D)/v3_net.o $(OBJ_D)/v3_x509.o $(OBJ_D)/conf.o \
-	$(OBJ_D)/conf_err.o $(OBJ_D)/txt_db.o $(OBJ_D)/pk7_lib.o \
-	$(OBJ_D)/pkcs7err.o $(OBJ_D)/pk7_doit.o $(OBJ_D)/proxy.o \
-	$(OBJ_D)/pxy_txt.o $(OBJ_D)/bf_proxy.o $(OBJ_D)/pxy_conf.o \
-	$(OBJ_D)/pxy_err.o $(OBJ_D)/comp_lib.o $(OBJ_D)/c_rle.o \
-	$(OBJ_D)/c_zlib.o
-
-SSLOBJ=$(OBJ_D)/s2_meth.o \
-	$(OBJ_D)/s2_srvr.o $(OBJ_D)/s2_clnt.o $(OBJ_D)/s2_lib.o \
-	$(OBJ_D)/s2_enc.o $(OBJ_D)/s2_pkt.o $(OBJ_D)/s3_meth.o \
-	$(OBJ_D)/s3_srvr.o $(OBJ_D)/s3_clnt.o $(OBJ_D)/s3_lib.o \
-	$(OBJ_D)/s3_enc.o $(OBJ_D)/s3_pkt.o $(OBJ_D)/s3_both.o \
-	$(OBJ_D)/s23_meth.o $(OBJ_D)/s23_srvr.o $(OBJ_D)/s23_clnt.o \
-	$(OBJ_D)/s23_lib.o $(OBJ_D)/s23_pkt.o $(OBJ_D)/t1_meth.o \
-	$(OBJ_D)/t1_srvr.o $(OBJ_D)/t1_clnt.o $(OBJ_D)/t1_lib.o \
-	$(OBJ_D)/t1_enc.o $(OBJ_D)/ssl_lib.o $(OBJ_D)/ssl_err2.o \
-	$(OBJ_D)/ssl_cert.o $(OBJ_D)/ssl_sess.o $(OBJ_D)/ssl_ciph.o \
-	$(OBJ_D)/ssl_stat.o $(OBJ_D)/ssl_rsa.o $(OBJ_D)/ssl_asn1.o \
-	$(OBJ_D)/ssl_txt.o $(OBJ_D)/ssl_algs.o $(OBJ_D)/bio_ssl.o \
-	$(OBJ_D)/pxy_ssl.o $(OBJ_D)/ssl_err.o
-
-RSAGLUEOBJ=$(OBJ_D)/rsaref.o \
-	$(OBJ_D)/rsar_err.o
-
-T_EXE=$(TEST_D)/md2test \
-	$(TEST_D)/md5test $(TEST_D)/shatest $(TEST_D)/sha1test \
-	$(TEST_D)/mdc2test $(TEST_D)/hmactest $(TEST_D)/rmdtest \
-	$(TEST_D)/destest $(TEST_D)/rc2test $(TEST_D)/rc4test \
-	$(TEST_D)/rc5test $(TEST_D)/ideatest $(TEST_D)/bftest \
-	$(TEST_D)/casttest $(TEST_D)/bntest $(TEST_D)/exptest \
-	$(TEST_D)/dsatest $(TEST_D)/dhtest $(TEST_D)/randtest \
-	$(TEST_D)/ssltest
-
-###################################################################
-all: banner $(TMP_D) $(BIN_D) $(TEST_D) $(LIB_D) $(INC_D) headers lib exe
-
-banner:
-
-
-$(TMP_D):
-	$(MKDIR) $(TMP_D)
-
-$(BIN_D):
-	$(MKDIR) $(BIN_D)
-
-$(TEST_D):
-	$(MKDIR) $(TEST_D)
-
-$(LIB_D):
-	$(MKDIR) $(LIB_D)
-
-$(INC_D):
-	$(MKDIR) $(INC_D)
-
-headers: $(HEADER) $(EXHEADER)
-
-lib: $(LIBS_DEP)
-
-exe: $(T_EXE) $(BIN_D)/$(E_EXE)
-
-install:
-	$(MKDIR) $(INSTALLTOP)
-	$(MKDIR) $(INSTALLTOP)/bin
-	$(MKDIR) $(INSTALLTOP)/include
-	$(MKDIR) $(INSTALLTOP)/lib
-	$(CP) $(INC_D)/*.[ch] $(INSTALLTOP)/include
-	$(CP) $(BIN_D)/$(E_EXE) $(INSTALLTOP)/bin
-	$(CP) $(O_SSL) $(INSTALLTOP)/lib
-	$(CP) $(O_CRYPTO) $(INSTALLTOP)/lib
-
-clean:
-	$(RM) $(TMP_D)/*.*
-
-vclean:
-	$(RM) $(TMP_D)/*.*
-	$(RM) $(OUT_D)/*.*
-
-$(INCL_D)/cryptlib.h: $(SRC_D)/crypto/cryptlib.h
-	$(CP) $(SRC_D)/crypto/cryptlib.h $(INCL_D)/cryptlib.h
-
-$(INCL_D)/date.h: $(SRC_D)/crypto/date.h
-	$(CP) $(SRC_D)/crypto/date.h $(INCL_D)/date.h
-
-$(INCL_D)/md5_locl.h: $(SRC_D)/crypto/md5/md5_locl.h
-	$(CP) $(SRC_D)/crypto/md5/md5_locl.h $(INCL_D)/md5_locl.h
-
-$(INCL_D)/sha_locl.h: $(SRC_D)/crypto/sha/sha_locl.h
-	$(CP) $(SRC_D)/crypto/sha/sha_locl.h $(INCL_D)/sha_locl.h
-
-$(INCL_D)/rmd_locl.h: $(SRC_D)/crypto/ripemd/rmd_locl.h
-	$(CP) $(SRC_D)/crypto/ripemd/rmd_locl.h $(INCL_D)/rmd_locl.h
-
-$(INCL_D)/rmdconst.h: $(SRC_D)/crypto/ripemd/rmdconst.h
-	$(CP) $(SRC_D)/crypto/ripemd/rmdconst.h $(INCL_D)/rmdconst.h
-
-$(INCL_D)/des_locl.h: $(SRC_D)/crypto/des/des_locl.h
-	$(CP) $(SRC_D)/crypto/des/des_locl.h $(INCL_D)/des_locl.h
-
-$(INCL_D)/rpc_des.h: $(SRC_D)/crypto/des/rpc_des.h
-	$(CP) $(SRC_D)/crypto/des/rpc_des.h $(INCL_D)/rpc_des.h
-
-$(INCL_D)/podd.h: $(SRC_D)/crypto/des/podd.h
-	$(CP) $(SRC_D)/crypto/des/podd.h $(INCL_D)/podd.h
-
-$(INCL_D)/sk.h: $(SRC_D)/crypto/des/sk.h
-	$(CP) $(SRC_D)/crypto/des/sk.h $(INCL_D)/sk.h
-
-$(INCL_D)/spr.h: $(SRC_D)/crypto/des/spr.h
-	$(CP) $(SRC_D)/crypto/des/spr.h $(INCL_D)/spr.h
-
-$(INCL_D)/des_ver.h: $(SRC_D)/crypto/des/des_ver.h
-	$(CP) $(SRC_D)/crypto/des/des_ver.h $(INCL_D)/des_ver.h
-
-$(INCL_D)/rc2_locl.h: $(SRC_D)/crypto/rc2/rc2_locl.h
-	$(CP) $(SRC_D)/crypto/rc2/rc2_locl.h $(INCL_D)/rc2_locl.h
-
-$(INCL_D)/rc4_locl.h: $(SRC_D)/crypto/rc4/rc4_locl.h
-	$(CP) $(SRC_D)/crypto/rc4/rc4_locl.h $(INCL_D)/rc4_locl.h
-
-$(INCL_D)/rc5_locl.h: $(SRC_D)/crypto/rc5/rc5_locl.h
-	$(CP) $(SRC_D)/crypto/rc5/rc5_locl.h $(INCL_D)/rc5_locl.h
-
-$(INCL_D)/idea_lcl.h: $(SRC_D)/crypto/idea/idea_lcl.h
-	$(CP) $(SRC_D)/crypto/idea/idea_lcl.h $(INCL_D)/idea_lcl.h
-
-$(INCL_D)/bf_pi.h: $(SRC_D)/crypto/bf/bf_pi.h
-	$(CP) $(SRC_D)/crypto/bf/bf_pi.h $(INCL_D)/bf_pi.h
-
-$(INCL_D)/bf_locl.h: $(SRC_D)/crypto/bf/bf_locl.h
-	$(CP) $(SRC_D)/crypto/bf/bf_locl.h $(INCL_D)/bf_locl.h
-
-$(INCL_D)/cast_s.h: $(SRC_D)/crypto/cast/cast_s.h
-	$(CP) $(SRC_D)/crypto/cast/cast_s.h $(INCL_D)/cast_s.h
-
-$(INCL_D)/cast_lcl.h: $(SRC_D)/crypto/cast/cast_lcl.h
-	$(CP) $(SRC_D)/crypto/cast/cast_lcl.h $(INCL_D)/cast_lcl.h
-
-$(INCL_D)/bn_lcl.h: $(SRC_D)/crypto/bn/bn_lcl.h
-	$(CP) $(SRC_D)/crypto/bn/bn_lcl.h $(INCL_D)/bn_lcl.h
-
-$(INCL_D)/bn_prime.h: $(SRC_D)/crypto/bn/bn_prime.h
-	$(CP) $(SRC_D)/crypto/bn/bn_prime.h $(INCL_D)/bn_prime.h
-
-$(INCL_D)/obj_dat.h: $(SRC_D)/crypto/objects/obj_dat.h
-	$(CP) $(SRC_D)/crypto/objects/obj_dat.h $(INCL_D)/obj_dat.h
-
-$(INCL_D)/conf_lcl.h: $(SRC_D)/crypto/conf/conf_lcl.h
-	$(CP) $(SRC_D)/crypto/conf/conf_lcl.h $(INCL_D)/conf_lcl.h
-
-$(INCL_D)/ssl_locl.h: $(SRC_D)/ssl/ssl_locl.h
-	$(CP) $(SRC_D)/ssl/ssl_locl.h $(INCL_D)/ssl_locl.h
-
-$(INCL_D)/rsaref.h: $(SRC_D)/rsaref/rsaref.h
-	$(CP) $(SRC_D)/rsaref/rsaref.h $(INCL_D)/rsaref.h
-
-$(INCL_D)/apps.h: $(SRC_D)/apps/apps.h
-	$(CP) $(SRC_D)/apps/apps.h $(INCL_D)/apps.h
-
-$(INCL_D)/progs.h: $(SRC_D)/apps/progs.h
-	$(CP) $(SRC_D)/apps/progs.h $(INCL_D)/progs.h
-
-$(INCL_D)/s_apps.h: $(SRC_D)/apps/s_apps.h
-	$(CP) $(SRC_D)/apps/s_apps.h $(INCL_D)/s_apps.h
-
-$(INCL_D)/testdsa.h: $(SRC_D)/apps/testdsa.h
-	$(CP) $(SRC_D)/apps/testdsa.h $(INCL_D)/testdsa.h
-
-$(INCL_D)/testrsa.h: $(SRC_D)/apps/testrsa.h
-	$(CP) $(SRC_D)/apps/testrsa.h $(INCL_D)/testrsa.h
-
-$(INC_D)/e_os.h: $(SRC_D)/./e_os.h
-	$(CP) $(SRC_D)/./e_os.h $(INC_D)/e_os.h
-
-$(INC_D)/crypto.h: $(SRC_D)/crypto/crypto.h
-	$(CP) $(SRC_D)/crypto/crypto.h $(INC_D)/crypto.h
-
-$(INC_D)/cryptall.h: $(SRC_D)/crypto/cryptall.h
-	$(CP) $(SRC_D)/crypto/cryptall.h $(INC_D)/cryptall.h
-
-$(INC_D)/tmdiff.h: $(SRC_D)/crypto/tmdiff.h
-	$(CP) $(SRC_D)/crypto/tmdiff.h $(INC_D)/tmdiff.h
-
-$(INC_D)/md2.h: $(SRC_D)/crypto/md2/md2.h
-	$(CP) $(SRC_D)/crypto/md2/md2.h $(INC_D)/md2.h
-
-$(INC_D)/md5.h: $(SRC_D)/crypto/md5/md5.h
-	$(CP) $(SRC_D)/crypto/md5/md5.h $(INC_D)/md5.h
-
-$(INC_D)/sha.h: $(SRC_D)/crypto/sha/sha.h
-	$(CP) $(SRC_D)/crypto/sha/sha.h $(INC_D)/sha.h
-
-$(INC_D)/mdc2.h: $(SRC_D)/crypto/mdc2/mdc2.h
-	$(CP) $(SRC_D)/crypto/mdc2/mdc2.h $(INC_D)/mdc2.h
-
-$(INC_D)/hmac.h: $(SRC_D)/crypto/hmac/hmac.h
-	$(CP) $(SRC_D)/crypto/hmac/hmac.h $(INC_D)/hmac.h
-
-$(INC_D)/ripemd.h: $(SRC_D)/crypto/ripemd/ripemd.h
-	$(CP) $(SRC_D)/crypto/ripemd/ripemd.h $(INC_D)/ripemd.h
-
-$(INC_D)/des.h: $(SRC_D)/crypto/des/des.h
-	$(CP) $(SRC_D)/crypto/des/des.h $(INC_D)/des.h
-
-$(INC_D)/rc2.h: $(SRC_D)/crypto/rc2/rc2.h
-	$(CP) $(SRC_D)/crypto/rc2/rc2.h $(INC_D)/rc2.h
-
-$(INC_D)/rc4.h: $(SRC_D)/crypto/rc4/rc4.h
-	$(CP) $(SRC_D)/crypto/rc4/rc4.h $(INC_D)/rc4.h
-
-$(INC_D)/rc5.h: $(SRC_D)/crypto/rc5/rc5.h
-	$(CP) $(SRC_D)/crypto/rc5/rc5.h $(INC_D)/rc5.h
-
-$(INC_D)/idea.h: $(SRC_D)/crypto/idea/idea.h
-	$(CP) $(SRC_D)/crypto/idea/idea.h $(INC_D)/idea.h
-
-$(INC_D)/blowfish.h: $(SRC_D)/crypto/bf/blowfish.h
-	$(CP) $(SRC_D)/crypto/bf/blowfish.h $(INC_D)/blowfish.h
-
-$(INC_D)/cast.h: $(SRC_D)/crypto/cast/cast.h
-	$(CP) $(SRC_D)/crypto/cast/cast.h $(INC_D)/cast.h
-
-$(INC_D)/bn.h: $(SRC_D)/crypto/bn/bn.h
-	$(CP) $(SRC_D)/crypto/bn/bn.h $(INC_D)/bn.h
-
-$(INC_D)/rsa.h: $(SRC_D)/crypto/rsa/rsa.h
-	$(CP) $(SRC_D)/crypto/rsa/rsa.h $(INC_D)/rsa.h
-
-$(INC_D)/dsa.h: $(SRC_D)/crypto/dsa/dsa.h
-	$(CP) $(SRC_D)/crypto/dsa/dsa.h $(INC_D)/dsa.h
-
-$(INC_D)/dh.h: $(SRC_D)/crypto/dh/dh.h
-	$(CP) $(SRC_D)/crypto/dh/dh.h $(INC_D)/dh.h
-
-$(INC_D)/buffer.h: $(SRC_D)/crypto/buffer/buffer.h
-	$(CP) $(SRC_D)/crypto/buffer/buffer.h $(INC_D)/buffer.h
-
-$(INC_D)/bio.h: $(SRC_D)/crypto/bio/bio.h
-	$(CP) $(SRC_D)/crypto/bio/bio.h $(INC_D)/bio.h
-
-$(INC_D)/bss_file.c: $(SRC_D)/crypto/bio/bss_file.c
-	$(CP) $(SRC_D)/crypto/bio/bss_file.c $(INC_D)/bss_file.c
-
-$(INC_D)/stack.h: $(SRC_D)/crypto/stack/stack.h
-	$(CP) $(SRC_D)/crypto/stack/stack.h $(INC_D)/stack.h
-
-$(INC_D)/lhash.h: $(SRC_D)/crypto/lhash/lhash.h
-	$(CP) $(SRC_D)/crypto/lhash/lhash.h $(INC_D)/lhash.h
-
-$(INC_D)/rand.h: $(SRC_D)/crypto/rand/rand.h
-	$(CP) $(SRC_D)/crypto/rand/rand.h $(INC_D)/rand.h
-
-$(INC_D)/err.h: $(SRC_D)/crypto/err/err.h
-	$(CP) $(SRC_D)/crypto/err/err.h $(INC_D)/err.h
-
-$(INC_D)/objects.h: $(SRC_D)/crypto/objects/objects.h
-	$(CP) $(SRC_D)/crypto/objects/objects.h $(INC_D)/objects.h
-
-$(INC_D)/evp.h: $(SRC_D)/crypto/evp/evp.h
-	$(CP) $(SRC_D)/crypto/evp/evp.h $(INC_D)/evp.h
-
-$(INC_D)/pem.h: $(SRC_D)/crypto/pem/pem.h
-	$(CP) $(SRC_D)/crypto/pem/pem.h $(INC_D)/pem.h
-
-$(INC_D)/asn1.h: $(SRC_D)/crypto/asn1/asn1.h
-	$(CP) $(SRC_D)/crypto/asn1/asn1.h $(INC_D)/asn1.h
-
-$(INC_D)/asn1_mac.h: $(SRC_D)/crypto/asn1/asn1_mac.h
-	$(CP) $(SRC_D)/crypto/asn1/asn1_mac.h $(INC_D)/asn1_mac.h
-
-$(INC_D)/x509.h: $(SRC_D)/crypto/x509/x509.h
-	$(CP) $(SRC_D)/crypto/x509/x509.h $(INC_D)/x509.h
-
-$(INC_D)/x509_vfy.h: $(SRC_D)/crypto/x509/x509_vfy.h
-	$(CP) $(SRC_D)/crypto/x509/x509_vfy.h $(INC_D)/x509_vfy.h
-
-$(INC_D)/conf.h: $(SRC_D)/crypto/conf/conf.h
-	$(CP) $(SRC_D)/crypto/conf/conf.h $(INC_D)/conf.h
-
-$(INC_D)/txt_db.h: $(SRC_D)/crypto/txt_db/txt_db.h
-	$(CP) $(SRC_D)/crypto/txt_db/txt_db.h $(INC_D)/txt_db.h
-
-$(INC_D)/pkcs7.h: $(SRC_D)/crypto/pkcs7/pkcs7.h
-	$(CP) $(SRC_D)/crypto/pkcs7/pkcs7.h $(INC_D)/pkcs7.h
-
-$(INC_D)/proxy.h: $(SRC_D)/crypto/proxy/proxy.h
-	$(CP) $(SRC_D)/crypto/proxy/proxy.h $(INC_D)/proxy.h
-
-$(INC_D)/comp.h: $(SRC_D)/crypto/comp/comp.h
-	$(CP) $(SRC_D)/crypto/comp/comp.h $(INC_D)/comp.h
-
-$(INC_D)/ssl.h: $(SRC_D)/ssl/ssl.h
-	$(CP) $(SRC_D)/ssl/ssl.h $(INC_D)/ssl.h
-
-$(INC_D)/ssl2.h: $(SRC_D)/ssl/ssl2.h
-	$(CP) $(SRC_D)/ssl/ssl2.h $(INC_D)/ssl2.h
-
-$(INC_D)/ssl3.h: $(SRC_D)/ssl/ssl3.h
-	$(CP) $(SRC_D)/ssl/ssl3.h $(INC_D)/ssl3.h
-
-$(INC_D)/ssl23.h: $(SRC_D)/ssl/ssl23.h
-	$(CP) $(SRC_D)/ssl/ssl23.h $(INC_D)/ssl23.h
-
-$(INC_D)/tls1.h: $(SRC_D)/ssl/tls1.h
-	$(CP) $(SRC_D)/ssl/tls1.h $(INC_D)/tls1.h
-
-$(OBJ_D)/md2test.o: $(SRC_D)/crypto/md2/md2test.c
-	$(CC) -o $(OBJ_D)/md2test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/md2/md2test.c
-
-$(OBJ_D)/md5test.o: $(SRC_D)/crypto/md5/md5test.c
-	$(CC) -o $(OBJ_D)/md5test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/md5/md5test.c
-
-$(OBJ_D)/shatest.o: $(SRC_D)/crypto/sha/shatest.c
-	$(CC) -o $(OBJ_D)/shatest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/sha/shatest.c
-
-$(OBJ_D)/sha1test.o: $(SRC_D)/crypto/sha/sha1test.c
-	$(CC) -o $(OBJ_D)/sha1test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/sha/sha1test.c
-
-$(OBJ_D)/mdc2test.o: $(SRC_D)/crypto/mdc2/mdc2test.c
-	$(CC) -o $(OBJ_D)/mdc2test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/mdc2/mdc2test.c
-
-$(OBJ_D)/hmactest.o: $(SRC_D)/crypto/hmac/hmactest.c
-	$(CC) -o $(OBJ_D)/hmactest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/hmac/hmactest.c
-
-$(OBJ_D)/rmdtest.o: $(SRC_D)/crypto/ripemd/rmdtest.c
-	$(CC) -o $(OBJ_D)/rmdtest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/ripemd/rmdtest.c
-
-$(OBJ_D)/destest.o: $(SRC_D)/crypto/des/destest.c
-	$(CC) -o $(OBJ_D)/destest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/des/destest.c
-
-$(OBJ_D)/rc2test.o: $(SRC_D)/crypto/rc2/rc2test.c
-	$(CC) -o $(OBJ_D)/rc2test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2test.c
-
-$(OBJ_D)/rc4test.o: $(SRC_D)/crypto/rc4/rc4test.c
-	$(CC) -o $(OBJ_D)/rc4test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/rc4/rc4test.c
-
-$(OBJ_D)/rc5test.o: $(SRC_D)/crypto/rc5/rc5test.c
-	$(CC) -o $(OBJ_D)/rc5test.o $(APP_CFLAGS) -c $(SRC_D)/crypto/rc5/rc5test.c
-
-$(OBJ_D)/ideatest.o: $(SRC_D)/crypto/idea/ideatest.c
-	$(CC) -o $(OBJ_D)/ideatest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/idea/ideatest.c
-
-$(OBJ_D)/bftest.o: $(SRC_D)/crypto/bf/bftest.c
-	$(CC) -o $(OBJ_D)/bftest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/bf/bftest.c
-
-$(OBJ_D)/casttest.o: $(SRC_D)/crypto/cast/casttest.c
-	$(CC) -o $(OBJ_D)/casttest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/cast/casttest.c
-
-$(OBJ_D)/bntest.o: $(SRC_D)/crypto/bn/bntest.c
-	$(CC) -o $(OBJ_D)/bntest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/bn/bntest.c
-
-$(OBJ_D)/exptest.o: $(SRC_D)/crypto/bn/exptest.c
-	$(CC) -o $(OBJ_D)/exptest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/bn/exptest.c
-
-$(OBJ_D)/dsatest.o: $(SRC_D)/crypto/dsa/dsatest.c
-	$(CC) -o $(OBJ_D)/dsatest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/dsa/dsatest.c
-
-$(OBJ_D)/dhtest.o: $(SRC_D)/crypto/dh/dhtest.c
-	$(CC) -o $(OBJ_D)/dhtest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/dh/dhtest.c
-
-$(OBJ_D)/randtest.o: $(SRC_D)/crypto/rand/randtest.c
-	$(CC) -o $(OBJ_D)/randtest.o $(APP_CFLAGS) -c $(SRC_D)/crypto/rand/randtest.c
-
-$(OBJ_D)/ssltest.o: $(SRC_D)/ssl/ssltest.c
-	$(CC) -o $(OBJ_D)/ssltest.o $(APP_CFLAGS) -c $(SRC_D)/ssl/ssltest.c
-
-$(OBJ_D)/verify.o: $(SRC_D)/apps/verify.c
-	$(CC) -o $(OBJ_D)/verify.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/verify.c
-
-$(OBJ_D)/asn1pars.o: $(SRC_D)/apps/asn1pars.c
-	$(CC) -o $(OBJ_D)/asn1pars.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/asn1pars.c
-
-$(OBJ_D)/req.o: $(SRC_D)/apps/req.c
-	$(CC) -o $(OBJ_D)/req.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/req.c
-
-$(OBJ_D)/dgst.o: $(SRC_D)/apps/dgst.c
-	$(CC) -o $(OBJ_D)/dgst.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/dgst.c
-
-$(OBJ_D)/dh.o: $(SRC_D)/apps/dh.c
-	$(CC) -o $(OBJ_D)/dh.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/dh.c
-
-$(OBJ_D)/enc.o: $(SRC_D)/apps/enc.c
-	$(CC) -o $(OBJ_D)/enc.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/enc.c
-
-$(OBJ_D)/gendh.o: $(SRC_D)/apps/gendh.c
-	$(CC) -o $(OBJ_D)/gendh.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/gendh.c
-
-$(OBJ_D)/errstr.o: $(SRC_D)/apps/errstr.c
-	$(CC) -o $(OBJ_D)/errstr.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/errstr.c
-
-$(OBJ_D)/ca.o: $(SRC_D)/apps/ca.c
-	$(CC) -o $(OBJ_D)/ca.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/ca.c
-
-$(OBJ_D)/pkcs7.o: $(SRC_D)/apps/pkcs7.c
-	$(CC) -o $(OBJ_D)/pkcs7.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/pkcs7.c
-
-$(OBJ_D)/crl2p7.o: $(SRC_D)/apps/crl2p7.c
-	$(CC) -o $(OBJ_D)/crl2p7.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/crl2p7.c
-
-$(OBJ_D)/crl.o: $(SRC_D)/apps/crl.c
-	$(CC) -o $(OBJ_D)/crl.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/crl.c
-
-$(OBJ_D)/rsa.o: $(SRC_D)/apps/rsa.c
-	$(CC) -o $(OBJ_D)/rsa.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/rsa.c
-
-$(OBJ_D)/dsa.o: $(SRC_D)/apps/dsa.c
-	$(CC) -o $(OBJ_D)/dsa.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/dsa.c
-
-$(OBJ_D)/dsaparam.o: $(SRC_D)/apps/dsaparam.c
-	$(CC) -o $(OBJ_D)/dsaparam.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/dsaparam.c
-
-$(OBJ_D)/x509.o: $(SRC_D)/apps/x509.c
-	$(CC) -o $(OBJ_D)/x509.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/x509.c
-
-$(OBJ_D)/genrsa.o: $(SRC_D)/apps/genrsa.c
-	$(CC) -o $(OBJ_D)/genrsa.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/genrsa.c
-
-$(OBJ_D)/s_server.o: $(SRC_D)/apps/s_server.c
-	$(CC) -o $(OBJ_D)/s_server.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/s_server.c
-
-$(OBJ_D)/s_client.o: $(SRC_D)/apps/s_client.c
-	$(CC) -o $(OBJ_D)/s_client.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/s_client.c
-
-$(OBJ_D)/speed.o: $(SRC_D)/apps/speed.c
-	$(CC) -o $(OBJ_D)/speed.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/speed.c
-
-$(OBJ_D)/s_time.o: $(SRC_D)/apps/s_time.c
-	$(CC) -o $(OBJ_D)/s_time.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/s_time.c
-
-$(OBJ_D)/apps.o: $(SRC_D)/apps/apps.c
-	$(CC) -o $(OBJ_D)/apps.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/apps.c
-
-$(OBJ_D)/s_cb.o: $(SRC_D)/apps/s_cb.c
-	$(CC) -o $(OBJ_D)/s_cb.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/s_cb.c
-
-$(OBJ_D)/s_socket.o: $(SRC_D)/apps/s_socket.c
-	$(CC) -o $(OBJ_D)/s_socket.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/s_socket.c
-
-$(OBJ_D)/bf_perm.o: $(SRC_D)/apps/bf_perm.c
-	$(CC) -o $(OBJ_D)/bf_perm.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/bf_perm.c
-
-$(OBJ_D)/version.o: $(SRC_D)/apps/version.c
-	$(CC) -o $(OBJ_D)/version.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/version.c
-
-$(OBJ_D)/sess_id.o: $(SRC_D)/apps/sess_id.c
-	$(CC) -o $(OBJ_D)/sess_id.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/sess_id.c
-
-$(OBJ_D)/ciphers.o: $(SRC_D)/apps/ciphers.c
-	$(CC) -o $(OBJ_D)/ciphers.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/ciphers.c
-
-$(OBJ_D)/ssleay.o: $(SRC_D)/apps/ssleay.c
-	$(CC) -o $(OBJ_D)/ssleay.o -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)/apps/ssleay.c
-
-$(OBJ_D)/cryptlib.o: $(SRC_D)/crypto/cryptlib.c
-	$(CC) -o $(OBJ_D)/cryptlib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/cryptlib.c
-
-$(OBJ_D)/mem.o: $(SRC_D)/crypto/mem.c
-	$(CC) -o $(OBJ_D)/mem.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/mem.c
-
-$(OBJ_D)/cversion.o: $(SRC_D)/crypto/cversion.c
-	$(CC) -o $(OBJ_D)/cversion.o  $(LIB_CFLAGS) -DCFLAGS="\"$(CC) $(CFLAG)\"" -DPLATFORM="\"$(PLATFORM)\"" -c $(SRC_D)/crypto/cversion.c
-
-$(OBJ_D)/ex_data.o: $(SRC_D)/crypto/ex_data.c
-	$(CC) -o $(OBJ_D)/ex_data.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/ex_data.c
-
-$(OBJ_D)/tmdiff.o: $(SRC_D)/crypto/tmdiff.c
-	$(CC) -o $(OBJ_D)/tmdiff.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/tmdiff.c
-
-$(OBJ_D)/cpt_err.o: $(SRC_D)/crypto/cpt_err.c
-	$(CC) -o $(OBJ_D)/cpt_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/cpt_err.c
-
-$(OBJ_D)/md2_dgst.o: $(SRC_D)/crypto/md2/md2_dgst.c
-	$(CC) -o $(OBJ_D)/md2_dgst.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/md2/md2_dgst.c
-
-$(OBJ_D)/md2_one.o: $(SRC_D)/crypto/md2/md2_one.c
-	$(CC) -o $(OBJ_D)/md2_one.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/md2/md2_one.c
-
-$(OBJ_D)/md5_dgst.o: $(SRC_D)/crypto/md5/md5_dgst.c
-	$(CC) -o $(OBJ_D)/md5_dgst.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/md5/md5_dgst.c
-
-$(OBJ_D)/md5_one.o: $(SRC_D)/crypto/md5/md5_one.c
-	$(CC) -o $(OBJ_D)/md5_one.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/md5/md5_one.c
-
-$(OBJ_D)/sha_dgst.o: $(SRC_D)/crypto/sha/sha_dgst.c
-	$(CC) -o $(OBJ_D)/sha_dgst.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/sha/sha_dgst.c
-
-$(OBJ_D)/sha1dgst.o: $(SRC_D)/crypto/sha/sha1dgst.c
-	$(CC) -o $(OBJ_D)/sha1dgst.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/sha/sha1dgst.c
-
-$(OBJ_D)/sha_one.o: $(SRC_D)/crypto/sha/sha_one.c
-	$(CC) -o $(OBJ_D)/sha_one.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/sha/sha_one.c
-
-$(OBJ_D)/sha1_one.o: $(SRC_D)/crypto/sha/sha1_one.c
-	$(CC) -o $(OBJ_D)/sha1_one.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/sha/sha1_one.c
-
-$(OBJ_D)/mdc2dgst.o: $(SRC_D)/crypto/mdc2/mdc2dgst.c
-	$(CC) -o $(OBJ_D)/mdc2dgst.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/mdc2/mdc2dgst.c
-
-$(OBJ_D)/mdc2_one.o: $(SRC_D)/crypto/mdc2/mdc2_one.c
-	$(CC) -o $(OBJ_D)/mdc2_one.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/mdc2/mdc2_one.c
-
-$(OBJ_D)/hmac.o: $(SRC_D)/crypto/hmac/hmac.c
-	$(CC) -o $(OBJ_D)/hmac.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/hmac/hmac.c
-
-$(OBJ_D)/rmd_dgst.o: $(SRC_D)/crypto/ripemd/rmd_dgst.c
-	$(CC) -o $(OBJ_D)/rmd_dgst.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/ripemd/rmd_dgst.c
-
-$(OBJ_D)/rmd_one.o: $(SRC_D)/crypto/ripemd/rmd_one.c
-	$(CC) -o $(OBJ_D)/rmd_one.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/ripemd/rmd_one.c
-
-$(OBJ_D)/set_key.o: $(SRC_D)/crypto/des/set_key.c
-	$(CC) -o $(OBJ_D)/set_key.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/set_key.c
-
-$(OBJ_D)/ecb_enc.o: $(SRC_D)/crypto/des/ecb_enc.c
-	$(CC) -o $(OBJ_D)/ecb_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ecb_enc.c
-
-$(OBJ_D)/cbc_enc.o: $(SRC_D)/crypto/des/cbc_enc.c
-	$(CC) -o $(OBJ_D)/cbc_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cbc_enc.c
-
-$(OBJ_D)/ecb3_enc.o: $(SRC_D)/crypto/des/ecb3_enc.c
-	$(CC) -o $(OBJ_D)/ecb3_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ecb3_enc.c
-
-$(OBJ_D)/cfb64enc.o: $(SRC_D)/crypto/des/cfb64enc.c
-	$(CC) -o $(OBJ_D)/cfb64enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cfb64enc.c
-
-$(OBJ_D)/cfb64ede.o: $(SRC_D)/crypto/des/cfb64ede.c
-	$(CC) -o $(OBJ_D)/cfb64ede.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cfb64ede.c
-
-$(OBJ_D)/cfb_enc.o: $(SRC_D)/crypto/des/cfb_enc.c
-	$(CC) -o $(OBJ_D)/cfb_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cfb_enc.c
-
-$(OBJ_D)/ofb64ede.o: $(SRC_D)/crypto/des/ofb64ede.c
-	$(CC) -o $(OBJ_D)/ofb64ede.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ofb64ede.c
-
-$(OBJ_D)/enc_read.o: $(SRC_D)/crypto/des/enc_read.c
-	$(CC) -o $(OBJ_D)/enc_read.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/enc_read.c
-
-$(OBJ_D)/enc_writ.o: $(SRC_D)/crypto/des/enc_writ.c
-	$(CC) -o $(OBJ_D)/enc_writ.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/enc_writ.c
-
-$(OBJ_D)/ofb64enc.o: $(SRC_D)/crypto/des/ofb64enc.c
-	$(CC) -o $(OBJ_D)/ofb64enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ofb64enc.c
-
-$(OBJ_D)/ofb_enc.o: $(SRC_D)/crypto/des/ofb_enc.c
-	$(CC) -o $(OBJ_D)/ofb_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/ofb_enc.c
-
-$(OBJ_D)/str2key.o: $(SRC_D)/crypto/des/str2key.c
-	$(CC) -o $(OBJ_D)/str2key.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/str2key.c
-
-$(OBJ_D)/pcbc_enc.o: $(SRC_D)/crypto/des/pcbc_enc.c
-	$(CC) -o $(OBJ_D)/pcbc_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/pcbc_enc.c
-
-$(OBJ_D)/qud_cksm.o: $(SRC_D)/crypto/des/qud_cksm.c
-	$(CC) -o $(OBJ_D)/qud_cksm.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/qud_cksm.c
-
-$(OBJ_D)/rand_key.o: $(SRC_D)/crypto/des/rand_key.c
-	$(CC) -o $(OBJ_D)/rand_key.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/rand_key.c
-
-$(OBJ_D)/des_enc.o: $(SRC_D)/crypto/des/des_enc.c
-	$(CC) -o $(OBJ_D)/des_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/des_enc.c
-
-$(OBJ_D)/fcrypt_b.o: $(SRC_D)/crypto/des/fcrypt_b.c
-	$(CC) -o $(OBJ_D)/fcrypt_b.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/fcrypt_b.c
-
-$(OBJ_D)/read2pwd.o: $(SRC_D)/crypto/des/read2pwd.c
-	$(CC) -o $(OBJ_D)/read2pwd.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/read2pwd.c
-
-$(OBJ_D)/fcrypt.o: $(SRC_D)/crypto/des/fcrypt.c
-	$(CC) -o $(OBJ_D)/fcrypt.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/fcrypt.c
-
-$(OBJ_D)/xcbc_enc.o: $(SRC_D)/crypto/des/xcbc_enc.c
-	$(CC) -o $(OBJ_D)/xcbc_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/xcbc_enc.c
-
-$(OBJ_D)/read_pwd.o: $(SRC_D)/crypto/des/read_pwd.c
-	$(CC) -o $(OBJ_D)/read_pwd.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/read_pwd.c
-
-$(OBJ_D)/rpc_enc.o: $(SRC_D)/crypto/des/rpc_enc.c
-	$(CC) -o $(OBJ_D)/rpc_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/rpc_enc.c
-
-$(OBJ_D)/cbc_cksm.o: $(SRC_D)/crypto/des/cbc_cksm.c
-	$(CC) -o $(OBJ_D)/cbc_cksm.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/cbc_cksm.c
-
-$(OBJ_D)/supp.o: $(SRC_D)/crypto/des/supp.c
-	$(CC) -o $(OBJ_D)/supp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/des/supp.c
-
-$(OBJ_D)/rc2_ecb.o: $(SRC_D)/crypto/rc2/rc2_ecb.c
-	$(CC) -o $(OBJ_D)/rc2_ecb.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2_ecb.c
-
-$(OBJ_D)/rc2_skey.o: $(SRC_D)/crypto/rc2/rc2_skey.c
-	$(CC) -o $(OBJ_D)/rc2_skey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2_skey.c
-
-$(OBJ_D)/rc2_cbc.o: $(SRC_D)/crypto/rc2/rc2_cbc.c
-	$(CC) -o $(OBJ_D)/rc2_cbc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2_cbc.c
-
-$(OBJ_D)/rc2cfb64.o: $(SRC_D)/crypto/rc2/rc2cfb64.c
-	$(CC) -o $(OBJ_D)/rc2cfb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2cfb64.c
-
-$(OBJ_D)/rc2ofb64.o: $(SRC_D)/crypto/rc2/rc2ofb64.c
-	$(CC) -o $(OBJ_D)/rc2ofb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc2/rc2ofb64.c
-
-$(OBJ_D)/rc4_skey.o: $(SRC_D)/crypto/rc4/rc4_skey.c
-	$(CC) -o $(OBJ_D)/rc4_skey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc4/rc4_skey.c
-
-$(OBJ_D)/rc4_enc.o: $(SRC_D)/crypto/rc4/rc4_enc.c
-	$(CC) -o $(OBJ_D)/rc4_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc4/rc4_enc.c
-
-$(OBJ_D)/rc5_skey.o: $(SRC_D)/crypto/rc5/rc5_skey.c
-	$(CC) -o $(OBJ_D)/rc5_skey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc5/rc5_skey.c
-
-$(OBJ_D)/rc5_ecb.o: $(SRC_D)/crypto/rc5/rc5_ecb.c
-	$(CC) -o $(OBJ_D)/rc5_ecb.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc5/rc5_ecb.c
-
-$(OBJ_D)/rc5_enc.o: $(SRC_D)/crypto/rc5/rc5_enc.c
-	$(CC) -o $(OBJ_D)/rc5_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc5/rc5_enc.c
-
-$(OBJ_D)/rc5cfb64.o: $(SRC_D)/crypto/rc5/rc5cfb64.c
-	$(CC) -o $(OBJ_D)/rc5cfb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc5/rc5cfb64.c
-
-$(OBJ_D)/rc5ofb64.o: $(SRC_D)/crypto/rc5/rc5ofb64.c
-	$(CC) -o $(OBJ_D)/rc5ofb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rc5/rc5ofb64.c
-
-$(OBJ_D)/i_cbc.o: $(SRC_D)/crypto/idea/i_cbc.c
-	$(CC) -o $(OBJ_D)/i_cbc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_cbc.c
-
-$(OBJ_D)/i_cfb64.o: $(SRC_D)/crypto/idea/i_cfb64.c
-	$(CC) -o $(OBJ_D)/i_cfb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_cfb64.c
-
-$(OBJ_D)/i_ofb64.o: $(SRC_D)/crypto/idea/i_ofb64.c
-	$(CC) -o $(OBJ_D)/i_ofb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_ofb64.c
-
-$(OBJ_D)/i_ecb.o: $(SRC_D)/crypto/idea/i_ecb.c
-	$(CC) -o $(OBJ_D)/i_ecb.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_ecb.c
-
-$(OBJ_D)/i_skey.o: $(SRC_D)/crypto/idea/i_skey.c
-	$(CC) -o $(OBJ_D)/i_skey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/idea/i_skey.c
-
-$(OBJ_D)/bf_skey.o: $(SRC_D)/crypto/bf/bf_skey.c
-	$(CC) -o $(OBJ_D)/bf_skey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_skey.c
-
-$(OBJ_D)/bf_ecb.o: $(SRC_D)/crypto/bf/bf_ecb.c
-	$(CC) -o $(OBJ_D)/bf_ecb.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_ecb.c
-
-$(OBJ_D)/bf_enc.o: $(SRC_D)/crypto/bf/bf_enc.c
-	$(CC) -o $(OBJ_D)/bf_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_enc.c
-
-$(OBJ_D)/bf_cfb64.o: $(SRC_D)/crypto/bf/bf_cfb64.c
-	$(CC) -o $(OBJ_D)/bf_cfb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_cfb64.c
-
-$(OBJ_D)/bf_ofb64.o: $(SRC_D)/crypto/bf/bf_ofb64.c
-	$(CC) -o $(OBJ_D)/bf_ofb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bf/bf_ofb64.c
-
-$(OBJ_D)/c_skey.o: $(SRC_D)/crypto/cast/c_skey.c
-	$(CC) -o $(OBJ_D)/c_skey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/cast/c_skey.c
-
-$(OBJ_D)/c_ecb.o: $(SRC_D)/crypto/cast/c_ecb.c
-	$(CC) -o $(OBJ_D)/c_ecb.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/cast/c_ecb.c
-
-$(OBJ_D)/c_enc.o: $(SRC_D)/crypto/cast/c_enc.c
-	$(CC) -o $(OBJ_D)/c_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/cast/c_enc.c
-
-$(OBJ_D)/c_cfb64.o: $(SRC_D)/crypto/cast/c_cfb64.c
-	$(CC) -o $(OBJ_D)/c_cfb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/cast/c_cfb64.c
-
-$(OBJ_D)/c_ofb64.o: $(SRC_D)/crypto/cast/c_ofb64.c
-	$(CC) -o $(OBJ_D)/c_ofb64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/cast/c_ofb64.c
-
-$(OBJ_D)/bn_add.o: $(SRC_D)/crypto/bn/bn_add.c
-	$(CC) -o $(OBJ_D)/bn_add.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_add.c
-
-$(OBJ_D)/bn_div.o: $(SRC_D)/crypto/bn/bn_div.c
-	$(CC) -o $(OBJ_D)/bn_div.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_div.c
-
-$(OBJ_D)/bn_exp.o: $(SRC_D)/crypto/bn/bn_exp.c
-	$(CC) -o $(OBJ_D)/bn_exp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_exp.c
-
-$(OBJ_D)/bn_lib.o: $(SRC_D)/crypto/bn/bn_lib.c
-	$(CC) -o $(OBJ_D)/bn_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_lib.c
-
-$(OBJ_D)/bn_mul.o: $(SRC_D)/crypto/bn/bn_mul.c
-	$(CC) -o $(OBJ_D)/bn_mul.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_mul.c
-
-$(OBJ_D)/bn_print.o: $(SRC_D)/crypto/bn/bn_print.c
-	$(CC) -o $(OBJ_D)/bn_print.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_print.c
-
-$(OBJ_D)/bn_rand.o: $(SRC_D)/crypto/bn/bn_rand.c
-	$(CC) -o $(OBJ_D)/bn_rand.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_rand.c
-
-$(OBJ_D)/bn_shift.o: $(SRC_D)/crypto/bn/bn_shift.c
-	$(CC) -o $(OBJ_D)/bn_shift.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_shift.c
-
-$(OBJ_D)/bn_word.o: $(SRC_D)/crypto/bn/bn_word.c
-	$(CC) -o $(OBJ_D)/bn_word.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_word.c
-
-$(OBJ_D)/bn_blind.o: $(SRC_D)/crypto/bn/bn_blind.c
-	$(CC) -o $(OBJ_D)/bn_blind.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_blind.c
-
-$(OBJ_D)/bn_gcd.o: $(SRC_D)/crypto/bn/bn_gcd.c
-	$(CC) -o $(OBJ_D)/bn_gcd.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_gcd.c
-
-$(OBJ_D)/bn_prime.o: $(SRC_D)/crypto/bn/bn_prime.c
-	$(CC) -o $(OBJ_D)/bn_prime.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_prime.c
-
-$(OBJ_D)/bn_err.o: $(SRC_D)/crypto/bn/bn_err.c
-	$(CC) -o $(OBJ_D)/bn_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_err.c
-
-$(OBJ_D)/bn_sqr.o: $(SRC_D)/crypto/bn/bn_sqr.c
-	$(CC) -o $(OBJ_D)/bn_sqr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_sqr.c
-
-$(OBJ_D)/bn_asm.o: $(SRC_D)/crypto/bn/bn_asm.c
-	$(CC) -o $(OBJ_D)/bn_asm.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_asm.c
-
-$(OBJ_D)/bn_recp.o: $(SRC_D)/crypto/bn/bn_recp.c
-	$(CC) -o $(OBJ_D)/bn_recp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_recp.c
-
-$(OBJ_D)/bn_mont.o: $(SRC_D)/crypto/bn/bn_mont.c
-	$(CC) -o $(OBJ_D)/bn_mont.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_mont.c
-
-$(OBJ_D)/bn_mpi.o: $(SRC_D)/crypto/bn/bn_mpi.c
-	$(CC) -o $(OBJ_D)/bn_mpi.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_mpi.c
-
-$(OBJ_D)/bn_exp2.o: $(SRC_D)/crypto/bn/bn_exp2.c
-	$(CC) -o $(OBJ_D)/bn_exp2.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bn/bn_exp2.c
-
-$(OBJ_D)/rsa_eay.o: $(SRC_D)/crypto/rsa/rsa_eay.c
-	$(CC) -o $(OBJ_D)/rsa_eay.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_eay.c
-
-$(OBJ_D)/rsa_gen.o: $(SRC_D)/crypto/rsa/rsa_gen.c
-	$(CC) -o $(OBJ_D)/rsa_gen.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_gen.c
-
-$(OBJ_D)/rsa_lib.o: $(SRC_D)/crypto/rsa/rsa_lib.c
-	$(CC) -o $(OBJ_D)/rsa_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_lib.c
-
-$(OBJ_D)/rsa_sign.o: $(SRC_D)/crypto/rsa/rsa_sign.c
-	$(CC) -o $(OBJ_D)/rsa_sign.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_sign.c
-
-$(OBJ_D)/rsa_saos.o: $(SRC_D)/crypto/rsa/rsa_saos.c
-	$(CC) -o $(OBJ_D)/rsa_saos.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_saos.c
-
-$(OBJ_D)/rsa_err.o: $(SRC_D)/crypto/rsa/rsa_err.c
-	$(CC) -o $(OBJ_D)/rsa_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_err.c
-
-$(OBJ_D)/rsa_pk1.o: $(SRC_D)/crypto/rsa/rsa_pk1.c
-	$(CC) -o $(OBJ_D)/rsa_pk1.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_pk1.c
-
-$(OBJ_D)/rsa_ssl.o: $(SRC_D)/crypto/rsa/rsa_ssl.c
-	$(CC) -o $(OBJ_D)/rsa_ssl.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_ssl.c
-
-$(OBJ_D)/rsa_none.o: $(SRC_D)/crypto/rsa/rsa_none.c
-	$(CC) -o $(OBJ_D)/rsa_none.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rsa/rsa_none.c
-
-$(OBJ_D)/dsa_gen.o: $(SRC_D)/crypto/dsa/dsa_gen.c
-	$(CC) -o $(OBJ_D)/dsa_gen.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_gen.c
-
-$(OBJ_D)/dsa_key.o: $(SRC_D)/crypto/dsa/dsa_key.c
-	$(CC) -o $(OBJ_D)/dsa_key.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_key.c
-
-$(OBJ_D)/dsa_lib.o: $(SRC_D)/crypto/dsa/dsa_lib.c
-	$(CC) -o $(OBJ_D)/dsa_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_lib.c
-
-$(OBJ_D)/dsa_vrf.o: $(SRC_D)/crypto/dsa/dsa_vrf.c
-	$(CC) -o $(OBJ_D)/dsa_vrf.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_vrf.c
-
-$(OBJ_D)/dsa_sign.o: $(SRC_D)/crypto/dsa/dsa_sign.c
-	$(CC) -o $(OBJ_D)/dsa_sign.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_sign.c
-
-$(OBJ_D)/dsa_err.o: $(SRC_D)/crypto/dsa/dsa_err.c
-	$(CC) -o $(OBJ_D)/dsa_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dsa/dsa_err.c
-
-$(OBJ_D)/dh_gen.o: $(SRC_D)/crypto/dh/dh_gen.c
-	$(CC) -o $(OBJ_D)/dh_gen.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_gen.c
-
-$(OBJ_D)/dh_key.o: $(SRC_D)/crypto/dh/dh_key.c
-	$(CC) -o $(OBJ_D)/dh_key.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_key.c
-
-$(OBJ_D)/dh_lib.o: $(SRC_D)/crypto/dh/dh_lib.c
-	$(CC) -o $(OBJ_D)/dh_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_lib.c
-
-$(OBJ_D)/dh_check.o: $(SRC_D)/crypto/dh/dh_check.c
-	$(CC) -o $(OBJ_D)/dh_check.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_check.c
-
-$(OBJ_D)/dh_err.o: $(SRC_D)/crypto/dh/dh_err.c
-	$(CC) -o $(OBJ_D)/dh_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/dh/dh_err.c
-
-$(OBJ_D)/buffer.o: $(SRC_D)/crypto/buffer/buffer.c
-	$(CC) -o $(OBJ_D)/buffer.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/buffer/buffer.c
-
-$(OBJ_D)/buf_err.o: $(SRC_D)/crypto/buffer/buf_err.c
-	$(CC) -o $(OBJ_D)/buf_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/buffer/buf_err.c
-
-$(OBJ_D)/bio_lib.o: $(SRC_D)/crypto/bio/bio_lib.c
-	$(CC) -o $(OBJ_D)/bio_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bio_lib.c
-
-$(OBJ_D)/bio_cb.o: $(SRC_D)/crypto/bio/bio_cb.c
-	$(CC) -o $(OBJ_D)/bio_cb.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bio_cb.c
-
-$(OBJ_D)/bio_err.o: $(SRC_D)/crypto/bio/bio_err.c
-	$(CC) -o $(OBJ_D)/bio_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bio_err.c
-
-$(OBJ_D)/bss_mem.o: $(SRC_D)/crypto/bio/bss_mem.c
-	$(CC) -o $(OBJ_D)/bss_mem.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_mem.c
-
-$(OBJ_D)/bss_null.o: $(SRC_D)/crypto/bio/bss_null.c
-	$(CC) -o $(OBJ_D)/bss_null.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_null.c
-
-$(OBJ_D)/bss_fd.o: $(SRC_D)/crypto/bio/bss_fd.c
-	$(CC) -o $(OBJ_D)/bss_fd.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_fd.c
-
-$(OBJ_D)/bss_file.o: $(SRC_D)/crypto/bio/bss_file.c
-	$(CC) -o $(OBJ_D)/bss_file.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_file.c
-
-$(OBJ_D)/bss_sock.o: $(SRC_D)/crypto/bio/bss_sock.c
-	$(CC) -o $(OBJ_D)/bss_sock.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_sock.c
-
-$(OBJ_D)/bss_conn.o: $(SRC_D)/crypto/bio/bss_conn.c
-	$(CC) -o $(OBJ_D)/bss_conn.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_conn.c
-
-$(OBJ_D)/bf_null.o: $(SRC_D)/crypto/bio/bf_null.c
-	$(CC) -o $(OBJ_D)/bf_null.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bf_null.c
-
-$(OBJ_D)/bf_buff.o: $(SRC_D)/crypto/bio/bf_buff.c
-	$(CC) -o $(OBJ_D)/bf_buff.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bf_buff.c
-
-$(OBJ_D)/b_print.o: $(SRC_D)/crypto/bio/b_print.c
-	$(CC) -o $(OBJ_D)/b_print.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/b_print.c
-
-$(OBJ_D)/b_dump.o: $(SRC_D)/crypto/bio/b_dump.c
-	$(CC) -o $(OBJ_D)/b_dump.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/b_dump.c
-
-$(OBJ_D)/b_sock.o: $(SRC_D)/crypto/bio/b_sock.c
-	$(CC) -o $(OBJ_D)/b_sock.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/b_sock.c
-
-$(OBJ_D)/bss_acpt.o: $(SRC_D)/crypto/bio/bss_acpt.c
-	$(CC) -o $(OBJ_D)/bss_acpt.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_acpt.c
-
-$(OBJ_D)/bf_nbio.o: $(SRC_D)/crypto/bio/bf_nbio.c
-	$(CC) -o $(OBJ_D)/bf_nbio.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bf_nbio.c
-
-$(OBJ_D)/bss_cs4a.o: $(SRC_D)/crypto/bio/bss_cs4a.c
-	$(CC) -o $(OBJ_D)/bss_cs4a.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/bio/bss_cs4a.c
-
-$(OBJ_D)/stack.o: $(SRC_D)/crypto/stack/stack.c
-	$(CC) -o $(OBJ_D)/stack.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/stack/stack.c
-
-$(OBJ_D)/lhash.o: $(SRC_D)/crypto/lhash/lhash.c
-	$(CC) -o $(OBJ_D)/lhash.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/lhash/lhash.c
-
-$(OBJ_D)/lh_stats.o: $(SRC_D)/crypto/lhash/lh_stats.c
-	$(CC) -o $(OBJ_D)/lh_stats.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/lhash/lh_stats.c
-
-$(OBJ_D)/md_rand.o: $(SRC_D)/crypto/rand/md_rand.c
-	$(CC) -o $(OBJ_D)/md_rand.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rand/md_rand.c
-
-$(OBJ_D)/randfile.o: $(SRC_D)/crypto/rand/randfile.c
-	$(CC) -o $(OBJ_D)/randfile.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rand/randfile.c
-
-$(OBJ_D)/rand_lib.o: $(SRC_D)/crypto/rand/rand_lib.c
-	$(CC) -o $(OBJ_D)/rand_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/rand/rand_lib.c
-
-$(OBJ_D)/err.o: $(SRC_D)/crypto/err/err.c
-	$(CC) -o $(OBJ_D)/err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/err/err.c
-
-$(OBJ_D)/err_all.o: $(SRC_D)/crypto/err/err_all.c
-	$(CC) -o $(OBJ_D)/err_all.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/err/err_all.c
-
-$(OBJ_D)/err_prn.o: $(SRC_D)/crypto/err/err_prn.c
-	$(CC) -o $(OBJ_D)/err_prn.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/err/err_prn.c
-
-$(OBJ_D)/o_names.o: $(SRC_D)/crypto/objects/o_names.c
-	$(CC) -o $(OBJ_D)/o_names.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/objects/o_names.c
-
-$(OBJ_D)/obj_dat.o: $(SRC_D)/crypto/objects/obj_dat.c
-	$(CC) -o $(OBJ_D)/obj_dat.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/objects/obj_dat.c
-
-$(OBJ_D)/obj_lib.o: $(SRC_D)/crypto/objects/obj_lib.c
-	$(CC) -o $(OBJ_D)/obj_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/objects/obj_lib.c
-
-$(OBJ_D)/obj_err.o: $(SRC_D)/crypto/objects/obj_err.c
-	$(CC) -o $(OBJ_D)/obj_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/objects/obj_err.c
-
-$(OBJ_D)/encode.o: $(SRC_D)/crypto/evp/encode.c
-	$(CC) -o $(OBJ_D)/encode.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/encode.c
-
-$(OBJ_D)/digest.o: $(SRC_D)/crypto/evp/digest.c
-	$(CC) -o $(OBJ_D)/digest.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/digest.c
-
-$(OBJ_D)/evp_enc.o: $(SRC_D)/crypto/evp/evp_enc.c
-	$(CC) -o $(OBJ_D)/evp_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/evp_enc.c
-
-$(OBJ_D)/evp_key.o: $(SRC_D)/crypto/evp/evp_key.c
-	$(CC) -o $(OBJ_D)/evp_key.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/evp_key.c
-
-$(OBJ_D)/e_ecb_d.o: $(SRC_D)/crypto/evp/e_ecb_d.c
-	$(CC) -o $(OBJ_D)/e_ecb_d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_d.c
-
-$(OBJ_D)/e_cbc_d.o: $(SRC_D)/crypto/evp/e_cbc_d.c
-	$(CC) -o $(OBJ_D)/e_cbc_d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_d.c
-
-$(OBJ_D)/e_cfb_d.o: $(SRC_D)/crypto/evp/e_cfb_d.c
-	$(CC) -o $(OBJ_D)/e_cfb_d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_d.c
-
-$(OBJ_D)/e_ofb_d.o: $(SRC_D)/crypto/evp/e_ofb_d.c
-	$(CC) -o $(OBJ_D)/e_ofb_d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_d.c
-
-$(OBJ_D)/e_ecb_i.o: $(SRC_D)/crypto/evp/e_ecb_i.c
-	$(CC) -o $(OBJ_D)/e_ecb_i.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_i.c
-
-$(OBJ_D)/e_cbc_i.o: $(SRC_D)/crypto/evp/e_cbc_i.c
-	$(CC) -o $(OBJ_D)/e_cbc_i.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_i.c
-
-$(OBJ_D)/e_cfb_i.o: $(SRC_D)/crypto/evp/e_cfb_i.c
-	$(CC) -o $(OBJ_D)/e_cfb_i.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_i.c
-
-$(OBJ_D)/e_ofb_i.o: $(SRC_D)/crypto/evp/e_ofb_i.c
-	$(CC) -o $(OBJ_D)/e_ofb_i.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_i.c
-
-$(OBJ_D)/e_ecb_3d.o: $(SRC_D)/crypto/evp/e_ecb_3d.c
-	$(CC) -o $(OBJ_D)/e_ecb_3d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_3d.c
-
-$(OBJ_D)/e_cbc_3d.o: $(SRC_D)/crypto/evp/e_cbc_3d.c
-	$(CC) -o $(OBJ_D)/e_cbc_3d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_3d.c
-
-$(OBJ_D)/e_rc4.o: $(SRC_D)/crypto/evp/e_rc4.c
-	$(CC) -o $(OBJ_D)/e_rc4.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_rc4.c
-
-$(OBJ_D)/names.o: $(SRC_D)/crypto/evp/names.c
-	$(CC) -o $(OBJ_D)/names.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/names.c
-
-$(OBJ_D)/e_cfb_3d.o: $(SRC_D)/crypto/evp/e_cfb_3d.c
-	$(CC) -o $(OBJ_D)/e_cfb_3d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_3d.c
-
-$(OBJ_D)/e_ofb_3d.o: $(SRC_D)/crypto/evp/e_ofb_3d.c
-	$(CC) -o $(OBJ_D)/e_ofb_3d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_3d.c
-
-$(OBJ_D)/e_xcbc_d.o: $(SRC_D)/crypto/evp/e_xcbc_d.c
-	$(CC) -o $(OBJ_D)/e_xcbc_d.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_xcbc_d.c
-
-$(OBJ_D)/e_ecb_r2.o: $(SRC_D)/crypto/evp/e_ecb_r2.c
-	$(CC) -o $(OBJ_D)/e_ecb_r2.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_r2.c
-
-$(OBJ_D)/e_cbc_r2.o: $(SRC_D)/crypto/evp/e_cbc_r2.c
-	$(CC) -o $(OBJ_D)/e_cbc_r2.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_r2.c
-
-$(OBJ_D)/e_cfb_r2.o: $(SRC_D)/crypto/evp/e_cfb_r2.c
-	$(CC) -o $(OBJ_D)/e_cfb_r2.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_r2.c
-
-$(OBJ_D)/e_ofb_r2.o: $(SRC_D)/crypto/evp/e_ofb_r2.c
-	$(CC) -o $(OBJ_D)/e_ofb_r2.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_r2.c
-
-$(OBJ_D)/e_ecb_bf.o: $(SRC_D)/crypto/evp/e_ecb_bf.c
-	$(CC) -o $(OBJ_D)/e_ecb_bf.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_bf.c
-
-$(OBJ_D)/e_cbc_bf.o: $(SRC_D)/crypto/evp/e_cbc_bf.c
-	$(CC) -o $(OBJ_D)/e_cbc_bf.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_bf.c
-
-$(OBJ_D)/e_cfb_bf.o: $(SRC_D)/crypto/evp/e_cfb_bf.c
-	$(CC) -o $(OBJ_D)/e_cfb_bf.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_bf.c
-
-$(OBJ_D)/e_ofb_bf.o: $(SRC_D)/crypto/evp/e_ofb_bf.c
-	$(CC) -o $(OBJ_D)/e_ofb_bf.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_bf.c
-
-$(OBJ_D)/e_ecb_c.o: $(SRC_D)/crypto/evp/e_ecb_c.c
-	$(CC) -o $(OBJ_D)/e_ecb_c.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_c.c
-
-$(OBJ_D)/e_cbc_c.o: $(SRC_D)/crypto/evp/e_cbc_c.c
-	$(CC) -o $(OBJ_D)/e_cbc_c.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_c.c
-
-$(OBJ_D)/e_cfb_c.o: $(SRC_D)/crypto/evp/e_cfb_c.c
-	$(CC) -o $(OBJ_D)/e_cfb_c.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_c.c
-
-$(OBJ_D)/e_ofb_c.o: $(SRC_D)/crypto/evp/e_ofb_c.c
-	$(CC) -o $(OBJ_D)/e_ofb_c.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_c.c
-
-$(OBJ_D)/e_ecb_r5.o: $(SRC_D)/crypto/evp/e_ecb_r5.c
-	$(CC) -o $(OBJ_D)/e_ecb_r5.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ecb_r5.c
-
-$(OBJ_D)/e_cbc_r5.o: $(SRC_D)/crypto/evp/e_cbc_r5.c
-	$(CC) -o $(OBJ_D)/e_cbc_r5.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cbc_r5.c
-
-$(OBJ_D)/e_cfb_r5.o: $(SRC_D)/crypto/evp/e_cfb_r5.c
-	$(CC) -o $(OBJ_D)/e_cfb_r5.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_cfb_r5.c
-
-$(OBJ_D)/e_ofb_r5.o: $(SRC_D)/crypto/evp/e_ofb_r5.c
-	$(CC) -o $(OBJ_D)/e_ofb_r5.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_ofb_r5.c
-
-$(OBJ_D)/m_null.o: $(SRC_D)/crypto/evp/m_null.c
-	$(CC) -o $(OBJ_D)/m_null.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_null.c
-
-$(OBJ_D)/m_md2.o: $(SRC_D)/crypto/evp/m_md2.c
-	$(CC) -o $(OBJ_D)/m_md2.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_md2.c
-
-$(OBJ_D)/m_md5.o: $(SRC_D)/crypto/evp/m_md5.c
-	$(CC) -o $(OBJ_D)/m_md5.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_md5.c
-
-$(OBJ_D)/m_sha.o: $(SRC_D)/crypto/evp/m_sha.c
-	$(CC) -o $(OBJ_D)/m_sha.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_sha.c
-
-$(OBJ_D)/m_sha1.o: $(SRC_D)/crypto/evp/m_sha1.c
-	$(CC) -o $(OBJ_D)/m_sha1.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_sha1.c
-
-$(OBJ_D)/m_dss.o: $(SRC_D)/crypto/evp/m_dss.c
-	$(CC) -o $(OBJ_D)/m_dss.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_dss.c
-
-$(OBJ_D)/m_dss1.o: $(SRC_D)/crypto/evp/m_dss1.c
-	$(CC) -o $(OBJ_D)/m_dss1.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_dss1.c
-
-$(OBJ_D)/m_mdc2.o: $(SRC_D)/crypto/evp/m_mdc2.c
-	$(CC) -o $(OBJ_D)/m_mdc2.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_mdc2.c
-
-$(OBJ_D)/m_ripemd.o: $(SRC_D)/crypto/evp/m_ripemd.c
-	$(CC) -o $(OBJ_D)/m_ripemd.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/m_ripemd.c
-
-$(OBJ_D)/p_open.o: $(SRC_D)/crypto/evp/p_open.c
-	$(CC) -o $(OBJ_D)/p_open.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_open.c
-
-$(OBJ_D)/p_seal.o: $(SRC_D)/crypto/evp/p_seal.c
-	$(CC) -o $(OBJ_D)/p_seal.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_seal.c
-
-$(OBJ_D)/p_sign.o: $(SRC_D)/crypto/evp/p_sign.c
-	$(CC) -o $(OBJ_D)/p_sign.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_sign.c
-
-$(OBJ_D)/p_verify.o: $(SRC_D)/crypto/evp/p_verify.c
-	$(CC) -o $(OBJ_D)/p_verify.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_verify.c
-
-$(OBJ_D)/p_lib.o: $(SRC_D)/crypto/evp/p_lib.c
-	$(CC) -o $(OBJ_D)/p_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_lib.c
-
-$(OBJ_D)/p_enc.o: $(SRC_D)/crypto/evp/p_enc.c
-	$(CC) -o $(OBJ_D)/p_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_enc.c
-
-$(OBJ_D)/p_dec.o: $(SRC_D)/crypto/evp/p_dec.c
-	$(CC) -o $(OBJ_D)/p_dec.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/p_dec.c
-
-$(OBJ_D)/bio_md.o: $(SRC_D)/crypto/evp/bio_md.c
-	$(CC) -o $(OBJ_D)/bio_md.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/bio_md.c
-
-$(OBJ_D)/bio_b64.o: $(SRC_D)/crypto/evp/bio_b64.c
-	$(CC) -o $(OBJ_D)/bio_b64.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/bio_b64.c
-
-$(OBJ_D)/bio_enc.o: $(SRC_D)/crypto/evp/bio_enc.c
-	$(CC) -o $(OBJ_D)/bio_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/bio_enc.c
-
-$(OBJ_D)/evp_err.o: $(SRC_D)/crypto/evp/evp_err.c
-	$(CC) -o $(OBJ_D)/evp_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/evp_err.c
-
-$(OBJ_D)/e_null.o: $(SRC_D)/crypto/evp/e_null.c
-	$(CC) -o $(OBJ_D)/e_null.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/e_null.c
-
-$(OBJ_D)/c_all.o: $(SRC_D)/crypto/evp/c_all.c
-	$(CC) -o $(OBJ_D)/c_all.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/c_all.c
-
-$(OBJ_D)/evp_lib.o: $(SRC_D)/crypto/evp/evp_lib.c
-	$(CC) -o $(OBJ_D)/evp_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/evp/evp_lib.c
-
-$(OBJ_D)/pem_sign.o: $(SRC_D)/crypto/pem/pem_sign.c
-	$(CC) -o $(OBJ_D)/pem_sign.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_sign.c
-
-$(OBJ_D)/pem_seal.o: $(SRC_D)/crypto/pem/pem_seal.c
-	$(CC) -o $(OBJ_D)/pem_seal.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_seal.c
-
-$(OBJ_D)/pem_info.o: $(SRC_D)/crypto/pem/pem_info.c
-	$(CC) -o $(OBJ_D)/pem_info.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_info.c
-
-$(OBJ_D)/pem_lib.o: $(SRC_D)/crypto/pem/pem_lib.c
-	$(CC) -o $(OBJ_D)/pem_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_lib.c
-
-$(OBJ_D)/pem_all.o: $(SRC_D)/crypto/pem/pem_all.c
-	$(CC) -o $(OBJ_D)/pem_all.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_all.c
-
-$(OBJ_D)/pem_err.o: $(SRC_D)/crypto/pem/pem_err.c
-	$(CC) -o $(OBJ_D)/pem_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pem/pem_err.c
-
-$(OBJ_D)/a_object.o: $(SRC_D)/crypto/asn1/a_object.c
-	$(CC) -o $(OBJ_D)/a_object.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_object.c
-
-$(OBJ_D)/a_bitstr.o: $(SRC_D)/crypto/asn1/a_bitstr.c
-	$(CC) -o $(OBJ_D)/a_bitstr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_bitstr.c
-
-$(OBJ_D)/a_utctm.o: $(SRC_D)/crypto/asn1/a_utctm.c
-	$(CC) -o $(OBJ_D)/a_utctm.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_utctm.c
-
-$(OBJ_D)/a_int.o: $(SRC_D)/crypto/asn1/a_int.c
-	$(CC) -o $(OBJ_D)/a_int.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_int.c
-
-$(OBJ_D)/a_octet.o: $(SRC_D)/crypto/asn1/a_octet.c
-	$(CC) -o $(OBJ_D)/a_octet.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_octet.c
-
-$(OBJ_D)/a_print.o: $(SRC_D)/crypto/asn1/a_print.c
-	$(CC) -o $(OBJ_D)/a_print.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_print.c
-
-$(OBJ_D)/a_type.o: $(SRC_D)/crypto/asn1/a_type.c
-	$(CC) -o $(OBJ_D)/a_type.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_type.c
-
-$(OBJ_D)/a_set.o: $(SRC_D)/crypto/asn1/a_set.c
-	$(CC) -o $(OBJ_D)/a_set.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_set.c
-
-$(OBJ_D)/a_dup.o: $(SRC_D)/crypto/asn1/a_dup.c
-	$(CC) -o $(OBJ_D)/a_dup.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_dup.c
-
-$(OBJ_D)/a_d2i_fp.o: $(SRC_D)/crypto/asn1/a_d2i_fp.c
-	$(CC) -o $(OBJ_D)/a_d2i_fp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_d2i_fp.c
-
-$(OBJ_D)/a_i2d_fp.o: $(SRC_D)/crypto/asn1/a_i2d_fp.c
-	$(CC) -o $(OBJ_D)/a_i2d_fp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_i2d_fp.c
-
-$(OBJ_D)/a_bmp.o: $(SRC_D)/crypto/asn1/a_bmp.c
-	$(CC) -o $(OBJ_D)/a_bmp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_bmp.c
-
-$(OBJ_D)/a_sign.o: $(SRC_D)/crypto/asn1/a_sign.c
-	$(CC) -o $(OBJ_D)/a_sign.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_sign.c
-
-$(OBJ_D)/a_digest.o: $(SRC_D)/crypto/asn1/a_digest.c
-	$(CC) -o $(OBJ_D)/a_digest.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_digest.c
-
-$(OBJ_D)/a_verify.o: $(SRC_D)/crypto/asn1/a_verify.c
-	$(CC) -o $(OBJ_D)/a_verify.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_verify.c
-
-$(OBJ_D)/x_algor.o: $(SRC_D)/crypto/asn1/x_algor.c
-	$(CC) -o $(OBJ_D)/x_algor.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_algor.c
-
-$(OBJ_D)/x_val.o: $(SRC_D)/crypto/asn1/x_val.c
-	$(CC) -o $(OBJ_D)/x_val.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_val.c
-
-$(OBJ_D)/x_pubkey.o: $(SRC_D)/crypto/asn1/x_pubkey.c
-	$(CC) -o $(OBJ_D)/x_pubkey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_pubkey.c
-
-$(OBJ_D)/x_sig.o: $(SRC_D)/crypto/asn1/x_sig.c
-	$(CC) -o $(OBJ_D)/x_sig.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_sig.c
-
-$(OBJ_D)/x_req.o: $(SRC_D)/crypto/asn1/x_req.c
-	$(CC) -o $(OBJ_D)/x_req.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_req.c
-
-$(OBJ_D)/x_attrib.o: $(SRC_D)/crypto/asn1/x_attrib.c
-	$(CC) -o $(OBJ_D)/x_attrib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_attrib.c
-
-$(OBJ_D)/x_name.o: $(SRC_D)/crypto/asn1/x_name.c
-	$(CC) -o $(OBJ_D)/x_name.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_name.c
-
-$(OBJ_D)/x_cinf.o: $(SRC_D)/crypto/asn1/x_cinf.c
-	$(CC) -o $(OBJ_D)/x_cinf.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_cinf.c
-
-$(OBJ_D)/x_x509.o: $(SRC_D)/crypto/asn1/x_x509.c
-	$(CC) -o $(OBJ_D)/x_x509.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_x509.c
-
-$(OBJ_D)/x_crl.o: $(SRC_D)/crypto/asn1/x_crl.c
-	$(CC) -o $(OBJ_D)/x_crl.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_crl.c
-
-$(OBJ_D)/x_info.o: $(SRC_D)/crypto/asn1/x_info.c
-	$(CC) -o $(OBJ_D)/x_info.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_info.c
-
-$(OBJ_D)/x_spki.o: $(SRC_D)/crypto/asn1/x_spki.c
-	$(CC) -o $(OBJ_D)/x_spki.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_spki.c
-
-$(OBJ_D)/d2i_r_pr.o: $(SRC_D)/crypto/asn1/d2i_r_pr.c
-	$(CC) -o $(OBJ_D)/d2i_r_pr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_r_pr.c
-
-$(OBJ_D)/i2d_r_pr.o: $(SRC_D)/crypto/asn1/i2d_r_pr.c
-	$(CC) -o $(OBJ_D)/i2d_r_pr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_r_pr.c
-
-$(OBJ_D)/d2i_r_pu.o: $(SRC_D)/crypto/asn1/d2i_r_pu.c
-	$(CC) -o $(OBJ_D)/d2i_r_pu.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_r_pu.c
-
-$(OBJ_D)/i2d_r_pu.o: $(SRC_D)/crypto/asn1/i2d_r_pu.c
-	$(CC) -o $(OBJ_D)/i2d_r_pu.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_r_pu.c
-
-$(OBJ_D)/d2i_s_pr.o: $(SRC_D)/crypto/asn1/d2i_s_pr.c
-	$(CC) -o $(OBJ_D)/d2i_s_pr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_s_pr.c
-
-$(OBJ_D)/i2d_s_pr.o: $(SRC_D)/crypto/asn1/i2d_s_pr.c
-	$(CC) -o $(OBJ_D)/i2d_s_pr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_s_pr.c
-
-$(OBJ_D)/d2i_s_pu.o: $(SRC_D)/crypto/asn1/d2i_s_pu.c
-	$(CC) -o $(OBJ_D)/d2i_s_pu.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_s_pu.c
-
-$(OBJ_D)/i2d_s_pu.o: $(SRC_D)/crypto/asn1/i2d_s_pu.c
-	$(CC) -o $(OBJ_D)/i2d_s_pu.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_s_pu.c
-
-$(OBJ_D)/d2i_pu.o: $(SRC_D)/crypto/asn1/d2i_pu.c
-	$(CC) -o $(OBJ_D)/d2i_pu.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_pu.c
-
-$(OBJ_D)/d2i_pr.o: $(SRC_D)/crypto/asn1/d2i_pr.c
-	$(CC) -o $(OBJ_D)/d2i_pr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_pr.c
-
-$(OBJ_D)/i2d_pu.o: $(SRC_D)/crypto/asn1/i2d_pu.c
-	$(CC) -o $(OBJ_D)/i2d_pu.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_pu.c
-
-$(OBJ_D)/i2d_pr.o: $(SRC_D)/crypto/asn1/i2d_pr.c
-	$(CC) -o $(OBJ_D)/i2d_pr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_pr.c
-
-$(OBJ_D)/t_req.o: $(SRC_D)/crypto/asn1/t_req.c
-	$(CC) -o $(OBJ_D)/t_req.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/t_req.c
-
-$(OBJ_D)/t_x509.o: $(SRC_D)/crypto/asn1/t_x509.c
-	$(CC) -o $(OBJ_D)/t_x509.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/t_x509.c
-
-$(OBJ_D)/t_pkey.o: $(SRC_D)/crypto/asn1/t_pkey.c
-	$(CC) -o $(OBJ_D)/t_pkey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/t_pkey.c
-
-$(OBJ_D)/p7_i_s.o: $(SRC_D)/crypto/asn1/p7_i_s.c
-	$(CC) -o $(OBJ_D)/p7_i_s.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_i_s.c
-
-$(OBJ_D)/p7_signi.o: $(SRC_D)/crypto/asn1/p7_signi.c
-	$(CC) -o $(OBJ_D)/p7_signi.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_signi.c
-
-$(OBJ_D)/p7_signd.o: $(SRC_D)/crypto/asn1/p7_signd.c
-	$(CC) -o $(OBJ_D)/p7_signd.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_signd.c
-
-$(OBJ_D)/p7_recip.o: $(SRC_D)/crypto/asn1/p7_recip.c
-	$(CC) -o $(OBJ_D)/p7_recip.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_recip.c
-
-$(OBJ_D)/p7_enc_c.o: $(SRC_D)/crypto/asn1/p7_enc_c.c
-	$(CC) -o $(OBJ_D)/p7_enc_c.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_enc_c.c
-
-$(OBJ_D)/p7_evp.o: $(SRC_D)/crypto/asn1/p7_evp.c
-	$(CC) -o $(OBJ_D)/p7_evp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_evp.c
-
-$(OBJ_D)/p7_dgst.o: $(SRC_D)/crypto/asn1/p7_dgst.c
-	$(CC) -o $(OBJ_D)/p7_dgst.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_dgst.c
-
-$(OBJ_D)/p7_s_e.o: $(SRC_D)/crypto/asn1/p7_s_e.c
-	$(CC) -o $(OBJ_D)/p7_s_e.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_s_e.c
-
-$(OBJ_D)/p7_enc.o: $(SRC_D)/crypto/asn1/p7_enc.c
-	$(CC) -o $(OBJ_D)/p7_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_enc.c
-
-$(OBJ_D)/p7_lib.o: $(SRC_D)/crypto/asn1/p7_lib.c
-	$(CC) -o $(OBJ_D)/p7_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/p7_lib.c
-
-$(OBJ_D)/f_int.o: $(SRC_D)/crypto/asn1/f_int.c
-	$(CC) -o $(OBJ_D)/f_int.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/f_int.c
-
-$(OBJ_D)/f_string.o: $(SRC_D)/crypto/asn1/f_string.c
-	$(CC) -o $(OBJ_D)/f_string.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/f_string.c
-
-$(OBJ_D)/i2d_dhp.o: $(SRC_D)/crypto/asn1/i2d_dhp.c
-	$(CC) -o $(OBJ_D)/i2d_dhp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_dhp.c
-
-$(OBJ_D)/i2d_dsap.o: $(SRC_D)/crypto/asn1/i2d_dsap.c
-	$(CC) -o $(OBJ_D)/i2d_dsap.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/i2d_dsap.c
-
-$(OBJ_D)/d2i_dhp.o: $(SRC_D)/crypto/asn1/d2i_dhp.c
-	$(CC) -o $(OBJ_D)/d2i_dhp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_dhp.c
-
-$(OBJ_D)/d2i_dsap.o: $(SRC_D)/crypto/asn1/d2i_dsap.c
-	$(CC) -o $(OBJ_D)/d2i_dsap.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/d2i_dsap.c
-
-$(OBJ_D)/n_pkey.o: $(SRC_D)/crypto/asn1/n_pkey.c
-	$(CC) -o $(OBJ_D)/n_pkey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/n_pkey.c
-
-$(OBJ_D)/a_hdr.o: $(SRC_D)/crypto/asn1/a_hdr.c
-	$(CC) -o $(OBJ_D)/a_hdr.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_hdr.c
-
-$(OBJ_D)/x_pkey.o: $(SRC_D)/crypto/asn1/x_pkey.c
-	$(CC) -o $(OBJ_D)/x_pkey.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_pkey.c
-
-$(OBJ_D)/a_bool.o: $(SRC_D)/crypto/asn1/a_bool.c
-	$(CC) -o $(OBJ_D)/a_bool.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_bool.c
-
-$(OBJ_D)/x_exten.o: $(SRC_D)/crypto/asn1/x_exten.c
-	$(CC) -o $(OBJ_D)/x_exten.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/x_exten.c
-
-$(OBJ_D)/asn1_par.o: $(SRC_D)/crypto/asn1/asn1_par.c
-	$(CC) -o $(OBJ_D)/asn1_par.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/asn1_par.c
-
-$(OBJ_D)/asn1_lib.o: $(SRC_D)/crypto/asn1/asn1_lib.c
-	$(CC) -o $(OBJ_D)/asn1_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/asn1_lib.c
-
-$(OBJ_D)/asn1_err.o: $(SRC_D)/crypto/asn1/asn1_err.c
-	$(CC) -o $(OBJ_D)/asn1_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/asn1_err.c
-
-$(OBJ_D)/a_meth.o: $(SRC_D)/crypto/asn1/a_meth.c
-	$(CC) -o $(OBJ_D)/a_meth.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_meth.c
-
-$(OBJ_D)/a_bytes.o: $(SRC_D)/crypto/asn1/a_bytes.c
-	$(CC) -o $(OBJ_D)/a_bytes.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/a_bytes.c
-
-$(OBJ_D)/evp_asn1.o: $(SRC_D)/crypto/asn1/evp_asn1.c
-	$(CC) -o $(OBJ_D)/evp_asn1.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/asn1/evp_asn1.c
-
-$(OBJ_D)/x509_def.o: $(SRC_D)/crypto/x509/x509_def.c
-	$(CC) -o $(OBJ_D)/x509_def.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_def.c
-
-$(OBJ_D)/x509_d2.o: $(SRC_D)/crypto/x509/x509_d2.c
-	$(CC) -o $(OBJ_D)/x509_d2.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_d2.c
-
-$(OBJ_D)/x509_r2x.o: $(SRC_D)/crypto/x509/x509_r2x.c
-	$(CC) -o $(OBJ_D)/x509_r2x.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_r2x.c
-
-$(OBJ_D)/x509_cmp.o: $(SRC_D)/crypto/x509/x509_cmp.c
-	$(CC) -o $(OBJ_D)/x509_cmp.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_cmp.c
-
-$(OBJ_D)/x509_obj.o: $(SRC_D)/crypto/x509/x509_obj.c
-	$(CC) -o $(OBJ_D)/x509_obj.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_obj.c
-
-$(OBJ_D)/x509_req.o: $(SRC_D)/crypto/x509/x509_req.c
-	$(CC) -o $(OBJ_D)/x509_req.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_req.c
-
-$(OBJ_D)/x509_vfy.o: $(SRC_D)/crypto/x509/x509_vfy.c
-	$(CC) -o $(OBJ_D)/x509_vfy.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_vfy.c
-
-$(OBJ_D)/x509_set.o: $(SRC_D)/crypto/x509/x509_set.c
-	$(CC) -o $(OBJ_D)/x509_set.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_set.c
-
-$(OBJ_D)/x509rset.o: $(SRC_D)/crypto/x509/x509rset.c
-	$(CC) -o $(OBJ_D)/x509rset.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509rset.c
-
-$(OBJ_D)/x509_err.o: $(SRC_D)/crypto/x509/x509_err.c
-	$(CC) -o $(OBJ_D)/x509_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_err.c
-
-$(OBJ_D)/x509name.o: $(SRC_D)/crypto/x509/x509name.c
-	$(CC) -o $(OBJ_D)/x509name.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509name.c
-
-$(OBJ_D)/x509_v3.o: $(SRC_D)/crypto/x509/x509_v3.c
-	$(CC) -o $(OBJ_D)/x509_v3.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_v3.c
-
-$(OBJ_D)/x509_ext.o: $(SRC_D)/crypto/x509/x509_ext.c
-	$(CC) -o $(OBJ_D)/x509_ext.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_ext.c
-
-$(OBJ_D)/x509pack.o: $(SRC_D)/crypto/x509/x509pack.c
-	$(CC) -o $(OBJ_D)/x509pack.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509pack.c
-
-$(OBJ_D)/x509type.o: $(SRC_D)/crypto/x509/x509type.c
-	$(CC) -o $(OBJ_D)/x509type.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509type.c
-
-$(OBJ_D)/x509_lu.o: $(SRC_D)/crypto/x509/x509_lu.c
-	$(CC) -o $(OBJ_D)/x509_lu.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_lu.c
-
-$(OBJ_D)/x_all.o: $(SRC_D)/crypto/x509/x_all.c
-	$(CC) -o $(OBJ_D)/x_all.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x_all.c
-
-$(OBJ_D)/x509_txt.o: $(SRC_D)/crypto/x509/x509_txt.c
-	$(CC) -o $(OBJ_D)/x509_txt.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/x509_txt.c
-
-$(OBJ_D)/by_file.o: $(SRC_D)/crypto/x509/by_file.c
-	$(CC) -o $(OBJ_D)/by_file.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/by_file.c
-
-$(OBJ_D)/by_dir.o: $(SRC_D)/crypto/x509/by_dir.c
-	$(CC) -o $(OBJ_D)/by_dir.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/by_dir.c
-
-$(OBJ_D)/v3_net.o: $(SRC_D)/crypto/x509/v3_net.c
-	$(CC) -o $(OBJ_D)/v3_net.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/v3_net.c
-
-$(OBJ_D)/v3_x509.o: $(SRC_D)/crypto/x509/v3_x509.c
-	$(CC) -o $(OBJ_D)/v3_x509.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/x509/v3_x509.c
-
-$(OBJ_D)/conf.o: $(SRC_D)/crypto/conf/conf.c
-	$(CC) -o $(OBJ_D)/conf.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/conf/conf.c
-
-$(OBJ_D)/conf_err.o: $(SRC_D)/crypto/conf/conf_err.c
-	$(CC) -o $(OBJ_D)/conf_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/conf/conf_err.c
-
-$(OBJ_D)/txt_db.o: $(SRC_D)/crypto/txt_db/txt_db.c
-	$(CC) -o $(OBJ_D)/txt_db.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/txt_db/txt_db.c
-
-$(OBJ_D)/pk7_lib.o: $(SRC_D)/crypto/pkcs7/pk7_lib.c
-	$(CC) -o $(OBJ_D)/pk7_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pkcs7/pk7_lib.c
-
-$(OBJ_D)/pkcs7err.o: $(SRC_D)/crypto/pkcs7/pkcs7err.c
-	$(CC) -o $(OBJ_D)/pkcs7err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pkcs7/pkcs7err.c
-
-$(OBJ_D)/pk7_doit.o: $(SRC_D)/crypto/pkcs7/pk7_doit.c
-	$(CC) -o $(OBJ_D)/pk7_doit.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/pkcs7/pk7_doit.c
-
-$(OBJ_D)/proxy.o: $(SRC_D)/crypto/proxy/proxy.c
-	$(CC) -o $(OBJ_D)/proxy.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/proxy/proxy.c
-
-$(OBJ_D)/pxy_txt.o: $(SRC_D)/crypto/proxy/pxy_txt.c
-	$(CC) -o $(OBJ_D)/pxy_txt.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/proxy/pxy_txt.c
-
-$(OBJ_D)/bf_proxy.o: $(SRC_D)/crypto/proxy/bf_proxy.c
-	$(CC) -o $(OBJ_D)/bf_proxy.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/proxy/bf_proxy.c
-
-$(OBJ_D)/pxy_conf.o: $(SRC_D)/crypto/proxy/pxy_conf.c
-	$(CC) -o $(OBJ_D)/pxy_conf.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/proxy/pxy_conf.c
-
-$(OBJ_D)/pxy_err.o: $(SRC_D)/crypto/proxy/pxy_err.c
-	$(CC) -o $(OBJ_D)/pxy_err.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/proxy/pxy_err.c
-
-$(OBJ_D)/comp_lib.o: $(SRC_D)/crypto/comp/comp_lib.c
-	$(CC) -o $(OBJ_D)/comp_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/comp/comp_lib.c
-
-$(OBJ_D)/c_rle.o: $(SRC_D)/crypto/comp/c_rle.c
-	$(CC) -o $(OBJ_D)/c_rle.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/comp/c_rle.c
-
-$(OBJ_D)/c_zlib.o: $(SRC_D)/crypto/comp/c_zlib.c
-	$(CC) -o $(OBJ_D)/c_zlib.o  $(LIB_CFLAGS) -c $(SRC_D)/crypto/comp/c_zlib.c
-
-$(OBJ_D)/s2_meth.o: $(SRC_D)/ssl/s2_meth.c
-	$(CC) -o $(OBJ_D)/s2_meth.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_meth.c
-
-$(OBJ_D)/s2_srvr.o: $(SRC_D)/ssl/s2_srvr.c
-	$(CC) -o $(OBJ_D)/s2_srvr.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_srvr.c
-
-$(OBJ_D)/s2_clnt.o: $(SRC_D)/ssl/s2_clnt.c
-	$(CC) -o $(OBJ_D)/s2_clnt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_clnt.c
-
-$(OBJ_D)/s2_lib.o: $(SRC_D)/ssl/s2_lib.c
-	$(CC) -o $(OBJ_D)/s2_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_lib.c
-
-$(OBJ_D)/s2_enc.o: $(SRC_D)/ssl/s2_enc.c
-	$(CC) -o $(OBJ_D)/s2_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_enc.c
-
-$(OBJ_D)/s2_pkt.o: $(SRC_D)/ssl/s2_pkt.c
-	$(CC) -o $(OBJ_D)/s2_pkt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s2_pkt.c
-
-$(OBJ_D)/s3_meth.o: $(SRC_D)/ssl/s3_meth.c
-	$(CC) -o $(OBJ_D)/s3_meth.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_meth.c
-
-$(OBJ_D)/s3_srvr.o: $(SRC_D)/ssl/s3_srvr.c
-	$(CC) -o $(OBJ_D)/s3_srvr.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_srvr.c
-
-$(OBJ_D)/s3_clnt.o: $(SRC_D)/ssl/s3_clnt.c
-	$(CC) -o $(OBJ_D)/s3_clnt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_clnt.c
-
-$(OBJ_D)/s3_lib.o: $(SRC_D)/ssl/s3_lib.c
-	$(CC) -o $(OBJ_D)/s3_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_lib.c
-
-$(OBJ_D)/s3_enc.o: $(SRC_D)/ssl/s3_enc.c
-	$(CC) -o $(OBJ_D)/s3_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_enc.c
-
-$(OBJ_D)/s3_pkt.o: $(SRC_D)/ssl/s3_pkt.c
-	$(CC) -o $(OBJ_D)/s3_pkt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_pkt.c
-
-$(OBJ_D)/s3_both.o: $(SRC_D)/ssl/s3_both.c
-	$(CC) -o $(OBJ_D)/s3_both.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s3_both.c
-
-$(OBJ_D)/s23_meth.o: $(SRC_D)/ssl/s23_meth.c
-	$(CC) -o $(OBJ_D)/s23_meth.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_meth.c
-
-$(OBJ_D)/s23_srvr.o: $(SRC_D)/ssl/s23_srvr.c
-	$(CC) -o $(OBJ_D)/s23_srvr.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_srvr.c
-
-$(OBJ_D)/s23_clnt.o: $(SRC_D)/ssl/s23_clnt.c
-	$(CC) -o $(OBJ_D)/s23_clnt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_clnt.c
-
-$(OBJ_D)/s23_lib.o: $(SRC_D)/ssl/s23_lib.c
-	$(CC) -o $(OBJ_D)/s23_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_lib.c
-
-$(OBJ_D)/s23_pkt.o: $(SRC_D)/ssl/s23_pkt.c
-	$(CC) -o $(OBJ_D)/s23_pkt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/s23_pkt.c
-
-$(OBJ_D)/t1_meth.o: $(SRC_D)/ssl/t1_meth.c
-	$(CC) -o $(OBJ_D)/t1_meth.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/t1_meth.c
-
-$(OBJ_D)/t1_srvr.o: $(SRC_D)/ssl/t1_srvr.c
-	$(CC) -o $(OBJ_D)/t1_srvr.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/t1_srvr.c
-
-$(OBJ_D)/t1_clnt.o: $(SRC_D)/ssl/t1_clnt.c
-	$(CC) -o $(OBJ_D)/t1_clnt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/t1_clnt.c
-
-$(OBJ_D)/t1_lib.o: $(SRC_D)/ssl/t1_lib.c
-	$(CC) -o $(OBJ_D)/t1_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/t1_lib.c
-
-$(OBJ_D)/t1_enc.o: $(SRC_D)/ssl/t1_enc.c
-	$(CC) -o $(OBJ_D)/t1_enc.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/t1_enc.c
-
-$(OBJ_D)/ssl_lib.o: $(SRC_D)/ssl/ssl_lib.c
-	$(CC) -o $(OBJ_D)/ssl_lib.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_lib.c
-
-$(OBJ_D)/ssl_err2.o: $(SRC_D)/ssl/ssl_err2.c
-	$(CC) -o $(OBJ_D)/ssl_err2.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_err2.c
-
-$(OBJ_D)/ssl_cert.o: $(SRC_D)/ssl/ssl_cert.c
-	$(CC) -o $(OBJ_D)/ssl_cert.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_cert.c
-
-$(OBJ_D)/ssl_sess.o: $(SRC_D)/ssl/ssl_sess.c
-	$(CC) -o $(OBJ_D)/ssl_sess.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_sess.c
-
-$(OBJ_D)/ssl_ciph.o: $(SRC_D)/ssl/ssl_ciph.c
-	$(CC) -o $(OBJ_D)/ssl_ciph.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_ciph.c
-
-$(OBJ_D)/ssl_stat.o: $(SRC_D)/ssl/ssl_stat.c
-	$(CC) -o $(OBJ_D)/ssl_stat.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_stat.c
-
-$(OBJ_D)/ssl_rsa.o: $(SRC_D)/ssl/ssl_rsa.c
-	$(CC) -o $(OBJ_D)/ssl_rsa.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_rsa.c
-
-$(OBJ_D)/ssl_asn1.o: $(SRC_D)/ssl/ssl_asn1.c
-	$(CC) -o $(OBJ_D)/ssl_asn1.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_asn1.c
-
-$(OBJ_D)/ssl_txt.o: $(SRC_D)/ssl/ssl_txt.c
-	$(CC) -o $(OBJ_D)/ssl_txt.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_txt.c
-
-$(OBJ_D)/ssl_algs.o: $(SRC_D)/ssl/ssl_algs.c
-	$(CC) -o $(OBJ_D)/ssl_algs.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_algs.c
-
-$(OBJ_D)/bio_ssl.o: $(SRC_D)/ssl/bio_ssl.c
-	$(CC) -o $(OBJ_D)/bio_ssl.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/bio_ssl.c
-
-$(OBJ_D)/pxy_ssl.o: $(SRC_D)/ssl/pxy_ssl.c
-	$(CC) -o $(OBJ_D)/pxy_ssl.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/pxy_ssl.c
-
-$(OBJ_D)/ssl_err.o: $(SRC_D)/ssl/ssl_err.c
-	$(CC) -o $(OBJ_D)/ssl_err.o  $(LIB_CFLAGS) -c $(SRC_D)/ssl/ssl_err.c
-
-$(OBJ_D)/rsaref.o: $(SRC_D)/rsaref/rsaref.c
-	$(CC) -o $(OBJ_D)/rsaref.o  $(LIB_CFLAGS) -c $(SRC_D)/rsaref/rsaref.c
-
-$(OBJ_D)/rsar_err.o: $(SRC_D)/rsaref/rsar_err.c
-	$(CC) -o $(OBJ_D)/rsar_err.o  $(LIB_CFLAGS) -c $(SRC_D)/rsaref/rsar_err.c
-
-$(TEST_D)/md2test: $(OBJ_D)/md2test.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/md2test $(LFLAGS) $(OBJ_D)/md2test.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/md5test: $(OBJ_D)/md5test.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/md5test $(LFLAGS) $(OBJ_D)/md5test.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/shatest: $(OBJ_D)/shatest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/shatest $(LFLAGS) $(OBJ_D)/shatest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/sha1test: $(OBJ_D)/sha1test.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/sha1test $(LFLAGS) $(OBJ_D)/sha1test.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/mdc2test: $(OBJ_D)/mdc2test.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/mdc2test $(LFLAGS) $(OBJ_D)/mdc2test.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/hmactest: $(OBJ_D)/hmactest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/hmactest $(LFLAGS) $(OBJ_D)/hmactest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/rmdtest: $(OBJ_D)/rmdtest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/rmdtest $(LFLAGS) $(OBJ_D)/rmdtest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/destest: $(OBJ_D)/destest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/destest $(LFLAGS) $(OBJ_D)/destest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/rc2test: $(OBJ_D)/rc2test.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/rc2test $(LFLAGS) $(OBJ_D)/rc2test.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/rc4test: $(OBJ_D)/rc4test.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/rc4test $(LFLAGS) $(OBJ_D)/rc4test.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/rc5test: $(OBJ_D)/rc5test.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/rc5test $(LFLAGS) $(OBJ_D)/rc5test.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/ideatest: $(OBJ_D)/ideatest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/ideatest $(LFLAGS) $(OBJ_D)/ideatest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/bftest: $(OBJ_D)/bftest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/bftest $(LFLAGS) $(OBJ_D)/bftest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/casttest: $(OBJ_D)/casttest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/casttest $(LFLAGS) $(OBJ_D)/casttest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/bntest: $(OBJ_D)/bntest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/bntest $(LFLAGS) $(OBJ_D)/bntest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/exptest: $(OBJ_D)/exptest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/exptest $(LFLAGS) $(OBJ_D)/exptest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/dsatest: $(OBJ_D)/dsatest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/dsatest $(LFLAGS) $(OBJ_D)/dsatest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/dhtest: $(OBJ_D)/dhtest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/dhtest $(LFLAGS) $(OBJ_D)/dhtest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/randtest: $(OBJ_D)/randtest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/randtest $(LFLAGS) $(OBJ_D)/randtest.o $(L_LIBS) $(EX_LIBS)
-
-$(TEST_D)/ssltest: $(OBJ_D)/ssltest.o $(LIBS_DEP)
-	$(LINK) -o $(TEST_D)/ssltest $(LFLAGS) $(OBJ_D)/ssltest.o $(L_LIBS) $(EX_LIBS)
-
-$(O_SSL): $(SSLOBJ)
-	$(RM) $(O_SSL)
-	$(MKLIB) $(O_SSL) $(SSLOBJ)
-	$(RANLIB) $(O_SSL)
-
-$(O_RSAGLUE): $(RSAGLUEOBJ)
-	$(RM) $(O_RSAGLUE)
-	$(MKLIB) $(O_RSAGLUE) $(RSAGLUEOBJ)
-	$(RANLIB) $(O_RSAGLUE)
-
-$(O_CRYPTO): $(CRYPTOOBJ)
-	$(RM) $(O_CRYPTO)
-	$(MKLIB) $(O_CRYPTO) $(CRYPTOOBJ)
-	$(RANLIB) $(O_CRYPTO)
-
-$(BIN_D)/$(E_EXE): $(E_OBJ) $(LIBS_DEP)
-	$(LINK) -o $(BIN_D)/$(E_EXE) $(LFLAGS) $(E_OBJ) $(L_LIBS) $(EX_LIBS)
-
diff --git a/makevms.com b/makevms.com
index 2f4792aa9a..6db8a59889 100755
--- a/makevms.com
+++ b/makevms.com
@@ -1,65 +1,1114 @@
 $!
-$! This procedure compiles the SSL sources into 2 libraries:
-$!	[.CRYPTO]CRYPTO-xxx.OLB		! crypto-graphics subroutines
-$!	[.SSL]SSL-xxx.OLB		! SSL protocol.
-$!
-$!  where 'xxx' specifies the machine achitecture: AXP or VAX
-$!
-$!  To perform 1 sub-option, specify P1 as one of:
-$!	INCLUDE CRYPTO SSL SSL_TASK
-$!
-$!  Requirements:
-$!	DECC 4.0   	(may work with other versions)
-$!	OpenVMS 6.1	(may work with other versions)
-$!
-$ original_default = f$environment("DEFAULT")
-$ proc = f$environment("PROCEDURE")
-$ proc_dir = f$parse("1.1;1",proc) - "1.1;1"
-$ set default 'proc_dir'
-$!
-$! Copy all include files to [.include]
-$!
-$ set noon
-$ if P1 .nes. "" then goto do_'p1'
-$ do_include
-$ write sys$output "Rebuilding [.include] directory..."
-$ delete [.include]*.h;*
-$ backup [.*...]*.h; includes.bck/save
-$ backup includes.bck/save [.include]
-$ delete includes.bck;
-$ if p1 .nes. "" then goto cleanup
-$!
-$! Build crypto lib.
-$!
-$ do_crypto:
-$ write sys$Output "Making CRYPTO library"
-$ set default [.crypto]
-$ @libvms
-$ set default [-]
-$ if p1 .nes. "" then goto cleanup
-$!
-$! Build SSL lib.
-$!
-$ do_ssl:
-$ write sys$output "Making SSL library"
-$ set default [.ssl]
-$ libname = "ssl-axp.olb"
-$ if f$getsyi("CPU") .lt. 128 then libname = "ssl-vax.olb"
-$ if f$search(libname) .eqs. "" then library/create/log 'libname'
-$ cc ssl.c/include=[-.include]/prefix=all
-$ library/replace 'libname' ssl.obj
-$ set default [-]
-$ if p1 .nes. "" then goto cleanup
-$!
-$ do_ssl_task:
-$ write sys$output "Building SSL_TASK.EXE, the DECnet-based SSL engine"
-$ set default [.ssl]
-$ libname = "ssl-axp.olb"
-$ if f$getsyi("CPU") .lt. 128 then libname = "ssl-vax.olb"
-$ cc ssl_task/include=[-.include]/prefix=all
-$ cryptolib = "[-.crypto]crypto-" + f$element(1,"-",libname)
-$ link ssl_task,'libname'/library,'cryptolib'/library
-$!
-$ cleanup:
-$ set default 'original_default'
-$ write sys$output "Done"
+$! MAKEVMS.COM
+$! Original Author:  UNKNOWN
+$! Rewritten By:  Robert Byer
+$!                Vice-President
+$!                A-Com Computing, Inc.
+$!                byer@mail.all-net.net
+$!
+$! Changes by Richard Levitte <richard@levitte.org>
+$!
+$! This procedure creates the SSL libraries of "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB"
+$! "[.xxx.EXE.SSL]LIBSSL.OLB"
+$! The "xxx" denotes the machine architecture of AXP or VAX.
+$!
+$! This procedures accepts two command line options listed below.
+$!
+$! Specify one of the following build options for P1.
+$!
+$!      ALL       Just build "everything".
+$!      CONFIG    Just build the "[.CRYPTO]OPENSSLCONF.H" file.
+$!      BUILDINF  Just build the "[.CRYPTO]BUILDINF.H" file.
+$!      SOFTLINKS Just fix the Unix soft links.
+$!      BUILDALL  Same as ALL, except CONFIG, BUILDINF and SOFTILNKS aren't done.
+$!      CRYPTO    Just build the "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
+$!      CRYPTO/x  Just build the x part of the
+$!                "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" library.
+$!      SSL       Just build the "[.xxx.EXE.SSL]LIBSSL.OLB" library.
+$!      SSL_TASK  Just build the "[.xxx.EXE.SSL]SSL_TASK.EXE" program.
+$!      TEST      Just build the "[.xxx.EXE.TEST]" test programs for OpenSSL.
+$!      APPS      Just build the "[.xxx.EXE.APPS]" application programs for OpenSSL.
+$!      ENGINES   Just build the "[.xxx.EXE.ENGINES]" application programs for OpenSSL.
+$!
+$!
+$! P2 is ignored (it was used to denote if RSAref should be used or not,
+$! and is simply kept so surrounding scripts don't get confused)
+$!
+$! Speficy DEBUG or NODEBUG as P3 to compile with or without debugging
+$! information.
+$!
+$! Specify which compiler at P4 to try to compile under.
+$!
+$!	  VAXC	 For VAX C.
+$!	  DECC	 For DEC C.
+$!	  GNUC	 For GNU C.
+$!	  LINK   To only link the programs from existing object files.
+$!               (not yet implemented)
+$!
+$! If you don't speficy a compiler, it will try to determine which
+$! "C" compiler to use.
+$!
+$! P5, if defined, sets a TCP/IP library to use, through one of the following
+$! keywords:
+$!
+$!	UCX		for UCX or UCX emulation
+$!	TCPIP		for TCP/IP Services or TCP/IP Services emulation
+$!			(this is prefered over UCX)
+$!	SOCKETSHR	for SOCKETSHR+NETLIB
+$!	NONE		to avoid specifying which TCP/IP implementation to
+$!			use at build time (this works with DEC C).  This is
+$!			the default.
+$!
+$! P6, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$!
+$!
+$! Check if we're in a batch job, and make sure we get to 
+$! the directory this script is in
+$!
+$ IF F$MODE() .EQS. "BATCH"
+$ THEN
+$   COMNAME=F$ENVIRONMENT("PROCEDURE")
+$   COMPATH=F$PARSE("A.;",COMNAME) - "A.;"
+$   SET DEF 'COMPATH'
+$ ENDIF
+$!
+$! Check Which Architecture We Are Using.
+$!
+$ IF (F$GETSYI("CPU").GE.128)
+$ THEN
+$!
+$!  The Architecture Is AXP.
+$!
+$   ARCH := AXP
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  The Architecture Is VAX.
+$!
+$   ARCH := VAX
+$!
+$! End The Architecture Check.
+$!
+$ ENDIF
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
+$! Check To See What We Are To Do.
+$!
+$ IF (BUILDCOMMAND.EQS."ALL")
+$ THEN
+$!
+$!  Start with building the OpenSSL configuration file.
+$!
+$   GOSUB CONFIG
+$!
+$!  Create The "BUILDINF.H" Include File.
+$!
+$   GOSUB BUILDINF
+$!
+$!  Fix The Unix Softlinks.
+$!
+$   GOSUB SOFTLINKS
+$!
+$ ENDIF
+$!
+$ IF (BUILDCOMMAND.EQS."ALL".OR.BUILDCOMMAND.EQS."BUILDALL")
+$ THEN
+$!
+$!  Build The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
+$!
+$   GOSUB CRYPTO
+$!
+$!  Build The [.xxx.EXE.SSL]LIBSSL.OLB Library.
+$!
+$   GOSUB SSL
+$!
+$!  Build The [.xxx.EXE.SSL]SSL_TASK.EXE DECNet SSL Engine.
+$!
+$   GOSUB SSL_TASK
+$!
+$!  Build The [.xxx.EXE.TEST] OpenSSL Test Utilities.
+$!
+$   GOSUB TEST
+$!
+$!  Build The [.xxx.EXE.APPS] OpenSSL Application Utilities.
+$!
+$   GOSUB APPS
+$!
+$!  Build The [.xxx.EXE.ENGINES] OpenSSL Shareable Engines.
+$!
+$   GOSUB ENGINES
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!    Build Just What The User Wants Us To Build.
+$!
+$     GOSUB 'BUILDCOMMAND'
+$!
+$ ENDIF
+$!
+$! Time To EXIT.
+$!
+$ EXIT
+$!
+$! Rebuild The "[.CRYPTO]OPENSSLCONF.H" file.
+$!
+$ CONFIG:
+$!
+$! Tell The User We Are Creating The [.CRYPTO]OPENSSLCONF.H File.
+$!
+$ WRITE SYS$OUTPUT "Creating [.CRYPTO]OPENSSLCONF.H Include File."
+$!
+$! Create The [.CRYPTO]OPENSSLCONF.H File.
+$!
+$ OPEN/WRITE H_FILE SYS$DISK:[.CRYPTO]OPENSSLCONF.H
+$!
+$! Write The [.CRYPTO]OPENSSLCONF.H File.
+$!
+$ WRITE H_FILE "/* This file was automatically built using makevms.com */"
+$ WRITE H_FILE "/* and [.CRYPTO]OPENSSLCONF.H_IN */"
+$
+$!
+$! Write a few macros that indicate how this system was built.
+$!
+$ WRITE H_FILE ""
+$ WRITE H_FILE "#ifndef OPENSSL_SYS_VMS"
+$ WRITE H_FILE "# define OPENSSL_SYS_VMS"
+$ WRITE H_FILE "#endif"
+$ CONFIG_LOGICALS := NO_ASM,NO_RSA,NO_DSA,NO_DH,NO_MD2,NO_MD5,NO_RIPEMD,-
+	NO_SHA,NO_SHA0,NO_SHA1,NO_DES/NO_MDC2;NO_MDC2,NO_RC2,NO_RC4,NO_RC5,-
+	NO_IDEA,NO_BF,NO_CAST,NO_HMAC,NO_SSL2
+$ CONFIG_LOG_I = 0
+$ CONFIG_LOG_LOOP:
+$   CONFIG_LOG_E1 = F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS)
+$   CONFIG_LOG_I = CONFIG_LOG_I + 1
+$   IF CONFIG_LOG_E1 .EQS. "" THEN GOTO CONFIG_LOG_LOOP
+$   IF CONFIG_LOG_E1 .EQS. "," THEN GOTO CONFIG_LOG_LOOP_END
+$   CONFIG_LOG_E2 = F$EDIT(CONFIG_LOG_E1,"TRIM")
+$   CONFIG_LOG_E1 = F$ELEMENT(0,";",CONFIG_LOG_E2)
+$   CONFIG_LOG_E2 = F$ELEMENT(1,";",CONFIG_LOG_E2)
+$   CONFIG_LOG_E0 = F$ELEMENT(0,"/",CONFIG_LOG_E1)
+$   CONFIG_LOG_E1 = F$ELEMENT(1,"/",CONFIG_LOG_E1)
+$   IF F$TRNLNM("OPENSSL_"+CONFIG_LOG_E0)
+$   THEN
+$     WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E0
+$     WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E0
+$     WRITE H_FILE "#endif"
+$     IF CONFIG_LOG_E1 .NES. "/"
+$     THEN
+$       WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E1
+$       WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E1
+$       WRITE H_FILE "#endif"
+$     ENDIF
+$   ELSE
+$     IF CONFIG_LOG_E2 .NES. ";"
+$     THEN
+$       IF F$TRNLNM("OPENSSL_"+CONFIG_LOG_E2)
+$       THEN
+$         WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E2
+$         WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E2
+$         WRITE H_FILE "#endif"
+$       ENDIF
+$     ENDIF
+$   ENDIF
+$   GOTO CONFIG_LOG_LOOP
+$ CONFIG_LOG_LOOP_END:
+$ WRITE H_FILE "#ifndef OPENSSL_NO_STATIC_ENGINE"
+$ WRITE H_FILE "# define OPENSSL_NO_STATIC_ENGINE"
+$ WRITE H_FILE "#endif"
+$ WRITE H_FILE "#ifndef OPENSSL_THREADS"
+$ WRITE H_FILE "# define OPENSSL_THREADS"
+$ WRITE H_FILE "#endif"
+$ WRITE H_FILE "#ifndef OPENSSL_NO_KRB5"
+$ WRITE H_FILE "# define OPENSSL_NO_KRB5"
+$ WRITE H_FILE "#endif"
+$ WRITE H_FILE ""
+$!
+$! Different tar version may have named the file differently
+$ IF F$SEARCH("[.CRYPTO]OPENSSLCONF.H_IN") .NES. ""
+$ THEN
+$   TYPE [.CRYPTO]OPENSSLCONF.H_IN /OUTPUT=H_FILE:
+$ ELSE
+$   IF F$SEARCH("[.CRYPTO]OPENSSLCONF_H.IN") .NES. ""
+$   THEN
+$     TYPE [.CRYPTO]OPENSSLCONF_H.IN /OUTPUT=H_FILE:
+$   ELSE
+$     ! For ODS-5
+$     IF F$SEARCH("[.CRYPTO]OPENSSLCONF.H.IN") .NES. ""
+$     THEN
+$       TYPE [.CRYPTO]OPENSSLCONF.H.IN /OUTPUT=H_FILE:
+$     ELSE
+$       WRITE SYS$ERROR "Couldn't find a [.CRYPTO]OPENSSLCONF.H_IN.  Exiting!"
+$       EXIT 0
+$     ENDIF
+$   ENDIF
+$ ENDIF
+$ IF ARCH .EQS. "AXP"
+$ THEN
+$!
+$!  Write the Alpha specific data
+$!
+$   WRITE H_FILE "#if defined(HEADER_RC4_H)"
+$   WRITE H_FILE "#undef RC4_INT"
+$   WRITE H_FILE "#define RC4_INT unsigned int"
+$   WRITE H_FILE "#undef RC4_CHUNK"
+$   WRITE H_FILE "#define RC4_CHUNK unsigned long long"
+$   WRITE H_FILE "#endif"
+$!
+$   WRITE H_FILE "#if defined(HEADER_DES_LOCL_H)"
+$   WRITE H_FILE "#undef DES_LONG"
+$   WRITE H_FILE "#define DES_LONG unsigned int"
+$   WRITE H_FILE "#undef DES_PTR"
+$   WRITE H_FILE "#define DES_PTR"
+$   WRITE H_FILE "#undef DES_RISC1"
+$   WRITE H_FILE "#undef DES_RISC2"
+$   WRITE H_FILE "#define DES_RISC1"
+$   WRITE H_FILE "#undef DES_UNROLL"
+$   WRITE H_FILE "#define DES_UNROLL"
+$   WRITE H_FILE "#endif"
+$!
+$   WRITE H_FILE "#if defined(HEADER_BN_H)"
+$   WRITE H_FILE "#undef SIXTY_FOUR_BIT_LONG"
+$   WRITE H_FILE "#undef SIXTY_FOUR_BIT"
+$   WRITE H_FILE "#define SIXTY_FOUR_BIT"
+$   WRITE H_FILE "#undef THIRTY_TWO_BIT"
+$   WRITE H_FILE "#undef SIXTEEN_BIT"
+$   WRITE H_FILE "#undef EIGHT_BIT"
+$   WRITE H_FILE "#endif"
+$
+$   WRITE H_FILE "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION"
+$!
+$!  Else...
+$!
+$ ELSE
+$!
+$!  Write the VAX specific data
+$!
+$   WRITE H_FILE "#if defined(HEADER_RC4_H)"
+$   WRITE H_FILE "#undef RC4_INT"
+$   WRITE H_FILE "#define RC4_INT unsigned char"
+$   WRITE H_FILE "#undef RC4_CHUNK"
+$   WRITE H_FILE "#define RC4_CHUNK unsigned long"
+$   WRITE H_FILE "#endif"
+$!
+$   WRITE H_FILE "#if defined(HEADER_DES_LOCL_H)"
+$   WRITE H_FILE "#undef DES_LONG"
+$   WRITE H_FILE "#define DES_LONG unsigned long"
+$   WRITE H_FILE "#undef DES_PTR"
+$   WRITE H_FILE "#define DES_PTR"
+$   WRITE H_FILE "#undef DES_RISC1"
+$   WRITE H_FILE "#undef DES_RISC2"
+$   WRITE H_FILE "#undef DES_UNROLL"
+$   WRITE H_FILE "#endif"
+$!
+$   WRITE H_FILE "#if defined(HEADER_BN_H)"
+$   WRITE H_FILE "#undef SIXTY_FOUR_BIT_LONG"
+$   WRITE H_FILE "#undef SIXTY_FOUR_BIT"
+$   WRITE H_FILE "#undef THIRTY_TWO_BIT"
+$   WRITE H_FILE "#define THIRTY_TWO_BIT"
+$   WRITE H_FILE "#undef SIXTEEN_BIT"
+$   WRITE H_FILE "#undef EIGHT_BIT"
+$   WRITE H_FILE "#endif"
+$
+$   WRITE H_FILE "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION"
+$   WRITE H_FILE "#define OPENSSL_EXPORT_VAR_AS_FUNCTION"
+$!
+$!  End
+$!
+$ ENDIF
+$!
+$! Close the [.CRYPTO]OPENSSLCONF.H file
+$!
+$ CLOSE H_FILE
+$!
+$! That's All, Time To RETURN.
+$!
+$ RETURN
+$!
+$! Rebuild The "[.CRYPTO]BUILDINF.H" file.
+$!
+$ BUILDINF:
+$!
+$! Tell The User We Are Creating The [.CRYPTO]BUILDINF.H File.
+$!
+$ WRITE SYS$OUTPUT "Creating [.CRYPTO]BUILDINF.H Include File."
+$!
+$! Create The [.CRYPTO]BUILDINF.H File.
+$!
+$ OPEN/WRITE H_FILE SYS$DISK:[.CRYPTO]BUILDINF.H
+$!
+$! Get The Current Date & Time.
+$!
+$ TIME = F$TIME()
+$!
+$! Write The [.CRYPTO]BUILDINF.H File.
+$!
+$ WRITE H_FILE "#define CFLAGS """" /* Not filled in for now */"
+$ WRITE H_FILE "#define PLATFORM ""VMS"""
+$ WRITE H_FILE "#define DATE ""''TIME'"" "
+$!
+$! Close The [.CRYPTO]BUILDINF.H File.
+$!
+$ CLOSE H_FILE
+$!
+$! That's All, Time To RETURN.
+$!
+$ RETURN
+$!
+$! Copy a lot of files around.
+$!
+$ SOFTLINKS: 
+$!
+$! Tell The User We Are Partly Rebuilding The [.TEST] Directory.
+$!
+$ WRITE SYS$OUTPUT "Rebuilding The '[.APPS]MD4.C', '[.APPS]MD5.C' And '[.APPS]RMD160.C' Files."
+$!
+$ DELETE SYS$DISK:[.APPS]MD4.C;*,MD5.C;*,RMD160.C;*
+$!
+$! Copy MD4.C from [.CRYPTO.MD4] into [.APPS]
+$!
+$ COPY SYS$DISK:[.CRYPTO.MD4]MD4.C SYS$DISK:[.APPS]
+$!
+$! Copy MD5.C from [.CRYPTO.MD5] into [.APPS]
+$!
+$ COPY SYS$DISK:[.CRYPTO.MD5]MD5.C SYS$DISK:[.APPS]
+$!
+$! Copy RMD160.C from [.CRYPTO.RIPEMD] into [.APPS]
+$!
+$ COPY SYS$DISK:[.CRYPTO.RIPEMD]RMD160.C SYS$DISK:[.APPS]
+$!
+$! Tell The User We Are Partly Rebuilding The [.TEST] Directory.
+$!
+$ WRITE SYS$OUTPUT "Rebuilding The '[.TEST]*.C' Files."
+$!
+$! First, We Have To "Rebuild" The "[.TEST]" Directory, So Delete
+$! All The "C" Files That Are Currently There Now.
+$!
+$ DELETE SYS$DISK:[.TEST]*.C;*
+$ DELETE SYS$DISK:[.TEST]EVPTESTS.TXT;*
+$!
+$! Copy all the *TEST.C files from [.CRYPTO...] into [.TEST]
+$!
+$ COPY SYS$DISK:[.CRYPTO.*]%*TEST.C SYS$DISK:[.TEST]
+$ COPY SYS$DISK:[.CRYPTO.EVP]EVPTESTS.TXT SYS$DISK:[.TEST]
+$!
+$! Copy all the *TEST.C files from [.SSL...] into [.TEST]
+$!
+$ COPY SYS$DISK:[.SSL]%*TEST.C SYS$DISK:[.TEST]
+$!
+$! Tell The User We Are Rebuilding The [.INCLUDE.OPENSSL] Directory.
+$!
+$ WRITE SYS$OUTPUT "Rebuilding The '[.INCLUDE.OPENSSL]' Directory."
+$!
+$! First, make sure the directory exists
+$!
+$ IF F$PARSE("SYS$DISK:[.INCLUDE.OPENSSL]") .EQS. "" THEN -
+     CREATE/DIRECTORY SYS$DISK:[.INCLUDE.OPENSSL]
+$!
+$! Copy All The ".H" Files From The Main Directory.
+$!
+$ EXHEADER := e_os2.h
+$ COPY 'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL]
+$!
+$! Copy All The ".H" Files From The [.CRYPTO] Directory Tree.
+$!
+$ SDIRS := ,MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,-
+   DES,RC2,RC4,RC5,IDEA,BF,CAST,-
+   BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,AES,-
+   BUFFER,BIO,STACK,LHASH,RAND,ERR,OBJECTS,-
+   EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5
+$ EXHEADER_ := crypto.h,tmdiff.h,opensslv.h,opensslconf.h,ebcdic.h,symhacks.h,-
+		ossl_typ.h
+$ EXHEADER_MD2 := md2.h
+$ EXHEADER_MD4 := md4.h
+$ EXHEADER_MD5 := md5.h
+$ EXHEADER_SHA := sha.h
+$ EXHEADER_MDC2 := mdc2.h
+$ EXHEADER_HMAC := hmac.h
+$ EXHEADER_RIPEMD := ripemd.h
+$ EXHEADER_DES := des.h,des_old.h
+$ EXHEADER_RC2 := rc2.h
+$ EXHEADER_RC4 := rc4.h
+$ EXHEADER_RC5 := rc5.h
+$ EXHEADER_IDEA := idea.h
+$ EXHEADER_BF := blowfish.h
+$ EXHEADER_CAST := cast.h
+$ EXHEADER_BN := bn.h
+$ EXHEADER_EC := ec.h
+$ EXHEADER_RSA := rsa.h
+$ EXHEADER_DSA := dsa.h
+$ EXHEADER_ECDSA := ecdsa.h
+$ EXHEADER_DH := dh.h
+$ EXHEADER_ECDH := ecdh.h
+$ EXHEADER_DSO := dso.h
+$ EXHEADER_ENGINE := engine.h
+$ EXHEADER_AES := aes.h
+$ EXHEADER_BUFFER := buffer.h
+$ EXHEADER_BIO := bio.h
+$ EXHEADER_STACK := stack.h,safestack.h
+$ EXHEADER_LHASH := lhash.h
+$ EXHEADER_RAND := rand.h
+$ EXHEADER_ERR := err.h
+$ EXHEADER_OBJECTS := objects.h,obj_mac.h
+$ EXHEADER_EVP := evp.h
+$ EXHEADER_ASN1 := asn1.h,asn1_mac.h,asn1t.h
+$ EXHEADER_PEM := pem.h,pem2.h
+$ EXHEADER_X509 := x509.h,x509_vfy.h
+$ EXHEADER_X509V3 := x509v3.h
+$ EXHEADER_CONF := conf.h,conf_api.h
+$ EXHEADER_TXT_DB := txt_db.h
+$ EXHEADER_PKCS7 := pkcs7.h
+$ EXHEADER_PKCS12 := pkcs12.h
+$ EXHEADER_COMP := comp.h
+$ EXHEADER_OCSP := ocsp.h
+$ EXHEADER_UI := ui.h,ui_compat.h
+$ EXHEADER_KRB5 := krb5_asn.h
+$
+$ I = 0
+$ LOOP_SDIRS: 
+$ D = F$EDIT(F$ELEMENT(I, ",", SDIRS),"TRIM")
+$ I = I + 1
+$ IF D .EQS. "," THEN GOTO LOOP_SDIRS_END
+$ tmp = EXHEADER_'D'
+$ IF D .EQS. ""
+$ THEN
+$   COPY [.CRYPTO]'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG
+$ ELSE
+$   COPY [.CRYPTO.'D']'tmp' SYS$DISK:[.INCLUDE.OPENSSL] !/LOG
+$ ENDIF
+$ GOTO LOOP_SDIRS
+$ LOOP_SDIRS_END:
+$!
+$! Copy All The ".H" Files From The [.SSL] Directory.
+$!
+$ EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,kssl.h
+$ COPY SYS$DISK:[.SSL]'EXHEADER' SYS$DISK:[.INCLUDE.OPENSSL]
+$!
+$! Purge all doubles
+$!
+$ PURGE SYS$DISK:[.INCLUDE.OPENSSL]*.H
+$!
+$! That's All, Time To RETURN.
+$!
+$ RETURN
+$!
+$! Build The "[.xxx.EXE.CRYPTO]LIBCRYPTO.OLB" Library.
+$!
+$ CRYPTO:
+$!
+$! Tell The User What We Are Doing.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "Building The [.",ARCH,".EXE.CRYPTO]LIBCRYPTO.OLB Library."
+$!
+$! Go To The [.CRYPTO] Directory.
+$!
+$ SET DEFAULT SYS$DISK:[.CRYPTO]
+$!
+$! Build The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library.
+$!  
+$ @CRYPTO-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" "''ISSEVEN'" "''BUILDPART'"
+$!
+$! Build The [.xxx.EXE.CRYPTO]*.EXE Test Applications.
+$!  
+$ @CRYPTO-LIB APPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN' "''BUILDPART'"
+$!
+$! Go Back To The Main Directory.
+$!
+$ SET DEFAULT [-]
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$!
+$! Build The "[.xxx.EXE.SSL]LIBSSL.OLB" Library.
+$!
+$ SSL:
+$!
+$! Tell The User What We Are Doing.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "Building The [.",ARCH,".EXE.SSL]LIBSSL.OLB Library."
+$!
+$! Go To The [.SSL] Directory.
+$!
+$ SET DEFAULT SYS$DISK:[.SSL]
+$!
+$! Build The [.xxx.EXE.SSL]LIBSSL.OLB Library.
+$!
+$ @SSL-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN'
+$!
+$! Go Back To The Main Directory.
+$!
+$ SET DEFAULT [-]
+$!
+$! Time To Return.
+$!
+$ RETURN
+$!
+$! Build The "[.xxx.EXE.SSL]SSL_TASK.EXE" Program.
+$!
+$ SSL_TASK:
+$!
+$! Tell The User What We Are Doing.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "Building DECNet Based SSL Engine, [.",ARCH,".EXE.SSL]SSL_TASK.EXE"
+$!
+$! Go To The [.SSL] Directory.
+$!
+$ SET DEFAULT SYS$DISK:[.SSL]
+$!
+$! Build The [.xxx.EXE.SSL]SSL_TASK.EXE
+$!
+$ @SSL-LIB SSL_TASK 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN'
+$!
+$! Go Back To The Main Directory.
+$!
+$ SET DEFAULT [-]
+$!
+$! That's All, Time To RETURN.
+$!
+$ RETURN
+$!
+$! Build The OpenSSL Test Programs.
+$!
+$ TEST:
+$!
+$! Tell The User What We Are Doing.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "Building The OpenSSL [.",ARCH,".EXE.TEST] Test Utilities."
+$!
+$! Go To The [.TEST] Directory.
+$!
+$ SET DEFAULT SYS$DISK:[.TEST]
+$!
+$! Build The Test Programs.
+$!
+$ @MAKETESTS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN'
+$!
+$! Go Back To The Main Directory.
+$!
+$ SET DEFAULT [-]
+$!
+$! That's All, Time To RETURN.
+$!
+$ RETURN
+$!
+$! Build The OpenSSL Application Programs.
+$!
+$ APPS:
+$!
+$! Tell The User What We Are Doing.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "Building OpenSSL [.",ARCH,".EXE.APPS] Applications."
+$!
+$! Go To The [.APPS] Directory.
+$!
+$ SET DEFAULT SYS$DISK:[.APPS]
+$!
+$! Build The Application Programs.
+$!
+$ @MAKEAPPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN'
+$!
+$! Go Back To The Main Directory.
+$!
+$ SET DEFAULT [-]
+$!
+$! That's All, Time To RETURN.
+$!
+$ RETURN
+$!
+$! Build The OpenSSL Application Programs.
+$!
+$ ENGINES:
+$!
+$! Tell The User What We Are Doing.
+$!
+$ WRITE SYS$OUTPUT ""
+$ WRITE SYS$OUTPUT "Building OpenSSL [.",ARCH,".EXE.ENGINES] Engines."
+$!
+$! Go To The [.ENGINES] Directory.
+$!
+$ SET DEFAULT SYS$DISK:[.ENGINES]
+$!
+$! Build The Application Programs.
+$!
+$ @MAKEENGINES ENGINES 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" 'ISSEVEN' "''BUILDPART'"
+$!
+$! Go Back To The Main Directory.
+$!
+$ SET DEFAULT [-]
+$!
+$! That's All, Time To RETURN.
+$!
+$ RETURN
+$!
+$! Check The User's Options.
+$!
+$ CHECK_OPTIONS:
+$!
+$! Check if there's a "part", and separate it out
+$!
+$ BUILDPART = F$ELEMENT(1,"/",P1)
+$ IF BUILDPART .EQS. "/"
+$ THEN
+$   BUILDPART = ""
+$ ELSE
+$   P1 = F$EXTRACT(0,F$LENGTH(P1) - F$LENGTH(BUILDPART) - 1, P1)
+$ ENDIF
+$!
+$! Check To See If P1 Is Blank.
+$!
+$ IF (P1.EQS."ALL")
+$ THEN
+$!
+$!   P1 Is ALL, So Build Everything.
+$!
+$    BUILDCOMMAND = "ALL"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Else, Check To See If P1 Has A Valid Arguement.
+$!
+$   IF (P1.EQS."CONFIG").OR.(P1.EQS."BUILDINF").OR.(P1.EQS."SOFTLINKS") -
+       .OR.(P1.EQS."BUILDALL") -
+       .OR.(P1.EQS."CRYPTO").OR.(P1.EQS."SSL") -
+       .OR.(P1.EQS."SSL_TASK").OR.(P1.EQS."TEST").OR.(P1.EQS."APPS")
+$   THEN
+$!
+$!    A Valid Arguement.
+$!
+$     BUILDCOMMAND = P1
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User We Don't Know What They Want.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything."
+$     WRITE SYS$OUTPUT "    CONFIG   :  Just build the [.CRYPTO]OPENSSLCONF.H file."
+$     WRITE SYS$OUTPUT "    BUILDINF :  Just build the [.CRYPTO]BUILDINF.H file."
+$     WRITE SYS$OUTPUT "    SOFTLINKS:  Just Fix The Unix soft links."
+$     WRITE SYS$OUTPUT "    BUILDALL :  Same as ALL, except CONFIG, BUILDINF and SOFTILNKS aren't done."
+$     WRITE SYS$OUTPUT "    CRYPTO   :  To Build Just The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library."
+$     WRITE SYS$OUTPUT "    CRYPTO/x :  To Build Just The x Part Of The"
+$     WRITE SYS$OUTPUT "                [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library."
+$     WRITE SYS$OUTPUT "    SSL      :  To Build Just The [.xxx.EXE.SSL]LIBSSL.OLB Library."
+$     WRITE SYS$OUTPUT "    SSL_TASK :  To Build Just The [.xxx.EXE.SSL]SSL_TASK.EXE Program."
+$     WRITE SYS$OUTPUT "    TEST     :  To Build Just The OpenSSL Test Programs."
+$     WRITE SYS$OUTPUT "    APPS     :  To Build Just The OpenSSL Application Programs."
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "        AXP  :  Alpha Architecture."
+$     WRITE SYS$OUTPUT "        VAX  :  VAX Architecture."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Argument Check.
+$!
+$   ENDIF
+$!
+$! End The P1 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P3 Is Blank.
+$!
+$ IF (P3.EQS."NODEBUG")
+$ THEN
+$!
+$!   P3 Is NODEBUG, So Compile Without Debugger Information.
+$!
+$    DEBUGGER = "NODEBUG"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Check To See If We Are To Compile With Debugger Information.
+$!
+$   IF (P3.EQS."DEBUG")
+$   THEN
+$!
+$!    Compile With Debugger Information.
+$!
+$     DEBUGGER = "DEBUG"
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User Entered An Invalid Option..
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    DEBUG    :  Compile With The Debugger Information."
+$     WRITE SYS$OUTPUT "    NODEBUG  :  Compile Without The Debugger Information."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P3 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P4 Is Blank.
+$!
+$ IF (P4.EQS."")
+$ THEN
+$!
+$!  O.K., The User Didn't Specify A Compiler, Let's Try To
+$!  Find Out Which One To Use.
+$!
+$!  Check To See If We Have GNU C.
+$!
+$   IF (F$TRNLNM("GNU_CC").NES."")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     COMPILER = "GNUC"
+$!
+$!    Tell The User We Are Using GNUC.
+$!
+$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$!  End The GNU C Compiler Check.
+$!
+$   ENDIF
+$!
+$!  Check To See If We Have VAXC Or DECC.
+$!
+$   IF (F$GETSYI("CPU").GE.128).OR.(F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC")
+$   THEN 
+$!
+$!    Looks Like DECC, Set To Use DECC.
+$!
+$     COMPILER = "DECC"
+$!
+$!    Tell The User We Are Using DECC.
+$!
+$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Looks Like VAXC, Set To Use VAXC.
+$!
+$     COMPILER = "VAXC"
+$!
+$!    Tell The User We Are Using VAX C.
+$!
+$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$!  End The DECC & VAXC Compiler Check.
+$!
+$   ENDIF
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Check To See If The User Entered A Valid Paramter.
+$!
+$   IF (P4.EQS."VAXC").OR.(P4.EQS."DECC").OR.(P4.EQS."GNUC")!.OR.(P4.EQS."LINK")
+$   THEN
+$!
+$!    Check To See If The User Wanted To Just LINK.
+$!
+$     IF (P4.EQS."LINK")
+$     THEN
+$!
+$!      Looks Like LINK-only
+$!
+$       COMPILER = "LINK"
+$!
+$!      Tell The User We Are Only Linking.
+$!
+$       WRITE SYS$OUTPUT "LINK Only.  This actually NOT YET SUPPORTED!"
+$!
+$!    End LINK Check.
+$!
+$     ENDIF
+$!
+$!    Check To See If The User Wanted DECC.
+$!
+$     IF (P4.EQS."DECC")
+$     THEN
+$!
+$!      Looks Like DECC, Set To Use DECC.
+$!
+$       COMPILER = "DECC"
+$!
+$!      Tell The User We Are Using DECC.
+$!
+$       WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$!    End DECC Check.
+$!
+$     ENDIF
+$!
+$!    Check To See If We Are To Use VAXC.
+$!
+$     IF (P4.EQS."VAXC")
+$     THEN
+$!
+$!      Looks Like VAXC, Set To Use VAXC.
+$!
+$       COMPILER = "VAXC"
+$!
+$!      Tell The User We Are Using VAX C.
+$!
+$       WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$!    End VAXC Check
+$!
+$     ENDIF
+$!
+$!    Check To See If We Are To Use GNU C.
+$!
+$     IF (P4.EQS."GNUC")
+$     THEN
+$!
+$!      Looks Like GNUC, Set To Use GNUC.
+$!
+$       COMPILER = "GNUC"
+$!
+$!      Tell The User We Are Using GNUC.
+$!
+$       WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$!    End The GNU C Check.
+$!
+$     ENDIF
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$   ELSE
+$!
+$!    Tell The User We Don't Know What They Want.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P4," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
+$     WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
+$     WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P4 Check.
+$!
+$ ENDIF
+$!
+$! Time to check the contents of P5, and to make sure we get the correct library.
+$!
+$ IF P5.EQS."SOCKETSHR" .OR. P5.EQS."MULTINET" .OR. P5.EQS."UCX" -
+     .OR. P5.EQS."TCPIP" .OR. P5.EQS."NONE"
+$ THEN
+$!
+$!  Check to see if SOCKETSHR was chosen
+$!
+$   IF P5.EQS."SOCKETSHR"
+$   THEN
+$!
+$!    Set the library to use SOCKETSHR
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$!
+$!    Tell the user
+$!
+$     WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
+$!
+$!    Done with SOCKETSHR
+$!
+$   ENDIF
+$!
+$!  Check to see if MULTINET was chosen
+$!
+$   IF P5.EQS."MULTINET"
+$   THEN
+$!
+$!    Set the library to use UCX emulation.
+$!
+$     P5 = "UCX"
+$!
+$!    Tell the user
+$!
+$     WRITE SYS$OUTPUT "Using MultiNet via UCX emulation for TCP/IP"
+$!
+$!    Done with MULTINET
+$!
+$   ENDIF
+$!
+$!  Check to see if UCX was chosen
+$!
+$   IF P5.EQS."UCX"
+$   THEN
+$!
+$!    Set the library to use UCX.
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$!
+$!    Tell the user
+$!
+$     WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
+$!
+$!    Done with UCX
+$!
+$   ENDIF
+$!
+$!  Check to see if TCPIP was chosen
+$!
+$   IF P5.EQS."TCPIP"
+$   THEN
+$!
+$!    Set the library to use TCPIP (post UCX).
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$!
+$!    Tell the user
+$!
+$     WRITE SYS$OUTPUT "Using TCPIP (post UCX) for TCP/IP"
+$!
+$!    Done with TCPIP
+$!
+$   ENDIF
+$!
+$!  Check to see if NONE was chosen
+$!
+$   IF P5.EQS."NONE"
+$   THEN
+$!
+$!    Do not use a TCPIP library.
+$!
+$     TCPIP_LIB = ""
+$!
+$!    Tell the user
+$!
+$     WRITE SYS$OUTPUT "A specific TCPIP library will not be used."
+$!
+$!    Done with NONE.
+$!
+$   ENDIF
+$!
+$!  Set the TCPIP_TYPE symbol
+$!
+$   TCPIP_TYPE = P5
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$   IF P5 .NES. ""
+$   THEN
+$!
+$!    Tell The User We Don't Know What They Want.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P5," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
+$     WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
+$     WRITE SYS$OUTPUT "    TCPIP      :  To link with TCPIP TCP/IP (post UCX) library."
+$     WRITE SYS$OUTPUT "    NONE       :  To not link with a specific TCP/IP library."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$   ELSE
+$!
+$! If TCPIP is not defined, then hardcode it to make
+$! it clear that no TCPIP is desired.
+$!
+$     IF P5 .EQS. ""
+$     THEN
+$       TCPIP_LIB = ""
+$       TCPIP_TYPE = "NONE"
+$     ELSE
+$!
+$!    Set the TCPIP_TYPE symbol
+$!
+$       TCPIP_TYPE = P5
+$     ENDIF
+$   ENDIF
+$!
+$!  Done with TCP/IP libraries
+$!
+$ ENDIF
+$!
+$! Special Threads For OpenVMS v7.1 Or Later
+$!
+$! Written By:  Richard Levitte
+$!              richard@levitte.org
+$!
+$!
+$! Check To See If We Have A Option For P6.
+$!
+$ IF (P6.EQS."")
+$ THEN
+$!
+$!  Get The Version Of VMS We Are Using.
+$!
+$   ISSEVEN :=
+$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
+$!
+$!  Check To See If The VMS Version Is v7.1 Or Later.
+$!
+$   IF (TMP.GE.71)
+$   THEN
+$!
+$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
+$!
+$     ISSEVEN := ,PTHREAD_USE_D4
+$!
+$!  End The VMS Version Check.
+$!
+$   ENDIF
+$!
+$! End The P6 Check.
+$!
+$ ENDIF
+$!
+$!  Time To RETURN...
+$!
+$ RETURN
diff --git a/ms/.cvsignore b/ms/.cvsignore
new file mode 100644
index 0000000000..8108335b52
--- /dev/null
+++ b/ms/.cvsignore
@@ -0,0 +1,3 @@
+*.def
+*.mak
+*.out
diff --git a/ms/.rnd b/ms/.rnd
new file mode 100644
index 0000000000..0566b46dfe
--- /dev/null
+++ b/ms/.rnd
diff --git a/ms/16all.bat b/ms/16all.bat
index e57e177177..62ccf78963 100755
--- a/ms/16all.bat
+++ b/ms/16all.bat
@@ -1,10 +1,13 @@
 set OPTS=no_asm
 
 perl Configure VC-WIN16
+perl util\mkfiles.pl >MINFO
 perl util\mk1mf.pl %OPTS% debug VC-WIN16 >d16.mak
 perl util\mk1mf.pl %OPTS% VC-WIN16 >16.mak
 perl util\mk1mf.pl %OPTS% debug dll VC-WIN16 >d16dll.mak
 perl util\mk1mf.pl %OPTS% dll VC-WIN16 >16dll.mak
+perl util\mkdef.pl 16 libeay > ms\libeay32.def
+perl util\mkdef.pl 16 ssleay > ms\ssleay32.def
 
 nmake -f d16.mak
 nmake -f 16.mak
diff --git a/ms/32all.bat b/ms/32all.bat
index 088c942887..aaab9b0c9d 100755
--- a/ms/32all.bat
+++ b/ms/32all.bat
@@ -1,12 +1,20 @@
-set OPTS=no_asm
+set OPTS=no-asm
 
 perl Configure VC-WIN32
+perl util\mkfiles.pl >MINFO
 perl util\mk1mf.pl %OPTS% debug VC-WIN32 >d32.mak
 perl util\mk1mf.pl %OPTS% VC-WIN32 >32.mak
 perl util\mk1mf.pl %OPTS% debug dll VC-WIN32 >d32dll.mak
 perl util\mk1mf.pl %OPTS% dll VC-WIN32 >32dll.mak
+perl util\mkdef.pl 32 libeay > ms\libeay32.def
+perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
 
 nmake -f d32.mak
+@if errorlevel 1 goto end
 nmake -f 32.mak
+@if errorlevel 1 goto end
 nmake -f d32dll.mak
+@if errorlevel 1 goto end
 nmake -f 32dll.mak
+
+:end
diff --git a/ms/bcb4.bat b/ms/bcb4.bat
new file mode 100755
index 0000000000..71a670e794
--- /dev/null
+++ b/ms/bcb4.bat
@@ -0,0 +1,6 @@
+perl Configure BC-32

+perl util\mkfiles.pl > MINFO

+

+@rem create make file

+perl util\mk1mf.pl no-asm BC-NT > bcb.mak

+

diff --git a/ms/cipher.out b/ms/cipher.out
deleted file mode 100755
index 2c73bb7d1c..0000000000
--- a/ms/cipher.out
+++ /dev/null
@@ -1,93 +0,0 @@
-echo=off
-
-echo start testenc
-path=..\ms;%path%
-set ssleay=%1%
-set input=..\ms\testenc.bat
-set tmp1=..\ms\cipher.out
-set out1=..\ms\clear.out
-set cmp=perl ..\ms\cmp.pl
-
-call tenc.bat enc
-if errorlevel 1 goto err
-
-call tenc.bat rc4
-if errorlevel 1 goto err
-
-call tenc.bat des-cfb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede-cfb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede3-cfb
-if errorlevel 1 goto err
-
-call tenc.bat des-ofb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede-ofb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede3-ofb
-if errorlevel 1 goto err
-
-call tenc.bat des-ecb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede
-if errorlevel 1 goto err
-
-call tenc.bat des-ede3
-if errorlevel 1 goto err
-
-call tenc.bat des-cbc
-if errorlevel 1 goto err
-
-call tenc.bat des-ede-cbc
-if errorlevel 1 goto err
-
-call tenc.bat des-ede3-cbc
-if errorlevel 1 goto err
-
-call tenc.bat idea-ecb
-if errorlevel 1 goto err
-
-call tenc.bat idea-cfb
-if errorlevel 1 goto err
-
-call tenc.bat idea-ofb
-if errorlevel 1 goto err
-
-call tenc.bat idea-cbc
-if errorlevel 1 goto err
-
-call tenc.bat rc2-ecb
-if errorlevel 1 goto err
-
-call tenc.bat rc2-cfb
-if errorlevel 1 goto err
-
-call tenc.bat rc2-ofb
-if errorlevel 1 goto err
-
-call tenc.bat rc2-cbc
-if errorlevel 1 goto err
-
-call tenc.bat bf-ecb
-if errorlevel 1 goto err
-
-call tenc.bat bf-cfb
-if errorlevel 1 goto err
-
-call tenc.bat bf-ofb
-if errorlevel 1 goto err
-
-call tenc.bat bf-cbc
-if errorlevel 1 goto err
-
-echo OK
-del %out1%
-del %tmp1%
-:err
-
diff --git a/ms/clear.out b/ms/clear.out
deleted file mode 100755
index 2c73bb7d1c..0000000000
--- a/ms/clear.out
+++ /dev/null
@@ -1,93 +0,0 @@
-echo=off
-
-echo start testenc
-path=..\ms;%path%
-set ssleay=%1%
-set input=..\ms\testenc.bat
-set tmp1=..\ms\cipher.out
-set out1=..\ms\clear.out
-set cmp=perl ..\ms\cmp.pl
-
-call tenc.bat enc
-if errorlevel 1 goto err
-
-call tenc.bat rc4
-if errorlevel 1 goto err
-
-call tenc.bat des-cfb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede-cfb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede3-cfb
-if errorlevel 1 goto err
-
-call tenc.bat des-ofb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede-ofb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede3-ofb
-if errorlevel 1 goto err
-
-call tenc.bat des-ecb
-if errorlevel 1 goto err
-
-call tenc.bat des-ede
-if errorlevel 1 goto err
-
-call tenc.bat des-ede3
-if errorlevel 1 goto err
-
-call tenc.bat des-cbc
-if errorlevel 1 goto err
-
-call tenc.bat des-ede-cbc
-if errorlevel 1 goto err
-
-call tenc.bat des-ede3-cbc
-if errorlevel 1 goto err
-
-call tenc.bat idea-ecb
-if errorlevel 1 goto err
-
-call tenc.bat idea-cfb
-if errorlevel 1 goto err
-
-call tenc.bat idea-ofb
-if errorlevel 1 goto err
-
-call tenc.bat idea-cbc
-if errorlevel 1 goto err
-
-call tenc.bat rc2-ecb
-if errorlevel 1 goto err
-
-call tenc.bat rc2-cfb
-if errorlevel 1 goto err
-
-call tenc.bat rc2-ofb
-if errorlevel 1 goto err
-
-call tenc.bat rc2-cbc
-if errorlevel 1 goto err
-
-call tenc.bat bf-ecb
-if errorlevel 1 goto err
-
-call tenc.bat bf-cfb
-if errorlevel 1 goto err
-
-call tenc.bat bf-ofb
-if errorlevel 1 goto err
-
-call tenc.bat bf-cbc
-if errorlevel 1 goto err
-
-echo OK
-del %out1%
-del %tmp1%
-:err
-
diff --git a/ms/do_masm.bat b/ms/do_masm.bat
new file mode 100755
index 0000000000..f4c958c561
--- /dev/null
+++ b/ms/do_masm.bat
@@ -0,0 +1,68 @@
+@echo off

+echo Generating x86 for MASM assember

+

+echo Bignum

+cd crypto\bn\asm

+perl x86.pl win32 > bn_win32.asm

+cd ..\..\..

+

+echo DES

+cd crypto\des\asm

+perl des-586.pl win32 > d_win32.asm

+cd ..\..\..

+

+echo "crypt(3)"

+

+cd crypto\des\asm

+perl crypt586.pl win32 > y_win32.asm

+cd ..\..\..

+

+echo Blowfish

+

+cd crypto\bf\asm

+perl bf-586.pl win32 > b_win32.asm

+cd ..\..\..

+

+echo CAST5

+cd crypto\cast\asm

+perl cast-586.pl win32 > c_win32.asm

+cd ..\..\..

+

+echo RC4

+cd crypto\rc4\asm

+perl rc4-586.pl win32 > r4_win32.asm

+cd ..\..\..

+

+echo MD5

+cd crypto\md5\asm

+perl md5-586.pl win32 > m5_win32.asm

+cd ..\..\..

+

+echo SHA1

+cd crypto\sha\asm

+perl sha1-586.pl win32 > s1_win32.asm

+cd ..\..\..

+

+echo RIPEMD160

+cd crypto\ripemd\asm

+perl rmd-586.pl win32 > rm_win32.asm

+cd ..\..\..

+

+echo RC5\32

+cd crypto\rc5\asm

+perl rc5-586.pl win32 > r5_win32.asm

+cd ..\..\..

+

+echo on

+

+perl util\mkfiles.pl >MINFO

+rem perl util\mk1mf.pl VC-MSDOS no-sock >ms\msdos.mak

+rem perl util\mk1mf.pl VC-W31-32 >ms\w31.mak

+perl util\mk1mf.pl dll VC-W31-32 >ms\w31dll.mak

+perl util\mk1mf.pl VC-WIN32 >ms\nt.mak

+perl util\mk1mf.pl dll VC-WIN32 >ms\ntdll.mak

+

+perl util\mkdef.pl 16 libeay > ms\libeay16.def

+perl util\mkdef.pl 32 libeay > ms\libeay32.def

+perl util\mkdef.pl 16 ssleay > ms\ssleay16.def

+perl util\mkdef.pl 32 ssleay > ms\ssleay32.def

diff --git a/ms/do_ms.bat b/ms/do_ms.bat
index 673d706a1a..a8cf515bac 100755
--- a/ms/do_ms.bat
+++ b/ms/do_ms.bat
@@ -1,11 +1,14 @@
-
-rem perl util\mk1mf.pl VC-MSDOS no-sock >ms\msdos.mak
-rem perl util\mk1mf.pl VC-W31-32 >ms\w31.mak
-perl util\mk1mf.pl VC-W31-32 dll >ms\w31dll.mak
-rem perl util\mk1mf.pl VC-WIN32 >ms\nt.mak
-perl util\mk1mf.pl VC-WIN32 dll >ms\ntdll.mak
-
-perl util\mkdef.pl 16 libeay > ms\libeay16.def
-perl util\mkdef.pl 32 libeay > ms\libeay32.def
-perl util\mkdef.pl 16 ssleay > ms\ssleay16.def
-perl util\mkdef.pl 32 ssleay > ms\ssleay32.def
+

+perl util\mkfiles.pl >MINFO

+rem perl util\mk1mf.pl VC-MSDOS no-sock >ms\msdos.mak

+rem perl util\mk1mf.pl VC-W31-32 >ms\w31.mak

+perl util\mk1mf.pl dll VC-W31-32 >ms\w31dll.mak

+perl util\mk1mf.pl no-asm VC-WIN32 >ms\nt.mak

+perl util\mk1mf.pl dll no-asm VC-WIN32 >ms\ntdll.mak

+perl util\mk1mf.pl no-asm VC-CE >ms\ce.mak

+perl util\mk1mf.pl dll no-asm VC-CE >ms\cedll.mak

+

+perl util\mkdef.pl 16 libeay > ms\libeay16.def

+perl util\mkdef.pl 32 libeay > ms\libeay32.def

+perl util\mkdef.pl 16 ssleay > ms\ssleay16.def

+perl util\mkdef.pl 32 ssleay > ms\ssleay32.def

diff --git a/ms/do_nasm.bat b/ms/do_nasm.bat
new file mode 100755
index 0000000000..557f8a66d7
--- /dev/null
+++ b/ms/do_nasm.bat
@@ -0,0 +1,70 @@
+

+@echo off

+echo Generating x86 for NASM assember

+

+echo Bignum

+cd crypto\bn\asm

+perl x86.pl win32n > bn_win32.asm

+cd ..\..\..

+

+echo DES

+cd crypto\des\asm

+perl des-586.pl win32n > d_win32.asm

+cd ..\..\..

+

+echo "crypt(3)"

+

+cd crypto\des\asm

+perl crypt586.pl win32n > y_win32.asm

+cd ..\..\..

+

+echo Blowfish

+

+cd crypto\bf\asm

+perl bf-586.pl win32n > b_win32.asm

+cd ..\..\..

+

+echo CAST5

+cd crypto\cast\asm

+perl cast-586.pl win32n > c_win32.asm

+cd ..\..\..

+

+echo RC4

+cd crypto\rc4\asm

+perl rc4-586.pl win32n > r4_win32.asm

+cd ..\..\..

+

+echo MD5

+cd crypto\md5\asm

+perl md5-586.pl win32n > m5_win32.asm

+cd ..\..\..

+

+echo SHA1

+cd crypto\sha\asm

+perl sha1-586.pl win32n > s1_win32.asm

+cd ..\..\..

+

+echo RIPEMD160

+cd crypto\ripemd\asm

+perl rmd-586.pl win32n > rm_win32.asm

+cd ..\..\..

+

+echo RC5\32

+cd crypto\rc5\asm

+perl rc5-586.pl win32n > r5_win32.asm

+cd ..\..\..

+

+echo on

+

+perl util\mkfiles.pl >MINFO

+rem perl util\mk1mf.pl VC-MSDOS no-sock >ms\msdos.mak

+rem perl util\mk1mf.pl VC-W31-32 >ms\w31.mak

+perl util\mk1mf.pl dll VC-W31-32 >ms\w31dll.mak

+perl util\mk1mf.pl nasm VC-WIN32 >ms\nt.mak

+perl util\mk1mf.pl dll nasm VC-WIN32 >ms\ntdll.mak

+perl util\mk1mf.pl nasm BC-NT >ms\bcb.mak

+

+perl util\mkdef.pl 16 libeay > ms\libeay16.def

+perl util\mkdef.pl 32 libeay > ms\libeay32.def

+perl util\mkdef.pl 16 ssleay > ms\ssleay16.def

+perl util\mkdef.pl 32 ssleay > ms\ssleay32.def

diff --git a/ms/do_nt.bat b/ms/do_nt.bat
new file mode 100755
index 0000000000..9c06c27caa
--- /dev/null
+++ b/ms/do_nt.bat
@@ -0,0 +1,7 @@
+

+perl util\mkfiles.pl >MINFO

+perl util\mk1mf.pl no-asm VC-NT >ms\nt.mak

+perl util\mk1mf.pl dll no-asm VC-NT >ms\ntdll.mak

+

+perl util\mkdef.pl libeay NT > ms\libeay32.def

+perl util\mkdef.pl ssleay NT > ms\ssleay32.def

diff --git a/ms/f.bat b/ms/f.bat
deleted file mode 100755
index b365924972..0000000000
--- a/ms/f.bat
+++ /dev/null
@@ -1,2 +0,0 @@
-echo %%

-

diff --git a/ms/libeay16.def b/ms/libeay16.def
deleted file mode 100644
index 51cf7644ec..0000000000
--- a/ms/libeay16.def
+++ /dev/null
@@ -1,1060 +0,0 @@
-;
-; Definition file for the DDL version of the LIBEAY16 library from SSLeay
-;
-
-LIBRARY         LIBEAY16
-
-DESCRIPTION     'SSLeay LIBEAY16 - eay@cryptsoft.com'
-
-CODE            PRELOAD MOVEABLE
-DATA            PRELOAD MOVEABLE SINGLE
-
-EXETYPE		WINDOWS
-
-HEAPSIZE	4096
-STACKSIZE	8192
-
-EXPORTS
-    _SSLeay                             @1
-    _SSLeay_add_all_algorithms          @508
-    _SSLeay_add_all_ciphers             @509
-    _SSLeay_add_all_digests             @510
-    _SSLeay_version                     @2
-    _ASN1_BIT_STRING_asn1_meth          @3
-    _ASN1_BIT_STRING_get_bit            @1060
-    _ASN1_BIT_STRING_set_bit            @1061
-    _ASN1_HEADER_free                   @4
-    _ASN1_HEADER_new                    @5
-    _ASN1_IA5STRING_asn1_meth           @6
-    _ASN1_INTEGER_get                   @7
-    _ASN1_INTEGER_set                   @8
-    _ASN1_INTEGER_to_BN                 @9
-    _ASN1_OBJECT_create                 @10
-    _ASN1_OBJECT_free                   @11
-    _ASN1_OBJECT_new                    @12
-    _ASN1_PRINTABLE_type                @13
-    _ASN1_STRING_cmp                    @14
-    _ASN1_STRING_dup                    @15
-    _ASN1_STRING_free                   @16
-    _ASN1_STRING_new                    @17
-    _ASN1_STRING_print                  @18
-    _ASN1_STRING_set                    @19
-    _ASN1_STRING_type_new               @20
-    _ASN1_TYPE_free                     @21
-    _ASN1_TYPE_get                      @916
-    _ASN1_TYPE_get_int_octetstring      @1076
-    _ASN1_TYPE_get_octetstring          @1077
-    _ASN1_TYPE_new                      @22
-    _ASN1_TYPE_set                      @917
-    _ASN1_TYPE_set_int_octetstring      @1078
-    _ASN1_TYPE_set_octetstring          @1079
-    _ASN1_UNIVERSALSTRING_to_string     @23
-    _ASN1_UTCTIME_check                 @24
-    _ASN1_UTCTIME_print                 @25
-    _ASN1_UTCTIME_set                   @26
-    _ASN1_UTCTIME_set_string            @1080
-    _ASN1_check_infinite_end            @27
-    _ASN1_d2i_bio                       @28
-    _ASN1_digest                        @30
-    _ASN1_dup                           @31
-    _ASN1_get_object                    @32
-    _ASN1_i2d_bio                       @33
-    _ASN1_object_size                   @35
-    _ASN1_parse                         @36
-    _ASN1_put_object                    @37
-    _ASN1_sign                          @38
-    _ASN1_verify                        @39
-    _BF_cbc_encrypt                     @40
-    _BF_cfb64_encrypt                   @41
-    _BF_decrypt                         @987
-    _BF_ecb_encrypt                     @42
-    _BF_encrypt                         @43
-    _BF_ofb64_encrypt                   @44
-    _BF_options                         @45
-    _BF_set_key                         @46
-    _BIO_accept                         @51
-    _BIO_copy_next_retry                @955
-    _BIO_ctrl                           @52
-    _BIO_debug_callback                 @54
-    _BIO_dump                           @55
-    _BIO_dup_chain                      @56
-    _BIO_f_base64                       @57
-    _BIO_f_buffer                       @58
-    _BIO_f_cipher                       @59
-    _BIO_f_md                           @60
-    _BIO_f_nbio_test                    @915
-    _BIO_f_null                         @61
-    _BIO_f_proxy_server                 @62
-    _BIO_fd_non_fatal_error             @63
-    _BIO_fd_should_retry                @64
-    _BIO_find_type                      @65
-    _BIO_free                           @66
-    _BIO_free_all                       @67
-    _BIO_get_accept_socket              @69
-    _BIO_get_filter_bio                 @70
-    _BIO_get_host_ip                    @71
-    _BIO_get_port                       @72
-    _BIO_get_retry_BIO                  @73
-    _BIO_get_retry_reason               @74
-    _BIO_gethostbyname                  @75
-    _BIO_gets                           @76
-    _BIO_ghbn_ctrl                      @1003
-    _BIO_int_ctrl                       @53
-    _BIO_new                            @78
-    _BIO_new_accept                     @79
-    _BIO_new_connect                    @80
-    _BIO_new_fd                         @81
-    _BIO_new_socket                     @84
-    _BIO_new_socks4a_connect            @1110
-    _BIO_pop                            @85
-    _BIO_printf                         @86
-    _BIO_ptr_ctrl                       @969
-    _BIO_push                           @87
-    _BIO_puts                           @88
-    _BIO_read                           @89
-    _BIO_s_accept                       @90
-    _BIO_s_connect                      @91
-    _BIO_s_fd                           @92
-    _BIO_s_mem                          @95
-    _BIO_s_null                         @96
-    _BIO_s_proxy_client                 @97
-    _BIO_s_socket                       @98
-    _BIO_s_socks4a_connect              @1111
-    _BIO_set                            @100
-    _BIO_set_cipher                     @101
-    _BIO_set_tcp_ndelay                 @102
-    _BIO_sock_cleanup                   @103
-    _BIO_sock_error                     @104
-    _BIO_sock_init                      @105
-    _BIO_sock_non_fatal_error           @106
-    _BIO_sock_should_retry              @107
-    _BIO_socket_ioctl                   @108
-    _BIO_socket_nbio                    @1102
-    _BIO_write                          @109
-    _BN_BLINDING_convert                @973
-    _BN_BLINDING_free                   @981
-    _BN_BLINDING_invert                 @974
-    _BN_BLINDING_new                    @980
-    _BN_BLINDING_update                 @975
-    _BN_CTX_free                        @110
-    _BN_CTX_init                        @1135
-    _BN_CTX_new                         @111
-    _BN_MONT_CTX_free                   @112
-    _BN_MONT_CTX_init                   @1136
-    _BN_MONT_CTX_new                    @113
-    _BN_MONT_CTX_set                    @114
-    _BN_RECP_CTX_free                   @1130
-    _BN_RECP_CTX_init                   @1128
-    _BN_RECP_CTX_new                    @1129
-    _BN_RECP_CTX_set                    @1131
-    _BN_add                             @115
-    _BN_add_word                        @116
-    _BN_bin2bn                          @118
-    _BN_bn2bin                          @120
-    _BN_bn2dec                          @1002
-    _BN_bn2hex                          @119
-    _BN_bn2mpi                          @1058
-    _BN_clear                           @121
-    _BN_clear_bit                       @122
-    _BN_clear_free                      @123
-    _BN_cmp                             @124
-    _BN_copy                            @125
-    _BN_dec2bn                          @1001
-    _BN_div                             @126
-    _BN_div_recp                        @1134
-    _BN_div_word                        @127
-    _BN_dup                             @128
-    _BN_exp                             @998
-    _BN_free                            @129
-    _BN_from_montgomery                 @130
-    _BN_gcd                             @131
-    _BN_generate_prime                  @132
-    _BN_get_word                        @133
-    _BN_hex2bn                          @117
-    _BN_init                            @1095
-    _BN_is_bit_set                      @134
-    _BN_is_prime                        @135
-    _BN_lshift                          @136
-    _BN_lshift1                         @137
-    _BN_mask_bits                       @138
-    _BN_mod                             @139
-    _BN_mod_exp                         @140
-    _BN_mod_exp_mont                    @141
-    _BN_mod_exp_recp                    @1133
-    _BN_mod_exp_simple                  @143
-    _BN_mod_inverse                     @144
-    _BN_mod_mul                         @145
-    _BN_mod_mul_montgomery              @146
-    _BN_mod_mul_reciprocal              @1132
-    _BN_mod_word                        @148
-    _BN_mpi2bn                          @1059
-    _BN_mul                             @149
-    _BN_mul_word                        @999
-    _BN_new                             @150
-    _BN_num_bits                        @151
-    _BN_num_bits_word                   @152
-    _BN_options                         @153
-    _BN_print                           @154
-    _BN_rand                            @156
-    _BN_reciprocal                      @157
-    _BN_rshift                          @158
-    _BN_rshift1                         @159
-    _BN_set_bit                         @160
-    _BN_set_word                        @161
-    _BN_sqr                             @162
-    _BN_sub                             @163
-    _BN_sub_word                        @1000
-    _BN_to_ASN1_INTEGER                 @164
-    _BN_uadd                            @708
-    _BN_ucmp                            @165
-    _BN_usub                            @709
-    _BN_value_one                       @166
-    _BUF_MEM_free                       @167
-    _BUF_MEM_grow                       @168
-    _BUF_MEM_new                        @169
-    _BUF_strdup                         @170
-    _CAST_cbc_encrypt                   @992
-    _CAST_cfb64_encrypt                 @993
-    _CAST_decrypt                       @990
-    _CAST_ecb_encrypt                   @991
-    _CAST_encrypt                       @989
-    _CAST_ofb64_encrypt                 @994
-    _CAST_set_key                       @988
-    _COMP_CTX_free                      @1097
-    _COMP_CTX_new                       @1096
-    _COMP_compress_block                @1144
-    _COMP_expand_block                  @1145
-    _COMP_rle                           @1146
-    _COMP_zlib                          @1147
-    _CONF_free                          @171
-    _CONF_get_number                    @172
-    _CONF_get_section                   @173
-    _CONF_get_string                    @174
-    _CONF_load                          @175
-    _CRYPTO_add_lock                    @176
-    _CRYPTO_dbg_free                    @177
-    _CRYPTO_dbg_malloc                  @178
-    _CRYPTO_dbg_realloc                 @179
-    _CRYPTO_dbg_remalloc                @180
-    _CRYPTO_dup_ex_data                 @1025
-    _CRYPTO_free                        @181
-    _CRYPTO_free_ex_data                @1004
-    _CRYPTO_get_add_lock_callback       @182
-    _CRYPTO_get_ex_data                 @1005
-    _CRYPTO_get_ex_new_index            @1041
-    _CRYPTO_get_id_callback             @183
-    _CRYPTO_get_lock_name               @184
-    _CRYPTO_get_locking_callback        @185
-    _CRYPTO_get_mem_functions           @186
-    _CRYPTO_get_new_lockid              @1026
-    _CRYPTO_lock                        @187
-    _CRYPTO_malloc                      @188
-    _CRYPTO_mem_ctrl                    @189
-    _CRYPTO_mem_leaks                   @190
-    _CRYPTO_mem_leaks_cb                @191
-    _CRYPTO_new_ex_data                 @1027
-    _CRYPTO_realloc                     @193
-    _CRYPTO_remalloc                    @194
-    _CRYPTO_set_add_lock_callback       @195
-    _CRYPTO_set_ex_data                 @1007
-    _CRYPTO_set_id_callback             @196
-    _CRYPTO_set_locking_callback        @197
-    _CRYPTO_set_mem_functions           @198
-    _CRYPTO_thread_id                   @199
-    _DH_check                           @200
-    _DH_compute_key                     @201
-    _DH_free                            @202
-    _DH_generate_key                    @203
-    _DH_generate_parameters             @204
-    _DH_new                             @205
-    _DH_size                            @206
-    _DHparams_print                     @207
-    _DSA_free                           @209
-    _DSA_generate_key                   @210
-    _DSA_generate_parameters            @211
-    _DSA_is_prime                       @212
-    _DSA_new                            @213
-    _DSA_print                          @214
-    _DSA_sign                           @216
-    _DSA_sign_setup                     @217
-    _DSA_size                           @218
-    _DSA_verify                         @219
-    _DSAparams_print                    @220
-    _ERR_add_error_data                 @1081
-    _ERR_clear_error                    @222
-    _ERR_error_string                   @223
-    _ERR_free_strings                   @224
-    _ERR_func_error_string              @225
-    _ERR_get_err_state_table            @226
-    _ERR_get_error                      @227
-    _ERR_get_error_line                 @228
-    _ERR_get_next_error_library         @966
-    _ERR_get_state                      @229
-    _ERR_get_string_table               @230
-    _ERR_lib_error_string               @231
-    _ERR_load_ASN1_strings              @232
-    _ERR_load_BIO_strings               @233
-    _ERR_load_BN_strings                @234
-    _ERR_load_BUF_strings               @235
-    _ERR_load_CONF_strings              @236
-    _ERR_load_CRYPTOlib_strings         @1009
-    _ERR_load_DH_strings                @237
-    _ERR_load_DSA_strings               @238
-    _ERR_load_ERR_strings               @239
-    _ERR_load_EVP_strings               @240
-    _ERR_load_OBJ_strings               @241
-    _ERR_load_PEM_strings               @242
-    _ERR_load_PKCS7_strings             @919
-    _ERR_load_PROXY_strings             @243
-    _ERR_load_RSA_strings               @244
-    _ERR_load_X509_strings              @245
-    _ERR_load_crypto_strings            @246
-    _ERR_load_strings                   @247
-    _ERR_peek_error                     @248
-    _ERR_peek_error_line                @249
-    _ERR_print_errors                   @250
-    _ERR_put_error                      @252
-    _ERR_reason_error_string            @253
-    _ERR_remove_state                   @254
-    _ERR_set_error_data                 @1082
-    _EVP_BytesToKey                     @255
-    _EVP_CIPHER_CTX_cleanup             @256
-    _EVP_CIPHER_CTX_init                @961
-    _EVP_CIPHER_asn1_to_param           @1083
-    _EVP_CIPHER_get_asn1_iv             @1085
-    _EVP_CIPHER_param_to_asn1           @1084
-    _EVP_CIPHER_set_asn1_iv             @1086
-    _EVP_CipherFinal                    @257
-    _EVP_CipherInit                     @258
-    _EVP_CipherUpdate                   @259
-    _EVP_DecodeBlock                    @260
-    _EVP_DecodeFinal                    @261
-    _EVP_DecodeInit                     @262
-    _EVP_DecodeUpdate                   @263
-    _EVP_DecryptFinal                   @264
-    _EVP_DecryptInit                    @265
-    _EVP_DecryptUpdate                  @266
-    _EVP_DigestFinal                    @267
-    _EVP_DigestInit                     @268
-    _EVP_DigestUpdate                   @269
-    _EVP_EncodeBlock                    @270
-    _EVP_EncodeFinal                    @271
-    _EVP_EncodeInit                     @272
-    _EVP_EncodeUpdate                   @273
-    _EVP_EncryptFinal                   @274
-    _EVP_EncryptInit                    @275
-    _EVP_EncryptUpdate                  @276
-    _EVP_OpenFinal                      @277
-    _EVP_OpenInit                       @278
-    _EVP_PKEY_assign                    @279
-    _EVP_PKEY_bits                      @1010
-    _EVP_PKEY_cmp_parameters            @967
-    _EVP_PKEY_copy_parameters           @280
-    _EVP_PKEY_decrypt                   @1070
-    _EVP_PKEY_encrypt                   @1071
-    _EVP_PKEY_free                      @281
-    _EVP_PKEY_missing_parameters        @282
-    _EVP_PKEY_new                       @283
-    _EVP_PKEY_save_parameters           @284
-    _EVP_PKEY_size                      @285
-    _EVP_PKEY_type                      @286
-    _EVP_SealFinal                      @287
-    _EVP_SealInit                       @288
-    _EVP_SignFinal                      @289
-    _EVP_VerifyFinal                    @290
-    _EVP_add_cipher                     @292
-    _EVP_add_digest                     @293
-    _EVP_bf_cbc                         @294
-    _EVP_bf_cfb                         @295
-    _EVP_bf_ecb                         @296
-    _EVP_bf_ofb                         @297
-    _EVP_cast5_cbc                      @983
-    _EVP_cast5_cfb                      @984
-    _EVP_cast5_ecb                      @985
-    _EVP_cast5_ofb                      @986
-    _EVP_cleanup                        @298
-    _EVP_des_cbc                        @299
-    _EVP_des_cfb                        @300
-    _EVP_des_ecb                        @301
-    _EVP_des_ede                        @302
-    _EVP_des_ede3                       @303
-    _EVP_des_ede3_cbc                   @304
-    _EVP_des_ede3_cfb                   @305
-    _EVP_des_ede3_ofb                   @306
-    _EVP_des_ede_cbc                    @307
-    _EVP_des_ede_cfb                    @308
-    _EVP_des_ede_ofb                    @309
-    _EVP_des_ofb                        @310
-    _EVP_desx_cbc                       @311
-    _EVP_dss                            @312
-    _EVP_dss1                           @313
-    _EVP_enc_null                       @314
-    _EVP_get_cipherbyname               @315
-    _EVP_get_digestbyname               @316
-    _EVP_get_pw_prompt                  @317
-    _EVP_idea_cbc                       @318
-    _EVP_idea_cfb                       @319
-    _EVP_idea_ecb                       @320
-    _EVP_idea_ofb                       @321
-    _EVP_md2                            @322
-    _EVP_md5                            @323
-    _EVP_md_null                        @324
-    _EVP_mdc2                           @942
-    _EVP_rc2_40_cbc                     @959
-    _EVP_rc2_64_cbc                     @1103
-    _EVP_rc2_cbc                        @325
-    _EVP_rc2_cfb                        @326
-    _EVP_rc2_ecb                        @327
-    _EVP_rc2_ofb                        @328
-    _EVP_rc4                            @329
-    _EVP_rc4_40                         @960
-    _EVP_rc5_32_12_16_cbc               @1087
-    _EVP_rc5_32_12_16_cfb               @1088
-    _EVP_rc5_32_12_16_ecb               @1089
-    _EVP_rc5_32_12_16_ofb               @1090
-    _EVP_read_pw_string                 @330
-    _EVP_set_pw_prompt                  @331
-    _EVP_sha                            @332
-    _EVP_sha1                           @333
-    _HMAC                               @962
-    _HMAC_Final                         @965
-    _HMAC_Init                          @963
-    _HMAC_Update                        @964
-    _HMAC_cleanup                       @968
-    _MD2                                @334
-    _MD2_Final                          @335
-    _MD2_Init                           @336
-    _MD2_Update                         @337
-    _MD2_options                        @338
-    _MD5                                @339
-    _MD5_Final                          @340
-    _MD5_Init                           @341
-    _MD5_Transform                      @1011
-    _MD5_Update                         @342
-    _MDC2                               @343
-    _MDC2_Final                         @344
-    _MDC2_Init                          @345
-    _MDC2_Update                        @346
-    _NETSCAPE_SPKAC_free                @347
-    _NETSCAPE_SPKAC_new                 @348
-    _NETSCAPE_SPKI_free                 @349
-    _NETSCAPE_SPKI_new                  @350
-    _NETSCAPE_SPKI_sign                 @351
-    _NETSCAPE_SPKI_verify               @352
-    _OBJ_NAME_add                       @1101
-    _OBJ_NAME_cleanup                   @1104
-    _OBJ_NAME_get                       @1105
-    _OBJ_NAME_init                      @1106
-    _OBJ_NAME_new_index                 @1107
-    _OBJ_NAME_remove                    @1108
-    _OBJ_add_object                     @353
-    _OBJ_bsearch                        @354
-    _OBJ_cleanup                        @355
-    _OBJ_cmp                            @356
-    _OBJ_create                         @357
-    _OBJ_create_objects                 @997
-    _OBJ_dup                            @358
-    _OBJ_ln2nid                         @359
-    _OBJ_new_nid                        @360
-    _OBJ_nid2ln                         @361
-    _OBJ_nid2obj                        @362
-    _OBJ_nid2sn                         @363
-    _OBJ_obj2nid                        @364
-    _OBJ_sn2nid                         @365
-    _OBJ_txt2nid                        @366
-    _PEM_ASN1_read_bio                  @368
-    _PEM_ASN1_write_bio                 @370
-    _PEM_SealFinal                      @371
-    _PEM_SealInit                       @372
-    _PEM_SealUpdate                     @373
-    _PEM_SignFinal                      @374
-    _PEM_X509_INFO_read_bio             @378
-    _PEM_X509_INFO_write_bio            @379
-    _PEM_dek_info                       @380
-    _PEM_do_header                      @381
-    _PEM_get_EVP_CIPHER_INFO            @382
-    _PEM_proc_type                      @383
-    _PEM_read_bio                       @394
-    _PEM_read_bio_DHparams              @395
-    _PEM_read_bio_DSAPrivateKey         @396
-    _PEM_read_bio_DSAparams             @397
-    _PEM_read_bio_PKCS7                 @398
-    _PEM_read_bio_PrivateKey            @399
-    _PEM_read_bio_RSAPrivateKey         @400
-    _PEM_read_bio_RSAPublicKey          @943
-    _PEM_read_bio_X509                  @401
-    _PEM_read_bio_X509_CRL              @402
-    _PEM_read_bio_X509_REQ              @403
-    _PEM_write_bio                      @414
-    _PEM_write_bio_DHparams             @415
-    _PEM_write_bio_DSAPrivateKey        @416
-    _PEM_write_bio_DSAparams            @417
-    _PEM_write_bio_PKCS7                @418
-    _PEM_write_bio_PrivateKey           @419
-    _PEM_write_bio_RSAPrivateKey        @420
-    _PEM_write_bio_RSAPublicKey         @944
-    _PEM_write_bio_X509                 @421
-    _PEM_write_bio_X509_CRL             @422
-    _PEM_write_bio_X509_REQ             @423
-    _PKCS7_DIGEST_free                  @424
-    _PKCS7_DIGEST_new                   @425
-    _PKCS7_ENCRYPT_free                 @426
-    _PKCS7_ENCRYPT_new                  @427
-    _PKCS7_ENC_CONTENT_free             @428
-    _PKCS7_ENC_CONTENT_new              @429
-    _PKCS7_ENVELOPE_free                @430
-    _PKCS7_ENVELOPE_new                 @431
-    _PKCS7_ISSUER_AND_SERIAL_digest     @432
-    _PKCS7_ISSUER_AND_SERIAL_free       @433
-    _PKCS7_ISSUER_AND_SERIAL_new        @434
-    _PKCS7_RECIP_INFO_free              @435
-    _PKCS7_RECIP_INFO_new               @436
-    _PKCS7_RECIP_INFO_set               @1072
-    _PKCS7_SIGNED_free                  @437
-    _PKCS7_SIGNED_new                   @438
-    _PKCS7_SIGNER_INFO_free             @439
-    _PKCS7_SIGNER_INFO_new              @440
-    _PKCS7_SIGNER_INFO_set              @930
-    _PKCS7_SIGN_ENVELOPE_free           @441
-    _PKCS7_SIGN_ENVELOPE_new            @442
-    _PKCS7_add_attribute                @1138
-    _PKCS7_add_certificate              @932
-    _PKCS7_add_crl                      @933
-    _PKCS7_add_recipient                @1073
-    _PKCS7_add_recipient_info           @1074
-    _PKCS7_add_signature                @938
-    _PKCS7_add_signed_attribute         @1139
-    _PKCS7_add_signer                   @931
-    _PKCS7_cert_from_signer_info        @939
-    _PKCS7_content_free                 @918
-    _PKCS7_content_new                  @934
-    _PKCS7_ctrl                         @927
-    _PKCS7_dataInit                     @937
-    _PKCS7_dataVerify                   @936
-    _PKCS7_digest_from_attributes       @1140
-    _PKCS7_dup                          @443
-    _PKCS7_free                         @444
-    _PKCS7_get_attribute                @1141
-    _PKCS7_get_issuer_and_serial        @1142
-    _PKCS7_get_signed_attribute         @1143
-    _PKCS7_get_signer_info              @940
-    _PKCS7_new                          @445
-    _PKCS7_set_cipher                   @1075
-    _PKCS7_set_content                  @929
-    _PKCS7_set_type                     @928
-    _PROXY_ENTRY_add_noproxy            @446
-    _PROXY_ENTRY_clear_noproxy          @447
-    _PROXY_ENTRY_free                   @448
-    _PROXY_ENTRY_get_noproxy            @449
-    _PROXY_ENTRY_new                    @450
-    _PROXY_ENTRY_set_server             @451
-    _PROXY_add_noproxy                  @452
-    _PROXY_add_server                   @453
-    _PROXY_check_by_host                @454
-    _PROXY_check_url                    @455
-    _PROXY_clear_noproxy                @456
-    _PROXY_free                         @457
-    _PROXY_get_noproxy                  @458
-    _PROXY_get_proxies                  @459
-    _PROXY_get_proxy_entry              @460
-    _PROXY_load_conf                    @461
-    _PROXY_new                          @462
-    _PROXY_print                        @463
-    _RAND_SSLeay                        @1113
-    _RAND_bytes                         @464
-    _RAND_cleanup                       @465
-    _RAND_file_name                     @466
-    _RAND_get_rand_method               @1137
-    _RAND_load_file                     @467
-    _RAND_screen                        @468
-    _RAND_seed                          @469
-    _RAND_set_rand_method               @1114
-    _RAND_write_file                    @470
-    _RC2_cbc_encrypt                    @471
-    _RC2_cfb64_encrypt                  @472
-    _RC2_decrypt                        @995
-    _RC2_ecb_encrypt                    @473
-    _RC2_encrypt                        @474
-    _RC2_ofb64_encrypt                  @475
-    _RC2_set_key                        @476
-    _RC4                                @477
-    _RC4_options                        @478
-    _RC4_set_key                        @479
-    _RC5_32_cbc_encrypt                 @1051
-    _RC5_32_cfb64_encrypt               @1052
-    _RC5_32_decrypt                     @1050
-    _RC5_32_ecb_encrypt                 @1048
-    _RC5_32_encrypt                     @1049
-    _RC5_32_ofb64_encrypt               @1053
-    _RC5_32_set_key                     @1047
-    _RIPEMD160                          @1045
-    _RIPEMD160_Final                    @1044
-    _RIPEMD160_Init                     @1042
-    _RIPEMD160_Transform                @1046
-    _RIPEMD160_Update                   @1043
-    _RSAPrivateKey_asn1_meth            @480
-    _RSAPrivateKey_dup                  @481
-    _RSAPublicKey_dup                   @482
-    _RSA_PKCS1_SSLeay                   @483
-    _RSA_blinding_off                   @978
-    _RSA_blinding_on                    @977
-    _RSA_flags                          @956
-    _RSA_free                           @484
-    _RSA_generate_key                   @485
-    _RSA_get_ex_data                    @1029
-    _RSA_get_ex_new_index               @1030
-    _RSA_memory_lock                    @1115
-    _RSA_new                            @486
-    _RSA_new_method                     @487
-    _RSA_padding_add_PKCS1_type_1       @1031
-    _RSA_padding_add_PKCS1_type_2       @1032
-    _RSA_padding_add_SSLv23             @1033
-    _RSA_padding_add_none               @1034
-    _RSA_padding_check_PKCS1_type_1     @1035
-    _RSA_padding_check_PKCS1_type_2     @1036
-    _RSA_padding_check_SSLv23           @1037
-    _RSA_padding_check_none             @1038
-    _RSA_print                          @488
-    _RSA_private_decrypt                @490
-    _RSA_private_encrypt                @491
-    _RSA_public_decrypt                 @492
-    _RSA_public_encrypt                 @493
-    _RSA_set_default_method             @494
-    _RSA_set_ex_data                    @1028
-    _RSA_sign                           @495
-    _RSA_sign_ASN1_OCTET_STRING         @496
-    _RSA_size                           @497
-    _RSA_verify                         @498
-    _RSA_verify_ASN1_OCTET_STRING       @499
-    _SHA                                @500
-    _SHA1                               @501
-    _SHA1_Final                         @502
-    _SHA1_Init                          @503
-    _SHA1_Transform                     @1012
-    _SHA1_Update                        @504
-    _SHA_Final                          @505
-    _SHA_Init                           @506
-    _SHA_Transform                      @1013
-    _SHA_Update                         @507
-    _TXT_DB_create_index                @511
-    _TXT_DB_free                        @512
-    _TXT_DB_get_by_index                @513
-    _TXT_DB_insert                      @514
-    _TXT_DB_read                        @515
-    _TXT_DB_write                       @516
-    _X509_ALGOR_free                    @517
-    _X509_ALGOR_new                     @518
-    _X509_ATTRIBUTE_free                @519
-    _X509_ATTRIBUTE_new                 @520
-    _X509_CINF_free                     @521
-    _X509_CINF_new                      @522
-    _X509_CRL_INFO_free                 @523
-    _X509_CRL_INFO_new                  @524
-    _X509_CRL_add_ext                   @525
-    _X509_CRL_cmp                       @526
-    _X509_CRL_delete_ext                @527
-    _X509_CRL_dup                       @528
-    _X509_CRL_free                      @529
-    _X509_CRL_get_ext                   @530
-    _X509_CRL_get_ext_by_NID            @531
-    _X509_CRL_get_ext_by_OBJ            @532
-    _X509_CRL_get_ext_by_critical       @533
-    _X509_CRL_get_ext_count             @534
-    _X509_CRL_new                       @535
-    _X509_CRL_sign                      @536
-    _X509_CRL_verify                    @537
-    _X509_EXTENSION_create_by_NID       @538
-    _X509_EXTENSION_create_by_OBJ       @539
-    _X509_EXTENSION_dup                 @540
-    _X509_EXTENSION_free                @541
-    _X509_EXTENSION_get_critical        @542
-    _X509_EXTENSION_get_data            @543
-    _X509_EXTENSION_get_object          @544
-    _X509_EXTENSION_new                 @545
-    _X509_EXTENSION_set_critical        @546
-    _X509_EXTENSION_set_data            @547
-    _X509_EXTENSION_set_object          @548
-    _X509_INFO_free                     @549
-    _X509_INFO_new                      @550
-    _X509_LOOKUP_by_alias               @551
-    _X509_LOOKUP_by_fingerprint         @552
-    _X509_LOOKUP_by_issuer_serial       @553
-    _X509_LOOKUP_by_subject             @554
-    _X509_LOOKUP_ctrl                   @555
-    _X509_LOOKUP_file                   @556
-    _X509_LOOKUP_free                   @557
-    _X509_LOOKUP_hash_dir               @558
-    _X509_LOOKUP_init                   @559
-    _X509_LOOKUP_new                    @560
-    _X509_LOOKUP_shutdown               @561
-    _X509_NAME_ENTRY_create_by_NID      @562
-    _X509_NAME_ENTRY_create_by_OBJ      @563
-    _X509_NAME_ENTRY_dup                @564
-    _X509_NAME_ENTRY_free               @565
-    _X509_NAME_ENTRY_get_data           @566
-    _X509_NAME_ENTRY_get_object         @567
-    _X509_NAME_ENTRY_new                @568
-    _X509_NAME_ENTRY_set_data           @569
-    _X509_NAME_ENTRY_set_object         @570
-    _X509_NAME_add_entry                @571
-    _X509_NAME_cmp                      @572
-    _X509_NAME_delete_entry             @573
-    _X509_NAME_digest                   @574
-    _X509_NAME_dup                      @575
-    _X509_NAME_entry_count              @576
-    _X509_NAME_free                     @577
-    _X509_NAME_get_entry                @578
-    _X509_NAME_get_index_by_NID         @579
-    _X509_NAME_get_index_by_OBJ         @580
-    _X509_NAME_get_text_by_NID          @581
-    _X509_NAME_get_text_by_OBJ          @582
-    _X509_NAME_hash                     @583
-    _X509_NAME_new                      @584
-    _X509_NAME_oneline                  @585
-    _X509_NAME_print                    @586
-    _X509_NAME_set                      @587
-    _X509_OBJECT_free_contents          @588
-    _X509_OBJECT_retrieve_by_subject    @589
-    _X509_OBJECT_up_ref_count           @590
-    _X509_PKEY_free                     @591
-    _X509_PKEY_new                      @592
-    _X509_PUBKEY_free                   @593
-    _X509_PUBKEY_get                    @594
-    _X509_PUBKEY_new                    @595
-    _X509_PUBKEY_set                    @596
-    _X509_REQ_INFO_free                 @597
-    _X509_REQ_INFO_new                  @598
-    _X509_REQ_dup                       @599
-    _X509_REQ_free                      @600
-    _X509_REQ_get_pubkey                @601
-    _X509_REQ_new                       @602
-    _X509_REQ_print                     @603
-    _X509_REQ_set_pubkey                @605
-    _X509_REQ_set_subject_name          @606
-    _X509_REQ_set_version               @607
-    _X509_REQ_sign                      @608
-    _X509_REQ_to_X509                   @609
-    _X509_REQ_verify                    @610
-    _X509_REVOKED_add_ext               @611
-    _X509_REVOKED_delete_ext            @612
-    _X509_REVOKED_free                  @613
-    _X509_REVOKED_get_ext               @614
-    _X509_REVOKED_get_ext_by_NID        @615
-    _X509_REVOKED_get_ext_by_OBJ        @616
-    _X509_REVOKED_get_ext_by_critical   @617
-    _X509_REVOKED_get_ext_count         @618
-    _X509_REVOKED_new                   @619
-    _X509_SIG_free                      @620
-    _X509_SIG_new                       @621
-    _X509_STORE_CTX_cleanup             @622
-    _X509_STORE_CTX_get_chain           @1014
-    _X509_STORE_CTX_get_current_cert    @1015
-    _X509_STORE_CTX_get_error           @1016
-    _X509_STORE_CTX_get_error_depth     @1017
-    _X509_STORE_CTX_get_ex_data         @1018
-    _X509_STORE_CTX_get_ex_new_index    @1100
-    _X509_STORE_CTX_init                @623
-    _X509_STORE_CTX_set_cert            @1020
-    _X509_STORE_CTX_set_chain           @1021
-    _X509_STORE_CTX_set_error           @1022
-    _X509_STORE_CTX_set_ex_data         @1023
-    _X509_STORE_add_cert                @624
-    _X509_STORE_add_crl                 @957
-    _X509_STORE_add_lookup              @625
-    _X509_STORE_free                    @626
-    _X509_STORE_get_by_subject          @627
-    _X509_STORE_load_locations          @628
-    _X509_STORE_new                     @629
-    _X509_STORE_set_default_paths       @630
-    _X509_VAL_free                      @631
-    _X509_VAL_new                       @632
-    _X509_add_ext                       @633
-    _X509_asn1_meth                     @634
-    _X509_certificate_type              @635
-    _X509_check_private_key             @636
-    _X509_cmp_current_time              @637
-    _X509_delete_ext                    @638
-    _X509_digest                        @639
-    _X509_dup                           @640
-    _X509_find_by_issuer_and_serial     @920
-    _X509_find_by_subject               @921
-    _X509_free                          @641
-    _X509_get_default_cert_area         @642
-    _X509_get_default_cert_dir          @643
-    _X509_get_default_cert_dir_env      @644
-    _X509_get_default_cert_file         @645
-    _X509_get_default_cert_file_env     @646
-    _X509_get_default_private_dir       @647
-    _X509_get_ext                       @648
-    _X509_get_ext_by_NID                @649
-    _X509_get_ext_by_OBJ                @650
-    _X509_get_ext_by_critical           @651
-    _X509_get_ext_count                 @652
-    _X509_get_issuer_name               @653
-    _X509_get_pubkey                    @654
-    _X509_get_pubkey_parameters         @655
-    _X509_get_serialNumber              @656
-    _X509_get_subject_name              @657
-    _X509_gmtime_adj                    @658
-    _X509_issuer_and_serial_cmp         @659
-    _X509_issuer_and_serial_hash        @660
-    _X509_issuer_name_cmp               @661
-    _X509_issuer_name_hash              @662
-    _X509_load_cert_file                @663
-    _X509_load_crl_file                 @958
-    _X509_new                           @664
-    _X509_print                         @665
-    _X509_set_issuer_name               @667
-    _X509_set_notAfter                  @668
-    _X509_set_notBefore                 @669
-    _X509_set_pubkey                    @670
-    _X509_set_serialNumber              @671
-    _X509_set_subject_name              @672
-    _X509_set_version                   @673
-    _X509_sign                          @674
-    _X509_subject_name_cmp              @675
-    _X509_subject_name_hash             @676
-    _X509_to_X509_REQ                   @677
-    _X509_verify                        @678
-    _X509_verify_cert                   @679
-    _X509_verify_cert_error_string      @680
-    _X509v3_add_ext                     @681
-    _X509v3_add_extension               @682
-    _X509v3_add_netscape_extensions     @683
-    _X509v3_add_standard_extensions     @684
-    _X509v3_cleanup_extensions          @685
-    _X509v3_data_type_by_NID            @686
-    _X509v3_data_type_by_OBJ            @687
-    _X509v3_delete_ext                  @688
-    _X509v3_get_ext                     @689
-    _X509v3_get_ext_by_NID              @690
-    _X509v3_get_ext_by_OBJ              @691
-    _X509v3_get_ext_by_critical         @692
-    _X509v3_get_ext_count               @693
-    _X509v3_pack_string                 @694
-    _X509v3_pack_type_by_NID            @695
-    _X509v3_pack_type_by_OBJ            @696
-    _X509v3_unpack_string               @697
-    _a2d_ASN1_OBJECT                    @699
-    _a2i_ASN1_INTEGER                   @700
-    _a2i_ASN1_STRING                    @701
-    _asn1_Finish                        @702
-    _asn1_GetSequence                   @703
-    _asn1_add_error                     @1091
-    _bn_add_words                       @1039
-    _bn_cmp_words                       @1123
-    _bn_div_words                       @704
-    _bn_expand2                         @705
-    _bn_mul_add_words                   @706
-    _bn_mul_comba4                      @1119
-    _bn_mul_comba8                      @1118
-    _bn_mul_low_normal                  @1127
-    _bn_mul_normal                      @1117
-    _bn_mul_part_recursive              @1125
-    _bn_mul_recursive                   @1124
-    _bn_mul_words                       @707
-    _bn_sqr_comba4                      @1122
-    _bn_sqr_comba8                      @1121
-    _bn_sqr_normal                      @1120
-    _bn_sqr_recursive                   @1126
-    _bn_sqr_words                       @710
-    _bn_sub_words                       @1116
-    _crypt                              @711
-    _d2i_ASN1_BIT_STRING                @712
-    _d2i_ASN1_BMPSTRING                 @1092
-    _d2i_ASN1_BOOLEAN                   @713
-    _d2i_ASN1_HEADER                    @714
-    _d2i_ASN1_IA5STRING                 @715
-    _d2i_ASN1_INTEGER                   @716
-    _d2i_ASN1_OBJECT                    @717
-    _d2i_ASN1_OCTET_STRING              @718
-    _d2i_ASN1_PRINTABLE                 @719
-    _d2i_ASN1_PRINTABLESTRING           @720
-    _d2i_ASN1_SET                       @721
-    _d2i_ASN1_T61STRING                 @722
-    _d2i_ASN1_TYPE                      @723
-    _d2i_ASN1_UTCTIME                   @724
-    _d2i_ASN1_bytes                     @725
-    _d2i_ASN1_type_bytes                @726
-    _d2i_DHparams                       @727
-    _d2i_DSAPrivateKey                  @728
-    _d2i_DSAPrivateKey_bio              @729
-    _d2i_DSAPublicKey                   @731
-    _d2i_DSAparams                      @732
-    _d2i_NETSCAPE_SPKAC                 @733
-    _d2i_NETSCAPE_SPKI                  @734
-    _d2i_Netscape_RSA                   @735
-    _d2i_Netscape_RSA_2                 @1040
-    _d2i_PKCS7                          @736
-    _d2i_PKCS7_DIGEST                   @737
-    _d2i_PKCS7_ENCRYPT                  @738
-    _d2i_PKCS7_ENC_CONTENT              @739
-    _d2i_PKCS7_ENVELOPE                 @740
-    _d2i_PKCS7_ISSUER_AND_SERIAL        @741
-    _d2i_PKCS7_RECIP_INFO               @742
-    _d2i_PKCS7_SIGNED                   @743
-    _d2i_PKCS7_SIGNER_INFO              @744
-    _d2i_PKCS7_SIGN_ENVELOPE            @745
-    _d2i_PKCS7_bio                      @746
-    _d2i_PrivateKey                     @748
-    _d2i_PublicKey                      @749
-    _d2i_RSAPrivateKey                  @750
-    _d2i_RSAPrivateKey_bio              @751
-    _d2i_RSAPublicKey                   @753
-    _d2i_RSAPublicKey_bio               @945
-    _d2i_X509                           @754
-    _d2i_X509_ALGOR                     @755
-    _d2i_X509_ATTRIBUTE                 @756
-    _d2i_X509_CINF                      @757
-    _d2i_X509_CRL                       @758
-    _d2i_X509_CRL_INFO                  @759
-    _d2i_X509_CRL_bio                   @760
-    _d2i_X509_EXTENSION                 @762
-    _d2i_X509_NAME                      @763
-    _d2i_X509_NAME_ENTRY                @764
-    _d2i_X509_PKEY                      @765
-    _d2i_X509_PUBKEY                    @766
-    _d2i_X509_REQ                       @767
-    _d2i_X509_REQ_INFO                  @768
-    _d2i_X509_REQ_bio                   @769
-    _d2i_X509_REVOKED                   @771
-    _d2i_X509_SIG                       @772
-    _d2i_X509_VAL                       @773
-    _d2i_X509_bio                       @774
-    _des_cbc_cksum                      @777
-    _des_cbc_encrypt                    @778
-    _des_cblock_print_file              @779
-    _des_cfb64_encrypt                  @780
-    _des_cfb_encrypt                    @781
-    _des_decrypt3                       @782
-    _des_ecb3_encrypt                   @783
-    _des_ecb_encrypt                    @784
-    _des_ede3_cbc_encrypt               @785
-    _des_ede3_cfb64_encrypt             @786
-    _des_ede3_ofb64_encrypt             @787
-    _des_enc_read                       @788
-    _des_enc_write                      @789
-    _des_encrypt                        @790
-    _des_encrypt2                       @791
-    _des_encrypt3                       @792
-    _des_fcrypt                         @793
-    _des_is_weak_key                    @794
-    _des_key_sched                      @795
-    _des_ncbc_encrypt                   @796
-    _des_ofb64_encrypt                  @797
-    _des_ofb_encrypt                    @798
-    _des_options                        @799
-    _des_pcbc_encrypt                   @800
-    _des_quad_cksum                     @801
-    _des_random_key                     @802
-    _des_random_seed                    @803
-    _des_read_2passwords                @804
-    _des_read_password                  @805
-    _des_read_pw                        @806
-    _des_read_pw_string                 @807
-    _des_set_key                        @808
-    _des_set_odd_parity                 @809
-    _des_string_to_2keys                @810
-    _des_string_to_key                  @811
-    _des_xcbc_encrypt                   @812
-    _des_xwhite_in2out                  @813
-    _i2a_ASN1_INTEGER                   @815
-    _i2a_ASN1_OBJECT                    @816
-    _i2a_ASN1_STRING                    @817
-    _i2d_ASN1_BIT_STRING                @818
-    _i2d_ASN1_BMPSTRING                 @1093
-    _i2d_ASN1_BOOLEAN                   @819
-    _i2d_ASN1_HEADER                    @820
-    _i2d_ASN1_IA5STRING                 @821
-    _i2d_ASN1_INTEGER                   @822
-    _i2d_ASN1_OBJECT                    @823
-    _i2d_ASN1_OCTET_STRING              @824
-    _i2d_ASN1_PRINTABLE                 @825
-    _i2d_ASN1_SET                       @826
-    _i2d_ASN1_TYPE                      @827
-    _i2d_ASN1_UTCTIME                   @828
-    _i2d_ASN1_bytes                     @829
-    _i2d_DHparams                       @830
-    _i2d_DSAPrivateKey                  @831
-    _i2d_DSAPrivateKey_bio              @832
-    _i2d_DSAPublicKey                   @834
-    _i2d_DSAparams                      @835
-    _i2d_NETSCAPE_SPKAC                 @836
-    _i2d_NETSCAPE_SPKI                  @837
-    _i2d_Netscape_RSA                   @838
-    _i2d_PKCS7                          @839
-    _i2d_PKCS7_DIGEST                   @840
-    _i2d_PKCS7_ENCRYPT                  @841
-    _i2d_PKCS7_ENC_CONTENT              @842
-    _i2d_PKCS7_ENVELOPE                 @843
-    _i2d_PKCS7_ISSUER_AND_SERIAL        @844
-    _i2d_PKCS7_RECIP_INFO               @845
-    _i2d_PKCS7_SIGNED                   @846
-    _i2d_PKCS7_SIGNER_INFO              @847
-    _i2d_PKCS7_SIGN_ENVELOPE            @848
-    _i2d_PKCS7_bio                      @849
-    _i2d_PrivateKey                     @851
-    _i2d_PublicKey                      @852
-    _i2d_RSAPrivateKey                  @853
-    _i2d_RSAPrivateKey_bio              @854
-    _i2d_RSAPublicKey                   @856
-    _i2d_RSAPublicKey_bio               @946
-    _i2d_X509                           @857
-    _i2d_X509_ALGOR                     @858
-    _i2d_X509_ATTRIBUTE                 @859
-    _i2d_X509_CINF                      @860
-    _i2d_X509_CRL                       @861
-    _i2d_X509_CRL_INFO                  @862
-    _i2d_X509_CRL_bio                   @863
-    _i2d_X509_EXTENSION                 @865
-    _i2d_X509_NAME                      @866
-    _i2d_X509_NAME_ENTRY                @867
-    _i2d_X509_PKEY                      @868
-    _i2d_X509_PUBKEY                    @869
-    _i2d_X509_REQ                       @870
-    _i2d_X509_REQ_INFO                  @871
-    _i2d_X509_REQ_bio                   @872
-    _i2d_X509_REVOKED                   @874
-    _i2d_X509_SIG                       @875
-    _i2d_X509_VAL                       @876
-    _i2d_X509_bio                       @877
-    _i2t_ASN1_OBJECT                    @979
-    _idea_cbc_encrypt                   @879
-    _idea_cfb64_encrypt                 @880
-    _idea_ecb_encrypt                   @881
-    _idea_encrypt                       @882
-    _idea_ofb64_encrypt                 @883
-    _idea_options                       @884
-    _idea_set_decrypt_key               @885
-    _idea_set_encrypt_key               @886
-    _lh_delete                          @887
-    _lh_doall                           @888
-    _lh_doall_arg                       @889
-    _lh_free                            @890
-    _lh_insert                          @891
-    _lh_new                             @892
-    _lh_node_stats_bio                  @894
-    _lh_node_usage_stats_bio            @896
-    _lh_retrieve                        @897
-    _lh_stats_bio                       @899
-    _lh_strhash                         @900
-    _ms_time_cmp                        @1151
-    _ms_time_diff                       @1148
-    _ms_time_free                       @1150
-    _ms_time_get                        @1152
-    _ms_time_new                        @1149
-    _sk_delete                          @901
-    _sk_delete_ptr                      @902
-    _sk_dup                             @903
-    _sk_find                            @904
-    _sk_free                            @905
-    _sk_insert                          @906
-    _sk_new                             @907
-    _sk_pop                             @908
-    _sk_pop_free                        @909
-    _sk_push                            @910
-    _sk_set_cmp_func                    @911
-    _sk_shift                           @912
-    _sk_unshift                         @913
-    _sk_zero                            @914
-
diff --git a/ms/libeay32.def b/ms/libeay32.def
deleted file mode 100644
index 509a4085e2..0000000000
--- a/ms/libeay32.def
+++ /dev/null
@@ -1,1108 +0,0 @@
-;
-; Definition file for the DDL version of the LIBEAY32 library from SSLeay
-;
-
-LIBRARY         LIBEAY32
-
-DESCRIPTION     'SSLeay LIBEAY32 - eay@cryptsoft.com'
-
-EXPORTS
-    SSLeay                             @1
-    SSLeay_add_all_algorithms          @508
-    SSLeay_add_all_ciphers             @509
-    SSLeay_add_all_digests             @510
-    SSLeay_version                     @2
-    ASN1_BIT_STRING_asn1_meth          @3
-    ASN1_BIT_STRING_get_bit            @1060
-    ASN1_BIT_STRING_set_bit            @1061
-    ASN1_HEADER_free                   @4
-    ASN1_HEADER_new                    @5
-    ASN1_IA5STRING_asn1_meth           @6
-    ASN1_INTEGER_get                   @7
-    ASN1_INTEGER_set                   @8
-    ASN1_INTEGER_to_BN                 @9
-    ASN1_OBJECT_create                 @10
-    ASN1_OBJECT_free                   @11
-    ASN1_OBJECT_new                    @12
-    ASN1_PRINTABLE_type                @13
-    ASN1_STRING_cmp                    @14
-    ASN1_STRING_dup                    @15
-    ASN1_STRING_free                   @16
-    ASN1_STRING_new                    @17
-    ASN1_STRING_print                  @18
-    ASN1_STRING_set                    @19
-    ASN1_STRING_type_new               @20
-    ASN1_TYPE_free                     @21
-    ASN1_TYPE_get                      @916
-    ASN1_TYPE_get_int_octetstring      @1076
-    ASN1_TYPE_get_octetstring          @1077
-    ASN1_TYPE_new                      @22
-    ASN1_TYPE_set                      @917
-    ASN1_TYPE_set_int_octetstring      @1078
-    ASN1_TYPE_set_octetstring          @1079
-    ASN1_UNIVERSALSTRING_to_string     @23
-    ASN1_UTCTIME_check                 @24
-    ASN1_UTCTIME_print                 @25
-    ASN1_UTCTIME_set                   @26
-    ASN1_UTCTIME_set_string            @1080
-    ASN1_check_infinite_end            @27
-    ASN1_d2i_bio                       @28
-    ASN1_d2i_fp                        @29
-    ASN1_digest                        @30
-    ASN1_dup                           @31
-    ASN1_get_object                    @32
-    ASN1_i2d_bio                       @33
-    ASN1_i2d_fp                        @34
-    ASN1_object_size                   @35
-    ASN1_parse                         @36
-    ASN1_put_object                    @37
-    ASN1_sign                          @38
-    ASN1_verify                        @39
-    BF_cbc_encrypt                     @40
-    BF_cfb64_encrypt                   @41
-    BF_decrypt                         @987
-    BF_ecb_encrypt                     @42
-    BF_encrypt                         @43
-    BF_ofb64_encrypt                   @44
-    BF_options                         @45
-    BF_set_key                         @46
-    BIO_accept                         @51
-    BIO_copy_next_retry                @955
-    BIO_ctrl                           @52
-    BIO_debug_callback                 @54
-    BIO_dump                           @55
-    BIO_dup_chain                      @56
-    BIO_f_base64                       @57
-    BIO_f_buffer                       @58
-    BIO_f_cipher                       @59
-    BIO_f_md                           @60
-    BIO_f_nbio_test                    @915
-    BIO_f_null                         @61
-    BIO_f_proxy_server                 @62
-    BIO_fd_non_fatal_error             @63
-    BIO_fd_should_retry                @64
-    BIO_find_type                      @65
-    BIO_free                           @66
-    BIO_free_all                       @67
-    BIO_get_accept_socket              @69
-    BIO_get_filter_bio                 @70
-    BIO_get_host_ip                    @71
-    BIO_get_port                       @72
-    BIO_get_retry_BIO                  @73
-    BIO_get_retry_reason               @74
-    BIO_gethostbyname                  @75
-    BIO_gets                           @76
-    BIO_ghbn_ctrl                      @1003
-    BIO_int_ctrl                       @53
-    BIO_new                            @78
-    BIO_new_accept                     @79
-    BIO_new_connect                    @80
-    BIO_new_fd                         @81
-    BIO_new_file                       @82
-    BIO_new_fp                         @83
-    BIO_new_socket                     @84
-    BIO_new_socks4a_connect            @1110
-    BIO_pop                            @85
-    BIO_printf                         @86
-    BIO_ptr_ctrl                       @969
-    BIO_push                           @87
-    BIO_puts                           @88
-    BIO_read                           @89
-    BIO_s_accept                       @90
-    BIO_s_connect                      @91
-    BIO_s_fd                           @92
-    BIO_s_file                         @93
-    BIO_s_mem                          @95
-    BIO_s_null                         @96
-    BIO_s_proxy_client                 @97
-    BIO_s_socket                       @98
-    BIO_s_socks4a_connect              @1111
-    BIO_set                            @100
-    BIO_set_cipher                     @101
-    BIO_set_tcp_ndelay                 @102
-    BIO_sock_cleanup                   @103
-    BIO_sock_error                     @104
-    BIO_sock_init                      @105
-    BIO_sock_non_fatal_error           @106
-    BIO_sock_should_retry              @107
-    BIO_socket_ioctl                   @108
-    BIO_socket_nbio                    @1102
-    BIO_write                          @109
-    BN_BLINDING_convert                @973
-    BN_BLINDING_free                   @981
-    BN_BLINDING_invert                 @974
-    BN_BLINDING_new                    @980
-    BN_BLINDING_update                 @975
-    BN_CTX_free                        @110
-    BN_CTX_init                        @1135
-    BN_CTX_new                         @111
-    BN_MONT_CTX_free                   @112
-    BN_MONT_CTX_init                   @1136
-    BN_MONT_CTX_new                    @113
-    BN_MONT_CTX_set                    @114
-    BN_RECP_CTX_free                   @1130
-    BN_RECP_CTX_init                   @1128
-    BN_RECP_CTX_new                    @1129
-    BN_RECP_CTX_set                    @1131
-    BN_add                             @115
-    BN_add_word                        @116
-    BN_bin2bn                          @118
-    BN_bn2bin                          @120
-    BN_bn2dec                          @1002
-    BN_bn2hex                          @119
-    BN_bn2mpi                          @1058
-    BN_clear                           @121
-    BN_clear_bit                       @122
-    BN_clear_free                      @123
-    BN_cmp                             @124
-    BN_copy                            @125
-    BN_dec2bn                          @1001
-    BN_div                             @126
-    BN_div_recp                        @1134
-    BN_div_word                        @127
-    BN_dup                             @128
-    BN_exp                             @998
-    BN_free                            @129
-    BN_from_montgomery                 @130
-    BN_gcd                             @131
-    BN_generate_prime                  @132
-    BN_get_word                        @133
-    BN_hex2bn                          @117
-    BN_init                            @1095
-    BN_is_bit_set                      @134
-    BN_is_prime                        @135
-    BN_lshift                          @136
-    BN_lshift1                         @137
-    BN_mask_bits                       @138
-    BN_mod                             @139
-    BN_mod_exp                         @140
-    BN_mod_exp_mont                    @141
-    BN_mod_exp_recp                    @1133
-    BN_mod_exp_simple                  @143
-    BN_mod_inverse                     @144
-    BN_mod_mul                         @145
-    BN_mod_mul_montgomery              @146
-    BN_mod_mul_reciprocal              @1132
-    BN_mod_word                        @148
-    BN_mpi2bn                          @1059
-    BN_mul                             @149
-    BN_mul_word                        @999
-    BN_new                             @150
-    BN_num_bits                        @151
-    BN_num_bits_word                   @152
-    BN_options                         @153
-    BN_print                           @154
-    BN_print_fp                        @155
-    BN_rand                            @156
-    BN_reciprocal                      @157
-    BN_rshift                          @158
-    BN_rshift1                         @159
-    BN_set_bit                         @160
-    BN_set_word                        @161
-    BN_sqr                             @162
-    BN_sub                             @163
-    BN_sub_word                        @1000
-    BN_to_ASN1_INTEGER                 @164
-    BN_uadd                            @708
-    BN_ucmp                            @165
-    BN_usub                            @709
-    BN_value_one                       @166
-    BUF_MEM_free                       @167
-    BUF_MEM_grow                       @168
-    BUF_MEM_new                        @169
-    BUF_strdup                         @170
-    CAST_cbc_encrypt                   @992
-    CAST_cfb64_encrypt                 @993
-    CAST_decrypt                       @990
-    CAST_ecb_encrypt                   @991
-    CAST_encrypt                       @989
-    CAST_ofb64_encrypt                 @994
-    CAST_set_key                       @988
-    COMP_CTX_free                      @1097
-    COMP_CTX_new                       @1096
-    COMP_compress_block                @1144
-    COMP_expand_block                  @1145
-    COMP_rle                           @1146
-    COMP_zlib                          @1147
-    CONF_free                          @171
-    CONF_get_number                    @172
-    CONF_get_section                   @173
-    CONF_get_string                    @174
-    CONF_load                          @175
-    CRYPTO_add_lock                    @176
-    CRYPTO_dbg_free                    @177
-    CRYPTO_dbg_malloc                  @178
-    CRYPTO_dbg_realloc                 @179
-    CRYPTO_dbg_remalloc                @180
-    CRYPTO_dup_ex_data                 @1025
-    CRYPTO_free                        @181
-    CRYPTO_free_ex_data                @1004
-    CRYPTO_get_add_lock_callback       @182
-    CRYPTO_get_ex_data                 @1005
-    CRYPTO_get_ex_new_index            @1041
-    CRYPTO_get_id_callback             @183
-    CRYPTO_get_lock_name               @184
-    CRYPTO_get_locking_callback        @185
-    CRYPTO_get_mem_functions           @186
-    CRYPTO_get_new_lockid              @1026
-    CRYPTO_lock                        @187
-    CRYPTO_malloc                      @188
-    CRYPTO_mem_ctrl                    @189
-    CRYPTO_mem_leaks                   @190
-    CRYPTO_mem_leaks_cb                @191
-    CRYPTO_mem_leaks_fp                @192
-    CRYPTO_new_ex_data                 @1027
-    CRYPTO_realloc                     @193
-    CRYPTO_remalloc                    @194
-    CRYPTO_set_add_lock_callback       @195
-    CRYPTO_set_ex_data                 @1007
-    CRYPTO_set_id_callback             @196
-    CRYPTO_set_locking_callback        @197
-    CRYPTO_set_mem_functions           @198
-    CRYPTO_thread_id                   @199
-    DH_check                           @200
-    DH_compute_key                     @201
-    DH_free                            @202
-    DH_generate_key                    @203
-    DH_generate_parameters             @204
-    DH_new                             @205
-    DH_size                            @206
-    DHparams_print                     @207
-    DHparams_print_fp                  @208
-    DSA_free                           @209
-    DSA_generate_key                   @210
-    DSA_generate_parameters            @211
-    DSA_is_prime                       @212
-    DSA_new                            @213
-    DSA_print                          @214
-    DSA_print_fp                       @215
-    DSA_sign                           @216
-    DSA_sign_setup                     @217
-    DSA_size                           @218
-    DSA_verify                         @219
-    DSAparams_print                    @220
-    DSAparams_print_fp                 @221
-    ERR_add_error_data                 @1081
-    ERR_clear_error                    @222
-    ERR_error_string                   @223
-    ERR_free_strings                   @224
-    ERR_func_error_string              @225
-    ERR_get_err_state_table            @226
-    ERR_get_error                      @227
-    ERR_get_error_line                 @228
-    ERR_get_next_error_library         @966
-    ERR_get_state                      @229
-    ERR_get_string_table               @230
-    ERR_lib_error_string               @231
-    ERR_load_ASN1_strings              @232
-    ERR_load_BIO_strings               @233
-    ERR_load_BN_strings                @234
-    ERR_load_BUF_strings               @235
-    ERR_load_CONF_strings              @236
-    ERR_load_CRYPTO_strings            @1009
-    ERR_load_DH_strings                @237
-    ERR_load_DSA_strings               @238
-    ERR_load_ERR_strings               @239
-    ERR_load_EVP_strings               @240
-    ERR_load_OBJ_strings               @241
-    ERR_load_PEM_strings               @242
-    ERR_load_PKCS7_strings             @919
-    ERR_load_PROXY_strings             @243
-    ERR_load_RSA_strings               @244
-    ERR_load_X509_strings              @245
-    ERR_load_crypto_strings            @246
-    ERR_load_strings                   @247
-    ERR_peek_error                     @248
-    ERR_peek_error_line                @249
-    ERR_print_errors                   @250
-    ERR_print_errors_fp                @251
-    ERR_put_error                      @252
-    ERR_reason_error_string            @253
-    ERR_remove_state                   @254
-    ERR_set_error_data                 @1082
-    EVP_BytesToKey                     @255
-    EVP_CIPHER_CTX_cleanup             @256
-    EVP_CIPHER_CTX_init                @961
-    EVP_CIPHER_asn1_to_param           @1083
-    EVP_CIPHER_get_asn1_iv             @1085
-    EVP_CIPHER_param_to_asn1           @1084
-    EVP_CIPHER_set_asn1_iv             @1086
-    EVP_CipherFinal                    @257
-    EVP_CipherInit                     @258
-    EVP_CipherUpdate                   @259
-    EVP_DecodeBlock                    @260
-    EVP_DecodeFinal                    @261
-    EVP_DecodeInit                     @262
-    EVP_DecodeUpdate                   @263
-    EVP_DecryptFinal                   @264
-    EVP_DecryptInit                    @265
-    EVP_DecryptUpdate                  @266
-    EVP_DigestFinal                    @267
-    EVP_DigestInit                     @268
-    EVP_DigestUpdate                   @269
-    EVP_EncodeBlock                    @270
-    EVP_EncodeFinal                    @271
-    EVP_EncodeInit                     @272
-    EVP_EncodeUpdate                   @273
-    EVP_EncryptFinal                   @274
-    EVP_EncryptInit                    @275
-    EVP_EncryptUpdate                  @276
-    EVP_OpenFinal                      @277
-    EVP_OpenInit                       @278
-    EVP_PKEY_assign                    @279
-    EVP_PKEY_bits                      @1010
-    EVP_PKEY_cmp_parameters            @967
-    EVP_PKEY_copy_parameters           @280
-    EVP_PKEY_decrypt                   @1070
-    EVP_PKEY_encrypt                   @1071
-    EVP_PKEY_free                      @281
-    EVP_PKEY_missing_parameters        @282
-    EVP_PKEY_new                       @283
-    EVP_PKEY_save_parameters           @284
-    EVP_PKEY_size                      @285
-    EVP_PKEY_type                      @286
-    EVP_SealFinal                      @287
-    EVP_SealInit                       @288
-    EVP_SignFinal                      @289
-    EVP_VerifyFinal                    @290
-    EVP_add_cipher                     @292
-    EVP_add_digest                     @293
-    EVP_bf_cbc                         @294
-    EVP_bf_cfb                         @295
-    EVP_bf_ecb                         @296
-    EVP_bf_ofb                         @297
-    EVP_cast5_cbc                      @983
-    EVP_cast5_cfb                      @984
-    EVP_cast5_ecb                      @985
-    EVP_cast5_ofb                      @986
-    EVP_cleanup                        @298
-    EVP_des_cbc                        @299
-    EVP_des_cfb                        @300
-    EVP_des_ecb                        @301
-    EVP_des_ede                        @302
-    EVP_des_ede3                       @303
-    EVP_des_ede3_cbc                   @304
-    EVP_des_ede3_cfb                   @305
-    EVP_des_ede3_ofb                   @306
-    EVP_des_ede_cbc                    @307
-    EVP_des_ede_cfb                    @308
-    EVP_des_ede_ofb                    @309
-    EVP_des_ofb                        @310
-    EVP_desx_cbc                       @311
-    EVP_dss                            @312
-    EVP_dss1                           @313
-    EVP_enc_null                       @314
-    EVP_get_cipherbyname               @315
-    EVP_get_digestbyname               @316
-    EVP_get_pw_prompt                  @317
-    EVP_idea_cbc                       @318
-    EVP_idea_cfb                       @319
-    EVP_idea_ecb                       @320
-    EVP_idea_ofb                       @321
-    EVP_md2                            @322
-    EVP_md5                            @323
-    EVP_md_null                        @324
-    EVP_mdc2                           @942
-    EVP_rc2_40_cbc                     @959
-    EVP_rc2_64_cbc                     @1103
-    EVP_rc2_cbc                        @325
-    EVP_rc2_cfb                        @326
-    EVP_rc2_ecb                        @327
-    EVP_rc2_ofb                        @328
-    EVP_rc4                            @329
-    EVP_rc4_40                         @960
-    EVP_rc5_32_12_16_cbc               @1087
-    EVP_rc5_32_12_16_cfb               @1088
-    EVP_rc5_32_12_16_ecb               @1089
-    EVP_rc5_32_12_16_ofb               @1090
-    EVP_read_pw_string                 @330
-    EVP_set_pw_prompt                  @331
-    EVP_sha                            @332
-    EVP_sha1                           @333
-    HMAC                               @962
-    HMAC_Final                         @965
-    HMAC_Init                          @963
-    HMAC_Update                        @964
-    HMAC_cleanup                       @968
-    MD2                                @334
-    MD2_Final                          @335
-    MD2_Init                           @336
-    MD2_Update                         @337
-    MD2_options                        @338
-    MD5                                @339
-    MD5_Final                          @340
-    MD5_Init                           @341
-    MD5_Transform                      @1011
-    MD5_Update                         @342
-    MDC2                               @343
-    MDC2_Final                         @344
-    MDC2_Init                          @345
-    MDC2_Update                        @346
-    NETSCAPE_SPKAC_free                @347
-    NETSCAPE_SPKAC_new                 @348
-    NETSCAPE_SPKI_free                 @349
-    NETSCAPE_SPKI_new                  @350
-    NETSCAPE_SPKI_sign                 @351
-    NETSCAPE_SPKI_verify               @352
-    OBJ_NAME_add                       @1101
-    OBJ_NAME_cleanup                   @1104
-    OBJ_NAME_get                       @1105
-    OBJ_NAME_init                      @1106
-    OBJ_NAME_new_index                 @1107
-    OBJ_NAME_remove                    @1108
-    OBJ_add_object                     @353
-    OBJ_bsearch                        @354
-    OBJ_cleanup                        @355
-    OBJ_cmp                            @356
-    OBJ_create                         @357
-    OBJ_create_objects                 @997
-    OBJ_dup                            @358
-    OBJ_ln2nid                         @359
-    OBJ_new_nid                        @360
-    OBJ_nid2ln                         @361
-    OBJ_nid2obj                        @362
-    OBJ_nid2sn                         @363
-    OBJ_obj2nid                        @364
-    OBJ_sn2nid                         @365
-    OBJ_txt2nid                        @366
-    PEM_ASN1_read                      @367
-    PEM_ASN1_read_bio                  @368
-    PEM_ASN1_write                     @369
-    PEM_ASN1_write_bio                 @370
-    PEM_SealFinal                      @371
-    PEM_SealInit                       @372
-    PEM_SealUpdate                     @373
-    PEM_SignFinal                      @374
-    PEM_X509_INFO_read                 @377
-    PEM_X509_INFO_read_bio             @378
-    PEM_X509_INFO_write_bio            @379
-    PEM_dek_info                       @380
-    PEM_do_header                      @381
-    PEM_get_EVP_CIPHER_INFO            @382
-    PEM_proc_type                      @383
-    PEM_read                           @384
-    PEM_read_DHparams                  @385
-    PEM_read_DSAPrivateKey             @386
-    PEM_read_DSAparams                 @387
-    PEM_read_PKCS7                     @388
-    PEM_read_PrivateKey                @389
-    PEM_read_RSAPrivateKey             @390
-    PEM_read_RSAPublicKey              @947
-    PEM_read_X509                      @391
-    PEM_read_X509_CRL                  @392
-    PEM_read_X509_REQ                  @393
-    PEM_read_bio                       @394
-    PEM_read_bio_DHparams              @395
-    PEM_read_bio_DSAPrivateKey         @396
-    PEM_read_bio_DSAparams             @397
-    PEM_read_bio_PKCS7                 @398
-    PEM_read_bio_PrivateKey            @399
-    PEM_read_bio_RSAPrivateKey         @400
-    PEM_read_bio_RSAPublicKey          @943
-    PEM_read_bio_X509                  @401
-    PEM_read_bio_X509_CRL              @402
-    PEM_read_bio_X509_REQ              @403
-    PEM_write                          @404
-    PEM_write_DHparams                 @405
-    PEM_write_DSAPrivateKey            @406
-    PEM_write_DSAparams                @407
-    PEM_write_PKCS7                    @408
-    PEM_write_PrivateKey               @409
-    PEM_write_RSAPrivateKey            @410
-    PEM_write_RSAPublicKey             @949
-    PEM_write_X509                     @411
-    PEM_write_X509_CRL                 @412
-    PEM_write_X509_REQ                 @413
-    PEM_write_bio                      @414
-    PEM_write_bio_DHparams             @415
-    PEM_write_bio_DSAPrivateKey        @416
-    PEM_write_bio_DSAparams            @417
-    PEM_write_bio_PKCS7                @418
-    PEM_write_bio_PrivateKey           @419
-    PEM_write_bio_RSAPrivateKey        @420
-    PEM_write_bio_RSAPublicKey         @944
-    PEM_write_bio_X509                 @421
-    PEM_write_bio_X509_CRL             @422
-    PEM_write_bio_X509_REQ             @423
-    PKCS7_DIGEST_free                  @424
-    PKCS7_DIGEST_new                   @425
-    PKCS7_ENCRYPT_free                 @426
-    PKCS7_ENCRYPT_new                  @427
-    PKCS7_ENC_CONTENT_free             @428
-    PKCS7_ENC_CONTENT_new              @429
-    PKCS7_ENVELOPE_free                @430
-    PKCS7_ENVELOPE_new                 @431
-    PKCS7_ISSUER_AND_SERIAL_digest     @432
-    PKCS7_ISSUER_AND_SERIAL_free       @433
-    PKCS7_ISSUER_AND_SERIAL_new        @434
-    PKCS7_RECIP_INFO_free              @435
-    PKCS7_RECIP_INFO_new               @436
-    PKCS7_RECIP_INFO_set               @1072
-    PKCS7_SIGNED_free                  @437
-    PKCS7_SIGNED_new                   @438
-    PKCS7_SIGNER_INFO_free             @439
-    PKCS7_SIGNER_INFO_new              @440
-    PKCS7_SIGNER_INFO_set              @930
-    PKCS7_SIGN_ENVELOPE_free           @441
-    PKCS7_SIGN_ENVELOPE_new            @442
-    PKCS7_add_attribute                @1138
-    PKCS7_add_certificate              @932
-    PKCS7_add_crl                      @933
-    PKCS7_add_recipient                @1073
-    PKCS7_add_recipient_info           @1074
-    PKCS7_add_signature                @938
-    PKCS7_add_signed_attribute         @1139
-    PKCS7_add_signer                   @931
-    PKCS7_cert_from_signer_info        @939
-    PKCS7_content_free                 @918
-    PKCS7_content_new                  @934
-    PKCS7_ctrl                         @927
-    PKCS7_dataInit                     @937
-    PKCS7_dataVerify                   @936
-    PKCS7_digest_from_attributes       @1140
-    PKCS7_dup                          @443
-    PKCS7_free                         @444
-    PKCS7_get_attribute                @1141
-    PKCS7_get_issuer_and_serial        @1142
-    PKCS7_get_signed_attribute         @1143
-    PKCS7_get_signer_info              @940
-    PKCS7_new                          @445
-    PKCS7_set_cipher                   @1075
-    PKCS7_set_content                  @929
-    PKCS7_set_type                     @928
-    PROXY_ENTRY_add_noproxy            @446
-    PROXY_ENTRY_clear_noproxy          @447
-    PROXY_ENTRY_free                   @448
-    PROXY_ENTRY_get_noproxy            @449
-    PROXY_ENTRY_new                    @450
-    PROXY_ENTRY_set_server             @451
-    PROXY_add_noproxy                  @452
-    PROXY_add_server                   @453
-    PROXY_check_by_host                @454
-    PROXY_check_url                    @455
-    PROXY_clear_noproxy                @456
-    PROXY_free                         @457
-    PROXY_get_noproxy                  @458
-    PROXY_get_proxies                  @459
-    PROXY_get_proxy_entry              @460
-    PROXY_load_conf                    @461
-    PROXY_new                          @462
-    PROXY_print                        @463
-    RAND_SSLeay                        @1113
-    RAND_bytes                         @464
-    RAND_cleanup                       @465
-    RAND_file_name                     @466
-    RAND_get_rand_method               @1137
-    RAND_load_file                     @467
-    RAND_screen                        @468
-    RAND_seed                          @469
-    RAND_set_rand_method               @1114
-    RAND_write_file                    @470
-    RC2_cbc_encrypt                    @471
-    RC2_cfb64_encrypt                  @472
-    RC2_decrypt                        @995
-    RC2_ecb_encrypt                    @473
-    RC2_encrypt                        @474
-    RC2_ofb64_encrypt                  @475
-    RC2_set_key                        @476
-    RC4                                @477
-    RC4_options                        @478
-    RC4_set_key                        @479
-    RC5_32_cbc_encrypt                 @1051
-    RC5_32_cfb64_encrypt               @1052
-    RC5_32_decrypt                     @1050
-    RC5_32_ecb_encrypt                 @1048
-    RC5_32_encrypt                     @1049
-    RC5_32_ofb64_encrypt               @1053
-    RC5_32_set_key                     @1047
-    RIPEMD160                          @1045
-    RIPEMD160_Final                    @1044
-    RIPEMD160_Init                     @1042
-    RIPEMD160_Transform                @1046
-    RIPEMD160_Update                   @1043
-    RSAPrivateKey_asn1_meth            @480
-    RSAPrivateKey_dup                  @481
-    RSAPublicKey_dup                   @482
-    RSA_PKCS1_SSLeay                   @483
-    RSA_blinding_off                   @978
-    RSA_blinding_on                    @977
-    RSA_flags                          @956
-    RSA_free                           @484
-    RSA_generate_key                   @485
-    RSA_get_ex_data                    @1029
-    RSA_get_ex_new_index               @1030
-    RSA_memory_lock                    @1115
-    RSA_new                            @486
-    RSA_new_method                     @487
-    RSA_padding_add_PKCS1_type_1       @1031
-    RSA_padding_add_PKCS1_type_2       @1032
-    RSA_padding_add_SSLv23             @1033
-    RSA_padding_add_none               @1034
-    RSA_padding_check_PKCS1_type_1     @1035
-    RSA_padding_check_PKCS1_type_2     @1036
-    RSA_padding_check_SSLv23           @1037
-    RSA_padding_check_none             @1038
-    RSA_print                          @488
-    RSA_print_fp                       @489
-    RSA_private_decrypt                @490
-    RSA_private_encrypt                @491
-    RSA_public_decrypt                 @492
-    RSA_public_encrypt                 @493
-    RSA_set_default_method             @494
-    RSA_set_ex_data                    @1028
-    RSA_sign                           @495
-    RSA_sign_ASN1_OCTET_STRING         @496
-    RSA_size                           @497
-    RSA_verify                         @498
-    RSA_verify_ASN1_OCTET_STRING       @499
-    SHA                                @500
-    SHA1                               @501
-    SHA1_Final                         @502
-    SHA1_Init                          @503
-    SHA1_Transform                     @1012
-    SHA1_Update                        @504
-    SHA_Final                          @505
-    SHA_Init                           @506
-    SHA_Transform                      @1013
-    SHA_Update                         @507
-    TXT_DB_create_index                @511
-    TXT_DB_free                        @512
-    TXT_DB_get_by_index                @513
-    TXT_DB_insert                      @514
-    TXT_DB_read                        @515
-    TXT_DB_write                       @516
-    X509_ALGOR_free                    @517
-    X509_ALGOR_new                     @518
-    X509_ATTRIBUTE_free                @519
-    X509_ATTRIBUTE_new                 @520
-    X509_CINF_free                     @521
-    X509_CINF_new                      @522
-    X509_CRL_INFO_free                 @523
-    X509_CRL_INFO_new                  @524
-    X509_CRL_add_ext                   @525
-    X509_CRL_cmp                       @526
-    X509_CRL_delete_ext                @527
-    X509_CRL_dup                       @528
-    X509_CRL_free                      @529
-    X509_CRL_get_ext                   @530
-    X509_CRL_get_ext_by_NID            @531
-    X509_CRL_get_ext_by_OBJ            @532
-    X509_CRL_get_ext_by_critical       @533
-    X509_CRL_get_ext_count             @534
-    X509_CRL_new                       @535
-    X509_CRL_sign                      @536
-    X509_CRL_verify                    @537
-    X509_EXTENSION_create_by_NID       @538
-    X509_EXTENSION_create_by_OBJ       @539
-    X509_EXTENSION_dup                 @540
-    X509_EXTENSION_free                @541
-    X509_EXTENSION_get_critical        @542
-    X509_EXTENSION_get_data            @543
-    X509_EXTENSION_get_object          @544
-    X509_EXTENSION_new                 @545
-    X509_EXTENSION_set_critical        @546
-    X509_EXTENSION_set_data            @547
-    X509_EXTENSION_set_object          @548
-    X509_INFO_free                     @549
-    X509_INFO_new                      @550
-    X509_LOOKUP_by_alias               @551
-    X509_LOOKUP_by_fingerprint         @552
-    X509_LOOKUP_by_issuer_serial       @553
-    X509_LOOKUP_by_subject             @554
-    X509_LOOKUP_ctrl                   @555
-    X509_LOOKUP_file                   @556
-    X509_LOOKUP_free                   @557
-    X509_LOOKUP_hash_dir               @558
-    X509_LOOKUP_init                   @559
-    X509_LOOKUP_new                    @560
-    X509_LOOKUP_shutdown               @561
-    X509_NAME_ENTRY_create_by_NID      @562
-    X509_NAME_ENTRY_create_by_OBJ      @563
-    X509_NAME_ENTRY_dup                @564
-    X509_NAME_ENTRY_free               @565
-    X509_NAME_ENTRY_get_data           @566
-    X509_NAME_ENTRY_get_object         @567
-    X509_NAME_ENTRY_new                @568
-    X509_NAME_ENTRY_set_data           @569
-    X509_NAME_ENTRY_set_object         @570
-    X509_NAME_add_entry                @571
-    X509_NAME_cmp                      @572
-    X509_NAME_delete_entry             @573
-    X509_NAME_digest                   @574
-    X509_NAME_dup                      @575
-    X509_NAME_entry_count              @576
-    X509_NAME_free                     @577
-    X509_NAME_get_entry                @578
-    X509_NAME_get_index_by_NID         @579
-    X509_NAME_get_index_by_OBJ         @580
-    X509_NAME_get_text_by_NID          @581
-    X509_NAME_get_text_by_OBJ          @582
-    X509_NAME_hash                     @583
-    X509_NAME_new                      @584
-    X509_NAME_oneline                  @585
-    X509_NAME_print                    @586
-    X509_NAME_set                      @587
-    X509_OBJECT_free_contents          @588
-    X509_OBJECT_retrieve_by_subject    @589
-    X509_OBJECT_up_ref_count           @590
-    X509_PKEY_free                     @591
-    X509_PKEY_new                      @592
-    X509_PUBKEY_free                   @593
-    X509_PUBKEY_get                    @594
-    X509_PUBKEY_new                    @595
-    X509_PUBKEY_set                    @596
-    X509_REQ_INFO_free                 @597
-    X509_REQ_INFO_new                  @598
-    X509_REQ_dup                       @599
-    X509_REQ_free                      @600
-    X509_REQ_get_pubkey                @601
-    X509_REQ_new                       @602
-    X509_REQ_print                     @603
-    X509_REQ_print_fp                  @604
-    X509_REQ_set_pubkey                @605
-    X509_REQ_set_subject_name          @606
-    X509_REQ_set_version               @607
-    X509_REQ_sign                      @608
-    X509_REQ_to_X509                   @609
-    X509_REQ_verify                    @610
-    X509_REVOKED_add_ext               @611
-    X509_REVOKED_delete_ext            @612
-    X509_REVOKED_free                  @613
-    X509_REVOKED_get_ext               @614
-    X509_REVOKED_get_ext_by_NID        @615
-    X509_REVOKED_get_ext_by_OBJ        @616
-    X509_REVOKED_get_ext_by_critical   @617
-    X509_REVOKED_get_ext_count         @618
-    X509_REVOKED_new                   @619
-    X509_SIG_free                      @620
-    X509_SIG_new                       @621
-    X509_STORE_CTX_cleanup             @622
-    X509_STORE_CTX_get_chain           @1014
-    X509_STORE_CTX_get_current_cert    @1015
-    X509_STORE_CTX_get_error           @1016
-    X509_STORE_CTX_get_error_depth     @1017
-    X509_STORE_CTX_get_ex_data         @1018
-    X509_STORE_CTX_get_ex_new_index    @1100
-    X509_STORE_CTX_init                @623
-    X509_STORE_CTX_set_cert            @1020
-    X509_STORE_CTX_set_chain           @1021
-    X509_STORE_CTX_set_error           @1022
-    X509_STORE_CTX_set_ex_data         @1023
-    X509_STORE_add_cert                @624
-    X509_STORE_add_crl                 @957
-    X509_STORE_add_lookup              @625
-    X509_STORE_free                    @626
-    X509_STORE_get_by_subject          @627
-    X509_STORE_load_locations          @628
-    X509_STORE_new                     @629
-    X509_STORE_set_default_paths       @630
-    X509_VAL_free                      @631
-    X509_VAL_new                       @632
-    X509_add_ext                       @633
-    X509_asn1_meth                     @634
-    X509_certificate_type              @635
-    X509_check_private_key             @636
-    X509_cmp_current_time              @637
-    X509_delete_ext                    @638
-    X509_digest                        @639
-    X509_dup                           @640
-    X509_find_by_issuer_and_serial     @920
-    X509_find_by_subject               @921
-    X509_free                          @641
-    X509_get_default_cert_area         @642
-    X509_get_default_cert_dir          @643
-    X509_get_default_cert_dir_env      @644
-    X509_get_default_cert_file         @645
-    X509_get_default_cert_file_env     @646
-    X509_get_default_private_dir       @647
-    X509_get_ext                       @648
-    X509_get_ext_by_NID                @649
-    X509_get_ext_by_OBJ                @650
-    X509_get_ext_by_critical           @651
-    X509_get_ext_count                 @652
-    X509_get_issuer_name               @653
-    X509_get_pubkey                    @654
-    X509_get_pubkey_parameters         @655
-    X509_get_serialNumber              @656
-    X509_get_subject_name              @657
-    X509_gmtime_adj                    @658
-    X509_issuer_and_serial_cmp         @659
-    X509_issuer_and_serial_hash        @660
-    X509_issuer_name_cmp               @661
-    X509_issuer_name_hash              @662
-    X509_load_cert_file                @663
-    X509_load_crl_file                 @958
-    X509_new                           @664
-    X509_print                         @665
-    X509_print_fp                      @666
-    X509_set_issuer_name               @667
-    X509_set_notAfter                  @668
-    X509_set_notBefore                 @669
-    X509_set_pubkey                    @670
-    X509_set_serialNumber              @671
-    X509_set_subject_name              @672
-    X509_set_version                   @673
-    X509_sign                          @674
-    X509_subject_name_cmp              @675
-    X509_subject_name_hash             @676
-    X509_to_X509_REQ                   @677
-    X509_verify                        @678
-    X509_verify_cert                   @679
-    X509_verify_cert_error_string      @680
-    X509v3_add_ext                     @681
-    X509v3_add_extension               @682
-    X509v3_add_netscape_extensions     @683
-    X509v3_add_standard_extensions     @684
-    X509v3_cleanup_extensions          @685
-    X509v3_data_type_by_NID            @686
-    X509v3_data_type_by_OBJ            @687
-    X509v3_delete_ext                  @688
-    X509v3_get_ext                     @689
-    X509v3_get_ext_by_NID              @690
-    X509v3_get_ext_by_OBJ              @691
-    X509v3_get_ext_by_critical         @692
-    X509v3_get_ext_count               @693
-    X509v3_pack_string                 @694
-    X509v3_pack_type_by_NID            @695
-    X509v3_pack_type_by_OBJ            @696
-    X509v3_unpack_string               @697
-    a2d_ASN1_OBJECT                    @699
-    a2i_ASN1_INTEGER                   @700
-    a2i_ASN1_STRING                    @701
-    asn1_Finish                        @702
-    asn1_GetSequence                   @703
-    asn1_add_error                     @1091
-    bn_add_words                       @1039
-    bn_cmp_words                       @1123
-    bn_div_words                       @704
-    bn_expand2                         @705
-    bn_mul_add_words                   @706
-    bn_mul_comba4                      @1119
-    bn_mul_comba8                      @1118
-    bn_mul_low_normal                  @1127
-    bn_mul_normal                      @1117
-    bn_mul_part_recursive              @1125
-    bn_mul_recursive                   @1124
-    bn_mul_words                       @707
-    bn_sqr_comba4                      @1122
-    bn_sqr_comba8                      @1121
-    bn_sqr_normal                      @1120
-    bn_sqr_recursive                   @1126
-    bn_sqr_words                       @710
-    bn_sub_words                       @1116
-    crypt                              @711
-    d2i_ASN1_BIT_STRING                @712
-    d2i_ASN1_BMPSTRING                 @1092
-    d2i_ASN1_BOOLEAN                   @713
-    d2i_ASN1_HEADER                    @714
-    d2i_ASN1_IA5STRING                 @715
-    d2i_ASN1_INTEGER                   @716
-    d2i_ASN1_OBJECT                    @717
-    d2i_ASN1_OCTET_STRING              @718
-    d2i_ASN1_PRINTABLE                 @719
-    d2i_ASN1_PRINTABLESTRING           @720
-    d2i_ASN1_SET                       @721
-    d2i_ASN1_T61STRING                 @722
-    d2i_ASN1_TYPE                      @723
-    d2i_ASN1_UTCTIME                   @724
-    d2i_ASN1_bytes                     @725
-    d2i_ASN1_type_bytes                @726
-    d2i_DHparams                       @727
-    d2i_DSAPrivateKey                  @728
-    d2i_DSAPrivateKey_bio              @729
-    d2i_DSAPrivateKey_fp               @730
-    d2i_DSAPublicKey                   @731
-    d2i_DSAparams                      @732
-    d2i_NETSCAPE_SPKAC                 @733
-    d2i_NETSCAPE_SPKI                  @734
-    d2i_Netscape_RSA                   @735
-    d2i_Netscape_RSA_2                 @1040
-    d2i_PKCS7                          @736
-    d2i_PKCS7_DIGEST                   @737
-    d2i_PKCS7_ENCRYPT                  @738
-    d2i_PKCS7_ENC_CONTENT              @739
-    d2i_PKCS7_ENVELOPE                 @740
-    d2i_PKCS7_ISSUER_AND_SERIAL        @741
-    d2i_PKCS7_RECIP_INFO               @742
-    d2i_PKCS7_SIGNED                   @743
-    d2i_PKCS7_SIGNER_INFO              @744
-    d2i_PKCS7_SIGN_ENVELOPE            @745
-    d2i_PKCS7_bio                      @746
-    d2i_PKCS7_fp                       @747
-    d2i_PrivateKey                     @748
-    d2i_PublicKey                      @749
-    d2i_RSAPrivateKey                  @750
-    d2i_RSAPrivateKey_bio              @751
-    d2i_RSAPrivateKey_fp               @752
-    d2i_RSAPublicKey                   @753
-    d2i_RSAPublicKey_bio               @945
-    d2i_RSAPublicKey_fp                @952
-    d2i_X509                           @754
-    d2i_X509_ALGOR                     @755
-    d2i_X509_ATTRIBUTE                 @756
-    d2i_X509_CINF                      @757
-    d2i_X509_CRL                       @758
-    d2i_X509_CRL_INFO                  @759
-    d2i_X509_CRL_bio                   @760
-    d2i_X509_CRL_fp                    @761
-    d2i_X509_EXTENSION                 @762
-    d2i_X509_NAME                      @763
-    d2i_X509_NAME_ENTRY                @764
-    d2i_X509_PKEY                      @765
-    d2i_X509_PUBKEY                    @766
-    d2i_X509_REQ                       @767
-    d2i_X509_REQ_INFO                  @768
-    d2i_X509_REQ_bio                   @769
-    d2i_X509_REQ_fp                    @770
-    d2i_X509_REVOKED                   @771
-    d2i_X509_SIG                       @772
-    d2i_X509_VAL                       @773
-    d2i_X509_bio                       @774
-    d2i_X509_fp                        @775
-    des_cbc_cksum                      @777
-    des_cbc_encrypt                    @778
-    des_cblock_print_file              @779
-    des_cfb64_encrypt                  @780
-    des_cfb_encrypt                    @781
-    des_decrypt3                       @782
-    des_ecb3_encrypt                   @783
-    des_ecb_encrypt                    @784
-    des_ede3_cbc_encrypt               @785
-    des_ede3_cfb64_encrypt             @786
-    des_ede3_ofb64_encrypt             @787
-    des_enc_read                       @788
-    des_enc_write                      @789
-    des_encrypt                        @790
-    des_encrypt2                       @791
-    des_encrypt3                       @792
-    des_fcrypt                         @793
-    des_is_weak_key                    @794
-    des_key_sched                      @795
-    des_ncbc_encrypt                   @796
-    des_ofb64_encrypt                  @797
-    des_ofb_encrypt                    @798
-    des_options                        @799
-    des_pcbc_encrypt                   @800
-    des_quad_cksum                     @801
-    des_random_key                     @802
-    des_random_seed                    @803
-    des_read_2passwords                @804
-    des_read_password                  @805
-    des_read_pw                        @806
-    des_read_pw_string                 @807
-    des_set_key                        @808
-    des_set_odd_parity                 @809
-    des_string_to_2keys                @810
-    des_string_to_key                  @811
-    des_xcbc_encrypt                   @812
-    des_xwhite_in2out                  @813
-    i2a_ASN1_INTEGER                   @815
-    i2a_ASN1_OBJECT                    @816
-    i2a_ASN1_STRING                    @817
-    i2d_ASN1_BIT_STRING                @818
-    i2d_ASN1_BMPSTRING                 @1093
-    i2d_ASN1_BOOLEAN                   @819
-    i2d_ASN1_HEADER                    @820
-    i2d_ASN1_IA5STRING                 @821
-    i2d_ASN1_INTEGER                   @822
-    i2d_ASN1_OBJECT                    @823
-    i2d_ASN1_OCTET_STRING              @824
-    i2d_ASN1_PRINTABLE                 @825
-    i2d_ASN1_SET                       @826
-    i2d_ASN1_TYPE                      @827
-    i2d_ASN1_UTCTIME                   @828
-    i2d_ASN1_bytes                     @829
-    i2d_DHparams                       @830
-    i2d_DSAPrivateKey                  @831
-    i2d_DSAPrivateKey_bio              @832
-    i2d_DSAPrivateKey_fp               @833
-    i2d_DSAPublicKey                   @834
-    i2d_DSAparams                      @835
-    i2d_NETSCAPE_SPKAC                 @836
-    i2d_NETSCAPE_SPKI                  @837
-    i2d_Netscape_RSA                   @838
-    i2d_PKCS7                          @839
-    i2d_PKCS7_DIGEST                   @840
-    i2d_PKCS7_ENCRYPT                  @841
-    i2d_PKCS7_ENC_CONTENT              @842
-    i2d_PKCS7_ENVELOPE                 @843
-    i2d_PKCS7_ISSUER_AND_SERIAL        @844
-    i2d_PKCS7_RECIP_INFO               @845
-    i2d_PKCS7_SIGNED                   @846
-    i2d_PKCS7_SIGNER_INFO              @847
-    i2d_PKCS7_SIGN_ENVELOPE            @848
-    i2d_PKCS7_bio                      @849
-    i2d_PKCS7_fp                       @850
-    i2d_PrivateKey                     @851
-    i2d_PublicKey                      @852
-    i2d_RSAPrivateKey                  @853
-    i2d_RSAPrivateKey_bio              @854
-    i2d_RSAPrivateKey_fp               @855
-    i2d_RSAPublicKey                   @856
-    i2d_RSAPublicKey_bio               @946
-    i2d_RSAPublicKey_fp                @954
-    i2d_X509                           @857
-    i2d_X509_ALGOR                     @858
-    i2d_X509_ATTRIBUTE                 @859
-    i2d_X509_CINF                      @860
-    i2d_X509_CRL                       @861
-    i2d_X509_CRL_INFO                  @862
-    i2d_X509_CRL_bio                   @863
-    i2d_X509_CRL_fp                    @864
-    i2d_X509_EXTENSION                 @865
-    i2d_X509_NAME                      @866
-    i2d_X509_NAME_ENTRY                @867
-    i2d_X509_PKEY                      @868
-    i2d_X509_PUBKEY                    @869
-    i2d_X509_REQ                       @870
-    i2d_X509_REQ_INFO                  @871
-    i2d_X509_REQ_bio                   @872
-    i2d_X509_REQ_fp                    @873
-    i2d_X509_REVOKED                   @874
-    i2d_X509_SIG                       @875
-    i2d_X509_VAL                       @876
-    i2d_X509_bio                       @877
-    i2d_X509_fp                        @878
-    i2t_ASN1_OBJECT                    @979
-    idea_cbc_encrypt                   @879
-    idea_cfb64_encrypt                 @880
-    idea_ecb_encrypt                   @881
-    idea_encrypt                       @882
-    idea_ofb64_encrypt                 @883
-    idea_options                       @884
-    idea_set_decrypt_key               @885
-    idea_set_encrypt_key               @886
-    lh_delete                          @887
-    lh_doall                           @888
-    lh_doall_arg                       @889
-    lh_free                            @890
-    lh_insert                          @891
-    lh_new                             @892
-    lh_node_stats                      @893
-    lh_node_stats_bio                  @894
-    lh_node_usage_stats                @895
-    lh_node_usage_stats_bio            @896
-    lh_retrieve                        @897
-    lh_stats                           @898
-    lh_stats_bio                       @899
-    lh_strhash                         @900
-    ms_time_cmp                        @1151
-    ms_time_diff                       @1148
-    ms_time_free                       @1150
-    ms_time_get                        @1152
-    ms_time_new                        @1149
-    sk_delete                          @901
-    sk_delete_ptr                      @902
-    sk_dup                             @903
-    sk_find                            @904
-    sk_free                            @905
-    sk_insert                          @906
-    sk_new                             @907
-    sk_pop                             @908
-    sk_pop_free                        @909
-    sk_push                            @910
-    sk_set_cmp_func                    @911
-    sk_shift                           @912
-    sk_unshift                         @913
-    sk_zero                            @914
-
diff --git a/ms/mingw32.bat b/ms/mingw32.bat
new file mode 100644
index 0000000000..1968f4150b
--- /dev/null
+++ b/ms/mingw32.bat
@@ -0,0 +1,95 @@
+@rem OpenSSL with Mingw32+GNU as

+@rem ---------------------------

+

+perl Configure Mingw32 %1 %2 %3 %4 %5 %6 %7 %8

+

+@echo off

+

+perl -e "exit 1 if '%1' eq 'no-asm'"

+if errorlevel 1 goto noasm

+

+echo Generating x86 for GNU assember

+

+echo Bignum

+cd crypto\bn\asm

+perl bn-586.pl gaswin > bn-win32.s

+perl co-586.pl gaswin > co-win32.s

+cd ..\..\..

+

+echo DES

+cd crypto\des\asm

+perl des-586.pl gaswin > d-win32.s

+cd ..\..\..

+

+echo crypt

+cd crypto\des\asm

+perl crypt586.pl gaswin > y-win32.s

+cd ..\..\..

+

+echo Blowfish

+cd crypto\bf\asm

+perl bf-586.pl gaswin > b-win32.s

+cd ..\..\..

+

+echo CAST5

+cd crypto\cast\asm

+perl cast-586.pl gaswin > c-win32.s

+cd ..\..\..

+

+echo RC4

+cd crypto\rc4\asm

+perl rc4-586.pl gaswin > r4-win32.s

+cd ..\..\..

+

+echo MD5

+cd crypto\md5\asm

+perl md5-586.pl gaswin > m5-win32.s

+cd ..\..\..

+

+echo SHA1

+cd crypto\sha\asm

+perl sha1-586.pl gaswin > s1-win32.s

+cd ..\..\..

+

+echo RIPEMD160

+cd crypto\ripemd\asm

+perl rmd-586.pl gaswin > rm-win32.s

+cd ..\..\..

+

+echo RC5\32

+cd crypto\rc5\asm

+perl rc5-586.pl gaswin > r5-win32.s

+cd ..\..\..

+

+:noasm

+

+echo Generating makefile

+perl util\mkfiles.pl >MINFO

+perl util\mk1mf.pl gaswin Mingw32 >ms\mingw32a.mak

+perl util\mk1mf.pl gaswin Mingw32-files >ms\mingw32f.mak

+echo Generating DLL definition files

+perl util\mkdef.pl 32 libeay >ms\libeay32.def

+if errorlevel 1 goto end

+perl util\mkdef.pl 32 ssleay >ms\ssleay32.def

+if errorlevel 1 goto end

+

+rem Create files -- this can be skipped if using the GNU file utilities

+make -f ms/mingw32f.mak

+echo You can ignore the error messages above

+

+copy ms\tlhelp32.h outinc

+

+echo Building the libraries

+make -f ms/mingw32a.mak

+if errorlevel 1 goto end

+

+echo Generating the DLLs and input libraries

+dllwrap --dllname libeay32.dll --output-lib out/libeay32.a --def ms/libeay32.def out/libcrypto.a -lwsock32 -lgdi32

+if errorlevel 1 goto end

+dllwrap --dllname libssl32.dll --output-lib out/libssl32.a --def ms/ssleay32.def out/libssl.a out/libeay32.a

+if errorlevel 1 goto end

+

+echo Done compiling OpenSSL

+

+:end

+

diff --git a/ms/mw.bat b/ms/mw.bat
new file mode 100644
index 0000000000..dc37913b71
--- /dev/null
+++ b/ms/mw.bat
@@ -0,0 +1,31 @@
+@rem OpenSSL with Mingw32

+@rem --------------------

+

+@rem Makefile

+perl util\mkfiles.pl >MINFO

+perl util\mk1mf.pl Mingw32 >ms\mingw32.mak

+perl util\mk1mf.pl Mingw32-files >ms\mingw32f.mak

+@rem DLL definition files

+perl util\mkdef.pl 32 libeay >ms\libeay32.def

+if errorlevel 1 goto end

+perl util\mkdef.pl 32 ssleay >ms\ssleay32.def

+if errorlevel 1 goto end

+

+@rem Create files -- this can be skipped if using the GNU file utilities

+make -f ms/mingw32f.mak

+echo You can ignore the error messages above

+

+@rem Build the libraries

+make -f ms/mingw32.mak

+if errorlevel 1 goto end

+

+@rem Generate the DLLs and input libraries

+dllwrap --dllname libeay32.dll --output-lib out/libeay32.a --def ms/libeay32.def out/libcrypto.a -lwsock32 -lgdi32

+if errorlevel 1 goto end

+dllwrap --dllname libssl32.dll --output-lib out/libssl32.a --def ms/ssleay32.def out/libssl.a out/libeay32.a

+if errorlevel 1 goto end

+

+echo Done compiling OpenSSL

+

+:end

+

diff --git a/ms/ntdll.mak b/ms/ntdll.mak
deleted file mode 100644
index 389ac22bf2..0000000000
--- a/ms/ntdll.mak
+++ /dev/null
@@ -1,1909 +0,0 @@
-# This makefile has been automatically generated from the SSLeay distribution.
-# This single makefile will build the complete SSLeay distribution and
-# by default leave the 'intertesting' output files in .\out and the stuff
-# that needs deleting in .\tmp.
-# The file was generated by running 'make makefile.one', which
-# does a 'make files', which writes all the environment variables from all
-# the makefiles to the file call MINFO.  This file is used by
-# util\mk1mf.pl to generate makefile.one.
-# The 'makefile per directory' system suites me when developing this
-# library and also so I can 'distribute' indervidual library sections.
-# The one monster makefile better suits building in non-unix
-# environments.
-
-INSTALLTOP=\usr\local\ssl
-
-# Set your compiler options
-PLATFORM=VC-WIN32
-CC=cl
-CFLAG= /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM /Fdout32dll
-APP_CFLAG=
-LIB_CFLAG= /GD -D_WINDLL -D_DLL
-SHLIB_CFLAG=
-APP_EX_OBJ=setargv.obj
-SHLIB_EX_OBJ=
-# add extra libraries to this define, for solaris -lsocket -lnsl would
-# be added
-EX_LIBS=wsock32.lib user32.lib gdi32.lib
-
-# The SSLeay directory
-SRC_D=.
-
-LINK=link
-LFLAGS=/nologo /subsystem:console /machine:I386 /opt:ref
-
-BN_ASM_OBJ=crypto\bn\asm\bn-win32.obj
-BN_ASM_SRC=crypto\bn\asm\bn-win32.asm
-DES_ENC_OBJ=crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj
-DES_ENC_SRC=crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm
-BF_ENC_OBJ=crypto\bf\asm\b-win32.obj
-BF_ENC_SRC=crypto\bf\asm\b-win32.asm
-CAST_ENC_OBJ=crypto\cast\asm\c-win32.obj
-CAST_ENC_SRC=crypto\cast\asm\c-win32.asm
-RC4_ENC_OBJ=crypto\rc4\asm\r4-win32.obj
-RC4_ENC_SRC=crypto\rc4\asm\r4-win32.asm
-RC5_ENC_OBJ=crypto\rc5\asm\r5-win32.obj
-RC5_ENC_SRC=crypto\rc5\asm\r5-win32.asm
-MD5_ASM_OBJ=crypto\md5\asm\m5-win32.obj
-MD5_ASM_SRC=crypto\md5\asm\m5-win32.asm
-SHA1_ASM_OBJ=crypto\sha\asm\s1-win32.obj
-SHA1_ASM_SRC=crypto\sha\asm\s1-win32.asm
-RMD160_ASM_OBJ=crypto\ripemd\asm\rm-win32.obj
-RMD160_ASM_SRC=crypto\ripemd\asm\rm-win32.asm
-
-# The output directory for everything intersting
-OUT_D=out32dll
-# The output directory for all the temporary muck
-TMP_D=tmp32dll
-# The output directory for the header files
-INC_D=inc32
-
-CP="copy /b nul+ "
-RM=del
-RANLIB=
-MKDIR=mkdir
-MKLIB=lib
-MLFLAGS= /nologo /subsystem:console /machine:I386 /opt:ref /dll
-ASM=ml /Cp /coff /c /Cx
-
-######################################################
-# You should not need to touch anything below this point
-######################################################
-
-E_EXE=ssleay
-SSL=ssleay32
-CRYPTO=libeay32
-RSAGLUE=RSAglue
-
-# BIN_D  - Binary output directory
-# TEST_D - Binary test file output directory
-# LIB_D  - library output directory
-BIN_D=$(OUT_D)
-TEST_D=$(OUT_D)
-LIB_D=$(OUT_D)
-
-# INCL_D - local library directory
-# OBJ_D  - temp object file directory
-OBJ_D=$(TMP_D)
-INCL_D=$(TMP_D)
-
-O_SSL=     $(LIB_D)\$(SSL).dll
-O_CRYPTO=  $(LIB_D)\$(CRYPTO).dll
-O_RSAGLUE= $(LIB_D)\$(RSAGLUE).lib
-SO_SSL=    $(SSL)
-SO_CRYPTO= $(CRYPTO)
-L_SSL=     $(LIB_D)\$(SSL).lib
-L_CRYPTO=  $(LIB_D)\$(CRYPTO).lib
-
-L_LIBS= $(L_SSL) $(L_CRYPTO)
-#L_LIBS= $(O_SSL) $(O_RSAGLUE) -lrsaref $(O_CRYPTO)
-
-######################################################
-# Don't touch anything below this point
-######################################################
-
-INC=-I$(INC_D) -I$(INCL_D)
-APP_CFLAGS=$(INC) $(CFLAG) $(APP_CFLAG)
-LIB_CFLAGS=$(INC) $(CFLAG) $(LIB_CFLAG)
-SHLIB_CFLAGS=$(INC) $(CFLAG) $(LIB_CFLAG) $(SHLIB_CFLAG)
-LIBS_DEP=$(O_CRYPTO) $(O_RSAGLUE) $(O_SSL)
-
-#############################################
-HEADER=$(INCL_D)\cryptlib.h \
-	$(INCL_D)\date.h $(INCL_D)\md5_locl.h $(INCL_D)\sha_locl.h \
-	$(INCL_D)\rmd_locl.h $(INCL_D)\rmdconst.h $(INCL_D)\des_locl.h \
-	$(INCL_D)\rpc_des.h $(INCL_D)\podd.h $(INCL_D)\sk.h \
-	$(INCL_D)\spr.h $(INCL_D)\des_ver.h $(INCL_D)\rc2_locl.h \
-	$(INCL_D)\rc4_locl.h $(INCL_D)\rc5_locl.h $(INCL_D)\idea_lcl.h \
-	$(INCL_D)\bf_pi.h $(INCL_D)\bf_locl.h $(INCL_D)\cast_s.h \
-	$(INCL_D)\cast_lcl.h $(INCL_D)\bn_lcl.h $(INCL_D)\bn_prime.h \
-	$(INCL_D)\obj_dat.h $(INCL_D)\conf_lcl.h $(INCL_D)\ssl_locl.h \
-	$(INCL_D)\rsaref.h $(INCL_D)\apps.h $(INCL_D)\progs.h \
-	$(INCL_D)\testdsa.h $(INCL_D)\testrsa.h
-
-EXHEADER=$(INC_D)\e_os.h \
-	$(INC_D)\crypto.h $(INC_D)\cryptall.h $(INC_D)\tmdiff.h \
-	$(INC_D)\md2.h $(INC_D)\md5.h $(INC_D)\sha.h \
-	$(INC_D)\mdc2.h $(INC_D)\hmac.h $(INC_D)\ripemd.h \
-	$(INC_D)\des.h $(INC_D)\rc2.h $(INC_D)\rc4.h \
-	$(INC_D)\rc5.h $(INC_D)\idea.h $(INC_D)\blowfish.h \
-	$(INC_D)\cast.h $(INC_D)\bn.h $(INC_D)\rsa.h \
-	$(INC_D)\dsa.h $(INC_D)\dh.h $(INC_D)\buffer.h \
-	$(INC_D)\bio.h $(INC_D)\bss_file.c $(INC_D)\stack.h \
-	$(INC_D)\lhash.h $(INC_D)\rand.h $(INC_D)\err.h \
-	$(INC_D)\objects.h $(INC_D)\evp.h $(INC_D)\pem.h \
-	$(INC_D)\asn1.h $(INC_D)\asn1_mac.h $(INC_D)\x509.h \
-	$(INC_D)\x509_vfy.h $(INC_D)\conf.h $(INC_D)\txt_db.h \
-	$(INC_D)\pkcs7.h $(INC_D)\proxy.h $(INC_D)\comp.h \
-	$(INC_D)\ssl.h $(INC_D)\ssl2.h $(INC_D)\ssl3.h \
-	$(INC_D)\ssl23.h $(INC_D)\tls1.h
-
-T_OBJ=$(OBJ_D)\md2test.obj \
-	$(OBJ_D)\md5test.obj $(OBJ_D)\shatest.obj $(OBJ_D)\sha1test.obj \
-	$(OBJ_D)\mdc2test.obj $(OBJ_D)\hmactest.obj $(OBJ_D)\rmdtest.obj \
-	$(OBJ_D)\destest.obj $(OBJ_D)\rc2test.obj $(OBJ_D)\rc4test.obj \
-	$(OBJ_D)\rc5test.obj $(OBJ_D)\ideatest.obj $(OBJ_D)\bftest.obj \
-	$(OBJ_D)\casttest.obj $(OBJ_D)\bntest.obj $(OBJ_D)\exptest.obj \
-	$(OBJ_D)\dsatest.obj $(OBJ_D)\dhtest.obj $(OBJ_D)\randtest.obj \
-	$(OBJ_D)\ssltest.obj
-
-E_OBJ=$(OBJ_D)\verify.obj \
-	$(OBJ_D)\asn1pars.obj $(OBJ_D)\req.obj $(OBJ_D)\dgst.obj \
-	$(OBJ_D)\dh.obj $(OBJ_D)\enc.obj $(OBJ_D)\gendh.obj \
-	$(OBJ_D)\errstr.obj $(OBJ_D)\ca.obj $(OBJ_D)\pkcs7.obj \
-	$(OBJ_D)\crl2p7.obj $(OBJ_D)\crl.obj $(OBJ_D)\rsa.obj \
-	$(OBJ_D)\dsa.obj $(OBJ_D)\dsaparam.obj $(OBJ_D)\x509.obj \
-	$(OBJ_D)\genrsa.obj $(OBJ_D)\s_server.obj $(OBJ_D)\s_client.obj \
-	$(OBJ_D)\speed.obj $(OBJ_D)\s_time.obj \
-	$(OBJ_D)\apps.obj $(OBJ_D)\s_cb.obj $(OBJ_D)\s_socket.obj \
-	$(OBJ_D)\bf_perm.obj $(OBJ_D)\version.obj \
-	$(OBJ_D)\sess_id.obj $(OBJ_D)\ciphers.obj $(OBJ_D)\ssleay.obj
-
-CRYPTOOBJ=$(OBJ_D)\cryptlib.obj \
-	$(OBJ_D)\mem.obj $(OBJ_D)\cversion.obj $(OBJ_D)\ex_data.obj \
-	$(OBJ_D)\tmdiff.obj $(OBJ_D)\cpt_err.obj $(OBJ_D)\md2_dgst.obj \
-	$(OBJ_D)\md2_one.obj $(OBJ_D)\md5_dgst.obj $(MD5_ASM_OBJ) \
-	$(OBJ_D)\md5_one.obj $(OBJ_D)\sha_dgst.obj $(OBJ_D)\sha1dgst.obj \
-	$(SHA1_ASM_OBJ) $(OBJ_D)\sha_one.obj $(OBJ_D)\sha1_one.obj \
-	$(OBJ_D)\mdc2dgst.obj $(OBJ_D)\mdc2_one.obj $(OBJ_D)\hmac.obj \
-	$(OBJ_D)\rmd_dgst.obj $(RMD160_ASM_OBJ) $(OBJ_D)\rmd_one.obj \
-	$(OBJ_D)\set_key.obj $(OBJ_D)\ecb_enc.obj $(OBJ_D)\cbc_enc.obj \
-	$(OBJ_D)\ecb3_enc.obj $(OBJ_D)\cfb64enc.obj $(OBJ_D)\cfb64ede.obj \
-	$(OBJ_D)\cfb_enc.obj $(OBJ_D)\ofb64ede.obj $(OBJ_D)\enc_read.obj \
-	$(OBJ_D)\enc_writ.obj $(OBJ_D)\ofb64enc.obj $(OBJ_D)\ofb_enc.obj \
-	$(OBJ_D)\str2key.obj $(OBJ_D)\pcbc_enc.obj $(OBJ_D)\qud_cksm.obj \
-	$(OBJ_D)\rand_key.obj $(DES_ENC_OBJ) $(OBJ_D)\read2pwd.obj \
-	$(OBJ_D)\fcrypt.obj $(OBJ_D)\xcbc_enc.obj $(OBJ_D)\read_pwd.obj \
-	$(OBJ_D)\rpc_enc.obj $(OBJ_D)\cbc_cksm.obj $(OBJ_D)\supp.obj \
-	$(OBJ_D)\rc2_ecb.obj $(OBJ_D)\rc2_skey.obj $(OBJ_D)\rc2_cbc.obj \
-	$(OBJ_D)\rc2cfb64.obj $(OBJ_D)\rc2ofb64.obj $(OBJ_D)\rc4_skey.obj \
-	$(RC4_ENC_OBJ) $(OBJ_D)\rc5_skey.obj $(OBJ_D)\rc5_ecb.obj \
-	$(RC5_ENC_OBJ) $(OBJ_D)\rc5cfb64.obj $(OBJ_D)\rc5ofb64.obj \
-	$(OBJ_D)\i_cbc.obj $(OBJ_D)\i_cfb64.obj $(OBJ_D)\i_ofb64.obj \
-	$(OBJ_D)\i_ecb.obj $(OBJ_D)\i_skey.obj $(OBJ_D)\bf_skey.obj \
-	$(OBJ_D)\bf_ecb.obj $(BF_ENC_OBJ) $(OBJ_D)\bf_cfb64.obj \
-	$(OBJ_D)\bf_ofb64.obj $(OBJ_D)\c_skey.obj $(OBJ_D)\c_ecb.obj \
-	$(CAST_ENC_OBJ) $(OBJ_D)\c_cfb64.obj $(OBJ_D)\c_ofb64.obj \
-	$(OBJ_D)\bn_add.obj $(OBJ_D)\bn_div.obj $(OBJ_D)\bn_exp.obj \
-	$(OBJ_D)\bn_lib.obj $(OBJ_D)\bn_mul.obj $(OBJ_D)\bn_print.obj \
-	$(OBJ_D)\bn_rand.obj $(OBJ_D)\bn_shift.obj $(OBJ_D)\bn_word.obj \
-	$(OBJ_D)\bn_blind.obj $(OBJ_D)\bn_gcd.obj $(OBJ_D)\bn_prime.obj \
-	$(OBJ_D)\bn_err.obj $(OBJ_D)\bn_sqr.obj $(BN_ASM_OBJ) \
-	$(OBJ_D)\bn_recp.obj $(OBJ_D)\bn_mont.obj $(OBJ_D)\bn_mpi.obj \
-	$(OBJ_D)\bn_exp2.obj $(OBJ_D)\rsa_eay.obj $(OBJ_D)\rsa_gen.obj \
-	$(OBJ_D)\rsa_lib.obj $(OBJ_D)\rsa_sign.obj $(OBJ_D)\rsa_saos.obj \
-	$(OBJ_D)\rsa_err.obj $(OBJ_D)\rsa_pk1.obj $(OBJ_D)\rsa_ssl.obj \
-	$(OBJ_D)\rsa_none.obj $(OBJ_D)\dsa_gen.obj $(OBJ_D)\dsa_key.obj \
-	$(OBJ_D)\dsa_lib.obj $(OBJ_D)\dsa_vrf.obj $(OBJ_D)\dsa_sign.obj \
-	$(OBJ_D)\dsa_err.obj $(OBJ_D)\dh_gen.obj $(OBJ_D)\dh_key.obj \
-	$(OBJ_D)\dh_lib.obj $(OBJ_D)\dh_check.obj $(OBJ_D)\dh_err.obj \
-	$(OBJ_D)\buffer.obj $(OBJ_D)\buf_err.obj $(OBJ_D)\bio_lib.obj \
-	$(OBJ_D)\bio_cb.obj $(OBJ_D)\bio_err.obj $(OBJ_D)\bss_mem.obj \
-	$(OBJ_D)\bss_null.obj $(OBJ_D)\bss_fd.obj $(OBJ_D)\bss_file.obj \
-	$(OBJ_D)\bss_sock.obj $(OBJ_D)\bss_conn.obj $(OBJ_D)\bf_null.obj \
-	$(OBJ_D)\bf_buff.obj $(OBJ_D)\b_print.obj $(OBJ_D)\b_dump.obj \
-	$(OBJ_D)\b_sock.obj $(OBJ_D)\bss_acpt.obj $(OBJ_D)\bf_nbio.obj \
-	$(OBJ_D)\bss_cs4a.obj $(OBJ_D)\stack.obj $(OBJ_D)\lhash.obj \
-	$(OBJ_D)\lh_stats.obj $(OBJ_D)\md_rand.obj $(OBJ_D)\randfile.obj \
-	$(OBJ_D)\rand_lib.obj $(OBJ_D)\err.obj $(OBJ_D)\err_all.obj \
-	$(OBJ_D)\err_prn.obj $(OBJ_D)\o_names.obj $(OBJ_D)\obj_dat.obj \
-	$(OBJ_D)\obj_lib.obj $(OBJ_D)\obj_err.obj $(OBJ_D)\encode.obj \
-	$(OBJ_D)\digest.obj $(OBJ_D)\evp_enc.obj $(OBJ_D)\evp_key.obj \
-	$(OBJ_D)\e_ecb_d.obj $(OBJ_D)\e_cbc_d.obj $(OBJ_D)\e_cfb_d.obj \
-	$(OBJ_D)\e_ofb_d.obj $(OBJ_D)\e_ecb_i.obj $(OBJ_D)\e_cbc_i.obj \
-	$(OBJ_D)\e_cfb_i.obj $(OBJ_D)\e_ofb_i.obj $(OBJ_D)\e_ecb_3d.obj \
-	$(OBJ_D)\e_cbc_3d.obj $(OBJ_D)\e_rc4.obj $(OBJ_D)\names.obj \
-	$(OBJ_D)\e_cfb_3d.obj $(OBJ_D)\e_ofb_3d.obj $(OBJ_D)\e_xcbc_d.obj \
-	$(OBJ_D)\e_ecb_r2.obj $(OBJ_D)\e_cbc_r2.obj $(OBJ_D)\e_cfb_r2.obj \
-	$(OBJ_D)\e_ofb_r2.obj $(OBJ_D)\e_ecb_bf.obj $(OBJ_D)\e_cbc_bf.obj \
-	$(OBJ_D)\e_cfb_bf.obj $(OBJ_D)\e_ofb_bf.obj $(OBJ_D)\e_ecb_c.obj \
-	$(OBJ_D)\e_cbc_c.obj $(OBJ_D)\e_cfb_c.obj $(OBJ_D)\e_ofb_c.obj \
-	$(OBJ_D)\e_ecb_r5.obj $(OBJ_D)\e_cbc_r5.obj $(OBJ_D)\e_cfb_r5.obj \
-	$(OBJ_D)\e_ofb_r5.obj $(OBJ_D)\m_null.obj $(OBJ_D)\m_md2.obj \
-	$(OBJ_D)\m_md5.obj $(OBJ_D)\m_sha.obj $(OBJ_D)\m_sha1.obj \
-	$(OBJ_D)\m_dss.obj $(OBJ_D)\m_dss1.obj $(OBJ_D)\m_mdc2.obj \
-	$(OBJ_D)\m_ripemd.obj $(OBJ_D)\p_open.obj $(OBJ_D)\p_seal.obj \
-	$(OBJ_D)\p_sign.obj $(OBJ_D)\p_verify.obj $(OBJ_D)\p_lib.obj \
-	$(OBJ_D)\p_enc.obj $(OBJ_D)\p_dec.obj $(OBJ_D)\bio_md.obj \
-	$(OBJ_D)\bio_b64.obj $(OBJ_D)\bio_enc.obj $(OBJ_D)\evp_err.obj \
-	$(OBJ_D)\e_null.obj $(OBJ_D)\c_all.obj $(OBJ_D)\evp_lib.obj \
-	$(OBJ_D)\pem_sign.obj $(OBJ_D)\pem_seal.obj $(OBJ_D)\pem_info.obj \
-	$(OBJ_D)\pem_lib.obj $(OBJ_D)\pem_all.obj $(OBJ_D)\pem_err.obj \
-	$(OBJ_D)\a_object.obj $(OBJ_D)\a_bitstr.obj $(OBJ_D)\a_utctm.obj \
-	$(OBJ_D)\a_int.obj $(OBJ_D)\a_octet.obj $(OBJ_D)\a_print.obj \
-	$(OBJ_D)\a_type.obj $(OBJ_D)\a_set.obj $(OBJ_D)\a_dup.obj \
-	$(OBJ_D)\a_d2i_fp.obj $(OBJ_D)\a_i2d_fp.obj $(OBJ_D)\a_bmp.obj \
-	$(OBJ_D)\a_sign.obj $(OBJ_D)\a_digest.obj $(OBJ_D)\a_verify.obj \
-	$(OBJ_D)\x_algor.obj $(OBJ_D)\x_val.obj $(OBJ_D)\x_pubkey.obj \
-	$(OBJ_D)\x_sig.obj $(OBJ_D)\x_req.obj $(OBJ_D)\x_attrib.obj \
-	$(OBJ_D)\x_name.obj $(OBJ_D)\x_cinf.obj $(OBJ_D)\x_x509.obj \
-	$(OBJ_D)\x_crl.obj $(OBJ_D)\x_info.obj $(OBJ_D)\x_spki.obj \
-	$(OBJ_D)\d2i_r_pr.obj $(OBJ_D)\i2d_r_pr.obj $(OBJ_D)\d2i_r_pu.obj \
-	$(OBJ_D)\i2d_r_pu.obj $(OBJ_D)\d2i_s_pr.obj $(OBJ_D)\i2d_s_pr.obj \
-	$(OBJ_D)\d2i_s_pu.obj $(OBJ_D)\i2d_s_pu.obj $(OBJ_D)\d2i_pu.obj \
-	$(OBJ_D)\d2i_pr.obj $(OBJ_D)\i2d_pu.obj $(OBJ_D)\i2d_pr.obj \
-	$(OBJ_D)\t_req.obj $(OBJ_D)\t_x509.obj $(OBJ_D)\t_pkey.obj \
-	$(OBJ_D)\p7_i_s.obj $(OBJ_D)\p7_signi.obj $(OBJ_D)\p7_signd.obj \
-	$(OBJ_D)\p7_recip.obj $(OBJ_D)\p7_enc_c.obj $(OBJ_D)\p7_evp.obj \
-	$(OBJ_D)\p7_dgst.obj $(OBJ_D)\p7_s_e.obj $(OBJ_D)\p7_enc.obj \
-	$(OBJ_D)\p7_lib.obj $(OBJ_D)\f_int.obj $(OBJ_D)\f_string.obj \
-	$(OBJ_D)\i2d_dhp.obj $(OBJ_D)\i2d_dsap.obj $(OBJ_D)\d2i_dhp.obj \
-	$(OBJ_D)\d2i_dsap.obj $(OBJ_D)\n_pkey.obj $(OBJ_D)\a_hdr.obj \
-	$(OBJ_D)\x_pkey.obj $(OBJ_D)\a_bool.obj $(OBJ_D)\x_exten.obj \
-	$(OBJ_D)\asn1_par.obj $(OBJ_D)\asn1_lib.obj $(OBJ_D)\asn1_err.obj \
-	$(OBJ_D)\a_meth.obj $(OBJ_D)\a_bytes.obj $(OBJ_D)\evp_asn1.obj \
-	$(OBJ_D)\x509_def.obj $(OBJ_D)\x509_d2.obj $(OBJ_D)\x509_r2x.obj \
-	$(OBJ_D)\x509_cmp.obj $(OBJ_D)\x509_obj.obj $(OBJ_D)\x509_req.obj \
-	$(OBJ_D)\x509_vfy.obj $(OBJ_D)\x509_set.obj $(OBJ_D)\x509rset.obj \
-	$(OBJ_D)\x509_err.obj $(OBJ_D)\x509name.obj $(OBJ_D)\x509_v3.obj \
-	$(OBJ_D)\x509_ext.obj $(OBJ_D)\x509pack.obj $(OBJ_D)\x509type.obj \
-	$(OBJ_D)\x509_lu.obj $(OBJ_D)\x_all.obj $(OBJ_D)\x509_txt.obj \
-	$(OBJ_D)\by_file.obj $(OBJ_D)\by_dir.obj $(OBJ_D)\v3_net.obj \
-	$(OBJ_D)\v3_x509.obj $(OBJ_D)\conf.obj $(OBJ_D)\conf_err.obj \
-	$(OBJ_D)\txt_db.obj $(OBJ_D)\pk7_lib.obj $(OBJ_D)\pkcs7err.obj \
-	$(OBJ_D)\pk7_doit.obj $(OBJ_D)\proxy.obj $(OBJ_D)\pxy_txt.obj \
-	$(OBJ_D)\bf_proxy.obj $(OBJ_D)\pxy_conf.obj $(OBJ_D)\pxy_err.obj \
-	$(OBJ_D)\comp_lib.obj $(OBJ_D)\c_rle.obj $(OBJ_D)\c_zlib.obj
-
-SSLOBJ=$(OBJ_D)\s2_meth.obj \
-	$(OBJ_D)\s2_srvr.obj $(OBJ_D)\s2_clnt.obj $(OBJ_D)\s2_lib.obj \
-	$(OBJ_D)\s2_enc.obj $(OBJ_D)\s2_pkt.obj $(OBJ_D)\s3_meth.obj \
-	$(OBJ_D)\s3_srvr.obj $(OBJ_D)\s3_clnt.obj $(OBJ_D)\s3_lib.obj \
-	$(OBJ_D)\s3_enc.obj $(OBJ_D)\s3_pkt.obj $(OBJ_D)\s3_both.obj \
-	$(OBJ_D)\s23_meth.obj $(OBJ_D)\s23_srvr.obj $(OBJ_D)\s23_clnt.obj \
-	$(OBJ_D)\s23_lib.obj $(OBJ_D)\s23_pkt.obj $(OBJ_D)\t1_meth.obj \
-	$(OBJ_D)\t1_srvr.obj $(OBJ_D)\t1_clnt.obj $(OBJ_D)\t1_lib.obj \
-	$(OBJ_D)\t1_enc.obj $(OBJ_D)\ssl_lib.obj $(OBJ_D)\ssl_err2.obj \
-	$(OBJ_D)\ssl_cert.obj $(OBJ_D)\ssl_sess.obj $(OBJ_D)\ssl_ciph.obj \
-	$(OBJ_D)\ssl_stat.obj $(OBJ_D)\ssl_rsa.obj $(OBJ_D)\ssl_asn1.obj \
-	$(OBJ_D)\ssl_txt.obj $(OBJ_D)\ssl_algs.obj $(OBJ_D)\bio_ssl.obj \
-	$(OBJ_D)\pxy_ssl.obj $(OBJ_D)\ssl_err.obj
-
-RSAGLUEOBJ=$(OBJ_D)\rsaref.obj \
-	$(OBJ_D)\rsar_err.obj
-
-T_EXE=$(TEST_D)\md2test.exe \
-	$(TEST_D)\md5test.exe $(TEST_D)\shatest.exe $(TEST_D)\sha1test.exe \
-	$(TEST_D)\mdc2test.exe $(TEST_D)\hmactest.exe $(TEST_D)\rmdtest.exe \
-	$(TEST_D)\destest.exe $(TEST_D)\rc2test.exe $(TEST_D)\rc4test.exe \
-	$(TEST_D)\rc5test.exe $(TEST_D)\ideatest.exe $(TEST_D)\bftest.exe \
-	$(TEST_D)\casttest.exe $(TEST_D)\bntest.exe $(TEST_D)\exptest.exe \
-	$(TEST_D)\dsatest.exe $(TEST_D)\dhtest.exe $(TEST_D)\randtest.exe \
-	$(TEST_D)\ssltest.exe
-
-###################################################################
-all: banner $(TMP_D) $(BIN_D) $(TEST_D) $(LIB_D) $(INC_D) headers lib exe
-
-banner:
-
-
-$(TMP_D):
-	$(MKDIR) $(TMP_D)
-
-$(BIN_D):
-	$(MKDIR) $(BIN_D)
-
-$(TEST_D):
-	$(MKDIR) $(TEST_D)
-
-$(LIB_D):
-	$(MKDIR) $(LIB_D)
-
-$(INC_D):
-	$(MKDIR) $(INC_D)
-
-headers: $(HEADER) $(EXHEADER)
-
-lib: $(LIBS_DEP)
-
-exe: $(T_EXE) $(BIN_D)\$(E_EXE).exe
-
-install:
-	$(MKDIR) $(INSTALLTOP)
-	$(MKDIR) $(INSTALLTOP)\bin
-	$(MKDIR) $(INSTALLTOP)\include
-	$(MKDIR) $(INSTALLTOP)\lib
-	$(CP) $(INC_D)\*.[ch] $(INSTALLTOP)\include
-	$(CP) $(BIN_D)\$(E_EXE).exe $(INSTALLTOP)\bin
-	$(CP) $(O_SSL) $(INSTALLTOP)\lib
-	$(CP) $(O_CRYPTO) $(INSTALLTOP)\lib
-
-clean:
-	$(RM) $(TMP_D)\*.*
-
-vclean:
-	$(RM) $(TMP_D)\*.*
-	$(RM) $(OUT_D)\*.*
-
-$(INCL_D)\cryptlib.h: $(SRC_D)\crypto\cryptlib.h
-	$(CP) $(SRC_D)\crypto\cryptlib.h $(INCL_D)\cryptlib.h
-
-$(INCL_D)\date.h: $(SRC_D)\crypto\date.h
-	$(CP) $(SRC_D)\crypto\date.h $(INCL_D)\date.h
-
-$(INCL_D)\md5_locl.h: $(SRC_D)\crypto\md5\md5_locl.h
-	$(CP) $(SRC_D)\crypto\md5\md5_locl.h $(INCL_D)\md5_locl.h
-
-$(INCL_D)\sha_locl.h: $(SRC_D)\crypto\sha\sha_locl.h
-	$(CP) $(SRC_D)\crypto\sha\sha_locl.h $(INCL_D)\sha_locl.h
-
-$(INCL_D)\rmd_locl.h: $(SRC_D)\crypto\ripemd\rmd_locl.h
-	$(CP) $(SRC_D)\crypto\ripemd\rmd_locl.h $(INCL_D)\rmd_locl.h
-
-$(INCL_D)\rmdconst.h: $(SRC_D)\crypto\ripemd\rmdconst.h
-	$(CP) $(SRC_D)\crypto\ripemd\rmdconst.h $(INCL_D)\rmdconst.h
-
-$(INCL_D)\des_locl.h: $(SRC_D)\crypto\des\des_locl.h
-	$(CP) $(SRC_D)\crypto\des\des_locl.h $(INCL_D)\des_locl.h
-
-$(INCL_D)\rpc_des.h: $(SRC_D)\crypto\des\rpc_des.h
-	$(CP) $(SRC_D)\crypto\des\rpc_des.h $(INCL_D)\rpc_des.h
-
-$(INCL_D)\podd.h: $(SRC_D)\crypto\des\podd.h
-	$(CP) $(SRC_D)\crypto\des\podd.h $(INCL_D)\podd.h
-
-$(INCL_D)\sk.h: $(SRC_D)\crypto\des\sk.h
-	$(CP) $(SRC_D)\crypto\des\sk.h $(INCL_D)\sk.h
-
-$(INCL_D)\spr.h: $(SRC_D)\crypto\des\spr.h
-	$(CP) $(SRC_D)\crypto\des\spr.h $(INCL_D)\spr.h
-
-$(INCL_D)\des_ver.h: $(SRC_D)\crypto\des\des_ver.h
-	$(CP) $(SRC_D)\crypto\des\des_ver.h $(INCL_D)\des_ver.h
-
-$(INCL_D)\rc2_locl.h: $(SRC_D)\crypto\rc2\rc2_locl.h
-	$(CP) $(SRC_D)\crypto\rc2\rc2_locl.h $(INCL_D)\rc2_locl.h
-
-$(INCL_D)\rc4_locl.h: $(SRC_D)\crypto\rc4\rc4_locl.h
-	$(CP) $(SRC_D)\crypto\rc4\rc4_locl.h $(INCL_D)\rc4_locl.h
-
-$(INCL_D)\rc5_locl.h: $(SRC_D)\crypto\rc5\rc5_locl.h
-	$(CP) $(SRC_D)\crypto\rc5\rc5_locl.h $(INCL_D)\rc5_locl.h
-
-$(INCL_D)\idea_lcl.h: $(SRC_D)\crypto\idea\idea_lcl.h
-	$(CP) $(SRC_D)\crypto\idea\idea_lcl.h $(INCL_D)\idea_lcl.h
-
-$(INCL_D)\bf_pi.h: $(SRC_D)\crypto\bf\bf_pi.h
-	$(CP) $(SRC_D)\crypto\bf\bf_pi.h $(INCL_D)\bf_pi.h
-
-$(INCL_D)\bf_locl.h: $(SRC_D)\crypto\bf\bf_locl.h
-	$(CP) $(SRC_D)\crypto\bf\bf_locl.h $(INCL_D)\bf_locl.h
-
-$(INCL_D)\cast_s.h: $(SRC_D)\crypto\cast\cast_s.h
-	$(CP) $(SRC_D)\crypto\cast\cast_s.h $(INCL_D)\cast_s.h
-
-$(INCL_D)\cast_lcl.h: $(SRC_D)\crypto\cast\cast_lcl.h
-	$(CP) $(SRC_D)\crypto\cast\cast_lcl.h $(INCL_D)\cast_lcl.h
-
-$(INCL_D)\bn_lcl.h: $(SRC_D)\crypto\bn\bn_lcl.h
-	$(CP) $(SRC_D)\crypto\bn\bn_lcl.h $(INCL_D)\bn_lcl.h
-
-$(INCL_D)\bn_prime.h: $(SRC_D)\crypto\bn\bn_prime.h
-	$(CP) $(SRC_D)\crypto\bn\bn_prime.h $(INCL_D)\bn_prime.h
-
-$(INCL_D)\obj_dat.h: $(SRC_D)\crypto\objects\obj_dat.h
-	$(CP) $(SRC_D)\crypto\objects\obj_dat.h $(INCL_D)\obj_dat.h
-
-$(INCL_D)\conf_lcl.h: $(SRC_D)\crypto\conf\conf_lcl.h
-	$(CP) $(SRC_D)\crypto\conf\conf_lcl.h $(INCL_D)\conf_lcl.h
-
-$(INCL_D)\ssl_locl.h: $(SRC_D)\ssl\ssl_locl.h
-	$(CP) $(SRC_D)\ssl\ssl_locl.h $(INCL_D)\ssl_locl.h
-
-$(INCL_D)\rsaref.h: $(SRC_D)\rsaref\rsaref.h
-	$(CP) $(SRC_D)\rsaref\rsaref.h $(INCL_D)\rsaref.h
-
-$(INCL_D)\apps.h: $(SRC_D)\apps\apps.h
-	$(CP) $(SRC_D)\apps\apps.h $(INCL_D)\apps.h
-
-$(INCL_D)\progs.h: $(SRC_D)\apps\progs.h
-	$(CP) $(SRC_D)\apps\progs.h $(INCL_D)\progs.h
-
-$(INCL_D)\s_apps.h: $(SRC_D)\apps\s_apps.h
-	$(CP) $(SRC_D)\apps\s_apps.h $(INCL_D)\s_apps.h
-
-$(INCL_D)\testdsa.h: $(SRC_D)\apps\testdsa.h
-	$(CP) $(SRC_D)\apps\testdsa.h $(INCL_D)\testdsa.h
-
-$(INCL_D)\testrsa.h: $(SRC_D)\apps\testrsa.h
-	$(CP) $(SRC_D)\apps\testrsa.h $(INCL_D)\testrsa.h
-
-$(INC_D)\e_os.h: $(SRC_D)\.\e_os.h
-	$(CP) $(SRC_D)\.\e_os.h $(INC_D)\e_os.h
-
-$(INC_D)\crypto.h: $(SRC_D)\crypto\crypto.h
-	$(CP) $(SRC_D)\crypto\crypto.h $(INC_D)\crypto.h
-
-$(INC_D)\cryptall.h: $(SRC_D)\crypto\cryptall.h
-	$(CP) $(SRC_D)\crypto\cryptall.h $(INC_D)\cryptall.h
-
-$(INC_D)\tmdiff.h: $(SRC_D)\crypto\tmdiff.h
-	$(CP) $(SRC_D)\crypto\tmdiff.h $(INC_D)\tmdiff.h
-
-$(INC_D)\md2.h: $(SRC_D)\crypto\md2\md2.h
-	$(CP) $(SRC_D)\crypto\md2\md2.h $(INC_D)\md2.h
-
-$(INC_D)\md5.h: $(SRC_D)\crypto\md5\md5.h
-	$(CP) $(SRC_D)\crypto\md5\md5.h $(INC_D)\md5.h
-
-$(INC_D)\sha.h: $(SRC_D)\crypto\sha\sha.h
-	$(CP) $(SRC_D)\crypto\sha\sha.h $(INC_D)\sha.h
-
-$(INC_D)\mdc2.h: $(SRC_D)\crypto\mdc2\mdc2.h
-	$(CP) $(SRC_D)\crypto\mdc2\mdc2.h $(INC_D)\mdc2.h
-
-$(INC_D)\hmac.h: $(SRC_D)\crypto\hmac\hmac.h
-	$(CP) $(SRC_D)\crypto\hmac\hmac.h $(INC_D)\hmac.h
-
-$(INC_D)\ripemd.h: $(SRC_D)\crypto\ripemd\ripemd.h
-	$(CP) $(SRC_D)\crypto\ripemd\ripemd.h $(INC_D)\ripemd.h
-
-$(INC_D)\des.h: $(SRC_D)\crypto\des\des.h
-	$(CP) $(SRC_D)\crypto\des\des.h $(INC_D)\des.h
-
-$(INC_D)\rc2.h: $(SRC_D)\crypto\rc2\rc2.h
-	$(CP) $(SRC_D)\crypto\rc2\rc2.h $(INC_D)\rc2.h
-
-$(INC_D)\rc4.h: $(SRC_D)\crypto\rc4\rc4.h
-	$(CP) $(SRC_D)\crypto\rc4\rc4.h $(INC_D)\rc4.h
-
-$(INC_D)\rc5.h: $(SRC_D)\crypto\rc5\rc5.h
-	$(CP) $(SRC_D)\crypto\rc5\rc5.h $(INC_D)\rc5.h
-
-$(INC_D)\idea.h: $(SRC_D)\crypto\idea\idea.h
-	$(CP) $(SRC_D)\crypto\idea\idea.h $(INC_D)\idea.h
-
-$(INC_D)\blowfish.h: $(SRC_D)\crypto\bf\blowfish.h
-	$(CP) $(SRC_D)\crypto\bf\blowfish.h $(INC_D)\blowfish.h
-
-$(INC_D)\cast.h: $(SRC_D)\crypto\cast\cast.h
-	$(CP) $(SRC_D)\crypto\cast\cast.h $(INC_D)\cast.h
-
-$(INC_D)\bn.h: $(SRC_D)\crypto\bn\bn.h
-	$(CP) $(SRC_D)\crypto\bn\bn.h $(INC_D)\bn.h
-
-$(INC_D)\rsa.h: $(SRC_D)\crypto\rsa\rsa.h
-	$(CP) $(SRC_D)\crypto\rsa\rsa.h $(INC_D)\rsa.h
-
-$(INC_D)\dsa.h: $(SRC_D)\crypto\dsa\dsa.h
-	$(CP) $(SRC_D)\crypto\dsa\dsa.h $(INC_D)\dsa.h
-
-$(INC_D)\dh.h: $(SRC_D)\crypto\dh\dh.h
-	$(CP) $(SRC_D)\crypto\dh\dh.h $(INC_D)\dh.h
-
-$(INC_D)\buffer.h: $(SRC_D)\crypto\buffer\buffer.h
-	$(CP) $(SRC_D)\crypto\buffer\buffer.h $(INC_D)\buffer.h
-
-$(INC_D)\bio.h: $(SRC_D)\crypto\bio\bio.h
-	$(CP) $(SRC_D)\crypto\bio\bio.h $(INC_D)\bio.h
-
-$(INC_D)\bss_file.c: $(SRC_D)\crypto\bio\bss_file.c
-	$(CP) $(SRC_D)\crypto\bio\bss_file.c $(INC_D)\bss_file.c
-
-$(INC_D)\stack.h: $(SRC_D)\crypto\stack\stack.h
-	$(CP) $(SRC_D)\crypto\stack\stack.h $(INC_D)\stack.h
-
-$(INC_D)\lhash.h: $(SRC_D)\crypto\lhash\lhash.h
-	$(CP) $(SRC_D)\crypto\lhash\lhash.h $(INC_D)\lhash.h
-
-$(INC_D)\rand.h: $(SRC_D)\crypto\rand\rand.h
-	$(CP) $(SRC_D)\crypto\rand\rand.h $(INC_D)\rand.h
-
-$(INC_D)\err.h: $(SRC_D)\crypto\err\err.h
-	$(CP) $(SRC_D)\crypto\err\err.h $(INC_D)\err.h
-
-$(INC_D)\objects.h: $(SRC_D)\crypto\objects\objects.h
-	$(CP) $(SRC_D)\crypto\objects\objects.h $(INC_D)\objects.h
-
-$(INC_D)\evp.h: $(SRC_D)\crypto\evp\evp.h
-	$(CP) $(SRC_D)\crypto\evp\evp.h $(INC_D)\evp.h
-
-$(INC_D)\pem.h: $(SRC_D)\crypto\pem\pem.h
-	$(CP) $(SRC_D)\crypto\pem\pem.h $(INC_D)\pem.h
-
-$(INC_D)\asn1.h: $(SRC_D)\crypto\asn1\asn1.h
-	$(CP) $(SRC_D)\crypto\asn1\asn1.h $(INC_D)\asn1.h
-
-$(INC_D)\asn1_mac.h: $(SRC_D)\crypto\asn1\asn1_mac.h
-	$(CP) $(SRC_D)\crypto\asn1\asn1_mac.h $(INC_D)\asn1_mac.h
-
-$(INC_D)\x509.h: $(SRC_D)\crypto\x509\x509.h
-	$(CP) $(SRC_D)\crypto\x509\x509.h $(INC_D)\x509.h
-
-$(INC_D)\x509_vfy.h: $(SRC_D)\crypto\x509\x509_vfy.h
-	$(CP) $(SRC_D)\crypto\x509\x509_vfy.h $(INC_D)\x509_vfy.h
-
-$(INC_D)\conf.h: $(SRC_D)\crypto\conf\conf.h
-	$(CP) $(SRC_D)\crypto\conf\conf.h $(INC_D)\conf.h
-
-$(INC_D)\txt_db.h: $(SRC_D)\crypto\txt_db\txt_db.h
-	$(CP) $(SRC_D)\crypto\txt_db\txt_db.h $(INC_D)\txt_db.h
-
-$(INC_D)\pkcs7.h: $(SRC_D)\crypto\pkcs7\pkcs7.h
-	$(CP) $(SRC_D)\crypto\pkcs7\pkcs7.h $(INC_D)\pkcs7.h
-
-$(INC_D)\proxy.h: $(SRC_D)\crypto\proxy\proxy.h
-	$(CP) $(SRC_D)\crypto\proxy\proxy.h $(INC_D)\proxy.h
-
-$(INC_D)\comp.h: $(SRC_D)\crypto\comp\comp.h
-	$(CP) $(SRC_D)\crypto\comp\comp.h $(INC_D)\comp.h
-
-$(INC_D)\ssl.h: $(SRC_D)\ssl\ssl.h
-	$(CP) $(SRC_D)\ssl\ssl.h $(INC_D)\ssl.h
-
-$(INC_D)\ssl2.h: $(SRC_D)\ssl\ssl2.h
-	$(CP) $(SRC_D)\ssl\ssl2.h $(INC_D)\ssl2.h
-
-$(INC_D)\ssl3.h: $(SRC_D)\ssl\ssl3.h
-	$(CP) $(SRC_D)\ssl\ssl3.h $(INC_D)\ssl3.h
-
-$(INC_D)\ssl23.h: $(SRC_D)\ssl\ssl23.h
-	$(CP) $(SRC_D)\ssl\ssl23.h $(INC_D)\ssl23.h
-
-$(INC_D)\tls1.h: $(SRC_D)\ssl\tls1.h
-	$(CP) $(SRC_D)\ssl\tls1.h $(INC_D)\tls1.h
-
-$(OBJ_D)\md2test.obj: $(SRC_D)\crypto\md2\md2test.c
-	$(CC) /Fo$(OBJ_D)\md2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\md2\md2test.c
-
-$(OBJ_D)\md5test.obj: $(SRC_D)\crypto\md5\md5test.c
-	$(CC) /Fo$(OBJ_D)\md5test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\md5\md5test.c
-
-$(OBJ_D)\shatest.obj: $(SRC_D)\crypto\sha\shatest.c
-	$(CC) /Fo$(OBJ_D)\shatest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\sha\shatest.c
-
-$(OBJ_D)\sha1test.obj: $(SRC_D)\crypto\sha\sha1test.c
-	$(CC) /Fo$(OBJ_D)\sha1test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\sha\sha1test.c
-
-$(OBJ_D)\mdc2test.obj: $(SRC_D)\crypto\mdc2\mdc2test.c
-	$(CC) /Fo$(OBJ_D)\mdc2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2test.c
-
-$(OBJ_D)\hmactest.obj: $(SRC_D)\crypto\hmac\hmactest.c
-	$(CC) /Fo$(OBJ_D)\hmactest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\hmac\hmactest.c
-
-$(OBJ_D)\rmdtest.obj: $(SRC_D)\crypto\ripemd\rmdtest.c
-	$(CC) /Fo$(OBJ_D)\rmdtest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\ripemd\rmdtest.c
-
-$(OBJ_D)\destest.obj: $(SRC_D)\crypto\des\destest.c
-	$(CC) /Fo$(OBJ_D)\destest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\des\destest.c
-
-$(OBJ_D)\rc2test.obj: $(SRC_D)\crypto\rc2\rc2test.c
-	$(CC) /Fo$(OBJ_D)\rc2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2test.c
-
-$(OBJ_D)\rc4test.obj: $(SRC_D)\crypto\rc4\rc4test.c
-	$(CC) /Fo$(OBJ_D)\rc4test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4test.c
-
-$(OBJ_D)\rc5test.obj: $(SRC_D)\crypto\rc5\rc5test.c
-	$(CC) /Fo$(OBJ_D)\rc5test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5test.c
-
-$(OBJ_D)\ideatest.obj: $(SRC_D)\crypto\idea\ideatest.c
-	$(CC) /Fo$(OBJ_D)\ideatest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\idea\ideatest.c
-
-$(OBJ_D)\bftest.obj: $(SRC_D)\crypto\bf\bftest.c
-	$(CC) /Fo$(OBJ_D)\bftest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\bf\bftest.c
-
-$(OBJ_D)\casttest.obj: $(SRC_D)\crypto\cast\casttest.c
-	$(CC) /Fo$(OBJ_D)\casttest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\cast\casttest.c
-
-$(OBJ_D)\bntest.obj: $(SRC_D)\crypto\bn\bntest.c
-	$(CC) /Fo$(OBJ_D)\bntest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\bn\bntest.c
-
-$(OBJ_D)\exptest.obj: $(SRC_D)\crypto\bn\exptest.c
-	$(CC) /Fo$(OBJ_D)\exptest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\bn\exptest.c
-
-$(OBJ_D)\dsatest.obj: $(SRC_D)\crypto\dsa\dsatest.c
-	$(CC) /Fo$(OBJ_D)\dsatest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\dsa\dsatest.c
-
-$(OBJ_D)\dhtest.obj: $(SRC_D)\crypto\dh\dhtest.c
-	$(CC) /Fo$(OBJ_D)\dhtest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\dh\dhtest.c
-
-$(OBJ_D)\randtest.obj: $(SRC_D)\crypto\rand\randtest.c
-	$(CC) /Fo$(OBJ_D)\randtest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rand\randtest.c
-
-$(OBJ_D)\ssltest.obj: $(SRC_D)\ssl\ssltest.c
-	$(CC) /Fo$(OBJ_D)\ssltest.obj $(APP_CFLAGS) -c $(SRC_D)\ssl\ssltest.c
-
-$(OBJ_D)\verify.obj: $(SRC_D)\apps\verify.c
-	$(CC) /Fo$(OBJ_D)\verify.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\verify.c
-
-$(OBJ_D)\asn1pars.obj: $(SRC_D)\apps\asn1pars.c
-	$(CC) /Fo$(OBJ_D)\asn1pars.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\asn1pars.c
-
-$(OBJ_D)\req.obj: $(SRC_D)\apps\req.c
-	$(CC) /Fo$(OBJ_D)\req.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\req.c
-
-$(OBJ_D)\dgst.obj: $(SRC_D)\apps\dgst.c
-	$(CC) /Fo$(OBJ_D)\dgst.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dgst.c
-
-$(OBJ_D)\dh.obj: $(SRC_D)\apps\dh.c
-	$(CC) /Fo$(OBJ_D)\dh.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dh.c
-
-$(OBJ_D)\enc.obj: $(SRC_D)\apps\enc.c
-	$(CC) /Fo$(OBJ_D)\enc.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\enc.c
-
-$(OBJ_D)\gendh.obj: $(SRC_D)\apps\gendh.c
-	$(CC) /Fo$(OBJ_D)\gendh.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\gendh.c
-
-$(OBJ_D)\errstr.obj: $(SRC_D)\apps\errstr.c
-	$(CC) /Fo$(OBJ_D)\errstr.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\errstr.c
-
-$(OBJ_D)\ca.obj: $(SRC_D)\apps\ca.c
-	$(CC) /Fo$(OBJ_D)\ca.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\ca.c
-
-$(OBJ_D)\pkcs7.obj: $(SRC_D)\apps\pkcs7.c
-	$(CC) /Fo$(OBJ_D)\pkcs7.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\pkcs7.c
-
-$(OBJ_D)\crl2p7.obj: $(SRC_D)\apps\crl2p7.c
-	$(CC) /Fo$(OBJ_D)\crl2p7.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\crl2p7.c
-
-$(OBJ_D)\crl.obj: $(SRC_D)\apps\crl.c
-	$(CC) /Fo$(OBJ_D)\crl.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\crl.c
-
-$(OBJ_D)\rsa.obj: $(SRC_D)\apps\rsa.c
-	$(CC) /Fo$(OBJ_D)\rsa.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\rsa.c
-
-$(OBJ_D)\dsa.obj: $(SRC_D)\apps\dsa.c
-	$(CC) /Fo$(OBJ_D)\dsa.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dsa.c
-
-$(OBJ_D)\dsaparam.obj: $(SRC_D)\apps\dsaparam.c
-	$(CC) /Fo$(OBJ_D)\dsaparam.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dsaparam.c
-
-$(OBJ_D)\x509.obj: $(SRC_D)\apps\x509.c
-	$(CC) /Fo$(OBJ_D)\x509.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\x509.c
-
-$(OBJ_D)\genrsa.obj: $(SRC_D)\apps\genrsa.c
-	$(CC) /Fo$(OBJ_D)\genrsa.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\genrsa.c
-
-$(OBJ_D)\s_server.obj: $(SRC_D)\apps\s_server.c
-	$(CC) /Fo$(OBJ_D)\s_server.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_server.c
-
-$(OBJ_D)\s_client.obj: $(SRC_D)\apps\s_client.c
-	$(CC) /Fo$(OBJ_D)\s_client.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_client.c
-
-$(OBJ_D)\speed.obj: $(SRC_D)\apps\speed.c
-	$(CC) /Fo$(OBJ_D)\speed.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\speed.c
-
-$(OBJ_D)\s_time.obj: $(SRC_D)\apps\s_time.c
-	$(CC) /Fo$(OBJ_D)\s_time.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_time.c
-
-$(OBJ_D)\apps.obj: $(SRC_D)\apps\apps.c
-	$(CC) /Fo$(OBJ_D)\apps.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\apps.c
-
-$(OBJ_D)\s_cb.obj: $(SRC_D)\apps\s_cb.c
-	$(CC) /Fo$(OBJ_D)\s_cb.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_cb.c
-
-$(OBJ_D)\s_socket.obj: $(SRC_D)\apps\s_socket.c
-	$(CC) /Fo$(OBJ_D)\s_socket.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_socket.c
-
-$(OBJ_D)\bf_perm.obj: $(SRC_D)\apps\bf_perm.c
-	$(CC) /Fo$(OBJ_D)\bf_perm.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\bf_perm.c
-
-$(OBJ_D)\version.obj: $(SRC_D)\apps\version.c
-	$(CC) /Fo$(OBJ_D)\version.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\version.c
-
-$(OBJ_D)\sess_id.obj: $(SRC_D)\apps\sess_id.c
-	$(CC) /Fo$(OBJ_D)\sess_id.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\sess_id.c
-
-$(OBJ_D)\ciphers.obj: $(SRC_D)\apps\ciphers.c
-	$(CC) /Fo$(OBJ_D)\ciphers.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\ciphers.c
-
-$(OBJ_D)\ssleay.obj: $(SRC_D)\apps\ssleay.c
-	$(CC) /Fo$(OBJ_D)\ssleay.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\ssleay.c
-
-crypto\bn\asm\bn-win32.obj: crypto\bn\asm\bn-win32.asm
-	$(ASM) /Focrypto\bn\asm\bn-win32.obj $(SRC_D)\crypto\bn\asm\bn-win32.asm
-
-crypto\des\asm\d-win32.obj: crypto\des\asm\d-win32.asm
-	$(ASM) /Focrypto\des\asm\d-win32.obj $(SRC_D)\crypto\des\asm\d-win32.asm
-
-crypto\des\asm\y-win32.obj: crypto\des\asm\y-win32.asm
-	$(ASM) /Focrypto\des\asm\y-win32.obj $(SRC_D)\crypto\des\asm\y-win32.asm
-
-crypto\bf\asm\b-win32.obj: crypto\bf\asm\b-win32.asm
-	$(ASM) /Focrypto\bf\asm\b-win32.obj $(SRC_D)\crypto\bf\asm\b-win32.asm
-
-crypto\cast\asm\c-win32.obj: crypto\cast\asm\c-win32.asm
-	$(ASM) /Focrypto\cast\asm\c-win32.obj $(SRC_D)\crypto\cast\asm\c-win32.asm
-
-crypto\rc4\asm\r4-win32.obj: crypto\rc4\asm\r4-win32.asm
-	$(ASM) /Focrypto\rc4\asm\r4-win32.obj $(SRC_D)\crypto\rc4\asm\r4-win32.asm
-
-crypto\rc5\asm\r5-win32.obj: crypto\rc5\asm\r5-win32.asm
-	$(ASM) /Focrypto\rc5\asm\r5-win32.obj $(SRC_D)\crypto\rc5\asm\r5-win32.asm
-
-crypto\md5\asm\m5-win32.obj: crypto\md5\asm\m5-win32.asm
-	$(ASM) /Focrypto\md5\asm\m5-win32.obj $(SRC_D)\crypto\md5\asm\m5-win32.asm
-
-crypto\sha\asm\s1-win32.obj: crypto\sha\asm\s1-win32.asm
-	$(ASM) /Focrypto\sha\asm\s1-win32.obj $(SRC_D)\crypto\sha\asm\s1-win32.asm
-
-crypto\ripemd\asm\rm-win32.obj: crypto\ripemd\asm\rm-win32.asm
-	$(ASM) /Focrypto\ripemd\asm\rm-win32.obj $(SRC_D)\crypto\ripemd\asm\rm-win32.asm
-
-$(OBJ_D)\cryptlib.obj: $(SRC_D)\crypto\cryptlib.c
-	$(CC) /Fo$(OBJ_D)\cryptlib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cryptlib.c
-
-$(OBJ_D)\mem.obj: $(SRC_D)\crypto\mem.c
-	$(CC) /Fo$(OBJ_D)\mem.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\mem.c
-
-$(OBJ_D)\cversion.obj: $(SRC_D)\crypto\cversion.c
-	$(CC) /Fo$(OBJ_D)\cversion.obj  $(SHLIB_CFLAGS) -DCFLAGS="\"$(CC) $(CFLAG)\"" -DPLATFORM="\"$(PLATFORM)\"" -c $(SRC_D)\crypto\cversion.c
-
-$(OBJ_D)\ex_data.obj: $(SRC_D)\crypto\ex_data.c
-	$(CC) /Fo$(OBJ_D)\ex_data.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\ex_data.c
-
-$(OBJ_D)\tmdiff.obj: $(SRC_D)\crypto\tmdiff.c
-	$(CC) /Fo$(OBJ_D)\tmdiff.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\tmdiff.c
-
-$(OBJ_D)\cpt_err.obj: $(SRC_D)\crypto\cpt_err.c
-	$(CC) /Fo$(OBJ_D)\cpt_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cpt_err.c
-
-$(OBJ_D)\md2_dgst.obj: $(SRC_D)\crypto\md2\md2_dgst.c
-	$(CC) /Fo$(OBJ_D)\md2_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md2\md2_dgst.c
-
-$(OBJ_D)\md2_one.obj: $(SRC_D)\crypto\md2\md2_one.c
-	$(CC) /Fo$(OBJ_D)\md2_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md2\md2_one.c
-
-$(OBJ_D)\md5_dgst.obj: $(SRC_D)\crypto\md5\md5_dgst.c
-	$(CC) /Fo$(OBJ_D)\md5_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md5\md5_dgst.c
-
-$(OBJ_D)\md5_one.obj: $(SRC_D)\crypto\md5\md5_one.c
-	$(CC) /Fo$(OBJ_D)\md5_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md5\md5_one.c
-
-$(OBJ_D)\sha_dgst.obj: $(SRC_D)\crypto\sha\sha_dgst.c
-	$(CC) /Fo$(OBJ_D)\sha_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha_dgst.c
-
-$(OBJ_D)\sha1dgst.obj: $(SRC_D)\crypto\sha\sha1dgst.c
-	$(CC) /Fo$(OBJ_D)\sha1dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha1dgst.c
-
-$(OBJ_D)\sha_one.obj: $(SRC_D)\crypto\sha\sha_one.c
-	$(CC) /Fo$(OBJ_D)\sha_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha_one.c
-
-$(OBJ_D)\sha1_one.obj: $(SRC_D)\crypto\sha\sha1_one.c
-	$(CC) /Fo$(OBJ_D)\sha1_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha1_one.c
-
-$(OBJ_D)\mdc2dgst.obj: $(SRC_D)\crypto\mdc2\mdc2dgst.c
-	$(CC) /Fo$(OBJ_D)\mdc2dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2dgst.c
-
-$(OBJ_D)\mdc2_one.obj: $(SRC_D)\crypto\mdc2\mdc2_one.c
-	$(CC) /Fo$(OBJ_D)\mdc2_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2_one.c
-
-$(OBJ_D)\hmac.obj: $(SRC_D)\crypto\hmac\hmac.c
-	$(CC) /Fo$(OBJ_D)\hmac.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\hmac\hmac.c
-
-$(OBJ_D)\rmd_dgst.obj: $(SRC_D)\crypto\ripemd\rmd_dgst.c
-	$(CC) /Fo$(OBJ_D)\rmd_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\ripemd\rmd_dgst.c
-
-$(OBJ_D)\rmd_one.obj: $(SRC_D)\crypto\ripemd\rmd_one.c
-	$(CC) /Fo$(OBJ_D)\rmd_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\ripemd\rmd_one.c
-
-$(OBJ_D)\set_key.obj: $(SRC_D)\crypto\des\set_key.c
-	$(CC) /Fo$(OBJ_D)\set_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\set_key.c
-
-$(OBJ_D)\ecb_enc.obj: $(SRC_D)\crypto\des\ecb_enc.c
-	$(CC) /Fo$(OBJ_D)\ecb_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ecb_enc.c
-
-$(OBJ_D)\cbc_enc.obj: $(SRC_D)\crypto\des\cbc_enc.c
-	$(CC) /Fo$(OBJ_D)\cbc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc_enc.c
-
-$(OBJ_D)\ecb3_enc.obj: $(SRC_D)\crypto\des\ecb3_enc.c
-	$(CC) /Fo$(OBJ_D)\ecb3_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ecb3_enc.c
-
-$(OBJ_D)\cfb64enc.obj: $(SRC_D)\crypto\des\cfb64enc.c
-	$(CC) /Fo$(OBJ_D)\cfb64enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb64enc.c
-
-$(OBJ_D)\cfb64ede.obj: $(SRC_D)\crypto\des\cfb64ede.c
-	$(CC) /Fo$(OBJ_D)\cfb64ede.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb64ede.c
-
-$(OBJ_D)\cfb_enc.obj: $(SRC_D)\crypto\des\cfb_enc.c
-	$(CC) /Fo$(OBJ_D)\cfb_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb_enc.c
-
-$(OBJ_D)\ofb64ede.obj: $(SRC_D)\crypto\des\ofb64ede.c
-	$(CC) /Fo$(OBJ_D)\ofb64ede.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb64ede.c
-
-$(OBJ_D)\enc_read.obj: $(SRC_D)\crypto\des\enc_read.c
-	$(CC) /Fo$(OBJ_D)\enc_read.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\enc_read.c
-
-$(OBJ_D)\enc_writ.obj: $(SRC_D)\crypto\des\enc_writ.c
-	$(CC) /Fo$(OBJ_D)\enc_writ.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\enc_writ.c
-
-$(OBJ_D)\ofb64enc.obj: $(SRC_D)\crypto\des\ofb64enc.c
-	$(CC) /Fo$(OBJ_D)\ofb64enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb64enc.c
-
-$(OBJ_D)\ofb_enc.obj: $(SRC_D)\crypto\des\ofb_enc.c
-	$(CC) /Fo$(OBJ_D)\ofb_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb_enc.c
-
-$(OBJ_D)\str2key.obj: $(SRC_D)\crypto\des\str2key.c
-	$(CC) /Fo$(OBJ_D)\str2key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\str2key.c
-
-$(OBJ_D)\pcbc_enc.obj: $(SRC_D)\crypto\des\pcbc_enc.c
-	$(CC) /Fo$(OBJ_D)\pcbc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\pcbc_enc.c
-
-$(OBJ_D)\qud_cksm.obj: $(SRC_D)\crypto\des\qud_cksm.c
-	$(CC) /Fo$(OBJ_D)\qud_cksm.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\qud_cksm.c
-
-$(OBJ_D)\rand_key.obj: $(SRC_D)\crypto\des\rand_key.c
-	$(CC) /Fo$(OBJ_D)\rand_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\rand_key.c
-
-$(OBJ_D)\des_enc.obj: $(SRC_D)\crypto\des\des_enc.c
-	$(CC) /Fo$(OBJ_D)\des_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\des_enc.c
-
-$(OBJ_D)\fcrypt_b.obj: $(SRC_D)\crypto\des\fcrypt_b.c
-	$(CC) /Fo$(OBJ_D)\fcrypt_b.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\fcrypt_b.c
-
-$(OBJ_D)\read2pwd.obj: $(SRC_D)\crypto\des\read2pwd.c
-	$(CC) /Fo$(OBJ_D)\read2pwd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\read2pwd.c
-
-$(OBJ_D)\fcrypt.obj: $(SRC_D)\crypto\des\fcrypt.c
-	$(CC) /Fo$(OBJ_D)\fcrypt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\fcrypt.c
-
-$(OBJ_D)\xcbc_enc.obj: $(SRC_D)\crypto\des\xcbc_enc.c
-	$(CC) /Fo$(OBJ_D)\xcbc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\xcbc_enc.c
-
-$(OBJ_D)\read_pwd.obj: $(SRC_D)\crypto\des\read_pwd.c
-	$(CC) /Fo$(OBJ_D)\read_pwd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\read_pwd.c
-
-$(OBJ_D)\rpc_enc.obj: $(SRC_D)\crypto\des\rpc_enc.c
-	$(CC) /Fo$(OBJ_D)\rpc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\rpc_enc.c
-
-$(OBJ_D)\cbc_cksm.obj: $(SRC_D)\crypto\des\cbc_cksm.c
-	$(CC) /Fo$(OBJ_D)\cbc_cksm.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc_cksm.c
-
-$(OBJ_D)\supp.obj: $(SRC_D)\crypto\des\supp.c
-	$(CC) /Fo$(OBJ_D)\supp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\supp.c
-
-$(OBJ_D)\rc2_ecb.obj: $(SRC_D)\crypto\rc2\rc2_ecb.c
-	$(CC) /Fo$(OBJ_D)\rc2_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_ecb.c
-
-$(OBJ_D)\rc2_skey.obj: $(SRC_D)\crypto\rc2\rc2_skey.c
-	$(CC) /Fo$(OBJ_D)\rc2_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_skey.c
-
-$(OBJ_D)\rc2_cbc.obj: $(SRC_D)\crypto\rc2\rc2_cbc.c
-	$(CC) /Fo$(OBJ_D)\rc2_cbc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_cbc.c
-
-$(OBJ_D)\rc2cfb64.obj: $(SRC_D)\crypto\rc2\rc2cfb64.c
-	$(CC) /Fo$(OBJ_D)\rc2cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2cfb64.c
-
-$(OBJ_D)\rc2ofb64.obj: $(SRC_D)\crypto\rc2\rc2ofb64.c
-	$(CC) /Fo$(OBJ_D)\rc2ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2ofb64.c
-
-$(OBJ_D)\rc4_skey.obj: $(SRC_D)\crypto\rc4\rc4_skey.c
-	$(CC) /Fo$(OBJ_D)\rc4_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4_skey.c
-
-$(OBJ_D)\rc4_enc.obj: $(SRC_D)\crypto\rc4\rc4_enc.c
-	$(CC) /Fo$(OBJ_D)\rc4_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4_enc.c
-
-$(OBJ_D)\rc5_skey.obj: $(SRC_D)\crypto\rc5\rc5_skey.c
-	$(CC) /Fo$(OBJ_D)\rc5_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5_skey.c
-
-$(OBJ_D)\rc5_ecb.obj: $(SRC_D)\crypto\rc5\rc5_ecb.c
-	$(CC) /Fo$(OBJ_D)\rc5_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5_ecb.c
-
-$(OBJ_D)\rc5_enc.obj: $(SRC_D)\crypto\rc5\rc5_enc.c
-	$(CC) /Fo$(OBJ_D)\rc5_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5_enc.c
-
-$(OBJ_D)\rc5cfb64.obj: $(SRC_D)\crypto\rc5\rc5cfb64.c
-	$(CC) /Fo$(OBJ_D)\rc5cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5cfb64.c
-
-$(OBJ_D)\rc5ofb64.obj: $(SRC_D)\crypto\rc5\rc5ofb64.c
-	$(CC) /Fo$(OBJ_D)\rc5ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5ofb64.c
-
-$(OBJ_D)\i_cbc.obj: $(SRC_D)\crypto\idea\i_cbc.c
-	$(CC) /Fo$(OBJ_D)\i_cbc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_cbc.c
-
-$(OBJ_D)\i_cfb64.obj: $(SRC_D)\crypto\idea\i_cfb64.c
-	$(CC) /Fo$(OBJ_D)\i_cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_cfb64.c
-
-$(OBJ_D)\i_ofb64.obj: $(SRC_D)\crypto\idea\i_ofb64.c
-	$(CC) /Fo$(OBJ_D)\i_ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_ofb64.c
-
-$(OBJ_D)\i_ecb.obj: $(SRC_D)\crypto\idea\i_ecb.c
-	$(CC) /Fo$(OBJ_D)\i_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_ecb.c
-
-$(OBJ_D)\i_skey.obj: $(SRC_D)\crypto\idea\i_skey.c
-	$(CC) /Fo$(OBJ_D)\i_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_skey.c
-
-$(OBJ_D)\bf_skey.obj: $(SRC_D)\crypto\bf\bf_skey.c
-	$(CC) /Fo$(OBJ_D)\bf_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_skey.c
-
-$(OBJ_D)\bf_ecb.obj: $(SRC_D)\crypto\bf\bf_ecb.c
-	$(CC) /Fo$(OBJ_D)\bf_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_ecb.c
-
-$(OBJ_D)\bf_enc.obj: $(SRC_D)\crypto\bf\bf_enc.c
-	$(CC) /Fo$(OBJ_D)\bf_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_enc.c
-
-$(OBJ_D)\bf_cfb64.obj: $(SRC_D)\crypto\bf\bf_cfb64.c
-	$(CC) /Fo$(OBJ_D)\bf_cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_cfb64.c
-
-$(OBJ_D)\bf_ofb64.obj: $(SRC_D)\crypto\bf\bf_ofb64.c
-	$(CC) /Fo$(OBJ_D)\bf_ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_ofb64.c
-
-$(OBJ_D)\c_skey.obj: $(SRC_D)\crypto\cast\c_skey.c
-	$(CC) /Fo$(OBJ_D)\c_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_skey.c
-
-$(OBJ_D)\c_ecb.obj: $(SRC_D)\crypto\cast\c_ecb.c
-	$(CC) /Fo$(OBJ_D)\c_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_ecb.c
-
-$(OBJ_D)\c_enc.obj: $(SRC_D)\crypto\cast\c_enc.c
-	$(CC) /Fo$(OBJ_D)\c_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_enc.c
-
-$(OBJ_D)\c_cfb64.obj: $(SRC_D)\crypto\cast\c_cfb64.c
-	$(CC) /Fo$(OBJ_D)\c_cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_cfb64.c
-
-$(OBJ_D)\c_ofb64.obj: $(SRC_D)\crypto\cast\c_ofb64.c
-	$(CC) /Fo$(OBJ_D)\c_ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_ofb64.c
-
-$(OBJ_D)\bn_add.obj: $(SRC_D)\crypto\bn\bn_add.c
-	$(CC) /Fo$(OBJ_D)\bn_add.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_add.c
-
-$(OBJ_D)\bn_div.obj: $(SRC_D)\crypto\bn\bn_div.c
-	$(CC) /Fo$(OBJ_D)\bn_div.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_div.c
-
-$(OBJ_D)\bn_exp.obj: $(SRC_D)\crypto\bn\bn_exp.c
-	$(CC) /Fo$(OBJ_D)\bn_exp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_exp.c
-
-$(OBJ_D)\bn_lib.obj: $(SRC_D)\crypto\bn\bn_lib.c
-	$(CC) /Fo$(OBJ_D)\bn_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_lib.c
-
-$(OBJ_D)\bn_mul.obj: $(SRC_D)\crypto\bn\bn_mul.c
-	$(CC) /Fo$(OBJ_D)\bn_mul.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mul.c
-
-$(OBJ_D)\bn_print.obj: $(SRC_D)\crypto\bn\bn_print.c
-	$(CC) /Fo$(OBJ_D)\bn_print.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_print.c
-
-$(OBJ_D)\bn_rand.obj: $(SRC_D)\crypto\bn\bn_rand.c
-	$(CC) /Fo$(OBJ_D)\bn_rand.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_rand.c
-
-$(OBJ_D)\bn_shift.obj: $(SRC_D)\crypto\bn\bn_shift.c
-	$(CC) /Fo$(OBJ_D)\bn_shift.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_shift.c
-
-$(OBJ_D)\bn_word.obj: $(SRC_D)\crypto\bn\bn_word.c
-	$(CC) /Fo$(OBJ_D)\bn_word.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_word.c
-
-$(OBJ_D)\bn_blind.obj: $(SRC_D)\crypto\bn\bn_blind.c
-	$(CC) /Fo$(OBJ_D)\bn_blind.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_blind.c
-
-$(OBJ_D)\bn_gcd.obj: $(SRC_D)\crypto\bn\bn_gcd.c
-	$(CC) /Fo$(OBJ_D)\bn_gcd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_gcd.c
-
-$(OBJ_D)\bn_prime.obj: $(SRC_D)\crypto\bn\bn_prime.c
-	$(CC) /Fo$(OBJ_D)\bn_prime.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_prime.c
-
-$(OBJ_D)\bn_err.obj: $(SRC_D)\crypto\bn\bn_err.c
-	$(CC) /Fo$(OBJ_D)\bn_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_err.c
-
-$(OBJ_D)\bn_sqr.obj: $(SRC_D)\crypto\bn\bn_sqr.c
-	$(CC) /Fo$(OBJ_D)\bn_sqr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_sqr.c
-
-$(OBJ_D)\bn_asm.obj: $(SRC_D)\crypto\bn\bn_asm.c
-	$(CC) /Fo$(OBJ_D)\bn_asm.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_asm.c
-
-$(OBJ_D)\bn_recp.obj: $(SRC_D)\crypto\bn\bn_recp.c
-	$(CC) /Fo$(OBJ_D)\bn_recp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_recp.c
-
-$(OBJ_D)\bn_mont.obj: $(SRC_D)\crypto\bn\bn_mont.c
-	$(CC) /Fo$(OBJ_D)\bn_mont.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mont.c
-
-$(OBJ_D)\bn_mpi.obj: $(SRC_D)\crypto\bn\bn_mpi.c
-	$(CC) /Fo$(OBJ_D)\bn_mpi.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mpi.c
-
-$(OBJ_D)\bn_exp2.obj: $(SRC_D)\crypto\bn\bn_exp2.c
-	$(CC) /Fo$(OBJ_D)\bn_exp2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_exp2.c
-
-$(OBJ_D)\rsa_eay.obj: $(SRC_D)\crypto\rsa\rsa_eay.c
-	$(CC) /Fo$(OBJ_D)\rsa_eay.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_eay.c
-
-$(OBJ_D)\rsa_gen.obj: $(SRC_D)\crypto\rsa\rsa_gen.c
-	$(CC) /Fo$(OBJ_D)\rsa_gen.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_gen.c
-
-$(OBJ_D)\rsa_lib.obj: $(SRC_D)\crypto\rsa\rsa_lib.c
-	$(CC) /Fo$(OBJ_D)\rsa_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_lib.c
-
-$(OBJ_D)\rsa_sign.obj: $(SRC_D)\crypto\rsa\rsa_sign.c
-	$(CC) /Fo$(OBJ_D)\rsa_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_sign.c
-
-$(OBJ_D)\rsa_saos.obj: $(SRC_D)\crypto\rsa\rsa_saos.c
-	$(CC) /Fo$(OBJ_D)\rsa_saos.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_saos.c
-
-$(OBJ_D)\rsa_err.obj: $(SRC_D)\crypto\rsa\rsa_err.c
-	$(CC) /Fo$(OBJ_D)\rsa_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_err.c
-
-$(OBJ_D)\rsa_pk1.obj: $(SRC_D)\crypto\rsa\rsa_pk1.c
-	$(CC) /Fo$(OBJ_D)\rsa_pk1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_pk1.c
-
-$(OBJ_D)\rsa_ssl.obj: $(SRC_D)\crypto\rsa\rsa_ssl.c
-	$(CC) /Fo$(OBJ_D)\rsa_ssl.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_ssl.c
-
-$(OBJ_D)\rsa_none.obj: $(SRC_D)\crypto\rsa\rsa_none.c
-	$(CC) /Fo$(OBJ_D)\rsa_none.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_none.c
-
-$(OBJ_D)\dsa_gen.obj: $(SRC_D)\crypto\dsa\dsa_gen.c
-	$(CC) /Fo$(OBJ_D)\dsa_gen.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_gen.c
-
-$(OBJ_D)\dsa_key.obj: $(SRC_D)\crypto\dsa\dsa_key.c
-	$(CC) /Fo$(OBJ_D)\dsa_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_key.c
-
-$(OBJ_D)\dsa_lib.obj: $(SRC_D)\crypto\dsa\dsa_lib.c
-	$(CC) /Fo$(OBJ_D)\dsa_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_lib.c
-
-$(OBJ_D)\dsa_vrf.obj: $(SRC_D)\crypto\dsa\dsa_vrf.c
-	$(CC) /Fo$(OBJ_D)\dsa_vrf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_vrf.c
-
-$(OBJ_D)\dsa_sign.obj: $(SRC_D)\crypto\dsa\dsa_sign.c
-	$(CC) /Fo$(OBJ_D)\dsa_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_sign.c
-
-$(OBJ_D)\dsa_err.obj: $(SRC_D)\crypto\dsa\dsa_err.c
-	$(CC) /Fo$(OBJ_D)\dsa_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_err.c
-
-$(OBJ_D)\dh_gen.obj: $(SRC_D)\crypto\dh\dh_gen.c
-	$(CC) /Fo$(OBJ_D)\dh_gen.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_gen.c
-
-$(OBJ_D)\dh_key.obj: $(SRC_D)\crypto\dh\dh_key.c
-	$(CC) /Fo$(OBJ_D)\dh_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_key.c
-
-$(OBJ_D)\dh_lib.obj: $(SRC_D)\crypto\dh\dh_lib.c
-	$(CC) /Fo$(OBJ_D)\dh_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_lib.c
-
-$(OBJ_D)\dh_check.obj: $(SRC_D)\crypto\dh\dh_check.c
-	$(CC) /Fo$(OBJ_D)\dh_check.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_check.c
-
-$(OBJ_D)\dh_err.obj: $(SRC_D)\crypto\dh\dh_err.c
-	$(CC) /Fo$(OBJ_D)\dh_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_err.c
-
-$(OBJ_D)\buffer.obj: $(SRC_D)\crypto\buffer\buffer.c
-	$(CC) /Fo$(OBJ_D)\buffer.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\buffer\buffer.c
-
-$(OBJ_D)\buf_err.obj: $(SRC_D)\crypto\buffer\buf_err.c
-	$(CC) /Fo$(OBJ_D)\buf_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\buffer\buf_err.c
-
-$(OBJ_D)\bio_lib.obj: $(SRC_D)\crypto\bio\bio_lib.c
-	$(CC) /Fo$(OBJ_D)\bio_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_lib.c
-
-$(OBJ_D)\bio_cb.obj: $(SRC_D)\crypto\bio\bio_cb.c
-	$(CC) /Fo$(OBJ_D)\bio_cb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_cb.c
-
-$(OBJ_D)\bio_err.obj: $(SRC_D)\crypto\bio\bio_err.c
-	$(CC) /Fo$(OBJ_D)\bio_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_err.c
-
-$(OBJ_D)\bss_mem.obj: $(SRC_D)\crypto\bio\bss_mem.c
-	$(CC) /Fo$(OBJ_D)\bss_mem.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_mem.c
-
-$(OBJ_D)\bss_null.obj: $(SRC_D)\crypto\bio\bss_null.c
-	$(CC) /Fo$(OBJ_D)\bss_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_null.c
-
-$(OBJ_D)\bss_fd.obj: $(SRC_D)\crypto\bio\bss_fd.c
-	$(CC) /Fo$(OBJ_D)\bss_fd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_fd.c
-
-$(OBJ_D)\bss_file.obj: $(SRC_D)\crypto\bio\bss_file.c
-	$(CC) /Fo$(OBJ_D)\bss_file.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_file.c
-
-$(OBJ_D)\bss_sock.obj: $(SRC_D)\crypto\bio\bss_sock.c
-	$(CC) /Fo$(OBJ_D)\bss_sock.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_sock.c
-
-$(OBJ_D)\bss_conn.obj: $(SRC_D)\crypto\bio\bss_conn.c
-	$(CC) /Fo$(OBJ_D)\bss_conn.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_conn.c
-
-$(OBJ_D)\bf_null.obj: $(SRC_D)\crypto\bio\bf_null.c
-	$(CC) /Fo$(OBJ_D)\bf_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_null.c
-
-$(OBJ_D)\bf_buff.obj: $(SRC_D)\crypto\bio\bf_buff.c
-	$(CC) /Fo$(OBJ_D)\bf_buff.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_buff.c
-
-$(OBJ_D)\b_print.obj: $(SRC_D)\crypto\bio\b_print.c
-	$(CC) /Fo$(OBJ_D)\b_print.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_print.c
-
-$(OBJ_D)\b_dump.obj: $(SRC_D)\crypto\bio\b_dump.c
-	$(CC) /Fo$(OBJ_D)\b_dump.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_dump.c
-
-$(OBJ_D)\b_sock.obj: $(SRC_D)\crypto\bio\b_sock.c
-	$(CC) /Fo$(OBJ_D)\b_sock.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_sock.c
-
-$(OBJ_D)\bss_acpt.obj: $(SRC_D)\crypto\bio\bss_acpt.c
-	$(CC) /Fo$(OBJ_D)\bss_acpt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_acpt.c
-
-$(OBJ_D)\bf_nbio.obj: $(SRC_D)\crypto\bio\bf_nbio.c
-	$(CC) /Fo$(OBJ_D)\bf_nbio.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_nbio.c
-
-$(OBJ_D)\bss_cs4a.obj: $(SRC_D)\crypto\bio\bss_cs4a.c
-	$(CC) /Fo$(OBJ_D)\bss_cs4a.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_cs4a.c
-
-$(OBJ_D)\stack.obj: $(SRC_D)\crypto\stack\stack.c
-	$(CC) /Fo$(OBJ_D)\stack.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\stack\stack.c
-
-$(OBJ_D)\lhash.obj: $(SRC_D)\crypto\lhash\lhash.c
-	$(CC) /Fo$(OBJ_D)\lhash.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\lhash\lhash.c
-
-$(OBJ_D)\lh_stats.obj: $(SRC_D)\crypto\lhash\lh_stats.c
-	$(CC) /Fo$(OBJ_D)\lh_stats.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\lhash\lh_stats.c
-
-$(OBJ_D)\md_rand.obj: $(SRC_D)\crypto\rand\md_rand.c
-	$(CC) /Fo$(OBJ_D)\md_rand.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rand\md_rand.c
-
-$(OBJ_D)\randfile.obj: $(SRC_D)\crypto\rand\randfile.c
-	$(CC) /Fo$(OBJ_D)\randfile.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rand\randfile.c
-
-$(OBJ_D)\rand_lib.obj: $(SRC_D)\crypto\rand\rand_lib.c
-	$(CC) /Fo$(OBJ_D)\rand_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rand\rand_lib.c
-
-$(OBJ_D)\err.obj: $(SRC_D)\crypto\err\err.c
-	$(CC) /Fo$(OBJ_D)\err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\err\err.c
-
-$(OBJ_D)\err_all.obj: $(SRC_D)\crypto\err\err_all.c
-	$(CC) /Fo$(OBJ_D)\err_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\err\err_all.c
-
-$(OBJ_D)\err_prn.obj: $(SRC_D)\crypto\err\err_prn.c
-	$(CC) /Fo$(OBJ_D)\err_prn.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\err\err_prn.c
-
-$(OBJ_D)\o_names.obj: $(SRC_D)\crypto\objects\o_names.c
-	$(CC) /Fo$(OBJ_D)\o_names.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\objects\o_names.c
-
-$(OBJ_D)\obj_dat.obj: $(SRC_D)\crypto\objects\obj_dat.c
-	$(CC) /Fo$(OBJ_D)\obj_dat.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_dat.c
-
-$(OBJ_D)\obj_lib.obj: $(SRC_D)\crypto\objects\obj_lib.c
-	$(CC) /Fo$(OBJ_D)\obj_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_lib.c
-
-$(OBJ_D)\obj_err.obj: $(SRC_D)\crypto\objects\obj_err.c
-	$(CC) /Fo$(OBJ_D)\obj_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_err.c
-
-$(OBJ_D)\encode.obj: $(SRC_D)\crypto\evp\encode.c
-	$(CC) /Fo$(OBJ_D)\encode.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\encode.c
-
-$(OBJ_D)\digest.obj: $(SRC_D)\crypto\evp\digest.c
-	$(CC) /Fo$(OBJ_D)\digest.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\digest.c
-
-$(OBJ_D)\evp_enc.obj: $(SRC_D)\crypto\evp\evp_enc.c
-	$(CC) /Fo$(OBJ_D)\evp_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_enc.c
-
-$(OBJ_D)\evp_key.obj: $(SRC_D)\crypto\evp\evp_key.c
-	$(CC) /Fo$(OBJ_D)\evp_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_key.c
-
-$(OBJ_D)\e_ecb_d.obj: $(SRC_D)\crypto\evp\e_ecb_d.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_d.c
-
-$(OBJ_D)\e_cbc_d.obj: $(SRC_D)\crypto\evp\e_cbc_d.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_d.c
-
-$(OBJ_D)\e_cfb_d.obj: $(SRC_D)\crypto\evp\e_cfb_d.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_d.c
-
-$(OBJ_D)\e_ofb_d.obj: $(SRC_D)\crypto\evp\e_ofb_d.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_d.c
-
-$(OBJ_D)\e_ecb_i.obj: $(SRC_D)\crypto\evp\e_ecb_i.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_i.c
-
-$(OBJ_D)\e_cbc_i.obj: $(SRC_D)\crypto\evp\e_cbc_i.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_i.c
-
-$(OBJ_D)\e_cfb_i.obj: $(SRC_D)\crypto\evp\e_cfb_i.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_i.c
-
-$(OBJ_D)\e_ofb_i.obj: $(SRC_D)\crypto\evp\e_ofb_i.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_i.c
-
-$(OBJ_D)\e_ecb_3d.obj: $(SRC_D)\crypto\evp\e_ecb_3d.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_3d.c
-
-$(OBJ_D)\e_cbc_3d.obj: $(SRC_D)\crypto\evp\e_cbc_3d.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_3d.c
-
-$(OBJ_D)\e_rc4.obj: $(SRC_D)\crypto\evp\e_rc4.c
-	$(CC) /Fo$(OBJ_D)\e_rc4.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_rc4.c
-
-$(OBJ_D)\names.obj: $(SRC_D)\crypto\evp\names.c
-	$(CC) /Fo$(OBJ_D)\names.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\names.c
-
-$(OBJ_D)\e_cfb_3d.obj: $(SRC_D)\crypto\evp\e_cfb_3d.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_3d.c
-
-$(OBJ_D)\e_ofb_3d.obj: $(SRC_D)\crypto\evp\e_ofb_3d.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_3d.c
-
-$(OBJ_D)\e_xcbc_d.obj: $(SRC_D)\crypto\evp\e_xcbc_d.c
-	$(CC) /Fo$(OBJ_D)\e_xcbc_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_xcbc_d.c
-
-$(OBJ_D)\e_ecb_r2.obj: $(SRC_D)\crypto\evp\e_ecb_r2.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_r2.c
-
-$(OBJ_D)\e_cbc_r2.obj: $(SRC_D)\crypto\evp\e_cbc_r2.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_r2.c
-
-$(OBJ_D)\e_cfb_r2.obj: $(SRC_D)\crypto\evp\e_cfb_r2.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_r2.c
-
-$(OBJ_D)\e_ofb_r2.obj: $(SRC_D)\crypto\evp\e_ofb_r2.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_r2.c
-
-$(OBJ_D)\e_ecb_bf.obj: $(SRC_D)\crypto\evp\e_ecb_bf.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_bf.c
-
-$(OBJ_D)\e_cbc_bf.obj: $(SRC_D)\crypto\evp\e_cbc_bf.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_bf.c
-
-$(OBJ_D)\e_cfb_bf.obj: $(SRC_D)\crypto\evp\e_cfb_bf.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_bf.c
-
-$(OBJ_D)\e_ofb_bf.obj: $(SRC_D)\crypto\evp\e_ofb_bf.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_bf.c
-
-$(OBJ_D)\e_ecb_c.obj: $(SRC_D)\crypto\evp\e_ecb_c.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_c.c
-
-$(OBJ_D)\e_cbc_c.obj: $(SRC_D)\crypto\evp\e_cbc_c.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_c.c
-
-$(OBJ_D)\e_cfb_c.obj: $(SRC_D)\crypto\evp\e_cfb_c.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_c.c
-
-$(OBJ_D)\e_ofb_c.obj: $(SRC_D)\crypto\evp\e_ofb_c.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_c.c
-
-$(OBJ_D)\e_ecb_r5.obj: $(SRC_D)\crypto\evp\e_ecb_r5.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_r5.c
-
-$(OBJ_D)\e_cbc_r5.obj: $(SRC_D)\crypto\evp\e_cbc_r5.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_r5.c
-
-$(OBJ_D)\e_cfb_r5.obj: $(SRC_D)\crypto\evp\e_cfb_r5.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_r5.c
-
-$(OBJ_D)\e_ofb_r5.obj: $(SRC_D)\crypto\evp\e_ofb_r5.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_r5.c
-
-$(OBJ_D)\m_null.obj: $(SRC_D)\crypto\evp\m_null.c
-	$(CC) /Fo$(OBJ_D)\m_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_null.c
-
-$(OBJ_D)\m_md2.obj: $(SRC_D)\crypto\evp\m_md2.c
-	$(CC) /Fo$(OBJ_D)\m_md2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_md2.c
-
-$(OBJ_D)\m_md5.obj: $(SRC_D)\crypto\evp\m_md5.c
-	$(CC) /Fo$(OBJ_D)\m_md5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_md5.c
-
-$(OBJ_D)\m_sha.obj: $(SRC_D)\crypto\evp\m_sha.c
-	$(CC) /Fo$(OBJ_D)\m_sha.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_sha.c
-
-$(OBJ_D)\m_sha1.obj: $(SRC_D)\crypto\evp\m_sha1.c
-	$(CC) /Fo$(OBJ_D)\m_sha1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_sha1.c
-
-$(OBJ_D)\m_dss.obj: $(SRC_D)\crypto\evp\m_dss.c
-	$(CC) /Fo$(OBJ_D)\m_dss.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_dss.c
-
-$(OBJ_D)\m_dss1.obj: $(SRC_D)\crypto\evp\m_dss1.c
-	$(CC) /Fo$(OBJ_D)\m_dss1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_dss1.c
-
-$(OBJ_D)\m_mdc2.obj: $(SRC_D)\crypto\evp\m_mdc2.c
-	$(CC) /Fo$(OBJ_D)\m_mdc2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_mdc2.c
-
-$(OBJ_D)\m_ripemd.obj: $(SRC_D)\crypto\evp\m_ripemd.c
-	$(CC) /Fo$(OBJ_D)\m_ripemd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_ripemd.c
-
-$(OBJ_D)\p_open.obj: $(SRC_D)\crypto\evp\p_open.c
-	$(CC) /Fo$(OBJ_D)\p_open.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_open.c
-
-$(OBJ_D)\p_seal.obj: $(SRC_D)\crypto\evp\p_seal.c
-	$(CC) /Fo$(OBJ_D)\p_seal.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_seal.c
-
-$(OBJ_D)\p_sign.obj: $(SRC_D)\crypto\evp\p_sign.c
-	$(CC) /Fo$(OBJ_D)\p_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_sign.c
-
-$(OBJ_D)\p_verify.obj: $(SRC_D)\crypto\evp\p_verify.c
-	$(CC) /Fo$(OBJ_D)\p_verify.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_verify.c
-
-$(OBJ_D)\p_lib.obj: $(SRC_D)\crypto\evp\p_lib.c
-	$(CC) /Fo$(OBJ_D)\p_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_lib.c
-
-$(OBJ_D)\p_enc.obj: $(SRC_D)\crypto\evp\p_enc.c
-	$(CC) /Fo$(OBJ_D)\p_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_enc.c
-
-$(OBJ_D)\p_dec.obj: $(SRC_D)\crypto\evp\p_dec.c
-	$(CC) /Fo$(OBJ_D)\p_dec.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_dec.c
-
-$(OBJ_D)\bio_md.obj: $(SRC_D)\crypto\evp\bio_md.c
-	$(CC) /Fo$(OBJ_D)\bio_md.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_md.c
-
-$(OBJ_D)\bio_b64.obj: $(SRC_D)\crypto\evp\bio_b64.c
-	$(CC) /Fo$(OBJ_D)\bio_b64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_b64.c
-
-$(OBJ_D)\bio_enc.obj: $(SRC_D)\crypto\evp\bio_enc.c
-	$(CC) /Fo$(OBJ_D)\bio_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_enc.c
-
-$(OBJ_D)\evp_err.obj: $(SRC_D)\crypto\evp\evp_err.c
-	$(CC) /Fo$(OBJ_D)\evp_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_err.c
-
-$(OBJ_D)\e_null.obj: $(SRC_D)\crypto\evp\e_null.c
-	$(CC) /Fo$(OBJ_D)\e_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_null.c
-
-$(OBJ_D)\c_all.obj: $(SRC_D)\crypto\evp\c_all.c
-	$(CC) /Fo$(OBJ_D)\c_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\c_all.c
-
-$(OBJ_D)\evp_lib.obj: $(SRC_D)\crypto\evp\evp_lib.c
-	$(CC) /Fo$(OBJ_D)\evp_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_lib.c
-
-$(OBJ_D)\pem_sign.obj: $(SRC_D)\crypto\pem\pem_sign.c
-	$(CC) /Fo$(OBJ_D)\pem_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_sign.c
-
-$(OBJ_D)\pem_seal.obj: $(SRC_D)\crypto\pem\pem_seal.c
-	$(CC) /Fo$(OBJ_D)\pem_seal.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_seal.c
-
-$(OBJ_D)\pem_info.obj: $(SRC_D)\crypto\pem\pem_info.c
-	$(CC) /Fo$(OBJ_D)\pem_info.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_info.c
-
-$(OBJ_D)\pem_lib.obj: $(SRC_D)\crypto\pem\pem_lib.c
-	$(CC) /Fo$(OBJ_D)\pem_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_lib.c
-
-$(OBJ_D)\pem_all.obj: $(SRC_D)\crypto\pem\pem_all.c
-	$(CC) /Fo$(OBJ_D)\pem_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_all.c
-
-$(OBJ_D)\pem_err.obj: $(SRC_D)\crypto\pem\pem_err.c
-	$(CC) /Fo$(OBJ_D)\pem_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_err.c
-
-$(OBJ_D)\a_object.obj: $(SRC_D)\crypto\asn1\a_object.c
-	$(CC) /Fo$(OBJ_D)\a_object.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_object.c
-
-$(OBJ_D)\a_bitstr.obj: $(SRC_D)\crypto\asn1\a_bitstr.c
-	$(CC) /Fo$(OBJ_D)\a_bitstr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bitstr.c
-
-$(OBJ_D)\a_utctm.obj: $(SRC_D)\crypto\asn1\a_utctm.c
-	$(CC) /Fo$(OBJ_D)\a_utctm.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_utctm.c
-
-$(OBJ_D)\a_int.obj: $(SRC_D)\crypto\asn1\a_int.c
-	$(CC) /Fo$(OBJ_D)\a_int.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_int.c
-
-$(OBJ_D)\a_octet.obj: $(SRC_D)\crypto\asn1\a_octet.c
-	$(CC) /Fo$(OBJ_D)\a_octet.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_octet.c
-
-$(OBJ_D)\a_print.obj: $(SRC_D)\crypto\asn1\a_print.c
-	$(CC) /Fo$(OBJ_D)\a_print.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_print.c
-
-$(OBJ_D)\a_type.obj: $(SRC_D)\crypto\asn1\a_type.c
-	$(CC) /Fo$(OBJ_D)\a_type.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_type.c
-
-$(OBJ_D)\a_set.obj: $(SRC_D)\crypto\asn1\a_set.c
-	$(CC) /Fo$(OBJ_D)\a_set.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_set.c
-
-$(OBJ_D)\a_dup.obj: $(SRC_D)\crypto\asn1\a_dup.c
-	$(CC) /Fo$(OBJ_D)\a_dup.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_dup.c
-
-$(OBJ_D)\a_d2i_fp.obj: $(SRC_D)\crypto\asn1\a_d2i_fp.c
-	$(CC) /Fo$(OBJ_D)\a_d2i_fp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_d2i_fp.c
-
-$(OBJ_D)\a_i2d_fp.obj: $(SRC_D)\crypto\asn1\a_i2d_fp.c
-	$(CC) /Fo$(OBJ_D)\a_i2d_fp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_i2d_fp.c
-
-$(OBJ_D)\a_bmp.obj: $(SRC_D)\crypto\asn1\a_bmp.c
-	$(CC) /Fo$(OBJ_D)\a_bmp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bmp.c
-
-$(OBJ_D)\a_sign.obj: $(SRC_D)\crypto\asn1\a_sign.c
-	$(CC) /Fo$(OBJ_D)\a_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_sign.c
-
-$(OBJ_D)\a_digest.obj: $(SRC_D)\crypto\asn1\a_digest.c
-	$(CC) /Fo$(OBJ_D)\a_digest.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_digest.c
-
-$(OBJ_D)\a_verify.obj: $(SRC_D)\crypto\asn1\a_verify.c
-	$(CC) /Fo$(OBJ_D)\a_verify.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_verify.c
-
-$(OBJ_D)\x_algor.obj: $(SRC_D)\crypto\asn1\x_algor.c
-	$(CC) /Fo$(OBJ_D)\x_algor.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_algor.c
-
-$(OBJ_D)\x_val.obj: $(SRC_D)\crypto\asn1\x_val.c
-	$(CC) /Fo$(OBJ_D)\x_val.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_val.c
-
-$(OBJ_D)\x_pubkey.obj: $(SRC_D)\crypto\asn1\x_pubkey.c
-	$(CC) /Fo$(OBJ_D)\x_pubkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_pubkey.c
-
-$(OBJ_D)\x_sig.obj: $(SRC_D)\crypto\asn1\x_sig.c
-	$(CC) /Fo$(OBJ_D)\x_sig.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_sig.c
-
-$(OBJ_D)\x_req.obj: $(SRC_D)\crypto\asn1\x_req.c
-	$(CC) /Fo$(OBJ_D)\x_req.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_req.c
-
-$(OBJ_D)\x_attrib.obj: $(SRC_D)\crypto\asn1\x_attrib.c
-	$(CC) /Fo$(OBJ_D)\x_attrib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_attrib.c
-
-$(OBJ_D)\x_name.obj: $(SRC_D)\crypto\asn1\x_name.c
-	$(CC) /Fo$(OBJ_D)\x_name.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_name.c
-
-$(OBJ_D)\x_cinf.obj: $(SRC_D)\crypto\asn1\x_cinf.c
-	$(CC) /Fo$(OBJ_D)\x_cinf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_cinf.c
-
-$(OBJ_D)\x_x509.obj: $(SRC_D)\crypto\asn1\x_x509.c
-	$(CC) /Fo$(OBJ_D)\x_x509.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_x509.c
-
-$(OBJ_D)\x_crl.obj: $(SRC_D)\crypto\asn1\x_crl.c
-	$(CC) /Fo$(OBJ_D)\x_crl.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_crl.c
-
-$(OBJ_D)\x_info.obj: $(SRC_D)\crypto\asn1\x_info.c
-	$(CC) /Fo$(OBJ_D)\x_info.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_info.c
-
-$(OBJ_D)\x_spki.obj: $(SRC_D)\crypto\asn1\x_spki.c
-	$(CC) /Fo$(OBJ_D)\x_spki.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_spki.c
-
-$(OBJ_D)\d2i_r_pr.obj: $(SRC_D)\crypto\asn1\d2i_r_pr.c
-	$(CC) /Fo$(OBJ_D)\d2i_r_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_r_pr.c
-
-$(OBJ_D)\i2d_r_pr.obj: $(SRC_D)\crypto\asn1\i2d_r_pr.c
-	$(CC) /Fo$(OBJ_D)\i2d_r_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_r_pr.c
-
-$(OBJ_D)\d2i_r_pu.obj: $(SRC_D)\crypto\asn1\d2i_r_pu.c
-	$(CC) /Fo$(OBJ_D)\d2i_r_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_r_pu.c
-
-$(OBJ_D)\i2d_r_pu.obj: $(SRC_D)\crypto\asn1\i2d_r_pu.c
-	$(CC) /Fo$(OBJ_D)\i2d_r_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_r_pu.c
-
-$(OBJ_D)\d2i_s_pr.obj: $(SRC_D)\crypto\asn1\d2i_s_pr.c
-	$(CC) /Fo$(OBJ_D)\d2i_s_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_s_pr.c
-
-$(OBJ_D)\i2d_s_pr.obj: $(SRC_D)\crypto\asn1\i2d_s_pr.c
-	$(CC) /Fo$(OBJ_D)\i2d_s_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_s_pr.c
-
-$(OBJ_D)\d2i_s_pu.obj: $(SRC_D)\crypto\asn1\d2i_s_pu.c
-	$(CC) /Fo$(OBJ_D)\d2i_s_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_s_pu.c
-
-$(OBJ_D)\i2d_s_pu.obj: $(SRC_D)\crypto\asn1\i2d_s_pu.c
-	$(CC) /Fo$(OBJ_D)\i2d_s_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_s_pu.c
-
-$(OBJ_D)\d2i_pu.obj: $(SRC_D)\crypto\asn1\d2i_pu.c
-	$(CC) /Fo$(OBJ_D)\d2i_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_pu.c
-
-$(OBJ_D)\d2i_pr.obj: $(SRC_D)\crypto\asn1\d2i_pr.c
-	$(CC) /Fo$(OBJ_D)\d2i_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_pr.c
-
-$(OBJ_D)\i2d_pu.obj: $(SRC_D)\crypto\asn1\i2d_pu.c
-	$(CC) /Fo$(OBJ_D)\i2d_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_pu.c
-
-$(OBJ_D)\i2d_pr.obj: $(SRC_D)\crypto\asn1\i2d_pr.c
-	$(CC) /Fo$(OBJ_D)\i2d_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_pr.c
-
-$(OBJ_D)\t_req.obj: $(SRC_D)\crypto\asn1\t_req.c
-	$(CC) /Fo$(OBJ_D)\t_req.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_req.c
-
-$(OBJ_D)\t_x509.obj: $(SRC_D)\crypto\asn1\t_x509.c
-	$(CC) /Fo$(OBJ_D)\t_x509.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_x509.c
-
-$(OBJ_D)\t_pkey.obj: $(SRC_D)\crypto\asn1\t_pkey.c
-	$(CC) /Fo$(OBJ_D)\t_pkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_pkey.c
-
-$(OBJ_D)\p7_i_s.obj: $(SRC_D)\crypto\asn1\p7_i_s.c
-	$(CC) /Fo$(OBJ_D)\p7_i_s.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_i_s.c
-
-$(OBJ_D)\p7_signi.obj: $(SRC_D)\crypto\asn1\p7_signi.c
-	$(CC) /Fo$(OBJ_D)\p7_signi.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_signi.c
-
-$(OBJ_D)\p7_signd.obj: $(SRC_D)\crypto\asn1\p7_signd.c
-	$(CC) /Fo$(OBJ_D)\p7_signd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_signd.c
-
-$(OBJ_D)\p7_recip.obj: $(SRC_D)\crypto\asn1\p7_recip.c
-	$(CC) /Fo$(OBJ_D)\p7_recip.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_recip.c
-
-$(OBJ_D)\p7_enc_c.obj: $(SRC_D)\crypto\asn1\p7_enc_c.c
-	$(CC) /Fo$(OBJ_D)\p7_enc_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_enc_c.c
-
-$(OBJ_D)\p7_evp.obj: $(SRC_D)\crypto\asn1\p7_evp.c
-	$(CC) /Fo$(OBJ_D)\p7_evp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_evp.c
-
-$(OBJ_D)\p7_dgst.obj: $(SRC_D)\crypto\asn1\p7_dgst.c
-	$(CC) /Fo$(OBJ_D)\p7_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_dgst.c
-
-$(OBJ_D)\p7_s_e.obj: $(SRC_D)\crypto\asn1\p7_s_e.c
-	$(CC) /Fo$(OBJ_D)\p7_s_e.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_s_e.c
-
-$(OBJ_D)\p7_enc.obj: $(SRC_D)\crypto\asn1\p7_enc.c
-	$(CC) /Fo$(OBJ_D)\p7_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_enc.c
-
-$(OBJ_D)\p7_lib.obj: $(SRC_D)\crypto\asn1\p7_lib.c
-	$(CC) /Fo$(OBJ_D)\p7_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_lib.c
-
-$(OBJ_D)\f_int.obj: $(SRC_D)\crypto\asn1\f_int.c
-	$(CC) /Fo$(OBJ_D)\f_int.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\f_int.c
-
-$(OBJ_D)\f_string.obj: $(SRC_D)\crypto\asn1\f_string.c
-	$(CC) /Fo$(OBJ_D)\f_string.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\f_string.c
-
-$(OBJ_D)\i2d_dhp.obj: $(SRC_D)\crypto\asn1\i2d_dhp.c
-	$(CC) /Fo$(OBJ_D)\i2d_dhp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_dhp.c
-
-$(OBJ_D)\i2d_dsap.obj: $(SRC_D)\crypto\asn1\i2d_dsap.c
-	$(CC) /Fo$(OBJ_D)\i2d_dsap.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_dsap.c
-
-$(OBJ_D)\d2i_dhp.obj: $(SRC_D)\crypto\asn1\d2i_dhp.c
-	$(CC) /Fo$(OBJ_D)\d2i_dhp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_dhp.c
-
-$(OBJ_D)\d2i_dsap.obj: $(SRC_D)\crypto\asn1\d2i_dsap.c
-	$(CC) /Fo$(OBJ_D)\d2i_dsap.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_dsap.c
-
-$(OBJ_D)\n_pkey.obj: $(SRC_D)\crypto\asn1\n_pkey.c
-	$(CC) /Fo$(OBJ_D)\n_pkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\n_pkey.c
-
-$(OBJ_D)\a_hdr.obj: $(SRC_D)\crypto\asn1\a_hdr.c
-	$(CC) /Fo$(OBJ_D)\a_hdr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_hdr.c
-
-$(OBJ_D)\x_pkey.obj: $(SRC_D)\crypto\asn1\x_pkey.c
-	$(CC) /Fo$(OBJ_D)\x_pkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_pkey.c
-
-$(OBJ_D)\a_bool.obj: $(SRC_D)\crypto\asn1\a_bool.c
-	$(CC) /Fo$(OBJ_D)\a_bool.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bool.c
-
-$(OBJ_D)\x_exten.obj: $(SRC_D)\crypto\asn1\x_exten.c
-	$(CC) /Fo$(OBJ_D)\x_exten.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_exten.c
-
-$(OBJ_D)\asn1_par.obj: $(SRC_D)\crypto\asn1\asn1_par.c
-	$(CC) /Fo$(OBJ_D)\asn1_par.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_par.c
-
-$(OBJ_D)\asn1_lib.obj: $(SRC_D)\crypto\asn1\asn1_lib.c
-	$(CC) /Fo$(OBJ_D)\asn1_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_lib.c
-
-$(OBJ_D)\asn1_err.obj: $(SRC_D)\crypto\asn1\asn1_err.c
-	$(CC) /Fo$(OBJ_D)\asn1_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_err.c
-
-$(OBJ_D)\a_meth.obj: $(SRC_D)\crypto\asn1\a_meth.c
-	$(CC) /Fo$(OBJ_D)\a_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_meth.c
-
-$(OBJ_D)\a_bytes.obj: $(SRC_D)\crypto\asn1\a_bytes.c
-	$(CC) /Fo$(OBJ_D)\a_bytes.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bytes.c
-
-$(OBJ_D)\evp_asn1.obj: $(SRC_D)\crypto\asn1\evp_asn1.c
-	$(CC) /Fo$(OBJ_D)\evp_asn1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\evp_asn1.c
-
-$(OBJ_D)\x509_def.obj: $(SRC_D)\crypto\x509\x509_def.c
-	$(CC) /Fo$(OBJ_D)\x509_def.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_def.c
-
-$(OBJ_D)\x509_d2.obj: $(SRC_D)\crypto\x509\x509_d2.c
-	$(CC) /Fo$(OBJ_D)\x509_d2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_d2.c
-
-$(OBJ_D)\x509_r2x.obj: $(SRC_D)\crypto\x509\x509_r2x.c
-	$(CC) /Fo$(OBJ_D)\x509_r2x.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_r2x.c
-
-$(OBJ_D)\x509_cmp.obj: $(SRC_D)\crypto\x509\x509_cmp.c
-	$(CC) /Fo$(OBJ_D)\x509_cmp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_cmp.c
-
-$(OBJ_D)\x509_obj.obj: $(SRC_D)\crypto\x509\x509_obj.c
-	$(CC) /Fo$(OBJ_D)\x509_obj.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_obj.c
-
-$(OBJ_D)\x509_req.obj: $(SRC_D)\crypto\x509\x509_req.c
-	$(CC) /Fo$(OBJ_D)\x509_req.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_req.c
-
-$(OBJ_D)\x509_vfy.obj: $(SRC_D)\crypto\x509\x509_vfy.c
-	$(CC) /Fo$(OBJ_D)\x509_vfy.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_vfy.c
-
-$(OBJ_D)\x509_set.obj: $(SRC_D)\crypto\x509\x509_set.c
-	$(CC) /Fo$(OBJ_D)\x509_set.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_set.c
-
-$(OBJ_D)\x509rset.obj: $(SRC_D)\crypto\x509\x509rset.c
-	$(CC) /Fo$(OBJ_D)\x509rset.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509rset.c
-
-$(OBJ_D)\x509_err.obj: $(SRC_D)\crypto\x509\x509_err.c
-	$(CC) /Fo$(OBJ_D)\x509_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_err.c
-
-$(OBJ_D)\x509name.obj: $(SRC_D)\crypto\x509\x509name.c
-	$(CC) /Fo$(OBJ_D)\x509name.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509name.c
-
-$(OBJ_D)\x509_v3.obj: $(SRC_D)\crypto\x509\x509_v3.c
-	$(CC) /Fo$(OBJ_D)\x509_v3.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_v3.c
-
-$(OBJ_D)\x509_ext.obj: $(SRC_D)\crypto\x509\x509_ext.c
-	$(CC) /Fo$(OBJ_D)\x509_ext.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_ext.c
-
-$(OBJ_D)\x509pack.obj: $(SRC_D)\crypto\x509\x509pack.c
-	$(CC) /Fo$(OBJ_D)\x509pack.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509pack.c
-
-$(OBJ_D)\x509type.obj: $(SRC_D)\crypto\x509\x509type.c
-	$(CC) /Fo$(OBJ_D)\x509type.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509type.c
-
-$(OBJ_D)\x509_lu.obj: $(SRC_D)\crypto\x509\x509_lu.c
-	$(CC) /Fo$(OBJ_D)\x509_lu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_lu.c
-
-$(OBJ_D)\x_all.obj: $(SRC_D)\crypto\x509\x_all.c
-	$(CC) /Fo$(OBJ_D)\x_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x_all.c
-
-$(OBJ_D)\x509_txt.obj: $(SRC_D)\crypto\x509\x509_txt.c
-	$(CC) /Fo$(OBJ_D)\x509_txt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_txt.c
-
-$(OBJ_D)\by_file.obj: $(SRC_D)\crypto\x509\by_file.c
-	$(CC) /Fo$(OBJ_D)\by_file.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\by_file.c
-
-$(OBJ_D)\by_dir.obj: $(SRC_D)\crypto\x509\by_dir.c
-	$(CC) /Fo$(OBJ_D)\by_dir.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\by_dir.c
-
-$(OBJ_D)\v3_net.obj: $(SRC_D)\crypto\x509\v3_net.c
-	$(CC) /Fo$(OBJ_D)\v3_net.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\v3_net.c
-
-$(OBJ_D)\v3_x509.obj: $(SRC_D)\crypto\x509\v3_x509.c
-	$(CC) /Fo$(OBJ_D)\v3_x509.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\v3_x509.c
-
-$(OBJ_D)\conf.obj: $(SRC_D)\crypto\conf\conf.c
-	$(CC) /Fo$(OBJ_D)\conf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\conf\conf.c
-
-$(OBJ_D)\conf_err.obj: $(SRC_D)\crypto\conf\conf_err.c
-	$(CC) /Fo$(OBJ_D)\conf_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\conf\conf_err.c
-
-$(OBJ_D)\txt_db.obj: $(SRC_D)\crypto\txt_db\txt_db.c
-	$(CC) /Fo$(OBJ_D)\txt_db.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\txt_db\txt_db.c
-
-$(OBJ_D)\pk7_lib.obj: $(SRC_D)\crypto\pkcs7\pk7_lib.c
-	$(CC) /Fo$(OBJ_D)\pk7_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pk7_lib.c
-
-$(OBJ_D)\pkcs7err.obj: $(SRC_D)\crypto\pkcs7\pkcs7err.c
-	$(CC) /Fo$(OBJ_D)\pkcs7err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pkcs7err.c
-
-$(OBJ_D)\pk7_doit.obj: $(SRC_D)\crypto\pkcs7\pk7_doit.c
-	$(CC) /Fo$(OBJ_D)\pk7_doit.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pk7_doit.c
-
-$(OBJ_D)\proxy.obj: $(SRC_D)\crypto\proxy\proxy.c
-	$(CC) /Fo$(OBJ_D)\proxy.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\proxy\proxy.c
-
-$(OBJ_D)\pxy_txt.obj: $(SRC_D)\crypto\proxy\pxy_txt.c
-	$(CC) /Fo$(OBJ_D)\pxy_txt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\proxy\pxy_txt.c
-
-$(OBJ_D)\bf_proxy.obj: $(SRC_D)\crypto\proxy\bf_proxy.c
-	$(CC) /Fo$(OBJ_D)\bf_proxy.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\proxy\bf_proxy.c
-
-$(OBJ_D)\pxy_conf.obj: $(SRC_D)\crypto\proxy\pxy_conf.c
-	$(CC) /Fo$(OBJ_D)\pxy_conf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\proxy\pxy_conf.c
-
-$(OBJ_D)\pxy_err.obj: $(SRC_D)\crypto\proxy\pxy_err.c
-	$(CC) /Fo$(OBJ_D)\pxy_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\proxy\pxy_err.c
-
-$(OBJ_D)\comp_lib.obj: $(SRC_D)\crypto\comp\comp_lib.c
-	$(CC) /Fo$(OBJ_D)\comp_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\comp\comp_lib.c
-
-$(OBJ_D)\c_rle.obj: $(SRC_D)\crypto\comp\c_rle.c
-	$(CC) /Fo$(OBJ_D)\c_rle.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\comp\c_rle.c
-
-$(OBJ_D)\c_zlib.obj: $(SRC_D)\crypto\comp\c_zlib.c
-	$(CC) /Fo$(OBJ_D)\c_zlib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\comp\c_zlib.c
-
-$(OBJ_D)\s2_meth.obj: $(SRC_D)\ssl\s2_meth.c
-	$(CC) /Fo$(OBJ_D)\s2_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_meth.c
-
-$(OBJ_D)\s2_srvr.obj: $(SRC_D)\ssl\s2_srvr.c
-	$(CC) /Fo$(OBJ_D)\s2_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_srvr.c
-
-$(OBJ_D)\s2_clnt.obj: $(SRC_D)\ssl\s2_clnt.c
-	$(CC) /Fo$(OBJ_D)\s2_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_clnt.c
-
-$(OBJ_D)\s2_lib.obj: $(SRC_D)\ssl\s2_lib.c
-	$(CC) /Fo$(OBJ_D)\s2_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_lib.c
-
-$(OBJ_D)\s2_enc.obj: $(SRC_D)\ssl\s2_enc.c
-	$(CC) /Fo$(OBJ_D)\s2_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_enc.c
-
-$(OBJ_D)\s2_pkt.obj: $(SRC_D)\ssl\s2_pkt.c
-	$(CC) /Fo$(OBJ_D)\s2_pkt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_pkt.c
-
-$(OBJ_D)\s3_meth.obj: $(SRC_D)\ssl\s3_meth.c
-	$(CC) /Fo$(OBJ_D)\s3_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_meth.c
-
-$(OBJ_D)\s3_srvr.obj: $(SRC_D)\ssl\s3_srvr.c
-	$(CC) /Fo$(OBJ_D)\s3_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_srvr.c
-
-$(OBJ_D)\s3_clnt.obj: $(SRC_D)\ssl\s3_clnt.c
-	$(CC) /Fo$(OBJ_D)\s3_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_clnt.c
-
-$(OBJ_D)\s3_lib.obj: $(SRC_D)\ssl\s3_lib.c
-	$(CC) /Fo$(OBJ_D)\s3_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_lib.c
-
-$(OBJ_D)\s3_enc.obj: $(SRC_D)\ssl\s3_enc.c
-	$(CC) /Fo$(OBJ_D)\s3_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_enc.c
-
-$(OBJ_D)\s3_pkt.obj: $(SRC_D)\ssl\s3_pkt.c
-	$(CC) /Fo$(OBJ_D)\s3_pkt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_pkt.c
-
-$(OBJ_D)\s3_both.obj: $(SRC_D)\ssl\s3_both.c
-	$(CC) /Fo$(OBJ_D)\s3_both.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_both.c
-
-$(OBJ_D)\s23_meth.obj: $(SRC_D)\ssl\s23_meth.c
-	$(CC) /Fo$(OBJ_D)\s23_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_meth.c
-
-$(OBJ_D)\s23_srvr.obj: $(SRC_D)\ssl\s23_srvr.c
-	$(CC) /Fo$(OBJ_D)\s23_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_srvr.c
-
-$(OBJ_D)\s23_clnt.obj: $(SRC_D)\ssl\s23_clnt.c
-	$(CC) /Fo$(OBJ_D)\s23_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_clnt.c
-
-$(OBJ_D)\s23_lib.obj: $(SRC_D)\ssl\s23_lib.c
-	$(CC) /Fo$(OBJ_D)\s23_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_lib.c
-
-$(OBJ_D)\s23_pkt.obj: $(SRC_D)\ssl\s23_pkt.c
-	$(CC) /Fo$(OBJ_D)\s23_pkt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_pkt.c
-
-$(OBJ_D)\t1_meth.obj: $(SRC_D)\ssl\t1_meth.c
-	$(CC) /Fo$(OBJ_D)\t1_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_meth.c
-
-$(OBJ_D)\t1_srvr.obj: $(SRC_D)\ssl\t1_srvr.c
-	$(CC) /Fo$(OBJ_D)\t1_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_srvr.c
-
-$(OBJ_D)\t1_clnt.obj: $(SRC_D)\ssl\t1_clnt.c
-	$(CC) /Fo$(OBJ_D)\t1_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_clnt.c
-
-$(OBJ_D)\t1_lib.obj: $(SRC_D)\ssl\t1_lib.c
-	$(CC) /Fo$(OBJ_D)\t1_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_lib.c
-
-$(OBJ_D)\t1_enc.obj: $(SRC_D)\ssl\t1_enc.c
-	$(CC) /Fo$(OBJ_D)\t1_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_enc.c
-
-$(OBJ_D)\ssl_lib.obj: $(SRC_D)\ssl\ssl_lib.c
-	$(CC) /Fo$(OBJ_D)\ssl_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_lib.c
-
-$(OBJ_D)\ssl_err2.obj: $(SRC_D)\ssl\ssl_err2.c
-	$(CC) /Fo$(OBJ_D)\ssl_err2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err2.c
-
-$(OBJ_D)\ssl_cert.obj: $(SRC_D)\ssl\ssl_cert.c
-	$(CC) /Fo$(OBJ_D)\ssl_cert.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_cert.c
-
-$(OBJ_D)\ssl_sess.obj: $(SRC_D)\ssl\ssl_sess.c
-	$(CC) /Fo$(OBJ_D)\ssl_sess.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_sess.c
-
-$(OBJ_D)\ssl_ciph.obj: $(SRC_D)\ssl\ssl_ciph.c
-	$(CC) /Fo$(OBJ_D)\ssl_ciph.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_ciph.c
-
-$(OBJ_D)\ssl_stat.obj: $(SRC_D)\ssl\ssl_stat.c
-	$(CC) /Fo$(OBJ_D)\ssl_stat.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_stat.c
-
-$(OBJ_D)\ssl_rsa.obj: $(SRC_D)\ssl\ssl_rsa.c
-	$(CC) /Fo$(OBJ_D)\ssl_rsa.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_rsa.c
-
-$(OBJ_D)\ssl_asn1.obj: $(SRC_D)\ssl\ssl_asn1.c
-	$(CC) /Fo$(OBJ_D)\ssl_asn1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_asn1.c
-
-$(OBJ_D)\ssl_txt.obj: $(SRC_D)\ssl\ssl_txt.c
-	$(CC) /Fo$(OBJ_D)\ssl_txt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_txt.c
-
-$(OBJ_D)\ssl_algs.obj: $(SRC_D)\ssl\ssl_algs.c
-	$(CC) /Fo$(OBJ_D)\ssl_algs.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_algs.c
-
-$(OBJ_D)\bio_ssl.obj: $(SRC_D)\ssl\bio_ssl.c
-	$(CC) /Fo$(OBJ_D)\bio_ssl.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\bio_ssl.c
-
-$(OBJ_D)\pxy_ssl.obj: $(SRC_D)\ssl\pxy_ssl.c
-	$(CC) /Fo$(OBJ_D)\pxy_ssl.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\pxy_ssl.c
-
-$(OBJ_D)\ssl_err.obj: $(SRC_D)\ssl\ssl_err.c
-	$(CC) /Fo$(OBJ_D)\ssl_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err.c
-
-$(OBJ_D)\rsaref.obj: $(SRC_D)\rsaref\rsaref.c
-	$(CC) /Fo$(OBJ_D)\rsaref.obj  $(LIB_CFLAGS) -c $(SRC_D)\rsaref\rsaref.c
-
-$(OBJ_D)\rsar_err.obj: $(SRC_D)\rsaref\rsar_err.c
-	$(CC) /Fo$(OBJ_D)\rsar_err.obj  $(LIB_CFLAGS) -c $(SRC_D)\rsaref\rsar_err.c
-
-$(TEST_D)\md2test.exe: $(OBJ_D)\md2test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\md2test.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\md2test.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\md5test.exe: $(OBJ_D)\md5test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\md5test.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\md5test.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\shatest.exe: $(OBJ_D)\shatest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\shatest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\shatest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\sha1test.exe: $(OBJ_D)\sha1test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\sha1test.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\sha1test.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\mdc2test.exe: $(OBJ_D)\mdc2test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\mdc2test.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\mdc2test.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\hmactest.exe: $(OBJ_D)\hmactest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\hmactest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\hmactest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\rmdtest.exe: $(OBJ_D)\rmdtest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\rmdtest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\rmdtest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\destest.exe: $(OBJ_D)\destest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\destest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\destest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\rc2test.exe: $(OBJ_D)\rc2test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\rc2test.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\rc2test.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\rc4test.exe: $(OBJ_D)\rc4test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\rc4test.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\rc4test.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\rc5test.exe: $(OBJ_D)\rc5test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\rc5test.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\rc5test.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\ideatest.exe: $(OBJ_D)\ideatest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\ideatest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\ideatest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\bftest.exe: $(OBJ_D)\bftest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\bftest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\bftest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\casttest.exe: $(OBJ_D)\casttest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\casttest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\casttest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\bntest.exe: $(OBJ_D)\bntest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\bntest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\bntest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\exptest.exe: $(OBJ_D)\exptest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\exptest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\exptest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\dsatest.exe: $(OBJ_D)\dsatest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\dsatest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\dsatest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\dhtest.exe: $(OBJ_D)\dhtest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\dhtest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\dhtest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\randtest.exe: $(OBJ_D)\randtest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\randtest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\randtest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(TEST_D)\ssltest.exe: $(OBJ_D)\ssltest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(TEST_D)\ssltest.exe @<<
-  $(APP_EX_OBJ) $(OBJ_D)\ssltest.obj $(L_LIBS) $(EX_LIBS)
-<<
-
-$(O_SSL): $(SSLOBJ)
-	$(LINK) $(MLFLAGS) /out:$(O_SSL) /def:ms/SSLEAY32.def @<<
-  $(SHLIB_EX_OBJ) $(SSLOBJ)  $(L_CRYPTO) wsock32.lib gdi32.lib
-<<
-
-$(O_RSAGLUE): $(RSAGLUEOBJ)
-	$(MKLIB) /out:$(O_RSAGLUE) @<<
-  $(RSAGLUEOBJ)
-<<
-
-$(O_CRYPTO): $(CRYPTOOBJ)
-	$(LINK) $(MLFLAGS) /out:$(O_CRYPTO) /def:ms/LIBEAY32.def @<<
-  $(SHLIB_EX_OBJ) $(CRYPTOOBJ)  wsock32.lib gdi32.lib
-<<
-
-$(BIN_D)\$(E_EXE).exe: $(E_OBJ) $(LIBS_DEP)
-  $(LINK) $(LFLAGS) /out:$(BIN_D)\$(E_EXE).exe @<<
-  $(APP_EX_OBJ) $(E_OBJ) $(L_LIBS) $(EX_LIBS)
-<<
-
diff --git a/ms/ssleay16.def b/ms/ssleay16.def
deleted file mode 100644
index 0a0c6927bb..0000000000
--- a/ms/ssleay16.def
+++ /dev/null
@@ -1,173 +0,0 @@
-;
-; Definition file for the DDL version of the SSLEAY16 library from SSLeay
-;
-
-LIBRARY         SSLEAY16
-
-DESCRIPTION     'SSLeay SSLEAY16 - eay@cryptsoft.com'
-
-CODE            PRELOAD MOVEABLE
-DATA            PRELOAD MOVEABLE SINGLE
-
-EXETYPE		WINDOWS
-
-HEAPSIZE	4096
-STACKSIZE	8192
-
-EXPORTS
-    _SSLeay_add_ssl_algorithms          @109
-    _BIO_f_ssl                          @121
-    _BIO_new_buffer_ssl_connect         @173
-    _BIO_new_ssl                        @122
-    _BIO_new_ssl_connect                @174
-    _BIO_proxy_ssl_copy_session_id      @123
-    _BIO_ssl_copy_session_id            @124
-    _BIO_ssl_shutdown                   @131
-    _ERR_load_SSL_strings               @1
-    _SSL_CIPHER_description             @2
-    _SSL_CIPHER_get_bits                @128
-    _SSL_CIPHER_get_name                @130
-    _SSL_CIPHER_get_version             @129
-    _SSL_CTX_add_client_CA              @3
-    _SSL_CTX_add_session                @4
-    _SSL_CTX_check_private_key          @5
-    _SSL_CTX_ctrl                       @6
-    _SSL_CTX_flush_sessions             @7
-    _SSL_CTX_free                       @8
-    _SSL_CTX_get_client_CA_list         @9
-    _SSL_CTX_get_ex_data                @138
-    _SSL_CTX_get_ex_new_index           @167
-    _SSL_CTX_get_quiet_shutdown         @140
-    _SSL_CTX_get_verify_callback        @10
-    _SSL_CTX_get_verify_mode            @11
-    _SSL_CTX_load_verify_locations      @141
-    _SSL_CTX_new                        @12
-    _SSL_CTX_remove_session             @13
-    _SSL_CTX_set_cert_verify_cb         @14
-    _SSL_CTX_set_cipher_list            @15
-    _SSL_CTX_set_client_CA_list         @16
-    _SSL_CTX_set_default_passwd_cb      @17
-    _SSL_CTX_set_default_verify_paths   @142
-    _SSL_CTX_set_ex_data                @143
-    _SSL_CTX_set_quiet_shutdown         @145
-    _SSL_CTX_set_ssl_version            @19
-    _SSL_CTX_set_verify                 @21
-    _SSL_CTX_use_PrivateKey             @22
-    _SSL_CTX_use_PrivateKey_ASN1        @23
-    _SSL_CTX_use_PrivateKey_file        @24
-    _SSL_CTX_use_RSAPrivateKey          @25
-    _SSL_CTX_use_RSAPrivateKey_ASN1     @26
-    _SSL_CTX_use_RSAPrivateKey_file     @27
-    _SSL_CTX_use_certificate            @28
-    _SSL_CTX_use_certificate_ASN1       @29
-    _SSL_CTX_use_certificate_file       @30
-    _SSL_SESSION_cmp                    @132
-    _SSL_SESSION_free                   @31
-    _SSL_SESSION_get_ex_data            @146
-    _SSL_SESSION_get_ex_new_index       @168
-    _SSL_SESSION_get_time               @134
-    _SSL_SESSION_get_timeout            @136
-    _SSL_SESSION_hash                   @133
-    _SSL_SESSION_new                    @32
-    _SSL_SESSION_print                  @33
-    _SSL_SESSION_set_ex_data            @148
-    _SSL_SESSION_set_time               @135
-    _SSL_SESSION_set_timeout            @137
-    _SSL_accept                         @35
-    _SSL_add_client_CA                  @36
-    _SSL_alert_desc_string              @37
-    _SSL_alert_desc_string_long         @38
-    _SSL_alert_type_string              @39
-    _SSL_alert_type_string_long         @40
-    _SSL_check_private_key              @41
-    _SSL_clear                          @42
-    _SSL_connect                        @43
-    _SSL_copy_session_id                @44
-    _SSL_ctrl                           @45
-    _SSL_do_handshake                   @125
-    _SSL_dup                            @46
-    _SSL_dup_CA_list                    @47
-    _SSL_free                           @48
-    _SSL_get_SSL_CTX                    @150
-    _SSL_get_certificate                @49
-    _SSL_get_cipher_list                @52
-    _SSL_get_ciphers                    @55
-    _SSL_get_client_CA_list             @56
-    _SSL_get_current_cipher             @127
-    _SSL_get_default_timeout            @57
-    _SSL_get_error                      @58
-    _SSL_get_ex_data                    @151
-    _SSL_get_ex_data_X509_STORE_CTX_idx @175
-    _SSL_get_ex_new_index               @169
-    _SSL_get_fd                         @59
-    _SSL_get_info_callback              @165
-    _SSL_get_peer_cert_chain            @60
-    _SSL_get_peer_certificate           @61
-    _SSL_get_privatekey                 @126
-    _SSL_get_quiet_shutdown             @153
-    _SSL_get_rbio                       @63
-    _SSL_get_read_ahead                 @64
-    _SSL_get_session                    @154
-    _SSL_get_shared_ciphers             @65
-    _SSL_get_shutdown                   @155
-    _SSL_get_ssl_method                 @66
-    _SSL_get_verify_mode                @70
-    _SSL_get_verify_result              @157
-    _SSL_get_version                    @71
-    _SSL_get_wbio                       @72
-    _SSL_load_client_CA_file            @73
-    _SSL_load_error_strings             @74
-    _SSL_new                            @75
-    _SSL_peek                           @76
-    _SSL_pending                        @77
-    _SSL_read                           @78
-    _SSL_renegotiate                    @79
-    _SSL_rstate_string                  @80
-    _SSL_rstate_string_long             @81
-    _SSL_set_accept_state               @82
-    _SSL_set_bio                        @83
-    _SSL_set_cipher_list                @84
-    _SSL_set_client_CA_list             @85
-    _SSL_set_connect_state              @86
-    _SSL_set_ex_data                    @158
-    _SSL_set_fd                         @87
-    _SSL_set_info_callback              @160
-    _SSL_set_quiet_shutdown             @161
-    _SSL_set_read_ahead                 @88
-    _SSL_set_rfd                        @89
-    _SSL_set_session                    @90
-    _SSL_set_shutdown                   @162
-    _SSL_set_ssl_method                 @91
-    _SSL_set_verify                     @94
-    _SSL_set_verify_result              @163
-    _SSL_set_wfd                        @95
-    _SSL_shutdown                       @96
-    _SSL_state                          @166
-    _SSL_state_string                   @97
-    _SSL_state_string_long              @98
-    _SSL_use_PrivateKey                 @99
-    _SSL_use_PrivateKey_ASN1            @100
-    _SSL_use_PrivateKey_file            @101
-    _SSL_use_RSAPrivateKey              @102
-    _SSL_use_RSAPrivateKey_ASN1         @103
-    _SSL_use_RSAPrivateKey_file         @104
-    _SSL_use_certificate                @105
-    _SSL_use_certificate_ASN1           @106
-    _SSL_use_certificate_file           @107
-    _SSL_version                        @164
-    _SSL_write                          @108
-    _SSLv23_client_method               @110
-    _SSLv23_method                      @111
-    _SSLv23_server_method               @112
-    _SSLv2_client_method                @113
-    _SSLv2_method                       @114
-    _SSLv2_server_method                @115
-    _SSLv3_client_method                @116
-    _SSLv3_method                       @117
-    _SSLv3_server_method                @118
-    _TLSv1_client_method                @172
-    _TLSv1_method                       @170
-    _TLSv1_server_method                @171
-    _d2i_SSL_SESSION                    @119
-    _i2d_SSL_SESSION                    @120
-
diff --git a/ms/ssleay32.def b/ms/ssleay32.def
deleted file mode 100644
index 5897967dd4..0000000000
--- a/ms/ssleay32.def
+++ /dev/null
@@ -1,166 +0,0 @@
-;
-; Definition file for the DDL version of the SSLEAY32 library from SSLeay
-;
-
-LIBRARY         SSLEAY32
-
-DESCRIPTION     'SSLeay SSLEAY32 - eay@cryptsoft.com'
-
-EXPORTS
-    SSLeay_add_ssl_algorithms          @109
-    BIO_f_ssl                          @121
-    BIO_new_buffer_ssl_connect         @173
-    BIO_new_ssl                        @122
-    BIO_new_ssl_connect                @174
-    BIO_proxy_ssl_copy_session_id      @123
-    BIO_ssl_copy_session_id            @124
-    BIO_ssl_shutdown                   @131
-    ERR_load_SSL_strings               @1
-    SSL_CIPHER_description             @2
-    SSL_CIPHER_get_bits                @128
-    SSL_CIPHER_get_name                @130
-    SSL_CIPHER_get_version             @129
-    SSL_CTX_add_client_CA              @3
-    SSL_CTX_add_session                @4
-    SSL_CTX_check_private_key          @5
-    SSL_CTX_ctrl                       @6
-    SSL_CTX_flush_sessions             @7
-    SSL_CTX_free                       @8
-    SSL_CTX_get_client_CA_list         @9
-    SSL_CTX_get_ex_data                @138
-    SSL_CTX_get_ex_new_index           @167
-    SSL_CTX_get_quiet_shutdown         @140
-    SSL_CTX_get_verify_callback        @10
-    SSL_CTX_get_verify_mode            @11
-    SSL_CTX_load_verify_locations      @141
-    SSL_CTX_new                        @12
-    SSL_CTX_remove_session             @13
-    SSL_CTX_set_cert_verify_cb         @14
-    SSL_CTX_set_cipher_list            @15
-    SSL_CTX_set_client_CA_list         @16
-    SSL_CTX_set_default_passwd_cb      @17
-    SSL_CTX_set_default_verify_paths   @142
-    SSL_CTX_set_ex_data                @143
-    SSL_CTX_set_quiet_shutdown         @145
-    SSL_CTX_set_ssl_version            @19
-    SSL_CTX_set_verify                 @21
-    SSL_CTX_use_PrivateKey             @22
-    SSL_CTX_use_PrivateKey_ASN1        @23
-    SSL_CTX_use_PrivateKey_file        @24
-    SSL_CTX_use_RSAPrivateKey          @25
-    SSL_CTX_use_RSAPrivateKey_ASN1     @26
-    SSL_CTX_use_RSAPrivateKey_file     @27
-    SSL_CTX_use_certificate            @28
-    SSL_CTX_use_certificate_ASN1       @29
-    SSL_CTX_use_certificate_file       @30
-    SSL_SESSION_cmp                    @132
-    SSL_SESSION_free                   @31
-    SSL_SESSION_get_ex_data            @146
-    SSL_SESSION_get_ex_new_index       @168
-    SSL_SESSION_get_time               @134
-    SSL_SESSION_get_timeout            @136
-    SSL_SESSION_hash                   @133
-    SSL_SESSION_new                    @32
-    SSL_SESSION_print                  @33
-    SSL_SESSION_print_fp               @34
-    SSL_SESSION_set_ex_data            @148
-    SSL_SESSION_set_time               @135
-    SSL_SESSION_set_timeout            @137
-    SSL_accept                         @35
-    SSL_add_client_CA                  @36
-    SSL_alert_desc_string              @37
-    SSL_alert_desc_string_long         @38
-    SSL_alert_type_string              @39
-    SSL_alert_type_string_long         @40
-    SSL_check_private_key              @41
-    SSL_clear                          @42
-    SSL_connect                        @43
-    SSL_copy_session_id                @44
-    SSL_ctrl                           @45
-    SSL_do_handshake                   @125
-    SSL_dup                            @46
-    SSL_dup_CA_list                    @47
-    SSL_free                           @48
-    SSL_get_SSL_CTX                    @150
-    SSL_get_certificate                @49
-    SSL_get_cipher_list                @52
-    SSL_get_ciphers                    @55
-    SSL_get_client_CA_list             @56
-    SSL_get_current_cipher             @127
-    SSL_get_default_timeout            @57
-    SSL_get_error                      @58
-    SSL_get_ex_data                    @151
-    SSL_get_ex_data_X509_STORE_CTX_idx @175
-    SSL_get_ex_new_index               @169
-    SSL_get_fd                         @59
-    SSL_get_info_callback              @165
-    SSL_get_peer_cert_chain            @60
-    SSL_get_peer_certificate           @61
-    SSL_get_privatekey                 @126
-    SSL_get_quiet_shutdown             @153
-    SSL_get_rbio                       @63
-    SSL_get_read_ahead                 @64
-    SSL_get_session                    @154
-    SSL_get_shared_ciphers             @65
-    SSL_get_shutdown                   @155
-    SSL_get_ssl_method                 @66
-    SSL_get_verify_mode                @70
-    SSL_get_verify_result              @157
-    SSL_get_version                    @71
-    SSL_get_wbio                       @72
-    SSL_load_client_CA_file            @73
-    SSL_load_error_strings             @74
-    SSL_new                            @75
-    SSL_peek                           @76
-    SSL_pending                        @77
-    SSL_read                           @78
-    SSL_renegotiate                    @79
-    SSL_rstate_string                  @80
-    SSL_rstate_string_long             @81
-    SSL_set_accept_state               @82
-    SSL_set_bio                        @83
-    SSL_set_cipher_list                @84
-    SSL_set_client_CA_list             @85
-    SSL_set_connect_state              @86
-    SSL_set_ex_data                    @158
-    SSL_set_fd                         @87
-    SSL_set_info_callback              @160
-    SSL_set_quiet_shutdown             @161
-    SSL_set_read_ahead                 @88
-    SSL_set_rfd                        @89
-    SSL_set_session                    @90
-    SSL_set_shutdown                   @162
-    SSL_set_ssl_method                 @91
-    SSL_set_verify                     @94
-    SSL_set_verify_result              @163
-    SSL_set_wfd                        @95
-    SSL_shutdown                       @96
-    SSL_state                          @166
-    SSL_state_string                   @97
-    SSL_state_string_long              @98
-    SSL_use_PrivateKey                 @99
-    SSL_use_PrivateKey_ASN1            @100
-    SSL_use_PrivateKey_file            @101
-    SSL_use_RSAPrivateKey              @102
-    SSL_use_RSAPrivateKey_ASN1         @103
-    SSL_use_RSAPrivateKey_file         @104
-    SSL_use_certificate                @105
-    SSL_use_certificate_ASN1           @106
-    SSL_use_certificate_file           @107
-    SSL_version                        @164
-    SSL_write                          @108
-    SSLv23_client_method               @110
-    SSLv23_method                      @111
-    SSLv23_server_method               @112
-    SSLv2_client_method                @113
-    SSLv2_method                       @114
-    SSLv2_server_method                @115
-    SSLv3_client_method                @116
-    SSLv3_method                       @117
-    SSLv3_server_method                @118
-    TLSv1_client_method                @172
-    TLSv1_method                       @170
-    TLSv1_server_method                @171
-    d2i_SSL_SESSION                    @119
-    i2d_SSL_SESSION                    @120
-
diff --git a/ms/tenc.bat b/ms/tenc.bat
index a4fa7f3652..466fdfccbf 100755
--- a/ms/tenc.bat
+++ b/ms/tenc.bat
@@ -1,14 +1,14 @@
-rem called by testenc
-
-echo test %1 %2 %3 %4 %5 %6 
-%ssleay% %1 %2 %3 %4 %5 %6 -e -bufsize 113 -k test -in %input% -out %tmp1%
-%ssleay% %1 %2 %3 %4 %5 %6 -d -bufsize 157 -k test -in %tmp1% -out %out1%
-%cmp% %input% %out1%
-if errorlevel 1 goto err
-
-echo test base64 %1 %2 %3 %4 %5 %6 
-%ssleay% %1 %2 %3 %4 %5 %6 -a -e -bufsize 113 -k test -in %input% -out %tmp1%
-%ssleay% %1 %2 %3 %4 %5 %6 -a -d -bufsize 157 -k test -in %tmp1% -out %out1%
-%cmp% %input% %out1%
-
-:err
+rem called by testenc

+

+echo test %1 %2 %3 %4 %5 %6 

+%ssleay% %1 %2 %3 %4 %5 %6 -e -bufsize 113 -k test -in %input% -out %tmp1%

+%ssleay% %1 %2 %3 %4 %5 %6 -d -bufsize 157 -k test -in %tmp1% -out %out1%

+%cmp% %input% %out1%

+if errorlevel 1 goto err

+

+echo test base64 %1 %2 %3 %4 %5 %6 

+%ssleay% %1 %2 %3 %4 %5 %6 -a -e -bufsize 113 -k test -in %input% -out %tmp1%

+%ssleay% %1 %2 %3 %4 %5 %6 -a -d -bufsize 157 -k test -in %tmp1% -out %out1%

+%cmp% %input% %out1%

+

+:err

diff --git a/ms/tencce.bat b/ms/tencce.bat
new file mode 100644
index 0000000000..6a944d7671
--- /dev/null
+++ b/ms/tencce.bat
@@ -0,0 +1,19 @@
+rem called by testencce

+

+echo test %1 %2 %3 %4 %5 %6 

+cecopy %input% CE:\OpenSSL

+cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -e -bufsize 113 -k test -in \OpenSSL\%input% -out \OpenSSL\%tmp1%

+cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -d -bufsize 157 -k test -in \OpenSSL\%tmp1% -out \OpenSSL\%out1%

+del %out1% >nul 2>&1

+cecopy CE:\OpenSSL\%out1% .

+%cmp% %input% %out1%

+if errorlevel 1 goto err

+

+echo test base64 %1 %2 %3 %4 %5 %6 

+cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -a -e -bufsize 113 -k test -in \OpenSSL\%input% -out \OpenSSL\%tmp1%

+cerun CE:\OpenSSL\%ssleay% %1 %2 %3 %4 %5 %6 -a -d -bufsize 157 -k test -in \OpenSSL\%tmp1% -out \OpenSSL\%out1%

+del %out1% >nul 2>&1

+cecopy CE:\OpenSSL\%out1% .

+%cmp% %input% %out1%

+

+:err

diff --git a/ms/test.bat b/ms/test.bat
index 277602c56f..8f69194283 100755
--- a/ms/test.bat
+++ b/ms/test.bat
@@ -1,11 +1,16 @@
-@echo=off

+@echo off

 

-set test=p:\work\ssleay\ms

+set test=..\ms

 set opath=%PATH%

-PATH=%1;%PATH%

+PATH=..\ms;%PATH%

+set OPENSSL_CONF=..\apps\openssl.cnf

 

 rem run this from inside the bin directory

 

+echo rsa_test

+rsa_test

+if errorlevel 1 goto done

+

 echo destest

 destest

 if errorlevel 1 goto done

@@ -63,19 +68,19 @@ dsatest
 if errorlevel 1 goto done

 

 echo testenc

-call %test%\testenc ssleay

+call %test%\testenc openssl

 if errorlevel 1 goto done

 

 echo testpem

-call %test%\testpem ssleay

+call %test%\testpem openssl

 if errorlevel 1 goto done

 

 echo verify

 copy ..\certs\*.pem cert.tmp >nul

-ssleay verify -CAfile cert.tmp ..\certs\*.pem

+openssl verify -CAfile cert.tmp ..\certs\*.pem

 

 echo testss

-call %test%\testss ssleay

+call %test%\testss openssl

 if errorlevel 1 goto done

 

 echo test sslv2

@@ -86,7 +91,7 @@ echo test sslv2 with server authentication
 ssltest -ssl2 -server_auth -CAfile cert.tmp

 if errorlevel 1 goto done

 

-echo test sslv2 with client authentication 

+echo test sslv2 with client authentication

 ssltest -ssl2 -client_auth -CAfile cert.tmp

 if errorlevel 1 goto done

 

@@ -102,7 +107,7 @@ echo test sslv3 with server authentication
 ssltest -ssl3 -server_auth -CAfile cert.tmp

 if errorlevel 1 goto done

 

-echo test sslv3 with client authentication 

+echo test sslv3 with client authentication

 ssltest -ssl3 -client_auth -CAfile cert.tmp

 if errorlevel 1 goto done

 

@@ -118,7 +123,7 @@ echo test sslv2/sslv3 with server authentication
 ssltest -server_auth -CAfile cert.tmp

 if errorlevel 1 goto done

 

-echo test sslv2/sslv3 with client authentication 

+echo test sslv2/sslv3 with client authentication

 ssltest -client_auth -CAfile cert.tmp

 if errorlevel 1 goto done

 

@@ -126,6 +131,57 @@ echo test sslv2/sslv3 with both client and server authentication
 ssltest -server_auth -client_auth -CAfile cert.tmp

 if errorlevel 1 goto done

 

+echo test sslv2 via BIO pair

+ssltest -bio_pair -ssl2

+if errorlevel 1 goto done

+

+echo test sslv2/sslv3 with 1024 bit DHE via BIO pair

+ssltest -bio_pair -dhe1024dsa -v

+if errorlevel 1 goto done

+

+echo test sslv2 with server authentication via BIO pair

+ssltest -bio_pair -ssl2 -server_auth -CAfile cert.tmp

+if errorlevel 1 goto done

+

+echo test sslv2 with client authentication via BIO pair

+ssltest -bio_pair -ssl2 -client_auth -CAfile cert.tmp

+if errorlevel 1 goto done

+

+echo test sslv2 with both client and server authentication via BIO pair

+ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile cert.tmp

+if errorlevel 1 goto done

+

+echo test sslv3 via BIO pair

+ssltest -bio_pair -ssl3

+if errorlevel 1 goto done

+

+echo test sslv3 with server authentication via BIO pair

+ssltest -bio_pair -ssl3 -server_auth -CAfile cert.tmp

+if errorlevel 1 goto done

+

+echo test sslv3 with client authentication  via BIO pair

+ssltest -bio_pair -ssl3 -client_auth -CAfile cert.tmp

+if errorlevel 1 goto done

+

+echo test sslv3 with both client and server authentication via BIO pair

+ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile cert.tmp

+if errorlevel 1 goto done

+

+echo test sslv2/sslv3 via BIO pair

+ssltest

+if errorlevel 1 goto done

+

+echo test sslv2/sslv3 with server authentication

+ssltest -bio_pair -server_auth -CAfile cert.tmp

+if errorlevel 1 goto done

+

+echo test sslv2/sslv3 with client authentication via BIO pair

+ssltest -bio_pair -client_auth -CAfile cert.tmp

+if errorlevel 1 goto done

+

+echo test sslv2/sslv3 with both client and server authentication via BIO pair

+ssltest -bio_pair -server_auth -client_auth -CAfile cert.tmp

+if errorlevel 1 goto done

 

 del cert.tmp

 

diff --git a/ms/testce.bat b/ms/testce.bat
new file mode 100644
index 0000000000..2ab010be6a
--- /dev/null
+++ b/ms/testce.bat
@@ -0,0 +1,234 @@
+@echo off
+
+cemkdir CE:\OpenSSL
+
+set test=..\ms
+set opath=%PATH%
+PATH=..\ms;%PATH%
+cecopy ..\apps\openssl.cnf CE:\OpenSSL
+set OPENSSL_CONF=\OpenSSL\openssl.cnf
+set HOME=\OpenSSL
+set CERUN_PASS_ENV=OPENSSL_CONF HOME
+
+rem run this from inside the bin directory
+
+rem Copy the DLL's (though they'll only exist if we're in out32dll)
+if exist libeay32.dll cecopy libeay32.dll CE:\OpenSSL
+if exist ssleay32.dll cecopy ssleay32.dll CE:\OpenSSL
+
+echo rsa_test
+call %test%\testce2 rsa_test
+if errorlevel 1 goto done
+
+echo destest
+call %test%\testce2 destest
+if errorlevel 1 goto done
+
+echo ideatest
+call %test%\testce2 ideatest
+if errorlevel 1 goto done
+
+echo bftest
+call %test%\testce2 bftest
+if errorlevel 1 goto done
+
+echo shatest
+call %test%\testce2 shatest
+if errorlevel 1 goto done
+
+echo sha1test
+call %test%\testce2 sha1test
+if errorlevel 1 goto done
+
+echo md5test
+call %test%\testce2 md5test
+if errorlevel 1 goto done
+
+echo md2test
+call %test%\testce2 md2test
+if errorlevel 1 goto done
+
+echo mdc2test
+call %test%\testce2 mdc2test
+if errorlevel 1 goto done
+
+echo rc2test
+call %test%\testce2 rc2test
+if errorlevel 1 goto done
+
+echo rc4test
+call %test%\testce2 rc4test
+if errorlevel 1 goto done
+
+echo randtest
+call %test%\testce2 randtest
+if errorlevel 1 goto done
+
+echo dhtest
+call %test%\testce2 dhtest
+if errorlevel 1 goto done
+
+echo exptest
+call %test%\testce2 exptest
+if errorlevel 1 goto done
+
+echo dsatest
+call %test%\testce2 dsatest
+if errorlevel 1 goto done
+
+echo testenc
+call %test%\testencce openssl.exe
+if errorlevel 1 goto done
+
+echo testpem
+call %test%\testpemce openssl.exe
+if errorlevel 1 goto done
+
+cecopy openssl.exe CE:\OpenSSL
+
+echo verify
+copy ..\certs\*.pem cert.tmp >nul
+cecopy cert.tmp CE:\OpenSSL
+cemkdir CE:\OpenSSL\certs
+rem cecopy ..\certs\*.pem CE:\OpenSSL\certs
+cecopy ..\certs\ca-cert.pem CE:\OpenSSL\certs
+cecopy ..\certs\dsa-ca.pem CE:\OpenSSL\certs
+cecopy ..\certs\dsa-pca.pem CE:\OpenSSL\certs
+cecopy ..\certs\factory.pem CE:\OpenSSL\certs
+cecopy ..\certs\ICE-CA.pem CE:\OpenSSL\certs
+cecopy ..\certs\ICE-root.pem CE:\OpenSSL\certs
+cecopy ..\certs\ICE-user.pem CE:\OpenSSL\certs
+cecopy ..\certs\nortelCA.pem CE:\OpenSSL\certs
+cecopy ..\certs\pca-cert.pem CE:\OpenSSL\certs
+cecopy ..\certs\RegTP-4R.pem CE:\OpenSSL\certs
+cecopy ..\certs\RegTP-5R.pem CE:\OpenSSL\certs
+cecopy ..\certs\RegTP-6R.pem CE:\OpenSSL\certs
+cecopy ..\certs\rsa-cca.pem CE:\OpenSSL\certs
+cecopy ..\certs\thawteCb.pem CE:\OpenSSL\certs
+cecopy ..\certs\thawteCp.pem CE:\OpenSSL\certs
+cecopy ..\certs\timCA.pem CE:\OpenSSL\certs
+cecopy ..\certs\tjhCA.pem CE:\OpenSSL\certs
+cecopy ..\certs\vsign1.pem CE:\OpenSSL\certs
+cecopy ..\certs\vsign2.pem CE:\OpenSSL\certs
+cecopy ..\certs\vsign3.pem CE:\OpenSSL\certs
+cecopy ..\certs\vsignss.pem CE:\OpenSSL\certs
+cecopy ..\certs\vsigntca.pem CE:\OpenSSL\certs
+cerun CE:\OpenSSL\openssl verify -CAfile \OpenSSL\cert.tmp \OpenSSL\certs\*.pem
+
+echo testss
+call %test%\testssce openssl.exe
+if errorlevel 1 goto done
+
+cecopy ssltest.exe CE:\OpenSSL
+cecopy ..\apps\server.pem CE:\OpenSSL
+cecopy ..\apps\client.pem CE:\OpenSSL
+
+echo test sslv2
+cerun CE:\OpenSSL\ssltest -ssl2
+if errorlevel 1 goto done
+
+echo test sslv2 with server authentication
+cerun CE:\OpenSSL\ssltest -ssl2 -server_auth -CAfile \OpenSSL\cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv2 with client authentication
+cerun CE:\OpenSSL\ssltest -ssl2 -client_auth -CAfile \OpenSSL\cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv2 with both client and server authentication
+cerun CE:\OpenSSL\ssltest -ssl2 -server_auth -client_auth -CAfile \OpenSSL\cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv3
+cerun CE:\OpenSSL\ssltest -ssl3
+if errorlevel 1 goto done
+
+echo test sslv3 with server authentication
+cerun CE:\OpenSSL\ssltest -ssl3 -server_auth -CAfile \OpenSSL\cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv3 with client authentication
+cerun CE:\OpenSSL\ssltest -ssl3 -client_auth -CAfile \OpenSSL\cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv3 with both client and server authentication
+cerun CE:\OpenSSL\ssltest -ssl3 -server_auth -client_auth -CAfile \OpenSSL\cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv2/sslv3
+cerun CE:\OpenSSL\ssltest
+if errorlevel 1 goto done
+
+echo test sslv2/sslv3 with server authentication
+cerun CE:\OpenSSL\ssltest -server_auth -CAfile \OpenSSL\cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv2/sslv3 with client authentication
+cerun CE:\OpenSSL\ssltest -client_auth -CAfile \OpenSSL\cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv2/sslv3 with both client and server authentication
+cerun CE:\OpenSSL\ssltest -server_auth -client_auth -CAfile \OpenSSL\cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv2 via BIO pair
+cerun CE:\OpenSSL\ssltest -bio_pair -ssl2
+if errorlevel 1 goto done
+
+echo test sslv2/sslv3 with 1024 bit DHE via BIO pair
+cerun CE:\OpenSSL\ssltest -bio_pair -dhe1024dsa -v
+if errorlevel 1 goto done
+
+echo test sslv2 with server authentication via BIO pair
+cerun CE:\OpenSSL\ssltest -bio_pair -ssl2 -server_auth -CAfile \OpenSSL\cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv2 with client authentication via BIO pair
+cerun CE:\OpenSSL\ssltest -bio_pair -ssl2 -client_auth -CAfile \OpenSSL\cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv2 with both client and server authentication via BIO pair
+cerun CE:\OpenSSL\ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile \OpenSSL\cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv3 via BIO pair
+cerun CE:\OpenSSL\ssltest -bio_pair -ssl3
+if errorlevel 1 goto done
+
+echo test sslv3 with server authentication via BIO pair
+cerun CE:\OpenSSL\ssltest -bio_pair -ssl3 -server_auth -CAfile \OpenSSL\cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv3 with client authentication  via BIO pair
+cerun CE:\OpenSSL\ssltest -bio_pair -ssl3 -client_auth -CAfile \OpenSSL\cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv3 with both client and server authentication via BIO pair
+cerun CE:\OpenSSL\ssltest -bio_pair -ssl3 -server_auth -client_auth -CAfile \OpenSSL\cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv2/sslv3 via BIO pair
+cerun CE:\OpenSSL\ssltest
+if errorlevel 1 goto done
+
+echo test sslv2/sslv3 with server authentication
+cerun CE:\OpenSSL\ssltest -bio_pair -server_auth -CAfile \OpenSSL\cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv2/sslv3 with client authentication via BIO pair
+cerun CE:\OpenSSL\ssltest -bio_pair -client_auth -CAfile \OpenSSL\cert.tmp
+if errorlevel 1 goto done
+
+echo test sslv2/sslv3 with both client and server authentication via BIO pair
+cerun CE:\OpenSSL\ssltest -bio_pair -server_auth -client_auth -CAfile \OpenSSL\cert.tmp
+if errorlevel 1 goto done
+
+del cert.tmp
+
+echo passed all tests
+goto end
+:done
+echo problems.....
+:end
+PATH=%opath%
+
diff --git a/ms/testce2.bat b/ms/testce2.bat
new file mode 100644
index 0000000000..24265b948f
--- /dev/null
+++ b/ms/testce2.bat
@@ -0,0 +1,2 @@
+cecopy %1.exe CE:\OpenSSL
+cerun CE:\OpenSSL\%1 %2 %3 %4 %5 %6 %7 %8 %9
diff --git a/ms/testenc.bat b/ms/testenc.bat
index a33fbd5ed6..4b99bd5895 100755
--- a/ms/testenc.bat
+++ b/ms/testenc.bat
@@ -1,11 +1,12 @@
-

+@echo off

 echo start testenc

-path=p:\work\ssleay\ms;%path%

+

+path=..\ms;%path%

 set ssleay=%1%

-set input=p:\work\ssleay\ms\testenc.bat

-set tmp1=p:\work\ssleay\ms\cipher.out

-set out1=p:\work\ssleay\ms\clear.out

-set cmp=perl p:\work\ssleay\ms\cmp.pl

+set input=..\ms\testenc.bat

+set tmp1=..\ms\cipher.out

+set out1=..\ms\clear.out

+set cmp=perl ..\ms\cmp.pl

 

 cd

 call tenc.bat enc

diff --git a/ms/testencce.bat b/ms/testencce.bat
new file mode 100644
index 0000000000..04faa5d99b
--- /dev/null
+++ b/ms/testencce.bat
@@ -0,0 +1,97 @@
+@echo off

+echo start testenc

+

+path=..\ms;%path%

+set ssleay=%1%

+copy ..\ms\testenc.bat >nul

+set input=testenc.bat

+set tmp1=cipher.out

+set out1=clear.out

+set cmp=perl ..\ms\cmp.pl

+

+cecopy %ssleay% CE:\OpenSSL

+

+cd

+call tencce.bat enc

+if errorlevel 1 goto err

+

+call tencce.bat rc4

+if errorlevel 1 goto err

+

+call tencce.bat des-cfb

+if errorlevel 1 goto err

+

+call tencce.bat des-ede-cfb

+if errorlevel 1 goto err

+

+call tencce.bat des-ede3-cfb

+if errorlevel 1 goto err

+

+call tencce.bat des-ofb

+if errorlevel 1 goto err

+

+call tencce.bat des-ede-ofb

+if errorlevel 1 goto err

+

+call tencce.bat des-ede3-ofb

+if errorlevel 1 goto err

+

+call tencce.bat des-ecb

+if errorlevel 1 goto err

+

+call tencce.bat des-ede

+if errorlevel 1 goto err

+

+call tencce.bat des-ede3

+if errorlevel 1 goto err

+

+call tencce.bat des-cbc

+if errorlevel 1 goto err

+

+call tencce.bat des-ede-cbc

+if errorlevel 1 goto err

+

+call tencce.bat des-ede3-cbc

+if errorlevel 1 goto err

+

+call tencce.bat idea-ecb

+if errorlevel 1 goto err

+

+call tencce.bat idea-cfb

+if errorlevel 1 goto err

+

+call tencce.bat idea-ofb

+if errorlevel 1 goto err

+

+call tencce.bat idea-cbc

+if errorlevel 1 goto err

+

+call tencce.bat rc2-ecb

+if errorlevel 1 goto err

+

+call tencce.bat rc2-cfb

+if errorlevel 1 goto err

+

+call tencce.bat rc2-ofb

+if errorlevel 1 goto err

+

+call tencce.bat rc2-cbc

+if errorlevel 1 goto err

+

+call tencce.bat bf-ecb

+if errorlevel 1 goto err

+

+call tencce.bat bf-cfb

+if errorlevel 1 goto err

+

+call tencce.bat bf-ofb

+if errorlevel 1 goto err

+

+call tencce.bat bf-cbc

+if errorlevel 1 goto err

+

+echo OK

+del %out1% >nul 2>&1

+del %tmp1% >nul 2>&1

+:err

+

diff --git a/ms/testpem.bat b/ms/testpem.bat
index 8f6cdd4d04..005f13b67e 100755
--- a/ms/testpem.bat
+++ b/ms/testpem.bat
@@ -1,36 +1,32 @@
-echo=off
-set ssleay=%1%
-set tmp1=pem.out
-set cmp=perl ..\ms\cmp.pl
-
-call tpem.bat crl ..\test\testcrl.pem
-if errorlevel 1 goto err
-
-call tpem.bat pkcs7 ..\test\testp7.pem
-if errorlevel 1 goto err
-
-call tpem.bat req ..\test\testreq.pem
-if errorlevel 1 goto err
-
-call tpem.bat req ..\test\testreq2.pem
-if errorlevel 1 goto err
-
-call tpem.bat rsa ..\test\testrsa.pem
-if errorlevel 1 goto err
-
-call tpem.bat x509 ..\test\testx509.pem
-if errorlevel 1 goto err
-
-call tpem.bat x509 ..\test\v3-cert1.pem
-if errorlevel 1 goto err
-
-call tpem.bat x509 ..\test\v3-cert1.pem
-if errorlevel 1 goto err
-
-call tpem.bat sess_id ..\test\testsid.pem
-if errorlevel 1 goto err
-
-echo OK
-del %tmp1%
-:err
-
+@echo off

+set ssleay=%1%

+set tmp1=pem.out

+set cmp=fc.exe

+

+call tpem.bat crl ..\test\testcrl.pem

+if errorlevel 1 goto err

+

+call tpem.bat pkcs7 ..\test\testp7.pem

+if errorlevel 1 goto err

+

+call tpem.bat req ..\test\testreq2.pem

+if errorlevel 1 goto err

+

+call tpem.bat rsa ..\test\testrsa.pem

+if errorlevel 1 goto err

+

+call tpem.bat x509 ..\test\testx509.pem

+if errorlevel 1 goto err

+

+call tpem.bat x509 ..\test\v3-cert1.pem

+if errorlevel 1 goto err

+

+call tpem.bat x509 ..\test\v3-cert1.pem

+if errorlevel 1 goto err

+

+call tpem.bat sess_id ..\test\testsid.pem

+if errorlevel 1 goto err

+

+echo OK

+del %tmp1%

+:err

diff --git a/ms/testpemce.bat b/ms/testpemce.bat
new file mode 100644
index 0000000000..c793c3e514
--- /dev/null
+++ b/ms/testpemce.bat
@@ -0,0 +1,42 @@
+@echo off

+set ssleay=%1%

+set tmp1=pem.out

+set cmp=fc.exe

+

+cecopy %ssleay% CE:\OpenSSL

+

+copy ..\test\testcrl.pem >nul

+call tpemce.bat crl testcrl.pem

+if errorlevel 1 goto err

+

+copy ..\test\testp7.pem >nul

+call tpemce.bat pkcs7 testp7.pem

+if errorlevel 1 goto err

+

+copy ..\test\testreq2.pem >nul

+call tpemce.bat req testreq2.pem

+if errorlevel 1 goto err

+

+copy ..\test\testrsa.pem >nul

+call tpemce.bat rsa testrsa.pem

+if errorlevel 1 goto err

+

+copy ..\test\testx509.pem >nul

+call tpemce.bat x509 testx509.pem

+if errorlevel 1 goto err

+

+copy ..\test\v3-cert1.pem >nul

+call tpemce.bat x509 v3-cert1.pem

+if errorlevel 1 goto err

+

+copy ..\test\v3-cert1.pem >nul

+call tpemce.bat x509 v3-cert1.pem

+if errorlevel 1 goto err

+

+copy ..\test\testsid.pem >nul

+call tpemce.bat sess_id testsid.pem

+if errorlevel 1 goto err

+

+echo OK

+del %tmp1% >nul 2>&1

+:err

diff --git a/ms/testss.bat b/ms/testss.bat
index 9a3bf428ce..f7e58e2756 100755
--- a/ms/testss.bat
+++ b/ms/testss.bat
@@ -1,98 +1,98 @@
-echo=off
-
-rem set ssleay=..\out\ssleay
-set ssleay=%1
-
-set reqcmd=%ssleay% req
-set x509cmd=%ssleay% x509
-set verifycmd=%ssleay% verify
-
-set CAkey=keyCA.ss
-set CAcert=certCA.ss
-set CAserial=certCA.srl
-set CAreq=reqCA.ss
-set CAconf=..\test\CAss.cnf
-set CAreq2=req2CA.ss	
-
-set Uconf=..\test\Uss.cnf
-set Ukey=keyU.ss
-set Ureq=reqU.ss
-set Ucert=certU.ss
-
-echo make a certificate request using 'req'
-%reqcmd% -config %CAconf% -out %CAreq% -keyout %CAkey% -new
-if errorlevel 1 goto err_req
-
-echo convert the certificate request into a self signed certificate using 'x509'
-%x509cmd% -CAcreateserial -in %CAreq% -days 30 -req -out %CAcert% -signkey %CAkey% >err.ss
-if errorlevel 1 goto err_x509
-
-echo --
-echo convert a certificate into a certificate request using 'x509'
-%x509cmd% -in %CAcert% -x509toreq -signkey %CAkey% -out %CAreq2% >err.ss
-if errorlevel 1 goto err_x509_2
-
-%reqcmd% -verify -in %CAreq% -noout
-if errorlevel 1 goto err_verify_1
-
-%reqcmd% -verify -in %CAreq2% -noout
-if errorlevel 1 goto err_verify_2
-
-%verifycmd% -CAfile %CAcert% %CAcert%
-if errorlevel 1 goto err_verify_3
-
-echo --
-echo make another certificate request using 'req'
-%reqcmd% -config %Uconf% -out %Ureq% -keyout %Ukey% -new >err.ss
-if errorlevel 1 goto err_req_gen
-
-echo --
-echo sign certificate request with the just created CA via 'x509'
-%x509cmd% -CAcreateserial -in %Ureq% -days 30 -req -out %Ucert% -CA %CAcert% -CAkey %CAkey% -CAserial %CAserial%
-if errorlevel 1 goto err_x509_sign
-
-%verifycmd% -CAfile %CAcert% %Ucert%
-echo --
-echo Certificate details
-%x509cmd% -subject -issuer -startdate -enddate -noout -in %Ucert%
-
-echo Everything appeared to work
-echo --
-echo The generated CA certificate is %CAcert%
-echo The generated CA private key is %CAkey%
-echo The current CA signing serial number is in %CAserial%
-
-echo The generated user certificate is %Ucert%
-echo The generated user private key is %Ukey%
-echo --
-
-del err.ss
-
-goto end
-
-:err_req
-echo error using 'req' to generate a certificate request
-goto end
-:err_x509
-echo error using 'x509' to self sign a certificate request
-goto end
-:err_x509_2
-echo error using 'x509' convert a certificate to a certificate request
-goto end
-:err_verify_1
-echo first generated request is invalid
-goto end
-:err_verify_2
-echo second generated request is invalid
-goto end
-:err_verify_3
-echo first generated cert is invalid
-goto end
-:err_req_gen
-echo error using 'req' to generate a certificate request
-goto end
-:err_x509_sign
-echo error using 'x509' to sign a certificate request
-goto end
-
-:end
+@echo off

+

+rem set ssleay=..\out\ssleay

+set ssleay=%1

+

+set reqcmd=%ssleay% req

+set x509cmd=%ssleay% x509

+set verifycmd=%ssleay% verify

+

+set CAkey=keyCA.ss

+set CAcert=certCA.ss

+set CAserial=certCA.srl

+set CAreq=reqCA.ss

+set CAconf=..\test\CAss.cnf

+set CAreq2=req2CA.ss	

+

+set Uconf=..\test\Uss.cnf

+set Ukey=keyU.ss

+set Ureq=reqU.ss

+set Ucert=certU.ss

+

+echo make a certificate request using 'req'

+%reqcmd% -config %CAconf% -out %CAreq% -keyout %CAkey% -new

+if errorlevel 1 goto e_req

+

+echo convert the certificate request into a self signed certificate using 'x509'

+%x509cmd% -CAcreateserial -in %CAreq% -days 30 -req -out %CAcert% -signkey %CAkey% >err.ss

+if errorlevel 1 goto e_x509

+

+echo --

+echo convert a certificate into a certificate request using 'x509'

+%x509cmd% -in %CAcert% -x509toreq -signkey %CAkey% -out %CAreq2% >err.ss

+if errorlevel 1 goto e_x509_2

+

+%reqcmd% -verify -in %CAreq% -noout

+if errorlevel 1 goto e_vrfy_1

+

+%reqcmd% -verify -in %CAreq2% -noout

+if errorlevel 1 goto e_vrfy_2

+

+%verifycmd% -CAfile %CAcert% %CAcert%

+if errorlevel 1 goto e_vrfy_3

+

+echo --

+echo make another certificate request using 'req'

+%reqcmd% -config %Uconf% -out %Ureq% -keyout %Ukey% -new >err.ss

+if errorlevel 1 goto e_req_gen

+

+echo --

+echo sign certificate request with the just created CA via 'x509'

+%x509cmd% -CAcreateserial -in %Ureq% -days 30 -req -out %Ucert% -CA %CAcert% -CAkey %CAkey% -CAserial %CAserial%

+if errorlevel 1 goto e_x_sign

+

+%verifycmd% -CAfile %CAcert% %Ucert%

+echo --

+echo Certificate details

+%x509cmd% -subject -issuer -startdate -enddate -noout -in %Ucert%

+

+echo Everything appeared to work

+echo --

+echo The generated CA certificate is %CAcert%

+echo The generated CA private key is %CAkey%

+echo The current CA signing serial number is in %CAserial%

+

+echo The generated user certificate is %Ucert%

+echo The generated user private key is %Ukey%

+echo --

+

+del err.ss

+

+goto end

+

+:e_req

+echo error using 'req' to generate a certificate request

+goto end

+:e_x509

+echo error using 'x509' to self sign a certificate request

+goto end

+:e_x509_2

+echo error using 'x509' convert a certificate to a certificate request

+goto end

+:e_vrfy_1

+echo first generated request is invalid

+goto end

+:e_vrfy_2

+echo second generated request is invalid

+goto end

+:e_vrfy_3

+echo first generated cert is invalid

+goto end

+:e_req_gen

+echo error using 'req' to generate a certificate request

+goto end

+:e_x_sign

+echo error using 'x509' to sign a certificate request

+goto end

+

+:end

diff --git a/ms/testssce.bat b/ms/testssce.bat
new file mode 100644
index 0000000000..dbb25abdb0
--- /dev/null
+++ b/ms/testssce.bat
@@ -0,0 +1,104 @@
+rem set ssleay=..\out\ssleay

+set ssleay=%1

+

+set reqcmd=%ssleay% req

+set x509cmd=%ssleay% x509

+set verifycmd=%ssleay% verify

+

+set CAkey=\OpenSSL\keyCA.ss

+set CAcert=\OpenSSL\certCA.ss

+set CAserial=\OpenSSL\certCA.srl

+set CAreq=\OpenSSL\reqCA.ss

+cecopy ..\test\CAss.cnf CE:\OpenSSL

+set CAconf=\OpenSSL\CAss.cnf

+set CAreq2=\OpenSSL\req2CA.ss	

+

+cecopy ..\test\Uss.cnf CE:\OpenSSL

+set Uconf=\OpenSSL\Uss.cnf

+set Ukey=\OpenSSL\keyU.ss

+set Ureq=\OpenSSL\reqU.ss

+set Ucert=\OpenSSL\certU.ss

+

+echo make a certificate request using 'req'

+cerun CE:\OpenSSL\%reqcmd% -config %CAconf% -out %CAreq% -keyout %CAkey% -new

+if errorlevel 1 goto e_req

+

+echo convert the certificate request into a self signed certificate using 'x509'

+cerun CE:\OpenSSL\%x509cmd% -CAcreateserial -in %CAreq% -days 30 -req -out %CAcert% -signkey %CAkey% "> \OpenSSL\err.ss"

+if errorlevel 1 goto e_x509

+

+echo --

+echo convert a certificate into a certificate request using 'x509'

+cerun CE:\OpenSSL\%x509cmd% -in %CAcert% -x509toreq -signkey %CAkey% -out %CAreq2% "> \OpenSSL\err.ss"

+if errorlevel 1 goto e_x509_2

+

+cerun CE:\OpenSSL\%reqcmd% -verify -in %CAreq% -noout

+if errorlevel 1 goto e_vrfy_1

+

+cerun CE:\OpenSSL\%reqcmd% -verify -in %CAreq2% -noout

+if errorlevel 1 goto e_vrfy_2

+

+cerun CE:\OpenSSL\%verifycmd% -CAfile %CAcert% %CAcert%

+if errorlevel 1 goto e_vrfy_3

+

+echo --

+echo make another certificate request using 'req'

+cerun CE:\OpenSSL\%reqcmd% -config %Uconf% -out %Ureq% -keyout %Ukey% -new "> \OpenSSL\err.ss"

+if errorlevel 1 goto e_req_gen

+

+echo --

+echo sign certificate request with the just created CA via 'x509'

+cerun CE:\OpenSSL\%x509cmd% -CAcreateserial -in %Ureq% -days 30 -req -out %Ucert% -CA %CAcert% -CAkey %CAkey% -CAserial %CAserial%

+if errorlevel 1 goto e_x_sign

+

+cerun CE:\OpenSSL\%verifycmd% -CAfile %CAcert% %Ucert%

+echo --

+echo Certificate details

+cerun CE:\OpenSSL\%x509cmd% -subject -issuer -startdate -enddate -noout -in %Ucert%

+

+cecopy CE:%CAcert% .

+cecopy CE:%CAkey% .

+cecopy CE:%CAserial% .

+cecopy CE:%Ucert% .

+cecopy CE:%Ukey% .

+

+echo Everything appeared to work

+echo --

+echo The generated CA certificate is %CAcert%

+echo The generated CA private key is %CAkey%

+echo The current CA signing serial number is in %CAserial%

+

+echo The generated user certificate is %Ucert%

+echo The generated user private key is %Ukey%

+echo --

+

+cedel CE:\OpenSSL\err.ss

+

+goto end

+

+:e_req

+echo error using 'req' to generate a certificate request

+goto end

+:e_x509

+echo error using 'x509' to self sign a certificate request

+goto end

+:e_x509_2

+echo error using 'x509' convert a certificate to a certificate request

+goto end

+:e_vrfy_1

+echo first generated request is invalid

+goto end

+:e_vrfy_2

+echo second generated request is invalid

+goto end

+:e_vrfy_3

+echo first generated cert is invalid

+goto end

+:e_req_gen

+echo error using 'req' to generate a certificate request

+goto end

+:e_x_sign

+echo error using 'x509' to sign a certificate request

+goto end

+

+:end

diff --git a/ms/tlhelp32.h b/ms/tlhelp32.h
new file mode 100644
index 0000000000..8f4222e34f
--- /dev/null
+++ b/ms/tlhelp32.h
@@ -0,0 +1,136 @@
+/*
+	tlhelp32.h - Include file for Tool help functions.
+
+	Written by Mumit Khan <khan@nanotech.wisc.edu>
+
+	This file is part of a free library for the Win32 API. 
+
+	This library is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+*/
+#ifndef _TLHELP32_H
+#define _TLHELP32_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+#define HF32_DEFAULT	1
+#define HF32_SHARED	2
+#define LF32_FIXED	0x1
+#define LF32_FREE	0x2
+#define LF32_MOVEABLE	0x4
+#define MAX_MODULE_NAME32	255
+#define TH32CS_SNAPHEAPLIST	0x1
+#define TH32CS_SNAPPROCESS	0x2
+#define TH32CS_SNAPTHREAD	0x4
+#define TH32CS_SNAPMODULE	0x8
+#define TH32CS_SNAPALL	(TH32CS_SNAPHEAPLIST|TH32CS_SNAPPROCESS|TH32CS_SNAPTHREAD|TH32CS_SNAPMODULE)
+#define TH32CS_INHERIT	0x80000000
+typedef struct tagHEAPLIST32 {
+	DWORD dwSize;
+	DWORD th32ProcessID;
+	DWORD th32HeapID;
+	DWORD dwFlags;
+} HEAPLIST32,*PHEAPLIST32,*LPHEAPLIST32;
+typedef struct tagHEAPENTRY32 {
+	DWORD dwSize;
+	HANDLE hHandle;
+	DWORD dwAddress;
+	DWORD dwBlockSize;
+	DWORD dwFlags;
+	DWORD dwLockCount;
+	DWORD dwResvd;
+	DWORD th32ProcessID;
+	DWORD th32HeapID;
+} HEAPENTRY32,*PHEAPENTRY32,*LPHEAPENTRY32;
+typedef struct tagPROCESSENTRY32W {
+	DWORD dwSize;
+	DWORD cntUsage;
+	DWORD th32ProcessID;
+	DWORD th32DefaultHeapID;
+	DWORD th32ModuleID;
+	DWORD cntThreads;
+	DWORD th32ParentProcessID;
+	LONG pcPriClassBase;
+	DWORD dwFlags;
+	WCHAR szExeFile[MAX_PATH];
+} PROCESSENTRY32W,*PPROCESSENTRY32W,*LPPROCESSENTRY32W;
+typedef struct tagPROCESSENTRY32 {
+	DWORD dwSize;
+	DWORD cntUsage;
+	DWORD th32ProcessID;
+	DWORD th32DefaultHeapID;
+	DWORD th32ModuleID;
+	DWORD cntThreads;
+	DWORD th32ParentProcessID;
+	LONG pcPriClassBase;
+	DWORD dwFlags;
+	CHAR  szExeFile[MAX_PATH];
+} PROCESSENTRY32,*PPROCESSENTRY32,*LPPROCESSENTRY32;
+typedef struct tagTHREADENTRY32 {
+	DWORD dwSize;
+	DWORD cntUsage;
+	DWORD th32ThreadID;
+	DWORD th32OwnerProcessID;
+	LONG tpBasePri;
+	LONG tpDeltaPri;
+	DWORD dwFlags;
+} THREADENTRY32,*PTHREADENTRY32,*LPTHREADENTRY32;
+typedef struct tagMODULEENTRY32W {
+	DWORD dwSize;
+	DWORD th32ModuleID;
+	DWORD th32ProcessID;
+	DWORD GlblcntUsage;
+	DWORD ProccntUsage;
+	BYTE *modBaseAddr;
+	DWORD modBaseSize;
+	HMODULE hModule; 
+	WCHAR szModule[MAX_MODULE_NAME32 + 1];
+	WCHAR szExePath[MAX_PATH];
+} MODULEENTRY32W,*PMODULEENTRY32W,*LPMODULEENTRY32W;
+typedef struct tagMODULEENTRY32 {
+	DWORD dwSize;
+	DWORD th32ModuleID;
+	DWORD th32ProcessID;
+	DWORD GlblcntUsage;
+	DWORD ProccntUsage;
+	BYTE *modBaseAddr;
+	DWORD modBaseSize;
+	HMODULE hModule;
+	char szModule[MAX_MODULE_NAME32 + 1];
+	char szExePath[MAX_PATH];
+} MODULEENTRY32,*PMODULEENTRY32,*LPMODULEENTRY32;
+BOOL WINAPI Heap32First(LPHEAPENTRY32,DWORD,DWORD);
+BOOL WINAPI Heap32ListFirst(HANDLE,LPHEAPLIST32);
+BOOL WINAPI Heap32ListNext(HANDLE,LPHEAPLIST32);
+BOOL WINAPI Heap32Next(LPHEAPENTRY32);
+BOOL WINAPI Module32First(HANDLE,LPMODULEENTRY32);
+BOOL WINAPI Module32FirstW(HANDLE,LPMODULEENTRY32W);
+BOOL WINAPI Module32Next(HANDLE,LPMODULEENTRY32);
+BOOL WINAPI Module32NextW(HANDLE,LPMODULEENTRY32W);
+BOOL WINAPI Process32First(HANDLE,LPPROCESSENTRY32);
+BOOL WINAPI Process32FirstW(HANDLE,LPPROCESSENTRY32W);
+BOOL WINAPI Process32Next(HANDLE,LPPROCESSENTRY32);
+BOOL WINAPI Process32NextW(HANDLE,LPPROCESSENTRY32W);
+BOOL WINAPI Thread32First(HANDLE,LPTHREADENTRY32);
+BOOL WINAPI Thread32Next(HANDLE,LPTHREADENTRY32);
+BOOL WINAPI Toolhelp32ReadProcessMemory(DWORD,LPCVOID,LPVOID,DWORD,LPDWORD);
+HANDLE WINAPI CreateToolhelp32Snapshot(DWORD,DWORD);
+#ifdef UNICODE
+#define LPMODULEENTRY32 LPMODULEENTRY32W
+#define LPPROCESSENTRY32 LPPROCESSENTRY32W
+#define MODULEENTRY32 MODULEENTRY32W
+#define Module32First Module32FirstW
+#define Module32Next Module32NextW
+#define PMODULEENTRY32 PMODULEENTRY32W
+#define PPROCESSENTRY32 PPROCESSENTRY32W
+#define PROCESSENTRY32 PROCESSENTRY32W
+#define Process32First Process32FirstW
+#define Process32Next Process32NextW
+#endif /* UNICODE */
+#ifdef __cplusplus
+}
+#endif
+#endif /* _TLHELP32_H */
+
diff --git a/ms/tpem.bat b/ms/tpem.bat
index cd01792e9f..7fc7a83279 100755
--- a/ms/tpem.bat
+++ b/ms/tpem.bat
@@ -1,6 +1,6 @@
-rem called by testpem
-
-echo test %1 %2
-%ssleay% %1 -in %2 -out %tmp1%
-%cmp% %2 %tmp1%
-
+rem called by testpem

+

+echo test %1 %2

+%ssleay% %1 -in %2 -out %tmp1%

+%cmp% %2 %tmp1%

+

diff --git a/ms/tpemce.bat b/ms/tpemce.bat
new file mode 100644
index 0000000000..17b2acd390
--- /dev/null
+++ b/ms/tpemce.bat
@@ -0,0 +1,8 @@
+rem called by testpemce

+

+echo test %1 %2

+cecopy %2 CE:\OpenSSL

+cerun CE:\OpenSSL\%ssleay% %1 -in \OpenSSL\%2 -out \OpenSSL\%tmp1%

+del %tmp1% >nul 2>&1

+cecopy CE:\OpenSSL\%tmp1% .

+%cmp% %2 %tmp1%

diff --git a/ms/w31dll.mak b/ms/w31dll.mak
deleted file mode 100644
index f7feb8cb00..0000000000
--- a/ms/w31dll.mak
+++ /dev/null
@@ -1,2371 +0,0 @@
-# This makefile has been automatically generated from the SSLeay distribution.
-# This single makefile will build the complete SSLeay distribution and
-# by default leave the 'intertesting' output files in .\out and the stuff
-# that needs deleting in .\tmp.
-# The file was generated by running 'make makefile.one', which
-# does a 'make files', which writes all the environment variables from all
-# the makefiles to the file call MINFO.  This file is used by
-# util\mk1mf.pl to generate makefile.one.
-# The 'makefile per directory' system suites me when developing this
-# library and also so I can 'distribute' indervidual library sections.
-# The one monster makefile better suits building in non-unix
-# environments.
-
-INSTALLTOP=\usr\local\ssl
-
-# Set your compiler options
-PLATFORM=VC-WIN16
-CC=cl
-CFLAG=/ALw /Gx- /Gt256 /Gf /G2 /f- /Ocgnotb2 /W3 /WX -DL_ENDIAN /nologo -DWINDOWS -DWIN16
-APP_CFLAG=/Gw /FPi87
-LIB_CFLAG=/Gw -D_WINDLL -D_DLL
-SHLIB_CFLAG=
-APP_EX_OBJ=setargv.obj
-SHLIB_EX_OBJ=
-# add extra libraries to this define, for solaris -lsocket -lnsl would
-# be added
-EX_LIBS=oldnames llibcewq libw winsock
-
-# The SSLeay directory
-SRC_D=.
-
-LINK=link
-LFLAGS= /FARCALL /NOLOGO /NOD /SEG:1024 /ONERROR:NOEXE /NOE /PACKC:60000 /PACKD:60000 /STACK:20000 /ALIGN:256
-
-BN_ASM_OBJ=crypto\bn\asm\x86w32.obj
-BN_ASM_SRC=crypto\bn\asm\x86w32.asm
-DES_ENC_OBJ=
-DES_ENC_SRC=
-BF_ENC_OBJ=
-BF_ENC_SRC=
-CAST_ENC_OBJ=
-CAST_ENC_SRC=
-RC4_ENC_OBJ=
-RC4_ENC_SRC=
-RC5_ENC_OBJ=
-RC5_ENC_SRC=
-MD5_ASM_OBJ=
-MD5_ASM_SRC=
-SHA1_ASM_OBJ=
-SHA1_ASM_SRC=
-RMD160_ASM_OBJ=
-RMD160_ASM_SRC=
-
-# The output directory for everything intersting
-OUT_D=out16dll
-# The output directory for all the temporary muck
-TMP_D=tmp16dll
-# The output directory for the header files
-INC_D=inc16
-
-CP=copy
-RM=del
-RANLIB=
-MKDIR=mkdir
-MKLIB=lib /PAGESIZE:1024
-MLFLAGS= /FARCALL /NOLOGO /NOD /SEG:1024 /ONERROR:NOEXE /NOE /PACKC:60000 /PACKD:60000
-ASM=ml /Cp /c /Cx
-
-######################################################
-# You should not need to touch anything below this point
-######################################################
-
-E_EXE=ssleay
-SSL=ssleay16
-CRYPTO=libeay16
-RSAGLUE=RSAglue
-
-# BIN_D  - Binary output directory
-# TEST_D - Binary test file output directory
-# LIB_D  - library output directory
-BIN_D=$(OUT_D)
-TEST_D=$(OUT_D)
-LIB_D=$(OUT_D)
-
-# INCL_D - local library directory
-# OBJ_D  - temp object file directory
-OBJ_D=$(TMP_D)
-INCL_D=$(TMP_D)
-
-O_SSL=     $(LIB_D)\$(SSL).dll
-O_CRYPTO=  $(LIB_D)\$(CRYPTO).dll
-O_RSAGLUE= $(LIB_D)\$(RSAGLUE).lib
-SO_SSL=    $(SSL)
-SO_CRYPTO= $(CRYPTO)
-L_SSL=     $(LIB_D)\$(SSL).lib
-L_CRYPTO=  $(LIB_D)\$(CRYPTO).lib
-
-L_LIBS= $(L_SSL) $(L_CRYPTO)
-#L_LIBS= $(O_SSL) $(O_RSAGLUE) -lrsaref $(O_CRYPTO)
-
-######################################################
-# Don't touch anything below this point
-######################################################
-
-INC=-I$(INC_D) -I$(INCL_D)
-APP_CFLAGS=$(INC) $(CFLAG) $(APP_CFLAG)
-LIB_CFLAGS=$(INC) $(CFLAG) $(LIB_CFLAG)
-SHLIB_CFLAGS=$(INC) $(CFLAG) $(LIB_CFLAG) $(SHLIB_CFLAG)
-LIBS_DEP=$(O_CRYPTO) $(O_RSAGLUE) $(O_SSL)
-
-#############################################
-HEADER=$(INCL_D)\cryptlib.h \
-	$(INCL_D)\date.h $(INCL_D)\md5_locl.h $(INCL_D)\sha_locl.h \
-	$(INCL_D)\rmd_locl.h $(INCL_D)\rmdconst.h $(INCL_D)\des_locl.h \
-	$(INCL_D)\rpc_des.h $(INCL_D)\podd.h $(INCL_D)\sk.h \
-	$(INCL_D)\spr.h $(INCL_D)\des_ver.h $(INCL_D)\rc2_locl.h \
-	$(INCL_D)\rc4_locl.h $(INCL_D)\rc5_locl.h $(INCL_D)\idea_lcl.h \
-	$(INCL_D)\bf_pi.h $(INCL_D)\bf_locl.h $(INCL_D)\cast_s.h \
-	$(INCL_D)\cast_lcl.h $(INCL_D)\bn_lcl.h $(INCL_D)\bn_prime.h \
-	$(INCL_D)\obj_dat.h $(INCL_D)\conf_lcl.h $(INCL_D)\ssl_locl.h \
-	$(INCL_D)\rsaref.h $(INCL_D)\apps.h $(INCL_D)\progs.h \
-	$(INCL_D)\testdsa.h $(INCL_D)\testrsa.h
-
-EXHEADER=$(INC_D)\e_os.h \
-	$(INC_D)\crypto.h $(INC_D)\cryptall.h $(INC_D)\tmdiff.h \
-	$(INC_D)\md2.h $(INC_D)\md5.h $(INC_D)\sha.h \
-	$(INC_D)\mdc2.h $(INC_D)\hmac.h $(INC_D)\ripemd.h \
-	$(INC_D)\des.h $(INC_D)\rc2.h $(INC_D)\rc4.h \
-	$(INC_D)\rc5.h $(INC_D)\idea.h $(INC_D)\blowfish.h \
-	$(INC_D)\cast.h $(INC_D)\bn.h $(INC_D)\rsa.h \
-	$(INC_D)\dsa.h $(INC_D)\dh.h $(INC_D)\buffer.h \
-	$(INC_D)\bio.h $(INC_D)\bss_file.c $(INC_D)\stack.h \
-	$(INC_D)\lhash.h $(INC_D)\rand.h $(INC_D)\err.h \
-	$(INC_D)\objects.h $(INC_D)\evp.h $(INC_D)\pem.h \
-	$(INC_D)\asn1.h $(INC_D)\asn1_mac.h $(INC_D)\x509.h \
-	$(INC_D)\x509_vfy.h $(INC_D)\conf.h $(INC_D)\txt_db.h \
-	$(INC_D)\pkcs7.h $(INC_D)\proxy.h $(INC_D)\comp.h \
-	$(INC_D)\ssl.h $(INC_D)\ssl2.h $(INC_D)\ssl3.h \
-	$(INC_D)\ssl23.h $(INC_D)\tls1.h
-
-T_OBJ=$(OBJ_D)\md2test.obj \
-	$(OBJ_D)\md5test.obj $(OBJ_D)\shatest.obj $(OBJ_D)\sha1test.obj \
-	$(OBJ_D)\mdc2test.obj $(OBJ_D)\hmactest.obj $(OBJ_D)\rmdtest.obj \
-	$(OBJ_D)\destest.obj $(OBJ_D)\rc2test.obj $(OBJ_D)\rc4test.obj \
-	$(OBJ_D)\rc5test.obj $(OBJ_D)\ideatest.obj $(OBJ_D)\bftest.obj \
-	$(OBJ_D)\casttest.obj $(OBJ_D)\bntest.obj $(OBJ_D)\exptest.obj \
-	$(OBJ_D)\dsatest.obj $(OBJ_D)\dhtest.obj $(OBJ_D)\randtest.obj \
-	$(OBJ_D)\ssltest.obj
-
-E_OBJ=$(OBJ_D)\verify.obj \
-	$(OBJ_D)\asn1pars.obj $(OBJ_D)\req.obj $(OBJ_D)\dgst.obj \
-	$(OBJ_D)\dh.obj $(OBJ_D)\enc.obj $(OBJ_D)\gendh.obj \
-	$(OBJ_D)\errstr.obj $(OBJ_D)\ca.obj $(OBJ_D)\pkcs7.obj \
-	$(OBJ_D)\crl2p7.obj $(OBJ_D)\crl.obj $(OBJ_D)\rsa.obj \
-	$(OBJ_D)\dsa.obj $(OBJ_D)\dsaparam.obj $(OBJ_D)\x509.obj \
-	$(OBJ_D)\genrsa.obj $(OBJ_D)\s_server.obj $(OBJ_D)\s_client.obj \
-	$(OBJ_D)\speed.obj $(OBJ_D)\s_time.obj \
-	$(OBJ_D)\apps.obj $(OBJ_D)\s_cb.obj $(OBJ_D)\s_socket.obj \
-	$(OBJ_D)\s_eio.obj $(OBJ_D)\bf_perm.obj $(OBJ_D)\version.obj \
-	$(OBJ_D)\sess_id.obj $(OBJ_D)\ciphers.obj $(OBJ_D)\ssleay.obj
-
-CRYPTOOBJ=$(OBJ_D)\cryptlib.obj \
-	$(OBJ_D)\mem.obj $(OBJ_D)\cversion.obj $(OBJ_D)\ex_data.obj \
-	$(OBJ_D)\tmdiff.obj $(OBJ_D)\cpt_err.obj $(OBJ_D)\md2_dgst.obj \
-	$(OBJ_D)\md2_one.obj $(OBJ_D)\md5_dgst.obj $(OBJ_D)\md5_one.obj \
-	$(OBJ_D)\sha_dgst.obj $(OBJ_D)\sha1dgst.obj $(OBJ_D)\sha_one.obj \
-	$(OBJ_D)\sha1_one.obj $(OBJ_D)\mdc2dgst.obj $(OBJ_D)\mdc2_one.obj \
-	$(OBJ_D)\hmac.obj $(OBJ_D)\rmd_dgst.obj $(OBJ_D)\rmd_one.obj \
-	$(OBJ_D)\set_key.obj $(OBJ_D)\ecb_enc.obj $(OBJ_D)\cbc_enc.obj \
-	$(OBJ_D)\ecb3_enc.obj $(OBJ_D)\cfb64enc.obj $(OBJ_D)\cfb64ede.obj \
-	$(OBJ_D)\cfb_enc.obj $(OBJ_D)\ofb64ede.obj $(OBJ_D)\enc_read.obj \
-	$(OBJ_D)\enc_writ.obj $(OBJ_D)\ofb64enc.obj $(OBJ_D)\ofb_enc.obj \
-	$(OBJ_D)\str2key.obj $(OBJ_D)\pcbc_enc.obj $(OBJ_D)\qud_cksm.obj \
-	$(OBJ_D)\rand_key.obj $(OBJ_D)\des_enc.obj $(OBJ_D)\fcrypt_b.obj \
-	$(OBJ_D)\read2pwd.obj $(OBJ_D)\fcrypt.obj $(OBJ_D)\xcbc_enc.obj \
-	$(OBJ_D)\read_pwd.obj $(OBJ_D)\rpc_enc.obj $(OBJ_D)\cbc_cksm.obj \
-	$(OBJ_D)\supp.obj $(OBJ_D)\rc2_ecb.obj $(OBJ_D)\rc2_skey.obj \
-	$(OBJ_D)\rc2_cbc.obj $(OBJ_D)\rc2cfb64.obj $(OBJ_D)\rc2ofb64.obj \
-	$(OBJ_D)\rc4_skey.obj $(OBJ_D)\rc4_enc.obj $(OBJ_D)\rc5_skey.obj \
-	$(OBJ_D)\rc5_ecb.obj $(OBJ_D)\rc5_enc.obj $(OBJ_D)\rc5cfb64.obj \
-	$(OBJ_D)\rc5ofb64.obj $(OBJ_D)\i_cbc.obj $(OBJ_D)\i_cfb64.obj \
-	$(OBJ_D)\i_ofb64.obj $(OBJ_D)\i_ecb.obj $(OBJ_D)\i_skey.obj \
-	$(OBJ_D)\bf_skey.obj $(OBJ_D)\bf_ecb.obj $(OBJ_D)\bf_enc.obj \
-	$(OBJ_D)\bf_cfb64.obj $(OBJ_D)\bf_ofb64.obj $(OBJ_D)\c_skey.obj \
-	$(OBJ_D)\c_ecb.obj $(OBJ_D)\c_enc.obj $(OBJ_D)\c_cfb64.obj \
-	$(OBJ_D)\c_ofb64.obj $(OBJ_D)\bn_add.obj $(OBJ_D)\bn_div.obj \
-	$(OBJ_D)\bn_exp.obj $(OBJ_D)\bn_lib.obj $(OBJ_D)\bn_mul.obj \
-	$(OBJ_D)\bn_print.obj $(OBJ_D)\bn_rand.obj $(OBJ_D)\bn_shift.obj \
-	$(OBJ_D)\bn_word.obj $(OBJ_D)\bn_blind.obj $(OBJ_D)\bn_gcd.obj \
-	$(OBJ_D)\bn_prime.obj $(OBJ_D)\bn_err.obj $(OBJ_D)\bn_sqr.obj \
-	$(BN_ASM_OBJ) $(OBJ_D)\bn_recp.obj $(OBJ_D)\bn_mont.obj \
-	$(OBJ_D)\bn_mpi.obj $(OBJ_D)\bn_exp2.obj $(OBJ_D)\rsa_eay.obj \
-	$(OBJ_D)\rsa_gen.obj $(OBJ_D)\rsa_lib.obj $(OBJ_D)\rsa_sign.obj \
-	$(OBJ_D)\rsa_saos.obj $(OBJ_D)\rsa_err.obj $(OBJ_D)\rsa_pk1.obj \
-	$(OBJ_D)\rsa_ssl.obj $(OBJ_D)\rsa_none.obj $(OBJ_D)\dsa_gen.obj \
-	$(OBJ_D)\dsa_key.obj $(OBJ_D)\dsa_lib.obj $(OBJ_D)\dsa_vrf.obj \
-	$(OBJ_D)\dsa_sign.obj $(OBJ_D)\dsa_err.obj $(OBJ_D)\dh_gen.obj \
-	$(OBJ_D)\dh_key.obj $(OBJ_D)\dh_lib.obj $(OBJ_D)\dh_check.obj \
-	$(OBJ_D)\dh_err.obj $(OBJ_D)\buffer.obj $(OBJ_D)\buf_err.obj \
-	$(OBJ_D)\bio_lib.obj $(OBJ_D)\bio_cb.obj $(OBJ_D)\bio_err.obj \
-	$(OBJ_D)\bss_mem.obj $(OBJ_D)\bss_null.obj $(OBJ_D)\bss_fd.obj \
-	$(OBJ_D)\bss_file.obj $(OBJ_D)\bss_sock.obj $(OBJ_D)\bss_conn.obj \
-	$(OBJ_D)\bf_null.obj $(OBJ_D)\bf_buff.obj $(OBJ_D)\b_print.obj \
-	$(OBJ_D)\b_dump.obj $(OBJ_D)\b_sock.obj $(OBJ_D)\bss_acpt.obj \
-	$(OBJ_D)\bf_nbio.obj $(OBJ_D)\bss_cs4a.obj $(OBJ_D)\stack.obj \
-	$(OBJ_D)\lhash.obj $(OBJ_D)\lh_stats.obj $(OBJ_D)\md_rand.obj \
-	$(OBJ_D)\randfile.obj $(OBJ_D)\rand_lib.obj $(OBJ_D)\err.obj \
-	$(OBJ_D)\err_all.obj $(OBJ_D)\err_prn.obj $(OBJ_D)\o_names.obj \
-	$(OBJ_D)\obj_dat.obj $(OBJ_D)\obj_lib.obj $(OBJ_D)\obj_err.obj \
-	$(OBJ_D)\encode.obj $(OBJ_D)\digest.obj $(OBJ_D)\evp_enc.obj \
-	$(OBJ_D)\evp_key.obj $(OBJ_D)\e_ecb_d.obj $(OBJ_D)\e_cbc_d.obj \
-	$(OBJ_D)\e_cfb_d.obj $(OBJ_D)\e_ofb_d.obj $(OBJ_D)\e_ecb_i.obj \
-	$(OBJ_D)\e_cbc_i.obj $(OBJ_D)\e_cfb_i.obj $(OBJ_D)\e_ofb_i.obj \
-	$(OBJ_D)\e_ecb_3d.obj $(OBJ_D)\e_cbc_3d.obj $(OBJ_D)\e_rc4.obj \
-	$(OBJ_D)\names.obj $(OBJ_D)\e_cfb_3d.obj $(OBJ_D)\e_ofb_3d.obj \
-	$(OBJ_D)\e_xcbc_d.obj $(OBJ_D)\e_ecb_r2.obj $(OBJ_D)\e_cbc_r2.obj \
-	$(OBJ_D)\e_cfb_r2.obj $(OBJ_D)\e_ofb_r2.obj $(OBJ_D)\e_ecb_bf.obj \
-	$(OBJ_D)\e_cbc_bf.obj $(OBJ_D)\e_cfb_bf.obj $(OBJ_D)\e_ofb_bf.obj \
-	$(OBJ_D)\e_ecb_c.obj $(OBJ_D)\e_cbc_c.obj $(OBJ_D)\e_cfb_c.obj \
-	$(OBJ_D)\e_ofb_c.obj $(OBJ_D)\e_ecb_r5.obj $(OBJ_D)\e_cbc_r5.obj \
-	$(OBJ_D)\e_cfb_r5.obj $(OBJ_D)\e_ofb_r5.obj $(OBJ_D)\m_null.obj \
-	$(OBJ_D)\m_md2.obj $(OBJ_D)\m_md5.obj $(OBJ_D)\m_sha.obj \
-	$(OBJ_D)\m_sha1.obj $(OBJ_D)\m_dss.obj $(OBJ_D)\m_dss1.obj \
-	$(OBJ_D)\m_mdc2.obj $(OBJ_D)\m_ripemd.obj $(OBJ_D)\p_open.obj \
-	$(OBJ_D)\p_seal.obj $(OBJ_D)\p_sign.obj $(OBJ_D)\p_verify.obj \
-	$(OBJ_D)\p_lib.obj $(OBJ_D)\p_enc.obj $(OBJ_D)\p_dec.obj \
-	$(OBJ_D)\bio_md.obj $(OBJ_D)\bio_b64.obj $(OBJ_D)\bio_enc.obj \
-	$(OBJ_D)\evp_err.obj $(OBJ_D)\e_null.obj $(OBJ_D)\c_all.obj \
-	$(OBJ_D)\evp_lib.obj $(OBJ_D)\pem_sign.obj $(OBJ_D)\pem_seal.obj \
-	$(OBJ_D)\pem_info.obj $(OBJ_D)\pem_lib.obj $(OBJ_D)\pem_all.obj \
-	$(OBJ_D)\pem_err.obj $(OBJ_D)\a_object.obj $(OBJ_D)\a_bitstr.obj \
-	$(OBJ_D)\a_utctm.obj $(OBJ_D)\a_int.obj $(OBJ_D)\a_octet.obj \
-	$(OBJ_D)\a_print.obj $(OBJ_D)\a_type.obj $(OBJ_D)\a_set.obj \
-	$(OBJ_D)\a_dup.obj $(OBJ_D)\a_d2i_fp.obj $(OBJ_D)\a_i2d_fp.obj \
-	$(OBJ_D)\a_bmp.obj $(OBJ_D)\a_sign.obj $(OBJ_D)\a_digest.obj \
-	$(OBJ_D)\a_verify.obj $(OBJ_D)\x_algor.obj $(OBJ_D)\x_val.obj \
-	$(OBJ_D)\x_pubkey.obj $(OBJ_D)\x_sig.obj $(OBJ_D)\x_req.obj \
-	$(OBJ_D)\x_attrib.obj $(OBJ_D)\x_name.obj $(OBJ_D)\x_cinf.obj \
-	$(OBJ_D)\x_x509.obj $(OBJ_D)\x_crl.obj $(OBJ_D)\x_info.obj \
-	$(OBJ_D)\x_spki.obj $(OBJ_D)\d2i_r_pr.obj $(OBJ_D)\i2d_r_pr.obj \
-	$(OBJ_D)\d2i_r_pu.obj $(OBJ_D)\i2d_r_pu.obj $(OBJ_D)\d2i_s_pr.obj \
-	$(OBJ_D)\i2d_s_pr.obj $(OBJ_D)\d2i_s_pu.obj $(OBJ_D)\i2d_s_pu.obj \
-	$(OBJ_D)\d2i_pu.obj $(OBJ_D)\d2i_pr.obj $(OBJ_D)\i2d_pu.obj \
-	$(OBJ_D)\i2d_pr.obj $(OBJ_D)\t_req.obj $(OBJ_D)\t_x509.obj \
-	$(OBJ_D)\t_pkey.obj $(OBJ_D)\p7_i_s.obj $(OBJ_D)\p7_signi.obj \
-	$(OBJ_D)\p7_signd.obj $(OBJ_D)\p7_recip.obj $(OBJ_D)\p7_enc_c.obj \
-	$(OBJ_D)\p7_evp.obj $(OBJ_D)\p7_dgst.obj $(OBJ_D)\p7_s_e.obj \
-	$(OBJ_D)\p7_enc.obj $(OBJ_D)\p7_lib.obj $(OBJ_D)\f_int.obj \
-	$(OBJ_D)\f_string.obj $(OBJ_D)\i2d_dhp.obj $(OBJ_D)\i2d_dsap.obj \
-	$(OBJ_D)\d2i_dhp.obj $(OBJ_D)\d2i_dsap.obj $(OBJ_D)\n_pkey.obj \
-	$(OBJ_D)\a_hdr.obj $(OBJ_D)\x_pkey.obj $(OBJ_D)\a_bool.obj \
-	$(OBJ_D)\x_exten.obj $(OBJ_D)\asn1_par.obj $(OBJ_D)\asn1_lib.obj \
-	$(OBJ_D)\asn1_err.obj $(OBJ_D)\a_meth.obj $(OBJ_D)\a_bytes.obj \
-	$(OBJ_D)\evp_asn1.obj $(OBJ_D)\x509_def.obj $(OBJ_D)\x509_d2.obj \
-	$(OBJ_D)\x509_r2x.obj $(OBJ_D)\x509_cmp.obj $(OBJ_D)\x509_obj.obj \
-	$(OBJ_D)\x509_req.obj $(OBJ_D)\x509_vfy.obj $(OBJ_D)\x509_set.obj \
-	$(OBJ_D)\x509rset.obj $(OBJ_D)\x509_err.obj $(OBJ_D)\x509name.obj \
-	$(OBJ_D)\x509_v3.obj $(OBJ_D)\x509_ext.obj $(OBJ_D)\x509pack.obj \
-	$(OBJ_D)\x509type.obj $(OBJ_D)\x509_lu.obj $(OBJ_D)\x_all.obj \
-	$(OBJ_D)\x509_txt.obj $(OBJ_D)\by_file.obj $(OBJ_D)\by_dir.obj \
-	$(OBJ_D)\v3_net.obj $(OBJ_D)\v3_x509.obj $(OBJ_D)\conf.obj \
-	$(OBJ_D)\conf_err.obj $(OBJ_D)\txt_db.obj $(OBJ_D)\pk7_lib.obj \
-	$(OBJ_D)\pkcs7err.obj $(OBJ_D)\pk7_doit.obj $(OBJ_D)\proxy.obj \
-	$(OBJ_D)\pxy_txt.obj $(OBJ_D)\bf_proxy.obj $(OBJ_D)\pxy_conf.obj \
-	$(OBJ_D)\pxy_err.obj $(OBJ_D)\comp_lib.obj $(OBJ_D)\c_rle.obj \
-	$(OBJ_D)\c_zlib.obj
-
-SSLOBJ=$(OBJ_D)\s2_meth.obj \
-	$(OBJ_D)\s2_srvr.obj $(OBJ_D)\s2_clnt.obj $(OBJ_D)\s2_lib.obj \
-	$(OBJ_D)\s2_enc.obj $(OBJ_D)\s2_pkt.obj $(OBJ_D)\s3_meth.obj \
-	$(OBJ_D)\s3_srvr.obj $(OBJ_D)\s3_clnt.obj $(OBJ_D)\s3_lib.obj \
-	$(OBJ_D)\s3_enc.obj $(OBJ_D)\s3_pkt.obj $(OBJ_D)\s3_both.obj \
-	$(OBJ_D)\s23_meth.obj $(OBJ_D)\s23_srvr.obj $(OBJ_D)\s23_clnt.obj \
-	$(OBJ_D)\s23_lib.obj $(OBJ_D)\s23_pkt.obj $(OBJ_D)\t1_meth.obj \
-	$(OBJ_D)\t1_srvr.obj $(OBJ_D)\t1_clnt.obj $(OBJ_D)\t1_lib.obj \
-	$(OBJ_D)\t1_enc.obj $(OBJ_D)\ssl_lib.obj $(OBJ_D)\ssl_err2.obj \
-	$(OBJ_D)\ssl_cert.obj $(OBJ_D)\ssl_sess.obj $(OBJ_D)\ssl_ciph.obj \
-	$(OBJ_D)\ssl_stat.obj $(OBJ_D)\ssl_rsa.obj $(OBJ_D)\ssl_asn1.obj \
-	$(OBJ_D)\ssl_txt.obj $(OBJ_D)\ssl_algs.obj $(OBJ_D)\bio_ssl.obj \
-	$(OBJ_D)\pxy_ssl.obj $(OBJ_D)\ssl_err.obj
-
-RSAGLUEOBJ=$(OBJ_D)\rsaref.obj \
-	$(OBJ_D)\rsar_err.obj
-
-T_EXE=$(TEST_D)\md2test.exe \
-	$(TEST_D)\md5test.exe $(TEST_D)\shatest.exe $(TEST_D)\sha1test.exe \
-	$(TEST_D)\mdc2test.exe $(TEST_D)\hmactest.exe $(TEST_D)\rmdtest.exe \
-	$(TEST_D)\destest.exe $(TEST_D)\rc2test.exe $(TEST_D)\rc4test.exe \
-	$(TEST_D)\rc5test.exe $(TEST_D)\ideatest.exe $(TEST_D)\bftest.exe \
-	$(TEST_D)\casttest.exe $(TEST_D)\bntest.exe $(TEST_D)\exptest.exe \
-	$(TEST_D)\dsatest.exe $(TEST_D)\dhtest.exe $(TEST_D)\randtest.exe \
-	$(TEST_D)\ssltest.exe
-
-###################################################################
-all: banner $(TMP_D) $(BIN_D) $(TEST_D) $(LIB_D) $(INC_D) headers lib exe
-
-banner:
-	@echo Make sure you have run 'perl Configure VC-WIN16' in the
-	@echo top level directory, if you don't have perl, you will
-	@echo need to probably edit crypto/bn/bn.h, check the
-	@echo documentation for details.
-
-
-$(TMP_D):
-	$(MKDIR) $(TMP_D)
-
-$(BIN_D):
-	$(MKDIR) $(BIN_D)
-
-$(TEST_D):
-	$(MKDIR) $(TEST_D)
-
-$(LIB_D):
-	$(MKDIR) $(LIB_D)
-
-$(INC_D):
-	$(MKDIR) $(INC_D)
-
-headers: $(HEADER) $(EXHEADER)
-
-lib: $(LIBS_DEP)
-
-exe: $(T_EXE) $(BIN_D)\$(E_EXE).exe
-
-install:
-	$(MKDIR) $(INSTALLTOP)
-	$(MKDIR) $(INSTALLTOP)\bin
-	$(MKDIR) $(INSTALLTOP)\include
-	$(MKDIR) $(INSTALLTOP)\lib
-	$(CP) $(INC_D)\*.[ch] $(INSTALLTOP)\include
-	$(CP) $(BIN_D)\$(E_EXE).exe $(INSTALLTOP)\bin
-	$(CP) $(O_SSL) $(INSTALLTOP)\lib
-	$(CP) $(O_CRYPTO) $(INSTALLTOP)\lib
-
-clean:
-	$(RM) $(TMP_D)\*.*
-
-vclean:
-	$(RM) $(TMP_D)\*.*
-	$(RM) $(OUT_D)\*.*
-
-$(INCL_D)\cryptlib.h: $(SRC_D)\crypto\cryptlib.h
-	$(CP) $(SRC_D)\crypto\cryptlib.h $(INCL_D)\cryptlib.h
-
-$(INCL_D)\date.h: $(SRC_D)\crypto\date.h
-	$(CP) $(SRC_D)\crypto\date.h $(INCL_D)\date.h
-
-$(INCL_D)\md5_locl.h: $(SRC_D)\crypto\md5\md5_locl.h
-	$(CP) $(SRC_D)\crypto\md5\md5_locl.h $(INCL_D)\md5_locl.h
-
-$(INCL_D)\sha_locl.h: $(SRC_D)\crypto\sha\sha_locl.h
-	$(CP) $(SRC_D)\crypto\sha\sha_locl.h $(INCL_D)\sha_locl.h
-
-$(INCL_D)\rmd_locl.h: $(SRC_D)\crypto\ripemd\rmd_locl.h
-	$(CP) $(SRC_D)\crypto\ripemd\rmd_locl.h $(INCL_D)\rmd_locl.h
-
-$(INCL_D)\rmdconst.h: $(SRC_D)\crypto\ripemd\rmdconst.h
-	$(CP) $(SRC_D)\crypto\ripemd\rmdconst.h $(INCL_D)\rmdconst.h
-
-$(INCL_D)\des_locl.h: $(SRC_D)\crypto\des\des_locl.h
-	$(CP) $(SRC_D)\crypto\des\des_locl.h $(INCL_D)\des_locl.h
-
-$(INCL_D)\rpc_des.h: $(SRC_D)\crypto\des\rpc_des.h
-	$(CP) $(SRC_D)\crypto\des\rpc_des.h $(INCL_D)\rpc_des.h
-
-$(INCL_D)\podd.h: $(SRC_D)\crypto\des\podd.h
-	$(CP) $(SRC_D)\crypto\des\podd.h $(INCL_D)\podd.h
-
-$(INCL_D)\sk.h: $(SRC_D)\crypto\des\sk.h
-	$(CP) $(SRC_D)\crypto\des\sk.h $(INCL_D)\sk.h
-
-$(INCL_D)\spr.h: $(SRC_D)\crypto\des\spr.h
-	$(CP) $(SRC_D)\crypto\des\spr.h $(INCL_D)\spr.h
-
-$(INCL_D)\des_ver.h: $(SRC_D)\crypto\des\des_ver.h
-	$(CP) $(SRC_D)\crypto\des\des_ver.h $(INCL_D)\des_ver.h
-
-$(INCL_D)\rc2_locl.h: $(SRC_D)\crypto\rc2\rc2_locl.h
-	$(CP) $(SRC_D)\crypto\rc2\rc2_locl.h $(INCL_D)\rc2_locl.h
-
-$(INCL_D)\rc4_locl.h: $(SRC_D)\crypto\rc4\rc4_locl.h
-	$(CP) $(SRC_D)\crypto\rc4\rc4_locl.h $(INCL_D)\rc4_locl.h
-
-$(INCL_D)\rc5_locl.h: $(SRC_D)\crypto\rc5\rc5_locl.h
-	$(CP) $(SRC_D)\crypto\rc5\rc5_locl.h $(INCL_D)\rc5_locl.h
-
-$(INCL_D)\idea_lcl.h: $(SRC_D)\crypto\idea\idea_lcl.h
-	$(CP) $(SRC_D)\crypto\idea\idea_lcl.h $(INCL_D)\idea_lcl.h
-
-$(INCL_D)\bf_pi.h: $(SRC_D)\crypto\bf\bf_pi.h
-	$(CP) $(SRC_D)\crypto\bf\bf_pi.h $(INCL_D)\bf_pi.h
-
-$(INCL_D)\bf_locl.h: $(SRC_D)\crypto\bf\bf_locl.h
-	$(CP) $(SRC_D)\crypto\bf\bf_locl.h $(INCL_D)\bf_locl.h
-
-$(INCL_D)\cast_s.h: $(SRC_D)\crypto\cast\cast_s.h
-	$(CP) $(SRC_D)\crypto\cast\cast_s.h $(INCL_D)\cast_s.h
-
-$(INCL_D)\cast_lcl.h: $(SRC_D)\crypto\cast\cast_lcl.h
-	$(CP) $(SRC_D)\crypto\cast\cast_lcl.h $(INCL_D)\cast_lcl.h
-
-$(INCL_D)\bn_lcl.h: $(SRC_D)\crypto\bn\bn_lcl.h
-	$(CP) $(SRC_D)\crypto\bn\bn_lcl.h $(INCL_D)\bn_lcl.h
-
-$(INCL_D)\bn_prime.h: $(SRC_D)\crypto\bn\bn_prime.h
-	$(CP) $(SRC_D)\crypto\bn\bn_prime.h $(INCL_D)\bn_prime.h
-
-$(INCL_D)\obj_dat.h: $(SRC_D)\crypto\objects\obj_dat.h
-	$(CP) $(SRC_D)\crypto\objects\obj_dat.h $(INCL_D)\obj_dat.h
-
-$(INCL_D)\conf_lcl.h: $(SRC_D)\crypto\conf\conf_lcl.h
-	$(CP) $(SRC_D)\crypto\conf\conf_lcl.h $(INCL_D)\conf_lcl.h
-
-$(INCL_D)\ssl_locl.h: $(SRC_D)\ssl\ssl_locl.h
-	$(CP) $(SRC_D)\ssl\ssl_locl.h $(INCL_D)\ssl_locl.h
-
-$(INCL_D)\rsaref.h: $(SRC_D)\rsaref\rsaref.h
-	$(CP) $(SRC_D)\rsaref\rsaref.h $(INCL_D)\rsaref.h
-
-$(INCL_D)\apps.h: $(SRC_D)\apps\apps.h
-	$(CP) $(SRC_D)\apps\apps.h $(INCL_D)\apps.h
-
-$(INCL_D)\progs.h: $(SRC_D)\apps\progs.h
-	$(CP) $(SRC_D)\apps\progs.h $(INCL_D)\progs.h
-
-$(INCL_D)\s_apps.h: $(SRC_D)\apps\s_apps.h
-	$(CP) $(SRC_D)\apps\s_apps.h $(INCL_D)\s_apps.h
-
-$(INCL_D)\s_eio.h: $(SRC_D)\apps\s_eio.h
-	$(CP) $(SRC_D)\apps\s_eio.h $(INCL_D)\s_eio.h
-
-$(INCL_D)\testdsa.h: $(SRC_D)\apps\testdsa.h
-	$(CP) $(SRC_D)\apps\testdsa.h $(INCL_D)\testdsa.h
-
-$(INCL_D)\testrsa.h: $(SRC_D)\apps\testrsa.h
-	$(CP) $(SRC_D)\apps\testrsa.h $(INCL_D)\testrsa.h
-
-$(INC_D)\e_os.h: $(SRC_D)\.\e_os.h
-	$(CP) $(SRC_D)\.\e_os.h $(INC_D)\e_os.h
-
-$(INC_D)\crypto.h: $(SRC_D)\crypto\crypto.h
-	$(CP) $(SRC_D)\crypto\crypto.h $(INC_D)\crypto.h
-
-$(INC_D)\cryptall.h: $(SRC_D)\crypto\cryptall.h
-	$(CP) $(SRC_D)\crypto\cryptall.h $(INC_D)\cryptall.h
-
-$(INC_D)\tmdiff.h: $(SRC_D)\crypto\tmdiff.h
-	$(CP) $(SRC_D)\crypto\tmdiff.h $(INC_D)\tmdiff.h
-
-$(INC_D)\md2.h: $(SRC_D)\crypto\md2\md2.h
-	$(CP) $(SRC_D)\crypto\md2\md2.h $(INC_D)\md2.h
-
-$(INC_D)\md5.h: $(SRC_D)\crypto\md5\md5.h
-	$(CP) $(SRC_D)\crypto\md5\md5.h $(INC_D)\md5.h
-
-$(INC_D)\sha.h: $(SRC_D)\crypto\sha\sha.h
-	$(CP) $(SRC_D)\crypto\sha\sha.h $(INC_D)\sha.h
-
-$(INC_D)\mdc2.h: $(SRC_D)\crypto\mdc2\mdc2.h
-	$(CP) $(SRC_D)\crypto\mdc2\mdc2.h $(INC_D)\mdc2.h
-
-$(INC_D)\hmac.h: $(SRC_D)\crypto\hmac\hmac.h
-	$(CP) $(SRC_D)\crypto\hmac\hmac.h $(INC_D)\hmac.h
-
-$(INC_D)\ripemd.h: $(SRC_D)\crypto\ripemd\ripemd.h
-	$(CP) $(SRC_D)\crypto\ripemd\ripemd.h $(INC_D)\ripemd.h
-
-$(INC_D)\des.h: $(SRC_D)\crypto\des\des.h
-	$(CP) $(SRC_D)\crypto\des\des.h $(INC_D)\des.h
-
-$(INC_D)\rc2.h: $(SRC_D)\crypto\rc2\rc2.h
-	$(CP) $(SRC_D)\crypto\rc2\rc2.h $(INC_D)\rc2.h
-
-$(INC_D)\rc4.h: $(SRC_D)\crypto\rc4\rc4.h
-	$(CP) $(SRC_D)\crypto\rc4\rc4.h $(INC_D)\rc4.h
-
-$(INC_D)\rc5.h: $(SRC_D)\crypto\rc5\rc5.h
-	$(CP) $(SRC_D)\crypto\rc5\rc5.h $(INC_D)\rc5.h
-
-$(INC_D)\idea.h: $(SRC_D)\crypto\idea\idea.h
-	$(CP) $(SRC_D)\crypto\idea\idea.h $(INC_D)\idea.h
-
-$(INC_D)\blowfish.h: $(SRC_D)\crypto\bf\blowfish.h
-	$(CP) $(SRC_D)\crypto\bf\blowfish.h $(INC_D)\blowfish.h
-
-$(INC_D)\cast.h: $(SRC_D)\crypto\cast\cast.h
-	$(CP) $(SRC_D)\crypto\cast\cast.h $(INC_D)\cast.h
-
-$(INC_D)\bn.h: $(SRC_D)\crypto\bn\bn.h
-	$(CP) $(SRC_D)\crypto\bn\bn.h $(INC_D)\bn.h
-
-$(INC_D)\rsa.h: $(SRC_D)\crypto\rsa\rsa.h
-	$(CP) $(SRC_D)\crypto\rsa\rsa.h $(INC_D)\rsa.h
-
-$(INC_D)\dsa.h: $(SRC_D)\crypto\dsa\dsa.h
-	$(CP) $(SRC_D)\crypto\dsa\dsa.h $(INC_D)\dsa.h
-
-$(INC_D)\dh.h: $(SRC_D)\crypto\dh\dh.h
-	$(CP) $(SRC_D)\crypto\dh\dh.h $(INC_D)\dh.h
-
-$(INC_D)\buffer.h: $(SRC_D)\crypto\buffer\buffer.h
-	$(CP) $(SRC_D)\crypto\buffer\buffer.h $(INC_D)\buffer.h
-
-$(INC_D)\bio.h: $(SRC_D)\crypto\bio\bio.h
-	$(CP) $(SRC_D)\crypto\bio\bio.h $(INC_D)\bio.h
-
-$(INC_D)\bss_file.c: $(SRC_D)\crypto\bio\bss_file.c
-	$(CP) $(SRC_D)\crypto\bio\bss_file.c $(INC_D)\bss_file.c
-
-$(INC_D)\stack.h: $(SRC_D)\crypto\stack\stack.h
-	$(CP) $(SRC_D)\crypto\stack\stack.h $(INC_D)\stack.h
-
-$(INC_D)\lhash.h: $(SRC_D)\crypto\lhash\lhash.h
-	$(CP) $(SRC_D)\crypto\lhash\lhash.h $(INC_D)\lhash.h
-
-$(INC_D)\rand.h: $(SRC_D)\crypto\rand\rand.h
-	$(CP) $(SRC_D)\crypto\rand\rand.h $(INC_D)\rand.h
-
-$(INC_D)\err.h: $(SRC_D)\crypto\err\err.h
-	$(CP) $(SRC_D)\crypto\err\err.h $(INC_D)\err.h
-
-$(INC_D)\objects.h: $(SRC_D)\crypto\objects\objects.h
-	$(CP) $(SRC_D)\crypto\objects\objects.h $(INC_D)\objects.h
-
-$(INC_D)\evp.h: $(SRC_D)\crypto\evp\evp.h
-	$(CP) $(SRC_D)\crypto\evp\evp.h $(INC_D)\evp.h
-
-$(INC_D)\pem.h: $(SRC_D)\crypto\pem\pem.h
-	$(CP) $(SRC_D)\crypto\pem\pem.h $(INC_D)\pem.h
-
-$(INC_D)\asn1.h: $(SRC_D)\crypto\asn1\asn1.h
-	$(CP) $(SRC_D)\crypto\asn1\asn1.h $(INC_D)\asn1.h
-
-$(INC_D)\asn1_mac.h: $(SRC_D)\crypto\asn1\asn1_mac.h
-	$(CP) $(SRC_D)\crypto\asn1\asn1_mac.h $(INC_D)\asn1_mac.h
-
-$(INC_D)\x509.h: $(SRC_D)\crypto\x509\x509.h
-	$(CP) $(SRC_D)\crypto\x509\x509.h $(INC_D)\x509.h
-
-$(INC_D)\x509_vfy.h: $(SRC_D)\crypto\x509\x509_vfy.h
-	$(CP) $(SRC_D)\crypto\x509\x509_vfy.h $(INC_D)\x509_vfy.h
-
-$(INC_D)\conf.h: $(SRC_D)\crypto\conf\conf.h
-	$(CP) $(SRC_D)\crypto\conf\conf.h $(INC_D)\conf.h
-
-$(INC_D)\txt_db.h: $(SRC_D)\crypto\txt_db\txt_db.h
-	$(CP) $(SRC_D)\crypto\txt_db\txt_db.h $(INC_D)\txt_db.h
-
-$(INC_D)\pkcs7.h: $(SRC_D)\crypto\pkcs7\pkcs7.h
-	$(CP) $(SRC_D)\crypto\pkcs7\pkcs7.h $(INC_D)\pkcs7.h
-
-$(INC_D)\proxy.h: $(SRC_D)\crypto\proxy\proxy.h
-	$(CP) $(SRC_D)\crypto\proxy\proxy.h $(INC_D)\proxy.h
-
-$(INC_D)\comp.h: $(SRC_D)\crypto\comp\comp.h
-	$(CP) $(SRC_D)\crypto\comp\comp.h $(INC_D)\comp.h
-
-$(INC_D)\ssl.h: $(SRC_D)\ssl\ssl.h
-	$(CP) $(SRC_D)\ssl\ssl.h $(INC_D)\ssl.h
-
-$(INC_D)\ssl2.h: $(SRC_D)\ssl\ssl2.h
-	$(CP) $(SRC_D)\ssl\ssl2.h $(INC_D)\ssl2.h
-
-$(INC_D)\ssl3.h: $(SRC_D)\ssl\ssl3.h
-	$(CP) $(SRC_D)\ssl\ssl3.h $(INC_D)\ssl3.h
-
-$(INC_D)\ssl23.h: $(SRC_D)\ssl\ssl23.h
-	$(CP) $(SRC_D)\ssl\ssl23.h $(INC_D)\ssl23.h
-
-$(INC_D)\tls1.h: $(SRC_D)\ssl\tls1.h
-	$(CP) $(SRC_D)\ssl\tls1.h $(INC_D)\tls1.h
-
-$(OBJ_D)\md2test.obj: $(SRC_D)\crypto\md2\md2test.c
-	$(CC) /Fo$(OBJ_D)\md2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\md2\md2test.c
-
-$(OBJ_D)\md5test.obj: $(SRC_D)\crypto\md5\md5test.c
-	$(CC) /Fo$(OBJ_D)\md5test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\md5\md5test.c
-
-$(OBJ_D)\shatest.obj: $(SRC_D)\crypto\sha\shatest.c
-	$(CC) /Fo$(OBJ_D)\shatest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\sha\shatest.c
-
-$(OBJ_D)\sha1test.obj: $(SRC_D)\crypto\sha\sha1test.c
-	$(CC) /Fo$(OBJ_D)\sha1test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\sha\sha1test.c
-
-$(OBJ_D)\mdc2test.obj: $(SRC_D)\crypto\mdc2\mdc2test.c
-	$(CC) /Fo$(OBJ_D)\mdc2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2test.c
-
-$(OBJ_D)\hmactest.obj: $(SRC_D)\crypto\hmac\hmactest.c
-	$(CC) /Fo$(OBJ_D)\hmactest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\hmac\hmactest.c
-
-$(OBJ_D)\rmdtest.obj: $(SRC_D)\crypto\ripemd\rmdtest.c
-	$(CC) /Fo$(OBJ_D)\rmdtest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\ripemd\rmdtest.c
-
-$(OBJ_D)\destest.obj: $(SRC_D)\crypto\des\destest.c
-	$(CC) /Fo$(OBJ_D)\destest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\des\destest.c
-
-$(OBJ_D)\rc2test.obj: $(SRC_D)\crypto\rc2\rc2test.c
-	$(CC) /Fo$(OBJ_D)\rc2test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2test.c
-
-$(OBJ_D)\rc4test.obj: $(SRC_D)\crypto\rc4\rc4test.c
-	$(CC) /Fo$(OBJ_D)\rc4test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4test.c
-
-$(OBJ_D)\rc5test.obj: $(SRC_D)\crypto\rc5\rc5test.c
-	$(CC) /Fo$(OBJ_D)\rc5test.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5test.c
-
-$(OBJ_D)\ideatest.obj: $(SRC_D)\crypto\idea\ideatest.c
-	$(CC) /Fo$(OBJ_D)\ideatest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\idea\ideatest.c
-
-$(OBJ_D)\bftest.obj: $(SRC_D)\crypto\bf\bftest.c
-	$(CC) /Fo$(OBJ_D)\bftest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\bf\bftest.c
-
-$(OBJ_D)\casttest.obj: $(SRC_D)\crypto\cast\casttest.c
-	$(CC) /Fo$(OBJ_D)\casttest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\cast\casttest.c
-
-$(OBJ_D)\bntest.obj: $(SRC_D)\crypto\bn\bntest.c
-	$(CC) /Fo$(OBJ_D)\bntest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\bn\bntest.c
-
-$(OBJ_D)\exptest.obj: $(SRC_D)\crypto\bn\exptest.c
-	$(CC) /Fo$(OBJ_D)\exptest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\bn\exptest.c
-
-$(OBJ_D)\dsatest.obj: $(SRC_D)\crypto\dsa\dsatest.c
-	$(CC) /Fo$(OBJ_D)\dsatest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\dsa\dsatest.c
-
-$(OBJ_D)\dhtest.obj: $(SRC_D)\crypto\dh\dhtest.c
-	$(CC) /Fo$(OBJ_D)\dhtest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\dh\dhtest.c
-
-$(OBJ_D)\randtest.obj: $(SRC_D)\crypto\rand\randtest.c
-	$(CC) /Fo$(OBJ_D)\randtest.obj $(APP_CFLAGS) -c $(SRC_D)\crypto\rand\randtest.c
-
-$(OBJ_D)\ssltest.obj: $(SRC_D)\ssl\ssltest.c
-	$(CC) /Fo$(OBJ_D)\ssltest.obj $(APP_CFLAGS) -c $(SRC_D)\ssl\ssltest.c
-
-$(OBJ_D)\verify.obj: $(SRC_D)\apps\verify.c
-	$(CC) /Fo$(OBJ_D)\verify.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\verify.c
-
-$(OBJ_D)\asn1pars.obj: $(SRC_D)\apps\asn1pars.c
-	$(CC) /Fo$(OBJ_D)\asn1pars.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\asn1pars.c
-
-$(OBJ_D)\req.obj: $(SRC_D)\apps\req.c
-	$(CC) /Fo$(OBJ_D)\req.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\req.c
-
-$(OBJ_D)\dgst.obj: $(SRC_D)\apps\dgst.c
-	$(CC) /Fo$(OBJ_D)\dgst.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dgst.c
-
-$(OBJ_D)\dh.obj: $(SRC_D)\apps\dh.c
-	$(CC) /Fo$(OBJ_D)\dh.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dh.c
-
-$(OBJ_D)\enc.obj: $(SRC_D)\apps\enc.c
-	$(CC) /Fo$(OBJ_D)\enc.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\enc.c
-
-$(OBJ_D)\gendh.obj: $(SRC_D)\apps\gendh.c
-	$(CC) /Fo$(OBJ_D)\gendh.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\gendh.c
-
-$(OBJ_D)\errstr.obj: $(SRC_D)\apps\errstr.c
-	$(CC) /Fo$(OBJ_D)\errstr.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\errstr.c
-
-$(OBJ_D)\ca.obj: $(SRC_D)\apps\ca.c
-	$(CC) /Fo$(OBJ_D)\ca.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\ca.c
-
-$(OBJ_D)\pkcs7.obj: $(SRC_D)\apps\pkcs7.c
-	$(CC) /Fo$(OBJ_D)\pkcs7.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\pkcs7.c
-
-$(OBJ_D)\crl2p7.obj: $(SRC_D)\apps\crl2p7.c
-	$(CC) /Fo$(OBJ_D)\crl2p7.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\crl2p7.c
-
-$(OBJ_D)\crl.obj: $(SRC_D)\apps\crl.c
-	$(CC) /Fo$(OBJ_D)\crl.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\crl.c
-
-$(OBJ_D)\rsa.obj: $(SRC_D)\apps\rsa.c
-	$(CC) /Fo$(OBJ_D)\rsa.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\rsa.c
-
-$(OBJ_D)\dsa.obj: $(SRC_D)\apps\dsa.c
-	$(CC) /Fo$(OBJ_D)\dsa.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dsa.c
-
-$(OBJ_D)\dsaparam.obj: $(SRC_D)\apps\dsaparam.c
-	$(CC) /Fo$(OBJ_D)\dsaparam.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\dsaparam.c
-
-$(OBJ_D)\x509.obj: $(SRC_D)\apps\x509.c
-	$(CC) /Fo$(OBJ_D)\x509.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\x509.c
-
-$(OBJ_D)\genrsa.obj: $(SRC_D)\apps\genrsa.c
-	$(CC) /Fo$(OBJ_D)\genrsa.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\genrsa.c
-
-$(OBJ_D)\s_server.obj: $(SRC_D)\apps\s_server.c
-	$(CC) /Fo$(OBJ_D)\s_server.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_server.c
-
-$(OBJ_D)\s_client.obj: $(SRC_D)\apps\s_client.c
-	$(CC) /Fo$(OBJ_D)\s_client.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_client.c
-
-$(OBJ_D)\speed.obj: $(SRC_D)\apps\speed.c
-	$(CC) /Fo$(OBJ_D)\speed.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\speed.c
-
-$(OBJ_D)\s_time.obj: $(SRC_D)\apps\s_time.c
-	$(CC) /Fo$(OBJ_D)\s_time.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_time.c
-
-$(OBJ_D)\apps.obj: $(SRC_D)\apps\apps.c
-	$(CC) /Fo$(OBJ_D)\apps.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\apps.c
-
-$(OBJ_D)\s_cb.obj: $(SRC_D)\apps\s_cb.c
-	$(CC) /Fo$(OBJ_D)\s_cb.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_cb.c
-
-$(OBJ_D)\s_socket.obj: $(SRC_D)\apps\s_socket.c
-	$(CC) /Fo$(OBJ_D)\s_socket.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_socket.c
-
-$(OBJ_D)\s_eio.obj: $(SRC_D)\apps\s_eio.c
-	$(CC) /Fo$(OBJ_D)\s_eio.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\s_eio.c
-
-$(OBJ_D)\bf_perm.obj: $(SRC_D)\apps\bf_perm.c
-	$(CC) /Fo$(OBJ_D)\bf_perm.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\bf_perm.c
-
-$(OBJ_D)\version.obj: $(SRC_D)\apps\version.c
-	$(CC) /Fo$(OBJ_D)\version.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\version.c
-
-$(OBJ_D)\sess_id.obj: $(SRC_D)\apps\sess_id.c
-	$(CC) /Fo$(OBJ_D)\sess_id.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\sess_id.c
-
-$(OBJ_D)\ciphers.obj: $(SRC_D)\apps\ciphers.c
-	$(CC) /Fo$(OBJ_D)\ciphers.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\ciphers.c
-
-$(OBJ_D)\ssleay.obj: $(SRC_D)\apps\ssleay.c
-	$(CC) /Fo$(OBJ_D)\ssleay.obj -DMONOLITH $(APP_CFLAGS) -c $(SRC_D)\apps\ssleay.c
-
-crypto\bn\asm\x86w32.obj: crypto\bn\asm\x86w32.asm
-	$(ASM) /Focrypto\bn\asm\x86w32.obj $(SRC_D)\crypto\bn\asm\x86w32.asm
-
-$(OBJ_D)\cryptlib.obj: $(SRC_D)\crypto\cryptlib.c
-	$(CC) /Fo$(OBJ_D)\cryptlib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cryptlib.c
-
-$(OBJ_D)\mem.obj: $(SRC_D)\crypto\mem.c
-	$(CC) /Fo$(OBJ_D)\mem.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\mem.c
-
-$(OBJ_D)\cversion.obj: $(SRC_D)\crypto\cversion.c
-	$(CC) /Fo$(OBJ_D)\cversion.obj  $(SHLIB_CFLAGS) -DCFLAGS="\"$(CC) $(CFLAG)\"" -DPLATFORM="\"$(PLATFORM)\"" -c $(SRC_D)\crypto\cversion.c
-
-$(OBJ_D)\ex_data.obj: $(SRC_D)\crypto\ex_data.c
-	$(CC) /Fo$(OBJ_D)\ex_data.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\ex_data.c
-
-$(OBJ_D)\tmdiff.obj: $(SRC_D)\crypto\tmdiff.c
-	$(CC) /Fo$(OBJ_D)\tmdiff.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\tmdiff.c
-
-$(OBJ_D)\cpt_err.obj: $(SRC_D)\crypto\cpt_err.c
-	$(CC) /Fo$(OBJ_D)\cpt_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cpt_err.c
-
-$(OBJ_D)\md2_dgst.obj: $(SRC_D)\crypto\md2\md2_dgst.c
-	$(CC) /Fo$(OBJ_D)\md2_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md2\md2_dgst.c
-
-$(OBJ_D)\md2_one.obj: $(SRC_D)\crypto\md2\md2_one.c
-	$(CC) /Fo$(OBJ_D)\md2_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md2\md2_one.c
-
-$(OBJ_D)\md5_dgst.obj: $(SRC_D)\crypto\md5\md5_dgst.c
-	$(CC) /Fo$(OBJ_D)\md5_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md5\md5_dgst.c
-
-$(OBJ_D)\md5_one.obj: $(SRC_D)\crypto\md5\md5_one.c
-	$(CC) /Fo$(OBJ_D)\md5_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\md5\md5_one.c
-
-$(OBJ_D)\sha_dgst.obj: $(SRC_D)\crypto\sha\sha_dgst.c
-	$(CC) /Fo$(OBJ_D)\sha_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha_dgst.c
-
-$(OBJ_D)\sha1dgst.obj: $(SRC_D)\crypto\sha\sha1dgst.c
-	$(CC) /Fo$(OBJ_D)\sha1dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha1dgst.c
-
-$(OBJ_D)\sha_one.obj: $(SRC_D)\crypto\sha\sha_one.c
-	$(CC) /Fo$(OBJ_D)\sha_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha_one.c
-
-$(OBJ_D)\sha1_one.obj: $(SRC_D)\crypto\sha\sha1_one.c
-	$(CC) /Fo$(OBJ_D)\sha1_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\sha\sha1_one.c
-
-$(OBJ_D)\mdc2dgst.obj: $(SRC_D)\crypto\mdc2\mdc2dgst.c
-	$(CC) /Fo$(OBJ_D)\mdc2dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2dgst.c
-
-$(OBJ_D)\mdc2_one.obj: $(SRC_D)\crypto\mdc2\mdc2_one.c
-	$(CC) /Fo$(OBJ_D)\mdc2_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\mdc2\mdc2_one.c
-
-$(OBJ_D)\hmac.obj: $(SRC_D)\crypto\hmac\hmac.c
-	$(CC) /Fo$(OBJ_D)\hmac.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\hmac\hmac.c
-
-$(OBJ_D)\rmd_dgst.obj: $(SRC_D)\crypto\ripemd\rmd_dgst.c
-	$(CC) /Fo$(OBJ_D)\rmd_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\ripemd\rmd_dgst.c
-
-$(OBJ_D)\rmd_one.obj: $(SRC_D)\crypto\ripemd\rmd_one.c
-	$(CC) /Fo$(OBJ_D)\rmd_one.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\ripemd\rmd_one.c
-
-$(OBJ_D)\set_key.obj: $(SRC_D)\crypto\des\set_key.c
-	$(CC) /Fo$(OBJ_D)\set_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\set_key.c
-
-$(OBJ_D)\ecb_enc.obj: $(SRC_D)\crypto\des\ecb_enc.c
-	$(CC) /Fo$(OBJ_D)\ecb_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ecb_enc.c
-
-$(OBJ_D)\cbc_enc.obj: $(SRC_D)\crypto\des\cbc_enc.c
-	$(CC) /Fo$(OBJ_D)\cbc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc_enc.c
-
-$(OBJ_D)\ecb3_enc.obj: $(SRC_D)\crypto\des\ecb3_enc.c
-	$(CC) /Fo$(OBJ_D)\ecb3_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ecb3_enc.c
-
-$(OBJ_D)\cfb64enc.obj: $(SRC_D)\crypto\des\cfb64enc.c
-	$(CC) /Fo$(OBJ_D)\cfb64enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb64enc.c
-
-$(OBJ_D)\cfb64ede.obj: $(SRC_D)\crypto\des\cfb64ede.c
-	$(CC) /Fo$(OBJ_D)\cfb64ede.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb64ede.c
-
-$(OBJ_D)\cfb_enc.obj: $(SRC_D)\crypto\des\cfb_enc.c
-	$(CC) /Fo$(OBJ_D)\cfb_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cfb_enc.c
-
-$(OBJ_D)\ofb64ede.obj: $(SRC_D)\crypto\des\ofb64ede.c
-	$(CC) /Fo$(OBJ_D)\ofb64ede.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb64ede.c
-
-$(OBJ_D)\enc_read.obj: $(SRC_D)\crypto\des\enc_read.c
-	$(CC) /Fo$(OBJ_D)\enc_read.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\enc_read.c
-
-$(OBJ_D)\enc_writ.obj: $(SRC_D)\crypto\des\enc_writ.c
-	$(CC) /Fo$(OBJ_D)\enc_writ.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\enc_writ.c
-
-$(OBJ_D)\ofb64enc.obj: $(SRC_D)\crypto\des\ofb64enc.c
-	$(CC) /Fo$(OBJ_D)\ofb64enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb64enc.c
-
-$(OBJ_D)\ofb_enc.obj: $(SRC_D)\crypto\des\ofb_enc.c
-	$(CC) /Fo$(OBJ_D)\ofb_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\ofb_enc.c
-
-$(OBJ_D)\str2key.obj: $(SRC_D)\crypto\des\str2key.c
-	$(CC) /Fo$(OBJ_D)\str2key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\str2key.c
-
-$(OBJ_D)\pcbc_enc.obj: $(SRC_D)\crypto\des\pcbc_enc.c
-	$(CC) /Fo$(OBJ_D)\pcbc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\pcbc_enc.c
-
-$(OBJ_D)\qud_cksm.obj: $(SRC_D)\crypto\des\qud_cksm.c
-	$(CC) /Fo$(OBJ_D)\qud_cksm.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\qud_cksm.c
-
-$(OBJ_D)\rand_key.obj: $(SRC_D)\crypto\des\rand_key.c
-	$(CC) /Fo$(OBJ_D)\rand_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\rand_key.c
-
-$(OBJ_D)\des_enc.obj: $(SRC_D)\crypto\des\des_enc.c
-	$(CC) /Fo$(OBJ_D)\des_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\des_enc.c
-
-$(OBJ_D)\fcrypt_b.obj: $(SRC_D)\crypto\des\fcrypt_b.c
-	$(CC) /Fo$(OBJ_D)\fcrypt_b.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\fcrypt_b.c
-
-$(OBJ_D)\read2pwd.obj: $(SRC_D)\crypto\des\read2pwd.c
-	$(CC) /Fo$(OBJ_D)\read2pwd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\read2pwd.c
-
-$(OBJ_D)\fcrypt.obj: $(SRC_D)\crypto\des\fcrypt.c
-	$(CC) /Fo$(OBJ_D)\fcrypt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\fcrypt.c
-
-$(OBJ_D)\xcbc_enc.obj: $(SRC_D)\crypto\des\xcbc_enc.c
-	$(CC) /Fo$(OBJ_D)\xcbc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\xcbc_enc.c
-
-$(OBJ_D)\read_pwd.obj: $(SRC_D)\crypto\des\read_pwd.c
-	$(CC) /Fo$(OBJ_D)\read_pwd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\read_pwd.c
-
-$(OBJ_D)\rpc_enc.obj: $(SRC_D)\crypto\des\rpc_enc.c
-	$(CC) /Fo$(OBJ_D)\rpc_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\rpc_enc.c
-
-$(OBJ_D)\cbc_cksm.obj: $(SRC_D)\crypto\des\cbc_cksm.c
-	$(CC) /Fo$(OBJ_D)\cbc_cksm.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\cbc_cksm.c
-
-$(OBJ_D)\supp.obj: $(SRC_D)\crypto\des\supp.c
-	$(CC) /Fo$(OBJ_D)\supp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\des\supp.c
-
-$(OBJ_D)\rc2_ecb.obj: $(SRC_D)\crypto\rc2\rc2_ecb.c
-	$(CC) /Fo$(OBJ_D)\rc2_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_ecb.c
-
-$(OBJ_D)\rc2_skey.obj: $(SRC_D)\crypto\rc2\rc2_skey.c
-	$(CC) /Fo$(OBJ_D)\rc2_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_skey.c
-
-$(OBJ_D)\rc2_cbc.obj: $(SRC_D)\crypto\rc2\rc2_cbc.c
-	$(CC) /Fo$(OBJ_D)\rc2_cbc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2_cbc.c
-
-$(OBJ_D)\rc2cfb64.obj: $(SRC_D)\crypto\rc2\rc2cfb64.c
-	$(CC) /Fo$(OBJ_D)\rc2cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2cfb64.c
-
-$(OBJ_D)\rc2ofb64.obj: $(SRC_D)\crypto\rc2\rc2ofb64.c
-	$(CC) /Fo$(OBJ_D)\rc2ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc2\rc2ofb64.c
-
-$(OBJ_D)\rc4_skey.obj: $(SRC_D)\crypto\rc4\rc4_skey.c
-	$(CC) /Fo$(OBJ_D)\rc4_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4_skey.c
-
-$(OBJ_D)\rc4_enc.obj: $(SRC_D)\crypto\rc4\rc4_enc.c
-	$(CC) /Fo$(OBJ_D)\rc4_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc4\rc4_enc.c
-
-$(OBJ_D)\rc5_skey.obj: $(SRC_D)\crypto\rc5\rc5_skey.c
-	$(CC) /Fo$(OBJ_D)\rc5_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5_skey.c
-
-$(OBJ_D)\rc5_ecb.obj: $(SRC_D)\crypto\rc5\rc5_ecb.c
-	$(CC) /Fo$(OBJ_D)\rc5_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5_ecb.c
-
-$(OBJ_D)\rc5_enc.obj: $(SRC_D)\crypto\rc5\rc5_enc.c
-	$(CC) /Fo$(OBJ_D)\rc5_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5_enc.c
-
-$(OBJ_D)\rc5cfb64.obj: $(SRC_D)\crypto\rc5\rc5cfb64.c
-	$(CC) /Fo$(OBJ_D)\rc5cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5cfb64.c
-
-$(OBJ_D)\rc5ofb64.obj: $(SRC_D)\crypto\rc5\rc5ofb64.c
-	$(CC) /Fo$(OBJ_D)\rc5ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rc5\rc5ofb64.c
-
-$(OBJ_D)\i_cbc.obj: $(SRC_D)\crypto\idea\i_cbc.c
-	$(CC) /Fo$(OBJ_D)\i_cbc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_cbc.c
-
-$(OBJ_D)\i_cfb64.obj: $(SRC_D)\crypto\idea\i_cfb64.c
-	$(CC) /Fo$(OBJ_D)\i_cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_cfb64.c
-
-$(OBJ_D)\i_ofb64.obj: $(SRC_D)\crypto\idea\i_ofb64.c
-	$(CC) /Fo$(OBJ_D)\i_ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_ofb64.c
-
-$(OBJ_D)\i_ecb.obj: $(SRC_D)\crypto\idea\i_ecb.c
-	$(CC) /Fo$(OBJ_D)\i_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_ecb.c
-
-$(OBJ_D)\i_skey.obj: $(SRC_D)\crypto\idea\i_skey.c
-	$(CC) /Fo$(OBJ_D)\i_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\idea\i_skey.c
-
-$(OBJ_D)\bf_skey.obj: $(SRC_D)\crypto\bf\bf_skey.c
-	$(CC) /Fo$(OBJ_D)\bf_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_skey.c
-
-$(OBJ_D)\bf_ecb.obj: $(SRC_D)\crypto\bf\bf_ecb.c
-	$(CC) /Fo$(OBJ_D)\bf_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_ecb.c
-
-$(OBJ_D)\bf_enc.obj: $(SRC_D)\crypto\bf\bf_enc.c
-	$(CC) /Fo$(OBJ_D)\bf_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_enc.c
-
-$(OBJ_D)\bf_cfb64.obj: $(SRC_D)\crypto\bf\bf_cfb64.c
-	$(CC) /Fo$(OBJ_D)\bf_cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_cfb64.c
-
-$(OBJ_D)\bf_ofb64.obj: $(SRC_D)\crypto\bf\bf_ofb64.c
-	$(CC) /Fo$(OBJ_D)\bf_ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bf\bf_ofb64.c
-
-$(OBJ_D)\c_skey.obj: $(SRC_D)\crypto\cast\c_skey.c
-	$(CC) /Fo$(OBJ_D)\c_skey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_skey.c
-
-$(OBJ_D)\c_ecb.obj: $(SRC_D)\crypto\cast\c_ecb.c
-	$(CC) /Fo$(OBJ_D)\c_ecb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_ecb.c
-
-$(OBJ_D)\c_enc.obj: $(SRC_D)\crypto\cast\c_enc.c
-	$(CC) /Fo$(OBJ_D)\c_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_enc.c
-
-$(OBJ_D)\c_cfb64.obj: $(SRC_D)\crypto\cast\c_cfb64.c
-	$(CC) /Fo$(OBJ_D)\c_cfb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_cfb64.c
-
-$(OBJ_D)\c_ofb64.obj: $(SRC_D)\crypto\cast\c_ofb64.c
-	$(CC) /Fo$(OBJ_D)\c_ofb64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\cast\c_ofb64.c
-
-$(OBJ_D)\bn_add.obj: $(SRC_D)\crypto\bn\bn_add.c
-	$(CC) /Fo$(OBJ_D)\bn_add.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_add.c
-
-$(OBJ_D)\bn_div.obj: $(SRC_D)\crypto\bn\bn_div.c
-	$(CC) /Fo$(OBJ_D)\bn_div.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_div.c
-
-$(OBJ_D)\bn_exp.obj: $(SRC_D)\crypto\bn\bn_exp.c
-	$(CC) /Fo$(OBJ_D)\bn_exp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_exp.c
-
-$(OBJ_D)\bn_lib.obj: $(SRC_D)\crypto\bn\bn_lib.c
-	$(CC) /Fo$(OBJ_D)\bn_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_lib.c
-
-$(OBJ_D)\bn_mul.obj: $(SRC_D)\crypto\bn\bn_mul.c
-	$(CC) /Fo$(OBJ_D)\bn_mul.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mul.c
-
-$(OBJ_D)\bn_print.obj: $(SRC_D)\crypto\bn\bn_print.c
-	$(CC) /Fo$(OBJ_D)\bn_print.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_print.c
-
-$(OBJ_D)\bn_rand.obj: $(SRC_D)\crypto\bn\bn_rand.c
-	$(CC) /Fo$(OBJ_D)\bn_rand.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_rand.c
-
-$(OBJ_D)\bn_shift.obj: $(SRC_D)\crypto\bn\bn_shift.c
-	$(CC) /Fo$(OBJ_D)\bn_shift.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_shift.c
-
-$(OBJ_D)\bn_word.obj: $(SRC_D)\crypto\bn\bn_word.c
-	$(CC) /Fo$(OBJ_D)\bn_word.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_word.c
-
-$(OBJ_D)\bn_blind.obj: $(SRC_D)\crypto\bn\bn_blind.c
-	$(CC) /Fo$(OBJ_D)\bn_blind.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_blind.c
-
-$(OBJ_D)\bn_gcd.obj: $(SRC_D)\crypto\bn\bn_gcd.c
-	$(CC) /Fo$(OBJ_D)\bn_gcd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_gcd.c
-
-$(OBJ_D)\bn_prime.obj: $(SRC_D)\crypto\bn\bn_prime.c
-	$(CC) /Fo$(OBJ_D)\bn_prime.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_prime.c
-
-$(OBJ_D)\bn_err.obj: $(SRC_D)\crypto\bn\bn_err.c
-	$(CC) /Fo$(OBJ_D)\bn_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_err.c
-
-$(OBJ_D)\bn_sqr.obj: $(SRC_D)\crypto\bn\bn_sqr.c
-	$(CC) /Fo$(OBJ_D)\bn_sqr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_sqr.c
-
-$(OBJ_D)\bn_asm.obj: $(SRC_D)\crypto\bn\bn_asm.c
-	$(CC) /Fo$(OBJ_D)\bn_asm.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_asm.c
-
-$(OBJ_D)\bn_recp.obj: $(SRC_D)\crypto\bn\bn_recp.c
-	$(CC) /Fo$(OBJ_D)\bn_recp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_recp.c
-
-$(OBJ_D)\bn_mont.obj: $(SRC_D)\crypto\bn\bn_mont.c
-	$(CC) /Fo$(OBJ_D)\bn_mont.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mont.c
-
-$(OBJ_D)\bn_mpi.obj: $(SRC_D)\crypto\bn\bn_mpi.c
-	$(CC) /Fo$(OBJ_D)\bn_mpi.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_mpi.c
-
-$(OBJ_D)\bn_exp2.obj: $(SRC_D)\crypto\bn\bn_exp2.c
-	$(CC) /Fo$(OBJ_D)\bn_exp2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bn\bn_exp2.c
-
-$(OBJ_D)\rsa_eay.obj: $(SRC_D)\crypto\rsa\rsa_eay.c
-	$(CC) /Fo$(OBJ_D)\rsa_eay.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_eay.c
-
-$(OBJ_D)\rsa_gen.obj: $(SRC_D)\crypto\rsa\rsa_gen.c
-	$(CC) /Fo$(OBJ_D)\rsa_gen.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_gen.c
-
-$(OBJ_D)\rsa_lib.obj: $(SRC_D)\crypto\rsa\rsa_lib.c
-	$(CC) /Fo$(OBJ_D)\rsa_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_lib.c
-
-$(OBJ_D)\rsa_sign.obj: $(SRC_D)\crypto\rsa\rsa_sign.c
-	$(CC) /Fo$(OBJ_D)\rsa_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_sign.c
-
-$(OBJ_D)\rsa_saos.obj: $(SRC_D)\crypto\rsa\rsa_saos.c
-	$(CC) /Fo$(OBJ_D)\rsa_saos.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_saos.c
-
-$(OBJ_D)\rsa_err.obj: $(SRC_D)\crypto\rsa\rsa_err.c
-	$(CC) /Fo$(OBJ_D)\rsa_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_err.c
-
-$(OBJ_D)\rsa_pk1.obj: $(SRC_D)\crypto\rsa\rsa_pk1.c
-	$(CC) /Fo$(OBJ_D)\rsa_pk1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_pk1.c
-
-$(OBJ_D)\rsa_ssl.obj: $(SRC_D)\crypto\rsa\rsa_ssl.c
-	$(CC) /Fo$(OBJ_D)\rsa_ssl.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_ssl.c
-
-$(OBJ_D)\rsa_none.obj: $(SRC_D)\crypto\rsa\rsa_none.c
-	$(CC) /Fo$(OBJ_D)\rsa_none.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rsa\rsa_none.c
-
-$(OBJ_D)\dsa_gen.obj: $(SRC_D)\crypto\dsa\dsa_gen.c
-	$(CC) /Fo$(OBJ_D)\dsa_gen.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_gen.c
-
-$(OBJ_D)\dsa_key.obj: $(SRC_D)\crypto\dsa\dsa_key.c
-	$(CC) /Fo$(OBJ_D)\dsa_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_key.c
-
-$(OBJ_D)\dsa_lib.obj: $(SRC_D)\crypto\dsa\dsa_lib.c
-	$(CC) /Fo$(OBJ_D)\dsa_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_lib.c
-
-$(OBJ_D)\dsa_vrf.obj: $(SRC_D)\crypto\dsa\dsa_vrf.c
-	$(CC) /Fo$(OBJ_D)\dsa_vrf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_vrf.c
-
-$(OBJ_D)\dsa_sign.obj: $(SRC_D)\crypto\dsa\dsa_sign.c
-	$(CC) /Fo$(OBJ_D)\dsa_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_sign.c
-
-$(OBJ_D)\dsa_err.obj: $(SRC_D)\crypto\dsa\dsa_err.c
-	$(CC) /Fo$(OBJ_D)\dsa_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dsa\dsa_err.c
-
-$(OBJ_D)\dh_gen.obj: $(SRC_D)\crypto\dh\dh_gen.c
-	$(CC) /Fo$(OBJ_D)\dh_gen.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_gen.c
-
-$(OBJ_D)\dh_key.obj: $(SRC_D)\crypto\dh\dh_key.c
-	$(CC) /Fo$(OBJ_D)\dh_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_key.c
-
-$(OBJ_D)\dh_lib.obj: $(SRC_D)\crypto\dh\dh_lib.c
-	$(CC) /Fo$(OBJ_D)\dh_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_lib.c
-
-$(OBJ_D)\dh_check.obj: $(SRC_D)\crypto\dh\dh_check.c
-	$(CC) /Fo$(OBJ_D)\dh_check.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_check.c
-
-$(OBJ_D)\dh_err.obj: $(SRC_D)\crypto\dh\dh_err.c
-	$(CC) /Fo$(OBJ_D)\dh_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\dh\dh_err.c
-
-$(OBJ_D)\buffer.obj: $(SRC_D)\crypto\buffer\buffer.c
-	$(CC) /Fo$(OBJ_D)\buffer.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\buffer\buffer.c
-
-$(OBJ_D)\buf_err.obj: $(SRC_D)\crypto\buffer\buf_err.c
-	$(CC) /Fo$(OBJ_D)\buf_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\buffer\buf_err.c
-
-$(OBJ_D)\bio_lib.obj: $(SRC_D)\crypto\bio\bio_lib.c
-	$(CC) /Fo$(OBJ_D)\bio_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_lib.c
-
-$(OBJ_D)\bio_cb.obj: $(SRC_D)\crypto\bio\bio_cb.c
-	$(CC) /Fo$(OBJ_D)\bio_cb.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_cb.c
-
-$(OBJ_D)\bio_err.obj: $(SRC_D)\crypto\bio\bio_err.c
-	$(CC) /Fo$(OBJ_D)\bio_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bio_err.c
-
-$(OBJ_D)\bss_mem.obj: $(SRC_D)\crypto\bio\bss_mem.c
-	$(CC) /Fo$(OBJ_D)\bss_mem.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_mem.c
-
-$(OBJ_D)\bss_null.obj: $(SRC_D)\crypto\bio\bss_null.c
-	$(CC) /Fo$(OBJ_D)\bss_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_null.c
-
-$(OBJ_D)\bss_fd.obj: $(SRC_D)\crypto\bio\bss_fd.c
-	$(CC) /Fo$(OBJ_D)\bss_fd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_fd.c
-
-$(OBJ_D)\bss_file.obj: $(SRC_D)\crypto\bio\bss_file.c
-	$(CC) /Fo$(OBJ_D)\bss_file.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_file.c
-
-$(OBJ_D)\bss_sock.obj: $(SRC_D)\crypto\bio\bss_sock.c
-	$(CC) /Fo$(OBJ_D)\bss_sock.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_sock.c
-
-$(OBJ_D)\bss_conn.obj: $(SRC_D)\crypto\bio\bss_conn.c
-	$(CC) /Fo$(OBJ_D)\bss_conn.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_conn.c
-
-$(OBJ_D)\bf_null.obj: $(SRC_D)\crypto\bio\bf_null.c
-	$(CC) /Fo$(OBJ_D)\bf_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_null.c
-
-$(OBJ_D)\bf_buff.obj: $(SRC_D)\crypto\bio\bf_buff.c
-	$(CC) /Fo$(OBJ_D)\bf_buff.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_buff.c
-
-$(OBJ_D)\b_print.obj: $(SRC_D)\crypto\bio\b_print.c
-	$(CC) /Fo$(OBJ_D)\b_print.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_print.c
-
-$(OBJ_D)\b_dump.obj: $(SRC_D)\crypto\bio\b_dump.c
-	$(CC) /Fo$(OBJ_D)\b_dump.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_dump.c
-
-$(OBJ_D)\b_sock.obj: $(SRC_D)\crypto\bio\b_sock.c
-	$(CC) /Fo$(OBJ_D)\b_sock.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\b_sock.c
-
-$(OBJ_D)\bss_acpt.obj: $(SRC_D)\crypto\bio\bss_acpt.c
-	$(CC) /Fo$(OBJ_D)\bss_acpt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_acpt.c
-
-$(OBJ_D)\bf_nbio.obj: $(SRC_D)\crypto\bio\bf_nbio.c
-	$(CC) /Fo$(OBJ_D)\bf_nbio.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bf_nbio.c
-
-$(OBJ_D)\bss_cs4a.obj: $(SRC_D)\crypto\bio\bss_cs4a.c
-	$(CC) /Fo$(OBJ_D)\bss_cs4a.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\bio\bss_cs4a.c
-
-$(OBJ_D)\stack.obj: $(SRC_D)\crypto\stack\stack.c
-	$(CC) /Fo$(OBJ_D)\stack.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\stack\stack.c
-
-$(OBJ_D)\lhash.obj: $(SRC_D)\crypto\lhash\lhash.c
-	$(CC) /Fo$(OBJ_D)\lhash.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\lhash\lhash.c
-
-$(OBJ_D)\lh_stats.obj: $(SRC_D)\crypto\lhash\lh_stats.c
-	$(CC) /Fo$(OBJ_D)\lh_stats.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\lhash\lh_stats.c
-
-$(OBJ_D)\md_rand.obj: $(SRC_D)\crypto\rand\md_rand.c
-	$(CC) /Fo$(OBJ_D)\md_rand.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rand\md_rand.c
-
-$(OBJ_D)\randfile.obj: $(SRC_D)\crypto\rand\randfile.c
-	$(CC) /Fo$(OBJ_D)\randfile.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rand\randfile.c
-
-$(OBJ_D)\rand_lib.obj: $(SRC_D)\crypto\rand\rand_lib.c
-	$(CC) /Fo$(OBJ_D)\rand_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\rand\rand_lib.c
-
-$(OBJ_D)\err.obj: $(SRC_D)\crypto\err\err.c
-	$(CC) /Fo$(OBJ_D)\err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\err\err.c
-
-$(OBJ_D)\err_all.obj: $(SRC_D)\crypto\err\err_all.c
-	$(CC) /Fo$(OBJ_D)\err_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\err\err_all.c
-
-$(OBJ_D)\err_prn.obj: $(SRC_D)\crypto\err\err_prn.c
-	$(CC) /Fo$(OBJ_D)\err_prn.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\err\err_prn.c
-
-$(OBJ_D)\o_names.obj: $(SRC_D)\crypto\objects\o_names.c
-	$(CC) /Fo$(OBJ_D)\o_names.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\objects\o_names.c
-
-$(OBJ_D)\obj_dat.obj: $(SRC_D)\crypto\objects\obj_dat.c
-	$(CC) /Fo$(OBJ_D)\obj_dat.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_dat.c
-
-$(OBJ_D)\obj_lib.obj: $(SRC_D)\crypto\objects\obj_lib.c
-	$(CC) /Fo$(OBJ_D)\obj_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_lib.c
-
-$(OBJ_D)\obj_err.obj: $(SRC_D)\crypto\objects\obj_err.c
-	$(CC) /Fo$(OBJ_D)\obj_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\objects\obj_err.c
-
-$(OBJ_D)\encode.obj: $(SRC_D)\crypto\evp\encode.c
-	$(CC) /Fo$(OBJ_D)\encode.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\encode.c
-
-$(OBJ_D)\digest.obj: $(SRC_D)\crypto\evp\digest.c
-	$(CC) /Fo$(OBJ_D)\digest.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\digest.c
-
-$(OBJ_D)\evp_enc.obj: $(SRC_D)\crypto\evp\evp_enc.c
-	$(CC) /Fo$(OBJ_D)\evp_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_enc.c
-
-$(OBJ_D)\evp_key.obj: $(SRC_D)\crypto\evp\evp_key.c
-	$(CC) /Fo$(OBJ_D)\evp_key.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_key.c
-
-$(OBJ_D)\e_ecb_d.obj: $(SRC_D)\crypto\evp\e_ecb_d.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_d.c
-
-$(OBJ_D)\e_cbc_d.obj: $(SRC_D)\crypto\evp\e_cbc_d.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_d.c
-
-$(OBJ_D)\e_cfb_d.obj: $(SRC_D)\crypto\evp\e_cfb_d.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_d.c
-
-$(OBJ_D)\e_ofb_d.obj: $(SRC_D)\crypto\evp\e_ofb_d.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_d.c
-
-$(OBJ_D)\e_ecb_i.obj: $(SRC_D)\crypto\evp\e_ecb_i.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_i.c
-
-$(OBJ_D)\e_cbc_i.obj: $(SRC_D)\crypto\evp\e_cbc_i.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_i.c
-
-$(OBJ_D)\e_cfb_i.obj: $(SRC_D)\crypto\evp\e_cfb_i.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_i.c
-
-$(OBJ_D)\e_ofb_i.obj: $(SRC_D)\crypto\evp\e_ofb_i.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_i.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_i.c
-
-$(OBJ_D)\e_ecb_3d.obj: $(SRC_D)\crypto\evp\e_ecb_3d.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_3d.c
-
-$(OBJ_D)\e_cbc_3d.obj: $(SRC_D)\crypto\evp\e_cbc_3d.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_3d.c
-
-$(OBJ_D)\e_rc4.obj: $(SRC_D)\crypto\evp\e_rc4.c
-	$(CC) /Fo$(OBJ_D)\e_rc4.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_rc4.c
-
-$(OBJ_D)\names.obj: $(SRC_D)\crypto\evp\names.c
-	$(CC) /Fo$(OBJ_D)\names.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\names.c
-
-$(OBJ_D)\e_cfb_3d.obj: $(SRC_D)\crypto\evp\e_cfb_3d.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_3d.c
-
-$(OBJ_D)\e_ofb_3d.obj: $(SRC_D)\crypto\evp\e_ofb_3d.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_3d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_3d.c
-
-$(OBJ_D)\e_xcbc_d.obj: $(SRC_D)\crypto\evp\e_xcbc_d.c
-	$(CC) /Fo$(OBJ_D)\e_xcbc_d.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_xcbc_d.c
-
-$(OBJ_D)\e_ecb_r2.obj: $(SRC_D)\crypto\evp\e_ecb_r2.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_r2.c
-
-$(OBJ_D)\e_cbc_r2.obj: $(SRC_D)\crypto\evp\e_cbc_r2.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_r2.c
-
-$(OBJ_D)\e_cfb_r2.obj: $(SRC_D)\crypto\evp\e_cfb_r2.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_r2.c
-
-$(OBJ_D)\e_ofb_r2.obj: $(SRC_D)\crypto\evp\e_ofb_r2.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_r2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_r2.c
-
-$(OBJ_D)\e_ecb_bf.obj: $(SRC_D)\crypto\evp\e_ecb_bf.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_bf.c
-
-$(OBJ_D)\e_cbc_bf.obj: $(SRC_D)\crypto\evp\e_cbc_bf.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_bf.c
-
-$(OBJ_D)\e_cfb_bf.obj: $(SRC_D)\crypto\evp\e_cfb_bf.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_bf.c
-
-$(OBJ_D)\e_ofb_bf.obj: $(SRC_D)\crypto\evp\e_ofb_bf.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_bf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_bf.c
-
-$(OBJ_D)\e_ecb_c.obj: $(SRC_D)\crypto\evp\e_ecb_c.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_c.c
-
-$(OBJ_D)\e_cbc_c.obj: $(SRC_D)\crypto\evp\e_cbc_c.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_c.c
-
-$(OBJ_D)\e_cfb_c.obj: $(SRC_D)\crypto\evp\e_cfb_c.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_c.c
-
-$(OBJ_D)\e_ofb_c.obj: $(SRC_D)\crypto\evp\e_ofb_c.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_c.c
-
-$(OBJ_D)\e_ecb_r5.obj: $(SRC_D)\crypto\evp\e_ecb_r5.c
-	$(CC) /Fo$(OBJ_D)\e_ecb_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ecb_r5.c
-
-$(OBJ_D)\e_cbc_r5.obj: $(SRC_D)\crypto\evp\e_cbc_r5.c
-	$(CC) /Fo$(OBJ_D)\e_cbc_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cbc_r5.c
-
-$(OBJ_D)\e_cfb_r5.obj: $(SRC_D)\crypto\evp\e_cfb_r5.c
-	$(CC) /Fo$(OBJ_D)\e_cfb_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_cfb_r5.c
-
-$(OBJ_D)\e_ofb_r5.obj: $(SRC_D)\crypto\evp\e_ofb_r5.c
-	$(CC) /Fo$(OBJ_D)\e_ofb_r5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_ofb_r5.c
-
-$(OBJ_D)\m_null.obj: $(SRC_D)\crypto\evp\m_null.c
-	$(CC) /Fo$(OBJ_D)\m_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_null.c
-
-$(OBJ_D)\m_md2.obj: $(SRC_D)\crypto\evp\m_md2.c
-	$(CC) /Fo$(OBJ_D)\m_md2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_md2.c
-
-$(OBJ_D)\m_md5.obj: $(SRC_D)\crypto\evp\m_md5.c
-	$(CC) /Fo$(OBJ_D)\m_md5.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_md5.c
-
-$(OBJ_D)\m_sha.obj: $(SRC_D)\crypto\evp\m_sha.c
-	$(CC) /Fo$(OBJ_D)\m_sha.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_sha.c
-
-$(OBJ_D)\m_sha1.obj: $(SRC_D)\crypto\evp\m_sha1.c
-	$(CC) /Fo$(OBJ_D)\m_sha1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_sha1.c
-
-$(OBJ_D)\m_dss.obj: $(SRC_D)\crypto\evp\m_dss.c
-	$(CC) /Fo$(OBJ_D)\m_dss.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_dss.c
-
-$(OBJ_D)\m_dss1.obj: $(SRC_D)\crypto\evp\m_dss1.c
-	$(CC) /Fo$(OBJ_D)\m_dss1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_dss1.c
-
-$(OBJ_D)\m_mdc2.obj: $(SRC_D)\crypto\evp\m_mdc2.c
-	$(CC) /Fo$(OBJ_D)\m_mdc2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_mdc2.c
-
-$(OBJ_D)\m_ripemd.obj: $(SRC_D)\crypto\evp\m_ripemd.c
-	$(CC) /Fo$(OBJ_D)\m_ripemd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\m_ripemd.c
-
-$(OBJ_D)\p_open.obj: $(SRC_D)\crypto\evp\p_open.c
-	$(CC) /Fo$(OBJ_D)\p_open.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_open.c
-
-$(OBJ_D)\p_seal.obj: $(SRC_D)\crypto\evp\p_seal.c
-	$(CC) /Fo$(OBJ_D)\p_seal.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_seal.c
-
-$(OBJ_D)\p_sign.obj: $(SRC_D)\crypto\evp\p_sign.c
-	$(CC) /Fo$(OBJ_D)\p_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_sign.c
-
-$(OBJ_D)\p_verify.obj: $(SRC_D)\crypto\evp\p_verify.c
-	$(CC) /Fo$(OBJ_D)\p_verify.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_verify.c
-
-$(OBJ_D)\p_lib.obj: $(SRC_D)\crypto\evp\p_lib.c
-	$(CC) /Fo$(OBJ_D)\p_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_lib.c
-
-$(OBJ_D)\p_enc.obj: $(SRC_D)\crypto\evp\p_enc.c
-	$(CC) /Fo$(OBJ_D)\p_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_enc.c
-
-$(OBJ_D)\p_dec.obj: $(SRC_D)\crypto\evp\p_dec.c
-	$(CC) /Fo$(OBJ_D)\p_dec.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\p_dec.c
-
-$(OBJ_D)\bio_md.obj: $(SRC_D)\crypto\evp\bio_md.c
-	$(CC) /Fo$(OBJ_D)\bio_md.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_md.c
-
-$(OBJ_D)\bio_b64.obj: $(SRC_D)\crypto\evp\bio_b64.c
-	$(CC) /Fo$(OBJ_D)\bio_b64.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_b64.c
-
-$(OBJ_D)\bio_enc.obj: $(SRC_D)\crypto\evp\bio_enc.c
-	$(CC) /Fo$(OBJ_D)\bio_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\bio_enc.c
-
-$(OBJ_D)\evp_err.obj: $(SRC_D)\crypto\evp\evp_err.c
-	$(CC) /Fo$(OBJ_D)\evp_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_err.c
-
-$(OBJ_D)\e_null.obj: $(SRC_D)\crypto\evp\e_null.c
-	$(CC) /Fo$(OBJ_D)\e_null.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\e_null.c
-
-$(OBJ_D)\c_all.obj: $(SRC_D)\crypto\evp\c_all.c
-	$(CC) /Fo$(OBJ_D)\c_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\c_all.c
-
-$(OBJ_D)\evp_lib.obj: $(SRC_D)\crypto\evp\evp_lib.c
-	$(CC) /Fo$(OBJ_D)\evp_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\evp\evp_lib.c
-
-$(OBJ_D)\pem_sign.obj: $(SRC_D)\crypto\pem\pem_sign.c
-	$(CC) /Fo$(OBJ_D)\pem_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_sign.c
-
-$(OBJ_D)\pem_seal.obj: $(SRC_D)\crypto\pem\pem_seal.c
-	$(CC) /Fo$(OBJ_D)\pem_seal.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_seal.c
-
-$(OBJ_D)\pem_info.obj: $(SRC_D)\crypto\pem\pem_info.c
-	$(CC) /Fo$(OBJ_D)\pem_info.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_info.c
-
-$(OBJ_D)\pem_lib.obj: $(SRC_D)\crypto\pem\pem_lib.c
-	$(CC) /Fo$(OBJ_D)\pem_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_lib.c
-
-$(OBJ_D)\pem_all.obj: $(SRC_D)\crypto\pem\pem_all.c
-	$(CC) /Fo$(OBJ_D)\pem_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_all.c
-
-$(OBJ_D)\pem_err.obj: $(SRC_D)\crypto\pem\pem_err.c
-	$(CC) /Fo$(OBJ_D)\pem_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pem\pem_err.c
-
-$(OBJ_D)\a_object.obj: $(SRC_D)\crypto\asn1\a_object.c
-	$(CC) /Fo$(OBJ_D)\a_object.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_object.c
-
-$(OBJ_D)\a_bitstr.obj: $(SRC_D)\crypto\asn1\a_bitstr.c
-	$(CC) /Fo$(OBJ_D)\a_bitstr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bitstr.c
-
-$(OBJ_D)\a_utctm.obj: $(SRC_D)\crypto\asn1\a_utctm.c
-	$(CC) /Fo$(OBJ_D)\a_utctm.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_utctm.c
-
-$(OBJ_D)\a_int.obj: $(SRC_D)\crypto\asn1\a_int.c
-	$(CC) /Fo$(OBJ_D)\a_int.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_int.c
-
-$(OBJ_D)\a_octet.obj: $(SRC_D)\crypto\asn1\a_octet.c
-	$(CC) /Fo$(OBJ_D)\a_octet.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_octet.c
-
-$(OBJ_D)\a_print.obj: $(SRC_D)\crypto\asn1\a_print.c
-	$(CC) /Fo$(OBJ_D)\a_print.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_print.c
-
-$(OBJ_D)\a_type.obj: $(SRC_D)\crypto\asn1\a_type.c
-	$(CC) /Fo$(OBJ_D)\a_type.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_type.c
-
-$(OBJ_D)\a_set.obj: $(SRC_D)\crypto\asn1\a_set.c
-	$(CC) /Fo$(OBJ_D)\a_set.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_set.c
-
-$(OBJ_D)\a_dup.obj: $(SRC_D)\crypto\asn1\a_dup.c
-	$(CC) /Fo$(OBJ_D)\a_dup.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_dup.c
-
-$(OBJ_D)\a_d2i_fp.obj: $(SRC_D)\crypto\asn1\a_d2i_fp.c
-	$(CC) /Fo$(OBJ_D)\a_d2i_fp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_d2i_fp.c
-
-$(OBJ_D)\a_i2d_fp.obj: $(SRC_D)\crypto\asn1\a_i2d_fp.c
-	$(CC) /Fo$(OBJ_D)\a_i2d_fp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_i2d_fp.c
-
-$(OBJ_D)\a_bmp.obj: $(SRC_D)\crypto\asn1\a_bmp.c
-	$(CC) /Fo$(OBJ_D)\a_bmp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bmp.c
-
-$(OBJ_D)\a_sign.obj: $(SRC_D)\crypto\asn1\a_sign.c
-	$(CC) /Fo$(OBJ_D)\a_sign.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_sign.c
-
-$(OBJ_D)\a_digest.obj: $(SRC_D)\crypto\asn1\a_digest.c
-	$(CC) /Fo$(OBJ_D)\a_digest.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_digest.c
-
-$(OBJ_D)\a_verify.obj: $(SRC_D)\crypto\asn1\a_verify.c
-	$(CC) /Fo$(OBJ_D)\a_verify.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_verify.c
-
-$(OBJ_D)\x_algor.obj: $(SRC_D)\crypto\asn1\x_algor.c
-	$(CC) /Fo$(OBJ_D)\x_algor.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_algor.c
-
-$(OBJ_D)\x_val.obj: $(SRC_D)\crypto\asn1\x_val.c
-	$(CC) /Fo$(OBJ_D)\x_val.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_val.c
-
-$(OBJ_D)\x_pubkey.obj: $(SRC_D)\crypto\asn1\x_pubkey.c
-	$(CC) /Fo$(OBJ_D)\x_pubkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_pubkey.c
-
-$(OBJ_D)\x_sig.obj: $(SRC_D)\crypto\asn1\x_sig.c
-	$(CC) /Fo$(OBJ_D)\x_sig.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_sig.c
-
-$(OBJ_D)\x_req.obj: $(SRC_D)\crypto\asn1\x_req.c
-	$(CC) /Fo$(OBJ_D)\x_req.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_req.c
-
-$(OBJ_D)\x_attrib.obj: $(SRC_D)\crypto\asn1\x_attrib.c
-	$(CC) /Fo$(OBJ_D)\x_attrib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_attrib.c
-
-$(OBJ_D)\x_name.obj: $(SRC_D)\crypto\asn1\x_name.c
-	$(CC) /Fo$(OBJ_D)\x_name.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_name.c
-
-$(OBJ_D)\x_cinf.obj: $(SRC_D)\crypto\asn1\x_cinf.c
-	$(CC) /Fo$(OBJ_D)\x_cinf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_cinf.c
-
-$(OBJ_D)\x_x509.obj: $(SRC_D)\crypto\asn1\x_x509.c
-	$(CC) /Fo$(OBJ_D)\x_x509.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_x509.c
-
-$(OBJ_D)\x_crl.obj: $(SRC_D)\crypto\asn1\x_crl.c
-	$(CC) /Fo$(OBJ_D)\x_crl.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_crl.c
-
-$(OBJ_D)\x_info.obj: $(SRC_D)\crypto\asn1\x_info.c
-	$(CC) /Fo$(OBJ_D)\x_info.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_info.c
-
-$(OBJ_D)\x_spki.obj: $(SRC_D)\crypto\asn1\x_spki.c
-	$(CC) /Fo$(OBJ_D)\x_spki.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_spki.c
-
-$(OBJ_D)\d2i_r_pr.obj: $(SRC_D)\crypto\asn1\d2i_r_pr.c
-	$(CC) /Fo$(OBJ_D)\d2i_r_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_r_pr.c
-
-$(OBJ_D)\i2d_r_pr.obj: $(SRC_D)\crypto\asn1\i2d_r_pr.c
-	$(CC) /Fo$(OBJ_D)\i2d_r_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_r_pr.c
-
-$(OBJ_D)\d2i_r_pu.obj: $(SRC_D)\crypto\asn1\d2i_r_pu.c
-	$(CC) /Fo$(OBJ_D)\d2i_r_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_r_pu.c
-
-$(OBJ_D)\i2d_r_pu.obj: $(SRC_D)\crypto\asn1\i2d_r_pu.c
-	$(CC) /Fo$(OBJ_D)\i2d_r_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_r_pu.c
-
-$(OBJ_D)\d2i_s_pr.obj: $(SRC_D)\crypto\asn1\d2i_s_pr.c
-	$(CC) /Fo$(OBJ_D)\d2i_s_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_s_pr.c
-
-$(OBJ_D)\i2d_s_pr.obj: $(SRC_D)\crypto\asn1\i2d_s_pr.c
-	$(CC) /Fo$(OBJ_D)\i2d_s_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_s_pr.c
-
-$(OBJ_D)\d2i_s_pu.obj: $(SRC_D)\crypto\asn1\d2i_s_pu.c
-	$(CC) /Fo$(OBJ_D)\d2i_s_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_s_pu.c
-
-$(OBJ_D)\i2d_s_pu.obj: $(SRC_D)\crypto\asn1\i2d_s_pu.c
-	$(CC) /Fo$(OBJ_D)\i2d_s_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_s_pu.c
-
-$(OBJ_D)\d2i_pu.obj: $(SRC_D)\crypto\asn1\d2i_pu.c
-	$(CC) /Fo$(OBJ_D)\d2i_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_pu.c
-
-$(OBJ_D)\d2i_pr.obj: $(SRC_D)\crypto\asn1\d2i_pr.c
-	$(CC) /Fo$(OBJ_D)\d2i_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_pr.c
-
-$(OBJ_D)\i2d_pu.obj: $(SRC_D)\crypto\asn1\i2d_pu.c
-	$(CC) /Fo$(OBJ_D)\i2d_pu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_pu.c
-
-$(OBJ_D)\i2d_pr.obj: $(SRC_D)\crypto\asn1\i2d_pr.c
-	$(CC) /Fo$(OBJ_D)\i2d_pr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_pr.c
-
-$(OBJ_D)\t_req.obj: $(SRC_D)\crypto\asn1\t_req.c
-	$(CC) /Fo$(OBJ_D)\t_req.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_req.c
-
-$(OBJ_D)\t_x509.obj: $(SRC_D)\crypto\asn1\t_x509.c
-	$(CC) /Fo$(OBJ_D)\t_x509.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_x509.c
-
-$(OBJ_D)\t_pkey.obj: $(SRC_D)\crypto\asn1\t_pkey.c
-	$(CC) /Fo$(OBJ_D)\t_pkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\t_pkey.c
-
-$(OBJ_D)\p7_i_s.obj: $(SRC_D)\crypto\asn1\p7_i_s.c
-	$(CC) /Fo$(OBJ_D)\p7_i_s.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_i_s.c
-
-$(OBJ_D)\p7_signi.obj: $(SRC_D)\crypto\asn1\p7_signi.c
-	$(CC) /Fo$(OBJ_D)\p7_signi.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_signi.c
-
-$(OBJ_D)\p7_signd.obj: $(SRC_D)\crypto\asn1\p7_signd.c
-	$(CC) /Fo$(OBJ_D)\p7_signd.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_signd.c
-
-$(OBJ_D)\p7_recip.obj: $(SRC_D)\crypto\asn1\p7_recip.c
-	$(CC) /Fo$(OBJ_D)\p7_recip.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_recip.c
-
-$(OBJ_D)\p7_enc_c.obj: $(SRC_D)\crypto\asn1\p7_enc_c.c
-	$(CC) /Fo$(OBJ_D)\p7_enc_c.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_enc_c.c
-
-$(OBJ_D)\p7_evp.obj: $(SRC_D)\crypto\asn1\p7_evp.c
-	$(CC) /Fo$(OBJ_D)\p7_evp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_evp.c
-
-$(OBJ_D)\p7_dgst.obj: $(SRC_D)\crypto\asn1\p7_dgst.c
-	$(CC) /Fo$(OBJ_D)\p7_dgst.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_dgst.c
-
-$(OBJ_D)\p7_s_e.obj: $(SRC_D)\crypto\asn1\p7_s_e.c
-	$(CC) /Fo$(OBJ_D)\p7_s_e.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_s_e.c
-
-$(OBJ_D)\p7_enc.obj: $(SRC_D)\crypto\asn1\p7_enc.c
-	$(CC) /Fo$(OBJ_D)\p7_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_enc.c
-
-$(OBJ_D)\p7_lib.obj: $(SRC_D)\crypto\asn1\p7_lib.c
-	$(CC) /Fo$(OBJ_D)\p7_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\p7_lib.c
-
-$(OBJ_D)\f_int.obj: $(SRC_D)\crypto\asn1\f_int.c
-	$(CC) /Fo$(OBJ_D)\f_int.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\f_int.c
-
-$(OBJ_D)\f_string.obj: $(SRC_D)\crypto\asn1\f_string.c
-	$(CC) /Fo$(OBJ_D)\f_string.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\f_string.c
-
-$(OBJ_D)\i2d_dhp.obj: $(SRC_D)\crypto\asn1\i2d_dhp.c
-	$(CC) /Fo$(OBJ_D)\i2d_dhp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_dhp.c
-
-$(OBJ_D)\i2d_dsap.obj: $(SRC_D)\crypto\asn1\i2d_dsap.c
-	$(CC) /Fo$(OBJ_D)\i2d_dsap.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\i2d_dsap.c
-
-$(OBJ_D)\d2i_dhp.obj: $(SRC_D)\crypto\asn1\d2i_dhp.c
-	$(CC) /Fo$(OBJ_D)\d2i_dhp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_dhp.c
-
-$(OBJ_D)\d2i_dsap.obj: $(SRC_D)\crypto\asn1\d2i_dsap.c
-	$(CC) /Fo$(OBJ_D)\d2i_dsap.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\d2i_dsap.c
-
-$(OBJ_D)\n_pkey.obj: $(SRC_D)\crypto\asn1\n_pkey.c
-	$(CC) /Fo$(OBJ_D)\n_pkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\n_pkey.c
-
-$(OBJ_D)\a_hdr.obj: $(SRC_D)\crypto\asn1\a_hdr.c
-	$(CC) /Fo$(OBJ_D)\a_hdr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_hdr.c
-
-$(OBJ_D)\x_pkey.obj: $(SRC_D)\crypto\asn1\x_pkey.c
-	$(CC) /Fo$(OBJ_D)\x_pkey.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_pkey.c
-
-$(OBJ_D)\a_bool.obj: $(SRC_D)\crypto\asn1\a_bool.c
-	$(CC) /Fo$(OBJ_D)\a_bool.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bool.c
-
-$(OBJ_D)\x_exten.obj: $(SRC_D)\crypto\asn1\x_exten.c
-	$(CC) /Fo$(OBJ_D)\x_exten.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\x_exten.c
-
-$(OBJ_D)\asn1_par.obj: $(SRC_D)\crypto\asn1\asn1_par.c
-	$(CC) /Fo$(OBJ_D)\asn1_par.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_par.c
-
-$(OBJ_D)\asn1_lib.obj: $(SRC_D)\crypto\asn1\asn1_lib.c
-	$(CC) /Fo$(OBJ_D)\asn1_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_lib.c
-
-$(OBJ_D)\asn1_err.obj: $(SRC_D)\crypto\asn1\asn1_err.c
-	$(CC) /Fo$(OBJ_D)\asn1_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\asn1_err.c
-
-$(OBJ_D)\a_meth.obj: $(SRC_D)\crypto\asn1\a_meth.c
-	$(CC) /Fo$(OBJ_D)\a_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_meth.c
-
-$(OBJ_D)\a_bytes.obj: $(SRC_D)\crypto\asn1\a_bytes.c
-	$(CC) /Fo$(OBJ_D)\a_bytes.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\a_bytes.c
-
-$(OBJ_D)\evp_asn1.obj: $(SRC_D)\crypto\asn1\evp_asn1.c
-	$(CC) /Fo$(OBJ_D)\evp_asn1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\asn1\evp_asn1.c
-
-$(OBJ_D)\x509_def.obj: $(SRC_D)\crypto\x509\x509_def.c
-	$(CC) /Fo$(OBJ_D)\x509_def.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_def.c
-
-$(OBJ_D)\x509_d2.obj: $(SRC_D)\crypto\x509\x509_d2.c
-	$(CC) /Fo$(OBJ_D)\x509_d2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_d2.c
-
-$(OBJ_D)\x509_r2x.obj: $(SRC_D)\crypto\x509\x509_r2x.c
-	$(CC) /Fo$(OBJ_D)\x509_r2x.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_r2x.c
-
-$(OBJ_D)\x509_cmp.obj: $(SRC_D)\crypto\x509\x509_cmp.c
-	$(CC) /Fo$(OBJ_D)\x509_cmp.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_cmp.c
-
-$(OBJ_D)\x509_obj.obj: $(SRC_D)\crypto\x509\x509_obj.c
-	$(CC) /Fo$(OBJ_D)\x509_obj.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_obj.c
-
-$(OBJ_D)\x509_req.obj: $(SRC_D)\crypto\x509\x509_req.c
-	$(CC) /Fo$(OBJ_D)\x509_req.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_req.c
-
-$(OBJ_D)\x509_vfy.obj: $(SRC_D)\crypto\x509\x509_vfy.c
-	$(CC) /Fo$(OBJ_D)\x509_vfy.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_vfy.c
-
-$(OBJ_D)\x509_set.obj: $(SRC_D)\crypto\x509\x509_set.c
-	$(CC) /Fo$(OBJ_D)\x509_set.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_set.c
-
-$(OBJ_D)\x509rset.obj: $(SRC_D)\crypto\x509\x509rset.c
-	$(CC) /Fo$(OBJ_D)\x509rset.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509rset.c
-
-$(OBJ_D)\x509_err.obj: $(SRC_D)\crypto\x509\x509_err.c
-	$(CC) /Fo$(OBJ_D)\x509_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_err.c
-
-$(OBJ_D)\x509name.obj: $(SRC_D)\crypto\x509\x509name.c
-	$(CC) /Fo$(OBJ_D)\x509name.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509name.c
-
-$(OBJ_D)\x509_v3.obj: $(SRC_D)\crypto\x509\x509_v3.c
-	$(CC) /Fo$(OBJ_D)\x509_v3.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_v3.c
-
-$(OBJ_D)\x509_ext.obj: $(SRC_D)\crypto\x509\x509_ext.c
-	$(CC) /Fo$(OBJ_D)\x509_ext.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_ext.c
-
-$(OBJ_D)\x509pack.obj: $(SRC_D)\crypto\x509\x509pack.c
-	$(CC) /Fo$(OBJ_D)\x509pack.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509pack.c
-
-$(OBJ_D)\x509type.obj: $(SRC_D)\crypto\x509\x509type.c
-	$(CC) /Fo$(OBJ_D)\x509type.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509type.c
-
-$(OBJ_D)\x509_lu.obj: $(SRC_D)\crypto\x509\x509_lu.c
-	$(CC) /Fo$(OBJ_D)\x509_lu.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_lu.c
-
-$(OBJ_D)\x_all.obj: $(SRC_D)\crypto\x509\x_all.c
-	$(CC) /Fo$(OBJ_D)\x_all.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x_all.c
-
-$(OBJ_D)\x509_txt.obj: $(SRC_D)\crypto\x509\x509_txt.c
-	$(CC) /Fo$(OBJ_D)\x509_txt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\x509_txt.c
-
-$(OBJ_D)\by_file.obj: $(SRC_D)\crypto\x509\by_file.c
-	$(CC) /Fo$(OBJ_D)\by_file.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\by_file.c
-
-$(OBJ_D)\by_dir.obj: $(SRC_D)\crypto\x509\by_dir.c
-	$(CC) /Fo$(OBJ_D)\by_dir.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\by_dir.c
-
-$(OBJ_D)\v3_net.obj: $(SRC_D)\crypto\x509\v3_net.c
-	$(CC) /Fo$(OBJ_D)\v3_net.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\v3_net.c
-
-$(OBJ_D)\v3_x509.obj: $(SRC_D)\crypto\x509\v3_x509.c
-	$(CC) /Fo$(OBJ_D)\v3_x509.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\x509\v3_x509.c
-
-$(OBJ_D)\conf.obj: $(SRC_D)\crypto\conf\conf.c
-	$(CC) /Fo$(OBJ_D)\conf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\conf\conf.c
-
-$(OBJ_D)\conf_err.obj: $(SRC_D)\crypto\conf\conf_err.c
-	$(CC) /Fo$(OBJ_D)\conf_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\conf\conf_err.c
-
-$(OBJ_D)\txt_db.obj: $(SRC_D)\crypto\txt_db\txt_db.c
-	$(CC) /Fo$(OBJ_D)\txt_db.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\txt_db\txt_db.c
-
-$(OBJ_D)\pk7_lib.obj: $(SRC_D)\crypto\pkcs7\pk7_lib.c
-	$(CC) /Fo$(OBJ_D)\pk7_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pk7_lib.c
-
-$(OBJ_D)\pkcs7err.obj: $(SRC_D)\crypto\pkcs7\pkcs7err.c
-	$(CC) /Fo$(OBJ_D)\pkcs7err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pkcs7err.c
-
-$(OBJ_D)\pk7_doit.obj: $(SRC_D)\crypto\pkcs7\pk7_doit.c
-	$(CC) /Fo$(OBJ_D)\pk7_doit.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\pkcs7\pk7_doit.c
-
-$(OBJ_D)\proxy.obj: $(SRC_D)\crypto\proxy\proxy.c
-	$(CC) /Fo$(OBJ_D)\proxy.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\proxy\proxy.c
-
-$(OBJ_D)\pxy_txt.obj: $(SRC_D)\crypto\proxy\pxy_txt.c
-	$(CC) /Fo$(OBJ_D)\pxy_txt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\proxy\pxy_txt.c
-
-$(OBJ_D)\bf_proxy.obj: $(SRC_D)\crypto\proxy\bf_proxy.c
-	$(CC) /Fo$(OBJ_D)\bf_proxy.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\proxy\bf_proxy.c
-
-$(OBJ_D)\pxy_conf.obj: $(SRC_D)\crypto\proxy\pxy_conf.c
-	$(CC) /Fo$(OBJ_D)\pxy_conf.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\proxy\pxy_conf.c
-
-$(OBJ_D)\pxy_err.obj: $(SRC_D)\crypto\proxy\pxy_err.c
-	$(CC) /Fo$(OBJ_D)\pxy_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\proxy\pxy_err.c
-
-$(OBJ_D)\comp_lib.obj: $(SRC_D)\crypto\comp\comp_lib.c
-	$(CC) /Fo$(OBJ_D)\comp_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\comp\comp_lib.c
-
-$(OBJ_D)\c_rle.obj: $(SRC_D)\crypto\comp\c_rle.c
-	$(CC) /Fo$(OBJ_D)\c_rle.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\comp\c_rle.c
-
-$(OBJ_D)\c_zlib.obj: $(SRC_D)\crypto\comp\c_zlib.c
-	$(CC) /Fo$(OBJ_D)\c_zlib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\crypto\comp\c_zlib.c
-
-$(OBJ_D)\s2_meth.obj: $(SRC_D)\ssl\s2_meth.c
-	$(CC) /Fo$(OBJ_D)\s2_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_meth.c
-
-$(OBJ_D)\s2_srvr.obj: $(SRC_D)\ssl\s2_srvr.c
-	$(CC) /Fo$(OBJ_D)\s2_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_srvr.c
-
-$(OBJ_D)\s2_clnt.obj: $(SRC_D)\ssl\s2_clnt.c
-	$(CC) /Fo$(OBJ_D)\s2_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_clnt.c
-
-$(OBJ_D)\s2_lib.obj: $(SRC_D)\ssl\s2_lib.c
-	$(CC) /Fo$(OBJ_D)\s2_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_lib.c
-
-$(OBJ_D)\s2_enc.obj: $(SRC_D)\ssl\s2_enc.c
-	$(CC) /Fo$(OBJ_D)\s2_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_enc.c
-
-$(OBJ_D)\s2_pkt.obj: $(SRC_D)\ssl\s2_pkt.c
-	$(CC) /Fo$(OBJ_D)\s2_pkt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s2_pkt.c
-
-$(OBJ_D)\s3_meth.obj: $(SRC_D)\ssl\s3_meth.c
-	$(CC) /Fo$(OBJ_D)\s3_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_meth.c
-
-$(OBJ_D)\s3_srvr.obj: $(SRC_D)\ssl\s3_srvr.c
-	$(CC) /Fo$(OBJ_D)\s3_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_srvr.c
-
-$(OBJ_D)\s3_clnt.obj: $(SRC_D)\ssl\s3_clnt.c
-	$(CC) /Fo$(OBJ_D)\s3_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_clnt.c
-
-$(OBJ_D)\s3_lib.obj: $(SRC_D)\ssl\s3_lib.c
-	$(CC) /Fo$(OBJ_D)\s3_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_lib.c
-
-$(OBJ_D)\s3_enc.obj: $(SRC_D)\ssl\s3_enc.c
-	$(CC) /Fo$(OBJ_D)\s3_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_enc.c
-
-$(OBJ_D)\s3_pkt.obj: $(SRC_D)\ssl\s3_pkt.c
-	$(CC) /Fo$(OBJ_D)\s3_pkt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_pkt.c
-
-$(OBJ_D)\s3_both.obj: $(SRC_D)\ssl\s3_both.c
-	$(CC) /Fo$(OBJ_D)\s3_both.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s3_both.c
-
-$(OBJ_D)\s23_meth.obj: $(SRC_D)\ssl\s23_meth.c
-	$(CC) /Fo$(OBJ_D)\s23_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_meth.c
-
-$(OBJ_D)\s23_srvr.obj: $(SRC_D)\ssl\s23_srvr.c
-	$(CC) /Fo$(OBJ_D)\s23_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_srvr.c
-
-$(OBJ_D)\s23_clnt.obj: $(SRC_D)\ssl\s23_clnt.c
-	$(CC) /Fo$(OBJ_D)\s23_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_clnt.c
-
-$(OBJ_D)\s23_lib.obj: $(SRC_D)\ssl\s23_lib.c
-	$(CC) /Fo$(OBJ_D)\s23_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_lib.c
-
-$(OBJ_D)\s23_pkt.obj: $(SRC_D)\ssl\s23_pkt.c
-	$(CC) /Fo$(OBJ_D)\s23_pkt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\s23_pkt.c
-
-$(OBJ_D)\t1_meth.obj: $(SRC_D)\ssl\t1_meth.c
-	$(CC) /Fo$(OBJ_D)\t1_meth.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_meth.c
-
-$(OBJ_D)\t1_srvr.obj: $(SRC_D)\ssl\t1_srvr.c
-	$(CC) /Fo$(OBJ_D)\t1_srvr.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_srvr.c
-
-$(OBJ_D)\t1_clnt.obj: $(SRC_D)\ssl\t1_clnt.c
-	$(CC) /Fo$(OBJ_D)\t1_clnt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_clnt.c
-
-$(OBJ_D)\t1_lib.obj: $(SRC_D)\ssl\t1_lib.c
-	$(CC) /Fo$(OBJ_D)\t1_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_lib.c
-
-$(OBJ_D)\t1_enc.obj: $(SRC_D)\ssl\t1_enc.c
-	$(CC) /Fo$(OBJ_D)\t1_enc.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\t1_enc.c
-
-$(OBJ_D)\ssl_lib.obj: $(SRC_D)\ssl\ssl_lib.c
-	$(CC) /Fo$(OBJ_D)\ssl_lib.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_lib.c
-
-$(OBJ_D)\ssl_err2.obj: $(SRC_D)\ssl\ssl_err2.c
-	$(CC) /Fo$(OBJ_D)\ssl_err2.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err2.c
-
-$(OBJ_D)\ssl_cert.obj: $(SRC_D)\ssl\ssl_cert.c
-	$(CC) /Fo$(OBJ_D)\ssl_cert.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_cert.c
-
-$(OBJ_D)\ssl_sess.obj: $(SRC_D)\ssl\ssl_sess.c
-	$(CC) /Fo$(OBJ_D)\ssl_sess.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_sess.c
-
-$(OBJ_D)\ssl_ciph.obj: $(SRC_D)\ssl\ssl_ciph.c
-	$(CC) /Fo$(OBJ_D)\ssl_ciph.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_ciph.c
-
-$(OBJ_D)\ssl_stat.obj: $(SRC_D)\ssl\ssl_stat.c
-	$(CC) /Fo$(OBJ_D)\ssl_stat.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_stat.c
-
-$(OBJ_D)\ssl_rsa.obj: $(SRC_D)\ssl\ssl_rsa.c
-	$(CC) /Fo$(OBJ_D)\ssl_rsa.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_rsa.c
-
-$(OBJ_D)\ssl_asn1.obj: $(SRC_D)\ssl\ssl_asn1.c
-	$(CC) /Fo$(OBJ_D)\ssl_asn1.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_asn1.c
-
-$(OBJ_D)\ssl_txt.obj: $(SRC_D)\ssl\ssl_txt.c
-	$(CC) /Fo$(OBJ_D)\ssl_txt.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_txt.c
-
-$(OBJ_D)\ssl_algs.obj: $(SRC_D)\ssl\ssl_algs.c
-	$(CC) /Fo$(OBJ_D)\ssl_algs.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_algs.c
-
-$(OBJ_D)\bio_ssl.obj: $(SRC_D)\ssl\bio_ssl.c
-	$(CC) /Fo$(OBJ_D)\bio_ssl.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\bio_ssl.c
-
-$(OBJ_D)\pxy_ssl.obj: $(SRC_D)\ssl\pxy_ssl.c
-	$(CC) /Fo$(OBJ_D)\pxy_ssl.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\pxy_ssl.c
-
-$(OBJ_D)\ssl_err.obj: $(SRC_D)\ssl\ssl_err.c
-	$(CC) /Fo$(OBJ_D)\ssl_err.obj  $(SHLIB_CFLAGS) -c $(SRC_D)\ssl\ssl_err.c
-
-$(OBJ_D)\rsaref.obj: $(SRC_D)\rsaref\rsaref.c
-	$(CC) /Fo$(OBJ_D)\rsaref.obj  $(LIB_CFLAGS) -c $(SRC_D)\rsaref\rsaref.c
-
-$(OBJ_D)\rsar_err.obj: $(SRC_D)\rsaref\rsar_err.c
-	$(CC) /Fo$(OBJ_D)\rsar_err.obj  $(LIB_CFLAGS) -c $(SRC_D)\rsaref\rsar_err.c
-
-$(TEST_D)\md2test.exe: $(OBJ_D)\md2test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\md2test.obj
-  $(TEST_D)\md2test.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\md5test.exe: $(OBJ_D)\md5test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\md5test.obj
-  $(TEST_D)\md5test.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\shatest.exe: $(OBJ_D)\shatest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\shatest.obj
-  $(TEST_D)\shatest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\sha1test.exe: $(OBJ_D)\sha1test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\sha1test.obj
-  $(TEST_D)\sha1test.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\mdc2test.exe: $(OBJ_D)\mdc2test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\mdc2test.obj
-  $(TEST_D)\mdc2test.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\hmactest.exe: $(OBJ_D)\hmactest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\hmactest.obj
-  $(TEST_D)\hmactest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\rmdtest.exe: $(OBJ_D)\rmdtest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\rmdtest.obj
-  $(TEST_D)\rmdtest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\destest.exe: $(OBJ_D)\destest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\destest.obj
-  $(TEST_D)\destest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\rc2test.exe: $(OBJ_D)\rc2test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\rc2test.obj
-  $(TEST_D)\rc2test.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\rc4test.exe: $(OBJ_D)\rc4test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\rc4test.obj
-  $(TEST_D)\rc4test.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\rc5test.exe: $(OBJ_D)\rc5test.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\rc5test.obj
-  $(TEST_D)\rc5test.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\ideatest.exe: $(OBJ_D)\ideatest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\ideatest.obj
-  $(TEST_D)\ideatest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\bftest.exe: $(OBJ_D)\bftest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\bftest.obj
-  $(TEST_D)\bftest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\casttest.exe: $(OBJ_D)\casttest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\casttest.obj
-  $(TEST_D)\casttest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\bntest.exe: $(OBJ_D)\bntest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\bntest.obj
-  $(TEST_D)\bntest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\exptest.exe: $(OBJ_D)\exptest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\exptest.obj
-  $(TEST_D)\exptest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\dsatest.exe: $(OBJ_D)\dsatest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\dsatest.obj
-  $(TEST_D)\dsatest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\dhtest.exe: $(OBJ_D)\dhtest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\dhtest.obj
-  $(TEST_D)\dhtest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\randtest.exe: $(OBJ_D)\randtest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\randtest.obj
-  $(TEST_D)\randtest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(TEST_D)\ssltest.exe: $(OBJ_D)\ssltest.obj $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) $(OBJ_D)\ssltest.obj
-  $(TEST_D)\ssltest.exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
-$(O_SSL): $(SSLOBJ)
-	$(LINK) $(MLFLAGS) @<<
-  $(SHLIB_EX_OBJ) +
-  $(OBJ_D)\bio_ssl.obj +
-  $(OBJ_D)\pxy_ssl.obj +
-  $(OBJ_D)\s23_clnt.obj +
-  $(OBJ_D)\s23_lib.obj +
-  $(OBJ_D)\s23_meth.obj +
-  $(OBJ_D)\s23_pkt.obj +
-  $(OBJ_D)\s23_srvr.obj +
-  $(OBJ_D)\s2_clnt.obj +
-  $(OBJ_D)\s2_enc.obj +
-  $(OBJ_D)\s2_lib.obj +
-  $(OBJ_D)\s2_meth.obj +
-  $(OBJ_D)\s2_pkt.obj +
-  $(OBJ_D)\s2_srvr.obj +
-  $(OBJ_D)\s3_both.obj +
-  $(OBJ_D)\s3_clnt.obj +
-  $(OBJ_D)\s3_enc.obj +
-  $(OBJ_D)\s3_lib.obj +
-  $(OBJ_D)\s3_meth.obj +
-  $(OBJ_D)\s3_pkt.obj +
-  $(OBJ_D)\s3_srvr.obj +
-  $(OBJ_D)\ssl_algs.obj +
-  $(OBJ_D)\ssl_asn1.obj +
-  $(OBJ_D)\ssl_cert.obj +
-  $(OBJ_D)\ssl_ciph.obj +
-  $(OBJ_D)\ssl_err.obj +
-  $(OBJ_D)\ssl_err2.obj +
-  $(OBJ_D)\ssl_lib.obj +
-  $(OBJ_D)\ssl_rsa.obj +
-  $(OBJ_D)\ssl_sess.obj +
-  $(OBJ_D)\ssl_stat.obj +
-  $(OBJ_D)\ssl_txt.obj +
-  $(OBJ_D)\t1_clnt.obj +
-  $(OBJ_D)\t1_enc.obj +
-  $(OBJ_D)\t1_lib.obj +
-  $(OBJ_D)\t1_meth.obj +
-  $(OBJ_D)\t1_srvr.obj +
-
-  $(O_SSL)
-
-  $(L_CRYPTO) winsock oldnames ldllcew libw
-ms\ssleay16.def;
-<<
-	implib /noignorecase /nowep $(L_SSL) $(O_SSL)
-
-$(O_RSAGLUE): $(RSAGLUEOBJ)
-	del $(O_RSAGLUE)
-	$(MKLIB) @<<
-$(O_RSAGLUE)
-y
-+$(OBJ_D)\rsar_err.obj &
-+$(OBJ_D)\rsaref.obj &
-
-
-<<
-
-$(O_CRYPTO): $(CRYPTOOBJ)
-	$(LINK) $(MLFLAGS) @<<
-  $(SHLIB_EX_OBJ) +
-  $(BN_ASM_OBJ) +
-  $(OBJ_D)\a_bitstr.obj +
-  $(OBJ_D)\a_bmp.obj +
-  $(OBJ_D)\a_bool.obj +
-  $(OBJ_D)\a_bytes.obj +
-  $(OBJ_D)\a_d2i_fp.obj +
-  $(OBJ_D)\a_digest.obj +
-  $(OBJ_D)\a_dup.obj +
-  $(OBJ_D)\a_hdr.obj +
-  $(OBJ_D)\a_i2d_fp.obj +
-  $(OBJ_D)\a_int.obj +
-  $(OBJ_D)\a_meth.obj +
-  $(OBJ_D)\a_object.obj +
-  $(OBJ_D)\a_octet.obj +
-  $(OBJ_D)\a_print.obj +
-  $(OBJ_D)\a_set.obj +
-  $(OBJ_D)\a_sign.obj +
-  $(OBJ_D)\a_type.obj +
-  $(OBJ_D)\a_utctm.obj +
-  $(OBJ_D)\a_verify.obj +
-  $(OBJ_D)\asn1_err.obj +
-  $(OBJ_D)\asn1_lib.obj +
-  $(OBJ_D)\asn1_par.obj +
-  $(OBJ_D)\b_dump.obj +
-  $(OBJ_D)\b_print.obj +
-  $(OBJ_D)\b_sock.obj +
-  $(OBJ_D)\bf_buff.obj +
-  $(OBJ_D)\bf_cfb64.obj +
-  $(OBJ_D)\bf_ecb.obj +
-  $(OBJ_D)\bf_enc.obj +
-  $(OBJ_D)\bf_nbio.obj +
-  $(OBJ_D)\bf_null.obj +
-  $(OBJ_D)\bf_ofb64.obj +
-  $(OBJ_D)\bf_proxy.obj +
-  $(OBJ_D)\bf_skey.obj +
-  $(OBJ_D)\bio_b64.obj +
-  $(OBJ_D)\bio_cb.obj +
-  $(OBJ_D)\bio_enc.obj +
-  $(OBJ_D)\bio_err.obj +
-  $(OBJ_D)\bio_lib.obj +
-  $(OBJ_D)\bio_md.obj +
-  $(OBJ_D)\bn_add.obj +
-  $(OBJ_D)\bn_blind.obj +
-  $(OBJ_D)\bn_div.obj +
-  $(OBJ_D)\bn_err.obj +
-  $(OBJ_D)\bn_exp.obj +
-  $(OBJ_D)\bn_exp2.obj +
-  $(OBJ_D)\bn_gcd.obj +
-  $(OBJ_D)\bn_lib.obj +
-  $(OBJ_D)\bn_mont.obj +
-  $(OBJ_D)\bn_mpi.obj +
-  $(OBJ_D)\bn_mul.obj +
-  $(OBJ_D)\bn_prime.obj +
-  $(OBJ_D)\bn_print.obj +
-  $(OBJ_D)\bn_rand.obj +
-  $(OBJ_D)\bn_recp.obj +
-  $(OBJ_D)\bn_shift.obj +
-  $(OBJ_D)\bn_sqr.obj +
-  $(OBJ_D)\bn_word.obj +
-  $(OBJ_D)\bss_acpt.obj +
-  $(OBJ_D)\bss_conn.obj +
-  $(OBJ_D)\bss_cs4a.obj +
-  $(OBJ_D)\bss_fd.obj +
-  $(OBJ_D)\bss_file.obj +
-  $(OBJ_D)\bss_mem.obj +
-  $(OBJ_D)\bss_null.obj +
-  $(OBJ_D)\bss_sock.obj +
-  $(OBJ_D)\buf_err.obj +
-  $(OBJ_D)\buffer.obj +
-  $(OBJ_D)\by_dir.obj +
-  $(OBJ_D)\by_file.obj +
-  $(OBJ_D)\c_all.obj +
-  $(OBJ_D)\c_cfb64.obj +
-  $(OBJ_D)\c_ecb.obj +
-  $(OBJ_D)\c_enc.obj +
-  $(OBJ_D)\c_ofb64.obj +
-  $(OBJ_D)\c_rle.obj +
-  $(OBJ_D)\c_skey.obj +
-  $(OBJ_D)\c_zlib.obj +
-  $(OBJ_D)\cbc_cksm.obj +
-  $(OBJ_D)\cbc_enc.obj +
-  $(OBJ_D)\cfb64ede.obj +
-  $(OBJ_D)\cfb64enc.obj +
-  $(OBJ_D)\cfb_enc.obj +
-  $(OBJ_D)\comp_lib.obj +
-  $(OBJ_D)\conf.obj +
-  $(OBJ_D)\conf_err.obj +
-  $(OBJ_D)\cpt_err.obj +
-  $(OBJ_D)\cryptlib.obj +
-  $(OBJ_D)\cversion.obj +
-  $(OBJ_D)\d2i_dhp.obj +
-  $(OBJ_D)\d2i_dsap.obj +
-  $(OBJ_D)\d2i_pr.obj +
-  $(OBJ_D)\d2i_pu.obj +
-  $(OBJ_D)\d2i_r_pr.obj +
-  $(OBJ_D)\d2i_r_pu.obj +
-  $(OBJ_D)\d2i_s_pr.obj +
-  $(OBJ_D)\d2i_s_pu.obj +
-  $(OBJ_D)\des_enc.obj +
-  $(OBJ_D)\dh_check.obj +
-  $(OBJ_D)\dh_err.obj +
-  $(OBJ_D)\dh_gen.obj +
-  $(OBJ_D)\dh_key.obj +
-  $(OBJ_D)\dh_lib.obj +
-  $(OBJ_D)\digest.obj +
-  $(OBJ_D)\dsa_err.obj +
-  $(OBJ_D)\dsa_gen.obj +
-  $(OBJ_D)\dsa_key.obj +
-  $(OBJ_D)\dsa_lib.obj +
-  $(OBJ_D)\dsa_sign.obj +
-  $(OBJ_D)\dsa_vrf.obj +
-  $(OBJ_D)\e_cbc_3d.obj +
-  $(OBJ_D)\e_cbc_bf.obj +
-  $(OBJ_D)\e_cbc_c.obj +
-  $(OBJ_D)\e_cbc_d.obj +
-  $(OBJ_D)\e_cbc_i.obj +
-  $(OBJ_D)\e_cbc_r2.obj +
-  $(OBJ_D)\e_cbc_r5.obj +
-  $(OBJ_D)\e_cfb_3d.obj +
-  $(OBJ_D)\e_cfb_bf.obj +
-  $(OBJ_D)\e_cfb_c.obj +
-  $(OBJ_D)\e_cfb_d.obj +
-  $(OBJ_D)\e_cfb_i.obj +
-  $(OBJ_D)\e_cfb_r2.obj +
-  $(OBJ_D)\e_cfb_r5.obj +
-  $(OBJ_D)\e_ecb_3d.obj +
-  $(OBJ_D)\e_ecb_bf.obj +
-  $(OBJ_D)\e_ecb_c.obj +
-  $(OBJ_D)\e_ecb_d.obj +
-  $(OBJ_D)\e_ecb_i.obj +
-  $(OBJ_D)\e_ecb_r2.obj +
-  $(OBJ_D)\e_ecb_r5.obj +
-  $(OBJ_D)\e_null.obj +
-  $(OBJ_D)\e_ofb_3d.obj +
-  $(OBJ_D)\e_ofb_bf.obj +
-  $(OBJ_D)\e_ofb_c.obj +
-  $(OBJ_D)\e_ofb_d.obj +
-  $(OBJ_D)\e_ofb_i.obj +
-  $(OBJ_D)\e_ofb_r2.obj +
-  $(OBJ_D)\e_ofb_r5.obj +
-  $(OBJ_D)\e_rc4.obj +
-  $(OBJ_D)\e_xcbc_d.obj +
-  $(OBJ_D)\ecb3_enc.obj +
-  $(OBJ_D)\ecb_enc.obj +
-  $(OBJ_D)\enc_read.obj +
-  $(OBJ_D)\enc_writ.obj +
-  $(OBJ_D)\encode.obj +
-  $(OBJ_D)\err.obj +
-  $(OBJ_D)\err_all.obj +
-  $(OBJ_D)\err_prn.obj +
-  $(OBJ_D)\evp_asn1.obj +
-  $(OBJ_D)\evp_enc.obj +
-  $(OBJ_D)\evp_err.obj +
-  $(OBJ_D)\evp_key.obj +
-  $(OBJ_D)\evp_lib.obj +
-  $(OBJ_D)\ex_data.obj +
-  $(OBJ_D)\f_int.obj +
-  $(OBJ_D)\f_string.obj +
-  $(OBJ_D)\fcrypt.obj +
-  $(OBJ_D)\fcrypt_b.obj +
-  $(OBJ_D)\hmac.obj +
-  $(OBJ_D)\i2d_dhp.obj +
-  $(OBJ_D)\i2d_dsap.obj +
-  $(OBJ_D)\i2d_pr.obj +
-  $(OBJ_D)\i2d_pu.obj +
-  $(OBJ_D)\i2d_r_pr.obj +
-  $(OBJ_D)\i2d_r_pu.obj +
-  $(OBJ_D)\i2d_s_pr.obj +
-  $(OBJ_D)\i2d_s_pu.obj +
-  $(OBJ_D)\i_cbc.obj +
-  $(OBJ_D)\i_cfb64.obj +
-  $(OBJ_D)\i_ecb.obj +
-  $(OBJ_D)\i_ofb64.obj +
-  $(OBJ_D)\i_skey.obj +
-  $(OBJ_D)\lh_stats.obj +
-  $(OBJ_D)\lhash.obj +
-  $(OBJ_D)\m_dss.obj +
-  $(OBJ_D)\m_dss1.obj +
-  $(OBJ_D)\m_md2.obj +
-  $(OBJ_D)\m_md5.obj +
-  $(OBJ_D)\m_mdc2.obj +
-  $(OBJ_D)\m_null.obj +
-  $(OBJ_D)\m_ripemd.obj +
-  $(OBJ_D)\m_sha.obj +
-  $(OBJ_D)\m_sha1.obj +
-  $(OBJ_D)\md2_dgst.obj +
-  $(OBJ_D)\md2_one.obj +
-  $(OBJ_D)\md5_dgst.obj +
-  $(OBJ_D)\md5_one.obj +
-  $(OBJ_D)\md_rand.obj +
-  $(OBJ_D)\mdc2_one.obj +
-  $(OBJ_D)\mdc2dgst.obj +
-  $(OBJ_D)\mem.obj +
-  $(OBJ_D)\n_pkey.obj +
-  $(OBJ_D)\names.obj +
-  $(OBJ_D)\o_names.obj +
-  $(OBJ_D)\obj_dat.obj +
-  $(OBJ_D)\obj_err.obj +
-  $(OBJ_D)\obj_lib.obj +
-  $(OBJ_D)\ofb64ede.obj +
-  $(OBJ_D)\ofb64enc.obj +
-  $(OBJ_D)\ofb_enc.obj +
-  $(OBJ_D)\p7_dgst.obj +
-  $(OBJ_D)\p7_enc.obj +
-  $(OBJ_D)\p7_enc_c.obj +
-  $(OBJ_D)\p7_evp.obj +
-  $(OBJ_D)\p7_i_s.obj +
-  $(OBJ_D)\p7_lib.obj +
-  $(OBJ_D)\p7_recip.obj +
-  $(OBJ_D)\p7_s_e.obj +
-  $(OBJ_D)\p7_signd.obj +
-  $(OBJ_D)\p7_signi.obj +
-  $(OBJ_D)\p_dec.obj +
-  $(OBJ_D)\p_enc.obj +
-  $(OBJ_D)\p_lib.obj +
-  $(OBJ_D)\p_open.obj +
-  $(OBJ_D)\p_seal.obj +
-  $(OBJ_D)\p_sign.obj +
-  $(OBJ_D)\p_verify.obj +
-  $(OBJ_D)\pcbc_enc.obj +
-  $(OBJ_D)\pem_all.obj +
-  $(OBJ_D)\pem_err.obj +
-  $(OBJ_D)\pem_info.obj +
-  $(OBJ_D)\pem_lib.obj +
-  $(OBJ_D)\pem_seal.obj +
-  $(OBJ_D)\pem_sign.obj +
-  $(OBJ_D)\pk7_doit.obj +
-  $(OBJ_D)\pk7_lib.obj +
-  $(OBJ_D)\pkcs7err.obj +
-  $(OBJ_D)\proxy.obj +
-  $(OBJ_D)\pxy_conf.obj +
-  $(OBJ_D)\pxy_err.obj +
-  $(OBJ_D)\pxy_txt.obj +
-  $(OBJ_D)\qud_cksm.obj +
-  $(OBJ_D)\rand_key.obj +
-  $(OBJ_D)\rand_lib.obj +
-  $(OBJ_D)\randfile.obj +
-  $(OBJ_D)\rc2_cbc.obj +
-  $(OBJ_D)\rc2_ecb.obj +
-  $(OBJ_D)\rc2_skey.obj +
-  $(OBJ_D)\rc2cfb64.obj +
-  $(OBJ_D)\rc2ofb64.obj +
-  $(OBJ_D)\rc4_enc.obj +
-  $(OBJ_D)\rc4_skey.obj +
-  $(OBJ_D)\rc5_ecb.obj +
-  $(OBJ_D)\rc5_enc.obj +
-  $(OBJ_D)\rc5_skey.obj +
-  $(OBJ_D)\rc5cfb64.obj +
-  $(OBJ_D)\rc5ofb64.obj +
-  $(OBJ_D)\read2pwd.obj +
-  $(OBJ_D)\read_pwd.obj +
-  $(OBJ_D)\rmd_dgst.obj +
-  $(OBJ_D)\rmd_one.obj +
-  $(OBJ_D)\rpc_enc.obj +
-  $(OBJ_D)\rsa_eay.obj +
-  $(OBJ_D)\rsa_err.obj +
-  $(OBJ_D)\rsa_gen.obj +
-  $(OBJ_D)\rsa_lib.obj +
-  $(OBJ_D)\rsa_none.obj +
-  $(OBJ_D)\rsa_pk1.obj +
-  $(OBJ_D)\rsa_saos.obj +
-  $(OBJ_D)\rsa_sign.obj +
-  $(OBJ_D)\rsa_ssl.obj +
-  $(OBJ_D)\set_key.obj +
-  $(OBJ_D)\sha1_one.obj +
-  $(OBJ_D)\sha1dgst.obj +
-  $(OBJ_D)\sha_dgst.obj +
-  $(OBJ_D)\sha_one.obj +
-  $(OBJ_D)\stack.obj +
-  $(OBJ_D)\str2key.obj +
-  $(OBJ_D)\supp.obj +
-  $(OBJ_D)\t_pkey.obj +
-  $(OBJ_D)\t_req.obj +
-  $(OBJ_D)\t_x509.obj +
-  $(OBJ_D)\tmdiff.obj +
-  $(OBJ_D)\txt_db.obj +
-  $(OBJ_D)\v3_net.obj +
-  $(OBJ_D)\v3_x509.obj +
-  $(OBJ_D)\x509_cmp.obj +
-  $(OBJ_D)\x509_d2.obj +
-  $(OBJ_D)\x509_def.obj +
-  $(OBJ_D)\x509_err.obj +
-  $(OBJ_D)\x509_ext.obj +
-  $(OBJ_D)\x509_lu.obj +
-  $(OBJ_D)\x509_obj.obj +
-  $(OBJ_D)\x509_r2x.obj +
-  $(OBJ_D)\x509_req.obj +
-  $(OBJ_D)\x509_set.obj +
-  $(OBJ_D)\x509_txt.obj +
-  $(OBJ_D)\x509_v3.obj +
-  $(OBJ_D)\x509_vfy.obj +
-  $(OBJ_D)\x509name.obj +
-  $(OBJ_D)\x509pack.obj +
-  $(OBJ_D)\x509rset.obj +
-  $(OBJ_D)\x509type.obj +
-  $(OBJ_D)\x_algor.obj +
-  $(OBJ_D)\x_all.obj +
-  $(OBJ_D)\x_attrib.obj +
-  $(OBJ_D)\x_cinf.obj +
-  $(OBJ_D)\x_crl.obj +
-  $(OBJ_D)\x_exten.obj +
-  $(OBJ_D)\x_info.obj +
-  $(OBJ_D)\x_name.obj +
-  $(OBJ_D)\x_pkey.obj +
-  $(OBJ_D)\x_pubkey.obj +
-  $(OBJ_D)\x_req.obj +
-  $(OBJ_D)\x_sig.obj +
-  $(OBJ_D)\x_spki.obj +
-  $(OBJ_D)\x_val.obj +
-  $(OBJ_D)\x_x509.obj +
-  $(OBJ_D)\xcbc_enc.obj +
-
-  $(O_CRYPTO)
-
-   winsock oldnames ldllcew libw
-ms\libeay16.def;
-<<
-	implib /noignorecase /nowep $(L_CRYPTO) $(O_CRYPTO)
-
-$(BIN_D)\$(E_EXE).exe: $(E_OBJ) $(LIBS_DEP)
-  $(LINK) $(LFLAGS) @<<
-  $(APP_EX_OBJ) +
-  $(OBJ_D)\apps.obj +
-  $(OBJ_D)\asn1pars.obj +
-  $(OBJ_D)\bf_perm.obj +
-  $(OBJ_D)\ca.obj +
-  $(OBJ_D)\ciphers.obj +
-  $(OBJ_D)\crl.obj +
-  $(OBJ_D)\crl2p7.obj +
-  $(OBJ_D)\dgst.obj +
-  $(OBJ_D)\dh.obj +
-  $(OBJ_D)\dsa.obj +
-  $(OBJ_D)\dsaparam.obj +
-  $(OBJ_D)\enc.obj +
-  $(OBJ_D)\errstr.obj +
-  $(OBJ_D)\gendh.obj +
-  $(OBJ_D)\genrsa.obj +
-  $(OBJ_D)\pkcs7.obj +
-  $(OBJ_D)\req.obj +
-  $(OBJ_D)\rsa.obj +
-  $(OBJ_D)\s_cb.obj +
-  $(OBJ_D)\s_client.obj +
-  $(OBJ_D)\s_server.obj +
-  $(OBJ_D)\s_socket.obj +
-  $(OBJ_D)\s_time.obj +
-  $(OBJ_D)\sess_id.obj +
-  $(OBJ_D)\speed.obj +
-  $(OBJ_D)\ssleay.obj +
-  $(OBJ_D)\verify.obj +
-  $(OBJ_D)\version.obj +
-  $(OBJ_D)\x509.obj +
-
-  $(BIN_D)\$(E_EXE).exe
-
-  $(L_LIBS) $(EX_LIBS)
-
-<<
-
diff --git a/ms/x86asm.bat b/ms/x86asm.bat
new file mode 100755
index 0000000000..4d80e706e4
--- /dev/null
+++ b/ms/x86asm.bat
@@ -0,0 +1,57 @@
+

+@echo off

+echo Generating x86 assember

+

+echo Bignum

+cd crypto\bn\asm

+perl x86.pl win32n > bn-win32.asm

+cd ..\..\..

+

+echo DES

+cd crypto\des\asm

+perl des-586.pl win32n > d-win32.asm

+cd ..\..\..

+

+echo "crypt(3)"

+

+cd crypto\des\asm

+perl crypt586.pl win32n > y-win32.asm

+cd ..\..\..

+

+echo Blowfish

+

+cd crypto\bf\asm

+perl bf-586.pl win32n > b-win32.asm

+cd ..\..\..

+

+echo CAST5

+cd crypto\cast\asm

+perl cast-586.pl win32n > c-win32.asm

+cd ..\..\..

+

+echo RC4

+cd crypto\rc4\asm

+perl rc4-586.pl win32n > r4-win32.asm

+cd ..\..\..

+

+echo MD5

+cd crypto\md5\asm

+perl md5-586.pl win32n > m5-win32.asm

+cd ..\..\..

+

+echo SHA1

+cd crypto\sha\asm

+perl sha1-586.pl win32n > s1-win32.asm

+cd ..\..\..

+

+echo RIPEMD160

+cd crypto\ripemd\asm

+perl rmd-586.pl win32n > rm-win32.asm

+cd ..\..\..

+

+echo RC5\32

+cd crypto\rc5\asm

+perl rc5-586.pl win32n > r5-win32.asm

+cd ..\..\..

+

+echo on

diff --git a/ms/zzz b/ms/zzz
deleted file mode 100755
index 7ba8524c7b..0000000000
--- a/ms/zzz
+++ /dev/null
@@ -1,135 +0,0 @@
-@echo=off
-
-set test=E:\root\zip\eay\SSLeay\ms
-PATH=%PATH%;c:\eay\out;%test%
-
-rem run this from inside the bin directory
-
-echo destest
-destest
-if errorlevel 1 goto done
-
-echo ideatest
-ideatest
-if errorlevel 1 goto done
-
-echo bftest
-bftest
-if errorlevel 1 goto done
-
-echo shatest
-shatest
-if errorlevel 1 goto done
-
-echo sha1test
-sha1test
-if errorlevel 1 goto done
-
-echo md5test
-md5test
-if errorlevel 1 goto done
-
-echo md2test
-md2test
-if errorlevel 1 goto done
-
-echo mdc2test
-mdc2test
-if errorlevel 1 goto done
-
-echo rc2test
-rc2test
-if errorlevel 1 goto done
-
-echo rc4test
-rc4test
-if errorlevel 1 goto done
-
-echo randtest
-randtest
-if errorlevel 1 goto done
-
-echo dhtest
-dhtest
-if errorlevel 1 goto done
-
-echo exptest
-exptest
-if errorlevel 1 goto done
-
-echo dsatest
-dsatest
-if errorlevel 1 goto done
-
-echo testenc
-call %test%\testenc ssleay
-if errorlevel 1 goto done
-
-echo testpem
-call %test%\testpem ssleay
-if errorlevel 1 goto done
-
-echo verify
-copy ..\certs\*.pem cert.tmp >nul
-ssleay verify -CAfile cert.tmp ..\certs\*.pem
-
-echo testss
-call %test%\testss ssleay
-if errorlevel 1 goto done
-
-echo test sslv2
-ssltest -ssl2
-if errorlevel 1 goto done
-
-echo test sslv2 with server authentication
-ssltest -ssl2 -server_auth -CAfile cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv2 with client authentication 
-ssltest -ssl2 -client_auth -CAfile cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv2 with both client and server authentication
-ssltest -ssl2 -server_auth -client_auth -CAfile cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv3
-ssltest -ssl3
-if errorlevel 1 goto done
-
-echo test sslv3 with server authentication
-ssltest -ssl3 -server_auth -CAfile cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv3 with client authentication 
-ssltest -ssl3 -client_auth -CAfile cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv3 with both client and server authentication
-ssltest -ssl3 -server_auth -client_auth -CAfile cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3
-ssltest
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with server authentication
-ssltest -server_auth -CAfile cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with client authentication 
-ssltest -client_auth -CAfile cert.tmp
-if errorlevel 1 goto done
-
-echo test sslv2/sslv3 with both client and server authentication
-ssltest -server_auth -client_auth -CAfile cert.tmp
-if errorlevel 1 goto done
-
-
-del cert.tmp
-
-echo passed all tests
-goto end
-:done
-echo problems.....
-:end
diff --git a/mt/mttest.c b/mt/mttest.c
deleted file mode 100644
index 8651a1131a..0000000000
--- a/mt/mttest.c
+++ /dev/null
@@ -1,1115 +0,0 @@
-/* mt/mttest.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <errno.h>
-#ifdef LINUX
-#include <typedefs.h>
-#endif
-#ifdef WIN32
-#include <windows.h>
-#endif
-#ifdef SOLARIS
-#include <synch.h>
-#include <thread.h>
-#endif
-#ifdef IRIX
-#include <ulocks.h>
-#include <sys/prctl.h>
-#endif
-#include "lhash.h"
-#include "crypto.h"
-#include "buffer.h"
-#include "../e_os.h"
-#include "x509.h"
-#include "ssl.h"
-#include "err.h"
-
-#ifdef NO_FP_API
-#define APPS_WIN16
-#include "../crypto/buffer/bss_file.c"
-#endif
-
-#define TEST_SERVER_CERT "../apps/server.pem"
-#define TEST_CLIENT_CERT "../apps/client.pem"
-
-#define MAX_THREAD_NUMBER	100
-
-#ifndef NOPROTO
-int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
-	int error,char *arg);
-void thread_setup(void);
-void thread_cleanup(void);
-void do_threads(SSL_CTX *s_ctx,SSL_CTX *c_ctx);
-
-void irix_locking_callback(int mode,int type,char *file,int line);
-void solaris_locking_callback(int mode,int type,char *file,int line);
-void win32_locking_callback(int mode,int type,char *file,int line);
-void pthreads_locking_callback(int mode,int type,char *file,int line);
-
-unsigned long irix_thread_id(void );
-unsigned long solaris_thread_id(void );
-unsigned long pthreads_thread_id(void );
-
-#else
-int MS_CALLBACK verify_callback();
-void thread_setup();
-void thread_cleanup();
-void do_threads();
-
-void irix_locking_callback();
-void solaris_locking_callback();
-void win32_locking_callback();
-void pthreads_locking_callback();
-
-unsigned long irix_thread_id();
-unsigned long solaris_thread_id();
-unsigned long pthreads_thread_id();
-
-#endif
-
-BIO *bio_err=NULL;
-BIO *bio_stdout=NULL;
-
-static char *cipher=NULL;
-int verbose=0;
-#ifdef FIONBIO
-static int s_nbio=0;
-#endif
-
-int thread_number=10;
-int number_of_loops=10;
-int reconnect=0;
-int cache_stats=0;
-
-#ifndef  NOPROTO
-int doit(char *ctx[4]);
-#else
-int doit();
-#endif
-
-static void print_stats(fp,ctx)
-FILE *fp;
-SSL_CTX *ctx;
-{
-	fprintf(fp,"%4ld items in the session cache\n",
-		SSL_CTX_sess_number(ctx));
-	fprintf(fp,"%4d client connects (SSL_connect())\n",
-		SSL_CTX_sess_connect(ctx));
-	fprintf(fp,"%4d client connects that finished\n",
-		SSL_CTX_sess_connect_good(ctx));
-	fprintf(fp,"%4d server connects (SSL_accept())\n",
-		SSL_CTX_sess_accept(ctx));
-	fprintf(fp,"%4d server connects that finished\n",
-		SSL_CTX_sess_accept_good(ctx));
-	fprintf(fp,"%4d session cache hits\n",SSL_CTX_sess_hits(ctx));
-	fprintf(fp,"%4d session cache misses\n",SSL_CTX_sess_misses(ctx));
-	fprintf(fp,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ctx));
-	}
-
-static void sv_usage()
-	{
-	fprintf(stderr,"usage: ssltest [args ...]\n");
-	fprintf(stderr,"\n");
-	fprintf(stderr," -server_auth  - check server certificate\n");
-	fprintf(stderr," -client_auth  - do client authentication\n");
-	fprintf(stderr," -v            - more output\n");
-	fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
-	fprintf(stderr," -CAfile arg   - PEM format file of CA's\n");
-	fprintf(stderr," -threads arg  - number of threads\n");
-	fprintf(stderr," -loops arg    - number of 'connections', per thread\n");
-	fprintf(stderr," -reconnect    - reuse session-id's\n");
-	fprintf(stderr," -stats        - server session-id cache stats\n");
-	fprintf(stderr," -cert arg     - server certificate/key\n");
-	fprintf(stderr," -ccert arg    - client certificate/key\n");
-	fprintf(stderr," -ssl3         - just SSLv3n\n");
-	}
-
-int main(argc, argv)
-int argc;
-char *argv[];
-	{
-	char *CApath=NULL,*CAfile=NULL;
-	int badop=0;
-	int ret=1;
-	int client_auth=0;
-	int server_auth=0;
-	SSL_CTX *s_ctx=NULL;
-	SSL_CTX *c_ctx=NULL;
-	char *scert=TEST_SERVER_CERT;
-	char *ccert=TEST_CLIENT_CERT;
-	SSL_METHOD *ssl_method=SSLv23_method();
-
-	if (bio_err == NULL)
-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-	if (bio_stdout == NULL)
-		bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
-	argc--;
-	argv++;
-
-	while (argc >= 1)
-		{
-		if	(strcmp(*argv,"-server_auth") == 0)
-			server_auth=1;
-		else if	(strcmp(*argv,"-client_auth") == 0)
-			client_auth=1;
-		else if	(strcmp(*argv,"-reconnect") == 0)
-			reconnect=1;
-		else if	(strcmp(*argv,"-stats") == 0)
-			cache_stats=1;
-		else if	(strcmp(*argv,"-ssl3") == 0)
-			ssl_method=SSLv3_method();
-		else if	(strcmp(*argv,"-ssl2") == 0)
-			ssl_method=SSLv2_method();
-		else if	(strcmp(*argv,"-CApath") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CApath= *(++argv);
-			}
-		else if	(strcmp(*argv,"-CAfile") == 0)
-			{
-			if (--argc < 1) goto bad;
-			CAfile= *(++argv);
-			}
-		else if	(strcmp(*argv,"-cert") == 0)
-			{
-			if (--argc < 1) goto bad;
-			scert= *(++argv);
-			}
-		else if	(strcmp(*argv,"-ccert") == 0)
-			{
-			if (--argc < 1) goto bad;
-			ccert= *(++argv);
-			}
-		else if	(strcmp(*argv,"-threads") == 0)
-			{
-			if (--argc < 1) goto bad;
-			thread_number= atoi(*(++argv));
-			if (thread_number == 0) thread_number=1;
-			if (thread_number > MAX_THREAD_NUMBER)
-				thread_number=MAX_THREAD_NUMBER;
-			}
-		else if	(strcmp(*argv,"-loops") == 0)
-			{
-			if (--argc < 1) goto bad;
-			number_of_loops= atoi(*(++argv));
-			if (number_of_loops == 0) number_of_loops=1;
-			}
-		else
-			{
-			fprintf(stderr,"unknown option %s\n",*argv);
-			badop=1;
-			break;
-			}
-		argc--;
-		argv++;
-		}
-	if (badop)
-		{
-bad:
-		sv_usage();
-		goto end;
-		}
-
-	if (cipher == NULL) cipher=getenv("SSL_CIPHER");
-
-	SSL_load_error_strings();
-	SSLeay_add_ssl_algorithms();
-
-	c_ctx=SSL_CTX_new(ssl_method);
-	s_ctx=SSL_CTX_new(ssl_method);
-	if ((c_ctx == NULL) || (s_ctx == NULL))
-		{
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	SSL_CTX_set_session_cache_mode(s_ctx,
-		SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
-	SSL_CTX_set_session_cache_mode(c_ctx,
-		SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
-
-	SSL_CTX_use_certificate_file(s_ctx,scert,SSL_FILETYPE_PEM);
-	SSL_CTX_use_RSAPrivateKey_file(s_ctx,scert,SSL_FILETYPE_PEM);
-
-	if (client_auth)
-		{
-		SSL_CTX_use_certificate_file(c_ctx,ccert,
-			SSL_FILETYPE_PEM);
-		SSL_CTX_use_RSAPrivateKey_file(c_ctx,ccert,
-			SSL_FILETYPE_PEM);
-		}
-
-	if (	(!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
-		(!SSL_CTX_set_default_verify_paths(s_ctx)) ||
-		(!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
-		(!SSL_CTX_set_default_verify_paths(c_ctx)))
-		{
-		fprintf(stderr,"SSL_load_verify_locations\n");
-		ERR_print_errors(bio_err);
-		goto end;
-		}
-
-	if (client_auth)
-		{
-		fprintf(stderr,"client authentication\n");
-		SSL_CTX_set_verify(s_ctx,
-			SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
-			verify_callback);
-		}
-	if (server_auth)
-		{
-		fprintf(stderr,"server authentication\n");
-		SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
-			verify_callback);
-		}
-
-	thread_setup();
-	do_threads(s_ctx,c_ctx);
-	thread_cleanup();
-end:
-	
-	if (c_ctx != NULL) 
-		{
-		fprintf(stderr,"Client SSL_CTX stats then free it\n");
-		print_stats(stderr,c_ctx);
-		SSL_CTX_free(c_ctx);
-		}
-	if (s_ctx != NULL)
-		{
-		fprintf(stderr,"Server SSL_CTX stats then free it\n");
-		print_stats(stderr,s_ctx);
-		if (cache_stats)
-			{
-			fprintf(stderr,"-----\n");
-			lh_stats(SSL_CTX_sessions(s_ctx),stderr);
-			fprintf(stderr,"-----\n");
-		/*	lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
-			fprintf(stderr,"-----\n"); */
-			lh_node_usage_stats(SSL_CTX_sessions(s_ctx),stderr);
-			fprintf(stderr,"-----\n");
-			}
-		SSL_CTX_free(s_ctx);
-		fprintf(stderr,"done free\n");
-		}
-	exit(ret);
-	return(0);
-	}
-
-#define W_READ	1
-#define W_WRITE	2
-#define C_DONE	1
-#define S_DONE	2
-
-int ndoit(ssl_ctx)
-SSL_CTX *ssl_ctx[2];
-	{
-	int i;
-	int ret;
-	char *ctx[4];
-
-	ctx[0]=(char *)ssl_ctx[0];
-	ctx[1]=(char *)ssl_ctx[1];
-
-	if (reconnect)
-		{
-		ctx[2]=(char *)SSL_new(ssl_ctx[0]);
-		ctx[3]=(char *)SSL_new(ssl_ctx[1]);
-		}
-	else
-		{
-		ctx[2]=NULL;
-		ctx[3]=NULL;
-		}
-
-	fprintf(stdout,"started thread %lu\n",CRYPTO_thread_id());
-	for (i=0; i<number_of_loops; i++)
-		{
-/*		fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
-			CRYPTO_thread_id(),i,
-			ssl_ctx[0]->references,
-			ssl_ctx[1]->references); */
-	/*	pthread_delay_np(&tm);*/
-
-		ret=doit(ctx);
-		if (ret != 0)
-			{
-			fprintf(stdout,"error[%d] %lu - %d\n",
-				i,CRYPTO_thread_id(),ret);
-			return(ret);
-			}
-		}
-	fprintf(stdout,"DONE %lu\n",CRYPTO_thread_id());
-	if (reconnect)
-		{
-		SSL_free((SSL *)ctx[2]);
-		SSL_free((SSL *)ctx[3]);
-		}
-	return(0);
-	}
-
-int doit(ctx)
-char *ctx[4];
-	{
-	SSL_CTX *s_ctx,*c_ctx;
-	static char cbuf[200],sbuf[200];
-	SSL *c_ssl=NULL;
-	SSL *s_ssl=NULL;
-	BIO *c_to_s=NULL;
-	BIO *s_to_c=NULL;
-	BIO *c_bio=NULL;
-	BIO *s_bio=NULL;
-	int c_r,c_w,s_r,s_w;
-	int c_want,s_want;
-	int i;
-	int done=0;
-	int c_write,s_write;
-	int do_server=0,do_client=0;
-
-	s_ctx=(SSL_CTX *)ctx[0];
-	c_ctx=(SSL_CTX *)ctx[1];
-
-	if (ctx[2] != NULL)
-		s_ssl=(SSL *)ctx[2];
-	else
-		s_ssl=SSL_new(s_ctx);
-
-	if (ctx[3] != NULL)
-		c_ssl=(SSL *)ctx[3];
-	else
-		c_ssl=SSL_new(c_ctx);
-
-	if ((s_ssl == NULL) || (c_ssl == NULL)) goto err;
-
-	c_to_s=BIO_new(BIO_s_mem());
-	s_to_c=BIO_new(BIO_s_mem());
-	if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;
-
-	c_bio=BIO_new(BIO_f_ssl());
-	s_bio=BIO_new(BIO_f_ssl());
-	if ((c_bio == NULL) || (s_bio == NULL)) goto err;
-
-	SSL_set_connect_state(c_ssl);
-	SSL_set_bio(c_ssl,s_to_c,c_to_s);
-	BIO_set_ssl(c_bio,c_ssl,(ctx[2] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
-
-	SSL_set_accept_state(s_ssl);
-	SSL_set_bio(s_ssl,c_to_s,s_to_c);
-	BIO_set_ssl(s_bio,s_ssl,(ctx[3] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
-
-	c_r=0; s_r=1;
-	c_w=1; s_w=0;
-	c_want=W_WRITE;
-	s_want=0;
-	c_write=1,s_write=0;
-
-	/* We can always do writes */
-	for (;;)
-		{
-		do_server=0;
-		do_client=0;
-
-		i=(int)BIO_pending(s_bio);
-		if ((i && s_r) || s_w) do_server=1;
-
-		i=(int)BIO_pending(c_bio);
-		if ((i && c_r) || c_w) do_client=1;
-
-		if (do_server && verbose)
-			{
-			if (SSL_in_init(s_ssl))
-				printf("server waiting in SSL_accept - %s\n",
-					SSL_state_string_long(s_ssl));
-			else if (s_write)
-				printf("server:SSL_write()\n");
-			else 
-				printf("server:SSL_read()\n");
-			}
-
-		if (do_client && verbose)
-			{
-			if (SSL_in_init(c_ssl))
-				printf("client waiting in SSL_connect - %s\n",
-					SSL_state_string_long(c_ssl));
-			else if (c_write)
-				printf("client:SSL_write()\n");
-			else
-				printf("client:SSL_read()\n");
-			}
-
-		if (!do_client && !do_server)
-			{
-			fprintf(stdout,"ERROR IN STARTUP\n");
-			break;
-			}
-		if (do_client && !(done & C_DONE))
-			{
-			if (c_write)
-				{
-				i=BIO_write(c_bio,"hello from client\n",18);
-				if (i < 0)
-					{
-					c_r=0;
-					c_w=0;
-					if (BIO_should_retry(c_bio))
-						{
-						if (BIO_should_read(c_bio))
-							c_r=1;
-						if (BIO_should_write(c_bio))
-							c_w=1;
-						}
-					else
-						{
-						fprintf(stderr,"ERROR in CLIENT\n");
-						return(1);
-						}
-					}
-				else if (i == 0)
-					{
-					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
-					return(1);
-					}
-				else
-					{
-					/* ok */
-					c_write=0;
-					}
-				}
-			else
-				{
-				i=BIO_read(c_bio,cbuf,100);
-				if (i < 0)
-					{
-					c_r=0;
-					c_w=0;
-					if (BIO_should_retry(c_bio))
-						{
-						if (BIO_should_read(c_bio))
-							c_r=1;
-						if (BIO_should_write(c_bio))
-							c_w=1;
-						}
-					else
-						{
-						fprintf(stderr,"ERROR in CLIENT\n");
-						return(1);
-						}
-					}
-				else if (i == 0)
-					{
-					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
-					return(1);
-					}
-				else
-					{
-					done|=C_DONE;
-#ifdef undef
-					fprintf(stdout,"CLIENT:from server:");
-					fwrite(cbuf,1,i,stdout);
-					fflush(stdout);
-#endif
-					}
-				}
-			}
-
-		if (do_server && !(done & S_DONE))
-			{
-			if (!s_write)
-				{
-				i=BIO_read(s_bio,sbuf,100);
-				if (i < 0)
-					{
-					s_r=0;
-					s_w=0;
-					if (BIO_should_retry(s_bio))
-						{
-						if (BIO_should_read(s_bio))
-							s_r=1;
-						if (BIO_should_write(s_bio))
-							s_w=1;
-						}
-					else
-						{
-						fprintf(stderr,"ERROR in SERVER\n");
-						ERR_print_errors_fp(stderr);
-						return(1);
-						}
-					}
-				else if (i == 0)
-					{
-					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
-					return(1);
-					}
-				else
-					{
-					s_write=1;
-					s_w=1;
-#ifdef undef
-					fprintf(stdout,"SERVER:from client:");
-					fwrite(sbuf,1,i,stdout);
-					fflush(stdout);
-#endif
-					}
-				}
-			else
-				{
-				i=BIO_write(s_bio,"hello from server\n",18);
-				if (i < 0)
-					{
-					s_r=0;
-					s_w=0;
-					if (BIO_should_retry(s_bio))
-						{
-						if (BIO_should_read(s_bio))
-							s_r=1;
-						if (BIO_should_write(s_bio))
-							s_w=1;
-						}
-					else
-						{
-						fprintf(stderr,"ERROR in SERVER\n");
-						ERR_print_errors_fp(stderr);
-						return(1);
-						}
-					}
-				else if (i == 0)
-					{
-					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
-					return(1);
-					}
-				else
-					{
-					s_write=0;
-					s_r=1;
-					done|=S_DONE;
-					}
-				}
-			}
-
-		if ((done & S_DONE) && (done & C_DONE)) break;
-		}
-
-	SSL_set_shutdown(c_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-	SSL_set_shutdown(s_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-
-#ifdef undef
-	fprintf(stdout,"DONE\n");
-#endif
-err:
-	/* We have to set the BIO's to NULL otherwise they will be
-	 * free()ed twice.  Once when th s_ssl is SSL_free()ed and
-	 * again when c_ssl is SSL_free()ed.
-	 * This is a hack required because s_ssl and c_ssl are sharing the same
-	 * BIO structure and SSL_set_bio() and SSL_free() automatically
-	 * BIO_free non NULL entries.
-	 * You should not normally do this or be required to do this */
-
-	if (s_ssl != NULL)
-		{
-		s_ssl->rbio=NULL;
-		s_ssl->wbio=NULL;
-		}
-	if (c_ssl != NULL)
-		{
-		c_ssl->rbio=NULL;
-		c_ssl->wbio=NULL;
-		}
-
-	/* The SSL's are optionally freed in the following calls */
-	if (c_to_s != NULL) BIO_free(c_to_s);
-	if (s_to_c != NULL) BIO_free(s_to_c);
-
-	if (c_bio != NULL) BIO_free(c_bio);
-	if (s_bio != NULL) BIO_free(s_bio);
-	return(0);
-	}
-
-int MS_CALLBACK verify_callback(ok, xs, xi, depth, error, arg)
-int ok;
-X509 *xs;
-X509 *xi;
-int depth;
-int error;
-char *arg;
-	{
-	char buf[256];
-
-	if (verbose)
-		{
-		X509_NAME_oneline(X509_get_subject_name(xs),buf,256);
-		if (ok)
-			fprintf(stderr,"depth=%d %s\n",depth,buf);
-		else
-			fprintf(stderr,"depth=%d error=%d %s\n",depth,error,buf);
-		}
-	return(ok);
-	}
-
-#define THREAD_STACK_SIZE (16*1024)
-
-#ifdef WIN32
-
-static PRLOCK lock_cs[CRYPTO_NUM_LOCKS];
-
-void thread_setup()
-	{
-	int i;
-
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
-		{
-		lock_cs[i]=CreateMutex(NULL,FALSE,NULL);
-		}
-
-	CRYPTO_set_locking_callback((void (*)(int,int,char *,int))win32_locking_callback);
-	/* id callback defined */
-	}
-
-void thread_cleanup()
-	{
-	int i;
-
-	CRYPTO_set_locking_callback(NULL);
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
-		CloseHandle(lock_cs[i]);
-	}
-
-void win32_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
-	{
-	if (mode & CRYPTO_LOCK)
-		{
-		WaitForSingleObject(lock_cs[type],INFINITE);
-		}
-	else
-		{
-		ReleaseMutex(lock_cs[type]);
-		}
-	}
-
-void do_threads(s_ctx,c_ctx)
-SSL_CTX *s_ctx,*c_ctx;
-	{
-	double ret;
-	SSL_CTX *ssl_ctx[2];
-	DWORD thread_id[MAX_THREAD_NUMBER];
-	HANDLE thread_handle[MAX_THREAD_NUMBER];
-	int i;
-	SYSTEMTIME start,end;
-
-	ssl_ctx[0]=s_ctx;
-	ssl_ctx[1]=c_ctx;
-
-	GetSystemTime(&start);
-	for (i=0; i<thread_number; i++)
-		{
-		thread_handle[i]=CreateThread(NULL,
-			THREAD_STACK_SIZE,
-			(LPTHREAD_START_ROUTINE)ndoit,
-			(void *)ssl_ctx,
-			0L,
-			&(thread_id[i]));
-		}
-
-	printf("reaping\n");
-	for (i=0; i<thread_number; i+=50)
-		{
-		int j;
-
-		j=(thread_number < (i+50))?(thread_number-i):50;
-
-		if (WaitForMultipleObjects(j,
-			(CONST HANDLE *)&(thread_handle[i]),TRUE,INFINITE)
-			== WAIT_FAILED)
-			{
-			fprintf(stderr,"WaitForMultipleObjects failed:%d\n",GetLastError());
-			exit(1);
-			}
-		}
-	GetSystemTime(&end);
-
-	if (start.wDayOfWeek > end.wDayOfWeek) end.wDayOfWeek+=7;
-	ret=(end.wDayOfWeek-start.wDayOfWeek)*24;
-
-	ret=(ret+end.wHour-start.wHour)*60;
-	ret=(ret+end.wMinute-start.wMinute)*60;
-	ret=(ret+end.wSecond-start.wSecond);
-	ret+=(end.wMilliseconds-start.wMilliseconds)/1000.0;
-
-	printf("win32 threads done - %.3f seconds\n",ret);
-	}
-
-#endif /* WIN32 */
-
-#ifdef SOLARIS
-
-static mutex_t lock_cs[CRYPTO_NUM_LOCKS];
-/*static rwlock_t lock_cs[CRYPTO_NUM_LOCKS]; */
-static long lock_count[CRYPTO_NUM_LOCKS];
-
-void thread_setup()
-	{
-	int i;
-
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
-		{
-		lock_count[i]=0;
-		/* rwlock_init(&(lock_cs[i]),USYNC_THREAD,NULL); */
-		mutex_init(&(lock_cs[i]),USYNC_THREAD,NULL);
-		}
-
-	CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
-	CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
-	}
-
-void thread_cleanup()
-	{
-	int i;
-
-	CRYPTO_set_locking_callback(NULL);
-fprintf(stderr,"cleanup\n");
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
-		{
-		/* rwlock_destroy(&(lock_cs[i])); */
-		mutex_destroy(&(lock_cs[i]));
-		fprintf(stderr,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i));
-		}
-fprintf(stderr,"done cleanup\n");
-	}
-
-void solaris_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
-	{
-#ifdef undef
-fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
-	CRYPTO_thread_id(),
-	(mode&CRYPTO_LOCK)?"l":"u",
-	(type&CRYPTO_READ)?"r":"w",file,line);
-#endif
-
-/*
-if (CRYPTO_LOCK_SSL_CERT == type)
-	fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
-		CRYPTO_thread_id(),
-		mode,file,line);
-*/
-	if (mode & CRYPTO_LOCK)
-		{
-	/*	if (mode & CRYPTO_READ)
-			rw_rdlock(&(lock_cs[type]));
-		else
-			rw_wrlock(&(lock_cs[type])); */
-
-		mutex_lock(&(lock_cs[type]));
-		lock_count[type]++;
-		}
-	else
-		{
-/*		rw_unlock(&(lock_cs[type]));  */
-		mutex_unlock(&(lock_cs[type]));
-		}
-	}
-
-void do_threads(s_ctx,c_ctx)
-SSL_CTX *s_ctx,*c_ctx;
-	{
-	SSL_CTX *ssl_ctx[2];
-	thread_t thread_ctx[MAX_THREAD_NUMBER];
-	int i;
-
-	ssl_ctx[0]=s_ctx;
-	ssl_ctx[1]=c_ctx;
-
-	thr_setconcurrency(thread_number);
-	for (i=0; i<thread_number; i++)
-		{
-		thr_create(NULL, THREAD_STACK_SIZE,
-			(void *(*)())ndoit,
-			(void *)ssl_ctx,
-			0L,
-			&(thread_ctx[i]));
-		}
-
-	printf("reaping\n");
-	for (i=0; i<thread_number; i++)
-		{
-		thr_join(thread_ctx[i],NULL,NULL);
-		}
-
-	printf("solaris threads done (%d,%d)\n",
-		s_ctx->references,c_ctx->references);
-	}
-
-unsigned long solaris_thread_id()
-	{
-	unsigned long ret;
-
-	ret=(unsigned long)thr_self();
-	return(ret);
-	}
-#endif /* SOLARIS */
-
-#ifdef IRIX
-
-
-static usptr_t *arena;
-static usema_t *lock_cs[CRYPTO_NUM_LOCKS];
-
-void thread_setup()
-	{
-	int i;
-	char filename[20];
-
-	strcpy(filename,"/tmp/mttest.XXXXXX");
-	mktemp(filename);
-
-	usconfig(CONF_STHREADIOOFF);
-	usconfig(CONF_STHREADMALLOCOFF);
-	usconfig(CONF_INITUSERS,100);
-	usconfig(CONF_LOCKTYPE,US_DEBUGPLUS);
-	arena=usinit(filename);
-	unlink(filename);
-
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
-		{
-		lock_cs[i]=usnewsema(arena,1);
-		}
-
-	CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id);
-	CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
-	}
-
-void thread_cleanup()
-	{
-	int i;
-
-	CRYPTO_set_locking_callback(NULL);
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
-		{
-		char buf[10];
-
-		sprintf(buf,"%2d:",i);
-		usdumpsema(lock_cs[i],stdout,buf);
-		usfreesema(lock_cs[i],arena);
-		}
-	}
-
-void irix_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
-	{
-	if (mode & CRYPTO_LOCK)
-		{
-		printf("lock %d\n",type);
-		uspsema(lock_cs[type]);
-		}
-	else
-		{
-		printf("unlock %d\n",type);
-		usvsema(lock_cs[type]);
-		}
-	}
-
-void do_threads(s_ctx,c_ctx)
-SSL_CTX *s_ctx,*c_ctx;
-	{
-	SSL_CTX *ssl_ctx[2];
-	int thread_ctx[MAX_THREAD_NUMBER];
-	int i;
-
-	ssl_ctx[0]=s_ctx;
-	ssl_ctx[1]=c_ctx;
-
-	for (i=0; i<thread_number; i++)
-		{
-		thread_ctx[i]=sproc((void (*)())ndoit,
-			PR_SADDR|PR_SFDS,(void *)ssl_ctx);
-		}
-
-	printf("reaping\n");
-	for (i=0; i<thread_number; i++)
-		{
-		wait(NULL);
-		}
-
-	printf("irix threads done (%d,%d)\n",
-		s_ctx->references,c_ctx->references);
-	}
-
-unsigned long irix_thread_id()
-	{
-	unsigned long ret;
-
-	ret=(unsigned long)getpid();
-	return(ret);
-	}
-#endif /* IRIX */
-
-#ifdef PTHREADS
-
-static pthread_mutex_t lock_cs[CRYPTO_NUM_LOCKS];
-static long lock_count[CRYPTO_NUM_LOCKS];
-
-void thread_setup()
-	{
-	int i;
-
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
-		{
-		lock_count[i]=0;
-		pthread_mutex_init(&(lock_cs[i]),NULL);
-		}
-
-	CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
-	CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
-	}
-
-void thread_cleanup()
-	{
-	int i;
-
-	CRYPTO_set_locking_callback(NULL);
-	fprintf(stderr,"cleanup\n");
-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
-		{
-		pthread_mutex_destroy(&(lock_cs[i]));
-		fprintf(stderr,"%8ld:%s\n",lock_count[i],
-			CRYPTO_get_lock_name(i));
-		}
-	fprintf(stderr,"done cleanup\n");
-	}
-
-void pthreads_locking_callback(mode,type,file,line)
-int mode;
-int type;
-char *file;
-int line;
-      {
-#ifdef undef
-	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
-		CRYPTO_thread_id(),
-		(mode&CRYPTO_LOCK)?"l":"u",
-		(type&CRYPTO_READ)?"r":"w",file,line);
-#endif
-/*
-	if (CRYPTO_LOCK_SSL_CERT == type)
-		fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
-		CRYPTO_thread_id(),
-		mode,file,line);
-*/
-	if (mode & CRYPTO_LOCK)
-		{
-		pthread_mutex_lock(&(lock_cs[type]));
-		lock_count[type]++;
-		}
-	else
-		{
-		pthread_mutex_unlock(&(lock_cs[type]));
-		}
-	}
-
-void do_threads(s_ctx,c_ctx)
-SSL_CTX *s_ctx,*c_ctx;
-	{
-	SSL_CTX *ssl_ctx[2];
-	pthread_t thread_ctx[MAX_THREAD_NUMBER];
-	int i;
-
-	ssl_ctx[0]=s_ctx;
-	ssl_ctx[1]=c_ctx;
-
-	/*
-	thr_setconcurrency(thread_number);
-	*/
-	for (i=0; i<thread_number; i++)
-		{
-		pthread_create(&(thread_ctx[i]), NULL,
-			(void *(*)())ndoit, (void *)ssl_ctx);
-		}
-
-	printf("reaping\n");
-	for (i=0; i<thread_number; i++)
-		{
-		pthread_join(thread_ctx[i],NULL);
-		}
-
-	printf("pthreads threads done (%d,%d)\n",
-	s_ctx->references,c_ctx->references);
-	}
-
-unsigned long pthreads_thread_id()
-	{
-	unsigned long ret;
-
-	ret=(unsigned long)pthread_self();
-	return(ret);
-	}
-
-#endif /* PTHREADS */
-
-
-
diff --git a/mt/profile.sh b/mt/profile.sh
deleted file mode 100644
index de5eb06708..0000000000
--- a/mt/profile.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-/bin/rm -f mttest
-cc -p -DSOLARIS -I../include -g mttest.c -o mttest -L/usr/lib/libc -ldl -L.. -lthread  -lssl -lcrypto -lnsl -lsocket
-
diff --git a/mt/ptest.bat b/mt/ptest.bat
deleted file mode 100755
index ccaccae09d..0000000000
--- a/mt/ptest.bat
+++ /dev/null
@@ -1,4 +0,0 @@
-del mttest.exe
-
-purify cl /O2 -DWIN32 /MD -I..\out mttest.c /Femttest ..\out\ssl32.lib ..\out\crypt32.lib
-
diff --git a/mt/purify.sh b/mt/purify.sh
deleted file mode 100644
index 57c4017073..0000000000
--- a/mt/purify.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-/bin/rm -f mttest
-purify cc -DSOLARIS -I../include -g mttest.c -o mttest -L.. -lthread  -lssl -lcrypto -lnsl -lsocket
-
diff --git a/mt/solaris.sh b/mt/solaris.sh
deleted file mode 100644
index f6a90b17ee..0000000000
--- a/mt/solaris.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-/bin/rm -f mttest
-cc -DSOLARIS -I../include -g mttest.c -o mttest -L.. -lthread  -lssl -lcrypto -lnsl -lsocket
-
diff --git a/mt/win32.bat b/mt/win32.bat
deleted file mode 100755
index 56089f69be..0000000000
--- a/mt/win32.bat
+++ /dev/null
@@ -1,4 +0,0 @@
-del mttest.exe
-
-cl /O2 -DWIN32 /MD -I..\out mttest.c /Femttest ..\out\ssleay32.lib ..\out\libeay32.lib
-
diff --git a/openssl.doxy b/openssl.doxy
new file mode 100644
index 0000000000..479c311470
--- /dev/null
+++ b/openssl.doxy
@@ -0,0 +1,7 @@
+PROJECT_NAME=OpenSSL
+GENERATE_LATEX=no
+OUTPUT_DIRECTORY=doxygen
+INPUT=ssl include
+FILE_PATTERNS=*.c *.h
+RECURSIVE=yes
+PREDEFINED=DOXYGEN
diff --git a/openssl.spec b/openssl.spec
new file mode 100644
index 0000000000..3085d3e94b
--- /dev/null
+++ b/openssl.spec
@@ -0,0 +1,210 @@
+%define libmaj 0
+%define libmin 9
+%define librel 8
+#%define librev a
+Release: 1
+
+%define openssldir /var/ssl
+
+Summary: Secure Sockets Layer and cryptography libraries and tools
+Name: openssl
+Version: %{libmaj}.%{libmin}.%{librel}
+#Version: %{libmaj}.%{libmin}.%{librel}%{librev}
+Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
+Copyright: Freely distributable
+Group: System Environment/Libraries
+Provides: SSL
+URL: http://www.openssl.org/
+Packager: Damien Miller <djm@mindrot.org>
+BuildRoot:   /var/tmp/%{name}-%{version}-root
+
+%description
+The OpenSSL Project is a collaborative effort to develop a robust,
+commercial-grade, fully featured, and Open Source toolkit implementing the
+Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+protocols as well as a full-strength general purpose cryptography library.
+The project is managed by a worldwide community of volunteers that use the
+Internet to communicate, plan, and develop the OpenSSL tookit and its related
+documentation. 
+
+OpenSSL is based on the excellent SSLeay library developed from Eric A.
+Young and Tim J. Hudson.  The OpenSSL toolkit is licensed under an
+Apache-style licence, which basically means that you are free to get and
+use it for commercial and non-commercial purposes. 
+
+This package contains the base OpenSSL cryptography and SSL/TLS 
+libraries and tools.
+
+%package devel
+Summary: Secure Sockets Layer and cryptography static libraries and headers
+Group: Development/Libraries
+Requires: openssl
+%description devel
+The OpenSSL Project is a collaborative effort to develop a robust,
+commercial-grade, fully featured, and Open Source toolkit implementing the
+Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+protocols as well as a full-strength general purpose cryptography library.
+The project is managed by a worldwide community of volunteers that use the
+Internet to communicate, plan, and develop the OpenSSL tookit and its related
+documentation. 
+
+OpenSSL is based on the excellent SSLeay library developed from Eric A.
+Young and Tim J. Hudson.  The OpenSSL toolkit is licensed under an
+Apache-style licence, which basically means that you are free to get and
+use it for commercial and non-commercial purposes. 
+
+This package contains the the OpenSSL cryptography and SSL/TLS 
+static libraries and header files required when developing applications.
+
+%package doc
+Summary: OpenSSL miscellaneous files
+Group: Documentation
+Requires: openssl
+%description doc
+The OpenSSL Project is a collaborative effort to develop a robust,
+commercial-grade, fully featured, and Open Source toolkit implementing the
+Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+protocols as well as a full-strength general purpose cryptography library.
+The project is managed by a worldwide community of volunteers that use the
+Internet to communicate, plan, and develop the OpenSSL tookit and its related
+documentation. 
+
+OpenSSL is based on the excellent SSLeay library developed from Eric A.
+Young and Tim J. Hudson.  The OpenSSL toolkit is licensed under an
+Apache-style licence, which basically means that you are free to get and
+use it for commercial and non-commercial purposes. 
+
+This package contains the the OpenSSL cryptography and SSL/TLS extra
+documentation and POD files from which the man pages were produced.
+
+%prep
+
+%setup -q
+
+%build 
+
+%define CONFIG_FLAGS -DSSL_ALLOW_ADH --prefix=/usr 
+
+perl util/perlpath.pl /usr/bin/perl
+
+%ifarch i386 i486 i586 i686
+./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-elf shared
+%endif
+%ifarch ppc
+./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-ppc shared
+%endif
+%ifarch alpha
+./Configure %{CONFIG_FLAGS} --openssldir=%{openssldir} linux-alpha shared
+%endif
+LD_LIBRARY_PATH=`pwd` make
+LD_LIBRARY_PATH=`pwd` make rehash
+LD_LIBRARY_PATH=`pwd` make test
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make MANDIR=/usr/man INSTALL_PREFIX="$RPM_BUILD_ROOT" install
+
+# Rename manpages
+for x in $RPM_BUILD_ROOT/usr/man/man*/* 
+	do mv ${x} ${x}ssl
+done
+
+# Make backwards-compatibility symlink to ssleay
+ln -sf /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files 
+%defattr(0644,root,root,0755)
+%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
+
+%attr(0755,root,root) /usr/bin/*
+%attr(0755,root,root) /usr/lib/*.so*
+%attr(0755,root,root) %{openssldir}/misc/*
+%attr(0644,root,root) /usr/man/man[157]/*
+
+%config %attr(0644,root,root) %{openssldir}/openssl.cnf 
+%dir %attr(0755,root,root) %{openssldir}/certs
+%dir %attr(0755,root,root) %{openssldir}/lib
+%dir %attr(0755,root,root) %{openssldir}/misc
+%dir %attr(0750,root,root) %{openssldir}/private
+
+%files devel
+%defattr(0644,root,root,0755)
+%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
+
+%attr(0644,root,root) /usr/lib/*.a
+%attr(0644,root,root) /usr/include/openssl/*
+%attr(0644,root,root) /usr/man/man[3]/*
+
+%files doc
+%defattr(0644,root,root,0755)
+%doc CHANGES CHANGES.SSLeay LICENSE NEWS README
+%doc doc
+
+%post
+ldconfig
+
+%postun
+ldconfig
+
+%changelog
+* Thu Mar 22 2001 Richard Levitte <richard@levitte.org>
+- Removed redundant subsection that re-installed libcrypto.a and libssl.a
+  as well.  Also remove RSAref stuff completely, since it's not needed
+  any more.
+* Thu Mar 15 2001 Jeremiah Johnson <jjohnson@penguincomputing.com>
+- Removed redundant subsection that re-installed libcrypto.so.0.9.6 and
+  libssl.so.0.9.6.  As well as the subsection that created symlinks for
+  these.  make install handles all this.
+* Sat Oct 21 2000 Horms <horms@vergenet.net>
+- Make sure symlinks are created by using -f flag to ln.
+  Otherwise some .so libraries are copied rather than
+  linked in the resulting binary RPM. This causes the package
+  to be larger than neccessary and makes ldconfig complain.
+* Fri Oct 13 2000 Horms <horms@vergenet.net>
+- Make defattr is set for files in all packages so packages built as
+  non-root will still be installed with files owned by root.
+* Thu Sep 14 2000 Richard Levitte <richard@levitte.org>
+- Changed to adapt to the new (supported) way of making shared libraries
+- Installs all static libraries, not just libRSAglue.a
+- Extra documents now end up in a separate document package
+* Sun Feb 27 2000 Damien Miller <djm@mindrot.org>
+- Merged patches to spec
+- Updated to 0.9.5beta2 (now with manpages)
+* Sat Feb  5 2000 Michal Jaegermann <michal@harddata.com>
+- added 'linux-alpha' to configuration
+- fixed nasty absolute links
+* Tue Jan 25 2000 Bennett Todd <bet@rahul.net>
+- Added -DSSL_ALLOW_ADH, bumped Release to 4
+* Thu Oct 14 1999 Damien Miller <djm@mindrot.org>
+- Set default permissions
+- Removed documentation from devel sub-package
+* Thu Sep 30 1999 Damien Miller <djm@mindrot.org>
+- Added "make test" stage
+- GPG signed
+* Tue Sep 10 1999 Damien Miller <damien@ibs.com.au>
+- Updated to version 0.9.4
+* Tue May 25 1999 Damien Miller <damien@ibs.com.au>
+- Updated to version 0.9.3
+- Added attributes for all files
+- Paramatised openssl directory
+* Sat Mar 20 1999 Carlo M. Arenas Belon <carenas@jmconsultores.com.pe>
+- Added "official" bnrec patch and taking other out
+- making a link from ssleay to openssl binary
+- putting all changelog together on SPEC file
+* Fri Mar  5 1999 Henri Gomez <gomez@slib.fr>
+- Added bnrec patch
+* Tue Dec 29 1998 Jonathan Ruano <kobalt@james.encomix.es>
+- minimum spec and patches changes for openssl
+- modified for openssl sources
+* Sat Aug  8 1998 Khimenko Victor <khim@sch57.msk.ru>
+- shared library creating process honours $RPM_OPT_FLAGS
+- shared libarry supports threads (as well as static library)
+* Wed Jul 22 1998 Khimenko Victor <khim@sch57.msk.ru>
+- building of shared library completely reworked
+* Tue Jul 21 1998 Khimenko Victor <khim@sch57.msk.ru>
+- RPM is BuildRoot'ed
+* Tue Feb 10 1998 Khimenko Victor <khim@sch57.msk.ru>
+- all stuff is moved out of /usr/local
diff --git a/os2/OS2-EMX.cmd b/os2/OS2-EMX.cmd
new file mode 100644
index 0000000000..acab99ac39
--- /dev/null
+++ b/os2/OS2-EMX.cmd
@@ -0,0 +1,66 @@
+@echo off
+
+perl Configure OS2-EMX
+perl util\mkfiles.pl > MINFO
+
+@rem create make file
+perl util\mk1mf.pl OS2-EMX > OS2-EMX.mak
+perl util\mk1mf.pl dll OS2-EMX > OS2-EMX-DLL.mak
+
+echo Generating export definition files
+perl util\mkdef.pl crypto OS2 > os2\crypto.def
+perl util\mkdef.pl ssl OS2 > os2\ssl.def
+
+echo Generating x86 for GNU assember
+
+echo Bignum
+cd crypto\bn\asm
+rem perl x86.pl a.out > bn-os2.asm
+perl bn-586.pl a.out > bn-os2.asm 
+perl co-586.pl a.out > co-os2.asm 
+cd ..\..\..
+
+echo DES
+cd crypto\des\asm
+perl des-586.pl a.out > d-os2.asm
+cd ..\..\..
+
+echo crypt(3)
+cd crypto\des\asm
+perl crypt586.pl a.out > y-os2.asm
+cd ..\..\..
+
+echo Blowfish
+cd crypto\bf\asm
+perl bf-586.pl a.out > b-os2.asm
+cd ..\..\..
+
+echo CAST5
+cd crypto\cast\asm
+perl cast-586.pl a.out > c-os2.asm
+cd ..\..\..
+
+echo RC4
+cd crypto\rc4\asm
+perl rc4-586.pl a.out > r4-os2.asm
+cd ..\..\..
+
+echo MD5
+cd crypto\md5\asm
+perl md5-586.pl a.out > m5-os2.asm
+cd ..\..\..
+
+echo SHA1
+cd crypto\sha\asm
+perl sha1-586.pl a.out > s1-os2.asm
+cd ..\..\..
+
+echo RIPEMD160
+cd crypto\ripemd\asm
+perl rmd-586.pl a.out > rm-os2.asm
+cd ..\..\..
+
+echo RC5\32
+cd crypto\rc5\asm
+perl rc5-586.pl a.out > r5-os2.asm
+cd ..\..\..
diff --git a/perl/.cvsignore b/perl/.cvsignore
new file mode 100644
index 0000000000..e3f4b2ec4e
--- /dev/null
+++ b/perl/.cvsignore
@@ -0,0 +1,12 @@
+Makefile
+blib
+pm_to_blib
+OpenSSL.c
+openssl_bio.c
+openssl_bn.c
+openssl_cipher.c
+openssl_digest.c
+openssl_err.c
+openssl_ssl.c
+openssl_x509.c
+OpenSSL.bs
diff --git a/perl/MANIFEST b/perl/MANIFEST
deleted file mode 100644
index 992db5ed4c..0000000000
--- a/perl/MANIFEST
+++ /dev/null
@@ -1,17 +0,0 @@
-MANIFEST
-Makefile.PL
-SSLeay.pm
-bio.xs
-bn.xs
-cipher.xs
-digest.xs
-err.xs
-ssl.xs
-x509.xs
-test.pl
-test2.pl
-test3.pl
-test9.pl
-testbn.pl
-testmd.pl
-typemap
diff --git a/perl/Makefile.PL b/perl/Makefile.PL
deleted file mode 100644
index f9998e0a61..0000000000
--- a/perl/Makefile.PL
+++ /dev/null
@@ -1,25 +0,0 @@
-use ExtUtils::MakeMaker;
-# See lib/ExtUtils/MakeMaker.pm for details of how to influence
-# the contents of the Makefile that is written.
-WriteMakefile(
-	'OPTIMIZE'	=> '-g',
-	'DISTNAME'	=> 'SSLeay-perl5-0.8.5',
-	'NAME'		=> 'SSLeay',
-	'VERSION_FROM'	=> 'SSLeay.pm',
-	'LIBS'		=> ['-L.. -lssl -lcrypto'],
-	'DEFINE'	=> '',
-	'INC'		=> '-I../include',
-	'C'		=> ['callback.c'],
-	'H'		=> ['p5SSLeay.h'],
-	'OBJECT'	=> "	SSLeay.o bio.o bn.o cipher.o digest.o err.o 
-				ssl.o x509.o",
-	'XS'		=> {	'SSLeay.xs'	=>	'SSLeay.c',
-				'bio.xs'	=>	'bio.c',
-				'bn.xs'		=>	'bn.c',
-				'cipher.xs'	=>	'cipher.c',
-				'digest.xs'	=>	'digest.c',
-				'err.xs'	=>	'err.c',
-				'ssl.xs'	=>	'ssl.c',
-				'x509.xs'	=>	'x509.c',
-				}
-	);
diff --git a/perl/OpenSSL.xs b/perl/OpenSSL.xs
deleted file mode 100644
index 3e3d1debeb..0000000000
--- a/perl/OpenSSL.xs
+++ /dev/null
@@ -1,65 +0,0 @@
-#include "p5SSLeay.h"
-
-SV *new_ref(type,obj,mort)
-char *type;
-char *obj;
-	{
-	SV *ret;
-
-	if (mort)
-		ret=sv_newmortal();
-	else
-		ret=newSViv(0);
-printf(">new_ref %d\n",type);
-	sv_setref_pv(ret,type,(void *)obj);
-	return(ret);
-	}
-
-int ex_new(obj,data,ad,idx,argl,argp)
-char *obj;
-SV *data;
-CRYPTO_EX_DATA *ad;
-int idx;
-long argl;
-char *argp;
-	{
-	SV *sv;
-
-fprintf(stderr,"ex_new %08X %s\n",obj,argp);
-	sv=sv_newmortal();
-	sv_setref_pv(sv,argp,(void *)obj);
-printf("%d>new_ref '%s'\n",sv,argp);
-	CRYPTO_set_ex_data(ad,idx,(char *)sv);
-	return(1);
-	}
-
-void ex_cleanup(obj,data,ad,idx,argl,argp)
-char *obj;
-SV *data;
-CRYPTO_EX_DATA *ad;
-int idx;
-long argl;
-char *argp;
-	{
-	pr_name("ex_cleanup");
-fprintf(stderr,"ex_cleanup %08X %s\n",obj,argp);
-	if (data != NULL)
-		SvREFCNT_dec((SV *)data);
-	}
-
-MODULE =  SSLeay        PACKAGE = SSLeay
-
-BOOT:
-	boot_bio();
-	boot_cipher();
-	boot_digest();
-	boot_err();
-	boot_ssl();
-	boot_SSLeay__BN();
-	boot_SSLeay__BIO();
-	boot_SSLeay__Cipher();
-	boot_SSLeay__MD();
-	boot_SSLeay__ERR();
-	boot_SSLeay__SSL();
-	boot_SSLeay__X509();
-
diff --git a/perl/SSLeay.pm b/perl/SSLeay.pm
deleted file mode 100644
index f7710039d2..0000000000
--- a/perl/SSLeay.pm
+++ /dev/null
@@ -1,78 +0,0 @@
-package SSLeay;
-
-use Exporter;
-use DynaLoader;
-
-@ISA = qw(Exporter DynaLoader);
-@EXPORT = qw();
-
-$VERSION='0.82';
-$VERSION='0.82';
-bootstrap SSLeay;
-
-@SSLeay::BN::ISA=	qw(SSLeay::ERR);
-@SSLeay::MD::ISA=	qw(SSLeay::ERR);
-@SSLeay::Cipher::ISA=	qw(SSLeay::ERR);
-@SSLeay::SSL::CTX::ISA=	qw(SSLeay::ERR);
-@SSLeay::BIO::ISA=	qw(SSLeay::ERR);
-@SSLeay::SSL::ISA=	qw(SSLeay::ERR);
-
-@BN::ISA=	qw(SSLeay::BN);
-@MD::ISA=	qw(SSLeay::MD);
-@Cipher::ISA=	qw(SSLeay::Cipher);
-@SSL::ISA=	qw(SSLeay::SSL);
-@SSL::CTX::ISA=	qw(SSLeay::SSL::CTX);
-@BIO::ISA=	qw(SSLeay::BIO);
-
-
-@SSLeay::MD::names=qw(md2 md5 sha sha1 ripemd160 mdc2);
-
-@SSLeay::Cipher::names=qw(
-	des-ecb des-cfb des-ofb des-cbc
-	des-ede des-ede-cfb des-ede-ofb des-ede-cbc
-	des-ede3 des-ede3-cfb des-ede3-ofb des-ede3-cbc
-	desx-cbc rc4 rc4-40
-	idea-ecb idea-cfb idea-ofb idea-cbc
-	rc2-ecb rc2-cbc rc2-40-cbc rc2-cfb rc2-ofb
-	bf-ecb bf-cfb bf-ofb bf-cbc
-	cast5-ecb cast5-cfb cast5-ofb cast5-cbc
-	rc5-ecb rc5-cfb rc5-ofb rc5-cbc
-	);
-
-sub SSLeay::SSL::CTX::new_ssl { SSLeay::SSL::new($_[0]); }
-
-sub SSLeay::ERR::error
-	{
-	my($o)=@_;
-	my($s,$ret);
-
-	while (($s=$o->get_error()) != 0)
-		{
-		$ret.=$s."\n";
-		}
-	return($ret);
-	}
-
-@SSLeay::Cipher::aliases=qw(des desx des3 idea rc2 bf cast);
-
-package SSLeay::BN;
-
-sub bnfix { (ref($_[0]) ne "SSLeay::BN")?SSLeay::BN::dec2bn($_[0]):$_[0]; }
-use overload
-"="  => sub { dup($_[0]); },
-"+"  => sub { add($_[0],$_[1]); },
-"-"  => sub {	($_[1],$_[0])=($_[0],$_[1]) if $_[2];
-		SSLeay::BN::sub($_[0],$_[1]); },
-"*"  => sub { mul($_[0],$_[1]); },
-"/"  => sub {  ($_[1],$_[0])=($_[0],$_[1]) if $_[2]; (div($_[0],$_[1]))[0]; },
-"%"  => sub {  ($_[1],$_[0])=($_[0],$_[1]) if $_[2]; mod($_[0],$_[1]); },
-"**" => sub { ($_[1],$_[0])=($_[0],$_[1]) if $_[2]; exp($_[0],$_[1]); },
-"<<" => sub { lshift($_[0],$_[1]); },
-">>" => sub { rshift($_[0],$_[1]); },
-"<=>" => sub { SSLeay::BN::cmp($_[0],$_[1]); },
-'""' => sub { bn2dec($_[0]); },
-'0+' => sub { dec2bn($_[0]); },
-"bool" => sub { ref($_[0]) eq "SSLeay::BN"; };
-
-sub SSLeay::BIO::do_accept { SSLeay::BIO::do_handshake(@_); }
-1;
diff --git a/perl/SSLeay.xs b/perl/SSLeay.xs
deleted file mode 100644
index 3e3d1debeb..0000000000
--- a/perl/SSLeay.xs
+++ /dev/null
@@ -1,65 +0,0 @@
-#include "p5SSLeay.h"
-
-SV *new_ref(type,obj,mort)
-char *type;
-char *obj;
-	{
-	SV *ret;
-
-	if (mort)
-		ret=sv_newmortal();
-	else
-		ret=newSViv(0);
-printf(">new_ref %d\n",type);
-	sv_setref_pv(ret,type,(void *)obj);
-	return(ret);
-	}
-
-int ex_new(obj,data,ad,idx,argl,argp)
-char *obj;
-SV *data;
-CRYPTO_EX_DATA *ad;
-int idx;
-long argl;
-char *argp;
-	{
-	SV *sv;
-
-fprintf(stderr,"ex_new %08X %s\n",obj,argp);
-	sv=sv_newmortal();
-	sv_setref_pv(sv,argp,(void *)obj);
-printf("%d>new_ref '%s'\n",sv,argp);
-	CRYPTO_set_ex_data(ad,idx,(char *)sv);
-	return(1);
-	}
-
-void ex_cleanup(obj,data,ad,idx,argl,argp)
-char *obj;
-SV *data;
-CRYPTO_EX_DATA *ad;
-int idx;
-long argl;
-char *argp;
-	{
-	pr_name("ex_cleanup");
-fprintf(stderr,"ex_cleanup %08X %s\n",obj,argp);
-	if (data != NULL)
-		SvREFCNT_dec((SV *)data);
-	}
-
-MODULE =  SSLeay        PACKAGE = SSLeay
-
-BOOT:
-	boot_bio();
-	boot_cipher();
-	boot_digest();
-	boot_err();
-	boot_ssl();
-	boot_SSLeay__BN();
-	boot_SSLeay__BIO();
-	boot_SSLeay__Cipher();
-	boot_SSLeay__MD();
-	boot_SSLeay__ERR();
-	boot_SSLeay__SSL();
-	boot_SSLeay__X509();
-
diff --git a/perl/b.pl b/perl/b.pl
deleted file mode 100644
index ac1e52de79..0000000000
--- a/perl/b.pl
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$cmd=<<"EOF";
-
-EOF
-
-$conn="localhost:4433";
-$conn=$ARGV[0] if $#ARGV >= 0;
-print "X\n";
-$bio=BIO->new("connect");
-print "XX\n";
-$bio->set_callback(sub {print STDERR $_[0]->number_read."\n"; $_[$#_] });
-print "XXX\n";
-$bio->hostname($conn) || die $ssl->error();
-print "XXXX\n";
-
-#$ssl=BIO->new("ssl");
diff --git a/perl/bio.pl b/perl/bio.pl
deleted file mode 100644
index 70a97e7925..0000000000
--- a/perl/bio.pl
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$cmd=<<"EOF";
-GET / HTTP/1.0
-
-EOF
-
-$conn="localhost:4433";
-$conn=$ARGV[0] if $#ARGV >= 0;
-$bio=SSLeay::BIO::new("connect");
-#$bio->set_callback(sub {print STDERR SSLeay::BIO::number_read($_[0])."\n"; $_[$#_] });
-#$bio->set_callback(sub {print STDERR "$#_:".$_[0].":$_[1]:$_[2]:$_[3]:$_[4]:\n"; $_[$#_] });
-$bio->hostname($conn) || die $ssl->error();
-
-
-(($ret=$bio->do_handshake()) > 0) || die $bio->error();
-
-(($ret=$bio->syswrite($cmd)) > 0) || die $bio->error();
-
-while (1)
-	{
-	$ret=$bio->sysread($buf,10240);
-	last if ($ret <= 0);
-	print $buf;
-	}
-
diff --git a/perl/bio.txt b/perl/bio.txt
deleted file mode 100644
index 5b46c9f5ee..0000000000
--- a/perl/bio.txt
+++ /dev/null
@@ -1,36 +0,0 @@
-BIO::new(type)
-	"connect"
-	"accept"
-	"ssl"
-	"buffer"
-
-"connect"
-	BIO::hostname(name)	host:port to connect to
-
-"accept"
-	BIO::set_accept_port(port)	port to connect too.
-
-"connect", "accept", "ssl"
-	BIO::do_andshake	do protocol
-
-"ssl"
-	BIO::set_ssl(ssl)
-	BIO::get_ssl()
-
-BIO::push(bio)
-BIO::pop;			return BIO
-BIO::number_read()
-BIO::number_written()
-BIO::references()
-
-BIO::sysread(buf,len[,offset])
-BIO::syswrite(in[,len][,offset])
-BIO::getline()
-BIO::puts(in)
-BIO::flush()
-BIO::type()
-BIO::next_bio();
-BIO::set_callback(callback[, args])
-
-BIO::new_buffer_ssl_connect(SSL_CTX)
-BIO::new_ssl_connect(SSL_CTX)
diff --git a/perl/bio.xs b/perl/bio.xs
deleted file mode 100644
index a9d32d8408..0000000000
--- a/perl/bio.xs
+++ /dev/null
@@ -1,450 +0,0 @@
-#include "p5SSLeay.h"
-
-static int p5_bio_ex_bio_ptr=0;
-static int p5_bio_ex_bio_callback=0;
-static int p5_bio_ex_bio_callback_data=0;
-
-static long p5_bio_callback(bio,state,parg,cmd,larg,ret)
-BIO *bio;
-int state;
-char *parg;
-int cmd;
-long larg;
-int ret;
-	{
-	int i;
-	SV *me,*cb;
-
-	me=(SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_ptr);
-	cb=(SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_callback);
-	if (cb != NULL)
-		{
-		dSP;
-
-		ENTER ;
-		SAVETMPS;
-
-		PUSHMARK(sp);
-		XPUSHs(sv_2mortal(newSViv(me)));
-		XPUSHs(sv_2mortal(newSViv(state)));
-		XPUSHs(sv_2mortal(newSViv(cmd)));
-		if ((state == BIO_CB_READ) || (state == BIO_CB_WRITE))
-			{
-			XPUSHs(sv_2mortal(newSVpv(parg,larg)));
-			}
-		else
-			XPUSHs(&sv_undef);
-		/* ptr one */
-		XPUSHs(sv_2mortal(newSViv(larg)));
-		XPUSHs(sv_2mortal(newSViv(ret)));
-		PUTBACK;
-
-		i=perl_call_sv(cb,G_SCALAR);
-
-		SPAGAIN;
-		if (i == 1)
-			ret=POPi;
-		else
-			ret=1;
-		PUTBACK;
-		FREETMPS;
-		LEAVE;
-		}
-	else
-		{
-		croak("Internal error in SSL p5_ssl_info_callback");
-		}
-	return(ret);
-	}
-
-int boot_bio()
-	{
-	p5_bio_ex_bio_ptr=
-		BIO_get_ex_new_index(0,"SSLeay::BIO",ex_new,NULL,
-			ex_cleanup);
-	p5_bio_ex_bio_callback=	
-		BIO_get_ex_new_index(0,"bio_callback",NULL,NULL,
-			ex_cleanup);
-	p5_bio_ex_bio_callback_data=
-		BIO_get_ex_new_index(0,"bio_callback_data",NULL,NULL,
-			ex_cleanup);
-	return(1);
-	}
-
-MODULE =  SSLeay::BIO	PACKAGE = SSLeay::BIO PREFIX = p5_BIO_
-
-VERSIONCHECK: DISABLE
-
-void
-p5_BIO_new_buffer_ssl_connect(...)
-	PREINIT:
-		SSL_CTX *ctx;
-		BIO *bio;
-		SV *arg;
-	PPCODE:
-		if (items == 1)
-			arg=ST(0);
-		else if (items == 2)
-			arg=ST(1);
-		else
-			arg=NULL;
-
-		if ((arg == NULL) || !(sv_derived_from(arg,"SSLeay::SSL::CTX")))
-			croak("Usage: SSLeay::BIO::new_buffer_ssl_connect(SSL_CTX)");
-		else
-			{
-			IV tmp=SvIV((SV *)SvRV(arg));
-			ctx=(SSL_CTX *)tmp;
-			}
-		EXTEND(sp,1);
-		bio=BIO_new_buffer_ssl_connect(ctx);
-		arg=(SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_ptr);
-		PUSHs(arg);
-
-void
-p5_BIO_new_ssl_connect(...)
-	PREINIT:
-		SSL_CTX *ctx;
-		BIO *bio;
-		SV *arg;
-	PPCODE:
-		if (items == 1)
-			arg=ST(0);
-		else if (items == 2)
-			arg=ST(1);
-		else
-			arg=NULL;
-
-		if ((arg == NULL) || !(sv_derived_from(arg,"SSLeay::SSL::CTX")))
-			croak("Usage: SSLeay::BIO::new_ssl_connect(SSL_CTX)");
-		else
-			{
-			IV tmp=SvIV((SV *)SvRV(arg));
-			ctx=(SSL_CTX *)tmp;
-			}
-		EXTEND(sp,1);
-		bio=BIO_new_ssl_connect(ctx);
-		arg=(SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_ptr);
-		PUSHs(arg);
-
-void
-p5_BIO_new(...)
-	PREINIT:
-		BIO *bio;
-		char *type;
-		SV *arg;
-	PPCODE:
-		pr_name("p5_BIO_new");
-		if ((items == 1) && SvPOK(ST(0)))
-			type=SvPV(ST(0),na);
-		else if ((items == 2) && SvPOK(ST(1)))
-			type=SvPV(ST(1),na);
-		else
-			croak("Usage: SSLeay::BIO::new(type)");
-
-		EXTEND(sp,1);
-		if (strcmp(type,"connect") == 0)
-			bio=BIO_new(BIO_s_connect());
-		else if (strcmp(type,"accept") == 0)
-			bio=BIO_new(BIO_s_accept());
-		else if (strcmp(type,"ssl") == 0)
-			bio=BIO_new(BIO_f_ssl());
-		else if (strcmp(type,"buffer") == 0)
-			bio=BIO_new(BIO_f_buffer());
-		else
-			croak("unknown BIO type");
-		arg=(SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_ptr);
-		PUSHs(arg);
-
-int
-p5_BIO_hostname(bio,name)
-	BIO *bio;
-	char *name;
-	CODE:
-		RETVAL=BIO_set_conn_hostname(bio,name);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BIO_set_accept_port(bio,str)
-	BIO *bio;
-	char *str;
-	CODE:
-		RETVAL=BIO_set_accept_port(bio,str);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BIO_do_handshake(bio)
-	BIO *bio;
-	CODE:
-		RETVAL=BIO_do_handshake(bio);
-	OUTPUT:
-		RETVAL
-
-BIO *
-p5_BIO_push(b,bio)
-	BIO *b;
-	BIO *bio;
-	CODE:
-		/* This reference will be reduced when the reference is
-		 * let go, and then when the BIO_free_all() is called
-		 * inside the SSLeay library by the BIO with this
-		 * pushed into */
-		bio->references++;
-		RETVAL=BIO_push(b,bio);
-	OUTPUT:
-		RETVAL
-
-void
-p5_BIO_pop(b)
-	BIO *b
-	PREINIT:
-		BIO *bio;
-		char *type;
-		SV *arg;
-	PPCODE:
-		bio=BIO_pop(b);
-		if (bio != NULL)
-			{
-			/* This BIO will either be one created in the
-			 * perl library, in which case it will have a perl
-			 * SV, otherwise it will have been created internally,
-			 * inside SSLeay.  For the 'pushed in', it needs
-			 * the reference count decememted. */
-			arg=(SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_ptr);
-			if (arg == NULL)
-				{
-				arg=new_ref("SSLeay::BIO",(char *)bio,0);
-				BIO_set_ex_data(bio,p5_bio_ex_bio_ptr,(char *)arg);
-				PUSHs(arg);
-				}
-			else
-				{
-				/* it was pushed in */
-				SvREFCNT_inc(arg);
-				PUSHs(arg);
-#if 0 		/* This does not need to be done. */
-				if (bio->references < 1)
-					abort();
-				/* decrement the reference count */
-				BIO_free(bio);
-#endif
-				}
-			}
-
-int
-p5_BIO_sysread(bio,in,num, ...)
-	BIO *bio;
-	SV *in;
-	int num;
-	PREINIT:
-		int i,n,olen;
-		int offset;
-		char *p;
-	CODE:
-		offset=0;
-		if (!SvPOK(in))
-			sv_setpvn(in,"",0);
-		SvPV(in,olen);
-		if (items > 3)
-			{
-			offset=SvIV(ST(3));
-			if (offset < 0)
-				{
-				if (-offset > olen)
-					croak("Offset outside string");
-				offset+=olen;
-				}
-			}
-		if ((num+offset) > olen)
-			{
-			SvGROW(in,num+offset+1);
-			p=SvPV(in,i);
-			memset(&(p[olen]),0,(num+offset)-olen+1);
-			}
-		p=SvPV(in,n);
-
-		i=BIO_read(bio,p+offset,num);
-		RETVAL=i;
-		if (i <= 0) i=0;
-		SvCUR_set(in,offset+i);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BIO_syswrite(bio,in, ...)
-	BIO *bio;
-	SV *in;
-	PREINIT:
-		char *ptr;
-		int len,in_len;
-		int offset=0;
-		int n;
-	CODE:
-		ptr=SvPV(in,in_len);
-		if (items > 2)
-			{
-			len=SvOK(ST(2))?SvIV(ST(2)):in_len;
-			if (items > 3)
-				{
-				offset=SvIV(ST(3));
-				if (offset < 0)
-					{
-					if (-offset > in_len)
-						croak("Offset outside string");
-					offset+=in_len;
-					}
-				else if ((offset >= in_len) && (in_len > 0))
-					croak("Offset outside string");
-				}
-			if (len >= (in_len-offset))
-				len=in_len-offset;
-			}
-		else
-			len=in_len;
-
-		RETVAL=BIO_write(bio,ptr+offset,len);
-	OUTPUT:
-		RETVAL
-
-void
-p5_BIO_getline(bio)
-	BIO *bio;
-	PREINIT:
-		int i;
-		char *p;
-	PPCODE:
-		pr_name("p5_BIO_gets");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		sv_setpvn(ST(0),"",0);
-		SvGROW(ST(0),1024);
-		p=SvPV(ST(0),na);
-		i=BIO_gets(bio,p,1024);
-		if (i < 0) i=0;
-		SvCUR_set(ST(0),i);
-
-int
-p5_BIO_flush(bio)
-	BIO *bio;
-	CODE:
-		RETVAL=BIO_flush(bio);
-	OUTPUT:
-		RETVAL
-
-char *
-p5_BIO_type(bio)
-	BIO *bio;
-	CODE:
-		RETVAL=bio->method->name;
-	OUTPUT:
-		RETVAL
-
-void
-p5_BIO_next_bio(b)
-	BIO *b
-	PREINIT:
-		BIO *bio;
-		char *type;
-		SV *arg;
-	PPCODE:
-		bio=b->next_bio;
-		if (bio != NULL)
-			{
-			arg=(SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_ptr);
-			if (arg == NULL)
-				{
-				arg=new_ref("SSLeay::BIO",(char *)bio,0);
-				BIO_set_ex_data(bio,p5_bio_ex_bio_ptr,(char *)arg);
-				bio->references++;
-				PUSHs(arg);
-				}
-			else
-				{
-				SvREFCNT_inc(arg);
-				PUSHs(arg);
-				}
-			}
-
-int
-p5_BIO_puts(bio,in)
-	BIO *bio;
-	SV *in;
-	PREINIT:
-		char *ptr;
-	CODE:
-		ptr=SvPV(in,na);
-		RETVAL=BIO_puts(bio,ptr);
-	OUTPUT:
-		RETVAL
-
-void
-p5_BIO_set_callback(bio,cb,...)
-	BIO *bio;
-	SV *cb;
-	PREINIT:
-		SV *arg=NULL;
-		SV *arg2=NULL;
-	CODE:
-		if (items > 3)
-			croak("Usage: SSLeay::BIO::set_callback(bio,callback[,arg]");
-		if (items == 3)
-			{
-			arg2=sv_mortalcopy(ST(2));
-			SvREFCNT_inc(arg2);
-			BIO_set_ex_data(bio,p5_bio_ex_bio_callback_data,
-				(char *)arg2);
-			}
-		arg=sv_mortalcopy(ST(1));
-		SvREFCNT_inc(arg);
-		BIO_set_ex_data(bio,p5_bio_ex_bio_callback,(char *)arg);
-		printf("%08lx < bio_ptr\n",BIO_get_ex_data(bio,p5_bio_ex_bio_ptr));
-		BIO_set_callback(bio,p5_bio_callback);
-
-void
-p5_BIO_DESTROY(bio)
-	BIO *bio
-	PREINIT:
-		SV *sv;
-	PPCODE:
-		pr_name_d("p5_BIO_DESTROY",bio->references);
-		printf("p5_BIO_DESTROY <%s> %d\n",bio->method->name,bio->references);
-		BIO_set_ex_data(bio,p5_bio_ex_bio_ptr,NULL);
-		BIO_free_all(bio);
-
-int
-p5_BIO_set_ssl(bio,ssl)
-	BIO *bio;
-	SSL *ssl;
-	CODE:
-		pr_name("p5_BIO_set_ssl");
-		ssl->references++;
-		RETVAL=BIO_set_ssl(bio,ssl,BIO_CLOSE);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BIO_number_read(bio)
-	BIO *bio;
-	CODE:
-		RETVAL=BIO_number_read(bio);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BIO_number_written(bio)
-	BIO *bio;
-	CODE:
-		RETVAL=BIO_number_written(bio);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BIO_references(bio)
-	BIO *bio;
-	CODE:
-		RETVAL=bio->references;	
-	OUTPUT:
-		RETVAL
-
diff --git a/perl/bn.pl b/perl/bn.pl
deleted file mode 100644
index 388e19c6de..0000000000
--- a/perl/bn.pl
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/usr/local/bin/perl
-use ExtUtils::testlib;
-use SSLeay;
-
-$message=SSLeay::BN::new();
-$e=SSLeay::BN::new();
-$mod=SSLeay::BN::new();
-
-$mod=SSLeay::BN::dec2bn("114381625757888867669235779976146612010218296721242362562561842935706935245733897830597123563958705058989075147599290026879543541");
-$e=5;
-$d=SSLeay::BN::dec2bn("45752650303155547067694311990458644804087318688496945025024737159778909096647814932594914301288138204957467016445183857236173773");
-
-$message=SSLeay::BN::bin2bn("The magic words are squeamish ossifrage");
-
-
-	$cipher_text=	$message->mod_exp($e,$mod);
-print $mod."\n";
-print $mod->num_bits()."\n";
-for (1 .. 1000)
-	{
-	$clear=		$cipher_text->mod_exp($d,$mod);
-	}
-print $clear->bn2bin()."\n";
diff --git a/perl/bn.txt b/perl/bn.txt
deleted file mode 100644
index 784e761558..0000000000
--- a/perl/bn.txt
+++ /dev/null
@@ -1,38 +0,0 @@
-BN->new()
-BN->dup(a)
-BN->rand(bits[,top][,bottom])
-
-BN->hex2bn(a)
-BN->bn2hex(a)
-BN->dec2bn(a)
-BN->bn2dec(a)
-BN->bin2bn(a)
-BN->bn2bin(a)
-BN->mpi2bn(a)
-BN->bn2mpi(a)
-
-BN->add(a,b)
-BN->sub(a,b)
-BN->mul(a,b)
-(div,mod)=BN->div(a,b)
-BN->mod(a,b)
-BN->exp(a,p)
-BN->mod_mul(a,b,c)
-BN->mod_exp(a,b,c)
-
-BN->is_prime(p,num)
-BN->generate_prime(bits,strong,callback)
-
-BN->num_bits(a)
-BN->cmp(a,b)
-BN->ucmp(a,b)
-BN->is_bit_set(a,pos)
-BN->set_bit(a,pos)
-BN->clear_bit(a,pos)
-BN->lshift(a,num)
-BN->rshift(a,num)
-BN->mask_bits(a,pos)
-BN->clear(a)
-BN->gcd(a,b)
-BN->mod_inverse(a,mod)
-
diff --git a/perl/bn.xs b/perl/bn.xs
deleted file mode 100644
index c15be3729a..0000000000
--- a/perl/bn.xs
+++ /dev/null
@@ -1,589 +0,0 @@
-#include "p5SSLeay.h"
-
-int sv_to_BIGNUM(var,arg,name)
-BIGNUM **var;
-SV *arg;
-char *name;
-	{
-	int ret=1;
-
-	if (sv_derived_from(arg,"SSLeay::BN"))
-		{
-		IV tmp = SvIV((SV*)SvRV(arg));
-		*var = (BIGNUM *) tmp;
-		}
-	else if (SvIOK(arg)) {
-		SV *tmp=sv_newmortal();
-		*var=BN_new();
-		BN_set_word(*var,SvIV(arg));
-		sv_setref_pv(tmp,"SSLeay::BN",(void*)*var);
-		}
-	else if (SvPOK(arg)) {
-		char *ptr;
-		STRLEN len;
-		SV *tmp=sv_newmortal();
-		*var=BN_new();
-		sv_setref_pv(tmp,"SSLeay::BN", (void*)*var);
-		ptr=SvPV(arg,len);
-		SvGROW(arg,len+1);
-		ptr[len]='\0';
-		BN_dec2bn(var,ptr);
-		}
-	else
-		{
-		croak(name);
-		ret=0;
-		}
-	return(ret);
-	}
-
-typedef struct gpc_args_st {
-	SV *cb;
-	SV *arg;
-	} GPC_ARGS;
-
-static void generate_prime_callback(pos,num,arg)
-int pos;
-int num;
-char *arg;
-	{
-	dSP ;
-	int i;
-	GPC_ARGS *a=(GPC_ARGS *)arg;
-
-	ENTER ;
-	SAVETMPS ;
-
-	PUSHMARK(sp);
-	XPUSHs(sv_2mortal(newSViv(pos)));
-	XPUSHs(sv_2mortal(newSViv(num)));
-	XPUSHs(sv_2mortal(newSVsv(a->arg)));
-	PUTBACK;
-
-	i=perl_call_sv(a->cb,G_DISCARD);
-
-	SPAGAIN;
-
-	PUTBACK;
-	FREETMPS;
-	LEAVE;
-	}
-
-MODULE =  SSLeay::BN	PACKAGE = SSLeay::BN	PREFIX = p5_BN_
-
-VERSIONCHECK: DISABLE
-
-void
-p5_BN_new(...)
-	PREINIT:
-		BIGNUM *bn;
-		SV *arg;
-	PPCODE:
-		pr_name("p5_BN_new");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		bn=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)bn);
-
-void
-p5_BN_dup(a)
-	BIGNUM *a;
-	PREINIT:
-		BIGNUM *bn;
-	PPCODE:
-		pr_name("p5_BN_dup");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		bn=BN_dup(a);
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)bn);
-
-void
-p5_BN_rand(bits,...)
-	int bits;
-	PREINIT:
-		int top=1;
-		int bottom=0;
-		BIGNUM *ret;
-	PPCODE:	
-		pr_name("p5_BN_rand");
-		if ((items < 1) || (items > 3))
-			croak("Usage: SSLeay::BN::rand(bits[,top_bit][,bottombit]");
-		if (items >= 2) top=(int)SvIV(ST(0));
-		if (items >= 3) bottom=(int)SvIV(ST(1));
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		BN_rand(ret,bits,top,bottom);
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-
-void
-p5_BN_bin2bn(a)
-	datum a;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_bin2bn");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_bin2bn(a.dptr,a.dsize,NULL);
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-
-void
-p5_BN_bn2bin(a)
-	BIGNUM *a;
-	PREINIT:
-		int i;
-	PPCODE:
-		pr_name("p5_BN_bn2bin");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		i=BN_num_bytes(a)+2;
-		sv_setpvn(ST(0),"",1);
-		SvGROW(ST(0),i+1);
-		SvCUR_set(ST(0),BN_bn2bin(a,SvPV(ST(0),na)));
-
-void
-p5_BN_mpi2bn(a)
-	datum a;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_mpi2bn");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_mpi2bn(a.dptr,a.dsize,NULL);
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-
-void
-p5_BN_bn2mpi(a)
-	BIGNUM *a;
-	PREINIT:
-		int i;
-	PPCODE:
-		pr_name("p5_BN_bn2mpi");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		i=BN_bn2mpi(a,NULL);
-		sv_setpvn(ST(0),"",1);
-		SvGROW(ST(0),i+1);
-		SvCUR_set(ST(0),BN_bn2mpi(a,SvPV(ST(0),na)));
-
-void
-p5_BN_hex2bn(a)
-	datum a;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_hex2bn");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_hex2bn(&ret,a.dptr);
-
-void
-p5_BN_dec2bn(a)
-	datum a;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_dec2bn");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_dec2bn(&ret,a.dptr);
-
-SV *
-p5_BN_bn2hex(a)
-	BIGNUM *a;
-	PREINIT:
-		char *ptr;
-		int i;
-	CODE:
-		pr_name("p5_BN_bn2hex");
-		ptr=BN_bn2hex(a);
-		RETVAL=newSVpv("",0);
-		i=strlen(ptr);
-		SvGROW(RETVAL,i+1);
-		memcpy(SvPV(RETVAL,na),ptr,i+1);
-		SvCUR_set(RETVAL,i);
-		Free(ptr);
-	OUTPUT:
-		RETVAL
-
-SV *
-p5_BN_bn2dec(a)
-	BIGNUM *a;
-	PREINIT:
-		char *ptr;
-		int i;
-	CODE:
-		pr_name("p5_BN_bn2dec");
-		ptr=BN_bn2dec(a);
-		RETVAL=newSVpv("",0);
-		i=strlen(ptr);
-		SvGROW(RETVAL,i+1);
-		memcpy(SvPV(RETVAL,na),ptr,i+1);
-		SvCUR_set(RETVAL,i);
-		Free(ptr);
-	OUTPUT:
-		RETVAL
-
-void
-p5_BN_add(a,b)
-	BIGNUM *a;
-	BIGNUM *b;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_add");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_add(ret,a,b);
-
-void
-p5_BN_sub(a,b)
-	BIGNUM *a;
-	BIGNUM *b;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_sub");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_sub(ret,a,b);
-
-void
-p5_BN_mul(a,b)
-	BIGNUM *a;
-	BIGNUM *b;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_mul");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_mul(ret,a,b);
-
-void
-p5_BN_div(a,b)
-	BIGNUM *a;
-	BIGNUM *b;
-	PREINIT:
-		static BN_CTX *ctx=NULL;
-		BIGNUM *div,*mod;
-	PPCODE:
-		pr_name("p5_BN_div");
-		if (ctx == NULL) ctx=BN_CTX_new();
-		EXTEND(sp,2);
-		PUSHs(sv_newmortal());
-		PUSHs(sv_newmortal());
-		div=BN_new();
-		mod=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)div);
-		sv_setref_pv(ST(1), "SSLeay::BN", (void*)mod);
-		BN_div(div,mod,a,b,ctx);
-
-void
-p5_BN_mod(a,b)
-	BIGNUM *a;
-	BIGNUM *b;
-	PREINIT:
-		static BN_CTX *ctx=NULL;
-		BIGNUM *rem;
-	PPCODE:
-		pr_name("p5_BN_mod");
-		if (ctx == NULL) ctx=BN_CTX_new();
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		rem=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)rem);
-		BN_mod(rem,a,b,ctx);
-
-void
-p5_BN_exp(a,p)
-	BIGNUM *a;
-	BIGNUM *p;
-	PREINIT:
-		BIGNUM *ret;
-		static BN_CTX *ctx=NULL;
-	PPCODE:
-		pr_name("p5_BN_exp");
-		if (ctx == NULL) ctx=BN_CTX_new();
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_exp(ret,a,p,ctx);
-
-void
-p5_BN_mod_mul(a,b,c)
-	BIGNUM *a;
-	BIGNUM *b;
-	BIGNUM *c;
-	PREINIT:
-		static BN_CTX *ctx=NULL;
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_mod_mul");
-		if (ctx == NULL) ctx=BN_CTX_new();
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_mod_mul(ret,a,b,c,ctx);
-
-void
-p5_BN_mod_exp(a,b,c)
-	BIGNUM *a;
-	BIGNUM *b;
-	BIGNUM *c;
-	PREINIT:
-		static BN_CTX *ctx=NULL;
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_mod_exp");
-		if (ctx == NULL) ctx=BN_CTX_new();
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_mod_exp(ret,a,b,c,ctx);
-
-void
-p5_BN_generate_prime(...)
-	PREINIT:
-		int bits=512;
-		int strong=0;
-		BIGNUM *ret=NULL;
-		SV *callback=NULL;
-		SV *cb_arg=NULL;
-		GPC_ARGS arg;
-		dSP;
-
-	PPCODE:
-		pr_name("p5_BN_generate_prime");
-		if ((items < 0) || (items > 4))
-			croak("Usage: SSLeay::BN::generate_prime(a[,strong][,callback][,cb_arg]");
-		if (items >= 1) bits=(int)SvIV(ST(0));
-		if (items >= 2) strong=(int)SvIV(ST(1));
-		if (items >= 3) callback=ST(2);
-		if (items == 4) cb_arg=ST(3);
-
-		if (callback == NULL)
-			ret=BN_generate_prime(bits,strong,NULL,NULL,NULL,NULL);
-		else
-			{
-			arg.cb=callback;
-			arg.arg=cb_arg;
-
-			ret=BN_generate_prime(bits,strong,NULL,NULL,
-				generate_prime_callback,(char *)&arg);
-			}
-
-		SPAGAIN;
-		sp-=items; /* a bit evil that I do this */
-
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-
-void
-p5_BN_is_prime(p,...)
-	BIGNUM *p;
-	PREINIT:
-	int nchecks=5,ret;
-	SV *callback=NULL;
-	SV *cb_arg=NULL;
-	GPC_ARGS arg;
-	dSP;
-	static BN_CTX *ctx=NULL;
-	PPCODE:
-		pr_name("p5_BN_is_prime");
-		if ((items < 1) || (items > 4))
-			croak("Usage: SSLeay::BN::is_prime(a[,ncheck][,callback][,callback_arg]");
-		if (ctx == NULL) ctx=BN_CTX_new();
-		if (items >= 2) nchecks=(int)SvIV(ST(1));
-		if (items >= 3) callback=ST(2);
-		if (items >= 4) cb_arg=ST(3);
-		arg.arg=cb_arg; 
-		if (callback == NULL)
-			ret=BN_is_prime(p,nchecks,NULL,ctx,NULL);
-		else
-			{
-			arg.cb=callback;
-			arg.arg=cb_arg;
-			ret=BN_is_prime(p,nchecks,generate_prime_callback,
-				ctx,(char *)&arg);
-			}
-		SPAGAIN;
-		sp-=items; /* a bit evil */
-		PUSHs(sv_2mortal(newSViv(ret)));
-
-int
-p5_BN_num_bits(a)
-	BIGNUM *a;
-	CODE:
-		pr_name("p5_BN_num_bits");
-		RETVAL=BN_num_bits(a);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BN_cmp(a,b)
-	BIGNUM *a;
-	BIGNUM *b;
-	CODE:
-		pr_name("p5_BN_cmp");
-		RETVAL=BN_cmp(a,b);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BN_ucmp(a,b)
-	BIGNUM *a;
-	BIGNUM *b;
-	CODE:
-		pr_name("p5_BN_ucmp");
-		RETVAL=BN_ucmp(a,b);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BN_is_bit_set(a,b)
-	BIGNUM *a;
-	int b;
-	CODE:
-		pr_name("p5_BN_is_bit_set");
-		RETVAL=BN_is_bit_set(a,b);
-	OUTPUT:
-		RETVAL
-
-void
-p5_BN_set_bit(a,b)
-	BIGNUM *a;
-	int b;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_set_bit");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_dup(a);
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_set_bit(ret,b);
-
-void
-p5_BN_clear_bit(a,b)
-	BIGNUM *a;
-	int b;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_clear_bit");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_dup(a);
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_clear_bit(ret,b);
-
-void
-p5_BN_lshift(a,b)
-	BIGNUM *a;
-	int b;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_lshift");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		if (b == 1)
-			BN_lshift1(ret,a);
-		else
-			BN_lshift(ret,a,b);
-
-void
-p5_BN_rshift(a,b)
-	BIGNUM *a;
-	int b;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_rshift");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		if (b == 1)
-			BN_rshift1(ret,a);
-		else
-			BN_rshift(ret,a,b);
-
-void
-p5_BN_mask_bits(a,b)
-	BIGNUM *a;
-	int b;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_mask_bits");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_dup(a);
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_mask_bits(ret,b);
-
-void
-p5_BN_clear(a)
-	BIGNUM *a;
-	PPCODE:
-		pr_name("p5_BN_clear");
-		BN_clear(a);
-
-void
-p5_BN_gcd(a,b)
-	BIGNUM *a;
-	BIGNUM *b;
-	PREINIT:
-		static BN_CTX *ctx=NULL;
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_gcd");
-		if (ctx == NULL) ctx=BN_CTX_new();
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_gcd(ret,a,b,ctx);
-
-void
-p5_BN_mod_inverse(a,mod)
-	BIGNUM *a;
-	BIGNUM *mod;
-	PREINIT:
-		static BN_CTX *ctx=NULL;
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_mod_inverse");
-		if (ctx == NULL) ctx=BN_CTX_new();
-		ret=BN_mod_inverse(a,mod,ctx);
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-
-void
-p5_BN_DESTROY(bn)
-	BIGNUM *bn
-	CODE:
-	pr_name("p5_BN_DESTROY");
-	BN_free(bn);
-
diff --git a/perl/cipher.pl b/perl/cipher.pl
deleted file mode 100644
index efc712fdf5..0000000000
--- a/perl/cipher.pl
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$md=SSLeay::MD::new("md5");
-
-foreach (@SSLeay::Cipher::names)
-	{
-	($c=SSLeay::Cipher::new($_)) ||
-		die "'$_' is an unknown cipher algorithm\n";
-
-
-	$data="012345678abcdefghijklmnopqrstuvwxyz";
-	$c->init("01234567abcdefghABCDEFGH","zyxwvut",1);
-
-	$in =$c->update(substr($data, 0, 5));
-	$in.=$c->update(substr($data, 5,10));
-	$in.=$c->update(substr($data,15,1));
-	$in.=$c->update(substr($data,16));
-
-	$in.=$c->final();
-
-	$c->init("01234567abcdefghABCDEFGH","zyxwvut",0);
-	$out=$c->update($in);
-	$out.=$c->final();
-
-	($out eq $data) || die "decrypt for $_ failed:$!\n";
-
-	$md->init();
-	$md->update($in);
-	$digest=$md->final();
-
-	print unpack("H*",$digest);
-	printf " %2d %2d %2d %s\n", $c->key_length(), $c->iv_length(),
-		$c->block_size(), $c->name();
-	}
-
diff --git a/perl/cipher.txt b/perl/cipher.txt
deleted file mode 100644
index c47952b5c9..0000000000
--- a/perl/cipher.txt
+++ /dev/null
@@ -1,10 +0,0 @@
-Cipher::new(name) "des-cbc" etc
-Cipher::name()
-Cipher::key_length()
-Cipher::iv_length()
-Cipher::block_size()
-
-Cipher::init(key,iv,enc)
-Cipher::update(in)
-Cipher::final()
-Cipher::cipher(in)
diff --git a/perl/cipher.xs b/perl/cipher.xs
deleted file mode 100644
index 1044d7a4ef..0000000000
--- a/perl/cipher.xs
+++ /dev/null
@@ -1,152 +0,0 @@
-#include "p5SSLeay.h"
-
-int boot_cipher()
-	{
-        SSLeay_add_all_ciphers();
-	return(1);
-	}
-
-MODULE =  SSLeay::Cipher	PACKAGE = SSLeay::Cipher PREFIX = p5_EVP_C_
-
-VERSIONCHECK: DISABLE
-
-void
-p5_EVP_C_new(...)
-	PREINIT:
-		EVP_CIPHER_CTX *ctx;
-		EVP_CIPHER *c;
-		char *name;
-	PPCODE:
-		if ((items == 1) && SvPOK(ST(0)))
-			name=SvPV(ST(0),na);
-		else if ((items == 2) && SvPOK(ST(1)))
-			name=SvPV(ST(1),na);
-		else
-			croak("Usage: SSLeay::Cipher::new(type)");
-		PUSHs(sv_newmortal());
-		c=EVP_get_cipherbyname(name);
-		if (c != NULL)
-			{
-			ctx=malloc(sizeof(EVP_CIPHER_CTX));
-			EVP_EncryptInit(ctx,c,NULL,NULL);
-			sv_setref_pv(ST(0), "SSLeay::Cipher", (void*)ctx);
-			}
-
-datum
-p5_EVP_C_name(ctx)
-	EVP_CIPHER_CTX *ctx
-	CODE:
-		RETVAL.dptr=OBJ_nid2ln(EVP_CIPHER_CTX_nid(ctx));
-		RETVAL.dsize=strlen(RETVAL.dptr);
-	OUTPUT:
-		RETVAL
-
-int
-p5_EVP_C_key_length(ctx)
-	EVP_CIPHER_CTX *ctx
-	CODE:
-		RETVAL=EVP_CIPHER_CTX_key_length(ctx);
-	OUTPUT:
-		RETVAL
-
-int
-p5_EVP_C_iv_length(ctx)
-	EVP_CIPHER_CTX *ctx
-	CODE:
-		RETVAL=EVP_CIPHER_CTX_iv_length(ctx);
-	OUTPUT:
-		RETVAL
-	
-int
-p5_EVP_C_block_size(ctx)
-	EVP_CIPHER_CTX *ctx
-	CODE:
-		RETVAL=EVP_CIPHER_CTX_block_size(ctx);
-	OUTPUT:
-		RETVAL
-	
-void
-p5_EVP_C_init(ctx,key,iv,enc)
-	EVP_CIPHER_CTX *ctx
-	datum key
-	datum iv
-	int enc
-	PREINIT:
-		char loc_iv[EVP_MAX_IV_LENGTH];
-		char loc_key[EVP_MAX_KEY_LENGTH];
-		char *ip=loc_iv,*kp=loc_key;
-		int i;
-		memset(loc_iv,0,EVP_MAX_IV_LENGTH);
-		memset(loc_key,0,EVP_MAX_KEY_LENGTH);
-	CODE:
-		i=key.dsize;
-		if (key.dsize > EVP_CIPHER_CTX_key_length(ctx))
-			i=EVP_CIPHER_CTX_key_length(ctx);
-		if (i > 0)
-			{
-			memset(kp,0,EVP_MAX_KEY_LENGTH);
-			memcpy(kp,key.dptr,i);
-			}
-		else
-			kp=NULL;
-		i=iv.dsize;
-		if (iv.dsize > EVP_CIPHER_CTX_iv_length(ctx))
-			i=EVP_CIPHER_CTX_iv_length(ctx);
-		if (i > 0)
-			{
-			memcpy(ip,iv.dptr,i);
-			memset(ip,0,EVP_MAX_IV_LENGTH);
-			}
-		else
-			ip=NULL;
-		EVP_CipherInit(ctx,EVP_CIPHER_CTX_cipher(ctx),kp,ip,enc);
-		memset(loc_key,0,sizeof(loc_key));
-		memset(loc_iv,0,sizeof(loc_iv));
-
-SV *
-p5_EVP_C_cipher(ctx,in)
-	EVP_CIPHER_CTX *ctx;
-	datum in;
-	CODE:
-		RETVAL=newSVpv("",0);
-		SvGROW(RETVAL,in.dsize+EVP_CIPHER_CTX_block_size(ctx)+1);
-		EVP_Cipher(ctx,SvPV(RETVAL,na),in.dptr,in.dsize);
-		SvCUR_set(RETVAL,in.dsize);
-	OUTPUT:
-		RETVAL
-
-SV *
-p5_EVP_C_update(ctx, in)
-	EVP_CIPHER_CTX *ctx
-	datum in
-	PREINIT:
-	int i;
-	CODE:
-		RETVAL=newSVpv("",0);
-		SvGROW(RETVAL,in.dsize+EVP_CIPHER_CTX_block_size(ctx)+1);
-		EVP_CipherUpdate(ctx,SvPV(RETVAL,na),&i,in.dptr,in.dsize);
-		SvCUR_set(RETVAL,i);
-	OUTPUT:
-		RETVAL
-
-SV *
-p5_EVP_C_final(ctx)
-	EVP_CIPHER_CTX *ctx
-	PREINIT:
-	int i;
-	CODE:
-		RETVAL=newSVpv("",0);
-		SvGROW(RETVAL,EVP_CIPHER_CTX_block_size(ctx)+1);
-		if (!EVP_CipherFinal(ctx,SvPV(RETVAL,na),&i))
-			sv_setpv(RETVAL,"BAD DECODE");
-		else
-			SvCUR_set(RETVAL,i);
-	OUTPUT:
-		RETVAL
-
-void
-p5_EVP_C_DESTROY(ctx)
-	EVP_CIPHER_CTX *ctx
-	CODE:
-	free((char *)ctx);
-
diff --git a/perl/dh.pl b/perl/dh.pl
deleted file mode 100644
index 61d2debe73..0000000000
--- a/perl/dh.pl
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$g=SSLeay::BN::hex2bn("000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"); 
-$p=SSLeay::BN::hex2bn("ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a63a3620ffffffffffffffff");
-$pub=SSLeay::BN::hex2bn("521b5b72d0a23f5f908eff62741b9c43ac65c47ad264a4f8d62d73dfab4938a6e019f81c28d64efd9b47c1b8188566c6184b6064cc42fac2778bd732678148c6cc7601bfe0ed18da76dd7bb976cd2ff0afc7b20f3f81171e2ea6534de061f929");
-$priv=SSLeay::BN::hex2bn("6e15c752af3f4cf6d7425164c451eeba760ec0651d12dc3b0ee5002a95af6191268ca47c0fbb3d836136eee795ae4af3a1adad5e04d0dbb04378cae0406ece23ca3b86839c0fd60064c1019c7d18be4dc0ec4be6c1e9ff6b0f5bd76373585503");
-$his=SSLeay::BN::hex2bn("d0fb51cd44a8578f55eb0822ede90f07504f4720d7367ff4bf76c27fedbce79d9204421ff7e86bd1dd02031bce4ceccd1d3e7c62679b6eb5fda8238fd4fe07bff573d552795f0d46f25753c688300fb9ed396792b59a49fdf89c8429124b668e");
-$sh=SSLeay::BN::hex2bn("66ec34b09bddf86147f6c6efd5ee4e6691e690eb0e90aceda16a742cad0abe531cb61d057aff362001ca19013215140ca2a1dd8966c78105bacbf2161f9cfbd58d351ff87923de77f9c56851037223d48272565416ee769e65a621cefb90b403");
-
-$g2=SSLeay::BN::hex2bn("000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002");
-$p2=SSLeay::BN::hex2bn("ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6df25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a63a3620ffffffffffffffff");
-$pub2=SSLeay::BN::hex2bn("d0fb51cd44a8578f55eb0822ede90f07504f4720d7367ff4bf76c27fedbce79d9204421ff7e86bd1dd02031bce4ceccd1d3e7c62679b6eb5fda8238fd4fe07bff573d552795f0d46f25753c688300fb9ed396792b59a49fdf89c8429124b668e");
-$priv2=SSLeay::BN::hex2bn("b81d54f52b687669fc8bd8087ac319accc2f94a2feafe09779f4a81e8e01f77290f5bbe84a08003afc4448145be427fad0b9d047889cf361c9dd378b15c1ebd5bda33e051fbd9eba8bf063e2bd836467cddb61f1db5c4b06bea5c9a77fb87b24");
-$his2=SSLeay::BN::hex2bn("521b5b72d0a23f5f908eff62741b9c43ac65c47ad264a4f8d62d73dfab4938a6e019f81c28d64efd9b47c1b8188566c6184b6064cc42fac2778bd732678148c6cc7601bfe0ed18da76dd7bb976cd2ff0afc7b20f3f81171e2ea6534de061f929");
-$sh2=SSLeay::BN::hex2bn("791faba7a6b592cb68a963945229483dc30f80f5cb295b2b5a59ef618a262d22de0845948a34db83d8bde260b940967ff85593a609e53ee6510aea09b776b4704d5e916917f384458d4790b6e0befcb1cb2f112b850e9ed410a091db80e1db2e");
-
-print "g=".$g->bn2hex."\n";
-print "p=".$p->bn2hex."\n";
-print "pub=".$pub->bn2hex."\n";
-print "priv=".$priv->bn2hex."\n";
-print "sh=".$sh->bn2hex."\n";
-
-print "new p - p2 = ".($p-$p2)."\n";
-
-$tmp=$g->mod_exp($priv,$p);
-print "XXXXXXXXXXXXXXXX\n";
-print "new pub - pub = ".($tmp-$pub)."\n";
-$tmp2=$g2->mod_exp($priv2,$p2);
-print "XXXXXXXXXXXXXXXX\n";
-
-print $p." pub\n";
-print $tmp2." calc pub\n";
-print $pub2." txt pub\n";
-
-
-
diff --git a/perl/digest.txt b/perl/digest.txt
deleted file mode 100644
index 6cb3ffedb0..0000000000
--- a/perl/digest.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-MD::new(name) "md2", "md5" etc
-MD::name()
-MD::init()
-MD::update(in)
-MD::final()
-
-
diff --git a/perl/digest.xs b/perl/digest.xs
deleted file mode 100644
index 5738b09e48..0000000000
--- a/perl/digest.xs
+++ /dev/null
@@ -1,83 +0,0 @@
-#include "p5SSLeay.h"
-
-int boot_digest()
-	{
-	SSLeay_add_all_digests();
-	return(1);
-	}
-
-MODULE =  SSLeay::MD	PACKAGE = SSLeay::MD	PREFIX = p5_EVP_MD_
-
-PROTOTYPES: ENABLE
-VERSIONCHECK: DISABLE
-
-# SSLeay::MD::new(name) name= md2, md5, sha, sha1, or mdc2
-#	md->name() - returns the name
-#	md->init() - reinitalises the digest
-#	md->update(data) - adds more data to digest
-#	digest=md->final() - returns digest
-#
-
-void
-p5_EVP_MD_new(...)
-	PREINIT:
-		EVP_MD_CTX *ctx;
-		EVP_MD *md;
-		char *name;
-	PPCODE:
-		if ((items == 1) && SvPOK(ST(0)))
-			name=SvPV(ST(0),na);
-		else if ((items == 2) && SvPOK(ST(1)))
-			name=SvPV(ST(1),na);
-		else
-			croak("Usage: SSLeay::MD::new(type)");
-		PUSHs(sv_newmortal());
-		md=EVP_get_digestbyname(name);
-		if (md != NULL)
-			{
-			ctx=malloc(sizeof(EVP_MD_CTX));
-			EVP_DigestInit(ctx,md);
-			sv_setref_pv(ST(0), "SSLeay::MD", (void*)ctx);
-			}
-
-datum
-p5_EVP_MD_name(ctx)
-	EVP_MD_CTX *ctx
-	CODE:
-		RETVAL.dptr=OBJ_nid2ln(EVP_MD_type(EVP_MD_CTX_type(ctx)));
-		RETVAL.dsize=strlen(RETVAL.dptr);
-	OUTPUT:
-		RETVAL
-	
-void
-p5_EVP_MD_init(ctx)
-	EVP_MD_CTX *ctx
-	CODE:
-		EVP_DigestInit(ctx,EVP_MD_CTX_type(ctx));
-
-void
-p5_EVP_MD_update(ctx, in)
-	EVP_MD_CTX *ctx
-	datum in
-	CODE:
-		EVP_DigestUpdate(ctx,in.dptr,in.dsize);
-
-datum
-p5_EVP_MD_final(ctx)
-	EVP_MD_CTX *ctx
-	PREINIT:
-		char md[EVP_MAX_MD_SIZE];
-		int len;
-	CODE:
-		EVP_DigestFinal(ctx,md,&len);
-		RETVAL.dptr=md;
-		RETVAL.dsize=len;
-	OUTPUT:
-		RETVAL
-
-void
-p5_EVP_MD_DESTROY(ctx)
-	EVP_MD_CTX *ctx
-	CODE:
-	free((char *)ctx);
-
diff --git a/perl/err.txt b/perl/err.txt
deleted file mode 100644
index 5e6cdaecdc..0000000000
--- a/perl/err.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-ERR::get_error()
-ERR::peek_error()
diff --git a/perl/err.xs b/perl/err.xs
deleted file mode 100644
index 6d1aec3ea1..0000000000
--- a/perl/err.xs
+++ /dev/null
@@ -1,46 +0,0 @@
-#include "p5SSLeay.h"
-
-int boot_err()
-	{
-	SSL_load_error_strings();
-	return(1);
-	}
-
-MODULE =  SSLeay::ERR	PACKAGE = SSLeay::ERR	PREFIX = p5_ERR_
-
-PROTOTYPES: ENABLE
-VERSIONCHECK: DISABLE
-
-#	md->error() - returns the last error in text or numeric context
-
-void
-p5_ERR_get_error(...)
-	PPCODE:
-		char buf[512];
-		unsigned long l;
-
-		pr_name("p5_ERR_get_code");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		l=ERR_get_error();
-		ERR_error_string(l,buf);
-		sv_setiv(ST(0),l);
-		sv_setpv(ST(0),buf);
-		SvIOK_on(ST(0));
-
-void
-p5_ERR_peek_error(...)
-	PPCODE:
-		char buf[512];
-		unsigned long l;
-
-		pr_name("p5_ERR_get_code");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		l=ERR_peek_error();
-		ERR_error_string(l,buf);
-		sv_setiv(ST(0),l);
-		sv_setpv(ST(0),buf);
-		SvIOK_on(ST(0));
-
-
diff --git a/perl/f.pl b/perl/f.pl
deleted file mode 100644
index 23f5edea54..0000000000
--- a/perl/f.pl
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-for (7 .. 7926)
-	{
-	my $num = SSLeay::BN::dec2bn($_);
-	print "$_ is ".($num->is_prime ? 'prime' : 'composite'), "\n";
-	}
diff --git a/perl/g.pl b/perl/g.pl
deleted file mode 100644
index 80b1a422f8..0000000000
--- a/perl/g.pl
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/usr/local/bin/perl
-use ExtUtils::testlib;
-use SSLeay;
-
-$num=SSLeay::BN::new();
-$shift=SSLeay::BN::new();
-
-print "0\n";
-$num=SSLeay::BN::hex2bn("1234329378209857309429670349760347603497603496398");
-print "1\n";
-$s=SSLeay::BN::hex2bn("59");
-print "a\n";
-$r=$num->lshift(59);
-print "b";
-
-print $num->bn2hex."\n";
-print $s->bn2hex."\n";
-print $r->bn2hex."\n";
diff --git a/perl/gen_rsa.pl b/perl/gen_rsa.pl
deleted file mode 100644
index 6acf043c2a..0000000000
--- a/perl/gen_rsa.pl
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$bits=512;
-$bits=$ARGV[0] if $#ARGV >= 0;
-
-$p=SSLeay::BN::generate_prime($bits/2,0,sub {print STDERR $_[0]?"+":"."});
-print "\n";
-$q=SSLeay::BN::generate_prime($bits/2,0,sub {print STDERR $_[0]?"+":"."});
-print "\n";
-
-$e=SSLeay::BN::hex2bn("10001");
-
-$t1=$p-1;
-$t2=$q-1;
-
-($t1->gcd($e) == 1) || die "p failed the gcd test\n";
-($t2->gcd($e) == 1) || die "q failed the gcd test\n";
-
-($q,$p)=($p,$q) if ($p < $q);
-$n=$p*$q;
-$t=($p-1)*($q-1);
-($t->gcd($e) == 1) || die "t failed the gcd test\n";
-
-$d=$e->mod_inverse($t);
-
-$dmp1=$d%($p-1);
-$dmq1=$d%($q-1);
-$iqmp=$q->mod_inverse($p);
-
-print "n   =$n\n";
-print "e   =$e\n";
-print "d   =$d\n";
-print "dmp1=$dmp1\n";
-print "dmq1=$dmq1\n";
-print "iqmp=$iqmp\n";
-
-$a=SSLeay::BN::bin2bn("This is an RSA test");
-print "Test with\n'".$a->bn2bin."' or\n$a\n";
-
-$t1=$a->mod_exp($e,$n);
-print "$t1\n";
-$t2=$t1->mod_exp($d,$n);
-print "'".$t2->bn2bin."'\n";
-
-
diff --git a/perl/mul.pl b/perl/mul.pl
deleted file mode 100644
index 611a760625..0000000000
--- a/perl/mul.pl
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/usr/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-
-sub mul
-	{
-	my($ab,$cd,$num)=@_;
-
-	if ($num <= 4096)
-		{
-		return($ab*$cd);
-		}
-	else
-		{
-		my($a,$b,$c,$d,$n,$ac,$bd,$m,$t1,$t2);
-
-		$n=$num/2;
-
-		$a=$ab->mask_bits($n);
-		$b=$ab->rshift($n);
-		$c=$cd->mask_bits($n);
-		$d=$cd->rshift($n);
-
-		$t1=($b-$a);
-		$t2=($c-$d);
-		$m= &mul($t1,$t2,$n);
-		$ac=&mul($a,$c,$n);
-		$bd=&mul($b,$d,$n);
-		$m=$m+$ac+$bd;
-		$m=$m->lshift($n);
-		$bd=$bd->lshift($num);
-
-		$r=$ac+$m+$bd;
-		return($r);
-		}
-	}
-
-$num=4096*32;
-$a=SSLeay::BN::rand($num);
-$b=SSLeay::BN::rand($num);
-
-#for (1 .. 10)
-	{
-	$r=&mul($a,$b,$num);
-	}
-
-#for (1 .. 10)
-	{
-	$rr=$a*$b;
-	}
-
-$res=$rr-$r;
-print $res->bn2hex()."\n";
diff --git a/perl/openssl.h b/perl/openssl.h
deleted file mode 100644
index bcccda7d5f..0000000000
--- a/perl/openssl.h
+++ /dev/null
@@ -1,96 +0,0 @@
-/* perl/p5SSLeay.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#ifdef __cplusplus
-extern "C" {
-#endif
-#include "EXTERN.h"
-#include "perl.h"
-#include "XSUB.h"
-#ifdef __cplusplus
-}
-#endif
-
-typedef struct datum_st
-	{
-	char *dptr;
-	int dsize;
-	} datum;
-
-#include "crypto.h"
-#include "buffer.h"
-#include "bio.h"
-#include "evp.h"
-#include "err.h"
-#include "x509.h"
-#include "ssl.h"
-
-#if 0
-#define pr_name(name)		printf("%s\n",name)
-#define pr_name_d(name,p2)	printf("%s %d\n",name,p2)
-#define pr_name_dd(name,p2,p3)	printf("%s %d %d\n",name,p2,p3)
-#else
-#define pr_name(name)
-#define pr_name_d(name,p2)
-#define pr_name_dd(name,p2,p3)
-#endif
-
-SV *new_ref(char *type, char *obj, int mort);
-int ex_new(char *obj,SV *data,CRYPTO_EX_DATA *ad,int idx,long argl,char *argp);
-void ex_cleanup(char *obj,SV *data,CRYPTO_EX_DATA *ad,int idx,
-	long argl,char *argp);
-
diff --git a/perl/openssl_bio.xs b/perl/openssl_bio.xs
deleted file mode 100644
index a9d32d8408..0000000000
--- a/perl/openssl_bio.xs
+++ /dev/null
@@ -1,450 +0,0 @@
-#include "p5SSLeay.h"
-
-static int p5_bio_ex_bio_ptr=0;
-static int p5_bio_ex_bio_callback=0;
-static int p5_bio_ex_bio_callback_data=0;
-
-static long p5_bio_callback(bio,state,parg,cmd,larg,ret)
-BIO *bio;
-int state;
-char *parg;
-int cmd;
-long larg;
-int ret;
-	{
-	int i;
-	SV *me,*cb;
-
-	me=(SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_ptr);
-	cb=(SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_callback);
-	if (cb != NULL)
-		{
-		dSP;
-
-		ENTER ;
-		SAVETMPS;
-
-		PUSHMARK(sp);
-		XPUSHs(sv_2mortal(newSViv(me)));
-		XPUSHs(sv_2mortal(newSViv(state)));
-		XPUSHs(sv_2mortal(newSViv(cmd)));
-		if ((state == BIO_CB_READ) || (state == BIO_CB_WRITE))
-			{
-			XPUSHs(sv_2mortal(newSVpv(parg,larg)));
-			}
-		else
-			XPUSHs(&sv_undef);
-		/* ptr one */
-		XPUSHs(sv_2mortal(newSViv(larg)));
-		XPUSHs(sv_2mortal(newSViv(ret)));
-		PUTBACK;
-
-		i=perl_call_sv(cb,G_SCALAR);
-
-		SPAGAIN;
-		if (i == 1)
-			ret=POPi;
-		else
-			ret=1;
-		PUTBACK;
-		FREETMPS;
-		LEAVE;
-		}
-	else
-		{
-		croak("Internal error in SSL p5_ssl_info_callback");
-		}
-	return(ret);
-	}
-
-int boot_bio()
-	{
-	p5_bio_ex_bio_ptr=
-		BIO_get_ex_new_index(0,"SSLeay::BIO",ex_new,NULL,
-			ex_cleanup);
-	p5_bio_ex_bio_callback=	
-		BIO_get_ex_new_index(0,"bio_callback",NULL,NULL,
-			ex_cleanup);
-	p5_bio_ex_bio_callback_data=
-		BIO_get_ex_new_index(0,"bio_callback_data",NULL,NULL,
-			ex_cleanup);
-	return(1);
-	}
-
-MODULE =  SSLeay::BIO	PACKAGE = SSLeay::BIO PREFIX = p5_BIO_
-
-VERSIONCHECK: DISABLE
-
-void
-p5_BIO_new_buffer_ssl_connect(...)
-	PREINIT:
-		SSL_CTX *ctx;
-		BIO *bio;
-		SV *arg;
-	PPCODE:
-		if (items == 1)
-			arg=ST(0);
-		else if (items == 2)
-			arg=ST(1);
-		else
-			arg=NULL;
-
-		if ((arg == NULL) || !(sv_derived_from(arg,"SSLeay::SSL::CTX")))
-			croak("Usage: SSLeay::BIO::new_buffer_ssl_connect(SSL_CTX)");
-		else
-			{
-			IV tmp=SvIV((SV *)SvRV(arg));
-			ctx=(SSL_CTX *)tmp;
-			}
-		EXTEND(sp,1);
-		bio=BIO_new_buffer_ssl_connect(ctx);
-		arg=(SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_ptr);
-		PUSHs(arg);
-
-void
-p5_BIO_new_ssl_connect(...)
-	PREINIT:
-		SSL_CTX *ctx;
-		BIO *bio;
-		SV *arg;
-	PPCODE:
-		if (items == 1)
-			arg=ST(0);
-		else if (items == 2)
-			arg=ST(1);
-		else
-			arg=NULL;
-
-		if ((arg == NULL) || !(sv_derived_from(arg,"SSLeay::SSL::CTX")))
-			croak("Usage: SSLeay::BIO::new_ssl_connect(SSL_CTX)");
-		else
-			{
-			IV tmp=SvIV((SV *)SvRV(arg));
-			ctx=(SSL_CTX *)tmp;
-			}
-		EXTEND(sp,1);
-		bio=BIO_new_ssl_connect(ctx);
-		arg=(SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_ptr);
-		PUSHs(arg);
-
-void
-p5_BIO_new(...)
-	PREINIT:
-		BIO *bio;
-		char *type;
-		SV *arg;
-	PPCODE:
-		pr_name("p5_BIO_new");
-		if ((items == 1) && SvPOK(ST(0)))
-			type=SvPV(ST(0),na);
-		else if ((items == 2) && SvPOK(ST(1)))
-			type=SvPV(ST(1),na);
-		else
-			croak("Usage: SSLeay::BIO::new(type)");
-
-		EXTEND(sp,1);
-		if (strcmp(type,"connect") == 0)
-			bio=BIO_new(BIO_s_connect());
-		else if (strcmp(type,"accept") == 0)
-			bio=BIO_new(BIO_s_accept());
-		else if (strcmp(type,"ssl") == 0)
-			bio=BIO_new(BIO_f_ssl());
-		else if (strcmp(type,"buffer") == 0)
-			bio=BIO_new(BIO_f_buffer());
-		else
-			croak("unknown BIO type");
-		arg=(SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_ptr);
-		PUSHs(arg);
-
-int
-p5_BIO_hostname(bio,name)
-	BIO *bio;
-	char *name;
-	CODE:
-		RETVAL=BIO_set_conn_hostname(bio,name);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BIO_set_accept_port(bio,str)
-	BIO *bio;
-	char *str;
-	CODE:
-		RETVAL=BIO_set_accept_port(bio,str);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BIO_do_handshake(bio)
-	BIO *bio;
-	CODE:
-		RETVAL=BIO_do_handshake(bio);
-	OUTPUT:
-		RETVAL
-
-BIO *
-p5_BIO_push(b,bio)
-	BIO *b;
-	BIO *bio;
-	CODE:
-		/* This reference will be reduced when the reference is
-		 * let go, and then when the BIO_free_all() is called
-		 * inside the SSLeay library by the BIO with this
-		 * pushed into */
-		bio->references++;
-		RETVAL=BIO_push(b,bio);
-	OUTPUT:
-		RETVAL
-
-void
-p5_BIO_pop(b)
-	BIO *b
-	PREINIT:
-		BIO *bio;
-		char *type;
-		SV *arg;
-	PPCODE:
-		bio=BIO_pop(b);
-		if (bio != NULL)
-			{
-			/* This BIO will either be one created in the
-			 * perl library, in which case it will have a perl
-			 * SV, otherwise it will have been created internally,
-			 * inside SSLeay.  For the 'pushed in', it needs
-			 * the reference count decememted. */
-			arg=(SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_ptr);
-			if (arg == NULL)
-				{
-				arg=new_ref("SSLeay::BIO",(char *)bio,0);
-				BIO_set_ex_data(bio,p5_bio_ex_bio_ptr,(char *)arg);
-				PUSHs(arg);
-				}
-			else
-				{
-				/* it was pushed in */
-				SvREFCNT_inc(arg);
-				PUSHs(arg);
-#if 0 		/* This does not need to be done. */
-				if (bio->references < 1)
-					abort();
-				/* decrement the reference count */
-				BIO_free(bio);
-#endif
-				}
-			}
-
-int
-p5_BIO_sysread(bio,in,num, ...)
-	BIO *bio;
-	SV *in;
-	int num;
-	PREINIT:
-		int i,n,olen;
-		int offset;
-		char *p;
-	CODE:
-		offset=0;
-		if (!SvPOK(in))
-			sv_setpvn(in,"",0);
-		SvPV(in,olen);
-		if (items > 3)
-			{
-			offset=SvIV(ST(3));
-			if (offset < 0)
-				{
-				if (-offset > olen)
-					croak("Offset outside string");
-				offset+=olen;
-				}
-			}
-		if ((num+offset) > olen)
-			{
-			SvGROW(in,num+offset+1);
-			p=SvPV(in,i);
-			memset(&(p[olen]),0,(num+offset)-olen+1);
-			}
-		p=SvPV(in,n);
-
-		i=BIO_read(bio,p+offset,num);
-		RETVAL=i;
-		if (i <= 0) i=0;
-		SvCUR_set(in,offset+i);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BIO_syswrite(bio,in, ...)
-	BIO *bio;
-	SV *in;
-	PREINIT:
-		char *ptr;
-		int len,in_len;
-		int offset=0;
-		int n;
-	CODE:
-		ptr=SvPV(in,in_len);
-		if (items > 2)
-			{
-			len=SvOK(ST(2))?SvIV(ST(2)):in_len;
-			if (items > 3)
-				{
-				offset=SvIV(ST(3));
-				if (offset < 0)
-					{
-					if (-offset > in_len)
-						croak("Offset outside string");
-					offset+=in_len;
-					}
-				else if ((offset >= in_len) && (in_len > 0))
-					croak("Offset outside string");
-				}
-			if (len >= (in_len-offset))
-				len=in_len-offset;
-			}
-		else
-			len=in_len;
-
-		RETVAL=BIO_write(bio,ptr+offset,len);
-	OUTPUT:
-		RETVAL
-
-void
-p5_BIO_getline(bio)
-	BIO *bio;
-	PREINIT:
-		int i;
-		char *p;
-	PPCODE:
-		pr_name("p5_BIO_gets");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		sv_setpvn(ST(0),"",0);
-		SvGROW(ST(0),1024);
-		p=SvPV(ST(0),na);
-		i=BIO_gets(bio,p,1024);
-		if (i < 0) i=0;
-		SvCUR_set(ST(0),i);
-
-int
-p5_BIO_flush(bio)
-	BIO *bio;
-	CODE:
-		RETVAL=BIO_flush(bio);
-	OUTPUT:
-		RETVAL
-
-char *
-p5_BIO_type(bio)
-	BIO *bio;
-	CODE:
-		RETVAL=bio->method->name;
-	OUTPUT:
-		RETVAL
-
-void
-p5_BIO_next_bio(b)
-	BIO *b
-	PREINIT:
-		BIO *bio;
-		char *type;
-		SV *arg;
-	PPCODE:
-		bio=b->next_bio;
-		if (bio != NULL)
-			{
-			arg=(SV *)BIO_get_ex_data(bio,p5_bio_ex_bio_ptr);
-			if (arg == NULL)
-				{
-				arg=new_ref("SSLeay::BIO",(char *)bio,0);
-				BIO_set_ex_data(bio,p5_bio_ex_bio_ptr,(char *)arg);
-				bio->references++;
-				PUSHs(arg);
-				}
-			else
-				{
-				SvREFCNT_inc(arg);
-				PUSHs(arg);
-				}
-			}
-
-int
-p5_BIO_puts(bio,in)
-	BIO *bio;
-	SV *in;
-	PREINIT:
-		char *ptr;
-	CODE:
-		ptr=SvPV(in,na);
-		RETVAL=BIO_puts(bio,ptr);
-	OUTPUT:
-		RETVAL
-
-void
-p5_BIO_set_callback(bio,cb,...)
-	BIO *bio;
-	SV *cb;
-	PREINIT:
-		SV *arg=NULL;
-		SV *arg2=NULL;
-	CODE:
-		if (items > 3)
-			croak("Usage: SSLeay::BIO::set_callback(bio,callback[,arg]");
-		if (items == 3)
-			{
-			arg2=sv_mortalcopy(ST(2));
-			SvREFCNT_inc(arg2);
-			BIO_set_ex_data(bio,p5_bio_ex_bio_callback_data,
-				(char *)arg2);
-			}
-		arg=sv_mortalcopy(ST(1));
-		SvREFCNT_inc(arg);
-		BIO_set_ex_data(bio,p5_bio_ex_bio_callback,(char *)arg);
-		printf("%08lx < bio_ptr\n",BIO_get_ex_data(bio,p5_bio_ex_bio_ptr));
-		BIO_set_callback(bio,p5_bio_callback);
-
-void
-p5_BIO_DESTROY(bio)
-	BIO *bio
-	PREINIT:
-		SV *sv;
-	PPCODE:
-		pr_name_d("p5_BIO_DESTROY",bio->references);
-		printf("p5_BIO_DESTROY <%s> %d\n",bio->method->name,bio->references);
-		BIO_set_ex_data(bio,p5_bio_ex_bio_ptr,NULL);
-		BIO_free_all(bio);
-
-int
-p5_BIO_set_ssl(bio,ssl)
-	BIO *bio;
-	SSL *ssl;
-	CODE:
-		pr_name("p5_BIO_set_ssl");
-		ssl->references++;
-		RETVAL=BIO_set_ssl(bio,ssl,BIO_CLOSE);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BIO_number_read(bio)
-	BIO *bio;
-	CODE:
-		RETVAL=BIO_number_read(bio);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BIO_number_written(bio)
-	BIO *bio;
-	CODE:
-		RETVAL=BIO_number_written(bio);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BIO_references(bio)
-	BIO *bio;
-	CODE:
-		RETVAL=bio->references;	
-	OUTPUT:
-		RETVAL
-
diff --git a/perl/openssl_bn.xs b/perl/openssl_bn.xs
deleted file mode 100644
index c15be3729a..0000000000
--- a/perl/openssl_bn.xs
+++ /dev/null
@@ -1,589 +0,0 @@
-#include "p5SSLeay.h"
-
-int sv_to_BIGNUM(var,arg,name)
-BIGNUM **var;
-SV *arg;
-char *name;
-	{
-	int ret=1;
-
-	if (sv_derived_from(arg,"SSLeay::BN"))
-		{
-		IV tmp = SvIV((SV*)SvRV(arg));
-		*var = (BIGNUM *) tmp;
-		}
-	else if (SvIOK(arg)) {
-		SV *tmp=sv_newmortal();
-		*var=BN_new();
-		BN_set_word(*var,SvIV(arg));
-		sv_setref_pv(tmp,"SSLeay::BN",(void*)*var);
-		}
-	else if (SvPOK(arg)) {
-		char *ptr;
-		STRLEN len;
-		SV *tmp=sv_newmortal();
-		*var=BN_new();
-		sv_setref_pv(tmp,"SSLeay::BN", (void*)*var);
-		ptr=SvPV(arg,len);
-		SvGROW(arg,len+1);
-		ptr[len]='\0';
-		BN_dec2bn(var,ptr);
-		}
-	else
-		{
-		croak(name);
-		ret=0;
-		}
-	return(ret);
-	}
-
-typedef struct gpc_args_st {
-	SV *cb;
-	SV *arg;
-	} GPC_ARGS;
-
-static void generate_prime_callback(pos,num,arg)
-int pos;
-int num;
-char *arg;
-	{
-	dSP ;
-	int i;
-	GPC_ARGS *a=(GPC_ARGS *)arg;
-
-	ENTER ;
-	SAVETMPS ;
-
-	PUSHMARK(sp);
-	XPUSHs(sv_2mortal(newSViv(pos)));
-	XPUSHs(sv_2mortal(newSViv(num)));
-	XPUSHs(sv_2mortal(newSVsv(a->arg)));
-	PUTBACK;
-
-	i=perl_call_sv(a->cb,G_DISCARD);
-
-	SPAGAIN;
-
-	PUTBACK;
-	FREETMPS;
-	LEAVE;
-	}
-
-MODULE =  SSLeay::BN	PACKAGE = SSLeay::BN	PREFIX = p5_BN_
-
-VERSIONCHECK: DISABLE
-
-void
-p5_BN_new(...)
-	PREINIT:
-		BIGNUM *bn;
-		SV *arg;
-	PPCODE:
-		pr_name("p5_BN_new");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		bn=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)bn);
-
-void
-p5_BN_dup(a)
-	BIGNUM *a;
-	PREINIT:
-		BIGNUM *bn;
-	PPCODE:
-		pr_name("p5_BN_dup");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		bn=BN_dup(a);
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)bn);
-
-void
-p5_BN_rand(bits,...)
-	int bits;
-	PREINIT:
-		int top=1;
-		int bottom=0;
-		BIGNUM *ret;
-	PPCODE:	
-		pr_name("p5_BN_rand");
-		if ((items < 1) || (items > 3))
-			croak("Usage: SSLeay::BN::rand(bits[,top_bit][,bottombit]");
-		if (items >= 2) top=(int)SvIV(ST(0));
-		if (items >= 3) bottom=(int)SvIV(ST(1));
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		BN_rand(ret,bits,top,bottom);
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-
-void
-p5_BN_bin2bn(a)
-	datum a;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_bin2bn");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_bin2bn(a.dptr,a.dsize,NULL);
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-
-void
-p5_BN_bn2bin(a)
-	BIGNUM *a;
-	PREINIT:
-		int i;
-	PPCODE:
-		pr_name("p5_BN_bn2bin");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		i=BN_num_bytes(a)+2;
-		sv_setpvn(ST(0),"",1);
-		SvGROW(ST(0),i+1);
-		SvCUR_set(ST(0),BN_bn2bin(a,SvPV(ST(0),na)));
-
-void
-p5_BN_mpi2bn(a)
-	datum a;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_mpi2bn");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_mpi2bn(a.dptr,a.dsize,NULL);
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-
-void
-p5_BN_bn2mpi(a)
-	BIGNUM *a;
-	PREINIT:
-		int i;
-	PPCODE:
-		pr_name("p5_BN_bn2mpi");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		i=BN_bn2mpi(a,NULL);
-		sv_setpvn(ST(0),"",1);
-		SvGROW(ST(0),i+1);
-		SvCUR_set(ST(0),BN_bn2mpi(a,SvPV(ST(0),na)));
-
-void
-p5_BN_hex2bn(a)
-	datum a;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_hex2bn");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_hex2bn(&ret,a.dptr);
-
-void
-p5_BN_dec2bn(a)
-	datum a;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_dec2bn");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_dec2bn(&ret,a.dptr);
-
-SV *
-p5_BN_bn2hex(a)
-	BIGNUM *a;
-	PREINIT:
-		char *ptr;
-		int i;
-	CODE:
-		pr_name("p5_BN_bn2hex");
-		ptr=BN_bn2hex(a);
-		RETVAL=newSVpv("",0);
-		i=strlen(ptr);
-		SvGROW(RETVAL,i+1);
-		memcpy(SvPV(RETVAL,na),ptr,i+1);
-		SvCUR_set(RETVAL,i);
-		Free(ptr);
-	OUTPUT:
-		RETVAL
-
-SV *
-p5_BN_bn2dec(a)
-	BIGNUM *a;
-	PREINIT:
-		char *ptr;
-		int i;
-	CODE:
-		pr_name("p5_BN_bn2dec");
-		ptr=BN_bn2dec(a);
-		RETVAL=newSVpv("",0);
-		i=strlen(ptr);
-		SvGROW(RETVAL,i+1);
-		memcpy(SvPV(RETVAL,na),ptr,i+1);
-		SvCUR_set(RETVAL,i);
-		Free(ptr);
-	OUTPUT:
-		RETVAL
-
-void
-p5_BN_add(a,b)
-	BIGNUM *a;
-	BIGNUM *b;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_add");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_add(ret,a,b);
-
-void
-p5_BN_sub(a,b)
-	BIGNUM *a;
-	BIGNUM *b;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_sub");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_sub(ret,a,b);
-
-void
-p5_BN_mul(a,b)
-	BIGNUM *a;
-	BIGNUM *b;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_mul");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_mul(ret,a,b);
-
-void
-p5_BN_div(a,b)
-	BIGNUM *a;
-	BIGNUM *b;
-	PREINIT:
-		static BN_CTX *ctx=NULL;
-		BIGNUM *div,*mod;
-	PPCODE:
-		pr_name("p5_BN_div");
-		if (ctx == NULL) ctx=BN_CTX_new();
-		EXTEND(sp,2);
-		PUSHs(sv_newmortal());
-		PUSHs(sv_newmortal());
-		div=BN_new();
-		mod=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)div);
-		sv_setref_pv(ST(1), "SSLeay::BN", (void*)mod);
-		BN_div(div,mod,a,b,ctx);
-
-void
-p5_BN_mod(a,b)
-	BIGNUM *a;
-	BIGNUM *b;
-	PREINIT:
-		static BN_CTX *ctx=NULL;
-		BIGNUM *rem;
-	PPCODE:
-		pr_name("p5_BN_mod");
-		if (ctx == NULL) ctx=BN_CTX_new();
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		rem=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)rem);
-		BN_mod(rem,a,b,ctx);
-
-void
-p5_BN_exp(a,p)
-	BIGNUM *a;
-	BIGNUM *p;
-	PREINIT:
-		BIGNUM *ret;
-		static BN_CTX *ctx=NULL;
-	PPCODE:
-		pr_name("p5_BN_exp");
-		if (ctx == NULL) ctx=BN_CTX_new();
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_exp(ret,a,p,ctx);
-
-void
-p5_BN_mod_mul(a,b,c)
-	BIGNUM *a;
-	BIGNUM *b;
-	BIGNUM *c;
-	PREINIT:
-		static BN_CTX *ctx=NULL;
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_mod_mul");
-		if (ctx == NULL) ctx=BN_CTX_new();
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_mod_mul(ret,a,b,c,ctx);
-
-void
-p5_BN_mod_exp(a,b,c)
-	BIGNUM *a;
-	BIGNUM *b;
-	BIGNUM *c;
-	PREINIT:
-		static BN_CTX *ctx=NULL;
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_mod_exp");
-		if (ctx == NULL) ctx=BN_CTX_new();
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_mod_exp(ret,a,b,c,ctx);
-
-void
-p5_BN_generate_prime(...)
-	PREINIT:
-		int bits=512;
-		int strong=0;
-		BIGNUM *ret=NULL;
-		SV *callback=NULL;
-		SV *cb_arg=NULL;
-		GPC_ARGS arg;
-		dSP;
-
-	PPCODE:
-		pr_name("p5_BN_generate_prime");
-		if ((items < 0) || (items > 4))
-			croak("Usage: SSLeay::BN::generate_prime(a[,strong][,callback][,cb_arg]");
-		if (items >= 1) bits=(int)SvIV(ST(0));
-		if (items >= 2) strong=(int)SvIV(ST(1));
-		if (items >= 3) callback=ST(2);
-		if (items == 4) cb_arg=ST(3);
-
-		if (callback == NULL)
-			ret=BN_generate_prime(bits,strong,NULL,NULL,NULL,NULL);
-		else
-			{
-			arg.cb=callback;
-			arg.arg=cb_arg;
-
-			ret=BN_generate_prime(bits,strong,NULL,NULL,
-				generate_prime_callback,(char *)&arg);
-			}
-
-		SPAGAIN;
-		sp-=items; /* a bit evil that I do this */
-
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-
-void
-p5_BN_is_prime(p,...)
-	BIGNUM *p;
-	PREINIT:
-	int nchecks=5,ret;
-	SV *callback=NULL;
-	SV *cb_arg=NULL;
-	GPC_ARGS arg;
-	dSP;
-	static BN_CTX *ctx=NULL;
-	PPCODE:
-		pr_name("p5_BN_is_prime");
-		if ((items < 1) || (items > 4))
-			croak("Usage: SSLeay::BN::is_prime(a[,ncheck][,callback][,callback_arg]");
-		if (ctx == NULL) ctx=BN_CTX_new();
-		if (items >= 2) nchecks=(int)SvIV(ST(1));
-		if (items >= 3) callback=ST(2);
-		if (items >= 4) cb_arg=ST(3);
-		arg.arg=cb_arg; 
-		if (callback == NULL)
-			ret=BN_is_prime(p,nchecks,NULL,ctx,NULL);
-		else
-			{
-			arg.cb=callback;
-			arg.arg=cb_arg;
-			ret=BN_is_prime(p,nchecks,generate_prime_callback,
-				ctx,(char *)&arg);
-			}
-		SPAGAIN;
-		sp-=items; /* a bit evil */
-		PUSHs(sv_2mortal(newSViv(ret)));
-
-int
-p5_BN_num_bits(a)
-	BIGNUM *a;
-	CODE:
-		pr_name("p5_BN_num_bits");
-		RETVAL=BN_num_bits(a);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BN_cmp(a,b)
-	BIGNUM *a;
-	BIGNUM *b;
-	CODE:
-		pr_name("p5_BN_cmp");
-		RETVAL=BN_cmp(a,b);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BN_ucmp(a,b)
-	BIGNUM *a;
-	BIGNUM *b;
-	CODE:
-		pr_name("p5_BN_ucmp");
-		RETVAL=BN_ucmp(a,b);
-	OUTPUT:
-		RETVAL
-
-int
-p5_BN_is_bit_set(a,b)
-	BIGNUM *a;
-	int b;
-	CODE:
-		pr_name("p5_BN_is_bit_set");
-		RETVAL=BN_is_bit_set(a,b);
-	OUTPUT:
-		RETVAL
-
-void
-p5_BN_set_bit(a,b)
-	BIGNUM *a;
-	int b;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_set_bit");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_dup(a);
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_set_bit(ret,b);
-
-void
-p5_BN_clear_bit(a,b)
-	BIGNUM *a;
-	int b;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_clear_bit");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_dup(a);
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_clear_bit(ret,b);
-
-void
-p5_BN_lshift(a,b)
-	BIGNUM *a;
-	int b;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_lshift");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		if (b == 1)
-			BN_lshift1(ret,a);
-		else
-			BN_lshift(ret,a,b);
-
-void
-p5_BN_rshift(a,b)
-	BIGNUM *a;
-	int b;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_rshift");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		if (b == 1)
-			BN_rshift1(ret,a);
-		else
-			BN_rshift(ret,a,b);
-
-void
-p5_BN_mask_bits(a,b)
-	BIGNUM *a;
-	int b;
-	PREINIT:
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_mask_bits");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_dup(a);
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_mask_bits(ret,b);
-
-void
-p5_BN_clear(a)
-	BIGNUM *a;
-	PPCODE:
-		pr_name("p5_BN_clear");
-		BN_clear(a);
-
-void
-p5_BN_gcd(a,b)
-	BIGNUM *a;
-	BIGNUM *b;
-	PREINIT:
-		static BN_CTX *ctx=NULL;
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_gcd");
-		if (ctx == NULL) ctx=BN_CTX_new();
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ret=BN_new();
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-		BN_gcd(ret,a,b,ctx);
-
-void
-p5_BN_mod_inverse(a,mod)
-	BIGNUM *a;
-	BIGNUM *mod;
-	PREINIT:
-		static BN_CTX *ctx=NULL;
-		BIGNUM *ret;
-	PPCODE:
-		pr_name("p5_BN_mod_inverse");
-		if (ctx == NULL) ctx=BN_CTX_new();
-		ret=BN_mod_inverse(a,mod,ctx);
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		sv_setref_pv(ST(0), "SSLeay::BN", (void*)ret);
-
-void
-p5_BN_DESTROY(bn)
-	BIGNUM *bn
-	CODE:
-	pr_name("p5_BN_DESTROY");
-	BN_free(bn);
-
diff --git a/perl/openssl_cb.c b/perl/openssl_cb.c
deleted file mode 100644
index 4e39c16d70..0000000000
--- a/perl/openssl_cb.c
+++ /dev/null
@@ -1,103 +0,0 @@
-/* perl/callback.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-SV *new_ref(type,obj,mort)
-char *type;
-char *obj;
-	{
-	SV *ret;
-
-	if (mort)
-		ret=sv_newmortal();
-	else
-		ret=newSViv(0);
-	sv_setref_pv(ret,type,(void *)obj);
-	return(ret);
-	}
-
-int ex_new(obj,data,ad,idx,argl,argp)
-char *obj;
-SV *data;
-CRYPTO_EX_DATA *ad;
-int idx;
-long argl;
-char *argp;
-	{
-	SV *sv;
-
-fprintf(stderr,"ex_new idx=%d %08X %s\n",idx,obj,argp);
-	sv=sv_newmortal();
-	sv_setref_pv(sv,argp,(void *)obj);
-	CRYPTO_set_ex_data(ad,idx,(char *)sv);
-	return(1);
-	}
-
-void ex_cleanup(obj,data,ad,idx,argl,argp)
-char *obj;
-SV *data;
-CRYPTO_EX_DATA *ad;
-int idx;
-long argl;
-char *argp;
-	{
-	pr_name("ex_cleanup");
-fprintf(stderr,"ex_cleanup %08X %s\n",obj,argp);
-	if (data != NULL)
-		SvREFCNT_dec((SV *)data);
-	}
-
diff --git a/perl/openssl_cipher.xs b/perl/openssl_cipher.xs
deleted file mode 100644
index 1044d7a4ef..0000000000
--- a/perl/openssl_cipher.xs
+++ /dev/null
@@ -1,152 +0,0 @@
-#include "p5SSLeay.h"
-
-int boot_cipher()
-	{
-        SSLeay_add_all_ciphers();
-	return(1);
-	}
-
-MODULE =  SSLeay::Cipher	PACKAGE = SSLeay::Cipher PREFIX = p5_EVP_C_
-
-VERSIONCHECK: DISABLE
-
-void
-p5_EVP_C_new(...)
-	PREINIT:
-		EVP_CIPHER_CTX *ctx;
-		EVP_CIPHER *c;
-		char *name;
-	PPCODE:
-		if ((items == 1) && SvPOK(ST(0)))
-			name=SvPV(ST(0),na);
-		else if ((items == 2) && SvPOK(ST(1)))
-			name=SvPV(ST(1),na);
-		else
-			croak("Usage: SSLeay::Cipher::new(type)");
-		PUSHs(sv_newmortal());
-		c=EVP_get_cipherbyname(name);
-		if (c != NULL)
-			{
-			ctx=malloc(sizeof(EVP_CIPHER_CTX));
-			EVP_EncryptInit(ctx,c,NULL,NULL);
-			sv_setref_pv(ST(0), "SSLeay::Cipher", (void*)ctx);
-			}
-
-datum
-p5_EVP_C_name(ctx)
-	EVP_CIPHER_CTX *ctx
-	CODE:
-		RETVAL.dptr=OBJ_nid2ln(EVP_CIPHER_CTX_nid(ctx));
-		RETVAL.dsize=strlen(RETVAL.dptr);
-	OUTPUT:
-		RETVAL
-
-int
-p5_EVP_C_key_length(ctx)
-	EVP_CIPHER_CTX *ctx
-	CODE:
-		RETVAL=EVP_CIPHER_CTX_key_length(ctx);
-	OUTPUT:
-		RETVAL
-
-int
-p5_EVP_C_iv_length(ctx)
-	EVP_CIPHER_CTX *ctx
-	CODE:
-		RETVAL=EVP_CIPHER_CTX_iv_length(ctx);
-	OUTPUT:
-		RETVAL
-	
-int
-p5_EVP_C_block_size(ctx)
-	EVP_CIPHER_CTX *ctx
-	CODE:
-		RETVAL=EVP_CIPHER_CTX_block_size(ctx);
-	OUTPUT:
-		RETVAL
-	
-void
-p5_EVP_C_init(ctx,key,iv,enc)
-	EVP_CIPHER_CTX *ctx
-	datum key
-	datum iv
-	int enc
-	PREINIT:
-		char loc_iv[EVP_MAX_IV_LENGTH];
-		char loc_key[EVP_MAX_KEY_LENGTH];
-		char *ip=loc_iv,*kp=loc_key;
-		int i;
-		memset(loc_iv,0,EVP_MAX_IV_LENGTH);
-		memset(loc_key,0,EVP_MAX_KEY_LENGTH);
-	CODE:
-		i=key.dsize;
-		if (key.dsize > EVP_CIPHER_CTX_key_length(ctx))
-			i=EVP_CIPHER_CTX_key_length(ctx);
-		if (i > 0)
-			{
-			memset(kp,0,EVP_MAX_KEY_LENGTH);
-			memcpy(kp,key.dptr,i);
-			}
-		else
-			kp=NULL;
-		i=iv.dsize;
-		if (iv.dsize > EVP_CIPHER_CTX_iv_length(ctx))
-			i=EVP_CIPHER_CTX_iv_length(ctx);
-		if (i > 0)
-			{
-			memcpy(ip,iv.dptr,i);
-			memset(ip,0,EVP_MAX_IV_LENGTH);
-			}
-		else
-			ip=NULL;
-		EVP_CipherInit(ctx,EVP_CIPHER_CTX_cipher(ctx),kp,ip,enc);
-		memset(loc_key,0,sizeof(loc_key));
-		memset(loc_iv,0,sizeof(loc_iv));
-
-SV *
-p5_EVP_C_cipher(ctx,in)
-	EVP_CIPHER_CTX *ctx;
-	datum in;
-	CODE:
-		RETVAL=newSVpv("",0);
-		SvGROW(RETVAL,in.dsize+EVP_CIPHER_CTX_block_size(ctx)+1);
-		EVP_Cipher(ctx,SvPV(RETVAL,na),in.dptr,in.dsize);
-		SvCUR_set(RETVAL,in.dsize);
-	OUTPUT:
-		RETVAL
-
-SV *
-p5_EVP_C_update(ctx, in)
-	EVP_CIPHER_CTX *ctx
-	datum in
-	PREINIT:
-	int i;
-	CODE:
-		RETVAL=newSVpv("",0);
-		SvGROW(RETVAL,in.dsize+EVP_CIPHER_CTX_block_size(ctx)+1);
-		EVP_CipherUpdate(ctx,SvPV(RETVAL,na),&i,in.dptr,in.dsize);
-		SvCUR_set(RETVAL,i);
-	OUTPUT:
-		RETVAL
-
-SV *
-p5_EVP_C_final(ctx)
-	EVP_CIPHER_CTX *ctx
-	PREINIT:
-	int i;
-	CODE:
-		RETVAL=newSVpv("",0);
-		SvGROW(RETVAL,EVP_CIPHER_CTX_block_size(ctx)+1);
-		if (!EVP_CipherFinal(ctx,SvPV(RETVAL,na),&i))
-			sv_setpv(RETVAL,"BAD DECODE");
-		else
-			SvCUR_set(RETVAL,i);
-	OUTPUT:
-		RETVAL
-
-void
-p5_EVP_C_DESTROY(ctx)
-	EVP_CIPHER_CTX *ctx
-	CODE:
-	free((char *)ctx);
-
diff --git a/perl/openssl_digest.xs b/perl/openssl_digest.xs
deleted file mode 100644
index 5738b09e48..0000000000
--- a/perl/openssl_digest.xs
+++ /dev/null
@@ -1,83 +0,0 @@
-#include "p5SSLeay.h"
-
-int boot_digest()
-	{
-	SSLeay_add_all_digests();
-	return(1);
-	}
-
-MODULE =  SSLeay::MD	PACKAGE = SSLeay::MD	PREFIX = p5_EVP_MD_
-
-PROTOTYPES: ENABLE
-VERSIONCHECK: DISABLE
-
-# SSLeay::MD::new(name) name= md2, md5, sha, sha1, or mdc2
-#	md->name() - returns the name
-#	md->init() - reinitalises the digest
-#	md->update(data) - adds more data to digest
-#	digest=md->final() - returns digest
-#
-
-void
-p5_EVP_MD_new(...)
-	PREINIT:
-		EVP_MD_CTX *ctx;
-		EVP_MD *md;
-		char *name;
-	PPCODE:
-		if ((items == 1) && SvPOK(ST(0)))
-			name=SvPV(ST(0),na);
-		else if ((items == 2) && SvPOK(ST(1)))
-			name=SvPV(ST(1),na);
-		else
-			croak("Usage: SSLeay::MD::new(type)");
-		PUSHs(sv_newmortal());
-		md=EVP_get_digestbyname(name);
-		if (md != NULL)
-			{
-			ctx=malloc(sizeof(EVP_MD_CTX));
-			EVP_DigestInit(ctx,md);
-			sv_setref_pv(ST(0), "SSLeay::MD", (void*)ctx);
-			}
-
-datum
-p5_EVP_MD_name(ctx)
-	EVP_MD_CTX *ctx
-	CODE:
-		RETVAL.dptr=OBJ_nid2ln(EVP_MD_type(EVP_MD_CTX_type(ctx)));
-		RETVAL.dsize=strlen(RETVAL.dptr);
-	OUTPUT:
-		RETVAL
-	
-void
-p5_EVP_MD_init(ctx)
-	EVP_MD_CTX *ctx
-	CODE:
-		EVP_DigestInit(ctx,EVP_MD_CTX_type(ctx));
-
-void
-p5_EVP_MD_update(ctx, in)
-	EVP_MD_CTX *ctx
-	datum in
-	CODE:
-		EVP_DigestUpdate(ctx,in.dptr,in.dsize);
-
-datum
-p5_EVP_MD_final(ctx)
-	EVP_MD_CTX *ctx
-	PREINIT:
-		char md[EVP_MAX_MD_SIZE];
-		int len;
-	CODE:
-		EVP_DigestFinal(ctx,md,&len);
-		RETVAL.dptr=md;
-		RETVAL.dsize=len;
-	OUTPUT:
-		RETVAL
-
-void
-p5_EVP_MD_DESTROY(ctx)
-	EVP_MD_CTX *ctx
-	CODE:
-	free((char *)ctx);
-
diff --git a/perl/openssl_err.xs b/perl/openssl_err.xs
deleted file mode 100644
index 6d1aec3ea1..0000000000
--- a/perl/openssl_err.xs
+++ /dev/null
@@ -1,46 +0,0 @@
-#include "p5SSLeay.h"
-
-int boot_err()
-	{
-	SSL_load_error_strings();
-	return(1);
-	}
-
-MODULE =  SSLeay::ERR	PACKAGE = SSLeay::ERR	PREFIX = p5_ERR_
-
-PROTOTYPES: ENABLE
-VERSIONCHECK: DISABLE
-
-#	md->error() - returns the last error in text or numeric context
-
-void
-p5_ERR_get_error(...)
-	PPCODE:
-		char buf[512];
-		unsigned long l;
-
-		pr_name("p5_ERR_get_code");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		l=ERR_get_error();
-		ERR_error_string(l,buf);
-		sv_setiv(ST(0),l);
-		sv_setpv(ST(0),buf);
-		SvIOK_on(ST(0));
-
-void
-p5_ERR_peek_error(...)
-	PPCODE:
-		char buf[512];
-		unsigned long l;
-
-		pr_name("p5_ERR_get_code");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		l=ERR_peek_error();
-		ERR_error_string(l,buf);
-		sv_setiv(ST(0),l);
-		sv_setpv(ST(0),buf);
-		SvIOK_on(ST(0));
-
-
diff --git a/perl/openssl_ssl.xs b/perl/openssl_ssl.xs
deleted file mode 100644
index 05834797e3..0000000000
--- a/perl/openssl_ssl.xs
+++ /dev/null
@@ -1,474 +0,0 @@
-#include "p5SSLeay.h"
-
-static int p5_ssl_ex_ssl_ptr=0;
-static int p5_ssl_ex_ssl_info_callback=0;
-static int p5_ssl_ex_ssl_ctx_ptr=0;
-static int p5_ssl_ctx_ex_ssl_info_callback=0;
-
-typedef struct ssl_ic_args_st {
-	SV *cb;
-	SV *arg;
-	} SSL_IC_ARGS;
-
-static void p5_ssl_info_callback(ssl,mode,ret)
-SSL *ssl;
-int mode;
-int ret;
-	{
-	int i;
-	SV *me,*cb;
-
-	me=(SV *)SSL_get_ex_data(ssl,p5_ssl_ex_ssl_ptr);
-	cb=(SV *)SSL_get_ex_data(ssl,p5_ssl_ex_ssl_info_callback);
-	if (cb == NULL)
-		cb=(SV *)SSL_CTX_get_ex_data(
-			SSL_get_SSL_CTX(ssl),p5_ssl_ctx_ex_ssl_info_callback);
-	if (cb != NULL)
-		{
-		dSP;
-
-		PUSHMARK(sp);
-		XPUSHs(me);
-		XPUSHs(sv_2mortal(newSViv(mode)));
-		XPUSHs(sv_2mortal(newSViv(ret)));
-		PUTBACK;
-
-		i=perl_call_sv(cb,G_DISCARD);
-		}
-	else
-		{
-		croak("Internal error in SSL p5_ssl_info_callback");
-		}
-	}
-
-int boot_ssl()
-	{
-	p5_ssl_ex_ssl_ptr=		
-		SSL_get_ex_new_index(0,"SSLeay::SSL",ex_new,NULL,ex_cleanup);
-	p5_ssl_ex_ssl_info_callback=
-		SSL_get_ex_new_index(0,"ssl_info_callback",NULL,NULL,
-			ex_cleanup);
-	p5_ssl_ex_ssl_ctx_ptr=
-		SSL_get_ex_new_index(0,"ssl_ctx_ptr",NULL,NULL,
-			ex_cleanup);
-	p5_ssl_ctx_ex_ssl_info_callback=
-		SSL_CTX_get_ex_new_index(0,"ssl_ctx_info_callback",NULL,NULL,
-			ex_cleanup);
-	return(1);
-	}
-
-MODULE =  SSLeay::SSL	PACKAGE = SSLeay::SSL::CTX PREFIX = p5_SSL_CTX_
-
-VERSIONCHECK: DISABLE
-
-void
-p5_SSL_CTX_new(...)
-	PREINIT:
-		SSL_METHOD *meth;
-		SSL_CTX *ctx;
-		char *method;
-	PPCODE:
-		pr_name("p5_SSL_CTX_new");
-		if ((items == 1) && SvPOK(ST(0)))
-			method=SvPV(ST(0),na);
-		else if ((items == 2) && SvPOK(ST(1)))
-			method=SvPV(ST(1),na);
-		else
-			croak("Usage: SSLeay::SSL_CTX::new(type)");
-			
-		if (strcmp(method,"SSLv3") == 0)
-			meth=SSLv3_method();
-		else if (strcmp(method,"SSLv3_client") == 0)
-			meth=SSLv3_client_method();
-		else if (strcmp(method,"SSLv3_server") == 0)
-			meth=SSLv3_server_method();
-		else if (strcmp(method,"SSLv23") == 0)
-			meth=SSLv23_method();
-		else if (strcmp(method,"SSLv23_client") == 0)
-			meth=SSLv23_client_method();
-		else if (strcmp(method,"SSLv23_server") == 0)
-			meth=SSLv23_server_method();
-		else if (strcmp(method,"SSLv2") == 0)
-			meth=SSLv2_method();
-		else if (strcmp(method,"SSLv2_client") == 0)
-			meth=SSLv2_client_method();
-		else if (strcmp(method,"SSLv2_server") == 0)
-			meth=SSLv2_server_method();
-		else
-			{
-			croak("Not passed a valid SSL method name, should be 'SSLv[23] [client|server]'");
-			}
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ctx=SSL_CTX_new(meth);
-		sv_setref_pv(ST(0), "SSLeay::SSL::CTX", (void*)ctx);
-
-int
-p5_SSL_CTX_use_PrivateKey_file(ctx,file,...)
-	SSL_CTX *ctx;
-	char *file;
-	PREINIT:
-		int i=SSL_FILETYPE_PEM;
-		char *ptr;
-	CODE:
-		pr_name("p5_SSL_CTX_use_PrivateKey_file");
-		if (items > 3)
-			croak("SSLeay::SSL::CTX::use_PrivateKey_file(ssl_ctx,file[,type])");
-		if (items == 3)
-			{
-			ptr=SvPV(ST(2),na);
-			if (strcmp(ptr,"der") == 0)
-				i=SSL_FILETYPE_ASN1;
-			else
-				i=SSL_FILETYPE_PEM;
-			}
-		RETVAL=SSL_CTX_use_RSAPrivateKey_file(ctx,file,i);
-	OUTPUT:
-		RETVAL
-
-int
-p5_SSL_CTX_set_options(ctx,...)
-	SSL_CTX *ctx;
-	PREINIT:
-		int i;
-		char *ptr;
-		SV *sv;
-	CODE:
-		pr_name("p5_SSL_CTX_set_options");
-
-		for (i=1; i<items; i++)
-			{
-			if (!SvPOK(ST(i)))
-				croak("Usage: SSLeay::SSL_CTX::set_options(ssl_ctx[,option,value]+)");
-			ptr=SvPV(ST(i),na);
-			if (strcmp(ptr,"-info_callback") == 0)
-				{
-				SSL_CTX_set_info_callback(ctx,
-					p5_ssl_info_callback);
-				sv=sv_mortalcopy(ST(i+1));
-				SvREFCNT_inc(sv);
-				SSL_CTX_set_ex_data(ctx,
-					p5_ssl_ctx_ex_ssl_info_callback,
-						(char *)sv);
-				i++;
-				}
-			else
-				{
-				croak("SSLeay::SSL_CTX::set_options(): unknown option");
-				}
-			}
-
-void
-p5_SSL_CTX_DESTROY(ctx)
-	SSL_CTX *ctx
-	PREINIT:
-		SV *sv;
-	PPCODE:
-		pr_name_d("p5_SSL_CTX_DESTROY",ctx->references);
-		SSL_CTX_free(ctx);
-
-MODULE =  SSLeay::SSL	PACKAGE = SSLeay::SSL PREFIX = p5_SSL_
-
-void
-p5_SSL_new(...)
-	PREINIT:
-		SV *sv_ctx;
-		SSL_CTX *ctx;
-		SSL *ssl;
-		int i;
-		SV *arg;
-	PPCODE:
-		pr_name("p5_SSL_new");
-		if ((items != 1) && (items != 2))
-			croak("Usage: SSLeay::SSL::new(ssl_ctx)");
-		if (sv_derived_from(ST(items-1),"SSLeay::SSL::CTX"))
-			{
-			IV tmp = SvIV((SV*)SvRV(ST(items-1)));
-			ctx=(SSL_CTX *)tmp;
-			sv_ctx=ST(items-1);
-			}
-		else
-			croak("ssl_ctx is not of type SSLeay::SSL::CTX");
-
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ssl=SSL_new(ctx);
-		sv_setref_pv(ST(0), "SSLeay::SSL", (void*)ssl);
-
-		/* Now this is being a little hairy, we keep a pointer to
-		 * our perl reference.  We need to do a different one
-		 * to the one we return because it will have it's reference
-		 * count droped to 0 apon return and if we up its reference
-		 * count, it will never be DESTROYED */
-		arg=newSVsv(ST(0));
-		SSL_set_ex_data(ssl,p5_ssl_ex_ssl_ptr,(char *)arg);
-		SvREFCNT_inc(sv_ctx);
-		SSL_set_ex_data(ssl,p5_ssl_ex_ssl_ctx_ptr,(char *)sv_ctx);
-
-int
-p5_SSL_connect(ssl)
-	SSL *ssl;
-	CODE:
-		RETVAL=SSL_connect(ssl);
-	OUTPUT:
-		RETVAL
-
-int
-p5_SSL_accept(ssl)
-	SSL *ssl;
-	CODE:
-		RETVAL=SSL_connect(ssl);
-	OUTPUT:
-		RETVAL
-
-int
-p5_SSL_sysread(ssl,in,num, ...)
-	SSL *ssl;
-	SV *in;
-	int num;
-	PREINIT:
-		int i,n,olen;
-		int offset;
-		char *p;
-	CODE:
-		offset=0;
-		if (!SvPOK(in))
-			sv_setpvn(in,"",0);
-		SvPV(in,olen);
-		if (items > 3)
-			{
-			offset=SvIV(ST(3));
-			if (offset < 0)
-				{
-				if (-offset > olen)
-					croak("Offset outside string");
-				offset+=olen;
-				}
-			}
-		if ((num+offset) > olen)
-			{
-			SvGROW(in,num+offset+1);
-			p=SvPV(in,i);
-			memset(&(p[olen]),0,(num+offset)-olen+1);
-			}
-		p=SvPV(in,n);
-
-		i=SSL_read(ssl,p+offset,num);
-		RETVAL=i;
-		if (i <= 0) i=0;
-		SvCUR_set(in,offset+i);
-	OUTPUT:
-		RETVAL
-
-int
-p5_SSL_syswrite(ssl,in, ...)
-	SSL *ssl;
-	SV *in;
-	PREINIT:
-		char *ptr;
-		int len,in_len;
-		int offset=0;
-		int n;
-	CODE:
-		ptr=SvPV(in,in_len);
-		if (items > 2)
-			{
-			len=SvOK(ST(2))?SvIV(ST(2)):in_len;
-			if (items > 3)
-				{
-				offset=SvIV(ST(3));
-				if (offset < 0)
-					{
-					if (-offset > in_len)
-						croak("Offset outside string");
-					offset+=in_len;
-					}
-				else if ((offset >= in_len) && (in_len > 0))
-					croak("Offset outside string");
-				}
-			if (len >= (in_len-offset))
-				len=in_len-offset;
-			}
-		else
-			len=in_len;
-
-		RETVAL=SSL_write(ssl,ptr+offset,len);
-	OUTPUT:
-		RETVAL
-
-void
-p5_SSL_set_bio(ssl,bio)
-	SSL *ssl;
-	BIO *bio;
-	CODE:
-		bio->references++;
-		SSL_set_bio(ssl,bio,bio);
-
-int
-p5_SSL_set_options(ssl,...)
-	SSL *ssl;
-	PREINIT:
-		int i;
-		char *ptr;
-		SV *sv;
-	CODE:
-		pr_name("p5_SSL_set_options");
-
-		for (i=1; i<items; i++)
-			{
-			if (!SvPOK(ST(i)))
-				croak("Usage: SSLeay::SSL::set_options(ssl[,option,value]+)");
-			ptr=SvPV(ST(i),na);
-			if (strcmp(ptr,"-info_callback") == 0)
-				{
-				SSL_set_info_callback(ssl,
-					p5_ssl_info_callback);
-				sv=sv_mortalcopy(ST(i+1));
-				SvREFCNT_inc(sv);
-				SSL_set_ex_data(ssl,
-					p5_ssl_ex_ssl_info_callback,(char *)sv);
-				i++;
-				}
-			else if (strcmp(ptr,"-connect_state") == 0)
-				{
-				SSL_set_connect_state(ssl);
-				}
-			else if (strcmp(ptr,"-accept_state") == 0)
-				{
-				SSL_set_accept_state(ssl);
-				}
-			else
-				{
-				croak("SSLeay::SSL::set_options(): unknown option");
-				}
-			}
-
-void
-p5_SSL_state(ssl)
-	SSL *ssl;
-	PREINIT:
-		int state;
-	PPCODE:
-		pr_name("p5_SSL_state");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		state=SSL_state(ssl);
-		sv_setpv(ST(0),SSL_state_string_long(ssl));
-		sv_setiv(ST(0),state);
-		SvPOK_on(ST(0));
-
-void
-p5_SSL_DESTROY(ssl)
-	SSL *ssl;
-	CODE:
-	pr_name_dd("p5_SSL_DESTROY",ssl->references,ssl->ctx->references);
-	fprintf(stderr,"SSL_DESTROY %d\n",ssl->references);
-	SSL_free(ssl);
-
-int
-p5_SSL_references(ssl)
-	SSL *ssl;
-	CODE:
-		RETVAL=ssl->references;
-	OUTPUT:
-		RETVAL
-
-int
-p5_SSL_do_handshake(ssl)
-	SSL *ssl;
-	CODE:
-		RETVAL=SSL_do_handshake(ssl);
-	OUTPUT:
-		RETVAL
-
-int
-p5_SSL_renegotiate(ssl)
-	SSL *ssl;
-	CODE:
-		RETVAL=SSL_renegotiate(ssl);
-	OUTPUT:
-		RETVAL
-
-int
-p5_SSL_shutdown(ssl)
-	SSL *ssl;
-	CODE:
-		RETVAL=SSL_shutdown(ssl);
-	OUTPUT:
-		RETVAL
-
-char *
-p5_SSL_get_version(ssl)
-	SSL *ssl;
-	CODE:
-		RETVAL=SSL_get_version(ssl);
-	OUTPUT:
-		RETVAL
-
-SSL_CIPHER *
-p5_SSL_get_current_cipher(ssl)
-	SSL *ssl;
-	CODE:
-		RETVAL=SSL_get_current_cipher(ssl);
-	OUTPUT:
-		RETVAL
-
-X509 *
-p5_SSL_get_peer_certificate(ssl)
-	SSL *ssl
-	CODE:
-		RETVAL=SSL_get_peer_certificate(ssl);
-	OUTPUT:
-		RETVAL
-
-MODULE =  SSLeay::SSL	PACKAGE = SSLeay::SSL::CIPHER PREFIX = p5_SSL_CIPHER_
-
-int
-p5_SSL_CIPHER_get_bits(sc)
-	SSL_CIPHER *sc
-	PREINIT:
-		int i,ret;
-	PPCODE:
-		EXTEND(sp,2);
-		PUSHs(sv_newmortal());
-		PUSHs(sv_newmortal());
-		ret=SSL_CIPHER_get_bits(sc,&i);
-		sv_setiv(ST(0),(IV)ret);
-		sv_setiv(ST(1),(IV)i);
-
-char *
-p5_SSL_CIPHER_get_version(sc)
-	SSL_CIPHER *sc
-	CODE:
-		RETVAL=SSL_CIPHER_get_version(sc);
-	OUTPUT:
-		RETVAL
-
-char *
-p5_SSL_CIPHER_get_name(sc)
-	SSL_CIPHER *sc
-	CODE:
-		RETVAL=SSL_CIPHER_get_name(sc);
-	OUTPUT:
-		RETVAL
-
-MODULE =  SSLeay::SSL	PACKAGE = SSLeay::BIO PREFIX = p5_BIO_
-
-void
-p5_BIO_get_ssl(bio)
-	BIO *bio;
-	PREINIT:
-		SSL *ssl;
-		SV *ret;
-		int i;
-	PPCODE:
-		if ((i=BIO_get_ssl(bio,&ssl)) > 0)
-			{
-			ret=(SV *)SSL_get_ex_data(ssl,p5_ssl_ex_ssl_ptr);
-			ret=sv_mortalcopy(ret);
-			}
-		else
-			ret= &sv_undef;
-		EXTEND(sp,1);
-		PUSHs(ret);
-
diff --git a/perl/openssl_x509.xs b/perl/openssl_x509.xs
deleted file mode 100644
index 67633ad225..0000000000
--- a/perl/openssl_x509.xs
+++ /dev/null
@@ -1,74 +0,0 @@
-#include "p5SSLeay.h"
-
-MODULE =  SSLeay::X509	PACKAGE = SSLeay::X509	PREFIX = p5_X509_
-
-PROTOTYPES: ENABLE
-VERSIONCHECK: DISABLE
-
-void
-p5_X509_new(void )
-	PREINIT:
-		X509 *x509;
-		SV *arg;
-	PPCODE:
-		pr_name("p5_X509_new");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		x509=X509_new();
-		sv_setref_pv(ST(0),"SSLeay::X509",(void *)x509);
-
-char *
-p5_X509_get_subject_name(x509)
-	X509 *x509;
-	PREINIT:
-		char *p;
-		X509_NAME *name;
-		char buf[1024];
-		int i;
-	CODE:
-		name=X509_get_subject_name(x509);
-		X509_NAME_oneline(name,buf,sizeof(buf));
-		p= &(buf[0]);
-		RETVAL=p;
-	OUTPUT:
-		RETVAL
-
-char *
-p5_X509_get_issuer_name(x509)
-	X509 *x509;
-	PREINIT:
-		char *p;
-		X509_NAME *name;
-		char buf[1024];
-		int i;
-	CODE:
-		name=X509_get_issuer_name(x509);
-		X509_NAME_oneline(name,buf,sizeof(buf));
-		p= &(buf[0]);
-		RETVAL=p;
-	OUTPUT:
-		RETVAL
-
-int
-p5_X509_get_version(x509)
-	X509 *x509;
-	CODE:
-		RETVAL=X509_get_version(x509);
-	OUTPUT:
-		RETVAL
-
-BIGNUM *
-p5_X509_get_serialNumber(x509)
-	X509 *x509;
-	CODE:
-		RETVAL=ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
-	OUTPUT:
-		RETVAL
-
-void
-p5_X509_DESTROY(x509)
-	X509 *x509;
-	CODE:
-	pr_name("p5_X509_DESTROY");
-	X509_free(x509);
-
diff --git a/perl/p5SSLeay.h b/perl/p5SSLeay.h
deleted file mode 100644
index bcccda7d5f..0000000000
--- a/perl/p5SSLeay.h
+++ /dev/null
@@ -1,96 +0,0 @@
-/* perl/p5SSLeay.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#ifdef __cplusplus
-extern "C" {
-#endif
-#include "EXTERN.h"
-#include "perl.h"
-#include "XSUB.h"
-#ifdef __cplusplus
-}
-#endif
-
-typedef struct datum_st
-	{
-	char *dptr;
-	int dsize;
-	} datum;
-
-#include "crypto.h"
-#include "buffer.h"
-#include "bio.h"
-#include "evp.h"
-#include "err.h"
-#include "x509.h"
-#include "ssl.h"
-
-#if 0
-#define pr_name(name)		printf("%s\n",name)
-#define pr_name_d(name,p2)	printf("%s %d\n",name,p2)
-#define pr_name_dd(name,p2,p3)	printf("%s %d %d\n",name,p2,p3)
-#else
-#define pr_name(name)
-#define pr_name_d(name,p2)
-#define pr_name_dd(name,p2,p3)
-#endif
-
-SV *new_ref(char *type, char *obj, int mort);
-int ex_new(char *obj,SV *data,CRYPTO_EX_DATA *ad,int idx,long argl,char *argp);
-void ex_cleanup(char *obj,SV *data,CRYPTO_EX_DATA *ad,int idx,
-	long argl,char *argp);
-
diff --git a/perl/r.pl b/perl/r.pl
deleted file mode 100644
index e3411948d7..0000000000
--- a/perl/r.pl
+++ /dev/null
@@ -1,56 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$bits=512;
-$bits=$ARGV[0] if $#ARGV >= 0;
-
-$q=SSLeay::BN::dec2bn("334533373942443239443435463034324139443635374634423531423146313742443038394230324138363038393539303745363034393946353346323345374537463935433635374238353245344341444241344138413244373443323338334431414134363244443532423243423133433537");
-
-$p=SSLeay::BN::dec2bn("3338413942343132463534373734353742343636444439363131313131353843334536434330363934313646414132453044434138413630434631334134443046313735313632344131433437443642434436423642453234383046393732383538444139393131314339303743393939363744443235443332393332394543384630304634323646333735");
-$pp=SSLeay::BN::generate_prime($bits/2,0,sub {print STDERR $_[0]?"+":"."});
-
-printf $pp->is_prime."\n";
-printf $p->is_prime."\n";
-printf $q->is_prime."\n";
-printf "p->length=%d\n",$p->num_bits;
-printf "q->length=%d\n",$q->num_bits;
-$bits=$p->num_bits+$q->num_bits;
-$e=SSLeay::BN::hex2bn("10001");
-
-$t1=$p-1;
-$t2=$q-1;
-
-($t1->gcd($e) == 1) || die "p failed the gcd test\n";
-($t2->gcd($e) == 1) || die "q failed the gcd test\n";
-
-($q,$p)=($p,$q) if ($p < $q);
-$n=$p*$q;
-$t=($p-1)*($q-1);
-($t->gcd($e) == 1) || die "t failed the gcd test\n";
-
-$d=$e->mod_inverse($t);
-
-$dmp1=$d%($p-1);
-$dmq1=$d%($q-1);
-$iqmp=$q->mod_inverse($p);
-
-print "n   =$n\n";
-print "e   =$e\n";
-print "d   =$d\n";
-print "dmp1=$dmp1\n";
-print "dmq1=$dmq1\n";
-print "iqmp=$iqmp\n";
-
-$a=SSLeay::BN::bin2bn("This is an RSA test");
-print "Test with\n'".$a->bn2bin."' or\n$a\n";
-
-print "<$a>\n";
-$t1=$a->mod_exp($e,$n);
-print ">$t1>\n";
-$t2=$t1->mod_exp($d,$n);
-print "<$t2>\n";
-
-
diff --git a/perl/s.pl b/perl/s.pl
deleted file mode 100644
index 4f8f417e17..0000000000
--- a/perl/s.pl
+++ /dev/null
@@ -1,72 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$ssl_ctx=SSL::CTX->new("SSLv3_client");
-
-$ssl_ctx->set_options("-info_callback" =>
-	sub	{
-		print STDERR $_[0]->state()."\n";
-		}
-	);
-
-$conn="localhost:4433";
-$conn=$ARGV[0] if $#ARGV >= 0;
-$cbio=BIO->new("connect");
-$cbio->hostname($conn) || die $ssl->error();
-
-$bbio=BIO->new("buffer");
-
-$sbio=BIO->new("ssl");
-$ssl=$ssl_ctx->new_ssl;
-$ssl->set_options(-connect_state);
-$sbio->set_ssl($ssl);
-
-$sbio->push($cbio);
-$bbio->push($sbio);
-$bio=$bbio;
-
-#$bio->set_callback(
-#	sub	{
-#		my($bio,$state,$cmd,$buf,$lart,$ret)=@_;
-#		print STDERR "$state:$cmd\n";
-#		return($ret);
-#		}
-#	);
-
-$b=$bio;
-do	{
-	print STDERR $b->type."\n";
-	} while ($b=$b->next_bio);
-
-(($ret=$bio->syswrite("GET / HTTP/1.0\r\n\r\n")) > 0) || die $bio->error();
-$bio->flush;
-
-$data="";
-while (1)
-	{
-	$ret=$bio->getline;
-	$ret =~ s/[\r\n]//g;
-	print STDERR "$ret\n";
-	last if $ret eq "";
-	$server=$1 if $ret=~ /^Server: (.*)/;
-	}
-
-
-print "server is $server\n";
-$x509=$ssl->get_peer_certificate();
-print "version     :".$x509->get_version()."\n";
-print "serialNumber:".$x509->get_serialNumber()->bn2hex."\n";
-print "subject     :".$x509->get_subject_name()."\n";
-print "issuer      :". $x509->get_issuer_name()."\n";
-
-$c=$ssl->get_current_cipher;
-($i,$a)=$c->get_bits;
-$v=$c->get_version;
-$n=$c->get_name;
-
-print "protocol=".$ssl->get_version."\n";
-print "bits=$i($a) cipher type=$v cipher=$n\n";
-
diff --git a/perl/s2.pl b/perl/s2.pl
deleted file mode 100644
index 540ca7c817..0000000000
--- a/perl/s2.pl
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$ssl_ctx=SSL::CTX->new("SSLv3");
-
-$ssl_ctx->set_options("-info_callback" =>
-	sub	{
-		print STDERR $_[0]->state()."\n";
-		}
-	);
-
-$conn="localhost:4433";
-$conn=$ARGV[0] if $#ARGV >= 0;
-$cbio=BIO->new("connect");
-$cbio->hostname($conn) || die $ssl->error();
-
-$ssl=$ssl_ctx->new_ssl;
-$sbio=BIO->new("ssl");
-$sbio->set_ssl($ssl);
-$ssl->set_options("-connect_state");
-
-$bio=BIO->new("buffer");
-
-$sbio->push($cbio);
-$bio->push($sbio);
-
-($bio->do_handshake() > 0) || die $bio->error();
-
-(($ret=$bio->syswrite("GET / HTTP/1.0\r\n\r\n")) > 0) || die $ssl->error();
-$bio->flush() || die $bio->error();
-
-$data="";
-while ($_=$bio->getline())
-	{
-	if (/^Server:/)
-		{
-		print;
-		last;
-		}
-	}
-
-if ($bio->peek_error())
-	{
-	print "There was an error:".$ssl->error();
-	}
-print "exit\n";
diff --git a/perl/server.pem b/perl/server.pem
deleted file mode 100644
index eabb927036..0000000000
--- a/perl/server.pem
+++ /dev/null
@@ -1,369 +0,0 @@
-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test cert (512 bit)
------BEGIN CERTIFICATE-----
-MIIB6TCCAVICAQAwDQYJKoZIhvcNAQEEBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
-VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNOTcwNjA5MTM1NzQ2WhcNOTgwNjA5
-MTM1NzQ2WjBjMQswCQYDVQQGEwJBVTETMBEGA1UECBMKUXVlZW5zbGFuZDEaMBgG
-A1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxIzAhBgNVBAMTGlNlcnZlciB0ZXN0IGNl
-cnQgKDUxMiBiaXQpMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJ+zw4Qnlf8SMVIP
-Fe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVDTGiXav6ooKXfX3j/7tdkuD8Ey2//
-Kv7+ue0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQB4TMR2CvacKE9wAsu9jyCX8YiW
-mgCM+YoP6kt4Zkj2z5IRfm7WrycKsnpnOR+tGeqAjkCeZ6/36o9l91RvPnN1VJ/i
-xQv2df0KFeMr00IkDdTNAdIWqFkSsZTAY2QAdgenb7MB1joejquYzO2DQIO7+wpH
-irObpESxAZLySCmPPg==
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIIBPAIBAAJBAJ+zw4Qnlf8SMVIPFe9GEcStgOY2Ww/dgNdhjeD8ckUJNP5VZkVD
-TGiXav6ooKXfX3j/7tdkuD8Ey2//Kv7+ue0CAwEAAQJAN6W31vDEP2DjdqhzCDDu
-OA4NACqoiFqyblo7yc2tM4h4xMbC3Yx5UKMN9ZkCtX0gzrz6DyF47bdKcWBzNWCj
-gQIhANEoojVt7hq+SQ6MCN6FTAysGgQf56Q3TYoJMoWvdiXVAiEAw3e3rc+VJpOz
-rHuDo6bgpjUAAXM+v3fcpsfZSNO6V7kCIQCtbVjanpUwvZkMI9by02oUk9taki3b
-PzPfAfNPYAbCJQIhAJXNQDWyqwn/lGmR11cqY2y9nZ1+5w3yHGatLrcDnQHxAiEA
-vnlEGo8K85u+KwIOimM48ZG8oTk7iFdkqLJR1utT3aU=
------END RSA PRIVATE KEY-----
-subject=/C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
-issuer= /C=US/O=AT&T Bell Laboratories/OU=Prototype Research CA
-notBefore=950413210656Z
-notAfter =970412210656Z
------BEGIN X509 CERTIFICATE-----
-
-MIICCDCCAXECAQAwDQYJKoZIhvcNAQEEBQAwTjELMAkGA1UEBhMCVVMxHzAdBgNV
-BAoUFkFUJlQgQmVsbCBMYWJvcmF0b3JpZXMxHjAcBgNVBAsUFVByb3RvdHlwZSBS
-ZXNlYXJjaCBDQTAeFw05NTA0MTMyMTA2NTZaFw05NzA0MTIyMTA2NTZaME4xCzAJ
-BgNVBAYTAlVTMR8wHQYDVQQKFBZBVCZUIEJlbGwgTGFib3JhdG9yaWVzMR4wHAYD
-VQQLFBVQcm90b3R5cGUgUmVzZWFyY2ggQ0EwgZwwDQYJKoZIhvcNAQEBBQADgYoA
-MIGGAoGAebOmgtSCl+wCYZc86UGYeTLY8cjmW2P0FN8ToT/u2pECCoFdrlycX0OR
-3wt0ZhpFXLVNeDnHwEE9veNUih7pCL2ZBFqoIoQkB1lZmXRiVtjGonz8BLm/qrFM
-YHb0lme/Ol+s118mwKVxnn6bSAeI/OXKhLaVdYZWk+aEaxEDkVkCAQ8wDQYJKoZI
-hvcNAQEEBQADgYEAAZMG14lZmZ8bahkaHaTV9dQf4p2FZiQTFwHP9ZyGsXPC+LT5
-dG5iTaRmyjNIJdPWohZDl97kAci79aBndvuEvRKOjLHs3WRGBIwERnAcnY9Mz8u/
-zIHK23PjYVxGGaZd669OJwD0CYyqH22HH9nFUGaoJdsv39ChW0NRdLE9+y8=
------END X509 CERTIFICATE-----
-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
------BEGIN CERTIFICATE-----
-MIICJjCCAY8CAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
-VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTc0M1oXDTAxMDYw
-OTEzNTc0M1owWzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
-BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYDVQQDExJUZXN0IENBICgxMDI0
-IGJpdCkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKO7o8t116VP6cgybTsZ
-DCZhr95nYlZuya3aCi1IKoztqwWnjbmDFIriOqGFPrZQ+moMETC9D59iRW/dFXSv
-1F65ka/XY2hLh9exCCo7XuUcDs53Qp3bI3AmMqHjgzE8oO3ajyJAzJkTTOUecQU2
-mw/gI4tMM0LqWMQS7luTy4+xAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAM7achv3v
-hLQJcv/65eGEpBXM40ZDVoFQFFJWaY5p883HTqLB1x4FdzsXHH0QKBTcKpWwqyu4
-YDm3fb8oDugw72bCzfyZK/zVZPR/hVlqI/fvU109Qoc+7oPvIXWky71HfcK6ZBCA
-q30KIqGM/uoM60INq97qjDmCJapagcNBGQs=
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQCju6PLddelT+nIMm07GQwmYa/eZ2JWbsmt2gotSCqM7asFp425
-gxSK4jqhhT62UPpqDBEwvQ+fYkVv3RV0r9ReuZGv12NoS4fXsQgqO17lHA7Od0Kd
-2yNwJjKh44MxPKDt2o8iQMyZE0zlHnEFNpsP4COLTDNC6ljEEu5bk8uPsQIDAQAB
-AoGAVZmpFZsDZfr0l2S9tLLwpjRWNOlKATQkno6q2WesT0eGLQufTciY+c8ypfU6
-hyio8r5iUl/VhhdjhAtKx1mRpiotftHo/eYf8rtsrnprOnWG0bWjLjtIoMbcxGn2
-J3bN6LJmbJMjDs0eJ3KnTu646F3nDUw2oGAwmpzKXA1KAP0CQQDRvQhxk2D3Pehs
-HvG665u2pB5ipYQngEFlZO7RHJZzJOZEWSLuuMqaF/7pTfA5jiBvWqCgJeCRRInL
-21ru4dlPAkEAx9jj7BgKn5TYnMoBSSe0afjsV9oApVpN1Nacb1YDtCwy+scp3++s
-nFxlv98wxIlSdpwMUn+AUWfjiWR7Tu/G/wJBAJ/KjwZIrFVxewP0x2ILYsTRYLzz
-MS4PDsO7FB+I0i7DbBOifXS2oNSpd3I0CNMwrxFnUHzynpbOStVfN3ZL5w0CQQCa
-pwFahxBRhkJKsxhjoFJBX9yl75JoY4Wvm5Tbo9ih6UJaRx3kqfkN14L2BKYcsZgb
-KY9vmDOYy6iNfjDeWTfJAkBkfPUb8oTJ/nSP5zN6sqGxSY4krc4xLxpRmxoJ8HL2
-XfhqXkTzbU13RX9JJ/NZ8vQN9Vm2NhxRGJocQkmcdVtJ
------END RSA PRIVATE KEY-----
------BEGIN X509 CERTIFICATE-----
-MIICYDCCAiACAgEoMAkGBSsOAwINBQAwfDELMAkGA1UEBhMCVVMxNjA0BgNVBAoT
-LU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZ
-MBcGA1UECxMQVGVzdCBFbnZpcm9ubWVudDEaMBgGA1UECxMRRFNTLU5BU0EtUGls
-b3QtQ0EwHhcNOTYwMjI2MTYzMjQ1WhcNOTcwMjI1MTYzMjQ1WjB8MQswCQYDVQQG
-EwJVUzE2MDQGA1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFk
-bWluaXN0cmF0aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MRowGAYDVQQL
-ExFEU1MtTkFTQS1QaWxvdC1DQTCB8jAJBgUrDgMCDAUAA4HkADCB4AJBAMA/ssKb
-hPNUG7ZlASfVwEJU21O5OyF/iyBzgHI1O8eOhJGUYO8cc8wDMjR508Mr9cp6Uhl/
-ZB7FV5GkLNEnRHYCQQDUEaSg45P2qrDwixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLb
-bn3QK74T2IxY1yY+kCNq8XrIqf5fJJzIH0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3
-fVd0geUCQQCzCFUQAh+ZkEmp5804cs6ZWBhrUAfnra8lJItYo9xPcXgdIfLfibcX
-R71UsyO77MRD7B0+Ag2tq794IleCVcEEMAkGBSsOAwINBQADLwAwLAIUUayDfreR
-Yh2WeU86/pHNdkUC1IgCFEfxe1f0oMpxJyrJ5XIxTi7vGdoK
------END X509 CERTIFICATE-----
------BEGIN X509 CERTIFICATE-----
-
-MIICGTCCAdgCAwCqTDAJBgUrDgMCDQUAMHwxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
-Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
-GTAXBgNVBAsTEFRlc3QgRW52aXJvbm1lbnQxGjAYBgNVBAsTEURTUy1OQVNBLVBp
-bG90LUNBMB4XDTk2MDUxNDE3MDE0MVoXDTk3MDUxNDE3MDE0MVowMzELMAkGA1UE
-BhMCQVUxDzANBgNVBAoTBk1pbmNvbTETMBEGA1UEAxMKRXJpYyBZb3VuZzCB8jAJ
-BgUrDgMCDAUAA4HkADCB4AJBAKbfHz6vE6pXXMTpswtGUec2tvnfLJUsoxE9qs4+
-ObZX7LmLvragNPUeiTJx7UOWZ5DfBj6bXLc8eYne0lP1g3ACQQDUEaSg45P2qrDw
-ixTRhFhmWz5Nvc4lRFQ/42XPcchiJBLbbn3QK74T2IxY1yY+kCNq8XrIqf5fJJzI
-H0J/xUP3AhUAsg2wsQHfDGYk/BOSulX3fVd0geUCQQCzCFUQAh+ZkEmp5804cs6Z
-WBhrUAfnra8lJItYo9xPcXgdIfLfibcXR71UsyO77MRD7B0+Ag2tq794IleCVcEE
-MAkGBSsOAwINBQADMAAwLQIUWsuuJRE3VT4ueWkWMAJMJaZjj1ECFQCYY0zX4bzM
-LC7obsrHD8XAHG+ZRG==
------END X509 CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIICTTCCAbagAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEwJHQjEM
-MAoGA1UEChMDVUNMMRgwFgYDVQQLEw9JQ0UtVEVMIFByb2plY3QxFTATBgNVBAMT
-DFRydXN0RmFjdG9yeTAeFw05NzA0MjIxNDM5MTRaFw05ODA0MjIxNDM5MTRaMEwx
-CzAJBgNVBAYTAkdCMQwwCgYDVQQKEwNVQ0wxGDAWBgNVBAsTD0lDRS1URUwgUHJv
-amVjdDEVMBMGA1UEAxMMVHJ1c3RGYWN0b3J5MIGcMAoGBFUIAQECAgQAA4GNADCB
-iQKBgQCEieR8NcXkUW1f0G6aC6u0i8q/98JqS6RxK5YmHIGKCkuTWAUjzLfUa4dt
-U9igGCjTuxaDqlzEim+t/02pmiBZT9HaX++35MjQPUWmsChcYU5WyzGErXi+rQaw
-zlwS73zM8qiPj/97lXYycWhgL0VaiDSPxRXEUdWoaGruom4mNQIDAQABo0IwQDAd
-BgNVHQ4EFgQUHal1LZr7oVg5z6lYzrhTgZRCmcUwDgYDVR0PAQH/BAQDAgH2MA8G
-A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAfaggfl6FZoioecjv0dq8
-/DXo/u11iMZvXn08gjX/zl2b4wtPbShOSY5FhkSm8GeySasz+/Nwb/uzfnIhokWi
-lfPZHtlCWtXbIy/TN51eJyq04ceDCQDWvLC2enVg9KB+GJ34b5c5VaPRzq8MBxsA
-S7ELuYGtmYgYm9NZOIr7yU0=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIB6jCCAZQCAgEtMA0GCSqGSIb3DQEBBAUAMIGAMQswCQYDVQQGEwJVUzE2MDQG
-A1UEChMtTmF0aW9uYWwgQWVyb25hdXRpY3MgYW5kIFNwYWNlIEFkbWluaXN0cmF0
-aW9uMRkwFwYDVQQLExBUZXN0IEVudmlyb25tZW50MR4wHAYDVQQLExVNRDUtUlNB
-LU5BU0EtUGlsb3QtQ0EwHhcNOTYwNDMwMjIwNTAwWhcNOTcwNDMwMjIwNTAwWjCB
-gDELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
-ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEZMBcGA1UECxMQVGVzdCBFbnZpcm9ubWVu
-dDEeMBwGA1UECxMVTUQ1LVJTQS1OQVNBLVBpbG90LUNBMFkwCgYEVQgBAQICAgAD
-SwAwSAJBALmmX5+GqAvcrWK13rfDrNX9UfeA7f+ijyBgeFQjYUoDpFqapw4nzQBL
-bAXug8pKkRwa2Zh8YODhXsRWu2F/UckCAwEAATANBgkqhkiG9w0BAQQFAANBAH9a
-OBA+QCsjxXgnSqHx04gcU8S49DVUb1f2XVoLnHlIb8RnX0k5O6mpHT5eti9bLkiW
-GJNMJ4L0AJ/ac+SmHZc=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIICajCCAdMCBDGA0QUwDQYJKoZIhvcNAQEEBQAwfTELMAkGA1UEBhMCQ2ExDzAN
-BgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmlsaXR5IEFjY2VwdGVkMR8w
-HQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRwwGgYDVQQDExNFbnRydXN0
-IERlbW8gV2ViIENBMB4XDTk2MDQyNjEzMzUwMVoXDTA2MDQyNjEzMzUwMVowfTEL
-MAkGA1UEBhMCQ2ExDzANBgNVBAcTBk5lcGVhbjEeMBwGA1UECxMVTm8gTGlhYmls
-aXR5IEFjY2VwdGVkMR8wHQYDVQQKExZGb3IgRGVtbyBQdXJwb3NlcyBPbmx5MRww
-GgYDVQQDExNFbnRydXN0IERlbW8gV2ViIENBMIGdMA0GCSqGSIb3DQEBAQUAA4GL
-ADCBhwKBgQCaroS7O1DA0hm4IefNYU1cx/nqOmzEnk291d1XqznDeF4wEgakbkCc
-zTKxK791yNpXG5RmngqH7cygDRTHZJ6mfCRn0wGC+AI00F2vYTGqPGRQL1N3lZT0
-YDKFC0SQeMMjFIZ1aeQigroFQnHo0VB3zWIMpNkka8PY9lxHZAmWwQIBAzANBgkq
-hkiG9w0BAQQFAAOBgQBAx0UMVA1s54lMQyXjMX5kj99FJN5itb8bK1Rk+cegPQPF
-cWO9SEWyEjjBjIkjjzAwBkaEszFsNGxemxtXvwjIm1xEUMTVlPEWTs2qnDvAUA9W
-YqhWbhH0toGT36236QAsqCZ76rbTRVSSX2BHyJwJMG2tCRv7kRJ//NIgxj3H4w==
------END CERTIFICATE-----
-
-issuer= /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
-subject=/C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test PCA (1024 bit)
------BEGIN CERTIFICATE-----
-MIICJzCCAZACAQAwDQYJKoZIhvcNAQEEBQAwXDELMAkGA1UEBhMCQVUxEzARBgNV
-BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYD
-VQQDExNUZXN0IFBDQSAoMTAyNCBiaXQpMB4XDTk3MDYwOTEzNTczN1oXDTAxMDYw
-OTEzNTczN1owXDELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQxGjAY
-BgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRwwGgYDVQQDExNUZXN0IFBDQSAoMTAy
-NCBiaXQpMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdoWk/3+WcMlfjIrkg
-40ketmnQaEogQe1LLcuOJV6rKfUSAsPgwgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp
-22Jp85PmemiDzyUIStwk72qhp1imbANZvlmlCFKiQrjUyuDfu4TABmn+kkt3vR1Y
-BEOGt+IFye1UBVSATVdRJ2UVhwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABNA1u/S
-Cg/LJZWb7GliiKJsvuhxlE4E5JxQF2zMub/CSNbF97//tYSyj96sxeFQxZXbcjm9
-xt6mr/xNLA4szNQMJ4P+L7b5e/jC5DSqlwS+CUYJgaFs/SP+qJoCSu1bR3IM9XWO
-cRBpDmcBbYLkSyB92WURvsZ1LtjEcn+cdQVI
------END CERTIFICATE-----
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQCdoWk/3+WcMlfjIrkg40ketmnQaEogQe1LLcuOJV6rKfUSAsPg
-wgsabJ/wn8TxA1yy3eKJbFl3OiUXMRsp22Jp85PmemiDzyUIStwk72qhp1imbANZ
-vlmlCFKiQrjUyuDfu4TABmn+kkt3vR1YBEOGt+IFye1UBVSATVdRJ2UVhwIDAQAB
-AoGAba4fTtuap5l7/8ZsbE7Z1O32KJY4ZcOZukLOLUUhXxXduT+FTgGWujc0/rgc
-z9qYCLlNZHOouMYTgtSfYvuMuLZ11VIt0GYH+nRioLShE59Yy+zCRyC+gPigS1kz
-xvo14AsOIPYV14Tk/SsHyq6E0eTk7VzaIE197giiINUERPECQQDSKmtPTh/lRKw7
-HSZSM0I1mFWn/1zqrAbontRQY5w98QWIOe5qmzYyFbPXYT3d9BzlsMyhgiRNoBbD
-yvohSHXJAkEAwAHx6ezAZeWWzD5yXD36nyjpkVCw7Tk7TSmOceLJMWt1QcrCfqlS
-xA5jjpQ6Z8suU5DdtWAryM2sAir1WisYzwJAd6Zcx56jvAQ3xcPXsE6scBTVFzrj
-7FqZ6E+cclPzfLQ+QQsyOBE7bpI6e/FJppY26XGZXo3YGzV8IGXrt40oOQJALETG
-h86EFXo3qGOFbmsDy4pdP5nBERCu8X1xUCSfintiD4c2DInxgS5oGclnJeMcjTvL
-QjQoJCX3UJCi/OUO1QJBAKgcDHWjMvt+l1pjJBsSEZ0HX9AAIIVx0RQmbFGS+F2Q
-hhu5l77WnnZOQ9vvhV5u7NPCUF9nhU3jh60qWWO8mkc=
------END RSA PRIVATE KEY-----
-subject=/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
-issuer= /C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
-notBefore=941104185834Z
-notAfter =991103185834Z
------BEGIN X509 CERTIFICATE-----
-
-MIICIzCCAZACBQJBAAAWMA0GCSqGSIb3DQEBAgUAMFwxCzAJBgNVBAYTAlVTMSAw
-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVy
-Y2lhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDQxODU4MzRaFw05
-OTExMDMxODU4MzRaMFwxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0YSBT
-ZWN1cml0eSwgSW5jLjErMCkGA1UECxMiQ29tbWVyY2lhbCBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCk+4Fie84QJ93o
-975sbsZwmdu41QUDaSiCnHJ/lj+O7Kwpkj+KFPhCdr69XQO5kNTQvAayUTNfxMK/
-touPmbZiImDd298ggrTKoi8tUO2UMt7gVY3UaOLgTNLNBRYulWZcYVI4HlGogqHE
-7yXpCuaLK44xZtn42f29O2nZ6wIDAQABMA0GCSqGSIb3DQEBAgUAA34AdrW2EP4j
-9/dZYkuwX5zBaLxJu7NJbyFHXSudVMQAKD+YufKKg5tgf+tQx6sFEC097TgCwaVI
-0v5loMC86qYjFmZsGySp8+x5NRhPJsjjr1BKx6cxa9B8GJ1Qv6km+iYrRpwUqbtb
-MJhCKLVLU7tDCZJAuqiqWqTGtotXTcU=
------END X509 CERTIFICATE-----
-subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
-issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
-notBefore=941109235417Z
-notAfter =991231235417Z
------BEGIN X509 CERTIFICATE-----
-
-MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
-IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
-Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
-YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
-roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
-aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
-HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
-iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
-suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
-cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
------END X509 CERTIFICATE-----
-subject=/C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
-	/OU=Certification Services Division/CN=Thawte Server CA
-	/Email=server-certs@thawte.com
-issuer= /C=ZA/SP=Western Cape/L=Cape Town/O=Thawte Consulting cc
-	/OU=Certification Services Division/CN=Thawte Server CA
-	/Email=server-certs@thawte.com
------BEGIN CERTIFICATE-----
-MIIC+TCCAmICAQAwDQYJKoZIhvcNAQEEBQAwgcQxCzAJBgNVBAYTAlpBMRUwEwYD
-VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
-VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
-dmljZXMgRGl2aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkq
-hkiG9w0BCQEWF3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMB4XDTk2MDcyNzE4MDc1
-N1oXDTk4MDcyNzE4MDc1N1owgcQxCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0
-ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMUVGhhd3RlIENv
-bnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2
-aXNpb24xGTAXBgNVBAMTEFRoYXd0ZSBTZXJ2ZXIgQ0ExJjAkBgkqhkiG9w0BCQEW
-F3NlcnZlci1jZXJ0c0B0aGF3dGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQDTpFBuyP9Wa+bPXbbqDGh1R6KqwtqEJfyo9EdR2oW1IHSUhh4PdcnpCGH1
-Bm0wbhUZAulSwGLbTZme4moMRDjN/r7jZAlwxf6xaym2L0nIO9QnBCUQly/nkG3A
-KEKZ10xD3sP1IW1Un13DWOHA5NlbsLjctHvfNjrCtWYiEtaHDQIDAQABMA0GCSqG
-SIb3DQEBBAUAA4GBAIsvn7ifX3RUIrvYXtpI4DOfARkTogwm6o7OwVdl93yFhDcX
-7h5t0XZ11MUAMziKdde3rmTvzUYIUCYoY5b032IwGMTvdiclK+STN6NP2m5nvFAM
-qJT5gC5O+j/jBuZRQ4i0AMYQr5F4lT8oBJnhgafw6PL8aDY2vMHGSPl9+7uf
------END CERTIFICATE-----
-
------BEGIN CERTIFICATE-----
-MIIDDTCCAnYCAQAwDQYJKoZIhvcNAQEEBQAwgc4xCzAJBgNVBAYTAlpBMRUwEwYD
-VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA1UEChMU
-VGhhd3RlIENvbnN1bHRpbmcgY2MxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2Vy
-dmljZXMgRGl2aXNpb24xITAfBgNVBAMTGFRoYXd0ZSBQcmVtaXVtIFNlcnZlciBD
-QTEoMCYGCSqGSIb3DQEJARYZcHJlbWl1bS1zZXJ2ZXJAdGhhd3RlLmNvbTAeFw05
-NjA3MjcxODA3MTRaFw05ODA3MjcxODA3MTRaMIHOMQswCQYDVQQGEwJaQTEVMBMG
-A1UECBMMV2VzdGVybiBDYXBlMRIwEAYDVQQHEwlDYXBlIFRvd24xHTAbBgNVBAoT
-FFRoYXd0ZSBDb25zdWx0aW5nIGNjMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNl
-cnZpY2VzIERpdmlzaW9uMSEwHwYDVQQDExhUaGF3dGUgUHJlbWl1bSBTZXJ2ZXIg
-Q0ExKDAmBgkqhkiG9w0BCQEWGXByZW1pdW0tc2VydmVyQHRoYXd0ZS5jb20wgZ8w
-DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANI2NmqL18JbntqBQWKPOO5JBFXW0O8c
-G5UWR+8YSDU6UvQragaPOy/qVuOvho2eF/eetGV1Ak3vywmiIVHYm9Bn0LoNkgYU
-c9STy5cqAJxcTgy8+hVS/PJEbtoRSm4Iny8t4/mqOoZztkZTWMiJBb2DEbhzP6oH
-jfRCTedAnRw3AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAutFIgTRZVYerIZfL9lvR
-w9Eifvvo5KTZ3h+Bj+VzNnyw4Qc/IyXkPOu6SIiH9LQ3sCmWBdxpe+qr4l77rLj2
-GYuMtESFfn1XVALzkYgC7JcPuTOjMfIiMByt+uFf8AV8x0IW/Qkuv+hEQcyM9vxK
-3VZdLbCVIhNoEsysrxCpxcI=
------END CERTIFICATE-----
-Tims test GCI CA
-
------BEGIN CERTIFICATE-----
-MIIB8DCCAZoCAQAwDQYJKoZIhvcNAQEEBQAwgYIxCzAJBgNVBAYTAkFVMRMwEQYD
-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
-cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2RldmVsb3BtZW50MRkwFwYDVQQDExBD
-cnlwdFNvZnQgRGV2IENBMB4XDTk3MDMyMjEzMzQwNFoXDTk4MDMyMjEzMzQwNFow
-gYIxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhC
-cmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxFDASBgNVBAsTC2Rl
-dmVsb3BtZW50MRkwFwYDVQQDExBDcnlwdFNvZnQgRGV2IENBMFwwDQYJKoZIhvcN
-AQEBBQADSwAwSAJBAOAOAqogG5QwAmLhzyO4CoRnx/wVy4NZP4dxJy83O1EnL0rw
-OdsamJKvPOLHgSXo3gDu9uVyvCf/QJmZAmC5ml8CAwEAATANBgkqhkiG9w0BAQQF
-AANBADRRS/GVdd7rAqRW6SdmgLJduOU2yq3avBu99kRqbp9A/dLu6r6jU+eP4oOA
-TfdbFZtAAD2Hx9jUtY3tfdrJOb8= 
------END CERTIFICATE-----
-
------BEGIN CERTIFICATE-----
-MIICVjCCAgACAQAwDQYJKoZIhvcNAQEEBQAwgbUxCzAJBgNVBAYTAkFVMRMwEQYD
-VQQIEwpRdWVlbnNsYW5kMREwDwYDVQQHEwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5
-cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsTI1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9O
-IEFVVEhPUklUSUVTMTQwMgYDVQQDEytaRVJPIFZBTFVFIENBIC0gREVNT05TVFJB
-VElPTiBQVVJQT1NFUyBPTkxZMB4XDTk3MDQwMzEzMjI1NFoXDTk4MDQwMzEzMjI1
-NFowgbUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNsYW5kMREwDwYDVQQH
-EwhCcmlzYmFuZTEaMBgGA1UEChMRQ3J5cHRTb2Z0IFB0eSBMdGQxLDAqBgNVBAsT
-I1dPUlRITEVTUyBDRVJUSUZJQ0FUSU9OIEFVVEhPUklUSUVTMTQwMgYDVQQDEyta
-RVJPIFZBTFVFIENBIC0gREVNT05TVFJBVElPTiBQVVJQT1NFUyBPTkxZMFwwDQYJ
-KoZIhvcNAQEBBQADSwAwSAJBAOZ7T7yqP/tyspcko3yPY1y0Cm2EmwNvzW4QgVXR
-Fjs3HmJ4xtSpXdo6mwcGezL3Abt/aQXaxv9PU8xt+Jr0OFUCAwEAATANBgkqhkiG
-9w0BAQQFAANBAOQpYmGgyCqCy1OljgJhCqQOu627oVlHzK1L+t9vBaMfn40AVUR4
-WzQVWO31KTgi5vTK1U+3h46fgUWqQ0h+6rU=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIAwgKADAgECAgEAMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNVBAcTCEludGVybmV0
-MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
-c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjA0MDgxMDIwMjda
-Fw05NzA0MDgxMDIwMjdaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5W
-ZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIElu
-ZGl2aWR1YWwgU3Vic2NyaWJlcjCAMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2
-FKbPTdAFDdjKI9BvqrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7j
-W80GqLd5HUQq7XPysVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cari
-QPJUObwW7s987LrbP2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABAAAAADANBgkqhkiG
-9w0BAQQFAAOBgQA+1nJryNt8VBRjRr07ArDAV/3jAH7GjDc9jsrxZS68ost9v06C
-TvTNKGL+LISNmFLXl+JXhgGB0JZ9fvyYzNgHQ46HBUng1H6voalfJgS2KdEo50wW
-8EFZYMDkT1k4uynwJqkVN2QJK/2q4/A/VCov5h6SlM8Affg2W+1TLqvqkwAA
------END CERTIFICATE-----
-
- subject=/L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
- issuer= /L=Internet/O=VeriSign, Inc./OU=VeriSign Class 2 CA - Individual Subscriber
-
------BEGIN CERTIFICATE-----
-MIIEkzCCA/ygAwIBAgIRANDTUpSRL3nTFeMrMayFSPAwDQYJKoZIhvcNAQECBQAw
-YjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQw
-MgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3Jp
-YmVyMB4XDTk2MDYwNDAwMDAwMFoXDTk4MDYwNDIzNTk1OVowYjERMA8GA1UEBxMI
-SW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJp
-U2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqG
-SIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0v5nb
-RsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp
-3bJncZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZv
-z+793wIDAQABo4ICRzCCAkMwggIpBgNVHQMBAf8EggIdMIICGTCCAhUwggIRBgtg
-hkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMg
-YnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRv
-LCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQg
-KENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQ
-Uy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29tOyBv
-ciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4sIE1v
-dW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04ODMw
-IENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0cyBS
-ZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJQUJJ
-TElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQECMC8w
-LRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMDAU
-BglghkgBhvhCAQEBAf8EBAMCAgQwDQYJKoZIhvcNAQECBQADgYEApRJRkNBqLLgs
-53IR/d18ODdLOWMTZ+QOOxBrq460iBEdUwgF8vmPRX1ku7UiDeNzaLlurE6eFqHq
-2zPyK5j60zfTLVJMWKcQWwTJLjHtXrW8pxhNtFc6Fdvy5ZkHnC/9NIl7/t4U6WqB
-p4y+p7SdMIkEwIZfds0VbnQyX5MRUJY=
------END CERTIFICATE-----
-
- subject=/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
- issuer= /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
------BEGIN CERTIFICATE-----
-MIICMTCCAZoCBQKhAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
-Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
-biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMyBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAyVxZ
-nvIbigEUtBDfBEDb41evakVAj4QMC9Ez2dkRz+4CWB8l9yqoRAWq7AMfeH+ek7ma
-AKojfdashaJjRcdyJ8z0TMZ1cdI5709C8HXfCpDGjiBvmA/4rCNfcCk2pMmG57Ga
-IMtTpYXnPb59mv4kRTPcdhXtD6JxZExlLoFoRacCAwEAATANBgkqhkiG9w0BAQIF
-AAOBgQB1Zmw+0c2B27X4LzZRtvdCvM1Cr9wO+hVs+GeTVzrrtpLotgHKjLeOQ7RJ
-Zfk+7r11Ri7J/CVdqMcvi5uPaM+0nJcYwE3vH9mvgrPmZLiEXIqaB1JDYft0nls6
-NvxMsvwaPxUupVs8G5DsiCnkWRb5zget7Ond2tIxik/W2O8XjQ==
------END CERTIFICATE-----
- subject=/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
- issuer= /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
------BEGIN CERTIFICATE-----
-MIICMTCCAZoCBQKmAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcw
-FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMg
-UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjAxMjkwMDAwMDBa
-Fw05OTEyMzEyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2ln
-biwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgNCBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZp
-Y2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0LJ1
-9njQrlpQ9OlQqZ+M1++RlHDo0iSQdomF1t+s5gEXMoDwnZNHvJplnR+Xrr/phnVj
-IIm9gFidBAydqMEk6QvlMXi9/C0MN2qeeIDpRnX57aP7E3vIwUzSo+/1PLBij0pd
-O92VZ48TucE81qcmm+zDO3rZTbxtm+gVAePwR6kCAwEAATANBgkqhkiG9w0BAQIF
-AAOBgQBT3dPwnCR+QKri/AAa19oM/DJhuBUNlvP6Vxt/M3yv6ZiaYch6s7f/sdyZ
-g9ysEvxwyR84Qu1E9oAuW2szaayc01znX1oYx7EteQSWQZGZQbE8DbqEOcY7l/Am
-yY7uvcxClf8exwI/VAx49byqYHwCaejcrOICdmHEPgPq0ook0Q==
------END CERTIFICATE-----
diff --git a/perl/ss.pl b/perl/ss.pl
deleted file mode 100644
index 6687d567d9..0000000000
--- a/perl/ss.pl
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$ssl_ctx=SSL::CTX->new("SSLv3_client");
-
-#$ssl_ctx->set_options("-info_callback" =>
-#	sub	{
-#		print STDERR $_[0]->state()."\n";
-#		}
-#	);
-
-$conn="localhost:4433";
-$conn=$ARGV[0] if $#ARGV >= 0;
-
-print $ssl_ctx."\n";
-$bio=BIO->new_buffer_ssl_connect($ssl_ctx);
-$bio->hostname($conn) || die $bio->error();
-
-#$bio->set_callback(
-#	sub	{
-#		my($bio,$state,$cmd,$buf,$lart,$ret)=@_;
-#		print STDERR "$state:$cmd\n";
-#		return($ret);
-#		}
-#	);
-
-#$b=$bio;
-#do	{
-#	print STDERR $b->type."\n";
-#	} while ($b=$b->next_bio);
-
-(($ret=$bio->syswrite("GET / HTTP/1.0\r\n\r\n")) > 0) || die $bio->error();
-$bio->flush;
-
-$data="";
-while (1)
-	{
-	$ret=$bio->getline;
-	$ret =~ s/[\r\n]//g;
-	print STDERR "$ret\n";
-	last if $ret eq "";
-	$server=$1 if $ret=~ /^Server: (.*)/;
-	}
-
-
-print "server is $server\n";
-$x509=$ssl->get_peer_certificate();
-print "version     :".$x509->get_version()."\n";
-print "serialNumber:".$x509->get_serialNumber()->bn2hex."\n";
-print "subject     :".$x509->get_subject_name()."\n";
-print "issuer      :". $x509->get_issuer_name()."\n";
-
-$c=$ssl->get_current_cipher;
-($i,$a)=$c->get_bits;
-$v=$c->get_version;
-$n=$c->get_name;
-
-$ssl=$bio->get_ssl();
-print "protocol=".$ssl->get_version."\n";
-print "bits=$i($a) cipher type=$v cipher=$n\n";
-
diff --git a/perl/ssl.pl b/perl/ssl.pl
deleted file mode 100644
index d38b84d68e..0000000000
--- a/perl/ssl.pl
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$ssl_ctx=SSL::CTX->new("SSLv3");
-
-#$ssl_ctx->set_options("-info_callback" =>
-#	sub	{
-#		print STDERR $_[0]->state()."\n";
-#		}
-#	);
-
-$conn="localhost:4433";
-$conn=$ARGV[0] if $#ARGV >= 0;
-$bio=BIO->new("connect");
-$bio->hostname($conn) || die $ssl->error();
-
-#$bbio=BIO->new("buffer");
-#$bbio->push($cbio);
-#$bio=$bbio;
-
-#$bio->set_callback(
-#	sub	{
-#		my($bio,$state,$cmd,$buf,$lart,$ret)=@_;
-#		print STDERR "$state:$cmd\n";
-#		return($ret);
-#		}
-#	);
-
-print STDERR "-1 ABCD\n";
-$ssl=$ssl_ctx->new_ssl;
-print STDERR "000 ABCD\n";
-$ssl->set_bio($bio);
-
-print STDERR "00 ABCD\n";
-(($ret=$ssl->connect()) > 0) || die $ssl->error();
-
-print STDERR "0 ABCD\n";
-
-(($ret=$ssl->syswrite("GET / HTTP/1.0\r\n\r\n")) > 0) || die $ssl->error();
-
-print STDERR "1 ABCD\n";
-$data="";
-while (1)
-	{
-print STDERR "2 ABCD\n";
-	$ret=$ssl->sysread($buf,1024);
-print STDERR "3 ABCD\n";
-	last if $ret <= 0;
-	$data.=$buf;
-	}
-
-print STDERR "4 ABCD\n";
-@a=split(/[\r]\n/,$data);
-($server)=grep(/^Server:/,@a);
-
-print "$server\n";
-$x509=$ssl->get_peer_certificate();
-print "subject:".$x509->get_subject_name()."\n";
-print "issuer:". $x509->get_issuer_name()."\n";
-
-$c=$ssl->get_current_cipher;
-($i,$a)=$c->get_bits;
-$v=$c->get_version;
-$n=$c->get_name;
-
-print "protocol=".$ssl->get_version."\n";
-print "bits=$i($a) cipher type=$v cipher=$n\n";
-
diff --git a/perl/ssl.txt b/perl/ssl.txt
deleted file mode 100644
index 63c52a0e1d..0000000000
--- a/perl/ssl.txt
+++ /dev/null
@@ -1,43 +0,0 @@
-SSL_CTX::new(method)
-	SSLv3
-	SSLv3_client
-	SSLv3_server
-	SSLv23
-	SSLv23_client
-	SSLv23_server
-	SSLv2
-	SSLv2_client
-	SSLv2_server
-
-SSL_CTX::use_PrivateKey_file(file[,type])
-	type eq "der" or "pem".  Default == 'pem'.
-
-SSL_CTX::set_options(...)
-	-info_callback	function
-
-SSL::new(SSL_CTX)
-
-SSL::connect(); returns 0, -1 or 1
-SSL::accept(); return 0, -1 or 1
-SSL::sysread(); as per sysread
-SSL::syswrite(); as per syswrite
-SSL::set_bio(bio);
-
-SSL::set_options(...)
-	-info_callback function
-	-connect_state
-	-accept_state
-
-SSL::state(); the state in numeric and text form.
-SSL::references(); debug stuff
-SSL::get_peer_certificate()
-SSL::do_handshake()
-SSL::renegotiate()
-SSL::shutdown()
-SSL::get_version()
-
-SSL::get_current_cipher();
-
-(key,alg)=SSL_CIPHER::get_bits();
-SSL_CIPHER::get_version();
-SSL_CIPHER::get_name();
diff --git a/perl/ssl.xs b/perl/ssl.xs
deleted file mode 100644
index 05834797e3..0000000000
--- a/perl/ssl.xs
+++ /dev/null
@@ -1,474 +0,0 @@
-#include "p5SSLeay.h"
-
-static int p5_ssl_ex_ssl_ptr=0;
-static int p5_ssl_ex_ssl_info_callback=0;
-static int p5_ssl_ex_ssl_ctx_ptr=0;
-static int p5_ssl_ctx_ex_ssl_info_callback=0;
-
-typedef struct ssl_ic_args_st {
-	SV *cb;
-	SV *arg;
-	} SSL_IC_ARGS;
-
-static void p5_ssl_info_callback(ssl,mode,ret)
-SSL *ssl;
-int mode;
-int ret;
-	{
-	int i;
-	SV *me,*cb;
-
-	me=(SV *)SSL_get_ex_data(ssl,p5_ssl_ex_ssl_ptr);
-	cb=(SV *)SSL_get_ex_data(ssl,p5_ssl_ex_ssl_info_callback);
-	if (cb == NULL)
-		cb=(SV *)SSL_CTX_get_ex_data(
-			SSL_get_SSL_CTX(ssl),p5_ssl_ctx_ex_ssl_info_callback);
-	if (cb != NULL)
-		{
-		dSP;
-
-		PUSHMARK(sp);
-		XPUSHs(me);
-		XPUSHs(sv_2mortal(newSViv(mode)));
-		XPUSHs(sv_2mortal(newSViv(ret)));
-		PUTBACK;
-
-		i=perl_call_sv(cb,G_DISCARD);
-		}
-	else
-		{
-		croak("Internal error in SSL p5_ssl_info_callback");
-		}
-	}
-
-int boot_ssl()
-	{
-	p5_ssl_ex_ssl_ptr=		
-		SSL_get_ex_new_index(0,"SSLeay::SSL",ex_new,NULL,ex_cleanup);
-	p5_ssl_ex_ssl_info_callback=
-		SSL_get_ex_new_index(0,"ssl_info_callback",NULL,NULL,
-			ex_cleanup);
-	p5_ssl_ex_ssl_ctx_ptr=
-		SSL_get_ex_new_index(0,"ssl_ctx_ptr",NULL,NULL,
-			ex_cleanup);
-	p5_ssl_ctx_ex_ssl_info_callback=
-		SSL_CTX_get_ex_new_index(0,"ssl_ctx_info_callback",NULL,NULL,
-			ex_cleanup);
-	return(1);
-	}
-
-MODULE =  SSLeay::SSL	PACKAGE = SSLeay::SSL::CTX PREFIX = p5_SSL_CTX_
-
-VERSIONCHECK: DISABLE
-
-void
-p5_SSL_CTX_new(...)
-	PREINIT:
-		SSL_METHOD *meth;
-		SSL_CTX *ctx;
-		char *method;
-	PPCODE:
-		pr_name("p5_SSL_CTX_new");
-		if ((items == 1) && SvPOK(ST(0)))
-			method=SvPV(ST(0),na);
-		else if ((items == 2) && SvPOK(ST(1)))
-			method=SvPV(ST(1),na);
-		else
-			croak("Usage: SSLeay::SSL_CTX::new(type)");
-			
-		if (strcmp(method,"SSLv3") == 0)
-			meth=SSLv3_method();
-		else if (strcmp(method,"SSLv3_client") == 0)
-			meth=SSLv3_client_method();
-		else if (strcmp(method,"SSLv3_server") == 0)
-			meth=SSLv3_server_method();
-		else if (strcmp(method,"SSLv23") == 0)
-			meth=SSLv23_method();
-		else if (strcmp(method,"SSLv23_client") == 0)
-			meth=SSLv23_client_method();
-		else if (strcmp(method,"SSLv23_server") == 0)
-			meth=SSLv23_server_method();
-		else if (strcmp(method,"SSLv2") == 0)
-			meth=SSLv2_method();
-		else if (strcmp(method,"SSLv2_client") == 0)
-			meth=SSLv2_client_method();
-		else if (strcmp(method,"SSLv2_server") == 0)
-			meth=SSLv2_server_method();
-		else
-			{
-			croak("Not passed a valid SSL method name, should be 'SSLv[23] [client|server]'");
-			}
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ctx=SSL_CTX_new(meth);
-		sv_setref_pv(ST(0), "SSLeay::SSL::CTX", (void*)ctx);
-
-int
-p5_SSL_CTX_use_PrivateKey_file(ctx,file,...)
-	SSL_CTX *ctx;
-	char *file;
-	PREINIT:
-		int i=SSL_FILETYPE_PEM;
-		char *ptr;
-	CODE:
-		pr_name("p5_SSL_CTX_use_PrivateKey_file");
-		if (items > 3)
-			croak("SSLeay::SSL::CTX::use_PrivateKey_file(ssl_ctx,file[,type])");
-		if (items == 3)
-			{
-			ptr=SvPV(ST(2),na);
-			if (strcmp(ptr,"der") == 0)
-				i=SSL_FILETYPE_ASN1;
-			else
-				i=SSL_FILETYPE_PEM;
-			}
-		RETVAL=SSL_CTX_use_RSAPrivateKey_file(ctx,file,i);
-	OUTPUT:
-		RETVAL
-
-int
-p5_SSL_CTX_set_options(ctx,...)
-	SSL_CTX *ctx;
-	PREINIT:
-		int i;
-		char *ptr;
-		SV *sv;
-	CODE:
-		pr_name("p5_SSL_CTX_set_options");
-
-		for (i=1; i<items; i++)
-			{
-			if (!SvPOK(ST(i)))
-				croak("Usage: SSLeay::SSL_CTX::set_options(ssl_ctx[,option,value]+)");
-			ptr=SvPV(ST(i),na);
-			if (strcmp(ptr,"-info_callback") == 0)
-				{
-				SSL_CTX_set_info_callback(ctx,
-					p5_ssl_info_callback);
-				sv=sv_mortalcopy(ST(i+1));
-				SvREFCNT_inc(sv);
-				SSL_CTX_set_ex_data(ctx,
-					p5_ssl_ctx_ex_ssl_info_callback,
-						(char *)sv);
-				i++;
-				}
-			else
-				{
-				croak("SSLeay::SSL_CTX::set_options(): unknown option");
-				}
-			}
-
-void
-p5_SSL_CTX_DESTROY(ctx)
-	SSL_CTX *ctx
-	PREINIT:
-		SV *sv;
-	PPCODE:
-		pr_name_d("p5_SSL_CTX_DESTROY",ctx->references);
-		SSL_CTX_free(ctx);
-
-MODULE =  SSLeay::SSL	PACKAGE = SSLeay::SSL PREFIX = p5_SSL_
-
-void
-p5_SSL_new(...)
-	PREINIT:
-		SV *sv_ctx;
-		SSL_CTX *ctx;
-		SSL *ssl;
-		int i;
-		SV *arg;
-	PPCODE:
-		pr_name("p5_SSL_new");
-		if ((items != 1) && (items != 2))
-			croak("Usage: SSLeay::SSL::new(ssl_ctx)");
-		if (sv_derived_from(ST(items-1),"SSLeay::SSL::CTX"))
-			{
-			IV tmp = SvIV((SV*)SvRV(ST(items-1)));
-			ctx=(SSL_CTX *)tmp;
-			sv_ctx=ST(items-1);
-			}
-		else
-			croak("ssl_ctx is not of type SSLeay::SSL::CTX");
-
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		ssl=SSL_new(ctx);
-		sv_setref_pv(ST(0), "SSLeay::SSL", (void*)ssl);
-
-		/* Now this is being a little hairy, we keep a pointer to
-		 * our perl reference.  We need to do a different one
-		 * to the one we return because it will have it's reference
-		 * count droped to 0 apon return and if we up its reference
-		 * count, it will never be DESTROYED */
-		arg=newSVsv(ST(0));
-		SSL_set_ex_data(ssl,p5_ssl_ex_ssl_ptr,(char *)arg);
-		SvREFCNT_inc(sv_ctx);
-		SSL_set_ex_data(ssl,p5_ssl_ex_ssl_ctx_ptr,(char *)sv_ctx);
-
-int
-p5_SSL_connect(ssl)
-	SSL *ssl;
-	CODE:
-		RETVAL=SSL_connect(ssl);
-	OUTPUT:
-		RETVAL
-
-int
-p5_SSL_accept(ssl)
-	SSL *ssl;
-	CODE:
-		RETVAL=SSL_connect(ssl);
-	OUTPUT:
-		RETVAL
-
-int
-p5_SSL_sysread(ssl,in,num, ...)
-	SSL *ssl;
-	SV *in;
-	int num;
-	PREINIT:
-		int i,n,olen;
-		int offset;
-		char *p;
-	CODE:
-		offset=0;
-		if (!SvPOK(in))
-			sv_setpvn(in,"",0);
-		SvPV(in,olen);
-		if (items > 3)
-			{
-			offset=SvIV(ST(3));
-			if (offset < 0)
-				{
-				if (-offset > olen)
-					croak("Offset outside string");
-				offset+=olen;
-				}
-			}
-		if ((num+offset) > olen)
-			{
-			SvGROW(in,num+offset+1);
-			p=SvPV(in,i);
-			memset(&(p[olen]),0,(num+offset)-olen+1);
-			}
-		p=SvPV(in,n);
-
-		i=SSL_read(ssl,p+offset,num);
-		RETVAL=i;
-		if (i <= 0) i=0;
-		SvCUR_set(in,offset+i);
-	OUTPUT:
-		RETVAL
-
-int
-p5_SSL_syswrite(ssl,in, ...)
-	SSL *ssl;
-	SV *in;
-	PREINIT:
-		char *ptr;
-		int len,in_len;
-		int offset=0;
-		int n;
-	CODE:
-		ptr=SvPV(in,in_len);
-		if (items > 2)
-			{
-			len=SvOK(ST(2))?SvIV(ST(2)):in_len;
-			if (items > 3)
-				{
-				offset=SvIV(ST(3));
-				if (offset < 0)
-					{
-					if (-offset > in_len)
-						croak("Offset outside string");
-					offset+=in_len;
-					}
-				else if ((offset >= in_len) && (in_len > 0))
-					croak("Offset outside string");
-				}
-			if (len >= (in_len-offset))
-				len=in_len-offset;
-			}
-		else
-			len=in_len;
-
-		RETVAL=SSL_write(ssl,ptr+offset,len);
-	OUTPUT:
-		RETVAL
-
-void
-p5_SSL_set_bio(ssl,bio)
-	SSL *ssl;
-	BIO *bio;
-	CODE:
-		bio->references++;
-		SSL_set_bio(ssl,bio,bio);
-
-int
-p5_SSL_set_options(ssl,...)
-	SSL *ssl;
-	PREINIT:
-		int i;
-		char *ptr;
-		SV *sv;
-	CODE:
-		pr_name("p5_SSL_set_options");
-
-		for (i=1; i<items; i++)
-			{
-			if (!SvPOK(ST(i)))
-				croak("Usage: SSLeay::SSL::set_options(ssl[,option,value]+)");
-			ptr=SvPV(ST(i),na);
-			if (strcmp(ptr,"-info_callback") == 0)
-				{
-				SSL_set_info_callback(ssl,
-					p5_ssl_info_callback);
-				sv=sv_mortalcopy(ST(i+1));
-				SvREFCNT_inc(sv);
-				SSL_set_ex_data(ssl,
-					p5_ssl_ex_ssl_info_callback,(char *)sv);
-				i++;
-				}
-			else if (strcmp(ptr,"-connect_state") == 0)
-				{
-				SSL_set_connect_state(ssl);
-				}
-			else if (strcmp(ptr,"-accept_state") == 0)
-				{
-				SSL_set_accept_state(ssl);
-				}
-			else
-				{
-				croak("SSLeay::SSL::set_options(): unknown option");
-				}
-			}
-
-void
-p5_SSL_state(ssl)
-	SSL *ssl;
-	PREINIT:
-		int state;
-	PPCODE:
-		pr_name("p5_SSL_state");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		state=SSL_state(ssl);
-		sv_setpv(ST(0),SSL_state_string_long(ssl));
-		sv_setiv(ST(0),state);
-		SvPOK_on(ST(0));
-
-void
-p5_SSL_DESTROY(ssl)
-	SSL *ssl;
-	CODE:
-	pr_name_dd("p5_SSL_DESTROY",ssl->references,ssl->ctx->references);
-	fprintf(stderr,"SSL_DESTROY %d\n",ssl->references);
-	SSL_free(ssl);
-
-int
-p5_SSL_references(ssl)
-	SSL *ssl;
-	CODE:
-		RETVAL=ssl->references;
-	OUTPUT:
-		RETVAL
-
-int
-p5_SSL_do_handshake(ssl)
-	SSL *ssl;
-	CODE:
-		RETVAL=SSL_do_handshake(ssl);
-	OUTPUT:
-		RETVAL
-
-int
-p5_SSL_renegotiate(ssl)
-	SSL *ssl;
-	CODE:
-		RETVAL=SSL_renegotiate(ssl);
-	OUTPUT:
-		RETVAL
-
-int
-p5_SSL_shutdown(ssl)
-	SSL *ssl;
-	CODE:
-		RETVAL=SSL_shutdown(ssl);
-	OUTPUT:
-		RETVAL
-
-char *
-p5_SSL_get_version(ssl)
-	SSL *ssl;
-	CODE:
-		RETVAL=SSL_get_version(ssl);
-	OUTPUT:
-		RETVAL
-
-SSL_CIPHER *
-p5_SSL_get_current_cipher(ssl)
-	SSL *ssl;
-	CODE:
-		RETVAL=SSL_get_current_cipher(ssl);
-	OUTPUT:
-		RETVAL
-
-X509 *
-p5_SSL_get_peer_certificate(ssl)
-	SSL *ssl
-	CODE:
-		RETVAL=SSL_get_peer_certificate(ssl);
-	OUTPUT:
-		RETVAL
-
-MODULE =  SSLeay::SSL	PACKAGE = SSLeay::SSL::CIPHER PREFIX = p5_SSL_CIPHER_
-
-int
-p5_SSL_CIPHER_get_bits(sc)
-	SSL_CIPHER *sc
-	PREINIT:
-		int i,ret;
-	PPCODE:
-		EXTEND(sp,2);
-		PUSHs(sv_newmortal());
-		PUSHs(sv_newmortal());
-		ret=SSL_CIPHER_get_bits(sc,&i);
-		sv_setiv(ST(0),(IV)ret);
-		sv_setiv(ST(1),(IV)i);
-
-char *
-p5_SSL_CIPHER_get_version(sc)
-	SSL_CIPHER *sc
-	CODE:
-		RETVAL=SSL_CIPHER_get_version(sc);
-	OUTPUT:
-		RETVAL
-
-char *
-p5_SSL_CIPHER_get_name(sc)
-	SSL_CIPHER *sc
-	CODE:
-		RETVAL=SSL_CIPHER_get_name(sc);
-	OUTPUT:
-		RETVAL
-
-MODULE =  SSLeay::SSL	PACKAGE = SSLeay::BIO PREFIX = p5_BIO_
-
-void
-p5_BIO_get_ssl(bio)
-	BIO *bio;
-	PREINIT:
-		SSL *ssl;
-		SV *ret;
-		int i;
-	PPCODE:
-		if ((i=BIO_get_ssl(bio,&ssl)) > 0)
-			{
-			ret=(SV *)SSL_get_ex_data(ssl,p5_ssl_ex_ssl_ptr);
-			ret=sv_mortalcopy(ret);
-			}
-		else
-			ret= &sv_undef;
-		EXTEND(sp,1);
-		PUSHs(ret);
-
diff --git a/perl/ssl_srvr.pl b/perl/ssl_srvr.pl
deleted file mode 100644
index 419402f12b..0000000000
--- a/perl/ssl_srvr.pl
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$ssl_ctx=SSL::CTX->new("SSLv3");
-
-$ssl_ctx->set_options("-info_callback" =>
-	sub	{
-		print STDERR $_[0]->state()."\n";
-		}
-	);
-
-$ssl_ctx->use_PrivateKey_file("server.pem");
-
-$conn="localhost:4433";
-$conn=$ARGV[0] if $#ARGV >= 0;
-$bio=BIO->new("connect");
-$bio->hostname($conn) || die $ssl->error();
-
-$ssl=$ssl_ctx->new_ssl;
-$ssl->set_bio($bio);
-
-(($ret=$ssl->connect()) > 0) || die $ssl->error();
-
-(($ret=$ssl->write("GET / HTTP/1.0\r\n\r\n")) > 0) || die $ssl->error();
-
-while (1)
-	{
-	$ret=$ssl->read($buf,10240);
-	last if ($ret <= 0);
-	print $buf;
-	}
-
diff --git a/perl/sslbio.pl b/perl/sslbio.pl
deleted file mode 100644
index fd80ad8584..0000000000
--- a/perl/sslbio.pl
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$ssl_ctx=SSL::CTX->new("SSLv3");
-
-#$ssl_ctx->set_options("-info_callback" =>
-#	sub	{
-#		print STDOUT $_[0]->state()."\n";
-#		}
-#	);
-
-# create a ssl bio
-$bssl=BIO->new("ssl");
-$bssl->set_ssl($ssl_ctx->new_ssl()) || die $bssl->error();
-$bssl->get_ssl->set_options("-connect_state") || die $ssl->error();
-
-$bssl->set_callback(sub { printf "XXXXXXXXXXXXXXXXXXXXXX %d %s\n",$_[1],$_[0]->type; });
-
-# create connect bio
-$host="localhost:4433";
-$host=$ARGV[0] if $#ARGV >= 0;
-$bio=BIO->new("connect");
-$bio->hostname($host) || die $bio->error();
-
-# push it in
-$bssl->push($bio);
-
-(($ret=$bssl->write("GET / HTTP/1.0\r\n\r\n")) > 0) || die $bssl->error();
-
-while (1)
-	{
-	$ret=$bssl->read($buf,10240);
-	last if ($ret <= 0);
-	print $buf;
-	}
-
-
diff --git a/perl/t.pl b/perl/t.pl
deleted file mode 100644
index 650d0efb0b..0000000000
--- a/perl/t.pl
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$a=SSLeay::BN::dec2bn("1231353465324563455");
-print "a=$a\n".$a->bn2dec."\n";
-$b=SSLeay::BN::dec2bn("98790816238765235");
-print "a=$a\nb=$b\n";
-print $a->gcd($b)."\n";
-
diff --git a/perl/test b/perl/test
deleted file mode 100644
index 3977c48865..0000000000
--- a/perl/test
+++ /dev/null
@@ -1,32 +0,0 @@
-30373b8dbfc38d360bda81fad2fb462e  8  0  8 des-ecb
-a5f61a73a0894979d46c2481e9f27151  8  8  1 des-cfb
-a64a08dc69e79becccde95bed6239fca  8  8  1 des-ofb
-553d168193e54100524541f2c473b705  8  8  8 des-cbc
-bb75383e4aad6d83418dde16c6cea6f5 16  0  8 des-ede
-3ea71cd9a2e50d82d66b433e9471eeb2 16  8  1 des-ede-cfb
-3d56b76d43dc8d51647773bc9719a355 16  8  1 des-ede-ofb
-eafa89aae63167b9798639c0e31223b4 16  8  8 des-ede-cbc
-a952f8c409fb0df75a7df1aa54ba30b8 24  0  8 des-ede3
-0badccc43a14d8503d33f32a2345bbd2 24  8  1 des-ede3-cfb
-bae638c0e33850d02c792ed0e3d6b600 24  8  1 des-ede3-ofb
-ec4522bbefabf0198126683e661325e2 24  8  8 des-ede3-cbc
-4431f05d198d8afc003aeec85bea01b9 24  8  8 desx-cbc
-606af8d6f30c1fd9c647df5eb716ae0f 16  0  1 rc4
-4aaaf7e4bc3fd2caa6318a4852f636f4  5  0  1 rc4-40
-77e0851e8c96c4a1e26140d1ec822036 16  0  8 idea-ecb
-a28e51e283519fde0e128bcb697bc23e 16  8  1 idea-cfb
-17d0e70f07de6c08e9673d52987599ab 16  8  1 idea-ofb
-0687cf6ca11ee45f8bf9c29525405a4d 16  8  8 idea-cbc
-e2268681a63198fe38282b0a1bb6ed36 16  0  8 rc2-ecb
-f48748e6386790e639bbee4fccaa5067 16  8  8 rc2-cbc
-f250cfe829ef797d6866e32526ec4fe4  5  8  8 rc2-40-cbc
-a372f970b6c346341a2899bb872a7349 16  8  1 rc2-cfb
-d2da66102dea6b833f0fbf71e2cb4988 16  8  1 rc2-ofb
-237b0ef0e4f7fb28a5708d59773caecf 16  0  8 bf-ecb
-c58cf5da90472caf0f0b7fafb0590977 16  8  1 bf-cfb
-1f3e49e2e27f9ad177a6a64b09d361ed 16  8  1 bf-ofb
-66acaf2cb5f301580c59fa17d005b716 16  8  8 bf-cbc
-3548c9fe9fcd13f647ae177a15915af9 16  0  8 cast5-ecb
-e8d074ad8cc0d3d828da80ab18452f91 16  8  1 cast5-cfb
-5331eb4351c2048c27c8a8901fd29e20 16  8  1 cast5-ofb
-8033607fdb68598cc62c379af218eeeb 16  8  8 cast5-cbc
diff --git a/perl/test.pl b/perl/test.pl
deleted file mode 100644
index 350b1a96fa..0000000000
--- a/perl/test.pl
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-($a=SSLeay::BN::new()) || die "unable to make bignum\n";
-($b=SSLeay::BN::new()) || die "unable to make bignum\n";
-
-$a=SSLeay::BN::hex2bn("123456789ABCDEF");
-$b=SSLeay::BN::hex2bn("123456789ABCDEF");
-$mod=SSLeay::BN::hex2bn("fedcba9876543201");
-$c=SSLeay::BN::hex2bn("1234");
-
-print "a=".$a->bn2hex()."\n";
-print "b=".$b->bn2hex()."\n";
-print "c=".$c->bn2hex()."\n";
-
-print $a->mul($b)->bn2hex."\n";
-($d,$r)=$b->div($c);
-print "($d)($r)\n";
-printf "%s x %s + %s\n",$c->bn2hex,$d->bn2hex,$r->bn2hex;
-
-$g=$d;
-
-for (;;)
-	{
-	$a=$a->mod_mul($a,$mod);
-	print $a->bn2hex."\n";
-	}
diff --git a/perl/test.txt b/perl/test.txt
deleted file mode 100644
index ff37ffd09b..0000000000
--- a/perl/test.txt
+++ /dev/null
@@ -1,36 +0,0 @@
-30373b8dbfc38d360bda81fad2fb462e  8  0  8 des-ecb
-a5f61a73a0894979d46c2481e9f27151  8  8  1 des-cfb
-a64a08dc69e79becccde95bed6239fca  8  8  1 des-ofb
-553d168193e54100524541f2c473b705  8  8  8 des-cbc
-bb75383e4aad6d83418dde16c6cea6f5 16  0  8 des-ede
-3ea71cd9a2e50d82d66b433e9471eeb2 16  8  1 des-ede-cfb
-3d56b76d43dc8d51647773bc9719a355 16  8  1 des-ede-ofb
-eafa89aae63167b9798639c0e31223b4 16  8  8 des-ede-cbc
-a952f8c409fb0df75a7df1aa54ba30b8 24  0  8 des-ede3
-0badccc43a14d8503d33f32a2345bbd2 24  8  1 des-ede3-cfb
-bae638c0e33850d02c792ed0e3d6b600 24  8  1 des-ede3-ofb
-ec4522bbefabf0198126683e661325e2 24  8  8 des-ede3-cbc
-4431f05d198d8afc003aeec85bea01b9 24  8  8 desx-cbc
-606af8d6f30c1fd9c647df5eb716ae0f 16  0  1 rc4
-4aaaf7e4bc3fd2caa6318a4852f636f4  5  0  1 rc4-40
-77e0851e8c96c4a1e26140d1ec822036 16  0  8 idea-ecb
-a28e51e283519fde0e128bcb697bc23e 16  8  1 idea-cfb
-17d0e70f07de6c08e9673d52987599ab 16  8  1 idea-ofb
-0687cf6ca11ee45f8bf9c29525405a4d 16  8  8 idea-cbc
-e2268681a63198fe38282b0a1bb6ed36 16  0  8 rc2-ecb
-f48748e6386790e639bbee4fccaa5067 16  8  8 rc2-cbc
-f250cfe829ef797d6866e32526ec4fe4  5  8  8 rc2-40-cbc
-a372f970b6c346341a2899bb872a7349 16  8  1 rc2-cfb
-d2da66102dea6b833f0fbf71e2cb4988 16  8  1 rc2-ofb
-237b0ef0e4f7fb28a5708d59773caecf 16  0  8 bf-ecb
-c58cf5da90472caf0f0b7fafb0590977 16  8  1 bf-cfb
-1f3e49e2e27f9ad177a6a64b09d361ed 16  8  1 bf-ofb
-66acaf2cb5f301580c59fa17d005b716 16  8  8 bf-cbc
-3548c9fe9fcd13f647ae177a15915af9 16  0  8 cast5-ecb
-e8d074ad8cc0d3d828da80ab18452f91 16  8  1 cast5-cfb
-5331eb4351c2048c27c8a8901fd29e20 16  8  1 cast5-ofb
-8033607fdb68598cc62c379af218eeeb 16  8  8 cast5-cbc
-e3a6760eb5e79bf4063cf0791e99842d 16  0  8 rc5-ecb
-2f5eab0d0992dcce8615a5a60966391a 16  8  1 rc5-cfb
-c5893e49e73342db2957b83b70f23e27 16  8  1 rc5-ofb
-683ce60c8b7bf028ec0d3dc0f018a1a4 16  8  8 rc5-cbc
diff --git a/perl/test2.pl b/perl/test2.pl
deleted file mode 100644
index 741d3adcdd..0000000000
--- a/perl/test2.pl
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-@md=();
-($c=SSLeay::Cipher::new("idea")) ||
-	die "'des' is an unknown cipher algorithm\n";
-
-printf "name      =%s\n" ,$c->name();
-printf "key length=%2d\n",$c->key_length();
-printf "iv length =%2d\n",$c->iv_length();
-printf "block size=%2d\n",$c->block_size();
-
-$data="1234";
-$c->init("01234567","abcdefgh",1);
-$in=$c->update($data);
-$in.=$c->final();
-
-$c->init("01234567","abcdefgh",0);
-$out=$c->update($in);
-$out.=$c->final();
-print $data;
-print " -> ";
-print $out;
-print "\n";
-
diff --git a/perl/test3.pl b/perl/test3.pl
deleted file mode 100644
index 8ee262a08e..0000000000
--- a/perl/test3.pl
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-@md=();
-($c=SSLeay::Cipher::new("idea")) ||
-	die "'des' is an unknown cipher algorithm\n";
-
-$key=" ";
-$iv=" ";
-$c->init($key,$iv,0);
-while (<>)
-	{
-	print $c->update($_);
-	}
-print $c->final();
-
diff --git a/perl/test8.pl b/perl/test8.pl
deleted file mode 100644
index 86d356dc51..0000000000
--- a/perl/test8.pl
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-# 2687145 * 3003 * 10^5072 - 1. 
-
-$a=SSLeay::BN::set_word(99);
-$b=SSLeay::BN::set_word(100);
-
-$aa=$a->dup;
-$bb=$b->dup;
-
-$c=$a*$b;
-$bb+=$a;
-
-print "$a*$b=$c\n";
-print "$bb\n";
diff --git a/perl/test9.pl b/perl/test9.pl
deleted file mode 100644
index ccc28005ac..0000000000
--- a/perl/test9.pl
+++ /dev/null
@@ -1,38 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-# 2687145 * 3003 * 10^5072 - 1. 
-
-$a=SSLeay::BN::set_word(2687145);
-$b=SSLeay::BN::set_word(3003);
-$c=SSLeay::BN::set_word(10);
-$d=SSLeay::BN::set_word(5072);
-$e=SSLeay::BN::set_word(1);
-
-print $a->bn2hex()."\n";
-print $b->bn2hex()."\n";
-print $c->bn2hex()."\n";
-print $d->bn2hex()."\n";
-print $e->bn2hex()."\n";
-
-$f=(($a->mul($b)->mul($c->exp($d)))->sub($e));
-#print "$a $b\n";
-
-$c=$a->mul($b);
-print "1->".$c->bn2hex()." \n";
-
-$c=$a*$b;
-print "2->".$c->bn2hex()." \n";
-$a*=$b;
-print "3->$a\n";
-
-print $f->bn2hex()." $a\n";
-print $a."\n";
-
-print "$a=(($b*$c)/$d);\n";
-$a=(($b*$c)/$d);
-print "$a\n";
-
diff --git a/perl/testbn.pl b/perl/testbn.pl
deleted file mode 100644
index a71f60c52c..0000000000
--- a/perl/testbn.pl
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$num ="a43f6a8885a308d313198a2e03707344a4093822";
-$num.="299f31d0082efa98ec4e6c89452821e638d01377";
-$num.="be5466cf34e90c6cc0ac29b7c97c50dd3f84d5b5";
-$num.="b54709179216d5d98979fb1bd1310ba698dfb5ac";
-$num.="2ffd72dbd01adfb7b8e1afed6a267e96ba7c9045";
-$num.="f12c7f9924a19947b3916cf70801f2e2858efc16";
-$num.="636920d871574e69a458fea3f4933d7e0d95748f";
-$num.="728eb658718bcd5882154aee7b54a41dc25a59b5";
-$num.="9c30d5392af26013c5d1b023286085f0ca417918";
-$num.="b8db38ef8e79dcb0603a180e6c9e0e8bb01e8a3e";
-$num.="d71577c1bd314b2778af2fda55605c60e65525f3";
-$num.="aa55ab945748986263e8144055ca396a2aab10b6";
-$num.="b4cc5c341141e8cea15486af7c8f14a7";
-
-$a=SSLeay::BN::hex2bn($num);
-print "num bits =".$a->num_bits."\n";
-print $a->is_prime(50,sub {print STDERR $_[0]?"+":"."})."\n";
diff --git a/perl/testdec.pl b/perl/testdec.pl
deleted file mode 100644
index 287332009b..0000000000
--- a/perl/testdec.pl
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$a=SSLeay::BN::dec2bn("1234");
-
-foreach (1..4)
-	{
-	$a*=$a;
-	print $a."\n",$a->bn2dec()."\n";
-	}
-
diff --git a/perl/testmd.pl b/perl/testmd.pl
deleted file mode 100644
index a17ac6b90c..0000000000
--- a/perl/testmd.pl
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-@md=();
-foreach ("md2", "md5", "sha", "sha1", "mdc2", "ripemd160")
-	{
-	($f=MD->new($_)) ||
-		die "$_ is an unknown message digest algorithm\n";
-	push(@md,$f);
-	}
-
-while (<>)
-	{
-	foreach $md (@md)
-		{ $md->update($_); }
-	}
-
-foreach (@md)
-	{
-	$digest=$_->final();
-	printf "%-4s=%s\n",$_->name(),unpack("H*",$digest);
-	}
-
diff --git a/perl/tt.pl b/perl/tt.pl
deleted file mode 100644
index 31febc7d25..0000000000
--- a/perl/tt.pl
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-for ($i=1; $i<1000; $i++)
-	{
-	$a.=$i%10;
-	$y=SSLeay::BN::dec2bn($a);
-	$z=SSLeay::BN::bn2dec($y);
-
-	print "$a\n$y\n$z\n";
-	}
-
diff --git a/perl/typemap b/perl/typemap
deleted file mode 100644
index 5226fbc369..0000000000
--- a/perl/typemap
+++ /dev/null
@@ -1,96 +0,0 @@
-
-datum			T_DATUM
-EVP_MD_CTX *		T_MD_CTX
-EVP_CIPHER_CTX *	T_CIPHER_CTX
-BIGNUM *		T_BIGNUM
-SSL_METHOD *		T_SSL_METHOD
-SSL_CTX *		T_SSL_CTX
-SSL_CIPHER *		T_SSL_CIPHER
-SSL *			T_SSL
-BIO *			T_BIO
-X509 *			T_X509
-
-INPUT
-T_DATUM
-	$var.dptr=SvPV($arg,$var.dsize);
-T_MD_CTX
-	if (sv_derived_from($arg, \"SSLeay::MD\")) {
-		IV tmp = SvIV((SV*)SvRV($arg));
-		$var = (EVP_MD_CTX *) tmp;
-		}
-	else
-		croak(\"$var is not of type SSLeay::MD\")
-T_CIPHER_CTX
-	if (sv_derived_from($arg, \"SSLeay::Cipher\")) {
-		IV tmp = SvIV((SV*)SvRV($arg));
-		$var = (EVP_CIPHER_CTX *) tmp;
-		}
-	else
-		croak(\"$var is not of type SSLeay::Cipher\")
-T_BIGNUM
-	sv_to_BIGNUM(&($var),$arg,\"$var is not of type SSLeay::MD, int or string\")
-T_SSL_METHOD
-	if (sv_derived_from($arg, \"SSLeay::SSL::METHOD\")) {
-		IV tmp = SvIV((SV*)SvRV($arg));
-		$var = (SSL_METHOD *) tmp;
-		}
-	else
-		croak(\"$var is not of type SSLeay::SSL::METHOD\")
-T_SSL_CTX
-	if (sv_derived_from($arg, \"SSLeay::SSL::CTX\")) {
-		IV tmp = SvIV((SV*)SvRV($arg));
-		$var = (SSL_CTX *) tmp;
-		}
-	else
-		croak(\"$var is not of type SSLeay::SSL::CTX\")
-T_SSL_CIPHER
-	if (sv_derived_from($arg, \"SSLeay::SSL::CIPHER\")) {
-		IV tmp = SvIV((SV*)SvRV($arg));
-		$var = (SSL_CIPHER *) tmp;
-		}
-	else
-		croak(\"$var is not of type SSLeay::SSL::CIPHER\")
-T_SSL
-	if (sv_derived_from($arg, \"SSLeay::SSL\")) {
-		IV tmp = SvIV((SV*)SvRV($arg));
-		$var = (SSL *) tmp;
-		}
-	else
-		croak(\"$var is not of type SSLeay::SSL\")
-T_BIO
-	if (sv_derived_from($arg, \"SSLeay::BIO\")) {
-		IV tmp = SvIV((SV*)SvRV($arg));
-		$var = (BIO *) tmp;
-		}
-	else
-		croak(\"$var is not of type SSLeay::BIO\")
-T_X509
-	if (sv_derived_from($arg, \"SSLeay::X509\")) {
-		IV tmp = SvIV((SV*)SvRV($arg));
-		$var = (X509 *) tmp;
-		}
-	else
-		croak(\"$var is not of type SSLeay::X509\")
-OUTPUT
-T_DATUM
-	sv_setpvn($arg,$var.dptr,$var.dsize);
-T_MD_CTX
-	sv_setref_pv($arg, \"SSLeay::MD\", (void*)$var);
-T_CIPHER_CTX
-	sv_setref_pv($arg, \"SSLeay::Cipher\", (void*)$var);
-T_BIGNUM
-	sv_setref_pv($arg, \"SSLeay::BN\", (void*)$var);
-T_SSL_METHOD
-	sv_setref_pv($arg, \"SSLeay::SSL::METHOD\", (void*)$var);
-T_SSL_CTX
-	sv_setref_pv($arg, \"SSLeay::SSL::CTX\", (void*)$var);
-T_SSL_CIPHER
-	sv_setref_pv($arg, \"SSLeay::SSL::CIPHER\", (void*)$var);
-T_SSL
-	sv_setref_pv($arg, \"SSLeay::SSL\", (void*)$var);
-T_BIO
-	sv_setref_pv($arg, \"SSLeay::BIO\", (void*)$var);
-T_X509
-	sv_setref_pv($arg, \"SSLeay::X509\", (void*)$var);
-
-
diff --git a/perl/x509.txt b/perl/x509.txt
deleted file mode 100644
index 8468eff512..0000000000
--- a/perl/x509.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-X509::new()
-
-X509::get_verson()
-X509::get_serial_number()
-X509::get_subject_name()
-X509::get_issuer_name()
diff --git a/perl/x509.xs b/perl/x509.xs
deleted file mode 100644
index 67633ad225..0000000000
--- a/perl/x509.xs
+++ /dev/null
@@ -1,74 +0,0 @@
-#include "p5SSLeay.h"
-
-MODULE =  SSLeay::X509	PACKAGE = SSLeay::X509	PREFIX = p5_X509_
-
-PROTOTYPES: ENABLE
-VERSIONCHECK: DISABLE
-
-void
-p5_X509_new(void )
-	PREINIT:
-		X509 *x509;
-		SV *arg;
-	PPCODE:
-		pr_name("p5_X509_new");
-		EXTEND(sp,1);
-		PUSHs(sv_newmortal());
-		x509=X509_new();
-		sv_setref_pv(ST(0),"SSLeay::X509",(void *)x509);
-
-char *
-p5_X509_get_subject_name(x509)
-	X509 *x509;
-	PREINIT:
-		char *p;
-		X509_NAME *name;
-		char buf[1024];
-		int i;
-	CODE:
-		name=X509_get_subject_name(x509);
-		X509_NAME_oneline(name,buf,sizeof(buf));
-		p= &(buf[0]);
-		RETVAL=p;
-	OUTPUT:
-		RETVAL
-
-char *
-p5_X509_get_issuer_name(x509)
-	X509 *x509;
-	PREINIT:
-		char *p;
-		X509_NAME *name;
-		char buf[1024];
-		int i;
-	CODE:
-		name=X509_get_issuer_name(x509);
-		X509_NAME_oneline(name,buf,sizeof(buf));
-		p= &(buf[0]);
-		RETVAL=p;
-	OUTPUT:
-		RETVAL
-
-int
-p5_X509_get_version(x509)
-	X509 *x509;
-	CODE:
-		RETVAL=X509_get_version(x509);
-	OUTPUT:
-		RETVAL
-
-BIGNUM *
-p5_X509_get_serialNumber(x509)
-	X509 *x509;
-	CODE:
-		RETVAL=ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
-	OUTPUT:
-		RETVAL
-
-void
-p5_X509_DESTROY(x509)
-	X509 *x509;
-	CODE:
-	pr_name("p5_X509_DESTROY");
-	X509_free(x509);
-
diff --git a/perl/y.pl b/perl/y.pl
deleted file mode 100644
index e869460ab7..0000000000
--- a/perl/y.pl
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/usr/local/bin/perl
-use ExtUtils::testlib;
-use SSLeay;
-
-$message=SSLeay::BN::dec2bn("936345681743241125150760694794510965960940252288797108931456691368672287489405603308617928680920874760917824938589009714909675985261365549781893129784821682998948722");
-
-print $message->bn2hex."\n";
diff --git a/perl/yy.pl b/perl/yy.pl
deleted file mode 100644
index 4415b53886..0000000000
--- a/perl/yy.pl
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-
-$a=SSLeay::BN::new();
-
-$a+="1234567";
-
-print $a->bn2hex()."\n";
-
-
-for (1 .. 20)
-	{
-	$a*=$a;
-	$b=$a->bn2hex();
-	print " ".$b."\n".length($b)."\n";
-	}
diff --git a/perl/z.pl b/perl/z.pl
deleted file mode 100644
index 8bba1bdbd2..0000000000
--- a/perl/z.pl
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/usr/local/bin/perl
-
-use ExtUtils::testlib;
-
-use SSLeay;
-use Benchmark;
-
-$buf=('x' x (1024*1024));
-$buf=('x' x (1024*1024));
-
-@md=();
-foreach $name ("md2", "mdc2", "sha", "ripemd160", "sha1", "md5")
-	{
-	if (($name eq "md2") || ($name eq "mdc2"))
-		{ $num=5; }
-	else	{ $num=100; }
-
-	$t=timeit($num,'&hash($name)');
-	printf "%6d000 bytes/sec:$name\n",int(($num*1024*1024)/$t->[1]/1000);
-	}
-
-sub hash
-	{
-	my($name)=@_;
-	my($f,$digest);
-
-	($f=MD->new($name)) ||
-		die "$_ is an unknown message digest algorithm\n";
-	$f->update($buf);
-	$digest=$f->final();
-	}
-
diff --git a/perl/zz.pl b/perl/zz.pl
deleted file mode 100644
index 5253f83bcc..0000000000
--- a/perl/zz.pl
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/usr/local/bin/perl
-use ExtUtils::testlib;
-use SSLeay;
-
-$a=SSLeay::BN::dec2bn("12345678901234567890");
-$b=SSLeay::BN::dec2bn("98765432109876543210");
-print "a=$a\n";
-print "b=$b\n";
-
-$n=$a*$b;
-$m=$n+"1223123235345634764534567889";
-$l=$m*88888888;
-
-$r=$l/$b;
-
-print "a=$a\n";
-print "b=$b\n";
-print "n=$n\n";
-print "m=$m\n";
-print "l=$l\n";
-print "r=$r\n";
-
diff --git a/rsaref/Makefile.ssl b/rsaref/Makefile.ssl
deleted file mode 100644
index b816b89f66..0000000000
--- a/rsaref/Makefile.ssl
+++ /dev/null
@@ -1,85 +0,0 @@
-#
-# SSLeay/rsaref/Makefile
-#
-
-DIR=	rsaref
-TOP=	..
-CC=	cc
-INCLUDES= -I../crypto -I../include
-CFLAG=-g
-INSTALLTOP=/usr/local/ssl
-MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
-MAKEFILE=	Makefile.ssl
-AR=		ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-ERR=rsaref
-ERRC=rsar_err
-GENERAL=Makefile
-TEST=
-APPS=
-
-LIB=$(TOP)/libRSAglue.a
-LIBSRC=	rsaref.c $(ERRC).c
-LIBOBJ= rsaref.o $(ERRC).o
-
-SRC= $(LIBSRC)
-
-EXHEADER=
-HEADER=	$(EXHEADER) rsaref.h
-
-ALL=    $(GENERAL) $(SRC) $(HEADER)
-
-top:
-	(cd ..; $(MAKE) DIRS=rsaref all)
-
-all:	lib
-
-lib:	$(LIBOBJ)
-	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
-	@touch lib
-
-files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
-
-links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../test $(TEST)
-	$(TOP)/util/mklink.sh ../apps $(APPS)
-
-install:
-
-#	@for i in $(EXHEADER) ; \
-#	do  \
-#	(cp $$i $(INSTALLTOP)/include/$$i; \
-#	chmod 644 $(INSTALLTOP)/include/$$i ); \
-#	done;
-
-tags:
-	ctags $(SRC)
-
-tests:
-
-lint:
-	lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
-
-dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
-	mv -f Makefile.new $(MAKEFILE)
-
-clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../crypto/err/err_genc.pl -s $(ERR).h $(ERRC).c
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
diff --git a/rsaref/rsar_err.c b/rsaref/rsar_err.c
deleted file mode 100644
index 3ba902766c..0000000000
--- a/rsaref/rsar_err.c
+++ /dev/null
@@ -1,130 +0,0 @@
-/* lib/rsaref/rsaref_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include "err.h"
-#include "rsaref.h"
-
-/* BEGIN ERROR CODES */
-#ifndef NO_ERR
-static ERR_STRING_DATA RSAREF_str_functs[]=
-	{
-{ERR_PACK(0,RSAREF_F_BN_REF_MOD_EXP,0),	"BN_REF_MOD_EXP"},
-{ERR_PACK(0,RSAREF_F_RSAREF_BN2BIN,0),	"RSAREF_BN2BIN"},
-{ERR_PACK(0,RSAREF_F_RSA_BN2BIN,0),	"RSA_BN2BIN"},
-{ERR_PACK(0,RSAREF_F_RSA_PRIVATE_DECRYPT,0),	"RSA_PRIVATE_DECRYPT"},
-{ERR_PACK(0,RSAREF_F_RSA_PRIVATE_ENCRYPT,0),	"RSA_PRIVATE_ENCRYPT"},
-{ERR_PACK(0,RSAREF_F_RSA_PUBLIC_DECRYPT,0),	"RSA_PUBLIC_DECRYPT"},
-{ERR_PACK(0,RSAREF_F_RSA_PUBLIC_ENCRYPT,0),	"RSA_PUBLIC_ENCRYPT"},
-{ERR_PACK(0,RSAREF_F_RSA_REF_BN2BIN,0),	"RSA_REF_BN2BIN"},
-{ERR_PACK(0,RSAREF_F_RSA_REF_MOD_EXP,0),	"RSA_REF_MOD_EXP"},
-{ERR_PACK(0,RSAREF_F_RSA_REF_PRIVATE_DECRYPT,0),	"RSA_REF_PRIVATE_DECRYPT"},
-{ERR_PACK(0,RSAREF_F_RSA_REF_PRIVATE_ENCRYPT,0),	"RSA_REF_PRIVATE_ENCRYPT"},
-{ERR_PACK(0,RSAREF_F_RSA_REF_PUBLIC_DECRYPT,0),	"RSA_REF_PUBLIC_DECRYPT"},
-{ERR_PACK(0,RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,0),	"RSA_REF_PUBLIC_ENCRYPT"},
-{0,NULL},
-	};
-
-static ERR_STRING_DATA RSAREF_str_reasons[]=
-	{
-{RE_CONTENT_ENCODING                     ,"content encoding"},
-{RE_DATA                                 ,"data"},
-{RE_DIGEST_ALGORITHM                     ,"digest algorithm"},
-{RE_ENCODING                             ,"encoding"},
-{RE_KEY                                  ,"key"},
-{RE_KEY_ENCODING                         ,"key encoding"},
-{RE_LEN                                  ,"len"},
-{RE_MODULUS_LEN                          ,"modulus len"},
-{RE_NEED_RANDOM                          ,"need random"},
-{RE_PRIVATE_KEY                          ,"private key"},
-{RE_PUBLIC_KEY                           ,"public key"},
-{RE_SIGNATURE                            ,"signature"},
-{RE_SIGNATURE_ENCODING                   ,"signature encoding"},
-{RE_ENCRYPTION_ALGORITHM                 ,"encryption algorithm"},
-{RSAREF_R_CONTENT_ENCODING               ,"content encoding"},
-{RSAREF_R_DATA                           ,"data"},
-{RSAREF_R_DIGEST_ALGORITHM               ,"digest algorithm"},
-{RSAREF_R_ENCODING                       ,"encoding"},
-{RSAREF_R_ENCRYPTION_ALGORITHM           ,"encryption algorithm"},
-{RSAREF_R_KEY                            ,"key"},
-{RSAREF_R_KEY_ENCODING                   ,"key encoding"},
-{RSAREF_R_LEN                            ,"len"},
-{RSAREF_R_MODULUS_LEN                    ,"modulus len"},
-{RSAREF_R_NEED_RANDOM                    ,"need random"},
-{RSAREF_R_PRIVATE_KEY                    ,"private key"},
-{RSAREF_R_PUBLIC_KEY                     ,"public key"},
-{RSAREF_R_SIGNATURE                      ,"signature"},
-{RSAREF_R_SIGNATURE_ENCODING             ,"signature encoding"},
-{0,NULL},
-	};
-
-#endif
-
-void ERR_load_RSAREF_strings()
-	{
-	static int init=1;
-
-	if (init)
-		{
-		init=0;
-#ifndef NO_ERR
-		ERR_load_strings(ERR_LIB_RSAREF,RSAREF_str_functs);
-		ERR_load_strings(ERR_LIB_RSAREF,RSAREF_str_reasons);
-#endif
-
-		}
-	}
diff --git a/rsaref/rsaref.c b/rsaref/rsaref.c
deleted file mode 100644
index 324460327d..0000000000
--- a/rsaref/rsaref.c
+++ /dev/null
@@ -1,353 +0,0 @@
-/* rsaref/rsaref.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include "bn.h"
-#include "rsa.h"
-#include "rsaref.h"
-#include "rand.h"
-
-/* 
- * RSAREFerr(RSAREF_F_RSA_REF_BN2BIN,RSAREF_R_CONTENT_ENCODING);
- * RSAREFerr(RSAREF_F_RSA_REF_PRIVATE_DECRYPT,RSAREF_R_DATA);
- * RSAREFerr(RSAREF_F_RSA_REF_PRIVATE_ENCRYPT,RSAREF_R_DIGEST_ALGORITHM);
- * RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_DECRYPT,RSAREF_R_ENCODING);
- * RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,RSAREF_R_KEY);
- * RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,RSAREF_R_KEY_ENCODING);
- * RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,RSAREF_R_LEN);
- * RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,RSAREF_R_MODULUS_LEN);
- * RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,RSAREF_R_NEED_RANDOM);
- * RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,RSAREF_R_PRIVATE_KEY);
- * RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,RSAREF_R_PUBLIC_KEY);
- * RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,RSAREF_R_SIGNATURE);
- * RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,RSAREF_R_SIGNATURE_ENCODING);
- * RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,RSAREF_R_ENCRYPTION_ALGORITHM);
- * RSAREFerr(RSAREF_F_RSAREF_BN2BIN,ERR_R_BN_LIB);
- */
-
-#ifndef NOPROTO
-static int RSAref_bn2bin(BIGNUM * from, unsigned char* to, int max);
-#ifdef undef
-static BIGNUM* RSAref_bin2bn(unsigned char* from, BIGNUM * to, int max);
-#endif
-static int RSAref_Public_eay2ref(RSA * from, RSArefPublicKey * to);
-static int RSAref_Private_eay2ref(RSA * from, RSArefPrivateKey * to);
-int RSA_ref_private_decrypt(int len, unsigned char *from,
-	unsigned char *to, RSA *rsa, int padding);
-int RSA_ref_private_encrypt(int len, unsigned char *from,
-	unsigned char *to, RSA *rsa, int padding);
-int RSA_ref_public_encrypt(int len, unsigned char *from,
-	unsigned char *to, RSA *rsa, int padding);
-int RSA_ref_public_decrypt(int len, unsigned char *from,
-	unsigned char *to, RSA *rsa, int padding);
-static int BN_ref_mod_exp(BIGNUM *r,BIGNUM *a,BIGNUM *p,BIGNUM *m, BN_CTX *ctx);
-static int RSA_ref_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa);
-#else
-
-static int RSAref_bn2bin();
-#ifdef undef
-static BIGNUM* RSAref_bin2bn();
-#endif
-static int RSAref_Public_eay2ref();
-static int RSAref_Private_eay2ref();
-static int BN_ref_mod_exp();
-static int RSA_ref_mod_exp();
-int RSA_ref_private_decrypt();
-int RSA_ref_private_encrypt();
-int RSA_ref_public_encrypt();
-int RSA_ref_public_decrypt();
-static int BN_ref_mod_exp();
-static int RSA_ref_mod_exp();
-#endif
-
-static RSA_METHOD rsa_pkcs1_ref_meth={
-	"RSAref PKCS#1 RSA",
-	RSA_ref_public_encrypt,
-	RSA_ref_public_decrypt,
-	RSA_ref_private_encrypt,
-	RSA_ref_private_decrypt,
-	RSA_ref_mod_exp,
-	BN_ref_mod_exp,
-	NULL,
-	NULL,
-	0,
-	NULL,
-	};
-
-RSA_METHOD *RSA_PKCS1_RSAref()
-	{
-	return(&rsa_pkcs1_ref_meth);
-	}
-
-static int RSA_ref_mod_exp(r0, I, rsa)
-BIGNUM *r0;
-BIGNUM *I;
-RSA *rsa;
-	{
-	RSAREFerr(RSAREF_F_RSA_REF_MOD_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-	return(0);
-	}
-
-static int BN_ref_mod_exp(r,a,p,m,ctx)
-BIGNUM *r,*a,*p,*m;
-BN_CTX *ctx;
-	{
-	RSAREFerr(RSAREF_F_BN_REF_MOD_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-	return(0);
-	}
-
-static int RSAref_bn2bin(from,to,max)
-BIGNUM *from;
-unsigned char *to; /* [max] */
-int max;
-	{
-	int i;
-
-	i=BN_num_bytes(from);
-	if (i > max)
-		{
-		RSAREFerr(RSAREF_F_RSAREF_BN2BIN,RSAREF_R_LEN);
-		return(0);
-		}
-
-	memset(to,0,(unsigned int)max);
-	if (!BN_bn2bin(from,&(to[max-i])))
-		return(0);
-	return(1);
-	}
-
-#ifdef undef
-static BIGNUM *RSAref_bin2bn(from,to,max)
-unsigned char *from; /* [max] */
-BIGNUM *to;
-int max;
-	{
-	int i;
-	BIGNUM *ret;
-
-	for (i=0; i<max; i++)
-		if (from[i]) break;
-
-	ret=BN_bin2bn(&(from[i]),max-i,to);
-	return(ret);
-	}
-
-static int RSAref_Public_ref2eay(from,to)
-RSArefPublicKey *from;
-RSA *to;
-	{
-	to->n=RSAref_bin2bn(from->m,NULL,RSAref_MAX_LEN);
-	to->e=RSAref_bin2bn(from->e,NULL,RSAref_MAX_LEN);
-	if ((to->n == NULL) || (to->e == NULL)) return(0);
-	return(1);
-	}
-#endif
-
-static int RSAref_Public_eay2ref(from,to)
-RSA *from;
-RSArefPublicKey *to;
-	{
-	to->bits=BN_num_bits(from->n);
-	if (!RSAref_bn2bin(from->n,to->m,RSAref_MAX_LEN)) return(0);
-	if (!RSAref_bn2bin(from->e,to->e,RSAref_MAX_LEN)) return(0);
-	return(1);
-	}
-
-#ifdef undef
-static int RSAref_Private_ref2eay(from,to)
-RSArefPrivateKey *from;
-RSA *to;
-	{
-	if ((to->n=RSAref_bin2bn(from->m,NULL,RSAref_MAX_LEN)) == NULL)
-		return(0);
-	if ((to->e=RSAref_bin2bn(from->e,NULL,RSAref_MAX_LEN)) == NULL)
-		return(0);
-	if ((to->d=RSAref_bin2bn(from->d,NULL,RSAref_MAX_LEN)) == NULL)
-		return(0);
-	if ((to->p=RSAref_bin2bn(from->prime[0],NULL,RSAref_MAX_PLEN)) == NULL)
-		return(0);
-	if ((to->q=RSAref_bin2bn(from->prime[1],NULL,RSAref_MAX_PLEN)) == NULL)
-		return(0);
-	if ((to->dmp1=RSAref_bin2bn(from->pexp[0],NULL,RSAref_MAX_PLEN))
-		== NULL)
-		return(0);
-	if ((to->dmq1=RSAref_bin2bn(from->pexp[1],NULL,RSAref_MAX_PLEN))
-		== NULL)
-		return(0);
-	if ((to->iqmp=RSAref_bin2bn(from->coef,NULL,RSAref_MAX_PLEN)) == NULL)
-		return(0);
-	return(1);
-	}
-#endif
-
-static int RSAref_Private_eay2ref(from,to)
-RSA *from;
-RSArefPrivateKey *to;
-	{
-	to->bits=BN_num_bits(from->n);
-	if (!RSAref_bn2bin(from->n,to->m,RSAref_MAX_LEN)) return(0);
-	if (!RSAref_bn2bin(from->e,to->e,RSAref_MAX_LEN)) return(0);
-	if (!RSAref_bn2bin(from->d,to->d,RSAref_MAX_LEN)) return(0);
-	if (!RSAref_bn2bin(from->p,to->prime[0],RSAref_MAX_PLEN)) return(0);
-	if (!RSAref_bn2bin(from->q,to->prime[1],RSAref_MAX_PLEN)) return(0);
-	if (!RSAref_bn2bin(from->dmp1,to->pexp[0],RSAref_MAX_PLEN)) return(0);
-	if (!RSAref_bn2bin(from->dmq1,to->pexp[1],RSAref_MAX_PLEN)) return(0);
-	if (!RSAref_bn2bin(from->iqmp,to->coef,RSAref_MAX_PLEN)) return(0);
-	return(1);
-	}
-
-int RSA_ref_private_decrypt(len,from,to,rsa,padding)
-int len;
-unsigned char *from,*to;
-RSA *rsa;
-int padding;
-	{
-	int i,outlen= -1;
-	RSArefPrivateKey RSAkey;
-
-	if (!RSAref_Private_eay2ref(rsa,&RSAkey))
-		goto err;
-	if ((i=RSAPrivateDecrypt(to,&outlen,from,len,&RSAkey)) != 0)
-		{
-		RSAREFerr(RSAREF_F_RSA_REF_PRIVATE_DECRYPT,i);
-		outlen= -1;
-		}
-err:
-	memset(&RSAkey,0,sizeof(RSAkey));
-	return(outlen);
-	}
-
-int RSA_ref_private_encrypt(len,from,to,rsa,padding)
-int len;
-unsigned char *from,*to;
-RSA *rsa;
-int padding;
-	{
-	int i,outlen= -1;
-	RSArefPrivateKey RSAkey;
-
-	if (!RSAref_Private_eay2ref(rsa,&RSAkey))
-		goto err;
-	if ((i=RSAPrivateEncrypt(to,&outlen,from,len,&RSAkey)) != 0)
-		{
-		RSAREFerr(RSAREF_F_RSA_REF_PRIVATE_ENCRYPT,i);
-		outlen= -1;
-		}
-err:
-	memset(&RSAkey,0,sizeof(RSAkey));
-	return(outlen);
-	}
-
-int RSA_ref_public_decrypt(len,from,to,rsa,padding)
-int len;
-unsigned char *from,*to;
-RSA *rsa;
-int padding;
-	{
-	int i,outlen= -1;
-	RSArefPublicKey RSAkey;
-
-	if (!RSAref_Public_eay2ref(rsa,&RSAkey))
-		goto err;
-	if ((i=RSAPublicDecrypt(to,&outlen,from,len,&RSAkey)) != 0)
-		{
-		RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_DECRYPT,i);
-		outlen= -1;
-		}
-err:
-	memset(&RSAkey,0,sizeof(RSAkey));
-	return(outlen);
-	}
-
-int RSA_ref_public_encrypt(len,from,to,rsa,padding)
-int len;
-unsigned char *from,*to;
-RSA *rsa;
-int padding;
-	{
-	int outlen= -1;
-	int i;
-	RSArefPublicKey RSAkey;
-	RSARandomState rnd;
-	unsigned char buf[16];
-
-	R_RandomInit(&rnd);
-	R_GetRandomBytesNeeded((unsigned int *)&i,&rnd);
-	while (i > 0)
-		{
-		RAND_bytes(buf,16);
-		R_RandomUpdate(&rnd,buf,(unsigned int)((i>16)?16:i));
-		i-=16;
-		}
-
-	if (!RSAref_Public_eay2ref(rsa,&RSAkey))
-		goto err;
-	if ((i=RSAPublicEncrypt(to,&outlen,from,len,&RSAkey,&rnd)) != 0)
-		{
-		RSAREFerr(RSAREF_F_RSA_REF_PUBLIC_ENCRYPT,i);
-		outlen= -1;
-		goto err;
-		}
-err:
-	memset(&RSAkey,0,sizeof(RSAkey));
-	R_RandomFinal(&rnd);
-	memset(&rnd,0,sizeof(rnd));
-	return(outlen);
-	}
-
diff --git a/rsaref/rsaref.err b/rsaref/rsaref.err
deleted file mode 100644
index ee02cdae76..0000000000
--- a/rsaref/rsaref.err
+++ /dev/null
@@ -1,32 +0,0 @@
-/* Error codes for the RSAREF functions. */
-
-/* Function codes. */
-#define RSAREF_F_BN_REF_MOD_EXP				 100
-#define RSAREF_F_RSAREF_BN2BIN				 101
-#define RSAREF_F_RSA_BN2BIN				 102
-#define RSAREF_F_RSA_PRIVATE_DECRYPT			 103
-#define RSAREF_F_RSA_PRIVATE_ENCRYPT			 104
-#define RSAREF_F_RSA_PUBLIC_DECRYPT			 105
-#define RSAREF_F_RSA_PUBLIC_ENCRYPT			 106
-#define RSAREF_F_RSA_REF_BN2BIN				 107
-#define RSAREF_F_RSA_REF_MOD_EXP			 108
-#define RSAREF_F_RSA_REF_PRIVATE_DECRYPT		 109
-#define RSAREF_F_RSA_REF_PRIVATE_ENCRYPT		 110
-#define RSAREF_F_RSA_REF_PUBLIC_DECRYPT			 111
-#define RSAREF_F_RSA_REF_PUBLIC_ENCRYPT			 112
-
-/* Reason codes. */
-#define RSAREF_R_CONTENT_ENCODING			 0x0400
-#define RSAREF_R_DATA					 0x0401
-#define RSAREF_R_DIGEST_ALGORITHM			 0x0402
-#define RSAREF_R_ENCODING				 0x0403
-#define RSAREF_R_ENCRYPTION_ALGORITHM			 0x040d
-#define RSAREF_R_KEY					 0x0404
-#define RSAREF_R_KEY_ENCODING				 0x0405
-#define RSAREF_R_LEN					 0x0406
-#define RSAREF_R_MODULUS_LEN				 0x0407
-#define RSAREF_R_NEED_RANDOM				 0x0408
-#define RSAREF_R_PRIVATE_KEY				 0x0409
-#define RSAREF_R_PUBLIC_KEY				 0x040a
-#define RSAREF_R_SIGNATURE				 0x040b
-#define RSAREF_R_SIGNATURE_ENCODING			 0x040c
diff --git a/rsaref/rsaref.h b/rsaref/rsaref.h
deleted file mode 100644
index c264e288c9..0000000000
--- a/rsaref/rsaref.h
+++ /dev/null
@@ -1,186 +0,0 @@
-/* rsaref/rsaref.h */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#ifndef HEADER_RSAREF_H
-#define HEADER_RSAREF_H
-
-#include "rsa.h"
-
-/* RSAeuro */
-/*#define  RSAref_MAX_BITS		2048*/
-
-/* RSAref */
-#define  RSAref_MAX_BITS		1024
-
-#define RSAref_MIN_BITS		508
-#define RSAref_MAX_LEN		((RSAref_MAX_BITS+7)/8)
-#define RSAref_MAX_PBITS	(RSAref_MAX_BITS+1)/2
-#define RSAref_MAX_PLEN		((RSAref_MAX_PBITS+7)/8)
-
-typedef struct RSArefPublicKey_st
-	{
-	unsigned int bits;
-	unsigned char m[RSAref_MAX_LEN];
-	unsigned char e[RSAref_MAX_LEN];
-	} RSArefPublicKey;
-
-typedef struct RSArefPrivateKey_st
-	{
-	unsigned int bits;
-	unsigned char m[RSAref_MAX_LEN];
-	unsigned char e[RSAref_MAX_LEN];
-	unsigned char d[RSAref_MAX_LEN];
-	unsigned char prime[2][RSAref_MAX_PLEN];/* p & q */
-	unsigned char pexp[2][RSAref_MAX_PLEN];	/* dmp1 & dmq1 */
-	unsigned char coef[RSAref_MAX_PLEN];	/* iqmp */
-	} RSArefPrivateKey;
-
-typedef struct RSARandomState_st
-	{
-	unsigned int needed;
-	unsigned char state[16];
-	unsigned int outputnum;
-	unsigned char output[16];
-	} RSARandomState;
-
-#define RE_CONTENT_ENCODING 0x0400
-#define RE_DATA 0x0401
-#define RE_DIGEST_ALGORITHM 0x0402
-#define RE_ENCODING 0x0403
-#define RE_KEY 0x0404
-#define RE_KEY_ENCODING 0x0405
-#define RE_LEN 0x0406
-#define RE_MODULUS_LEN 0x0407
-#define RE_NEED_RANDOM 0x0408
-#define RE_PRIVATE_KEY 0x0409
-#define RE_PUBLIC_KEY 0x040a
-#define RE_SIGNATURE 0x040b
-#define RE_SIGNATURE_ENCODING 0x040c
-#define RE_ENCRYPTION_ALGORITHM 0x040d
-
-#ifndef NOPROTO
-int RSAPrivateDecrypt(unsigned char *to, int *outlen, unsigned char *from,
-	int len, RSArefPrivateKey *RSAkey);
-int RSAPrivateEncrypt(unsigned char *to, int *outlen, unsigned char *from,
-	int len, RSArefPrivateKey *RSAkey);
-int RSAPublicDecrypt(unsigned char *to, int *outlen, unsigned char *from,
-	int len, RSArefPublicKey *RSAkey);
-int RSAPublicEncrypt(unsigned char *to, int *outlen, unsigned char *from,
-	int len, RSArefPublicKey *RSAkey,RSARandomState *rnd);
-int R_RandomInit(RSARandomState *rnd);
-int R_GetRandomBytesNeeded(unsigned int *,RSARandomState *rnd);
-int R_RandomUpdate(RSARandomState *rnd, unsigned char *data, unsigned int n);
-int R_RandomFinal(RSARandomState *rnd);
-
-void ERR_load_RSAREF_strings(void );
-RSA_METHOD *RSA_PKCS1_RSAref(void );
-
-#else
-int RSAPrivateDecrypt();
-int RSAPrivateEncrypt();
-int RSAPublicDecrypt();
-int RSAPublicEncrypt();
-int R_RandomInit();
-int R_GetRandomBytesNeeded();
-int R_RandomUpdate();
-int R_RandomFinal();
-
-void ERR_load_RSAREF_strings();
-RSA_METHOD *RSA_PKCS1_RSAref();
-
-#endif
-
-/* BEGIN ERROR CODES */
-/* Error codes for the RSAREF functions. */
-
-/* Function codes. */
-#define RSAREF_F_BN_REF_MOD_EXP				 100
-#define RSAREF_F_RSAREF_BN2BIN				 101
-#define RSAREF_F_RSA_BN2BIN				 102
-#define RSAREF_F_RSA_PRIVATE_DECRYPT			 103
-#define RSAREF_F_RSA_PRIVATE_ENCRYPT			 104
-#define RSAREF_F_RSA_PUBLIC_DECRYPT			 105
-#define RSAREF_F_RSA_PUBLIC_ENCRYPT			 106
-#define RSAREF_F_RSA_REF_BN2BIN				 107
-#define RSAREF_F_RSA_REF_MOD_EXP			 108
-#define RSAREF_F_RSA_REF_PRIVATE_DECRYPT		 109
-#define RSAREF_F_RSA_REF_PRIVATE_ENCRYPT		 110
-#define RSAREF_F_RSA_REF_PUBLIC_DECRYPT			 111
-#define RSAREF_F_RSA_REF_PUBLIC_ENCRYPT			 112
-
-/* Reason codes. */
-#define RSAREF_R_CONTENT_ENCODING			 0x0400
-#define RSAREF_R_DATA					 0x0401
-#define RSAREF_R_DIGEST_ALGORITHM			 0x0402
-#define RSAREF_R_ENCODING				 0x0403
-#define RSAREF_R_ENCRYPTION_ALGORITHM			 0x040d
-#define RSAREF_R_KEY					 0x0404
-#define RSAREF_R_KEY_ENCODING				 0x0405
-#define RSAREF_R_LEN					 0x0406
-#define RSAREF_R_MODULUS_LEN				 0x0407
-#define RSAREF_R_NEED_RANDOM				 0x0408
-#define RSAREF_R_PRIVATE_KEY				 0x0409
-#define RSAREF_R_PUBLIC_KEY				 0x040a
-#define RSAREF_R_SIGNATURE				 0x040b
-#define RSAREF_R_SIGNATURE_ENCODING			 0x040c
- 
-#ifdef  __cplusplus
-}
-#endif
-#endif
-
diff --git a/shlib/Makefile.hpux10-cc b/shlib/Makefile.hpux10-cc
new file mode 100644
index 0000000000..89c28dcf46
--- /dev/null
+++ b/shlib/Makefile.hpux10-cc
@@ -0,0 +1,34 @@
+# Makefile.hpux-cc
+
+major=0.9.8
+
+slib=libssl
+sh_slib=$(slib).sl.$(major)
+
+clib=libcrypto
+sh_clib=$(clib).sl.$(major)
+
+all : $(clib).sl $(slib).sl
+
+
+$(clib)_pic.a : $(clib).a
+	echo "Copying $? to $@"
+	cp -p $? $@
+
+$(slib)_pic.a : $(slib).a
+	echo "Copying $? to $@"
+	cp -p $? $@
+
+$(sh_clib) : $(clib)_pic.a
+	ld -b -s -z +h $@ -o $@ -Fl $(clib)_pic.a -ldld -lc 
+
+$(clib).sl : $(sh_clib)
+	rm -f $@
+	ln -s $? $@
+
+$(sh_slib) : $(slib)_pic.a $(clib).sl
+	ld -b -s -z +h $@ -o $@ -Fl $(slib)_pic.a -ldld -lc
+        
+$(slib).sl : $(sh_slib)
+	rm -f $@
+	ln -s $? $@
diff --git a/shlib/hpux10-cc.sh b/shlib/hpux10-cc.sh
new file mode 100644
index 0000000000..ceeb8c5236
--- /dev/null
+++ b/shlib/hpux10-cc.sh
@@ -0,0 +1,92 @@
+#!/usr/bin/sh
+#
+# Run this script from the OpenSSL root directory:
+# sh shlib/hpux10-cc.sh
+# 
+# HP-UX (10.20) shared library installation:
+# Compile and install OpenSSL with best possible optimization:
+# - shared libraries are compiled and installed with +O4 optimization
+# - executable(s) are compiled and installed with +O4 optimization
+# - static libraries are compiled and installed with +O3 optimization,
+#   to avoid the time consuming +O4 link-time optimization when using
+#   these libraries. (The shared libs are already optimized during build
+#   at +O4.)
+#
+# This script must be run with appropriate privileges to install into
+# /usr/local/ssl. HP-UX prevents used executables and shared libraries
+# from being deleted or overwritten. Stop all processes using already
+# installed items of OpenSSL.
+#
+# WARNING: At high optimization levels, HP's ANSI-C compiler can chew up
+#          large amounts of memory and CPU time. Make sure to have at least
+#          128MB of RAM available and that your kernel is configured to allow
+#          at least 128MB data size (maxdsiz parameter which can be obtained
+#          by multiplying 'echo maxdsiz/D | adb -k /stand/vmunix /dev/kmem'
+#          by 'getconf PAGE_SIZE').
+#          The installation process can take several hours, even on fast
+#          machines. +O4 optimization of the libcrypto.sl shared library may
+#          take 1 hour on a C200 (200MHz PA8200 CPU), +O3 compilation of
+#          fcrypt_b.c can take 20 minutes on this machine. Stay patient.
+#
+# SITEFLAGS: site specific flags. I do use +DAportable, since I have to
+# support older PA1.1-type CPUs. Your mileage may vary.
+# +w1 enables enhanced warnings, useful when working with snaphots.
+#
+SITEFLAGS="+DAportable +w1"
+#
+# Set the default additions to build with HP-UX.
+# -D_REENTRANT must/should be defined on HP-UX manually, since we do call
+# Configure directly.
+# +Oall increases the optimization done.
+#
+MYFLAGS="-D_REENTRANT +Oall $SITEFLAGS"
+
+# Configure for pic and build the static pic libraries
+perl5 Configure no-shared hpux-parisc-cc-o4 +Z ${MYFLAGS}
+make clean
+make DIRS="crypto ssl"
+# Rename the static pic libs and build dynamic libraries from them
+# Be prepared to see a lot of warnings about shared libraries being built
+# with optimizations higher than +O2. When using these libraries, it is
+# not possible to replace internal library functions with functions from
+# the program to be linked.
+#
+make -f shlib/Makefile.hpux10-cc
+
+# Copy the libraries to /usr/local/ssl/lib (they have to be in their
+# final location when linking applications).
+# If the directories are still there, no problem.
+mkdir /usr/local
+mkdir /usr/local/ssl
+mkdir /usr/local/ssl/lib
+chmod 444 lib*_pic.a
+chmod 555 lib*.sl.0.9.8
+cp -p lib*_pic.a lib*.sl.0.9.8 /usr/local/ssl/lib
+(cd /usr/local/ssl/lib ; ln -sf libcrypto.sl.0.9.8 libcrypto.sl ; ln -sf libssl.sl.0.9.8 libssl.sl)
+
+# Reconfigure without pic to compile the executables. Unfortunately, while
+# performing this task we have to recompile the library components, even
+# though we use the already installed shared libs anyway.
+#
+perl5 Configure no-shared hpux-parisc-cc-o4 ${MYFLAGS}
+
+make clean
+
+# Hack the Makefiles to pick up the dynamic libraries during linking
+#
+sed 's/^PEX_LIBS=.*$/PEX_LIBS=-L\/usr\/local\/ssl\/lib/' Makefile.ssl >xxx; mv xxx Makefile.ssl
+sed 's/-L\.\.//' apps/Makefile.ssl >xxx; mv xxx apps/Makefile.ssl
+sed 's/-L\.\.//' test/Makefile.ssl >xxx; mv xxx test/Makefile.ssl
+# Build the static libs and the executables in one make.
+make
+# Install everything
+make install
+
+# Finally build the static libs with +O3. This time we only need the libraries,
+# once created, they are simply copied into place.
+#
+perl5 Configure no-shared hpux-parisc-cc ${MYFLAGS}
+make clean
+make DIRS="crypto ssl"
+chmod 644 libcrypto.a libssl.a
+cp -p libcrypto.a libssl.a /usr/local/ssl/lib
diff --git a/shlib/libcrypto.so.0 b/shlib/libcrypto.so.0
deleted file mode 100644
index e69de29bb2..0000000000
--- a/shlib/libcrypto.so.0
+++ /dev/null
diff --git a/shlib/libssl.so.0 b/shlib/libssl.so.0
deleted file mode 100644
index e69de29bb2..0000000000
--- a/shlib/libssl.so.0
+++ /dev/null
diff --git a/shlib/linux.sh b/shlib/linux.sh
deleted file mode 100644
index f80292d90c..0000000000
--- a/shlib/linux.sh
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/bin/sh
-
-echo "#define DATE      \"`date`\"" >crypto/date.h
-
-major="0"
-minor="8.2"
-slib=libssl
-clib=libcrypto
-CC=gcc
-CPP='gcc -E'
-AS=as
-FLAGS='-DX86_ASM -DTERMIO -O3 -DL_ENDIAN -fomit-frame-pointer -m486 -Wall'
-#FLAGS='-DTERMIO -g2 -ggdb -DL_ENDIAN -m486 -Wall -DREF_CHECK -DCRYPTO_MDEBUG'
-INCLUDE='-Iinclude -Icrypto -Issl'
-SHFLAGS='-DPIC -fpic'
-
-CFLAGS="$FLAGS $INCLUDE $SHFLAGS"
-ASM_OBJ="";
-
-echo compiling bignum assember
-$CPP -DELF crypto/bn/asm/bn86unix.cpp | $AS -o bn_asm.o
-CFLAGS="$CFLAGS -DBN_ASM -DX86_ASM"
-ASM_OBJ="$ASM_OBJ bn_asm.o"
-
-echo compiling des assember
-$CPP -DELF crypto/des/asm/dx86unix.cpp | $AS -o des_enc.o
-$CPP -DELF crypto/des/asm/yx86unix.cpp | $AS -o fcrypt-b.o
-CFLAGS="$CFLAGS -DDES_ASM"
-ASM_OBJ="$ASM_OBJ des_enc.o fcrypt-b.o"
-
-echo compiling blowfish assember
-$CPP -DELF crypto/bf/asm/bx86unix.cpp | $AS -o bf_enc.o
-CFLAGS="$CFLAGS -DBF_ASM"
-ASM_OBJ="$ASM_OBJ bf_enc.o"
-
-echo compiling cast assember
-$CPP -DELF crypto/cast/asm/cx86unix.cpp | $AS -o cast_enc.o
-CFLAGS="$CFLAGS -DCAST_ASM"
-ASM_OBJ="$ASM_OBJ cast_enc.o"
-
-echo compiling rc4 assember
-$CPP -DELF crypto/rc4/asm/rx86unix.cpp | $AS -o rc4_enc.o
-CFLAGS="$CFLAGS -DRC4_ASM"
-ASM_OBJ="$ASM_OBJ rc4_enc.o"
-
-echo compiling md5 assember
-$CPP -DELF crypto/md5/asm/mx86unix.cpp | $AS -o md5_enc.o
-CFLAGS="$CFLAGS -DMD5_ASM"
-ASM_OBJ="$ASM_OBJ md5_enc.o"
-
-echo compiling sha1 assember
-$CPP -DELF crypto/sha/asm/sx86unix.cpp | $AS -o sha1_enc.o
-CFLAGS="$CFLAGS -DSHA1_ASM"
-ASM_OBJ="$ASM_OBJ sha1_enc.o"
-
-echo compiling $clib
-$CC -c $CFLAGS -DCFLAGS="\"$FLAGS\"" -o crypto.o crypto/crypto.c
-
-echo linking $clib.so
-gcc $CFLAGS -shared -Wl,-soname,$clib.so.$major -o $clib.so.$major.$minor crypto.o $ASM_OBJ
-/bin/rm -f $clib.so $clib.so.$major
-ln -s $clib.so.$major.$minor $clib.so
-ln -s $clib.so.$major.$minor $clib.so.$major
-
-echo compiling $slib.so
-$CC -c $CFLAGS -o ssl.o ssl/ssl.c
-
-echo building $slib.so
-gcc $CFLAGS -shared -Wl,-soname,$slib.so.$major -o $slib.so.$major.$minor ssl.o
-/bin/rm -f $slib.so $slib.so.$major
-ln -s $slib.so.$major.$minor $slib.so
-ln -s $slib.so.$major.$minor $slib.so.$major
-
-echo building ssleay executable
-gcc $CFLAGS -o ssleay apps/eay.c -L. -lssl -lcrypto
-
diff --git a/shlib/solaris-sc4.sh b/shlib/solaris-sc4.sh
new file mode 100755
index 0000000000..b0766b35f7
--- /dev/null
+++ b/shlib/solaris-sc4.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+major="1"
+
+slib=libssl
+sh_slib=$slib.so.$major
+
+clib=libcrypto
+sh_clib=$clib.so.$major
+
+echo collecting all object files for $clib.so
+OBJS=
+find . -name \*.o -print > allobjs
+for obj in `ar t libcrypto.a`
+do
+	OBJS="$OBJS `grep $obj allobjs`"
+done
+
+echo linking $clib.so
+cc -G -o $sh_clib -h $sh_clib $OBJS -lnsl -lsocket
+
+rm -f $clib.so
+ln -s $sh_clib $clib.so
+
+echo collecting all object files for $slib.so
+OBJS=
+for obj in `ar t libssl.a`
+do
+	OBJS="$OBJS `grep $obj allobjs`"
+done
+
+echo linking $slib.so
+cc -G -o $sh_slib -h $sh_slib $OBJS -L. -lcrypto
+	
+rm -f $slib.so
+ln -s $sh_slib $slib.so
+
+rm -f allobjs
+
+mv libRSAglue.a libRSAglue.a.orig
+mv libcrypto.a  libcrypto.a.orig
+mv libssl.a     libssl.a.orig 
diff --git a/shlib/svr5-shared-gcc.sh b/shlib/svr5-shared-gcc.sh
new file mode 100755
index 0000000000..76957df947
--- /dev/null
+++ b/shlib/svr5-shared-gcc.sh
@@ -0,0 +1,48 @@
+#!/usr/bin/sh
+
+major="0"
+minor="9.7"
+
+slib=libssl
+sh_slib=$slib.so.$major.$minor
+
+clib=libcrypto
+sh_clib=$clib.so.$major.$minor
+
+FLAGS="-O3 -DFILIO_H -fomit-frame-pointer -pthread"
+SHFLAGS="-DPIC -fPIC"
+
+touch $sh_clib
+touch $sh_slib
+
+echo collecting all object files for $clib.so
+OBJS=
+find . -name \*.o -print > allobjs
+for obj in `ar t libcrypto.a`
+do
+	OBJS="$OBJS `grep $obj allobjs`"
+done
+
+echo linking $clib.so
+gcc -G -o $sh_clib -h $sh_clib $OBJS -lnsl -lsocket
+
+rm -f $clib.so
+ln -s $sh_clib $clib.so
+
+echo collecting all object files for $slib.so
+OBJS=
+for obj in `ar t libssl.a`
+do
+	OBJS="$OBJS `grep $obj allobjs`"
+done
+
+echo linking $slib.so
+gcc -G -o $sh_slib -h $sh_slib $OBJS -L. -lcrypto
+
+rm -f $slib.so
+ln -s $sh_slib $slib.so
+
+mv libRSAglue.a libRSAglue.a.orig
+mv libcrypto.a  libcrypto.a.orig
+mv libssl.a     libssl.a.orig
+
diff --git a/shlib/svr5-shared-installed b/shlib/svr5-shared-installed
new file mode 100755
index 0000000000..544f5a9417
--- /dev/null
+++ b/shlib/svr5-shared-installed
@@ -0,0 +1,28 @@
+#!/usr/bin/sh
+
+major="0"
+minor="9.7"
+
+slib=libssl
+sh_slib=$slib.so.$major.$minor
+
+clib=libcrypto
+sh_clib=$clib.so.$major.$minor
+
+# If you want them in /usr/local/lib then change INSTALLTOP to point there.
+#INSTALLTOP=/usr/local/ssl/lib
+INSTALLTOP=/usr/local/lib
+
+cp -p $sh_clib $INSTALLTOP
+cp -p $sh_slib $INSTALLTOP
+
+PWD=`pwd`
+cd $INSTALLTOP
+rm -f $INSTALLTOP/$clib.so
+ln -s $INSTALLTOP/$sh_clib $clib.so
+
+rm -f $INSTALLTOP/$slib.so
+ln -s $INSTALLTOP/$sh_slib $slib.so
+
+cd $PWD
+
diff --git a/shlib/svr5-shared.sh b/shlib/svr5-shared.sh
new file mode 100755
index 0000000000..a70bb65baa
--- /dev/null
+++ b/shlib/svr5-shared.sh
@@ -0,0 +1,48 @@
+#!/usr/bin/sh
+
+major="0"
+minor="9.7"
+
+slib=libssl
+sh_slib=$slib.so.$major.$minor
+
+clib=libcrypto
+sh_clib=$clib.so.$major.$minor
+
+FLAGS="-O -DFILIO_H -Kalloca -Kthread"
+SHFLAGS="-Kpic -DPIC"
+
+touch $sh_clib
+touch $sh_slib
+
+echo collecting all object files for $clib.so
+OBJS=
+find . -name \*.o -print > allobjs
+for obj in `ar t libcrypto.a`
+do
+	OBJS="$OBJS `grep $obj allobjs`"
+done
+
+echo linking $clib.so
+cc -G -o $sh_clib -h $sh_clib $OBJS -lnsl -lsocket
+
+rm -f $clib.so
+ln -s $sh_clib $clib.so
+
+echo collecting all object files for $slib.so
+OBJS=
+for obj in `ar t libssl.a`
+do
+	OBJS="$OBJS `grep $obj allobjs`"
+done
+
+echo linking $slib.so
+cc -G -o $sh_slib -h $sh_slib $OBJS -L. -lcrypto
+
+rm -f $slib.so
+ln -s $sh_slib $slib.so
+
+mv libRSAglue.a libRSAglue.a.orig
+mv libcrypto.a  libcrypto.a.orig
+mv libssl.a     libssl.a.orig
+
diff --git a/ssl/.cvsignore b/ssl/.cvsignore
new file mode 100644
index 0000000000..c6d03a9dbc
--- /dev/null
+++ b/ssl/.cvsignore
@@ -0,0 +1,2 @@
+lib
+Makefile.save
diff --git a/ssl/KEYS b/ssl/KEYS
deleted file mode 100644
index 710d102324..0000000000
--- a/ssl/KEYS
+++ /dev/null
@@ -1,28 +0,0 @@
-EVP_PKEY_DSA
-EVP_PKEY_DSA2
-EVP_PKEY_DSA3
-EVP_PKEY_DSA4
-
-EVP_PKEY_RSA
-EVP_PKEY_RSA2
-
-valid DSA pkey types
-	NID_dsa
-	NID_dsaWithSHA
-	NID_dsaWithSHA1
-	NID_dsaWithSHA1_2
-
-valid RSA pkey types
-	NID_rsaEncryption
-	NID_rsa
-
-NID_dsaWithSHA	NID_dsaWithSHA			DSA		SHA
-NID_dsa		NID_dsaWithSHA1			DSA		SHA1
-NID_md2		NID_md2WithRSAEncryption	RSA-pkcs1	MD2
-NID_md5		NID_md5WithRSAEncryption	RSA-pkcs1	MD5
-NID_mdc2	NID_mdc2WithRSA			RSA-none	MDC2
-NID_ripemd160	NID_ripemd160WithRSA		RSA-pkcs1	RIPEMD160
-NID_sha		NID_shaWithRSAEncryption	RSA-pkcs1	SHA
-NID_sha1	NID_sha1WithRSAEncryption	RSA-pkcs1	SHA1
-:w
-
diff --git a/ssl/Makefile.ssl b/ssl/Makefile.ssl
index f4b13bf83b..bca85c6abe 100644
--- a/ssl/Makefile.ssl
+++ b/ssl/Makefile.ssl
@@ -5,23 +5,28 @@
 DIR=	ssl
 TOP=	..
 CC=	cc
-INCLUDES= -I../crypto -I../include
+INCLUDES= -I../crypto -I$(TOP) -I../include $(KRB5_INCLUDES)
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 AR=		ar r
+# KRB5 stuff
+KRB5_INCLUDES=
+LIBKRB5=
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-ERR=ssl
-ERRC=ssl_err
-GENERAL=Makefile README
+GENERAL=Makefile README ssl-lib.com install.com
 TEST=ssltest.c
 APPS=
 
 LIB=$(TOP)/libssl.a
+SHARED_LIB= libssl$(SHLIB_EXT)
 LIBSRC=	\
 	s2_meth.c   s2_srvr.c s2_clnt.c  s2_lib.c  s2_enc.c s2_pkt.c \
 	s3_meth.c   s3_srvr.c s3_clnt.c  s3_lib.c  s3_enc.c s3_pkt.c s3_both.c \
@@ -30,7 +35,7 @@ LIBSRC=	\
 	ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
 	ssl_ciph.c ssl_stat.c ssl_rsa.c \
 	ssl_asn1.c ssl_txt.c ssl_algs.c \
-	bio_ssl.c $(ERRC).c
+	bio_ssl.c ssl_err.c kssl.c
 LIBOBJ= \
 	s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_enc.o s2_pkt.o \
 	s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o \
@@ -39,40 +44,44 @@ LIBOBJ= \
 	ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
 	ssl_ciph.o ssl_stat.o ssl_rsa.o \
 	ssl_asn1.o ssl_txt.o ssl_algs.o \
-	bio_ssl.o $(ERRC).o
+	bio_ssl.o ssl_err.o kssl.o
 
 SRC= $(LIBSRC)
 
-EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h tls1.h
-HEADER=	$(EXHEADER) ssl_locl.h
+EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h tls1.h kssl.h
+HEADER=	$(EXHEADER) ssl_locl.h kssl_lcl.h
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
 top:
 	(cd ..; $(MAKE) DIRS=$(DIR) all)
 
-all:	lib
+all:	lib shared
 
 lib:	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	sh $(TOP)/util/ranlib.sh $(LIB)
+	$(RANLIB) $(LIB) || echo Never mind.
 	@touch lib
 
+shared:
+	if [ -n "$(SHARED_LIBS)" ]; then \
+		(cd ..; $(MAKE) $(SHARED_LIB)); \
+	fi
+
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
-	$(TOP)/util/mklink.sh ../include $(EXHEADER)
-	$(TOP)/util/mklink.sh ../test $(TEST)
-	$(TOP)/util/mklink.sh ../apps $(APPS)
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
+	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+	@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
+	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
 
 install:
 	@for i in $(EXHEADER) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/include/$$i; \
-	chmod 644 $(INSTALLTOP)/include/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
 	done;
 
 tags:
@@ -84,17 +93,990 @@ lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-errors:
-	perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
-	perl ../crypto/err/err_genc.pl -s $(ERR).h $(ERRC).c
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bio_ssl.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+bio_ssl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+bio_ssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+bio_ssl.o: ../include/openssl/cast.h ../include/openssl/comp.h
+bio_ssl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+bio_ssl.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+bio_ssl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+bio_ssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+bio_ssl.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+bio_ssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+bio_ssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+bio_ssl.o: ../include/openssl/md2.h ../include/openssl/md4.h
+bio_ssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+bio_ssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+bio_ssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+bio_ssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+bio_ssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+bio_ssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+bio_ssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+bio_ssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+bio_ssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+bio_ssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+bio_ssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+bio_ssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+bio_ssl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+bio_ssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bio_ssl.c
+kssl.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+kssl.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+kssl.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+kssl.o: ../include/openssl/cast.h ../include/openssl/comp.h
+kssl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+kssl.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+kssl.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+kssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+kssl.o: ../include/openssl/ecdsa.h ../include/openssl/evp.h
+kssl.o: ../include/openssl/idea.h ../include/openssl/krb5_asn.h
+kssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+kssl.o: ../include/openssl/md2.h ../include/openssl/md4.h
+kssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+kssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+kssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+kssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+kssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+kssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+kssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+kssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+kssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+kssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+kssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+kssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+kssl.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+kssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl.c
+s23_clnt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s23_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s23_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s23_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s23_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s23_clnt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s23_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s23_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s23_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s23_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s23_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s23_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s23_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s23_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s23_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s23_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s23_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s23_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s23_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s23_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s23_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s23_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s23_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s23_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s23_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s23_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s23_clnt.o: ../include/openssl/x509_vfy.h s23_clnt.c ssl_locl.h
+s23_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s23_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s23_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s23_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s23_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s23_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s23_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s23_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s23_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s23_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s23_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s23_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s23_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s23_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s23_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s23_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s23_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s23_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s23_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s23_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s23_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s23_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s23_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s23_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s23_lib.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s23_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_lib.c
+s23_lib.o: ssl_locl.h
+s23_meth.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s23_meth.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s23_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s23_meth.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s23_meth.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s23_meth.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s23_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s23_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s23_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s23_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s23_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s23_meth.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s23_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s23_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s23_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s23_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s23_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s23_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s23_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s23_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s23_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s23_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s23_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s23_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s23_meth.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s23_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_meth.c
+s23_meth.o: ssl_locl.h
+s23_pkt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s23_pkt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s23_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s23_pkt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s23_pkt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s23_pkt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s23_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s23_pkt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s23_pkt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s23_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s23_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s23_pkt.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s23_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s23_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s23_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s23_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s23_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s23_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s23_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s23_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s23_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s23_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s23_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s23_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s23_pkt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s23_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_pkt.c
+s23_pkt.o: ssl_locl.h
+s23_srvr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s23_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s23_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s23_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s23_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s23_srvr.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s23_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s23_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s23_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s23_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s23_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s23_srvr.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s23_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s23_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s23_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s23_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s23_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s23_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s23_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s23_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s23_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s23_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s23_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s23_srvr.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s23_srvr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s23_srvr.o: ../include/openssl/x509_vfy.h s23_srvr.c ssl_locl.h
+s2_clnt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s2_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_clnt.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s2_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s2_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s2_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_clnt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s2_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s2_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s2_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s2_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s2_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s2_clnt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s2_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_clnt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_clnt.c
+s2_clnt.o: ssl_locl.h
+s2_enc.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s2_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_enc.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s2_enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s2_enc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s2_enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_enc.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s2_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s2_enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s2_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s2_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s2_enc.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s2_enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s2_enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s2_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_enc.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s2_enc.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s2_enc.o: ../include/openssl/x509_vfy.h s2_enc.c ssl_locl.h
+s2_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_lib.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s2_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s2_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s2_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_lib.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s2_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s2_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s2_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s2_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s2_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s2_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_lib.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s2_lib.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s2_lib.o: ../include/openssl/x509_vfy.h s2_lib.c ssl_locl.h
+s2_meth.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s2_meth.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s2_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s2_meth.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s2_meth.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s2_meth.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s2_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s2_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s2_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s2_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s2_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s2_meth.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s2_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s2_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s2_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s2_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s2_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s2_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s2_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s2_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_meth.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s2_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_meth.c
+s2_meth.o: ssl_locl.h
+s2_pkt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s2_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_pkt.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s2_pkt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s2_pkt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s2_pkt.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_pkt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s2_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_pkt.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s2_pkt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s2_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_pkt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s2_pkt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s2_pkt.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+s2_pkt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s2_pkt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s2_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s2_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s2_pkt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s2_pkt.o: ../include/openssl/x509_vfy.h s2_pkt.c ssl_locl.h
+s2_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s2_srvr.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s2_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s2_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s2_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
+s2_srvr.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s2_srvr.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s2_srvr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s2_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s2_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s2_srvr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s2_srvr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s2_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s2_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s2_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_srvr.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_srvr.c
+s2_srvr.o: ssl_locl.h
+s3_both.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s3_both.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s3_both.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_both.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s3_both.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s3_both.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s3_both.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s3_both.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s3_both.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s3_both.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_both.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s3_both.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s3_both.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s3_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s3_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_both.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s3_both.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s3_both.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s3_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_both.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s3_both.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s3_both.o: ../include/openssl/x509_vfy.h s3_both.c ssl_locl.h
+s3_clnt.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s3_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_clnt.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s3_clnt.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s3_clnt.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s3_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_clnt.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+s3_clnt.o: ../include/openssl/md4.h ../include/openssl/md5.h
+s3_clnt.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+s3_clnt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s3_clnt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s3_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_clnt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s3_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
+s3_clnt.o: s3_clnt.c ssl_locl.h
+s3_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s3_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s3_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_enc.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s3_enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s3_enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s3_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s3_enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s3_enc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s3_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s3_enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s3_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s3_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s3_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s3_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s3_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s3_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_enc.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s3_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_enc.c
+s3_enc.o: ssl_locl.h
+s3_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s3_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s3_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s3_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s3_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s3_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s3_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s3_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s3_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s3_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s3_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s3_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s3_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s3_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s3_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s3_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_lib.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s3_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
+s3_lib.o: s3_lib.c ssl_locl.h
+s3_meth.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s3_meth.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s3_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_meth.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s3_meth.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s3_meth.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s3_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s3_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s3_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s3_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s3_meth.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s3_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s3_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s3_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s3_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s3_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s3_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_meth.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s3_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_meth.c
+s3_meth.o: ssl_locl.h
+s3_pkt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+s3_pkt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+s3_pkt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+s3_pkt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+s3_pkt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+s3_pkt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+s3_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+s3_pkt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s3_pkt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s3_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+s3_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s3_pkt.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s3_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s3_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s3_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s3_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+s3_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+s3_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+s3_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_pkt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+s3_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_pkt.c
+s3_pkt.o: ssl_locl.h
+s3_srvr.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+s3_srvr.o: ../include/openssl/des.h ../include/openssl/des_old.h
+s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+s3_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+s3_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h
+s3_srvr.o: ../include/openssl/idea.h ../include/openssl/krb5_asn.h
+s3_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s3_srvr.o: ../include/openssl/md2.h ../include/openssl/md4.h
+s3_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+s3_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+s3_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+s3_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+s3_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+s3_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_srvr.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+s3_srvr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+s3_srvr.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_srvr.c ssl_locl.h
+ssl_algs.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_algs.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_algs.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_algs.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_algs.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_algs.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_algs.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_algs.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssl_algs.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+ssl_algs.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_algs.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_algs.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssl_algs.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_algs.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_algs.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_algs.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_algs.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_algs.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_algs.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_algs.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_algs.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_algs.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_algs.c
+ssl_algs.o: ssl_locl.h
+ssl_asn1.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+ssl_asn1.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
+ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_asn1.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_asn1.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_asn1.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_asn1.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_asn1.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssl_asn1.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+ssl_asn1.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_asn1.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_asn1.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssl_asn1.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_asn1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_asn1.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_asn1.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_asn1.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_asn1.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_asn1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_asn1.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_asn1.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_asn1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_asn1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_asn1.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_asn1.c
+ssl_asn1.o: ssl_locl.h
+ssl_cert.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_cert.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_cert.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_cert.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_cert.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ssl_cert.o: ../include/openssl/des.h ../include/openssl/des_old.h
+ssl_cert.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ssl_cert.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_cert.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl_cert.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_cert.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ssl_cert.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_cert.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_cert.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssl_cert.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_cert.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_cert.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_cert.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+ssl_cert.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+ssl_cert.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+ssl_cert.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+ssl_cert.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_cert.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_cert.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_cert.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+ssl_cert.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+ssl_cert.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
+ssl_cert.o: ssl_cert.c ssl_locl.h
+ssl_ciph.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_ciph.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_ciph.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_ciph.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_ciph.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_ciph.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_ciph.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_ciph.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssl_ciph.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+ssl_ciph.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_ciph.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_ciph.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssl_ciph.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_ciph.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_ciph.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_ciph.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_ciph.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_ciph.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_ciph.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_ciph.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_ciph.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_ciph.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_ciph.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_ciph.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ssl_ciph.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_ciph.c
+ssl_ciph.o: ssl_locl.h
+ssl_err.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_err.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_err.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_err.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_err.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_err.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_err.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_err.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssl_err.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+ssl_err.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_err.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_err.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssl_err.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_err.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_err.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_err.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_err.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_err.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_err.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_err.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_err.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_err.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_err.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_err.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_err.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ssl_err.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err.c
+ssl_err2.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_err2.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_err2.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_err2.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_err2.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_err2.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_err2.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_err2.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssl_err2.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+ssl_err2.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_err2.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_err2.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssl_err2.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_err2.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_err2.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_err2.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_err2.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_err2.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_err2.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_err2.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_err2.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_err2.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_err2.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_err2.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_err2.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ssl_err2.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err2.c
+ssl_lib.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+ssl_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssl_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+ssl_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssl_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_lib.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ssl_lib.o: ../include/openssl/x509v3.h kssl_lcl.h ssl_lib.c ssl_locl.h
+ssl_rsa.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_rsa.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_rsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_rsa.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_rsa.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_rsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssl_rsa.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+ssl_rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_rsa.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_rsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssl_rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_rsa.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_rsa.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_rsa.o: ssl_rsa.c
+ssl_sess.o: ../crypto/cryptlib.h ../e_os.h ../include/openssl/aes.h
+ssl_sess.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ssl_sess.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+ssl_sess.o: ../include/openssl/des.h ../include/openssl/des_old.h
+ssl_sess.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ssl_sess.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ssl_sess.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssl_sess.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssl_sess.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssl_sess.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssl_sess.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssl_sess.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+ssl_sess.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_sess.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_sess.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_sess.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_sess.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_sess.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_sess.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_sess.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_sess.o: ssl_sess.c
+ssl_stat.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_stat.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_stat.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_stat.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_stat.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_stat.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_stat.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_stat.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssl_stat.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+ssl_stat.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_stat.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_stat.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssl_stat.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_stat.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_stat.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_stat.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_stat.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_stat.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_stat.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_stat.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_stat.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_stat.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_stat.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ssl_stat.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_stat.o: ssl_stat.c
+ssl_txt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssl_txt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssl_txt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssl_txt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssl_txt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssl_txt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssl_txt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssl_txt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssl_txt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+ssl_txt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ssl_txt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+ssl_txt.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ssl_txt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ssl_txt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ssl_txt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ssl_txt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+ssl_txt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+ssl_txt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssl_txt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssl_txt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssl_txt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_txt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_txt.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ssl_txt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_txt.o: ssl_txt.c
+t1_clnt.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+t1_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+t1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+t1_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+t1_clnt.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+t1_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+t1_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+t1_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+t1_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+t1_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+t1_clnt.o: ../include/openssl/md2.h ../include/openssl/md4.h
+t1_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+t1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+t1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+t1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+t1_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+t1_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+t1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+t1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_clnt.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+t1_clnt.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+t1_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_clnt.c
+t1_enc.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+t1_enc.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+t1_enc.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_enc.o: ../include/openssl/cast.h ../include/openssl/comp.h
+t1_enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
+t1_enc.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+t1_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+t1_enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+t1_enc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+t1_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+t1_enc.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+t1_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+t1_enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
+t1_enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+t1_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+t1_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+t1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+t1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+t1_enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+t1_enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+t1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+t1_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_enc.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+t1_enc.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+t1_enc.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_enc.c
+t1_lib.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+t1_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+t1_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
+t1_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
+t1_lib.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+t1_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+t1_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+t1_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+t1_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+t1_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+t1_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h
+t1_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+t1_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+t1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+t1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+t1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+t1_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+t1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+t1_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+t1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+t1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+t1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+t1_lib.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+t1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+t1_lib.o: t1_lib.c
+t1_meth.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+t1_meth.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+t1_meth.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_meth.o: ../include/openssl/cast.h ../include/openssl/comp.h
+t1_meth.o: ../include/openssl/crypto.h ../include/openssl/des.h
+t1_meth.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+t1_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+t1_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+t1_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+t1_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+t1_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+t1_meth.o: ../include/openssl/md2.h ../include/openssl/md4.h
+t1_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+t1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+t1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+t1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+t1_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+t1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+t1_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+t1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+t1_meth.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+t1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+t1_meth.o: t1_meth.c
+t1_srvr.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+t1_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+t1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+t1_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
+t1_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+t1_srvr.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+t1_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+t1_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+t1_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+t1_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+t1_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+t1_srvr.o: ../include/openssl/md2.h ../include/openssl/md4.h
+t1_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+t1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+t1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+t1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+t1_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+t1_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+t1_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+t1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+t1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_srvr.o: ../include/openssl/tls1.h ../include/openssl/ui.h
+t1_srvr.o: ../include/openssl/ui_compat.h ../include/openssl/x509.h
+t1_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_srvr.c
diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
index 58a6d69b9b..467e149947 100644
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -60,27 +60,18 @@
 #include <stdlib.h>
 #include <string.h>
 #include <errno.h>
-#include "crypto.h"
-#include "bio.h"
-#include "err.h"
-#include "ssl.h"
-
-#ifndef NOPROTO
-static int ssl_write(BIO *h,char *buf,int num);
-static int ssl_read(BIO *h,char *buf,int size);
-static int ssl_puts(BIO *h,char *str);
-static long ssl_ctrl(BIO *h,int cmd,long arg1,char *arg2);
+#include <openssl/crypto.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+static int ssl_write(BIO *h, const char *buf, int num);
+static int ssl_read(BIO *h, char *buf, int size);
+static int ssl_puts(BIO *h, const char *str);
+static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int ssl_new(BIO *h);
 static int ssl_free(BIO *data);
-#else
-static int ssl_write();
-static int ssl_read();
-static int ssl_puts();
-static long ssl_ctrl();
-static int ssl_new();
-static int ssl_free();
-#endif
-
+static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
 typedef struct bio_ssl_st
 	{
 	SSL *ssl; /* The ssl handle :-) */
@@ -102,19 +93,19 @@ static BIO_METHOD methods_sslp=
 	ssl_ctrl,
 	ssl_new,
 	ssl_free,
+	ssl_callback_ctrl,
 	};
 
-BIO_METHOD *BIO_f_ssl()
+BIO_METHOD *BIO_f_ssl(void)
 	{
 	return(&methods_sslp);
 	}
 
-static int ssl_new(bi)
-BIO *bi;
+static int ssl_new(BIO *bi)
 	{
 	BIO_SSL *bs;
 
-	bs=(BIO_SSL *)Malloc(sizeof(BIO_SSL));
+	bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL));
 	if (bs == NULL)
 		{
 		BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
@@ -127,8 +118,7 @@ BIO *bi;
 	return(1);
 	}
 
-static int ssl_free(a)
-BIO *a;
+static int ssl_free(BIO *a)
 	{
 	BIO_SSL *bs;
 
@@ -143,14 +133,11 @@ BIO *a;
 		a->flags=0;
 		}
 	if (a->ptr != NULL)
-		Free(a->ptr);
+		OPENSSL_free(a->ptr);
 	return(1);
 	}
 	
-static int ssl_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int ssl_read(BIO *b, char *out, int outl)
 	{
 	int ret=1;
 	BIO_SSL *sb;
@@ -219,6 +206,10 @@ int outl;
 		BIO_set_retry_special(b);
 		retry_reason=BIO_RR_SSL_X509_LOOKUP;
 		break;
+	case SSL_ERROR_WANT_ACCEPT:
+		BIO_set_retry_special(b);
+		retry_reason=BIO_RR_ACCEPT;
+		break;
 	case SSL_ERROR_WANT_CONNECT:
 		BIO_set_retry_special(b);
 		retry_reason=BIO_RR_CONNECT;
@@ -234,10 +225,7 @@ int outl;
 	return(ret);
 	}
 
-static int ssl_write(b,out,outl)
-BIO *b;
-char *out;
-int outl;
+static int ssl_write(BIO *b, const char *out, int outl)
 	{
 	int ret,r=0;
 	int retry_reason=0;
@@ -305,11 +293,7 @@ int outl;
 	return(ret);
 	}
 
-static long ssl_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
+static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
 	{
 	SSL **sslp,*ssl;
 	BIO_SSL *bs;
@@ -466,7 +450,14 @@ char *ptr;
 		ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
 		break;
 	case BIO_CTRL_SET_CALLBACK:
-		SSL_set_info_callback(ssl,(void (*)())ptr);
+		{
+#if 0 /* FIXME: Should this be used?  -- Richard Levitte */
+		BIOerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		ret = -1;
+#else
+		ret=0;
+#endif
+		}
 		break;
 	case BIO_CTRL_GET_CALLBACK:
 		{
@@ -483,9 +474,31 @@ char *ptr;
 	return(ret);
 	}
 
-static int ssl_puts(bp,str)
-BIO *bp;
-char *str;
+static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
+	{
+	SSL *ssl;
+	BIO_SSL *bs;
+	long ret=1;
+
+	bs=(BIO_SSL *)b->ptr;
+	ssl=bs->ssl;
+	switch (cmd)
+		{
+	case BIO_CTRL_SET_CALLBACK:
+		{
+		/* FIXME: setting this via a completely different prototype
+		   seems like a crap idea */
+		SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp);
+		}
+		break;
+	default:
+		ret=BIO_callback_ctrl(ssl->rbio,cmd,fp);
+		break;
+		}
+	return(ret);
+	}
+
+static int ssl_puts(BIO *bp, const char *str)
 	{
 	int n,ret;
 
@@ -494,8 +507,7 @@ char *str;
 	return(ret);
 	}
 
-BIO *BIO_new_buffer_ssl_connect(ctx)
-SSL_CTX *ctx;
+BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
 	{
 	BIO *ret=NULL,*buf=NULL,*ssl=NULL;
 
@@ -512,8 +524,7 @@ err:
 	return(NULL);
 	}
 
-BIO *BIO_new_ssl_connect(ctx)
-SSL_CTX *ctx;
+BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
 	{
 	BIO *ret=NULL,*con=NULL,*ssl=NULL;
 
@@ -530,9 +541,7 @@ err:
 	return(NULL);
 	}
 
-BIO *BIO_new_ssl(ctx,client)
-SSL_CTX *ctx;
-int client;
+BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
 	{
 	BIO *ret;
 	SSL *ssl;
@@ -553,8 +562,7 @@ int client;
 	return(ret);
 	}
 
-int BIO_ssl_copy_session_id(t,f)
-BIO *t,*f;
+int BIO_ssl_copy_session_id(BIO *t, BIO *f)
 	{
 	t=BIO_find_type(t,BIO_TYPE_SSL);
 	f=BIO_find_type(f,BIO_TYPE_SSL);
@@ -567,8 +575,7 @@ BIO *t,*f;
 	return(1);
 	}
 
-void BIO_ssl_shutdown(b)
-BIO *b;
+void BIO_ssl_shutdown(BIO *b)
 	{
 	SSL *s;
 
diff --git a/ssl/bio_ssl.orig.c b/ssl/bio_ssl.orig.c
deleted file mode 100644
index 25147d12e7..0000000000
--- a/ssl/bio_ssl.orig.c
+++ /dev/null
@@ -1,440 +0,0 @@
-/* ssl/bio_ssl.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include "bio.h"
-#include "err.h"
-#include "ssl.h"
-
-#ifndef NOPROTO
-static int ssl_write(BIO *h,char *buf,int num);
-static int ssl_read(BIO *h,char *buf,int size);
-static int ssl_puts(BIO *h,char *str);
-static long ssl_ctrl(BIO *h,int cmd,long arg1,char *arg2);
-static int ssl_new(BIO *h);
-static int ssl_free(BIO *data);
-#else
-static int ssl_write();
-static int ssl_read();
-static int ssl_puts();
-static long ssl_ctrl();
-static int ssl_new();
-static int ssl_free();
-#endif
-
-static BIO_METHOD methods_sslp=
-	{
-	BIO_TYPE_SSL,"ssl",
-	ssl_write,
-	ssl_read,
-	ssl_puts,
-	NULL, /* ssl_gets, */
-	ssl_ctrl,
-	ssl_new,
-	ssl_free,
-	};
-
-BIO_METHOD *BIO_f_ssl()
-	{
-	return(&methods_sslp);
-	}
-
-static int ssl_new(bi)
-BIO *bi;
-	{
-	bi->init=0;
-	bi->ptr=NULL;	/* The SSL structure */
-	bi->flags=0;
-	return(1);
-	}
-
-static int ssl_free(a)
-BIO *a;
-	{
-	if (a == NULL) return(0);
-	if (a->ptr != NULL) SSL_shutdown((SSL *)a->ptr);
-	if (a->shutdown)
-		{
-		if (a->init) SSL_free((SSL *)a->ptr);
-		a->init=0;
-		a->flags=0;
-		a->ptr=NULL;
-		}
-	return(1);
-	}
-	
-static int ssl_read(b,out,outl)
-BIO *b;
-char *out;
-int outl;
-	{
-	int ret=1,dr,dw;
-	int inflags,outflags;
-	SSL *ssl;
-	int retry_reason=0;
-
-	if (out == NULL) return(0);
-	ssl=(SSL *)b->ptr;
-
-	inflags=outflags=b->flags;
-
-	dr=inflags&BIO_FLAGS_PROTOCOL_DELAYED_READ;
-	dw=inflags&BIO_FLAGS_PROTOCOL_DELAYED_WRITE;
-
-	outflags&= ~(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY|
-		BIO_FLAGS_PROTOCOL_DELAYED_WRITE|
-		BIO_FLAGS_PROTOCOL_DELAYED_READ);
-
-	if (!SSL_is_init_finished(ssl))
-		{
-		ret=SSL_do_handshake(ssl);
-#if 0
-		if (ret > 0)
-			{
-			outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY|
-				BIO_FLAGS_PROTOCOL_DELAYED_READ|dw);
-			ret= -1;
-			goto end;
-			}
-#endif
-		}
-	if (ret > 0)
-		ret=SSL_read(ssl,out,outl);
-
-	switch (SSL_get_error(ssl,ret))
-		{
-	case SSL_ERROR_NONE:
-		if (ret <= 0) break;
-		if (dw)
-			outflags|=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
-		break;
-	case SSL_ERROR_WANT_READ:
-		outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY|
-			BIO_FLAGS_PROTOCOL_DELAYED_READ|dw);
-		break;
-	case SSL_ERROR_WANT_WRITE:
-		outflags=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY|
-			BIO_FLAGS_PROTOCOL_DELAYED_READ|dw);
-		break;
-	case SSL_ERROR_WANT_X509_LOOKUP:
-		outflags=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY|
-			BIO_FLAGS_PROTOCOL_DELAYED_READ|dw);
-		retry_reason=BIO_RR_SSL_X509_LOOKUP;
-		break;
-	case SSL_ERROR_WANT_CONNECT:
-		outflags=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY|
-			BIO_FLAGS_PROTOCOL_DELAYED_READ|dw);
-		retry_reason=BIO_RR_CONNECT;
-		break;
-	case SSL_ERROR_SYSCALL:
-	case SSL_ERROR_SSL:
-	case SSL_ERROR_ZERO_RETURN:
-	default:
-		break;
-		}
-
-	b->retry_reason=retry_reason;
-	b->flags=outflags;
-	return(ret);
-	}
-
-static int ssl_write(b,out,outl)
-BIO *b;
-char *out;
-int outl;
-	{
-	int ret,dr,dw;
-	int inflags,outflags,retry_reason=0;
-	SSL *ssl;
-
-	if (out == NULL) return(0);
-	ssl=(SSL *)b->ptr;
-
-	inflags=outflags=b->flags;
-
-	dr=inflags&BIO_FLAGS_PROTOCOL_DELAYED_READ;
-	dw=inflags&BIO_FLAGS_PROTOCOL_DELAYED_WRITE;
-
-	outflags&= ~(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY|
-		BIO_FLAGS_PROTOCOL_DELAYED_WRITE|
-		BIO_FLAGS_PROTOCOL_DELAYED_READ);
-
-	ret=SSL_do_handshake(ssl);
-	if (ret > 0)
-		ret=SSL_write(ssl,out,outl);
-
-	switch (SSL_get_error(ssl,ret))
-		{
-	case SSL_ERROR_NONE:
-		if (ret <= 0) break;
-		if (dr)
-			outflags|=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
-		break;
-	case SSL_ERROR_WANT_WRITE:
-		outflags=(BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY|
-			BIO_FLAGS_PROTOCOL_DELAYED_WRITE|dr);
-		break;
-	case SSL_ERROR_WANT_READ:
-		outflags=(BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY|
-			BIO_FLAGS_PROTOCOL_DELAYED_WRITE|dr);
-		break;
-	case SSL_ERROR_WANT_X509_LOOKUP:
-		outflags=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY|
-			BIO_FLAGS_PROTOCOL_DELAYED_WRITE|dr);
-		retry_reason=BIO_RR_SSL_X509_LOOKUP;
-		break;
-	case SSL_ERROR_WANT_CONNECT:
-		outflags=(BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY|
-			BIO_FLAGS_PROTOCOL_DELAYED_READ|dw);
-		retry_reason=BIO_RR_CONNECT;
-	case SSL_ERROR_SYSCALL:
-	case SSL_ERROR_SSL:
-	default:
-		break;
-		}
-
-	b->retry_reason=retry_reason;
-	b->flags=outflags;
-	return(ret);
-	}
-
-static long ssl_ctrl(b,cmd,num,ptr)
-BIO *b;
-int cmd;
-long num;
-char *ptr;
-	{
-	SSL **sslp,*ssl;
-	BIO *dbio,*bio;
-	long ret=1;
-
-	ssl=(SSL *)b->ptr;
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		SSL_shutdown(ssl);
-
-		if (ssl->handshake_func == ssl->method->ssl_connect)
-			SSL_set_connect_state(ssl);
-		else if (ssl->handshake_func == ssl->method->ssl_accept)
-			SSL_set_accept_state(ssl);
-
-		SSL_clear(ssl);
-
-		if (b->next_bio != NULL)
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		else if (ssl->rbio != NULL)
-			ret=BIO_ctrl(ssl->rbio,cmd,num,ptr);
-		else
-			ret=1;
-		break;
-	case BIO_CTRL_EOF:
-	case BIO_CTRL_INFO:
-		ret=0;
-		break;
-	case BIO_C_SSL_MODE:
-		if (num) /* client mode */
-			SSL_set_connect_state(ssl);
-		else
-			SSL_set_accept_state(ssl);
-		break;
-	case BIO_C_SET_SSL:
-		ssl_free(b);
-		b->shutdown=(int)num;
-		b->ptr=ptr;
-		ssl=(SSL *)ptr;
-		bio=SSL_get_rbio(ssl);
-		if (bio != NULL)
-			{
-			if (b->next_bio != NULL)
-				BIO_push(bio,b->next_bio);
-			b->next_bio=bio;
-			}
-		b->init=1;
-		break;
-	case BIO_C_GET_SSL:
-		if (ptr != NULL)
-			{
-			sslp=(SSL **)ptr;
-			*sslp=ssl;
-			}
-		break;
-	case BIO_CTRL_GET_CLOSE:
-		ret=b->shutdown;
-		break;
-	case BIO_CTRL_SET_CLOSE:
-		b->shutdown=(int)num;
-		break;
-	case BIO_CTRL_WPENDING:
-		ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_PENDING:
-		ret=SSL_pending(ssl);
-		if (ret == 0)
-			ret=BIO_pending(ssl->rbio);
-		break;
-	case BIO_CTRL_FLUSH:
-		BIO_clear_retry_flags(b);
-		ret=BIO_ctrl(ssl->wbio,cmd,num,ptr);
-		BIO_copy_next_retry(b);
-		break;
-	case BIO_CTRL_PUSH:
-		if (b->next_bio != NULL)
-			{
-			SSL_set_bio(ssl,b->next_bio,b->next_bio);
-			b->next_bio->references++;
-			}
-		break;
-	case BIO_CTRL_POP:
-		/* ugly bit of a hack */
-		if (ssl->rbio != ssl->wbio) /* we are in trouble :-( */
-			{
-			BIO_free_all(ssl->wbio);
-			}
-		ssl->wbio=NULL;
-		ssl->rbio=NULL;
-		break;
-	case BIO_C_DO_STATE_MACHINE:
-		BIO_clear_retry_flags(b);
-
-		b->retry_reason=0;
-		ret=(int)SSL_do_handshake(ssl);
-
-		switch (SSL_get_error(ssl,ret))
-			{
-		case SSL_ERROR_WANT_READ:
-			BIO_set_flags(b,
-				BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
-			break;
-		case SSL_ERROR_WANT_WRITE:
-			BIO_set_flags(b,
-				BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
-			break;
-		case SSL_ERROR_WANT_CONNECT:
-			BIO_set_flags(b,
-				BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
-			b->retry_reason=b->next_bio->retry_reason;
-			break;
-		default:
-			break;
-			}
-		break;
-	case BIO_CTRL_DUP:
-		dbio=(BIO *)ptr;
-		if (dbio->ptr != NULL)
-			SSL_free((SSL *)dbio->ptr);
-		dbio->ptr=(char *)SSL_dup(ssl);
-		ret=(dbio->ptr != NULL);
-		break;
-	default:
-		return(0);
-		break;
-		}
-	return(ret);
-	}
-
-static int ssl_puts(bp,str)
-BIO *bp;
-char *str;
-	{
-	int n,ret;
-
-	n=strlen(str);
-	ret=BIO_write(bp,str,n);
-	return(ret);
-	}
-
-BIO *BIO_new_ssl(ctx,client)
-SSL_CTX *ctx;
-int client;
-	{
-	BIO *ret;
-	SSL *ssl;
-
-	if ((ret=BIO_new(BIO_f_ssl())) == NULL)
-		return(NULL);
-	if ((ssl=SSL_new(ctx)) == NULL)
-		{
-		BIO_free(ret);
-		return(NULL);
-		}
-	if (client)
-		SSL_set_connect_state(ssl);
-	else
-		SSL_set_accept_state(ssl);
-		
-	BIO_set_ssl(ret,ssl,BIO_CLOSE);
-	return(ret);
-	}
-
-int BIO_ssl_copy_session_id(t,f)
-BIO *t,*f;
-	{
-	t=BIO_find_type(t,BIO_TYPE_SSL);
-	f=BIO_find_type(f,BIO_TYPE_SSL);
-	if ((t == NULL) || (f == NULL))
-		return(0);
-	if ((t->ptr == NULL) || (f->ptr == NULL))
-		return(0);
-	SSL_copy_session_id((SSL *)t->ptr,(SSL *)f->ptr);
-	return(1);
-	}
-
-
diff --git a/ssl/build b/ssl/build
deleted file mode 100644
index d3308356b3..0000000000
--- a/ssl/build
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh
-for i in BUILD_SSLV23 BUILD_SSLV2 BUILD_SSLV3 BUILD_SSL_COMMON BUILD_SSL_BIO BUILD_SSL_OPTIONAL
-do
-time gcc -D$i -o $i.o -c -I. -I../include -O3 -fomit-frame-pointer ssl.c
-done
-
diff --git a/ssl/changes.ssl b/ssl/changes.ssl
deleted file mode 100644
index ab94b95aa0..0000000000
--- a/ssl/changes.ssl
+++ /dev/null
@@ -1,10 +0,0 @@
-
-Must do a 
-SSL_init_eay_ciphers();
-before calls to SSL_CTX_new()
-
-SSL_CTX *SSL_CTX_new(void ) -> SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
-
-SSL_CTX_set_cert_verify_cb -> the callback is now
-int callback(char *arg,SSL *s,X509 *xs,STACK *cert_chain);
-where the 'cert_chain' has been added.
diff --git a/ssl/f b/ssl/f
deleted file mode 100644
index 9f4bfe8471..0000000000
--- a/ssl/f
+++ /dev/null
@@ -1,12 +0,0 @@
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_DECRYPTION_FAILED);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_RECORD_OVERFLOW
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_UNKNOWN_CA);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_ACCESS_DENIED);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_DECODE_ERROR);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_DECRYPT_ERROR);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_EXPORT_RESTRICION);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_PROTOCOL_VERSION);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_INTERNAL_ERROR);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_USER_CANCLED);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_NO_RENEGOTIATION);
diff --git a/ssl/f.mak b/ssl/f.mak
deleted file mode 100644
index e69de29bb2..0000000000
--- a/ssl/f.mak
+++ /dev/null
diff --git a/ssl/install.com b/ssl/install.com
new file mode 100644
index 0000000000..7fc008f91a
--- /dev/null
+++ b/ssl/install.com
@@ -0,0 +1,103 @@
+$! INSTALL.COM -- Installs the files in a given directory tree
+$!
+$! Author: Richard Levitte <richard@levitte.org>
+$! Time of creation: 22-MAY-1998 10:13
+$!
+$! P1	root of the directory tree
+$!
+$	IF P1 .EQS. ""
+$	THEN
+$	    WRITE SYS$OUTPUT "First argument missing."
+$	    WRITE SYS$OUTPUT "Should be the directory where you want things installed."
+$	    EXIT
+$	ENDIF
+$
+$	ROOT = F$PARSE(P1,"[]A.;0",,,"SYNTAX_ONLY,NO_CONCEAL") - "A.;0"
+$	ROOT_DEV = F$PARSE(ROOT,,,"DEVICE","SYNTAX_ONLY")
+$	ROOT_DIR = F$PARSE(ROOT,,,"DIRECTORY","SYNTAX_ONLY") -
+		   - "[000000." - "][" - "[" - "]"
+$	ROOT = ROOT_DEV + "[" + ROOT_DIR
+$
+$	DEFINE/NOLOG WRK_SSLROOT 'ROOT'.] /TRANS=CONC
+$	DEFINE/NOLOG WRK_SSLVLIB WRK_SSLROOT:[VAX_LIB]
+$	DEFINE/NOLOG WRK_SSLALIB WRK_SSLROOT:[ALPHA_LIB]
+$	DEFINE/NOLOG WRK_SSLINCLUDE WRK_SSLROOT:[INCLUDE]
+$	DEFINE/NOLOG WRK_SSLVEXE WRK_SSLROOT:[VAX_EXE]
+$	DEFINE/NOLOG WRK_SSLAEXE WRK_SSLROOT:[ALPHA_EXE]
+$
+$	IF F$PARSE("WRK_SSLROOT:[000000]") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLROOT:[000000]
+$	IF F$PARSE("WRK_SSLVLIB:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLVLIB:
+$	IF F$PARSE("WRK_SSLALIB:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLALIB:
+$	IF F$PARSE("WRK_SSLINCLUDE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLINCLUDE:
+$	IF F$PARSE("WRK_SSLVEXE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLVEXE:
+$	IF F$PARSE("WRK_SSLAEXE:") .EQS. "" THEN -
+	   CREATE/DIR/LOG WRK_SSLAEXE:
+$
+$	EXHEADER := ssl.h,ssl2.h,ssl3.h,ssl23.h,tls1.h,kssl.h
+$	E_EXE := ssl_task
+$	LIBS := LIBSSL
+$
+$	VEXE_DIR := [-.VAX.EXE.SSL]
+$	AEXE_DIR := [-.AXP.EXE.SSL]
+$
+$	COPY 'EXHEADER' WRK_SSLINCLUDE:/LOG
+$	SET FILE/PROT=WORLD:RE WRK_SSLINCLUDE:'EXHEADER'
+$
+$	I = 0
+$ LOOP_EXE: 
+$	E = F$EDIT(F$ELEMENT(I, ",", E_EXE),"TRIM")
+$	I = I + 1
+$	IF E .EQS. "," THEN GOTO LOOP_EXE_END
+$	SET NOON
+$	IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. ""
+$	THEN
+$	  COPY 'VEXE_DIR''E'.EXE WRK_SSLVEXE:'E'.EXE/log
+$	  SET FILE/PROT=W:RE WRK_SSLVEXE:'E'.EXE
+$	ENDIF
+$	IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. ""
+$	THEN
+$	  COPY 'AEXE_DIR''E'.EXE WRK_SSLAEXE:'E'.EXE/log
+$	  SET FILE/PROT=W:RE WRK_SSLAEXE:'E'.EXE
+$	ENDIF
+$	SET ON
+$	GOTO LOOP_EXE
+$ LOOP_EXE_END:
+$
+$	I = 0
+$ LOOP_LIB: 
+$	E = F$EDIT(F$ELEMENT(I, ",", LIBS),"TRIM")
+$	I = I + 1
+$	IF E .EQS. "," THEN GOTO LOOP_LIB_END
+$	SET NOON
+$	IF F$SEARCH(VEXE_DIR+E+".OLB") .NES. ""
+$	THEN
+$	  COPY 'VEXE_DIR''E'.OLB WRK_SSLVLIB:'E'.OLB/log
+$	  SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.OLB
+$	ENDIF
+$	! Preparing for the time when we have shareable images
+$	IF F$SEARCH(VEXE_DIR+E+".EXE") .NES. ""
+$	THEN
+$	  COPY 'VEXE_DIR''E'.EXE WRK_SSLVLIB:'E'.EXE/log
+$	  SET FILE/PROT=W:RE WRK_SSLVLIB:'E'.EXE
+$	ENDIF
+$	IF F$SEARCH(AEXE_DIR+E+".OLB") .NES. ""
+$	THEN
+$	  COPY 'AEXE_DIR''E'.OLB WRK_SSLALIB:'E'.OLB/log
+$	  SET FILE/PROT=W:RE WRK_SSLALIB:'E'.OLB
+$	ENDIF
+$	! Preparing for the time when we have shareable images
+$	IF F$SEARCH(AEXE_DIR+E+".EXE") .NES. ""
+$	THEN
+$	  COPY 'AEXE_DIR''E'.EXE WRK_SSLALIB:'E'.EXE/log
+$	  SET FILE/PROT=W:RE WRK_SSLALIB:'E'.EXE
+$	ENDIF
+$	SET ON
+$	GOTO LOOP_LIB
+$ LOOP_LIB_END:
+$
+$	EXIT
diff --git a/ssl/kssl.c b/ssl/kssl.c
new file mode 100644
index 0000000000..1a49f43a83
--- /dev/null
+++ b/ssl/kssl.c
@@ -0,0 +1,2177 @@
+/* ssl/kssl.c -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+
+/*  ssl/kssl.c  --  Routines to support (& debug) Kerberos5 auth for openssl
+**
+**  19990701	VRS 	Started.
+**  200011??	Jeffrey Altman, Richard Levitte
+**          		Generalized for Heimdal, Newer MIT, & Win32.
+**          		Integrated into main OpenSSL 0.9.7 snapshots.
+**  20010413	Simon Wilkinson, VRS
+**          		Real RFC2712 KerberosWrapper replaces AP_REQ.
+*/
+
+#include <openssl/opensslconf.h>
+
+#define _XOPEN_SOURCE /* glibc2 needs this to declare strptime() */
+#include <time.h>
+#include <string.h>
+
+#include <openssl/ssl.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/krb5_asn.h>
+
+#ifndef OPENSSL_NO_KRB5
+
+/* 
+ * When OpenSSL is built on Windows, we do not want to require that
+ * the Kerberos DLLs be available in order for the OpenSSL DLLs to
+ * work.  Therefore, all Kerberos routines are loaded at run time
+ * and we do not link to a .LIB file.
+ */
+
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+/* 
+ * The purpose of the following pre-processor statements is to provide
+ * compatibility with different releases of MIT Kerberos for Windows.
+ * All versions up to 1.2 used macros.  But macros do not allow for
+ * a binary compatible interface for DLLs.  Therefore, all macros are
+ * being replaced by function calls.  The following code will allow
+ * an OpenSSL DLL built on Windows to work whether or not the macro
+ * or function form of the routines are utilized.
+ */
+#ifdef  krb5_cc_get_principal
+#define NO_DEF_KRB5_CCACHE
+#undef  krb5_cc_get_principal
+#endif
+#define krb5_cc_get_principal    kssl_krb5_cc_get_principal
+
+#define krb5_free_data_contents  kssl_krb5_free_data_contents   
+#define krb5_free_context        kssl_krb5_free_context         
+#define krb5_auth_con_free       kssl_krb5_auth_con_free        
+#define krb5_free_principal      kssl_krb5_free_principal       
+#define krb5_mk_req_extended     kssl_krb5_mk_req_extended      
+#define krb5_get_credentials     kssl_krb5_get_credentials      
+#define krb5_cc_default          kssl_krb5_cc_default           
+#define krb5_sname_to_principal  kssl_krb5_sname_to_principal   
+#define krb5_init_context        kssl_krb5_init_context         
+#define krb5_free_ticket         kssl_krb5_free_ticket          
+#define krb5_rd_req              kssl_krb5_rd_req               
+#define krb5_kt_default          kssl_krb5_kt_default           
+#define krb5_kt_resolve          kssl_krb5_kt_resolve           
+/* macros in mit 1.2.2 and earlier; functions in mit 1.2.3 and greater */
+#ifndef krb5_kt_close
+#define krb5_kt_close            kssl_krb5_kt_close
+#endif /* krb5_kt_close */
+#ifndef krb5_kt_get_entry
+#define krb5_kt_get_entry        kssl_krb5_kt_get_entry
+#endif /* krb5_kt_get_entry */
+#define krb5_auth_con_init       kssl_krb5_auth_con_init        
+
+#define krb5_principal_compare   kssl_krb5_principal_compare
+#define krb5_decrypt_tkt_part    kssl_krb5_decrypt_tkt_part
+#define krb5_timeofday           kssl_krb5_timeofday
+#define krb5_rc_default           kssl_krb5_rc_default
+
+#ifdef krb5_rc_initialize
+#undef krb5_rc_initialize
+#endif
+#define krb5_rc_initialize   kssl_krb5_rc_initialize
+
+#ifdef krb5_rc_get_lifespan
+#undef krb5_rc_get_lifespan
+#endif
+#define krb5_rc_get_lifespan kssl_krb5_rc_get_lifespan
+
+#ifdef krb5_rc_destroy
+#undef krb5_rc_destroy
+#endif
+#define krb5_rc_destroy      kssl_krb5_rc_destroy
+
+#define valid_cksumtype      kssl_valid_cksumtype
+#define krb5_checksum_size   kssl_krb5_checksum_size
+#define krb5_kt_free_entry   kssl_krb5_kt_free_entry
+#define krb5_auth_con_setrcache  kssl_krb5_auth_con_setrcache
+#define krb5_auth_con_getrcache  kssl_krb5_auth_con_getrcache
+#define krb5_get_server_rcache   kssl_krb5_get_server_rcache
+
+/* Prototypes for built in stubs */
+void kssl_krb5_free_data_contents(krb5_context, krb5_data *);
+void kssl_krb5_free_principal(krb5_context, krb5_principal );
+krb5_error_code kssl_krb5_kt_resolve(krb5_context,
+                                     krb5_const char *,
+                                     krb5_keytab *);
+krb5_error_code kssl_krb5_kt_default(krb5_context,
+                                     krb5_keytab *);
+krb5_error_code kssl_krb5_free_ticket(krb5_context, krb5_ticket *);
+krb5_error_code kssl_krb5_rd_req(krb5_context, krb5_auth_context *, 
+                                 krb5_const krb5_data *,
+                                 krb5_const_principal, krb5_keytab, 
+                                 krb5_flags *,krb5_ticket **);
+
+krb5_boolean kssl_krb5_principal_compare(krb5_context, krb5_const_principal,
+                                         krb5_const_principal);
+krb5_error_code kssl_krb5_mk_req_extended(krb5_context,
+                                          krb5_auth_context  *,
+                                          krb5_const krb5_flags,
+                                          krb5_data  *,
+                                          krb5_creds  *,
+                                          krb5_data  * );
+krb5_error_code kssl_krb5_init_context(krb5_context *);
+void kssl_krb5_free_context(krb5_context);
+krb5_error_code kssl_krb5_cc_default(krb5_context,krb5_ccache  *);
+krb5_error_code kssl_krb5_sname_to_principal(krb5_context,
+                                             krb5_const char  *,
+                                             krb5_const char  *,
+                                             krb5_int32,
+                                             krb5_principal  *);
+krb5_error_code kssl_krb5_get_credentials(krb5_context,
+                                          krb5_const krb5_flags,
+                                          krb5_ccache,
+                                          krb5_creds  *,
+                                          krb5_creds  *  *);
+krb5_error_code kssl_krb5_auth_con_init(krb5_context,
+                                        krb5_auth_context  *);
+krb5_error_code kssl_krb5_cc_get_principal(krb5_context context, 
+                                           krb5_ccache cache,
+                                           krb5_principal *principal);
+krb5_error_code kssl_krb5_auth_con_free(krb5_context,krb5_auth_context);
+size_t kssl_krb5_checksum_size(krb5_context context,krb5_cksumtype ctype);
+krb5_boolean kssl_valid_cksumtype(krb5_cksumtype ctype);
+krb5_error_code krb5_kt_free_entry(krb5_context,krb5_keytab_entry FAR * );
+krb5_error_code kssl_krb5_auth_con_setrcache(krb5_context, 
+                                             krb5_auth_context, 
+                                             krb5_rcache);
+krb5_error_code kssl_krb5_get_server_rcache(krb5_context, 
+                                            krb5_const krb5_data *,
+                                            krb5_rcache *);
+krb5_error_code kssl_krb5_auth_con_getrcache(krb5_context, 
+                                             krb5_auth_context,
+                                             krb5_rcache *);
+
+/* Function pointers (almost all Kerberos functions are _stdcall) */
+static void (_stdcall *p_krb5_free_data_contents)(krb5_context, krb5_data *)
+	=NULL;
+static void (_stdcall *p_krb5_free_principal)(krb5_context, krb5_principal )
+	=NULL;
+static krb5_error_code(_stdcall *p_krb5_kt_resolve)
+			(krb5_context, krb5_const char *, krb5_keytab *)=NULL;
+static krb5_error_code (_stdcall *p_krb5_kt_default)(krb5_context,
+                                                     krb5_keytab *)=NULL;
+static krb5_error_code (_stdcall *p_krb5_free_ticket)(krb5_context, 
+                                                      krb5_ticket *)=NULL;
+static krb5_error_code (_stdcall *p_krb5_rd_req)(krb5_context, 
+                                                 krb5_auth_context *, 
+                                                 krb5_const krb5_data *,
+                                                 krb5_const_principal, 
+                                                 krb5_keytab, krb5_flags *,
+                                                 krb5_ticket **)=NULL;
+static krb5_error_code (_stdcall *p_krb5_mk_req_extended)
+			(krb5_context, krb5_auth_context *,
+			 krb5_const krb5_flags, krb5_data *, krb5_creds *,
+			 krb5_data * )=NULL;
+static krb5_error_code (_stdcall *p_krb5_init_context)(krb5_context *)=NULL;
+static void (_stdcall *p_krb5_free_context)(krb5_context)=NULL;
+static krb5_error_code (_stdcall *p_krb5_cc_default)(krb5_context,
+                                                     krb5_ccache  *)=NULL;
+static krb5_error_code (_stdcall *p_krb5_sname_to_principal)
+			(krb5_context, krb5_const char *, krb5_const char *,
+			 krb5_int32, krb5_principal *)=NULL;
+static krb5_error_code (_stdcall *p_krb5_get_credentials)
+			(krb5_context, krb5_const krb5_flags, krb5_ccache,
+			 krb5_creds *, krb5_creds **)=NULL;
+static krb5_error_code (_stdcall *p_krb5_auth_con_init)
+			(krb5_context, krb5_auth_context *)=NULL;
+static krb5_error_code (_stdcall *p_krb5_cc_get_principal)
+			(krb5_context context, krb5_ccache cache,
+			 krb5_principal *principal)=NULL;
+static krb5_error_code (_stdcall *p_krb5_auth_con_free)
+			(krb5_context, krb5_auth_context)=NULL;
+static krb5_error_code (_stdcall *p_krb5_decrypt_tkt_part)
+                        (krb5_context, krb5_const krb5_keyblock *,
+                                           krb5_ticket *)=NULL;
+static krb5_error_code (_stdcall *p_krb5_timeofday)
+                        (krb5_context context, krb5_int32 *timeret)=NULL;
+static krb5_error_code (_stdcall *p_krb5_rc_default)
+                        (krb5_context context, krb5_rcache *rc)=NULL;
+static krb5_error_code (_stdcall *p_krb5_rc_initialize)
+                        (krb5_context context, krb5_rcache rc,
+                                     krb5_deltat lifespan)=NULL;
+static krb5_error_code (_stdcall *p_krb5_rc_get_lifespan)
+                        (krb5_context context, krb5_rcache rc,
+                                       krb5_deltat *lifespan)=NULL;
+static krb5_error_code (_stdcall *p_krb5_rc_destroy)
+                        (krb5_context context, krb5_rcache rc)=NULL;
+static krb5_boolean (_stdcall *p_krb5_principal_compare)
+                     (krb5_context, krb5_const_principal, krb5_const_principal)=NULL;
+static size_t (_stdcall *p_krb5_checksum_size)(krb5_context context,krb5_cksumtype ctype)=NULL;
+static krb5_boolean (_stdcall *p_valid_cksumtype)(krb5_cksumtype ctype)=NULL;
+static krb5_error_code (_stdcall *p_krb5_kt_free_entry)
+                        (krb5_context,krb5_keytab_entry * )=NULL;
+static krb5_error_code (_stdcall * p_krb5_auth_con_setrcache)(krb5_context, 
+                                                               krb5_auth_context, 
+                                                               krb5_rcache)=NULL;
+static krb5_error_code (_stdcall * p_krb5_get_server_rcache)(krb5_context, 
+                                                              krb5_const krb5_data *, 
+                                                              krb5_rcache *)=NULL;
+static krb5_error_code (* p_krb5_auth_con_getrcache)(krb5_context, 
+                                                      krb5_auth_context,
+                                                      krb5_rcache *)=NULL;
+static krb5_error_code (_stdcall * p_krb5_kt_close)(krb5_context context, 
+                                                    krb5_keytab keytab)=NULL;
+static krb5_error_code (_stdcall * p_krb5_kt_get_entry)(krb5_context context, 
+                                                        krb5_keytab keytab,
+                       krb5_const_principal principal, krb5_kvno vno,
+                       krb5_enctype enctype, krb5_keytab_entry *entry)=NULL;
+static int krb5_loaded = 0;     /* only attempt to initialize func ptrs once */
+
+/* Function to Load the Kerberos 5 DLL and initialize function pointers */
+void
+load_krb5_dll(void)
+	{
+	HANDLE hKRB5_32;
+    
+	krb5_loaded++;
+	hKRB5_32 = LoadLibrary("KRB5_32");
+	if (!hKRB5_32)
+		return;
+
+	(FARPROC) p_krb5_free_data_contents =
+		GetProcAddress( hKRB5_32, "krb5_free_data_contents" );
+	(FARPROC) p_krb5_free_context =
+		GetProcAddress( hKRB5_32, "krb5_free_context" );
+	(FARPROC) p_krb5_auth_con_free =
+		GetProcAddress( hKRB5_32, "krb5_auth_con_free" );
+	(FARPROC) p_krb5_free_principal =
+		GetProcAddress( hKRB5_32, "krb5_free_principal" );
+	(FARPROC) p_krb5_mk_req_extended =
+		GetProcAddress( hKRB5_32, "krb5_mk_req_extended" );
+	(FARPROC) p_krb5_get_credentials =
+		GetProcAddress( hKRB5_32, "krb5_get_credentials" );
+	(FARPROC) p_krb5_cc_get_principal =
+		GetProcAddress( hKRB5_32, "krb5_cc_get_principal" );
+	(FARPROC) p_krb5_cc_default =
+		GetProcAddress( hKRB5_32, "krb5_cc_default" );
+	(FARPROC) p_krb5_sname_to_principal =
+		GetProcAddress( hKRB5_32, "krb5_sname_to_principal" );
+	(FARPROC) p_krb5_init_context =
+		GetProcAddress( hKRB5_32, "krb5_init_context" );
+	(FARPROC) p_krb5_free_ticket =
+		GetProcAddress( hKRB5_32, "krb5_free_ticket" );
+	(FARPROC) p_krb5_rd_req =
+		GetProcAddress( hKRB5_32, "krb5_rd_req" );
+	(FARPROC) p_krb5_principal_compare =
+		GetProcAddress( hKRB5_32, "krb5_principal_compare" );
+	(FARPROC) p_krb5_decrypt_tkt_part =
+		GetProcAddress( hKRB5_32, "krb5_decrypt_tkt_part" );
+	(FARPROC) p_krb5_timeofday =
+		GetProcAddress( hKRB5_32, "krb5_timeofday" );
+	(FARPROC) p_krb5_rc_default =
+		GetProcAddress( hKRB5_32, "krb5_rc_default" );
+	(FARPROC) p_krb5_rc_initialize =
+		GetProcAddress( hKRB5_32, "krb5_rc_initialize" );
+	(FARPROC) p_krb5_rc_get_lifespan =
+		GetProcAddress( hKRB5_32, "krb5_rc_get_lifespan" );
+	(FARPROC) p_krb5_rc_destroy =
+		GetProcAddress( hKRB5_32, "krb5_rc_destroy" );
+	(FARPROC) p_krb5_kt_default =
+		GetProcAddress( hKRB5_32, "krb5_kt_default" );
+	(FARPROC) p_krb5_kt_resolve =
+		GetProcAddress( hKRB5_32, "krb5_kt_resolve" );
+	(FARPROC) p_krb5_auth_con_init =
+		GetProcAddress( hKRB5_32, "krb5_auth_con_init" );
+        (FARPROC) p_valid_cksumtype =
+                GetProcAddress( hKRB5_32, "valid_cksumtype" );
+        (FARPROC) p_krb5_checksum_size =
+                GetProcAddress( hKRB5_32, "krb5_checksum_size" );
+        (FARPROC) p_krb5_kt_free_entry =
+                GetProcAddress( hKRB5_32, "krb5_kt_free_entry" );
+        (FARPROC) p_krb5_auth_con_setrcache =
+                GetProcAddress( hKRB5_32, "krb5_auth_con_setrcache" );
+        (FARPROC) p_krb5_get_server_rcache =
+                GetProcAddress( hKRB5_32, "krb5_get_server_rcache" );
+        (FARPROC) p_krb5_auth_con_getrcache =
+                GetProcAddress( hKRB5_32, "krb5_auth_con_getrcache" );
+        (FARPROC) p_krb5_kt_close =
+                GetProcAddress( hKRB5_32, "krb5_kt_close" );
+        (FARPROC) p_krb5_kt_get_entry =
+                GetProcAddress( hKRB5_32, "krb5_kt_get_entry" );
+	}
+
+/* Stubs for each function to be dynamicly loaded */
+void
+kssl_krb5_free_data_contents(krb5_context CO, krb5_data  * data)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_free_data_contents )
+		p_krb5_free_data_contents(CO,data);
+	}
+
+krb5_error_code
+kssl_krb5_mk_req_extended (krb5_context CO,
+                          krb5_auth_context  * pACO,
+                          krb5_const krb5_flags F,
+                          krb5_data  * pD1,
+                          krb5_creds  * pC,
+                          krb5_data  * pD2)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_mk_req_extended )
+		return(p_krb5_mk_req_extended(CO,pACO,F,pD1,pC,pD2));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+krb5_error_code
+kssl_krb5_auth_con_init(krb5_context CO,
+                       krb5_auth_context  * pACO)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_auth_con_init )
+		return(p_krb5_auth_con_init(CO,pACO));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+krb5_error_code
+kssl_krb5_auth_con_free (krb5_context CO,
+                        krb5_auth_context ACO)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_auth_con_free )
+		return(p_krb5_auth_con_free(CO,ACO));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+krb5_error_code
+kssl_krb5_get_credentials(krb5_context CO,
+                         krb5_const krb5_flags F,
+                         krb5_ccache CC,
+                         krb5_creds  * pCR,
+                         krb5_creds  ** ppCR)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_get_credentials )
+		return(p_krb5_get_credentials(CO,F,CC,pCR,ppCR));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+krb5_error_code
+kssl_krb5_sname_to_principal(krb5_context CO,
+                            krb5_const char  * pC1,
+                            krb5_const char  * pC2,
+                            krb5_int32 I,
+                            krb5_principal  * pPR)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_sname_to_principal )
+		return(p_krb5_sname_to_principal(CO,pC1,pC2,I,pPR));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+kssl_krb5_cc_default(krb5_context CO,
+                    krb5_ccache  * pCC)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_cc_default )
+		return(p_krb5_cc_default(CO,pCC));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+kssl_krb5_init_context(krb5_context * pCO)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_init_context )
+		return(p_krb5_init_context(pCO));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+void
+kssl_krb5_free_context(krb5_context CO)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_free_context )
+		p_krb5_free_context(CO);
+	}
+
+void
+kssl_krb5_free_principal(krb5_context c, krb5_principal p)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_free_principal )
+		p_krb5_free_principal(c,p);
+	}
+
+krb5_error_code
+kssl_krb5_kt_resolve(krb5_context con,
+                    krb5_const char * sz,
+                    krb5_keytab * kt)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_kt_resolve )
+		return(p_krb5_kt_resolve(con,sz,kt));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+kssl_krb5_kt_default(krb5_context con,
+                    krb5_keytab * kt)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_kt_default )
+		return(p_krb5_kt_default(con,kt));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+kssl_krb5_free_ticket(krb5_context con,
+                     krb5_ticket * kt)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_free_ticket )
+		return(p_krb5_free_ticket(con,kt));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+kssl_krb5_rd_req(krb5_context con, krb5_auth_context * pacon,
+                krb5_const krb5_data * data,
+                krb5_const_principal princ, krb5_keytab keytab,
+                krb5_flags * flags, krb5_ticket ** pptkt)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_rd_req )
+		return(p_krb5_rd_req(con,pacon,data,princ,keytab,flags,pptkt));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_boolean
+krb5_principal_compare(krb5_context con, krb5_const_principal princ1,
+                krb5_const_principal princ2)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_principal_compare )
+		return(p_krb5_principal_compare(con,princ1,princ2));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+krb5_decrypt_tkt_part(krb5_context con, krb5_const krb5_keyblock *keys,
+                krb5_ticket *ticket)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_decrypt_tkt_part )
+		return(p_krb5_decrypt_tkt_part(con,keys,ticket));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+krb5_timeofday(krb5_context con, krb5_int32 *timeret)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_timeofday )
+		return(p_krb5_timeofday(con,timeret));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+krb5_rc_default(krb5_context con, krb5_rcache *rc)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_rc_default )
+		return(p_krb5_rc_default(con,rc));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+krb5_rc_initialize(krb5_context con, krb5_rcache rc, krb5_deltat lifespan)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_rc_initialize )
+		return(p_krb5_rc_initialize(con, rc, lifespan));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+krb5_rc_get_lifespan(krb5_context con, krb5_rcache rc, krb5_deltat *lifespanp)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_rc_get_lifespan )
+		return(p_krb5_rc_get_lifespan(con, rc, lifespanp));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+krb5_rc_destroy(krb5_context con, krb5_rcache rc)
+	{
+	if (!krb5_loaded)
+		load_krb5_dll();
+
+	if ( p_krb5_rc_destroy )
+		return(p_krb5_rc_destroy(con, rc));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+size_t 
+krb5_checksum_size(krb5_context context,krb5_cksumtype ctype)
+        {
+        if (!krb5_loaded)
+                load_krb5_dll();
+
+        if ( p_krb5_checksum_size )
+                return(p_krb5_checksum_size(context, ctype));
+        else
+                return KRB5KRB_ERR_GENERIC;
+        }
+
+krb5_boolean 
+valid_cksumtype(krb5_cksumtype ctype)
+        {
+        if (!krb5_loaded)
+                load_krb5_dll();
+
+        if ( p_valid_cksumtype )
+                return(p_valid_cksumtype(ctype));
+        else
+                return KRB5KRB_ERR_GENERIC;
+        }
+
+krb5_error_code 
+krb5_kt_free_entry(krb5_context con,krb5_keytab_entry * entry)
+        {
+        if (!krb5_loaded)
+                load_krb5_dll();
+
+        if ( p_krb5_kt_free_entry )
+                return(p_krb5_kt_free_entry(con,entry));
+        else
+                return KRB5KRB_ERR_GENERIC;
+        }
+                 
+/* Structure definitions  */
+#ifndef NO_DEF_KRB5_CCACHE
+#ifndef krb5_x
+#define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1))
+#define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0))
+#endif 
+
+typedef	krb5_pointer	krb5_cc_cursor;	/* cursor for sequential lookup */
+
+typedef struct _krb5_ccache
+	{
+	krb5_magic magic;
+	struct _krb5_cc_ops FAR *ops;
+	krb5_pointer data;
+	} *krb5_ccache;
+
+typedef struct _krb5_cc_ops
+	{
+	krb5_magic magic;
+	char  *prefix;
+	char  * (KRB5_CALLCONV *get_name)
+		(krb5_context, krb5_ccache);
+	krb5_error_code (KRB5_CALLCONV *resolve)
+		(krb5_context, krb5_ccache  *, const char  *);
+	krb5_error_code (KRB5_CALLCONV *gen_new)
+		(krb5_context, krb5_ccache  *);
+	krb5_error_code (KRB5_CALLCONV *init)
+		(krb5_context, krb5_ccache, krb5_principal);
+	krb5_error_code (KRB5_CALLCONV *destroy)
+		(krb5_context, krb5_ccache);
+	krb5_error_code (KRB5_CALLCONV *close)
+		(krb5_context, krb5_ccache);
+	krb5_error_code (KRB5_CALLCONV *store)
+		(krb5_context, krb5_ccache, krb5_creds  *);
+	krb5_error_code (KRB5_CALLCONV *retrieve)
+		(krb5_context, krb5_ccache,
+		krb5_flags, krb5_creds  *, krb5_creds  *);
+	krb5_error_code (KRB5_CALLCONV *get_princ)
+		(krb5_context, krb5_ccache, krb5_principal  *);
+	krb5_error_code (KRB5_CALLCONV *get_first)
+		(krb5_context, krb5_ccache, krb5_cc_cursor  *);
+	krb5_error_code (KRB5_CALLCONV *get_next)
+		(krb5_context, krb5_ccache,
+		krb5_cc_cursor  *, krb5_creds  *);
+	krb5_error_code (KRB5_CALLCONV *end_get)
+		(krb5_context, krb5_ccache, krb5_cc_cursor  *);
+	krb5_error_code (KRB5_CALLCONV *remove_cred)
+		(krb5_context, krb5_ccache,
+		krb5_flags, krb5_creds  *);
+	krb5_error_code (KRB5_CALLCONV *set_flags)
+		(krb5_context, krb5_ccache, krb5_flags);
+	} krb5_cc_ops;
+#endif /* NO_DEF_KRB5_CCACHE */
+
+krb5_error_code 
+kssl_krb5_cc_get_principal
+    (krb5_context context, krb5_ccache cache,
+      krb5_principal *principal)
+	{
+	if ( p_krb5_cc_get_principal )
+		return(p_krb5_cc_get_principal(context,cache,principal));
+	else
+		return(krb5_x
+			((cache)->ops->get_princ,(context, cache, principal)));
+	}
+
+krb5_error_code
+kssl_krb5_auth_con_setrcache(krb5_context con, krb5_auth_context acon,
+                             krb5_rcache rcache)
+        {
+        if ( p_krb5_auth_con_setrcache )
+                 return(p_krb5_auth_con_setrcache(con,acon,rcache));
+        else
+                 return KRB5KRB_ERR_GENERIC;
+        }
+
+krb5_error_code
+kssl_krb5_get_server_rcache(krb5_context con, krb5_const krb5_data * data,
+                            krb5_rcache * rcache) 
+        {
+	if ( p_krb5_get_server_rcache )
+		return(p_krb5_get_server_rcache(con,data,rcache));
+	else
+		return KRB5KRB_ERR_GENERIC;
+        }
+
+krb5_error_code
+kssl_krb5_auth_con_getrcache(krb5_context con, krb5_auth_context acon,
+                             krb5_rcache * prcache)
+        {
+	if ( p_krb5_auth_con_getrcache )
+		return(p_krb5_auth_con_getrcache(con,acon, prcache));
+	else
+		return KRB5KRB_ERR_GENERIC;
+	}
+ 
+krb5_error_code
+kssl_krb5_kt_close(krb5_context context, krb5_keytab keytab)
+	{
+	if ( p_krb5_kt_close )
+		return(p_krb5_kt_close(context,keytab));
+	else 
+		return KRB5KRB_ERR_GENERIC;
+	}
+
+krb5_error_code
+kssl_krb5_kt_get_entry(krb5_context context, krb5_keytab keytab,
+                       krb5_const_principal principal, krb5_kvno vno,
+                       krb5_enctype enctype, krb5_keytab_entry *entry)
+	{
+	if ( p_krb5_kt_get_entry )
+		return(p_krb5_kt_get_entry(context,keytab,principal,vno,enctype,entry));
+	else
+		return KRB5KRB_ERR_GENERIC;
+        }
+#endif  /* OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32 */
+
+char
+*kstring(char *string)
+        {
+        static char	*null = "[NULL]";
+
+	return ((string == NULL)? null: string);
+        }
+
+/*	Given KRB5 enctype (basically DES or 3DES),
+**	return closest match openssl EVP_ encryption algorithm.
+**	Return NULL for unknown or problematic (krb5_dk_encrypt) enctypes.
+**	Assume ENCTYPE_*_RAW (krb5_raw_encrypt) are OK.
+*/
+const EVP_CIPHER *
+kssl_map_enc(krb5_enctype enctype)
+        {
+	switch (enctype)
+		{
+	case ENCTYPE_DES_HMAC_SHA1:		/*    EVP_des_cbc();       */
+	case ENCTYPE_DES_CBC_CRC:
+	case ENCTYPE_DES_CBC_MD4:
+	case ENCTYPE_DES_CBC_MD5:
+	case ENCTYPE_DES_CBC_RAW:
+				return EVP_des_cbc();
+				break;
+	case ENCTYPE_DES3_CBC_SHA1:		/*    EVP_des_ede3_cbc();  */
+	case ENCTYPE_DES3_CBC_SHA:
+	case ENCTYPE_DES3_CBC_RAW:
+				return EVP_des_ede3_cbc();
+				break;
+	default:                return NULL;
+				break;
+		}
+	}
+
+
+/*	Return true:1 if p "looks like" the start of the real authenticator
+**	described in kssl_skip_confound() below.  The ASN.1 pattern is
+**	"62 xx 30 yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and
+**	xx and yy are possibly multi-byte length fields.
+*/
+int 	kssl_test_confound(unsigned char *p)
+	{
+	int 	len = 2;
+	int 	xx = 0, yy = 0;
+
+	if (*p++ != 0x62)  return 0;
+	if (*p > 0x82)  return 0;
+	switch(*p)  {
+		case 0x82:  p++;          xx = (*p++ << 8);  xx += *p++;  break;
+		case 0x81:  p++;          xx =  *p++;  break;
+		case 0x80:  return 0;
+		default:    xx = *p++;  break;
+		}
+	if (*p++ != 0x30)  return 0;
+	if (*p > 0x82)  return 0;
+	switch(*p)  {
+		case 0x82:  p++; len+=2;  yy = (*p++ << 8);  yy += *p++;  break;
+		case 0x81:  p++; len++;   yy =  *p++;  break;
+		case 0x80:  return 0;
+		default:    yy = *p++;  break;
+		}
+
+	return (xx - len == yy)? 1: 0;
+	}
+
+/*	Allocate, fill, and return cksumlens array of checksum lengths.
+**	This array holds just the unique elements from the krb5_cksumarray[].
+**	array[n] == 0 signals end of data.
+**
+**      The krb5_cksumarray[] was an internal variable that has since been
+**      replaced by a more general method for storing the data.  It should
+**      not be used.  Instead we use real API calls and make a guess for 
+**      what the highest assigned CKSUMTYPE_ constant is.  As of 1.2.2
+**      it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3).  So we will use 0x0010.
+*/
+size_t  *populate_cksumlens(void)
+	{
+	int 		i, j, n;
+	static size_t 	*cklens = NULL;
+
+#ifdef KRB5_MIT_OLD11
+	n = krb5_max_cksum;
+#else
+	n = 0x0010;
+#endif	/* KRB5_MIT_OLD11 */
+ 
+#ifdef KRB5CHECKAUTH
+	if (!cklens && !(cklens = (size_t *) calloc(sizeof(int),n+1)))  return NULL;
+
+	for (i=0; i < n; i++)  {
+		if (!valid_cksumtype(i))  continue;	/*  array has holes  */
+		for (j=0; j < n; j++)  {
+			if (cklens[j] == 0)  {
+				cklens[j] = krb5_checksum_size(NULL,i);
+				break;		/*  krb5 elem was new: add   */
+				}
+			if (cklens[j] == krb5_checksum_size(NULL,i))  {
+				break;		/*  ignore duplicate elements */
+				}
+			}
+		}
+#endif	/* KRB5CHECKAUTH */
+
+	return cklens;
+	}
+
+/*	Return pointer to start of real authenticator within authenticator, or
+**	return NULL on error.
+**	Decrypted authenticator looks like this:
+**		[0 or 8 byte confounder] [4-24 byte checksum] [real authent'r]
+**	This hackery wouldn't be necessary if MIT KRB5 1.0.6 had the
+**	krb5_auth_con_getcksumtype() function advertised in its krb5.h.
+*/
+unsigned char	*kssl_skip_confound(krb5_enctype etype, unsigned char *a)
+	{
+	int 		i, conlen;
+	size_t		cklen;
+	static size_t 	*cksumlens = NULL;
+	unsigned char	*test_auth;
+
+	conlen = (etype)? 8: 0;
+
+	if (!cksumlens  &&  !(cksumlens = populate_cksumlens()))  return NULL;
+	for (i=0; (cklen = cksumlens[i]) != 0; i++)
+		{
+		test_auth = a + conlen + cklen;
+		if (kssl_test_confound(test_auth))  return test_auth;
+		}
+
+	return NULL;
+	}
+
+
+/*	Set kssl_err error info when reason text is a simple string
+**		kssl_err = struct { int reason; char text[KSSL_ERR_MAX+1]; }
+*/
+void
+kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text)
+        {
+	if (kssl_err == NULL)  return;
+
+	kssl_err->reason = reason;
+	BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, text);
+	return;
+        }
+
+
+/*	Display contents of krb5_data struct, for debugging
+*/
+void
+print_krb5_data(char *label, krb5_data *kdata)
+        {
+	int i;
+
+	printf("%s[%d] ", label, kdata->length);
+	for (i=0; i < kdata->length; i++)
+                {
+		if (0 &&  isprint((int) kdata->data[i]))
+                        printf(	"%c ",  kdata->data[i]);
+		else
+                        printf(	"%02x ", (unsigned char) kdata->data[i]);
+		}
+	printf("\n");
+        }
+
+
+/*	Display contents of krb5_authdata struct, for debugging
+*/
+void
+print_krb5_authdata(char *label, krb5_authdata **adata)
+        {
+	if (adata == NULL)
+                {
+		printf("%s, authdata==0\n", label);
+		return;
+		}
+	printf("%s [%p]\n", label, adata);
+#if 0
+	{
+        int 	i;
+	printf("%s[at%d:%d] ", label, adata->ad_type, adata->length);
+	for (i=0; i < adata->length; i++)
+                {
+                printf((isprint(adata->contents[i]))? "%c ": "%02x",
+                        adata->contents[i]);
+		}
+	printf("\n");
+	}
+#endif
+	}
+
+
+/*	Display contents of krb5_keyblock struct, for debugging
+*/
+void
+print_krb5_keyblock(char *label, krb5_keyblock *keyblk)
+        {
+	int i;
+
+	if (keyblk == NULL)
+                {
+		printf("%s, keyblk==0\n", label);
+		return;
+		}
+#ifdef KRB5_HEIMDAL
+	printf("%s\n\t[et%d:%d]: ", label, keyblk->keytype,
+					   keyblk->keyvalue->length);
+	for (i=0; i < keyblk->keyvalue->length; i++)
+                {
+		printf("%02x",(unsigned char *)(keyblk->keyvalue->contents)[i]);
+		}
+	printf("\n");
+#else
+	printf("%s\n\t[et%d:%d]: ", label, keyblk->enctype, keyblk->length);
+	for (i=0; i < keyblk->length; i++)
+                {
+		printf("%02x",keyblk->contents[i]);
+		}
+	printf("\n");
+#endif
+        }
+
+
+/*	Display contents of krb5_principal_data struct, for debugging
+**	(krb5_principal is typedef'd == krb5_principal_data *)
+*/
+void
+print_krb5_princ(char *label, krb5_principal_data *princ)
+        {
+	int i, ui, uj;
+
+	printf("%s principal Realm: ", label);
+	if (princ == NULL)  return;
+	for (ui=0; ui < princ->realm.length; ui++)  putchar(princ->realm.data[ui]);
+	printf(" (nametype %d) has %d strings:\n", princ->type,princ->length);
+	for (i=0; i < princ->length; i++)
+                {
+		printf("\t%d [%d]: ", i, princ->data[i].length);
+		for (uj=0; uj < princ->data[i].length; uj++)  {
+			putchar(princ->data[i].data[uj]);
+			}
+		printf("\n");
+		}
+	return;
+        }
+
+
+/*	Given krb5 service (typically "kssl") and hostname in kssl_ctx,
+**	Return encrypted Kerberos ticket for service @ hostname.
+**	If authenp is non-NULL, also return encrypted authenticator,
+**	whose data should be freed by caller.
+**	(Originally was: Create Kerberos AP_REQ message for SSL Client.)
+**
+**	19990628	VRS 	Started; Returns Kerberos AP_REQ message.
+**	20010409	VRS 	Modified for RFC2712; Returns enc tkt.
+**	20010606	VRS 	May also return optional authenticator.
+*/
+krb5_error_code
+kssl_cget_tkt(	/* UPDATE */	KSSL_CTX *kssl_ctx,
+                /* OUT    */	krb5_data **enc_ticketp,
+                /* UPDATE */	krb5_data *authenp,
+                /* OUT    */	KSSL_ERR *kssl_err)
+	{
+	krb5_error_code		krb5rc = KRB5KRB_ERR_GENERIC;
+	krb5_context		krb5context = NULL;
+	krb5_auth_context	krb5auth_context = NULL;
+	krb5_ccache 		krb5ccdef = NULL;
+	krb5_creds		krb5creds, *krb5credsp = NULL;
+	krb5_data		krb5_app_req;
+
+	kssl_err_set(kssl_err, 0, "");
+	memset((char *)&krb5creds, 0, sizeof(krb5creds));
+
+	if (!kssl_ctx)
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "No kssl_ctx defined.\n");
+		goto err;
+		}
+	else if (!kssl_ctx->service_host)
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "kssl_ctx service_host undefined.\n");
+		goto err;
+		}
+
+	if ((krb5rc = krb5_init_context(&krb5context)) != 0)
+                {
+		BIO_snprintf(kssl_err->text,KSSL_ERR_MAX,
+                        "krb5_init_context() fails: %d\n", krb5rc);
+		kssl_err->reason = SSL_R_KRB5_C_INIT;
+		goto err;
+		}
+
+	if ((krb5rc = krb5_sname_to_principal(krb5context,
+                kssl_ctx->service_host,
+                (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC,
+                KRB5_NT_SRV_HST, &krb5creds.server)) != 0)
+                {
+		BIO_snprintf(kssl_err->text,KSSL_ERR_MAX,
+                        "krb5_sname_to_principal() fails for %s/%s\n",
+                        kssl_ctx->service_host,
+                        (kssl_ctx->service_name)? kssl_ctx->service_name:
+						  KRB5SVC);
+		kssl_err->reason = SSL_R_KRB5_C_INIT;
+		goto err;
+		}
+
+	if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0)
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,
+                        "krb5_cc_default fails.\n");
+		goto err;
+		}
+
+	if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
+                &krb5creds.client)) != 0)
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC,
+                        "krb5_cc_get_principal() fails.\n");
+		goto err;
+		}
+
+	if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef,
+                &krb5creds, &krb5credsp)) != 0)
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_C_GET_CRED,
+                        "krb5_get_credentials() fails.\n");
+		goto err;
+		}
+
+	*enc_ticketp = &krb5credsp->ticket;
+#ifdef KRB5_HEIMDAL
+	kssl_ctx->enctype = krb5credsp->session.keytype;
+#else
+	kssl_ctx->enctype = krb5credsp->keyblock.enctype;
+#endif
+
+	krb5rc = KRB5KRB_ERR_GENERIC;
+	/*	caller should free data of krb5_app_req  */
+	/*  20010406 VRS deleted for real KerberosWrapper
+	**  20010605 VRS reinstated to offer Authenticator to KerberosWrapper
+	*/
+	krb5_app_req.length = 0;
+	if (authenp)
+                {
+		krb5_data	krb5in_data;
+		unsigned char	*p;
+		long		arlen;
+		KRB5_APREQBODY	*ap_req;
+
+		authenp->length = 0;
+		krb5in_data.data = NULL;
+		krb5in_data.length = 0;
+		if ((krb5rc = krb5_mk_req_extended(krb5context,
+			&krb5auth_context, 0, &krb5in_data, krb5credsp,
+			&krb5_app_req)) != 0)
+			{
+			kssl_err_set(kssl_err, SSL_R_KRB5_C_MK_REQ,
+				"krb5_mk_req_extended() fails.\n");
+			goto err;
+			}
+
+		arlen = krb5_app_req.length;
+		p = (unsigned char *)krb5_app_req.data;
+		ap_req = (KRB5_APREQBODY *) d2i_KRB5_APREQ(NULL, &p, arlen);
+		if (ap_req)
+			{
+			authenp->length = i2d_KRB5_ENCDATA(
+					ap_req->authenticator, NULL);
+			if (authenp->length  && 
+				(authenp->data = malloc(authenp->length)))
+				{
+				unsigned char	*adp = (unsigned char *)authenp->data;
+				authenp->length = i2d_KRB5_ENCDATA(
+						ap_req->authenticator, &adp);
+				}
+			}
+
+		if (ap_req)  KRB5_APREQ_free((KRB5_APREQ *) ap_req);
+		if (krb5_app_req.length)  
+                        kssl_krb5_free_data_contents(krb5context,&krb5_app_req);
+		}
+#ifdef KRB5_HEIMDAL
+	if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->session))
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT,
+                        "kssl_ctx_setkey() fails.\n");
+		}
+#else
+	if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->keyblock))
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT,
+                        "kssl_ctx_setkey() fails.\n");
+		}
+#endif
+	else	krb5rc = 0;
+
+ err:
+#ifdef KSSL_DEBUG
+	kssl_ctx_show(kssl_ctx);
+#endif	/* KSSL_DEBUG */
+
+	if (krb5creds.client)	krb5_free_principal(krb5context,
+							krb5creds.client);
+	if (krb5creds.server)	krb5_free_principal(krb5context,
+							krb5creds.server);
+	if (krb5auth_context)	krb5_auth_con_free(krb5context,
+							krb5auth_context);
+	if (krb5context)	krb5_free_context(krb5context);
+	return (krb5rc);
+	}
+
+
+/*  Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket.
+**  Return Kerberos error code and kssl_err struct on error.
+**  Allocates krb5_ticket and krb5_principal; caller should free these.
+**
+**	20010410	VRS	Implemented krb5_decode_ticket() as
+**				old_krb5_decode_ticket(). Missing from MIT1.0.6.
+**	20010615	VRS 	Re-cast as openssl/asn1 d2i_*() functions.
+**				Re-used some of the old krb5_decode_ticket()
+**				code here.  This tkt should alloc/free just
+**				like the real thing.
+*/
+krb5_error_code
+kssl_TKT2tkt(	/* IN     */	krb5_context	krb5context,
+		/* IN     */	KRB5_TKTBODY	*asn1ticket,
+		/* OUT    */	krb5_ticket	**krb5ticket,
+		/* OUT    */	KSSL_ERR *kssl_err  )
+        {
+        krb5_error_code			krb5rc = KRB5KRB_ERR_GENERIC;
+	krb5_ticket 			*new5ticket = NULL;
+	ASN1_GENERALSTRING		*gstr_svc, *gstr_host;
+
+	*krb5ticket = NULL;
+
+	if (asn1ticket == NULL  ||  asn1ticket->realm == NULL  ||
+		asn1ticket->sname == NULL  || 
+		sk_ASN1_GENERALSTRING_num(asn1ticket->sname->namestring) < 2)
+		{
+		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+			"Null field in asn1ticket.\n");
+		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+		return KRB5KRB_ERR_GENERIC;
+		}
+
+	if ((new5ticket = (krb5_ticket *) calloc(1, sizeof(krb5_ticket)))==NULL)
+		{
+		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+			"Unable to allocate new krb5_ticket.\n");
+		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+		return ENOMEM;		/*  or  KRB5KRB_ERR_GENERIC;	*/
+		}
+
+	gstr_svc  = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 0);
+	gstr_host = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 1);
+
+	if ((krb5rc = kssl_build_principal_2(krb5context,
+			&new5ticket->server,
+			asn1ticket->realm->length, (char *)asn1ticket->realm->data,
+			gstr_svc->length,  (char *)gstr_svc->data,
+			gstr_host->length, (char *)gstr_host->data)) != 0)
+		{
+		free(new5ticket);
+		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+			"Error building ticket server principal.\n");
+		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+		return krb5rc;		/*  or  KRB5KRB_ERR_GENERIC;	*/
+		}
+
+	krb5_princ_type(krb5context, new5ticket->server) =
+			asn1ticket->sname->nametype->data[0];
+	new5ticket->enc_part.enctype = asn1ticket->encdata->etype->data[0];
+	new5ticket->enc_part.kvno = asn1ticket->encdata->kvno->data[0];
+	new5ticket->enc_part.ciphertext.length =
+			asn1ticket->encdata->cipher->length;
+	if ((new5ticket->enc_part.ciphertext.data =
+		calloc(1, asn1ticket->encdata->cipher->length)) == NULL)
+		{
+		free(new5ticket);
+		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+			"Error allocating cipher in krb5ticket.\n");
+		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+		return KRB5KRB_ERR_GENERIC;
+		}
+	else
+		{
+		memcpy(new5ticket->enc_part.ciphertext.data,
+			asn1ticket->encdata->cipher->data,
+			asn1ticket->encdata->cipher->length);
+		}
+
+	*krb5ticket = new5ticket;
+	return 0;
+	}
+
+
+/*	Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"),
+**		and krb5 AP_REQ message & message length,
+**	Return Kerberos session key and client principle
+**		to SSL Server in KSSL_CTX *kssl_ctx.
+**
+**	19990702	VRS 	Started.
+*/
+krb5_error_code
+kssl_sget_tkt(	/* UPDATE */	KSSL_CTX		*kssl_ctx,
+		/* IN     */	krb5_data		*indata,
+		/* OUT    */	krb5_ticket_times	*ttimes,
+		/* OUT    */	KSSL_ERR		*kssl_err  )
+        {
+        krb5_error_code			krb5rc = KRB5KRB_ERR_GENERIC;
+        static krb5_context		krb5context = NULL;
+	static krb5_auth_context	krb5auth_context = NULL;
+	krb5_ticket 			*krb5ticket = NULL;
+	KRB5_TKTBODY 			*asn1ticket = NULL;
+	unsigned char			*p;
+	krb5_keytab 			krb5keytab = NULL;
+	krb5_keytab_entry		kt_entry;
+	krb5_principal			krb5server;
+        krb5_rcache                     rcache = NULL;
+
+	kssl_err_set(kssl_err, 0, "");
+
+	if (!kssl_ctx)
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+			"No kssl_ctx defined.\n");
+		goto err;
+		}
+
+#ifdef KSSL_DEBUG
+	printf("in kssl_sget_tkt(%s)\n", kstring(kssl_ctx->service_name));
+#endif	/* KSSL_DEBUG */
+
+	if (!krb5context  &&  (krb5rc = krb5_init_context(&krb5context)))
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "krb5_init_context() fails.\n");
+		goto err;
+		}
+	if (krb5auth_context  &&
+		(krb5rc = krb5_auth_con_free(krb5context, krb5auth_context)))
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "krb5_auth_con_free() fails.\n");
+		goto err;
+		}
+	else  krb5auth_context = NULL;
+	if (!krb5auth_context  &&
+		(krb5rc = krb5_auth_con_init(krb5context, &krb5auth_context)))
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "krb5_auth_con_init() fails.\n");
+		goto err;
+		}
+
+ 
+	if ((krb5rc = krb5_auth_con_getrcache(krb5context, krb5auth_context,
+		&rcache)))
+		{
+ 		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+			"krb5_auth_con_getrcache() fails.\n");
+ 		goto err;
+		}
+ 
+	if ((krb5rc = krb5_sname_to_principal(krb5context, NULL,
+                (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC,
+                KRB5_NT_SRV_HST, &krb5server)) != 0)
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "krb5_sname_to_principal() fails.\n");
+		goto err;
+		}
+
+	if (rcache == NULL) 
+                {
+                if ((krb5rc = krb5_get_server_rcache(krb5context,
+			krb5_princ_component(krb5context, krb5server, 0),
+			&rcache)))
+                        {
+		        kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                                "krb5_get_server_rcache() fails.\n");
+                  	goto err;
+                        }
+                }
+
+        if ((krb5rc = krb5_auth_con_setrcache(krb5context, krb5auth_context, rcache)))
+                {
+                kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+			"krb5_auth_con_setrcache() fails.\n");
+                goto err;
+                }
+
+
+	/*	kssl_ctx->keytab_file == NULL ==> use Kerberos default
+	*/
+	if (kssl_ctx->keytab_file)
+		{
+		krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file,
+                        &krb5keytab);
+		if (krb5rc)
+			{
+			kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+				"krb5_kt_resolve() fails.\n");
+			goto err;
+			}
+		}
+	else
+		{
+                krb5rc = krb5_kt_default(krb5context,&krb5keytab);
+                if (krb5rc)
+			{
+			kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, 
+				"krb5_kt_default() fails.\n");
+			goto err;
+			}
+		}
+
+	/*	Actual Kerberos5 krb5_recvauth() has initial conversation here
+	**	o	check KRB5_SENDAUTH_BADAUTHVERS
+	**		unless KRB5_RECVAUTH_SKIP_VERSION
+	**	o	check KRB5_SENDAUTH_BADAPPLVERS
+	**	o	send "0" msg if all OK
+	*/
+
+	/*  20010411 was using AP_REQ instead of true KerberosWrapper
+	**
+	**  if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context,
+	**			&krb5in_data, krb5server, krb5keytab,
+	**			&ap_option, &krb5ticket)) != 0)  { Error }
+	*/
+
+	p = (unsigned char *)indata->data;
+	if ((asn1ticket = (KRB5_TKTBODY *) d2i_KRB5_TICKET(NULL, &p,
+						(long) indata->length)) == NULL)
+		{
+		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+			"d2i_KRB5_TICKET() ASN.1 decode failure.\n");
+		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+		goto err;
+		}
+	
+	/* Was:  krb5rc = krb5_decode_ticket(krb5in_data,&krb5ticket)) != 0) */
+	if ((krb5rc = kssl_TKT2tkt(krb5context, asn1ticket, &krb5ticket,
+					kssl_err)) != 0)
+		{
+		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+			"Error converting ASN.1 ticket to krb5_ticket.\n");
+		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+		goto err;
+		}
+
+	if (! krb5_principal_compare(krb5context, krb5server,
+						  krb5ticket->server))  {
+		krb5rc = KRB5_PRINC_NOMATCH;
+		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+			"server principal != ticket principal\n");
+		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+		goto err;
+		}
+	if ((krb5rc = krb5_kt_get_entry(krb5context, krb5keytab,
+			krb5ticket->server, krb5ticket->enc_part.kvno,
+			krb5ticket->enc_part.enctype, &kt_entry)) != 0)  {
+		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+			"krb5_kt_get_entry() fails with %x.\n", krb5rc);
+		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+		goto err;
+		}
+	if ((krb5rc = krb5_decrypt_tkt_part(krb5context, &kt_entry.key,
+			krb5ticket)) != 0)  {
+		BIO_snprintf(kssl_err->text, KSSL_ERR_MAX,
+			"krb5_decrypt_tkt_part() failed.\n");
+		kssl_err->reason = SSL_R_KRB5_S_RD_REQ;
+		goto err;
+		}
+	else  {
+		krb5_kt_free_entry(krb5context, &kt_entry);
+#ifdef KSSL_DEBUG
+		{
+		int i; krb5_address **paddr = krb5ticket->enc_part2->caddrs;
+		printf("Decrypted ticket fields:\n");
+		printf("\tflags: %X, transit-type: %X",
+			krb5ticket->enc_part2->flags,
+			krb5ticket->enc_part2->transited.tr_type);
+		print_krb5_data("\ttransit-data: ",
+			&(krb5ticket->enc_part2->transited.tr_contents));
+		printf("\tcaddrs: %p, authdata: %p\n",
+			krb5ticket->enc_part2->caddrs,
+			krb5ticket->enc_part2->authorization_data);
+		if (paddr)
+			{
+			printf("\tcaddrs:\n");
+			for (i=0; paddr[i] != NULL; i++)
+				{
+				krb5_data d;
+				d.length=paddr[i]->length;
+				d.data=paddr[i]->contents;
+				print_krb5_data("\t\tIP: ", &d);
+				}
+			}
+		printf("\tstart/auth/end times: %d / %d / %d\n",
+			krb5ticket->enc_part2->times.starttime,
+			krb5ticket->enc_part2->times.authtime,
+			krb5ticket->enc_part2->times.endtime);
+		}
+#endif	/* KSSL_DEBUG */
+		}
+
+	krb5rc = KRB5_NO_TKT_SUPPLIED;
+	if (!krb5ticket  ||	!krb5ticket->enc_part2  ||
+                !krb5ticket->enc_part2->client  ||
+                !krb5ticket->enc_part2->client->data  ||
+                !krb5ticket->enc_part2->session)
+                {
+                kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
+                        "bad ticket from krb5_rd_req.\n");
+		}
+	else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT,
+                &krb5ticket->enc_part2->client->realm,
+                krb5ticket->enc_part2->client->data))
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
+                        "kssl_ctx_setprinc() fails.\n");
+		}
+	else if (kssl_ctx_setkey(kssl_ctx, krb5ticket->enc_part2->session))
+                {
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
+                        "kssl_ctx_setkey() fails.\n");
+		}
+	else if (krb5ticket->enc_part2->flags & TKT_FLG_INVALID)
+                {
+		krb5rc = KRB5KRB_AP_ERR_TKT_INVALID;
+                kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET,
+                        "invalid ticket from krb5_rd_req.\n");
+		}
+	else	krb5rc = 0;
+
+	kssl_ctx->enctype	= krb5ticket->enc_part.enctype;
+	ttimes->authtime	= krb5ticket->enc_part2->times.authtime;
+	ttimes->starttime	= krb5ticket->enc_part2->times.starttime;
+	ttimes->endtime 	= krb5ticket->enc_part2->times.endtime;
+	ttimes->renew_till	= krb5ticket->enc_part2->times.renew_till;
+
+ err:
+#ifdef KSSL_DEBUG
+	kssl_ctx_show(kssl_ctx);
+#endif	/* KSSL_DEBUG */
+
+	if (asn1ticket) 	KRB5_TICKET_free((KRB5_TICKET *) asn1ticket);
+        if (krb5keytab)         krb5_kt_close(krb5context, krb5keytab);
+	if (krb5ticket) 	krb5_free_ticket(krb5context, krb5ticket);
+	if (krb5server) 	krb5_free_principal(krb5context, krb5server);
+	return (krb5rc);
+        }
+
+
+/*	Allocate & return a new kssl_ctx struct.
+*/
+KSSL_CTX	*
+kssl_ctx_new(void)
+        {
+	return ((KSSL_CTX *) calloc(1, sizeof(KSSL_CTX)));
+        }
+
+
+/*	Frees a kssl_ctx struct and any allocated memory it holds.
+**	Returns NULL.
+*/
+KSSL_CTX	*
+kssl_ctx_free(KSSL_CTX *kssl_ctx)
+        {
+	if (kssl_ctx == NULL)  return kssl_ctx;
+
+	if (kssl_ctx->key)  		OPENSSL_cleanse(kssl_ctx->key,
+							      kssl_ctx->length);
+	if (kssl_ctx->key)  		free(kssl_ctx->key);
+	if (kssl_ctx->client_princ) 	free(kssl_ctx->client_princ);
+	if (kssl_ctx->service_host) 	free(kssl_ctx->service_host);
+	if (kssl_ctx->service_name) 	free(kssl_ctx->service_name);
+	if (kssl_ctx->keytab_file) 	free(kssl_ctx->keytab_file);
+
+	free(kssl_ctx);
+	return (KSSL_CTX *) NULL;
+        }
+
+
+/*	Given a (krb5_data *) entity (and optional realm),
+**	set the plain (char *) client_princ or service_host member
+**	of the kssl_ctx struct.
+*/
+krb5_error_code
+kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
+        krb5_data *realm, krb5_data *entity)
+        {
+	char	**princ;
+	int 	length;
+
+	if (kssl_ctx == NULL  ||  entity == NULL)  return KSSL_CTX_ERR;
+
+	switch (which)
+                {
+        case KSSL_CLIENT:	princ = &kssl_ctx->client_princ;	break;
+        case KSSL_SERVER:	princ = &kssl_ctx->service_host;	break;
+        default:		return KSSL_CTX_ERR;			break;
+		}
+	if (*princ)  free(*princ);
+
+	length = entity->length + ((realm)? realm->length + 2: 1);
+	if ((*princ = calloc(1, length)) == NULL)
+		return KSSL_CTX_ERR;
+	else
+                {
+		strncpy(*princ, entity->data, entity->length);
+		(*princ)[entity->length]='\0';
+		if (realm)
+                        {
+			strcat (*princ, "@");
+			(void) strncat(*princ, realm->data, realm->length);
+			(*princ)[entity->length+1+realm->length]='\0';
+			}
+		}
+
+	return KSSL_CTX_OK;
+        }
+
+
+/*	Set one of the plain (char *) string members of the kssl_ctx struct.
+**	Default values should be:
+**		which == KSSL_SERVICE	=>	"khost" (KRB5SVC)
+**		which == KSSL_KEYTAB	=>	"/etc/krb5.keytab" (KRB5KEYTAB)
+*/
+krb5_error_code
+kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text)
+        {
+	char	**string;
+
+	if (!kssl_ctx)  return KSSL_CTX_ERR;
+
+	switch (which)
+                {
+        case KSSL_SERVICE:	string = &kssl_ctx->service_name;	break;
+        case KSSL_SERVER:	string = &kssl_ctx->service_host;	break;
+        case KSSL_CLIENT:	string = &kssl_ctx->client_princ;	break;
+        case KSSL_KEYTAB:	string = &kssl_ctx->keytab_file;	break;
+        default:		return KSSL_CTX_ERR;			break;
+		}
+	if (*string)  free(*string);
+
+	if (!text)
+                {
+		*string = '\0';
+		return KSSL_CTX_OK;
+		}
+
+	if ((*string = calloc(1, strlen(text) + 1)) == NULL)
+		return KSSL_CTX_ERR;
+	else
+		strcpy(*string, text);
+
+	return KSSL_CTX_OK;
+        }
+
+
+/*	Copy the Kerberos session key from a (krb5_keyblock *) to a kssl_ctx
+**	struct.  Clear kssl_ctx->key if Kerberos session key is NULL.
+*/
+krb5_error_code
+kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session)
+        {
+	int 		length;
+	krb5_enctype	enctype;
+	krb5_octet FAR	*contents = NULL;
+
+	if (!kssl_ctx)  return KSSL_CTX_ERR;
+
+	if (kssl_ctx->key)
+                {
+		OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length);
+		free(kssl_ctx->key);
+		}
+
+	if (session)
+                {
+
+#ifdef KRB5_HEIMDAL
+		length = session->keyvalue->length;
+		enctype = session->keytype;
+		contents = session->keyvalue->contents;
+#else
+		length = session->length;
+		enctype = session->enctype;
+		contents = session->contents;
+#endif
+		kssl_ctx->enctype = enctype;
+		kssl_ctx->length  = length;
+		}
+	else
+                {
+		kssl_ctx->enctype = ENCTYPE_UNKNOWN;
+		kssl_ctx->length  = 0;
+		return KSSL_CTX_OK;
+		}
+
+	if ((kssl_ctx->key =
+                (krb5_octet FAR *) calloc(1, kssl_ctx->length)) == NULL)
+                {
+		kssl_ctx->length  = 0;
+		return KSSL_CTX_ERR;
+		}
+	else
+		memcpy(kssl_ctx->key, contents, length);
+
+	return KSSL_CTX_OK;
+        }
+
+
+/*	Display contents of kssl_ctx struct
+*/
+void
+kssl_ctx_show(KSSL_CTX *kssl_ctx)
+        {
+	int 	i;
+
+	printf("kssl_ctx: ");
+	if (kssl_ctx == NULL)
+                {
+		printf("NULL\n");
+		return;
+		}
+	else
+		printf("%p\n", kssl_ctx);
+
+	printf("\tservice:\t%s\n",
+                (kssl_ctx->service_name)? kssl_ctx->service_name: "NULL");
+	printf("\tclient:\t%s\n",
+                (kssl_ctx->client_princ)? kssl_ctx->client_princ: "NULL");
+	printf("\tserver:\t%s\n",
+                (kssl_ctx->service_host)? kssl_ctx->service_host: "NULL");
+	printf("\tkeytab:\t%s\n",
+                (kssl_ctx->keytab_file)? kssl_ctx->keytab_file: "NULL");
+	printf("\tkey [%d:%d]:\t",
+                kssl_ctx->enctype, kssl_ctx->length);
+
+	for (i=0; i < kssl_ctx->length  &&  kssl_ctx->key; i++)
+                {
+		printf("%02x", kssl_ctx->key[i]);
+		}
+	printf("\n");
+	return;
+        }
+
+    int 
+    kssl_keytab_is_available(KSSL_CTX *kssl_ctx)
+{
+    krb5_context		krb5context = NULL;
+    krb5_keytab 		krb5keytab = NULL;
+    krb5_keytab_entry           entry;
+    krb5_principal              princ = NULL;
+    krb5_error_code  		krb5rc = KRB5KRB_ERR_GENERIC;
+    int rc = 0;
+
+    if ((krb5rc = krb5_init_context(&krb5context)))
+        return(0);
+
+    /*	kssl_ctx->keytab_file == NULL ==> use Kerberos default
+    */
+    if (kssl_ctx->keytab_file)
+    {
+        krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file,
+                                  &krb5keytab);
+        if (krb5rc)
+            goto exit;
+    }
+    else
+    {
+        krb5rc = krb5_kt_default(krb5context,&krb5keytab);
+        if (krb5rc)
+            goto exit;
+    }
+
+    /* the host key we are looking for */
+    krb5rc = krb5_sname_to_principal(krb5context, NULL, 
+                                     kssl_ctx->service_name ? kssl_ctx->service_name: KRB5SVC,
+                                     KRB5_NT_SRV_HST, &princ);
+
+    krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, 
+                                princ,
+                                0 /* IGNORE_VNO */,
+                                0 /* IGNORE_ENCTYPE */,
+                                &entry);
+    if ( krb5rc == KRB5_KT_NOTFOUND ) {
+        rc = 1;
+        goto exit;
+    } else if ( krb5rc )
+        goto exit;
+    
+    krb5_kt_free_entry(krb5context, &entry);
+    rc = 1;
+
+  exit:
+    if (krb5keytab)     krb5_kt_close(krb5context, krb5keytab);
+    if (princ)          krb5_free_principal(krb5context, princ);
+    if (krb5context)	krb5_free_context(krb5context);
+    return(rc);
+}
+
+int 
+kssl_tgt_is_available(KSSL_CTX *kssl_ctx)
+        {
+        krb5_error_code		krb5rc = KRB5KRB_ERR_GENERIC;
+        krb5_context		krb5context = NULL;
+        krb5_ccache 		krb5ccdef = NULL;
+        krb5_creds		krb5creds, *krb5credsp = NULL;
+        int                     rc = 0;
+
+        memset((char *)&krb5creds, 0, sizeof(krb5creds));
+
+        if (!kssl_ctx)
+            return(0);
+
+        if (!kssl_ctx->service_host)
+            return(0);
+
+        if ((krb5rc = krb5_init_context(&krb5context)) != 0)
+            goto err;
+
+        if ((krb5rc = krb5_sname_to_principal(krb5context,
+                                              kssl_ctx->service_host,
+                                              (kssl_ctx->service_name)? kssl_ctx->service_name: KRB5SVC,
+                                              KRB5_NT_SRV_HST, &krb5creds.server)) != 0)
+            goto err;
+
+        if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0)
+            goto err;
+
+        if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
+                                             &krb5creds.client)) != 0)
+            goto err;
+
+        if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef,
+                                            &krb5creds, &krb5credsp)) != 0)
+            goto err;
+
+        rc = 1;
+
+      err:
+#ifdef KSSL_DEBUG
+	kssl_ctx_show(kssl_ctx);
+#endif	/* KSSL_DEBUG */
+
+	if (krb5creds.client)	krb5_free_principal(krb5context, krb5creds.client);
+	if (krb5creds.server)	krb5_free_principal(krb5context, krb5creds.server);
+	if (krb5context)	krb5_free_context(krb5context);
+        return(rc);
+	}
+
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WIN32)
+void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data)
+	{
+#ifdef KRB5_HEIMDAL
+	data->length = 0;
+        if (data->data)
+            free(data->data);
+#elif defined(KRB5_MIT_OLD11)
+	if (data->data)  {
+		krb5_xfree(data->data);
+		data->data = 0;
+		}
+#else
+	krb5_free_data_contents(NULL, data);
+#endif
+	}
+#endif /* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */
+
+
+/*  Given pointers to KerberosTime and struct tm structs, convert the
+**  KerberosTime string to struct tm.  Note that KerberosTime is a
+**  ASN1_GENERALIZEDTIME value, constrained to GMT with no fractional
+**  seconds as defined in RFC 1510.
+**  Return pointer to the (partially) filled in struct tm on success,
+**  return NULL on failure.
+*/
+struct tm	*k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm)
+	{
+	char 		c, *p;
+
+	if (!k_tm)  return NULL;
+	if (gtime == NULL  ||  gtime->length < 14)  return NULL;
+	if (gtime->data == NULL)  return NULL;
+
+	p = (char *)&gtime->data[14];
+
+	c = *p;	 *p = '\0';  p -= 2;  k_tm->tm_sec  = atoi(p);      *(p+2) = c;
+	c = *p;	 *p = '\0';  p -= 2;  k_tm->tm_min  = atoi(p);      *(p+2) = c;
+	c = *p;	 *p = '\0';  p -= 2;  k_tm->tm_hour = atoi(p);      *(p+2) = c;
+	c = *p;	 *p = '\0';  p -= 2;  k_tm->tm_mday = atoi(p);      *(p+2) = c;
+	c = *p;	 *p = '\0';  p -= 2;  k_tm->tm_mon  = atoi(p)-1;    *(p+2) = c;
+	c = *p;	 *p = '\0';  p -= 4;  k_tm->tm_year = atoi(p)-1900; *(p+4) = c;
+
+	return k_tm;
+	}
+
+
+/*  Helper function for kssl_validate_times().
+**  We need context->clockskew, but krb5_context is an opaque struct.
+**  So we try to sneek the clockskew out through the replay cache.
+**	If that fails just return a likely default (300 seconds).
+*/
+krb5_deltat	get_rc_clockskew(krb5_context context)
+	{
+	krb5_rcache 	rc;
+	krb5_deltat 	clockskew;
+
+	if (krb5_rc_default(context, &rc))  return KSSL_CLOCKSKEW;
+	if (krb5_rc_initialize(context, rc, 0))  return KSSL_CLOCKSKEW;
+	if (krb5_rc_get_lifespan(context, rc, &clockskew))  {
+		clockskew = KSSL_CLOCKSKEW;
+		}
+	(void) krb5_rc_destroy(context, rc);
+	return clockskew;
+	}
+
+
+/*  kssl_validate_times() combines (and more importantly exposes)
+**  the MIT KRB5 internal function krb5_validate_times() and the
+**  in_clock_skew() macro.  The authenticator client time is checked
+**  to be within clockskew secs of the current time and the current
+**  time is checked to be within the ticket start and expire times.
+**  Either check may be omitted by supplying a NULL value.
+**  Returns 0 for valid times, SSL_R_KRB5* error codes otherwise.
+**  See Also: (Kerberos source)/krb5/lib/krb5/krb/valid_times.c
+**  20010420 VRS
+*/
+krb5_error_code  kssl_validate_times(	krb5_timestamp atime,
+					krb5_ticket_times *ttimes)
+	{
+	krb5_deltat 	skew;
+	krb5_timestamp	start, now;
+	krb5_error_code	rc;
+	krb5_context	context;
+
+	if ((rc = krb5_init_context(&context)))	 return SSL_R_KRB5_S_BAD_TICKET;
+	skew = get_rc_clockskew(context); 
+	if ((rc = krb5_timeofday(context,&now))) return SSL_R_KRB5_S_BAD_TICKET;
+	krb5_free_context(context);
+
+	if (atime  &&  labs(atime - now) >= skew)  return SSL_R_KRB5_S_TKT_SKEW;
+
+	if (! ttimes)  return 0;
+
+	start = (ttimes->starttime != 0)? ttimes->starttime: ttimes->authtime;
+	if (start - now > skew)  return SSL_R_KRB5_S_TKT_NYV;
+	if ((now - ttimes->endtime) > skew)  return SSL_R_KRB5_S_TKT_EXPIRED;
+
+#ifdef KSSL_DEBUG
+	printf("kssl_validate_times: %d |<-  | %d - %d | < %d  ->| %d\n",
+		start, atime, now, skew, ttimes->endtime);
+#endif	/* KSSL_DEBUG */
+
+	return 0;
+	}
+
+
+/*  Decode and decrypt given DER-encoded authenticator, then pass
+**  authenticator ctime back in *atimep (or 0 if time unavailable).
+**  Returns krb5_error_code and kssl_err on error.  A NULL 
+**  authenticator (authentp->length == 0) is not considered an error.
+**  Note that kssl_check_authent() makes use of the KRB5 session key;
+**  you must call kssl_sget_tkt() to get the key before calling this routine.
+*/
+krb5_error_code  kssl_check_authent(
+			/* IN     */	KSSL_CTX	*kssl_ctx,
+                        /* IN     */   	krb5_data	*authentp,
+			/* OUT    */	krb5_timestamp	*atimep,
+			/* OUT    */    KSSL_ERR	*kssl_err  )
+	{
+        krb5_error_code		krb5rc = 0;
+	KRB5_ENCDATA		*dec_authent = NULL;
+	KRB5_AUTHENTBODY	*auth = NULL;
+	krb5_enctype		enctype;
+	EVP_CIPHER_CTX		ciph_ctx;
+	const EVP_CIPHER	*enc = NULL;
+	unsigned char		iv[EVP_MAX_IV_LENGTH];
+	unsigned char		*p, *unenc_authent;
+	int 			padl, outl, unencbufsize;
+	struct tm		tm_time, *tm_l, *tm_g;
+	time_t			now, tl, tg, tr, tz_offset;
+
+	EVP_CIPHER_CTX_init(&ciph_ctx);
+	*atimep = 0;
+	kssl_err_set(kssl_err, 0, "");
+
+#ifndef KRB5CHECKAUTH
+	authentp = NULL;
+#else
+#if	KRB5CHECKAUTH == 0
+	authentp = NULL;
+#endif
+#endif	/* KRB5CHECKAUTH */
+
+	if (authentp == NULL  ||  authentp->length == 0)  return 0;
+
+#ifdef KSSL_DEBUG
+        {
+        unsigned int ui;
+	printf("kssl_check_authent: authenticator[%d]:\n",authentp->length);
+	p = authentp->data; 
+	for (ui=0; ui < authentp->length; ui++)  printf("%02x ",p[ui]);
+	printf("\n");
+        }
+#endif	/* KSSL_DEBUG */
+
+	unencbufsize = 2 * authentp->length;
+	if ((unenc_authent = calloc(1, unencbufsize)) == NULL)
+		{
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+			"Unable to allocate authenticator buffer.\n");
+		krb5rc = KRB5KRB_ERR_GENERIC;
+		goto err;
+		}
+
+	p = (unsigned char *)authentp->data;
+	if ((dec_authent = d2i_KRB5_ENCDATA(NULL, &p,
+					(long) authentp->length)) == NULL) 
+		{
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "Error decoding authenticator.\n");
+		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+		goto err;
+		}
+
+	enctype = dec_authent->etype->data[0];	/* should = kssl_ctx->enctype */
+#if !defined(KRB5_MIT_OLD11)
+            switch ( enctype ) {
+            case ENCTYPE_DES3_CBC_SHA1:		/*    EVP_des_ede3_cbc();  */
+            case ENCTYPE_DES3_CBC_SHA:
+            case ENCTYPE_DES3_CBC_RAW:
+                krb5rc = 0;                     /* Skip, can't handle derived keys */
+                goto err;
+            }
+#endif
+	enc = kssl_map_enc(enctype);
+	memset(iv, 0, sizeof iv);       /* per RFC 1510 */
+
+	if (enc == NULL)
+		{
+		/*  Disable kssl_check_authent for ENCTYPE_DES3_CBC_SHA1.
+		**  This enctype indicates the authenticator was encrypted
+		**  using key-usage derived keys which openssl cannot decrypt.
+		*/
+		goto err;
+		}
+	if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv))
+		{
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+			"EVP_DecryptInit_ex error decrypting authenticator.\n");
+		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+		goto err;
+		}
+	if (!EVP_DecryptUpdate(&ciph_ctx, unenc_authent, &outl,
+			dec_authent->cipher->data, dec_authent->cipher->length))
+		{
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+			"EVP_DecryptUpdate error decrypting authenticator.\n");
+		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+		goto err;
+		}
+	if (outl > unencbufsize)
+		{
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "Buffer overflow decrypting authenticator.\n");
+		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+		goto err;
+		}
+	if (!EVP_DecryptFinal_ex(&ciph_ctx, &(unenc_authent[outl]), &padl))
+		{
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+			"EVP_DecryptFinal_ex error decrypting authenticator.\n");
+		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+		goto err;
+		}
+	outl += padl;
+	if (outl > unencbufsize)
+		{
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "Buffer overflow decrypting authenticator.\n");
+		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+		goto err;
+		}
+	EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+
+#ifdef KSSL_DEBUG
+	printf("kssl_check_authent: decrypted authenticator[%d] =\n", outl);
+	for (padl=0; padl < outl; padl++) printf("%02x ",unenc_authent[padl]);
+	printf("\n");
+#endif	/* KSSL_DEBUG */
+
+	if ((p = kssl_skip_confound(enctype, unenc_authent)) == NULL)
+		{
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "confounded by authenticator.\n");
+		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+		goto err;
+		}
+	outl -= p - unenc_authent;
+
+	if ((auth = (KRB5_AUTHENTBODY *) d2i_KRB5_AUTHENT(NULL, &p,
+							  (long) outl))==NULL)
+		{
+		kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT,
+                        "Error decoding authenticator body.\n");
+		krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY;
+		goto err;
+		}
+
+	memset(&tm_time,0,sizeof(struct tm));
+	if (k_gmtime(auth->ctime, &tm_time)  &&
+		((tr = mktime(&tm_time)) != (time_t)(-1)))
+ 		{
+ 		now  = time(&now);
+ 		tm_l = localtime(&now); 	tl = mktime(tm_l);
+ 		tm_g = gmtime(&now);		tg = mktime(tm_g);
+ 		tz_offset = tg - tl;
+
+		*atimep = tr - tz_offset;
+ 		}
+
+#ifdef KSSL_DEBUG
+	printf("kssl_check_authent: returns %d for client time ", *atimep);
+	if (auth && auth->ctime && auth->ctime->length && auth->ctime->data)
+		printf("%.*s\n", auth->ctime->length, auth->ctime->data);
+	else	printf("NULL\n");
+#endif	/* KSSL_DEBUG */
+
+ err:
+	if (auth)		KRB5_AUTHENT_free((KRB5_AUTHENT *) auth);
+	if (dec_authent)	KRB5_ENCDATA_free(dec_authent);
+	if (unenc_authent)	free(unenc_authent);
+	return krb5rc;
+	}
+
+
+/*  Replaces krb5_build_principal_ext(), with varargs length == 2 (svc, host),
+**  because I dont't know how to stub varargs.
+**  Returns krb5_error_code == ENOMEM on alloc error, otherwise
+**  passes back newly constructed principal, which should be freed by caller.
+*/
+krb5_error_code  kssl_build_principal_2(
+			/* UPDATE */	krb5_context	context,
+			/* OUT    */	krb5_principal	*princ,
+			/* IN     */	int rlen,  const char *realm,
+			/* IN	  */	int slen,  const char *svc,
+			/* IN	  */	int hlen,  const char *host)
+	{
+	krb5_data		*p_data = NULL;
+	krb5_principal		new_p = NULL;
+        char			*new_r = NULL;
+
+	if ((p_data = (krb5_data *) calloc(2, sizeof(krb5_data))) == NULL  ||
+	    (new_p = (krb5_principal) calloc(1, sizeof(krb5_principal_data)))
+			== NULL)  goto err;
+	new_p->length = 2;
+	new_p->data = p_data;
+
+	if ((new_r = calloc(1, rlen + 1)) == NULL)  goto err;
+	memcpy(new_r, realm, rlen);
+	krb5_princ_set_realm_length(context, new_p, rlen);
+	krb5_princ_set_realm_data(context, new_p, new_r);
+
+	if ((new_p->data[0].data = calloc(1, slen + 1)) == NULL)  goto err;
+	memcpy(new_p->data[0].data, svc, slen);
+	new_p->data[0].length = slen;
+
+	if ((new_p->data[1].data = calloc(1, hlen + 1)) == NULL)  goto err;
+	memcpy(new_p->data[1].data, host, hlen);
+	new_p->data[1].length = hlen;
+	
+	krb5_princ_type(context, new_p) = KRB5_NT_UNKNOWN;
+	*princ = new_p;
+	return 0;
+
+ err:
+	if (new_p  &&  new_p[0].data)	free(new_p[0].data);
+	if (new_p  &&  new_p[1].data)	free(new_p[1].data);
+	if (new_p)	free(new_p);
+	if (new_r)	free(new_r);
+	return ENOMEM;
+	}
+
+
+#else /* !OPENSSL_NO_KRB5 */
+
+#if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS)
+static int dummy=(int)&dummy;
+#endif
+
+#endif	/* !OPENSSL_NO_KRB5	*/
+
diff --git a/ssl/kssl.h b/ssl/kssl.h
new file mode 100644
index 0000000000..cf7ebdd168
--- /dev/null
+++ b/ssl/kssl.h
@@ -0,0 +1,173 @@
+/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000.
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+**	19990701	VRS 	Started.
+*/
+
+#ifndef	KSSL_H
+#define	KSSL_H
+
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_KRB5
+
+#include <stdio.h>
+#include <ctype.h>
+#include <krb5.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+**	Depending on which KRB5 implementation used, some types from
+**	the other may be missing.  Resolve that here and now
+*/
+#ifdef KRB5_HEIMDAL
+typedef unsigned char krb5_octet;
+#define FAR
+#endif
+
+/*	Uncomment this to debug kssl problems or
+**	to trace usage of the Kerberos session key
+**
+**	#define		KSSL_DEBUG
+*/
+
+#ifndef	KRB5SVC
+#define KRB5SVC	"host"
+#endif
+
+#ifndef	KRB5KEYTAB
+#define KRB5KEYTAB	"/etc/krb5.keytab"
+#endif
+
+#ifndef KRB5SENDAUTH
+#define KRB5SENDAUTH	1
+#endif
+
+#ifndef KRB5CHECKAUTH
+#define KRB5CHECKAUTH	1
+#endif
+
+#ifndef KSSL_CLOCKSKEW
+#define	KSSL_CLOCKSKEW	300;
+#endif
+
+#define	KSSL_ERR_MAX	255
+typedef struct kssl_err_st  {
+	int  reason;
+	char text[KSSL_ERR_MAX+1];
+	} KSSL_ERR;
+
+
+/*	Context for passing
+**		(1) Kerberos session key to SSL, and
+**		(2)	Config data between application and SSL lib
+*/
+typedef struct kssl_ctx_st
+        {
+                                /*	used by:    disposition:            */
+	char *service_name;	/*	C,S	    default ok (kssl)       */
+	char *service_host;	/*	C	    input, REQUIRED         */
+	char *client_princ;	/*	S	    output from krb5 ticket */
+	char *keytab_file;	/*      S	    NULL (/etc/krb5.keytab) */
+	char *cred_cache;	/*	C	    NULL (default)          */
+	krb5_enctype enctype;
+	int length;
+	krb5_octet FAR *key;
+	} KSSL_CTX;
+
+#define	KSSL_CLIENT 	1
+#define KSSL_SERVER 	2
+#define	KSSL_SERVICE	3
+#define	KSSL_KEYTAB 	4
+
+#define KSSL_CTX_OK 	0
+#define KSSL_CTX_ERR	1
+#define KSSL_NOMEM	2
+
+/* Public (for use by applications that use OpenSSL with Kerberos 5 support */
+krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text);
+KSSL_CTX *kssl_ctx_new(void);
+KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
+void kssl_ctx_show(KSSL_CTX *kssl_ctx);
+krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
+        krb5_data *realm, krb5_data *entity);
+krb5_error_code	kssl_cget_tkt(KSSL_CTX *kssl_ctx,  krb5_data **enc_tktp,
+        krb5_data *authenp, KSSL_ERR *kssl_err);
+krb5_error_code	kssl_sget_tkt(KSSL_CTX *kssl_ctx,  krb5_data *indata,
+        krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);
+krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session);
+void	kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);
+void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data);
+krb5_error_code  kssl_build_principal_2(krb5_context context,
+			krb5_principal *princ, int rlen, const char *realm,
+			int slen, const char *svc, int hlen, const char *host);
+krb5_error_code  kssl_validate_times(krb5_timestamp atime,
+					krb5_ticket_times *ttimes);
+krb5_error_code  kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
+			            krb5_timestamp *atimep, KSSL_ERR *kssl_err);
+unsigned char	*kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif	/* OPENSSL_NO_KRB5	*/
+#endif	/* KSSL_H 	*/
diff --git a/ssl/kssl_lcl.h b/ssl/kssl_lcl.h
new file mode 100644
index 0000000000..4cd8dd2d7f
--- /dev/null
+++ b/ssl/kssl_lcl.h
@@ -0,0 +1,87 @@
+/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project 2000.
+ * project 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef	KSSL_LCL_H
+#define	KSSL_LCL_H
+
+#include <openssl/kssl.h>
+
+#ifndef OPENSSL_NO_KRB5
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Private (internal to OpenSSL) */
+void print_krb5_data(char *label, krb5_data *kdata);
+void print_krb5_authdata(char *label, krb5_authdata **adata);
+void print_krb5_keyblock(char *label, krb5_keyblock *keyblk);
+
+char *kstring(char *string);
+char *knumber(int len, krb5_octet *contents);
+
+EVP_CIPHER *kssl_map_enc(krb5_enctype enctype);
+
+int kssl_keytab_is_available(KSSL_CTX *kssl_ctx);
+int kssl_tgt_is_available(KSSL_CTX *kssl_ctx);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif	/* OPENSSL_NO_KRB5	*/
+#endif	/* KSSL_LCL_H 	*/
diff --git a/ssl/readme b/ssl/readme
deleted file mode 100644
index ca174848a1..0000000000
--- a/ssl/readme
+++ /dev/null
@@ -1,277 +0,0 @@
-22 Jun 1996
-This file belongs in ../apps, but I'll leave it here because it deals
-with SSL :-)  It is rather dated but it gives you an idea of how
-things work.
-===
-
-17 Jul 1995
-I have been changing things quite a bit and have not fully updated
-this file, so take what you read with a grain of salt
-eric
-===
-The s_client and s_server programs can be used to test SSL capable
-IP/port addresses and the verification of the X509 certificates in use
-by these services.  I strongly advise having a look at the code to get
-an idea of how to use the authentication under SSLeay.  Any feedback
-on changes and improvements would be greatly accepted.
-
-This file will probably be gibberish unless you have read
-rfc1421, rfc1422, rfc1423 and rfc1424 which describe PEM
-authentication.
-
-A Brief outline (and examples) how to use them to do so.
-
-NOTE:
-The environment variable SSL_CIPER is used to specify the prefered
-cipher to use, play around with setting it's value to combinations of
-RC4-MD5, EXP-RC4-MD5, CBC-DES-MD5, CBC3-DES-MD5, CFB-DES-NULL
-in a : separated list.
-
-This directory contains 3 X509 certificates which can be used by these programs.
-client.pem: a file containing a certificate and private key to be used
-	by s_client.
-server.pem :a file containing a certificate and private key to be used
-	by s_server.
-eay1024.pem:the certificate used to sign client.pem and server.pem.
-	This would be your CA's certificate.  There is also a link
-	from the file a8556381.0 to eay1024.PEM.  The value a8556381
-	is returned by 'x509 -hash -noout <eay1024.pem' and is the
-	value used by X509 verification routines to 'find' this
-	certificte when search a directory for it.
-	[the above is not true any more, the CA cert is 
-	 ../certs/testca.pem which is signed by ../certs/mincomca.pem]
-
-When testing the s_server, you may get
-bind: Address already in use
-errors.  These indicate the port is still being held by the unix
-kernel and you are going to have to wait for it to let go of it.  If
-this is the case, remember to use the port commands on the s_server and
-s_client to talk on an alternative port.
-
-=====
-s_client.
-This program can be used to connect to any IP/hostname:port that is
-talking SSL.  Once connected, it will attempt to authenticate the
-certificate it was passed and if everything works as expected, a 2
-directional channel will be open.  Any text typed will be sent to the
-other end.  type Q<cr> to exit.  Flags are as follows.
--host arg	: Arg is the host or IP address to connect to.
--port arg	: Arg is the port to connect to (https is 443).
--verify arg	: Turn on authentication of the server certificate.
-		: Arg specifies the 'depth', this will covered below.
--cert arg	: The optional certificate to use.  This certificate
-		: will be returned to the server if the server
-		: requests it for client authentication.
--key arg	: The private key that matches the certificate
-		: specified by the -cert option.  If this is not
-		: specified (but -cert is), the -cert file will be
-		: searched for the Private key.  Both files are
-		: assumed to be in PEM format.
--CApath arg	: When to look for certificates when 'verifying' the
-		: certificate from the server.
--CAfile arg	: A file containing certificates to be used for
-		: 'verifying' the server certificate.
--reconnect	: Once a connection has been made, drop it and
-		: reconnect with same session-id.  This is for testing :-).
-
-The '-verify n' parameter specifies not only to verify the servers
-certificate but to also only take notice of 'n' levels.  The best way
-to explain is to show via examples.
-Given
-s_server -cert server.PEM is running.
-
-s_client
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
-	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify error:num=1:unable to get issuer certificate
-	verify return:1
-	CIPHER is CBC-DES-MD5
-What has happened is that the 'SSLeay demo server' certificate's
-issuer ('CA') could not be found but because verify is not on, we
-don't care and the connection has been made anyway.  It is now 'up'
-using CBC-DES-MD5 mode.  This is an unauthenticate secure channel.
-You may not be talking to the right person but the data going to them
-is encrypted.
-
-s_client -verify 0
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
-	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify error:num=1:unable to get issuer certificate
-	verify return:1
-	CIPHER is CBC-DES-MD5
-We are 'verifying' but only to depth 0, so since the 'SSLeay demo server'
-certificate passed the date and checksum, we are happy to proceed.
-
-s_client -verify 1
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
-	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify error:num=1:unable to get issuer certificate
-	verify return:0
-	ERROR
-	verify error:unable to get issuer certificate
-In this case we failed to make the connection because we could not
-authenticate the certificate because we could not find the
-'CA' certificate.
-
-s_client -verify 1 -CAfile eay1024.PEM
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
-	verify return:1
-	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify return:1
-	CIPHER is CBC-DES-MD5
-We loaded the certificates from the file eay1024.PEM.  Everything
-checked out and so we made the connection.
-
-s_client -verify 1 -CApath .
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
-	verify return:1
-	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify return:1
-	CIPHER is CBC-DES-MD5
-We looked in out local directory for issuer certificates and 'found'
-a8556381.0 and so everything is ok.
-
-It is worth noting that 'CA' is a self certified certificate.  If you
-are passed one of these, it will fail to 'verify' at depth 0 because
-we need to lookup the certifier of a certificate from some information
-that we trust and keep locally.
-
-SSL_CIPHER=CBC3-DES-MD5:RC4-MD5
-export SSL_CIPHER
-s_client -verify 10 -CApath . -reconnect
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
-	verify return:1
-	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify return:1
-	drop the connection and reconnect with the same session id
-	CIPHER is CBC3-DES-MD5
-This has done a full connection and then re-estabished it with the
-same session id but a new socket.  No RSA stuff occures on the second
-connection.  Note that we said we would prefer to use CBC3-DES-MD5
-encryption and so, since the server supports it, we are.
-
-=====
-s_server
-This program accepts SSL connections on a specified port
-Once connected, it will estabish an SSL connection and optionaly
-attempt to authenticate the client.  A 2 directional channel will be
-open.  Any text typed will be sent to the other end.  Type Q<cr> to exit.
-Flags are as follows.
--port arg	: Arg is the port to listen on.
--verify arg	: Turn on authentication of the client if they have a
-		: certificate.  Arg specifies the 'depth'.
--Verify arg	: Turn on authentication of the client. If they don't
-		: have a valid certificate, drop the connection.
--cert arg	: The certificate to use.  This certificate
-		: will be passed to the client.  If it is not
-		: specified, it will default to server.PEM
--key arg	: The private key that matches the certificate
-		: specified by the -cert option.  If this is not
-		: specified (but -cert is), the -cert file will be
-		: searched for the Private key.  Both files are
-		: assumed to be in PEM format.  Default is server.PEM
--CApath arg	: When to look for certificates when 'verifying' the
-		: certificate from the client.
--CAfile arg	: A file containing certificates to be used for
-		: 'verifying' the client certificate.
-
-For the following 'demo'  I will specify the s_server command and
-the s_client command and then list the output from the s_server.
-s_server
-s_client
-	CONNECTED
-	CIPHER is CBC-DES-MD5
-Everything up and running
-
-s_server -verify 0
-s_client  
-	CONNECTED
-	CIPHER is CBC-DES-MD5
-Ok since no certificate was returned and we don't care.
-
-s_server -verify 0
-./s_client -cert client.PEM
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
-	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify error:num=1:unable to get issuer certificate
-	verify return:1
-	CIPHER is CBC-DES-MD5
-Ok since we were only verifying to level 0
-
-s_server -verify 4
-s_client -cert client.PEM
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
-	issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify error:num=1:unable to get issuer certificate
-	verify return:0
-	ERROR
-	verify error:unable to get issuer certificate
-Bad because we could not authenticate the returned certificate.
-
-s_server -verify 4 -CApath .
-s_client -cert client.PEM
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
-	verify return:1
-	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify return:1
-	CIPHER is CBC-DES-MD5
-Ok because we could authenticate the returned certificate :-).
-
-s_server -Verify 0 -CApath .
-s_client
-	CONNECTED
-	ERROR
-	SSL error:function is:REQUEST_CERTIFICATE
-		 :error is   :client end did not return a certificate
-Error because no certificate returned.
-
-s_server -Verify 4 -CApath .
-s_client -cert client.PEM
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
-	verify return:1
-	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify return:1
-	CIPHER is CBC-DES-MD5
-Full authentication of the client.
-
-So in summary to do full authentication of both ends
-s_server -Verify 9 -CApath .
-s_client -cert client.PEM -CApath . -verify 9
-From the server side
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client
-	verify return:1
-	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify return:1
-	CIPHER is CBC-DES-MD5
-From the client side
-	CONNECTED
-	depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server
-	verify return:1
-	depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA
-	verify return:1
-	CIPHER is CBC-DES-MD5
-
-For general probing of the 'internet https' servers for the
-distribution area, run
-s_client -host www.netscape.com -port 443 -verify 4 -CApath ../rsa/hash
-Then enter
-GET /
-and you should be talking to the https server on that host.
-
-www.rsa.com was refusing to respond to connections on 443 when I was
-testing.
-
-have fun :-).
-
-eric
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 597cc8772e..ffaf3baff3 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -57,28 +57,22 @@
  */
 
 #include <stdio.h>
-#include "buffer.h"
-#include "rand.h"
-#include "objects.h"
-#include "evp.h"
 #include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
 
-#define BREAK break
-
-#ifndef NOPROTO
+static SSL_METHOD *ssl23_get_client_method(int ver);
 static int ssl23_client_hello(SSL *s);
 static int ssl23_get_server_hello(SSL *s);
-#else
-static int ssl23_client_hello();
-static int ssl23_get_server_hello();
-#endif
-
-static SSL_METHOD *ssl23_get_client_method(ver)
-int ver;
+static SSL_METHOD *ssl23_get_client_method(int ver)
 	{
+#ifndef OPENSSL_NO_SSL2
 	if (ver == SSL2_VERSION)
 		return(SSLv2_client_method());
-	else if (ver == SSL3_VERSION)
+#endif
+	if (ver == SSL3_VERSION)
 		return(SSLv3_client_method());
 	else if (ver == TLS1_VERSION)
 		return(TLSv1_client_method());
@@ -86,32 +80,38 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *SSLv23_client_method()
+SSL_METHOD *SSLv23_client_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD SSLv23_client_data;
 
 	if (init)
 		{
-		init=0;
-		memcpy((char *)&SSLv23_client_data,
-			(char *)sslv23_base_method(),sizeof(SSL_METHOD));
-		SSLv23_client_data.ssl_connect=ssl23_connect;
-		SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+		if (init)
+			{
+			memcpy((char *)&SSLv23_client_data,
+				(char *)sslv23_base_method(),sizeof(SSL_METHOD));
+			SSLv23_client_data.ssl_connect=ssl23_connect;
+			SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
+			init=0;
+			}
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv23_client_data);
 	}
 
-int ssl23_connect(s)
-SSL *s;
+int ssl23_connect(SSL *s)
 	{
 	BUF_MEM *buf;
 	unsigned long Time=time(NULL);
-	void (*cb)()=NULL;
+	void (*cb)(const SSL *ssl,int type,int val)=NULL;
 	int ret= -1;
 	int new_state,state;
 
-	RAND_seed((unsigned char *)&Time,sizeof(Time));
+	RAND_add(&Time,sizeof(Time),0);
 	ERR_clear_error();
 	clear_sys_error();
 
@@ -120,8 +120,8 @@ SSL *s;
 	else if (s->ctx->info_callback != NULL)
 		cb=s->ctx->info_callback;
 	
-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
 	s->in_handshake++;
+	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
 
 	for (;;)
 		{
@@ -134,6 +134,13 @@ SSL *s;
 		case SSL_ST_BEFORE|SSL_ST_CONNECT:
 		case SSL_ST_OK|SSL_ST_CONNECT:
 
+			if (s->session != NULL)
+				{
+				SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE);
+				ret= -1;
+				goto end;
+				}
+			s->server=0;
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
 			/* s->version=TLS1_VERSION; */
@@ -159,7 +166,7 @@ SSL *s;
 			ssl3_init_finished_mac(s);
 
 			s->state=SSL23_ST_CW_CLNT_HELLO_A;
-			s->ctx->sess_connect++;
+			s->ctx->stats.sess_connect++;
 			s->init_num=0;
 			break;
 
@@ -188,7 +195,7 @@ SSL *s;
 			/* break; */
 			}
 
-		if (s->debug) BIO_flush(s->wbio);
+		if (s->debug) { (void)BIO_flush(s->wbio); }
 
 		if ((cb != NULL) && (s->state != state))
 			{
@@ -206,12 +213,12 @@ end:
 	}
 
 
-static int ssl23_client_hello(s)
-SSL *s;
+static int ssl23_client_hello(SSL *s)
 	{
 	unsigned char *buf;
 	unsigned char *p,*d;
 	int i,ch_len;
+	int ret;
 
 	buf=(unsigned char *)s->init_buf->data;
 	if (s->state == SSL23_ST_CW_CLNT_HELLO_A)
@@ -225,7 +232,7 @@ SSL *s;
 #endif
 
 		p=s->s3->client_random;
-		RAND_bytes(p,SSL3_RANDOM_SIZE);
+		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE);
 
 		/* Do the message type and length last */
 		d= &(buf[2]);
@@ -236,16 +243,19 @@ SSL *s;
 			{
 			*(d++)=TLS1_VERSION_MAJOR;
 			*(d++)=TLS1_VERSION_MINOR;
+			s->client_version=TLS1_VERSION;
 			}
 		else if (!(s->options & SSL_OP_NO_SSLv3))
 			{
 			*(d++)=SSL3_VERSION_MAJOR;
 			*(d++)=SSL3_VERSION_MINOR;
+			s->client_version=SSL3_VERSION;
 			}
 		else if (!(s->options & SSL_OP_NO_SSLv2))
 			{
 			*(d++)=SSL2_VERSION_MAJOR;
 			*(d++)=SSL2_VERSION_MINOR;
+			s->client_version=SSL2_VERSION;
 			}
 		else
 			{
@@ -283,7 +293,7 @@ SSL *s;
 			i=ch_len;
 		s2n(i,d);
 		memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE);
-		RAND_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
+		RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
 		memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i);
 		p+=i;
 
@@ -300,15 +310,18 @@ SSL *s;
 		}
 
 	/* SSL3_ST_CW_CLNT_HELLO_B */
-	return(ssl23_write_bytes(s));
+	ret = ssl23_write_bytes(s);
+	if (ret >= 2)
+		if (s->msg_callback)
+			s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
+	return ret;
 	}
 
-static int ssl23_get_server_hello(s)
-SSL *s;
+static int ssl23_get_server_hello(SSL *s)
 	{
 	char buf[8];
 	unsigned char *p;
-	int i,ch_len;
+	int i;
 	int n;
 
 	n=ssl23_read_bytes(s,7);
@@ -321,9 +334,14 @@ SSL *s;
 	if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) &&
 		(p[5] == 0x00) && (p[6] == 0x02))
 		{
+#ifdef OPENSSL_NO_SSL2
+		SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
+		goto err;
+#else
 		/* we are talking sslv2 */
 		/* we need to clean up the SSLv3 setup and put in the
 		 * sslv2 stuff. */
+		int ch_len;
 
 		if (s->options & SSL_OP_NO_SSLv2)
 			{
@@ -352,7 +370,7 @@ SSL *s;
 
 		if (s->s3 != NULL) ssl3_free(s);
 
-		if (!BUF_MEM_grow(s->init_buf,
+		if (!BUF_MEM_grow_clean(s->init_buf,
 			SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
 			{
 			SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,ERR_R_BUF_LIB);
@@ -360,7 +378,9 @@ SSL *s;
 			}
 
 		s->state=SSL2_ST_GET_SERVER_HELLO_A;
-		s->s2->ssl2_rollback=1;
+		if (!(s->client_version == SSL2_VERSION))
+			/* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */
+			s->s2->ssl2_rollback=1;
 
 		/* setup the 5 bytes we have read so we get them from
 		 * the sslv2 buffer */
@@ -376,6 +396,7 @@ SSL *s;
 
 		s->method=SSLv2_client_method();
 		s->handshake_func=s->method->ssl_connect;
+#endif
 		}
 	else if ((p[0] == SSL3_RT_HANDSHAKE) &&
 		 (p[1] == SSL3_VERSION_MAJOR) &&
@@ -426,7 +447,7 @@ SSL *s;
 		 (p[3] == 0) &&
 		 (p[4] == 2))
 		{
-		void (*cb)()=NULL;
+		void (*cb)(const SSL *ssl,int type,int val)=NULL;
 		int j;
 
 		/* An alert */
diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c
index 1eb2b3a331..b70002a647 100644
--- a/ssl/s23_lib.c
+++ b/ssl/s23_lib.c
@@ -57,28 +57,18 @@
  */
 
 #include <stdio.h>
-#include "objects.h"
+#include <openssl/objects.h>
 #include "ssl_locl.h"
 
-#ifndef NOPROTO
 static int ssl23_num_ciphers(void );
 static SSL_CIPHER *ssl23_get_cipher(unsigned int u);
-static int ssl23_read(SSL *s, char *buf, int len);
-static int ssl23_write(SSL *s, char *buf, int len);
+static int ssl23_read(SSL *s, void *buf, int len);
+static int ssl23_peek(SSL *s, void *buf, int len);
+static int ssl23_write(SSL *s, const void *buf, int len);
 static long ssl23_default_timeout(void );
-static int ssl23_put_cipher_by_char(SSL_CIPHER *c, unsigned char *p);
-static SSL_CIPHER *ssl23_get_cipher_by_char(unsigned char *p);
-#else
-static int ssl23_num_ciphers();
-static SSL_CIPHER *ssl23_get_cipher();
-static int ssl23_read();
-static int ssl23_write();
-static long ssl23_default_timeout();
-static int ssl23_put_cipher_by_char();
-static SSL_CIPHER *ssl23_get_cipher_by_char();
-#endif
-
-char *SSL23_version_str="SSLv2/3 compatablity part of SSLeay 0.9.1a 06-Jul-1998";
+static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
+static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
+const char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT;
 
 static SSL_METHOD SSLv23_data= {
 	TLS1_VERSION,
@@ -88,7 +78,7 @@ static SSL_METHOD SSLv23_data= {
 	ssl_undefined_function,
 	ssl_undefined_function,
 	ssl23_read,
-	ssl_undefined_function,
+	ssl23_peek,
 	ssl23_write,
 	ssl_undefined_function,
 	ssl_undefined_function,
@@ -103,38 +93,47 @@ static SSL_METHOD SSLv23_data= {
 	ssl_bad_method,
 	ssl23_default_timeout,
 	&ssl3_undef_enc_method,
+	ssl_undefined_function,
+	ssl3_callback_ctrl,
+	ssl3_ctx_callback_ctrl,
 	};
 
-static long ssl23_default_timeout()
+static long ssl23_default_timeout(void)
 	{
 	return(300);
 	}
 
-SSL_METHOD *sslv23_base_method()
+SSL_METHOD *sslv23_base_method(void)
 	{
 	return(&SSLv23_data);
 	}
 
-static int ssl23_num_ciphers()
+static int ssl23_num_ciphers(void)
 	{
-	return(ssl3_num_ciphers()+ssl2_num_ciphers());
+	return(ssl3_num_ciphers()
+#ifndef OPENSSL_NO_SSL2
+	       + ssl2_num_ciphers()
+#endif
+	    );
 	}
 
-static SSL_CIPHER *ssl23_get_cipher(u)
-unsigned int u;
+static SSL_CIPHER *ssl23_get_cipher(unsigned int u)
 	{
 	unsigned int uu=ssl3_num_ciphers();
 
 	if (u < uu)
 		return(ssl3_get_cipher(u));
 	else
+#ifndef OPENSSL_NO_SSL2
 		return(ssl2_get_cipher(u-uu));
+#else
+		return(NULL);
+#endif
 	}
 
 /* This function needs to check if the ciphers required are actually
  * available */
-static SSL_CIPHER *ssl23_get_cipher_by_char(p)
-unsigned char *p;
+static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p)
 	{
 	SSL_CIPHER c,*cp;
 	unsigned long id;
@@ -145,14 +144,14 @@ unsigned char *p;
 		((unsigned long)p[1]<<8L)|(unsigned long)p[2];
 	c.id=id;
 	cp=ssl3_get_cipher_by_char(p);
+#ifndef OPENSSL_NO_SSL2
 	if (cp == NULL)
 		cp=ssl2_get_cipher_by_char(p);
+#endif
 	return(cp);
 	}
 
-static int ssl23_put_cipher_by_char(c,p)
-SSL_CIPHER *c;
-unsigned char *p;
+static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
 	{
 	long l;
 
@@ -167,20 +166,10 @@ unsigned char *p;
 	return(3);
 	}
 
-static int ssl23_read(s,buf,len)
-SSL *s;
-char *buf;
-int len;
+static int ssl23_read(SSL *s, void *buf, int len)
 	{
 	int n;
 
-#if 0
-	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
-		{
-		s->rwstate=SSL_NOTHING;
-		return(0);
-		}
-#endif
 	clear_sys_error();
 	if (SSL_in_init(s) && (!s->in_handshake))
 		{
@@ -200,20 +189,33 @@ int len;
 		}
 	}
 
-static int ssl23_write(s,buf,len)
-SSL *s;
-char *buf;
-int len;
+static int ssl23_peek(SSL *s, void *buf, int len)
 	{
 	int n;
 
-#if 0
-	if (s->shutdown & SSL_SENT_SHUTDOWN)
+	clear_sys_error();
+	if (SSL_in_init(s) && (!s->in_handshake))
 		{
-		s->rwstate=SSL_NOTHING;
-		return(0);
+		n=s->handshake_func(s);
+		if (n < 0) return(n);
+		if (n == 0)
+			{
+			SSLerr(SSL_F_SSL23_PEEK,SSL_R_SSL_HANDSHAKE_FAILURE);
+			return(-1);
+			}
+		return(SSL_peek(s,buf,len));
 		}
-#endif
+	else
+		{
+		ssl_undefined_function(s);
+		return(-1);
+		}
+	}
+
+static int ssl23_write(SSL *s, const void *buf, int len)
+	{
+	int n;
+
 	clear_sys_error();
 	if (SSL_in_init(s) && (!s->in_handshake))
 		{
diff --git a/ssl/s23_meth.c b/ssl/s23_meth.c
index 1eed7a54bc..f207140835 100644
--- a/ssl/s23_meth.c
+++ b/ssl/s23_meth.c
@@ -57,14 +57,14 @@
  */
 
 #include <stdio.h>
-#include "objects.h"
+#include <openssl/objects.h>
 #include "ssl_locl.h"
 
-static SSL_METHOD *ssl23_get_method(ver)
-int ver;
+static SSL_METHOD *ssl23_get_method(int ver);
+static SSL_METHOD *ssl23_get_method(int ver)
 	{
 	if (ver == SSL2_VERSION)
-		return(SSLv23_method());
+		return(SSLv2_method());
 	else if (ver == SSL3_VERSION)
 		return(SSLv3_method());
 	else if (ver == TLS1_VERSION)
@@ -73,19 +73,26 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *SSLv23_method()
+SSL_METHOD *SSLv23_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD SSLv23_data;
 
 	if (init)
 		{
-		init=0;
-		memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(),
-			sizeof(SSL_METHOD));
-		SSLv23_data.ssl_connect=ssl23_connect;
-		SSLv23_data.ssl_accept=ssl23_accept;
-		SSLv23_data.get_ssl_method=ssl23_get_method;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+		
+		if (init)
+			{
+			memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(),
+				sizeof(SSL_METHOD));
+			SSLv23_data.ssl_connect=ssl23_connect;
+			SSLv23_data.ssl_accept=ssl23_accept;
+			SSLv23_data.get_ssl_method=ssl23_get_method;
+			init=0;
+			}
+		
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv23_data);
 	}
diff --git a/ssl/s23_pkt.c b/ssl/s23_pkt.c
index c25c312772..4ca6a1b258 100644
--- a/ssl/s23_pkt.c
+++ b/ssl/s23_pkt.c
@@ -59,12 +59,11 @@
 #include <stdio.h>
 #include <errno.h>
 #define USE_SOCKETS
-#include "evp.h"
-#include "buffer.h"
 #include "ssl_locl.h"
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
 
-int ssl23_write_bytes(s)
-SSL *s;
+int ssl23_write_bytes(SSL *s)
 	{
 	int i,num,tot;
 	char *buf;
@@ -76,7 +75,7 @@ SSL *s;
 		{
 		s->rwstate=SSL_WRITING;
 		i=BIO_write(s->wbio,&(buf[tot]),num);
-		if (i < 0)
+		if (i <= 0)
 			{
 			s->init_off=tot;
 			s->init_num=num;
@@ -90,10 +89,8 @@ SSL *s;
 		}
 	}
 
-/* only return when we have read 'n' bytes */
-int ssl23_read_bytes(s,n)
-SSL *s;
-int n;
+/* return regularly only when we have read (at least) 'n' bytes */
+int ssl23_read_bytes(SSL *s, int n)
 	{
 	unsigned char *p;
 	int j;
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 888ffaca06..c5404ca0bc 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -55,28 +55,76 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
-#include "buffer.h"
-#include "rand.h"
-#include "objects.h"
-#include "evp.h"
 #include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
 
-#define BREAK break
-
-#ifndef NOPROTO
+static SSL_METHOD *ssl23_get_server_method(int ver);
 int ssl23_get_client_hello(SSL *s);
-#else
-int ssl23_get_client_hello();
-#endif
-
-static SSL_METHOD *ssl23_get_server_method(ver)
-int ver;
+static SSL_METHOD *ssl23_get_server_method(int ver)
 	{
+#ifndef OPENSSL_NO_SSL2
 	if (ver == SSL2_VERSION)
 		return(SSLv2_server_method());
-	else if (ver == SSL3_VERSION)
+#endif
+	if (ver == SSL3_VERSION)
 		return(SSLv3_server_method());
 	else if (ver == TLS1_VERSION)
 		return(TLSv1_server_method());
@@ -84,32 +132,38 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *SSLv23_server_method()
+SSL_METHOD *SSLv23_server_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD SSLv23_server_data;
 
 	if (init)
 		{
-		init=0;
-		memcpy((char *)&SSLv23_server_data,
-			(char *)sslv23_base_method(),sizeof(SSL_METHOD));
-		SSLv23_server_data.ssl_accept=ssl23_accept;
-		SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+		if (init)
+			{
+			memcpy((char *)&SSLv23_server_data,
+				(char *)sslv23_base_method(),sizeof(SSL_METHOD));
+			SSLv23_server_data.ssl_accept=ssl23_accept;
+			SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
+			init=0;
+			}
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv23_server_data);
 	}
 
-int ssl23_accept(s)
-SSL *s;
+int ssl23_accept(SSL *s)
 	{
 	BUF_MEM *buf;
 	unsigned long Time=time(NULL);
-	void (*cb)()=NULL;
+	void (*cb)(const SSL *ssl,int type,int val)=NULL;
 	int ret= -1;
 	int new_state,state;
 
-	RAND_seed((unsigned char *)&Time,sizeof(Time));
+	RAND_add(&Time,sizeof(Time),0);
 	ERR_clear_error();
 	clear_sys_error();
 
@@ -118,8 +172,8 @@ SSL *s;
 	else if (s->ctx->info_callback != NULL)
 		cb=s->ctx->info_callback;
 	
-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
 	s->in_handshake++;
+	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
 
 	for (;;)
 		{
@@ -132,6 +186,7 @@ SSL *s;
 		case SSL_ST_BEFORE|SSL_ST_ACCEPT:
 		case SSL_ST_OK|SSL_ST_ACCEPT:
 
+			s->server=1;
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
 			/* s->version=SSL3_VERSION; */
@@ -155,7 +210,7 @@ SSL *s;
 			ssl3_init_finished_mac(s);
 
 			s->state=SSL23_ST_SR_CLNT_HELLO_A;
-			s->ctx->sess_accept++;
+			s->ctx->stats.sess_accept++;
 			s->init_num=0;
 			break;
 
@@ -184,31 +239,48 @@ SSL *s;
 			}
 		}
 end:
+	s->in_handshake--;
 	if (cb != NULL)
 		cb(s,SSL_CB_ACCEPT_EXIT,ret);
-	s->in_handshake--;
 	return(ret);
 	}
 
 
-int ssl23_get_client_hello(s)
-SSL *s;
+int ssl23_get_client_hello(SSL *s)
 	{
-	char buf_space[8];
+	char buf_space[11]; /* Request this many bytes in initial read.
+	                     * We can detect SSL 3.0/TLS 1.0 Client Hellos
+	                     * ('type == 3') correctly only when the following
+	                     * is in a single record, which is not guaranteed by
+	                     * the protocol specification:
+	                     * Byte  Content
+	                     *  0     type            \
+	                     *  1/2   version          > record header
+	                     *  3/4   length          /
+	                     *  5     msg_type        \
+	                     *  6-8   length           > Client Hello message
+	                     *  9/10  client_version  /
+	                     */
 	char *buf= &(buf_space[0]);
-	unsigned char *p,*d,*dd;
+	unsigned char *p,*d,*d_len,*dd;
 	unsigned int i;
 	unsigned int csl,sil,cl;
-	int n=0,j,tls1=0;
-	int type=0,use_sslv2_strong=0;
+	int n=0,j;
+	int type=0;
+	int v[2];
+#ifndef OPENSSL_NO_RSA
+	int use_sslv2_strong=0;
+#endif
 
-	/* read the initial header */
 	if (s->state ==	SSL23_ST_SR_CLNT_HELLO_A)
 		{
+		/* read the initial header */
+		v[0]=v[1]=0;
+
 		if (!ssl3_setup_buffers(s)) goto err;
 
-		n=ssl23_read_bytes(s,7);
-		if (n != 7) return(n);
+		n=ssl23_read_bytes(s, sizeof buf_space);
+		if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */
 
 		p=s->packet;
 
@@ -216,25 +288,32 @@ SSL *s;
 
 		if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO))
 			{
-			/* SSLv2 header */
+			/*
+			 * SSLv2 header
+			 */
 			if ((p[3] == 0x00) && (p[4] == 0x02))
 				{
+				v[0]=p[3]; v[1]=p[4];
 				/* SSLv2 */
 				if (!(s->options & SSL_OP_NO_SSLv2))
 					type=1;
 				}
 			else if (p[3] == SSL3_VERSION_MAJOR)
 				{
+				v[0]=p[3]; v[1]=p[4];
 				/* SSLv3/TLSv1 */
 				if (p[4] >= TLS1_VERSION_MINOR)
 					{
 					if (!(s->options & SSL_OP_NO_TLSv1))
 						{
-						tls1=1;
+						s->version=TLS1_VERSION;
+						/* type=2; */ /* done later to survive restarts */
 						s->state=SSL23_ST_SR_CLNT_HELLO_B;
 						}
 					else if (!(s->options & SSL_OP_NO_SSLv3))
 						{
+						s->version=SSL3_VERSION;
+						/* type=2; */
 						s->state=SSL23_ST_SR_CLNT_HELLO_B;
 						}
 					else if (!(s->options & SSL_OP_NO_SSLv2))
@@ -243,81 +322,75 @@ SSL *s;
 						}
 					}
 				else if (!(s->options & SSL_OP_NO_SSLv3))
+					{
+					s->version=SSL3_VERSION;
+					/* type=2; */
 					s->state=SSL23_ST_SR_CLNT_HELLO_B;
+					}
 				else if (!(s->options & SSL_OP_NO_SSLv2))
 					type=1;
 
-				if (s->options & SSL_OP_NON_EXPORT_FIRST)
-					{
-					STACK *sk;
-					SSL_CIPHER *c;
-					int ne2,ne3;
-
-					j=((p[0]&0x7f)<<8)|p[1];
-					if (j > (1024*4))
-						{
-						SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
-						goto err;
-						}
-
-					n=ssl23_read_bytes(s,j+2);
-					if (n <= 0) return(n);
-					p=s->packet;
-
-					if ((buf=Malloc(n)) == NULL)
-						{
-						SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
-						goto err;
-						}
-					memcpy(buf,p,n);
-
-					p+=5;
-					n2s(p,csl);
-					p+=4;
-
-					sk=ssl_bytes_to_cipher_list(
-						s,p,csl,NULL);
-					if (sk != NULL)
-						{
-						ne2=ne3=0;
-						for (j=0; j<sk_num(sk); j++)
-							{
-							c=(SSL_CIPHER *)sk_value(sk,j);
-							if (!(c->algorithms & SSL_EXP))
-								{
-								if ((c->id>>24L) == 2L)
-									ne2=1;
-								else
-									ne3=1;
-								}
-							}
-						if (ne2 && !ne3)
-							{
-							type=1;
-							use_sslv2_strong=1;
-							goto next_bit;
-							}
-						}
-					}
 				}
 			}
 		else if ((p[0] == SSL3_RT_HANDSHAKE) &&
 			 (p[1] == SSL3_VERSION_MAJOR) &&
-			 (p[5] == SSL3_MT_CLIENT_HELLO))
+			 (p[5] == SSL3_MT_CLIENT_HELLO) &&
+			 ((p[3] == 0 && p[4] < 5 /* silly record length? */)
+				|| (p[9] == p[1])))
 			{
-			/* true SSLv3 or tls1 */
-			if (p[2] >= TLS1_VERSION_MINOR)
+			/*
+			 * SSLv3 or tls1 header
+			 */
+			
+			v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */
+			/* We must look at client_version inside the Client Hello message
+			 * to get the correct minor version.
+			 * However if we have only a pathologically small fragment of the
+			 * Client Hello message, this would be difficult, and we'd have
+			 * to read more records to find out.
+			 * No known SSL 3.0 client fragments ClientHello like this,
+			 * so we simply assume TLS 1.0 to avoid protocol version downgrade
+			 * attacks. */
+			if (p[3] == 0 && p[4] < 6)
+				{
+#if 0
+				SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
+				goto err;
+#else
+				v[1] = TLS1_VERSION_MINOR;
+#endif
+				}
+			else
+				v[1]=p[10]; /* minor version according to client_version */
+			if (v[1] >= TLS1_VERSION_MINOR)
 				{
 				if (!(s->options & SSL_OP_NO_TLSv1))
 					{
+					s->version=TLS1_VERSION;
 					type=3;
-					tls1=1;
 					}
 				else if (!(s->options & SSL_OP_NO_SSLv3))
+					{
+					s->version=SSL3_VERSION;
 					type=3;
+					}
+				}
+			else
+				{
+				/* client requests SSL 3.0 */
+				if (!(s->options & SSL_OP_NO_SSLv3))
+					{
+					s->version=SSL3_VERSION;
+					type=3;
+					}
+				else if (!(s->options & SSL_OP_NO_TLSv1))
+					{
+					/* we won't be able to use TLS of course,
+					 * but this will send an appropriate alert */
+					s->version=TLS1_VERSION;
+					type=3;
+					}
 				}
-			else if (!(s->options & SSL_OP_NO_SSLv3))
-				type=3;
 			}
 		else if ((strncmp("GET ", (char *)p,4) == 0) ||
 			 (strncmp("POST ",(char *)p,5) == 0) ||
@@ -334,12 +407,16 @@ SSL *s;
 			}
 		}
 
-next_bit:
 	if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
 		{
-		/* we have a SSLv3/TLSv1 in a SSLv2 header */
+		/* we have SSLv3/TLSv1 in an SSLv2 header
+		 * (other cases skip this state) */
+
 		type=2;
 		p=s->packet;
+		v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
+		v[1] = p[4];
+
 		n=((p[0]&0x7f)<<8)|p[1];
 		if (n > (1024*4))
 			{
@@ -350,7 +427,9 @@ next_bit:
 		j=ssl23_read_bytes(s,n+2);
 		if (j <= 0) return(j);
 
-		ssl3_finish_mac(s,&(s->packet[2]),s->packet_length-2);
+		ssl3_finish_mac(s, s->packet+2, s->packet_length-2);
+		if (s->msg_callback)
+			s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */
 
 		p=s->packet;
 		p+=5;
@@ -364,14 +443,18 @@ next_bit:
 			goto err;
 			}
 
-		*(d++)=SSL3_VERSION_MAJOR;
-		if (tls1)
-			*(d++)=TLS1_VERSION_MINOR;
-		else
-			*(d++)=SSL3_VERSION_MINOR;
+		/* record header: msg_type ... */
+		*(d++) = SSL3_MT_CLIENT_HELLO;
+		/* ... and length (actual value will be written later) */
+		d_len = d;
+		d += 3;
+
+		/* client_version */
+		*(d++) = SSL3_VERSION_MAJOR; /* == v[0] */
+		*(d++) = v[1];
 
 		/* lets populate the random area */
-		/* get the chalenge_length */
+		/* get the challenge_length */
 		i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;
 		memset(d,0,SSL3_RANDOM_SIZE);
 		memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);
@@ -397,7 +480,8 @@ next_bit:
 		*(d++)=1;
 		*(d++)=0;
 		
-		i=(d-(unsigned char *)s->init_buf->data);
+		i = (d-(unsigned char *)s->init_buf->data) - 4;
+		l2n3((long)i, d_len);
 
 		/* get the data reused from the init_buf */
 		s->s3->tmp.reuse_message=1;
@@ -405,8 +489,15 @@ next_bit:
 		s->s3->tmp.message_size=i;
 		}
 
+	/* imaginary new state (for program structure): */
+	/* s->state = SSL23_SR_CLNT_HELLO_C */
+
 	if (type == 1)
 		{
+#ifdef OPENSSL_NO_SSL2
+		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
+		goto err;
+#else
 		/* we are talking sslv2 */
 		/* we need to clean up the SSLv3/TLSv1 setup and put in the
 		 * sslv2 stuff. */
@@ -421,7 +512,7 @@ next_bit:
 
 		if (s->s3 != NULL) ssl3_free(s);
 
-		if (!BUF_MEM_grow(s->init_buf,
+		if (!BUF_MEM_grow_clean(s->init_buf,
 			SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
 			{
 			goto err;
@@ -429,12 +520,15 @@ next_bit:
 
 		s->state=SSL2_ST_GET_CLIENT_HELLO_A;
 		if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
-			use_sslv2_strong)
+			use_sslv2_strong ||
+			(s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
 			s->s2->ssl2_rollback=0;
 		else
+			/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
+			 * (SSL 3.0 draft/RFC 2246, App. E.2) */
 			s->s2->ssl2_rollback=1;
 
-		/* setup the 5 bytes we have read so we get them from
+		/* setup the n bytes we have read so we get them from
 		 * the sslv2 buffer */
 		s->rstate=SSL_ST_READ_HEADER;
 		s->packet_length=n;
@@ -445,11 +539,12 @@ next_bit:
 
 		s->method=SSLv2_server_method();
 		s->handshake_func=s->method->ssl_accept;
+#endif
 		}
 
 	if ((type == 2) || (type == 3))
 		{
-		/* we have SSLv3/TLSv1 */
+		/* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
 
 		if (!ssl_init_wbio_buffer(s,1)) goto err;
 
@@ -474,16 +569,13 @@ next_bit:
 			s->s3->rbuf.offset=0;
 			}
 
-		if (tls1)
-			{
-			s->version=TLS1_VERSION;
-			s->method=TLSv1_server_method();
-			}
+		if (s->version == TLS1_VERSION)
+			s->method = TLSv1_server_method();
 		else
-			{
-			s->version=SSL3_VERSION;
-			s->method=SSLv3_server_method();
-			}
+			s->method = SSLv3_server_method();
+#if 0 /* ssl3_get_client_hello does this */
+		s->client_version=(v[0]<<8)|v[1];
+#endif
 		s->handshake_func=s->method->ssl_accept;
 		}
 	
@@ -495,11 +587,10 @@ next_bit:
 		}
 	s->init_num=0;
 
-	if (buf != buf_space) Free(buf);
+	if (buf != buf_space) OPENSSL_free(buf);
 	s->first_packet=1;
 	return(SSL_accept(s));
 err:
-	if (buf != buf_space) Free(buf);
+	if (buf != buf_space) OPENSSL_free(buf);
 	return(-1);
 	}
-
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 2170e29289..da783230a5 100644
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -55,15 +55,70 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
-#include <stdio.h>
-#include "rand.h"
-#include "buffer.h"
-#include "objects.h"
 #include "ssl_locl.h"
-#include "evp.h"
+#ifndef OPENSSL_NO_SSL2
+#include <stdio.h>
+#include <openssl/rand.h>
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include "cryptlib.h"
 
-#ifndef NOPROTO
+static SSL_METHOD *ssl2_get_client_method(int ver);
 static int get_server_finished(SSL *s);
 static int get_server_verify(SSL *s);
 static int get_server_hello(SSL *s);
@@ -71,23 +126,11 @@ static int client_hello(SSL *s);
 static int client_master_key(SSL *s);
 static int client_finished(SSL *s);
 static int client_certificate(SSL *s);
-static int ssl_rsa_public_encrypt(CERT *c, int len, unsigned char *from,
+static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
 	unsigned char *to,int padding);
-#else
-static int get_server_finished();
-static int get_server_verify();
-static int get_server_hello();
-static int client_hello(); 
-static int client_master_key();
-static int client_finished();
-static int client_certificate();
-static int ssl_rsa_public_encrypt();
-#endif
-
 #define BREAK	break
 
-static SSL_METHOD *ssl2_get_client_method(ver)
-int ver;
+static SSL_METHOD *ssl2_get_client_method(int ver)
 	{
 	if (ver == SSL2_VERSION)
 		return(SSLv2_client_method());
@@ -95,32 +138,38 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *SSLv2_client_method()
+SSL_METHOD *SSLv2_client_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD SSLv2_client_data;
 
 	if (init)
 		{
-		init=0;
-		memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
-			sizeof(SSL_METHOD));
-		SSLv2_client_data.ssl_connect=ssl2_connect;
-		SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+		if (init)
+			{
+			memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
+				sizeof(SSL_METHOD));
+			SSLv2_client_data.ssl_connect=ssl2_connect;
+			SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
+			init=0;
+			}
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv2_client_data);
 	}
 
-int ssl2_connect(s)
-SSL *s;
+int ssl2_connect(SSL *s)
 	{
 	unsigned long l=time(NULL);
 	BUF_MEM *buf=NULL;
 	int ret= -1;
-	void (*cb)()=NULL;
+	void (*cb)(const SSL *ssl,int type,int val)=NULL;
 	int new_state,state;
 
-	RAND_seed((unsigned char *)&l,sizeof(l));
+	RAND_add(&l,sizeof(l),0);
 	ERR_clear_error();
 	clear_sys_error();
 
@@ -130,8 +179,8 @@ SSL *s;
 		cb=s->ctx->info_callback;
 
 	/* init things to blank */
-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 	s->in_handshake++;
+	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 
 	for (;;)
 		{
@@ -144,6 +193,7 @@ SSL *s;
 		case SSL_ST_BEFORE|SSL_ST_CONNECT:
 		case SSL_ST_OK|SSL_ST_CONNECT:
 
+			s->server=0;
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
 			s->version=SSL2_VERSION;
@@ -164,7 +214,7 @@ SSL *s;
 			s->init_buf=buf;
 			s->init_num=0;
 			s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
-			s->ctx->sess_connect++;
+			s->ctx->stats.sess_connect++;
 			s->handshake_func=ssl2_connect;
 			BREAK;
 
@@ -247,23 +297,26 @@ SSL *s;
 			break;
 
 		case SSL_ST_OK:
-			BUF_MEM_free(s->init_buf);
-			s->init_buf=NULL;
+			if (s->init_buf != NULL)
+				{
+				BUF_MEM_free(s->init_buf);
+				s->init_buf=NULL;
+				}
 			s->init_num=0;
 		/*	ERR_clear_error();*/
 
 			/* If we want to cache session-ids in the client
-			 * and we sucessfully add the session-id to the
+			 * and we successfully add the session-id to the
 			 * cache, and there is a callback, then pass it out.
 			 * 26/11/96 - eay - only add if not a re-used session.
 			 */
 
 			ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
-			if (s->hit) s->ctx->sess_hit++;
+			if (s->hit) s->ctx->stats.sess_hit++;
 
 			ret=1;
 			/* s->server=0; */
-			s->ctx->sess_connect_good++;
+			s->ctx->stats.sess_connect_good++;
 
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
 
@@ -290,13 +343,13 @@ end:
 	return(ret);
 	}
 
-static int get_server_hello(s)
-SSL *s;
+static int get_server_hello(SSL *s)
 	{
 	unsigned char *buf;
 	unsigned char *p;
 	int i,j;
-	STACK *sk=NULL,*cl;
+	unsigned long len;
+	STACK_OF(SSL_CIPHER) *sk=NULL,*cl, *prio, *allow;
 
 	buf=(unsigned char *)s->init_buf->data;
 	p=buf;
@@ -305,6 +358,7 @@ SSL *s;
 		i=ssl2_read(s,(char *)&(buf[s->init_num]),11-s->init_num);
 		if (i < (11-s->init_num)) 
 			return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
+		s->init_num = 11;
 
 		if (*(p++) != SSL2_MT_SERVER_HELLO)
 			{
@@ -319,7 +373,13 @@ SSL *s;
 					SSL_R_PEER_ERROR);
 			return(-1);
 			}
+#ifdef __APPLE_CC__
+		/* The Rhapsody 5.5 (a.k.a. MacOS X) compiler bug
+		 * workaround. <appro@fy.chalmers.se> */
+		s->hit=(i=*(p++))?1:0;
+#else
 		s->hit=(*(p++))?1:0;
+#endif
 		s->s2->tmp.cert_type= *(p++);
 		n2s(p,i);
 		if (i < s->version) s->version=i;
@@ -327,18 +387,24 @@ SSL *s;
 		n2s(p,i); s->s2->tmp.csl=i;
 		n2s(p,i); s->s2->tmp.conn_id_length=i;
 		s->state=SSL2_ST_GET_SERVER_HELLO_B;
-		s->init_num=0;
 		}
 
 	/* SSL2_ST_GET_SERVER_HELLO_B */
-	j=s->s2->tmp.cert_length+s->s2->tmp.csl+s->s2->tmp.conn_id_length
-		- s->init_num;
-	i=ssl2_read(s,(char *)&(buf[s->init_num]),j);
+	len = 11 + (unsigned long)s->s2->tmp.cert_length + (unsigned long)s->s2->tmp.csl + (unsigned long)s->s2->tmp.conn_id_length;
+	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+		{
+		SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_MESSAGE_TOO_LONG);
+		return -1;
+		}
+	j = (int)len - s->init_num;
+	i = ssl2_read(s,(char *)&(buf[s->init_num]),j);
 	if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
+	if (s->msg_callback)
+		s->msg_callback(0, s->version, 0, buf, (size_t)len, s, s->msg_callback_arg); /* SERVER-HELLO */
 
 	/* things are looking good */
 
-	p=buf;
+	p = buf + 11;
 	if (s->hit)
 		{
 		if (s->s2->tmp.cert_length != 0) 
@@ -371,7 +437,7 @@ SSL *s;
 		*/
 #endif
 
-		/* we need to do this incase we were trying to reuse a 
+		/* we need to do this in case we were trying to reuse a 
 		 * client session but others are already reusing it.
 		 * If this was a new 'blank' session ID, the session-id
 		 * length will still be 0 */
@@ -405,7 +471,7 @@ SSL *s;
 
 		/* load the ciphers */
 		sk=ssl_bytes_to_cipher_list(s,p,s->s2->tmp.csl,
-			&s->session->ciphers);
+					    &s->session->ciphers);
 		p+=s->s2->tmp.csl;
 		if (sk == NULL)
 			{
@@ -414,48 +480,80 @@ SSL *s;
 			return(-1);
 			}
 
-		sk_set_cmp_func(sk,ssl_cipher_ptr_id_cmp);
+		sk_SSL_CIPHER_set_cmp_func(sk,ssl_cipher_ptr_id_cmp);
 
 		/* get the array of ciphers we will accept */
-		cl=ssl_get_ciphers_by_id(s);
-
+		cl=SSL_get_ciphers(s);
+		sk_SSL_CIPHER_set_cmp_func(cl,ssl_cipher_ptr_id_cmp);
+
+		/*
+		 * If server preference flag set, choose the first
+		 * (highest priority) cipher the server sends, otherwise
+		 * client preference has priority.
+		 */
+		if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
+		    {
+		    prio = sk;
+		    allow = cl;
+		    }
+		else
+		    {
+		    prio = cl;
+		    allow = sk;
+		    }
 		/* In theory we could have ciphers sent back that we
 		 * don't want to use but that does not matter since we
-		 * will check against the list we origionally sent and
+		 * will check against the list we originally sent and
 		 * for performance reasons we should not bother to match
 		 * the two lists up just to check. */
-		for (i=0; i<sk_num(cl); i++)
+		for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
 			{
-			if (sk_find(sk,sk_value(cl,i)) >= 0)
+			if (sk_SSL_CIPHER_find(allow,
+					     sk_SSL_CIPHER_value(prio,i)) >= 0)
 				break;
 			}
 
-		if (i >= sk_num(cl))
+		if (i >= sk_SSL_CIPHER_num(prio))
 			{
 			ssl2_return_error(s,SSL2_PE_NO_CIPHER);
 			SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_NO_CIPHER_MATCH);
 			return(-1);
 			}
-		s->session->cipher=(SSL_CIPHER *)sk_value(cl,i);
-		}
+		s->session->cipher=sk_SSL_CIPHER_value(prio,i);
 
-	if ((s->session != NULL) && (s->session->peer != NULL))
-		X509_free(s->session->peer);
 
-	/* hmmm, can we have the problem of the other session with this
-	 * cert, Free's it before we increment the reference count. */
-	CRYPTO_w_lock(CRYPTO_LOCK_X509);
-	s->session->peer=s->session->cert->key->x509;
-	CRYPTO_add(&s->session->peer->references,1,CRYPTO_LOCK_X509);
-	CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+		if (s->session->peer != NULL) /* can't happen*/
+			{
+			ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+			SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+			return(-1);
+			}
 
+		s->session->peer = s->session->sess_cert->peer_key->x509;
+		/* peer_key->x509 has been set by ssl2_set_certificate. */
+		CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
+		}
+
+	if (s->session->peer != s->session->sess_cert->peer_key->x509)
+		/* can't happen */
+		{
+		ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+		SSLerr(SSL_F_GET_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+		return(-1);
+		}
+		
 	s->s2->conn_id_length=s->s2->tmp.conn_id_length;
+	if (s->s2->conn_id_length > sizeof s->s2->conn_id)
+		{
+		ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+		SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG);
+		return -1;
+		}
 	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
 	return(1);
 	}
 
-static int client_hello(s)
-SSL *s;
+static int client_hello(SSL *s)
 	{
 	unsigned char *buf;
 	unsigned char *p,*d;
@@ -479,7 +577,7 @@ SSL *s;
 		p=buf;					/* header */
 		d=p+9;					/* data section */
 		*(p++)=SSL2_MT_CLIENT_HELLO;		/* type */
-		s2n(SSL2_CLIENT_VERSION,p);		/* version */
+		s2n(SSL2_VERSION,p);			/* version */
 		n=j=0;
 
 		n=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),d);
@@ -510,7 +608,7 @@ SSL *s;
 		s->s2->challenge_length=SSL2_CHALLENGE_LENGTH;
 		s2n(SSL2_CHALLENGE_LENGTH,p);		/* challenge length */
 		/*challenge id data*/
-		RAND_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH);
+		RAND_pseudo_bytes(s->s2->challenge,SSL2_CHALLENGE_LENGTH);
 		memcpy(d,s->s2->challenge,SSL2_CHALLENGE_LENGTH);
 		d+=SSL2_CHALLENGE_LENGTH;
 
@@ -522,21 +620,20 @@ SSL *s;
 	return(ssl2_do_write(s));
 	}
 
-static int client_master_key(s)
-SSL *s;
+static int client_master_key(SSL *s)
 	{
 	unsigned char *buf;
 	unsigned char *p,*d;
 	int clear,enc,karg,i;
 	SSL_SESSION *sess;
-	EVP_CIPHER *c;
-	EVP_MD *md;
+	const EVP_CIPHER *c;
+	const EVP_MD *md;
 
 	buf=(unsigned char *)s->init_buf->data;
 	if (s->state == SSL2_ST_SEND_CLIENT_MASTER_KEY_A)
 		{
 
-		if (!ssl_cipher_get_evp(s->session->cipher,&c,&md))
+		if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
 			{
 			ssl2_return_error(s,SSL2_PE_NO_CIPHER);
 			SSLerr(SSL_F_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
@@ -553,16 +650,35 @@ SSL *s;
 		/* make key_arg data */
 		i=EVP_CIPHER_iv_length(c);
 		sess->key_arg_length=i;
-		if (i > 0) RAND_bytes(sess->key_arg,i);
+		if (i > SSL_MAX_KEY_ARG_LENGTH)
+			{
+			ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+			SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
+			return -1;
+			}
+		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
 
 		/* make a master key */
 		i=EVP_CIPHER_key_length(c);
 		sess->master_key_length=i;
-		if (i > 0) RAND_bytes(sess->master_key,i);
+		if (i > 0)
+			{
+			if (i > sizeof sess->master_key)
+				{
+				ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+				SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
+				return -1;
+				}
+			if (RAND_bytes(sess->master_key,i) <= 0)
+				{
+				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+				return(-1);
+				}
+			}
 
 		if (sess->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
 			enc=8;
-		else if (sess->cipher->algorithms & SSL_EXP)
+		else if (SSL_C_IS_EXPORT(sess->cipher))
 			enc=5;
 		else
 			enc=i;
@@ -578,7 +694,7 @@ SSL *s;
 		memcpy(d,sess->master_key,(unsigned int)clear);
 		d+=clear;
 
-		enc=ssl_rsa_public_encrypt(sess->cert,enc,
+		enc=ssl_rsa_public_encrypt(sess->sess_cert,enc,
 			&(sess->master_key[clear]),d,
 			(s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
 		if (enc <= 0)
@@ -596,6 +712,12 @@ SSL *s;
 		d+=enc;
 		karg=sess->key_arg_length;	
 		s2n(karg,p); /* key arg size */
+		if (karg > sizeof sess->key_arg)
+			{
+			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+			SSLerr(SSL_F_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
+			return -1;
+			}
 		memcpy(d,sess->key_arg,(unsigned int)karg);
 		d+=karg;
 
@@ -608,8 +730,7 @@ SSL *s;
 	return(ssl2_do_write(s));
 	}
 
-static int client_finished(s)
-SSL *s;
+static int client_finished(SSL *s)
 	{
 	unsigned char *p;
 
@@ -617,6 +738,11 @@ SSL *s;
 		{
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_CLIENT_FINISHED;
+		if (s->s2->conn_id_length > sizeof s->s2->conn_id)
+			{
+			SSLerr(SSL_F_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
+			return -1;
+			}
 		memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
 
 		s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
@@ -627,18 +753,16 @@ SSL *s;
 	}
 
 /* read the data and then respond */
-static int client_certificate(s)
-SSL *s;
+static int client_certificate(SSL *s)
 	{
 	unsigned char *buf;
 	unsigned char *p,*d;
 	int i;
 	unsigned int n;
-	int cert_ch_len=0;
+	int cert_ch_len;
 	unsigned char *cert_ch;
 
 	buf=(unsigned char *)s->init_buf->data;
-	cert_ch= &(buf[2]);
 
 	/* We have a cert associated with the SSL, so attach it to
 	 * the session if it does not have one */
@@ -646,9 +770,12 @@ SSL *s;
 	if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
 		{
 		i=ssl2_read(s,(char *)&(buf[s->init_num]),
-			SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num);
-		if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num))
+			SSL2_MAX_CERT_CHALLENGE_LENGTH+2-s->init_num);
+		if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+2-s->init_num))
 			return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
+		s->init_num += i;
+		if (s->msg_callback)
+			s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s, s->msg_callback_arg); /* REQUEST-CERTIFICATE */
 
 		/* type=buf[0]; */
 		/* type eq x509 */
@@ -658,7 +785,6 @@ SSL *s;
 			SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_AUTHENTICATION_TYPE);
 			return(-1);
 			}
-		cert_ch_len=i-1;
 
 		if ((s->cert == NULL) ||
 			(s->cert->key->x509 == NULL) ||
@@ -670,6 +796,9 @@ SSL *s;
 			s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
 		}
 
+	cert_ch = buf + 2;
+	cert_ch_len = s->init_num - 2;
+
 	if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE)
 		{
 		X509 *x509=NULL;
@@ -739,11 +868,12 @@ SSL *s;
 		/* ok, now we calculate the checksum
 		 * do it first so we can reuse buf :-) */
 		p=buf;
-		EVP_SignInit(&ctx,s->ctx->rsa_md5);
+		EVP_MD_CTX_init(&ctx);
+		EVP_SignInit_ex(&ctx,s->ctx->rsa_md5, NULL);
 		EVP_SignUpdate(&ctx,s->s2->key_material,
-			(unsigned int)s->s2->key_material_length);
+			       s->s2->key_material_length);
 		EVP_SignUpdate(&ctx,cert_ch,(unsigned int)cert_ch_len);
-		n=i2d_X509(s->session->cert->key->x509,&p);
+		n=i2d_X509(s->session->sess_cert->peer_key->x509,&p);
 		EVP_SignUpdate(&ctx,buf,(unsigned int)n);
 
 		p=buf;
@@ -757,10 +887,10 @@ SSL *s;
 			{
 			/* this is not good.  If things have failed it
 			 * means there so something wrong with the key.
-			 * We will contiune with a 0 length signature
+			 * We will continue with a 0 length signature
 			 */
 			}
-		memset(&ctx,0,sizeof(ctx));
+		EVP_MD_CTX_cleanup(&ctx);
 		s2n(n,p);
 		d+=n;
 
@@ -772,11 +902,10 @@ SSL *s;
 	return(ssl2_do_write(s));
 	}
 
-static int get_server_verify(s)
-SSL *s;
+static int get_server_verify(SSL *s)
 	{
 	unsigned char *p;
-	int i;
+	int i, n, len;
 
 	p=(unsigned char *)s->init_buf->data;
 	if (s->state == SSL2_ST_GET_SERVER_VERIFY_A)
@@ -784,9 +913,9 @@ SSL *s;
 		i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
 		if (i < (1-s->init_num)) 
 			return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
+		s->init_num += i;
 
 		s->state= SSL2_ST_GET_SERVER_VERIFY_B;
-		s->init_num=0;
 		if (*p != SSL2_MT_SERVER_VERIFY)
 			{
 			if (p[0] != SSL2_MT_ERROR)
@@ -796,18 +925,27 @@ SSL *s;
 					SSL_R_READ_WRONG_PACKET_TYPE);
 				}
 			else
-				SSLerr(SSL_F_GET_SERVER_VERIFY,
-					SSL_R_PEER_ERROR);
+				{
+				SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_PEER_ERROR);
+				/* try to read the error message */
+				i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);
+				return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i);
+				}
 			return(-1);
 			}
 		}
 	
 	p=(unsigned char *)s->init_buf->data;
-	i=ssl2_read(s,(char *)&(p[s->init_num]),
-		(unsigned int)s->s2->challenge_length-s->init_num);
-	if (i < ((int)s->s2->challenge_length-s->init_num))
+	len = 1 + s->s2->challenge_length;
+	n =  len - s->init_num;
+	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
+	if (i < n)
 		return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
-	if (memcmp(p,s->s2->challenge,(unsigned int)s->s2->challenge_length) != 0)
+	if (s->msg_callback)
+		s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */
+	p += 1;
+
+	if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
 		{
 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 		SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);
@@ -816,12 +954,11 @@ SSL *s;
 	return(1);
 	}
 
-static int get_server_finished(s)
-SSL *s;
+static int get_server_finished(SSL *s)
 	{
 	unsigned char *buf;
 	unsigned char *p;
-	int i;
+	int i, n, len;
 
 	buf=(unsigned char *)s->init_buf->data;
 	p=buf;
@@ -830,7 +967,8 @@ SSL *s;
 		i=ssl2_read(s,(char *)&(buf[s->init_num]),1-s->init_num);
 		if (i < (1-s->init_num))
 			return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
-		s->init_num=i;
+		s->init_num += i;
+
 		if (*p == SSL2_MT_REQUEST_CERTIFICATE)
 			{
 			s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_A;
@@ -844,17 +982,25 @@ SSL *s;
 				SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);
 				}
 			else
+				{
 				SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR);
+				/* try to read the error message */
+				i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);
+				return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i);
+				}
 			return(-1);
 			}
-		s->state=SSL_ST_OK;
-		s->init_num=0;
+		s->state=SSL2_ST_GET_SERVER_FINISHED_B;
 		}
 
-	i=ssl2_read(s,(char *)&(buf[s->init_num]),
-		SSL2_SSL_SESSION_ID_LENGTH-s->init_num);
-	if (i < (SSL2_SSL_SESSION_ID_LENGTH-s->init_num))
+	len = 1 + SSL2_SSL_SESSION_ID_LENGTH;
+	n = len - s->init_num;
+	i = ssl2_read(s,(char *)&(buf[s->init_num]), n);
+	if (i < n) /* XXX could be shorter than SSL2_SSL_SESSION_ID_LENGTH, that's the maximum */
 		return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
+	s->init_num += i;
+	if (s->msg_callback)
+		s->msg_callback(0, s->version, 0, buf, (size_t)s->init_num, s, s->msg_callback_arg); /* SERVER-FINISHED */
 
 	if (!s->hit) /* new session */
 		{
@@ -869,8 +1015,9 @@ SSL *s;
 		{
 		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
 			{
-			if (memcmp(buf,s->session->session_id,
-				(unsigned int)s->session->session_id_length) != 0)
+			if ((s->session->session_id_length > sizeof s->session->session_id)
+			    || (0 != memcmp(buf, s->session->session_id,
+			                    (unsigned int)s->session->session_id_length)))
 				{
 				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 				SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
@@ -878,19 +1025,16 @@ SSL *s;
 				}
 			}
 		}
+	s->state = SSL_ST_OK;
 	return(1);
 	}
 
 /* loads in the certificate from the server */
-int ssl2_set_certificate(s, type, len, data)
-SSL *s;
-int type;
-int len;
-unsigned char *data;
+int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data)
 	{
-	STACK *sk=NULL;
+	STACK_OF(X509) *sk=NULL;
 	EVP_PKEY *pkey=NULL;
-	CERT *c=NULL;
+	SESS_CERT *sc=NULL;
 	int i;
 	X509 *x509=NULL;
 	int ret=0;
@@ -902,8 +1046,7 @@ unsigned char *data;
 		goto err;
 		}
 
-	if (((sk=sk_new_null()) == NULL) ||
-		(!sk_push(sk,(char *)x509)))
+	if ((sk=sk_X509_new_null()) == NULL || !sk_X509_push(sk,x509))
 		{
 		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,ERR_R_MALLOC_FAILURE);
 		goto err;
@@ -916,23 +1059,21 @@ unsigned char *data;
 		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
 		goto err;
 		}
+	ERR_clear_error(); /* but we keep s->verify_result */
+	s->session->verify_result = s->verify_result;
 
-	/* cert for ssl */
-	c=ssl_cert_new();
-	if (c == NULL)
+	/* server's cert for this session */
+	sc=ssl_sess_cert_new();
+	if (sc == NULL)
 		{
 		ret= -1;
 		goto err;
 		}
+	if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
+	s->session->sess_cert=sc;
 
-	/* cert for session */
-	if (s->session->cert) ssl_cert_free(s->session->cert);
-	s->session->cert=c;
-
-/*	c->cert_type=type; */
-
-	c->pkeys[SSL_PKEY_RSA_ENC].x509=x509;
-	c->key= &(c->pkeys[SSL_PKEY_RSA_ENC]);
+	sc->peer_pkeys[SSL_PKEY_RSA_ENC].x509=x509;
+	sc->peer_key= &(sc->peer_pkeys[SSL_PKEY_RSA_ENC]);
 
 	pkey=X509_get_pubkey(x509);
 	x509=NULL;
@@ -947,27 +1088,24 @@ unsigned char *data;
 		goto err;
 		}
 
-	if (!ssl_set_cert_type(c,SSL2_CT_X509_CERTIFICATE))
+	if (!ssl_set_peer_cert_type(sc,SSL2_CT_X509_CERTIFICATE))
 		goto err;
 	ret=1;
 err:
-	if (sk != NULL) sk_free(sk);
-	if (x509 != NULL) X509_free(x509);
+	sk_X509_free(sk);
+	X509_free(x509);
+	EVP_PKEY_free(pkey);
 	return(ret);
 	}
 
-static int ssl_rsa_public_encrypt(c, len, from, to, padding)
-CERT *c;
-int len;
-unsigned char *from;
-unsigned char *to;
-int padding;
+static int ssl_rsa_public_encrypt(SESS_CERT *sc, int len, unsigned char *from,
+	     unsigned char *to, int padding)
 	{
 	EVP_PKEY *pkey=NULL;
 	int i= -1;
 
-	if ((c == NULL) || (c->key->x509 == NULL) ||
-		((pkey=X509_get_pubkey(c->key->x509)) == NULL))
+	if ((sc == NULL) || (sc->peer_key->x509 == NULL) ||
+		((pkey=X509_get_pubkey(sc->peer_key->x509)) == NULL))
 		{
 		SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,SSL_R_NO_PUBLICKEY);
 		return(-1);
@@ -983,6 +1121,13 @@ int padding;
 	if (i < 0)
 		SSLerr(SSL_F_SSL_RSA_PUBLIC_ENCRYPT,ERR_R_RSA_LIB);
 end:
+	EVP_PKEY_free(pkey);
 	return(i);
 	}
+#else /* !OPENSSL_NO_SSL2 */
 
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
+#endif
diff --git a/ssl/s2_enc.c b/ssl/s2_enc.c
index b43056fa14..d3b144f1c5 100644
--- a/ssl/s2_enc.c
+++ b/ssl/s2_enc.c
@@ -56,20 +56,20 @@
  * [including the GNU Public Licence.]
  */
 
-#include <stdio.h>
 #include "ssl_locl.h"
+#ifndef OPENSSL_NO_SSL2
+#include <stdio.h>
+#include "cryptlib.h"
 
-int ssl2_enc_init(s, client)
-SSL *s;
-int client;
+int ssl2_enc_init(SSL *s, int client)
 	{
 	/* Max number of bytes needed */
 	EVP_CIPHER_CTX *rs,*ws;
-	EVP_CIPHER *c;
-	EVP_MD *md;
+	const EVP_CIPHER *c;
+	const EVP_MD *md;
 	int num;
 
-	if (!ssl_cipher_get_evp(s->session->cipher,&c,&md))
+	if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
 		{
 		ssl2_return_error(s,SSL2_PE_NO_CIPHER);
 		SSLerr(SSL_F_SSL2_ENC_INIT,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
@@ -81,11 +81,11 @@ int client;
 
 	if ((s->enc_read_ctx == NULL) &&
 		((s->enc_read_ctx=(EVP_CIPHER_CTX *)
-		Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+		OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
 		goto err;
 	if ((s->enc_write_ctx == NULL) &&
 		((s->enc_write_ctx=(EVP_CIPHER_CTX *)
-		Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+		OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
 		goto err;
 
 	rs= s->enc_read_ctx;
@@ -96,12 +96,15 @@ int client;
 
 	num=c->key_len;
 	s->s2->key_material_length=num*2;
+	OPENSSL_assert(s->s2->key_material_length <= sizeof s->s2->key_material);
 
-	ssl2_generate_key_material(s);
+	if (ssl2_generate_key_material(s) <= 0)
+		return 0;
 
-	EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]),
+	OPENSSL_assert(c->iv_len <= sizeof s->session->key_arg);
+	EVP_EncryptInit_ex(ws,c,NULL,&(s->s2->key_material[(client)?num:0]),
 		s->session->key_arg);
-	EVP_DecryptInit(rs,c,&(s->s2->key_material[(client)?0:num]),
+	EVP_DecryptInit_ex(rs,c,NULL,&(s->s2->key_material[(client)?0:num]),
 		s->session->key_arg);
 	s->s2->read_key=  &(s->s2->key_material[(client)?0:num]);
 	s->s2->write_key= &(s->s2->key_material[(client)?num:0]);
@@ -112,11 +115,9 @@ err:
 	}
 
 /* read/writes from s->s2->mac_data using length for encrypt and 
- * decrypt.  It sets the s->s2->padding, s->[rw]length and
- * s->s2->pad_data ptr if we are encrypting */
-void ssl2_enc(s,send)
-SSL *s;
-int send;
+ * decrypt.  It sets s->s2->padding and s->[rw]length
+ * if we are encrypting */
+void ssl2_enc(SSL *s, int send)
 	{
 	EVP_CIPHER_CTX *ds;
 	unsigned long l;
@@ -146,10 +147,7 @@ int send;
 	EVP_Cipher(ds,s->s2->mac_data,s->s2->mac_data,l);
 	}
 
-void ssl2_mac(s, md,send)
-SSL *s;
-unsigned char *md;
-int send;
+void ssl2_mac(SSL *s, unsigned char *md, int send)
 	{
 	EVP_MD_CTX c;
 	unsigned char sequence[4],*p,*sec,*act;
@@ -175,13 +173,20 @@ int send;
 	l2n(seq,p);
 
 	/* There has to be a MAC algorithm. */
-	EVP_DigestInit(&c,s->read_hash);
+	EVP_MD_CTX_init(&c);
+	EVP_DigestInit_ex(&c, s->read_hash, NULL);
 	EVP_DigestUpdate(&c,sec,
 		EVP_CIPHER_CTX_key_length(s->enc_read_ctx));
 	EVP_DigestUpdate(&c,act,len); 
 	/* the above line also does the pad data */
 	EVP_DigestUpdate(&c,sequence,4); 
-	EVP_DigestFinal(&c,md,NULL);
-	/* some would say I should zero the md context */
+	EVP_DigestFinal_ex(&c,md,NULL);
+	EVP_MD_CTX_cleanup(&c);
 	}
+#else /* !OPENSSL_NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
 
+#endif
diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c
index 172fc361cf..910b9fe097 100644
--- a/ssl/s2_lib.c
+++ b/ssl/s2_lib.c
@@ -56,31 +56,34 @@
  * [including the GNU Public Licence.]
  */
 
-#include <stdio.h>
-#include "rsa.h"
-#include "objects.h"
 #include "ssl_locl.h"
+#ifndef OPENSSL_NO_SSL2
+#include <stdio.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+#include "cryptlib.h"
 
-#ifndef NOPROTO
 static long ssl2_default_timeout(void );
-#else
-static long ssl2_default_timeout();
-#endif
-
-char *ssl2_version_str="SSLv2 part of SSLeay 0.9.1a 06-Jul-1998";
+const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
 
 #define SSL2_NUM_CIPHERS (sizeof(ssl2_ciphers)/sizeof(SSL_CIPHER))
 
-SSL_CIPHER ssl2_ciphers[]={
+OPENSSL_GLOBAL SSL_CIPHER ssl2_ciphers[]={
 /* NULL_WITH_MD5 v3 */
 #if 0
 	{
 	1,
 	SSL2_TXT_NULL_WITH_MD5,
 	SSL2_CK_NULL_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_EXP|SSL_SSLV2,
+	SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
+	SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
+	0,
+	0,
 	0,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 #endif
 /* RC4_128_EXPORT40_WITH_MD5 */
@@ -88,63 +91,91 @@ SSL_CIPHER ssl2_ciphers[]={
 	1,
 	SSL2_TXT_RC4_128_EXPORT40_WITH_MD5,
 	SSL2_CK_RC4_128_EXPORT40_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_EXP|SSL_SSLV2,
+	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
+	SSL_EXPORT|SSL_EXP40,
 	SSL2_CF_5_BYTE_ENC,
+	40,
+	128,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* RC4_128_WITH_MD5 */
 	{
 	1,
 	SSL2_TXT_RC4_128_WITH_MD5,
 	SSL2_CK_RC4_128_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
+	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
+	SSL_NOT_EXP|SSL_MEDIUM,
 	0,
+	128,
+	128,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* RC2_128_CBC_EXPORT40_WITH_MD5 */
 	{
 	1,
 	SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5,
 	SSL2_CK_RC2_128_CBC_EXPORT40_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_EXP|SSL_SSLV2,
+	SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
+	SSL_EXPORT|SSL_EXP40,
 	SSL2_CF_5_BYTE_ENC,
+	40,
+	128,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* RC2_128_CBC_WITH_MD5 */
 	{
 	1,
 	SSL2_TXT_RC2_128_CBC_WITH_MD5,
 	SSL2_CK_RC2_128_CBC_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
+	SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_SSLV2,
+	SSL_NOT_EXP|SSL_MEDIUM,
 	0,
+	128,
+	128,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* IDEA_128_CBC_WITH_MD5 */
 	{
 	1,
 	SSL2_TXT_IDEA_128_CBC_WITH_MD5,
 	SSL2_CK_IDEA_128_CBC_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_MEDIUM,
+	SSL_kRSA|SSL_aRSA|SSL_IDEA|SSL_MD5|SSL_SSLV2,
+	SSL_NOT_EXP|SSL_MEDIUM,
 	0,
+	128,
+	128,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* DES_64_CBC_WITH_MD5 */
 	{
 	1,
 	SSL2_TXT_DES_64_CBC_WITH_MD5,
 	SSL2_CK_DES_64_CBC_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_LOW,
+	SSL_kRSA|SSL_aRSA|SSL_DES|SSL_MD5|SSL_SSLV2,
+	SSL_NOT_EXP|SSL_LOW,
 	0,
+	56,
+	56,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* DES_192_EDE3_CBC_WITH_MD5 */
 	{
 	1,
 	SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5,
 	SSL2_CK_DES_192_EDE3_CBC_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_NOT_EXP|SSL_SSLV2|SSL_HIGH,
+	SSL_kRSA|SSL_aRSA|SSL_3DES|SSL_MD5|SSL_SSLV2,
+	SSL_NOT_EXP|SSL_HIGH,
 	0,
+	168,
+	168,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* RC4_64_WITH_MD5 */
 #if 1
@@ -152,9 +183,13 @@ SSL_CIPHER ssl2_ciphers[]={
 	1,
 	SSL2_TXT_RC4_64_WITH_MD5,
 	SSL2_CK_RC4_64_WITH_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2|SSL_LOW,
+	SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_SSLV2,
+	SSL_NOT_EXP|SSL_LOW,
 	SSL2_CF_8_BYTE_ENC,
+	64,
+	64,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 #endif
 /* NULL SSLeay (testing) */
@@ -164,7 +199,12 @@ SSL_CIPHER ssl2_ciphers[]={
 	SSL2_TXT_NULL,
 	SSL2_CK_NULL,
 	0,
+	SSL_STRONG_NONE,
+	0,
+	0,
+	0,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 #endif
 
@@ -194,25 +234,27 @@ static SSL_METHOD SSLv2_data= {
 	ssl_bad_method,
 	ssl2_default_timeout,
 	&ssl3_undef_enc_method,
+	ssl_undefined_function,
+	ssl2_callback_ctrl,	/* local */
+	ssl2_ctx_callback_ctrl,	/* local */
 	};
 
-static long ssl2_default_timeout()
+static long ssl2_default_timeout(void)
 	{
 	return(300);
 	}
 
-SSL_METHOD *sslv2_base_method()
+SSL_METHOD *sslv2_base_method(void)
 	{
 	return(&SSLv2_data);
 	}
 
-int ssl2_num_ciphers()
+int ssl2_num_ciphers(void)
 	{
 	return(SSL2_NUM_CIPHERS);
 	}
 
-SSL_CIPHER *ssl2_get_cipher(u)
-unsigned int u;
+SSL_CIPHER *ssl2_get_cipher(unsigned int u)
 	{
 	if (u < SSL2_NUM_CIPHERS)
 		return(&(ssl2_ciphers[SSL2_NUM_CIPHERS-1-u]));
@@ -220,24 +262,28 @@ unsigned int u;
 		return(NULL);
 	}
 
-int ssl2_pending(s)
-SSL *s;
+int ssl2_pending(SSL *s)
 	{
-	return(s->s2->ract_data_length);
+	return SSL_in_init(s) ? 0 : s->s2->ract_data_length;
 	}
 
-int ssl2_new(s)
-SSL *s;
+int ssl2_new(SSL *s)
 	{
-	SSL2_CTX *s2;
+	SSL2_STATE *s2;
 
-	if ((s2=(SSL2_CTX *)Malloc(sizeof(SSL2_CTX))) == NULL) goto err;
-	memset(s2,0,sizeof(SSL2_CTX));
+	if ((s2=OPENSSL_malloc(sizeof *s2)) == NULL) goto err;
+	memset(s2,0,sizeof *s2);
 
-	if ((s2->rbuf=(unsigned char *)Malloc(
-		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
-	if ((s2->wbuf=(unsigned char *)Malloc(
+#if SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER + 3 > SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER + 2
+#  error "assertion failed"
+#endif
+
+	if ((s2->rbuf=OPENSSL_malloc(
 		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+2)) == NULL) goto err;
+	/* wbuf needs one byte more because when using two-byte headers,
+	 * we leave the first byte unused in do_ssl_write (s2_pkt.c) */
+	if ((s2->wbuf=OPENSSL_malloc(
+		SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER+3)) == NULL) goto err;
 	s->s2=s2;
 
 	ssl2_clear(s);
@@ -245,30 +291,31 @@ SSL *s;
 err:
 	if (s2 != NULL)
 		{
-		if (s2->wbuf != NULL) Free(s2->wbuf);
-		if (s2->rbuf != NULL) Free(s2->rbuf);
-		Free(s2);
+		if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
+		if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
+		OPENSSL_free(s2);
 		}
 	return(0);
 	}
 
-void ssl2_free(s)
-SSL *s;
+void ssl2_free(SSL *s)
 	{
-	SSL2_CTX *s2;
+	SSL2_STATE *s2;
+
+	if(s == NULL)
+	    return;
 
 	s2=s->s2;
-	if (s2->rbuf != NULL) Free(s2->rbuf);
-	if (s2->wbuf != NULL) Free(s2->wbuf);
-	memset(s2,0,sizeof(SSL2_CTX));
-	Free(s2);
+	if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
+	if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
+	OPENSSL_cleanse(s2,sizeof *s2);
+	OPENSSL_free(s2);
 	s->s2=NULL;
 	}
 
-void ssl2_clear(s)
-SSL *s;
+void ssl2_clear(SSL *s)
 	{
-	SSL2_CTX *s2;
+	SSL2_STATE *s2;
 	unsigned char *rbuf,*wbuf;
 
 	s2=s->s2;
@@ -276,7 +323,7 @@ SSL *s;
 	rbuf=s2->rbuf;
 	wbuf=s2->wbuf;
 
-	memset(s2,0,sizeof(SSL2_CTX));
+	memset(s2,0,sizeof *s2);
 
 	s2->rbuf=rbuf;
 	s2->wbuf=wbuf;
@@ -286,11 +333,7 @@ SSL *s;
 	s->packet_length=0;
 	}
 
-long ssl2_ctrl(s,cmd,larg,parg)
-SSL *s;
-int cmd;
-long larg;
-char *parg;
+long ssl2_ctrl(SSL *s, int cmd, long larg, void *parg)
 	{
 	int ret=0;
 
@@ -305,19 +348,24 @@ char *parg;
 	return(ret);
 	}
 
-long ssl2_ctx_ctrl(ctx,cmd,larg,parg)
-SSL_CTX *ctx;
-int cmd;
-long larg;
-char *parg;
+long ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)())
+	{
+	return(0);
+	}
+
+long ssl2_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+	{
+	return(0);
+	}
+
+long ssl2_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
 	{
 	return(0);
 	}
 
 /* This function needs to check if the ciphers required are actually
  * available */
-SSL_CIPHER *ssl2_get_cipher_by_char(p)
-unsigned char *p;
+SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p)
 	{
 	static int init=1;
 	static SSL_CIPHER *sorted[SSL2_NUM_CIPHERS];
@@ -327,14 +375,21 @@ unsigned char *p;
 
 	if (init)
 		{
-		init=0;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
 
-		for (i=0; i<SSL2_NUM_CIPHERS; i++)
-			sorted[i]= &(ssl2_ciphers[i]);
+		if (init)
+			{
+			for (i=0; i<SSL2_NUM_CIPHERS; i++)
+				sorted[i]= &(ssl2_ciphers[i]);
 
-		qsort(  (char *)sorted,
-			SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-			FP_ICC ssl_cipher_ptr_id_cmp);
+			qsort((char *)sorted,
+				SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+				FP_ICC ssl_cipher_ptr_id_cmp);
+
+			init=0;
+			}
+			
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
 		}
 
 	id=0x02000000L|((unsigned long)p[0]<<16L)|
@@ -343,16 +398,14 @@ unsigned char *p;
 	cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
 		(char *)sorted,
 		SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-		(int (*)())ssl_cipher_ptr_id_cmp);
+		FP_ICC ssl_cipher_ptr_id_cmp);
 	if ((cpp == NULL) || !(*cpp)->valid)
 		return(NULL);
 	else
 		return(*cpp);
 	}
 
-int ssl2_put_cipher_by_char(c,p)
-SSL_CIPHER *c;
-unsigned char *p;
+int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
 	{
 	long l;
 
@@ -367,32 +420,57 @@ unsigned char *p;
 	return(3);
 	}
 
-void ssl2_generate_key_material(s)
-SSL *s;
+int ssl2_generate_key_material(SSL *s)
 	{
 	unsigned int i;
-	MD5_CTX ctx;
+	EVP_MD_CTX ctx;
 	unsigned char *km;
 	unsigned char c='0';
+	const EVP_MD *md5;
+
+	md5 = EVP_md5();
 
+#ifdef CHARSET_EBCDIC
+	c = os_toascii['0']; /* Must be an ASCII '0', not EBCDIC '0',
+				see SSLv2 docu */
+#endif
+	EVP_MD_CTX_init(&ctx);
 	km=s->s2->key_material;
-	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
-		{
-		MD5_Init(&ctx);
 
-		MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
-		MD5_Update(&ctx,(unsigned char *)&c,1);
+ 	if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key)
+ 		{
+ 		SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
+ 		return 0;
+ 		}
+
+	for (i=0; i<s->s2->key_material_length; i += EVP_MD_size(md5))
+		{
+		if (((km - s->s2->key_material) + EVP_MD_size(md5)) > sizeof s->s2->key_material)
+			{
+			/* EVP_DigestFinal_ex() below would write beyond buffer */
+			SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, ERR_R_INTERNAL_ERROR);
+			return 0;
+			}
+
+		EVP_DigestInit_ex(&ctx, md5, NULL);
+
+		OPENSSL_assert(s->session->master_key_length >= 0
+		    && s->session->master_key_length
+		    < sizeof s->session->master_key);
+		EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
+		EVP_DigestUpdate(&ctx,&c,1);
 		c++;
-		MD5_Update(&ctx,s->s2->challenge,s->s2->challenge_length);
-		MD5_Update(&ctx,s->s2->conn_id,s->s2->conn_id_length);
-		MD5_Final(km,&ctx);
-		km+=MD5_DIGEST_LENGTH;
+		EVP_DigestUpdate(&ctx,s->s2->challenge,s->s2->challenge_length);
+		EVP_DigestUpdate(&ctx,s->s2->conn_id,s->s2->conn_id_length);
+		EVP_DigestFinal_ex(&ctx,km,NULL);
+		km += EVP_MD_size(md5);
 		}
+
+	EVP_MD_CTX_cleanup(&ctx);
+	return 1;
 	}
 
-void ssl2_return_error(s,err)
-SSL *s;
-int err;
+void ssl2_return_error(SSL *s, int err)
 	{
 	if (!s->error)
 		{
@@ -404,10 +482,9 @@ int err;
 	}
 
 
-void ssl2_write_error(s)
-SSL *s;
+void ssl2_write_error(SSL *s)
 	{
-	char buf[3];
+	unsigned char buf[3];
 	int i,error;
 
 	buf[0]=SSL2_MT_ERROR;
@@ -415,23 +492,35 @@ SSL *s;
 	buf[2]=(s->error_code)&0xff;
 
 /*	state=s->rwstate;*/
-	error=s->error;
+
+	error=s->error; /* number of bytes left to write */
 	s->error=0;
+	OPENSSL_assert(error >= 0 && error <= sizeof buf);
 	i=ssl2_write(s,&(buf[3-error]),error);
+
 /*	if (i == error) s->rwstate=state; */
 
 	if (i < 0)
 		s->error=error;
-	else if (i != s->error)
+	else
+		{
 		s->error=error-i;
-	/* else
-		s->error=0; */
+
+		if (s->error == 0)
+			if (s->msg_callback)
+				s->msg_callback(1, s->version, 0, buf, 3, s, s->msg_callback_arg); /* ERROR */
+		}
 	}
 
-int ssl2_shutdown(s)
-SSL *s;
+int ssl2_shutdown(SSL *s)
 	{
 	s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 	return(1);
 	}
+#else /* !OPENSSL_NO_SSL2 */
 
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
+#endif
diff --git a/ssl/s2_meth.c b/ssl/s2_meth.c
index cfc8828cc7..8b6cbd086e 100644
--- a/ssl/s2_meth.c
+++ b/ssl/s2_meth.c
@@ -56,12 +56,13 @@
  * [including the GNU Public Licence.]
  */
 
-#include <stdio.h>
-#include "objects.h"
 #include "ssl_locl.h"
+#ifndef OPENSSL_NO_SSL2
+#include <stdio.h>
+#include <openssl/objects.h>
 
-static SSL_METHOD *ssl2_get_method(ver)
-int ver;
+static SSL_METHOD *ssl2_get_method(int ver);
+static SSL_METHOD *ssl2_get_method(int ver)
 	{
 	if (ver == SSL2_VERSION)
 		return(SSLv2_method());
@@ -69,20 +70,33 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *SSLv2_method()
+SSL_METHOD *SSLv2_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD SSLv2_data;
 
 	if (init)
 		{
-		init=0;
-		memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
-			sizeof(SSL_METHOD));
-		SSLv2_data.ssl_connect=ssl2_connect;
-		SSLv2_data.ssl_accept=ssl2_accept;
-		SSLv2_data.get_ssl_method=ssl2_get_method;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+		
+		if (init)
+			{
+			memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
+				sizeof(SSL_METHOD));
+			SSLv2_data.ssl_connect=ssl2_connect;
+			SSLv2_data.ssl_accept=ssl2_accept;
+			SSLv2_data.get_ssl_method=ssl2_get_method;
+			init=0;
+			}
+		
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv2_data);
 	}
+#else /* !OPENSSL_NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
 
+#endif
diff --git a/ssl/s2_pkt.c b/ssl/s2_pkt.c
index e4167b53af..d82f137613 100644
--- a/ssl/s2_pkt.c
+++ b/ssl/s2_pkt.c
@@ -55,68 +55,92 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
+#include "ssl_locl.h"
+#ifndef OPENSSL_NO_SSL2
 #include <stdio.h>
 #include <errno.h>
+#include "cryptlib.h"
 #define USE_SOCKETS
-#include "ssl_locl.h"
 
-/* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_NO_CIPHER);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_NO_CERTIFICATE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_CERTIFICATE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_UNKNOWN_REMOTE_ERROR_TYPE);
- */
-
-#ifndef NOPROTO
 static int read_n(SSL *s,unsigned int n,unsigned int max,unsigned int extend);
-static int do_ssl_write(SSL *s, char *buf, unsigned int len);
-static int write_pending(SSL *s, char *buf, unsigned int len);
+static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len);
+static int write_pending(SSL *s, const unsigned char *buf, unsigned int len);
 static int ssl_mt_error(int n);
-#else
-static int read_n();
-static int do_ssl_write();
-static int write_pending();
-static int ssl_mt_error();
-#endif
 
-int ssl2_peek(s,buf,len)
-SSL *s;
-char *buf;
-int len;
-	{
-	int ret;
-
-	ret=ssl2_read(s,buf,len);
-	if (ret > 0)
-	        {
-		s->s2->ract_data_length+=ret;
-		s->s2->ract_data-=ret;
-		}
-	return(ret);
-	}
 
-/* SSL_read -
+/* SSL 2.0 imlementation for SSL_read/SSL_peek -
  * This routine will return 0 to len bytes, decrypted etc if required.
  */
-int ssl2_read(s, buf, len)
-SSL *s;
-char *buf;
-int len;
+static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
 	{
 	int n;
 	unsigned char mac[MAX_MAC_SIZE];
 	unsigned char *p;
 	int i;
-	unsigned int mac_size=0;
+	unsigned int mac_size;
 
+ ssl2_read_again:
 	if (SSL_in_init(s) && !s->in_handshake)
 		{
 		n=s->handshake_func(s);
 		if (n < 0) return(n);
 		if (n == 0)
 			{
-			SSLerr(SSL_F_SSL2_READ,SSL_R_SSL_HANDSHAKE_FAILURE);
+			SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_SSL_HANDSHAKE_FAILURE);
 			return(-1);
 			}
 		}
@@ -133,13 +157,22 @@ int len;
 			n=len;
 
 		memcpy(buf,s->s2->ract_data,(unsigned int)n);
-		s->s2->ract_data_length-=n;
-		s->s2->ract_data+=n;
-		if (s->s2->ract_data_length == 0)
-			s->rstate=SSL_ST_READ_HEADER;
+		if (!peek)
+			{
+			s->s2->ract_data_length-=n;
+			s->s2->ract_data+=n;
+			if (s->s2->ract_data_length == 0)
+				s->rstate=SSL_ST_READ_HEADER;
+			}
+
 		return(n);
 		}
 
+	/* s->s2->ract_data_length == 0
+	 * 
+	 * Fill the buffer, then goto ssl2_read_again.
+	 */
+
 	if (s->rstate == SSL_ST_READ_HEADER)
 		{
 		if (s->first_packet)
@@ -152,7 +185,7 @@ int len;
 				(p[2] == SSL2_MT_CLIENT_HELLO) ||
 				(p[2] == SSL2_MT_SERVER_HELLO))))
 				{
-				SSLerr(SSL_F_SSL2_READ,SSL_R_NON_SSLV2_INITIAL_PACKET);
+				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_NON_SSLV2_INITIAL_PACKET);
 				return(-1);
 				}
 			}
@@ -203,17 +236,26 @@ int len;
 		/* Data portion */
 		if (s->s2->clear_text)
 			{
+			mac_size = 0;
 			s->s2->mac_data=p;
 			s->s2->ract_data=p;
-			s->s2->pad_data=NULL;
+			if (s->s2->padding)
+				{
+				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);
+				return(-1);
+				}
 			}
 		else
 			{
 			mac_size=EVP_MD_size(s->read_hash);
+			OPENSSL_assert(mac_size <= MAX_MAC_SIZE);
 			s->s2->mac_data=p;
 			s->s2->ract_data= &p[mac_size];
-			s->s2->pad_data= &p[mac_size+
-				s->s2->rlength-s->s2->padding];
+			if (s->s2->padding + mac_size > s->s2->rlength)
+				{
+				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);
+				return(-1);
+				}
 			}
 
 		s->s2->ract_data_length=s->s2->rlength;
@@ -230,33 +272,51 @@ int len;
 				(unsigned int)mac_size) != 0) ||
 				(s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
 				{
-				SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_MAC_DECODE);
+				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);
 				return(-1);
 				}
 			}
 		INC32(s->s2->read_sequence); /* expect next number */
 		/* s->s2->ract_data is now available for processing */
 
-		/* If a 0 byte packet was sent, return 0, otherwise
-		 * we play havoc with people using select with
-		 * blocking sockets.  Let them handle a packet at a time,
-		 * they should really be using non-blocking sockets. */
-		if (s->s2->ract_data_length == 0)
-			return(0);
-		return(ssl2_read(s,buf,len));
+		/* Possibly the packet that we just read had 0 actual data bytes.
+		 * (SSLeay/OpenSSL itself never sends such packets; see ssl2_write.)
+		 * In this case, returning 0 would be interpreted by the caller
+		 * as indicating EOF, so it's not a good idea.  Instead, we just
+		 * continue reading; thus ssl2_read_internal may have to process
+		 * multiple packets before it can return.
+		 *
+		 * [Note that using select() for blocking sockets *never* guarantees
+		 * that the next SSL_read will not block -- the available
+		 * data may contain incomplete packets, and except for SSL 2,
+		 * renegotiation can confuse things even more.] */
+
+		goto ssl2_read_again; /* This should really be
+		                       * "return ssl2_read(s,buf,len)",
+		                       * but that would allow for
+		                       * denial-of-service attacks if a
+		                       * C compiler is used that does not
+		                       * recognize end-recursion. */
 		}
 	else
 		{
-		SSLerr(SSL_F_SSL2_READ,SSL_R_BAD_STATE);
+		SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_STATE);
 			return(-1);
 		}
 	}
 
-static int read_n(s, n, max, extend)
-SSL *s;
-unsigned int n;
-unsigned int max;
-unsigned int extend;
+int ssl2_read(SSL *s, void *buf, int len)
+	{
+	return ssl2_read_internal(s, buf, len, 0);
+	}
+
+int ssl2_peek(SSL *s, void *buf, int len)
+	{
+	return ssl2_read_internal(s, buf, len, 1);
+	}
+
+static int read_n(SSL *s, unsigned int n, unsigned int max,
+	     unsigned int extend)
 	{
 	int i,off,newb;
 
@@ -354,11 +414,9 @@ unsigned int extend;
 	return(n);
 	}
 
-int ssl2_write(s, buf, len)
-SSL *s;
-char *buf;
-int len;
+int ssl2_write(SSL *s, const void *_buf, int len)
 	{
+	const unsigned char *buf=_buf;
 	unsigned int n,tot;
 	int i;
 
@@ -396,17 +454,18 @@ int len;
 			s->s2->wnum=tot;
 			return(i);
 			}
-		if (i == (int)n) return(tot+i);
-
+		if ((i == (int)n) ||
+			(s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))
+			{
+			return(tot+i);
+			}
+		
 		n-=i;
 		tot+=i;
 		}
 	}
 
-static int write_pending(s,buf,len)
-SSL *s;
-char *buf;
-unsigned int len;
+static int write_pending(SSL *s, const unsigned char *buf, unsigned int len)
 	{
 	int i;
 
@@ -414,7 +473,9 @@ unsigned int len;
 
 	/* check that they have given us the same buffer to
 	 * write */
-	if ((s->s2->wpend_tot > (int)len) || (s->s2->wpend_buf != buf))
+	if ((s->s2->wpend_tot > (int)len) ||
+		((s->s2->wpend_buf != buf) &&
+		 !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)))
 		{
 		SSLerr(SSL_F_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
 		return(-1);
@@ -451,10 +512,7 @@ unsigned int len;
 		}
 	}
 
-static int do_ssl_write(s, buf, len)
-SSL *s;
-char *buf;
-unsigned int len;
+static int do_ssl_write(SSL *s, const unsigned char *buf, unsigned int len)
 	{
 	unsigned int j,k,olen,p,mac_size,bs;
 	register unsigned char *pp;
@@ -487,6 +545,9 @@ unsigned int len;
 		{
 		bs=EVP_CIPHER_CTX_block_size(s->enc_read_ctx);
 		j=len+mac_size;
+		/* Two-byte headers allow for a larger record length than
+		 * three-byte headers, but we can't use them if we need
+		 * padding or if we have to set the escape bit. */
 		if ((j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER) &&
 			(!s->s2->escape))
 			{
@@ -502,25 +563,39 @@ unsigned int len;
 			}
 		else if ((bs <= 1) && (!s->s2->escape))
 			{
-			/* len=len; */
+			/* j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, thus
+			 * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER */
 			s->s2->three_byte_header=0;
 			p=0;
 			}
-		else /* 3 byte header */
+		else /* we may have to use a 3 byte header */
 			{
-			/*len=len; */
+			/* If s->s2->escape is not set, then
+			 * j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER, and thus
+			 * j < SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER. */
 			p=(j%bs);
 			p=(p == 0)?0:(bs-p);
 			if (s->s2->escape)
+				{
 				s->s2->three_byte_header=1;
+				if (j > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+					j=SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER;
+				}
 			else
 				s->s2->three_byte_header=(p == 0)?0:1;
 			}
 		}
+
+	/* Now
+	 *      j <= SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER
+	 * holds, and if s->s2->three_byte_header is set, then even
+	 *      j <= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER.
+	 */
+
 	/* mac_size is the number of MAC bytes
 	 * len is the number of data bytes we are going to send
 	 * p is the number of padding bytes
-	 * if p == 0, it is a 2 byte header */
+	 * (if it is a two-byte header, then p == 0) */
 
 	s->s2->wlength=len;
 	s->s2->padding=p;
@@ -528,10 +603,8 @@ unsigned int len;
 	s->s2->wact_data= &(s->s2->wbuf[3+mac_size]);
 	/* we copy the data into s->s2->wbuf */
 	memcpy(s->s2->wact_data,buf,len);
-#ifdef PURIFY
 	if (p)
-		memset(&(s->s2->wact_data[len]),0,p);
-#endif
+		memset(&(s->s2->wact_data[len]),0,p); /* arbitrary padding */
 
 	if (!s->s2->clear_text)
 		{
@@ -567,7 +640,7 @@ unsigned int len;
 
 	/* lets try to actually write the data */
 	s->s2->wpend_tot=olen;
-	s->s2->wpend_buf=(char *)buf;
+	s->s2->wpend_buf=buf;
 
 	s->s2->wpend_ret=len;
 
@@ -575,48 +648,56 @@ unsigned int len;
 	return(write_pending(s,buf,olen));
 	}
 
-int ssl2_part_read(s,f,i)
-SSL *s;
-unsigned long f;
-int i;
+int ssl2_part_read(SSL *s, unsigned long f, int i)
 	{
 	unsigned char *p;
 	int j;
 
-	/* check for error */
-	if ((s->init_num == 0) && (i >= 3))
-		{
-		p=(unsigned char *)s->init_buf->data;
-		if (p[0] == SSL2_MT_ERROR)
-			{
-			j=(p[1]<<8)|p[2];
-			SSLerr((int)f,ssl_mt_error(j));
-			}
-		}
-
 	if (i < 0)
 		{
 		/* ssl2_return_error(s); */
 		/* for non-blocking io,
-		 * this is not fatal */
+		 * this is not necessarily fatal */
 		return(i);
 		}
 	else
 		{
 		s->init_num+=i;
+
+		/* Check for error.  While there are recoverable errors,
+		 * this function is not called when those must be expected;
+		 * any error detected here is fatal. */
+		if (s->init_num >= 3)
+			{
+			p=(unsigned char *)s->init_buf->data;
+			if (p[0] == SSL2_MT_ERROR)
+				{
+				j=(p[1]<<8)|p[2];
+				SSLerr((int)f,ssl_mt_error(j));
+				s->init_num -= 3;
+				if (s->init_num > 0)
+					memmove(p, p+3, s->init_num);
+				}
+			}
+
+		/* If it's not an error message, we have some error anyway --
+		 * the message was shorter than expected.  This too is treated
+		 * as fatal (at least if SSL_get_error is asked for its opinion). */
 		return(0);
 		}
 	}
 
-int ssl2_do_write(s)
-SSL *s;
+int ssl2_do_write(SSL *s)
 	{
 	int ret;
 
-	ret=ssl2_write(s,(char *)&(s->init_buf->data[s->init_off]),
-		s->init_num);
+	ret=ssl2_write(s,&s->init_buf->data[s->init_off],s->init_num);
 	if (ret == s->init_num)
+		{
+		if (s->msg_callback)
+			s->msg_callback(1, s->version, 0, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
 		return(1);
+		}
 	if (ret < 0)
 		return(-1);
 	s->init_off+=ret;
@@ -624,8 +705,7 @@ SSL *s;
 	return(0);
 	}
 
-static int ssl_mt_error(n)
-int n;
+static int ssl_mt_error(int n)
 	{
 	int ret;
 
@@ -649,3 +729,10 @@ int n;
 		}
 	return(ret);
 	}
+#else /* !OPENSSL_NO_SSL2 */
+
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
+#endif
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index c6c8ea32f1..62859a2d95 100644
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -55,15 +55,70 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
-#include <stdio.h>
-#include "bio.h"
-#include "rand.h"
-#include "objects.h"
 #include "ssl_locl.h"
-#include "evp.h"
+#ifndef OPENSSL_NO_SSL2
+#include <stdio.h>
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include "cryptlib.h"
 
-#ifndef NOPROTO
+static SSL_METHOD *ssl2_get_server_method(int ver);
 static int get_client_master_key(SSL *s);
 static int get_client_hello(SSL *s);
 static int server_hello(SSL *s); 
@@ -73,21 +128,9 @@ static int server_finish(SSL *s);
 static int request_certificate(SSL *s);
 static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
 	unsigned char *to,int padding);
-#else
-static int get_client_master_key();
-static int get_client_hello();
-static int server_hello(); 
-static int get_client_finished();
-static int server_verify();
-static int server_finish();
-static int request_certificate();
-static int ssl_rsa_private_decrypt();
-#endif
-
 #define BREAK	break
 
-static SSL_METHOD *ssl2_get_server_method(ver)
-int ver;
+static SSL_METHOD *ssl2_get_server_method(int ver)
 	{
 	if (ver == SSL2_VERSION)
 		return(SSLv2_server_method());
@@ -95,33 +138,39 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *SSLv2_server_method()
+SSL_METHOD *SSLv2_server_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD SSLv2_server_data;
 
 	if (init)
 		{
-		init=0;
-		memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
-			sizeof(SSL_METHOD));
-		SSLv2_server_data.ssl_accept=ssl2_accept;
-		SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+		if (init)
+			{
+			memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
+				sizeof(SSL_METHOD));
+			SSLv2_server_data.ssl_accept=ssl2_accept;
+			SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
+			init=0;
+			}
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv2_server_data);
 	}
 
-int ssl2_accept(s)
-SSL *s;
+int ssl2_accept(SSL *s)
 	{
 	unsigned long l=time(NULL);
 	BUF_MEM *buf=NULL;
 	int ret= -1;
 	long num1;
-	void (*cb)()=NULL;
+	void (*cb)(const SSL *ssl,int type,int val)=NULL;
 	int new_state,state;
 
-	RAND_seed((unsigned char *)&l,sizeof(l));
+	RAND_add(&l,sizeof(l),0);
 	ERR_clear_error();
 	clear_sys_error();
 
@@ -131,11 +180,10 @@ SSL *s;
 		cb=s->ctx->info_callback;
 
 	/* init things to blank */
-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 	s->in_handshake++;
+	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 
-	if (((s->session == NULL) || (s->session->cert == NULL)) &&
-		(s->cert == NULL))
+	if (s->cert == NULL)
 		{
 		SSLerr(SSL_F_SSL2_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
 		return(-1);
@@ -153,6 +201,7 @@ SSL *s;
 		case SSL_ST_BEFORE|SSL_ST_ACCEPT:
 		case SSL_ST_OK|SSL_ST_ACCEPT:
 
+			s->server=1;
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
 			s->version=SSL2_VERSION;
@@ -166,7 +215,7 @@ SSL *s;
 				{ ret= -1; goto end; }
 			s->init_buf=buf;
 			s->init_num=0;
-			s->ctx->sess_accept++;
+			s->ctx->stats.sess_accept++;
 			s->handshake_func=ssl2_accept;
 			s->state=SSL2_ST_GET_CLIENT_HELLO_A;
 			BREAK;
@@ -293,13 +342,14 @@ SSL *s;
 
 		case SSL_ST_OK:
 			BUF_MEM_free(s->init_buf);
+			ssl_free_wbio_buffer(s);
 			s->init_buf=NULL;
 			s->init_num=0;
 		/*	ERR_clear_error();*/
 
 			ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
 
-			s->ctx->sess_accept_good++;
+			s->ctx->stats.sess_accept_good++;
 			/* s->server=1; */
 			ret=1;
 
@@ -330,14 +380,14 @@ end:
 	return(ret);
 	}
 
-static int get_client_master_key(s)
-SSL *s;
+static int get_client_master_key(SSL *s)
 	{
-	int export,i,n,keya,error=0,ek;
+	int is_export,i,n,keya,ek;
+	unsigned long len;
 	unsigned char *p;
 	SSL_CIPHER *cp;
-	EVP_CIPHER *c;
-	EVP_MD *md;
+	const EVP_CIPHER *c;
+	const EVP_MD *md;
 
 	p=(unsigned char *)s->init_buf->data;
 	if (s->state == SSL2_ST_GET_CLIENT_MASTER_KEY_A)
@@ -346,6 +396,8 @@ SSL *s;
 
 		if (i < (10-s->init_num))
 			return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
+		s->init_num = 10;
+
 		if (*(p++) != SSL2_MT_CLIENT_MASTER_KEY)
 			{
 			if (p[-1] != SSL2_MT_ERROR)
@@ -354,8 +406,7 @@ SSL *s;
 				SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);
 				}
 			else
-				SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
-					SSL_R_PEER_ERROR);
+				SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR);
 			return(-1);
 			}
 
@@ -363,8 +414,7 @@ SSL *s;
 		if (cp == NULL)
 			{
 			ssl2_return_error(s,SSL2_PE_NO_CIPHER);
-			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
-				SSL_R_NO_CIPHER_MATCH);
+			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
 			return(-1);
 			}
 		s->session->cipher= cp;
@@ -373,21 +423,42 @@ SSL *s;
 		n2s(p,i); s->s2->tmp.clear=i;
 		n2s(p,i); s->s2->tmp.enc=i;
 		n2s(p,i); s->session->key_arg_length=i;
+		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+			{
+			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
+			return -1;
+			}
 		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
-		s->init_num=0;
 		}
 
 	/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
 	p=(unsigned char *)s->init_buf->data;
+	if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+		{
+		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
+		return -1;
+		}
 	keya=s->session->key_arg_length;
-	n=s->s2->tmp.clear+s->s2->tmp.enc+keya - s->init_num;
-	i=ssl2_read(s,(char *)&(p[s->init_num]),n);
+	len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
+	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+		{
+		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
+		return -1;
+		}
+	n = (int)len - s->init_num;
+	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
 	if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
+	if (s->msg_callback)
+		s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-MASTER-KEY */
+	p += 10;
 
 	memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]),
 		(unsigned int)keya);
 
-	if (s->session->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)
+	if (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)
 		{
 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
@@ -397,9 +468,9 @@ SSL *s;
 		&(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
 		(s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
 
-	export=(s->session->cipher->algorithms & SSL_EXP)?1:0;
+	is_export=SSL_C_IS_EXPORT(s->session->cipher);
 	
-	if (!ssl_cipher_get_evp(s->session->cipher,&c,&md))
+	if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
 		{
 		ssl2_return_error(s,SSL2_PE_NO_CIPHER);
 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS);
@@ -408,7 +479,7 @@ SSL *s;
 
 	if (s->session->cipher->algorithm2 & SSL2_CF_8_BYTE_ENC)
 		{
-		export=1;
+		is_export=1;
 		ek=8;
 		}
 	else
@@ -417,17 +488,18 @@ SSL *s;
 	/* bad decrypt */
 #if 1
 	/* If a bad decrypt, continue with protocol but with a
-	 * dud master secret */
+	 * random master secret (Bleichenbacher attack) */
 	if ((i < 0) ||
-		((!export && (i != EVP_CIPHER_key_length(c)))
-		|| ( export && ((i != ek) || (s->s2->tmp.clear+i !=
-			EVP_CIPHER_key_length(c))))))
+		((!is_export && (i != EVP_CIPHER_key_length(c)))
+		|| (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
+			(unsigned int)EVP_CIPHER_key_length(c))))))
 		{
-		if (export)
+		ERR_clear_error();
+		if (is_export)
 			i=ek;
 		else
 			i=EVP_CIPHER_key_length(c);
-		RAND_bytes(p,i);
+		RAND_pseudo_bytes(p,i);
 		}
 #else
 	if (i < 0)
@@ -436,8 +508,8 @@ SSL *s;
 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_RSA_DECRYPT);
 		}
 	/* incorrect number of key bytes for non export cipher */
-	else if ((!export && (i != EVP_CIPHER_key_length(c)))
-		|| ( export && ((i != ek) || (s->s2->tmp.clear+i !=
+	else if ((!is_export && (i != EVP_CIPHER_key_length(c)))
+		|| (is_export && ((i != ek) || (s->s2->tmp.clear+i !=
 			EVP_CIPHER_key_length(c)))))
 		{
 		error=1;
@@ -450,19 +522,27 @@ SSL *s;
 		}
 #endif
 
-	if (export) i+=s->s2->tmp.clear;
+	if (is_export) i+=s->s2->tmp.clear;
+
+	if (i > SSL_MAX_MASTER_KEY_LENGTH)
+		{
+		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, ERR_R_INTERNAL_ERROR);
+		return -1;
+		}
 	s->session->master_key_length=i;
 	memcpy(s->session->master_key,p,(unsigned int)i);
 	return(1);
 	}
 
-static int get_client_hello(s)
-SSL *s;
+static int get_client_hello(SSL *s)
 	{
 	int i,n;
+	unsigned long len;
 	unsigned char *p;
-	STACK *cs; /* a stack of SSL_CIPHERS */
-	STACK *cl; /* the ones we want to use */
+	STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */
+	STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */
+	STACK_OF(SSL_CIPHER) *prio, *allow;
 	int z;
 
 	/* This is a bit of a hack to check for the correct packet
@@ -479,6 +559,7 @@ SSL *s;
 		i=ssl2_read(s,(char *)&(p[s->init_num]),9-s->init_num);
 		if (i < (9-s->init_num)) 
 			return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
+		s->init_num = 9;
 	
 		if (*(p++) != SSL2_MT_CLIENT_HELLO)
 			{
@@ -499,19 +580,28 @@ SSL *s;
 		if (	(i < SSL2_MIN_CHALLENGE_LENGTH) ||
 			(i > SSL2_MAX_CHALLENGE_LENGTH))
 			{
+			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 			SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH);
 			return(-1);
 			}
 		s->state=SSL2_ST_GET_CLIENT_HELLO_C;
-		s->init_num=0;
 		}
 
 	/* SSL2_ST_GET_CLIENT_HELLO_C */
 	p=(unsigned char *)s->init_buf->data;
-	n=s->s2->tmp.cipher_spec_length+s->s2->challenge_length+
-		s->s2->tmp.session_id_length-s->init_num;
-	i=ssl2_read(s,(char *)&(p[s->init_num]),n);
+	len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length;
+	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+		{
+		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+		SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG);
+		return -1;
+		}
+	n = (int)len - s->init_num;
+	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
 	if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
+	if (s->msg_callback)
+		s->msg_callback(0, s->version, 0, p, (size_t)len, s, s->msg_callback_arg); /* CLIENT-HELLO */
+	p += 9;
 
 	/* get session-id before cipher stuff so we can get out session
 	 * structure if it is cached */
@@ -568,21 +658,37 @@ SSL *s;
 			&s->session->ciphers);
 		if (cs == NULL) goto mem_err;
 
-		cl=ssl_get_ciphers_by_id(s);
+		cl=SSL_get_ciphers(s);
 
-		for (z=0; z<sk_num(cs); z++)
+		if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
+		    {
+		    prio=sk_SSL_CIPHER_dup(cl);
+		    if (prio == NULL) goto mem_err;
+		    allow = cs;
+		    }
+		else
+		    {
+		    prio = cs;
+		    allow = cl;
+		    }
+		for (z=0; z<sk_SSL_CIPHER_num(prio); z++)
 			{
-			if (sk_find(cl,sk_value(cs,z)) < 0)
+			if (sk_SSL_CIPHER_find(allow,sk_SSL_CIPHER_value(prio,z)) < 0)
 				{
-				sk_delete(cs,z);
+				sk_SSL_CIPHER_delete(prio,z);
 				z--;
 				}
 			}
-
+		if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
+		    {
+		    sk_SSL_CIPHER_free(s->session->ciphers);
+		    s->session->ciphers = prio;
+		    }
 		/* s->session->ciphers should now have a list of
 		 * ciphers that are on both the client and server.
 		 * This list is ordered by the order the client sent
-		 * the ciphers.
+		 * the ciphers or in the order of the server's preference
+		 * if SSL_OP_CIPHER_SERVER_PREFERENCE was set.
 		 */
 		}
 	p+=s->s2->tmp.cipher_spec_length;
@@ -592,6 +698,12 @@ SSL *s;
 	p+=s->s2->tmp.session_id_length;
 
 	/* challenge */
+	if (s->s2->challenge_length > sizeof s->s2->challenge)
+		{
+		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+		SSLerr(SSL_F_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+		return -1;
+		}
 	memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
 	return(1);
 mem_err:
@@ -599,12 +711,11 @@ mem_err:
 	return(0);
 	}
 
-static int server_hello(s)
-SSL *s;
+static int server_hello(SSL *s)
 	{
 	unsigned char *p,*d;
 	int n,hit;
-	STACK *sk;
+	STACK_OF(SSL_CIPHER) *sk;
 
 	p=(unsigned char *)s->init_buf->data;
 	if (s->state == SSL2_ST_SEND_SERVER_HELLO_A)
@@ -613,27 +724,52 @@ SSL *s;
 		*(p++)=SSL2_MT_SERVER_HELLO;		/* type */
 		hit=s->hit;
 		*(p++)=(unsigned char)hit;
+#if 1
+		if (!hit)
+			{
+			if (s->session->sess_cert != NULL)
+				/* This can't really happen because get_client_hello
+				 * has called ssl_get_new_session, which does not set
+				 * sess_cert. */
+				ssl_sess_cert_free(s->session->sess_cert);
+			s->session->sess_cert = ssl_sess_cert_new();
+			if (s->session->sess_cert == NULL)
+				{
+				SSLerr(SSL_F_SERVER_HELLO, ERR_R_MALLOC_FAILURE);
+				return(-1);
+				}
+			}
+		/* If 'hit' is set, then s->sess_cert may be non-NULL or NULL,
+		 * depending on whether it survived in the internal cache
+		 * or was retrieved from an external cache.
+		 * If it is NULL, we cannot put any useful data in it anyway,
+		 * so we don't touch it.
+		 */
+
+#else /* That's what used to be done when cert_st and sess_cert_st were
+	   * the same. */
 		if (!hit)
 			{			/* else add cert to session */
 			CRYPTO_add(&s->cert->references,1,CRYPTO_LOCK_SSL_CERT);
-			if (s->session->cert != NULL)
-				ssl_cert_free(s->session->cert);
-			s->session->cert=s->cert;		
+			if (s->session->sess_cert != NULL)
+				ssl_cert_free(s->session->sess_cert);
+			s->session->sess_cert=s->cert;		
 			}
 		else	/* We have a session id-cache hit, if the
 			 * session-id has no certificate listed against
 			 * the 'cert' structure, grab the 'old' one
 			 * listed against the SSL connection */
 			{
-			if (s->session->cert == NULL)
+			if (s->session->sess_cert == NULL)
 				{
 				CRYPTO_add(&s->cert->references,1,
 					CRYPTO_LOCK_SSL_CERT);
-				s->session->cert=s->cert;
+				s->session->sess_cert=s->cert;
 				}
 			}
+#endif
 
-		if (s->session->cert == NULL)
+		if (s->cert == NULL)
 			{
 			ssl2_return_error(s,SSL2_PE_NO_CERTIFICATE);
 			SSLerr(SSL_F_SERVER_HELLO,SSL_R_NO_CERTIFICATE_SPECIFIED);
@@ -669,7 +805,7 @@ SSL *s;
 		/* make and send conn_id */
 		s2n(SSL2_CONNECTION_ID_LENGTH,p);	/* add conn_id length */
 		s->s2->conn_id_length=SSL2_CONNECTION_ID_LENGTH;
-		RAND_bytes(s->s2->conn_id,(int)s->s2->conn_id_length);
+		RAND_pseudo_bytes(s->s2->conn_id,(int)s->s2->conn_id_length);
 		memcpy(d,s->s2->conn_id,SSL2_CONNECTION_ID_LENGTH);
 		d+=SSL2_CONNECTION_ID_LENGTH;
 
@@ -678,7 +814,7 @@ SSL *s;
 		s->init_off=0;
 		}
 	/* SSL2_ST_SEND_SERVER_HELLO_B */
- 	/* If we are using TCP/IP, the performace is bad if we do 2
+ 	/* If we are using TCP/IP, the performance is bad if we do 2
  	 * writes without a read between them.  This occurs when
  	 * Session-id reuse is used, so I will put in a buffering module
  	 */
@@ -690,11 +826,11 @@ SSL *s;
 	return(ssl2_do_write(s));
 	}
 
-static int get_client_finished(s)
-SSL *s;
+static int get_client_finished(SSL *s)
 	{
 	unsigned char *p;
-	int i;
+	int i, n;
+	unsigned long len;
 
 	p=(unsigned char *)s->init_buf->data;
 	if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A)
@@ -702,6 +838,7 @@ SSL *s;
 		i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
 		if (i < 1-s->init_num)
 			return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
+		s->init_num += i;
 
 		if (*p != SSL2_MT_CLIENT_FINISHED)
 			{
@@ -711,20 +848,35 @@ SSL *s;
 				SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_READ_WRONG_PACKET_TYPE);
 				}
 			else
+				{
 				SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_PEER_ERROR);
+				/* try to read the error message */
+				i=ssl2_read(s,(char *)&(p[s->init_num]),3-s->init_num);
+				return ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i);
+				}
 			return(-1);
 			}
-		s->init_num=0;
 		s->state=SSL2_ST_GET_CLIENT_FINISHED_B;
 		}
 
 	/* SSL2_ST_GET_CLIENT_FINISHED_B */
-	i=ssl2_read(s,(char *)&(p[s->init_num]),s->s2->conn_id_length-s->init_num);
-	if (i < (int)s->s2->conn_id_length-s->init_num)
+	if (s->s2->conn_id_length > sizeof s->s2->conn_id)
+		{
+		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+		SSLerr(SSL_F_GET_CLIENT_FINISHED, ERR_R_INTERNAL_ERROR);
+		return -1;
+		}
+	len = 1 + (unsigned long)s->s2->conn_id_length;
+	n = (int)len - s->init_num;
+	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
+	if (i < n)
 		{
 		return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
 		}
-	if (memcmp(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length) != 0)
+	if (s->msg_callback)
+		s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-FINISHED */
+	p += 1;
+	if (memcmp(p,s->s2->conn_id,s->s2->conn_id_length) != 0)
 		{
 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 		SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_CONNECTION_ID_IS_DIFFERENT);
@@ -733,8 +885,7 @@ SSL *s;
 	return(1);
 	}
 
-static int server_verify(s)
-SSL *s;
+static int server_verify(SSL *s)
 	{
 	unsigned char *p;
 
@@ -742,6 +893,11 @@ SSL *s;
 		{
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_SERVER_VERIFY;
+		if (s->s2->challenge_length > sizeof s->s2->challenge)
+			{
+			SSLerr(SSL_F_SERVER_VERIFY, ERR_R_INTERNAL_ERROR);
+			return -1;
+			}
 		memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
 		/* p+=s->s2->challenge_length; */
 
@@ -752,8 +908,7 @@ SSL *s;
 	return(ssl2_do_write(s));
 	}
 
-static int server_finish(s)
-SSL *s;
+static int server_finish(SSL *s)
 	{
 	unsigned char *p;
 
@@ -762,8 +917,12 @@ SSL *s;
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_SERVER_FINISHED;
 
-		memcpy(p,s->session->session_id,
-			(unsigned int)s->session->session_id_length);
+		if (s->session->session_id_length > sizeof s->session->session_id)
+			{
+			SSLerr(SSL_F_SERVER_FINISH, ERR_R_INTERNAL_ERROR);
+			return -1;
+			}
+		memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length);
 		/* p+=s->session->session_id_length; */
 
 		s->state=SSL2_ST_SEND_SERVER_FINISHED_B;
@@ -776,14 +935,14 @@ SSL *s;
 	}
 
 /* send the request and check the response */
-static int request_certificate(s)
-SSL *s;
+static int request_certificate(SSL *s)
 	{
 	unsigned char *p,*p2,*buf2;
 	unsigned char *ccd;
 	int i,j,ctype,ret= -1;
+	unsigned long len;
 	X509 *x509=NULL;
-	STACK *sk=NULL;
+	STACK_OF(X509) *sk=NULL;
 
 	ccd=s->s2->tmp.ccl;
 	if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_A)
@@ -791,7 +950,7 @@ SSL *s;
 		p=(unsigned char *)s->init_buf->data;
 		*(p++)=SSL2_MT_REQUEST_CERTIFICATE;
 		*(p++)=SSL2_AT_MD5_WITH_RSA_ENCRYPTION;
-		RAND_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
+		RAND_pseudo_bytes(ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
 		memcpy(p,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
 
 		s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_B;
@@ -815,16 +974,31 @@ SSL *s;
 	if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C)
 		{
 		p=(unsigned char *)s->init_buf->data;
-		i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num);
-		if (i < 3)
+		i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num); /* try to read 6 octets ... */
+		if (i < 3-s->init_num) /* ... but don't call ssl2_part_read now if we got at least 3
+		                        * (probably NO-CERTIFICATE-ERROR) */
 			{
 			ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
 			goto end;
 			}
+		s->init_num += i;
 
-		if ((*p == SSL2_MT_ERROR) && (i >= 3))
+		if ((s->init_num >= 3) && (p[0] == SSL2_MT_ERROR))
 			{
 			n2s(p,i);
+			if (i != SSL2_PE_NO_CERTIFICATE)
+				{
+				/* not the error message we expected -- let ssl2_part_read handle it */
+				s->init_num -= 3;
+				ret = ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE, 3);
+				goto end;
+				}
+
+			if (s->msg_callback)
+				s->msg_callback(0, s->version, 0, p, 3, s, s->msg_callback_arg); /* ERROR */
+
+			/* this is the one place where we can recover from an SSL 2.0 error */
+
 			if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
 				{
 				ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
@@ -834,12 +1008,18 @@ SSL *s;
 			ret=1;
 			goto end;
 			}
-		if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (i < 6))
+		if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (s->init_num < 6))
 			{
 			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
 			SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_SHORT_READ);
 			goto end;
 			}
+		if (s->init_num != 6)
+			{
+			SSLerr(SSL_F_REQUEST_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+			goto end;
+			}
+		
 		/* ok we have a response */
 		/* certificate type, there is only one right now. */
 		ctype= *(p++);
@@ -852,18 +1032,26 @@ SSL *s;
 		n2s(p,i); s->s2->tmp.clen=i;
 		n2s(p,i); s->s2->tmp.rlen=i;
 		s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_D;
-		s->init_num=0;
 		}
 
 	/* SSL2_ST_SEND_REQUEST_CERTIFICATE_D */
 	p=(unsigned char *)s->init_buf->data;
-	j=s->s2->tmp.clen+s->s2->tmp.rlen-s->init_num;
-	i=ssl2_read(s,(char *)&(p[s->init_num]),j);
+	len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
+	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+		{
+		SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG);
+		goto end;
+		}
+	j = (int)len - s->init_num;
+	i = ssl2_read(s,(char *)&(p[s->init_num]),j);
 	if (i < j) 
 		{
 		ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
 		goto end;
 		}
+	if (s->msg_callback)
+		s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* CLIENT-CERTIFICATE */
+	p += 6;
 
 	x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen);
 	if (x509 == NULL)
@@ -872,7 +1060,7 @@ SSL *s;
 		goto msg_end;
 		}
 
-	if (((sk=sk_new_null()) == NULL) || (!sk_push(sk,(char *)x509)))
+	if (((sk=sk_X509_new_null()) == NULL) || (!sk_X509_push(sk,x509)))
 		{
 		SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
 		goto msg_end;
@@ -885,27 +1073,29 @@ SSL *s;
 		EVP_MD_CTX ctx;
 		EVP_PKEY *pkey=NULL;
 
-		EVP_VerifyInit(&ctx,s->ctx->rsa_md5);
+		EVP_MD_CTX_init(&ctx);
+		EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL);
 		EVP_VerifyUpdate(&ctx,s->s2->key_material,
-			(unsigned int)s->s2->key_material_length);
+				 s->s2->key_material_length);
 		EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
 
-		i=i2d_X509(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
-		buf2=(unsigned char *)Malloc((unsigned int)i);
+		i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
+		buf2=OPENSSL_malloc((unsigned int)i);
 		if (buf2 == NULL)
 			{
 			SSLerr(SSL_F_REQUEST_CERTIFICATE,ERR_R_MALLOC_FAILURE);
 			goto msg_end;
 			}
 		p2=buf2;
-		i=i2d_X509(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);
+		i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);
 		EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i);
-		Free(buf2);
+		OPENSSL_free(buf2);
 
 		pkey=X509_get_pubkey(x509);
 		if (pkey == NULL) goto end;
 		i=EVP_VerifyFinal(&ctx,p,s->s2->tmp.rlen,pkey);
-		memset(&ctx,0,sizeof(ctx));
+		EVP_PKEY_free(pkey);
+		EVP_MD_CTX_cleanup(&ctx);
 
 		if (i) 
 			{
@@ -913,6 +1103,7 @@ SSL *s;
 				X509_free(s->session->peer);
 			s->session->peer=x509;
 			CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
+			s->session->verify_result = s->verify_result;
 			ret=1;
 			goto end;
 			}
@@ -928,17 +1119,13 @@ msg_end:
 		ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
 		}
 end:
-	if (sk != NULL) sk_free(sk);
-	if (x509 != NULL) X509_free(x509);
+	sk_X509_free(sk);
+	X509_free(x509);
 	return(ret);
 	}
 
-static int ssl_rsa_private_decrypt(c, len, from, to,padding)
-CERT *c;
-int len;
-unsigned char *from;
-unsigned char *to;
-int padding;
+static int ssl_rsa_private_decrypt(CERT *c, int len, unsigned char *from,
+	     unsigned char *to, int padding)
 	{
 	RSA *rsa;
 	int i;
@@ -961,4 +1148,10 @@ int padding;
 		SSLerr(SSL_F_SSL_RSA_PRIVATE_DECRYPT,ERR_R_RSA_LIB);
 	return(i);
 	}
+#else /* !OPENSSL_NO_SSL2 */
 
+# if PEDANTIC
+static void *dummy=&dummy;
+# endif
+
+#endif
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 251bcedd7d..a17b87273a 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -55,26 +55,100 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
+#include <limits.h>
+#include <string.h>
 #include <stdio.h>
-#include "buffer.h"
-#include "rand.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
 #include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
+int ssl3_do_write(SSL *s, int type)
+	{
+	int ret;
+
+	ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
+	                     s->init_num);
+	if (ret < 0) return(-1);
+	if (type == SSL3_RT_HANDSHAKE)
+		/* should not be done for 'Hello Request's, but in that case
+		 * we'll ignore the result anyway */
+		ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret);
+	
+	if (ret == s->init_num)
+		{
+		if (s->msg_callback)
+			s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
+		return(1);
+		}
+	s->init_off+=ret;
+	s->init_num-=ret;
+	return(0);
+	}
 
-#define BREAK	break
-
-/* SSL3err(SSL_F_SSL3_GET_FINISHED,SSL_R_EXCESSIVE_MESSAGE_SIZE);
- */
-
-int ssl3_send_finished(s,a,b,sender,slen)
-SSL *s;
-int a;
-int b;
-unsigned char *sender;
-int slen;
+int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
 	{
 	unsigned char *p,*d;
 	int i;
@@ -88,11 +162,13 @@ int slen;
 		i=s->method->ssl3_enc->final_finish_mac(s,
 			&(s->s3->finish_dgst1),
 			&(s->s3->finish_dgst2),
-			sender,slen,p);
+			sender,slen,s->s3->tmp.finish_md);
+		s->s3->tmp.finish_md_len = i;
+		memcpy(p, s->s3->tmp.finish_md, i);
 		p+=i;
 		l=i;
 
-#ifdef WIN16
+#ifdef OPENSSL_SYS_WIN16
 		/* MSVC 1.5 does not clear the top bytes of the word unless
 		 * I do this.
 		 */
@@ -111,17 +187,14 @@ int slen;
 	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
 	}
 
-int ssl3_get_finished(s,a,b)
-SSL *s;
-int a;
-int b;
+int ssl3_get_finished(SSL *s, int a, int b)
 	{
 	int al,i,ok;
 	long n;
 	unsigned char *p;
 
 	/* the mac has already been generated when we received the
-	 * change cipher spec message and is in s->s3->tmp.in_dgst[12]
+	 * change cipher spec message and is in s->s3->tmp.peer_finish_md
 	 */ 
 
 	n=ssl3_get_message(s,
@@ -133,7 +206,7 @@ int b;
 
 	if (!ok) return((int)n);
 
-	/* If this occurs if we has missed a message */
+	/* If this occurs, we have missed a message */
 	if (!s->s3->change_cipher_spec)
 		{
 		al=SSL_AD_UNEXPECTED_MESSAGE;
@@ -142,9 +215,8 @@ int b;
 		}
 	s->s3->change_cipher_spec=0;
 
-	p=(unsigned char *)s->init_buf->data;
-
-	i=s->method->ssl3_enc->finish_mac_length;
+	p = (unsigned char *)s->init_msg;
+	i = s->s3->tmp.peer_finish_md_len;
 
 	if (i != n)
 		{
@@ -153,7 +225,7 @@ int b;
 		goto f_err;
 		}
 
-	if (memcmp(  p,    (char *)&(s->s3->tmp.finish_md[0]),i) != 0)
+	if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
 		{
 		al=SSL_AD_DECRYPT_ERROR;
 		SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
@@ -174,9 +246,7 @@ f_err:
  * ssl->session->read_compression	assign
  * ssl->session->read_hash		assign
  */
-int ssl3_send_change_cipher_spec(s,a,b)
-SSL *s;
-int a,b;
+int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
 	{ 
 	unsigned char *p;
 
@@ -194,9 +264,7 @@ int a,b;
 	return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
 	}
 
-unsigned long ssl3_output_cert_chain(s,x)
-SSL *s;
-X509 *x;
+unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
 	{
 	unsigned char *p;
 	int n,i;
@@ -207,19 +275,23 @@ X509 *x;
 
 	/* TLSv1 sends a chain with nothing in it, instead of an alert */
 	buf=s->init_buf;
-	if (!BUF_MEM_grow(buf,(int)(10)))
+	if (!BUF_MEM_grow_clean(buf,10))
 		{
 		SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
 		return(0);
 		}
 	if (x != NULL)
 		{
-		X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL);
+		if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
+			{
+			SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
+			return(0);
+			}
 
 		for (;;)
 			{
 			n=i2d_X509(x,NULL);
-			if (!BUF_MEM_grow(buf,(int)(n+l+3)))
+			if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
 				{
 				SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
 				return(0);
@@ -243,13 +315,13 @@ X509 *x;
 		X509_STORE_CTX_cleanup(&xs_ctx);
 		}
 
-	/* Thwate special :-) */
+	/* Thawte special :-) */
 	if (s->ctx->extra_certs != NULL)
-	for (i=0; i<sk_num(s->ctx->extra_certs); i++)
+	for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
 		{
-		x=(X509 *)sk_value(s->ctx->extra_certs,i);
+		x=sk_X509_value(s->ctx->extra_certs,i);
 		n=i2d_X509(x,NULL);
-		if (!BUF_MEM_grow(buf,(int)(n+l+3)))
+		if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
 			{
 			SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
 			return(0);
@@ -271,11 +343,12 @@ X509 *x;
 	return(l);
 	}
 
-long ssl3_get_message(s,st1,stn,mt,max,ok)
-SSL *s;
-int st1,stn,mt;
-long max;
-int *ok;
+/* Obtain handshake message of message type 'mt' (any if mt == -1),
+ * maximum acceptable body length 'max'.
+ * The first four bytes (msg_type and length) are read in state 'st1',
+ * the body is read in state 'stn'.
+ */
+long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
 	{
 	unsigned char *p;
 	unsigned long l;
@@ -292,21 +365,51 @@ int *ok;
 			goto f_err;
 			}
 		*ok=1;
-		return((int)s->s3->tmp.message_size);
+		s->init_msg = s->init_buf->data + 4;
+		s->init_num = (int)s->s3->tmp.message_size;
+		return s->init_num;
 		}
 
 	p=(unsigned char *)s->init_buf->data;
 
-	if (s->state == st1)
+	if (s->state == st1) /* s->init_num < 4 */
 		{
-		i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,
-			(char *)&(p[s->init_num]),
-			4-s->init_num);
-		if (i < (4-s->init_num))
+		int skip_message;
+
+		do
 			{
-			*ok=0;
-			return(ssl3_part_read(s,i));
+			while (s->init_num < 4)
+				{
+				i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],
+					4 - s->init_num, 0);
+				if (i <= 0)
+					{
+					s->rwstate=SSL_READING;
+					*ok = 0;
+					return i;
+					}
+				s->init_num+=i;
+				}
+			
+			skip_message = 0;
+			if (!s->server)
+				if (p[0] == SSL3_MT_HELLO_REQUEST)
+					/* The server may always send 'Hello Request' messages --
+					 * we are doing a handshake anyway now, so ignore them
+					 * if their format is correct. Does not count for
+					 * 'Finished' MAC. */
+					if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
+						{
+						s->init_num = 0;
+						skip_message = 1;
+
+						if (s->msg_callback)
+							s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
+						}
 			}
+		while (skip_message);
+
+		/* s->init_num == 4 */
 
 		if ((mt >= 0) && (*p != mt))
 			{
@@ -314,6 +417,18 @@ int *ok;
 			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
 			goto f_err;
 			}
+		if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
+					(st1 == SSL3_ST_SR_CERT_A) &&
+					(stn == SSL3_ST_SR_CERT_B))
+			{
+			/* At this point we have got an MS SGC second client
+			 * hello (maybe we should always allow the client to
+			 * start a new handshake?). We need to restart the mac.
+			 * Don't increment {num,total}_renegotiations because
+			 * we have not completed the handshake. */
+			ssl3_init_finished_mac(s);
+			}
+
 		s->s3->tmp.message_type= *(p++);
 
 		n2l3(p,l);
@@ -323,7 +438,13 @@ int *ok;
 			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
 			goto f_err;
 			}
-		if (l && !BUF_MEM_grow(s->init_buf,(int)l))
+		if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
+			{
+			al=SSL_AD_ILLEGAL_PARAMETER;
+			SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
+			goto f_err;
+			}
+		if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
 			{
 			SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
 			goto err;
@@ -331,24 +452,30 @@ int *ok;
 		s->s3->tmp.message_size=l;
 		s->state=stn;
 
-		s->init_num=0;
+		s->init_msg = s->init_buf->data + 4;
+		s->init_num = 0;
 		}
 
 	/* next state (stn) */
-	p=(unsigned char *)s->init_buf->data;
-	n=s->s3->tmp.message_size;
-	if (n > 0)
+	p = s->init_msg;
+	n = s->s3->tmp.message_size - s->init_num;
+	while (n > 0)
 		{
-		i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,
-			(char *)&(p[s->init_num]),(int)n);
-		if (i != (int)n)
+		i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
+		if (i <= 0)
 			{
-			*ok=0;
-			return(ssl3_part_read(s,i));
+			s->rwstate=SSL_READING;
+			*ok = 0;
+			return i;
 			}
+		s->init_num += i;
+		n -= i;
 		}
+	ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
+	if (s->msg_callback)
+		s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
 	*ok=1;
-	return(n);
+	return s->init_num;
 f_err:
 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
 err:
@@ -356,9 +483,7 @@ err:
 	return(-1);
 	}
 
-int ssl_cert_type(x,pkey)
-X509 *x;
-EVP_PKEY *pkey;
+int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
 	{
 	EVP_PKEY *pk;
 	int ret= -1,i,j;
@@ -400,15 +525,21 @@ EVP_PKEY *pkey;
 			else ret= -1;
 			}
 		}
+#ifndef OPENSSL_NO_EC
+	else if (i == EVP_PKEY_EC)
+		{
+		ret = SSL_PKEY_ECC;
+		}
+#endif
 	else
 		ret= -1;
 
 err:
+	if(!pkey) EVP_PKEY_free(pk);
 	return(ret);
 	}
 
-int ssl_verify_alarm_type(type)
-long type;
+int ssl_verify_alarm_type(long type)
 	{
 	int al;
 
@@ -416,6 +547,7 @@ long type;
 		{
 	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
 	case X509_V_ERR_UNABLE_TO_GET_CRL:
+	case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
 		al=SSL_AD_UNKNOWN_CA;
 		break;
 	case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
@@ -427,6 +559,8 @@ long type;
 	case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
 	case X509_V_ERR_CERT_NOT_YET_VALID:
 	case X509_V_ERR_CRL_NOT_YET_VALID:
+	case X509_V_ERR_CERT_UNTRUSTED:
+	case X509_V_ERR_CERT_REJECTED:
 		al=SSL_AD_BAD_CERTIFICATE;
 		break;
 	case X509_V_ERR_CERT_SIGNATURE_FAILURE:
@@ -448,11 +582,16 @@ long type;
 	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
 	case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
 	case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+	case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+	case X509_V_ERR_INVALID_CA:
 		al=SSL_AD_UNKNOWN_CA;
 		break;
 	case X509_V_ERR_APPLICATION_VERIFICATION:
 		al=SSL_AD_HANDSHAKE_FAILURE;
 		break;
+	case X509_V_ERR_INVALID_PURPOSE:
+		al=SSL_AD_UNSUPPORTED_CERTIFICATE;
+		break;
 	default:
 		al=SSL_AD_CERTIFICATE_UNKNOWN;
 		break;
@@ -460,11 +599,11 @@ long type;
 	return(al);
 	}
 
-int ssl3_setup_buffers(s)
-SSL *s;
+int ssl3_setup_buffers(SSL *s)
 	{
 	unsigned char *p;
 	unsigned int extra;
+	size_t len;
 
 	if (s->s3->rbuf.buf == NULL)
 		{
@@ -472,18 +611,21 @@ SSL *s;
 			extra=SSL3_RT_MAX_EXTRA;
 		else
 			extra=0;
-		if ((p=(unsigned char *)Malloc(SSL3_RT_MAX_PACKET_SIZE+extra))
-			== NULL)
+		len = SSL3_RT_MAX_PACKET_SIZE + extra;
+		if ((p=OPENSSL_malloc(len)) == NULL)
 			goto err;
-		s->s3->rbuf.buf=p;
+		s->s3->rbuf.buf = p;
+		s->s3->rbuf.len = len;
 		}
 
 	if (s->s3->wbuf.buf == NULL)
 		{
-		if ((p=(unsigned char *)Malloc(SSL3_RT_MAX_PACKET_SIZE))
-			== NULL)
+		len = SSL3_RT_MAX_PACKET_SIZE;
+		len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty fragment */
+		if ((p=OPENSSL_malloc(len)) == NULL)
 			goto err;
-		s->s3->wbuf.buf=p;
+		s->s3->wbuf.buf = p;
+		s->s3->wbuf.len = len;
 		}
 	s->packet= &(s->s3->rbuf.buf[0]);
 	return(1);
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index d4ff1d99c8..aff0d9e61b 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -55,29 +55,88 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
 
 #include <stdio.h>
-#include "buffer.h"
-#include "rand.h"
-#include "objects.h"
-#include "evp.h"
 #include "ssl_locl.h"
-
-#define BREAK break
-/* SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE);
- * SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- * SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE);
- * SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
- * SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
- * SSLerr(SSL_F_SSL3_GET_SERVER_DONE,ERR_R_MALLOC_FAILURE);
-SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT);
- */
-
-#ifndef NOPROTO
+#include "kssl_lcl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+#include "cryptlib.h"
+
+static SSL_METHOD *ssl3_get_client_method(int ver);
 static int ssl3_client_hello(SSL *s);
 static int ssl3_get_server_hello(SSL *s);
 static int ssl3_get_certificate_request(SSL *s);
-static int ca_dn_cmp(X509_NAME **a,X509_NAME **b);
+static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
 static int ssl3_get_server_done(SSL *s);
 static int ssl3_send_client_verify(SSL *s);
 static int ssl3_send_client_certificate(SSL *s);
@@ -85,22 +144,13 @@ static int ssl3_send_client_key_exchange(SSL *s);
 static int ssl3_get_key_exchange(SSL *s);
 static int ssl3_get_server_certificate(SSL *s);
 static int ssl3_check_cert_and_algorithm(SSL *s);
-#else
-static int ssl3_client_hello();
-static int ssl3_get_server_hello();
-static int ssl3_get_certificate_request();
-static int ca_dn_cmp();
-static int ssl3_get_server_done();
-static int ssl3_send_client_verify();
-static int ssl3_send_client_certificate();
-static int ssl3_send_client_key_exchange();
-static int ssl3_get_key_exchange();
-static int ssl3_get_server_certificate();
-static int ssl3_check_cert_and_algorithm();
+
+#ifndef OPENSSL_NO_ECDH
+static int curve_id2nid(int curve_id);
+int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
 #endif
 
-static SSL_METHOD *ssl3_get_client_method(ver)
-int ver;
+static SSL_METHOD *ssl3_get_client_method(int ver)
 	{
 	if (ver == SSL3_VERSION)
 		return(SSLv3_client_method());
@@ -108,34 +158,39 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *SSLv3_client_method()
+SSL_METHOD *SSLv3_client_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD SSLv3_client_data;
 
 	if (init)
 		{
-		init=0;
-		memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
-			sizeof(SSL_METHOD));
-		SSLv3_client_data.ssl_connect=ssl3_connect;
-		SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+		if (init)
+			{
+			memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
+				sizeof(SSL_METHOD));
+			SSLv3_client_data.ssl_connect=ssl3_connect;
+			SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
+			init=0;
+			}
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv3_client_data);
 	}
 
-int ssl3_connect(s)
-SSL *s;
+int ssl3_connect(SSL *s)
 	{
 	BUF_MEM *buf;
 	unsigned long Time=time(NULL),l;
 	long num1;
-	void (*cb)()=NULL;
+	void (*cb)(const SSL *ssl,int type,int val)=NULL;
 	int ret= -1;
-	BIO *under;
 	int new_state,state,skip=0;;
 
-	RAND_seed((unsigned char *)&Time,sizeof(Time));
+	RAND_add(&Time,sizeof(Time),0);
 	ERR_clear_error();
 	clear_sys_error();
 
@@ -144,8 +199,8 @@ SSL *s;
 	else if (s->ctx->info_callback != NULL)
 		cb=s->ctx->info_callback;
 	
-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
 	s->in_handshake++;
+	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
 
 	for (;;)
 		{
@@ -156,17 +211,23 @@ SSL *s;
 		case SSL_ST_RENEGOTIATE:
 			s->new_session=1;
 			s->state=SSL_ST_CONNECT;
-			s->ctx->sess_connect_renegotiate++;
+			s->ctx->stats.sess_connect_renegotiate++;
 			/* break */
 		case SSL_ST_BEFORE:
 		case SSL_ST_CONNECT:
 		case SSL_ST_BEFORE|SSL_ST_CONNECT:
 		case SSL_ST_OK|SSL_ST_CONNECT:
 
+			s->server=0;
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
 			if ((s->version & 0xff00 ) != 0x0300)
-				abort();
+				{
+				SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR);
+				ret = -1;
+				goto end;
+				}
+				
 			/* s->version=SSL3_VERSION; */
 			s->type=SSL_ST_CONNECT;
 
@@ -195,7 +256,7 @@ SSL *s;
 			ssl3_init_finished_mac(s);
 
 			s->state=SSL3_ST_CW_CLNT_HELLO_A;
-			s->ctx->sess_connect++;
+			s->ctx->stats.sess_connect++;
 			s->init_num=0;
 			break;
 
@@ -227,7 +288,7 @@ SSL *s;
 
 		case SSL3_ST_CR_CERT_A:
 		case SSL3_ST_CR_CERT_B:
-			/* Check if it is anon DH */
+			/* Check if it is anon DH/ECDH */
 			if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
 				{
 				ret=ssl3_get_server_certificate(s);
@@ -278,6 +339,7 @@ SSL *s;
 		case SSL3_ST_CW_CERT_A:
 		case SSL3_ST_CW_CERT_B:
 		case SSL3_ST_CW_CERT_C:
+		case SSL3_ST_CW_CERT_D:
 			ret=ssl3_send_client_certificate(s);
 			if (ret <= 0) goto end;
 			s->state=SSL3_ST_CW_KEY_EXCH_A;
@@ -293,6 +355,13 @@ SSL *s;
 			 * sent back */
 			/* For TLS, cert_req is set to 2, so a cert chain
 			 * of nothing is sent, but no verify packet is sent */
+			/* XXX: For now, we do not support client 
+			 * authentication in ECDH cipher suites with
+			 * ECDH (rather than ECDSA) certificates.
+			 * We need to skip the certificate verify 
+			 * message when client's ECDH public key is sent 
+			 * inside the client certificate.
+			 */
 			if (s->s3->tmp.cert_req == 1)
 				{
 				s->state=SSL3_ST_CW_CERT_VRFY_A;
@@ -324,6 +393,11 @@ SSL *s;
 			s->init_num=0;
 
 			s->session->cipher=s->s3->tmp.new_cipher;
+			if (s->s3->tmp.new_compression == NULL)
+				s->session->compress_meth=0;
+			else
+				s->session->compress_meth=
+					s->s3->tmp.new_compression->id;
 			if (!s->method->ssl3_enc->setup_key_block(s))
 				{
 				ret= -1;
@@ -343,8 +417,8 @@ SSL *s;
 		case SSL3_ST_CW_FINISHED_B:
 			ret=ssl3_send_finished(s,
 				SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B,
-				s->method->ssl3_enc->client_finished,
-				s->method->ssl3_enc->client_finished_len);
+				s->method->ssl3_enc->client_finished_label,
+				s->method->ssl3_enc->client_finished_label_len);
 			if (ret <= 0) goto end;
 			s->state=SSL3_ST_CW_FLUSH;
 
@@ -399,33 +473,28 @@ SSL *s;
 			/* clean a few things up */
 			ssl3_cleanup_key_block(s);
 
-			BUF_MEM_free(s->init_buf);
-			s->init_buf=NULL;
-
-			if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
+			if (s->init_buf != NULL)
 				{
-				/* remove buffering */
-				under=BIO_pop(s->wbio);
-				if (under != NULL)
-					s->wbio=under;
-				else
-					abort(); /* ok */
-
-				BIO_free(s->bbio);
-				s->bbio=NULL;
+				BUF_MEM_free(s->init_buf);
+				s->init_buf=NULL;
 				}
-			/* else do it later */
+
+			/* If we are not 'joining' the last two packets,
+			 * remove the buffering now */
+			if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER))
+				ssl_free_wbio_buffer(s);
+			/* else do it later in ssl3_write */
 
 			s->init_num=0;
 			s->new_session=0;
 
 			ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
-			if (s->hit) s->ctx->sess_hit++;
+			if (s->hit) s->ctx->stats.sess_hit++;
 
 			ret=1;
 			/* s->server=0; */
 			s->handshake_func=ssl3_connect;
-			s->ctx->sess_connect_good++;
+			s->ctx->stats.sess_connect_good++;
 
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
 
@@ -459,20 +528,20 @@ SSL *s;
 		skip=0;
 		}
 end:
+	s->in_handshake--;
 	if (cb != NULL)
 		cb(s,SSL_CB_CONNECT_EXIT,ret);
-	s->in_handshake--;
 	return(ret);
 	}
 
 
-static int ssl3_client_hello(s)
-SSL *s;
+static int ssl3_client_hello(SSL *s)
 	{
 	unsigned char *buf;
 	unsigned char *p,*d;
-	int i;
+	int i,j;
 	unsigned long Time,l;
+	SSL_COMP *comp;
 
 	buf=(unsigned char *)s->init_buf->data;
 	if (s->state == SSL3_ST_CW_CLNT_HELLO_A)
@@ -489,13 +558,14 @@ SSL *s;
 		p=s->s3->client_random;
 		Time=time(NULL);			/* Time */
 		l2n(Time,p);
-		RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
 
 		/* Do the message type and length last */
 		d=p= &(buf[4]);
 
 		*(p++)=s->version>>8;
 		*(p++)=s->version&0xff;
+		s->client_version=s->version;
 
 		/* Random stuff */
 		memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
@@ -509,6 +579,11 @@ SSL *s;
 		*(p++)=i;
 		if (i != 0)
 			{
+			if (i > sizeof s->session->session_id)
+				{
+				SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+				goto err;
+				}
 			memcpy(p,s->session->session_id,i);
 			p+=i;
 			}
@@ -523,10 +598,18 @@ SSL *s;
 		s2n(i,p);
 		p+=i;
 
-		/* hardwire in the NULL compression algorithm. */
 		/* COMPRESSION */
-		*(p++)=1;
-		*(p++)=0;
+		if (s->ctx->comp_methods == NULL)
+			j=0;
+		else
+			j=sk_SSL_COMP_num(s->ctx->comp_methods);
+		*(p++)=1+j;
+		for (i=0; i<j; i++)
+			{
+			comp=sk_SSL_COMP_value(s->ctx->comp_methods,i);
+			*(p++)=comp->id;
+			}
+		*(p++)=0; /* Add the NULL method */
 		
 		l=(p-d);
 		d=buf;
@@ -545,15 +628,15 @@ err:
 	return(-1);
 	}
 
-static int ssl3_get_server_hello(s)
-SSL *s;
+static int ssl3_get_server_hello(SSL *s)
 	{
-	STACK *sk;
+	STACK_OF(SSL_CIPHER) *sk;
 	SSL_CIPHER *c;
 	unsigned char *p,*d;
 	int i,al,ok;
 	unsigned int j;
 	long n;
+	SSL_COMP *comp;
 
 	n=ssl3_get_message(s,
 		SSL3_ST_CR_SRVR_HELLO_A,
@@ -563,7 +646,7 @@ SSL *s;
 		&ok);
 
 	if (!ok) return((int)n);
-	d=p=(unsigned char *)s->init_buf->data;
+	d=p=(unsigned char *)s->init_msg;
 
 	if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff)))
 		{
@@ -582,19 +665,26 @@ SSL *s;
 	/* get the session-id */
 	j= *(p++);
 
-	if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
+	if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE))
 		{
-		/* SSLref returns 16 :-( */
-		if (j < SSL2_SSL_SESSION_ID_LENGTH)
-			{
-			al=SSL_AD_ILLEGAL_PARAMETER;
-			SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT);
-			goto f_err;
-			}
+		al=SSL_AD_ILLEGAL_PARAMETER;
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
+		goto f_err;
 		}
-	if ((j != 0) && (j == s->session->session_id_length) &&
-		(memcmp(p,s->session->session_id,j) == 0))
-		s->hit=1;
+
+	if (j != 0 && j == s->session->session_id_length
+	    && memcmp(p,s->session->session_id,j) == 0)
+	    {
+	    if(s->sid_ctx_length != s->session->sid_ctx_length
+	       || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
+		{
+		/* actually a client application bug */
+		al=SSL_AD_ILLEGAL_PARAMETER;
+		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+		goto f_err;
+		}
+	    s->hit=1;
+	    }
 	else	/* a miss or crap from the other end */
 		{
 		/* If we were trying for session-id reuse, make a new
@@ -623,7 +713,7 @@ SSL *s;
 	p+=ssl_put_cipher_by_char(s,NULL,NULL);
 
 	sk=ssl_get_ciphers_by_id(s);
-	i=sk_find(sk,(char *)c);
+	i=sk_SSL_CIPHER_find(sk,c);
 	if (i < 0)
 		{
 		/* we did not say we would use this cipher */
@@ -632,7 +722,12 @@ SSL *s;
 		goto f_err;
 		}
 
-	if (s->hit && (s->session->cipher != c))
+	/* Depending on the session caching (internal/external), the cipher
+	   and/or cipher_id values may not be set. Make sure that
+	   cipher_id is set and use it for comparison. */
+	if (s->session->cipher)
+		s->session->cipher_id = s->session->cipher->id;
+	if (s->hit && (s->session->cipher_id != c->id))
 		{
 		if (!(s->options &
 			SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
@@ -647,12 +742,21 @@ SSL *s;
 	/* lets get the compression algorithm */
 	/* COMPRESSION */
 	j= *(p++);
-	if (j != 0)
+	if (j == 0)
+		comp=NULL;
+	else
+		comp=ssl3_comp_find(s->ctx->comp_methods,j);
+	
+	if ((j != 0) && (comp == NULL))
 		{
 		al=SSL_AD_ILLEGAL_PARAMETER;
 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
 		goto f_err;
 		}
+	else
+		{
+		s->s3->tmp.new_compression=comp;
+		}
 
 	if (p != (d+n))
 		{
@@ -669,26 +773,22 @@ err:
 	return(-1);
 	}
 
-static int ssl3_get_server_certificate(s)
-SSL *s;
+static int ssl3_get_server_certificate(SSL *s)
 	{
 	int al,i,ok,ret= -1;
 	unsigned long n,nc,llen,l;
 	X509 *x=NULL;
 	unsigned char *p,*d,*q;
-	STACK *sk=NULL;
-	CERT *c;
+	STACK_OF(X509) *sk=NULL;
+	SESS_CERT *sc;
 	EVP_PKEY *pkey=NULL;
+        int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */
 
 	n=ssl3_get_message(s,
 		SSL3_ST_CR_CERT_A,
 		SSL3_ST_CR_CERT_B,
 		-1,
-#if defined(MSDOS) && !defined(WIN32)
-		1024*30, /* 30k max cert list :-) */
-#else
-		1024*100, /* 100k max cert list :-) */
-#endif
+		s->max_cert_list,
 		&ok);
 
 	if (!ok) return((int)n);
@@ -705,9 +805,9 @@ SSL *s;
 		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE);
 		goto f_err;
 		}
-	d=p=(unsigned char *)s->init_buf->data;
+	d=p=(unsigned char *)s->init_msg;
 
-	if ((sk=sk_new_null()) == NULL)
+	if ((sk=sk_X509_new_null()) == NULL)
 		{
 		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
 		goto err;
@@ -744,7 +844,7 @@ SSL *s;
 			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
 			goto f_err;
 			}
-		if (!sk_push(sk,(char *)x))
+		if (!sk_X509_push(sk,x))
 			{
 			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE);
 			goto err;
@@ -755,53 +855,91 @@ SSL *s;
 		}
 
 	i=ssl_verify_cert_chain(s,sk);
-        if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
+	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
+#ifndef OPENSSL_NO_KRB5
+                && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
+                != (SSL_aKRB5|SSL_kKRB5)
+#endif /* OPENSSL_NO_KRB5 */
+                )
 		{
 		al=ssl_verify_alarm_type(s->verify_result);
 		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
 		goto f_err; 
 		}
+	ERR_clear_error(); /* but we keep s->verify_result */
 
-	c=ssl_cert_new();
-	if (c == NULL) goto err;
+	sc=ssl_sess_cert_new();
+	if (sc == NULL) goto err;
 
-	if (s->session->cert) ssl_cert_free(s->session->cert);
-	s->session->cert=c;
+	if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert);
+	s->session->sess_cert=sc;
 
-	c->cert_chain=sk;
-	x=(X509 *)sk_value(sk,0);
+	sc->cert_chain=sk;
+	/* Inconsistency alert: cert_chain does include the peer's
+	 * certificate, which we don't include in s3_srvr.c */
+	x=sk_X509_value(sk,0);
 	sk=NULL;
+ 	/* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/
 
 	pkey=X509_get_pubkey(x);
 
-	if ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))
+        /* VRS: allow null cert if auth == KRB5 */
+        need_cert =	((s->s3->tmp.new_cipher->algorithms
+			& (SSL_MKEY_MASK|SSL_AUTH_MASK))
+                        == (SSL_aKRB5|SSL_kKRB5))? 0: 1;
+
+#ifdef KSSL_DEBUG
+	printf("pkey,x = %p, %p\n", pkey,x);
+	printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey));
+	printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name,
+                s->s3->tmp.new_cipher->algorithms, need_cert);
+#endif    /* KSSL_DEBUG */
+
+	if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey)))
 		{
 		x=NULL;
 		al=SSL3_AL_FATAL;
-		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
+		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
+			SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
 		goto f_err;
 		}
 
 	i=ssl_cert_type(x,pkey);
-	if (i < 0)
+	if (need_cert && i < 0)
 		{
 		x=NULL;
 		al=SSL3_AL_FATAL;
-		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+		SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,
+			SSL_R_UNKNOWN_CERTIFICATE_TYPE);
 		goto f_err;
 		}
 
-	c->cert_type=i;
-	CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
-	if (c->pkeys[i].x509 != NULL)
-		X509_free(c->pkeys[i].x509);
-	c->pkeys[i].x509=x;
-	c->key= &(c->pkeys[i]);
-
-	if ((s->session != NULL) && (s->session->peer != NULL)) 
-		X509_free(s->session->peer);
-	CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
-	s->session->peer=x;
+        if (need_cert)
+                {
+                sc->peer_cert_type=i;
+                CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
+                /* Why would the following ever happen?
+                 * We just created sc a couple of lines ago. */
+                if (sc->peer_pkeys[i].x509 != NULL)
+                        X509_free(sc->peer_pkeys[i].x509);
+                sc->peer_pkeys[i].x509=x;
+                sc->peer_key= &(sc->peer_pkeys[i]);
+
+                if (s->session->peer != NULL)
+                        X509_free(s->session->peer);
+                CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509);
+                s->session->peer=x;
+                }
+        else
+                {
+                sc->peer_cert_type=i;
+                sc->peer_key= NULL;
+
+                if (s->session->peer != NULL)
+                        X509_free(s->session->peer);
+                s->session->peer=NULL;
+                }
+	s->session->verify_result = s->verify_result;
 
 	x=NULL;
 	ret=1;
@@ -812,15 +950,15 @@ f_err:
 		ssl3_send_alert(s,SSL3_AL_FATAL,al);
 		}
 err:
-	if (x != NULL) X509_free(x);
-	if (sk != NULL) sk_pop_free(sk,X509_free);
+	EVP_PKEY_free(pkey);
+	X509_free(x);
+	sk_X509_pop_free(sk,X509_free);
 	return(ret);
 	}
 
-static int ssl3_get_key_exchange(s)
-SSL *s;
+static int ssl3_get_key_exchange(SSL *s)
 	{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2];
 #endif
 	EVP_MD_CTX md_ctx;
@@ -828,16 +966,27 @@ SSL *s;
 	int al,i,j,param_len,ok;
 	long n,alg;
 	EVP_PKEY *pkey=NULL;
+#ifndef OPENSSL_NO_RSA
 	RSA *rsa=NULL;
-#ifndef NO_DH
+#endif
+#ifndef OPENSSL_NO_DH
 	DH *dh=NULL;
 #endif
+#ifndef OPENSSL_NO_ECDH
+	EC_KEY *ecdh = NULL;
+	BN_CTX *bn_ctx = NULL;
+	EC_POINT *srvr_ecpoint = NULL;
+	int curve_nid = 0;
+	int encoded_pt_len = 0;
+#endif
 
+	/* use same message size as in ssl3_get_certificate_request()
+	 * as ServerKeyExchange message may be skipped */
 	n=ssl3_get_message(s,
 		SSL3_ST_CR_KEY_EXCH_A,
 		SSL3_ST_CR_KEY_EXCH_B,
 		-1,
-		1024*8, /* ?? */
+		s->max_cert_list,
 		&ok);
 
 	if (!ok) return((int)n);
@@ -848,34 +997,42 @@ SSL *s;
 		return(1);
 		}
 
-	param=p=(unsigned char *)s->init_buf->data;
+	param=p=(unsigned char *)s->init_msg;
 
-	if (s->session->cert != NULL)
+	if (s->session->sess_cert != NULL)
 		{
-#ifndef NO_RSA
-		if (s->session->cert->rsa_tmp != NULL)
+#ifndef OPENSSL_NO_RSA
+		if (s->session->sess_cert->peer_rsa_tmp != NULL)
 			{
-			RSA_free(s->session->cert->rsa_tmp);
-			s->session->cert->rsa_tmp=NULL;
+			RSA_free(s->session->sess_cert->peer_rsa_tmp);
+			s->session->sess_cert->peer_rsa_tmp=NULL;
 			}
 #endif
-#ifndef NO_DH
-		if (s->session->cert->dh_tmp)
+#ifndef OPENSSL_NO_DH
+		if (s->session->sess_cert->peer_dh_tmp)
 			{
-			DH_free(s->session->cert->dh_tmp);
-			s->session->cert->dh_tmp=NULL;
+			DH_free(s->session->sess_cert->peer_dh_tmp);
+			s->session->sess_cert->peer_dh_tmp=NULL;
+			}
+#endif
+#ifndef OPENSSL_NO_ECDH
+		if (s->session->sess_cert->peer_ecdh_tmp)
+			{
+			EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp);
+			s->session->sess_cert->peer_ecdh_tmp=NULL;
 			}
 #endif
 		}
 	else
 		{
-		s->session->cert=ssl_cert_new();
+		s->session->sess_cert=ssl_sess_cert_new();
 		}
 
 	param_len=0;
 	alg=s->s3->tmp.new_cipher->algorithms;
+	EVP_MD_CTX_init(&md_ctx);
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (alg & SSL_kRSA)
 		{
 		if ((rsa=RSA_new()) == NULL)
@@ -914,21 +1071,23 @@ SSL *s;
 		p+=i;
 		n-=param_len;
 
-/*		s->session->cert->rsa_tmp=rsa;*/
 		/* this should be because we are using an export cipher */
 		if (alg & SSL_aRSA)
-			pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509);
+			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
 		else
 			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
 			goto err;
 			}
-		s->session->cert->rsa_tmp=rsa;
+		s->session->sess_cert->peer_rsa_tmp=rsa;
+		rsa=NULL;
 		}
-	else
+#else /* OPENSSL_NO_RSA */
+	if (0)
+		;
 #endif
-#ifndef NO_DH
-		if (alg & SSL_kEDH)
+#ifndef OPENSSL_NO_DH
+	else if (alg & SSL_kEDH)
 		{
 		if ((dh=DH_new()) == NULL)
 			{
@@ -981,18 +1140,21 @@ SSL *s;
 		p+=i;
 		n-=param_len;
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		if (alg & SSL_aRSA)
-			pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509);
-		else
+			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+#else
+		if (0)
+			;
 #endif
-#ifndef NO_DSA
-		if (alg & SSL_aDSS)
-			pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_DSA_SIGN].x509);
+#ifndef OPENSSL_NO_DSA
+		else if (alg & SSL_aDSS)
+			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
 #endif
 		/* else anonymous DH, so no certificate or pkey. */
 
-		s->session->cert->dh_tmp=dh;
+		s->session->sess_cert->peer_dh_tmp=dh;
+		dh=NULL;
 		}
 	else if ((alg & SSL_kDHr) || (alg & SSL_kDHd))
 		{
@@ -1000,7 +1162,102 @@ SSL *s;
 		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
 		goto f_err;
 		}
+#endif /* !OPENSSL_NO_DH */
+
+#ifndef OPENSSL_NO_ECDH
+	else if (alg & SSL_kECDHE)
+		{
+		if ((ecdh=EC_KEY_new()) == NULL)
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+
+		/* Extract elliptic curve parameters and the
+		 * server's ephemeral ECDH public key.
+		 * Keep accumulating lengths of various components in
+		 * param_len and make sure it never exceeds n.
+		 */
+
+		/* XXX: For now we only support named (not generic) curves
+		 * and the ECParameters in this case is just two bytes.
+		 */
+		param_len=2;
+		if ((param_len > n) ||
+		    (*p != NAMED_CURVE_TYPE) || 
+		    ((curve_nid = curve_id2nid(*(p + 1))) == 0)) 
+			{
+			al=SSL_AD_INTERNAL_ERROR;
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
+			goto f_err;
+			}
+
+		if (!(ecdh->group=EC_GROUP_new_by_nid(curve_nid)))
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_EC_LIB);
+			goto err;
+			}
+
+		if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
+		    (EC_GROUP_get_degree(ecdh->group) > 163))
+			{
+			al=SSL_AD_EXPORT_RESTRICTION;
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
+			goto f_err;
+			}
+
+		p+=2;
+
+		/* Next, get the encoded ECPoint */
+		if (((srvr_ecpoint = EC_POINT_new(ecdh->group)) == NULL) ||
+		    ((bn_ctx = BN_CTX_new()) == NULL))
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+
+		encoded_pt_len = *p;  /* length of encoded point */
+		p+=1;
+		param_len += (1 + encoded_pt_len);
+		if ((param_len > n) ||
+		    (EC_POINT_oct2point(ecdh->group, srvr_ecpoint, 
+			p, encoded_pt_len, bn_ctx) == 0))
+			{
+			al=SSL_AD_DECODE_ERROR;
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_ECPOINT);
+			goto f_err;
+			}
+
+		n-=param_len;
+		p+=encoded_pt_len;
+
+		/* The ECC/TLS specification does not mention
+		 * the use of DSA to sign ECParameters in the server
+		 * key exchange message. We do support RSA and ECDSA.
+		 */
+		if (0) ;
+#ifndef OPENSSL_NO_RSA
+		else if (alg & SSL_aRSA)
+			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
 #endif
+#ifndef OPENSSL_NO_ECDSA
+		else if (alg & SSL_aECDSA)
+			pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
+#endif
+		/* else anonymous ECDH, so no certificate or pkey. */
+		ecdh->pub_key = srvr_ecpoint;
+		s->session->sess_cert->peer_ecdh_tmp=ecdh;
+		ecdh=NULL;
+		BN_CTX_free(bn_ctx);
+		srvr_ecpoint = NULL;
+		}
+	else if (alg & SSL_kECDH)
+		{
+		al=SSL_AD_UNEXPECTED_MESSAGE;
+		SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+		goto f_err;
+		}
+#endif /* !OPENSSL_NO_ECDH */
 	if (alg & SSL_aFZA)
 		{
 		al=SSL_AD_HANDSHAKE_FAILURE;
@@ -1011,7 +1268,6 @@ SSL *s;
 
 	/* p points to the next byte, there are 'n' bytes left */
 
-
 	/* if it was signed, check the signature */
 	if (pkey != NULL)
 		{
@@ -1027,7 +1283,7 @@ SSL *s;
 			goto f_err;
 			}
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		if (pkey->type == EVP_PKEY_RSA)
 			{
 			int num;
@@ -1036,24 +1292,24 @@ SSL *s;
 			q=md_buf;
 			for (num=2; num > 0; num--)
 				{
-				EVP_DigestInit(&md_ctx,(num == 2)
-					?s->ctx->md5:s->ctx->sha1);
+				EVP_DigestInit_ex(&md_ctx,(num == 2)
+					?s->ctx->md5:s->ctx->sha1, NULL);
 				EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 				EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 				EVP_DigestUpdate(&md_ctx,param,param_len);
-				EVP_DigestFinal(&md_ctx,q,(unsigned int *)&i);
+				EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i);
 				q+=i;
 				j+=i;
 				}
-			i=RSA_public_decrypt((int)n,p,p,pkey->pkey.rsa,
-				RSA_PKCS1_PADDING);
-			if (i <= 0)
+			i=RSA_verify(NID_md5_sha1, md_buf, j, p, n,
+								pkey->pkey.rsa);
+			if (i < 0)
 				{
 				al=SSL_AD_DECRYPT_ERROR;
 				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
 				goto f_err;
 				}
-			if ((j != i) || (memcmp(p,md_buf,i) != 0))
+			if (i == 0)
 				{
 				/* bad signature */
 				al=SSL_AD_DECRYPT_ERROR;
@@ -1063,11 +1319,11 @@ SSL *s;
 			}
 		else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 			if (pkey->type == EVP_PKEY_DSA)
 			{
 			/* lets do DSS */
-			EVP_VerifyInit(&md_ctx,EVP_dss1());
+			EVP_VerifyInit_ex(&md_ctx,EVP_dss1(), NULL);
 			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 			EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 			EVP_VerifyUpdate(&md_ctx,param,param_len);
@@ -1081,8 +1337,26 @@ SSL *s;
 			}
 		else
 #endif
+#ifndef OPENSSL_NO_ECDSA
+			if (pkey->type == EVP_PKEY_EC)
 			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
+			/* let's do ECDSA */
+			EVP_VerifyInit_ex(&md_ctx,EVP_ecdsa(), NULL);
+			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+			EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+			EVP_VerifyUpdate(&md_ctx,param,param_len);
+			if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
+				{
+				/* bad signature */
+				al=SSL_AD_DECRYPT_ERROR;
+				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
+				goto f_err;
+				}
+			}
+		else
+#endif
+			{
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
 			goto err;
 			}
 		}
@@ -1091,7 +1365,7 @@ SSL *s;
 		/* still data left over */
 		if (!(alg & SSL_aNULL))
 			{
-			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
+			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
 			goto err;
 			}
 		if (n != 0)
@@ -1101,33 +1375,45 @@ SSL *s;
 			goto f_err;
 			}
 		}
-
+	EVP_PKEY_free(pkey);
+	EVP_MD_CTX_cleanup(&md_ctx);
 	return(1);
 f_err:
 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
 err:
+	EVP_PKEY_free(pkey);
+#ifndef OPENSSL_NO_RSA
+	if (rsa != NULL)
+		RSA_free(rsa);
+#endif
+#ifndef OPENSSL_NO_DH
+	if (dh != NULL)
+		DH_free(dh);
+#endif
+#ifndef OPENSSL_NO_ECDH
+	BN_CTX_free(bn_ctx);
+	EC_POINT_free(srvr_ecpoint);
+	if (ecdh != NULL)
+		EC_KEY_free(ecdh);
+#endif
+	EVP_MD_CTX_cleanup(&md_ctx);
 	return(-1);
 	}
 
-static int ssl3_get_certificate_request(s)
-SSL *s;
+static int ssl3_get_certificate_request(SSL *s)
 	{
 	int ok,ret=0;
 	unsigned long n,nc,l;
 	unsigned int llen,ctype_num,i;
 	X509_NAME *xn=NULL;
 	unsigned char *p,*d,*q;
-	STACK *ca_sk=NULL;
+	STACK_OF(X509_NAME) *ca_sk=NULL;
 
 	n=ssl3_get_message(s,
 		SSL3_ST_CR_CERT_REQ_A,
 		SSL3_ST_CR_CERT_REQ_B,
 		-1,
-#if defined(MSDOS) && !defined(WIN32)
-		1024*30,  /* 30k max cert list :-) */
-#else
-		1024*100, /* 100k max cert list :-) */
-#endif
+		s->max_cert_list,
 		&ok);
 
 	if (!ok) return((int)n);
@@ -1159,9 +1445,9 @@ SSL *s;
 			}
 		}
 
-	d=p=(unsigned char *)s->init_buf->data;
+	d=p=(unsigned char *)s->init_msg;
 
-	if ((ca_sk=sk_new(ca_dn_cmp)) == NULL)
+	if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL)
 		{
 		SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
 		goto err;
@@ -1209,7 +1495,7 @@ fclose(out);
 
 		if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
 			{
-			/* If netscape tollerance is on, ignore errors */
+			/* If netscape tolerance is on, ignore errors */
 			if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
 				goto cont;
 			else
@@ -1226,7 +1512,7 @@ fclose(out);
 			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH);
 			goto err;
 			}
-		if (!sk_push(ca_sk,(char *)xn))
+		if (!sk_X509_NAME_push(ca_sk,xn))
 			{
 			SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE);
 			goto err;
@@ -1242,28 +1528,26 @@ cont:
 		ERR_clear_error();
 		}
 
-	/* we should setup a certficate to return.... */
+	/* we should setup a certificate to return.... */
 	s->s3->tmp.cert_req=1;
 	s->s3->tmp.ctype_num=ctype_num;
 	if (s->s3->tmp.ca_names != NULL)
-		sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
 	s->s3->tmp.ca_names=ca_sk;
 	ca_sk=NULL;
 
 	ret=1;
 err:
-	if (ca_sk != NULL) sk_pop_free(ca_sk,X509_NAME_free);
+	if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free);
 	return(ret);
 	}
 
-static int ca_dn_cmp(a,b)
-X509_NAME **a,**b;
+static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
 	{
 	return(X509_NAME_cmp(*a,*b));
 	}
 
-static int ssl3_get_server_done(s)
-SSL *s;
+static int ssl3_get_server_done(SSL *s)
 	{
 	int ok,ret=0;
 	long n;
@@ -1281,18 +1565,32 @@ SSL *s;
 		/* should contain no data */
 		ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
 		SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH);
+		return -1;
 		}
 	ret=1;
 	return(ret);
 	}
 
-static int ssl3_send_client_key_exchange(s)
-SSL *s;
+static int ssl3_send_client_key_exchange(SSL *s)
 	{
-	unsigned char *p,*q,*d;
+	unsigned char *p,*d;
 	int n;
 	unsigned long l;
+#ifndef OPENSSL_NO_RSA
+	unsigned char *q;
 	EVP_PKEY *pkey=NULL;
+#endif
+#ifndef OPENSSL_NO_KRB5
+        KSSL_ERR kssl_err;
+#endif /* OPENSSL_NO_KRB5 */
+#ifndef OPENSSL_NO_ECDH
+	EC_KEY *clnt_ecdh = NULL;
+	EC_POINT *srvr_ecpoint = NULL;
+	EVP_PKEY *srvr_pub_pkey = NULL;
+	unsigned char *encodedPoint = NULL;
+	int encoded_pt_len = 0;
+	BN_CTX * bn_ctx = NULL;
+#endif
 
 	if (s->state == SSL3_ST_CW_KEY_EXCH_A)
 		{
@@ -1301,38 +1599,42 @@ SSL *s;
 
 		l=s->s3->tmp.new_cipher->algorithms;
 
-#ifndef NO_RSA
-		if (l & SSL_kRSA)
+                /* Fool emacs indentation */
+                if (0) {}
+#ifndef OPENSSL_NO_RSA
+		else if (l & SSL_kRSA)
 			{
 			RSA *rsa;
 			unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
 
-			if (s->session->cert->rsa_tmp != NULL)
-				rsa=s->session->cert->rsa_tmp;
+			if (s->session->sess_cert->peer_rsa_tmp != NULL)
+				rsa=s->session->sess_cert->peer_rsa_tmp;
 			else
 				{
-				pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509);
+				pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
 				if ((pkey == NULL) ||
 					(pkey->type != EVP_PKEY_RSA) ||
 					(pkey->pkey.rsa == NULL))
 					{
-					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
+					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
 					goto err;
 					}
 				rsa=pkey->pkey.rsa;
+				EVP_PKEY_free(pkey);
 				}
 				
-			tmp_buf[0]=s->version>>8;
-			tmp_buf[1]=s->version&0xff;
-			RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
+			tmp_buf[0]=s->client_version>>8;
+			tmp_buf[1]=s->client_version&0xff;
+			if (RAND_bytes(&(tmp_buf[2]),sizeof tmp_buf-2) <= 0)
+					goto err;
 
-			s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH;
+			s->session->master_key_length=sizeof tmp_buf;
 
 			q=p;
 			/* Fix buf for TLS and beyond */
 			if (s->version > SSL3_VERSION)
 				p+=2;
-			n=RSA_public_encrypt(SSL_MAX_MASTER_KEY_LENGTH,
+			n=RSA_public_encrypt(sizeof tmp_buf,
 				tmp_buf,p,rsa,RSA_PKCS1_PADDING);
 #ifdef PKCS1_CHECK
 			if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++;
@@ -1354,18 +1656,149 @@ SSL *s;
 			s->session->master_key_length=
 				s->method->ssl3_enc->generate_master_secret(s,
 					s->session->master_key,
-					tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
-			memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH);
+					tmp_buf,sizeof tmp_buf);
+			OPENSSL_cleanse(tmp_buf,sizeof tmp_buf);
 			}
-		else
 #endif
-#ifndef NO_DH
-		if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+#ifndef OPENSSL_NO_KRB5
+		else if (l & SSL_kKRB5)
+                        {
+                        krb5_error_code	krb5rc;
+                        KSSL_CTX	*kssl_ctx = s->kssl_ctx;
+                        /*  krb5_data	krb5_ap_req;  */
+                        krb5_data	*enc_ticket;
+                        krb5_data	authenticator, *authp = NULL;
+			EVP_CIPHER_CTX	ciph_ctx;
+			EVP_CIPHER	*enc = NULL;
+			unsigned char	iv[EVP_MAX_IV_LENGTH];
+			unsigned char	tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];
+			unsigned char	epms[SSL_MAX_MASTER_KEY_LENGTH 
+						+ EVP_MAX_IV_LENGTH];
+			int 		padl, outl = sizeof(epms);
+
+			EVP_CIPHER_CTX_init(&ciph_ctx);
+
+#ifdef KSSL_DEBUG
+                        printf("ssl3_send_client_key_exchange(%lx & %lx)\n",
+                                l, SSL_kKRB5);
+#endif	/* KSSL_DEBUG */
+
+			authp = NULL;
+#ifdef KRB5SENDAUTH
+			if (KRB5SENDAUTH)  authp = &authenticator;
+#endif	/* KRB5SENDAUTH */
+
+                        krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp,
+				&kssl_err);
+			enc = kssl_map_enc(kssl_ctx->enctype);
+                        if (enc == NULL)
+                            goto err;
+#ifdef KSSL_DEBUG
+                        {
+                        printf("kssl_cget_tkt rtn %d\n", krb5rc);
+                        if (krb5rc && kssl_err.text)
+			  printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text);
+                        }
+#endif	/* KSSL_DEBUG */
+
+                        if (krb5rc)
+                                {
+                                ssl3_send_alert(s,SSL3_AL_FATAL,
+						SSL_AD_HANDSHAKE_FAILURE);
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+						kssl_err.reason);
+                                goto err;
+                                }
+
+			/*  20010406 VRS - Earlier versions used KRB5 AP_REQ
+			**  in place of RFC 2712 KerberosWrapper, as in:
+			**
+                        **  Send ticket (copy to *p, set n = length)
+                        **  n = krb5_ap_req.length;
+                        **  memcpy(p, krb5_ap_req.data, krb5_ap_req.length);
+                        **  if (krb5_ap_req.data)  
+                        **    kssl_krb5_free_data_contents(NULL,&krb5_ap_req);
+                        **
+			**  Now using real RFC 2712 KerberosWrapper
+			**  (Thanks to Simon Wilkinson <sxw@sxw.org.uk>)
+			**  Note: 2712 "opaque" types are here replaced
+			**  with a 2-byte length followed by the value.
+			**  Example:
+			**  KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms
+			**  Where "xx xx" = length bytes.  Shown here with
+			**  optional authenticator omitted.
+			*/
+
+			/*  KerberosWrapper.Ticket		*/
+			s2n(enc_ticket->length,p);
+			memcpy(p, enc_ticket->data, enc_ticket->length);
+			p+= enc_ticket->length;
+			n = enc_ticket->length + 2;
+
+			/*  KerberosWrapper.Authenticator	*/
+			if (authp  &&  authp->length)  
+				{
+				s2n(authp->length,p);
+				memcpy(p, authp->data, authp->length);
+				p+= authp->length;
+				n+= authp->length + 2;
+				
+				free(authp->data);
+				authp->data = NULL;
+				authp->length = 0;
+				}
+			else
+				{
+				s2n(0,p);/*  null authenticator length	*/
+				n+=2;
+				}
+ 
+			if (RAND_bytes(tmp_buf,sizeof tmp_buf) <= 0)
+			    goto err;
+
+			/*  20010420 VRS.  Tried it this way; failed.
+			**	EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL);
+			**	EVP_CIPHER_CTX_set_key_length(&ciph_ctx,
+			**				kssl_ctx->length);
+			**	EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv);
+			*/
+
+			memset(iv, 0, sizeof iv);  /* per RFC 1510 */
+			EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,
+				kssl_ctx->key,iv);
+			EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf,
+				sizeof tmp_buf);
+			EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl);
+			outl += padl;
+			if (outl > sizeof epms)
+				{
+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+				goto err;
+				}
+			EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+
+			/*  KerberosWrapper.EncryptedPreMasterSecret	*/
+			s2n(outl,p);
+			memcpy(p, epms, outl);
+			p+=outl;
+			n+=outl + 2;
+
+                        s->session->master_key_length=
+                                s->method->ssl3_enc->generate_master_secret(s,
+					s->session->master_key,
+					tmp_buf, sizeof tmp_buf);
+
+			OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
+			OPENSSL_cleanse(epms, outl);
+                        }
+#endif
+#ifndef OPENSSL_NO_DH
+		else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
 			{
 			DH *dh_srvr,*dh_clnt;
 
-			if (s->session->cert->dh_tmp != NULL)
-				dh_srvr=s->session->cert->dh_tmp;
+			if (s->session->sess_cert->peer_dh_tmp != NULL)
+				dh_srvr=s->session->sess_cert->peer_dh_tmp;
 			else
 				{
 				/* we get them from the cert */
@@ -1414,11 +1847,181 @@ SSL *s;
 
 			/* perhaps clean things up a bit EAY EAY EAY EAY*/
 			}
-		else
 #endif
+
+#ifndef OPENSSL_NO_ECDH 
+		else if ((l & SSL_kECDH) || (l & SSL_kECDHE))
+			{
+			EC_GROUP *srvr_group = NULL;
+			int ecdh_clnt_cert = 0;
+
+			/* Did we send out the client's
+			 * ECDH share for use in premaster
+			 * computation as part of client certificate?
+			 * If so, set ecdh_clnt_cert to 1.
+			 */
+			if ((l & SSL_kECDH) && (s->cert != NULL)) 
+				{
+				/* XXX: For now, we do not support client
+				 * authentication using ECDH certificates.
+				 * To add such support, one needs to add
+				 * code that checks for appropriate 
+				 * conditions and sets ecdh_clnt_cert to 1.
+				 * For example, the cert have an ECC
+				 * key on the same curve as the server's
+				 * and the key should be authorized for
+				 * key agreement.
+				 *
+				 * One also needs to add code in ssl3_connect
+				 * to skip sending the certificate verify
+				 * message.
+				 *
+				 * if ((s->cert->key->privatekey != NULL) &&
+				 *     (s->cert->key->privatekey->type ==
+				 *      EVP_PKEY_EC) && ...)
+				 * ecdh_clnt_cert = 1;
+				 */
+				}
+
+			if (s->session->sess_cert->peer_ecdh_tmp != NULL)
+				{
+				srvr_group = s->session->sess_cert-> \
+				    peer_ecdh_tmp->group;
+				srvr_ecpoint = s->session->sess_cert-> \
+				    peer_ecdh_tmp->pub_key;
+				}
+			else
+				{
+				/* Get the Server Public Key from Cert */
+				srvr_pub_pkey = X509_get_pubkey(s->session-> \
+				    sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
+				if ((srvr_pub_pkey == NULL) ||
+				    (srvr_pub_pkey->type != EVP_PKEY_EC) ||
+				    (srvr_pub_pkey->pkey.eckey == NULL))
+					{
+					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+					    ERR_R_INTERNAL_ERROR);
+					goto err;
+					}
+
+				srvr_group = srvr_pub_pkey->pkey.eckey->group;
+				srvr_ecpoint = 
+				    srvr_pub_pkey->pkey.eckey->pub_key;
+				}
+
+			if ((srvr_group == NULL) || (srvr_ecpoint == NULL))
+				{
+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+				    ERR_R_INTERNAL_ERROR);
+				goto err;
+				}
+
+			if ((clnt_ecdh=EC_KEY_new()) == NULL) 
+				{
+				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
+
+			clnt_ecdh->group = srvr_group;
+			if (ecdh_clnt_cert) 
+				{ 
+                                /* Reuse key info from our certificate
+				 * We only need our private key to perform
+				 * the ECDH computation.
+				 */
+				clnt_ecdh->priv_key = BN_dup(s->cert->key-> \
+				    privatekey->pkey.eckey->priv_key);
+				}
+			else 
+				{
+				/* Generate a new ECDH key pair */
+				if (!(EC_KEY_generate_key(clnt_ecdh)))
+					{
+					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_ECDH_LIB);
+					goto err;
+					}
+				}
+
+                        /* use the 'p' output buffer for the ECDH key, but
+                         * make sure to clear it out afterwards
+			 */
+
+                        n=ECDH_compute_key(p, srvr_ecpoint, clnt_ecdh);
+			if (n <= 0)
+                                {
+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, 
+				       ERR_R_ECDH_LIB);
+                                goto err;
+				}
+
+                        /* generate master key from the result */
+                        s->session->master_key_length = s->method->ssl3_enc \
+			    -> generate_master_secret(s, 
+				s->session->master_key,
+				p, n);
+
+                        memset(p, 0, n); /* clean up */
+
+			if (ecdh_clnt_cert) 
+				{
+				/* Send empty client key exch message */
+				n = 0;
+				}
+			else 
+				{
+				/* First check the size of encoding and
+				 * allocate memory accordingly.
+				 */
+				encoded_pt_len = 
+				    EC_POINT_point2oct(clnt_ecdh->group, 
+					clnt_ecdh->pub_key, 
+					POINT_CONVERSION_UNCOMPRESSED, 
+					NULL, 0, NULL);
+
+				encodedPoint = (unsigned char *) 
+				    OPENSSL_malloc(encoded_pt_len * 
+					sizeof(unsigned char)); 
+				bn_ctx = BN_CTX_new();
+				if ((encodedPoint == NULL) || 
+				    (bn_ctx == NULL)) 
+					{
+					SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+					goto err;
+					}
+
+				/* Encode the public key */
+				n = EC_POINT_point2oct(clnt_ecdh->group, 
+				    clnt_ecdh->pub_key, 
+				    POINT_CONVERSION_UNCOMPRESSED, 
+				    encodedPoint, encoded_pt_len, bn_ctx);
+
+				*p = n; /* length of encoded point */
+                                /* Encoded point will be copied here */
+				p += 1; 
+				/* copy the point */
+				memcpy((unsigned char *)p, encodedPoint, n);
+				/* increment n to account for length field */
+				n += 1; 
+				}
+
+			/* Free allocated memory */
+			BN_CTX_free(bn_ctx);
+			if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
+			if (clnt_ecdh != NULL) 
+				{
+                                 /* group is shared */
+				 clnt_ecdh->group = NULL; 
+				 EC_KEY_free(clnt_ecdh);
+				}
+			EVP_PKEY_free(srvr_pub_pkey);
+			}
+#endif /* !OPENSSL_NO_ECDH */
+		else
 			{
-			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-			SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR);
+			ssl3_send_alert(s, SSL3_AL_FATAL,
+			    SSL_AD_HANDSHAKE_FAILURE);
+			SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+			    ERR_R_INTERNAL_ERROR);
 			goto err;
 			}
 		
@@ -1434,18 +2037,30 @@ SSL *s;
 	/* SSL3_ST_CW_KEY_EXCH_B */
 	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
 err:
+#ifndef OPENSSL_NO_ECDH
+	BN_CTX_free(bn_ctx);
+	if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
+	if (clnt_ecdh != NULL) 
+		{
+		/* group is shared */
+		clnt_ecdh->group = NULL; 
+		EC_KEY_free(clnt_ecdh);
+		}
+        EVP_PKEY_free(srvr_pub_pkey);
+#endif
 	return(-1);
 	}
 
-static int ssl3_send_client_verify(s)
-SSL *s;
+static int ssl3_send_client_verify(SSL *s)
 	{
 	unsigned char *p,*d;
 	unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
 	EVP_PKEY *pkey;
-	int i=0;
+#ifndef OPENSSL_NO_RSA
+	unsigned u=0;
+#endif
 	unsigned long n;
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	int j;
 #endif
 
@@ -1458,26 +2073,24 @@ SSL *s;
 		s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2),
 			&(data[MD5_DIGEST_LENGTH]));
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		if (pkey->type == EVP_PKEY_RSA)
 			{
 			s->method->ssl3_enc->cert_verify_mac(s,
 				&(s->s3->finish_dgst1),&(data[0]));
-			i=RSA_private_encrypt(
-				MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
-				data,&(p[2]),pkey->pkey.rsa,
-				RSA_PKCS1_PADDING);
-			if (i <= 0)
+			if (RSA_sign(NID_md5_sha1, data,
+					 MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH,
+					&(p[2]), &u, pkey->pkey.rsa) <= 0 )
 				{
 				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB);
 				goto err;
 				}
-			s2n(i,p);
-			n=i+2;
+			s2n(u,p);
+			n=u+2;
 			}
 		else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 			if (pkey->type == EVP_PKEY_DSA)
 			{
 			if (!DSA_sign(pkey->save_type,
@@ -1493,8 +2106,25 @@ SSL *s;
 			}
 		else
 #endif
+#ifndef OPENSSL_NO_ECDSA
+			if (pkey->type == EVP_PKEY_EC)
 			{
-			SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,SSL_R_INTERNAL_ERROR);
+			if (!ECDSA_sign(pkey->save_type,
+				&(data[MD5_DIGEST_LENGTH]),
+				SHA_DIGEST_LENGTH,&(p[2]),
+				(unsigned int *)&j,pkey->pkey.eckey))
+				{
+				SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
+				    ERR_R_ECDSA_LIB);
+				goto err;
+				}
+			s2n(j,p);
+			n=j+2;
+			}
+		else
+#endif
+			{
+			SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR);
 			goto err;
 			}
 		*(d++)=SSL3_MT_CERTIFICATE_VERIFY;
@@ -1508,8 +2138,7 @@ err:
 	return(-1);
 	}
 
-static int ssl3_send_client_certificate(s)
-SSL *s;
+static int ssl3_send_client_certificate(SSL *s)
 	{
 	X509 *x509=NULL;
 	EVP_PKEY *pkey=NULL;
@@ -1588,38 +2217,61 @@ SSL *s;
 
 #define has_bits(i,m)	(((i)&(m)) == (m))
 
-static int ssl3_check_cert_and_algorithm(s)
-SSL *s;
+static int ssl3_check_cert_and_algorithm(SSL *s)
 	{
 	int i,idx;
 	long algs;
 	EVP_PKEY *pkey=NULL;
-	CERT *c;
+	SESS_CERT *sc;
+#ifndef OPENSSL_NO_RSA
 	RSA *rsa;
+#endif
+#ifndef OPENSSL_NO_DH
 	DH *dh;
+#endif
 
-	c=s->session->cert;
+	sc=s->session->sess_cert;
 
-	if (c == NULL)
+	if (sc == NULL)
 		{
-		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);
 		goto err;
 		}
 
 	algs=s->s3->tmp.new_cipher->algorithms;
 
 	/* we don't have a certificate */
-	if (algs & (SSL_aDH|SSL_aNULL))
+	if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5))
 		return(1);
 
-	rsa=s->session->cert->rsa_tmp;
-	dh=s->session->cert->dh_tmp;
+#ifndef OPENSSL_NO_RSA
+	rsa=s->session->sess_cert->peer_rsa_tmp;
+#endif
+#ifndef OPENSSL_NO_DH
+	dh=s->session->sess_cert->peer_dh_tmp;
+#endif
 
 	/* This is the passed certificate */
 
-	idx=c->cert_type;
-	pkey=X509_get_pubkey(c->pkeys[idx].x509);
-	i=X509_certificate_type(c->pkeys[idx].x509,pkey);
+	idx=sc->peer_cert_type;
+#ifndef OPENSSL_NO_ECDH
+	if (idx == SSL_PKEY_ECC)
+		{
+		if (check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
+		    s->s3->tmp.new_cipher) == 0) 
+			{ /* check failed */
+			SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);
+			goto f_err;			
+			}
+		else 
+			{
+			return 1;
+			}
+		}
+#endif
+	pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509);
+	i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey);
+	EVP_PKEY_free(pkey);
 
 	
 	/* Check that we have a certificate if we require one */
@@ -1628,22 +2280,23 @@ SSL *s;
 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT);
 		goto f_err;
 		}
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN))
 		{
 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT);
 		goto f_err;
 		}
 #endif
-
+#ifndef OPENSSL_NO_RSA
 	if ((algs & SSL_kRSA) &&
 		!(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL)))
 		{
 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT);
 		goto f_err;
 		}
-#ifndef NO_DH
-	else if ((algs & SSL_kEDH) &&
+#endif
+#ifndef OPENSSL_NO_DH
+	if ((algs & SSL_kEDH) &&
 		!(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
 		{
 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
@@ -1654,7 +2307,7 @@ SSL *s;
 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT);
 		goto f_err;
 		}
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA))
 		{
 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT);
@@ -1663,12 +2316,13 @@ SSL *s;
 #endif
 #endif
 
-	if ((algs & SSL_EXP) && !has_bits(i,EVP_PKT_EXP))
+	if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP))
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		if (algs & SSL_kRSA)
 			{
-			if ((rsa == NULL) || (RSA_size(rsa) > 512))
+			if (rsa == NULL
+			    || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
 				{
 				SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
 				goto f_err;
@@ -1676,10 +2330,11 @@ SSL *s;
 			}
 		else
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 			if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
-			{
-			if ((dh == NULL) || (DH_size(dh) > 512))
+			    {
+			    if (dh == NULL
+				|| DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
 				{
 				SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY);
 				goto f_err;
@@ -1699,3 +2354,44 @@ err:
 	return(0);
 	}
 
+
+#ifndef OPENSSL_NO_ECDH
+/* This is the complement of nid2curve_id in s3_srvr.c. */
+static int curve_id2nid(int curve_id)
+{
+	/* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
+	static int nid_list[26] =
+	{
+		0,
+		NID_sect163k1, /* sect163k1 (1) */
+		NID_sect163r1, /* sect163r1 (2) */
+		NID_sect163r2, /* sect163r2 (3) */
+		NID_sect193r1, /* sect193r1 (4) */ 
+		NID_sect193r2, /* sect193r2 (5) */ 
+		NID_sect233k1, /* sect233k1 (6) */
+		NID_sect233r1, /* sect233r1 (7) */ 
+		NID_sect239k1, /* sect239k1 (8) */ 
+		NID_sect283k1, /* sect283k1 (9) */
+		NID_sect283r1, /* sect283r1 (10) */ 
+		NID_sect409k1, /* sect409k1 (11) */ 
+		NID_sect409r1, /* sect409r1 (12) */
+		NID_sect571k1, /* sect571k1 (13) */ 
+		NID_sect571r1, /* sect571r1 (14) */ 
+		NID_secp160k1, /* secp160k1 (15) */
+		NID_secp160r1, /* secp160r1 (16) */ 
+		NID_secp160r2, /* secp160r2 (17) */ 
+		NID_secp192k1, /* secp192k1 (18) */
+		NID_X9_62_prime192v1, /* secp192r1 (19) */ 
+		NID_secp224k1, /* secp224k1 (20) */ 
+		NID_secp224r1, /* secp224r1 (21) */
+		NID_secp256k1, /* secp256k1 (22) */ 
+		NID_X9_62_prime256v1, /* secp256r1 (23) */ 
+		NID_secp384r1, /* secp384r1 (24) */
+		NID_secp521r1  /* secp521r1 (25) */	
+	};
+	
+	if ((curve_id < 1) || (curve_id > 25)) return 0;
+
+	return nid_list[curve_id];
+}
+#endif
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 116b096155..35fde29c8a 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -55,10 +55,64 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
-#include "evp.h"
 #include "ssl_locl.h"
+#include <openssl/evp.h>
+#include <openssl/md5.h>
 
 static unsigned char ssl3_pad_1[48]={
 	0x36,0x36,0x36,0x36,0x36,0x36,0x36,0x36,
@@ -76,82 +130,92 @@ static unsigned char ssl3_pad_2[48]={
 	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,
 	0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c,0x5c };
 
-#ifndef NO_PROTO
 static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
-	unsigned char *sender, int len, unsigned char *p);
-#else
-static int ssl3_handshake_mac();
-#endif
+	const char *sender, int len, unsigned char *p);
 
-static void ssl3_generate_key_block(s,km,num)
-SSL *s;
-unsigned char *km;
-int num;
+static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 	{
-	MD5_CTX m5;
-	SHA_CTX s1;
-	unsigned char buf[8],smd[SHA_DIGEST_LENGTH];
+	EVP_MD_CTX m5;
+	EVP_MD_CTX s1;
+	unsigned char buf[16],smd[SHA_DIGEST_LENGTH];
 	unsigned char c='A';
 	int i,j,k;
 
+#ifdef CHARSET_EBCDIC
+	c = os_toascii[c]; /*'A' in ASCII */
+#endif
 	k=0;
+	EVP_MD_CTX_init(&m5);
+	EVP_MD_CTX_init(&s1);
 	for (i=0; i<num; i+=MD5_DIGEST_LENGTH)
 		{
 		k++;
+		if (k > sizeof buf)
+			{
+			/* bug: 'buf' is too small for this ciphersuite */
+			SSLerr(SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
+			return 0;
+			}
+		
 		for (j=0; j<k; j++)
 			buf[j]=c;
 		c++;
-		SHA1_Init(  &s1);
-		SHA1_Update(&s1,buf,k);
-		SHA1_Update(&s1,s->session->master_key,
+		EVP_DigestInit_ex(&s1,EVP_sha1(), NULL);
+		EVP_DigestUpdate(&s1,buf,k);
+		EVP_DigestUpdate(&s1,s->session->master_key,
 			s->session->master_key_length);
-		SHA1_Update(&s1,s->s3->server_random,SSL3_RANDOM_SIZE);
-		SHA1_Update(&s1,s->s3->client_random,SSL3_RANDOM_SIZE);
-		SHA1_Final( smd,&s1);
+		EVP_DigestUpdate(&s1,s->s3->server_random,SSL3_RANDOM_SIZE);
+		EVP_DigestUpdate(&s1,s->s3->client_random,SSL3_RANDOM_SIZE);
+		EVP_DigestFinal_ex(&s1,smd,NULL);
 
-		MD5_Init(  &m5);
-		MD5_Update(&m5,s->session->master_key,
+		EVP_DigestInit_ex(&m5,EVP_md5(), NULL);
+		EVP_DigestUpdate(&m5,s->session->master_key,
 			s->session->master_key_length);
-		MD5_Update(&m5,smd,SHA_DIGEST_LENGTH);
+		EVP_DigestUpdate(&m5,smd,SHA_DIGEST_LENGTH);
 		if ((i+MD5_DIGEST_LENGTH) > num)
 			{
-			MD5_Final(smd,&m5);
+			EVP_DigestFinal_ex(&m5,smd,NULL);
 			memcpy(km,smd,(num-i));
 			}
 		else
-			MD5_Final(km,&m5);
+			EVP_DigestFinal_ex(&m5,km,NULL);
 
 		km+=MD5_DIGEST_LENGTH;
 		}
-	memset(smd,0,SHA_DIGEST_LENGTH);
+	OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH);
+	EVP_MD_CTX_cleanup(&m5);
+	EVP_MD_CTX_cleanup(&s1);
+	return 1;
 	}
 
-int ssl3_change_cipher_state(s,which)
-SSL *s;
-int which;
+int ssl3_change_cipher_state(SSL *s, int which)
 	{
 	unsigned char *p,*key_block,*mac_secret;
 	unsigned char exp_key[EVP_MAX_KEY_LENGTH];
-	unsigned char exp_iv[EVP_MAX_KEY_LENGTH];
+	unsigned char exp_iv[EVP_MAX_IV_LENGTH];
 	unsigned char *ms,*key,*iv,*er1,*er2;
 	EVP_CIPHER_CTX *dd;
-	EVP_CIPHER *c;
+	const EVP_CIPHER *c;
 	COMP_METHOD *comp;
-	EVP_MD *m;
-	MD5_CTX md;
-	int exp,n,i,j,k;
+	const EVP_MD *m;
+	EVP_MD_CTX md;
+	int exp,n,i,j,k,cl;
+	int reuse_dd = 0;
 
-	exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
+	exp=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
 	c=s->s3->tmp.new_sym_enc;
 	m=s->s3->tmp.new_hash;
-	comp=s->s3->tmp.new_compression;
+	if (s->s3->tmp.new_compression == NULL)
+		comp=NULL;
+	else
+		comp=s->s3->tmp.new_compression->method;
 	key_block=s->s3->tmp.key_block;
 
 	if (which & SSL3_CC_READ)
 		{
-		if ((s->enc_read_ctx == NULL) &&
-			((s->enc_read_ctx=(EVP_CIPHER_CTX *)
-			Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+		if (s->enc_read_ctx != NULL)
+			reuse_dd = 1;
+		else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
 			goto err;
 		dd= s->enc_read_ctx;
 		s->read_hash=m;
@@ -169,8 +233,9 @@ int which;
 				SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
 				goto err2;
 				}
-			s->s3->rrec.comp=(unsigned char *)
-				Malloc(SSL3_RT_MAX_PLAIN_LENGTH);
+			if (s->s3->rrec.comp == NULL)
+				s->s3->rrec.comp=(unsigned char *)
+					OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH);
 			if (s->s3->rrec.comp == NULL)
 				goto err;
 			}
@@ -179,9 +244,9 @@ int which;
 		}
 	else
 		{
-		if ((s->enc_write_ctx == NULL) &&
-			((s->enc_write_ctx=(EVP_CIPHER_CTX *)
-			Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+		if (s->enc_write_ctx != NULL)
+			reuse_dd = 1;
+		else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
 			goto err;
 		dd= s->enc_write_ctx;
 		s->write_hash=m;
@@ -204,11 +269,16 @@ int which;
 		mac_secret= &(s->s3->write_mac_secret[0]);
 		}
 
+	if (reuse_dd)
+		EVP_CIPHER_CTX_cleanup(dd);
 	EVP_CIPHER_CTX_init(dd);
 
 	p=s->s3->tmp.key_block;
 	i=EVP_MD_size(m);
-	j=(exp)?5:EVP_CIPHER_key_length(c);
+	cl=EVP_CIPHER_key_length(c);
+	j=exp ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+		 cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+	/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
 	k=EVP_CIPHER_iv_length(c);
 	if (	(which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
 		(which == SSL3_CHANGE_CIPHER_SERVER_READ))
@@ -231,39 +301,41 @@ int which;
 
 	if (n > s->s3->tmp.key_block_length)
 		{
-		SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
 		goto err2;
 		}
 
+	EVP_MD_CTX_init(&md);
 	memcpy(mac_secret,ms,i);
 	if (exp)
 		{
 		/* In here I set both the read and write key/iv to the
 		 * same value since only the correct one will be used :-).
 		 */
-		MD5_Init(&md);
-		MD5_Update(&md,key,j);
-		MD5_Update(&md,er1,SSL3_RANDOM_SIZE);
-		MD5_Update(&md,er2,SSL3_RANDOM_SIZE);
-		MD5_Final(&(exp_key[0]),&md);
+		EVP_DigestInit_ex(&md,EVP_md5(), NULL);
+		EVP_DigestUpdate(&md,key,j);
+		EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);
+		EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);
+		EVP_DigestFinal_ex(&md,&(exp_key[0]),NULL);
 		key= &(exp_key[0]);
 
 		if (k > 0)
 			{
-			MD5_Init(&md);
-			MD5_Update(&md,er1,SSL3_RANDOM_SIZE);
-			MD5_Update(&md,er2,SSL3_RANDOM_SIZE);
-			MD5_Final(&(exp_iv[0]),&md);
+			EVP_DigestInit_ex(&md,EVP_md5(), NULL);
+			EVP_DigestUpdate(&md,er1,SSL3_RANDOM_SIZE);
+			EVP_DigestUpdate(&md,er2,SSL3_RANDOM_SIZE);
+			EVP_DigestFinal_ex(&md,&(exp_iv[0]),NULL);
 			iv= &(exp_iv[0]);
 			}
 		}
 
 	s->session->key_arg_length=0;
 
-	EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+	EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
 
-	memset(&(exp_key[0]),0,sizeof(exp_key));
-	memset(&(exp_iv[0]),0,sizeof(exp_iv));
+	OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
+	OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
+	EVP_MD_CTX_cleanup(&md);
 	return(1);
 err:
 	SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
@@ -271,18 +343,19 @@ err2:
 	return(0);
 	}
 
-int ssl3_setup_key_block(s)
-SSL *s;
+int ssl3_setup_key_block(SSL *s)
 	{
 	unsigned char *p;
-	EVP_CIPHER *c;
-	EVP_MD *hash;
-	int num,exp;
+	const EVP_CIPHER *c;
+	const EVP_MD *hash;
+	int num;
+	int ret = 0;
+	SSL_COMP *comp;
 
 	if (s->s3->tmp.key_block_length != 0)
 		return(1);
 
-	if (!ssl_cipher_get_evp(s->session->cipher,&c,&hash))
+	if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
 		{
 		SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
 		return(0);
@@ -290,55 +363,66 @@ SSL *s;
 
 	s->s3->tmp.new_sym_enc=c;
 	s->s3->tmp.new_hash=hash;
-#ifdef ZLIB
-	s->s3->tmp.new_compression=COMP_zlib();
-#endif
-/*	s->s3->tmp.new_compression=COMP_rle(); */
-/*	s->session->compress_meth= xxxxx */
-
-	exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
+	s->s3->tmp.new_compression=comp;
 
 	num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
 	num*=2;
 
 	ssl3_cleanup_key_block(s);
 
-	if ((p=(unsigned char *)Malloc(num)) == NULL)
+	if ((p=OPENSSL_malloc(num)) == NULL)
 		goto err;
 
 	s->s3->tmp.key_block_length=num;
 	s->s3->tmp.key_block=p;
 
-	ssl3_generate_key_block(s,p,num);
+	ret = ssl3_generate_key_block(s,p,num);
 
-	return(1);
+	if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+		{
+		/* enable vulnerability countermeasure for CBC ciphers with
+		 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
+		 */
+		s->s3->need_empty_fragments = 1;
+
+		if (s->session->cipher != NULL)
+			{
+			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
+				s->s3->need_empty_fragments = 0;
+			
+#ifndef OPENSSL_NO_RC4
+			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
+				s->s3->need_empty_fragments = 0;
+#endif
+			}
+		}
+
+	return ret;
+		
 err:
 	SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
 	return(0);
 	}
 
-void ssl3_cleanup_key_block(s)
-SSL *s;
+void ssl3_cleanup_key_block(SSL *s)
 	{
 	if (s->s3->tmp.key_block != NULL)
 		{
-		memset(s->s3->tmp.key_block,0,
+		OPENSSL_cleanse(s->s3->tmp.key_block,
 			s->s3->tmp.key_block_length);
-		Free(s->s3->tmp.key_block);
+		OPENSSL_free(s->s3->tmp.key_block);
 		s->s3->tmp.key_block=NULL;
 		}
 	s->s3->tmp.key_block_length=0;
 	}
 
-int ssl3_enc(s,send)
-SSL *s;
-int send;
+int ssl3_enc(SSL *s, int send)
 	{
 	SSL3_RECORD *rec;
 	EVP_CIPHER_CTX *ds;
 	unsigned long l;
 	int bs,i;
-	EVP_CIPHER *enc;
+	const EVP_CIPHER *enc;
 
 	if (send)
 		{
@@ -362,7 +446,7 @@ int send;
 	if ((s->session == NULL) || (ds == NULL) ||
 		(enc == NULL))
 		{
-		memcpy(rec->data,rec->input,rec->length);
+		memmove(rec->data,rec->input,rec->length);
 		rec->input=rec->data;
 		}
 	else
@@ -372,7 +456,6 @@ int send;
 
 		/* COMPRESS */
 
-		/* This should be using (bs-1) and bs instead of 7 and 8 */
 		if ((bs != 1) && send)
 			{
 			i=bs-((int)l%bs);
@@ -382,17 +465,31 @@ int send;
 			rec->length+=i;
 			rec->input[l-1]=(i-1);
 			}
-
+		
+		if (!send)
+			{
+			if (l == 0 || l%bs != 0)
+				{
+				SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+				return 0;
+				}
+			}
+		
 		EVP_Cipher(ds,rec->data,rec->input,l);
 
 		if ((bs != 1) && !send)
 			{
 			i=rec->data[l-1]+1;
+			/* SSL 3.0 bounds the number of padding bytes by the block size;
+			 * padding bytes (except that last) are arbitrary */
 			if (i > bs)
 				{
-				SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
-				return(0);
+				/* Incorrect padding. SSLerr() and ssl3_alert are done
+				 * by caller: we don't want to reveal whether this is
+				 * a decryption error or a MAC verification failure
+				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+				return -1;
 				}
 			rec->length-=i;
 			}
@@ -400,36 +497,25 @@ int send;
 	return(1);
 	}
 
-void ssl3_init_finished_mac(s)
-SSL *s;
+void ssl3_init_finished_mac(SSL *s)
 	{
-	EVP_DigestInit(&(s->s3->finish_dgst1),s->ctx->md5);
-	EVP_DigestInit(&(s->s3->finish_dgst2),s->ctx->sha1);
+	EVP_DigestInit_ex(&(s->s3->finish_dgst1),s->ctx->md5, NULL);
+	EVP_DigestInit_ex(&(s->s3->finish_dgst2),s->ctx->sha1, NULL);
 	}
 
-void ssl3_finish_mac(s,buf,len)
-SSL *s;
-unsigned char *buf;
-int len;
+void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
 	{
 	EVP_DigestUpdate(&(s->s3->finish_dgst1),buf,len);
 	EVP_DigestUpdate(&(s->s3->finish_dgst2),buf,len);
 	}
 
-int ssl3_cert_verify_mac(s,ctx,p)
-SSL *s;
-EVP_MD_CTX *ctx;
-unsigned char *p;
+int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *ctx, unsigned char *p)
 	{
 	return(ssl3_handshake_mac(s,ctx,NULL,0,p));
 	}
 
-int ssl3_final_finish_mac(s,ctx1,ctx2,sender,len,p)
-SSL *s;
-EVP_MD_CTX *ctx1,*ctx2;
-unsigned char *sender;
-int len;
-unsigned char *p;
+int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
+	     const char *sender, int len, unsigned char *p)
 	{
 	int ret;
 
@@ -439,12 +525,8 @@ unsigned char *p;
 	return(ret);
 	}
 
-static int ssl3_handshake_mac(s,in_ctx,sender,len,p)
-SSL *s;
-EVP_MD_CTX *in_ctx;
-unsigned char *sender;
-int len;
-unsigned char *p;
+static int ssl3_handshake_mac(SSL *s, EVP_MD_CTX *in_ctx,
+	     const char *sender, int len, unsigned char *p)
 	{
 	unsigned int ret;
 	int npad,n;
@@ -452,7 +534,8 @@ unsigned char *p;
 	unsigned char md_buf[EVP_MAX_MD_SIZE];
 	EVP_MD_CTX ctx;
 
-	memcpy(&ctx,in_ctx,sizeof(EVP_MD_CTX));
+	EVP_MD_CTX_init(&ctx);
+	EVP_MD_CTX_copy_ex(&ctx,in_ctx);
 
 	n=EVP_MD_CTX_size(&ctx);
 	npad=(48/n)*n;
@@ -462,29 +545,26 @@ unsigned char *p;
 	EVP_DigestUpdate(&ctx,s->session->master_key,
 		s->session->master_key_length);
 	EVP_DigestUpdate(&ctx,ssl3_pad_1,npad);
-	EVP_DigestFinal(&ctx,md_buf,&i);
+	EVP_DigestFinal_ex(&ctx,md_buf,&i);
 
-	EVP_DigestInit(&ctx,EVP_MD_CTX_type(&ctx));
+	EVP_DigestInit_ex(&ctx,EVP_MD_CTX_md(&ctx), NULL);
 	EVP_DigestUpdate(&ctx,s->session->master_key,
 		s->session->master_key_length);
 	EVP_DigestUpdate(&ctx,ssl3_pad_2,npad);
 	EVP_DigestUpdate(&ctx,md_buf,i);
-	EVP_DigestFinal(&ctx,p,&ret);
+	EVP_DigestFinal_ex(&ctx,p,&ret);
 
-	memset(&ctx,0,sizeof(EVP_MD_CTX));
+	EVP_MD_CTX_cleanup(&ctx);
 
 	return((int)ret);
 	}
 
-int ssl3_mac(ssl,md,send)
-SSL *ssl;
-unsigned char *md;
-int send;
+int ssl3_mac(SSL *ssl, unsigned char *md, int send)
 	{
 	SSL3_RECORD *rec;
 	unsigned char *mac_sec,*seq;
 	EVP_MD_CTX md_ctx;
-	EVP_MD *hash;
+	const EVP_MD *hash;
 	unsigned char *p,rec_char;
 	unsigned int md_size;
 	int npad,i;
@@ -508,8 +588,9 @@ int send;
 	npad=(48/md_size)*md_size;
 
 	/* Chop the digest off the end :-) */
+	EVP_MD_CTX_init(&md_ctx);
 
-	EVP_DigestInit(  &md_ctx,hash);
+	EVP_DigestInit_ex(  &md_ctx,hash, NULL);
 	EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
 	EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
 	EVP_DigestUpdate(&md_ctx,seq,8);
@@ -519,59 +600,68 @@ int send;
 	s2n(rec->length,p);
 	EVP_DigestUpdate(&md_ctx,md,2);
 	EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
-	EVP_DigestFinal( &md_ctx,md,NULL);
+	EVP_DigestFinal_ex( &md_ctx,md,NULL);
 
-	EVP_DigestInit(  &md_ctx,hash);
+	EVP_DigestInit_ex(  &md_ctx,hash, NULL);
 	EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
 	EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
 	EVP_DigestUpdate(&md_ctx,md,md_size);
-	EVP_DigestFinal( &md_ctx,md,&md_size);
+	EVP_DigestFinal_ex( &md_ctx,md,&md_size);
+
+	EVP_MD_CTX_cleanup(&md_ctx);
 
 	for (i=7; i>=0; i--)
-		if (++seq[i]) break; 
+		{
+		++seq[i];
+		if (seq[i] != 0) break; 
+		}
 
 	return(md_size);
 	}
 
-int ssl3_generate_master_secret(s,out,p,len)
-SSL *s;
-unsigned char *out;
-unsigned char *p;
-int len;
+int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
+	     int len)
 	{
-	static unsigned char *salt[3]={
-		(unsigned char *)"A",
-		(unsigned char *)"BB",
-		(unsigned char *)"CCC",
+	static const unsigned char *salt[3]={
+#ifndef CHARSET_EBCDIC
+		(const unsigned char *)"A",
+		(const unsigned char *)"BB",
+		(const unsigned char *)"CCC",
+#else
+		(const unsigned char *)"\x41",
+		(const unsigned char *)"\x42\x42",
+		(const unsigned char *)"\x43\x43\x43",
+#endif
 		};
 	unsigned char buf[EVP_MAX_MD_SIZE];
 	EVP_MD_CTX ctx;
 	int i,ret=0;
 	unsigned int n;
 
+	EVP_MD_CTX_init(&ctx);
 	for (i=0; i<3; i++)
 		{
-		EVP_DigestInit(&ctx,s->ctx->sha1);
-		EVP_DigestUpdate(&ctx,salt[i],strlen((char *)salt[i]));
+		EVP_DigestInit_ex(&ctx,s->ctx->sha1, NULL);
+		EVP_DigestUpdate(&ctx,salt[i],strlen((const char *)salt[i]));
 		EVP_DigestUpdate(&ctx,p,len);
 		EVP_DigestUpdate(&ctx,&(s->s3->client_random[0]),
 			SSL3_RANDOM_SIZE);
 		EVP_DigestUpdate(&ctx,&(s->s3->server_random[0]),
 			SSL3_RANDOM_SIZE);
-		EVP_DigestFinal(&ctx,buf,&n);
+		EVP_DigestFinal_ex(&ctx,buf,&n);
 
-		EVP_DigestInit(&ctx,s->ctx->md5);
+		EVP_DigestInit_ex(&ctx,s->ctx->md5, NULL);
 		EVP_DigestUpdate(&ctx,p,len);
 		EVP_DigestUpdate(&ctx,buf,n);
-		EVP_DigestFinal(&ctx,out,&n);
+		EVP_DigestFinal_ex(&ctx,out,&n);
 		out+=n;
 		ret+=n;
 		}
+	EVP_MD_CTX_cleanup(&ctx);
 	return(ret);
 	}
 
-int ssl3_alert_code(code)
-int code;
+int ssl3_alert_code(int code)
 	{
 	switch (code)
 		{
@@ -593,11 +683,11 @@ int code;
 	case SSL_AD_ACCESS_DENIED:	return(SSL3_AD_HANDSHAKE_FAILURE);
 	case SSL_AD_DECODE_ERROR:	return(SSL3_AD_HANDSHAKE_FAILURE);
 	case SSL_AD_DECRYPT_ERROR:	return(SSL3_AD_HANDSHAKE_FAILURE);
-	case SSL_AD_EXPORT_RESTRICION:	return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_EXPORT_RESTRICTION:	return(SSL3_AD_HANDSHAKE_FAILURE);
 	case SSL_AD_PROTOCOL_VERSION:	return(SSL3_AD_HANDSHAKE_FAILURE);
 	case SSL_AD_INSUFFICIENT_SECURITY:return(SSL3_AD_HANDSHAKE_FAILURE);
 	case SSL_AD_INTERNAL_ERROR:	return(SSL3_AD_HANDSHAKE_FAILURE);
-	case SSL_AD_USER_CANCLED:	return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_USER_CANCELLED:	return(SSL3_AD_HANDSHAKE_FAILURE);
 	case SSL_AD_NO_RENEGOTIATION:	return(-1); /* Don't send it :-) */
 	default:			return(-1);
 		}
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 41b1814070..2145385ccd 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -55,40 +55,112 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
 
 #include <stdio.h>
-#include "objects.h"
+#include <openssl/objects.h>
 #include "ssl_locl.h"
+#include "kssl_lcl.h"
+#include <openssl/md5.h>
 
-char *ssl3_version_str="SSLv3 part of SSLeay 0.9.1a 06-Jul-1998";
+const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT;
 
 #define SSL3_NUM_CIPHERS	(sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER))
 
-#ifndef NOPROTO
 static long ssl3_default_timeout(void );
-#else
-static long ssl3_default_timeout();
-#endif
 
-SSL_CIPHER ssl3_ciphers[]={
+OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 /* The RSA ciphers */
 /* Cipher 01 */
 	{
 	1,
 	SSL3_TXT_RSA_NULL_MD5,
 	SSL3_CK_RSA_NULL_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3,
+	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
+	SSL_NOT_EXP|SSL_STRONG_NONE,
+	0,
+	0,
 	0,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* Cipher 02 */
 	{
 	1,
 	SSL3_TXT_RSA_NULL_SHA,
 	SSL3_CK_RSA_NULL_SHA,
-	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
+	SSL_NOT_EXP|SSL_STRONG_NONE,
+	0,
+	0,
 	0,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 
 /* anon DH */
@@ -97,45 +169,65 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_ADH_RC4_40_MD5,
 	SSL3_CK_ADH_RC4_40_MD5,
-	SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_EXP|SSL_SSLV3,
+	SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
+	SSL_EXPORT|SSL_EXP40,
 	0,
+	40,
+	128,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* Cipher 18 */
 	{
 	1,
 	SSL3_TXT_ADH_RC4_128_MD5,
 	SSL3_CK_ADH_RC4_128_MD5,
-	SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3,
+	SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
+	SSL_NOT_EXP|SSL_MEDIUM,
 	0,
+	128,
+	128,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* Cipher 19 */
 	{
 	1,
 	SSL3_TXT_ADH_DES_40_CBC_SHA,
 	SSL3_CK_ADH_DES_40_CBC_SHA,
-	SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+	SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3,
+	SSL_EXPORT|SSL_EXP40,
 	0,
+	40,
+	128,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* Cipher 1A */
 	{
 	1,
 	SSL3_TXT_ADH_DES_64_CBC_SHA,
 	SSL3_CK_ADH_DES_64_CBC_SHA,
-	SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+	SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+	SSL_NOT_EXP|SSL_LOW,
 	0,
+	56,
+	56,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* Cipher 1B */
 	{
 	1,
 	SSL3_TXT_ADH_DES_192_CBC_SHA,
 	SSL3_CK_ADH_DES_192_CBC_SHA,
-	SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+	SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+	SSL_NOT_EXP|SSL_HIGH,
 	0,
+	168,
+	168,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 
 /* RSA again */
@@ -144,72 +236,104 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_RSA_RC4_40_MD5,
 	SSL3_CK_RSA_RC4_40_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5 |SSL_EXP|SSL_SSLV3,
+	SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
+	SSL_EXPORT|SSL_EXP40,
 	0,
+	40,
+	128,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* Cipher 04 */
 	{
 	1,
 	SSL3_TXT_RSA_RC4_128_MD5,
 	SSL3_CK_RSA_RC4_128_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
+	SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_MD5|SSL_SSLV3,
+	SSL_NOT_EXP|SSL_MEDIUM,
 	0,
+	128,
+	128,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* Cipher 05 */
 	{
 	1,
 	SSL3_TXT_RSA_RC4_128_SHA,
 	SSL3_CK_RSA_RC4_128_SHA,
-	SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
+	SSL_kRSA|SSL_aRSA|SSL_RC4  |SSL_SHA1|SSL_SSLV3,
+	SSL_NOT_EXP|SSL_MEDIUM,
 	0,
+	128,
+	128,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* Cipher 06 */
 	{
 	1,
 	SSL3_TXT_RSA_RC2_40_MD5,
 	SSL3_CK_RSA_RC2_40_MD5,
-	SSL_kRSA|SSL_aRSA|SSL_RC2  |SSL_MD5 |SSL_EXP|SSL_SSLV3,
+	SSL_kRSA|SSL_aRSA|SSL_RC2  |SSL_MD5 |SSL_SSLV3,
+	SSL_EXPORT|SSL_EXP40,
 	0,
+	40,
+	128,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* Cipher 07 */
 	{
 	1,
 	SSL3_TXT_RSA_IDEA_128_SHA,
 	SSL3_CK_RSA_IDEA_128_SHA,
-	SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM,
+	SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3,
+	SSL_NOT_EXP|SSL_MEDIUM,
 	0,
+	128,
+	128,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* Cipher 08 */
 	{
 	1,
 	SSL3_TXT_RSA_DES_40_CBC_SHA,
 	SSL3_CK_RSA_DES_40_CBC_SHA,
-	SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+	SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
+	SSL_EXPORT|SSL_EXP40,
 	0,
+	40,
+	56,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* Cipher 09 */
 	{
 	1,
 	SSL3_TXT_RSA_DES_64_CBC_SHA,
 	SSL3_CK_RSA_DES_64_CBC_SHA,
-	SSL_kRSA|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+	SSL_kRSA|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+	SSL_NOT_EXP|SSL_LOW,
 	0,
+	56,
+	56,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* Cipher 0A */
 	{
 	1,
 	SSL3_TXT_RSA_DES_192_CBC3_SHA,
 	SSL3_CK_RSA_DES_192_CBC3_SHA,
-	SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+	SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+	SSL_NOT_EXP|SSL_HIGH,
 	0,
+	168,
+	168,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 
 /*  The DH ciphers */
@@ -218,54 +342,78 @@ SSL_CIPHER ssl3_ciphers[]={
 	0,
 	SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
 	SSL3_CK_DH_DSS_DES_40_CBC_SHA,
-	SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+	SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
+	SSL_EXPORT|SSL_EXP40,
 	0,
+	40,
+	56,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* Cipher 0C */
 	{
 	0,
 	SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
 	SSL3_CK_DH_DSS_DES_64_CBC_SHA,
-	SSL_kDHd |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+	SSL_kDHd |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+	SSL_NOT_EXP|SSL_LOW,
 	0,
+	56,
+	56,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* Cipher 0D */
 	{
 	0,
 	SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
 	SSL3_CK_DH_DSS_DES_192_CBC3_SHA,
-	SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+	SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+	SSL_NOT_EXP|SSL_HIGH,
 	0,
+	168,
+	168,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* Cipher 0E */
 	{
 	0,
 	SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
 	SSL3_CK_DH_RSA_DES_40_CBC_SHA,
-	SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+	SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3,
+	SSL_EXPORT|SSL_EXP40,
 	0,
+	40,
+	56,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* Cipher 0F */
 	{
 	0,
 	SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
 	SSL3_CK_DH_RSA_DES_64_CBC_SHA,
-	SSL_kDHr |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+	SSL_kDHr |SSL_aDH|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+	SSL_NOT_EXP|SSL_LOW,
 	0,
+	56,
+	56,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* Cipher 10 */
 	{
 	0,
 	SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
 	SSL3_CK_DH_RSA_DES_192_CBC3_SHA,
-	SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+	SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+	SSL_NOT_EXP|SSL_HIGH,
 	0,
+	168,
+	168,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 
 /* The Ephemeral DH ciphers */
@@ -274,54 +422,78 @@ SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
 	SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
-	SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+	SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3,
+	SSL_EXPORT|SSL_EXP40,
 	0,
+	40,
+	56,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* Cipher 12 */
 	{
 	1,
 	SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
 	SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
-	SSL_kEDH|SSL_aDSS|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+	SSL_kEDH|SSL_aDSS|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+	SSL_NOT_EXP|SSL_LOW,
 	0,
+	56,
+	56,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* Cipher 13 */
 	{
 	1,
 	SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
 	SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
-	SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+	SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+	SSL_NOT_EXP|SSL_HIGH,
 	0,
+	168,
+	168,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* Cipher 14 */
 	{
 	1,
 	SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
 	SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
-	SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3,
+	SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3,
+	SSL_EXPORT|SSL_EXP40,
 	0,
+	40,
+	56,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* Cipher 15 */
 	{
 	1,
 	SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
 	SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
-	SSL_kEDH|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW,
+	SSL_kEDH|SSL_aRSA|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+	SSL_NOT_EXP|SSL_LOW,
 	0,
+	56,
+	56,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 /* Cipher 16 */
 	{
 	1,
 	SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
 	SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
-	SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH,
+	SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+	SSL_NOT_EXP|SSL_HIGH,
 	0,
+	168,
+	168,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 
 /* Fortezza */
@@ -330,9 +502,13 @@ SSL_CIPHER ssl3_ciphers[]={
 	0,
 	SSL3_TXT_FZA_DMS_NULL_SHA,
 	SSL3_CK_FZA_DMS_NULL_SHA,
-	SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+	SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
+	SSL_NOT_EXP|SSL_STRONG_NONE,
+	0,
+	0,
 	0,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 
 /* Cipher 1D */
@@ -340,21 +516,838 @@ SSL_CIPHER ssl3_ciphers[]={
 	0,
 	SSL3_TXT_FZA_DMS_FZA_SHA,
 	SSL3_CK_FZA_DMS_FZA_SHA,
-	SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+	SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
+	SSL_NOT_EXP|SSL_STRONG_NONE,
+	0,
+	0,
 	0,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 
+#if 0
 /* Cipher 1E */
 	{
 	0,
 	SSL3_TXT_FZA_DMS_RC4_SHA,
 	SSL3_CK_FZA_DMS_RC4_SHA,
-	SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3,
+	SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|SSL_SSLV3,
+	SSL_NOT_EXP|SSL_MEDIUM,
+	0,
+	128,
+	128,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+#endif
+
+#ifndef OPENSSL_NO_KRB5
+/* The Kerberos ciphers
+** 20000107 VRS: And the first shall be last,
+** in hopes of avoiding the lynx ssl renegotiation problem.
+*/
+/* Cipher 1E VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_DES_64_CBC_SHA,
+	SSL3_CK_KRB5_DES_64_CBC_SHA,
+	SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
+	SSL_NOT_EXP|SSL_LOW,
 	0,
+	56,
+	56,
 	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
 	},
 
+/* Cipher 1F VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_DES_192_CBC3_SHA,
+	SSL3_CK_KRB5_DES_192_CBC3_SHA,
+	SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_SHA1  |SSL_SSLV3,
+	SSL_NOT_EXP|SSL_HIGH,
+	0,
+	112,
+	168,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 20 VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_RC4_128_SHA,
+	SSL3_CK_KRB5_RC4_128_SHA,
+	SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1  |SSL_SSLV3,
+	SSL_NOT_EXP|SSL_MEDIUM,
+	0,
+	128,
+	128,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 21 VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_IDEA_128_CBC_SHA,
+	SSL3_CK_KRB5_IDEA_128_CBC_SHA,
+	SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_SHA1  |SSL_SSLV3,
+	SSL_NOT_EXP|SSL_MEDIUM,
+	0,
+	128,
+	128,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 22 VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_DES_64_CBC_MD5,
+	SSL3_CK_KRB5_DES_64_CBC_MD5,
+	SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
+	SSL_NOT_EXP|SSL_LOW,
+	0,
+	56,
+	56,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 23 VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_DES_192_CBC3_MD5,
+	SSL3_CK_KRB5_DES_192_CBC3_MD5,
+	SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_MD5   |SSL_SSLV3,
+	SSL_NOT_EXP|SSL_HIGH,
+	0,
+	112,
+	168,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 24 VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_RC4_128_MD5,
+	SSL3_CK_KRB5_RC4_128_MD5,
+	SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5  |SSL_SSLV3,
+	SSL_NOT_EXP|SSL_MEDIUM,
+	0,
+	128,
+	128,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 25 VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_IDEA_128_CBC_MD5,
+	SSL3_CK_KRB5_IDEA_128_CBC_MD5,
+	SSL_kKRB5|SSL_aKRB5|  SSL_IDEA|SSL_MD5  |SSL_SSLV3,
+	SSL_NOT_EXP|SSL_MEDIUM,
+	0,
+	128,
+	128,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 26 VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_DES_40_CBC_SHA,
+	SSL3_CK_KRB5_DES_40_CBC_SHA,
+	SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
+	SSL_EXPORT|SSL_EXP40,
+	0,
+	40,
+	56,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 27 VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_RC2_40_CBC_SHA,
+	SSL3_CK_KRB5_RC2_40_CBC_SHA,
+	SSL_kKRB5|SSL_aKRB5|  SSL_RC2|SSL_SHA1   |SSL_SSLV3,
+	SSL_EXPORT|SSL_EXP40,
+	0,
+	40,
+	128,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 28 VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_RC4_40_SHA,
+	SSL3_CK_KRB5_RC4_40_SHA,
+	SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_SHA1   |SSL_SSLV3,
+	SSL_EXPORT|SSL_EXP40,
+	0,
+	128,
+	128,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 29 VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_DES_40_CBC_MD5,
+	SSL3_CK_KRB5_DES_40_CBC_MD5,
+	SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_MD5    |SSL_SSLV3,
+	SSL_EXPORT|SSL_EXP40,
+	0,
+	40,
+	56,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 2A VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_RC2_40_CBC_MD5,
+	SSL3_CK_KRB5_RC2_40_CBC_MD5,
+	SSL_kKRB5|SSL_aKRB5|  SSL_RC2|SSL_MD5    |SSL_SSLV3,
+	SSL_EXPORT|SSL_EXP40,
+	0,
+	40,
+	128,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+
+/* Cipher 2B VRS */
+	{
+	1,
+	SSL3_TXT_KRB5_RC4_40_MD5,
+	SSL3_CK_KRB5_RC4_40_MD5,
+	SSL_kKRB5|SSL_aKRB5|  SSL_RC4|SSL_MD5    |SSL_SSLV3,
+	SSL_EXPORT|SSL_EXP40,
+	0,
+	128,
+	128,
+	SSL_ALL_CIPHERS,
+	SSL_ALL_STRENGTHS,
+	},
+#endif	/* OPENSSL_NO_KRB5 */
+
+
+#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES
+	/* New TLS Export CipherSuites */
+	/* Cipher 60 */
+	    {
+	    1,
+	    TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5,
+	    TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5,
+	    SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1,
+	    SSL_EXPORT|SSL_EXP56,
+	    0,
+	    56,
+	    128,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 61 */
+	    {
+	    1,
+	    TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+	    TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
+	    SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1,
+	    SSL_EXPORT|SSL_EXP56,
+	    0,
+	    56,
+	    128,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 62 */
+	    {
+	    1,
+	    TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+	    TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+	    SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
+	    SSL_EXPORT|SSL_EXP56,
+	    0,
+	    56,
+	    56,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 63 */
+	    {
+	    1,
+	    TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+	    TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
+	    SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1,
+	    SSL_EXPORT|SSL_EXP56,
+	    0,
+	    56,
+	    56,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 64 */
+	    {
+	    1,
+	    TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
+	    TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA,
+	    SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+	    SSL_EXPORT|SSL_EXP56,
+	    0,
+	    56,
+	    128,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 65 */
+	    {
+	    1,
+	    TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+	    TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
+	    SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
+	    SSL_EXPORT|SSL_EXP56,
+	    0,
+	    56,
+	    128,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 66 */
+	    {
+	    1,
+	    TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
+	    TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
+	    SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_MEDIUM,
+	    0,
+	    128,
+	    128,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS
+	    },
+#endif
+	/* New AES ciphersuites */
+
+	/* Cipher 2F */
+	    {
+	    1,
+	    TLS1_TXT_RSA_WITH_AES_128_SHA,
+	    TLS1_CK_RSA_WITH_AES_128_SHA,
+	    SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_MEDIUM,
+	    0,
+	    128,
+	    128,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 30 */
+	    {
+	    0,
+	    TLS1_TXT_DH_DSS_WITH_AES_128_SHA,
+	    TLS1_CK_DH_DSS_WITH_AES_128_SHA,
+	    SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_MEDIUM,
+	    0,
+	    128,
+	    128,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 31 */
+	    {
+	    0,
+	    TLS1_TXT_DH_RSA_WITH_AES_128_SHA,
+	    TLS1_CK_DH_RSA_WITH_AES_128_SHA,
+	    SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_MEDIUM,
+	    0,
+	    128,
+	    128,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 32 */
+	    {
+	    1,
+	    TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
+	    TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
+	    SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_MEDIUM,
+	    0,
+	    128,
+	    128,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 33 */
+	    {
+	    1,
+	    TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
+	    TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
+	    SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_MEDIUM,
+	    0,
+	    128,
+	    128,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 34 */
+	    {
+	    1,
+	    TLS1_TXT_ADH_WITH_AES_128_SHA,
+	    TLS1_CK_ADH_WITH_AES_128_SHA,
+	    SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_MEDIUM,
+	    0,
+	    128,
+	    128,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+
+	/* Cipher 35 */
+	    {
+	    1,
+	    TLS1_TXT_RSA_WITH_AES_256_SHA,
+	    TLS1_CK_RSA_WITH_AES_256_SHA,
+	    SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_HIGH,
+	    0,
+	    256,
+	    256,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 36 */
+	    {
+	    0,
+	    TLS1_TXT_DH_DSS_WITH_AES_256_SHA,
+	    TLS1_CK_DH_DSS_WITH_AES_256_SHA,
+	    SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_HIGH,
+	    0,
+	    256,
+	    256,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 37 */
+	    {
+	    0,
+	    TLS1_TXT_DH_RSA_WITH_AES_256_SHA,
+	    TLS1_CK_DH_RSA_WITH_AES_256_SHA,
+	    SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_HIGH,
+	    0,
+	    256,
+	    256,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 38 */
+	    {
+	    1,
+	    TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
+	    TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
+	    SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_HIGH,
+	    0,
+	    256,
+	    256,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 39 */
+	    {
+	    1,
+	    TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
+	    TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
+	    SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_HIGH,
+	    0,
+	    256,
+	    256,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+	/* Cipher 3A */
+	    {
+	    1,
+	    TLS1_TXT_ADH_WITH_AES_256_SHA,
+	    TLS1_CK_ADH_WITH_AES_256_SHA,
+	    SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1,
+	    SSL_NOT_EXP|SSL_HIGH,
+	    0,
+	    256,
+	    256,
+	    SSL_ALL_CIPHERS,
+	    SSL_ALL_STRENGTHS,
+	    },
+
+#ifndef OPENSSL_NO_ECDH
+	/* Cipher 47 */
+	    {
+            1,
+            TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA,
+            TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA,
+            SSL_kECDH|SSL_aECDSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP,
+            0,
+            0,
+            0,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+	/* Cipher 48 */
+	    {
+            1,
+            TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
+            TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA,
+            SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+	/* Cipher 49 */
+	    {
+            1,
+            TLS1_TXT_ECDH_ECDSA_WITH_DES_CBC_SHA,
+            TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA,
+            SSL_kECDH|SSL_aECDSA|SSL_DES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_LOW,
+            0,
+            56,
+            56,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+	/* Cipher 4A */
+	    {
+            1,
+            TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
+            TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
+            SSL_kECDH|SSL_aECDSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            168,
+            168,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+	/* Cipher 4B */
+	    {
+            1,
+            TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+            TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+            SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_MEDIUM,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+	/* Cipher 4C */
+	    {
+            1,
+            TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+            TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
+            SSL_kECDH|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            256,
+            256,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+	/* Cipher 5B */
+	/* XXX NOTE: The ECC/TLS draft has a bug and reuses 4B for this */
+	    {
+            1,
+            TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA,
+            TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA,
+            SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_EXPORT|SSL_EXP40,
+            0,
+            40,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+	/* Cipher 5C */
+	/* XXX NOTE: The ECC/TLS draft has a bug and reuses 4C for this */
+	    {
+            1,
+            TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA,
+            TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA,
+            SSL_kECDH|SSL_aECDSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_EXPORT|SSL_EXP56,
+            0,
+            56,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+	/* Cipher 4D */
+	    {
+            1,
+            TLS1_TXT_ECDH_RSA_WITH_NULL_SHA,
+            TLS1_CK_ECDH_RSA_WITH_NULL_SHA,
+            SSL_kECDH|SSL_aRSA|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP,
+            0,
+            0,
+            0,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+	/* Cipher 4E */
+	    {
+            1,
+            TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
+            TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA,
+            SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+	/* Cipher 4F */
+	    {
+            1,
+            TLS1_TXT_ECDH_RSA_WITH_DES_CBC_SHA,
+            TLS1_CK_ECDH_RSA_WITH_DES_CBC_SHA,
+            SSL_kECDH|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_LOW,
+            0,
+            56,
+            56,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+	/* Cipher 50 */
+	    {
+            1,
+            TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
+            TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
+            SSL_kECDH|SSL_aRSA|SSL_3DES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            168,
+            168,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+	/* Cipher 51 */
+	    {
+            1,
+            TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
+            TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
+            SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_MEDIUM,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+	/* Cipher 52 */
+	    {
+            1,
+            TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
+            TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
+            SSL_kECDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            256,
+            256,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+	/* Cipher 53 */
+	    {
+            1,
+            TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_40_SHA,
+            TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_40_SHA,
+            SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_EXPORT|SSL_EXP40,
+            0,
+            40,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+	/* Cipher 54 */
+	    {
+            1,
+            TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_56_SHA,
+            TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_56_SHA,
+            SSL_kECDH|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_EXPORT|SSL_EXP56,
+            0,
+            56,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+	/* Cipher 55 */
+            {
+            1,
+            TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
+            TLS1_CK_ECDH_anon_WITH_NULL_SHA,
+            SSL_kECDHE|SSL_aNULL|SSL_eNULL|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP,
+            0,
+            0,
+            0,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+	    },
+
+	/* Cipher 56 */
+            {
+            1,
+            TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
+            TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
+            SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+	    },
+
+	/* Cipher 57 */
+	    {
+            1,
+            TLS1_TXT_ECDH_anon_WITH_DES_CBC_SHA,
+            TLS1_CK_ECDH_anon_WITH_DES_CBC_SHA,
+            SSL_kECDHE|SSL_aNULL|SSL_DES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_LOW,
+            0,
+            56,
+            56,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+	/* Cipher 58 */
+	    {
+            1,
+            TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
+            TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
+            SSL_kECDHE|SSL_aNULL|SSL_3DES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_HIGH,
+            0,
+            168,
+            168,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+	/* Cipher 59 */
+	    {
+            1,
+            TLS1_TXT_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA,
+            TLS1_CK_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA,
+            SSL_kECDHE|SSL_aNULL|SSL_DES|SSL_SHA|SSL_TLSV1,
+            SSL_EXPORT|SSL_EXP40,
+            0,
+            40,
+            56,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+	/* Cipher 5A */
+	    {
+            1,
+            TLS1_TXT_ECDH_anon_EXPORT_WITH_RC4_40_SHA,
+            TLS1_CK_ECDH_anon_EXPORT_WITH_RC4_40_SHA,
+            SSL_kECDHE|SSL_aNULL|SSL_RC4|SSL_SHA|SSL_TLSV1,
+            SSL_EXPORT|SSL_EXP40,
+            0,
+            40,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+	/* Cipher 77 XXX: ECC ciphersuites offering forward secrecy
+	 * are not yet specified in the ECC/TLS draft but our code
+	 * allows them to be implemented very easily. To add such
+	 * a cipher suite, one needs to add two constant definitions
+	 * to tls1.h and a new structure in this file as shown below. We 
+	 * illustrate the process for the made-up cipher
+	 * ECDHE-ECDSA-AES128-SHA.
+	 */
+	    {
+            1,
+            TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+            TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+            SSL_kECDHE|SSL_aECDSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_MEDIUM,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+	/* Cipher 78 XXX: Another made-up ECC cipher suite that
+	 * offers forward secrecy (ECDHE-RSA-AES128-SHA).
+	 */
+	    {
+            1,
+            TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+            TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+            SSL_kECDHE|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1,
+            SSL_NOT_EXP|SSL_MEDIUM,
+            0,
+            128,
+            128,
+            SSL_ALL_CIPHERS,
+            SSL_ALL_STRENGTHS,
+            },
+
+#endif /* !OPENSSL_NO_ECDH */
+
 /* end of list */
 	};
 
@@ -395,27 +1388,29 @@ static SSL_METHOD SSLv3_data= {
 	ssl_bad_method,
 	ssl3_default_timeout,
 	&SSLv3_enc_data,
+	ssl_undefined_function,
+	ssl3_callback_ctrl,
+	ssl3_ctx_callback_ctrl,
 	};
 
-static long ssl3_default_timeout()
+static long ssl3_default_timeout(void)
 	{
 	/* 2 hours, the 24 hours mentioned in the SSLv3 spec
 	 * is way too long for http, the cache would over fill */
 	return(60*60*2);
 	}
 
-SSL_METHOD *sslv3_base_method()
+SSL_METHOD *sslv3_base_method(void)
 	{
 	return(&SSLv3_data);
 	}
 
-int ssl3_num_ciphers()
+int ssl3_num_ciphers(void)
 	{
 	return(SSL3_NUM_CIPHERS);
 	}
 
-SSL_CIPHER *ssl3_get_cipher(u)
-unsigned int u;
+SSL_CIPHER *ssl3_get_cipher(unsigned int u)
 	{
 	if (u < SSL3_NUM_CIPHERS)
 		return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u]));
@@ -423,29 +1418,24 @@ unsigned int u;
 		return(NULL);
 	}
 
-/* The problem is that it may not be the correct record type */
-int ssl3_pending(s)
-SSL *s;
+int ssl3_pending(SSL *s)
 	{
-	return(s->s3->rrec.length);
+	if (s->rstate == SSL_ST_READ_BODY)
+		return 0;
+	
+	return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
 	}
 
-int ssl3_new(s)
-SSL *s;
+int ssl3_new(SSL *s)
 	{
-	SSL3_CTX *s3;
+	SSL3_STATE *s3;
 
-	if ((s3=(SSL3_CTX *)Malloc(sizeof(SSL3_CTX))) == NULL) goto err;
-	memset(s3,0,sizeof(SSL3_CTX));
+	if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err;
+	memset(s3,0,sizeof *s3);
+	EVP_MD_CTX_init(&s3->finish_dgst1);
+	EVP_MD_CTX_init(&s3->finish_dgst2);
 
 	s->s3=s3;
-	/*
-	s->s3->tmp.ca_names=NULL;
-	s->s3->tmp.key_block=NULL;
-	s->s3->tmp.key_block_length=0;
-	s->s3->rbuf.buf=NULL;
-	s->s3->wbuf.buf=NULL;
-	*/
 
 	s->method->ssl_clear(s);
 	return(1);
@@ -453,48 +1443,74 @@ err:
 	return(0);
 	}
 
-void ssl3_free(s)
-SSL *s;
+void ssl3_free(SSL *s)
 	{
+	if(s == NULL)
+	    return;
+
 	ssl3_cleanup_key_block(s);
 	if (s->s3->rbuf.buf != NULL)
-		Free(s->s3->rbuf.buf);
+		OPENSSL_free(s->s3->rbuf.buf);
 	if (s->s3->wbuf.buf != NULL)
-		Free(s->s3->wbuf.buf);
+		OPENSSL_free(s->s3->wbuf.buf);
 	if (s->s3->rrec.comp != NULL)
-		Free(s->s3->rrec.comp);
-#ifndef NO_DH
+		OPENSSL_free(s->s3->rrec.comp);
+#ifndef OPENSSL_NO_DH
 	if (s->s3->tmp.dh != NULL)
 		DH_free(s->s3->tmp.dh);
 #endif
+#ifndef OPENSSL_NO_ECDH
+	if (s->s3->tmp.ecdh != NULL)
+		EC_KEY_free(s->s3->tmp.ecdh);
+#endif
+
 	if (s->s3->tmp.ca_names != NULL)
-		sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
-	memset(s->s3,0,sizeof(SSL3_CTX));
-	Free(s->s3);
+		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+	EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
+	EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
+	OPENSSL_cleanse(s->s3,sizeof *s->s3);
+	OPENSSL_free(s->s3);
 	s->s3=NULL;
 	}
 
-void ssl3_clear(s)
-SSL *s;
+void ssl3_clear(SSL *s)
 	{
 	unsigned char *rp,*wp;
+	size_t rlen, wlen;
 
 	ssl3_cleanup_key_block(s);
 	if (s->s3->tmp.ca_names != NULL)
-		sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
-
-	rp=s->s3->rbuf.buf;
-	wp=s->s3->wbuf.buf;
-
-	memset(s->s3,0,sizeof(SSL3_CTX));
-	if (rp != NULL) s->s3->rbuf.buf=rp;
-	if (wp != NULL) s->s3->wbuf.buf=wp;
+		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
 
 	if (s->s3->rrec.comp != NULL)
 		{
-		Free(s->s3->rrec.comp);
+		OPENSSL_free(s->s3->rrec.comp);
 		s->s3->rrec.comp=NULL;
 		}
+#ifndef OPENSSL_NO_DH
+	if (s->s3->tmp.dh != NULL)
+		DH_free(s->s3->tmp.dh);
+#endif
+#ifndef OPENSSL_NO_ECDH
+	if (s->s3->tmp.ecdh != NULL)
+		EC_KEY_free(s->s3->tmp.ecdh);
+#endif
+
+	rp = s->s3->rbuf.buf;
+	wp = s->s3->wbuf.buf;
+	rlen = s->s3->rbuf.len;
+ 	wlen = s->s3->wbuf.len;
+
+	EVP_MD_CTX_cleanup(&s->s3->finish_dgst1);
+	EVP_MD_CTX_cleanup(&s->s3->finish_dgst2);
+
+	memset(s->s3,0,sizeof *s->s3);
+	s->s3->rbuf.buf = rp;
+	s->s3->wbuf.buf = wp;
+	s->s3->rbuf.len = rlen;
+ 	s->s3->wbuf.len = wlen;
+
+	ssl_free_wbio_buffer(s);
 
 	s->packet_length=0;
 	s->s3->renegotiate=0;
@@ -504,14 +1520,30 @@ SSL *s;
 	s->version=SSL3_VERSION;
 	}
 
-long ssl3_ctrl(s,cmd,larg,parg)
-SSL *s;
-int cmd;
-long larg;
-char *parg;
+long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
 	{
 	int ret=0;
 
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
+	if (
+#ifndef OPENSSL_NO_RSA
+	    cmd == SSL_CTRL_SET_TMP_RSA ||
+	    cmd == SSL_CTRL_SET_TMP_RSA_CB ||
+#endif
+#ifndef OPENSSL_NO_DSA
+	    cmd == SSL_CTRL_SET_TMP_DH ||
+	    cmd == SSL_CTRL_SET_TMP_DH_CB ||
+#endif
+		0)
+		{
+		if (!ssl_cert_inst(&s->cert))
+		    	{
+			SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
+			return(0);
+			}
+		}
+#endif
+
 	switch (cmd)
 		{
 	case SSL_CTRL_GET_SESSION_REUSED:
@@ -530,27 +1562,181 @@ char *parg;
 		ret=s->s3->total_renegotiations;
 		break;
 	case SSL_CTRL_GET_FLAGS:
-		ret=s->s3->flags;
+		ret=(int)(s->s3->flags);
+		break;
+#ifndef OPENSSL_NO_RSA
+	case SSL_CTRL_NEED_TMP_RSA:
+		if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) &&
+		    ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
+		     (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8))))
+			ret = 1;
+		break;
+	case SSL_CTRL_SET_TMP_RSA:
+		{
+			RSA *rsa = (RSA *)parg;
+			if (rsa == NULL)
+				{
+				SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+				return(ret);
+				}
+			if ((rsa = RSAPrivateKey_dup(rsa)) == NULL)
+				{
+				SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB);
+				return(ret);
+				}
+			if (s->cert->rsa_tmp != NULL)
+				RSA_free(s->cert->rsa_tmp);
+			s->cert->rsa_tmp = rsa;
+			ret = 1;
+		}
+		break;
+	case SSL_CTRL_SET_TMP_RSA_CB:
+		{
+		SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return(ret);
+		}
+		break;
+#endif
+#ifndef OPENSSL_NO_DH
+	case SSL_CTRL_SET_TMP_DH:
+		{
+			DH *dh = (DH *)parg;
+			if (dh == NULL)
+				{
+				SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+				return(ret);
+				}
+			if ((dh = DHparams_dup(dh)) == NULL)
+				{
+				SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
+				return(ret);
+				}
+			if (!(s->options & SSL_OP_SINGLE_DH_USE))
+				{
+				if (!DH_generate_key(dh))
+					{
+					DH_free(dh);
+					SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
+					return(ret);
+					}
+				}
+			if (s->cert->dh_tmp != NULL)
+				DH_free(s->cert->dh_tmp);
+			s->cert->dh_tmp = dh;
+			ret = 1;
+		}
+		break;
+	case SSL_CTRL_SET_TMP_DH_CB:
+		{
+		SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return(ret);
+		}
+		break;
+#endif
+#ifndef OPENSSL_NO_ECDH
+	case SSL_CTRL_SET_TMP_ECDH:
+		{
+		EC_KEY *ecdh = NULL;
+ 			
+		if (parg == NULL)
+			{
+			SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+			return(ret);
+			}
+		if (!EC_KEY_up_ref((EC_KEY *)parg))
+			{
+			SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
+			return(ret);
+			}
+		ecdh = (EC_KEY *)parg;
+		if (!(s->options & SSL_OP_SINGLE_ECDH_USE))
+			{
+			if (!EC_KEY_generate_key(ecdh))
+				{
+				EC_KEY_free(ecdh);
+				SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
+				return(ret);
+				}
+			}
+		if (s->cert->ecdh_tmp != NULL)
+			EC_KEY_free(s->cert->ecdh_tmp);
+		s->cert->ecdh_tmp = ecdh;
+		ret = 1;
+		}
 		break;
+	case SSL_CTRL_SET_TMP_ECDH_CB:
+		{
+		SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return(ret);
+		}
+		break;
+#endif /* !OPENSSL_NO_ECDH */
 	default:
 		break;
 		}
 	return(ret);
 	}
 
-long ssl3_ctx_ctrl(ctx,cmd,larg,parg)
-SSL_CTX *ctx;
-int cmd;
-long larg;
-char *parg;
+long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)())
+	{
+	int ret=0;
+
+#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA)
+	if (
+#ifndef OPENSSL_NO_RSA
+	    cmd == SSL_CTRL_SET_TMP_RSA_CB ||
+#endif
+#ifndef OPENSSL_NO_DSA
+	    cmd == SSL_CTRL_SET_TMP_DH_CB ||
+#endif
+		0)
+		{
+		if (!ssl_cert_inst(&s->cert))
+			{
+			SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE);
+			return(0);
+			}
+		}
+#endif
+
+	switch (cmd)
+		{
+#ifndef OPENSSL_NO_RSA
+	case SSL_CTRL_SET_TMP_RSA_CB:
+		{
+		s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
+		}
+		break;
+#endif
+#ifndef OPENSSL_NO_DH
+	case SSL_CTRL_SET_TMP_DH_CB:
+		{
+		s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
+		}
+		break;
+#endif
+#ifndef OPENSSL_NO_ECDH
+	case SSL_CTRL_SET_TMP_ECDH_CB:
+		{
+		s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
+		}
+		break;
+#endif
+	default:
+		break;
+		}
+	return(ret);
+	}
+
+long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 	{
 	CERT *cert;
 
-	cert=ctx->default_cert;
+	cert=ctx->cert;
 
 	switch (cmd)
 		{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	case SSL_CTRL_NEED_TMP_RSA:
 		if (	(cert->rsa_tmp == NULL) &&
 			((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) ||
@@ -589,44 +1775,94 @@ char *parg;
 		}
 		/* break; */
 	case SSL_CTRL_SET_TMP_RSA_CB:
-		cert->rsa_tmp_cb=(RSA *(*)())parg;
+		{
+		SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return(0);
+		}
 		break;
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	case SSL_CTRL_SET_TMP_DH:
 		{
 		DH *new=NULL,*dh;
-		int rret=0;
 
 		dh=(DH *)parg;
-		if (	((new=DHparams_dup(dh)) == NULL) ||
-			(!DH_generate_key(new)))
+		if ((new=DHparams_dup(dh)) == NULL)
 			{
 			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
-			if (new != NULL) DH_free(new);
+			return 0;
 			}
-		else
+		if (!(ctx->options & SSL_OP_SINGLE_DH_USE))
 			{
-			if (cert->dh_tmp != NULL)
-				DH_free(cert->dh_tmp);
-			cert->dh_tmp=new;
-			rret=1;
+			if (!DH_generate_key(new))
+				{
+				SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB);
+				DH_free(new);
+				return 0;
+				}
 			}
-		return(rret);
+		if (cert->dh_tmp != NULL)
+			DH_free(cert->dh_tmp);
+		cert->dh_tmp=new;
+		return 1;
 		}
 		/*break; */
 	case SSL_CTRL_SET_TMP_DH_CB:
-		cert->dh_tmp_cb=(DH *(*)())parg;
+		{
+		SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return(0);
+		}
 		break;
 #endif
-	/* A Thwate special :-) */
+#ifndef OPENSSL_NO_ECDH
+	case SSL_CTRL_SET_TMP_ECDH:
+		{
+		EC_KEY *ecdh = NULL;
+ 			
+		if (parg == NULL)
+			{
+			SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
+			return 0;
+			}
+		if (!EC_KEY_up_ref((EC_KEY *)parg))
+			{
+			SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
+			return 0;
+			}
+		ecdh = (EC_KEY *)parg;
+		if (!(ctx->options & SSL_OP_SINGLE_ECDH_USE))
+			{
+			if (!EC_KEY_generate_key(ecdh))
+				{
+				EC_KEY_free(ecdh);
+				SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_ECDH_LIB);
+				return 0;
+				}
+			}
+
+		if (cert->ecdh_tmp != NULL)
+			{
+			EC_KEY_free(cert->ecdh_tmp);
+			}
+		cert->ecdh_tmp = ecdh;
+		return 1;
+		}
+		/* break; */
+	case SSL_CTRL_SET_TMP_ECDH_CB:
+		{
+		SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+		return(0);
+		}
+		break;
+#endif /* !OPENSSL_NO_ECDH */
+	/* A Thawte special :-) */
 	case SSL_CTRL_EXTRA_CHAIN_CERT:
 		if (ctx->extra_certs == NULL)
 			{
-			if ((ctx->extra_certs=sk_new_null()) == NULL)
+			if ((ctx->extra_certs=sk_X509_new_null()) == NULL)
 				return(0);
 			}
-		sk_push(ctx->extra_certs,(char *)parg);
+		sk_X509_push(ctx->extra_certs,(X509 *)parg);
 		break;
 
 	default:
@@ -635,10 +1871,44 @@ char *parg;
 	return(1);
 	}
 
+long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
+	{
+	CERT *cert;
+
+	cert=ctx->cert;
+
+	switch (cmd)
+		{
+#ifndef OPENSSL_NO_RSA
+	case SSL_CTRL_SET_TMP_RSA_CB:
+		{
+		cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp;
+		}
+		break;
+#endif
+#ifndef OPENSSL_NO_DH
+	case SSL_CTRL_SET_TMP_DH_CB:
+		{
+		cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
+		}
+		break;
+#endif
+#ifndef OPENSSL_NO_ECDH
+	case SSL_CTRL_SET_TMP_ECDH_CB:
+		{
+		cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp;
+		}
+		break;
+#endif
+	default:
+		return(0);
+		}
+	return(1);
+	}
+
 /* This function needs to check if the ciphers required are actually
  * available */
-SSL_CIPHER *ssl3_get_cipher_by_char(p)
-unsigned char *p;
+SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
 	{
 	static int init=1;
 	static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS];
@@ -648,14 +1918,21 @@ unsigned char *p;
 
 	if (init)
 		{
-		init=0;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+
+		if (init)
+			{
+			for (i=0; i<SSL3_NUM_CIPHERS; i++)
+				sorted[i]= &(ssl3_ciphers[i]);
 
-		for (i=0; i<SSL3_NUM_CIPHERS; i++)
-			sorted[i]= &(ssl3_ciphers[i]);
+			qsort(sorted,
+				SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+				FP_ICC ssl_cipher_ptr_id_cmp);
 
-		qsort(	(char *)sorted,
-			SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-			FP_ICC ssl_cipher_ptr_id_cmp);
+			init=0;
+			}
+		
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
 		}
 
 	id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
@@ -663,16 +1940,14 @@ unsigned char *p;
 	cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp,
 		(char *)sorted,
 		SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
-		(int (*)())ssl_cipher_ptr_id_cmp);
+		FP_ICC ssl_cipher_ptr_id_cmp);
 	if ((cpp == NULL) || !(*cpp)->valid)
 		return(NULL);
 	else
 		return(*cpp);
 	}
 
-int ssl3_put_cipher_by_char(c,p)
-SSL_CIPHER *c;
-unsigned char *p;
+int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p)
 	{
 	long l;
 
@@ -686,116 +1961,160 @@ unsigned char *p;
 	return(2);
 	}
 
-int ssl3_part_read(s,i)
-SSL *s;
-int i;
-	{
-	s->rwstate=SSL_READING;
-
-	if (i < 0)
-		{
-		return(i);
-		}
-	else
-		{
-		s->init_num+=i;
-		return(0);
-		}
-	}
-
-SSL_CIPHER *ssl3_choose_cipher(s,have,pref)
-SSL *s;
-STACK *have,*pref;
+SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
+	     STACK_OF(SSL_CIPHER) *srvr)
 	{
 	SSL_CIPHER *c,*ret=NULL;
+	STACK_OF(SSL_CIPHER) *prio, *allow;
 	int i,j,ok;
 	CERT *cert;
 	unsigned long alg,mask,emask;
 
-	/* Lets see which ciphers we can supported */
-	if (s->cert != NULL)
-		cert=s->cert;
+	/* Let's see which ciphers we can support */
+	cert=s->cert;
+
+#if 0
+	/* Do not set the compare functions, because this may lead to a
+	 * reordering by "id". We want to keep the original ordering.
+	 * We may pay a price in performance during sk_SSL_CIPHER_find(),
+	 * but would have to pay with the price of sk_SSL_CIPHER_dup().
+	 */
+	sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp);
+	sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp);
+#endif
+
+#ifdef CIPHER_DEBUG
+        printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr);
+        for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i)
+	    {
+	    c=sk_SSL_CIPHER_value(srvr,i);
+	    printf("%p:%s\n",c,c->name);
+	    }
+        printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt);
+        for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i)
+	    {
+	    c=sk_SSL_CIPHER_value(clnt,i);
+	    printf("%p:%s\n",c,c->name);
+	    }
+#endif
+
+	if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE)
+	    {
+	    prio = srvr;
+	    allow = clnt;
+	    }
 	else
-		cert=s->ctx->default_cert;
+	    {
+	    prio = clnt;
+	    allow = srvr;
+	    }
 
-	ssl_set_cert_masks(cert);
-	mask=cert->mask;
-	emask=cert->export_mask;
+	for (i=0; i<sk_SSL_CIPHER_num(prio); i++)
+		{
+		c=sk_SSL_CIPHER_value(prio,i);
+
+		ssl_set_cert_masks(cert,c);
+		mask=cert->mask;
+		emask=cert->export_mask;
 			
-	sk_set_cmp_func(pref,ssl_cipher_ptr_id_cmp);
+#ifdef KSSL_DEBUG
+		printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);
+#endif    /* KSSL_DEBUG */
 
-	for (i=0; i<sk_num(have); i++)
-		{
-		c=(SSL_CIPHER *)sk_value(have,i);
 		alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
-		if (alg & SSL_EXPORT)
+#ifndef OPENSSL_NO_KRB5
+                if (alg & SSL_KRB5) 
+                        {
+                        if ( !kssl_keytab_is_available(s->kssl_ctx) )
+                            continue;
+                        }
+#endif /* OPENSSL_NO_KRB5 */
+		if (SSL_C_IS_EXPORT(c))
 			{
 			ok=((alg & emask) == alg)?1:0;
 #ifdef CIPHER_DEBUG
-			printf("%d:[%08lX:%08lX]%s\n",ok,alg,mask,c->name);
+			printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask,
+			       c,c->name);
 #endif
 			}
 		else
 			{
 			ok=((alg & mask) == alg)?1:0;
 #ifdef CIPHER_DEBUG
-			printf("%d:[%08lX:%08lX]%s\n",ok,alg,mask,c->name);
+			printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c,
+			       c->name);
 #endif
 			}
 
 		if (!ok) continue;
-	
-		j=sk_find(pref,(char *)c);
+		j=sk_SSL_CIPHER_find(allow,c);
 		if (j >= 0)
 			{
-			ret=(SSL_CIPHER *)sk_value(pref,j);
+			ret=sk_SSL_CIPHER_value(allow,j);
 			break;
 			}
 		}
 	return(ret);
 	}
 
-int ssl3_get_req_cert_type(s,p)
-SSL *s;
-unsigned char *p;
+int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 	{
 	int ret=0;
 	unsigned long alg;
 
 	alg=s->s3->tmp.new_cipher->algorithms;
 
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if (alg & (SSL_kDHr|SSL_kEDH))
 		{
-#  ifndef NO_RSA
+#  ifndef OPENSSL_NO_RSA
 		p[ret++]=SSL3_CT_RSA_FIXED_DH;
 #  endif
-#  ifndef NO_DSA
+#  ifndef OPENSSL_NO_DSA
 		p[ret++]=SSL3_CT_DSS_FIXED_DH;
 #  endif
 		}
 	if ((s->version == SSL3_VERSION) &&
 		(alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
 		{
-#  ifndef NO_RSA
+#  ifndef OPENSSL_NO_RSA
 		p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
 #  endif
-#  ifndef NO_DSA
+#  ifndef OPENSSL_NO_DSA
 		p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH;
 #  endif
 		}
-#endif /* !NO_DH */
-#ifndef NO_RSA
+#endif /* !OPENSSL_NO_DH */
+#ifndef OPENSSL_NO_RSA
 	p[ret++]=SSL3_CT_RSA_SIGN;
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 	p[ret++]=SSL3_CT_DSS_SIGN;
 #endif
+#ifndef OPENSSL_NO_ECDH
+	/* We should ask for fixed ECDH certificates only
+	 * for SSL_kECDH (and not SSL_kECDHE)
+	 */
+	if ((alg & SSL_kECDH) && (s->version >= TLS1_VERSION))
+		{
+		p[ret++]=TLS_CT_RSA_FIXED_ECDH;
+		p[ret++]=TLS_CT_ECDSA_FIXED_ECDH;
+		}
+#endif
+
+#ifndef OPENSSL_NO_ECDSA
+	/* ECDSA certs can be used with RSA cipher suites as well 
+	 * so we don't need to check for SSL_kECDH or SSL_kECDHE
+	 */
+	if (s->version >= TLS1_VERSION)
+		{
+		p[ret++]=TLS_CT_ECDSA_SIGN;
+		}
+#endif	
 	return(ret);
 	}
 
-int ssl3_shutdown(s)
-SSL *s;
+int ssl3_shutdown(SSL *s)
 	{
 
 	/* Don't do anything much if we have not done the handshake or
@@ -825,7 +2144,7 @@ SSL *s;
 	else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN))
 		{
 		/* If we are waiting for a close from our peer, we are closed */
-		ssl3_read_bytes(s,0,NULL,0);
+		ssl3_read_bytes(s,0,NULL,0,0);
 		}
 
 	if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
@@ -835,13 +2154,9 @@ SSL *s;
 		return(0);
 	}
 
-int ssl3_write(s,buf,len)
-SSL *s;
-char *buf;
-int len;
+int ssl3_write(SSL *s, const void *buf, int len)
 	{
 	int ret,n;
-	BIO *under;
 
 #if 0
 	if (s->shutdown & SSL_SEND_SHUTDOWN)
@@ -864,7 +2179,7 @@ int len;
 		if (s->s3->delay_buf_pop_ret == 0)
 			{
 			ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
-				(char *)buf,len);
+					     buf,len);
 			if (ret <= 0) return(ret);
 
 			s->s3->delay_buf_pop_ret=ret;
@@ -875,43 +2190,40 @@ int len;
 		if (n <= 0) return(n);
 		s->rwstate=SSL_NOTHING;
 
-		/* We have flushed the buffer */
-		under=BIO_pop(s->wbio);
-		s->wbio=under;
-		BIO_free(s->bbio);
-		s->bbio=NULL;
+		/* We have flushed the buffer, so remove it */
+		ssl_free_wbio_buffer(s);
+		s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
+
 		ret=s->s3->delay_buf_pop_ret;
 		s->s3->delay_buf_pop_ret=0;
-
-		s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER;
 		}
 	else
 		{
 		ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA,
-			(char *)buf,len);
+				     buf,len);
 		if (ret <= 0) return(ret);
 		}
 
 	return(ret);
 	}
 
-int ssl3_read(s,buf,len)
-SSL *s;
-char *buf;
-int len;
+static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
 	{
 	int ret;
 	
 	clear_sys_error();
 	if (s->s3->renegotiate) ssl3_renegotiate_check(s);
 	s->s3->in_read_app_data=1;
-	ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
-	if ((ret == -1) && (s->s3->in_read_app_data == 0))
+	ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
+	if ((ret == -1) && (s->s3->in_read_app_data == 2))
 		{
-		ERR_get_error(); /* clear the error */
-		s->s3->in_read_app_data=0;
+		/* ssl3_read_bytes decided to call s->handshake_func, which
+		 * called ssl3_read_bytes to read handshake data.
+		 * However, ssl3_read_bytes actually found application data
+		 * and thinks that application data makes sense here; so disable
+		 * handshake processing and try to read application data again. */
 		s->in_handshake++;
-		ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len);
+		ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
 		s->in_handshake--;
 		}
 	else
@@ -920,33 +2232,17 @@ int len;
 	return(ret);
 	}
 
-int ssl3_peek(s,buf,len)
-SSL *s;
-char *buf;
-int len;
+int ssl3_read(SSL *s, void *buf, int len)
 	{
-	SSL3_RECORD *rr;
-	int n;
-
-	rr= &(s->s3->rrec);
-	if ((rr->length == 0) || (rr->type != SSL3_RT_APPLICATION_DATA))
-		{
-		n=ssl3_read(s,buf,1);
-		if (n <= 0) return(n);
-		rr->length++;
-		rr->off--;
-		}
+	return ssl3_read_internal(s, buf, len, 0);
+	}
 
-	if ((unsigned int)len > rr->length)
-		n=rr->length;
-	else
-		n=len;
-	memcpy(buf,&(rr->data[rr->off]),(unsigned int)n);
-	return(n);
+int ssl3_peek(SSL *s, void *buf, int len)
+	{
+	return ssl3_read_internal(s, buf, len, 1);
 	}
 
-int ssl3_renegotiate(s)
-SSL *s;
+int ssl3_renegotiate(SSL *s)
 	{
 	if (s->handshake_func == NULL)
 		return(1);
@@ -958,8 +2254,7 @@ SSL *s;
 	return(1);
 	}
 
-int ssl3_renegotiate_check(s)
-SSL *s;
+int ssl3_renegotiate_check(SSL *s)
 	{
 	int ret=0;
 
@@ -971,7 +2266,7 @@ SSL *s;
 			{
 /*
 if we are the server, and we have sent a 'RENEGOTIATE' message, we
-need to go to SSL_ST_ACCEPT.
+need to go to SSL_ST_ACCEPT.
 */
 			/* SSL_ST_ACCEPT */
 			s->state=SSL_ST_RENEGOTIATE;
@@ -984,4 +2279,3 @@ need to go to SSL_ST_ACCEPT.
 	return(ret);
 	}
 
-
diff --git a/ssl/s3_meth.c b/ssl/s3_meth.c
index 3d66b4643a..1fd7a96f87 100644
--- a/ssl/s3_meth.c
+++ b/ssl/s3_meth.c
@@ -57,11 +57,11 @@
  */
 
 #include <stdio.h>
-#include "objects.h"
+#include <openssl/objects.h>
 #include "ssl_locl.h"
 
-static SSL_METHOD *ssl3_get_method(ver)
-int ver;
+static SSL_METHOD *ssl3_get_method(int ver);
+static SSL_METHOD *ssl3_get_method(int ver)
 	{
 	if (ver == SSL3_VERSION)
 		return(SSLv3_method());
@@ -69,19 +69,26 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *SSLv3_method()
+SSL_METHOD *SSLv3_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD SSLv3_data;
 
 	if (init)
 		{
-		init=0;
-		memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(),
-			sizeof(SSL_METHOD));
-		SSLv3_data.ssl_connect=ssl3_connect;
-		SSLv3_data.ssl_accept=ssl3_accept;
-		SSLv3_data.get_ssl_method=ssl3_get_method;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+		
+		if (init)
+			{
+			memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(),
+				sizeof(SSL_METHOD));
+			SSLv3_data.ssl_connect=ssl3_connect;
+			SSLv3_data.ssl_accept=ssl3_accept;
+			SSLv3_data.get_ssl_method=ssl3_get_method;
+			init=0;
+			}
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv3_data);
 	}
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 444263b709..6ccea9aee5 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -55,162 +55,165 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
 #include <errno.h>
 #define USE_SOCKETS
-#include "evp.h"
-#include "buffer.h"
 #include "ssl_locl.h"
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
 
-/* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_BAD_RECORD_MAC);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_NO_CERTIFICATE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_BAD_CERTIFICATE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_DECRYPTION_FAILED);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_RECORD_OVERFLOW);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_UNKNOWN_CA);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_ACCESS_DENIED);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_DECODE_ERROR);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_DECRYPT_ERROR);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_EXPORT_RESTRICION);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_PROTOCOL_VERSION);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_INTERNAL_ERROR);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_USER_CANCLED);
- * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_TLSV1_ALERT_NO_RENEGOTIATION);
- */
-
-#ifndef NOPROTO
-static int do_ssl3_write(SSL *s, int type, char *buf, unsigned int len);
-static int ssl3_write_pending(SSL *s, int type, char *buf, unsigned int len);
+static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+			 unsigned int len, int create_empty_fragment);
+static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+			      unsigned int len);
 static int ssl3_get_record(SSL *s);
 static int do_compress(SSL *ssl);
 static int do_uncompress(SSL *ssl);
 static int do_change_cipher_spec(SSL *ssl);
-#else
-static int do_ssl3_write();
-static int ssl3_write_pending();
-static int ssl3_get_record();
-static int do_compress();
-static int do_uncompress();
-static int do_change_cipher_spec();
-#endif
 
-static int ssl3_read_n(s,n,max,extend)
-SSL *s;
-int n;
-int max;
-int extend;
+/* used only by ssl3_get_record */
+static int ssl3_read_n(SSL *s, int n, int max, int extend)
 	{
+	/* If extend == 0, obtain new n-byte packet; if extend == 1, increase
+	 * packet by another n bytes.
+	 * The packet will be in the sub-array of s->s3->rbuf.buf specified
+	 * by s->packet and s->packet_length.
+	 * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
+	 * [plus s->packet_length bytes if extend == 1].)
+	 */
 	int i,off,newb;
 
-	/* if there is stuff still in the buffer from a previous read,
-	 * and there is more than we want, take some. */
+	if (!extend)
+		{
+		/* start with empty packet ... */
+		if (s->s3->rbuf.left == 0)
+			s->s3->rbuf.offset = 0;
+		s->packet = s->s3->rbuf.buf + s->s3->rbuf.offset;
+		s->packet_length = 0;
+		/* ... now we can act as if 'extend' was set */
+		}
+
+	/* if there is enough in the buffer from a previous read, take some */
 	if (s->s3->rbuf.left >= (int)n)
 		{
-		if (extend)
-			s->packet_length+=n;
-		else
-			{
-			s->packet= &(s->s3->rbuf.buf[s->s3->rbuf.offset]);
-			s->packet_length=n;
-			}
+		s->packet_length+=n;
 		s->s3->rbuf.left-=n;
 		s->s3->rbuf.offset+=n;
 		return(n);
 		}
 
 	/* else we need to read more data */
-	if (!s->read_ahead) max=n;
-	if (max > SSL3_RT_MAX_PACKET_SIZE)
-		max=SSL3_RT_MAX_PACKET_SIZE;
-
-	/* First check if there is some left or we want to extend */
-	off=0;
-	if (	(s->s3->rbuf.left != 0) ||
-		((s->packet_length != 0) && extend))
-		{
-		newb=s->s3->rbuf.left;
-		if (extend)
-			{
-			/* Copy bytes back to the front of the buffer 
-			 * Take the bytes already pointed to by 'packet'
-			 * and take the extra ones on the end. */
-			off=s->packet_length;
-			if (s->packet != s->s3->rbuf.buf)
-				memcpy(s->s3->rbuf.buf,s->packet,newb+off);
-			}
-		else if (s->s3->rbuf.offset != 0)
-			{ /* so the data is not at the start of the buffer */
-			memcpy(s->s3->rbuf.buf,
-				&(s->s3->rbuf.buf[s->s3->rbuf.offset]),newb);
-			s->s3->rbuf.offset=0;
-			}
+	if (!s->read_ahead)
+		max=n;
 
-		s->s3->rbuf.left=0;
+	{
+		/* avoid buffer overflow */
+		int max_max = s->s3->rbuf.len - s->packet_length;
+		if (max > max_max)
+			max = max_max;
+	}
+	if (n > max) /* does not happen */
+		{
+		SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);
+		return -1;
 		}
-	else
-		newb=0;
 
-	/* So we now have 'newb' bytes at the front of 
-	 * s->s3->rbuf.buf and need to read some more in on the end
-	 * We start reading into the buffer at 's->s3->rbuf.offset'
-	 */
-	s->packet=s->s3->rbuf.buf;
+	off = s->packet_length;
+	newb = s->s3->rbuf.left;
+	/* Move any available bytes to front of buffer:
+	 * 'off' bytes already pointed to by 'packet',
+	 * 'newb' extra ones at the end */
+	if (s->packet != s->s3->rbuf.buf)
+		{
+		/*  off > 0 */
+		memmove(s->s3->rbuf.buf, s->packet, off+newb);
+		s->packet = s->s3->rbuf.buf;
+		}
 
 	while (newb < n)
 		{
+		/* Now we have off+newb bytes at the front of s->s3->rbuf.buf and need
+		 * to read in more until we have off+n (up to off+max if possible) */
+
 		clear_sys_error();
 		if (s->rbio != NULL)
 			{
 			s->rwstate=SSL_READING;
-			i=BIO_read(s->rbio,
-				(char *)&(s->s3->rbuf.buf[off+newb]),
-				max-newb);
+			i=BIO_read(s->rbio,	&(s->s3->rbuf.buf[off+newb]), max-newb);
 			}
 		else
 			{
 			SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET);
-			i= -1;
+			i = -1;
 			}
 
 		if (i <= 0)
 			{
-			s->s3->rbuf.left+=newb;
+			s->s3->rbuf.left = newb;
 			return(i);
 			}
 		newb+=i;
 		}
 
-	/* record used data read */
-	if (newb > n)
-		{
-		s->s3->rbuf.offset=n+off;
-		s->s3->rbuf.left=newb-n;
-		}
-	else
-		{
-		s->s3->rbuf.offset=0;
-		s->s3->rbuf.left=0;
-		}
-
-	if (extend)
-		s->packet_length+=n;
-	else
-		s->packet_length+=n;
+	/* done reading, now the book-keeping */
+	s->s3->rbuf.offset = off + n;
+	s->s3->rbuf.left = newb - n;
+	s->packet_length += n;
+	s->rwstate=SSL_NOTHING;
 	return(n);
 	}
 
@@ -218,40 +221,45 @@ int extend;
  * It will return <= 0 if more data is needed, normally due to an error
  * or non-blocking IO.
  * When it finishes, one packet has been decoded and can be found in
- * ssl->s3->rrec.type	- is the type of record
- * ssl->s3->rrec.data, 	- data
+ * ssl->s3->rrec.type    - is the type of record
+ * ssl->s3->rrec.data, 	 - data
  * ssl->s3->rrec.length, - number of bytes
  */
-static int ssl3_get_record(s)
-SSL *s;
+/* used only by ssl3_read_bytes */
+static int ssl3_get_record(SSL *s)
 	{
 	int ssl_major,ssl_minor,al;
-	int n,i,ret= -1;
-	SSL3_BUFFER *rb;
+	int enc_err,n,i,ret= -1;
 	SSL3_RECORD *rr;
 	SSL_SESSION *sess;
 	unsigned char *p;
 	unsigned char md[EVP_MAX_MD_SIZE];
 	short version;
 	unsigned int mac_size;
-	int clear=0,extra;
+	int clear=0;
+	size_t extra;
 
 	rr= &(s->s3->rrec);
-	rb= &(s->s3->rbuf);
 	sess=s->session;
 
 	if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
 		extra=SSL3_RT_MAX_EXTRA;
 	else
 		extra=0;
+	if (extra != s->s3->rbuf.len - SSL3_RT_MAX_PACKET_SIZE)
+		{
+		/* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
+		 * set after ssl3_setup_buffers() was done */
+		SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR);
+		return -1;
+		}
 
 again:
 	/* check if we have the header */
 	if (	(s->rstate != SSL_ST_READ_BODY) ||
 		(s->packet_length < SSL3_RT_HEADER_LENGTH)) 
 		{
-		n=ssl3_read_n(s,SSL3_RT_HEADER_LENGTH,
-			SSL3_RT_MAX_PACKET_SIZE,0);
+		n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0);
 		if (n <= 0) return(n); /* error or non-blocking */
 		s->rstate=SSL_ST_READ_BODY;
 
@@ -288,35 +296,33 @@ again:
 			goto err;
 			}
 
-		if (rr->length > 
-			(unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
+		if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
 			{
 			al=SSL_AD_RECORD_OVERFLOW;
 			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
 			goto f_err;
 			}
 
-		s->rstate=SSL_ST_READ_BODY;
+		/* now s->rstate == SSL_ST_READ_BODY */
 		}
 
-	/* get and decode the data */
-	if (s->rstate == SSL_ST_READ_BODY)
+	/* s->rstate == SSL_ST_READ_BODY, get and decode the data */
+
+	if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH)
 		{
-		if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH))
-			{
-			i=rr->length;
-			/*-(s->packet_length-SSL3_RT_HEADER_LENGTH); */
-			n=ssl3_read_n(s,i,i,1);
-			if (n <= 0) return(n); /* error or non-blocking io */
-			}
-		s->rstate=SSL_ST_READ_HEADER;
+		/* now s->packet_length == SSL3_RT_HEADER_LENGTH */
+		i=rr->length;
+		n=ssl3_read_n(s,i,i,1);
+		if (n <= 0) return(n); /* error or non-blocking io */
+		/* now n == rr->length,
+		 * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */
 		}
 
-	/* At this point, we have the data in s->packet and there should be
-	 * s->packet_length bytes, we must not 'overrun' this buffer :-)
-	 * One of the following functions will copy the data from the
-	 * s->packet buffer */
+	s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */
 
+	/* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
+	 * and we have that many bytes in s->packet
+	 */
 	rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]);
 
 	/* ok, we can now read from 's->packet' data into 'rr'
@@ -326,14 +332,11 @@ again:
 	 * When the data is 'copied' into the rr->data buffer,
 	 * rr->input will be pointed at the new buffer */ 
 
-	/* Set the state for the following operations */
-	s->rstate=SSL_ST_READ_HEADER;
-
 	/* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
 	 * rr->length bytes of encrypted compressed stuff. */
 
-	/* check is not needed I belive */
-	if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
+	/* check is not needed I believe */
+	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
 		{
 		al=SSL_AD_RECORD_OVERFLOW;
 		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
@@ -343,16 +346,23 @@ again:
 	/* decrypt in place in 'rr->input' */
 	rr->data=rr->input;
 
-	if (!s->method->ssl3_enc->enc(s,0))
+	enc_err = s->method->ssl3_enc->enc(s,0);
+	if (enc_err <= 0)
 		{
-		al=SSL_AD_DECRYPT_ERROR;
-		goto f_err;
+		if (enc_err == 0)
+			/* SSLerr() and ssl3_send_alert() have been called */
+			goto err;
+
+		/* otherwise enc_err == -1 */
+		goto decryption_failed_or_bad_record_mac;
 		}
+
 #ifdef TLS_DEBUG
 printf("dec %d\n",rr->length);
 { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
 printf("\n");
 #endif
+
 	/* r->length is now the compressed data plus mac */
 	if (	(sess == NULL) ||
 		(s->enc_read_ctx == NULL) ||
@@ -365,33 +375,37 @@ printf("\n");
 
 		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
 			{
+#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
 			al=SSL_AD_RECORD_OVERFLOW;
 			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
 			goto f_err;
+#else
+			goto decryption_failed_or_bad_record_mac;
+#endif			
 			}
-		/* check MAC for rr->input' */
+		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
 		if (rr->length < mac_size)
 			{
+#if 0 /* OK only for stream ciphers */
 			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
 			goto f_err;
+#else
+			goto decryption_failed_or_bad_record_mac;
+#endif
 			}
 		rr->length-=mac_size;
 		i=s->method->ssl3_enc->mac(s,md,0);
 		if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
 			{
-			al=SSL_AD_BAD_RECORD_MAC;
-			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_MAC_DECODE);
-			ret= -1;
-			goto f_err;
+			goto decryption_failed_or_bad_record_mac;
 			}
 		}
 
 	/* r->length is now just compressed */
 	if (s->expand != NULL)
 		{
-		if (rr->length > 
-			(unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
+		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
 			{
 			al=SSL_AD_RECORD_OVERFLOW;
 			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
@@ -405,7 +419,7 @@ printf("\n");
 			}
 		}
 
-	if (rr->length > (unsigned int)SSL3_RT_MAX_PLAIN_LENGTH+extra)
+	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra)
 		{
 		al=SSL_AD_RECORD_OVERFLOW;
 		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
@@ -428,14 +442,22 @@ printf("\n");
 	if (rr->length == 0) goto again;
 
 	return(1);
+
+decryption_failed_or_bad_record_mac:
+	/* Separate 'decryption_failed' alert was introduced with TLS 1.0,
+	 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
+	 * failure is directly visible from the ciphertext anyway,
+	 * we should not reveal which kind of error occured -- this
+	 * might become visible to an attacker (e.g. via logfile) */
+	al=SSL_AD_BAD_RECORD_MAC;
+	SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
 f_err:
 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
 err:
 	return(ret);
 	}
 
-static int do_uncompress(ssl)
-SSL *ssl;
+static int do_uncompress(SSL *ssl)
 	{
 	int i;
 	SSL3_RECORD *rr;
@@ -452,8 +474,7 @@ SSL *ssl;
 	return(1);
 	}
 
-static int do_compress(ssl)
-SSL *ssl;
+static int do_compress(SSL *ssl)
 	{
 	int i;
 	SSL3_RECORD *wr;
@@ -471,15 +492,12 @@ SSL *ssl;
 	return(1);
 	}
 
-/* Call this to write data
+/* Call this to write data in records of type 'type'
  * It will return <= 0 if not all data has been sent or non-blocking IO.
  */
-int ssl3_write_bytes(s,type,buf,len)
-SSL *s;
-int type;
-char *buf;
-int len;
+int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
 	{
+	const unsigned char *buf=buf_;
 	unsigned int tot,n,nw;
 	int i;
 
@@ -494,7 +512,7 @@ int len;
 		if (i == 0)
 			{
 			SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
-			return(-1);
+			return -1;
 			}
 		}
 
@@ -505,37 +523,41 @@ int len;
 			nw=SSL3_RT_MAX_PLAIN_LENGTH;
 		else
 			nw=n;
-			
-		i=do_ssl3_write(s,type,&(buf[tot]),nw);
+
+		i=do_ssl3_write(s, type, &(buf[tot]), nw, 0);
 		if (i <= 0)
 			{
 			s->s3->wnum=tot;
-			return(i);
+			return i;
 			}
 
-		if (type == SSL3_RT_HANDSHAKE)
-			ssl3_finish_mac(s,(unsigned char *)&(buf[tot]),i);
-
-		if (i == (int)n) return(tot+i);
+		if ((i == (int)n) ||
+			(type == SSL3_RT_APPLICATION_DATA &&
+			 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
+			{
+			/* next chunk of data should get another prepended empty fragment
+			 * in ciphersuites with known-IV weakness: */
+			s->s3->empty_fragment_done = 0;
+			
+			return tot+i;
+			}
 
 		n-=i;
 		tot+=i;
 		}
 	}
 
-static int do_ssl3_write(s,type,buf,len)
-SSL *s;
-int type;
-char *buf;
-unsigned int len;
+static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+			 unsigned int len, int create_empty_fragment)
 	{
 	unsigned char *p,*plen;
 	int i,mac_size,clear=0;
+	int prefix_len = 0;
 	SSL3_RECORD *wr;
 	SSL3_BUFFER *wb;
 	SSL_SESSION *sess;
 
-	/* first check is there is a SSL3_RECORD still being written
+	/* first check if there is a SSL3_BUFFER still being written
 	 * out.  This will happen with non blocking IO */
 	if (s->s3->wbuf.left != 0)
 		return(ssl3_write_pending(s,type,buf,len));
@@ -549,8 +571,9 @@ unsigned int len;
 		/* if it went, fall through and send more stuff */
 		}
 
-	if (len <= 0) return(len);
-	
+	if (len == 0 && !create_empty_fragment)
+		return 0;
+
 	wr= &(s->s3->wrec);
 	wb= &(s->s3->wbuf);
 	sess=s->session;
@@ -565,19 +588,47 @@ unsigned int len;
 	else
 		mac_size=EVP_MD_size(s->write_hash);
 
-	p=wb->buf;
+	/* 'create_empty_fragment' is true only when this function calls itself */
+	if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done)
+		{
+		/* countermeasure against known-IV weakness in CBC ciphersuites
+		 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+
+		if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)
+			{
+			/* recursive function call with 'create_empty_fragment' set;
+			 * this prepares and buffers the data for an empty fragment
+			 * (these 'prefix_len' bytes are sent out later
+			 * together with the actual payload) */
+			prefix_len = do_ssl3_write(s, type, buf, 0, 1);
+			if (prefix_len <= 0)
+				goto err;
+
+			if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
+				{
+				/* insufficient space */
+				SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR);
+				goto err;
+				}
+			}
+		
+		s->s3->empty_fragment_done = 1;
+		}
+
+	p = wb->buf + prefix_len;
 
 	/* write the header */
+
 	*(p++)=type&0xff;
 	wr->type=type;
 
 	*(p++)=(s->version>>8);
 	*(p++)=s->version&0xff;
-	
-	/* record where we are to write out packet length */
+
+	/* field where we are to write out packet length */
 	plen=p; 
 	p+=2;
-	
+
 	/* lets setup the record stuff. */
 	wr->data=p;
 	wr->length=(int)len;
@@ -625,32 +676,40 @@ unsigned int len;
 	wr->type=type; /* not needed but helps for debugging */
 	wr->length+=SSL3_RT_HEADER_LENGTH;
 
-	/* Now lets setup wb */
-	wb->left=wr->length;
-	wb->offset=0;
+	if (create_empty_fragment)
+		{
+		/* we are in a recursive call;
+		 * just return the length, don't write out anything here
+		 */
+		return wr->length;
+		}
+
+	/* now let's set up wb */
+	wb->left = prefix_len + wr->length;
+	wb->offset = 0;
 
+	/* memorize arguments so that ssl3_write_pending can detect bad write retries later */
 	s->s3->wpend_tot=len;
 	s->s3->wpend_buf=buf;
 	s->s3->wpend_type=type;
 	s->s3->wpend_ret=len;
 
 	/* we now just need to write the buffer */
-	return(ssl3_write_pending(s,type,buf,len));
+	return ssl3_write_pending(s,type,buf,len);
 err:
-	return(-1);
+	return -1;
 	}
 
 /* if s->s3->wbuf.left != 0, we need to call this */
-static int ssl3_write_pending(s,type,buf,len)
-SSL *s;
-int type;
-char *buf;
-unsigned int len;
+static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+			      unsigned int len)
 	{
 	int i;
 
 /* XXXX */
-	if ((s->s3->wpend_tot > (int)len) || (s->s3->wpend_buf != buf)
+	if ((s->s3->wpend_tot > (int)len)
+		|| ((s->s3->wpend_buf != buf) &&
+			!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER))
 		|| (s->s3->wpend_type != type))
 		{
 		SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY);
@@ -685,23 +744,77 @@ unsigned int len;
 		}
 	}
 
-int ssl3_read_bytes(s,type,buf,len)
-SSL *s;
-int type;
-char *buf;
-int len;
+/* Return up to 'len' payload bytes received in 'type' records.
+ * 'type' is one of the following:
+ *
+ *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
+ *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
+ *   -  0 (during a shutdown, no data has to be returned)
+ *
+ * If we don't have stored data to work from, read a SSL/TLS record first
+ * (possibly multiple records if we still don't have anything to return).
+ *
+ * This function must handle any surprises the peer may have for us, such as
+ * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
+ * a surprise, but handled as if it were), or renegotiation requests.
+ * Also if record payloads contain fragments too small to process, we store
+ * them until there is enough for the respective protocol (the record protocol
+ * may use arbitrary fragmentation and even interleaving):
+ *     Change cipher spec protocol
+ *             just 1 byte needed, no need for keeping anything stored
+ *     Alert protocol
+ *             2 bytes needed (AlertLevel, AlertDescription)
+ *     Handshake protocol
+ *             4 bytes needed (HandshakeType, uint24 length) -- we just have
+ *             to detect unexpected Client Hello and Hello Request messages
+ *             here, anything else is handled by higher layers
+ *     Application data protocol
+ *             none of our business
+ */
+int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 	{
-	int al,i,j,n,ret;
+	int al,i,j,ret;
+	unsigned int n;
 	SSL3_RECORD *rr;
-	void (*cb)()=NULL;
-	BIO *bio;
+	void (*cb)(const SSL *ssl,int type2,int val)=NULL;
 
-	if (s->s3->rbuf.buf == NULL) /* Not initalised yet */
+	if (s->s3->rbuf.buf == NULL) /* Not initialized yet */
 		if (!ssl3_setup_buffers(s))
 			return(-1);
 
+	if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) ||
+	    (peek && (type != SSL3_RT_APPLICATION_DATA)))
+		{
+		SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR);
+		return -1;
+		}
+
+	if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0))
+		/* (partially) satisfy request from storage */
+		{
+		unsigned char *src = s->s3->handshake_fragment;
+		unsigned char *dst = buf;
+		unsigned int k;
+
+		/* peek == 0 */
+		n = 0;
+		while ((len > 0) && (s->s3->handshake_fragment_len > 0))
+			{
+			*dst++ = *src++;
+			len--; s->s3->handshake_fragment_len--;
+			n++;
+			}
+		/* move any remaining fragment bytes: */
+		for (k = 0; k < s->s3->handshake_fragment_len; k++)
+			s->s3->handshake_fragment[k] = *src++;
+		return n;
+	}
+
+	/* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
+
 	if (!s->in_handshake && SSL_in_init(s))
 		{
+		/* type == SSL3_RT_APPLICATION_DATA */
 		i=s->handshake_func(s);
 		if (i < 0) return(i);
 		if (i == 0)
@@ -713,13 +826,13 @@ int len;
 start:
 	s->rwstate=SSL_NOTHING;
 
-	/* s->s3->rrec.type	- is the type of record
-	 * s->s3->rrec.data, 	- data
-	 * s->s3->rrec.off, 	- ofset into 'data' for next read
-	 * s->s3->rrec.length,	- number of bytes. */
-	rr= &(s->s3->rrec);
+	/* s->s3->rrec.type	    - is the type of record
+	 * s->s3->rrec.data,    - data
+	 * s->s3->rrec.off,     - offset into 'data' for next read
+	 * s->s3->rrec.length,  - number of bytes. */
+	rr = &(s->s3->rrec);
 
-	/* get new packet */
+	/* get new packet if necessary */
 	if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY))
 		{
 		ret=ssl3_get_record(s);
@@ -728,14 +841,17 @@ start:
 
 	/* we now have a packet which can be read and processed */
 
-	if (s->s3->change_cipher_spec && (rr->type != SSL3_RT_HANDSHAKE))
+	if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
+	                               * reset by ssl3_get_finished */
+		&& (rr->type != SSL3_RT_HANDSHAKE))
 		{
 		al=SSL_AD_UNEXPECTED_MESSAGE;
 		SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
 		goto err;
 		}
 
-	/* If the other end has shutdown, throw anything we read away */
+	/* If the other end has shut down, throw anything we read away
+	 * (even in 'peek' mode) */
 	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
 		{
 		rr->length=0;
@@ -743,19 +859,107 @@ start:
 		return(0);
 		}
 
-	/* Check for an incoming 'Client Request' message */
-	if ((rr->type == SSL3_RT_HANDSHAKE) && (rr->length == 4) &&
-		(rr->data[0] == SSL3_MT_CLIENT_REQUEST) &&
+
+	if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
+		{
+		/* make sure that we are not getting application data when we
+		 * are doing a handshake for the first time */
+		if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
+			(s->enc_read_ctx == NULL))
+			{
+			al=SSL_AD_UNEXPECTED_MESSAGE;
+			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
+			goto f_err;
+			}
+
+		if (len <= 0) return(len);
+
+		if ((unsigned int)len > rr->length)
+			n = rr->length;
+		else
+			n = (unsigned int)len;
+
+		memcpy(buf,&(rr->data[rr->off]),n);
+		if (!peek)
+			{
+			rr->length-=n;
+			rr->off+=n;
+			if (rr->length == 0)
+				{
+				s->rstate=SSL_ST_READ_HEADER;
+				rr->off=0;
+				}
+			}
+		return(n);
+		}
+
+
+	/* If we get here, then type != rr->type; if we have a handshake
+	 * message, then it was unexpected (Hello Request or Client Hello). */
+
+	/* In case of record types for which we have 'fragment' storage,
+	 * fill that so that we can process the data at a fixed place.
+	 */
+		{
+		unsigned int dest_maxlen = 0;
+		unsigned char *dest = NULL;
+		unsigned int *dest_len = NULL;
+
+		if (rr->type == SSL3_RT_HANDSHAKE)
+			{
+			dest_maxlen = sizeof s->s3->handshake_fragment;
+			dest = s->s3->handshake_fragment;
+			dest_len = &s->s3->handshake_fragment_len;
+			}
+		else if (rr->type == SSL3_RT_ALERT)
+			{
+			dest_maxlen = sizeof s->s3->alert_fragment;
+			dest = s->s3->alert_fragment;
+			dest_len = &s->s3->alert_fragment_len;
+			}
+
+		if (dest_maxlen > 0)
+			{
+			n = dest_maxlen - *dest_len; /* available space in 'dest' */
+			if (rr->length < n)
+				n = rr->length; /* available bytes */
+
+			/* now move 'n' bytes: */
+			while (n-- > 0)
+				{
+				dest[(*dest_len)++] = rr->data[rr->off++];
+				rr->length--;
+				}
+
+			if (*dest_len < dest_maxlen)
+				goto start; /* fragment was too small */
+			}
+		}
+
+	/* s->s3->handshake_fragment_len == 4  iff  rr->type == SSL3_RT_HANDSHAKE;
+	 * s->s3->alert_fragment_len == 2      iff  rr->type == SSL3_RT_ALERT.
+	 * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */
+
+	/* If we are a client, check for an incoming 'Hello Request': */
+	if ((!s->server) &&
+		(s->s3->handshake_fragment_len >= 4) &&
+		(s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) &&
 		(s->session != NULL) && (s->session->cipher != NULL))
 		{
-		if ((rr->data[1] != 0) || (rr->data[2] != 0) ||
-			(rr->data[3] != 0))
+		s->s3->handshake_fragment_len = 0;
+
+		if ((s->s3->handshake_fragment[1] != 0) ||
+			(s->s3->handshake_fragment[2] != 0) ||
+			(s->s3->handshake_fragment[3] != 0))
 			{
 			al=SSL_AD_DECODE_ERROR;
-			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CLIENT_REQUEST);
+			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
 			goto err;
 			}
 
+		if (s->msg_callback)
+			s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
+
 		if (SSL_is_init_finished(s) &&
 			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
 			!s->s3->renegotiate)
@@ -763,229 +967,231 @@ start:
 			ssl3_renegotiate(s);
 			if (ssl3_renegotiate_check(s))
 				{
-				n=s->handshake_func(s);
-				if (n < 0) return(n);
-				if (n == 0)
+				i=s->handshake_func(s);
+				if (i < 0) return(i);
+				if (i == 0)
 					{
 					SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
 					return(-1);
 					}
+
+				if (!(s->mode & SSL_MODE_AUTO_RETRY))
+					{
+					if (s->s3->rbuf.left == 0) /* no read-ahead left? */
+						{
+						BIO *bio;
+						/* In the case where we try to read application data,
+						 * but we trigger an SSL handshake, we return -1 with
+						 * the retry option set.  Otherwise renegotiation may
+						 * cause nasty problems in the blocking world */
+						s->rwstate=SSL_READING;
+						bio=SSL_get_rbio(s);
+						BIO_clear_retry_flags(bio);
+						BIO_set_retry_read(bio);
+						return(-1);
+						}
+					}
 				}
 			}
-		rr->length=0;
-/* ZZZ */	goto start;
+		/* we either finished a handshake or ignored the request,
+		 * now try again to obtain the (application) data we were asked for */
+		goto start;
 		}
 
-	/* if it is not the type we want, or we have shutdown and want
-	 * the peer shutdown */
-	if ((rr->type != type) || (s->shutdown & SSL_SENT_SHUTDOWN))
+	if (s->s3->alert_fragment_len >= 2)
 		{
-		if (rr->type == SSL3_RT_ALERT)
-			{
-			if ((rr->length != 2) || (rr->off != 0))
-				{
-				al=SSL_AD_DECODE_ERROR;
-				SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_ALERT_RECORD);
-				goto f_err;
-				}
+		int alert_level = s->s3->alert_fragment[0];
+		int alert_descr = s->s3->alert_fragment[1];
 
-			i=rr->data[0];
-			n=rr->data[1];
+		s->s3->alert_fragment_len = 0;
 
-			/* clear from buffer */
-			rr->length=0;
+		if (s->msg_callback)
+			s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg);
 
-			if (s->info_callback != NULL)
-				cb=s->info_callback;
-			else if (s->ctx->info_callback != NULL)
-				cb=s->ctx->info_callback;
+		if (s->info_callback != NULL)
+			cb=s->info_callback;
+		else if (s->ctx->info_callback != NULL)
+			cb=s->ctx->info_callback;
 
-			if (cb != NULL)
-				{
-				j=(i<<8)|n;
-				cb(s,SSL_CB_READ_ALERT,j);
-				}
+		if (cb != NULL)
+			{
+			j = (alert_level << 8) | alert_descr;
+			cb(s, SSL_CB_READ_ALERT, j);
+			}
 
-			if (i == 1)
-				{
-				s->s3->warn_alert=n;
-				if (n == SSL_AD_CLOSE_NOTIFY)
-					{
-					s->shutdown|=SSL_RECEIVED_SHUTDOWN;
-					return(0);
-					}
-				}
-			else if (i == 2)
+		if (alert_level == 1) /* warning */
+			{
+			s->s3->warn_alert = alert_descr;
+			if (alert_descr == SSL_AD_CLOSE_NOTIFY)
 				{
-				char tmp[16];
-
-				s->rwstate=SSL_NOTHING;
-				s->s3->fatal_alert=n;
-				SSLerr(SSL_F_SSL3_READ_BYTES,
-					SSL_AD_REASON_OFFSET+n);
-				sprintf(tmp,"%d",n);
-				ERR_add_error_data(2,"SSL alert number ",tmp);
-				s->shutdown|=SSL_RECEIVED_SHUTDOWN;
-				SSL_CTX_remove_session(s->ctx,s->session);
+				s->shutdown |= SSL_RECEIVED_SHUTDOWN;
 				return(0);
 				}
-			else
-				{
-				al=SSL_AD_ILLEGAL_PARAMETER;
-				SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
-				goto f_err;
-				}
-
-			rr->length=0;
-			goto start;
 			}
-
-		if (s->shutdown & SSL_SENT_SHUTDOWN)
+		else if (alert_level == 2) /* fatal */
 			{
+			char tmp[16];
+
 			s->rwstate=SSL_NOTHING;
-			rr->length=0;
+			s->s3->fatal_alert = alert_descr;
+			SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr);
+			BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr);
+			ERR_add_error_data(2,"SSL alert number ",tmp);
+			s->shutdown|=SSL_RECEIVED_SHUTDOWN;
+			SSL_CTX_remove_session(s->ctx,s->session);
 			return(0);
 			}
-
-		if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
+		else
 			{
-			if (	(rr->length != 1) || (rr->off != 0) ||
-				(rr->data[0] != SSL3_MT_CCS))
-				{
-				i=SSL_AD_ILLEGAL_PARAMETER;
-				SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
-				goto err;
-				}
-
-			rr->length=0;
-			s->s3->change_cipher_spec=1;
-			if (!do_change_cipher_spec(s))
-				goto err;
-			else
-				goto start;
+			al=SSL_AD_ILLEGAL_PARAMETER;
+			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE);
+			goto f_err;
 			}
 
-		/* else we have a handshake */
-		if ((rr->type == SSL3_RT_HANDSHAKE) &&
-			!s->in_handshake)
+		goto start;
+		}
+
+	if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */
+		{
+		s->rwstate=SSL_NOTHING;
+		rr->length=0;
+		return(0);
+		}
+
+	if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
+		{
+		/* 'Change Cipher Spec' is just a single byte, so we know
+		 * exactly what the record payload has to look like */
+		if (	(rr->length != 1) || (rr->off != 0) ||
+			(rr->data[0] != SSL3_MT_CCS))
 			{
-			if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
-				!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
-				{
-				s->state=SSL_ST_BEFORE;
-				s->new_session=1;
-				}
-			n=s->handshake_func(s);
-			if (n < 0) return(n);
-			if (n == 0)
-				{
-				SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
-				return(-1);
-				}
+			i=SSL_AD_ILLEGAL_PARAMETER;
+			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
+			goto err;
+			}
 
-			/* In the case where we try to read application data
-			 * the first time, but we trigger an SSL handshake, we
-			 * return -1 with the retry option set.  I do this
-			 * otherwise renegotiation can cause nasty problems 
-			 * in the non-blocking world */
+		rr->length=0;
 
-			s->rwstate=SSL_READING;
-			bio=SSL_get_rbio(s);
-			BIO_clear_retry_flags(bio);
-			BIO_set_retry_read(bio);
+		if (s->msg_callback)
+			s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg);
+
+		s->s3->change_cipher_spec=1;
+		if (!do_change_cipher_spec(s))
+			goto err;
+		else
+			goto start;
+		}
+
+	/* Unexpected handshake message (Client Hello, or protocol violation) */
+	if ((s->s3->handshake_fragment_len >= 4) &&	!s->in_handshake)
+		{
+		if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
+			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
+			{
+#if 0 /* worked only because C operator preferences are not as expected (and
+       * because this is not really needed for clients except for detecting
+       * protocol violations): */
+			s->state=SSL_ST_BEFORE|(s->server)
+				?SSL_ST_ACCEPT
+				:SSL_ST_CONNECT;
+#else
+			s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
+#endif
+			s->new_session=1;
+			}
+		i=s->handshake_func(s);
+		if (i < 0) return(i);
+		if (i == 0)
+			{
+			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
 			return(-1);
 			}
 
-		switch (rr->type)
+		if (!(s->mode & SSL_MODE_AUTO_RETRY))
 			{
-		default:
-#ifndef NO_TLS
-			/* TLS just ignores unknown message types */
-			if (s->version == TLS1_VERSION)
+			if (s->s3->rbuf.left == 0) /* no read-ahead left? */
 				{
-				goto start;
-				}
-#endif
-		case SSL3_RT_CHANGE_CIPHER_SPEC:
-		case SSL3_RT_ALERT:
-		case SSL3_RT_HANDSHAKE:
-			al=SSL_AD_UNEXPECTED_MESSAGE;
-			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
-			goto f_err;
-		case SSL3_RT_APPLICATION_DATA:
-			/* At this point, we were expecting something else,
-			 * but have application data.  What we do is set the
-			 * error, and return -1.  On the way out, if the
-			 * library was running inside ssl3_read() and it makes
-			 * sense to read application data at this point, we
-			 * will indulge it.  This will mostly happen during
-			 * session renegotiation.
-			 */
-			if (s->s3->in_read_app_data &&
-				(s->s3->total_renegotiations != 0) &&
-				((
-				  (s->state & SSL_ST_CONNECT) &&
-				  (s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
-				  (s->state <= SSL3_ST_CR_SRVR_HELLO_A)
-				 ) || (
-				  (s->state & SSL_ST_ACCEPT) &&
-				  (s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
-				  (s->state >= SSL3_ST_SR_CLNT_HELLO_A)
-				 )
-				))
-				{
-				s->s3->in_read_app_data=0;
+				BIO *bio;
+				/* In the case where we try to read application data,
+				 * but we trigger an SSL handshake, we return -1 with
+				 * the retry option set.  Otherwise renegotiation may
+				 * cause nasty problems in the blocking world */
+				s->rwstate=SSL_READING;
+				bio=SSL_get_rbio(s);
+				BIO_clear_retry_flags(bio);
+				BIO_set_retry_read(bio);
 				return(-1);
 				}
-			else
-				{
-				al=SSL_AD_UNEXPECTED_MESSAGE;
-				SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
-				goto f_err;
-				}
 			}
+		goto start;
 		}
 
-	/* make sure that we are not getting application data when we
-	 * are doing a handshake for the first time */
-	if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
-		(s->enc_read_ctx == NULL))
+	switch (rr->type)
 		{
+	default:
+#ifndef OPENSSL_NO_TLS
+		/* TLS just ignores unknown message types */
+		if (s->version == TLS1_VERSION)
+			{
+			rr->length = 0;
+			goto start;
+			}
+#endif
 		al=SSL_AD_UNEXPECTED_MESSAGE;
-		SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE);
+		SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
 		goto f_err;
+	case SSL3_RT_CHANGE_CIPHER_SPEC:
+	case SSL3_RT_ALERT:
+	case SSL3_RT_HANDSHAKE:
+		/* we already handled all of these, with the possible exception
+		 * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that
+		 * should not happen when type != rr->type */
+		al=SSL_AD_UNEXPECTED_MESSAGE;
+		SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR);
+		goto f_err;
+	case SSL3_RT_APPLICATION_DATA:
+		/* At this point, we were expecting handshake data,
+		 * but have application data.  If the library was
+		 * running inside ssl3_read() (i.e. in_read_app_data
+		 * is set) and it makes sense to read application data
+		 * at this point (session renegotiation not yet started),
+		 * we will indulge it.
+		 */
+		if (s->s3->in_read_app_data &&
+			(s->s3->total_renegotiations != 0) &&
+			((
+				(s->state & SSL_ST_CONNECT) &&
+				(s->state >= SSL3_ST_CW_CLNT_HELLO_A) &&
+				(s->state <= SSL3_ST_CR_SRVR_HELLO_A)
+				) || (
+					(s->state & SSL_ST_ACCEPT) &&
+					(s->state <= SSL3_ST_SW_HELLO_REQ_A) &&
+					(s->state >= SSL3_ST_SR_CLNT_HELLO_A)
+					)
+				))
+			{
+			s->s3->in_read_app_data=2;
+			return(-1);
+			}
+		else
+			{
+			al=SSL_AD_UNEXPECTED_MESSAGE;
+			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD);
+			goto f_err;
+			}
 		}
+	/* not reached */
 
-	if (len <= 0) return(len);
-
-	if ((unsigned int)len > rr->length)
-		n=rr->length;
-	else
-		n=len;
-
-	memcpy(buf,&(rr->data[rr->off]),(unsigned int)n);
-	rr->length-=n;
-	rr->off+=n;
-	if (rr->length <= 0)
-		{
-		s->rstate=SSL_ST_READ_HEADER;
-		rr->off=0;
-		}
-
-	if (type == SSL3_RT_HANDSHAKE)
-		ssl3_finish_mac(s,(unsigned char *)buf,n);
-	return(n);
 f_err:
 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
 err:
 	return(-1);
 	}
 
-static int do_change_cipher_spec(s)
-SSL *s;
+static int do_change_cipher_spec(SSL *s)
 	{
 	int i;
-	unsigned char *sender;
+	const char *sender;
 	int slen;
 
 	if (s->state & SSL_ST_ACCEPT)
@@ -1007,46 +1213,29 @@ SSL *s;
 	 * the finished message */
 	if (s->state & SSL_ST_CONNECT)
 		{
-		sender=s->method->ssl3_enc->server_finished;
-		slen=s->method->ssl3_enc->server_finished_len;
+		sender=s->method->ssl3_enc->server_finished_label;
+		slen=s->method->ssl3_enc->server_finished_label_len;
 		}
 	else
 		{
-		sender=s->method->ssl3_enc->client_finished;
-		slen=s->method->ssl3_enc->client_finished_len;
+		sender=s->method->ssl3_enc->client_finished_label;
+		slen=s->method->ssl3_enc->client_finished_label_len;
 		}
 
-	s->method->ssl3_enc->final_finish_mac(s,
+	s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
 		&(s->s3->finish_dgst1),
 		&(s->s3->finish_dgst2),
-		sender,slen,&(s->s3->tmp.finish_md[0]));
+		sender,slen,s->s3->tmp.peer_finish_md);
 
 	return(1);
 	}
 
-int ssl3_do_write(s,type)
-SSL *s;
-int type;
-	{
-	int ret;
-
-	ret=ssl3_write_bytes(s,type,(char *)
-		&(s->init_buf->data[s->init_off]),s->init_num);
-	if (ret == s->init_num)
-		return(1);
-	if (ret < 0) return(-1);
-	s->init_off+=ret;
-	s->init_num-=ret;
-	return(0);
-	}
-
-void ssl3_send_alert(s,level,desc)
-SSL *s;
-int level;
-int desc;
+void ssl3_send_alert(SSL *s, int level, int desc)
 	{
 	/* Map tls/ssl alert value to correct one */
 	desc=s->method->ssl3_enc->alert_value(desc);
+	if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
+		desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
 	if (desc < 0) return;
 	/* If a fatal one, remove from cache */
 	if ((level == 2) && (s->session != NULL))
@@ -1055,37 +1244,39 @@ int desc;
 	s->s3->alert_dispatch=1;
 	s->s3->send_alert[0]=level;
 	s->s3->send_alert[1]=desc;
-	if (s->s3->wbuf.left == 0) /* data still being written out */
+	if (s->s3->wbuf.left == 0) /* data still being written out? */
 		ssl3_dispatch_alert(s);
 	/* else data is still being written out, we will get written
 	 * some time in the future */
 	}
 
-int ssl3_dispatch_alert(s)
-SSL *s;
+int ssl3_dispatch_alert(SSL *s)
 	{
 	int i,j;
-	void (*cb)()=NULL;
+	void (*cb)(const SSL *ssl,int type,int val)=NULL;
 
 	s->s3->alert_dispatch=0;
-	i=do_ssl3_write(s,SSL3_RT_ALERT,&(s->s3->send_alert[0]),2);
+	i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
 	if (i <= 0)
 		{
 		s->s3->alert_dispatch=1;
 		}
 	else
 		{
-		/* If it is important, send it now.  If the message
-		 * does not get sent due to non-blocking IO, we will
-		 * not worry too much. */
+		/* Alert sent to BIO.  If it is important, flush it now.
+		 * If the message does not get sent due to non-blocking IO,
+		 * we will not worry too much. */
 		if (s->s3->send_alert[0] == SSL3_AL_FATAL)
-			BIO_flush(s->wbio);
+			(void)BIO_flush(s->wbio);
+
+		if (s->msg_callback)
+			s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg);
 
 		if (s->info_callback != NULL)
 			cb=s->info_callback;
 		else if (s->ctx->info_callback != NULL)
 			cb=s->ctx->info_callback;
-		
+
 		if (cb != NULL)
 			{
 			j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1];
@@ -1094,4 +1285,3 @@ SSL *s;
 		}
 	return(i);
 	}
-
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 743f8ea235..3db3e78d5e 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -55,52 +55,105 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
 
 #define REUSE_CIPHER_BUG
+#define NETSCAPE_HANG_BUG
 
 #include <stdio.h>
-#include "buffer.h"
-#include "rand.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
 #include "ssl_locl.h"
-
-#define BREAK	break
-/* SSLerr(SSL_F_SSL3_ACCEPT,ERR_R_MALLOC_FAILURE);
- * SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE);
- * SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
- * SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_MALLOC_FAILURE);
- * SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
- */
-
-#ifndef NOPROTO
+#include "kssl_lcl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/krb5_asn.h>
+#include <openssl/md5.h>
+#include "cryptlib.h"
+
+static SSL_METHOD *ssl3_get_server_method(int ver);
 static int ssl3_get_client_hello(SSL *s);
+static int ssl3_check_client_hello(SSL *s);
 static int ssl3_send_server_hello(SSL *s);
 static int ssl3_send_server_key_exchange(SSL *s);
 static int ssl3_send_certificate_request(SSL *s);
 static int ssl3_send_server_done(SSL *s);
-static int ssl3_get_cert_verify(SSL *s);
 static int ssl3_get_client_key_exchange(SSL *s);
 static int ssl3_get_client_certificate(SSL *s);
+static int ssl3_get_cert_verify(SSL *s);
 static int ssl3_send_hello_request(SSL *s);
 
-#else
-
-static int ssl3_get_client_hello();
-static int ssl3_send_server_hello();
-static int ssl3_send_server_key_exchange();
-static int ssl3_send_certificate_request();
-static int ssl3_send_server_done();
-static int ssl3_get_cert_verify();
-static int ssl3_get_client_key_exchange();
-static int ssl3_get_client_certificate();
-static int ssl3_send_hello_request();
-
+#ifndef OPENSSL_NO_ECDH
+static int nid2curve_id(int nid);
 #endif
 
-static SSL_METHOD *ssl3_get_server_method(ver)
-int ver;
+static SSL_METHOD *ssl3_get_server_method(int ver)
 	{
 	if (ver == SSL3_VERSION)
 		return(SSLv3_server_method());
@@ -108,35 +161,39 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *SSLv3_server_method()
+SSL_METHOD *SSLv3_server_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD SSLv3_server_data;
 
 	if (init)
 		{
-		init=0;
-		memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
-			sizeof(SSL_METHOD));
-		SSLv3_server_data.ssl_accept=ssl3_accept;
-		SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+		if (init)
+			{
+			memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
+				sizeof(SSL_METHOD));
+			SSLv3_server_data.ssl_accept=ssl3_accept;
+			SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
+			init=0;
+			}
+			
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&SSLv3_server_data);
 	}
 
-int ssl3_accept(s)
-SSL *s;
+int ssl3_accept(SSL *s)
 	{
 	BUF_MEM *buf;
 	unsigned long l,Time=time(NULL);
-	void (*cb)()=NULL;
+	void (*cb)(const SSL *ssl,int type,int val)=NULL;
 	long num1;
 	int ret= -1;
-	CERT *ct;
-	BIO *under;
 	int new_state,state,skip=0;
 
-	RAND_seed((unsigned char *)&Time,sizeof(Time));
+	RAND_add(&Time,sizeof(Time),0);
 	ERR_clear_error();
 	clear_sys_error();
 
@@ -146,20 +203,14 @@ SSL *s;
 		cb=s->ctx->info_callback;
 
 	/* init things to blank */
-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 	s->in_handshake++;
+	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 
-#ifdef undef
-	/* FIX THIS EAY EAY EAY */
-	/* we don't actually need a cert, we just need a cert or a DH_tmp */
-	if (((s->session == NULL) || (s->session->cert == NULL)) &&
-		(s->cert == NULL))
+	if (s->cert == NULL)
 		{
 		SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET);
-		ret= -1;
-		goto end;
+		return(-1);
 		}
-#endif
 
 	for (;;)
 		{
@@ -176,11 +227,14 @@ SSL *s;
 		case SSL_ST_BEFORE|SSL_ST_ACCEPT:
 		case SSL_ST_OK|SSL_ST_ACCEPT:
 
+			s->server=1;
 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
 
 			if ((s->version>>8) != 3)
-				abort();
-			/* s->version=SSL3_VERSION; */
+				{
+				SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR);
+				return -1;
+				}
 			s->type=SSL_ST_ACCEPT;
 
 			if (s->init_buf == NULL)
@@ -204,22 +258,24 @@ SSL *s;
 				goto end;
 				}
 
-			/* Ok, we now need to push on a buffering BIO so that
-			 * the output is sent in a way that TCP likes :-)
-			 */
-			if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
-
 			s->init_num=0;
 
 			if (s->state != SSL_ST_RENEGOTIATE)
 				{
-				s->state=SSL3_ST_SR_CLNT_HELLO_A;
+				/* Ok, we now need to push on a buffering BIO so that
+				 * the output is sent in a way that TCP likes :-)
+				 */
+				if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
+				
 				ssl3_init_finished_mac(s);
-				s->ctx->sess_accept++;
+				s->state=SSL3_ST_SR_CLNT_HELLO_A;
+				s->ctx->stats.sess_accept++;
 				}
 			else
 				{
-				s->ctx->sess_accept_renegotiate++;
+				/* s->state == SSL_ST_RENEGOTIATE,
+				 * we will just send a HelloRequest */
+				s->ctx->stats.sess_accept_renegotiate++;
 				s->state=SSL3_ST_SW_HELLO_REQ_A;
 				}
 			break;
@@ -238,19 +294,8 @@ SSL *s;
 			break;
 
 		case SSL3_ST_SW_HELLO_REQ_C:
-			/* remove buffering on output */
-			under=BIO_pop(s->wbio);
-			if (under != NULL)
-				s->wbio=under;
-			else
-				abort(); /* ok */
-			BIO_free(s->bbio);
-			s->bbio=NULL;
-
 			s->state=SSL_ST_OK;
-			ret=1;
-			goto end;
-			/* break; */
+			break;
 
 		case SSL3_ST_SR_CLNT_HELLO_A:
 		case SSL3_ST_SR_CLNT_HELLO_B:
@@ -259,6 +304,7 @@ SSL *s;
 			s->shutdown=0;
 			ret=ssl3_get_client_hello(s);
 			if (ret <= 0) goto end;
+			s->new_session = 2;
 			s->state=SSL3_ST_SW_SRVR_HELLO_A;
 			s->init_num=0;
 			break;
@@ -277,7 +323,7 @@ SSL *s;
 
 		case SSL3_ST_SW_CERT_A:
 		case SSL3_ST_SW_CERT_B:
-			/* Check if it is anon DH */
+			/* Check if it is anon DH or anon ECDH */
 			if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))
 				{
 				ret=ssl3_send_server_certificate(s);
@@ -292,40 +338,43 @@ SSL *s;
 		case SSL3_ST_SW_KEY_EXCH_A:
 		case SSL3_ST_SW_KEY_EXCH_B:
 			l=s->s3->tmp.new_cipher->algorithms;
-			if (s->session->cert == NULL)
-				{
-				if (s->cert != NULL)
-					{
-					CRYPTO_add(&s->cert->references,1,CRYPTO_LOCK_SSL_CERT);
-					s->session->cert=s->cert;
-					}
-				else
-					{
-					CRYPTO_add(&s->ctx->default_cert->references,1,CRYPTO_LOCK_SSL_CERT);
-					s->session->cert=s->ctx->default_cert;
-					}
-				}
-			ct=s->session->cert;
 
 			/* clear this, it may get reset by
 			 * send_server_key_exchange */
-			if (s->options & SSL_OP_EPHEMERAL_RSA)
+			if ((s->options & SSL_OP_EPHEMERAL_RSA)
+#ifndef OPENSSL_NO_KRB5
+				&& !(l & SSL_KRB5)
+#endif /* OPENSSL_NO_KRB5 */
+				)
+				/* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key
+				 * even when forbidden by protocol specs
+				 * (handshake may fail as clients are not required to
+				 * be able to handle this) */
 				s->s3->tmp.use_rsa_tmp=1;
 			else
 				s->s3->tmp.use_rsa_tmp=0;
 
+
 			/* only send if a DH key exchange, fortezza or
-			 * RSA but we have a sign only certificate */
-			if ( s->s3->tmp.use_rsa_tmp ||
-			    (l & (SSL_DH|SSL_kFZA)) ||
-			    ((l & SSL_kRSA) &&
-			     ((ct->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)||
-			      ((l & SSL_EXPORT) &&
-			       (EVP_PKEY_size(ct->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > 512)
-			      )
-			     )
+			 * RSA but we have a sign only certificate
+			 *
+			 * For ECC ciphersuites, we send a serverKeyExchange
+			 * message only if the cipher suite is either
+			 * ECDH-anon or ECDHE. In other cases, the
+			 * server certificate contains the server's 
+			 * public key for key exchange.
+			 */
+			if (s->s3->tmp.use_rsa_tmp
+			    || (l & SSL_kECDHE)
+			    || (l & (SSL_DH|SSL_kFZA))
+			    || ((l & SSL_kRSA)
+				&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
+				    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
+					&& EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)
+					)
+				    )
+				)
 			    )
-			   )
 				{
 				ret=ssl3_send_server_key_exchange(s);
 				if (ret <= 0) goto end;
@@ -339,9 +388,21 @@ SSL *s;
 
 		case SSL3_ST_SW_CERT_REQ_A:
 		case SSL3_ST_SW_CERT_REQ_B:
-			if (!(s->verify_mode & SSL_VERIFY_PEER) ||
+			if (/* don't request cert unless asked for it: */
+				!(s->verify_mode & SSL_VERIFY_PEER) ||
+				/* if SSL_VERIFY_CLIENT_ONCE is set,
+				 * don't request cert during re-negotiation: */
 				((s->session->peer != NULL) &&
-				 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)))
+				 (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
+				/* never request cert in anonymous ciphersuites
+				 * (see section "Certificate request" in SSL 3 drafts
+				 * and in RFC 2246): */
+				((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) &&
+				 /* ... except when the application insists on verification
+				  * (against the specs, but s3_clnt.c accepts this for SSL 3) */
+				 !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) ||
+                                 /* never request cert in Kerberos ciphersuites */
+                                (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5))
 				{
 				/* no cert request */
 				skip=1;
@@ -353,7 +414,12 @@ SSL *s;
 				s->s3->tmp.cert_request=1;
 				ret=ssl3_send_certificate_request(s);
 				if (ret <= 0) goto end;
+#ifndef NETSCAPE_HANG_BUG
 				s->state=SSL3_ST_SW_SRVR_DONE_A;
+#else
+				s->state=SSL3_ST_SW_FLUSH;
+				s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
+#endif
 				s->init_num=0;
 				}
 			break;
@@ -383,30 +449,52 @@ SSL *s;
 
 		case SSL3_ST_SR_CERT_A:
 		case SSL3_ST_SR_CERT_B:
-			/* could be sent for a DH cert, even if we
-			 * have not asked for it :-) */
-			ret=ssl3_get_client_certificate(s);
-			if (ret <= 0) goto end;
-			s->init_num=0;
-			s->state=SSL3_ST_SR_KEY_EXCH_A;
+			/* Check for second client hello (MS SGC) */
+			ret = ssl3_check_client_hello(s);
+			if (ret <= 0)
+				goto end;
+			if (ret == 2)
+				s->state = SSL3_ST_SR_CLNT_HELLO_C;
+			else {
+				/* could be sent for a DH cert, even if we
+				 * have not asked for it :-) */
+				ret=ssl3_get_client_certificate(s);
+				if (ret <= 0) goto end;
+				s->init_num=0;
+				s->state=SSL3_ST_SR_KEY_EXCH_A;
+			}
 			break;
 
 		case SSL3_ST_SR_KEY_EXCH_A:
 		case SSL3_ST_SR_KEY_EXCH_B:
 			ret=ssl3_get_client_key_exchange(s);
-			if (ret <= 0) goto end;
-			s->state=SSL3_ST_SR_CERT_VRFY_A;
-			s->init_num=0;
-
-			/* We need to get hashes here so if there is
-			 * a client cert, it can be verified */ 
-			s->method->ssl3_enc->cert_verify_mac(s,
-				&(s->s3->finish_dgst1),
-				&(s->s3->tmp.finish_md[0]));
-			s->method->ssl3_enc->cert_verify_mac(s,
-				&(s->s3->finish_dgst2),
-				&(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]));
+			if (ret <= 0) 
+				goto end;
+			if (ret == 2)
+				{
+				/* For the ECDH ciphersuites when
+				 * the client sends its ECDH pub key in
+				 * a certificate, the CertificateVerify
+				 * message is not sent.
+				 */
+				s->state=SSL3_ST_SR_FINISHED_A;
+				s->init_num = 0;
+				}
+			else   
+				{
+				s->state=SSL3_ST_SR_CERT_VRFY_A;
+				s->init_num=0;
 
+				/* We need to get hashes here so if there is
+				 * a client cert, it can be verified
+				 */ 
+				s->method->ssl3_enc->cert_verify_mac(s,
+				    &(s->s3->finish_dgst1),
+				    &(s->s3->tmp.cert_verify_md[0]));
+				s->method->ssl3_enc->cert_verify_mac(s,
+				    &(s->s3->finish_dgst2),
+				    &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]));
+				}
 			break;
 
 		case SSL3_ST_SR_CERT_VRFY_A:
@@ -459,8 +547,8 @@ SSL *s;
 		case SSL3_ST_SW_FINISHED_B:
 			ret=ssl3_send_finished(s,
 				SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B,
-				s->method->ssl3_enc->server_finished,
-				s->method->ssl3_enc->server_finished_len);
+				s->method->ssl3_enc->server_finished_label,
+				s->method->ssl3_enc->server_finished_label_len);
 			if (ret <= 0) goto end;
 			s->state=SSL3_ST_SW_FLUSH;
 			if (s->hit)
@@ -478,26 +566,27 @@ SSL *s;
 			s->init_buf=NULL;
 
 			/* remove buffering on output */
-			under=BIO_pop(s->wbio);
-			if (under != NULL)
-				s->wbio=under;
-			else
-				abort(); /* ok */
-			BIO_free(s->bbio);
-			s->bbio=NULL;
+			ssl_free_wbio_buffer(s);
 
-			s->new_session=0;
 			s->init_num=0;
 
-			ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
-
-			s->ctx->sess_accept_good++;
-			/* s->server=1; */
-			s->handshake_func=ssl3_accept;
-			ret=1;
-
-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
-
+			if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
+				{
+				/* actually not necessarily a 'new' session unless
+				 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
+				
+				s->new_session=0;
+				
+				ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
+				
+				s->ctx->stats.sess_accept_good++;
+				/* s->server=1; */
+				s->handshake_func=ssl3_accept;
+
+				if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
+				}
+			
+			ret = 1;
 			goto end;
 			/* break; */
 
@@ -530,21 +619,20 @@ SSL *s;
 end:
 	/* BIO_flush(s->wbio); */
 
+	s->in_handshake--;
 	if (cb != NULL)
 		cb(s,SSL_CB_ACCEPT_EXIT,ret);
-	s->in_handshake--;
 	return(ret);
 	}
 
-static int ssl3_send_hello_request(s)
-SSL *s;
+static int ssl3_send_hello_request(SSL *s)
 	{
 	unsigned char *p;
 
 	if (s->state == SSL3_ST_SW_HELLO_REQ_A)
 		{
 		p=(unsigned char *)s->init_buf->data;
-		*(p++)=SSL3_MT_CLIENT_REQUEST;
+		*(p++)=SSL3_MT_HELLO_REQUEST;
 		*(p++)=0;
 		*(p++)=0;
 		*(p++)=0;
@@ -559,15 +647,48 @@ SSL *s;
 	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
 	}
 
-static int ssl3_get_client_hello(s)
-SSL *s;
+static int ssl3_check_client_hello(SSL *s)
+	{
+	int ok;
+	long n;
+
+	/* this function is called when we really expect a Certificate message,
+	 * so permit appropriate message length */
+	n=ssl3_get_message(s,
+		SSL3_ST_SR_CERT_A,
+		SSL3_ST_SR_CERT_B,
+		-1,
+		s->max_cert_list,
+		&ok);
+	if (!ok) return((int)n);
+	s->s3->tmp.reuse_message = 1;
+	if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
+		{
+		/* Throw away what we have done so far in the current handshake,
+		 * which will now be aborted. (A full SSL_clear would be too much.)
+		 * I hope that tmp.dh is the only thing that may need to be cleared
+		 * when a handshake is not completed ... */
+#ifndef OPENSSL_NO_DH
+		if (s->s3->tmp.dh != NULL)
+			{
+			DH_free(s->s3->tmp.dh);
+			s->s3->tmp.dh = NULL;
+			}
+#endif
+		return 2;
+		}
+	return 1;
+}
+
+static int ssl3_get_client_hello(SSL *s)
 	{
 	int i,j,ok,al,ret= -1;
 	long n;
 	unsigned long id;
-	unsigned char *p,*d;
+	unsigned char *p,*d,*q;
 	SSL_CIPHER *c;
-	STACK *ciphers=NULL;
+	SSL_COMP *comp=NULL;
+	STACK_OF(SSL_CIPHER) *ciphers=NULL;
 
 	/* We do this so that we will respond with our native type.
 	 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
@@ -588,13 +709,25 @@ SSL *s;
 		&ok);
 
 	if (!ok) return((int)n);
-	d=p=(unsigned char *)s->init_buf->data;
+	d=p=(unsigned char *)s->init_msg;
 
-	/* The version number has already been checked in ssl3_get_message.
-	 * I a native TLSv1/SSLv3 method, the match must be correct except
-	 * perhaps for the first message */
+	/* use version from inside client hello, not from record header
+	 * (may differ: see RFC 2246, Appendix E, second paragraph) */
+	s->client_version=(((int)p[0])<<8)|(int)p[1];
 	p+=2;
 
+	if (s->client_version < s->version)
+		{
+		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
+		if ((s->client_version>>8) == SSL3_VERSION_MAJOR) 
+			{
+			/* similar to ssl3_get_record, send alert using remote version number */
+			s->version = s->client_version;
+			}
+		al = SSL_AD_PROTOCOL_VERSION;
+		goto f_err;
+		}
+
 	/* load the client random */
 	memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
 	p+=SSL3_RANDOM_SIZE;
@@ -603,7 +736,15 @@ SSL *s;
 	j= *(p++);
 
 	s->hit=0;
-	if (j == 0)
+	/* Versions before 0.9.7 always allow session reuse during renegotiation
+	 * (i.e. when s->new_session is true), option
+	 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7.
+	 * Maybe this optional behaviour should always have been the default,
+	 * but we cannot safely change the default behaviour (or new applications
+	 * might be written that become totally unsecure when compiled with
+	 * an earlier library version)
+	 */
+	if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
 		{
 		if (!ssl_get_new_session(s,1))
 			goto err;
@@ -615,7 +756,9 @@ SSL *s;
 			{ /* previous session */
 			s->hit=1;
 			}
-		else
+		else if (i == -1)
+			goto err;
+		else /* i == 0 */
 			{
 			if (!ssl_get_new_session(s,1))
 				goto err;
@@ -631,7 +774,7 @@ SSL *s;
 		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
 		goto f_err;
 		}
-	if ((i+p) > (d+n))
+	if ((p+i) >= (d+n))
 		{
 		/* not enough data */
 		al=SSL_AD_DECODE_ERROR;
@@ -651,9 +794,16 @@ SSL *s;
 		j=0;
 		id=s->session->cipher->id;
 
-		for (i=0; i<sk_num(ciphers); i++)
+#ifdef CIPHER_DEBUG
+		printf("client sent %d ciphers\n",sk_num(ciphers));
+#endif
+		for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++)
 			{
-			c=(SSL_CIPHER *)sk_value(ciphers,i);
+			c=sk_SSL_CIPHER_value(ciphers,i);
+#ifdef CIPHER_DEBUG
+			printf("client [%2d of %2d]:%s\n",
+				i,sk_num(ciphers),SSL_CIPHER_get_name(c));
+#endif
 			if (c->id == id)
 				{
 				j=1;
@@ -662,11 +812,11 @@ SSL *s;
 			}
 		if (j == 0)
 			{
-			if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_num(ciphers) == 1))
+			if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1))
 				{
 				/* Very bad for multi-threading.... */
-				s->session->cipher=
-					(SSL_CIPHER *)sk_value(ciphers,0);
+				s->session->cipher=sk_SSL_CIPHER_value(ciphers,
+								       0);
 				}
 			else
 				{
@@ -681,8 +831,18 @@ SSL *s;
 
 	/* compression */
 	i= *(p++);
+	if ((p+i) > (d+n))
+		{
+		/* not enough data */
+		al=SSL_AD_DECODE_ERROR;
+		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
+		goto f_err;
+		}
+	q=p;
 	for (j=0; j<i; j++)
+		{
 		if (p[j] == 0) break;
+		}
 
 	p+=i;
 	if (j >= i)
@@ -693,10 +853,39 @@ SSL *s;
 		goto f_err;
 		}
 
+	/* Worst case, we will use the NULL compression, but if we have other
+	 * options, we will now look for them.  We have i-1 compression
+	 * algorithms from the client, starting at q. */
+	s->s3->tmp.new_compression=NULL;
+	if (s->ctx->comp_methods != NULL)
+		{ /* See if we have a match */
+		int m,nn,o,v,done=0;
+
+		nn=sk_SSL_COMP_num(s->ctx->comp_methods);
+		for (m=0; m<nn; m++)
+			{
+			comp=sk_SSL_COMP_value(s->ctx->comp_methods,m);
+			v=comp->id;
+			for (o=0; o<i; o++)
+				{
+				if (v == q[o])
+					{
+					done=1;
+					break;
+					}
+				}
+			if (done) break;
+			}
+		if (done)
+			s->s3->tmp.new_compression=comp;
+		else
+			comp=NULL;
+		}
+
 	/* TLS does not mind if there is extra stuff */
 	if (s->version == SSL3_VERSION)
 		{
-		if (p > (d+n))
+		if (p < (d+n))
 			{
 			/* wrong number of bytes,
 			 * there could be more to follow */
@@ -706,15 +895,14 @@ SSL *s;
 			}
 		}
 
-	/* do nothing with compression */
-
-	/* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must
+	/* Given s->session->ciphers and SSL_get_ciphers, we must
 	 * pick a cipher */
 
 	if (!s->hit)
 		{
+		s->session->compress_meth=(comp == NULL)?0:comp->id;
 		if (s->session->ciphers != NULL)
-			sk_free(s->session->ciphers);
+			sk_SSL_CIPHER_free(s->session->ciphers);
 		s->session->ciphers=ciphers;
 		if (ciphers == NULL)
 			{
@@ -724,7 +912,7 @@ SSL *s;
 			}
 		ciphers=NULL;
 		c=ssl3_choose_cipher(s,s->session->ciphers,
-			ssl_get_ciphers_by_id(s));
+				     SSL_get_ciphers(s));
 
 		if (c == NULL)
 			{
@@ -738,19 +926,19 @@ SSL *s;
 		{
 		/* Session-id reuse */
 #ifdef REUSE_CIPHER_BUG
-		STACK *sk;
+		STACK_OF(SSL_CIPHER) *sk;
 		SSL_CIPHER *nc=NULL;
 		SSL_CIPHER *ec=NULL;
 
 		if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG)
 			{
 			sk=s->session->ciphers;
-			for (i=0; i<sk_num(sk); i++)
+			for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
 				{
-				c=(SSL_CIPHER *)sk_value(sk,i);
+				c=sk_SSL_CIPHER_value(sk,i);
 				if (c->algorithms & SSL_eNULL)
 					nc=c;
-				if (c->algorithms & SSL_EXP)
+				if (SSL_C_IS_EXPORT(c))
 					ec=c;
 				}
 			if (nc != NULL)
@@ -772,7 +960,7 @@ SSL *s;
 	 * compression		- basically ignored right now
 	 * ssl version is set	- sslv3
 	 * s->session		- The ssl session has been setup.
-	 * s->hit		- sesson reuse flag
+	 * s->hit		- session reuse flag
 	 * s->tmp.new_cipher	- the new cipher to use.
 	 */
 
@@ -783,12 +971,11 @@ f_err:
 		ssl3_send_alert(s,SSL3_AL_FATAL,al);
 		}
 err:
-	if (ciphers != NULL) sk_free(ciphers);
+	if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers);
 	return(ret);
 	}
 
-static int ssl3_send_server_hello(s)
-SSL *s;
+static int ssl3_send_server_hello(SSL *s)
 	{
 	unsigned char *buf;
 	unsigned char *p,*d;
@@ -801,7 +988,7 @@ SSL *s;
 		p=s->s3->server_random;
 		Time=time(NULL);			/* Time */
 		l2n(Time,p);
-		RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+		RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
 		/* Do the message type and length last */
 		d=p= &(buf[4]);
 
@@ -824,6 +1011,11 @@ SSL *s;
 			s->session->session_id_length=0;
 
 		sl=s->session->session_id_length;
+		if (sl > sizeof s->session->session_id)
+			{
+			SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+			return -1;
+			}
 		*(p++)=sl;
 		memcpy(p,s->session->session_id,sl);
 		p+=sl;
@@ -833,7 +1025,10 @@ SSL *s;
 		p+=i;
 
 		/* put the compression method */
-		*(p++)=0;
+		if (s->s3->tmp.new_compression == NULL)
+			*(p++)=0;
+		else
+			*(p++)=s->s3->tmp.new_compression->id;
 
 		/* do the header */
 		l=(p-d);
@@ -851,8 +1046,7 @@ SSL *s;
 	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
 	}
 
-static int ssl3_send_server_done(s)
-SSL *s;
+static int ssl3_send_server_done(SSL *s)
 	{
 	unsigned char *p;
 
@@ -876,17 +1070,24 @@ SSL *s;
 	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
 	}
 
-static int ssl3_send_server_key_exchange(s)
-SSL *s;
+static int ssl3_send_server_key_exchange(SSL *s)
 	{
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	unsigned char *q;
 	int j,num;
 	RSA *rsa;
 	unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
+	unsigned int u;
 #endif
-#ifndef NO_DH
-	DH *dh,*dhp;
+#ifndef OPENSSL_NO_DH
+	DH *dh=NULL,*dhp;
+#endif
+#ifndef OPENSSL_NO_ECDH
+	EC_KEY *ecdh=NULL, *ecdhp;
+	unsigned char *encodedPoint = NULL;
+	int encodedlen = 0;
+	int curve_id = 0;
+	BN_CTX *bn_ctx = NULL; 
 #endif
 	EVP_PKEY *pkey;
 	unsigned char *p,*d;
@@ -899,25 +1100,32 @@ SSL *s;
 	BUF_MEM *buf;
 	EVP_MD_CTX md_ctx;
 
+	EVP_MD_CTX_init(&md_ctx);
 	if (s->state == SSL3_ST_SW_KEY_EXCH_A)
 		{
 		type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK;
-		cert=s->session->cert;
+		cert=s->cert;
 
 		buf=s->init_buf;
 
 		r[0]=r[1]=r[2]=r[3]=NULL;
 		n=0;
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		if (type & SSL_kRSA)
 			{
 			rsa=cert->rsa_tmp;
-			if ((rsa == NULL) && (s->ctx->default_cert->rsa_tmp_cb != NULL))
+			if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL))
+				{
+				rsa=s->cert->rsa_tmp_cb(s,
+				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
+				if(rsa == NULL)
 				{
-				rsa=s->ctx->default_cert->rsa_tmp_cb(s,
-					(s->s3->tmp.new_cipher->algorithms|
-					SSL_NOT_EXP)?0:1);
-				CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
+					al=SSL_AD_HANDSHAKE_FAILURE;
+					SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY);
+					goto f_err;
+				}
+				RSA_up_ref(rsa);
 				cert->rsa_tmp=rsa;
 				}
 			if (rsa == NULL)
@@ -932,20 +1140,28 @@ SSL *s;
 			}
 		else
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 			if (type & SSL_kEDH)
 			{
 			dhp=cert->dh_tmp;
-			if ((dhp == NULL) && (cert->dh_tmp_cb != NULL))
-				dhp=cert->dh_tmp_cb(s,
-					(s->s3->tmp.new_cipher->algorithms|
-					SSL_NOT_EXP)?0:1);
+			if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
+				dhp=s->cert->dh_tmp_cb(s,
+				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
 			if (dhp == NULL)
 				{
 				al=SSL_AD_HANDSHAKE_FAILURE;
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY);
 				goto f_err;
 				}
+
+			if (s->s3->tmp.dh != NULL)
+				{
+				DH_free(dh);
+				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+				goto err;
+				}
+
 			if ((dh=DHparams_dup(dhp)) == NULL)
 				{
 				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
@@ -953,13 +1169,16 @@ SSL *s;
 				}
 
 			s->s3->tmp.dh=dh;
-			if (((dhp->pub_key == NULL) ||
-			     (dhp->priv_key == NULL) ||
-			     (s->options & SSL_OP_SINGLE_DH_USE)) &&
-			    (!DH_generate_key(dh)))
+			if ((dhp->pub_key == NULL ||
+			     dhp->priv_key == NULL ||
+			     (s->options & SSL_OP_SINGLE_DH_USE)))
 				{
-				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB);
-				goto err;
+				if(!DH_generate_key(dh))
+				    {
+				    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
+					   ERR_R_DH_LIB);
+				    goto err;
+				    }
 				}
 			else
 				{
@@ -978,6 +1197,131 @@ SSL *s;
 			}
 		else 
 #endif
+#ifndef OPENSSL_NO_ECDH
+			if (type & SSL_kECDHE)
+			{
+			ecdhp=cert->ecdh_tmp;
+			if ((ecdhp == NULL) && (s->cert->ecdh_tmp_cb != NULL))
+				{
+				ecdhp=s->cert->ecdh_tmp_cb(s,
+				      SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+				      SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
+				}
+			if (ecdhp == NULL)
+				{
+				al=SSL_AD_HANDSHAKE_FAILURE;
+				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
+				goto f_err;
+				}
+
+			if (s->s3->tmp.ecdh != NULL)
+				{
+				EC_KEY_free(s->s3->tmp.ecdh); 
+				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+				goto err;
+				}
+
+			/* Duplicate the ECDH structure. */
+			if (ecdhp == NULL)
+				{
+				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
+				goto err;
+				}
+			if (!EC_KEY_up_ref(ecdhp))
+				{
+				SSLerr(SSL_F_SSL3_CTRL,ERR_R_ECDH_LIB);
+				goto err;
+				}
+			ecdh = ecdhp;
+
+			s->s3->tmp.ecdh=ecdh;
+			if ((ecdh->pub_key == NULL) ||
+			    (ecdh->priv_key == NULL) ||
+			    (s->options & SSL_OP_SINGLE_ECDH_USE))
+				{
+				if(!EC_KEY_generate_key(ecdh))
+				    {
+				    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
+				    goto err;
+				    }
+				}
+
+			if ((ecdh->group == NULL) ||
+			    (ecdh->pub_key == NULL) ||
+			    (ecdh->priv_key == NULL))
+				{
+				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
+				goto err;
+				}
+
+			if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
+			    (EC_GROUP_get_degree(ecdh->group) > 163)) 
+				{
+				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);
+				goto err;
+				}
+
+			/* XXX: For now, we only support ephemeral ECDH
+			 * keys over named (not generic) curves. For 
+			 * supported named curves, curve_id is non-zero.
+			 */
+			if ((curve_id = 
+			    nid2curve_id(EC_GROUP_get_nid(ecdh->group)))
+			    == 0)
+				{
+				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
+				goto err;
+				}
+
+			/* Encode the public key.
+			 * First check the size of encoding and
+			 * allocate memory accordingly.
+			 */
+			encodedlen = EC_POINT_point2oct(ecdh->group, 
+			    ecdh->pub_key, 
+			    POINT_CONVERSION_UNCOMPRESSED, 
+			    NULL, 0, NULL);
+
+			encodedPoint = (unsigned char *) 
+			    OPENSSL_malloc(encodedlen*sizeof(unsigned char)); 
+			bn_ctx = BN_CTX_new();
+			if ((encodedPoint == NULL) || (bn_ctx == NULL))
+				{
+				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
+
+
+			encodedlen = EC_POINT_point2oct(ecdh->group, 
+			    ecdh->pub_key, 
+			    POINT_CONVERSION_UNCOMPRESSED, 
+			    encodedPoint, encodedlen, bn_ctx);
+
+			if (encodedlen == 0) 
+				{
+				SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_ECDH_LIB);
+				goto err;
+				}
+
+			BN_CTX_free(bn_ctx);  bn_ctx=NULL;
+
+			/* XXX: For now, we only support named (not 
+			 * generic) curves in ECDH ephemeral key exchanges.
+			 * In this situation, we need three additional bytes
+			 * to encode the entire ServerECDHParams
+			 * structure. 
+			 */
+			n = 3 + encodedlen;
+
+			/* We'll generate the serverKeyExchange message
+			 * explicitly so we can set these to NULLs
+			 */
+			r[0]=NULL;
+			r[1]=NULL;
+			r[2]=NULL;
+			}
+		else 
+#endif /* !OPENSSL_NO_ECDH */
 			{
 			al=SSL_AD_HANDSHAKE_FAILURE;
 			SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
@@ -1005,7 +1349,7 @@ SSL *s;
 			kn=0;
 			}
 
-		if (!BUF_MEM_grow(buf,n+4+kn))
+		if (!BUF_MEM_grow_clean(buf,n+4+kn))
 			{
 			SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_BUF);
 			goto err;
@@ -1020,45 +1364,67 @@ SSL *s;
 			p+=nr[i];
 			}
 
+#ifndef OPENSSL_NO_ECDH
+		if (type & SSL_kECDHE) 
+			{
+			/* XXX: For now, we only support named (not generic) curves.
+			 * In this situation, the serverKeyExchange message has:
+			 * [1 byte CurveType], [1 byte CurveName]
+			 * [1 byte length of encoded point], followed by
+			 * the actual encoded point itself
+			 */
+			*p = NAMED_CURVE_TYPE;
+			p += 1;
+			*p = curve_id;
+			p += 1;
+			*p = encodedlen;
+			p += 1;
+			memcpy((unsigned char*)p, 
+			    (unsigned char *)encodedPoint, 
+			    encodedlen);
+			OPENSSL_free(encodedPoint);
+			p += encodedlen;
+			}
+#endif
+
 		/* not anonymous */
 		if (pkey != NULL)
 			{
 			/* n is the length of the params, they start at &(d[4])
 			 * and p points to the space at the end. */
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 			if (pkey->type == EVP_PKEY_RSA)
 				{
 				q=md_buf;
 				j=0;
 				for (num=2; num > 0; num--)
 					{
-					EVP_DigestInit(&md_ctx,(num == 2)
-						?s->ctx->md5:s->ctx->sha1);
+					EVP_DigestInit_ex(&md_ctx,(num == 2)
+						?s->ctx->md5:s->ctx->sha1, NULL);
 					EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 					EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 					EVP_DigestUpdate(&md_ctx,&(d[4]),n);
-					EVP_DigestFinal(&md_ctx,q,
+					EVP_DigestFinal_ex(&md_ctx,q,
 						(unsigned int *)&i);
 					q+=i;
 					j+=i;
 					}
-				i=RSA_private_encrypt(j,md_buf,&(p[2]),
-					pkey->pkey.rsa,RSA_PKCS1_PADDING);
-				if (i <= 0)
+				if (RSA_sign(NID_md5_sha1, md_buf, j,
+					&(p[2]), &u, pkey->pkey.rsa) <= 0)
 					{
 					SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA);
 					goto err;
 					}
-				s2n(i,p);
-				n+=i+2;
+				s2n(u,p);
+				n+=u+2;
 				}
 			else
 #endif
-#if !defined(NO_DSA)
+#if !defined(OPENSSL_NO_DSA)
 				if (pkey->type == EVP_PKEY_DSA)
 				{
 				/* lets do DSS */
-				EVP_SignInit(&md_ctx,EVP_dss1());
+				EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
 				EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
 				EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
 				EVP_SignUpdate(&md_ctx,&(d[4]),n);
@@ -1073,6 +1439,25 @@ SSL *s;
 				}
 			else
 #endif
+#if !defined(OPENSSL_NO_ECDSA)
+				if (pkey->type == EVP_PKEY_EC)
+				{
+				/* let's do ECDSA */
+				EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
+				EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+				EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+				EVP_SignUpdate(&md_ctx,&(d[4]),n);
+				if (!EVP_SignFinal(&md_ctx,&(p[2]),
+					(unsigned int *)&i,pkey))
+					{
+					SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
+					goto err;
+					}
+				s2n(i,p);
+				n+=i+2;
+				}
+			else
+#endif
 				{
 				/* Is this error check actually needed? */
 				al=SSL_AD_HANDSHAKE_FAILURE;
@@ -1090,20 +1475,25 @@ SSL *s;
 		s->init_off=0;
 		}
 
-	/* SSL3_ST_SW_KEY_EXCH_B */
+	s->state = SSL3_ST_SW_KEY_EXCH_B;
+	EVP_MD_CTX_cleanup(&md_ctx);
 	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
 f_err:
 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
 err:
+#ifndef OPENSSL_NO_ECDH
+	if (encodedPoint != NULL) OPENSSL_free(encodedPoint);
+	BN_CTX_free(bn_ctx);
+#endif
+	EVP_MD_CTX_cleanup(&md_ctx);
 	return(-1);
 	}
 
-static int ssl3_send_certificate_request(s)
-SSL *s;
+static int ssl3_send_certificate_request(SSL *s)
 	{
 	unsigned char *p,*d;
 	int i,j,nl,off,n;
-	STACK *sk=NULL;
+	STACK_OF(X509_NAME) *sk=NULL;
 	X509_NAME *name;
 	BUF_MEM *buf;
 
@@ -1128,11 +1518,11 @@ SSL *s;
 		nl=0;
 		if (sk != NULL)
 			{
-			for (i=0; i<sk_num(sk); i++)
+			for (i=0; i<sk_X509_NAME_num(sk); i++)
 				{
-				name=(X509_NAME *)sk_value(sk,i);
+				name=sk_X509_NAME_value(sk,i);
 				j=i2d_X509_NAME(name,NULL);
-				if (!BUF_MEM_grow(buf,4+n+j+2))
+				if (!BUF_MEM_grow_clean(buf,4+n+j+2))
 					{
 					SSLerr(SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,ERR_R_BUF_LIB);
 					goto err;
@@ -1168,6 +1558,17 @@ SSL *s;
 
 		s->init_num=n+4;
 		s->init_off=0;
+#ifdef NETSCAPE_HANG_BUG
+		p=(unsigned char *)s->init_buf->data + s->init_num;
+
+		/* do the header */
+		*(p++)=SSL3_MT_SERVER_DONE;
+		*(p++)=0;
+		*(p++)=0;
+		*(p++)=0;
+		s->init_num += 4;
+#endif
+
 		}
 
 	/* SSL3_ST_SW_CERT_REQ_B */
@@ -1176,44 +1577,51 @@ err:
 	return(-1);
 	}
 
-static int ssl3_get_client_key_exchange(s)
-SSL *s;
+static int ssl3_get_client_key_exchange(SSL *s)
 	{
 	int i,al,ok;
 	long n;
 	unsigned long l;
 	unsigned char *p;
+#ifndef OPENSSL_NO_RSA
 	RSA *rsa=NULL;
 	EVP_PKEY *pkey=NULL;
-#ifndef NO_DH
+#endif
+#ifndef OPENSSL_NO_DH
 	BIGNUM *pub=NULL;
 	DH *dh_srvr;
 #endif
+#ifndef OPENSSL_NO_KRB5
+        KSSL_ERR kssl_err;
+#endif /* OPENSSL_NO_KRB5 */
+
+#ifndef OPENSSL_NO_ECDH
+	EC_KEY *srvr_ecdh = NULL;
+	EVP_PKEY *clnt_pub_pkey = NULL;
+	EC_POINT *clnt_ecpoint = NULL;
+	BN_CTX *bn_ctx = NULL; 
+#endif
 
 	n=ssl3_get_message(s,
 		SSL3_ST_SR_KEY_EXCH_A,
 		SSL3_ST_SR_KEY_EXCH_B,
 		SSL3_MT_CLIENT_KEY_EXCHANGE,
-		400, /* ???? */
+		2048, /* ??? */
 		&ok);
 
 	if (!ok) return((int)n);
-	p=(unsigned char *)s->init_buf->data;
+	p=(unsigned char *)s->init_msg;
 
 	l=s->s3->tmp.new_cipher->algorithms;
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (l & SSL_kRSA)
 		{
 		/* FIX THIS UP EAY EAY EAY EAY */
 		if (s->s3->tmp.use_rsa_tmp)
 			{
-			if ((s->session->cert != NULL) &&
-				(s->session->cert->rsa_tmp != NULL))
-				rsa=s->session->cert->rsa_tmp;
-			else if ((s->ctx->default_cert != NULL) &&
-				(s->ctx->default_cert->rsa_tmp != NULL))
-				rsa=s->ctx->default_cert->rsa_tmp;
+			if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
+				rsa=s->cert->rsa_tmp;
 			/* Don't do a callback because rsa_tmp should
 			 * be sent already */
 			if (rsa == NULL)
@@ -1258,42 +1666,62 @@ SSL *s;
 
 		i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
 
-#if 1
-		/* If a bad decrypt, use a random master key */
-		if ((i != SSL_MAX_MASTER_KEY_LENGTH) ||
-			((p[0] != (s->version>>8)) ||
-			 (p[1] != (s->version & 0xff))))
-			{
-			p[0]=(s->version>>8);
-			p[1]=(s->version & 0xff);
-			RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2);
-			i=SSL_MAX_MASTER_KEY_LENGTH;
-			}
-#else
+		al = -1;
+		
 		if (i != SSL_MAX_MASTER_KEY_LENGTH)
 			{
 			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
-			goto f_err;
 			}
 
-		if ((p[0] != (s->version>>8)) || (p[1] != (s->version & 0xff)))
+		if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
 			{
-			al=SSL_AD_DECODE_ERROR;
-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
-			goto f_err;
+			/* The premaster secret must contain the same version number as the
+			 * ClientHello to detect version rollback attacks (strangely, the
+			 * protocol does not offer such protection for DH ciphersuites).
+			 * However, buggy clients exist that send the negotiated protocol
+			 * version instead if the server does not support the requested
+			 * protocol version.
+			 * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */
+			if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&
+				(p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
+				{
+				al=SSL_AD_DECODE_ERROR;
+				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
+				goto f_err;
+				}
 			}
-#endif
 
+		if (al != -1)
+			{
+#if 0
+			goto f_err;
+#else
+			/* Some decryption failure -- use random value instead as countermeasure
+			 * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
+			 * (see RFC 2246, section 7.4.7.1).
+			 * But note that due to length and protocol version checking, the
+			 * attack is impractical anyway (see section 5 in D. Bleichenbacher:
+			 * "Chosen Ciphertext Attacks Against Protocols Based on the RSA
+			 * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12).
+			 */
+			ERR_clear_error();
+			i = SSL_MAX_MASTER_KEY_LENGTH;
+			p[0] = s->client_version >> 8;
+			p[1] = s->client_version & 0xff;
+			RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */
+#endif
+			}
+	
 		s->session->master_key_length=
 			s->method->ssl3_enc->generate_master_secret(s,
 				s->session->master_key,
 				p,i);
-		memset(p,0,i);
+		OPENSSL_cleanse(p,i);
 		}
 	else
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 		if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
 		{
 		n2s(p,i);
@@ -1352,26 +1780,328 @@ SSL *s;
 		s->session->master_key_length=
 			s->method->ssl3_enc->generate_master_secret(s,
 				s->session->master_key,p,i);
+		OPENSSL_cleanse(p,i);
+		}
+	else
+#endif
+#ifndef OPENSSL_NO_KRB5
+        if (l & SSL_kKRB5)
+                {
+                krb5_error_code		krb5rc;
+		krb5_data		enc_ticket;
+		krb5_data		authenticator;
+		krb5_data		enc_pms;
+                KSSL_CTX		*kssl_ctx = s->kssl_ctx;
+		EVP_CIPHER_CTX		ciph_ctx;
+		EVP_CIPHER		*enc = NULL;
+		unsigned char		iv[EVP_MAX_IV_LENGTH];
+		unsigned char		pms[SSL_MAX_MASTER_KEY_LENGTH
+                                               + EVP_MAX_BLOCK_LENGTH];
+		int                     padl, outl;
+		krb5_timestamp		authtime = 0;
+		krb5_ticket_times	ttimes;
+
+		EVP_CIPHER_CTX_init(&ciph_ctx);
+
+                if (!kssl_ctx)  kssl_ctx = kssl_ctx_new();
+
+		n2s(p,i);
+		enc_ticket.length = i;
+		enc_ticket.data = (char *)p;
+		p+=enc_ticket.length;
+
+		n2s(p,i);
+		authenticator.length = i;
+		authenticator.data = (char *)p;
+		p+=authenticator.length;
+
+		n2s(p,i);
+		enc_pms.length = i;
+		enc_pms.data = (char *)p;
+		p+=enc_pms.length;
+
+		/* Note that the length is checked again below,
+		** after decryption
+		*/
+		if(enc_pms.length > sizeof pms)
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+			       SSL_R_DATA_LENGTH_TOO_LONG);
+			goto err;
+			}
+
+		if (n != enc_ticket.length + authenticator.length +
+						enc_pms.length + 6)
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				SSL_R_DATA_LENGTH_TOO_LONG);
+			goto err;
+			}
+
+                if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes,
+					&kssl_err)) != 0)
+                        {
+#ifdef KSSL_DEBUG
+                        printf("kssl_sget_tkt rtn %d [%d]\n",
+                                krb5rc, kssl_err.reason);
+                        if (kssl_err.text)
+                                printf("kssl_err text= %s\n", kssl_err.text);
+#endif	/* KSSL_DEBUG */
+                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                kssl_err.reason);
+                        goto err;
+                        }
+
+		/*  Note: no authenticator is not considered an error,
+		**  but will return authtime == 0.
+		*/
+		if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator,
+					&authtime, &kssl_err)) != 0)
+			{
+#ifdef KSSL_DEBUG
+                        printf("kssl_check_authent rtn %d [%d]\n",
+                                krb5rc, kssl_err.reason);
+                        if (kssl_err.text)
+                                printf("kssl_err text= %s\n", kssl_err.text);
+#endif	/* KSSL_DEBUG */
+                        SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                kssl_err.reason);
+                        goto err;
+			}
+
+		if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0)
+			{
+			SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, krb5rc);
+                        goto err;
+			}
+
+#ifdef KSSL_DEBUG
+                kssl_ctx_show(kssl_ctx);
+#endif	/* KSSL_DEBUG */
+
+		enc = kssl_map_enc(kssl_ctx->enctype);
+                if (enc == NULL)
+                    goto err;
+
+		memset(iv, 0, sizeof iv);	/* per RFC 1510 */
+
+		if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv))
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				SSL_R_DECRYPTION_FAILED);
+			goto err;
+			}
+		if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl,
+					(unsigned char *)enc_pms.data, enc_pms.length))
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				SSL_R_DECRYPTION_FAILED);
+			goto err;
+			}
+		if (outl > SSL_MAX_MASTER_KEY_LENGTH)
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				SSL_R_DATA_LENGTH_TOO_LONG);
+			goto err;
+			}
+		if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl))
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				SSL_R_DECRYPTION_FAILED);
+			goto err;
+			}
+		outl += padl;
+		if (outl > SSL_MAX_MASTER_KEY_LENGTH)
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				SSL_R_DATA_LENGTH_TOO_LONG);
+			goto err;
+			}
+		EVP_CIPHER_CTX_cleanup(&ciph_ctx);
+
+                s->session->master_key_length=
+                        s->method->ssl3_enc->generate_master_secret(s,
+                                s->session->master_key, pms, outl);
+
+                if (kssl_ctx->client_princ)
+                        {
+                        int len = strlen(kssl_ctx->client_princ);
+                        if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) 
+                                {
+                                s->session->krb5_client_princ_len = len;
+                                memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len);
+                                }
+                        }
+
+
+                /*  Was doing kssl_ctx_free() here,
+		**  but it caused problems for apache.
+                **  kssl_ctx = kssl_ctx_free(kssl_ctx);
+                **  if (s->kssl_ctx)  s->kssl_ctx = NULL;
+                */
+                }
+	else
+#endif	/* OPENSSL_NO_KRB5 */
+
+#ifndef OPENSSL_NO_ECDH
+		if ((l & SSL_kECDH) || (l & SSL_kECDHE))
+		{
+		int ret = 1;
+
+                /* initialize structures for server's ECDH key pair */
+		if ((srvr_ecdh = EC_KEY_new()) == NULL) 
+			{
+                	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+			    ERR_R_MALLOC_FAILURE);
+                	goto err;
+			}
+
+		/* Let's get server private key and group information */
+		if (l & SSL_kECDH) 
+			{ 
+                        /* use the certificate */
+			srvr_ecdh->group = s->cert->key->privatekey-> \
+			    pkey.eckey->group;
+			srvr_ecdh->priv_key = s->cert->key->privatekey-> \
+			    pkey.eckey->priv_key;
+			}
+		else
+			{
+			/* use the ephermeral values we saved when
+			 * generating the ServerKeyExchange msg.
+			 */
+			srvr_ecdh->group = s->s3->tmp.ecdh->group;
+			srvr_ecdh->priv_key = s->s3->tmp.ecdh->priv_key;
+			}
+
+		/* Let's get client's public key */
+		if ((clnt_ecpoint = EC_POINT_new(srvr_ecdh->group))
+		    == NULL) 
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+			    ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+
+                if (n == 0L) 
+                        {
+			/* Client Publickey was in Client Certificate */
+
+			 if (l & SSL_kECDHE) 
+				 {
+				 al=SSL_AD_HANDSHAKE_FAILURE;
+				 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
+				 goto f_err;
+				 }
+                        if (((clnt_pub_pkey=X509_get_pubkey(s->session->peer))
+			    == NULL) || 
+			    (clnt_pub_pkey->type != EVP_PKEY_EC))
+                        	{
+				/* XXX: For now, we do not support client
+				 * authentication using ECDH certificates
+				 * so this branch (n == 0L) of the code is
+				 * never executed. When that support is
+				 * added, we ought to ensure the key 
+				 * received in the certificate is 
+				 * authorized for key agreement.
+				 * ECDH_compute_key implicitly checks that
+				 * the two ECDH shares are for the same
+				 * group.
+				 */
+                           	al=SSL_AD_HANDSHAKE_FAILURE;
+                           	SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				    SSL_R_UNABLE_TO_DECODE_ECDH_CERTS);
+                           	goto f_err;
+                           	}
+
+			EC_POINT_copy(clnt_ecpoint,
+			    clnt_pub_pkey->pkey.eckey->pub_key);
+                        ret = 2; /* Skip certificate verify processing */
+                        }
+                else
+                        {
+			/* Get client's public key from encoded point
+			 * in the ClientKeyExchange message.
+			 */
+			if ((bn_ctx = BN_CTX_new()) == NULL)
+				{
+				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				    ERR_R_MALLOC_FAILURE);
+				goto err;
+				}
+
+                        /* Get encoded point length */
+                        i = *p; 
+			p += 1;
+                        if (EC_POINT_oct2point(srvr_ecdh->group, 
+			    clnt_ecpoint, p, i, bn_ctx) == 0)
+				{
+				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				    ERR_R_EC_LIB);
+				goto err;
+				}
+                        /* p is pointing to somewhere in the buffer
+                         * currently, so set it to the start 
+                         */ 
+                        p=(unsigned char *)s->init_buf->data;
+                        }
+
+		/* Compute the shared pre-master secret */
+                i = ECDH_compute_key(p, clnt_ecpoint, srvr_ecdh);
+                if (i <= 0)
+                        {
+                        SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+			    ERR_R_ECDH_LIB);
+                        goto err;
+                        }
+
+		EVP_PKEY_free(clnt_pub_pkey);
+		EC_POINT_free(clnt_ecpoint);
+		if (srvr_ecdh != NULL) 
+			{
+			srvr_ecdh->priv_key = NULL;
+			srvr_ecdh->group = NULL;
+			EC_KEY_free(srvr_ecdh);
+			}
+		BN_CTX_free(bn_ctx);
+
+		/* Compute the master secret */
+                s->session->master_key_length = s->method->ssl3_enc-> \
+		    generate_master_secret(s, s->session->master_key, p, i);
+		
+                OPENSSL_cleanse(p, i);
+                return (ret);
 		}
 	else
 #endif
 		{
 		al=SSL_AD_HANDSHAKE_FAILURE;
-		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNKNOWN_CIPHER_TYPE);
+		SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+				SSL_R_UNKNOWN_CIPHER_TYPE);
 		goto f_err;
 		}
 
 	return(1);
 f_err:
 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
-#if !defined(NO_DH) || !defined(NO_RSA)
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH)
 err:
 #endif
+#ifndef OPENSSL_NO_ECDH
+	EVP_PKEY_free(clnt_pub_pkey);
+	EC_POINT_free(clnt_ecpoint);
+	if (srvr_ecdh != NULL) 
+		{
+		srvr_ecdh->priv_key = NULL;
+		srvr_ecdh->group = NULL;
+		EC_KEY_free(srvr_ecdh);
+		}
+	BN_CTX_free(bn_ctx);
+#endif
 	return(-1);
 	}
 
-static int ssl3_get_cert_verify(s)
-SSL *s;
+static int ssl3_get_cert_verify(SSL *s)
 	{
 	EVP_PKEY *pkey=NULL;
 	unsigned char *p;
@@ -1384,7 +2114,7 @@ SSL *s;
 		SSL3_ST_SR_CERT_VRFY_A,
 		SSL3_ST_SR_CERT_VRFY_B,
 		-1,
-		512, /* 512? */
+		514, /* 514? */
 		&ok);
 
 	if (!ok) return((int)n);
@@ -1436,7 +2166,7 @@ SSL *s;
 		}
 
 	/* we now have a signature that we need to verify */
-	p=(unsigned char *)s->init_buf->data;
+	p=(unsigned char *)s->init_msg;
 	n2s(p,i);
 	n-=2;
 	if (i > n)
@@ -1454,19 +2184,19 @@ SSL *s;
 		goto f_err;
 		}
 
-#ifndef NO_RSA 
+#ifndef OPENSSL_NO_RSA 
 	if (pkey->type == EVP_PKEY_RSA)
 		{
-		i=RSA_public_decrypt(i,p,p,pkey->pkey.rsa,RSA_PKCS1_PADDING);
+		i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md,
+			MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i, 
+							pkey->pkey.rsa);
 		if (i < 0)
 			{
 			al=SSL_AD_DECRYPT_ERROR;
 			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT);
 			goto f_err;
 			}
-		if ((i != (MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH)) ||
-			memcmp(&(s->s3->tmp.finish_md[0]),p,
-				MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH))
+		if (i == 0)
 			{
 			al=SSL_AD_DECRYPT_ERROR;
 			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE);
@@ -1475,11 +2205,11 @@ SSL *s;
 		}
 	else
 #endif
-#ifndef NO_DSA
+#ifndef OPENSSL_NO_DSA
 		if (pkey->type == EVP_PKEY_DSA)
 		{
 		j=DSA_verify(pkey->save_type,
-			&(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]),
+			&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
 			SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa);
 		if (j <= 0)
 			{
@@ -1491,8 +2221,25 @@ SSL *s;
 		}
 	else
 #endif
+#ifndef OPENSSL_NO_ECDSA
+		if (pkey->type == EVP_PKEY_EC)
+		{
+		j=ECDSA_verify(pkey->save_type,
+			&(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]),
+			SHA_DIGEST_LENGTH,p,i,pkey->pkey.eckey);
+		if (j <= 0)
+			{
+			/* bad signature */
+			al=SSL_AD_DECRYPT_ERROR;
+			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,
+			    SSL_R_BAD_ECDSA_SIGNATURE);
+			goto f_err;
+			}
+		}
+	else
+#endif
 		{
-		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
 		al=SSL_AD_UNSUPPORTED_CERTIFICATE;
 		goto f_err;
 		}
@@ -1505,27 +2252,23 @@ f_err:
 		ssl3_send_alert(s,SSL3_AL_FATAL,al);
 		}
 end:
+	EVP_PKEY_free(pkey);
 	return(ret);
 	}
 
-static int ssl3_get_client_certificate(s)
-SSL *s;
+static int ssl3_get_client_certificate(SSL *s)
 	{
 	int i,ok,al,ret= -1;
 	X509 *x=NULL;
 	unsigned long l,nc,llen,n;
 	unsigned char *p,*d,*q;
-	STACK *sk=NULL;
+	STACK_OF(X509) *sk=NULL;
 
 	n=ssl3_get_message(s,
 		SSL3_ST_SR_CERT_A,
 		SSL3_ST_SR_CERT_B,
 		-1,
-#if defined(MSDOS) && !defined(WIN32)
-		1024*30, /* 30k max cert list :-) */
-#else
-		1024*100, /* 100k max cert list :-) */
-#endif
+		s->max_cert_list,
 		&ok);
 
 	if (!ok) return((int)n);
@@ -1539,7 +2282,7 @@ SSL *s;
 			al=SSL_AD_HANDSHAKE_FAILURE;
 			goto f_err;
 			}
-		/* If tls asked for a client cert we must return a 0 list */
+		/* If tls asked for a client cert, the client must return a 0 list */
 		if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request)
 			{
 			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
@@ -1556,9 +2299,9 @@ SSL *s;
 		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE);
 		goto f_err;
 		}
-	d=p=(unsigned char *)s->init_buf->data;
+	d=p=(unsigned char *)s->init_msg;
 
-	if ((sk=sk_new_null()) == NULL)
+	if ((sk=sk_X509_new_null()) == NULL)
 		{
 		SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
 		goto err;
@@ -1594,7 +2337,7 @@ SSL *s;
 			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH);
 			goto f_err;
 			}
-		if (!sk_push(sk,(char *)x))
+		if (!sk_X509_push(sk,x))
 			{
 			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE);
 			goto err;
@@ -1603,7 +2346,7 @@ SSL *s;
 		nc+=l+3;
 		}
 
-	if (sk_num(sk) <= 0)
+	if (sk_X509_num(sk) <= 0)
 		{
 		/* TLS does not mind 0 certs returned */
 		if (s->version == SSL3_VERSION)
@@ -1632,10 +2375,29 @@ SSL *s;
 			}
 		}
 
-	/* This should not be needed */
-	if (s->session->peer != NULL)
+	if (s->session->peer != NULL) /* This should not be needed */
 		X509_free(s->session->peer);
-	s->session->peer=(X509 *)sk_shift(sk);
+	s->session->peer=sk_X509_shift(sk);
+	s->session->verify_result = s->verify_result;
+
+	/* With the current implementation, sess_cert will always be NULL
+	 * when we arrive here. */
+	if (s->session->sess_cert == NULL)
+		{
+		s->session->sess_cert = ssl_sess_cert_new();
+		if (s->session->sess_cert == NULL)
+			{
+			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+			goto err;
+			}
+		}
+	if (s->session->sess_cert->cert_chain != NULL)
+		sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free);
+	s->session->sess_cert->cert_chain=sk;
+	/* Inconsistency alert: cert_chain does *not* include the
+	 * peer's own certificate, while we do include it in s3_clnt.c */
+
+	sk=NULL;
 
 	ret=1;
 	if (0)
@@ -1645,12 +2407,11 @@ f_err:
 		}
 err:
 	if (x != NULL) X509_free(x);
-	if (sk != NULL) sk_pop_free(sk,X509_free);
+	if (sk != NULL) sk_X509_pop_free(sk,X509_free);
 	return(ret);
 	}
 
-int ssl3_send_server_certificate(s)
-SSL *s;
+int ssl3_send_server_certificate(SSL *s)
 	{
 	unsigned long l;
 	X509 *x;
@@ -1658,9 +2419,13 @@ SSL *s;
 	if (s->state == SSL3_ST_SW_CERT_A)
 		{
 		x=ssl_get_server_send_cert(s);
-		if (x == NULL)
+		if (x == NULL &&
+                        /* VRS: allow null cert if auth == KRB5 */
+                        (s->s3->tmp.new_cipher->algorithms
+                                & (SSL_MKEY_MASK|SSL_AUTH_MASK))
+                        != (SSL_aKRB5|SSL_kKRB5))
 			{
-			SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,SSL_R_INTERNAL_ERROR);
+			SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
 			return(0);
 			}
 
@@ -1673,3 +2438,66 @@ SSL *s;
 	/* SSL3_ST_SW_CERT_B */
 	return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
 	}
+
+
+#ifndef OPENSSL_NO_ECDH
+/* This is the complement of curve_id2nid in s3_clnt.c. */
+static int nid2curve_id(int nid)
+{
+	/* ECC curves from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
+	switch (nid) {
+	case NID_sect163k1: /* sect163k1 (1) */
+		return 1;
+	case NID_sect163r1: /* sect163r1 (2) */
+		return 2;
+	case NID_sect163r2: /* sect163r2 (3) */
+		return 3;
+	case NID_sect193r1: /* sect193r1 (4) */ 
+		return 4;
+	case NID_sect193r2: /* sect193r2 (5) */ 
+		return 5;
+	case NID_sect233k1: /* sect233k1 (6) */
+		return 6;
+	case NID_sect233r1: /* sect233r1 (7) */ 
+		return 7;
+	case NID_sect239k1: /* sect239k1 (8) */ 
+		return 8;
+	case NID_sect283k1: /* sect283k1 (9) */
+		return 9;
+	case NID_sect283r1: /* sect283r1 (10) */ 
+		return 10;
+	case NID_sect409k1: /* sect409k1 (11) */ 
+		return 11;
+	case NID_sect409r1: /* sect409r1 (12) */
+		return 12;
+	case NID_sect571k1: /* sect571k1 (13) */ 
+		return 13;
+	case NID_sect571r1: /* sect571r1 (14) */ 
+		return 14;
+	case NID_secp160k1: /* secp160k1 (15) */
+		return 15;
+	case NID_secp160r1: /* secp160r1 (16) */ 
+		return 16;
+	case NID_secp160r2: /* secp160r2 (17) */ 
+		return 17;
+	case NID_secp192k1: /* secp192k1 (18) */
+		return 18;
+	case NID_X9_62_prime192v1: /* secp192r1 (19) */ 
+		return 19;
+	case NID_secp224k1: /* secp224k1 (20) */ 
+		return 20;
+	case NID_secp224r1: /* secp224r1 (21) */
+		return 21;
+	case NID_secp256k1: /* secp256k1 (22) */ 
+		return 22;
+	case NID_X9_62_prime256v1: /* secp256r1 (23) */ 
+		return 23;
+	case NID_secp384r1: /* secp384r1 (24) */
+		return 24;
+	case NID_secp521r1:  /* secp521r1 (25) */	
+		return 25;
+	default:
+		return 0;
+	}
+}
+#endif
diff --git a/ssl/ssl-lib.com b/ssl/ssl-lib.com
new file mode 100644
index 0000000000..163ade9f7a
--- /dev/null
+++ b/ssl/ssl-lib.com
@@ -0,0 +1,1053 @@
+$!
+$!  SSL-LIB.COM
+$!  Written By:  Robert Byer
+$!               Vice-President
+$!               A-Com Computing, Inc.
+$!               byer@mail.all-net.net
+$!
+$!  Changes by Richard Levitte <richard@levitte.org>
+$!
+$!  This command file compiles and creates the "[.xxx.EXE.SSL]LIBSSL.OLB" 
+$!  library for OpenSSL.  The "xxx" denotes the machine architecture of AXP 
+$!  or VAX.
+$!
+$!  It is written to detect what type of machine you are compiling on
+$!  (i.e. AXP or VAX) and which "C" compiler you have (i.e. VAXC, DECC 
+$!  or GNU C) or you can specify which compiler to use.
+$!
+$!  Specify the following as P1 to build just that part or ALL to just
+$!  build everything.
+$!
+$!    		LIBRARY    To just compile the [.xxx.EXE.SSL]LIBSSL.OLB Library.
+$!    		SSL_TASK   To just compile the [.xxx.EXE.SSL]SSL_TASK.EXE
+$!
+$!  Specify DEBUG or NODEBUG as P2 to compile with or without debugger
+$!  information.
+$!
+$!  Specify which compiler at P3 to try to compile under.
+$!
+$!	   VAXC	 For VAX C.
+$!	   DECC	 For DEC C.
+$!	   GNUC	 For GNU C.
+$!
+$!  If you don't speficy a compiler, it will try to determine which
+$!  "C" compiler to use.
+$!
+$!  P4, if defined, sets a TCP/IP library to use, through one of the following
+$!  keywords:
+$!
+$!	UCX		for UCX
+$!	TCPIP		for TCPIP (post UCX)
+$!	SOCKETSHR	for SOCKETSHR+NETLIB
+$!
+$!  P5, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$!
+$!
+$! Define A TCP/IP Library That We Will Need To Link To.
+$! (That Is, If We Need To Link To One.)
+$!
+$ TCPIP_LIB = ""
+$!
+$! Check Which Architecture We Are Using.
+$!
+$ IF (F$GETSYI("CPU").GE.128)
+$ THEN
+$!
+$!  The Architecture Is AXP.
+$!
+$   ARCH := AXP
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  The Architecture Is VAX.
+$!
+$   ARCH := VAX
+$!
+$! End The Architecture Check.
+$!
+$ ENDIF
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
+$! Initialise logical names and such
+$!
+$ GOSUB INITIALISE
+$!
+$! Tell The User What Kind of Machine We Run On.
+$!
+$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$!
+$! Define The OBJ Directory.
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.SSL]
+$!
+$! Check To See If The Architecture Specific OBJ Directory Exists.
+$!
+$ IF (F$PARSE(OBJ_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIR 'OBJ_DIR'
+$!
+$! End The Architecture Specific OBJ Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The EXE Directory.
+$!
+$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.SSL]
+$!
+$! Check To See If The Architecture Specific Directory Exists.
+$!
+$ IF (F$PARSE(EXE_DIR).EQS."")
+$ THEN
+$!
+$!  It Dosen't Exist, So Create It.
+$!
+$   CREATE/DIR 'EXE_DIR'
+$!
+$! End The Architecture Specific Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The Library Name.
+$!
+$ SSL_LIB := 'EXE_DIR'LIBSSL.OLB
+$!
+$! Define The CRYPTO-LIB We Are To Use.
+$!
+$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
+$!
+$! Check To See What We Are To Do.
+$!
+$ IF (BUILDALL.EQS."TRUE")
+$ THEN
+$!
+$!  Since Nothing Special Was Specified, Do Everything.
+$!
+$   GOSUB LIBRARY
+$   GOSUB SSL_TASK
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Build Just What The User Wants Us To Build.
+$!
+$   GOSUB 'BUILDALL'
+$!
+$! End The BUILDALL Check.
+$!
+$ ENDIF
+$!
+$! Time To EXIT.
+$!
+$ EXIT:
+$ GOSUB CLEANUP
+$ EXIT   
+$!
+$! Compile The Library.
+$!
+$ LIBRARY:
+$!
+$! Check To See If We Already Have A "[.xxx.EXE.SSL]LIBSSL.OLB" Library...
+$!
+$ IF (F$SEARCH(SSL_LIB).EQS."")
+$ THEN
+$!
+$! Guess Not, Create The Library.
+$!
+$   LIBRARY/CREATE/OBJECT 'SSL_LIB'
+$!
+$! End The Library Exist Check.
+$!
+$ ENDIF
+$!
+$! Define The Different SSL "library" Files.
+$!
+$ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -
+	    "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ -
+	    "s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -
+	    "t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ -
+	    "ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -
+	    "ssl_ciph,ssl_stat,ssl_rsa,"+ -
+	    "ssl_asn1,ssl_txt,ssl_algs,"+ -
+	    "bio_ssl,ssl_err,kssl"
+$!
+$! Tell The User That We Are Compiling The Library.
+$!
+$ WRITE SYS$OUTPUT "Building The ",SSL_LIB," Library."
+$!
+$! Define A File Counter And Set It To "0"
+$!
+$ FILE_COUNTER = 0
+$!
+$! Top Of The File Loop.
+$!
+$ NEXT_FILE:
+$!
+$! O.K, Extract The File Name From The File List.
+$!
+$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_SSL)
+$!
+$! Check To See If We Are At The End Of The File List.
+$!
+$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE
+$!
+$! Increment The Counter.
+$!
+$ FILE_COUNTER = FILE_COUNTER + 1
+$!
+$! Create The Source File Name.
+$!
+$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
+$!
+$! Create The Object File Name.
+$!
+$ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ"
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$! Check To See If The File We Want To Compile Is Actually There.
+$!
+$ IF (F$SEARCH(SOURCE_FILE).EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The File Exists Check.
+$!
+$ ENDIF
+$!
+$!  Tell The User What File We Are Compiling.
+$!
+$ WRITE SYS$OUTPUT "	",FILE_NAME,".c"
+$!
+$! Compile The File.
+$!
+$ ON ERROR THEN GOTO NEXT_FILE
+$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$!
+$! Add It To The Library.
+$!
+$ LIBRARY/REPLACE/OBJECT 'SSL_LIB' 'OBJECT_FILE'
+$!
+$! Time To Clean Up The Object File.
+$!
+$ DELETE 'OBJECT_FILE';*
+$!
+$! Go Back And Get The Next File Name.
+$!
+$ GOTO NEXT_FILE
+$!
+$! All Done With This Library.
+$!
+$ FILE_DONE:
+$!
+$! Tell The User That We Are All Done.
+$!
+$ WRITE SYS$OUTPUT "Library ",SSL_LIB," Compiled."
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$ SSL_TASK:
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Check To See If The File We Want To Compile Is Actually There.
+$!
+$ IF (F$SEARCH("SYS$DISK:[]SSL_TASK.C").EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File SSL_TASK.C Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   EXIT
+$!
+$! End The SSL_TASK.C File Check.
+$!
+$ ENDIF
+$!
+$! Tell The User We Are Creating The SSL_TASK.
+$!
+$ WRITE SYS$OUTPUT "Creating SSL_TASK OSU HTTP SSL Engine."	
+$!
+$! Compile The File.
+$!
+$ ON ERROR THEN GOTO SSL_TASK_END
+$ CC5/OBJECT='OBJ_DIR'SSL_TASK.OBJ SYS$DISK:[]SSL_TASK.C
+$!
+$! Link The Program.
+$! Check To See If We Are To Link With A Specific TCP/IP Library.
+$!
+$ IF (TCPIP_LIB.NES."")
+$ THEN
+$!
+$!  Link With TCP/IP Library.
+$!
+$   LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE -
+        'OBJ_DIR'SSL_TASK.OBJ, -
+	'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
+        'TCPIP_LIB','OPT_FILE'/OPTION
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Don't Link With TCP/IP Library.
+$!
+$   LINK/'DEBUGGER'/'TRACEBACK'/EXE='EXE_DIR'SSL_TASK.EXE -
+        'OBJ_DIR'SSL_TASK.OBJ,-
+	'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
+        'OPT_FILE'/OPTION
+$!
+$! End The TCP/IP Library Check.
+$!
+$ ENDIF
+$!
+$! Time To Return.
+$!
+$SSL_TASK_END:
+$ RETURN
+$!
+$! Check For The Link Option FIle.
+$!
+$ CHECK_OPT_FILE:
+$!
+$! Check To See If We Need To Make A VAX C Option File.
+$!
+$ IF (COMPILER.EQS."VAXC")
+$ THEN
+$!
+$!  Check To See If We Already Have A VAX C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A VAX C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable VAX C Runtime Library.
+!
+SYS$SHARE:VAXCRTL.EXE/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The VAXC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A GNU C Option File.
+$!
+$ IF (COMPILER.EQS."GNUC")
+$ THEN
+$!
+$!  Check To See If We Already Have A GNU C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A GNU C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable C Runtime Library.
+!
+GNU_CC:[000000]GCCLIB/LIBRARY
+SYS$SHARE:VAXCRTL/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A DEC C Option File.
+$!
+$ IF (COMPILER.EQS."DECC")
+$ THEN
+$!
+$!  Check To See If We Already Have A DEC C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!
+$     IF (ARCH.EQS."VAX")
+$     THEN
+$!
+$!      We Need A DEC C Linker Option File For VAX.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable DEC C Runtime Library.
+!
+SYS$SHARE:DECC$SHR.EXE/SHARE
+$EOD
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Create The AXP Linker Option File.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File For AXP To Link Agianst 
+! The Sharable C Runtime Library.
+!
+SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
+SYS$SHARE:CMA$OPEN_RTL/SHARE
+$EOD
+$!
+$!    End The VAX/AXP DEC C Option File Check.
+$!
+$     ENDIF
+$!
+$!  End The Option File Search.
+$!
+$   ENDIF
+$!
+$! End The DEC C Check.
+$!
+$ ENDIF
+$!
+$!  Tell The User What Linker Option File We Are Using.
+$!
+$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."	
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$ LIB_CHECK:
+$!
+$! Look For The VAX Library LIBSSL.OLB.
+$!
+$ IF (F$SEARCH(SSL_LIB).EQS."")
+$ THEN
+$!
+$!  Tell The User We Can't Find The LIBSSL.OLB Library.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "Can't Find The Library ",SSL_LIB,"."
+$   WRITE SYS$OUTPUT "We Can't Link Without It."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Since We Can't Link Without It, Exit.
+$!
+$   EXIT
+$!
+$! End The LIBSSL.OLB Library Check.
+$!
+$ ENDIF
+$!
+$! Look For The Library LIBCRYPTO.OLB.
+$!
+$ IF (F$SEARCH(CRYPTO_LIB).EQS."")
+$ THEN
+$!
+$!  Tell The User We Can't Find The LIBCRYPTO.OLB Library.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "Can't Find The Library ",CRYPTO_LIB,"."
+$   WRITE SYS$OUTPUT "We Can't Link Without It."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Since We Can't Link Without It, Exit.
+$!
+$   EXIT
+$!
+$! End The LIBCRYPTO.OLB Library Check.
+$!
+$ ENDIF
+$!
+$! Time To Return.
+$!
+$ RETURN
+$!
+$! Check The User's Options.
+$!
+$ CHECK_OPTIONS:
+$!
+$! Check To See If P1 Is Blank.
+$!
+$ IF (P1.EQS."ALL")
+$ THEN
+$!
+$!   P1 Is Blank, So Build Everything.
+$!
+$    BUILDALL = "TRUE"
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Else, Check To See If P1 Has A Valid Arguement.
+$!
+$   IF (P1.EQS."LIBRARY").OR.(P1.EQS."SSL_TASK")
+$   THEN
+$!
+$!    A Valid Arguement.
+$!
+$     BUILDALL = P1
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User We Don't Know What They Want.
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    ALL      :  Just Build Everything."
+$     WRITE SYS$OUTPUT "    LIBRARY  :  To Compile Just The [.xxx.EXE.SSL]LIBSSL.OLB Library."
+$     WRITE SYS$OUTPUT "    SSL_TASK :  To Compile Just The [.xxx.EXE.SSL]SSL_TASK.EXE Program."
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT " Where 'xxx' Stands For:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "        AXP  :  Alpha Architecture."
+$     WRITE SYS$OUTPUT "        VAX  :  VAX Architecture."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P1 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P2 Is Blank.
+$!
+$ IF (P2.EQS."NODEBUG")
+$ THEN
+$!
+$!   P2 Is NODEBUG, So Compile Without Debugger Information.
+$!
+$    DEBUGGER  = "NODEBUG"
+$    TRACEBACK = "NOTRACEBACK" 
+$    GCC_OPTIMIZE = "OPTIMIZE"
+$    CC_OPTIMIZE = "OPTIMIZE"
+$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Check To See If We Are To Compile With Debugger Information.
+$!
+$   IF (P2.EQS."DEBUG")
+$   THEN
+$!
+$!    Compile With Debugger Information.
+$!
+$     DEBUGGER  = "DEBUG"
+$     TRACEBACK = "TRACEBACK"
+$     GCC_OPTIMIZE = "NOOPTIMIZE"
+$     CC_OPTIMIZE = "NOOPTIMIZE"
+$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
+$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
+$   ELSE
+$!
+$!    Tell The User Entered An Invalid Option..
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    DEBUG    :  Compile With The Debugger Information."
+$     WRITE SYS$OUTPUT "    NODEBUG  :  Compile Without The Debugger Information."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P2 Check.
+$!
+$ ENDIF
+$!
+$! Special Threads For OpenVMS v7.1 Or Later
+$!
+$! Written By:  Richard Levitte
+$!              richard@levitte.org
+$!
+$!
+$! Check To See If We Have A Option For P5.
+$!
+$ IF (P5.EQS."")
+$ THEN
+$!
+$!  Get The Version Of VMS We Are Using.
+$!
+$   ISSEVEN :=
+$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
+$!
+$!  Check To See If The VMS Version Is v7.1 Or Later.
+$!
+$   IF (TMP.GE.71)
+$   THEN
+$!
+$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
+$!
+$     ISSEVEN := ,PTHREAD_USE_D4
+$!
+$!  End The VMS Version Check.
+$!
+$   ENDIF
+$!
+$! End The P5 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P3 Is Blank.
+$!
+$ IF (P3.EQS."")
+$ THEN
+$!
+$!  O.K., The User Didn't Specify A Compiler, Let's Try To
+$!  Find Out Which One To Use.
+$!
+$!  Check To See If We Have GNU C.
+$!
+$   IF (F$TRNLNM("GNU_CC").NES."")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     P3 = "GNUC"
+$!
+$!  End The GNU C Compiler Check.
+$!
+$   ELSE
+$!
+$!  Check To See If We Have VAXC Or DECC.
+$!
+$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     THEN 
+$!
+$!      Looks Like DECC, Set To Use DECC.
+$!
+$       P3 = "DECC"
+$!
+$!      Else...
+$!
+$     ELSE
+$!
+$!      Looks Like VAXC, Set To Use VAXC.
+$!
+$       P3 = "VAXC"
+$!
+$!    End The VAXC Compiler Check.
+$!
+$     ENDIF
+$!
+$!  End The DECC & VAXC Compiler Check.
+$!
+$   ENDIF
+$!
+$!  End The Compiler Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Have A Option For P4.
+$!
+$ IF (P4.EQS."")
+$ THEN
+$!
+$!  Find out what socket library we have available
+$!
+$   IF F$PARSE("SOCKETSHR:") .NES. ""
+$   THEN
+$!
+$!    We have SOCKETSHR, and it is my opinion that it's the best to use.
+$!
+$     P4 = "SOCKETSHR"
+$!
+$!    Tell the user
+$!
+$     WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
+$!
+$!    Else, let's look for something else
+$!
+$   ELSE
+$!
+$!    Like UCX (the reason to do this before Multinet is that the UCX
+$!    emulation is easier to use...)
+$!
+$     IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
+	 .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
+	 .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
+$     THEN
+$!
+$!	Last resort: a UCX or UCX-compatible library
+$!
+$	P4 = "UCX"
+$!
+$!      Tell the user
+$!
+$       WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
+$!
+$!	That was all...
+$!
+$     ENDIF
+$   ENDIF
+$ ENDIF
+$!
+$! Set Up Initial CC Definitions, Possibly With User Ones
+$!
+$ CCDEFS = "TCPIP_TYPE_''P4'"
+$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
+$ CCEXTRAFLAGS = ""
+$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
+	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
+$!
+$!  Check To See If The User Entered A Valid Paramter.
+$!
+$ IF (P3.EQS."VAXC").OR.(P3.EQS."DECC").OR.(P3.EQS."GNUC")
+$ THEN
+$!
+$!  Check To See If The User Wanted DECC.
+$!
+$   IF (P3.EQS."DECC")
+$   THEN
+$!
+$!    Looks Like DECC, Set To Use DECC.
+$!
+$     COMPILER = "DECC"
+$!
+$!    Tell The User We Are Using DECC.
+$!
+$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$!    Use DECC...
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
+	 THEN CC = "CC/DECC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+           "/NOLIST/PREFIX=ALL" + -
+	   "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$!
+$!  End DECC Check.
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use VAXC.
+$!
+$   IF (P3.EQS."VAXC")
+$   THEN
+$!
+$!    Looks Like VAXC, Set To Use VAXC.
+$!
+$     COMPILER = "VAXC"
+$!
+$!    Tell The User We Are Using VAX C.
+$!
+$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$!    Compile Using VAXC.
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."AXP"
+$     THEN
+$	WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$	EXIT
+$     ENDIF
+$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+	   "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS
+$     CCDEFS = CCDEFS + ",""VAXC"""
+$!
+$!    Define <sys> As SYS$COMMON:[SYSLIB]
+$!
+$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$!
+$!  End VAXC Check
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use GNU C.
+$!
+$   IF (P3.EQS."GNUC")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     COMPILER = "GNUC"
+$!
+$!    Tell The User We Are Using GNUC.
+$!
+$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$!    Use GNU C...
+$!
+$     IF F$TYPE(GCC) .EQS. "" THEN GCC := GCC
+$     CC = GCC+"/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+	   "/INCLUDE=(SYS$DISK:[-.CRYPTO],SYS$DISK:[-])" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$!
+$!  End The GNU C Check.
+$!
+$   ENDIF
+$!
+$!  Set up default defines
+$!
+$   CCDEFS = """FLAT_INC=1""," + CCDEFS
+$!
+$!  Finish up the definition of CC.
+$!
+$   IF COMPILER .EQS. "DECC"
+$   THEN
+$     IF CCDISABLEWARNINGS .EQS. ""
+$     THEN
+$       CC4DISABLEWARNINGS = "DOLLARID"
+$     ELSE
+$       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
+$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$     ENDIF
+$     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$   ELSE
+$     CCDISABLEWARNINGS = ""
+$     CC4DISABLEWARNINGS = ""
+$   ENDIF
+$   CC2 = CC + "/DEFINE=(" + CCDEFS + ",_POSIX_C_SOURCE)" + CCDISABLEWARNINGS
+$   CC3 = CC + "/DEFINE=(" + CCDEFS + ISSEVEN + ")" + CCDISABLEWARNINGS
+$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$   IF COMPILER .EQS. "DECC"
+$   THEN
+$     CC4 = CC - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
+$     CC5 = CC3 - CCDISABLEWARNINGS + CC4DISABLEWARNINGS
+$   ELSE
+$     CC4 = CC
+$     CC5 = CC3
+$   ENDIF
+$!
+$!  Show user the result
+$!
+$   WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
+$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
+$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$ ENDIF
+$!
+$! Time to check the contents, and to make sure we get the correct library.
+$!
+$ IF P4.EQS."SOCKETSHR" .OR. P4.EQS."MULTINET" .OR. P4.EQS."UCX" -
+     .OR. P4.EQS."TCPIP" .OR. P4.EQS."NONE"
+$ THEN
+$!
+$!  Check to see if SOCKETSHR was chosen
+$!
+$   IF P4.EQS."SOCKETSHR"
+$   THEN
+$!
+$!    Set the library to use SOCKETSHR
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$!
+$!    Done with SOCKETSHR
+$!
+$   ENDIF
+$!
+$!  Check to see if MULTINET was chosen
+$!
+$   IF P4.EQS."MULTINET"
+$   THEN
+$!
+$!    Set the library to use UCX emulation.
+$!
+$     P4 = "UCX"
+$!
+$!    Done with MULTINET
+$!
+$   ENDIF
+$!
+$!  Check to see if UCX was chosen
+$!
+$   IF P4.EQS."UCX"
+$   THEN
+$!
+$!    Set the library to use UCX.
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
+$     THEN
+$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$     ELSE
+$       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
+	  TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+$     ENDIF
+$!
+$!    Done with UCX
+$!
+$   ENDIF
+$!
+$!  Check to see if TCPIP was chosen
+$!
+$   IF P4.EQS."TCPIP"
+$   THEN
+$!
+$!    Set the library to use TCPIP (post UCX).
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$!
+$!    Done with TCPIP
+$!
+$   ENDIF
+$!
+$!  Check to see if NONE was chosen
+$!
+$   IF P4.EQS."NONE"
+$   THEN
+$!
+$!    Do not use a TCPIP library.
+$!
+$     TCPIP_LIB = ""
+$!
+$!    Done with NONE
+$!
+$   ENDIF
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P4," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
+$   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
+$   WRITE SYS$OUTPUT "    TCPIP      :  To link with TCPIP (post UCX) TCP/IP library."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$!
+$!  Done with TCP/IP libraries
+$!
+$ ENDIF
+$!
+$!  Time To RETURN...
+$!
+$ RETURN
+$!
+$ INITIALISE:
+$!
+$! Save old value of the logical name OPENSSL
+$!
+$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
+$!
+$! Save directory information
+$!
+$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
+$ __HERE = F$EDIT(__HERE,"UPCASE")
+$ __TOP = __HERE - "SSL]"
+$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
+$!
+$! Set up the logical name OPENSSL to point at the include directory
+$!
+$ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$!
+$! Done
+$!
+$ RETURN
+$!
+$ CLEANUP:
+$!
+$! Restore the logical name OPENSSL if it had a value
+$!
+$ IF __SAVE_OPENSSL .EQS. ""
+$ THEN
+$   DEASSIGN OPENSSL
+$ ELSE
+$   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
+$ ENDIF
+$!
+$! Done
+$!
+$ RETURN
diff --git a/ssl/ssl.c b/ssl/ssl.c
deleted file mode 100644
index 1f769a18f2..0000000000
--- a/ssl/ssl.c
+++ /dev/null
@@ -1,162 +0,0 @@
-/* ssl/ssl.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#define USE_SOCKETS
-#include "../e_os.h"
-
-#include "buffer.h"
-#include "stack.h"
-#include "lhash.h"
-
-#include "bio.h"
-#include "err.h"
-
-#include "bn.h"
-
-#include "rand.h"
-#include "conf.h"
-#include "txt_db.h"
-
-#include "err.h"
-#include "evp.h"
-
-#include "x509.h"
-#include "pkcs7.h"
-#include "pem.h"
-#include "asn1.h"
-#include "objects.h"
-
-#include "ssl_locl.h"
-
-#if !(BUILD_SSLV23) && !defined(BUILD_SSLV2) && !defined(BUILD_SSLV3) && !defined(BUILD_SSL_COMMON) && !defined(BUILD_SSL_BIO) && !defined(BUILD_SSL_OPTIONAL)
-#define BUILD_SSLV23
-#define BUILD_SSLV2
-#define BUILD_SSLV3
-#define BUILD_SSL_COMMON
-#define BUILD_SSL_BIO
-#define BUILD_SSL_OPTIONAL
-#endif
-
-#ifdef NO_RSA
-#undef BUILD_SSLV2
-#undef BUILD_SSLV23
-#endif
-
-#ifdef NO_SSL2
-#undef BUILD_SSLV2
-#undef BUILD_SSLV23
-#endif
-
-#ifdef NO_SSL3
-#undef BUILD_SSL3
-#undef BUILD_SSLV23
-#endif
-
-#ifdef BUILD_SSLV23
-#include "s23_clnt.c"
-#include "s23_srvr.c"
-#include "s23_pkt.c"
-#include "s23_lib.c"
-#include "s23_meth.c"
-#endif
-
-#ifdef BUILD_SSLV2
-#include "s2_clnt.c"
-#include "s2_srvr.c"
-#include "s2_pkt.c"
-#include "s2_enc.c"
-#include "s2_lib.c"
-#include "s2_meth.c"
-#endif
-
-#ifdef BUILD_SSLV3
-#include "s3_clnt.c"
-#include "s3_both.c"
-#include "s3_srvr.c"
-#include "s3_pkt.c"
-#include "s3_enc.c"
-#include "s3_lib.c"
-#include "s3_meth.c"
-#endif
-
-#ifdef BUILD_SSL_COMMON
-#include "ssl_lib.c"
-#include "ssl_algs.c"
-#include "ssl_cert.c"
-#include "ssl_ciph.c"
-#include "ssl_sess.c"
-#include "ssl_rsa.c"
-#endif
-
-/* Extra things */
-#ifdef BUILD_SSL_BIO
-#include "bio_ssl.c"
-#endif
-
-#ifdef BUILD_SSL_OPTIONAL
-#include "ssl_asn1.c"
-#include "ssl_txt.c"
-#include "ssl_stat.c"
-#include "ssl_err.c"
-#include "ssl_err2.c"
-#endif
-
diff --git a/ssl/ssl.err b/ssl/ssl.err
deleted file mode 100644
index 10ca9c5342..0000000000
--- a/ssl/ssl.err
+++ /dev/null
@@ -1,306 +0,0 @@
-/* Error codes for the SSL functions. */
-
-/* Function codes. */
-#define SSL_F_CLIENT_CERTIFICATE			 100
-#define SSL_F_CLIENT_HELLO				 101
-#define SSL_F_CLIENT_MASTER_KEY				 102
-#define SSL_F_D2I_SSL_SESSION				 103
-#define SSL_F_DO_SSL3_WRITE				 104
-#define SSL_F_GET_CLIENT_FINISHED			 105
-#define SSL_F_GET_CLIENT_HELLO				 106
-#define SSL_F_GET_CLIENT_MASTER_KEY			 107
-#define SSL_F_GET_SERVER_FINISHED			 108
-#define SSL_F_GET_SERVER_HELLO				 109
-#define SSL_F_GET_SERVER_VERIFY				 110
-#define SSL_F_I2D_SSL_SESSION				 111
-#define SSL_F_READ_N					 112
-#define SSL_F_REQUEST_CERTIFICATE			 113
-#define SSL_F_SERVER_HELLO				 114
-#define SSL_F_SSL23_ACCEPT				 115
-#define SSL_F_SSL23_CLIENT_HELLO			 116
-#define SSL_F_SSL23_CONNECT				 117
-#define SSL_F_SSL23_GET_CLIENT_HELLO			 118
-#define SSL_F_SSL23_GET_SERVER_HELLO			 119
-#define SSL_F_SSL23_READ				 120
-#define SSL_F_SSL23_WRITE				 121
-#define SSL_F_SSL2_ACCEPT				 122
-#define SSL_F_SSL2_CONNECT				 123
-#define SSL_F_SSL2_ENC_INIT				 124
-#define SSL_F_SSL2_READ					 125
-#define SSL_F_SSL2_SET_CERTIFICATE			 126
-#define SSL_F_SSL2_WRITE				 127
-#define SSL_F_SSL3_ACCEPT				 128
-#define SSL_F_SSL3_CHANGE_CIPHER_STATE			 129
-#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM		 130
-#define SSL_F_SSL3_CLIENT_HELLO				 131
-#define SSL_F_SSL3_CONNECT				 132
-#define SSL_F_SSL3_CTX_CTRL				 133
-#define SSL_F_SSL3_ENC					 134
-#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST		 135
-#define SSL_F_SSL3_GET_CERT_VERIFY			 136
-#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE		 137
-#define SSL_F_SSL3_GET_CLIENT_HELLO			 138
-#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE		 139
-#define SSL_F_SSL3_GET_FINISHED				 140
-#define SSL_F_SSL3_GET_KEY_EXCHANGE			 141
-#define SSL_F_SSL3_GET_MESSAGE				 142
-#define SSL_F_SSL3_GET_RECORD				 143
-#define SSL_F_SSL3_GET_SERVER_CERTIFICATE		 144
-#define SSL_F_SSL3_GET_SERVER_DONE			 145
-#define SSL_F_SSL3_GET_SERVER_HELLO			 146
-#define SSL_F_SSL3_OUTPUT_CERT_CHAIN			 147
-#define SSL_F_SSL3_READ_BYTES				 148
-#define SSL_F_SSL3_READ_N				 149
-#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST		 150
-#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE		 151
-#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE		 152
-#define SSL_F_SSL3_SEND_CLIENT_VERIFY			 153
-#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE		 154
-#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE		 155
-#define SSL_F_SSL3_SETUP_BUFFERS			 156
-#define SSL_F_SSL3_SETUP_KEY_BLOCK			 157
-#define SSL_F_SSL3_WRITE_BYTES				 158
-#define SSL_F_SSL3_WRITE_PENDING			 159
-#define SSL_F_SSL_BAD_METHOD				 160
-#define SSL_F_SSL_BYTES_TO_CIPHER_LIST			 161
-#define SSL_F_SSL_CERT_NEW				 162
-#define SSL_F_SSL_CHECK_PRIVATE_KEY			 163
-#define SSL_F_SSL_CREATE_CIPHER_LIST			 164
-#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY			 165
-#define SSL_F_SSL_CTX_NEW				 166
-#define SSL_F_SSL_CTX_SET_SSL_VERSION			 167
-#define SSL_F_SSL_CTX_USE_CERTIFICATE			 168
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1		 169
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE		 170
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY			 171
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1		 172
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE		 173
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY			 174
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1		 175
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE		 176
-#define SSL_F_SSL_DO_HANDSHAKE				 177
-#define SSL_F_SSL_GET_NEW_SESSION			 178
-#define SSL_F_SSL_GET_SERVER_SEND_CERT			 179
-#define SSL_F_SSL_GET_SIGN_PKEY				 180
-#define SSL_F_SSL_INIT_WBIO_BUFFER			 181
-#define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 182
-#define SSL_F_SSL_NEW					 183
-#define SSL_F_SSL_RSA_PRIVATE_DECRYPT			 184
-#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT			 185
-#define SSL_F_SSL_SESSION_NEW				 186
-#define SSL_F_SSL_SESSION_PRINT_FP			 187
-#define SSL_F_SSL_SET_CERT				 188
-#define SSL_F_SSL_SET_FD				 189
-#define SSL_F_SSL_SET_PKEY				 190
-#define SSL_F_SSL_SET_RFD				 191
-#define SSL_F_SSL_SET_SESSION				 192
-#define SSL_F_SSL_SET_WFD				 193
-#define SSL_F_SSL_UNDEFINED_FUNCTION			 194
-#define SSL_F_SSL_USE_CERTIFICATE			 195
-#define SSL_F_SSL_USE_CERTIFICATE_ASN1			 196
-#define SSL_F_SSL_USE_CERTIFICATE_FILE			 197
-#define SSL_F_SSL_USE_PRIVATEKEY			 198
-#define SSL_F_SSL_USE_PRIVATEKEY_ASN1			 199
-#define SSL_F_SSL_USE_PRIVATEKEY_FILE			 200
-#define SSL_F_SSL_USE_RSAPRIVATEKEY			 201
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1		 202
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE		 203
-#define SSL_F_SSL_VERIFY_CERT_CHAIN			 204
-#define SSL_F_SSL_WRITE					 205
-#define SSL_F_TLS1_CHANGE_CIPHER_STATE			 206
-#define SSL_F_TLS1_ENC					 207
-#define SSL_F_TLS1_SETUP_KEY_BLOCK			 208
-#define SSL_F_WRITE_PENDING				 209
-
-/* Reason codes. */
-#define SSL_R_APP_DATA_IN_HANDSHAKE			 100
-#define SSL_R_BAD_ALERT_RECORD				 101
-#define SSL_R_BAD_AUTHENTICATION_TYPE			 102
-#define SSL_R_BAD_CHANGE_CIPHER_SPEC			 103
-#define SSL_R_BAD_CHECKSUM				 104
-#define SSL_R_BAD_CLIENT_REQUEST			 105
-#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK		 106
-#define SSL_R_BAD_DECOMPRESSION				 107
-#define SSL_R_BAD_DH_G_LENGTH				 108
-#define SSL_R_BAD_DH_PUB_KEY_LENGTH			 109
-#define SSL_R_BAD_DH_P_LENGTH				 110
-#define SSL_R_BAD_DIGEST_LENGTH				 111
-#define SSL_R_BAD_DSA_SIGNATURE				 112
-#define SSL_R_BAD_MAC_DECODE				 113
-#define SSL_R_BAD_MESSAGE_TYPE				 114
-#define SSL_R_BAD_PACKET_LENGTH				 115
-#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER		 116
-#define SSL_R_BAD_RESPONSE_ARGUMENT			 117
-#define SSL_R_BAD_RSA_DECRYPT				 118
-#define SSL_R_BAD_RSA_ENCRYPT				 119
-#define SSL_R_BAD_RSA_E_LENGTH				 120
-#define SSL_R_BAD_RSA_MODULUS_LENGTH			 121
-#define SSL_R_BAD_RSA_SIGNATURE				 122
-#define SSL_R_BAD_SIGNATURE				 123
-#define SSL_R_BAD_SSL_FILETYPE				 124
-#define SSL_R_BAD_SSL_SESSION_ID_LENGTH			 125
-#define SSL_R_BAD_STATE					 126
-#define SSL_R_BAD_WRITE_RETRY				 127
-#define SSL_R_BIO_NOT_SET				 128
-#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG			 129
-#define SSL_R_BN_LIB					 130
-#define SSL_R_CA_DN_LENGTH_MISMATCH			 131
-#define SSL_R_CA_DN_TOO_LONG				 132
-#define SSL_R_CCS_RECEIVED_EARLY			 133
-#define SSL_R_CERTIFICATE_VERIFY_FAILED			 134
-#define SSL_R_CERT_LENGTH_MISMATCH			 135
-#define SSL_R_CHALLENGE_IS_DIFFERENT			 136
-#define SSL_R_CIPHER_CODE_WRONG_LENGTH			 137
-#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE		 138
-#define SSL_R_CIPHER_TABLE_SRC_ERROR			 139
-#define SSL_R_COMPRESSED_LENGTH_TOO_LONG		 140
-#define SSL_R_COMPRESSION_FAILURE			 141
-#define SSL_R_COMPRESSION_LIBRARY_ERROR			 142
-#define SSL_R_CONNECTION_ID_IS_DIFFERENT		 143
-#define SSL_R_CONNECTION_TYPE_NOT_SET			 144
-#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED		 145
-#define SSL_R_DATA_LENGTH_TOO_LONG			 146
-#define SSL_R_DECRYPTION_FAILED				 147
-#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 148
-#define SSL_R_DIGEST_CHECK_FAILED			 149
-#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 150
-#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST		 151
-#define SSL_R_EXCESSIVE_MESSAGE_SIZE			 152
-#define SSL_R_EXTRA_DATA_IN_MESSAGE			 153
-#define SSL_R_GOT_A_FIN_BEFORE_A_CCS			 154
-#define SSL_R_HTTPS_PROXY_REQUEST			 155
-#define SSL_R_HTTP_REQUEST				 156
-#define SSL_R_INTERNAL_ERROR				 157
-#define SSL_R_INVALID_CHALLENGE_LENGTH			 158
-#define SSL_R_LENGTH_MISMATCH				 159
-#define SSL_R_LENGTH_TOO_SHORT				 160
-#define SSL_R_LIBRARY_HAS_NO_CIPHERS			 161
-#define SSL_R_MISSING_DH_DSA_CERT			 162
-#define SSL_R_MISSING_DH_KEY				 163
-#define SSL_R_MISSING_DH_RSA_CERT			 164
-#define SSL_R_MISSING_DSA_SIGNING_CERT			 165
-#define SSL_R_MISSING_EXPORT_TMP_DH_KEY			 166
-#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY		 167
-#define SSL_R_MISSING_RSA_CERTIFICATE			 168
-#define SSL_R_MISSING_RSA_ENCRYPTING_CERT		 169
-#define SSL_R_MISSING_RSA_SIGNING_CERT			 170
-#define SSL_R_MISSING_TMP_DH_KEY			 171
-#define SSL_R_MISSING_TMP_RSA_KEY			 172
-#define SSL_R_MISSING_TMP_RSA_PKEY			 173
-#define SSL_R_MISSING_VERIFY_MESSAGE			 174
-#define SSL_R_NON_SSLV2_INITIAL_PACKET			 175
-#define SSL_R_NO_CERTIFICATES_RETURNED			 176
-#define SSL_R_NO_CERTIFICATE_ASSIGNED			 177
-#define SSL_R_NO_CERTIFICATE_RETURNED			 178
-#define SSL_R_NO_CERTIFICATE_SET			 179
-#define SSL_R_NO_CERTIFICATE_SPECIFIED			 180
-#define SSL_R_NO_CIPHERS_AVAILABLE			 181
-#define SSL_R_NO_CIPHERS_PASSED				 182
-#define SSL_R_NO_CIPHERS_SPECIFIED			 183
-#define SSL_R_NO_CIPHER_LIST				 184
-#define SSL_R_NO_CIPHER_MATCH				 185
-#define SSL_R_NO_CLIENT_CERT_RECEIVED			 186
-#define SSL_R_NO_COMPRESSION_SPECIFIED			 187
-#define SSL_R_NO_PRIVATEKEY				 188
-#define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 189
-#define SSL_R_NO_PROTOCOLS_AVAILABLE			 190
-#define SSL_R_NO_PUBLICKEY				 191
-#define SSL_R_NO_SHARED_CIPHER				 192
-#define SSL_R_NO_VERIFY_CALLBACK			 193
-#define SSL_R_NULL_SSL_CTX				 194
-#define SSL_R_NULL_SSL_METHOD_PASSED			 195
-#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED		 196
-#define SSL_R_PACKET_LENGTH_TOO_LONG			 197
-#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE		 198
-#define SSL_R_PEER_ERROR				 199
-#define SSL_R_PEER_ERROR_CERTIFICATE			 200
-#define SSL_R_PEER_ERROR_NO_CERTIFICATE			 201
-#define SSL_R_PEER_ERROR_NO_CIPHER			 202
-#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE	 203
-#define SSL_R_PRE_MAC_LENGTH_TOO_LONG			 204
-#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS		 205
-#define SSL_R_PROTOCOL_IS_SHUTDOWN			 206
-#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR			 207
-#define SSL_R_PUBLIC_KEY_IS_NOT_RSA			 208
-#define SSL_R_PUBLIC_KEY_NOT_RSA			 209
-#define SSL_R_READ_BIO_NOT_SET				 210
-#define SSL_R_READ_WRONG_PACKET_TYPE			 211
-#define SSL_R_RECORD_LENGTH_MISMATCH			 212
-#define SSL_R_RECORD_TOO_LARGE				 213
-#define SSL_R_REQUIRED_CIPHER_MISSING			 214
-#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO		 215
-#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO			 216
-#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO		 217
-#define SSL_R_SHORT_READ				 218
-#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 219
-#define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 220
-#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042
-#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED		 1045
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED		 1044
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN		 1046
-#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE		 1030
-#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE		 1040
-#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER		 1047
-#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE		 1041
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE	 221
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE	 222
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER		 223
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 224
-#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE		 1010
-#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE	 225
-#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE	 1043
-#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION	 226
-#define SSL_R_SSL_HANDSHAKE_FAILURE			 227
-#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS		 228
-#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT		 229
-#define SSL_R_TLSV1_ALERT_ACCESS_DENIED			 1049
-#define SSL_R_TLSV1_ALERT_DECODE_ERROR			 1050
-#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED		 1021
-#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR			 1051
-#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICION		 1060
-#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY		 1071
-#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR		 1080
-#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		 1100
-#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION		 1070
-#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW		 1022
-#define SSL_R_TLSV1_ALERT_UNKNOWN_CA			 1048
-#define SSL_R_TLSV1_ALERT_USER_CANCLED			 1090
-#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER	 230
-#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 231
-#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG	 232
-#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER		 233
-#define SSL_R_UNABLE_TO_DECODE_DH_CERTS			 234
-#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY		 235
-#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS		 236
-#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS	 237
-#define SSL_R_UNABLE_TO_FIND_SSL_METHOD			 238
-#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES		 239
-#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES		 240
-#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES		 241
-#define SSL_R_UNEXPECTED_MESSAGE			 242
-#define SSL_R_UNEXPECTED_RECORD				 243
-#define SSL_R_UNKNOWN_ALERT_TYPE			 244
-#define SSL_R_UNKNOWN_CERTIFICATE_TYPE			 245
-#define SSL_R_UNKNOWN_CIPHER_RETURNED			 246
-#define SSL_R_UNKNOWN_CIPHER_TYPE			 247
-#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE			 248
-#define SSL_R_UNKNOWN_PKEY_TYPE				 249
-#define SSL_R_UNKNOWN_PROTOCOL				 250
-#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE			 251
-#define SSL_R_UNKNOWN_SSL_VERSION			 252
-#define SSL_R_UNKNOWN_STATE				 253
-#define SSL_R_UNSUPPORTED_CIPHER			 254
-#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 255
-#define SSL_R_UNSUPPORTED_PROTOCOL			 256
-#define SSL_R_UNSUPPORTED_SSL_VERSION			 257
-#define SSL_R_WRITE_BIO_NOT_SET				 258
-#define SSL_R_WRONG_CIPHER_RETURNED			 259
-#define SSL_R_WRONG_MESSAGE_TYPE			 260
-#define SSL_R_WRONG_NUMBER_OF_KEY_BITS			 261
-#define SSL_R_WRONG_SIGNATURE_LENGTH			 262
-#define SSL_R_WRONG_SIGNATURE_SIZE			 263
-#define SSL_R_WRONG_SSL_VERSION				 264
-#define SSL_R_WRONG_VERSION_NUMBER			 265
-#define SSL_R_X509_LIB					 266
-#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS		 267
diff --git a/ssl/ssl.h b/ssl/ssl.h
index a308481ca9..ff572574fa 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -55,10 +55,136 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
 #ifndef HEADER_SSL_H 
 #define HEADER_SSL_H 
 
+#include <openssl/e_os2.h>
+
+#ifndef OPENSSL_NO_COMP
+#include <openssl/comp.h>
+#endif
+#ifndef OPENSSL_NO_BIO
+#include <openssl/bio.h>
+#endif
+#ifndef OPENSSL_NO_X509
+#include <openssl/x509.h>
+#endif
+#include <openssl/kssl.h>
+#include <openssl/safestack.h>
+#include <openssl/symhacks.h>
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -81,7 +207,34 @@ extern "C" {
 #define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5	
 #define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA	
 
+/*    VRS Additional Kerberos5 entries
+ */
+#define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
+#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
+#define SSL_TXT_KRB5_RC4_128_SHA      SSL3_TXT_KRB5_RC4_128_SHA
+#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
+#define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5       
+#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5       
+#define SSL_TXT_KRB5_RC4_128_MD5      SSL3_TXT_KRB5_RC4_128_MD5
+#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 
+
+#define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA 
+#define SSL_TXT_KRB5_RC2_40_CBC_SHA   SSL3_TXT_KRB5_RC2_40_CBC_SHA 
+#define SSL_TXT_KRB5_RC4_40_SHA	      SSL3_TXT_KRB5_RC4_40_SHA
+#define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5 
+#define SSL_TXT_KRB5_RC2_40_CBC_MD5   SSL3_TXT_KRB5_RC2_40_CBC_MD5 
+#define SSL_TXT_KRB5_RC4_40_MD5	      SSL3_TXT_KRB5_RC4_40_MD5
+
+#define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA
+#define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5
+#define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
+#define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5
+#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
+#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
+#define SSL_MAX_KRB5_PRINCIPAL_LENGTH  256
+
 #define SSL_MAX_SSL_SESSION_ID_LENGTH		32
+#define SSL_MAX_SID_CTX_LENGTH			32
 
 #define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES	(512/8)
 #define SSL_MAX_KEY_ARG_LENGTH			8
@@ -100,6 +253,10 @@ extern "C" {
 #define	SSL_TXT_eNULL		"eNULL"
 #define	SSL_TXT_NULL		"NULL"
 
+#define SSL_TXT_kKRB5     	"kKRB5"
+#define SSL_TXT_aKRB5     	"aKRB5"
+#define SSL_TXT_KRB5      	"KRB5"
+
 #define SSL_TXT_kRSA		"kRSA"
 #define SSL_TXT_kDHr		"kDHr"
 #define SSL_TXT_kDHd		"kDHd"
@@ -117,34 +274,62 @@ extern "C" {
 #define SSL_TXT_RC4		"RC4"
 #define SSL_TXT_RC2		"RC2"
 #define SSL_TXT_IDEA		"IDEA"
+#define SSL_TXT_AES		"AES"
 #define SSL_TXT_MD5		"MD5"
 #define SSL_TXT_SHA1		"SHA1"
 #define SSL_TXT_SHA		"SHA"
 #define SSL_TXT_EXP		"EXP"
 #define SSL_TXT_EXPORT		"EXPORT"
+#define SSL_TXT_EXP40		"EXPORT40"
+#define SSL_TXT_EXP56		"EXPORT56"
 #define SSL_TXT_SSLV2		"SSLv2"
 #define SSL_TXT_SSLV3		"SSLv3"
 #define SSL_TXT_TLSV1		"TLSv1"
 #define SSL_TXT_ALL		"ALL"
+#define SSL_TXT_ECC		"ECCdraft" /* ECC ciphersuites are not yet official */
+
+/*
+ * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
+ * ciphers normally not being used.
+ * Example: "RC4" will activate all ciphers using RC4 including ciphers
+ * without authentication, which would normally disabled by DEFAULT (due
+ * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
+ * will make sure that it is also disabled in the specific selection.
+ * COMPLEMENTOF* identifiers are portable between version, as adjustments
+ * to the default cipher setup will also be included here.
+ *
+ * COMPLEMENTOFDEFAULT does not experience the same special treatment that
+ * DEFAULT gets, as only selection is being done and no sorting as needed
+ * for DEFAULT.
+ */
+#define SSL_TXT_CMPALL		"COMPLEMENTOFALL"
+#define SSL_TXT_CMPDEF		"COMPLEMENTOFDEFAULT"
 
-/* 'DEFAULT' at the start of the cipher list insert the following string
- * in addition to this being the default cipher string */
-#ifndef NO_RSA
-#define SSL_DEFAULT_CIPHER_LIST	"ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
-#else
-#define SSL_ALLOW_ADH
-#define SSL_DEFAULT_CIPHER_LIST	"HIGH:MEDIUM:LOW:ADH+3DES:ADH+RC4:ADH+DES:+EXP"
-#endif
+/* The following cipher list is used by default.
+ * It also is substituted when an application-defined cipher list string
+ * starts with 'DEFAULT'. */
+#define SSL_DEFAULT_CIPHER_LIST	"ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */
 
 /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
 #define SSL_SENT_SHUTDOWN	1
 #define SSL_RECEIVED_SHUTDOWN	2
 
-#include "crypto.h"
-#include "lhash.h"
-#include "buffer.h"
-#include "bio.h"
-#include "x509.h"
+#ifdef __cplusplus
+}
+#endif
+
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/buffer.h>
+#include <openssl/pem.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2)
+#define OPENSSL_NO_SSL2
+#endif
 
 #define SSL_FILETYPE_ASN1	X509_FILETYPE_ASN1
 #define SSL_FILETYPE_PEM	X509_FILETYPE_PEM
@@ -158,38 +343,50 @@ typedef struct ssl_st *ssl_crock_st;
 typedef struct ssl_cipher_st
 	{
 	int valid;
-	char *name;			/* text name */
+	const char *name;		/* text name */
 	unsigned long id;		/* id, 4 bytes, first is version */
 	unsigned long algorithms;	/* what ciphers are used */
+	unsigned long algo_strength;	/* strength and export flags */
 	unsigned long algorithm2;	/* Extra flags */
+	int strength_bits;		/* Number of bits really used */
+	int alg_bits;			/* Number of bits for algorithm */
 	unsigned long mask;		/* used for matching */
+	unsigned long mask_strength;	/* also used for matching */
 	} SSL_CIPHER;
 
+DECLARE_STACK_OF(SSL_CIPHER)
+
+typedef struct ssl_st SSL;
+typedef struct ssl_ctx_st SSL_CTX;
+
 /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
 typedef struct ssl_method_st
 	{
 	int version;
-	int (*ssl_new)();
-	void (*ssl_clear)();
-	void (*ssl_free)();
-	int (*ssl_accept)();
-	int (*ssl_connect)();
-	int (*ssl_read)();
-	int (*ssl_peek)();
-	int (*ssl_write)();
-	int (*ssl_shutdown)();
-	int (*ssl_renegotiate)();
-	int (*ssl_renegotiate_check)();
-	long (*ssl_ctrl)();
-	long (*ssl_ctx_ctrl)();
-	SSL_CIPHER *(*get_cipher_by_char)();
-	int (*put_cipher_by_char)();
-	int (*ssl_pending)();
-	int (*num_ciphers)();
-	SSL_CIPHER *(*get_cipher)();
-	struct ssl_method_st *(*get_ssl_method)();
-	long (*get_timeout)();
+	int (*ssl_new)(SSL *s);
+	void (*ssl_clear)(SSL *s);
+	void (*ssl_free)(SSL *s);
+	int (*ssl_accept)(SSL *s);
+	int (*ssl_connect)(SSL *s);
+	int (*ssl_read)(SSL *s,void *buf,int len);
+	int (*ssl_peek)(SSL *s,void *buf,int len);
+	int (*ssl_write)(SSL *s,const void *buf,int len);
+	int (*ssl_shutdown)(SSL *s);
+	int (*ssl_renegotiate)(SSL *s);
+	int (*ssl_renegotiate_check)(SSL *s);
+	long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
+	long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
+	SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
+	int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
+	int (*ssl_pending)(SSL *s);
+	int (*num_ciphers)(void);
+	SSL_CIPHER *(*get_cipher)(unsigned ncipher);
+	struct ssl_method_st *(*get_ssl_method)(int version);
+	long (*get_timeout)(void);
 	struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
+	int (*ssl_version)();
+	long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)());
+	long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)());
 	} SSL_METHOD;
 
 /* Lets make this into an ASN.1 type structure as follows
@@ -199,11 +396,14 @@ typedef struct ssl_method_st
  *	Cipher 			OCTET_STRING,	-- the 3 byte cipher ID
  *	Session_ID 		OCTET_STRING,	-- the Session ID
  *	Master_key 		OCTET_STRING,	-- the master key
+ *	KRB5_principal		OCTET_STRING	-- optional Kerberos principal
  *	Key_Arg [ 0 ] IMPLICIT	OCTET_STRING,	-- the optional Key argument
  *	Time [ 1 ] EXPLICIT	INTEGER,	-- optional Start Time
  *	Timeout [ 2 ] EXPLICIT	INTEGER,	-- optional Timeout ins seconds
  *	Peer [ 3 ] EXPLICIT	X509,		-- optional Peer Certificate
- *	Compression [4] IMPLICIT ASN1_OBJECT	-- compression OID XXXXX
+ *	Session_ID_context [ 4 ] EXPLICIT OCTET_STRING,   -- the Session ID context
+ *	Verify_result [ 5 ] EXPLICIT INTEGER    -- X509_V_... code for `Peer'
+ *	Compression [6] IMPLICIT ASN1_OBJECT	-- compression OID XXXXX
  *	}
  * Look in ssl/ssl_asn1.c for more details
  * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
@@ -221,32 +421,43 @@ typedef struct ssl_session_st
 	/* session_id - valid? */
 	unsigned int session_id_length;
 	unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+	/* this is used to determine whether the session is being reused in
+	 * the appropriate context. It is up to the application to set this,
+	 * via SSL_new */
+	unsigned int sid_ctx_length;
+	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+
+#ifndef OPENSSL_NO_KRB5
+        unsigned int krb5_client_princ_len;
+        unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
+#endif /* OPENSSL_NO_KRB5 */
 
 	int not_resumable;
 
 	/* The cert is the certificate used to establish this connection */
-	struct cert_st /* CERT */ *cert;
+	struct sess_cert_st /* SESS_CERT */ *sess_cert;
 
-	/* This is the cert for the other end.  On servers, it will be
-	 * the same as cert->x509 */
+	/* This is the cert for the other end.
+	 * On clients, it will be the same as sess_cert->peer_key->x509
+	 * (the latter is not enough as sess_cert is not retained
+	 * in the external representation of sessions, see ssl_asn1.c). */
 	X509 *peer;
+	/* when app_verify_callback accepts a session where the peer's certificate
+	 * is not ok, we must remember the error for session reuse: */
+	long verify_result; /* only for servers */
 
 	int references;
 	long timeout;
 	long time;
 
-#ifdef HEADER_COMP_H
-	COMP_CTX *compress_meth;
-#else
-	char *compress_meth;
-#endif
+	int compress_meth;		/* Need to lookup the method */
 
 	SSL_CIPHER *cipher;
 	unsigned long cipher_id;	/* when ASN.1 loaded, this
 					 * needs to be used to load
 					 * the 'cipher' structure */
 
-	STACK /* SSL_CIPHER */ *ciphers; /* shared ciphers? */
+	STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */
 
 	CRYPTO_EX_DATA ex_data; /* application specific data */
 
@@ -255,6 +466,7 @@ typedef struct ssl_session_st
 	struct ssl_session_st *prev,*next;
 	} SSL_SESSION;
 
+
 #define SSL_OP_MICROSOFT_SESS_ID_BUG			0x00000001L
 #define SSL_OP_NETSCAPE_CHALLENGE_BUG			0x00000002L
 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
@@ -265,49 +477,138 @@ typedef struct ssl_session_st
 #define SSL_OP_TLS_D5_BUG				0x00000100L
 #define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L
 
-/* If set, only use tmp_dh parameters once */
+/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
+ * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
+ * the workaround is not needed.  Unfortunately some broken SSL/TLS
+ * implementations cannot handle it at all, which is why we include
+ * it in SSL_OP_ALL. */
+#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L /* added in 0.9.6e */
+
+/* SSL_OP_ALL: various bug workarounds that should be rather harmless.
+ *             This used to be 0x000FFFFFL before 0.9.7. */
+#define SSL_OP_ALL					0x00000FFFL
+
+/* As server, disallow session resumption on renegotiation */
+#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	0x00010000L
+/* If set, always create a new key when using tmp_ecdh parameters */
+#define SSL_OP_SINGLE_ECDH_USE				0x00080000L
+/* If set, always create a new key when using tmp_dh parameters */
 #define SSL_OP_SINGLE_DH_USE				0x00100000L
-/* Set to also use the tmp_rsa key when doing RSA operations. */
+/* Set to always use the tmp_rsa key when doing RSA operations,
+ * even when this violates protocol specs */
 #define SSL_OP_EPHEMERAL_RSA				0x00200000L
+/* Set on servers to choose the cipher according to the server's
+ * preferences */
+#define SSL_OP_CIPHER_SERVER_PREFERENCE			0x00400000L
+/* If set, a server will allow a client to issue a SSLv3.0 version number
+ * as latest version supported in the premaster secret, even when TLSv1.0
+ * (version 3.1) was announced in the client hello. Normally this is
+ * forbidden to prevent version rollback attacks. */
+#define SSL_OP_TLS_ROLLBACK_BUG				0x00800000L
 
-/* The next flag deliberatly changes the ciphertest, this is a check
+#define SSL_OP_NO_SSLv2					0x01000000L
+#define SSL_OP_NO_SSLv3					0x02000000L
+#define SSL_OP_NO_TLSv1					0x04000000L
+
+/* The next flag deliberately changes the ciphertest, this is a check
  * for the PKCS#1 attack */
 #define SSL_OP_PKCS1_CHECK_1				0x08000000L
 #define SSL_OP_PKCS1_CHECK_2				0x10000000L
 #define SSL_OP_NETSCAPE_CA_DN_BUG			0x20000000L
-#define SSL_OP_NON_EXPORT_FIRST 			0x40000000L
-#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x80000000L
-#define SSL_OP_ALL					0x000FFFFFL
+#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x40000000L
 
-#define SSL_CTX_set_options(ctx,op)	((ctx)->options|=(op))
-#define SSL_set_options(ssl,op)		((ssl)->options|=(op))
 
-#define SSL_OP_NO_SSLv2					0x01000000L
-#define SSL_OP_NO_SSLv3					0x02000000L
-#define SSL_OP_NO_TLSv1					0x04000000L
+/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
+ * when just a single record has been written): */
+#define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001L
+/* Make it possible to retry SSL_write() with changed buffer location
+ * (buffer contents must stay the same!); this is not the default to avoid
+ * the misconception that non-blocking SSL_write() behaves like
+ * non-blocking write(): */
+#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
+/* Never bother the application with retries if the transport
+ * is blocking: */
+#define SSL_MODE_AUTO_RETRY 0x00000004L
 
-/* Normally you will only use these if your application wants to use
- * the certificate store in other places, perhaps PKCS7 */
-#define SSL_CTX_get_cert_store(ctx)     ((ctx)->cert_store)
-#define SSL_CTX_set_cert_store(ctx,cs) \
-                (X509_STORE_free((ctx)->cert_store),(ctx)->cert_store=(cs))
 
+/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
+ * they cannot be used to clear bits. */
+
+#define SSL_CTX_set_options(ctx,op) \
+	SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
+#define SSL_CTX_get_options(ctx) \
+	SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
+#define SSL_set_options(ssl,op) \
+	SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
+#define SSL_get_options(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
+
+#define SSL_CTX_set_mode(ctx,op) \
+	SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
+#define SSL_CTX_get_mode(ctx) \
+	SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
+#define SSL_set_mode(ssl,op) \
+	SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
+#define SSL_get_mode(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
+
+
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+
+
+
+#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
+#define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */
+#else
+#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
+#endif
 
 #define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT	(1024*20)
 
-typedef struct ssl_ctx_st
+/* This callback type is used inside SSL_CTX, SSL, and in the functions that set
+ * them. It is used to override the generation of SSL/TLS session IDs in a
+ * server. Return value should be zero on an error, non-zero to proceed. Also,
+ * callbacks should themselves check if the id they generate is unique otherwise
+ * the SSL handshake will fail with an error - callbacks can do this using the
+ * 'ssl' value they're passed by;
+ *      SSL_has_matching_session_id(ssl, id, *id_len)
+ * The length value passed in is set at the maximum size the session ID can be.
+ * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback
+ * can alter this length to be less if desired, but under SSLv2 session IDs are
+ * supposed to be fixed at 16 bytes so the id will be padded after the callback
+ * returns in this case. It is also an error for the callback to set the size to
+ * zero. */
+typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
+				unsigned int *id_len);
+
+typedef struct ssl_comp_st
+	{
+	int id;
+	char *name;
+#ifndef OPENSSL_NO_COMP
+	COMP_METHOD *method;
+#else
+	char *method;
+#endif
+	} SSL_COMP;
+
+DECLARE_STACK_OF(SSL_COMP)
+
+struct ssl_ctx_st
 	{
 	SSL_METHOD *method;
-	unsigned long options;
 
-	STACK /* SSL_CIPHER */ *cipher_list;
+	STACK_OF(SSL_CIPHER) *cipher_list;
 	/* same as above but sorted for lookup */
-	STACK /* SSL_CIPHER */ *cipher_list_by_id;
+	STACK_OF(SSL_CIPHER) *cipher_list_by_id;
 
 	struct x509_store_st /* X509_STORE */ *cert_store;
-	struct lhash_st /* LHASH */ *sessions;	/* a set of SSL_SESSION's */
+	struct lhash_st /* LHASH */ *sessions;	/* a set of SSL_SESSIONs */
 	/* Most session-ids that will be cached, default is
-	 * SSL_SESSION_CACHE_SIZE_DEFAULT. 0 is unlimited. */
+	 * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
 	unsigned long session_cache_size;
 	struct ssl_session_st *session_cache_head;
 	struct ssl_session_st *session_cache_tail;
@@ -330,97 +631,132 @@ typedef struct ssl_ctx_st
 	 * SSL_SESSION_free() when it has finished using it.  Otherwise,
 	 * on 0, it means the callback has finished with it.
 	 * If remove_session_cb is not null, it will be called when
-	 * a session-id is removed from the cache.  Again, a return
-	 * of 0 mens that SSLeay should not SSL_SESSION_free() since
-	 * the application is doing something with it. */
-#ifndef NOPROTO
+	 * a session-id is removed from the cache.  After the call,
+	 * OpenSSL will SSL_SESSION_free() it. */
 	int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
 	void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
 	SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
 		unsigned char *data,int len,int *copy);
-#else
-	int (*new_session_cb)();
-	void (*remove_session_cb)();
-	SSL_SESSION *(*get_session_cb)();
-#endif
 
-	int sess_connect;	/* SSL new connection - started */
-	int sess_connect_renegotiate;/* SSL renegotiatene  - requested */
-	int sess_connect_good;	/* SSL new connection/renegotiate - finished */
-	int sess_accept;	/* SSL new accept - started */
-	int sess_accept_renegotiate;/* SSL renegotiatene - requested */
-	int sess_accept_good;	/* SSL accept/renegotiate - finished */
-	int sess_miss;		/* session lookup misses  */
-	int sess_timeout;	/* session reuse attempt on timeouted session */
-	int sess_cache_full;	/* session removed due to full cache */
-	int sess_hit;		/* session reuse actually done */
-	int sess_cb_hit;	/* session-id that was not in the cache was
-				 * passed back via the callback.  This
-				 * indicates that the application is supplying
-				 * session-id's from other processes -
-				 * spooky :-) */
+	struct
+		{
+		int sess_connect;	/* SSL new conn - started */
+		int sess_connect_renegotiate;/* SSL reneg - requested */
+		int sess_connect_good;	/* SSL new conne/reneg - finished */
+		int sess_accept;	/* SSL new accept - started */
+		int sess_accept_renegotiate;/* SSL reneg - requested */
+		int sess_accept_good;	/* SSL accept/reneg - finished */
+		int sess_miss;		/* session lookup misses  */
+		int sess_timeout;	/* reuse attempt on timeouted session */
+		int sess_cache_full;	/* session removed due to full cache */
+		int sess_hit;		/* session reuse actually done */
+		int sess_cb_hit;	/* session-id that was not
+					 * in the cache was
+					 * passed back via the callback.  This
+					 * indicates that the application is
+					 * supplying session-id's from other
+					 * processes - spooky :-) */
+		} stats;
 
 	int references;
 
-	void (*info_callback)();
-
 	/* if defined, these override the X509_verify_cert() calls */
-	int (*app_verify_callback)();
-	char *app_verify_arg;
-
-	/* default values to use in SSL structures */
-	struct cert_st /* CERT */ *default_cert;
-	int default_read_ahead;
-	int default_verify_mode;
-	int (*default_verify_callback)();
+	int (*app_verify_callback)(X509_STORE_CTX *, void *);
+	void *app_verify_arg;
+	/* before OpenSSL 0.9.7, 'app_verify_arg' was ignored
+	 * ('app_verify_callback' was called with just one argument) */
 
 	/* Default password callback. */
-	int (*default_passwd_callback)();
+	pem_password_cb *default_passwd_callback;
+
+	/* Default password callback user data. */
+	void *default_passwd_callback_userdata;
 
 	/* get client cert callback */
-	int (*client_cert_cb)(/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */);
+	int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
 
-	/* what we put in client requests */
-	STACK *client_CA;
+	CRYPTO_EX_DATA ex_data;
 
-	int quiet_shutdown;
+	const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
+	const EVP_MD *md5;	/* For SSLv3/TLSv1 'ssl3-md5' */
+	const EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */
 
-	CRYPTO_EX_DATA ex_data;
+	STACK_OF(X509) *extra_certs;
+	STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
+
+
+	/* Default values used when no per-SSL value is defined follow */
+
+	void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */
+
+	/* what we put in client cert requests */
+	STACK_OF(X509_NAME) *client_CA;
+
+
+	/* Default values to use in SSL structures follow (these are copied by SSL_new) */
+
+	unsigned long options;
+	unsigned long mode;
+	long max_cert_list;
+
+	struct cert_st /* CERT */ *cert;
+	int read_ahead;
 
-	EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
-	EVP_MD *md5;	/* For SSLv3/TLSv1 'ssl3-md5' */
-	EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */
+	/* callback that allows applications to peek at protocol messages */
+	void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
+	void *msg_callback_arg;
 
-	STACK *extra_certs;
-	} SSL_CTX;
+	int verify_mode;
+	int verify_depth;
+	unsigned int sid_ctx_length;
+	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+	int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
+
+	/* Default generate session ID callback. */
+	GEN_SESSION_CB generate_session_id;
+
+	int purpose;		/* Purpose setting */
+	int trust;		/* Trust setting */
+
+	int quiet_shutdown;
+	};
 
 #define SSL_SESS_CACHE_OFF			0x0000
 #define SSL_SESS_CACHE_CLIENT			0x0001
 #define SSL_SESS_CACHE_SERVER			0x0002
 #define SSL_SESS_CACHE_BOTH	(SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
 #define SSL_SESS_CACHE_NO_AUTO_CLEAR		0x0080
-/* This one, when set, makes the server session-id lookup not look
- * in the cache.  If there is an application get_session callback
- * defined, this will still get called. */
+/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
 #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP	0x0100
-
-#define SSL_CTX_sessions(ctx)		((ctx)->sessions)
-/* You will need to include lhash.h to access the following #define */
-#define SSL_CTX_sess_number(ctx)	((ctx)->sessions->num_items)
-#define SSL_CTX_sess_connect(ctx)	((ctx)->sess_connect)
-#define SSL_CTX_sess_connect_good(ctx)	((ctx)->sess_connect_good)
-#define SSL_CTX_sess_accept(ctx)	((ctx)->sess_accept)
-#define SSL_CTX_sess_accept_renegotiate(ctx)	((ctx)->sess_accept_renegotiate)
-#define SSL_CTX_sess_connect_renegotiate(ctx)	((ctx)->sess_connect_renegotiate)
-#define SSL_CTX_sess_accept_good(ctx)	((ctx)->sess_accept_good)
-#define SSL_CTX_sess_hits(ctx)		((ctx)->sess_hit)
-#define SSL_CTX_sess_cb_hits(ctx)	((ctx)->sess_cb_hit)
-#define SSL_CTX_sess_misses(ctx)	((ctx)->sess_miss)
-#define SSL_CTX_sess_timeouts(ctx)	((ctx)->sess_timeout)
-#define SSL_CTX_sess_cache_full(ctx)	((ctx)->sess_cache_full)
-
-#define SSL_CTX_sess_set_cache_size(ctx,t) ((ctx)->session_cache_size=(t))
-#define SSL_CTX_sess_get_cache_size(ctx)   ((ctx)->session_cache_size)
+#define SSL_SESS_CACHE_NO_INTERNAL_STORE	0x0200
+#define SSL_SESS_CACHE_NO_INTERNAL \
+	(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
+
+  struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
+#define SSL_CTX_sess_number(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
+#define SSL_CTX_sess_connect(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
+#define SSL_CTX_sess_connect_good(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
+#define SSL_CTX_sess_connect_renegotiate(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
+#define SSL_CTX_sess_accept(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
+#define SSL_CTX_sess_accept_renegotiate(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
+#define SSL_CTX_sess_accept_good(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
+#define SSL_CTX_sess_hits(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
+#define SSL_CTX_sess_cb_hits(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
+#define SSL_CTX_sess_misses(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
+#define SSL_CTX_sess_timeouts(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
+#define SSL_CTX_sess_cache_full(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
 
 #define SSL_CTX_sess_set_new_cb(ctx,cb)	((ctx)->new_session_cb=(cb))
 #define SSL_CTX_sess_get_new_cb(ctx)	((ctx)->new_session_cb)
@@ -428,15 +764,8 @@ typedef struct ssl_ctx_st
 #define SSL_CTX_sess_get_remove_cb(ctx)	((ctx)->remove_session_cb)
 #define SSL_CTX_sess_set_get_cb(ctx,cb)	((ctx)->get_session_cb=(cb))
 #define SSL_CTX_sess_get_get_cb(ctx)	((ctx)->get_session_cb)
-#define SSL_CTX_set_session_cache_mode(ctx,m)	((ctx)->session_cache_mode=(m))
-#define SSL_CTX_get_session_cache_mode(ctx)	((ctx)->session_cache_mode)
-#define SSL_CTX_set_timeout(ctx,t)	((ctx)->session_timeout=(t))
-#define SSL_CTX_get_timeout(ctx)	((ctx)->session_timeout)
-
 #define SSL_CTX_set_info_callback(ctx,cb)	((ctx)->info_callback=(cb))
 #define SSL_CTX_get_info_callback(ctx)		((ctx)->info_callback)
-#define SSL_CTX_set_default_read_ahead(ctx,m) (((ctx)->default_read_ahead)=(m))
-
 #define SSL_CTX_set_client_cert_cb(ctx,cb)	((ctx)->client_cert_cb=(cb))
 #define SSL_CTX_get_client_cert_cb(ctx)		((ctx)->client_cert_cb)
 
@@ -446,18 +775,16 @@ typedef struct ssl_ctx_st
 #define SSL_X509_LOOKUP	4
 
 /* These will only be used when doing non-blocking IO */
-#define SSL_want(s)		((s)->rwstate)
-#define SSL_want_nothing(s)	((s)->rwstate == SSL_NOTHING)
-#define SSL_want_read(s)	((s)->rwstate == SSL_READING)
-#define SSL_want_write(s)	((s)->rwstate == SSL_WRITING)
-#define SSL_want_x509_lookup(s)	((s)->rwstate == SSL_X509_LOOKUP)
+#define SSL_want_nothing(s)	(SSL_want(s) == SSL_NOTHING)
+#define SSL_want_read(s)	(SSL_want(s) == SSL_READING)
+#define SSL_want_write(s)	(SSL_want(s) == SSL_WRITING)
+#define SSL_want_x509_lookup(s)	(SSL_want(s) == SSL_X509_LOOKUP)
 
-typedef struct ssl_st
+struct ssl_st
 	{
-	/* procol version
-	 * 2 for SSLv2
-	 * 3 for SSLv3
-	 * -3 for SSLv3 but accept SSLv2 */
+	/* protocol version
+	 * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION)
+	 */
 	int version;
 	int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */
 
@@ -467,10 +794,10 @@ typedef struct ssl_st
 	 * same.  This is so data can be read and written to different
 	 * handlers */
 
-#ifdef HEADER_BIO_H
+#ifndef OPENSSL_NO_BIO
 	BIO *rbio; /* used by SSL_read */
 	BIO *wbio; /* used by SSL_write */
-	BIO *bbio; /* used during session-id reuse to concatinate
+	BIO *bbio; /* used during session-id reuse to concatenate
 		    * messages */
 #else
 	char *rbio; /* used by SSL_read */
@@ -487,9 +814,22 @@ typedef struct ssl_st
 	int in_handshake;
 	int (*handshake_func)();
 
-/*	int server;*/	/* are we the server side? */
-
-	int new_session;/* 1 if we are to use a new session */
+	/* Imagine that here's a boolean member "init" that is
+	 * switched as soon as SSL_set_{accept/connect}_state
+	 * is called for the first time, so that "state" and
+	 * "handshake_func" are properly initialized.  But as
+	 * handshake_func is == 0 until then, we use this
+	 * test instead of an "init" member.
+	 */
+
+	int server;	/* are we the server side? - mostly used by SSL_clear*/
+
+	int new_session;/* 1 if we are to use a new session.
+	                 * 2 if we are a server and are inside a handshake
+	                 *   (i.e. not just sending a HelloRequest)
+	                 * NB: For servers, the 'new' session may actually be a previously
+	                 * cached session or even the previous session unless
+	                 * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
 	int quiet_shutdown;/* don't send shutdown packets */
 	int shutdown;	/* we have shut things down, 0x01 sent, 0x02
 			 * for received */
@@ -497,6 +837,7 @@ typedef struct ssl_st
 	int rstate;	/* where we are when reading */
 
 	BUF_MEM *init_buf;	/* buffer used during init */
+	void *init_msg;   	/* pointer to handshake message body, set by ssl3_get_message() */
 	int init_num;		/* amount read/written */
 	int init_off;		/* amount read/written */
 
@@ -504,30 +845,39 @@ typedef struct ssl_st
 	unsigned char *packet;
 	unsigned int packet_length;
 
-	struct ssl2_ctx_st *s2;	/* SSLv2 variables */
-	struct ssl3_ctx_st *s3;	/* SSLv3 variables */
+	struct ssl2_state_st *s2; /* SSLv2 variables */
+	struct ssl3_state_st *s3; /* SSLv3 variables */
+
+	int read_ahead;		/* Read as many input bytes as possible
+	               	 	 * (for non-blocking reads) */
+
+	/* callback that allows applications to peek at protocol messages */
+	void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
+	void *msg_callback_arg;
 
-	int read_ahead;		/* Read as many input bytes as possible */
 	int hit;		/* reusing a previous session */
 
+	int purpose;		/* Purpose setting */
+	int trust;		/* Trust setting */
+
 	/* crypto */
-	STACK /* SSL_CIPHER */ *cipher_list;
-	STACK /* SSL_CIPHER */ *cipher_list_by_id;
+	STACK_OF(SSL_CIPHER) *cipher_list;
+	STACK_OF(SSL_CIPHER) *cipher_list_by_id;
 
-	/* These are the ones being used, the ones is SSL_SESSION are
+	/* These are the ones being used, the ones in SSL_SESSION are
 	 * the ones to be 'copied' into these ones */
 
 	EVP_CIPHER_CTX *enc_read_ctx;		/* cryptographic state */
-	EVP_MD *read_hash;			/* used for mac generation */
-#ifdef HEADER_COMP_H
+	const EVP_MD *read_hash;		/* used for mac generation */
+#ifndef OPENSSL_NO_COMP
 	COMP_CTX *expand;			/* uncompress */
 #else
 	char *expand;
 #endif
 
 	EVP_CIPHER_CTX *enc_write_ctx;		/* cryptographic state */
-	EVP_MD *write_hash;			/* used for mac generation */
-#ifdef HEADER_COMP_H
+	const EVP_MD *write_hash;		/* used for mac generation */
+#ifndef OPENSSL_NO_COMP
 	COMP_CTX *compress;			/* compression */
 #else
 	char *compress;	
@@ -539,18 +889,32 @@ typedef struct ssl_st
 	/* This is used to hold the server certificate used */
 	struct cert_st /* CERT */ *cert;
 
+	/* the session_id_context is used to ensure sessions are only reused
+	 * in the appropriate context */
+	unsigned int sid_ctx_length;
+	unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+
 	/* This can also be in the session once a session is established */
 	SSL_SESSION *session;
 
+	/* Default generate session ID callback. */
+	GEN_SESSION_CB generate_session_id;
+
 	/* Used in SSL2 and SSL3 */
 	int verify_mode;	/* 0 don't care about verify failure.
 				 * 1 fail if verify fails */
-	int (*verify_callback)(); /* fail if callback returns 0 */
-	void (*info_callback)(); /* optional informational callback */
+	int verify_depth;
+	int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
+
+	void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */
 
 	int error;		/* error bytes to be written */
 	int error_code;		/* actual code */
 
+#ifndef OPENSSL_NO_KRB5
+	KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */
+#endif	/* OPENSSL_NO_KRB5 */
+
 	SSL_CTX *ctx;
 	/* set this flag to 1 and a sleep(1) is put into all SSL_read()
 	 * and SSL_write() calls, good for nbio debuging :-) */
@@ -561,19 +925,31 @@ typedef struct ssl_st
 	CRYPTO_EX_DATA ex_data;
 
 	/* for server side, keep the list of CA_dn we can use */
-	STACK /* X509_NAME */ *client_CA;
+	STACK_OF(X509_NAME) *client_CA;
 
 	int references;
-	unsigned long options;
+	unsigned long options; /* protocol behaviour */
+	unsigned long mode; /* API behaviour */
+	long max_cert_list;
 	int first_packet;
-	} SSL;
+	int client_version;	/* what was passed, used for
+				 * SSLv3/TLS rollback check */
+	};
 
-#include "ssl2.h"
-#include "ssl3.h"
-#include "tls1.h" /* This is mostly sslv3 with a few tweaks */
-#include "ssl23.h"
+#ifdef __cplusplus
+}
+#endif
+
+#include <openssl/ssl2.h>
+#include <openssl/ssl3.h>
+#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
+#include <openssl/ssl23.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
 
-/* compatablity */
+/* compatibility */
 #define SSL_set_app_data(s,arg)		(SSL_set_ex_data(s,0,(char *)arg))
 #define SSL_get_app_data(s)		(SSL_get_ex_data(s,0))
 #define SSL_SESSION_set_app_data(s,a)	(SSL_SESSION_set_ex_data(s,0,(char *)a))
@@ -582,7 +958,7 @@ typedef struct ssl_st
 #define SSL_CTX_set_app_data(ctx,arg)	(SSL_CTX_set_ex_data(ctx,0,(char *)arg))
 
 /* The following are the possible values for ssl->state are are
- * used to indicate where we are upto in the SSL connection establishment.
+ * used to indicate where we are up to in the SSL connection establishment.
  * The macros that follow are about the only things you should need to use
  * and even then, only when using non-blocking IO.
  * It can also be useful to work out where you were when the connection
@@ -624,6 +1000,13 @@ typedef struct ssl_st
 #define SSL_ST_READ_BODY			0xF1
 #define SSL_ST_READ_DONE			0xF2
 
+/* Obtain latest Finished message
+ *   -- that we sent (SSL_get_finished)
+ *   -- that we expected from peer (SSL_get_peer_finished).
+ * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
+size_t SSL_get_finished(SSL *s, void *buf, size_t count);
+size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count);
+
 /* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
  * are 'ored' with SSL_VERIFY_PEER if they are desired */
 #define SSL_VERIFY_NONE			0x00
@@ -631,7 +1014,10 @@ typedef struct ssl_st
 #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT	0x02
 #define SSL_VERIFY_CLIENT_ONCE		0x04
 
-/* this is for backward compatablility */
+#define OpenSSL_add_ssl_algorithms()	SSL_library_init()
+#define SSLeay_add_ssl_algorithms()	SSL_library_init()
+
+/* this is for backward compatibility */
 #if 0 /* NEW_SSLEAY */
 #define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
 #define SSL_set_pref_cipher(c,n)	SSL_set_cipher_list(c,n)
@@ -639,7 +1025,7 @@ typedef struct ssl_st
 #define SSL_remove_session(a,b)		SSL_CTX_remove_session((a),(b))
 #define SSL_flush_sessions(a,b)		SSL_CTX_flush_sessions((a),(b))
 #endif
-/* More backward compatablity */
+/* More backward compatibility */
 #define SSL_get_cipher(s) \
 		SSL_CIPHER_get_name(SSL_get_current_cipher(s))
 #define SSL_get_cipher_bits(s,np) \
@@ -653,26 +1039,22 @@ typedef struct ssl_st
 #define SSL_get_timeout(a)	SSL_SESSION_get_timeout(a)
 #define SSL_set_timeout(a,b)	SSL_SESSION_set_timeout((a),(b))
 
-/* VMS linker has a 31 char name limit */
-#define SSL_CTX_set_cert_verify_callback(a,b,c) \
-		SSL_CTX_set_cert_verify_cb((a),(b),(c))
-
 #if 1 /*SSLEAY_MACROS*/
 #define d2i_SSL_SESSION_bio(bp,s_id) (SSL_SESSION *)ASN1_d2i_bio( \
 	(char *(*)())SSL_SESSION_new,(char *(*)())d2i_SSL_SESSION, \
 	(bp),(unsigned char **)(s_id))
 #define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio(i2d_SSL_SESSION, \
 	bp,(unsigned char *)s_id)
-#define PEM_read_SSL_SESSION(fp,x,cb) (SSL_SESSION *)PEM_ASN1_read( \
-	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb)
-#define PEM_read_bio_SSL_SESSION(bp,x,cb) (SSL_SESSION *)PEM_ASN1_read_bio( \
-	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb)
+#define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \
+	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u)
+#define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \
+	(char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u)
 #define PEM_write_SSL_SESSION(fp,x) \
 	PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \
-		PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL)
+		PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL)
 #define PEM_write_bio_SSL_SESSION(bp,x) \
 	PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \
-		PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL)
+		PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL)
 #endif
 
 #define SSL_AD_REASON_OFFSET		1000
@@ -695,11 +1077,11 @@ typedef struct ssl_st
 #define SSL_AD_ACCESS_DENIED		TLS1_AD_ACCESS_DENIED	/* fatal */
 #define SSL_AD_DECODE_ERROR		TLS1_AD_DECODE_ERROR	/* fatal */
 #define SSL_AD_DECRYPT_ERROR		TLS1_AD_DECRYPT_ERROR
-#define SSL_AD_EXPORT_RESTRICION	TLS1_AD_EXPORT_RESTRICION/* fatal */
+#define SSL_AD_EXPORT_RESTRICTION	TLS1_AD_EXPORT_RESTRICTION/* fatal */
 #define SSL_AD_PROTOCOL_VERSION		TLS1_AD_PROTOCOL_VERSION /* fatal */
 #define SSL_AD_INSUFFICIENT_SECURITY	TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
 #define SSL_AD_INTERNAL_ERROR		TLS1_AD_INTERNAL_ERROR	/* fatal */
-#define SSL_AD_USER_CANCLED		TLS1_AD_USER_CANCLED
+#define SSL_AD_USER_CANCELLED		TLS1_AD_USER_CANCELLED
 #define SSL_AD_NO_RENEGOTIATION		TLS1_AD_NO_RENEGOTIATION
 
 #define SSL_ERROR_NONE			0
@@ -707,24 +1089,55 @@ typedef struct ssl_st
 #define SSL_ERROR_WANT_READ		2
 #define SSL_ERROR_WANT_WRITE		3
 #define SSL_ERROR_WANT_X509_LOOKUP	4
-#define SSL_ERROR_SYSCALL		5 /* look at errno */
+#define SSL_ERROR_SYSCALL		5 /* look at error stack/return value/errno */
 #define SSL_ERROR_ZERO_RETURN		6
 #define SSL_ERROR_WANT_CONNECT		7
+#define SSL_ERROR_WANT_ACCEPT		8
 
 #define SSL_CTRL_NEED_TMP_RSA			1
 #define SSL_CTRL_SET_TMP_RSA			2
 #define SSL_CTRL_SET_TMP_DH			3
-#define SSL_CTRL_SET_TMP_RSA_CB			4
-#define SSL_CTRL_SET_TMP_DH_CB			5
-/* Add these ones */
-#define SSL_CTRL_GET_SESSION_REUSED		6
-#define SSL_CTRL_GET_CLIENT_CERT_REQUEST	7
-#define SSL_CTRL_GET_NUM_RENEGOTIATIONS		8
-#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS	9
-#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS	10
-#define SSL_CTRL_GET_FLAGS			11
-
-#define SSL_CTRL_EXTRA_CHAIN_CERT		11
+#define SSL_CTRL_SET_TMP_ECDH			4
+#define SSL_CTRL_SET_TMP_RSA_CB			5
+#define SSL_CTRL_SET_TMP_DH_CB			6
+#define SSL_CTRL_SET_TMP_ECDH_CB		7
+
+#define SSL_CTRL_GET_SESSION_REUSED		8
+#define SSL_CTRL_GET_CLIENT_CERT_REQUEST	9
+#define SSL_CTRL_GET_NUM_RENEGOTIATIONS		10
+#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS	11
+#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS	12
+#define SSL_CTRL_GET_FLAGS			13
+#define SSL_CTRL_EXTRA_CHAIN_CERT		14
+
+#define SSL_CTRL_SET_MSG_CALLBACK               15
+#define SSL_CTRL_SET_MSG_CALLBACK_ARG           16
+
+/* Stats */
+#define SSL_CTRL_SESS_NUMBER			20
+#define SSL_CTRL_SESS_CONNECT			21
+#define SSL_CTRL_SESS_CONNECT_GOOD		22
+#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE	23
+#define SSL_CTRL_SESS_ACCEPT			24
+#define SSL_CTRL_SESS_ACCEPT_GOOD		25
+#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE	26
+#define SSL_CTRL_SESS_HIT			27
+#define SSL_CTRL_SESS_CB_HIT			28
+#define SSL_CTRL_SESS_MISSES			29
+#define SSL_CTRL_SESS_TIMEOUTS			30
+#define SSL_CTRL_SESS_CACHE_FULL		31
+#define SSL_CTRL_OPTIONS			32
+#define SSL_CTRL_MODE				33
+
+#define SSL_CTRL_GET_READ_AHEAD			40
+#define SSL_CTRL_SET_READ_AHEAD			41
+#define SSL_CTRL_SET_SESS_CACHE_SIZE		42
+#define SSL_CTRL_GET_SESS_CACHE_SIZE		43
+#define SSL_CTRL_SET_SESS_CACHE_MODE		44
+#define SSL_CTRL_GET_SESS_CACHE_MODE		45
+
+#define SSL_CTRL_GET_MAX_CERT_LIST		50
+#define SSL_CTRL_SET_MAX_CERT_LIST		51
 
 #define SSL_session_reused(ssl) \
 	SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
@@ -741,22 +1154,22 @@ typedef struct ssl_st
 	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
 #define SSL_CTX_set_tmp_dh(ctx,dh) \
 	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
-
-/* For the next 2, the callbacks are 
- * RSA *tmp_rsa_cb(SSL *ssl,int export)
- * DH *tmp_dh_cb(SSL *ssl,int export)
- */
-#define SSL_CTX_set_tmp_rsa_callback(ctx,cb) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb)
-#define SSL_CTX_set_tmp_dh_callback(ctx,dh) \
-	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh)
+#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
+
+#define SSL_need_tmp_RSA(ssl) \
+	SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
+#define SSL_set_tmp_rsa(ssl,rsa) \
+	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
+#define SSL_set_tmp_dh(ssl,dh) \
+	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
+#define SSL_set_tmp_ecdh(ssl,ecdh) \
+	SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
 
 #define SSL_CTX_add_extra_chain_cert(ctx,x509) \
 	SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
 
-#ifndef NOPROTO
-
-#ifdef HEADER_BIO_H
+#ifndef OPENSSL_NO_BIO
 BIO_METHOD *BIO_f_ssl(void);
 BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
 BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
@@ -766,60 +1179,84 @@ void BIO_ssl_shutdown(BIO *ssl_bio);
 
 #endif
 
-int	SSL_CTX_set_cipher_list(SSL_CTX *,char *str);
+int	SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
 SSL_CTX *SSL_CTX_new(SSL_METHOD *meth);
 void	SSL_CTX_free(SSL_CTX *);
-void	SSL_clear(SSL *s);
+long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
+long SSL_CTX_get_timeout(SSL_CTX *ctx);
+X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *);
+void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
+int SSL_want(SSL *s);
+int	SSL_clear(SSL *s);
+
 void	SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
 
 SSL_CIPHER *SSL_get_current_cipher(SSL *s);
 int	SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits);
 char *	SSL_CIPHER_get_version(SSL_CIPHER *c);
-char *	SSL_CIPHER_get_name(SSL_CIPHER *c);
+const char *	SSL_CIPHER_get_name(SSL_CIPHER *c);
 
 int	SSL_get_fd(SSL *s);
-char  * SSL_get_cipher_list(SSL *s,int n);
+int	SSL_get_rfd(SSL *s);
+int	SSL_get_wfd(SSL *s);
+const char  * SSL_get_cipher_list(SSL *s,int n);
 char *	SSL_get_shared_ciphers(SSL *s, char *buf, int len);
 int	SSL_get_read_ahead(SSL * s);
 int	SSL_pending(SSL *s);
-#ifndef NO_SOCK
+#ifndef OPENSSL_NO_SOCK
 int	SSL_set_fd(SSL *s, int fd);
 int	SSL_set_rfd(SSL *s, int fd);
 int	SSL_set_wfd(SSL *s, int fd);
 #endif
-#ifdef HEADER_BIO_H
+#ifndef OPENSSL_NO_BIO
 void	SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
 BIO *	SSL_get_rbio(SSL *s);
 BIO *	SSL_get_wbio(SSL *s);
 #endif
-int	SSL_set_cipher_list(SSL *s, char *str);
+int	SSL_set_cipher_list(SSL *s, const char *str);
 void	SSL_set_read_ahead(SSL *s, int yes);
 int	SSL_get_verify_mode(SSL *s);
-int	(*SSL_get_verify_callback(SSL *s))();
-void	SSL_set_verify(SSL *s, int mode, int (*callback) ());
+int	SSL_get_verify_depth(SSL *s);
+int	(*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *);
+void	SSL_set_verify(SSL *s, int mode,
+		       int (*callback)(int ok,X509_STORE_CTX *ctx));
+void	SSL_set_verify_depth(SSL *s, int depth);
+#ifndef OPENSSL_NO_RSA
 int	SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+#endif
 int	SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
 int	SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
 int	SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len);
 int	SSL_use_certificate(SSL *ssl, X509 *x);
-int	SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d);
-
-#ifndef NO_STDIO
-int	SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type);
-int	SSL_use_PrivateKey_file(SSL *ssl, char *file, int type);
-int	SSL_use_certificate_file(SSL *ssl, char *file, int type);
-int	SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type);
-int	SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type);
-int	SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type);
-STACK * SSL_load_client_CA_file(char *file);
+int	SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len);
+
+#ifndef OPENSSL_NO_STDIO
+int	SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+int	SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+int	SSL_use_certificate_file(SSL *ssl, const char *file, int type);
+int	SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+int	SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
+int	SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
+int	SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
+STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
+int	SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+					    const char *file);
+#ifndef OPENSSL_SYS_WIN32
+#ifndef OPENSSL_SYS_VMS
+#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
+int	SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+					   const char *dir);
+#endif
+#endif
+#endif
+
 #endif
 
-void	ERR_load_SSL_strings(void );
 void	SSL_load_error_strings(void );
-char * 	SSL_state_string(SSL *s);
-char * 	SSL_rstate_string(SSL *s);
-char * 	SSL_state_string_long(SSL *s);
-char * 	SSL_rstate_string_long(SSL *s);
+const char *SSL_state_string(const SSL *s);
+const char *SSL_rstate_string(const SSL *s);
+const char *SSL_state_string_long(const SSL *s);
+const char *SSL_rstate_string_long(const SSL *s);
 long	SSL_SESSION_get_time(SSL_SESSION *s);
 long	SSL_SESSION_set_time(SSL_SESSION *s, long t);
 long	SSL_SESSION_get_timeout(SSL_SESSION *s);
@@ -829,10 +1266,10 @@ void	SSL_copy_session_id(SSL *to,SSL *from);
 SSL_SESSION *SSL_SESSION_new(void);
 unsigned long SSL_SESSION_hash(SSL_SESSION *a);
 int	SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b);
-#ifndef NO_FP_API
+#ifndef OPENSSL_NO_FP_API
 int	SSL_SESSION_print_fp(FILE *fp,SSL_SESSION *ses);
 #endif
-#ifdef HEADER_BIO_H
+#ifndef OPENSSL_NO_BIO
 int	SSL_SESSION_print(BIO *fp,SSL_SESSION *ses);
 #endif
 void	SSL_SESSION_free(SSL_SESSION *ses);
@@ -840,19 +1277,28 @@ int	i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
 int	SSL_set_session(SSL *to, SSL_SESSION *session);
 int	SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
 int	SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
+int	SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
+int	SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
+int	SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+					unsigned int id_len);
 SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length);
 
 #ifdef HEADER_X509_H
 X509 *	SSL_get_peer_certificate(SSL *s);
 #endif
 
-STACK *	SSL_get_peer_cert_chain(SSL *s);
+STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s);
 
 int SSL_CTX_get_verify_mode(SSL_CTX *ctx);
-int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))();
-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*callback)());
-void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(),char *arg);
+int SSL_CTX_get_verify_depth(SSL_CTX *ctx);
+int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *);
+void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
+			int (*callback)(int, X509_STORE_CTX *));
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
+#ifndef OPENSSL_NO_RSA
 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+#endif
 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len);
 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
 int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
@@ -860,24 +1306,37 @@ int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
 
-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx,int (*cb)());
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
 
 int SSL_CTX_check_private_key(SSL_CTX *ctx);
 int SSL_check_private_key(SSL *ctx);
 
+int	SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
+				       unsigned int sid_ctx_len);
+
 SSL *	SSL_new(SSL_CTX *ctx);
-void    SSL_clear(SSL *s);
+int	SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
+				   unsigned int sid_ctx_len);
+
+int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
+int SSL_set_purpose(SSL *s, int purpose);
+int SSL_CTX_set_trust(SSL_CTX *s, int trust);
+int SSL_set_trust(SSL *s, int trust);
+
 void	SSL_free(SSL *ssl);
 int 	SSL_accept(SSL *ssl);
 int 	SSL_connect(SSL *ssl);
-int 	SSL_read(SSL *ssl,char *buf,int num);
-int 	SSL_peek(SSL *ssl,char *buf,int num);
-int 	SSL_write(SSL *ssl,char *buf,int num);
-long	SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg);
-long	SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg);
+int 	SSL_read(SSL *ssl,void *buf,int num);
+int 	SSL_peek(SSL *ssl,void *buf,int num);
+int 	SSL_write(SSL *ssl,const void *buf,int num);
+long	SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
+long	SSL_callback_ctrl(SSL *, int, void (*)());
+long	SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);
+long	SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)());
 
 int	SSL_get_error(SSL *s,int ret_code);
-char *	SSL_get_version(SSL *s);
+const char *SSL_get_version(SSL *s);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
 int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth);
@@ -898,23 +1357,24 @@ SSL_METHOD *TLSv1_method(void);		/* TLSv1.0 */
 SSL_METHOD *TLSv1_server_method(void);	/* TLSv1.0 */
 SSL_METHOD *TLSv1_client_method(void);	/* TLSv1.0 */
 
-STACK *SSL_get_ciphers(SSL *s);
+STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s);
 
 int SSL_do_handshake(SSL *s);
 int SSL_renegotiate(SSL *s);
+int SSL_renegotiate_pending(SSL *s);
 int SSL_shutdown(SSL *s);
 
 SSL_METHOD *SSL_get_ssl_method(SSL *s);
 int SSL_set_ssl_method(SSL *s,SSL_METHOD *method);
-char *SSL_alert_type_string_long(int value);
-char *SSL_alert_type_string(int value);
-char *SSL_alert_desc_string_long(int value);
-char *SSL_alert_desc_string(int value);
-
-void SSL_set_client_CA_list(SSL *s, STACK *list);
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list);
-STACK *SSL_get_client_CA_list(SSL *s);
-STACK *SSL_CTX_get_client_CA_list(SSL_CTX *s);
+const char *SSL_alert_type_string_long(int value);
+const char *SSL_alert_type_string(int value);
+const char *SSL_alert_desc_string_long(int value);
+const char *SSL_alert_desc_string(int value);
+
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
+STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s);
+STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s);
 int SSL_add_client_CA(SSL *ssl,X509 *x);
 int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
 
@@ -923,10 +1383,10 @@ void SSL_set_accept_state(SSL *s);
 
 long SSL_get_default_timeout(SSL *s);
 
-void SSLeay_add_ssl_algorithms(void );
+int SSL_library_init(void );
 
 char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size);
-STACK *SSL_dup_CA_list(STACK *sk);
+STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
 
 SSL *SSL_dup(SSL *ssl);
 
@@ -941,251 +1401,105 @@ void SSL_set_shutdown(SSL *ssl,int mode);
 int SSL_get_shutdown(SSL *ssl);
 int SSL_version(SSL *ssl);
 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
-int SSL_CTX_load_verify_locations(SSL_CTX *ctx,char *CAfile,char *CApath);
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+	const char *CApath);
+#define SSL_get0_session SSL_get_session /* just peek at pointer */
 SSL_SESSION *SSL_get_session(SSL *ssl);
+SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
 SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);
-void SSL_set_info_callback(SSL *ssl,void (*cb)());
-void (*SSL_get_info_callback(SSL *ssl))();
+void SSL_set_info_callback(SSL *ssl,
+			   void (*cb)(const SSL *ssl,int type,int val));
+void (*SSL_get_info_callback(SSL *ssl))(const SSL *ssl,int type,int val);
 int SSL_state(SSL *ssl);
 
 void SSL_set_verify_result(SSL *ssl,long v);
 long SSL_get_verify_result(SSL *ssl);
 
-int SSL_set_ex_data(SSL *ssl,int idx,char *data);
-char *SSL_get_ex_data(SSL *ssl,int idx);
-int SSL_get_ex_new_index(long argl, char *argp, int (*new_func)(),
-	int (*dup_func)(), void (*free_func)());
+int SSL_set_ex_data(SSL *ssl,int idx,void *data);
+void *SSL_get_ex_data(SSL *ssl,int idx);
+int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 
-int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,char *data);
-char *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx);
-int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(),
-	int (*dup_func)(), void (*free_func)());
+int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
+void *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx);
+int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 
-int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,char *data);
-char *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
-int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(),
-	int (*dup_func)(), void (*free_func)());
+int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
+void *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx);
+int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 
 int SSL_get_ex_data_X509_STORE_CTX_idx(void );
 
-#else
-
-BIO_METHOD *BIO_f_ssl();
-BIO *BIO_new_ssl();
-BIO *BIO_new_ssl_connect();
-BIO *BIO_new_buffer_ssl_connect();
-int BIO_ssl_copy_session_id();
-void BIO_ssl_shutdown();
-
-int	SSL_CTX_set_cipher_list();
-SSL_CTX *SSL_CTX_new();
-void	SSL_CTX_free();
-void	SSL_clear();
-void	SSL_CTX_flush_sessions();
-
-SSL_CIPHER *SSL_get_current_cipher();
-int	SSL_CIPHER_get_bits();
-char *	SSL_CIPHER_get_version();
-char *	SSL_CIPHER_get_name();
-
-int	SSL_get_fd();
-char  * SSL_get_cipher_list();
-char *	SSL_get_shared_ciphers();
-int	SSL_get_read_ahead();
-int	SSL_pending();
-#ifndef NO_SOCK
-int	SSL_set_fd();
-int	SSL_set_rfd();
-int	SSL_set_wfd();
-#endif
-#ifdef HEADER_BIO_H
-void	SSL_set_bio();
-BIO *	SSL_get_rbio();
-BIO *	SSL_get_wbio();
-#endif
-int	SSL_set_cipher_list();
-void	SSL_set_read_ahead();
-int	SSL_get_verify_mode();
-
-void	SSL_set_verify();
-int	SSL_use_RSAPrivateKey();
-int	SSL_use_RSAPrivateKey_ASN1();
-int	SSL_use_PrivateKey();
-int	SSL_use_PrivateKey_ASN1();
-int	SSL_use_certificate();
-int	SSL_use_certificate_ASN1();
-
-#ifndef NO_STDIO
-int	SSL_use_RSAPrivateKey_file();
-int	SSL_use_PrivateKey_file();
-int	SSL_use_certificate_file();
-int	SSL_CTX_use_RSAPrivateKey_file();
-int	SSL_CTX_use_PrivateKey_file();
-int	SSL_CTX_use_certificate_file();
-STACK * SSL_load_client_CA_file();
-#endif
-
-void	ERR_load_SSL_strings();
-void	SSL_load_error_strings();
-char * 	SSL_state_string();
-char * 	SSL_rstate_string();
-char * 	SSL_state_string_long();
-char * 	SSL_rstate_string_long();
-long	SSL_SESSION_get_time();
-long	SSL_SESSION_set_time();
-long	SSL_SESSION_get_timeout();
-long	SSL_SESSION_set_timeout();
-void	SSL_copy_session_id();
-
-SSL_SESSION *SSL_SESSION_new();
-unsigned long SSL_SESSION_hash();
-int	SSL_SESSION_cmp();
-#ifndef NO_FP_API
-int	SSL_SESSION_print_fp();
+#define SSL_CTX_sess_set_cache_size(ctx,t) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
+#define SSL_CTX_sess_get_cache_size(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
+#define SSL_CTX_set_session_cache_mode(ctx,m) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
+#define SSL_CTX_get_session_cache_mode(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
+
+#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
+#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
+#define SSL_CTX_get_read_ahead(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
+#define SSL_CTX_set_read_ahead(ctx,m) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
+#define SSL_CTX_get_max_cert_list(ctx) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
+#define SSL_CTX_set_max_cert_list(ctx,m) \
+	SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
+#define SSL_get_max_cert_list(ssl) \
+	SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
+#define SSL_set_max_cert_list(ssl,m) \
+	SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
+
+     /* NB: the keylength is only applicable when is_export is true */
+#ifndef OPENSSL_NO_RSA
+void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
+				  RSA *(*cb)(SSL *ssl,int is_export,
+					     int keylength));
+
+void SSL_set_tmp_rsa_callback(SSL *ssl,
+				  RSA *(*cb)(SSL *ssl,int is_export,
+					     int keylength));
 #endif
-#ifdef HEADER_BIO_H
-int	SSL_SESSION_print();
+#ifndef OPENSSL_NO_DH
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+				 DH *(*dh)(SSL *ssl,int is_export,
+					   int keylength));
+void SSL_set_tmp_dh_callback(SSL *ssl,
+				 DH *(*dh)(SSL *ssl,int is_export,
+					   int keylength));
 #endif
-void	SSL_SESSION_free();
-int	i2d_SSL_SESSION();
-int	SSL_set_session();
-int	SSL_CTX_add_session();
-int	SSL_CTX_remove_session();
-SSL_SESSION *d2i_SSL_SESSION();
-
-#ifdef HEADER_X509_H
-X509 *	SSL_get_peer_certificate();
+#ifndef OPENSSL_NO_ECDH
+void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
+				 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
+					   int keylength));
+void SSL_set_tmp_ecdh_callback(SSL *ssl,
+				 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
+					   int keylength));
 #endif
 
-STACK *	SSL_get_peer_cert_chain();
-
-int SSL_CTX_get_verify_mode();
-int (*SSL_CTX_get_verify_callback())();
-void SSL_CTX_set_verify();
-void SSL_CTX_set_cert_verify_cb();
-int SSL_CTX_use_RSAPrivateKey();
-int SSL_CTX_use_RSAPrivateKey_ASN1();
-int SSL_CTX_use_PrivateKey();
-int SSL_CTX_use_PrivateKey_ASN1();
-int SSL_CTX_use_certificate();
-int SSL_CTX_use_certificate_ASN1();
-
-void SSL_CTX_set_default_passwd_cb();
-
-int SSL_CTX_check_private_key();
-int SSL_check_private_key();
-
-SSL *	SSL_new();
-void    SSL_clear();
-void	SSL_free();
-int 	SSL_accept();
-int 	SSL_connect();
-int 	SSL_read();
-int 	SSL_peek();
-int 	SSL_write();
-long	SSL_ctrl();
-long	SSL_CTX_ctrl();
-
-int	SSL_get_error();
-char *	SSL_get_version();
-
-int SSL_CTX_set_ssl_version();
-
-SSL_METHOD *SSLv2_method();
-SSL_METHOD *SSLv2_server_method();
-SSL_METHOD *SSLv2_client_method();
-
-SSL_METHOD *SSLv3_method();
-SSL_METHOD *SSLv3_server_method();
-SSL_METHOD *SSLv3_client_method();
-
-SSL_METHOD *SSLv23_method();
-SSL_METHOD *SSLv23_server_method();
-SSL_METHOD *SSLv23_client_method();
-
-SSL_METHOD *TLSv1_method();
-SSL_METHOD *TLSv1_server_method();
-SSL_METHOD *TLSv1_client_method();
-
-STACK *SSL_get_ciphers();
-
-int SSL_do_handshake();
-int SSL_renegotiate();
-int SSL_shutdown();
-
-SSL_METHOD *SSL_get_ssl_method();
-int SSL_set_ssl_method();
-char *SSL_alert_type_string_long();
-char *SSL_alert_type_string();
-char *SSL_alert_desc_string_long();
-char *SSL_alert_desc_string();
-
-void SSL_set_client_CA_list();
-void SSL_CTX_set_client_CA_list();
-STACK *SSL_get_client_CA_list();
-STACK *SSL_CTX_get_client_CA_list();
-int SSL_add_client_CA();
-int SSL_CTX_add_client_CA();
-
-void SSL_set_connect_state();
-void SSL_set_accept_state();
-
-long SSL_get_default_timeout();
-
-void SSLeay_add_ssl_algorithms();
-
-char *SSL_CIPHER_description();
-STACK *SSL_dup_CA_list();
-
-SSL *SSL_dup();
-
-X509 *SSL_get_certificate();
-/* EVP * */ struct evp_pkey_st *SSL_get_privatekey();
-
-#ifdef this_is_for_mk1mf_pl
-EVP *SSL_get_privatekey();
-#endif
-
-void SSL_CTX_set_quiet_shutdown();
-int SSL_CTX_get_quiet_shutdown();
-void SSL_set_quiet_shutdown();
-int SSL_get_quiet_shutdown();
-void SSL_set_shutdown();
-int SSL_get_shutdown();
-int SSL_version();
-int SSL_CTX_set_default_verify_paths();
-int SSL_CTX_load_verify_locations();
-SSL_SESSION *SSL_get_session();
-SSL_CTX *SSL_get_SSL_CTX();
-void SSL_set_info_callback();
-void (*SSL_get_info_callback())();
-int SSL_state();
-void SSL_set_verify_result();
-long SSL_get_verify_result();
-
-int SSL_set_ex_data();
-char *SSL_get_ex_data();
-int SSL_get_ex_new_index();
-
-int SSL_SESSION_set_ex_data();
-char *SSL_SESSION_get_ex_data();
-int SSL_SESSION_get_ex_new_index();
-
-int SSL_CTX_set_ex_data();
-char *SSL_CTX_get_ex_data();
-int SSL_CTX_get_ex_new_index();
-
-int SSL_get_ex_data_X509_STORE_CTX_idx();
-
-/* #endif */
-
+#ifndef OPENSSL_NO_COMP
+int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
+#else
+int SSL_COMP_add_compression_method(int id,char *cm);
 #endif
 
 /* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+void ERR_load_SSL_strings(void);
+
 /* Error codes for the SSL functions. */
 
 /* Function codes. */
 #define SSL_F_CLIENT_CERTIFICATE			 100
+#define SSL_F_CLIENT_FINISHED				 238
 #define SSL_F_CLIENT_HELLO				 101
 #define SSL_F_CLIENT_MASTER_KEY				 102
 #define SSL_F_D2I_SSL_SESSION				 103
@@ -1199,27 +1513,36 @@ int SSL_get_ex_data_X509_STORE_CTX_idx();
 #define SSL_F_I2D_SSL_SESSION				 111
 #define SSL_F_READ_N					 112
 #define SSL_F_REQUEST_CERTIFICATE			 113
+#define SSL_F_SERVER_FINISH				 239
 #define SSL_F_SERVER_HELLO				 114
+#define SSL_F_SERVER_VERIFY				 240
 #define SSL_F_SSL23_ACCEPT				 115
 #define SSL_F_SSL23_CLIENT_HELLO			 116
 #define SSL_F_SSL23_CONNECT				 117
 #define SSL_F_SSL23_GET_CLIENT_HELLO			 118
 #define SSL_F_SSL23_GET_SERVER_HELLO			 119
+#define SSL_F_SSL23_PEEK				 237
 #define SSL_F_SSL23_READ				 120
 #define SSL_F_SSL23_WRITE				 121
 #define SSL_F_SSL2_ACCEPT				 122
 #define SSL_F_SSL2_CONNECT				 123
 #define SSL_F_SSL2_ENC_INIT				 124
+#define SSL_F_SSL2_GENERATE_KEY_MATERIAL		 241
+#define SSL_F_SSL2_PEEK					 234
 #define SSL_F_SSL2_READ					 125
+#define SSL_F_SSL2_READ_INTERNAL			 236
 #define SSL_F_SSL2_SET_CERTIFICATE			 126
 #define SSL_F_SSL2_WRITE				 127
 #define SSL_F_SSL3_ACCEPT				 128
+#define SSL_F_SSL3_CALLBACK_CTRL			 233
 #define SSL_F_SSL3_CHANGE_CIPHER_STATE			 129
 #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM		 130
 #define SSL_F_SSL3_CLIENT_HELLO				 131
 #define SSL_F_SSL3_CONNECT				 132
+#define SSL_F_SSL3_CTRL					 213
 #define SSL_F_SSL3_CTX_CTRL				 133
 #define SSL_F_SSL3_ENC					 134
+#define SSL_F_SSL3_GENERATE_KEY_BLOCK			 238
 #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST		 135
 #define SSL_F_SSL3_GET_CERT_VERIFY			 136
 #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE		 137
@@ -1233,6 +1556,7 @@ int SSL_get_ex_data_X509_STORE_CTX_idx();
 #define SSL_F_SSL3_GET_SERVER_DONE			 145
 #define SSL_F_SSL3_GET_SERVER_HELLO			 146
 #define SSL_F_SSL3_OUTPUT_CERT_CHAIN			 147
+#define SSL_F_SSL3_PEEK					 235
 #define SSL_F_SSL3_READ_BYTES				 148
 #define SSL_F_SSL3_READ_N				 149
 #define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST		 150
@@ -1240,69 +1564,91 @@ int SSL_get_ex_data_X509_STORE_CTX_idx();
 #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE		 152
 #define SSL_F_SSL3_SEND_CLIENT_VERIFY			 153
 #define SSL_F_SSL3_SEND_SERVER_CERTIFICATE		 154
+#define SSL_F_SSL3_SEND_SERVER_HELLO			 242
 #define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE		 155
 #define SSL_F_SSL3_SETUP_BUFFERS			 156
 #define SSL_F_SSL3_SETUP_KEY_BLOCK			 157
 #define SSL_F_SSL3_WRITE_BYTES				 158
 #define SSL_F_SSL3_WRITE_PENDING			 159
+#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK	 215
+#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK	 216
 #define SSL_F_SSL_BAD_METHOD				 160
 #define SSL_F_SSL_BYTES_TO_CIPHER_LIST			 161
+#define SSL_F_SSL_CERT_DUP				 221
+#define SSL_F_SSL_CERT_INST				 222
+#define SSL_F_SSL_CERT_INSTANTIATE			 214
 #define SSL_F_SSL_CERT_NEW				 162
 #define SSL_F_SSL_CHECK_PRIVATE_KEY			 163
-#define SSL_F_SSL_CREATE_CIPHER_LIST			 164
-#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY			 165
-#define SSL_F_SSL_CTX_NEW				 166
-#define SSL_F_SSL_CTX_SET_SSL_VERSION			 167
-#define SSL_F_SSL_CTX_USE_CERTIFICATE			 168
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1		 169
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE		 170
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY			 171
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1		 172
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE		 173
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY			 174
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1		 175
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE		 176
-#define SSL_F_SSL_DO_HANDSHAKE				 177
-#define SSL_F_SSL_GET_NEW_SESSION			 178
-#define SSL_F_SSL_GET_SERVER_SEND_CERT			 179
-#define SSL_F_SSL_GET_SIGN_PKEY				 180
-#define SSL_F_SSL_INIT_WBIO_BUFFER			 181
-#define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 182
-#define SSL_F_SSL_NEW					 183
-#define SSL_F_SSL_RSA_PRIVATE_DECRYPT			 184
-#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT			 185
-#define SSL_F_SSL_SESSION_NEW				 186
-#define SSL_F_SSL_SESSION_PRINT_FP			 187
-#define SSL_F_SSL_SET_CERT				 188
-#define SSL_F_SSL_SET_FD				 189
-#define SSL_F_SSL_SET_PKEY				 190
-#define SSL_F_SSL_SET_RFD				 191
-#define SSL_F_SSL_SET_SESSION				 192
-#define SSL_F_SSL_SET_WFD				 193
-#define SSL_F_SSL_UNDEFINED_FUNCTION			 194
-#define SSL_F_SSL_USE_CERTIFICATE			 195
-#define SSL_F_SSL_USE_CERTIFICATE_ASN1			 196
-#define SSL_F_SSL_USE_CERTIFICATE_FILE			 197
-#define SSL_F_SSL_USE_PRIVATEKEY			 198
-#define SSL_F_SSL_USE_PRIVATEKEY_ASN1			 199
-#define SSL_F_SSL_USE_PRIVATEKEY_FILE			 200
-#define SSL_F_SSL_USE_RSAPRIVATEKEY			 201
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1		 202
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE		 203
-#define SSL_F_SSL_VERIFY_CERT_CHAIN			 204
-#define SSL_F_SSL_WRITE					 205
-#define SSL_F_TLS1_CHANGE_CIPHER_STATE			 206
-#define SSL_F_TLS1_ENC					 207
-#define SSL_F_TLS1_SETUP_KEY_BLOCK			 208
-#define SSL_F_WRITE_PENDING				 209
+#define SSL_F_SSL_CIPHER_PROCESS_RULESTR		 230
+#define SSL_F_SSL_CIPHER_STRENGTH_SORT			 231
+#define SSL_F_SSL_CLEAR					 164
+#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD		 165
+#define SSL_F_SSL_CREATE_CIPHER_LIST			 166
+#define SSL_F_SSL_CTRL					 232
+#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY			 168
+#define SSL_F_SSL_CTX_NEW				 169
+#define SSL_F_SSL_CTX_SET_PURPOSE			 226
+#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT		 219
+#define SSL_F_SSL_CTX_SET_SSL_VERSION			 170
+#define SSL_F_SSL_CTX_SET_TRUST				 229
+#define SSL_F_SSL_CTX_USE_CERTIFICATE			 171
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1		 172
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE	 220
+#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE		 173
+#define SSL_F_SSL_CTX_USE_PRIVATEKEY			 174
+#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1		 175
+#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE		 176
+#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY			 177
+#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1		 178
+#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE		 179
+#define SSL_F_SSL_DO_HANDSHAKE				 180
+#define SSL_F_SSL_GET_NEW_SESSION			 181
+#define SSL_F_SSL_GET_PREV_SESSION			 217
+#define SSL_F_SSL_GET_SERVER_SEND_CERT			 182
+#define SSL_F_SSL_GET_SIGN_PKEY				 183
+#define SSL_F_SSL_INIT_WBIO_BUFFER			 184
+#define SSL_F_SSL_LOAD_CLIENT_CA_FILE			 185
+#define SSL_F_SSL_NEW					 186
+#define SSL_F_SSL_READ					 223
+#define SSL_F_SSL_RSA_PRIVATE_DECRYPT			 187
+#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT			 188
+#define SSL_F_SSL_SESSION_NEW				 189
+#define SSL_F_SSL_SESSION_PRINT_FP			 190
+#define SSL_F_SSL_SESS_CERT_NEW				 225
+#define SSL_F_SSL_SET_CERT				 191
+#define SSL_F_SSL_SET_FD				 192
+#define SSL_F_SSL_SET_PKEY				 193
+#define SSL_F_SSL_SET_PURPOSE				 227
+#define SSL_F_SSL_SET_RFD				 194
+#define SSL_F_SSL_SET_SESSION				 195
+#define SSL_F_SSL_SET_SESSION_ID_CONTEXT		 218
+#define SSL_F_SSL_SET_TRUST				 228
+#define SSL_F_SSL_SET_WFD				 196
+#define SSL_F_SSL_SHUTDOWN				 224
+#define SSL_F_SSL_UNDEFINED_FUNCTION			 197
+#define SSL_F_SSL_USE_CERTIFICATE			 198
+#define SSL_F_SSL_USE_CERTIFICATE_ASN1			 199
+#define SSL_F_SSL_USE_CERTIFICATE_FILE			 200
+#define SSL_F_SSL_USE_PRIVATEKEY			 201
+#define SSL_F_SSL_USE_PRIVATEKEY_ASN1			 202
+#define SSL_F_SSL_USE_PRIVATEKEY_FILE			 203
+#define SSL_F_SSL_USE_RSAPRIVATEKEY			 204
+#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1		 205
+#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE		 206
+#define SSL_F_SSL_VERIFY_CERT_CHAIN			 207
+#define SSL_F_SSL_WRITE					 208
+#define SSL_F_TLS1_CHANGE_CIPHER_STATE			 209
+#define SSL_F_TLS1_ENC					 210
+#define SSL_F_TLS1_SETUP_KEY_BLOCK			 211
+#define SSL_F_WRITE_PENDING				 212
 
 /* Reason codes. */
 #define SSL_R_APP_DATA_IN_HANDSHAKE			 100
+#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
 #define SSL_R_BAD_ALERT_RECORD				 101
 #define SSL_R_BAD_AUTHENTICATION_TYPE			 102
 #define SSL_R_BAD_CHANGE_CIPHER_SPEC			 103
 #define SSL_R_BAD_CHECKSUM				 104
-#define SSL_R_BAD_CLIENT_REQUEST			 105
 #define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK		 106
 #define SSL_R_BAD_DECOMPRESSION				 107
 #define SSL_R_BAD_DH_G_LENGTH				 108
@@ -1310,6 +1656,11 @@ int SSL_get_ex_data_X509_STORE_CTX_idx();
 #define SSL_R_BAD_DH_P_LENGTH				 110
 #define SSL_R_BAD_DIGEST_LENGTH				 111
 #define SSL_R_BAD_DSA_SIGNATURE				 112
+#define SSL_R_BAD_ECC_CERT				 1117
+#define SSL_R_BAD_ECDSA_SIGNATURE			 1112
+#define SSL_R_BAD_ECPOINT				 1113
+#define SSL_R_BAD_HELLO_REQUEST				 105
+#define SSL_R_BAD_LENGTH				 271
 #define SSL_R_BAD_MAC_DECODE				 113
 #define SSL_R_BAD_MESSAGE_TYPE				 114
 #define SSL_R_BAD_PACKET_LENGTH				 115
@@ -1345,20 +1696,41 @@ int SSL_get_ex_data_X509_STORE_CTX_idx();
 #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED		 145
 #define SSL_R_DATA_LENGTH_TOO_LONG			 146
 #define SSL_R_DECRYPTION_FAILED				 147
+#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC	 1109
 #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 148
 #define SSL_R_DIGEST_CHECK_FAILED			 149
+#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER		 1119
 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 150
+#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY		 1092
 #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST		 151
 #define SSL_R_EXCESSIVE_MESSAGE_SIZE			 152
 #define SSL_R_EXTRA_DATA_IN_MESSAGE			 153
 #define SSL_R_GOT_A_FIN_BEFORE_A_CCS			 154
 #define SSL_R_HTTPS_PROXY_REQUEST			 155
 #define SSL_R_HTTP_REQUEST				 156
-#define SSL_R_INTERNAL_ERROR				 157
+#define SSL_R_ILLEGAL_PADDING				 1110
 #define SSL_R_INVALID_CHALLENGE_LENGTH			 158
+#define SSL_R_INVALID_COMMAND				 280
+#define SSL_R_INVALID_PURPOSE				 278
+#define SSL_R_INVALID_TRUST				 279
+#define SSL_R_KEY_ARG_TOO_LONG				 1112
+#define SSL_R_KRB5					 1104
+#define SSL_R_KRB5_C_CC_PRINC				 1094
+#define SSL_R_KRB5_C_GET_CRED				 1095
+#define SSL_R_KRB5_C_INIT				 1096
+#define SSL_R_KRB5_C_MK_REQ				 1097
+#define SSL_R_KRB5_S_BAD_TICKET				 1098
+#define SSL_R_KRB5_S_INIT				 1099
+#define SSL_R_KRB5_S_RD_REQ				 1108
+#define SSL_R_KRB5_S_TKT_EXPIRED			 1105
+#define SSL_R_KRB5_S_TKT_NYV				 1106
+#define SSL_R_KRB5_S_TKT_SKEW				 1107
 #define SSL_R_LENGTH_MISMATCH				 159
 #define SSL_R_LENGTH_TOO_SHORT				 160
+#define SSL_R_LIBRARY_BUG				 274
 #define SSL_R_LIBRARY_HAS_NO_CIPHERS			 161
+#define SSL_R_MASTER_KEY_TOO_LONG			 1112
+#define SSL_R_MESSAGE_TOO_LONG				 1111
 #define SSL_R_MISSING_DH_DSA_CERT			 162
 #define SSL_R_MISSING_DH_KEY				 163
 #define SSL_R_MISSING_DH_RSA_CERT			 164
@@ -1369,6 +1741,7 @@ int SSL_get_ex_data_X509_STORE_CTX_idx();
 #define SSL_R_MISSING_RSA_ENCRYPTING_CERT		 169
 #define SSL_R_MISSING_RSA_SIGNING_CERT			 170
 #define SSL_R_MISSING_TMP_DH_KEY			 171
+#define SSL_R_MISSING_TMP_ECDH_KEY			 1114
 #define SSL_R_MISSING_TMP_RSA_KEY			 172
 #define SSL_R_MISSING_TMP_RSA_PKEY			 173
 #define SSL_R_MISSING_VERIFY_MESSAGE			 174
@@ -1385,39 +1758,46 @@ int SSL_get_ex_data_X509_STORE_CTX_idx();
 #define SSL_R_NO_CIPHER_MATCH				 185
 #define SSL_R_NO_CLIENT_CERT_RECEIVED			 186
 #define SSL_R_NO_COMPRESSION_SPECIFIED			 187
-#define SSL_R_NO_PRIVATEKEY				 188
-#define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 189
-#define SSL_R_NO_PROTOCOLS_AVAILABLE			 190
-#define SSL_R_NO_PUBLICKEY				 191
-#define SSL_R_NO_SHARED_CIPHER				 192
-#define SSL_R_NO_VERIFY_CALLBACK			 193
-#define SSL_R_NULL_SSL_CTX				 194
-#define SSL_R_NULL_SSL_METHOD_PASSED			 195
-#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED		 196
-#define SSL_R_PACKET_LENGTH_TOO_LONG			 197
-#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE		 198
-#define SSL_R_PEER_ERROR				 199
-#define SSL_R_PEER_ERROR_CERTIFICATE			 200
-#define SSL_R_PEER_ERROR_NO_CERTIFICATE			 201
-#define SSL_R_PEER_ERROR_NO_CIPHER			 202
-#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE	 203
-#define SSL_R_PRE_MAC_LENGTH_TOO_LONG			 204
-#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS		 205
-#define SSL_R_PROTOCOL_IS_SHUTDOWN			 206
-#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR			 207
-#define SSL_R_PUBLIC_KEY_IS_NOT_RSA			 208
-#define SSL_R_PUBLIC_KEY_NOT_RSA			 209
-#define SSL_R_READ_BIO_NOT_SET				 210
-#define SSL_R_READ_WRONG_PACKET_TYPE			 211
-#define SSL_R_RECORD_LENGTH_MISMATCH			 212
-#define SSL_R_RECORD_TOO_LARGE				 213
-#define SSL_R_REQUIRED_CIPHER_MISSING			 214
-#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO		 215
-#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO			 216
-#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO		 217
-#define SSL_R_SHORT_READ				 218
-#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 219
-#define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 220
+#define SSL_R_NO_METHOD_SPECIFIED			 188
+#define SSL_R_NO_PRIVATEKEY				 189
+#define SSL_R_NO_PRIVATE_KEY_ASSIGNED			 190
+#define SSL_R_NO_PROTOCOLS_AVAILABLE			 191
+#define SSL_R_NO_PUBLICKEY				 192
+#define SSL_R_NO_SHARED_CIPHER				 193
+#define SSL_R_NO_VERIFY_CALLBACK			 194
+#define SSL_R_NULL_SSL_CTX				 195
+#define SSL_R_NULL_SSL_METHOD_PASSED			 196
+#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED		 197
+#define SSL_R_PACKET_LENGTH_TOO_LONG			 198
+#define SSL_R_PATH_TOO_LONG				 270
+#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE		 199
+#define SSL_R_PEER_ERROR				 200
+#define SSL_R_PEER_ERROR_CERTIFICATE			 201
+#define SSL_R_PEER_ERROR_NO_CERTIFICATE			 202
+#define SSL_R_PEER_ERROR_NO_CIPHER			 203
+#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE	 204
+#define SSL_R_PRE_MAC_LENGTH_TOO_LONG			 205
+#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS		 206
+#define SSL_R_PROTOCOL_IS_SHUTDOWN			 207
+#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR			 208
+#define SSL_R_PUBLIC_KEY_IS_NOT_RSA			 209
+#define SSL_R_PUBLIC_KEY_NOT_RSA			 210
+#define SSL_R_READ_BIO_NOT_SET				 211
+#define SSL_R_READ_WRONG_PACKET_TYPE			 212
+#define SSL_R_RECORD_LENGTH_MISMATCH			 213
+#define SSL_R_RECORD_TOO_LARGE				 214
+#define SSL_R_RECORD_TOO_SMALL				 1093
+#define SSL_R_REQUIRED_CIPHER_MISSING			 215
+#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO		 216
+#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO			 217
+#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO		 218
+#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED		 277
+#define SSL_R_SHORT_READ				 219
+#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220
+#define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221
+#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG		 1114
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG			 1113
+#define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222
 #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042
 #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020
 #define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED		 1045
@@ -1427,70 +1807,78 @@ int SSL_get_ex_data_X509_STORE_CTX_idx();
 #define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE		 1040
 #define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER		 1047
 #define SSL_R_SSLV3_ALERT_NO_CERTIFICATE		 1041
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE	 221
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE	 222
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER		 223
-#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 224
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE	 223
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE	 224
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER		 225
+#define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 226
 #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE		 1010
-#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE	 225
+#define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE	 227
 #define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE	 1043
-#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION	 226
-#define SSL_R_SSL_HANDSHAKE_FAILURE			 227
-#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS		 228
-#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT		 229
+#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION	 228
+#define SSL_R_SSL_HANDSHAKE_FAILURE			 229
+#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS		 230
+#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED		 1102
+#define SSL_R_SSL_SESSION_ID_CONFLICT			 1103
+#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG		 273
+#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH		 1101
+#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT		 231
 #define SSL_R_TLSV1_ALERT_ACCESS_DENIED			 1049
 #define SSL_R_TLSV1_ALERT_DECODE_ERROR			 1050
 #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED		 1021
 #define SSL_R_TLSV1_ALERT_DECRYPT_ERROR			 1051
-#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICION		 1060
+#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION		 1060
 #define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY		 1071
 #define SSL_R_TLSV1_ALERT_INTERNAL_ERROR		 1080
 #define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION		 1100
 #define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION		 1070
 #define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW		 1022
 #define SSL_R_TLSV1_ALERT_UNKNOWN_CA			 1048
-#define SSL_R_TLSV1_ALERT_USER_CANCLED			 1090
-#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER	 230
-#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 231
-#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG	 232
-#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER		 233
-#define SSL_R_UNABLE_TO_DECODE_DH_CERTS			 234
-#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY		 235
-#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS		 236
-#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS	 237
-#define SSL_R_UNABLE_TO_FIND_SSL_METHOD			 238
-#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES		 239
-#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES		 240
-#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES		 241
-#define SSL_R_UNEXPECTED_MESSAGE			 242
-#define SSL_R_UNEXPECTED_RECORD				 243
-#define SSL_R_UNKNOWN_ALERT_TYPE			 244
-#define SSL_R_UNKNOWN_CERTIFICATE_TYPE			 245
-#define SSL_R_UNKNOWN_CIPHER_RETURNED			 246
-#define SSL_R_UNKNOWN_CIPHER_TYPE			 247
-#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE			 248
-#define SSL_R_UNKNOWN_PKEY_TYPE				 249
-#define SSL_R_UNKNOWN_PROTOCOL				 250
-#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE			 251
-#define SSL_R_UNKNOWN_SSL_VERSION			 252
-#define SSL_R_UNKNOWN_STATE				 253
-#define SSL_R_UNSUPPORTED_CIPHER			 254
-#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 255
-#define SSL_R_UNSUPPORTED_PROTOCOL			 256
-#define SSL_R_UNSUPPORTED_SSL_VERSION			 257
-#define SSL_R_WRITE_BIO_NOT_SET				 258
-#define SSL_R_WRONG_CIPHER_RETURNED			 259
-#define SSL_R_WRONG_MESSAGE_TYPE			 260
-#define SSL_R_WRONG_NUMBER_OF_KEY_BITS			 261
-#define SSL_R_WRONG_SIGNATURE_LENGTH			 262
-#define SSL_R_WRONG_SIGNATURE_SIZE			 263
-#define SSL_R_WRONG_SSL_VERSION				 264
-#define SSL_R_WRONG_VERSION_NUMBER			 265
-#define SSL_R_X509_LIB					 266
-#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS		 267
- 
+#define SSL_R_TLSV1_ALERT_USER_CANCELLED		 1090
+#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER	 232
+#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
+#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG	 234
+#define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER		 235
+#define SSL_R_UNABLE_TO_DECODE_DH_CERTS			 236
+#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS		 1115
+#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY		 237
+#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS		 238
+#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS		 1116
+#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS	 239
+#define SSL_R_UNABLE_TO_FIND_SSL_METHOD			 240
+#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES		 241
+#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES		 242
+#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES		 243
+#define SSL_R_UNEXPECTED_MESSAGE			 244
+#define SSL_R_UNEXPECTED_RECORD				 245
+#define SSL_R_UNINITIALIZED				 276
+#define SSL_R_UNKNOWN_ALERT_TYPE			 246
+#define SSL_R_UNKNOWN_CERTIFICATE_TYPE			 247
+#define SSL_R_UNKNOWN_CIPHER_RETURNED			 248
+#define SSL_R_UNKNOWN_CIPHER_TYPE			 249
+#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE			 250
+#define SSL_R_UNKNOWN_PKEY_TYPE				 251
+#define SSL_R_UNKNOWN_PROTOCOL				 252
+#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE			 253
+#define SSL_R_UNKNOWN_SSL_VERSION			 254
+#define SSL_R_UNKNOWN_STATE				 255
+#define SSL_R_UNSUPPORTED_CIPHER			 256
+#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM		 257
+#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE		 1118
+#define SSL_R_UNSUPPORTED_OPTION			 1091
+#define SSL_R_UNSUPPORTED_PROTOCOL			 258
+#define SSL_R_UNSUPPORTED_SSL_VERSION			 259
+#define SSL_R_WRITE_BIO_NOT_SET				 260
+#define SSL_R_WRONG_CIPHER_RETURNED			 261
+#define SSL_R_WRONG_MESSAGE_TYPE			 262
+#define SSL_R_WRONG_NUMBER_OF_KEY_BITS			 263
+#define SSL_R_WRONG_SIGNATURE_LENGTH			 264
+#define SSL_R_WRONG_SIGNATURE_SIZE			 265
+#define SSL_R_WRONG_SSL_VERSION				 266
+#define SSL_R_WRONG_VERSION_NUMBER			 267
+#define SSL_R_X509_LIB					 268
+#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS		 269
+
 #ifdef  __cplusplus
 }
 #endif
 #endif
-
diff --git a/ssl/ssl2.h b/ssl/ssl2.h
index 3dc94e520b..99a52ea0dd 100644
--- a/ssl/ssl2.h
+++ b/ssl/ssl2.h
@@ -67,8 +67,8 @@ extern "C" {
 #define SSL2_VERSION		0x0002
 #define SSL2_VERSION_MAJOR	0x00
 #define SSL2_VERSION_MINOR	0x02
-#define SSL2_CLIENT_VERSION	0x0002
-#define SSL2_SERVER_VERSION	0x0002
+/* #define SSL2_CLIENT_VERSION	0x0002 */
+/* #define SSL2_SERVER_VERSION	0x0002 */
 
 /* Protocol Message Codes */
 #define SSL2_MT_ERROR			0
@@ -133,8 +133,12 @@ extern "C" {
 
 /* Upper/Lower Bounds */
 #define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS	256
-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	(unsigned int)32767 
-#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER	16383 /**/
+#ifdef OPENSSL_SYS_MPE
+#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	29998u
+#else
+#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER	32767u  /* 2^15-1 */
+#endif
+#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER	16383 /* 2^14-1 */
 
 #define SSL2_CHALLENGE_LENGTH	16
 /*#define SSL2_CHALLENGE_LENGTH	32 */
@@ -151,7 +155,7 @@ extern "C" {
 #define  CERT		char
 #endif
 
-typedef struct ssl2_ctx_st
+typedef struct ssl2_state_st
 	{
 	int three_byte_header;
 	int clear_text;		/* clear text */
@@ -162,7 +166,7 @@ typedef struct ssl2_ctx_st
 	 * args were passwd */
 	unsigned int wnum;	/* number of bytes sent so far */
 	int wpend_tot;
-	char *wpend_buf;
+	const unsigned char *wpend_buf;
 
 	int wpend_off;	/* offset to data to write */
 	int wpend_len; 	/* number of bytes passwd to write */
@@ -185,7 +189,6 @@ typedef struct ssl2_ctx_st
 	unsigned char *ract_data;
 	unsigned char *wact_data;
 	unsigned char *mac_data;
-	unsigned char *pad_data;
 
 	unsigned char *read_key;
 	unsigned char *write_key;
@@ -205,16 +208,16 @@ typedef struct ssl2_ctx_st
 		unsigned int conn_id_length;
 		unsigned int cert_type;	
 		unsigned int cert_length;
-		int csl; 
-		int clear;
+		unsigned int csl; 
+		unsigned int clear;
 		unsigned int enc; 
 		unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
-		int cipher_spec_length;
+		unsigned int cipher_spec_length;
 		unsigned int session_id_length;
 		unsigned int clen;
 		unsigned int rlen;
 		} tmp;
-	} SSL2_CTX;
+	} SSL2_STATE;
 
 /* SSLv2 */
 /* client */
diff --git a/ssl/ssl3.h b/ssl/ssl3.h
index 7c5c94d7c9..796dcbc528 100644
--- a/ssl/ssl3.h
+++ b/ssl/ssl3.h
@@ -55,11 +55,74 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
 #ifndef HEADER_SSL3_H 
 #define HEADER_SSL3_H 
 
-#include "buffer.h"
+#ifndef OPENSSL_NO_COMP
+#include <openssl/comp.h>
+#endif
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include <openssl/ssl.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -98,7 +161,29 @@ extern "C" {
 
 #define SSL3_CK_FZA_DMS_NULL_SHA		0x0300001C
 #define SSL3_CK_FZA_DMS_FZA_SHA			0x0300001D
+#if 0 /* Because it clashes with KRB5, is never used any more, and is safe
+	 to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
+	 of the ietf-tls list */
 #define SSL3_CK_FZA_DMS_RC4_SHA			0x0300001E
+#endif
+
+/*    VRS Additional Kerberos5 entries
+ */
+#define SSL3_CK_KRB5_DES_64_CBC_SHA		0x0300001E
+#define SSL3_CK_KRB5_DES_192_CBC3_SHA		0x0300001F
+#define SSL3_CK_KRB5_RC4_128_SHA		0x03000020
+#define SSL3_CK_KRB5_IDEA_128_CBC_SHA	       	0x03000021
+#define SSL3_CK_KRB5_DES_64_CBC_MD5       	0x03000022
+#define SSL3_CK_KRB5_DES_192_CBC3_MD5       	0x03000023
+#define SSL3_CK_KRB5_RC4_128_MD5	       	0x03000024
+#define SSL3_CK_KRB5_IDEA_128_CBC_MD5 		0x03000025
+
+#define SSL3_CK_KRB5_DES_40_CBC_SHA 		0x03000026
+#define SSL3_CK_KRB5_RC2_40_CBC_SHA 		0x03000027
+#define SSL3_CK_KRB5_RC4_40_SHA	 		0x03000028
+#define SSL3_CK_KRB5_DES_40_CBC_MD5 		0x03000029
+#define SSL3_CK_KRB5_RC2_40_CBC_MD5 		0x0300002A
+#define SSL3_CK_KRB5_RC4_40_MD5	 		0x0300002B
 
 #define SSL3_TXT_RSA_NULL_MD5			"NULL-MD5"
 #define SSL3_TXT_RSA_NULL_SHA			"NULL-SHA"
@@ -135,6 +220,22 @@ extern "C" {
 #define SSL3_TXT_FZA_DMS_FZA_SHA		"FZA-FZA-CBC-SHA"
 #define SSL3_TXT_FZA_DMS_RC4_SHA		"FZA-RC4-SHA"
 
+#define SSL3_TXT_KRB5_DES_64_CBC_SHA		"KRB5-DES-CBC-SHA"
+#define SSL3_TXT_KRB5_DES_192_CBC3_SHA		"KRB5-DES-CBC3-SHA"
+#define SSL3_TXT_KRB5_RC4_128_SHA		"KRB5-RC4-SHA"
+#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA	       	"KRB5-IDEA-CBC-SHA"
+#define SSL3_TXT_KRB5_DES_64_CBC_MD5       	"KRB5-DES-CBC-MD5"
+#define SSL3_TXT_KRB5_DES_192_CBC3_MD5       	"KRB5-DES-CBC3-MD5"
+#define SSL3_TXT_KRB5_RC4_128_MD5		"KRB5-RC4-MD5"
+#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 		"KRB5-IDEA-CBC-MD5"
+
+#define SSL3_TXT_KRB5_DES_40_CBC_SHA 		"EXP-KRB5-DES-CBC-SHA"
+#define SSL3_TXT_KRB5_RC2_40_CBC_SHA 		"EXP-KRB5-RC2-CBC-SHA"
+#define SSL3_TXT_KRB5_RC4_40_SHA	 	"EXP-KRB5-RC4-SHA"
+#define SSL3_TXT_KRB5_DES_40_CBC_MD5 		"EXP-KRB5-DES-CBC-MD5"
+#define SSL3_TXT_KRB5_RC2_40_CBC_MD5 		"EXP-KRB5-RC2-CBC-MD5"
+#define SSL3_TXT_KRB5_RC4_40_MD5	 	"EXP-KRB5-RC4-MD5"
+
 #define SSL3_SSL_SESSION_ID_LENGTH		32
 #define SSL3_MAX_SSL_SESSION_ID_LENGTH		32
 
@@ -144,7 +245,8 @@ extern "C" {
 #define SSL3_RT_HEADER_LENGTH			5
 
 /* Due to MS stuffing up, this can change.... */
-#if defined(WIN16) || (defined(MSDOS) && !defined(WIN32))
+#if defined(OPENSSL_SYS_WIN16) || \
+	(defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32))
 #define SSL3_RT_MAX_EXTRA			(14000)
 #else
 #define SSL3_RT_MAX_EXTRA			(16384)
@@ -156,24 +258,8 @@ extern "C" {
 #define SSL3_RT_MAX_PACKET_SIZE		(SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
 #define SSL3_RT_MAX_DATA_SIZE			(1024*1024)
 
-/* the states that a SSL3_RECORD can be in
- * For SSL_read it goes
- * rbuf->ENCODED	-> read 
- * ENCODED		-> we need to decode everything - call decode_record
- */
- 
-#define SSL3_RS_BLANK			1
-#define SSL3_RS_DATA
-
-#define SSL3_RS_ENCODED			2
-#define SSL3_RS_READ_MORE		3
-#define SSL3_RS_WRITE_MORE
-#define SSL3_RS_PLAIN			3
-#define SSL3_RS_PART_READ		4
-#define SSL3_RS_PART_WRITE		5
-
-#define SSL3_MD_CLIENT_FINISHED_CONST	{0x43,0x4C,0x4E,0x54}
-#define SSL3_MD_SERVER_FINISHED_CONST	{0x53,0x52,0x56,0x52}
+#define SSL3_MD_CLIENT_FINISHED_CONST	"\x43\x4C\x4E\x54"
+#define SSL3_MD_SERVER_FINISHED_CONST	"\x53\x52\x56\x52"
 
 #define SSL3_VERSION			0x0300
 #define SSL3_VERSION_MAJOR		0x03
@@ -202,22 +288,21 @@ extern "C" {
 
 typedef struct ssl3_record_st
 	{
-/*r */	int type;		/* type of record */
-/*  */	/*int state;*/		/* any data in it? */
-/*rw*/	unsigned int length;	/* How many bytes available */
-/*r */	unsigned int off;	/* read/write offset into 'buf' */
-/*rw*/	unsigned char *data;	/* pointer to the record data */
-/*rw*/	unsigned char *input;	/* where the decode bytes are */
-/*r */	unsigned char *comp;	/* only used with decompression - malloc()ed */
+/*r */	int type;               /* type of record */
+/*rw*/	unsigned int length;    /* How many bytes available */
+/*r */	unsigned int off;       /* read/write offset into 'buf' */
+/*rw*/	unsigned char *data;    /* pointer to the record data */
+/*rw*/	unsigned char *input;   /* where the decode bytes are */
+/*r */	unsigned char *comp;    /* only used with decompression - malloc()ed */
 	} SSL3_RECORD;
 
 typedef struct ssl3_buffer_st
 	{
-/*r */	int total;		/* used in non-blocking writes */
-/*r */	int wanted;		/* how many more bytes we need */
-/*rw*/	int left;		/* how many bytes left */
-/*rw*/	int offset;		/* where to 'copy from' */
-/*rw*/	unsigned char *buf;	/* SSL3_RT_MAX_PACKET_SIZE bytes */
+	unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
+	                         * see ssl3_setup_buffers() */
+	size_t len;             /* buffer size */
+	int offset;             /* where to 'copy from' */
+	int left;               /* how many bytes left */
 	} SSL3_BUFFER;
 
 #define SSL3_CT_RSA_SIGN			1
@@ -227,41 +312,19 @@ typedef struct ssl3_buffer_st
 #define SSL3_CT_RSA_EPHEMERAL_DH		5
 #define SSL3_CT_DSS_EPHEMERAL_DH		6
 #define SSL3_CT_FORTEZZA_DMS			20
-#define SSL3_CT_NUMBER				7
+/* SSL3_CT_NUMBER is used to size arrays and it must be large
+ * enough to contain all of the cert types defined either for
+ * SSLv3 and TLSv1.
+ */
+#define SSL3_CT_NUMBER			7
+
 
 #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS	0x0001
 #define SSL3_FLAGS_DELAY_CLIENT_FINISHED	0x0002
 #define SSL3_FLAGS_POP_BUFFER			0x0004
 #define TLS1_FLAGS_TLS_PADDING_BUG		0x0008
 
-#if 0
-#define AD_CLOSE_NOTIFY			0
-#define AD_UNEXPECTED_MESSAGE		1
-#define AD_BAD_RECORD_MAC		2
-#define AD_DECRYPTION_FAILED		3
-#define AD_RECORD_OVERFLOW		4
-#define AD_DECOMPRESSION_FAILURE	5	/* fatal */
-#define AD_HANDSHAKE_FAILURE		6	/* fatal */
-#define AD_NO_CERTIFICATE		7	/* Not under TLS */
-#define AD_BAD_CERTIFICATE		8
-#define AD_UNSUPPORTED_CERTIFICATE	9
-#define AD_CERTIFICATE_REVOKED		10	
-#define AD_CERTIFICATE_EXPIRED		11
-#define AD_CERTIFICATE_UNKNOWN		12
-#define AD_ILLEGAL_PARAMETER		13	/* fatal */
-#define AD_UNKNOWN_CA			14	/* fatal */
-#define AD_ACCESS_DENIED		15	/* fatal */
-#define AD_DECODE_ERROR			16	/* fatal */
-#define AD_DECRYPT_ERROR		17
-#define AD_EXPORT_RESTRICION		18	/* fatal */
-#define AD_PROTOCOL_VERSION		19	/* fatal */
-#define AD_INSUFFICIENT_SECURITY	20	/* fatal */
-#define AD_INTERNAL_ERROR		21	/* fatal */
-#define AD_USER_CANCLED			22
-#define AD_NO_RENEGOTIATION		23
-#endif
-
-typedef struct ssl3_ctx_st
+typedef struct ssl3_state_st
 	{
 	long flags;
 	int delay_buf_pop_ret;
@@ -274,19 +337,29 @@ typedef struct ssl3_ctx_st
 	unsigned char server_random[SSL3_RANDOM_SIZE];
 	unsigned char client_random[SSL3_RANDOM_SIZE];
 
+	/* flags for countermeasure against known-IV weakness */
+	int need_empty_fragments;
+	int empty_fragment_done;
+
 	SSL3_BUFFER rbuf;	/* read IO goes into here */
 	SSL3_BUFFER wbuf;	/* write IO goes into here */
+
 	SSL3_RECORD rrec;	/* each decoded record goes in here */
 	SSL3_RECORD wrec;	/* goes out from here */
-				/* Used by ssl3_read_n to point
-				 * to input data packet */
+
+	/* storage for Alert/Handshake protocol data received but not
+	 * yet processed by ssl3_read_bytes: */
+	unsigned char alert_fragment[2];
+	unsigned int alert_fragment_len;
+	unsigned char handshake_fragment[4];
+	unsigned int handshake_fragment_len;
 
 	/* partial write - check the numbers match */
 	unsigned int wnum;	/* number of bytes sent so far */
 	int wpend_tot;		/* number bytes written */
 	int wpend_type;
 	int wpend_ret;		/* number of bytes submitted */
-	char *wpend_buf;
+	const unsigned char *wpend_buf;
 
 	/* used during startup, digest all incoming/outgoing packets */
 	EVP_MD_CTX finish_dgst1;
@@ -298,10 +371,10 @@ typedef struct ssl3_ctx_st
 
 	int warn_alert;
 	int fatal_alert;
-	/* we alow one fatal and one warning alert to be outstanding,
+	/* we allow one fatal and one warning alert to be outstanding,
 	 * send close alert via the warning alert */
 	int alert_dispatch;
-	char send_alert[2];
+	unsigned char send_alert[2];
 
 	/* This flag is set when we should renegotiate ASAP, basically when
 	 * there is no more data in the read or write buffers */
@@ -312,15 +385,27 @@ typedef struct ssl3_ctx_st
 	int in_read_app_data;
 
 	struct	{
-		/* Actually only needs to be 16+20 for SSLv3 and 12 for TLS */
+		/* actually only needs to be 16+20 */
+		unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
+
+		/* actually only need to be 16+20 for SSLv3 and 12 for TLS */
 		unsigned char finish_md[EVP_MAX_MD_SIZE*2];
+		int finish_md_len;
+		unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
+		int peer_finish_md_len;
 		
 		unsigned long message_size;
 		int message_type;
 
 		/* used to hold the new cipher we are going to use */
 		SSL_CIPHER *new_cipher;
+#ifndef OPENSSL_NO_DH
 		DH *dh;
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+		EC_KEY *ecdh; /* holds short lived ECDH key */
+#endif
 
 		/* used when SSL_ST_FLUSH_DATA is entered */
 		int next_state;			
@@ -331,23 +416,24 @@ typedef struct ssl3_ctx_st
 		int cert_req;
 		int ctype_num;
 		char ctype[SSL3_CT_NUMBER];
-		STACK *ca_names;
+		STACK_OF(X509_NAME) *ca_names;
 
 		int use_rsa_tmp;
 
 		int key_block_length;
 		unsigned char *key_block;
 
-		EVP_CIPHER *new_sym_enc;
-		EVP_MD *new_hash;
-#ifdef HEADER_COMP_H
-		COMP_METHOD *new_compression;
+		const EVP_CIPHER *new_sym_enc;
+		const EVP_MD *new_hash;
+#ifndef OPENSSL_NO_COMP
+		const SSL_COMP *new_compression;
 #else
 		char *new_compression;
 #endif
 		int cert_request;
 		} tmp;
-	} SSL3_CTX;
+
+	} SSL3_STATE;
 
 /* SSLv3 */
 /*client */
@@ -425,7 +511,7 @@ typedef struct ssl3_ctx_st
 #define SSL3_ST_SW_FINISHED_A		(0x1E0|SSL_ST_ACCEPT)
 #define SSL3_ST_SW_FINISHED_B		(0x1E1|SSL_ST_ACCEPT)
 
-#define SSL3_MT_CLIENT_REQUEST			0
+#define SSL3_MT_HELLO_REQUEST			0
 #define SSL3_MT_CLIENT_HELLO			1
 #define SSL3_MT_SERVER_HELLO			2
 #define SSL3_MT_CERTIFICATE			11
diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c
index 92ec322dae..7c8a451fc5 100644
--- a/ssl/ssl_algs.c
+++ b/ssl/ssl_algs.c
@@ -57,46 +57,58 @@
  */
 
 #include <stdio.h>
-#include "objects.h"
-#include "lhash.h"
+#include <openssl/objects.h>
+#include <openssl/lhash.h>
 #include "ssl_locl.h"
 
-void SSLeay_add_ssl_algorithms()
+int SSL_library_init(void)
 	{
-#ifndef NO_DES
+
+#ifndef OPENSSL_NO_DES
 	EVP_add_cipher(EVP_des_cbc());
 	EVP_add_cipher(EVP_des_ede3_cbc());
 #endif
-#ifndef NO_IDEA
+#ifndef OPENSSL_NO_IDEA
 	EVP_add_cipher(EVP_idea_cbc());
 #endif
-#ifndef NO_RC4
-        EVP_add_cipher(EVP_rc4());
-#endif  
-#ifndef NO_RC2
-        EVP_add_cipher(EVP_rc2_cbc());
+#ifndef OPENSSL_NO_RC4
+	EVP_add_cipher(EVP_rc4());
 #endif  
-
-#ifndef NO_MD2
-        EVP_add_digest(EVP_md2());
+#ifndef OPENSSL_NO_RC2
+	EVP_add_cipher(EVP_rc2_cbc());
+#endif
+#ifndef OPENSSL_NO_AES
+	EVP_add_cipher(EVP_aes_128_cbc());
+	EVP_add_cipher(EVP_aes_192_cbc());
+	EVP_add_cipher(EVP_aes_256_cbc());
 #endif
-#ifndef NO_MD5
+#ifndef OPENSSL_NO_MD2
+	EVP_add_digest(EVP_md2());
+#endif
+#ifndef OPENSSL_NO_MD5
 	EVP_add_digest(EVP_md5());
 	EVP_add_digest_alias(SN_md5,"ssl2-md5");
 	EVP_add_digest_alias(SN_md5,"ssl3-md5");
 #endif
-#ifndef NO_SHA1
+#ifndef OPENSSL_NO_SHA
 	EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
 	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
+	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
 #endif
-#if !defined(NO_SHA1) && !defined(NO_DSA)
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA)
 	EVP_add_digest(EVP_dss1()); /* DSA with sha1 */
+	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
+	EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
+	EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
+#endif
+#ifndef OPENSSL_NO_ECDSA
+	EVP_add_digest(EVP_ecdsa());
 #endif
-
 	/* If you want support for phased out ciphers, add the following */
 #if 0
 	EVP_add_digest(EVP_sha());
 	EVP_add_digest(EVP_dss());
 #endif
+	return(1);
 	}
 
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 116a83de64..16bc11b559 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -58,9 +58,11 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "asn1_mac.h"
-#include "objects.h"
 #include "ssl_locl.h"
+#include <openssl/asn1_mac.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include "cryptlib.h"
 
 typedef struct ssl_session_asn1_st
 	{
@@ -69,24 +71,22 @@ typedef struct ssl_session_asn1_st
 	ASN1_OCTET_STRING cipher;
 	ASN1_OCTET_STRING master_key;
 	ASN1_OCTET_STRING session_id;
+	ASN1_OCTET_STRING session_id_context;
 	ASN1_OCTET_STRING key_arg;
+#ifndef OPENSSL_NO_KRB5
+        ASN1_OCTET_STRING krb5_princ;
+#endif /* OPENSSL_NO_KRB5 */
 	ASN1_INTEGER time;
 	ASN1_INTEGER timeout;
+	ASN1_INTEGER verify_result;
 	} SSL_SESSION_ASN1;
 
-/*
- * SSLerr(SSL_F_I2D_SSL_SESSION,SSL_R_CIPHER_CODE_WRONG_LENGTH);
- * SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNSUPPORTED_CIPHER);
- */
-
-int i2d_SSL_SESSION(in,pp)
-SSL_SESSION *in;
-unsigned char **pp;
+int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
 	{
 #define LSIZE2 (sizeof(long)*2)
-	int v1=0,v2=0,v3=0;
+	int v1=0,v2=0,v3=0,v4=0,v5=0;
 	unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2];
-	unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2];
+	unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2];
 	long l;
 	SSL_SESSION_ASN1 a;
 	M_ASN1_I2D_vars(in);
@@ -95,8 +95,8 @@ unsigned char **pp;
 		return(0);
 
 	/* Note that I cheat in the following 2 assignments.  I know
-	 * that if the ASN1_INTERGER passed to ASN1_INTEGER_set
-	 * is > sizeof(long)+1, the buffer will not be re-Malloc()ed.
+	 * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
+	 * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed.
 	 * This is a bit evil but makes things simple, no dynamic allocation
 	 * to clean up :-) */
 	a.version.length=LSIZE2;
@@ -138,10 +138,23 @@ unsigned char **pp;
 	a.session_id.type=V_ASN1_OCTET_STRING;
 	a.session_id.data=in->session_id;
 
+	a.session_id_context.length=in->sid_ctx_length;
+	a.session_id_context.type=V_ASN1_OCTET_STRING;
+	a.session_id_context.data=in->sid_ctx;
+
 	a.key_arg.length=in->key_arg_length;
 	a.key_arg.type=V_ASN1_OCTET_STRING;
 	a.key_arg.data=in->key_arg;
 
+#ifndef OPENSSL_NO_KRB5
+	if (in->krb5_client_princ_len)
+		{
+		a.krb5_princ.length=in->krb5_client_princ_len;
+		a.krb5_princ.type=V_ASN1_OCTET_STRING;
+		a.krb5_princ.data=in->krb5_client_princ;
+		}
+#endif /* OPENSSL_NO_KRB5 */
+ 
 	if (in->time != 0L)
 		{
 		a.time.length=LSIZE2;
@@ -158,11 +171,24 @@ unsigned char **pp;
 		ASN1_INTEGER_set(&(a.timeout),in->timeout);
 		}
 
+	if (in->verify_result != X509_V_OK)
+		{
+		a.verify_result.length=LSIZE2;
+		a.verify_result.type=V_ASN1_INTEGER;
+		a.verify_result.data=ibuf5;
+		ASN1_INTEGER_set(&a.verify_result,in->verify_result);
+		}
+
+
 	M_ASN1_I2D_len(&(a.version),		i2d_ASN1_INTEGER);
 	M_ASN1_I2D_len(&(a.ssl_version),	i2d_ASN1_INTEGER);
 	M_ASN1_I2D_len(&(a.cipher),		i2d_ASN1_OCTET_STRING);
 	M_ASN1_I2D_len(&(a.session_id),		i2d_ASN1_OCTET_STRING);
 	M_ASN1_I2D_len(&(a.master_key),		i2d_ASN1_OCTET_STRING);
+#ifndef OPENSSL_NO_KRB5
+	if (in->krb5_client_princ_len)
+        	M_ASN1_I2D_len(&(a.krb5_princ),	i2d_ASN1_OCTET_STRING);
+#endif /* OPENSSL_NO_KRB5 */
 	if (in->key_arg_length > 0)
 		M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING);
 	if (in->time != 0L)
@@ -171,6 +197,9 @@ unsigned char **pp;
 		M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
 	if (in->peer != NULL)
 		M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3);
+	M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4);
+	if (in->verify_result != X509_V_OK)
+		M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5);
 
 	M_ASN1_I2D_seq_total();
 
@@ -179,6 +208,10 @@ unsigned char **pp;
 	M_ASN1_I2D_put(&(a.cipher),		i2d_ASN1_OCTET_STRING);
 	M_ASN1_I2D_put(&(a.session_id),		i2d_ASN1_OCTET_STRING);
 	M_ASN1_I2D_put(&(a.master_key),		i2d_ASN1_OCTET_STRING);
+#ifndef OPENSSL_NO_KRB5
+	if (in->krb5_client_princ_len)
+        	M_ASN1_I2D_put(&(a.krb5_princ),	i2d_ASN1_OCTET_STRING);
+#endif /* OPENSSL_NO_KRB5 */
 	if (in->key_arg_length > 0)
 		M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0);
 	if (in->time != 0L)
@@ -187,14 +220,15 @@ unsigned char **pp;
 		M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2);
 	if (in->peer != NULL)
 		M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3);
-
+	M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,
+			       v4);
+	if (in->verify_result != X509_V_OK)
+		M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5);
 	M_ASN1_I2D_finish();
 	}
 
-SSL_SESSION *d2i_SSL_SESSION(a,pp,length)
-SSL_SESSION **a;
-unsigned char **pp;
-long length;
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp,
+	     long length)
 	{
 	int version,ssl_version=0,i;
 	long id;
@@ -211,13 +245,13 @@ long length;
 	ai.data=NULL; ai.length=0;
 	M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
 	version=(int)ASN1_INTEGER_get(aip);
-	if (ai.data != NULL) { Free(ai.data); ai.data=NULL; ai.length=0; }
+	if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
 
 	/* we don't care about the version right now :-) */
 	M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER);
 	ssl_version=(int)ASN1_INTEGER_get(aip);
 	ret->ssl_version=ssl_version;
-	if (ai.data != NULL) { Free(ai.data); ai.data=NULL; ai.length=0; }
+	if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; }
 
 	os.data=NULL; os.length=0;
 	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
@@ -260,9 +294,12 @@ long length;
 		i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
 
 	if (os.length > i)
-		os.length=i;
+		os.length = i;
+	if (os.length > sizeof ret->session_id) /* can't happen */
+		os.length = sizeof ret->session_id;
 
 	ret->session_id_length=os.length;
+	OPENSSL_assert(os.length <= sizeof ret->session_id);
 	memcpy(ret->session_id,os.data,os.length);
 
 	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
@@ -273,20 +310,39 @@ long length;
 	memcpy(ret->master_key,os.data,ret->master_key_length);
 
 	os.length=0;
+
+#ifndef OPENSSL_NO_KRB5
+	os.length=0;
+	M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING);
+	if (os.data)
+		{
+        	if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH)
+            		ret->krb5_client_princ_len=0;
+		else
+			ret->krb5_client_princ_len=os.length;
+		memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len);
+		OPENSSL_free(os.data);
+		os.data = NULL;
+		os.length = 0;
+		}
+	else
+		ret->krb5_client_princ_len=0;
+#endif /* OPENSSL_NO_KRB5 */
+
 	M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING);
 	if (os.length > SSL_MAX_KEY_ARG_LENGTH)
 		ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH;
 	else
 		ret->key_arg_length=os.length;
 	memcpy(ret->key_arg,os.data,ret->key_arg_length);
-	if (os.data != NULL) Free(os.data);
+	if (os.data != NULL) OPENSSL_free(os.data);
 
 	ai.length=0;
 	M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1);
 	if (ai.data != NULL)
 		{
 		ret->time=ASN1_INTEGER_get(aip);
-		Free(ai.data); ai.data=NULL; ai.length=0;
+		OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
 		}
 	else
 		ret->time=time(NULL);
@@ -296,7 +352,7 @@ long length;
 	if (ai.data != NULL)
 		{
 		ret->timeout=ASN1_INTEGER_get(aip);
-		Free(ai.data); ai.data=NULL; ai.length=0;
+		OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
 		}
 	else
 		ret->timeout=3;
@@ -308,6 +364,36 @@ long length;
 		}
 	M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3);
 
+	os.length=0;
+	os.data=NULL;
+	M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4);
+
+	if(os.data != NULL)
+	    {
+	    if (os.length > SSL_MAX_SID_CTX_LENGTH)
+		{
+		ret->sid_ctx_length=os.length;
+		SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH);
+		}
+	    else
+		{
+		ret->sid_ctx_length=os.length;
+		memcpy(ret->sid_ctx,os.data,os.length);
+		}
+	    OPENSSL_free(os.data); os.data=NULL; os.length=0;
+	    }
+	else
+	    ret->sid_ctx_length=0;
+
+	ai.length=0;
+	M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5);
+	if (ai.data != NULL)
+		{
+		ret->verify_result=ASN1_INTEGER_get(aip);
+		OPENSSL_free(ai.data); ai.data=NULL; ai.length=0;
+		}
+	else
+		ret->verify_result=X509_V_OK;
+
 	M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
 	}
-
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 783c079e17..b0e20ed941 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* ssl/ssl_cert.c */
+/*! \file ssl/ssl_cert.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -55,44 +55,118 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
 #include <stdio.h>
-#include "objects.h"
-#include "bio.h"
-#include "pem.h"
+
+#include "e_os.h"
+#ifndef NO_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#if !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS) && !defined(NeXT) && !defined(MAC_OS_pre_X)
+#include <dirent.h>
+#endif
+
+#if defined(WIN32)
+#include <windows.h>
+#endif
+
+#ifdef NeXT
+#include <sys/dir.h>
+#define dirent direct
+#endif
+
+#include <openssl/objects.h>
+#include <openssl/bio.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
 #include "ssl_locl.h"
 
-int SSL_get_ex_data_X509_STORE_CTX_idx()
+int SSL_get_ex_data_X509_STORE_CTX_idx(void)
 	{
-	static int ssl_x509_store_ctx_idx= -1;
+	static volatile int ssl_x509_store_ctx_idx= -1;
 
 	if (ssl_x509_store_ctx_idx < 0)
 		{
-		ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
-			0,"SSL for verifiy callback",NULL,NULL,NULL);
+		/* any write lock will do; usually this branch
+		 * will only be taken once anyway */
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+		
+		if (ssl_x509_store_ctx_idx < 0)
+			{
+			ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index(
+				0,"SSL for verify callback",NULL,NULL,NULL);
+			}
+		
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
 		}
-	return(ssl_x509_store_ctx_idx);
+	return ssl_x509_store_ctx_idx;
 	}
 
-CERT *ssl_cert_new()
+CERT *ssl_cert_new(void)
 	{
 	CERT *ret;
 
-	ret=(CERT *)Malloc(sizeof(CERT));
+	ret=(CERT *)OPENSSL_malloc(sizeof(CERT));
 	if (ret == NULL)
 		{
 		SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE);
 		return(NULL);
 		}
 	memset(ret,0,sizeof(CERT));
-/*
-	ret->valid=0;
-	ret->mask=0;
-	ret->export_mask=0;
-	ret->cert_type=0;
-	ret->key->x509=NULL;
-	ret->key->publickey=NULL;
-	ret->key->privatekey=NULL; */
 
 	ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
 	ret->references=1;
@@ -100,11 +174,168 @@ CERT *ssl_cert_new()
 	return(ret);
 	}
 
-void ssl_cert_free(c)
-CERT *c;
+CERT *ssl_cert_dup(CERT *cert)
+	{
+	CERT *ret;
+	int i;
+
+	ret = (CERT *)OPENSSL_malloc(sizeof(CERT));
+	if (ret == NULL)
+		{
+		SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
+		return(NULL);
+		}
+
+	memset(ret, 0, sizeof(CERT));
+
+	ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
+	/* or ret->key = ret->pkeys + (cert->key - cert->pkeys),
+	 * if you find that more readable */
+
+	ret->valid = cert->valid;
+	ret->mask = cert->mask;
+	ret->export_mask = cert->export_mask;
+
+#ifndef OPENSSL_NO_RSA
+	if (cert->rsa_tmp != NULL)
+		{
+		RSA_up_ref(cert->rsa_tmp);
+		ret->rsa_tmp = cert->rsa_tmp;
+		}
+	ret->rsa_tmp_cb = cert->rsa_tmp_cb;
+#endif
+
+#ifndef OPENSSL_NO_DH
+	if (cert->dh_tmp != NULL)
+		{
+		/* DH parameters don't have a reference count */
+		ret->dh_tmp = DHparams_dup(cert->dh_tmp);
+		if (ret->dh_tmp == NULL)
+			{
+			SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB);
+			goto err;
+			}
+		if (cert->dh_tmp->priv_key)
+			{
+			BIGNUM *b = BN_dup(cert->dh_tmp->priv_key);
+			if (!b)
+				{
+				SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
+				goto err;
+				}
+			ret->dh_tmp->priv_key = b;
+			}
+		if (cert->dh_tmp->pub_key)
+			{
+			BIGNUM *b = BN_dup(cert->dh_tmp->pub_key);
+			if (!b)
+				{
+				SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB);
+				goto err;
+				}
+			ret->dh_tmp->pub_key = b;
+			}
+		}
+	ret->dh_tmp_cb = cert->dh_tmp_cb;
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+	if (cert->ecdh_tmp)
+		{
+		EC_KEY_up_ref(cert->ecdh_tmp);
+		ret->ecdh_tmp = cert->ecdh_tmp;
+		}
+	ret->ecdh_tmp_cb = cert->ecdh_tmp_cb;
+#endif
+
+	for (i = 0; i < SSL_PKEY_NUM; i++)
+		{
+		if (cert->pkeys[i].x509 != NULL)
+			{
+			ret->pkeys[i].x509 = cert->pkeys[i].x509;
+			CRYPTO_add(&ret->pkeys[i].x509->references, 1,
+				CRYPTO_LOCK_X509);
+			}
+		
+		if (cert->pkeys[i].privatekey != NULL)
+			{
+			ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
+			CRYPTO_add(&ret->pkeys[i].privatekey->references, 1,
+				CRYPTO_LOCK_EVP_PKEY);
+
+			switch(i) 
+				{
+				/* If there was anything special to do for
+				 * certain types of keys, we'd do it here.
+				 * (Nothing at the moment, I think.) */
+
+			case SSL_PKEY_RSA_ENC:
+			case SSL_PKEY_RSA_SIGN:
+				/* We have an RSA key. */
+				break;
+				
+			case SSL_PKEY_DSA_SIGN:
+				/* We have a DSA key. */
+				break;
+				
+			case SSL_PKEY_DH_RSA:
+			case SSL_PKEY_DH_DSA:
+				/* We have a DH key. */
+				break;
+
+			case SSL_PKEY_ECC:
+				/* We have an ECC key */
+				break;
+
+			default:
+				/* Can't happen. */
+				SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG);
+				}
+			}
+		}
+	
+	/* ret->extra_certs *should* exist, but currently the own certificate
+	 * chain is held inside SSL_CTX */
+
+	ret->references=1;
+
+	return(ret);
+	
+#ifndef OPENSSL_NO_DH /* avoid 'unreferenced label' warning if OPENSSL_NO_DH is defined */
+err:
+#endif
+#ifndef OPENSSL_NO_RSA
+	if (ret->rsa_tmp != NULL)
+		RSA_free(ret->rsa_tmp);
+#endif
+#ifndef OPENSSL_NO_DH
+	if (ret->dh_tmp != NULL)
+		DH_free(ret->dh_tmp);
+#endif
+#ifndef OPENSSL_NO_ECDH
+	if (ret->ecdh_tmp != NULL)
+		EC_KEY_free(ret->ecdh_tmp);
+#endif
+
+	for (i = 0; i < SSL_PKEY_NUM; i++)
+		{
+		if (ret->pkeys[i].x509 != NULL)
+			X509_free(ret->pkeys[i].x509);
+		if (ret->pkeys[i].privatekey != NULL)
+			EVP_PKEY_free(ret->pkeys[i].privatekey);
+		}
+
+	return NULL;
+	}
+
+
+void ssl_cert_free(CERT *c)
 	{
 	int i;
 
+	if(c == NULL)
+	    return;
+
 	i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT);
 #ifdef REF_PRINT
 	REF_PRINT("CERT",c);
@@ -118,12 +349,15 @@ CERT *c;
 		}
 #endif
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	if (c->rsa_tmp) RSA_free(c->rsa_tmp);
 #endif
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	if (c->dh_tmp) DH_free(c->dh_tmp);
 #endif
+#ifndef OPENSSL_NO_ECDH
+	if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp);
+#endif
 
 	for (i=0; i<SSL_PKEY_NUM; i++)
 		{
@@ -136,40 +370,156 @@ CERT *c;
 			EVP_PKEY_free(c->pkeys[i].publickey);
 #endif
 		}
-	if (c->cert_chain != NULL)
-		sk_pop_free(c->cert_chain,X509_free);
-	Free(c);
+	OPENSSL_free(c);
+	}
+
+int ssl_cert_inst(CERT **o)
+	{
+	/* Create a CERT if there isn't already one
+	 * (which cannot really happen, as it is initially created in
+	 * SSL_CTX_new; but the earlier code usually allows for that one
+	 * being non-existant, so we follow that behaviour, as it might
+	 * turn out that there actually is a reason for it -- but I'm
+	 * not sure that *all* of the existing code could cope with
+	 * s->cert being NULL, otherwise we could do without the
+	 * initialization in SSL_CTX_new).
+	 */
+	
+	if (o == NULL) 
+		{
+		SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER);
+		return(0);
+		}
+	if (*o == NULL)
+		{
+		if ((*o = ssl_cert_new()) == NULL)
+			{
+			SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE);
+			return(0);
+			}
+		}
+	return(1);
+	}
+
+
+SESS_CERT *ssl_sess_cert_new(void)
+	{
+	SESS_CERT *ret;
+
+	ret = OPENSSL_malloc(sizeof *ret);
+	if (ret == NULL)
+		{
+		SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
+		return NULL;
+		}
+
+	memset(ret, 0 ,sizeof *ret);
+	ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
+	ret->references = 1;
+
+	return ret;
+	}
+
+void ssl_sess_cert_free(SESS_CERT *sc)
+	{
+	int i;
+
+	if (sc == NULL)
+		return;
+
+	i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT);
+#ifdef REF_PRINT
+	REF_PRINT("SESS_CERT", sc);
+#endif
+	if (i > 0)
+		return;
+#ifdef REF_CHECK
+	if (i < 0)
+		{
+		fprintf(stderr,"ssl_sess_cert_free, bad reference count\n");
+		abort(); /* ok */
+		}
+#endif
+
+	/* i == 0 */
+	if (sc->cert_chain != NULL)
+		sk_X509_pop_free(sc->cert_chain, X509_free);
+	for (i = 0; i < SSL_PKEY_NUM; i++)
+		{
+		if (sc->peer_pkeys[i].x509 != NULL)
+			X509_free(sc->peer_pkeys[i].x509);
+#if 0 /* We don't have the peer's private key.  These lines are just
+	   * here as a reminder that we're still using a not-quite-appropriate
+	   * data structure. */
+		if (sc->peer_pkeys[i].privatekey != NULL)
+			EVP_PKEY_free(sc->peer_pkeys[i].privatekey);
+#endif
+		}
+
+#ifndef OPENSSL_NO_RSA
+	if (sc->peer_rsa_tmp != NULL)
+		RSA_free(sc->peer_rsa_tmp);
+#endif
+#ifndef OPENSSL_NO_DH
+	if (sc->peer_dh_tmp != NULL)
+		DH_free(sc->peer_dh_tmp);
+#endif
+#ifndef OPENSSL_NO_ECDH
+	if (sc->peer_ecdh_tmp != NULL)
+		EC_KEY_free(sc->peer_ecdh_tmp);
+#endif
+
+	OPENSSL_free(sc);
 	}
 
-int ssl_set_cert_type(c, type)
-CERT *c;
-int type;
+int ssl_set_peer_cert_type(SESS_CERT *sc,int type)
 	{
-	c->cert_type=type;
+	sc->peer_cert_type = type;
 	return(1);
 	}
 
-int ssl_verify_cert_chain(s,sk)
-SSL *s;
-STACK *sk;
+int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk)
 	{
 	X509 *x;
 	int i;
 	X509_STORE_CTX ctx;
 
-	if ((sk == NULL) || (sk_num(sk) == 0))
+	if ((sk == NULL) || (sk_X509_num(sk) == 0))
 		return(0);
 
-	x=(X509 *)sk_value(sk,0);
-	X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk);
-	X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),
-		(char *)s);
+	x=sk_X509_value(sk,0);
+	if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk))
+		{
+		SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB);
+		return(0);
+		}
+	if (SSL_get_verify_depth(s) >= 0)
+		X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s));
+	X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s);
+
+	/* We need to set the verify purpose. The purpose can be determined by
+	 * the context: if its a server it will verify SSL client certificates
+	 * or vice versa.
+	 */
+	if (s->server)
+		i = X509_PURPOSE_SSL_CLIENT;
+	else
+		i = X509_PURPOSE_SSL_SERVER;
+
+	X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust);
+
+	if (s->verify_callback)
+		X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
 
 	if (s->ctx->app_verify_callback != NULL)
-		i=s->ctx->app_verify_callback(&ctx);
+#if 1 /* new with OpenSSL 0.9.7 */
+		i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); 
+#else
+		i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
+#endif
 	else
 		{
-#ifndef NO_X509_VERIFY
+#ifndef OPENSSL_NO_X509_VERIFY
 		i=X509_verify_cert(&ctx);
 #else
 		i=0;
@@ -184,58 +534,49 @@ STACK *sk;
 	return(i);
 	}
 
-static void set_client_CA_list(ca_list,list)
-STACK **ca_list;
-STACK *list;
+static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list)
 	{
 	if (*ca_list != NULL)
-		sk_pop_free(*ca_list,X509_NAME_free);
+		sk_X509_NAME_pop_free(*ca_list,X509_NAME_free);
 
 	*ca_list=list;
 	}
 
-STACK *SSL_dup_CA_list(sk)
-STACK *sk;
+STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk)
 	{
 	int i;
-	STACK *ret;
+	STACK_OF(X509_NAME) *ret;
 	X509_NAME *name;
 
-	ret=sk_new_null();
-	for (i=0; i<sk_num(sk); i++)
+	ret=sk_X509_NAME_new_null();
+	for (i=0; i<sk_X509_NAME_num(sk); i++)
 		{
-		name=X509_NAME_dup((X509_NAME *)sk_value(sk,i));
-		if ((name == NULL) || !sk_push(ret,(char *)name))
+		name=X509_NAME_dup(sk_X509_NAME_value(sk,i));
+		if ((name == NULL) || !sk_X509_NAME_push(ret,name))
 			{
-			sk_pop_free(ret,X509_NAME_free);
+			sk_X509_NAME_pop_free(ret,X509_NAME_free);
 			return(NULL);
 			}
 		}
 	return(ret);
 	}
 
-void SSL_set_client_CA_list(s,list)
-SSL *s;
-STACK *list;
+void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list)
 	{
 	set_client_CA_list(&(s->client_CA),list);
 	}
 
-void SSL_CTX_set_client_CA_list(ctx,list)
-SSL_CTX *ctx;
-STACK *list;
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list)
 	{
 	set_client_CA_list(&(ctx->client_CA),list);
 	}
 
-STACK *SSL_CTX_get_client_CA_list(ctx)
-SSL_CTX *ctx;
+STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx)
 	{
 	return(ctx->client_CA);
 	}
 
-STACK *SSL_get_client_CA_list(s)
-SSL *s;
+STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s)
 	{
 	if (s->type == SSL_ST_CONNECT)
 		{ /* we are in the client */
@@ -254,20 +595,18 @@ SSL *s;
 		}
 	}
 
-static int add_client_CA(sk,x)
-STACK **sk;
-X509 *x;
+static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x)
 	{
 	X509_NAME *name;
 
 	if (x == NULL) return(0);
-	if ((*sk == NULL) && ((*sk=sk_new_null()) == NULL))
+	if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL))
 		return(0);
 		
 	if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL)
 		return(0);
 
-	if (!sk_push(*sk,(char *)name))
+	if (!sk_X509_NAME_push(*sk,name))
 		{
 		X509_NAME_free(name);
 		return(0);
@@ -275,37 +614,39 @@ X509 *x;
 	return(1);
 	}
 
-int SSL_add_client_CA(ssl,x)
-SSL *ssl;
-X509 *x;
+int SSL_add_client_CA(SSL *ssl,X509 *x)
 	{
 	return(add_client_CA(&(ssl->client_CA),x));
 	}
 
-int SSL_CTX_add_client_CA(ctx,x)
-SSL_CTX *ctx;
-X509 *x;
+int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x)
 	{
 	return(add_client_CA(&(ctx->client_CA),x));
 	}
 
-static int name_cmp(a,b)
-X509_NAME **a,**b;
+static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
 	{
 	return(X509_NAME_cmp(*a,*b));
 	}
 
-#ifndef NO_STDIO
-STACK *SSL_load_client_CA_file(file)
-char *file;
+#ifndef OPENSSL_NO_STDIO
+/*!
+ * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
+ * it doesn't really have anything to do with clients (except that a common use
+ * for a stack of CAs is to send it to the client). Actually, it doesn't have
+ * much to do with CAs, either, since it will load any old cert.
+ * \param file the file containing one or more certs.
+ * \return a ::STACK containing the certs.
+ */
+STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
 	{
 	BIO *in;
 	X509 *x=NULL;
 	X509_NAME *xn=NULL;
-	STACK *ret,*sk;
+	STACK_OF(X509_NAME) *ret,*sk;
 
-	ret=sk_new(NULL);
-	sk=sk_new(name_cmp);
+	ret=sk_X509_NAME_new_null();
+	sk=sk_X509_NAME_new(xname_cmp);
 
 	in=BIO_new(BIO_s_file_internal());
 
@@ -320,31 +661,229 @@ char *file;
 
 	for (;;)
 		{
-		if (PEM_read_bio_X509(in,&x,NULL) == NULL)
+		if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
 			break;
 		if ((xn=X509_get_subject_name(x)) == NULL) goto err;
 		/* check for duplicates */
 		xn=X509_NAME_dup(xn);
 		if (xn == NULL) goto err;
-		if (sk_find(sk,(char *)xn) >= 0)
+		if (sk_X509_NAME_find(sk,xn) >= 0)
 			X509_NAME_free(xn);
 		else
 			{
-			sk_push(sk,(char *)xn);
-			sk_push(ret,(char *)xn);
+			sk_X509_NAME_push(sk,xn);
+			sk_X509_NAME_push(ret,xn);
 			}
 		}
 
 	if (0)
 		{
 err:
-		if (ret != NULL) sk_pop_free(ret,X509_NAME_free);
+		if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free);
 		ret=NULL;
 		}
-	if (sk != NULL) sk_free(sk);
+	if (sk != NULL) sk_X509_NAME_free(sk);
 	if (in != NULL) BIO_free(in);
 	if (x != NULL) X509_free(x);
 	return(ret);
 	}
 #endif
 
+/*!
+ * Add a file of certs to a stack.
+ * \param stack the stack to add to.
+ * \param file the file to add from. All certs in this file that are not
+ * already in the stack will be added.
+ * \return 1 for success, 0 for failure. Note that in the case of failure some
+ * certs may have been added to \c stack.
+ */
+
+int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+					const char *file)
+	{
+	BIO *in;
+	X509 *x=NULL;
+	X509_NAME *xn=NULL;
+	int ret=1;
+	int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b);
+	
+	oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp);
+	
+	in=BIO_new(BIO_s_file_internal());
+	
+	if (in == NULL)
+		{
+		SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE);
+		goto err;
+		}
+	
+	if (!BIO_read_filename(in,file))
+		goto err;
+	
+	for (;;)
+		{
+		if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL)
+			break;
+		if ((xn=X509_get_subject_name(x)) == NULL) goto err;
+		xn=X509_NAME_dup(xn);
+		if (xn == NULL) goto err;
+		if (sk_X509_NAME_find(stack,xn) >= 0)
+			X509_NAME_free(xn);
+		else
+			sk_X509_NAME_push(stack,xn);
+		}
+
+	if (0)
+		{
+err:
+		ret=0;
+		}
+	if(in != NULL)
+		BIO_free(in);
+	if(x != NULL)
+		X509_free(x);
+	
+	sk_X509_NAME_set_cmp_func(stack,oldcmp);
+
+	return ret;
+	}
+
+/*!
+ * Add a directory of certs to a stack.
+ * \param stack the stack to append to.
+ * \param dir the directory to append from. All files in this directory will be
+ * examined as potential certs. Any that are acceptable to
+ * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be
+ * included.
+ * \return 1 for success, 0 for failure. Note that in the case of failure some
+ * certs may have been added to \c stack.
+ */
+
+#ifndef OPENSSL_SYS_WIN32
+#ifndef OPENSSL_SYS_VMS		/* XXXX This may be fixed in the future */
+#ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! */
+
+int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+				       const char *dir)
+	{
+	DIR *d;
+	struct dirent *dstruct;
+	int ret = 0;
+
+	CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
+	d = opendir(dir);
+
+	/* Note that a side effect is that the CAs will be sorted by name */
+	if(!d)
+		{
+		SYSerr(SYS_F_OPENDIR, get_last_sys_error());
+		ERR_add_error_data(3, "opendir('", dir, "')");
+		SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
+		goto err;
+		}
+	
+	while((dstruct=readdir(d)))
+		{
+		char buf[1024];
+		int r;
+		
+		if(strlen(dir)+strlen(dstruct->d_name)+2 > sizeof buf)
+			{
+			SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
+			goto err;
+			}
+		
+		r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,dstruct->d_name);
+		if (r <= 0 || r >= sizeof buf)
+			goto err;
+		if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
+			goto err;
+		}
+	ret = 1;
+
+err:	
+	if (d) closedir(d);
+	CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
+	return ret;
+	}
+
+#endif
+#endif
+
+#else
+
+int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+				       const char *dir)
+	{
+	WIN32_FIND_DATA FindFileData;
+	HANDLE hFind;
+	int ret = 0;
+#ifdef OPENSSL_SYS_WINCE
+	WCHAR* wdir = NULL;
+#endif
+
+	CRYPTO_w_lock(CRYPTO_LOCK_READDIR);
+	
+#ifdef OPENSSL_SYS_WINCE
+	/* convert strings to UNICODE */
+	{
+		BOOL result = FALSE;
+		int i;
+		wdir = malloc((strlen(dir)+1)*2);
+		if (wdir == NULL)
+			goto err_noclose;
+		for (i=0; i<(int)strlen(dir)+1; i++)
+			wdir[i] = (short)dir[i];
+	}
+#endif
+
+#ifdef OPENSSL_SYS_WINCE
+	hFind = FindFirstFile(wdir, &FindFileData);
+#else
+	hFind = FindFirstFile(dir, &FindFileData);
+#endif
+	/* Note that a side effect is that the CAs will be sorted by name */
+	if(hFind == INVALID_HANDLE_VALUE)
+		{
+		SYSerr(SYS_F_OPENDIR, get_last_sys_error());
+		ERR_add_error_data(3, "opendir('", dir, "')");
+		SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
+		goto err_noclose;
+		}
+	
+	do 
+		{
+		char buf[1024];
+		int r;
+		
+#ifdef OPENSSL_SYS_WINCE
+		if(strlen(dir)+_tcslen(FindFileData.cFileName)+2 > sizeof buf)
+#else
+		if(strlen(dir)+strlen(FindFileData.cFileName)+2 > sizeof buf)
+#endif
+			{
+			SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG);
+			goto err;
+			}
+		
+		r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,FindFileData.cFileName);
+		if (r <= 0 || r >= sizeof buf)
+			goto err;
+		if(!SSL_add_file_cert_subjects_to_stack(stack,buf))
+			goto err;
+		}
+	while (FindNextFile(hFind, &FindFileData) != FALSE);
+	ret = 1;
+
+err:
+	FindClose(hFind);
+err_noclose:
+#ifdef OPENSSL_SYS_WINCE
+	if (wdir != NULL)
+		free(wdir);
+#endif
+	CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
+	return ret;
+	}
+
+#endif
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 87e384f8f7..0660275422 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -55,9 +55,14 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
-
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 #include <stdio.h>
-#include "objects.h"
+#include <openssl/objects.h>
+#include <openssl/comp.h>
 #include "ssl_locl.h"
 
 #define SSL_ENC_DES_IDX		0
@@ -67,37 +72,28 @@
 #define SSL_ENC_IDEA_IDX	4
 #define SSL_ENC_eFZA_IDX	5
 #define SSL_ENC_NULL_IDX	6
-#define SSL_ENC_NUM_IDX		7
+#define SSL_ENC_AES128_IDX	7
+#define SSL_ENC_AES256_IDX	8
+#define SSL_ENC_NUM_IDX		9
 
-static EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
+static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
 	NULL,NULL,NULL,NULL,NULL,NULL,
 	};
 
+static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
+
 #define SSL_MD_MD5_IDX	0
 #define SSL_MD_SHA1_IDX	1
 #define SSL_MD_NUM_IDX	2
-static EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
+static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
 	NULL,NULL,
 	};
 
-typedef struct cipher_sort_st
-	{
-	SSL_CIPHER *cipher;
-	int pref;
-	} CIPHER_SORT;
-
 #define CIPHER_ADD	1
 #define CIPHER_KILL	2
 #define CIPHER_DEL	3
 #define CIPHER_ORD	4
-
-typedef struct cipher_choice_st
-	{
-	int type;
-	unsigned long algorithms;
-	unsigned long mask;
-	long top;
-	} CIPHER_CHOICE;
+#define CIPHER_SPECIAL	5
 
 typedef struct cipher_order_st
 	{
@@ -107,60 +103,65 @@ typedef struct cipher_order_st
 	struct cipher_order_st *next,*prev;
 	} CIPHER_ORDER;
 
-static SSL_CIPHER cipher_aliases[]={
-	{0,SSL_TXT_ALL, 0,SSL_ALL,   0,SSL_ALL},	/* must be first */
-	{0,SSL_TXT_kRSA,0,SSL_kRSA,  0,SSL_MKEY_MASK},
-	{0,SSL_TXT_kDHr,0,SSL_kDHr,  0,SSL_MKEY_MASK},
-	{0,SSL_TXT_kDHd,0,SSL_kDHd,  0,SSL_MKEY_MASK},
-	{0,SSL_TXT_kEDH,0,SSL_kEDH,  0,SSL_MKEY_MASK},
-	{0,SSL_TXT_kFZA,0,SSL_kFZA,  0,SSL_MKEY_MASK},
-	{0,SSL_TXT_DH,	0,SSL_DH,    0,SSL_MKEY_MASK},
-	{0,SSL_TXT_EDH,	0,SSL_EDH,   0,SSL_MKEY_MASK|SSL_AUTH_MASK},
-
-	{0,SSL_TXT_aRSA,0,SSL_aRSA,  0,SSL_AUTH_MASK},
-	{0,SSL_TXT_aDSS,0,SSL_aDSS,  0,SSL_AUTH_MASK},
-	{0,SSL_TXT_aFZA,0,SSL_aFZA,  0,SSL_AUTH_MASK},
-	{0,SSL_TXT_aNULL,0,SSL_aNULL,0,SSL_AUTH_MASK},
-	{0,SSL_TXT_aDH, 0,SSL_aDH,   0,SSL_AUTH_MASK},
-	{0,SSL_TXT_DSS,	0,SSL_DSS,   0,SSL_AUTH_MASK},
-
-	{0,SSL_TXT_DES,	0,SSL_DES,   0,SSL_ENC_MASK},
-	{0,SSL_TXT_3DES,0,SSL_3DES,  0,SSL_ENC_MASK},
-	{0,SSL_TXT_RC4,	0,SSL_RC4,   0,SSL_ENC_MASK},
-	{0,SSL_TXT_RC2,	0,SSL_RC2,   0,SSL_ENC_MASK},
-	{0,SSL_TXT_IDEA,0,SSL_IDEA,  0,SSL_ENC_MASK},
-	{0,SSL_TXT_eNULL,0,SSL_eNULL,0,SSL_ENC_MASK},
-	{0,SSL_TXT_eFZA,0,SSL_eFZA,  0,SSL_ENC_MASK},
-
-	{0,SSL_TXT_MD5,	0,SSL_MD5,   0,SSL_MAC_MASK},
-	{0,SSL_TXT_SHA1,0,SSL_SHA1,  0,SSL_MAC_MASK},
-	{0,SSL_TXT_SHA,	0,SSL_SHA,   0,SSL_MAC_MASK},
-
-	{0,SSL_TXT_NULL,0,SSL_NULL,  0,SSL_ENC_MASK},
-	{0,SSL_TXT_RSA,	0,SSL_RSA,   0,SSL_AUTH_MASK|SSL_MKEY_MASK},
-	{0,SSL_TXT_ADH,	0,SSL_ADH,   0,SSL_AUTH_MASK|SSL_MKEY_MASK},
-	{0,SSL_TXT_FZA,	0,SSL_FZA,   0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK},
-
-	{0,SSL_TXT_EXP,	0,SSL_EXP,   0,SSL_EXP_MASK},
-	{0,SSL_TXT_EXPORT,0,SSL_EXPORT,0,SSL_EXP_MASK},
-	{0,SSL_TXT_SSLV2,0,SSL_SSLV2,0,SSL_SSL_MASK},
-	{0,SSL_TXT_SSLV3,0,SSL_SSLV3,0,SSL_SSL_MASK},
-	{0,SSL_TXT_TLSV1,0,SSL_SSLV3,0,SSL_SSL_MASK},
-	{0,SSL_TXT_LOW,  0,SSL_LOW,0,SSL_STRONG_MASK},
-	{0,SSL_TXT_MEDIUM,0,SSL_MEDIUM,0,SSL_STRONG_MASK},
-	{0,SSL_TXT_HIGH, 0,SSL_HIGH,0,SSL_STRONG_MASK},
+static const SSL_CIPHER cipher_aliases[]={
+	/* Don't include eNULL unless specifically enabled. */
+	/* Don't include ECC in ALL because these ciphers are not yet official. */
+	{0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */
+	/* TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC cipher suites handled properly. */
+	{0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},  /* COMPLEMENT OF ALL */
+	{0,SSL_TXT_CMPDEF,0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK,0},
+	{0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0},  /* VRS Kerberos5 */
+	{0,SSL_TXT_kRSA,0,SSL_kRSA,  0,0,0,0,SSL_MKEY_MASK,0},
+	{0,SSL_TXT_kDHr,0,SSL_kDHr,  0,0,0,0,SSL_MKEY_MASK,0},
+	{0,SSL_TXT_kDHd,0,SSL_kDHd,  0,0,0,0,SSL_MKEY_MASK,0},
+	{0,SSL_TXT_kEDH,0,SSL_kEDH,  0,0,0,0,SSL_MKEY_MASK,0},
+	{0,SSL_TXT_kFZA,0,SSL_kFZA,  0,0,0,0,SSL_MKEY_MASK,0},
+	{0,SSL_TXT_DH,	0,SSL_DH,    0,0,0,0,SSL_MKEY_MASK,0},
+	{0,SSL_TXT_ECC,	0,(SSL_kECDH|SSL_kECDHE), 0,0,0,0,SSL_MKEY_MASK,0},
+	{0,SSL_TXT_EDH,	0,SSL_EDH,   0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0},
+	{0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0},  /* VRS Kerberos5 */
+	{0,SSL_TXT_aRSA,0,SSL_aRSA,  0,0,0,0,SSL_AUTH_MASK,0},
+	{0,SSL_TXT_aDSS,0,SSL_aDSS,  0,0,0,0,SSL_AUTH_MASK,0},
+	{0,SSL_TXT_aFZA,0,SSL_aFZA,  0,0,0,0,SSL_AUTH_MASK,0},
+	{0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0},
+	{0,SSL_TXT_aDH, 0,SSL_aDH,   0,0,0,0,SSL_AUTH_MASK,0},
+	{0,SSL_TXT_DSS,	0,SSL_DSS,   0,0,0,0,SSL_AUTH_MASK,0},
+
+	{0,SSL_TXT_DES,	0,SSL_DES,   0,0,0,0,SSL_ENC_MASK,0},
+	{0,SSL_TXT_3DES,0,SSL_3DES,  0,0,0,0,SSL_ENC_MASK,0},
+	{0,SSL_TXT_RC4,	0,SSL_RC4,   0,0,0,0,SSL_ENC_MASK,0},
+	{0,SSL_TXT_RC2,	0,SSL_RC2,   0,0,0,0,SSL_ENC_MASK,0},
+	{0,SSL_TXT_IDEA,0,SSL_IDEA,  0,0,0,0,SSL_ENC_MASK,0},
+	{0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},
+	{0,SSL_TXT_eFZA,0,SSL_eFZA,  0,0,0,0,SSL_ENC_MASK,0},
+	{0,SSL_TXT_AES,	0,SSL_AES,   0,0,0,0,SSL_ENC_MASK,0},
+
+	{0,SSL_TXT_MD5,	0,SSL_MD5,   0,0,0,0,SSL_MAC_MASK,0},
+	{0,SSL_TXT_SHA1,0,SSL_SHA1,  0,0,0,0,SSL_MAC_MASK,0},
+	{0,SSL_TXT_SHA,	0,SSL_SHA,   0,0,0,0,SSL_MAC_MASK,0},
+
+	{0,SSL_TXT_NULL,0,SSL_NULL,  0,0,0,0,SSL_ENC_MASK,0},
+	{0,SSL_TXT_KRB5,0,SSL_KRB5,  0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
+	{0,SSL_TXT_RSA,	0,SSL_RSA,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
+	{0,SSL_TXT_ADH,	0,SSL_ADH,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0},
+	{0,SSL_TXT_FZA,	0,SSL_FZA,   0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0},
+
+	{0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0},
+	{0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,0,0,0,SSL_SSL_MASK,0},
+	{0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,0,0,0,SSL_SSL_MASK,0},
+
+	{0,SSL_TXT_EXP   ,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
+	{0,SSL_TXT_EXPORT,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK},
+	{0,SSL_TXT_EXP40, 0, 0, SSL_EXP40, 0,0,0,0,SSL_STRONG_MASK},
+	{0,SSL_TXT_EXP56, 0, 0, SSL_EXP56, 0,0,0,0,SSL_STRONG_MASK},
+	{0,SSL_TXT_LOW,   0, 0,   SSL_LOW, 0,0,0,0,SSL_STRONG_MASK},
+	{0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK},
+	{0,SSL_TXT_HIGH,  0, 0,  SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK},
 	};
 
 static int init_ciphers=1;
-static void load_ciphers();
-
-static int cmp_by_name(a,b)
-SSL_CIPHER **a,**b;
-	{
-	return(strcmp((*a)->name,(*b)->name));
-	}
 
-static void load_ciphers()
+static void load_ciphers(void)
 	{
 	init_ciphers=0;
 	ssl_cipher_methods[SSL_ENC_DES_IDX]= 
@@ -173,6 +174,10 @@ static void load_ciphers()
 		EVP_get_cipherbyname(SN_rc2_cbc);
 	ssl_cipher_methods[SSL_ENC_IDEA_IDX]= 
 		EVP_get_cipherbyname(SN_idea_cbc);
+	ssl_cipher_methods[SSL_ENC_AES128_IDX]=
+	  EVP_get_cipherbyname(SN_aes_128_cbc);
+	ssl_cipher_methods[SSL_ENC_AES256_IDX]=
+	  EVP_get_cipherbyname(SN_aes_256_cbc);
 
 	ssl_digest_methods[SSL_MD_MD5_IDX]=
 		EVP_get_digestbyname(SN_md5);
@@ -180,14 +185,38 @@ static void load_ciphers()
 		EVP_get_digestbyname(SN_sha1);
 	}
 
-int ssl_cipher_get_evp(c,enc,md)
-SSL_CIPHER *c;
-EVP_CIPHER **enc;
-EVP_MD **md;
+int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc,
+	     const EVP_MD **md, SSL_COMP **comp)
 	{
 	int i;
+	SSL_CIPHER *c;
 
+	c=s->cipher;
 	if (c == NULL) return(0);
+	if (comp != NULL)
+		{
+		SSL_COMP ctmp;
+
+		if (s->compress_meth == 0)
+			*comp=NULL;
+		else if (ssl_comp_methods == NULL)
+			{
+			/* bad */
+			*comp=NULL;
+			}
+		else
+			{
+
+			ctmp.id=s->compress_meth;
+			i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp);
+			if (i >= 0)
+				*comp=sk_SSL_COMP_value(ssl_comp_methods,i);
+			else
+				*comp=NULL;
+			}
+		}
+
+	if ((enc == NULL) || (md == NULL)) return(0);
 
 	switch (c->algorithms & SSL_ENC_MASK)
 		{
@@ -209,6 +238,14 @@ EVP_MD **md;
 	case SSL_eNULL:
 		i=SSL_ENC_NULL_IDX;
 		break;
+	case SSL_AES:
+		switch(c->alg_bits)
+			{
+		case 128: i=SSL_ENC_AES128_IDX; break;
+		case 256: i=SSL_ENC_AES256_IDX; break;
+		default: i=-1; break;
+			}
+		break;
 	default:
 		i= -1;
 		break;
@@ -250,8 +287,8 @@ EVP_MD **md;
 #define ITEM_SEP(a) \
 	(((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
 
-static void ll_append_tail(head,curr,tail)
-CIPHER_ORDER **head,*curr,**tail;
+static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
+	     CIPHER_ORDER **tail)
 	{
 	if (curr == *tail) return;
 	if (curr == *head)
@@ -266,181 +303,361 @@ CIPHER_ORDER **head,*curr,**tail;
 	*tail=curr;
 	}
 
-STACK *ssl_create_cipher_list(ssl_method,cipher_list,cipher_list_by_id,str)
-SSL_METHOD *ssl_method;
-STACK **cipher_list,**cipher_list_by_id;
-char *str;
+static unsigned long ssl_cipher_get_disabled(void)
 	{
-	SSL_CIPHER *c;
-	char *l;
-	STACK *ret=NULL,*ok=NULL;
-#define CL_BUF	40
-	char buf[CL_BUF];
-	char *tmp_str=NULL;
-	unsigned long mask,algorithms,ma;
-	char *start;
-	int i,j,k,num=0,ch,multi;
-	unsigned long al;
-	STACK *ca_list=NULL;
-	int current_x,num_x;
-	CIPHER_CHOICE *ops=NULL;
-	CIPHER_ORDER *list=NULL,*head=NULL,*tail=NULL,*curr,*tail2,*curr2;
-	int list_num;
-	int type;
-	SSL_CIPHER c_tmp,*cp;
-
-	if (str == NULL) return(NULL);
-
-	if (strncmp(str,"DEFAULT",7) == 0)
-		{
-		i=strlen(str)+2+strlen(SSL_DEFAULT_CIPHER_LIST);
-		if ((tmp_str=Malloc(i)) == NULL)
-			{
-			SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		strcpy(tmp_str,SSL_DEFAULT_CIPHER_LIST);
-		strcat(tmp_str,":");
-		strcat(tmp_str,&(str[7]));
-		str=tmp_str;
-		}
-	if (init_ciphers) load_ciphers();
-
-	num=ssl_method->num_ciphers();
-
-	if ((ret=(STACK *)sk_new(NULL)) == NULL) goto err;
-	if ((ca_list=(STACK *)sk_new(cmp_by_name)) == NULL) goto err;
+	unsigned long mask;
 
-	mask =SSL_kFZA;
-#ifdef NO_RSA
-	mask|=SSL_aRSA|SSL_kRSA;
+	mask = SSL_kFZA;
+#ifdef OPENSSL_NO_RSA
+	mask |= SSL_aRSA|SSL_kRSA;
 #endif
-#ifdef NO_DSA
-	mask|=SSL_aDSS;
+#ifdef OPENSSL_NO_DSA
+	mask |= SSL_aDSS;
 #endif
-#ifdef NO_DH
-	mask|=SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
+#ifdef OPENSSL_NO_DH
+	mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH;
 #endif
-
-#ifndef SSL_ALLOW_ENULL
-	mask|=SSL_eNULL;
+#ifdef OPENSSL_NO_KRB5
+	mask |= SSL_kKRB5|SSL_aKRB5;
+#endif
+#ifdef OPENSSL_NO_ECDH
+	mask |= SSL_kECDH|SSL_kECDHE;
 #endif
+#ifdef SSL_FORBID_ENULL
+	mask |= SSL_eNULL;
+#endif
+
+	mask |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0;
+	mask |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0;
+	mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0;
+	mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0;
+	mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
+	mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0;
+	mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0;
+
+	mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
+	mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
 
-	mask|=(ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL)?SSL_DES :0;
-	mask|=(ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL)?SSL_3DES:0;
-	mask|=(ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL)?SSL_RC4 :0;
-	mask|=(ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL)?SSL_RC2 :0;
-	mask|=(ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL)?SSL_IDEA:0;
-	mask|=(ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL)?SSL_eFZA:0;
+	return(mask);
+	}
 
-	mask|=(ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL)?SSL_MD5 :0;
-	mask|=(ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL)?SSL_SHA1:0;
+static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
+		int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list,
+		CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
+	{
+	int i, list_num;
+	SSL_CIPHER *c;
 
-	if ((list=(CIPHER_ORDER *)Malloc(sizeof(CIPHER_ORDER)*num)) == NULL)
-		goto err;
+	/*
+	 * We have num_of_ciphers descriptions compiled in, depending on the
+	 * method selected (SSLv2 and/or SSLv3, TLSv1 etc).
+	 * These will later be sorted in a linked list with at most num
+	 * entries.
+	 */
 
 	/* Get the initial list of ciphers */
-	list_num=0;
-	for (i=0; i<num; i++)
+	list_num = 0;	/* actual count of ciphers */
+	for (i = 0; i < num_of_ciphers; i++)
 		{
-		c=ssl_method->get_cipher((unsigned int)i);
+		c = ssl_method->get_cipher(i);
 		/* drop those that use any of that is not available */
 		if ((c != NULL) && c->valid && !(c->algorithms & mask))
 			{
-			list[list_num].cipher=c;
-			list[list_num].next=NULL;
-			list[list_num].prev=NULL;
-			list[list_num].active=0;
+			list[list_num].cipher = c;
+			list[list_num].next = NULL;
+			list[list_num].prev = NULL;
+			list[list_num].active = 0;
 			list_num++;
+#ifdef KSSL_DEBUG
+			printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms);
+#endif	/* KSSL_DEBUG */
+			/*
 			if (!sk_push(ca_list,(char *)c)) goto err;
+			*/
 			}
 		}
-	
-	for (i=1; i<list_num-1; i++)
+
+	/*
+	 * Prepare linked list from list entries
+	 */	
+	for (i = 1; i < list_num - 1; i++)
 		{
-		list[i].prev= &(list[i-1]);
-		list[i].next= &(list[i+1]);
+		list[i].prev = &(list[i-1]);
+		list[i].next = &(list[i+1]);
 		}
 	if (list_num > 0)
 		{
-		head= &(list[0]);
-		head->prev=NULL;
-		head->next= &(list[1]);
-		tail= &(list[list_num-1]);
-		tail->prev= &(list[list_num-2]);
-		tail->next=NULL;
+		(*head_p) = &(list[0]);
+		(*head_p)->prev = NULL;
+		(*head_p)->next = &(list[1]);
+		(*tail_p) = &(list[list_num - 1]);
+		(*tail_p)->prev = &(list[list_num - 2]);
+		(*tail_p)->next = NULL;
 		}
+	}
 
-	/* special case */
-	cipher_aliases[0].algorithms= ~mask;
+static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list,
+			int num_of_group_aliases, unsigned long mask,
+			CIPHER_ORDER *head)
+	{
+	CIPHER_ORDER *ciph_curr;
+	SSL_CIPHER **ca_curr;
+	int i;
 
-	/* get the aliases */
-	k=sizeof(cipher_aliases)/sizeof(SSL_CIPHER);
-	for (j=0; j<k; j++)
+	/*
+	 * First, add the real ciphers as already collected
+	 */
+	ciph_curr = head;
+	ca_curr = ca_list;
+	while (ciph_curr != NULL)
 		{
-		al=cipher_aliases[j].algorithms;
-		/* Drop those that are not relevent */
-		if ((al & mask) == al) continue;
-		if (!sk_push(ca_list,(char *)&(cipher_aliases[j]))) goto err;
+		*ca_curr = ciph_curr->cipher;
+		ca_curr++;
+		ciph_curr = ciph_curr->next;
 		}
 
-	/* ca_list now holds a 'stack' of SSL_CIPHERS, some real, some
-	 * 'aliases' */
+	/*
+	 * Now we add the available ones from the cipher_aliases[] table.
+	 * They represent either an algorithm, that must be fully
+	 * supported (not match any bit in mask) or represent a cipher
+	 * strength value (will be added in any case because algorithms=0).
+	 */
+	for (i = 0; i < num_of_group_aliases; i++)
+		{
+		if ((i == 0) ||		/* always fetch "ALL" */
+		    !(cipher_aliases[i].algorithms & mask))
+			{
+			*ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
+			ca_curr++;
+			}
+		}
 
-	/* how many parameters are there? */
-	num=1;
-	for (l=str; *l; l++)
-		if (ITEM_SEP(*l))
-			num++;
-	ops=(CIPHER_CHOICE *)Malloc(sizeof(CIPHER_CHOICE)*num);
-	if (ops == NULL) goto err;
-	memset(ops,0,sizeof(CIPHER_CHOICE)*num);
+	*ca_curr = NULL;	/* end of list */
+	}
 
-	/* we now parse the input string and create our operations */
-	l=str;
-	i=0;
-	current_x=0;
+static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask,
+		unsigned long algo_strength, unsigned long mask_strength,
+		int rule, int strength_bits, CIPHER_ORDER *list,
+		CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
+	{
+	CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2;
+	SSL_CIPHER *cp;
+	unsigned long ma, ma_s;
 
+#ifdef CIPHER_DEBUG
+	printf("Applying rule %d with %08lx %08lx %08lx %08lx (%d)\n",
+		rule, algorithms, mask, algo_strength, mask_strength,
+		strength_bits);
+#endif
+
+	curr = head = *head_p;
+	curr2 = head;
+	tail2 = tail = *tail_p;
 	for (;;)
 		{
-		ch= *l;
+		if ((curr == NULL) || (curr == tail2)) break;
+		curr = curr2;
+		curr2 = curr->next;
+
+		cp = curr->cipher;
+
+		/*
+		 * Selection criteria is either the number of strength_bits
+		 * or the algorithm used.
+		 */
+		if (strength_bits == -1)
+			{
+			ma = mask & cp->algorithms;
+			ma_s = mask_strength & cp->algo_strength;
 
-		if (ch == '\0') break;
+#ifdef CIPHER_DEBUG
+			printf("\nName: %s:\nAlgo = %08lx Algo_strength = %08lx\nMask = %08lx Mask_strength %08lx\n", cp->name, cp->algorithms, cp->algo_strength, mask, mask_strength);
+			printf("ma = %08lx ma_s %08lx, ma&algo=%08lx, ma_s&algos=%08lx\n", ma, ma_s, ma&algorithms, ma_s&algo_strength);
+#endif
+			/*
+			 * Select: if none of the mask bit was met from the
+			 * cipher or not all of the bits were met, the
+			 * selection does not apply.
+			 */
+			if (((ma == 0) && (ma_s == 0)) ||
+			    ((ma & algorithms) != ma) ||
+			    ((ma_s & algo_strength) != ma_s))
+				continue; /* does not apply */
+			}
+		else if (strength_bits != cp->strength_bits)
+			continue;	/* does not apply */
+
+#ifdef CIPHER_DEBUG
+		printf("Action = %d\n", rule);
+#endif
+
+		/* add the cipher if it has not been added yet. */
+		if (rule == CIPHER_ADD)
+			{
+			if (!curr->active)
+				{
+				ll_append_tail(&head, curr, &tail);
+				curr->active = 1;
+				}
+			}
+		/* Move the added cipher to this location */
+		else if (rule == CIPHER_ORD)
+			{
+			if (curr->active)
+				{
+				ll_append_tail(&head, curr, &tail);
+				}
+			}
+		else if	(rule == CIPHER_DEL)
+			curr->active = 0;
+		else if (rule == CIPHER_KILL)
+			{
+			if (head == curr)
+				head = curr->next;
+			else
+				curr->prev->next = curr->next;
+			if (tail == curr)
+				tail = curr->prev;
+			curr->active = 0;
+			if (curr->next != NULL)
+				curr->next->prev = curr->prev;
+			if (curr->prev != NULL)
+				curr->prev->next = curr->next;
+			curr->next = NULL;
+			curr->prev = NULL;
+			}
+		}
+
+	*head_p = head;
+	*tail_p = tail;
+	}
+
+static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p,
+				     CIPHER_ORDER **tail_p)
+	{
+	int max_strength_bits, i, *number_uses;
+	CIPHER_ORDER *curr;
+
+	/*
+	 * This routine sorts the ciphers with descending strength. The sorting
+	 * must keep the pre-sorted sequence, so we apply the normal sorting
+	 * routine as '+' movement to the end of the list.
+	 */
+	max_strength_bits = 0;
+	curr = *head_p;
+	while (curr != NULL)
+		{
+		if (curr->active &&
+		    (curr->cipher->strength_bits > max_strength_bits))
+		    max_strength_bits = curr->cipher->strength_bits;
+		curr = curr->next;
+		}
+
+	number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int));
+	if (!number_uses)
+	{
+		SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE);
+		return(0);
+	}
+	memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
+
+	/*
+	 * Now find the strength_bits values actually used
+	 */
+	curr = *head_p;
+	while (curr != NULL)
+		{
+		if (curr->active)
+			number_uses[curr->cipher->strength_bits]++;
+		curr = curr->next;
+		}
+	/*
+	 * Go through the list of used strength_bits values in descending
+	 * order.
+	 */
+	for (i = max_strength_bits; i >= 0; i--)
+		if (number_uses[i] > 0)
+			ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i,
+					list, head_p, tail_p);
+
+	OPENSSL_free(number_uses);
+	return(1);
+	}
+
+static int ssl_cipher_process_rulestr(const char *rule_str,
+		CIPHER_ORDER *list, CIPHER_ORDER **head_p,
+		CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list)
+	{
+	unsigned long algorithms, mask, algo_strength, mask_strength;
+	const char *l, *start, *buf;
+	int j, multi, found, rule, retval, ok, buflen;
+	char ch;
+
+	retval = 1;
+	l = rule_str;
+	for (;;)
+		{
+		ch = *l;
 
+		if (ch == '\0')
+			break;		/* done */
 		if (ch == '-')
-			{ j=CIPHER_DEL; l++; }
+			{ rule = CIPHER_DEL; l++; }
 		else if (ch == '+')
-			{ j=CIPHER_ORD; l++; }
+			{ rule = CIPHER_ORD; l++; }
 		else if (ch == '!')
-			{ j=CIPHER_KILL; l++; }
-		else	
-			{ j=CIPHER_ADD; }
+			{ rule = CIPHER_KILL; l++; }
+		else if (ch == '@')
+			{ rule = CIPHER_SPECIAL; l++; }
+		else
+			{ rule = CIPHER_ADD; }
 
 		if (ITEM_SEP(ch))
 			{
 			l++;
 			continue;
 			}
-		ops[current_x].type=j;
-		ops[current_x].algorithms=0;
-		ops[current_x].mask=0;
+
+		algorithms = mask = algo_strength = mask_strength = 0;
 
 		start=l;
 		for (;;)
 			{
-			ch= *l;
-			i=0;
+			ch = *l;
+			buf = l;
+			buflen = 0;
+#ifndef CHARSET_EBCDIC
 			while (	((ch >= 'A') && (ch <= 'Z')) ||
 				((ch >= '0') && (ch <= '9')) ||
 				((ch >= 'a') && (ch <= 'z')) ||
 				 (ch == '-'))
+#else
+			while (	isalnum(ch) || (ch == '-'))
+#endif
 				 {
-				 buf[i]=ch;
-				 ch= *(++l);
-				 i++;
-				 if (i >= (CL_BUF-2)) break;
+				 ch = *(++l);
+				 buflen++;
 				 }
-			buf[i]='\0';
+
+			if (buflen == 0)
+				{
+				/*
+				 * We hit something we cannot deal with,
+				 * it is no command or separator nor
+				 * alphanumeric, so we call this an error.
+				 */
+				SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
+				       SSL_R_INVALID_COMMAND);
+				retval = found = 0;
+				l++;
+				break;
+				}
+
+			if (rule == CIPHER_SPECIAL)
+				{
+				found = 0; /* unused -- avoid compiler warning */
+				break;	/* special treatment */
+				}
 
 			/* check for multi-part specification */
 			if (ch == '+')
@@ -451,152 +668,263 @@ char *str;
 			else
 				multi=0;
 
-			c_tmp.name=buf;
-			j=sk_find(ca_list,(char *)&c_tmp);
-			if (j < 0)
-				goto end_loop;
+			/*
+			 * Now search for the cipher alias in the ca_list. Be careful
+			 * with the strncmp, because the "buflen" limitation
+			 * will make the rule "ADH:SOME" and the cipher
+			 * "ADH-MY-CIPHER" look like a match for buflen=3.
+			 * So additionally check whether the cipher name found
+			 * has the correct length. We can save a strlen() call:
+			 * just checking for the '\0' at the right place is
+			 * sufficient, we have to strncmp() anyway.
+			 */
+			 j = found = 0;
+			 while (ca_list[j])
+				{
+				if ((ca_list[j]->name[buflen] == '\0') &&
+				    !strncmp(buf, ca_list[j]->name, buflen))
+					{
+					found = 1;
+					break;
+					}
+				else
+					j++;
+				}
+			if (!found)
+				break;	/* ignore this entry */
+
+			algorithms |= ca_list[j]->algorithms;
+			mask |= ca_list[j]->mask;
+			algo_strength |= ca_list[j]->algo_strength;
+			mask_strength |= ca_list[j]->mask_strength;
 
-			cp=(SSL_CIPHER *)sk_value(ca_list,j);
-			ops[current_x].algorithms|=cp->algorithms;
-			/* We add the SSL_SSL_MASK so we can match the
-			 * SSLv2 and SSLv3 versions of RC4-MD5 */
-			ops[current_x].mask|=cp->mask;
 			if (!multi) break;
 			}
-		current_x++;
-		if (ch == '\0') break;
-end_loop:
-		/* Make sure we scan until the next valid start point */
-		while ((*l != '\0') && ITEM_SEP(*l))
-			l++;
+
+		/*
+		 * Ok, we have the rule, now apply it
+		 */
+		if (rule == CIPHER_SPECIAL)
+			{	/* special command */
+			ok = 0;
+			if ((buflen == 8) &&
+				!strncmp(buf, "STRENGTH", 8))
+				ok = ssl_cipher_strength_sort(list,
+					head_p, tail_p);
+			else
+				SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
+					SSL_R_INVALID_COMMAND);
+			if (ok == 0)
+				retval = 0;
+			/*
+			 * We do not support any "multi" options
+			 * together with "@", so throw away the
+			 * rest of the command, if any left, until
+			 * end or ':' is found.
+			 */
+			while ((*l != '\0') && ITEM_SEP(*l))
+				l++;
+			}
+		else if (found)
+			{
+			ssl_cipher_apply_rule(algorithms, mask,
+				algo_strength, mask_strength, rule, -1,
+				list, head_p, tail_p);
+			}
+		else
+			{
+			while ((*l != '\0') && ITEM_SEP(*l))
+				l++;
+			}
+		if (*l == '\0') break; /* done */
 		}
 
-	num_x=current_x;
-	current_x=0;
+	return(retval);
+	}
 
-	/* We will now process the list of ciphers, once for each category, to
-	 * decide what we should do with it. */
-	for (j=0; j<num_x; j++)
+STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
+		STACK_OF(SSL_CIPHER) **cipher_list,
+		STACK_OF(SSL_CIPHER) **cipher_list_by_id,
+		const char *rule_str)
+	{
+	int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
+	unsigned long disabled_mask;
+	STACK_OF(SSL_CIPHER) *cipherstack;
+	const char *rule_p;
+	CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr;
+	SSL_CIPHER **ca_list = NULL;
+
+	/*
+	 * Return with error if nothing to do.
+	 */
+	if (rule_str == NULL) return(NULL);
+
+	if (init_ciphers) load_ciphers();
+
+	/*
+	 * To reduce the work to do we only want to process the compiled
+	 * in algorithms, so we first get the mask of disabled ciphers.
+	 */
+	disabled_mask = ssl_cipher_get_disabled();
+
+	/*
+	 * Now we have to collect the available ciphers from the compiled
+	 * in ciphers. We cannot get more than the number compiled in, so
+	 * it is used for allocation.
+	 */
+	num_of_ciphers = ssl_method->num_ciphers();
+#ifdef KSSL_DEBUG
+	printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers);
+#endif    /* KSSL_DEBUG */
+	list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
+	if (list == NULL)
 		{
-		algorithms=ops[j].algorithms;
-		type=ops[j].type;
-		mask=ops[j].mask;
+		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
+		return(NULL);	/* Failure */
+		}
 
-		curr=head;
-		curr2=head;
-		tail2=tail;
-		for (;;)
-			{
-			if ((curr == NULL) || (curr == tail2)) break;
-			curr=curr2;
-			curr2=curr->next;
+	ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask,
+				   list, &head, &tail);
+
+	/*
+	 * We also need cipher aliases for selecting based on the rule_str.
+	 * There might be two types of entries in the rule_str: 1) names
+	 * of ciphers themselves 2) aliases for groups of ciphers.
+	 * For 1) we need the available ciphers and for 2) the cipher
+	 * groups of cipher_aliases added together in one list (otherwise
+	 * we would be happy with just the cipher_aliases table).
+	 */
+	num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
+	num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
+	ca_list =
+		(SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
+	if (ca_list == NULL)
+		{
+		OPENSSL_free(list);
+		SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
+		return(NULL);	/* Failure */
+		}
+	ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mask,
+				   head);
+
+	/*
+	 * If the rule_string begins with DEFAULT, apply the default rule
+	 * before using the (possibly available) additional rules.
+	 */
+	ok = 1;
+	rule_p = rule_str;
+	if (strncmp(rule_str,"DEFAULT",7) == 0)
+		{
+		ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
+			list, &head, &tail, ca_list);
+		rule_p += 7;
+		if (*rule_p == ':')
+			rule_p++;
+		}
 
-			cp=curr->cipher;
-			ma=mask & cp->algorithms;
-			if ((ma == 0) || ((ma & algorithms) != ma))
-				{
-				/* does not apply */
-				continue;
-				}
+	if (ok && (strlen(rule_p) > 0))
+		ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail,
+						ca_list);
 
-			/* add the cipher if it has not been added yet. */
-			if (type == CIPHER_ADD)
-				{
-				if (!curr->active)
-					{
-					ll_append_tail(&head,curr,&tail);
-					curr->active=1;
-					}
-				}
-			/* Move the added cipher to this location */
-			else if (type == CIPHER_ORD)
-				{
-				if (curr->active)
-					{
-					ll_append_tail(&head,curr,&tail);
-					}
-				}
-			else if	(type == CIPHER_DEL)
-				curr->active=0;
-			if (type == CIPHER_KILL)
-				{
-				if (head == curr)
-					head=curr->next;
-				else
-					curr->prev->next=curr->next;
-				if (tail == curr)
-					tail=curr->prev;
-				curr->active=0;
-				if (curr->next != NULL)
-					curr->next->prev=curr->prev;
-				if (curr->prev != NULL)
-					curr->prev->next=curr->next;
-				curr->next=NULL;
-				curr->prev=NULL;
-				}
-			}
+	OPENSSL_free(ca_list);	/* Not needed anymore */
+
+	if (!ok)
+		{	/* Rule processing failure */
+		OPENSSL_free(list);
+		return(NULL);
+		}
+	/*
+	 * Allocate new "cipherstack" for the result, return with error
+	 * if we cannot get one.
+	 */
+	if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL)
+		{
+		OPENSSL_free(list);
+		return(NULL);
 		}
 
-	for (curr=head; curr != NULL; curr=curr->next)
+	/*
+	 * The cipher selection for the list is done. The ciphers are added
+	 * to the resulting precedence to the STACK_OF(SSL_CIPHER).
+	 */
+	for (curr = head; curr != NULL; curr = curr->next)
 		{
 		if (curr->active)
 			{
-			sk_push(ret,(char *)curr->cipher);
+			sk_SSL_CIPHER_push(cipherstack, curr->cipher);
 #ifdef CIPHER_DEBUG
 			printf("<%s>\n",curr->cipher->name);
 #endif
 			}
 		}
-
+	OPENSSL_free(list);	/* Not needed any longer */
+
+	/*
+	 * The following passage is a little bit odd. If pointer variables
+	 * were supplied to hold STACK_OF(SSL_CIPHER) return information,
+	 * the old memory pointed to is free()ed. Then, however, the
+	 * cipher_list entry will be assigned just a copy of the returned
+	 * cipher stack. For cipher_list_by_id a copy of the cipher stack
+	 * will be created. See next comment...
+	 */
 	if (cipher_list != NULL)
 		{
 		if (*cipher_list != NULL)
-			sk_free(*cipher_list);
-		*cipher_list=ret;
+			sk_SSL_CIPHER_free(*cipher_list);
+		*cipher_list = cipherstack;
 		}
 
 	if (cipher_list_by_id != NULL)
 		{
 		if (*cipher_list_by_id != NULL)
-			sk_free(*cipher_list_by_id);
-		*cipher_list_by_id=sk_dup(ret);
+			sk_SSL_CIPHER_free(*cipher_list_by_id);
+		*cipher_list_by_id = sk_SSL_CIPHER_dup(cipherstack);
 		}
 
+	/*
+	 * Now it is getting really strange. If something failed during
+	 * the previous pointer assignment or if one of the pointers was
+	 * not requested, the error condition is met. That might be
+	 * discussable. The strange thing is however that in this case
+	 * the memory "ret" pointed to is "free()ed" and hence the pointer
+	 * cipher_list becomes wild. The memory reserved for
+	 * cipher_list_by_id however is not "free()ed" and stays intact.
+	 */
 	if (	(cipher_list_by_id == NULL) ||
 		(*cipher_list_by_id == NULL) ||
 		(cipher_list == NULL) ||
 		(*cipher_list == NULL))
-		goto err;
-	sk_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
-
-	ok=ret;
-	ret=NULL;
-err:
-	if (tmp_str) Free(tmp_str);
-	if (ops != NULL) Free(ops);
-	if (ret != NULL) sk_free(ret);
-	if (ca_list != NULL) sk_free(ca_list);
-	if (list != NULL) Free(list);
-	return(ok);
+		{
+		sk_SSL_CIPHER_free(cipherstack);
+		return(NULL);
+		}
+
+	sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp);
+
+	return(cipherstack);
 	}
 
-char *SSL_CIPHER_description(cipher,buf,len)
-SSL_CIPHER *cipher;
-char *buf;
-int len;
+char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len)
 	{
-	int export;
+	int is_export,pkl,kl;
 	char *ver,*exp;
 	char *kx,*au,*enc,*mac;
-	unsigned long alg,alg2;
+	unsigned long alg,alg2,alg_s;
+#ifdef KSSL_DEBUG
+	static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n";
+#else
 	static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n";
-	
+#endif /* KSSL_DEBUG */
+
 	alg=cipher->algorithms;
+	alg_s=cipher->algo_strength;
 	alg2=cipher->algorithm2;
 
-	export=(alg&SSL_EXP)?1:0;
-	exp=(export)?" export":"";
-
+	is_export=SSL_C_IS_EXPORT(cipher);
+	pkl=SSL_C_EXPORT_PKEYLENGTH(cipher);
+	kl=SSL_C_EXPORT_KEYLENGTH(cipher);
+	exp=is_export?" export":"";
+	
 	if (alg & SSL_SSLV2)
 		ver="SSLv2";
 	else if (alg & SSL_SSLV3)
@@ -607,7 +935,7 @@ int len;
 	switch (alg&SSL_MKEY_MASK)
 		{
 	case SSL_kRSA:
-		kx=(export)?"RSA(512)":"RSA";
+		kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA";
 		break;
 	case SSL_kDHr:
 		kx="DH/RSA";
@@ -615,11 +943,19 @@ int len;
 	case SSL_kDHd:
 		kx="DH/DSS";
 		break;
+        case SSL_kKRB5:         /* VRS */
+        case SSL_KRB5:          /* VRS */
+            kx="KRB5";
+            break;
 	case SSL_kFZA:
 		kx="Fortezza";
 		break;
 	case SSL_kEDH:
-		kx=(export)?"DH(512)":"DH";
+		kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
+		break;
+	case SSL_kECDH:
+	case SSL_kECDHE:
+		kx=is_export?"ECDH(<=163)":"ECDH";
 		break;
 	default:
 		kx="unknown";
@@ -636,10 +972,17 @@ int len;
 	case SSL_aDH:
 		au="DH";
 		break;
+        case SSL_aKRB5:         /* VRS */
+        case SSL_KRB5:          /* VRS */
+            au="KRB5";
+            break;
 	case SSL_aFZA:
 	case SSL_aNULL:
 		au="None";
 		break;
+	case SSL_aECDSA:
+		au="ECDSA";
+		break;
 	default:
 		au="unknown";
 		break;
@@ -648,16 +991,17 @@ int len;
 	switch (alg&SSL_ENC_MASK)
 		{
 	case SSL_DES:
-		enc=export?"DES(40)":"DES(56)";
+		enc=(is_export && kl == 5)?"DES(40)":"DES(56)";
 		break;
 	case SSL_3DES:
 		enc="3DES(168)";
 		break;
 	case SSL_RC4:
-		enc=export?"RC4(40)":((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
+		enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)")
+		  :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)");
 		break;
 	case SSL_RC2:
-		enc=export?"RC2(40)":"RC2(128)";
+		enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)";
 		break;
 	case SSL_IDEA:
 		enc="IDEA(128)";
@@ -668,6 +1012,15 @@ int len;
 	case SSL_eNULL:
 		enc="None";
 		break;
+	case SSL_AES:
+		switch(cipher->strength_bits)
+			{
+		case 128: enc="AES(128)"; break;
+		case 192: enc="AES(192)"; break;
+		case 256: enc="AES(256)"; break;
+		default: enc="AES(?""?""?)"; break;
+			}
+		break;
 	default:
 		enc="unknown";
 		break;
@@ -688,18 +1041,22 @@ int len;
 
 	if (buf == NULL)
 		{
-		buf=Malloc(128);
-		if (buf == NULL) return("Malloc Error");
+		len=128;
+		buf=OPENSSL_malloc(len);
+		if (buf == NULL) return("OPENSSL_malloc Error");
 		}
 	else if (len < 128)
 		return("Buffer too small");
 
-	sprintf(buf,format,cipher->name,ver,kx,au,enc,mac,exp);
+#ifdef KSSL_DEBUG
+	BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp,alg);
+#else
+	BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp);
+#endif /* KSSL_DEBUG */
 	return(buf);
 	}
 
-char *SSL_CIPHER_get_version(c)
-SSL_CIPHER *c;
+char *SSL_CIPHER_get_version(SSL_CIPHER *c)
 	{
 	int i;
 
@@ -714,45 +1071,78 @@ SSL_CIPHER *c;
 	}
 
 /* return the actual cipher being used */
-char *SSL_CIPHER_get_name(c)
-SSL_CIPHER *c;
+const char *SSL_CIPHER_get_name(SSL_CIPHER *c)
 	{
 	if (c != NULL)
 		return(c->name);
 	return("(NONE)");
 	}
 
-/* number of bits for symetric cipher */
-int SSL_CIPHER_get_bits(c,alg_bits)
-SSL_CIPHER *c;
-int *alg_bits;
+/* number of bits for symmetric cipher */
+int SSL_CIPHER_get_bits(SSL_CIPHER *c, int *alg_bits)
 	{
-	int ret=0,a=0;
-	EVP_CIPHER *enc;
-	EVP_MD *md;
+	int ret=0;
 
 	if (c != NULL)
 		{
-		if (!ssl_cipher_get_evp(c,&enc,&md))
-			return(0);
+		if (alg_bits != NULL) *alg_bits = c->alg_bits;
+		ret = c->strength_bits;
+		}
+	return(ret);
+	}
 
-		a=EVP_CIPHER_key_length(enc)*8;
+SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
+	{
+	SSL_COMP *ctmp;
+	int i,nn;
 
-		if (c->algorithms & SSL_EXP)
-			{
-			ret=40;
-			}
-		else
-			{
-			if (c->algorithm2 & SSL2_CF_8_BYTE_ENC)
-				ret=64;
-			else
-				ret=a;
-			}
+	if ((n == 0) || (sk == NULL)) return(NULL);
+	nn=sk_SSL_COMP_num(sk);
+	for (i=0; i<nn; i++)
+		{
+		ctmp=sk_SSL_COMP_value(sk,i);
+		if (ctmp->id == n)
+			return(ctmp);
 		}
+	return(NULL);
+	}
 
-	if (alg_bits != NULL) *alg_bits=a;
-	
-	return(ret);
+static int sk_comp_cmp(const SSL_COMP * const *a,
+			const SSL_COMP * const *b)
+	{
+	return((*a)->id-(*b)->id);
+	}
+
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
+	{
+	return(ssl_comp_methods);
 	}
 
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
+	{
+	SSL_COMP *comp;
+	STACK_OF(SSL_COMP) *sk;
+
+        if (cm == NULL || cm->type == NID_undef)
+                return 1;
+
+	MemCheck_off();
+	comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
+	comp->id=id;
+	comp->method=cm;
+	if (ssl_comp_methods == NULL)
+		sk=ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp);
+	else
+		sk=ssl_comp_methods;
+	if ((sk == NULL) || !sk_SSL_COMP_push(sk,comp))
+		{
+		MemCheck_on();
+		SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE);
+		return(0);
+		}
+	else
+		{
+		MemCheck_on();
+		return(1);
+		}
+	}
diff --git a/ssl/ssl_comp.c b/ssl/ssl_comp.c
deleted file mode 100644
index 7724ff5672..0000000000
--- a/ssl/ssl_comp.c
+++ /dev/null
@@ -1,580 +0,0 @@
-/* ssl/ssl_comp.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "ssl_locl.h"
-
-#ifndef NOPROTO
-static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
-static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
-#else
-static void SSL_SESSION_list_remove();
-static void SSL_SESSION_list_add();
-#endif
-
-static int ssl_session_num=0;
-static STACK *ssl_session_meth=NULL;
-
-SSL_SESSION *SSL_get_session(ssl)
-SSL *ssl;
-	{
-	return(ssl->session);
-	}
-
-int SSL_SESSION_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
-long argl;
-char *argp;
-int (*new_func)();
-int (*dup_func)();
-void (*free_func)();
-        {
-        ssl_session_num++;
-        return(CRYPTO_get_ex_new_index(ssl_session_num-1,
-		&ssl_session_meth,
-                argl,argp,new_func,dup_func,free_func));
-        }
-
-int SSL_SESSION_set_ex_data(s,idx,arg)
-SSL_SESSION *s;
-int idx;
-char *arg;
-	{
-	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
-	}
-
-char *SSL_SESSION_get_ex_data(s,idx)
-SSL_SESSION *s;
-int idx;
-	{
-	return(CRYPTO_get_ex_data(&s->ex_data,idx));
-	}
-
-SSL_SESSION *SSL_SESSION_new()
-	{
-	SSL_SESSION *ss;
-
-	ss=(SSL_SESSION *)Malloc(sizeof(SSL_SESSION));
-	if (ss == NULL)
-		{
-		SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	memset(ss,0,sizeof(SSL_SESSION));
-
-	ss->references=1;
-	ss->timeout=60*5+4; /* 5 minute timeout by default */
-	ss->time=time(NULL);
-	ss->prev=NULL;
-	ss->next=NULL;
-	CRYPTO_new_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data);
-	return(ss);
-	}
-
-int ssl_get_new_session(s, session)
-SSL *s;
-int session;
-	{
-	SSL_SESSION *ss=NULL;
-
-	if ((ss=SSL_SESSION_new()) == NULL) return(0);
-
-	/* If the context has a default timeout, use it */
-	if (s->ctx->session_timeout != 0)
-		ss->timeout=SSL_get_default_timeout(s);
-
-	if (s->session != NULL)
-		{
-		SSL_SESSION_free(s->session);
-		s->session=NULL;
-		}
-
-	if (session)
-		{
-		if (s->version == SSL2_CLIENT_VERSION)
-			{
-			ss->ssl_version=SSL2_VERSION;
-			ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
-			}
-		else if (s->version == SSL3_VERSION)
-			{
-			ss->ssl_version=SSL3_VERSION;
-			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
-			}
-		else if (s->version == TLS1_VERSION)
-			{
-			ss->ssl_version=TLS1_VERSION;
-			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
-			}
-		else
-			{
-			SSLerr(SSL_F_SSL_GET_NEW_SESSION,SSL_R_UNSUPPORTED_SSL_VERSION);
-			SSL_SESSION_free(ss);
-			return(0);
-			}
-
-		for (;;)
-			{
-			SSL_SESSION *r;
-
-			RAND_bytes(ss->session_id,ss->session_id_length);
-			CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-			r=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,
-				(char *)ss);
-			CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-			if (r == NULL) break;
-			/* else - woops a session_id match */
-			}
-		}
-	else
-		{
-		ss->session_id_length=0;
-		}
-
-	s->session=ss;
-	ss->ssl_version=s->version;
-
-	return(1);
-	}
-
-int ssl_get_prev_session(s,session_id,len)
-SSL *s;
-unsigned char *session_id;
-int len;
-	{
-	SSL_SESSION *ret=NULL,data;
-
-	/* conn_init();*/
-	data.ssl_version=s->version;
-	data.session_id_length=len;
-	if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
-		return(0);
-	memcpy(data.session_id,session_id,len);;
-
-	if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
-		{
-		CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-		ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,(char *)&data);
-		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-		}
-
-	if (ret == NULL)
-		{
-		int copy=1;
-
-		s->ctx->sess_miss++;
-		ret=NULL;
-		if ((s->ctx->get_session_cb != NULL) &&
-			((ret=s->ctx->get_session_cb(s,session_id,len,&copy))
-				!= NULL))
-			{
-			s->ctx->sess_cb_hit++;
-
-			/* The following should not return 1, otherwise,
-			 * things are very strange */
-			SSL_CTX_add_session(s->ctx,ret);
-			/* auto free it */
-			if (!copy)
-				SSL_SESSION_free(ret);
-			}
-		if (ret == NULL) return(0);
-		}
-
-	if (ret->cipher == NULL)
-		{
-		char buf[5],*p;
-		unsigned long l;
-
-		p=buf;
-		l=ret->cipher_id;
-		l2n(l,p);
-		if ((ret->ssl_version>>8) == SSL3_VERSION_MAJOR)
-			ret->cipher=ssl_get_cipher_by_char(s,&(buf[2]));
-		else 
-			ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
-		if (ret->cipher == NULL)
-			return(0);
-		}
-
-	/* If a thread got the session, then 'swaped', and another got
-	 * it and then due to a time-out decided to 'Free' it we could
-	 * be in trouble.  So I'll increment it now, then double decrement
-	 * later - am I speaking rubbish?. */
-	CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
-
-	if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */
-		{
-		s->ctx->sess_timeout++;
-		/* remove it from the cache */
-		SSL_CTX_remove_session(s->ctx,ret);
-		SSL_SESSION_free(ret);		/* again to actually Free it */
-		return(0);
-		}
-
-	s->ctx->sess_hit++;
-
-	/* ret->time=time(NULL); */ /* rezero timeout? */
-	/* again, just leave the session 
-	 * if it is the same session, we have just incremented and
-	 * then decremented the reference count :-) */
-	if (s->session != NULL)
-		SSL_SESSION_free(s->session);
-	s->session=ret;
-	return(1);
-	}
-
-int SSL_CTX_add_session(ctx,c)
-SSL_CTX *ctx;
-SSL_SESSION *c;
-	{
-	int ret=0;
-	SSL_SESSION *s;
-
-	/* conn_init(); */
-	CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION);
-
-	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-	s=(SSL_SESSION *)lh_insert(ctx->sessions,(char *)c);
-	
-	/* Put on the end of the queue unless it is already in the cache */
-	if (s == NULL)
-		SSL_SESSION_list_add(ctx,c);
-
-	/* If the same session if is being 're-added', Free the old
-	 * one when the last person stops using it.
-	 * This will also work if it is alread in the cache.
-	 * The references will go up and then down :-) */
-	if (s != NULL)
-		{
-		SSL_SESSION_free(s);
-		ret=0;
-		}
-	else
-		{
-		ret=1;
-
-		if (SSL_CTX_sess_get_cache_size(ctx) > 0)
-			{
-			while (SSL_CTX_sess_number(ctx) >
-				SSL_CTX_sess_get_cache_size(ctx))
-				{
-				if (!SSL_CTX_remove_session(ctx,
-					ctx->session_cache_tail))
-					break;
-				else
-					ctx->sess_cache_full++;
-				}
-			}
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-	return(ret);
-	}
-
-int SSL_CTX_remove_session(ctx,c)
-SSL_CTX *ctx;
-SSL_SESSION *c;
-	{
-	SSL_SESSION *r;
-	int ret=0;
-
-	if ((c != NULL) && (c->session_id_length != 0))
-		{
-		CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-		r=(SSL_SESSION *)lh_delete(ctx->sessions,(char *)c);
-		if (r != NULL)
-			{
-			ret=1;
-			SSL_SESSION_list_remove(ctx,c);
-			}
-
-		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-
-		if (ret)
-			{
-			r->not_resumable=1;
-			if (ctx->remove_session_cb != NULL)
-				ctx->remove_session_cb(ctx,r);
-			SSL_SESSION_free(r);
-			}
-		}
-	else
-		ret=0;
-	return(ret);
-	}
-
-void SSL_SESSION_free(ss)
-SSL_SESSION *ss;
-	{
-	int i;
-
-	i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION);
-#ifdef REF_PRINT
-	REF_PRINT("SSL_SESSION",ss);
-#endif
-	if (i > 0) return;
-#ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"SSL_SESSION_free, bad reference count\n");
-		abort(); /* ok */
-		}
-#endif
-
-	CRYPTO_free_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data);
-
-	memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
-	memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
-	memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
-	if (ss->cert != NULL) ssl_cert_free(ss->cert);
-	if (ss->peer != NULL) X509_free(ss->peer);
-	if (ss->ciphers != NULL) sk_free(ss->ciphers);
-	memset(ss,0,sizeof(*ss));
-	Free(ss);
-	}
-
-int SSL_set_session(s, session)
-SSL *s;
-SSL_SESSION *session;
-	{
-	int ret=0;
-	SSL_METHOD *meth;
-
-	if (session != NULL)
-		{
-		meth=s->ctx->method->get_ssl_method(session->ssl_version);
-		if (meth == NULL)
-			meth=s->method->get_ssl_method(session->ssl_version);
-		if (meth == NULL)
-			{
-			SSLerr(SSL_F_SSL_SET_SESSION,SSL_R_UNABLE_TO_FIND_SSL_METHOD);
-			return(0);
-			}
-
-		if (meth != s->method)
-			{
-			if (!SSL_set_ssl_method(s,meth))
-				return(0);
-			session->timeout=SSL_get_default_timeout(s);
-			}
-
-		/* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
-		CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION);
-		if (s->session != NULL)
-			SSL_SESSION_free(s->session);
-		s->session=session;
-		/* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
-		ret=1;
-		}
-	else
-		{
-		if (s->session != NULL)
-			{
-			SSL_SESSION_free(s->session);
-			s->session=NULL;
-			}
-		}
-	return(ret);
-	}
-
-long SSL_SESSION_set_timeout(s,t)
-SSL_SESSION *s;
-long t;
-	{
-	if (s == NULL) return(0);
-	s->timeout=t;
-	return(1);
-	}
-
-long SSL_SESSION_get_timeout(s)
-SSL_SESSION *s;
-	{
-	if (s == NULL) return(0);
-	return(s->timeout);
-	}
-
-long SSL_SESSION_get_time(s)
-SSL_SESSION *s;
-	{
-	if (s == NULL) return(0);
-	return(s->time);
-	}
-
-long SSL_SESSION_set_time(s,t)
-SSL_SESSION *s;
-long t;
-	{
-	if (s == NULL) return(0);
-	s->time=t;
-	return(t);
-	}
-
-typedef struct timeout_param_st
-	{
-	SSL_CTX *ctx;
-	long time;
-	LHASH *cache;
-	} TIMEOUT_PARAM;
-
-static void timeout(s,p)
-SSL_SESSION *s;
-TIMEOUT_PARAM *p;
-	{
-	if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
-		{
-		/* The reason we don't call SSL_CTX_remove_session() is to
-		 * save on locking overhead */
-		lh_delete(p->cache,(char *)s);
-		SSL_SESSION_list_remove(p->ctx,s);
-		s->not_resumable=1;
-		if (p->ctx->remove_session_cb != NULL)
-			p->ctx->remove_session_cb(p->ctx,s);
-		SSL_SESSION_free(s);
-		}
-	}
-
-void SSL_CTX_flush_sessions(s,t)
-SSL_CTX *s;
-long t;
-	{
-	unsigned long i;
-	TIMEOUT_PARAM tp;
-
-	tp.ctx=s;
-	tp.cache=SSL_CTX_sessions(s);
-	if (tp.cache == NULL) return;
-	tp.time=t;
-	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-	i=tp.cache->down_load;
-	tp.cache->down_load=0;
-	lh_doall_arg(tp.cache,(void (*)())timeout,(char *)&tp);
-	tp.cache->down_load=i;
-	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-	}
-
-int ssl_clear_bad_session(s)
-SSL *s;
-	{
-	if (	(s->session != NULL) &&
-		!(s->shutdown & SSL_SENT_SHUTDOWN) &&
-		!(SSL_in_init(s) || SSL_in_before(s)))
-		{
-		SSL_CTX_remove_session(s->ctx,s->session);
-		return(1);
-		}
-	else
-		return(0);
-	}
-
-/* locked by SSL_CTX in the calling function */
-static void SSL_SESSION_list_remove(ctx,s)
-SSL_CTX *ctx;
-SSL_SESSION *s;
-	{
-	if ((s->next == NULL) || (s->prev == NULL)) return;
-
-	if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail))
-		{ /* last element in list */
-		if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
-			{ /* only one element in list */
-			ctx->session_cache_head=NULL;
-			ctx->session_cache_tail=NULL;
-			}
-		else
-			{
-			ctx->session_cache_tail=s->prev;
-			s->prev->next=(SSL_SESSION *)&(ctx->session_cache_tail);
-			}
-		}
-	else
-		{
-		if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head))
-			{ /* first element in list */
-			ctx->session_cache_head=s->next;
-			s->next->prev=(SSL_SESSION *)&(ctx->session_cache_head);
-			}
-		else
-			{ /* middle of list */
-			s->next->prev=s->prev;
-			s->prev->next=s->next;
-			}
-		}
-	s->prev=s->next=NULL;
-	}
-
-static void SSL_SESSION_list_add(ctx,s)
-SSL_CTX *ctx;
-SSL_SESSION *s;
-	{
-	if ((s->next != NULL) && (s->prev != NULL))
-		SSL_SESSION_list_remove(ctx,s);
-
-	if (ctx->session_cache_head == NULL)
-		{
-		ctx->session_cache_head=s;
-		ctx->session_cache_tail=s;
-		s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
-		s->next=(SSL_SESSION *)&(ctx->session_cache_tail);
-		}
-	else
-		{
-		s->next=ctx->session_cache_head;
-		s->next->prev=s;
-		s->prev=(SSL_SESSION *)&(ctx->session_cache_head);
-		ctx->session_cache_head=s;
-		}
-	}
-
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 847f0f3f8a..f891e74f88 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -1,69 +1,73 @@
-/* lib/ssl/ssl_err.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
+/* ssl/ssl_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
  *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
  * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
  */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
 #include <stdio.h>
-#include "err.h"
-#include "ssl.h"
+#include <openssl/err.h>
+#include <openssl/ssl.h>
 
 /* BEGIN ERROR CODES */
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA SSL_str_functs[]=
 	{
 {ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0),	"CLIENT_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_CLIENT_FINISHED,0),	"CLIENT_FINISHED"},
 {ERR_PACK(0,SSL_F_CLIENT_HELLO,0),	"CLIENT_HELLO"},
 {ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0),	"CLIENT_MASTER_KEY"},
 {ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0),	"d2i_SSL_SESSION"},
@@ -77,27 +81,36 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0),	"i2d_SSL_SESSION"},
 {ERR_PACK(0,SSL_F_READ_N,0),	"READ_N"},
 {ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0),	"REQUEST_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SERVER_FINISH,0),	"SERVER_FINISH"},
 {ERR_PACK(0,SSL_F_SERVER_HELLO,0),	"SERVER_HELLO"},
+{ERR_PACK(0,SSL_F_SERVER_VERIFY,0),	"SERVER_VERIFY"},
 {ERR_PACK(0,SSL_F_SSL23_ACCEPT,0),	"SSL23_ACCEPT"},
 {ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0),	"SSL23_CLIENT_HELLO"},
 {ERR_PACK(0,SSL_F_SSL23_CONNECT,0),	"SSL23_CONNECT"},
 {ERR_PACK(0,SSL_F_SSL23_GET_CLIENT_HELLO,0),	"SSL23_GET_CLIENT_HELLO"},
 {ERR_PACK(0,SSL_F_SSL23_GET_SERVER_HELLO,0),	"SSL23_GET_SERVER_HELLO"},
+{ERR_PACK(0,SSL_F_SSL23_PEEK,0),	"SSL23_PEEK"},
 {ERR_PACK(0,SSL_F_SSL23_READ,0),	"SSL23_READ"},
 {ERR_PACK(0,SSL_F_SSL23_WRITE,0),	"SSL23_WRITE"},
 {ERR_PACK(0,SSL_F_SSL2_ACCEPT,0),	"SSL2_ACCEPT"},
 {ERR_PACK(0,SSL_F_SSL2_CONNECT,0),	"SSL2_CONNECT"},
 {ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0),	"SSL2_ENC_INIT"},
+{ERR_PACK(0,SSL_F_SSL2_GENERATE_KEY_MATERIAL,0),	"SSL2_GENERATE_KEY_MATERIAL"},
+{ERR_PACK(0,SSL_F_SSL2_PEEK,0),	"SSL2_PEEK"},
 {ERR_PACK(0,SSL_F_SSL2_READ,0),	"SSL2_READ"},
+{ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0),	"SSL2_READ_INTERNAL"},
 {ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0),	"SSL2_SET_CERTIFICATE"},
 {ERR_PACK(0,SSL_F_SSL2_WRITE,0),	"SSL2_WRITE"},
 {ERR_PACK(0,SSL_F_SSL3_ACCEPT,0),	"SSL3_ACCEPT"},
+{ERR_PACK(0,SSL_F_SSL3_CALLBACK_CTRL,0),	"SSL3_CALLBACK_CTRL"},
 {ERR_PACK(0,SSL_F_SSL3_CHANGE_CIPHER_STATE,0),	"SSL3_CHANGE_CIPHER_STATE"},
 {ERR_PACK(0,SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,0),	"SSL3_CHECK_CERT_AND_ALGORITHM"},
 {ERR_PACK(0,SSL_F_SSL3_CLIENT_HELLO,0),	"SSL3_CLIENT_HELLO"},
 {ERR_PACK(0,SSL_F_SSL3_CONNECT,0),	"SSL3_CONNECT"},
+{ERR_PACK(0,SSL_F_SSL3_CTRL,0),	"SSL3_CTRL"},
 {ERR_PACK(0,SSL_F_SSL3_CTX_CTRL,0),	"SSL3_CTX_CTRL"},
 {ERR_PACK(0,SSL_F_SSL3_ENC,0),	"SSL3_ENC"},
+{ERR_PACK(0,SSL_F_SSL3_GENERATE_KEY_BLOCK,0),	"SSL3_GENERATE_KEY_BLOCK"},
 {ERR_PACK(0,SSL_F_SSL3_GET_CERTIFICATE_REQUEST,0),	"SSL3_GET_CERTIFICATE_REQUEST"},
 {ERR_PACK(0,SSL_F_SSL3_GET_CERT_VERIFY,0),	"SSL3_GET_CERT_VERIFY"},
 {ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_CERTIFICATE,0),	"SSL3_GET_CLIENT_CERTIFICATE"},
@@ -111,6 +124,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL3_GET_SERVER_DONE,0),	"SSL3_GET_SERVER_DONE"},
 {ERR_PACK(0,SSL_F_SSL3_GET_SERVER_HELLO,0),	"SSL3_GET_SERVER_HELLO"},
 {ERR_PACK(0,SSL_F_SSL3_OUTPUT_CERT_CHAIN,0),	"SSL3_OUTPUT_CERT_CHAIN"},
+{ERR_PACK(0,SSL_F_SSL3_PEEK,0),	"SSL3_PEEK"},
 {ERR_PACK(0,SSL_F_SSL3_READ_BYTES,0),	"SSL3_READ_BYTES"},
 {ERR_PACK(0,SSL_F_SSL3_READ_N,0),	"SSL3_READ_N"},
 {ERR_PACK(0,SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,0),	"SSL3_SEND_CERTIFICATE_REQUEST"},
@@ -118,21 +132,36 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0),	"SSL3_SEND_CLIENT_KEY_EXCHANGE"},
 {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0),	"SSL3_SEND_CLIENT_VERIFY"},
 {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0),	"SSL3_SEND_SERVER_CERTIFICATE"},
+{ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_HELLO,0),	"SSL3_SEND_SERVER_HELLO"},
 {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0),	"SSL3_SEND_SERVER_KEY_EXCHANGE"},
 {ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0),	"SSL3_SETUP_BUFFERS"},
 {ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0),	"SSL3_SETUP_KEY_BLOCK"},
 {ERR_PACK(0,SSL_F_SSL3_WRITE_BYTES,0),	"SSL3_WRITE_BYTES"},
 {ERR_PACK(0,SSL_F_SSL3_WRITE_PENDING,0),	"SSL3_WRITE_PENDING"},
+{ERR_PACK(0,SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,0),	"SSL_add_dir_cert_subjects_to_stack"},
+{ERR_PACK(0,SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,0),	"SSL_add_file_cert_subjects_to_stack"},
 {ERR_PACK(0,SSL_F_SSL_BAD_METHOD,0),	"SSL_BAD_METHOD"},
 {ERR_PACK(0,SSL_F_SSL_BYTES_TO_CIPHER_LIST,0),	"SSL_BYTES_TO_CIPHER_LIST"},
+{ERR_PACK(0,SSL_F_SSL_CERT_DUP,0),	"SSL_CERT_DUP"},
+{ERR_PACK(0,SSL_F_SSL_CERT_INST,0),	"SSL_CERT_INST"},
+{ERR_PACK(0,SSL_F_SSL_CERT_INSTANTIATE,0),	"SSL_CERT_INSTANTIATE"},
 {ERR_PACK(0,SSL_F_SSL_CERT_NEW,0),	"SSL_CERT_NEW"},
 {ERR_PACK(0,SSL_F_SSL_CHECK_PRIVATE_KEY,0),	"SSL_check_private_key"},
+{ERR_PACK(0,SSL_F_SSL_CIPHER_PROCESS_RULESTR,0),	"SSL_CIPHER_PROCESS_RULESTR"},
+{ERR_PACK(0,SSL_F_SSL_CIPHER_STRENGTH_SORT,0),	"SSL_CIPHER_STRENGTH_SORT"},
+{ERR_PACK(0,SSL_F_SSL_CLEAR,0),	"SSL_clear"},
+{ERR_PACK(0,SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,0),	"SSL_COMP_add_compression_method"},
 {ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0),	"SSL_CREATE_CIPHER_LIST"},
+{ERR_PACK(0,SSL_F_SSL_CTRL,0),	"SSL_ctrl"},
 {ERR_PACK(0,SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,0),	"SSL_CTX_check_private_key"},
 {ERR_PACK(0,SSL_F_SSL_CTX_NEW,0),	"SSL_CTX_new"},
+{ERR_PACK(0,SSL_F_SSL_CTX_SET_PURPOSE,0),	"SSL_CTX_set_purpose"},
+{ERR_PACK(0,SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,0),	"SSL_CTX_set_session_id_context"},
 {ERR_PACK(0,SSL_F_SSL_CTX_SET_SSL_VERSION,0),	"SSL_CTX_set_ssl_version"},
+{ERR_PACK(0,SSL_F_SSL_CTX_SET_TRUST,0),	"SSL_CTX_set_trust"},
 {ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE,0),	"SSL_CTX_use_certificate"},
 {ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,0),	"SSL_CTX_use_certificate_ASN1"},
+{ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,0),	"SSL_CTX_use_certificate_chain_file"},
 {ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,0),	"SSL_CTX_use_certificate_file"},
 {ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY,0),	"SSL_CTX_use_PrivateKey"},
 {ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,0),	"SSL_CTX_use_PrivateKey_ASN1"},
@@ -142,21 +171,28 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,0),	"SSL_CTX_use_RSAPrivateKey_file"},
 {ERR_PACK(0,SSL_F_SSL_DO_HANDSHAKE,0),	"SSL_do_handshake"},
 {ERR_PACK(0,SSL_F_SSL_GET_NEW_SESSION,0),	"SSL_GET_NEW_SESSION"},
+{ERR_PACK(0,SSL_F_SSL_GET_PREV_SESSION,0),	"SSL_GET_PREV_SESSION"},
 {ERR_PACK(0,SSL_F_SSL_GET_SERVER_SEND_CERT,0),	"SSL_GET_SERVER_SEND_CERT"},
 {ERR_PACK(0,SSL_F_SSL_GET_SIGN_PKEY,0),	"SSL_GET_SIGN_PKEY"},
 {ERR_PACK(0,SSL_F_SSL_INIT_WBIO_BUFFER,0),	"SSL_INIT_WBIO_BUFFER"},
 {ERR_PACK(0,SSL_F_SSL_LOAD_CLIENT_CA_FILE,0),	"SSL_load_client_CA_file"},
 {ERR_PACK(0,SSL_F_SSL_NEW,0),	"SSL_new"},
+{ERR_PACK(0,SSL_F_SSL_READ,0),	"SSL_read"},
 {ERR_PACK(0,SSL_F_SSL_RSA_PRIVATE_DECRYPT,0),	"SSL_RSA_PRIVATE_DECRYPT"},
 {ERR_PACK(0,SSL_F_SSL_RSA_PUBLIC_ENCRYPT,0),	"SSL_RSA_PUBLIC_ENCRYPT"},
 {ERR_PACK(0,SSL_F_SSL_SESSION_NEW,0),	"SSL_SESSION_new"},
 {ERR_PACK(0,SSL_F_SSL_SESSION_PRINT_FP,0),	"SSL_SESSION_print_fp"},
+{ERR_PACK(0,SSL_F_SSL_SESS_CERT_NEW,0),	"SSL_SESS_CERT_NEW"},
 {ERR_PACK(0,SSL_F_SSL_SET_CERT,0),	"SSL_SET_CERT"},
 {ERR_PACK(0,SSL_F_SSL_SET_FD,0),	"SSL_set_fd"},
 {ERR_PACK(0,SSL_F_SSL_SET_PKEY,0),	"SSL_SET_PKEY"},
+{ERR_PACK(0,SSL_F_SSL_SET_PURPOSE,0),	"SSL_set_purpose"},
 {ERR_PACK(0,SSL_F_SSL_SET_RFD,0),	"SSL_set_rfd"},
 {ERR_PACK(0,SSL_F_SSL_SET_SESSION,0),	"SSL_set_session"},
+{ERR_PACK(0,SSL_F_SSL_SET_SESSION_ID_CONTEXT,0),	"SSL_set_session_id_context"},
+{ERR_PACK(0,SSL_F_SSL_SET_TRUST,0),	"SSL_set_trust"},
 {ERR_PACK(0,SSL_F_SSL_SET_WFD,0),	"SSL_set_wfd"},
+{ERR_PACK(0,SSL_F_SSL_SHUTDOWN,0),	"SSL_shutdown"},
 {ERR_PACK(0,SSL_F_SSL_UNDEFINED_FUNCTION,0),	"SSL_UNDEFINED_FUNCTION"},
 {ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE,0),	"SSL_use_certificate"},
 {ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_ASN1,0),	"SSL_use_certificate_ASN1"},
@@ -173,17 +209,17 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_PACK(0,SSL_F_TLS1_ENC,0),	"TLS1_ENC"},
 {ERR_PACK(0,SSL_F_TLS1_SETUP_KEY_BLOCK,0),	"TLS1_SETUP_KEY_BLOCK"},
 {ERR_PACK(0,SSL_F_WRITE_PENDING,0),	"WRITE_PENDING"},
-{0,NULL},
+{0,NULL}
 	};
 
 static ERR_STRING_DATA SSL_str_reasons[]=
 	{
 {SSL_R_APP_DATA_IN_HANDSHAKE             ,"app data in handshake"},
+{SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT,"attempt to reuse session in different context"},
 {SSL_R_BAD_ALERT_RECORD                  ,"bad alert record"},
 {SSL_R_BAD_AUTHENTICATION_TYPE           ,"bad authentication type"},
 {SSL_R_BAD_CHANGE_CIPHER_SPEC            ,"bad change cipher spec"},
 {SSL_R_BAD_CHECKSUM                      ,"bad checksum"},
-{SSL_R_BAD_CLIENT_REQUEST                ,"bad client request"},
 {SSL_R_BAD_DATA_RETURNED_BY_CALLBACK     ,"bad data returned by callback"},
 {SSL_R_BAD_DECOMPRESSION                 ,"bad decompression"},
 {SSL_R_BAD_DH_G_LENGTH                   ,"bad dh g length"},
@@ -191,6 +227,11 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_BAD_DH_P_LENGTH                   ,"bad dh p length"},
 {SSL_R_BAD_DIGEST_LENGTH                 ,"bad digest length"},
 {SSL_R_BAD_DSA_SIGNATURE                 ,"bad dsa signature"},
+{SSL_R_BAD_ECC_CERT                      ,"bad ecc cert"},
+{SSL_R_BAD_ECDSA_SIGNATURE               ,"bad ecdsa signature"},
+{SSL_R_BAD_ECPOINT                       ,"bad ecpoint"},
+{SSL_R_BAD_HELLO_REQUEST                 ,"bad hello request"},
+{SSL_R_BAD_LENGTH                        ,"bad length"},
 {SSL_R_BAD_MAC_DECODE                    ,"bad mac decode"},
 {SSL_R_BAD_MESSAGE_TYPE                  ,"bad message type"},
 {SSL_R_BAD_PACKET_LENGTH                 ,"bad packet length"},
@@ -226,20 +267,41 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_DATA_BETWEEN_CCS_AND_FINISHED     ,"data between ccs and finished"},
 {SSL_R_DATA_LENGTH_TOO_LONG              ,"data length too long"},
 {SSL_R_DECRYPTION_FAILED                 ,"decryption failed"},
+{SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC,"decryption failed or bad record mac"},
 {SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG   ,"dh public value length is wrong"},
 {SSL_R_DIGEST_CHECK_FAILED               ,"digest check failed"},
+{SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER      ,"ecgroup too large for cipher"},
 {SSL_R_ENCRYPTED_LENGTH_TOO_LONG         ,"encrypted length too long"},
+{SSL_R_ERROR_GENERATING_TMP_RSA_KEY      ,"error generating tmp rsa key"},
 {SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST     ,"error in received cipher list"},
 {SSL_R_EXCESSIVE_MESSAGE_SIZE            ,"excessive message size"},
 {SSL_R_EXTRA_DATA_IN_MESSAGE             ,"extra data in message"},
 {SSL_R_GOT_A_FIN_BEFORE_A_CCS            ,"got a fin before a ccs"},
 {SSL_R_HTTPS_PROXY_REQUEST               ,"https proxy request"},
 {SSL_R_HTTP_REQUEST                      ,"http request"},
-{SSL_R_INTERNAL_ERROR                    ,"internal error"},
+{SSL_R_ILLEGAL_PADDING                   ,"illegal padding"},
 {SSL_R_INVALID_CHALLENGE_LENGTH          ,"invalid challenge length"},
+{SSL_R_INVALID_COMMAND                   ,"invalid command"},
+{SSL_R_INVALID_PURPOSE                   ,"invalid purpose"},
+{SSL_R_INVALID_TRUST                     ,"invalid trust"},
+{SSL_R_KEY_ARG_TOO_LONG                  ,"key arg too long"},
+{SSL_R_KRB5                              ,"krb5"},
+{SSL_R_KRB5_C_CC_PRINC                   ,"krb5 client cc principal (no tkt?)"},
+{SSL_R_KRB5_C_GET_CRED                   ,"krb5 client get cred"},
+{SSL_R_KRB5_C_INIT                       ,"krb5 client init"},
+{SSL_R_KRB5_C_MK_REQ                     ,"krb5 client mk_req (expired tkt?)"},
+{SSL_R_KRB5_S_BAD_TICKET                 ,"krb5 server bad ticket"},
+{SSL_R_KRB5_S_INIT                       ,"krb5 server init"},
+{SSL_R_KRB5_S_RD_REQ                     ,"krb5 server rd_req (keytab perms?)"},
+{SSL_R_KRB5_S_TKT_EXPIRED                ,"krb5 server tkt expired"},
+{SSL_R_KRB5_S_TKT_NYV                    ,"krb5 server tkt not yet valid"},
+{SSL_R_KRB5_S_TKT_SKEW                   ,"krb5 server tkt skew"},
 {SSL_R_LENGTH_MISMATCH                   ,"length mismatch"},
 {SSL_R_LENGTH_TOO_SHORT                  ,"length too short"},
+{SSL_R_LIBRARY_BUG                       ,"library bug"},
 {SSL_R_LIBRARY_HAS_NO_CIPHERS            ,"library has no ciphers"},
+{SSL_R_MASTER_KEY_TOO_LONG               ,"master key too long"},
+{SSL_R_MESSAGE_TOO_LONG                  ,"message too long"},
 {SSL_R_MISSING_DH_DSA_CERT               ,"missing dh dsa cert"},
 {SSL_R_MISSING_DH_KEY                    ,"missing dh key"},
 {SSL_R_MISSING_DH_RSA_CERT               ,"missing dh rsa cert"},
@@ -250,6 +312,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_MISSING_RSA_ENCRYPTING_CERT       ,"missing rsa encrypting cert"},
 {SSL_R_MISSING_RSA_SIGNING_CERT          ,"missing rsa signing cert"},
 {SSL_R_MISSING_TMP_DH_KEY                ,"missing tmp dh key"},
+{SSL_R_MISSING_TMP_ECDH_KEY              ,"missing tmp ecdh key"},
 {SSL_R_MISSING_TMP_RSA_KEY               ,"missing tmp rsa key"},
 {SSL_R_MISSING_TMP_RSA_PKEY              ,"missing tmp rsa pkey"},
 {SSL_R_MISSING_VERIFY_MESSAGE            ,"missing verify message"},
@@ -266,6 +329,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_NO_CIPHER_MATCH                   ,"no cipher match"},
 {SSL_R_NO_CLIENT_CERT_RECEIVED           ,"no client cert received"},
 {SSL_R_NO_COMPRESSION_SPECIFIED          ,"no compression specified"},
+{SSL_R_NO_METHOD_SPECIFIED               ,"no method specified"},
 {SSL_R_NO_PRIVATEKEY                     ,"no privatekey"},
 {SSL_R_NO_PRIVATE_KEY_ASSIGNED           ,"no private key assigned"},
 {SSL_R_NO_PROTOCOLS_AVAILABLE            ,"no protocols available"},
@@ -276,6 +340,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_NULL_SSL_METHOD_PASSED            ,"null ssl method passed"},
 {SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED   ,"old session cipher not returned"},
 {SSL_R_PACKET_LENGTH_TOO_LONG            ,"packet length too long"},
+{SSL_R_PATH_TOO_LONG                     ,"path too long"},
 {SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE ,"peer did not return a certificate"},
 {SSL_R_PEER_ERROR                        ,"peer error"},
 {SSL_R_PEER_ERROR_CERTIFICATE            ,"peer error certificate"},
@@ -292,12 +357,17 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_READ_WRONG_PACKET_TYPE            ,"read wrong packet type"},
 {SSL_R_RECORD_LENGTH_MISMATCH            ,"record length mismatch"},
 {SSL_R_RECORD_TOO_LARGE                  ,"record too large"},
+{SSL_R_RECORD_TOO_SMALL                  ,"record too small"},
 {SSL_R_REQUIRED_CIPHER_MISSING           ,"required cipher missing"},
 {SSL_R_REUSE_CERT_LENGTH_NOT_ZERO        ,"reuse cert length not zero"},
 {SSL_R_REUSE_CERT_TYPE_NOT_ZERO          ,"reuse cert type not zero"},
 {SSL_R_REUSE_CIPHER_LIST_NOT_ZERO        ,"reuse cipher list not zero"},
+{SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED  ,"session id context uninitialized"},
 {SSL_R_SHORT_READ                        ,"short read"},
 {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
+{SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"},
+{SSL_R_SSL2_CONNECTION_ID_TOO_LONG       ,"ssl2 connection id too long"},
+{SSL_R_SSL3_SESSION_ID_TOO_LONG          ,"ssl3 session id too long"},
 {SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"},
 {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"},
 {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC        ,"sslv3 alert bad record mac"},
@@ -318,26 +388,32 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION,"ssl ctx has no default ssl version"},
 {SSL_R_SSL_HANDSHAKE_FAILURE             ,"ssl handshake failure"},
 {SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS        ,"ssl library has no ciphers"},
+{SSL_R_SSL_SESSION_ID_CALLBACK_FAILED    ,"ssl session id callback failed"},
+{SSL_R_SSL_SESSION_ID_CONFLICT           ,"ssl session id conflict"},
+{SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG   ,"ssl session id context too long"},
+{SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH     ,"ssl session id has bad length"},
 {SSL_R_SSL_SESSION_ID_IS_DIFFERENT       ,"ssl session id is different"},
 {SSL_R_TLSV1_ALERT_ACCESS_DENIED         ,"tlsv1 alert access denied"},
 {SSL_R_TLSV1_ALERT_DECODE_ERROR          ,"tlsv1 alert decode error"},
 {SSL_R_TLSV1_ALERT_DECRYPTION_FAILED     ,"tlsv1 alert decryption failed"},
 {SSL_R_TLSV1_ALERT_DECRYPT_ERROR         ,"tlsv1 alert decrypt error"},
-{SSL_R_TLSV1_ALERT_EXPORT_RESTRICION     ,"tlsv1 alert export restricion"},
+{SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION    ,"tlsv1 alert export restriction"},
 {SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY ,"tlsv1 alert insufficient security"},
 {SSL_R_TLSV1_ALERT_INTERNAL_ERROR        ,"tlsv1 alert internal error"},
 {SSL_R_TLSV1_ALERT_NO_RENEGOTIATION      ,"tlsv1 alert no renegotiation"},
 {SSL_R_TLSV1_ALERT_PROTOCOL_VERSION      ,"tlsv1 alert protocol version"},
 {SSL_R_TLSV1_ALERT_RECORD_OVERFLOW       ,"tlsv1 alert record overflow"},
 {SSL_R_TLSV1_ALERT_UNKNOWN_CA            ,"tlsv1 alert unknown ca"},
-{SSL_R_TLSV1_ALERT_USER_CANCLED          ,"tlsv1 alert user cancled"},
+{SSL_R_TLSV1_ALERT_USER_CANCELLED        ,"tlsv1 alert user cancelled"},
 {SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER,"tls client cert req with anon cipher"},
 {SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST,"tls peer did not respond with certificate list"},
 {SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG,"tls rsa encrypted value length is wrong"},
 {SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER   ,"tried to use unsupported cipher"},
 {SSL_R_UNABLE_TO_DECODE_DH_CERTS         ,"unable to decode dh certs"},
+{SSL_R_UNABLE_TO_DECODE_ECDH_CERTS       ,"unable to decode ecdh certs"},
 {SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY      ,"unable to extract public key"},
 {SSL_R_UNABLE_TO_FIND_DH_PARAMETERS      ,"unable to find dh parameters"},
+{SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS    ,"unable to find ecdh parameters"},
 {SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS,"unable to find public key parameters"},
 {SSL_R_UNABLE_TO_FIND_SSL_METHOD         ,"unable to find ssl method"},
 {SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES  ,"unable to load ssl2 md5 routines"},
@@ -345,6 +421,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES ,"unable to load ssl3 sha1 routines"},
 {SSL_R_UNEXPECTED_MESSAGE                ,"unexpected message"},
 {SSL_R_UNEXPECTED_RECORD                 ,"unexpected record"},
+{SSL_R_UNINITIALIZED                     ,"uninitialized"},
 {SSL_R_UNKNOWN_ALERT_TYPE                ,"unknown alert type"},
 {SSL_R_UNKNOWN_CERTIFICATE_TYPE          ,"unknown certificate type"},
 {SSL_R_UNKNOWN_CIPHER_RETURNED           ,"unknown cipher returned"},
@@ -357,6 +434,8 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_UNKNOWN_STATE                     ,"unknown state"},
 {SSL_R_UNSUPPORTED_CIPHER                ,"unsupported cipher"},
 {SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM ,"unsupported compression algorithm"},
+{SSL_R_UNSUPPORTED_ELLIPTIC_CURVE        ,"unsupported elliptic curve"},
+{SSL_R_UNSUPPORTED_OPTION                ,"unsupported option"},
 {SSL_R_UNSUPPORTED_PROTOCOL              ,"unsupported protocol"},
 {SSL_R_UNSUPPORTED_SSL_VERSION           ,"unsupported ssl version"},
 {SSL_R_WRITE_BIO_NOT_SET                 ,"write bio not set"},
@@ -369,19 +448,19 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {SSL_R_WRONG_VERSION_NUMBER              ,"wrong version number"},
 {SSL_R_X509_LIB                          ,"x509 lib"},
 {SSL_R_X509_VERIFICATION_SETUP_PROBLEMS  ,"x509 verification setup problems"},
-{0,NULL},
+{0,NULL}
 	};
 
 #endif
 
-void ERR_load_SSL_strings()
+void ERR_load_SSL_strings(void)
 	{
 	static int init=1;
 
 	if (init)
 		{
 		init=0;
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 		ERR_load_strings(ERR_LIB_SSL,SSL_str_functs);
 		ERR_load_strings(ERR_LIB_SSL,SSL_str_reasons);
 #endif
diff --git a/ssl/ssl_err2.c b/ssl/ssl_err2.c
index 0b91f7b8d2..ea95a5f983 100644
--- a/ssl/ssl_err2.c
+++ b/ssl/ssl_err2.c
@@ -57,12 +57,12 @@
  */
 
 #include <stdio.h>
-#include "err.h"
-#include "ssl.h"
+#include <openssl/err.h>
+#include <openssl/ssl.h>
 
-void SSL_load_error_strings()
+void SSL_load_error_strings(void)
 	{
-#ifndef NO_ERR
+#ifndef OPENSSL_NO_ERR
 	ERR_load_crypto_strings();
 	ERR_load_SSL_strings();
 #endif
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index b16339848b..f4112678f8 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1,4 +1,6 @@
-/* ssl/ssl_lib.c */
+/*! \file ssl/ssl_lib.c
+ *  \brief Version independent SSL functions.
+ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -55,52 +57,131 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
+#ifdef REF_CHECK
+#  include <assert.h>
+#endif
 #include <stdio.h>
-#include "objects.h"
-#include "lhash.h"
 #include "ssl_locl.h"
-
-char *SSL_version_str="SSLeay 0.9.1a 06-Jul-1998";
-
-static STACK *ssl_meth=NULL;
-static STACK *ssl_ctx_meth=NULL;
-static int ssl_meth_num=0;
-static int ssl_ctx_meth_num=0;
-
-SSL3_ENC_METHOD ssl3_undef_enc_method={
-	ssl_undefined_function,
-	ssl_undefined_function,
-	ssl_undefined_function,
-	ssl_undefined_function,
-	ssl_undefined_function,
+#include "kssl_lcl.h"
+#include <openssl/objects.h>
+#include <openssl/lhash.h>
+#include <openssl/x509v3.h>
+#include "cryptlib.h"
+
+const char *SSL_version_str=OPENSSL_VERSION_TEXT;
+
+OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={
+	/* evil casts, but these functions are only called if there's a library bug */
+	(int (*)(SSL *,int))ssl_undefined_function,
+	(int (*)(SSL *, unsigned char *, int))ssl_undefined_function,
 	ssl_undefined_function,
+	(int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function,
+	(int (*)(SSL*, int))ssl_undefined_function,
+	(int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function
 	};
 
-void SSL_clear(s)
-SSL *s;
+int SSL_clear(SSL *s)
 	{
-	int state;
 
-	if (s->method == NULL) return;
+	if (s->method == NULL)
+		{
+		SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED);
+		return(0);
+		}
+
+	if (ssl_clear_bad_session(s))
+		{
+		SSL_SESSION_free(s->session);
+		s->session=NULL;
+		}
 
 	s->error=0;
 	s->hit=0;
+	s->shutdown=0;
 
+#if 0 /* Disabled since version 1.10 of this file (early return not
+       * needed because SSL_clear is not called when doing renegotiation) */
 	/* This is set if we are doing dynamic renegotiation so keep
 	 * the old cipher.  It is sort of a SSL_clear_lite :-) */
-	if (s->new_session) return;
+	if (s->new_session) return(1);
+#else
+	if (s->new_session)
+		{
+		SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);
+		return 0;
+		}
+#endif
 
-	state=s->state; /* Keep to check if we throw away the session-id */
 	s->type=0;
 
+	s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
+
 	s->version=s->method->version;
+	s->client_version=s->version;
 	s->rwstate=SSL_NOTHING;
-	s->state=SSL_ST_BEFORE;
 	s->rstate=SSL_ST_READ_HEADER;
-	s->read_ahead=s->ctx->default_read_ahead;
-
-/*	s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); */
+#if 0
+	s->read_ahead=s->ctx->read_ahead;
+#endif
 
 	if (s->init_buf != NULL)
 		{
@@ -110,30 +191,34 @@ SSL *s;
 
 	ssl_clear_cipher_ctx(s);
 
-	if (ssl_clear_bad_session(s))
-		{
-		SSL_SESSION_free(s->session);
-		s->session=NULL;
-		}
-
-	s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 	s->first_packet=0;
 
-	s->method->ssl_clear(s);
+#if 1
+	/* Check to see if we were changed into a different method, if
+	 * so, revert back if we are not doing session-id reuse. */
+	if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
+		{
+		s->method->ssl_free(s);
+		s->method=s->ctx->method;
+		if (!s->method->ssl_new(s))
+			return(0);
+		}
+	else
+#endif
+		s->method->ssl_clear(s);
+	return(1);
 	}
 
-/* Used to change an SSL_CTXs default SSL method type */
-int SSL_CTX_set_ssl_version(ctx,meth)
-SSL_CTX *ctx;
-SSL_METHOD *meth;
+/** Used to change an SSL_CTXs default SSL method type */
+int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth)
 	{
-	STACK *sk;
+	STACK_OF(SSL_CIPHER) *sk;
 
 	ctx->method=meth;
 
 	sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list),
 		&(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST);
-	if ((sk == NULL) || (sk_num(sk) <= 0))
+	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0))
 		{
 		SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
 		return(0);
@@ -141,8 +226,7 @@ SSL_METHOD *meth;
 	return(1);
 	}
 
-SSL *SSL_new(ctx)
-SSL_CTX *ctx;
+SSL *SSL_new(SSL_CTX *ctx)
 	{
 	SSL *s;
 
@@ -157,20 +241,51 @@ SSL_CTX *ctx;
 		return(NULL);
 		}
 
-	s=(SSL *)Malloc(sizeof(SSL));
+	s=(SSL *)OPENSSL_malloc(sizeof(SSL));
 	if (s == NULL) goto err;
 	memset(s,0,sizeof(SSL));
 
-	if (ctx->default_cert != NULL)
-		{
-		CRYPTO_add(&ctx->default_cert->references,1,
-			CRYPTO_LOCK_SSL_CERT);
-		s->cert=ctx->default_cert;
+#ifndef	OPENSSL_NO_KRB5
+	s->kssl_ctx = kssl_ctx_new();
+#endif	/* OPENSSL_NO_KRB5 */
+
+	s->options=ctx->options;
+	s->mode=ctx->mode;
+	s->max_cert_list=ctx->max_cert_list;
+
+	if (ctx->cert != NULL)
+		{
+		/* Earlier library versions used to copy the pointer to
+		 * the CERT, not its contents; only when setting new
+		 * parameters for the per-SSL copy, ssl_cert_new would be
+		 * called (and the direct reference to the per-SSL_CTX
+		 * settings would be lost, but those still were indirectly
+		 * accessed for various purposes, and for that reason they
+		 * used to be known as s->ctx->default_cert).
+		 * Now we don't look at the SSL_CTX's CERT after having
+		 * duplicated it once. */
+
+		s->cert = ssl_cert_dup(ctx->cert);
+		if (s->cert == NULL)
+			goto err;
 		}
 	else
-		s->cert=NULL;
-	s->verify_mode=ctx->default_verify_mode;
+		s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */
+
+	s->read_ahead=ctx->read_ahead;
+	s->msg_callback=ctx->msg_callback;
+	s->msg_callback_arg=ctx->msg_callback_arg;
+	s->verify_mode=ctx->verify_mode;
+	s->verify_depth=ctx->verify_depth;
+	s->sid_ctx_length=ctx->sid_ctx_length;
+	OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
+	memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
 	s->verify_callback=ctx->default_verify_callback;
+	s->generate_session_id=ctx->generate_session_id;
+	s->purpose = ctx->purpose;
+	s->trust = ctx->trust;
+	s->quiet_shutdown=ctx->quiet_shutdown;
+
 	CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
 	s->ctx=ctx;
 
@@ -179,30 +294,134 @@ SSL_CTX *ctx;
 	s->method=ctx->method;
 
 	if (!s->method->ssl_new(s))
-		{
-		SSL_CTX_free(ctx);
-		Free(s);
 		goto err;
-		}
 
-	s->quiet_shutdown=ctx->quiet_shutdown;
 	s->references=1;
-	s->options=ctx->options;
+	s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1;
+
 	SSL_clear(s);
 
-	CRYPTO_new_ex_data(ssl_meth,(char *)s,&s->ex_data);
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
 
 	return(s);
 err:
+	if (s != NULL)
+		{
+		if (s->cert != NULL)
+			ssl_cert_free(s->cert);
+		if (s->ctx != NULL)
+			SSL_CTX_free(s->ctx); /* decrement reference count */
+		OPENSSL_free(s);
+		}
 	SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE);
 	return(NULL);
 	}
 
-void SSL_free(s)
-SSL *s;
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
+				   unsigned int sid_ctx_len)
+    {
+    if(sid_ctx_len > sizeof ctx->sid_ctx)
+	{
+	SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+	return 0;
+	}
+    ctx->sid_ctx_length=sid_ctx_len;
+    memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len);
+
+    return 1;
+    }
+
+int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
+			       unsigned int sid_ctx_len)
+    {
+    if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
+	{
+	SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+	return 0;
+	}
+    ssl->sid_ctx_length=sid_ctx_len;
+    memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len);
+
+    return 1;
+    }
+
+int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
+	{
+	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+	ctx->generate_session_id = cb;
+	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+	return 1;
+	}
+
+int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
+	{
+	CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+	ssl->generate_session_id = cb;
+	CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+	return 1;
+	}
+
+int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+				unsigned int id_len)
+	{
+	/* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
+	 * we can "construct" a session to give us the desired check - ie. to
+	 * find if there's a session in the hash table that would conflict with
+	 * any new session built out of this id/id_len and the ssl_version in
+	 * use by this SSL. */
+	SSL_SESSION r, *p;
+
+	if(id_len > sizeof r.session_id)
+		return 0;
+
+	r.ssl_version = ssl->version;
+	r.session_id_length = id_len;
+	memcpy(r.session_id, id, id_len);
+	/* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a
+	 * callback is calling us to check the uniqueness of a shorter ID, it
+	 * must be compared as a padded-out ID because that is what it will be
+	 * converted to when the callback has finished choosing it. */
+	if((r.ssl_version == SSL2_VERSION) &&
+			(id_len < SSL2_SSL_SESSION_ID_LENGTH))
+		{
+		memset(r.session_id + id_len, 0,
+			SSL2_SSL_SESSION_ID_LENGTH - id_len);
+		r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH;
+		}
+
+	CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
+	p = (SSL_SESSION *)lh_retrieve(ssl->ctx->sessions, &r);
+	CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+	return (p != NULL);
+	}
+
+int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
+	{
+	return X509_PURPOSE_set(&s->purpose, purpose);
+	}
+
+int SSL_set_purpose(SSL *s, int purpose)
+	{
+	return X509_PURPOSE_set(&s->purpose, purpose);
+	}
+
+int SSL_CTX_set_trust(SSL_CTX *s, int trust)
+	{
+	return X509_TRUST_set(&s->trust, trust);
+	}
+
+int SSL_set_trust(SSL *s, int trust)
+	{
+	return X509_TRUST_set(&s->trust, trust);
+	}
+
+void SSL_free(SSL *s)
 	{
 	int i;
 
+	if(s == NULL)
+	    return;
+
 	i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL);
 #ifdef REF_PRINT
 	REF_PRINT("SSL",s);
@@ -216,7 +435,7 @@ SSL *s;
 		}
 #endif
 
-	CRYPTO_free_ex_data(ssl_meth,(char *)s,&s->ex_data);
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
 
 	if (s->bbio != NULL)
 		{
@@ -236,8 +455,8 @@ SSL *s;
 	if (s->init_buf != NULL) BUF_MEM_free(s->init_buf);
 
 	/* add extra stuff */
-	if (s->cipher_list != NULL) sk_free(s->cipher_list);
-	if (s->cipher_list_by_id != NULL) sk_free(s->cipher_list_by_id);
+	if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list);
+	if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id);
 
 	/* Make the next call work :-) */
 	if (s->session != NULL)
@@ -248,28 +467,20 @@ SSL *s;
 
 	ssl_clear_cipher_ctx(s);
 
-	if (s->expand != NULL)
-		COMP_CTX_free(s->expand);
-	if (s->compress != NULL)
-		COMP_CTX_free(s->compress);
-
 	if (s->cert != NULL) ssl_cert_free(s->cert);
 	/* Free up if allocated */
 
 	if (s->ctx) SSL_CTX_free(s->ctx);
 
 	if (s->client_CA != NULL)
-		sk_pop_free(s->client_CA,X509_NAME_free);
+		sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free);
 
 	if (s->method != NULL) s->method->ssl_free(s);
 
-	Free((char *)s);
+	OPENSSL_free(s);
 	}
 
-void SSL_set_bio(s, rbio,wbio)
-SSL *s;
-BIO *rbio;
-BIO *wbio;
+void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio)
 	{
 	/* If the output buffering BIO is still in place, remove it
 	 */
@@ -289,16 +500,18 @@ BIO *wbio;
 	s->wbio=wbio;
 	}
 
-BIO *SSL_get_rbio(s)
-SSL *s;
+BIO *SSL_get_rbio(SSL *s)
 	{ return(s->rbio); }
 
-BIO *SSL_get_wbio(s)
-SSL *s;
+BIO *SSL_get_wbio(SSL *s)
 	{ return(s->wbio); }
 
-int SSL_get_fd(s)
-SSL *s;
+int SSL_get_fd(SSL *s)
+	{
+	return(SSL_get_rfd(s));
+	}
+
+int SSL_get_rfd(SSL *s)
 	{
 	int ret= -1;
 	BIO *b,*r;
@@ -310,10 +523,20 @@ SSL *s;
 	return(ret);
 	}
 
-#ifndef NO_SOCK
-int SSL_set_fd(s, fd)
-SSL *s;
-int fd;
+int SSL_get_wfd(SSL *s)
+	{
+	int ret= -1;
+	BIO *b,*r;
+
+	b=SSL_get_wbio(s);
+	r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
+	if (r != NULL)
+		BIO_get_fd(r,&ret);
+	return(ret);
+	}
+
+#ifndef OPENSSL_NO_SOCK
+int SSL_set_fd(SSL *s,int fd)
 	{
 	int ret=0;
 	BIO *bio=NULL;
@@ -332,9 +555,7 @@ err:
 	return(ret);
 	}
 
-int SSL_set_wfd(s, fd)
-SSL *s;
-int fd;
+int SSL_set_wfd(SSL *s,int fd)
 	{
 	int ret=0;
 	BIO *bio=NULL;
@@ -356,9 +577,7 @@ err:
 	return(ret);
 	}
 
-int SSL_set_rfd(s, fd)
-SSL *s;
-int fd;
+int SSL_set_rfd(SSL *s,int fd)
 	{
 	int ret=0;
 	BIO *bio=NULL;
@@ -384,61 +603,104 @@ err:
 	}
 #endif
 
-int SSL_get_verify_mode(s)
-SSL *s;
+
+/* return length of latest Finished message we sent, copy to 'buf' */
+size_t SSL_get_finished(SSL *s, void *buf, size_t count)
+	{
+	size_t ret = 0;
+	
+	if (s->s3 != NULL)
+		{
+		ret = s->s3->tmp.finish_md_len;
+		if (count > ret)
+			count = ret;
+		memcpy(buf, s->s3->tmp.finish_md, count);
+		}
+	return ret;
+	}
+
+/* return length of latest Finished message we expected, copy to 'buf' */
+size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count)
+	{
+	size_t ret = 0;
+	
+	if (s->s3 != NULL)
+		{
+		ret = s->s3->tmp.peer_finish_md_len;
+		if (count > ret)
+			count = ret;
+		memcpy(buf, s->s3->tmp.peer_finish_md, count);
+		}
+	return ret;
+	}
+
+
+int SSL_get_verify_mode(SSL *s)
 	{
 	return(s->verify_mode);
 	}
 
-int (*SSL_get_verify_callback(s))()
-SSL *s;
+int SSL_get_verify_depth(SSL *s)
+	{
+	return(s->verify_depth);
+	}
+
+int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *)
 	{
 	return(s->verify_callback);
 	}
 
-int SSL_CTX_get_verify_mode(ctx)
-SSL_CTX *ctx;
+int SSL_CTX_get_verify_mode(SSL_CTX *ctx)
+	{
+	return(ctx->verify_mode);
+	}
+
+int SSL_CTX_get_verify_depth(SSL_CTX *ctx)
 	{
-	return(ctx->default_verify_mode);
+	return(ctx->verify_depth);
 	}
 
-int (*SSL_CTX_get_verify_callback(ctx))()
-SSL_CTX *ctx;
+int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *)
 	{
 	return(ctx->default_verify_callback);
 	}
 
-void SSL_set_verify(s, mode, callback)
-SSL *s;
-int mode;
-int (*callback)();
+void SSL_set_verify(SSL *s,int mode,
+		    int (*callback)(int ok,X509_STORE_CTX *ctx))
 	{
 	s->verify_mode=mode;
 	if (callback != NULL)
 		s->verify_callback=callback;
 	}
 
-void SSL_set_read_ahead(s, yes)
-SSL *s;
-int yes;
+void SSL_set_verify_depth(SSL *s,int depth)
+	{
+	s->verify_depth=depth;
+	}
+
+void SSL_set_read_ahead(SSL *s,int yes)
 	{
 	s->read_ahead=yes;
 	}
 
-int SSL_get_read_ahead(s)
-SSL *s;
+int SSL_get_read_ahead(SSL *s)
 	{
 	return(s->read_ahead);
 	}
 
-int SSL_pending(s)
-SSL *s;
+int SSL_pending(SSL *s)
 	{
+	/* SSL_pending cannot work properly if read-ahead is enabled
+	 * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)),
+	 * and it is impossible to fix since SSL_pending cannot report
+	 * errors that may be observed while scanning the new data.
+	 * (Note that SSL_pending() is often used as a boolean value,
+	 * so we'd better not return -1.)
+	 */
 	return(s->method->ssl_pending(s));
 	}
 
-X509 *SSL_get_peer_certificate(s)
-SSL *s;
+X509 *SSL_get_peer_certificate(SSL *s)
 	{
 	X509 *r;
 	
@@ -454,23 +716,24 @@ SSL *s;
 	return(r);
 	}
 
-STACK *SSL_get_peer_cert_chain(s)
-SSL *s;
+STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s)
 	{
-	STACK *r;
+	STACK_OF(X509) *r;
 	
-	if ((s == NULL) || (s->session == NULL) || (s->session->cert == NULL))
+	if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL))
 		r=NULL;
 	else
-		r=s->session->cert->cert_chain;
+		r=s->session->sess_cert->cert_chain;
 
+	/* If we are a client, cert_chain includes the peer's own
+	 * certificate; if we are a server, it does not. */
+	
 	return(r);
 	}
 
 /* Now in theory, since the calling process own 't' it should be safe to
  * modify.  We need to be able to read f without being hassled */
-void SSL_copy_session_id(t,f)
-SSL *t,*f;
+void SSL_copy_session_id(SSL *t,SSL *f)
 	{
 	CERT *tmp;
 
@@ -495,30 +758,29 @@ SSL *t,*f;
 	else
 		t->cert=NULL;
 	if (tmp != NULL) ssl_cert_free(tmp);
+	SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length);
 	}
 
 /* Fix this so it checks all the valid key/cert options */
-int SSL_CTX_check_private_key(ctx)
-SSL_CTX *ctx;
+int SSL_CTX_check_private_key(SSL_CTX *ctx)
 	{
 	if (	(ctx == NULL) ||
-		(ctx->default_cert == NULL) ||
-		(ctx->default_cert->key->x509 == NULL))
+		(ctx->cert == NULL) ||
+		(ctx->cert->key->x509 == NULL))
 		{
 		SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
 		return(0);
 		}
-	if 	(ctx->default_cert->key->privatekey == NULL)
+	if 	(ctx->cert->key->privatekey == NULL)
 		{
 		SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED);
 		return(0);
 		}
-	return(X509_check_private_key(ctx->default_cert->key->x509, ctx->default_cert->key->privatekey));
+	return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey));
 	}
 
 /* Fix this function so that it takes an optional type parameter */
-int SSL_check_private_key(ssl)
-SSL *ssl;
+int SSL_check_private_key(SSL *ssl)
 	{
 	if (ssl == NULL)
 		{
@@ -526,7 +788,10 @@ SSL *ssl;
 		return(0);
 		}
 	if (ssl->cert == NULL)
-		return(SSL_CTX_check_private_key(ssl->ctx));
+		{
+                SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
+		return 0;
+		}
 	if (ssl->cert->key->x509 == NULL)
 		{
 		SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED);
@@ -541,29 +806,37 @@ SSL *ssl;
 		ssl->cert->key->privatekey));
 	}
 
-int SSL_accept(s)
-SSL *s;
+int SSL_accept(SSL *s)
 	{
+	if (s->handshake_func == 0)
+		/* Not properly initialized yet */
+		SSL_set_accept_state(s);
+
 	return(s->method->ssl_accept(s));
 	}
 
-int SSL_connect(s)
-SSL *s;
+int SSL_connect(SSL *s)
 	{
+	if (s->handshake_func == 0)
+		/* Not properly initialized yet */
+		SSL_set_connect_state(s);
+
 	return(s->method->ssl_connect(s));
 	}
 
-long SSL_get_default_timeout(s)
-SSL *s;
+long SSL_get_default_timeout(SSL *s)
 	{
 	return(s->method->get_timeout());
 	}
 
-int SSL_read(s,buf,num)
-SSL *s;
-char *buf;
-int num;
+int SSL_read(SSL *s,void *buf,int num)
 	{
+	if (s->handshake_func == 0)
+		{
+		SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
+		return -1;
+		}
+
 	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
 		{
 		s->rwstate=SSL_NOTHING;
@@ -572,11 +845,14 @@ int num;
 	return(s->method->ssl_read(s,buf,num));
 	}
 
-int SSL_peek(s,buf,num)
-SSL *s;
-char *buf;
-int num;
+int SSL_peek(SSL *s,void *buf,int num)
 	{
+	if (s->handshake_func == 0)
+		{
+		SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED);
+		return -1;
+		}
+
 	if (s->shutdown & SSL_RECEIVED_SHUTDOWN)
 		{
 		return(0);
@@ -584,11 +860,14 @@ int num;
 	return(s->method->ssl_peek(s,buf,num));
 	}
 
-int SSL_write(s,buf,num)
-SSL *s;
-char *buf;
-int num;
+int SSL_write(SSL *s,const void *buf,int num)
 	{
+	if (s->handshake_func == 0)
+		{
+		SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED);
+		return -1;
+		}
+
 	if (s->shutdown & SSL_SENT_SHUTDOWN)
 		{
 		s->rwstate=SSL_NOTHING;
@@ -598,42 +877,176 @@ int num;
 	return(s->method->ssl_write(s,buf,num));
 	}
 
-int SSL_shutdown(s)
-SSL *s;
+int SSL_shutdown(SSL *s)
 	{
+	/* Note that this function behaves differently from what one might
+	 * expect.  Return values are 0 for no success (yet),
+	 * 1 for success; but calling it once is usually not enough,
+	 * even if blocking I/O is used (see ssl3_shutdown).
+	 */
+
+	if (s->handshake_func == 0)
+		{
+		SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
+		return -1;
+		}
+
 	if ((s != NULL) && !SSL_in_init(s))
 		return(s->method->ssl_shutdown(s));
 	else
 		return(1);
 	}
 
-int SSL_renegotiate(s)
-SSL *s;
+int SSL_renegotiate(SSL *s)
 	{
-	s->new_session=1;
+	if (s->new_session == 0)
+		{
+		s->new_session=1;
+		}
 	return(s->method->ssl_renegotiate(s));
 	}
 
-long SSL_ctrl(s,cmd,larg,parg)
-SSL *s;
-int cmd;
-long larg;
-char *parg;
+int SSL_renegotiate_pending(SSL *s)
+	{
+	/* becomes true when negotiation is requested;
+	 * false again once a handshake has finished */
+	return (s->new_session != 0);
+	}
+
+long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
+	{
+	long l;
+
+	switch (cmd)
+		{
+	case SSL_CTRL_GET_READ_AHEAD:
+		return(s->read_ahead);
+	case SSL_CTRL_SET_READ_AHEAD:
+		l=s->read_ahead;
+		s->read_ahead=larg;
+		return(l);
+
+	case SSL_CTRL_SET_MSG_CALLBACK_ARG:
+		s->msg_callback_arg = parg;
+		return 1;
+
+	case SSL_CTRL_OPTIONS:
+		return(s->options|=larg);
+	case SSL_CTRL_MODE:
+		return(s->mode|=larg);
+	case SSL_CTRL_GET_MAX_CERT_LIST:
+		return(s->max_cert_list);
+	case SSL_CTRL_SET_MAX_CERT_LIST:
+		l=s->max_cert_list;
+		s->max_cert_list=larg;
+		return(l);
+	default:
+		return(s->method->ssl_ctrl(s,cmd,larg,parg));
+		}
+	}
+
+long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)())
 	{
-	return(s->method->ssl_ctrl(s,cmd,larg,parg));
+	switch(cmd)
+		{
+	case SSL_CTRL_SET_MSG_CALLBACK:
+		s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
+		return 1;
+		
+	default:
+		return(s->method->ssl_callback_ctrl(s,cmd,fp));
+		}
 	}
 
-long SSL_CTX_ctrl(ctx,cmd,larg,parg)
-SSL_CTX *ctx;
-int cmd;
-long larg;
-char *parg;
+struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx)
 	{
-	return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
+	return ctx->sessions;
 	}
 
-int ssl_cipher_id_cmp(a,b)
-SSL_CIPHER *a,*b;
+long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg)
+	{
+	long l;
+
+	switch (cmd)
+		{
+	case SSL_CTRL_GET_READ_AHEAD:
+		return(ctx->read_ahead);
+	case SSL_CTRL_SET_READ_AHEAD:
+		l=ctx->read_ahead;
+		ctx->read_ahead=larg;
+		return(l);
+		
+	case SSL_CTRL_SET_MSG_CALLBACK_ARG:
+		ctx->msg_callback_arg = parg;
+		return 1;
+
+	case SSL_CTRL_GET_MAX_CERT_LIST:
+		return(ctx->max_cert_list);
+	case SSL_CTRL_SET_MAX_CERT_LIST:
+		l=ctx->max_cert_list;
+		ctx->max_cert_list=larg;
+		return(l);
+
+	case SSL_CTRL_SET_SESS_CACHE_SIZE:
+		l=ctx->session_cache_size;
+		ctx->session_cache_size=larg;
+		return(l);
+	case SSL_CTRL_GET_SESS_CACHE_SIZE:
+		return(ctx->session_cache_size);
+	case SSL_CTRL_SET_SESS_CACHE_MODE:
+		l=ctx->session_cache_mode;
+		ctx->session_cache_mode=larg;
+		return(l);
+	case SSL_CTRL_GET_SESS_CACHE_MODE:
+		return(ctx->session_cache_mode);
+
+	case SSL_CTRL_SESS_NUMBER:
+		return(ctx->sessions->num_items);
+	case SSL_CTRL_SESS_CONNECT:
+		return(ctx->stats.sess_connect);
+	case SSL_CTRL_SESS_CONNECT_GOOD:
+		return(ctx->stats.sess_connect_good);
+	case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
+		return(ctx->stats.sess_connect_renegotiate);
+	case SSL_CTRL_SESS_ACCEPT:
+		return(ctx->stats.sess_accept);
+	case SSL_CTRL_SESS_ACCEPT_GOOD:
+		return(ctx->stats.sess_accept_good);
+	case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
+		return(ctx->stats.sess_accept_renegotiate);
+	case SSL_CTRL_SESS_HIT:
+		return(ctx->stats.sess_hit);
+	case SSL_CTRL_SESS_CB_HIT:
+		return(ctx->stats.sess_cb_hit);
+	case SSL_CTRL_SESS_MISSES:
+		return(ctx->stats.sess_miss);
+	case SSL_CTRL_SESS_TIMEOUTS:
+		return(ctx->stats.sess_timeout);
+	case SSL_CTRL_SESS_CACHE_FULL:
+		return(ctx->stats.sess_cache_full);
+	case SSL_CTRL_OPTIONS:
+		return(ctx->options|=larg);
+	case SSL_CTRL_MODE:
+		return(ctx->mode|=larg);
+	default:
+		return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg));
+		}
+	}
+
+long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)())
+	{
+	switch(cmd)
+		{
+	case SSL_CTRL_SET_MSG_CALLBACK:
+		ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp);
+		return 1;
+
+	default:
+		return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp));
+		}
+	}
+
+int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
 	{
 	long l;
 
@@ -644,8 +1057,8 @@ SSL_CIPHER *a,*b;
 		return((l > 0)?1:-1);
 	}
 
-int ssl_cipher_ptr_id_cmp(ap,bp)
-SSL_CIPHER **ap,**bp;
+int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
+			const SSL_CIPHER * const *bp)
 	{
 	long l;
 
@@ -656,10 +1069,9 @@ SSL_CIPHER **ap,**bp;
 		return((l > 0)?1:-1);
 	}
 
-/* return a STACK of the ciphers available for the SSL and in order of
+/** return a STACK of the ciphers available for the SSL and in order of
  * preference */
-STACK *SSL_get_ciphers(s)
-SSL *s;
+STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s)
 	{
 	if ((s != NULL) && (s->cipher_list != NULL))
 		{
@@ -673,10 +1085,9 @@ SSL *s;
 	return(NULL);
 	}
 
-/* return a STACK of the ciphers available for the SSL and in order of
+/** return a STACK of the ciphers available for the SSL and in order of
  * algorithm id */
-STACK *ssl_get_ciphers_by_id(s)
-SSL *s;
+STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
 	{
 	if ((s != NULL) && (s->cipher_list_by_id != NULL))
 		{
@@ -690,29 +1101,25 @@ SSL *s;
 	return(NULL);
 	}
 
-/* The old interface to get the same thing as SSL_get_ciphers() */
-char *SSL_get_cipher_list(s,n)
-SSL *s;
-int n;
+/** The old interface to get the same thing as SSL_get_ciphers() */
+const char *SSL_get_cipher_list(SSL *s,int n)
 	{
 	SSL_CIPHER *c;
-	STACK *sk;
+	STACK_OF(SSL_CIPHER) *sk;
 
 	if (s == NULL) return(NULL);
 	sk=SSL_get_ciphers(s);
-	if ((sk == NULL) || (sk_num(sk) <= n))
+	if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
 		return(NULL);
-	c=(SSL_CIPHER *)sk_value(sk,n);
+	c=sk_SSL_CIPHER_value(sk,n);
 	if (c == NULL) return(NULL);
 	return(c->name);
 	}
 
-/* specify the ciphers to be used by defaut by the SSL_CTX */
-int SSL_CTX_set_cipher_list(ctx,str)
-SSL_CTX *ctx;
-char *str;
+/** specify the ciphers to be used by default by the SSL_CTX */
+int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
 	{
-	STACK *sk;
+	STACK_OF(SSL_CIPHER) *sk;
 	
 	sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list,
 		&ctx->cipher_list_by_id,str);
@@ -720,12 +1127,10 @@ char *str;
 	return((sk == NULL)?0:1);
 	}
 
-/* specify the ciphers to be used by the SSL */
-int SSL_set_cipher_list(s, str)
-SSL *s;
-char *str;
+/** specify the ciphers to be used by the SSL */
+int SSL_set_cipher_list(SSL *s,const char *str)
 	{
-	STACK *sk;
+	STACK_OF(SSL_CIPHER) *sk;
 	
 	sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list,
 		&s->cipher_list_by_id,str);
@@ -734,13 +1139,11 @@ char *str;
 	}
 
 /* works well for SSLv2, not so good for SSLv3 */
-char *SSL_get_shared_ciphers(s,buf,len)
-SSL *s;
-char *buf;
-int len;
+char *SSL_get_shared_ciphers(SSL *s,char *buf,int len)
 	{
-	char *p,*cp;
-	STACK *sk;
+	char *p;
+	const char *cp;
+	STACK_OF(SSL_CIPHER) *sk;
 	SSL_CIPHER *c;
 	int i;
 
@@ -750,11 +1153,11 @@ int len;
 
 	p=buf;
 	sk=s->session->ciphers;
-	for (i=0; i<sk_num(sk); i++)
+	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
 		{
 		/* Decrement for either the ':' or a '\0' */
 		len--;
-		c=(SSL_CIPHER *)sk_value(sk,i);
+		c=sk_SSL_CIPHER_value(sk,i);
 		for (cp=c->name; *cp; )
 			{
 			if (len-- == 0)
@@ -771,35 +1174,36 @@ int len;
 	return(buf);
 	}
 
-int ssl_cipher_list_to_bytes(s,sk,p)
-SSL *s;
-STACK *sk;
-unsigned char *p;
+int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p)
 	{
 	int i,j=0;
 	SSL_CIPHER *c;
 	unsigned char *q;
+#ifndef OPENSSL_NO_KRB5
+        int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx);
+#endif /* OPENSSL_NO_KRB5 */
 
 	if (sk == NULL) return(0);
 	q=p;
 
-	for (i=0; i<sk_num(sk); i++)
+	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
 		{
-		c=(SSL_CIPHER *)sk_value(sk,i);
+		c=sk_SSL_CIPHER_value(sk,i);
+#ifndef OPENSSL_NO_KRB5
+                if ((c->algorithms & SSL_KRB5) && nokrb5)
+                    continue;
+#endif /* OPENSSL_NO_KRB5 */                    
 		j=ssl_put_cipher_by_char(s,c,p);
 		p+=j;
 		}
 	return(p-q);
 	}
 
-STACK *ssl_bytes_to_cipher_list(s,p,num,skp)
-SSL *s;
-unsigned char *p;
-int num;
-STACK **skp;
+STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
+					       STACK_OF(SSL_CIPHER) **skp)
 	{
 	SSL_CIPHER *c;
-	STACK *sk;
+	STACK_OF(SSL_CIPHER) *sk;
 	int i,n;
 
 	n=ssl_put_cipher_by_char(s,NULL,NULL);
@@ -809,11 +1213,11 @@ STACK **skp;
 		return(NULL);
 		}
 	if ((skp == NULL) || (*skp == NULL))
-		sk=sk_new(NULL); /* change perhaps later */
+		sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */
 	else
 		{
 		sk= *skp;
-		sk_zero(sk);
+		sk_SSL_CIPHER_zero(sk);
 		}
 
 	for (i=0; i<num; i+=n)
@@ -822,7 +1226,7 @@ STACK **skp;
 		p+=n;
 		if (c != NULL)
 			{
-			if (!sk_push(sk,(char *)c))
+			if (!sk_SSL_CIPHER_push(sk,c))
 				{
 				SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE);
 				goto err;
@@ -835,12 +1239,11 @@ STACK **skp;
 	return(sk);
 err:
 	if ((skp == NULL) || (*skp == NULL))
-		sk_free(sk);
+		sk_SSL_CIPHER_free(sk);
 	return(NULL);
 	}
 
-unsigned long SSL_SESSION_hash(a)
-SSL_SESSION *a;
+unsigned long SSL_SESSION_hash(SSL_SESSION *a)
 	{
 	unsigned long l;
 
@@ -852,9 +1255,12 @@ SSL_SESSION *a;
 	return(l);
 	}
 
-int SSL_SESSION_cmp(a, b)
-SSL_SESSION *a;
-SSL_SESSION *b;
+/* NB: If this function (or indeed the hash function which uses a sort of
+ * coarser function than this one) is changed, ensure
+ * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
+ * able to construct an SSL_SESSION that will collide with any existing session
+ * with a matching session ID. */
+int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b)
 	{
 	if (a->ssl_version != b->ssl_version)
 		return(1);
@@ -863,8 +1269,14 @@ SSL_SESSION *b;
 	return(memcmp(a->session_id,b->session_id,a->session_id_length));
 	}
 
-SSL_CTX *SSL_CTX_new(meth)
-SSL_METHOD *meth;
+/* These wrapper functions should remain rather than redeclaring
+ * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
+ * variable. The reason is that the functions aren't static, they're exposed via
+ * ssl.h. */
+static IMPLEMENT_LHASH_HASH_FN(SSL_SESSION_hash, SSL_SESSION *)
+static IMPLEMENT_LHASH_COMP_FN(SSL_SESSION_cmp, SSL_SESSION *)
+
+SSL_CTX *SSL_CTX_new(SSL_METHOD *meth)
 	{
 	SSL_CTX *ret=NULL;
 	
@@ -879,7 +1291,7 @@ SSL_METHOD *meth;
 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
 		goto err;
 		}
-	ret=(SSL_CTX *)Malloc(sizeof(SSL_CTX));
+	ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX));
 	if (ret == NULL)
 		goto err;
 
@@ -896,21 +1308,12 @@ SSL_METHOD *meth;
 	/* We take the system default */
 	ret->session_timeout=meth->get_timeout();
 
-	ret->new_session_cb=NULL;
-	ret->remove_session_cb=NULL;
-	ret->get_session_cb=NULL;
-
-	ret->sess_connect=0;
-	ret->sess_connect_good=0;
-	ret->sess_accept=0;
-	ret->sess_accept_renegotiate=0;
-	ret->sess_connect_renegotiate=0;
-	ret->sess_accept_good=0;
-	ret->sess_miss=0;
-	ret->sess_timeout=0;
-	ret->sess_cache_full=0;
-	ret->sess_hit=0;
-	ret->sess_cb_hit=0;
+	ret->new_session_cb=0;
+	ret->remove_session_cb=0;
+	ret->get_session_cb=0;
+	ret->generate_session_id=0;
+
+	memset((char *)&ret->stats,0,sizeof(ret->stats));
 
 	ret->references=1;
 	ret->quiet_shutdown=0;
@@ -923,19 +1326,26 @@ SSL_METHOD *meth;
 
 	ret->info_callback=NULL;
 
-	ret->app_verify_callback=NULL;
+	ret->app_verify_callback=0;
 	ret->app_verify_arg=NULL;
 
-	ret->default_read_ahead=0;
-	ret->default_verify_mode=SSL_VERIFY_NONE;
+	ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT;
+	ret->read_ahead=0;
+	ret->msg_callback=0;
+	ret->msg_callback_arg=NULL;
+	ret->verify_mode=SSL_VERIFY_NONE;
+	ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */
+	ret->sid_ctx_length=0;
 	ret->default_verify_callback=NULL;
-	if ((ret->default_cert=ssl_cert_new()) == NULL)
+	if ((ret->cert=ssl_cert_new()) == NULL)
 		goto err;
 
-	ret->default_passwd_callback=NULL;
-	ret->client_cert_cb=NULL;
+	ret->default_passwd_callback=0;
+	ret->default_passwd_callback_userdata=NULL;
+	ret->client_cert_cb=0;
 
-	ret->sessions=lh_new(SSL_SESSION_hash,SSL_SESSION_cmp);
+	ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash),
+			LHASH_COMP_FN(SSL_SESSION_cmp));
 	if (ret->sessions == NULL) goto err;
 	ret->cert_store=X509_STORE_new();
 	if (ret->cert_store == NULL) goto err;
@@ -943,7 +1353,8 @@ SSL_METHOD *meth;
 	ssl_create_cipher_list(ret->method,
 		&ret->cipher_list,&ret->cipher_list_by_id,
 		SSL_DEFAULT_CIPHER_LIST);
-	if ((ret->cipher_list == NULL) || (sk_num(ret->cipher_list) <= 0))
+	if (ret->cipher_list == NULL
+	    || sk_SSL_CIPHER_num(ret->cipher_list) <= 0)
 		{
 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS);
 		goto err2;
@@ -965,12 +1376,13 @@ SSL_METHOD *meth;
 		goto err2;
 		}
 
-	if ((ret->client_CA=sk_new_null()) == NULL)
+	if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL)
 		goto err;
 
-	CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data);
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
 
 	ret->extra_certs=NULL;
+	ret->comp_methods=SSL_COMP_get_compression_methods();
 
 	return(ret);
 err:
@@ -980,8 +1392,12 @@ err2:
 	return(NULL);
 	}
 
-void SSL_CTX_free(a)
-SSL_CTX *a;
+#if 0
+static void SSL_COMP_free(SSL_COMP *comp)
+    { OPENSSL_free(comp); }
+#endif
+
+void SSL_CTX_free(SSL_CTX *a)
 	{
 	int i;
 
@@ -999,108 +1415,134 @@ SSL_CTX *a;
 		abort(); /* ok */
 		}
 #endif
-	CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
 
+	/*
+	 * Free internal session cache. However: the remove_cb() may reference
+	 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
+	 * after the sessions were flushed.
+	 * As the ex_data handling routines might also touch the session cache,
+	 * the most secure solution seems to be: empty (flush) the cache, then
+	 * free ex_data, then finally free the cache.
+	 * (See ticket [openssl.org #212].)
+	 */
 	if (a->sessions != NULL)
-		{
 		SSL_CTX_flush_sessions(a,0);
+
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
+
+	if (a->sessions != NULL)
 		lh_free(a->sessions);
-		}
+
 	if (a->cert_store != NULL)
 		X509_STORE_free(a->cert_store);
 	if (a->cipher_list != NULL)
-		sk_free(a->cipher_list);
+		sk_SSL_CIPHER_free(a->cipher_list);
 	if (a->cipher_list_by_id != NULL)
-		sk_free(a->cipher_list_by_id);
-	if (a->default_cert != NULL)
-		ssl_cert_free(a->default_cert);
+		sk_SSL_CIPHER_free(a->cipher_list_by_id);
+	if (a->cert != NULL)
+		ssl_cert_free(a->cert);
 	if (a->client_CA != NULL)
-		sk_pop_free(a->client_CA,X509_NAME_free);
+		sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free);
 	if (a->extra_certs != NULL)
-		sk_pop_free(a->extra_certs,X509_free);
-	Free((char *)a);
+		sk_X509_pop_free(a->extra_certs,X509_free);
+#if 0 /* This should never be done, since it removes a global database */
+	if (a->comp_methods != NULL)
+		sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free);
+#else
+	a->comp_methods = NULL;
+#endif
+	OPENSSL_free(a);
 	}
 
-void SSL_CTX_set_default_passwd_cb(ctx,cb)
-SSL_CTX *ctx;
-int (*cb)();
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
 	{
 	ctx->default_passwd_callback=cb;
 	}
 
-void SSL_CTX_set_cert_verify_cb(ctx,cb,arg)
-SSL_CTX *ctx;
-int (*cb)();
-char *arg;
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u)
+	{
+	ctx->default_passwd_callback_userdata=u;
+	}
+
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg)
 	{
 	ctx->app_verify_callback=cb;
 	ctx->app_verify_arg=arg;
 	}
 
-void SSL_CTX_set_verify(ctx,mode,cb)
-SSL_CTX *ctx;
-int mode;
-int (*cb)();
+void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *))
 	{
-	ctx->default_verify_mode=mode;
+	ctx->verify_mode=mode;
 	ctx->default_verify_callback=cb;
-	/* This needs cleaning up EAY EAY EAY */
-	X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
 	}
 
-void ssl_set_cert_masks(c)
-CERT *c;
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
+	{
+	ctx->verify_depth=depth;
+	}
+
+void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher)
 	{
 	CERT_PKEY *cpk;
 	int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
 	int rsa_enc_export,dh_rsa_export,dh_dsa_export;
-	int rsa_tmp_export,dh_tmp_export;
+	int rsa_tmp_export,dh_tmp_export,kl;
 	unsigned long mask,emask;
+	int have_ecc_cert, have_ecdh_tmp, ecdh_ok, ecdsa_ok, ecc_pkey_size;
+	X509 *x = NULL;
+	EVP_PKEY *ecc_pkey = NULL;
+	int signature_nid = 0;
+
+	if (c == NULL) return;
 
-	if ((c == NULL) || (c->valid)) return;
+	kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
 
-#ifndef NO_RSA
-	rsa_tmp=((c->rsa_tmp != NULL) || (c->rsa_tmp_cb != NULL))?1:0;
-	rsa_tmp_export=((c->rsa_tmp_cb != NULL) ||
-		(rsa_tmp && (RSA_size(c->rsa_tmp)*8 <= 512)))?1:0;
+#ifndef OPENSSL_NO_RSA
+	rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
+	rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
+		(rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
 #else
 	rsa_tmp=rsa_tmp_export=0;
 #endif
-#ifndef NO_DH
-	dh_tmp=((c->dh_tmp != NULL) || (c->dh_tmp_cb != NULL))?1:0;
-	dh_tmp_export=((c->dh_tmp_cb != NULL) ||
-		(dh_tmp && (DH_size(c->dh_tmp)*8 <= 512)))?1:0;
+#ifndef OPENSSL_NO_DH
+	dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
+	dh_tmp_export=(c->dh_tmp_cb != NULL ||
+		(dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
 #else
 	dh_tmp=dh_tmp_export=0;
 #endif
 
+#ifndef OPENSSL_NO_ECDH
+	have_ecdh_tmp=(c->ecdh_tmp != NULL || c->ecdh_tmp_cb != NULL);
+#endif
 	cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
-	rsa_enc= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
-	rsa_enc_export=(rsa_enc && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0;
+	rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
+	rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
 	cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
-	rsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
+	rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
 	cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
-	dsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
+	dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
 	cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
-	dh_rsa=  ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
-	dh_rsa_export=(dh_rsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0;
+	dh_rsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
+	dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
 	cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
 /* FIX THIS EAY EAY EAY */
-	dh_dsa=  ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
-	dh_dsa_export=(dh_dsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0;
-
+	dh_dsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
+	dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
+	cpk= &(c->pkeys[SSL_PKEY_ECC]);
+	have_ecc_cert= (cpk->x509 != NULL && cpk->privatekey != NULL);
 	mask=0;
 	emask=0;
 
 #ifdef CIPHER_DEBUG
-	printf("rt=%d dht=%d re=%d rs=%d ds=%d dhr=%d dhd=%d\n",
-		rsa_tmp,dh_tmp,
-		rsa_enc,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
+	printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n",
+		rsa_tmp,rsa_tmp_export,dh_tmp,
+		rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa);
 #endif
 
 	if (rsa_enc || (rsa_tmp && rsa_sign))
 		mask|=SSL_kRSA;
-	if (rsa_enc_export || (rsa_tmp_export && rsa_sign))
+	if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc)))
 		emask|=SSL_kRSA;
 
 #if 0
@@ -1128,7 +1570,7 @@ CERT *c;
 	if (rsa_enc || rsa_sign)
 		{
 		mask|=SSL_aRSA;
-		emask|=SSL_aRSA;
+		mask|=SSL_aRSA;
 		}
 
 	if (dsa_sign)
@@ -1137,32 +1579,169 @@ CERT *c;
 		emask|=SSL_aDSS;
 		}
 
-#ifdef SSL_ALLOW_ADH
 	mask|=SSL_aNULL;
 	emask|=SSL_aNULL;
+
+#ifndef OPENSSL_NO_KRB5
+	mask|=SSL_kKRB5|SSL_aKRB5;
+	emask|=SSL_kKRB5|SSL_aKRB5;
 #endif
 
+	/* An ECC certificate may be usable for ECDH and/or
+	 * ECDSA cipher suites depending on the key usage extension.
+	 */
+	if (have_ecc_cert)
+		{
+                /* This call populates extension flags (ex_flags) */
+		x = (c->pkeys[SSL_PKEY_ECC]).x509;
+		X509_check_purpose(x, -1, 0);
+		ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
+		    (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1;
+		ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ?
+		    (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1;
+		ecc_pkey = X509_get_pubkey(x);
+		ecc_pkey_size = (ecc_pkey != NULL) ? 
+		    EVP_PKEY_bits(ecc_pkey) : 0;
+		EVP_PKEY_free(ecc_pkey);
+		if ((x->sig_alg) && (x->sig_alg->algorithm))
+			signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
+#ifndef OPENSSL_NO_ECDH
+		if (ecdh_ok)
+			{
+			if ((signature_nid == NID_md5WithRSAEncryption) ||
+			    (signature_nid == NID_md4WithRSAEncryption) ||
+			    (signature_nid == NID_md2WithRSAEncryption))
+				{
+				mask|=SSL_kECDH|SSL_aRSA;
+				if (ecc_pkey_size <= 163)
+					emask|=SSL_kECDH|SSL_aRSA;
+				}
+			if (signature_nid == NID_ecdsa_with_SHA1)
+				{
+				mask|=SSL_kECDH|SSL_aECDSA;
+				if (ecc_pkey_size <= 163)
+					emask|=SSL_kECDH|SSL_aECDSA;
+				}
+			}
+#endif
+#ifndef OPENSSL_NO_ECDSA
+		if (ecdsa_ok)
+			{
+			mask|=SSL_aECDSA;
+			emask|=SSL_aECDSA;
+			}
+#endif
+		}
+
+#ifndef OPENSSL_NO_ECDH
+	if (have_ecdh_tmp)
+		{
+		mask|=SSL_kECDHE;
+		emask|=SSL_kECDHE;
+		}
+#endif
 	c->mask=mask;
 	c->export_mask=emask;
 	c->valid=1;
 	}
 
+/* This handy macro borrowed from crypto/x509v3/v3_purp.c */
+#define ku_reject(x, usage) \
+	(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
+
+int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)
+	{
+	unsigned long alg = cs->algorithms;
+	EVP_PKEY *pkey = NULL;
+	int keysize = 0;
+	int signature_nid = 0;
+
+	if (SSL_C_IS_EXPORT(cs))
+		{
+		/* ECDH key length in export ciphers must be <= 163 bits */
+		pkey = X509_get_pubkey(x);
+		if (pkey == NULL) return 0;
+		keysize = EVP_PKEY_bits(pkey);
+		EVP_PKEY_free(pkey);
+		if (keysize > 163) return 0;
+		}
+
+	/* This call populates the ex_flags field correctly */
+	X509_check_purpose(x, -1, 0);
+	if ((x->sig_alg) && (x->sig_alg->algorithm))
+		signature_nid = OBJ_obj2nid(x->sig_alg->algorithm);
+	if (alg & SSL_kECDH) 
+		{
+		/* key usage, if present, must allow key agreement */
+		if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))
+			{
+			return 0;
+			}
+		if (alg & SSL_aECDSA) 
+			{
+			/* signature alg must be ECDSA */
+			if (signature_nid != NID_ecdsa_with_SHA1)
+				{
+				return 0;
+				}
+			}
+		if (alg & SSL_aRSA)
+			{
+			/* signature alg must be RSA */
+			if ((signature_nid != NID_md5WithRSAEncryption) &&
+			    (signature_nid != NID_md4WithRSAEncryption) &&
+			    (signature_nid != NID_md2WithRSAEncryption))
+				{
+				return 0;
+				}
+			}
+		} 
+	else if (alg & SSL_aECDSA)
+		{
+		/* key usage, if present, must allow signing */
+		if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))
+			{
+			return 0;
+			}
+		}
+
+	return 1;  /* all checks are ok */
+	}
+
 /* THIS NEEDS CLEANING UP */
-X509 *ssl_get_server_send_cert(s)
-SSL *s;
+X509 *ssl_get_server_send_cert(SSL *s)
 	{
 	unsigned long alg,mask,kalg;
 	CERT *c;
-	int i,export;
+	int i,is_export;
 
 	c=s->cert;
-	ssl_set_cert_masks(c);
+	ssl_set_cert_masks(c, s->s3->tmp.new_cipher);
 	alg=s->s3->tmp.new_cipher->algorithms;
-	export=(alg & SSL_EXPORT)?1:0;
-	mask=(export)?c->export_mask:c->mask;
+	is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
+	mask=is_export?c->export_mask:c->mask;
 	kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
 
-	if 	(kalg & SSL_kDHr)
+	if (kalg & SSL_kECDH)
+		{
+		/* we don't need to look at SSL_kECDHE 
+		 * since no certificate is needed for
+		 * anon ECDH and for authenticated
+		 * ECDHE, the check for the auth 
+		 * algorithm will set i correctly
+		 * NOTE: For ECDH-RSA, we need an ECC
+		 * not an RSA cert but for ECDHE-RSA
+		 * we need an RSA cert. Placing the
+		 * checks for SSL_kECDH before RSA
+		 * checks ensures the correct cert is chosen.
+		 */
+		i=SSL_PKEY_ECC;
+		}
+	else if (kalg & SSL_aECDSA)
+		{
+		i=SSL_PKEY_ECC;
+		}
+	else if (kalg & SSL_kDHr)
 		i=SSL_PKEY_DH_RSA;
 	else if (kalg & SSL_kDHd)
 		i=SSL_PKEY_DH_DSA;
@@ -1175,18 +1754,22 @@ SSL *s;
 		else
 			i=SSL_PKEY_RSA_ENC;
 		}
+	else if (kalg & SSL_aKRB5)
+		{
+		/* VRS something else here? */
+		return(NULL);
+		}
 	else /* if (kalg & SSL_aNULL) */
 		{
-		SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
 		return(NULL);
 		}
 	if (c->pkeys[i].x509 == NULL) return(NULL);
+
 	return(c->pkeys[i].x509);
 	}
 
-EVP_PKEY *ssl_get_sign_pkey(s,cipher)
-SSL *s;
-SSL_CIPHER *cipher;
+EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher)
 	{
 	unsigned long alg;
 	CERT *c;
@@ -1206,16 +1789,17 @@ SSL_CIPHER *cipher;
 		else
 			return(NULL);
 		}
+	else if ((alg & SSL_aECDSA) &&
+	         (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
+		return(c->pkeys[SSL_PKEY_ECC].privatekey);
 	else /* if (alg & SSL_aNULL) */
 		{
-		SSLerr(SSL_F_SSL_GET_SIGN_PKEY,SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
 		return(NULL);
 		}
 	}
 
-void ssl_update_cache(s,mode)
-SSL *s;
-int mode;
+void ssl_update_cache(SSL *s,int mode)
 	{
 	int i;
 
@@ -1223,9 +1807,10 @@ int mode;
 	 * and it would be rather hard to do anyway :-) */
 	if (s->session->session_id_length == 0) return;
 
-	if ((s->ctx->session_cache_mode & mode)
-		&& (!s->hit)
-		&& SSL_CTX_add_session(s->ctx,s->session)
+	i=s->ctx->session_cache_mode;
+	if ((i & mode) && (!s->hit)
+		&& ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
+		    || SSL_CTX_add_session(s->ctx,s->session))
 		&& (s->ctx->new_session_cb != NULL))
 		{
 		CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
@@ -1234,28 +1819,24 @@ int mode;
 		}
 
 	/* auto flush every 255 connections */
-	i=s->ctx->session_cache_mode;
 	if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
 		((i & mode) == mode))
 		{
 		if (  (((mode & SSL_SESS_CACHE_CLIENT)
-			?s->ctx->sess_connect_good
-			:s->ctx->sess_accept_good) & 0xff) == 0xff)
+			?s->ctx->stats.sess_connect_good
+			:s->ctx->stats.sess_accept_good) & 0xff) == 0xff)
 			{
 			SSL_CTX_flush_sessions(s->ctx,time(NULL));
 			}
 		}
 	}
 
-SSL_METHOD *SSL_get_ssl_method(s)
-SSL *s;
+SSL_METHOD *SSL_get_ssl_method(SSL *s)
 	{
 	return(s->method);
 	}
 
-int SSL_set_ssl_method(s,meth)
-SSL *s;
-SSL_METHOD *meth;
+int SSL_set_ssl_method(SSL *s,SSL_METHOD *meth)
 	{
 	int conn= -1;
 	int ret=1;
@@ -1282,17 +1863,23 @@ SSL_METHOD *meth;
 	return(ret);
 	}
 
-int SSL_get_error(s,i)
-SSL *s;
-int i;
+int SSL_get_error(SSL *s,int i)
 	{
 	int reason;
+	unsigned long l;
 	BIO *bio;
 
 	if (i > 0) return(SSL_ERROR_NONE);
 
-	if (ERR_peek_error() != 0)
-		return(SSL_ERROR_SSL);
+	/* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
+	 * etc, where we do encode the error */
+	if ((l=ERR_peek_error()) != 0)
+		{
+		if (ERR_GET_LIB(l) == ERR_LIB_SYS)
+			return(SSL_ERROR_SYSCALL);
+		else
+			return(SSL_ERROR_SSL);
+		}
 
 	if ((i < 0) && SSL_want_read(s))
 		{
@@ -1300,12 +1887,23 @@ int i;
 		if (BIO_should_read(bio))
 			return(SSL_ERROR_WANT_READ);
 		else if (BIO_should_write(bio))
+			/* This one doesn't make too much sense ... We never try
+			 * to write to the rbio, and an application program where
+			 * rbio and wbio are separate couldn't even know what it
+			 * should wait for.
+			 * However if we ever set s->rwstate incorrectly
+			 * (so that we have SSL_want_read(s) instead of
+			 * SSL_want_write(s)) and rbio and wbio *are* the same,
+			 * this test works around that bug; so it might be safer
+			 * to keep it. */
 			return(SSL_ERROR_WANT_WRITE);
 		else if (BIO_should_io_special(bio))
 			{
 			reason=BIO_get_retry_reason(bio);
 			if (reason == BIO_RR_CONNECT)
 				return(SSL_ERROR_WANT_CONNECT);
+			else if (reason == BIO_RR_ACCEPT)
+				return(SSL_ERROR_WANT_ACCEPT);
 			else
 				return(SSL_ERROR_SYSCALL); /* unknown */
 			}
@@ -1317,12 +1915,15 @@ int i;
 		if (BIO_should_write(bio))
 			return(SSL_ERROR_WANT_WRITE);
 		else if (BIO_should_read(bio))
+			/* See above (SSL_want_read(s) with BIO_should_write(bio)) */
 			return(SSL_ERROR_WANT_READ);
 		else if (BIO_should_io_special(bio))
 			{
 			reason=BIO_get_retry_reason(bio);
 			if (reason == BIO_RR_CONNECT)
 				return(SSL_ERROR_WANT_CONNECT);
+			else if (reason == BIO_RR_ACCEPT)
+				return(SSL_ERROR_WANT_ACCEPT);
 			else
 				return(SSL_ERROR_SYSCALL);
 			}
@@ -1349,8 +1950,7 @@ int i;
 	return(SSL_ERROR_SYSCALL);
 	}
 
-int SSL_do_handshake(s)
-SSL *s;
+int SSL_do_handshake(SSL *s)
 	{
 	int ret=1;
 
@@ -1371,9 +1971,9 @@ SSL *s;
 
 /* For the next 2 functions, SSL_clear() sets shutdown and so
  * one of these calls will reset it */
-void SSL_set_accept_state(s)
-SSL *s;
+void SSL_set_accept_state(SSL *s)
 	{
+	s->server=1;
 	s->shutdown=0;
 	s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE;
 	s->handshake_func=s->method->ssl_accept;
@@ -1381,9 +1981,9 @@ SSL *s;
 	ssl_clear_cipher_ctx(s);
 	}
 
-void SSL_set_connect_state(s)
-SSL *s;
+void SSL_set_connect_state(SSL *s)
 	{
+	s->server=0;
 	s->shutdown=0;
 	s->state=SSL_ST_CONNECT|SSL_ST_BEFORE;
 	s->handshake_func=s->method->ssl_connect;
@@ -1391,22 +1991,19 @@ SSL *s;
 	ssl_clear_cipher_ctx(s);
 	}
 
-int ssl_undefined_function(s)
-SSL *s;
+int ssl_undefined_function(SSL *s)
 	{
 	SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
 	return(0);
 	}
 
-SSL_METHOD *ssl_bad_method(ver)
-int ver;
+SSL_METHOD *ssl_bad_method(int ver)
 	{
 	SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
 	return(NULL);
 	}
 
-char *SSL_get_version(s)
-SSL *s;
+const char *SSL_get_version(SSL *s)
 	{
 	if (s->version == TLS1_VERSION)
 		return("TLSv1");
@@ -1418,30 +2015,67 @@ SSL *s;
 		return("unknown");
 	}
 
-SSL *SSL_dup(s)
-SSL *s;
-        {
-	STACK *sk;
+SSL *SSL_dup(SSL *s)
+	{
+	STACK_OF(X509_NAME) *sk;
 	X509_NAME *xn;
-        SSL *ret;
+	SSL *ret;
 	int i;
 		 
-	if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) return(NULL);
-			  
-	/* This copies version, session-id, SSL_METHOD and 'cert' */
-	SSL_copy_session_id(ret,s);
+	if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL)
+	    return(NULL);
+
+	ret->version = s->version;
+	ret->type = s->type;
+	ret->method = s->method;
+
+	if (s->session != NULL)
+		{
+		/* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */
+		SSL_copy_session_id(ret,s);
+		}
+	else
+		{
+		/* No session has been established yet, so we have to expect
+		 * that s->cert or ret->cert will be changed later --
+		 * they should not both point to the same object,
+		 * and thus we can't use SSL_copy_session_id. */
+
+		ret->method = s->method;
+		ret->method->ssl_new(ret);
 
+		if (s->cert != NULL)
+			{
+			if (ret->cert != NULL)
+				{
+				ssl_cert_free(ret->cert);
+				}
+			ret->cert = ssl_cert_dup(s->cert);
+			if (ret->cert == NULL)
+				goto err;
+			}
+				
+		SSL_set_session_id_context(ret,
+			s->sid_ctx, s->sid_ctx_length);
+		}
+
+	ret->options=s->options;
+	ret->mode=s->mode;
+	SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s));
 	SSL_set_read_ahead(ret,SSL_get_read_ahead(s));
+	ret->msg_callback = s->msg_callback;
+	ret->msg_callback_arg = s->msg_callback_arg;
 	SSL_set_verify(ret,SSL_get_verify_mode(s),
 		SSL_get_verify_callback(s));
+	SSL_set_verify_depth(ret,SSL_get_verify_depth(s));
+	ret->generate_session_id = s->generate_session_id;
 
 	SSL_set_info_callback(ret,SSL_get_info_callback(s));
 	
 	ret->debug=s->debug;
-	ret->options=s->options;
 
 	/* copy app data, a little dangerous perhaps */
-	if (!CRYPTO_dup_ex_data(ssl_meth,&ret->ex_data,&s->ex_data))
+	if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
 		goto err;
 
 	/* setup rbio, and wbio */
@@ -1460,27 +2094,40 @@ SSL *s;
 		else
 			ret->wbio=ret->rbio;
 		}
+	ret->rwstate = s->rwstate;
+	ret->in_handshake = s->in_handshake;
+	ret->handshake_func = s->handshake_func;
+	ret->server = s->server;
+	ret->new_session = s->new_session;
+	ret->quiet_shutdown = s->quiet_shutdown;
+	ret->shutdown=s->shutdown;
+	ret->state=s->state; /* SSL_dup does not really work at any state, though */
+	ret->rstate=s->rstate;
+	ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */
+	ret->hit=s->hit;
+	ret->purpose=s->purpose;
+	ret->trust=s->trust;
 
 	/* dup the cipher_list and cipher_list_by_id stacks */
 	if (s->cipher_list != NULL)
 		{
-		if ((ret->cipher_list=sk_dup(s->cipher_list)) == NULL)
+		if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
 			goto err;
 		}
 	if (s->cipher_list_by_id != NULL)
-		if ((ret->cipher_list_by_id=sk_dup(s->cipher_list_by_id))
+		if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id))
 			== NULL)
 			goto err;
 
 	/* Dup the client_CA list */
 	if (s->client_CA != NULL)
 		{
-		if ((sk=sk_dup(s->client_CA)) == NULL) goto err;
+		if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
 		ret->client_CA=sk;
-		for (i=0; i<sk_num(sk); i++)
+		for (i=0; i<sk_X509_NAME_num(sk); i++)
 			{
-			xn=(X509_NAME *)sk_value(sk,i);
-			if ((sk_value(sk,i)=(char *)X509_NAME_dup(xn)) == NULL)
+			xn=sk_X509_NAME_value(sk,i);
+			if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL)
 				{
 				X509_NAME_free(xn);
 				goto err;
@@ -1488,10 +2135,6 @@ SSL *s;
 			}
 		}
 
-	ret->shutdown=s->shutdown;
-	ret->state=s->state;
-	ret->handshake_func=s->handshake_func;
-
 	if (0)
 		{
 err:
@@ -1501,26 +2144,34 @@ err:
 	return(ret);
 	}
 
-void ssl_clear_cipher_ctx(s)
-SSL *s;
+void ssl_clear_cipher_ctx(SSL *s)
 	{
-        if (s->enc_read_ctx != NULL)
-                {
-                EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
-                Free(s->enc_read_ctx);
-                s->enc_read_ctx=NULL;
-                }
-        if (s->enc_write_ctx != NULL)
-                {
-                EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
-                Free(s->enc_write_ctx);
-                s->enc_write_ctx=NULL;
-                }
+	if (s->enc_read_ctx != NULL)
+		{
+		EVP_CIPHER_CTX_cleanup(s->enc_read_ctx);
+		OPENSSL_free(s->enc_read_ctx);
+		s->enc_read_ctx=NULL;
+		}
+	if (s->enc_write_ctx != NULL)
+		{
+		EVP_CIPHER_CTX_cleanup(s->enc_write_ctx);
+		OPENSSL_free(s->enc_write_ctx);
+		s->enc_write_ctx=NULL;
+		}
+	if (s->expand != NULL)
+		{
+		COMP_CTX_free(s->expand);
+		s->expand=NULL;
+		}
+	if (s->compress != NULL)
+		{
+		COMP_CTX_free(s->compress);
+		s->compress=NULL;
+		}
 	}
 
 /* Fix this function so that it takes an optional type parameter */
-X509 *SSL_get_certificate(s)
-SSL *s;
+X509 *SSL_get_certificate(SSL *s)
 	{
 	if (s->cert != NULL)
 		return(s->cert->key->x509);
@@ -1529,8 +2180,7 @@ SSL *s;
 	}
 
 /* Fix this function so that it takes an optional type parameter */
-EVP_PKEY *SSL_get_privatekey(s)
-SSL *s;
+EVP_PKEY *SSL_get_privatekey(SSL *s)
 	{
 	if (s->cert != NULL)
 		return(s->cert->key->privatekey);
@@ -1538,17 +2188,14 @@ SSL *s;
 		return(NULL);
 	}
 
-SSL_CIPHER *SSL_get_current_cipher(s)
-SSL *s;
+SSL_CIPHER *SSL_get_current_cipher(SSL *s)
 	{
-        if ((s->session != NULL) && (s->session->cipher != NULL))
-                return(s->session->cipher);
-        return(NULL);
+	if ((s->session != NULL) && (s->session->cipher != NULL))
+		return(s->session->cipher);
+	return(NULL);
 	}
 
-int ssl_init_wbio_buffer(s,push)
-SSL *s;
-int push;
+int ssl_init_wbio_buffer(SSL *s,int push)
 	{
 	BIO *bbio;
 
@@ -1564,7 +2211,7 @@ int push;
 		if (s->bbio == s->wbio)
 			s->wbio=BIO_pop(s->wbio);
 		}
-	BIO_reset(bbio);
+	(void)BIO_reset(bbio);
 /*	if (!BIO_set_write_buffer_size(bbio,16*1024)) */
 	if (!BIO_set_read_buffer_size(bbio,1))
 		{
@@ -1583,167 +2230,244 @@ int push;
 		}
 	return(1);
 	}
+
+void ssl_free_wbio_buffer(SSL *s)
+	{
+	if (s->bbio == NULL) return;
+
+	if (s->bbio == s->wbio)
+		{
+		/* remove buffering */
+		s->wbio=BIO_pop(s->wbio);
+#ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */
+		assert(s->wbio != NULL);
+#endif	
+	}
+	BIO_free(s->bbio);
+	s->bbio=NULL;
+	}
 	
-void SSL_CTX_set_quiet_shutdown(ctx,mode)
-SSL_CTX *ctx;
-int mode;
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode)
 	{
 	ctx->quiet_shutdown=mode;
 	}
 
-int SSL_CTX_get_quiet_shutdown(ctx)
-SSL_CTX *ctx;
+int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx)
 	{
 	return(ctx->quiet_shutdown);
 	}
 
-void SSL_set_quiet_shutdown(s,mode)
-SSL *s;
-int mode;
+void SSL_set_quiet_shutdown(SSL *s,int mode)
 	{
 	s->quiet_shutdown=mode;
 	}
 
-int SSL_get_quiet_shutdown(s)
-SSL *s;
+int SSL_get_quiet_shutdown(SSL *s)
 	{
 	return(s->quiet_shutdown);
 	}
 
-void SSL_set_shutdown(s,mode)
-SSL *s;
-int mode;
+void SSL_set_shutdown(SSL *s,int mode)
 	{
 	s->shutdown=mode;
 	}
 
-int SSL_get_shutdown(s)
-SSL *s;
+int SSL_get_shutdown(SSL *s)
 	{
 	return(s->shutdown);
 	}
 
-int SSL_version(s)
-SSL *s;
+int SSL_version(SSL *s)
 	{
 	return(s->version);
 	}
 
-SSL_CTX *SSL_get_SSL_CTX(ssl)
-SSL *ssl;
+SSL_CTX *SSL_get_SSL_CTX(SSL *ssl)
 	{
 	return(ssl->ctx);
 	}
 
-#ifndef NO_STDIO
-int SSL_CTX_set_default_verify_paths(ctx)
-SSL_CTX *ctx;
+#ifndef OPENSSL_NO_STDIO
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
 	{
 	return(X509_STORE_set_default_paths(ctx->cert_store));
 	}
 
-int SSL_CTX_load_verify_locations(ctx,CAfile,CApath)
-SSL_CTX *ctx;
-char *CAfile;
-char *CApath;
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+		const char *CApath)
 	{
 	return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath));
 	}
 #endif
 
-void SSL_set_info_callback(ssl,cb)
-SSL *ssl;
-void (*cb)();
+void SSL_set_info_callback(SSL *ssl,
+			   void (*cb)(const SSL *ssl,int type,int val))
 	{
 	ssl->info_callback=cb;
 	}
 
-void (*SSL_get_info_callback(ssl))()
-SSL *ssl;
+void (*SSL_get_info_callback(SSL *ssl))(const SSL *ssl,int type,int val)
 	{
-	return((void (*)())ssl->info_callback);
+	return ssl->info_callback;
 	}
 
-int SSL_state(ssl)
-SSL *ssl;
+int SSL_state(SSL *ssl)
 	{
 	return(ssl->state);
 	}
 
-void SSL_set_verify_result(ssl,arg)
-SSL *ssl;
-long arg;
+void SSL_set_verify_result(SSL *ssl,long arg)
 	{
 	ssl->verify_result=arg;
 	}
 
-long SSL_get_verify_result(ssl)
-SSL *ssl;
+long SSL_get_verify_result(SSL *ssl)
 	{
 	return(ssl->verify_result);
 	}
 
-int SSL_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
-long argl;
-char *argp;
-int (*new_func)();
-int (*dup_func)();
-void (*free_func)();
-        {
-	ssl_meth_num++;
-	return(CRYPTO_get_ex_new_index(ssl_meth_num-1,
-		&ssl_meth,argl,argp,new_func,dup_func,free_func));
-        }
+int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
+			 CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
+	{
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
+				new_func, dup_func, free_func);
+	}
 
-int SSL_set_ex_data(s,idx,arg)
-SSL *s;
-int idx;
-char *arg;
+int SSL_set_ex_data(SSL *s,int idx,void *arg)
 	{
 	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
 	}
 
-char *SSL_get_ex_data(s,idx)
-SSL *s;
-int idx;
+void *SSL_get_ex_data(SSL *s,int idx)
 	{
 	return(CRYPTO_get_ex_data(&s->ex_data,idx));
 	}
 
-int SSL_CTX_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
-long argl;
-char *argp;
-int (*new_func)();
-int (*dup_func)();
-void (*free_func)();
-        {
-	ssl_ctx_meth_num++;
-	return(CRYPTO_get_ex_new_index(ssl_ctx_meth_num-1,
-		&ssl_ctx_meth,argl,argp,new_func,dup_func,free_func));
-        }
+int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func,
+			     CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func)
+	{
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
+				new_func, dup_func, free_func);
+	}
 
-int SSL_CTX_set_ex_data(s,idx,arg)
-SSL_CTX *s;
-int idx;
-char *arg;
+int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg)
 	{
 	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
 	}
 
-char *SSL_CTX_get_ex_data(s,idx)
-SSL_CTX *s;
-int idx;
+void *SSL_CTX_get_ex_data(SSL_CTX *s,int idx)
 	{
 	return(CRYPTO_get_ex_data(&s->ex_data,idx));
 	}
 
-int ssl_ok(s)
-SSL *s;
+int ssl_ok(SSL *s)
 	{
 	return(1);
 	}
 
-#if defined(_WINDLL) && defined(WIN16)
+X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx)
+	{
+	return(ctx->cert_store);
+	}
+
+void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store)
+	{
+	if (ctx->cert_store != NULL)
+		X509_STORE_free(ctx->cert_store);
+	ctx->cert_store=store;
+	}
+
+int SSL_want(SSL *s)
+	{
+	return(s->rwstate);
+	}
+
+/*!
+ * \brief Set the callback for generating temporary RSA keys.
+ * \param ctx the SSL context.
+ * \param cb the callback
+ */
+
+#ifndef OPENSSL_NO_RSA
+void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,
+							  int is_export,
+							  int keylength))
+    {
+    SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb);
+    }
+
+void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl,
+						  int is_export,
+						  int keylength))
+    {
+    SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb);
+    }
+#endif
+
+#ifdef DOXYGEN
+/*!
+ * \brief The RSA temporary key callback function.
+ * \param ssl the SSL session.
+ * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite.
+ * \param keylength if \c is_export is \c TRUE, then \c keylength is the size
+ * of the required key in bits.
+ * \return the temporary RSA key.
+ * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback
+ */
+
+RSA *cb(SSL *ssl,int is_export,int keylength)
+    {}
+#endif
+
+/*!
+ * \brief Set the callback for generating temporary DH keys.
+ * \param ctx the SSL context.
+ * \param dh the callback
+ */
+
+#ifndef OPENSSL_NO_DH
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export,
+							int keylength))
+	{
+	SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
+	}
+
+void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export,
+						int keylength))
+	{
+	SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh);
+	}
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
+							int keylength))
+	{
+	SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)())ecdh);
+	}
+
+void SSL_set_tmp_ecdh_callback(SSL *ssl,EC_KEY *(*ecdh)(SSL *ssl,int is_export,
+						int keylength))
+	{
+	SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH_CB,(void (*)())ecdh);
+	}
+#endif
+
+
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
+	{
+	SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)())cb);
+	}
+void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
+	{
+	SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)())cb);
+	}
+
+
+
+#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
 #include "../crypto/bio/bss_file.c"
 #endif
 
+IMPLEMENT_STACK_OF(SSL_CIPHER)
+IMPLEMENT_STACK_OF(SSL_COMP)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 71d4c08c09..4adf5f5b1c 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -55,6 +55,64 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
 
 #ifndef HEADER_SSL_LOCL_H
 #define HEADER_SSL_LOCL_H
@@ -65,15 +123,21 @@
 
 #include "e_os.h"
 
-#include "buffer.h"
-#include "comp.h"
-#include "bio.h"
-#include "crypto.h"
-#include "evp.h"
-#include "stack.h"
-#include "x509.h"
-#include "err.h"
-#include "ssl.h"
+#include <openssl/buffer.h>
+#include <openssl/comp.h>
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/stack.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+#include <openssl/symhacks.h>
+
+#ifdef OPENSSL_BUILD_SHLIBSSL
+# undef OPENSSL_EXTERN
+# define OPENSSL_EXTERN OPENSSL_EXPORT
+#endif
 
 #define PKCS1_CHECK
 
@@ -155,60 +219,133 @@
 #define DEC32(a)	((a)=((a)-1)&0xffffffffL)
 #define MAX_MAC_SIZE	20 /* up from 16 for SSLv3 */
 
-#define SSL_MKEY_MASK		0x0000001FL
+/*
+ * Define the Bitmasks for SSL_CIPHER.algorithms.
+ * This bits are used packed as dense as possible. If new methods/ciphers
+ * etc will be added, the bits a likely to change, so this information
+ * is for internal library use only, even though SSL_CIPHER.algorithms
+ * can be publicly accessed.
+ * Use the according functions for cipher management instead.
+ *
+ * The bit mask handling in the selection and sorting scheme in
+ * ssl_create_cipher_list() has only limited capabilities, reflecting
+ * that the different entities within are mutually exclusive:
+ * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
+ */
+#define SSL_MKEY_MASK		0x000000FFL
 #define SSL_kRSA		0x00000001L /* RSA key exchange */
 #define SSL_kDHr		0x00000002L /* DH cert RSA CA cert */
 #define SSL_kDHd		0x00000004L /* DH cert DSA CA cert */
 #define SSL_kFZA		0x00000008L
 #define SSL_kEDH		0x00000010L /* tmp DH key no DH cert */
+#define SSL_kKRB5		0x00000020L /* Kerberos5 key exchange */
+#define SSL_kECDH               0x00000040L /* ECDH w/ long-term keys */
+#define SSL_kECDHE              0x00000080L /* ephemeral ECDH */
 #define SSL_EDH			(SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL))
 
-#define SSL_AUTH_MASK		0x000003e0L
-#define SSL_aRSA		0x00000020L /* Authenticate with RSA */
-#define SSL_aDSS 		0x00000040L /* Authenticate with DSS */
+#define SSL_AUTH_MASK		0x00007F00L
+#define SSL_aRSA		0x00000100L /* Authenticate with RSA */
+#define SSL_aDSS 		0x00000200L /* Authenticate with DSS */
 #define SSL_DSS 		SSL_aDSS
-#define SSL_aFZA 		0x00000080L
-#define SSL_aNULL 		0x00000100L /* no Authenticate, ADH */
-#define SSL_aDH 		0x00000200L /* no Authenticate, ADH */
+#define SSL_aFZA 		0x00000400L
+#define SSL_aNULL 		0x00000800L /* no Authenticate, ADH */
+#define SSL_aDH 		0x00001000L /* no Authenticate, ADH */
+#define SSL_aKRB5               0x00002000L /* Authenticate with KRB5 */
+#define SSL_aECDSA              0x00004000L /* Authenticate with ECDSA */
 
 #define SSL_NULL		(SSL_eNULL)
 #define SSL_ADH			(SSL_kEDH|SSL_aNULL)
 #define SSL_RSA			(SSL_kRSA|SSL_aRSA)
 #define SSL_DH			(SSL_kDHr|SSL_kDHd|SSL_kEDH)
+#define SSL_ECDH		(SSL_kECDH|SSL_kECDHE)
 #define SSL_FZA			(SSL_aFZA|SSL_kFZA|SSL_eFZA)
-
-#define SSL_ENC_MASK		0x0001Fc00L
-#define SSL_DES			0x00000400L
-#define SSL_3DES		0x00000800L
-#define SSL_RC4			0x00001000L
-#define SSL_RC2			0x00002000L
-#define SSL_IDEA		0x00004000L
-#define SSL_eFZA		0x00008000L
-#define SSL_eNULL		0x00010000L
-
-#define SSL_MAC_MASK		0x00060000L
-#define SSL_MD5			0x00020000L
-#define SSL_SHA1		0x00040000L
+#define SSL_KRB5                (SSL_kKRB5|SSL_aKRB5)
+
+#define SSL_ENC_MASK		0x043F8000L
+#define SSL_DES			0x00008000L
+#define SSL_3DES		0x00010000L
+#define SSL_RC4			0x00020000L
+#define SSL_RC2			0x00040000L
+#define SSL_IDEA		0x00080000L
+#define SSL_eFZA		0x00100000L
+#define SSL_eNULL		0x00200000L
+#define SSL_AES			0x04000000L
+
+#define SSL_MAC_MASK		0x00c00000L
+#define SSL_MD5			0x00400000L
+#define SSL_SHA1		0x00800000L
 #define SSL_SHA			(SSL_SHA1)
 
-#define SSL_EXP_MASK		0x00300000L
-#define SSL_EXP			0x00100000L
-#define SSL_NOT_EXP		0x00200000L
-#define SSL_EXPORT		SSL_EXP
+#define SSL_SSL_MASK		0x03000000L
+#define SSL_SSLV2		0x01000000L
+#define SSL_SSLV3		0x02000000L
+#define SSL_TLSV1		SSL_SSLV3	/* for now */
 
-#define SSL_SSL_MASK		0x00c00000L
-#define SSL_SSLV2		0x00400000L
-#define SSL_SSLV3		0x00800000L
+/* we have used 07ffffff - 5 bits left to go. */
+
+/*
+ * Export and cipher strength information. For each cipher we have to decide
+ * whether it is exportable or not. This information is likely to change
+ * over time, since the export control rules are no static technical issue.
+ *
+ * Independent of the export flag the cipher strength is sorted into classes.
+ * SSL_EXP40 was denoting the 40bit US export limit of past times, which now
+ * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
+ * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
+ * since SSL_EXP64 could be similar to SSL_LOW.
+ * For this reason SSL_MICRO and SSL_MINI macros are included to widen the
+ * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
+ * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would
+ * be possible.
+ */
+#define SSL_EXP_MASK		0x00000003L
+#define SSL_NOT_EXP		0x00000001L
+#define SSL_EXPORT		0x00000002L
+
+#define SSL_STRONG_MASK		0x000000fcL
+#define SSL_STRONG_NONE		0x00000004L
+#define SSL_EXP40		0x00000008L
+#define SSL_MICRO		(SSL_EXP40)
+#define SSL_EXP56		0x00000010L
+#define SSL_MINI		(SSL_EXP56)
+#define SSL_LOW			0x00000020L
+#define SSL_MEDIUM		0x00000040L
+#define SSL_HIGH		0x00000080L
+
+/* we have used 000000ff - 24 bits left to go */
+
+/*
+ * Macros to check the export status and cipher strength for export ciphers.
+ * Even though the macros for EXPORT and EXPORT40/56 have similar names,
+ * their meaning is different:
+ * *_EXPORT macros check the 'exportable' status.
+ * *_EXPORT40/56 macros are used to check whether a certain cipher strength
+ *          is given.
+ * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct
+ * algorithm structure element to be passed (algorithms, algo_strength) and no
+ * typechecking can be done as they are all of type unsigned long, their
+ * direct usage is discouraged.
+ * Use the SSL_C_* macros instead.
+ */
+#define SSL_IS_EXPORT(a)	((a)&SSL_EXPORT)
+#define SSL_IS_EXPORT56(a)	((a)&SSL_EXP56)
+#define SSL_IS_EXPORT40(a)	((a)&SSL_EXP40)
+#define SSL_C_IS_EXPORT(c)	SSL_IS_EXPORT((c)->algo_strength)
+#define SSL_C_IS_EXPORT56(c)	SSL_IS_EXPORT56((c)->algo_strength)
+#define SSL_C_IS_EXPORT40(c)	SSL_IS_EXPORT40((c)->algo_strength)
+
+#define SSL_EXPORT_KEYLENGTH(a,s)	(SSL_IS_EXPORT40(s) ? 5 : \
+				 ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7)
+#define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024)
+#define SSL_C_EXPORT_KEYLENGTH(c)	SSL_EXPORT_KEYLENGTH((c)->algorithms, \
+				(c)->algo_strength)
+#define SSL_C_EXPORT_PKEYLENGTH(c)	SSL_EXPORT_PKEYLENGTH((c)->algo_strength)
 
-#define SSL_STRONG_MASK		0x07000000L
-#define SSL_LOW			0x01000000L
-#define SSL_MEDIUM		0x02000000L
-#define SSL_HIGH		0x04000000L
 
-/* we have used 0fffffff - 4 bits left to go */
 #define SSL_ALL			0xffffffffL
 #define SSL_ALL_CIPHERS		(SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\
-				SSL_MAC_MASK|SSL_EXP_MASK)
+				SSL_MAC_MASK)
+#define SSL_ALL_STRENGTHS	(SSL_EXP_MASK|SSL_STRONG_MASK)
 
 /* Mostly for SSLv3 */
 #define SSL_PKEY_RSA_ENC	0
@@ -216,7 +353,8 @@
 #define SSL_PKEY_DSA_SIGN	2
 #define SSL_PKEY_DH_RSA		3
 #define SSL_PKEY_DH_DSA		4
-#define SSL_PKEY_NUM		5
+#define SSL_PKEY_ECC            5
+#define SSL_PKEY_NUM		6
 
 /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
  * 	    <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
@@ -232,47 +370,79 @@
 #define CERT_PRIVATE_KEY	2
 */
 
+#ifndef OPENSSL_NO_EC
+/* From ECC-TLS draft, used in encoding the curve type in 
+ * ECParameters
+ */
+#define EXPLICIT_PRIME_CURVE_TYPE  1   
+#define EXPLICIT_CHAR2_CURVE_TYPE  2
+#define NAMED_CURVE_TYPE           3
+#endif  /* OPENSSL_NO_EC */
+
 typedef struct cert_pkey_st
 	{
 	X509 *x509;
-/*	EVP_PKEY *publickey; *//* when extracted */
 	EVP_PKEY *privatekey;
 	} CERT_PKEY;
 
 typedef struct cert_st
 	{
-	int cert_type;
-
-#ifdef undef
-	X509 *x509;
-	EVP_PKEY *publickey; /* when extracted */
-	EVP_PKEY *privatekey;
-
-	pkeys[SSL_PKEY_RSA_ENC].x509
-/*	pkeys[SSL_PKEY_RSA_ENC].publickey */
-	pkeys[SSL_PKEY_RSA_ENC].privatekey
-#endif
-
 	/* Current active set */
-	CERT_PKEY *key;
-
+	CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
+			 * Probably it would make more sense to store
+			 * an index, not a pointer. */
+ 
 	/* The following masks are for the key and auth
 	 * algorithms that are supported by the certs below */
 	int valid;
 	unsigned long mask;
 	unsigned long export_mask;
-
+#ifndef OPENSSL_NO_RSA
 	RSA *rsa_tmp;
+	RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
+#endif
+#ifndef OPENSSL_NO_DH
 	DH *dh_tmp;
-	RSA *(*rsa_tmp_cb)();
-	DH *(*dh_tmp_cb)();
-	CERT_PKEY pkeys[SSL_PKEY_NUM];
+	DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
+#endif
+#ifndef OPENSSL_NO_ECDH
+	EC_KEY *ecdh_tmp;
+	/* Callback for generating ephemeral ECDH keys */
+	EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize);
+#endif
 
-	STACK *cert_chain;
+	CERT_PKEY pkeys[SSL_PKEY_NUM];
 
-	int references;
+	int references; /* >1 only if SSL_copy_session_id is used */
 	} CERT;
 
+
+typedef struct sess_cert_st
+	{
+	STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
+
+	/* The 'peer_...' members are used only by clients. */
+	int peer_cert_type;
+
+	CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */
+	CERT_PKEY peer_pkeys[SSL_PKEY_NUM];
+	/* Obviously we don't have the private keys of these,
+	 * so maybe we shouldn't even use the CERT_PKEY type here. */
+
+#ifndef OPENSSL_NO_RSA
+	RSA *peer_rsa_tmp; /* not used for SSL 2 */
+#endif
+#ifndef OPENSSL_NO_DH
+	DH *peer_dh_tmp; /* not used for SSL 2 */
+#endif
+#ifndef OPENSSL_NO_ECDH
+	EC_KEY *peer_ecdh_tmp;
+#endif
+
+	int references; /* actually always 1 at the moment */
+	} SESS_CERT;
+
+
 /*#define MAC_DEBUG	*/
 
 /*#define ERR_DEBUG	*/
@@ -284,12 +454,7 @@ typedef struct cert_st
 /*#define RSA_DEBUG	*/ 
 /*#define IDEA_DEBUG	*/ 
 
-#ifndef NOPROTO
 #define FP_ICC  (int (*)(const void *,const void *))
-#else
-#define FP_ICC
-#endif
-
 #define ssl_put_cipher_by_char(ssl,ciph,ptr) \
 		((ssl)->method->put_cipher_by_char((ciph),(ptr)))
 #define ssl_get_cipher_by_char(ssl,ptr) \
@@ -297,37 +462,41 @@ typedef struct cert_st
 
 /* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
  * It is a bit of a mess of functions, but hell, think of it as
- * an opaque strucute :-) */
+ * an opaque structure :-) */
 typedef struct ssl3_enc_method
 	{
-	int (*enc)();
-	int (*mac)();
-	int (*setup_key_block)();
-	int (*generate_master_secret)();
-	int (*change_cipher_state)();
-	int (*final_finish_mac)();
+	int (*enc)(SSL *, int);
+	int (*mac)(SSL *, unsigned char *, int);
+	int (*setup_key_block)(SSL *);
+	int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
+	int (*change_cipher_state)(SSL *, int);
+	int (*final_finish_mac)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char *, int, unsigned char *);
 	int finish_mac_length;
-	int (*cert_verify_mac)();
-	unsigned char client_finished[20];
-	int client_finished_len;
-	unsigned char server_finished[20];
-	int server_finished_len;
-	int (*alert_value)();
+	int (*cert_verify_mac)(SSL *, EVP_MD_CTX *, unsigned char *);
+	const char *client_finished_label;
+	int client_finished_label_len;
+	const char *server_finished_label;
+	int server_finished_label_len;
+	int (*alert_value)(int);
 	} SSL3_ENC_METHOD;
 
-/* Used for holding the relevent compression methods loaded into SSL_CTX */
+/* Used for holding the relevant compression methods loaded into SSL_CTX */
 typedef struct ssl3_comp_st
 	{
-	int comp_id;	/* The identifer byte for this compression type */
+	int comp_id;	/* The identifier byte for this compression type */
 	char *name;	/* Text name used for the compression type */
 	COMP_METHOD *method; /* The method :-) */
 	} SSL3_COMP;
 
-extern SSL3_ENC_METHOD ssl3_undef_enc_method;
-extern SSL_CIPHER ssl2_ciphers[];
-extern SSL_CIPHER ssl3_ciphers[];
+OPENSSL_EXTERN SSL3_ENC_METHOD ssl3_undef_enc_method;
+OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[];
+OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[];
+
+#ifdef OPENSSL_SYS_VMS
+#undef SSL_COMP_get_compression_methods
+#define SSL_COMP_get_compression_methods	SSL_COMP_get_compress_methods
+#endif
 
-#ifndef NOPROTO
 
 SSL_METHOD *ssl_bad_method(int ver);
 SSL_METHOD *sslv2_base_method(void);
@@ -337,33 +506,42 @@ SSL_METHOD *sslv3_base_method(void);
 void ssl_clear_cipher_ctx(SSL *s);
 int ssl_clear_bad_session(SSL *s);
 CERT *ssl_cert_new(void);
+CERT *ssl_cert_dup(CERT *cert);
+int ssl_cert_inst(CERT **o);
 void ssl_cert_free(CERT *c);
-int ssl_set_cert_type(CERT *c, int type);
+SESS_CERT *ssl_sess_cert_new(void);
+void ssl_sess_cert_free(SESS_CERT *sc);
+int ssl_set_peer_cert_type(SESS_CERT *c, int type);
 int ssl_get_new_session(SSL *s, int session);
 int ssl_get_prev_session(SSL *s, unsigned char *session,int len);
-int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b);
-int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp);
-STACK *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,STACK **skp);
-int ssl_cipher_list_to_bytes(SSL *s,STACK *sk,unsigned char *p);
-STACK *ssl_create_cipher_list(SSL_METHOD *meth,STACK **pref,
-	STACK **sorted,char *str);
+int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
+int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
+			const SSL_CIPHER * const *bp);
+STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
+					       STACK_OF(SSL_CIPHER) **skp);
+int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p);
+STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
+					     STACK_OF(SSL_CIPHER) **pref,
+					     STACK_OF(SSL_CIPHER) **sorted,
+					     const char *rule_str);
 void ssl_update_cache(SSL *s, int mode);
-int ssl_cipher_get_evp(SSL_CIPHER *c, EVP_CIPHER **enc, EVP_MD **md);
-int ssl_verify_cert_chain(SSL *s,STACK *sk);
+int ssl_cipher_get_evp(SSL_SESSION *s,const EVP_CIPHER **enc,const EVP_MD **md,
+		       SSL_COMP **comp);
+int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
 int ssl_undefined_function(SSL *s);
 X509 *ssl_get_server_send_cert(SSL *);
 EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
 int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
-void ssl_set_cert_masks(CERT *c);
-STACK *ssl_get_ciphers_by_id(SSL *s);
+void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher);
+STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
 
 int ssl2_enc_init(SSL *s, int client);
-void ssl2_generate_key_material(SSL *s);
+int ssl2_generate_key_material(SSL *s);
 void ssl2_enc(SSL *s,int send_data);
 void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
-SSL_CIPHER *ssl2_get_cipher_by_char(unsigned char *p);
-int ssl2_put_cipher_by_char(SSL_CIPHER *c,unsigned char *p);
+SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
+int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
 int ssl2_part_read(SSL *s, unsigned long f, int i);
 int ssl2_do_write(SSL *s);
 int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data);
@@ -375,17 +553,19 @@ int	ssl2_new(SSL *s);
 void	ssl2_free(SSL *s);
 int	ssl2_accept(SSL *s);
 int	ssl2_connect(SSL *s);
-int	ssl2_read(SSL *s, char *buf, int len);
-int	ssl2_peek(SSL *s, char *buf, int len);
-int	ssl2_write(SSL *s, char *buf, int len);
+int	ssl2_read(SSL *s, void *buf, int len);
+int	ssl2_peek(SSL *s, void *buf, int len);
+int	ssl2_write(SSL *s, const void *buf, int len);
 int	ssl2_shutdown(SSL *s);
 void	ssl2_clear(SSL *s);
-long	ssl2_ctrl(SSL *s,int cmd, long larg, char *parg);
-long	ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, char *parg);
+long	ssl2_ctrl(SSL *s,int cmd, long larg, void *parg);
+long	ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
+long	ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)());
+long	ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)());
 int	ssl2_pending(SSL *s);
 
-SSL_CIPHER *ssl3_get_cipher_by_char(unsigned char *p);
-int ssl3_put_cipher_by_char(SSL_CIPHER *c,unsigned char *p);
+SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
+int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
 void ssl3_init_finished_mac(SSL *s);
 int ssl3_send_server_certificate(SSL *s);
 int ssl3_get_finished(SSL *s,int state_a,int state_b);
@@ -399,35 +579,37 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out,
 	unsigned char *p, int len);
 int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
 long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
-int ssl3_send_finished(SSL *s, int a, int b, unsigned char *sender,int slen);
+int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
 int ssl3_num_ciphers(void);
 SSL_CIPHER *ssl3_get_cipher(unsigned int u);
 int ssl3_renegotiate(SSL *ssl); 
 int ssl3_renegotiate_check(SSL *ssl); 
 int ssl3_dispatch_alert(SSL *s);
-int ssl3_read_bytes(SSL *s, int type, char *buf, int len);
-int ssl3_part_read(SSL *s, int i);
-int ssl3_write_bytes(SSL *s, int type, char *buf, int len);
-int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1,EVP_MD_CTX *ctx2,
-	unsigned char *sender, int slen,unsigned char *p);
+int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
+int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
+int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2,
+	const char *sender, int slen,unsigned char *p);
 int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
-void ssl3_finish_mac(SSL *s, unsigned char *buf, int len);
+void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
 int ssl3_enc(SSL *s, int send_data);
 int ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
-SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK *have,STACK *pref);
+SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
+			       STACK_OF(SSL_CIPHER) *srvr);
 int	ssl3_setup_buffers(SSL *s);
 int	ssl3_new(SSL *s);
 void	ssl3_free(SSL *s);
 int	ssl3_accept(SSL *s);
 int	ssl3_connect(SSL *s);
-int	ssl3_read(SSL *s, char *buf, int len);
-int	ssl3_peek(SSL *s,char *buf, int len);
-int	ssl3_write(SSL *s, char *buf, int len);
+int	ssl3_read(SSL *s, void *buf, int len);
+int	ssl3_peek(SSL *s, void *buf, int len);
+int	ssl3_write(SSL *s, const void *buf, int len);
 int	ssl3_shutdown(SSL *s);
 void	ssl3_clear(SSL *s);
-long	ssl3_ctrl(SSL *s,int cmd, long larg, char *parg);
-long	ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, char *parg);
+long	ssl3_ctrl(SSL *s,int cmd, long larg, void *parg);
+long	ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
+long	ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)());
+long	ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)());
 int	ssl3_pending(SSL *s);
 
 int ssl23_accept(SSL *s);
@@ -438,16 +620,18 @@ int ssl23_write_bytes(SSL *s);
 int tls1_new(SSL *s);
 void tls1_free(SSL *s);
 void tls1_clear(SSL *s);
-long tls1_ctrl(SSL *s,int cmd, long larg, char *parg);
+long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
+long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)());
 SSL_METHOD *tlsv1_base_method(void );
 
 int ssl_init_wbio_buffer(SSL *s, int push);
+void ssl_free_wbio_buffer(SSL *s);
 
 int tls1_change_cipher_state(SSL *s, int which);
 int tls1_setup_key_block(SSL *s);
 int tls1_enc(SSL *s, int snd);
 int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
-	unsigned char *str, int slen, unsigned char *p);
+	const char *str, int slen, unsigned char *p);
 int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p);
 int tls1_mac(SSL *ssl, unsigned char *md, int snd);
 int tls1_generate_master_secret(SSL *s, unsigned char *out,
@@ -456,129 +640,10 @@ int tls1_alert_code(int code);
 int ssl3_alert_code(int code);
 int ssl_ok(SSL *s);
 
+int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);
 
-#else
-
-SSL_METHOD *ssl_bad_method();
-SSL_METHOD *sslv2_base_method();
-SSL_METHOD *sslv23_base_method();
-SSL_METHOD *sslv3_base_method();
-
-void ssl_clear_cipher_ctx();
-int ssl_clear_bad_session();
-CERT *ssl_cert_new();
-void ssl_cert_free();
-int ssl_set_cert_type();
-int ssl_get_new_session();
-int ssl_get_prev_session();
-int ssl_cipher_id_cmp();
-int ssl_cipher_ptr_id_cmp();
-STACK *ssl_bytes_to_cipher_list();
-int ssl_cipher_list_to_bytes();
-STACK *ssl_create_cipher_list();
-void ssl_update_cache();
-int ssl_session_get_ciphers();
-int ssl_verify_cert_chain();
-int ssl_undefined_function();
-X509 *ssl_get_server_send_cert();
-EVP_PKEY *ssl_get_sign_pkey();
-int ssl_cert_type();
-void ssl_set_cert_masks();
-STACK *ssl_get_ciphers_by_id();
-int ssl_verify_alarm_type();
-
-int ssl2_enc_init();
-void ssl2_generate_key_material();
-void ssl2_enc();
-void ssl2_mac();
-SSL_CIPHER *ssl2_get_cipher_by_char();
-int ssl2_put_cipher_by_char();
-int ssl2_part_read();
-int ssl2_do_write();
-int ssl2_set_certificate();
-void ssl2_return_error();
-void ssl2_write_error();
-int ssl2_num_ciphers();
-SSL_CIPHER *ssl2_get_cipher();
-int	ssl2_new();
-void	ssl2_free();
-int	ssl2_accept();
-int	ssl2_connect();
-int	ssl2_read();
-int	ssl2_peek();
-int	ssl2_write();
-int	ssl2_shutdown();
-void	ssl2_clear();
-long	ssl2_ctrl();
-long	ssl2_ctx_ctrl();
-int	ssl2_pending();
-
-SSL_CIPHER *ssl3_get_cipher_by_char();
-int ssl3_put_cipher_by_char();
-void ssl3_init_finished_mac();
-int ssl3_send_server_certificate();
-int ssl3_get_finished();
-int ssl3_setup_key_block();
-int ssl3_send_change_cipher_spec();
-int ssl3_change_cipher_state();
-void ssl3_cleanup_key_block();
-int ssl3_do_write();
-void ssl3_send_alert();
-int ssl3_generate_master_secret();
-int ssl3_get_req_cert_type();
-long ssl3_get_message();
-int ssl3_send_finished();
-int ssl3_num_ciphers();
-SSL_CIPHER *ssl3_get_cipher();
-int ssl3_renegotiate();
-int ssl3_renegotiate_check();
-int ssl3_dispatch_alert();
-int ssl3_read_bytes();
-int ssl3_part_read();
-int ssl3_write_bytes();
-int ssl3_final_finish_mac();
-void ssl3_finish_mac();
-int ssl3_enc();
-int ssl3_mac();
-unsigned long ssl3_output_cert_chain();
-SSL_CIPHER *ssl3_choose_cipher();
-int	ssl3_setup_buffers();
-int	ssl3_new();
-void	ssl3_free();
-int	ssl3_accept();
-int	ssl3_connect();
-int	ssl3_read();
-int	ssl3_peek();
-int	ssl3_write();
-int	ssl3_shutdown();
-void	ssl3_clear();
-long	ssl3_ctrl();
-long	ssl3_ctx_ctrl();
-int	ssl3_pending();
-
-int ssl23_accept();
-int ssl23_connect();
-int ssl23_read_bytes();
-int ssl23_write_bytes();
-
-int ssl_init_wbio_buffer();
+SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
 
-#endif
 
 #endif
-int ssl3_cert_verify_mac();
-int ssl3_alert_code();
-int tls1_new();
-void tls1_free();
-void tls1_clear();
-long tls1_ctrl();
-SSL_METHOD *tlsv1_base_method();
-int tls1_change_cipher_state();
-int tls1_setup_key_block();
-int tls1_enc();
-int tls1_final_finish_mac();
-int tls1_cert_verify_mac();
-int tls1_mac();
-int tls1_generate_master_secret();
-int tls1_alert_code();
-int ssl_ok();
diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c
index a8a62f1b04..03828b6632 100644
--- a/ssl/ssl_rsa.c
+++ b/ssl/ssl_rsa.c
@@ -57,53 +57,32 @@
  */
 
 #include <stdio.h>
-#include "bio.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
-#include "pem.h"
 #include "ssl_locl.h"
+#include <openssl/bio.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
 
-#ifndef NOPROTO
 static int ssl_set_cert(CERT *c, X509 *x509);
 static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
-#else
-static int ssl_set_cert();
-static int ssl_set_pkey();
-#endif
-
-int SSL_use_certificate(ssl, x)
-SSL *ssl;
-X509 *x;
+int SSL_use_certificate(SSL *ssl, X509 *x)
 	{
-	CERT *c;
-
 	if (x == NULL)
 		{
 		SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
 		return(0);
 		}
-	if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert))
+	if (!ssl_cert_inst(&ssl->cert))
 		{
-		c=ssl_cert_new();
-		if (c == NULL)
-			{
-			SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
-		ssl->cert=c;
+		SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+		return(0);
 		}
-	c=ssl->cert;
-
-	return(ssl_set_cert(c,x));
+	return(ssl_set_cert(ssl->cert,x));
 	}
 
-#ifndef NO_STDIO
-int SSL_use_certificate_file(ssl, file, type)
-SSL *ssl;
-char *file;
-int type;
+#ifndef OPENSSL_NO_STDIO
+int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
 	{
 	int j;
 	BIO *in;
@@ -130,7 +109,7 @@ int type;
 	else if (type == SSL_FILETYPE_PEM)
 		{
 		j=ERR_R_PEM_LIB;
-		x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback);
+		x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
 		}
 	else
 		{
@@ -152,10 +131,7 @@ end:
 	}
 #endif
 
-int SSL_use_certificate_ASN1(ssl, len, d)
-SSL *ssl;
-int len;
-unsigned char *d;
+int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len)
 	{
 	X509 *x;
 	int ret;
@@ -172,12 +148,9 @@ unsigned char *d;
 	return(ret);
 	}
 
-#ifndef NO_RSA
-int SSL_use_RSAPrivateKey(ssl, rsa)
-SSL *ssl;
-RSA *rsa;
+#ifndef OPENSSL_NO_RSA
+int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
 	{
-	CERT *c;
 	EVP_PKEY *pkey;
 	int ret;
 
@@ -186,37 +159,27 @@ RSA *rsa;
 		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
 		return(0);
 		}
-
-        if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert))
-                {
-                c=ssl_cert_new();
-		if (c == NULL)
-			{
-			SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-                if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
-		ssl->cert=c;
+	if (!ssl_cert_inst(&ssl->cert))
+		{
+		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
+		return(0);
 		}
-	c=ssl->cert;
 	if ((pkey=EVP_PKEY_new()) == NULL)
 		{
 		SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
 		return(0);
 		}
 
-	CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
+	RSA_up_ref(rsa);
 	EVP_PKEY_assign_RSA(pkey,rsa);
 
-	ret=ssl_set_pkey(c,pkey);
+	ret=ssl_set_pkey(ssl->cert,pkey);
 	EVP_PKEY_free(pkey);
 	return(ret);
 	}
 #endif
 
-static int ssl_set_pkey(c,pkey)
-CERT *c;
-EVP_PKEY *pkey;
+static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
 	{
 	int i,ok=0,bad=0;
 
@@ -229,11 +192,13 @@ EVP_PKEY *pkey;
 
 	if (c->pkeys[i].x509 != NULL)
 		{
-		EVP_PKEY_copy_parameters(
-			X509_get_pubkey(c->pkeys[i].x509),pkey);
+		EVP_PKEY *pktmp;
+		pktmp =	X509_get_pubkey(c->pkeys[i].x509);
+		EVP_PKEY_copy_parameters(pktmp,pkey);
+		EVP_PKEY_free(pktmp);
 		ERR_clear_error();
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		/* Don't check the public/private key, this is mostly
 		 * for smart cards. */
 		if ((pkey->type == EVP_PKEY_RSA) &&
@@ -286,12 +251,9 @@ EVP_PKEY *pkey;
 	return(1);
 	}
 
-#ifndef NO_RSA
-#ifndef NO_STDIO
-int SSL_use_RSAPrivateKey_file(ssl, file, type)
-SSL *ssl;
-char *file;
-int type;
+#ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_STDIO
+int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
 	{
 	int j,ret=0;
 	BIO *in;
@@ -318,7 +280,7 @@ int type;
 		{
 		j=ERR_R_PEM_LIB;
 		rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
-			ssl->ctx->default_passwd_callback);
+			ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
 		}
 	else
 		{
@@ -338,13 +300,10 @@ end:
 	}
 #endif
 
-int SSL_use_RSAPrivateKey_ASN1(ssl,d,len)
-SSL *ssl;
-unsigned char *d;
-long len;
+int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len)
 	{
 	int ret;
-	unsigned char *p;
+	const unsigned char *p;
 	RSA *rsa;
 
 	p=d;
@@ -358,13 +317,10 @@ long len;
 	RSA_free(rsa);
 	return(ret);
 	}
-#endif /* !NO_RSA */
+#endif /* !OPENSSL_NO_RSA */
 
-int SSL_use_PrivateKey(ssl, pkey)
-SSL *ssl;
-EVP_PKEY *pkey;
+int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
 	{
-	CERT *c;
 	int ret;
 
 	if (pkey == NULL)
@@ -372,29 +328,17 @@ EVP_PKEY *pkey;
 		SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
 		return(0);
 		}
-
-        if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert))
-                {
-                c=ssl_cert_new();
-		if (c == NULL)
-			{
-			SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-                if (ssl->cert != NULL) ssl_cert_free(ssl->cert);
-		ssl->cert=c;
+	if (!ssl_cert_inst(&ssl->cert))
+		{
+		SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
+		return(0);
 		}
-	c=ssl->cert;
-
-	ret=ssl_set_pkey(c,pkey);
+	ret=ssl_set_pkey(ssl->cert,pkey);
 	return(ret);
 	}
 
-#ifndef NO_STDIO
-int SSL_use_PrivateKey_file(ssl, file, type)
-SSL *ssl;
-char *file;
-int type;
+#ifndef OPENSSL_NO_STDIO
+int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
 	{
 	int j,ret=0;
 	BIO *in;
@@ -416,7 +360,7 @@ int type;
 		{
 		j=ERR_R_PEM_LIB;
 		pkey=PEM_read_bio_PrivateKey(in,NULL,
-			ssl->ctx->default_passwd_callback);
+			ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata);
 		}
 	else
 		{
@@ -436,11 +380,7 @@ end:
 	}
 #endif
 
-int SSL_use_PrivateKey_ASN1(type,ssl,d,len)
-int type;
-SSL *ssl;
-unsigned char *d;
-long len;
+int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len)
 	{
 	int ret;
 	unsigned char *p;
@@ -458,36 +398,22 @@ long len;
 	return(ret);
 	}
 
-int SSL_CTX_use_certificate(ctx, x)
-SSL_CTX *ctx;
-X509 *x;
+int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
 	{
-	CERT *c;
-
 	if (x == NULL)
 		{
 		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER);
 		return(0);
 		}
-
-	if (ctx->default_cert == NULL)
+	if (!ssl_cert_inst(&ctx->cert))
 		{
-		c=ssl_cert_new();
-		if (c == NULL)
-			{
-			SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		ctx->default_cert=c;
+		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE);
+		return(0);
 		}
-	c=ctx->default_cert;
-
-	return(ssl_set_cert(c,x));
+	return(ssl_set_cert(ctx->cert, x));
 	}
 
-static int ssl_set_cert(c,x)
-CERT *c;
-X509 *x;
+static int ssl_set_cert(CERT *c, X509 *x)
 	{
 	EVP_PKEY *pkey;
 	int i,ok=0,bad=0;
@@ -503,6 +429,7 @@ X509 *x;
 	if (i < 0)
 		{
 		SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+		EVP_PKEY_free(pkey);
 		return(0);
 		}
 
@@ -511,7 +438,7 @@ X509 *x;
 		EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey);
 		ERR_clear_error();
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 		/* Don't check the public/private key, this is mostly
 		 * for smart cards. */
 		if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) &&
@@ -544,11 +471,12 @@ X509 *x;
 			}
 		else
 			ok=1;
-		} /* NO_RSA */
+		} /* OPENSSL_NO_RSA */
 		}
 	else
 		ok=1;
 
+	EVP_PKEY_free(pkey);
 	if (bad)
 		{
 		EVP_PKEY_free(c->pkeys[i].privatekey);
@@ -565,11 +493,8 @@ X509 *x;
 	return(1);
 	}
 
-#ifndef NO_STDIO
-int SSL_CTX_use_certificate_file(ctx, file, type)
-SSL_CTX *ctx;
-char *file;
-int type;
+#ifndef OPENSSL_NO_STDIO
+int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
 	{
 	int j;
 	BIO *in;
@@ -596,7 +521,7 @@ int type;
 	else if (type == SSL_FILETYPE_PEM)
 		{
 		j=ERR_R_PEM_LIB;
-		x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback);
+		x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
 		}
 	else
 		{
@@ -618,10 +543,7 @@ end:
 	}
 #endif
 
-int SSL_CTX_use_certificate_ASN1(ctx, len, d)
-SSL_CTX *ctx;
-int len;
-unsigned char *d;
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d)
 	{
 	X509 *x;
 	int ret;
@@ -638,13 +560,10 @@ unsigned char *d;
 	return(ret);
 	}
 
-#ifndef NO_RSA
-int SSL_CTX_use_RSAPrivateKey(ctx, rsa)
-SSL_CTX *ctx;
-RSA *rsa;
+#ifndef OPENSSL_NO_RSA
+int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
 	{
 	int ret;
-	CERT *c;
 	EVP_PKEY *pkey;
 
 	if (rsa == NULL)
@@ -652,37 +571,27 @@ RSA *rsa;
 		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
 		return(0);
 		}
-	if (ctx->default_cert == NULL)
+	if (!ssl_cert_inst(&ctx->cert))
 		{
-		c=ssl_cert_new();
-		if (c == NULL)
-			{
-			SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		ctx->default_cert=c;
+		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE);
+		return(0);
 		}
-	c=ctx->default_cert;
-
 	if ((pkey=EVP_PKEY_new()) == NULL)
 		{
 		SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB);
 		return(0);
 		}
 
-	CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
+	RSA_up_ref(rsa);
 	EVP_PKEY_assign_RSA(pkey,rsa);
 
-	ret=ssl_set_pkey(c,pkey);
+	ret=ssl_set_pkey(ctx->cert, pkey);
 	EVP_PKEY_free(pkey);
 	return(ret);
 	}
 
-#ifndef NO_STDIO
-int SSL_CTX_use_RSAPrivateKey_file(ctx, file, type)
-SSL_CTX *ctx;
-char *file;
-int type;
+#ifndef OPENSSL_NO_STDIO
+int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
 	{
 	int j,ret=0;
 	BIO *in;
@@ -709,7 +618,7 @@ int type;
 		{
 		j=ERR_R_PEM_LIB;
 		rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
-			ctx->default_passwd_callback);
+			ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
 		}
 	else
 		{
@@ -729,13 +638,10 @@ end:
 	}
 #endif
 
-int SSL_CTX_use_RSAPrivateKey_ASN1(ctx,d,len)
-SSL_CTX *ctx;
-unsigned char *d;
-long len;
+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len)
 	{
 	int ret;
-	unsigned char *p;
+	const unsigned char *p;
 	RSA *rsa;
 
 	p=d;
@@ -749,40 +655,25 @@ long len;
 	RSA_free(rsa);
 	return(ret);
 	}
-#endif /* !NO_RSA */
+#endif /* !OPENSSL_NO_RSA */
 
-int SSL_CTX_use_PrivateKey(ctx, pkey)
-SSL_CTX *ctx;
-EVP_PKEY *pkey;
+int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
 	{
-	CERT *c;
-
 	if (pkey == NULL)
 		{
 		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER);
 		return(0);
 		}
-		
-	if (ctx->default_cert == NULL)
+	if (!ssl_cert_inst(&ctx->cert))
 		{
-		c=ssl_cert_new();
-		if (c == NULL)
-			{
-			SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		ctx->default_cert=c;
+		SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE);
+		return(0);
 		}
-	c=ctx->default_cert;
-
-	return(ssl_set_pkey(c,pkey));
+	return(ssl_set_pkey(ctx->cert,pkey));
 	}
 
-#ifndef NO_STDIO
-int SSL_CTX_use_PrivateKey_file(ctx, file, type)
-SSL_CTX *ctx;
-char *file;
-int type;
+#ifndef OPENSSL_NO_STDIO
+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
 	{
 	int j,ret=0;
 	BIO *in;
@@ -804,7 +695,7 @@ int type;
 		{
 		j=ERR_R_PEM_LIB;
 		pkey=PEM_read_bio_PrivateKey(in,NULL,
-			ctx->default_passwd_callback);
+			ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
 		}
 	else
 		{
@@ -824,11 +715,8 @@ end:
 	}
 #endif
 
-int SSL_CTX_use_PrivateKey_ASN1(type,ctx,d,len)
-int type;
-SSL_CTX *ctx;
-unsigned char *d;
-long len;
+int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d,
+	     long len)
 	{
 	int ret;
 	unsigned char *p;
@@ -847,3 +735,81 @@ long len;
 	}
 
 
+#ifndef OPENSSL_NO_STDIO
+/* Read a file that contains our certificate in "PEM" format,
+ * possibly followed by a sequence of CA certificates that should be
+ * sent to the peer in the Certificate message.
+ */
+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
+	{
+	BIO *in;
+	int ret=0;
+	X509 *x=NULL;
+
+	in=BIO_new(BIO_s_file_internal());
+	if (in == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
+		goto end;
+		}
+
+	if (BIO_read_filename(in,file) <= 0)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB);
+		goto end;
+		}
+
+	x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
+	if (x == NULL)
+		{
+		SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
+		goto end;
+		}
+
+	ret=SSL_CTX_use_certificate(ctx,x);
+	if (ERR_peek_error() != 0)
+		ret = 0;  /* Key/certificate mismatch doesn't imply ret==0 ... */
+	if (ret)
+		{
+		/* If we could set up our certificate, now proceed to
+		 * the CA certificates.
+		 */
+		X509 *ca;
+		int r;
+		unsigned long err;
+		
+		if (ctx->extra_certs != NULL) 
+			{
+			sk_X509_pop_free(ctx->extra_certs, X509_free);
+			ctx->extra_certs = NULL;
+			}
+
+		while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
+			!= NULL)
+			{
+			r = SSL_CTX_add_extra_chain_cert(ctx, ca);
+			if (!r) 
+				{
+				X509_free(ca);
+				ret = 0;
+				goto end;
+				}
+			/* Note that we must not free r if it was successfully
+			 * added to the chain (while we must free the main
+			 * certificate, since its reference count is increased
+			 * by SSL_CTX_use_certificate). */
+			}
+		/* When the while loop ends, it's usually just EOF. */
+		err = ERR_peek_last_error();
+		if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
+			(void)ERR_get_error();
+		else 
+			ret = 0; /* some real error */
+		}
+
+end:
+	if (x != NULL) X509_free(x);
+	if (in != NULL) BIO_free(in);
+	return(ret);
+	}
+#endif
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index d4978a7d50..fbc30b94e6 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -57,60 +57,58 @@
  */
 
 #include <stdio.h>
-#include "lhash.h"
-#include "rand.h"
+#include <openssl/lhash.h>
+#include <openssl/rand.h>
 #include "ssl_locl.h"
+#include "cryptlib.h"
 
-#ifndef NOPROTO
 static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
 static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
-#else
-static void SSL_SESSION_list_remove();
-static void SSL_SESSION_list_add();
-#endif
-
-static int ssl_session_num=0;
-static STACK *ssl_session_meth=NULL;
+static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
 
-SSL_SESSION *SSL_get_session(ssl)
-SSL *ssl;
+SSL_SESSION *SSL_get_session(SSL *ssl)
+/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
 	{
 	return(ssl->session);
 	}
 
-int SSL_SESSION_get_ex_new_index(argl,argp,new_func,dup_func,free_func)
-long argl;
-char *argp;
-int (*new_func)();
-int (*dup_func)();
-void (*free_func)();
-        {
-        ssl_session_num++;
-        return(CRYPTO_get_ex_new_index(ssl_session_num-1,
-		&ssl_session_meth,
-                argl,argp,new_func,dup_func,free_func));
-        }
-
-int SSL_SESSION_set_ex_data(s,idx,arg)
-SSL_SESSION *s;
-int idx;
-char *arg;
+SSL_SESSION *SSL_get1_session(SSL *ssl)
+/* variant of SSL_get_session: caller really gets something */
+	{
+	SSL_SESSION *sess;
+	/* Need to lock this all up rather than just use CRYPTO_add so that
+	 * somebody doesn't free ssl->session between when we check it's
+	 * non-null and when we up the reference count. */
+	CRYPTO_r_lock(CRYPTO_LOCK_SSL_SESSION);
+	sess = ssl->session;
+	if(sess)
+		sess->references++;
+	CRYPTO_r_unlock(CRYPTO_LOCK_SSL_SESSION);
+	return(sess);
+	}
+
+int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+	{
+	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp,
+			new_func, dup_func, free_func);
+	}
+
+int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
 	{
 	return(CRYPTO_set_ex_data(&s->ex_data,idx,arg));
 	}
 
-char *SSL_SESSION_get_ex_data(s,idx)
-SSL_SESSION *s;
-int idx;
+void *SSL_SESSION_get_ex_data(SSL_SESSION *s, int idx)
 	{
 	return(CRYPTO_get_ex_data(&s->ex_data,idx));
 	}
 
-SSL_SESSION *SSL_SESSION_new()
+SSL_SESSION *SSL_SESSION_new(void)
 	{
 	SSL_SESSION *ss;
 
-	ss=(SSL_SESSION *)Malloc(sizeof(SSL_SESSION));
+	ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION));
 	if (ss == NULL)
 		{
 		SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE);
@@ -118,26 +116,64 @@ SSL_SESSION *SSL_SESSION_new()
 		}
 	memset(ss,0,sizeof(SSL_SESSION));
 
+	ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
 	ss->references=1;
 	ss->timeout=60*5+4; /* 5 minute timeout by default */
 	ss->time=time(NULL);
 	ss->prev=NULL;
 	ss->next=NULL;
-	CRYPTO_new_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data);
+	ss->compress_meth=0;
+	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
 	return(ss);
 	}
 
-int ssl_get_new_session(s, session)
-SSL *s;
-int session;
+/* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
+ * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
+ * until we have no conflict is going to complete in one iteration pretty much
+ * "most" of the time (btw: understatement). So, if it takes us 10 iterations
+ * and we still can't avoid a conflict - well that's a reasonable point to call
+ * it quits. Either the RAND code is broken or someone is trying to open roughly
+ * very close to 2^128 (or 2^256) SSL sessions to our server. How you might
+ * store that many sessions is perhaps a more interesting question ... */
+
+#define MAX_SESS_ID_ATTEMPTS 10
+static int def_generate_session_id(const SSL *ssl, unsigned char *id,
+				unsigned int *id_len)
+{
+	unsigned int retry = 0;
+	do
+		RAND_pseudo_bytes(id, *id_len);
+	while(SSL_has_matching_session_id(ssl, id, *id_len) &&
+		(++retry < MAX_SESS_ID_ATTEMPTS));
+	if(retry < MAX_SESS_ID_ATTEMPTS)
+		return 1;
+	/* else - woops a session_id match */
+	/* XXX We should also check the external cache --
+	 * but the probability of a collision is negligible, and
+	 * we could not prevent the concurrent creation of sessions
+	 * with identical IDs since we currently don't have means
+	 * to atomically check whether a session ID already exists
+	 * and make a reservation for it if it does not
+	 * (this problem applies to the internal cache as well).
+	 */
+	return 0;
+}
+
+int ssl_get_new_session(SSL *s, int session)
 	{
+	/* This gets used by clients and servers. */
+
+	unsigned int tmp;
 	SSL_SESSION *ss=NULL;
+	GEN_SESSION_CB cb = def_generate_session_id;
 
 	if ((ss=SSL_SESSION_new()) == NULL) return(0);
 
 	/* If the context has a default timeout, use it */
-	if (s->ctx->session_timeout != 0)
+	if (s->ctx->session_timeout == 0)
 		ss->timeout=SSL_get_default_timeout(s);
+	else
+		ss->timeout=s->ctx->session_timeout;
 
 	if (s->session != NULL)
 		{
@@ -147,7 +183,7 @@ int session;
 
 	if (session)
 		{
-		if (s->version == SSL2_CLIENT_VERSION)
+		if (s->version == SSL2_VERSION)
 			{
 			ss->ssl_version=SSL2_VERSION;
 			ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH;
@@ -168,18 +204,46 @@ int session;
 			SSL_SESSION_free(ss);
 			return(0);
 			}
-
-		for (;;)
+		/* Choose which callback will set the session ID */
+		CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
+		if(s->generate_session_id)
+			cb = s->generate_session_id;
+		else if(s->ctx->generate_session_id)
+			cb = s->ctx->generate_session_id;
+		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+		/* Choose a session ID */
+		tmp = ss->session_id_length;
+		if(!cb(s, ss->session_id, &tmp))
 			{
-			SSL_SESSION *r;
-
-			RAND_bytes(ss->session_id,ss->session_id_length);
-			CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-			r=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,
-				(char *)ss);
-			CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-			if (r == NULL) break;
-			/* else - woops a session_id match */
+			/* The callback failed */
+			SSLerr(SSL_F_SSL_GET_NEW_SESSION,
+				SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
+			SSL_SESSION_free(ss);
+			return(0);
+			}
+		/* Don't allow the callback to set the session length to zero.
+		 * nor set it higher than it was. */
+		if(!tmp || (tmp > ss->session_id_length))
+			{
+			/* The callback set an illegal length */
+			SSLerr(SSL_F_SSL_GET_NEW_SESSION,
+				SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
+			SSL_SESSION_free(ss);
+			return(0);
+			}
+		/* If the session length was shrunk and we're SSLv2, pad it */
+		if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION))
+			memset(ss->session_id + tmp, 0, ss->session_id_length - tmp);
+		else
+			ss->session_id_length = tmp;
+		/* Finally, check for a conflict */
+		if(SSL_has_matching_session_id(s, ss->session_id,
+						ss->session_id_length))
+			{
+			SSLerr(SSL_F_SSL_GET_NEW_SESSION,
+				SSL_R_SSL_SESSION_ID_CONFLICT);
+			SSL_SESSION_free(ss);
+			return(0);
 			}
 		}
 	else
@@ -187,58 +251,109 @@ int session;
 		ss->session_id_length=0;
 		}
 
+	if (s->sid_ctx_length > sizeof ss->sid_ctx)
+		{
+		SSLerr(SSL_F_SSL_GET_NEW_SESSION, ERR_R_INTERNAL_ERROR);
+		SSL_SESSION_free(ss);
+		return 0;
+		}
+	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
+	ss->sid_ctx_length=s->sid_ctx_length;
 	s->session=ss;
 	ss->ssl_version=s->version;
+	ss->verify_result = X509_V_OK;
 
 	return(1);
 	}
 
-int ssl_get_prev_session(s,session_id,len)
-SSL *s;
-unsigned char *session_id;
-int len;
+int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len)
 	{
+	/* This is used only by servers. */
+
 	SSL_SESSION *ret=NULL,data;
+	int fatal = 0;
 
-	/* conn_init();*/
 	data.ssl_version=s->version;
 	data.session_id_length=len;
 	if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
-		return(0);
-	memcpy(data.session_id,session_id,len);;
+		goto err;
+	memcpy(data.session_id,session_id,len);
 
 	if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
 		{
 		CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-		ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,(char *)&data);
+		ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data);
+		if (ret != NULL)
+		    /* don't allow other threads to steal it: */
+		    CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
 		CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
 		}
 
 	if (ret == NULL)
 		{
 		int copy=1;
-
-		s->ctx->sess_miss++;
+	
+		s->ctx->stats.sess_miss++;
 		ret=NULL;
-		if ((s->ctx->get_session_cb != NULL) &&
-			((ret=s->ctx->get_session_cb(s,session_id,len,&copy))
-				!= NULL))
+		if (s->ctx->get_session_cb != NULL
+		    && (ret=s->ctx->get_session_cb(s,session_id,len,&copy))
+		       != NULL)
 			{
-			s->ctx->sess_cb_hit++;
-
-			/* The following should not return 1, otherwise,
-			 * things are very strange */
-			SSL_CTX_add_session(s->ctx,ret);
-			/* auto free it */
-			if (!copy)
-				SSL_SESSION_free(ret);
+			s->ctx->stats.sess_cb_hit++;
+
+			/* Increment reference count now if the session callback
+			 * asks us to do so (note that if the session structures
+			 * returned by the callback are shared between threads,
+			 * it must handle the reference count itself [i.e. copy == 0],
+			 * or things won't be thread-safe). */
+			if (copy)
+				CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+
+			/* Add the externally cached session to the internal
+			 * cache as well if and only if we are supposed to. */
+			if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
+				/* The following should not return 1, otherwise,
+				 * things are very strange */
+				SSL_CTX_add_session(s->ctx,ret);
+			}
+		if (ret == NULL)
+			goto err;
+		}
+
+	/* Now ret is non-NULL, and we own one of its reference counts. */
+
+	if((s->verify_mode&SSL_VERIFY_PEER)
+	   && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length
+	       || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length)))
+	    {
+		/* We've found the session named by the client, but we don't
+		 * want to use it in this context. */
+		
+		if (s->sid_ctx_length == 0)
+			{
+			/* application should have used SSL[_CTX]_set_session_id_context
+			 * -- we could tolerate this and just pretend we never heard
+			 * of this session, but then applications could effectively
+			 * disable the session cache by accident without anyone noticing */
+
+			SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
+			fatal = 1;
+			goto err;
+			}
+		else
+			{
+#if 0 /* The client cannot always know when a session is not appropriate,
+	   * so we shouldn't generate an error message. */
+
+			SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+#endif
+			goto err; /* treat like cache miss */
 			}
-		if (ret == NULL) return(0);
 		}
 
 	if (ret->cipher == NULL)
 		{
-		char buf[5],*p;
+		unsigned char buf[5],*p;
 		unsigned long l;
 
 		p=buf;
@@ -249,25 +364,28 @@ int len;
 		else 
 			ret->cipher=ssl_get_cipher_by_char(s,&(buf[1]));
 		if (ret->cipher == NULL)
-			return(0);
+			goto err;
 		}
 
+
+#if 0 /* This is way too late. */
+
 	/* If a thread got the session, then 'swaped', and another got
-	 * it and then due to a time-out decided to 'Free' it we could
+	 * it and then due to a time-out decided to 'OPENSSL_free' it we could
 	 * be in trouble.  So I'll increment it now, then double decrement
 	 * later - am I speaking rubbish?. */
 	CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+#endif
 
 	if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */
 		{
-		s->ctx->sess_timeout++;
+		s->ctx->stats.sess_timeout++;
 		/* remove it from the cache */
 		SSL_CTX_remove_session(s->ctx,ret);
-		SSL_SESSION_free(ret);		/* again to actually Free it */
-		return(0);
+		goto err;
 		}
 
-	s->ctx->sess_hit++;
+	s->ctx->stats.sess_hit++;
 
 	/* ret->time=time(NULL); */ /* rezero timeout? */
 	/* again, just leave the session 
@@ -276,37 +394,64 @@ int len;
 	if (s->session != NULL)
 		SSL_SESSION_free(s->session);
 	s->session=ret;
+	s->verify_result = s->session->verify_result;
 	return(1);
+
+ err:
+	if (ret != NULL)
+		SSL_SESSION_free(ret);
+	if (fatal)
+		return -1;
+	else
+		return 0;
 	}
 
-int SSL_CTX_add_session(ctx,c)
-SSL_CTX *ctx;
-SSL_SESSION *c;
+int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
 	{
 	int ret=0;
 	SSL_SESSION *s;
 
-	/* conn_init(); */
+	/* add just 1 reference count for the SSL_CTX's session cache
+	 * even though it has two ways of access: each session is in a
+	 * doubly linked list and an lhash */
 	CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION);
+	/* if session c is in already in cache, we take back the increment later */
 
 	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-	s=(SSL_SESSION *)lh_insert(ctx->sessions,(char *)c);
+	s=(SSL_SESSION *)lh_insert(ctx->sessions,c);
 	
-	/* Put on the end of the queue unless it is already in the cache */
+	/* s != NULL iff we already had a session with the given PID.
+	 * In this case, s == c should hold (then we did not really modify
+	 * ctx->sessions), or we're in trouble. */
+	if (s != NULL && s != c)
+		{
+		/* We *are* in trouble ... */
+		SSL_SESSION_list_remove(ctx,s);
+		SSL_SESSION_free(s);
+		/* ... so pretend the other session did not exist in cache
+		 * (we cannot handle two SSL_SESSION structures with identical
+		 * session ID in the same cache, which could happen e.g. when
+		 * two threads concurrently obtain the same session from an external
+		 * cache) */
+		s = NULL;
+		}
+
+ 	/* Put at the head of the queue unless it is already in the cache */
 	if (s == NULL)
 		SSL_SESSION_list_add(ctx,c);
 
-	/* If the same session if is being 're-added', Free the old
-	 * one when the last person stops using it.
-	 * This will also work if it is alread in the cache.
-	 * The references will go up and then down :-) */
 	if (s != NULL)
 		{
-		SSL_SESSION_free(s);
+		/* existing cache entry -- decrement previously incremented reference
+		 * count because it already takes into account the cache */
+
+		SSL_SESSION_free(s); /* s == c */
 		ret=0;
 		}
 	else
 		{
+		/* new cache entry -- remove old ones if cache has become too large */
+		
 		ret=1;
 
 		if (SSL_CTX_sess_get_cache_size(ctx) > 0)
@@ -314,11 +459,11 @@ SSL_SESSION *c;
 			while (SSL_CTX_sess_number(ctx) >
 				SSL_CTX_sess_get_cache_size(ctx))
 				{
-				if (!SSL_CTX_remove_session(ctx,
-					ctx->session_cache_tail))
+				if (!remove_session_lock(ctx,
+					ctx->session_cache_tail, 0))
 					break;
 				else
-					ctx->sess_cache_full++;
+					ctx->stats.sess_cache_full++;
 				}
 			}
 		}
@@ -326,24 +471,27 @@ SSL_SESSION *c;
 	return(ret);
 	}
 
-int SSL_CTX_remove_session(ctx,c)
-SSL_CTX *ctx;
-SSL_SESSION *c;
+int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
+{
+	return remove_session_lock(ctx, c, 1);
+}
+
+static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
 	{
 	SSL_SESSION *r;
 	int ret=0;
 
 	if ((c != NULL) && (c->session_id_length != 0))
 		{
-		CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-		r=(SSL_SESSION *)lh_delete(ctx->sessions,(char *)c);
-		if (r != NULL)
+		if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+		if ((r = (SSL_SESSION *)lh_retrieve(ctx->sessions,c)) == c)
 			{
 			ret=1;
+			r=(SSL_SESSION *)lh_delete(ctx->sessions,c);
 			SSL_SESSION_list_remove(ctx,c);
 			}
 
-		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
+		if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
 
 		if (ret)
 			{
@@ -358,11 +506,13 @@ SSL_SESSION *c;
 	return(ret);
 	}
 
-void SSL_SESSION_free(ss)
-SSL_SESSION *ss;
+void SSL_SESSION_free(SSL_SESSION *ss)
 	{
 	int i;
 
+	if(ss == NULL)
+	    return;
+
 	i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION);
 #ifdef REF_PRINT
 	REF_PRINT("SSL_SESSION",ss);
@@ -376,21 +526,19 @@ SSL_SESSION *ss;
 		}
 #endif
 
-	CRYPTO_free_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data);
+	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
 
-	memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
-	memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
-	memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
-	if (ss->cert != NULL) ssl_cert_free(ss->cert);
+	OPENSSL_cleanse(ss->key_arg,sizeof ss->key_arg);
+	OPENSSL_cleanse(ss->master_key,sizeof ss->master_key);
+	OPENSSL_cleanse(ss->session_id,sizeof ss->session_id);
+	if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
 	if (ss->peer != NULL) X509_free(ss->peer);
-	if (ss->ciphers != NULL) sk_free(ss->ciphers);
-	memset(ss,0,sizeof(*ss));
-	Free(ss);
+	if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
+	OPENSSL_cleanse(ss,sizeof(*ss));
+	OPENSSL_free(ss);
 	}
 
-int SSL_set_session(s, session)
-SSL *s;
-SSL_SESSION *session;
+int SSL_set_session(SSL *s, SSL_SESSION *session)
 	{
 	int ret=0;
 	SSL_METHOD *meth;
@@ -410,14 +558,29 @@ SSL_SESSION *session;
 			{
 			if (!SSL_set_ssl_method(s,meth))
 				return(0);
-			session->timeout=SSL_get_default_timeout(s);
+			if (s->ctx->session_timeout == 0)
+				session->timeout=SSL_get_default_timeout(s);
+			else
+				session->timeout=s->ctx->session_timeout;
 			}
 
+#ifndef OPENSSL_NO_KRB5
+                if (s->kssl_ctx && !s->kssl_ctx->client_princ &&
+                    session->krb5_client_princ_len > 0)
+                {
+                    s->kssl_ctx->client_princ = (char *)malloc(session->krb5_client_princ_len + 1);
+                    memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ,
+                            session->krb5_client_princ_len);
+                    s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0';
+                }
+#endif /* OPENSSL_NO_KRB5 */
+
 		/* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/
 		CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION);
 		if (s->session != NULL)
 			SSL_SESSION_free(s->session);
 		s->session=session;
+		s->verify_result = s->session->verify_result;
 		/* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/
 		ret=1;
 		}
@@ -428,42 +591,59 @@ SSL_SESSION *session;
 			SSL_SESSION_free(s->session);
 			s->session=NULL;
 			}
+
+		meth=s->ctx->method;
+		if (meth != s->method)
+			{
+			if (!SSL_set_ssl_method(s,meth))
+				return(0);
+			}
+		ret=1;
 		}
 	return(ret);
 	}
 
-long SSL_SESSION_set_timeout(s,t)
-SSL_SESSION *s;
-long t;
+long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
 	{
 	if (s == NULL) return(0);
 	s->timeout=t;
 	return(1);
 	}
 
-long SSL_SESSION_get_timeout(s)
-SSL_SESSION *s;
+long SSL_SESSION_get_timeout(SSL_SESSION *s)
 	{
 	if (s == NULL) return(0);
 	return(s->timeout);
 	}
 
-long SSL_SESSION_get_time(s)
-SSL_SESSION *s;
+long SSL_SESSION_get_time(SSL_SESSION *s)
 	{
 	if (s == NULL) return(0);
 	return(s->time);
 	}
 
-long SSL_SESSION_set_time(s,t)
-SSL_SESSION *s;
-long t;
+long SSL_SESSION_set_time(SSL_SESSION *s, long t)
 	{
 	if (s == NULL) return(0);
 	s->time=t;
 	return(t);
 	}
 
+long SSL_CTX_set_timeout(SSL_CTX *s, long t)
+	{
+	long l;
+	if (s == NULL) return(0);
+	l=s->session_timeout;
+	s->session_timeout=t;
+	return(l);
+	}
+
+long SSL_CTX_get_timeout(SSL_CTX *s)
+	{
+	if (s == NULL) return(0);
+	return(s->session_timeout);
+	}
+
 typedef struct timeout_param_st
 	{
 	SSL_CTX *ctx;
@@ -471,15 +651,13 @@ typedef struct timeout_param_st
 	LHASH *cache;
 	} TIMEOUT_PARAM;
 
-static void timeout(s,p)
-SSL_SESSION *s;
-TIMEOUT_PARAM *p;
+static void timeout(SSL_SESSION *s, TIMEOUT_PARAM *p)
 	{
 	if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */
 		{
 		/* The reason we don't call SSL_CTX_remove_session() is to
 		 * save on locking overhead */
-		lh_delete(p->cache,(char *)s);
+		lh_delete(p->cache,s);
 		SSL_SESSION_list_remove(p->ctx,s);
 		s->not_resumable=1;
 		if (p->ctx->remove_session_cb != NULL)
@@ -488,27 +666,26 @@ TIMEOUT_PARAM *p;
 		}
 	}
 
-void SSL_CTX_flush_sessions(s,t)
-SSL_CTX *s;
-long t;
+static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION *, TIMEOUT_PARAM *)
+
+void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
 	{
 	unsigned long i;
 	TIMEOUT_PARAM tp;
 
 	tp.ctx=s;
-	tp.cache=SSL_CTX_sessions(s);
+	tp.cache=s->sessions;
 	if (tp.cache == NULL) return;
 	tp.time=t;
 	CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
 	i=tp.cache->down_load;
 	tp.cache->down_load=0;
-	lh_doall_arg(tp.cache,(void (*)())timeout,(char *)&tp);
+	lh_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), &tp);
 	tp.cache->down_load=i;
 	CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
 	}
 
-int ssl_clear_bad_session(s)
-SSL *s;
+int ssl_clear_bad_session(SSL *s)
 	{
 	if (	(s->session != NULL) &&
 		!(s->shutdown & SSL_SENT_SHUTDOWN) &&
@@ -522,9 +699,7 @@ SSL *s;
 	}
 
 /* locked by SSL_CTX in the calling function */
-static void SSL_SESSION_list_remove(ctx,s)
-SSL_CTX *ctx;
-SSL_SESSION *s;
+static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
 	{
 	if ((s->next == NULL) || (s->prev == NULL)) return;
 
@@ -557,9 +732,7 @@ SSL_SESSION *s;
 	s->prev=s->next=NULL;
 	}
 
-static void SSL_SESSION_list_add(ctx,s)
-SSL_CTX *ctx;
-SSL_SESSION *s;
+static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
 	{
 	if ((s->next != NULL) && (s->prev != NULL))
 		SSL_SESSION_list_remove(ctx,s);
diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c
index a1daf25dd4..b16d253081 100644
--- a/ssl/ssl_stat.c
+++ b/ssl/ssl_stat.c
@@ -59,23 +59,22 @@
 #include <stdio.h>
 #include "ssl_locl.h"
 
-char *SSL_state_string_long(s)
-SSL *s;
+const char *SSL_state_string_long(const SSL *s)
 	{
-	char *str;
+	const char *str;
 
 	switch (s->state)
 		{
-case SSL_ST_BEFORE: str="before SSL initalisation"; break;
-case SSL_ST_ACCEPT: str="before accept initalisation"; break;
-case SSL_ST_CONNECT: str="before connect initalisation"; break;
+case SSL_ST_BEFORE: str="before SSL initialization"; break;
+case SSL_ST_ACCEPT: str="before accept initialization"; break;
+case SSL_ST_CONNECT: str="before connect initialization"; break;
 case SSL_ST_OK: str="SSL negotiation finished successfully"; break;
 case SSL_ST_RENEGOTIATE:	str="SSL renegotiate ciphers"; break;
-case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initalisation"; break;
-case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initalisation"; break;
-case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initalisation"; break;
-case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initalisation"; break;
-#ifndef NO_SSL2
+case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break;
+case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break;
+case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break;
+case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break;
+#ifndef OPENSSL_NO_SSL2
 case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break;
 case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break;
 case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break;
@@ -116,7 +115,7 @@ case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificat
 case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break;
 #endif
 
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
 /* SSLv3 additions */
 case SSL3_ST_CW_CLNT_HELLO_A:	str="SSLv3 write client hello A"; break;
 case SSL3_ST_CW_CLNT_HELLO_B:	str="SSLv3 write client hello B"; break;
@@ -132,10 +131,12 @@ case SSL3_ST_CR_SRVR_DONE_A:	str="SSLv3 read server done A"; break;
 case SSL3_ST_CR_SRVR_DONE_B:	str="SSLv3 read server done B"; break;
 case SSL3_ST_CW_CERT_A:		str="SSLv3 write client certificate A"; break;
 case SSL3_ST_CW_CERT_B:		str="SSLv3 write client certificate B"; break;
+case SSL3_ST_CW_CERT_C:		str="SSLv3 write client certificate C"; break;
+case SSL3_ST_CW_CERT_D:		str="SSLv3 write client certificate D"; break;
 case SSL3_ST_CW_KEY_EXCH_A:	str="SSLv3 write client key exchange A"; break;
 case SSL3_ST_CW_KEY_EXCH_B:	str="SSLv3 write client key exchange B"; break;
 case SSL3_ST_CW_CERT_VRFY_A:	str="SSLv3 write certificate verify A"; break;
-case SSL3_ST_CW_CERT_VRFY_B:	str="SSLv3 write certificate verify A"; break;
+case SSL3_ST_CW_CERT_VRFY_B:	str="SSLv3 write certificate verify B"; break;
 
 case SSL3_ST_CW_CHANGE_A:
 case SSL3_ST_SW_CHANGE_A:	str="SSLv3 write change cipher spec A"; break;
@@ -144,7 +145,7 @@ case SSL3_ST_SW_CHANGE_B:	str="SSLv3 write change cipher spec B"; break;
 case SSL3_ST_CW_FINISHED_A:	
 case SSL3_ST_SW_FINISHED_A:	str="SSLv3 write finished A"; break;
 case SSL3_ST_CW_FINISHED_B:	
-case SSL3_ST_SW_FINISHED_B:	str="SSLv3 write finished A"; break;
+case SSL3_ST_SW_FINISHED_B:	str="SSLv3 write finished B"; break;
 case SSL3_ST_CR_CHANGE_A:	
 case SSL3_ST_SR_CHANGE_A:	str="SSLv3 read change cipher spec A"; break;
 case SSL3_ST_CR_CHANGE_B:	
@@ -181,8 +182,8 @@ case SSL3_ST_SR_CERT_VRFY_A:	str="SSLv3 read certificate verify A"; break;
 case SSL3_ST_SR_CERT_VRFY_B:	str="SSLv3 read certificate verify B"; break;
 #endif
 
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
-/* SSLv2/v3 compatablitity states */
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+/* SSLv2/v3 compatibility states */
 /* client */
 case SSL23_ST_CW_CLNT_HELLO_A:	str="SSLv2/v3 write client hello A"; break;
 case SSL23_ST_CW_CLNT_HELLO_B:	str="SSLv2/v3 write client hello B"; break;
@@ -198,10 +199,9 @@ default:	str="unknown state"; break;
 	return(str);
 	}
 
-char *SSL_rstate_string_long(s)
-SSL *s;
+const char *SSL_rstate_string_long(const SSL *s)
 	{
-	char *str;
+	const char *str;
 
 	switch (s->rstate)
 		{
@@ -213,10 +213,9 @@ SSL *s;
 	return(str);
 	}
 
-char *SSL_state_string(s)
-SSL *s;
+const char *SSL_state_string(const SSL *s)
 	{
-	char *str;
+	const char *str;
 
 	switch (s->state)
 		{
@@ -224,7 +223,7 @@ case SSL_ST_BEFORE:				str="PINIT "; break;
 case SSL_ST_ACCEPT:				str="AINIT "; break;
 case SSL_ST_CONNECT:				str="CINIT "; break;
 case SSL_ST_OK:			 		str="SSLOK "; break;
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_SSL2
 case SSL2_ST_CLIENT_START_ENCRYPTION:		str="2CSENC"; break;
 case SSL2_ST_SERVER_START_ENCRYPTION:		str="2SSENC"; break;
 case SSL2_ST_SEND_CLIENT_HELLO_A:		str="2SCH_A"; break;
@@ -265,7 +264,7 @@ case SSL2_ST_X509_GET_SERVER_CERTIFICATE:	str="2X9GSC"; break;
 case SSL2_ST_X509_GET_CLIENT_CERTIFICATE:	str="2X9GCC"; break;
 #endif
 
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
 /* SSLv3 additions */
 case SSL3_ST_SW_FLUSH:
 case SSL3_ST_CW_FLUSH:				str="3FLUSH"; break;
@@ -283,6 +282,8 @@ case SSL3_ST_CR_SRVR_DONE_A:			str="3RSD_A"; break;
 case SSL3_ST_CR_SRVR_DONE_B:			str="3RSD_B"; break;
 case SSL3_ST_CW_CERT_A:				str="3WCC_A"; break;
 case SSL3_ST_CW_CERT_B:				str="3WCC_B"; break;
+case SSL3_ST_CW_CERT_C:				str="3WCC_C"; break;
+case SSL3_ST_CW_CERT_D:				str="3WCC_D"; break;
 case SSL3_ST_CW_KEY_EXCH_A:			str="3WCKEA"; break;
 case SSL3_ST_CW_KEY_EXCH_B:			str="3WCKEB"; break;
 case SSL3_ST_CW_CERT_VRFY_A:			str="3WCV_A"; break;
@@ -329,8 +330,8 @@ case SSL3_ST_SR_CERT_VRFY_A:			str="3RCV_A"; break;
 case SSL3_ST_SR_CERT_VRFY_B:			str="3RCV_B"; break;
 #endif
 
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
-/* SSLv2/v3 compatablitity states */
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+/* SSLv2/v3 compatibility states */
 /* client */
 case SSL23_ST_CW_CLNT_HELLO_A:			str="23WCHA"; break;
 case SSL23_ST_CW_CLNT_HELLO_B:			str="23WCHB"; break;
@@ -346,8 +347,7 @@ default:					str="UNKWN "; break;
 	return(str);
 	}
 
-char *SSL_alert_type_string_long(value)
-int value;
+const char *SSL_alert_type_string_long(int value)
 	{
 	value>>=8;
 	if (value == SSL3_AL_WARNING)
@@ -358,8 +358,7 @@ int value;
 		return("unknown");
 	}
 
-char *SSL_alert_type_string(value)
-int value;
+const char *SSL_alert_type_string(int value)
 	{
 	value>>=8;
 	if (value == SSL3_AL_WARNING)
@@ -370,10 +369,9 @@ int value;
 		return("U");
 	}
 
-char *SSL_alert_desc_string(value)
-int value;
+const char *SSL_alert_desc_string(int value)
 	{
-	char *str;
+	const char *str;
 
 	switch (value & 0xff)
 		{
@@ -389,15 +387,26 @@ int value;
 	case SSL3_AD_CERTIFICATE_EXPIRED:	str="CE"; break;
 	case SSL3_AD_CERTIFICATE_UNKNOWN:	str="CU"; break;
 	case SSL3_AD_ILLEGAL_PARAMETER:		str="IP"; break;
+	case TLS1_AD_DECRYPTION_FAILED:		str="DC"; break;
+	case TLS1_AD_RECORD_OVERFLOW:		str="RO"; break;
+	case TLS1_AD_UNKNOWN_CA:		str="CA"; break;
+	case TLS1_AD_ACCESS_DENIED:		str="AD"; break;
+	case TLS1_AD_DECODE_ERROR:		str="DE"; break;
+	case TLS1_AD_DECRYPT_ERROR:		str="CY"; break;
+	case TLS1_AD_EXPORT_RESTRICTION:	str="ER"; break;
+	case TLS1_AD_PROTOCOL_VERSION:		str="PV"; break;
+	case TLS1_AD_INSUFFICIENT_SECURITY:	str="IS"; break;
+	case TLS1_AD_INTERNAL_ERROR:		str="IE"; break;
+	case TLS1_AD_USER_CANCELLED:		str="US"; break;
+	case TLS1_AD_NO_RENEGOTIATION:		str="NR"; break;
 	default:				str="UK"; break;
 		}
 	return(str);
 	}
 
-char *SSL_alert_desc_string_long(value)
-int value;
+const char *SSL_alert_desc_string_long(int value)
 	{
-	char *str;
+	const char *str;
 
 	switch (value & 0xff)
 		{
@@ -405,7 +414,7 @@ int value;
 		str="close notify";
 		break;
 	case SSL3_AD_UNEXPECTED_MESSAGE:
-		str="unexected_message";
+		str="unexpected_message";
 		break;
 	case SSL3_AD_BAD_RECORD_MAC:
 		str="bad record mac";
@@ -432,20 +441,55 @@ int value;
 		str="certificate expired";
 		break;
 	case SSL3_AD_CERTIFICATE_UNKNOWN:
-		str="certifcate unknown";
+		str="certificate unknown";
 		break;
 	case SSL3_AD_ILLEGAL_PARAMETER:
 		str="illegal parameter";
 		break;
+	case TLS1_AD_DECRYPTION_FAILED:
+		str="decryption failed";
+		break;
+	case TLS1_AD_RECORD_OVERFLOW:
+		str="record overflow";
+		break;
+	case TLS1_AD_UNKNOWN_CA:
+		str="unknown CA";
+		break;
+	case TLS1_AD_ACCESS_DENIED:
+		str="access denied";
+		break;
+	case TLS1_AD_DECODE_ERROR:
+		str="decode error";
+		break;
+	case TLS1_AD_DECRYPT_ERROR:
+		str="decrypt error";
+		break;
+	case TLS1_AD_EXPORT_RESTRICTION:
+		str="export restriction";
+		break;
+	case TLS1_AD_PROTOCOL_VERSION:
+		str="protocol version";
+		break;
+	case TLS1_AD_INSUFFICIENT_SECURITY:
+		str="insufficient security";
+		break;
+	case TLS1_AD_INTERNAL_ERROR:
+		str="internal error";
+		break;
+	case TLS1_AD_USER_CANCELLED:
+		str="user canceled";
+		break;
+	case TLS1_AD_NO_RENEGOTIATION:
+		str="no renegotiation";
+		break;
 	default: str="unknown"; break;
 		}
 	return(str);
 	}
 
-char *SSL_rstate_string(s)
-SSL *s;
+const char *SSL_rstate_string(const SSL *s)
 	{
-	char *str;
+	const char *str;
 
 	switch (s->rstate)
 		{
diff --git a/ssl/ssl_task.c b/ssl/ssl_task.c
index ab72166665..b5ce44b47c 100644
--- a/ssl/ssl_task.c
+++ b/ssl/ssl_task.c
@@ -123,11 +123,13 @@ int LIB$INIT_TIMER(), LIB$SHOW_TIMER();
 
 #include <string.h>		/* from ssltest.c */
 #include <errno.h>
-#include "buffer.h"
-#include "../e_os.h"
-#include "x509.h"
-#include "ssl.h"
-#include "err.h"
+
+#include "e_os.h"
+
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
 
 int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
 	int error);
@@ -224,8 +226,12 @@ int main ( int argc, char **argv )
 	printf("cipher list: %s\n", cipher ? cipher : "{undefined}" );
 
 	SSL_load_error_strings();
+	OpenSSL_add_all_algorithms();
 
+/* DRM, this was the original, but there is no such thing as SSLv2()
 	s_ctx=SSL_CTX_new(SSLv2());
+*/
+	s_ctx=SSL_CTX_new(SSLv2_server_method());
 
 	if (s_ctx == NULL) goto end;
 
@@ -252,7 +258,7 @@ int doit(io_channel chan, SSL_CTX *s_ctx )
 {
     int status, length, link_state;
      struct rpc_msg msg;
-	static char cbuf[200],sbuf[200];
+
 	SSL *s_ssl=NULL;
 	BIO *c_to_s=NULL;
 	BIO *s_to_c=NULL;
@@ -267,8 +273,12 @@ int doit(io_channel chan, SSL_CTX *s_ctx )
 	c_to_s=BIO_new(BIO_s_rtcp());
 	s_to_c=BIO_new(BIO_s_rtcp());
 	if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;
+/* original, DRM 24-SEP-1997
 	BIO_set_fd ( c_to_s, "", chan );
 	BIO_set_fd ( s_to_c, "", chan );
+*/
+	BIO_set_fd ( c_to_s, 0, chan );
+	BIO_set_fd ( s_to_c, 0, chan );
 
 	c_bio=BIO_new(BIO_f_ssl());
 	s_bio=BIO_new(BIO_f_ssl());
diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c
index ce60e1a6dd..40b76b1b26 100644
--- a/ssl/ssl_txt.c
+++ b/ssl/ssl_txt.c
@@ -57,35 +57,31 @@
  */
 
 #include <stdio.h>
-#include "buffer.h"
+#include <openssl/buffer.h>
 #include "ssl_locl.h"
 
-#ifndef NO_FP_API
-int SSL_SESSION_print_fp(fp, x)
-FILE *fp;
-SSL_SESSION *x;
-        {
-        BIO *b;
-        int ret;
+#ifndef OPENSSL_NO_FP_API
+int SSL_SESSION_print_fp(FILE *fp, SSL_SESSION *x)
+	{
+	BIO *b;
+	int ret;
 
-        if ((b=BIO_new(BIO_s_file_internal())) == NULL)
+	if ((b=BIO_new(BIO_s_file_internal())) == NULL)
 		{
 		SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
+		return(0);
 		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=SSL_SESSION_print(b,x);
-        BIO_free(b);
-        return(ret);
-        }
+	BIO_set_fp(b,fp,BIO_NOCLOSE);
+	ret=SSL_SESSION_print(b,x);
+	BIO_free(b);
+	return(ret);
+	}
 #endif
 
-int SSL_SESSION_print(bp,x)
-BIO *bp;
-SSL_SESSION *x;
+int SSL_SESSION_print(BIO *bp, SSL_SESSION *x)
 	{
-	int i;
-	char str[128],*s;
+	unsigned int i;
+	char *s;
 
 	if (x == NULL) goto err;
 	if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err;
@@ -97,30 +93,41 @@ SSL_SESSION *x;
 		s="TLSv1";
 	else
 		s="unknown";
-	sprintf(str,"    Protocol  : %s\n",s);
-	if (BIO_puts(bp,str) <= 0) goto err;
+	if (BIO_printf(bp,"    Protocol  : %s\n",s) <= 0) goto err;
 
 	if (x->cipher == NULL)
 		{
 		if (((x->cipher_id) & 0xff000000) == 0x02000000)
-			sprintf(str,"    Cipher    : %06lX\n",x->cipher_id&0xffffff);
+			{
+			if (BIO_printf(bp,"    Cipher    : %06lX\n",x->cipher_id&0xffffff) <= 0)
+				goto err;
+			}
 		else
-			sprintf(str,"    Cipher    : %04lX\n",x->cipher_id&0xffff);
+			{
+			if (BIO_printf(bp,"    Cipher    : %04lX\n",x->cipher_id&0xffff) <= 0)
+				goto err;
+			}
 		}
 	else
-		sprintf(str,"    Cipher    : %s\n",(x->cipher == NULL)?"unknown":x->cipher->name);
-	if (BIO_puts(bp,str) <= 0) goto err;
+		{
+		if (BIO_printf(bp,"    Cipher    : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0)
+			goto err;
+		}
 	if (BIO_puts(bp,"    Session-ID: ") <= 0) goto err;
-	for (i=0; i<(int)x->session_id_length; i++)
+	for (i=0; i<x->session_id_length; i++)
+		{
+		if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err;
+		}
+	if (BIO_puts(bp,"\n    Session-ID-ctx: ") <= 0) goto err;
+	for (i=0; i<x->sid_ctx_length; i++)
 		{
-		sprintf(str,"%02X",x->session_id[i]);
-		if (BIO_puts(bp,str) <= 0) goto err;
+		if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0)
+			goto err;
 		}
 	if (BIO_puts(bp,"\n    Master-Key: ") <= 0) goto err;
-	for (i=0; i<(int)x->master_key_length; i++)
+	for (i=0; i<(unsigned int)x->master_key_length; i++)
 		{
-		sprintf(str,"%02X",x->master_key[i]);
-		if (BIO_puts(bp,str) <= 0) goto err;
+		if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err;
 		}
 	if (BIO_puts(bp,"\n    Key-Arg   : ") <= 0) goto err;
 	if (x->key_arg_length == 0)
@@ -128,22 +135,49 @@ SSL_SESSION *x;
 		if (BIO_puts(bp,"None") <= 0) goto err;
 		}
 	else
-		for (i=0; i<(int)x->key_arg_length; i++)
+		for (i=0; i<x->key_arg_length; i++)
 			{
-			sprintf(str,"%02X",x->key_arg[i]);
-			if (BIO_puts(bp,str) <= 0) goto err;
+			if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err;
 			}
+#ifndef OPENSSL_NO_KRB5
+       if (BIO_puts(bp,"\n    Krb5 Principal: ") <= 0) goto err;
+            if (x->krb5_client_princ_len == 0)
+            {
+		if (BIO_puts(bp,"None") <= 0) goto err;
+		}
+	else
+		for (i=0; i<x->krb5_client_princ_len; i++)
+			{
+			if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err;
+			}
+#endif /* OPENSSL_NO_KRB5 */
+	if (x->compress_meth != 0)
+		{
+		SSL_COMP *comp;
+
+		ssl_cipher_get_evp(x,NULL,NULL,&comp);
+		if (comp == NULL)
+			{
+			if (BIO_printf(bp,"\n   Compression: %d",x->compress_meth) <= 0) goto err;
+			}
+		else
+			{
+			if (BIO_printf(bp,"\n   Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err;
+			}
+		}	
 	if (x->time != 0L)
 		{
-		sprintf(str,"\n    Start Time: %ld",x->time);
-		if (BIO_puts(bp,str) <= 0) goto err;
+		if (BIO_printf(bp, "\n    Start Time: %ld",x->time) <= 0) goto err;
 		}
 	if (x->timeout != 0L)
 		{
-		sprintf(str,"\n    Timeout   : %ld (sec)",x->timeout);
-		if (BIO_puts(bp,str) <= 0) goto err;
+		if (BIO_printf(bp, "\n    Timeout   : %ld (sec)",x->timeout) <= 0) goto err;
 		}
 	if (BIO_puts(bp,"\n") <= 0) goto err;
+
+	if (BIO_puts(bp, "    Verify return code: ") <= 0) goto err;
+	if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
+		X509_verify_cert_error_string(x->verify_result)) <= 0) goto err;
 		
 	return(1);
 err:
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index ff686913d7..8ff076250f 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -55,56 +55,146 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ * ECC cipher suite support in OpenSSL originally developed by 
+ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+ */
+
+#define _BSD_SOURCE 1		/* Or gethostname won't be declared properly
+				   on Linux and GNU platforms. */
+#define _XOPEN_SOURCE_EXTENDED	1 /* Or gethostname won't be declared properly
+				   on Compaq platforms (at least with DEC C).
+				*/
 
+#include <assert.h>
+#include <errno.h>
+#include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <errno.h>
+#include <time.h>
+
+#define USE_SOCKETS
 #include "e_os.h"
-#include "bio.h"
-#include "crypto.h"
-#include "x509.h"
-#include "ssl.h"
-#include "err.h"
-#ifdef WINDOWS
+
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/engine.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#ifdef OPENSSL_SYS_WINDOWS
+#include <winsock.h>
 #include "../crypto/bio/bss_file.c"
+#else
+#include OPENSSL_UNISTD
 #endif
 
-#define TEST_SERVER_CERT "../apps/server.pem"
-#define TEST_CLIENT_CERT "../apps/client.pem"
-
-#ifndef NOPROTO
-int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export);
-#ifndef NO_DSA
-static DH *get_dh512(void);
-#endif
+#ifdef OPENSSL_SYS_VMS
+#  define TEST_SERVER_CERT "SYS$DISK:[-.APPS]SERVER.PEM"
+#  define TEST_CLIENT_CERT "SYS$DISK:[-.APPS]CLIENT.PEM"
+#elif defined(OPENSSL_SYS_WINCE)
+#  define TEST_SERVER_CERT "\\OpenSSL\\server.pem"
+#  define TEST_CLIENT_CERT "\\OpenSSL\\client.pem"
 #else
-int MS_CALLBACK verify_callback();
-static RSA MS_CALLBACK *tmp_rsa_cb();
-#ifndef NO_DSA
-static DH *get_dh512();
+#  define TEST_SERVER_CERT "../apps/server.pem"
+#  define TEST_CLIENT_CERT "../apps/client.pem"
+#endif
+
+/* There is really no standard for this, so let's assign some tentative
+   numbers.  In any case, these numbers are only for this test */
+#define COMP_RLE	1
+#define COMP_ZLIB	2
+
+static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+#ifndef OPENSSL_NO_RSA
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength);
+static void free_tmp_rsa(void);
 #endif
+static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg);
+#define APP_CALLBACK "Test Callback Argument"
+static char *app_verify_arg = APP_CALLBACK;
+
+#ifndef OPENSSL_NO_DH
+static DH *get_dh512(void);
+static DH *get_dh1024(void);
+static DH *get_dh1024dsa(void);
 #endif
 
-BIO *bio_err=NULL;
-BIO *bio_stdout=NULL;
+static BIO *bio_err=NULL;
+static BIO *bio_stdout=NULL;
 
 static char *cipher=NULL;
-int verbose=0;
-int debug=0;
+static int verbose=0;
+static int debug=0;
+#if 0
+/* Not used yet. */
 #ifdef FIONBIO
 static int s_nbio=0;
 #endif
+#endif
 
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
 
-#ifndef  NOPROTO
+int doit_biopair(SSL *s_ssl,SSL *c_ssl,long bytes,clock_t *s_time,clock_t *c_time);
 int doit(SSL *s_ssl,SSL *c_ssl,long bytes);
-#else
-int doit();
-#endif
-
-static void sv_usage()
+static void sv_usage(void)
 	{
 	fprintf(stderr,"usage: ssltest [args ...]\n");
 	fprintf(stderr,"\n");
@@ -115,50 +205,209 @@ static void sv_usage()
 	fprintf(stderr," -reuse        - use session-id reuse\n");
 	fprintf(stderr," -num <val>    - number of connections to perform\n");
 	fprintf(stderr," -bytes <val>  - number of bytes to swap between client/server\n");
-#ifndef NO_SSL2
+#ifndef OPENSSL_NO_DH
+	fprintf(stderr," -dhe1024      - use 1024 bit key (safe prime) for DHE\n");
+	fprintf(stderr," -dhe1024dsa   - use 1024 bit key (with 160-bit subprime) for DHE\n");
+	fprintf(stderr," -no_dhe       - disable DHE\n");
+#endif
+#ifndef OPENSSL_NO_ECDH
+	fprintf(stderr," -no_ecdhe     - disable ECDHE\n");
+#endif
+#ifndef OPENSSL_NO_SSL2
 	fprintf(stderr," -ssl2         - use SSLv2\n");
 #endif
-#ifndef NO_SSL3
+#ifndef OPENSSL_NO_SSL3
 	fprintf(stderr," -ssl3         - use SSLv3\n");
 #endif
-#ifndef NO_TLS1
+#ifndef OPENSSL_NO_TLS1
 	fprintf(stderr," -tls1         - use TLSv1\n");
 #endif
 	fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
 	fprintf(stderr," -CAfile arg   - PEM format file of CA's\n");
-	fprintf(stderr," -cert arg     - Certificate file\n");
-	fprintf(stderr," -s_cert arg   - Just the server certificate file\n");
-	fprintf(stderr," -c_cert arg   - Just the client certificate file\n");
+	fprintf(stderr," -cert arg     - Server certificate file\n");
+	fprintf(stderr," -key arg      - Server key file (default: same as -cert)\n");
+	fprintf(stderr," -c_cert arg   - Client certificate file\n");
+	fprintf(stderr," -c_key arg    - Client key file (default: same as -c_cert)\n");
 	fprintf(stderr," -cipher arg   - The cipher list\n");
+	fprintf(stderr," -bio_pair     - Use BIO pairs\n");
+	fprintf(stderr," -f            - Test even cases that can't work\n");
+	fprintf(stderr," -time         - measure processor time used by client and server\n");
+	fprintf(stderr," -zlib         - use zlib compression\n");
+	fprintf(stderr," -rle          - use rle compression\n");
+#ifndef OPENSSL_NO_ECDH
+	fprintf(stderr," -named_curve arg  - Elliptic curve name to use for ephemeral ECDH keys.\n" \
+	               "                 Use \"openssl ecparam -list_curves\" for all names\n"  \
+	               "                 (default is sect163r2).\n");
+#endif
+	}
+
+static void print_details(SSL *c_ssl, const char *prefix)
+	{
+	SSL_CIPHER *ciph;
+	X509 *cert;
+		
+	ciph=SSL_get_current_cipher(c_ssl);
+	BIO_printf(bio_stdout,"%s%s, cipher %s %s",
+		prefix,
+		SSL_get_version(c_ssl),
+		SSL_CIPHER_get_version(ciph),
+		SSL_CIPHER_get_name(ciph));
+	cert=SSL_get_peer_certificate(c_ssl);
+	if (cert != NULL)
+		{
+		EVP_PKEY *pkey = X509_get_pubkey(cert);
+		if (pkey != NULL)
+			{
+			if (0) 
+				;
+#ifndef OPENSSL_NO_RSA
+			else if (pkey->type == EVP_PKEY_RSA && pkey->pkey.rsa != NULL
+				&& pkey->pkey.rsa->n != NULL)
+				{
+				BIO_printf(bio_stdout, ", %d bit RSA",
+					BN_num_bits(pkey->pkey.rsa->n));
+				}
+#endif
+#ifndef OPENSSL_NO_DSA
+			else if (pkey->type == EVP_PKEY_DSA && pkey->pkey.dsa != NULL
+				&& pkey->pkey.dsa->p != NULL)
+				{
+				BIO_printf(bio_stdout, ", %d bit DSA",
+					BN_num_bits(pkey->pkey.dsa->p));
+				}
+#endif
+			EVP_PKEY_free(pkey);
+			}
+		X509_free(cert);
+		}
+	/* The SSL API does not allow us to look at temporary RSA/DH keys,
+	 * otherwise we should print their lengths too */
+	BIO_printf(bio_stdout,"\n");
+	}
+
+static void lock_dbg_cb(int mode, int type, const char *file, int line)
+	{
+	static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
+	const char *errstr = NULL;
+	int rw;
+	
+	rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
+	if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
+		{
+		errstr = "invalid mode";
+		goto err;
+		}
+
+	if (type < 0 || type > CRYPTO_NUM_LOCKS)
+		{
+		errstr = "type out of bounds";
+		goto err;
+		}
+
+	if (mode & CRYPTO_LOCK)
+		{
+		if (modes[type])
+			{
+			errstr = "already locked";
+			/* must not happen in a single-threaded program
+			 * (would deadlock) */
+			goto err;
+			}
+
+		modes[type] = rw;
+		}
+	else if (mode & CRYPTO_UNLOCK)
+		{
+		if (!modes[type])
+			{
+			errstr = "not locked";
+			goto err;
+			}
+		
+		if (modes[type] != rw)
+			{
+			errstr = (rw == CRYPTO_READ) ?
+				"CRYPTO_r_unlock on write lock" :
+				"CRYPTO_w_unlock on read lock";
+			}
+
+		modes[type] = 0;
+		}
+	else
+		{
+		errstr = "invalid mode";
+		goto err;
+		}
+
+ err:
+	if (errstr)
+		{
+		/* we cannot use bio_err here */
+		fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
+			errstr, mode, type, file, line);
+		}
 	}
 
-int main(argc, argv)
-int argc;
-char *argv[];
+int main(int argc, char *argv[])
 	{
 	char *CApath=NULL,*CAfile=NULL;
 	int badop=0;
+	int bio_pair=0;
+	int force=0;
 	int tls1=0,ssl2=0,ssl3=0,ret=1;
 	int client_auth=0;
 	int server_auth=0,i;
+	int app_verify=0;
 	char *server_cert=TEST_SERVER_CERT;
+	char *server_key=NULL;
 	char *client_cert=TEST_CLIENT_CERT;
+	char *client_key=NULL;
+	char *named_curve = NULL;
 	SSL_CTX *s_ctx=NULL;
 	SSL_CTX *c_ctx=NULL;
 	SSL_METHOD *meth=NULL;
 	SSL *c_ssl,*s_ssl;
 	int number=1,reuse=0;
 	long bytes=1L;
-	SSL_CIPHER *ciph;
-#ifndef NO_DH
+#ifndef OPENSSL_NO_DH
 	DH *dh;
+	int dhe1024 = 0, dhe1024dsa = 0;
+#endif
+#ifndef OPENSSL_NO_ECDH
+	EC_KEY *ecdh = NULL;
 #endif
+	int no_dhe = 0;
+	int no_ecdhe = 0;
+	int print_time = 0;
+	clock_t s_time = 0, c_time = 0;
+	int comp = 0;
+	COMP_METHOD *cm = NULL;
 
-	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
-	bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
+	verbose = 0;
+	debug = 0;
+	cipher = 0;
+
+	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);	
+
+	CRYPTO_set_locking_callback(lock_dbg_cb);
 
+	/* enable memory leak checking unless explicitly disabled */
+	if (!((getenv("OPENSSL_DEBUG_MEMORY") != NULL) && (0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))))
+		{
+		CRYPTO_malloc_debug_init();
+		CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
+		}
+	else
+		{
+		/* OPENSSL_DEBUG_MEMORY=off */
+		CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
+		}
 	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
 
+	RAND_seed(rnd_seed, sizeof rnd_seed);
+
+	bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
+
 	argc--;
 	argv++;
 
@@ -174,6 +423,26 @@ char *argv[];
 			debug=1;
 		else if	(strcmp(*argv,"-reuse") == 0)
 			reuse=1;
+		else if	(strcmp(*argv,"-dhe1024") == 0)
+			{
+#ifndef OPENSSL_NO_DH
+			dhe1024=1;
+#else
+			fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
+#endif
+			}
+		else if	(strcmp(*argv,"-dhe1024dsa") == 0)
+			{
+#ifndef OPENSSL_NO_DH
+			dhe1024dsa=1;
+#else
+			fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
+#endif
+			}
+		else if	(strcmp(*argv,"-no_dhe") == 0)
+			no_dhe=1;
+		else if	(strcmp(*argv,"-no_ecdhe") == 0)
+			no_ecdhe=1;
 		else if	(strcmp(*argv,"-ssl2") == 0)
 			ssl2=1;
 		else if	(strcmp(*argv,"-tls1") == 0)
@@ -205,11 +474,26 @@ char *argv[];
 			if (--argc < 1) goto bad;
 			server_cert= *(++argv);
 			}
+		else if	(strcmp(*argv,"-key") == 0)
+			{
+			if (--argc < 1) goto bad;
+			server_key= *(++argv);
+			}
+		else if	(strcmp(*argv,"-s_key") == 0)
+			{
+			if (--argc < 1) goto bad;
+			server_key= *(++argv);
+			}
 		else if	(strcmp(*argv,"-c_cert") == 0)
 			{
 			if (--argc < 1) goto bad;
 			client_cert= *(++argv);
 			}
+		else if	(strcmp(*argv,"-c_key") == 0)
+			{
+			if (--argc < 1) goto bad;
+			client_key= *(++argv);
+			}
 		else if	(strcmp(*argv,"-cipher") == 0)
 			{
 			if (--argc < 1) goto bad;
@@ -225,6 +509,40 @@ char *argv[];
 			if (--argc < 1) goto bad;
 			CAfile= *(++argv);
 			}
+		else if	(strcmp(*argv,"-bio_pair") == 0)
+			{
+			bio_pair = 1;
+			}
+		else if	(strcmp(*argv,"-f") == 0)
+			{
+			force = 1;
+			}
+		else if	(strcmp(*argv,"-time") == 0)
+			{
+			print_time = 1;
+			}
+		else if	(strcmp(*argv,"-zlib") == 0)
+			{
+			comp = COMP_ZLIB;
+			}
+		else if	(strcmp(*argv,"-rle") == 0)
+			{
+			comp = COMP_RLE;
+			}
+		else if	(strcmp(*argv,"-named_curve") == 0)
+			{
+			if (--argc < 1) goto bad;
+#ifndef OPENSSL_NO_ECDH		
+			named_curve = *(++argv);
+#else
+			fprintf(stderr,"ignoring -named_curve, since I'm compiled without ECDH\n");
+			++argv;
+#endif
+			}
+		else if	(strcmp(*argv,"-app_verify") == 0)
+			{
+			app_verify = 1;
+			}
 		else
 			{
 			fprintf(stderr,"unknown option %s\n",*argv);
@@ -241,12 +559,49 @@ bad:
 		goto end;
 		}
 
+	if (!ssl2 && !ssl3 && !tls1 && number > 1 && !reuse && !force)
+		{
+		fprintf(stderr, "This case cannot work.  Use -f to perform "
+			"the test anyway (and\n-d to see what happens), "
+			"or add one of -ssl2, -ssl3, -tls1, -reuse\n"
+			"to avoid protocol mismatch.\n");
+		EXIT(1);
+		}
+
+	if (print_time)
+		{
+		if (!bio_pair)
+			{
+			fprintf(stderr, "Using BIO pair (-bio_pair)\n");
+			bio_pair = 1;
+			}
+		if (number < 50 && !force)
+			fprintf(stderr, "Warning: For accurate timings, use more connections (e.g. -num 1000)\n");
+		}
+
 /*	if (cipher == NULL) cipher=getenv("SSL_CIPHER"); */
 
-	SSLeay_add_ssl_algorithms();
+	SSL_library_init();
 	SSL_load_error_strings();
 
-#if !defined(NO_SSL2) && !defined(NO_SSL3)
+	if (comp == COMP_ZLIB) cm = COMP_zlib();
+	if (comp == COMP_RLE) cm = COMP_rle();
+	if (cm != NULL)
+		{
+		if (cm->type != NID_undef)
+			SSL_COMP_add_compression_method(comp, cm);
+		else
+			{
+			fprintf(stderr,
+				"Warning: %s compression not supported\n",
+				(comp == COMP_RLE ? "rle" :
+					(comp == COMP_ZLIB ? "zlib" :
+						"unknown")));
+			ERR_print_errors_fp(stderr);
+			}
+		}
+
+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 	if (ssl2)
 		meth=SSLv2_method();
 	else 
@@ -258,7 +613,7 @@ bad:
 	else
 		meth=SSLv23_method();
 #else
-#ifdef NO_SSL2
+#ifdef OPENSSL_NO_SSL2
 	meth=SSLv3_method();
 #else
 	meth=SSLv2_method();
@@ -279,13 +634,65 @@ bad:
 		SSL_CTX_set_cipher_list(s_ctx,cipher);
 		}
 
-#ifndef NO_DH
-	dh=get_dh512();
-	SSL_CTX_set_tmp_dh(s_ctx,dh);
-	DH_free(dh);
+#ifndef OPENSSL_NO_DH
+	if (!no_dhe)
+		{
+		if (dhe1024dsa)
+			{
+			/* use SSL_OP_SINGLE_DH_USE to avoid small subgroup attacks */
+			SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+			dh=get_dh1024dsa();
+			}
+		else if (dhe1024)
+			dh=get_dh1024();
+		else
+			dh=get_dh512();
+		SSL_CTX_set_tmp_dh(s_ctx,dh);
+		DH_free(dh);
+		}
+#else
+	(void)no_dhe;
+#endif
+
+#ifndef OPENSSL_NO_ECDH
+	if (!no_ecdhe)
+		{
+		ecdh = EC_KEY_new();
+		if (ecdh != NULL)
+			{
+			if (named_curve)
+				{
+				int nid = OBJ_sn2nid(named_curve);
+
+				if (nid == 0)
+					{
+					BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve);
+					EC_KEY_free(ecdh);
+					goto end;
+					}
+
+				ecdh->group = EC_GROUP_new_by_nid(nid);
+				if (ecdh->group == NULL)
+					{
+					BIO_printf(bio_err, "unable to create curve (%s)\n", named_curve);
+					EC_KEY_free(ecdh);
+					goto end;
+					}
+				}
+			
+			if (ecdh->group == NULL)
+				ecdh->group=EC_GROUP_new_by_nid(NID_sect163r2);
+
+			SSL_CTX_set_tmp_ecdh(s_ctx, ecdh);
+			SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_ECDH_USE);
+			EC_KEY_free(ecdh);
+			}
+		}
+#else
+	(void)no_ecdhe;
 #endif
 
-#ifndef NO_RSA
+#ifndef OPENSSL_NO_RSA
 	SSL_CTX_set_tmp_rsa_callback(s_ctx,tmp_rsa_cb);
 #endif
 
@@ -293,8 +700,8 @@ bad:
 		{
 		ERR_print_errors(bio_err);
 		}
-	else if (!SSL_CTX_use_PrivateKey_file(s_ctx,server_cert,
-		SSL_FILETYPE_PEM))
+	else if (!SSL_CTX_use_PrivateKey_file(s_ctx,
+		(server_key?server_key:server_cert), SSL_FILETYPE_PEM))
 		{
 		ERR_print_errors(bio_err);
 		goto end;
@@ -304,7 +711,8 @@ bad:
 		{
 		SSL_CTX_use_certificate_file(c_ctx,client_cert,
 			SSL_FILETYPE_PEM);
-		SSL_CTX_use_PrivateKey_file(c_ctx,client_cert,
+		SSL_CTX_use_PrivateKey_file(c_ctx,
+			(client_key?client_key:client_cert),
 			SSL_FILETYPE_PEM);
 		}
 
@@ -320,37 +728,89 @@ bad:
 
 	if (client_auth)
 		{
-		fprintf(stderr,"client authentication\n");
+		BIO_printf(bio_err,"client authentication\n");
 		SSL_CTX_set_verify(s_ctx,
 			SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
 			verify_callback);
+		if (app_verify) 
+			{
+			SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, app_verify_arg);
+			}
 		}
 	if (server_auth)
 		{
-		fprintf(stderr,"server authentication\n");
+		BIO_printf(bio_err,"server authentication\n");
 		SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
 			verify_callback);
+		if (app_verify) 
+			{
+			SSL_CTX_set_cert_verify_callback(s_ctx, app_verify_callback, app_verify_arg);
+			}
 		}
+	
+	{
+		int session_id_context = 0;
+		SSL_CTX_set_session_id_context(s_ctx, (void *)&session_id_context, sizeof session_id_context);
+	}
 
 	c_ssl=SSL_new(c_ctx);
 	s_ssl=SSL_new(s_ctx);
 
+#ifndef OPENSSL_NO_KRB5
+	if (c_ssl  &&  c_ssl->kssl_ctx)
+                {
+                char	localhost[MAXHOSTNAMELEN+2];
+
+		if (gethostname(localhost, sizeof localhost-1) == 0)
+                        {
+			localhost[sizeof localhost-1]='\0';
+			if(strlen(localhost) == sizeof localhost-1)
+				{
+				BIO_printf(bio_err,"localhost name too long\n");
+				goto end;
+				}
+			kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
+                                localhost);
+			}
+		}
+#endif    /* OPENSSL_NO_KRB5  */
+
 	for (i=0; i<number; i++)
 		{
 		if (!reuse) SSL_set_session(c_ssl,NULL);
-		ret=doit(s_ssl,c_ssl,bytes);
+		if (bio_pair)
+			ret=doit_biopair(s_ssl,c_ssl,bytes,&s_time,&c_time);
+		else
+			ret=doit(s_ssl,c_ssl,bytes);
 		}
 
 	if (!verbose)
 		{
-		ciph=SSL_get_current_cipher(c_ssl);
-		fprintf(stdout,"Protocol %s, cipher %s, %s\n",
-			SSL_get_version(c_ssl),
-			SSL_CIPHER_get_version(ciph),
-			SSL_CIPHER_get_name(ciph));
+		print_details(c_ssl, "");
 		}
 	if ((number > 1) || (bytes > 1L))
-		printf("%d handshakes of %ld bytes done\n",number,bytes);
+		BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n",number,bytes);
+	if (print_time)
+		{
+#ifdef CLOCKS_PER_SEC
+		/* "To determine the time in seconds, the value returned
+		 * by the clock function should be divided by the value
+		 * of the macro CLOCKS_PER_SEC."
+		 *                                       -- ISO/IEC 9899 */
+		BIO_printf(bio_stdout, "Approximate total server time: %6.2f s\n"
+			"Approximate total client time: %6.2f s\n",
+			(double)s_time/CLOCKS_PER_SEC,
+			(double)c_time/CLOCKS_PER_SEC);
+#else
+		/* "`CLOCKS_PER_SEC' undeclared (first use this function)"
+		 *                            -- cc on NeXTstep/OpenStep */
+		BIO_printf(bio_stdout,
+			"Approximate total server time: %6.2f units\n"
+			"Approximate total client time: %6.2f units\n",
+			(double)s_time,
+			(double)c_time);
+#endif
+		}
 
 	SSL_free(s_ssl);
 	SSL_free(c_ssl);
@@ -361,21 +821,414 @@ end:
 
 	if (bio_stdout != NULL) BIO_free(bio_stdout);
 
+#ifndef OPENSSL_NO_RSA
+	free_tmp_rsa();
+#endif
+	ENGINE_cleanup();
+	CRYPTO_cleanup_all_ex_data();
 	ERR_free_strings();
 	ERR_remove_state(0);
 	EVP_cleanup();
 	CRYPTO_mem_leaks(bio_err);
+	if (bio_err != NULL) BIO_free(bio_err);
 	EXIT(ret);
 	}
 
+int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count,
+	clock_t *s_time, clock_t *c_time)
+	{
+	long cw_num = count, cr_num = count, sw_num = count, sr_num = count;
+	BIO *s_ssl_bio = NULL, *c_ssl_bio = NULL;
+	BIO *server = NULL, *server_io = NULL, *client = NULL, *client_io = NULL;
+	int ret = 1;
+	
+	size_t bufsiz = 256; /* small buffer for testing */
+
+	if (!BIO_new_bio_pair(&server, bufsiz, &server_io, bufsiz))
+		goto err;
+	if (!BIO_new_bio_pair(&client, bufsiz, &client_io, bufsiz))
+		goto err;
+	
+	s_ssl_bio = BIO_new(BIO_f_ssl());
+	if (!s_ssl_bio)
+		goto err;
+
+	c_ssl_bio = BIO_new(BIO_f_ssl());
+	if (!c_ssl_bio)
+		goto err;
+
+	SSL_set_connect_state(c_ssl);
+	SSL_set_bio(c_ssl, client, client);
+	(void)BIO_set_ssl(c_ssl_bio, c_ssl, BIO_NOCLOSE);
+
+	SSL_set_accept_state(s_ssl);
+	SSL_set_bio(s_ssl, server, server);
+	(void)BIO_set_ssl(s_ssl_bio, s_ssl, BIO_NOCLOSE);
+
+	do
+		{
+		/* c_ssl_bio:          SSL filter BIO
+		 *
+		 * client:             pseudo-I/O for SSL library
+		 *
+		 * client_io:          client's SSL communication; usually to be
+		 *                     relayed over some I/O facility, but in this
+		 *                     test program, we're the server, too:
+		 *
+		 * server_io:          server's SSL communication
+		 *
+		 * server:             pseudo-I/O for SSL library
+		 *
+		 * s_ssl_bio:          SSL filter BIO
+		 *
+		 * The client and the server each employ a "BIO pair":
+		 * client + client_io, server + server_io.
+		 * BIO pairs are symmetric.  A BIO pair behaves similar
+		 * to a non-blocking socketpair (but both endpoints must
+		 * be handled by the same thread).
+		 * [Here we could connect client and server to the ends
+		 * of a single BIO pair, but then this code would be less
+		 * suitable as an example for BIO pairs in general.]
+		 *
+		 * Useful functions for querying the state of BIO pair endpoints:
+		 *
+		 * BIO_ctrl_pending(bio)              number of bytes we can read now
+		 * BIO_ctrl_get_read_request(bio)     number of bytes needed to fulfil
+		 *                                      other side's read attempt
+		 * BIO_ctrl_get_write_guarantee(bio)   number of bytes we can write now
+		 *
+		 * ..._read_request is never more than ..._write_guarantee;
+		 * it depends on the application which one you should use.
+		 */
+
+		/* We have non-blocking behaviour throughout this test program, but
+		 * can be sure that there is *some* progress in each iteration; so
+		 * we don't have to worry about ..._SHOULD_READ or ..._SHOULD_WRITE
+		 * -- we just try everything in each iteration
+		 */
+
+			{
+			/* CLIENT */
+		
+			MS_STATIC char cbuf[1024*8];
+			int i, r;
+			clock_t c_clock = clock();
+
+			memset(cbuf, 0, sizeof(cbuf));
+
+			if (debug)
+				if (SSL_in_init(c_ssl))
+					printf("client waiting in SSL_connect - %s\n",
+						SSL_state_string_long(c_ssl));
+
+			if (cw_num > 0)
+				{
+				/* Write to server. */
+				
+				if (cw_num > (long)sizeof cbuf)
+					i = sizeof cbuf;
+				else
+					i = (int)cw_num;
+				r = BIO_write(c_ssl_bio, cbuf, i);
+				if (r < 0)
+					{
+					if (!BIO_should_retry(c_ssl_bio))
+						{
+						fprintf(stderr,"ERROR in CLIENT\n");
+						goto err;
+						}
+					/* BIO_should_retry(...) can just be ignored here.
+					 * The library expects us to call BIO_write with
+					 * the same arguments again, and that's what we will
+					 * do in the next iteration. */
+					}
+				else if (r == 0)
+					{
+					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+					goto err;
+					}
+				else
+					{
+					if (debug)
+						printf("client wrote %d\n", r);
+					cw_num -= r;				
+					}
+				}
+
+			if (cr_num > 0)
+				{
+				/* Read from server. */
+
+				r = BIO_read(c_ssl_bio, cbuf, sizeof(cbuf));
+				if (r < 0)
+					{
+					if (!BIO_should_retry(c_ssl_bio))
+						{
+						fprintf(stderr,"ERROR in CLIENT\n");
+						goto err;
+						}
+					/* Again, "BIO_should_retry" can be ignored. */
+					}
+				else if (r == 0)
+					{
+					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+					goto err;
+					}
+				else
+					{
+					if (debug)
+						printf("client read %d\n", r);
+					cr_num -= r;
+					}
+				}
+
+			/* c_time and s_time increments will typically be very small
+			 * (depending on machine speed and clock tick intervals),
+			 * but sampling over a large number of connections should
+			 * result in fairly accurate figures.  We cannot guarantee
+			 * a lot, however -- if each connection lasts for exactly
+			 * one clock tick, it will be counted only for the client
+			 * or only for the server or even not at all.
+			 */
+			*c_time += (clock() - c_clock);
+			}
+
+			{
+			/* SERVER */
+		
+			MS_STATIC char sbuf[1024*8];
+			int i, r;
+			clock_t s_clock = clock();
+
+			memset(sbuf, 0, sizeof(sbuf));
+
+			if (debug)
+				if (SSL_in_init(s_ssl))
+					printf("server waiting in SSL_accept - %s\n",
+						SSL_state_string_long(s_ssl));
+
+			if (sw_num > 0)
+				{
+				/* Write to client. */
+				
+				if (sw_num > (long)sizeof sbuf)
+					i = sizeof sbuf;
+				else
+					i = (int)sw_num;
+				r = BIO_write(s_ssl_bio, sbuf, i);
+				if (r < 0)
+					{
+					if (!BIO_should_retry(s_ssl_bio))
+						{
+						fprintf(stderr,"ERROR in SERVER\n");
+						goto err;
+						}
+					/* Ignore "BIO_should_retry". */
+					}
+				else if (r == 0)
+					{
+					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
+					goto err;
+					}
+				else
+					{
+					if (debug)
+						printf("server wrote %d\n", r);
+					sw_num -= r;				
+					}
+				}
+
+			if (sr_num > 0)
+				{
+				/* Read from client. */
+
+				r = BIO_read(s_ssl_bio, sbuf, sizeof(sbuf));
+				if (r < 0)
+					{
+					if (!BIO_should_retry(s_ssl_bio))
+						{
+						fprintf(stderr,"ERROR in SERVER\n");
+						goto err;
+						}
+					/* blah, blah */
+					}
+				else if (r == 0)
+					{
+					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
+					goto err;
+					}
+				else
+					{
+					if (debug)
+						printf("server read %d\n", r);
+					sr_num -= r;
+					}
+				}
+
+			*s_time += (clock() - s_clock);
+			}
+			
+			{
+			/* "I/O" BETWEEN CLIENT AND SERVER. */
+
+			size_t r1, r2;
+			BIO *io1 = server_io, *io2 = client_io;
+			/* we use the non-copying interface for io1
+			 * and the standard BIO_write/BIO_read interface for io2
+			 */
+			
+			static int prev_progress = 1;
+			int progress = 0;
+			
+			/* io1 to io2 */
+			do
+				{
+				size_t num;
+				int r;
+
+				r1 = BIO_ctrl_pending(io1);
+				r2 = BIO_ctrl_get_write_guarantee(io2);
+
+				num = r1;
+				if (r2 < num)
+					num = r2;
+				if (num)
+					{
+					char *dataptr;
+
+					if (INT_MAX < num) /* yeah, right */
+						num = INT_MAX;
+					
+					r = BIO_nread(io1, &dataptr, (int)num);
+					assert(r > 0);
+					assert(r <= (int)num);
+					/* possibly r < num (non-contiguous data) */
+					num = r;
+					r = BIO_write(io2, dataptr, (int)num);
+					if (r != (int)num) /* can't happen */
+						{
+						fprintf(stderr, "ERROR: BIO_write could not write "
+							"BIO_ctrl_get_write_guarantee() bytes");
+						goto err;
+						}
+					progress = 1;
+
+					if (debug)
+						printf((io1 == client_io) ?
+							"C->S relaying: %d bytes\n" :
+							"S->C relaying: %d bytes\n",
+							(int)num);
+					}
+				}
+			while (r1 && r2);
+
+			/* io2 to io1 */
+			{
+				size_t num;
+				int r;
+
+				r1 = BIO_ctrl_pending(io2);
+				r2 = BIO_ctrl_get_read_request(io1);
+				/* here we could use ..._get_write_guarantee instead of
+				 * ..._get_read_request, but by using the latter
+				 * we test restartability of the SSL implementation
+				 * more thoroughly */
+				num = r1;
+				if (r2 < num)
+					num = r2;
+				if (num)
+					{
+					char *dataptr;
+					
+					if (INT_MAX < num)
+						num = INT_MAX;
+
+					if (num > 1)
+						--num; /* test restartability even more thoroughly */
+					
+					r = BIO_nwrite0(io1, &dataptr);
+					assert(r > 0);
+					if (r < (int)num)
+						num = r;
+					r = BIO_read(io2, dataptr, (int)num);
+					if (r != (int)num) /* can't happen */
+						{
+						fprintf(stderr, "ERROR: BIO_read could not read "
+							"BIO_ctrl_pending() bytes");
+						goto err;
+						}
+					progress = 1;
+					r = BIO_nwrite(io1, &dataptr, (int)num);
+					if (r != (int)num) /* can't happen */
+						{
+						fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
+							"BIO_nwrite0() bytes");
+						goto err;
+						}
+					
+					if (debug)
+						printf((io2 == client_io) ?
+							"C->S relaying: %d bytes\n" :
+							"S->C relaying: %d bytes\n",
+							(int)num);
+					}
+			} /* no loop, BIO_ctrl_get_read_request now returns 0 anyway */
+
+			if (!progress && !prev_progress)
+				if (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0)
+					{
+					fprintf(stderr, "ERROR: got stuck\n");
+					if (strcmp("SSLv2", SSL_get_version(c_ssl)) == 0)
+						{
+						fprintf(stderr, "This can happen for SSL2 because "
+							"CLIENT-FINISHED and SERVER-VERIFY are written \n"
+							"concurrently ...");
+						if (strncmp("2SCF", SSL_state_string(c_ssl), 4) == 0
+							&& strncmp("2SSV", SSL_state_string(s_ssl), 4) == 0)
+							{
+							fprintf(stderr, " ok.\n");
+							goto end;
+							}
+						}
+					fprintf(stderr, " ERROR.\n");
+					goto err;
+					}
+			prev_progress = progress;
+			}
+		}
+	while (cw_num > 0 || cr_num > 0 || sw_num > 0 || sr_num > 0);
+
+	if (verbose)
+		print_details(c_ssl, "DONE via BIO pair: ");
+end:
+	ret = 0;
+
+ err:
+	ERR_print_errors(bio_err);
+	
+	if (server)
+		BIO_free(server);
+	if (server_io)
+		BIO_free(server_io);
+	if (client)
+		BIO_free(client);
+	if (client_io)
+		BIO_free(client_io);
+	if (s_ssl_bio)
+		BIO_free(s_ssl_bio);
+	if (c_ssl_bio)
+		BIO_free(c_ssl_bio);
+
+	return ret;
+	}
+
+
 #define W_READ	1
 #define W_WRITE	2
 #define C_DONE	1
 #define S_DONE	2
 
-int doit(s_ssl,c_ssl,count)
-SSL *s_ssl,*c_ssl;
-long count;
+int doit(SSL *s_ssl, SSL *c_ssl, long count)
 	{
 	MS_STATIC char cbuf[1024*8],sbuf[1024*8];
 	long cw_num=count,cr_num=count;
@@ -391,7 +1244,9 @@ long count;
 	int done=0;
 	int c_write,s_write;
 	int do_server=0,do_client=0;
-	SSL_CIPHER *ciph;
+
+	memset(cbuf,0,sizeof(cbuf));
+	memset(sbuf,0,sizeof(sbuf));
 
 	c_to_s=BIO_new(BIO_s_mem());
 	s_to_c=BIO_new(BIO_s_mem());
@@ -641,16 +1496,12 @@ long count;
 		if ((done & S_DONE) && (done & C_DONE)) break;
 		}
 
-	ciph=SSL_get_current_cipher(c_ssl);
 	if (verbose)
-		fprintf(stdout,"DONE, protocol %s, cipher %s, %s\n",
-			SSL_get_version(c_ssl),
-			SSL_CIPHER_get_version(ciph),
-			SSL_CIPHER_get_name(ciph));
+		print_details(c_ssl, "DONE: ");
 	ret=0;
 err:
 	/* We have to set the BIO's to NULL otherwise they will be
-	 * Free()ed twice.  Once when th s_ssl is SSL_free()ed and
+	 * OPENSSL_free()ed twice.  Once when th s_ssl is SSL_free()ed and
 	 * again when c_ssl is SSL_free()ed.
 	 * This is a hack required because s_ssl and c_ssl are sharing the same
 	 * BIO structure and SSL_set_bio() and SSL_free() automatically
@@ -674,13 +1525,12 @@ err:
 	return(ret);
 	}
 
-int MS_CALLBACK verify_callback(ok, ctx)
-int ok;
-X509_STORE_CTX *ctx;
+static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
 	{
 	char *s,buf[256];
 
-	s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,256);
+	s=X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),buf,
+			    sizeof buf);
 	if (s != NULL)
 		{
 		if (ok)
@@ -704,49 +1554,145 @@ X509_STORE_CTX *ctx;
 	return(ok);
 	}
 
-#ifndef NO_DH
-static unsigned char dh512_p[]={
-	0xDA,0x58,0x3C,0x16,0xD9,0x85,0x22,0x89,0xD0,0xE4,0xAF,0x75,
-	0x6F,0x4C,0xCA,0x92,0xDD,0x4B,0xE5,0x33,0xB8,0x04,0xFB,0x0F,
-	0xED,0x94,0xEF,0x9C,0x8A,0x44,0x03,0xED,0x57,0x46,0x50,0xD3,
-	0x69,0x99,0xDB,0x29,0xD7,0x76,0x27,0x6B,0xA2,0xD3,0xD4,0x12,
-	0xE2,0x18,0xF4,0xDD,0x1E,0x08,0x4C,0xF6,0xD8,0x00,0x3E,0x7C,
-	0x47,0x74,0xE8,0x33,
-	};
-static unsigned char dh512_g[]={
-	0x02,
-	};
+static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
+	{
+	char *s = NULL,buf[256];
+	int ok=1;
+
+	fprintf(stderr, "In app_verify_callback, allowing cert. ");
+	fprintf(stderr, "Arg is: %s\n", (char *)arg);
+	fprintf(stderr, "Finished printing do we have a context? 0x%x a cert? 0x%x\n",
+			(unsigned int)ctx, (unsigned int)ctx->cert);
+	if (ctx->cert)
+		s=X509_NAME_oneline(X509_get_subject_name(ctx->cert),buf,256);
+	if (s != NULL)
+		{
+			fprintf(stderr,"cert depth=%d %s\n",ctx->error_depth,buf);
+		}
+
+	return(ok);
+	}
+
+#ifndef OPENSSL_NO_RSA
+static RSA *rsa_tmp=NULL;
+
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength)
+	{
+	if (rsa_tmp == NULL)
+		{
+		BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
+		(void)BIO_flush(bio_err);
+		rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
+		BIO_printf(bio_err,"\n");
+		(void)BIO_flush(bio_err);
+		}
+	return(rsa_tmp);
+	}
+
+static void free_tmp_rsa(void)
+	{
+	if (rsa_tmp != NULL)
+		{
+		RSA_free(rsa_tmp);
+		rsa_tmp = NULL;
+		}
+	}
+#endif
 
+#ifndef OPENSSL_NO_DH
+/* These DH parameters have been generated as follows:
+ *    $ openssl dhparam -C -noout 512
+ *    $ openssl dhparam -C -noout 1024
+ *    $ openssl dhparam -C -noout -dsaparam 1024
+ * (The third function has been renamed to avoid name conflicts.)
+ */
 static DH *get_dh512()
 	{
-	DH *dh=NULL;
+	static unsigned char dh512_p[]={
+		0xCB,0xC8,0xE1,0x86,0xD0,0x1F,0x94,0x17,0xA6,0x99,0xF0,0xC6,
+		0x1F,0x0D,0xAC,0xB6,0x25,0x3E,0x06,0x39,0xCA,0x72,0x04,0xB0,
+		0x6E,0xDA,0xC0,0x61,0xE6,0x7A,0x77,0x25,0xE8,0x3B,0xB9,0x5F,
+		0x9A,0xB6,0xB5,0xFE,0x99,0x0B,0xA1,0x93,0x4E,0x35,0x33,0xB8,
+		0xE1,0xF1,0x13,0x4F,0x59,0x1A,0xD2,0x57,0xC0,0x26,0x21,0x33,
+		0x02,0xC5,0xAE,0x23,
+		};
+	static unsigned char dh512_g[]={
+		0x02,
+		};
+	DH *dh;
 
 	if ((dh=DH_new()) == NULL) return(NULL);
 	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
 	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
 	if ((dh->p == NULL) || (dh->g == NULL))
-		return(NULL);
+		{ DH_free(dh); return(NULL); }
 	return(dh);
 	}
-#endif
 
-static RSA MS_CALLBACK *tmp_rsa_cb(s,export)
-SSL *s;
-int export;
+static DH *get_dh1024()
 	{
-	static RSA *rsa_tmp=NULL;
+	static unsigned char dh1024_p[]={
+		0xF8,0x81,0x89,0x7D,0x14,0x24,0xC5,0xD1,0xE6,0xF7,0xBF,0x3A,
+		0xE4,0x90,0xF4,0xFC,0x73,0xFB,0x34,0xB5,0xFA,0x4C,0x56,0xA2,
+		0xEA,0xA7,0xE9,0xC0,0xC0,0xCE,0x89,0xE1,0xFA,0x63,0x3F,0xB0,
+		0x6B,0x32,0x66,0xF1,0xD1,0x7B,0xB0,0x00,0x8F,0xCA,0x87,0xC2,
+		0xAE,0x98,0x89,0x26,0x17,0xC2,0x05,0xD2,0xEC,0x08,0xD0,0x8C,
+		0xFF,0x17,0x52,0x8C,0xC5,0x07,0x93,0x03,0xB1,0xF6,0x2F,0xB8,
+		0x1C,0x52,0x47,0x27,0x1B,0xDB,0xD1,0x8D,0x9D,0x69,0x1D,0x52,
+		0x4B,0x32,0x81,0xAA,0x7F,0x00,0xC8,0xDC,0xE6,0xD9,0xCC,0xC1,
+		0x11,0x2D,0x37,0x34,0x6C,0xEA,0x02,0x97,0x4B,0x0E,0xBB,0xB1,
+		0x71,0x33,0x09,0x15,0xFD,0xDD,0x23,0x87,0x07,0x5E,0x89,0xAB,
+		0x6B,0x7C,0x5F,0xEC,0xA6,0x24,0xDC,0x53,
+		};
+	static unsigned char dh1024_g[]={
+		0x02,
+		};
+	DH *dh;
 
-	if (rsa_tmp == NULL)
-		{
-		BIO_printf(bio_err,"Generating temp (512 bit) RSA key...");
-		BIO_flush(bio_err);
-#ifndef NO_RSA
-		rsa_tmp=RSA_generate_key(512,RSA_F4,NULL,NULL);
-#endif
-		BIO_printf(bio_err,"\n");
-		BIO_flush(bio_err);
-		}
-	return(rsa_tmp);
+	if ((dh=DH_new()) == NULL) return(NULL);
+	dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
+	dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
+	if ((dh->p == NULL) || (dh->g == NULL))
+		{ DH_free(dh); return(NULL); }
+	return(dh);
 	}
 
+static DH *get_dh1024dsa()
+	{
+	static unsigned char dh1024_p[]={
+		0xC8,0x00,0xF7,0x08,0x07,0x89,0x4D,0x90,0x53,0xF3,0xD5,0x00,
+		0x21,0x1B,0xF7,0x31,0xA6,0xA2,0xDA,0x23,0x9A,0xC7,0x87,0x19,
+		0x3B,0x47,0xB6,0x8C,0x04,0x6F,0xFF,0xC6,0x9B,0xB8,0x65,0xD2,
+		0xC2,0x5F,0x31,0x83,0x4A,0xA7,0x5F,0x2F,0x88,0x38,0xB6,0x55,
+		0xCF,0xD9,0x87,0x6D,0x6F,0x9F,0xDA,0xAC,0xA6,0x48,0xAF,0xFC,
+		0x33,0x84,0x37,0x5B,0x82,0x4A,0x31,0x5D,0xE7,0xBD,0x52,0x97,
+		0xA1,0x77,0xBF,0x10,0x9E,0x37,0xEA,0x64,0xFA,0xCA,0x28,0x8D,
+		0x9D,0x3B,0xD2,0x6E,0x09,0x5C,0x68,0xC7,0x45,0x90,0xFD,0xBB,
+		0x70,0xC9,0x3A,0xBB,0xDF,0xD4,0x21,0x0F,0xC4,0x6A,0x3C,0xF6,
+		0x61,0xCF,0x3F,0xD6,0x13,0xF1,0x5F,0xBC,0xCF,0xBC,0x26,0x9E,
+		0xBC,0x0B,0xBD,0xAB,0x5D,0xC9,0x54,0x39,
+		};
+	static unsigned char dh1024_g[]={
+		0x3B,0x40,0x86,0xE7,0xF3,0x6C,0xDE,0x67,0x1C,0xCC,0x80,0x05,
+		0x5A,0xDF,0xFE,0xBD,0x20,0x27,0x74,0x6C,0x24,0xC9,0x03,0xF3,
+		0xE1,0x8D,0xC3,0x7D,0x98,0x27,0x40,0x08,0xB8,0x8C,0x6A,0xE9,
+		0xBB,0x1A,0x3A,0xD6,0x86,0x83,0x5E,0x72,0x41,0xCE,0x85,0x3C,
+		0xD2,0xB3,0xFC,0x13,0xCE,0x37,0x81,0x9E,0x4C,0x1C,0x7B,0x65,
+		0xD3,0xE6,0xA6,0x00,0xF5,0x5A,0x95,0x43,0x5E,0x81,0xCF,0x60,
+		0xA2,0x23,0xFC,0x36,0xA7,0x5D,0x7A,0x4C,0x06,0x91,0x6E,0xF6,
+		0x57,0xEE,0x36,0xCB,0x06,0xEA,0xF5,0x3D,0x95,0x49,0xCB,0xA7,
+		0xDD,0x81,0xDF,0x80,0x09,0x4A,0x97,0x4D,0xA8,0x22,0x72,0xA1,
+		0x7F,0xC4,0x70,0x56,0x70,0xE8,0x20,0x10,0x18,0x8F,0x2E,0x60,
+		0x07,0xE7,0x68,0x1A,0x82,0x5D,0x32,0xA2,
+		};
+	DH *dh;
 
+	if ((dh=DH_new()) == NULL) return(NULL);
+	dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
+	dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
+	if ((dh->p == NULL) || (dh->g == NULL))
+		{ DH_free(dh); return(NULL); }
+	dh->length = 160;
+	return(dh);
+	}
+#endif
diff --git a/ssl/t1_clnt.c b/ssl/t1_clnt.c
index 986d2436e2..57205fb429 100644
--- a/ssl/t1_clnt.c
+++ b/ssl/t1_clnt.c
@@ -57,14 +57,14 @@
  */
 
 #include <stdio.h>
-#include "buffer.h"
-#include "rand.h"
-#include "objects.h"
-#include "evp.h"
 #include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
 
-static SSL_METHOD *tls1_get_client_method(ver)
-int ver;
+static SSL_METHOD *tls1_get_client_method(int ver);
+static SSL_METHOD *tls1_get_client_method(int ver)
 	{
 	if (ver == TLS1_VERSION)
 		return(TLSv1_client_method());
@@ -72,18 +72,25 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *TLSv1_client_method()
+SSL_METHOD *TLSv1_client_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD TLSv1_client_data;
 
 	if (init)
 		{
-		init=0;
-		memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
-			sizeof(SSL_METHOD));
-		TLSv1_client_data.ssl_connect=ssl3_connect;
-		TLSv1_client_data.get_ssl_method=tls1_get_client_method;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+		if (init)
+			{
+			memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
+				sizeof(SSL_METHOD));
+			TLSv1_client_data.ssl_connect=ssl3_connect;
+			TLSv1_client_data.get_ssl_method=tls1_get_client_method;
+			init=0;
+			}
+		
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&TLSv1_client_data);
 	}
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 893c0bc73b..bfcd7d9191 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -55,40 +55,94 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
 
 #include <stdio.h>
-#include "evp.h"
-#include "hmac.h"
 #include "ssl_locl.h"
-
-static void tls1_P_hash(md,sec,sec_len,seed,seed_len,out,olen)
-EVP_MD *md;
-unsigned char *sec;
-int sec_len;
-unsigned char *seed;
-int seed_len;
-unsigned char *out;
-int olen;
+#include <openssl/comp.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/md5.h>
+
+static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
+			int sec_len, unsigned char *seed, int seed_len,
+			unsigned char *out, int olen)
 	{
 	int chunk,n;
 	unsigned int j;
 	HMAC_CTX ctx;
 	HMAC_CTX ctx_tmp;
-	unsigned char A1[HMAC_MAX_MD_CBLOCK];
+	unsigned char A1[EVP_MAX_MD_SIZE];
 	unsigned int A1_len;
 	
 	chunk=EVP_MD_size(md);
 
-	HMAC_Init(&ctx,sec,sec_len,md);
+	HMAC_CTX_init(&ctx);
+	HMAC_CTX_init(&ctx_tmp);
+	HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
+	HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
 	HMAC_Update(&ctx,seed,seed_len);
 	HMAC_Final(&ctx,A1,&A1_len);
 
 	n=0;
 	for (;;)
 		{
-		HMAC_Init(&ctx,NULL,0,NULL); /* re-init */
+		HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */
+		HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */
 		HMAC_Update(&ctx,A1,A1_len);
-		memcpy(&ctx_tmp,&ctx,sizeof(ctx)); /* Copy for A2 */ /* not needed for last one */
+		HMAC_Update(&ctx_tmp,A1,A1_len);
 		HMAC_Update(&ctx,seed,seed_len);
 
 		if (olen > chunk)
@@ -105,24 +159,18 @@ int olen;
 			break;
 			}
 		}
-	HMAC_cleanup(&ctx);
-	HMAC_cleanup(&ctx_tmp);
-	memset(A1,0,sizeof(A1));
+	HMAC_CTX_cleanup(&ctx);
+	HMAC_CTX_cleanup(&ctx_tmp);
+	OPENSSL_cleanse(A1,sizeof(A1));
 	}
 
-static void tls1_PRF(md5,sha1,label,label_len,sec,slen,out1,out2,olen)
-EVP_MD *md5;
-EVP_MD *sha1;
-unsigned char *label;
-int label_len;
-unsigned char *sec;
-int slen;
-unsigned char *out1;
-unsigned char *out2;
-int olen;
+static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
+		     unsigned char *label, int label_len,
+		     const unsigned char *sec, int slen, unsigned char *out1,
+		     unsigned char *out2, int olen)
 	{
 	int len,i;
-	unsigned char *S1,*S2;
+	const unsigned char *S1,*S2;
 
 	len=slen/2;
 	S1=sec;
@@ -137,10 +185,8 @@ int olen;
 		out1[i]^=out2[i];
 	}
 
-static void tls1_generate_key_block(s,km,tmp,num)
-SSL *s;
-unsigned char *km,*tmp;
-int num;
+static void tls1_generate_key_block(SSL *s, unsigned char *km,
+	     unsigned char *tmp, int num)
 	{
 	unsigned char *p;
 	unsigned char buf[SSL3_RANDOM_SIZE*2+
@@ -156,14 +202,24 @@ int num;
 	p+=SSL3_RANDOM_SIZE;
 
 	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),
-		s->session->master_key,s->session->master_key_length,
-		km,tmp,num);
+		 s->session->master_key,s->session->master_key_length,
+		 km,tmp,num);
+#ifdef KSSL_DEBUG
+	printf("tls1_generate_key_block() ==> %d byte master_key =\n\t",
+                s->session->master_key_length);
+	{
+        int i;
+        for (i=0; i < s->session->master_key_length; i++)
+                {
+                printf("%02X", s->session->master_key[i]);
+                }
+        printf("\n");  }
+#endif    /* KSSL_DEBUG */
 	}
 
-int tls1_change_cipher_state(s,which)
-SSL *s;
-int which;
+int tls1_change_cipher_state(SSL *s, int which)
 	{
+	static const unsigned char empty[]="";
 	unsigned char *p,*key_block,*mac_secret;
 	unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+
 		SSL3_RANDOM_SIZE*2];
@@ -174,22 +230,38 @@ int which;
 	unsigned char *ms,*key,*iv,*er1,*er2;
 	int client_write;
 	EVP_CIPHER_CTX *dd;
-	EVP_CIPHER *c;
-	COMP_METHOD *comp;
-	EVP_MD *m;
-	int exp,n,i,j,k,exp_label_len;
+	const EVP_CIPHER *c;
+	const SSL_COMP *comp;
+	const EVP_MD *m;
+	int is_export,n,i,j,k,exp_label_len,cl;
+	int reuse_dd = 0;
 
-	exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0;
+	is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher);
 	c=s->s3->tmp.new_sym_enc;
 	m=s->s3->tmp.new_hash;
 	comp=s->s3->tmp.new_compression;
 	key_block=s->s3->tmp.key_block;
 
+#ifdef KSSL_DEBUG
+	printf("tls1_change_cipher_state(which= %d) w/\n", which);
+	printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms,
+                comp);
+	printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c);
+	printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n",
+                c->nid,c->block_size,c->key_len,c->iv_len);
+	printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length);
+	{
+        int i;
+        for (i=0; i<s->s3->tmp.key_block_length; i++)
+		printf("%02x", key_block[i]);  printf("\n");
+        }
+#endif	/* KSSL_DEBUG */
+
 	if (which & SSL3_CC_READ)
 		{
-		if ((s->enc_read_ctx == NULL) &&
-			((s->enc_read_ctx=(EVP_CIPHER_CTX *)
-			Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+		if (s->enc_read_ctx != NULL)
+			reuse_dd = 1;
+		else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
 			goto err;
 		dd= s->enc_read_ctx;
 		s->read_hash=m;
@@ -200,14 +272,15 @@ int which;
 			}
 		if (comp != NULL)
 			{
-			s->expand=COMP_CTX_new(comp);
+			s->expand=COMP_CTX_new(comp->method);
 			if (s->expand == NULL)
 				{
 				SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
 				goto err2;
 				}
-			s->s3->rrec.comp=(unsigned char *)
-				Malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
+			if (s->s3->rrec.comp == NULL)
+				s->s3->rrec.comp=(unsigned char *)
+					OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
 			if (s->s3->rrec.comp == NULL)
 				goto err;
 			}
@@ -216,9 +289,13 @@ int which;
 		}
 	else
 		{
+		if (s->enc_write_ctx != NULL)
+			reuse_dd = 1;
+		else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+			goto err;
 		if ((s->enc_write_ctx == NULL) &&
 			((s->enc_write_ctx=(EVP_CIPHER_CTX *)
-			Malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
+			OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL))
 			goto err;
 		dd= s->enc_write_ctx;
 		s->write_hash=m;
@@ -229,7 +306,7 @@ int which;
 			}
 		if (comp != NULL)
 			{
-			s->compress=COMP_CTX_new(comp);
+			s->compress=COMP_CTX_new(comp->method);
 			if (s->compress == NULL)
 				{
 				SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR);
@@ -240,11 +317,16 @@ int which;
 		mac_secret= &(s->s3->write_mac_secret[0]);
 		}
 
+	if (reuse_dd)
+		EVP_CIPHER_CTX_cleanup(dd);
 	EVP_CIPHER_CTX_init(dd);
 
 	p=s->s3->tmp.key_block;
 	i=EVP_MD_size(m);
-	j=(exp)?5:EVP_CIPHER_key_length(c);
+	cl=EVP_CIPHER_key_length(c);
+	j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
+	               cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
+	/* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
 	k=EVP_CIPHER_iv_length(c);
 	er1= &(s->s3->client_random[0]);
 	er2= &(s->s3->server_random[0]);
@@ -271,7 +353,7 @@ int which;
 
 	if (n > s->s3->tmp.key_block_length)
 		{
-		SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_INTERNAL_ERROR);
+		SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR);
 		goto err2;
 		}
 
@@ -280,7 +362,7 @@ int which;
 printf("which = %04X\nmac key=",which);
 { int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
 #endif
-	if (exp)
+	if (is_export)
 		{
 		/* In here I set both the read and write key/iv to the
 		 * same value since only the correct one will be used :-).
@@ -293,7 +375,7 @@ printf("which = %04X\nmac key=",which);
 		memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
 		p+=SSL3_RANDOM_SIZE;
 		tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j,
-			tmp1,tmp2,EVP_CIPHER_key_length(c));
+			 tmp1,tmp2,EVP_CIPHER_key_length(c));
 		key=tmp1;
 
 		if (k > 0)
@@ -306,8 +388,8 @@ printf("which = %04X\nmac key=",which);
 			p+=SSL3_RANDOM_SIZE;
 			memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
 			p+=SSL3_RANDOM_SIZE;
-			tls1_PRF(s->ctx->md5,s->ctx->sha1,
-				buf,(int)(p-buf),"",0,iv1,iv2,k*2);
+			tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0,
+				 iv1,iv2,k*2);
 			if (client_write)
 				iv=iv1;
 			else
@@ -316,8 +398,18 @@ printf("which = %04X\nmac key=",which);
 		}
 
 	s->session->key_arg_length=0;
+#ifdef KSSL_DEBUG
+	{
+        int i;
+	printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n");
+	printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]);
+	printf("\n");
+	printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]);
+	printf("\n");
+	}
+#endif	/* KSSL_DEBUG */
 
-	EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+	EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
 #ifdef TLS_DEBUG
 printf("which = %04X\nkey=",which);
 { int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
@@ -326,10 +418,10 @@ printf("\niv=");
 printf("\n");
 #endif
 
-	memset(tmp1,0,sizeof(tmp1));
-	memset(tmp2,0,sizeof(tmp1));
-	memset(iv1,0,sizeof(iv1));
-	memset(iv2,0,sizeof(iv2));
+	OPENSSL_cleanse(tmp1,sizeof(tmp1));
+	OPENSSL_cleanse(tmp2,sizeof(tmp1));
+	OPENSSL_cleanse(iv1,sizeof(iv1));
+	OPENSSL_cleanse(iv2,sizeof(iv2));
 	return(1);
 err:
 	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
@@ -337,18 +429,22 @@ err2:
 	return(0);
 	}
 
-int tls1_setup_key_block(s)
-SSL *s;
+int tls1_setup_key_block(SSL *s)
 	{
 	unsigned char *p1,*p2;
-	EVP_CIPHER *c;
-	EVP_MD *hash;
-	int num,exp;
+	const EVP_CIPHER *c;
+	const EVP_MD *hash;
+	int num;
+	SSL_COMP *comp;
+
+#ifdef KSSL_DEBUG
+	printf ("tls1_setup_key_block()\n");
+#endif	/* KSSL_DEBUG */
 
 	if (s->s3->tmp.key_block_length != 0)
 		return(1);
 
-	if (!ssl_cipher_get_evp(s->session->cipher,&c,&hash))
+	if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp))
 		{
 		SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
 		return(0);
@@ -357,16 +453,14 @@ SSL *s;
 	s->s3->tmp.new_sym_enc=c;
 	s->s3->tmp.new_hash=hash;
 
-	exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0;
-
 	num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c);
 	num*=2;
 
 	ssl3_cleanup_key_block(s);
 
-	if ((p1=(unsigned char *)Malloc(num)) == NULL)
+	if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL)
 		goto err;
-	if ((p2=(unsigned char *)Malloc(num)) == NULL)
+	if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL)
 		goto err;
 
 	s->s3->tmp.key_block_length=num;
@@ -382,28 +476,45 @@ printf("pre-master\n");
 { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
 #endif
 	tls1_generate_key_block(s,p1,p2,num);
-	memset(p2,0,num);
-	Free(p2);
+	OPENSSL_cleanse(p2,num);
+	OPENSSL_free(p2);
 #ifdef TLS_DEBUG
 printf("\nkey block\n");
 { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
 #endif
 
+	if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+		{
+		/* enable vulnerability countermeasure for CBC ciphers with
+		 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
+		 */
+		s->s3->need_empty_fragments = 1;
+
+		if (s->session->cipher != NULL)
+			{
+			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
+				s->s3->need_empty_fragments = 0;
+			
+#ifndef OPENSSL_NO_RC4
+			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
+				s->s3->need_empty_fragments = 0;
+#endif
+			}
+		}
+		
 	return(1);
 err:
 	SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
 	return(0);
 	}
 
-int tls1_enc(s,send)
-SSL *s;
-int send;
+int tls1_enc(SSL *s, int send)
 	{
 	SSL3_RECORD *rec;
 	EVP_CIPHER_CTX *ds;
 	unsigned long l;
 	int bs,i,ii,j,k,n=0;
-	EVP_CIPHER *enc;
+	const EVP_CIPHER *enc;
 
 	if (send)
 		{
@@ -428,10 +539,14 @@ int send;
 			enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
 		}
 
+#ifdef KSSL_DEBUG
+	printf("tls1_enc(%d)\n", send);
+#endif    /* KSSL_DEBUG */
+
 	if ((s->session == NULL) || (ds == NULL) ||
 		(enc == NULL))
 		{
-		memcpy(rec->data,rec->input,rec->length);
+		memmove(rec->data,rec->input,rec->length);
 		rec->input=rec->data;
 		}
 	else
@@ -458,11 +573,48 @@ int send;
 			rec->length+=i;
 			}
 
+#ifdef KSSL_DEBUG
+		{
+                unsigned long ui;
+		printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
+                        ds,rec->data,rec->input,l);
+		printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
+                        ds->buf_len, ds->cipher->key_len,
+                        DES_KEY_SZ, DES_SCHEDULE_SZ,
+                        ds->cipher->iv_len);
+		printf("\t\tIV: ");
+		for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
+		printf("\n");
+		printf("\trec->input=");
+		for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]);
+		printf("\n");
+		}
+#endif	/* KSSL_DEBUG */
+
+		if (!send)
+			{
+			if (l == 0 || l%bs != 0)
+				{
+				SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+				return 0;
+				}
+			}
+		
 		EVP_Cipher(ds,rec->data,rec->input,l);
 
+#ifdef KSSL_DEBUG
+		{
+                unsigned long i;
+                printf("\trec->data=");
+		for (i=0; i<l; i++)
+                        printf(" %02x", rec->data[i]);  printf("\n");
+                }
+#endif	/* KSSL_DEBUG */
+
 		if ((bs != 1) && !send)
 			{
-			ii=i=rec->data[l-1];
+			ii=i=rec->data[l-1]; /* padding_length */
 			i++;
 			if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
 				{
@@ -473,19 +625,22 @@ int send;
 				if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
 					i--;
 				}
+			/* TLS 1.0 does not bound the number of padding bytes by the block size.
+			 * All of them must have value 'padding_length'. */
 			if (i > (int)rec->length)
 				{
-				SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
-				return(0);
+				/* Incorrect padding. SSLerr() and ssl3_alert are done
+				 * by caller: we don't want to reveal whether this is
+				 * a decryption error or a MAC verification failure
+				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+				return -1;
 				}
 			for (j=(int)(l-i); j<(int)l; j++)
 				{
 				if (rec->data[j] != ii)
 					{
-					SSLerr(SSL_F_TLS1_ENC,SSL_R_DECRYPTION_FAILED);
-					ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
-					return(0);
+					/* Incorrect padding */
+					return -1;
 					}
 				}
 			rec->length-=i;
@@ -494,25 +649,20 @@ int send;
 	return(1);
 	}
 
-int tls1_cert_verify_mac(s,in_ctx,out)
-SSL *s;
-EVP_MD_CTX *in_ctx;
-unsigned char *out;
+int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out)
 	{
 	unsigned int ret;
 	EVP_MD_CTX ctx;
 
-	memcpy(&ctx,in_ctx,sizeof(EVP_MD_CTX));
-	EVP_DigestFinal(&ctx,out,&ret);
+	EVP_MD_CTX_init(&ctx);
+	EVP_MD_CTX_copy_ex(&ctx,in_ctx);
+	EVP_DigestFinal_ex(&ctx,out,&ret);
+	EVP_MD_CTX_cleanup(&ctx);
 	return((int)ret);
 	}
 
-int tls1_final_finish_mac(s,in1_ctx,in2_ctx,str,slen,out)
-SSL *s;
-EVP_MD_CTX *in1_ctx,*in2_ctx;
-unsigned char *str;
-int slen;
-unsigned char *out;
+int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx,
+	     const char *str, int slen, unsigned char *out)
 	{
 	unsigned int i;
 	EVP_MD_CTX ctx;
@@ -523,29 +673,27 @@ unsigned char *out;
 	memcpy(q,str,slen);
 	q+=slen;
 
-	memcpy(&ctx,in1_ctx,sizeof(EVP_MD_CTX));
-	EVP_DigestFinal(&ctx,q,&i);
+	EVP_MD_CTX_init(&ctx);
+	EVP_MD_CTX_copy_ex(&ctx,in1_ctx);
+	EVP_DigestFinal_ex(&ctx,q,&i);
 	q+=i;
-	memcpy(&ctx,in2_ctx,sizeof(EVP_MD_CTX));
-	EVP_DigestFinal(&ctx,q,&i);
+	EVP_MD_CTX_copy_ex(&ctx,in2_ctx);
+	EVP_DigestFinal_ex(&ctx,q,&i);
 	q+=i;
 
 	tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf),
 		s->session->master_key,s->session->master_key_length,
-		out,buf2,12);
-	memset(&ctx,0,sizeof(EVP_MD_CTX));
+		out,buf2,sizeof buf2);
+	EVP_MD_CTX_cleanup(&ctx);
 
-	return((int)12);
+	return sizeof buf2;
 	}
 
-int tls1_mac(ssl,md,send)
-SSL *ssl;
-unsigned char *md;
-int send;
+int tls1_mac(SSL *ssl, unsigned char *md, int send)
 	{
 	SSL3_RECORD *rec;
 	unsigned char *mac_sec,*seq;
-	EVP_MD *hash;
+	const EVP_MD *hash;
 	unsigned int md_size;
 	int i;
 	HMAC_CTX hmac;
@@ -575,11 +723,13 @@ int send;
 	buf[4]=rec->length&0xff;
 
 	/* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
-	HMAC_Init(&hmac,mac_sec,EVP_MD_size(hash),hash);
+	HMAC_CTX_init(&hmac);
+	HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
 	HMAC_Update(&hmac,seq,8);
 	HMAC_Update(&hmac,buf,5);
 	HMAC_Update(&hmac,rec->input,rec->length);
 	HMAC_Final(&hmac,md,&md_size);
+	HMAC_CTX_cleanup(&hmac);
 
 #ifdef TLS_DEBUG
 printf("sec=");
@@ -593,7 +743,10 @@ printf("rec=");
 #endif
 
 	for (i=7; i>=0; i--)
-		if (++seq[i]) break; 
+		{
+		++seq[i];
+		if (seq[i] != 0) break; 
+		}
 
 #ifdef TLS_DEBUG
 {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); }
@@ -601,15 +754,16 @@ printf("rec=");
 	return(md_size);
 	}
 
-int tls1_generate_master_secret(s,out,p,len)
-SSL *s;
-unsigned char *out;
-unsigned char *p;
-int len;
+int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
+	     int len)
 	{
 	unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE];
 	unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH];
 
+#ifdef KSSL_DEBUG
+	printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
+#endif	/* KSSL_DEBUG */
+
 	/* Setup the stuff to munge */
 	memcpy(buf,TLS_MD_MASTER_SECRET_CONST,
 		TLS_MD_MASTER_SECRET_CONST_SIZE);
@@ -619,12 +773,14 @@ int len;
 		s->s3->server_random,SSL3_RANDOM_SIZE);
 	tls1_PRF(s->ctx->md5,s->ctx->sha1,
 		buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len,
-		s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE);
+		s->session->master_key,buff,sizeof buff);
+#ifdef KSSL_DEBUG
+	printf ("tls1_generate_master_secret() complete\n");
+#endif	/* KSSL_DEBUG */
 	return(SSL3_MASTER_SECRET_SIZE);
 	}
 
-int tls1_alert_code(code)
-int code;
+int tls1_alert_code(int code)
 	{
 	switch (code)
 		{
@@ -646,11 +802,11 @@ int code;
 	case SSL_AD_ACCESS_DENIED:	return(TLS1_AD_ACCESS_DENIED);
 	case SSL_AD_DECODE_ERROR:	return(TLS1_AD_DECODE_ERROR);
 	case SSL_AD_DECRYPT_ERROR:	return(TLS1_AD_DECRYPT_ERROR);
-	case SSL_AD_EXPORT_RESTRICION:	return(TLS1_AD_EXPORT_RESTRICION);
+	case SSL_AD_EXPORT_RESTRICTION:	return(TLS1_AD_EXPORT_RESTRICTION);
 	case SSL_AD_PROTOCOL_VERSION:	return(TLS1_AD_PROTOCOL_VERSION);
 	case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);
 	case SSL_AD_INTERNAL_ERROR:	return(TLS1_AD_INTERNAL_ERROR);
-	case SSL_AD_USER_CANCLED:	return(TLS1_AD_USER_CANCLED);
+	case SSL_AD_USER_CANCELLED:	return(TLS1_AD_USER_CANCELLED);
 	case SSL_AD_NO_RENEGOTIATION:	return(TLS1_AD_NO_RENEGOTIATION);
 	default:			return(-1);
 		}
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 2a319cd09b..ca6c03d5af 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -57,16 +57,12 @@
  */
 
 #include <stdio.h>
-#include "objects.h"
+#include <openssl/objects.h>
 #include "ssl_locl.h"
 
-char *tls1_version_str="TLSv1 part of SSLeay 0.9.1a 06-Jul-1998";
+const char *tls1_version_str="TLSv1" OPENSSL_VERSION_PTEXT;
 
-#ifndef NO_PROTO
 static long tls1_default_timeout(void);
-#else
-static long tls1_default_timeout();
-#endif
 
 static SSL3_ENC_METHOD TLSv1_enc_data={
 	tls1_enc,
@@ -105,47 +101,48 @@ static SSL_METHOD TLSv1_data= {
 	ssl_bad_method,
 	tls1_default_timeout,
 	&TLSv1_enc_data,
+	ssl_undefined_function,
+	ssl3_callback_ctrl,
+	ssl3_ctx_callback_ctrl,
 	};
 
-static long tls1_default_timeout()
+static long tls1_default_timeout(void)
 	{
 	/* 2 hours, the 24 hours mentioned in the TLSv1 spec
 	 * is way too long for http, the cache would over fill */
 	return(60*60*2);
 	}
 
-SSL_METHOD *tlsv1_base_method()
+SSL_METHOD *tlsv1_base_method(void)
 	{
 	return(&TLSv1_data);
 	}
 
-int tls1_new(s)
-SSL *s;
+int tls1_new(SSL *s)
 	{
 	if (!ssl3_new(s)) return(0);
 	s->method->ssl_clear(s);
 	return(1);
 	}
 
-void tls1_free(s)
-SSL *s;
+void tls1_free(SSL *s)
 	{
 	ssl3_free(s);
 	}
 
-void tls1_clear(s)
-SSL *s;
+void tls1_clear(SSL *s)
 	{
 	ssl3_clear(s);
 	s->version=TLS1_VERSION;
 	}
 
 #if 0
-long tls1_ctrl(s,cmd,larg,parg)
-SSL *s;
-int cmd;
-long larg;
-char *parg;
+long tls1_ctrl(SSL *s, int cmd, long larg, char *parg)
+	{
+	return(0);
+	}
+
+long tls1_callback_ctrl(SSL *s, int cmd, void *(*fp)())
 	{
 	return(0);
 	}
diff --git a/ssl/t1_meth.c b/ssl/t1_meth.c
index 512c2078e7..fcc243f782 100644
--- a/ssl/t1_meth.c
+++ b/ssl/t1_meth.c
@@ -57,11 +57,11 @@
  */
 
 #include <stdio.h>
-#include "objects.h"
+#include <openssl/objects.h>
 #include "ssl_locl.h"
 
-static SSL_METHOD *tls1_get_method(ver)
-int ver;
+static SSL_METHOD *tls1_get_method(int ver);
+static SSL_METHOD *tls1_get_method(int ver)
 	{
 	if (ver == TLS1_VERSION)
 		return(TLSv1_method());
@@ -69,20 +69,28 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *TLSv1_method()
+SSL_METHOD *TLSv1_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD TLSv1_data;
 
 	if (init)
 		{
-		init=0;
-		memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
-			sizeof(SSL_METHOD));
-		TLSv1_data.ssl_connect=ssl3_connect;
-		TLSv1_data.ssl_accept=ssl3_accept;
-		TLSv1_data.get_ssl_method=tls1_get_method;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+		
+		if (init)
+			{
+			memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
+				sizeof(SSL_METHOD));
+			TLSv1_data.ssl_connect=ssl3_connect;
+			TLSv1_data.ssl_accept=ssl3_accept;
+			TLSv1_data.get_ssl_method=tls1_get_method;
+			init=0;
+			}
+
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
+	
 	return(&TLSv1_data);
 	}
 
diff --git a/ssl/t1_srvr.c b/ssl/t1_srvr.c
index 8cf0addcd9..1c1149e49f 100644
--- a/ssl/t1_srvr.c
+++ b/ssl/t1_srvr.c
@@ -57,15 +57,15 @@
  */
 
 #include <stdio.h>
-#include "buffer.h"
-#include "rand.h"
-#include "objects.h"
-#include "evp.h"
-#include "x509.h"
 #include "ssl_locl.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
 
-static SSL_METHOD *tls1_get_server_method(ver)
-int ver;
+static SSL_METHOD *tls1_get_server_method(int ver);
+static SSL_METHOD *tls1_get_server_method(int ver)
 	{
 	if (ver == TLS1_VERSION)
 		return(TLSv1_server_method());
@@ -73,18 +73,25 @@ int ver;
 		return(NULL);
 	}
 
-SSL_METHOD *TLSv1_server_method()
+SSL_METHOD *TLSv1_server_method(void)
 	{
 	static int init=1;
 	static SSL_METHOD TLSv1_server_data;
 
 	if (init)
 		{
-		init=0;
-		memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
-			sizeof(SSL_METHOD));
-		TLSv1_server_data.ssl_accept=ssl3_accept;
-		TLSv1_server_data.get_ssl_method=tls1_get_server_method;
+		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+
+		if (init)
+			{
+			memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
+				sizeof(SSL_METHOD));
+			TLSv1_server_data.ssl_accept=ssl3_accept;
+			TLSv1_server_data.get_ssl_method=tls1_get_server_method;
+			init=0;
+			}
+			
+		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
 		}
 	return(&TLSv1_server_data);
 	}
diff --git a/ssl/tls1.h b/ssl/tls1.h
index 60978613ef..7f4a2f3085 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h
@@ -55,16 +55,31 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
+/* ====================================================================
+ * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+ *
+ * Portions of the attached software ("Contribution") are developed by 
+ * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+ *
+ * The Contribution is licensed pursuant to the OpenSSL open source
+ * license provided above.
+ *
+ * ECC cipher suite support in OpenSSL originally written by
+ * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+ *
+ */
 
 #ifndef HEADER_TLS1_H 
 #define HEADER_TLS1_H 
 
-#include "buffer.h"
+#include <openssl/buffer.h>
 
 #ifdef  __cplusplus
 extern "C" {
 #endif
 
+#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES	1
+
 #define TLS1_VERSION			0x0301
 #define TLS1_VERSION_MAJOR		0x03
 #define TLS1_VERSION_MINOR		0x01
@@ -75,18 +90,154 @@ extern "C" {
 #define TLS1_AD_ACCESS_DENIED		49	/* fatal */
 #define TLS1_AD_DECODE_ERROR		50	/* fatal */
 #define TLS1_AD_DECRYPT_ERROR		51
-#define TLS1_AD_EXPORT_RESTRICION	60	/* fatal */
+#define TLS1_AD_EXPORT_RESTRICTION	60	/* fatal */
 #define TLS1_AD_PROTOCOL_VERSION	70	/* fatal */
 #define TLS1_AD_INSUFFICIENT_SECURITY	71	/* fatal */
 #define TLS1_AD_INTERNAL_ERROR		80	/* fatal */
-#define TLS1_AD_USER_CANCLED		90
+#define TLS1_AD_USER_CANCELLED		90
 #define TLS1_AD_NO_RENEGOTIATION	100
 
+/* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt
+ * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
+ * s3_lib.c).  We actually treat them like SSL 3.0 ciphers, which we probably
+ * shouldn't. */
+#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5		0x03000060
+#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5	0x03000061
+#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA		0x03000062
+#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	0x03000063
+#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA		0x03000064
+#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	0x03000065
+#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA		0x03000066
+
+/* AES ciphersuites from RFC3268 */
+
+#define TLS1_CK_RSA_WITH_AES_128_SHA			0x0300002F
+#define TLS1_CK_DH_DSS_WITH_AES_128_SHA			0x03000030
+#define TLS1_CK_DH_RSA_WITH_AES_128_SHA			0x03000031
+#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA		0x03000032
+#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA		0x03000033
+#define TLS1_CK_ADH_WITH_AES_128_SHA			0x03000034
+
+#define TLS1_CK_RSA_WITH_AES_256_SHA			0x03000035
+#define TLS1_CK_DH_DSS_WITH_AES_256_SHA			0x03000036
+#define TLS1_CK_DH_RSA_WITH_AES_256_SHA			0x03000037
+#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA		0x03000038
+#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA		0x03000039
+#define TLS1_CK_ADH_WITH_AES_256_SHA			0x0300003A
+
+/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001).
+ * XXX NOTE: There is a bug in the draft, cipher numbers 4B, and 4C
+ * are defined twice so we define ECDH_ECDSA_EXPORT cipher
+ * suites to use 5B and 5C instead (this may change with future
+ * updates to the IETF draft).
+ */
+#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x03000047
+#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x03000048
+#define TLS1_CK_ECDH_ECDSA_WITH_DES_CBC_SHA             0x03000049
+#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA        0x0300004A
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA         0x0300004B
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA         0x0300004C
+#define TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA       0x0300005B
+#define TLS1_CK_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA       0x0300005C
+
+#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA                  0x0300004D
+#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA               0x0300004E
+#define TLS1_CK_ECDH_RSA_WITH_DES_CBC_SHA               0x0300004F
+#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA          0x03000050
+#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA           0x03000051
+#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA           0x03000052
+#define TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_40_SHA         0x03000053
+#define TLS1_CK_ECDH_RSA_EXPORT_WITH_RC4_56_SHA         0x03000054
+
+#define TLS1_CK_ECDH_anon_WITH_NULL_SHA                 0x03000055
+#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA              0x03000056
+#define TLS1_CK_ECDH_anon_WITH_DES_CBC_SHA              0x03000057
+#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA         0x03000058
+#define TLS1_CK_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA    0x03000059
+#define TLS1_CK_ECDH_anon_EXPORT_WITH_RC4_40_SHA        0x0300005A
+
+/* XXX: ECC ciphersuites offering forward secrecy are not yet specified
+ * in the ECC/TLS draft but our code allows them to be implemented
+ * very easily. To add such a cipher suite, one needs to add two constant
+ * definitions to this file and a new structure in s3_lib.c. We illustrate
+ * the process for the made-up ciphers ECDHE-ECDSA-AES128-SHA and
+ * ECDHE-RSA-AES128-SHA.
+ */
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA        0x03000077
+#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA          0x03000078
+
+
+/* XXX
+ * Inconsistency alert:
+ * The OpenSSL names of ciphers with ephemeral DH here include the string
+ * "DHE", while elsewhere it has always been "EDH".
+ * (The alias for the list of all such ciphers also is "EDH".)
+ * The specifications speak of "EDH"; maybe we should allow both forms
+ * for everything. */
+#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5		"EXP1024-RC4-MD5"
+#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5	"EXP1024-RC2-CBC-MD5"
+#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA	"EXP1024-DES-CBC-SHA"
+#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA	"EXP1024-DHE-DSS-DES-CBC-SHA"
+#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA		"EXP1024-RC4-SHA"
+#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA	"EXP1024-DHE-DSS-RC4-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA		"DHE-DSS-RC4-SHA"
+
+/* AES ciphersuites from RFC3268 */
+#define TLS1_TXT_RSA_WITH_AES_128_SHA			"AES128-SHA"
+#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA		"DH-DSS-AES128-SHA"
+#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA		"DH-RSA-AES128-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA		"DHE-DSS-AES128-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA		"DHE-RSA-AES128-SHA"
+#define TLS1_TXT_ADH_WITH_AES_128_SHA			"ADH-AES128-SHA"
+
+#define TLS1_TXT_RSA_WITH_AES_256_SHA			"AES256-SHA"
+#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA		"DH-DSS-AES256-SHA"
+#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA		"DH-RSA-AES256-SHA"
+#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA		"DHE-DSS-AES256-SHA"
+#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA		"DHE-RSA-AES256-SHA"
+#define TLS1_TXT_ADH_WITH_AES_256_SHA			"ADH-AES256-SHA"
+
+/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
+#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA               "ECDH-ECDSA-NULL-SHA"
+#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA            "ECDH-ECDSA-RC4-SHA"
+#define TLS1_TXT_ECDH_ECDSA_WITH_DES_CBC_SHA            "ECDH-ECDSA-DES-CBC-SHA"
+#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA       "ECDH-ECDSA-DES-CBC3-SHA"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA        "ECDH-ECDSA-AES128-SHA"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA        "ECDH-ECDSA-AES256-SHA"
+#define TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA      "EXP-ECDH-ECDSA-RC4-40-SHA"
+#define TLS1_TXT_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA      "EXP-ECDH-ECDSA-RC4-56-SHA"
+
+#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA                 "ECDH-RSA-NULL-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA              "ECDH-RSA-RC4-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_DES_CBC_SHA              "ECDH-RSA-DES-CBC-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA         "ECDH-RSA-DES-CBC3-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA          "ECDH-RSA-AES128-SHA"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA          "ECDH-RSA-AES256-SHA"
+#define TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_40_SHA        "EXP-ECDH-RSA-RC4-40-SHA"
+#define TLS1_TXT_ECDH_RSA_EXPORT_WITH_RC4_56_SHA        "EXP-ECDH-RSA-RC4-56-SHA"
+
+#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA                "AECDH-NULL-SHA"
+#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA             "AECDH-RC4-SHA"
+#define TLS1_TXT_ECDH_anon_WITH_DES_CBC_SHA             "AECDH-DES-CBC-SHA"
+#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA        "AECDH-DES-CBC3-SHA"
+#define TLS1_TXT_ECDH_anon_EXPORT_WITH_DES_40_CBC_SHA   "EXP-AECDH-DES-40-CBC-SHA"
+#define TLS1_TXT_ECDH_anon_EXPORT_WITH_RC4_40_SHA       "EXP-AECDH-RC4-40-SHA"
+
+/* XXX: Made-up ECC cipher suites offering forward secrecy. This is for 
+ * illustration only. 
+ */
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA       "ECDHE-ECDSA-AES128-SHA"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA         "ECDHE-RSA-AES128-SHA"
+
+
 #define TLS_CT_RSA_SIGN			1
 #define TLS_CT_DSS_SIGN			2
 #define TLS_CT_RSA_FIXED_DH		3
 #define TLS_CT_DSS_FIXED_DH		4
-#define TLS_CT_NUMBER			4
+#define TLS_CT_ECDSA_SIGN		5
+#define TLS_CT_RSA_FIXED_ECDH		6
+#define TLS_CT_ECDSA_FIXED_ECDH 	7
+#define TLS_CT_NUMBER			7
 
 #define TLS1_FINISH_MAC_LENGTH		12
 
@@ -108,8 +259,29 @@ extern "C" {
 #define TLS_MD_MASTER_SECRET_CONST		"master secret"
 #define TLS_MD_MASTER_SECRET_CONST_SIZE		13
 
+#ifdef CHARSET_EBCDIC
+#undef TLS_MD_CLIENT_FINISH_CONST
+#define TLS_MD_CLIENT_FINISH_CONST    "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64"  /*client finished*/
+#undef TLS_MD_SERVER_FINISH_CONST
+#define TLS_MD_SERVER_FINISH_CONST    "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64"  /*server finished*/
+#undef TLS_MD_SERVER_WRITE_KEY_CONST
+#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*server write key*/
+#undef TLS_MD_KEY_EXPANSION_CONST
+#define TLS_MD_KEY_EXPANSION_CONST    "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e"  /*key expansion*/
+#undef TLS_MD_CLIENT_WRITE_KEY_CONST
+#define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*client write key*/
+#undef TLS_MD_SERVER_WRITE_KEY_CONST
+#define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"  /*server write key*/
+#undef TLS_MD_IV_BLOCK_CONST
+#define TLS_MD_IV_BLOCK_CONST         "\x49\x56\x20\x62\x6c\x6f\x63\x6b"  /*IV block*/
+#undef TLS_MD_MASTER_SECRET_CONST
+#define TLS_MD_MASTER_SECRET_CONST    "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"  /*master secret*/
+#endif
+
 #ifdef  __cplusplus
 }
 #endif
 #endif
 
+
+
diff --git a/ssl/zz b/ssl/zz
deleted file mode 100644
index 47c570ec80..0000000000
--- a/ssl/zz
+++ /dev/null
@@ -1,402 +0,0 @@
-/* ssl/s23_srvr.c */
-/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include "buffer.h"
-#include "rand.h"
-#include "objects.h"
-#include "evp.h"
-#include "ssl_locl.h"
-
-#define BREAK break
-
-#ifndef NOPROTO
-int ssl23_get_client_hello(SSL *s);
-#else
-int ssl23_get_client_hello();
-#endif
-
-static SSL_METHOD *ssl23_get_server_method(ver)
-int ver;
-	{
-	if (ver == 2)
-		return(SSLv2_server_method());
-	else if (ver == 3)
-		return(SSLv3_server_method());
-	else
-		return(NULL);
-	}
-
-SSL_METHOD *SSLv23_server_method()
-	{
-	static int init=1;
-	static SSL_METHOD SSLv23_server_data;
-
-	if (init)
-		{
-		init=0;
-		memcpy((char *)&SSLv23_server_data,
-			(char *)sslv23_base_method(),sizeof(SSL_METHOD));
-		SSLv23_server_data.ssl_accept=ssl23_accept;
-		SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
-		}
-	return(&SSLv23_server_data);
-	}
-
-int ssl23_accept(s)
-SSL *s;
-	{
-	BUF_MEM *buf;
-	unsigned long Time=time(NULL);
-	void (*cb)()=NULL;
-	int ret= -1;
-	int new_state,state;
-
-	RAND_seed((unsigned char *)&Time,sizeof(Time));
-	ERR_clear_error();
-	errno=0;
-
-	if (s->info_callback != NULL)
-		cb=s->info_callback;
-	else if (s->ctx->info_callback != NULL)
-		cb=s->ctx->info_callback;
-	
-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
-	s->in_handshake++;
-
-	for (;;)
-		{
-		state=s->state;
-
-		switch(s->state)
-			{
-		case SSL_ST_BEFORE:
-		case SSL_ST_ACCEPT:
-		case SSL_ST_BEFORE|SSL_ST_ACCEPT:
-		case SSL_ST_OK|SSL_ST_ACCEPT:
-
-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
-			s->version=3;
-			s->type=SSL_ST_ACCEPT;
-
-			if (s->init_buf == NULL)
-				{
-				if ((buf=BUF_MEM_new()) == NULL)
-					{
-					ret= -1;
-					goto end;
-					}
-				if (!BUF_MEM_grow(buf,SSL3_RT_MAX_PLAIN_LENGTH))
-					{
-					ret= -1;
-					goto end;
-					}
-				s->init_buf=buf;
-				}
-
-			ssl3_init_finished_mac(s);
-
-			s->state=SSL23_ST_SR_CLNT_HELLO_A;
-			s->ctx->sess_accept++;
-			s->init_num=0;
-			break;
-
-		case SSL23_ST_SR_CLNT_HELLO_A:
-		case SSL23_ST_SR_CLNT_HELLO_B:
-
-			s->shutdown=0;
-			ret=ssl23_get_client_hello(s);
-			if (ret >= 0) cb=NULL;
-			goto end;
-			break;
-
-		default:
-			SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE);
-			ret= -1;
-			goto end;
-			/* break; */
-			}
-
-		if ((cb != NULL) && (s->state != state))
-			{
-			new_state=s->state;
-			s->state=state;
-			cb(s,SSL_CB_ACCEPT_LOOP,1);
-			s->state=new_state;
-			}
-		}
-end:
-	if (cb != NULL)
-		cb(s,SSL_CB_ACCEPT_EXIT,ret);
-	s->in_handshake--;
-	return(ret);
-	}
-
-
-int ssl23_get_client_hello(s)
-SSL *s;
-	{
-	char buf[8];
-	unsigned char *p,*d,*dd;
-	unsigned int i;
-	unsigned int csl,sil,cl;
-	int n=0,j;
-	BIO *bbio;
-	int type=0;
-
-	/* read the initial header */
-	if (s->state ==	SSL23_ST_SR_CLNT_HELLO_A)
-		{
-		if (!ssl3_setup_buffers(s)) goto err;
-
-		n=ssl23_read_bytes(s,7);
-		if (n != 7) return(n);
-
-		p=s->packet;
-
-		memcpy(buf,p,n);
-
-		if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO))
-			{
-			/* SSLv2 header */
-			if ((p[3] == 0x00) && (p[4] == 0x02))
-				{
-				/* SSLv2 */
-				type=1;
-				}
-			else if ((p[3] == SSL3_VERSION_MAJOR) &&
-				 (p[4] == SSL3_VERSION_MINOR))
-				{
-				/* SSLv3 */
-				s->state=SSL23_ST_SR_CLNT_HELLO_B;
-				}
-			}
-		else if ((p[0] == SSL3_RT_HANDSHAKE) &&
-			 (p[1] == SSL3_VERSION_MAJOR) &&
-			 (p[2] == SSL3_VERSION_MINOR) &&
-			 (p[5] == SSL3_MT_CLIENT_HELLO))
-			{
-			/* true SSLv3 */
-			type=3;
-			}
-		}
-
-	if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
-		{
-		/* we have a SSLv3 in a SSLv2 header */
-		type=2;
-		p=s->packet;
-		n=((p[0]&0x7f)<<8)|p[1];
-		if (n > (1024*4))
-			{
-			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
-			goto err;
-			}
-
-		j=ssl23_read_bytes(s,n+2);
-		if (j <= 0) return(j);
-
-		ssl3_finish_mac(s,&(s->packet[2]),s->packet_length-2);
-
-		p=s->packet;
-		p+=5;
-		n2s(p,csl);
-		n2s(p,sil);
-		n2s(p,cl);
-		d=(unsigned char *)s->init_buf->data;
-		if ((csl+sil+cl+11) != s->packet_length)
-			{
-			SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_LENGTH_MISMATCH);
-			goto err;
-			}
-
-		*(d++)=SSL3_VERSION_MAJOR;
-		*(d++)=SSL3_VERSION_MINOR;
-
-		/* lets populate the random area */
-		/* get the chalenge_length */
-		i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;
-		memset(d,0,SSL3_RANDOM_SIZE);
-		memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);
-		d+=SSL3_RANDOM_SIZE;
-
-		/* no session-id reuse */
-		*(d++)=0;
-
-		/* ciphers */
-		j=0;
-		dd=d;
-		d+=2;
-		for (i=0; i<csl; i+=3)
-			{
-			if (p[i] != 0) continue;
-			*(d++)=p[i+1];
-			*(d++)=p[i+2];
-			j+=2;
-			}
-		s2n(j,dd);
-
-		/* compression */
-		*(d++)=1;
-		*(d++)=0;
-		
-		i=(d-(unsigned char *)s->init_buf->data);
-
-		/* get the data reused from the init_buf */
-		s->s3->tmp.reuse_message=1;
-		s->s3->tmp.message_type=SSL3_MT_CLIENT_HELLO;
-		s->s3->tmp.message_size=i;
-		}
-
-	if (type == 1)
-		{
-		/* we are talking sslv2 */
-		/* we need to clean up the SSLv3 setup and put in the
-		 * sslv2 stuff. */
-
-		if (s->s2 == NULL)
-			{
-			if (!ssl2_new(s))
-				goto err;
-			}
-		else
-			ssl2_clear(s);
-
-		if (s->s3 != NULL) ssl3_free(s);
-
-		if (!BUF_MEM_grow(s->init_buf,
-			SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
-			{
-			goto err;
-			}
-
-		s->state=SSL2_ST_GET_CLIENT_HELLO_A;
-		if (s->ctx->options & SSL_OP_MSIE_SSLV2_RSA_PADDING)
-			s->s2->ssl2_rollback=0;
-		else
-			s->s2->ssl2_rollback=1;
-
-		/* setup the 5 bytes we have read so we get them from
-		 * the sslv2 buffer */
-		s->rstate=SSL_ST_READ_HEADER;
-		s->packet_length=n;
-		s->packet= &(s->s2->rbuf[0]);
-		memcpy(s->packet,buf,n);
-		s->s2->rbuf_left=n;
-		s->s2->rbuf_offs=0;
-
-		s->method=SSLv2_server_method();
-		s->handshake_func=s->method->ssl_accept;
-		}
-
-	if ((type == 2) || (type == 3))
-		{
-		/* we have sslv3 */
-
-		if (s->bbio == NULL)
-			{
-			bbio=BIO_new(BIO_f_buffer());
-			if (bbio == NULL)
-				goto err;
-			s->bbio=bbio;
-			}
-		else
-			bbio=s->bbio;
-		BIO_reset(bbio);
-		if (!BIO_set_write_buffer_size(bbio,16*1024))
-			goto err;
-		s->wbio=BIO_push(bbio,s->wbio);
-
-		/* we are in this state */
-		s->state=SSL3_ST_SR_CLNT_HELLO_A;
-
-		if (type == 3)
-			{
-			/* put the 'n' bytes we have read into the input buffer
-			 * for SSLv3 */
-			s->rstate=SSL_ST_READ_HEADER;
-			s->packet_length=n;
-			s->packet= &(s->s3->rbuf.buf[0]);
-			memcpy(s->packet,buf,n);
-			s->s3->rbuf.left=n;
-			s->s3->rbuf.offset=0;
-			}
-		else
-			{
-			s->packet_length=0;
-			s->s3->rbuf.left=0;
-			s->s3->rbuf.offset=0;
-			}
-
-		s->method=SSLv3_server_method();
-		s->handshake_func=s->method->ssl_accept;
-		}
-	
-	if ((type < 1) || (type > 3))
-		{
-		/* bad, very bad */
-		SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);
-		goto err;
-		}
-	s->init_num=0;
-	return(SSL_accept(s));
-err:
-	return(-1);
-	}
-
diff --git a/test/.cvsignore b/test/.cvsignore
new file mode 100644
index 0000000000..58236039d6
--- /dev/null
+++ b/test/.cvsignore
@@ -0,0 +1,15 @@
+*test
+demoCA
+certCA.srl
+.rnd
+testkey.pem
+testreq.pem
+keyCA.ss
+reqCA.ss
+certCA.ss
+req2CA.ss
+keyU.ss
+reqU.ss
+certU.ss
+Makefile.save
+tmp.bntest
diff --git a/test/Makefile.ssl b/test/Makefile.ssl
index e57acd76b0..1489c04967 100644
--- a/test/Makefile.ssl
+++ b/test/Makefile.ssl
@@ -5,19 +5,26 @@
 DIR=		test
 TOP=		..
 CC=		cc
-INCLUDES=	-I../include
+INCLUDES=	-I$(TOP) -I../include $(KRB5_INCLUDES)
 CFLAG=		-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=	/usr/local/ssl
 MAKEFILE=	Makefile.ssl
 MAKE=		make -f $(MAKEFILE)
-MAKEDEPEND=	makedepend -f$(MAKEFILE)
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+PERL=		perl
 
 PEX_LIBS=
 EX_LIBS= #-lnsl -lsocket
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
-GENERAL=Makefile.ssl
+GENERAL=Makefile.ssl maketests.com \
+	tests.com testenc.com tx509.com trsa.com tcrl.com tsid.com treq.com \
+	tpkcs7.com tpkcs7d.com tverify.com testgen.com testss.com testssl.com \
+	testca.com VMSca-response.1 VMSca-response.2
 
 DLIBCRYPTO= ../libcrypto.a
 DLIBSSL= ../libssl.a
@@ -25,6 +32,9 @@ LIBCRYPTO= -L.. -lcrypto
 LIBSSL= -L.. -lssl
 
 BNTEST=		bntest
+ECTEST=		ectest
+ECDSATEST=	ecdsatest
+ECDHTEST=	ecdhtest
 EXPTEST=	exptest
 IDEATEST=	ideatest
 SHATEST=	shatest
@@ -32,6 +42,7 @@ SHA1TEST=	sha1test
 MDC2TEST=	mdc2test
 RMDTEST=	rmdtest
 MD2TEST=	md2test
+MD4TEST=	md4test
 MD5TEST=	md5test
 HMACTEST=	hmactest
 RC2TEST=	rc2test
@@ -45,25 +56,38 @@ DHTEST=		dhtest
 DSATEST=	dsatest
 METHTEST=	methtest
 SSLTEST=	ssltest
+RSATEST=	rsa_test
+ENGINETEST=	enginetest
+EVPTEST=	evp_test
 
-EXE=	$(BNTEST) $(IDEATEST) $(MD2TEST)  $(MD5TEST) $(HMACTEST) \
+TESTS=		alltests
+
+EXE=	$(BNTEST) $(ECTEST)  $(ECDSATEST) $(ECDHTEST) $(IDEATEST) \
+	$(MD2TEST)  $(MD4TEST) $(MD5TEST) $(HMACTEST) \
 	$(RC2TEST) $(RC4TEST) $(RC5TEST) \
 	$(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \
-	$(RANDTEST) $(DHTEST) \
-	$(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST)
+	$(RANDTEST) $(DHTEST) $(ENGINETEST) \
+	$(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST) $(RSATEST) \
+	$(EVPTEST)
 
 # $(METHTEST)
 
-OBJ=	$(BNTEST).o $(IDEATEST).o $(MD2TEST).o  $(MD5TEST).o $(HMACTEST).o \
+OBJ=	$(BNTEST).o $(ECTEST).o  $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \
+	$(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \
+	$(HMACTEST).o \
 	$(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
 	$(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \
-	$(RANDTEST).o $(DHTEST).o $(CASTTEST).o \
-	$(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o
-SRC=	$(BNTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD5TEST).c  $(HMACTEST).c \
+	$(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
+	$(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o $(RSATEST).o \
+	$(EVPTEST).o
+SRC=	$(BNTEST).c $(ECTEST).c  $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
+	$(MD2TEST).c  $(MD4TEST).c $(MD5TEST).c \
+	$(HMACTEST).c \
 	$(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
 	$(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
-	$(RANDTEST).c $(DHTEST).c $(CASTTEST).c \
-	$(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c
+	$(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \
+	$(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c $(RSATEST).c \
+	$(EVPTEST).c
 
 EXHEADER= 
 HEADER=	$(EXHEADER)
@@ -71,18 +95,21 @@ HEADER=	$(EXHEADER)
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
 top:
-	(cd ..; $(MAKE) DIRS=$(DIR) all)
+	(cd ..; $(MAKE) DIRS=$(DIR) TESTS=$(TESTS) all)
 
 all:	exe
 
-exe:	$(EXE)
+exe:	$(EXE) dummytest
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	@@$(TOP)/util/point.sh Makefile.ssl Makefile
+
+generate: $(SRC)
+$(SRC):
+	@$(TOP)/util/point.sh dummytest.c $@
 
 errors:
 
@@ -91,204 +118,715 @@ install:
 tags:
 	ctags $(SRC)
 
-tests:	exe apps \
-	test_des test_idea test_sha test_md5 test_hmac test_md2 test_mdc2 \
-	test_rc2 test_rc4 test_rc5 test_bf test_cast \
-	test_rand test_enc test_x509 test_rsa test_crl test_sid test_req \
-	test_pkcs7 test_bn test_verify test_dh test_dsa test_reqgen \
-	test_ss test_ssl test_ca
+tests:	exe apps $(TESTS)
 
 apps:
-	@(cd ../apps; $(MAKE)  CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' all)
+	@(cd ..; $(MAKE) DIRS=apps all)
+
+SET_SO_PATHS=LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$$LIBPATH"; DYLD_LIBRARY_PATH="$$LIBPATH"; SHLIB_PATH="$$LIBPATH"; \
+		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="$$LIBPATH\;$$PATH";  \
+		elif [ "$(PLATFORM)" != "Cygwin" ];  then PATH="$$LIBPATH:$$PATH"; fi; \
+		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH
+
+alltests: \
+	test_des test_idea test_sha test_md4 test_md5 test_hmac \
+	test_md2 test_mdc2 \
+	test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_rd \
+	test_rand test_bn test_ec test_ecdsa test_ecdh \
+	test_enc test_x509 test_rsa test_crl test_sid \
+	test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
+	test_ss test_ca test_engine test_evp test_ssl
+
+test_evp:
+	$(SET_SO_PATHS); ./$(EVPTEST) evptests.txt
 
 test_des:
-	./$(DESTEST)
+	$(SET_SO_PATHS); ./$(DESTEST)
 
 test_idea:
-	./$(IDEATEST)
+	$(SET_SO_PATHS); ./$(IDEATEST)
 
 test_sha:
-	./$(SHATEST)
-	./$(SHA1TEST)
+	$(SET_SO_PATHS); ./$(SHATEST)
+	$(SET_SO_PATHS); ./$(SHA1TEST)
 
 test_mdc2:
-	./$(MDC2TEST)
+	$(SET_SO_PATHS); ./$(MDC2TEST)
 
 test_md5:
-	./$(MD5TEST)
+	$(SET_SO_PATHS); ./$(MD5TEST)
+
+test_md4:
+	$(SET_SO_PATHS); ./$(MD4TEST)
 
 test_hmac:
-	./$(HMACTEST)
+	$(SET_SO_PATHS); ./$(HMACTEST)
 
 test_md2:
-	./$(MD2TEST)
+	$(SET_SO_PATHS); ./$(MD2TEST)
 
 test_rmd:
-	./$(RMDTEST)
+	$(SET_SO_PATHS); ./$(RMDTEST)
 
 test_bf:
-	./$(BFTEST)
+	$(SET_SO_PATHS); ./$(BFTEST)
 
 test_cast:
-	./$(CASTTEST)
+	$(SET_SO_PATHS); ./$(CASTTEST)
 
 test_rc2:
-	./$(RC2TEST)
+	$(SET_SO_PATHS); ./$(RC2TEST)
 
 test_rc4:
-	./$(RC4TEST)
+	$(SET_SO_PATHS); ./$(RC4TEST)
 
 test_rc5:
-	./$(RC5TEST)
+	$(SET_SO_PATHS); ./$(RC5TEST)
 
 test_rand:
-	./$(RANDTEST)
+	$(SET_SO_PATHS); ./$(RANDTEST)
 
 test_enc:
-	@sh ./testenc
+	@$(SET_SO_PATHS); sh ./testenc
 
 test_x509:
 	echo test normal x509v1 certificate
-	sh ./tx509 2>/dev/null
+	$(SET_SO_PATHS); sh ./tx509 2>/dev/null
 	echo test first x509v3 certificate
-	sh ./tx509 v3-cert1.pem 2>/dev/null
+	$(SET_SO_PATHS); sh ./tx509 v3-cert1.pem 2>/dev/null
 	echo test second x509v3 certificate
-	sh ./tx509 v3-cert2.pem 2>/dev/null
+	$(SET_SO_PATHS); sh ./tx509 v3-cert2.pem 2>/dev/null
 
 test_rsa:
-	@sh ./trsa 2>/dev/null
+	@$(SET_SO_PATHS); sh ./trsa 2>/dev/null
+	$(SET_SO_PATHS); ./$(RSATEST)
 
 test_crl:
-	@sh ./tcrl 2>/dev/null
+	@$(SET_SO_PATHS); sh ./tcrl 2>/dev/null
 
 test_sid:
-	@sh ./tsid 2>/dev/null
+	@$(SET_SO_PATHS); sh ./tsid 2>/dev/null
 
 test_req:
-	@sh ./treq 2>/dev/null
-	@sh ./treq testreq2.pem 2>/dev/null
+	@$(SET_SO_PATHS); sh ./treq 2>/dev/null
+	@$(SET_SO_PATHS); sh ./treq testreq2.pem 2>/dev/null
 
 test_pkcs7:
-	@sh ./tpkcs7 2>/dev/null
-	@sh ./tpkcs7d 2>/dev/null
+	@$(SET_SO_PATHS); sh ./tpkcs7 2>/dev/null
+	@$(SET_SO_PATHS); sh ./tpkcs7d 2>/dev/null
 
 test_bn:
-	@echo 'test a^b%c implementations'
-	./$(EXPTEST)
 	@echo starting big number library test, could take a while...
-	@(./$(BNTEST)|bc) | awk '{ \
-if ($$0 != "0") {print "error"; exit(1); } \
-if (((NR+1)%64) == 0) print NR+1," tests done"; }'
+	@$(SET_SO_PATHS); ./$(BNTEST) >tmp.bntest
+	@echo quit >>tmp.bntest
+	@echo "running bc"
+	@<tmp.bntest sh -c "`sh ./bctest ignore`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
+	@echo 'test a^b%c implementations'
+	$(SET_SO_PATHS); ./$(EXPTEST)
+
+test_ec:
+	@echo 'test elliptic curves'
+	$(SET_SO_PATHS); ./$(ECTEST)
+
+test_ecdsa:
+	@echo 'test ecdsa'
+	$(SET_SO_PATHS); ./$(ECDSATEST)
+
+test_ecdh:
+	@echo 'test ecdh'
+	$(SET_SO_PATHS); ./$(ECDHTEST)
 
 test_verify:
 	@echo "The following command should have some OK's and some failures"
 	@echo "There are definitly a few expired certificates"
-	../apps/ssleay verify -CApath ../certs ../certs/*.pem
+	$(SET_SO_PATHS); ../apps/openssl verify -CApath ../certs ../certs/*.pem
 
 test_dh:
-	@echo "Generate as set of DH parameters"
-	./$(DHTEST)
+	@echo "Generate a set of DH parameters"
+	$(SET_SO_PATHS); ./$(DHTEST)
 
 test_dsa:
-	@echo "Generate as set of DSA parameters"
-	./$(DSATEST)
+	@echo "Generate a set of DSA parameters"
+	$(SET_SO_PATHS); ./$(DSATEST)
+	$(SET_SO_PATHS); ./$(DSATEST) -app2_1
 
-test_reqgen:
+test_gen:
 	@echo "Generate and verify a certificate request"
-	@sh ./testgen
+	@$(SET_SO_PATHS); sh ./testgen
 
-test_ss:
+test_ss keyU.ss certU.ss certCA.ss: testss
 	@echo "Generate and certify a test certificate"
-	@sh ./testss
+	@$(SET_SO_PATHS); sh ./testss
+
+test_engine: 
+	@echo "Manipulate the ENGINE structures"
+	$(SET_SO_PATHS); ./$(ENGINETEST)
 
-test_ssl:
+test_ssl: keyU.ss certU.ss certCA.ss
 	@echo "test SSL protocol"
-	@sh ./testssl
+	@$(SET_SO_PATHS); sh ./testssl keyU.ss certU.ss certCA.ss
 
 test_ca:
-	@echo "Generate and certify a test certificate via the 'ca' program"
-	@sh ./testca
+	@$(SET_SO_PATHS); if ../apps/openssl no-rsa; then \
+	  echo "skipping CA.sh test -- requires RSA"; \
+	else \
+	  echo "Generate and certify a test certificate via the 'ca' program"; \
+	  sh ./testca; \
+ 	fi
+
+test_rd: #$(RDTEST)
+#	@echo "test Rijndael"
+#	$(SET_SO_PATHS); ./$(RDTEST)
 
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff
 
 depend:
-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(SRC)
+	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
+	rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss *.srl log
 
 $(DLIBSSL):
-	(cd ../ssl; $(MAKE))
+	(cd ..; $(MAKE) DIRS=ssl all)
 
 $(DLIBCRYPTO):
-	(cd ../crypto; $(MAKE))
+	(cd ..; $(MAKE) DIRS=crypto all)
+
+$(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(BNTEST): $(BNTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
+
+$(ECTEST): $(ECTEST).o $(DLIBCRYPTO)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(ECTEST) $(CFLAGS) $(ECTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(ECTEST) $(CFLAGS) $(ECTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(EXPTEST): $(EXPTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(IDEATEST): $(IDEATEST).o $(DLIBCRYPTO)
-	$(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(MD2TEST): $(MD2TEST).o $(DLIBCRYPTO)
-	$(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(SHATEST): $(SHATEST).o $(DLIBCRYPTO)
-	$(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO)
-	$(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO)
-	$(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
+
+$(MD4TEST): $(MD4TEST).o $(DLIBCRYPTO)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(MD4TEST) $(CFLAGS) $(MD4TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(MD4TEST) $(CFLAGS) $(MD4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO)
-	$(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO)
-	$(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(BFTEST): $(BFTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO)
-	$(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO)
-	$(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(DESTEST): $(DESTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(RANDTEST): $(RANDTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(DHTEST): $(DHTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(DSATEST): $(DSATEST).o $(DLIBCRYPTO)
-	$(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(METHTEST): $(METHTEST).o $(DLIBCRYPTO)
-	$(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
-	$(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
+
+$(ENGINETEST): $(ENGINETEST).o $(DLIBCRYPTO)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(ENGINETEST) $(CFLAGS) $(ENGINETEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(ENGINETEST) $(CFLAGS) $(ENGINETEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
+
+$(EVPTEST): $(EVPTEST).o $(DLIBCRYPTO)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(EVPTEST) $(CFLAGS) $(EVPTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(EVPTEST) $(CFLAGS) $(EVPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
+
+$(ECDSATEST): $(ECDSATEST).o $(DLIBCRYPTO)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(ECDSATEST) $(CFLAGS) $(ECDSATEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(ECDSATEST) $(CFLAGS) $(ECDSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
+
+$(ECDHTEST): $(ECDHTEST).o $(DLIBCRYPTO)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o $(ECDHTEST) $(CFLAGS) $(ECDHTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o $(ECDHTEST) $(CFLAGS) $(ECDHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
+
+#$(RDTEST).o: $(RDTEST).c
+#	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(RDTEST).c
+
+#$(RDTEST): $(RDTEST).o $(DLIBCRYPTO)
+#	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+#	  $(CC) -o $(RDTEST) $(CFLAGS) $(RDTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+#	else \
+#	  $(CC) -o $(RDTEST) $(CFLAGS) $(RDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+#	fi
+
+dummytest: dummytest.o $(DLIBCRYPTO)
+	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+	  $(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+	else \
+	  $(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+	fi
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+bftest.o: ../e_os.h ../include/openssl/blowfish.h ../include/openssl/e_os2.h
+bftest.o: ../include/openssl/opensslconf.h bftest.c
+bntest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+bntest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+bntest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+bntest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+bntest.o: ../include/openssl/des.h ../include/openssl/des_old.h
+bntest.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+bntest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+bntest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+bntest.o: ../include/openssl/err.h ../include/openssl/evp.h
+bntest.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+bntest.o: ../include/openssl/md2.h ../include/openssl/md4.h
+bntest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+bntest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+bntest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+bntest.o: ../include/openssl/ossl_typ.h ../include/openssl/pkcs7.h
+bntest.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+bntest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+bntest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+bntest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+bntest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+bntest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+bntest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bntest.c
+casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h
+casttest.o: ../include/openssl/opensslconf.h casttest.c
+destest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+destest.o: ../include/openssl/des_old.h ../include/openssl/e_os2.h
+destest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+destest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+destest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+destest.o: ../include/openssl/ui_compat.h destest.c
+dhtest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
+dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+dhtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+dhtest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+dhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h dhtest.c
+dsatest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+dsatest.o: ../include/openssl/bn.h ../include/openssl/crypto.h
+dsatest.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+dsatest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+dsatest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+dsatest.o: ../include/openssl/engine.h ../include/openssl/err.h
+dsatest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+dsatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+dsatest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+dsatest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h dsatest.c
+ecdhtest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ecdhtest.o: ../include/openssl/bn.h ../include/openssl/crypto.h
+ecdhtest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ecdhtest.o: ../include/openssl/ecdh.h ../include/openssl/err.h
+ecdhtest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ecdhtest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ecdhtest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ecdhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+ecdhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ecdhtest.c
+ecdsatest.o: ../include/openssl/aes.h ../include/openssl/asn1.h
+ecdsatest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ecdsatest.o: ../include/openssl/bn.h ../include/openssl/cast.h
+ecdsatest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ecdsatest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ecdsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ecdsatest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ecdsatest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+ecdsatest.o: ../include/openssl/err.h ../include/openssl/evp.h
+ecdsatest.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+ecdsatest.o: ../include/openssl/md2.h ../include/openssl/md4.h
+ecdsatest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+ecdsatest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+ecdsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ecdsatest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
+ecdsatest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ecdsatest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ecdsatest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ecdsatest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+ecdsatest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+ecdsatest.o: ../include/openssl/ui_compat.h ecdsatest.c
+ectest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+ectest.o: ../include/openssl/bn.h ../include/openssl/crypto.h
+ectest.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ectest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+ectest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+ectest.o: ../include/openssl/engine.h ../include/openssl/err.h
+ectest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+ectest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ectest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ectest.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+ectest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+ectest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h ectest.c
+enginetest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+enginetest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+enginetest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+enginetest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+enginetest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+enginetest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+enginetest.o: ../include/openssl/err.h ../include/openssl/lhash.h
+enginetest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+enginetest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
+enginetest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+enginetest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+enginetest.o: ../include/openssl/ui.h enginetest.c
+evp_test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+evp_test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+evp_test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+evp_test.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+evp_test.o: ../include/openssl/des.h ../include/openssl/des_old.h
+evp_test.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+evp_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+evp_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+evp_test.o: ../include/openssl/engine.h ../include/openssl/err.h
+evp_test.o: ../include/openssl/evp.h ../include/openssl/idea.h
+evp_test.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+evp_test.o: ../include/openssl/md4.h ../include/openssl/md5.h
+evp_test.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+evp_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+evp_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+evp_test.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+evp_test.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+evp_test.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+evp_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+evp_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+evp_test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h evp_test.c
+exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
+exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h
+exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+exptest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h
+exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+exptest.o: ../include/openssl/symhacks.h exptest.c
+hmactest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+hmactest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+hmactest.o: ../include/openssl/bn.h ../include/openssl/cast.h
+hmactest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+hmactest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+hmactest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+hmactest.o: ../include/openssl/idea.h ../include/openssl/md2.h
+hmactest.o: ../include/openssl/md4.h ../include/openssl/md5.h
+hmactest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+hmactest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+hmactest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+hmactest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+hmactest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+hmactest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+hmactest.o: ../include/openssl/symhacks.h ../include/openssl/ui.h
+hmactest.o: ../include/openssl/ui_compat.h hmactest.c
+ideatest.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/idea.h
+ideatest.o: ../include/openssl/opensslconf.h ideatest.c
+md2test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+md2test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+md2test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+md2test.o: ../include/openssl/crypto.h ../include/openssl/des.h
+md2test.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+md2test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+md2test.o: ../include/openssl/evp.h ../include/openssl/idea.h
+md2test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+md2test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+md2test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+md2test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+md2test.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+md2test.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+md2test.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+md2test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+md2test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+md2test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h md2test.c
+md4test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+md4test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+md4test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+md4test.o: ../include/openssl/crypto.h ../include/openssl/des.h
+md4test.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+md4test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+md4test.o: ../include/openssl/evp.h ../include/openssl/idea.h
+md4test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+md4test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+md4test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+md4test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+md4test.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+md4test.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+md4test.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+md4test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+md4test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+md4test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h md4test.c
+md5test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+md5test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+md5test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+md5test.o: ../include/openssl/crypto.h ../include/openssl/des.h
+md5test.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+md5test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+md5test.o: ../include/openssl/evp.h ../include/openssl/idea.h
+md5test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+md5test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+md5test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+md5test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+md5test.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+md5test.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+md5test.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+md5test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+md5test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+md5test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h md5test.c
+mdc2test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+mdc2test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+mdc2test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+mdc2test.o: ../include/openssl/crypto.h ../include/openssl/des.h
+mdc2test.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+mdc2test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+mdc2test.o: ../include/openssl/evp.h ../include/openssl/idea.h
+mdc2test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+mdc2test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+mdc2test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+mdc2test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+mdc2test.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+mdc2test.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+mdc2test.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+mdc2test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+mdc2test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+mdc2test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h mdc2test.c
+randtest.o: ../e_os.h ../include/openssl/e_os2.h
+randtest.o: ../include/openssl/opensslconf.h ../include/openssl/ossl_typ.h
+randtest.o: ../include/openssl/rand.h randtest.c
+rc2test.o: ../e_os.h ../include/openssl/e_os2.h
+rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h rc2test.c
+rc4test.o: ../e_os.h ../include/openssl/e_os2.h
+rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h rc4test.c
+rc5test.o: ../e_os.h ../include/openssl/e_os2.h
+rc5test.o: ../include/openssl/opensslconf.h ../include/openssl/rc5.h rc5test.c
+rmdtest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+rmdtest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+rmdtest.o: ../include/openssl/bn.h ../include/openssl/cast.h
+rmdtest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+rmdtest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+rmdtest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+rmdtest.o: ../include/openssl/evp.h ../include/openssl/idea.h
+rmdtest.o: ../include/openssl/md2.h ../include/openssl/md4.h
+rmdtest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+rmdtest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+rmdtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+rmdtest.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+rmdtest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+rmdtest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+rmdtest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+rmdtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+rmdtest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h rmdtest.c
+rsa_test.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+rsa_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h
+rsa_test.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+rsa_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+rsa_test.o: ../include/openssl/engine.h ../include/openssl/err.h
+rsa_test.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+rsa_test.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+rsa_test.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+rsa_test.o: ../include/openssl/symhacks.h ../include/openssl/ui.h rsa_test.c
+sha1test.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+sha1test.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+sha1test.o: ../include/openssl/bn.h ../include/openssl/cast.h
+sha1test.o: ../include/openssl/crypto.h ../include/openssl/des.h
+sha1test.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+sha1test.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+sha1test.o: ../include/openssl/evp.h ../include/openssl/idea.h
+sha1test.o: ../include/openssl/md2.h ../include/openssl/md4.h
+sha1test.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+sha1test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+sha1test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+sha1test.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+sha1test.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+sha1test.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+sha1test.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+sha1test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+sha1test.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h sha1test.c
+shatest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+shatest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+shatest.o: ../include/openssl/bn.h ../include/openssl/cast.h
+shatest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+shatest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+shatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+shatest.o: ../include/openssl/evp.h ../include/openssl/idea.h
+shatest.o: ../include/openssl/md2.h ../include/openssl/md4.h
+shatest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+shatest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+shatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+shatest.o: ../include/openssl/ossl_typ.h ../include/openssl/rc2.h
+shatest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+shatest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+shatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+shatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+shatest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h shatest.c
+ssltest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/asn1.h
+ssltest.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+ssltest.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+ssltest.o: ../include/openssl/cast.h ../include/openssl/comp.h
+ssltest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ssltest.o: ../include/openssl/des_old.h ../include/openssl/dh.h
+ssltest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+ssltest.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+ssltest.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h
+ssltest.o: ../include/openssl/err.h ../include/openssl/evp.h
+ssltest.o: ../include/openssl/idea.h ../include/openssl/kssl.h
+ssltest.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+ssltest.o: ../include/openssl/md4.h ../include/openssl/md5.h
+ssltest.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+ssltest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+ssltest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+ssltest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+ssltest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+ssltest.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssltest.o: ../include/openssl/ui.h ../include/openssl/ui_compat.h
+ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssltest.c
diff --git a/test/VMSca-response.1 b/test/VMSca-response.1
new file mode 100644
index 0000000000..8b13789179
--- /dev/null
+++ b/test/VMSca-response.1
@@ -0,0 +1 @@
+
diff --git a/test/VMSca-response.2 b/test/VMSca-response.2
new file mode 100644
index 0000000000..9b48ee4cf9
--- /dev/null
+++ b/test/VMSca-response.2
@@ -0,0 +1,2 @@
+y
+y
diff --git a/test/bctest b/test/bctest
new file mode 100755
index 0000000000..bdb3218f7a
--- /dev/null
+++ b/test/bctest
@@ -0,0 +1,111 @@
+#!/bin/sh
+
+# This script is used by test/Makefile.ssl to check whether a sane 'bc'
+# is installed.
+# ('make test_bn' should not try to run 'bc' if it does not exist or if
+# it is a broken 'bc' version that is known to cause trouble.)
+#
+# If 'bc' works, we also test if it knows the 'print' command.
+#
+# In any case, output an appropriate command line for running (or not
+# running) bc.
+
+
+IFS=:
+try_without_dir=true
+# First we try "bc", then "$dir/bc" for each item in $PATH.
+for dir in dummy:$PATH; do
+    if [ "$try_without_dir" = true ]; then
+      # first iteration
+      bc=bc
+      try_without_dir=false
+    else
+      # second and later iterations
+      bc="$dir/bc"
+      if [ ! -f "$bc" ]; then  # '-x' is not available on Ultrix
+        bc=''
+      fi
+    fi
+
+    if [ ! "$bc" = '' ]; then
+        failure=none
+
+
+        # Test for SunOS 5.[78] bc bug
+        "$bc" >tmp.bctest <<\EOF
+obase=16
+ibase=16
+a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
+CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
+10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
+C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
+3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
+4FC3CADF855448B24A9D7640BCF473E
+b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
+9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
+8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
+3ED0E2017D60A68775B75481449
+(a/b)*b + (a%b) - a
+EOF
+        if [ 0 != "`cat tmp.bctest`" ]; then
+            failure=SunOStest
+        fi
+
+
+        if [ "$failure" = none ]; then
+            # Test for SCO bc bug.
+            "$bc" >tmp.bctest <<\EOF
+obase=16
+ibase=16
+-FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
+9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
+11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
+1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
+AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
+F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
+B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
+02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
+85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
+A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
+E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
+8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
+04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
+89C8D71
+AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
+928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
+8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
+37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
+E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
+F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
+9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
+D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
+5296964
+EOF
+            if [ "0
+0" != "`cat tmp.bctest`" ]; then
+                failure=SCOtest
+            fi
+        fi
+
+
+        if [ "$failure" = none ]; then
+            # bc works; now check if it knows the 'print' command.
+            if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ]
+            then
+                echo "$bc"
+            else
+                echo "sed 's/print.*//' | $bc"
+            fi
+            exit 0
+        fi
+
+        echo "$bc does not work properly ('$failure' failed).  Looking for another bc ..." >&2
+    fi
+done
+
+echo "No working bc found.  Consider installing GNU bc." >&2
+if [ "$1" = ignore ]; then
+  echo "cat >/dev/null"
+  exit 0
+fi
+exit 1
diff --git a/test/certCA.srl b/test/certCA.srl
deleted file mode 100644
index 3ad5abd03a..0000000000
--- a/test/certCA.srl
+++ /dev/null
@@ -1 +0,0 @@
-99
diff --git a/test/dsa-ca.pem b/test/dsa-ca.pem
deleted file mode 100644
index 9eb08f3ddd..0000000000
--- a/test/dsa-ca.pem
+++ /dev/null
@@ -1,43 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0
-
-svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0
-Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl
-Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/
-par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr
-zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO
-uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5
-rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx
-1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4
-HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827
-MVqOsYxGCb+kez0FoDSTgw==
------END DSA PRIVATE KEY-----
------BEGIN CERTIFICATE REQUEST-----
-MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
-ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew
-ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW
-sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m
-rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk
-cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo
-bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR
-CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB
-F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH
-vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq
-AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u
-3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v
-AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==
------END CERTIFICATE REQUEST-----
------BEGIN CERTIFICATE-----
-MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
-U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
-CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw
-CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
-ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE
-AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi
-ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh
-MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD
-MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa
-C1Q=
------END CERTIFICATE-----
-
diff --git a/test/dsa-pca.pem b/test/dsa-pca.pem
deleted file mode 100644
index e3641ad47e..0000000000
--- a/test/dsa-pca.pem
+++ /dev/null
@@ -1,49 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4
-
-GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS
-mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt
-of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr
-FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX
-RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd
-qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1
-diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn
-V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h
-hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf
-dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7
------END DSA PRIVATE KEY-----
------BEGIN CERTIFICATE REQUEST-----
-MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
-ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB
-MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G
-lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O
-Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR
-5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl
-aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6
-kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als
-QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe
-6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ
-yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0
-z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB
-nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==
------END CERTIFICATE REQUEST-----
------BEGIN CERTIFICATE-----
-MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
-U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
-CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw
-CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
-ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww
-ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ
-R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5
-JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps
-BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze
-mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO
-VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C
-uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
-umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
-29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D
-AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n
-5rKUjNBhSg==
------END CERTIFICATE-----
-
diff --git a/test/dummytest.c b/test/dummytest.c
new file mode 100644
index 0000000000..5b4467e042
--- /dev/null
+++ b/test/dummytest.c
@@ -0,0 +1,48 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <openssl/e_os2.h>
+#include <openssl/buffer.h>
+#include <openssl/crypto.h>
+
+int main(int argc, char *argv[])
+	{
+	char *p, *q = 0, *program;
+
+	p = strrchr(argv[0], '/');
+	if (!p) p = strrchr(argv[0], '\\');
+#ifdef OPENSSL_SYS_VMS
+	if (!p) p = strrchr(argv[0], ']');
+	if (p) q = strrchr(p, '>');
+	if (q) p = q;
+	if (!p) p = strrchr(argv[0], ':');
+	q = 0;
+#endif
+	if (p) p++;
+	if (!p) p = argv[0];
+	if (p) q = strchr(p, '.');
+	if (p && !q) q = p + strlen(p);
+
+	if (!p)
+		program = BUF_strdup("(unknown)");
+	else
+		{
+		program = OPENSSL_malloc((q - p) + 1);
+		strncpy(program, p, q - p);
+		program[q - p] = '\0';
+		}
+
+	for(p = program; *p; p++)
+		if (islower((unsigned char)(*p)))
+			*p = toupper((unsigned char)(*p));
+
+	q = strstr(program, "TEST");
+	if (q > p && q[-1] == '_') q--;
+	*q = '\0';
+
+	printf("No %s support\n", program);
+
+	OPENSSL_free(program);
+	return(0);
+	}
diff --git a/test/f b/test/f
deleted file mode 100644
index 4a71d9d641..0000000000
--- a/test/f
+++ /dev/null
@@ -1,650 +0,0 @@
-obase=16
-ibase=16
-9826C5263D673FC458F4C7FCDD609978 + 1EFBECC603C43CFE028AAF5D63AAB8 - 45C113036B040156F752AC3AC44430
-9826C5263D673FC458F4C7FCDD609978 + -CCEC172481D6DD51DFE18A4ED17182 - B759D90F18E568E70714E6728E8F27F6
--9826C5263D673FC458F4C7FCDD609978 + 124BB42FAEA42A6D89A334E249C80C - -F71479720DB89B99EB6B24C7FB16D16C
--9826C5263D673FC458F4C7FCDD609978 + -3D57C8E2E4255CA90A248D4D353C56 - -F7641CEF204B652101FEEC8A2A95D5CE
-9826C5263D673FC458F4C7FCDD609978 + C980C21CA60D481316D3977687025A - F7F045E85A0D4D0C6C0B9B9453E79BD2
-9826C5263D673FC458F4C7FCDD609978 + -40DB1703297959B645DF087C0B4B32 - 54E5EA0F3A3DC66AA2AEE8F461554E46
--9826C5263D673FC458F4C7FCDD609978 + B64AD8441BB310BFA54545427ECEE6 - -A707A4DF94B8CB3994F82B79AE1CA92
--9826C5263D673FC458F4C7FCDD609978 + -3B5CE56D5AA68F43565E4CF43325E4 - -A62220BAAC1E6539C4B2649D193BF5C
-9826C5263D673FC458F4C7FCDD609978 + B242A3654666ADF7C4CA38086E7D8A - AD907C9A2ADA67250B99234E5CF1702
-9826C5263D673FC458F4C7FCDD609978 + -801CFBAC244F6EBBC602C541DCAA93 - AA6A82A9142F0559D2EC5379B83EEE5
--9826C5263D673FC458F4C7FCDD609978 + ACF681C282DFF37079230A3C1C8149 - -C979CEA47AE45FD0E87BA4F2A144182F
--9826C5263D673FC458F4C7FCDD609978 + -ADC66D22EFC695963FF79CC7E8E40E - -C9D48B9360570659EF34BF99A5497D86
-9826C5263D673FC458F4C7FCDD609978 + 8AF5EE46381D503D968585374A52F3 - C9B1BB14839F5D14968B4D8214AAEC6B
-9826C5263D673FC458F4C7FCDD609978 + -9FDFDCBF678814119B15810A44C008 - 8F86E5497DFFB7B04759B27BD31BD970
--9826C5263D673FC458F4C7FCDD609978 + 37FF9F6EA44353D2CA41DF1CB3577F - -6DEEC586CEC2FC70862A861DC0AD41F9
--9826C5263D673FC458F4C7FCDD609978 + -69FD6C2A32D47CFE65FC9445545B7A - -6D90C292679A1441575AC49122B4F4F2
-9826C5263D673FC458F4C7FCDD609978 + 83287A03BFDEED8F0C7898F102EA08 - 6DA9EDA041271EB1E8014095CE638380
-9826C5263D673FC458F4C7FCDD609978 + -6900A861D776769BAC8B361AE22672 - 75BDC47DDB8FC94DBD483CC6C27E7306
--9826C5263D673FC458F4C7FCDD609978 + 37A402D61F12C4157AA635E44AA67F - -F8EF212367482D00437A21C6F915F2F9
--9826C5263D673FC458F4C7FCDD609978 + -A01F36CECF71C5CA45C95C75784ED1 - -F8C6E45D0C36B18A233A915952D8E849
-9826C5263D673FC458F4C7FCDD609978 + 479573FA448EEB2774A82B6CF400D6 - F86E5A9A37ABCEAF806970284A549A4E
-9826C5263D673FC458F4C7FCDD609978 + -2785A0B83CC00588C867CE79034586 - 1BFF3F85852A7FBED02C602E645D53F2
--9826C5263D673FC458F4C7FCDD609978 + 33CA31FEE78291529EC1241B6C8885 - -7EF2FAF43E7FBD33065606D8C1F410F3
--9826C5263D673FC458F4C7FCDD609978 + -5C0DE72FE65BD58D178F4D7D02EE22 - -7E82D30D6D4D9B99E60C574A5A63879A
-9826C5263D673FC458F4C7FCDD609978 + 9EF680BD7F42642C1E9D82D4264ED5 - 7EC5BBA6FAE682288513657FB186E84D
-9826C5263D673FC458F4C7FCDD609978 + -8C554B371AC0D838CE1CC1F3032634 - 439A6FDB064C7EEC2026AB3AEA5D7344
--9826C5263D673FC458F4C7FCDD609978 + D5A16F7FA9FC23E2613A8F08E77218 - -B55123B6BDBD43A076938D6DD4792760
--9826C5263D673FC458F4C7FCDD609978 + -2B45D0490E5D9A7328D4B4B440DE25 - -B5520AF686759D5ECC1D9CB191A1779D
-9826C5263D673FC458F4C7FCDD609978 + 24932AFE5F979B2AF6BC0FFB17951D - B54B58513BC6D75F83EB840CD8782E95
-9826C5263D673FC458F4C7FCDD609978 + -A9DB04EEC99DA84E633428B6BB5A1A - 6F7CEA214E9DA21C0A9193D426A53F5E
--9826C5263D673FC458F4C7FCDD609978 + 1E3C33D6C0C44BD502669076EA2483 - -90888F266A67B7883F2616C667674F5
--9826C5263D673FC458F4C7FCDD609978 + -BF4093ED1592B8E49CF24A5660201F3B - -8C5767591352F9F8A8F5E712533D80B8B3
-9826C5263D673FC458F4C7FCDD609978 + 9A1FBD7B5EDB5ECF9D98C2786CDE1959 - 8C324682A19C429E93F68D8A754A3EB2D1
-9826C5263D673FC458F4C7FCDD609978 + -D397B30D5FEA9EB1B237AFDDC9EED09F - C48F1218DD7CA112A6BD181F1371C8D9
--9826C5263D673FC458F4C7FCDD609978 + 80A3742BAA566FBA06EB908D903ED0C - -901C8DE382C1D8C8B8860EF4045CAC6C
--9826C5263D673FC458F4C7FCDD609978 + -9FE1F7BF67385C7ABA30F4C9255B8E06 - -F93808BCE5A49F9C3F1325BCC602BC277E
-9826C5263D673FC458F4C7FCDD609978 + EE970A929A44DC9D791D3361B53AFBCF - F986BDCFB8D7AC1C61D211FB5E929B9547
-9826C5263D673FC458F4C7FCDD609978 + -73159D913330A022D3C6C06AEDE144FB - 251127950A369FA1852E0791EF7F547D
--9826C5263D673FC458F4C7FCDD609978 + 31C06268B0B083DE26255DA8F4CB0A65 - -666662BD8CB6BBE632CF6A53E8958F13
--9826C5263D673FC458F4C7FCDD609978 + -E7ECB2BFD88D75360585BB493A094066 - -1B801377E615F4B4FA5E7A83461769D9DE
-9826C5263D673FC458F4C7FCDD609978 + DDC3C67D593FADCF60CCBA8B42EB735C - 1B75EA8BA396A6ED93B9C18288204C0CD4
-9826C5263D673FC458F4C7FCDD609978 + -3CA901A975E808221A042C3839063953 - 5B7DC37CC77F37A23EF09BC4A45A6025
--9826C5263D673FC458F4C7FCDD609978 + 7EA9A259C72DA04100A1BE9B88ABE678 - -197D22CC76399F835853096154B4B300
--9826C5263D673FC458F4C7FCDD609978 + -2393770B6D725A3088927E622D73BDE3 - -BBBA3C31AAD999F4E187465F0AD4575B
-9826C5263D673FC458F4C7FCDD609978 + 158F49DF9277EFE679D9B77D40901E3B - ADB60F05CFDF2FAAD2CE7F7A1DF0B7B3
-9826C5263D673FC458F4C7FCDD609978 + -1D2F56AB08958F12BF878ECE443C5809 - 7AF76E7B34D1B0B1996D392E9924416F
--9826C5263D673FC458F4C7FCDD609978 + 90EDF7889B5B468C0EE1EF42915E33C5 - -738CD9DA20BF9384A12D8BA4C0265B3
--9826C5263D673FC458F4C7FCDD609978 + -3958E80086C80516E8D8AC1C3B042CAB - -D17FAD26C42F44DB41CD74191864C623
-9826C5263D673FC458F4C7FCDD609978 + 709E54DAED225D25669E7BC8F83E0B4F - 2708C51A012A899CE9BF9343C5D59EA4C7
-9826C5263D673FC458F4C7FCDD609978 + -252715300F4CF4174F0C47DF17A676FA - 72FFAFF62E1A4BAD09E8801DC5BA227E
--9826C5263D673FC458F4C7FCDD609978 + 65AB5C3458AB6B39C287D43EA597E34 - -91CC0F62F7DC8910BCCC4AB8F3071B44
--9826C5263D673FC458F4C7FCDD609978 + -A4C71A07486020CB60500921E0F8ECAF - -503CEDDF2D85C7608FB944D11EBE598627
-9826C5263D673FC458F4C7FCDD609978 + 63FB6DB574AA58E92BC0B713821B7226 - FC2232DBB21198AD84B57F105F7C0B9E
-9826C5263D673FC458F4C7FCDD609978 + -98B6ED60F48A64385CC6B431DFFC685 - 8E9B56502E1E9980D3285CB9BF60D2F3
--9826C5263D673FC458F4C7FCDD609978 + 340B4FCCBE94164D2CE9C39D6291040B - -641B75597ED329772C0B045F7ACF956D
--9826C5263D673FC458F4C7FCDD609978 + -C2374D70BF61A3A3C2FABBD2E1ED6A81 - -EA5A5E1296FCC8E3681BEF83CFBF4E03F9
-9826C5263D673FC458F4C7FCDD609978 + 9D7A8C572CF1BCCE933236510D50383E - EA35A1517D6A58FC92EC26FE4DEAB0D1B6
-9826C5263D673FC458F4C7FCDD609978 + -4FB6E0CA17848699DFA0957BD6324833 - 486FE45C25E2B92A79543281072E5145
--9826C5263D673FC458F4C7FCDD609978 + 1C4B8D33C08EC911BC0A3B530312D09A - -7BDB37F27CD876B29CEA8CA9DA4DC8DE
--9826C5263D673FC458F4C7FCDD609978 + -14C733B1FDFB91ADB66F37978860E73B - -ACEDF8D83B62D1720F63FF9465C180B3
-9826C5263D673FC458F4C7FCDD609978 + 1AD4F4F805DAF4713FB09B7028193E7C - B2FBBA1E4342343598A5636D0579D7F4
-9826C5263D673FC458F4C7FCDD609978 + -9EFFA570C6C692D419F650047C998881 - F9271FB576A0ACF03EFE77F860C710F7
--9826C5263D673FC458F4C7FCDD609978 + D827D7AC7B632AA234DCAF1DFA4B9BCA - 400112863DFBEADDDBE7E7211CEB0252
--9826C5263D673FC458F4C7FCDD609978 + -917B36F1708D1BAA22E668F7F0F776B9B5 - -B3135DB696CA82E9E73F5DBFEDD4D7532D
-9826C5263D673FC458F4C7FCDD609978 + 988BA49E02838228D7DCD7A2314DAE5893 - B323CB6328C0E9689C35CC6A2E2B0EF20B
-9826C5263D673FC458F4C7FCDD609978 + -A3D55A38271E83CEF0632822CFA94A4757 - -2A3D337300E11C8F2C0A335AD2CBE9ADDF
--9826C5263D673FC458F4C7FCDD609978 + 7F428E259E4D13F3134048B449338864B8 - 5AA6760780FACB34EE753EC4C5627CB40
--9826C5263D673FC458F4C7FCDD609978 + -8B2A87E5378B1FDC18088B663350779596 - -5C2AEAA5DC8871BDC61802E302DD82F0E
-9826C5263D673FC458F4C7FCDD609978 + 2AD965C071F50139CFFFB2D7659DD1F29 - 545BD212D5CB7536158EFF573373DB8A1
-9826C5263D673FC458F4C7FCDD609978 + -8B93E2BF93699080D8BE48FDAE884651B4 - -11FBBBFA6D2C294114655435B1AAE5B83C
--9826C5263D673FC458F4C7FCDD609978 + FA224CBC7260081EA9AC65156C8E04FFF8 - 808A25F74C22A0DEE553704D6FB0A46680
--9826C5263D673FC458F4C7FCDD609978 + -750B9D57AED58BCF5990DB0D044C3750D1 - -80A3C41CD512F30F1DE9CFD5012997EA49
-9826C5263D673FC458F4C7FCDD609978 + 93E2D37E2C9AA3653A74301CAC85474D74 - 807AFA4352D80AA4FECD24E4A962A7E6EC
-9826C5263D673FC458F4C7FCDD609978 + -C74B14398CA81C2CD8268C30E60B0110A6 - -4DB2ED74666AB4ED13CD9768E92DA0772E
--9826C5263D673FC458F4C7FCDD609978 + C119B33387CBB970DFCE7FBE4E7D5396CB - 47818C6E618E52311B758AF6519FF2FD53
--9826C5263D673FC458F4C7FCDD609978 + -C3CEB5504E8C7D0CD0FAE52C5CBD1204B2 - -4766DC1574C9E44C9553D9F4599A729E2A
-9826C5263D673FC458F4C7FCDD609978 + FBB60983D392B1A3494BD3609643FB326D - 474E3048F9D018E30DA4C82893215BCBE5
-9826C5263D673FC458F4C7FCDD609978 + -D6E51B12E0908DEE09050672737D1EF27C - -5D4CF44DBA5326AE44AC11AA769FBE5904
--9826C5263D673FC458F4C7FCDD609978 + F09D220446C4082082AEA4D5A6930F3B39 - 7704FB3F2086A0E0BE55B00DA9B5AEA1C1
--9826C5263D673FC458F4C7FCDD609978 + -B15FA9AC7B33C2D4C02438BBA4019281C9 - -77F7D071A1712A14847D2D83A0DEF31B41
-9826C5263D673FC458F4C7FCDD609978 + 6B143345E9DEBAE935177A186C354B933B - 77AC5A0B101C2228F9706EE06912AC2CB3
-9826C5263D673FC458F4C7FCDD609978 + -1F51336585786A017B6A22314728302823 - -A5B90CA05F3B02C1B7112D694A4ACF8EAB
--9826C5263D673FC458F4C7FCDD609978 + 730A2A2DA99A9C8232CF331CFAF2F66B67 - F9720368835D35426E763E54FE1595D1EF
--9826C5263D673FC458F4C7FCDD609978 + -6A1328B41BE8AA4F64B23CF0FCCA3D18F0 - -F9AB4F794226118F290B31B8F9A79DB268
-9826C5263D673FC458F4C7FCDD609978 + FD3FF26FE41FAB56DCD79D4F6932767438 - F9D819350A5D1296A1309217660FD70DB0
-9826C5263D673FC458F4C7FCDD609978 + -9B540D69C20AD1B97228B844F1AAF594E - -901D1A1175E345DBD2C996BC523D4EBFD6
--9826C5263D673FC458F4C7FCDD609978 + 77DED7EA35190274D221188484AA303D6E - FE46B1250EDB9B350DC823BC87CCCFA3F6
--9826C5263D673FC458F4C7FCDD609978 + -3EB2740EA69436D2B91F39E701F3FD673B - -FE4A9AD3CCD19E127D782EAEFED15E00B3
-9826C5263D673FC458F4C7FCDD609978 + 82A5846B516370FAE4BF451B7C4B171CF9 - FE3DAB3077A0D83AA91839E3792877B671
-9826C5263D673FC458F4C7FCDD609978 + -DBDB147B2CCB589761BCF72C1161E28645 - -6242EDB6068DF1579D640264148481ECCD
--9826C5263D673FC458F4C7FCDD609978 + F98E9712A3673ADFE61A98AADB9DA6A742 - 7FF6704D7D29D3A021C1A3E2DEC0460DCA
--9826C5263D673FC458F4C7FCDD609978 + -D6E59CAB36E3FB4E960C83454503B84DA6 - -7F7DC3705D21628E5A65780D41E118E71E
-9826C5263D673FC458F4C7FCDD609978 + 341619A44C4605A857700C4FB7DD88C5D3 - 7FAE406972836CE81BC90117B4BAE95F4B
-9826C5263D673FC458F4C7FCDD609978 + -C4DE40064B265B1CC5178E7324B6477E44 - -4B46194124E8F3DD00BE99AB27D8E6E4CC
--9826C5263D673FC458F4C7FCDD609978 + 76AA3534F4C80D8EE1115202594C36EF6B - FD120E6FCE8AA64F1CB85D3A5C6ED655F3
--9826C5263D673FC458F4C7FCDD609978 + -2F9825ECA189BEEC0438D0F57E6AE894325B - -9EFDBE1366AFFC5343FD29EA4667C5F4CBD3
-9826C5263D673FC458F4C7FCDD609978 + F19B2BEE58096158B2ED13617473C3662A8A - 9EFDC4151D2F9EBFF2B16C563C70A0C6C402
-9826C5263D673FC458F4C7FCDD609978 + -401CAB25C55FE3F0118F3267857317203F15 - -E2A312FF0039A688D1CAD972BD7639BFA59D
--9826C5263D673FC458F4C7FCDD609978 + 5E2D0C48B22A36E3FA7EE98127802C28D3BE - B37421ED03F97CBABA908C5F834EC83A46
--9826C5263D673FC458F4C7FCDD609978 + -C225C38B2B3AC83AB6153F49A75202B933D - -B3F45F77D9E9EAEB25ACE96271FD8C2CB5
-2C2BA28D09AEC6D803FD4429E6C107B8 - 380184EC6B2F7748AB6D414107 - C878BE550829DA6CD485FB7E797FC6B1
-2C2BA28D09AEC6D803FD4429E6C107B8 - -E33F410CA9510BD6226C27B652 - C878BE7048EFD38155091A4C52E8BE0A
--2C2BA28D09AEC6D803FD4429E6C107B8 - E5DD576AD3B66086B6C026136A - -C878BE72E70631ABBA5DCAE0A6E71B22
--2C2BA28D09AEC6D803FD4429E6C107B8 - -F26441B32E64E85F59E9327736 - -EB85A09AA56D13A99F14E4CFFD8E9082
-2C2BA28D09AEC6D803FD4429E6C107B8 - BE41EB2CD4B69D5C3995583840 - 75C2BECEC7C39A034D5FE7F05168CF78
-2C2BA28D09AEC6D803FD4429E6C107B8 - -C5A09E78118BA6406DD7D790F - 75C2BE9963B8AE591CB7A830C43E80C7
--2C2BA28D09AEC6D803FD4429E6C107B8 - 83E5B2A8F1BA92F305A428D787 - -75C2BE10EF616FC9BE90372F8AE9DF3F
--2C2BA28D09AEC6D803FD4429E6C107B8 - -BCDB4BA597FD71386CDBF55E3 - -CC8923813BFA0C7E842630A31901B1D5
-2C2BA28D09AEC6D803FD4429E6C107B8 - 99DBBCAAABA7AF2705B83CE2FE - F88ED3F32DF21C2C5C4E1D242E8424BA
-2C2BA28D09AEC6D803FD4429E6C107B8 - -99FF39288B45A42ED959CD6312 - F88ED32708E7EF6349A17303408E6ACA
--2C2BA28D09AEC6D803FD4429E6C107B8 - 3CB6F87B8E7C6771E066CE3ABB - -F88ED3C9C0A742668064B60A4D8F4273
--2C2BA28D09AEC6D803FD4429E6C107B8 - -D09315E239080897D24E1A1444 - -276C45BC7698E49EFBF4AC5798A6F374
-2C2BA28D09AEC6D803FD4429E6C107B8 - 5DF71FD4C1B921D884EB0343C - 6EB4FD872A3CC98BE86B26A19810D37C
-2C2BA28D09AEC6D803FD4429E6C107B8 - -472B28CAA03A4DDCFA6CF5A0C6 - 6EB4FDD434D791783E4B212453B6A87E
--2C2BA28D09AEC6D803FD4429E6C107B8 - 4F39D34174C1775DB876513CA8 - -6EB4FDDC4382084CC574A1E25D124460
--2C2BA28D09AEC6D803FD4429E6C107B8 - -D071578D8201150765E384196A - -AE7EEFBC9857395602E83CC4033CEE4E
-2C2BA28D09AEC6D803FD4429E6C107B8 - 800B35BC570CB5D43B7E049382 - CBDE8F0CFE790A80F7476FEE68BC7436
-2C2BA28D09AEC6D803FD4429E6C107B8 - -81D08DF973EA70B2D9437B0B3C5B - CBDE245D97A83AC274B01D6D61CC4413
--2C2BA28D09AEC6D803FD4429E6C107B8 - F09C9EFB9BEE6FC6CA9948732062 - -CBDE9329A8AA62C673C40EC32F34281A
--2C2BA28D09AEC6D803FD4429E6C107B8 - -721647AC3A9844827605DD006735 - -20A73076C2028C3FBF7ACE2409C0A083
-2C2BA28D09AEC6D803FD4429E6C107B8 - 57472E1597FD0C17D80C5E782907 - 8D2C4B45DB992EDAF7E56C1D8848DEB1
-2C2BA28D09AEC6D803FD4429E6C107B8 - -7D42B5DB8228DCD4342DEFA69A89 - 8D2C1FCFBF8A4900E0D17857D667A241
--2C2BA28D09AEC6D803FD4429E6C107B8 - 7846E313C0FAB133B13942DA17E8 - -8D2C1AD3ECC287D2B530F563299B1FA0
--2C2BA28D09AEC6D803FD4429E6C107B8 - -81C70C34E0F677DB9A4BE4D04AFC - -5F3120C5FD79E5E18C21A9DE01F0BCBC
-2C2BA28D09AEC6D803FD4429E6C107B8 - 9C938DB3E1821702FB399DF6AAB2 - CA3E05F97BFAE555ECFA48F048CA5D06
-2C2BA28D09AEC6D803FD4429E6C107B8 - -2617E4F5AAA4E67EE001B52F1CDF - CA3EC8A4EEA4717CEA7C242B9BF02497
--2C2BA28D09AEC6D803FD4429E6C107B8 - 99896B01AF71340F5B04FFB3A1A6 - -CA3E3C1674B07649380C9F2EE674A95E
--2C2BA28D09AEC6D803FD4429E6C107B8 - -B179CFD7C7DB6ADD9FB4738783D - -B63097756CB14A5A4D4F6A2E9F888F7B
-2C2BA28D09AEC6D803FD4429E6C107B8 - 9B8BBBB4E210128D9CBDB637CAC4 - 32C207014DF9E4C7F16FA76C30893CF4
-2C2BA28D09AEC6D803FD4429E6C107B8 - -3CBC9171660E4638A28A1B1A9400 - 32C2DF499B202CE64A35E6B401DB9BB8
--2C2BA28D09AEC6D803FD4429E6C107B8 - 68CBB7816FB93E131BCB505CAF3E - -32C20B58C130369142105FF5371DB6F6
--2C2BA28D09AEC6D803FD4429E6C107B8 - -E2B6F164508E3AF43E720E69392C - -8DC5BFD6184A7649C90905B7D857CE8C
-2C2BA28D09AEC6D803FD4429E6C107B8 - 403612F9D1EA832931B9DE9F7180 - A136256F6B4F4ED80D4127008219638
-2C2BA28D09AEC6D803FD4429E6C107B8 - -FC37712BB27B69975E2FA04B6A51 - A139EC47ADA79536D94A259870C7209
--2C2BA28D09AEC6D803FD4429E6C107B8 - 476501EDB46EFFA66002840C4266 - -A13E9F20B9C7B4703A3A42C6ACD4A1E
--2C2BA28D09AEC6D803FD4429E6C107B8 - -564AF2926DDB32F15A37353C6C22 - -A19A4C42171C58FCD10BE9F2B1849B96
-2C2BA28D09AEC6D803FD4429E6C107B8 - FCC2B534FA670C0093E6F54569D0 - 4959A5CA5479CC70F7FCB042F17B9DE8
-2C2BA28D09AEC6D803FD4429E6C107B8 - -12D039C9FCA01077B4572FF64673 - 4959B55D4378C3781474F88116B74E2B
--2C2BA28D09AEC6D803FD4429E6C107B8 - 170D919AA59618A87E2104BE3370 - -4959B99A9B496C6E1CA5C24AEB7F3B28
--2C2BA28D09AEC6D803FD4429E6C107B8 - -81761643D1CC3F69AD02190A6F3B - -4FBA2116F36AF50BC4939727CDB6987D
-2C2BA28D09AEC6D803FD4429E6C107B8 - DF3AD551FB876A2EF627F57BD302 - 6E4AC352345CCB5099CE4E01F14534B6
-2C2BA28D09AEC6D803FD4429E6C107B8 - -5D29AB2210E49FF0CF86F5D35598 - 6E4AFFB6B4D0D7BCA3EE13B0DC945D50
--2C2BA28D09AEC6D803FD4429E6C107B8 - B0F0C1F7518EA63CFA6FF1AAA379 - -6E4A537DCBA61866AA3A3E99D86BAB31
--2C2BA28D09AEC6D803FD4429E6C107B8 - -1E89D44555F411718B4665F6587C - -6B408403356970E3F28BB8E380CAAF3C
-2C2BA28D09AEC6D803FD4429E6C107B8 - 8F4980C17CE452040E4E9F2E731A - 39C3134388ED49F3B1F935DB4792949E
-2C2BA28D09AEC6D803FD4429E6C107B8 - -A3AA34957F38FAFFE8B61218F89C - 39C346373E444610FEFD2CDFF8DA0054
--2C2BA28D09AEC6D803FD4429E6C107B8 - 263720B1F04CD02BEFF177B75600 - -39C3C8C42A60B724D429341B5E785DB8
--2C2BA28D09AEC6D803FD4429E6C107B8 - -C4EB7D701E58D1574AF53A25275B - -F2BCDDA18C3EA87F32A5F934AC9BE05D
-2C2BA28D09AEC6D803FD4429E6C107B8 - 39BC5D1AAC2D17570F097E3F636A - DCDB68D0AC941AAAECA635206881A44E
-2C2BA28D09AEC6D803FD4429E6C107B8 - -E911BCCABB272B91EBA86F5C9910C8 - DC14B449D469EE0395E8EC99435A1880
--2C2BA28D09AEC6D803FD4429E6C107B8 - 422A218C2D0B60DD419756777CE3F2 - -DC6DCCAE95DBD238E13EDB805E3DEBAA
--2C2BA28D09AEC6D803FD4429E6C107B8 - -6DCF7B95BAFC93C566D723C00D2A85 - -E0BDD31173F3CA443E966D0626B3DD33
-2C2BA28D09AEC6D803FD4429E6C107B8 - D753E49843FDE9E40D04E1FCEEFEF9 - 39544EA8716AC8EE1FF03F47E9D208BF
-2C2BA28D09AEC6D803FD4429E6C107B8 - -BF744D88872A8621C2D057AB7BD0AB - 39EB16DA9235F15E25C01481923CD863
--2C2BA28D09AEC6D803FD4429E6C107B8 - 43352235ED06EDF44A9FC1167E7D0F - -396ED7AF3F9BCDC5F847E3EAFD3F84C7
--2C2BA28D09AEC6D803FD4429E6C107B8 - -97952F9DEA0E65F82414DE7259C4AC - -96940D5D6BC4B8720BD92F4B7467430C
-2C2BA28D09AEC6D803FD4429E6C107B8 - CB8604401553ED7E3843C7CB707983 - 3E601C88C99972EA85C500621B508E35
-2C2BA28D09AEC6D803FD4429E6C107B8 - -18EC5D991EAEC6880F467C8AB4D4B1 - 3E448EEAA2CD759E8C0C8AA67175DC69
--2C2BA28D09AEC6D803FD4429E6C107B8 - 9927B620FF15C910B067BB8036C15B - -3EC4CA432AADDCA114ADABE566F7C913
--2C2BA28D09AEC6D803FD4429E6C107B8 - -CDEE1E2705027E3AF666C69E912FD5 - -435DB46EE2A9C459C906DD63482FD7E3
-2C2BA28D09AEC6D803FD4429E6C107B8 - DB0F62D982F216B76001E1C0069ADA - FF50932A302BD4C14C9D424826BA6CDE
-2C2BA28D09AEC6D803FD4429E6C107B8 - -39F1B700C0960AA6219AF4425455 - FF2BDC7EC0AF876E0EA365C4DB035C0D
--2C2BA28D09AEC6D803FD4429E6C107B8 - E942D6C541A823FDF65302242D16EF - -FF14E563CEF06EFC01F3972C0AEE1EA7
--2C2BA28D09AEC6D803FD4429E6C107B8 - -367081ABAB43DE75F16F4EF9835707 - -F4F5320B5E0382F98E0BD4DAED3DB0B1
-2C2BA28D09AEC6D803FD4429E6C107B8 - EAD0D03284A753798186A8A089628D - 5C40D1BCD72A1F848A7BBD814637A52B
-2C2BA28D09AEC6D803FD4429E6C107B8 - -6B0FFE630423D415624927ADD52958 - 5C96B28B6CB2EAAC195F8D5194963110
--2C2BA28D09AEC6D803FD4429E6C107B8 - 2C2329BDE3B791CB48D9F13F5E7D38 - -5C57C5B6C7927E69CF461E1B261F84F0
--2C2BA28D09AEC6D803FD4429E6C107B8 - -E968CBDBAC31FEE8BF301B27B6BF00 - -554239C12E0294D91B3E140EBF0A48B8
-2C2BA28D09AEC6D803FD4429E6C107B8 - E408A43E819D78E4262E31DA6E62DF - 84799E8CB2D295F1FD715F80C52A4D9
-2C2BA28D09AEC6D803FD4429E6C107B8 - -F915D5DE69DBD347EE7BCCAFF8668A - 824B862E818A2AB4BEBBFF696B96E42
--2C2BA28D09AEC6D803FD4429E6C107B8 - A79F4F75D2F02C89B019CA666DC08 - -8361C82010BF5DACC9845C68D27E3C0
--2C2BA28D09AEC6D803FD4429E6C107B8 - -3E47CD42E515CD01BD72961A469DF8 - -3AED5ABFC6C9B10B023FD193CC7A69C0
-2C2BA28D09AEC6D803FD4429E6C107B8 - D52E9E9FDFC35B756D9B45B85AA3C3 - 355673EE69CF037C8E8FA8E42E6663F5
-2C2BA28D09AEC6D803FD4429E6C107B8 - -6392B2E6D9980A0BE3FEBBA01420BE - 358F353FF0885EE20FE142E586D52876
--2C2BA28D09AEC6D803FD4429E6C107B8 - 4F0DF37AA0006EAE922FDBD6C4A797 - -357AB080844EC746B28F7405BD85AF4F
--2C2BA28D09AEC6D803FD4429E6C107B8 - -1C02650FE41DB168BC300737A6EB2D - -A00FA027F9CAA9269B411422AF1A1C8B
-2C2BA28D09AEC6D803FD4429E6C107B8 - C7337DEB59CAED0D7338B7D9C9E97 - 7D1F2F552AF92A293326109E69246921
-2C2BA28D09AEC6D803FD4429E6C107B8 - -B663779DC9C2A1BC9D267EB177003F - 7DE20604A7788979C09A6AA8983807F7
--2C2BA28D09AEC6D803FD4429E6C107B8 - 4B33A29109C7BD483AD12C609A3E5C - -7D76D62F9AB88E954C381556475B4614
--2C2BA28D09AEC6D803FD4429E6C107B8 - -7763F2937A8D8455EB09016C4A5DFA - -5BB43E9A76343953AE123B287A76A9BE
-2C2BA28D09AEC6D803FD4429E6C107B8 - 32FE0BBB4DA154BFE31935BAA63274 - 24F8A4814E612583441A2AF42C1AD544
-2C2BA28D09AEC6D803FD4429E6C107B8 - -1E98BDA21CC26B6A8AB1B859D3727932 - 4AC4602F267132428EAEFC83BA3380EA
--2C2BA28D09AEC6D803FD4429E6C107B8 - 93676DE30B2EEE8B82486C7CE9C34414 - -BF93107014DDB5638645B0A6D0844BCC
--2C2BA28D09AEC6D803FD4429E6C107B8 - -7602854B23609BD635095EFD082FB2A0 - -B6291D41E64E2B01CEF3E52CDE915518
-2C2BA28D09AEC6D803FD4429E6C107B8 - 6BCBA3CD50D6A74DE569BF4DE52582E - 256EE85034A15C6325A6A835086EAF8A
-2C2BA28D09AEC6D803FD4429E6C107B8 - -2055DA77B18C1A7026DFB40066B18C9 - 2E31003484C7887F066B3F69ED2C2081
--2C2BA28D09AEC6D803FD4429E6C107B8 - 2491756317748BB1D819DF4A80D32038 - -50BD17F021235289DC172374679427F0
--2C2BA28D09AEC6D803FD4429E6C107B8 - -EA9DC0B52762D00DC052CDAF7EA3CB47 - -418DE1D7E24BF6CA43AA767A681D3C71
-2C2BA28D09AEC6D803FD4429E6C107B8 - CD559BCE39CAE8B9350BC3C73C469D28 - 5ED606BECFE3DE1ECEF18062AA7A6A90
-2C2BA28D09AEC6D803FD4429E6C107B8 - -9F05BC59A3AF6D73BF563F767C903641 - CB315EE6AD5E344BC35383A063513DF9
--2C2BA28D09AEC6D803FD4429E6C107B8 - 7718DCEF820E673D75351DADF5ACFF2 - -339D305C01CFAD4BDB509604C61BD7AA
--2C2BA28D09AEC6D803FD4429E6C107B8 - -59B11EABA28625E68ED93168432B8946 - -D27A83E16728A0F1752412C1A3957E72
-2C2BA28D09AEC6D803FD4429E6C107B8 - A6FB266B13FBFE7A37D4B5DD67AC02A6 - 85307C21F5B2C85DCC288E4C7F150512
-2C2BA28D09AEC6D803FD4429E6C107B8 - -B464CB4E67FD5E082C9A07765920C46E - E0906DDB71AC24E030974BA03FE1CC26
--2C2BA28D09AEC6D803FD4429E6C107B8 - 9CF48CE7BC605E20F5EE8AD2132F6D7F - -C9202F74C60F24F8F9EBCEFBF9F07537
--2C2BA28D09AEC6D803FD4429E6C107B8 - -217C3E90428492B75DA082A243BF416C - -AAF63FCC72A3420A65CC187A301C64C
-2C2BA28D09AEC6D803FD4429E6C107B8 - 58473DD94BBAD6381F4668624303165 - 26A72EAF74F319748208DDA3C290D653
-2C2BA28D09AEC6D803FD4429E6C107B8 - -C08C3C158911B5B02A7AA4084662D881 - ECB7DEA292C07C882E77E8322D23E039
--2C2BA28D09AEC6D803FD4429E6C107B8 - F9C9F9506C63D82156A8625E166A7C68 - -6325F59BDD76129EF95AA5A687FD2B8420
--2C2BA28D09AEC6D803FD4429E6C107B8 - -7661FF975A940A521FC89D23CEAD7D2F - -B5C9A2F5AF1ABC85E434A70618138A89
-FD297C745825A0 * 2 - 1FA52F8E8B04B40
-1FA52F8E8B04B40 * 2 - 3F4A5F1D1609680
-3F4A5F1D1609680 * 2 - 7E94BE3A2C12D00
-7E94BE3A2C12D00 * 2 - FD297C745825A00
-FD297C745825A00 * 2 - 1FA52F8E8B04B400
-1FA52F8E8B04B400 * 2 - 3F4A5F1D16096800
-3F4A5F1D16096800 * 2 - 7E94BE3A2C12D000
-7E94BE3A2C12D000 * 2 - FD297C745825A000
-FD297C745825A000 * 2 - 1FA52F8E8B04B4000
-1FA52F8E8B04B4000 * 2 - 3F4A5F1D160968000
-3F4A5F1D160968000 * 2 - 7E94BE3A2C12D0000
-7E94BE3A2C12D0000 * 2 - FD297C745825A0000
-FD297C745825A0000 * 2 - 1FA52F8E8B04B40000
-1FA52F8E8B04B40000 * 2 - 3F4A5F1D1609680000
-3F4A5F1D1609680000 * 2 - 7E94BE3A2C12D00000
-7E94BE3A2C12D00000 * 2 - FD297C745825A00000
-FD297C745825A00000 * 2 - 1FA52F8E8B04B400000
-1FA52F8E8B04B400000 * 2 - 3F4A5F1D16096800000
-3F4A5F1D16096800000 * 2 - 7E94BE3A2C12D000000
-7E94BE3A2C12D000000 * 2 - FD297C745825A000000
-FD297C745825A000000 * 2 - 1FA52F8E8B04B4000000
-1FA52F8E8B04B4000000 * 2 - 3F4A5F1D160968000000
-3F4A5F1D160968000000 * 2 - 7E94BE3A2C12D0000000
-7E94BE3A2C12D0000000 * 2 - FD297C745825A0000000
-FD297C745825A0000000 * 2 - 1FA52F8E8B04B40000000
-1FA52F8E8B04B40000000 * 2 - 3F4A5F1D1609680000000
-3F4A5F1D1609680000000 * 2 - 7E94BE3A2C12D00000000
-7E94BE3A2C12D00000000 * 2 - FD297C745825A00000000
-FD297C745825A00000000 * 2 - 1FA52F8E8B04B400000000
-1FA52F8E8B04B400000000 * 2 - 3F4A5F1D16096800000000
-3F4A5F1D16096800000000 * 2 - 7E94BE3A2C12D000000000
-7E94BE3A2C12D000000000 * 2 - FD297C745825A000000000
-FD297C745825A000000000 * 2 - 1FA52F8E8B04B4000000000
-1FA52F8E8B04B4000000000 * 2 - 3F4A5F1D160968000000000
-3F4A5F1D160968000000000 * 2 - 7E94BE3A2C12D0000000000
-7E94BE3A2C12D0000000000 * 2 - FD297C745825A0000000000
-FD297C745825A0000000000 * 2 - 1FA52F8E8B04B40000000000
-1FA52F8E8B04B40000000000 * 2 - 3F4A5F1D1609680000000000
-3F4A5F1D1609680000000000 * 2 - 7E94BE3A2C12D00000000000
-7E94BE3A2C12D00000000000 * 2 - FD297C745825A00000000000
-FD297C745825A00000000000 * 2 - 1FA52F8E8B04B400000000000
-1FA52F8E8B04B400000000000 * 2 - 3F4A5F1D16096800000000000
-3F4A5F1D16096800000000000 * 2 - 7E94BE3A2C12D000000000000
-7E94BE3A2C12D000000000000 * 2 - FD297C745825A000000000000
-FD297C745825A000000000000 * 2 - 1FA52F8E8B04B4000000000000
-1FA52F8E8B04B4000000000000 * 2 - 3F4A5F1D160968000000000000
-3F4A5F1D160968000000000000 * 2 - 7E94BE3A2C12D0000000000000
-7E94BE3A2C12D0000000000000 * 2 - FD297C745825A0000000000000
-FD297C745825A0000000000000 * 2 - 1FA52F8E8B04B40000000000000
-1FA52F8E8B04B40000000000000 * 2 - 3F4A5F1D1609680000000000000
-3F4A5F1D1609680000000000000 * 2 - 7E94BE3A2C12D00000000000000
-7E94BE3A2C12D00000000000000 * 2 - FD297C745825A00000000000000
-FD297C745825A00000000000000 * 2 - 1FA52F8E8B04B400000000000000
-1FA52F8E8B04B400000000000000 * 2 - 3F4A5F1D16096800000000000000
-3F4A5F1D16096800000000000000 * 2 - 7E94BE3A2C12D000000000000000
-7E94BE3A2C12D000000000000000 * 2 - FD297C745825A000000000000000
-FD297C745825A000000000000000 * 2 - 1FA52F8E8B04B4000000000000000
-1FA52F8E8B04B4000000000000000 * 2 - 3F4A5F1D160968000000000000000
-3F4A5F1D160968000000000000000 * 2 - 7E94BE3A2C12D0000000000000000
-7E94BE3A2C12D0000000000000000 * 2 - FD297C745825A0000000000000000
-FD297C745825A0000000000000000 * 2 - 1FA52F8E8B04B40000000000000000
-1FA52F8E8B04B40000000000000000 * 2 - 3F4A5F1D1609680000000000000000
-3F4A5F1D1609680000000000000000 * 2 - 7E94BE3A2C12D00000000000000000
-7E94BE3A2C12D00000000000000000 * 2 - FD297C745825A00000000000000000
-FD297C745825A00000000000000000 * 2 - 1FA52F8E8B04B400000000000000000
-1FA52F8E8B04B400000000000000000 * 2 - 3F4A5F1D16096800000000000000000
-3F4A5F1D16096800000000000000000 * 2 - 7E94BE3A2C12D000000000000000000
-7E94BE3A2C12D000000000000000000 * 2 - FD297C745825A000000000000000000
-FD297C745825A000000000000000000 * 2 - 1FA52F8E8B04B4000000000000000000
-1FA52F8E8B04B4000000000000000000 * 2 - 3F4A5F1D160968000000000000000000
-73E919C788D635 * 2 - E7D2338F11AC6A
-73E919C788D635 * 4 - 1CFA4671E2358D4
-73E919C788D635 * 8 - 39F48CE3C46B1A8
-73E919C788D635 * 10 - 73E919C788D6350
-73E919C788D635 * 20 - E7D2338F11AC6A0
-73E919C788D635 * 40 - 1CFA4671E2358D40
-73E919C788D635 * 80 - 39F48CE3C46B1A80
-73E919C788D635 *  - 73E919C788D63500
-73E919C788D635 *  - E7D2338F11AC6A00
-73E919C788D635 *  - 1CFA4671E2358D400
-73E919C788D635 *  - 39F48CE3C46B1A800
-73E919C788D635 *  - 73E919C788D635000
-73E919C788D635 *  - E7D2338F11AC6A000
-73E919C788D635 *  - 1CFA4671E2358D4000
-73E919C788D635 *  - 39F48CE3C46B1A8000
-73E919C788D635 *  - 73E919C788D6350000
-73E919C788D635 *  - E7D2338F11AC6A0000
-73E919C788D635 *  - 1CFA4671E2358D40000
-73E919C788D635 *  - 39F48CE3C46B1A80000
-73E919C788D635 *  - 73E919C788D63500000
-73E919C788D635 *  - E7D2338F11AC6A00000
-73E919C788D635 *  - 1CFA4671E2358D400000
-73E919C788D635 *  - 39F48CE3C46B1A800000
-73E919C788D635 *  - 73E919C788D635000000
-73E919C788D635 *  - E7D2338F11AC6A000000
-73E919C788D635 *  - 1CFA4671E2358D4000000
-73E919C788D635 *  - 39F48CE3C46B1A8000000
-73E919C788D635 *  - 73E919C788D6350000000
-73E919C788D635 *  - E7D2338F11AC6A0000000
-73E919C788D635 *  - 1CFA4671E2358D40000000
-73E919C788D635 *  - 39F48CE3C46B1A80000000
-73E919C788D635 *  - 73E919C788D63500000000
-73E919C788D635 *  - E7D2338F11AC6A00000000
-73E919C788D635 *  - 1CFA4671E2358D400000000
-73E919C788D635 *  - 39F48CE3C46B1A800000000
-73E919C788D635 *  - 73E919C788D635000000000
-73E919C788D635 *  - E7D2338F11AC6A000000000
-73E919C788D635 *  - 1CFA4671E2358D4000000000
-73E919C788D635 *  - 39F48CE3C46B1A8000000000
-73E919C788D635 *  - 73E919C788D6350000000000
-73E919C788D635 *  - E7D2338F11AC6A0000000000
-73E919C788D635 *  - 1CFA4671E2358D40000000000
-73E919C788D635 *  - 39F48CE3C46B1A80000000000
-73E919C788D635 *  - 73E919C788D63500000000000
-73E919C788D635 *  - E7D2338F11AC6A00000000000
-73E919C788D635 *  - 1CFA4671E2358D400000000000
-73E919C788D635 *  - 39F48CE3C46B1A800000000000
-73E919C788D635 *  - 73E919C788D635000000000000
-73E919C788D635 *  - E7D2338F11AC6A000000000000
-73E919C788D635 *  - 1CFA4671E2358D4000000000000
-73E919C788D635 *  - 39F48CE3C46B1A8000000000000
-73E919C788D635 *  - 73E919C788D6350000000000000
-73E919C788D635 *  - E7D2338F11AC6A0000000000000
-73E919C788D635 *  - 1CFA4671E2358D40000000000000
-73E919C788D635 *  - 39F48CE3C46B1A80000000000000
-73E919C788D635 *  - 73E919C788D63500000000000000
-73E919C788D635 *  - E7D2338F11AC6A00000000000000
-73E919C788D635 *  - 1CFA4671E2358D400000000000000
-73E919C788D635 *  - 39F48CE3C46B1A800000000000000
-73E919C788D635 *  - 73E919C788D635000000000000000
-73E919C788D635 *  - E7D2338F11AC6A000000000000000
-73E919C788D635 *  - 1CFA4671E2358D4000000000000000
-73E919C788D635 *  - 39F48CE3C46B1A8000000000000000
-73E919C788D635 *  - 73E919C788D6350000000000000000
-73E919C788D635 *  - E7D2338F11AC6A0000000000000000
-73E919C788D635 *  - 1CFA4671E2358D40000000000000000
-73E919C788D635 *  - 39F48CE3C46B1A80000000000000000
-73E919C788D635 *  - 73E919C788D63500000000000000000
-73E919C788D635 *  - E7D2338F11AC6A00000000000000000
-73E919C788D635 *  - 1CFA4671E2358D400000000000000000
-E6BA003EBCA54 / 2 - 735D001F5E52A
-735D001F5E52A / 2 - 39AE800FAF295
-39AE800FAF295 / 2 - 1CD74007D794A
-1CD74007D794A / 2 - E6BA003EBCA5
-E6BA003EBCA5 / 2 - 735D001F5E52
-735D001F5E52 / 2 - 39AE800FAF29
-39AE800FAF29 / 2 - 1CD74007D794
-1CD74007D794 / 2 - E6BA003EBCA
-E6BA003EBCA / 2 - 735D001F5E5
-735D001F5E5 / 2 - 39AE800FAF2
-39AE800FAF2 / 2 - 1CD74007D79
-1CD74007D79 / 2 - E6BA003EBC
-E6BA003EBC / 2 - 735D001F5E
-735D001F5E / 2 - 39AE800FAF
-39AE800FAF / 2 - 1CD74007D7
-1CD74007D7 / 2 - E6BA003EB
-E6BA003EB / 2 - 735D001F5
-735D001F5 / 2 - 39AE800FA
-39AE800FA / 2 - 1CD74007D
-1CD74007D / 2 - E6BA003E
-E6BA003E / 2 - 735D001F
-735D001F / 2 - 39AE800F
-39AE800F / 2 - 1CD74007
-1CD74007 / 2 - E6BA003
-E6BA003 / 2 - 735D001
-735D001 / 2 - 39AE800
-39AE800 / 2 - 1CD7400
-1CD7400 / 2 - E6BA00
-E6BA00 / 2 - 735D00
-735D00 / 2 - 39AE80
-39AE80 / 2 - 1CD740
-1CD740 / 2 - E6BA0
-E6BA0 / 2 - 735D0
-735D0 / 2 - 39AE8
-39AE8 / 2 - 1CD74
-1CD74 / 2 - E6BA
-E6BA / 2 - 735D
-735D / 2 - 39AE
-39AE / 2 - 1CD7
-1CD7 / 2 - E6B
-E6B / 2 - 735
-735 / 2 - 39A
-39A / 2 - 1CD
-1CD / 2 - E6
-E6 / 2 - 73
-73 / 2 - 39
-39 / 2 - 1C
-1C / 2 - E
-E / 2 - 7
-7 / 2 - 3
-3 / 2 - 1
-1 / 2 - 0
-0 / 2 - 0
-0 / 2 - 0
-0 / 2 - 0
-0 / 2 - 0
-0 / 2 - 0
-0 / 2 - 0
-0 / 2 - 0
-0 / 2 - 0
-0 / 2 - 0
-0 / 2 - 0
-0 / 2 - 0
-0 / 2 - 0
-0 / 2 - 0
-0 / 2 - 0
-0 / 2 - 0
-0 / 2 - 0
-0 / 2 - 0
-0 / 2 - 0
--7BFF6031D9D277 / 2 - -3DFFB018ECE93B
--7BFF6031D9D277 / 4 - -1EFFD80C76749D
--7BFF6031D9D277 / 8 - -F7FEC063B3A4E
--7BFF6031D9D277 / 10 - -7BFF6031D9D27
--7BFF6031D9D277 / 20 - -3DFFB018ECE93
--7BFF6031D9D277 / 40 - -1EFFD80C76749
--7BFF6031D9D277 / 80 - -F7FEC063B3A4
--7BFF6031D9D277 /  - -7BFF6031D9D2
--7BFF6031D9D277 /  - -3DFFB018ECE9
--7BFF6031D9D277 /  - -1EFFD80C7674
--7BFF6031D9D277 /  - -F7FEC063B3A
--7BFF6031D9D277 /  - -7BFF6031D9D
--7BFF6031D9D277 /  - -3DFFB018ECE
--7BFF6031D9D277 /  - -1EFFD80C767
--7BFF6031D9D277 /  - -F7FEC063B3
--7BFF6031D9D277 /  - -7BFF6031D9
--7BFF6031D9D277 /  - -3DFFB018EC
--7BFF6031D9D277 /  - -1EFFD80C76
--7BFF6031D9D277 /  - -F7FEC063B
--7BFF6031D9D277 /  - -7BFF6031D
--7BFF6031D9D277 /  - -3DFFB018E
--7BFF6031D9D277 /  - -1EFFD80C7
--7BFF6031D9D277 /  - -F7FEC063
--7BFF6031D9D277 /  - -7BFF6031
--7BFF6031D9D277 /  - -3DFFB018
--7BFF6031D9D277 /  - -1EFFD80C
--7BFF6031D9D277 /  - -F7FEC06
--7BFF6031D9D277 /  - -7BFF603
--7BFF6031D9D277 /  - -3DFFB01
--7BFF6031D9D277 /  - -1EFFD80
--7BFF6031D9D277 /  - -F7FEC0
--7BFF6031D9D277 /  - -7BFF60
--7BFF6031D9D277 /  - -3DFFB0
--7BFF6031D9D277 /  - -1EFFD8
--7BFF6031D9D277 /  - -F7FEC
--7BFF6031D9D277 /  - -7BFF6
--7BFF6031D9D277 /  - -3DFFB
--7BFF6031D9D277 /  - -1EFFD
--7BFF6031D9D277 /  - -F7FE
--7BFF6031D9D277 /  - -7BFF
--7BFF6031D9D277 /  - -3DFF
--7BFF6031D9D277 /  - -1EFF
--7BFF6031D9D277 /  - -F7F
--7BFF6031D9D277 /  - -7BF
--7BFF6031D9D277 /  - -3DF
--7BFF6031D9D277 /  - -1EF
--7BFF6031D9D277 /  - -F7
--7BFF6031D9D277 /  - -7B
--7BFF6031D9D277 /  - -3D
--7BFF6031D9D277 /  - -1E
--7BFF6031D9D277 /  - -F
--7BFF6031D9D277 /  - -7
--7BFF6031D9D277 /  - -3
--7BFF6031D9D277 /  - -1
--7BFF6031D9D277 /  - -0
--7BFF6031D9D277 /  - -0
--7BFF6031D9D277 /  - -0
--7BFF6031D9D277 /  - -0
--7BFF6031D9D277 /  - -0
--7BFF6031D9D277 /  - -0
--7BFF6031D9D277 /  - -0
--7BFF6031D9D277 /  - -0
--7BFF6031D9D277 /  - -0
--7BFF6031D9D277 /  - 0
--7BFF6031D9D277 /  - 0
--7BFF6031D9D277 /  - 0
--7BFF6031D9D277 /  - 0
--7BFF6031D9D277 /  - 0
--7BFF6031D9D277 /  - 0
--7BFF6031D9D277 /  - 0
--695F * -695F - 2B5F1141
-3F08 * 3F08 - F84F040
--E4CE * -E4CE - CC7F95C4
--260CAA * -260CAA - 5A7C31860E4
-637728 * 637728 - 26A560663640
-CEE353 * CEE353 - A732A3704CE9
-F682D2E5 * F682D2E5 - ED5FB02AFA5080D9
--A1F0633 * -A1F0633 - 66703E7C806E29
--28670CBF * -28670CBF - 6605D76F2547681
-A69CEF5D4F * A69CEF5D4F - 6C6FE6A19BFBA3847E61
--EC6F015FCD * -EC6F015FCD - DA5CDAAAD30DA973CA29
--988EB2044D * -988EB2044D - 5AE9C2EF13FF67267F29
-38845710CF * 38845710CF - C7A2A814181E5CC8761
-74E3ECC51B0B * 74E3ECC51B0B - 355F5980610BEF20E9C95279
-E293F535B04 * E293F535B04 - C889927651B9381CF3D810
--D4F4DB8F052 * -D4F4DB8F052 - B12675D8256CC7AB79DA44
--C662E2DF87BD00 * -C662E2DF87BD00 - 99BD1D24422BB78B773EE1890000
-73B3AC32CAECA5 * 73B3AC32CAECA5 - 344AEACFE52CADEEA102C324A259
--7020E36421AC78 * -7020E36421AC78 - 311CCB31407A0F002FFBAB217840
--AB63E98AB5BAB9E5 * -AB63E98AB5BAB9E5 - 72BEA0FDC51DCCBA09D2D7F479C0C6D9
-FD13670E7861102E * FD13670E7861102E - FA2F5B2B0F925E12D111ED0063E1C844
-448B3ED3616B79E * 448B3ED3616B79E - 125A451D94B7F52F248606BADB4584
-722C445D6004C58F0A * 722C445D6004C58F0A - 32EB748ABBDEFEA8BE828B7F506DC5502C64
--7845C0FAAD434DFB1F * -7845C0FAAD434DFB1F - 388177EC9B0978BF481FBC0FDD1940FBCDC1
--523612DFD51C69241A * -523612DFD51C69241A - 1A66AF835C585904739382AA8A58526B52A4
-315FDEEE12E80473C81D * 315FDEEE12E80473C81D - 985D73E5A10A019311028C8BBFE9B2E4E7B5349
--8774D69F879642CDA8C5 * -8774D69F879642CDA8C5 - 47AC6FAF758274BA5E875CD043263D194EC52799
--A7DD4F37B9EB07181EC3 * -A7DD4F37B9EB07181EC3 - 6E127CAC934B13EC302AFE0E74BAA3F672424889
-FEDB557353572B8502F5 * FEDB557353572B8502F5 - FDB7F97C29375ACC45CA4C8C35D6D4A0609ABE79
-5F44D83AFA7AC1A3A63D21 * 5F44D83AFA7AC1A3A63D21 - 23742AFF5BDFC133EFC992B6C684F3FCBD8D5B64BE41
-605113B8BD6E9431F134B8 * 605113B8BD6E9431F134B8 - 243CE8780A7FC08E81A3158A6DF569A14E32BD4B4440
--4DA79A9A866F6B095E0C8A * -4DA79A9A866F6B095E0C8A - 178E40BC07D8B2C55A39205816738C4DE6CAE9F53A64
--3CB4AA53092EE56242A20541 * -3CB4AA53092EE56242A20541 - E652F56E2654899DECD393C64FA03AB682641042A5F9A81
-87395D50F0FD926FAFDB9717 * 87395D50F0FD926FAFDB9717 - 476D8D460E3AAA0CBEF302732D840D04350736DF4C862411
--96E2370053E902E8598BBA14 * -96E2370053E902E8598BBA14 - 58EDE0598ABA5ADFA5EE9B36FA50A74A4BE407E580F91190
--80C25DEEC231572F6A0834B4E7 * -80C25DEEC231572F6A0834B4E7 - 40C2F181428701BD0E4A49FE4147D6138E1D8957F7746DADA871
-C1A4A32A29A6443B91624026B7 * C1A4A32A29A6443B91624026B7 - 9279A7E708D0C7E4A9C15723077888CE2CC1E97163057D5AD6D1
-81F2975220E0876FFFA4F84AF5 * 81F2975220E0876FFFA4F84AF5 - 41F6626335DA6E20E339603EA6C8A06FE2A5305ADAF138A28E79
-728A6F96E7636342A89C18A45667 * 728A6F96E7636342A89C18A45667 - 333F963EE56A312A8BB9724A1AC103865055C4BFF32BB73A21215D71
--FF9C8C566DD658A730303D56CAD4 * -FF9C8C566DD658A730303D56CAD4 - FF393F4F8515872989DD7CFD829AB1BBAE717535FBE60995EF233F90
--333278C239008F * 8CAAC9051C2B4A - -64D9D062A00FE8E072F247A2956
--333278C239008F * -DD65556A74E999 - B3F6C4042C7F88659A714115577
-333278C239008F * 73076004AF894E - 6DA09CACCA83A2F9966B2D5E2B92
-333278C239008F * -57776B27BB80BD - -297AAD9C015FE9F7EEC64156993
--333278C239008F * C0D6508087852A - -F919212BC9CD6236747FDD5A1776
--333278C239008F * -52C38CF94955B1 - E769D2110A2BD09233B2496962DF
-333278C239008F * EB28189E79F3E4 - 27769816F2C43AF100F4FAC47F5C
-333278C239008F * -5E060E67236A72 - -D58ABFE9028178EA81987D623FAE
--333278C239008F * 9DC24AE9C06C3C - -9A07C0AA009C279FDA3855C2184
--333278C239008F * -7D3085C246076E - D0BEDC8C0AA5929CFA2E747E3D72
-333278C239008F * C3D1BCB47F9C7D - 8BA4513C6974D6DC0DFAD5D545D3
-333278C239008F * -5054A5B2153A95 - -4763394DD39D3489BC740B2D533B
--333278C239008F * 414E6DCFD7A38D - -BF9D29DD2B2C98780965F9654EC3
--333278C239008F * -5929345EA03C36 - DBE971B3DE818060C284F8061E2A
-333278C239008F * A1A6A42498C629 - 1D985C1D44EA58B770F31B2116E7
-333278C239008F * -6D5594633379B8 - -7848830ACAAEAC0997798F866C8
--333278C239008F * D5F70DAC5CE9EF - -2E32C24E7C54A4B1260053378581
--333278C239008F * -3FABF40E72D8D5 - BFD11E774A76E0ED86C5996D76FB
-333278C239008F * C89485F9A71ECB - DACB8CEC78BEB036500D03337165
-333278C239008F * -5701B72B14F3B2 - -227E85F9005A5E587E300BA2636E
--333278C239008F * 7446DE2EE896EE - -5081C7933B6D3A07684690FE84F2
--333278C239008F * -964502E170E65C - 76AE4CA6D3642D82483CC7C3364
-333278C239008F * 59D403FAFC9CE2 - AF508CE9C67ECEDD904876527E3E
-333278C239008F * -F2CC2768C7ADBC - -E16ED67779F5FC482677A1DC6904
--333278C239008F * 2C91EBE107AF96 - -1E253306BB9A92531606CD6653CA
--333278C239008F * -4A63FEEFDFBC67 - 674A9CBBFEFFFC27DC7824EF3989
-333278C239008F * 9A3174F5E10D2F - 61D26D46716C003A84F7A8771A41
-333278C239008F * -51669B1161CE60 - -95BD59006BBD30B643DDD56035A0
--333278C239008F * A7523F8F4286C7 - -AA0CD16FE1D0C8D35F0FFA4F6F29
--333278C239008F * -C3DCC584DE238A - 168CB6E6AA51B476A323B2BA4D16
-333278C239008F * 8807FEFB62A8C9 - D1ACBEF58031CC12EB27EC17047
-333278C239008F * -286B4AA186F57F - -EDC138F701D564E0333E5A4746F1
--333278C239008F * B4B28DF5887F86 - -B3651B3374B55831B9F8A9D64ADA
--333278C239008F * -5850CE172EB74B - 4FD379136763ECDE3C72E6B329E5
-333278C239008F * C9FBB26917F433 - 3C538FB61D6202D5717CB15B1C7D
-333278C239008F * -A5EBD65287D130 - -BC61C9392EACBA3FEE2E6AB01AD0
--333278C239008F * E4EBF4F6BF1033 - -6122B48C40F4F687965AB15B1C7D
--333278C239008F * -5472E5E87016F9 - 18810EE0E42470C9975FE9718B17
-333278C239008F * 1283318C01193A - 31BC04A630ECA828ABB00EA2066
-333278C239008F * -6F4E0DB5ACCE11 - -88878FB817E8844B6147E5C9097F
--333278C239008F * 3DC98FF9B738D8 - -86AFB80D25BF8009E5C4E01878A8
--333278C239008F * -8A3E306874F027 - D3FD44031756567CCB3596AF15C9
-333278C239008F * 961C95A0CDE2FB - 94593A3AB63A6C5FCFA16DE38C35
-333278C239008F * -1E8C55FEB72D69 - -886ED074400166ECE302A9613AA7
--333278C239008F * DFB41EF1CDCC11 - -884796CAA6A8EC146AC6E5C9097F
--333278C239008F * -38D3B3F9502CD7 - E0F0E6674FA488DAC7681DDF7819
-333278C239008F * EB8DA50CD14333 - C8C10E890A3CE4F06A39B15B1C7D
-333278C239008F * -6CE7B60A7B6D3B - -AAABD77FA1170E53077EC32320F5
--333278C239008F * 71A305452DDDD1 - -3AB4ADC9EFD4A4E93761908974BF
--333278C239008F * -E43BE7D8025C38 - 193279C118C126A28B737C781F48
-333278C239008F * BBF3AE57C7A579 - 5AB4C7CAC9F92AF13C45CCF14397
-333278C239008F * -A3FCB7AFD07B51 - -C3E977E2FEE8D6F25E6E74092D3F
--333278C239008F * 9C9E1D70DD5321 - -201134915D8D80E91C40959126F
--333278C239008F * -F73F608E265EC0 - 1232BD6F5BAA82C61031AAC06B40
-333278C239008F * E1106CD2A4ECB5 - C862022F0462623EEBB5524D651B
-333278C239008F * -10084DD7BFE7AE - -A455BCC56F8D38F1791702BE6132
--333278C239008F * 4C49D23F85B112 - -F4C31245142BDE5C01CBA8020A0E
--333278C239008F * -C6F4E72EDF64EC - 220C84891060A2085C0C8C83D4
-333278C239008F * 14BA951B0B7128 - C8B48A69A9B6782D361958E81658
-333278C239008F * -46A630FD842A54 - -D4CE48F947834E7CAA6FBAB42EEC
--333278C239008F * 6F08481586842 - -486C26F3AC4D98974CDE12B224DE
--333278C239008F * -34E97B303F7D01 - 3ED301ED44C23A96772DC239008F
-333278C239008F * 239E8BBA8E2233 - 97466108DAB24265BB3B15B1C7D
-333278C239008F * -30E7A05B0BB007 - -89DD50E0604DEC06BAAD4F8F03E9
--333278C239008F * DEB534A1A8CB46 - -342388C34FF6D493EA111B96271A
--333278C239008F * -AE50B34C18B72D - 90802CF6AF0C70DB433724051923
-333278C239008F * D0992EF8AFD4AE - 4418C103D8FC3E0A67C602BE6132
-333278C239008F * -F805248E3E8FCC - -449F2FC2A75ADED04C56C56C71F4
--333278C239008F * 13CB3ECC042192 - -30A5143A347EF200EB80C482518E
--333278C239008F * -DD32962D9DD238 - 5B07044596568C995E347C781F48
-333278C239008F * 901D9722DCBA4D - F661B84F8E47AC0582AB6B252B03
-333278C239008F * -3EC33B2A9D511D - -2F757387214332EFD8A300751033
--333278C239008F * BFCD13A4BF5DD8 - -1F71CFC716BA066DA080E01878A8
--333278C239008F * -7F781231357E0E - 8A532565269B56CECCA89F1E07D2
-333278C239008F * 95406E35BBA00B - 26EE1F3EE5583EB168A258730625
-333278C239008F * -EFCBBE80C07E40 - -25E87E8CC9BA8C1B08528E4023C0
--333278C239008F * E244E6EBC11893 - -81DF2F7187018A9C7BD186BB521D
--333278C239008F * -19C6FC96A60BE4 - 5FF3014BBA21EAB58050FAC47F5C
-333278C239008F * A9C891351DBB1E - 16E8BDD356A5F0493B25C2AE10C2
-333278C239008F * -B0ED949440C809 - -F5AFA7EC4D9082C118EAD4010507
--333278C239008F * 215A0C75ED207E - -6B7CE7C95952B6DEDE23980E4662
--333278C239008F * -332A22531BC7D1 - 9E76ECDF83CA4E5E4794908974BF
-333278C239008F * D2DE8C2EBE4A16 - 825D9EAEE48EBC92A494B0E60C4A
-333278C239008F * -4B1E3E4CABF525 - -EDB266A62A32D0346E16123D14AB
--333278C239008F * F989BEA03B49E8 - -4B2BBD100C591CB4279203A88198
--333278C239008F * -56EEAD41B0650D - FA88B54861B99E1EF0C4DCE50743
-333278C239008F * F4DFE55703A9B3 - E81537BFAFD718C9CA5ACDDB63FD
-333278C239008F * -17101017D57E73 - -45A6013AF27B608FB52F3F9B403D
--333278C239008F * 53EE10D00BFE9 - -2C925F9E837CC8B26D97C5E18227
--333278C239008F * -CA7FCD6023AF64 - A3E63DE190BFD8A529AEDE4437DC
-333278C239008F * 465D9A1D461D78 - F0E5B77549DF8649FEA10AB84308
-333278C239008F * -BD7672502E8C53 - -519D09E6925480FB9CD4F87B2E5D
--333278C239008F * 841F9521302F5C - -1254FD3410D2969376A0CC7C3364
--333278C239008F * -913D9DCF70396A - 5C897F0ABA36D0283DB36B9A3B36
-333278C239008F * 7981A7ACDF8DB - A9150A49DEA644963BD426C37A55
-333278C239008F * -C89FB0200903B6 - -B6FFE1E3BB1D5296442A148665AA
--333278C239008F * E41A52BF843904 - -E202D9A04F09C00EF7B108E4023C
--333278C239008F * -DD18A14E29F064 - 21A35AFAAC9A0CD9111ADE4437DC
-333278C239008F * 650D2710314C54 - 6D3BB63A84EF3A7BA568BAB42EEC
-333278C239008F * -AAE8851D33FDDE - -780005DE0B790A030F036D6E7C02
--89D2DBFB84BF5C2E280970546B / 9C0E - -FE000000FE000000FE000000FE
--89D2DBFB84BF5C2E280970546B % 9C0E - -26DD26ED168BEEF040C09032A4F
--89D2DBFB84BF5C2E280970546B / -868C - FF000000FF000000FF000000FF
--89D2DBFB84BF5C2E280970546B % -868C - -4C93C2D39C79035B46B224A4EF7
-89D2DBFB84BF5C2E280970546B / 3CE9 - FF000000FF000000FF000000FF
-89D2DBFB84BF5C2E280970546B % 3CE9 - 7D9A57DD6DB610E997F3B23A854
-89D2DBFB84BF5C2E280970546B / -65F0 - -FF000000FF000000FF000000FF
-89D2DBFB84BF5C2E280970546B % -65F0 - 1D477833805002D4D2F46CEACA5B
--89D2DBFB84BF5C2E280970546B / 12C6 - -FE000000FE000000FE000000FE
--89D2DBFB84BF5C2E280970546B % 12C6 - -20FDD2E71BF8BF674E9C097B74DF
--89D2DBFB84BF5C2E280970546B / -50E2 - FE000000FE000000FE000000FE
--89D2DBFB84BF5C2E280970546B % -50E2 - -40C5D2F1BBC0BF71EE64090614A7
-89D2DBFB84BF5C2E280970546B / 1F47 - FF000000FF000000FF000000FF
-89D2DBFB84BF5C2E280970546B % 1F47 - AACF984AA5DB217D5225442CB2
-89D2DBFB84BF5C2E280970546B / -CF68 - -FF000000FF000000FF000000FF
-89D2DBFB84BF5C2E280970546B % -CF68 - 1A53C5450A0F6E683564117BBD3
--89D2DBFB84BF5C2E280970546B / EF89 - -FF000000FF000000FF000000FF
--89D2DBFB84BF5C2E280970546B % EF89 - -27A55CB3D762E6F703D78BDBAF4
--89D2DBFB84BF5C2E280970546B / -8D69 - FF000000FF000000FF000000FF
--89D2DBFB84BF5C2E280970546B % -8D69 - -3C328BAD6BE9D8309A9E80B78D4
-89D2DBFB84BF5C2E280970546B / 271A - FF000000FF000000FF000000FF
-89D2DBFB84BF5C2E280970546B % 271A - B456E9C76407BACA973C6A96185
-89D2DBFB84BF5C2E280970546B / -C997 - -FF000000FF000000FF000000FF
-89D2DBFB84BF5C2E280970546B % -C997 - E638A62095F38023D2283E78702
--89D2DBFB84BF5C2E280970546B / 61A4 - -FF000000FF000000FF000000FF
--89D2DBFB84BF5C2E280970546B % 61A4 - -34B481D86FAFB098A492FE4F120F
--89D2DBFB84BF5C2E280970546B / -EA04 - FF000000FF000000FF000000FF
--89D2DBFB84BF5C2E280970546B % -EA04 - -539B30AE4E96A1AE85B9F3073A6F
diff --git a/test/maketests.com b/test/maketests.com
new file mode 100644
index 0000000000..da32daaa7f
--- /dev/null
+++ b/test/maketests.com
@@ -0,0 +1,914 @@
+$!
+$!  MAKETESTS.COM
+$!  Written By:  Robert Byer
+$!               Vice-President
+$!               A-Com Computing, Inc.
+$!               byer@mail.all-net.net
+$!
+$!  Changes by Richard Levitte <richard@levitte.org>
+$!
+$!  This command files compiles and creates all the various different
+$!  "test" programs for the different types of encryption for OpenSSL.
+$!  It was written so it would try to determine what "C" compiler to
+$!  use or you can specify which "C" compiler to use.
+$!
+$!  The test "executeables" will be placed in a directory called
+$!  [.xxx.EXE.TEST] where "xxx" denotes AXP or VAX depending on your machines
+$!  architecture.
+$!
+$!  Specify DEBUG or NODEBUG P1 to compile with or without debugger
+$!  information.
+$!
+$!  Specify which compiler at P2 to try to compile under.
+$!
+$!	   VAXC	 For VAX C.
+$!	   DECC	 For DEC C.
+$!	   GNUC	 For GNU C.
+$!
+$!  If you don't speficy a compiler, it will try to determine which
+$!  "C" compiler to use.
+$!
+$!  P3, if defined, sets a TCP/IP library to use, through one of the following
+$!  keywords:
+$!
+$!	UCX		for UCX
+$!	SOCKETSHR	for SOCKETSHR+NETLIB
+$!
+$!  P4, if defined, sets a compiler thread NOT needed on OpenVMS 7.1 (and up)
+$!
+$!
+$! Define A TCP/IP Library That We Will Need To Link To.
+$! (That is, If Wee Need To Link To One.)
+$!
+$ TCPIP_LIB = ""
+$!
+$! Check Which Architecture We Are Using.
+$!
+$ IF (F$GETSYI("CPU").GE.128) 
+$ THEN
+$!
+$!  The Architecture Is AXP.
+$!
+$   ARCH := AXP
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  The Architecture Is VAX.
+$!
+$   ARCH := VAX
+$!
+$! End The Architecture Check.
+$!
+$ ENDIF
+$!
+$! Check To Make Sure We Have Valid Command Line Parameters.
+$!
+$ GOSUB CHECK_OPTIONS
+$!
+$! Initialise logical names and such
+$!
+$ GOSUB INITIALISE
+$!
+$! Tell The User What Kind of Machine We Run On.
+$!
+$ WRITE SYS$OUTPUT "Compiling On A ",ARCH," Machine."
+$!
+$! Define The CRYPTO-LIB We Are To Use.
+$!
+$ CRYPTO_LIB := SYS$DISK:[-.'ARCH'.EXE.CRYPTO]LIBCRYPTO.OLB
+$!
+$! Define The SSL We Are To Use.
+$!
+$ SSL_LIB := SYS$DISK:[-.'ARCH'.EXE.SSL]LIBSSL.OLB
+$!
+$! Define The OBJ Directory.
+$!
+$ OBJ_DIR := SYS$DISK:[-.'ARCH'.OBJ.TEST]
+$!
+$! Check To See If The Architecture Specific OBJ Directory Exists.
+$!
+$ IF (F$PARSE(OBJ_DIR).EQS."")
+$ THEN
+$!
+$!  The EXE Directory Dosen't Exist, So Create It.
+$!
+$   CREATE/DIRECTORY 'OBJ_DIR'
+$!
+$! End The Architecture Specific OBJ Directory Check.
+$!
+$ ENDIF
+$!
+$! Define The EXE Directory.
+$!
+$ EXE_DIR := SYS$DISK:[-.'ARCH'.EXE.TEST]
+$!
+$! Check To See If The Architecture Specific EXE Directory Exists.
+$!
+$ IF (F$PARSE(EXE_DIR).EQS."")
+$ THEN
+$!
+$!  The EXE Directory Dosen't Exist, So Create It.
+$!
+$   CREATE/DIRECTORY 'EXE_DIR'
+$!
+$! End The Architecture Specific EXE Directory Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Have The Proper Libraries.
+$!
+$ GOSUB LIB_CHECK
+$!
+$! Check To See If We Have A Linker Option File.
+$!
+$ GOSUB CHECK_OPT_FILE
+$!
+$! Define The TEST Files.
+$!
+$ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ -
+	       "MD2TEST,MD4TEST,MD5TEST,HMACTEST,"+ -
+	       "RC2TEST,RC4TEST,RC5TEST,"+ -
+	       "DESTEST,SHATEST,SHA1TEST,MDC2TEST,RMDTEST,"+ -
+	       "RANDTEST,DHTEST,ENGINETEST,"+ -
+	       "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ -
+	       "EVP_TEST"
+$ TCPIP_PROGRAMS = ",,"
+$ IF COMPILER .EQS. "VAXC" THEN -
+     TCPIP_PROGRAMS = ",SSLTEST,"
+$!
+$!  Define A File Counter And Set It To "0".
+$!
+$ FILE_COUNTER = 0
+$!
+$! Top Of The File Loop.
+$!
+$ NEXT_FILE:
+$!
+$! O.K, Extract The File Name From The File List.
+$!
+$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",TEST_FILES)
+$!
+$! Check To See If We Are At The End Of The File List.
+$!
+$ IF (FILE_NAME.EQS.",") THEN GOTO FILE_DONE
+$!
+$! Increment The Counter.
+$!
+$ FILE_COUNTER = FILE_COUNTER + 1
+$!
+$! Create The Source File Name.
+$!
+$ SOURCE_FILE = "SYS$DISK:[]" + FILE_NAME + ".C"
+$!
+$! Create The Object File Name.
+$!
+$ OBJECT_FILE = OBJ_DIR + FILE_NAME + ".OBJ"
+$!
+$! Create The Executable File Name.
+$!
+$ EXE_FILE = EXE_DIR + FILE_NAME + ".EXE"
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$! Check To See If The File We Want To Compile Actually Exists.
+$!
+$ IF (F$SEARCH(SOURCE_FILE).EQS."")
+$ THEN
+$!
+$!  Tell The User That The File Dosen't Exist.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The File ",SOURCE_FILE," Dosen't Exist."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Exit The Build.
+$!
+$   GOTO EXIT
+$ ENDIF
+$!
+$! Tell The User What We Are Building.
+$!
+$ WRITE SYS$OUTPUT "Building The ",FILE_NAME," Test Program."
+$!
+$! Compile The File.
+$!
+$ ON ERROR THEN GOTO NEXT_FILE
+$ CC/OBJECT='OBJECT_FILE' 'SOURCE_FILE'
+$ ON WARNING THEN GOTO NEXT_FILE
+$!
+$! Check If What We Are About To Compile Works Without A TCP/IP Library.
+$!
+$ IF ((TCPIP_LIB.EQS."").AND.((TCPIP_PROGRAMS-FILE_NAME).NES.TCPIP_PROGRAMS))
+$ THEN
+$!
+$!  Inform The User That A TCP/IP Library Is Needed To Compile This Program.
+$!
+$   WRITE SYS$OUTPUT FILE_NAME," Needs A TCP/IP Library.  Can't Link.  Skipping..."
+$   GOTO NEXT_FILE
+$!
+$! End The TCP/IP Library Check.
+$!
+$ ENDIF
+$!
+$! Link The Program, Check To See If We Need To Link With RSAREF Or Not.
+$! Check To See If We Are To Link With A Specific TCP/IP Library.
+$!
+$ IF (TCPIP_LIB.NES."")
+$ THEN
+$!
+$!  Don't Link With The RSAREF Routines And TCP/IP Library.
+$!
+$   LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
+	'OBJECT_FILE', -
+        'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
+        'TCPIP_LIB','OPT_FILE'/OPTION
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Don't Link With The RSAREF Routines And Link With A TCP/IP Library.
+$!
+$   LINK/'DEBUGGER'/'TRACEBACK' /EXE='EXE_FILE' -
+	'OBJECT_FILE', -
+        'SSL_LIB'/LIBRARY,'CRYPTO_LIB'/LIBRARY, -
+        'OPT_FILE'/OPTION
+$!
+$! End The TCP/IP Library Check.
+$!
+$ ENDIF
+$!
+$! Go Back And Do It Again.
+$!
+$ GOTO NEXT_FILE
+$!
+$! All Done With This Library Part.
+$!
+$ FILE_DONE:
+$!
+$! All Done, Time To Exit.
+$!
+$ EXIT:
+$ GOSUB CLEANUP
+$ EXIT
+$!
+$! Check For The Link Option FIle.
+$!
+$ CHECK_OPT_FILE:
+$!
+$! Check To See If We Need To Make A VAX C Option File.
+$!
+$ IF (COMPILER.EQS."VAXC")
+$ THEN
+$!
+$!  Check To See If We Already Have A VAX C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A VAX C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable VAX C Runtime Library.
+!
+SYS$SHARE:VAXCRTL.EXE/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The VAXC Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A GNU C Option File.
+$!
+$ IF (COMPILER.EQS."GNUC")
+$ THEN
+$!
+$!  Check To See If We Already Have A GNU C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    We Need A GNU C Linker Option File.
+$!
+$     CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable C Runtime Library.
+!
+GNU_CC:[000000]GCCLIB/LIBRARY
+SYS$SHARE:VAXCRTL/SHARE
+$EOD
+$!
+$!  End The Option File Check.
+$!
+$   ENDIF
+$!
+$! End The GNU C Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Need A DEC C Option File.
+$!
+$ IF (COMPILER.EQS."DECC")
+$ THEN
+$!
+$!  Check To See If We Already Have A DEC C Linker Option File.
+$!
+$   IF (F$SEARCH(OPT_FILE).EQS."")
+$   THEN
+$!
+$!    Figure Out If We Need An AXP Or A VAX Linker Option File.
+$!
+$     IF (ARCH.EQS."VAX")
+$     THEN
+$!
+$!      We Need A DEC C Linker Option File For VAX.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File To Link Agianst 
+! The Sharable DEC C Runtime Library.
+!
+SYS$SHARE:DECC$SHR.EXE/SHARE
+$EOD
+$!
+$!    Else...
+$!
+$     ELSE
+$!
+$!      Create The AXP Linker Option File.
+$!
+$       CREATE 'OPT_FILE'
+$DECK
+!
+! Default System Options File For AXP To Link Agianst 
+! The Sharable C Runtime Library.
+!
+SYS$SHARE:CMA$OPEN_LIB_SHR/SHARE
+SYS$SHARE:CMA$OPEN_RTL/SHARE
+$EOD
+$!
+$!    End The VAX/AXP DEC C Option File Check.
+$!
+$     ENDIF
+$!
+$!  End The Option File Search.
+$!
+$   ENDIF
+$!
+$! End The DEC C Check.
+$!
+$ ENDIF
+$!
+$!  Tell The User What Linker Option File We Are Using.
+$!
+$ WRITE SYS$OUTPUT "Using Linker Option File ",OPT_FILE,"."	
+$!
+$! Time To RETURN.
+$!
+$ RETURN
+$!
+$! Check To See If We Have The Appropiate Libraries.
+$!
+$ LIB_CHECK:
+$!
+$! Look For The Library LIBCRYPTO.OLB.
+$!
+$ IF (F$SEARCH(CRYPTO_LIB).EQS."")
+$ THEN
+$!
+$!  Tell The User We Can't Find The LIBCRYPTO.OLB Library.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "Can't Find The Library ",CRYPTO_LIB,"."
+$   WRITE SYS$OUTPUT "We Can't Link Without It."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Since We Can't Link Without It, Exit.
+$!
+$   EXIT
+$!
+$! End The Crypto Library Check.
+$!
+$ ENDIF
+$!
+$! Look For The Library LIBSSL.OLB.
+$!
+$ IF (F$SEARCH(SSL_LIB).EQS."")
+$ THEN
+$!
+$!  Tell The User We Can't Find The LIBSSL.OLB Library.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "Can't Find The Library ",SSL_LIB,"."
+$   WRITE SYS$OUTPUT "Some Of The Test Programs Need To Link To It."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Since We Can't Link Without It, Exit.
+$!
+$   EXIT
+$!
+$! End The SSL Library Check.
+$!
+$ ENDIF
+$!
+$! Time To Return.
+$!
+$ RETURN
+$!
+$! Check The User's Options.
+$!
+$ CHECK_OPTIONS:
+$!
+$! Check To See If P1 Is Blank.
+$!
+$ IF (P1.EQS."NODEBUG")
+$ THEN
+$!
+$!   P1 Is NODEBUG, So Compile Without Debugger Information.
+$!
+$    DEBUGGER  = "NODEBUG"
+$    TRACEBACK = "NOTRACEBACK" 
+$    GCC_OPTIMIZE = "OPTIMIZE"
+$    CC_OPTIMIZE = "OPTIMIZE"
+$    WRITE SYS$OUTPUT "No Debugger Information Will Be Produced During Compile."
+$    WRITE SYS$OUTPUT "Compiling With Compiler Optimization."
+$!
+$! Else...
+$!
+$ ELSE
+$!
+$!  Check To See If We Are To Compile With Debugger Information.
+$!
+$   IF (P1.EQS."DEBUG")
+$   THEN
+$!
+$!    Compile With Debugger Information.
+$!
+$     DEBUGGER  = "DEBUG"
+$     TRACEBACK = "TRACEBACK"
+$     GCC_OPTIMIZE = "NOOPTIMIZE"
+$     CC_OPTIMIZE = "NOOPTIMIZE"
+$     WRITE SYS$OUTPUT "Debugger Information Will Be Produced During Compile."
+$     WRITE SYS$OUTPUT "Compiling Without Compiler Optimization."
+$!
+$!  Else...
+$!
+$   ELSE
+$!
+$!    Tell The User Entered An Invalid Option..
+$!
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "The Option ",P1," Is Invalid.  The Valid Options Are:"
+$     WRITE SYS$OUTPUT ""
+$     WRITE SYS$OUTPUT "    DEBUG    :  Compile With The Debugger Information."
+$     WRITE SYS$OUTPUT "    NODEBUG  :  Compile Without The Debugger Information."
+$     WRITE SYS$OUTPUT ""
+$!
+$!    Time To EXIT.
+$!
+$     EXIT
+$!
+$!  End The Valid Arguement Check.
+$!
+$   ENDIF
+$!
+$! End The P2 Check.
+$!
+$ ENDIF
+$!
+$! Check To See If P2 Is Blank.
+$!
+$ IF (P2.EQS."")
+$ THEN
+$!
+$!  O.K., The User Didn't Specify A Compiler, Let's Try To
+$!  Find Out Which One To Use.
+$!
+$!  Check To See If We Have GNU C.
+$!
+$   IF (F$TRNLNM("GNU_CC").NES."")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     P2 = "GNUC"
+$!
+$!  End The GNU C Compiler Check.
+$!
+$   ELSE
+$!
+$!  Check To See If We Have VAXC Or DECC.
+$!
+$     IF (ARCH.EQS."AXP").OR.(F$TRNLNM("DECC$CC_DEFAULT").NES."")
+$     THEN 
+$!
+$!      Looks Like DECC, Set To Use DECC.
+$!
+$       P2 = "DECC"
+$!
+$!      Else...
+$!
+$     ELSE
+$!
+$!      Looks Like VAXC, Set To Use VAXC.
+$!
+$       P2 = "VAXC"
+$!
+$!    End The VAXC Compiler Check.
+$!
+$     ENDIF
+$!
+$!  End The DECC & VAXC Compiler Check.
+$!
+$   ENDIF
+$!
+$!  End The Compiler Check.
+$!
+$ ENDIF
+$!
+$! Check To See If We Have A Option For P3.
+$!
+$ IF (P3.EQS."")
+$ THEN
+$!
+$!  Find out what socket library we have available
+$!
+$   IF F$PARSE("SOCKETSHR:") .NES. ""
+$   THEN
+$!
+$!    We have SOCKETSHR, and it is my opinion that it's the best to use.
+$!
+$     P3 = "SOCKETSHR"
+$!
+$!    Tell the user
+$!
+$     WRITE SYS$OUTPUT "Using SOCKETSHR for TCP/IP"
+$!
+$!    Else, let's look for something else
+$!
+$   ELSE
+$!
+$!    Like UCX (the reason to do this before Multinet is that the UCX
+$!    emulation is easier to use...)
+$!
+$     IF F$TRNLNM("UCX$IPC_SHR") .NES. "" -
+	 .OR. F$PARSE("SYS$SHARE:UCX$IPC_SHR.EXE") .NES. "" -
+	 .OR. F$PARSE("SYS$LIBRARY:UCX$IPC.OLB") .NES. ""
+$     THEN
+$!
+$!	Last resort: a UCX or UCX-compatible library
+$!
+$	P3 = "UCX"
+$!
+$!      Tell the user
+$!
+$       WRITE SYS$OUTPUT "Using UCX or an emulation thereof for TCP/IP"
+$!
+$!	That was all...
+$!
+$     ENDIF
+$   ENDIF
+$ ENDIF
+$!
+$! Set Up Initial CC Definitions, Possibly With User Ones
+$!
+$ CCDEFS = "TCPIP_TYPE_''P3'"
+$ IF F$TYPE(USER_CCDEFS) .NES. "" THEN CCDEFS = CCDEFS + "," + USER_CCDEFS
+$ CCEXTRAFLAGS = ""
+$ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
+$ CCDISABLEWARNINGS = "LONGLONGTYPE,LONGLONGSUFX"
+$ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. "" THEN -
+	CCDISABLEWARNINGS = CCDISABLEWARNINGS + "," + USER_CCDISABLEWARNINGS
+$!
+$!  Check To See If The User Entered A Valid Paramter.
+$!
+$ IF (P2.EQS."VAXC").OR.(P2.EQS."DECC").OR.(P2.EQS."GNUC")
+$ THEN
+$!
+$!  Check To See If The User Wanted DECC.
+$!
+$   IF (P2.EQS."DECC")
+$   THEN
+$!
+$!    Looks Like DECC, Set To Use DECC.
+$!
+$     COMPILER = "DECC"
+$!
+$!    Tell The User We Are Using DECC.
+$!
+$     WRITE SYS$OUTPUT "Using DECC 'C' Compiler."
+$!
+$!    Use DECC...
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."VAX" .AND. F$TRNLNM("DECC$CC_DEFAULT").NES."/DECC" -
+	 THEN CC = "CC/DECC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/STANDARD=ANSI89" + -
+           "/NOLIST/PREFIX=ALL" + -
+	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_DECC_OPTIONS.OPT"
+$!
+$!  End DECC Check.
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use VAXC.
+$!
+$   IF (P2.EQS."VAXC")
+$   THEN
+$!
+$!    Looks Like VAXC, Set To Use VAXC.
+$!
+$     COMPILER = "VAXC"
+$!
+$!    Tell The User We Are Using VAX C.
+$!
+$     WRITE SYS$OUTPUT "Using VAXC 'C' Compiler."
+$!
+$!    Compile Using VAXC.
+$!
+$     CC = "CC"
+$     IF ARCH.EQS."AXP"
+$     THEN
+$	WRITE SYS$OUTPUT "There is no VAX C on Alpha!"
+$	EXIT
+$     ENDIF
+$     IF F$TRNLNM("DECC$CC_DEFAULT").EQS."/DECC" THEN CC = "CC/VAXC"
+$     CC = CC + "/''CC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
+$     CCDEFS = CCDEFS + ",""VAXC"""
+$!
+$!    Define <sys> As SYS$COMMON:[SYSLIB]
+$!
+$     DEFINE/NOLOG SYS SYS$COMMON:[SYSLIB]
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_VAXC_OPTIONS.OPT"
+$!
+$!  End VAXC Check
+$!
+$   ENDIF
+$!
+$!  Check To See If We Are To Use GNU C.
+$!
+$   IF (P2.EQS."GNUC")
+$   THEN
+$!
+$!    Looks Like GNUC, Set To Use GNUC.
+$!
+$     COMPILER = "GNUC"
+$!
+$!    Tell The User We Are Using GNUC.
+$!
+$     WRITE SYS$OUTPUT "Using GNU 'C' Compiler."
+$!
+$!    Use GNU C...
+$!
+$     CC = "GCC/NOCASE_HACK/''GCC_OPTIMIZE'/''DEBUGGER'/NOLIST" + -
+	   "/INCLUDE=(SYS$DISK:[-])" + CCEXTRAFLAGS
+$!
+$!    Define The Linker Options File Name.
+$!
+$     OPT_FILE = "SYS$DISK:[]VAX_GNUC_OPTIONS.OPT"
+$!
+$!  End The GNU C Check.
+$!
+$   ENDIF
+$!
+$!  Set up default defines
+$!
+$   CCDEFS = """FLAT_INC=1""," + CCDEFS
+$!
+$!  Finish up the definition of CC.
+$!
+$   IF COMPILER .EQS. "DECC"
+$   THEN
+$     IF CCDISABLEWARNINGS .EQS. ""
+$     THEN
+$       CC4DISABLEWARNINGS = "DOLLARID"
+$     ELSE
+$       CC4DISABLEWARNINGS = CCDISABLEWARNINGS + ",DOLLARID"
+$       CCDISABLEWARNINGS = "/WARNING=(DISABLE=(" + CCDISABLEWARNINGS + "))"
+$     ENDIF
+$     CC4DISABLEWARNINGS = "/WARNING=(DISABLE=(" + CC4DISABLEWARNINGS + "))"
+$   ELSE
+$     CCDISABLEWARNINGS = ""
+$     CC4DISABLEWARNINGS = ""
+$   ENDIF
+$   CC = CC + "/DEFINE=(" + CCDEFS + ")" + CCDISABLEWARNINGS
+$!
+$!  Show user the result
+$!
+$   WRITE/SYMBOL SYS$OUTPUT "Main Compiling Command: ",CC
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P2," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    VAXC  :  To Compile With VAX C."
+$   WRITE SYS$OUTPUT "    DECC  :  To Compile With DEC C."
+$   WRITE SYS$OUTPUT "    GNUC  :  To Compile With GNU C."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$ ENDIF
+$!
+$! Time to check the contents, and to make sure we get the correct library.
+$!
+$ IF P3.EQS."SOCKETSHR" .OR. P3.EQS."MULTINET" .OR. P3.EQS."UCX" -
+     .OR. P3.EQS."TCPIP" .OR. P3.EQS."NONE"
+$ THEN
+$!
+$!  Check to see if SOCKETSHR was chosen
+$!
+$   IF P3.EQS."SOCKETSHR"
+$   THEN
+$!
+$!    Set the library to use SOCKETSHR
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]SOCKETSHR_SHR.OPT/OPT"
+$!
+$!    Done with SOCKETSHR
+$!
+$   ENDIF
+$!
+$!  Check to see if MULTINET was chosen
+$!
+$   IF P3.EQS."MULTINET"
+$   THEN
+$!
+$!    Set the library to use UXC emulation.
+$!
+$     P3 = "UCX"
+$!
+$!    Done with MULTINET
+$!
+$   ENDIF
+$!
+$!  Check to see if UCX was chosen
+$!
+$   IF P3.EQS."UCX"
+$   THEN
+$!
+$!    Set the library to use UCX.
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC.OPT/OPT"
+$     IF F$TRNLNM("UCX$IPC_SHR") .NES. ""
+$     THEN
+$       TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_DECC_LOG.OPT/OPT"
+$     ELSE
+$       IF COMPILER .NES. "DECC" .AND. ARCH .EQS. "VAX" THEN -
+	  TCPIP_LIB = "SYS$DISK:[-.VMS]UCX_SHR_VAXC.OPT/OPT"
+$     ENDIF
+$!
+$!    Done with UCX
+$!
+$   ENDIF
+$!
+$!  Check to see if TCPIP was chosen
+$!
+$   IF P3.EQS."TCPIP"
+$   THEN
+$!
+$!    Set the library to use TCPIP (post UCX).
+$!
+$     TCPIP_LIB = "SYS$DISK:[-.VMS]TCPIP_SHR_DECC.OPT/OPT"
+$!
+$!    Done with TCPIP
+$!
+$   ENDIF
+$!
+$!  Check to see if NONE was chosen
+$!
+$   IF P3.EQS."NONE"
+$   THEN
+$!
+$!    Do not use a TCPIP library.
+$!
+$     TCPIP_LIB = ""
+$!
+$!    Done with NONE
+$!
+$   ENDIF
+$!
+$!  Print info
+$!
+$   WRITE SYS$OUTPUT "TCP/IP library spec: ", TCPIP_LIB
+$!
+$!  Else The User Entered An Invalid Arguement.
+$!
+$ ELSE
+$!
+$!  Tell The User We Don't Know What They Want.
+$!
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "The Option ",P3," Is Invalid.  The Valid Options Are:"
+$   WRITE SYS$OUTPUT ""
+$   WRITE SYS$OUTPUT "    SOCKETSHR  :  To link with SOCKETSHR TCP/IP library."
+$   WRITE SYS$OUTPUT "    UCX        :  To link with UCX TCP/IP library."
+$   WRITE SYS$OUTPUT "    TCPIP      :  To link with TCPIP (post UCX) TCP/IP library."
+$   WRITE SYS$OUTPUT ""
+$!
+$!  Time To EXIT.
+$!
+$   EXIT
+$!
+$!  Done with TCP/IP libraries
+$!
+$ ENDIF
+$!
+$! Special Threads For OpenVMS v7.1 Or Later
+$!
+$! Written By:  Richard Levitte
+$!              richard@levitte.org
+$!
+$!
+$! Check To See If We Have A Option For P4.
+$!
+$ IF (P4.EQS."")
+$ THEN
+$!
+$!  Get The Version Of VMS We Are Using.
+$!
+$   ISSEVEN :=
+$   TMP = F$ELEMENT(0,"-",F$EXTRACT(1,4,F$GETSYI("VERSION")))
+$   TMP = F$INTEGER(F$ELEMENT(0,".",TMP)+F$ELEMENT(1,".",TMP))
+$!
+$!  Check To See If The VMS Version Is v7.1 Or Later.
+$!
+$   IF (TMP.GE.71)
+$   THEN
+$!
+$!    We Have OpenVMS v7.1 Or Later, So Use The Special Threads.
+$!
+$     ISSEVEN := ,PTHREAD_USE_D4
+$!
+$!  End The VMS Version Check.
+$!
+$   ENDIF
+$!
+$! End The P4 Check.
+$!
+$ ENDIF
+$!
+$!  Time To RETURN...
+$!
+$ RETURN
+$!
+$ INITIALISE:
+$!
+$! Save old value of the logical name OPENSSL
+$!
+$ __SAVE_OPENSSL = F$TRNLNM("OPENSSL","LNM$PROCESS_TABLE")
+$!
+$! Save directory information
+$!
+$ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A.;"
+$ __HERE = F$EDIT(__HERE,"UPCASE")
+$ __TOP = __HERE - "TEST]"
+$ __INCLUDE = __TOP + "INCLUDE.OPENSSL]"
+$!
+$! Set up the logical name OPENSSL to point at the include directory
+$!
+$ DEFINE OPENSSL/NOLOG '__INCLUDE'
+$!
+$! Done
+$!
+$ RETURN
+$!
+$ CLEANUP:
+$!
+$! Restore the logical name OPENSSL if it had a value
+$!
+$ IF __SAVE_OPENSSL .EQS. ""
+$ THEN
+$   DEASSIGN OPENSSL
+$ ELSE
+$   DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL'
+$ ENDIF
+$!
+$! Done
+$!
+$ RETURN
diff --git a/test/methtest.c b/test/methtest.c
index 630d29dc91..005c2f4822 100644
--- a/test/methtest.c
+++ b/test/methtest.c
@@ -58,10 +58,10 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "rsa.h"
-#include "x509.h"
+#include <openssl/rsa.h>
+#include <openssl/x509.h>
 #include "meth.h"
-#include "err.h"
+#include <openssl/err.h>
 
 int main(argc,argv)
 int argc;
@@ -96,10 +96,10 @@ char *argv[];
 	METH_init(top);
 	METH_control(tmp1,METH_CONTROL_DUMP,stdout);
 	METH_control(tmp2,METH_CONTROL_DUMP,stdout);
-	exit(0);
+	EXIT(0);
 err:
 	ERR_load_crypto_strings();
 	ERR_print_errors_fp(stderr);
-	exit(1);
+	EXIT(1);
 	return(0);
 	}
diff --git a/test/riptest b/test/riptest
deleted file mode 100644
index 8685d0ce53..0000000000
--- a/test/riptest
+++ /dev/null
diff --git a/test/tcrl b/test/tcrl
index 859fba452f..f71ef7a863 100644
--- a/test/tcrl
+++ b/test/tcrl
@@ -1,9 +1,13 @@
 #!/bin/sh
 
-PATH=../apps:$PATH
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
 export PATH
 
-cmd='../apps/ssleay crl'
+cmd='../apps/openssl crl'
 
 if [ "$1"x != "x" ]; then
 	t=$1
diff --git a/test/tcrl.com b/test/tcrl.com
new file mode 100644
index 0000000000..86bf9735aa
--- /dev/null
+++ b/test/tcrl.com
@@ -0,0 +1,83 @@
+$! TCRL.COM  --  Tests crl keys
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	cmd := mcr 'exe_dir'openssl crl
+$
+$	t := testcrl.pem
+$	if p1 .nes. "" then t = p1
+$
+$	write sys$output "testing CRL conversions"
+$	if f$search("fff.*") .nes "" then delete fff.*;*
+$	if f$search("ff.*") .nes "" then delete ff.*;*
+$	if f$search("f.*") .nes "" then delete f.*;*
+$	convert/fdl=sys$input: 't' fff.p
+RECORD
+	FORMAT STREAM_LF
+$
+$	write sys$output "p -> d"
+$	'cmd' -in fff.p -inform p -outform d -out f.d
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "p -> t"
+$!	'cmd' -in fff.p -inform p -outform t -out f.t
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in fff.p -inform p -outform p -out f.p
+$	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> d"
+$	'cmd' -in f.d -inform d -outform d -out ff.d1
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> d"
+$!	'cmd' -in f.t -inform t -outform d -out ff.d2
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> d"
+$	'cmd' -in f.p -inform p -outform d -out ff.d3
+$	if $severity .ne. 1 then exit 3
+$
+$!	write sys$output "d -> t"
+$!	'cmd' -in f.d -inform d -outform t -out ff.t1
+$!	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> t"
+$!	'cmd' -in f.t -inform t -outform t -out ff.t2
+$!	if $severity .ne. 1 then exit 3
+$!	write sys$output "p -> t"
+$!	'cmd' -in f.p -inform p -outform t -out ff.t3
+$!	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> p"
+$	'cmd' -in f.d -inform d -outform p -out ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> p"
+$!	'cmd' -in f.t -inform t -outform p -out ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in f.p -inform p -outform p -out ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	backup/compare fff.p f.p
+$	if $severity .ne. 1 then exit 3
+$	backup/compare fff.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	backup/compare fff.p ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	backup/compare fff.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$!	backup/compare f.t ff.t1
+$!	if $severity .ne. 1 then exit 3
+$!	backup/compare f.t ff.t2
+$!	if $severity .ne. 1 then exit 3
+$!	backup/compare f.t ff.t3
+$!	if $severity .ne. 1 then exit 3
+$
+$	backup/compare f.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	backup/compare f.p ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	backup/compare f.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	delete f.*;*,ff.*;*,fff.*;*
diff --git a/test/test.txt b/test/test.txt
deleted file mode 100644
index c6d8d50ba9..0000000000
--- a/test/test.txt
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/sh
-
-test=./test.txt
-
-cat $0 >$test;
-
-for i in rc4 des-cfb des-ofb des-ecb des-cbc des-ede des-ede3 \
-	des-cbc-ede des-cbc-ede3 idea-ecb idea-cfb idea-ofb idea-cbc 
-do
-	echo $i
-	../apps/ssleay $i -e -k test < $test > $test.$i.cipher
-	../apps/ssleay $i -d -k test < $test.$i.cipher >$test.$i.clear
-	cmp $test $test.$i.clear
-	if [ $? != 0 ]
-	then
-		exit 1
-	else
-		/bin/rm $test.$i.cipher $test.$i.clear
-	fi
-
-	echo $i base64
-	../apps/ssleay $i -a -e -k test < $test > $test.$i.cipher
-	../apps/ssleay $i -a -d -k test < $test.$i.cipher >$test.$i.clear
-	cmp $test $test.$i.clear
-	if [ $? != 0 ]
-	then
-		exit 1
-	else
-		/bin/rm $test.$i.cipher $test.$i.clear
-	fi
-done
diff --git a/test/testca b/test/testca
index a28402f9ca..8215ebb5d1 100644
--- a/test/testca
+++ b/test/testca
@@ -1,7 +1,11 @@
 #!/bin/sh
 
 SH="/bin/sh"
-PATH=../apps:$PATH
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=./apps\;../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
 export SH PATH
 
 SSLEAY_CONFIG="-config CAss.cnf"
@@ -23,7 +27,7 @@ if [ $? != 0 ]; then
 fi
 
 
-SSLEAY_CONFIG="-config ../apps/ssleay.cnf"
+SSLEAY_CONFIG="-config ../apps/openssl.cnf"
 export SSLEAY_CONFIG
 $SH ../apps/CA.sh -sign  <<EOF
 y
diff --git a/test/testca.com b/test/testca.com
new file mode 100644
index 0000000000..c670f2bf5f
--- /dev/null
+++ b/test/testca.com
@@ -0,0 +1,78 @@
+$! TESTCA.COM
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	openssl := mcr 'exe_dir'openssl
+$
+$	SSLEAY_CONFIG="-config ""CAss.cnf"""
+$
+$	set noon
+$	if f$search("demoCA.dir") .nes. ""
+$	then
+$	    call deltree [.demoCA]*.*
+$	    set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;*
+$	    delete demoCA.dir;*
+$	endif
+$	set on
+$	open/read sys$ca_input VMSca-response.1
+$	@[-.apps]CA.com -input sys$ca_input -newca
+$	close sys$ca_input
+$	if $severity .ne. 1 then exit 3
+$
+$
+$	SSLEAY_CONFIG="-config ""Uss.cnf"""
+$	@[-.apps]CA.com -newreq
+$	if $severity .ne. 1 then exit 3
+$
+$
+$	SSLEAY_CONFIG="-config [-.apps]openssl-vms.cnf"
+$	open/read sys$ca_input VMSca-response.2
+$	@[-.apps]CA.com -input sys$ca_input -sign
+$	close sys$ca_input
+$	if $severity .ne. 1 then exit 3
+$
+$
+$	@[-.apps]CA.com -verify newcert.pem
+$	if $severity .ne. 1 then exit 3
+$
+$	set noon
+$	call deltree [.demoCA]*.*
+$	set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) demoCA.dir;*
+$	delete demoCA.dir;*
+$	if f$search("newcert.pem") .nes. "" then delete newcert.pem;*
+$	if f$search("newcert.pem") .nes. "" then delete newreq.pem;*
+$	set on
+$!	#usage: CA -newcert|-newreq|-newca|-sign|-verify
+$
+$	exit
+$
+$ deltree: subroutine ! P1 is a name of a directory
+$	on control_y then goto dt_STOP
+$	on warning then goto dt_exit
+$	_dt_def = f$trnlnm("SYS$DISK")+f$directory()
+$	if f$parse(p1) .eqs. "" then exit
+$	set default 'f$parse(p1,,,"DEVICE")''f$parse(p1,,,"DIRECTORY")'
+$	p1 = f$parse(p1,,,"NAME") + f$parse(p1,,,"TYPE")
+$	_fp = f$parse(".DIR",p1)
+$ dt_loop:
+$	_f = f$search(_fp)
+$	if _f .eqs. "" then goto dt_loopend
+$	call deltree [.'f$parse(_f,,,"NAME")']*.*
+$	goto dt_loop
+$ dt_loopend:
+$	_fp = f$parse(p1,".;*")
+$	if f$search(_fp) .eqs. "" then goto dt_exit
+$	set noon
+$	set file/prot=(S:RWED,O:RWED,G:RWED,W:RWED) '_fp'
+$	set on
+$	delete/nolog '_fp'
+$ dt_exit:
+$	set default '_dt_def'
+$	exit
+$ dt_STOP:
+$	set default '_dt_def'
+$	stop/id=""
+$	exit
+$	endsubroutine
diff --git a/test/testenc b/test/testenc
index 42db56c2be..0656c7f525 100644
--- a/test/testenc
+++ b/test/testenc
@@ -2,7 +2,7 @@
 
 testsrc=Makefile.ssl
 test=./p
-cmd=../apps/ssleay
+cmd=../apps/openssl
 
 cat $testsrc >$test;
 
@@ -27,15 +27,7 @@ else
 	/bin/rm $test.cipher $test.clear
 fi
 
-for i in rc4 \
-	des-cfb des-ede-cfb des-ede3-cfb \
-	des-ofb des-ede-ofb des-ede3-ofb \
-	des-ecb des-ede des-ede3 desx \
-	des-cbc des-ede-cbc des-ede3-cbc \
-	idea-ecb idea-cfb idea-ofb idea-cbc \
-	rc2-ecb rc2-cfb rc2-ofb rc2-cbc \
-	bf-ecb bf-cfb bf-ofb bf-cbc rc4 \
-	cast5-ecb cast5-cfb cast5-ofb cast5-cbc
+for i in `$cmd list-cipher-commands`
 do
 	echo $i
 	$cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
diff --git a/test/testenc.com b/test/testenc.com
new file mode 100644
index 0000000000..c24fa388c0
--- /dev/null
+++ b/test/testenc.com
@@ -0,0 +1,62 @@
+$! TESTENC.COM  --  Test encoding and decoding
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	testsrc := makefile.ssl
+$	test := p.txt
+$	cmd := mcr 'exe_dir'openssl
+$
+$	if f$search(test) .nes. "" then delete 'test';*
+$	convert/fdl=sys$input: 'testsrc' 'test'
+RECORD
+	FORMAT STREAM_LF
+$
+$	if f$search(test+"-cipher") .nes. "" then delete 'test'-cipher;*
+$	if f$search(test+"-clear") .nes. "" then delete 'test'-clear;*
+$
+$	write sys$output "cat"
+$	'cmd' enc -in 'test' -out 'test'-cipher
+$	'cmd' enc -in 'test'-cipher -out 'test'-clear
+$	backup/compare 'test' 'test'-clear
+$	if $severity .ne. 1 then exit 3
+$	delete 'test'-cipher;*,'test'-clear;*
+$
+$	write sys$output "base64"
+$	'cmd' enc -a -e -in 'test' -out 'test'-cipher
+$	'cmd' enc -a -d -in 'test'-cipher -out 'test'-clear
+$	backup/compare 'test' 'test'-clear
+$	if $severity .ne. 1 then exit 3
+$	delete 'test'-cipher;*,'test'-clear;*
+$
+$	define/user sys$output 'test'-cipher-commands
+$	'cmd' list-cipher-commands
+$	open/read f 'test'-cipher-commands
+$ loop_cipher_commands:
+$	read/end=loop_cipher_commands_end f i
+$	write sys$output i
+$
+$	if f$search(test+"-"+i+"-cipher") .nes. "" then -
+		delete 'test'-'i'-cipher;*
+$	if f$search(test+"-"+i+"-clear") .nes. "" then -
+		delete 'test'-'i'-clear;*
+$
+$	'cmd' 'i' -bufsize 113 -e -k test -in 'test' -out 'test'-'i'-cipher
+$	'cmd' 'i' -bufsize 157 -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear
+$	backup/compare 'test' 'test'-'i'-clear
+$	if $severity .ne. 1 then exit 3
+$	delete 'test'-'i'-cipher;*,'test'-'i'-clear;*
+$
+$	write sys$output i," base64"
+$	'cmd' 'i' -bufsize 113 -a -e -k test -in 'test' -out 'test'-'i'-cipher
+$	'cmd' 'i' -bufsize 157 -a -d -k test -in 'test'-'i'-cipher -out 'test'-'i'-clear
+$	backup/compare 'test' 'test'-'i'-clear
+$	if $severity .ne. 1 then exit 3
+$	delete 'test'-'i'-cipher;*,'test'-'i'-clear;*
+$
+$	goto loop_cipher_commands
+$ loop_cipher_commands_end:
+$	close f
+$	delete 'test'-cipher-commands;*
+$	delete 'test';*
diff --git a/test/testgen b/test/testgen
index 12a4ca4cea..55c496f4bc 100644
--- a/test/testgen
+++ b/test/testgen
@@ -6,22 +6,34 @@ CA=../certs/testca.pem
 
 /bin/rm -f $T.1 $T.2 $T.key
 
-PATH=../apps:$PATH;
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH;
+else
+    PATH=../apps:$PATH;
+fi
 export PATH
 
 echo "generating certificate request"
 
-echo "There should be a 2 sequences of .'s and some +'s."
-echo "There should not be more that at most 80 per line"
+echo "string to make the random number generator think it has entropy" >> ./.rnd
+
+if ../apps/openssl no-rsa; then
+  req_new='-newkey dsa:../apps/dsa512.pem'
+else
+  req_new='-new'
+  echo "There should be a 2 sequences of .'s and some +'s."
+  echo "There should not be more that at most 80 per line"
+fi
+
 echo "This could take some time."
 
-../apps/ssleay req -config test.cnf -new -out testreq.pem
+../apps/openssl req -config test.cnf $req_new -out testreq.pem
 if [ $? != 0 ]; then
 echo problems creating request
 exit 1
 fi
 
-../apps/ssleay req -verify -in testreq.pem -noout
+../apps/openssl req -config test.cnf -verify -in testreq.pem -noout
 if [ $? != 0 ]; then
 echo signature on req is wrong
 exit 1
diff --git a/test/testgen.com b/test/testgen.com
new file mode 100644
index 0000000000..5d28ebec72
--- /dev/null
+++ b/test/testgen.com
@@ -0,0 +1,52 @@
+$! TETSGEN.COM
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	T := testcert
+$	KEY = 512
+$	CA := [-.certs]testca.pem
+$
+$	set noon
+$	if f$search(T+".1;*") .nes. "" then delete 'T'.1;*
+$	if f$search(T+".2;*") .nes. "" then delete 'T'.2;*
+$	if f$search(T+".key;*") .nes. "" then delete 'T'.key;*
+$	set on
+$
+$	write sys$output "generating certificate request"
+$
+$	append/new nl: .rnd
+$	open/append random_file .rnd
+$	write random_file "string to make the random number generator think it has entropy"
+$	close random_file
+$
+$	set noon
+$	define/user sys$output nla0:
+$	mcr 'exe_dir'openssl no-rsa
+$	save_severity=$SEVERITY
+$	set on
+$	if save_severity
+$	then
+$	    req_new="-newkey dsa:[-.apps]dsa512.pem"
+$	else
+$	    req_new="-new"
+$	    write sys$output "There should be a 2 sequences of .'s and some +'s."
+$	    write sys$output "There should not be more that at most 80 per line"
+$	endif
+$
+$	write sys$output "This could take some time."
+$
+$	mcr 'exe_dir'openssl req -config test.cnf 'req_new' -out testreq.pem
+$	if $severity .ne. 1
+$	then
+$	    write sys$output "problems creating request"
+$	    exit 3
+$	endif
+$
+$	mcr 'exe_dir'openssl req -config test.cnf -verify -in testreq.pem -noout
+$	if $severity .ne. 1
+$	then
+$	    write sys$output "signature on req is wrong"
+$	    exit 3
+$	endif
diff --git a/test/testkey.pem b/test/testkey.pem
deleted file mode 100644
index 33b8f08ae9..0000000000
--- a/test/testkey.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIBOwIBAAJBANRkqBhIy4l2LDZohAgbgsO+b0dtSfInKPpaA+SnD3x1UpOPSOjc
-Xqf97dqdjO9Kk6I+RO6/DbT3KyXMmzjRJ/sCAwEAAQJBAMfjC0f/in6OFsIFzuyK
-Z6Cs4rGIK2WYcTpb6PoSN8LaN0khhkn8PAua72FnTiRwLEyoBqwl+g/jNy8Dio8K
-47ECIQD8401+qBwqoIpSPX7lHwa0kO9wqFG6MVMF0jdhIWOgHQIhANcBx4yghPDl
-7WgtodDlqgwn+iKUUpZW2d3YF3MCoJz3AiAUZqXuzNMQ4UinX8yn4TviPzsBxKJr
-OeVvt8i97jqiRQIhANZRaMdN7pZuq0KwUd94PxQU+WpkrRo9Arj3QRCcqtsrAiAf
-ppDnmxlAEwjl8GOerlaKXUICnF7v3SjELP9tH9cQtA==
------END RSA PRIVATE KEY-----
diff --git a/test/testp7.pem b/test/testp7.pem
index b3b6dba830..e5b7866c31 100644
--- a/test/testp7.pem
+++ b/test/testp7.pem
@@ -1,46 +1,46 @@
 -----BEGIN PKCS7-----
-MIAGCSqGSIb3DQEHAqCAMIIIBwIBATEAMIAGCSqGSIb3DQEHAQAAoIIGPDCCBHIw
-ggQcoAMCAQICEHkvjiX1iVGQMenF9HgIjI8wDQYJKoZIhvcNAQEEBQAwYjERMA8G
-A1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQL
-EytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMB4X
-DTk2MDcxOTAwMDAwMFoXDTk3MDMzMDIzNTk1OVowgdUxETAPBgNVBAcTCEludGVy
-bmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24g
-Q2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjEoMCYGA1UECxMfRGln
-aXRhbCBJRCBDbGFzcyAxIC0gU01JTUUgVGVzdDFHMEUGA1UECxM+d3d3LnZlcmlz
-aWduLmNvbS9yZXBvc2l0b3J5L0NQUy0xLjAgSW5jLiBieSBSZWYuLExJQUIuTFRE
-KGMpOTYwWzANBgkqhkiG9w0BAQEFAANKADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDO
-Rl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMB
-AAGjggI5MIICNTAJBgNVHRMEAjAAMIICJgYDVR0DBIICHTCCAhkwggIVMIICEQYL
-YIZIAYb4RQEHAQEwggIAFoIBq1RoaXMgY2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVz
-IGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0
-bywgdGhlIFZlcmlTaWduIENlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50
-IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9D
-UFMtMS4wOyBieSBFLW1haWwgYXQgQ1BTLXJlcXVlc3RzQHZlcmlzaWduLmNvbTsg
-b3IgYnkgbWFpbCBhdCBWZXJpU2lnbiwgSW5jLiwgMjU5MyBDb2FzdCBBdmUuLCBN
-b3VudGFpbiBWaWV3LCBDQSA5NDA0MyBVU0EgVGVsLiArMSAoNDE1KSA5NjEtODgz
-MCBDb3B5cmlnaHQgKGMpIDE5OTYgVmVyaVNpZ24sIEluYy4gIEFsbCBSaWdodHMg
-UmVzZXJ2ZWQuIENFUlRBSU4gV0FSUkFOVElFUyBESVNDTEFJTUVEIGFuZCBMSUFC
-SUxJVFkgTElNSVRFRC6gDgYMYIZIAYb4RQEHAQEBoQ4GDGCGSAGG+EUBBwEBAjAv
-MC0WK2h0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUy0xLgMw
-DQYJKoZIhvcNAQEEBQADQQDAmA7km/3iJWEsWN9Z2WU2gmZAknx45WnDKHxMa3Bf
-gNsh6BLk/ngkJKjNKTDR13XVHqEPUY1flbjATZputw1GMIIBwjCCAWygAwIBAgIQ
-fAmE6tW5ERSQWDneu3KfSTANBgkqhkiG9w0BAQIFADA+MQswCQYDVQQGEwJVUzEX
-MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xFjAUBgNVBAsTDVRFU1QgUm9vdCBQQ0Ew
-HhcNOTYwNzE3MDAwMDAwWhcNOTcwNzE3MjM1OTU5WjBiMREwDwYDVQQHEwhJbnRl
-cm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWdu
-IENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwXDANBgkqhkiG9w0B
-AQEFAANLADBIAkEA7Fc6zYJw4WwCWa1ni3fYNbzGSQNluuw990024GusjLfhEk1h
-MsIUukTT/n8yxoO7rYp4x+LS+tHF2tBtuxg7CwIDAQABoyIwIDALBgNVHQ8EBAMC
-AQYwEQYJYIZIAYb4QgEBBAQDAgIEMA0GCSqGSIb3DQEBAgUAA0EAFKem0cJGg9nd
-TAbP5o1HIEyNn11ZlvLU5v1Hejs1MKQt72IMm4jjgOH+pjguXW8lB6yzrK4oVOO2
-UNCaNQ1H26GCAa0wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UEBxMISW50
+MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE
+cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw
+DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV
+BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw
+HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50
 ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln
-biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3MTcxNzU5
-MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsWsQmste9f
-+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9XfZsaiiI
-gotQHjCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVTMRcwFQYDVQQK
-Ew5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBDQRcNOTYwNzE3
-MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANBAHitA0/xAukC
-jHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMlExONA3ju10f7
-owIq3s3wx10xAAAAAAA=
+biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E
+aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy
+aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M
+VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq
+UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC
+AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR
+BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0
+ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0
+IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l
+bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
+L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t
+OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s
+IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04
+ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0
+cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ
+QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC
+MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu
+AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr
+cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC
+AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
+QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu
+dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp
+Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3
+DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES
+TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE
+AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD
+2d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU
+47ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
+MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
+QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB
+AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl
+ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE
+BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW
+ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3
+MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW
+sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9
+XfZsaiiIgotQHjEA
 -----END PKCS7-----
diff --git a/test/testreq.pem b/test/testreq.pem
deleted file mode 100644
index d2a9421f48..0000000000
--- a/test/testreq.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIIBQjCB7QIBADCBhzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClF1ZWVuc2xhbmQx
-ETAPBgNVBAcTCEJyaXNiYW5lMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDET
-MBEGA1UEAxMKRXJpYyBZb3VuZzEfMB0GCSqGSIb3DQEJARYQZWF5QG1pbmNvbS5v
-ei5hdTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDUZKgYSMuJdiw2aIQIG4LDvm9H
-bUnyJyj6WgPkpw98dVKTj0jo3F6n/e3anYzvSpOiPkTuvw209yslzJs40Sf7AgMB
-AAGgADANBgkqhkiG9w0BAQQFAANBAES6okHo15lRtghclOyzSQ7pTUva8h5nxiKu
-62HR6t9kAIU1apoOdM/Rn1e6dF3+aZjpxY0uIdNg+q2VSyeBdsM=
------END CERTIFICATE REQUEST-----
diff --git a/test/tests.com b/test/tests.com
new file mode 100644
index 0000000000..056082e7fe
--- /dev/null
+++ b/test/tests.com
@@ -0,0 +1,257 @@
+$! TESTS.COM  --  Performs the necessary tests
+$!
+$! P1	tests to be performed.  Empty means all.
+$
+$	__proc = f$element(0,";",f$environment("procedure"))
+$	__here = f$parse(f$parse("A.;",__proc) - "A.;","[]A.;") - "A.;"
+$	__save_default = f$environment("default")
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	texe_dir := sys$disk:[-.'__arch'.exe.test]
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	set default '__here'
+$	on control_y then goto exit
+$	on error then goto exit
+$
+$	if p1 .nes. ""
+$	then
+$	    tests = p1
+$	else
+$	    tests := -
+	test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,-
+	test_md2,test_mdc2,-
+	test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_rd,-
+	test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,-
+	test_enc,test_x509,test_rsa,test_crl,test_sid,-
+	test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,-
+	test_ss,test_ca,test_engine,test_evp,test_ssl
+$	endif
+$	tests = f$edit(tests,"COLLAPSE")
+$
+$	BNTEST :=	bntest
+$	ECTEST :=	ectest
+$	ECDSATEST :=	ecdsatest
+$	ECDHTEST :=	ecdhtest
+$	EXPTEST :=	exptest
+$	IDEATEST :=	ideatest
+$	SHATEST :=	shatest
+$	SHA1TEST :=	sha1test
+$	MDC2TEST :=	mdc2test
+$	RMDTEST :=	rmdtest
+$	MD2TEST :=	md2test
+$	MD4TEST :=	md4test
+$	MD5TEST :=	md5test
+$	HMACTEST :=	hmactest
+$	RC2TEST :=	rc2test
+$	RC4TEST :=	rc4test
+$	RC5TEST :=	rc5test
+$	BFTEST :=	bftest
+$	CASTTEST :=	casttest
+$	DESTEST :=	destest
+$	RANDTEST :=	randtest
+$	DHTEST :=	dhtest
+$	DSATEST :=	dsatest
+$	METHTEST :=	methtest
+$	SSLTEST :=	ssltest
+$	RSATEST :=	rsa_test
+$	ENGINETEST :=	enginetest
+$	EVPTEST :=	evp_test
+$
+$	tests_i = 0
+$ loop_tests:
+$	tests_e = f$element(tests_i,",",tests)
+$	tests_i = tests_i + 1
+$	if tests_e .eqs. "," then goto exit
+$	gosub 'tests_e'
+$	goto loop_tests
+$
+$ test_evp:
+$	mcr 'texe_dir''evptest' evptests.txt
+$	return
+$ test_des:
+$	mcr 'texe_dir''destest'
+$	return
+$ test_idea:
+$	mcr 'texe_dir''ideatest'
+$	return
+$ test_sha:
+$	mcr 'texe_dir''shatest'
+$	mcr 'texe_dir''sha1test'
+$	return
+$ test_mdc2:
+$	mcr 'texe_dir''mdc2test'
+$	return
+$ test_md5:
+$	mcr 'texe_dir''md5test'
+$	return
+$ test_md4:
+$	mcr 'texe_dir''md4test'
+$	return
+$ test_hmac:
+$	mcr 'texe_dir''hmactest'
+$	return
+$ test_md2:
+$	mcr 'texe_dir''md2test'
+$	return
+$ test_rmd:
+$	mcr 'texe_dir''rmdtest'
+$	return
+$ test_bf:
+$	mcr 'texe_dir''bftest'
+$	return
+$ test_cast:
+$	mcr 'texe_dir''casttest'
+$	return
+$ test_rc2:
+$	mcr 'texe_dir''rc2test'
+$	return
+$ test_rc4:
+$	mcr 'texe_dir''rc4test'
+$	return
+$ test_rc5:
+$	mcr 'texe_dir''rc5test'
+$	return
+$ test_rand:
+$	mcr 'texe_dir''randtest'
+$	return
+$ test_enc:
+$	@testenc.com
+$	return
+$ test_x509:
+$	define sys$error nla0:
+$	write sys$output "test normal x509v1 certificate"
+$	@tx509.com
+$	write sys$output "test first x509v3 certificate"
+$	@tx509.com v3-cert1.pem
+$	write sys$output "test second x509v3 certificate"
+$	@tx509.com v3-cert2.pem
+$	deassign sys$error
+$	return
+$ test_rsa:
+$	define sys$error nla0:
+$	@trsa.com
+$	deassign sys$error
+$	mcr 'texe_dir''rsatest'
+$	return
+$ test_crl:
+$	define sys$error nla0:
+$	@tcrl.com
+$	deassign sys$error
+$	return
+$ test_sid:
+$	define sys$error nla0:
+$	@tsid.com
+$	deassign sys$error
+$	return
+$ test_req:
+$	define sys$error nla0:
+$	@treq.com
+$	@treq.com testreq2.pem
+$	deassign sys$error
+$	return
+$ test_pkcs7:
+$	define sys$error nla0:
+$	@tpkcs7.com
+$	@tpkcs7d.com
+$	deassign sys$error
+$	return
+$ test_bn:
+$	write sys$output "starting big number library test, could take a while..."
+$	create bntest-vms.fdl
+FILE
+	ORGANIZATION	sequential
+RECORD
+	FORMAT		stream_lf
+$	create/fdl=bntest-vms.fdl bntest-vms.sh
+$	open/append foo bntest-vms.sh
+$	type/output=foo: sys$input:
+<< __FOO__ sh -c "`sh ./bctest`" | perl -e '$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $1";} elsif (!/^0$/) {die "\nFailed! bc: $_";} else {print STDERR "."; $i++;}} print STDERR "\n$i tests passed\n"'
+$	define/user sys$output bntest-vms.tmp
+$	mcr 'texe_dir''bntest'
+$	copy bntest-vms.tmp foo:
+$	delete bntest-vms.tmp;*
+$	type/output=foo: sys$input:
+__FOO__
+$	close foo
+$	write sys$output "-- copy the [.test]bntest-vms.sh and [.test]bctest files to a Unix system and"
+$	write sys$output "-- run bntest-vms.sh through sh or bash to verify that the bignum operations"
+$	write sys$output "-- went well."
+$	write sys$output ""
+$	write sys$output "test a^b%c implementations"
+$	mcr 'texe_dir''exptest'
+$	return
+$ test_ec:
+$	write sys$output "test elliptic curves"
+$	mcr 'texe_dir''ectest'
+$	return
+$ test_ecdsa:
+$	write sys$output "test ecdsa"
+$	mcr 'texe_dir''ecdsatest'
+$	return
+$ test_ecdh:
+$	write sys$output "test ecdh"
+$	mcr 'texe_dir''ecdhtest'
+$	return
+$ test_verify:
+$	write sys$output "The following command should have some OK's and some failures"
+$	write sys$output "There are definitly a few expired certificates"
+$	@tverify.com
+$	return
+$ test_dh:
+$	write sys$output "Generate a set of DH parameters"
+$	mcr 'texe_dir''dhtest'
+$	return
+$ test_dsa:
+$	write sys$output "Generate a set of DSA parameters"
+$	mcr 'texe_dir''dsatest'
+$	return
+$ test_gen:
+$	write sys$output "Generate and verify a certificate request"
+$	@testgen.com
+$	return
+$ maybe_test_ss:
+$	testss_RDT = f$cvtime(f$file_attributes("testss.com","RDT"))
+$	if f$cvtime(f$file_attributes("keyU.ss","RDT")) .les. testss_RDT then -
+		goto test_ss
+$	if f$cvtime(f$file_attributes("certU.ss","RDT")) .les. testss_RDT then -
+		goto test_ss
+$	if f$cvtime(f$file_attributes("certCA.ss","RDT")) .les. testss_RDT then -
+		goto test_ss
+$	return
+$ test_ss:
+$	write sys$output "Generate and certify a test certificate"
+$	@testss.com
+$	return
+$ test_engine: 
+$	write sys$output "Manipulate the ENGINE structures"
+$	mcr 'texe_dir''enginetest'
+$	return
+$ test_ssl:
+$	write sys$output "test SSL protocol"
+$	gosub maybe_test_ss
+$	@testssl.com keyU.ss certU.ss certCA.ss
+$	return
+$ test_ca:
+$	set noon
+$	define/user sys$output nla0:
+$	mcr 'exe_dir'openssl no-rsa
+$	save_severity=$SEVERITY
+$	set on
+$	if save_severity
+$	then
+$	    write sys$output "skipping CA.com test -- requires RSA"
+$	else
+$	    write sys$output "Generate and certify a test certificate via the 'ca' program"
+$	    @testca.com
+$	endif
+$	return
+$ test_rd: 
+$	write sys$output "test Rijndael"
+$	!mcr 'texe_dir''rdtest'
+$	return
+$
+$
+$ exit:
+$	set default '__save_default'
+$	exit
diff --git a/test/testsid.pem b/test/testsid.pem
index cd8617be2e..7ffd008f66 100644
--- a/test/testsid.pem
+++ b/test/testsid.pem
@@ -1,5 +1,5 @@
 -----BEGIN SSL SESSION PARAMETERS-----
-MIIBxwIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV
+MIIB1gIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV
 bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw
 ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz
 YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG
@@ -8,5 +8,5 @@ LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G
 CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD
 TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI
 hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L
-CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTv
+CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTvpA0EC3Rlc3Rjb250ZXh0
 -----END SSL SESSION PARAMETERS-----
diff --git a/test/testss b/test/testss
index a5aecf4694..8d3557f356 100644
--- a/test/testss
+++ b/test/testss
@@ -1,9 +1,10 @@
 #!/bin/sh
 
-digest='-mdc2'
-reqcmd="../apps/ssleay req"
-x509cmd="../apps/ssleay x509 $digest"
-verifycmd="../apps/ssleay verify"
+digest='-md5'
+reqcmd="../apps/openssl req"
+x509cmd="../apps/openssl x509 $digest"
+verifycmd="../apps/openssl verify"
+dummycnf="../apps/openssl.cnf"
 
 CAkey="keyCA.ss"
 CAcert="certCA.ss"
@@ -18,7 +19,16 @@ Ucert="certU.ss"
 
 echo
 echo "make a certificate request using 'req'"
-$reqcmd -config $CAconf -out $CAreq -keyout $CAkey -new #>err.ss
+
+echo "string to make the random number generator think it has entropy" >> ./.rnd
+
+if ../apps/openssl no-rsa; then
+  req_new='-newkey dsa:../apps/dsa512.pem'
+else
+  req_new='-new'
+fi
+
+$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss
 if [ $? != 0 ]; then
 	echo "error using 'req' to generate a certificate request"
 	exit 1
@@ -39,13 +49,13 @@ if [ $? != 0 ]; then
 	exit 1
 fi
 
-$reqcmd -verify -in $CAreq -noout
+$reqcmd -config $dummycnf -verify -in $CAreq -noout
 if [ $? != 0 ]; then
 	echo first generated request is invalid
 	exit 1
 fi
 
-$reqcmd -verify -in $CAreq2 -noout
+$reqcmd -config $dummycnf -verify -in $CAreq2 -noout
 if [ $? != 0 ]; then
 	echo second generated request is invalid
 	exit 1
@@ -59,7 +69,7 @@ fi
 
 echo
 echo "make another certificate request using 'req'"
-$reqcmd -config $Uconf -out $Ureq -keyout $Ukey -new >err.ss
+$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss
 if [ $? != 0 ]; then
 	echo "error using 'req' to generate a certificate request"
 	exit 1
diff --git a/test/testss.com b/test/testss.com
new file mode 100644
index 0000000000..685ae5043d
--- /dev/null
+++ b/test/testss.com
@@ -0,0 +1,118 @@
+$! TESTSS.COM
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	digest="-md5"
+$	reqcmd := mcr 'exe_dir'openssl req
+$	x509cmd := mcr 'exe_dir'openssl x509 'digest'
+$	verifycmd := mcr 'exe_dir'openssl verify
+$	dummycnf := sys$disk:[-.apps]openssl-vms.cnf
+$
+$	CAkey="""keyCA.ss"""
+$	CAcert="""certCA.ss"""
+$	CAreq="""reqCA.ss"""
+$	CAconf="""CAss.cnf"""
+$	CAreq2="""req2CA.ss"""	! temp
+$
+$	Uconf="""Uss.cnf"""
+$	Ukey="""keyU.ss"""
+$	Ureq="""reqU.ss"""
+$	Ucert="""certU.ss"""
+$
+$	write sys$output ""
+$	write sys$output "make a certificate request using 'req'"
+$
+$	set noon
+$	define/user sys$output nla0:
+$	mcr 'exe_dir'openssl no-rsa
+$	save_severity=$SEVERITY
+$	set on
+$	if save_severity
+$	then
+$	    req_new="-newkey dsa:[-.apps]dsa512.pem"
+$	else
+$	    req_new="-new"
+$	endif
+$
+$	'reqcmd' -config 'CAconf' -out 'CAreq' -keyout 'CAkey' 'req_new' ! -out err.ss
+$	if $severity .ne. 1
+$	then
+$		write sys$output "error using 'req' to generate a certificate request"
+$		exit 3
+$	endif
+$	write sys$output ""
+$	write sys$output "convert the certificate request into a self signed certificate using 'x509'"
+$	define /user sys$output err.ss
+$	'x509cmd' "-CAcreateserial" -in 'CAreq' -days 30 -req -out 'CAcert' -signkey 'CAkey'
+$	if $severity .ne. 1
+$	then
+$		write sys$output "error using 'x509' to self sign a certificate request"
+$		exit 3
+$	endif
+$
+$	write sys$output ""
+$	write sys$output "convert a certificate into a certificate request using 'x509'"
+$	define /user sys$output err.ss
+$	'x509cmd' -in 'CAcert' -x509toreq -signkey 'CAkey' -out 'CAreq2'
+$	if $severity .ne. 1
+$	then
+$		write sys$output "error using 'x509' convert a certificate to a certificate request"
+$		exit 3
+$	endif
+$
+$	'reqcmd' -config 'dummycnf' -verify -in 'CAreq' -noout
+$	if $severity .ne. 1
+$	then
+$		write sys$output "first generated request is invalid"
+$		exit 3
+$	endif
+$
+$	'reqcmd' -config 'dummycnf' -verify -in 'CAreq2' -noout
+$	if $severity .ne. 1
+$	then
+$		write sys$output "second generated request is invalid"
+$		exit 3
+$	endif
+$
+$	'verifycmd' "-CAfile" 'CAcert' 'CAcert'
+$	if $severity .ne. 1
+$	then
+$		write sys$output "first generated cert is invalid"
+$		exit 3
+$	endif
+$
+$	write sys$output ""
+$	write sys$output "make another certificate request using 'req'"
+$	define /user sys$output err.ss
+$	'reqcmd' -config 'Uconf' -out 'Ureq' -keyout 'Ukey' 'req_new'
+$	if $severity .ne. 1
+$	then
+$		write sys$output "error using 'req' to generate a certificate request"
+$		exit 3
+$	endif
+$
+$	write sys$output ""
+$	write sys$output "sign certificate request with the just created CA via 'x509'"
+$	define /user sys$output err.ss
+$	'x509cmd' "-CAcreateserial" -in 'Ureq' -days 30 -req -out 'Ucert' "-CA" 'CAcert' "-CAkey" 'CAkey'
+$	if $severity .ne. 1
+$	then
+$		write sys$output "error using 'x509' to sign a certificate request"
+$		exit 3
+$	endif
+$
+$	'verifycmd' "-CAfile" 'CAcert' 'Ucert'
+$	write sys$output ""
+$	write sys$output "Certificate details"
+$	'x509cmd' -subject -issuer -startdate -enddate -noout -in 'Ucert'
+$
+$	write sys$output ""
+$	write sys$output "The generated CA certificate is ",CAcert
+$	write sys$output "The generated CA private key is ",CAkey
+$
+$	write sys$output "The generated user certificate is ",Ucert
+$	write sys$output "The generated user private key is ",Ukey
+$
+$	if f$search("err.ss;*") .nes. "" then delete err.ss;*
diff --git a/test/testssl b/test/testssl
index f115adb8e1..ba5e41c861 100644
--- a/test/testssl
+++ b/test/testssl
@@ -1,40 +1,137 @@
 #!/bin/sh
 
+if [ "$1" = "" ]; then
+  key=../apps/server.pem
+else
+  key="$1"
+fi
+if [ "$2" = "" ]; then
+  cert=../apps/server.pem
+else
+  cert="$2"
+fi
+ssltest="./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
+
+if ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
+  dsa_cert=YES
+else
+  dsa_cert=NO
+fi
+
+if [ "$3" = "" ]; then
+  CA="-CApath ../certs"
+else
+  CA="-CAfile $3"
+fi
+
+if [ "$4" = "" ]; then
+  extra=""
+else
+  extra="$4"
+fi
+
+#############################################################################
+
 echo test sslv2
-./ssltest -ssl2 || exit 1
+$ssltest -ssl2 $extra || exit 1
 
 echo test sslv2 with server authentication
-./ssltest -ssl2 -server_auth -CApath ../certs || exit 1
+$ssltest -ssl2 -server_auth $CA $extra || exit 1
 
-echo test sslv2 with client authentication
-./ssltest -ssl2 -client_auth -CApath ../certs || exit 1
+if [ $dsa_cert = NO ]; then
+  echo test sslv2 with client authentication
+  $ssltest -ssl2 -client_auth $CA $extra || exit 1
 
-echo test sslv2 with both client and server authentication
-./ssltest -ssl2 -server_auth -client_auth -CApath ../certs || exit 1
+  echo test sslv2 with both client and server authentication
+  $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
+fi
 
 echo test sslv3
-./ssltest -ssl3 || exit 1
+$ssltest -ssl3 $extra || exit 1
 
 echo test sslv3 with server authentication
-./ssltest -ssl3 -server_auth -CApath ../certs || exit 1
+$ssltest -ssl3 -server_auth $CA $extra || exit 1
 
 echo test sslv3 with client authentication
-./ssltest -ssl3 -client_auth -CApath ../certs || exit 1
+$ssltest -ssl3 -client_auth $CA $extra || exit 1
 
 echo test sslv3 with both client and server authentication
-./ssltest -ssl3 -server_auth -client_auth -CApath ../certs || exit 1
+$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
 
 echo test sslv2/sslv3
-./ssltest || exit 1
+$ssltest $extra || exit 1
 
 echo test sslv2/sslv3 with server authentication
-./ssltest -server_auth -CApath ../certs || exit 1
+$ssltest -server_auth $CA $extra || exit 1
 
 echo test sslv2/sslv3 with client authentication
-./ssltest -client_auth -CApath ../certs || exit 1
+$ssltest -client_auth $CA $extra || exit 1
 
 echo test sslv2/sslv3 with both client and server authentication
-./ssltest -server_auth -client_auth -CApath ../certs || exit 1
+$ssltest -server_auth -client_auth $CA $extra || exit 1
 
-exit 0
+echo test sslv2 via BIO pair
+$ssltest -bio_pair -ssl2 $extra || exit 1
+
+echo test sslv2 with server authentication via BIO pair
+$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
+
+if [ $dsa_cert = NO ]; then
+  echo test sslv2 with client authentication via BIO pair
+  $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
+
+  echo test sslv2 with both client and server authentication via BIO pair
+  $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
+fi
+
+echo test sslv3 via BIO pair
+$ssltest -bio_pair -ssl3 $extra || exit 1
+
+echo test sslv3 with server authentication via BIO pair
+$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
+
+echo test sslv3 with client authentication via BIO pair
+$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
+
+echo test sslv3 with both client and server authentication via BIO pair
+$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
 
+echo test sslv2/sslv3 via BIO pair
+$ssltest $extra || exit 1
+
+if [ $dsa_cert = NO ]; then
+  echo test sslv2/sslv3 w/o DHE via BIO pair
+  $ssltest -bio_pair -no_dhe $extra || exit 1
+fi
+
+echo test sslv2/sslv3 with 1024bit DHE via BIO pair
+$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
+
+echo test sslv2/sslv3 with server authentication
+$ssltest -bio_pair -server_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with client authentication via BIO pair
+$ssltest -bio_pair -client_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with both client and server authentication via BIO pair
+$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
+
+echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
+$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
+
+#############################################################################
+
+echo test tls1 with 1024bit anonymous DH, multiple handshakes
+$ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
+
+if ../apps/openssl no-rsa; then
+  echo skipping RSA tests
+else
+  echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
+  ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
+
+  echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
+  ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
+fi
+
+exit 0
diff --git a/test/testssl.com b/test/testssl.com
new file mode 100644
index 0000000000..785f262f5a
--- /dev/null
+++ b/test/testssl.com
@@ -0,0 +1,190 @@
+$! TESTSSL.COM
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	texe_dir := sys$disk:[-.'__arch'.exe.test]
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	if p1 .eqs. ""
+$	then
+$	    key="[-.apps]server.pem"
+$	else
+$	    key=p1
+$	endif
+$	if p2 .eqs. ""
+$	then
+$	    cert="[-.apps]server.pem"
+$	else
+$	    cert=p2
+$	endif
+$	ssltest := mcr 'texe_dir'ssltest -key 'key' -cert 'cert' -c_key 'key' -c_cert 'cert'
+$
+$	define/user sys$output testssl-x509-output.
+$	define/user sys$error nla0:
+$	mcr 'exe_dir'openssl x509 -in 'cert' -text -noout
+$	set noon
+$	define/user sys$error nla0:
+$	search/output=nla0: testssl-x509-output. "DSA Public Key"/exact
+$	if $severity .eq. 1
+$	then
+$	    dsa_cert := YES
+$	else
+$	    dsa_cert := NO
+$	endif
+$	set on
+$	delete testssl-x509-output.;*
+$
+$	if p3 .eqs. ""
+$	then
+$	    copy/concatenate [-.certs]*.pem certs.tmp
+$	    CA = """-CAfile"" certs.tmp"
+$	else
+$	    CA = """-CAfile"" "+p3
+$	endif
+$
+$!###########################################################################
+$
+$	write sys$output "test sslv2"
+$	'ssltest' -ssl2
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2 with server authentication"
+$	'ssltest' -ssl2 -server_auth 'CA'
+$	if $severity .ne. 1 then goto exit3
+$
+$	if .not. dsa_cert
+$	then
+$	    write sys$output "test sslv2 with client authentication"
+$	    'ssltest' -ssl2 -client_auth 'CA'
+$	    if $severity .ne. 1 then goto exit3
+$
+$	    write sys$output "test sslv2 with both client and server authentication"
+$	    'ssltest' -ssl2 -server_auth -client_auth 'CA'
+$	    if $severity .ne. 1 then goto exit3
+$	endif
+$
+$	write sys$output "test sslv3"
+$	'ssltest' -ssl3
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv3 with server authentication"
+$	'ssltest' -ssl3 -server_auth 'CA'
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv3 with client authentication"
+$	'ssltest' -ssl3 -client_auth 'CA'
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv3 with both client and server authentication"
+$	'ssltest' -ssl3 -server_auth -client_auth 'CA'
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2/sslv3"
+$	'ssltest'
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2/sslv3 with server authentication"
+$	'ssltest' -server_auth 'CA'
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2/sslv3 with client authentication"
+$	'ssltest' -client_auth 'CA'
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2/sslv3 with both client and server authentication"
+$	'ssltest' -server_auth -client_auth 'CA'
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2 via BIO pair"
+$	'ssltest' -bio_pair -ssl2 
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2 with server authentication via BIO pair"
+$	'ssltest' -bio_pair -ssl2 -server_auth 'CA' 
+$	if $severity .ne. 1 then goto exit3
+$
+$	if .not. dsa_cert
+$	then
+$	    write sys$output "test sslv2 with client authentication via BIO pair"
+$	    'ssltest' -bio_pair -ssl2 -client_auth 'CA' 
+$	    if $severity .ne. 1 then goto exit3
+$
+$	    write sys$output "test sslv2 with both client and server authentication via BIO pair"
+$	    'ssltest' -bio_pair -ssl2 -server_auth -client_auth 'CA' 
+$	    if $severity .ne. 1 then goto exit3
+$	endif
+$
+$	write sys$output "test sslv3 via BIO pair"
+$	'ssltest' -bio_pair -ssl3 
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv3 with server authentication via BIO pair"
+$	'ssltest' -bio_pair -ssl3 -server_auth 'CA' 
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv3 with client authentication via BIO pair"
+$	'ssltest' -bio_pair -ssl3 -client_auth 'CA' 
+$	if $severity .ne. 1 then goto exit3
+ 
+$	write sys$output "test sslv3 with both client and server authentication via BIO pair"
+$	'ssltest' -bio_pair -ssl3 -server_auth -client_auth 'CA' 
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2/sslv3 via BIO pair"
+$	'ssltest' 
+$	if $severity .ne. 1 then goto exit3
+$
+$	if .not. dsa_cert
+$	then
+$	    write sys$output "test sslv2/sslv3 w/o DHE via BIO pair"
+$	    'ssltest' -bio_pair -no_dhe
+$	    if $severity .ne. 1 then goto exit3
+$	endif
+$
+$	write sys$output "test sslv2/sslv3 with 1024 bit DHE via BIO pair"
+$	'ssltest' -bio_pair -dhe1024dsa -v
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2/sslv3 with server authentication"
+$	'ssltest' -bio_pair -server_auth 'CA' 
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2/sslv3 with client authentication via BIO pair"
+$	'ssltest' -bio_pair -client_auth 'CA' 
+$	if $severity .ne. 1 then goto exit3
+$
+$	write sys$output "test sslv2/sslv3 with both client and server authentication via BIO pair"
+$	'ssltest' -bio_pair -server_auth -client_auth 'CA' 
+$	if $severity .ne. 1 then goto exit3
+$
+$!###########################################################################
+$
+$	write sys$output "test tls1 with 1024bit anonymous DH, multiple handshakes"
+$	'ssltest' -v -bio_pair -tls1 -cipher "ADH" -dhe1024dsa -num 10 -f -time
+$	if $severity .ne. 1 then goto exit3
+$
+$	set noon
+$	define/user sys$output nla0:
+$	mcr 'exe_dir'openssl no-rsa
+$	save_severity=$SEVERITY
+$	set on
+$	if save_severity
+$	then
+$	    write sys$output "skipping RSA tests"
+$	else
+$	    write sys$output "test tls1 with 1024bit RSA, no DHE, multiple handshakes"
+$	    mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -no_dhe -num 10 -f -time
+$	    if $severity .ne. 1 then goto exit3
+$
+$	    write sys$output "test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes"
+$	    mcr 'texe_dir'ssltest -v -bio_pair -tls1 -cert [-.apps]server2.pem -dhe1024dsa -num 10 -f -time
+$	    if $severity .ne. 1 then goto exit3
+$	endif
+$
+$	RET = 1
+$	goto exit
+$ exit3:
+$	RET = 3
+$ exit:
+$	if p3 .eqs. "" then delete certs.tmp;*
+$	exit 'RET'
diff --git a/test/tpkcs7 b/test/tpkcs7
index ea1f005dac..cf3bd9fadb 100644
--- a/test/tpkcs7
+++ b/test/tpkcs7
@@ -1,9 +1,13 @@
 #!/bin/sh
 
-PATH=../apps:$PATH
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
 export PATH
 
-cmd='../apps/ssleay pkcs7'
+cmd='../apps/openssl pkcs7'
 
 if [ "$1"x != "x" ]; then
 	t=$1
diff --git a/test/tpkcs7.com b/test/tpkcs7.com
new file mode 100644
index 0000000000..047834fba4
--- /dev/null
+++ b/test/tpkcs7.com
@@ -0,0 +1,54 @@
+$! TPKCS7.COM  --  Tests pkcs7 keys
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	cmd := mcr 'exe_dir'openssl pkcs7
+$
+$	t := testp7.pem
+$	if p1 .nes. "" then t = p1
+$
+$	write sys$output "testing PKCS7 conversions"
+$	if f$search("fff.*") .nes "" then delete fff.*;*
+$	if f$search("ff.*") .nes "" then delete ff.*;*
+$	if f$search("f.*") .nes "" then delete f.*;*
+$	convert/fdl=sys$input: 't' fff.p
+RECORD
+	FORMAT STREAM_LF
+$
+$	write sys$output "p -> d"
+$	'cmd' -in fff.p -inform p -outform d -out f.d
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in fff.p -inform p -outform p -out f.p
+$	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> d"
+$	'cmd' -in f.d -inform d -outform d -out ff.d1
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> d"
+$	'cmd' -in f.p -inform p -outform d -out ff.d3
+$	if $severity .ne. 1 then exit 3
+$
+$
+$	write sys$output "d -> p"
+$	'cmd' -in f.d -inform d -outform p -out ff.p1
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in f.p -inform p -outform p -out ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	backup/compare fff.p f.p
+$	if $severity .ne. 1 then exit 3
+$	backup/compare fff.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$	backup/compare fff.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	backup/compare f.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$	backup/compare f.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	delete f.*;*,ff.*;*,fff.*;*
diff --git a/test/tpkcs7d b/test/tpkcs7d
index c8f18fb09c..18f9311b06 100644
--- a/test/tpkcs7d
+++ b/test/tpkcs7d
@@ -1,9 +1,13 @@
 #!/bin/sh
 
-PATH=../apps:$PATH
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
 export PATH
 
-cmd='../apps/ssleay pkcs7'
+cmd='../apps/openssl pkcs7'
 
 if [ "$1"x != "x" ]; then
 	t=$1
@@ -11,7 +15,7 @@ else
 	t=pkcs7-1.pem
 fi
 
-echo testing pkcs7 conversions
+echo "testing pkcs7 conversions (2)"
 cp $t fff.p
 
 echo "p -> d"
diff --git a/test/tpkcs7d.com b/test/tpkcs7d.com
new file mode 100644
index 0000000000..193bb72137
--- /dev/null
+++ b/test/tpkcs7d.com
@@ -0,0 +1,47 @@
+$! TPKCS7.COM  --  Tests pkcs7 keys
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	cmd := mcr 'exe_dir'openssl pkcs7
+$
+$	t := pkcs7-1.pem
+$	if p1 .nes. "" then t = p1
+$
+$	write sys$output "testing PKCS7 conversions (2)"
+$	if f$search("fff.*") .nes "" then delete fff.*;*
+$	if f$search("ff.*") .nes "" then delete ff.*;*
+$	if f$search("f.*") .nes "" then delete f.*;*
+$	convert/fdl=sys$input: 't' fff.p
+RECORD
+	FORMAT STREAM_LF
+$
+$	write sys$output "p -> d"
+$	'cmd' -in fff.p -inform p -outform d -out f.d
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in fff.p -inform p -outform p -out f.p
+$	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> d"
+$	'cmd' -in f.d -inform d -outform d -out ff.d1
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> d"
+$	'cmd' -in f.p -inform p -outform d -out ff.d3
+$	if $severity .ne. 1 then exit 3
+$
+$
+$	write sys$output "d -> p"
+$	'cmd' -in f.d -inform d -outform p -out ff.p1
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in f.p -inform p -outform p -out ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	backup/compare f.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$	backup/compare f.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	delete f.*;*,ff.*;*,fff.*;*
diff --git a/test/treq b/test/treq
index e5f1d8cc41..47a8273cde 100644
--- a/test/treq
+++ b/test/treq
@@ -1,9 +1,13 @@
 #!/bin/sh
 
-PATH=../apps:$PATH
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
 export PATH
 
-cmd='../apps/ssleay req'
+cmd='../apps/openssl req -config ../apps/openssl.cnf'
 
 if [ "$1"x != "x" ]; then
 	t=$1
@@ -11,6 +15,11 @@ else
 	t=testreq.pem
 fi
 
+if $cmd -in $t -inform p -noout -text | fgrep 'Unknown Public Key'; then
+  echo "skipping req conversion test for $t"
+  exit 0
+fi
+
 echo testing req conversions
 cp $t fff.p
 
diff --git a/test/treq.com b/test/treq.com
new file mode 100644
index 0000000000..5524e485ba
--- /dev/null
+++ b/test/treq.com
@@ -0,0 +1,83 @@
+$! TREQ.COM  --  Tests req keys
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	cmd := mcr 'exe_dir'openssl req -config [-.apps]openssl-vms.cnf
+$
+$	t := testreq.pem
+$	if p1 .nes. "" then t = p1
+$
+$	write sys$output "testing req conversions"
+$	if f$search("fff.*") .nes "" then delete fff.*;*
+$	if f$search("ff.*") .nes "" then delete ff.*;*
+$	if f$search("f.*") .nes "" then delete f.*;*
+$	convert/fdl=sys$input: 't' fff.p
+RECORD
+	FORMAT STREAM_LF
+$
+$	write sys$output "p -> d"
+$	'cmd' -in fff.p -inform p -outform d -out f.d
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "p -> t"
+$!	'cmd' -in fff.p -inform p -outform t -out f.t
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in fff.p -inform p -outform p -out f.p
+$	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> d"
+$	'cmd' -verify -in f.d -inform d -outform d -out ff.d1
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> d"
+$!	'cmd' -verify -in f.t -inform t -outform d -out ff.d2
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> d"
+$	'cmd' -verify -in f.p -inform p -outform d -out ff.d3
+$	if $severity .ne. 1 then exit 3
+$
+$!	write sys$output "d -> t"
+$!	'cmd' -in f.d -inform d -outform t -out ff.t1
+$!	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> t"
+$!	'cmd' -in f.t -inform t -outform t -out ff.t2
+$!	if $severity .ne. 1 then exit 3
+$!	write sys$output "p -> t"
+$!	'cmd' -in f.p -inform p -outform t -out ff.t3
+$!	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> p"
+$	'cmd' -in f.d -inform d -outform p -out ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> p"
+$!	'cmd' -in f.t -inform t -outform p -out ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in f.p -inform p -outform p -out ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	backup/compare fff.p f.p
+$	if $severity .ne. 1 then exit 3
+$	backup/compare fff.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	backup/compare fff.p ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	backup/compare fff.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$!	backup/compare f.t ff.t1
+$!	if $severity .ne. 1 then exit 3
+$!	backup/compare f.t ff.t2
+$!	if $severity .ne. 1 then exit 3
+$!	backup/compare f.t ff.t3
+$!	if $severity .ne. 1 then exit 3
+$
+$	backup/compare f.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	backup/compare f.p ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	backup/compare f.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	delete f.*;*,ff.*;*,fff.*;*
diff --git a/test/trsa b/test/trsa
index e5b8fe0448..413e2ec0a0 100644
--- a/test/trsa
+++ b/test/trsa
@@ -1,9 +1,18 @@
 #!/bin/sh
 
-PATH=../apps:$PATH
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
 export PATH
 
-cmd='../apps/ssleay rsa'
+if ../apps/openssl no-rsa; then
+  echo skipping rsa conversion test
+  exit 0
+fi
+
+cmd='../apps/openssl rsa'
 
 if [ "$1"x != "x" ]; then
 	t=$1
diff --git a/test/trsa.com b/test/trsa.com
new file mode 100644
index 0000000000..6dbe59ef64
--- /dev/null
+++ b/test/trsa.com
@@ -0,0 +1,94 @@
+$! TRSA.COM  --  Tests rsa keys
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	set noon
+$	define/user sys$output nla0:
+$	mcr 'exe_dir'openssl no-rsa
+$	save_severity=$SEVERITY
+$	set on
+$	if save_severity
+$	then
+$	    write sys$output "skipping RSA conversion test"
+$	    exit
+$	endif
+$
+$	cmd := mcr 'exe_dir'openssl rsa
+$
+$	t := testrsa.pem
+$	if p1 .nes. "" then t = p1
+$
+$	write sys$output "testing RSA conversions"
+$	if f$search("fff.*") .nes "" then delete fff.*;*
+$	if f$search("ff.*") .nes "" then delete ff.*;*
+$	if f$search("f.*") .nes "" then delete f.*;*
+$	convert/fdl=sys$input: 't' fff.p
+RECORD
+	FORMAT STREAM_LF
+$
+$	write sys$output "p -> d"
+$	'cmd' -in fff.p -inform p -outform d -out f.d
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "p -> t"
+$!	'cmd' -in fff.p -inform p -outform t -out f.t
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in fff.p -inform p -outform p -out f.p
+$	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> d"
+$	'cmd' -in f.d -inform d -outform d -out ff.d1
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> d"
+$!	'cmd' -in f.t -inform t -outform d -out ff.d2
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> d"
+$	'cmd' -in f.p -inform p -outform d -out ff.d3
+$	if $severity .ne. 1 then exit 3
+$
+$!	write sys$output "d -> t"
+$!	'cmd' -in f.d -inform d -outform t -out ff.t1
+$!	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> t"
+$!	'cmd' -in f.t -inform t -outform t -out ff.t2
+$!	if $severity .ne. 1 then exit 3
+$!	write sys$output "p -> t"
+$!	'cmd' -in f.p -inform p -outform t -out ff.t3
+$!	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> p"
+$	'cmd' -in f.d -inform d -outform p -out ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> p"
+$!	'cmd' -in f.t -inform t -outform p -out ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in f.p -inform p -outform p -out ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	backup/compare fff.p f.p
+$	if $severity .ne. 1 then exit 3
+$	backup/compare fff.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	backup/compare fff.p ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	backup/compare fff.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$!	backup/compare f.t ff.t1
+$!	if $severity .ne. 1 then exit 3
+$!	backup/compare f.t ff.t2
+$!	if $severity .ne. 1 then exit 3
+$!	backup/compare f.t ff.t3
+$!	if $severity .ne. 1 then exit 3
+$
+$	backup/compare f.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	backup/compare f.p ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	backup/compare f.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	delete f.*;*,ff.*;*,fff.*;*
diff --git a/test/tsid b/test/tsid
index 8c7e9b1387..40a1dfa97c 100644
--- a/test/tsid
+++ b/test/tsid
@@ -1,9 +1,13 @@
 #!/bin/sh
 
-PATH=../apps:$PATH
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
 export PATH
 
-cmd='../apps/ssleay sess_id'
+cmd='../apps/openssl sess_id'
 
 if [ "$1"x != "x" ]; then
 	t=$1
diff --git a/test/tsid.com b/test/tsid.com
new file mode 100644
index 0000000000..abd1d4d737
--- /dev/null
+++ b/test/tsid.com
@@ -0,0 +1,83 @@
+$! TSID.COM  --  Tests sid keys
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	cmd := mcr 'exe_dir'openssl sess_id
+$
+$	t := testsid.pem
+$	if p1 .nes. "" then t = p1
+$
+$	write sys$output "testing session-id conversions"
+$	if f$search("fff.*") .nes "" then delete fff.*;*
+$	if f$search("ff.*") .nes "" then delete ff.*;*
+$	if f$search("f.*") .nes "" then delete f.*;*
+$	convert/fdl=sys$input: 't' fff.p
+RECORD
+	FORMAT STREAM_LF
+$
+$	write sys$output "p -> d"
+$	'cmd' -in fff.p -inform p -outform d -out f.d
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "p -> t"
+$!	'cmd' -in fff.p -inform p -outform t -out f.t
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in fff.p -inform p -outform p -out f.p
+$	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> d"
+$	'cmd' -in f.d -inform d -outform d -out ff.d1
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> d"
+$!	'cmd' -in f.t -inform t -outform d -out ff.d2
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> d"
+$	'cmd' -in f.p -inform p -outform d -out ff.d3
+$	if $severity .ne. 1 then exit 3
+$
+$!	write sys$output "d -> t"
+$!	'cmd' -in f.d -inform d -outform t -out ff.t1
+$!	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> t"
+$!	'cmd' -in f.t -inform t -outform t -out ff.t2
+$!	if $severity .ne. 1 then exit 3
+$!	write sys$output "p -> t"
+$!	'cmd' -in f.p -inform p -outform t -out ff.t3
+$!	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> p"
+$	'cmd' -in f.d -inform d -outform p -out ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	write sys$output "t -> p"
+$!	'cmd' -in f.t -inform t -outform p -out ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in f.p -inform p -outform p -out ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	backup/compare fff.p f.p
+$	if $severity .ne. 1 then exit 3
+$	backup/compare fff.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	backup/compare fff.p ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	backup/compare fff.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$!	backup/compare f.t ff.t1
+$!	if $severity .ne. 1 then exit 3
+$!	backup/compare f.t ff.t2
+$!	if $severity .ne. 1 then exit 3
+$!	backup/compare f.t ff.t3
+$!	if $severity .ne. 1 then exit 3
+$
+$	backup/compare f.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$!	backup/compare f.p ff.p2
+$!	if $severity .ne. 1 then exit 3
+$	backup/compare f.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	delete f.*;*,ff.*;*,fff.*;*
diff --git a/test/tverify.com b/test/tverify.com
new file mode 100644
index 0000000000..f97e71478f
--- /dev/null
+++ b/test/tverify.com
@@ -0,0 +1,26 @@
+$! TVERIFY.COM
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	copy/concatenate [-.certs]*.pem certs.tmp
+$
+$	old_f :=
+$ loop_certs:
+$	c := NO
+$	certs :=
+$ loop_certs2:
+$	f = f$search("[-.certs]*.pem")
+$	if f .nes. "" .and. f .nes. old_f
+$	then
+$	    certs = certs + " [-.certs]" + f$parse(f,,,"NAME") + ".pem"
+$	    if f$length(certs) .lt. 180 then goto loop_certs2
+$	    c := YES
+$	endif
+$	certs = certs - " "
+$
+$	mcr 'exe_dir'openssl verify "-CAfile" certs.tmp 'certs'
+$	if c then goto loop_certs
+$
+$	delete certs.tmp;*
diff --git a/test/tx509 b/test/tx509
index f8d1f82cdd..d380963abc 100644
--- a/test/tx509
+++ b/test/tx509
@@ -1,9 +1,13 @@
 #!/bin/sh
 
-PATH=../apps:$PATH
+if test "$OSTYPE" = msdosdjgpp; then
+    PATH=../apps\;$PATH
+else
+    PATH=../apps:$PATH
+fi
 export PATH
 
-cmd='../apps/ssleay x509'
+cmd='../apps/openssl x509'
 
 if [ "$1"x != "x" ]; then
 	t=$1
diff --git a/test/tx509.com b/test/tx509.com
new file mode 100644
index 0000000000..7b2592f773
--- /dev/null
+++ b/test/tx509.com
@@ -0,0 +1,83 @@
+$! TX509.COM  --  Tests x509 certificates
+$
+$	__arch := VAX
+$	if f$getsyi("cpu") .ge. 128 then __arch := AXP
+$	exe_dir := sys$disk:[-.'__arch'.exe.apps]
+$
+$	cmd := mcr 'exe_dir'openssl x509
+$
+$	t := testx509.pem
+$	if p1 .nes. "" then t = p1
+$
+$	write sys$output "testing X509 conversions"
+$	if f$search("fff.*") .nes "" then delete fff.*;*
+$	if f$search("ff.*") .nes "" then delete ff.*;*
+$	if f$search("f.*") .nes "" then delete f.*;*
+$	convert/fdl=sys$input: 't' fff.p
+RECORD
+	FORMAT STREAM_LF
+$
+$	write sys$output "p -> d"
+$	'cmd' -in fff.p -inform p -outform d -out f.d
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> n"
+$	'cmd' -in fff.p -inform p -outform n -out f.n
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in fff.p -inform p -outform p -out f.p
+$	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> d"
+$	'cmd' -in f.d -inform d -outform d -out ff.d1
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "n -> d"
+$	'cmd' -in f.n -inform n -outform d -out ff.d2
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> d"
+$	'cmd' -in f.p -inform p -outform d -out ff.d3
+$	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> n"
+$	'cmd' -in f.d -inform d -outform n -out ff.n1
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "n -> n"
+$	'cmd' -in f.n -inform n -outform n -out ff.n2
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> n"
+$	'cmd' -in f.p -inform p -outform n -out ff.n3
+$	if $severity .ne. 1 then exit 3
+$
+$	write sys$output "d -> p"
+$	'cmd' -in f.d -inform d -outform p -out ff.p1
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "n -> p"
+$	'cmd' -in f.n -inform n -outform p -out ff.p2
+$	if $severity .ne. 1 then exit 3
+$	write sys$output "p -> p"
+$	'cmd' -in f.p -inform p -outform p -out ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	backup/compare fff.p f.p
+$	if $severity .ne. 1 then exit 3
+$	backup/compare fff.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$	backup/compare fff.p ff.p2
+$	if $severity .ne. 1 then exit 3
+$	backup/compare fff.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	backup/compare f.n ff.n1
+$	if $severity .ne. 1 then exit 3
+$	backup/compare f.n ff.n2
+$	if $severity .ne. 1 then exit 3
+$	backup/compare f.n ff.n3
+$	if $severity .ne. 1 then exit 3
+$
+$	backup/compare f.p ff.p1
+$	if $severity .ne. 1 then exit 3
+$	backup/compare f.p ff.p2
+$	if $severity .ne. 1 then exit 3
+$	backup/compare f.p ff.p3
+$	if $severity .ne. 1 then exit 3
+$
+$	delete f.*;*,ff.*;*,fff.*;*
diff --git a/times/091/mips-rel.pl b/times/091/mips-rel.pl
index 18068d7971..4b2509315a 100644
--- a/times/091/mips-rel.pl
+++ b/times/091/mips-rel.pl
@@ -1,4 +1,4 @@
-print "CPU type            512   1024   2048   4096\n";
+#!/usr/local/bin/perl
 
 &doit(100,"Pentium   100 32",0.0195,0.1000,0.6406,4.6100);	# pentium-100
 &doit(200,"PPro      200 32",0.0070,0.0340,0.2087,1.4700);	# pentium-100
diff --git a/times/x86/bfs.cpp b/times/x86/bfs.cpp
index 272ed2f978..d74c457760 100644
--- a/times/x86/bfs.cpp
+++ b/times/x86/bfs.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "blowfish.h"
+#include <openssl/blowfish.h>
 
 void main(int argc,char *argv[])
 	{
diff --git a/times/x86/casts.cpp b/times/x86/casts.cpp
index 7f524da57b..7661191acf 100644
--- a/times/x86/casts.cpp
+++ b/times/x86/casts.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "cast.h"
+#include <openssl/cast.h>
 
 void main(int argc,char *argv[])
 	{
diff --git a/times/x86/des3s.cpp b/times/x86/des3s.cpp
index 9aff6494d9..02d527c057 100644
--- a/times/x86/des3s.cpp
+++ b/times/x86/des3s.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "des.h"
+#include <openssl/des.h>
 
 void main(int argc,char *argv[])
 	{
diff --git a/times/x86/dess.cpp b/times/x86/dess.cpp
index 7fb5987314..753e67ad9b 100644
--- a/times/x86/dess.cpp
+++ b/times/x86/dess.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "des.h"
+#include <openssl/des.h>
 
 void main(int argc,char *argv[])
 	{
diff --git a/times/x86/md4s.cpp b/times/x86/md4s.cpp
new file mode 100644
index 0000000000..c0ec97fc9f
--- /dev/null
+++ b/times/x86/md4s.cpp
@@ -0,0 +1,78 @@
+//
+// gettsc.inl
+//
+// gives access to the Pentium's (secret) cycle counter
+//
+// This software was written by Leonard Janke (janke@unixg.ubc.ca)
+// in 1996-7 and is entered, by him, into the public domain.
+
+#if defined(__WATCOMC__)
+void GetTSC(unsigned long&);
+#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax];
+#elif defined(__GNUC__)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  asm volatile(".byte 15, 49\n\t"
+	       : "=eax" (tsc)
+	       :
+	       : "%edx", "%eax");
+}
+#elif defined(_MSC_VER)
+inline
+void GetTSC(unsigned long& tsc)
+{
+  unsigned long a;
+  __asm _emit 0fh
+  __asm _emit 31h
+  __asm mov a, eax;
+  tsc=a;
+}
+#endif      
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/md4.h>
+
+extern "C" {
+void md4_block_x86(MD4_CTX *ctx, unsigned char *buffer,int num);
+}
+
+void main(int argc,char *argv[])
+	{
+	unsigned char buffer[64*256];
+	MD4_CTX ctx;
+	unsigned long s1,s2,e1,e2;
+	unsigned char k[16];
+	unsigned long data[2];
+	unsigned char iv[8];
+	int i,num=0,numm;
+	int j=0;
+
+	if (argc >= 2)
+		num=atoi(argv[1]);
+
+	if (num == 0) num=16;
+	if (num > 250) num=16;
+	numm=num+2;
+	num*=64;
+	numm*=64;
+
+	for (j=0; j<6; j++)
+		{
+		for (i=0; i<10; i++) /**/
+			{
+			md4_block_x86(&ctx,buffer,numm);
+			GetTSC(s1);
+			md4_block_x86(&ctx,buffer,numm);
+			GetTSC(e1);
+			GetTSC(s2);
+			md4_block_x86(&ctx,buffer,num);
+			GetTSC(e2);
+			md4_block_x86(&ctx,buffer,num);
+			}
+		printf("md4 (%d bytes) %d %d (%.2f)\n",num,
+			e1-s1,e2-s2,(double)((e1-s1)-(e2-s2))/2);
+		}
+	}
+
diff --git a/times/x86/md5s.cpp b/times/x86/md5s.cpp
index ef8e175df0..dd343fd4e6 100644
--- a/times/x86/md5s.cpp
+++ b/times/x86/md5s.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "md5.h"
+#include <openssl/md5.h>
 
 extern "C" {
 void md5_block_x86(MD5_CTX *ctx, unsigned char *buffer,int num);
diff --git a/times/x86/rc4s.cpp b/times/x86/rc4s.cpp
index 39f1727dd3..3814fde997 100644
--- a/times/x86/rc4s.cpp
+++ b/times/x86/rc4s.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "rc4.h"
+#include <openssl/rc4.h>
 
 void main(int argc,char *argv[])
 	{
diff --git a/times/x86/sha1s.cpp b/times/x86/sha1s.cpp
index 0163377de6..3103e1871b 100644
--- a/times/x86/sha1s.cpp
+++ b/times/x86/sha1s.cpp
@@ -32,7 +32,7 @@ void GetTSC(unsigned long& tsc)
 
 #include <stdio.h>
 #include <stdlib.h>
-#include "sha.h"
+#include <openssl/sha.h>
 
 extern "C" {
 void sha1_block_x86(SHA_CTX *ctx, unsigned char *buffer,int num);
diff --git a/tools/.cvsignore b/tools/.cvsignore
new file mode 100644
index 0000000000..af0e591579
--- /dev/null
+++ b/tools/.cvsignore
@@ -0,0 +1,2 @@
+c_rehash
+c_rehash.bak
diff --git a/tools/Makefile.ssl b/tools/Makefile.ssl
index 537e97d268..b46ea44f6a 100644
--- a/tools/Makefile.ssl
+++ b/tools/Makefile.ssl
@@ -5,34 +5,42 @@
 DIR=	tools
 TOP=	..
 CC=	cc
-INCLUDES= -I.. -I../../include
+INCLUDES= -I$(TOP) -I../../include
 CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=/usr/local/ssl
 MAKE=		make -f Makefile.ssl
-MAKEDEPEND=	makedepend -f Makefile.ssl
+MAKEDEPPROG=	makedepend
+MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
 MAKEFILE=	Makefile.ssl
 
 CFLAGS= $(INCLUDES) $(CFLAG)
 
 GENERAL=Makefile.ssl
 TEST=
-APPS= c_hash c_info c_issuer c_name c_rehash
+APPS= c_rehash
+MISC_APPS= c_hash c_info c_issuer c_name
 
 all:
 
 install:
 	@for i in $(APPS) ; \
 	do  \
-	(cp $$i $(INSTALLTOP)/bin/$$i; \
-	chmod 755 $(INSTALLTOP)/bin/$$i ); \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
+	chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+	done;
+	@for i in $(MISC_APPS) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \
+	chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
 	done;
 
 files:
-	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
 
 links:
-	/bin/rm -f Makefile
-	$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	@$(TOP)/util/point.sh Makefile.ssl Makefile
 
 lint:
 
@@ -43,11 +51,11 @@ errors:
 depend:
 
 dclean:
-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
 	mv -f Makefile.new $(MAKEFILE)
 
 clean:
-	/bin/rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 errors:
 
diff --git a/tools/c89.sh b/tools/c89.sh
new file mode 100755
index 0000000000..b25c9fda2d
--- /dev/null
+++ b/tools/c89.sh
@@ -0,0 +1,15 @@
+#!/bin/sh -k
+#
+# Re-order arguments so that -L comes first
+#
+opts=""
+lopts=""
+        
+for arg in $* ; do
+  case $arg in
+    -L*) lopts="$lopts $arg" ;;
+    *) opts="$opts $arg" ;;
+  esac
+done
+
+c89 $lopts $opts
diff --git a/tools/c_hash b/tools/c_hash
index 54ff9d2cac..5e0a908175 100644
--- a/tools/c_hash
+++ b/tools/c_hash
@@ -4,6 +4,6 @@
 
 for i in $*
 do
-	h=`ssleay x509 -hash -noout -in $i`
+	h=`openssl x509 -hash -noout -in $i`
 	echo "$h.0 => $i"
 done
diff --git a/tools/c_info b/tools/c_info
index 5dd960b3a1..0e1e633b6f 100644
--- a/tools/c_info
+++ b/tools/c_info
@@ -5,7 +5,7 @@
 
 for i in $*
 do
-	n=`ssleay x509 -subject -issuer -enddate -noout -in $i`
+	n=`openssl x509 -subject -issuer -enddate -noout -in $i`
 	echo "$i"
 	echo "$n"
 	echo "--------"
diff --git a/tools/c_issuer b/tools/c_issuer
index a885b24b7b..4c691201bb 100644
--- a/tools/c_issuer
+++ b/tools/c_issuer
@@ -5,6 +5,6 @@
 
 for i in $*
 do
-	n=`ssleay x509 -issuer -noout -in $i`
+	n=`openssl x509 -issuer -noout -in $i`
 	echo "$i\t$n"
 done
diff --git a/tools/c_name b/tools/c_name
index 4b33e68c59..28800c0b30 100644
--- a/tools/c_name
+++ b/tools/c_name
@@ -5,6 +5,6 @@
 
 for i in $*
 do
-	n=`ssleay x509 -subject -noout -in $i`
+	n=`openssl x509 -subject -noout -in $i`
 	echo "$i	$n"
 done
diff --git a/tools/c_rehash b/tools/c_rehash
deleted file mode 100644
index 99ab7ebaa1..0000000000
--- a/tools/c_rehash
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/bin/sh
-#
-# redo the hashes for the certificates in your cert path or the ones passed
-# on the command line.
-#
-
-if [ "$SSLEAY"x = "x" -o ! -x "$SSLEAY" ]; then
-	SSLEAY='ssleay'
-	export SSLEAY
-fi
-DIR=/usr/local/ssl
-PATH=$DIR/bin:$PATH
-
-SSL_DIR=$DIR/certs
-
-if [ "$*" = "" ]; then
-	CERTS=${*:-${SSL_CERT_DIR:-$SSL_DIR}}
-else
-	CERTS=$*
-fi
-
-IFS=': '
-for i in $CERTS
-do
-  (
-  IFS=' '
-  if [ -d $i -a -w $i ]; then
-    cd $i
-    echo "Doing $i"
-    for i in *.pem
-    do
-      if [ $i != '*.pem' ]; then
-        h=`$SSLEAY x509 -hash -noout -in $i`
-	if [ "x$h" = "x" ]; then
-	  echo $i does not contain a certificate
-	else
-          if [ -f $h.0 ]; then
-            /bin/rm -f $h.0
-          fi
-          echo "$i => $h.0"
-          ln -s $i $h.0
-	fi
-      fi
-    done
-  fi
-  )
-done
diff --git a/tools/c_rehash.in b/tools/c_rehash.in
new file mode 100644
index 0000000000..4497cbd9f1
--- /dev/null
+++ b/tools/c_rehash.in
@@ -0,0 +1,160 @@
+#!/usr/local/bin/perl
+
+
+# Perl c_rehash script, scan all files in a directory
+# and add symbolic links to their hash values.
+
+my $openssl;
+
+my $dir;
+
+if(defined $ENV{OPENSSL}) {
+	$openssl = $ENV{OPENSSL};
+} else {
+	$openssl = "openssl";
+	$ENV{OPENSSL} = $openssl;
+}
+
+$ENV{PATH} .= ":$dir/bin";
+
+if(! -x $openssl) {
+	my $found = 0;
+	foreach (split /:/, $ENV{PATH}) {
+		if(-x "$_/$openssl") {
+			$found = 1;
+			last;
+		}	
+	}
+	if($found == 0) {
+		print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
+		exit 0;
+	}
+}
+
+if(@ARGV) {
+	@dirlist = @ARGV;
+} elsif($ENV{SSL_CERT_DIR}) {
+	@dirlist = split /:/, $ENV{SSL_CERT_DIR};
+} else {
+	$dirlist[0] = "$dir/certs";
+}
+
+
+foreach (@dirlist) {
+	if(-d $_ and -w $_) {
+		hash_dir($_);
+	}
+}
+
+sub hash_dir {
+	my %hashlist;
+	print "Doing $_[0]\n";
+	chdir $_[0];
+	opendir(DIR, ".");
+	my @flist = readdir(DIR);
+	# Delete any existing symbolic links
+	foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
+		if(-l $_) {
+			unlink $_;
+		}
+	}
+	closedir DIR;
+	FILE: foreach $fname (grep {/\.pem$/} @flist) {
+		# Check to see if certificates and/or CRLs present.
+		my ($cert, $crl) = check_file($fname);
+		if(!$cert && !$crl) {
+			print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
+			next;
+		}
+		link_hash_cert($fname) if($cert);
+		link_hash_crl($fname) if($crl);
+	}
+}
+
+sub check_file {
+	my ($is_cert, $is_crl) = (0,0);
+	my $fname = $_[0];
+	open IN, $fname;
+	while(<IN>) {
+		if(/^-----BEGIN (.*)-----/) {
+			my $hdr = $1;
+			if($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
+				$is_cert = 1;
+				last if($is_crl);
+			} elsif($hdr eq "X509 CRL") {
+				$is_crl = 1;
+				last if($is_cert);
+			}
+		}
+	}
+	close IN;
+	return ($is_cert, $is_crl);
+}
+
+
+# Link a certificate to its subject name hash value, each hash is of
+# the form <hash>.<n> where n is an integer. If the hash value already exists
+# then we need to up the value of n, unless its a duplicate in which
+# case we skip the link. We check for duplicates by comparing the
+# certificate fingerprints
+
+sub link_hash_cert {
+		my $fname = $_[0];
+		$fname =~ s/'/'\\''/g;
+		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
+		chomp $hash;
+		chomp $fprint;
+		$fprint =~ s/^.*=//;
+		$fprint =~ tr/://d;
+		my $suffix = 0;
+		# Search for an unused hash filename
+		while(exists $hashlist{"$hash.$suffix"}) {
+			# Hash matches: if fingerprint matches its a duplicate cert
+			if($hashlist{"$hash.$suffix"} eq $fprint) {
+				print STDERR "WARNING: Skipping duplicate certificate $fname\n";
+				return;
+			}
+			$suffix++;
+		}
+		$hash .= ".$suffix";
+		print "$fname => $hash\n";
+		$symlink_exists=eval {symlink("",""); 1};
+		if ($symlink_exists) {
+			symlink $fname, $hash;
+		} else {
+			system ("cp", $fname, $hash);
+		}
+		$hashlist{$hash} = $fprint;
+}
+
+# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
+
+sub link_hash_crl {
+		my $fname = $_[0];
+		$fname =~ s/'/'\\''/g;
+		my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
+		chomp $hash;
+		chomp $fprint;
+		$fprint =~ s/^.*=//;
+		$fprint =~ tr/://d;
+		my $suffix = 0;
+		# Search for an unused hash filename
+		while(exists $hashlist{"$hash.r$suffix"}) {
+			# Hash matches: if fingerprint matches its a duplicate cert
+			if($hashlist{"$hash.r$suffix"} eq $fprint) {
+				print STDERR "WARNING: Skipping duplicate CRL $fname\n";
+				return;
+			}
+			$suffix++;
+		}
+		$hash .= ".r$suffix";
+		print "$fname => $hash\n";
+		$symlink_exists=eval {symlink("",""); 1};
+		if ($symlink_exists) {
+			symlink $fname, $hash;
+		} else {
+			system ("cp", $fname, $hash);
+		}
+		$hashlist{$hash} = $fprint;
+}
+
diff --git a/util/clean-depend.pl b/util/clean-depend.pl
new file mode 100755
index 0000000000..6c485d1e2f
--- /dev/null
+++ b/util/clean-depend.pl
@@ -0,0 +1,54 @@
+#!/usr/local/bin/perl -w
+# Clean the dependency list in a makefile of standard includes...
+# Written by Ben Laurie <ben@algroup.co.uk> 19 Jan 1999
+
+use strict;
+
+while(<STDIN>) {
+    print;
+    last if /^# DO NOT DELETE THIS LINE/;
+}
+
+my %files;
+
+my $thisfile="";
+while(<STDIN>) {
+    my ($dummy, $file,$deps)=/^((.*):)? (.*)$/;
+    my $origfile="";
+    $thisfile=$file if defined $file;
+    next if !defined $deps;
+    $origfile=$thisfile;
+    $origfile=~s/\.o$/.c/;
+    my @deps=split ' ',$deps;
+    @deps=grep(!/^\//,@deps);
+    @deps=grep(!/^\\$/,@deps);
+    @deps=grep(!/^$origfile$/,@deps);
+# pull out the kludged kerberos header (if present).
+    @deps=grep(!/^[.\/]+\/krb5.h/,@deps);
+    push @{$files{$thisfile}},@deps;
+}
+
+my $file;
+foreach $file (sort keys %files) {
+    my $len=0;
+    my $dep;
+    my $origfile=$file;
+    $origfile=~s/\.o$/.c/;
+    $file=~s/^\.\///;
+    push @{$files{$file}},$origfile;
+    my $prevdep="";
+    foreach $dep (sort @{$files{$file}}) {
+	$dep=~s/^\.\///;
+	next if $prevdep eq $dep; # to exterminate duplicates...
+	$prevdep = $dep;
+	$len=0 if $len+length($dep)+1 >= 80;
+	if($len == 0) {
+	    print "\n$file:";
+	    $len=length($file)+1;
+	}
+	print " $dep";
+	$len+=length($dep)+1;
+    }
+}
+
+print "\n";
diff --git a/util/cygwin.sh b/util/cygwin.sh
new file mode 100755
index 0000000000..930f766b4f
--- /dev/null
+++ b/util/cygwin.sh
@@ -0,0 +1,127 @@
+#!/bin/bash
+#
+# This script configures, builds and packs the binary package for
+# the Cygwin net distribution version of OpenSSL
+#
+
+# Uncomment when debugging
+#set -x
+
+CONFIG_OPTIONS="--prefix=/usr shared no-idea no-rc5 no-mdc2"
+INSTALL_PREFIX=/tmp/install
+
+VERSION=
+SUBVERSION=$1
+
+function cleanup()
+{
+  rm -rf ${INSTALL_PREFIX}/etc
+  rm -rf ${INSTALL_PREFIX}/usr
+}
+
+function get_openssl_version()
+{
+  eval `grep '^VERSION=' Makefile.ssl`
+  if [ -z "${VERSION}" ]
+  then
+    echo "Error: Couldn't retrieve OpenSSL version from Makefile.ssl."
+    echo "       Check value of variable VERSION in Makefile.ssl."
+    exit 1
+  fi
+}
+
+function base_install()
+{
+  mkdir -p ${INSTALL_PREFIX}
+  cleanup
+  make install INSTALL_PREFIX="${INSTALL_PREFIX}"
+}
+
+function doc_install()
+{
+  DOC_DIR=${INSTALL_PREFIX}/usr/doc/openssl
+
+  mkdir -p ${DOC_DIR}
+  cp CHANGES CHANGES.SSLeay INSTALL LICENSE NEWS README ${DOC_DIR}
+
+  create_cygwin_readme
+}
+
+function create_cygwin_readme()
+{
+  README_DIR=${INSTALL_PREFIX}/usr/doc/Cygwin
+  README_FILE=${README_DIR}/openssl-${VERSION}.README
+
+  mkdir -p ${README_DIR}
+  cat > ${README_FILE} <<- EOF
+	The Cygwin version has been built using the following configure:
+
+	  ./config ${CONFIG_OPTIONS}
+
+	The IDEA, RC5 and MDC2 algorithms are disabled due to patent and/or
+	licensing issues.
+	EOF
+}
+
+function create_profile_files()
+{
+  PROFILE_DIR=${INSTALL_PREFIX}/etc/profile.d
+
+  mkdir -p $PROFILE_DIR
+  cat > ${PROFILE_DIR}/openssl.sh <<- "EOF"
+	export MANPATH="${MANPATH}:/usr/ssl/man"
+	EOF
+  cat > ${PROFILE_DIR}/openssl.csh <<- "EOF"
+	if ( $?MANPATH ) then
+	  setenv MANPATH "${MANPATH}:/usr/ssl/man"
+	else
+	  setenv MANPATH ":/usr/ssl/man"
+	endif
+	EOF
+}
+
+if [ -z "${SUBVERSION}" ]
+then
+  echo "Usage: $0 subversion"
+  exit 1
+fi
+
+if [ ! -f config ]
+then
+  echo "You must start this script in the OpenSSL toplevel source dir."
+  exit 1
+fi
+
+./config ${CONFIG_OPTIONS}
+
+get_openssl_version
+
+make depend || exit 1
+
+make || exit 1
+
+base_install
+
+doc_install
+
+create_cygwin_readme
+
+create_profile_files
+
+cd ${INSTALL_PREFIX}
+strip usr/bin/*.exe usr/bin/*.dll
+
+# Runtime package
+find etc usr/bin usr/doc usr/ssl/certs usr/ssl/man/man[157] usr/ssl/misc \
+     usr/ssl/openssl.cnf usr/ssl/private -empty -o \! -type d |
+tar cjfT openssl-${VERSION}-${SUBVERSION}.tar.bz2 -
+# Development package
+find usr/include usr/lib usr/ssl/man/man3 -empty -o \! -type d |
+tar cjfT openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 -
+
+ls -l openssl-${VERSION}-${SUBVERSION}.tar.bz2
+ls -l openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2
+
+cleanup
+
+exit 0
diff --git a/util/dirname.pl b/util/dirname.pl
new file mode 100644
index 0000000000..d7a66d96ac
--- /dev/null
+++ b/util/dirname.pl
@@ -0,0 +1,18 @@
+#!/usr/local/bin/perl
+
+if ($#ARGV < 0) {
+    die "dirname.pl: too few arguments\n";
+} elsif ($#ARGV > 0) {
+    die "dirname.pl: too many arguments\n";
+}
+
+my $d = $ARGV[0];
+
+if ($d =~ m|.*/.*|) {
+    $d =~ s|/[^/]*$||;
+} else {
+    $d = ".";
+}
+
+print $d,"\n";
+exit(0);
diff --git a/util/do_ms.sh b/util/do_ms.sh
index f498d842b7..515b074cff 100755
--- a/util/do_ms.sh
+++ b/util/do_ms.sh
@@ -5,11 +5,13 @@
 
 PATH=util:../util:$PATH
 
-# perl util/mk1mf.pl VC-MSDOS no-sock >ms/msdos.mak
+# perl util/mk1mf.pl no-sock VC-MSDOS >ms/msdos.mak
 # perl util/mk1mf.pl VC-W31-32 >ms/w31.mak
-perl util/mk1mf.pl VC-WIN16 dll >ms/w31dll.mak
+perl util/mk1mf.pl dll VC-WIN16 >ms/w31dll.mak
 # perl util/mk1mf.pl VC-WIN32 >ms/nt.mak
-perl util/mk1mf.pl VC-WIN32 dll >ms/ntdll.mak
+perl util/mk1mf.pl dll VC-WIN32 >ms/ntdll.mak
+perl util/mk1mf.pl Mingw32 >ms/mingw32.mak
+perl util/mk1mf.pl Mingw32-files >ms/mingw32f.mak
 
 perl util/mkdef.pl 16 libeay > ms/libeay16.def
 perl util/mkdef.pl 32 libeay > ms/libeay32.def
diff --git a/util/domd b/util/domd
new file mode 100755
index 0000000000..49310bbdd1
--- /dev/null
+++ b/util/domd
@@ -0,0 +1,34 @@
+#!/bin/sh
+# Do a makedepend, only leave out the standard headers
+# Written by Ben Laurie <ben@algroup.co.uk> 19 Jan 1999
+
+TOP=$1
+shift
+if [ "$1" = "-MD" ]; then
+    shift
+    MAKEDEPEND=$1
+    shift
+fi
+if [ "$MAKEDEPEND" = "" ]; then MAKEDEPEND=makedepend; fi
+
+cp Makefile.ssl Makefile.save
+# fake the presence of Kerberos
+touch $TOP/krb5.h
+if [ "$MAKEDEPEND" = "gcc" ]; then
+    args=""
+    while [ $# -gt 0 ]; do
+	if [ "$1" != "--" ]; then args="$args $1"; fi
+	shift
+    done
+    sed -e '/^# DO NOT DELETE.*/,$d' < Makefile.ssl > Makefile.tmp
+    echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
+    gcc -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp
+    ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new
+    rm -f Makefile.tmp
+else
+    ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND -f Makefile.ssl $@
+    ${PERL} $TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new
+fi
+mv Makefile.new Makefile.ssl
+# unfake the presence of Kerberos
+rm $TOP/krb5.h
diff --git a/util/extract-names.pl b/util/extract-names.pl
new file mode 100644
index 0000000000..d413a045cc
--- /dev/null
+++ b/util/extract-names.pl
@@ -0,0 +1,22 @@
+#!/usr/bin/perl
+
+$/ = "";			# Eat a paragraph at once.
+while(<STDIN>) {
+    chop;
+    s/\n/ /gm;
+    if (/^=head1 /) {
+	$name = 0;
+    } elsif ($name) {
+	if (/ - /) {
+	    s/ - .*//;
+	    s/[ \t,]+/ /g;
+	    push @words, split ' ';
+	}
+    }
+    if (/^=head1 *NAME *$/) {
+	$name = 1;
+    }
+}
+
+print join("\n", @words),"\n";
+
diff --git a/util/f.mak b/util/f.mak
deleted file mode 100644
index e69de29bb2..0000000000
--- a/util/f.mak
+++ /dev/null
diff --git a/util/libeay.num b/util/libeay.num
index 2d5e55ad48..dc2cedc1e2 100755
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -1,1126 +1,2990 @@
-SSLeay					1
-SSLeay_version				2
-ASN1_BIT_STRING_asn1_meth		3
-ASN1_HEADER_free			4
-ASN1_HEADER_new				5
-ASN1_IA5STRING_asn1_meth		6
-ASN1_INTEGER_get			7
-ASN1_INTEGER_set			8
-ASN1_INTEGER_to_BN			9
-ASN1_OBJECT_create			10
-ASN1_OBJECT_free			11
-ASN1_OBJECT_new				12
-ASN1_PRINTABLE_type			13
-ASN1_STRING_cmp				14
-ASN1_STRING_dup				15
-ASN1_STRING_free			16
-ASN1_STRING_new				17
-ASN1_STRING_print			18
-ASN1_STRING_set				19
-ASN1_STRING_type_new			20
-ASN1_TYPE_free				21
-ASN1_TYPE_new				22
-ASN1_UNIVERSALSTRING_to_string		23
-ASN1_UTCTIME_check			24
-ASN1_UTCTIME_print			25
-ASN1_UTCTIME_set			26
-ASN1_check_infinite_end			27
-ASN1_d2i_bio				28
-ASN1_d2i_fp				29
-ASN1_digest				30
-ASN1_dup				31
-ASN1_get_object				32
-ASN1_i2d_bio				33
-ASN1_i2d_fp				34
-ASN1_object_size			35
-ASN1_parse				36
-ASN1_put_object				37
-ASN1_sign				38
-ASN1_verify				39
-BF_cbc_encrypt				40
-BF_cfb64_encrypt			41
-BF_ecb_encrypt				42
-BF_encrypt				43
-BF_ofb64_encrypt			44
-BF_options				45
-BF_set_key				46
-BIO_CONNECT_free			47
-BIO_CONNECT_new				48
-BIO_accept				51
-BIO_ctrl				52
-BIO_int_ctrl				53
-BIO_debug_callback			54
-BIO_dump				55
-BIO_dup_chain				56
-BIO_f_base64				57
-BIO_f_buffer				58
-BIO_f_cipher				59
-BIO_f_md				60
-BIO_f_null				61
-BIO_f_proxy_server			62
-BIO_fd_non_fatal_error			63
-BIO_fd_should_retry			64
-BIO_find_type				65
-BIO_free				66
-BIO_free_all				67
-BIO_get_accept_socket			69
-BIO_get_filter_bio			70
-BIO_get_host_ip				71
-BIO_get_port				72
-BIO_get_retry_BIO			73
-BIO_get_retry_reason			74
-BIO_gethostbyname			75
-BIO_gets				76
-BIO_new					78
-BIO_new_accept				79
-BIO_new_connect				80
-BIO_new_fd				81
-BIO_new_file				82
-BIO_new_fp				83
-BIO_new_socket				84
-BIO_pop					85
-BIO_printf				86
-BIO_push				87
-BIO_puts				88
-BIO_read				89
-BIO_s_accept				90
-BIO_s_connect				91
-BIO_s_fd				92
-BIO_s_file				93
-BIO_s_mem				95
-BIO_s_null				96
-BIO_s_proxy_client			97
-BIO_s_socket				98
-BIO_set					100
-BIO_set_cipher				101
-BIO_set_tcp_ndelay			102
-BIO_sock_cleanup			103
-BIO_sock_error				104
-BIO_sock_init				105
-BIO_sock_non_fatal_error		106
-BIO_sock_should_retry			107
-BIO_socket_ioctl			108
-BIO_write				109
-BN_CTX_free				110
-BN_CTX_new				111
-BN_MONT_CTX_free			112
-BN_MONT_CTX_new				113
-BN_MONT_CTX_set				114
-BN_add					115
-BN_add_word				116
-BN_hex2bn				117
-BN_bin2bn				118
-BN_bn2hex				119
-BN_bn2bin				120
-BN_clear				121
-BN_clear_bit				122
-BN_clear_free				123
-BN_cmp					124
-BN_copy					125
-BN_div					126
-BN_div_word				127
-BN_dup					128
-BN_free					129
-BN_from_montgomery			130
-BN_gcd					131
-BN_generate_prime			132
-BN_get_word				133
-BN_is_bit_set				134
-BN_is_prime				135
-BN_lshift				136
-BN_lshift1				137
-BN_mask_bits				138
-BN_mod					139
-BN_mod_exp				140
-BN_mod_exp_mont				141
-BN_mod_exp_recp				142
-BN_mod_exp_simple			143
-BN_mod_inverse				144
-BN_mod_mul				145
-BN_mod_mul_montgomery			146
-BN_mod_mul_reciprocal			147
-BN_mod_word				148
-BN_mul					149
-BN_new					150
-BN_num_bits				151
-BN_num_bits_word			152
-BN_options				153
-BN_print				154
-BN_print_fp				155
-BN_rand					156
-BN_reciprocal				157
-BN_rshift				158
-BN_rshift1				159
-BN_set_bit				160
-BN_set_word				161
-BN_sqr					162
-BN_sub					163
-BN_to_ASN1_INTEGER			164
-BN_ucmp					165
-BN_value_one				166
-BUF_MEM_free				167
-BUF_MEM_grow				168
-BUF_MEM_new				169
-BUF_strdup				170
-CONF_free				171
-CONF_get_number				172
-CONF_get_section			173
-CONF_get_string				174
-CONF_load				175
-CRYPTO_add_lock				176
-CRYPTO_dbg_free				177
-CRYPTO_dbg_malloc			178
-CRYPTO_dbg_realloc			179
-CRYPTO_dbg_remalloc			180
-CRYPTO_free				181
-CRYPTO_get_add_lock_callback		182
-CRYPTO_get_id_callback			183
-CRYPTO_get_lock_name			184
-CRYPTO_get_locking_callback		185
-CRYPTO_get_mem_functions		186
-CRYPTO_lock				187
-CRYPTO_malloc				188
-CRYPTO_mem_ctrl				189
-CRYPTO_mem_leaks			190
-CRYPTO_mem_leaks_cb			191
-CRYPTO_mem_leaks_fp			192
-CRYPTO_realloc				193
-CRYPTO_remalloc				194
-CRYPTO_set_add_lock_callback		195
-CRYPTO_set_id_callback			196
-CRYPTO_set_locking_callback		197
-CRYPTO_set_mem_functions		198
-CRYPTO_thread_id			199
-DH_check				200
-DH_compute_key				201
-DH_free					202
-DH_generate_key				203
-DH_generate_parameters			204
-DH_new					205
-DH_size					206
-DHparams_print				207
-DHparams_print_fp			208
-DSA_free				209
-DSA_generate_key			210
-DSA_generate_parameters			211
-DSA_is_prime				212
-DSA_new					213
-DSA_print				214
-DSA_print_fp				215
-DSA_sign				216
-DSA_sign_setup				217
-DSA_size				218
-DSA_verify				219
-DSAparams_print				220
-DSAparams_print_fp			221
-ERR_clear_error				222
-ERR_error_string			223
-ERR_free_strings			224
-ERR_func_error_string			225
-ERR_get_err_state_table			226
-ERR_get_error				227
-ERR_get_error_line			228
-ERR_get_state				229
-ERR_get_string_table			230
-ERR_lib_error_string			231
-ERR_load_ASN1_strings			232
-ERR_load_BIO_strings			233
-ERR_load_BN_strings			234
-ERR_load_BUF_strings			235
-ERR_load_CONF_strings			236
-ERR_load_DH_strings			237
-ERR_load_DSA_strings			238
-ERR_load_ERR_strings			239
-ERR_load_EVP_strings			240
-ERR_load_OBJ_strings			241
-ERR_load_PEM_strings			242
-ERR_load_PROXY_strings			243
-ERR_load_RSA_strings			244
-ERR_load_X509_strings			245
-ERR_load_crypto_strings			246
-ERR_load_strings			247
-ERR_peek_error				248
-ERR_peek_error_line			249
-ERR_print_errors			250
-ERR_print_errors_fp			251
-ERR_put_error				252
-ERR_reason_error_string			253
-ERR_remove_state			254
-EVP_BytesToKey				255
-EVP_CIPHER_CTX_cleanup			256
-EVP_CipherFinal				257
-EVP_CipherInit				258
-EVP_CipherUpdate			259
-EVP_DecodeBlock				260
-EVP_DecodeFinal				261
-EVP_DecodeInit				262
-EVP_DecodeUpdate			263
-EVP_DecryptFinal			264
-EVP_DecryptInit				265
-EVP_DecryptUpdate			266
-EVP_DigestFinal				267
-EVP_DigestInit				268
-EVP_DigestUpdate			269
-EVP_EncodeBlock				270
-EVP_EncodeFinal				271
-EVP_EncodeInit				272
-EVP_EncodeUpdate			273
-EVP_EncryptFinal			274
-EVP_EncryptInit				275
-EVP_EncryptUpdate			276
-EVP_OpenFinal				277
-EVP_OpenInit				278
-EVP_PKEY_assign				279
-EVP_PKEY_copy_parameters		280
-EVP_PKEY_free				281
-EVP_PKEY_missing_parameters		282
-EVP_PKEY_new				283
-EVP_PKEY_save_parameters		284
-EVP_PKEY_size				285
-EVP_PKEY_type				286
-EVP_SealFinal				287
-EVP_SealInit				288
-EVP_SignFinal				289
-EVP_VerifyFinal				290
-EVP_add_alias				291
-EVP_add_cipher				292
-EVP_add_digest				293
-EVP_bf_cbc				294
-EVP_bf_cfb				295
-EVP_bf_ecb				296
-EVP_bf_ofb				297
-EVP_cleanup				298
-EVP_des_cbc				299
-EVP_des_cfb				300
-EVP_des_ecb				301
-EVP_des_ede				302
-EVP_des_ede3				303
-EVP_des_ede3_cbc			304
-EVP_des_ede3_cfb			305
-EVP_des_ede3_ofb			306
-EVP_des_ede_cbc				307
-EVP_des_ede_cfb				308
-EVP_des_ede_ofb				309
-EVP_des_ofb				310
-EVP_desx_cbc				311
-EVP_dss					312
-EVP_dss1				313
-EVP_enc_null				314
-EVP_get_cipherbyname			315
-EVP_get_digestbyname			316
-EVP_get_pw_prompt			317
-EVP_idea_cbc				318
-EVP_idea_cfb				319
-EVP_idea_ecb				320
-EVP_idea_ofb				321
-EVP_md2					322
-EVP_md5					323
-EVP_md_null				324
-EVP_rc2_cbc				325
-EVP_rc2_cfb				326
-EVP_rc2_ecb				327
-EVP_rc2_ofb				328
-EVP_rc4					329
-EVP_read_pw_string			330
-EVP_set_pw_prompt			331
-EVP_sha					332
-EVP_sha1				333
-MD2					334
-MD2_Final				335
-MD2_Init				336
-MD2_Update				337
-MD2_options				338
-MD5					339
-MD5_Final				340
-MD5_Init				341
-MD5_Update				342
-MDC2					343
-MDC2_Final				344
-MDC2_Init				345
-MDC2_Update				346
-NETSCAPE_SPKAC_free			347
-NETSCAPE_SPKAC_new			348
-NETSCAPE_SPKI_free			349
-NETSCAPE_SPKI_new			350
-NETSCAPE_SPKI_sign			351
-NETSCAPE_SPKI_verify			352
-OBJ_add_object				353
-OBJ_bsearch				354
-OBJ_cleanup				355
-OBJ_cmp					356
-OBJ_create				357
-OBJ_dup					358
-OBJ_ln2nid				359
-OBJ_new_nid				360
-OBJ_nid2ln				361
-OBJ_nid2obj				362
-OBJ_nid2sn				363
-OBJ_obj2nid				364
-OBJ_sn2nid				365
-OBJ_txt2nid				366
-PEM_ASN1_read				367
-PEM_ASN1_read_bio			368
-PEM_ASN1_write				369
-PEM_ASN1_write_bio			370
-PEM_SealFinal				371
-PEM_SealInit				372
-PEM_SealUpdate				373
-PEM_SignFinal				374
-PEM_SignInit				375
-PEM_SignUpdate				376
-PEM_X509_INFO_read			377
-PEM_X509_INFO_read_bio			378
-PEM_X509_INFO_write_bio			379
-PEM_dek_info				380
-PEM_do_header				381
-PEM_get_EVP_CIPHER_INFO			382
-PEM_proc_type				383
-PEM_read				384
-PEM_read_DHparams			385
-PEM_read_DSAPrivateKey			386
-PEM_read_DSAparams			387
-PEM_read_PKCS7				388
-PEM_read_PrivateKey			389
-PEM_read_RSAPrivateKey			390
-PEM_read_X509				391
-PEM_read_X509_CRL			392
-PEM_read_X509_REQ			393
-PEM_read_bio				394
-PEM_read_bio_DHparams			395
-PEM_read_bio_DSAPrivateKey		396
-PEM_read_bio_DSAparams			397
-PEM_read_bio_PKCS7			398
-PEM_read_bio_PrivateKey			399
-PEM_read_bio_RSAPrivateKey		400
-PEM_read_bio_X509			401
-PEM_read_bio_X509_CRL			402
-PEM_read_bio_X509_REQ			403
-PEM_write				404
-PEM_write_DHparams			405
-PEM_write_DSAPrivateKey			406
-PEM_write_DSAparams			407
-PEM_write_PKCS7				408
-PEM_write_PrivateKey			409
-PEM_write_RSAPrivateKey			410
-PEM_write_X509				411
-PEM_write_X509_CRL			412
-PEM_write_X509_REQ			413
-PEM_write_bio				414
-PEM_write_bio_DHparams			415
-PEM_write_bio_DSAPrivateKey		416
-PEM_write_bio_DSAparams			417
-PEM_write_bio_PKCS7			418
-PEM_write_bio_PrivateKey		419
-PEM_write_bio_RSAPrivateKey		420
-PEM_write_bio_X509			421
-PEM_write_bio_X509_CRL			422
-PEM_write_bio_X509_REQ			423
-PKCS7_DIGEST_free			424
-PKCS7_DIGEST_new			425
-PKCS7_ENCRYPT_free			426
-PKCS7_ENCRYPT_new			427
-PKCS7_ENC_CONTENT_free			428
-PKCS7_ENC_CONTENT_new			429
-PKCS7_ENVELOPE_free			430
-PKCS7_ENVELOPE_new			431
-PKCS7_ISSUER_AND_SERIAL_digest		432
-PKCS7_ISSUER_AND_SERIAL_free		433
-PKCS7_ISSUER_AND_SERIAL_new		434
-PKCS7_RECIP_INFO_free			435
-PKCS7_RECIP_INFO_new			436
-PKCS7_SIGNED_free			437
-PKCS7_SIGNED_new			438
-PKCS7_SIGNER_INFO_free			439
-PKCS7_SIGNER_INFO_new			440
-PKCS7_SIGN_ENVELOPE_free		441
-PKCS7_SIGN_ENVELOPE_new			442
-PKCS7_dup				443
-PKCS7_free				444
-PKCS7_new				445
-PROXY_ENTRY_add_noproxy			446
-PROXY_ENTRY_clear_noproxy		447
-PROXY_ENTRY_free			448
-PROXY_ENTRY_get_noproxy			449
-PROXY_ENTRY_new				450
-PROXY_ENTRY_set_server			451
-PROXY_add_noproxy			452
-PROXY_add_server			453
-PROXY_check_by_host			454
-PROXY_check_url				455
-PROXY_clear_noproxy			456
-PROXY_free				457
-PROXY_get_noproxy			458
-PROXY_get_proxies			459
-PROXY_get_proxy_entry			460
-PROXY_load_conf				461
-PROXY_new				462
-PROXY_print				463
-RAND_bytes				464
-RAND_cleanup				465
-RAND_file_name				466
-RAND_load_file				467
-RAND_screen				468
-RAND_seed				469
-RAND_write_file				470
-RC2_cbc_encrypt				471
-RC2_cfb64_encrypt			472
-RC2_ecb_encrypt				473
-RC2_encrypt				474
-RC2_ofb64_encrypt			475
-RC2_set_key				476
-RC4					477
-RC4_options				478
-RC4_set_key				479
-RSAPrivateKey_asn1_meth			480
-RSAPrivateKey_dup			481
-RSAPublicKey_dup			482
-RSA_PKCS1_SSLeay			483
-RSA_free				484
-RSA_generate_key			485
-RSA_new					486
-RSA_new_method				487
-RSA_print				488
-RSA_print_fp				489
-RSA_private_decrypt			490
-RSA_private_encrypt			491
-RSA_public_decrypt			492
-RSA_public_encrypt			493
-RSA_set_default_method			494
-RSA_sign				495
-RSA_sign_ASN1_OCTET_STRING		496
-RSA_size				497
-RSA_verify				498
-RSA_verify_ASN1_OCTET_STRING		499
-SHA					500
-SHA1					501
-SHA1_Final				502
-SHA1_Init				503
-SHA1_Update				504
-SHA_Final				505
-SHA_Init				506
-SHA_Update				507
-SSLeay_add_all_algorithms		508
-SSLeay_add_all_ciphers			509
-SSLeay_add_all_digests			510
-TXT_DB_create_index			511
-TXT_DB_free				512
-TXT_DB_get_by_index			513
-TXT_DB_insert				514
-TXT_DB_read				515
-TXT_DB_write				516
-X509_ALGOR_free				517
-X509_ALGOR_new				518
-X509_ATTRIBUTE_free			519
-X509_ATTRIBUTE_new			520
-X509_CINF_free				521
-X509_CINF_new				522
-X509_CRL_INFO_free			523
-X509_CRL_INFO_new			524
-X509_CRL_add_ext			525
-X509_CRL_cmp				526
-X509_CRL_delete_ext			527
-X509_CRL_dup				528
-X509_CRL_free				529
-X509_CRL_get_ext			530
-X509_CRL_get_ext_by_NID			531
-X509_CRL_get_ext_by_OBJ			532
-X509_CRL_get_ext_by_critical		533
-X509_CRL_get_ext_count			534
-X509_CRL_new				535
-X509_CRL_sign				536
-X509_CRL_verify				537
-X509_EXTENSION_create_by_NID		538
-X509_EXTENSION_create_by_OBJ		539
-X509_EXTENSION_dup			540
-X509_EXTENSION_free			541
-X509_EXTENSION_get_critical		542
-X509_EXTENSION_get_data			543
-X509_EXTENSION_get_object		544
-X509_EXTENSION_new			545
-X509_EXTENSION_set_critical		546
-X509_EXTENSION_set_data			547
-X509_EXTENSION_set_object		548
-X509_INFO_free				549
-X509_INFO_new				550
-X509_LOOKUP_by_alias			551
-X509_LOOKUP_by_fingerprint		552
-X509_LOOKUP_by_issuer_serial		553
-X509_LOOKUP_by_subject			554
-X509_LOOKUP_ctrl			555
-X509_LOOKUP_file			556
-X509_LOOKUP_free			557
-X509_LOOKUP_hash_dir			558
-X509_LOOKUP_init			559
-X509_LOOKUP_new				560
-X509_LOOKUP_shutdown			561
-X509_NAME_ENTRY_create_by_NID		562
-X509_NAME_ENTRY_create_by_OBJ		563
-X509_NAME_ENTRY_dup			564
-X509_NAME_ENTRY_free			565
-X509_NAME_ENTRY_get_data		566
-X509_NAME_ENTRY_get_object		567
-X509_NAME_ENTRY_new			568
-X509_NAME_ENTRY_set_data		569
-X509_NAME_ENTRY_set_object		570
-X509_NAME_add_entry			571
-X509_NAME_cmp				572
-X509_NAME_delete_entry			573
-X509_NAME_digest			574
-X509_NAME_dup				575
-X509_NAME_entry_count			576
-X509_NAME_free				577
-X509_NAME_get_entry			578
-X509_NAME_get_index_by_NID		579
-X509_NAME_get_index_by_OBJ		580
-X509_NAME_get_text_by_NID		581
-X509_NAME_get_text_by_OBJ		582
-X509_NAME_hash				583
-X509_NAME_new				584
-X509_NAME_oneline			585
-X509_NAME_print				586
-X509_NAME_set				587
-X509_OBJECT_free_contents		588
-X509_OBJECT_retrieve_by_subject		589
-X509_OBJECT_up_ref_count		590
-X509_PKEY_free				591
-X509_PKEY_new				592
-X509_PUBKEY_free			593
-X509_PUBKEY_get				594
-X509_PUBKEY_new				595
-X509_PUBKEY_set				596
-X509_REQ_INFO_free			597
-X509_REQ_INFO_new			598
-X509_REQ_dup				599
-X509_REQ_free				600
-X509_REQ_get_pubkey			601
-X509_REQ_new				602
-X509_REQ_print				603
-X509_REQ_print_fp			604
-X509_REQ_set_pubkey			605
-X509_REQ_set_subject_name		606
-X509_REQ_set_version			607
-X509_REQ_sign				608
-X509_REQ_to_X509			609
-X509_REQ_verify				610
-X509_REVOKED_add_ext			611
-X509_REVOKED_delete_ext			612
-X509_REVOKED_free			613
-X509_REVOKED_get_ext			614
-X509_REVOKED_get_ext_by_NID		615
-X509_REVOKED_get_ext_by_OBJ		616
-X509_REVOKED_get_ext_by_critical	617
-X509_REVOKED_get_ext_count		618
-X509_REVOKED_new			619
-X509_SIG_free				620
-X509_SIG_new				621
-X509_STORE_CTX_cleanup			622
-X509_STORE_CTX_init			623
-X509_STORE_add_cert			624
-X509_STORE_add_lookup			625
-X509_STORE_free				626
-X509_STORE_get_by_subject		627
-X509_STORE_load_locations		628
-X509_STORE_new				629
-X509_STORE_set_default_paths		630
-X509_VAL_free				631
-X509_VAL_new				632
-X509_add_ext				633
-X509_asn1_meth				634
-X509_certificate_type			635
-X509_check_private_key			636
-X509_cmp_current_time			637
-X509_delete_ext				638
-X509_digest				639
-X509_dup				640
-X509_free				641
-X509_get_default_cert_area		642
-X509_get_default_cert_dir		643
-X509_get_default_cert_dir_env		644
-X509_get_default_cert_file		645
-X509_get_default_cert_file_env		646
-X509_get_default_private_dir		647
-X509_get_ext				648
-X509_get_ext_by_NID			649
-X509_get_ext_by_OBJ			650
-X509_get_ext_by_critical		651
-X509_get_ext_count			652
-X509_get_issuer_name			653
-X509_get_pubkey				654
-X509_get_pubkey_parameters		655
-X509_get_serialNumber			656
-X509_get_subject_name			657
-X509_gmtime_adj				658
-X509_issuer_and_serial_cmp		659
-X509_issuer_and_serial_hash		660
-X509_issuer_name_cmp			661
-X509_issuer_name_hash			662
-X509_load_cert_file			663
-X509_new				664
-X509_print				665
-X509_print_fp				666
-X509_set_issuer_name			667
-X509_set_notAfter			668
-X509_set_notBefore			669
-X509_set_pubkey				670
-X509_set_serialNumber			671
-X509_set_subject_name			672
-X509_set_version			673
-X509_sign				674
-X509_subject_name_cmp			675
-X509_subject_name_hash			676
-X509_to_X509_REQ			677
-X509_verify				678
-X509_verify_cert			679
-X509_verify_cert_error_string		680
-X509v3_add_ext				681
-X509v3_add_extension			682
-X509v3_add_netscape_extensions		683
-X509v3_add_standard_extensions		684
-X509v3_cleanup_extensions		685
-X509v3_data_type_by_NID			686
-X509v3_data_type_by_OBJ			687
-X509v3_delete_ext			688
-X509v3_get_ext				689
-X509v3_get_ext_by_NID			690
-X509v3_get_ext_by_OBJ			691
-X509v3_get_ext_by_critical		692
-X509v3_get_ext_count			693
-X509v3_pack_string			694
-X509v3_pack_type_by_NID			695
-X509v3_pack_type_by_OBJ			696
-X509v3_unpack_string			697
-_des_crypt				698
-a2d_ASN1_OBJECT				699
-a2i_ASN1_INTEGER			700
-a2i_ASN1_STRING				701
-asn1_Finish				702
-asn1_GetSequence			703
-bn_div_words				704
-bn_expand2				705
-bn_mul_add_words			706
-bn_mul_words				707
-BN_uadd					708
-BN_usub					709
-bn_sqr_words				710
-crypt					711
-d2i_ASN1_BIT_STRING			712
-d2i_ASN1_BOOLEAN			713
-d2i_ASN1_HEADER				714
-d2i_ASN1_IA5STRING			715
-d2i_ASN1_INTEGER			716
-d2i_ASN1_OBJECT				717
-d2i_ASN1_OCTET_STRING			718
-d2i_ASN1_PRINTABLE			719
-d2i_ASN1_PRINTABLESTRING		720
-d2i_ASN1_SET				721
-d2i_ASN1_T61STRING			722
-d2i_ASN1_TYPE				723
-d2i_ASN1_UTCTIME			724
-d2i_ASN1_bytes				725
-d2i_ASN1_type_bytes			726
-d2i_DHparams				727
-d2i_DSAPrivateKey			728
-d2i_DSAPrivateKey_bio			729
-d2i_DSAPrivateKey_fp			730
-d2i_DSAPublicKey			731
-d2i_DSAparams				732
-d2i_NETSCAPE_SPKAC			733
-d2i_NETSCAPE_SPKI			734
-d2i_Netscape_RSA			735
-d2i_PKCS7				736
-d2i_PKCS7_DIGEST			737
-d2i_PKCS7_ENCRYPT			738
-d2i_PKCS7_ENC_CONTENT			739
-d2i_PKCS7_ENVELOPE			740
-d2i_PKCS7_ISSUER_AND_SERIAL		741
-d2i_PKCS7_RECIP_INFO			742
-d2i_PKCS7_SIGNED			743
-d2i_PKCS7_SIGNER_INFO			744
-d2i_PKCS7_SIGN_ENVELOPE			745
-d2i_PKCS7_bio				746
-d2i_PKCS7_fp				747
-d2i_PrivateKey				748
-d2i_PublicKey				749
-d2i_RSAPrivateKey			750
-d2i_RSAPrivateKey_bio			751
-d2i_RSAPrivateKey_fp			752
-d2i_RSAPublicKey			753
-d2i_X509				754
-d2i_X509_ALGOR				755
-d2i_X509_ATTRIBUTE			756
-d2i_X509_CINF				757
-d2i_X509_CRL				758
-d2i_X509_CRL_INFO			759
-d2i_X509_CRL_bio			760
-d2i_X509_CRL_fp				761
-d2i_X509_EXTENSION			762
-d2i_X509_NAME				763
-d2i_X509_NAME_ENTRY			764
-d2i_X509_PKEY				765
-d2i_X509_PUBKEY				766
-d2i_X509_REQ				767
-d2i_X509_REQ_INFO			768
-d2i_X509_REQ_bio			769
-d2i_X509_REQ_fp				770
-d2i_X509_REVOKED			771
-d2i_X509_SIG				772
-d2i_X509_VAL				773
-d2i_X509_bio				774
-d2i_X509_fp				775
-des_cbc_cksum				777
-des_cbc_encrypt				778
-des_cblock_print_file			779
-des_cfb64_encrypt			780
-des_cfb_encrypt				781
-des_decrypt3				782
-des_ecb3_encrypt			783
-des_ecb_encrypt				784
-des_ede3_cbc_encrypt			785
-des_ede3_cfb64_encrypt			786
-des_ede3_ofb64_encrypt			787
-des_enc_read				788
-des_enc_write				789
-des_encrypt				790
-des_encrypt2				791
-des_encrypt3				792
-des_fcrypt				793
-des_is_weak_key				794
-des_key_sched				795
-des_ncbc_encrypt			796
-des_ofb64_encrypt			797
-des_ofb_encrypt				798
-des_options				799
-des_pcbc_encrypt			800
-des_quad_cksum				801
-des_random_key				802
-des_random_seed				803
-des_read_2passwords			804
-des_read_password			805
-des_read_pw				806
-des_read_pw_string			807
-des_set_key				808
-des_set_odd_parity			809
-des_string_to_2keys			810
-des_string_to_key			811
-des_xcbc_encrypt			812
-des_xwhite_in2out			813
-fcrypt_body				814
-i2a_ASN1_INTEGER			815
-i2a_ASN1_OBJECT				816
-i2a_ASN1_STRING				817
-i2d_ASN1_BIT_STRING			818
-i2d_ASN1_BOOLEAN			819
-i2d_ASN1_HEADER				820
-i2d_ASN1_IA5STRING			821
-i2d_ASN1_INTEGER			822
-i2d_ASN1_OBJECT				823
-i2d_ASN1_OCTET_STRING			824
-i2d_ASN1_PRINTABLE			825
-i2d_ASN1_SET				826
-i2d_ASN1_TYPE				827
-i2d_ASN1_UTCTIME			828
-i2d_ASN1_bytes				829
-i2d_DHparams				830
-i2d_DSAPrivateKey			831
-i2d_DSAPrivateKey_bio			832
-i2d_DSAPrivateKey_fp			833
-i2d_DSAPublicKey			834
-i2d_DSAparams				835
-i2d_NETSCAPE_SPKAC			836
-i2d_NETSCAPE_SPKI			837
-i2d_Netscape_RSA			838
-i2d_PKCS7				839
-i2d_PKCS7_DIGEST			840
-i2d_PKCS7_ENCRYPT			841
-i2d_PKCS7_ENC_CONTENT			842
-i2d_PKCS7_ENVELOPE			843
-i2d_PKCS7_ISSUER_AND_SERIAL		844
-i2d_PKCS7_RECIP_INFO			845
-i2d_PKCS7_SIGNED			846
-i2d_PKCS7_SIGNER_INFO			847
-i2d_PKCS7_SIGN_ENVELOPE			848
-i2d_PKCS7_bio				849
-i2d_PKCS7_fp				850
-i2d_PrivateKey				851
-i2d_PublicKey				852
-i2d_RSAPrivateKey			853
-i2d_RSAPrivateKey_bio			854
-i2d_RSAPrivateKey_fp			855
-i2d_RSAPublicKey			856
-i2d_X509				857
-i2d_X509_ALGOR				858
-i2d_X509_ATTRIBUTE			859
-i2d_X509_CINF				860
-i2d_X509_CRL				861
-i2d_X509_CRL_INFO			862
-i2d_X509_CRL_bio			863
-i2d_X509_CRL_fp				864
-i2d_X509_EXTENSION			865
-i2d_X509_NAME				866
-i2d_X509_NAME_ENTRY			867
-i2d_X509_PKEY				868
-i2d_X509_PUBKEY				869
-i2d_X509_REQ				870
-i2d_X509_REQ_INFO			871
-i2d_X509_REQ_bio			872
-i2d_X509_REQ_fp				873
-i2d_X509_REVOKED			874
-i2d_X509_SIG				875
-i2d_X509_VAL				876
-i2d_X509_bio				877
-i2d_X509_fp				878
-idea_cbc_encrypt			879
-idea_cfb64_encrypt			880
-idea_ecb_encrypt			881
-idea_encrypt				882
-idea_ofb64_encrypt			883
-idea_options				884
-idea_set_decrypt_key			885
-idea_set_encrypt_key			886
-lh_delete				887
-lh_doall				888
-lh_doall_arg				889
-lh_free					890
-lh_insert				891
-lh_new					892
-lh_node_stats				893
-lh_node_stats_bio			894
-lh_node_usage_stats			895
-lh_node_usage_stats_bio			896
-lh_retrieve				897
-lh_stats				898
-lh_stats_bio				899
-lh_strhash				900
-sk_delete				901
-sk_delete_ptr				902
-sk_dup					903
-sk_find					904
-sk_free					905
-sk_insert				906
-sk_new					907
-sk_pop					908
-sk_pop_free				909
-sk_push					910
-sk_set_cmp_func				911
-sk_shift				912
-sk_unshift				913
-sk_zero					914
-BIO_f_nbio_test				915
-ASN1_TYPE_get				916
-ASN1_TYPE_set				917
-PKCS7_content_free			918
-ERR_load_PKCS7_strings			919
-X509_find_by_issuer_and_serial		920
-X509_find_by_subject			921
-PKCS7_ctrl				927
-PKCS7_set_type				928
-PKCS7_set_content			929
-PKCS7_SIGNER_INFO_set			930
-PKCS7_add_signer			931
-PKCS7_add_certificate			932
-PKCS7_add_crl				933
-PKCS7_content_new			934
-PKCS7_dataSign				935
-PKCS7_dataVerify			936
-PKCS7_dataInit				937
-PKCS7_add_signature			938
-PKCS7_cert_from_signer_info		939
-PKCS7_get_signer_info			940
-EVP_delete_alias			941
-EVP_mdc2				942
-PEM_read_bio_RSAPublicKey		943
-PEM_write_bio_RSAPublicKey		944
-d2i_RSAPublicKey_bio			945
-i2d_RSAPublicKey_bio			946
-PEM_read_RSAPublicKey			947
-PEM_write_RSAPublicKey			949
-d2i_RSAPublicKey_fp			952
-i2d_RSAPublicKey_fp			954
-BIO_copy_next_retry			955
-RSA_flags				956
-X509_STORE_add_crl			957
-X509_load_crl_file			958
-EVP_rc2_40_cbc				959
-EVP_rc4_40				960
-EVP_CIPHER_CTX_init			961
-HMAC					962
-HMAC_Init				963
-HMAC_Update				964
-HMAC_Final				965
-ERR_get_next_error_library		966
-EVP_PKEY_cmp_parameters			967
-HMAC_cleanup				968
-BIO_ptr_ctrl				969
-BIO_new_file_internal			970
-BIO_new_fp_internal			971
-BIO_s_file_internal			972
-BN_BLINDING_convert			973
-BN_BLINDING_invert			974
-BN_BLINDING_update			975
-RSA_blinding_on				977
-RSA_blinding_off			978
-i2t_ASN1_OBJECT				979
-BN_BLINDING_new				980
-BN_BLINDING_free			981
-EVP_cast5_cbc				983
-EVP_cast5_cfb				984
-EVP_cast5_ecb				985
-EVP_cast5_ofb				986
-BF_decrypt				987
-CAST_set_key				988
-CAST_encrypt				989
-CAST_decrypt				990
-CAST_ecb_encrypt			991
-CAST_cbc_encrypt			992
-CAST_cfb64_encrypt			993
-CAST_ofb64_encrypt			994
-RC2_decrypt				995
-OBJ_create_objects			997
-BN_exp					998
-BN_mul_word				999
-BN_sub_word				1000
-BN_dec2bn				1001
-BN_bn2dec				1002
-BIO_ghbn_ctrl				1003
-CRYPTO_free_ex_data			1004
-CRYPTO_get_ex_data			1005
-CRYPTO_set_ex_data			1007
-ERR_load_CRYPTO_strings			1009
-ERR_load_CRYPTOlib_strings		1009
-EVP_PKEY_bits				1010
-MD5_Transform				1011
-SHA1_Transform				1012
-SHA_Transform				1013
-X509_STORE_CTX_get_chain		1014
-X509_STORE_CTX_get_current_cert		1015
-X509_STORE_CTX_get_error		1016
-X509_STORE_CTX_get_error_depth		1017
-X509_STORE_CTX_get_ex_data		1018
-X509_STORE_CTX_set_cert			1020
-X509_STORE_CTX_set_chain		1021
-X509_STORE_CTX_set_error		1022
-X509_STORE_CTX_set_ex_data		1023
-CRYPTO_dup_ex_data			1025
-CRYPTO_get_new_lockid			1026
-CRYPTO_new_ex_data			1027
-RSA_set_ex_data				1028
-RSA_get_ex_data				1029
-RSA_get_ex_new_index			1030
-RSA_padding_add_PKCS1_type_1		1031
-RSA_padding_add_PKCS1_type_2		1032
-RSA_padding_add_SSLv23			1033
-RSA_padding_add_none			1034
-RSA_padding_check_PKCS1_type_1		1035
-RSA_padding_check_PKCS1_type_2		1036
-RSA_padding_check_SSLv23		1037
-RSA_padding_check_none			1038
-bn_add_words				1039
-d2i_Netscape_RSA_2			1040
-CRYPTO_get_ex_new_index			1041
-RIPEMD160_Init				1042
-RIPEMD160_Update			1043
-RIPEMD160_Final				1044
-RIPEMD160				1045
-RIPEMD160_Transform			1046
-RC5_32_set_key				1047
-RC5_32_ecb_encrypt			1048
-RC5_32_encrypt				1049
-RC5_32_decrypt				1050
-RC5_32_cbc_encrypt			1051
-RC5_32_cfb64_encrypt			1052
-RC5_32_ofb64_encrypt			1053
-BN_bn2mpi				1058
-BN_mpi2bn				1059
-ASN1_BIT_STRING_get_bit			1060
-ASN1_BIT_STRING_set_bit			1061
-BIO_get_ex_data				1062
-BIO_get_ex_new_index			1063
-BIO_set_ex_data				1064
-X509_STORE_CTX_get_ex_new_index		1065
-X509v3_get_key_usage			1066
-X509v3_set_key_usage			1067
-a2i_X509v3_key_usage			1068
-i2a_X509v3_key_usage			1069
-EVP_PKEY_decrypt			1070
-EVP_PKEY_encrypt			1071
-PKCS7_RECIP_INFO_set			1072
-PKCS7_add_recipient			1073
-PKCS7_add_recipient_info		1074
-PKCS7_set_cipher			1075
-ASN1_TYPE_get_int_octetstring		1076
-ASN1_TYPE_get_octetstring		1077
-ASN1_TYPE_set_int_octetstring		1078
-ASN1_TYPE_set_octetstring		1079
-ASN1_UTCTIME_set_string			1080
-ERR_add_error_data			1081
-ERR_set_error_data			1082
-EVP_CIPHER_asn1_to_param		1083
-EVP_CIPHER_param_to_asn1		1084
-EVP_CIPHER_get_asn1_iv			1085
-EVP_CIPHER_set_asn1_iv			1086
-EVP_rc5_32_12_16_cbc			1087
-EVP_rc5_32_12_16_cfb			1088
-EVP_rc5_32_12_16_ecb			1089
-EVP_rc5_32_12_16_ofb			1090
-asn1_add_error				1091
-d2i_ASN1_BMPSTRING			1092
-i2d_ASN1_BMPSTRING			1093
-BIO_f_ber				1094
-BN_init					1095
-COMP_CTX_new				1096
-COMP_CTX_free				1097
-COMP_CTX_compress_block			1098
-COMP_CTX_expand_block			1099
-X509_STORE_CTX_get_ex_new_index		1100
-OBJ_NAME_add				1101
-BIO_socket_nbio				1102
-EVP_rc2_64_cbc				1103
-OBJ_NAME_cleanup			1104
-OBJ_NAME_get				1105
-OBJ_NAME_init				1106
-OBJ_NAME_new_index			1107
-OBJ_NAME_remove				1108
-BN_MONT_CTX_copy			1109
-BIO_new_socks4a_connect			1110
-BIO_s_socks4a_connect			1111
-PROXY_set_connect_mode			1112
-RAND_SSLeay				1113
-RAND_set_rand_method			1114
-RSA_memory_lock				1115
-bn_sub_words				1116
-bn_mul_normal				1117
-bn_mul_comba8				1118
-bn_mul_comba4				1119
-bn_sqr_normal				1120
-bn_sqr_comba8				1121
-bn_sqr_comba4				1122
-bn_cmp_words				1123
-bn_mul_recursive			1124
-bn_mul_part_recursive			1125
-bn_sqr_recursive			1126
-bn_mul_low_normal			1127
-BN_RECP_CTX_init			1128
-BN_RECP_CTX_new				1129
-BN_RECP_CTX_free			1130
-BN_RECP_CTX_set				1131
-BN_mod_mul_reciprocal			1132
-BN_mod_exp_recp				1133
-BN_div_recp				1134
-BN_CTX_init				1135
-BN_MONT_CTX_init			1136
-RAND_get_rand_method			1137
-PKCS7_add_attribute			1138
-PKCS7_add_signed_attribute		1139
-PKCS7_digest_from_attributes		1140
-PKCS7_get_attribute			1141
-PKCS7_get_issuer_and_serial		1142
-PKCS7_get_signed_attribute		1143
-COMP_compress_block			1144
-COMP_expand_block			1145
-COMP_rle				1146
-COMP_zlib				1147
-ms_time_diff				1148
-ms_time_new				1149
-ms_time_free				1150
-ms_time_cmp				1151
-ms_time_get				1152
+SSLeay                                  1	EXIST::FUNCTION:
+SSLeay_version                          2	EXIST::FUNCTION:
+ASN1_BIT_STRING_asn1_meth               3	EXIST::FUNCTION:
+ASN1_HEADER_free                        4	EXIST::FUNCTION:
+ASN1_HEADER_new                         5	EXIST::FUNCTION:
+ASN1_IA5STRING_asn1_meth                6	EXIST::FUNCTION:
+ASN1_INTEGER_get                        7	EXIST::FUNCTION:
+ASN1_INTEGER_set                        8	EXIST::FUNCTION:
+ASN1_INTEGER_to_BN                      9	EXIST::FUNCTION:
+ASN1_OBJECT_create                      10	EXIST::FUNCTION:
+ASN1_OBJECT_free                        11	EXIST::FUNCTION:
+ASN1_OBJECT_new                         12	EXIST::FUNCTION:
+ASN1_PRINTABLE_type                     13	EXIST::FUNCTION:
+ASN1_STRING_cmp                         14	EXIST::FUNCTION:
+ASN1_STRING_dup                         15	EXIST::FUNCTION:
+ASN1_STRING_free                        16	EXIST::FUNCTION:
+ASN1_STRING_new                         17	EXIST::FUNCTION:
+ASN1_STRING_print                       18	EXIST::FUNCTION:BIO
+ASN1_STRING_set                         19	EXIST::FUNCTION:
+ASN1_STRING_type_new                    20	EXIST::FUNCTION:
+ASN1_TYPE_free                          21	EXIST::FUNCTION:
+ASN1_TYPE_new                           22	EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_to_string          23	EXIST::FUNCTION:
+ASN1_UTCTIME_check                      24	EXIST::FUNCTION:
+ASN1_UTCTIME_print                      25	EXIST::FUNCTION:BIO
+ASN1_UTCTIME_set                        26	EXIST::FUNCTION:
+ASN1_check_infinite_end                 27	EXIST::FUNCTION:
+ASN1_d2i_bio                            28	EXIST::FUNCTION:BIO
+ASN1_d2i_fp                             29	EXIST::FUNCTION:FP_API
+ASN1_digest                             30	EXIST::FUNCTION:EVP
+ASN1_dup                                31	EXIST::FUNCTION:
+ASN1_get_object                         32	EXIST::FUNCTION:
+ASN1_i2d_bio                            33	EXIST::FUNCTION:BIO
+ASN1_i2d_fp                             34	EXIST::FUNCTION:FP_API
+ASN1_object_size                        35	EXIST::FUNCTION:
+ASN1_parse                              36	EXIST::FUNCTION:BIO
+ASN1_put_object                         37	EXIST::FUNCTION:
+ASN1_sign                               38	EXIST::FUNCTION:EVP
+ASN1_verify                             39	EXIST::FUNCTION:EVP
+BF_cbc_encrypt                          40	EXIST::FUNCTION:BF
+BF_cfb64_encrypt                        41	EXIST::FUNCTION:BF
+BF_ecb_encrypt                          42	EXIST::FUNCTION:BF
+BF_encrypt                              43	EXIST::FUNCTION:BF
+BF_ofb64_encrypt                        44	EXIST::FUNCTION:BF
+BF_options                              45	EXIST::FUNCTION:BF
+BF_set_key                              46	EXIST::FUNCTION:BF
+BIO_CONNECT_free                        47	NOEXIST::FUNCTION:
+BIO_CONNECT_new                         48	NOEXIST::FUNCTION:
+BIO_accept                              51	EXIST::FUNCTION:
+BIO_ctrl                                52	EXIST::FUNCTION:
+BIO_int_ctrl                            53	EXIST::FUNCTION:
+BIO_debug_callback                      54	EXIST::FUNCTION:
+BIO_dump                                55	EXIST::FUNCTION:
+BIO_dup_chain                           56	EXIST::FUNCTION:
+BIO_f_base64                            57	EXIST::FUNCTION:BIO
+BIO_f_buffer                            58	EXIST::FUNCTION:
+BIO_f_cipher                            59	EXIST::FUNCTION:BIO
+BIO_f_md                                60	EXIST::FUNCTION:BIO
+BIO_f_null                              61	EXIST::FUNCTION:
+BIO_f_proxy_server                      62	NOEXIST::FUNCTION:
+BIO_fd_non_fatal_error                  63	EXIST::FUNCTION:
+BIO_fd_should_retry                     64	EXIST::FUNCTION:
+BIO_find_type                           65	EXIST::FUNCTION:
+BIO_free                                66	EXIST::FUNCTION:
+BIO_free_all                            67	EXIST::FUNCTION:
+BIO_get_accept_socket                   69	EXIST::FUNCTION:
+BIO_get_filter_bio                      70	NOEXIST::FUNCTION:
+BIO_get_host_ip                         71	EXIST::FUNCTION:
+BIO_get_port                            72	EXIST::FUNCTION:
+BIO_get_retry_BIO                       73	EXIST::FUNCTION:
+BIO_get_retry_reason                    74	EXIST::FUNCTION:
+BIO_gethostbyname                       75	EXIST::FUNCTION:
+BIO_gets                                76	EXIST::FUNCTION:
+BIO_new                                 78	EXIST::FUNCTION:
+BIO_new_accept                          79	EXIST::FUNCTION:
+BIO_new_connect                         80	EXIST::FUNCTION:
+BIO_new_fd                              81	EXIST::FUNCTION:
+BIO_new_file                            82	EXIST:!WIN16:FUNCTION:FP_API
+BIO_new_fp                              83	EXIST:!WIN16:FUNCTION:FP_API
+BIO_new_socket                          84	EXIST::FUNCTION:
+BIO_pop                                 85	EXIST::FUNCTION:
+BIO_printf                              86	EXIST::FUNCTION:
+BIO_push                                87	EXIST::FUNCTION:
+BIO_puts                                88	EXIST::FUNCTION:
+BIO_read                                89	EXIST::FUNCTION:
+BIO_s_accept                            90	EXIST::FUNCTION:
+BIO_s_connect                           91	EXIST::FUNCTION:
+BIO_s_fd                                92	EXIST::FUNCTION:
+BIO_s_file                              93	EXIST:!WIN16:FUNCTION:FP_API
+BIO_s_mem                               95	EXIST::FUNCTION:
+BIO_s_null                              96	EXIST::FUNCTION:
+BIO_s_proxy_client                      97	NOEXIST::FUNCTION:
+BIO_s_socket                            98	EXIST::FUNCTION:
+BIO_set                                 100	EXIST::FUNCTION:
+BIO_set_cipher                          101	EXIST::FUNCTION:BIO
+BIO_set_tcp_ndelay                      102	EXIST::FUNCTION:
+BIO_sock_cleanup                        103	EXIST::FUNCTION:
+BIO_sock_error                          104	EXIST::FUNCTION:
+BIO_sock_init                           105	EXIST::FUNCTION:
+BIO_sock_non_fatal_error                106	EXIST::FUNCTION:
+BIO_sock_should_retry                   107	EXIST::FUNCTION:
+BIO_socket_ioctl                        108	EXIST::FUNCTION:
+BIO_write                               109	EXIST::FUNCTION:
+BN_CTX_free                             110	EXIST::FUNCTION:
+BN_CTX_new                              111	EXIST::FUNCTION:
+BN_MONT_CTX_free                        112	EXIST::FUNCTION:
+BN_MONT_CTX_new                         113	EXIST::FUNCTION:
+BN_MONT_CTX_set                         114	EXIST::FUNCTION:
+BN_add                                  115	EXIST::FUNCTION:
+BN_add_word                             116	EXIST::FUNCTION:
+BN_hex2bn                               117	EXIST::FUNCTION:
+BN_bin2bn                               118	EXIST::FUNCTION:
+BN_bn2hex                               119	EXIST::FUNCTION:
+BN_bn2bin                               120	EXIST::FUNCTION:
+BN_clear                                121	EXIST::FUNCTION:
+BN_clear_bit                            122	EXIST::FUNCTION:
+BN_clear_free                           123	EXIST::FUNCTION:
+BN_cmp                                  124	EXIST::FUNCTION:
+BN_copy                                 125	EXIST::FUNCTION:
+BN_div                                  126	EXIST::FUNCTION:
+BN_div_word                             127	EXIST::FUNCTION:
+BN_dup                                  128	EXIST::FUNCTION:
+BN_free                                 129	EXIST::FUNCTION:
+BN_from_montgomery                      130	EXIST::FUNCTION:
+BN_gcd                                  131	EXIST::FUNCTION:
+BN_generate_prime                       132	EXIST::FUNCTION:
+BN_get_word                             133	EXIST::FUNCTION:
+BN_is_bit_set                           134	EXIST::FUNCTION:
+BN_is_prime                             135	EXIST::FUNCTION:
+BN_lshift                               136	EXIST::FUNCTION:
+BN_lshift1                              137	EXIST::FUNCTION:
+BN_mask_bits                            138	EXIST::FUNCTION:
+BN_mod                                  139	NOEXIST::FUNCTION:
+BN_mod_exp                              140	EXIST::FUNCTION:
+BN_mod_exp_mont                         141	EXIST::FUNCTION:
+BN_mod_exp_simple                       143	EXIST::FUNCTION:
+BN_mod_inverse                          144	EXIST::FUNCTION:
+BN_mod_mul                              145	EXIST::FUNCTION:
+BN_mod_mul_montgomery                   146	EXIST::FUNCTION:
+BN_mod_word                             148	EXIST::FUNCTION:
+BN_mul                                  149	EXIST::FUNCTION:
+BN_new                                  150	EXIST::FUNCTION:
+BN_num_bits                             151	EXIST::FUNCTION:
+BN_num_bits_word                        152	EXIST::FUNCTION:
+BN_options                              153	EXIST::FUNCTION:
+BN_print                                154	EXIST::FUNCTION:
+BN_print_fp                             155	EXIST::FUNCTION:FP_API
+BN_rand                                 156	EXIST::FUNCTION:
+BN_reciprocal                           157	EXIST::FUNCTION:
+BN_rshift                               158	EXIST::FUNCTION:
+BN_rshift1                              159	EXIST::FUNCTION:
+BN_set_bit                              160	EXIST::FUNCTION:
+BN_set_word                             161	EXIST::FUNCTION:
+BN_sqr                                  162	EXIST::FUNCTION:
+BN_sub                                  163	EXIST::FUNCTION:
+BN_to_ASN1_INTEGER                      164	EXIST::FUNCTION:
+BN_ucmp                                 165	EXIST::FUNCTION:
+BN_value_one                            166	EXIST::FUNCTION:
+BUF_MEM_free                            167	EXIST::FUNCTION:
+BUF_MEM_grow                            168	EXIST::FUNCTION:
+BUF_MEM_new                             169	EXIST::FUNCTION:
+BUF_strdup                              170	EXIST::FUNCTION:
+CONF_free                               171	EXIST::FUNCTION:
+CONF_get_number                         172	EXIST::FUNCTION:
+CONF_get_section                        173	EXIST::FUNCTION:
+CONF_get_string                         174	EXIST::FUNCTION:
+CONF_load                               175	EXIST::FUNCTION:
+CRYPTO_add_lock                         176	EXIST::FUNCTION:
+CRYPTO_dbg_free                         177	EXIST::FUNCTION:
+CRYPTO_dbg_malloc                       178	EXIST::FUNCTION:
+CRYPTO_dbg_realloc                      179	EXIST::FUNCTION:
+CRYPTO_dbg_remalloc                     180	NOEXIST::FUNCTION:
+CRYPTO_free                             181	EXIST::FUNCTION:
+CRYPTO_get_add_lock_callback            182	EXIST::FUNCTION:
+CRYPTO_get_id_callback                  183	EXIST::FUNCTION:
+CRYPTO_get_lock_name                    184	EXIST::FUNCTION:
+CRYPTO_get_locking_callback             185	EXIST::FUNCTION:
+CRYPTO_get_mem_functions                186	EXIST::FUNCTION:
+CRYPTO_lock                             187	EXIST::FUNCTION:
+CRYPTO_malloc                           188	EXIST::FUNCTION:
+CRYPTO_mem_ctrl                         189	EXIST::FUNCTION:
+CRYPTO_mem_leaks                        190	EXIST::FUNCTION:
+CRYPTO_mem_leaks_cb                     191	EXIST::FUNCTION:
+CRYPTO_mem_leaks_fp                     192	EXIST::FUNCTION:FP_API
+CRYPTO_realloc                          193	EXIST::FUNCTION:
+CRYPTO_remalloc                         194	EXIST::FUNCTION:
+CRYPTO_set_add_lock_callback            195	EXIST::FUNCTION:
+CRYPTO_set_id_callback                  196	EXIST::FUNCTION:
+CRYPTO_set_locking_callback             197	EXIST::FUNCTION:
+CRYPTO_set_mem_functions                198	EXIST::FUNCTION:
+CRYPTO_thread_id                        199	EXIST::FUNCTION:
+DH_check                                200	EXIST::FUNCTION:DH
+DH_compute_key                          201	EXIST::FUNCTION:DH
+DH_free                                 202	EXIST::FUNCTION:DH
+DH_generate_key                         203	EXIST::FUNCTION:DH
+DH_generate_parameters                  204	EXIST::FUNCTION:DH
+DH_new                                  205	EXIST::FUNCTION:DH
+DH_size                                 206	EXIST::FUNCTION:DH
+DHparams_print                          207	EXIST::FUNCTION:BIO,DH
+DHparams_print_fp                       208	EXIST::FUNCTION:DH,FP_API
+DSA_free                                209	EXIST::FUNCTION:DSA
+DSA_generate_key                        210	EXIST::FUNCTION:DSA
+DSA_generate_parameters                 211	EXIST::FUNCTION:DSA
+DSA_is_prime                            212	NOEXIST::FUNCTION:
+DSA_new                                 213	EXIST::FUNCTION:DSA
+DSA_print                               214	EXIST::FUNCTION:BIO,DSA
+DSA_print_fp                            215	EXIST::FUNCTION:DSA,FP_API
+DSA_sign                                216	EXIST::FUNCTION:DSA
+DSA_sign_setup                          217	EXIST::FUNCTION:DSA
+DSA_size                                218	EXIST::FUNCTION:DSA
+DSA_verify                              219	EXIST::FUNCTION:DSA
+DSAparams_print                         220	EXIST::FUNCTION:BIO,DSA
+DSAparams_print_fp                      221	EXIST::FUNCTION:DSA,FP_API
+ERR_clear_error                         222	EXIST::FUNCTION:
+ERR_error_string                        223	EXIST::FUNCTION:
+ERR_free_strings                        224	EXIST::FUNCTION:
+ERR_func_error_string                   225	EXIST::FUNCTION:
+ERR_get_err_state_table                 226	EXIST::FUNCTION:LHASH
+ERR_get_error                           227	EXIST::FUNCTION:
+ERR_get_error_line                      228	EXIST::FUNCTION:
+ERR_get_state                           229	EXIST::FUNCTION:
+ERR_get_string_table                    230	EXIST::FUNCTION:LHASH
+ERR_lib_error_string                    231	EXIST::FUNCTION:
+ERR_load_ASN1_strings                   232	EXIST::FUNCTION:
+ERR_load_BIO_strings                    233	EXIST::FUNCTION:
+ERR_load_BN_strings                     234	EXIST::FUNCTION:
+ERR_load_BUF_strings                    235	EXIST::FUNCTION:
+ERR_load_CONF_strings                   236	EXIST::FUNCTION:
+ERR_load_DH_strings                     237	EXIST::FUNCTION:DH
+ERR_load_DSA_strings                    238	EXIST::FUNCTION:DSA
+ERR_load_ERR_strings                    239	EXIST::FUNCTION:
+ERR_load_EVP_strings                    240	EXIST::FUNCTION:
+ERR_load_OBJ_strings                    241	EXIST::FUNCTION:
+ERR_load_PEM_strings                    242	EXIST::FUNCTION:
+ERR_load_PROXY_strings                  243	NOEXIST::FUNCTION:
+ERR_load_RSA_strings                    244	EXIST::FUNCTION:RSA
+ERR_load_X509_strings                   245	EXIST::FUNCTION:
+ERR_load_crypto_strings                 246	EXIST::FUNCTION:
+ERR_load_strings                        247	EXIST::FUNCTION:
+ERR_peek_error                          248	EXIST::FUNCTION:
+ERR_peek_error_line                     249	EXIST::FUNCTION:
+ERR_print_errors                        250	EXIST::FUNCTION:BIO
+ERR_print_errors_fp                     251	EXIST::FUNCTION:FP_API
+ERR_put_error                           252	EXIST::FUNCTION:
+ERR_reason_error_string                 253	EXIST::FUNCTION:
+ERR_remove_state                        254	EXIST::FUNCTION:
+EVP_BytesToKey                          255	EXIST::FUNCTION:
+EVP_CIPHER_CTX_cleanup                  256	EXIST::FUNCTION:
+EVP_CipherFinal                         257	EXIST::FUNCTION:
+EVP_CipherInit                          258	EXIST::FUNCTION:
+EVP_CipherUpdate                        259	EXIST::FUNCTION:
+EVP_DecodeBlock                         260	EXIST::FUNCTION:
+EVP_DecodeFinal                         261	EXIST::FUNCTION:
+EVP_DecodeInit                          262	EXIST::FUNCTION:
+EVP_DecodeUpdate                        263	EXIST::FUNCTION:
+EVP_DecryptFinal                        264	EXIST::FUNCTION:
+EVP_DecryptInit                         265	EXIST::FUNCTION:
+EVP_DecryptUpdate                       266	EXIST::FUNCTION:
+EVP_DigestFinal                         267	EXIST::FUNCTION:
+EVP_DigestInit                          268	EXIST::FUNCTION:
+EVP_DigestUpdate                        269	EXIST::FUNCTION:
+EVP_EncodeBlock                         270	EXIST::FUNCTION:
+EVP_EncodeFinal                         271	EXIST::FUNCTION:
+EVP_EncodeInit                          272	EXIST::FUNCTION:
+EVP_EncodeUpdate                        273	EXIST::FUNCTION:
+EVP_EncryptFinal                        274	EXIST::FUNCTION:
+EVP_EncryptInit                         275	EXIST::FUNCTION:
+EVP_EncryptUpdate                       276	EXIST::FUNCTION:
+EVP_OpenFinal                           277	EXIST::FUNCTION:RSA
+EVP_OpenInit                            278	EXIST::FUNCTION:RSA
+EVP_PKEY_assign                         279	EXIST::FUNCTION:
+EVP_PKEY_copy_parameters                280	EXIST::FUNCTION:
+EVP_PKEY_free                           281	EXIST::FUNCTION:
+EVP_PKEY_missing_parameters             282	EXIST::FUNCTION:
+EVP_PKEY_new                            283	EXIST::FUNCTION:
+EVP_PKEY_save_parameters                284	EXIST::FUNCTION:
+EVP_PKEY_size                           285	EXIST::FUNCTION:
+EVP_PKEY_type                           286	EXIST::FUNCTION:
+EVP_SealFinal                           287	EXIST::FUNCTION:RSA
+EVP_SealInit                            288	EXIST::FUNCTION:RSA
+EVP_SignFinal                           289	EXIST::FUNCTION:
+EVP_VerifyFinal                         290	EXIST::FUNCTION:
+EVP_add_alias                           291	NOEXIST::FUNCTION:
+EVP_add_cipher                          292	EXIST::FUNCTION:
+EVP_add_digest                          293	EXIST::FUNCTION:
+EVP_bf_cbc                              294	EXIST::FUNCTION:BF
+EVP_bf_cfb                              295	EXIST::FUNCTION:BF
+EVP_bf_ecb                              296	EXIST::FUNCTION:BF
+EVP_bf_ofb                              297	EXIST::FUNCTION:BF
+EVP_cleanup                             298	EXIST::FUNCTION:
+EVP_des_cbc                             299	EXIST::FUNCTION:DES
+EVP_des_cfb                             300	EXIST::FUNCTION:DES
+EVP_des_ecb                             301	EXIST::FUNCTION:DES
+EVP_des_ede                             302	EXIST::FUNCTION:DES
+EVP_des_ede3                            303	EXIST::FUNCTION:DES
+EVP_des_ede3_cbc                        304	EXIST::FUNCTION:DES
+EVP_des_ede3_cfb                        305	EXIST::FUNCTION:DES
+EVP_des_ede3_ofb                        306	EXIST::FUNCTION:DES
+EVP_des_ede_cbc                         307	EXIST::FUNCTION:DES
+EVP_des_ede_cfb                         308	EXIST::FUNCTION:DES
+EVP_des_ede_ofb                         309	EXIST::FUNCTION:DES
+EVP_des_ofb                             310	EXIST::FUNCTION:DES
+EVP_desx_cbc                            311	EXIST::FUNCTION:DES
+EVP_dss                                 312	EXIST::FUNCTION:DSA,SHA
+EVP_dss1                                313	EXIST::FUNCTION:DSA,SHA
+EVP_enc_null                            314	EXIST::FUNCTION:
+EVP_get_cipherbyname                    315	EXIST::FUNCTION:
+EVP_get_digestbyname                    316	EXIST::FUNCTION:
+EVP_get_pw_prompt                       317	EXIST::FUNCTION:
+EVP_idea_cbc                            318	EXIST::FUNCTION:IDEA
+EVP_idea_cfb                            319	EXIST::FUNCTION:IDEA
+EVP_idea_ecb                            320	EXIST::FUNCTION:IDEA
+EVP_idea_ofb                            321	EXIST::FUNCTION:IDEA
+EVP_md2                                 322	EXIST::FUNCTION:MD2
+EVP_md5                                 323	EXIST::FUNCTION:MD5
+EVP_md_null                             324	EXIST::FUNCTION:
+EVP_rc2_cbc                             325	EXIST::FUNCTION:RC2
+EVP_rc2_cfb                             326	EXIST::FUNCTION:RC2
+EVP_rc2_ecb                             327	EXIST::FUNCTION:RC2
+EVP_rc2_ofb                             328	EXIST::FUNCTION:RC2
+EVP_rc4                                 329	EXIST::FUNCTION:RC4
+EVP_read_pw_string                      330	EXIST::FUNCTION:
+EVP_set_pw_prompt                       331	EXIST::FUNCTION:
+EVP_sha                                 332	EXIST::FUNCTION:SHA
+EVP_sha1                                333	EXIST::FUNCTION:SHA
+MD2                                     334	EXIST::FUNCTION:MD2
+MD2_Final                               335	EXIST::FUNCTION:MD2
+MD2_Init                                336	EXIST::FUNCTION:MD2
+MD2_Update                              337	EXIST::FUNCTION:MD2
+MD2_options                             338	EXIST::FUNCTION:MD2
+MD5                                     339	EXIST::FUNCTION:MD5
+MD5_Final                               340	EXIST::FUNCTION:MD5
+MD5_Init                                341	EXIST::FUNCTION:MD5
+MD5_Update                              342	EXIST::FUNCTION:MD5
+MDC2                                    343	EXIST::FUNCTION:MDC2
+MDC2_Final                              344	EXIST::FUNCTION:MDC2
+MDC2_Init                               345	EXIST::FUNCTION:MDC2
+MDC2_Update                             346	EXIST::FUNCTION:MDC2
+NETSCAPE_SPKAC_free                     347	EXIST::FUNCTION:
+NETSCAPE_SPKAC_new                      348	EXIST::FUNCTION:
+NETSCAPE_SPKI_free                      349	EXIST::FUNCTION:
+NETSCAPE_SPKI_new                       350	EXIST::FUNCTION:
+NETSCAPE_SPKI_sign                      351	EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_verify                    352	EXIST::FUNCTION:EVP
+OBJ_add_object                          353	EXIST::FUNCTION:
+OBJ_bsearch                             354	EXIST::FUNCTION:
+OBJ_cleanup                             355	EXIST::FUNCTION:
+OBJ_cmp                                 356	EXIST::FUNCTION:
+OBJ_create                              357	EXIST::FUNCTION:
+OBJ_dup                                 358	EXIST::FUNCTION:
+OBJ_ln2nid                              359	EXIST::FUNCTION:
+OBJ_new_nid                             360	EXIST::FUNCTION:
+OBJ_nid2ln                              361	EXIST::FUNCTION:
+OBJ_nid2obj                             362	EXIST::FUNCTION:
+OBJ_nid2sn                              363	EXIST::FUNCTION:
+OBJ_obj2nid                             364	EXIST::FUNCTION:
+OBJ_sn2nid                              365	EXIST::FUNCTION:
+OBJ_txt2nid                             366	EXIST::FUNCTION:
+PEM_ASN1_read                           367	EXIST:!WIN16:FUNCTION:
+PEM_ASN1_read_bio                       368	EXIST::FUNCTION:BIO
+PEM_ASN1_write                          369	EXIST:!WIN16:FUNCTION:
+PEM_ASN1_write_bio                      370	EXIST::FUNCTION:BIO
+PEM_SealFinal                           371	EXIST::FUNCTION:RSA
+PEM_SealInit                            372	EXIST::FUNCTION:RSA
+PEM_SealUpdate                          373	EXIST::FUNCTION:RSA
+PEM_SignFinal                           374	EXIST::FUNCTION:
+PEM_SignInit                            375	EXIST::FUNCTION:
+PEM_SignUpdate                          376	EXIST::FUNCTION:
+PEM_X509_INFO_read                      377	EXIST:!WIN16:FUNCTION:
+PEM_X509_INFO_read_bio                  378	EXIST::FUNCTION:BIO
+PEM_X509_INFO_write_bio                 379	EXIST::FUNCTION:BIO
+PEM_dek_info                            380	EXIST::FUNCTION:
+PEM_do_header                           381	EXIST::FUNCTION:
+PEM_get_EVP_CIPHER_INFO                 382	EXIST::FUNCTION:
+PEM_proc_type                           383	EXIST::FUNCTION:
+PEM_read                                384	EXIST:!WIN16:FUNCTION:
+PEM_read_DHparams                       385	EXIST:!WIN16:FUNCTION:DH
+PEM_read_DSAPrivateKey                  386	EXIST:!WIN16:FUNCTION:DSA
+PEM_read_DSAparams                      387	EXIST:!WIN16:FUNCTION:DSA
+PEM_read_PKCS7                          388	EXIST:!WIN16:FUNCTION:
+PEM_read_PrivateKey                     389	EXIST:!WIN16:FUNCTION:
+PEM_read_RSAPrivateKey                  390	EXIST:!WIN16:FUNCTION:RSA
+PEM_read_X509                           391	EXIST:!WIN16:FUNCTION:
+PEM_read_X509_CRL                       392	EXIST:!WIN16:FUNCTION:
+PEM_read_X509_REQ                       393	EXIST:!WIN16:FUNCTION:
+PEM_read_bio                            394	EXIST::FUNCTION:BIO
+PEM_read_bio_DHparams                   395	EXIST::FUNCTION:DH
+PEM_read_bio_DSAPrivateKey              396	EXIST::FUNCTION:DSA
+PEM_read_bio_DSAparams                  397	EXIST::FUNCTION:DSA
+PEM_read_bio_PKCS7                      398	EXIST::FUNCTION:
+PEM_read_bio_PrivateKey                 399	EXIST::FUNCTION:
+PEM_read_bio_RSAPrivateKey              400	EXIST::FUNCTION:RSA
+PEM_read_bio_X509                       401	EXIST::FUNCTION:
+PEM_read_bio_X509_CRL                   402	EXIST::FUNCTION:
+PEM_read_bio_X509_REQ                   403	EXIST::FUNCTION:
+PEM_write                               404	EXIST:!WIN16:FUNCTION:
+PEM_write_DHparams                      405	EXIST:!WIN16:FUNCTION:DH
+PEM_write_DSAPrivateKey                 406	EXIST:!WIN16:FUNCTION:DSA
+PEM_write_DSAparams                     407	EXIST:!WIN16:FUNCTION:DSA
+PEM_write_PKCS7                         408	EXIST:!WIN16:FUNCTION:
+PEM_write_PrivateKey                    409	EXIST:!WIN16:FUNCTION:
+PEM_write_RSAPrivateKey                 410	EXIST:!WIN16:FUNCTION:RSA
+PEM_write_X509                          411	EXIST:!WIN16:FUNCTION:
+PEM_write_X509_CRL                      412	EXIST:!WIN16:FUNCTION:
+PEM_write_X509_REQ                      413	EXIST:!WIN16:FUNCTION:
+PEM_write_bio                           414	EXIST::FUNCTION:BIO
+PEM_write_bio_DHparams                  415	EXIST::FUNCTION:DH
+PEM_write_bio_DSAPrivateKey             416	EXIST::FUNCTION:DSA
+PEM_write_bio_DSAparams                 417	EXIST::FUNCTION:DSA
+PEM_write_bio_PKCS7                     418	EXIST::FUNCTION:
+PEM_write_bio_PrivateKey                419	EXIST::FUNCTION:
+PEM_write_bio_RSAPrivateKey             420	EXIST::FUNCTION:RSA
+PEM_write_bio_X509                      421	EXIST::FUNCTION:
+PEM_write_bio_X509_CRL                  422	EXIST::FUNCTION:
+PEM_write_bio_X509_REQ                  423	EXIST::FUNCTION:
+PKCS7_DIGEST_free                       424	EXIST::FUNCTION:
+PKCS7_DIGEST_new                        425	EXIST::FUNCTION:
+PKCS7_ENCRYPT_free                      426	EXIST::FUNCTION:
+PKCS7_ENCRYPT_new                       427	EXIST::FUNCTION:
+PKCS7_ENC_CONTENT_free                  428	EXIST::FUNCTION:
+PKCS7_ENC_CONTENT_new                   429	EXIST::FUNCTION:
+PKCS7_ENVELOPE_free                     430	EXIST::FUNCTION:
+PKCS7_ENVELOPE_new                      431	EXIST::FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_digest          432	EXIST::FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_free            433	EXIST::FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_new             434	EXIST::FUNCTION:
+PKCS7_RECIP_INFO_free                   435	EXIST::FUNCTION:
+PKCS7_RECIP_INFO_new                    436	EXIST::FUNCTION:
+PKCS7_SIGNED_free                       437	EXIST::FUNCTION:
+PKCS7_SIGNED_new                        438	EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_free                  439	EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_new                   440	EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_free                441	EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_new                 442	EXIST::FUNCTION:
+PKCS7_dup                               443	EXIST::FUNCTION:
+PKCS7_free                              444	EXIST::FUNCTION:
+PKCS7_new                               445	EXIST::FUNCTION:
+PROXY_ENTRY_add_noproxy                 446	NOEXIST::FUNCTION:
+PROXY_ENTRY_clear_noproxy               447	NOEXIST::FUNCTION:
+PROXY_ENTRY_free                        448	NOEXIST::FUNCTION:
+PROXY_ENTRY_get_noproxy                 449	NOEXIST::FUNCTION:
+PROXY_ENTRY_new                         450	NOEXIST::FUNCTION:
+PROXY_ENTRY_set_server                  451	NOEXIST::FUNCTION:
+PROXY_add_noproxy                       452	NOEXIST::FUNCTION:
+PROXY_add_server                        453	NOEXIST::FUNCTION:
+PROXY_check_by_host                     454	NOEXIST::FUNCTION:
+PROXY_check_url                         455	NOEXIST::FUNCTION:
+PROXY_clear_noproxy                     456	NOEXIST::FUNCTION:
+PROXY_free                              457	NOEXIST::FUNCTION:
+PROXY_get_noproxy                       458	NOEXIST::FUNCTION:
+PROXY_get_proxies                       459	NOEXIST::FUNCTION:
+PROXY_get_proxy_entry                   460	NOEXIST::FUNCTION:
+PROXY_load_conf                         461	NOEXIST::FUNCTION:
+PROXY_new                               462	NOEXIST::FUNCTION:
+PROXY_print                             463	NOEXIST::FUNCTION:
+RAND_bytes                              464	EXIST::FUNCTION:
+RAND_cleanup                            465	EXIST::FUNCTION:
+RAND_file_name                          466	EXIST::FUNCTION:
+RAND_load_file                          467	EXIST::FUNCTION:
+RAND_screen                             468	EXIST:WIN32:FUNCTION:
+RAND_seed                               469	EXIST::FUNCTION:
+RAND_write_file                         470	EXIST::FUNCTION:
+RC2_cbc_encrypt                         471	EXIST::FUNCTION:RC2
+RC2_cfb64_encrypt                       472	EXIST::FUNCTION:RC2
+RC2_ecb_encrypt                         473	EXIST::FUNCTION:RC2
+RC2_encrypt                             474	EXIST::FUNCTION:RC2
+RC2_ofb64_encrypt                       475	EXIST::FUNCTION:RC2
+RC2_set_key                             476	EXIST::FUNCTION:RC2
+RC4                                     477	EXIST::FUNCTION:RC4
+RC4_options                             478	EXIST::FUNCTION:RC4
+RC4_set_key                             479	EXIST::FUNCTION:RC4
+RSAPrivateKey_asn1_meth                 480	EXIST::FUNCTION:RSA
+RSAPrivateKey_dup                       481	EXIST::FUNCTION:RSA
+RSAPublicKey_dup                        482	EXIST::FUNCTION:RSA
+RSA_PKCS1_SSLeay                        483	EXIST::FUNCTION:RSA
+RSA_free                                484	EXIST::FUNCTION:RSA
+RSA_generate_key                        485	EXIST::FUNCTION:RSA
+RSA_new                                 486	EXIST::FUNCTION:RSA
+RSA_new_method                          487	EXIST::FUNCTION:RSA
+RSA_print                               488	EXIST::FUNCTION:BIO,RSA
+RSA_print_fp                            489	EXIST::FUNCTION:FP_API,RSA
+RSA_private_decrypt                     490	EXIST::FUNCTION:RSA
+RSA_private_encrypt                     491	EXIST::FUNCTION:RSA
+RSA_public_decrypt                      492	EXIST::FUNCTION:RSA
+RSA_public_encrypt                      493	EXIST::FUNCTION:RSA
+RSA_set_default_method                  494	EXIST::FUNCTION:RSA
+RSA_sign                                495	EXIST::FUNCTION:RSA
+RSA_sign_ASN1_OCTET_STRING              496	EXIST::FUNCTION:RSA
+RSA_size                                497	EXIST::FUNCTION:RSA
+RSA_verify                              498	EXIST::FUNCTION:RSA
+RSA_verify_ASN1_OCTET_STRING            499	EXIST::FUNCTION:RSA
+SHA                                     500	EXIST::FUNCTION:SHA,SHA0
+SHA1                                    501	EXIST::FUNCTION:SHA,SHA1
+SHA1_Final                              502	EXIST::FUNCTION:SHA,SHA1
+SHA1_Init                               503	EXIST::FUNCTION:SHA,SHA1
+SHA1_Update                             504	EXIST::FUNCTION:SHA,SHA1
+SHA_Final                               505	EXIST::FUNCTION:SHA,SHA0
+SHA_Init                                506	EXIST::FUNCTION:SHA,SHA0
+SHA_Update                              507	EXIST::FUNCTION:SHA,SHA0
+OpenSSL_add_all_algorithms              508	NOEXIST::FUNCTION:
+OpenSSL_add_all_ciphers                 509	EXIST::FUNCTION:
+OpenSSL_add_all_digests                 510	EXIST::FUNCTION:
+TXT_DB_create_index                     511	EXIST::FUNCTION:
+TXT_DB_free                             512	EXIST::FUNCTION:
+TXT_DB_get_by_index                     513	EXIST::FUNCTION:
+TXT_DB_insert                           514	EXIST::FUNCTION:
+TXT_DB_read                             515	EXIST::FUNCTION:BIO
+TXT_DB_write                            516	EXIST::FUNCTION:BIO
+X509_ALGOR_free                         517	EXIST::FUNCTION:
+X509_ALGOR_new                          518	EXIST::FUNCTION:
+X509_ATTRIBUTE_free                     519	EXIST::FUNCTION:
+X509_ATTRIBUTE_new                      520	EXIST::FUNCTION:
+X509_CINF_free                          521	EXIST::FUNCTION:
+X509_CINF_new                           522	EXIST::FUNCTION:
+X509_CRL_INFO_free                      523	EXIST::FUNCTION:
+X509_CRL_INFO_new                       524	EXIST::FUNCTION:
+X509_CRL_add_ext                        525	EXIST::FUNCTION:
+X509_CRL_cmp                            526	EXIST::FUNCTION:
+X509_CRL_delete_ext                     527	EXIST::FUNCTION:
+X509_CRL_dup                            528	EXIST::FUNCTION:
+X509_CRL_free                           529	EXIST::FUNCTION:
+X509_CRL_get_ext                        530	EXIST::FUNCTION:
+X509_CRL_get_ext_by_NID                 531	EXIST::FUNCTION:
+X509_CRL_get_ext_by_OBJ                 532	EXIST::FUNCTION:
+X509_CRL_get_ext_by_critical            533	EXIST::FUNCTION:
+X509_CRL_get_ext_count                  534	EXIST::FUNCTION:
+X509_CRL_new                            535	EXIST::FUNCTION:
+X509_CRL_sign                           536	EXIST::FUNCTION:EVP
+X509_CRL_verify                         537	EXIST::FUNCTION:EVP
+X509_EXTENSION_create_by_NID            538	EXIST::FUNCTION:
+X509_EXTENSION_create_by_OBJ            539	EXIST::FUNCTION:
+X509_EXTENSION_dup                      540	EXIST::FUNCTION:
+X509_EXTENSION_free                     541	EXIST::FUNCTION:
+X509_EXTENSION_get_critical             542	EXIST::FUNCTION:
+X509_EXTENSION_get_data                 543	EXIST::FUNCTION:
+X509_EXTENSION_get_object               544	EXIST::FUNCTION:
+X509_EXTENSION_new                      545	EXIST::FUNCTION:
+X509_EXTENSION_set_critical             546	EXIST::FUNCTION:
+X509_EXTENSION_set_data                 547	EXIST::FUNCTION:
+X509_EXTENSION_set_object               548	EXIST::FUNCTION:
+X509_INFO_free                          549	EXIST::FUNCTION:EVP
+X509_INFO_new                           550	EXIST::FUNCTION:EVP
+X509_LOOKUP_by_alias                    551	EXIST::FUNCTION:
+X509_LOOKUP_by_fingerprint              552	EXIST::FUNCTION:
+X509_LOOKUP_by_issuer_serial            553	EXIST::FUNCTION:
+X509_LOOKUP_by_subject                  554	EXIST::FUNCTION:
+X509_LOOKUP_ctrl                        555	EXIST::FUNCTION:
+X509_LOOKUP_file                        556	EXIST::FUNCTION:
+X509_LOOKUP_free                        557	EXIST::FUNCTION:
+X509_LOOKUP_hash_dir                    558	EXIST::FUNCTION:
+X509_LOOKUP_init                        559	EXIST::FUNCTION:
+X509_LOOKUP_new                         560	EXIST::FUNCTION:
+X509_LOOKUP_shutdown                    561	EXIST::FUNCTION:
+X509_NAME_ENTRY_create_by_NID           562	EXIST::FUNCTION:
+X509_NAME_ENTRY_create_by_OBJ           563	EXIST::FUNCTION:
+X509_NAME_ENTRY_dup                     564	EXIST::FUNCTION:
+X509_NAME_ENTRY_free                    565	EXIST::FUNCTION:
+X509_NAME_ENTRY_get_data                566	EXIST::FUNCTION:
+X509_NAME_ENTRY_get_object              567	EXIST::FUNCTION:
+X509_NAME_ENTRY_new                     568	EXIST::FUNCTION:
+X509_NAME_ENTRY_set_data                569	EXIST::FUNCTION:
+X509_NAME_ENTRY_set_object              570	EXIST::FUNCTION:
+X509_NAME_add_entry                     571	EXIST::FUNCTION:
+X509_NAME_cmp                           572	EXIST::FUNCTION:
+X509_NAME_delete_entry                  573	EXIST::FUNCTION:
+X509_NAME_digest                        574	EXIST::FUNCTION:EVP
+X509_NAME_dup                           575	EXIST::FUNCTION:
+X509_NAME_entry_count                   576	EXIST::FUNCTION:
+X509_NAME_free                          577	EXIST::FUNCTION:
+X509_NAME_get_entry                     578	EXIST::FUNCTION:
+X509_NAME_get_index_by_NID              579	EXIST::FUNCTION:
+X509_NAME_get_index_by_OBJ              580	EXIST::FUNCTION:
+X509_NAME_get_text_by_NID               581	EXIST::FUNCTION:
+X509_NAME_get_text_by_OBJ               582	EXIST::FUNCTION:
+X509_NAME_hash                          583	EXIST::FUNCTION:
+X509_NAME_new                           584	EXIST::FUNCTION:
+X509_NAME_oneline                       585	EXIST::FUNCTION:EVP
+X509_NAME_print                         586	EXIST::FUNCTION:BIO
+X509_NAME_set                           587	EXIST::FUNCTION:
+X509_OBJECT_free_contents               588	EXIST::FUNCTION:
+X509_OBJECT_retrieve_by_subject         589	EXIST::FUNCTION:
+X509_OBJECT_up_ref_count                590	EXIST::FUNCTION:
+X509_PKEY_free                          591	EXIST::FUNCTION:
+X509_PKEY_new                           592	EXIST::FUNCTION:
+X509_PUBKEY_free                        593	EXIST::FUNCTION:
+X509_PUBKEY_get                         594	EXIST::FUNCTION:
+X509_PUBKEY_new                         595	EXIST::FUNCTION:
+X509_PUBKEY_set                         596	EXIST::FUNCTION:
+X509_REQ_INFO_free                      597	EXIST::FUNCTION:
+X509_REQ_INFO_new                       598	EXIST::FUNCTION:
+X509_REQ_dup                            599	EXIST::FUNCTION:
+X509_REQ_free                           600	EXIST::FUNCTION:
+X509_REQ_get_pubkey                     601	EXIST::FUNCTION:
+X509_REQ_new                            602	EXIST::FUNCTION:
+X509_REQ_print                          603	EXIST::FUNCTION:BIO
+X509_REQ_print_fp                       604	EXIST::FUNCTION:FP_API
+X509_REQ_set_pubkey                     605	EXIST::FUNCTION:
+X509_REQ_set_subject_name               606	EXIST::FUNCTION:
+X509_REQ_set_version                    607	EXIST::FUNCTION:
+X509_REQ_sign                           608	EXIST::FUNCTION:EVP
+X509_REQ_to_X509                        609	EXIST::FUNCTION:
+X509_REQ_verify                         610	EXIST::FUNCTION:EVP
+X509_REVOKED_add_ext                    611	EXIST::FUNCTION:
+X509_REVOKED_delete_ext                 612	EXIST::FUNCTION:
+X509_REVOKED_free                       613	EXIST::FUNCTION:
+X509_REVOKED_get_ext                    614	EXIST::FUNCTION:
+X509_REVOKED_get_ext_by_NID             615	EXIST::FUNCTION:
+X509_REVOKED_get_ext_by_OBJ             616	EXIST::FUNCTION:
+X509_REVOKED_get_ext_by_critical        617	EXIST:!VMS:FUNCTION:
+X509_REVOKED_get_ext_by_critic          617	EXIST:VMS:FUNCTION:
+X509_REVOKED_get_ext_count              618	EXIST::FUNCTION:
+X509_REVOKED_new                        619	EXIST::FUNCTION:
+X509_SIG_free                           620	EXIST::FUNCTION:
+X509_SIG_new                            621	EXIST::FUNCTION:
+X509_STORE_CTX_cleanup                  622	EXIST::FUNCTION:
+X509_STORE_CTX_init                     623	EXIST::FUNCTION:
+X509_STORE_add_cert                     624	EXIST::FUNCTION:
+X509_STORE_add_lookup                   625	EXIST::FUNCTION:
+X509_STORE_free                         626	EXIST::FUNCTION:
+X509_STORE_get_by_subject               627	EXIST::FUNCTION:
+X509_STORE_load_locations               628	EXIST::FUNCTION:STDIO
+X509_STORE_new                          629	EXIST::FUNCTION:
+X509_STORE_set_default_paths            630	EXIST::FUNCTION:STDIO
+X509_VAL_free                           631	EXIST::FUNCTION:
+X509_VAL_new                            632	EXIST::FUNCTION:
+X509_add_ext                            633	EXIST::FUNCTION:
+X509_asn1_meth                          634	EXIST::FUNCTION:
+X509_certificate_type                   635	EXIST::FUNCTION:
+X509_check_private_key                  636	EXIST::FUNCTION:
+X509_cmp_current_time                   637	EXIST::FUNCTION:
+X509_delete_ext                         638	EXIST::FUNCTION:
+X509_digest                             639	EXIST::FUNCTION:EVP
+X509_dup                                640	EXIST::FUNCTION:
+X509_free                               641	EXIST::FUNCTION:
+X509_get_default_cert_area              642	EXIST::FUNCTION:
+X509_get_default_cert_dir               643	EXIST::FUNCTION:
+X509_get_default_cert_dir_env           644	EXIST::FUNCTION:
+X509_get_default_cert_file              645	EXIST::FUNCTION:
+X509_get_default_cert_file_env          646	EXIST::FUNCTION:
+X509_get_default_private_dir            647	EXIST::FUNCTION:
+X509_get_ext                            648	EXIST::FUNCTION:
+X509_get_ext_by_NID                     649	EXIST::FUNCTION:
+X509_get_ext_by_OBJ                     650	EXIST::FUNCTION:
+X509_get_ext_by_critical                651	EXIST::FUNCTION:
+X509_get_ext_count                      652	EXIST::FUNCTION:
+X509_get_issuer_name                    653	EXIST::FUNCTION:
+X509_get_pubkey                         654	EXIST::FUNCTION:
+X509_get_pubkey_parameters              655	EXIST::FUNCTION:
+X509_get_serialNumber                   656	EXIST::FUNCTION:
+X509_get_subject_name                   657	EXIST::FUNCTION:
+X509_gmtime_adj                         658	EXIST::FUNCTION:
+X509_issuer_and_serial_cmp              659	EXIST::FUNCTION:
+X509_issuer_and_serial_hash             660	EXIST::FUNCTION:
+X509_issuer_name_cmp                    661	EXIST::FUNCTION:
+X509_issuer_name_hash                   662	EXIST::FUNCTION:
+X509_load_cert_file                     663	EXIST::FUNCTION:STDIO
+X509_new                                664	EXIST::FUNCTION:
+X509_print                              665	EXIST::FUNCTION:BIO
+X509_print_fp                           666	EXIST::FUNCTION:FP_API
+X509_set_issuer_name                    667	EXIST::FUNCTION:
+X509_set_notAfter                       668	EXIST::FUNCTION:
+X509_set_notBefore                      669	EXIST::FUNCTION:
+X509_set_pubkey                         670	EXIST::FUNCTION:
+X509_set_serialNumber                   671	EXIST::FUNCTION:
+X509_set_subject_name                   672	EXIST::FUNCTION:
+X509_set_version                        673	EXIST::FUNCTION:
+X509_sign                               674	EXIST::FUNCTION:EVP
+X509_subject_name_cmp                   675	EXIST::FUNCTION:
+X509_subject_name_hash                  676	EXIST::FUNCTION:
+X509_to_X509_REQ                        677	EXIST::FUNCTION:
+X509_verify                             678	EXIST::FUNCTION:EVP
+X509_verify_cert                        679	EXIST::FUNCTION:
+X509_verify_cert_error_string           680	EXIST::FUNCTION:
+X509v3_add_ext                          681	EXIST::FUNCTION:
+X509v3_add_extension                    682	NOEXIST::FUNCTION:
+X509v3_add_netscape_extensions          683	NOEXIST::FUNCTION:
+X509v3_add_standard_extensions          684	NOEXIST::FUNCTION:
+X509v3_cleanup_extensions               685	NOEXIST::FUNCTION:
+X509v3_data_type_by_NID                 686	NOEXIST::FUNCTION:
+X509v3_data_type_by_OBJ                 687	NOEXIST::FUNCTION:
+X509v3_delete_ext                       688	EXIST::FUNCTION:
+X509v3_get_ext                          689	EXIST::FUNCTION:
+X509v3_get_ext_by_NID                   690	EXIST::FUNCTION:
+X509v3_get_ext_by_OBJ                   691	EXIST::FUNCTION:
+X509v3_get_ext_by_critical              692	EXIST::FUNCTION:
+X509v3_get_ext_count                    693	EXIST::FUNCTION:
+X509v3_pack_string                      694	NOEXIST::FUNCTION:
+X509v3_pack_type_by_NID                 695	NOEXIST::FUNCTION:
+X509v3_pack_type_by_OBJ                 696	NOEXIST::FUNCTION:
+X509v3_unpack_string                    697	NOEXIST::FUNCTION:
+_des_crypt                              698	NOEXIST::FUNCTION:
+a2d_ASN1_OBJECT                         699	EXIST::FUNCTION:
+a2i_ASN1_INTEGER                        700	EXIST::FUNCTION:BIO
+a2i_ASN1_STRING                         701	EXIST::FUNCTION:BIO
+asn1_Finish                             702	EXIST::FUNCTION:
+asn1_GetSequence                        703	EXIST::FUNCTION:
+bn_div_words                            704	EXIST::FUNCTION:
+bn_expand2                              705	EXIST::FUNCTION:
+bn_mul_add_words                        706	EXIST::FUNCTION:
+bn_mul_words                            707	EXIST::FUNCTION:
+BN_uadd                                 708	EXIST::FUNCTION:
+BN_usub                                 709	EXIST::FUNCTION:
+bn_sqr_words                            710	EXIST::FUNCTION:
+_ossl_old_crypt                         711	EXIST:!NeXT,!PERL5:FUNCTION:DES
+d2i_ASN1_BIT_STRING                     712	EXIST::FUNCTION:
+d2i_ASN1_BOOLEAN                        713	EXIST::FUNCTION:
+d2i_ASN1_HEADER                         714	EXIST::FUNCTION:
+d2i_ASN1_IA5STRING                      715	EXIST::FUNCTION:
+d2i_ASN1_INTEGER                        716	EXIST::FUNCTION:
+d2i_ASN1_OBJECT                         717	EXIST::FUNCTION:
+d2i_ASN1_OCTET_STRING                   718	EXIST::FUNCTION:
+d2i_ASN1_PRINTABLE                      719	EXIST::FUNCTION:
+d2i_ASN1_PRINTABLESTRING                720	EXIST::FUNCTION:
+d2i_ASN1_SET                            721	EXIST::FUNCTION:
+d2i_ASN1_T61STRING                      722	EXIST::FUNCTION:
+d2i_ASN1_TYPE                           723	EXIST::FUNCTION:
+d2i_ASN1_UTCTIME                        724	EXIST::FUNCTION:
+d2i_ASN1_bytes                          725	EXIST::FUNCTION:
+d2i_ASN1_type_bytes                     726	EXIST::FUNCTION:
+d2i_DHparams                            727	EXIST::FUNCTION:DH
+d2i_DSAPrivateKey                       728	EXIST::FUNCTION:DSA
+d2i_DSAPrivateKey_bio                   729	EXIST::FUNCTION:BIO,DSA
+d2i_DSAPrivateKey_fp                    730	EXIST::FUNCTION:DSA,FP_API
+d2i_DSAPublicKey                        731	EXIST::FUNCTION:DSA
+d2i_DSAparams                           732	EXIST::FUNCTION:DSA
+d2i_NETSCAPE_SPKAC                      733	EXIST::FUNCTION:
+d2i_NETSCAPE_SPKI                       734	EXIST::FUNCTION:
+d2i_Netscape_RSA                        735	EXIST::FUNCTION:RSA
+d2i_PKCS7                               736	EXIST::FUNCTION:
+d2i_PKCS7_DIGEST                        737	EXIST::FUNCTION:
+d2i_PKCS7_ENCRYPT                       738	EXIST::FUNCTION:
+d2i_PKCS7_ENC_CONTENT                   739	EXIST::FUNCTION:
+d2i_PKCS7_ENVELOPE                      740	EXIST::FUNCTION:
+d2i_PKCS7_ISSUER_AND_SERIAL             741	EXIST::FUNCTION:
+d2i_PKCS7_RECIP_INFO                    742	EXIST::FUNCTION:
+d2i_PKCS7_SIGNED                        743	EXIST::FUNCTION:
+d2i_PKCS7_SIGNER_INFO                   744	EXIST::FUNCTION:
+d2i_PKCS7_SIGN_ENVELOPE                 745	EXIST::FUNCTION:
+d2i_PKCS7_bio                           746	EXIST::FUNCTION:
+d2i_PKCS7_fp                            747	EXIST::FUNCTION:FP_API
+d2i_PrivateKey                          748	EXIST::FUNCTION:
+d2i_PublicKey                           749	EXIST::FUNCTION:
+d2i_RSAPrivateKey                       750	EXIST::FUNCTION:RSA
+d2i_RSAPrivateKey_bio                   751	EXIST::FUNCTION:BIO,RSA
+d2i_RSAPrivateKey_fp                    752	EXIST::FUNCTION:FP_API,RSA
+d2i_RSAPublicKey                        753	EXIST::FUNCTION:RSA
+d2i_X509                                754	EXIST::FUNCTION:
+d2i_X509_ALGOR                          755	EXIST::FUNCTION:
+d2i_X509_ATTRIBUTE                      756	EXIST::FUNCTION:
+d2i_X509_CINF                           757	EXIST::FUNCTION:
+d2i_X509_CRL                            758	EXIST::FUNCTION:
+d2i_X509_CRL_INFO                       759	EXIST::FUNCTION:
+d2i_X509_CRL_bio                        760	EXIST::FUNCTION:BIO
+d2i_X509_CRL_fp                         761	EXIST::FUNCTION:FP_API
+d2i_X509_EXTENSION                      762	EXIST::FUNCTION:
+d2i_X509_NAME                           763	EXIST::FUNCTION:
+d2i_X509_NAME_ENTRY                     764	EXIST::FUNCTION:
+d2i_X509_PKEY                           765	EXIST::FUNCTION:
+d2i_X509_PUBKEY                         766	EXIST::FUNCTION:
+d2i_X509_REQ                            767	EXIST::FUNCTION:
+d2i_X509_REQ_INFO                       768	EXIST::FUNCTION:
+d2i_X509_REQ_bio                        769	EXIST::FUNCTION:BIO
+d2i_X509_REQ_fp                         770	EXIST::FUNCTION:FP_API
+d2i_X509_REVOKED                        771	EXIST::FUNCTION:
+d2i_X509_SIG                            772	EXIST::FUNCTION:
+d2i_X509_VAL                            773	EXIST::FUNCTION:
+d2i_X509_bio                            774	EXIST::FUNCTION:BIO
+d2i_X509_fp                             775	EXIST::FUNCTION:FP_API
+DES_cbc_cksum                           777	EXIST::FUNCTION:DES
+DES_cbc_encrypt                         778	EXIST::FUNCTION:DES
+DES_cblock_print_file                   779	NOEXIST::FUNCTION:
+DES_cfb64_encrypt                       780	EXIST::FUNCTION:DES
+DES_cfb_encrypt                         781	EXIST::FUNCTION:DES
+DES_decrypt3                            782	EXIST::FUNCTION:DES
+DES_ecb3_encrypt                        783	EXIST::FUNCTION:DES
+DES_ecb_encrypt                         784	EXIST::FUNCTION:DES
+DES_ede3_cbc_encrypt                    785	EXIST::FUNCTION:DES
+DES_ede3_cfb64_encrypt                  786	EXIST::FUNCTION:DES
+DES_ede3_ofb64_encrypt                  787	EXIST::FUNCTION:DES
+DES_enc_read                            788	EXIST::FUNCTION:DES
+DES_enc_write                           789	EXIST::FUNCTION:DES
+DES_encrypt1                            790	EXIST::FUNCTION:DES
+DES_encrypt2                            791	EXIST::FUNCTION:DES
+DES_encrypt3                            792	EXIST::FUNCTION:DES
+DES_fcrypt                              793	EXIST::FUNCTION:DES
+DES_is_weak_key                         794	EXIST::FUNCTION:DES
+DES_key_sched                           795	EXIST::FUNCTION:DES
+DES_ncbc_encrypt                        796	EXIST::FUNCTION:DES
+DES_ofb64_encrypt                       797	EXIST::FUNCTION:DES
+DES_ofb_encrypt                         798	EXIST::FUNCTION:DES
+DES_options                             799	EXIST::FUNCTION:DES
+DES_pcbc_encrypt                        800	EXIST::FUNCTION:DES
+DES_quad_cksum                          801	EXIST::FUNCTION:DES
+DES_random_key                          802	EXIST::FUNCTION:DES
+_ossl_old_des_random_seed               803	EXIST::FUNCTION:DES
+_ossl_old_des_read_2passwords           804	EXIST::FUNCTION:DES
+_ossl_old_des_read_password             805	EXIST::FUNCTION:DES
+_ossl_old_des_read_pw                   806	EXIST::FUNCTION:
+_ossl_old_des_read_pw_string            807	EXIST::FUNCTION:
+DES_set_key                             808	EXIST::FUNCTION:DES
+DES_set_odd_parity                      809	EXIST::FUNCTION:DES
+DES_string_to_2keys                     810	EXIST::FUNCTION:DES
+DES_string_to_key                       811	EXIST::FUNCTION:DES
+DES_xcbc_encrypt                        812	EXIST::FUNCTION:DES
+DES_xwhite_in2out                       813	EXIST::FUNCTION:DES
+fcrypt_body                             814	NOEXIST::FUNCTION:
+i2a_ASN1_INTEGER                        815	EXIST::FUNCTION:BIO
+i2a_ASN1_OBJECT                         816	EXIST::FUNCTION:BIO
+i2a_ASN1_STRING                         817	EXIST::FUNCTION:BIO
+i2d_ASN1_BIT_STRING                     818	EXIST::FUNCTION:
+i2d_ASN1_BOOLEAN                        819	EXIST::FUNCTION:
+i2d_ASN1_HEADER                         820	EXIST::FUNCTION:
+i2d_ASN1_IA5STRING                      821	EXIST::FUNCTION:
+i2d_ASN1_INTEGER                        822	EXIST::FUNCTION:
+i2d_ASN1_OBJECT                         823	EXIST::FUNCTION:
+i2d_ASN1_OCTET_STRING                   824	EXIST::FUNCTION:
+i2d_ASN1_PRINTABLE                      825	EXIST::FUNCTION:
+i2d_ASN1_SET                            826	EXIST::FUNCTION:
+i2d_ASN1_TYPE                           827	EXIST::FUNCTION:
+i2d_ASN1_UTCTIME                        828	EXIST::FUNCTION:
+i2d_ASN1_bytes                          829	EXIST::FUNCTION:
+i2d_DHparams                            830	EXIST::FUNCTION:DH
+i2d_DSAPrivateKey                       831	EXIST::FUNCTION:DSA
+i2d_DSAPrivateKey_bio                   832	EXIST::FUNCTION:BIO,DSA
+i2d_DSAPrivateKey_fp                    833	EXIST::FUNCTION:DSA,FP_API
+i2d_DSAPublicKey                        834	EXIST::FUNCTION:DSA
+i2d_DSAparams                           835	EXIST::FUNCTION:DSA
+i2d_NETSCAPE_SPKAC                      836	EXIST::FUNCTION:
+i2d_NETSCAPE_SPKI                       837	EXIST::FUNCTION:
+i2d_Netscape_RSA                        838	EXIST::FUNCTION:RSA
+i2d_PKCS7                               839	EXIST::FUNCTION:
+i2d_PKCS7_DIGEST                        840	EXIST::FUNCTION:
+i2d_PKCS7_ENCRYPT                       841	EXIST::FUNCTION:
+i2d_PKCS7_ENC_CONTENT                   842	EXIST::FUNCTION:
+i2d_PKCS7_ENVELOPE                      843	EXIST::FUNCTION:
+i2d_PKCS7_ISSUER_AND_SERIAL             844	EXIST::FUNCTION:
+i2d_PKCS7_RECIP_INFO                    845	EXIST::FUNCTION:
+i2d_PKCS7_SIGNED                        846	EXIST::FUNCTION:
+i2d_PKCS7_SIGNER_INFO                   847	EXIST::FUNCTION:
+i2d_PKCS7_SIGN_ENVELOPE                 848	EXIST::FUNCTION:
+i2d_PKCS7_bio                           849	EXIST::FUNCTION:
+i2d_PKCS7_fp                            850	EXIST::FUNCTION:FP_API
+i2d_PrivateKey                          851	EXIST::FUNCTION:
+i2d_PublicKey                           852	EXIST::FUNCTION:
+i2d_RSAPrivateKey                       853	EXIST::FUNCTION:RSA
+i2d_RSAPrivateKey_bio                   854	EXIST::FUNCTION:BIO,RSA
+i2d_RSAPrivateKey_fp                    855	EXIST::FUNCTION:FP_API,RSA
+i2d_RSAPublicKey                        856	EXIST::FUNCTION:RSA
+i2d_X509                                857	EXIST::FUNCTION:
+i2d_X509_ALGOR                          858	EXIST::FUNCTION:
+i2d_X509_ATTRIBUTE                      859	EXIST::FUNCTION:
+i2d_X509_CINF                           860	EXIST::FUNCTION:
+i2d_X509_CRL                            861	EXIST::FUNCTION:
+i2d_X509_CRL_INFO                       862	EXIST::FUNCTION:
+i2d_X509_CRL_bio                        863	EXIST::FUNCTION:BIO
+i2d_X509_CRL_fp                         864	EXIST::FUNCTION:FP_API
+i2d_X509_EXTENSION                      865	EXIST::FUNCTION:
+i2d_X509_NAME                           866	EXIST::FUNCTION:
+i2d_X509_NAME_ENTRY                     867	EXIST::FUNCTION:
+i2d_X509_PKEY                           868	EXIST::FUNCTION:
+i2d_X509_PUBKEY                         869	EXIST::FUNCTION:
+i2d_X509_REQ                            870	EXIST::FUNCTION:
+i2d_X509_REQ_INFO                       871	EXIST::FUNCTION:
+i2d_X509_REQ_bio                        872	EXIST::FUNCTION:BIO
+i2d_X509_REQ_fp                         873	EXIST::FUNCTION:FP_API
+i2d_X509_REVOKED                        874	EXIST::FUNCTION:
+i2d_X509_SIG                            875	EXIST::FUNCTION:
+i2d_X509_VAL                            876	EXIST::FUNCTION:
+i2d_X509_bio                            877	EXIST::FUNCTION:BIO
+i2d_X509_fp                             878	EXIST::FUNCTION:FP_API
+idea_cbc_encrypt                        879	EXIST::FUNCTION:IDEA
+idea_cfb64_encrypt                      880	EXIST::FUNCTION:IDEA
+idea_ecb_encrypt                        881	EXIST::FUNCTION:IDEA
+idea_encrypt                            882	EXIST::FUNCTION:IDEA
+idea_ofb64_encrypt                      883	EXIST::FUNCTION:IDEA
+idea_options                            884	EXIST::FUNCTION:IDEA
+idea_set_decrypt_key                    885	EXIST::FUNCTION:IDEA
+idea_set_encrypt_key                    886	EXIST::FUNCTION:IDEA
+lh_delete                               887	EXIST::FUNCTION:
+lh_doall                                888	EXIST::FUNCTION:
+lh_doall_arg                            889	EXIST::FUNCTION:
+lh_free                                 890	EXIST::FUNCTION:
+lh_insert                               891	EXIST::FUNCTION:
+lh_new                                  892	EXIST::FUNCTION:
+lh_node_stats                           893	EXIST::FUNCTION:FP_API
+lh_node_stats_bio                       894	EXIST::FUNCTION:BIO
+lh_node_usage_stats                     895	EXIST::FUNCTION:FP_API
+lh_node_usage_stats_bio                 896	EXIST::FUNCTION:BIO
+lh_retrieve                             897	EXIST::FUNCTION:
+lh_stats                                898	EXIST::FUNCTION:FP_API
+lh_stats_bio                            899	EXIST::FUNCTION:BIO
+lh_strhash                              900	EXIST::FUNCTION:
+sk_delete                               901	EXIST::FUNCTION:
+sk_delete_ptr                           902	EXIST::FUNCTION:
+sk_dup                                  903	EXIST::FUNCTION:
+sk_find                                 904	EXIST::FUNCTION:
+sk_free                                 905	EXIST::FUNCTION:
+sk_insert                               906	EXIST::FUNCTION:
+sk_new                                  907	EXIST::FUNCTION:
+sk_pop                                  908	EXIST::FUNCTION:
+sk_pop_free                             909	EXIST::FUNCTION:
+sk_push                                 910	EXIST::FUNCTION:
+sk_set_cmp_func                         911	EXIST::FUNCTION:
+sk_shift                                912	EXIST::FUNCTION:
+sk_unshift                              913	EXIST::FUNCTION:
+sk_zero                                 914	EXIST::FUNCTION:
+BIO_f_nbio_test                         915	EXIST::FUNCTION:
+ASN1_TYPE_get                           916	EXIST::FUNCTION:
+ASN1_TYPE_set                           917	EXIST::FUNCTION:
+PKCS7_content_free                      918	NOEXIST::FUNCTION:
+ERR_load_PKCS7_strings                  919	EXIST::FUNCTION:
+X509_find_by_issuer_and_serial          920	EXIST::FUNCTION:
+X509_find_by_subject                    921	EXIST::FUNCTION:
+PKCS7_ctrl                              927	EXIST::FUNCTION:
+PKCS7_set_type                          928	EXIST::FUNCTION:
+PKCS7_set_content                       929	EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_set                   930	EXIST::FUNCTION:
+PKCS7_add_signer                        931	EXIST::FUNCTION:
+PKCS7_add_certificate                   932	EXIST::FUNCTION:
+PKCS7_add_crl                           933	EXIST::FUNCTION:
+PKCS7_content_new                       934	EXIST::FUNCTION:
+PKCS7_dataSign                          935	NOEXIST::FUNCTION:
+PKCS7_dataVerify                        936	EXIST::FUNCTION:
+PKCS7_dataInit                          937	EXIST::FUNCTION:
+PKCS7_add_signature                     938	EXIST::FUNCTION:
+PKCS7_cert_from_signer_info             939	EXIST::FUNCTION:
+PKCS7_get_signer_info                   940	EXIST::FUNCTION:
+EVP_delete_alias                        941	NOEXIST::FUNCTION:
+EVP_mdc2                                942	EXIST::FUNCTION:MDC2
+PEM_read_bio_RSAPublicKey               943	EXIST::FUNCTION:RSA
+PEM_write_bio_RSAPublicKey              944	EXIST::FUNCTION:RSA
+d2i_RSAPublicKey_bio                    945	EXIST::FUNCTION:BIO,RSA
+i2d_RSAPublicKey_bio                    946	EXIST::FUNCTION:BIO,RSA
+PEM_read_RSAPublicKey                   947	EXIST:!WIN16:FUNCTION:RSA
+PEM_write_RSAPublicKey                  949	EXIST:!WIN16:FUNCTION:RSA
+d2i_RSAPublicKey_fp                     952	EXIST::FUNCTION:FP_API,RSA
+i2d_RSAPublicKey_fp                     954	EXIST::FUNCTION:FP_API,RSA
+BIO_copy_next_retry                     955	EXIST::FUNCTION:
+RSA_flags                               956	EXIST::FUNCTION:RSA
+X509_STORE_add_crl                      957	EXIST::FUNCTION:
+X509_load_crl_file                      958	EXIST::FUNCTION:STDIO
+EVP_rc2_40_cbc                          959	EXIST::FUNCTION:RC2
+EVP_rc4_40                              960	EXIST::FUNCTION:RC4
+EVP_CIPHER_CTX_init                     961	EXIST::FUNCTION:
+HMAC                                    962	EXIST::FUNCTION:HMAC
+HMAC_Init                               963	EXIST::FUNCTION:HMAC
+HMAC_Update                             964	EXIST::FUNCTION:HMAC
+HMAC_Final                              965	EXIST::FUNCTION:HMAC
+ERR_get_next_error_library              966	EXIST::FUNCTION:
+EVP_PKEY_cmp_parameters                 967	EXIST::FUNCTION:
+HMAC_cleanup                            968	NOEXIST::FUNCTION:
+BIO_ptr_ctrl                            969	EXIST::FUNCTION:
+BIO_new_file_internal                   970	EXIST:WIN16:FUNCTION:FP_API
+BIO_new_fp_internal                     971	EXIST:WIN16:FUNCTION:FP_API
+BIO_s_file_internal                     972	EXIST:WIN16:FUNCTION:FP_API
+BN_BLINDING_convert                     973	EXIST::FUNCTION:
+BN_BLINDING_invert                      974	EXIST::FUNCTION:
+BN_BLINDING_update                      975	EXIST::FUNCTION:
+RSA_blinding_on                         977	EXIST::FUNCTION:RSA
+RSA_blinding_off                        978	EXIST::FUNCTION:RSA
+i2t_ASN1_OBJECT                         979	EXIST::FUNCTION:
+BN_BLINDING_new                         980	EXIST::FUNCTION:
+BN_BLINDING_free                        981	EXIST::FUNCTION:
+EVP_cast5_cbc                           983	EXIST::FUNCTION:CAST
+EVP_cast5_cfb                           984	EXIST::FUNCTION:CAST
+EVP_cast5_ecb                           985	EXIST::FUNCTION:CAST
+EVP_cast5_ofb                           986	EXIST::FUNCTION:CAST
+BF_decrypt                              987	EXIST::FUNCTION:BF
+CAST_set_key                            988	EXIST::FUNCTION:CAST
+CAST_encrypt                            989	EXIST::FUNCTION:CAST
+CAST_decrypt                            990	EXIST::FUNCTION:CAST
+CAST_ecb_encrypt                        991	EXIST::FUNCTION:CAST
+CAST_cbc_encrypt                        992	EXIST::FUNCTION:CAST
+CAST_cfb64_encrypt                      993	EXIST::FUNCTION:CAST
+CAST_ofb64_encrypt                      994	EXIST::FUNCTION:CAST
+RC2_decrypt                             995	EXIST::FUNCTION:RC2
+OBJ_create_objects                      997	EXIST::FUNCTION:
+BN_exp                                  998	EXIST::FUNCTION:
+BN_mul_word                             999	EXIST::FUNCTION:
+BN_sub_word                             1000	EXIST::FUNCTION:
+BN_dec2bn                               1001	EXIST::FUNCTION:
+BN_bn2dec                               1002	EXIST::FUNCTION:
+BIO_ghbn_ctrl                           1003	NOEXIST::FUNCTION:
+CRYPTO_free_ex_data                     1004	EXIST::FUNCTION:
+CRYPTO_get_ex_data                      1005	EXIST::FUNCTION:
+CRYPTO_set_ex_data                      1007	EXIST::FUNCTION:
+ERR_load_CRYPTO_strings                 1009	EXIST:!OS2,!VMS,!WIN16:FUNCTION:
+ERR_load_CRYPTOlib_strings              1009	EXIST:OS2,VMS,WIN16:FUNCTION:
+EVP_PKEY_bits                           1010	EXIST::FUNCTION:
+MD5_Transform                           1011	EXIST::FUNCTION:MD5
+SHA1_Transform                          1012	EXIST::FUNCTION:SHA,SHA1
+SHA_Transform                           1013	EXIST::FUNCTION:SHA,SHA0
+X509_STORE_CTX_get_chain                1014	EXIST::FUNCTION:
+X509_STORE_CTX_get_current_cert         1015	EXIST::FUNCTION:
+X509_STORE_CTX_get_error                1016	EXIST::FUNCTION:
+X509_STORE_CTX_get_error_depth          1017	EXIST::FUNCTION:
+X509_STORE_CTX_get_ex_data              1018	EXIST::FUNCTION:
+X509_STORE_CTX_set_cert                 1020	EXIST::FUNCTION:
+X509_STORE_CTX_set_chain                1021	EXIST::FUNCTION:
+X509_STORE_CTX_set_error                1022	EXIST::FUNCTION:
+X509_STORE_CTX_set_ex_data              1023	EXIST::FUNCTION:
+CRYPTO_dup_ex_data                      1025	EXIST::FUNCTION:
+CRYPTO_get_new_lockid                   1026	EXIST::FUNCTION:
+CRYPTO_new_ex_data                      1027	EXIST::FUNCTION:
+RSA_set_ex_data                         1028	EXIST::FUNCTION:RSA
+RSA_get_ex_data                         1029	EXIST::FUNCTION:RSA
+RSA_get_ex_new_index                    1030	EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_type_1            1031	EXIST::FUNCTION:RSA
+RSA_padding_add_PKCS1_type_2            1032	EXIST::FUNCTION:RSA
+RSA_padding_add_SSLv23                  1033	EXIST::FUNCTION:RSA
+RSA_padding_add_none                    1034	EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_type_1          1035	EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_type_2          1036	EXIST::FUNCTION:RSA
+RSA_padding_check_SSLv23                1037	EXIST::FUNCTION:RSA
+RSA_padding_check_none                  1038	EXIST::FUNCTION:RSA
+bn_add_words                            1039	EXIST::FUNCTION:
+d2i_Netscape_RSA_2                      1040	NOEXIST::FUNCTION:
+CRYPTO_get_ex_new_index                 1041	EXIST::FUNCTION:
+RIPEMD160_Init                          1042	EXIST::FUNCTION:RIPEMD
+RIPEMD160_Update                        1043	EXIST::FUNCTION:RIPEMD
+RIPEMD160_Final                         1044	EXIST::FUNCTION:RIPEMD
+RIPEMD160                               1045	EXIST::FUNCTION:RIPEMD
+RIPEMD160_Transform                     1046	EXIST::FUNCTION:RIPEMD
+RC5_32_set_key                          1047	EXIST::FUNCTION:RC5
+RC5_32_ecb_encrypt                      1048	EXIST::FUNCTION:RC5
+RC5_32_encrypt                          1049	EXIST::FUNCTION:RC5
+RC5_32_decrypt                          1050	EXIST::FUNCTION:RC5
+RC5_32_cbc_encrypt                      1051	EXIST::FUNCTION:RC5
+RC5_32_cfb64_encrypt                    1052	EXIST::FUNCTION:RC5
+RC5_32_ofb64_encrypt                    1053	EXIST::FUNCTION:RC5
+BN_bn2mpi                               1058	EXIST::FUNCTION:
+BN_mpi2bn                               1059	EXIST::FUNCTION:
+ASN1_BIT_STRING_get_bit                 1060	EXIST::FUNCTION:
+ASN1_BIT_STRING_set_bit                 1061	EXIST::FUNCTION:
+BIO_get_ex_data                         1062	EXIST::FUNCTION:
+BIO_get_ex_new_index                    1063	EXIST::FUNCTION:
+BIO_set_ex_data                         1064	EXIST::FUNCTION:
+X509v3_get_key_usage                    1066	NOEXIST::FUNCTION:
+X509v3_set_key_usage                    1067	NOEXIST::FUNCTION:
+a2i_X509v3_key_usage                    1068	NOEXIST::FUNCTION:
+i2a_X509v3_key_usage                    1069	NOEXIST::FUNCTION:
+EVP_PKEY_decrypt                        1070	EXIST::FUNCTION:
+EVP_PKEY_encrypt                        1071	EXIST::FUNCTION:
+PKCS7_RECIP_INFO_set                    1072	EXIST::FUNCTION:
+PKCS7_add_recipient                     1073	EXIST::FUNCTION:
+PKCS7_add_recipient_info                1074	EXIST::FUNCTION:
+PKCS7_set_cipher                        1075	EXIST::FUNCTION:
+ASN1_TYPE_get_int_octetstring           1076	EXIST::FUNCTION:
+ASN1_TYPE_get_octetstring               1077	EXIST::FUNCTION:
+ASN1_TYPE_set_int_octetstring           1078	EXIST::FUNCTION:
+ASN1_TYPE_set_octetstring               1079	EXIST::FUNCTION:
+ASN1_UTCTIME_set_string                 1080	EXIST::FUNCTION:
+ERR_add_error_data                      1081	EXIST::FUNCTION:BIO
+ERR_set_error_data                      1082	EXIST::FUNCTION:
+EVP_CIPHER_asn1_to_param                1083	EXIST::FUNCTION:
+EVP_CIPHER_param_to_asn1                1084	EXIST::FUNCTION:
+EVP_CIPHER_get_asn1_iv                  1085	EXIST::FUNCTION:
+EVP_CIPHER_set_asn1_iv                  1086	EXIST::FUNCTION:
+EVP_rc5_32_12_16_cbc                    1087	EXIST::FUNCTION:RC5
+EVP_rc5_32_12_16_cfb                    1088	EXIST::FUNCTION:RC5
+EVP_rc5_32_12_16_ecb                    1089	EXIST::FUNCTION:RC5
+EVP_rc5_32_12_16_ofb                    1090	EXIST::FUNCTION:RC5
+asn1_add_error                          1091	EXIST::FUNCTION:
+d2i_ASN1_BMPSTRING                      1092	EXIST::FUNCTION:
+i2d_ASN1_BMPSTRING                      1093	EXIST::FUNCTION:
+BIO_f_ber                               1094	NOEXIST::FUNCTION:
+BN_init                                 1095	EXIST::FUNCTION:
+COMP_CTX_new                            1096	EXIST::FUNCTION:
+COMP_CTX_free                           1097	EXIST::FUNCTION:
+COMP_CTX_compress_block                 1098	NOEXIST::FUNCTION:
+COMP_CTX_expand_block                   1099	NOEXIST::FUNCTION:
+X509_STORE_CTX_get_ex_new_index         1100	EXIST::FUNCTION:
+OBJ_NAME_add                            1101	EXIST::FUNCTION:
+BIO_socket_nbio                         1102	EXIST::FUNCTION:
+EVP_rc2_64_cbc                          1103	EXIST::FUNCTION:RC2
+OBJ_NAME_cleanup                        1104	EXIST::FUNCTION:
+OBJ_NAME_get                            1105	EXIST::FUNCTION:
+OBJ_NAME_init                           1106	EXIST::FUNCTION:
+OBJ_NAME_new_index                      1107	EXIST::FUNCTION:
+OBJ_NAME_remove                         1108	EXIST::FUNCTION:
+BN_MONT_CTX_copy                        1109	EXIST::FUNCTION:
+BIO_new_socks4a_connect                 1110	NOEXIST::FUNCTION:
+BIO_s_socks4a_connect                   1111	NOEXIST::FUNCTION:
+PROXY_set_connect_mode                  1112	NOEXIST::FUNCTION:
+RAND_SSLeay                             1113	EXIST::FUNCTION:
+RAND_set_rand_method                    1114	EXIST::FUNCTION:
+RSA_memory_lock                         1115	EXIST::FUNCTION:RSA
+bn_sub_words                            1116	EXIST::FUNCTION:
+bn_mul_normal                           1117	NOEXIST::FUNCTION:
+bn_mul_comba8                           1118	NOEXIST::FUNCTION:
+bn_mul_comba4                           1119	NOEXIST::FUNCTION:
+bn_sqr_normal                           1120	NOEXIST::FUNCTION:
+bn_sqr_comba8                           1121	NOEXIST::FUNCTION:
+bn_sqr_comba4                           1122	NOEXIST::FUNCTION:
+bn_cmp_words                            1123	NOEXIST::FUNCTION:
+bn_mul_recursive                        1124	NOEXIST::FUNCTION:
+bn_mul_part_recursive                   1125	NOEXIST::FUNCTION:
+bn_sqr_recursive                        1126	NOEXIST::FUNCTION:
+bn_mul_low_normal                       1127	NOEXIST::FUNCTION:
+BN_RECP_CTX_init                        1128	EXIST::FUNCTION:
+BN_RECP_CTX_new                         1129	EXIST::FUNCTION:
+BN_RECP_CTX_free                        1130	EXIST::FUNCTION:
+BN_RECP_CTX_set                         1131	EXIST::FUNCTION:
+BN_mod_mul_reciprocal                   1132	EXIST::FUNCTION:
+BN_mod_exp_recp                         1133	EXIST::FUNCTION:
+BN_div_recp                             1134	EXIST::FUNCTION:
+BN_CTX_init                             1135	EXIST::FUNCTION:
+BN_MONT_CTX_init                        1136	EXIST::FUNCTION:
+RAND_get_rand_method                    1137	EXIST::FUNCTION:
+PKCS7_add_attribute                     1138	EXIST::FUNCTION:
+PKCS7_add_signed_attribute              1139	EXIST::FUNCTION:
+PKCS7_digest_from_attributes            1140	EXIST::FUNCTION:
+PKCS7_get_attribute                     1141	EXIST::FUNCTION:
+PKCS7_get_issuer_and_serial             1142	EXIST::FUNCTION:
+PKCS7_get_signed_attribute              1143	EXIST::FUNCTION:
+COMP_compress_block                     1144	EXIST::FUNCTION:
+COMP_expand_block                       1145	EXIST::FUNCTION:
+COMP_rle                                1146	EXIST::FUNCTION:
+COMP_zlib                               1147	EXIST::FUNCTION:
+ms_time_diff                            1148	EXIST::FUNCTION:
+ms_time_new                             1149	EXIST::FUNCTION:
+ms_time_free                            1150	EXIST::FUNCTION:
+ms_time_cmp                             1151	EXIST::FUNCTION:
+ms_time_get                             1152	EXIST::FUNCTION:
+PKCS7_set_attributes                    1153	EXIST::FUNCTION:
+PKCS7_set_signed_attributes             1154	EXIST::FUNCTION:
+X509_ATTRIBUTE_create                   1155	EXIST::FUNCTION:
+X509_ATTRIBUTE_dup                      1156	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_check              1157	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_print              1158	EXIST::FUNCTION:BIO
+ASN1_GENERALIZEDTIME_set                1159	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_set_string         1160	EXIST::FUNCTION:
+ASN1_TIME_print                         1161	EXIST::FUNCTION:BIO
+BASIC_CONSTRAINTS_free                  1162	EXIST::FUNCTION:
+BASIC_CONSTRAINTS_new                   1163	EXIST::FUNCTION:
+ERR_load_X509V3_strings                 1164	EXIST::FUNCTION:
+NETSCAPE_CERT_SEQUENCE_free             1165	EXIST::FUNCTION:
+NETSCAPE_CERT_SEQUENCE_new              1166	EXIST::FUNCTION:
+OBJ_txt2obj                             1167	EXIST::FUNCTION:
+PEM_read_NETSCAPE_CERT_SEQUENCE         1168	EXIST:!VMS,!WIN16:FUNCTION:
+PEM_read_NS_CERT_SEQ                    1168	EXIST:VMS:FUNCTION:
+PEM_read_bio_NETSCAPE_CERT_SEQUENCE     1169	EXIST:!VMS:FUNCTION:
+PEM_read_bio_NS_CERT_SEQ                1169	EXIST:VMS:FUNCTION:
+PEM_write_NETSCAPE_CERT_SEQUENCE        1170	EXIST:!VMS,!WIN16:FUNCTION:
+PEM_write_NS_CERT_SEQ                   1170	EXIST:VMS:FUNCTION:
+PEM_write_bio_NETSCAPE_CERT_SEQUENCE    1171	EXIST:!VMS:FUNCTION:
+PEM_write_bio_NS_CERT_SEQ               1171	EXIST:VMS:FUNCTION:
+X509V3_EXT_add                          1172	EXIST::FUNCTION:
+X509V3_EXT_add_alias                    1173	EXIST::FUNCTION:
+X509V3_EXT_add_conf                     1174	EXIST::FUNCTION:
+X509V3_EXT_cleanup                      1175	EXIST::FUNCTION:
+X509V3_EXT_conf                         1176	EXIST::FUNCTION:
+X509V3_EXT_conf_nid                     1177	EXIST::FUNCTION:
+X509V3_EXT_get                          1178	EXIST::FUNCTION:
+X509V3_EXT_get_nid                      1179	EXIST::FUNCTION:
+X509V3_EXT_print                        1180	EXIST::FUNCTION:
+X509V3_EXT_print_fp                     1181	EXIST::FUNCTION:
+X509V3_add_standard_extensions          1182	EXIST::FUNCTION:
+X509V3_add_value                        1183	EXIST::FUNCTION:
+X509V3_add_value_bool                   1184	EXIST::FUNCTION:
+X509V3_add_value_int                    1185	EXIST::FUNCTION:
+X509V3_conf_free                        1186	EXIST::FUNCTION:
+X509V3_get_value_bool                   1187	EXIST::FUNCTION:
+X509V3_get_value_int                    1188	EXIST::FUNCTION:
+X509V3_parse_list                       1189	EXIST::FUNCTION:
+d2i_ASN1_GENERALIZEDTIME                1190	EXIST::FUNCTION:
+d2i_ASN1_TIME                           1191	EXIST::FUNCTION:
+d2i_BASIC_CONSTRAINTS                   1192	EXIST::FUNCTION:
+d2i_NETSCAPE_CERT_SEQUENCE              1193	EXIST::FUNCTION:
+d2i_ext_ku                              1194	NOEXIST::FUNCTION:
+ext_ku_free                             1195	NOEXIST::FUNCTION:
+ext_ku_new                              1196	NOEXIST::FUNCTION:
+i2d_ASN1_GENERALIZEDTIME                1197	EXIST::FUNCTION:
+i2d_ASN1_TIME                           1198	EXIST::FUNCTION:
+i2d_BASIC_CONSTRAINTS                   1199	EXIST::FUNCTION:
+i2d_NETSCAPE_CERT_SEQUENCE              1200	EXIST::FUNCTION:
+i2d_ext_ku                              1201	NOEXIST::FUNCTION:
+EVP_MD_CTX_copy                         1202	EXIST::FUNCTION:
+i2d_ASN1_ENUMERATED                     1203	EXIST::FUNCTION:
+d2i_ASN1_ENUMERATED                     1204	EXIST::FUNCTION:
+ASN1_ENUMERATED_set                     1205	EXIST::FUNCTION:
+ASN1_ENUMERATED_get                     1206	EXIST::FUNCTION:
+BN_to_ASN1_ENUMERATED                   1207	EXIST::FUNCTION:
+ASN1_ENUMERATED_to_BN                   1208	EXIST::FUNCTION:
+i2a_ASN1_ENUMERATED                     1209	EXIST::FUNCTION:BIO
+a2i_ASN1_ENUMERATED                     1210	EXIST::FUNCTION:BIO
+i2d_GENERAL_NAME                        1211	EXIST::FUNCTION:
+d2i_GENERAL_NAME                        1212	EXIST::FUNCTION:
+GENERAL_NAME_new                        1213	EXIST::FUNCTION:
+GENERAL_NAME_free                       1214	EXIST::FUNCTION:
+GENERAL_NAMES_new                       1215	EXIST::FUNCTION:
+GENERAL_NAMES_free                      1216	EXIST::FUNCTION:
+d2i_GENERAL_NAMES                       1217	EXIST::FUNCTION:
+i2d_GENERAL_NAMES                       1218	EXIST::FUNCTION:
+i2v_GENERAL_NAMES                       1219	EXIST::FUNCTION:
+i2s_ASN1_OCTET_STRING                   1220	EXIST::FUNCTION:
+s2i_ASN1_OCTET_STRING                   1221	EXIST::FUNCTION:
+X509V3_EXT_check_conf                   1222	NOEXIST::FUNCTION:
+hex_to_string                           1223	EXIST::FUNCTION:
+string_to_hex                           1224	EXIST::FUNCTION:
+DES_ede3_cbcm_encrypt                   1225	EXIST::FUNCTION:DES
+RSA_padding_add_PKCS1_OAEP              1226	EXIST::FUNCTION:RSA
+RSA_padding_check_PKCS1_OAEP            1227	EXIST::FUNCTION:RSA
+X509_CRL_print_fp                       1228	EXIST::FUNCTION:FP_API
+X509_CRL_print                          1229	EXIST::FUNCTION:BIO
+i2v_GENERAL_NAME                        1230	EXIST::FUNCTION:
+v2i_GENERAL_NAME                        1231	EXIST::FUNCTION:
+i2d_PKEY_USAGE_PERIOD                   1232	EXIST::FUNCTION:
+d2i_PKEY_USAGE_PERIOD                   1233	EXIST::FUNCTION:
+PKEY_USAGE_PERIOD_new                   1234	EXIST::FUNCTION:
+PKEY_USAGE_PERIOD_free                  1235	EXIST::FUNCTION:
+v2i_GENERAL_NAMES                       1236	EXIST::FUNCTION:
+i2s_ASN1_INTEGER                        1237	EXIST::FUNCTION:
+X509V3_EXT_d2i                          1238	EXIST::FUNCTION:
+name_cmp                                1239	EXIST::FUNCTION:
+str_dup                                 1240	NOEXIST::FUNCTION:
+i2s_ASN1_ENUMERATED                     1241	EXIST::FUNCTION:
+i2s_ASN1_ENUMERATED_TABLE               1242	EXIST::FUNCTION:
+BIO_s_log                               1243	EXIST:!OS2,!WIN16,!WIN32,!macintosh:FUNCTION:
+BIO_f_reliable                          1244	EXIST::FUNCTION:BIO
+PKCS7_dataFinal                         1245	EXIST::FUNCTION:
+PKCS7_dataDecode                        1246	EXIST::FUNCTION:
+X509V3_EXT_CRL_add_conf                 1247	EXIST::FUNCTION:
+BN_set_params                           1248	EXIST::FUNCTION:
+BN_get_params                           1249	EXIST::FUNCTION:
+BIO_get_ex_num                          1250	NOEXIST::FUNCTION:
+BIO_set_ex_free_func                    1251	NOEXIST::FUNCTION:
+EVP_ripemd160                           1252	EXIST::FUNCTION:RIPEMD
+ASN1_TIME_set                           1253	EXIST::FUNCTION:
+i2d_AUTHORITY_KEYID                     1254	EXIST::FUNCTION:
+d2i_AUTHORITY_KEYID                     1255	EXIST::FUNCTION:
+AUTHORITY_KEYID_new                     1256	EXIST::FUNCTION:
+AUTHORITY_KEYID_free                    1257	EXIST::FUNCTION:
+ASN1_seq_unpack                         1258	EXIST::FUNCTION:
+ASN1_seq_pack                           1259	EXIST::FUNCTION:
+ASN1_unpack_string                      1260	EXIST::FUNCTION:
+ASN1_pack_string                        1261	EXIST::FUNCTION:
+PKCS12_pack_safebag                     1262	NOEXIST::FUNCTION:
+PKCS12_MAKE_KEYBAG                      1263	EXIST::FUNCTION:
+PKCS8_encrypt                           1264	EXIST::FUNCTION:
+PKCS12_MAKE_SHKEYBAG                    1265	EXIST::FUNCTION:
+PKCS12_pack_p7data                      1266	EXIST::FUNCTION:
+PKCS12_pack_p7encdata                   1267	EXIST::FUNCTION:
+PKCS12_add_localkeyid                   1268	EXIST::FUNCTION:
+PKCS12_add_friendlyname_asc             1269	EXIST::FUNCTION:
+PKCS12_add_friendlyname_uni             1270	EXIST::FUNCTION:
+PKCS12_get_friendlyname                 1271	EXIST::FUNCTION:
+PKCS12_pbe_crypt                        1272	EXIST::FUNCTION:
+PKCS12_decrypt_d2i                      1273	NOEXIST::FUNCTION:
+PKCS12_i2d_encrypt                      1274	NOEXIST::FUNCTION:
+PKCS12_init                             1275	EXIST::FUNCTION:
+PKCS12_key_gen_asc                      1276	EXIST::FUNCTION:
+PKCS12_key_gen_uni                      1277	EXIST::FUNCTION:
+PKCS12_gen_mac                          1278	EXIST::FUNCTION:
+PKCS12_verify_mac                       1279	EXIST::FUNCTION:
+PKCS12_set_mac                          1280	EXIST::FUNCTION:
+PKCS12_setup_mac                        1281	EXIST::FUNCTION:
+asc2uni                                 1282	EXIST::FUNCTION:
+uni2asc                                 1283	EXIST::FUNCTION:
+i2d_PKCS12_BAGS                         1284	EXIST::FUNCTION:
+PKCS12_BAGS_new                         1285	EXIST::FUNCTION:
+d2i_PKCS12_BAGS                         1286	EXIST::FUNCTION:
+PKCS12_BAGS_free                        1287	EXIST::FUNCTION:
+i2d_PKCS12                              1288	EXIST::FUNCTION:
+d2i_PKCS12                              1289	EXIST::FUNCTION:
+PKCS12_new                              1290	EXIST::FUNCTION:
+PKCS12_free                             1291	EXIST::FUNCTION:
+i2d_PKCS12_MAC_DATA                     1292	EXIST::FUNCTION:
+PKCS12_MAC_DATA_new                     1293	EXIST::FUNCTION:
+d2i_PKCS12_MAC_DATA                     1294	EXIST::FUNCTION:
+PKCS12_MAC_DATA_free                    1295	EXIST::FUNCTION:
+i2d_PKCS12_SAFEBAG                      1296	EXIST::FUNCTION:
+PKCS12_SAFEBAG_new                      1297	EXIST::FUNCTION:
+d2i_PKCS12_SAFEBAG                      1298	EXIST::FUNCTION:
+PKCS12_SAFEBAG_free                     1299	EXIST::FUNCTION:
+ERR_load_PKCS12_strings                 1300	EXIST::FUNCTION:
+PKCS12_PBE_add                          1301	EXIST::FUNCTION:
+PKCS8_add_keyusage                      1302	EXIST::FUNCTION:
+PKCS12_get_attr_gen                     1303	EXIST::FUNCTION:
+PKCS12_parse                            1304	EXIST::FUNCTION:
+PKCS12_create                           1305	EXIST::FUNCTION:
+i2d_PKCS12_bio                          1306	EXIST::FUNCTION:
+i2d_PKCS12_fp                           1307	EXIST::FUNCTION:
+d2i_PKCS12_bio                          1308	EXIST::FUNCTION:
+d2i_PKCS12_fp                           1309	EXIST::FUNCTION:
+i2d_PBEPARAM                            1310	EXIST::FUNCTION:
+PBEPARAM_new                            1311	EXIST::FUNCTION:
+d2i_PBEPARAM                            1312	EXIST::FUNCTION:
+PBEPARAM_free                           1313	EXIST::FUNCTION:
+i2d_PKCS8_PRIV_KEY_INFO                 1314	EXIST::FUNCTION:
+PKCS8_PRIV_KEY_INFO_new                 1315	EXIST::FUNCTION:
+d2i_PKCS8_PRIV_KEY_INFO                 1316	EXIST::FUNCTION:
+PKCS8_PRIV_KEY_INFO_free                1317	EXIST::FUNCTION:
+EVP_PKCS82PKEY                          1318	EXIST::FUNCTION:
+EVP_PKEY2PKCS8                          1319	EXIST::FUNCTION:
+PKCS8_set_broken                        1320	EXIST::FUNCTION:
+EVP_PBE_ALGOR_CipherInit                1321	NOEXIST::FUNCTION:
+EVP_PBE_alg_add                         1322	EXIST::FUNCTION:
+PKCS5_pbe_set                           1323	EXIST::FUNCTION:
+EVP_PBE_cleanup                         1324	EXIST::FUNCTION:
+i2d_SXNET                               1325	EXIST::FUNCTION:
+d2i_SXNET                               1326	EXIST::FUNCTION:
+SXNET_new                               1327	EXIST::FUNCTION:
+SXNET_free                              1328	EXIST::FUNCTION:
+i2d_SXNETID                             1329	EXIST::FUNCTION:
+d2i_SXNETID                             1330	EXIST::FUNCTION:
+SXNETID_new                             1331	EXIST::FUNCTION:
+SXNETID_free                            1332	EXIST::FUNCTION:
+DSA_SIG_new                             1333	EXIST::FUNCTION:DSA
+DSA_SIG_free                            1334	EXIST::FUNCTION:DSA
+DSA_do_sign                             1335	EXIST::FUNCTION:DSA
+DSA_do_verify                           1336	EXIST::FUNCTION:DSA
+d2i_DSA_SIG                             1337	EXIST::FUNCTION:DSA
+i2d_DSA_SIG                             1338	EXIST::FUNCTION:DSA
+i2d_ASN1_VISIBLESTRING                  1339	EXIST::FUNCTION:
+d2i_ASN1_VISIBLESTRING                  1340	EXIST::FUNCTION:
+i2d_ASN1_UTF8STRING                     1341	EXIST::FUNCTION:
+d2i_ASN1_UTF8STRING                     1342	EXIST::FUNCTION:
+i2d_DIRECTORYSTRING                     1343	EXIST::FUNCTION:
+d2i_DIRECTORYSTRING                     1344	EXIST::FUNCTION:
+i2d_DISPLAYTEXT                         1345	EXIST::FUNCTION:
+d2i_DISPLAYTEXT                         1346	EXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509                    1379	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509                    1380	NOEXIST::FUNCTION:
+i2d_PBKDF2PARAM                         1397	EXIST::FUNCTION:
+PBKDF2PARAM_new                         1398	EXIST::FUNCTION:
+d2i_PBKDF2PARAM                         1399	EXIST::FUNCTION:
+PBKDF2PARAM_free                        1400	EXIST::FUNCTION:
+i2d_PBE2PARAM                           1401	EXIST::FUNCTION:
+PBE2PARAM_new                           1402	EXIST::FUNCTION:
+d2i_PBE2PARAM                           1403	EXIST::FUNCTION:
+PBE2PARAM_free                          1404	EXIST::FUNCTION:
+d2i_ASN1_SET_OF_GENERAL_NAME            1421	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_GENERAL_NAME            1422	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_SXNETID                 1439	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_SXNETID                 1440	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_POLICYQUALINFO          1457	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_POLICYQUALINFO          1458	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_POLICYINFO              1475	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_POLICYINFO              1476	NOEXIST::FUNCTION:
+SXNET_add_id_asc                        1477	EXIST::FUNCTION:
+SXNET_add_id_ulong                      1478	EXIST::FUNCTION:
+SXNET_add_id_INTEGER                    1479	EXIST::FUNCTION:
+SXNET_get_id_asc                        1480	EXIST::FUNCTION:
+SXNET_get_id_ulong                      1481	EXIST::FUNCTION:
+SXNET_get_id_INTEGER                    1482	EXIST::FUNCTION:
+X509V3_set_conf_lhash                   1483	EXIST::FUNCTION:
+i2d_CERTIFICATEPOLICIES                 1484	EXIST::FUNCTION:
+CERTIFICATEPOLICIES_new                 1485	EXIST::FUNCTION:
+CERTIFICATEPOLICIES_free                1486	EXIST::FUNCTION:
+d2i_CERTIFICATEPOLICIES                 1487	EXIST::FUNCTION:
+i2d_POLICYINFO                          1488	EXIST::FUNCTION:
+POLICYINFO_new                          1489	EXIST::FUNCTION:
+d2i_POLICYINFO                          1490	EXIST::FUNCTION:
+POLICYINFO_free                         1491	EXIST::FUNCTION:
+i2d_POLICYQUALINFO                      1492	EXIST::FUNCTION:
+POLICYQUALINFO_new                      1493	EXIST::FUNCTION:
+d2i_POLICYQUALINFO                      1494	EXIST::FUNCTION:
+POLICYQUALINFO_free                     1495	EXIST::FUNCTION:
+i2d_USERNOTICE                          1496	EXIST::FUNCTION:
+USERNOTICE_new                          1497	EXIST::FUNCTION:
+d2i_USERNOTICE                          1498	EXIST::FUNCTION:
+USERNOTICE_free                         1499	EXIST::FUNCTION:
+i2d_NOTICEREF                           1500	EXIST::FUNCTION:
+NOTICEREF_new                           1501	EXIST::FUNCTION:
+d2i_NOTICEREF                           1502	EXIST::FUNCTION:
+NOTICEREF_free                          1503	EXIST::FUNCTION:
+X509V3_get_string                       1504	EXIST::FUNCTION:
+X509V3_get_section                      1505	EXIST::FUNCTION:
+X509V3_string_free                      1506	EXIST::FUNCTION:
+X509V3_section_free                     1507	EXIST::FUNCTION:
+X509V3_set_ctx                          1508	EXIST::FUNCTION:
+s2i_ASN1_INTEGER                        1509	EXIST::FUNCTION:
+CRYPTO_set_locked_mem_functions         1510	EXIST::FUNCTION:
+CRYPTO_get_locked_mem_functions         1511	EXIST::FUNCTION:
+CRYPTO_malloc_locked                    1512	EXIST::FUNCTION:
+CRYPTO_free_locked                      1513	EXIST::FUNCTION:
+BN_mod_exp2_mont                        1514	EXIST::FUNCTION:
+ERR_get_error_line_data                 1515	EXIST::FUNCTION:
+ERR_peek_error_line_data                1516	EXIST::FUNCTION:
+PKCS12_PBE_keyivgen                     1517	EXIST::FUNCTION:
+X509_ALGOR_dup                          1518	EXIST::FUNCTION:
+d2i_ASN1_SET_OF_DIST_POINT              1535	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_DIST_POINT              1536	NOEXIST::FUNCTION:
+i2d_CRL_DIST_POINTS                     1537	EXIST::FUNCTION:
+CRL_DIST_POINTS_new                     1538	EXIST::FUNCTION:
+CRL_DIST_POINTS_free                    1539	EXIST::FUNCTION:
+d2i_CRL_DIST_POINTS                     1540	EXIST::FUNCTION:
+i2d_DIST_POINT                          1541	EXIST::FUNCTION:
+DIST_POINT_new                          1542	EXIST::FUNCTION:
+d2i_DIST_POINT                          1543	EXIST::FUNCTION:
+DIST_POINT_free                         1544	EXIST::FUNCTION:
+i2d_DIST_POINT_NAME                     1545	EXIST::FUNCTION:
+DIST_POINT_NAME_new                     1546	EXIST::FUNCTION:
+DIST_POINT_NAME_free                    1547	EXIST::FUNCTION:
+d2i_DIST_POINT_NAME                     1548	EXIST::FUNCTION:
+X509V3_add_value_uchar                  1549	EXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_ATTRIBUTE          1555	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_ASN1_TYPE               1560	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_EXTENSION          1567	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_NAME_ENTRY         1574	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_ASN1_TYPE               1589	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_ATTRIBUTE          1615	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_EXTENSION          1624	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_NAME_ENTRY         1633	NOEXIST::FUNCTION:
+X509V3_EXT_i2d                          1646	EXIST::FUNCTION:
+X509V3_EXT_val_prn                      1647	EXIST::FUNCTION:
+X509V3_EXT_add_list                     1648	EXIST::FUNCTION:
+EVP_CIPHER_type                         1649	EXIST::FUNCTION:
+EVP_PBE_CipherInit                      1650	EXIST::FUNCTION:
+X509V3_add_value_bool_nf                1651	EXIST::FUNCTION:
+d2i_ASN1_UINTEGER                       1652	EXIST::FUNCTION:
+sk_value                                1653	EXIST::FUNCTION:
+sk_num                                  1654	EXIST::FUNCTION:
+sk_set                                  1655	EXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_REVOKED            1661	NOEXIST::FUNCTION:
+sk_sort                                 1671	EXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_REVOKED            1674	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_ALGOR              1682	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_X509_CRL                1685	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_ALGOR              1696	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_X509_CRL                1702	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO       1723	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS7_RECIP_INFO        1738	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO       1748	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_PKCS7_RECIP_INFO        1753	NOEXIST::FUNCTION:
+PKCS5_PBE_add                           1775	EXIST::FUNCTION:
+PEM_write_bio_PKCS8                     1776	EXIST::FUNCTION:
+i2d_PKCS8_fp                            1777	EXIST::FUNCTION:FP_API
+PEM_read_bio_PKCS8_PRIV_KEY_INFO        1778	EXIST:!VMS:FUNCTION:
+PEM_read_bio_P8_PRIV_KEY_INFO           1778	EXIST:VMS:FUNCTION:
+d2i_PKCS8_bio                           1779	EXIST::FUNCTION:BIO
+d2i_PKCS8_PRIV_KEY_INFO_fp              1780	EXIST::FUNCTION:FP_API
+PEM_write_bio_PKCS8_PRIV_KEY_INFO       1781	EXIST:!VMS:FUNCTION:
+PEM_write_bio_P8_PRIV_KEY_INFO          1781	EXIST:VMS:FUNCTION:
+PEM_read_PKCS8                          1782	EXIST:!WIN16:FUNCTION:
+d2i_PKCS8_PRIV_KEY_INFO_bio             1783	EXIST::FUNCTION:BIO
+d2i_PKCS8_fp                            1784	EXIST::FUNCTION:FP_API
+PEM_write_PKCS8                         1785	EXIST:!WIN16:FUNCTION:
+PEM_read_PKCS8_PRIV_KEY_INFO            1786	EXIST:!VMS,!WIN16:FUNCTION:
+PEM_read_P8_PRIV_KEY_INFO               1786	EXIST:VMS:FUNCTION:
+PEM_read_bio_PKCS8                      1787	EXIST::FUNCTION:
+PEM_write_PKCS8_PRIV_KEY_INFO           1788	EXIST:!VMS,!WIN16:FUNCTION:
+PEM_write_P8_PRIV_KEY_INFO              1788	EXIST:VMS:FUNCTION:
+PKCS5_PBE_keyivgen                      1789	EXIST::FUNCTION:
+i2d_PKCS8_bio                           1790	EXIST::FUNCTION:BIO
+i2d_PKCS8_PRIV_KEY_INFO_fp              1791	EXIST::FUNCTION:FP_API
+i2d_PKCS8_PRIV_KEY_INFO_bio             1792	EXIST::FUNCTION:BIO
+BIO_s_bio                               1793	EXIST::FUNCTION:
+PKCS5_pbe2_set                          1794	EXIST::FUNCTION:
+PKCS5_PBKDF2_HMAC_SHA1                  1795	EXIST::FUNCTION:
+PKCS5_v2_PBE_keyivgen                   1796	EXIST::FUNCTION:
+PEM_write_bio_PKCS8PrivateKey           1797	EXIST::FUNCTION:
+PEM_write_PKCS8PrivateKey               1798	EXIST::FUNCTION:
+BIO_ctrl_get_read_request               1799	EXIST::FUNCTION:
+BIO_ctrl_pending                        1800	EXIST::FUNCTION:
+BIO_ctrl_wpending                       1801	EXIST::FUNCTION:
+BIO_new_bio_pair                        1802	EXIST::FUNCTION:
+BIO_ctrl_get_write_guarantee            1803	EXIST::FUNCTION:
+CRYPTO_num_locks                        1804	EXIST::FUNCTION:
+CONF_load_bio                           1805	EXIST::FUNCTION:
+CONF_load_fp                            1806	EXIST::FUNCTION:FP_API
+i2d_ASN1_SET_OF_ASN1_OBJECT             1837	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_ASN1_OBJECT             1844	NOEXIST::FUNCTION:
+PKCS7_signatureVerify                   1845	EXIST::FUNCTION:
+RSA_set_method                          1846	EXIST::FUNCTION:RSA
+RSA_get_method                          1847	EXIST::FUNCTION:RSA
+RSA_get_default_method                  1848	EXIST::FUNCTION:RSA
+RSA_check_key                           1869	EXIST::FUNCTION:RSA
+OBJ_obj2txt                             1870	EXIST::FUNCTION:
+DSA_dup_DH                              1871	EXIST::FUNCTION:DH,DSA
+X509_REQ_get_extensions                 1872	EXIST::FUNCTION:
+X509_REQ_set_extension_nids             1873	EXIST::FUNCTION:
+BIO_nwrite                              1874	EXIST::FUNCTION:
+X509_REQ_extension_nid                  1875	EXIST::FUNCTION:
+BIO_nread                               1876	EXIST::FUNCTION:
+X509_REQ_get_extension_nids             1877	EXIST::FUNCTION:
+BIO_nwrite0                             1878	EXIST::FUNCTION:
+X509_REQ_add_extensions_nid             1879	EXIST::FUNCTION:
+BIO_nread0                              1880	EXIST::FUNCTION:
+X509_REQ_add_extensions                 1881	EXIST::FUNCTION:
+BIO_new_mem_buf                         1882	EXIST::FUNCTION:
+DH_set_ex_data                          1883	EXIST::FUNCTION:DH
+DH_set_method                           1884	EXIST::FUNCTION:DH
+DSA_OpenSSL                             1885	EXIST::FUNCTION:DSA
+DH_get_ex_data                          1886	EXIST::FUNCTION:DH
+DH_get_ex_new_index                     1887	EXIST::FUNCTION:DH
+DSA_new_method                          1888	EXIST::FUNCTION:DSA
+DH_new_method                           1889	EXIST::FUNCTION:DH
+DH_OpenSSL                              1890	EXIST::FUNCTION:DH
+DSA_get_ex_new_index                    1891	EXIST::FUNCTION:DSA
+DH_get_default_method                   1892	EXIST::FUNCTION:DH
+DSA_set_ex_data                         1893	EXIST::FUNCTION:DSA
+DH_set_default_method                   1894	EXIST::FUNCTION:DH
+DSA_get_ex_data                         1895	EXIST::FUNCTION:DSA
+X509V3_EXT_REQ_add_conf                 1896	EXIST::FUNCTION:
+NETSCAPE_SPKI_print                     1897	EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_set_pubkey                1898	EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_b64_encode                1899	EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_get_pubkey                1900	EXIST::FUNCTION:EVP
+NETSCAPE_SPKI_b64_decode                1901	EXIST::FUNCTION:EVP
+UTF8_putc                               1902	EXIST::FUNCTION:
+UTF8_getc                               1903	EXIST::FUNCTION:
+RSA_null_method                         1904	EXIST::FUNCTION:RSA
+ASN1_tag2str                            1905	EXIST::FUNCTION:
+BIO_ctrl_reset_read_request             1906	EXIST::FUNCTION:
+DISPLAYTEXT_new                         1907	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_free               1908	EXIST::FUNCTION:
+X509_REVOKED_get_ext_d2i                1909	EXIST::FUNCTION:
+X509_set_ex_data                        1910	EXIST::FUNCTION:
+X509_reject_set_bit_asc                 1911	NOEXIST::FUNCTION:
+X509_NAME_add_entry_by_txt              1912	EXIST::FUNCTION:
+X509_NAME_add_entry_by_NID              1914	EXIST::FUNCTION:
+X509_PURPOSE_get0                       1915	EXIST::FUNCTION:
+PEM_read_X509_AUX                       1917	EXIST:!WIN16:FUNCTION:
+d2i_AUTHORITY_INFO_ACCESS               1918	EXIST::FUNCTION:
+PEM_write_PUBKEY                        1921	EXIST:!WIN16:FUNCTION:
+ACCESS_DESCRIPTION_new                  1925	EXIST::FUNCTION:
+X509_CERT_AUX_free                      1926	EXIST::FUNCTION:
+d2i_ACCESS_DESCRIPTION                  1927	EXIST::FUNCTION:
+X509_trust_clear                        1928	EXIST::FUNCTION:
+X509_TRUST_add                          1931	EXIST::FUNCTION:
+ASN1_VISIBLESTRING_new                  1932	EXIST::FUNCTION:
+X509_alias_set1                         1933	EXIST::FUNCTION:
+ASN1_PRINTABLESTRING_free               1934	EXIST::FUNCTION:
+EVP_PKEY_get1_DSA                       1935	EXIST::FUNCTION:DSA
+ASN1_BMPSTRING_new                      1936	EXIST::FUNCTION:
+ASN1_mbstring_copy                      1937	EXIST::FUNCTION:
+ASN1_UTF8STRING_new                     1938	EXIST::FUNCTION:
+DSA_get_default_method                  1941	EXIST::FUNCTION:DSA
+i2d_ASN1_SET_OF_ACCESS_DESCRIPTION      1945	NOEXIST::FUNCTION:
+ASN1_T61STRING_free                     1946	EXIST::FUNCTION:
+DSA_set_method                          1949	EXIST::FUNCTION:DSA
+X509_get_ex_data                        1950	EXIST::FUNCTION:
+ASN1_STRING_type                        1951	EXIST::FUNCTION:
+X509_PURPOSE_get_by_sname               1952	EXIST::FUNCTION:
+ASN1_TIME_free                          1954	EXIST::FUNCTION:
+ASN1_OCTET_STRING_cmp                   1955	EXIST::FUNCTION:
+ASN1_BIT_STRING_new                     1957	EXIST::FUNCTION:
+X509_get_ext_d2i                        1958	EXIST::FUNCTION:
+PEM_read_bio_X509_AUX                   1959	EXIST::FUNCTION:
+ASN1_STRING_set_default_mask_asc        1960	EXIST:!VMS:FUNCTION:
+ASN1_STRING_set_def_mask_asc            1960	EXIST:VMS:FUNCTION:
+PEM_write_bio_RSA_PUBKEY                1961	EXIST::FUNCTION:RSA
+ASN1_INTEGER_cmp                        1963	EXIST::FUNCTION:
+d2i_RSA_PUBKEY_fp                       1964	EXIST::FUNCTION:FP_API,RSA
+X509_trust_set_bit_asc                  1967	NOEXIST::FUNCTION:
+PEM_write_bio_DSA_PUBKEY                1968	EXIST::FUNCTION:DSA
+X509_STORE_CTX_free                     1969	EXIST::FUNCTION:
+EVP_PKEY_set1_DSA                       1970	EXIST::FUNCTION:DSA
+i2d_DSA_PUBKEY_fp                       1971	EXIST::FUNCTION:DSA,FP_API
+X509_load_cert_crl_file                 1972	EXIST::FUNCTION:STDIO
+ASN1_TIME_new                           1973	EXIST::FUNCTION:
+i2d_RSA_PUBKEY                          1974	EXIST::FUNCTION:RSA
+X509_STORE_CTX_purpose_inherit          1976	EXIST::FUNCTION:
+PEM_read_RSA_PUBKEY                     1977	EXIST:!WIN16:FUNCTION:RSA
+d2i_X509_AUX                            1980	EXIST::FUNCTION:
+i2d_DSA_PUBKEY                          1981	EXIST::FUNCTION:DSA
+X509_CERT_AUX_print                     1982	EXIST::FUNCTION:BIO
+PEM_read_DSA_PUBKEY                     1984	EXIST:!WIN16:FUNCTION:DSA
+i2d_RSA_PUBKEY_bio                      1985	EXIST::FUNCTION:BIO,RSA
+ASN1_BIT_STRING_num_asc                 1986	EXIST::FUNCTION:
+i2d_PUBKEY                              1987	EXIST::FUNCTION:
+ASN1_UTCTIME_free                       1988	EXIST::FUNCTION:
+DSA_set_default_method                  1989	EXIST::FUNCTION:DSA
+X509_PURPOSE_get_by_id                  1990	EXIST::FUNCTION:
+ACCESS_DESCRIPTION_free                 1994	EXIST::FUNCTION:
+PEM_read_bio_PUBKEY                     1995	EXIST::FUNCTION:
+ASN1_STRING_set_by_NID                  1996	EXIST::FUNCTION:
+X509_PURPOSE_get_id                     1997	EXIST::FUNCTION:
+DISPLAYTEXT_free                        1998	EXIST::FUNCTION:
+OTHERNAME_new                           1999	EXIST::FUNCTION:
+X509_CERT_AUX_new                       2001	EXIST::FUNCTION:
+X509_TRUST_cleanup                      2007	EXIST::FUNCTION:
+X509_NAME_add_entry_by_OBJ              2008	EXIST::FUNCTION:
+X509_CRL_get_ext_d2i                    2009	EXIST::FUNCTION:
+X509_PURPOSE_get0_name                  2011	EXIST::FUNCTION:
+PEM_read_PUBKEY                         2012	EXIST:!WIN16:FUNCTION:
+i2d_DSA_PUBKEY_bio                      2014	EXIST::FUNCTION:BIO,DSA
+i2d_OTHERNAME                           2015	EXIST::FUNCTION:
+ASN1_OCTET_STRING_free                  2016	EXIST::FUNCTION:
+ASN1_BIT_STRING_set_asc                 2017	EXIST::FUNCTION:
+X509_get_ex_new_index                   2019	EXIST::FUNCTION:
+ASN1_STRING_TABLE_cleanup               2020	EXIST::FUNCTION:
+X509_TRUST_get_by_id                    2021	EXIST::FUNCTION:
+X509_PURPOSE_get_trust                  2022	EXIST::FUNCTION:
+ASN1_STRING_length                      2023	EXIST::FUNCTION:
+d2i_ASN1_SET_OF_ACCESS_DESCRIPTION      2024	NOEXIST::FUNCTION:
+ASN1_PRINTABLESTRING_new                2025	EXIST::FUNCTION:
+X509V3_get_d2i                          2026	EXIST::FUNCTION:
+ASN1_ENUMERATED_free                    2027	EXIST::FUNCTION:
+i2d_X509_CERT_AUX                       2028	EXIST::FUNCTION:
+X509_STORE_CTX_set_trust                2030	EXIST::FUNCTION:
+ASN1_STRING_set_default_mask            2032	EXIST::FUNCTION:
+X509_STORE_CTX_new                      2033	EXIST::FUNCTION:
+EVP_PKEY_get1_RSA                       2034	EXIST::FUNCTION:RSA
+DIRECTORYSTRING_free                    2038	EXIST::FUNCTION:
+PEM_write_X509_AUX                      2039	EXIST:!WIN16:FUNCTION:
+ASN1_OCTET_STRING_set                   2040	EXIST::FUNCTION:
+d2i_DSA_PUBKEY_fp                       2041	EXIST::FUNCTION:DSA,FP_API
+d2i_RSA_PUBKEY                          2044	EXIST::FUNCTION:RSA
+X509_TRUST_get0_name                    2046	EXIST::FUNCTION:
+X509_TRUST_get0                         2047	EXIST::FUNCTION:
+AUTHORITY_INFO_ACCESS_free              2048	EXIST::FUNCTION:
+ASN1_IA5STRING_new                      2049	EXIST::FUNCTION:
+d2i_DSA_PUBKEY                          2050	EXIST::FUNCTION:DSA
+X509_check_purpose                      2051	EXIST::FUNCTION:
+ASN1_ENUMERATED_new                     2052	EXIST::FUNCTION:
+d2i_RSA_PUBKEY_bio                      2053	EXIST::FUNCTION:BIO,RSA
+d2i_PUBKEY                              2054	EXIST::FUNCTION:
+X509_TRUST_get_trust                    2055	EXIST::FUNCTION:
+X509_TRUST_get_flags                    2056	EXIST::FUNCTION:
+ASN1_BMPSTRING_free                     2057	EXIST::FUNCTION:
+ASN1_T61STRING_new                      2058	EXIST::FUNCTION:
+ASN1_UTCTIME_new                        2060	EXIST::FUNCTION:
+i2d_AUTHORITY_INFO_ACCESS               2062	EXIST::FUNCTION:
+EVP_PKEY_set1_RSA                       2063	EXIST::FUNCTION:RSA
+X509_STORE_CTX_set_purpose              2064	EXIST::FUNCTION:
+ASN1_IA5STRING_free                     2065	EXIST::FUNCTION:
+PEM_write_bio_X509_AUX                  2066	EXIST::FUNCTION:
+X509_PURPOSE_get_count                  2067	EXIST::FUNCTION:
+CRYPTO_add_info                         2068	NOEXIST::FUNCTION:
+X509_NAME_ENTRY_create_by_txt           2071	EXIST::FUNCTION:
+ASN1_STRING_get_default_mask            2072	EXIST::FUNCTION:
+X509_alias_get0                         2074	EXIST::FUNCTION:
+ASN1_STRING_data                        2075	EXIST::FUNCTION:
+i2d_ACCESS_DESCRIPTION                  2077	EXIST::FUNCTION:
+X509_trust_set_bit                      2078	NOEXIST::FUNCTION:
+ASN1_BIT_STRING_free                    2080	EXIST::FUNCTION:
+PEM_read_bio_RSA_PUBKEY                 2081	EXIST::FUNCTION:RSA
+X509_add1_reject_object                 2082	EXIST::FUNCTION:
+X509_check_trust                        2083	EXIST::FUNCTION:
+PEM_read_bio_DSA_PUBKEY                 2088	EXIST::FUNCTION:DSA
+X509_PURPOSE_add                        2090	EXIST::FUNCTION:
+ASN1_STRING_TABLE_get                   2091	EXIST::FUNCTION:
+ASN1_UTF8STRING_free                    2092	EXIST::FUNCTION:
+d2i_DSA_PUBKEY_bio                      2093	EXIST::FUNCTION:BIO,DSA
+PEM_write_RSA_PUBKEY                    2095	EXIST:!WIN16:FUNCTION:RSA
+d2i_OTHERNAME                           2096	EXIST::FUNCTION:
+X509_reject_set_bit                     2098	NOEXIST::FUNCTION:
+PEM_write_DSA_PUBKEY                    2101	EXIST:!WIN16:FUNCTION:DSA
+X509_PURPOSE_get0_sname                 2105	EXIST::FUNCTION:
+EVP_PKEY_set1_DH                        2107	EXIST::FUNCTION:DH
+ASN1_OCTET_STRING_dup                   2108	EXIST::FUNCTION:
+ASN1_BIT_STRING_set                     2109	EXIST::FUNCTION:
+X509_TRUST_get_count                    2110	EXIST::FUNCTION:
+ASN1_INTEGER_free                       2111	EXIST::FUNCTION:
+OTHERNAME_free                          2112	EXIST::FUNCTION:
+i2d_RSA_PUBKEY_fp                       2113	EXIST::FUNCTION:FP_API,RSA
+ASN1_INTEGER_dup                        2114	EXIST::FUNCTION:
+d2i_X509_CERT_AUX                       2115	EXIST::FUNCTION:
+PEM_write_bio_PUBKEY                    2117	EXIST::FUNCTION:
+ASN1_VISIBLESTRING_free                 2118	EXIST::FUNCTION:
+X509_PURPOSE_cleanup                    2119	EXIST::FUNCTION:
+ASN1_mbstring_ncopy                     2123	EXIST::FUNCTION:
+ASN1_GENERALIZEDTIME_new                2126	EXIST::FUNCTION:
+EVP_PKEY_get1_DH                        2128	EXIST::FUNCTION:DH
+ASN1_OCTET_STRING_new                   2130	EXIST::FUNCTION:
+ASN1_INTEGER_new                        2131	EXIST::FUNCTION:
+i2d_X509_AUX                            2132	EXIST::FUNCTION:
+ASN1_BIT_STRING_name_print              2134	EXIST::FUNCTION:BIO
+X509_cmp                                2135	EXIST::FUNCTION:
+ASN1_STRING_length_set                  2136	EXIST::FUNCTION:
+DIRECTORYSTRING_new                     2137	EXIST::FUNCTION:
+X509_add1_trust_object                  2140	EXIST::FUNCTION:
+PKCS12_newpass                          2141	EXIST::FUNCTION:
+SMIME_write_PKCS7                       2142	EXIST::FUNCTION:
+SMIME_read_PKCS7                        2143	EXIST::FUNCTION:
+DES_set_key_checked                     2144	EXIST::FUNCTION:DES
+PKCS7_verify                            2145	EXIST::FUNCTION:
+PKCS7_encrypt                           2146	EXIST::FUNCTION:
+DES_set_key_unchecked                   2147	EXIST::FUNCTION:DES
+SMIME_crlf_copy                         2148	EXIST::FUNCTION:
+i2d_ASN1_PRINTABLESTRING                2149	EXIST::FUNCTION:
+PKCS7_get0_signers                      2150	EXIST::FUNCTION:
+PKCS7_decrypt                           2151	EXIST::FUNCTION:
+SMIME_text                              2152	EXIST::FUNCTION:
+PKCS7_simple_smimecap                   2153	EXIST::FUNCTION:
+PKCS7_get_smimecap                      2154	EXIST::FUNCTION:
+PKCS7_sign                              2155	EXIST::FUNCTION:
+PKCS7_add_attrib_smimecap               2156	EXIST::FUNCTION:
+CRYPTO_dbg_set_options                  2157	EXIST::FUNCTION:
+CRYPTO_remove_all_info                  2158	EXIST::FUNCTION:
+CRYPTO_get_mem_debug_functions          2159	EXIST::FUNCTION:
+CRYPTO_is_mem_check_on                  2160	EXIST::FUNCTION:
+CRYPTO_set_mem_debug_functions          2161	EXIST::FUNCTION:
+CRYPTO_pop_info                         2162	EXIST::FUNCTION:
+CRYPTO_push_info_                       2163	EXIST::FUNCTION:
+CRYPTO_set_mem_debug_options            2164	EXIST::FUNCTION:
+PEM_write_PKCS8PrivateKey_nid           2165	EXIST::FUNCTION:
+PEM_write_bio_PKCS8PrivateKey_nid       2166	EXIST:!VMS:FUNCTION:
+PEM_write_bio_PKCS8PrivKey_nid          2166	EXIST:VMS:FUNCTION:
+d2i_PKCS8PrivateKey_bio                 2167	EXIST::FUNCTION:
+ASN1_NULL_free                          2168	EXIST::FUNCTION:
+d2i_ASN1_NULL                           2169	EXIST::FUNCTION:
+ASN1_NULL_new                           2170	EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_bio                 2171	EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_fp                  2172	EXIST::FUNCTION:
+i2d_ASN1_NULL                           2173	EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_nid_fp              2174	EXIST::FUNCTION:
+d2i_PKCS8PrivateKey_fp                  2175	EXIST::FUNCTION:
+i2d_PKCS8PrivateKey_nid_bio             2176	EXIST::FUNCTION:
+i2d_PKCS8PrivateKeyInfo_fp              2177	EXIST::FUNCTION:FP_API
+i2d_PKCS8PrivateKeyInfo_bio             2178	EXIST::FUNCTION:BIO
+PEM_cb                                  2179	NOEXIST::FUNCTION:
+i2d_PrivateKey_fp                       2180	EXIST::FUNCTION:FP_API
+d2i_PrivateKey_bio                      2181	EXIST::FUNCTION:BIO
+d2i_PrivateKey_fp                       2182	EXIST::FUNCTION:FP_API
+i2d_PrivateKey_bio                      2183	EXIST::FUNCTION:BIO
+X509_reject_clear                       2184	EXIST::FUNCTION:
+X509_TRUST_set_default                  2185	EXIST::FUNCTION:
+d2i_AutoPrivateKey                      2186	EXIST::FUNCTION:
+X509_ATTRIBUTE_get0_type                2187	EXIST::FUNCTION:
+X509_ATTRIBUTE_set1_data                2188	EXIST::FUNCTION:
+X509at_get_attr                         2189	EXIST::FUNCTION:
+X509at_get_attr_count                   2190	EXIST::FUNCTION:
+X509_ATTRIBUTE_create_by_NID            2191	EXIST::FUNCTION:
+X509_ATTRIBUTE_set1_object              2192	EXIST::FUNCTION:
+X509_ATTRIBUTE_count                    2193	EXIST::FUNCTION:
+X509_ATTRIBUTE_create_by_OBJ            2194	EXIST::FUNCTION:
+X509_ATTRIBUTE_get0_object              2195	EXIST::FUNCTION:
+X509at_get_attr_by_NID                  2196	EXIST::FUNCTION:
+X509at_add1_attr                        2197	EXIST::FUNCTION:
+X509_ATTRIBUTE_get0_data                2198	EXIST::FUNCTION:
+X509at_delete_attr                      2199	EXIST::FUNCTION:
+X509at_get_attr_by_OBJ                  2200	EXIST::FUNCTION:
+RAND_add                                2201	EXIST::FUNCTION:
+BIO_number_written                      2202	EXIST::FUNCTION:
+BIO_number_read                         2203	EXIST::FUNCTION:
+X509_STORE_CTX_get1_chain               2204	EXIST::FUNCTION:
+ERR_load_RAND_strings                   2205	EXIST::FUNCTION:
+RAND_pseudo_bytes                       2206	EXIST::FUNCTION:
+X509_REQ_get_attr_by_NID                2207	EXIST::FUNCTION:
+X509_REQ_get_attr                       2208	EXIST::FUNCTION:
+X509_REQ_add1_attr_by_NID               2209	EXIST::FUNCTION:
+X509_REQ_get_attr_by_OBJ                2210	EXIST::FUNCTION:
+X509at_add1_attr_by_NID                 2211	EXIST::FUNCTION:
+X509_REQ_add1_attr_by_OBJ               2212	EXIST::FUNCTION:
+X509_REQ_get_attr_count                 2213	EXIST::FUNCTION:
+X509_REQ_add1_attr                      2214	EXIST::FUNCTION:
+X509_REQ_delete_attr                    2215	EXIST::FUNCTION:
+X509at_add1_attr_by_OBJ                 2216	EXIST::FUNCTION:
+X509_REQ_add1_attr_by_txt               2217	EXIST::FUNCTION:
+X509_ATTRIBUTE_create_by_txt            2218	EXIST::FUNCTION:
+X509at_add1_attr_by_txt                 2219	EXIST::FUNCTION:
+BN_pseudo_rand                          2239	EXIST::FUNCTION:
+BN_is_prime_fasttest                    2240	EXIST::FUNCTION:
+BN_CTX_end                              2241	EXIST::FUNCTION:
+BN_CTX_start                            2242	EXIST::FUNCTION:
+BN_CTX_get                              2243	EXIST::FUNCTION:
+EVP_PKEY2PKCS8_broken                   2244	EXIST::FUNCTION:
+ASN1_STRING_TABLE_add                   2245	EXIST::FUNCTION:
+CRYPTO_dbg_get_options                  2246	EXIST::FUNCTION:
+AUTHORITY_INFO_ACCESS_new               2247	EXIST::FUNCTION:
+CRYPTO_get_mem_debug_options            2248	EXIST::FUNCTION:
+DES_crypt                               2249	EXIST::FUNCTION:DES
+PEM_write_bio_X509_REQ_NEW              2250	EXIST::FUNCTION:
+PEM_write_X509_REQ_NEW                  2251	EXIST:!WIN16:FUNCTION:
+BIO_callback_ctrl                       2252	EXIST::FUNCTION:
+RAND_egd                                2253	EXIST::FUNCTION:
+RAND_status                             2254	EXIST::FUNCTION:
+bn_dump1                                2255	NOEXIST::FUNCTION:
+DES_check_key_parity                    2256	EXIST::FUNCTION:DES
+lh_num_items                            2257	EXIST::FUNCTION:
+RAND_event                              2258	EXIST:WIN32:FUNCTION:
+DSO_new                                 2259	EXIST::FUNCTION:
+DSO_new_method                          2260	EXIST::FUNCTION:
+DSO_free                                2261	EXIST::FUNCTION:
+DSO_flags                               2262	EXIST::FUNCTION:
+DSO_up                                  2263	NOEXIST::FUNCTION:
+DSO_set_default_method                  2264	EXIST::FUNCTION:
+DSO_get_default_method                  2265	EXIST::FUNCTION:
+DSO_get_method                          2266	EXIST::FUNCTION:
+DSO_set_method                          2267	EXIST::FUNCTION:
+DSO_load                                2268	EXIST::FUNCTION:
+DSO_bind_var                            2269	EXIST::FUNCTION:
+DSO_METHOD_null                         2270	EXIST::FUNCTION:
+DSO_METHOD_openssl                      2271	EXIST::FUNCTION:
+DSO_METHOD_dlfcn                        2272	EXIST::FUNCTION:
+DSO_METHOD_win32                        2273	EXIST::FUNCTION:
+ERR_load_DSO_strings                    2274	EXIST::FUNCTION:
+DSO_METHOD_dl                           2275	EXIST::FUNCTION:
+NCONF_load                              2276	EXIST::FUNCTION:
+NCONF_load_fp                           2278	EXIST::FUNCTION:FP_API
+NCONF_new                               2279	EXIST::FUNCTION:
+NCONF_get_string                        2280	EXIST::FUNCTION:
+NCONF_free                              2281	EXIST::FUNCTION:
+NCONF_get_number                        2282	NOEXIST::FUNCTION:
+CONF_dump_fp                            2283	EXIST::FUNCTION:
+NCONF_load_bio                          2284	EXIST::FUNCTION:
+NCONF_dump_fp                           2285	EXIST::FUNCTION:
+NCONF_get_section                       2286	EXIST::FUNCTION:
+NCONF_dump_bio                          2287	EXIST::FUNCTION:
+CONF_dump_bio                           2288	EXIST::FUNCTION:
+NCONF_free_data                         2289	EXIST::FUNCTION:
+CONF_set_default_method                 2290	EXIST::FUNCTION:
+ERR_error_string_n                      2291	EXIST::FUNCTION:
+BIO_snprintf                            2292	EXIST::FUNCTION:
+DSO_ctrl                                2293	EXIST::FUNCTION:
+i2d_ASN1_SET_OF_ASN1_INTEGER            2317	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS12_SAFEBAG          2320	NOEXIST::FUNCTION:
+i2d_ASN1_SET_OF_PKCS7                   2328	NOEXIST::FUNCTION:
+BIO_vfree                               2334	EXIST::FUNCTION:
+d2i_ASN1_SET_OF_ASN1_INTEGER            2339	NOEXIST::FUNCTION:
+d2i_ASN1_SET_OF_PKCS12_SAFEBAG          2341	NOEXIST::FUNCTION:
+ASN1_UTCTIME_get                        2350	NOEXIST::FUNCTION:
+X509_REQ_digest                         2362	EXIST::FUNCTION:EVP
+X509_CRL_digest                         2391	EXIST::FUNCTION:EVP
+d2i_ASN1_SET_OF_PKCS7                   2397	NOEXIST::FUNCTION:
+EVP_CIPHER_CTX_set_key_length           2399	EXIST::FUNCTION:
+EVP_CIPHER_CTX_ctrl                     2400	EXIST::FUNCTION:
+BN_mod_exp_mont_word                    2401	EXIST::FUNCTION:
+RAND_egd_bytes                          2402	EXIST::FUNCTION:
+X509_REQ_get1_email                     2403	EXIST::FUNCTION:
+X509_get1_email                         2404	EXIST::FUNCTION:
+X509_email_free                         2405	EXIST::FUNCTION:
+i2d_RSA_NET                             2406	EXIST::FUNCTION:RSA
+d2i_RSA_NET_2                           2407	NOEXIST::FUNCTION:
+d2i_RSA_NET                             2408	EXIST::FUNCTION:RSA
+DSO_bind_func                           2409	EXIST::FUNCTION:
+CRYPTO_get_new_dynlockid                2410	EXIST::FUNCTION:
+sk_new_null                             2411	EXIST::FUNCTION:
+CRYPTO_set_dynlock_destroy_callback     2412	EXIST:!VMS:FUNCTION:
+CRYPTO_set_dynlock_destroy_cb           2412	EXIST:VMS:FUNCTION:
+CRYPTO_destroy_dynlockid                2413	EXIST::FUNCTION:
+CRYPTO_set_dynlock_size                 2414	NOEXIST::FUNCTION:
+CRYPTO_set_dynlock_create_callback      2415	EXIST:!VMS:FUNCTION:
+CRYPTO_set_dynlock_create_cb            2415	EXIST:VMS:FUNCTION:
+CRYPTO_set_dynlock_lock_callback        2416	EXIST:!VMS:FUNCTION:
+CRYPTO_set_dynlock_lock_cb              2416	EXIST:VMS:FUNCTION:
+CRYPTO_get_dynlock_lock_callback        2417	EXIST:!VMS:FUNCTION:
+CRYPTO_get_dynlock_lock_cb              2417	EXIST:VMS:FUNCTION:
+CRYPTO_get_dynlock_destroy_callback     2418	EXIST:!VMS:FUNCTION:
+CRYPTO_get_dynlock_destroy_cb           2418	EXIST:VMS:FUNCTION:
+CRYPTO_get_dynlock_value                2419	EXIST::FUNCTION:
+CRYPTO_get_dynlock_create_callback      2420	EXIST:!VMS:FUNCTION:
+CRYPTO_get_dynlock_create_cb            2420	EXIST:VMS:FUNCTION:
+c2i_ASN1_BIT_STRING                     2421	EXIST::FUNCTION:
+i2c_ASN1_BIT_STRING                     2422	EXIST::FUNCTION:
+RAND_poll                               2423	EXIST::FUNCTION:
+c2i_ASN1_INTEGER                        2424	EXIST::FUNCTION:
+i2c_ASN1_INTEGER                        2425	EXIST::FUNCTION:
+BIO_dump_indent                         2426	EXIST::FUNCTION:
+ASN1_parse_dump                         2427	EXIST::FUNCTION:BIO
+c2i_ASN1_OBJECT                         2428	EXIST::FUNCTION:
+X509_NAME_print_ex_fp                   2429	EXIST::FUNCTION:FP_API
+ASN1_STRING_print_ex_fp                 2430	EXIST::FUNCTION:FP_API
+X509_NAME_print_ex                      2431	EXIST::FUNCTION:BIO
+ASN1_STRING_print_ex                    2432	EXIST::FUNCTION:BIO
+MD4                                     2433	EXIST::FUNCTION:MD4
+MD4_Transform                           2434	EXIST::FUNCTION:MD4
+MD4_Final                               2435	EXIST::FUNCTION:MD4
+MD4_Update                              2436	EXIST::FUNCTION:MD4
+MD4_Init                                2437	EXIST::FUNCTION:MD4
+EVP_md4                                 2438	EXIST::FUNCTION:MD4
+i2d_PUBKEY_bio                          2439	EXIST::FUNCTION:BIO
+i2d_PUBKEY_fp                           2440	EXIST::FUNCTION:FP_API
+d2i_PUBKEY_bio                          2441	EXIST::FUNCTION:BIO
+ASN1_STRING_to_UTF8                     2442	EXIST::FUNCTION:
+BIO_vprintf                             2443	EXIST::FUNCTION:
+BIO_vsnprintf                           2444	EXIST::FUNCTION:
+d2i_PUBKEY_fp                           2445	EXIST::FUNCTION:FP_API
+X509_cmp_time                           2446	EXIST::FUNCTION:
+X509_STORE_CTX_set_time                 2447	EXIST::FUNCTION:
+X509_STORE_CTX_get1_issuer              2448	EXIST::FUNCTION:
+X509_OBJECT_retrieve_match              2449	EXIST::FUNCTION:
+X509_OBJECT_idx_by_subject              2450	EXIST::FUNCTION:
+X509_STORE_CTX_set_flags                2451	EXIST::FUNCTION:
+X509_STORE_CTX_trusted_stack            2452	EXIST::FUNCTION:
+X509_time_adj                           2453	EXIST::FUNCTION:
+X509_check_issued                       2454	EXIST::FUNCTION:
+ASN1_UTCTIME_cmp_time_t                 2455	EXIST::FUNCTION:
+DES_set_weak_key_flag                   2456	NOEXIST::FUNCTION:
+DES_check_key                           2457	NOEXIST::FUNCTION:
+DES_rw_mode                             2458	NOEXIST::FUNCTION:
+RSA_PKCS1_RSAref                        2459	NOEXIST::FUNCTION:
+X509_keyid_set1                         2460	EXIST::FUNCTION:
+BIO_next                                2461	EXIST::FUNCTION:
+DSO_METHOD_vms                          2462	EXIST::FUNCTION:
+BIO_f_linebuffer                        2463	EXIST:VMS:FUNCTION:
+BN_bntest_rand                          2464	EXIST::FUNCTION:
+OPENSSL_issetugid                       2465	EXIST::FUNCTION:
+BN_rand_range                           2466	EXIST::FUNCTION:
+ERR_load_ENGINE_strings                 2467	EXIST::FUNCTION:
+ENGINE_set_DSA                          2468	EXIST::FUNCTION:
+ENGINE_get_finish_function              2469	EXIST::FUNCTION:
+ENGINE_get_default_RSA                  2470	EXIST::FUNCTION:
+ENGINE_get_BN_mod_exp                   2471	NOEXIST::FUNCTION:
+DSA_get_default_openssl_method          2472	NOEXIST::FUNCTION:
+ENGINE_set_DH                           2473	EXIST::FUNCTION:
+ENGINE_set_def_BN_mod_exp_crt           2474	NOEXIST::FUNCTION:
+ENGINE_set_default_BN_mod_exp_crt       2474	NOEXIST::FUNCTION:
+ENGINE_init                             2475	EXIST::FUNCTION:
+DH_get_default_openssl_method           2476	NOEXIST::FUNCTION:
+RSA_set_default_openssl_method          2477	NOEXIST::FUNCTION:
+ENGINE_finish                           2478	EXIST::FUNCTION:
+ENGINE_load_public_key                  2479	EXIST::FUNCTION:
+ENGINE_get_DH                           2480	EXIST::FUNCTION:
+ENGINE_ctrl                             2481	EXIST::FUNCTION:
+ENGINE_get_init_function                2482	EXIST::FUNCTION:
+ENGINE_set_init_function                2483	EXIST::FUNCTION:
+ENGINE_set_default_DSA                  2484	EXIST::FUNCTION:
+ENGINE_get_name                         2485	EXIST::FUNCTION:
+ENGINE_get_last                         2486	EXIST::FUNCTION:
+ENGINE_get_prev                         2487	EXIST::FUNCTION:
+ENGINE_get_default_DH                   2488	EXIST::FUNCTION:
+ENGINE_get_RSA                          2489	EXIST::FUNCTION:
+ENGINE_set_default                      2490	EXIST::FUNCTION:
+ENGINE_get_RAND                         2491	EXIST::FUNCTION:
+ENGINE_get_first                        2492	EXIST::FUNCTION:
+ENGINE_by_id                            2493	EXIST::FUNCTION:
+ENGINE_set_finish_function              2494	EXIST::FUNCTION:
+ENGINE_get_def_BN_mod_exp_crt           2495	NOEXIST::FUNCTION:
+ENGINE_get_default_BN_mod_exp_crt       2495	NOEXIST::FUNCTION:
+RSA_get_default_openssl_method          2496	NOEXIST::FUNCTION:
+ENGINE_set_RSA                          2497	EXIST::FUNCTION:
+ENGINE_load_private_key                 2498	EXIST::FUNCTION:
+ENGINE_set_default_RAND                 2499	EXIST::FUNCTION:
+ENGINE_set_BN_mod_exp                   2500	NOEXIST::FUNCTION:
+ENGINE_remove                           2501	EXIST::FUNCTION:
+ENGINE_free                             2502	EXIST::FUNCTION:
+ENGINE_get_BN_mod_exp_crt               2503	NOEXIST::FUNCTION:
+ENGINE_get_next                         2504	EXIST::FUNCTION:
+ENGINE_set_name                         2505	EXIST::FUNCTION:
+ENGINE_get_default_DSA                  2506	EXIST::FUNCTION:
+ENGINE_set_default_BN_mod_exp           2507	NOEXIST::FUNCTION:
+ENGINE_set_default_RSA                  2508	EXIST::FUNCTION:
+ENGINE_get_default_RAND                 2509	EXIST::FUNCTION:
+ENGINE_get_default_BN_mod_exp           2510	NOEXIST::FUNCTION:
+ENGINE_set_RAND                         2511	EXIST::FUNCTION:
+ENGINE_set_id                           2512	EXIST::FUNCTION:
+ENGINE_set_BN_mod_exp_crt               2513	NOEXIST::FUNCTION:
+ENGINE_set_default_DH                   2514	EXIST::FUNCTION:
+ENGINE_new                              2515	EXIST::FUNCTION:
+ENGINE_get_id                           2516	EXIST::FUNCTION:
+DSA_set_default_openssl_method          2517	NOEXIST::FUNCTION:
+ENGINE_add                              2518	EXIST::FUNCTION:
+DH_set_default_openssl_method           2519	NOEXIST::FUNCTION:
+ENGINE_get_DSA                          2520	EXIST::FUNCTION:
+ENGINE_get_ctrl_function                2521	EXIST::FUNCTION:
+ENGINE_set_ctrl_function                2522	EXIST::FUNCTION:
+BN_pseudo_rand_range                    2523	EXIST::FUNCTION:
+X509_STORE_CTX_set_verify_cb            2524	EXIST::FUNCTION:
+ERR_load_COMP_strings                   2525	EXIST::FUNCTION:
+PKCS12_item_decrypt_d2i                 2526	EXIST::FUNCTION:
+ASN1_UTF8STRING_it                      2527	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UTF8STRING_it                      2527	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_unregister_ciphers               2528	EXIST::FUNCTION:
+ENGINE_get_ciphers                      2529	EXIST::FUNCTION:
+d2i_OCSP_BASICRESP                      2530	EXIST::FUNCTION:
+KRB5_CHECKSUM_it                        2531	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_CHECKSUM_it                        2531	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_POINT_add                            2532	EXIST::FUNCTION:EC
+ASN1_item_ex_i2d                        2533	EXIST::FUNCTION:
+OCSP_CERTID_it                          2534	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_CERTID_it                          2534	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_RESPBYTES                      2535	EXIST::FUNCTION:
+X509V3_add1_i2d                         2536	EXIST::FUNCTION:
+PKCS7_ENVELOPE_it                       2537	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENVELOPE_it                       2537	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_add_input_boolean                    2538	EXIST::FUNCTION:
+ENGINE_unregister_RSA                   2539	EXIST::FUNCTION:
+X509V3_EXT_nconf                        2540	EXIST::FUNCTION:
+ASN1_GENERALSTRING_free                 2541	EXIST::FUNCTION:
+d2i_OCSP_CERTSTATUS                     2542	EXIST::FUNCTION:
+X509_REVOKED_set_serialNumber           2543	EXIST::FUNCTION:
+X509_print_ex                           2544	EXIST::FUNCTION:BIO
+OCSP_ONEREQ_get1_ext_d2i                2545	EXIST::FUNCTION:
+ENGINE_register_all_RAND                2546	EXIST::FUNCTION:
+ENGINE_load_dynamic                     2547	EXIST::FUNCTION:
+PBKDF2PARAM_it                          2548	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBKDF2PARAM_it                          2548	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EXTENDED_KEY_USAGE_new                  2549	EXIST::FUNCTION:
+EC_GROUP_clear_free                     2550	EXIST::FUNCTION:EC
+OCSP_sendreq_bio                        2551	EXIST::FUNCTION:
+ASN1_item_digest                        2552	EXIST::FUNCTION:EVP
+OCSP_BASICRESP_delete_ext               2553	EXIST::FUNCTION:
+OCSP_SIGNATURE_it                       2554	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_SIGNATURE_it                       2554	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CRL_it                             2555	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CRL_it                             2555	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_BASICRESP_add_ext                  2556	EXIST::FUNCTION:
+KRB5_ENCKEY_it                          2557	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_ENCKEY_it                          2557	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_method_set_closer                    2558	EXIST::FUNCTION:
+X509_STORE_set_purpose                  2559	EXIST::FUNCTION:
+i2d_ASN1_GENERALSTRING                  2560	EXIST::FUNCTION:
+OCSP_response_status                    2561	EXIST::FUNCTION:
+i2d_OCSP_SERVICELOC                     2562	EXIST::FUNCTION:
+ENGINE_get_digest_engine                2563	EXIST::FUNCTION:
+EC_GROUP_set_curve_GFp                  2564	EXIST::FUNCTION:EC
+OCSP_REQUEST_get_ext_by_OBJ             2565	EXIST::FUNCTION:
+_ossl_old_des_random_key                2566	EXIST::FUNCTION:DES
+ASN1_T61STRING_it                       2567	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_T61STRING_it                       2567	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_method_of                      2568	EXIST::FUNCTION:EC
+i2d_KRB5_APREQ                          2569	EXIST::FUNCTION:
+_ossl_old_des_encrypt                   2570	EXIST::FUNCTION:DES
+ASN1_PRINTABLE_new                      2571	EXIST::FUNCTION:
+HMAC_Init_ex                            2572	EXIST::FUNCTION:HMAC
+d2i_KRB5_AUTHENT                        2573	EXIST::FUNCTION:
+OCSP_archive_cutoff_new                 2574	EXIST::FUNCTION:
+EC_POINT_set_Jprojective_coordinates_GFp 2575	EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_Jproj_coords_GFp           2575	EXIST:VMS:FUNCTION:EC
+_ossl_old_des_is_weak_key               2576	EXIST::FUNCTION:DES
+OCSP_BASICRESP_get_ext_by_OBJ           2577	EXIST::FUNCTION:
+EC_POINT_oct2point                      2578	EXIST::FUNCTION:EC
+OCSP_SINGLERESP_get_ext_count           2579	EXIST::FUNCTION:
+UI_ctrl                                 2580	EXIST::FUNCTION:
+_shadow_DES_rw_mode                     2581	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
+_shadow_DES_rw_mode                     2581	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
+asn1_do_adb                             2582	EXIST::FUNCTION:
+ASN1_template_i2d                       2583	EXIST::FUNCTION:
+ENGINE_register_DH                      2584	EXIST::FUNCTION:
+UI_construct_prompt                     2585	EXIST::FUNCTION:
+X509_STORE_set_trust                    2586	EXIST::FUNCTION:
+UI_dup_input_string                     2587	EXIST::FUNCTION:
+d2i_KRB5_APREQ                          2588	EXIST::FUNCTION:
+EVP_MD_CTX_copy_ex                      2589	EXIST::FUNCTION:
+OCSP_request_is_signed                  2590	EXIST::FUNCTION:
+i2d_OCSP_REQINFO                        2591	EXIST::FUNCTION:
+KRB5_ENCKEY_free                        2592	EXIST::FUNCTION:
+OCSP_resp_get0                          2593	EXIST::FUNCTION:
+GENERAL_NAME_it                         2594	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_NAME_it                         2594	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_GENERALIZEDTIME_it                 2595	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_GENERALIZEDTIME_it                 2595	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_STORE_set_flags                    2596	EXIST::FUNCTION:
+EC_POINT_set_compressed_coordinates_GFp 2597	EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_compr_coords_GFp           2597	EXIST:VMS:FUNCTION:EC
+OCSP_response_status_str                2598	EXIST::FUNCTION:
+d2i_OCSP_REVOKEDINFO                    2599	EXIST::FUNCTION:
+OCSP_basic_add1_cert                    2600	EXIST::FUNCTION:
+ERR_get_implementation                  2601	EXIST::FUNCTION:
+EVP_CipherFinal_ex                      2602	EXIST::FUNCTION:
+OCSP_CERTSTATUS_new                     2603	EXIST::FUNCTION:
+CRYPTO_cleanup_all_ex_data              2604	EXIST::FUNCTION:
+OCSP_resp_find                          2605	EXIST::FUNCTION:
+BN_nnmod                                2606	EXIST::FUNCTION:
+X509_CRL_sort                           2607	EXIST::FUNCTION:
+X509_REVOKED_set_revocationDate         2608	EXIST::FUNCTION:
+ENGINE_register_RAND                    2609	EXIST::FUNCTION:
+OCSP_SERVICELOC_new                     2610	EXIST::FUNCTION:
+EC_POINT_set_affine_coordinates_GFp     2611	EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_affine_coords_GFp          2611	EXIST:VMS:FUNCTION:EC
+_ossl_old_des_options                   2612	EXIST::FUNCTION:DES
+SXNET_it                                2613	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+SXNET_it                                2613	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_dup_input_boolean                    2614	EXIST::FUNCTION:
+PKCS12_add_CSPName_asc                  2615	EXIST::FUNCTION:
+EC_POINT_is_at_infinity                 2616	EXIST::FUNCTION:EC
+ENGINE_load_cryptodev                   2617	EXIST::FUNCTION:
+DSO_convert_filename                    2618	EXIST::FUNCTION:
+POLICYQUALINFO_it                       2619	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICYQUALINFO_it                       2619	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_register_ciphers                 2620	EXIST::FUNCTION:
+BN_mod_lshift_quick                     2621	EXIST::FUNCTION:
+DSO_set_filename                        2622	EXIST::FUNCTION:
+ASN1_item_free                          2623	EXIST::FUNCTION:
+KRB5_TKTBODY_free                       2624	EXIST::FUNCTION:
+AUTHORITY_KEYID_it                      2625	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+AUTHORITY_KEYID_it                      2625	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_APREQBODY_new                      2626	EXIST::FUNCTION:
+X509V3_EXT_REQ_add_nconf                2627	EXIST::FUNCTION:
+ENGINE_ctrl_cmd_string                  2628	EXIST::FUNCTION:
+i2d_OCSP_RESPDATA                       2629	EXIST::FUNCTION:
+EVP_MD_CTX_init                         2630	EXIST::FUNCTION:
+EXTENDED_KEY_USAGE_free                 2631	EXIST::FUNCTION:
+PKCS7_ATTR_SIGN_it                      2632	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ATTR_SIGN_it                      2632	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_add_error_string                     2633	EXIST::FUNCTION:
+KRB5_CHECKSUM_free                      2634	EXIST::FUNCTION:
+OCSP_REQUEST_get_ext                    2635	EXIST::FUNCTION:
+ENGINE_load_ubsec                       2636	EXIST::FUNCTION:STATIC_ENGINE
+ENGINE_register_all_digests             2637	EXIST::FUNCTION:
+PKEY_USAGE_PERIOD_it                    2638	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKEY_USAGE_PERIOD_it                    2638	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_unpack_authsafes                 2639	EXIST::FUNCTION:
+ASN1_item_unpack                        2640	EXIST::FUNCTION:
+NETSCAPE_SPKAC_it                       2641	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_SPKAC_it                       2641	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_REVOKED_it                         2642	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REVOKED_it                         2642	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_STRING_encode                      2643	EXIST::FUNCTION:
+EVP_aes_128_ecb                         2644	EXIST::FUNCTION:AES
+KRB5_AUTHENT_free                       2645	EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_by_critical      2646	EXIST:!VMS:FUNCTION:
+OCSP_BASICRESP_get_ext_by_crit          2646	EXIST:VMS:FUNCTION:
+OCSP_cert_status_str                    2647	EXIST::FUNCTION:
+d2i_OCSP_REQUEST                        2648	EXIST::FUNCTION:
+UI_dup_info_string                      2649	EXIST::FUNCTION:
+_ossl_old_des_xwhite_in2out             2650	EXIST::FUNCTION:DES
+PKCS12_it                               2651	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_it                               2651	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_SINGLERESP_get_ext_by_critical     2652	EXIST:!VMS:FUNCTION:
+OCSP_SINGLERESP_get_ext_by_crit         2652	EXIST:VMS:FUNCTION:
+OCSP_CERTSTATUS_free                    2653	EXIST::FUNCTION:
+_ossl_old_des_crypt                     2654	EXIST::FUNCTION:DES
+ASN1_item_i2d                           2655	EXIST::FUNCTION:
+EVP_DecryptFinal_ex                     2656	EXIST::FUNCTION:
+ENGINE_load_openssl                     2657	EXIST::FUNCTION:
+ENGINE_get_cmd_defns                    2658	EXIST::FUNCTION:
+ENGINE_set_load_privkey_function        2659	EXIST:!VMS:FUNCTION:
+ENGINE_set_load_privkey_fn              2659	EXIST:VMS:FUNCTION:
+EVP_EncryptFinal_ex                     2660	EXIST::FUNCTION:
+ENGINE_set_default_digests              2661	EXIST::FUNCTION:
+X509_get0_pubkey_bitstr                 2662	EXIST::FUNCTION:
+asn1_ex_i2c                             2663	EXIST::FUNCTION:
+ENGINE_register_RSA                     2664	EXIST::FUNCTION:
+ENGINE_unregister_DSA                   2665	EXIST::FUNCTION:
+_ossl_old_des_key_sched                 2666	EXIST::FUNCTION:DES
+X509_EXTENSION_it                       2667	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_EXTENSION_it                       2667	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_KRB5_AUTHENT                        2668	EXIST::FUNCTION:
+SXNETID_it                              2669	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+SXNETID_it                              2669	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_SINGLERESP                     2670	EXIST::FUNCTION:
+EDIPARTYNAME_new                        2671	EXIST::FUNCTION:
+PKCS12_certbag2x509                     2672	EXIST::FUNCTION:
+_ossl_old_des_ofb64_encrypt             2673	EXIST::FUNCTION:DES
+d2i_EXTENDED_KEY_USAGE                  2674	EXIST::FUNCTION:
+ERR_print_errors_cb                     2675	EXIST::FUNCTION:
+ENGINE_set_ciphers                      2676	EXIST::FUNCTION:
+d2i_KRB5_APREQBODY                      2677	EXIST::FUNCTION:
+UI_method_get_flusher                   2678	EXIST::FUNCTION:
+X509_PUBKEY_it                          2679	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_PUBKEY_it                          2679	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_enc_read                  2680	EXIST::FUNCTION:DES
+PKCS7_ENCRYPT_it                        2681	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENCRYPT_it                        2681	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_OCSP_RESPONSE                       2682	EXIST::FUNCTION:
+EC_GROUP_get_cofactor                   2683	EXIST::FUNCTION:EC
+PKCS12_unpack_p7data                    2684	EXIST::FUNCTION:
+d2i_KRB5_AUTHDATA                       2685	EXIST::FUNCTION:
+OCSP_copy_nonce                         2686	EXIST::FUNCTION:
+KRB5_AUTHDATA_new                       2687	EXIST::FUNCTION:
+OCSP_RESPDATA_new                       2688	EXIST::FUNCTION:
+EC_GFp_mont_method                      2689	EXIST::FUNCTION:EC
+OCSP_REVOKEDINFO_free                   2690	EXIST::FUNCTION:
+UI_get_ex_data                          2691	EXIST::FUNCTION:
+KRB5_APREQBODY_free                     2692	EXIST::FUNCTION:
+EC_GROUP_get0_generator                 2693	EXIST::FUNCTION:EC
+UI_get_default_method                   2694	EXIST::FUNCTION:
+X509V3_set_nconf                        2695	EXIST::FUNCTION:
+PKCS12_item_i2d_encrypt                 2696	EXIST::FUNCTION:
+X509_add1_ext_i2d                       2697	EXIST::FUNCTION:
+PKCS7_SIGNER_INFO_it                    2698	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGNER_INFO_it                    2698	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_PRINCNAME_new                      2699	EXIST::FUNCTION:
+PKCS12_SAFEBAG_it                       2700	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_SAFEBAG_it                       2700	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_get_order                      2701	EXIST::FUNCTION:EC
+d2i_OCSP_RESPID                         2702	EXIST::FUNCTION:
+OCSP_request_verify                     2703	EXIST::FUNCTION:
+NCONF_get_number_e                      2704	EXIST::FUNCTION:
+_ossl_old_des_decrypt3                  2705	EXIST::FUNCTION:DES
+X509_signature_print                    2706	EXIST::FUNCTION:EVP
+OCSP_SINGLERESP_free                    2707	EXIST::FUNCTION:
+ENGINE_load_builtin_engines             2708	EXIST::FUNCTION:
+i2d_OCSP_ONEREQ                         2709	EXIST::FUNCTION:
+OCSP_REQUEST_add_ext                    2710	EXIST::FUNCTION:
+OCSP_RESPBYTES_new                      2711	EXIST::FUNCTION:
+EVP_MD_CTX_create                       2712	EXIST::FUNCTION:
+OCSP_resp_find_status                   2713	EXIST::FUNCTION:
+X509_ALGOR_it                           2714	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_ALGOR_it                           2714	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_TIME_it                            2715	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_TIME_it                            2715	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_request_set1_name                  2716	EXIST::FUNCTION:
+OCSP_ONEREQ_get_ext_count               2717	EXIST::FUNCTION:
+UI_get0_result                          2718	EXIST::FUNCTION:
+PKCS12_AUTHSAFES_it                     2719	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_AUTHSAFES_it                     2719	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_aes_256_ecb                         2720	EXIST::FUNCTION:AES
+PKCS12_pack_authsafes                   2721	EXIST::FUNCTION:
+ASN1_IA5STRING_it                       2722	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_IA5STRING_it                       2722	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_get_input_flags                      2723	EXIST::FUNCTION:
+EC_GROUP_set_generator                  2724	EXIST::FUNCTION:EC
+_ossl_old_des_string_to_2keys           2725	EXIST::FUNCTION:DES
+OCSP_CERTID_free                        2726	EXIST::FUNCTION:
+X509_CERT_AUX_it                        2727	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CERT_AUX_it                        2727	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CERTIFICATEPOLICIES_it                  2728	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CERTIFICATEPOLICIES_it                  2728	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_ede3_cbc_encrypt          2729	EXIST::FUNCTION:DES
+RAND_set_rand_engine                    2730	EXIST::FUNCTION:
+DSO_get_loaded_filename                 2731	EXIST::FUNCTION:
+X509_ATTRIBUTE_it                       2732	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_ATTRIBUTE_it                       2732	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_ONEREQ_get_ext_by_NID              2733	EXIST::FUNCTION:
+PKCS12_decrypt_skey                     2734	EXIST::FUNCTION:
+KRB5_AUTHENT_it                         2735	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_AUTHENT_it                         2735	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_dup_error_string                     2736	EXIST::FUNCTION:
+RSAPublicKey_it                         2737	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSAPublicKey_it                         2737	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+i2d_OCSP_REQUEST                        2738	EXIST::FUNCTION:
+PKCS12_x509crl2certbag                  2739	EXIST::FUNCTION:
+OCSP_SERVICELOC_it                      2740	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_SERVICELOC_it                      2740	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_item_sign                          2741	EXIST::FUNCTION:EVP
+X509_CRL_set_issuer_name                2742	EXIST::FUNCTION:
+OBJ_NAME_do_all_sorted                  2743	EXIST::FUNCTION:
+i2d_OCSP_BASICRESP                      2744	EXIST::FUNCTION:
+i2d_OCSP_RESPBYTES                      2745	EXIST::FUNCTION:
+PKCS12_unpack_p7encdata                 2746	EXIST::FUNCTION:
+HMAC_CTX_init                           2747	EXIST::FUNCTION:HMAC
+ENGINE_get_digest                       2748	EXIST::FUNCTION:
+OCSP_RESPONSE_print                     2749	EXIST::FUNCTION:
+KRB5_TKTBODY_it                         2750	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_TKTBODY_it                         2750	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ACCESS_DESCRIPTION_it                   2751	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ACCESS_DESCRIPTION_it                   2751	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS7_ISSUER_AND_SERIAL_it              2752	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ISSUER_AND_SERIAL_it              2752	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PBE2PARAM_it                            2753	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBE2PARAM_it                            2753	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_certbag2x509crl                  2754	EXIST::FUNCTION:
+PKCS7_SIGNED_it                         2755	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGNED_it                         2755	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_cipher                       2756	EXIST::FUNCTION:
+i2d_OCSP_CRLID                          2757	EXIST::FUNCTION:
+OCSP_SINGLERESP_new                     2758	EXIST::FUNCTION:
+ENGINE_cmd_is_executable                2759	EXIST::FUNCTION:
+RSA_up_ref                              2760	EXIST::FUNCTION:RSA
+ASN1_GENERALSTRING_it                   2761	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_GENERALSTRING_it                   2761	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_register_DSA                     2762	EXIST::FUNCTION:
+X509V3_EXT_add_nconf_sk                 2763	EXIST::FUNCTION:
+ENGINE_set_load_pubkey_function         2764	EXIST::FUNCTION:
+PKCS8_decrypt                           2765	EXIST::FUNCTION:
+PEM_bytes_read_bio                      2766	EXIST::FUNCTION:BIO
+DIRECTORYSTRING_it                      2767	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIRECTORYSTRING_it                      2767	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_CRLID                          2768	EXIST::FUNCTION:
+EC_POINT_is_on_curve                    2769	EXIST::FUNCTION:EC
+CRYPTO_set_locked_mem_ex_functions      2770	EXIST:!VMS:FUNCTION:
+CRYPTO_set_locked_mem_ex_funcs          2770	EXIST:VMS:FUNCTION:
+d2i_KRB5_CHECKSUM                       2771	EXIST::FUNCTION:
+ASN1_item_dup                           2772	EXIST::FUNCTION:
+X509_it                                 2773	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_it                                 2773	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_mod_add                              2774	EXIST::FUNCTION:
+KRB5_AUTHDATA_free                      2775	EXIST::FUNCTION:
+_ossl_old_des_cbc_cksum                 2776	EXIST::FUNCTION:DES
+ASN1_item_verify                        2777	EXIST::FUNCTION:EVP
+CRYPTO_set_mem_ex_functions             2778	EXIST::FUNCTION:
+EC_POINT_get_Jprojective_coordinates_GFp 2779	EXIST:!VMS:FUNCTION:EC
+EC_POINT_get_Jproj_coords_GFp           2779	EXIST:VMS:FUNCTION:EC
+ZLONG_it                                2780	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ZLONG_it                                2780	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_get_locked_mem_ex_functions      2781	EXIST:!VMS:FUNCTION:
+CRYPTO_get_locked_mem_ex_funcs          2781	EXIST:VMS:FUNCTION:
+ASN1_TIME_check                         2782	EXIST::FUNCTION:
+UI_get0_user_data                       2783	EXIST::FUNCTION:
+HMAC_CTX_cleanup                        2784	EXIST::FUNCTION:HMAC
+DSA_up_ref                              2785	EXIST::FUNCTION:DSA
+_ossl_old_des_ede3_cfb64_encrypt        2786	EXIST:!VMS:FUNCTION:DES
+_ossl_odes_ede3_cfb64_encrypt           2786	EXIST:VMS:FUNCTION:DES
+ASN1_BMPSTRING_it                       2787	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BMPSTRING_it                       2787	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_tag2bit                            2788	EXIST::FUNCTION:
+UI_method_set_flusher                   2789	EXIST::FUNCTION:
+X509_ocspid_print                       2790	EXIST::FUNCTION:BIO
+KRB5_ENCDATA_it                         2791	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_ENCDATA_it                         2791	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_load_pubkey_function         2792	EXIST::FUNCTION:
+UI_add_user_data                        2793	EXIST::FUNCTION:
+OCSP_REQUEST_delete_ext                 2794	EXIST::FUNCTION:
+UI_get_method                           2795	EXIST::FUNCTION:
+OCSP_ONEREQ_free                        2796	EXIST::FUNCTION:
+ASN1_PRINTABLESTRING_it                 2797	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_PRINTABLESTRING_it                 2797	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CRL_set_nextUpdate                 2798	EXIST::FUNCTION:
+OCSP_REQUEST_it                         2799	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_REQUEST_it                         2799	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_BASICRESP_it                       2800	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_BASICRESP_it                       2800	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AES_ecb_encrypt                         2801	EXIST::FUNCTION:AES
+BN_mod_sqr                              2802	EXIST::FUNCTION:
+NETSCAPE_CERT_SEQUENCE_it               2803	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_CERT_SEQUENCE_it               2803	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+GENERAL_NAMES_it                        2804	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+GENERAL_NAMES_it                        2804	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AUTHORITY_INFO_ACCESS_it                2805	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+AUTHORITY_INFO_ACCESS_it                2805	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_FBOOLEAN_it                        2806	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_FBOOLEAN_it                        2806	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_set_ex_data                          2807	EXIST::FUNCTION:
+_ossl_old_des_string_to_key             2808	EXIST::FUNCTION:DES
+ENGINE_register_all_RSA                 2809	EXIST::FUNCTION:
+d2i_KRB5_PRINCNAME                      2810	EXIST::FUNCTION:
+OCSP_RESPBYTES_it                       2811	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPBYTES_it                       2811	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CINF_it                            2812	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CINF_it                            2812	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_unregister_digests               2813	EXIST::FUNCTION:
+d2i_EDIPARTYNAME                        2814	EXIST::FUNCTION:
+d2i_OCSP_SERVICELOC                     2815	EXIST::FUNCTION:
+ENGINE_get_digests                      2816	EXIST::FUNCTION:
+_ossl_old_des_set_odd_parity            2817	EXIST::FUNCTION:DES
+OCSP_RESPDATA_free                      2818	EXIST::FUNCTION:
+d2i_KRB5_TICKET                         2819	EXIST::FUNCTION:
+OTHERNAME_it                            2820	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OTHERNAME_it                            2820	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_MD_CTX_cleanup                      2821	EXIST::FUNCTION:
+d2i_ASN1_GENERALSTRING                  2822	EXIST::FUNCTION:
+X509_CRL_set_version                    2823	EXIST::FUNCTION:
+BN_mod_sub                              2824	EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext_by_NID          2825	EXIST::FUNCTION:
+ENGINE_get_ex_new_index                 2826	EXIST::FUNCTION:
+OCSP_REQUEST_free                       2827	EXIST::FUNCTION:
+OCSP_REQUEST_add1_ext_i2d               2828	EXIST::FUNCTION:
+X509_VAL_it                             2829	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_VAL_it                             2829	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_POINTs_make_affine                   2830	EXIST::FUNCTION:EC
+EC_POINT_mul                            2831	EXIST::FUNCTION:EC
+X509V3_EXT_add_nconf                    2832	EXIST::FUNCTION:
+X509_TRUST_set                          2833	EXIST::FUNCTION:
+X509_CRL_add1_ext_i2d                   2834	EXIST::FUNCTION:
+_ossl_old_des_fcrypt                    2835	EXIST::FUNCTION:DES
+DISPLAYTEXT_it                          2836	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DISPLAYTEXT_it                          2836	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_CRL_set_lastUpdate                 2837	EXIST::FUNCTION:
+OCSP_BASICRESP_free                     2838	EXIST::FUNCTION:
+OCSP_BASICRESP_add1_ext_i2d             2839	EXIST::FUNCTION:
+d2i_KRB5_AUTHENTBODY                    2840	EXIST::FUNCTION:
+CRYPTO_set_ex_data_implementation       2841	EXIST:!VMS:FUNCTION:
+CRYPTO_set_ex_data_impl                 2841	EXIST:VMS:FUNCTION:
+KRB5_ENCDATA_new                        2842	EXIST::FUNCTION:
+DSO_up_ref                              2843	EXIST::FUNCTION:
+OCSP_crl_reason_str                     2844	EXIST::FUNCTION:
+UI_get0_result_string                   2845	EXIST::FUNCTION:
+ASN1_GENERALSTRING_new                  2846	EXIST::FUNCTION:
+X509_SIG_it                             2847	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_SIG_it                             2847	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ERR_set_implementation                  2848	EXIST::FUNCTION:
+ERR_load_EC_strings                     2849	EXIST::FUNCTION:EC
+UI_get0_action_string                   2850	EXIST::FUNCTION:
+OCSP_ONEREQ_get_ext                     2851	EXIST::FUNCTION:
+EC_POINT_method_of                      2852	EXIST::FUNCTION:EC
+i2d_KRB5_APREQBODY                      2853	EXIST::FUNCTION:
+_ossl_old_des_ecb3_encrypt              2854	EXIST::FUNCTION:DES
+CRYPTO_get_mem_ex_functions             2855	EXIST::FUNCTION:
+ENGINE_get_ex_data                      2856	EXIST::FUNCTION:
+UI_destroy_method                       2857	EXIST::FUNCTION:
+ASN1_item_i2d_bio                       2858	EXIST::FUNCTION:BIO
+OCSP_ONEREQ_get_ext_by_OBJ              2859	EXIST::FUNCTION:
+ASN1_primitive_new                      2860	EXIST::FUNCTION:
+ASN1_PRINTABLE_it                       2861	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_PRINTABLE_it                       2861	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_aes_192_ecb                         2862	EXIST::FUNCTION:AES
+OCSP_SIGNATURE_new                      2863	EXIST::FUNCTION:
+LONG_it                                 2864	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+LONG_it                                 2864	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_VISIBLESTRING_it                   2865	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_VISIBLESTRING_it                   2865	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_SINGLERESP_add1_ext_i2d            2866	EXIST::FUNCTION:
+d2i_OCSP_CERTID                         2867	EXIST::FUNCTION:
+ASN1_item_d2i_fp                        2868	EXIST::FUNCTION:FP_API
+CRL_DIST_POINTS_it                      2869	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CRL_DIST_POINTS_it                      2869	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+GENERAL_NAME_print                      2870	EXIST::FUNCTION:
+OCSP_SINGLERESP_delete_ext              2871	EXIST::FUNCTION:
+PKCS12_SAFEBAGS_it                      2872	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_SAFEBAGS_it                      2872	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_SIGNATURE                      2873	EXIST::FUNCTION:
+OCSP_request_add1_nonce                 2874	EXIST::FUNCTION:
+ENGINE_set_cmd_defns                    2875	EXIST::FUNCTION:
+OCSP_SERVICELOC_free                    2876	EXIST::FUNCTION:
+EC_GROUP_free                           2877	EXIST::FUNCTION:EC
+ASN1_BIT_STRING_it                      2878	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BIT_STRING_it                      2878	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_REQ_it                             2879	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REQ_it                             2879	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_cbc_encrypt               2880	EXIST::FUNCTION:DES
+ERR_unload_strings                      2881	EXIST::FUNCTION:
+PKCS7_SIGN_ENVELOPE_it                  2882	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_SIGN_ENVELOPE_it                  2882	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EDIPARTYNAME_free                       2883	EXIST::FUNCTION:
+OCSP_REQINFO_free                       2884	EXIST::FUNCTION:
+EC_GROUP_new_curve_GFp                  2885	EXIST::FUNCTION:EC
+OCSP_REQUEST_get1_ext_d2i               2886	EXIST::FUNCTION:
+PKCS12_item_pack_safebag                2887	EXIST::FUNCTION:
+asn1_ex_c2i                             2888	EXIST::FUNCTION:
+ENGINE_register_digests                 2889	EXIST::FUNCTION:
+i2d_OCSP_REVOKEDINFO                    2890	EXIST::FUNCTION:
+asn1_enc_restore                        2891	EXIST::FUNCTION:
+UI_free                                 2892	EXIST::FUNCTION:
+UI_new_method                           2893	EXIST::FUNCTION:
+EVP_EncryptInit_ex                      2894	EXIST::FUNCTION:
+X509_pubkey_digest                      2895	EXIST::FUNCTION:EVP
+EC_POINT_invert                         2896	EXIST::FUNCTION:EC
+OCSP_basic_sign                         2897	EXIST::FUNCTION:
+i2d_OCSP_RESPID                         2898	EXIST::FUNCTION:
+OCSP_check_nonce                        2899	EXIST::FUNCTION:
+ENGINE_ctrl_cmd                         2900	EXIST::FUNCTION:
+d2i_KRB5_ENCKEY                         2901	EXIST::FUNCTION:
+OCSP_parse_url                          2902	EXIST::FUNCTION:
+OCSP_SINGLERESP_get_ext                 2903	EXIST::FUNCTION:
+OCSP_CRLID_free                         2904	EXIST::FUNCTION:
+OCSP_BASICRESP_get1_ext_d2i             2905	EXIST::FUNCTION:
+RSAPrivateKey_it                        2906	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSAPrivateKey_it                        2906	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+ENGINE_register_all_DH                  2907	EXIST::FUNCTION:
+i2d_EDIPARTYNAME                        2908	EXIST::FUNCTION:
+EC_POINT_get_affine_coordinates_GFp     2909	EXIST:!VMS:FUNCTION:EC
+EC_POINT_get_affine_coords_GFp          2909	EXIST:VMS:FUNCTION:EC
+OCSP_CRLID_new                          2910	EXIST::FUNCTION:
+ENGINE_get_flags                        2911	EXIST::FUNCTION:
+OCSP_ONEREQ_it                          2912	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_ONEREQ_it                          2912	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_process                              2913	EXIST::FUNCTION:
+ASN1_INTEGER_it                         2914	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_INTEGER_it                         2914	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_CipherInit_ex                       2915	EXIST::FUNCTION:
+UI_get_string_type                      2916	EXIST::FUNCTION:
+ENGINE_unregister_DH                    2917	EXIST::FUNCTION:
+ENGINE_register_all_DSA                 2918	EXIST::FUNCTION:
+OCSP_ONEREQ_get_ext_by_critical         2919	EXIST::FUNCTION:
+bn_dup_expand                           2920	EXIST::FUNCTION:
+OCSP_cert_id_new                        2921	EXIST::FUNCTION:
+BASIC_CONSTRAINTS_it                    2922	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+BASIC_CONSTRAINTS_it                    2922	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_mod_add_quick                        2923	EXIST::FUNCTION:
+EC_POINT_new                            2924	EXIST::FUNCTION:EC
+EVP_MD_CTX_destroy                      2925	EXIST::FUNCTION:
+OCSP_RESPBYTES_free                     2926	EXIST::FUNCTION:
+EVP_aes_128_cbc                         2927	EXIST::FUNCTION:AES
+OCSP_SINGLERESP_get1_ext_d2i            2928	EXIST::FUNCTION:
+EC_POINT_free                           2929	EXIST::FUNCTION:EC
+DH_up_ref                               2930	EXIST::FUNCTION:DH
+X509_NAME_ENTRY_it                      2931	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_NAME_ENTRY_it                      2931	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_get_ex_new_index                     2932	EXIST::FUNCTION:
+BN_mod_sub_quick                        2933	EXIST::FUNCTION:
+OCSP_ONEREQ_add_ext                     2934	EXIST::FUNCTION:
+OCSP_request_sign                       2935	EXIST::FUNCTION:
+EVP_DigestFinal_ex                      2936	EXIST::FUNCTION:
+ENGINE_set_digests                      2937	EXIST::FUNCTION:
+OCSP_id_issuer_cmp                      2938	EXIST::FUNCTION:
+OBJ_NAME_do_all                         2939	EXIST::FUNCTION:
+EC_POINTs_mul                           2940	EXIST::FUNCTION:EC
+ENGINE_register_complete                2941	EXIST::FUNCTION:
+X509V3_EXT_nconf_nid                    2942	EXIST::FUNCTION:
+ASN1_SEQUENCE_it                        2943	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_SEQUENCE_it                        2943	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_set_default_method                   2944	EXIST::FUNCTION:
+RAND_query_egd_bytes                    2945	EXIST::FUNCTION:
+UI_method_get_writer                    2946	EXIST::FUNCTION:
+UI_OpenSSL                              2947	EXIST::FUNCTION:
+PEM_def_callback                        2948	EXIST::FUNCTION:
+ENGINE_cleanup                          2949	EXIST::FUNCTION:
+DIST_POINT_it                           2950	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIST_POINT_it                           2950	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_SINGLERESP_it                      2951	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_SINGLERESP_it                      2951	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_KRB5_TKTBODY                        2952	EXIST::FUNCTION:
+EC_POINT_cmp                            2953	EXIST::FUNCTION:EC
+OCSP_REVOKEDINFO_new                    2954	EXIST::FUNCTION:
+i2d_OCSP_CERTSTATUS                     2955	EXIST::FUNCTION:
+OCSP_basic_add1_nonce                   2956	EXIST::FUNCTION:
+ASN1_item_ex_d2i                        2957	EXIST::FUNCTION:
+BN_mod_lshift1_quick                    2958	EXIST::FUNCTION:
+UI_set_method                           2959	EXIST::FUNCTION:
+OCSP_id_get0_info                       2960	EXIST::FUNCTION:
+BN_mod_sqrt                             2961	EXIST::FUNCTION:
+EC_GROUP_copy                           2962	EXIST::FUNCTION:EC
+KRB5_ENCDATA_free                       2963	EXIST::FUNCTION:
+_ossl_old_des_cfb_encrypt               2964	EXIST::FUNCTION:DES
+OCSP_SINGLERESP_get_ext_by_OBJ          2965	EXIST::FUNCTION:
+OCSP_cert_to_id                         2966	EXIST::FUNCTION:
+OCSP_RESPID_new                         2967	EXIST::FUNCTION:
+OCSP_RESPDATA_it                        2968	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPDATA_it                        2968	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_OCSP_RESPDATA                       2969	EXIST::FUNCTION:
+ENGINE_register_all_complete            2970	EXIST::FUNCTION:
+OCSP_check_validity                     2971	EXIST::FUNCTION:
+PKCS12_BAGS_it                          2972	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_BAGS_it                          2972	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_url_svcloc_new                     2973	EXIST::FUNCTION:
+ASN1_template_free                      2974	EXIST::FUNCTION:
+OCSP_SINGLERESP_add_ext                 2975	EXIST::FUNCTION:
+KRB5_AUTHENTBODY_it                     2976	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_AUTHENTBODY_it                     2976	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509_supported_extension                2977	EXIST::FUNCTION:
+i2d_KRB5_AUTHDATA                       2978	EXIST::FUNCTION:
+UI_method_get_opener                    2979	EXIST::FUNCTION:
+ENGINE_set_ex_data                      2980	EXIST::FUNCTION:
+OCSP_REQUEST_print                      2981	EXIST::FUNCTION:
+CBIGNUM_it                              2982	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+CBIGNUM_it                              2982	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_TICKET_new                         2983	EXIST::FUNCTION:
+KRB5_APREQ_new                          2984	EXIST::FUNCTION:
+EC_GROUP_get_curve_GFp                  2985	EXIST::FUNCTION:EC
+KRB5_ENCKEY_new                         2986	EXIST::FUNCTION:
+ASN1_template_d2i                       2987	EXIST::FUNCTION:
+_ossl_old_des_quad_cksum                2988	EXIST::FUNCTION:DES
+OCSP_single_get0_status                 2989	EXIST::FUNCTION:
+BN_swap                                 2990	EXIST::FUNCTION:
+POLICYINFO_it                           2991	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+POLICYINFO_it                           2991	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_set_destroy_function             2992	EXIST::FUNCTION:
+asn1_enc_free                           2993	EXIST::FUNCTION:
+OCSP_RESPID_it                          2994	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPID_it                          2994	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GROUP_new                            2995	EXIST::FUNCTION:EC
+EVP_aes_256_cbc                         2996	EXIST::FUNCTION:AES
+i2d_KRB5_PRINCNAME                      2997	EXIST::FUNCTION:
+_ossl_old_des_encrypt2                  2998	EXIST::FUNCTION:DES
+_ossl_old_des_encrypt3                  2999	EXIST::FUNCTION:DES
+PKCS8_PRIV_KEY_INFO_it                  3000	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS8_PRIV_KEY_INFO_it                  3000	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_REQINFO_it                         3001	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_REQINFO_it                         3001	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PBEPARAM_it                             3002	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PBEPARAM_it                             3002	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_AUTHENTBODY_new                    3003	EXIST::FUNCTION:
+X509_CRL_add0_revoked                   3004	EXIST::FUNCTION:
+EDIPARTYNAME_it                         3005	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+EDIPARTYNAME_it                         3005	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+NETSCAPE_SPKI_it                        3006	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NETSCAPE_SPKI_it                        3006	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_get0_test_string                     3007	EXIST::FUNCTION:
+ENGINE_get_cipher_engine                3008	EXIST::FUNCTION:
+ENGINE_register_all_ciphers             3009	EXIST::FUNCTION:
+EC_POINT_copy                           3010	EXIST::FUNCTION:EC
+BN_kronecker                            3011	EXIST::FUNCTION:
+_ossl_old_des_ede3_ofb64_encrypt        3012	EXIST:!VMS:FUNCTION:DES
+_ossl_odes_ede3_ofb64_encrypt           3012	EXIST:VMS:FUNCTION:DES
+UI_method_get_reader                    3013	EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_count            3014	EXIST::FUNCTION:
+ASN1_ENUMERATED_it                      3015	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_ENUMERATED_it                      3015	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_set_result                           3016	EXIST::FUNCTION:
+i2d_KRB5_TICKET                         3017	EXIST::FUNCTION:
+X509_print_ex_fp                        3018	EXIST::FUNCTION:FP_API
+EVP_CIPHER_CTX_set_padding              3019	EXIST::FUNCTION:
+d2i_OCSP_RESPONSE                       3020	EXIST::FUNCTION:
+ASN1_UTCTIME_it                         3021	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UTCTIME_it                         3021	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+_ossl_old_des_enc_write                 3022	EXIST::FUNCTION:DES
+OCSP_RESPONSE_new                       3023	EXIST::FUNCTION:
+AES_set_encrypt_key                     3024	EXIST::FUNCTION:AES
+OCSP_resp_count                         3025	EXIST::FUNCTION:
+KRB5_CHECKSUM_new                       3026	EXIST::FUNCTION:
+ENGINE_load_cswift                      3027	EXIST::FUNCTION:STATIC_ENGINE
+OCSP_onereq_get0_id                     3028	EXIST::FUNCTION:
+ENGINE_set_default_ciphers              3029	EXIST::FUNCTION:
+NOTICEREF_it                            3030	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+NOTICEREF_it                            3030	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509V3_EXT_CRL_add_nconf                3031	EXIST::FUNCTION:
+OCSP_REVOKEDINFO_it                     3032	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_REVOKEDINFO_it                     3032	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AES_encrypt                             3033	EXIST::FUNCTION:AES
+OCSP_REQUEST_new                        3034	EXIST::FUNCTION:
+ASN1_ANY_it                             3035	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_ANY_it                             3035	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+CRYPTO_ex_data_new_class                3036	EXIST::FUNCTION:
+_ossl_old_des_ncbc_encrypt              3037	EXIST::FUNCTION:DES
+i2d_KRB5_TKTBODY                        3038	EXIST::FUNCTION:
+EC_POINT_clear_free                     3039	EXIST::FUNCTION:EC
+AES_decrypt                             3040	EXIST::FUNCTION:AES
+asn1_enc_init                           3041	EXIST::FUNCTION:
+UI_get_result_maxsize                   3042	EXIST::FUNCTION:
+OCSP_CERTID_new                         3043	EXIST::FUNCTION:
+ENGINE_unregister_RAND                  3044	EXIST::FUNCTION:
+UI_method_get_closer                    3045	EXIST::FUNCTION:
+d2i_KRB5_ENCDATA                        3046	EXIST::FUNCTION:
+OCSP_request_onereq_count               3047	EXIST::FUNCTION:
+OCSP_basic_verify                       3048	EXIST::FUNCTION:
+KRB5_AUTHENTBODY_free                   3049	EXIST::FUNCTION:
+ASN1_item_d2i                           3050	EXIST::FUNCTION:
+ASN1_primitive_free                     3051	EXIST::FUNCTION:
+i2d_EXTENDED_KEY_USAGE                  3052	EXIST::FUNCTION:
+i2d_OCSP_SIGNATURE                      3053	EXIST::FUNCTION:
+asn1_enc_save                           3054	EXIST::FUNCTION:
+ENGINE_load_nuron                       3055	EXIST::FUNCTION:STATIC_ENGINE
+_ossl_old_des_pcbc_encrypt              3056	EXIST::FUNCTION:DES
+PKCS12_MAC_DATA_it                      3057	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS12_MAC_DATA_it                      3057	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_accept_responses_new               3058	EXIST::FUNCTION:
+asn1_do_lock                            3059	EXIST::FUNCTION:
+PKCS7_ATTR_VERIFY_it                    3060	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ATTR_VERIFY_it                    3060	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+KRB5_APREQBODY_it                       3061	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_APREQBODY_it                       3061	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_OCSP_SINGLERESP                     3062	EXIST::FUNCTION:
+ASN1_item_ex_new                        3063	EXIST::FUNCTION:
+UI_add_verify_string                    3064	EXIST::FUNCTION:
+_ossl_old_des_set_key                   3065	EXIST::FUNCTION:DES
+KRB5_PRINCNAME_it                       3066	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_PRINCNAME_it                       3066	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_DecryptInit_ex                      3067	EXIST::FUNCTION:
+i2d_OCSP_CERTID                         3068	EXIST::FUNCTION:
+ASN1_item_d2i_bio                       3069	EXIST::FUNCTION:BIO
+EC_POINT_dbl                            3070	EXIST::FUNCTION:EC
+asn1_get_choice_selector                3071	EXIST::FUNCTION:
+i2d_KRB5_CHECKSUM                       3072	EXIST::FUNCTION:
+ENGINE_set_table_flags                  3073	EXIST::FUNCTION:
+AES_options                             3074	EXIST::FUNCTION:AES
+ENGINE_load_chil                        3075	EXIST::FUNCTION:STATIC_ENGINE
+OCSP_id_cmp                             3076	EXIST::FUNCTION:
+OCSP_BASICRESP_new                      3077	EXIST::FUNCTION:
+OCSP_REQUEST_get_ext_by_NID             3078	EXIST::FUNCTION:
+KRB5_APREQ_it                           3079	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_APREQ_it                           3079	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_destroy_function             3080	EXIST::FUNCTION:
+CONF_set_nconf                          3081	EXIST::FUNCTION:
+ASN1_PRINTABLE_free                     3082	EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext_by_NID           3083	EXIST::FUNCTION:
+DIST_POINT_NAME_it                      3084	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+DIST_POINT_NAME_it                      3084	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+X509V3_extensions_print                 3085	EXIST::FUNCTION:
+_ossl_old_des_cfb64_encrypt             3086	EXIST::FUNCTION:DES
+X509_REVOKED_add1_ext_i2d               3087	EXIST::FUNCTION:
+_ossl_old_des_ofb_encrypt               3088	EXIST::FUNCTION:DES
+KRB5_TKTBODY_new                        3089	EXIST::FUNCTION:
+ASN1_OCTET_STRING_it                    3090	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OCTET_STRING_it                    3090	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ERR_load_UI_strings                     3091	EXIST::FUNCTION:
+i2d_KRB5_ENCKEY                         3092	EXIST::FUNCTION:
+ASN1_template_new                       3093	EXIST::FUNCTION:
+OCSP_SIGNATURE_free                     3094	EXIST::FUNCTION:
+ASN1_item_i2d_fp                        3095	EXIST::FUNCTION:FP_API
+KRB5_PRINCNAME_free                     3096	EXIST::FUNCTION:
+PKCS7_RECIP_INFO_it                     3097	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_RECIP_INFO_it                     3097	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EXTENDED_KEY_USAGE_it                   3098	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+EXTENDED_KEY_USAGE_it                   3098	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EC_GFp_simple_method                    3099	EXIST::FUNCTION:EC
+EC_GROUP_precompute_mult                3100	EXIST::FUNCTION:EC
+OCSP_request_onereq_get0                3101	EXIST::FUNCTION:
+UI_method_set_writer                    3102	EXIST::FUNCTION:
+KRB5_AUTHENT_new                        3103	EXIST::FUNCTION:
+X509_CRL_INFO_it                        3104	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CRL_INFO_it                        3104	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+DSO_set_name_converter                  3105	EXIST::FUNCTION:
+AES_set_decrypt_key                     3106	EXIST::FUNCTION:AES
+PKCS7_DIGEST_it                         3107	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_DIGEST_it                         3107	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS12_x5092certbag                     3108	EXIST::FUNCTION:
+EVP_DigestInit_ex                       3109	EXIST::FUNCTION:
+i2a_ACCESS_DESCRIPTION                  3110	EXIST::FUNCTION:
+OCSP_RESPONSE_it                        3111	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_RESPONSE_it                        3111	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+PKCS7_ENC_CONTENT_it                    3112	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_ENC_CONTENT_it                    3112	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_request_add0_id                    3113	EXIST::FUNCTION:
+EC_POINT_make_affine                    3114	EXIST::FUNCTION:EC
+DSO_get_filename                        3115	EXIST::FUNCTION:
+OCSP_CERTSTATUS_it                      3116	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_CERTSTATUS_it                      3116	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_request_add1_cert                  3117	EXIST::FUNCTION:
+UI_get0_output_string                   3118	EXIST::FUNCTION:
+UI_dup_verify_string                    3119	EXIST::FUNCTION:
+BN_mod_lshift                           3120	EXIST::FUNCTION:
+KRB5_AUTHDATA_it                        3121	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_AUTHDATA_it                        3121	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+asn1_set_choice_selector                3122	EXIST::FUNCTION:
+OCSP_basic_add1_status                  3123	EXIST::FUNCTION:
+OCSP_RESPID_free                        3124	EXIST::FUNCTION:
+asn1_get_field_ptr                      3125	EXIST::FUNCTION:
+UI_add_input_string                     3126	EXIST::FUNCTION:
+OCSP_CRLID_it                           3127	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+OCSP_CRLID_it                           3127	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+i2d_KRB5_AUTHENTBODY                    3128	EXIST::FUNCTION:
+OCSP_REQUEST_get_ext_count              3129	EXIST::FUNCTION:
+ENGINE_load_atalla                      3130	EXIST::FUNCTION:STATIC_ENGINE
+X509_NAME_it                            3131	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_NAME_it                            3131	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+USERNOTICE_it                           3132	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+USERNOTICE_it                           3132	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_REQINFO_new                        3133	EXIST::FUNCTION:
+OCSP_BASICRESP_get_ext                  3134	EXIST::FUNCTION:
+CRYPTO_get_ex_data_implementation       3135	EXIST:!VMS:FUNCTION:
+CRYPTO_get_ex_data_impl                 3135	EXIST:VMS:FUNCTION:
+ASN1_item_pack                          3136	EXIST::FUNCTION:
+i2d_KRB5_ENCDATA                        3137	EXIST::FUNCTION:
+X509_PURPOSE_set                        3138	EXIST::FUNCTION:
+X509_REQ_INFO_it                        3139	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_REQ_INFO_it                        3139	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+UI_method_set_opener                    3140	EXIST::FUNCTION:
+ASN1_item_ex_free                       3141	EXIST::FUNCTION:
+ASN1_BOOLEAN_it                         3142	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_BOOLEAN_it                         3142	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_table_flags                  3143	EXIST::FUNCTION:
+UI_create_method                        3144	EXIST::FUNCTION:
+OCSP_ONEREQ_add1_ext_i2d                3145	EXIST::FUNCTION:
+_shadow_DES_check_key                   3146	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
+_shadow_DES_check_key                   3146	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
+d2i_OCSP_REQINFO                        3147	EXIST::FUNCTION:
+UI_add_info_string                      3148	EXIST::FUNCTION:
+UI_get_result_minsize                   3149	EXIST::FUNCTION:
+ASN1_NULL_it                            3150	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_NULL_it                            3150	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_mod_lshift1                          3151	EXIST::FUNCTION:
+d2i_OCSP_ONEREQ                         3152	EXIST::FUNCTION:
+OCSP_ONEREQ_new                         3153	EXIST::FUNCTION:
+KRB5_TICKET_it                          3154	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+KRB5_TICKET_it                          3154	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+EVP_aes_192_cbc                         3155	EXIST::FUNCTION:AES
+KRB5_TICKET_free                        3156	EXIST::FUNCTION:
+UI_new                                  3157	EXIST::FUNCTION:
+OCSP_response_create                    3158	EXIST::FUNCTION:
+_ossl_old_des_xcbc_encrypt              3159	EXIST::FUNCTION:DES
+PKCS7_it                                3160	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+PKCS7_it                                3160	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_REQUEST_get_ext_by_critical        3161	EXIST:!VMS:FUNCTION:
+OCSP_REQUEST_get_ext_by_crit            3161	EXIST:VMS:FUNCTION:
+ENGINE_set_flags                        3162	EXIST::FUNCTION:
+_ossl_old_des_ecb_encrypt               3163	EXIST::FUNCTION:DES
+OCSP_response_get1_basic                3164	EXIST::FUNCTION:
+EVP_Digest                              3165	EXIST::FUNCTION:
+OCSP_ONEREQ_delete_ext                  3166	EXIST::FUNCTION:
+ASN1_TBOOLEAN_it                        3167	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_TBOOLEAN_it                        3167	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ASN1_item_new                           3168	EXIST::FUNCTION:
+ASN1_TIME_to_generalizedtime            3169	EXIST::FUNCTION:
+BIGNUM_it                               3170	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+BIGNUM_it                               3170	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+AES_cbc_encrypt                         3171	EXIST::FUNCTION:AES
+ENGINE_get_load_privkey_function        3172	EXIST:!VMS:FUNCTION:
+ENGINE_get_load_privkey_fn              3172	EXIST:VMS:FUNCTION:
+OCSP_RESPONSE_free                      3173	EXIST::FUNCTION:
+UI_method_set_reader                    3174	EXIST::FUNCTION:
+i2d_ASN1_T61STRING                      3175	EXIST::FUNCTION:
+EC_POINT_set_to_infinity                3176	EXIST::FUNCTION:EC
+ERR_load_OCSP_strings                   3177	EXIST::FUNCTION:
+EC_POINT_point2oct                      3178	EXIST::FUNCTION:EC
+KRB5_APREQ_free                         3179	EXIST::FUNCTION:
+ASN1_OBJECT_it                          3180	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OBJECT_it                          3180	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+OCSP_crlID_new                          3181	EXIST:!OS2,!VMS,!WIN16:FUNCTION:
+OCSP_crlID2_new                         3181	EXIST:OS2,VMS,WIN16:FUNCTION:
+CONF_modules_load_file                  3182	EXIST::FUNCTION:
+CONF_imodule_set_usr_data               3183	EXIST::FUNCTION:
+ENGINE_set_default_string               3184	EXIST::FUNCTION:
+CONF_module_get_usr_data                3185	EXIST::FUNCTION:
+ASN1_add_oid_module                     3186	EXIST::FUNCTION:
+CONF_modules_finish                     3187	EXIST::FUNCTION:
+OPENSSL_config                          3188	EXIST::FUNCTION:
+CONF_modules_unload                     3189	EXIST::FUNCTION:
+CONF_imodule_get_value                  3190	EXIST::FUNCTION:
+CONF_module_set_usr_data                3191	EXIST::FUNCTION:
+CONF_parse_list                         3192	EXIST::FUNCTION:
+CONF_module_add                         3193	EXIST::FUNCTION:
+CONF_get1_default_config_file           3194	EXIST::FUNCTION:
+CONF_imodule_get_flags                  3195	EXIST::FUNCTION:
+CONF_imodule_get_module                 3196	EXIST::FUNCTION:
+CONF_modules_load                       3197	EXIST::FUNCTION:
+CONF_imodule_get_name                   3198	EXIST::FUNCTION:
+ERR_peek_top_error                      3199	NOEXIST::FUNCTION:
+CONF_imodule_get_usr_data               3200	EXIST::FUNCTION:
+CONF_imodule_set_flags                  3201	EXIST::FUNCTION:
+ENGINE_add_conf_module                  3202	EXIST::FUNCTION:
+ERR_peek_last_error_line                3203	EXIST::FUNCTION:
+ERR_peek_last_error_line_data           3204	EXIST::FUNCTION:
+ERR_peek_last_error                     3205	EXIST::FUNCTION:
+DES_read_2passwords                     3206	EXIST::FUNCTION:DES
+DES_read_password                       3207	EXIST::FUNCTION:DES
+UI_UTIL_read_pw                         3208	EXIST::FUNCTION:
+UI_UTIL_read_pw_string                  3209	EXIST::FUNCTION:
+ENGINE_load_aep                         3210	EXIST::FUNCTION:STATIC_ENGINE
+ENGINE_load_sureware                    3211	EXIST::FUNCTION:STATIC_ENGINE
+OPENSSL_add_all_algorithms_noconf       3212	EXIST:!VMS:FUNCTION:
+OPENSSL_add_all_algo_noconf             3212	EXIST:VMS:FUNCTION:
+OPENSSL_add_all_algorithms_conf         3213	EXIST:!VMS:FUNCTION:
+OPENSSL_add_all_algo_conf               3213	EXIST:VMS:FUNCTION:
+OPENSSL_load_builtin_modules            3214	EXIST::FUNCTION:
+AES_ofb128_encrypt                      3215	EXIST::FUNCTION:AES
+AES_ctr128_encrypt                      3216	EXIST::FUNCTION:AES
+AES_cfb128_encrypt                      3217	EXIST::FUNCTION:AES
+ENGINE_load_4758cca                     3218	EXIST::FUNCTION:STATIC_ENGINE
+_ossl_096_des_random_seed               3219	EXIST::FUNCTION:DES
+EVP_aes_256_ofb                         3220	EXIST::FUNCTION:AES
+EVP_aes_192_ofb                         3221	EXIST::FUNCTION:AES
+EVP_aes_128_cfb                         3222	EXIST::FUNCTION:AES
+EVP_aes_256_cfb                         3223	EXIST::FUNCTION:AES
+EVP_aes_128_ofb                         3224	EXIST::FUNCTION:AES
+EVP_aes_192_cfb                         3225	EXIST::FUNCTION:AES
+CONF_modules_free                       3226	EXIST::FUNCTION:
+NCONF_default                           3227	EXIST::FUNCTION:
+OPENSSL_no_config                       3228	EXIST::FUNCTION:
+NCONF_WIN32                             3229	EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_new                3230	EXIST::FUNCTION:
+EVP_des_ede_ecb                         3231	EXIST::FUNCTION:DES
+i2d_ASN1_UNIVERSALSTRING                3232	EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_free               3233	EXIST::FUNCTION:
+ASN1_UNIVERSALSTRING_it                 3234	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_UNIVERSALSTRING_it                 3234	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+d2i_ASN1_UNIVERSALSTRING                3235	EXIST::FUNCTION:
+EVP_des_ede3_ecb                        3236	EXIST::FUNCTION:DES
+X509_REQ_print_ex                       3237	EXIST::FUNCTION:BIO
+ENGINE_up_ref                           3238	EXIST::FUNCTION:
+BUF_MEM_grow_clean                      3239	EXIST::FUNCTION:
+CRYPTO_realloc_clean                    3240	EXIST::FUNCTION:
+BUF_strlcat                             3241	EXIST::FUNCTION:
+BIO_indent                              3242	EXIST::FUNCTION:
+BUF_strlcpy                             3243	EXIST::FUNCTION:
+OpenSSLDie                              3244	EXIST::FUNCTION:
+OPENSSL_cleanse                         3245	EXIST::FUNCTION:
+BN_get0_nist_prime_384                  3246	EXIST::FUNCTION:
+ENGINE_register_ECDSA                   3247	EXIST::FUNCTION:
+BN_nist_mod_192                         3248	EXIST::FUNCTION:
+EC_GROUP_get_trinomial_basis            3249	EXIST::FUNCTION:EC
+ECDH_get_default_method                 3250	EXIST::FUNCTION:ECDH
+PKCS12_add_safe                         3251	EXIST::FUNCTION:
+ENGINE_register_ECDH                    3252	EXIST::FUNCTION:
+i2d_ECPrivateKey                        3253	EXIST::FUNCTION:EC
+BN_get0_nist_prime_192                  3254	EXIST::FUNCTION:
+EC_POINT_set_affine_coordinates_GF2m    3255	EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_affine_coords_GF2m         3255	EXIST:VMS:FUNCTION:EC
+BN_GF2m_mod_exp_arr                     3256	EXIST::FUNCTION:
+X509_keyid_get0                         3257	EXIST::FUNCTION:
+EC_GROUP_new_by_nid                     3258	EXIST::FUNCTION:EC
+BN_GF2m_mod_mul_arr                     3259	EXIST::FUNCTION:
+EC_KEY_copy                             3260	EXIST::FUNCTION:EC
+EC_GROUP_check_discriminant             3261	EXIST::FUNCTION:EC
+EC_POINT_point2bn                       3262	EXIST::FUNCTION:EC
+EC_GROUP_new_curve_GF2m                 3263	EXIST::FUNCTION:EC
+EVP_PKEY_get1_EC_KEY                    3264	EXIST::FUNCTION:EC
+ENGINE_get_default_ECDH                 3265	EXIST::FUNCTION:
+ASN1_OCTET_STRING_NDEF_it               3266	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+ASN1_OCTET_STRING_NDEF_it               3266	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+ENGINE_get_static_state                 3267	EXIST::FUNCTION:
+ECDSA_SIG_new                           3268	EXIST::FUNCTION:ECDSA
+BN_GF2m_mod_sqr                         3269	EXIST::FUNCTION:
+EC_POINT_bn2point                       3270	EXIST::FUNCTION:EC
+EC_GROUP_get_point_conversion_form      3271	EXIST:!VMS:FUNCTION:EC
+EC_GROUP_get_point_conv_form            3271	EXIST:VMS:FUNCTION:EC
+PEM_read_bio_ECPKParameters             3272	EXIST::FUNCTION:EC
+EC_GROUP_get_pentanomial_basis          3273	EXIST::FUNCTION:EC
+EC_GROUP_get_nid                        3274	EXIST::FUNCTION:EC
+ECDSA_sign_setup                        3275	EXIST::FUNCTION:ECDSA
+BN_GF2m_mod_solve_quad_arr              3276	EXIST::FUNCTION:
+EC_KEY_up_ref                           3277	EXIST::FUNCTION:EC
+BN_GF2m_mod_div                         3278	EXIST::FUNCTION:
+EC_KEY_free                             3279	EXIST::FUNCTION:EC
+PEM_write_bio_ECPrivateKey              3280	EXIST::FUNCTION:EC
+d2i_EC_PUBKEY                           3281	EXIST::FUNCTION:EC
+EC_KEY_print_fp                         3282	EXIST::FUNCTION:EC,FP_API
+BN_GF2m_mod_arr                         3283	EXIST::FUNCTION:
+PEM_write_bio_X509_CERT_PAIR            3284	EXIST::FUNCTION:
+ECDH_get_ex_data                        3285	EXIST::FUNCTION:ECDH
+ECDSA_do_sign                           3286	EXIST::FUNCTION:ECDSA
+ENGINE_unregister_ECDH                  3287	EXIST::FUNCTION:
+ECDH_OpenSSL                            3288	EXIST::FUNCTION:ECDH
+EC_POINT_dup                            3289	EXIST::FUNCTION:EC
+EC_get_builtin_curves                   3290	EXIST::FUNCTION:EC
+EVP_PKEY_set1_EC_KEY                    3291	EXIST::FUNCTION:EC
+BN_GF2m_mod_sqrt_arr                    3292	EXIST::FUNCTION:
+i2d_ECPrivateKey_bio                    3293	EXIST::FUNCTION:BIO,EC
+ECPKParameters_print_fp                 3294	EXIST::FUNCTION:EC,FP_API
+ECDSA_SIG_free                          3295	EXIST::FUNCTION:ECDSA
+PEM_write_bio_ECPKParameters            3296	EXIST::FUNCTION:EC
+EC_GROUP_set_nid                        3297	EXIST::FUNCTION:EC
+PKCS12_add_safes                        3298	EXIST::FUNCTION:
+BN_GF2m_poly2arr                        3299	EXIST::FUNCTION:
+BN_get0_nist_prime_224                  3300	EXIST::FUNCTION:
+i2d_ECParameters                        3301	EXIST::FUNCTION:EC
+i2d_ECPKParameters                      3302	EXIST::FUNCTION:EC
+BN_ncopy                                3303	EXIST::FUNCTION:
+d2i_ECPKParameters                      3304	EXIST::FUNCTION:EC
+ENGINE_set_ECDH                         3305	EXIST::FUNCTION:
+PEM_write_bio_EC_PUBKEY                 3306	EXIST::FUNCTION:EC
+ECParameters_print                      3307	EXIST::FUNCTION:BIO,EC
+ASN1_generate_nconf                     3308	EXIST::FUNCTION:
+BN_GF2m_mod_mul                         3309	EXIST::FUNCTION:
+EC_GROUP_set_seed                       3310	EXIST::FUNCTION:EC
+EC_GROUP_get_curve_GF2m                 3311	EXIST::FUNCTION:EC
+PEM_read_X509_CERT_PAIR                 3312	EXIST:!WIN16:FUNCTION:
+ECPublicKey_set_octet_string            3313	EXIST::FUNCTION:EC
+ECDSA_get_ex_data                       3314	EXIST::FUNCTION:ECDSA
+BN_GF2m_mod                             3315	EXIST::FUNCTION:
+EC_GROUP_get_seed_len                   3316	EXIST::FUNCTION:EC
+PEM_read_bio_EC_PUBKEY                  3317	EXIST::FUNCTION:EC
+i2d_EC_PUBKEY                           3318	EXIST::FUNCTION:EC
+ECDSA_get_default_method                3319	EXIST::FUNCTION:ECDSA
+ASN1_put_eoc                            3320	EXIST::FUNCTION:
+ECDSA_DATA_free                         3321	EXIST::FUNCTION:ECDSA
+EC_METHOD_get_field_type                3322	EXIST::FUNCTION:EC
+EC_GFp_nist_method                      3323	EXIST::FUNCTION:EC
+X509_CERT_PAIR_it                       3324	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+X509_CERT_PAIR_it                       3324	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+BN_GF2m_mod_sqr_arr                     3325	EXIST::FUNCTION:
+EC_GROUP_set_curve_GF2m                 3326	EXIST::FUNCTION:EC
+ENGINE_set_default_ECDSA                3327	EXIST::FUNCTION:
+BN_GF2m_mod_sqrt                        3328	EXIST::FUNCTION:
+ECDH_set_default_method                 3329	EXIST::FUNCTION:ECDH
+EC_KEY_generate_key                     3330	EXIST::FUNCTION:EC
+BN_GF2m_arr2poly                        3331	EXIST::FUNCTION:
+ECPublicKey_get_octet_string            3332	EXIST::FUNCTION:EC
+EC_GROUP_check                          3333	EXIST::FUNCTION:EC
+d2i_ECPrivateKey_bio                    3334	EXIST::FUNCTION:BIO,EC
+d2i_ECPrivateKey                        3335	EXIST::FUNCTION:EC
+ASN1_item_ndef_i2d                      3336	EXIST::FUNCTION:
+i2d_PKCS7_NDEF                          3337	EXIST::FUNCTION:
+EC_GROUP_get_degree                     3338	EXIST::FUNCTION:EC
+ASN1_generate_v3                        3339	EXIST::FUNCTION:
+BN_GF2m_add                             3340	EXIST::FUNCTION:
+X509_CERT_PAIR_free                     3341	EXIST::FUNCTION:
+BN_nist_mod_224                         3342	EXIST::FUNCTION:
+i2d_EC_PUBKEY_bio                       3343	EXIST::FUNCTION:BIO,EC
+EC_GROUP_get_asn1_flag                  3344	EXIST::FUNCTION:EC
+ECDH_get_ex_new_index                   3345	EXIST::FUNCTION:ECDH
+ECDH_size                               3346	EXIST::FUNCTION:ECDH
+BN_GF2m_mod_inv                         3347	EXIST::FUNCTION:
+BN_GF2m_mod_exp                         3348	EXIST::FUNCTION:
+EC_GROUP_get0_seed                      3349	EXIST::FUNCTION:EC
+ecdsa_check                             3350	EXIST::FUNCTION:ECDSA
+BN_GF2m_mod_div_arr                     3351	EXIST::FUNCTION:
+ENGINE_set_ECDSA                        3352	EXIST::FUNCTION:
+ECPKParameters_print                    3353	EXIST::FUNCTION:BIO,EC
+PEM_write_EC_PUBKEY                     3354	EXIST:!WIN16:FUNCTION:EC
+ECDH_set_method                         3355	EXIST::FUNCTION:ECDH
+ECDH_set_ex_data                        3356	EXIST::FUNCTION:ECDH
+BN_nist_mod_521                         3357	EXIST::FUNCTION:
+EC_GROUP_set_point_conversion_form      3358	EXIST:!VMS:FUNCTION:EC
+EC_GROUP_set_point_conv_form            3358	EXIST:VMS:FUNCTION:EC
+PEM_read_EC_PUBKEY                      3359	EXIST:!WIN16:FUNCTION:EC
+i2d_ECDSA_SIG                           3360	EXIST::FUNCTION:ECDSA
+ECDSA_OpenSSL                           3361	EXIST::FUNCTION:ECDSA
+ECDSA_set_default_method                3362	EXIST::FUNCTION:ECDSA
+EC_POINT_set_compressed_coordinates_GF2m 3363	EXIST:!VMS:FUNCTION:EC
+EC_POINT_set_compr_coords_GF2m          3363	EXIST:VMS:FUNCTION:EC
+ECDH_DATA_new_method                    3364	EXIST::FUNCTION:ECDH
+BN_get0_nist_prime_256                  3365	EXIST::FUNCTION:
+PEM_read_ECPrivateKey                   3366	EXIST:!WIN16:FUNCTION:EC
+ERR_load_ECDSA_strings                  3367	EXIST::FUNCTION:ECDSA
+EC_GROUP_get_basis_type                 3368	EXIST::FUNCTION:EC
+ECDH_DATA_new                           3369	EXIST::FUNCTION:ECDH
+BN_nist_mod_384                         3370	EXIST::FUNCTION:
+i2d_X509_CERT_PAIR                      3371	EXIST::FUNCTION:
+PEM_write_ECPKParameters                3372	EXIST:!WIN16:FUNCTION:EC
+ECDH_compute_key                        3373	EXIST::FUNCTION:ECDH
+ENGINE_register_all_ECDH                3374	EXIST::FUNCTION:
+BN_GF2m_mod_solve_quad                  3375	EXIST::FUNCTION:
+i2d_ECPrivateKey_fp                     3376	EXIST::FUNCTION:EC,FP_API
+ENGINE_register_all_ECDSA               3377	EXIST::FUNCTION:
+EC_POINT_get_affine_coordinates_GF2m    3378	EXIST:!VMS:FUNCTION:EC
+EC_POINT_get_affine_coords_GF2m         3378	EXIST:VMS:FUNCTION:EC
+EC_GROUP_dup                            3379	EXIST::FUNCTION:EC
+ENGINE_get_default_ECDSA                3380	EXIST::FUNCTION:
+EC_KEY_new                              3381	EXIST::FUNCTION:EC
+ECDSA_verify                            3382	EXIST::FUNCTION:ECDSA
+EC_POINT_point2hex                      3383	EXIST::FUNCTION:EC
+ECDSA_do_verify                         3384	EXIST::FUNCTION:ECDSA
+d2i_ECPrivateKey_fp                     3385	EXIST::FUNCTION:EC,FP_API
+PEM_write_ECPrivateKey                  3386	EXIST:!WIN16:FUNCTION:EC
+PEM_read_ECPKParameters                 3387	EXIST:!WIN16:FUNCTION:EC
+X509_CERT_PAIR_new                      3388	EXIST::FUNCTION:
+ECParameters_print_fp                   3389	EXIST::FUNCTION:EC,FP_API
+ECDH_DATA_free                          3390	EXIST::FUNCTION:ECDH
+PEM_write_X509_CERT_PAIR                3391	EXIST:!WIN16:FUNCTION:
+d2i_X509_CERT_PAIR                      3392	EXIST::FUNCTION:
+i2d_EC_PUBKEY_fp                        3393	EXIST::FUNCTION:EC,FP_API
+BN_nist_mod_256                         3394	EXIST::FUNCTION:
+ECDSA_DATA_new                          3395	EXIST::FUNCTION:ECDSA
+ECDSA_size                              3396	EXIST::FUNCTION:ECDSA
+d2i_EC_PUBKEY_bio                       3397	EXIST::FUNCTION:BIO,EC
+BN_get0_nist_prime_521                  3398	EXIST::FUNCTION:
+PEM_read_bio_ECPrivateKey               3399	EXIST::FUNCTION:EC
+ENGINE_get_ECDH                         3400	EXIST::FUNCTION:
+d2i_ECDSA_SIG                           3401	EXIST::FUNCTION:ECDSA
+ECDSA_sign                              3402	EXIST::FUNCTION:ECDSA
+ENGINE_get_ECDSA                        3403	EXIST::FUNCTION:
+EVP_ecdsa                               3404	EXIST::FUNCTION:SHA
+PKCS12_add_cert                         3405	EXIST::FUNCTION:
+ERR_load_ECDH_strings                   3406	EXIST::FUNCTION:ECDH
+EC_KEY_dup                              3407	EXIST::FUNCTION:EC
+ECDSA_set_method                        3408	EXIST::FUNCTION:ECDSA
+d2i_ECParameters                        3409	EXIST::FUNCTION:EC
+EC_GF2m_simple_method                   3410	EXIST::FUNCTION:EC
+ECDSA_set_ex_data                       3411	EXIST::FUNCTION:ECDSA
+EC_KEY_print                            3412	EXIST::FUNCTION:BIO,EC
+ECDSA_get_ex_new_index                  3413	EXIST::FUNCTION:ECDSA
+EC_GROUP_set_asn1_flag                  3414	EXIST::FUNCTION:EC
+EC_KEY_check_key                        3415	EXIST::FUNCTION:EC
+d2i_EC_PUBKEY_fp                        3416	EXIST::FUNCTION:EC,FP_API
+ecdh_check                              3417	EXIST::FUNCTION:ECDH
+ECDSA_DATA_new_method                   3418	EXIST::FUNCTION:ECDSA
+PEM_read_bio_X509_CERT_PAIR             3419	EXIST::FUNCTION:
+ENGINE_set_default_ECDH                 3420	EXIST::FUNCTION:
+PKCS12_add_key                          3421	EXIST::FUNCTION:
+DSO_merge                               3422	EXIST::FUNCTION:
+EC_POINT_hex2point                      3423	EXIST::FUNCTION:EC
+BN_GF2m_mod_inv_arr                     3424	EXIST::FUNCTION:
+ENGINE_unregister_ECDSA                 3425	EXIST::FUNCTION:
diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index 8992d1683d..8c6370bc5d 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -6,89 +6,73 @@
 #
 
 $INSTALLTOP="/usr/local/ssl";
+$OPTIONS="";
+$ssl_version="";
+$banner="\t\@echo Building OpenSSL";
+
+open(IN,"<Makefile.ssl") || die "unable to open Makefile.ssl!\n";
+while(<IN>) {
+    $ssl_version=$1 if (/^VERSION=(.*)$/);
+    $OPTIONS=$1 if (/^OPTIONS=(.*)$/);
+    $INSTALLTOP=$1 if (/^INSTALLTOP=(.*$)/);
+}
+close(IN);
 
-$ssl_version="0.8.2";
+die "Makefile.ssl is not the toplevel Makefile!\n" if $ssl_version eq "";
 
 $infile="MINFO";
 
 %ops=(
-	"VC-WIN32",   "Microsoft Visual C++ 4.[01] - Windows NT [34].x",
+	"VC-WIN32",   "Microsoft Visual C++ [4-6] - Windows NT or 9X",
+	"VC-CE",   "Microsoft eMbedded Visual C++ 3.0 - Windows CE ONLY",
+	"VC-NT",   "Microsoft Visual C++ [4-6] - Windows NT ONLY",
 	"VC-W31-16",  "Microsoft Visual C++ 1.52 - Windows 3.1 - 286",
 	"VC-WIN16",   "Alias for VC-W31-32",
 	"VC-W31-32",  "Microsoft Visual C++ 1.52 - Windows 3.1 - 386+",
 	"VC-MSDOS","Microsoft Visual C++ 1.52 - MSDOS",
-	"BC-NT",   "Borland C++ 4.5 - Windows NT  - PROBABLY NOT WORKING",
+	"Mingw32", "GNU C++ - Windows NT or 9x",
+	"Mingw32-files", "Create files with DOS copy ...",
+	"BC-NT",   "Borland C++ 4.5 - Windows NT",
 	"BC-W31",  "Borland C++ 4.5 - Windows 3.1 - PROBABLY NOT WORKING",
 	"BC-MSDOS","Borland C++ 4.5 - MSDOS",
 	"linux-elf","Linux elf",
 	"ultrix-mips","DEC mips ultrix",
 	"FreeBSD","FreeBSD distribution",
+	"OS2-EMX", "EMX GCC OS/2",
 	"default","cc under unix",
 	);
 
 $platform="";
 foreach (@ARGV)
 	{
-	if    (/^no-rc2$/)	{ $no_rc2=1; }
-	elsif (/^no-rc4$/)	{ $no_rc4=1; }
-	elsif (/^no-rc5$/)	{ $no_rc5=1; }
-	elsif (/^no-idea$/)	{ $no_idea=1; }
-	elsif (/^no-des$/)	{ $no_des=1; }
-	elsif (/^no-bf$/)	{ $no_bf=1; }
-	elsif (/^no-cast$/)	{ $no_cast=1; }
-	elsif (/^no-md2$/)  	{ $no_md2=1; }
-	elsif (/^no-md5$/)	{ $no_md5=1; }
-	elsif (/^no-sha$/)	{ $no_sha=1; }
-	elsif (/^no-sha1$/)	{ $no_sha1=1; }
-	elsif (/^no-rmd160$/)	{ $no_rmd160=1; }
-	elsif (/^no-mdc2$/)	{ $no_mdc2=1; }
-	elsif (/^no-patents$/)	{ $no_rc2=$no_rc4=$no_rc5=$no_idea=$no_rsa=1; }
-	elsif (/^no-rsa$/)	{ $no_rsa=1; }
-	elsif (/^no-dsa$/)	{ $no_dsa=1; }
-	elsif (/^no-dh$/)	{ $no_dh=1; }
-	elsif (/^no-asm$/)	{ $no_asm=1; }
-	elsif (/^no-ssl2$/)	{ $no_ssl2=1; }
-	elsif (/^no-ssl3$/)	{ $no_ssl3=1; }
-	elsif (/^no-err$/)	{ $no_err=1; }
-	elsif (/^no-sock$/)	{ $no_sock=1; }
-
-	elsif (/^just-ssl$/)	{ $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
-				  $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
-				  $no_ssl2=$no_err=$no_rmd160=$no_rc5=1; }
-
-	elsif (/^rsaref$/)	{ $rsaref=1; }
-	elsif (/^gcc$/)		{ $gcc=1; }
-	elsif (/^debug$/)	{ $debug=1; }
-	elsif (/^shlib$/)	{ $shlib=1; }
-	elsif (/^dll$/)		{ $shlib=1; }
-	elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
-	elsif (/^-[lL].*$/)	{ $l_flags.="$_ "; }
-	elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
-		{ $c_flags.="$_ "; }
-	else
+	if (!&read_options && !defined($ops{$_}))
 		{
-		if (!defined($ops{$_}))
-			{
-			print STDERR "unknown option - $_\n";
-			print STDERR "usage: perl mk1mf.pl [system] [options]\n";
-			print STDERR "\nwhere [system] can be one of the following\n";
-			foreach $i (sort keys %ops)
-				{ printf STDERR "\t%-10s\t%s\n",$i,$ops{$i}; }
-			print STDERR <<"EOF";
+		print STDERR "unknown option - $_\n";
+		print STDERR "usage: perl mk1mf.pl [options] [system]\n";
+		print STDERR "\nwhere [system] can be one of the following\n";
+		foreach $i (sort keys %ops)
+		{ printf STDERR "\t%-10s\t%s\n",$i,$ops{$i}; }
+		print STDERR <<"EOF";
 and [options] can be one of
-	no-md2 no-md5 no-sha no-sha1 no-mdc2 no-rmd160 - Skip this digest
-	no-rc2 no-rc4 no-idea no-des no-bf no-cast - Skip this symetric cipher
-	no-rc5
+	no-md2 no-md4 no-md5 no-sha no-mdc2	- Skip this digest
+	no-ripemd
+	no-rc2 no-rc4 no-rc5 no-idea no-des     - Skip this symetric cipher
+	no-bf no-cast no-aes
 	no-rsa no-dsa no-dh			- Skip this public key cipher
 	no-ssl2 no-ssl3				- Skip this version of SSL
 	just-ssl				- remove all non-ssl keys/digest
 	no-asm 					- No x86 asm
+	no-krb5					- No KRB5
+	no-ec					- No EC
+	no-ecdsa				- No ECDSA
+	nasm 					- Use NASM for x86 asm
+	gaswin					- Use GNU as with Mingw32
 	no-socks				- No socket code
 	no-err					- No error strings
 	dll/shlib				- Build shared libraries (MS)
 	debug					- Debug build
+        profile                                 - Profiling build
 	gcc					- Use Gcc (unix)
-	rsaref					- Build to require RSAref
 
 Values that can be set
 TMP=tmpdir OUT=outdir SRC=srcdir BIN=binpath INC=header-outdir CC=C-compiler
@@ -97,27 +81,30 @@ TMP=tmpdir OUT=outdir SRC=srcdir BIN=binpath INC=header-outdir CC=C-compiler
 -<ex_cc_flags>					- extra 'cc' flags,
 						  added (MS), or replace (unix)
 EOF
-			exit(1);
-			}
-		$platform=$_;
+		exit(1);
 		}
+	$platform=$_;
+	}
+foreach (grep(!/^$/, split(/ /, $OPTIONS)))
+	{
+	print STDERR "unknown option - $_\n" if !&read_options;
 	}
 
 $no_mdc2=1 if ($no_des);
 
-$no_ssl3=1 if ($no_md5 || $no_sha1);
+$no_ssl3=1 if ($no_md5 || $no_sha);
 $no_ssl3=1 if ($no_rsa && $no_dh);
 
-$no_ssl2=1 if ($no_md5 || $no_rsa);
+$no_ssl2=1 if ($no_md5);
 $no_ssl2=1 if ($no_rsa);
 
 $out_def="out";
 $inc_def="outinc";
 $tmp_def="tmp";
 
+$mkdir="-mkdir";
 
 ($ssl,$crypto)=("ssl","crypto");
-$RSAglue="RSAglue";
 $ranlib="echo ranlib";
 
 $cc=(defined($VARS{'CC'}))?$VARS{'CC'}:'cc';
@@ -126,6 +113,8 @@ $bin_dir=(defined($VARS{'BIN'}))?$VARS{'BIN'}:'';
 
 # $bin_dir.=$o causes a core dump on my sparc :-(
 
+$NT=0;
+
 push(@INC,"util/pl","pl");
 if ($platform eq "VC-MSDOS")
 	{
@@ -147,8 +136,21 @@ elsif (($platform eq "VC-W31-32") || ($platform eq "VC-WIN16"))
 	}
 elsif (($platform eq "VC-WIN32") || ($platform eq "VC-NT"))
 	{
+	$NT = 1 if $platform eq "VC-NT";
 	require 'VC-32.pl';
 	}
+elsif ($platform eq "VC-CE")
+	{
+	require 'VC-CE.pl';
+	}
+elsif ($platform eq "Mingw32")
+	{
+	require 'Mingw32.pl';
+	}
+elsif ($platform eq "Mingw32-files")
+	{
+	require 'Mingw32f.pl';
+	}
 elsif ($platform eq "BC-NT")
 	{
 	$bc=1;
@@ -188,6 +190,11 @@ elsif ($platform eq "ultrix-mips")
 	require "ultrix.pl";
 	$unix=1;
 	}
+elsif ($platform eq "OS2-EMX")
+	{
+	$wc=1;
+	require 'OS2-EMX.pl';
+	}
 else
 	{
 	require "unix.pl";
@@ -202,38 +209,42 @@ $inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
 
 $bin_dir=$bin_dir.$o unless ((substr($bin_dir,-1,1) eq $o) || ($bin_dir eq ''));
 
-$cflags.=" -DNO_IDEA" if $no_idea;
-$cflags.=" -DNO_RC2"  if $no_rc2;
-$cflags.=" -DNO_RC4"  if $no_rc4;
-$cflags.=" -DNO_RC5"  if $no_rc5;
-$cflags.=" -DNO_MD2"  if $no_md2;
-$cflags.=" -DNO_MD5"  if $no_md5;
-$cflags.=" -DNO_SHA"  if $no_sha;
-$cflags.=" -DNO_SHA1" if $no_sha1;
-$cflags.=" -DNO_RMD160" if $no_rmd160;
-$cflags.=" -DNO_MDC2" if $no_mdc2;
-$cflags.=" -DNO_BLOWFISH"  if $no_bf;
-$cflags.=" -DNO_CAST" if $no_cast;
-$cflags.=" -DNO_DES"  if $no_des;
-$cflags.=" -DNO_RSA"  if $no_rsa;
-$cflags.=" -DNO_DSA"  if $no_dsa;
-$cflags.=" -DNO_DH"   if $no_dh;
-$cflags.=" -DNO_SOCK" if $no_sock;
-$cflags.=" -DNO_SSL2" if $no_ssl2;
-$cflags.=" -DNO_SSL3" if $no_ssl3;
-$cflags.=" -DNO_ERR"  if $no_err;
-$cflags.=" -DRSAref"  if $rsaref ne "";
-
-if ($unix)
-	{ $cflags="$c_flags" if ($c_flags ne ""); }
-else	{ $cflags="$c_flags$cflags" if ($c_flags ne ""); }
+$cflags.=" -DOPENSSL_NO_IDEA" if $no_idea;
+$cflags.=" -DOPENSSL_NO_AES"  if $no_aes;
+$cflags.=" -DOPENSSL_NO_RC2"  if $no_rc2;
+$cflags.=" -DOPENSSL_NO_RC4"  if $no_rc4;
+$cflags.=" -DOPENSSL_NO_RC5"  if $no_rc5;
+$cflags.=" -DOPENSSL_NO_MD2"  if $no_md2;
+$cflags.=" -DOPENSSL_NO_MD4"  if $no_md4;
+$cflags.=" -DOPENSSL_NO_MD5"  if $no_md5;
+$cflags.=" -DOPENSSL_NO_SHA"  if $no_sha;
+$cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1;
+$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_rmd160;
+$cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2;
+$cflags.=" -DOPENSSL_NO_BF"  if $no_bf;
+$cflags.=" -DOPENSSL_NO_CAST" if $no_cast;
+$cflags.=" -DOPENSSL_NO_DES"  if $no_des;
+$cflags.=" -DOPENSSL_NO_RSA"  if $no_rsa;
+$cflags.=" -DOPENSSL_NO_DSA"  if $no_dsa;
+$cflags.=" -DOPENSSL_NO_DH"   if $no_dh;
+$cflags.=" -DOPENSSL_NO_SOCK" if $no_sock;
+$cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
+$cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
+$cflags.=" -DOPENSSL_NO_ERR"  if $no_err;
+$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
+$cflags.=" -DOPENSSL_NO_EC"   if $no_ec;
+$cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa;
+#$cflags.=" -DRSAref"  if $rsaref ne "";
+
+## if ($unix)
+##	{ $cflags="$c_flags" if ($c_flags ne ""); }
+##else
+	{ $cflags="$c_flags$cflags" if ($c_flags ne ""); }
 
 $ex_libs="$l_flags$ex_libs" if ($l_flags ne "");
 
-if ($ranlib ne "")
-	{
-	$ranlib="\$(SRC_D)$o$ranlib";
-	}
+%shlib_ex_cflags=("SSL" => " -DOPENSSL_BUILD_SHLIBSSL",
+		  "CRYPTO" => " -DOPENSSL_BUILD_SHLIBCRYPTO");
 
 if ($msdos)
 	{
@@ -249,8 +260,8 @@ $link="$bin_dir$link" if ($link !~ /^\$/);
 $INSTALLTOP =~ s|/|$o|g;
 
 $defs= <<"EOF";
-# This makefile has been automatically generated from the SSLeay distribution.
-# This single makefile will build the complete SSLeay distribution and
+# This makefile has been automatically generated from the OpenSSL distribution.
+# This single makefile will build the complete OpenSSL distribution and
 # by default leave the 'intertesting' output files in .${o}out and the stuff
 # that needs deleting in .${o}tmp.
 # The file was generated by running 'make makefile.one', which
@@ -262,6 +273,17 @@ $defs= <<"EOF";
 # The one monster makefile better suits building in non-unix
 # environments.
 
+EOF
+
+if ($platform eq "VC-CE")
+	{
+	$defs.= <<"EOF";
+!INCLUDE <\$(WCECOMPAT)/wcedefs.mak>
+
+EOF
+	}
+
+$defs.= <<"EOF";
 INSTALLTOP=$INSTALLTOP
 
 # Set your compiler options
@@ -277,14 +299,17 @@ SHLIB_EX_OBJ=$shlib_ex_obj
 # be added
 EX_LIBS=$ex_libs
 
-# The SSLeay directory
+# The OpenSSL directory
 SRC_D=$src_dir
 
 LINK=$link
 LFLAGS=$lflags
+RSC=$rsc
 
 BN_ASM_OBJ=$bn_asm_obj
 BN_ASM_SRC=$bn_asm_src
+BNCO_ASM_OBJ=$bnco_asm_obj
+BNCO_ASM_SRC=$bnco_asm_src
 DES_ENC_OBJ=$des_enc_obj
 DES_ENC_SRC=$des_enc_src
 BF_ENC_OBJ=$bf_enc_obj
@@ -308,11 +333,12 @@ OUT_D=$out_dir
 TMP_D=$tmp_dir
 # The output directory for the header files
 INC_D=$inc_dir
+INCO_D=$inc_dir${o}openssl
 
 CP=$cp
 RM=$rm
 RANLIB=$ranlib
-MKDIR=mkdir
+MKDIR=$mkdir
 MKLIB=$bin_dir$mklib
 MLFLAGS=$mlflags
 ASM=$bin_dir$asm
@@ -321,14 +347,16 @@ ASM=$bin_dir$asm
 # You should not need to touch anything below this point
 ######################################################
 
-E_EXE=ssleay
+E_EXE=openssl
 SSL=$ssl
 CRYPTO=$crypto
-RSAGLUE=$RSAglue
 
 # BIN_D  - Binary output directory
 # TEST_D - Binary test file output directory
 # LIB_D  - library output directory
+# Note: if you change these point to different directories then uncomment out
+# the lines around the 'NB' comment below.
+# 
 BIN_D=\$(OUT_D)
 TEST_D=\$(OUT_D)
 LIB_D=\$(OUT_D)
@@ -340,14 +368,12 @@ INCL_D=\$(TMP_D)
 
 O_SSL=     \$(LIB_D)$o$plib\$(SSL)$shlibp
 O_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$shlibp
-O_RSAGLUE= \$(LIB_D)$o$plib\$(RSAGLUE)$libp
 SO_SSL=    $plib\$(SSL)$so_shlibp
 SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
-L_SSL=     \$(LIB_D)$o\$(SSL)$libp
-L_CRYPTO=  \$(LIB_D)$o\$(CRYPTO)$libp
+L_SSL=     \$(LIB_D)$o$plib\$(SSL)$libp
+L_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$libp
 
 L_LIBS= \$(L_SSL) \$(L_CRYPTO)
-#L_LIBS= \$(O_SSL) \$(O_RSAGLUE) -lrsaref \$(O_CRYPTO)
 
 ######################################################
 # Don't touch anything below this point
@@ -357,33 +383,37 @@ INC=-I\$(INC_D) -I\$(INCL_D)
 APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG)
 LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG)
 SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG)
-LIBS_DEP=\$(O_CRYPTO) \$(O_RSAGLUE) \$(O_SSL)
+LIBS_DEP=\$(O_CRYPTO) \$(O_SSL)
 
 #############################################
 EOF
 
 $rules=<<"EOF";
-all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INC_D) headers lib exe
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe
 
 banner:
 $banner
 
 \$(TMP_D):
 	\$(MKDIR) \$(TMP_D)
-
-\$(BIN_D):
-	\$(MKDIR) \$(BIN_D)
-
-\$(TEST_D):
-	\$(MKDIR) \$(TEST_D)
+# NB: uncomment out these lines if BIN_D, TEST_D and LIB_D are different
+#\$(BIN_D):
+#	\$(MKDIR) \$(BIN_D)
+#
+#\$(TEST_D):
+#	\$(MKDIR) \$(TEST_D)
 
 \$(LIB_D):
 	\$(MKDIR) \$(LIB_D)
 
+\$(INCO_D): \$(INC_D)
+	\$(MKDIR) \$(INCO_D)
+
 \$(INC_D):
 	\$(MKDIR) \$(INC_D)
 
 headers: \$(HEADER) \$(EXHEADER)
+	@
 
 lib: \$(LIBS_DEP)
 
@@ -393,8 +423,9 @@ install:
 	\$(MKDIR) \$(INSTALLTOP)
 	\$(MKDIR) \$(INSTALLTOP)${o}bin
 	\$(MKDIR) \$(INSTALLTOP)${o}include
+	\$(MKDIR) \$(INSTALLTOP)${o}include${o}openssl
 	\$(MKDIR) \$(INSTALLTOP)${o}lib
-	\$(CP) \$(INC_D)${o}*.\[ch\] \$(INSTALLTOP)${o}include
+	\$(CP) \$(INCO_D)${o}*.\[ch\] \$(INSTALLTOP)${o}include${o}openssl
 	\$(CP) \$(BIN_D)$o\$(E_EXE)$exep \$(INSTALLTOP)${o}bin
 	\$(CP) \$(O_SSL) \$(INSTALLTOP)${o}lib
 	\$(CP) \$(O_CRYPTO) \$(INSTALLTOP)${o}lib
@@ -407,6 +438,42 @@ vclean:
 	\$(RM) \$(OUT_D)$o*.*
 
 EOF
+    
+my $platform_cpp_symbol = "MK1MF_PLATFORM_$platform";
+$platform_cpp_symbol =~ s/-/_/g;
+if (open(IN,"crypto/buildinf.h"))
+	{
+	# Remove entry for this platform in existing file buildinf.h.
+
+	my $old_buildinf_h = "";
+	while (<IN>)
+		{
+		if (/^\#ifdef $platform_cpp_symbol$/)
+			{
+			while (<IN>) { last if (/^\#endif/); }
+			}
+		else
+			{
+			$old_buildinf_h .= $_;
+			}
+		}
+	close(IN);
+
+	open(OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
+	print OUT $old_buildinf_h;
+	close(OUT);
+	}
+
+open (OUT,">>crypto/buildinf.h") || die "Can't open buildinf.h";
+printf OUT <<EOF;
+#ifdef $platform_cpp_symbol
+  /* auto-generated/updated by util/mk1mf.pl for crypto/cversion.c */
+  #define CFLAGS "$cc $cflags"
+  #define PLATFORM "$platform"
+EOF
+printf OUT "  #define DATE \"%s\"\n", scalar gmtime();
+printf OUT "#endif\n";
+close(OUT);
 
 #############################################
 # We parse in input file and 'store' info for later printing.
@@ -474,8 +541,8 @@ chop($h); $header=$h;
 $defs.=&do_defs("HEADER",$header,"\$(INCL_D)",".h");
 $rules.=&do_copy_rule("\$(INCL_D)",$header,".h");
 
-$defs.=&do_defs("EXHEADER",$exheader,"\$(INC_D)",".h");
-$rules.=&do_copy_rule("\$(INC_D)",$exheader,".h");
+$defs.=&do_defs("EXHEADER",$exheader,"\$(INCO_D)",".h");
+$rules.=&do_copy_rule("\$(INCO_D)",$exheader,".h");
 
 $defs.=&do_defs("T_OBJ",$test,"\$(OBJ_D)",$obj);
 $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
@@ -488,25 +555,22 @@ foreach (values %lib_nam)
 	$lib_obj=$lib_obj{$_};
 	local($slib)=$shlib;
 
-	$slib=0 if ($_ eq "RSAGLUE");
-
 	if (($_ eq "SSL") && $no_ssl2 && $no_ssl3)
 		{
 		$rules.="\$(O_SSL):\n\n"; 
 		next;
 		}
 
-	if (($_ eq "RSAGLUE") && $no_rsa)
-		{
-		$rules.="\$(O_RSAGLUE):\n\n"; 
-		next;
-		}
-
 	if (($bn_asm_obj ne "") && ($_ eq "CRYPTO"))
 		{
 		$lib_obj =~ s/\s\S*\/bn_asm\S*/ \$(BN_ASM_OBJ)/;
 		$rules.=&do_asm_rule($bn_asm_obj,$bn_asm_src);
 		}
+	if (($bnco_asm_obj ne "") && ($_ eq "CRYPTO"))
+		{
+		$lib_obj .= "\$(BNCO_ASM_OBJ)";
+		$rules.=&do_asm_rule($bnco_asm_obj,$bnco_asm_src);
+		}
 	if (($des_enc_obj ne "") && ($_ eq "CRYPTO"))
 		{
 		$lib_obj =~ s/\s\S*des_enc\S*/ \$(DES_ENC_OBJ)/;
@@ -549,10 +613,22 @@ foreach (values %lib_nam)
 		$rules.=&do_asm_rule($rmd160_asm_obj,$rmd160_asm_src);
 		}
 	$defs.=&do_defs(${_}."OBJ",$lib_obj,"\$(OBJ_D)",$obj);
-	$lib=($slib)?" \$(SHLIB_CFLAGS)":" \$(LIB_CFLAGS)";
+	$lib=($slib)?" \$(SHLIB_CFLAGS)".$shlib_ex_cflags{$_}:" \$(LIB_CFLAGS)";
 	$rules.=&do_compile_rule("\$(OBJ_D)",$lib_obj{$_},$lib);
 	}
 
+# hack to add version info on MSVC
+if (($platform eq "VC-WIN32") || ($platform eq "VC-NT")) {
+    $rules.= <<"EOF";
+\$(OBJ_D)\\\$(CRYPTO).res: ms\\version32.rc
+	\$(RSC) /fo"\$(OBJ_D)\\\$(CRYPTO).res" /d CRYPTO ms\\version32.rc
+
+\$(OBJ_D)\\\$(SSL).res: ms\\version32.rc
+	\$(RSC) /fo"\$(OBJ_D)\\\$(SSL).res" /d SSL ms\\version32.rc
+
+EOF
+}
+
 $defs.=&do_defs("T_EXE",$test,"\$(TEST_D)",$exep);
 foreach (split(/\s+/,$test))
 	{
@@ -562,13 +638,19 @@ foreach (split(/\s+/,$test))
 	}
 
 $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
-$rules.= &do_lib_rule("\$(RSAGLUEOBJ)","\$(O_RSAGLUE)",$RSAglue,0,"")
-	unless $no_rsa;
 $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
 
 $rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
 
 print $defs;
+
+if ($platform eq "linux-elf") {
+    print <<"EOF";
+# Generate perlasm output files
+%.cpp:
+	(cd \$(\@D)/..; PERL=perl make -f Makefile.ssl asm/\$(\@F))
+EOF
+}
 print "###################################################################\n";
 print $rules;
 
@@ -582,6 +664,7 @@ sub var_add
 	local(@a,$_,$ret);
 
 	return("") if $no_idea && $dir =~ /\/idea/;
+	return("") if $no_aes  && $dir =~ /\/aes/;
 	return("") if $no_rc2  && $dir =~ /\/rc2/;
 	return("") if $no_rc4  && $dir =~ /\/rc4/;
 	return("") if $no_rc5  && $dir =~ /\/rc5/;
@@ -607,7 +690,8 @@ sub var_add
 
 	@a=grep(!/^e_.*_3d$/,@a) if $no_des;
 	@a=grep(!/^e_.*_d$/,@a) if $no_des;
-	@a=grep(!/^e_.*_i$/,@a) if $no_idea;
+	@a=grep(!/^e_.*_ae$/,@a) if $no_idea;
+	@a=grep(!/^e_.*_i$/,@a) if $no_aes;
 	@a=grep(!/^e_.*_r2$/,@a) if $no_rc2;
 	@a=grep(!/^e_.*_r5$/,@a) if $no_rc5;
 	@a=grep(!/^e_.*_bf$/,@a) if $no_bf;
@@ -620,6 +704,7 @@ sub var_add
 	@a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock;
 
 	@a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+	@a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4;
 	@a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
 	@a=grep(!/(rmd)|(ripemd)/,@a) if $no_rmd160;
 
@@ -638,7 +723,7 @@ sub var_add
 	@a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
 	@a=grep(!/_mdc2$/,@a) if $no_mdc2;
 
-	@a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa;
+	@a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa;
 	@a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
 	@a=grep(!/^gendsa$/,@a) if $no_sha1;
 	@a=grep(!/(^dh$)|(^gendh$)/,@a) if $no_dh;
@@ -685,6 +770,7 @@ sub do_defs
 			{ $pf=".c"; }
 		else	{ $pf=$postfix; }
 		if ($_ =~ /BN_ASM/)	{ $t="$_ "; }
+		elsif ($_ =~ /BNCO_ASM/){ $t="$_ "; }
 		elsif ($_ =~ /DES_ENC/)	{ $t="$_ "; }
 		elsif ($_ =~ /BF_ENC/)	{ $t="$_ "; }
 		elsif ($_ =~ /CAST_ENC/){ $t="$_ "; }
@@ -698,6 +784,14 @@ sub do_defs
 		$Vars{$var}.="$t ";
 		$ret.=$t;
 		}
+	# hack to add version info on MSVC
+	if ($shlib && ($platform eq "VC-WIN32") || ($platform eq "VC-NT"))
+		{
+		if ($var eq "CRYPTOOBJ")
+			{ $ret.="\$(OBJ_D)\\\$(CRYPTO).res "; }
+		elsif ($var eq "SSLOBJ")
+			{ $ret.="\$(OBJ_D)\\\$(SSL).res "; }
+		}
 	chop($ret);
 	$ret.="\n\n";
 	return($ret);
@@ -736,8 +830,7 @@ sub cc_compile_target
 	local($target,$source,$ex_flags)=@_;
 	local($ret);
 	
-	# EAY EAY
-	$ex_flags.=' -DCFLAGS="\"$(CC) $(CFLAG)\"" -DPLATFORM="\"$(PLATFORM)\""' if ($source =~ /cversion/);
+	$ex_flags.=" -DMK1MF_BUILD -D$platform_cpp_symbol" if ($source =~ /cversion/);
 	$target =~ s/\//$o/g if $o ne "/";
 	$source =~ s/\//$o/g if $o ne "/";
 	$ret ="$target: \$(SRC_D)$o$source\n\t";
@@ -798,3 +891,57 @@ sub do_copy_rule
 		}
 	return($ret);
 	}
+
+sub read_options
+	{
+	if    (/^no-rc2$/)	{ $no_rc2=1; }
+	elsif (/^no-rc4$/)	{ $no_rc4=1; }
+	elsif (/^no-rc5$/)	{ $no_rc5=1; }
+	elsif (/^no-idea$/)	{ $no_idea=1; }
+	elsif (/^no-aes$/)	{ $no_aes=1; }
+	elsif (/^no-des$/)	{ $no_des=1; }
+	elsif (/^no-bf$/)	{ $no_bf=1; }
+	elsif (/^no-cast$/)	{ $no_cast=1; }
+	elsif (/^no-md2$/)  	{ $no_md2=1; }
+	elsif (/^no-md4$/)	{ $no_md4=1; }
+	elsif (/^no-md5$/)	{ $no_md5=1; }
+	elsif (/^no-sha$/)	{ $no_sha=1; }
+	elsif (/^no-sha1$/)	{ $no_sha1=1; }
+	elsif (/^no-ripemd$/)	{ $no_ripemd=1; }
+	elsif (/^no-mdc2$/)	{ $no_mdc2=1; }
+	elsif (/^no-patents$/)	{ $no_rc2=$no_rc4=$no_rc5=$no_idea=$no_rsa=1; }
+	elsif (/^no-rsa$/)	{ $no_rsa=1; }
+	elsif (/^no-dsa$/)	{ $no_dsa=1; }
+	elsif (/^no-dh$/)	{ $no_dh=1; }
+	elsif (/^no-hmac$/)	{ $no_hmac=1; }
+	elsif (/^no-aes$/)	{ $no_aes=1; }
+	elsif (/^no-asm$/)	{ $no_asm=1; }
+	elsif (/^nasm$/)	{ $nasm=1; }
+	elsif (/^gaswin$/)	{ $gaswin=1; }
+	elsif (/^no-ssl2$/)	{ $no_ssl2=1; }
+	elsif (/^no-ssl3$/)	{ $no_ssl3=1; }
+	elsif (/^no-err$/)	{ $no_err=1; }
+	elsif (/^no-sock$/)	{ $no_sock=1; }
+	elsif (/^no-krb5$/)	{ $no_krb5=1; }
+	elsif (/^no-ec$/)	{ $no_ec=1; }
+	elsif (/^no-ecdsa$/)	{ $no_ecdsa=1; }
+
+	elsif (/^just-ssl$/)	{ $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
+				  $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
+				  $no_ssl2=$no_err=$no_rmd160=$no_rc5=1;
+				  $no_aes=1; }
+
+	elsif (/^rsaref$/)	{ }
+	elsif (/^gcc$/)		{ $gcc=1; }
+	elsif (/^debug$/)	{ $debug=1; }
+	elsif (/^profile$/)	{ $profile=1; }
+	elsif (/^shlib$/)	{ $shlib=1; }
+	elsif (/^dll$/)		{ $shlib=1; }
+	elsif (/^shared$/)	{ } # We just need to ignore it for now...
+	elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; }
+	elsif (/^-[lL].*$/)	{ $l_flags.="$_ "; }
+	elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/)
+		{ $c_flags.="$_ "; }
+	else { return(0); }
+	return(1);
+	}
diff --git a/util/mkcerts.sh b/util/mkcerts.sh
index 5f8a1dae73..0184fcb70e 100755
--- a/util/mkcerts.sh
+++ b/util/mkcerts.sh
@@ -1,4 +1,4 @@
-#!bin/sh
+#!/bin/sh
 
 # This script will re-make all the required certs.
 # cd apps
@@ -12,8 +12,8 @@
 #
  
 CAbits=1024
-SSLEAY="../apps/ssleay"
-CONF="-config ../apps/ssleay.cnf"
+SSLEAY="../apps/openssl"
+CONF="-config ../apps/openssl.cnf"
 
 # create pca request.
 echo creating $CAbits bit PCA cert request
diff --git a/util/mkdef.pl b/util/mkdef.pl
index 0d66a90999..fffd1d9a7c 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -1,246 +1,1149 @@
-#!/usr/local/bin/perl
+#!/usr/local/bin/perl -w
 #
 # generate a .def file
 #
 # It does this by parsing the header files and looking for the
-# non-prototyped functions.
+# prototyped functions: it then prunes the output.
 #
+# Intermediary files are created, call libeay.num and ssleay.num,...
+# Previously, they had the following format:
+#
+#	routine-name	nnnn
+#
+# But that isn't enough for a number of reasons, the first on being that
+# this format is (needlessly) very Win32-centric, and even then...
+# One of the biggest problems is that there's no information about what
+# routines should actually be used, which varies with what crypto algorithms
+# are disabled.  Also, some operating systems (for example VMS with VAX C)
+# need to keep track of the global variables as well as the functions.
+#
+# So, a remake of this script is done so as to include information on the
+# kind of symbol it is (function or variable) and what algorithms they're
+# part of.  This will allow easy translating to .def files or the corresponding
+# file in other operating systems (a .opt file for VMS, possibly with a .mar
+# file).
+#
+# The format now becomes:
+#
+#	routine-name	nnnn	info
+#
+# and the "info" part is actually a colon-separated string of fields with
+# the following meaning:
+#
+#	existence:platform:kind:algorithms
+#
+# - "existence" can be "EXIST" or "NOEXIST" depending on if the symbol is
+#   found somewhere in the source, 
+# - "platforms" is empty if it exists on all platforms, otherwise it contains
+#   comma-separated list of the platform, just as they are if the symbol exists
+#   for those platforms, or prepended with a "!" if not.  This helps resolve
+#   symbol name variants for platforms where the names are too long for the
+#   compiler or linker, or if the systems is case insensitive and there is a
+#   clash, or the symbol is implemented differently (see
+#   EXPORT_VAR_AS_FUNCTION).  This script assumes renaming of symbols is found
+#   in the file crypto/symhacks.h.
+#   The semantics for the platforms is that every item is checked against the
+#   environment.  For the negative items ("!FOO"), if any of them is false
+#   (i.e. "FOO" is true) in the environment, the corresponding symbol can't be
+#   used.  For the positive itms, if all of them are false in the environment,
+#   the corresponding symbol can't be used.  Any combination of positive and
+#   negative items are possible, and of course leave room for some redundancy.
+# - "kind" is "FUNCTION" or "VARIABLE".  The meaning of that is obvious.
+# - "algorithms" is a comma-separated list of algorithm names.  This helps
+#   exclude symbols that are part of an algorithm that some user wants to
+#   exclude.
+#
+
+my $debug=0;
+
+my $crypto_num= "util/libeay.num";
+my $ssl_num=    "util/ssleay.num";
+my $libname;
+
+my $do_update = 0;
+my $do_rewrite = 1;
+my $do_crypto = 0;
+my $do_ssl = 0;
+my $do_ctest = 0;
+my $do_ctestall = 0;
+my $do_checkexist = 0;
 
-$crypto_num="util/libeay.num";
-$ssl_num=   "util/ssleay.num";
+my $VMSVAX=0;
+my $VMSAlpha=0;
+my $VMS=0;
+my $W32=0;
+my $W16=0;
+my $NT=0;
+my $OS2=0;
+# Set this to make typesafe STACK definitions appear in DEF
+my $safe_stack_def = 0;
 
-$NT=1;
-foreach (@ARGV)
+my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
+			"EXPORT_VAR_AS_FUNCTION" );
+my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
+my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
+			 "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
+			 "RIPEMD",
+			 "MDC2", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "HMAC", "AES",
+			 # Envelope "algorithms"
+			 "EVP", "X509", "ASN1_TYPEDEFS",
+			 # Helper "algorithms"
+			 "BIO", "COMP", "BUFFER", "LHASH", "STACK", "ERR",
+			 "LOCKING",
+			 # External "algorithms"
+			 "FP_API", "STDIO", "SOCK", "KRB5",
+			 # Engines
+			 "STATIC_ENGINE" );
+
+my $options="";
+open(IN,"<Makefile.ssl") || die "unable to open Makefile.ssl!\n";
+while(<IN>) {
+    $options=$1 if (/^OPTIONS=(.*)$/);
+}
+close(IN);
+
+# The following ciphers may be excluded (by Configure). This means functions
+# defined with ifndef(NO_XXX) are not included in the .def file, and everything
+# in directory xxx is ignored.
+my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf;
+my $no_cast;
+my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
+my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
+my $no_ec; my $no_ecdsa; my $no_ecdh;
+my $no_fp_api; my $no_static_engine;
+
+foreach (@ARGV, split(/ /, $options))
 	{
-	$NT=1 if $_ eq "32";
-	$NT=0 if $_ eq "16";
+	$debug=1 if $_ eq "debug";
+	$W32=1 if $_ eq "32";
+	$W16=1 if $_ eq "16";
+	if($_ eq "NT") {
+		$W32 = 1;
+		$NT = 1;
+	}
+	if ($_ eq "VMS-VAX") {
+		$VMS=1;
+		$VMSVAX=1;
+	}
+	if ($_ eq "VMS-Alpha") {
+		$VMS=1;
+		$VMSAlpha=1;
+	}
+	$VMS=1 if $_ eq "VMS";
+	$OS2=1 if $_ eq "OS2";
+
 	$do_ssl=1 if $_ eq "ssleay";
+	if ($_ eq "ssl") {
+		$do_ssl=1; 
+		$libname=$_
+	}
 	$do_crypto=1 if $_ eq "libeay";
+	if ($_ eq "crypto") {
+		$do_crypto=1;
+		$libname=$_;
+	}
+	$do_update=1 if $_ eq "update";
+	$do_rewrite=1 if $_ eq "rewrite";
+	$do_ctest=1 if $_ eq "ctest";
+	$do_ctestall=1 if $_ eq "ctestall";
+	$do_checkexist=1 if $_ eq "exist";
+	#$safe_stack_def=1 if $_ eq "-DDEBUG_SAFESTACK";
+
+	if    (/^no-rc2$/)      { $no_rc2=1; }
+	elsif (/^no-rc4$/)      { $no_rc4=1; }
+	elsif (/^no-rc5$/)      { $no_rc5=1; }
+	elsif (/^no-idea$/)     { $no_idea=1; }
+	elsif (/^no-des$/)      { $no_des=1; $no_mdc2=1; }
+	elsif (/^no-bf$/)       { $no_bf=1; }
+	elsif (/^no-cast$/)     { $no_cast=1; }
+	elsif (/^no-md2$/)      { $no_md2=1; }
+	elsif (/^no-md4$/)      { $no_md4=1; }
+	elsif (/^no-md5$/)      { $no_md5=1; }
+	elsif (/^no-sha$/)      { $no_sha=1; }
+	elsif (/^no-ripemd$/)   { $no_ripemd=1; }
+	elsif (/^no-mdc2$/)     { $no_mdc2=1; }
+	elsif (/^no-rsa$/)      { $no_rsa=1; }
+	elsif (/^no-dsa$/)      { $no_dsa=1; }
+	elsif (/^no-dh$/)       { $no_dh=1; }
+	elsif (/^no-ec$/)       { $no_ec=1; }
+	elsif (/^no-ecdsa$/)	{ $no_ecdsa=1; }
+	elsif (/^no-ecdh$/) 	{ $no_ecdh=1; }
+	elsif (/^no-hmac$/)	{ $no_hmac=1; }
+	elsif (/^no-aes$/)	{ $no_aes=1; }
+	elsif (/^no-evp$/)	{ $no_evp=1; }
+	elsif (/^no-lhash$/)	{ $no_lhash=1; }
+	elsif (/^no-stack$/)	{ $no_stack=1; }
+	elsif (/^no-err$/)	{ $no_err=1; }
+	elsif (/^no-buffer$/)	{ $no_buffer=1; }
+	elsif (/^no-bio$/)	{ $no_bio=1; }
+	#elsif (/^no-locking$/)	{ $no_locking=1; }
+	elsif (/^no-comp$/)	{ $no_comp=1; }
+	elsif (/^no-dso$/)	{ $no_dso=1; }
+	elsif (/^no-krb5$/)	{ $no_krb5=1; }
+	}
+
+
+if (!$libname) { 
+	if ($do_ssl) {
+		$libname="SSLEAY";
+	}
+	if ($do_crypto) {
+		$libname="LIBEAY";
 	}
+}
+
+# If no platform is given, assume WIN32
+if ($W32 + $W16 + $VMS + $OS2 == 0) {
+	$W32 = 1;
+}
+
+# Add extra knowledge
+if ($W16) {
+	$no_fp_api=1;
+}
 
 if (!$do_ssl && !$do_crypto)
 	{
-	print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 ]\n";
+	print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT | OS2 ]\n";
 	exit(1);
 	}
 
 %ssl_list=&load_numbers($ssl_num);
+$max_ssl = $max_num;
 %crypto_list=&load_numbers($crypto_num);
+$max_crypto = $max_num;
+
+my $ssl="ssl/ssl.h";
+$ssl.=" ssl/kssl.h";
 
-$ssl="ssl/ssl.h";
-
-$crypto ="crypto/crypto.h";
-$crypto.=" crypto/des/des.h";
-$crypto.=" crypto/idea/idea.h";
-$crypto.=" crypto/rc4/rc4.h";
-$crypto.=" crypto/rc5/rc5.h";
-$crypto.=" crypto/rc2/rc2.h";
-$crypto.=" crypto/bf/blowfish.h";
-$crypto.=" crypto/cast/cast.h";
-$crypto.=" crypto/md2/md2.h";
-$crypto.=" crypto/md5/md5.h";
-$crypto.=" crypto/mdc2/mdc2.h";
-$crypto.=" crypto/sha/sha.h";
-$crypto.=" crypto/ripemd/ripemd.h";
+my $crypto ="crypto/crypto.h";
+$crypto.=" crypto/des/des.h crypto/des/des_old.h" ; # unless $no_des;
+$crypto.=" crypto/idea/idea.h" ; # unless $no_idea;
+$crypto.=" crypto/rc4/rc4.h" ; # unless $no_rc4;
+$crypto.=" crypto/rc5/rc5.h" ; # unless $no_rc5;
+$crypto.=" crypto/rc2/rc2.h" ; # unless $no_rc2;
+$crypto.=" crypto/bf/blowfish.h" ; # unless $no_bf;
+$crypto.=" crypto/cast/cast.h" ; # unless $no_cast;
+$crypto.=" crypto/md2/md2.h" ; # unless $no_md2;
+$crypto.=" crypto/md4/md4.h" ; # unless $no_md4;
+$crypto.=" crypto/md5/md5.h" ; # unless $no_md5;
+$crypto.=" crypto/mdc2/mdc2.h" ; # unless $no_mdc2;
+$crypto.=" crypto/sha/sha.h" ; # unless $no_sha;
+$crypto.=" crypto/ripemd/ripemd.h" ; # unless $no_ripemd;
+$crypto.=" crypto/aes/aes.h" ; # unless $no_aes;
 
 $crypto.=" crypto/bn/bn.h";
-$crypto.=" crypto/rsa/rsa.h";
-$crypto.=" crypto/dsa/dsa.h";
-$crypto.=" crypto/dh/dh.h";
-
-$crypto.=" crypto/stack/stack.h";
-$crypto.=" crypto/buffer/buffer.h";
-$crypto.=" crypto/bio/bio.h";
-$crypto.=" crypto/lhash/lhash.h";
+$crypto.=" crypto/rsa/rsa.h" ; # unless $no_rsa;
+$crypto.=" crypto/dsa/dsa.h" ; # unless $no_dsa;
+$crypto.=" crypto/dh/dh.h" ; # unless $no_dh;
+$crypto.=" crypto/ec/ec.h" ; # unless $no_ec;
+$crypto.=" crypto/ecdsa/ecdsa.h" ; # unless $no_ecdsa;
+$crypto.=" crypto/ecdh/ecdh.h" ; # unless $no_ecdh;
+$crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac;
+
+$crypto.=" crypto/engine/engine.h";
+$crypto.=" crypto/stack/stack.h" ; # unless $no_stack;
+$crypto.=" crypto/buffer/buffer.h" ; # unless $no_buffer;
+$crypto.=" crypto/bio/bio.h" ; # unless $no_bio;
+$crypto.=" crypto/dso/dso.h" ; # unless $no_dso;
+$crypto.=" crypto/lhash/lhash.h" ; # unless $no_lhash;
 $crypto.=" crypto/conf/conf.h";
 $crypto.=" crypto/txt_db/txt_db.h";
 
-$crypto.=" crypto/evp/evp.h";
+$crypto.=" crypto/evp/evp.h" ; # unless $no_evp;
 $crypto.=" crypto/objects/objects.h";
 $crypto.=" crypto/pem/pem.h";
 #$crypto.=" crypto/meth/meth.h";
 $crypto.=" crypto/asn1/asn1.h";
+$crypto.=" crypto/asn1/asn1t.h";
 $crypto.=" crypto/asn1/asn1_mac.h";
-$crypto.=" crypto/err/err.h";
+$crypto.=" crypto/err/err.h" ; # unless $no_err;
 $crypto.=" crypto/pkcs7/pkcs7.h";
+$crypto.=" crypto/pkcs12/pkcs12.h";
 $crypto.=" crypto/x509/x509.h";
 $crypto.=" crypto/x509/x509_vfy.h";
+$crypto.=" crypto/x509v3/x509v3.h";
 $crypto.=" crypto/rand/rand.h";
-$crypto.=" crypto/hmac/hmac.h";
-$crypto.=" crypto/comp/comp.h";
+$crypto.=" crypto/comp/comp.h" ; # unless $no_comp;
+$crypto.=" crypto/ocsp/ocsp.h";
+$crypto.=" crypto/ui/ui.h crypto/ui/ui_compat.h";
+$crypto.=" crypto/krb5/krb5_asn.h";
 $crypto.=" crypto/tmdiff.h";
 
-$match{'NOPROTO'}=1;
-$match2{'PERL5'}=1;
+my $symhacks="crypto/symhacks.h";
+
+my @ssl_symbols = &do_defs("SSLEAY", $ssl, $symhacks);
+my @crypto_symbols = &do_defs("LIBEAY", $crypto, $symhacks);
+
+if ($do_update) {
+
+if ($do_ssl == 1) {
+
+	&maybe_add_info("SSLEAY",*ssl_list,@ssl_symbols);
+	if ($do_rewrite == 1) {
+		open(OUT, ">$ssl_num");
+		&rewrite_numbers(*OUT,"SSLEAY",*ssl_list,@ssl_symbols);
+	} else {
+		open(OUT, ">>$ssl_num");
+	}
+	&update_numbers(*OUT,"SSLEAY",*ssl_list,$max_ssl,@ssl_symbols);
+	close OUT;
+}
+
+if($do_crypto == 1) {
+
+	&maybe_add_info("LIBEAY",*crypto_list,@crypto_symbols);
+	if ($do_rewrite == 1) {
+		open(OUT, ">$crypto_num");
+		&rewrite_numbers(*OUT,"LIBEAY",*crypto_list,@crypto_symbols);
+	} else {
+		open(OUT, ">>$crypto_num");
+	}
+	&update_numbers(*OUT,"LIBEAY",*crypto_list,$max_crypto,@crypto_symbols);
+	close OUT;
+} 
+
+} elsif ($do_checkexist) {
+	&check_existing(*ssl_list, @ssl_symbols)
+		if $do_ssl == 1;
+	&check_existing(*crypto_list, @crypto_symbols)
+		if $do_crypto == 1;
+} elsif ($do_ctest || $do_ctestall) {
+
+	print <<"EOF";
+
+/* Test file to check all DEF file symbols are present by trying
+ * to link to all of them. This is *not* intended to be run!
+ */
+
+int main()
+{
+EOF
+	&print_test_file(*STDOUT,"SSLEAY",*ssl_list,$do_ctestall,@ssl_symbols)
+		if $do_ssl == 1;
+
+	&print_test_file(*STDOUT,"LIBEAY",*crypto_list,$do_ctestall,@crypto_symbols)
+		if $do_crypto == 1;
+
+	print "}\n";
+
+} else {
+
+	&print_def_file(*STDOUT,$libname,*ssl_list,@ssl_symbols)
+		if $do_ssl == 1;
+
+	&print_def_file(*STDOUT,$libname,*crypto_list,@crypto_symbols)
+		if $do_crypto == 1;
 
-&print_def_file(*STDOUT,"SSLEAY",*ssl_list,&do_defs("SSLEAY",$ssl))
-	if $do_ssl == 1;
+}
 
-&print_def_file(*STDOUT,"LIBEAY",*crypto_list,&do_defs("LIBEAY",$crypto))
-	if $do_crypto == 1;
 
 sub do_defs
-	{
-	local($name,$files)=@_;
-	local(@ret);
+{
+	my($name,$files,$symhacksfile)=@_;
+	my $file;
+	my @ret;
+	my %syms;
+	my %platform;		# For anything undefined, we assume ""
+	my %kind;		# For anything undefined, we assume "FUNCTION"
+	my %algorithm;		# For anything undefined, we assume ""
+	my %variant;
+	my %variant_cnt;	# To be able to allocate "name{n}" if "name"
+				# is the same name as the original.
+	my $cpp;
+	my %unknown_algorithms = ();
 
-	$off=-1;
-	foreach $file (split(/\s+/,$files))
+	foreach $file (split(/\s+/,$symhacksfile." ".$files))
 		{
-#		print STDERR "reading $file\n";
+		print STDERR "DEBUG: starting on $file:\n" if $debug;
 		open(IN,"<$file") || die "unable to open $file:$!\n";
-		$depth=0;
-		$pr=-1;
-		@np="";
-		$/=undef;
-		$a=<IN>;
-		while (($i=index($a,"/*")) >= 0)
+		my $line = "", my $def= "";
+		my %tag = (
+			(map { $_ => 0 } @known_platforms),
+			(map { "OPENSSL_SYS_".$_ => 0 } @known_ossl_platforms),
+			(map { "OPENSSL_NO_".$_ => 0 } @known_algorithms),
+			NOPROTO		=> 0,
+			PERL5		=> 0,
+			_WINDLL		=> 0,
+			CONST_STRICT	=> 0,
+			TRUE		=> 1,
+		);
+		my $symhacking = $file eq $symhacksfile;
+		my @current_platforms = ();
+		my @current_algorithms = ();
+
+		# params: symbol, alias, platforms, kind
+		# The reason to put this subroutine in a variable is that
+		# it will otherwise create it's own, unshared, version of
+		# %tag and %variant...
+		my $make_variant = sub
+		{
+			my ($s, $a, $p, $k) = @_;
+			my ($a1, $a2);
+
+			print STDERR "DEBUG: make_variant: Entered with ",$s,", ",$a,", ",(defined($p)?$p:""),", ",(defined($k)?$k:""),"\n" if $debug;
+			if (defined($p))
+			{
+				$a1 = join(",",$p,
+					   grep(!/^$/,
+						map { $tag{$_} == 1 ? $_ : "" }
+						@known_platforms));
+			}
+			else
 			{
-			$j=index($a,"*/");
-			break unless ($j >= 0);
-			$a=substr($a,0,$i).substr($a,$j+2);
-		#	print "$i $j\n";
+				$a1 = join(",",
+					   grep(!/^$/,
+						map { $tag{$_} == 1 ? $_ : "" }
+						@known_platforms));
 			}
-		foreach (split("\n",$a))
+			$a2 = join(",",
+				   grep(!/^$/,
+					map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ : "" }
+					@known_ossl_platforms));
+			print STDERR "DEBUG: make_variant: a1 = $a1; a2 = $a2\n" if $debug;
+			if ($a1 eq "") { $a1 = $a2; }
+			elsif ($a1 ne "" && $a2 ne "") { $a1 .= ",".$a2; }
+			if ($a eq $s)
 			{
-			if (/^\#\s*ifndef (.*)/)
+				if (!defined($variant_cnt{$s}))
 				{
-				push(@tag,$1);
-				$tag{$1}=-1;
-				next;
+					$variant_cnt{$s} = 0;
 				}
-			elsif (/^\#\s*if !defined\(([^\)]+)\)/)
-				{
+				$variant_cnt{$s}++;
+				$a .= "{$variant_cnt{$s}}";
+			}
+			my $toadd = $a.":".$a1.(defined($k)?":".$k:"");
+			my $togrep = $s.'(\{[0-9]+\})?:'.$a1.(defined($k)?":".$k:"");
+			if (!grep(/^$togrep$/,
+				  split(/;/, defined($variant{$s})?$variant{$s}:""))) {
+				if (defined($variant{$s})) { $variant{$s} .= ";"; }
+				$variant{$s} .= $toadd;
+			}
+			print STDERR "DEBUG: make_variant: Exit with variant of ",$s," = ",$variant{$s},"\n" if $debug;
+		};
+
+		print STDERR "DEBUG: parsing ----------\n" if $debug;
+		while(<IN>) {
+			last if (/\/\* Error codes for the \w+ functions\. \*\//);
+			if ($line ne '') {
+				$_ = $line . $_;
+				$line = '';
+			}
+
+			if (/\\$/) {
+				chomp; # remove eol
+				chop; # remove ending backslash
+				$line = $_;
+				next;
+			}
+
+	    		$cpp = 1 if /^\#.*ifdef.*cplusplus/;
+			if ($cpp) {
+				$cpp = 0 if /^\#.*endif/;
+				next;
+	    		}
+
+			s/\/\*.*?\*\///gs;                   # ignore comments
+			s/{[^{}]*}//gs;                      # ignore {} blocks
+			print STDERR "DEBUG: \$def=\"$def\"\n" if $debug && $def ne "";
+			print STDERR "DEBUG: \$_=\"$_\"\n" if $debug;
+			if (/^\#\s*ifndef\s+(.*)/) {
+				push(@tag,"-");
 				push(@tag,$1);
 				$tag{$1}=-1;
-				next;
+				print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
+			} elsif (/^\#\s*if\s+!defined\(([^\)]+)\)/) {
+				push(@tag,"-");
+				if (/^\#\s*if\s+(!defined\(([^\)]+)\)(\s+\&\&\s+!defined\(([^\)]+)\))*)$/) {
+					my $tmp_1 = $1;
+					my $tmp_;
+					foreach $tmp_ (split '\&\&',$tmp_1) {
+						$tmp_ =~ /!defined\(([^\)]+)\)/;
+						print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
+						push(@tag,$1);
+						$tag{$1}=-1;
+					}
+				} else {
+					print STDERR "Warning: $file: complicated expression: $_" if $debug; # because it is O...
+					print STDERR "DEBUG: $file: found tag $1 = -1\n" if $debug;
+					push(@tag,$1);
+					$tag{$1}=-1;
 				}
-			elsif (/^\#\s*ifdef (.*)/)
-				{
+			} elsif (/^\#\s*ifdef\s+(.*)/) {
+				push(@tag,"-");
 				push(@tag,$1);
 				$tag{$1}=1;
-				next;
+				print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
+			} elsif (/^\#\s*if\s+defined\(([^\)]+)\)/) {
+				push(@tag,"-");
+				if (/^\#\s*if\s+(defined\(([^\)]+)\)(\s+\|\|\s+defined\(([^\)]+)\))*)$/) {
+					my $tmp_1 = $1;
+					my $tmp_;
+					foreach $tmp_ (split '\|\|',$tmp_1) {
+						$tmp_ =~ /defined\(([^\)]+)\)/;
+						print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
+						push(@tag,$1);
+						$tag{$1}=1;
+					}
+				} else {
+					print STDERR "Warning: $file: complicated expression: $_\n" if $debug; # because it is O...
+					print STDERR "DEBUG: $file: found tag $1 = 1\n" if $debug;
+					push(@tag,$1);
+					$tag{$1}=1;
 				}
-			elsif (/^\#\s*if defined(.*)/)
-				{
-				push(@tag,$1);
-				$tag{$1}=1;
-				next;
+			} elsif (/^\#\s*error\s+(\w+) is disabled\./) {
+				my $tag_i = $#tag;
+				while($tag[$tag_i] ne "-") {
+					if ($tag[$tag_i] eq "OPENSSL_NO_".$1) {
+						$tag{$tag[$tag_i]}=2;
+						print STDERR "DEBUG: $file: chaged tag $1 = 2\n" if $debug;
+					}
+					$tag_i--;
+				}
+			} elsif (/^\#\s*endif/) {
+				my $tag_i = $#tag;
+				while($tag[$tag_i] ne "-") {
+					my $t=$tag[$tag_i];
+					print STDERR "DEBUG: \$t=\"$t\"\n" if $debug;
+					if ($tag{$t}==2) {
+						$tag{$t}=-1;
+					} else {
+						$tag{$t}=0;
+					}
+					print STDERR "DEBUG: $file: changed tag ",$t," = ",$tag{$t},"\n" if $debug;
+					pop(@tag);
+					if ($t =~ /^OPENSSL_NO_([A-Z0-9_]+)$/) {
+						$t=$1;
+					} else {
+						$t="";
+					}
+					if ($t ne ""
+					    && !grep(/^$t$/, @known_algorithms)) {
+						$unknown_algorithms{$t} = 1;
+						#print STDERR "DEBUG: Added as unknown algorithm: $t\n" if $debug;
+					}
+					$tag_i--;
 				}
-			elsif (/^\#\s*endif/)
-				{
-				$tag{$tag[$#tag]}=0;
 				pop(@tag);
+			} elsif (/^\#\s*else/) {
+				my $tag_i = $#tag;
+				while($tag[$tag_i] ne "-") {
+					my $t=$tag[$tag_i];
+					$tag{$t}= -$tag{$t};
+					print STDERR "DEBUG: $file: changed tag ",$t," = ",$tag{$t},"\n" if $debug;
+					$tag_i--;
+				}
+			} elsif (/^\#\s*if\s+1/) {
+				push(@tag,"-");
+				# Dummy tag
+				push(@tag,"TRUE");
+				$tag{"TRUE"}=1;
+				print STDERR "DEBUG: $file: found 1\n" if $debug;
+			} elsif (/^\#\s*if\s+0/) {
+				push(@tag,"-");
+				# Dummy tag
+				push(@tag,"TRUE");
+				$tag{"TRUE"}=-1;
+				print STDERR "DEBUG: $file: found 0\n" if $debug;
+			} elsif (/^\#\s*define\s+(\w+)\s+(\w+)/
+				 && $symhacking && $tag{'TRUE'} != -1) {
+				# This is for aliasing.  When we find an alias,
+				# we have to invert
+				&$make_variant($1,$2);
+				print STDERR "DEBUG: $file: defined $1 = $2\n" if $debug;
+			}
+			if (/^\#/) {
+				@current_platforms =
+				    grep(!/^$/,
+					 map { $tag{$_} == 1 ? $_ :
+						   $tag{$_} == -1 ? "!".$_  : "" }
+					 @known_platforms);
+				push @current_platforms
+				    , grep(!/^$/,
+					   map { $tag{"OPENSSL_SYS_".$_} == 1 ? $_ :
+						     $tag{"OPENSSL_SYS_".$_} == -1 ? "!".$_  : "" }
+					   @known_ossl_platforms);
+				@current_algorithms =
+				    grep(!/^$/,
+					 map { $tag{"OPENSSL_NO_".$_} == -1 ? $_ : "" }
+					 @known_algorithms);
+				$def .=
+				    "#INFO:"
+					.join(',',@current_platforms).":"
+					    .join(',',@current_algorithms).";";
 				next;
+			}
+			if ($tag{'TRUE'} != -1) {
+				if (/^\s*DECLARE_STACK_OF\s*\(\s*(\w*)\s*\)/) {
+					next;
+				} elsif (/^\s*DECLARE_ASN1_ENCODE_FUNCTIONS\s*\(\s*(\w*)\s*,\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$3(void);";
+					$def .= "int i2d_$3(void);";
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $2_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$2_it","$2_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_FUNCTIONS_fname\s*\(\s*(\w*)\s*,\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$3(void);";
+					$def .= "int i2d_$3(void);";
+					$def .= "int $3_free(void);";
+					$def .= "int $3_new(void);";
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $2_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$2_it","$2_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_FUNCTIONS\s*\(\s*(\w*)\s*\)/ ||
+					 /^\s*DECLARE_ASN1_FUNCTIONS_const\s*\(\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$1(void);";
+					$def .= "int i2d_$1(void);";
+					$def .= "int $1_free(void);";
+					$def .= "int $1_new(void);";
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $1_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$1_it","$1_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_ENCODE_FUNCTIONS_const\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$2(void);";
+					$def .= "int i2d_$2(void);";
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $2_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$2_it","$2_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_FUNCTIONS_name\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					$def .= "int d2i_$2(void);";
+					$def .= "int i2d_$2(void);";
+					$def .= "int $2_free(void);";
+					$def .= "int $2_new(void);";
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $2_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$2_it","$2_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_ITEM\s*\(\s*(\w*)\s*\)/) {
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int $1_it;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("$1_it","$1_it",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+					next;
+				} elsif (/^\s*DECLARE_ASN1_NDEF_FUNCTION\s*\(\s*(\w*)\s*\)/) {
+					$def .= "int i2d_$1_NDEF(void);";
+				} elsif (/^\s*DECLARE_ASN1_SET_OF\s*\(\s*(\w*)\s*\)/) {
+					next;
+				} elsif (/^\s*DECLARE_PKCS12_STACK_OF\s*\(\s*(\w*)\s*\)/) {
+					next;
+				} elsif (/^DECLARE_PEM_rw\s*\(\s*(\w*)\s*,/ ||
+					 /^DECLARE_PEM_rw_cb\s*\(\s*(\w*)\s*,/ ) {
+					# Things not in Win16
+					$def .=
+					    "#INFO:"
+						.join(',',"!WIN16",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "int PEM_read_$1(void);";
+					$def .= "int PEM_write_$1(void);";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Things that are everywhere
+					$def .= "int PEM_read_bio_$1(void);";
+					$def .= "int PEM_write_bio_$1(void);";
+					next;
+				} elsif (/^DECLARE_PEM_write\s*\(\s*(\w*)\s*,/ ||
+					 /^DECLARE_PEM_write_cb\s*\(\s*(\w*)\s*,/ ) {
+					# Things not in Win16
+					$def .=
+					    "#INFO:"
+						.join(',',"!WIN16",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "int PEM_write_$1(void);";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Things that are everywhere
+					$def .= "int PEM_write_bio_$1(void);";
+					next;
+				} elsif (/^DECLARE_PEM_read\s*\(\s*(\w*)\s*,/ ||
+					 /^DECLARE_PEM_read_cb\s*\(\s*(\w*)\s*,/ ) {
+					# Things not in Win16
+					$def .=
+					    "#INFO:"
+						.join(',',"!WIN16",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "int PEM_read_$1(void);";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Things that are everywhere
+					$def .= "int PEM_read_bio_$1(void);";
+					next;
+				} elsif (/^OPENSSL_DECLARE_GLOBAL\s*\(\s*(\w*)\s*,\s*(\w*)\s*\)/) {
+					# Variant for platforms that do not
+					# have to access globale variables
+					# in shared libraries through functions
+					$def .=
+					    "#INFO:"
+						.join(',',"!EXPORT_VAR_AS_FUNCTION",@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					$def .= "OPENSSL_EXTERN int _shadow_$2;";
+					$def .=
+					    "#INFO:"
+						.join(',',@current_platforms).":"
+						    .join(',',@current_algorithms).";";
+					# Variant for platforms that have to
+					# access globale variables in shared
+					# libraries through functions
+					&$make_variant("_shadow_$2","_shadow_$2",
+						      "EXPORT_VAR_AS_FUNCTION",
+						      "FUNCTION");
+				} elsif ($tag{'CONST_STRICT'} != 1) {
+					if (/\{|\/\*|\([^\)]*$/) {
+						$line = $_;
+					} else {
+						$def .= $_;
+					}
 				}
-			elsif (/^\#\s*else/)
-				{
-				$t=$tag[$#tag];
-				$tag{$t}= -$tag{$t};
+			}
+		}
+		close(IN);
+
+		my $algs;
+		my $plays;
+
+		print STDERR "DEBUG: postprocessing ----------\n" if $debug;
+		foreach (split /;/, $def) {
+			my $s; my $k = "FUNCTION"; my $p; my $a;
+			s/^[\n\s]*//g;
+			s/[\n\s]*$//g;
+			next if(/\#undef/);
+			next if(/typedef\W/);
+			next if(/\#define/);
+
+			print STDERR "DEBUG: \$_ = \"$_\"\n" if $debug;
+			if (/^\#INFO:([^:]*):(.*)$/) {
+				$plats = $1;
+				$algs = $2;
+				print STDERR "DEBUG: found info on platforms ($plats) and algorithms ($algs)\n" if $debug;
+				next;
+			} elsif (/^\s*OPENSSL_EXTERN\s.*?(\w+(\{[0-9]+\})?)(\[[0-9]*\])*\s*$/) {
+				$s = $1;
+				$k = "VARIABLE";
+				print STDERR "DEBUG: found external variable $s\n" if $debug;
+			} elsif (/\(\*(\w*(\{[0-9]+\})?)\([^\)]+/) {
+				$s = $1;
+				print STDERR "DEBUG: found ANSI C function $s\n" if $debug;
+			} elsif (/\w+\W+(\w+)\W*\(\s*\)$/s) {
+				# K&R C
+				print STDERR "DEBUG: found K&R C function $s\n" if $debug;
 				next;
+			} elsif (/\w+\W+\w+(\{[0-9]+\})?\W*\(.*\)$/s) {
+				while (not /\(\)$/s) {
+					s/[^\(\)]*\)$/\)/s;
+					s/\([^\(\)]*\)\)$/\)/s;
 				}
-#printf STDERR "$_\n%2d %2d %2d %2d %2d $NT\n",
-#$tag{'NOPROTO'},$tag{'FreeBSD'},$tag{'WIN16'},$tag{'PERL5'},$tag{'NO_FP_API'};
-
-			$t=undef;
-			if (/^extern .*;$/)
-				{ $t=&do_extern($name,$_); }
-			elsif (	($tag{'NOPROTO'} == 1) &&
-				($tag{'FreeBSD'} != 1) &&
-				(($NT && ($tag{'WIN16'} != 1)) ||
-				 (!$NT && ($tag{'WIN16'} != -1))) &&
-				($tag{'PERL5'} != 1) &&
-#				($tag{'_WINDLL'} != -1) &&
-				((!$NT && $tag{'_WINDLL'} != -1) ||
-				 ($NT && $tag{'_WINDLL'} != 1)) &&
-				((($tag{'NO_FP_API'} != 1) && $NT) ||
-				 (($tag{'NO_FP_API'} != -1) && !$NT)))
-				{ $t=&do_line($name,$_); }
-			else
-				{ $t=undef; }
-			if (($t ne undef) && (!$done{$name,$t}))
-				{
-				$done{$name,$t}++;
-				push(@ret,$t);
-#printf STDERR "one:$t\n" if $t =~ /BIO_/;
+				s/\(void\)//;
+				/(\w+(\{[0-9]+\})?)\W*\(\)/s;
+				$s = $1;
+				print STDERR "DEBUG: found function $s\n" if $debug;
+			} elsif (/\(/ and not (/=/)) {
+				print STDERR "File $file: cannot parse: $_;\n";
+				next;
+			} else {
+				next;
+			}
+
+			$syms{$s} = 1;
+			$kind{$s} = $k;
+
+			$p = $plats;
+			$a = $algs;
+			$a .= ",BF" if($s =~ /EVP_bf/);
+			$a .= ",CAST" if($s =~ /EVP_cast/);
+			$a .= ",DES" if($s =~ /EVP_des/);
+			$a .= ",DSA" if($s =~ /EVP_dss/);
+			$a .= ",IDEA" if($s =~ /EVP_idea/);
+			$a .= ",MD2" if($s =~ /EVP_md2/);
+			$a .= ",MD4" if($s =~ /EVP_md4/);
+			$a .= ",MD5" if($s =~ /EVP_md5/);
+			$a .= ",RC2" if($s =~ /EVP_rc2/);
+			$a .= ",RC4" if($s =~ /EVP_rc4/);
+			$a .= ",RC5" if($s =~ /EVP_rc5/);
+			$a .= ",RIPEMD" if($s =~ /EVP_ripemd/);
+			$a .= ",SHA" if($s =~ /EVP_sha/);
+			$a .= ",RSA" if($s =~ /EVP_(Open|Seal)(Final|Init)/);
+			$a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/);
+			$a .= ",RSA" if($s =~ /RSAPrivateKey/);
+			$a .= ",RSA" if($s =~ /SSLv23?_((client|server)_)?method/);
+
+			$platform{$s} =
+			    &reduce_platforms((defined($platform{$s})?$platform{$s}.',':"").$p);
+			$algorithm{$s} .= ','.$a;
+
+			if (defined($variant{$s})) {
+				foreach $v (split /;/,$variant{$s}) {
+					(my $r, my $p, my $k) = split(/:/,$v);
+					my $ip = join ',',map({ /^!(.*)$/ ? $1 : "!".$_ } split /,/, $p);
+					$syms{$r} = 1;
+					if (!defined($k)) { $k = $kind{$s}; }
+					$kind{$r} = $k."(".$s.")";
+					$algorithm{$r} = $algorithm{$s};
+					$platform{$r} = &reduce_platforms($platform{$s}.",".$p.",".$p);
+					$platform{$s} = &reduce_platforms($platform{$s}.','.$ip.','.$ip);
+					print STDERR "DEBUG: \$variant{\"$s\"} = ",$v,"; \$r = $r; \$p = ",$platform{$r},"; \$a = ",$algorithm{$r},"; \$kind = ",$kind{$r},"\n" if $debug;
 				}
 			}
-		close(IN);
+			print STDERR "DEBUG: \$s = $s; \$p = ",$platform{$s},"; \$a = ",$algorithm{$s},"; \$kind = ",$kind{$s},"\n" if $debug;
 		}
+	}
+
+	# Prune the returned symbols
+
+        delete $syms{"bn_dump1"};
+	$platform{"BIO_s_log"} .= ",!WIN32,!WIN16,!macintosh";
+
+	$platform{"PEM_read_NS_CERT_SEQ"} = "VMS";
+	$platform{"PEM_write_NS_CERT_SEQ"} = "VMS";
+	$platform{"PEM_read_P8_PRIV_KEY_INFO"} = "VMS";
+	$platform{"PEM_write_P8_PRIV_KEY_INFO"} = "VMS";
+
+	# Info we know about
+
+	push @ret, map { $_."\\".&info_string($_,"EXIST",
+					      $platform{$_},
+					      $kind{$_},
+					      $algorithm{$_}) } keys %syms;
+
+	if (keys %unknown_algorithms) {
+		print STDERR "WARNING: mkdef.pl doesn't know the following algorithms:\n";
+		print STDERR "\t",join("\n\t",keys %unknown_algorithms),"\n";
+	}
 	return(@ret);
+}
+
+# Param: string of comma-separated platform-specs.
+sub reduce_platforms
+{
+	my ($platforms) = @_;
+	my $pl = defined($platforms) ? $platforms : "";
+	my %p = map { $_ => 0 } split /,/, $pl;
+	my $ret;
+
+	print STDERR "DEBUG: Entered reduce_platforms with \"$platforms\"\n"
+	    if $debug;
+	# We do this, because if there's code like the following, it really
+	# means the function exists in all cases and should therefore be
+	# everywhere.  By increasing and decreasing, we may attain 0:
+	#
+	# ifndef WIN16
+	#    int foo();
+	# else
+	#    int _fat foo();
+	# endif
+	foreach $platform (split /,/, $pl) {
+		if ($platform =~ /^!(.*)$/) {
+			$p{$1}--;
+		} else {
+			$p{$platform}++;
+		}
+	}
+	foreach $platform (keys %p) {
+		if ($p{$platform} == 0) { delete $p{$platform}; }
 	}
 
-sub do_line
-	{
-	local($file,$_)=@_;
-	local($n);
-
-	return(undef) if /^$/;
-	return(undef) if /^\s/;
-#printf STDERR "two:$_\n" if $_ =~ /BIO_/;
-	if (/(CRYPTO_get_locking_callback)/)
-		{ return($1); }
-	elsif (/(CRYPTO_get_id_callback)/)
-		{ return($1); }
-	elsif (/(CRYPTO_get_add_lock_callback)/)
-		{ return($1); }
-	elsif (/(SSL_CTX_get_verify_callback)/)
-		{ return($1); }
-	elsif (/(SSL_get_info_callback)/)
-		{ return($1); }
-	elsif ((!$NT) && /(ERR_load_CRYPTO_strings)/)
-		{ return("ERR_load_CRYPTOlib_strings"); }
-	elsif (!$NT && /BIO_s_file/)
-		{ return(undef); }
-	elsif (!$NT && /BIO_new_file/)
-		{ return(undef); }
-	elsif (!$NT && /BIO_new_fp/)
-		{ return(undef); }
-	elsif ($NT && /BIO_s_file_internal/)
-		{ return(undef); }
-	elsif ($NT && /BIO_new_file_internal/)
-		{ return(undef); }
-	elsif ($NT && /BIO_new_fp_internal/)
-		{ return(undef); }
-	else
-		{
-		/\s\**(\S+)\s*\(/;
-		return($1);
+	delete $p{""};
+
+	$ret = join(',',sort(map { $p{$_} < 0 ? "!".$_ : $_ } keys %p));
+	print STDERR "DEBUG: Exiting reduce_platforms with \"$ret\"\n"
+	    if $debug;
+	return $ret;
+}
+
+sub info_string {
+	(my $symbol, my $exist, my $platforms, my $kind, my $algorithms) = @_;
+
+	my %a = defined($algorithms) ?
+	    map { $_ => 1 } split /,/, $algorithms : ();
+	my $k = defined($kind) ? $kind : "FUNCTION";
+	my $ret;
+	my $p = &reduce_platforms($platforms);
+
+	delete $a{""};
+
+	$ret = $exist;
+	$ret .= ":".$p;
+	$ret .= ":".$k;
+	$ret .= ":".join(',',sort keys %a);
+	return $ret;
+}
+
+sub maybe_add_info {
+	(my $name, *nums, my @symbols) = @_;
+	my $sym;
+	my $new_info = 0;
+	my %syms=();
+
+	print STDERR "Updating $name info\n";
+	foreach $sym (@symbols) {
+		(my $s, my $i) = split /\\/, $sym;
+		if (defined($nums{$s})) {
+			$i =~ s/^(.*?:.*?:\w+)(\(\w+\))?/$1/;
+			(my $n, my $dummy) = split /\\/, $nums{$s};
+			if (!defined($dummy) || $i ne $dummy) {
+				$nums{$s} = $n."\\".$i;
+				$new_info++;
+				print STDERR "DEBUG: maybe_add_info for $s: \"$dummy\" => \"$i\"\n" if $debug;
+			}
+		}
+		$syms{$s} = 1;
+	}
+
+	my @s=sort { &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n") } keys %nums;
+	foreach $sym (@s) {
+		(my $n, my $i) = split /\\/, $nums{$sym};
+		if (!defined($syms{$sym}) && $i !~ /^NOEXIST:/) {
+			$new_info++;
+			print STDERR "DEBUG: maybe_add_info for $sym: -> undefined\n" if $debug;
+		}
+	}
+	if ($new_info) {
+		print STDERR "$new_info old symbols got an info update\n";
+		if (!$do_rewrite) {
+			print STDERR "You should do a rewrite to fix this.\n";
 		}
+	} else {
+		print STDERR "No old symbols needed info update\n";
 	}
+}
+
+# Param: string of comma-separated keywords, each possibly prefixed with a "!"
+sub is_valid
+{
+	my ($keywords_txt,$platforms) = @_;
+	my (@keywords) = split /,/,$keywords_txt;
+	my ($falsesum, $truesum) = (0, !grep(/^[^!]/,@keywords));
 
-sub do_extern
+	# Param: one keyword
+	sub recognise
 	{
-	local($file,$_)=@_;
-	local($n);
+		my ($keyword,$platforms) = @_;
+
+		if ($platforms) {
+			# platforms
+			if ($keyword eq "VMS" && $VMS) { return 1; }
+			if ($keyword eq "WIN32" && $W32) { return 1; }
+			if ($keyword eq "WIN16" && $W16) { return 1; }
+			if ($keyword eq "WINNT" && $NT) { return 1; }
+			if ($keyword eq "OS2" && $OS2) { return 1; }
+			# Special platforms:
+			# EXPORT_VAR_AS_FUNCTION means that global variables
+			# will be represented as functions.  This currently
+			# only happens on VMS-VAX.
+			if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) {
+				return 1;
+			}
+			return 0;
+		} else {
+			# algorithms
+			if ($keyword eq "RC2" && $no_rc2) { return 0; }
+			if ($keyword eq "RC4" && $no_rc4) { return 0; }
+			if ($keyword eq "RC5" && $no_rc5) { return 0; }
+			if ($keyword eq "IDEA" && $no_idea) { return 0; }
+			if ($keyword eq "DES" && $no_des) { return 0; }
+			if ($keyword eq "BF" && $no_bf) { return 0; }
+			if ($keyword eq "CAST" && $no_cast) { return 0; }
+			if ($keyword eq "MD2" && $no_md2) { return 0; }
+			if ($keyword eq "MD4" && $no_md4) { return 0; }
+			if ($keyword eq "MD5" && $no_md5) { return 0; }
+			if ($keyword eq "SHA" && $no_sha) { return 0; }
+			if ($keyword eq "RIPEMD" && $no_ripemd) { return 0; }
+			if ($keyword eq "MDC2" && $no_mdc2) { return 0; }
+			if ($keyword eq "RSA" && $no_rsa) { return 0; }
+			if ($keyword eq "DSA" && $no_dsa) { return 0; }
+			if ($keyword eq "DH" && $no_dh) { return 0; }
+			if ($keyword eq "EC" && $no_ec) { return 0; }
+			if ($keyword eq "ECDSA" && $no_ecdsa) { return 0; }
+			if ($keyword eq "ECDH" && $no_ecdh) { return 0; }
+			if ($keyword eq "HMAC" && $no_hmac) { return 0; }
+			if ($keyword eq "AES" && $no_aes) { return 0; }
+			if ($keyword eq "EVP" && $no_evp) { return 0; }
+			if ($keyword eq "LHASH" && $no_lhash) { return 0; }
+			if ($keyword eq "STACK" && $no_stack) { return 0; }
+			if ($keyword eq "ERR" && $no_err) { return 0; }
+			if ($keyword eq "BUFFER" && $no_buffer) { return 0; }
+			if ($keyword eq "BIO" && $no_bio) { return 0; }
+			if ($keyword eq "COMP" && $no_comp) { return 0; }
+			if ($keyword eq "DSO" && $no_dso) { return 0; }
+			if ($keyword eq "KRB5" && $no_krb5) { return 0; }
+			if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
+			if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; }
+
+			# Nothing recognise as true
+			return 1;
+		}
+	}
+
+	foreach $k (@keywords) {
+		if ($k =~ /^!(.*)$/) {
+			$falsesum += &recognise($1,$platforms);
+		} else {
+			$truesum += &recognise($k,$platforms);
+		}
+	}
+	print STDERR "DEBUG: [",$#keywords,",",$#keywords < 0,"] is_valid($keywords_txt) => (\!$falsesum) && $truesum = ",(!$falsesum) && $truesum,"\n" if $debug;
+	return (!$falsesum) && $truesum;
+}
+
+sub print_test_file
+{
+	(*OUT,my $name,*nums,my $testall,my @symbols)=@_;
+	my $n = 1; my @e; my @r;
+	my $sym; my $prev = ""; my $prefSSLeay;
+
+	(@e)=grep(/^SSLeay(\{[0-9]+\})?\\.*?:.*?:.*/,@symbols);
+	(@r)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:.*/ && !/^SSLeay(\{[0-9]+\})?\\.*?:.*?:.*/,@symbols);
+	@symbols=((sort @e),(sort @r));
 
-	/\s\**(\S+);$/;
-	return($1);
+	foreach $sym (@symbols) {
+		(my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+		my $v = 0;
+		$v = 1 if $i=~ /^.*?:.*?:VARIABLE/;
+		my $p = ($i =~ /^[^:]*:([^:]*):/,$1);
+		my $a = ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1);
+		if (!defined($nums{$s})) {
+			print STDERR "Warning: $s does not have a number assigned\n"
+			    if(!$do_update);
+		} elsif (is_valid($p,1) && is_valid($a,0)) {
+			my $s2 = ($s =~ /^(.*?)(\{[0-9]+\})?$/, $1);
+			if ($prev eq $s2) {
+				print OUT "\t/* The following has already appeared previously */\n";
+				print STDERR "Warning: Symbol '",$s2,"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n";
+			}
+			$prev = $s2;	# To warn about duplicates...
+
+			($nn,$ni)=($nums{$s2} =~ /^(.*?)\\(.*)$/);
+			if ($v) {
+				print OUT "\textern int $s2; /* type unknown */ /* $nn $ni */\n";
+			} else {
+				print OUT "\textern int $s2(); /* type unknown */ /* $nn $ni */\n";
+			}
+		}
 	}
+}
 
 sub print_def_file
-	{
-	local(*OUT,$name,*nums,@functions)=@_;
-	local($n)=1;
+{
+	(*OUT,my $name,*nums,my @symbols)=@_;
+	my $n = 1; my @e; my @r; my @v; my $prev="";
+	my $liboptions="";
 
-	if ($NT)
+	if ($W32)
 		{ $name.="32"; }
-	else
+	elsif ($W16)
 		{ $name.="16"; }
+	elsif ($OS2)
+		{ $liboptions = "INITINSTANCE\nDATA NONSHARED"; }
 
 	print OUT <<"EOF";
 ;
-; Definition file for the DDL version of the $name library from SSLeay
+; Definition file for the DLL version of the $name library from OpenSSL
 ;
 
-LIBRARY         $name
+LIBRARY         $name	$liboptions
 
-DESCRIPTION     'SSLeay $name - eay\@cryptsoft.com'
+DESCRIPTION     'OpenSSL $name - http://www.openssl.org/'
 
 EOF
 
-	if (!$NT)
-		{
+	if ($W16) {
 		print <<"EOF";
 CODE            PRELOAD MOVEABLE
 DATA            PRELOAD MOVEABLE SINGLE
@@ -251,44 +1154,219 @@ HEAPSIZE	4096
 STACKSIZE	8192
 
 EOF
-		}
+	}
 
 	print "EXPORTS\n";
 
+	(@e)=grep(/^SSLeay(\{[0-9]+\})?\\.*?:.*?:FUNCTION/,@symbols);
+	(@r)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:FUNCTION/ && !/^SSLeay(\{[0-9]+\})?\\.*?:.*?:FUNCTION/,@symbols);
+	(@v)=grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:VARIABLE/,@symbols);
+	@symbols=((sort @e),(sort @r), (sort @v));
 
-	(@e)=grep(/^SSLeay/,@functions);
-	(@r)=grep(!/^SSLeay/,@functions);
-	@functions=((sort @e),(sort @r));
 
-	foreach $func (@functions)
-		{
-		if (!defined($nums{$func}))
-			{
-			printf STDERR "$func does not have a number assigned\n";
-			}
-		else
-			{
-			$n=$nums{$func};
-			printf OUT "    %s%-35s@%d\n",($NT)?"":"_",$func,$n;
+	foreach $sym (@symbols) {
+		(my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+		my $v = 0;
+		$v = 1 if $i =~ /^.*?:.*?:VARIABLE/;
+		if (!defined($nums{$s})) {
+			printf STDERR "Warning: $s does not have a number assigned\n"
+			    if(!$do_update);
+		} else {
+			(my $n, my $dummy) = split /\\/, $nums{$s};
+			my %pf = ();
+			my $p = ($i =~ /^[^:]*:([^:]*):/,$1);
+			my $a = ($i =~ /^[^:]*:[^:]*:[^:]*:([^:]*)/,$1);
+			if (is_valid($p,1) && is_valid($a,0)) {
+				my $s2 = ($s =~ /^(.*?)(\{[0-9]+\})?$/, $1);
+				if ($prev eq $s2) {
+					print STDERR "Warning: Symbol '",$s2,"' redefined. old=",($nums{$prev} =~ /^(.*?)\\/,$1),", new=",($nums{$s2} =~ /^(.*?)\\/,$1),"\n";
+				}
+				$prev = $s2;	# To warn about duplicates...
+				if($v && !$OS2) {
+					printf OUT "    %s%-39s @%-8d DATA\n",($W32)?"":"_",$s2,$n;
+				} else {
+					printf OUT "    %s%-39s @%d\n",($W32||$OS2)?"":"_",$s2,$n;
+				}
 			}
 		}
-	printf OUT "\n";
 	}
+	printf OUT "\n";
+}
 
 sub load_numbers
-	{
-	local($name)=@_;
-	local($j,@a,%ret);
+{
+	my($name)=@_;
+	my(@a,%ret);
+
+	$max_num = 0;
+	$num_noinfo = 0;
+	$prev = "";
+	$prev_cnt = 0;
 
 	open(IN,"<$name") || die "unable to open $name:$!\n";
-	while (<IN>)
-		{
+	while (<IN>) {
 		chop;
 		s/#.*$//;
 		next if /^\s*$/;
 		@a=split;
-		$ret{$a[0]}=$a[1];
+		if (defined $ret{$a[0]}) {
+			# This is actually perfectly OK
+			#print STDERR "Warning: Symbol '",$a[0],"' redefined. old=",$ret{$a[0]},", new=",$a[1],"\n";
+		}
+		if ($max_num > $a[1]) {
+			print STDERR "Warning: Number decreased from ",$max_num," to ",$a[1],"\n";
+		}
+		elsif ($max_num == $a[1]) {
+			# This is actually perfectly OK
+			#print STDERR "Warning: Symbol ",$a[0]," has same number as previous ",$prev,": ",$a[1],"\n";
+			if ($a[0] eq $prev) {
+				$prev_cnt++;
+				$a[0] .= "{$prev_cnt}";
+			}
+		}
+		else {
+			$prev_cnt = 0;
+		}
+		if ($#a < 2) {
+			# Existence will be proven later, in do_defs
+			$ret{$a[0]}=$a[1];
+			$num_noinfo++;
+		} else {
+			$ret{$a[0]}=$a[1]."\\".$a[2]; # \\ is a special marker
 		}
+		$max_num = $a[1] if $a[1] > $max_num;
+		$prev=$a[0];
+	}
+	if ($num_noinfo) {
+		print STDERR "Warning: $num_noinfo symbols were without info.";
+		if ($do_rewrite) {
+			printf STDERR "  The rewrite will fix this.\n";
+		} else {
+			printf STDERR "  You should do a rewrite to fix this.\n";
+		}
+	}
 	close(IN);
 	return(%ret);
+}
+
+sub parse_number
+{
+	(my $str, my $what) = @_;
+	(my $n, my $i) = split(/\\/,$str);
+	if ($what eq "n") {
+		return $n;
+	} else {
+		return $i;
 	}
+}
+
+sub rewrite_numbers
+{
+	(*OUT,$name,*nums,@symbols)=@_;
+	my $thing;
+
+	print STDERR "Rewriting $name\n";
+
+	my @r = grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:\w+\(\w+\)/,@symbols);
+	my $r; my %r; my %rsyms;
+	foreach $r (@r) {
+		(my $s, my $i) = split /\\/, $r;
+		my $a = $1 if $i =~ /^.*?:.*?:\w+\((\w+)\)/;
+		$i =~ s/^(.*?:.*?:\w+)\(\w+\)/$1/;
+		$r{$a} = $s."\\".$i;
+		$rsyms{$s} = 1;
+	}
+
+	my %syms = ();
+	foreach $_ (@symbols) {
+		(my $n, my $i) = split /\\/;
+		$syms{$n} = 1;
+	}
+
+	my @s=sort {
+	    &parse_number($nums{$a},"n") <=> &parse_number($nums{$b},"n")
+	    || $a cmp $b
+	} keys %nums;
+	foreach $sym (@s) {
+		(my $n, my $i) = split /\\/, $nums{$sym};
+		next if defined($i) && $i =~ /^.*?:.*?:\w+\(\w+\)/;
+		next if defined($rsyms{$sym});
+		print STDERR "DEBUG: rewrite_numbers for sym = ",$sym,": i = ",$i,", n = ",$n,", rsym{sym} = ",$rsyms{$sym},"syms{sym} = ",$syms{$sym},"\n" if $debug;
+		$i="NOEXIST::FUNCTION:"
+			if !defined($i) || $i eq "" || !defined($syms{$sym});
+		my $s2 = $sym;
+		$s2 =~ s/\{[0-9]+\}$//;
+		printf OUT "%s%-39s %d\t%s\n","",$s2,$n,$i;
+		if (exists $r{$sym}) {
+			(my $s, $i) = split /\\/,$r{$sym};
+			my $s2 = $s;
+			$s2 =~ s/\{[0-9]+\}$//;
+			printf OUT "%s%-39s %d\t%s\n","",$s2,$n,$i;
+		}
+	}
+}
+
+sub update_numbers
+{
+	(*OUT,$name,*nums,my $start_num, my @symbols)=@_;
+	my $new_syms = 0;
+
+	print STDERR "Updating $name numbers\n";
+
+	my @r = grep(/^\w+(\{[0-9]+\})?\\.*?:.*?:\w+\(\w+\)/,@symbols);
+	my $r; my %r; my %rsyms;
+	foreach $r (@r) {
+		(my $s, my $i) = split /\\/, $r;
+		my $a = $1 if $i =~ /^.*?:.*?:\w+\((\w+)\)/;
+		$i =~ s/^(.*?:.*?:\w+)\(\w+\)/$1/;
+		$r{$a} = $s."\\".$i;
+		$rsyms{$s} = 1;
+	}
+
+	foreach $sym (@symbols) {
+		(my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+		next if $i =~ /^.*?:.*?:\w+\(\w+\)/;
+		next if defined($rsyms{$sym});
+		die "ERROR: Symbol $sym had no info attached to it."
+		    if $i eq "";
+		if (!exists $nums{$s}) {
+			$new_syms++;
+			my $s2 = $s;
+			$s2 =~ s/\{[0-9]+\}$//;
+			printf OUT "%s%-39s %d\t%s\n","",$s2, ++$start_num,$i;
+			if (exists $r{$s}) {
+				($s, $i) = split /\\/,$r{$s};
+				$s =~ s/\{[0-9]+\}$//;
+				printf OUT "%s%-39s %d\t%s\n","",$s, $start_num,$i;
+			}
+		}
+	}
+	if($new_syms) {
+		print STDERR "$new_syms New symbols added\n";
+	} else {
+		print STDERR "No New symbols Added\n";
+	}
+}
+
+sub check_existing
+{
+	(*nums, my @symbols)=@_;
+	my %existing; my @remaining;
+	@remaining=();
+	foreach $sym (@symbols) {
+		(my $s, my $i) = $sym =~ /^(.*?)\\(.*)$/;
+		$existing{$s}=1;
+	}
+	foreach $sym (keys %nums) {
+		if (!exists $existing{$sym}) {
+			push @remaining, $sym;
+		}
+	}
+	if(@remaining) {
+		print STDERR "The following symbols do not seem to exist:\n";
+		foreach $sym (@remaining) {
+			print STDERR "\t",$sym,"\n";
+		}
+	}
+}
+
diff --git a/util/mkdir-p.pl b/util/mkdir-p.pl
new file mode 100755
index 0000000000..6c69c2daa4
--- /dev/null
+++ b/util/mkdir-p.pl
@@ -0,0 +1,33 @@
+#!/usr/local/bin/perl
+
+# mkdir-p.pl
+
+# On some systems, the -p option to mkdir (= also create any missing parent
+# directories) is not available.
+
+my $arg;
+
+foreach $arg (@ARGV) {
+  &do_mkdir_p($arg);
+}
+
+
+sub do_mkdir_p {
+  local($dir) = @_;
+
+  $dir =~ s|/*\Z(?!\n)||s;
+
+  if (-d $dir) {
+    return;
+  }
+
+  if ($dir =~ m|[^/]/|s) {
+    local($parent) = $dir;
+    $parent =~ s|[^/]*\Z(?!\n)||s;
+
+    do_mkdir_p($parent);
+  }
+
+  mkdir($dir, 0777) || die "Cannot create directory $dir: $!\n";
+  print "created directory `$dir'\n";
+}
diff --git a/util/mkerr.pl b/util/mkerr.pl
new file mode 100644
index 0000000000..4105047b21
--- /dev/null
+++ b/util/mkerr.pl
@@ -0,0 +1,629 @@
+#!/usr/local/bin/perl -w
+
+my $config = "crypto/err/openssl.ec";
+my $debug = 0;
+my $rebuild = 0;
+my $static = 1;
+my $recurse = 0;
+my $reindex = 0;
+my $dowrite = 0;
+my $staticloader = "";
+
+while (@ARGV) {
+	my $arg = $ARGV[0];
+	if($arg eq "-conf") {
+		shift @ARGV;
+		$config = shift @ARGV;
+	} elsif($arg eq "-debug") {
+		$debug = 1;
+		shift @ARGV;
+	} elsif($arg eq "-rebuild") {
+		$rebuild = 1;
+		shift @ARGV;
+	} elsif($arg eq "-recurse") {
+		$recurse = 1;
+		shift @ARGV;
+	} elsif($arg eq "-reindex") {
+		$reindex = 1;
+		shift @ARGV;
+	} elsif($arg eq "-nostatic") {
+		$static = 0;
+		shift @ARGV;
+	} elsif($arg eq "-staticloader") {
+		$staticloader = "static ";
+		shift @ARGV;
+	} elsif($arg eq "-write") {
+		$dowrite = 1;
+		shift @ARGV;
+	} else {
+		last;
+	}
+}
+
+if($recurse) {
+	@source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>);
+} else {
+	@source = @ARGV;
+}
+
+# Read in the config file
+
+open(IN, "<$config") || die "Can't open config file $config";
+
+# Parse config file
+
+while(<IN>)
+{
+	if(/^L\s+(\S+)\s+(\S+)\s+(\S+)/) {
+		$hinc{$1} = $2;
+		$libinc{$2} = $1;
+		$cskip{$3} = $1;
+		if($3 ne "NONE") {
+			$csrc{$1} = $3;
+			$fmax{$1} = 99;
+			$rmax{$1} = 99;
+			$fnew{$1} = 0;
+			$rnew{$1} = 0;
+		}
+	} elsif (/^F\s+(\S+)/) {
+	# Add extra function with $1
+	} elsif (/^R\s+(\S+)\s+(\S+)/) {
+		$rextra{$1} = $2;
+		$rcodes{$1} = $2;
+	}
+}
+
+close IN;
+
+# Scan each header file in turn and make a list of error codes
+# and function names
+
+while (($hdr, $lib) = each %libinc)
+{
+	next if($hdr eq "NONE");
+	print STDERR "Scanning header file $hdr\n" if $debug; 
+	my $line = "", $def= "", $linenr = 0, $gotfile = 0;
+	if (open(IN, "<$hdr")) {
+	    $gotfile = 1;
+	    while(<IN>) {
+		$linenr++;
+		print STDERR "line: $linenr\r" if $debug;
+
+		last if(/BEGIN\s+ERROR\s+CODES/);
+		if ($line ne '') {
+		    $_ = $line . $_;
+		    $line = '';
+		}
+
+		if (/\\$/) {
+		    $line = $_;
+		    next;
+		}
+
+		$cpp = 1 if /^#.*ifdef.*cplusplus/;  # skip "C" declaration
+		if ($cpp) {
+		    $cpp = 0 if /^#.*endif/;
+		    next;
+		}
+
+		next if (/^\#/);                      # skip preprocessor directives
+
+		s/\/\*.*?\*\///gs;                   # ignore comments
+		s/{[^{}]*}//gs;                      # ignore {} blocks
+
+		if (/\{|\/\*/) { # Add a } so editor works...
+		    $line = $_;
+		} else {
+		    $def .= $_;
+		}
+	    }
+	}
+
+	print STDERR "                                  \r" if $debug;
+        $defnr = 0;
+	foreach (split /;/, $def) {
+	    $defnr++;
+	    print STDERR "def: $defnr\r" if $debug;
+
+	    s/^[\n\s]*//g;
+	    s/[\n\s]*$//g;
+	    next if(/typedef\W/);
+	    if (/\(\*(\w*)\([^\)]+/) {
+		my $name = $1;
+		$name =~ tr/[a-z]/[A-Z]/;
+		$ftrans{$name} = $1;
+	    } elsif (/\w+\W+(\w+)\W*\(\s*\)$/s){
+		# K&R C
+		next ;
+	    } elsif (/\w+\W+\w+\W*\(.*\)$/s) {
+		while (not /\(\)$/s) {
+		    s/[^\(\)]*\)$/\)/s;
+		    s/\([^\(\)]*\)\)$/\)/s;
+		}
+		s/\(void\)//;
+		/(\w+)\W*\(\)/s;
+		my $name = $1;
+		$name =~ tr/[a-z]/[A-Z]/;
+		$ftrans{$name} = $1;
+	    } elsif (/\(/ and not (/=/ or /DECLARE_STACK/)) {
+		print STDERR "Header $hdr: cannot parse: $_;\n";
+	    }
+	}
+
+	print STDERR "                                  \r" if $debug;
+
+	next if $reindex;
+
+	# Scan function and reason codes and store them: keep a note of the
+	# maximum code used.
+
+	if ($gotfile) {
+	    while(<IN>) {
+		if(/^\#define\s+(\S+)\s+(\S+)/) {
+			$name = $1;
+			$code = $2;
+			next if $name =~ /^${lib}err/;
+			unless($name =~ /^${lib}_([RF])_(\w+)$/) {
+				print STDERR "Invalid error code $name\n";
+				next;
+			}
+			if($1 eq "R") {
+				$rcodes{$name} = $code;
+				if(!(exists $rextra{$name}) &&
+					 ($code > $rmax{$lib}) ) {
+					$rmax{$lib} = $code;
+				}
+			} else {
+				if($code > $fmax{$lib}) {
+					$fmax{$lib} = $code;
+				}
+				$fcodes{$name} = $code;
+			}
+		}
+	    }
+	}
+	close IN;
+}
+
+# Scan each C source file and look for function and reason codes
+# This is done by looking for strings that "look like" function or
+# reason codes: basically anything consisting of all upper case and
+# numerics which has _F_ or _R_ in it and which has the name of an
+# error library at the start. This seems to work fine except for the
+# oddly named structure BIO_F_CTX which needs to be ignored.
+# If a code doesn't exist in list compiled from headers then mark it
+# with the value "X" as a place holder to give it a value later.
+# Store all function and reason codes found in %ufcodes and %urcodes
+# so all those unreferenced can be printed out.
+
+
+print STDERR "Files loaded: " if $debug;
+foreach $file (@source) {
+	# Don't parse the error source file.
+	next if exists $cskip{$file};
+	print STDERR $file if $debug;
+	open(IN, "<$file") || die "Can't open source file $file\n";
+	while(<IN>) {
+		if(/(([A-Z0-9]+)_F_([A-Z0-9_]+))/) {
+			next unless exists $csrc{$2};
+			next if($1 eq "BIO_F_BUFFER_CTX");
+			$ufcodes{$1} = 1;
+			if(!exists $fcodes{$1}) {
+				$fcodes{$1} = "X";
+				$fnew{$2}++;
+			}
+			$notrans{$1} = 1 unless exists $ftrans{$3};
+		}
+		if(/(([A-Z0-9]+)_R_[A-Z0-9_]+)/) {
+			next unless exists $csrc{$2};
+			$urcodes{$1} = 1;
+			if(!exists $rcodes{$1}) {
+				$rcodes{$1} = "X";
+				$rnew{$2}++;
+			}
+		} 
+	}
+	close IN;
+}
+print STDERR "\n" if $debug;
+
+# Now process each library in turn.
+
+foreach $lib (keys %csrc)
+{
+	my $hfile = $hinc{$lib};
+	my $cfile = $csrc{$lib};
+	if(!$fnew{$lib} && !$rnew{$lib}) {
+		print STDERR "$lib:\t\tNo new error codes\n";
+		next unless $rebuild;
+	} else {
+		print STDERR "$lib:\t\t$fnew{$lib} New Functions,";
+		print STDERR " $rnew{$lib} New Reasons.\n";
+		next unless $dowrite;
+	}
+
+	# If we get here then we have some new error codes so we
+	# need to rebuild the header file and C file.
+
+	# Make a sorted list of error and reason codes for later use.
+
+	my @function = sort grep(/^${lib}_/,keys %fcodes);
+	my @reasons = sort grep(/^${lib}_/,keys %rcodes);
+
+	# Rewrite the header file
+
+	if (open(IN, "<$hfile")) {
+	    # Copy across the old file
+	    while(<IN>) {
+		push @out, $_;
+		last if (/BEGIN ERROR CODES/);
+	    }
+	    close IN;
+	} else {
+	    push @out,
+"/* ====================================================================\n",
+" * Copyright (c) 2001-2002 The OpenSSL Project.  All rights reserved.\n",
+" *\n",
+" * Redistribution and use in source and binary forms, with or without\n",
+" * modification, are permitted provided that the following conditions\n",
+" * are met:\n",
+" *\n",
+" * 1. Redistributions of source code must retain the above copyright\n",
+" *    notice, this list of conditions and the following disclaimer. \n",
+" *\n",
+" * 2. Redistributions in binary form must reproduce the above copyright\n",
+" *    notice, this list of conditions and the following disclaimer in\n",
+" *    the documentation and/or other materials provided with the\n",
+" *    distribution.\n",
+" *\n",
+" * 3. All advertising materials mentioning features or use of this\n",
+" *    software must display the following acknowledgment:\n",
+" *    \"This product includes software developed by the OpenSSL Project\n",
+" *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)\"\n",
+" *\n",
+" * 4. The names \"OpenSSL Toolkit\" and \"OpenSSL Project\" must not be used to\n",
+" *    endorse or promote products derived from this software without\n",
+" *    prior written permission. For written permission, please contact\n",
+" *    openssl-core\@openssl.org.\n",
+" *\n",
+" * 5. Products derived from this software may not be called \"OpenSSL\"\n",
+" *    nor may \"OpenSSL\" appear in their names without prior written\n",
+" *    permission of the OpenSSL Project.\n",
+" *\n",
+" * 6. Redistributions of any form whatsoever must retain the following\n",
+" *    acknowledgment:\n",
+" *    \"This product includes software developed by the OpenSSL Project\n",
+" *    for use in the OpenSSL Toolkit (http://www.openssl.org/)\"\n",
+" *\n",
+" * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY\n",
+" * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\n",
+" * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n",
+" * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR\n",
+" * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n",
+" * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n",
+" * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\n",
+" * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n",
+" * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,\n",
+" * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)\n",
+" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED\n",
+" * OF THE POSSIBILITY OF SUCH DAMAGE.\n",
+" * ====================================================================\n",
+" *\n",
+" * This product includes cryptographic software written by Eric Young\n",
+" * (eay\@cryptsoft.com).  This product includes software written by Tim\n",
+" * Hudson (tjh\@cryptsoft.com).\n",
+" *\n",
+" */\n",
+"\n",
+"#ifndef HEADER_${lib}_ERR_H\n",
+"#define HEADER_${lib}_ERR_H\n",
+"\n",
+"/* BEGIN ERROR CODES */\n";
+	}
+	open (OUT, ">$hfile") || die "Can't Open File $hfile for writing\n";
+
+	print OUT @out;
+	undef @out;
+	print OUT <<"EOF";
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+EOF
+	if($static) {
+		print OUT <<"EOF";
+${staticloader}void ERR_load_${lib}_strings(void);
+
+EOF
+	} else {
+		print OUT <<"EOF";
+${staticloader}void ERR_load_${lib}_strings(void);
+${staticloader}void ERR_unload_${lib}_strings(void);
+${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line);
+#define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__)
+
+EOF
+	}
+	print OUT <<"EOF";
+/* Error codes for the $lib functions. */
+
+/* Function codes. */
+EOF
+
+	foreach $i (@function) {
+		$z=6-int(length($i)/8);
+		if($fcodes{$i} eq "X") {
+			$fcodes{$i} = ++$fmax{$lib};
+			print STDERR "New Function code $i\n" if $debug;
+		}
+		printf OUT "#define $i%s $fcodes{$i}\n","\t" x $z;
+	}
+
+	print OUT "\n/* Reason codes. */\n";
+
+	foreach $i (@reasons) {
+		$z=6-int(length($i)/8);
+		if($rcodes{$i} eq "X") {
+			$rcodes{$i} = ++$rmax{$lib};
+			print STDERR "New Reason code   $i\n" if $debug;
+		}
+		printf OUT "#define $i%s $rcodes{$i}\n","\t" x $z;
+	}
+	print OUT <<"EOF";
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+EOF
+	close OUT;
+
+	# Rewrite the C source file containing the error details.
+
+	# First, read any existing reason string definitions:
+	my %err_reason_strings;
+	if (open(IN,"<$cfile")) {
+		while (<IN>) {
+			if (/\b(${lib}_R_\w*)\b.*\"(.*)\"/) {
+				$err_reason_strings{$1} = $2;
+			}
+		}
+		close(IN);
+	}
+
+	my $hincf;
+	if($static) {
+		$hfile =~ /([^\/]+)$/;
+		$hincf = "<openssl/$1>";
+	} else {
+		$hincf = "\"$hfile\"";
+	}
+
+
+	open (OUT,">$cfile") || die "Can't open $cfile for writing";
+
+	print OUT <<"EOF";
+/* $cfile */
+/* ====================================================================
+ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core\@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay\@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh\@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include $hincf
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ${lib}_str_functs[]=
+	{
+EOF
+	# Add each function code: if a function name is found then use it.
+	foreach $i (@function) {
+		my $fn;
+		$i =~ /^${lib}_F_(\S+)$/;
+		$fn = $1;
+		if(exists $ftrans{$fn}) {
+			$fn = $ftrans{$fn};
+		}
+		print OUT "{ERR_PACK(0,$i,0),\t\"$fn\"},\n";
+	}
+	print OUT <<"EOF";
+{0,NULL}
+	};
+
+static ERR_STRING_DATA ${lib}_str_reasons[]=
+	{
+EOF
+	# Add each reason code.
+	foreach $i (@reasons) {
+		my $rn;
+		my $nspc = 0;
+		if (exists $err_reason_strings{$i}) {
+			$rn = $err_reason_strings{$i};
+		} else {
+			$i =~ /^${lib}_R_(\S+)$/;
+			$rn = $1;
+			$rn =~ tr/_[A-Z]/ [a-z]/;
+		}
+		$nspc = 40 - length($i) unless length($i) > 40;
+		$nspc = " " x $nspc;
+		print OUT "{${i}${nspc},\"$rn\"},\n";
+	}
+if($static) {
+	print OUT <<"EOF";
+{0,NULL}
+	};
+
+#endif
+
+${staticloader}void ERR_load_${lib}_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(ERR_LIB_${lib},${lib}_str_functs);
+		ERR_load_strings(ERR_LIB_${lib},${lib}_str_reasons);
+#endif
+
+		}
+	}
+EOF
+} else {
+	print OUT <<"EOF";
+{0,NULL}
+	};
+
+#endif
+
+#ifdef ${lib}_LIB_NAME
+static ERR_STRING_DATA ${lib}_lib_name[]=
+        {
+{0	,${lib}_LIB_NAME},
+{0,NULL}
+	};
+#endif
+
+
+static int ${lib}_lib_error_code=0;
+static int ${lib}_error_init=1;
+
+${staticloader}void ERR_load_${lib}_strings(void)
+	{
+	if (${lib}_lib_error_code == 0)
+		${lib}_lib_error_code=ERR_get_next_error_library();
+
+	if (${lib}_error_init)
+		{
+		${lib}_error_init=0;
+#ifndef OPENSSL_NO_ERR
+		ERR_load_strings(${lib}_lib_error_code,${lib}_str_functs);
+		ERR_load_strings(${lib}_lib_error_code,${lib}_str_reasons);
+#endif
+
+#ifdef ${lib}_LIB_NAME
+		${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code,0,0);
+		ERR_load_strings(0,${lib}_lib_name);
+#endif
+		}
+	}
+
+${staticloader}void ERR_unload_${lib}_strings(void)
+	{
+	if (${lib}_error_init == 0)
+		{
+#ifndef OPENSSL_NO_ERR
+		ERR_unload_strings(${lib}_lib_error_code,${lib}_str_functs);
+		ERR_unload_strings(${lib}_lib_error_code,${lib}_str_reasons);
+#endif
+
+#ifdef ${lib}_LIB_NAME
+		ERR_unload_strings(0,${lib}_lib_name);
+#endif
+		${lib}_error_init=1;
+		}
+	}
+
+${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line)
+	{
+	if (${lib}_lib_error_code == 0)
+		${lib}_lib_error_code=ERR_get_next_error_library();
+	ERR_PUT_error(${lib}_lib_error_code,function,reason,file,line);
+	}
+EOF
+
+}
+
+	close OUT;
+	undef %err_reason_strings;
+}
+
+if($debug && defined(%notrans)) {
+	print STDERR "The following function codes were not translated:\n";
+	foreach(sort keys %notrans)
+	{
+		print STDERR "$_\n";
+	}
+}
+
+# Make a list of unreferenced function and reason codes
+
+foreach (keys %fcodes) {
+	push (@funref, $_) unless exists $ufcodes{$_};
+}
+
+foreach (keys %rcodes) {
+	push (@runref, $_) unless exists $urcodes{$_};
+}
+
+if($debug && defined(@funref) ) {
+	print STDERR "The following function codes were not referenced:\n";
+	foreach(sort @funref)
+	{
+		print STDERR "$_\n";
+	}
+}
+
+if($debug && defined(@runref) ) {
+	print STDERR "The following reason codes were not referenced:\n";
+	foreach(sort @runref)
+	{
+		print STDERR "$_\n";
+	}
+}
diff --git a/util/mkfiles.pl b/util/mkfiles.pl
new file mode 100755
index 0000000000..70d1348a34
--- /dev/null
+++ b/util/mkfiles.pl
@@ -0,0 +1,119 @@
+#!/usr/local/bin/perl
+#
+# This is a hacked version of files.pl for systems that can't do a 'make files'.
+# Do a perl util/mkminfo.pl >MINFO to build MINFO
+# Written by Steve Henson 1999.
+
+# List of directories to process
+
+my @dirs = (
+".",
+"crypto",
+"crypto/md2",
+"crypto/md4",
+"crypto/md5",
+"crypto/sha",
+"crypto/mdc2",
+"crypto/hmac",
+"crypto/ripemd",
+"crypto/des",
+"crypto/rc2",
+"crypto/rc4",
+"crypto/rc5",
+"crypto/idea",
+"crypto/bf",
+"crypto/cast",
+"crypto/aes",
+"crypto/bn",
+"crypto/rsa",
+"crypto/dsa",
+"crypto/dso",
+"crypto/dh",
+"crypto/ec",
+"crypto/ecdh",
+"crypto/ecdsa",
+"crypto/buffer",
+"crypto/bio",
+"crypto/stack",
+"crypto/lhash",
+"crypto/rand",
+"crypto/err",
+"crypto/objects",
+"crypto/evp",
+"crypto/asn1",
+"crypto/pem",
+"crypto/x509",
+"crypto/x509v3",
+"crypto/conf",
+"crypto/txt_db",
+"crypto/pkcs7",
+"crypto/pkcs12",
+"crypto/comp",
+"crypto/engine",
+"crypto/ocsp",
+"crypto/ui",
+"crypto/krb5",
+"ssl",
+"apps",
+"test",
+"tools"
+);
+
+foreach (@dirs) {
+	&files_dir ($_, "Makefile.ssl");
+}
+
+exit(0);
+
+sub files_dir
+{
+my ($dir, $makefile) = @_;
+
+my %sym;
+
+open (IN, "$dir/$makefile") || die "Can't open $dir/$makefile";
+
+my $s="";
+
+while (<IN>)
+	{
+	chop;
+	s/#.*//;
+	if (/^(\S+)\s*=\s*(.*)$/)
+		{
+		$o="";
+		($s,$b)=($1,$2);
+		for (;;)
+			{
+			if ($b =~ /\\$/)
+				{
+				chop($b);
+				$o.=$b." ";
+				$b=<IN>;
+				chop($b);
+				}
+			else
+				{
+				$o.=$b." ";
+				last;
+				}
+			}
+		$o =~ s/^\s+//;
+		$o =~ s/\s+$//;
+		$o =~ s/\s+/ /g;
+
+		$o =~ s/\$[({]([^)}]+)[)}]/$sym{$1}/g;
+		$sym{$s}=$o;
+		}
+	}
+
+print "RELATIVE_DIRECTORY=$dir\n";
+
+foreach (sort keys %sym)
+	{
+	print "$_=$sym{$_}\n";
+	}
+print "RELATIVE_DIRECTORY=\n";
+
+close (IN);
+}
diff --git a/util/mklink.pl b/util/mklink.pl
new file mode 100755
index 0000000000..9386da7aa4
--- /dev/null
+++ b/util/mklink.pl
@@ -0,0 +1,69 @@
+#!/usr/local/bin/perl
+
+# mklink.pl
+
+# The first command line argument is a non-empty relative path
+# specifying the "from" directory.
+# Each other argument is a file name not containing / and
+# names a file in the current directory.
+#
+# For each of these files, we create in the "from" directory a link
+# of the same name pointing to the local file.
+#
+# We assume that the directory structure is a tree, i.e. that it does
+# not contain symbolic links and that the parent of / is never referenced.
+# Apart from this, this script should be able to handle even the most
+# pathological cases.
+
+my $from = shift;
+my @files = @ARGV;
+
+my @from_path = split(/[\\\/]/, $from);
+my $pwd = `pwd`;
+chop($pwd);
+my @pwd_path = split(/[\\\/]/, $pwd);
+
+my @to_path = ();
+
+my $dirname;
+foreach $dirname (@from_path) {
+
+    # In this loop, @to_path always is a relative path from
+    # @pwd_path (interpreted is an absolute path) to the original pwd.
+
+    # At the end, @from_path (as a relative path from the original pwd)
+    # designates the same directory as the absolute path @pwd_path,
+    # which means that @to_path then is a path from there to the original pwd.
+
+    next if ($dirname eq "" || $dirname eq ".");
+
+    if ($dirname eq "..") {
+	@to_path = (pop(@pwd_path), @to_path);
+    } else {
+	@to_path = ("..", @to_path);
+	push(@pwd_path, $dirname);
+    }
+}
+
+my $to = join('/', @to_path);
+
+my $file;
+$symlink_exists=eval {symlink("",""); 1};
+foreach $file (@files) {
+    my $err = "";
+    if ($symlink_exists) {
+	symlink("$to/$file", "$from/$file") or $err = " [$!]";
+    } else {
+	unlink "$from/$file"; 
+	open (OLD, "<$file") or die "Can't open $file: $!";
+	open (NEW, ">$from/$file") or die "Can't open $from/$file: $!";
+	binmode(OLD);
+	binmode(NEW);
+	while (<OLD>) {
+	    print NEW $_;
+	}
+	close (OLD) or die "Can't close $file: $!";
+	close (NEW) or die "Can't close $from/$file: $!";
+    }
+    print $file . " => $from/$file$err\n";
+}
diff --git a/util/mklink.sh b/util/mklink.sh
deleted file mode 100755
index 1e052ed6ee..0000000000
--- a/util/mklink.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/sh
-#
-# A bit of an ugly shell script used to actually 'link' files.
-# Used by 'make links'
-#
-
-PATH=$PATH:.:util:../util:../../util
-export PATH
-
-from=$1
-shift
-
-here=`pwd`
-tmp=`dirname $from`
-while [ "$tmp"x != "x" -a "$tmp"x != ".x" ]
-do
-	t=`basename $here`
-	here=`dirname $here`
-	to="/$t$to"
-	tmp=`dirname $tmp`
-done
-to=..$to
-
-#echo from=$from
-#echo to  =$to
-#exit 1
-
-if [ "$*"x != "x" ]; then
-	for i in $*
-	do
-		/bin/rm -f $from/$i
-		point.sh $to/$i $from/$i
-	done
-fi
-exit 0;
diff --git a/util/mkstack.pl b/util/mkstack.pl
new file mode 100755
index 0000000000..085c50f790
--- /dev/null
+++ b/util/mkstack.pl
@@ -0,0 +1,124 @@
+#!/usr/local/bin/perl -w
+
+# This is a utility that searches out "DECLARE_STACK_OF()"
+# declarations in .h and .c files, and updates/creates/replaces
+# the corresponding macro declarations in crypto/stack/safestack.h.
+# As it's not generally possible to have macros that generate macros,
+# we need to control this from the "outside", here in this script.
+#
+# Geoff Thorpe, June, 2000 (with massive Perl-hacking
+#                           help from Steve Robb)
+
+my $safestack = "crypto/stack/safestack";
+
+my $do_write;
+while (@ARGV) {
+	my $arg = $ARGV[0];
+	if($arg eq "-write") {
+		$do_write = 1;
+	}
+	shift @ARGV;
+}
+
+
+@source = (<crypto/*.[ch]>, <crypto/*/*.[ch]>, <ssl/*.[ch]>);
+foreach $file (@source) {
+	next if -l $file;
+
+	# Open the .c/.h file for reading
+	open(IN, "< $file") || die "Can't open $file for reading: $!";
+
+	while(<IN>) {
+		if (/^DECLARE_STACK_OF\(([^)]+)\)/) {
+			push @stacklst, $1;
+		} if (/^DECLARE_ASN1_SET_OF\(([^)]+)\)/) {
+			push @asn1setlst, $1;
+		} if (/^DECLARE_PKCS12_STACK_OF\(([^)]+)\)/) {
+			push @p12stklst, $1;
+		}
+	}
+	close(IN);
+}
+
+
+
+my $old_stackfile = "";
+my $new_stackfile = "";
+my $inside_block = 0;
+my $type_thing;
+
+open(IN, "< $safestack.h") || die "Can't open input file: $!";
+while(<IN>) {
+	$old_stackfile .= $_;
+
+	if (m|^/\* This block of defines is updated by util/mkstack.pl, please do not touch! \*/|) {
+		$inside_block = 1;
+	}
+	if (m|^/\* End of util/mkstack.pl block, you may now edit :-\) \*/|) {
+		$inside_block = 0;
+	} elsif ($inside_block == 0) {
+		$new_stackfile .= $_;
+	}
+	next if($inside_block != 1);
+	$new_stackfile .= "/* This block of defines is updated by util/mkstack.pl, please do not touch! */";
+		
+	foreach $type_thing (sort @stacklst) {
+		$new_stackfile .= <<EOF;
+
+#define sk_${type_thing}_new(st) SKM_sk_new($type_thing, (st))
+#define sk_${type_thing}_new_null() SKM_sk_new_null($type_thing)
+#define sk_${type_thing}_free(st) SKM_sk_free($type_thing, (st))
+#define sk_${type_thing}_num(st) SKM_sk_num($type_thing, (st))
+#define sk_${type_thing}_value(st, i) SKM_sk_value($type_thing, (st), (i))
+#define sk_${type_thing}_set(st, i, val) SKM_sk_set($type_thing, (st), (i), (val))
+#define sk_${type_thing}_zero(st) SKM_sk_zero($type_thing, (st))
+#define sk_${type_thing}_push(st, val) SKM_sk_push($type_thing, (st), (val))
+#define sk_${type_thing}_unshift(st, val) SKM_sk_unshift($type_thing, (st), (val))
+#define sk_${type_thing}_find(st, val) SKM_sk_find($type_thing, (st), (val))
+#define sk_${type_thing}_delete(st, i) SKM_sk_delete($type_thing, (st), (i))
+#define sk_${type_thing}_delete_ptr(st, ptr) SKM_sk_delete_ptr($type_thing, (st), (ptr))
+#define sk_${type_thing}_insert(st, val, i) SKM_sk_insert($type_thing, (st), (val), (i))
+#define sk_${type_thing}_set_cmp_func(st, cmp) SKM_sk_set_cmp_func($type_thing, (st), (cmp))
+#define sk_${type_thing}_dup(st) SKM_sk_dup($type_thing, st)
+#define sk_${type_thing}_pop_free(st, free_func) SKM_sk_pop_free($type_thing, (st), (free_func))
+#define sk_${type_thing}_shift(st) SKM_sk_shift($type_thing, (st))
+#define sk_${type_thing}_pop(st) SKM_sk_pop($type_thing, (st))
+#define sk_${type_thing}_sort(st) SKM_sk_sort($type_thing, (st))
+EOF
+	}
+	foreach $type_thing (sort @asn1setlst) {
+		$new_stackfile .= <<EOF;
+
+#define d2i_ASN1_SET_OF_${type_thing}(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \\
+	SKM_ASN1_SET_OF_d2i($type_thing, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_${type_thing}(st, pp, i2d_func, ex_tag, ex_class, is_set) \\
+	SKM_ASN1_SET_OF_i2d($type_thing, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_${type_thing}(st, i2d_func, buf, len) \\
+	SKM_ASN1_seq_pack($type_thing, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_${type_thing}(buf, len, d2i_func, free_func) \\
+	SKM_ASN1_seq_unpack($type_thing, (buf), (len), (d2i_func), (free_func))
+EOF
+	}
+	foreach $type_thing (sort @p12stklst) {
+		$new_stackfile .= <<EOF;
+
+#define PKCS12_decrypt_d2i_${type_thing}(algor, d2i_func, free_func, pass, passlen, oct, seq) \\
+	SKM_PKCS12_decrypt_d2i($type_thing, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq))
+EOF
+	}
+	$new_stackfile .= "/* End of util/mkstack.pl block, you may now edit :-) */\n";
+	$inside_block = 2;
+}
+
+
+if ($new_stackfile eq $old_stackfile) {
+	print "No changes to $safestack.h.\n";
+	exit 0; # avoid unnecessary rebuild
+}
+
+if ($do_write) {
+	print "Writing new $safestack.h.\n";
+	open OUT, ">$safestack.h" || die "Can't open output file";
+	print OUT $new_stackfile;
+	close OUT;
+}
diff --git a/util/perlpath.pl b/util/perlpath.pl
index 0aa5ada367..a1f236bd98 100755
--- a/util/perlpath.pl
+++ b/util/perlpath.pl
@@ -17,7 +17,12 @@ sub wanted
 	@a=<IN>;
 	close(IN);
 
-	$a[0]="#!$ARGV[0]/perl\n";
+	if (-d $ARGV[0]) {
+		$a[0]="#!$ARGV[0]/perl\n";
+	}
+	else {
+		$a[0]="#!$ARGV[0]\n";
+	}
 
 	# Playing it safe...
 	$new="$_.new";
diff --git a/util/pl/BC-16.pl b/util/pl/BC-16.pl
index 6c6df4fe0b..2033f524ca 100644
--- a/util/pl/BC-16.pl
+++ b/util/pl/BC-16.pl
@@ -21,14 +21,14 @@ $lflags="$base_lflags";
 if ($win16)
 	{
 	$shlib=1;
-	$cflags.=" -DWINDOWS -DWIN16";
+	$cflags.=" -DOPENSSL_SYSNAME_WIN16";
 	$app_cflag="-W";
 	$lib_cflag="-WD";
 	$lflags.="/Twe";
 	}
 else
 	{
-	$cflags.=" -DMSDOS";
+	$cflags.=" -DOENSSL_SYSNAME_MSDOS";
 	$lflags.=" /Tde";
 	}
 
diff --git a/util/pl/BC-32.pl b/util/pl/BC-32.pl
index d1dcadd94e..e83b336190 100644
--- a/util/pl/BC-32.pl
+++ b/util/pl/BC-32.pl
@@ -1,102 +1,120 @@
 #!/usr/local/bin/perl
-# VCw16lib.pl - the file for Visual C++ 1.52b for windows, static libraries
+# Borland C++ builder 3 and 4 -- Janez Jere <jj@void.si>
 #
 
+$ssl=	"ssleay32";
+$crypto="libeay32";
+
 $o='\\';
 $cp='copy';
 $rm='del';
 
 # C compiler stuff
 $cc='bcc32';
-
+$lflags="-ap -Tpe -x -Gn ";
+$mlflags='';
+
+$out_def="out32";
+$tmp_def="tmp32";
+$inc_def="inc32";
+#enable max error messages, disable most common warnings
+$cflags="-DWIN32_LEAN_AND_MEAN -q -w-aus -w-par -w-inl  -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp ";
 if ($debug)
-	{ $op="-v "; }
-else	{ $op="-O "; }
-
-$cflags="-d $op -DL_ENDIAN ";
-# I add the stack opt
-$base_lflags="-c";
-$lflags="$base_lflags";
-
-$cflags.=" -DWINDOWS -DWIN32";
-$app_cflag="-WC";
-$lib_cflag="-WC";
-$lflags.=" -Tpe";
-
-if ($shlib)
-	{
-	$mlflags="$base_lflags -Tpe"; # stack if defined in .def file
-	$libs="libw ldllcew";
-	}
+{
+    $cflags.="-Od -y -v -vi- -D_DEBUG";
+    $mlflags.=' ';
+}
 else
-	{ $mlflags=''; }
+{
+    $cflags.="-O2 -ff -fp";
+}
 
 $obj='.obj';
 $ofile="-o";
 
 # EXE linking stuff
-$link="tlink32";
+$link="ilink32";
 $efile="";
 $exep='.exe';
-$ex_libs="CW32.LIB IMPORT32.LIB";
-$ex_libs.=$no_sock?"":" wsock32.lib";
-$shlib_ex_obj="" if $shlib;
-$app_ex_obj="C0X32.OBJ";
+if ($no_sock)
+	{ $ex_libs=""; }
+else	{ $ex_libs="cw32mt.lib import32.lib"; }
 
 # static library stuff
-$mklib='tlib';
+$mklib='tlib /P64';
 $ranlib='';
 $plib="";
 $libp=".lib";
 $shlibp=($shlib)?".dll":".lib";
 $lfile='';
 
-$asm='ml /Cp /c /Cx';
-$afile='/Fo';
-if ($noasm)
+$shlib_ex_obj="";
+$app_ex_obj="c0x32.obj"; 
+
+$asm='nasmw -f obj';
+$asm.=" /Zi" if $debug;
+$afile='-o';
+
+$bn_mulw_obj='';
+$bn_mulw_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+
+if (!$no_asm)
 	{
-	$bn_asm_obj='';
-	$bn_asm_src='';
+	$bn_mulw_obj='crypto\bn\asm\bn_win32.obj';
+	$bn_mulw_src='crypto\bn\asm\bn_win32.asm';
+	$des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj';
+	$des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm';
+	$bf_enc_obj='crypto\bf\asm\b_win32.obj';
+	$bf_enc_src='crypto\bf\asm\b_win32.asm';
+	$cast_enc_obj='crypto\cast\asm\c_win32.obj';
+	$cast_enc_src='crypto\cast\asm\c_win32.asm';
+	$rc4_enc_obj='crypto\rc4\asm\r4_win32.obj';
+	$rc4_enc_src='crypto\rc4\asm\r4_win32.asm';
+	$rc5_enc_obj='crypto\rc5\asm\r5_win32.obj';
+	$rc5_enc_src='crypto\rc5\asm\r5_win32.asm';
+	$md5_asm_obj='crypto\md5\asm\m5_win32.obj';
+	$md5_asm_src='crypto\md5\asm\m5_win32.asm';
+	$sha1_asm_obj='crypto\sha\asm\s1_win32.obj';
+	$sha1_asm_src='crypto\sha\asm\s1_win32.asm';
+	$rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj';
+	$rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm';
+	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
 	}
-else
+
+if ($shlib)
 	{
-	$bn_asm_obj='crypto\bn\asm\x86b32.obj';
-	$bn_asm_src='crypto\bn\asm\x86m32.asm';
+	$mlflags.=" $lflags /dll";
+#	$cflags =~ s| /MD| /MT|;
+	$lib_cflag=" /GD -D_WINDLL -D_DLL";
+	$out_def="out32dll";
+	$tmp_def="tmp32dll";
 	}
 
 sub do_lib_rule
 	{
-	local($target,$name,$shlib)=@_;
+	local($objs,$target,$name,$shlib)=@_;
 	local($ret,$Name);
 
 	$taget =~ s/\//$o/g if $o ne '/';
 	($Name=$name) =~ tr/a-z/A-Z/;
 
-	$ret.="$target: \$(${Name}OBJ)\n";
-	$ret.="\t\$(RM) \$(O_$Name)\n";
-
-	# Due to a pathetic line length limit, I unwrap the args.
-	local($lib_names)="";
-	local($dll_names)="";
-	foreach $_ (sort split(/\s+/,$Vars{"${Name}OBJ"}))
-		{
-		$lib_names.="  +$_ &\n";
-		$dll_names.="  $_\n";
-		}
-
+#	$target="\$(LIB_D)$o$target";
+	$ret.="$target: $objs\n";
 	if (!$shlib)
 		{
-		$ret.="\t\$(MKLIB) $target & <<|\n$lib_names\n,\n|\n";
+		#		$ret.="\t\$(RM) \$(O_$Name)\n";
+		$ret.="\techo LIB $<\n";    
+                $ret.="\t&\$(MKLIB) $lfile$target -+\$**\n";
 		}
 	else
 		{
-		# $(SHLIB_EX_OBJ)
-		local($ex)=($Name eq "SSL")?' $(L_CRYPTO) winsock':"";
-		$ret.="\t\$(LINK) \$(MLFLAGS) @&&|\n";
-		$ret.=$dll_names;
-		$ret.="\n  $target\n\n  $ex $libs\nms$o${name}16.def;\n|\n";
-		($out_lib=$target) =~ s/O_/L_/;
-		$ret.="\timplib /nowep $out_lib $target\n\n";
+		local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+		$ex.=' wsock32.lib gdi32.lib';
+		$ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
 		}
 	$ret.="\n";
 	return($ret);
@@ -105,30 +123,12 @@ sub do_lib_rule
 sub do_link_rule
 	{
 	local($target,$files,$dep_libs,$libs)=@_;
-	local($ret,$f,$_,@f);
+	local($ret,$_);
 	
 	$file =~ s/\//$o/g if $o ne '/';
 	$n=&bname($targer);
 	$ret.="$target: $files $dep_libs\n";
-	$ret.="  \$(LINK) @&&|";
-	
-	# Due to a pathetic line length limit, I have to unwrap the args.
-	$r="  \$(LFLAGS) ";
-	if ($files =~ /\(([^)]*)\)$/)
-		{
-		@a=('$(APP_EX_OBJ)');
-		push(@a,sort split(/\s+/,$Vars{$1}));
-		foreach $_ (@a)
-			{
-			$ret.="\n  $r $_ +";
-			$r="";
-			}
-		chop($ret);
-		$ret.="\n";
-		}
-	else
-		{ $ret.="\n $r \$(APP_EX_OBJ) $files\n"; }
-	$ret.="  $target\n\n  $libs\n\n|\n\n";
+	$ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n";
 	return($ret);
 	}
 
diff --git a/util/pl/Mingw32.pl b/util/pl/Mingw32.pl
new file mode 100644
index 0000000000..45ab685974
--- /dev/null
+++ b/util/pl/Mingw32.pl
@@ -0,0 +1,104 @@
+#!/usr/local/bin/perl
+#
+# Mingw32.pl -- Mingw32 with GNU cp (Mingw32f.pl uses DOS tools) 
+#
+
+$o='/';
+$cp='cp';
+$rm='rem'; # use 'rm -f' if using GNU file utilities
+$mkdir='gmkdir';
+
+# gcc wouldn't accept backslashes in paths
+#$o='\\';
+#$cp='copy';
+#$rm='del';
+
+# C compiler stuff
+
+$cc='gcc';
+if ($debug)
+	{ $cflags="-DL_ENDIAN -DDSO_WIN32 -g2 -ggdb"; }
+else
+	{ $cflags="-DL_ENDIAN -DDSO_WIN32 -fomit-frame-pointer -O3 -m486 -Wall"; }
+
+if ($gaswin and !$no_asm)
+	{
+        $bn_asm_obj='$(OBJ_D)/bn-win32.o';
+        $bn_asm_src='crypto/bn/asm/bn-win32.s';
+        $bnco_asm_obj='$(OBJ_D)/co-win32.o';
+        $bnco_asm_src='crypto/bn/asm/co-win32.s';
+        $des_enc_obj='$(OBJ_D)/d-win32.o $(OBJ_D)/y-win32.o';
+        $des_enc_src='crypto/des/asm/d-win32.s crypto/des/asm/y-win32.s';
+        $bf_enc_obj='$(OBJ_D)/b-win32.o';
+        $bf_enc_src='crypto/bf/asm/b-win32.s';
+#       $cast_enc_obj='$(OBJ_D)/c-win32.o';
+#       $cast_enc_src='crypto/cast/asm/c-win32.s';
+        $rc4_enc_obj='$(OBJ_D)/r4-win32.o';
+        $rc4_enc_src='crypto/rc4/asm/r4-win32.s';
+        $rc5_enc_obj='$(OBJ_D)/r5-win32.o';
+        $rc5_enc_src='crypto/rc5/asm/r5-win32.s';
+        $md5_asm_obj='$(OBJ_D)/m5-win32.o';
+        $md5_asm_src='crypto/md5/asm/m5-win32.s';
+        $rmd160_asm_obj='$(OBJ_D)/rm-win32.o';
+        $rmd160_asm_src='crypto/ripemd/asm/rm-win32.s';
+        $sha1_asm_obj='$(OBJ_D)/s1-win32.o';
+        $sha1_asm_src='crypto/sha/asm/s1-win32.s';
+	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM";
+	}
+
+
+$obj='.o';
+$ofile='-o ';
+
+# EXE linking stuff
+$link='${CC}';
+$lflags='${CFLAGS}';
+$efile='-o ';
+$exep='';
+$ex_libs="-lwsock32 -lgdi32";
+
+# static library stuff
+$mklib='ar r';
+$mlflags='';
+$ranlib='ranlib';
+$plib='lib';
+$libp=".a";
+$shlibp=".a";
+$lfile='';
+
+$asm='as';
+$afile='-o ';
+#$bn_asm_obj="";
+#$bn_asm_src="";
+#$des_enc_obj="";
+#$des_enc_src="";
+#$bf_enc_obj="";
+#$bf_enc_src="";
+
+sub do_lib_rule
+	{
+	local($obj,$target,$name,$shlib)=@_;
+	local($ret,$_,$Name);
+
+	$target =~ s/\//$o/g if $o ne '/';
+	$target="$target";
+	($Name=$name) =~ tr/a-z/A-Z/;
+
+	$ret.="$target: \$(${Name}OBJ)\n";
+	$ret.="\t\$(RM) $target\n";
+	$ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
+	$ret.="\t\$(RANLIB) $target\n\n";
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$_);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($target);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+	return($ret);
+	}
+1;
diff --git a/util/pl/Mingw32f.pl b/util/pl/Mingw32f.pl
new file mode 100644
index 0000000000..44f5673d7a
--- /dev/null
+++ b/util/pl/Mingw32f.pl
@@ -0,0 +1,73 @@
+#!/usr/local/bin/perl
+#
+# Mingw32f.pl -- copy files; Mingw32.pl is needed to do the compiling. 
+#
+
+$o='\\';
+$cp='copy';
+$rm='del';
+
+# C compiler stuff
+
+$cc='gcc';
+if ($debug)
+	{ $cflags="-g2 -ggdb -DDSO_WIN32"; }
+else
+	{ $cflags="-O3 -fomit-frame-pointer -DDSO_WIN32"; }
+
+$obj='.o';
+$ofile='-o ';
+
+# EXE linking stuff
+$link='${CC}';
+$lflags='${CFLAGS}';
+$efile='-o ';
+$exep='';
+$ex_libs="-lwsock32 -lgdi32";
+
+# static library stuff
+$mklib='ar r';
+$mlflags='';
+$ranlib='ranlib';
+$plib='lib';
+$libp=".a";
+$shlibp=".a";
+$lfile='';
+
+$asm='as';
+$afile='-o ';
+$bn_asm_obj="";
+$bn_asm_src="";
+$des_enc_obj="";
+$des_enc_src="";
+$bf_enc_obj="";
+$bf_enc_src="";
+
+sub do_lib_rule
+	{
+	local($obj,$target,$name,$shlib)=@_;
+	local($ret,$_,$Name);
+
+	$target =~ s/\//$o/g if $o ne '/';
+	$target="$target";
+	($Name=$name) =~ tr/a-z/A-Z/;
+
+	$ret.="$target: \$(${Name}OBJ)\n";
+	$ret.="\t\$(RM) $target\n";
+	$ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
+	$ret.="\t\$(RANLIB) $target\n\n";
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$_);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($target);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="\t\$(LINK) ${efile}$target \$(LFLAGS) $files $libs\n\n";
+	return($ret);
+	}
+1;
+
diff --git a/util/pl/OS2-EMX.pl b/util/pl/OS2-EMX.pl
new file mode 100644
index 0000000000..d695dda623
--- /dev/null
+++ b/util/pl/OS2-EMX.pl
@@ -0,0 +1,117 @@
+#!/usr/local/bin/perl
+#
+# OS2-EMX.pl - for EMX GCC on OS/2
+#
+
+$o='\\';
+$cp='copy';
+$rm='rm -f';
+
+# C compiler stuff
+
+$cc='gcc';
+$cflags="-DL_ENDIAN -O3 -fomit-frame-pointer -m486 -Zmtd -Wall ";
+$cflags.="-Zomf " if $shlib;
+$shl_cflag="-Zdll";
+
+if ($debug) { 
+	$cflags.="-g "; 
+}
+
+$obj=$shlib ? '.obj' : '.o';
+$ofile='-o ';
+
+# EXE linking stuff
+$link='${CC}';
+$lflags='${CFLAGS} -Zbsd-signals -s';
+$efile='-o ';
+$exep='.exe';
+$ex_libs="-lsocket";
+
+# static library stuff
+$mklib='ar r';
+$mlflags='';
+$ranlib="ar s";
+$plib='';
+$libp=$shlib ? ".lib" : ".a";
+$shlibp=$shlib ? ".dll" : ".a";
+$lfile='';
+
+$asm=$shlib ? 'as -Zomf' : 'as';
+$afile='-o ';
+$bn_asm_obj="";
+$bn_asm_src="";
+$des_enc_obj="";
+$des_enc_src="";
+$bf_enc_obj="";
+$bf_enc_src="";
+
+if (!$no_asm)
+	{
+	$bn_asm_obj="crypto\\bn\\asm\\bn-os2$obj crypto\\bn\\asm\\co-os2$obj";
+	$bn_asm_src="crypto\\bn\\asm\\bn-os2.asm crypto\\bn\\asm\\co-os2.asm";
+	$des_enc_obj="crypto\\des\\asm\\d-os2$obj crypto\\des\\asm\\y-os2$obj";
+	$des_enc_src="crypto\\des\\asm\\d-os2.asm crypto\\des\\asm\\y-os2.asm";
+	$bf_enc_obj="crypto\\bf\\asm\\b-os2$obj";
+	$bf_enc_src="crypto\\bf\\asm\\b-os2.asm";
+	$cast_enc_obj="crypto\\cast\\asm\\c-os2$obj";
+	$cast_enc_src="crypto\\cast\\asm\\c-os2.asm";
+	$rc4_enc_obj="crypto\\rc4\\asm\\r4-os2$obj";
+	$rc4_enc_src="crypto\\rc4\\asm\\r4-os2.asm";
+	$rc5_enc_obj="crypto\\rc5\\asm\\r5-os2$obj";
+	$rc5_enc_src="crypto\\rc5\\asm\\r5-os2.asm";
+	$md5_asm_obj="crypto\\md5\\asm\\m5-os2$obj";
+	$md5_asm_src="crypto\\md5\\asm\\m5-os2.asm";
+	$sha1_asm_obj="crypto\\sha\\asm\\s1-os2$obj";
+	$sha1_asm_src="crypto\\sha\\asm\\s1-os2.asm";
+	$rmd160_asm_obj="crypto\\ripemd\\asm\\rm-os2$obj";
+	$rmd160_asm_src="crypto\\ripemd\\asm\\rm-os2.asm";
+	}
+
+if ($shlib)
+	{
+	$mlflags.=" $lflags -Zdll";
+	$lib_cflag=" -D_DLL";
+	$out_def="out_dll";
+	$tmp_def="tmp_dll";
+	}
+
+sub do_lib_rule
+	{
+	local($obj,$target,$name,$shlib)=@_;
+	local($ret,$_,$Name);
+
+	$target =~ s/\//$o/g if $o ne '/';
+	$target="$target";
+	($Name=$name) =~ tr/a-z/A-Z/;
+
+	$ret.="$target: \$(${Name}OBJ)\n";
+	if (!$shlib) 
+		{
+		$ret.="\t\$(RM) $target\n";
+		$ret.="\t\$(MKLIB) $target \$(${Name}OBJ)\n";
+		$ret.="\t\$(RANLIB) $target\n\n";
+		}
+	else
+		{
+		local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+		$ex.=' -lsocket';
+		$ret.="\t\$(LINK) \$(SHLIB_CFLAGS) \$(MLFLAGS) $efile$target \$(SHLIB_EX_OBJ) \$(${Name}OBJ) $ex os2/${Name}.def\n";
+		$ret.="\temximp -o $out_def/$name.a os2/${Name}.def\n";
+		$ret.="\temximp -o $out_def/$name.lib os2/${Name}.def\n\n";
+		}
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$_);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($target);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="\t\$(LINK) ${efile}$target \$(CFLAG) \$(LFLAGS) $files $libs\n\n";
+	return($ret);
+	}
+
+1;
diff --git a/util/pl/VC-16.pl b/util/pl/VC-16.pl
index a5079d4ca7..7cda5e67a9 100644
--- a/util/pl/VC-16.pl
+++ b/util/pl/VC-16.pl
@@ -4,7 +4,6 @@
 
 $ssl=	"ssleay16";
 $crypto="libeay16";
-$RSAref="RSAref16";
 
 $o='\\';
 $cp='copy';
@@ -34,7 +33,7 @@ $lflags="$base_lflags /STACK:20000";
 
 if ($win16)
 	{
-	$cflags.=" -DWINDOWS -DWIN16";
+	$cflags.=" -DOPENSSL_SYSNAME_WIN16";
 	$app_cflag="/Gw /FPi87";
 	$lib_cflag="/Gw";
 	$lib_cflag.=" -D_WINDLL -D_DLL" if $shlib;
diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl
index 9167abfce5..17d7448faf 100644
--- a/util/pl/VC-32.pl
+++ b/util/pl/VC-32.pl
@@ -4,15 +4,14 @@
 
 $ssl=	"ssleay32";
 $crypto="libeay32";
-$RSAref="RSAref32";
 
 $o='\\';
-$cp='"copy /b nul+ "';	# Timestamps get stuffed otherwise
+$cp='copy nul+';	# Timestamps get stuffed otherwise
 $rm='del';
 
 # C compiler stuff
 $cc='cl';
-$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN';
+$cflags=' /MD /W3 /WX /G5 /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32';
 $lflags="/nologo /subsystem:console /machine:I386 /opt:ref";
 $mlflags='';
 
@@ -22,16 +21,18 @@ $inc_def="inc32";
 
 if ($debug)
 	{
-	$cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWINDOWS -DWIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG";
+	$cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DOPENSSL_SYSNAME_WIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32";
 	$lflags.=" /debug";
 	$mlflags.=' /debug';
 	}
+$cflags .= " -DOPENSSL_SYSNAME_WINNT" if $NT == 1;
 
 $obj='.obj';
 $ofile="/Fo";
 
 # EXE linking stuff
 $link="link";
+$rsc="rc";
 $efile="/out:";
 $exep='.exe';
 if ($no_sock)
@@ -48,10 +49,14 @@ $lfile='/out:';
 
 $shlib_ex_obj="";
 $app_ex_obj="setargv.obj";
-
-$asm='ml /Cp /coff /c /Cx';
-$asm.=" /Zi" if $debug;
-$afile='/Fo';
+if ($nasm) {
+	$asm='nasmw -f win32';
+	$afile='-o ';
+} else {
+	$asm='ml /Cp /coff /c /Cx';
+	$asm.=" /Zi" if $debug;
+	$afile='/Fo';
+}
 
 $bn_asm_obj='';
 $bn_asm_src='';
@@ -62,24 +67,24 @@ $bf_enc_src='';
 
 if (!$no_asm)
 	{
-	$bn_asm_obj='crypto\bn\asm\bn-win32.obj';
-	$bn_asm_src='crypto\bn\asm\bn-win32.asm';
-	$des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj';
-	$des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm';
-	$bf_enc_obj='crypto\bf\asm\b-win32.obj';
-	$bf_enc_src='crypto\bf\asm\b-win32.asm';
-	$cast_enc_obj='crypto\cast\asm\c-win32.obj';
-	$cast_enc_src='crypto\cast\asm\c-win32.asm';
-	$rc4_enc_obj='crypto\rc4\asm\r4-win32.obj';
-	$rc4_enc_src='crypto\rc4\asm\r4-win32.asm';
-	$rc5_enc_obj='crypto\rc5\asm\r5-win32.obj';
-	$rc5_enc_src='crypto\rc5\asm\r5-win32.asm';
-	$md5_asm_obj='crypto\md5\asm\m5-win32.obj';
-	$md5_asm_src='crypto\md5\asm\m5-win32.asm';
-	$sha1_asm_obj='crypto\sha\asm\s1-win32.obj';
-	$sha1_asm_src='crypto\sha\asm\s1-win32.asm';
-	$rmd160_asm_obj='crypto\ripemd\asm\rm-win32.obj';
-	$rmd160_asm_src='crypto\ripemd\asm\rm-win32.asm';
+	$bn_asm_obj='crypto\bn\asm\bn_win32.obj';
+	$bn_asm_src='crypto\bn\asm\bn_win32.asm';
+	$des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj';
+	$des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm';
+	$bf_enc_obj='crypto\bf\asm\b_win32.obj';
+	$bf_enc_src='crypto\bf\asm\b_win32.asm';
+	$cast_enc_obj='crypto\cast\asm\c_win32.obj';
+	$cast_enc_src='crypto\cast\asm\c_win32.asm';
+	$rc4_enc_obj='crypto\rc4\asm\r4_win32.obj';
+	$rc4_enc_src='crypto\rc4\asm\r4_win32.asm';
+	$rc5_enc_obj='crypto\rc5\asm\r5_win32.obj';
+	$rc5_enc_src='crypto\rc5\asm\r5_win32.asm';
+	$md5_asm_obj='crypto\md5\asm\m5_win32.obj';
+	$md5_asm_src='crypto\md5\asm\m5_win32.asm';
+	$sha1_asm_obj='crypto\sha\asm\s1_win32.obj';
+	$sha1_asm_src='crypto\sha\asm\s1_win32.asm';
+	$rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj';
+	$rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm';
 	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
 	}
 
@@ -87,7 +92,7 @@ if ($shlib)
 	{
 	$mlflags.=" $lflags /dll";
 #	$cflags =~ s| /MD| /MT|;
-	$lib_cflag=" /GD -D_WINDLL -D_DLL";
+	$lib_cflag=" -D_WINDLL";
 	$out_def="out32dll";
 	$tmp_def="tmp32dll";
 	}
@@ -107,12 +112,13 @@ sub do_lib_rule
 	if (!$shlib)
 		{
 #		$ret.="\t\$(RM) \$(O_$Name)\n";
-		$ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs\n<<\n";
+		$ex =' advapi32.lib';
+		$ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs $ex\n<<\n";
 		}
 	else
 		{
 		local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
-		$ex.=' wsock32.lib gdi32.lib';
+		$ex.=' wsock32.lib gdi32.lib advapi32.lib';
 		$ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
 		}
 	$ret.="\n";
diff --git a/util/pl/VC-CE.pl b/util/pl/VC-CE.pl
new file mode 100644
index 0000000000..1805ef9d97
--- /dev/null
+++ b/util/pl/VC-CE.pl
@@ -0,0 +1,111 @@
+#!/usr/local/bin/perl
+# VC-CE.pl - the file for eMbedded Visual C++ 3.0 for windows CE, static libraries
+#
+
+$ssl=	"ssleay32";
+$crypto="libeay32";
+$RSAref="RSAref32";
+
+$o='\\';
+$cp='copy nul+';	# Timestamps get stuffed otherwise
+$rm='del';
+
+# C compiler stuff
+$cc='$(CC)';
+$cflags=' /W3 /WX /Ox /O2 /Ob2 /Gs0 /GF /Gy /nologo $(WCETARGETDEFS) -DUNICODE -D_UNICODE -DWIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -I$(WCECOMPAT)/include';
+$lflags='/nologo /subsystem:windowsce,$(WCELDVERSION) /machine:$(WCELDMACHINE) /opt:ref';
+$mlflags='';
+
+$out_def='out32_$(TARGETCPU)';
+$tmp_def='tmp32_$(TARGETCPU)';
+$inc_def="inc32";
+
+if ($debug)
+	{
+	$cflags=" /MDd /W3 /WX /Zi /Yd /Od /nologo -DWIN32 -D_DEBUG -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -DDEBUG -DDSO_WIN32";
+	$lflags.=" /debug";
+	$mlflags.=' /debug';
+	}
+
+$obj='.obj';
+$ofile="/Fo";
+
+# EXE linking stuff
+$link="link";
+$efile="/out:";
+$exep='.exe';
+if ($no_sock)
+	{ $ex_libs=""; }
+else	{ $ex_libs='winsock.lib $(WCECOMPAT)/lib/wcecompatex.lib $(WCELDFLAGS)'; }
+
+# static library stuff
+$mklib='lib';
+$ranlib='';
+$plib="";
+$libp=".lib";
+$shlibp=($shlib)?".dll":".lib";
+$lfile='/out:';
+
+$shlib_ex_obj="";
+#$app_ex_obj="setargv.obj";
+$app_ex_obj="";
+
+$bn_asm_obj='';
+$bn_asm_src='';
+$des_enc_obj='';
+$des_enc_src='';
+$bf_enc_obj='';
+$bf_enc_src='';
+
+if ($shlib)
+	{
+	$mlflags.=" $lflags /dll";
+#	$cflags =~ s| /MD| /MT|;
+	$lib_cflag=" -D_WINDLL -D_DLL";
+	$out_def='out32dll_$(TARGETCPU)';
+	$tmp_def='tmp32dll_$(TARGETCPU)';
+	}
+
+$cflags.=" /Fd$out_def";
+
+sub do_lib_rule
+	{
+	local($objs,$target,$name,$shlib)=@_;
+	local($ret,$Name);
+
+	$taget =~ s/\//$o/g if $o ne '/';
+	($Name=$name) =~ tr/a-z/A-Z/;
+
+#	$target="\$(LIB_D)$o$target";
+	$ret.="$target: $objs\n";
+	if (!$shlib)
+		{
+#		$ret.="\t\$(RM) \$(O_$Name)\n";
+		$ex =' ';
+		$ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs $ex\n<<\n";
+		}
+	else
+		{
+		local($ex)=($target =~ /O_SSL/)?' $(L_CRYPTO)':'';
+#		$ex.=' winsock.lib coredll.lib $(WCECOMPAT)/lib/wcecompatex.lib';
+		$ex.=' winsock.lib $(WCECOMPAT)/lib/wcecompatex.lib';
+		$ret.="\t\$(LINK) \$(MLFLAGS) $efile$target /def:ms/${Name}.def @<<\n  \$(SHLIB_EX_OBJ) $objs $ex\n<<\n";
+		}
+	$ret.="\n";
+	return($ret);
+	}
+
+sub do_link_rule
+	{
+	local($target,$files,$dep_libs,$libs)=@_;
+	local($ret,$_);
+	
+	$file =~ s/\//$o/g if $o ne '/';
+	$n=&bname($targer);
+	$ret.="$target: $files $dep_libs\n";
+	$ret.="  \$(LINK) \$(LFLAGS) $efile$target @<<\n";
+	$ret.="  \$(APP_EX_OBJ) $files $libs\n<<\n\n";
+	return($ret);
+	}
+
+1;
diff --git a/util/pl/f b/util/pl/f
deleted file mode 100644
index a280b70550..0000000000
--- a/util/pl/f
+++ /dev/null
@@ -1,17 +0,0 @@
-# do a rule for each file that says 'copy' to new direcory on change
-sub do_copy_rule
-	{
-	local($to,$files,$p)=@_;
-	local($ret,$_,$n,$pp);
-	
-	$files =~ s/\//$o/g if $o ne '/';
-	foreach (split(/\s+/,$files))
-		{
-		$n=&bname($_);
-		if ($n =~ /bss_file/)
-			{ $pp=".c"; }
-		else	{ $pp=$p; }
-		$ret.="$to${o}$n$pp: \$(SRC_D)$o$_$pp\n\t\$(CP) \$(SRC_D)$o$_$pp $to${o}$n$pp\n\n";
-		}
-	return($ret);
-	}
diff --git a/util/pl/f.mak b/util/pl/f.mak
deleted file mode 100644
index e69de29bb2..0000000000
--- a/util/pl/f.mak
+++ /dev/null
diff --git a/util/pl/linux.pl b/util/pl/linux.pl
index a8cfdc578a..8924ed5480 100644
--- a/util/pl/linux.pl
+++ b/util/pl/linux.pl
@@ -12,6 +12,8 @@ $rm='/bin/rm -f';
 $cc='gcc';
 if ($debug)
 	{ $cflags="-g2 -ggdb -DREF_CHECK -DCRYPTO_MDEBUG"; }
+elsif ($profile)
+	{ $cflags="-pg -O3"; }
 else
 	{ $cflags="-O3 -fomit-frame-pointer"; }
 
@@ -19,6 +21,8 @@ if (!$no_asm)
 	{
 	$bn_asm_obj='$(OBJ_D)/bn86-elf.o';
 	$bn_asm_src='crypto/bn/asm/bn86unix.cpp';
+	$bnco_asm_obj='$(OBJ_D)/co86-elf.o';
+	$bnco_asm_src='crypto/bn/asm/co86unix.cpp';
 	$des_enc_obj='$(OBJ_D)/dx86-elf.o $(OBJ_D)/yx86-elf.o';
 	$des_enc_src='crypto/des/asm/dx86unix.cpp crypto/des/asm/yx86unix.cpp';
 	$bf_enc_obj='$(OBJ_D)/bx86-elf.o';
diff --git a/util/pl/ultrix.pl b/util/pl/ultrix.pl
index 9302de95df..ea370c71f9 100644
--- a/util/pl/ultrix.pl
+++ b/util/pl/ultrix.pl
@@ -15,7 +15,7 @@ if ($debug)
 else
 	{ $cflags="-O2"; }
 
-$cflags.=" -DNOPROTO -DNOCONST -DL_ENDIAN";
+$cflags.=" -std1 -DL_ENDIAN";
 
 if (!$no_asm)
 	{
diff --git a/util/pl/unix.pl b/util/pl/unix.pl
index aa2d7d1f37..146611ad99 100644
--- a/util/pl/unix.pl
+++ b/util/pl/unix.pl
@@ -38,7 +38,7 @@ $ex_libs="";
 # static library stuff
 $mklib='ar r';
 $mlflags='';
-$ranlib='util/ranlib.sh';
+$ranlib=&which("ranlib") or $ranlib="true";
 $plib='lib';
 $libp=".a";
 $shlibp=".a";
@@ -80,4 +80,17 @@ sub do_link_rule
 	return($ret);
 	}
 
+sub which
+	{
+	my ($name)=@_;
+	my $path;
+	foreach $path (split /:/, $ENV{PATH})
+		{
+		if (-x "$path/$name")
+			{
+			return "$path/$name";
+			}
+		}
+	}
+
 1;
diff --git a/util/pod2man.pl b/util/pod2man.pl
new file mode 100755
index 0000000000..657e4e264e
--- /dev/null
+++ b/util/pod2man.pl
@@ -0,0 +1,1183 @@
+: #!/usr/bin/perl-5.005
+    eval 'exec /usr/bin/perl -S $0 ${1+"$@"}'
+	if $running_under_some_shell;
+
+$DEF_PM_SECTION = '3pm' || '3';
+
+=head1 NAME
+
+pod2man - translate embedded Perl pod directives into man pages
+
+=head1 SYNOPSIS
+
+B<pod2man>
+[ B<--section=>I<manext> ]
+[ B<--release=>I<relpatch> ]
+[ B<--center=>I<string> ]
+[ B<--date=>I<string> ]
+[ B<--fixed=>I<font> ]
+[ B<--official> ]
+[ B<--lax> ]
+I<inputfile>
+
+=head1 DESCRIPTION
+
+B<pod2man> converts its input file containing embedded pod directives (see
+L<perlpod>) into nroff source suitable for viewing with nroff(1) or
+troff(1) using the man(7) macro set.
+
+Besides the obvious pod conversions, B<pod2man> also takes care of
+func(), func(n), and simple variable references like $foo or @bar so
+you don't have to use code escapes for them; complex expressions like
+C<$fred{'stuff'}> will still need to be escaped, though.  Other nagging
+little roffish things that it catches include translating the minus in
+something like foo-bar, making a long dash--like this--into a real em
+dash, fixing up "paired quotes", putting a little space after the
+parens in something like func(), making C++ and PI look right, making
+double underbars have a little tiny space between them, making ALLCAPS
+a teeny bit smaller in troff(1), and escaping backslashes so you don't
+have to.
+
+=head1 OPTIONS
+
+=over 8
+
+=item center
+
+Set the centered header to a specific string.  The default is
+"User Contributed Perl Documentation", unless the C<--official> flag is
+given, in which case the default is "Perl Programmers Reference Guide".
+
+=item date
+
+Set the left-hand footer string to this value.  By default,
+the modification date of the input file will be used.
+
+=item fixed
+
+The fixed font to use for code refs.  Defaults to CW.
+
+=item official
+
+Set the default header to indicate that this page is of
+the standard release in case C<--center> is not given.
+
+=item release
+
+Set the centered footer.  By default, this is the current
+perl release.
+
+=item section
+
+Set the section for the C<.TH> macro.  The standard conventions on
+sections are to use 1 for user commands,  2 for system calls, 3 for
+functions, 4 for devices, 5 for file formats, 6 for games, 7 for
+miscellaneous information, and 8 for administrator commands.  This works
+best if you put your Perl man pages in a separate tree, like
+F</usr/local/perl/man/>.  By default, section 1 will be used
+unless the file ends in F<.pm> in which case section 3 will be selected.
+
+=item lax
+
+Don't complain when required sections aren't present.
+
+=back
+
+=head1 Anatomy of a Proper Man Page
+
+For those not sure of the proper layout of a man page, here's
+an example of the skeleton of a proper man page.  Head of the
+major headers should be setout as a C<=head1> directive, and
+are historically written in the rather startling ALL UPPER CASE
+format, although this is not mandatory.
+Minor headers may be included using C<=head2>, and are
+typically in mixed case.
+
+=over 10
+
+=item NAME
+
+Mandatory section; should be a comma-separated list of programs or
+functions documented by this podpage, such as:
+
+    foo, bar - programs to do something
+
+=item SYNOPSIS
+
+A short usage summary for programs and functions, which
+may someday be deemed mandatory.
+
+=item DESCRIPTION
+
+Long drawn out discussion of the program.  It's a good idea to break this
+up into subsections using the C<=head2> directives, like
+
+    =head2 A Sample Subection
+
+    =head2 Yet Another Sample Subection
+
+=item OPTIONS
+
+Some people make this separate from the description.
+
+=item RETURN VALUE
+
+What the program or function returns if successful.
+
+=item ERRORS
+
+Exceptions, return codes, exit stati, and errno settings.
+
+=item EXAMPLES
+
+Give some example uses of the program.
+
+=item ENVIRONMENT
+
+Envariables this program might care about.
+
+=item FILES
+
+All files used by the program.  You should probably use the FE<lt>E<gt>
+for these.
+
+=item SEE ALSO
+
+Other man pages to check out, like man(1), man(7), makewhatis(8), or catman(8).
+
+=item NOTES
+
+Miscellaneous commentary.
+
+=item CAVEATS
+
+Things to take special care with; sometimes called WARNINGS.
+
+=item DIAGNOSTICS
+
+All possible messages the program can print out--and
+what they mean.
+
+=item BUGS
+
+Things that are broken or just don't work quite right.
+
+=item RESTRICTIONS
+
+Bugs you don't plan to fix :-)
+
+=item AUTHOR
+
+Who wrote it (or AUTHORS if multiple).
+
+=item HISTORY
+
+Programs derived from other sources sometimes have this, or
+you might keep a modification log here.
+
+=back
+
+=head1 EXAMPLES
+
+    pod2man program > program.1
+    pod2man some_module.pm > /usr/perl/man/man3/some_module.3
+    pod2man --section=7 note.pod > note.7
+
+=head1 DIAGNOSTICS
+
+The following diagnostics are generated by B<pod2man>.  Items
+marked "(W)" are non-fatal, whereas the "(F)" errors will cause
+B<pod2man> to immediately exit with a non-zero status.
+
+=over 4
+
+=item bad option in paragraph %d of %s: ``%s'' should be [%s]<%s>
+
+(W) If you start include an option, you should set it off
+as bold, italic, or code.
+
+=item can't open %s: %s
+
+(F) The input file wasn't available for the given reason.
+
+=item Improper man page - no dash in NAME header in paragraph %d of %s
+
+(W) The NAME header did not have an isolated dash in it.  This is
+considered important.
+
+=item Invalid man page - no NAME line in %s
+
+(F) You did not include a NAME header, which is essential.
+
+=item roff font should be 1 or 2 chars, not `%s'  (F)
+
+(F) The font specified with the C<--fixed> option was not
+a one- or two-digit roff font.
+
+=item %s is missing required section: %s
+
+(W) Required sections include NAME, DESCRIPTION, and if you're
+using a section starting with a 3, also a SYNOPSIS.  Actually,
+not having a NAME is a fatal.
+
+=item Unknown escape: %s in %s
+
+(W) An unknown HTML entity (probably for an 8-bit character) was given via
+a C<EE<lt>E<gt>> directive.  Besides amp, lt, gt, and quot, recognized
+entities are Aacute, aacute, Acirc, acirc, AElig, aelig, Agrave, agrave,
+Aring, aring, Atilde, atilde, Auml, auml, Ccedil, ccedil, Eacute, eacute,
+Ecirc, ecirc, Egrave, egrave, ETH, eth, Euml, euml, Iacute, iacute, Icirc,
+icirc, Igrave, igrave, Iuml, iuml, Ntilde, ntilde, Oacute, oacute, Ocirc,
+ocirc, Ograve, ograve, Oslash, oslash, Otilde, otilde, Ouml, ouml, szlig,
+THORN, thorn, Uacute, uacute, Ucirc, ucirc, Ugrave, ugrave, Uuml, uuml,
+Yacute, yacute, and yuml.
+
+=item Unmatched =back
+
+(W) You have a C<=back> without a corresponding C<=over>.
+
+=item Unrecognized pod directive: %s
+
+(W) You specified a pod directive that isn't in the known list of
+C<=head1>, C<=head2>, C<=item>, C<=over>, C<=back>, or C<=cut>.
+
+
+=back
+
+=head1 NOTES
+
+If you would like to print out a lot of man page continuously, you
+probably want to set the C and D registers to set contiguous page
+numbering and even/odd paging, at least on some versions of man(7).
+Settting the F register will get you some additional experimental
+indexing:
+
+    troff -man -rC1 -rD1 -rF1 perl.1 perldata.1 perlsyn.1 ...
+
+The indexing merely outputs messages via C<.tm> for each
+major page, section, subsection, item, and any C<XE<lt>E<gt>>
+directives.
+
+
+=head1 RESTRICTIONS
+
+None at this time.
+
+=head1 BUGS
+
+The =over and =back directives don't really work right.  They
+take absolute positions instead of offsets, don't nest well, and
+making people count is suboptimal in any event.
+
+=head1 AUTHORS
+
+Original prototype by Larry Wall, but so massively hacked over by
+Tom Christiansen such that Larry probably doesn't recognize it anymore.
+
+=cut
+
+$/ = "";
+$cutting = 1;
+@Indices = ();
+
+# We try first to get the version number from a local binary, in case we're
+# running an installed version of Perl to produce documentation from an
+# uninstalled newer version's pod files.
+if ($^O ne 'plan9' and $^O ne 'dos' and $^O ne 'os2' and $^O ne 'MSWin32') {
+  my $perl = (-x './perl' && -f './perl' ) ?
+                 './perl' :
+                 ((-x '../perl' && -f '../perl') ?
+                      '../perl' :
+                      '');
+  ($version,$patch) = `$perl -e 'print $]'` =~ /^(\d\.\d{3})(\d{2})?/ if $perl;
+}
+# No luck; we'll just go with the running Perl's version
+($version,$patch) = $] =~ /^(.{5})(\d{2})?/ unless $version;
+$DEF_RELEASE  = "perl $version";
+$DEF_RELEASE .= ", patch $patch" if $patch;
+
+
+sub makedate {
+    my $secs = shift;
+    my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($secs);
+    my $mname = (qw{Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec})[$mon];
+    $year += 1900;
+    return "$mday/$mname/$year";
+}
+
+use Getopt::Long;
+
+$DEF_SECTION = 1;
+$DEF_CENTER = "User Contributed Perl Documentation";
+$STD_CENTER = "Perl Programmers Reference Guide";
+$DEF_FIXED = 'CW';
+$DEF_LAX = 0;
+
+sub usage {
+    warn "$0: @_\n" if @_;
+    die <<EOF;
+usage: $0 [options] podpage
+Options are:
+	--section=manext      (default "$DEF_SECTION")
+	--release=relpatch    (default "$DEF_RELEASE")
+	--center=string       (default "$DEF_CENTER")
+	--date=string         (default "$DEF_DATE")
+	--fixed=font	      (default "$DEF_FIXED")
+	--official	      (default NOT)
+	--lax                 (default NOT)
+EOF
+}
+
+$uok = GetOptions( qw(
+	section=s
+	release=s
+	center=s
+	date=s
+	fixed=s
+	official
+	lax
+	help));
+
+$DEF_DATE = makedate((stat($ARGV[0]))[9] || time());
+
+usage("Usage error!") unless $uok;
+usage() if $opt_help;
+usage("Need one and only one podpage argument") unless @ARGV == 1;
+
+$section = $opt_section || ($ARGV[0] =~ /\.pm$/
+				? $DEF_PM_SECTION : $DEF_SECTION);
+$RP = $opt_release || $DEF_RELEASE;
+$center = $opt_center || ($opt_official ? $STD_CENTER : $DEF_CENTER);
+$lax = $opt_lax || $DEF_LAX;
+
+$CFont = $opt_fixed || $DEF_FIXED;
+
+if (length($CFont) == 2) {
+    $CFont_embed = "\\f($CFont";
+}
+elsif (length($CFont) == 1) {
+    $CFont_embed = "\\f$CFont";
+}
+else {
+    die "roff font should be 1 or 2 chars, not `$CFont_embed'";
+}
+
+$date = $opt_date || $DEF_DATE;
+
+for (qw{NAME DESCRIPTION}) {
+# for (qw{NAME DESCRIPTION AUTHOR}) {
+    $wanna_see{$_}++;
+}
+$wanna_see{SYNOPSIS}++ if $section =~ /^3/;
+
+
+$name = @ARGV ? $ARGV[0] : "<STDIN>";
+$Filename = $name;
+if ($section =~ /^1/) {
+    require File::Basename;
+    $name = uc File::Basename::basename($name);
+}
+$name =~ s/\.(pod|p[lm])$//i;
+
+# Lose everything up to the first of
+#     */lib/*perl*	standard or site_perl module
+#     */*perl*/lib	from -D prefix=/opt/perl
+#     */*perl*/		random module hierarchy
+# which works.
+$name =~ s-//+-/-g;
+if ($name =~ s-^.*?/lib/[^/]*perl[^/]*/--i
+	or $name =~ s-^.*?/[^/]*perl[^/]*/lib/--i
+	or $name =~ s-^.*?/[^/]*perl[^/]*/--i) {
+    # Lose ^site(_perl)?/.
+    $name =~ s-^site(_perl)?/--;
+    # Lose ^arch/.	(XXX should we use Config? Just for archname?)
+    $name =~ s~^(.*-$^O|$^O-.*)/~~o;
+    # Lose ^version/.
+    $name =~ s-^\d+\.\d+/--;
+}
+
+# Translate Getopt/Long to Getopt::Long, etc.
+$name =~ s(/)(::)g;
+
+if ($name ne 'something') {
+    FCHECK: {
+	open(F, "< $ARGV[0]") || die "can't open $ARGV[0]: $!";
+	while (<F>) {
+	    next unless /^=\b/;
+	    if (/^=head1\s+NAME\s*$/) {  # an /m would forgive mistakes
+		$_ = <F>;
+		unless (/\s*-+\s+/) {
+		    $oops++;
+		    warn "$0: Improper man page - no dash in NAME header in paragraph $. of $ARGV[0]\n"
+                } else {
+		    my @n = split /\s+-+\s+/;
+		    if (@n != 2) {
+			$oops++;
+			warn "$0: Improper man page - malformed NAME header in paragraph $. of $ARGV[0]\n"
+		    }
+		    else {
+			$n[0] =~ s/\n/ /g;
+			$n[1] =~ s/\n/ /g;
+			%namedesc = @n;
+		    }
+		}
+		last FCHECK;
+	    }
+	    next if /^=cut\b/;	# DB_File and Net::Ping have =cut before NAME
+	    next if /^=pod\b/;  # It is OK to have =pod before NAME
+	    die "$0: Invalid man page - 1st pod line is not NAME in $ARGV[0]\n" unless $lax;
+	}
+	die "$0: Invalid man page - no documentation in $ARGV[0]\n" unless $lax;
+    }
+    close F;
+}
+
+print <<"END";
+.rn '' }`
+''' \$RCSfile\$\$Revision\$\$Date\$
+'''
+''' \$Log\$
+'''
+.de Sh
+.br
+.if t .Sp
+.ne 5
+.PP
+\\fB\\\\\$1\\fR
+.PP
+..
+.de Sp
+.if t .sp .5v
+.if n .sp
+..
+.de Ip
+.br
+.ie \\\\n(.\$>=3 .ne \\\\\$3
+.el .ne 3
+.IP "\\\\\$1" \\\\\$2
+..
+.de Vb
+.ft $CFont
+.nf
+.ne \\\\\$1
+..
+.de Ve
+.ft R
+
+.fi
+..
+'''
+'''
+'''     Set up \\*(-- to give an unbreakable dash;
+'''     string Tr holds user defined translation string.
+'''     Bell System Logo is used as a dummy character.
+'''
+.tr \\(*W-|\\(bv\\*(Tr
+.ie n \\{\\
+.ds -- \\(*W-
+.ds PI pi
+.if (\\n(.H=4u)&(1m=24u) .ds -- \\(*W\\h'-12u'\\(*W\\h'-12u'-\\" diablo 10 pitch
+.if (\\n(.H=4u)&(1m=20u) .ds -- \\(*W\\h'-12u'\\(*W\\h'-8u'-\\" diablo 12 pitch
+.ds L" ""
+.ds R" ""
+'''   \\*(M", \\*(S", \\*(N" and \\*(T" are the equivalent of
+'''   \\*(L" and \\*(R", except that they are used on ".xx" lines,
+'''   such as .IP and .SH, which do another additional levels of
+'''   double-quote interpretation
+.ds M" """
+.ds S" """
+.ds N" """""
+.ds T" """""
+.ds L' '
+.ds R' '
+.ds M' '
+.ds S' '
+.ds N' '
+.ds T' '
+'br\\}
+.el\\{\\
+.ds -- \\(em\\|
+.tr \\*(Tr
+.ds L" ``
+.ds R" ''
+.ds M" ``
+.ds S" ''
+.ds N" ``
+.ds T" ''
+.ds L' `
+.ds R' '
+.ds M' `
+.ds S' '
+.ds N' `
+.ds T' '
+.ds PI \\(*p
+'br\\}
+END
+
+print <<'END';
+.\"	If the F register is turned on, we'll generate
+.\"	index entries out stderr for the following things:
+.\"		TH	Title 
+.\"		SH	Header
+.\"		Sh	Subsection 
+.\"		Ip	Item
+.\"		X<>	Xref  (embedded
+.\"	Of course, you have to process the output yourself
+.\"	in some meaninful fashion.
+.if \nF \{
+.de IX
+.tm Index:\\$1\t\\n%\t"\\$2"
+..
+.nr % 0
+.rr F
+.\}
+END
+
+print <<"END";
+.TH $name $section "$RP" "$date" "$center"
+.UC
+END
+
+push(@Indices, qq{.IX Title "$name $section"});
+
+while (($name, $desc) = each %namedesc) {
+    for ($name, $desc) { s/^\s+//; s/\s+$//; }
+    push(@Indices, qq(.IX Name "$name - $desc"\n));
+}
+
+print <<'END';
+.if n .hy 0
+.if n .na
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.de CQ          \" put $1 in typewriter font
+END
+print ".ft $CFont\n";
+print <<'END';
+'if n "\c
+'if t \\&\\$1\c
+'if n \\&\\$1\c
+'if n \&"
+\\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
+'.ft R
+..
+.\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
+.	\" AM - accent mark definitions
+.bd B 3
+.	\" fudge factors for nroff and troff
+.if n \{\
+.	ds #H 0
+.	ds #V .8m
+.	ds #F .3m
+.	ds #[ \f1
+.	ds #] \fP
+.\}
+.if t \{\
+.	ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+.	ds #V .6m
+.	ds #F 0
+.	ds #[ \&
+.	ds #] \&
+.\}
+.	\" simple accents for nroff and troff
+.if n \{\
+.	ds ' \&
+.	ds ` \&
+.	ds ^ \&
+.	ds , \&
+.	ds ~ ~
+.	ds ? ?
+.	ds ! !
+.	ds /
+.	ds q
+.\}
+.if t \{\
+.	ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+.	ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+.	ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+.	ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+.	ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+.	ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
+.	ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
+.	ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.	ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
+.\}
+.	\" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
+.ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
+.ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
+.ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+.ds oe o\h'-(\w'o'u*4/10)'e
+.ds Oe O\h'-(\w'O'u*4/10)'E
+.	\" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+.	\" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+.	ds : e
+.	ds 8 ss
+.	ds v \h'-1'\o'\(aa\(ga'
+.	ds _ \h'-1'^
+.	ds . \h'-1'.
+.	ds 3 3
+.	ds o a
+.	ds d- d\h'-1'\(ga
+.	ds D- D\h'-1'\(hy
+.	ds th \o'bp'
+.	ds Th \o'LP'
+.	ds ae ae
+.	ds Ae AE
+.	ds oe oe
+.	ds Oe OE
+.\}
+.rm #[ #] #H #V #F C
+END
+
+$indent = 0;
+
+$begun = "";
+
+# Unrolling [^A-Z>]|[A-Z](?!<) gives:    // MRE pp 165.
+my $nonest = '(?:[^A-Z>]*(?:[A-Z](?!<)[^A-Z>]*)*)';
+
+while (<>) {
+    if ($cutting) {
+	next unless /^=/;
+	$cutting = 0;
+    }
+    if ($begun) {
+	if (/^=end\s+$begun/) {
+            $begun = "";
+	}
+	elsif ($begun =~ /^(roff|man)$/) {
+	    print STDOUT $_;
+        }
+	next;
+    }
+    chomp;
+
+    # Translate verbatim paragraph
+
+    if (/^\s/) {
+	@lines = split(/\n/);
+	for (@lines) {
+	    1 while s
+		{^( [^\t]* ) \t ( \t* ) }
+		{ $1 . ' ' x (8 - (length($1)%8) + 8 * (length($2))) }ex;
+	    s/\\/\\e/g;
+	    s/\A/\\&/s;
+	}
+	$lines = @lines;
+	makespace() unless $verbatim++;
+	print ".Vb $lines\n";
+	print join("\n", @lines), "\n";
+	print ".Ve\n";
+	$needspace = 0;
+	next;
+    }
+
+    $verbatim = 0;
+
+    if (/^=for\s+(\S+)\s*/s) {
+	if ($1 eq "man" or $1 eq "roff") {
+	    print STDOUT $',"\n\n";
+	} else {
+	    # ignore unknown for
+	}
+	next;
+    }
+    elsif (/^=begin\s+(\S+)\s*/s) {
+	$begun = $1;
+	if ($1 eq "man" or $1 eq "roff") {
+	    print STDOUT $'."\n\n";
+	}
+	next;
+    }
+
+    # check for things that'll hosed our noremap scheme; affects $_
+    init_noremap();
+
+    if (!/^=item/) {
+
+	# trofficate backslashes; must do it before what happens below
+	s/\\/noremap('\\e')/ge;
+
+	# protect leading periods and quotes against *roff
+	# mistaking them for directives
+	s/^(?:[A-Z]<)?[.']/\\&$&/gm;
+
+	# first hide the escapes in case we need to
+	# intuit something and get it wrong due to fmting
+
+	1 while s/([A-Z]<$nonest>)/noremap($1)/ge;
+
+	# func() is a reference to a perl function
+	s{
+	    \b
+	    (
+		[:\w]+ \(\)
+	    )
+	} {I<$1>}gx;
+
+	# func(n) is a reference to a perl function or a man page
+	s{
+	    ([:\w]+)
+	    (
+		\( [^\051]+ \)
+	    )
+	} {I<$1>\\|$2}gx;
+
+	# convert simple variable references
+	s/(\s+)([\$\@%][\w:]+)(?!\()/${1}C<$2>/g;
+
+	if (m{ (
+		    [\-\w]+
+		    \(
+			[^\051]*?
+			[\@\$,]
+			[^\051]*?
+		    \)
+		)
+	    }x && $` !~ /([LCI]<[^<>]*|-)$/ && !/^=\w/)
+	{
+	    warn "$0: bad option in paragraph $. of $ARGV: ``$1'' should be [LCI]<$1>\n";
+	    $oops++;
+	}
+
+	while (/(-[a-zA-Z])\b/g && $` !~ /[\w\-]$/) {
+	    warn "$0: bad option in paragraph $. of $ARGV: ``$1'' should be [CB]<$1>\n";
+	    $oops++;
+	}
+
+	# put it back so we get the <> processed again;
+	clear_noremap(0); # 0 means leave the E's
+
+    } else {
+	# trofficate backslashes
+	s/\\/noremap('\\e')/ge;
+
+    }
+
+    # need to hide E<> first; they're processed in clear_noremap
+    s/(E<[^<>]+>)/noremap($1)/ge;
+
+
+    $maxnest = 10;
+    while ($maxnest-- && /[A-Z]</) {
+
+	# can't do C font here
+	s/([BI])<($nonest)>/font($1) . $2 . font('R')/eg;
+
+	# files and filelike refs in italics
+	s/F<($nonest)>/I<$1>/g;
+
+	# no break -- usually we want C<> for this
+	s/S<($nonest)>/nobreak($1)/eg;
+
+	# LREF: a la HREF L<show this text|man/section>
+	s:L<([^|>]+)\|[^>]+>:$1:g;
+
+	# LREF: a manpage(3f)
+	s:L<([a-zA-Z][^\s\/]+)(\([^\)]+\))?>:the I<$1>$2 manpage:g;
+
+	# LREF: an =item on another manpage
+	s{
+	    L<
+		([^/]+)
+		/
+		(
+		    [:\w]+
+		    (\(\))?
+		)
+	    >
+	} {the C<$2> entry in the I<$1> manpage}gx;
+
+	# LREF: an =item on this manpage
+	s{
+	   ((?:
+	    L<
+		/
+		(
+		    [:\w]+
+		    (\(\))?
+		)
+	    >
+	    (,?\s+(and\s+)?)?
+	  )+)
+	} { internal_lrefs($1) }gex;
+
+	# LREF: a =head2 (head1?), maybe on a manpage, maybe right here
+	# the "func" can disambiguate
+	s{
+	    L<
+		(?:
+		    ([a-zA-Z]\S+?) /
+		)?
+		"?(.*?)"?
+	    >
+	}{
+	    do {
+		$1 	# if no $1, assume it means on this page.
+		    ?  "the section on I<$2> in the I<$1> manpage"
+		    :  "the section on I<$2>"
+	    }
+	}gesx; # s in case it goes over multiple lines, so . matches \n
+
+	s/Z<>/\\&/g;
+
+	# comes last because not subject to reprocessing
+	s/C<($nonest)>/noremap("${CFont_embed}${1}\\fR")/eg;
+    }
+
+    if (s/^=//) {
+	$needspace = 0;		# Assume this.
+
+	s/\n/ /g;
+
+	($Cmd, $_) = split(' ', $_, 2);
+
+	$dotlevel = 1;
+	if ($Cmd eq 'head1') {
+	   $dotlevel = 1;
+	}
+	elsif ($Cmd eq 'head2') {
+	   $dotlevel = 1;
+	}
+	elsif ($Cmd eq 'item') {
+	   $dotlevel = 2;
+	}
+
+	if (defined $_) {
+	    &escapes($dotlevel);
+	    s/"/""/g;
+	}
+
+	clear_noremap(1);
+
+	if ($Cmd eq 'cut') {
+	    $cutting = 1;
+	}
+	elsif ($Cmd eq 'head1') {
+	    s/\s+$//;
+	    delete $wanna_see{$_} if exists $wanna_see{$_};
+	    print qq{.SH "$_"\n};
+      push(@Indices, qq{.IX Header "$_"\n});
+	}
+	elsif ($Cmd eq 'head2') {
+	    print qq{.Sh "$_"\n};
+      push(@Indices, qq{.IX Subsection "$_"\n});
+	}
+	elsif ($Cmd eq 'over') {
+	    push(@indent,$indent);
+	    $indent += ($_ + 0) || 5;
+	}
+	elsif ($Cmd eq 'back') {
+	    $indent = pop(@indent);
+	    warn "$0: Unmatched =back in paragraph $. of $ARGV\n" unless defined $indent;
+	    $needspace = 1;
+	}
+	elsif ($Cmd eq 'item') {
+	    s/^\*( |$)/\\(bu$1/g;
+	    # if you know how to get ":s please do
+	    s/\\\*\(L"([^"]+?)\\\*\(R"/'$1'/g;
+	    s/\\\*\(L"([^"]+?)""/'$1'/g;
+	    s/[^"]""([^"]+?)""[^"]/'$1'/g;
+	    # here do something about the $" in perlvar?
+	    print STDOUT qq{.Ip "$_" $indent\n};
+      push(@Indices, qq{.IX Item "$_"\n});
+	}
+	elsif ($Cmd eq 'pod') {
+	    # this is just a comment
+	} 
+	else {
+	    warn "$0: Unrecognized pod directive in paragraph $. of $ARGV: $Cmd\n";
+	}
+    }
+    else {
+	if ($needspace) {
+	    &makespace;
+	}
+	&escapes(0);
+	clear_noremap(1);
+	print $_, "\n";
+	$needspace = 1;
+    }
+}
+
+print <<"END";
+
+.rn }` ''
+END
+
+if (%wanna_see && !$lax) {
+    @missing = keys %wanna_see;
+    warn "$0: $Filename is missing required section"
+	.  (@missing > 1 && "s")
+	.  ": @missing\n";
+    $oops++;
+}
+
+foreach (@Indices) { print "$_\n"; }
+
+exit;
+#exit ($oops != 0);
+
+#########################################################################
+
+sub nobreak {
+    my $string = shift;
+    $string =~ s/ /\\ /g;
+    $string;
+}
+
+sub escapes {
+    my $indot = shift;
+
+    s/X<(.*?)>/mkindex($1)/ge;
+
+    # translate the minus in foo-bar into foo\-bar for roff
+    s/([^0-9a-z-])-([^-])/$1\\-$2/g;
+
+    # make -- into the string version \*(-- (defined above)
+    s/\b--\b/\\*(--/g;
+    s/"--([^"])/"\\*(--$1/g;  # should be a better way
+    s/([^"])--"/$1\\*(--"/g;
+
+    # fix up quotes; this is somewhat tricky
+    my $dotmacroL = 'L';
+    my $dotmacroR = 'R';
+    if ( $indot == 1 ) {
+	$dotmacroL = 'M';
+	$dotmacroR = 'S';
+    }  
+    elsif ( $indot >= 2 ) {
+	$dotmacroL = 'N';
+	$dotmacroR = 'T';
+    }  
+    if (!/""/) {
+	s/(^|\s)(['"])/noremap("$1\\*($dotmacroL$2")/ge;
+	s/(['"])($|[\-\s,;\\!?.])/noremap("\\*($dotmacroR$1$2")/ge;
+    }
+
+    #s/(?!")(?:.)--(?!")(?:.)/\\*(--/g;
+    #s/(?:(?!")(?:.)--(?:"))|(?:(?:")--(?!")(?:.))/\\*(--/g;
+
+
+    # make sure that func() keeps a bit a space tween the parens
+    ### s/\b\(\)/\\|()/g;
+    ### s/\b\(\)/(\\|)/g;
+
+    # make C++ into \*C+, which is a squinched version (defined above)
+    s/\bC\+\+/\\*(C+/g;
+
+    # make double underbars have a little tiny space between them
+    s/__/_\\|_/g;
+
+    # PI goes to \*(PI (defined above)
+    s/\bPI\b/noremap('\\*(PI')/ge;
+
+    # make all caps a teeny bit smaller, but don't muck with embedded code literals
+    my $hidCFont = font('C');
+    if ($Cmd !~ /^head1/) { # SH already makes smaller
+	# /g isn't enough; 1 while or we'll be off
+
+#	1 while s{
+#	    (?!$hidCFont)(..|^.|^)
+#	    \b
+#	    (
+#		[A-Z][\/A-Z+:\-\d_$.]+
+#	    )
+#	    (s?) 		
+#	    \b
+#	} {$1\\s-1$2\\s0}gmox;
+
+	1 while s{
+	    (?!$hidCFont)(..|^.|^)
+	    (
+		\b[A-Z]{2,}[\/A-Z+:\-\d_\$]*\b
+	    )
+	} {
+	    $1 . noremap( '\\s-1' .  $2 . '\\s0' )
+	}egmox;
+
+    }
+}
+
+# make troff just be normal, but make small nroff get quoted
+# decided to just put the quotes in the text; sigh;
+sub ccvt {
+    local($_,$prev) = @_;
+    noremap(qq{.CQ "$_" \n\\&});
+}
+
+sub makespace {
+    if ($indent) {
+	print ".Sp\n";
+    }
+    else {
+	print ".PP\n";
+    }
+}
+
+sub mkindex {
+    my ($entry) = @_;
+    my @entries = split m:\s*/\s*:, $entry;
+    push @Indices, ".IX Xref " . join ' ', map {qq("$_")} @entries;
+    return '';
+}
+
+sub font {
+    local($font) = shift;
+    return '\\f' . noremap($font);
+}
+
+sub noremap {
+    local($thing_to_hide) = shift;
+    $thing_to_hide =~ tr/\000-\177/\200-\377/;
+    return $thing_to_hide;
+}
+
+sub init_noremap {
+	# escape high bit characters in input stream
+	s/([\200-\377])/"E<".ord($1).">"/ge;
+}
+
+sub clear_noremap {
+    my $ready_to_print = $_[0];
+
+    tr/\200-\377/\000-\177/;
+
+    # trofficate backslashes
+    # s/(?!\\e)(?:..|^.|^)\\/\\e/g;
+
+    # now for the E<>s, which have been hidden until now
+    # otherwise the interative \w<> processing would have
+    # been hosed by the E<gt>
+    s {
+	    E<
+	    (
+	        ( \d + ) 
+	        | ( [A-Za-z]+ )	
+	    )
+	    >	
+    } {
+	 do {
+	     defined $2
+		? chr($2)
+		:	
+	     exists $HTML_Escapes{$3}
+		? do { $HTML_Escapes{$3} }
+		: do {
+		    warn "$0: Unknown escape in paragraph $. of $ARGV: ``$&''\n";
+		    "E<$1>";
+		}
+	 }
+    }egx if $ready_to_print;
+}
+
+sub internal_lrefs {
+    local($_) = shift;
+    local $trailing_and = s/and\s+$// ? "and " : "";
+
+    s{L</([^>]+)>}{$1}g;
+    my(@items) = split( /(?:,?\s+(?:and\s+)?)/ );
+    my $retstr = "the ";
+    my $i;
+    for ($i = 0; $i <= $#items; $i++) {
+	$retstr .= "C<$items[$i]>";
+	$retstr .= ", " if @items > 2 && $i != $#items;
+	$retstr .= " and " if $i+2 == @items;
+    }
+
+    $retstr .= " entr" . ( @items > 1  ? "ies" : "y" )
+	    .  " elsewhere in this document";
+    # terminal space to avoid words running together (pattern used
+    # strips terminal spaces)
+    $retstr .= " " if length $trailing_and;
+    $retstr .=  $trailing_and;
+
+    return $retstr;
+
+}
+
+BEGIN {
+%HTML_Escapes = (
+    'amp'	=>	'&',	#   ampersand
+    'lt'	=>	'<',	#   left chevron, less-than
+    'gt'	=>	'>',	#   right chevron, greater-than
+    'quot'	=>	'"',	#   double quote
+
+    "Aacute"	=>	"A\\*'",	#   capital A, acute accent
+    "aacute"	=>	"a\\*'",	#   small a, acute accent
+    "Acirc"	=>	"A\\*^",	#   capital A, circumflex accent
+    "acirc"	=>	"a\\*^",	#   small a, circumflex accent
+    "AElig"	=>	'\*(AE',	#   capital AE diphthong (ligature)
+    "aelig"	=>	'\*(ae',	#   small ae diphthong (ligature)
+    "Agrave"	=>	"A\\*`",	#   capital A, grave accent
+    "agrave"	=>	"A\\*`",	#   small a, grave accent
+    "Aring"	=>	'A\\*o',	#   capital A, ring
+    "aring"	=>	'a\\*o',	#   small a, ring
+    "Atilde"	=>	'A\\*~',	#   capital A, tilde
+    "atilde"	=>	'a\\*~',	#   small a, tilde
+    "Auml"	=>	'A\\*:',	#   capital A, dieresis or umlaut mark
+    "auml"	=>	'a\\*:',	#   small a, dieresis or umlaut mark
+    "Ccedil"	=>	'C\\*,',	#   capital C, cedilla
+    "ccedil"	=>	'c\\*,',	#   small c, cedilla
+    "Eacute"	=>	"E\\*'",	#   capital E, acute accent
+    "eacute"	=>	"e\\*'",	#   small e, acute accent
+    "Ecirc"	=>	"E\\*^",	#   capital E, circumflex accent
+    "ecirc"	=>	"e\\*^",	#   small e, circumflex accent
+    "Egrave"	=>	"E\\*`",	#   capital E, grave accent
+    "egrave"	=>	"e\\*`",	#   small e, grave accent
+    "ETH"	=>	'\\*(D-',	#   capital Eth, Icelandic
+    "eth"	=>	'\\*(d-',	#   small eth, Icelandic
+    "Euml"	=>	"E\\*:",	#   capital E, dieresis or umlaut mark
+    "euml"	=>	"e\\*:",	#   small e, dieresis or umlaut mark
+    "Iacute"	=>	"I\\*'",	#   capital I, acute accent
+    "iacute"	=>	"i\\*'",	#   small i, acute accent
+    "Icirc"	=>	"I\\*^",	#   capital I, circumflex accent
+    "icirc"	=>	"i\\*^",	#   small i, circumflex accent
+    "Igrave"	=>	"I\\*`",	#   capital I, grave accent
+    "igrave"	=>	"i\\*`",	#   small i, grave accent
+    "Iuml"	=>	"I\\*:",	#   capital I, dieresis or umlaut mark
+    "iuml"	=>	"i\\*:",	#   small i, dieresis or umlaut mark
+    "Ntilde"	=>	'N\*~',		#   capital N, tilde
+    "ntilde"	=>	'n\*~',		#   small n, tilde
+    "Oacute"	=>	"O\\*'",	#   capital O, acute accent
+    "oacute"	=>	"o\\*'",	#   small o, acute accent
+    "Ocirc"	=>	"O\\*^",	#   capital O, circumflex accent
+    "ocirc"	=>	"o\\*^",	#   small o, circumflex accent
+    "Ograve"	=>	"O\\*`",	#   capital O, grave accent
+    "ograve"	=>	"o\\*`",	#   small o, grave accent
+    "Oslash"	=>	"O\\*/",	#   capital O, slash
+    "oslash"	=>	"o\\*/",	#   small o, slash
+    "Otilde"	=>	"O\\*~",	#   capital O, tilde
+    "otilde"	=>	"o\\*~",	#   small o, tilde
+    "Ouml"	=>	"O\\*:",	#   capital O, dieresis or umlaut mark
+    "ouml"	=>	"o\\*:",	#   small o, dieresis or umlaut mark
+    "szlig"	=>	'\*8',		#   small sharp s, German (sz ligature)
+    "THORN"	=>	'\\*(Th',	#   capital THORN, Icelandic
+    "thorn"	=>	'\\*(th',,	#   small thorn, Icelandic
+    "Uacute"	=>	"U\\*'",	#   capital U, acute accent
+    "uacute"	=>	"u\\*'",	#   small u, acute accent
+    "Ucirc"	=>	"U\\*^",	#   capital U, circumflex accent
+    "ucirc"	=>	"u\\*^",	#   small u, circumflex accent
+    "Ugrave"	=>	"U\\*`",	#   capital U, grave accent
+    "ugrave"	=>	"u\\*`",	#   small u, grave accent
+    "Uuml"	=>	"U\\*:",	#   capital U, dieresis or umlaut mark
+    "uuml"	=>	"u\\*:",	#   small u, dieresis or umlaut mark
+    "Yacute"	=>	"Y\\*'",	#   capital Y, acute accent
+    "yacute"	=>	"y\\*'",	#   small y, acute accent
+    "yuml"	=>	"y\\*:",	#   small y, dieresis or umlaut mark
+);
+}
+
diff --git a/util/pod2mantest b/util/pod2mantest
new file mode 100755
index 0000000000..412ca8d6d8
--- /dev/null
+++ b/util/pod2mantest
@@ -0,0 +1,58 @@
+#!/bin/sh
+
+# This script is used by test/Makefile.ssl to check whether a sane 'pod2man'
+# is installed.
+# ('make install' should not try to run 'pod2man' if it does not exist or if
+# it is a broken 'pod2man' version that is known to cause trouble. if we find
+# the system 'pod2man' to be broken, we use our own copy instead)
+#
+# In any case, output an appropriate command line for running (or not
+# running) pod2man.
+
+
+IFS=:
+if test "$OSTYPE" = "msdosdjgpp"; then IFS=";"; fi
+
+try_without_dir=true
+# First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
+for dir in dummy${IFS}$PATH; do
+    if [ "$try_without_dir" = true ]; then
+      # first iteration
+      pod2man=pod2man
+      try_without_dir=false
+    else
+      # second and later iterations
+      pod2man="$dir/pod2man"
+      if [ ! -f "$pod2man" ]; then  # '-x' is not available on Ultrix
+        pod2man=''
+      fi
+    fi
+
+    if [ ! "$pod2man" = '' ]; then
+        failure=none
+
+	if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | fgrep OpenSSL >/dev/null; then
+	    :
+	else
+	    failure=BasicTest
+	fi
+
+	if [ "$failure" = none ]; then
+	    if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null; then
+	        failure=MultilineTest
+	    fi
+	fi
+
+
+        if [ "$failure" = none ]; then
+            echo "$pod2man"
+            exit 0
+        fi
+
+        echo "$pod2man does not work properly ('$failure' failed).  Looking for another pod2man ..." >&2
+    fi
+done
+
+echo "No working pod2man found.  Consider installing a new version." >&2
+echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
+echo "$1 ../../util/pod2man.pl"
diff --git a/util/pod2mantest.pod b/util/pod2mantest.pod
new file mode 100644
index 0000000000..5d2539a17f
--- /dev/null
+++ b/util/pod2mantest.pod
@@ -0,0 +1,15 @@
+=pod
+
+=head1 NAME
+
+foo, bar,
+MARKER - test of multiline name section
+
+=head1 DESCRIPTION
+
+This is a test .pod file to see if we have a buggy pod2man or not.
+If we have a buggy implementation, we will get a line matching the
+regular expression "^ +MARKER - test of multiline name section *$"
+at the end of the resulting document.
+
+=cut
diff --git a/util/point.sh b/util/point.sh
index 92c12e8282..ce7dcc56df 100755
--- a/util/point.sh
+++ b/util/point.sh
@@ -1,4 +1,10 @@
 #!/bin/sh
 
-/bin/rm -f $2
-ln -s $1 $2
+rm -f $2
+if test "$OSTYPE" = msdosdjgpp; then
+    cp $1 $2
+else
+    ln -s $1 $2
+fi
+echo "$2 => $1"
+
diff --git a/util/ranlib.sh b/util/ranlib.sh
deleted file mode 100755
index 543f712c6b..0000000000
--- a/util/ranlib.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/sh
-
-cwd=`pwd`
-cd /tmp
-
-if [ -s /bin/ranlib ] ; then 
-	RL=/bin/ranlib
-else if [ -s /usr/bin/ranlib ] ; then
-	RL=/usr/bin/ranlib
-fi
-fi
-
-if [ "x$RL" != "x" ]
-then
-	case "$1" in
-		/*)  
-		$RL "$1"
-		;;
-		*)
-		$RL "$cwd/$1"
-		;;
-	esac
-fi
diff --git a/util/selftest.pl b/util/selftest.pl
new file mode 100644
index 0000000000..276b81183d
--- /dev/null
+++ b/util/selftest.pl
@@ -0,0 +1,195 @@
+#!/usr/local/bin/perl -w
+#
+# Run the test suite and generate a report
+#
+
+if (! -f "Configure") {
+    print "Please run perl util/selftest.pl in the OpenSSL directory.\n";
+    exit 1;
+}
+
+my $report="testlog";
+my $os="??";
+my $version="??";
+my $platform0="??";
+my $platform="??";
+my $options="??";
+my $last="??";
+my $ok=0;
+my $cc="cc";
+my $cversion="??";
+my $sep="-----------------------------------------------------------------------------\n";
+my $not_our_fault="\nPlease ask your system administrator/vendor for more information.\n[Problems with your operating system setup should not be reported\nto the OpenSSL project.]\n";
+
+open(OUT,">$report") or die;
+
+print OUT "OpenSSL self-test report:\n\n";
+
+$uname=`uname -a`;
+$uname="??\n" if $uname eq "";
+
+$c=`sh config -t`;
+foreach $_ (split("\n",$c)) {
+    $os=$1 if (/Operating system: (.*)$/);
+    $platform0=$1 if (/Configuring for (.*)$/);
+}
+
+system "sh config" if (! -f "Makefile.ssl");
+
+if (open(IN,"<Makefile.ssl")) {
+    while (<IN>) {
+	$version=$1 if (/^VERSION=(.*)$/);
+	$platform=$1 if (/^PLATFORM=(.*)$/);
+	$options=$1 if (/^OPTIONS=(.*)$/);
+	$cc=$1 if (/^CC= *(.*)$/);
+    }
+    close(IN);
+} else {
+    print OUT "Error running config!\n";
+}
+
+$cversion=`$cc -v 2>&1`;
+$cversion=`$cc -V 2>&1` if $cversion =~ "usage";
+$cversion=`$cc -V |head -1` if $cversion =~ "Error";
+$cversion=`$cc --version` if $cversion eq "";
+$cversion =~ s/Reading specs.*\n//;
+$cversion =~ s/usage.*\n//;
+chomp $cversion;
+
+if (open(IN,"<CHANGES")) {
+    while(<IN>) {
+	if (/\*\) (.{0,55})/ && !/applies to/) {
+	    $last=$1;
+	    last;
+	}
+    }
+    close(IN);
+}
+
+print OUT "OpenSSL version:  $version\n";
+print OUT "Last change:      $last...\n";
+print OUT "Options:          $options\n" if $options ne "";
+print OUT "OS (uname):       $uname";
+print OUT "OS (config):      $os\n";
+print OUT "Target (default): $platform0\n";
+print OUT "Target:           $platform\n";
+print OUT "Compiler:         $cversion\n";
+print OUT "\n";
+
+print "Checking compiler...\n";
+if (open(TEST,">cctest.c")) {
+    print TEST "#include <stdio.h>\n#include <errno.h>\nmain(){printf(\"Hello world\\n\");}\n";
+    close(TEST);
+    system("$cc -o cctest cctest.c");
+    if (`./cctest` !~ /Hello world/) {
+	print OUT "Compiler doesn't work.\n";
+	print OUT $not_our_fault;
+	goto err;
+    }
+    system("ar r cctest.a /dev/null");
+    if (not -f "cctest.a") {
+	print OUT "Check your archive tool (ar).\n";
+	print OUT $not_our_fault;
+	goto err;
+    }
+} else {
+    print OUT "Can't create cctest.c\n";
+}
+if (open(TEST,">cctest.c")) {
+    print TEST "#include <openssl/opensslv.h>\nmain(){printf(OPENSSL_VERSION_TEXT);}\n";
+    close(TEST);
+    system("$cc -o cctest -Iinclude cctest.c");
+    $cctest = `./cctest`;
+    if ($cctest !~ /OpenSSL $version/) {
+	if ($cctest =~ /OpenSSL/) {
+	    print OUT "#include uses headers from different OpenSSL version!\n";
+	} else {
+	    print OUT "Can't compile test program!\n";
+	}
+	print OUT $not_our_fault;
+	goto err;
+    }
+} else {
+    print OUT "Can't create cctest.c\n";
+}
+
+print "Running make...\n";
+if (system("make 2>&1 | tee make.log") > 255) {
+
+    print OUT "make failed!\n";
+    if (open(IN,"<make.log")) {
+	print OUT $sep;
+	while (<IN>) {
+	    print OUT;
+	}
+	close(IN);
+	print OUT $sep;
+    } else {
+	print OUT "make.log not found!\n";
+    }
+    goto err;
+}
+
+$_=$options;
+s/no-asm//;
+s/no-shared//;
+s/no-krb5//;
+if (/no-/)
+{
+    print OUT "Test skipped.\n";
+    goto err;
+}
+
+print "Running make test...\n";
+if (system("make test 2>&1 | tee maketest.log") > 255)
+ {
+    print OUT "make test failed!\n";
+} else {
+    $ok=1;
+}
+
+if ($ok and open(IN,"<maketest.log")) {
+    while (<IN>) {
+	$ok=2 if /^platform: $platform/;
+    }
+    close(IN);
+}
+
+if ($ok != 2) {
+    print OUT "Failure!\n";
+    if (open(IN,"<make.log")) {
+	print OUT $sep;
+	while (<IN>) {
+	    print OUT;
+	}
+	close(IN);
+	print OUT $sep;
+    } else {
+	print OUT "make.log not found!\n";
+    }
+    if (open(IN,"<maketest.log")) {
+	while (<IN>) {
+	    print OUT;
+	}
+	close(IN);
+	print OUT $sep;
+    } else {
+	print OUT "maketest.log not found!\n";
+    }
+} else {
+    print OUT "Test passed.\n";
+}
+err:
+close(OUT);
+
+print "\n";
+open(IN,"<$report") or die;
+while (<IN>) {
+    if (/$sep/) {
+	print "[...]\n";
+	last;
+    }
+    print;
+}
+print "\nTest report in file $report\n";
+
diff --git a/util/sep_lib.sh b/util/sep_lib.sh
deleted file mode 100755
index 2348db874e..0000000000
--- a/util/sep_lib.sh
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/bin/sh
-
-cwd=`pwd`
-/bin/rm -fr tmp/*
-
-cd crypto/des
-make -f Makefile.uni tar
-make -f Makefile.uni tar_lit
-/bin/mv libdes.tgz $cwd/tmp
-/bin/mv libdes-l.tgz $cwd/tmp
-cd $cwd
-
-for name in md5 sha cast bf idea rc4 rc2
-do
-	echo doing $name
-	(cd crypto; tar cfh - $name)|(cd tmp; tar xf -)
-	cd tmp/$name
-	/bin/rm -f Makefile
-	/bin/rm -f Makefile.ssl
-	/bin/rm -f Makefile.ssl.orig
-	/bin/rm -f *.old
-	/bin/mv Makefile.uni Makefile
-
-	cp $cwd/util/ranlib.sh .
-	chmod +x ranlib.sh
-
-	if [ -d asm ]; then
-		mkdir asm/perlasm
-		cp $cwd/crypto/perlasm/*.pl asm/perlasm
-	fi
-	cd ..
-	tar cf - $name|gzip >$name.tgz
-#	/bin/rm -fr $name
-	cd $cwd
-done
-
-
diff --git a/util/sp-diff.pl b/util/sp-diff.pl
index f81e50201b..9d6c60387f 100755
--- a/util/sp-diff.pl
+++ b/util/sp-diff.pl
@@ -11,7 +11,7 @@
 %two=&loadfile($ARGV[1]);
 
 $line=0;
-foreach $a ("md2","md5","sha","sha1","rc4","des cfb","des cbc","des ede3",
+foreach $a ("md2","md4","md5","sha","sha1","rc4","des cfb","des cbc","des ede3",
 	"idea cfb","idea cbc","rc2 cfb","rc2 cbc","blowfish cbc","cast cbc")
 	{
 	if (defined($one{$a,8}) && defined($two{$a,8}))
diff --git a/util/ssldir.pl b/util/ssldir.pl
deleted file mode 100755
index 6c30685206..0000000000
--- a/util/ssldir.pl
+++ /dev/null
@@ -1,52 +0,0 @@
-#!/usr/local/bin/perl
-
-$#ARGV == 0 || die "usage: ssldir.pl /new/path\n";
-@files=('crypto/cryptlib.h',
-	'Makefile.ssl',
-	'tools/c_rehash',
-	'util/mk1mf.pl',
-	);
-
-%cryptlib=(
-	'\sX509_CERT_AREA\s',"#define X509_CERT_AREA\t\t".'"%s"',
-	'\sX509_CERT_DIR\s', "#define X509_CERT_DIR\t\t".'"%s/certs"',
-	'\sX509_CERT_FILE\s', "#define X509_CERT_FILE\t\t".'"%s/cert.pem"',
-	'\sX509_PRIVATE_DIR\s',"#define X509_PRIVATE_DIR\t".'"%s/private"',
-	);
-
-%Makefile_ssl=(
-	'^INSTALLTOP=','INSTALLTOP=%s',
-	);
-
-%c_rehash=(
-	'^DIR=',	'DIR=%s',
-	);
-
-%mk1mf=(
-	'^$INSTALLTOP=','$INSTALLTOP="%s";',
-	);
-
-&dofile("crypto/cryptlib.h",$ARGV[0],%cryptlib);
-&dofile("Makefile.ssl",$ARGV[0],%Makefile_ssl);
-&dofile("tools/c_rehash",$ARGV[0],%c_rehash);
-&dofile("util/mk1mf.pl",$ARGV[0],%mk1mf);
-
-sub dofile
-	{
-	($f,$p,%m)=@_;
-
-	open(IN,"<$f") || die "unable to open $f:$!\n";
-	@a=<IN>;
-	close(IN);
-	foreach $k (keys %m)
-		{
-		grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)),@a);
-		}
-	($ff=$f) =~ s/\..*$//;
-	open(OUT,">$ff.new") || die "unable to open $f:$!\n";
-	print OUT @a;
-	close(OUT);
-	rename($f,"$ff.old") || die "unable to rename $f\n";
-	rename("$ff.new",$f) || die "unable to rename $ff.new\n";
-	}
-
diff --git a/util/ssleay.num b/util/ssleay.num
index 5608e23351..d027a1c45a 100755
--- a/util/ssleay.num
+++ b/util/ssleay.num
@@ -1,157 +1,219 @@
-ERR_load_SSL_strings			1
-SSL_CIPHER_description			2
-SSL_CTX_add_client_CA			3
-SSL_CTX_add_session			4
-SSL_CTX_check_private_key		5
-SSL_CTX_ctrl				6
-SSL_CTX_flush_sessions			7
-SSL_CTX_free				8
-SSL_CTX_get_client_CA_list		9
-SSL_CTX_get_verify_callback		10
-SSL_CTX_get_verify_mode			11
-SSL_CTX_new				12
-SSL_CTX_remove_session			13
-SSL_CTX_set_cert_verify_cb		14
-SSL_CTX_set_cipher_list			15
-SSL_CTX_set_client_CA_list		16
-SSL_CTX_set_default_passwd_cb		17
-SSL_CTX_set_ssl_version			19
-SSL_CTX_set_verify			21
-SSL_CTX_use_PrivateKey			22
-SSL_CTX_use_PrivateKey_ASN1		23
-SSL_CTX_use_PrivateKey_file		24
-SSL_CTX_use_RSAPrivateKey		25
-SSL_CTX_use_RSAPrivateKey_ASN1		26
-SSL_CTX_use_RSAPrivateKey_file		27
-SSL_CTX_use_certificate			28
-SSL_CTX_use_certificate_ASN1		29
-SSL_CTX_use_certificate_file		30
-SSL_SESSION_free			31
-SSL_SESSION_new				32
-SSL_SESSION_print			33
-SSL_SESSION_print_fp			34
-SSL_accept				35
-SSL_add_client_CA			36
-SSL_alert_desc_string			37
-SSL_alert_desc_string_long		38
-SSL_alert_type_string			39
-SSL_alert_type_string_long		40
-SSL_check_private_key			41
-SSL_clear				42
-SSL_connect				43
-SSL_copy_session_id			44
-SSL_ctrl				45
-SSL_dup					46
-SSL_dup_CA_list				47
-SSL_free				48
-SSL_get_certificate			49
-SSL_get_cipher_list			52
-SSL_get_ciphers				55
-SSL_get_client_CA_list			56
-SSL_get_default_timeout			57
-SSL_get_error				58
-SSL_get_fd				59
-SSL_get_peer_cert_chain			60
-SSL_get_peer_certificate		61
-SSL_get_rbio				63
-SSL_get_read_ahead			64
-SSL_get_shared_ciphers			65
-SSL_get_ssl_method			66
-SSL_get_verify_callback			69
-SSL_get_verify_mode			70
-SSL_get_version				71
-SSL_get_wbio				72
-SSL_load_client_CA_file			73
-SSL_load_error_strings			74
-SSL_new					75
-SSL_peek				76
-SSL_pending				77
-SSL_read				78
-SSL_renegotiate				79
-SSL_rstate_string			80
-SSL_rstate_string_long			81
-SSL_set_accept_state			82
-SSL_set_bio				83
-SSL_set_cipher_list			84
-SSL_set_client_CA_list			85
-SSL_set_connect_state			86
-SSL_set_fd				87
-SSL_set_read_ahead			88
-SSL_set_rfd				89
-SSL_set_session				90
-SSL_set_ssl_method			91
-SSL_set_verify				94
-SSL_set_wfd				95
-SSL_shutdown				96
-SSL_state_string			97
-SSL_state_string_long			98
-SSL_use_PrivateKey			99
-SSL_use_PrivateKey_ASN1			100
-SSL_use_PrivateKey_file			101
-SSL_use_RSAPrivateKey			102
-SSL_use_RSAPrivateKey_ASN1		103
-SSL_use_RSAPrivateKey_file		104
-SSL_use_certificate			105
-SSL_use_certificate_ASN1		106
-SSL_use_certificate_file		107
-SSL_write				108
-SSLeay_add_ssl_algorithms		109
-SSLv23_client_method			110
-SSLv23_method				111
-SSLv23_server_method			112
-SSLv2_client_method			113
-SSLv2_method				114
-SSLv2_server_method			115
-SSLv3_client_method			116
-SSLv3_method				117
-SSLv3_server_method			118
-d2i_SSL_SESSION				119
-i2d_SSL_SESSION				120
-BIO_f_ssl				121
-BIO_new_ssl				122
-BIO_proxy_ssl_copy_session_id		123
-BIO_ssl_copy_session_id			124
-SSL_do_handshake			125
-SSL_get_privatekey			126
-SSL_get_current_cipher			127
-SSL_CIPHER_get_bits			128
-SSL_CIPHER_get_version			129
-SSL_CIPHER_get_name			130
-BIO_ssl_shutdown			131
-SSL_SESSION_cmp				132
-SSL_SESSION_hash			133
-SSL_SESSION_get_time			134
-SSL_SESSION_set_time			135
-SSL_SESSION_get_timeout			136
-SSL_SESSION_set_timeout			137
-SSL_CTX_get_ex_data			138
-SSL_CTX_get_quiet_shutdown		140
-SSL_CTX_load_verify_locations		141
-SSL_CTX_set_default_verify_paths	142
-SSL_CTX_set_ex_data			143
-SSL_CTX_set_quiet_shutdown		145
-SSL_SESSION_get_ex_data			146
-SSL_SESSION_set_ex_data			148
-SSL_get_SSL_CTX				150
-SSL_get_ex_data				151
-SSL_get_quiet_shutdown			153
-SSL_get_session				154
-SSL_get_shutdown			155
-SSL_get_verify_result			157
-SSL_set_ex_data				158
-SSL_set_info_callback			160
-SSL_set_quiet_shutdown			161
-SSL_set_shutdown			162
-SSL_set_verify_result			163
-SSL_version				164
-SSL_get_info_callback			165
-SSL_state				166
-SSL_CTX_get_ex_new_index		167
-SSL_SESSION_get_ex_new_index		168
-SSL_get_ex_new_index			169
-TLSv1_method				170
-TLSv1_server_method			171
-TLSv1_client_method			172
-BIO_new_buffer_ssl_connect		173
-BIO_new_ssl_connect			174
-SSL_get_ex_data_X509_STORE_CTX_idx	175
+ERR_load_SSL_strings                    1	EXIST::FUNCTION:
+SSL_CIPHER_description                  2	EXIST::FUNCTION:
+SSL_CTX_add_client_CA                   3	EXIST::FUNCTION:
+SSL_CTX_add_session                     4	EXIST::FUNCTION:
+SSL_CTX_check_private_key               5	EXIST::FUNCTION:
+SSL_CTX_ctrl                            6	EXIST::FUNCTION:
+SSL_CTX_flush_sessions                  7	EXIST::FUNCTION:
+SSL_CTX_free                            8	EXIST::FUNCTION:
+SSL_CTX_get_client_CA_list              9	EXIST::FUNCTION:
+SSL_CTX_get_verify_callback             10	EXIST::FUNCTION:
+SSL_CTX_get_verify_mode                 11	EXIST::FUNCTION:
+SSL_CTX_new                             12	EXIST::FUNCTION:
+SSL_CTX_remove_session                  13	EXIST::FUNCTION:
+SSL_CTX_set_cipher_list                 15	EXIST::FUNCTION:
+SSL_CTX_set_client_CA_list              16	EXIST::FUNCTION:
+SSL_CTX_set_default_passwd_cb           17	EXIST::FUNCTION:
+SSL_CTX_set_ssl_version                 19	EXIST::FUNCTION:
+SSL_CTX_set_verify                      21	EXIST::FUNCTION:
+SSL_CTX_use_PrivateKey                  22	EXIST::FUNCTION:
+SSL_CTX_use_PrivateKey_ASN1             23	EXIST::FUNCTION:
+SSL_CTX_use_PrivateKey_file             24	EXIST::FUNCTION:STDIO
+SSL_CTX_use_RSAPrivateKey               25	EXIST::FUNCTION:RSA
+SSL_CTX_use_RSAPrivateKey_ASN1          26	EXIST::FUNCTION:RSA
+SSL_CTX_use_RSAPrivateKey_file          27	EXIST::FUNCTION:RSA,STDIO
+SSL_CTX_use_certificate                 28	EXIST::FUNCTION:
+SSL_CTX_use_certificate_ASN1            29	EXIST::FUNCTION:
+SSL_CTX_use_certificate_file            30	EXIST::FUNCTION:STDIO
+SSL_SESSION_free                        31	EXIST::FUNCTION:
+SSL_SESSION_new                         32	EXIST::FUNCTION:
+SSL_SESSION_print                       33	EXIST::FUNCTION:BIO
+SSL_SESSION_print_fp                    34	EXIST::FUNCTION:FP_API
+SSL_accept                              35	EXIST::FUNCTION:
+SSL_add_client_CA                       36	EXIST::FUNCTION:
+SSL_alert_desc_string                   37	EXIST::FUNCTION:
+SSL_alert_desc_string_long              38	EXIST::FUNCTION:
+SSL_alert_type_string                   39	EXIST::FUNCTION:
+SSL_alert_type_string_long              40	EXIST::FUNCTION:
+SSL_check_private_key                   41	EXIST::FUNCTION:
+SSL_clear                               42	EXIST::FUNCTION:
+SSL_connect                             43	EXIST::FUNCTION:
+SSL_copy_session_id                     44	EXIST::FUNCTION:
+SSL_ctrl                                45	EXIST::FUNCTION:
+SSL_dup                                 46	EXIST::FUNCTION:
+SSL_dup_CA_list                         47	EXIST::FUNCTION:
+SSL_free                                48	EXIST::FUNCTION:
+SSL_get_certificate                     49	EXIST::FUNCTION:
+SSL_get_cipher_list                     52	EXIST::FUNCTION:
+SSL_get_ciphers                         55	EXIST::FUNCTION:
+SSL_get_client_CA_list                  56	EXIST::FUNCTION:
+SSL_get_default_timeout                 57	EXIST::FUNCTION:
+SSL_get_error                           58	EXIST::FUNCTION:
+SSL_get_fd                              59	EXIST::FUNCTION:
+SSL_get_peer_cert_chain                 60	EXIST::FUNCTION:
+SSL_get_peer_certificate                61	EXIST::FUNCTION:
+SSL_get_rbio                            63	EXIST::FUNCTION:BIO
+SSL_get_read_ahead                      64	EXIST::FUNCTION:
+SSL_get_shared_ciphers                  65	EXIST::FUNCTION:
+SSL_get_ssl_method                      66	EXIST::FUNCTION:
+SSL_get_verify_callback                 69	EXIST::FUNCTION:
+SSL_get_verify_mode                     70	EXIST::FUNCTION:
+SSL_get_version                         71	EXIST::FUNCTION:
+SSL_get_wbio                            72	EXIST::FUNCTION:BIO
+SSL_load_client_CA_file                 73	EXIST::FUNCTION:STDIO
+SSL_load_error_strings                  74	EXIST::FUNCTION:
+SSL_new                                 75	EXIST::FUNCTION:
+SSL_peek                                76	EXIST::FUNCTION:
+SSL_pending                             77	EXIST::FUNCTION:
+SSL_read                                78	EXIST::FUNCTION:
+SSL_renegotiate                         79	EXIST::FUNCTION:
+SSL_rstate_string                       80	EXIST::FUNCTION:
+SSL_rstate_string_long                  81	EXIST::FUNCTION:
+SSL_set_accept_state                    82	EXIST::FUNCTION:
+SSL_set_bio                             83	EXIST::FUNCTION:BIO
+SSL_set_cipher_list                     84	EXIST::FUNCTION:
+SSL_set_client_CA_list                  85	EXIST::FUNCTION:
+SSL_set_connect_state                   86	EXIST::FUNCTION:
+SSL_set_fd                              87	EXIST::FUNCTION:SOCK
+SSL_set_read_ahead                      88	EXIST::FUNCTION:
+SSL_set_rfd                             89	EXIST::FUNCTION:SOCK
+SSL_set_session                         90	EXIST::FUNCTION:
+SSL_set_ssl_method                      91	EXIST::FUNCTION:
+SSL_set_verify                          94	EXIST::FUNCTION:
+SSL_set_wfd                             95	EXIST::FUNCTION:SOCK
+SSL_shutdown                            96	EXIST::FUNCTION:
+SSL_state_string                        97	EXIST::FUNCTION:
+SSL_state_string_long                   98	EXIST::FUNCTION:
+SSL_use_PrivateKey                      99	EXIST::FUNCTION:
+SSL_use_PrivateKey_ASN1                 100	EXIST::FUNCTION:
+SSL_use_PrivateKey_file                 101	EXIST::FUNCTION:STDIO
+SSL_use_RSAPrivateKey                   102	EXIST::FUNCTION:RSA
+SSL_use_RSAPrivateKey_ASN1              103	EXIST::FUNCTION:RSA
+SSL_use_RSAPrivateKey_file              104	EXIST::FUNCTION:RSA,STDIO
+SSL_use_certificate                     105	EXIST::FUNCTION:
+SSL_use_certificate_ASN1                106	EXIST::FUNCTION:
+SSL_use_certificate_file                107	EXIST::FUNCTION:STDIO
+SSL_write                               108	EXIST::FUNCTION:
+SSLeay_add_ssl_algorithms               109	NOEXIST::FUNCTION:
+SSLv23_client_method                    110	EXIST::FUNCTION:RSA
+SSLv23_method                           111	EXIST::FUNCTION:RSA
+SSLv23_server_method                    112	EXIST::FUNCTION:RSA
+SSLv2_client_method                     113	EXIST::FUNCTION:RSA
+SSLv2_method                            114	EXIST::FUNCTION:RSA
+SSLv2_server_method                     115	EXIST::FUNCTION:RSA
+SSLv3_client_method                     116	EXIST::FUNCTION:
+SSLv3_method                            117	EXIST::FUNCTION:
+SSLv3_server_method                     118	EXIST::FUNCTION:
+d2i_SSL_SESSION                         119	EXIST::FUNCTION:
+i2d_SSL_SESSION                         120	EXIST::FUNCTION:
+BIO_f_ssl                               121	EXIST::FUNCTION:BIO
+BIO_new_ssl                             122	EXIST::FUNCTION:BIO
+BIO_proxy_ssl_copy_session_id           123	NOEXIST::FUNCTION:
+BIO_ssl_copy_session_id                 124	EXIST::FUNCTION:BIO
+SSL_do_handshake                        125	EXIST::FUNCTION:
+SSL_get_privatekey                      126	EXIST::FUNCTION:
+SSL_get_current_cipher                  127	EXIST::FUNCTION:
+SSL_CIPHER_get_bits                     128	EXIST::FUNCTION:
+SSL_CIPHER_get_version                  129	EXIST::FUNCTION:
+SSL_CIPHER_get_name                     130	EXIST::FUNCTION:
+BIO_ssl_shutdown                        131	EXIST::FUNCTION:BIO
+SSL_SESSION_cmp                         132	EXIST::FUNCTION:
+SSL_SESSION_hash                        133	EXIST::FUNCTION:
+SSL_SESSION_get_time                    134	EXIST::FUNCTION:
+SSL_SESSION_set_time                    135	EXIST::FUNCTION:
+SSL_SESSION_get_timeout                 136	EXIST::FUNCTION:
+SSL_SESSION_set_timeout                 137	EXIST::FUNCTION:
+SSL_CTX_get_ex_data                     138	EXIST::FUNCTION:
+SSL_CTX_get_quiet_shutdown              140	EXIST::FUNCTION:
+SSL_CTX_load_verify_locations           141	EXIST::FUNCTION:
+SSL_CTX_set_default_verify_paths        142	EXIST:!VMS:FUNCTION:
+SSL_CTX_set_def_verify_paths            142	EXIST:VMS:FUNCTION:
+SSL_CTX_set_ex_data                     143	EXIST::FUNCTION:
+SSL_CTX_set_quiet_shutdown              145	EXIST::FUNCTION:
+SSL_SESSION_get_ex_data                 146	EXIST::FUNCTION:
+SSL_SESSION_set_ex_data                 148	EXIST::FUNCTION:
+SSL_get_SSL_CTX                         150	EXIST::FUNCTION:
+SSL_get_ex_data                         151	EXIST::FUNCTION:
+SSL_get_quiet_shutdown                  153	EXIST::FUNCTION:
+SSL_get_session                         154	EXIST::FUNCTION:
+SSL_get_shutdown                        155	EXIST::FUNCTION:
+SSL_get_verify_result                   157	EXIST::FUNCTION:
+SSL_set_ex_data                         158	EXIST::FUNCTION:
+SSL_set_info_callback                   160	EXIST::FUNCTION:
+SSL_set_quiet_shutdown                  161	EXIST::FUNCTION:
+SSL_set_shutdown                        162	EXIST::FUNCTION:
+SSL_set_verify_result                   163	EXIST::FUNCTION:
+SSL_version                             164	EXIST::FUNCTION:
+SSL_get_info_callback                   165	EXIST::FUNCTION:
+SSL_state                               166	EXIST::FUNCTION:
+SSL_CTX_get_ex_new_index                167	EXIST::FUNCTION:
+SSL_SESSION_get_ex_new_index            168	EXIST::FUNCTION:
+SSL_get_ex_new_index                    169	EXIST::FUNCTION:
+TLSv1_method                            170	EXIST::FUNCTION:
+TLSv1_server_method                     171	EXIST::FUNCTION:
+TLSv1_client_method                     172	EXIST::FUNCTION:
+BIO_new_buffer_ssl_connect              173	EXIST::FUNCTION:BIO
+BIO_new_ssl_connect                     174	EXIST::FUNCTION:BIO
+SSL_get_ex_data_X509_STORE_CTX_idx      175	EXIST:!VMS:FUNCTION:
+SSL_get_ex_d_X509_STORE_CTX_idx         175	EXIST:VMS:FUNCTION:
+SSL_CTX_set_tmp_dh_callback             176	EXIST::FUNCTION:DH
+SSL_CTX_set_tmp_rsa_callback            177	EXIST::FUNCTION:RSA
+SSL_CTX_set_timeout                     178	EXIST::FUNCTION:
+SSL_CTX_get_timeout                     179	EXIST::FUNCTION:
+SSL_CTX_get_cert_store                  180	EXIST::FUNCTION:
+SSL_CTX_set_cert_store                  181	EXIST::FUNCTION:
+SSL_want                                182	EXIST::FUNCTION:
+SSL_library_init                        183	EXIST::FUNCTION:
+SSL_COMP_add_compression_method         184	EXIST::FUNCTION:COMP
+SSL_add_file_cert_subjects_to_stack     185	EXIST:!VMS:FUNCTION:STDIO
+SSL_add_file_cert_subjs_to_stk          185	EXIST:VMS:FUNCTION:STDIO
+SSL_set_tmp_rsa_callback                186	EXIST::FUNCTION:RSA
+SSL_set_tmp_dh_callback                 187	EXIST::FUNCTION:DH
+SSL_add_dir_cert_subjects_to_stack      188	EXIST:!VMS,!WIN32:FUNCTION:STDIO
+SSL_add_dir_cert_subjs_to_stk           188	NOEXIST::FUNCTION:
+SSL_set_session_id_context              189	EXIST::FUNCTION:
+SSL_CTX_use_certificate_chain_file      222	EXIST:!VMS:FUNCTION:STDIO
+SSL_CTX_use_cert_chain_file             222	EXIST:VMS:FUNCTION:STDIO
+SSL_CTX_set_verify_depth                225	EXIST::FUNCTION:
+SSL_set_verify_depth                    226	EXIST::FUNCTION:
+SSL_CTX_get_verify_depth                228	EXIST::FUNCTION:
+SSL_get_verify_depth                    229	EXIST::FUNCTION:
+SSL_CTX_set_session_id_context          231	EXIST::FUNCTION:
+SSL_CTX_set_cert_verify_callback        232	EXIST:!VMS:FUNCTION:
+SSL_CTX_set_cert_verify_cb              232	EXIST:VMS:FUNCTION:
+SSL_CTX_set_default_passwd_cb_userdata  235	EXIST:!VMS:FUNCTION:
+SSL_CTX_set_def_passwd_cb_ud            235	EXIST:VMS:FUNCTION:
+SSL_set_purpose                         236	EXIST::FUNCTION:
+SSL_CTX_set_trust                       237	EXIST::FUNCTION:
+SSL_CTX_set_purpose                     238	EXIST::FUNCTION:
+SSL_set_trust                           239	EXIST::FUNCTION:
+SSL_get_finished                        240	EXIST::FUNCTION:
+SSL_get_peer_finished                   241	EXIST::FUNCTION:
+SSL_get1_session                        242	EXIST::FUNCTION:
+SSL_CTX_callback_ctrl                   243	EXIST::FUNCTION:
+SSL_callback_ctrl                       244	EXIST::FUNCTION:
+SSL_CTX_sessions                        245	EXIST::FUNCTION:
+SSL_get_rfd                             246	EXIST::FUNCTION:
+SSL_get_wfd                             247	EXIST::FUNCTION:
+kssl_cget_tkt                           248	EXIST::FUNCTION:KRB5
+SSL_has_matching_session_id             249	EXIST::FUNCTION:
+kssl_err_set                            250	EXIST::FUNCTION:KRB5
+kssl_ctx_show                           251	EXIST::FUNCTION:KRB5
+kssl_validate_times                     252	EXIST::FUNCTION:KRB5
+kssl_check_authent                      253	EXIST::FUNCTION:KRB5
+kssl_ctx_new                            254	EXIST::FUNCTION:KRB5
+kssl_build_principal_2                  255	EXIST::FUNCTION:KRB5
+kssl_skip_confound                      256	EXIST::FUNCTION:KRB5
+kssl_sget_tkt                           257	EXIST::FUNCTION:KRB5
+SSL_set_generate_session_id             258	EXIST::FUNCTION:
+kssl_ctx_setkey                         259	EXIST::FUNCTION:KRB5
+kssl_ctx_setprinc                       260	EXIST::FUNCTION:KRB5
+kssl_ctx_free                           261	EXIST::FUNCTION:KRB5
+kssl_krb5_free_data_contents            262	EXIST::FUNCTION:KRB5
+kssl_ctx_setstring                      263	EXIST::FUNCTION:KRB5
+SSL_CTX_set_generate_session_id         264	EXIST::FUNCTION:
+SSL_renegotiate_pending                 265	EXIST::FUNCTION:
+SSL_CTX_set_msg_callback                266	EXIST::FUNCTION:
+SSL_set_msg_callback                    267	EXIST::FUNCTION:
+SSL_set_tmp_ecdh_callback               268	EXIST::FUNCTION:ECDH
+SSL_CTX_set_tmp_ecdh_callback           269	EXIST::FUNCTION:ECDH
diff --git a/util/up_ver.pl b/util/up_ver.pl
deleted file mode 100755
index ed9aa59af0..0000000000
--- a/util/up_ver.pl
+++ /dev/null
@@ -1,80 +0,0 @@
-#!/usr/local/bin/perl
-#
-# Up the version numbers in the files.
-#
-
-@files=(
-	"crypto/crypto.h",
-	"crypto/des/ecb_enc.c",
-	"crypto/idea/i_ecb.c",
-	"crypto/lhash/lhash.c",
-	"crypto/conf/conf.c",
-	"crypto/md2/md2_dgst.c",
-	"crypto/md5/md5_dgst.c",
-	"crypto/ripemd/rmd_dgst.c",
-	"crypto/pem/pem_lib.c",
-	"crypto/bn/bn_lib.c",
-	"crypto/dh/dh_lib.c",
-	"crypto/rc2/rc2_ecb.c",
-	"crypto/rc4/rc4_skey.c",
-	"crypto/rc5/rc5_ecb.c",
-	"crypto/bf/bf_ecb.c",
-	"crypto/cast/c_ecb.c",
-	"crypto/rsa/rsa_lib.c",
-	"crypto/dsa/dsa_lib.c",
-	"crypto/sha/sha1dgst.c",
-	"crypto/sha/sha_dgst.c",
-	"crypto/asn1/asn1_lib.c",
-	"crypto/x509/x509_vfy.c",
-	"crypto/evp/evp_enc.c",
-	"crypto/rand/md_rand.c",
-	"crypto/stack/stack.c",
-	"crypto/txt_db/txt_db.c",
-	"crypto/cversion.c",
-	"ssl/ssl_lib.c",
-	"ssl/s2_lib.c",
-	"ssl/s3_lib.c",
-	"ssl/s23_lib.c",
-	"ssl/t1_lib.c",
-	"README",
-	);
-
-@month=('Jan','Feb','Mar','Apr','May','Jun',
-	'Jul','Aug','Sep','Oct','Nov','Dec');
-@a=localtime(time());
-$time=sprintf("%02d-%s-%04d",$a[3],$month[$a[4]],$a[5]+1900);
-
-$ver=$ARGV[0];
-($ver ne "") || die "no version number specified\n";
-($a,$b,$c,$d)=unpack('axaxac',$ver);
-$d=defined($d)?$d-96:0;
-$xver=sprintf("%x%x%x%x",$a,$b,$c,$d);
-
-foreach $file (@files)
-	{
-	open(IN,"<$file") || die "unable to open $file:$!\n";
-	open(OUT,">$file.new") || die "unable to open $file.new:$!\n";
-	$found=0;
-
-	print STDERR "$file:";
-
-	while (<IN>)
-		{
-		if ((s/SSLeay \d\.\d.\d[^"]*(\"|\s)/SSLeay $ver $time\1/) ||
-			s/^(\#define\s+SSLEAY_VERSION_NUMBER\s+0x)[0-9a-zA-Z]+(.*)$/$1$xver$2/)
-			{
-			print STDERR " Done";
-			$found++;
-			print OUT;
-			while (<IN>) { print OUT; }
-			last;
-			}
-		print OUT;
-		}
-	print STDERR "\n";
-	close(IN);
-	close(OUT);
-	(!$found) && die "unable to update the version number in $file\n";
-	rename($file,"$file.old") || die "unable to rename $file:$!\n";
-	rename("$file.new",$file) || die "unable to rename $file.new:$!\n";
-	}